npm - dineway - Versions diffs - 0.1.3 → 0.1.5 - Mend

dineway 0.1.3 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (296) hide show

package/README.md +6 -3
package/dist/{apply-CAPvMfoU.mjs → apply-iVSqz2qs.mjs} +132 -39
package/dist/astro/index.d.mts +18 -9
package/dist/astro/index.mjs +238 -16
package/dist/astro/middleware/auth.d.mts +16 -5
package/dist/astro/middleware/auth.mjs +74 -37
package/dist/astro/middleware/redirect.mjs +24 -8
package/dist/astro/middleware/request-context.mjs +18 -5
package/dist/astro/middleware/setup.mjs +1 -1
package/dist/astro/middleware.mjs +411 -169
package/dist/astro/types.d.mts +25 -8
package/dist/{byline-DeWCMU_i.mjs → byline-OhH2dlRu.mjs} +6 -21
package/dist/{bylines-DyqBV9EQ.mjs → bylines-BGpD9_hy.mjs} +16 -6
package/dist/cache-BdSY-gQN.mjs +42 -0
package/dist/chunks--4F8ddV4.mjs +18 -0
package/dist/cli/index.mjs +935 -15
package/dist/client/external-auth-headers.d.mts +1 -1
package/dist/client/index.d.mts +11 -3
package/dist/client/index.mjs +4 -3
package/dist/{connection-C9pxzuag.mjs → connection-BCNICDWN.mjs} +22 -5
package/dist/{content-zSgdNmnt.mjs → content-DWi4d0rT.mjs} +41 -2
package/dist/database/instrumentation.d.mts +34 -0
package/dist/database/instrumentation.mjs +53 -0
package/dist/db/index.d.mts +3 -3
package/dist/db/index.mjs +2 -2
package/dist/db/libsql.d.mts +1 -1
package/dist/db/libsql.mjs +11 -5
package/dist/db/postgres.d.mts +1 -1
package/dist/db/sqlite.d.mts +1 -1
package/dist/db/sqlite.mjs +7 -1
package/dist/db-errors-CEqD7qH9.mjs +23 -0
package/dist/{default-WYlzADZL.mjs → default-VjJyuuG9.mjs} +2 -0
package/dist/{dialect-helpers-B9uSp2GJ.mjs → dialect-helpers-DhTzaUxP.mjs} +3 -0
package/dist/{error-DrxtnGPg.mjs → error-BmL6QipT.mjs} +7 -3
package/dist/{index-C-jx21qs.d.mts → index-yvc6E_17.d.mts} +157 -30
package/dist/index.d.mts +11 -11
package/dist/index.mjs +24 -22
package/dist/{loader-qKmo0wAY.mjs → loader-sMG4TZ-u.mjs} +9 -3
package/dist/media/index.d.mts +1 -1
package/dist/media/index.mjs +1 -1
package/dist/media/local-runtime.d.mts +7 -7
package/dist/page/index.d.mts +10 -2
package/dist/page/index.mjs +22 -1
package/dist/patterns-CrCYkMBb.mjs +92 -0
package/dist/{placeholder-bOx1xCTY.d.mts → placeholder--wOi4TbO.d.mts} +1 -1
package/dist/{placeholder-B3knXwNc.mjs → placeholder-Cp8g5Emj.mjs} +1 -1
package/dist/plugins/adapt-sandbox-entry.d.mts +5 -5
package/dist/plugins/adapt-sandbox-entry.mjs +1 -1
package/dist/{query-BiaPl_g2.mjs → query-kDmwCsHh.mjs} +118 -50
package/dist/{redirect-JPqLAbxa.mjs → redirect-DnEWAkVg.mjs} +43 -99
package/dist/{registry-DSd1GWB8.mjs → registry-C0zjeB9P.mjs} +191 -123
package/dist/request-cache-Dk5qPSOx.mjs +66 -0
package/dist/request-context.d.mts +4 -16
package/dist/{runner-B5l1JfOj.d.mts → runner-CFI6B6J2.d.mts} +1 -1
package/dist/{runner-BGUGywgG.mjs → runner-DWZm2KQm.mjs} +589 -137
package/dist/runtime.d.mts +6 -6
package/dist/runtime.mjs +2 -2
package/dist/{search-BNruJHDL.mjs → search-ByRGV2pq.mjs} +570 -424
package/dist/seed/index.d.mts +2 -2
package/dist/seed/index.mjs +11 -10
package/dist/seo/index.d.mts +1 -1
package/dist/storage/local.d.mts +1 -1
package/dist/storage/local.mjs +1 -1
package/dist/storage/s3.d.mts +11 -3
package/dist/storage/s3.mjs +78 -15
package/dist/taxonomies-1s5PaS_8.mjs +266 -0
package/dist/transaction-Cn2rjY78.mjs +27 -0
package/dist/{types-BgQeVaPj.d.mts → types-BuMDPy5C.d.mts} +52 -3
package/dist/{types-DuNbGKjF.mjs → types-COeOq9nK.mjs} +6 -1
package/dist/{types-ju-_ORz7.d.mts → types-CWbdtiux.d.mts} +13 -5
package/dist/{types-D38djUXv.d.mts → types-Cj0KMIZV.d.mts} +16 -3
package/dist/{types-DkvMXalq.d.mts → types-DOrVigru.d.mts} +159 -0
package/dist/{validate-CXnRKfJK.mjs → validate-BZ5wnLLp.mjs} +2 -1
package/dist/{validate-DVKJJ-M_.d.mts → validate-IPf8n4Fj.d.mts} +4 -51
package/dist/{validate-CqRJb_xU.mjs → validate-VPnKoIzW.mjs} +10 -10
package/dist/version-BKXPsfmJ.mjs +6 -0
package/package.json +53 -39
package/src/astro/routes/PluginRegistry.tsx +21 -0
package/src/astro/routes/admin.astro +99 -0
package/src/astro/routes/api/admin/allowed-domains/[domain].ts +112 -0
package/src/astro/routes/api/admin/allowed-domains/index.ts +108 -0
