npm - @raystack/chronicle - Versions diffs - 0.11.0 → 0.11.2 - Mend

@raystack/chronicle 0.11.0 → 0.11.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/cli/index.js +14 -12
package/package.json +1 -1
package/src/lib/image-utils.test.ts +8 -0
package/src/lib/remark-resolve-images.ts +7 -6
package/src/server/api/image.ts +4 -2
package/src/server/entry-server.tsx +17 -14
package/src/server/utils/safe-path.test.ts +34 -0
package/src/server/utils/safe-path.ts +6 -1
package/src/server/vite-config.ts +1 -0
package/src/themes/default/Page.tsx +1 -1
package/src/themes/paper/Page.module.css +2 -2

package/dist/cli/index.js CHANGED Viewed

@@ -72,17 +72,18 @@ var init_image_utils = () => {};
 import path4 from "node:path";
 import { visit } from "unist-util-visit";
 function resolveUrl(src, dir) {
-  if (/^[a-z][a-z0-9+\-.]*:/i.test(src))
-    return src;
-  if (src.startsWith("//"))
-    return src;
-  if (src.startsWith("#"))
-    return src;
-  if (src.startsWith("/_content/"))
-    return src;
-  if (src.startsWith("/"))
-    return `/_content${src}`;
-  return `/_content/${path4.posix.normalize(path4.posix.join(dir, src))}`;
+  const normalized = src.replace(/\\/g, "/");
+  if (/^[a-z][a-z0-9+\-.]*:/i.test(normalized))
+    return normalized;
+  if (normalized.startsWith("//"))
+    return normalized;
+  if (normalized.startsWith("#"))
+    return normalized;
+  if (normalized.startsWith("/_content/"))
+    return normalized;
+  if (normalized.startsWith("/"))
+    return `/_content${normalized}`;
+  return `/_content/${path4.posix.normalize(path4.posix.join(dir, normalized))}`;
 }
 function optimizeUrl(url, optimize) {
   if (optimize && isLocalImage(url) && !isSvg(url))
@@ -406,7 +407,8 @@ async function createViteConfig(options) {
     plugins: [
       nitro({
         serverDir: path6.resolve(packageRoot, "src/server"),
-        ...preset && { preset }
+        ...preset && { preset },
+        ignore: ["**/*.test.ts", "**/*.test.tsx", "**/*.spec.ts", "**/*.spec.tsx"]
       }),
       mdx({
         default: defineFumadocsConfig({

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@raystack/chronicle",
-  "version": "0.11.0",
+  "version": "0.11.2",
   "description": "Config-driven documentation framework",
   "license": "Apache-2.0",
   "type": "module",

package/src/lib/image-utils.test.ts CHANGED Viewed

@@ -53,6 +53,14 @@ describe('buildOptimizedUrl', () => {
   });
 });
+describe('buildOptimizedUrl with backslashes', () => {
+  test('backslashes in input are not double-encoded', () => {
+    const url = buildOptimizedUrl('/_content/docs/imgs\\screenshot.png', 640);
+    expect(url).toContain('imgs%5Cscreenshot.png');
+    expect(url).not.toContain('%255C');
+  });
+});
 describe('constants', () => {
   test('ALLOWED_WIDTHS is sorted ascending', () => {
     for (let i = 1; i < ALLOWED_WIDTHS.length; i++) {

package/src/lib/remark-resolve-images.ts CHANGED Viewed

@@ -8,13 +8,14 @@ import { MdxNodeType } from './mdx-utils'
 import { isLocalImage, isSvg, buildOptimizedUrl, DEFAULT_WIDTH } from './image-utils'
 function resolveUrl(src: string, dir: string): string {
-  if (/^[a-z][a-z0-9+\-.]*:/i.test(src)) return src
-  if (src.startsWith('//')) return src
-  if (src.startsWith('#')) return src
-  if (src.startsWith('/_content/')) return src
+  const normalized = src.replace(/\\/g, '/')
+  if (/^[a-z][a-z0-9+\-.]*:/i.test(normalized)) return normalized
+  if (normalized.startsWith('//')) return normalized
+  if (normalized.startsWith('#')) return normalized
+  if (normalized.startsWith('/_content/')) return normalized
-  if (src.startsWith('/')) return `/_content${src}`
-  return `/_content/${path.posix.normalize(path.posix.join(dir, src))}`
+  if (normalized.startsWith('/')) return `/_content${normalized}`
+  return `/_content/${path.posix.normalize(path.posix.join(dir, normalized))}`
 }
 interface RemarkResolveImagesOptions {

package/src/server/api/image.ts CHANGED Viewed

@@ -52,14 +52,16 @@ async function evictIfNeeded(storage: ReturnType<typeof useStorage>) {
 export default defineHandler(async event => {
   const storage = useStorage(STORAGE_KEY)
-  const url = event.url.searchParams.get('url')
+  const rawUrl = event.url.searchParams.get('url')
   const wParam = event.url.searchParams.get('w')
   const qParam = event.url.searchParams.get('q')
-  if (!url || !wParam) {
+  if (!rawUrl || !wParam) {
     throw new HTTPError({ status: StatusCodes.BAD_REQUEST, message: 'Missing url or w parameter' })
   }
+  const url = rawUrl.replace(/\\/g, '/')
   if (!url.startsWith('/_content/')) {
     throw new HTTPError({ status: StatusCodes.BAD_REQUEST, message: 'Only local content images allowed' })
   }

