@notionx/core 0.1.0

package/dist/internal/admin/index.js

@@ -0,0 +1,365 @@
+// src/internal/admin/settings.ts
+import { cache } from "react";
+
+// src/util/env.ts
+import { env } from "cloudflare:workers";
+var workerEnv = env;
+
+// src/platform/runtime.ts
+function cacheRequestForKey(key) {
+  return new Request(key, { method: "GET" });
+}
+function createCloudflarePublicCacheAdapter(cache2) {
+  return {
+    kind: "cloudflare-cache",
+    async match(key) {
+      return await cache2.match(cacheRequestForKey(key)) ?? null;
+    },
+    put(key, response) {
+      return cache2.put(cacheRequestForKey(key), response);
+    },
+    delete(key) {
+      return cache2.delete(cacheRequestForKey(key));
+    }
+  };
+}
+function createCloudflareKeyValueCacheAdapter(namespace) {
+  return {
+    kind: "workers-kv",
+    async get(key, options) {
+      return await namespace.get(key, {
+        type: "json",
+        cacheTtl: options?.cacheTtl
+      });
+    },
+    async put(key, value, options) {
+      await namespace.put(key, JSON.stringify(value), {
+        expirationTtl: options?.expirationTtl,
+        metadata: options?.metadata
+      });
+    },
+    delete(key) {
+      return namespace.delete(key);
+    },
+    async list(options) {
+      const result = await namespace.list({
+        prefix: options?.prefix,
+        limit: options?.limit,
+        cursor: options?.cursor
+      });
+      return {
+        keys: result.keys.map((key) => ({ name: key.name })),
+        cursor: result.list_complete ? void 0 : result.cursor,
+        listComplete: result.list_complete
+      };
+    }
+  };
+}
+function r2ObjectToStoredObject(object) {
+  return {
+    body: object.body,
+    size: object.size,
+    etag: object.etag,
+    contentType: object.httpMetadata?.contentType
+  };
+}
+function createCloudflareRuntimePlatform(env2, options) {
+  const database = env2.DB ? {
+    kind: "d1",
+    prepare(query) {
+      return env2.DB.prepare(query);
+    },
+    async batch(statements) {
+      return await env2.DB.batch(
+        statements
+      );
+    }
+  } : null;
+  const objectStorage = env2.ASSETS_BUCKET ? {
+    kind: "r2",
+    async get(key) {
+      const object = await env2.ASSETS_BUCKET?.get(key);
+      return object ? r2ObjectToStoredObject(object) : null;
+    },
+    async put(key, value, options2) {
+      await env2.ASSETS_BUCKET?.put(key, value, {
+        httpMetadata: {
+          contentType: options2?.contentType,
+          cacheControl: options2?.cacheControl
+        },
+        customMetadata: options2?.metadata
+      });
+    },
+    async delete(key) {
+      await env2.ASSETS_BUCKET?.delete(key);
+    },
+    async list(options2) {
+      const listed = await env2.ASSETS_BUCKET?.list({
+        prefix: options2?.prefix,
+        limit: options2?.limit
+      });
+      return listed?.objects.map((object) => ({
+        key: object.key,
+        size: object.size,
+        uploaded: object.uploaded
+      })) ?? [];
+    }
+  } : null;
+  const imageTransformer = env2.IMAGES ? {
+    kind: "cloudflare-images",
+    async transform(body, options2) {
+      const result = await env2.IMAGES.input(body).transform(options2.width ? { width: options2.width } : {}).output({
+        format: options2.format,
+        quality: options2.quality
+      });
+      return {
+        body: result.image(),
+        contentType: result.contentType(),
+        response: () => result.response()
+      };
+    }
+  } : null;
+  const keyValueCache = env2.CONTENT_CACHE ? createCloudflareKeyValueCacheAdapter(env2.CONTENT_CACHE) : null;
+  return {
+    id: "cloudflare-workers",
+    database,
+    objectStorage,
+    imageTransformer,
+    keyValueCache,
+    publicCache: options?.publicCache ? createCloudflarePublicCacheAdapter(options.publicCache) : null
+  };
+}
+
+// src/platform/cloudflare-runtime.ts
+function getDefaultCloudflareCache() {
+  const globalWithCaches = globalThis;
+  return globalWithCaches.caches?.default ?? null;
+}
+function getRuntimePlatform() {
+  return createCloudflareRuntimePlatform(workerEnv, {
+    publicCache: getDefaultCloudflareCache()
+  });
+}
+
+// src/platform/current.ts
+function getRuntimePlatform2() {
+  return getRuntimePlatform();
+}
+function getDatabase() {
+  const platform = getRuntimePlatform2();
+  const database = platform.database;
+  if (!database) {
+    throw new Error(`SQL database adapter not configured for ${platform.id}`);
+  }
+  return database;
+}
+
+// src/internal/admin/schema-guard.ts
+var REQUIRED_SCHEMA_CHECKS = [
+  {
+    key: "app_settings.turnstile_enabled",
+    sql: "SELECT turnstile_enabled FROM app_settings LIMIT 1"
+  },
+  {
+    key: "users.session_rev",
+    sql: "SELECT session_rev FROM users LIMIT 1"
+  },
+  {
+    key: "auth_rate_limits",
+    sql: "SELECT 1 FROM auth_rate_limits LIMIT 1"
+  }
+];
+var DEFAULT_TURNSTILE_PUBLIC_CONFIG = {
+  enabled: false,
+  siteKey: null,
+  secretConfigured: false
+};
+function isSchemaDriftError(error) {
+  const message = error instanceof Error ? error.message : String(error ?? "");
+  return message.includes("no such column") || message.includes("no such table");
+}
+function buildTurnstilePublicConfig(settings, envLike) {
+  const envSiteKey = envLike.TURNSTILE_SITE_KEY?.trim() || null;
+  const siteKey = settings.turnstile_site_key?.trim() || envSiteKey || null;
+  const secretConfigured = Boolean(envLike.TURNSTILE_SECRET_KEY?.trim());
+  const enabled = (settings.turnstile_enabled === 1 || Boolean(envSiteKey)) && Boolean(siteKey) && secretConfigured;
+  return {
+    enabled,
+    siteKey,
+    secretConfigured
+  };
+}
+async function runSchemaHealthChecks(db) {
+  const missing = [];
+  const errors = [];
+  for (const check of REQUIRED_SCHEMA_CHECKS) {
+    try {
+      await db.prepare(check.sql).first();
+    } catch (error) {
+      if (isSchemaDriftError(error)) {
+        missing.push(check.key);
+      } else {
+        const message = error instanceof Error ? error.message : String(error);
+        errors.push(`${check.key}: ${message}`);