package/src/astro/routes/api/admin/api-tokens/[id].ts +44 -0
package/src/astro/routes/api/admin/api-tokens/index.ts +90 -0
package/src/astro/routes/api/admin/briefing.ts +76 -0
package/src/astro/routes/api/admin/bylines/[id]/index.ts +90 -0
package/src/astro/routes/api/admin/bylines/index.ts +74 -0
package/src/astro/routes/api/admin/comments/[id]/status.ts +120 -0
package/src/astro/routes/api/admin/comments/[id].ts +64 -0
package/src/astro/routes/api/admin/comments/bulk.ts +42 -0
package/src/astro/routes/api/admin/comments/counts.ts +30 -0
package/src/astro/routes/api/admin/comments/index.ts +46 -0
package/src/astro/routes/api/admin/context/[id]/history.ts +35 -0
package/src/astro/routes/api/admin/context/[id]/index.ts +35 -0
package/src/astro/routes/api/admin/context/[id]/review.ts +57 -0
package/src/astro/routes/api/admin/context/[id]/supersede.ts +58 -0
package/src/astro/routes/api/admin/context/diff.ts +35 -0
package/src/astro/routes/api/admin/context/index.ts +69 -0
package/src/astro/routes/api/admin/context/stale.ts +35 -0
package/src/astro/routes/api/admin/hitl-requests/[id]/index.ts +38 -0
package/src/astro/routes/api/admin/hitl-requests/[id]/resolve.ts +54 -0
package/src/astro/routes/api/admin/hitl-requests/index.ts +38 -0
package/src/astro/routes/api/admin/hooks/exclusive/[hookName].ts +132 -0
package/src/astro/routes/api/admin/hooks/exclusive/index.ts +51 -0
package/src/astro/routes/api/admin/oauth-clients/[id].ts +137 -0
package/src/astro/routes/api/admin/oauth-clients/index.ts +95 -0
package/src/astro/routes/api/admin/plugins/[id]/disable.ts +91 -0
package/src/astro/routes/api/admin/plugins/[id]/enable.ts +91 -0
package/src/astro/routes/api/admin/plugins/[id]/index.ts +38 -0
package/src/astro/routes/api/admin/plugins/[id]/uninstall.ts +98 -0
package/src/astro/routes/api/admin/plugins/[id]/update.ts +154 -0
package/src/astro/routes/api/admin/plugins/index.ts +32 -0
package/src/astro/routes/api/admin/plugins/marketplace/[id]/icon.ts +62 -0
package/src/astro/routes/api/admin/plugins/marketplace/[id]/index.ts +33 -0
package/src/astro/routes/api/admin/plugins/marketplace/[id]/install.ts +135 -0
package/src/astro/routes/api/admin/plugins/marketplace/index.ts +38 -0
package/src/astro/routes/api/admin/plugins/updates.ts +28 -0
package/src/astro/routes/api/admin/review-requests/[id]/index.ts +35 -0
package/src/astro/routes/api/admin/review-requests/[id]/resolve.ts +52 -0
package/src/astro/routes/api/admin/review-requests/index.ts +35 -0
package/src/astro/routes/api/admin/themes/marketplace/[id]/index.ts +33 -0
package/src/astro/routes/api/admin/themes/marketplace/[id]/thumbnail.ts +62 -0
package/src/astro/routes/api/admin/themes/marketplace/index.ts +45 -0
package/src/astro/routes/api/admin/users/[id]/disable.ts +72 -0
package/src/astro/routes/api/admin/users/[id]/enable.ts +48 -0
package/src/astro/routes/api/admin/users/[id]/index.ts +166 -0
package/src/astro/routes/api/admin/users/[id]/send-recovery.ts +72 -0
package/src/astro/routes/api/admin/users/index.ts +66 -0
package/src/astro/routes/api/auth/dev-bypass.ts +139 -0
package/src/astro/routes/api/auth/invite/accept.ts +52 -0
package/src/astro/routes/api/auth/invite/complete.ts +86 -0
package/src/astro/routes/api/auth/invite/index.ts +99 -0
package/src/astro/routes/api/auth/invite/register-options.ts +73 -0
package/src/astro/routes/api/auth/logout.ts +40 -0
package/src/astro/routes/api/auth/magic-link/send.ts +90 -0
package/src/astro/routes/api/auth/magic-link/verify.ts +71 -0
package/src/astro/routes/api/auth/me.ts +60 -0
package/src/astro/routes/api/auth/oauth/[provider]/callback.ts +221 -0
package/src/astro/routes/api/auth/oauth/[provider].ts +120 -0
package/src/astro/routes/api/auth/passkey/[id].ts +124 -0
package/src/astro/routes/api/auth/passkey/index.ts +54 -0
package/src/astro/routes/api/auth/passkey/options.ts +85 -0
package/src/astro/routes/api/auth/passkey/register/options.ts +88 -0
package/src/astro/routes/api/auth/passkey/register/verify.ts +119 -0
package/src/astro/routes/api/auth/passkey/verify.ts +72 -0
package/src/astro/routes/api/auth/signup/complete.ts +87 -0
package/src/astro/routes/api/auth/signup/request.ts +89 -0
