@lexho111/plainblog 0.6.4 → 0.6.6

package/Article.js

@@ -52,7 +52,7 @@ export default class Article {
     if (this.content == null) return "";
     const moreButton = this.content.length > 400 ? `<a href="#">more</a>` : "";
     const buttons = loggedin
-      ? `<div class="buttons"><div id="editButton${this.id}" class="button edit">edit</div><div id="deleteButton${this.id}" class="button delete">delete</div></div>`
+      ? `<div class="buttons"><div id="editButton${this.id}" class="btn edit">edit</div><div id="deleteButton${this.id}" class="btn delete">delete</div><div id="somethingelseButton${this.id}" class="btn light">something else</div></div>`
       : "";
     const script = loggedin
       ? `<script>

package/Blog.js

@@ -16,6 +16,7 @@ import FileAdapter from "./model/FileAdapter.js";
 import DataModel from "./model/DataModel.js";
 import { BinarySearchTreeHashMap } from "./model/datastructures/BinarySearchTreeHashMap.js";
 import createDebug from "./debug-loader.js";
+import { readFile } from "node:fs/promises";
 
 // Initialize the debugger with a specific namespace
 const debug = createDebug("plainblog:Blog");
@@ -92,6 +93,7 @@ export default class Blog {
   #stylesheetPath = "";
   compilestyle = false;
   #initPromise = null;
+  #publicDir = path.join(process.cwd(), "public");
 
   setTitle(title) {
     this.#title = title;
@@ -161,8 +163,8 @@ export default class Blog {
 
   #isAuthenticated(req) {
     if (!req.headers.cookie) return false;
-    const params = new URLSearchParams(req.headers.cookie.replace(/; /g, "&"));
-    return this.sessions.has(params.get("session"));
+    const match = req.headers.cookie.match(/(?:^|;\s*)session=([^;]*)/);
+    return match ? this.sessions.has(match[1]) : false;
   }
 
   async #handleLogin(req, res) {
@@ -184,13 +186,17 @@ export default class Blog {
       });
       res.end();
     } else {
-      res.writeHead(401, { "Content-Type": "text/html" });
-      res.end(`${header("My Blog")}
-<body>
-<h1>Unauthorized</h1><div class="box"><p>Please enter the password.<form method="POST">
-<input type="password" name="password" placeholder="Password" />
-<button style="margin: 2px;">Login</button></form></div>
-</body></html>`);
+      debug("login failed");
+      debug("password did not match %s", params.get("password"));
+      res.writeHead(401, { "Content-Type": "application/json" });
+
+      // Send the JSON string
+      res.end(
+        JSON.stringify({
+          error: "unauthorized",
+          message: "Please enter the correct password.",
+        }),
+      );
     }
   }
 
@@ -232,11 +238,7 @@ export default class Blog {
         const __filename = fileURLToPath(import.meta.url);
         const __dirname = path.dirname(__filename);
         const srcStylePath = path.join(__dirname, "src", "styles.css");
-        const publicStylePath = path.join(
-          process.cwd(),
-          "public",
-          "styles.min.css",
-        );
+        const publicStylePath = path.join(this.#publicDir, "styles.min.css");
 
         let publicHash = null;
         let srcStyles = "";
@@ -348,43 +350,25 @@ export default class Blog {
     return this.#initPromise;
   }
 
