@jant/core 0.3.42 → 0.3.44

package/src/services/__tests__/site-admin.test.ts

@@ -45,4 +45,89 @@ describe("SiteAdminService", () => {
 
     expect(siteRows).toEqual([{ key: "demo-cloud" }]);
   });
+
+  it("returns the existing site when replayed with the same idempotency key", async () => {
+    const { db } = createTestDatabase();
+    const service = createSiteAdminService(db, sqliteSchemaBundle, "sqlite", {
+      siteResolutionMode: "host-based",
+    });
+
+    const first = await service.createManagedSite({
+      key: "idem-site",
+      primaryHost: "idem-site.example.com",
+      siteName: "Idempotent Site",
+      idempotencyKey: "job_abc",
+    });
+
+    const second = await service.createManagedSite({
+      key: "idem-site",
+      primaryHost: "idem-site.example.com",
+      siteName: "Idempotent Site",
+      idempotencyKey: "job_abc",
+    });
+
+    expect(second.site.id).toBe(first.site.id);
+    expect(second.domain.id).toBe(first.domain.id);
+  });
+
+  it("rejects reuse of an idempotency key with different key or primary host", async () => {
+    const { db } = createTestDatabase();
+    const service = createSiteAdminService(db, sqliteSchemaBundle, "sqlite", {
+      siteResolutionMode: "host-based",
+    });
+
+    await service.createManagedSite({
+      key: "idem-site",
+      primaryHost: "idem-site.example.com",
+      siteName: "Idempotent Site",
+      idempotencyKey: "job_xyz",
+    });
+
+    await expect(
+      service.createManagedSite({
+        key: "other-site",
+        primaryHost: "idem-site.example.com",
+        siteName: "Other Site",
+        idempotencyKey: "job_xyz",
+      }),
+    ).rejects.toEqual(
+      new ConflictError(
+        "Idempotency key was reused with a different site key or primary host.",
+      ),
+    );
+
+    await expect(
+      service.createManagedSite({
+        key: "idem-site",
+        primaryHost: "different-host.example.com",
+        siteName: "Idempotent Site",
+        idempotencyKey: "job_xyz",
+      }),
+    ).rejects.toEqual(
+      new ConflictError(
+        "Idempotency key was reused with a different site key or primary host.",
+      ),
+    );
+  });
+
+  it("treats requests without an idempotency key as independent creations", async () => {
+    const { db } = createTestDatabase();
+    const service = createSiteAdminService(db, sqliteSchemaBundle, "sqlite", {
+      siteResolutionMode: "host-based",
+    });
+
+    await service.createManagedSite({
+      key: "no-idem-site",
+      primaryHost: "no-idem-site.example.com",
+      siteName: "No Idem Site",
+    });
+
+    await expect(
+      service.createManagedSite({
+        key: "no-idem-site",
+        primaryHost: "no-idem-site-2.example.com",
+        siteName: "No Idem Site",
+      }),
+    ).rejects.toEqual(new ConflictError("Site key is already in use."));
+  });
 });

package/src/services/export.ts

@@ -28,6 +28,7 @@ import {
   getDefaultJantFaviconIcoBytes,
 } from "../lib/jant-branding.js";
 import { tiptapJsonToMarkdown } from "../lib/tiptap-to-markdown.js";
+import { extractBodyText } from "../lib/summary.js";
 import { getMediaUrl, getPublicUrlForProvider } from "../lib/image.js";
 import { render as renderMarkdown } from "../lib/markdown.js";
 import { formatRelativeAge, toISOString } from "../lib/time.js";
@@ -1074,10 +1075,16 @@ function getArchiveSummaryText(post: Post): string | null {
   //   serialized as `link_url` and rendered as a domain badge, so using
   //   it as `summary_text` would duplicate that information.
   // - Note: body only. If the body is empty, there's nothing to describe.
+  //
+  // Note: we re-derive the body text from `post.body` (TipTap JSON) rather
+  // than reusing `post.bodyText`, because `bodyText` is written with
+  // `includeLinkHrefs: true` for FTS search indexing — that pollutes the
+  // stored text with trailing link URLs. Here we need clean prose.
+  const cleanBodyText = post.body ? extractBodyText(post.body) : null;
   const candidates =
     post.format === "quote"
-      ? [post.summary, post.bodyText, post.quoteText]
-      : [post.summary, post.bodyText];
+      ? [post.summary, cleanBodyText, post.quoteText]
+      : [post.summary, cleanBodyText];
 
