@jant/core 0.3.50 → 0.4.1

package/src/client/upload-session.ts

@@ -89,20 +89,61 @@ function parseTransport(value: unknown): UploadTransportResponse | null {
   return null;
 }
 
-async function sha256Base64(file: File): Promise<string> {
-  const digest = await crypto.subtle.digest(
-    "SHA-256",
-    await file.arrayBuffer(),
-  );
-  const bytes = new Uint8Array(digest);
-  let ascii = "";
-  for (const byte of bytes) {
-    ascii += String.fromCharCode(byte);
+interface XhrPutResult {
+  status: number;
+  ok: boolean;
+  text: string;
+}
+
+/**
+ * PUT a request body via XMLHttpRequest so we can observe upload progress.
+ * `fetch()` does not expose `upload.progress`, so byte-level progress for
+ * single-PUT and per-part requests requires XHR.
+ */
+function xhrPut(
+  url: string,
+  body: Blob | File,
+  headers: Record<string, string>,
+  onProgress?: (progress: number) => void,
+): Promise<XhrPutResult> {
+  return new Promise((resolve, reject) => {
+    const xhr = new globalThis.XMLHttpRequest();
+    xhr.open("PUT", url);
+    for (const [name, value] of Object.entries(headers)) {
+      xhr.setRequestHeader(name, value);
+    }
+    xhr.upload.addEventListener("progress", (event) => {
+      if (event.lengthComputable && onProgress) {
+        onProgress(event.loaded / event.total);
+      }
+    });
+    xhr.addEventListener("load", () => {
+      resolve({
+        status: xhr.status,
+        ok: xhr.status >= 200 && xhr.status < 300,
+        text: xhr.responseText,
+      });
+    });
+    xhr.addEventListener("error", () => reject(new Error("Network error")));
+    xhr.addEventListener("abort", () => reject(new Error("Upload aborted")));
+    xhr.send(body);
+  });
+}
+
+function parseJsonObjectFromText(text: string): Record<string, unknown> | null {
+  try {
+    const parsed = JSON.parse(text);
+    return isJsonObject(parsed) ? parsed : null;
+  } catch {
+    return null;
   }
-  return btoa(ascii);
 }
 
 async function initiateUpload(file: File): Promise<InitiateResponse> {
+  // Note: no client-side SHA-256 here. Hashing the whole file would force a
+  // full File.arrayBuffer() read, which on mobile Safari pushes peak memory
+  // past the per-tab cap for large videos and gets the page killed.
+  // Server-side size + storage ETag are sufficient integrity checks.
   const res = await fetch(publicPath("/api/uploads/init"), {
     method: "POST",
     headers: { "Content-Type": "application/json" },
@@ -110,7 +151,6 @@ async function initiateUpload(file: File): Promise<InitiateResponse> {
       filename: file.name,
       contentType: file.type || "application/octet-stream",
       size: file.size,
-      checksumSha256: await sha256Base64(file),
     }),
   });
 
@@ -196,24 +236,26 @@ async function uploadMultipartRelay(
     const end = Math.min(start + transport.partSize, file.size);
     const partNumber = i + 1;
     const chunk = file.slice(start, end);
-    const response = await fetch(
+    const partBytes = end - start;
+    const response = await xhrPut(
       publicPath(`${transport.url}?partNumber=${partNumber}`),
-      {
-        method: "PUT",
-        body: chunk,
+      chunk,
+      {},
+      (partProgress) => {
+        onProgress?.((uploadedBytes + partBytes * partProgress) / file.size);
       },
     );
     if (!response.ok) {
       throw new Error(`Failed to upload part ${partNumber}`);
     }
-    const data = await readJsonObject(response);
-    const uploadedPart = getJsonNumber(data, "partNumber");
-    const etag = getJsonString(data, "etag");
+    const data = parseJsonObjectFromText(response.text);
+    const uploadedPart = data ? getJsonNumber(data, "partNumber") : null;
+    const etag = data ? getJsonString(data, "etag") : null;
     if (!uploadedPart || !etag) {
       throw new Error(`Failed to upload part ${partNumber}`);
     }
     parts.push({ partNumber: uploadedPart, etag });
-    uploadedBytes += end - start;
+    uploadedBytes += partBytes;
     onProgress?.(uploadedBytes / file.size);
   }
 
