@notionx/core 0.1.0

package/dist/storage/routes/index.js

@@ -0,0 +1,352 @@
+// src/storage/routes/files.ts
+import { NextResponse } from "next/server";
+
+// src/util/env.ts
+import { env } from "cloudflare:workers";
+var workerEnv = env;
+
+// src/platform/runtime.ts
+function cacheRequestForKey(key) {
+  return new Request(key, { method: "GET" });
+}
+function createCloudflarePublicCacheAdapter(cache) {
+  return {
+    kind: "cloudflare-cache",
+    async match(key) {
+      return await cache.match(cacheRequestForKey(key)) ?? null;
+    },
+    put(key, response) {
+      return cache.put(cacheRequestForKey(key), response);
+    },
+    delete(key) {
+      return cache.delete(cacheRequestForKey(key));
+    }
+  };
+}
+function createCloudflareKeyValueCacheAdapter(namespace) {
+  return {
+    kind: "workers-kv",
+    async get(key, options) {
+      return await namespace.get(key, {
+        type: "json",
+        cacheTtl: options?.cacheTtl
+      });
+    },
+    async put(key, value, options) {
+      await namespace.put(key, JSON.stringify(value), {
+        expirationTtl: options?.expirationTtl,
+        metadata: options?.metadata
+      });
+    },
+    delete(key) {
+      return namespace.delete(key);
+    },
+    async list(options) {
+      const result = await namespace.list({
+        prefix: options?.prefix,
+        limit: options?.limit,
+        cursor: options?.cursor
+      });
+      return {
+        keys: result.keys.map((key) => ({ name: key.name })),
+        cursor: result.list_complete ? void 0 : result.cursor,
+        listComplete: result.list_complete
+      };
+    }
+  };
+}
+function r2ObjectToStoredObject(object) {
+  return {
+    body: object.body,
+    size: object.size,
+    etag: object.etag,
+    contentType: object.httpMetadata?.contentType
+  };
+}
+function createCloudflareRuntimePlatform(env2, options) {
+  const database = env2.DB ? {
+    kind: "d1",
+    prepare(query) {
+      return env2.DB.prepare(query);
+    },
+    async batch(statements) {
+      return await env2.DB.batch(
+        statements
+      );
+    }
+  } : null;
+  const objectStorage = env2.ASSETS_BUCKET ? {
+    kind: "r2",
+    async get(key) {
+      const object = await env2.ASSETS_BUCKET?.get(key);
+      return object ? r2ObjectToStoredObject(object) : null;
+    },
+    async put(key, value, options2) {
+      await env2.ASSETS_BUCKET?.put(key, value, {
+        httpMetadata: {
+          contentType: options2?.contentType,
+          cacheControl: options2?.cacheControl
+        },
+        customMetadata: options2?.metadata
+      });
+    },
+    async delete(key) {
+      await env2.ASSETS_BUCKET?.delete(key);
+    },
+    async list(options2) {
+      const listed = await env2.ASSETS_BUCKET?.list({
+        prefix: options2?.prefix,
+        limit: options2?.limit
+      });
+      return listed?.objects.map((object) => ({
+        key: object.key,
+        size: object.size,
+        uploaded: object.uploaded
+      })) ?? [];
+    }
+  } : null;
+  const imageTransformer = env2.IMAGES ? {
+    kind: "cloudflare-images",
+    async transform(body, options2) {
+      const result = await env2.IMAGES.input(body).transform(options2.width ? { width: options2.width } : {}).output({
+        format: options2.format,
+        quality: options2.quality
+      });
+      return {
+        body: result.image(),
+        contentType: result.contentType(),
+        response: () => result.response()
+      };
+    }
+  } : null;
+  const keyValueCache = env2.CONTENT_CACHE ? createCloudflareKeyValueCacheAdapter(env2.CONTENT_CACHE) : null;
+  return {
+    id: "cloudflare-workers",
+    database,
+    objectStorage,
+    imageTransformer,
+    keyValueCache,
+    publicCache: options?.publicCache ? createCloudflarePublicCacheAdapter(options.publicCache) : null
+  };
+}
+
+// src/platform/cloudflare-runtime.ts
+function getDefaultCloudflareCache() {
+  const globalWithCaches = globalThis;
+  return globalWithCaches.caches?.default ?? null;
+}
+function getRuntimePlatform() {
+  return createCloudflareRuntimePlatform(workerEnv, {
+    publicCache: getDefaultCloudflareCache()
+  });
+}
+
+// src/platform/current.ts
+function getRuntimePlatform2() {
+  return getRuntimePlatform();
+}
+
+// src/storage/routes/files.ts
+var filesRoute = {
+  /**
+   * Next.js handler for `app/api/files/[...key]/route.ts`. Receives the
+   * catch-all key from the route params.
+   */
+  async GET(_request, props) {
+    const { key } = await props.params;
+    return filesRoute.handle(new Request(buildInternalUrl(_request, key)));
+  },
+  /**
+   * Worker-friendly handler. Extracts the catch-all key from the URL
+   * pathname (`/api/files/<key>`).
+   */
+  async handle(request) {
+    const key = readKeyFromUrl(request.url);
+    if (!key) {
+      return NextResponse.json({ error: "Invalid key" }, { status: 400 });
+    }
+    if (key.includes("..") || key.startsWith("/")) {
+      return NextResponse.json({ error: "Invalid key" }, { status: 400 });
+    }
+    const storage = getRuntimePlatform2().objectStorage;
+    if (!storage) {
+      return NextResponse.json(
+        { error: "Object storage not configured" },
+        { status: 503 }
+      );
+    }
+    const object = await storage.get(key);
+    if (!object) {
+      return NextResponse.json({ error: "Not found" }, { status: 404 });
+    }
+    const headers = new Headers();
+    if (object.contentType) {
+      headers.set("Content-Type", object.contentType);
+    }
+    headers.set("Cache-Control", "public, max-age=31536000, immutable");
+    if (object.etag) headers.set("ETag", object.etag);
+    headers.set("Content-Length", String(object.size));
+    return new Response(object.body, { headers });
+  }
+};
+async function filesRouteHandle(request) {
+  return filesRoute.handle(request);
+}
+function buildInternalUrl(request, keyParts) {
+  const url = new URL(request.url);
+  url.pathname = `/api/files/${keyParts.map(encodeURIComponent).join("/")}`;
+  return url.toString();
+}
+function readKeyFromUrl(rawUrl) {
+  const url = new URL(rawUrl);
+  const prefix = "/api/files/";
+  if (!url.pathname.startsWith(prefix)) return null;
+  const encoded = url.pathname.slice(prefix.length);
+  if (!encoded) return null;
+  return decodeURIComponent(encoded);
+}
+var GET = filesRoute.GET;
+
+// src/storage/routes/cdn.ts
+import { NextResponse as NextResponse2 } from "next/server";
+var DEFAULT_WIDTH = 1200;
+var MAX_WIDTH = 2400;
+var DEFAULT_QUALITY = 75;
+var MIN_QUALITY = 40;
+var MAX_QUALITY = 85;
+var cdnRoute = {
