emdash 0.0.0-a → 0.0.1

package/src/astro/routes/api/media/[id].ts

@@ -0,0 +1,145 @@
+/**
+ * Single media item endpoint
+ *
+ * GET /_emdash/api/media/:id - Get media item
+ * PUT /_emdash/api/media/:id - Update media metadata
+ * DELETE /_emdash/api/media/:id - Delete media item
+ */
+
+import type { APIRoute } from "astro";
+
+import { requireOwnerPerm, requirePerm } from "#api/authorize.js";
+import { apiError, handleError, unwrapResult } from "#api/error.js";
+import { isParseError, parseBody } from "#api/parse.js";
+import { mediaUpdateBody } from "#api/schemas.js";
+
+export const prerender = false;
+
+/**
+ * Get media item
+ */
+export const GET: APIRoute = async ({ params, locals }) => {
+	const { emdash, user } = locals;
+	const { id } = params;
+
+	const readDenied = requirePerm(user, "media:read");
+	if (readDenied) return readDenied;
+
+	if (!id) {
+		return apiError("INVALID_REQUEST", "Media ID required", 400);
+	}
+
+	if (!emdash?.handleMediaGet) {
+		return apiError("NOT_CONFIGURED", "EmDash is not initialized", 500);
+	}
+
+	const result = await emdash.handleMediaGet(id);
+	return unwrapResult(result);
+};
+
+/**
+ * Update media metadata
+ *
+ * Authors can edit their own media; editors+ can edit any.
+ */
+export const PUT: APIRoute = async ({ params, request, locals }) => {
+	const { emdash, user } = locals;
+	const { id } = params;
+
+	// Minimum permission gate — ownership checked below
+	const editDenied = requirePerm(user, "media:edit_own");
+	if (editDenied) return editDenied;
+
+	if (!id) {
+		return apiError("INVALID_REQUEST", "Media ID required", 400);
+	}
+
+	if (!emdash?.handleMediaGet || !emdash?.handleMediaUpdate) {
+		return apiError("NOT_CONFIGURED", "EmDash is not initialized", 500);
+	}
+
+	try {
+		// Fetch media item for ownership check
+		const getResult = await emdash.handleMediaGet(id);
+		if (!getResult.success || !getResult.data?.item) {
+			return apiError("NOT_FOUND", "Media item not found", 404);
+		}
+
+		const media = getResult.data.item;
+
+		// Ownership check: authors can edit own, editors+ can edit any
+		const ownerDenied = requireOwnerPerm(user, media.authorId, "media:edit_own", "media:edit_any");
+		if (ownerDenied) return ownerDenied;
+
+		const body = await parseBody(request, mediaUpdateBody);
+		if (isParseError(body)) return body;
+
+		const result = await emdash.handleMediaUpdate(id, {
+			alt: body.alt,
+			caption: body.caption,
+			width: body.width,
+			height: body.height,
+		});
+
+		return unwrapResult(result);
+	} catch (error) {
+		return handleError(error, "Failed to update media", "MEDIA_UPDATE_ERROR");
+	}
+};
+
+/**
+ * Delete media item
+ *
+ * Authors can delete their own media; editors+ can delete any.
+ */
+export const DELETE: APIRoute = async ({ params, locals }) => {
+	const { emdash, user } = locals;
+	const { id } = params;
+
+	// Minimum permission gate — ownership checked below
+	const deleteDenied = requirePerm(user, "media:delete_own");
+	if (deleteDenied) return deleteDenied;
+
+	if (!id) {
+		return apiError("INVALID_REQUEST", "Media ID required", 400);
+	}
+
+	if (!emdash?.handleMediaGet || !emdash?.handleMediaDelete) {
+		return apiError("NOT_CONFIGURED", "EmDash is not initialized", 500);
+	}
+
+	try {
+		// Fetch media item for ownership check and storage key
+		const getResult = await emdash.handleMediaGet(id);
+		if (!getResult.success || !getResult.data?.item) {
+			return apiError("NOT_FOUND", "Media item not found", 404);
+		}
+
+		const media = getResult.data.item;
+
+		// Ownership check: authors can delete own, editors+ can delete any
+		const ownerDenied = requireOwnerPerm(
+			user,
+			media.authorId,
+			"media:delete_own",
+			"media:delete_any",
+		);
+		if (ownerDenied) return ownerDenied;
+
+		// Delete file from storage via the storage adapter
+		if (emdash.storage) {
+			try {
+				await emdash.storage.delete(media.storageKey);
+			} catch {
+				// Best-effort — continue with database deletion
+			}
+		}
+
+		// Delete from database
+		const result = await emdash.handleMediaDelete(id);
+
+		return unwrapResult(result);
+	} catch (error) {
+		return handleError(error, "Failed to delete media", "MEDIA_DELETE_ERROR");
+	}
+};