package/src/astro/routes/api/auth/signup/verify.ts +53 -0
package/src/astro/routes/api/comments/[collection]/[contentId]/index.ts +310 -0
package/src/astro/routes/api/content/[collection]/[id]/compare.ts +28 -0
package/src/astro/routes/api/content/[collection]/[id]/discard-draft.ts +68 -0
package/src/astro/routes/api/content/[collection]/[id]/duplicate.ts +77 -0
package/src/astro/routes/api/content/[collection]/[id]/permanent.ts +42 -0
package/src/astro/routes/api/content/[collection]/[id]/preview-url.ts +107 -0
package/src/astro/routes/api/content/[collection]/[id]/publish.ts +100 -0
package/src/astro/routes/api/content/[collection]/[id]/restore.ts +64 -0
package/src/astro/routes/api/content/[collection]/[id]/revisions.ts +31 -0
package/src/astro/routes/api/content/[collection]/[id]/schedule.ts +129 -0
package/src/astro/routes/api/content/[collection]/[id]/terms/[taxonomy].ts +143 -0
package/src/astro/routes/api/content/[collection]/[id]/translations.ts +50 -0
package/src/astro/routes/api/content/[collection]/[id]/unpublish.ts +69 -0
package/src/astro/routes/api/content/[collection]/[id].ts +173 -0
package/src/astro/routes/api/content/[collection]/index.ts +103 -0
package/src/astro/routes/api/content/[collection]/trash.ts +33 -0
package/src/astro/routes/api/dashboard.ts +32 -0
package/src/astro/routes/api/dev/emails.ts +36 -0
package/src/astro/routes/api/health.ts +54 -0
package/src/astro/routes/api/import/probe.ts +47 -0
package/src/astro/routes/api/import/wordpress/analyze.ts +523 -0
package/src/astro/routes/api/import/wordpress/execute.ts +330 -0
package/src/astro/routes/api/import/wordpress/media.ts +338 -0
package/src/astro/routes/api/import/wordpress/prepare.ts +212 -0
package/src/astro/routes/api/import/wordpress/rewrite-urls.ts +425 -0
package/src/astro/routes/api/import/wordpress-plugin/analyze.ts +111 -0
package/src/astro/routes/api/import/wordpress-plugin/callback.ts +58 -0
package/src/astro/routes/api/import/wordpress-plugin/execute.ts +399 -0
package/src/astro/routes/api/manifest.ts +75 -0
package/src/astro/routes/api/mcp.ts +125 -0
package/src/astro/routes/api/media/[id]/confirm.ts +93 -0
package/src/astro/routes/api/media/[id].ts +145 -0
package/src/astro/routes/api/media/file/[...key].ts +79 -0
package/src/astro/routes/api/media/providers/[providerId]/[itemId].ts +91 -0
package/src/astro/routes/api/media/providers/[providerId]/index.ts +111 -0
package/src/astro/routes/api/media/providers/index.ts +30 -0
package/src/astro/routes/api/media/upload-url.ts +146 -0
package/src/astro/routes/api/media.ts +204 -0
package/src/astro/routes/api/menus/[name]/items.ts +206 -0
package/src/astro/routes/api/menus/[name]/reorder.ts +79 -0
package/src/astro/routes/api/menus/[name].ts +145 -0
package/src/astro/routes/api/menus/index.ts +91 -0
package/src/astro/routes/api/oauth/authorize.ts +430 -0
package/src/astro/routes/api/oauth/device/authorize.ts +45 -0
package/src/astro/routes/api/oauth/device/code.ts +56 -0
package/src/astro/routes/api/oauth/device/token.ts +70 -0
package/src/astro/routes/api/oauth/register.ts +182 -0
package/src/astro/routes/api/oauth/token/refresh.ts +38 -0
package/src/astro/routes/api/oauth/token/revoke.ts +38 -0
package/src/astro/routes/api/oauth/token.ts +195 -0
package/src/astro/routes/api/openapi.json.ts +33 -0
package/src/astro/routes/api/plugins/[pluginId]/[...path].ts +109 -0
package/src/astro/routes/api/redirects/404s/index.ts +72 -0
package/src/astro/routes/api/redirects/404s/summary.ts +33 -0
package/src/astro/routes/api/redirects/[id].ts +183 -0
package/src/astro/routes/api/redirects/index.ts +100 -0
package/src/astro/routes/api/revisions/[revisionId]/index.ts +29 -0
package/src/astro/routes/api/revisions/[revisionId]/restore.ts +62 -0
package/src/astro/routes/api/schema/collections/[slug]/fields/[fieldSlug].ts +104 -0
package/src/astro/routes/api/schema/collections/[slug]/fields/index.ts +67 -0
package/src/astro/routes/api/schema/collections/[slug]/fields/reorder.ts +45 -0
package/src/astro/routes/api/schema/collections/[slug]/index.ts +107 -0
package/src/astro/routes/api/schema/collections/index.ts +61 -0