-  /** post a blog article */
-  async postArticle(req, res) {
-    const body = await new Promise((resolve, reject) => {
-      let data = "";
-      req.on("data", (chunk) => (data += chunk.toString()));
-      req.on("end", () => resolve(data));
-      req.on("error", reject);
-    });
-
-    //req.on("end", async () => {
-    const params = new URLSearchParams(body);
-    const title = params.get("title");
-    const content = params.get("content");
-
-    if (title && content) {
-      const newArticleData = { title, content };
-      try {
-        // Save the new article to the database via the ApiServer
-        const promises = [];
-        if (this.#databaseModel)
-          promises.push(this.#databaseModel.save(newArticleData));
-        if (this.#isExternalAPI)
-          promises.push(postData(this.#apiUrl, newArticleData));
-        await Promise.all(promises);
-        // Add the article to the local list for immediate display
-        this.#articles.insert(Article.createNew(title, content));
-        // remove sample entries
-        this.#articles.remove(1); // "Sample Entry #1"
-        this.#articles.remove(2); // "Sample Entry #2"
-      } catch (error) {
-        console.error("Failed to post new article to API:", error);
-      }
+  async postArticle(newArticle) {
+    try {
+      // Save the new article to the database via the ApiServer
+      const promises = [];
+      //if (this.#databaseModel)
+      //  promises.push(this.#databaseModel.save(newArticle));
+      if (this.#isExternalAPI)
+        promises.push(postData(this.#apiUrl, newArticle));
+      await Promise.all(promises);
+      const title = newArticle.title;
+      const content = newArticle.content;
+      // Add the article to the local list for immediate display
+      this.#articles.insert(Article.createNew(title, content));
+      // remove sample entries
+      this.#articles.remove(1); // "Sample Entry #1"
+      this.#articles.remove(2); // "Sample Entry #2"
+    } catch (error) {
+      console.error("Failed to post new article to API:", error);
     }
-
-    res.writeHead(303, { Location: "/" });
-    res.end();
-    //});
   }
 
   /** start a http server with default port 8080 */
@@ -393,7 +377,18 @@ export default class Blog {
 
     const server = http.createServer(async (req, res) => {
       //debug("query %s", req.url);
+
       // API routes
+      // workaround for angular frontend
+      if (req.url === "/api/login" && req.method === "POST") {
+        await this.#handleLogin(req, res);
+        return;
+      }
+      if (req.url === "/api/logout") {
+        this.#handleLogout(req, res);
+        return;
+      }
+      // ---------------------------------------------
       if (req.url.startsWith("/api")) {
         await this.#jsonAPI(req, res);
         return;
@@ -403,13 +398,61 @@ export default class Blog {
       if (req.url === "/login") {
         if (req.method === "GET") {
           res.writeHead(200, { "Content-Type": "text/html" });
-          res.end(`${header("My Blog")}
-<body>
-<h1>Login</h1><div class="box"><form method="POST">
-<input type="password" name="password" placeholder="Password" />
-<button style="margin: 2px;">Login</button></form></div>
+          res.end(`${header("My Blog")}<body>
+            <form class="loginform" id="loginForm">
+  <h1>Blog</h1>
+  <!-- Message container -->
+  <div id="statusMessage"></div>
+  
+  <input type="password" class="form_element" name="password" placeholder="Password" required />
+  <button class="btn" type="submit">Login</button>
+</form>
+
+<script>
+  const loginForm = document.getElementById('loginForm');
+  const statusDiv = document.getElementById('statusMessage');
+
+  loginForm.addEventListener('submit', async (e) => {
+    e.preventDefault(); // Prevent page reload
+    
+    // Clear previous messages
+    statusDiv.innerHTML = '';
+
+    const formData = new FormData(loginForm);
+    const body = new URLSearchParams(formData); // Replicates form-urlencoded
+
+    try {
+      const response = await fetch('/login', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: body.toString()
+      });
+
+      if (response.ok) {
+        window.location.href = '/'; // Redirect on success
+      } else if (response.status === 401) {
+        // Handle Unauthorized status
+        statusDiv.innerHTML = '<h2>Unauthorized</h2><p>Please enter the correct password.</p>';
+      } else {
+        statusDiv.innerHTML = '<p>Something went wrong. Please try again.</p>';
+      }
+    } catch (error) {
+      console.error('Network Error:', error);
+      statusDiv.innerHTML = '<p>Unable to connect to server.</p>';
+    }
+  });
+</script>
 </body></html>`);
           return;
+          /*res.end(`${header("My Blog")}
+<body>
+<form class="loginform" method="POST">
+<h1>Blog</h1>
+<h2>Login</h2>
+<input type="password" class="form_element password" name="password" placeholder="Password" />
+<button class="btn">Login</button></form>
+</body></html>`);
+          return;*/
         } else if (req.method === "POST") {
           await this.#handleLogin(req, res);
           return;
@@ -420,18 +463,9 @@ export default class Blog {
         this.#handleLogout(req, res);
         return;
       }
-      // POST new article
-      if (req.method === "POST" && req.url === "/") {
-        if (!this.#isAuthenticated(req)) {
-          res.writeHead(403, { "Content-Type": "text/plain" });
-          res.end("Forbidden");
-          return;
-        }
-        await this.postArticle(req, res);
-        // GET artciles
-      } else if (req.method === "GET" && req.url === "/") {
-        // load articles
-
+      // load articles
+      // GET artciles
+      if (req.method === "GET" && req.url === "/") {
         // reload styles and scripts on (every) request
         if (this.reloadStylesOnGET) {
           if (this.#stylesheetPath != null && this.compilestyle) {
@@ -452,6 +486,7 @@ export default class Blog {
           loggedin = true;
         }
 