package/src/astro/routes/api/media/file/[key].ts

@@ -0,0 +1,79 @@
+/**
+ * Serve uploaded media files
+ *
+ * GET /_emdash/api/media/file/:key - Serve file from storage
+ */
+
+import type { APIRoute } from "astro";
+
+import { apiError, handleError } from "#api/error.js";
+
+export const prerender = false;
+
+/**
+ * Content types that are safe to display inline (simple raster/vector images, video, audio).
+ * Everything else gets Content-Disposition: attachment to prevent script execution.
+ */
+const SAFE_INLINE_TYPES = new Set([
+	"image/jpeg",
+	"image/png",
+	"image/gif",
+	"image/webp",
+	"image/avif",
+	"image/x-icon",
+	"video/mp4",
+	"video/webm",
+	"audio/mpeg",
+	"audio/wav",
+	"audio/ogg",
+]);
+
+export const GET: APIRoute = async ({ params, locals }) => {
+	const { key } = params;
+	const { emdash } = locals;
+
+	if (!key) {
+		return apiError("NOT_FOUND", "File not found", 404);
+	}
+
+	if (!emdash?.storage) {
+		return apiError("NOT_CONFIGURED", "Storage not configured", 500);
+	}
+
+	try {
+		const result = await emdash.storage.download(key);
+
+		const headers: Record<string, string> = {
+			"Content-Type": result.contentType,
+			"Cache-Control": "public, max-age=31536000, immutable",
+			"X-Content-Type-Options": "nosniff",
+			// Sandbox CSP on all user-uploaded content — prevents script execution
+			// even for SVGs navigated to directly or content types that support scripting.
+			"Content-Security-Policy":
+				"sandbox; default-src 'none'; img-src 'self'; style-src 'unsafe-inline'",
+		};
+
+		if (result.size) {
+			headers["Content-Length"] = String(result.size);
+		}
+
+		// Safe image/media types can render inline; everything else (SVG, PDF,
+		// HTML, JS, etc.) must be downloaded to prevent stored XSS.
+		if (SAFE_INLINE_TYPES.has(result.contentType)) {
+			headers["Content-Disposition"] = "inline";
+		} else {
+			headers["Content-Disposition"] = "attachment";
+		}
+
+		return new Response(result.body, { status: 200, headers });
+	} catch (error) {
+		// Check if it's a "not found" error
+		if (
+			error instanceof Error &&
+			(error.message.includes("not found") || error.message.includes("NOT_FOUND"))
+		) {
+			return apiError("NOT_FOUND", "File not found", 404);
+		}
+		return handleError(error, "Failed to serve file", "FILE_SERVE_ERROR");
+	}
+};

package/src/astro/routes/api/media/providers/[providerId]/[itemId].ts

@@ -0,0 +1,86 @@
+/**
+ * Media Provider Item Endpoint
+ *
+ * GET /_emdash/api/media/providers/:providerId/:itemId - Get single item
+ * DELETE /_emdash/api/media/providers/:providerId/:itemId - Delete item
+ */
+
+import type { APIRoute } from "astro";
+
+import { apiError, apiSuccess, handleError } from "#api/error.js";
+
+export const prerender = false;
+
+/**
+ * Get a single media item from a provider
+ */
+export const GET: APIRoute = async ({ params, locals }) => {
+	const { emdash } = locals;
+	const { providerId, itemId } = params;
+
+	if (!providerId || !itemId) {
+		return apiError("INVALID_REQUEST", "Provider ID and Item ID required", 400);
+	}
+
+	if (!emdash?.getMediaProvider) {
+		return apiError("NOT_CONFIGURED", "EmDash is not initialized", 500);
+	}
+
+	const provider = emdash.getMediaProvider(providerId);
+	if (!provider) {
+		return apiError("NOT_FOUND", `Provider "${providerId}" not found`, 404);
+	}
+
+	if (!provider.get) {
+		return apiError(
+			"NOT_SUPPORTED",
+			`Provider "${providerId}" does not support getting individual items`,
+			400,
+		);
+	}
+
+	try {
+		const item = await provider.get(itemId);
+
+		if (!item) {
+			return apiError("NOT_FOUND", "Item not found", 404);
+		}
+
+		return apiSuccess({ item });
+	} catch (error) {
+		return handleError(error, "Failed to get item from provider", "PROVIDER_GET_ERROR");
+	}
+};
+
+/**
+ * Delete a media item from a provider
+ */
+export const DELETE: APIRoute = async ({ params, locals }) => {
+	const { emdash } = locals;
+	const { providerId, itemId } = params;
+
+	if (!providerId || !itemId) {
+		return apiError("INVALID_REQUEST", "Provider ID and Item ID required", 400);
+	}
+
+	if (!emdash?.getMediaProvider) {
+		return apiError("NOT_CONFIGURED", "EmDash is not initialized", 500);
+	}
+
+	const provider = emdash.getMediaProvider(providerId);
+	if (!provider) {
+		return apiError("NOT_FOUND", `Provider "${providerId}" not found`, 404);
+	}
+
+	if (!provider.delete) {
+		return apiError("NOT_SUPPORTED", `Provider "${providerId}" does not support deletion`, 400);
+	}
+
+	try {
+		await provider.delete(itemId);
+
+		return apiSuccess({ deleted: true });
+	} catch (error) {
+		return handleError(error, "Failed to delete item from provider", "PROVIDER_DELETE_ERROR");
+	}
+};