package/src/astro/routes/api/schema/index.ts +109 -0
package/src/astro/routes/api/schema/orphans/[slug].ts +36 -0
package/src/astro/routes/api/schema/orphans/index.ts +26 -0
package/src/astro/routes/api/search/enable.ts +64 -0
package/src/astro/routes/api/search/index.ts +52 -0
package/src/astro/routes/api/search/rebuild.ts +72 -0
package/src/astro/routes/api/search/stats.ts +35 -0
package/src/astro/routes/api/search/suggest.ts +50 -0
package/src/astro/routes/api/sections/[slug].ts +203 -0
package/src/astro/routes/api/sections/index.ts +107 -0
package/src/astro/routes/api/settings/email.ts +150 -0
package/src/astro/routes/api/settings.ts +116 -0
package/src/astro/routes/api/setup/admin-verify.ts +122 -0
package/src/astro/routes/api/setup/admin.ts +104 -0
package/src/astro/routes/api/setup/dev-bypass.ts +200 -0
package/src/astro/routes/api/setup/dev-reset.ts +40 -0
package/src/astro/routes/api/setup/index.ts +128 -0
package/src/astro/routes/api/setup/status.ts +122 -0
package/src/astro/routes/api/snapshot.ts +76 -0
package/src/astro/routes/api/taxonomies/[name]/terms/[slug].ts +232 -0
package/src/astro/routes/api/taxonomies/[name]/terms/index.ts +131 -0
package/src/astro/routes/api/taxonomies/index.ts +114 -0
package/src/astro/routes/api/themes/preview.ts +78 -0
package/src/astro/routes/api/typegen.ts +114 -0
package/src/astro/routes/api/well-known/auth.ts +71 -0
package/src/astro/routes/api/well-known/oauth-authorization-server.ts +48 -0
package/src/astro/routes/api/well-known/oauth-protected-resource.ts +39 -0
package/src/astro/routes/api/widget-areas/[name]/reorder.ts +114 -0
package/src/astro/routes/api/widget-areas/[name]/widgets/[id].ts +213 -0
package/src/astro/routes/api/widget-areas/[name]/widgets.ts +126 -0
package/src/astro/routes/api/widget-areas/[name].ts +135 -0
package/src/astro/routes/api/widget-areas/index.ts +149 -0
package/src/astro/routes/api/widget-components.ts +22 -0
package/src/astro/routes/robots.txt.ts +81 -0
package/src/astro/routes/sitemap-[collection].xml.ts +104 -0
package/src/astro/routes/sitemap.xml.ts +92 -0
package/src/components/Break.astro +45 -0
package/src/components/Button.astro +71 -0
package/src/components/Buttons.astro +49 -0
package/src/components/Code.astro +59 -0
package/src/components/Columns.astro +59 -0
package/src/components/CommentForm.astro +315 -0
package/src/components/Comments.astro +232 -0
package/src/components/Cover.astro +128 -0
package/src/components/DinewayBodyEnd.astro +32 -0
package/src/components/DinewayBodyStart.astro +32 -0
package/src/components/DinewayHead.astro +61 -0
package/src/components/DinewayImage.astro +178 -0
package/src/components/DinewayMedia.astro +167 -0
package/src/components/Embed.astro +128 -0
package/src/components/File.astro +122 -0
package/src/components/Gallery.astro +93 -0
package/src/components/HtmlBlock.astro +33 -0
package/src/components/Image.astro +178 -0
package/src/components/InlineEditor.astro +27 -0
package/src/components/InlinePortableTextEditor.tsx +1937 -0
package/src/components/LiveSearch.astro +614 -0
package/src/components/PortableText.astro +51 -0
package/src/components/Pullquote.astro +51 -0
package/src/components/Table.astro +135 -0
package/src/components/WidgetArea.astro +22 -0
package/src/components/WidgetRenderer.astro +72 -0
package/src/components/index.ts +106 -0
package/src/components/marks/Link.astro +31 -0
package/src/components/marks/StrikeThrough.astro +7 -0
package/src/components/marks/Subscript.astro +7 -0
package/src/components/marks/Superscript.astro +7 -0
package/src/components/marks/Underline.astro +7 -0
package/src/components/marks.ts +19 -0
package/src/components/widgets/Archives.astro +65 -0
package/src/components/widgets/Categories.astro +35 -0
package/src/components/widgets/RecentPosts.astro +51 -0
package/src/components/widgets/Search.astro +18 -0
package/src/components/widgets/Tags.astro +38 -0
package/src/ui.ts +75 -0
package/LICENSE +0 -9
/package/dist/{adapters-BlzWJG82.d.mts → adapters-C2ypTrZZ.d.mts} +0 -0
/package/dist/{config-Cq8H0SfX.mjs → config-BXwuX8Bx.mjs} +0 -0
/package/dist/{load-C6FCD1FU.mjs → load-Coc9HpHH.mjs} +0 -0