@@ -229,24 +271,28 @@ export async function uploadViaSession(
 
   try {
     if (transport.kind === "put") {
-      const response = await fetch(transport.url, {
-        method: "PUT",
-        headers: transport.headers,
-        body: file,
-      });
+      const response = await xhrPut(
+        transport.url,
+        file,
+        transport.headers,
+        onProgress,
+      );
       if (!response.ok) {
         throw new Error("Upload failed");
       }
       onProgress?.(1);
     } else if (transport.kind === "relay") {
-      const response = await fetch(publicPath(transport.url), {
-        method: "PUT",
-        headers: { "Content-Type": file.type },
-        body: file,
-      });
+      const response = await xhrPut(
+        publicPath(transport.url),
+        file,
+        { "Content-Type": file.type },
+        onProgress,
+      );
       if (!response.ok) {
-        const data = await readJsonObject(response);
-        throw new Error(getJsonString(data, "error") ?? "Upload failed");
+        const data = parseJsonObjectFromText(response.text);
+        throw new Error(
+          (data && getJsonString(data, "error")) ?? "Upload failed",
+        );
       }
       onProgress?.(1);
     }

package/src/client-auth.ts

@@ -31,6 +31,7 @@ import "./client/collection-page-actions.js";
 import "./client/custom-url-menu.js";
 import "./client/components/jant-command-palette.js";
 import "./client/palette-shortcuts.js";
+import "./client/palette-search-trigger.js";
 
 // Mount fullscreen overlay at body level to escape the dialog's containing
 // block (dialog animation creates a containing block that traps fixed children).

package/src/i18n/locales/public/en.po

@@ -1773,17 +1773,13 @@ msgstr "Settings"
 msgid "Shared links"
 msgstr "Shared links"
 
-#. @context: Button to collapse expanded thread context
 #. @context: Collapse reply context
 #: src/ui/compose/ComposeDialog.tsx
-#: src/ui/feed/ThreadPreview.tsx
 msgid "Show less"
 msgstr "Show less"
 
-#. @context: Button to expand faded thread context
 #. @context: Expand reply context
 #: src/ui/compose/ComposeDialog.tsx
-#: src/ui/feed/ThreadPreview.tsx
 msgid "Show more"
 msgstr "Show more"
 

package/src/i18n/locales/public/zh-Hans.po

@@ -1770,17 +1770,13 @@ msgstr ""
 msgid "Shared links"
 msgstr ""
 
-#. @context: Button to collapse expanded thread context
 #. @context: Collapse reply context
 #: src/ui/compose/ComposeDialog.tsx
-#: src/ui/feed/ThreadPreview.tsx
 msgid "Show less"
 msgstr ""
 
-#. @context: Button to expand faded thread context
 #. @context: Expand reply context
 #: src/ui/compose/ComposeDialog.tsx
-#: src/ui/feed/ThreadPreview.tsx
 msgid "Show more"
 msgstr ""
 

package/src/i18n/locales/public/zh-Hant.po

@@ -1770,17 +1770,13 @@ msgstr ""
 msgid "Shared links"
 msgstr ""
 
-#. @context: Button to collapse expanded thread context
 #. @context: Collapse reply context
 #: src/ui/compose/ComposeDialog.tsx
-#: src/ui/feed/ThreadPreview.tsx
 msgid "Show less"
 msgstr ""
 
-#. @context: Button to expand faded thread context
 #. @context: Expand reply context
 #: src/ui/compose/ComposeDialog.tsx
-#: src/ui/feed/ThreadPreview.tsx
 msgid "Show more"
 msgstr ""
 

package/src/lib/__tests__/hosted-domain.test.ts

@@ -27,7 +27,7 @@ const aliasDomain: SiteDomain = {
 describe("hosted canonical redirects", () => {
   it("bypasses hosted redirects for admin and auth paths", () => {
     expect(
-      shouldBypassHostedCanonicalRedirect("/.well-known/jant-domain-check"),
+      shouldBypassHostedCanonicalRedirect("/.well-known/jant-verification"),
     ).toBe(true);
     expect(shouldBypassHostedCanonicalRedirect("/signin")).toBe(true);
     expect(shouldBypassHostedCanonicalRedirect("/settings/account")).toBe(true);

package/src/lib/hosted-domain-check.ts

@@ -1,47 +1,28 @@
-import { timingSafeEqualBytes } from "./crypto.js";
-
+const VERIFICATION_HMAC_VERSION = "v1";
 const textEncoder = new TextEncoder();
-const textDecoder = new TextDecoder();
-
-export interface HostedDomainCheckClaims {
-  aud: "jant-cloud";
-  domainId: string;
-  host: string;
-  iat: number;
-  iss: "jant-core";
-  nonce: string;
-}
 
