@lexho111/plainblog 0.6.3 → 0.6.5

package/Article.js

@@ -52,7 +52,7 @@ export default class Article {
     if (this.content == null) return "";
     const moreButton = this.content.length > 400 ? `<a href="#">more</a>` : "";
     const buttons = loggedin
-      ? `<div class="buttons"><div id="editButton${this.id}" class="button edit">edit</div><div id="deleteButton${this.id}" class="button delete">delete</div></div>`
+      ? `<div class="buttons"><div id="editButton${this.id}" class="btn edit">edit</div><div id="deleteButton${this.id}" class="btn delete">delete</div></div>`
       : "";
     const script = loggedin
       ? `<script>

package/Blog.js

@@ -16,6 +16,7 @@ import FileAdapter from "./model/FileAdapter.js";
 import DataModel from "./model/DataModel.js";
 import { BinarySearchTreeHashMap } from "./model/datastructures/BinarySearchTreeHashMap.js";
 import createDebug from "./debug-loader.js";
+import { readFile } from "node:fs/promises";
 
 // Initialize the debugger with a specific namespace
 const debug = createDebug("plainblog:Blog");
@@ -92,6 +93,7 @@ export default class Blog {
   #stylesheetPath = "";
   compilestyle = false;
   #initPromise = null;
+  #publicDir = path.join(process.cwd(), "public");
 
   setTitle(title) {
     this.#title = title;
@@ -161,8 +163,8 @@ export default class Blog {
 
   #isAuthenticated(req) {
     if (!req.headers.cookie) return false;
-    const params = new URLSearchParams(req.headers.cookie.replace(/; /g, "&"));
-    return this.sessions.has(params.get("session"));
+    const match = req.headers.cookie.match(/(?:^|;\s*)session=([^;]*)/);
+    return match ? this.sessions.has(match[1]) : false;
   }
 
   async #handleLogin(req, res) {
@@ -184,6 +186,8 @@ export default class Blog {
       });
       res.end();
     } else {
+      debug("login failed");
+      debug("password did not match %s", params.get("password"));
       res.writeHead(401, { "Content-Type": "text/html" });
       res.end(`${header("My Blog")}
 <body>
@@ -232,11 +236,7 @@ export default class Blog {
         const __filename = fileURLToPath(import.meta.url);
         const __dirname = path.dirname(__filename);
         const srcStylePath = path.join(__dirname, "src", "styles.css");
-        const publicStylePath = path.join(
-          process.cwd(),
-          "public",
-          "styles.min.css",
-        );
+        const publicStylePath = path.join(this.#publicDir, "styles.min.css");
 
         let publicHash = null;
         let srcStyles = "";
@@ -348,43 +348,25 @@ export default class Blog {
     return this.#initPromise;
   }
 
-  /** post a blog article */
-  async postArticle(req, res) {
-    const body = await new Promise((resolve, reject) => {
-      let data = "";
-      req.on("data", (chunk) => (data += chunk.toString()));
-      req.on("end", () => resolve(data));
-      req.on("error", reject);
-    });
-
-    //req.on("end", async () => {
-    const params = new URLSearchParams(body);
-    const title = params.get("title");
-    const content = params.get("content");
-
-    if (title && content) {
-      const newArticleData = { title, content };
-      try {
-        // Save the new article to the database via the ApiServer
-        const promises = [];
-        if (this.#databaseModel)
-          promises.push(this.#databaseModel.save(newArticleData));
-        if (this.#isExternalAPI)
-          promises.push(postData(this.#apiUrl, newArticleData));
-        await Promise.all(promises);
-        // Add the article to the local list for immediate display
-        this.#articles.insert(Article.createNew(title, content));
-        // remove sample entries
-        this.#articles.remove(1); // "Sample Entry #1"
-        this.#articles.remove(2); // "Sample Entry #2"
-      } catch (error) {
-        console.error("Failed to post new article to API:", error);
-      }
+  async postArticle(newArticle) {
+    try {
+      // Save the new article to the database via the ApiServer
+      const promises = [];
+      //if (this.#databaseModel)
+      //  promises.push(this.#databaseModel.save(newArticle));
+      if (this.#isExternalAPI)
+        promises.push(postData(this.#apiUrl, newArticle));
+      await Promise.all(promises);
+      const title = newArticle.title;
+      const content = newArticle.content;
+      // Add the article to the local list for immediate display
+      this.#articles.insert(Article.createNew(title, content));
+      // remove sample entries
+      this.#articles.remove(1); // "Sample Entry #1"
+      this.#articles.remove(2); // "Sample Entry #2"
+    } catch (error) {
+      console.error("Failed to post new article to API:", error);
     }
-
-    res.writeHead(303, { Location: "/" });
-    res.end();
-    //});
   }
 