/package/dist/{manifest-schema-CTSEyIJ3.mjs → manifest-schema-D1MSVnoI.mjs} +0 -0
/package/dist/{mode-BlyYtIFO.mjs → mode-47goXBBK.mjs} +0 -0
/package/dist/{tokens-4vgYuXsZ.mjs → tokens-CJz9ubV6.mjs} +0 -0
/package/dist/{transport-C5FYnid7.mjs → transport-DB5eDN4x.mjs} +0 -0
/package/dist/{transport-gIL-e43D.d.mts → transport-Wge_IzKl.d.mts} +0 -0
/package/dist/{types-CLLdsG3g.d.mts → types-BzcUjoqg.d.mts} +0 -0
/package/dist/{types-DShnjzb6.mjs → types-griIBQOQ.mjs} +0 -0

package/src/astro/routes/api/auth/passkey/register/options.ts ADDED Viewed

@@ -0,0 +1,88 @@
+/**
+ * POST /_dineway/api/auth/passkey/register/options
+ *
+ * Get WebAuthn registration options for adding a new passkey (authenticated user)
+ */
+import type { APIRoute } from "astro";
+export const prerender = false;
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+import { generateRegistrationOptions } from "@dineway-ai/auth/passkey";
+import { apiError, apiSuccess, handleError } from "#api/error.js";
+import { isParseError, parseOptionalBody } from "#api/parse.js";
+import { getPublicOrigin } from "#api/public-url.js";
+import { passkeyRegisterOptionsBody } from "#api/schemas.js";
+import { createChallengeStore } from "#auth/challenge-store.js";
+import { getPasskeyConfig } from "#auth/passkey-config.js";
+import { OptionsRepository } from "#db/repositories/options.js";
+const MAX_PASSKEYS = 10;
+export const POST: APIRoute = async ({ request, locals }) => {
+	const { dineway, user } = locals;
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	}
+	// Require authentication
+	if (!user) {
+		return apiError("NOT_AUTHENTICATED", "Not authenticated", 401);
+	}
+	try {
+		const adapter = createKyselyAdapter(dineway.db);
+		// Check passkey limit
+		const count = await adapter.countCredentialsByUserId(user.id);
+		if (count >= MAX_PASSKEYS) {
+			return apiError("PASSKEY_LIMIT", `Maximum of ${MAX_PASSKEYS} passkeys allowed`, 400);
+		}
+		// Parse optional name from request
+		const body = await parseOptionalBody(request, passkeyRegisterOptionsBody, {});
+		if (isParseError(body)) return body;
+		// Get existing credentials for excludeCredentials
+		const existingCredentials = await adapter.getCredentialsByUserId(user.id);
+		// Get passkey config
+		const url = new URL(request.url);
+		const optionsRepo = new OptionsRepository(dineway.db);
+		const siteName = (await optionsRepo.get<string>("dineway:site_title")) ?? undefined;
+		const siteUrl = getPublicOrigin(url, dineway?.config);
+		const passkeyConfig = getPasskeyConfig(url, siteName, siteUrl);
+		// Generate registration options
+		const challengeStore = createChallengeStore(dineway.db);
+		const registrationOptions = await generateRegistrationOptions(
+			passkeyConfig,
+			{ id: user.id, email: user.email, name: user.name },
+			existingCredentials,
+			challengeStore,
+		);
+		// Store the passkey name in the challenge metadata if provided
+		// We'll retrieve it during verification
+		if (body.name) {
+			// Store name with challenge for later retrieval
+			// The challenge store will need this when verifying
+			await optionsRepo.set(`dineway:passkey_pending:${user.id}`, {
+				name: body.name,
+			});
+		}
+		return apiSuccess({
+			options: registrationOptions,
+		});
+	} catch (error) {
+		return handleError(
+			error,
+			"Failed to generate registration options",
+			"PASSKEY_REGISTER_OPTIONS_ERROR",
+		);
+	}
+};

package/src/astro/routes/api/auth/passkey/register/verify.ts ADDED Viewed

@@ -0,0 +1,119 @@
+/**
+ * POST /_dineway/api/auth/passkey/register/verify
+ *
+ * Verify and store a new passkey credential (authenticated user)
+ */
+import type { APIRoute } from "astro";
+export const prerender = false;
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+import { verifyRegistrationResponse, registerPasskey } from "@dineway-ai/auth/passkey";
+import { apiError, apiSuccess } from "#api/error.js";
+import { isParseError, parseBody } from "#api/parse.js";
+import { getPublicOrigin } from "#api/public-url.js";
+import { passkeyRegisterVerifyBody } from "#api/schemas.js";
+import { createChallengeStore } from "#auth/challenge-store.js";