+  async GET(request, props) {
+    const { key } = await props.params;
+    return cdnRoute.handle(new Request(buildInternalUrl2(request, key)));
+  },
+  async handle(request) {
+    const url = new URL(request.url);
+    const key = readKeyFromPathname(url.pathname);
+    if (!key) {
+      return NextResponse2.json({ error: "Invalid key" }, { status: 400 });
+    }
+    if (key.includes("..") || key.startsWith("/")) {
+      return NextResponse2.json({ error: "Invalid key" }, { status: 400 });
+    }
+    const platform = getRuntimePlatform2();
+    const storage = platform.objectStorage;
+    if (!storage) {
+      return NextResponse2.json(
+        { error: "Object storage not configured" },
+        { status: 503 }
+      );
+    }
+    const object = await storage.get(key);
+    if (!object) {
+      return NextResponse2.json({ error: "Not found" }, { status: 404 });
+    }
+    const accept = request.headers.get("accept") ?? "";
+    const isImage = object.contentType?.startsWith("image/") ?? false;
+    if (!isImage) {
+      return streamObject(object, {
+        "X-Debug-Cdn-Branch": "non-image",
+        "X-Debug-Cdn-Key": key
+      });
+    }
+    let outputFormat = null;
+    let outputQuality = void 0;
+    if (accept.includes("image/avif")) {
+      outputFormat = "image/avif";
+      outputQuality = 60;
+    } else if (accept.includes("image/webp")) {
+      outputFormat = "image/webp";
+      outputQuality = 75;
+    }
+    const isSvg = object.contentType === "image/svg+xml";
+    if (!outputFormat || isSvg || !platform.imageTransformer) {
+      return streamObject(object, {
+        "X-Debug-Cdn-Branch": isSvg ? "svg-bypass" : !platform.imageTransformer ? "transformer-bypass" : "format-bypass",
+        "X-Debug-Cdn-Accept": accept.includes("image/avif") ? "avif" : accept.includes("image/webp") ? "webp" : "other",
+        "X-Debug-Cdn-Key": key
+      });
+    }
+    try {
+      const width = clampInt(
+        url.searchParams.get("w"),
+        64,
+        MAX_WIDTH,
+        DEFAULT_WIDTH
+      );
+      const quality = clampInt(
+        url.searchParams.get("q"),
+        MIN_QUALITY,
+        MAX_QUALITY,
+        outputQuality ?? DEFAULT_QUALITY
+      );
+      const result = await platform.imageTransformer.transform(object.body, {
+        width,
+        format: outputFormat,
+        quality
+      });
+      return new Response(result.body, {
+        headers: {
+          "Content-Type": result.contentType,
+          "Cache-Control": "public, max-age=31536000, immutable",
+          Vary: "Accept",
+          "X-Debug-Cdn-Branch": "transformed",
+          "X-Debug-Cdn-Key": key,
+          "X-Optimized-Width": String(width),
+          "X-Optimized-Quality": String(quality),
+          "X-Original-Format": object.contentType ?? "unknown",
+          "X-Optimized-Format": outputFormat
+        }
+      });
+    } catch (e) {
+      return streamObject(object, {
+        "X-Debug-Cdn-Branch": "transform-error-fallback",
+        "X-Debug-Cdn-Key": key,
+        "X-Debug-Cdn-Error": e instanceof Error ? e.name : "unknown"
+      });
+    }
+  }
+};
+function buildInternalUrl2(request, keyParts) {
+  const url = new URL(request.url);
+  url.pathname = `/api/cdn/${keyParts.map(encodeURIComponent).join("/")}`;
+  return url.toString();
+}
+function readKeyFromPathname(pathname) {
+  const prefix = "/api/cdn/";
+  if (!pathname.startsWith(prefix)) return null;
+  const encoded = pathname.slice(prefix.length);
+  if (!encoded) return null;
+  return decodeURIComponent(encoded);
+}
+function clampInt(value, min, max, fallback) {
+  const parsed = Number.parseInt(value ?? "", 10);
+  if (!Number.isFinite(parsed)) {
+    return fallback;
+  }
+  return Math.max(min, Math.min(max, parsed));
+}
+function streamObject(object, extraHeaders) {
+  const headers = new Headers();
+  if (object.contentType) {
+    headers.set("Content-Type", object.contentType);
+  }
+  headers.set("Cache-Control", "public, max-age=31536000, immutable");
+  headers.set("Content-Length", String(object.size));
+  if (object.etag) headers.set("ETag", object.etag);
+  for (const [key, value] of Object.entries(extraHeaders ?? {})) {
+    headers.set(key, value);
+  }
+  return new Response(object.body, { headers });
+}
+var GET2 = cdnRoute.GET;
+async function cdnRouteHandle(request) {
+  return cdnRoute.handle(request);
+}
+export {
+  GET2 as GET_cdn,
+  GET as GET_files,
+  cdnRoute,
+  cdnRouteHandle,
+  filesRoute,
+  filesRouteHandle
+};
+//# sourceMappingURL=index.js.map

package/dist/storage/routes/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/storage/routes/files.ts","../../../src/util/env.ts","../../../src/platform/runtime.ts","../../../src/platform/cloudflare-runtime.ts","../../../src/platform/current.ts","../../../src/storage/routes/cdn.ts"],"sourcesContent":["// storage/routes/files.ts\n//\n// GET /api/files/[...key] - 从对象存储取文件并代理返回\n// 不公开 bucket/container，避免任何人都能列文件\n//\n// The package exports a route object with two surfaces:\n//   - `GET` is the Next.js handler signature (request, { params }).\n//   - `handle` is a single `(request) => Response` form used by the\n//     Cloudflare Workers bootstrap in `@notionx/core/worker`.\n//\n// The bodies are identical; only the way the object key is read differs.\n\nimport { NextResponse } from \"next/server\";\nimport { getRuntimePlatform } from \"../../platform/current\";\n\nexport const dynamic = \"force-dynamic\";\n\ntype Props = {\n  params: Promise<{ key: string[] }>;\n};\n\nexport const filesRoute = {\n  /**\n   * Next.js handler for `app/api/files/[...key]/route.ts`. Receives the\n   * catch-all key from the route params.\n   */\n  async GET(_request: Request, props: Props) {\n    const { key } = await props.params;\n    return filesRoute.handle(new Request(buildInternalUrl(_request, key)));\n  },\n  /**\n   * Worker-friendly handler. Extracts the catch-all key from the URL\n   * pathname (`/api/files/<key>`).\n   */\n  async handle(request: Request): Promise<Response> {\n    const key = readKeyFromUrl(request.url);\n    if (!key) {\n      return NextResponse.json({ error: \"Invalid key\" }, { status: 400 });\n    }\n\n    if (key.includes(\"..