+      }
+    }
+  }
+  return {
+    ok: missing.length === 0 && errors.length === 0,
+    missing,
+    errors
+  };
+}
+
+// src/internal/admin/settings.ts
+var DEFAULT_ADMIN_EMAIL = "zhaofilms@gmail.com";
+function rowToSettings(r) {
+  return {
+    site_title: r.site_title,
+    google_enabled: r.google_enabled === 1 ? 1 : 0,
+    google_client_id: r.google_client_id,
+    google_client_secret: r.google_client_secret,
+    google_updated_at: r.google_updated_at,
+    turnstile_enabled: r.turnstile_enabled === 1 ? 1 : 0,
+    turnstile_site_key: r.turnstile_site_key,
+    turnstile_updated_at: r.turnstile_updated_at,
+    admin_email: r.admin_email,
+    updated_at: r.updated_at
+  };
+}
+var getAppSettingsCached = cache(async () => {
+  const row = await getDatabase().prepare(
+    `SELECT site_title, google_enabled, google_client_id, google_client_secret,
+            google_updated_at, turnstile_enabled, turnstile_site_key,
+            turnstile_updated_at, admin_email, updated_at
+       FROM app_settings WHERE id = 1`
+  ).first();
+  if (!row) {
+    return {
+      site_title: "vinext Blog",
+      google_enabled: 0,
+      google_client_id: null,
+      google_client_secret: null,
+      google_updated_at: null,
+      turnstile_enabled: 0,
+      turnstile_site_key: null,
+      turnstile_updated_at: null,
+      admin_email: DEFAULT_ADMIN_EMAIL,
+      updated_at: ""
+    };
+  }
+  return rowToSettings(row);
+});
+async function getAppSettings() {
+  return getAppSettingsCached();
+}
+async function getTurnstilePublicConfig() {
+  try {
+    const s = await getAppSettings();
+    return buildTurnstilePublicConfig(s, workerEnv);
+  } catch (error) {
+    if (isSchemaDriftError(error)) {
+      console.error(
+        "[settings] turnstile config unavailable due to schema drift; falling back to disabled state",
+        error
+      );
+      return { ...DEFAULT_TURNSTILE_PUBLIC_CONFIG };
+    }
+    throw error;
+  }
+}
+async function updateTurnstileConfig(input) {
+  const enabled = input.enabled ? 1 : 0;
+  await getDatabase().prepare(
+    `UPDATE app_settings
+        SET turnstile_enabled = ?,
+            turnstile_site_key = ?,
+            turnstile_updated_at = datetime('now'),
+            updated_at = datetime('now')
+      WHERE id = 1`
+  ).bind(enabled, input.siteKey || null).run();
+}
+async function disableTurnstileConfig() {
+  await getDatabase().prepare(
+    `UPDATE app_settings
+        SET turnstile_enabled = 0,
+            turnstile_updated_at = datetime('now'),
+            updated_at = datetime('now')
+      WHERE id = 1`
+  ).run();
+}
+async function getGoogleOAuthConfig() {
+  const s = await getAppSettings();
+  if (!s.google_enabled) return null;
+  if (!s.google_client_id || !s.google_client_secret) return null;
+  return {
+    enabled: true,
+    clientId: s.google_client_id,
+    clientSecret: s.google_client_secret
+  };
+}
+async function updateGoogleOAuthConfig(input) {
+  const enabled = input.enabled ? 1 : 0;
+  await getDatabase().prepare(
+    `UPDATE app_settings
+        SET google_enabled = ?,
+            google_client_id = ?,
+            google_client_secret = ?,
+            google_updated_at = datetime('now'),
+            updated_at = datetime('now')
+      WHERE id = 1`
+  ).bind(enabled, input.clientId, input.clientSecret).run();
+}
+async function clearGoogleOAuthConfig() {
+  await getDatabase().prepare(
+    `UPDATE app_settings
+        SET google_enabled = 0,
+            google_client_id = NULL,
+            google_client_secret = NULL,
+            google_updated_at = datetime('now'),
+            updated_at = datetime('now')
+      WHERE id = 1`
+  ).run();
+}
+async function updateSiteTitle(title) {
+  await getDatabase().prepare(
+    `UPDATE app_settings SET site_title = ?, updated_at = datetime('now') WHERE id = 1`
+  ).bind(title).run();
+}
+
+// src/internal/admin/admin.ts
+var DEFAULT_ADMIN_EMAIL2 = "zhaofilms@gmail.com";
+function normalizeEmail(email) {
+  return email.trim().toLowerCase();
+}
+async function isAdminEmail(email) {
+  if (!email) return false;
+  const settings = await getAppSettings();
+  return normalizeEmail(email) === normalizeEmail(settings.admin_email);
+}
+async function ensureAdminUser(email) {
+  const normalized = normalizeEmail(email);
+  if (!await isAdminEmail(normalized)) return;
+  await getDatabase().prepare(
+    `UPDATE users SET role = 'admin' WHERE email = ?`
+  ).bind(normalized).run();
+}
+export {
+  DEFAULT_ADMIN_EMAIL2 as DEFAULT_ADMIN_EMAIL,
+  DEFAULT_TURNSTILE_PUBLIC_CONFIG,
+  buildTurnstilePublicConfig,
+  clearGoogleOAuthConfig,
+  disableTurnstileConfig,
+  ensureAdminUser,
+  getAppSettings,
+  getGoogleOAuthConfig,
+  getTurnstilePublicConfig,
+  isAdminEmail,
+  isSchemaDriftError,
+  normalizeEmail,
+  runSchemaHealthChecks,
+  updateGoogleOAuthConfig,
+  updateSiteTitle,
+  updateTurnstileConfig
+};
+//# sourceMappingURL=index.js.map

package/dist/internal/admin/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/internal/admin/settings.ts","../../../src/util/env.ts","../../../src/platform/runtime.ts","../../../src/platform/cloudflare-runtime.ts","../../../src/platform/current.ts","../../../src/internal/admin/schema-guard.ts","../../../src/internal/admin/admin.ts"],"sourcesContent":["// lib/settings.ts - 读取和更新后台系统设置（单管理员模型）\n// 数据保存在 SQL 表 app_settings，目前固定为 1 行。\n//\n// Internal to the package — not exposed via package.json exports. The\n// auth helpers (turnstile.ts, users.ts) call into the read functions;\n// admin pages in the starter import the update functions through a\n// re-export shim at `apps/moviebluebook/lib/settings.ts`.