-function toBase64Url(bytes: Uint8Array): string {
-  let binary = "";
+function bytesToHex(bytes: Uint8Array): string {
+  let out = "";
   for (const byte of bytes) {
-    binary += String.fromCharCode(byte);
-  }
-
-  return btoa(binary)
-    .replace(/\+/g, "-")
-    .replace(/\//g, "_")
-    .replace(/=+$/g, "");
-}
-
-function fromBase64Url(value: string): Uint8Array {
-  const normalized = value.replace(/-/g, "+").replace(/_/g, "/");
-  const padding =
-    normalized.length % 4 === 0 ? "" : "=".repeat(4 - (normalized.length % 4));
-  const binary = atob(`${normalized}${padding}`);
-  const bytes = new Uint8Array(binary.length);
-
-  for (let index = 0; index < binary.length; index += 1) {
-    bytes[index] = binary.charCodeAt(index);
+    out += byte.toString(16).padStart(2, "0");
   }
-
-  return bytes;
+  return out;
 }
 
-async function createHmacSignature(
+/**
+ * Compute the plaintext HMAC token returned from
+ * `/.well-known/jant-verification`.
+ *
+ * The control plane sends a nonce in the query string; the site replies with
+ * `jant-verification=<hex>` where `<hex>` is `HMAC-SHA256(secret, payload)`
+ * over `payload = "v1:" + host + ":" + nonce`. The shared secret is
+ * `HOSTED_CONTROL_PLANE_DOMAIN_CHECK_SECRET`.
+ */
+export async function computeHostedVerificationToken(
   secret: string,
-  payload: string,
-): Promise<Uint8Array> {
+  host: string,
+  nonce: string,
+): Promise<string> {
   const key = await crypto.subtle.importKey(
     "raw",
     textEncoder.encode(secret),
@@ -50,49 +31,9 @@ async function createHmacSignature(
     ["sign"],
   );
 
-  return new Uint8Array(
+  const payload = `${VERIFICATION_HMAC_VERSION}:${host.trim().toLowerCase()}:${nonce}`;
+  const signature = new Uint8Array(
     await crypto.subtle.sign("HMAC", key, textEncoder.encode(payload)),
   );
-}
-
-export async function signHostedDomainCheckToken(
-  secret: string,
-  claims: HostedDomainCheckClaims,
-): Promise<string> {
-  const payload = toBase64Url(textEncoder.encode(JSON.stringify(claims)));
-  const signature = await createHmacSignature(secret, payload);
-  return `${payload}.${toBase64Url(signature)}`;
-}
-
-export async function verifyHostedDomainCheckToken(
-  secret: string,
-  token: string,
-): Promise<HostedDomainCheckClaims> {
-  const [payloadPart, signaturePart, ...rest] = token.split(".");
-  if (!payloadPart || !signaturePart || rest.length > 0) {
-    throw new Error("Malformed hosted domain check token.");
-  }
-
-  const expectedSignature = await createHmacSignature(secret, payloadPart);
-  const providedSignature = fromBase64Url(signaturePart);
-  if (!timingSafeEqualBytes(expectedSignature, providedSignature)) {
-    throw new Error("Invalid hosted domain check token signature.");
-  }
-
-  const claims = JSON.parse(
-    textDecoder.decode(fromBase64Url(payloadPart)),
-  ) as Partial<HostedDomainCheckClaims>;
-
-  if (
-    claims.iss !== "jant-core" ||
-    claims.aud !== "jant-cloud" ||
-    typeof claims.host !== "string" ||
-    typeof claims.domainId !== "string" ||
-    typeof claims.nonce !== "string" ||
-    typeof claims.iat !== "number"
-  ) {
-    throw new Error("Invalid hosted domain check token payload.");
-  }
-
-  return claims as HostedDomainCheckClaims;
+  return bytesToHex(signature);
 }

package/src/lib/hosted-domain.ts

@@ -2,7 +2,7 @@ import type { Site, SiteDomain } from "../types.js";
 import type { Services } from "../services/index.js";
 
 const CANONICAL_REDIRECT_BYPASS_PREFIXES = [
-  "/.well-known/jant-domain-check",
+  "/.well-known/jant-verification",
   "/__dev",
   "/__sso",
   "/api/",

package/src/routes/api/internal/__tests__/sites.test.ts

@@ -143,6 +143,88 @@ describe("Internal site admin routes", () => {
     ]);
   });
 
