@leadertechie/personal-site-kit 0.1.0-alpha.6 → 0.1.0-alpha.7

package/dist/api/handlers/auth-handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-handler.d.ts","sourceRoot":"","sources":["../../../src/api/handlers/auth-handler.ts"],"names":[],"mappings":"AAkBA,wBAAsB,UAAU,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAkC/F"}
+{"version":3,"file":"auth-handler.d.ts","sourceRoot":"","sources":["../../../src/api/handlers/auth-handler.ts"],"names":[],"mappings":"AA0BA,wBAAsB,UAAU,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAiC/F"}

package/dist/api/website-api.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"website-api.d.ts","sourceRoot":"","sources":["../../src/api/website-api.ts"],"names":[],"mappings":"AAWA,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;AAE3E,qBAAa,UAAU;IACrB,OAAO,CAAC,cAAc,CAAiC;IAEhD,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU;IAIzD,OAAO,CAAC,cAAc;IAOtB,OAAO,CAAC,mBAAmB;IAQ3B,OAAO,CAAC,UAAU;IAYL,KAAK,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC;CAkFlE"}
+{"version":3,"file":"website-api.d.ts","sourceRoot":"","sources":["../../src/api/website-api.ts"],"names":[],"mappings":"AAWA,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;AAE3E,qBAAa,UAAU;IACrB,OAAO,CAAC,cAAc,CAAiC;IAEhD,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU;IAIzD,OAAO,CAAC,cAAc;IAOtB,OAAO,CAAC,mBAAmB;IAW3B,OAAO,CAAC,UAAU;IAgBL,KAAK,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC;CAmFlE"}

package/dist/api.js

@@ -1,5 +1,5 @@
-import { W as WebsiteAPI } from "./chunks/website-api-DI3muo2s.js";
-import { A, B, M, R, c, a, g, b, d, h, e, r, s, v } from "./chunks/website-api-DI3muo2s.js";
+import { W as WebsiteAPI } from "./chunks/website-api-XoeLwo_N.js";
+import { A, B, M, R, c, a, g, b, d, h, e, r, s, v } from "./chunks/website-api-XoeLwo_N.js";
 const defaultAPI = new WebsiteAPI();
 export {
   A as AUTH_KV,

package/dist/chunks/{index-C3wLSCKU.js → index-Bq8WDk9L.js}

@@ -86,7 +86,22 @@ const aboutmeStyles = css`
 `;
 class AboutMeRenderer {
   renderContent(nodes) {
-    return nodes;
+    return (nodes || []).map((node) => {
+      switch (node.type) {
+        case "heading":
+          const level = node.level || 2;
+          if (level === 1) return html`<h1>${node.content}</h1>`;
+          if (level === 3) return html`<h3>${node.content}</h3>`;
+          return html`<h2>${node.content}</h2>`;
+        case "paragraph":
+          return html`<p>${node.content}</p>`;
+        case "list":
+          const items = node.items || [];
+          return html`<ul>${items.map((item) => html`<li>${item}</li>`)}</ul>`;
+        default:
+          return html`<div>${node.content}</div>`;
+      }
+    });
   }
 }
 async function fetchAboutMe(url) {
@@ -167,10 +182,7 @@ class MyAboutme extends (_a$5 = LitElement, _baseUrl_dec = [property({ type: Str
       this.loading = false;
       return;
     }
-    const url = this.apiBaseUrl;
-    if (url) {
-      this.loadContent();
-    }
+    this.loadContent();
   }
   updated(changedProperties) {
     super.updated(changedProperties);
@@ -178,17 +190,20 @@ class MyAboutme extends (_a$5 = LitElement, _baseUrl_dec = [property({ type: Str
       return;
     }
     if (changedProperties.has("baseUrl") || changedProperties.has("base-url")) {
-      const url = this.apiBaseUrl;
-      if (url) {
-        this.loadContent();
-      }
+      this.loadContent();
     }
   }
   async loadContent() {
+    const url = this.apiBaseUrl;
+    if (!url) {
+      this.loading = false;
+      this.setFallbackContent();
+      return;
+    }
     try {
       this.loading = true;
-      const url = this.apiBaseUrl;
-      const data = await this.fetcher(url);
+      const url2 = this.apiBaseUrl;
+      const data = await this.fetcher(url2);
       this.profile = data.profile;
       this.contentNodes = data.contentNodes;
       this.loading = false;
@@ -202,9 +217,17 @@ class MyAboutme extends (_a$5 = LitElement, _baseUrl_dec = [property({ type: Str
   setFallbackContent() {
     this.profile = null;
     this.contentNodes = [
+      {
+        type: "heading",
+        content: "Profile Not Found"
+      },
+      {
+        type: "paragraph",
+        content: "Your about-me profile has not been initialized yet. Please run the seed command to get started:"
+      },
       {
         type: "paragraph",
-        content: "Unable to Load Content"
+        content: "npm run seed -- <username> <password>"
       }
     ];
   }