\n\nimport { cache } from \"react\";\nimport { workerEnv } from \"../../util/env\";\nimport { getDatabase } from \"../../platform/current\";\nimport {\n  buildTurnstilePublicConfig,\n  DEFAULT_TURNSTILE_PUBLIC_CONFIG,\n  isSchemaDriftError,\n} from \"./schema-guard\";\n\nexport type AppSettings = {\n  site_title: string;\n  google_enabled: 0 | 1;\n  google_client_id: string | null;\n  google_client_secret: string | null;\n  google_updated_at: string | null;\n  turnstile_enabled: 0 | 1;\n  turnstile_site_key: string | null;\n  turnstile_updated_at: string | null;\n  admin_email: string;\n  updated_at: string;\n};\n\ntype Row = {\n  site_title: string;\n  google_enabled: number;\n  google_client_id: string | null;\n  google_client_secret: string | null;\n  google_updated_at: string | null;\n  turnstile_enabled: number;\n  turnstile_site_key: string | null;\n  turnstile_updated_at: string | null;\n  admin_email: string;\n  updated_at: string;\n};\n\nconst DEFAULT_ADMIN_EMAIL = \"zhaofilms@gmail.com\";\n\nfunction rowToSettings(r: Row): AppSettings {\n  return {\n    site_title: r.site_title,\n    google_enabled: r.google_enabled === 1 ? 1 : 0,\n    google_client_id: r.google_client_id,\n    google_client_secret: r.google_client_secret,\n    google_updated_at: r.google_updated_at,\n    turnstile_enabled: r.turnstile_enabled === 1 ? 1 : 0,\n    turnstile_site_key: r.turnstile_site_key,\n    turnstile_updated_at: r.turnstile_updated_at,\n    admin_email: r.admin_email,\n    updated_at: r.updated_at,\n  };\n}\n\nconst getAppSettingsCached = cache(async (): Promise<AppSettings> => {\n  const row = await getDatabase().prepare(\n    `SELECT site_title, google_enabled, google_client_id, google_client_secret,\n            google_updated_at, turnstile_enabled, turnstile_site_key,\n            turnstile_updated_at, admin_email, updated_at\n       FROM app_settings WHERE id = 1`\n  ).first<Row>();\n  if (!row) {\n    // 极端情况：迁移未执行\n    return {\n      site_title: \"vinext Blog\",\n      google_enabled: 0,\n      google_client_id: null,\n      google_client_secret: null,\n      google_updated_at: null,\n      turnstile_enabled: 0,\n      turnstile_site_key: null,\n      turnstile_updated_at: null,\n      admin_email: DEFAULT_ADMIN_EMAIL,\n      updated_at: \"\",\n    };\n  }\n  return rowToSettings(row);\n});\n\nexport async function getAppSettings(): Promise<AppSettings> {\n  return getAppSettingsCached();\n}\n\n/** Turnstile 前端可见配置（site key 公开；secret 在 env）。 */\nexport async function getTurnstilePublicConfig(): Promise<{\n  enabled: boolean;\n  siteKey: string | null;\n  secretConfigured: boolean;\n}> {\n  try {\n    const s = await getAppSettings();\n    return buildTurnstilePublicConfig(s, workerEnv);\n  } catch (error) {\n    if (isSchemaDriftError(error)) {\n      console.error(\n        \"[settings] turnstile config unavailable due to schema drift; falling back to disabled state\",\n        error\n      );\n      return { ...DEFAULT_TURNSTILE_PUBLIC_CONFIG };\n    }\n    throw error;\n  }\n}\n\nexport async function updateTurnstileConfig(input: {\n  enabled: boolean;\n  siteKey: string;\n}): Promise<void> {\n  const enabled = input.enabled ? 1 : 0;\n  await getDatabase().prepare(\n    `UPDATE app_settings\n        SET turnstile_enabled = ?,\n            turnstile_site_key = ?,\n            turnstile_updated_at = datetime('now'),\n            updated_at = datetime('now')\n      WHERE id = 1`\n  )\n    .bind(enabled, input.siteKey || null)\n    .run();\n}\n\nexport async function disableTurnstileConfig(): Promise<void> {\n  await getDatabase().prepare(\n    `UPDATE app_settings\n        SET turnstile_enabled = 0,\n            turnstile_updated_at = datetime('now'),\n            updated_at = datetime('now')\n      WHERE id = 1`\n  ).run();\n}\n\n/** Google 登录实际配置：只有 enabled 且 id+secret 都存在才认为可用 */\nexport async function getGoogleOAuthConfig(): Promise<{\n  enabled: boolean;\n  clientId: string;\n  clientSecret: string;\n} | null> {\n  const s = await getAppSettings();\n  if (!s.google_enabled) return null;\n  if (!s.google_client_id || !s.google_client_secret) return null;\n  return {\n    enabled: true,\n    clientId: s.google_client_id,\n    clientSecret: s.google_client_secret,\n  };\n}\n\nexport async function updateGoogleOAuthConfig(input: {\n  enabled: boolean;\n  clientId: string;\n  clientSecret: string;\n}): Promise<void> {\n  const enabled = input.enabled ? 1 : 0;\n  await getDatabase().prepare(\n    `UPDATE app_settings\n        SET google_enabled = ?,\n            google_client_id = ?,\n            google_client_secret = ?,\n            google_updated_at = datetime('now'),\n            updated_at = datetime('now')\n      WHERE id = 1`\n  )\n    .bind(enabled, input.clientId, input.clientSecret)\n    .run();\n}\n\nexport async function clearGoogleOAuthConfig(): Promise<void> {\n  await getDatabase().prepare(\n    `UPDATE app_settings\n        SET google_enabled = 0,\n            google_client_id = NULL,\n            google_client_secret = NULL,\n            google_updated_at = datetime('now'),\n            updated_at = datetime('now')\n      WHERE id = 1`\n  ).run();\n}\n\nexport async function updateSiteTitle(title: string): Promise<void> {\n  await getDatabase().prepare(\n    `UPDATE app_settings SET site_title = ?, updated_at = datetime('now') WHERE id = 1`\n  )\n    .bind(title)\n    .run();\n}\n","// lib/env.ts - 集中获取 Cloudflare bindings\n// 用 cloudflare:workers 模块（workerd 内置），作为平台 adapter 的绑定入口\n\n/// <reference types=\"@cloudflare/workers-types\" />\nimport { env } from \"cloudflare:workers\";\n\nexport type AppEnv = {\n  DB: D1Database;\n  ASSETS: Fetcher;\n  IMAGES: ImagesBinding;\n  ASSETS_BUCKET?: R2Bucket;\n  CONTENT_CACHE?: KVNamespace;\n  ADMIN_PASSWORD: string;\n  ADMIN_EMAIL?: string;\n  SITE_URL?: string;\n  RESEND_API_KEY?: string;\n  RESEND_FROM?: string;\n  // Google OAuth 仍然兼容 Cloudflare Secret 作为兜底。\n  // 实际生效值以 app_settings.google_client_id / google_client_secret 为准。