+import { getPasskeyConfig } from "#auth/passkey-config.js";
+import { OptionsRepository } from "#db/repositories/options.js";
+const MAX_PASSKEYS = 10;
+interface PasskeyResponse {
+	id: string;
+	name: string | null;
+	deviceType: "singleDevice" | "multiDevice";
+	backedUp: boolean;
+	createdAt: string;
+	lastUsedAt: string;
+}
+export const POST: APIRoute = async ({ request, locals }) => {
+	const { dineway, user } = locals;
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	}
+	// Require authentication
+	if (!user) {
+		return apiError("NOT_AUTHENTICATED", "Not authenticated", 401);
+	}
+	try {
+		const adapter = createKyselyAdapter(dineway.db);
+		// Check passkey limit again (in case of concurrent requests)
+		const count = await adapter.countCredentialsByUserId(user.id);
+		if (count >= MAX_PASSKEYS) {
+			return apiError("PASSKEY_LIMIT", `Maximum of ${MAX_PASSKEYS} passkeys allowed`, 400);
+		}
+		// Parse request body
+		const body = await parseBody(request, passkeyRegisterVerifyBody);
+		if (isParseError(body)) return body;
+		// Get passkey config
+		const url = new URL(request.url);
+		const optionsRepo = new OptionsRepository(dineway.db);
+		const siteName = (await optionsRepo.get<string>("dineway:site_title")) ?? undefined;
+		const siteUrl = getPublicOrigin(url, dineway?.config);
+		const passkeyConfig = getPasskeyConfig(url, siteName, siteUrl);
+		// Verify the registration response
+		const challengeStore = createChallengeStore(dineway.db);
+		const verified = await verifyRegistrationResponse(
+			passkeyConfig,
+			body.credential,
+			challengeStore,
+		);
+		// Get passkey name - prefer body.name, then check stored pending name
+		let passKeyName: string | undefined = body.name ?? undefined;
+		if (!passKeyName) {
+			const pending = await optionsRepo.get<{ name?: string }>(
+				`dineway:passkey_pending:${user.id}`,
+			);
+			if (pending?.name) {
+				passKeyName = pending.name;
+			}
+		}
+		// Clean up pending state
+		await optionsRepo.delete(`dineway:passkey_pending:${user.id}`);
+		// Register the passkey
+		const credential = await registerPasskey(adapter, user.id, verified, passKeyName);
+		// Return the new passkey info
+		const passkey: PasskeyResponse = {
+			id: credential.id,
+			name: credential.name,
+			deviceType: credential.deviceType,
+			backedUp: credential.backedUp,
+			createdAt: credential.createdAt.toISOString(),
+			lastUsedAt: credential.lastUsedAt.toISOString(),
+		};
+		return apiSuccess({ passkey });
+	} catch (error) {
+		console.error("Passkey registration verify error:", error);
+		// Handle specific errors
+		const message = error instanceof Error ? error.message : "";
+		// Check for duplicate credential error
+		if (message.includes("credential_exists") || message.includes("already")) {
+			return apiError("CREDENTIAL_EXISTS", "This passkey is already registered", 400);
+		}
+		// Check for challenge errors
+		if (message.includes("challenge") || message.includes("expired")) {
+			return apiError("CHALLENGE_EXPIRED", "Registration expired. Please try again.", 400);
+		}
+		return apiError("PASSKEY_REGISTER_ERROR", "Registration failed", 500);
+	}
+};

package/src/astro/routes/api/auth/passkey/verify.ts ADDED Viewed

@@ -0,0 +1,72 @@
+/**
+ * POST /_dineway/api/auth/passkey/verify
+ *
+ * Verify a passkey authentication and create a session
+ */
+import type { APIRoute } from "astro";
+export const prerender = false;
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+import { authenticateWithPasskey, PasskeyAuthenticationError } from "@dineway-ai/auth/passkey";
+import { apiError, apiSuccess, handleError } from "#api/error.js";
+import { isParseError, parseBody } from "#api/parse.js";
+import { getPublicOrigin } from "#api/public-url.js";
+import { passkeyVerifyBody } from "#api/schemas.js";
+import { createChallengeStore } from "#auth/challenge-store.js";
+import { getPasskeyConfig } from "#auth/passkey-config.js";
+import { OptionsRepository } from "#db/repositories/options.js";
+export const POST: APIRoute = async ({ request, locals, session }) => {
+	const { dineway } = locals;
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	}