package/dist/chunks/{template-MawmknFQ.js → template-Boh_MKY5.js}

@@ -14,7 +14,8 @@ const DEFAULT_STATIC = {
 let activeConfig = { ...DEFAULT_INFRA, ...DEFAULT_STATIC };
 async function initializeConfig(infra) {
   if (infra) {
-    activeConfig = { ...activeConfig, ...infra };
+    if (infra.baseUrl) activeConfig.baseUrl = infra.baseUrl;
+    if (infra.apiUrl) activeConfig.apiUrl = infra.apiUrl;
   }
   try {
     const res = await fetch(`${activeConfig.apiUrl}/api/static`);

package/dist/chunks/{website-api-DI3muo2s.js → website-api-XoeLwo_N.js}

@@ -359,17 +359,23 @@ async function handleWrite(request, bucket, subpath, env, method) {
   }
   return createErrorResponse("Method not allowed", 405);
 }
-function createSessionCookie(token, secure) {
+function createSessionCookie(token, origin) {
   const expires = new Date(Date.now() + 7 * 24 * 60 * 60 * 1e3).toUTCString();
-  const SameSite = secure ? "Strict" : "Lax";
-  return `session=${token}; HttpOnly; Secure; SameSite=${SameSite}; Path=/; Expires=${expires}`;
+  const isSecure = origin.startsWith("https://");
+  const hostname = new URL(origin).hostname;
+  const SameSite = isSecure ? "Strict" : "Lax";
+  let cookie = `session=${token}; HttpOnly; SameSite=${SameSite}; Path=/; Expires=${expires}`;
+  if (isSecure) {
+    cookie += "; Secure";
+  }
+  cookie += `; Domain=${hostname}`;
+  return cookie;
 }
 async function handleAuth(request, env, subpath) {
   request.method;
   const clientIP = getClientIP(request);
   const path = subpath.replace(/^\//, "").split("/")[0];
-  const url = new URL(request.url);
-  const isSecure = url.protocol === "https:";
+  const origin = request.headers.get("Origin") || new URL(request.url).origin;
   const rateCheck = await checkRateLimit(env, clientIP);
   if (!rateCheck.allowed) {
     return new Response(JSON.stringify({
@@ -385,18 +391,18 @@ async function handleAuth(request, env, subpath) {
   }
   switch (path) {
     case "setup":
-      return handleSetup(request, env, clientIP, isSecure);
+      return handleSetup(request, env, clientIP, origin);
     case "status":
       return handleStatus(env);
     case "login":
-      return handleLogin(request, env, clientIP, isSecure);
+      return handleLogin(request, env, clientIP, origin);
     case "logout":
       return handleLogout(request, env);
     default:
       return createErrorResponse("Not found", 404);
   }
 }
-async function handleSetup(request, env, clientIP, isSecure) {
+async function handleSetup(request, env, clientIP, origin) {
   if (request.method !== "POST") {
     return createErrorResponse("Method not allowed", 405);
   }
@@ -422,7 +428,7 @@ async function handleSetup(request, env, clientIP, isSecure) {
     }), { expirationTtl: 7 * 24 * 60 * 60 });
     const headers = {
       "Content-Type": "application/json",
-      "Set-Cookie": createSessionCookie(token, isSecure)
+      "Set-Cookie": createSessionCookie(token, origin)
     };
     return new Response(JSON.stringify({
       success: true,
@@ -442,7 +448,7 @@ async function handleStatus(env) {
     username: store?.username || null
   });
 }
-async function handleLogin(request, env, clientIP, isSecure) {
+async function handleLogin(request, env, clientIP, origin) {
   if (request.method !== "POST") {
     return createErrorResponse("Method not allowed", 405);
   }
@@ -465,7 +471,7 @@ async function handleLogin(request, env, clientIP, isSecure) {
       }), { expirationTtl: 7 * 24 * 60 * 60 });
       const headers = {
         "Content-Type": "application/json",
-        "Set-Cookie": createSessionCookie(token, isSecure)
+        "Set-Cookie": createSessionCookie(token, origin)
       };
       return new Response(JSON.stringify({
         success: true,
@@ -486,16 +492,21 @@ async function handleLogout(request, env) {
   if (request.method !== "POST") {
     return createErrorResponse("Method not allowed", 405);
   }
+  const origin = request.headers.get("Origin") || new URL(request.url).origin;
   const cookieHeader = request.headers.get("Cookie");
   const sessionToken = cookieHeader?.split(";").find((c) => c.trim().startsWith("session="))?.split("=")[1];