\") || key.startsWith(\"/\")) {\n      return NextResponse.json({ error: \"Invalid key\" }, { status: 400 });\n    }\n\n    const storage = getRuntimePlatform().objectStorage;\n    if (!storage) {\n      return NextResponse.json(\n        { error: \"Object storage not configured\" },\n        { status: 503 }\n      );\n    }\n\n    const object = await storage.get(key);\n    if (!object) {\n      return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n    }\n\n    const headers = new Headers();\n    if (object.contentType) {\n      headers.set(\"Content-Type\", object.contentType);\n    }\n    headers.set(\"Cache-Control\", \"public, max-age=31536000, immutable\");\n    if (object.etag) headers.set(\"ETag\", object.etag);\n    headers.set(\"Content-Length\", String(object.size));\n\n    return new Response(object.body, { headers });\n  },\n};\n\n/**\n * Worker-friendly single-arg handler. Used by the Cloudflare Workers\n * bootstrap in `@notionx/core/worker`. Equivalent to\n * `filesRoute.handle`.\n */\nexport async function filesRouteHandle(request: Request): Promise<Response> {\n  return filesRoute.handle(request);\n}\n\nfunction buildInternalUrl(request: Request, keyParts: string[]) {\n  const url = new URL(request.url);\n  url.pathname = `/api/files/${keyParts.map(encodeURIComponent).join(\"/\")}`;\n  return url.toString();\n}\n\nfunction readKeyFromUrl(rawUrl: string): string | null {\n  const url = new URL(rawUrl);\n  const prefix = \"/api/files/\";\n  if (!url.pathname.startsWith(prefix)) return null;\n  const encoded = url.pathname.slice(prefix.length);\n  if (!encoded) return null;\n  return decodeURIComponent(encoded);\n}\n\n// Re-export as top-level function aliases for callers that prefer a\n// flat signature (e.g. the Next.js app/api/.../route.ts delegates).\nexport const GET = filesRoute.GET;\n","// lib/env.ts - 集中获取 Cloudflare bindings\n// 用 cloudflare:workers 模块（workerd 内置），作为平台 adapter 的绑定入口\n\n/// <reference types=\"@cloudflare/workers-types\" />\nimport { env } from \"cloudflare:workers\";\n\nexport type AppEnv = {\n  DB: D1Database;\n  ASSETS: Fetcher;\n  IMAGES: ImagesBinding;\n  ASSETS_BUCKET?: R2Bucket;\n  CONTENT_CACHE?: KVNamespace;\n  ADMIN_PASSWORD: string;\n  ADMIN_EMAIL?: string;\n  SITE_URL?: string;\n  RESEND_API_KEY?: string;\n  RESEND_FROM?: string;\n  // Google OAuth 仍然兼容 Cloudflare Secret 作为兜底。\n  // 实际生效值以 app_settings.google_client_id / google_client_secret 为准。\n  GOOGLE_CLIENT_ID?: string;\n  GOOGLE_CLIENT_SECRET?: string;\n  /** Turnstile site key fallback when not stored in app_settings */\n  TURNSTILE_SITE_KEY?: string;\n  /** Turnstile secret — set via `wrangler secret put TURNSTILE_SECRET_KEY` */\n  TURNSTILE_SECRET_KEY?: string;\n  /** Notion integration token for the blog data source */\n  NOTION_TOKEN?: string;\n  /** Notion data source ID used by dataSources.query */\n  NOTION_DATA_SOURCE_ID?: string;\n  /** Notion data source ID for the public movie catalog */\n  NOTION_MOVIES_DATA_SOURCE_ID?: string;\n  /** Notion data source ID for localized movie copy */\n  NOTION_MOVIE_TRANSLATIONS_DATA_SOURCE_ID?: string;\n  /** Optional Notion API base URL for tests or proxies */\n  NOTION_API_BASE_URL?: string;\n  /** Optional Notion edit URL for admin handoff screens */\n  NOTION_EDIT_BASE_URL?: string;\n  /** Optional webhook verification token for Notion invalidation */\n  NOTION_WEBHOOK_VERIFICATION_TOKEN?: string;\n};\n\n// 强制类型：vinext 把 env 类型放在 env.d.ts（interface VinextEnv extends Env），\n// 但 TS server 经常解析不到。运行时一定有 DB，类型断言保证编译通过。\nexport const workerEnv = env as unknown as AppEnv;\n","import type { AppEnv } from \"../util/env\";\n\nexport type PlatformBindingEnv = Pick<\n  AppEnv,\n  \"ASSETS_BUCKET\" | \"CONTENT_CACHE\" | \"DB\" | \"IMAGES\"\n>;\n\nexport type StoredObject = {\n  body: ReadableStream;\n  size: number;\n  etag?: string;\n  contentType?: string;\n};\n\nexport type ObjectStoragePutOptions = {\n  contentType?: string;\n  cacheControl?: string;\n  metadata?: Record<string, string>;\n};\n\nexport type ObjectStorageListItem = {\n  key: string;\n  size: number;\n  uploaded: Date;\n};\n\nexport type ObjectStorageAdapter = {\n  kind: \"r2\";\n  get(key: string): Promise<StoredObject | null>;\n  put(\n    key: string,\n    value: ReadableStream | ArrayBuffer | ArrayBufferView | string | Blob,\n    options?: ObjectStoragePutOptions\n  ): Promise<void>;\n  delete(key: string): Promise<void>;\n  list(\n    options?: { prefix?: string; limit?: number }\n  ): Promise<ObjectStorageListItem[]>;\n};\n\nexport type ImageTransformOptions = {\n  width?: number;\n  format: \"image/avif\" | \"image/webp\";\n  quality: number;\n};\n\nexport type ImageTransformResult = {\n  body: ReadableStream;\n  contentType: string;\n  response(): Response;\n};\n\nexport type ImageTransformerAdapter = {\n  kind: \"cloudflare-images\" | \"external\";\n  transform(\n    body: ReadableStream,\n    options: ImageTransformOptions\n  ): Promise<ImageTransformResult>;\n};\n\nexport type PublicCacheAdapter = {\n  kind: \"cloudflare-cache\" | \"noop\" | \"external\";\n  match(key: string): Promise<Response | null>;\n  put(key: string, response: Response): Promise<void>;\n  delete(key: string): Promise<boolean>;\n};\n\nexport type KeyValueCacheGetOptions = {\n  cacheTtl?: number;\n};\n\nexport type KeyValueCachePutOptions = {\n  expirationTtl?: number;\n  metadata?: Record<string, string | number | boolean | null>;\n};\n\nexport type KeyValueCacheListOptions = {\n  prefix?: string;\n  limit?: number;\n  cursor?: string;\n};\n\nexport type KeyValueCacheListResult = {\n  keys: Array<{ name: string }>;\n  cursor?: string;\n  listComplete: boolean;\n};\n\nexport type KeyValueCacheAdapter = {\n  kind: \"workers-kv\" | \"noop\" | \"external\";\n  get<T = unknown>(\n    key: string,\n    options?: KeyValueCacheGetOptions\n  ): Promise<T | null>;\n  put<T = unknown>(\n    key: string,\n    value: T,\n    options?: KeyValueCachePutOptions\n  ): Promise<void>;\n  delete(key: string): Promise<void>;\n  list(options?: KeyValueCacheListOptions): Promise<KeyValueCacheListResult>;\n};\n\nexport type SqlValue = string | number | boolean | null;\n\nexport type SqlResult<T = Record<string, unknown>> = {\n  results?: T[];\n  success?: boolean;\n  meta?: {\n    changes?: number;\n    duration?: number;\n    last_row_id?: number;\n    rows_read?: number;\n    rows_written?: number;\n    [key: string]: unknown;\n  };\n};\n\nexport type SqlPreparedStatement = {\n  bind(...values: SqlValue[]): SqlPreparedStatement;\n  all<T = Record<string, unknown>>(): Promise<SqlResult<T>>;\n  first<T = Record<string, unknown>>(columnName?: string): Promise<T | null>;\n  run<T = Record<string, unknown>>(): Promise<SqlResult<T>>;\n};\n\nexport type SqlDatabaseAdapter = {\n  kind: \"d1\";\n  prepare(query: string): SqlPreparedStatement;\n  batch<T = Record<string, unknown>>(\n    statements: SqlPreparedStatement[]\n  ): Promise<SqlResult<T>[]>;\n};\n\nexport