\n  GOOGLE_CLIENT_ID?: string;\n  GOOGLE_CLIENT_SECRET?: string;\n  /** Turnstile site key fallback when not stored in app_settings */\n  TURNSTILE_SITE_KEY?: string;\n  /** Turnstile secret — set via `wrangler secret put TURNSTILE_SECRET_KEY` */\n  TURNSTILE_SECRET_KEY?: string;\n  /** Notion integration token for the blog data source */\n  NOTION_TOKEN?: string;\n  /** Notion data source ID used by dataSources.query */\n  NOTION_DATA_SOURCE_ID?: string;\n  /** Notion data source ID for the public movie catalog */\n  NOTION_MOVIES_DATA_SOURCE_ID?: string;\n  /** Notion data source ID for localized movie copy */\n  NOTION_MOVIE_TRANSLATIONS_DATA_SOURCE_ID?: string;\n  /** Optional Notion API base URL for tests or proxies */\n  NOTION_API_BASE_URL?: string;\n  /** Optional Notion edit URL for admin handoff screens */\n  NOTION_EDIT_BASE_URL?: string;\n  /** Optional webhook verification token for Notion invalidation */\n  NOTION_WEBHOOK_VERIFICATION_TOKEN?: string;\n};\n\n// 强制类型：vinext 把 env 类型放在 env.d.ts（interface VinextEnv extends Env），\n// 但 TS server 经常解析不到。运行时一定有 DB，类型断言保证编译通过。\nexport const workerEnv = env as unknown as AppEnv;\n","import type { AppEnv } from \"../util/env\";\n\nexport type PlatformBindingEnv = Pick<\n  AppEnv,\n  \"ASSETS_BUCKET\" | \"CONTENT_CACHE\" | \"DB\" | \"IMAGES\"\n>;\n\nexport type StoredObject = {\n  body: ReadableStream;\n  size: number;\n  etag?: string;\n  contentType?: string;\n};\n\nexport type ObjectStoragePutOptions = {\n  contentType?: string;\n  cacheControl?: string;\n  metadata?: Record<string, string>;\n};\n\nexport type ObjectStorageListItem = {\n  key: string;\n  size: number;\n  uploaded: Date;\n};\n\nexport type ObjectStorageAdapter = {\n  kind: \"r2\";\n  get(key: string): Promise<StoredObject | null>;\n  put(\n    key: string,\n    value: ReadableStream | ArrayBuffer | ArrayBufferView | string | Blob,\n    options?: ObjectStoragePutOptions\n  ): Promise<void>;\n  delete(key: string): Promise<void>;\n  list(\n    options?: { prefix?: string; limit?: number }\n  ): Promise<ObjectStorageListItem[]>;\n};\n\nexport type ImageTransformOptions = {\n  width?: number;\n  format: \"image/avif\" | \"image/webp\";\n  quality: number;\n};\n\nexport type ImageTransformResult = {\n  body: ReadableStream;\n  contentType: string;\n  response(): Response;\n};\n\nexport type ImageTransformerAdapter = {\n  kind: \"cloudflare-images\" | \"external\";\n  transform(\n    body: ReadableStream,\n    options: ImageTransformOptions\n  ): Promise<ImageTransformResult>;\n};\n\nexport type PublicCacheAdapter = {\n  kind: \"cloudflare-cache\" | \"noop\" | \"external\";\n  match(key: string): Promise<Response | null>;\n  put(key: string, response: Response): Promise<void>;\n  delete(key: string): Promise<boolean>;\n};\n\nexport type KeyValueCacheGetOptions = {\n  cacheTtl?: number;\n};\n\nexport type KeyValueCachePutOptions = {\n  expirationTtl?: number;\n  metadata?: Record<string, string | number | boolean | null>;\n};\n\nexport type KeyValueCacheListOptions = {\n  prefix?: string;\n  limit?: number;\n  cursor?: string;\n};\n\nexport type KeyValueCacheListResult = {\n  keys: Array<{ name: string }>;\n  cursor?: string;\n  listComplete: boolean;\n};\n\nexport type KeyValueCacheAdapter = {\n  kind: \"workers-kv\" | \"noop\" | \"external\";\n  get<T = unknown>(\n    key: string,\n    options?: KeyValueCacheGetOptions\n  ): Promise<T | null>;\n  put<T = unknown>(\n    key: string,\n    value: T,\n    options?: KeyValueCachePutOptions\n  ): Promise<void>;\n  delete(key: string): Promise<void>;\n  list(options?: KeyValueCacheListOptions): Promise<KeyValueCacheListResult>;\n};\n\nexport type SqlValue = string | number | boolean | null;\n\nexport type SqlResult<T = Record<string, unknown>> = {\n  results?: T[];\n  success?: boolean;\n  meta?: {\n    changes?: number;\n    duration?: number;\n    last_row_id?: number;\n    rows_read?: number;\n    rows_written?: number;\n    [key: string]: unknown;\n  };\n};\n\nexport type SqlPreparedStatement = {\n  bind(...values: SqlValue[]): SqlPreparedStatement;\n  all<T = Record<string, unknown>>(): Promise<SqlResult<T>>;\n  first<T = Record<string, unknown>>(columnName?: string): Promise<T | null>;\n  run<T = Record<string, unknown>>(): Promise<SqlResult<T>>;\n};\n\nexport type SqlDatabaseAdapter = {\n  kind: \"d1\";\n  prepare(query: string): SqlPreparedStatement;\n  batch<T = Record<string, unknown>>(\n    statements: SqlPreparedStatement[]\n  ): Promise<SqlResult<T>[]>;\n};\n\nexport type RuntimePlatform = {\n  id: \"cloudflare-workers\";\n  database: SqlDatabaseAdapter | null;\n  objectStorage: ObjectStorageAdapter | null;\n  imageTransformer: ImageTransformerAdapter | null;\n  publicCache: PublicCacheAdapter | null;\n  keyValueCache: KeyValueCacheAdapter | null;\n};\n\ntype CloudflareCacheLike = Pick<Cache, \"match\" | \"put\" | \"delete\">;\ntype CloudflareKvLike = Pick<KVNamespace, \"get\" | \"put\" | \"delete\" | \"list\">;\n\nfunction cacheRequestForKey(key: string) {\n  return new Request(key, { method: \"GET\" });\n}\n\nexport function createCloudflarePublicCacheAdapter(\n  cache: CloudflareCacheLike\n): PublicCacheAdapter {\n  return {\n    kind: \"cloudflare-cache\",\n    async match(key) {\n      return (await cache.match(cacheRequestForKey(key))) ?? null;\n    },\n    put(key, response) {\n      return cache.put(cacheRequestForKey(key), response);\n    },\n    delete(key) {\n      return cache.delete(cacheRequestForKey(key));\n    },\n  };\n}\n\nexport function createNoopPublicCacheAdapter(kind: \"noop\" = \"noop\"): PublicCacheAdapter {\n  return {\n    kind,\n    async match() {\n      return null;\n    },\n    async put() {},\n    async delete() {\n      return false;\n    },\n  };\n}\n\nexport function createCloudflareKeyValueCacheAdapter(\n  namespace: CloudflareKvLike\n): KeyValueCacheAdapter {\n  return {\n    kind: \"workers-kv\",\n    async get<T = unknown>(\n      key: string,\n      options?: KeyValueCacheGetOptions\n    ): Promise<T | null> {\n      return (await namespace.get(key, {\n        type: \"json\",\n        cacheTtl: options?.cacheTtl,\n      })) as T | null;\n    },\n    async put(key, value, options) {\n      await namespace.put(key, JSON.stringify(value), {\n        expirationTtl: options?.expirationTtl,\n        metadata: options?.metadata,\n      });\n    },\n    delete(key) {\n      return namespace.delete(key);\n    },\n    async list(options) {\n      const result = await namespace.list({\n        prefix: options?.prefix,\n        limit: options?.limit,\n        cursor: options?.cursor,\n      });\n      return {\n        keys: result.keys.map((key) => ({ name: key.name })),\n        cursor: result.list_complete ? undefined : result.cursor,\n        listComplete: result.list_complete,\n      };\n    },\n  };\n}\n\nexport function createNoopKeyValueCacheAdapter(\n  kind: \"noop\" = \"noop\"\n): KeyValueCacheAdapter {\n  return {\n    kind,\n    async get() {\n      return null;\n    },\n    async put() {},\n    async delete() {},\n    async list() {\n      return { keys: [], listComplete: true };\n    },\n  };\n}\n\nfunction r2ObjectToStoredObject(object: R2ObjectBody): StoredObject {\n  return {\n    body: object.body,\n    size: object.size,\n    etag: object.etag,\n    contentType: object.httpMetadata?.contentType,\n  };\n}\n\nexport function createCloudflareRuntimePlatform(\n  env: PlatformBindingEnv,\n  options?: { publicCache?: CloudflareCacheLike | null }\n): RuntimePlatform {\n  const database: SqlDatabaseAdapter | null = env.DB\n    ? ({\n        kind: \"d1\",\n        prepare(query: string) {\n          return env.DB.prepare(query) as unknown as SqlPreparedStatement;\n        },\n        async batch(statements: SqlPreparedStatement[]) {\n          return (await env.DB.batch(\n            statements as unknown as D1PreparedStatement[]\n          )) as unknown as SqlResult<Record<string, unknown>>[];\n        },\n      } as unknown as SqlDatabaseAdapter)\n    : null;\n\n  const objectStorage: ObjectStorageAdapter | null = env.ASSETS_BUCKET\n    ? {\n        kind: \"r2\",\n        async get(key) {\n          const object = await env.ASSETS_BUCKET?.get(key);\n          return object ? r2ObjectToStoredObject(object) : null;\n        },\n        async put(key, value, options) {\n          await env.ASSETS_BUCKET?.put(key, value, {\n            httpMetadata: {\n              contentType: options?.contentType,\n              cacheControl: options?.cacheControl,\n            },\n            customMetadata: options?.metadata,\n          });\n        },\n        async delete(key) {\n          await env.ASSETS_BUCKET?.delete(key);\n        },\n        async list(options) {\n          const listed = await env.ASSETS_BUCKET?.list({\n            prefix: options?.prefix,\n            limit: options?.limit,\n          });\n          return (\n            listed?.objects.map((object) => ({\n              key: object.key,\n              size: object.size,\n              uploaded: object.uploaded,\n            })) ?? []\n          );\n        },\n      }\n    : null;\n\n  const imageTransformer: ImageTransformerAdapter | null = env.IMAGES\n    ? {\n        kind: \"cloudflare-images\",\n        async transform(body, options) {\n          const result = await env.IMAGES.input(body)\n            .transform(options.width ? { width: options.width } : {})\n            .output({\n              format: options.format,\n              quality: options.quality,\n            });\n          return {\n            body: result.image(),\n            contentType: result.contentType(),\n            response: () => result.response(),\n          };\n        },\n      }\n    : null;\n\n  const keyValueCache: KeyValueCacheAdapter | null = env.CONTENT_CACHE\n    ? createCloudflareKeyValueCacheAdapter(env.CONTENT_CACHE)\n    : null;\n\n  return {\n    id: \"cloudflare-workers\",\n    database,\n    objectStorage,\n    imageTransformer,\n    keyValueCache,\n    publicCache: options?.publicCache\n      ? createCloudflarePublicCacheAdapter(options.publicCache)\n      : null,\n  };\n}\n","import { workerEnv } from \"../util/env\";\nimport {\n  createCloudflarePublicCacheAdapter,\n  createCloudflareRuntimePlatform,\n} from \"./runtime\";\n\nfunction getDefaultCloudflareCache() {\n  const globalWithCaches = globalThis as typeof globalThis & {\n    caches?: CacheStorage & { default?: Cache };\n  };\n  return globalWithCaches.caches?.default ?? null;\n}\n\nexport function getRuntimePlatform() {\n  return createCloudflareRuntimePlatform(workerEnv, {\n    publicCache: getDefaultCloudflareCache(),\n  });\n}\n\nexport function getDatabase() {\n  const database = getRuntimePlatform().database;\n  if (!database) {\n    throw new Error(\"SQL database binding not configured\");\n  }\n  return database;\n}\n\nexport function getPublicCache() {\n  const cache = getDefaultCloudflareCache();\n  if (!cache) {\n    throw new Error(\"Cloudflare cache binding not configured\");\n  }\n  return createCloudflarePublicCacheAdapter(cache);\n}\n","import {\n  getPublicCache as getCloudflarePublicCache,\n  getRuntimePlatform as getCloudflareRuntimePlatform,\n} from \"./cloudflare-runtime\";\nimport { currentRuntimeId } from \"./selection\";\n\nexport function getRuntimePlatform() {\n  return getCloudflareRuntimePlatform();\n}\n\nexport function getDatabase() {\n  const platform = getRuntimePlatform();\n  const database = platform.database;\n  if (!database) {\n    throw new Error(`SQL database adapter not configured for ${platform.id}`);\n  }\n  return database;\n}\n\nexport function getPublicCache() {\n  return getCloudflarePublicCache();\n}\n\nexport function getKeyValueCache() {\n  return getRuntimePlatform().keyValueCache;\n}\n\nexport const runtimeSelection = {\n  currentRuntimeId,\n};\n","export const REQUIRED_SCHEMA_CHECKS = [\n  {\n    key: \"app_settings.turnstile_enabled\",\n    sql: \"SELECT turnstile_enabled FROM app_settings LIMIT 1\",\n  },\n  {\n    key: \"users.session_rev\",\n    sql: \"SELECT session_rev FROM users LIMIT 1\",\n  },\n  {\n    key: \"auth_rate_limits\",\n    sql: \"SELECT 1 FROM auth_rate_limits LIMIT 1\",\n  },\n];\n\nexport const DEFAULT_TURNSTILE_PUBLIC_CONFIG = {\n  enabled: false,\n  siteKey: null,\n  secretConfigured: false,\n};\n\nexport function isSchemaDriftError(error: unknown): boolean {\n  const message = error instanceof Error ? error.message : String(error ?? \"\");\n  return (\n    message.includes(\"no such column\") || message.includes(\"no such table\")\n  );\n}\n\nexport function buildTurnstilePublicConfig(\n  settings: { turnstile_enabled: number; turnstile_site_key: string | null },\n  envLike: { TURNSTILE_SITE_KEY?: string; TURNSTILE_SECRET_KEY?: string }\n): { enabled: boolean; siteKey: string | null; secretConfigured: boolean } {\n  const envSiteKey = envLike.TURNSTILE_SITE_KEY?.trim() || null;\n  const siteKey = settings.turnstile_site_key?.trim() || envSiteKey || null;\n  const secretConfigured = Boolean(envLike.TURNSTILE_SECRET_KEY?.trim());\n  const enabled =\n    (settings.turnstile_enabled === 1 || Boolean(envSiteKey)) &&\n    Boolean(siteKey) &&\n    secretConfigured;\n\n  return {\n    enabled,\n    siteKey,\n    secretConfigured,\n  };\n}\n\nexport async function runSchemaHealthChecks(db: {\n  prepare: (sql: string) => { first: () => Promise<unknown> };\n}): Promise<{ ok: boolean; missing: string[]; errors: string[] }> {\n  const missing: string[] = [];\n  const errors: string[] = [];\n\n  for (const check of REQUIRED_SCHEMA_CHECKS) {\n    try {\n      await db.prepare(check.sql).first();\n    } catch (error) {\n      if (isSchemaDriftError(error)) {\n        missing.push(check.key);\n      } else {\n        const message = error instanceof Error ? error.message : String(error);\n        errors.push(`${check.key}: ${message}`);\n      }\n    }\n  }\n\n  return {\n    ok: missing.length === 0 && errors.length === 0,\n    missing,\n    errors,\n  };\n}\n","// lib/admin.ts - 单管理员身份识别\n// 设计：固定 admin_email = app_settings.admin_email（默认 zhaofilms@gmail.com）\n// 任何登录方式下，邮箱匹配即视为管理员。\n//\n// Internal to the package — not exposed via package.json exports.\n// The auth helpers (users.ts) call `isAdminEmail` to decide whether a\n// newly registered user gets the `admin` role. The starter still\n// re-exports this through `apps/moviebluebook/lib/admin.ts` for backward\n// compatibility with its own admin pages and tests.\n\nimport { getAppSettings } from \"./settings\";\nimport { getDatabase } from \"../../platform/current\";\n\nexport const DEFAULT_ADMIN_EMAIL = \"zhaofilms@gmail.com\";\n\nexport function normalizeEmail(email: string): string {\n  return email.trim().toLowerCase();\n}\n\nexport async function isAdminEmail(email: string): Promise<boolean> {\n  if (!email) return false;\n  const settings = await getAppSettings();\n  return normalizeEmail(email) === normalizeEmail(settings.admin_email);\n}\n\n/**\n * 提升某邮箱为管理员（仅在系统启动时、且匹配 admin_email 时调用）。\n * 实际上是把 users.role 置为 'admin'，并清空其它冲突状态。\n */\nexport async function ensureAdminUser(email: string): Promise<void> {\n  const normalized = normalizeEmail(email);\n  if (!(await isAdminEmail(normalized))) return;\n  await getDatabase().prepare(\n    `UPDATE users SET role = 'admin' WHERE email = ?`\n  ).bind(normalized).run();\n}\n"],"mappings":";AAQA,SAAS,aAAa;;;ACJtB,SAAS,WAAW;AAuCb,IAAM,YAAY;;;ACsGzB,SAAS,mBAAmB,KAAa;AACvC,SAAO,IAAI,QAAQ,KAAK,EAAE,QAAQ,MAAM,CAAC;AAC3C;AAEO,SAAS,mCACdA,QACoB;AACpB,SAAO;AAAA,IACL,MAAM;AAAA,IACN,MAAM,MAAM,KAAK;AACf,aAAQ,MAAMA,OAAM,MAAM,mBAAmB,GAAG,CAAC,KAAM;AAAA,IACzD;AAAA,IACA,IAAI,KAAK,UAAU;AACjB,aAAOA,OAAM,IAAI,mBAAmB,GAAG,GAAG,QAAQ;AAAA,IACpD;AAAA,IACA,OAAO,KAAK;AACV,aAAOA,OAAM,OAAO,mBAAmB,GAAG,CAAC;AAAA,IAC7C;AAAA,EACF;AACF;AAeO,SAAS,qCACd,WACsB;AACtB,SAAO;AAAA,IACL,MAAM;AAAA,IACN,MAAM,IACJ,KACA,SACmB;AACnB,aAAQ,MAAM,UAAU,IAAI,KAAK;AAAA,QAC/B,MAAM;AAAA,QACN,UAAU,SAAS;AAAA,MACrB,CAAC;AAAA,IACH;AAAA,IACA,MAAM,IAAI,KAAK,OAAO,SAAS;AAC7B,YAAM,UAAU,IAAI,KAAK,KAAK,UAAU,KAAK,GAAG;AAAA,QAC9C,eAAe,SAAS;AAAA,QACxB,UAAU,SAAS;AAAA,MACrB,CAAC;AAAA,IACH;AAAA,IACA,OAAO,KAAK;AACV,aAAO,UAAU,OAAO,GAAG;AAAA,IAC7B;AAAA,IACA,MAAM,KAAK,SAAS;AAClB,YAAM,SAAS,MAAM,UAAU,KAAK;AAAA,QAClC,QAAQ,SAAS;AAAA,QACjB,OAAO,SAAS;AAAA,QAChB,QAAQ,SAAS;AAAA,MACnB,CAAC;AACD,aAAO;AAAA,QACL,MAAM,OAAO,KAAK,IAAI,CAAC,SAAS,EAAE,MAAM,IAAI,KAAK,EAAE;AAAA,QACnD,QAAQ,OAAO,gBAAgB,SAAY,OAAO;AAAA,QAClD,cAAc,OAAO;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;AAkBA,SAAS,uBAAuB,QAAoC;AAClE,SAAO;AAAA,IACL,MAAM,OAAO;AAAA,IACb,MAAM,OAAO;AAAA,IACb,MAAM,OAAO;AAAA,IACb,aAAa,OAAO,cAAc;AAAA,EACpC;AACF;AAEO,SAAS,gCACdC,MACA,SACiB;AACjB,QAAM,WAAsCA,KAAI,KAC3C;AAAA,IACC,MAAM;AAAA,IACN,QAAQ,OAAe;AACrB,aAAOA,KAAI,GAAG,QAAQ,KAAK;AAAA,IAC7B;AAAA,IACA,MAAM,MAAM,YAAoC;AAC9C,aAAQ,MAAMA,KAAI,GAAG;AAAA,QACnB;AAAA,MACF;AAAA,IACF;AAAA,EACF,IACA;AAEJ,QAAM,gBAA6CA,KAAI,gBACnD;AAAA,IACE,MAAM;AAAA,IACN,MAAM,IAAI,KAAK;AACb,YAAM,SAAS,MAAMA,KAAI,eAAe,IAAI,GAAG;AAC/C,aAAO,SAAS,uBAAuB,MAAM,IAAI;AAAA,IACnD;AAAA,IACA,MAAM,IAAI,KAAK,OAAOC,UAAS;AAC7B,YAAMD,KAAI,eAAe,IAAI,KAAK,OAAO;AAAA,QACvC,cAAc;AAAA,UACZ,aAAaC,UAAS;AAAA,UACtB,cAAcA,UAAS;AAAA,QACzB;AAAA,QACA,gBAAgBA,UAAS;AAAA,MAC3B,CAAC;AAAA,IACH;AAAA,IACA,MAAM,OAAO,KAAK;AAChB,YAAMD,KAAI,eAAe,OAAO,GAAG;AAAA,IACrC;AAAA,IACA,MAAM,KAAKC,UAAS;AAClB,YAAM,SAAS,MAAMD,KAAI,eAAe,KAAK;AAAA,QAC3C,QAAQC,UAAS;AAAA,QACjB,OAAOA,UAAS;AAAA,MAClB,CAAC;AACD,aACE,QAAQ,QAAQ,IAAI,CAAC,YAAY;AAAA,QAC/B,KAAK,OAAO;AAAA,QACZ,MAAM,OAAO;AAAA,QACb,UAAU,OAAO;AAAA,MACnB,EAAE,KAAK,CAAC;AAAA,IAEZ;AAAA,EACF,IACA;AAEJ,QAAM,mBAAmDD,KAAI,SACzD;AAAA,IACE,MAAM;AAAA,IACN,MAAM,UAAU,MAAMC,UAAS;AAC7B,YAAM,SAAS,MAAMD,KAAI,OAAO,MAAM,IAAI,EACvC,UAAUC,SAAQ,QAAQ,EAAE,OAAOA,SAAQ,MAAM,IAAI,CAAC,CAAC,EACvD,OAAO;AAAA,QACN,QAAQA,SAAQ;AAAA,QAChB,SAASA,SAAQ;AAAA,MACnB,CAAC;AACH,aAAO;AAAA,QACL,MAAM,OAAO,MAAM;AAAA,QACnB,aAAa,OAAO,YAAY;AAAA,QAChC,UAAU,MAAM,OAAO,SAAS;AAAA,MAClC;AAAA,IACF;AAAA,EACF,IACA;AAEJ,QAAM,gBAA6CD,KAAI,gBACnD,qCAAqCA,KAAI,aAAa,IACtD;AAEJ,SAAO;AAAA,IACL,IAAI;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,aAAa,SAAS,cAClB,mCAAmC,QAAQ,WAAW,IACtD;AAAA,EACN;AACF;;;AClUA,SAAS,4BAA4B;AACnC,QAAM,mBAAmB;AAGzB,SAAO,iBAAiB,QAAQ,WAAW;AAC7C;AAEO,SAAS,qBAAqB;AACnC,SAAO,gCAAgC,WAAW;AAAA,IAChD,aAAa,0BAA0B;AAAA,EACzC,CAAC;AACH;;;ACXO,SAASE,sBAAqB;AACnC,SAAO,mBAA6B;AACtC;AAEO,SAAS,cAAc;AAC5B,QAAM,WAAWA,oBAAmB;AACpC,QAAM,WAAW,SAAS;AAC1B,MAAI,CAAC,UAAU;AACb,UAAM,IAAI,MAAM,2CAA2C,SAAS,EAAE,EAAE;AAAA,EAC1E;AACA,SAAO;AACT;;;ACjBO,IAAM,yBAAyB;AAAA,EACpC;AAAA,IACE,KAAK;AAAA,IACL,KAAK;AAAA,EACP;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,KAAK;AAAA,EACP;AAAA,EACA;AAAA,IACE,KAAK;AAAA,IACL,KAAK;AAAA,EACP;AACF;AAEO,IAAM,kCAAkC;AAAA,EAC7C,SAAS;AAAA,EACT,SAAS;AAAA,EACT,kBAAkB;AACpB;AAEO,SAAS,mBAAmB,OAAyB;AAC1D,QAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