+	try {
+		const body = await parseBody(request, passkeyVerifyBody);
+		if (isParseError(body)) return body;
+		// Get passkey config
+		const url = new URL(request.url);
+		const options = new OptionsRepository(dineway.db);
+		const siteName = (await options.get<string>("dineway:site_title")) ?? undefined;
+		const siteUrl = getPublicOrigin(url, dineway?.config);
+		const passkeyConfig = getPasskeyConfig(url, siteName, siteUrl);
+		// Authenticate with passkey
+		const adapter = createKyselyAdapter(dineway.db);
+		const challengeStore = createChallengeStore(dineway.db);
+		const user = await authenticateWithPasskey(
+			passkeyConfig,
+			adapter,
+			body.credential,
+			challengeStore,
+		);
+		// Create session
+		if (session) {
+			session.set("user", { id: user.id });
+		}
+		return apiSuccess({
+			success: true,
+			user: {
+				id: user.id,
+				email: user.email,
+				name: user.name,
+				role: user.role,
+			},
+		});
+	} catch (error) {
+		if (error instanceof PasskeyAuthenticationError) {
+			return apiError("UNAUTHORIZED", "Authentication failed", 401);
+		}
+		return handleError(error, "Authentication failed", "PASSKEY_VERIFY_ERROR");
+	}
+};

package/src/astro/routes/api/auth/signup/complete.ts ADDED Viewed

@@ -0,0 +1,87 @@
+/**
+ * POST /_dineway/api/auth/signup/complete
+ *
+ * Complete self-signup by registering a passkey for the new user.
+ * This creates the user account and establishes a session.
+ */
+import type { APIRoute } from "astro";
+export const prerender = false;
+import { completeSignup, SignupError } from "@dineway-ai/auth";
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+import { verifyRegistrationResponse, registerPasskey } from "@dineway-ai/auth/passkey";
+import { apiError, apiSuccess, handleError } from "#api/error.js";
+import { isParseError, parseBody } from "#api/parse.js";
+import { getPublicOrigin } from "#api/public-url.js";
+import { signupCompleteBody } from "#api/schemas.js";
+import { createChallengeStore } from "#auth/challenge-store.js";
+import { getPasskeyConfig } from "#auth/passkey-config.js";
+import { OptionsRepository } from "#db/repositories/options.js";
+export const POST: APIRoute = async ({ request, locals, session }) => {
+	const { dineway } = locals;
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	}
+	try {
+		const body = await parseBody(request, signupCompleteBody);
+		if (isParseError(body)) return body;
+		const adapter = createKyselyAdapter(dineway.db);
+		// Get passkey config
+		const url = new URL(request.url);
+		const options = new OptionsRepository(dineway.db);
+		const siteName = (await options.get<string>("dineway:site_title")) ?? undefined;
+		const siteUrl = getPublicOrigin(url, dineway?.config);
+		const passkeyConfig = getPasskeyConfig(url, siteName, siteUrl);
+		// Verify the passkey registration response
+		const challengeStore = createChallengeStore(dineway.db);
+		const verified = await verifyRegistrationResponse(
+			passkeyConfig,
+			body.credential,
+			challengeStore,
+		);
+		// Complete the signup - creates the user
+		const user = await completeSignup(adapter, body.token, {
+			name: body.name,
+		});
+		// Register the passkey for the new user
+		await registerPasskey(adapter, user.id, verified, "Initial passkey");
+		// Create session
+		if (session) {
+			session.set("user", { id: user.id });
+		}
+		return apiSuccess({
+			success: true,
+			user: {
+				id: user.id,
+				email: user.email,
+				name: user.name,
+				role: user.role,
+			},
+		});
+	} catch (error) {
+		if (error instanceof SignupError) {
+			const statusMap: Record<string, number> = {
+				invalid_token: 404,
+				token_expired: 410,
+				user_exists: 409,
+				domain_not_allowed: 403,
+			};
+			return apiError(error.code.toUpperCase(), error.message, statusMap[error.code] ?? 400);
+		}
+		return handleError(error, "Failed to complete signup", "SIGNUP_COMPLETE_ERROR");
+	}
+};

package/src/astro/routes/api/auth/signup/request.ts ADDED Viewed

@@ -0,0 +1,89 @@
+/**
+ * POST /_dineway/api/auth/signup/request
+ *
+ * Request self-signup. Sends verification email if domain is allowed.