   if (sessionToken) {
     await env.KV.delete(`session:${sessionToken}`);
   }
+  const hostname = new URL(origin).hostname;
+  const isSecure = origin.startsWith("https://");
+  const SameSite = isSecure ? "Strict" : "Lax";
+  const logoutCookie = `session=; HttpOnly; SameSite=${SameSite}; Path=/; Max-Age=0; Domain=${hostname}${isSecure ? "; Secure" : ""}`;
   return new Response(JSON.stringify({ success: true, message: "Logged out" }), {
     status: 200,
     headers: {
       "Content-Type": "application/json",
-      "Set-Cookie": "session=; HttpOnly; Secure; SameSite=Strict; Path=/; Max-Age=0"
+      "Set-Cookie": logoutCookie
     }
   });
 }
@@ -800,28 +811,32 @@ class WebsiteAPI {
     response.headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization");
     return response;
   }
-  addAdminCORSHeaders(response) {
-    response.headers.set("Access-Control-Allow-Origin", "same-origin");
+  addAdminCORSHeaders(response, origin) {
+    const allowOrigin = origin.includes("localhost") || origin.includes("127.0.0.1") ? origin : "same-origin";
+    response.headers.set("Access-Control-Allow-Origin", allowOrigin);
     response.headers.set("Access-Control-Allow-Credentials", "true");
     response.headers.set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
     response.headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization");
     return response;
   }
-  handleCORS() {
+  handleCORS(origin) {
+    const allowOrigin = origin.includes("localhost") || origin.includes("127.0.0.1") ? origin : "*";
     return new Response(null, {
       status: 200,
       headers: {
-        "Access-Control-Allow-Origin": "*",
+        "Access-Control-Allow-Origin": allowOrigin,
         "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
         "Access-Control-Allow-Headers": "Content-Type, Authorization",
+        "Access-Control-Allow-Credentials": "true",
         "Access-Control-Max-Age": "86400"
       }
     });
   }
   async fetch(request, env) {
     const url = new URL(request.url);
+    const origin = request.headers.get("Origin") || url.origin;
     if (request.method === "OPTIONS") {
-      return this.handleCORS();
+      return this.handleCORS(origin);
     }
     const pathname = url.pathname;
     const route = pathname.replace(/^\/api\//, "").replace(/^\//, "").replace(/\/+$/, "");
@@ -832,7 +847,7 @@ class WebsiteAPI {
     try {
       if (route === "content" || route.startsWith("content/")) {
         const subpath = route.replace(/^content\/?/, "");
-        return this.addAdminCORSHeaders(await handleContent(request, env, subpath));
+        return this.addAdminCORSHeaders(await handleContent(request, env, subpath), origin);
       }
       switch (route) {
         case "info":
@@ -844,10 +859,10 @@ class WebsiteAPI {
           const sessionToken = cookieHeader?.split(";").find((c) => c.trim().startsWith("session="))?.split("=")[1];
           const session = sessionToken ? await env.KV.get(`session:${sessionToken}`, "json") : null;
           if (!session || session.expiresAt < Date.now()) {
-            return this.addAdminCORSHeaders(createErrorResponse("Unauthorized", 401));
+            return this.addAdminCORSHeaders(createErrorResponse("Unauthorized", 401), origin);
           }
           clearContentCache();
-          return this.addAdminCORSHeaders(new Response(JSON.stringify({ success: true, message: "Cache cleared" }), { status: 200 }));
+          return this.addAdminCORSHeaders(new Response(JSON.stringify({ success: true, message: "Cache cleared" }), { status: 200 }), origin);
         case "aboutme":
           return this.addCORSHeaders(await handleAboutMe(env));
         case "logo":
@@ -855,7 +870,7 @@ class WebsiteAPI {
         case "static":
           return this.addCORSHeaders(await handleStaticDetails(env));
         case "auth":
-          return this.addAdminCORSHeaders(await handleAuth(request, env, "/auth"));
+          return this.addAdminCORSHeaders(await handleAuth(request, env, "/auth"), origin);
         case "blogs":
           return this.addCORSHeaders(await handleBlogs(env));
         case "blogs/latest":