package/src/astro/routes/api/media/providers/[providerId]/index.ts

@@ -0,0 +1,111 @@
+/**
+ * Media Provider List/Upload Endpoint
+ *
+ * GET /_emdash/api/media/providers/:providerId - List media from provider
+ * POST /_emdash/api/media/providers/:providerId - Upload to provider
+ */
+
+import type { APIRoute } from "astro";
+
+import { requirePerm } from "#api/authorize.js";
+import { apiError, apiSuccess, handleError } from "#api/error.js";
+
+export const prerender = false;
+
+/**
+ * List media from a specific provider
+ */
+export const GET: APIRoute = async ({ params, request, locals }) => {
+	const { emdash, user } = locals;
+	const { providerId } = params;
+
+	const readDenied = requirePerm(user, "media:read");
+	if (readDenied) return readDenied;
+
+	if (!providerId) {
+		return apiError("INVALID_REQUEST", "Provider ID required", 400);
+	}
+
+	if (!emdash?.getMediaProvider) {
+		return apiError("NOT_CONFIGURED", "EmDash is not initialized", 500);
+	}
+
+	const provider = emdash.getMediaProvider(providerId);
+	if (!provider) {
+		return apiError("NOT_FOUND", `Provider "${providerId}" not found`, 404);
+	}
+
+	const url = new URL(request.url);
+	const cursor = url.searchParams.get("cursor") || undefined;
+	const limit = url.searchParams.get("limit")
+		? parseInt(url.searchParams.get("limit")!, 10)
+		: undefined;
+	const query = url.searchParams.get("query") || undefined;
+	const mimeType = url.searchParams.get("mimeType") || undefined;
+
+	try {
+		const result = await provider.list({
+			cursor,
+			limit,
+			query,
+			mimeType,
+		});
+
+		return apiSuccess({
+			items: result.items,
+			nextCursor: result.nextCursor,
+		});
+	} catch (error) {
+		return handleError(error, "Failed to list media from provider", "PROVIDER_LIST_ERROR");
+	}
+};
+
+/**
+ * Upload media to a specific provider
+ */
+export const POST: APIRoute = async ({ params, request, locals }) => {
+	const { emdash, user } = locals;
+	const { providerId } = params;
+
+	const uploadDenied = requirePerm(user, "media:upload");
+	if (uploadDenied) return uploadDenied;
+
+	if (!providerId) {
+		return apiError("INVALID_REQUEST", "Provider ID required", 400);
+	}
+
+	if (!emdash?.getMediaProvider) {
+		return apiError("NOT_CONFIGURED", "EmDash is not initialized", 500);
+	}
+
+	const provider = emdash.getMediaProvider(providerId);
+	if (!provider) {
+		return apiError("NOT_FOUND", `Provider "${providerId}" not found`, 404);
+	}
+
+	if (!provider.upload) {
+		return apiError("NOT_SUPPORTED", `Provider "${providerId}" does not support uploads`, 400);
+	}
+
+	try {
+		const formData = await request.formData();
+		const fileEntry = formData.get("file");
+		const file = fileEntry instanceof File ? fileEntry : null;
+		const altEntry = formData.get("alt");
+		const alt = typeof altEntry === "string" ? altEntry : null;
+
+		if (!file) {
+			return apiError("NO_FILE", "No file provided", 400);
+		}
+
+		const item = await provider.upload({
+			file,
+			filename: file.name,
+			alt: alt || undefined,
+		});
+
+		return apiSuccess({ item }, 201);
+	} catch (error) {
+		return handleError(error, "Failed to upload to provider", "PROVIDER_UPLOAD_ERROR");
+	}
+};