   /** start a http server with default port 8080 */
@@ -393,7 +375,18 @@ export default class Blog {
 
     const server = http.createServer(async (req, res) => {
       //debug("query %s", req.url);
+
       // API routes
+      // workaround for angular frontend
+      if (req.url === "/api/login" && req.method === "POST") {
+        await this.#handleLogin(req, res);
+        return;
+      }
+      if (req.url === "/api/logout") {
+        this.#handleLogout(req, res);
+        return;
+      }
+      // ---------------------------------------------
       if (req.url.startsWith("/api")) {
         await this.#jsonAPI(req, res);
         return;
@@ -420,18 +413,9 @@ export default class Blog {
         this.#handleLogout(req, res);
         return;
       }
-      // POST new article
-      if (req.method === "POST" && req.url === "/") {
-        if (!this.#isAuthenticated(req)) {
-          res.writeHead(403, { "Content-Type": "text/plain" });
-          res.end("Forbidden");
-          return;
-        }
-        await this.postArticle(req, res);
-        // GET artciles
-      } else if (req.method === "GET" && req.url === "/") {
-        // load articles
-
+      // load articles
+      // GET artciles
+      if (req.method === "GET" && req.url === "/") {
         // reload styles and scripts on (every) request
         if (this.reloadStylesOnGET) {
           if (this.#stylesheetPath != null && this.compilestyle) {
@@ -452,6 +436,7 @@ export default class Blog {
           loggedin = true;
         }
 
+        // use built in view engine
         try {
           const html = await this.toHTML(loggedin); // render this blog to HTML
           res.writeHead(200, { "Content-Type": "text/html; charset=UTF-8" });
@@ -461,48 +446,72 @@ export default class Blog {
           res.writeHead(500, { "Content-Type": "text/plain" });
           res.end("Internal Server Error");
         }
+
+        // use angular frontend
+        /*const filePath = path.join(this.#publicDir, "index.html");
+
+        debug("%s", filePath);
+        try {
+          const data = await readFile(filePath);
+          // Manual MIME type detection (simplified)
+          const ext = path.extname(filePath);
+          const mimeTypes = {
+            ".html": "text/html",
+            ".css": "text/css",
+            ".js": "text/javascript",
+          };
+
+          res.writeHead(200, {
+            "Content-Type": mimeTypes[ext] || "application/octet-stream",
+          });
+          res.end(data);
+        } catch (err) {
+          if (err) {
+            res.writeHead(404);
+            return res.end("Index-File Not Found");
+          }
+        }
+
+        try {
+          //const html = await this.toHTML(loggedin); // render this blog to HTML
+          //res.writeHead(200, { "Content-Type": "text/html; charset=UTF-8" });
+          //res.end(html);
+        } catch (err) {
+          console.error(err);
+          res.writeHead(500, { "Content-Type": "text/plain" });
+          res.end("Internal Server Error");
+        }*/
       } else {
         // Try to serve static files from public folder
+        // Normalize path to prevent directory traversal attacks
+        const safePath = path.normalize(req.url).replace(/^(\.\.[\/\\])+/, "");
+        const filePath = path.join(
+          this.#publicDir,
+          safePath === "/" ? "index.html" : safePath,
+        );
+
+        debug("%s", filePath);
         try {
-          const publicDir = path.join(process.cwd(), "public");
-          const parsedUrl = new URL(
-            req.url,
-            `http://${req.headers.host || "localhost"}`,
-          );
-          const filePath = path.join(publicDir, parsedUrl.pathname);
-
-          if (filePath.startsWith(publicDir)) {
-            const stats = await fs.promises.stat(filePath);
-            if (stats.isFile()) {
-              const ext = path.extname(filePath).toLowerCase();
-              const mimeTypes = {
-                ".html": "text/html",
-                ".js": "text/javascript",
-                ".css": "text/css",
-                ".json": "application/json",
-                ".png": "image/png",
-                ".jpg": "image/jpeg",
-                ".gif": "image/gif",
-                ".svg": "image/svg+xml",
-                ".ico": "image/x-icon",
-              };
-              const contentType = mimeTypes[ext] || "application/octet-stream";
-              res.writeHead(200, { "Content-Type": contentType });
-              fs.createReadStream(filePath).pipe(res);
-              return;
-            }
-          }
+          const data = await readFile(filePath);
+          // Manual MIME type detection (simplified)
+          const ext = path.extname(filePath);
+          const mimeTypes = {
+            ".html": "text/html",
+            ".css": "text/css",
+            ".js": "text/javascript",
+          };
+
+          res.writeHead(200, {
+            "Content-Type": mimeTypes[ext] || "application/octet-stream",
+          });
+          res.end(data);
         } catch (err) {
-          // ENOENT (file not found) is expected, leading to a 404.
-          // Only log other, unexpected errors.
-          if (err.code !== "ENOENT") {
-            console.error(err);
+          if (err) {
+            res.writeHead(404);
+            return res.end("File Not Found");
           }
         }
-
-        // Error 404
-        res.writeHead(404, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ message: "Not Found" }));
+        return;
       }
     });
 