+        // use built in view engine
         try {
           const html = await this.toHTML(loggedin); // render this blog to HTML
           res.writeHead(200, { "Content-Type": "text/html; charset=UTF-8" });
@@ -461,48 +496,72 @@ export default class Blog {
           res.writeHead(500, { "Content-Type": "text/plain" });
           res.end("Internal Server Error");
         }
+
+        // use angular frontend
+        /*const filePath = path.join(this.#publicDir, "index.html");
+
+        debug("%s", filePath);
+        try {
+          const data = await readFile(filePath);
+          // Manual MIME type detection (simplified)
+          const ext = path.extname(filePath);
+          const mimeTypes = {
+            ".html": "text/html",
+            ".css": "text/css",
+            ".js": "text/javascript",
+          };
+
+          res.writeHead(200, {
+            "Content-Type": mimeTypes[ext] || "application/octet-stream",
+          });
+          res.end(data);
+        } catch (err) {
+          if (err) {
+            res.writeHead(404);
+            return res.end("Index-File Not Found");
+          }
+        }*/
+
+        try {
+          //const html = await this.toHTML(loggedin); // render this blog to HTML
+          //res.writeHead(200, { "Content-Type": "text/html; charset=UTF-8" });
+          //res.end(html);
+        } catch (err) {
+          console.error(err);
+          res.writeHead(500, { "Content-Type": "text/plain" });
+          res.end("Internal Server Error");
+        }
       } else {
         // Try to serve static files from public folder
+        // Normalize path to prevent directory traversal attacks
+        const safePath = path.normalize(req.url).replace(/^(\.\.[\/\\])+/, "");
+        const filePath = path.join(
+          this.#publicDir,
+          safePath === "/" ? "index.html" : safePath,
+        );
+
+        debug("%s", filePath);
         try {
-          const publicDir = path.join(process.cwd(), "public");
-          const parsedUrl = new URL(
-            req.url,
-            `http://${req.headers.host || "localhost"}`,
-          );
-          const filePath = path.join(publicDir, parsedUrl.pathname);
-
-          if (filePath.startsWith(publicDir)) {
-            const stats = await fs.promises.stat(filePath);
-            if (stats.isFile()) {
-              const ext = path.extname(filePath).toLowerCase();
-              const mimeTypes = {
-                ".html": "text/html",
-                ".js": "text/javascript",
-                ".css": "text/css",
-                ".json": "application/json",
-                ".png": "image/png",
-                ".jpg": "image/jpeg",
-                ".gif": "image/gif",
-                ".svg": "image/svg+xml",
-                ".ico": "image/x-icon",
-              };
-              const contentType = mimeTypes[ext] || "application/octet-stream";
-              res.writeHead(200, { "Content-Type": contentType });
-              fs.createReadStream(filePath).pipe(res);
-              return;
-            }
-          }
+          const data = await readFile(filePath);
+          // Manual MIME type detection (simplified)
+          const ext = path.extname(filePath);
+          const mimeTypes = {
+            ".html": "text/html",
+            ".css": "text/css",
+            ".js": "text/javascript",
+          };
+
+          res.writeHead(200, {
+            "Content-Type": mimeTypes[ext] || "application/octet-stream",
+          });
+          res.end(data);
         } catch (err) {
-          // ENOENT (file not found) is expected, leading to a 404.
-          // Only log other, unexpected errors.
-          if (err.code !== "ENOENT") {
-            console.error(err);
+          if (err) {
+            res.writeHead(404);
+            return res.end("File Not Found");
           }
         }
-
-        // Error 404
-        res.writeHead(404, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ message: "Not Found" }));
+        return;
       }
     });
 