   for (const candidate of candidates) {
     const normalized = normalizeArchiveText(candidate);

package/src/services/post.ts

@@ -19,6 +19,7 @@ import {
   isNotNull,
   asc,
   lte,
+  gt,
 } from "drizzle-orm";
 import {
   type Database,
@@ -156,6 +157,17 @@ export interface PostBodyContent {
   chars: number;
 }
 
+/** Minimal projection used by the sitemap renderer. */
+export interface SitemapPostEntry {
+  id: string;
+  /** Canonical slug from `path_registry` */
+  slug: string;
+  /** Primary alias, if the post has one; used in preference to `slug` for URLs */
+  alias: string | null;
+  updatedAt: number;
+  featuredAt: number | null;
+}
+
 export interface PostService {
   getById(id: string): Promise<Post | null>;
   getBodyContent(id: string): Promise<PostBodyContent | null>;
@@ -167,6 +179,35 @@ export interface PostService {
   }): Promise<string>;
   checkSlugAvailability(slug: string, excludePostId?: string): Promise<boolean>;
   list(filters?: PostFilters): Promise<Post[]>;
+  /**
+   * List minimal fields needed to render sitemap entries, paginated by `id`
+   * (ascending). Excludes replies, private posts, deleted posts, and drafts.
+   *
+   * Uses keyset pagination on the primary key so old sitemap shards are cheap
+   * to serve and stable across shard boundaries: a newly created post always
+   * gets a larger TypeID than any previously-committed post, so it lands in
+   * the last shard and never rewrites older ones.
+   *
+   * @param options.afterId  Exclusive lower bound on `id`. Omit for the first
+   *                         shard.
+   * @param options.limit    Maximum rows to return.
+   */
+  listForSitemap(options: {
+    afterId?: string;
+    limit: number;
+  }): Promise<SitemapPostEntry[]>;
+  /** Count posts that qualify for the sitemap (same filters as `listForSitemap`) */
+  countForSitemap(): Promise<number>;
+  /**
+   * Return the id at the given 0-based offset in the sitemap ordering.
+   * Used to compute keyset cursors for sharded sitemap endpoints.
+   *
+   * Returns `null` when the offset is beyond the available rows.
+   *
+   * Walks the primary-key index with `ORDER BY id ASC LIMIT 1 OFFSET ?` —
+   * SQLite/D1 scan only the index for this, not the row data.
+   */
+  getSitemapIdAt(offset: number): Promise<string | null>;
   /** Count posts matching filters (ignores cursor, offset, limit) */
   count(filters?: PostFilters): Promise<number>;
   /** Count posts matching filters up to a fixed limit (ignores cursor, offset, limit) */
@@ -292,6 +333,28 @@ export interface PostService {
   getDistinctYears(filters?: PostFilters): Promise<number[]>;
   /** For each thread ID, return the ID of the last published, non-deleted post */
   getLastPostIdsByThread(threadIds: string[]): Promise<Map<string, string>>;
+  /**
+   * Rebuild `post.body_text` for a batch of non-deleted posts, cursor-paginated
+   * by post id. For each row, recomputes the plain-text extraction via
+   * `extractBodyText(body)` and writes it back only when it differs from the
+   * stored value. FTS indexes (SQLite trigger / Postgres generated column)
+   * refresh automatically on the UPDATE.
+   *
+   * Idempotent: re-running after a no-op pass returns `updated: 0`.
+   *
+   * @param options.limit  Batch size (1..500, default 50)
+   * @param options.cursor Exclusive lower bound on post id; pass the previous
+   *                       response's `nextCursor` to continue
+   * @returns processed/updated/skipped counts, the next cursor, and a `done`
+   *          flag the caller uses to terminate the loop
+   */
+  reindexBodyText(options?: { limit?: number; cursor?: string }): Promise<{
+    processed: number;
+    updated: number;
+    skipped: number;
+    nextCursor: string | null;
+    done: boolean;
+  }>;
 }
 
 const SLUG_RE = /^[a-z0-9][a-z0-9-]*[a-z0-9]$|^[a-z0-9]$/;
@@ -1300,6 +1363,83 @@ export function createPostService(
       return hydratePosts(rows);
     },
 