package/src/astro/routes/api/media/providers/index.ts

@@ -0,0 +1,30 @@
+/**
+ * Media Providers List Endpoint
+ *
+ * GET /_emdash/api/media/providers - List all configured media providers
+ */
+
+import type { APIRoute } from "astro";
+
+import { requirePerm } from "#api/authorize.js";
+import { apiError, apiSuccess } from "#api/error.js";
+
+export const prerender = false;
+
+/**
+ * List all configured media providers
+ */
+export const GET: APIRoute = async ({ locals }) => {
+	const { emdash, user } = locals;
+
+	const denied = requirePerm(user, "media:read");
+	if (denied) return denied;
+
+	if (!emdash?.getMediaProviderList) {
+		return apiError("NOT_CONFIGURED", "EmDash is not initialized", 500);
+	}
+
+	const providers = emdash.getMediaProviderList();
+
+	return apiSuccess({ items: providers });
+};

package/src/astro/routes/api/media/upload-url.ts

@@ -0,0 +1,137 @@
+/**
+ * Media upload URL endpoint
+ *
+ * POST /_emdash/api/media/upload-url
+ *
+ * Returns a signed URL for direct upload to storage.
+ * Creates a pending media record that must be confirmed after upload.
+ */
+
+import * as path from "node:path";
+
+import type { APIRoute } from "astro";
+import { MediaRepository } from "emdash";
+import { ulid } from "ulidx";
+
+import { requirePerm } from "#api/authorize.js";
+import { apiError, apiSuccess, handleError } from "#api/error.js";
+import { isParseError, parseBody } from "#api/parse.js";
+import { mediaUploadUrlBody } from "#api/schemas.js";
+
+export const prerender = false;
+
+interface UploadUrlResponse {
+	uploadUrl: string;
+	method: "PUT";
+	headers: Record<string, string>;
+	mediaId: string;
+	storageKey: string;
+	expiresAt: string;
+}
+
+/** Response when content already exists (deduplication) */
+interface ExistingMediaResponse {
+	existing: true;
+	mediaId: string;
+	storageKey: string;
+	url: string;
+}
+
+/**
+ * Get a signed upload URL for direct-to-storage upload
+ */
+export const POST: APIRoute = async ({ request, locals }) => {
+	const { emdash, user } = locals;
+
+	const denied = requirePerm(user, "media:upload");
+	if (denied) return denied;
+
+	if (!emdash?.storage) {
+		return apiError(
+			"NO_STORAGE",
+			"Storage not configured. Signed URL uploads require S3-compatible storage.",
+			501,
+		);
+	}
+
+	if (!emdash?.db) {
+		return apiError("NOT_CONFIGURED", "EmDash is not initialized", 500);
+	}
+
+	try {
+		const body = await parseBody(request, mediaUploadUrlBody);
+		if (isParseError(body)) return body;
+
+		// Validate content type
+		const allowedTypes = ["image/", "video/", "audio/", "application/pdf"];
+		if (!allowedTypes.some((type) => body.contentType.startsWith(type))) {
+			return apiError("INVALID_TYPE", "File type not allowed", 400);
+		}
+
+		const repo = new MediaRepository(emdash.db);
+
+		// Check for existing content with same hash (deduplication)
+		if (body.contentHash) {
+			const existing = await repo.findByContentHash(body.contentHash);
+			if (existing) {
+				const response: ExistingMediaResponse = {
+					existing: true,
+					mediaId: existing.id,
+					storageKey: existing.storageKey,
+					url: `/_emdash/api/media/file/${existing.storageKey}`,
+				};
+				return apiSuccess(response);
+			}
+		}
+
+		// Generate unique storage key
+		const id = ulid();
+		const ext = path.extname(body.filename) || "";
+		const storageKey = `${id}${ext}`;
+
+		// Create pending media record with content hash
+		const mediaItem = await repo.createPending({
+			filename: body.filename,
+			mimeType: body.contentType,
+			size: body.size,
+			storageKey,
+			contentHash: body.contentHash,
+			authorId: user?.id,
+		});
+
+		// Get signed upload URL from storage
+		const signedUrl = await emdash.storage.getSignedUploadUrl({
+			key: storageKey,
+			contentType: body.contentType,
+			size: body.size,
+			expiresIn: 3600, // 1 hour
+		});
+
+		const response: UploadUrlResponse = {
+			uploadUrl: signedUrl.url,
+			method: signedUrl.method,
+			headers: signedUrl.headers,
+			mediaId: mediaItem.id,
+			storageKey,
+			expiresAt: signedUrl.expiresAt,
+		};
+
+		return apiSuccess(response);
+	} catch (error) {
+		// Check if storage doesn't support signed URLs (e.g., local storage)
+		if (
+			error instanceof Error &&
+			"code" in error &&
+			// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- narrowing error to check custom code property after "code" in error guard
+			(error as { code: string }).code === "NOT_SUPPORTED"
+		) {
+			return apiError(
+				"NOT_SUPPORTED",
+				"Storage does not support signed upload URLs. Use direct upload.",
+				501,
+			);
+		}
+
+		return handleError(error, "Failed to generate upload URL", "UPLOAD_URL_ERROR");
+	}
+};