blodemd 0.0.11 → 0.0.13

package/docs/lib/api-client.ts

@@ -0,0 +1,72 @@
+import { docsApiBase } from "./env";
+
+interface ApiRequestOptions extends Omit<RequestInit, "body" | "headers"> {
+  accessToken?: string | null;
+  body?: unknown;
+  headers?: Record<string, string>;
+}
+
+export class ApiError extends Error {
+  status: number;
+  details?: unknown;
+
+  constructor(message: string, status: number, details?: unknown) {
+    super(message);
+    this.name = "ApiError";
+    this.status = status;
+    this.details = details;
+  }
+}
+
+const buildUrl = (path: string): string => {
+  if (path.startsWith("http://") || path.startsWith("https://")) {
+    return path;
+  }
+  const url = new URL(path.startsWith("/") ? path : `/${path}`, docsApiBase);
+  return url.toString();
+};
+
+export const apiFetch = async <T = unknown>(
+  path: string,
+  options: ApiRequestOptions = {}
+): Promise<T> => {
+  const { accessToken, body, headers, ...rest } = options;
+  const finalHeaders: Record<string, string> = {
+    Accept: "application/json",
+    ...headers,
+  };
+  if (accessToken) {
+    finalHeaders.Authorization = `Bearer ${accessToken}`;
+  }
+  let serializedBody: string | undefined;
+  if (body !== undefined) {
+    finalHeaders["Content-Type"] ??= "application/json";
+    serializedBody = JSON.stringify(body);
+  }
+
+  const response = await fetch(buildUrl(path), {
+    ...rest,
+    body: serializedBody,
+    headers: finalHeaders,
+  });
+
+  const text = await response.text();
+  let json: unknown;
+  if (text) {
+    try {
+      json = JSON.parse(text);
+    } catch {
+      json = text;
+    }
+  }
+
+  if (!response.ok) {
+    const message =
+      typeof json === "object" && json && "error" in json
+        ? String((json as { error: unknown }).error)
+        : `Request failed: ${response.status}`;
+    throw new ApiError(message, response.status, json);
+  }
+
+  return json as T;
+};

package/docs/lib/contextual-options.ts

@@ -69,6 +69,12 @@ export const builtinOptions: Record<
     title: "Connect to Devin",
     type: "link",
   },
+  gemini: {
+    description: "Ask questions about this page",
+    iconName: "GoogleColoredIcon",
+    title: "Open in Gemini",
+    type: "link",
+  },
   grok: {
     description: "Ask questions about this page",
     iconName: "GrokIcon",
@@ -160,6 +166,9 @@ export const buildBuiltinUrl = (
     case "aistudio": {
       return `https://aistudio.google.com/prompts/new_chat?q=${encoded(askPrompt(pageUrl))}`;
     }
+    case "gemini": {
+      return `https://gemini.google.com/app?q=${encoded(askPrompt(pageUrl))}`;
+    }
     case "devin": {
       return `https://app.devin.ai/sessions?url=${encoded(pageUrl)}`;
     }