,SAAS,EAAE;AAC3E,SACE,QAAQ,SAAS,gBAAgB,KAAK,QAAQ,SAAS,eAAe;AAE1E;AAEO,SAAS,2BACd,UACA,SACyE;AACzE,QAAM,aAAa,QAAQ,oBAAoB,KAAK,KAAK;AACzD,QAAM,UAAU,SAAS,oBAAoB,KAAK,KAAK,cAAc;AACrE,QAAM,mBAAmB,QAAQ,QAAQ,sBAAsB,KAAK,CAAC;AACrE,QAAM,WACH,SAAS,sBAAsB,KAAK,QAAQ,UAAU,MACvD,QAAQ,OAAO,KACf;AAEF,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEA,eAAsB,sBAAsB,IAEsB;AAChE,QAAM,UAAoB,CAAC;AAC3B,QAAM,SAAmB,CAAC;AAE1B,aAAW,SAAS,wBAAwB;AAC1C,QAAI;AACF,YAAM,GAAG,QAAQ,MAAM,GAAG,EAAE,MAAM;AAAA,IACpC,SAAS,OAAO;AACd,UAAI,mBAAmB,KAAK,GAAG;AAC7B,gBAAQ,KAAK,MAAM,GAAG;AAAA,MACxB,OAAO;AACL,cAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACrE,eAAO,KAAK,GAAG,MAAM,GAAG,KAAK,OAAO,EAAE;AAAA,MACxC;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,QAAQ,WAAW,KAAK,OAAO,WAAW;AAAA,IAC9C;AAAA,IACA;AAAA,EACF;AACF;;;AL5BA,IAAM,sBAAsB;AAE5B,SAAS,cAAc,GAAqB;AAC1C,SAAO;AAAA,IACL,YAAY,EAAE;AAAA,IACd,gBAAgB,EAAE,mBAAmB,IAAI,IAAI;AAAA,IAC7C,kBAAkB,EAAE;AAAA,IACpB,sBAAsB,EAAE;AAAA,IACxB,mBAAmB,EAAE;AAAA,IACrB,mBAAmB,EAAE,sBAAsB,IAAI,IAAI;AAAA,IACnD,oBAAoB,EAAE;AAAA,IACtB,sBAAsB,EAAE;AAAA,IACxB,aAAa,EAAE;AAAA,IACf,YAAY,EAAE;AAAA,EAChB;AACF;AAEA,IAAM,uBAAuB,MAAM,YAAkC;AACnE,QAAM,MAAM,MAAM,YAAY,EAAE;AAAA,IAC9B;AAAA;AAAA;AAAA;AAAA,EAIF,EAAE,MAAW;AACb,MAAI,CAAC,KAAK;AAER,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,gBAAgB;AAAA,MAChB,kBAAkB;AAAA,MAClB,sBAAsB;AAAA,MACtB,mBAAmB;AAAA,MACnB,mBAAmB;AAAA,MACnB,oBAAoB;AAAA,MACpB,sBAAsB;AAAA,MACtB,aAAa;AAAA,MACb,YAAY;AAAA,IACd;AAAA,EACF;AACA,SAAO,cAAc,GAAG;AAC1B,CAAC;AAED,eAAsB,iBAAuC;AAC3D,SAAO,qBAAqB;AAC9B;AAGA,eAAsB,2BAInB;AACD,MAAI;AACF,UAAM,IAAI,MAAM,eAAe;AAC/B,WAAO,2BAA2B,GAAG,SAAS;AAAA,EAChD,SAAS,OAAO;AACd,QAAI,mBAAmB,KAAK,GAAG;AAC7B,cAAQ;AAAA,QACN;AAAA,QACA;AAAA,MACF;AACA,aAAO,EAAE,GAAG,gCAAgC;AAAA,IAC9C;AACA,UAAM;AAAA,EACR;AACF;AAEA,eAAsB,sBAAsB,OAG1B;AAChB,QAAM,UAAU,MAAM,UAAU,IAAI;AACpC,QAAM,YAAY,EAAE;AAAA,IAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMF,EACG,KAAK,SAAS,MAAM,WAAW,IAAI,EACnC,IAAI;AACT;AAEA,eAAsB,yBAAwC;AAC5D,QAAM,YAAY,EAAE;AAAA,IAClB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKF,EAAE,IAAI;AACR;AAGA,eAAsB,uBAIZ;AACR,QAAM,IAAI,MAAM,eAAe;AAC/B,MAAI,CAAC,EAAE,eAAgB,QAAO;AAC9B,MAAI,CAAC,EAAE,oBAAoB,CAAC,EAAE,qBAAsB,QAAO;AAC3D,SAAO;AAAA,IACL,SAAS;AAAA,IACT,UAAU,EAAE;AAAA,IACZ,cAAc,EAAE;AAAA,EAClB;AACF;AAEA,eAAsB,wBAAwB,OAI5B;AAChB,QAAM,UAAU,MAAM,UAAU,IAAI;AACpC,QAAM,YAAY,EAAE;AAAA,IAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOF,EACG,KAAK,SAAS,MAAM,UAAU,MAAM,YAAY,EAChD,IAAI;AACT;AAEA,eAAsB,yBAAwC;AAC5D,QAAM,YAAY,EAAE;AAAA,IAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOF,EAAE,IAAI;AACR;AAEA,eAAsB,gBAAgB,OAA8B;AAClE,QAAM,YAAY,EAAE;AAAA,IAClB;AAAA,EACF,EACG,KAAK,KAAK,EACV,IAAI;AACT;;;AMjLO,IAAMC,uBAAsB;AAE5B,SAAS,eAAe,OAAuB;AACpD,SAAO,MAAM,KAAK,EAAE,YAAY;AAClC;AAEA,eAAsB,aAAa,OAAiC;AAClE,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,WAAW,MAAM,eAAe;AACtC,SAAO,eAAe,KAAK,MAAM,eAAe,SAAS,WAAW;AACtE;AAMA,eAAsB,gBAAgB,OAA8B;AAClE,QAAM,aAAa,eAAe,KAAK;AACvC,MAAI,CAAE,MAAM,aAAa,UAAU,EAAI;AACvC,QAAM,YAAY,EAAE;AAAA,IAClB;AAAA,EACF,EAAE,KAAK,UAAU,EAAE,IAAI;AACzB;","names":["cache","env","options","getRuntimePlatform","DEFAULT_ADMIN_EMAIL"]}

package/dist/media/index.d.ts

@@ -0,0 +1,24 @@
+type PublicImageVariant = "list" | "detail";
+declare function isOptimizableCoverImage(src: string): boolean;
+declare function isPublicImageUrlAllowed(src: string): boolean;
+declare function buildResponsiveImageAttrs(src: string, sizes: string, options?: {
+    quality?: number;
+    variant?: PublicImageVariant;
+}): {
+    src: string;
+    sizes: string;
+    srcSet?: undefined;
+} | {
+    src: string;
+    srcSet: string;
+    sizes: string;
+};
+declare function getCoverImageLoading(index: number, variant?: PublicImageVariant): {
+    loading: "eager";
+    fetchPriority: "high";
+} | {
+    loading: "lazy";
+    fetchPriority: "auto";
+};
+
+export { type PublicImageVariant, buildResponsiveImageAttrs, getCoverImageLoading, isOptimizableCoverImage, isPublicImageUrlAllowed };

package/dist/media/index.js

@@ -0,0 +1,86 @@
+// src/media/public-image.ts
+var DEFAULT_IMAGE_WIDTHS = [320, 640, 960, 1200];
+var DEFAULT_IMAGE_QUALITY = 85;
+var MIN_IMAGE_QUALITY = 40;
+var LIST_IMAGE_WIDTHS = [320, 480, 640];
+var LIST_IMAGE_QUALITY = 70;
+function clampQuality(quality) {
+  if (!quality || Number.isNaN(quality)) {
+    return DEFAULT_IMAGE_QUALITY;
+  }
+  return Math.max(MIN_IMAGE_QUALITY, Math.min(DEFAULT_IMAGE_QUALITY, quality));
+}
+function parseImageUrl(src) {
+  try {
+    return new URL(src, "https://moviebluebook.uk");
+  } catch {
+    return null;
+  }
+}
+function isOptimizableCoverImage(src) {
+  const url = parseImageUrl(src);
+  if (!url) return false;
+  return url.pathname.startsWith("/api/cdn/") || url.pathname.startsWith("/api/notion/media/");
+}
+function isPublicImageUrlAllowed(src) {
+  const url = parseImageUrl(src);
+  if (!url) return false;
+  if (url.pathname.startsWith("/api/cdn/")) return true;
+  if (url.pathname.startsWith("/api/notion/media/")) return true;
+  return [
+    "www.notion.so",
+    "notion.so",
+    "secure.notion-static.com",
+    "prod-files-secure.s3.us-west-2.amazonaws.com"
+  ].includes(url.hostname);
+}
+function buildSizedImageUrl(src, width, quality) {
+  const url = parseImageUrl(src);
+  if (!url) return src;
+  url.searchParams.set("w", String(width));
+  url.searchParams.set("q", String(quality));
+  return url.origin === "https://moviebluebook.uk" ? `${url.pathname}${url.search}${url.hash}` : url.toString();
+}
+function widthsForVariant(variant) {
+  return variant === "list" ? LIST_IMAGE_WIDTHS : DEFAULT_IMAGE_WIDTHS;
+}
+function qualityForVariant(variant) {
+  return variant === "list" ? LIST_IMAGE_QUALITY : DEFAULT_IMAGE_QUALITY;
+}
+function buildResponsiveImageAttrs(src, sizes, options) {
+  if (!isOptimizableCoverImage(src)) {
+    return { src, sizes };
+  }
+  const variant = options?.variant ?? "detail";
+  const explicitQuality = options?.quality;
+  const quality = clampQuality(
+    explicitQuality ?? qualityForVariant(variant)
+  );