package/dist/index.js

@@ -1,7 +1,7 @@
-import { A, B, M, R, W, c, a, g, b, d, h, e, r, s, v } from "./chunks/website-api-DI3muo2s.js";
+import { A, B, M, R, W, c, a, g, b, d, h, e, r, s, v } from "./chunks/website-api-XoeLwo_N.js";
 import { WebsitePrerender } from "./prerender.js";
-import { A as A2, B as B2, F, M as M2, a as a2, S } from "./chunks/index-C3wLSCKU.js";
-import { R as R2, S as S2, T, W as W2, b as b2, c as c2, g as g2, a as a3, i, r as r2 } from "./chunks/template-MawmknFQ.js";
+import { A as A2, B as B2, F, M as M2, a as a2, S } from "./chunks/index-Bq8WDk9L.js";
+import { R as R2, S as S2, T, W as W2, b as b2, c as c2, g as g2, a as a3, i, r as r2 } from "./chunks/template-Boh_MKY5.js";
 export {
   A as AUTH_KV,
   A2 as AdminPortal,

package/dist/shared/config/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/shared/config/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAiB,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7E,cAAc,SAAS,CAAC;AAkBxB,wBAAsB,gBAAgB,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC,CAgBpG;AAED,wBAAgB,SAAS,IAAI,aAAa,CAEzC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/shared/config/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAiB,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7E,cAAc,SAAS,CAAC;AAkBxB,wBAAsB,gBAAgB,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC,CAkBpG;AAED,wBAAgB,SAAS,IAAI,aAAa,CAEzC"}

package/dist/shared.js

@@ -1,4 +1,4 @@
-import { R, S, T, W, b, c, g, a, i, r } from "./chunks/template-MawmknFQ.js";
+import { R, S, T, W, b, c, g, a, i, r } from "./chunks/template-Boh_MKY5.js";
 export {
   R as Router,
   S as SiteStore,

package/dist/ui/about-me/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/ui/about-me/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAa,MAAM,KAAK,CAAC;AAG5C,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAIhC,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,OAAO,CAAC;AAOrC,qBACa,SAAU,SAAQ,UAAU;IACvC,MAAM,CAAC,MAAM,0BAAiB;IAG9B,QAAQ,CAAC,OAAO,SAAM;IAGtB,QAAQ,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAAQ;IAGxC,QAAQ,CAAC,YAAY,EAAE,WAAW,EAAE,CAAM;IAG1C,QAAQ,CAAC,OAAO,UAAQ;IAExB,OAAO,CAAC,QAAQ,CAAkB;IAClC;;;;OAIG;IACI,OAAO,sBAAgB;gBAElB,QAAQ,CAAC,EAAE,eAAe;IAKtC,OAAO,KAAK,UAAU,GAErB;IAEK,iBAAiB;IAmBvB,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC;YAiB7B,WAAW;IAuBzB,OAAO,CAAC,kBAAkB;IAU1B,MAAM;CAoCP"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/ui/about-me/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAa,MAAM,KAAK,CAAC;AAG5C,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAIhC,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,OAAO,CAAC;AAOrC,qBACa,SAAU,SAAQ,UAAU;IACvC,MAAM,CAAC,MAAM,0BAAiB;IAG9B,QAAQ,CAAC,OAAO,SAAM;IAGtB,QAAQ,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAAQ;IAGxC,QAAQ,CAAC,YAAY,EAAE,WAAW,EAAE,CAAM;IAG1C,QAAQ,CAAC,OAAO,UAAQ;IAExB,OAAO,CAAC,QAAQ,CAAkB;IAClC;;;;OAIG;IACI,OAAO,sBAAgB;gBAElB,QAAQ,CAAC,EAAE,eAAe;IAKtC,OAAO,KAAK,UAAU,GAErB;IAEK,iBAAiB;IAgBvB,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC;YAc7B,WAAW;IA8BzB,OAAO,CAAC,kBAAkB;IAkB1B,MAAM;CAoCP"}