+  it("reports an unused key as available", async () => {
+    const { app } = createTestApp({
+      authenticated: false,
+      internalAdminToken: "internal-secret",
+      siteResolutionMode: "host-based",
+    });
+    app.route("/api/internal/sites", internalSitesRoutes);
+
+    const res = await app.request(
+      "/api/internal/sites/availability?key=Fresh-Key",
+      {
+        headers: { Authorization: "Bearer internal-secret" },
+      },
+    );
+
+    expect(res.status).toBe(200);
+    expect(await res.json()).toEqual({ available: true, key: "fresh-key" });
+  });
+
+  it("reports an existing key as unavailable", async () => {
+    const { app } = createTestApp({
+      authenticated: false,
+      internalAdminToken: "internal-secret",
+      siteResolutionMode: "host-based",
+    });
+    app.route("/api/internal/sites", internalSitesRoutes);
+
+    const createRes = await app.request("/api/internal/sites", {
+      method: "POST",
+      headers: {
+        Authorization: "Bearer internal-secret",
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({
+        key: "taken-key",
+        primaryHost: "taken-key.example.com",
+        siteName: "Taken Key",
+      }),
+    });
+    expect(createRes.status).toBe(201);
+
+    const res = await app.request(
+      "/api/internal/sites/availability?key=taken-key",
+      {
+        headers: { Authorization: "Bearer internal-secret" },
+      },
+    );
+
+    expect(res.status).toBe(200);
+    expect(await res.json()).toEqual({ available: false, key: "taken-key" });
+  });
+
+  it("rejects availability checks without an admin token", async () => {
+    const { app } = createTestApp({
+      authenticated: false,
+      internalAdminToken: "internal-secret",
+      siteResolutionMode: "host-based",
+    });
+    app.route("/api/internal/sites", internalSitesRoutes);
+
+    const res = await app.request(
+      "/api/internal/sites/availability?key=any-key",
+    );
+
+    expect(res.status).toBe(401);
+  });
+
+  it("rejects availability checks with an invalid key", async () => {
+    const { app } = createTestApp({
+      authenticated: false,
+      internalAdminToken: "internal-secret",
+      siteResolutionMode: "host-based",
+    });
+    app.route("/api/internal/sites", internalSitesRoutes);
+
+    const res = await app.request("/api/internal/sites/availability?key=ab", {
+      headers: { Authorization: "Bearer internal-secret" },
+    });
+
+    expect(res.status).toBe(400);
+  });
+
   it("returns managed site media usage in host-based mode", async () => {
     const { app, services } = createTestApp({
       authenticated: false,
@@ -512,4 +594,90 @@ describe("Internal site admin routes", () => {
       ],
     });
   });
+
+  it("leaves the demoted alias serving directly when adding a new primary", async () => {
+    const { app } = createTestApp({
+      authenticated: false,
+      internalAdminToken: "internal-secret",
+      siteResolutionMode: "host-based",
+    });
+    app.route("/api/internal/sites", internalSitesRoutes);
+
+    const createRes = await app.request("/api/internal/sites", {
+      method: "POST",
+      headers: {
+        Authorization: "Bearer internal-secret",
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({
+        key: "redirect-demo",
+        primaryHost: "redirect-demo.jant.blog",
+        siteName: "Redirect Demo",
+      }),
+    });
+
+    expect(createRes.status).toBe(201);
+    const created = (await createRes.json()) as { siteId: string };
+
+    const addRes = await app.request(
+      `/api/internal/sites/${created.siteId}/domains`,
+      {
+        method: "POST",
+        headers: {
+          Authorization: "Bearer internal-secret",
+          "Content-Type": "application/json",
+        },
+        body: JSON.stringify({
+          host: "blog.example.com",
+          makePrimary: true,
+        }),
+      },
+    );
+
+    expect(addRes.status).toBe(201);
+    const addedBody = (await addRes.json()) as {
+      domains: Array<{
+        host: string;
+        id: string;
+        kind: string;
+        redirectToPrimary: boolean;
+      }>;
+    };
+    const newPrimary = addedBody.domains.find(
+      (domain) => domain.host === "blog.example.com",
+    );
+    const demotedAlias = addedBody.domains.find(
+      (domain) => domain.host === "redirect-demo.jant.blog",
+    );
+    expect(newPrimary?.kind).toBe("primary");
+    expect(demotedAlias?.kind).toBe("alias");
+    // The demoted managed host must keep serving its own content while the
+    // newly-added custom primary's DNS is still propagating.
+    expect(demotedAlias?.redirectToPrimary).toBe(false);
+
+    const flipRes = await app.request(
+      `/api/internal/sites/${created.siteId}/domains/${demotedAlias?.id}/redirect`,
+      {
+        method: "POST",
+        headers: {
+          Authorization: "Bearer internal-secret",
+          "Content-Type": "application/json",
+        },
+        body: JSON.stringify({ redirectToPrimary: true }),
+      },
+    );
+
+    expect(flipRes.status).toBe(200);
+    const flipBody = (await flipRes.json()) as {
+      domains: Array<{
+        host: string;
+        id: string;
+        redirectToPrimary: boolean;
+      }>;
+    };
+    const aliasAfterFlip = flipBody.domains.find(
+      (domain) => domain.id === demotedAlias?.id,
+    );
+    expect(aliasAfterFlip?.redirectToPrimary).toBe(true);
+  });
 });