@@ -588,11 +647,27 @@ export default class Blog {
   // controller
   /** everything that happens in /api  */
   async #jsonAPI(req, res) {
+    const origin = req.headers.origin;
+    if (origin) {
+      res.setHeader("Access-Control-Allow-Origin", origin);
+      res.setHeader("Access-Control-Allow-Credentials", "true");
+      res.setHeader(
+        "Access-Control-Allow-Methods",
+        "GET, POST, PUT, DELETE, OPTIONS",
+      );
+      res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+    }
+    if (req.method === "OPTIONS") {
+      res.writeHead(204);
+      res.end();
+      return;
+    }
     const url = new URL(req.url, `http://${req.headers.host || "localhost"}`);
     const pathname = url.pathname;
 
     if (req.method === "GET") {
       if (pathname === "/api" || pathname === "/api/") {
+        debug("GET /api");
         res.writeHead(200, { "Content-Type": "application/json" });
         const data = {
           title: this.title,
@@ -601,20 +676,46 @@ export default class Blog {
       }
       // Search
       if (url.searchParams.has("q")) {
+        debug("GET search article by query");
         const query = url.searchParams.get("q");
+        const pLimit = parseInt(url.searchParams.get("limit"));
+        const limit = !isNaN(pLimit) ? pLimit : null;
+        debug("GET search article by query %s with limit %s", query, limit);
         res.writeHead(200, { "Content-Type": "application/json" });
-        const results = this.#articles.search(query);
+        const results = this.#articles.search(query, limit);
         res.end(JSON.stringify({ articles: results }));
         return;
       }
+      // GET article by ID
+      // /api/articles/1
+      const match = pathname.match(/^\/api\/articles\/(\d+)$/);
+      if (match) {
+        debug("GET article by id");
+        const id = parseInt(match[1]);
+        debug("GET article by id %d", id);
+        //console.log(this.#articles.getAllArticles());
+        const article = this.#articles.get(id);
+        if (article) {
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end(JSON.stringify(article));
+        } else {
+          res.writeHead(404, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "Not Found" }));
+        }
+        return;
+      }
       // GET all blog data
       if (pathname === "/api/articles") {
+        debug("GET all articles");
         // Use 'offset' param as startId (filter) to get items starting at ID
         const pLimit = parseInt(url.searchParams.get("limit"));
         const limit = !isNaN(pLimit) ? pLimit : null;
 
         const start = url.searchParams.get("startdate");
         const end = url.searchParams.get("enddate");
+
+        debug("startdate: %d, enddate: %d, limit: %d", start, end, limit);
+
         //const parsedStart = parseDateParam(qStartdate);
         //const parsedEnd = parseDateParam(qEnddate, true);
 