package/src/server/entry-server.tsx CHANGED Viewed

@@ -14,6 +14,7 @@ import { getFirstApiUrl } from '@/lib/api-routes';
 import { StatusCodes } from 'http-status-codes';
 import { resolveDocsRedirect } from '@/lib/tree-utils';
 import { isLocalImage, isSvg, buildOptimizedUrl, DEFAULT_WIDTH } from '@/lib/image-utils';
+import { QueryClientProvider, QueryClient } from '@tanstack/react-query';
 import { useNitroApp } from 'nitro/app';
 import { App } from './App';
@@ -136,20 +137,22 @@ export default {
         </head>
         <body>
           <div id="root">
-            <StaticRouter location={pathname}>
-              <ReactRouterProvider>
-                <PageProvider
-                  initialConfig={config}
-                  initialTree={tree}
-                  initialPage={pageData}
-                  initialApiSpecs={apiSpecs}
-                  initialVersion={route.version}
-                  loadMdx={async () => ({ content: null, toc: [] })}
-                >
-                  <App />
-                </PageProvider>
-              </ReactRouterProvider>
-            </StaticRouter>
+            <QueryClientProvider client={new QueryClient()}>
+              <StaticRouter location={pathname}>
+                <ReactRouterProvider>
+                  <PageProvider
+                    initialConfig={config}
+                    initialTree={tree}
+                    initialPage={pageData}
+                    initialApiSpecs={apiSpecs}
+                    initialVersion={route.version}
+                    loadMdx={async () => ({ content: null, toc: [] })}
+                  >
+                    <App />
+                  </PageProvider>
+                </ReactRouterProvider>
+              </StaticRouter>
+            </QueryClientProvider>
           </div>
         </body>
       </html>,

package/src/server/utils/safe-path.test.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import { describe, expect, test } from 'bun:test';
+import path from 'node:path';
+import { safePath } from '@/server/utils/safe-path';
+describe('safePath', () => {
+  const base = '/app/content';
+  test('resolves valid path within base', () => {
+    expect(safePath(base, '/docs/intro.mdx')).toBe(path.resolve(base, 'docs/intro.mdx'));
+  });
+  test('returns null for path traversal', () => {
+    expect(safePath(base, '/../etc/passwd')).toBeNull();
+  });
+  test('normalizes backslashes to forward slashes', () => {
+    const result = safePath(base, '/docs\\imgs\\screenshot.png');
+    expect(result).toBe(path.resolve(base, 'docs/imgs/screenshot.png'));
+  });
+  test('decodes URI-encoded characters', () => {
+    const result = safePath(base, '/docs/my%20image.png');
+    expect(result).toBe(path.resolve(base, 'docs/my image.png'));
+  });
+  test('strips query string before resolving', () => {
+    const result = safePath(base, '/docs/img.png?v=1');
+    expect(result).toBe(path.resolve(base, 'docs/img.png'));
+  });
+  test('returns null for malformed percent-encoding', () => {
+    expect(safePath(base, '/docs/%E0%A4%')).toBeNull();
+  });
+});

package/src/server/utils/safe-path.ts CHANGED Viewed

@@ -5,7 +5,12 @@ import path from 'node:path';
  * Returns null if the resolved path escapes the base directory.
  */
 export function safePath(baseDir: string, urlPath: string): string | null {
-  const decoded = decodeURIComponent(urlPath.split('?')[0]);
+  let decoded: string;
+  try {
+    decoded = decodeURIComponent(urlPath.split('?')[0]).replace(/\\/g, '/');
+  } catch {
+    return null;
+  }
   const resolved = path.resolve(baseDir, '.' + decoded);
   if (
     !resolved.startsWith(path.resolve(baseDir) + path.sep) &&

package/src/server/vite-config.ts CHANGED Viewed

@@ -73,6 +73,7 @@ export async function createViteConfig(
       nitro({
         serverDir: path.resolve(packageRoot, 'src/server'),
         ...(preset && { preset }),
+        ignore: ['**/*.test.ts', '**/*.test.tsx', '**/*.spec.ts', '**/*.spec.tsx'],
       }),
       mdx({
         default: defineFumadocsConfig({

package/src/themes/default/Page.tsx CHANGED Viewed

@@ -12,7 +12,7 @@ export function Page({ page }: ThemePageProps) {
     <Flex className={styles.page}>
       <article className={styles.article} data-article-content>
         {page.frontmatter.title && (
-          <Headline size="t2" render={<h1 />} className={styles.title}>
+          <Headline size="t4" render={<h1 />} className={styles.title}>
             {page.frontmatter.title}
           </Headline>
         )}

package/src/themes/paper/Page.module.css CHANGED Viewed

@@ -94,9 +94,9 @@
 .articleTitle {
   font-family: var(--paper-font-body);
-  font-size: var(--rs-space-8);
+  font-size: var(--rs-font-size-t4);
   font-weight: var(--rs-font-weight-medium);
-  line-height: var(--rs-space-10);
+  line-height: var(--rs-line-height-t4);
   letter-spacing: var(--rs-letter-spacing-t1);
   text-align: center;
   color: var(--rs-color-foreground-base-primary);