package/dist/ui/about-me/renderer.d.ts

@@ -1,5 +1,6 @@
+import { TemplateResult } from 'lit';
 import { ContentNode } from '@leadertechie/md2html';
 export declare class AboutMeRenderer {
-    renderContent(nodes: ContentNode[]): unknown;
+    renderContent(nodes: ContentNode[]): TemplateResult[];
 }
 //# sourceMappingURL=renderer.d.ts.map

package/dist/ui/about-me/renderer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"renderer.d.ts","sourceRoot":"","sources":["../../../src/ui/about-me/renderer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEpD,qBAAa,eAAe;IAC1B,aAAa,CAAC,KAAK,EAAE,WAAW,EAAE,GAAG,OAAO;CAG7C"}
+{"version":3,"file":"renderer.d.ts","sourceRoot":"","sources":["../../../src/ui/about-me/renderer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAQ,cAAc,EAAE,MAAM,KAAK,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEpD,qBAAa,eAAe;IAC1B,aAAa,CAAC,KAAK,EAAE,WAAW,EAAE,GAAG,cAAc,EAAE;CAkBtD"}

package/dist/ui.js

@@ -1,4 +1,4 @@
-import { A, B, F, M, a, S } from "./chunks/index-C3wLSCKU.js";
+import { A, B, F, M, a, S } from "./chunks/index-Bq8WDk9L.js";
 export {
   A as AdminPortal,
   B as BlogViewer,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@leadertechie/personal-site-kit",
-  "version": "0.1.0-alpha.6",
+  "version": "0.1.0-alpha.7",
   "type": "module",
   "description": "A high-performance personal website engine for Cloudflare Workers and R2",
   "repository": {

package/src/api/handlers/auth-handler.ts

@@ -10,18 +10,25 @@ import {
   MAX_ATTEMPTS
 } from './auth';
 
-function createSessionCookie(token: string, secure: boolean): string {
+function createSessionCookie(token: string, origin: string): string {
   const expires = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000).toUTCString();
-  const SameSite = secure ? 'Strict' : 'Lax';
-  return `session=${token}; HttpOnly; Secure; SameSite=${SameSite}; Path=/; Expires=${expires}`;
+  const isSecure = origin.startsWith('https://');
+  const hostname = new URL(origin).hostname;
+  const SameSite = isSecure ? 'Strict' : 'Lax';
+  
+  let cookie = `session=${token}; HttpOnly; SameSite=${SameSite}; Path=/; Expires=${expires}`;
+  if (isSecure) {
+    cookie += '; Secure';
+  }
+  cookie += `; Domain=${hostname}`;
+  return cookie;
 }
 
 export async function handleAuth(request: Request, env: any, subpath: string): Promise<Response> {
   const method = request.method;
   const clientIP = getClientIP(request);
   const path = subpath.replace(/^\//, '').split('/')[0];
-  const url = new URL(request.url);
-  const isSecure = url.protocol === 'https:';
+  const origin = request.headers.get('Origin') || new URL(request.url).origin;
 
   // Check rate limit for login attempts
   const rateCheck = await checkRateLimit(env, clientIP);
@@ -40,11 +47,11 @@ export async function handleAuth(request: Request, env: any, subpath: string): P
 
   switch (path) {
     case 'setup':
-      return handleSetup(request, env, clientIP, isSecure);
+      return handleSetup(request, env, clientIP, origin);
     case 'status':
       return handleStatus(env);
     case 'login':
-      return handleLogin(request, env, clientIP, isSecure);
+      return handleLogin(request, env, clientIP, origin);
     case 'logout':
       return handleLogout(request, env);
     default:
@@ -52,7 +59,7 @@ export async function handleAuth(request: Request, env: any, subpath: string): P
   }
 }
 
-async function handleSetup(request: Request, env: any, clientIP: string, isSecure: boolean): Promise<Response> {
+async function handleSetup(request: Request, env: any, clientIP: string, origin: string): Promise<Response> {
   if (request.method !== 'POST') {
     return createErrorResponse('Method not allowed', 405);
   }
@@ -85,7 +92,7 @@ async function handleSetup(request: Request, env: any, clientIP: string, isSecur
 
     const headers: Record<string, string> = {
       'Content-Type': 'application/json',
-      'Set-Cookie': createSessionCookie(token, isSecure)
+      'Set-Cookie': createSessionCookie(token, origin)
     };
 
     return new Response(JSON.stringify({ 
@@ -109,7 +116,7 @@ async function handleStatus(env: any): Promise<Response> {
   });
 }
 