type RuntimePlatform = {\n  id: \"cloudflare-workers\";\n  database: SqlDatabaseAdapter | null;\n  objectStorage: ObjectStorageAdapter | null;\n  imageTransformer: ImageTransformerAdapter | null;\n  publicCache: PublicCacheAdapter | null;\n  keyValueCache: KeyValueCacheAdapter | null;\n};\n\ntype CloudflareCacheLike = Pick<Cache, \"match\" | \"put\" | \"delete\">;\ntype CloudflareKvLike = Pick<KVNamespace, \"get\" | \"put\" | \"delete\" | \"list\">;\n\nfunction cacheRequestForKey(key: string) {\n  return new Request(key, { method: \"GET\" });\n}\n\nexport function createCloudflarePublicCacheAdapter(\n  cache: CloudflareCacheLike\n): PublicCacheAdapter {\n  return {\n    kind: \"cloudflare-cache\",\n    async match(key) {\n      return (await cache.match(cacheRequestForKey(key))) ?? null;\n    },\n    put(key, response) {\n      return cache.put(cacheRequestForKey(key), response);\n    },\n    delete(key) {\n      return cache.delete(cacheRequestForKey(key));\n    },\n  };\n}\n\nexport function createNoopPublicCacheAdapter(kind: \"noop\" = \"noop\"): PublicCacheAdapter {\n  return {\n    kind,\n    async match() {\n      return null;\n    },\n    async put() {},\n    async delete() {\n      return false;\n    },\n  };\n}\n\nexport function createCloudflareKeyValueCacheAdapter(\n  namespace: CloudflareKvLike\n): KeyValueCacheAdapter {\n  return {\n    kind: \"workers-kv\",\n    async get<T = unknown>(\n      key: string,\n      options?: KeyValueCacheGetOptions\n    ): Promise<T | null> {\n      return (await namespace.get(key, {\n        type: \"json\",\n        cacheTtl: options?.cacheTtl,\n      })) as T | null;\n    },\n    async put(key, value, options) {\n      await namespace.put(key, JSON.stringify(value), {\n        expirationTtl: options?.expirationTtl,\n        metadata: options?.metadata,\n      });\n    },\n    delete(key) {\n      return namespace.delete(key);\n    },\n    async list(options) {\n      const result = await namespace.list({\n        prefix: options?.prefix,\n        limit: options?.limit,\n        cursor: options?.cursor,\n      });\n      return {\n        keys: result.keys.map((key) => ({ name: key.name })),\n        cursor: result.list_complete ? undefined : result.cursor,\n        listComplete: result.list_complete,\n      };\n    },\n  };\n}\n\nexport function createNoopKeyValueCacheAdapter(\n  kind: \"noop\" = \"noop\"\n): KeyValueCacheAdapter {\n  return {\n    kind,\n    async get() {\n      return null;\n    },\n    async put() {},\n    async delete() {},\n    async list() {\n      return { keys: [], listComplete: true };\n    },\n  };\n}\n\nfunction r2ObjectToStoredObject(object: R2ObjectBody): StoredObject {\n  return {\n    body: object.body,\n    size: object.size,\n    etag: object.etag,\n    contentType: object.httpMetadata?.contentType,\n  };\n}\n\nexport function createCloudflareRuntimePlatform(\n  env: PlatformBindingEnv,\n  options?: { publicCache?: CloudflareCacheLike | null }\n): RuntimePlatform {\n  const database: SqlDatabaseAdapter | null = env.DB\n    ? ({\n        kind: \"d1\",\n        prepare(query: string) {\n          return env.DB.prepare(query) as unknown as SqlPreparedStatement;\n        },\n        async batch(statements: SqlPreparedStatement[]) {\n          return (await env.DB.batch(\n            statements as unknown as D1PreparedStatement[]\n          )) as unknown as SqlResult<Record<string, unknown>>[];\n        },\n      } as unknown as SqlDatabaseAdapter)\n    : null;\n\n  const objectStorage: ObjectStorageAdapter | null = env.ASSETS_BUCKET\n    ? {\n        kind: \"r2\",\n        async get(key) {\n          const object = await env.ASSETS_BUCKET?.get(key);\n          return object ? r2ObjectToStoredObject(object) : null;\n        },\n        async put(key, value, options) {\n          await env.ASSETS_BUCKET?.put(key, value, {\n            httpMetadata: {\n              contentType: options?.contentType,\n              cacheControl: options?.cacheControl,\n            },\n            customMetadata: options?.metadata,\n          });\n        },\n        async delete(key) {\n          await env.ASSETS_BUCKET?.delete(key);\n        },\n        async list(options) {\n          const listed = await env.ASSETS_BUCKET?.list({\n            prefix: options?.prefix,\n            limit: options?.limit,\n          });\n          return (\n            listed?.objects.map((object) => ({\n              key: object.key,\n              size: object.size,\n              uploaded: object.uploaded,\n            })) ?? []\n          );\n        },\n      }\n    : null;\n\n  const imageTransformer: ImageTransformerAdapter | null = env.IMAGES\n    ? {\n        kind: \"cloudflare-images\",\n        async transform(body, options) {\n          const result = await env.IMAGES.input(body)\n            .transform(options.width ? { width: options.width } : {})\n            .output({\n              format: options.format,\n              quality: options.quality,\n            });\n          return {\n            body: result.image(),\n            contentType: result.contentType(),\n            response: () => result.response(),\n          };\n        },\n      }\n    : null;\n\n  const keyValueCache: KeyValueCacheAdapter | null = env.CONTENT_CACHE\n    ? createCloudflareKeyValueCacheAdapter(env.CONTENT_CACHE)\n    : null;\n\n  return {\n    id: \"cloudflare-workers\",\n    database,\n    objectStorage,\n    imageTransformer,\n    keyValueCache,\n    publicCache: options?.publicCache\n      ? createCloudflarePublicCacheAdapter(options.publicCache)\n      : null,\n  };\n}\n","import { workerEnv } from \"../util/env\";\nimport {\n  createCloudflarePublicCacheAdapter,\n  createCloudflareRuntimePlatform,\n} from \"./runtime\";\n\nfunction getDefaultCloudflareCache() {\n  const globalWithCaches = globalThis as typeof globalThis & {\n    caches?: CacheStorage & { default?: Cache };\n  };\n  return globalWithCaches.caches?.default ?? null;\n}\n\nexport function getRuntimePlatform() {\n  return createCloudflareRuntimePlatform(workerEnv, {\n    publicCache: getDefaultCloudflareCache(),\n  });\n}\n\nexport function getDatabase() {\n  const database = getRuntimePlatform().database;\n  if (!database) {\n    throw new Error(\"SQL database binding not configured\");\n  }\n  return database;\n}\n\nexport function getPublicCache() {\n  const cache = getDefaultCloudflareCache();\n  if (!cache) {\n    throw new Error(\"Cloudflare cache binding not configured\");\n  }\n  return createCloudflarePublicCacheAdapter(cache);\n}\n","import {\n  getPublicCache