+  const widths = widthsForVariant(variant);
+  const max = widths[widths.length - 1] ?? DEFAULT_IMAGE_WIDTHS.at(-1) ?? 1200;
+  return {
+    src: buildSizedImageUrl(src, max, quality),
+    srcSet: widths.map((width) => `${buildSizedImageUrl(src, width, quality)} ${width}w`).join(", "),
+    sizes
+  };
+}
+function getCoverImageLoading(index, variant = "detail") {
+  void variant;
+  if (index === 0) {
+    return {
+      loading: "eager",
+      fetchPriority: "high"
+    };
+  }
+  return {
+    loading: "lazy",
+    fetchPriority: "auto"
+  };
+}
+export {
+  buildResponsiveImageAttrs,
+  getCoverImageLoading,
+  isOptimizableCoverImage,
+  isPublicImageUrlAllowed
+};
+//# sourceMappingURL=index.js.map

package/dist/media/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/media/public-image.ts"],"sourcesContent":["const DEFAULT_IMAGE_WIDTHS = [320, 640, 960, 1200] as const;\nconst DEFAULT_IMAGE_QUALITY = 85;\nconst MIN_IMAGE_QUALITY = 40;\n\nconst LIST_IMAGE_WIDTHS = [320, 480, 640] as const;\nconst LIST_IMAGE_QUALITY = 70;\n\nexport type PublicImageVariant = \"list\" | \"detail\";\n\nfunction clampQuality(quality?: number) {\n  if (!quality || Number.isNaN(quality)) {\n    return DEFAULT_IMAGE_QUALITY;\n  }\n\n  return Math.max(MIN_IMAGE_QUALITY, Math.min(DEFAULT_IMAGE_QUALITY, quality));\n}\n\nfunction parseImageUrl(src: string) {\n  try {\n    return new URL(src, \"https://moviebluebook.uk\");\n  } catch {\n    return null;\n  }\n}\n\nexport function isOptimizableCoverImage(src: string) {\n  const url = parseImageUrl(src);\n  if (!url) return false;\n\n  return (\n    url.pathname.startsWith(\"/api/cdn/\") ||\n    url.pathname.startsWith(\"/api/notion/media/\")\n  );\n}\n\nexport function isPublicImageUrlAllowed(src: string) {\n  const url = parseImageUrl(src);\n  if (!url) return false;\n\n  if (url.pathname.startsWith(\"/api/cdn/\")) return true;\n  if (url.pathname.startsWith(\"/api/notion/media/\")) return true;\n\n  return [\n    \"www.notion.so\",\n    \"notion.so\",\n    \"secure.notion-static.com\",\n    \"prod-files-secure.s3.us-west-2.amazonaws.com\",\n  ].includes(url.hostname);\n}\n\nfunction buildSizedImageUrl(src: string, width: number, quality: number) {\n  const url = parseImageUrl(src);\n  if (!url) return src;\n\n  url.searchParams.set(\"w\", String(width));\n  url.searchParams.set(\"q\", String(quality));\n\n  return url.origin === \"https://moviebluebook.uk\"\n    ? `${url.pathname}${url.search}${url.hash}`\n    : url.toString();\n}\n\nfunction widthsForVariant(variant: PublicImageVariant) {\n  return variant === \"list\" ? LIST_IMAGE_WIDTHS : DEFAULT_IMAGE_WIDTHS;\n}\n\nfunction qualityForVariant(variant: PublicImageVariant) {\n  return variant === \"list\" ? LIST_IMAGE_QUALITY : DEFAULT_IMAGE_QUALITY;\n}\n\nexport function buildResponsiveImageAttrs(\n  src: string,\n  sizes: string,\n  options?: { quality?: number; variant?: PublicImageVariant }\n) {\n  if (!isOptimizableCoverImage(src)) {\n    return { src, sizes };\n  }\n\n  const variant: PublicImageVariant = options?.variant ?? \"detail\";\n  const explicitQuality = options?.quality;\n  const quality = clampQuality(\n    explicitQuality ?? qualityForVariant(variant)\n  );\n  const widths = widthsForVariant(variant);\n  const max = widths[widths.length - 1] ?? DEFAULT_IMAGE_WIDTHS.at(-1) ?? 1200;\n\n  return {\n    src: buildSizedImageUrl(src, max, quality),\n    srcSet: widths\n      .map((width) => `${buildSizedImageUrl(src, width, quality)} ${width}w`)\n      .join(\", \"),\n    sizes,\n  };\n}\n\nexport function getCoverImageLoading(\n  index: number,\n  variant: PublicImageVariant = \"detail\"\n) {\n  // `variant` is reserved for future per-variant loading strategy\n  // (e.g. eager above-the-fold for list thumbnails). Reference it\n  // explicitly to satisfy `@typescript-eslint/no-unused-vars` while\n  // keeping the public API stable.\n  void variant;\n  if (index === 0) {\n    return {\n      loading: \"eager\" as const,\n      fetchPriority: \"high\" as const,\n    };\n  }\n\n  return {\n    loading: \"lazy\" as const,\n    fetchPriority: \"auto\" as const,\n  };\n}\n"],"mappings":";AAAA,IAAM,uBAAuB,CAAC,KAAK,KAAK,KAAK,IAAI;AACjD,IAAM,wBAAwB;AAC9B,IAAM,oBAAoB;AAE1B,IAAM,oBAAoB,CAAC,KAAK,KAAK,GAAG;AACxC,IAAM,qBAAqB;AAI3B,SAAS,aAAa,SAAkB;AACtC,MAAI,CAAC,WAAW,OAAO,MAAM,OAAO,GAAG;AACrC,WAAO;AAAA,EACT;AAEA,SAAO,KAAK,IAAI,mBAAmB,KAAK,IAAI,uBAAuB,OAAO,CAAC;AAC7E;AAEA,SAAS,cAAc,KAAa;AAClC,MAAI;AACF,WAAO,IAAI,IAAI,KAAK,0BAA0B;AAAA,EAChD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,wBAAwB,KAAa;AACnD,QAAM,MAAM,cAAc,GAAG;AAC7B,MAAI,CAAC,IAAK,QAAO;AAEjB,SACE,IAAI,SAAS,WAAW,WAAW,KACnC,IAAI,SAAS,WAAW,oBAAoB;AAEhD;AAEO,SAAS,wBAAwB,KAAa;AACnD,QAAM,MAAM,cAAc,GAAG;AAC7B,MAAI,CAAC,IAAK,QAAO;AAEjB,MAAI,IAAI,SAAS,WAAW,WAAW,EAAG,QAAO;AACjD,MAAI,IAAI,SAAS,WAAW,oBAAoB,EAAG,QAAO;AAE1D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,EAAE,SAAS,IAAI,QAAQ;AACzB;AAEA,SAAS,mBAAmB,KAAa,OAAe,SAAiB;AACvE,QAAM,MAAM,cAAc,GAAG;AAC7B,MAAI,CAAC,IAAK,QAAO;AAEjB,MAAI,aAAa,IAAI,KAAK,OAAO,KAAK,CAAC;AACvC,MAAI,aAAa,IAAI,KAAK,OAAO,OAAO,CAAC;AAEzC,SAAO,IAAI,WAAW,6BAClB,GAAG,IAAI,QAAQ,GAAG,IAAI,MAAM,GAAG,IAAI,IAAI,KACvC,IAAI,SAAS;AACnB;AAEA,SAAS,iBAAiB,SAA6B;AACrD,SAAO,YAAY,SAAS,oBAAoB;AAClD;AAEA,SAAS,kBAAkB,SAA6B;AACtD,SAAO,YAAY,SAAS,qBAAqB;AACnD;AAEO,SAAS,0BACd,KACA,OACA,SACA;AACA,MAAI,CAAC,wBAAwB,GAAG,GAAG;AACjC,WAAO,EAAE,KAAK,MAAM;AAAA,EACtB;AAEA,QAAM,UAA8B,SAAS,WAAW;AACxD,QAAM,kBAAkB,SAAS;AACjC,QAAM,UAAU;AAAA,IACd,mBAAmB,kBAAkB,OAAO;AAAA,EAC9C;AACA,QAAM,SAAS,iBAAiB,OAAO;AACvC,QAAM,MAAM,OAAO,OAAO,SAAS,CAAC,KAAK,qBAAqB,GAAG,EAAE,KAAK;AAExE,SAAO;AAAA,IACL,KAAK,mBAAmB,KAAK,KAAK,OAAO;AAAA,IACzC,QAAQ,OACL,IAAI,CAAC,UAAU,GAAG,mBAAmB,KAAK,OAAO,OAAO,CAAC,IAAI,KAAK,GAAG,EACrE,KAAK,IAAI;AAAA,IACZ;AAAA,EACF;AACF;AAEO,SAAS,qBACd,OACA,UAA8B,UAC9B;AAKA,OAAK;AACL,MAAI,UAAU,GAAG;AACf,WAAO;AAAA,MACL,SAAS;AAAA,MACT,eAAe;AAAA,IACjB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,eAAe;AAAA,EACjB;AACF;","names":[]}

package/dist/media/routes/index.d.ts

@@ -0,0 +1 @@
+export { notionMediaRoute, notionMediaRouteHandle } from './notion-media.js';