+    async listForSitemap({ afterId, limit }) {
+      // Share the filter conditions with `list()` so visibility/reply/deleted
+      // semantics stay consistent if they ever change.
+      const conditions = buildFilterConditions({
+        status: "published",
+        excludePrivate: true,
+        excludeReplies: true,
+      });
+      if (afterId !== undefined) {
+        conditions.push(sql`${posts.id} > ${afterId}`);
+      }
+
+      const rows = await db
+        .select({
+          id: posts.id,
+          updatedAt: posts.updatedAt,
+          featuredAt: posts.featuredAt,
+        })
+        .from(posts)
+        .where(conditions.length > 0 ? and(...conditions) : undefined)
+        .orderBy(asc(posts.id))
+        .limit(limit);
+
+      if (rows.length === 0) return [];
+
+      const ids = rows.map((row) => row.id);
+      const [slugMap, aliasesMap] = await Promise.all([
+        resolvedPaths.getPostSlugMap(ids),
+        resolvedPaths.getPostAliases(ids),
+      ]);
+
+      return rows
+        .map((row): SitemapPostEntry | null => {
+          const slug = slugMap.get(row.id);
+          if (!slug) return null;
+          const alias = aliasesMap.get(row.id)?.[0] ?? null;
+          return {
+            id: row.id,
+            slug,
+            alias,
+            updatedAt: row.updatedAt,
+            featuredAt: row.featuredAt,
+          };
+        })
+        .filter((entry): entry is SitemapPostEntry => entry !== null);
+    },
+
+    async countForSitemap() {
+      const conditions = buildFilterConditions({
+        status: "published",
+        excludePrivate: true,
+        excludeReplies: true,
+      });
+      const result = await db
+        .select({ count: sql<number>`CAST(count(*) AS INTEGER)`.as("count") })
+        .from(posts)
+        .where(conditions.length > 0 ? and(...conditions) : undefined);
+      return result[0]?.count ?? 0;
+    },
+
+    async getSitemapIdAt(offset) {
+      if (offset < 0) return null;
+      const conditions = buildFilterConditions({
+        status: "published",
+        excludePrivate: true,
+        excludeReplies: true,
+      });
+      const rows = await db
+        .select({ id: posts.id })
+        .from(posts)
+        .where(conditions.length > 0 ? and(...conditions) : undefined)
+        .orderBy(asc(posts.id))
+        .limit(1)
+        .offset(offset);
+      return rows[0]?.id ?? null;
+    },
+
     async count(filters = {}) {
       const conditions = buildFilterConditions(filters);
 
@@ -1377,7 +1517,9 @@ export function createPostService(
       });
 
       const bodyHtml = body ? renderTiptapJson(body) : null;
-      const bodyText = body ? extractBodyText(body) : null;
+      const bodyText = body
+        ? extractBodyText(body, { includeLinkHrefs: true })
+        : null;
 
       // Generate summary for titled notes with body content
       let summary: string | null = null;
@@ -1879,7 +2021,7 @@ export function createPostService(
           ? renderTiptapJson(normalizedBody)
           : null;
         updates.bodyText = normalizedBody
-          ? extractBodyText(normalizedBody)
+          ? extractBodyText(normalizedBody, { includeLinkHrefs: true })
           : null;
       }
 