@@ -633,7 +734,9 @@ export default class Blog {
 
       // POST a new article
     } else if (req.method === "POST" && pathname === "/api/articles") {
+      debug("POST an article");
       if (!this.#isAuthenticated(req)) {
+        debug("not authenticated");
         res.writeHead(403, { "Content-Type": "application/json" });
         res.end(JSON.stringify({ error: "Forbidden" }));
         return;
@@ -645,45 +748,57 @@ export default class Blog {
         req.on("error", reject);
       });
       const newArticle = JSON.parse(body);
+      debug("new article: %s", newArticle.title);
       // local
       await this.#databaseModel.save(newArticle); // --> to api server
+      this.postArticle(newArticle);
       // extern
       res.writeHead(201, { "Content-Type": "application/json" });
       res.end(JSON.stringify(newArticle));
-    } else if (req.method === "DELETE" && pathname === "/api/articles") {
+    } else if (req.method === "DELETE") {
+      debug("DELETE an article");
+      const match = pathname.match(/^\/api\/articles\/(\d+)$/);
+      if (pathname === "/api/articles" || match) {
+        if (!this.#isAuthenticated(req)) {
+          res.writeHead(403, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "Forbidden" }));
+          return;
+        }
+        const id = match ? match[1] : url.searchParams.get("id");
+        debug("delete an article by id $d", id);
+        if (id) {
+          this.#articles.remove(parseInt(id));
+          if (this.#databaseModel) {
+            await this.#databaseModel.remove(parseInt(id));
+          }
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ status: "deleted", id }));
+        }
+      }
+    } else if (req.method === "PUT") {
+      debug("PUT an article");
       if (!this.#isAuthenticated(req)) {
         res.writeHead(403, { "Content-Type": "application/json" });
         res.end(JSON.stringify({ error: "Forbidden" }));
         return;
       }
-      const id = url.searchParams.get("id");
-      if (id) {
-        this.#articles.remove(parseInt(id));
+      const match = pathname.match(/^\/api\/articles\/(\d+)$/);
+      if (pathname === "/api/articles" || match) {
+        const id = match ? match[1] : url.searchParams.get("id");
+        debug("PUT article id: %d", id);
+        const body = await new Promise((resolve) => {
+          let data = "";
+          req.on("data", (chunk) => (data += chunk));
+          req.on("end", () => resolve(data));
+        });
+        const { title, content } = JSON.parse(body);
+        this.#articles.update(parseInt(id), title, content);
         if (this.#databaseModel) {
-          await this.#databaseModel.remove(parseInt(id));
+          await this.#databaseModel.update(parseInt(id), { title, content });
         }
         res.writeHead(200, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ status: "deleted", id }));
+        res.end(JSON.stringify({ status: "updated", id }));
       }
-    } else if (req.method === "PUT" && pathname === "/api/articles") {
-      if (!this.#isAuthenticated(req)) {
-        res.writeHead(403, { "Content-Type": "application/json" });
-        res.end(JSON.stringify({ error: "Forbidden" }));
-        return;
-      }
-      const id = url.searchParams.get("id");
-      const body = await new Promise((resolve) => {
-        let data = "";
-        req.on("data", (chunk) => (data += chunk));
-        req.on("end", () => resolve(data));
-      });
-      const { title, content } = JSON.parse(body);
-      this.#articles.update(parseInt(id), title, content);
-      if (this.#databaseModel) {
-        await this.#databaseModel.update(parseInt(id), { title, content });
-      }
-      res.writeHead(200, { "Content-Type": "application/json" });
-      res.end(JSON.stringify({ status: "updated", id }));
     }
   }
 
@@ -781,11 +896,9 @@ export default class Blog {
         this.compiledStyles = await compileStyles(fileData);
 