+ * Always returns 200 to prevent email enumeration.
+ *
+ * Rate limited: 3 requests per 5 minutes per IP. Mirrors magic-link/send.
+ */
+import type { APIRoute } from "astro";
+export const prerender = false;
+import { requestSignup } from "@dineway-ai/auth";
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+import { apiError, apiSuccess } from "#api/error.js";
+import { isParseError, parseBody } from "#api/parse.js";
+import { signupRequestBody } from "#api/schemas.js";
+import { getSiteBaseUrl } from "#api/site-url.js";
+import { checkRateLimit, getClientIp } from "#auth/rate-limit.js";
+import { getTrustedProxyHeaders } from "#auth/trusted-proxy.js";
+import { OptionsRepository } from "#db/repositories/options.js";
+const GENERIC_SUCCESS = {
+	success: true,
+	message: "If your email domain is allowed, you'll receive a verification email.",
+};
+export const POST: APIRoute = async ({ request, locals }) => {
+	const { dineway } = locals;
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	}
+	// Check if email pipeline is available
+	if (!dineway.email?.isAvailable()) {
+		return apiError(
+			"EMAIL_NOT_CONFIGURED",
+			"Email not configured. Self-signup is unavailable.",
+			503,
+		);
+	}
+	try {
+		const body = await parseBody(request, signupRequestBody);
+		if (isParseError(body)) return body;
+		// Rate limit: 3 requests per 300 seconds per IP. Return the same
+		// response as the normal path so callers cannot observe the limit.
+		const trustedHeaders = getTrustedProxyHeaders(dineway.config);
+		const ip = getClientIp(request, trustedHeaders);
+		const rateLimit = await checkRateLimit(dineway.db, ip, "signup/request", 3, 300);
+		if (!rateLimit.allowed) {
+			return apiSuccess(GENERIC_SUCCESS);
+		}
+		const adapter = createKyselyAdapter(dineway.db);
+		// Get site config for signup email
+		const options = new OptionsRepository(dineway.db);
+		const siteName = (await options.get<string>("dineway:site_title")) || "Dineway";
+		// Use stored site URL to prevent Host header spoofing in signup emails
+		const baseUrl = await getSiteBaseUrl(dineway.db, request);
+		// Request signup - this handles all checks internally and fails silently
+		// if domain not allowed or user exists (to prevent enumeration)
+		await requestSignup(
+			{
+				baseUrl,
+				siteName,
+				email: (message) => dineway.email!.send(message, "system"),
+			},
+			adapter,
+			body.email.toLowerCase().trim(),
+		);
+		// Always return success to prevent email enumeration
+		return apiSuccess(GENERIC_SUCCESS);
+	} catch (error) {
+		console.error("Signup request error:", error);
+		// Don't reveal internal errors - just return generic success
+		// to prevent information leakage
+		return apiSuccess(GENERIC_SUCCESS);
+	}
+};

package/src/astro/routes/api/auth/signup/verify.ts ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * GET /_dineway/api/auth/signup/verify
+ *
+ * Validate a signup verification token (called when user clicks email link).
+ * Returns the email and role for the UI to display.
+ */
+import type { APIRoute } from "astro";
+export const prerender = false;
+import { validateSignupToken, SignupError, roleFromLevel } from "@dineway-ai/auth";
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+import { apiError, apiSuccess, handleError } from "#api/error.js";
+export const GET: APIRoute = async ({ url, locals }) => {
+	const { dineway } = locals;
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	}
+	const token = url.searchParams.get("token");
+	if (!token) {
+		return apiError("MISSING_PARAM", "Token is required", 400);
+	}
+	try {
+		const adapter = createKyselyAdapter(dineway.db);
+		const result = await validateSignupToken(adapter, token);
+		return apiSuccess({
+			success: true,
+			email: result.email,
+			role: result.role,
+			roleName: roleFromLevel(result.role),
+		});
+	} catch (error) {
+		if (error instanceof SignupError) {
+			const statusMap: Record<string, number> = {
+				invalid_token: 404,
+				token_expired: 410,
+				user_exists: 409,
+				domain_not_allowed: 403,
+			};
+			return apiError(error.code.toUpperCase(), error.message, statusMap[error.code] ?? 400);
+		}
+		return handleError(error, "Failed to validate signup token", "SIGNUP_VERIFY_ERROR");
+	}
+};