@lexho111/plainblog 0.7.5 → 0.8.1

package/Article.js

@@ -1,88 +1,94 @@
 export default class Article {
-    constructor(id, title, content, createdAt) {
-        this.id = id;
-        this.title = title;
-        this.content = content;
-        this.createdAt = new Date(createdAt).getTime();
-    }
-    static createNew(title, content, createdAt = new Date()) {
-        const id = this.getNextID(); // Your existing ID generator
-        //const createdAt = new Date();
-        return new Article(id, title, content, createdAt);
-    }
-    static getNextID() {
-        // Generiert eine kollisionssichere ID basierend auf Zeitstempel + Zufall
-        // Passt in JS Safe Integer und SQLite Integer (64-bit)
-        return Date.now() * 1000 + Math.floor(Math.random() * 1000);
-    }
-    getContent() {
-        return this.content;
-    }
-    getContentVeryShort() {
-        if (!this.content)
-            return "";
-        if (this.content.length < 50)
-            return this.content;
-        let contentShort = this.content.substring(0, 50);
-        contentShort += "...";
-        return contentShort;
-    }
-    getContentShort() {
-        if (!this.content)
-            return "";
-        if (this.content.length < 400)
-            return this.content;
-        let contentShort = this.content.substring(0, 400);
-        contentShort += "...";
-        return contentShort;
-    }
-    /**
-     * Returns a JSON-serializable representation of the article.
-     * This method is automatically called by JSON.stringify().
-     */
-    toJSON() {
-        // Return a plain object with the desired properties
-        const date = !isNaN(this.createdAt)
-            ? new Date(this.createdAt).toISOString()
-            : new Date().toISOString();
-        return {
-            id: this.id,
-            title: this.title,
-            content: this.content,
-            createdAt: date,
-        };
-    }
-    /**
-     * Returns a JSON-serializable representation of the article.
-     * This method is automatically called by JSON.stringify().
-     */
-    json() {
-        return this.toJSON();
-    }
-    getFormattedDate() {
-        const date = new Date(this.createdAt);
-        const year = date.getFullYear();
-        const month = String(date.getMonth() + 1).padStart(2, "0");
-        const day = String(date.getDate()).padStart(2, "0");
-        const hours = String(date.getHours()).padStart(2, "0");
-        const minutes = String(date.getMinutes()).padStart(2, "0");
-        return `${year}/${month}/${day} ${hours}:${minutes}`;
-    }
-    toHTML(loggedin = false) {
-        if (this.content == null)
-            return "";
-        const moreButton = this.content.length > 400 ? `<a href="#">more</a>` : "";
-        const buttons = loggedin // prettier-ignore
-            ? `<div class="buttons"><div id="editButton${this.id}" class="btn edit" role="button" tabindex="0" data-action="edit" data-id="${this.id}">edit</div><div id="deleteButton${this.id}" class="btn delete" role="button" tabindex="0" data-action="delete" data-id="${this.id}">delete</div><div id="somethingelseButton${this.id}" class="btn light">something else</div></div>`
-            : "";
-        // prettier-ignore
-        return `<article data-id="${this.id}" data-date="${this.createdAt}">
-    ${buttons}
-        <h2>${this.title}</h2>
-        <span class="datetime">${this.getFormattedDate()}</span>
-        <p>${this.getContentShort()}</p>
-        <div class="full-content" style="display: none;">${this.content}</div>
-        ${moreButton}
+  id;
+  title;
+  content;
+  createdAt;
+  image;
+  constructor(id, title, content, createdAt, image = null) {
+    this.id = id;
+    this.title = title;
+    this.content = content;
+    this.createdAt = new Date(createdAt).getTime();
+    this.image = image;
+  }
+  static createNew(title, content, createdAt = new Date(), image = null) {
+    const id = this.getNextID(); // Your existing ID generator
+    //const createdAt = new Date();
+    return new Article(id, title, content, createdAt, image);
+  }
+  static getNextID() {
+    // Generiert eine kollisionssichere ID basierend auf Zeitstempel + Zufall
+    // Passt in JS Safe Integer und SQLite Integer (64-bit)
+    return Date.now() * 1000 + Math.floor(Math.random() * 1000);
+  }
+  getContent() {
+    return this.content;
+  }
+  getContentVeryShort() {
+    if (!this.content) return "";
+    if (this.content.length < 50) return this.content;
+    let contentShort = this.content.substring(0, 50);
+    contentShort += "...";
+    return contentShort;
+  }
+  getContentShort() {
+    if (!this.content) return "";
+    if (this.content.length < 400) return this.content;
+    let contentShort = this.content.substring(0, 400);
+    contentShort += "...";
+    return contentShort;
+  }
+  /**
+   * Returns a JSON-serializable representation of the article.
+   * This method is automatically called by JSON.stringify().
+   */
+  toJSON() {
+    // Return a plain object with the desired properties
+    const date = !isNaN(this.createdAt)
+      ? new Date(this.createdAt).toISOString()
+      : new Date().toISOString();
+    return {
+      id: this.id,
+      title: this.title,
+      content: this.content,
+      createdAt: date,
+      image: this.image,
+    };
+  }
+  /**
+   * Returns a JSON-serializable representation of the article.
+   * This method is automatically called by JSON.stringify().
+   */
+  json() {
+    return this.toJSON();
+  }
+  getFormattedDate() {
+    const date = new Date(this.createdAt);
+    const year = date.getFullYear();
+    const month = String(date.getMonth() + 1).padStart(2, "0");
+    const day = String(date.getDate()).padStart(2, "0");
+    const hours = String(date.getHours()).padStart(2, "0");
+    const minutes = String(date.getMinutes()).padStart(2, "0");
+    return `${year}/${month}/${day} ${hours}:${minutes}`;
+  }
+  toHTML(loggedin = false) {
+    if (this.content == null) return "";
+    const moreButton = this.content.length > 400 ? `<a href="#">more</a>` : "";
+    const buttons = loggedin // prettier-ignore
+      ? `<div class="buttons"><div id="editButton${this.id}" class="btn edit" role="button" tabindex="0" data-action="edit" data-id="${this.id}">edit</div><div id="deleteButton${this.id}" class="btn delete" role="button" tabindex="0" data-action="delete" data-id="${this.id}">delete</div><div id="somethingelseButton${this.id}" class="btn light invisible">something else</div></div>`
+      : "";
+    const imageHtml = this.image
+      ? `<img src="${this.image}" alt="${this.title}" style="max-width: 100%;">`
+      : "";
+    // prettier-ignore
+    return `<article data-id="${this.id}" data-date="${this.createdAt}">
+    ${buttons}
+        <h2>${this.title}</h2>
+        <span class="datetime">${this.getFormattedDate()}</span>
+        ${imageHtml}
+        <p>${this.getContentShort()}</p>
+        <div class="full-content" style="display: none;">${this.content}</div>
+        ${moreButton}
       </article>`;
-    }
+  }
 }