@@ -588,11 +597,27 @@ export default class Blog {
   // controller
   /** everything that happens in /api  */
   async #jsonAPI(req, res) {
+    const origin = req.headers.origin;
+    if (origin) {
+      res.setHeader("Access-Control-Allow-Origin", origin);
+      res.setHeader("Access-Control-Allow-Credentials", "true");
+      res.setHeader(
+        "Access-Control-Allow-Methods",
+        "GET, POST, PUT, DELETE, OPTIONS",
+      );
+      res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+    }
+    if (req.method === "OPTIONS") {
+      res.writeHead(204);
+      res.end();
+      return;
+    }
     const url = new URL(req.url, `http://${req.headers.host || "localhost"}`);
     const pathname = url.pathname;
 
     if (req.method === "GET") {
       if (pathname === "/api" || pathname === "/api/") {
+        debug("GET /api");
         res.writeHead(200, { "Content-Type": "application/json" });
         const data = {
           title: this.title,
@@ -601,20 +626,46 @@ export default class Blog {
       }
       // Search
       if (url.searchParams.has("q")) {
+        debug("GET search article by query");
         const query = url.searchParams.get("q");
+        const pLimit = parseInt(url.searchParams.get("limit"));
+        const limit = !isNaN(pLimit) ? pLimit : null;
+        debug("GET search article by query %s with limit %s", query, limit);
         res.writeHead(200, { "Content-Type": "application/json" });
-        const results = this.#articles.search(query);
+        const results = this.#articles.search(query, limit);
         res.end(JSON.stringify({ articles: results }));
         return;
       }
+      // GET article by ID
+      // /api/articles/1
+      const match = pathname.match(/^\/api\/articles\/(\d+)$/);
+      if (match) {
+        debug("GET article by id");
+        const id = parseInt(match[1]);
+        debug("GET article by id %d", id);
+        //console.log(this.#articles.getAllArticles());
+        const article = this.#articles.get(id);
+        if (article) {
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end(JSON.stringify(article));
+        } else {
+          res.writeHead(404, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "Not Found" }));
+        }
+        return;
+      }
       // GET all blog data
       if (pathname === "/api/articles") {
+        debug("GET all articles");
         // Use 'offset' param as startId (filter) to get items starting at ID
         const pLimit = parseInt(url.searchParams.get("limit"));
         const limit = !isNaN(pLimit) ? pLimit : null;
 
         const start = url.searchParams.get("startdate");
         const end = url.searchParams.get("enddate");
+
+        debug("startdate: %d, enddate: %d, limit: %d", start, end, limit);
+
         //const parsedStart = parseDateParam(qStartdate);
         //const parsedEnd = parseDateParam(qEnddate, true);
 