package/docs/lib/dashboard-session.ts

@@ -0,0 +1,167 @@
+import {
+  createRemoteJWKSet,
+  decodeProtectedHeader,
+  errors as joseErrors,
+  jwtVerify,
+} from "jose";
+import { cookies } from "next/headers";
+import { cache } from "react";
+
+export interface DashboardSession {
+  accessToken: string;
+  authId: string;
+  userEmail: string;
+  userName: string;
+}
+
+const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL ?? "";
+const supabaseJwtSecret = process.env.SUPABASE_JWT_SECRET ?? "";
+
+let cachedSecret: Uint8Array | null = null;
+const getHmacKey = (): Uint8Array | null => {
+  if (!supabaseJwtSecret) {
+    return null;
+  }
+  if (!cachedSecret) {
+    cachedSecret = new TextEncoder().encode(supabaseJwtSecret);
+  }
+  return cachedSecret;
+};
+
+let cachedJwks: ReturnType<typeof createRemoteJWKSet> | null = null;
+const getJwks = () => {
+  if (!supabaseUrl) {
+    return null;
+  }
+  if (!cachedJwks) {
+    cachedJwks = createRemoteJWKSet(
+      new URL(`${supabaseUrl.replace(/\/$/, "")}/auth/v1/.well-known/jwks.json`)
+    );
+  }
+  return cachedJwks;
+};
+
+const getIssuer = (): string | undefined =>
+  supabaseUrl ? `${supabaseUrl.replace(/\/$/, "")}/auth/v1` : undefined;
+
+const verifyAccessToken = (token: string) => {
+  const header = decodeProtectedHeader(token);
+  const options = {
+    audience: "authenticated",
+    clockTolerance: "5s",
+    issuer: getIssuer(),
+  };
+  if (header.alg === "HS256") {
+    const secret = getHmacKey();
+    if (!secret) {
+      throw new Error("SUPABASE_JWT_SECRET required for HS256 tokens.");
+    }
+    return jwtVerify(token, secret, { ...options, algorithms: ["HS256"] });
+  }
+  const jwks = getJwks();
+  if (!jwks) {
+    throw new Error("SUPABASE_URL required for asymmetric token verification.");
+  }
+  return jwtVerify(token, jwks, options);
+};
+
+// Supabase's auth-helpers cookie name is derived from the project ref. We
+// match the default pattern the browser client writes: `sb-<ref>-auth-token`.
+const getProjectRef = (): string | null => {
+  if (!supabaseUrl) {
+    return null;
+  }
+  const match = supabaseUrl.match(/https?:\/\/([^.]+)\./);
+  return match?.[1] ?? null;
+};
+
+interface StoredSupabaseSession {
+  access_token?: unknown;
+  user?: {
+    email?: unknown;
+    user_metadata?: { full_name?: unknown; name?: unknown };
+  };
+}
+
+const parseCookieValue = (value: string): StoredSupabaseSession | null => {
+  // Supabase SSR stores either a JSON string or an array; both are URL-encoded.
+  try {
+    const decoded = value.startsWith("base64-")
+      ? Buffer.from(value.slice(7), "base64").toString("utf8")
+      : decodeURIComponent(value);
+    const parsed = JSON.parse(decoded);
+    if (Array.isArray(parsed)) {
+      const [sessionBlob] = parsed;
+      return typeof sessionBlob === "object"
+        ? (sessionBlob as StoredSupabaseSession)
+        : null;
+    }
+    return parsed as StoredSupabaseSession;
+  } catch {
+    return null;
+  }
+};
+
+const readChunkedCookie = async (
+  baseName: string
+): Promise<StoredSupabaseSession | null> => {
+  const store = await cookies();
+  const direct = store.get(baseName)?.value;
+  if (direct) {
+    return parseCookieValue(direct);
+  }
+
+  // Supabase splits large cookies into baseName.0, baseName.1, ...
+  const chunks: string[] = [];
+  for (let i = 0; i < 10; i += 1) {
+    const chunk = store.get(`${baseName}.${i}`)?.value;
+    if (!chunk) {
+      break;
+    }
+    chunks.push(chunk);
+  }
+  if (chunks.length === 0) {
+    return null;
+  }
+  return parseCookieValue(chunks.join(""));
+};
+
+const asString = (value: unknown): string | null =>
+  typeof value === "string" ? value : null;
+
+export const getDashboardSession = cache(
+  async (): Promise<DashboardSession | null> => {
+    const ref = getProjectRef();
+    if (!ref) {
+      return null;
+    }
+
+    const stored = await readChunkedCookie(`sb-${ref}-auth-token`);
+    const accessToken = asString(stored?.access_token);
+    if (!accessToken) {
+      return null;
+    }
+
+    let authId: string;
+    try {
+      const { payload } = await verifyAccessToken(accessToken);
+      const sub = asString(payload.sub);
+      if (!sub) {
+        return null;
+      }
+      authId = sub;
+    } catch (error) {
+      if (!(error instanceof joseErrors.JOSEError)) {
+        throw error;
+      }
+      return null;
+    }
+
+    const userEmail = asString(stored?.user?.email) ?? "";
+    const metadata = stored?.user?.user_metadata;
+    const userName =
+      asString(metadata?.full_name) ?? asString(metadata?.name) ?? userEmail;
+
+    return { accessToken, authId, userEmail, userName };
+  }
+);

package/docs/lib/db.ts

@@ -0,0 +1,13 @@
+import {
+  DeploymentDao,
+  DomainDao,
+  GitConnectionDao,
+  ProjectDao,
+  UserDao,
+} from "@repo/db";
+
+export const projectDao = new ProjectDao();
+export const deploymentDao = new DeploymentDao();
+export const userDao = new UserDao();
+export const gitConnectionDao = new GitConnectionDao();
+export const domainDao = new DomainDao();

package/docs/lib/env.ts

@@ -10,10 +10,11 @@ const readTrimmedEnv = (name: string) => {
   return trimmed;
 };
 
+// Must reference process.env.NEXT_PUBLIC_API_URL as a literal so Next.js
+// inlines it into the client bundle. Dynamic access via readTrimmedEnv is
+// not replaced at build time and would always be undefined on the client.
 export const docsApiBase =
-  readTrimmedEnv("DOCS_API_URL") ??
-  readTrimmedEnv("NEXT_PUBLIC_API_URL") ??
-  "http://localhost:4000";
+  process.env.NEXT_PUBLIC_API_URL?.trim() || "http://localhost:4000";
 
 export const platformAssetPrefix =
   readTrimmedEnv("PLATFORM_ASSET_PREFIX") ?? "";

package/docs/lib/etag.ts

@@ -0,0 +1,22 @@
+import { createHash } from "node:crypto";
+
+import { NextResponse } from "next/server";
+
+export const computeETag = (content: string): string => {
+  const hash = createHash("sha256").update(content).digest("hex").slice(0, 16);
+  return `"${hash}"`;
+};
+
+export const handleIfNoneMatch = (
+  request: Request,
+  etag: string
+): NextResponse | null => {
+  const ifNoneMatch = request.headers.get("if-none-match");
+  if (ifNoneMatch && ifNoneMatch === etag) {
+    return new NextResponse(null, {
+      headers: { ETag: etag },
+      status: 304,
+    });
+  }
+  return null;
+};