@@ -2967,5 +3109,61 @@ export function createPostService(
 
       return rows.map((r) => parseInt(r.year, 10));
     },
+
+    async reindexBodyText(options = {}) {
+      const requested = options.limit ?? 50;
+      const limit = Math.min(Math.max(Math.trunc(requested), 1), 500);
+      const cursor = options.cursor;
+
+      const whereConditions = [
+        eq(posts.siteId, siteId),
+        isNull(posts.deletedAt),
+      ];
+      if (cursor) whereConditions.push(gt(posts.id, cursor));
+
+      // Fetch one extra row to detect end-of-data without a separate COUNT.
+      const rows = await db
+        .select({
+          id: posts.id,
+          body: posts.body,
+          bodyText: posts.bodyText,
+        })
+        .from(posts)
+        .where(and(...whereConditions))
+        .orderBy(asc(posts.id))
+        .limit(limit + 1);
+
+      const hasMore = rows.length > limit;
+      const batch = hasMore ? rows.slice(0, limit) : rows;
+
+      let updated = 0;
+      let skipped = 0;
+
+      for (const row of batch) {
+        const nextBodyText = row.body
+          ? extractBodyText(row.body, { includeLinkHrefs: true })
+          : null;
+        if (nextBodyText === row.bodyText) {
+          skipped++;
+          continue;
+        }
+        await db
+          .update(posts)
+          .set({ bodyText: nextBodyText })
+          .where(and(eq(posts.siteId, siteId), eq(posts.id, row.id)));
+        updated++;
+      }
+
+      const lastRow = batch.at(-1);
+      const lastId = lastRow ? lastRow.id : null;
+
+      return {
+        processed: batch.length,
+        updated,
+        skipped,
+        nextCursor: hasMore ? lastId : null,
+        done: !hasMore,
+      };
+    },
   };
 }

package/src/services/site-admin.ts

@@ -1,4 +1,4 @@
-import { eq, sql } from "drizzle-orm";
+import { and, eq, sql } from "drizzle-orm";
 import {
   executeStatement,
   type Database,
@@ -45,6 +45,13 @@ export interface CreateManagedSiteInput {
   siteName: string;
   siteLanguage?: string | null;
   timeZone?: string | null;
+  /**
+   * Optional caller-supplied idempotency key. When provided, retrying the same
+   * request returns the previously created site instead of a 409 conflict.
+   * Reusing the key with a different `key` or `primaryHost` is rejected as a
+   * client bug.
+   */
+  idempotencyKey?: string | null;
 }
 
 export interface ManagedSiteResult {
@@ -194,6 +201,47 @@ export function createSiteAdminService(
     return `${protocol}//${domain.host}${pathPrefix}`;
   }
 
+  async function loadByIdempotencyKey(
+    targetDb: Database,
+    idempotencyKey: string,
+  ): Promise<ManagedSiteResult | null> {
+    const siteRow = (
+      await targetDb
+        .select()
+        .from(sites)
+        .where(eq(sites.provisioningIdempotencyKey, idempotencyKey))
+        .limit(1)
+    )[0];
+    if (!siteRow) {
+      return null;
+    }
+
+    const domainRow = (
+      await targetDb
+        .select()
+        .from(siteDomains)
+        .where(
+          and(
+            eq(siteDomains.siteId, siteRow.id),
+            eq(siteDomains.kind, "primary"),
+          ),
+        )
+        .limit(1)
+    )[0];
+    if (!domainRow) {
+      // A site row without a primary domain means the original creation aborted
+      // mid-transaction on a dialect without real transactions. Treat as not
+      // found so the caller can retry; the partial unique index will surface a
+      // genuine duplicate.
+      return null;
+    }
+
+    return {
+      site: toSite(siteRow),
+      domain: toSiteDomain(domainRow),
+    };
+  }
+
   async function createWithDatabase(
     targetDb: Database,
     input: CreateManagedSiteInput,
@@ -201,6 +249,22 @@ export function createSiteAdminService(
     const siteKey = input.key.trim();
     const primaryHost = input.primaryHost.trim().toLowerCase();
     const siteName = input.siteName.trim();
+    const idempotencyKey = input.idempotencyKey?.trim() || null;
+
+    if (idempotencyKey) {
+      const existing = await loadByIdempotencyKey(targetDb, idempotencyKey);
+      if (existing) {
+        if (
+          existing.site.key !== siteKey ||
+          existing.domain.host !== primaryHost
+        ) {
+          throw new ConflictError(
+            "Idempotency key was reused with a different site key or primary host.",
+          );
+        }
+        return existing;
+      }
+    }
 