-async function handleLogin(request: Request, env: any, clientIP: string, isSecure: boolean): Promise<Response> {
+async function handleLogin(request: Request, env: any, clientIP: string, origin: string): Promise<Response> {
   if (request.method !== 'POST') {
     return createErrorResponse('Method not allowed', 405);
   }
@@ -138,7 +145,7 @@ async function handleLogin(request: Request, env: any, clientIP: string, isSecur
 
       const headers: Record<string, string> = {
         'Content-Type': 'application/json',
-        'Set-Cookie': createSessionCookie(token, isSecure)
+        'Set-Cookie': createSessionCookie(token, origin)
       };
 
       return new Response(JSON.stringify({ 
@@ -162,6 +169,7 @@ async function handleLogout(request: Request, env: any): Promise<Response> {
     return createErrorResponse('Method not allowed', 405);
   }
 
+  const origin = request.headers.get('Origin') || new URL(request.url).origin;
   const cookieHeader = request.headers.get('Cookie');
   const sessionToken = cookieHeader?.split(';')
     .find(c => c.trim().startsWith('session='))
@@ -171,11 +179,16 @@ async function handleLogout(request: Request, env: any): Promise<Response> {
     await env.KV.delete(`session:${sessionToken}`);
   }
 
+  const hostname = new URL(origin).hostname;
+  const isSecure = origin.startsWith('https://');
+  const SameSite = isSecure ? 'Strict' : 'Lax';
+  const logoutCookie = `session=; HttpOnly; SameSite=${SameSite}; Path=/; Max-Age=0; Domain=${hostname}${isSecure ? '; Secure' : ''}`;
+
   return new Response(JSON.stringify({ success: true, message: 'Logged out' }), {
     status: 200,
     headers: {
       'Content-Type': 'application/json',
-      'Set-Cookie': 'session=; HttpOnly; Secure; SameSite=Strict; Path=/; Max-Age=0'
+      'Set-Cookie': logoutCookie
     }
   });
 }

package/src/api/website-api.ts

@@ -25,21 +25,28 @@ export class WebsiteAPI {
     return response;
   }
 
-  private addAdminCORSHeaders(response: Response): Response {
-    response.headers.set('Access-Control-Allow-Origin', 'same-origin');
+  private addAdminCORSHeaders(response: Response, origin: string): Response {
+    const allowOrigin = origin.includes('localhost') || origin.includes('127.0.0.1') 
+      ? origin 
+      : 'same-origin';
+    response.headers.set('Access-Control-Allow-Origin', allowOrigin);
     response.headers.set('Access-Control-Allow-Credentials', 'true');
     response.headers.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
     response.headers.set('Access-Control-Allow-Headers', 'Content-Type, Authorization');
     return response;
   }
 
-  private handleCORS(): Response {
+  private handleCORS(origin: string): Response {
+    const allowOrigin = origin.includes('localhost') || origin.includes('127.0.0.1') 
+      ? origin 
+      : '*';
     return new Response(null, {
       status: 200,
       headers: {
-        'Access-Control-Allow-Origin': '*' ,
+        'Access-Control-Allow-Origin': allowOrigin ,
         'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS' ,
         'Access-Control-Allow-Headers': 'Content-Type, Authorization',
+        'Access-Control-Allow-Credentials': 'true',
         'Access-Control-Max-Age': '86400',
       },
     });
@@ -47,9 +54,10 @@ export class WebsiteAPI {
 
   public async fetch(request: Request, env: any): Promise<Response> {
     const url = new URL(request.url);
+    const origin = request.headers.get('Origin') || url.origin;
 
     if (request.method === 'OPTIONS') {
-      return this.handleCORS();
+      return this.handleCORS(origin);
     }
 
     const pathname = url.pathname;
@@ -68,7 +76,7 @@ export class WebsiteAPI {
       // Check for content route first (content/*)
       if (route === 'content' || route.startsWith('content/')) {
         const subpath = route.replace(/^content\/?/, '');
-        return this.addAdminCORSHeaders(await handleContent(request, env, subpath));
+        return this.addAdminCORSHeaders(await handleContent(request, env, subpath), origin);
       }
 