package/AssetManager.js

@@ -34,20 +34,28 @@ export default class AssetManager {
 
   async init() {
     debug("init");
-    const srcScriptPath = path.join(__dirname, "src", "fetchData.js");
+    const srcScriptPaths = [
+      path.join(__dirname, "src", "fetchData.js"),
+      path.join(__dirname, "src", "timeline.js"),
+      path.join(__dirname, "src", "compress.js"),
+    ];
     await Promise.all([
       this.processStyles(),
-      this.processScripts(srcScriptPath),
+      this.processScripts(srcScriptPaths),
     ]);
     debug("init finished");
   }
 
   async reload() {
     debug("reload");
-    const srcScriptPath = path.join(__dirname, "src", "fetchData.js");
+    const srcScriptPaths = [
+      path.join(__dirname, "src", "fetchData.js"),
+      path.join(__dirname, "src", "timeline.js"),
+      path.join(__dirname, "src", "compress.js"),
+    ];
     await Promise.all([
       this.processStyles(),
-      this.processScripts(srcScriptPath),
+      this.processScripts(srcScriptPaths),
     ]);
   }
 

package/Auth.js

@@ -1,26 +1,76 @@
 import { URLSearchParams } from "url";
 import crypto from "node:crypto";
+import { Buffer } from "node:buffer";
 import { createDebug } from "./debug-loader.js";
 import { debug_perf } from "./debug-loader.js";
 
 const debug = createDebug("plainblog:Auth");
 
 export default class Auth {
-  constructor(sessions, password) {
-    this.sessions = sessions;
+  constructor(secret, password) {
+    this.secret = secret;
     this.password = password;
   }
 