package/src/routes/api/internal/sites.ts

@@ -9,17 +9,23 @@ import type { AppVariables } from "../../../types/app-context.js";
 
 type Env = { Bindings: Bindings; Variables: AppVariables };
 
+const ManagedSiteKeySchema = z
+  .string()
+  .trim()
+  .toLowerCase()
+  .min(3)
+  .max(40)
+  .regex(
+    /^[a-z0-9](?:[a-z0-9-]{1,38}[a-z0-9])?$/,
+    "Site key must use lowercase letters, numbers, or hyphens.",
+  );
+
+const SiteKeyAvailabilityQuerySchema = z.object({
+  key: ManagedSiteKeySchema,
+});
+
 const CreateManagedSiteSchema = z.object({
-  key: z
-    .string()
-    .trim()
-    .toLowerCase()
-    .min(3)
-    .max(40)
-    .regex(
-      /^[a-z0-9](?:[a-z0-9-]{1,38}[a-z0-9])?$/,
-      "Site key must use lowercase letters, numbers, or hyphens.",
-    ),
+  key: ManagedSiteKeySchema,
   primaryHost: z
     .string()
     .trim()
@@ -76,6 +82,23 @@ internalSitesRoutes.post("/", requireInternalAdminApi(), async (c) => {
   );
 });
 
+internalSitesRoutes.get(
+  "/availability",
+  requireInternalAdminApi(),
+  async (c) => {
+    assertHostBasedMode(c.env);
+
+    const query = parseValidated(SiteKeyAvailabilityQuerySchema, {
+      key: c.req.query("key") ?? "",
+    });
+    const result = await c.var.services.siteAdmin.isManagedSiteKeyAvailable(
+      query.key,
+    );
+
+    return c.json(result);
+  },
+);
+
 internalSitesRoutes.delete("/:siteId", requireInternalAdminApi(), async (c) => {
   assertHostBasedMode(c.env);
 
@@ -222,6 +245,36 @@ internalSitesRoutes.post(
   },
 );
 
+const ManagedSiteDomainRedirectSchema = z.object({
+  redirectToPrimary: z.boolean(),
+});
+
+internalSitesRoutes.post(
+  "/:siteId/domains/:domainId/redirect",
+  requireInternalAdminApi(),
+  async (c) => {
+    assertHostBasedMode(c.env);
+    const body = parseValidated(
+      ManagedSiteDomainRedirectSchema,
+      await c.req.json(),
+    );
+    const domains = await c.var.services.siteAdmin.setManagedSiteDomainRedirect(
+      c.req.param("siteId"),
+      c.req.param("domainId"),
+      body.redirectToPrimary,
+    );
+
+    return c.json({
+      domains: domains.map((domain) => ({
+        host: domain.host,
+        id: domain.id,
+        kind: domain.kind,
+        redirectToPrimary: domain.redirectToPrimary,
+      })),
+    });
+  },
+);
+
 internalSitesRoutes.delete(
   "/:siteId/domains/:domainId",
   requireInternalAdminApi(),