       switch (route) {
@@ -83,10 +91,10 @@ export class WebsiteAPI {
             ?.split('=')[1];
           const session = sessionToken ? await env.KV.get(`session:${sessionToken}`, 'json') : null;
           if (!session || session.expiresAt < Date.now()) {
-            return this.addAdminCORSHeaders(createErrorResponse('Unauthorized', 401));
+            return this.addAdminCORSHeaders(createErrorResponse('Unauthorized', 401), origin);
           }
           clearContentCache();
-          return this.addAdminCORSHeaders(new Response(JSON.stringify({ success: true, message: 'Cache cleared' }), { status: 200 }));
+          return this.addAdminCORSHeaders(new Response(JSON.stringify({ success: true, message: 'Cache cleared' }), { status: 200 }), origin);
         case 'aboutme':
           return this.addCORSHeaders(await handleAboutMe(env));
         case 'logo':
@@ -94,7 +102,7 @@ export class WebsiteAPI {
         case 'static':
           return this.addCORSHeaders(await handleStaticDetails(env));
         case 'auth':
-          return this.addAdminCORSHeaders(await handleAuth(request, env, '/auth'));
+          return this.addAdminCORSHeaders(await handleAuth(request, env, '/auth'), origin);
         case 'blogs':
           return this.addCORSHeaders(await handleBlogs(env));
         case 'blogs/latest':

package/src/shared/config/index.ts

@@ -20,7 +20,9 @@ let activeConfig: WebsiteConfig = { ...DEFAULT_INFRA, ...DEFAULT_STATIC };
 
 export async function initializeConfig(infra?: Partial<InfrastructureConfig>): Promise<WebsiteConfig> {
   if (infra) {
-    activeConfig = { ...activeConfig, ...infra };
+    // Only merge defined values
+    if (infra.baseUrl) activeConfig.baseUrl = infra.baseUrl;
+    if (infra.apiUrl) activeConfig.apiUrl = infra.apiUrl;
   }
 
   try {

package/src/ui/about-me/index.ts

@@ -60,10 +60,7 @@ export class MyAboutme extends LitElement {
     }
 
     // Load content if a baseUrl is provided. In dev/prod, this will be set.
-    const url = this.apiBaseUrl;
-    if (url) {
-      this.loadContent();
-    }
+    this.loadContent();
   }
 
   updated(changedProperties: Map<string, any>) {
@@ -76,14 +73,18 @@ export class MyAboutme extends LitElement {
     
     // If baseUrl changed and we have a valid baseUrl, load content
     if (changedProperties.has('baseUrl') || changedProperties.has('base-url')) {
-      const url = this.apiBaseUrl;
-      if (url) {
-        this.loadContent();
-      }
+      this.loadContent();
     }
   }
 
   private async loadContent() {
+    const url = this.apiBaseUrl;
+    if (!url) {
+      this.loading = false;
+      this.setFallbackContent();
+      return;
+    }
+
     try {
       this.loading = true;
 
@@ -109,9 +110,17 @@ export class MyAboutme extends LitElement {
   private setFallbackContent() {
     this.profile = null; // No profile data
     this.contentNodes = [
+      {
+        type: 'heading',
+        content: 'Profile Not Found'
+      },
+      {
+        type: 'paragraph',
+        content: 'Your about-me profile has not been initialized yet. Please run the seed command to get started:'
+      },
       {
         type: 'paragraph',
-        content: 'Unable to Load Content'
+        content: 'npm run seed -- <username> <password>'
       }
     ];
   }

package/src/ui/about-me/renderer.ts

@@ -1,7 +1,23 @@
+import { html, TemplateResult } from 'lit';
 import { ContentNode } from '@leadertechie/md2html';
 
 export class AboutMeRenderer {
-  renderContent(nodes: ContentNode[]): unknown {
-    return nodes;
+  renderContent(nodes: ContentNode[]): TemplateResult[] {
+    return (nodes || []).map(node => {
+      switch (node.type) {
+        case 'heading':
+          const level = (node as any).level || 2;
+          if (level === 1) return html`<h1>${node.content}</h1>`;
+          if (level === 3) return html`<h3>${node.content}</h3>`;
+          return html`<h2>${node.content}</h2>`;
+        case 'paragraph':
+          return html`<p>${node.content}</p>`;
+        case 'list':
+          const items = (node as any).items || [];
+          return html`<ul>${items.map((item: string) => html`<li>${item}</li>`)}</ul>`;
+        default:
+          return html`<div>${node.content}</div>`;
+      }
+    });
   }
 }