     const existingSite = await targetDb
       .select({ id: sites.id })
@@ -231,6 +295,7 @@ export function createSiteAdminService(
           id: siteId,
           key: siteKey,
           status: "active",
+          provisioningIdempotencyKey: idempotencyKey,
           createdAt: timestamp,
           updatedAt: timestamp,
         })

package/src/styles/ui.css

@@ -2100,6 +2100,10 @@
     width: 30px;
     height: 9px;
     margin: 4rem 0;
+    /* Center over the post-body column. On desktop the body column is
+       `var(--layout-content-width)` (55%). Between 760-1024px it switches
+       to `min(100%, 35rem)` via preset.css, so the hr must track that
+       same rule — otherwise the glyph drifts left of the content center. */
     margin-left: calc(var(--layout-content-width) / 2 - 15px);
     color: var(--site-feed-divider-color);
     background-color: currentColor;
@@ -2113,6 +2117,14 @@
     mask-size: contain;
   }
 
+  @media (max-width: 1024px) {
+    .site-content hr.feed-divider {
+      /* Match preset.css `min(100%, 35rem)` body-column width so the hr
+         stays visually aligned with the post column at this breakpoint. */
+      margin-left: calc(min(100%, 35rem) / 2 - 15px);
+    }
+  }
+
   .feed-card {
     position: relative;
     padding: 1rem 1.1rem 0.95rem;

package/src/types/app-context.ts

@@ -11,10 +11,17 @@ import type { Services } from "../services/index.js";
 import type { HostedHandoffService } from "../services/hosted-handoff.js";
 import type { Auth } from "../auth.js";
 import type { AppConfig } from "./config.js";
+import type { RateLimiter } from "../lib/rate-limit.js";
 import type { StorageDriver } from "../lib/storage.js";
 import type { Bindings } from "./bindings.js";
 import type { Site, SiteDomain } from "./entities.js";
 
+/**
+ * Session payload as returned by better-auth's `getSession`.
+ * Populated once per request by the `attachSession` middleware.
+ */
+export type AppSession = Awaited<ReturnType<Auth["api"]["getSession"]>>;
+
 export interface AppVariables {
   services: Services;
   hostedHandoff: HostedHandoffService;
@@ -27,6 +34,19 @@ export interface AppVariables {
   storage: StorageDriver | null;
   publicRequestUrl: string;
   publicPath: string;
+  /**
+   * Cached session for the current request. `null` when unauthenticated or
+   * when the session lookup errored. Populated by `attachSession` middleware.
+   */
+  session: AppSession;
+  /** True when `session?.user` is set. Shortcut for the common read. */
+  isAuthenticated: boolean;
+  /**
+   * Runtime-appropriate rate limiter. Populated per-request from the
+   * runtime (D1 on Workers, in-memory on Node). Middleware calls
+   * `c.var.rateLimiter.check(...)` instead of caring which impl is used.
+   */
+  rateLimiter: RateLimiter;
 }
 
 export type App = Hono<{ Bindings: Bindings; Variables: AppVariables }>;

package/src/types/config.ts

@@ -476,6 +476,14 @@ export interface AppConfig {
   siteAvatarUrl: string;
   faviconVersion: string;
 
+  // Rate limiting (ENV only)
+  rateLimit: {
+    /** When true, all rate-limit middleware becomes a no-op. */
+    disabled: boolean;
+    /** Per-IP cap for `/api/search` requests per 60-second window. */
+    searchPerMinute: number;
+  };
+
   // Settings form placeholders (ENV > Default, without DB)
   fallbacks: {
     siteName: string;

package/src/types/props.ts

@@ -138,13 +138,6 @@ export interface FeedData {
   posts: FeedPostView[];
 }
 
-/** Data passed to sitemap renderers */
-export interface SitemapData {
-  siteUrl: string;
-  sitemapUrl: string;
-  posts: PostView[];
-}
-
 // =============================================================================
 // Timeline Types
 // =============================================================================