@@ -633,7 +684,9 @@ export default class Blog {
 
       // POST a new article
     } else if (req.method === "POST" && pathname === "/api/articles") {
+      debug("POST an article");
       if (!this.#isAuthenticated(req)) {
+        debug("not authenticated");
         res.writeHead(403, { "Content-Type": "application/json" });
         res.end(JSON.stringify({ error: "Forbidden" }));
         return;
@@ -645,45 +698,57 @@ export default class Blog {
         req.on("error", reject);
       });
       const newArticle = JSON.parse(body);
+      debug("new article: %s", newArticle.title);
       // local
       await this.#databaseModel.save(newArticle); // --> to api server
+      this.postArticle(newArticle);
       // extern
       res.writeHead(201, { "Content-Type": "application/json" });
       res.end(JSON.stringify(newArticle));
-    } else if (req.method === "DELETE" && pathname === "/api/articles") {
+    } else if (req.method === "DELETE") {
+      debug("DELETE an article");
+      const match = pathname.match(/^\/api\/articles\/(\d+)$/);
+      if (pathname === "/api/articles" || match) {
+        if (!this.#isAuthenticated(req)) {
+          res.writeHead(403, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "Forbidden" }));
+          return;
+        }
+        const id = match ? match[1] : url.searchParams.get("id");
+        debug("delete an article by id $d", id);
+        if (id) {
+          this.#articles.remove(parseInt(id));
+          if (this.#databaseModel) {
+            await this.#databaseModel.remove(parseInt(id));
+          }
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ status: "deleted", id }));
+        }
+      }
+    } else if (req.method === "PUT") {
+      debug("PUT an article");
       if (!this.#isAuthenticated(req)) {
         res.writeHead(403, { "Content-Type": "application/json" });
         res.end(JSON.stringify({ error: "Forbidden" }));
         return;
       }
-      const id = url.searchParams.get("id");
-      if (id) {
-        this.#articles.remove(parseInt(id));
+      const match = pathname.match(/^\/api\/articles\/(\d+)$/);
+      if (pathname === "/api/articles" || match) {
+        const id = match ? match[1] : url.searchParams.get("id");
+        debug("PUT article id: %d", id);
+        const body = await new Promise((resolve) => {
+          let data = "";
+          req.on("data", (chunk) => (data += chunk));
+          req.on("end", () => resolve(data));
+        });
+        const { title, content } = JSON.parse(body);
+        this.#articles.update(parseInt(id), title, content);
         if (this.#databaseModel) {
-          await this.#databaseModel.remove(parseInt(id));
+          await this.#databaseModel.update(parseInt(id), { title, content });
         }
         res.writeHead(200, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ status: "deleted", id }));
+        res.end(JSON.stringify({ status: "updated", id }));
       }
-    } else if (req.method === "PUT" && pathname === "/api/articles") {
-      if (!this.#isAuthenticated(req)) {
-        res.writeHead(403, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ error: "Forbidden" }));
-        return;
-      }
-      const id = url.searchParams.get("id");
-      const body = await new Promise((resolve) => {
-        let data = "";
-        req.on("data", (chunk) => (data += chunk));
-        req.on("end", () => resolve(data));
-      });
-      const { title, content } = JSON.parse(body);
-      this.#articles.update(parseInt(id), title, content);
-      if (this.#databaseModel) {
-        await this.#databaseModel.update(parseInt(id), { title, content });
-      }
-      res.writeHead(200, { "Content-Type": "application/json" });
-      res.end(JSON.stringify({ status: "updated", id }));
     }
   }
 
@@ -781,11 +846,9 @@ export default class Blog {
         this.compiledStyles = await compileStyles(fileData);
 
         // generate a file
-        const publicDir = path.join(process.cwd(), "public");
-
-        await fs.promises.mkdir(publicDir, { recursive: true });
+        await fs.promises.mkdir(this.#publicDir, { recursive: true });
         await fs.promises.writeFile(
-          path.join(publicDir, "styles.min.css"),
+          path.join(this.#publicDir, "styles.min.css"),
           this.compiledStyles + `\n/* source-hash: ${currentHash} */`,
         );
       } else {
@@ -828,9 +891,8 @@ export default class Blog {
 
       if (!this.#scriptsHash) {
         try {
-          const publicDir = path.join(process.cwd(), "public");
           const existing = await fs.promises.readFile(
-            path.join(publicDir, "scripts.min.js"),
+            path.join(this.#publicDir, "scripts.min.js"),
             "utf-8",
           );
           const match = existing.match(/\/\* source-hash: ([a-f0-9]{64}) \*\//);
@@ -846,10 +908,9 @@ export default class Blog {
 
         const compiledScripts = await compileScripts(fileData);
 