as getCloudflarePublicCache,\n  getRuntimePlatform as getCloudflareRuntimePlatform,\n} from \"./cloudflare-runtime\";\nimport { currentRuntimeId } from \"./selection\";\n\nexport function getRuntimePlatform() {\n  return getCloudflareRuntimePlatform();\n}\n\nexport function getDatabase() {\n  const platform = getRuntimePlatform();\n  const database = platform.database;\n  if (!database) {\n    throw new Error(`SQL database adapter not configured for ${platform.id}`);\n  }\n  return database;\n}\n\nexport function getPublicCache() {\n  return getCloudflarePublicCache();\n}\n\nexport function getKeyValueCache() {\n  return getRuntimePlatform().keyValueCache;\n}\n\nexport const runtimeSelection = {\n  currentRuntimeId,\n};\n","// storage/routes/cdn.ts\n//\n// GET /api/cdn/[...key] - 从对象存储取原图，调用运行时图片转换转 WebP/AVIF 后返回\n//\n// 用 catch-all 参数兼容两种 URL：\n// 1. /api/cdn/uploads/2026-06-06/file.jpg\n// 2. /api/cdn/uploads%2F2026-06-06%2Ffile.jpg\n//\n// Like the other storage route, the package exports a route object that\n// exposes both a Next.js handler and a worker-friendly single-arg\n// handler. The body is otherwise identical to the original starter\n// implementation.\n\nimport { NextResponse } from \"next/server\";\nimport {\n  type StoredObject,\n} from \"../../platform/runtime\";\nimport { getRuntimePlatform } from \"../../platform/current\";\n\nexport const dynamic = \"force-dynamic\";\n\nconst DEFAULT_WIDTH = 1200;\nconst MAX_WIDTH = 2400;\nconst DEFAULT_QUALITY = 75;\nconst MIN_QUALITY = 40;\nconst MAX_QUALITY = 85;\n\ntype Props = {\n  params: Promise<{ key: string[] }>;\n};\n\nexport const cdnRoute = {\n  async GET(request: Request, props: Props) {\n    const { key } = await props.params;\n    return cdnRoute.handle(new Request(buildInternalUrl(request, key)));\n  },\n  async handle(request: Request): Promise<Response> {\n    const url = new URL(request.url);\n    const key = readKeyFromPathname(url.pathname);\n    if (!key) {\n      return NextResponse.json({ error: \"Invalid key\" }, { status: 400 });\n    }\n\n    if (key.includes(\"..\") || key.startsWith(\"/\")) {\n      return NextResponse.json({ error: \"Invalid key\" }, { status: 400 });\n    }\n\n    const platform = getRuntimePlatform();\n    const storage = platform.objectStorage;\n    if (!storage) {\n      return NextResponse.json(\n        { error: \"Object storage not configured\" },\n        { status: 503 }\n      );\n    }\n\n    const object = await storage.get(key);\n    if (!object) {\n      return NextResponse.json({ error: \"Not found\" }, { status: 404 });\n    }\n\n    const accept = request.headers.get(\"accept\") ?? \"\";\n    const isImage = object.contentType?.startsWith(\"image/\") ?? false;\n\n    if (!isImage) {\n      return streamObject(object, {\n        \"X-Debug-Cdn-Branch\": \"non-image\",\n        \"X-Debug-Cdn-Key\": key,\n      });\n    }\n\n    let outputFormat: \"image/avif\" | \"image/webp\" | null = null;\n    let outputQuality: number | undefined = undefined;\n\n    if (accept.includes(\"image/avif\")) {\n      outputFormat = \"image/avif\";\n      outputQuality = 60;\n    } else if (accept.includes(\"image/webp\")) {\n      outputFormat = \"image/webp\";\n      outputQuality = 75;\n    }\n\n    const isSvg = object.contentType === \"image/svg+xml\";\n    if (!outputFormat || isSvg || !platform.imageTransformer) {\n      return streamObject(object, {\n        \"X-Debug-Cdn-Branch\": isSvg\n          ? \"svg-bypass\"\n          : !platform.imageTransformer\n            ? \"transformer-bypass\"\n            : \"format-bypass\",\n        \"X-Debug-Cdn-Accept\": accept.includes(\"image/avif\")\n          ? \"avif\"\n          : accept.includes(\"image/webp\")\n            ? \"webp\"\n            : \"other\",\n        \"X-Debug-Cdn-Key\": key,\n      });\n    }\n\n    try {\n      const width = clampInt(\n        url.searchParams.get(\"w\"),\n        64,\n        MAX_WIDTH,\n        DEFAULT_WIDTH\n      );\n      const quality = clampInt(\n        url.searchParams.get(\"q\"),\n        MIN_QUALITY,\n        MAX_QUALITY,\n        outputQuality ?? DEFAULT_QUALITY\n      );\n\n      const result = await platform.imageTransformer.transform(object.body, {\n        width,\n        format: outputFormat,\n        quality,\n      });\n\n      return new Response(result.body, {\n        headers: {\n          \"Content-Type\": result.contentType,\n          \"Cache-Control\": \"public, max-age=31536000, immutable\",\n          Vary: \"Accept\",\n          \"X-Debug-Cdn-Branch\": \"transformed\",\n          \"X-Debug-Cdn-Key\": key,\n          \"X-Optimized-Width\": String(width),\n          \"X-Optimized-Quality\": String(quality),\n          \"X-Original-Format\": object.contentType ?? \"unknown\",\n          \"X-Optimized-Format\": outputFormat,\n        },\n      });\n    } catch (e) {\n      return streamObject(object, {\n        \"X-Debug-Cdn-Branch\": \"transform-error-fallback\",\n        \"X-Debug-Cdn-Key\": key,\n        \"X-Debug-Cdn-Error\": e instanceof Error ? e.name : \"unknown\",\n      });\n    }\n  },\n};\n\nfunction buildInternalUrl(request: Request, keyParts: string[]) {\n  const url = new URL(request.url);\n  url.pathname = `/api/cdn/${keyParts.map(encodeURIComponent).join(\"/\")}`;\n  return url.toString();\n}\n\nfunction readKeyFromPathname(pathname: string): string | null {\n  const prefix = \"/api/cdn/\";\n  if (!pathname.startsWith(prefix)) return null;\n  const encoded = pathname.slice(prefix.length);\n  if (!encoded) return null;\n  return decodeURIComponent(encoded);\n}\n\nfunction clampInt(\n  value: string | null,\n  min: number,\n  max: number,\n  fallback: number\n) {\n  const parsed = Number.parseInt(value ?? \"\", 10);\n  if (!Number.isFinite(parsed)) {\n    return fallback;\n  }\n\n  return Math.max(min, Math.min(max, parsed));\n}\n\nfunction streamObject(\n  object: StoredObject,\n  extraHeaders?: Record<string, string>\n): Response {\n  const headers = new Headers();\n  if (object.contentType) {\n    headers.set(\"Content-Type\", object.contentType);\n  }\n  headers.set(\"Cache-Control\", \"public, max-age=31536000, immutable\");\n  headers.set(\"Content-Length\", String(object.size));\n  if (object.etag) headers.set(\"ETag\", object.etag);\n  for (const [key, value] of Object.entries(extraHeaders ?? {})) {\n    headers.set(key, value);\n  }\n  return new Response(object.body, { headers });\n}\n\n// Top-level aliases for callers that prefer a flat signature (e.g. the\n// Next.js `app/api/.../route.ts` delegates).