+  #sign(payload) {
+    const data = Buffer.from(JSON.stringify(payload)).toString("base64url");
+    const signature = crypto
+      .createHmac("sha256", this.secret)
+      .update(data)
+      .digest("base64url");
+    return `${data}.${signature}`;
+  }
+
+  #verify(token) {
+    if (!token) return false;
+    const parts = token.split(".");
+    if (parts.length !== 2) return false;
+    const [data, signature] = parts;
+
+    const expectedSignature = crypto
+      .createHmac("sha256", this.secret)
+      .update(data)
+      .digest("base64url");
+
+    if (signature.length !== expectedSignature.length) return false;
+    if (
+      !crypto.timingSafeEqual(
+        Buffer.from(signature),
+        Buffer.from(expectedSignature),
+      )
+    )
+      return false;
+
+    try {
+      const payload = JSON.parse(Buffer.from(data, "base64url").toString());
+      if (payload.exp < Date.now()) return false;
+      return true;
+    } catch (e) {
+      return false;
+    }
+  }
+
   isAuthenticated(req) {
     const time_start = performance.now();
-    if (!req.headers.cookie) {
-      const time_end = performance.now();
-      const duration = time_end - time_start;
-      debug_perf("isAuthenticated", duration);
-      return false;
+    let token = null;
+
+    // 1. Check Authorization Header (Bearer) for REST clients
+    if (
+      req.headers.authorization &&
+      req.headers.authorization.startsWith("Bearer ")
+    ) {
+      token = req.headers.authorization.substring(7);
     }
-    const match = req.headers.cookie.match(/(?:^|;\s*)session=([^;]*)/);
-    const result = match ? this.sessions.has(match[1]) : false;
+    // 2. Check Cookie for Browser
+    else if (req.headers.cookie) {
+      const match = req.headers.cookie.match(/(?:^|;\s*)session=([^;]*)/);
+      if (match) {
+        token = match[1];
+      }
+    }
+
+    const result = this.#verify(token);
+
     const time_end = performance.now();
     const duration = time_end - time_start;
     debug_perf("isAuthenticated", duration);
@@ -31,27 +81,43 @@ export default class Auth {
     debug("handle login request");
     try {
       const body = await readBody(req, timeout, maxSize);
-      const params = new URLSearchParams(body);
-      const receivedPassword = params.get("password");
+      let receivedPassword = null;
+
+      // 1. Support JSON body for API clients (Angular)
+      if (req.headers["content-type"] === "application/json") {
+        try {
+          const json = JSON.parse(body);
+          receivedPassword = json.password;
+        } catch (e) {}
+      } else {
+        const params = new URLSearchParams(body);
+        receivedPassword = params.get("password");
+      }
 
       if (receivedPassword === this.password) {
-        const id = crypto.randomUUID();
-        this.sessions.add(id);
-        // Limit session count to prevent memory exhaustion
-        if (this.sessions.size > 10000) {
-          debug("Warning: too many sessions, clearing oldest");
-          const sessionsArray = Array.from(this.sessions);
-          for (let i = 0; i < 1000; i++) {
-            this.sessions.delete(sessionsArray[i]);
-          }
-        }
+        const payload = {
+          role: "admin",
+          exp: Date.now() + 24 * 60 * 60 * 1000, // 24 hours
+        };
+        const token = this.#sign(payload);
+
         if (!res.headersSent) {
-          res.writeHead(303, {
-            "Set-Cookie": `session=${id}; Path=/; SameSite=Lax`,
-            "X-Session-ID": id,
-            Location: "/",
-          });
-          res.end();
+          // 2. If client accepts JSON, return token in body (RESTful)
+          if (req.headers["accept"] === "application/json") {
+            res.writeHead(200, {
+              "Content-Type": "application/json",
+              "Set-Cookie": `session=${token}; Path=/; SameSite=Lax; HttpOnly`,
+            });
+            res.end(JSON.stringify({ token }));
+          } else {
+            // 3. Default Browser Redirect
+            res.writeHead(303, {
+              "Set-Cookie": `session=${token}; Path=/; SameSite=Lax; HttpOnly`,
+              "X-Session-ID": token,
+              Location: "/",
+            });
+            res.end();
+          }
         }
       } else {
         if (!res.headersSent) {
@@ -79,15 +145,6 @@ export default class Auth {
   }
 
   handleLogout(req, res) {
-    if (req.headers.cookie) {
-      const params = new URLSearchParams(
-        req.headers.cookie.replace(/; /g, "&"),
-      );
-      const sessionId = params.get("session");
-      if (this.sessions.has(sessionId)) {
-        this.sessions.delete(sessionId);
-      }
-    }
     res.writeHead(303, {
       "Set-Cookie": "session=; HttpOnly; Path=/; Max-Age=0",
       Location: "/",