package/docs/lib/github-install.ts

@@ -0,0 +1,33 @@
+import { apiFetch } from "@/lib/api-client";
+
+export const GITHUB_INSTALL_STATE_KEY = "blodemd:install-state";
+
+export interface PendingGithubInstall {
+  projectId: string;
+  projectSlug: string;
+  state: string;
+}
+
+export const startGithubInstall = async ({
+  accessToken,
+  projectId,
+  projectSlug,
+}: {
+  accessToken: string;
+  projectId: string;
+  projectSlug: string;
+}): Promise<void> => {
+  const result = await apiFetch<{ url: string; state: string }>(
+    `/projects/${projectId}/git/install-url`,
+    { accessToken, method: "POST" }
+  );
+  sessionStorage.setItem(
+    GITHUB_INSTALL_STATE_KEY,
+    JSON.stringify({
+      projectId,
+      projectSlug,
+      state: result.state,
+    })
+  );
+  window.location.assign(result.url);
+};

package/docs/lib/project-authz.ts

@@ -0,0 +1,46 @@
+import type { ProjectRecord, UserRecord } from "@repo/db";
+import { cache } from "react";
+
+import { getDashboardSession } from "./dashboard-session";
+import { projectDao, userDao } from "./db";
+
+export interface AuthorizedProjectContext {
+  accessToken: string;
+  project: ProjectRecord;
+  user: UserRecord;
+}
+
+export const resolveCurrentUser = cache(
+  async (): Promise<{
+    accessToken: string;
+    user: UserRecord;
+  } | null> => {
+    const session = await getDashboardSession();
+    if (!session) {
+      return null;
+    }
+    const user = await userDao.getByAuthId(session.authId);
+    if (!user) {
+      return null;
+    }
+    return { accessToken: session.accessToken, user };
+  }
+);
+
+export const getAuthorizedProjectBySlug = cache(
+  async (slug: string): Promise<AuthorizedProjectContext | null> => {
+    const session = await getDashboardSession();
+    if (!session) {
+      return null;
+    }
+    const result = await projectDao.getAuthorizedBySlug(session.authId, slug);
+    if (!result) {
+      return null;
+    }
+    return {
+      accessToken: session.accessToken,
+      project: result.project,
+      user: result.user,
+    };
+  }
+);

package/docs/lib/routes.ts

@@ -27,7 +27,11 @@ export const toDocHref = (path: string, basePath = "") => {
 
 export const toMarkdownDocHref = (path: string, basePath = "") => {
   const href = toDocHref(path, basePath);
-  return href === "/" ? "/.md" : `${href}.md`;
+  // Index pages use /index.md, not just .md appended to the path
+  if (href === "/" || href === basePath) {
+    return `${href}/index.md`.replaceAll(/\/+/g, "/");
+  }
+  return `${href}.md`;
 };
 
 export const getMarkdownExportSourcePath = (pathname: string) => {

package/docs/lib/supabase.ts

@@ -1,13 +1,37 @@
-import { createClient } from "@supabase/supabase-js";
+import { createBrowserClient, createServerClient } from "@supabase/ssr";
+import type { CookieOptions } from "@supabase/ssr";
+import type { SupabaseClient } from "@supabase/supabase-js";
 
 const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL ?? "";
 const supabaseAnonKey = process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY ?? "";
 
-let client: ReturnType<typeof createClient> | null = null;
+let browserClient: SupabaseClient | null = null;
 
-export const createSupabaseClient = () => {
-  if (!client) {
-    client = createClient(supabaseUrl, supabaseAnonKey);
+export const createSupabaseClient = (): SupabaseClient => {
+  if (!browserClient) {
+    browserClient = createBrowserClient(supabaseUrl, supabaseAnonKey);
   }
-  return client;
+  return browserClient;
 };
+
+interface CookieStore {
+  get: (name: string) => { value: string } | undefined;
+  set?: (name: string, value: string, options?: CookieOptions) => void;
+}
+
+export const createSupabaseServerClient = (
+  cookieStore: CookieStore
+): SupabaseClient =>
+  createServerClient(supabaseUrl, supabaseAnonKey, {
+    cookies: {
+      get(name: string) {
+        return cookieStore.get(name)?.value;
+      },
+      remove(name: string, options?: CookieOptions) {
+        cookieStore.set?.(name, "", { ...options, maxAge: 0 });
+      },
+      set(name: string, value: string, options?: CookieOptions) {
+        cookieStore.set?.(name, value, options);
+      },
+    },
+  });

package/docs/lib/tenancy.ts

@@ -16,6 +16,7 @@ const DEFAULT_RESERVED_PATHS = [
   "/_next",
   "/.well-known",
   "/api",
+  "/app",
   "/docs.json",
   "/favicon.ico",
   "/llms.txt",