package/src/ui/feed/LinkCard.tsx

@@ -14,6 +14,7 @@ import { PostStatusBadges } from "./PostStatusBadges.js";
 import { sanitizeUrl, extractDisplayDomain } from "../../lib/url.js";
 import { MediaGallery } from "../shared/MediaGallery.js";
 import { LinkPreview } from "./LinkPreview.js";
+import { Icon } from "../shared/Icon.js";
 
 export const LinkCard: FC<TimelineCardProps> = ({
   post,
@@ -39,30 +40,12 @@ export const LinkCard: FC<TimelineCardProps> = ({
         target="_blank"
         rel="noopener noreferrer"
       >
-        <svg
-          class="feed-link-domain-icon"
-          xmlns="http://www.w3.org/2000/svg"
-          fill="none"
-          viewBox="0 0 24 24"
-          stroke-width="2"
-          stroke="currentColor"
-        >
-          <path d="M13.5 6H5.25A2.25 2.25 0 0 0 3 8.25v10.5A2.25 2.25 0 0 0 5.25 21h10.5A2.25 2.25 0 0 0 18 18.75V10.5m-10.5 6L21 3m0 0h-5.25M21 3v5.25" />
-        </svg>
+        <Icon name="link-domain" class="feed-link-domain-icon" />
         <span>{domain}</span>
       </a>
     ) : (
       <div class="feed-link-domain">
-        <svg
-          class="feed-link-domain-icon"
-          xmlns="http://www.w3.org/2000/svg"
-          fill="none"
-          viewBox="0 0 24 24"
-          stroke-width="2"
-          stroke="currentColor"
-        >
-          <path d="M13.5 6H5.25A2.25 2.25 0 0 0 3 8.25v10.5A2.25 2.25 0 0 0 5.25 21h10.5A2.25 2.25 0 0 0 18 18.75V10.5m-10.5 6L21 3m0 0h-5.25M21 3v5.25" />
-        </svg>
+        <Icon name="link-domain" class="feed-link-domain-icon" />
         <span>{domain}</span>
       </div>
     ));

package/src/ui/feed/LinkPreview.tsx

@@ -6,6 +6,7 @@
  */
 
 import type { FC } from "hono/jsx";
+import { Icon } from "../shared/Icon.js";
 
 interface LinkPreviewProps {
   imageUrl: string;
@@ -41,31 +42,16 @@ export const LinkPreview: FC<LinkPreviewProps> = ({
       <img src={imageUrl} alt="" class="link-preview-image" loading="lazy" />
       {isVideo && (
         <div class="link-preview-play" aria-hidden="true">
-          <svg
-            class="link-preview-play-icon"
-            viewBox="0 0 68 48"
-            xmlns="http://www.w3.org/2000/svg"
-          >
-            <path
-              class="link-preview-play-bg"
-              d="M66.52 7.74c-.78-2.93-2.49-5.41-5.42-6.19C55.79.13 34 0 34 0S12.21.13 6.9 1.55C3.97 2.33 2.27 4.81 1.48 7.74.06 13.05 0 24 0 24s.06 10.95 1.48 16.26c.78 2.93 2.49 5.41 5.42 6.19C12.21 47.87 34 48 34 48s21.79-.13 27.1-1.55c2.93-.78 4.64-3.26 5.42-6.19C67.94 34.95 68 24 68 24s-.06-10.95-1.48-16.26z"
-              fill="rgba(0,0,0,.65)"
-            />
-            <path d="M45 24L27 14v20" fill="#fff" />
-          </svg>
+          <Icon name="link-preview-play" class="link-preview-play-icon" />
         </div>
       )}
       {providerLabel && (
         <span class="link-preview-badge" aria-hidden="true">
           {isVideo && (
-            <svg
+            <Icon
+              name="link-preview-badge-play"
               class="link-preview-badge-icon"
-              viewBox="0 0 16 16"
-              xmlns="http://www.w3.org/2000/svg"
-              fill="currentColor"
-            >
-              <path d="M5.5 3.5v9l7-4.5z" />
-            </svg>
+            />
           )}
           {providerLabel}
         </span>