-        const publicDir = path.join(process.cwd(), "public");
-        await fs.promises.mkdir(publicDir, { recursive: true });
+        await fs.promises.mkdir(this.#publicDir, { recursive: true });
         await fs.promises.writeFile(
-          path.join(publicDir, "scripts.min.js"),
+          path.join(this.#publicDir, "scripts.min.js"),
           compiledScripts + `\n/* source-hash: ${currentHash} */`,
         );
       }

package/index.js

@@ -1,32 +1,5 @@
 import Blog from "./Blog.js";
 import Article from "./Article.js";
-import FileAdapter from "./model/FileAdapter.js";
-import SqliteAdapter from "./model/SqliteAdapter.js";
-import PostgresAdapter from "./model/PostgresAdapter.js";
-import DataModel from "./model/DataModel.js";
-import ArrayList from "./model/datastructures/ArrayList.js";
-import FileList from "./model/datastructures/FileList.js";
-import { BinarySearchTree } from "./model/datastructures/BinarySearchTree.js";
-import {
-  generateTitle,
-  generateContent,
-  generateDateList,
-} from "./utilities.js";
-import { appendArticle } from "./model/FileModel.js";
 
-export {
-  Blog,
-  Article,
-  FileAdapter,
-  SqliteAdapter,
-  PostgresAdapter,
-  DataModel,
-  ArrayList,
-  FileList,
-  BinarySearchTree,
-  generateTitle,
-  generateContent,
-  generateDateList,
-  appendArticle,
-};
+export { Blog, Article };
 export default Blog;

package/jest.config.js

@@ -0,0 +1,15 @@
+/** @type {import('jest').Config} */
+const config = {
+  // Use testPathIgnorePatterns to exclude folders from discovery
+  testPathIgnorePatterns: [
+    "/node_modules/", // Always recommended
+    "<rootDir>/angular-frontend/", // Replace with your folder name
+  ],
+
+  // If you also want to exclude the folder from coverage reports
+  coveragePathIgnorePatterns: ["<rootDir>/angular-frontend/"],
+
+  transform: {}, // Optional: Add transformers if using TS or Babel
+};
+
+export default config;

package/model/DataModel.js

@@ -34,10 +34,10 @@ export default class DataModel {
     }
   }
 
-  search(query) {
+  search(query, limit) {
     debug("search");
     if (this.storage.search) {
-      return this.storage.search(query);
+      return this.storage.search(query, limit);
     }
   }
 
@@ -46,6 +46,10 @@ export default class DataModel {
     this.storage.remove(article);
   }
 
+  get(id) {
+    return this.storage.get(id);
+  }
+
   getAllArticles() {
     debug("get all articles");
     const order = "newest";

package/model/datastructures/BinarySearchTree.js

@@ -122,6 +122,33 @@ export class BinarySearchTree {
     }
   }
 
+  *traverse(order = "newest") {
+    const stack = [];
+    let current = this.root;
+
+    if (order === "newest") {
+      while (current || stack.length > 0) {
+        while (current) {
+          stack.push(current);
+          current = current.right;
+        }
+        current = stack.pop();
+        yield current.article;
+        current = current.left;
+      }
+    } else {
+      while (current || stack.length > 0) {
+        while (current) {
+          stack.push(current);
+          current = current.left;
+        }
+        current = stack.pop();
+        yield current.article;
+        current = current.right;
+      }
+    }
+  }
+
   getRange(startdate, enddate, limit) {
     const results = [];
     // Optimization: Convert to timestamps once to avoid Date object creation/coercion in recursion

package/model/datastructures/BinarySearchTreeHashMap.js

@@ -37,14 +37,19 @@ export class BinarySearchTreeHashMap extends BinarySearchTree {
     return false;
   }
 
-  search(query) {
+  search(query, limit) {
     debug("search %s ", query);
     const lower = query.toLowerCase();
-    const results = this.getAllArticles().filter(
-      (a) =>
+    const results = [];
+    for (const a of this.traverse()) {
+      if (
         a.title.toLowerCase().includes(lower) ||
-        a.content.toLowerCase().includes(lower),
-    );
+        a.content.toLowerCase().includes(lower)
+      ) {
+        results.push(a);
+        if (limit != null && results.length >= limit) break;
+      }
+    }
     debug("%d results found", results.length);
     return results;
   }
@@ -59,6 +64,10 @@ export class BinarySearchTreeHashMap extends BinarySearchTree {
     return super.getAllArticles(order);
   }
 
+  get(id) {
+    return this.ids.get(id);
+  }
+
   getRange(startdate, enddate, limit) {
     return super.getRange(startdate, enddate, limit);
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lexho111/plainblog",
-  "version": "0.6.3",
+  "version": "0.6.5",
   "description": "A tool for creating and serving a minimalist, single-page blog.",
   "main": "index.js",
   "type": "module",