\nexport const GET = cdnRoute.GET;\n\n/**\n * Worker-friendly single-arg handler. Used by the Cloudflare Workers\n * bootstrap in `@notionx/core/worker`. Equivalent to\n * `cdnRoute.handle`.\n */\nexport async function cdnRouteHandle(request: Request): Promise<Response> {\n  return cdnRoute.handle(request);\n}\n"],"mappings":";AAYA,SAAS,oBAAoB;;;ACR7B,SAAS,WAAW;AAuCb,IAAM,YAAY;;;ACsGzB,SAAS,mBAAmB,KAAa;AACvC,SAAO,IAAI,QAAQ,KAAK,EAAE,QAAQ,MAAM,CAAC;AAC3C;AAEO,SAAS,mCACd,OACoB;AACpB,SAAO;AAAA,IACL,MAAM;AAAA,IACN,MAAM,MAAM,KAAK;AACf,aAAQ,MAAM,MAAM,MAAM,mBAAmB,GAAG,CAAC,KAAM;AAAA,IACzD;AAAA,IACA,IAAI,KAAK,UAAU;AACjB,aAAO,MAAM,IAAI,mBAAmB,GAAG,GAAG,QAAQ;AAAA,IACpD;AAAA,IACA,OAAO,KAAK;AACV,aAAO,MAAM,OAAO,mBAAmB,GAAG,CAAC;AAAA,IAC7C;AAAA,EACF;AACF;AAeO,SAAS,qCACd,WACsB;AACtB,SAAO;AAAA,IACL,MAAM;AAAA,IACN,MAAM,IACJ,KACA,SACmB;AACnB,aAAQ,MAAM,UAAU,IAAI,KAAK;AAAA,QAC/B,MAAM;AAAA,QACN,UAAU,SAAS;AAAA,MACrB,CAAC;AAAA,IACH;AAAA,IACA,MAAM,IAAI,KAAK,OAAO,SAAS;AAC7B,YAAM,UAAU,IAAI,KAAK,KAAK,UAAU,KAAK,GAAG;AAAA,QAC9C,eAAe,SAAS;AAAA,QACxB,UAAU,SAAS;AAAA,MACrB,CAAC;AAAA,IACH;AAAA,IACA,OAAO,KAAK;AACV,aAAO,UAAU,OAAO,GAAG;AAAA,IAC7B;AAAA,IACA,MAAM,KAAK,SAAS;AAClB,YAAM,SAAS,MAAM,UAAU,KAAK;AAAA,QAClC,QAAQ,SAAS;AAAA,QACjB,OAAO,SAAS;AAAA,QAChB,QAAQ,SAAS;AAAA,MACnB,CAAC;AACD,aAAO;AAAA,QACL,MAAM,OAAO,KAAK,IAAI,CAAC,SAAS,EAAE,MAAM,IAAI,KAAK,EAAE;AAAA,QACnD,QAAQ,OAAO,gBAAgB,SAAY,OAAO;AAAA,QAClD,cAAc,OAAO;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;AAkBA,SAAS,uBAAuB,QAAoC;AAClE,SAAO;AAAA,IACL,MAAM,OAAO;AAAA,IACb,MAAM,OAAO;AAAA,IACb,MAAM,OAAO;AAAA,IACb,aAAa,OAAO,cAAc;AAAA,EACpC;AACF;AAEO,SAAS,gCACdA,MACA,SACiB;AACjB,QAAM,WAAsCA,KAAI,KAC3C;AAAA,IACC,MAAM;AAAA,IACN,QAAQ,OAAe;AACrB,aAAOA,KAAI,GAAG,QAAQ,KAAK;AAAA,IAC7B;AAAA,IACA,MAAM,MAAM,YAAoC;AAC9C,aAAQ,MAAMA,KAAI,GAAG;AAAA,QACnB;AAAA,MACF;AAAA,IACF;AAAA,EACF,IACA;AAEJ,QAAM,gBAA6CA,KAAI,gBACnD;AAAA,IACE,MAAM;AAAA,IACN,MAAM,IAAI,KAAK;AACb,YAAM,SAAS,MAAMA,KAAI,eAAe,IAAI,GAAG;AAC/C,aAAO,SAAS,uBAAuB,MAAM,IAAI;AAAA,IACnD;AAAA,IACA,MAAM,IAAI,KAAK,OAAOC,UAAS;AAC7B,YAAMD,KAAI,eAAe,IAAI,KAAK,OAAO;AAAA,QACvC,cAAc;AAAA,UACZ,aAAaC,UAAS;AAAA,UACtB,cAAcA,UAAS;AAAA,QACzB;AAAA,QACA,gBAAgBA,UAAS;AAAA,MAC3B,CAAC;AAAA,IACH;AAAA,IACA,MAAM,OAAO,KAAK;AAChB,YAAMD,KAAI,eAAe,OAAO,GAAG;AAAA,IACrC;AAAA,IACA,MAAM,KAAKC,UAAS;AAClB,YAAM,SAAS,MAAMD,KAAI,eAAe,KAAK;AAAA,QAC3C,QAAQC,UAAS;AAAA,QACjB,OAAOA,UAAS;AAAA,MAClB,CAAC;AACD,aACE,QAAQ,QAAQ,IAAI,CAAC,YAAY;AAAA,QAC/B,KAAK,OAAO;AAAA,QACZ,MAAM,OAAO;AAAA,QACb,UAAU,OAAO;AAAA,MACnB,EAAE,KAAK,CAAC;AAAA,IAEZ;AAAA,EACF,IACA;AAEJ,QAAM,mBAAmDD,KAAI,SACzD;AAAA,IACE,MAAM;AAAA,IACN,MAAM,UAAU,MAAMC,UAAS;AAC7B,YAAM,SAAS,MAAMD,KAAI,OAAO,MAAM,IAAI,EACvC,UAAUC,SAAQ,QAAQ,EAAE,OAAOA,SAAQ,MAAM,IAAI,CAAC,CAAC,EACvD,OAAO;AAAA,QACN,QAAQA,SAAQ;AAAA,QAChB,SAASA,SAAQ;AAAA,MACnB,CAAC;AACH,aAAO;AAAA,QACL,MAAM,OAAO,MAAM;AAAA,QACnB,aAAa,OAAO,YAAY;AAAA,QAChC,UAAU,MAAM,OAAO,SAAS;AAAA,MAClC;AAAA,IACF;AAAA,EACF,IACA;AAEJ,QAAM,gBAA6CD,KAAI,gBACnD,qCAAqCA,KAAI,aAAa,IACtD;AAEJ,SAAO;AAAA,IACL,IAAI;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,aAAa,SAAS,cAClB,mCAAmC,QAAQ,WAAW,IACtD;AAAA,EACN;AACF;;;AClUA,SAAS,4BAA4B;AACnC,QAAM,mBAAmB;AAGzB,SAAO,iBAAiB,QAAQ,WAAW;AAC7C;AAEO,SAAS,qBAAqB;AACnC,SAAO,gCAAgC,WAAW;AAAA,IAChD,aAAa,0BAA0B;AAAA,EACzC,CAAC;AACH;;;ACXO,SAASE,sBAAqB;AACnC,SAAO,mBAA6B;AACtC;;;AJaO,IAAM,aAAa;AAAA;AAAA;AAAA;AAAA;AAAA,EAKxB,MAAM,IAAI,UAAmB,OAAc;AACzC,UAAM,EAAE,IAAI,IAAI,MAAM,MAAM;AAC5B,WAAO,WAAW,OAAO,IAAI,QAAQ,iBAAiB,UAAU,GAAG,CAAC,CAAC;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAO,SAAqC;AAChD,UAAM,MAAM,eAAe,QAAQ,GAAG;AACtC,QAAI,CAAC,KAAK;AACR,aAAO,aAAa,KAAK,EAAE,OAAO,cAAc,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACpE;AAEA,QAAI,IAAI,SAAS,IAAI,KAAK,IAAI,WAAW,GAAG,GAAG;AAC7C,aAAO,aAAa,KAAK,EAAE,OAAO,cAAc,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACpE;AAEA,UAAM,UAAUC,oBAAmB,EAAE;AACrC,QAAI,CAAC,SAAS;AACZ,aAAO,aAAa;AAAA,QAClB,EAAE,OAAO,gCAAgC;AAAA,QACzC,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAEA,UAAM,SAAS,MAAM,QAAQ,IAAI,GAAG;AACpC,QAAI,CAAC,QAAQ;AACX,aAAO,aAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAClE;AAEA,UAAM,UAAU,IAAI,QAAQ;AAC5B,QAAI,OAAO,aAAa;AACtB,cAAQ,IAAI,gBAAgB,OAAO,WAAW;AAAA,IAChD;AACA,YAAQ,IAAI,iBAAiB,qCAAqC;AAClE,QAAI,OAAO,KAAM,SAAQ,IAAI,QAAQ,OAAO,IAAI;AAChD,YAAQ,IAAI,kBAAkB,OAAO,OAAO,IAAI,CAAC;AAEjD,WAAO,IAAI,SAAS,OAAO,MAAM,EAAE,QAAQ,CAAC;AAAA,EAC9C;AACF;AAOA,eAAsB,iBAAiB,SAAqC;AAC1E,SAAO,WAAW,OAAO,OAAO;AAClC;AAEA,SAAS,iBAAiB,SAAkB,UAAoB;AAC9D,QAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,MAAI,WAAW,cAAc,SAAS,IAAI,kBAAkB,EAAE,KAAK,GAAG,CAAC;AACvE,SAAO,IAAI,SAAS;AACtB;AAEA,SAAS,eAAe,QAA+B;AACrD,QAAM,MAAM,IAAI,IAAI,MAAM;AAC1B,QAAM,SAAS;AACf,MAAI,CAAC,IAAI,SAAS,WAAW,MAAM,EAAG,QAAO;AAC7C,QAAM,UAAU,IAAI,SAAS,MAAM,OAAO,MAAM;AAChD,MAAI,CAAC,QAAS,QAAO;AACrB,SAAO,mBAAmB,OAAO;AACnC;AAIO,IAAM,MAAM,WAAW;;;AKlF9B,SAAS,gBAAAC,qBAAoB;AAQ7B,IAAM,gBAAgB;AACtB,IAAM,YAAY;AAClB,IAAM,kBAAkB;AACxB,IAAM,cAAc;AACpB,IAAM,cAAc;AAMb,IAAM,WAAW;AAAA,EACtB,MAAM,IAAI,SAAkB,OAAc;AACxC,UAAM,EAAE,IAAI,IAAI,MAAM,MAAM;AAC5B,WAAO,SAAS,OAAO,IAAI,QAAQC,kBAAiB,SAAS,GAAG,CAAC,CAAC;AAAA,EACpE;AAAA,EACA,MAAM,OAAO,SAAqC;AAChD,UAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,UAAM,MAAM,oBAAoB,IAAI,QAAQ;AAC5C,QAAI,CAAC,KAAK;AACR,aAAOC,cAAa,KAAK,EAAE,OAAO,cAAc,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACpE;AAEA,QAAI,IAAI,SAAS,IAAI,KAAK,IAAI,WAAW,GAAG,GAAG;AAC7C,aAAOA,cAAa,KAAK,EAAE,OAAO,cAAc,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACpE;AAEA,UAAM,WAAWC,oBAAmB;AACpC,UAAM,UAAU,SAAS;AACzB,QAAI,CAAC,SAAS;AACZ,aAAOD,cAAa;AAAA,QAClB,EAAE,OAAO,gCAAgC;AAAA,QACzC,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAEA,UAAM,SAAS,MAAM,QAAQ,IAAI,GAAG;AACpC,QAAI,CAAC,QAAQ;AACX,aAAOA,cAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAClE;AAEA,UAAM,SAAS,QAAQ,QAAQ,IAAI,QAAQ,KAAK;AAChD,UAAM,UAAU,OAAO,aAAa,WAAW,QAAQ,KAAK;AAE5D,QAAI,CAAC,SAAS;AACZ,aAAO,aAAa,QAAQ;AAAA,QAC1B,sBAAsB;AAAA,QACtB,mBAAmB;AAAA,MACrB,CAAC;AAAA,IACH;AAEA,QAAI,eAAmD;AACvD,QAAI,gBAAoC;AAExC,QAAI,OAAO,SAAS,YAAY,GAAG;AACjC,qBAAe;AACf,sBAAgB;AAAA,IAClB,WAAW,OAAO,SAAS,YAAY,GAAG;AACxC,qBAAe;AACf,sBAAgB;AAAA,IAClB;AAEA,UAAM,QAAQ,OAAO,gBAAgB;AACrC,QAAI,CAAC,gBAAgB,SAAS,CAAC,SAAS,kBAAkB;AACxD,aAAO,aAAa,QAAQ;AAAA,QAC1B,sBAAsB,QAClB,eACA,CAAC,SAAS,mBACR,uBACA;AAAA,QACN,sBAAsB,OAAO,SAAS,YAAY,IAC9C,SACA,OAAO,SAAS,YAAY,IAC1B,SACA;AAAA,QACN,mBAAmB;AAAA,MACrB,CAAC;AAAA,IACH;AAEA,QAAI;AACF,YAAM,QAAQ;AAAA,QACZ,IAAI,aAAa,IAAI,GAAG;AAAA,QACxB;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,YAAM,UAAU;AAAA,QACd,IAAI,aAAa,IAAI,GAAG;AAAA,QACxB;AAAA,QACA;AAAA,QACA,iBAAiB;AAAA,MACnB;AAEA,YAAM,SAAS,MAAM,SAAS,iBAAiB,UAAU,OAAO,MAAM;AAAA,QACpE;AAAA,QACA,QAAQ;AAAA,QACR;AAAA,MACF,CAAC;AAED,aAAO,IAAI,SAAS,OAAO,MAAM;AAAA,QAC/B,SAAS;AAAA,UACP,gBAAgB,OAAO;AAAA,UACvB,iBAAiB;AAAA,UACjB,MAAM;AAAA,UACN,sBAAsB;AAAA,UACtB,mBAAmB;AAAA,UACnB,qBAAqB,OAAO,KAAK;AAAA,UACjC,uBAAuB,OAAO,OAAO;AAAA,UACrC,qBAAqB,OAAO,eAAe;AAAA,UAC3C,sBAAsB;AAAA,QACxB;AAAA,MACF,CAAC;AAAA,IACH,SAAS,GAAG;AACV,aAAO,aAAa,QAAQ;AAAA,QAC1B,sBAAsB;AAAA,QACtB,mBAAmB;AAAA,QACnB,qBAAqB,aAAa,QAAQ,EAAE,OAAO;AAAA,MACrD,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAEA,SAASD,kBAAiB,SAAkB,UAAoB;AAC9D,QAAM,MAAM,IAAI,IAAI,QAAQ,GAAG;AAC/B,MAAI,WAAW,YAAY,SAAS,IAAI,kBAAkB,EAAE,KAAK,GAAG,CAAC;AACrE,SAAO,IAAI,SAAS;AACtB;AAEA,SAAS,oBAAoB,UAAiC;AAC5D,QAAM,SAAS;AACf,MAAI,CAAC,SAAS,WAAW,MAAM,EAAG,QAAO;AACzC,QAAM,UAAU,SAAS,MAAM,OAAO,MAAM;AAC5C,MAAI,CAAC,QAAS,QAAO;AACrB,SAAO,mBAAmB,OAAO;AACnC;AAEA,SAAS,SACP,OACA,KACA,KACA,UACA;AACA,QAAM,SAAS,OAAO,SAAS,SAAS,IAAI,EAAE;AAC9C,MAAI,CAAC,OAAO,SAAS,MAAM,GAAG;AAC5B,WAAO;AAAA,EACT;AAEA,SAAO,KAAK,IAAI,KAAK,KAAK,IAAI,KAAK,MAAM,CAAC;AAC5C;AAEA,SAAS,aACP,QACA,cACU;AACV,QAAM,UAAU,IAAI,QAAQ;AAC5B,MAAI,OAAO,aAAa;AACtB,YAAQ,IAAI,gBAAgB,OAAO,WAAW;AAAA,EAChD;AACA,UAAQ,IAAI,iBAAiB,qCAAqC;AAClE,UAAQ,IAAI,kBAAkB,OAAO,OAAO,IAAI,CAAC;AACjD,MAAI,OAAO,KAAM,SAAQ,IAAI,QAAQ,OAAO,IAAI;AAChD,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,gBAAgB,CAAC,CAAC,GAAG;AAC7D,YAAQ,IAAI,KAAK,KAAK;AAAA,EACxB;AACA,SAAO,IAAI,SAAS,OAAO,MAAM,EAAE,QAAQ,CAAC;AAC9C;AAIO,IAAMG,OAAM,SAAS;AAO5B,eAAsB,eAAe,SAAqC;AACxE,SAAO,SAAS,OAAO,OAAO;AAChC;","names":["env","options","getRuntimePlatform","getRuntimePlatform","NextResponse","buildInternalUrl","NextResponse","getRuntimePlatform","GET"]}

package/dist/types-BsAcZSNX.d.ts

@@ -0,0 +1,94 @@
+import { ReactNode } from 'react';
+
+/** A render-prop that draws a Turnstile widget for the given action. */
+type TurnstileSlot = (props: {
+    action: string;
+}) => ReactNode;
+/** A server action that the page form submits to. */
+type FormAction = (formData: FormData) => Promise<void> | void;
+/** Bundle of UI primitives used by every auth page. */
+interface AuthPageUI {
+    Button: (props: {
+        type?: "button" | "submit" | "reset";
+        asChild?: boolean;
+        variant?: "default" | "outline" | "secondary" | "ghost" | "destructive";
+        size?: "default" | "sm" | "lg" | "icon";
+        className?: string;
+        children?: ReactNode;
+    }) => ReactNode;
+    Input: (props: {
+        id?: string;
+        name: string;
+        type?: string;
+        placeholder?: string;
+        defaultValue?: string;
+        required?: boolean;
+        autoFocus?: boolean;
+        className?: string;
+    }) => ReactNode;
+    Label: (props: {
+        htmlFor: string;
+        children: ReactNode;
+        className?: string;
+    }) => ReactNode;
+    Card: (props: {
+        className?: string;
+        children: ReactNode;
+    }) => ReactNode;
+    CardHeader: (props: {
+        className?: string;
+        children: ReactNode;
+    }) => ReactNode;
+    CardTitle: (props: {
+        className?: string;
+        children: ReactNode;
+    }) => ReactNode;
+    CardDescription: (props: {
+        className?: string;
+        children: ReactNode;
+    }) => ReactNode;
+    CardContent: (props: {
+        className?: string;
+        children: ReactNode;
+    }) => ReactNode;
+    Separator: (props: {
+        className?: string;
+    }) => ReactNode;
+    Turnstile?: TurnstileSlot;
+}
+/** Common props every auth page receives. */
+interface AuthPageContext {
+    ui: AuthPageUI;
+    /**
+     * Optional mapping from action name to server action. Pages fall back
+     * to a no-op form handler when the action is missing so dev environments
+     * without configured actions still render.
+     */
+    actions?: {
+        emailLogin?: FormAction;
+        register?: FormAction;
+        forgotPassword?: FormAction;
+        resetPassword?: FormAction;
+        resendVerification?: FormAction;
+    };
+    /**
+     * Optional helper that checks whether the user is already
+     * authenticated. When provided, the page redirects to
+     * `redirectWhenAuthenticated` (default `/admin`) on truthy return.
+     */
+    isAuthenticated?: () => Promise<boolean>;
+    redirectWhenAuthenticated?: string;
+    /** Get the current OAuth user, used to show "current session" hints. */
+    getCurrentUser?: () => Promise<{
+        email: string;
+    } | null>;
+    /** Get the Google OAuth config so the "Sign in with Google" button
+     *  can be hidden when not configured. */
+    getGoogleOAuthConfig?: () => Promise<{
+        enabled: boolean;
+        clientId: string;
+        clientSecret: string;
+    } | null>;
+}
+
+export type { AuthPageContext as A, FormAction as F, TurnstileSlot as T, AuthPageUI as a };

package/dist/types.d.ts

@@ -0,0 +1,78 @@
+export { ContentModelDefinition, ContentSource } from './content/models.js';
+import './notion/types.js';
+
+/**
+ * Names of the D1 tables that back the auth feature. Snake_case keys here
+ * mirror the migration SQL; consumers do not need to redefine them.
+ */
+interface AuthTables {
+    users: string;
+    sessions: string;
+    passwordResets: string;
+    emailVerifications: string;
+    authRateLimits: string;
+}
+interface AuthSessionCookieConfig {
+    name: string;
+    maxAge: number;
+    secure: boolean;
+}
+interface AuthRolesConfig {
+    default: string;
+    vip: string;
+    admin: string;
+}
+interface AuthTurnstileConfig {
+    siteKeyEnv: string;
+    secretKeyEnv: string;
+}
+interface AuthEmailConfig {
+    provider: "resend" | "smtp" | "none";
+    fromEnv: string;
+    apiKeyEnv: string;
+}
+interface AuthOAuthGoogleConfig {
+    clientIdEnv: string;
+    clientSecretEnv: string;
+}
+interface AuthOAuthConfig {
+    google: AuthOAuthGoogleConfig;
+}
+interface AuthPasswordConfig {
+    minLength: number;
+}
+/**
+ * Configuration object passed to `createAuth`. Decouples the auth helpers
+ * from module-level state — the runtime resolves the database binding and
+ * environment variables through this object.
+ */
+interface AuthConfig {
+    databaseBinding: string;
+    tables: AuthTables;
+    sessionCookie: AuthSessionCookieConfig;
+    roles: AuthRolesConfig;
+    turnstile?: AuthTurnstileConfig;
+    email?: AuthEmailConfig;
+    oauth?: AuthOAuthConfig;
+    password?: AuthPasswordConfig;
+}
+
+type AdminExtension = unknown;
+/**
+ * A single entry in the admin sidebar nav. `labelKey` is resolved at
+ * render time against the i18n message catalog; `icon` is the lucide
+ * icon name; `requireRole` is an optional guard so an item disappears
+ * for viewers who do not have the named role.