         // generate a file
-        const publicDir = path.join(process.cwd(), "public");
-
-        await fs.promises.mkdir(publicDir, { recursive: true });
+        await fs.promises.mkdir(this.#publicDir, { recursive: true });
         await fs.promises.writeFile(
-          path.join(publicDir, "styles.min.css"),
+          path.join(this.#publicDir, "styles.min.css"),
           this.compiledStyles + `\n/* source-hash: ${currentHash} */`,
         );
       } else {
@@ -828,9 +941,8 @@ export default class Blog {
 
       if (!this.#scriptsHash) {
         try {
-          const publicDir = path.join(process.cwd(), "public");
           const existing = await fs.promises.readFile(
-            path.join(publicDir, "scripts.min.js"),
+            path.join(this.#publicDir, "scripts.min.js"),
             "utf-8",
           );
           const match = existing.match(/\/\* source-hash: ([a-f0-9]{64}) \*\//);
@@ -846,10 +958,9 @@ export default class Blog {
 
         const compiledScripts = await compileScripts(fileData);
 
-        const publicDir = path.join(process.cwd(), "public");
-        await fs.promises.mkdir(publicDir, { recursive: true });
+        await fs.promises.mkdir(this.#publicDir, { recursive: true });
         await fs.promises.writeFile(
-          path.join(publicDir, "scripts.min.js"),
+          path.join(this.#publicDir, "scripts.min.js"),
           compiledScripts + `\n/* source-hash: ${currentHash} */`,
         );
       }

package/Formatter.js

@@ -27,20 +27,18 @@ export function formatHTML(data) {
   let form1 = "";
   if (data.loggedin) {
     form1 = `<form action="/" method="POST">
-        <div class="box">
         <h3>Add a New Article</h3>
-        <input type="text" id="title" name="title" placeholder="Article Title" required style="display: block; width: 300px; margin-bottom: 10px;">
-        <textarea id="content" name="content" placeholder="Article Content" required style="display: block; width: 300px; height: 100px; margin-bottom: 10px;"></textarea>
+        <input type="text" id="title" class="form_element new_title wide" name="title" placeholder="Article Title" required>
+        <textarea id="content" class="form_element new_content wide" name="content" placeholder="Article Content" required></textarea>
         <button type="submit">Add Article</button>${button}
       </form>
-      </div>
       <hr>`;
   }
-  const form = form1;
+  const form = ""; //form1;
   return `${header(data.title)}
   <body>
     <nav>
-  <input type="text" id="search" placeholder="Search..." style="float:right; margin: 5px;">
+  <input type="text" id="search" placeholder="Search...">
   ${data.login}
   </nav>
   <div id="header">
@@ -49,7 +47,7 @@ export function formatHTML(data) {
     </div>
     <div id="wrapper">
     ${form}
-      <section id="articles" class="grid">
+      <section id="articles" class="articles">
       ${data.articles.map((article) => article.toHTML(data.loggedin)).join("")}
       </section>
     </div>

package/model/DataModel.js

@@ -34,10 +34,10 @@ export default class DataModel {
     }
   }
 
-  search(query) {
+  search(query, limit) {
     debug("search");
     if (this.storage.search) {
-      return this.storage.search(query);
+      return this.storage.search(query, limit);
     }
   }
 
@@ -46,6 +46,10 @@ export default class DataModel {
     this.storage.remove(article);
   }
 
+  get(id) {
+    return this.storage.get(id);
+  }
+
   getAllArticles() {
     debug("get all articles");
     const order = "newest";

package/model/datastructures/BinarySearchTree.js

@@ -122,6 +122,33 @@ export class BinarySearchTree {
     }
   }
 
+  *traverse(order = "newest") {
+    const stack = [];
+    let current = this.root;
+
+    if (order === "newest") {
+      while (current || stack.length > 0) {
+        while (current) {
+          stack.push(current);
+          current = current.right;
+        }
+        current = stack.pop();
+        yield current.article;
+        current = current.left;
+      }
+    } else {
+      while (current || stack.length > 0) {
+        while (current) {
+          stack.push(current);
+          current = current.left;
+        }
+        current = stack.pop();
+        yield current.article;
+        current = current.right;
+      }
+    }
+  }
+
   getRange(startdate, enddate, limit) {
     const results = [];
     // Optimization: Convert to timestamps once to avoid Date object creation/coercion in recursion