+ */
+interface AdminNavItem {
+    href: string;
+    labelKey: string;
+    icon?: string;
+    order?: number;
+    requireRole?: string;
+    external?: boolean;
+}
+type WorkerOptions = unknown;
+type FoundationConfig = unknown;
+
+export type { AdminExtension, AdminNavItem, AuthConfig, AuthEmailConfig, AuthOAuthConfig, AuthOAuthGoogleConfig, AuthPasswordConfig, AuthRolesConfig, AuthSessionCookieConfig, AuthTables, AuthTurnstileConfig, FoundationConfig, WorkerOptions };

package/dist/types.js

@@ -0,0 +1 @@
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/util/index.d.ts

@@ -0,0 +1,18 @@
+export { A as AppEnv, w as workerEnv } from '../env-C5qu-0R-.js';
+import { ClassValue } from 'clsx';
+
+declare function getEnv(primary: string, ...fallbacks: string[]): string | undefined;
+
+/** 站点公网 URL，用于邮件验证/重置密码链接。 */
+declare function getSiteUrl(): string;
+
+/** 从 Cloudflare / 反向代理请求头解析客户端 IP。 */
+declare function getClientIp(): Promise<string | null>;
+
+/**
+ * shadcn/ui 标准 cn() helper：合并 className 并解决 Tailwind 冲突
+ * 例子：cn("px-2 py-1", condition && "bg-red-500", "px-4") → "py-1 bg-red-500 px-4"
+ */
+declare function cn(...inputs: ClassValue[]): string;
+
+export { cn, getClientIp, getEnv, getSiteUrl };

package/dist/util/index.js

@@ -0,0 +1,48 @@
+// src/util/get-env.ts
+function getEnv(primary, ...fallbacks) {
+  if (process.env[primary]) return process.env[primary];
+  for (const name of fallbacks) {
+    if (process.env[name]) return process.env[name];
+  }
+  return void 0;
+}
+
+// src/util/env.ts
+import { env } from "cloudflare:workers";
+var workerEnv = env;
+
+// src/util/site-url.ts
+var DEFAULT_SITE_URL = "https://moviebluebook.uk";
+function getSiteUrl() {
+  return workerEnv.SITE_URL || DEFAULT_SITE_URL;
+}
+
+// src/util/request-ip.ts
+import { headers } from "next/headers";
+async function getClientIp() {
+  const h = await headers();
+  const cf = h.get("cf-connecting-ip")?.trim();
+  if (cf) return cf;
+  const forwarded = h.get("x-forwarded-for")?.trim();
+  if (forwarded) {
+    const first = forwarded.split(",")[0]?.trim();
+    if (first) return first;
+  }
+  const realIp = h.get("x-real-ip")?.trim();
+  return realIp || null;
+}
+
+// src/util/utils.ts
+import { clsx } from "clsx";
+import { twMerge } from "tailwind-merge";
+function cn(...inputs) {
+  return twMerge(clsx(inputs));
+}
+export {
+  cn,
+  getClientIp,
+  getEnv,
+  getSiteUrl,
+  workerEnv
+};
+//# sourceMappingURL=index.js.map

package/dist/util/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/util/get-env.ts","../../src/util/env.ts","../../src/util/site-url.ts","../../src/util/request-ip.ts","../../src/util/utils.ts"],"sourcesContent":["export function getEnv(primary: string, ...fallbacks: string[]): string | undefined {\n  if (process.env[primary]) return process.env[primary];\n  for (const name of fallbacks) {\n    if (process.env[name]) return process.env[name];\n  }\n  return undefined;\n}\n","// lib/env.ts - 集中获取 Cloudflare bindings\n// 用 cloudflare:workers 模块（workerd 内置），作为平台 adapter 的绑定入口\n\n/// <reference types=\"@cloudflare/workers-types\" />\nimport { env } from \"cloudflare:workers\";\n\nexport type AppEnv = {\n  DB: D1Database;\n  ASSETS: Fetcher;\n  IMAGES: ImagesBinding;\n  ASSETS_BUCKET?: R2Bucket;\n  CONTENT_CACHE?: KVNamespace;\n  ADMIN_PASSWORD: string;\n  ADMIN_EMAIL?: string;\n  SITE_URL?: string;\n  RESEND_API_KEY?: string;\n  RESEND_FROM?: string;\n  // Google OAuth 仍然兼容 Cloudflare Secret 作为兜底。\n  // 实际生效值以 app_settings.google_client_id / google_client_secret 为准。\n  GOOGLE_CLIENT_ID?: string;\n  GOOGLE_CLIENT_SECRET?: string;\n  /** Turnstile site key fallback when not stored in app_settings */\n  TURNSTILE_SITE_KEY?: string;\n  /** Turnstile secret — set via `wrangler secret put TURNSTILE_SECRET_KEY` */\n  TURNSTILE_SECRET_KEY?: string;\n  /** Notion integration token for the blog data source */\n  NOTION_TOKEN?: string;\n  /** Notion data source ID used by dataSources.query */\n  NOTION_DATA_SOURCE_ID?: string;\n  /** Notion data source ID for the public movie catalog */\n  NOTION_MOVIES_DATA_SOURCE_ID?: string;\n  /** Notion data source ID for localized movie copy */\n  NOTION_MOVIE_TRANSLATIONS_DATA_SOURCE_ID?: string;\n  /** Optional Notion API base URL for tests or proxies */\n  NOTION_API_BASE_URL?: string;\n  /** Optional Notion edit URL for admin handoff screens */\n  NOTION_EDIT_BASE_URL?: string;\n  /** Optional webhook verification token for Notion invalidation */\n  NOTION_WEBHOOK_VERIFICATION_TOKEN?: string;\n};\n\n// 强制类型：vinext 把 env 类型放在 env.d.ts（interface VinextEnv extends Env），\n// 但 TS server 经常解析不到。运行时一定有 DB，类型断言保证编译通过。\nexport const workerEnv = env as unknown as AppEnv;\n","import { workerEnv } from \"./env\";\n\nconst DEFAULT_SITE_URL = \"https://moviebluebook.uk\";\n\n/** 站点公网 URL，用于邮件验证/重置密码链接。 */\nexport function getSiteUrl(): string {\n  return workerEnv.SITE_URL || DEFAULT_SITE_URL;\n}\n","import { headers } from \"next/headers\";\n\n/** 从 Cloudflare / 反向代理请求头解析客户端 IP。 */\nexport async function getClientIp(): Promise<string | null> {\n  const h = await headers();\n  const cf = h.get(\"cf-connecting-ip\")?.trim();\n  if (cf) return cf;\n\n  const forwarded = h.get(\"x-forwarded-for\")?.trim();\n  if (forwarded) {\n    const first = forwarded.split(\",\")[0]?.trim();\n    if (first) return first;\n  }\n\n  const realIp = h.get(\"x-real-ip\")?.trim();\n  return realIp || null;\n}\n","import { clsx, type ClassValue } from \"clsx\";\nimport { twMerge } from \"tailwind-merge\";\n\n/**\n * shadcn/ui 标准 cn() helper：合并 className 并解决 Tailwind 冲突\n * 例子：cn(\"px-2 py-1\", condition && \"bg-red-500\", \"px-4\") → \"py-1 bg-red-500 px-4\"\n */\nexport function cn(...inputs: ClassValue[]) {\n  return twMerge(clsx(inputs));\n}\n"],"mappings":";AAAO,SAAS,OAAO,YAAoB,WAAyC;AAClF,MAAI,QAAQ,IAAI,OAAO,EAAG,QAAO,QAAQ,IAAI,OAAO;AACpD,aAAW,QAAQ,WAAW;AAC5B,QAAI,QAAQ,IAAI,IAAI,EAAG,QAAO,QAAQ,IAAI,IAAI;AAAA,EAChD;AACA,SAAO;AACT;;;ACFA,SAAS,WAAW;AAuCb,IAAM,YAAY;;;ACzCzB,IAAM,mBAAmB;AAGlB,SAAS,aAAqB;AACnC,SAAO,UAAU,YAAY;AAC/B;;;ACPA,SAAS,eAAe;AAGxB,eAAsB,cAAsC;AAC1D,QAAM,IAAI,MAAM,QAAQ;AACxB,QAAM,KAAK,EAAE,IAAI,kBAAkB,GAAG,KAAK;AAC3C,MAAI,GAAI,QAAO;AAEf,QAAM,YAAY,EAAE,IAAI,iBAAiB,GAAG,KAAK;AACjD,MAAI,WAAW;AACb,UAAM,QAAQ,UAAU,MAAM,GAAG,EAAE,CAAC,GAAG,KAAK;AAC5C,QAAI,MAAO,QAAO;AAAA,EACpB;AAEA,QAAM,SAAS,EAAE,IAAI,WAAW,GAAG,KAAK;AACxC,SAAO,UAAU;AACnB;;;AChBA,SAAS,YAA6B;AACtC,SAAS,eAAe;AAMjB,SAAS,MAAM,QAAsB;AAC1C,SAAO,QAAQ,KAAK,MAAM,CAAC;AAC7B;","names":[]}