npm - emdash - Versions diffs - 0.11.1 → 0.13.0 - Mend

emdash 0.11.1 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1016) hide show

package/dist/astro/routes/api/auth/passkey/register/verify.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verify.mjs","names":[],"sources":["../../../../../../../src/astro/routes/api/auth/passkey/register/verify.ts"],"sourcesContent":["/**\n * POST /_emdash/api/auth/passkey/register/verify\n *\n * Verify and store a new passkey credential (authenticated user)\n */\n\nimport type { APIRoute } from \"astro\";\n\nexport const prerender = false;\n\nimport { createKyselyAdapter } from \"@emdash-cms/auth/adapters/kysely\";\nimport { verifyRegistrationResponse, registerPasskey } from \"@emdash-cms/auth/passkey\";\n\nimport { apiError, apiSuccess } from \"#api/error.js\";\nimport { isParseError, parseBody } from \"#api/parse.js\";\nimport { getPublicOrigin } from \"#api/public-url.js\";\nimport { passkeyRegisterVerifyBody } from \"#api/schemas.js\";\nimport { getConfiguredAllowedOrigins, validateAllowedOrigins } from \"#auth/allowed-origins.js\";\nimport { createChallengeStore } from \"#auth/challenge-store.js\";\nimport { getPasskeyConfig } from \"#auth/passkey-config.js\";\nimport { OptionsRepository } from \"#db/repositories/options.js\";\n\nconst MAX_PASSKEYS = 10;\n\ninterface PasskeyResponse {\n\tid: string;\n\tname: string | null;\n\tdeviceType: \"singleDevice\" | \"multiDevice\";\n\tbackedUp: boolean;\n\tcreatedAt: string;\n\tlastUsedAt: string;\n}\n\nexport const POST: APIRoute = async ({ request, locals }) => {\n\tconst { emdash, user } = locals;\n\n\tif (!emdash?.db) {\n\t\treturn apiError(\"NOT_CONFIGURED\", \"EmDash is not initialized\", 500);\n\t}\n\n\t// Require authentication\n\tif (!user) {\n\t\treturn apiError(\"NOT_AUTHENTICATED\", \"Not authenticated\", 401);\n\t}\n\n\ttry {\n\t\tconst adapter = createKyselyAdapter(emdash.db);\n\n\t\t// Check passkey limit again (in case of concurrent requests)\n\t\tconst count = await adapter.countCredentialsByUserId(user.id);\n\t\tif (count >= MAX_PASSKEYS) {\n\t\t\treturn apiError(\"PASSKEY_LIMIT\", `Maximum of ${MAX_PASSKEYS} passkeys allowed`, 400);\n\t\t}\n\n\t\t// Parse request body\n\t\tconst body = await parseBody(request, passkeyRegisterVerifyBody);\n\t\tif (isParseError(body)) return body;\n\n\t\t// Get passkey config\n\t\tconst url = new URL(request.url);\n\t\tconst optionsRepo = new OptionsRepository(emdash.db);\n\t\tconst siteName = (await optionsRepo.get<string>(\"emdash:site_title\")) ?? undefined;\n\t\tconst siteUrl = getPublicOrigin(url, emdash?.config);\n\t\tconst allowedOrigins = validateAllowedOrigins(\n\t\t\tsiteUrl,\n\t\t\tgetConfiguredAllowedOrigins(emdash?.config),\n\t\t);\n\t\tconst passkeyConfig = getPasskeyConfig(url, siteName, siteUrl, allowedOrigins);\n\n\t\t// Verify the registration response\n\t\tconst challengeStore = createChallengeStore(emdash.db);\n\t\tconst verified = await verifyRegistrationResponse(\n\t\t\tpasskeyConfig,\n\t\t\tbody.credential,\n\t\t\tchallengeStore,\n\t\t);\n\n\t\t// Get passkey name - prefer body.name, then check stored pending name\n\t\tlet passKeyName: string | undefined = body.name ?? undefined;\n\t\tif (!passKeyName) {\n\t\t\tconst pending = await optionsRepo.get<{ name?: string }>(`emdash:passkey_pending:${user.id}`);\n\t\t\tif (pending?.name) {\n\t\t\t\tpassKeyName = pending.name;\n\t\t\t}\n\t\t}\n\n\t\t// Clean up pending state\n\t\tawait optionsRepo.delete(`emdash:passkey_pending:${user.id}`);\n\n\t\t// Register the passkey\n\t\tconst credential = await registerPasskey(adapter, user.id, verified, passKeyName);\n\n\t\t// Return the new passkey info\n\t\tconst passkey: PasskeyResponse = {\n\t\t\tid: credential.id,\n\t\t\tname: credential.name,\n\t\t\tdeviceType: credential.deviceType,\n\t\t\tbackedUp: credential.backedUp,\n\t\t\tcreatedAt: credential.createdAt.toISOString(),\n\t\t\tlastUsedAt: credential.lastUsedAt.toISOString(),\n\t\t};\n\n\t\treturn apiSuccess({ passkey });\n\t} catch (error) {\n\t\tconsole.error(\"Passkey registration verify error:\", error);\n\n\t\t// Handle specific errors\n\t\tconst message = error instanceof Error ? error.message : \"\";\n\n\t\t// Check for duplicate credential error\n\t\tif (message.includes(\"credential_exists\") || message.includes(\"already\")) {\n\t\t\treturn apiError(\"CREDENTIAL_EXISTS\", \"This passkey is already registered\", 400);\n\t\t}\n\n\t\t// Check for challenge errors\n\t\tif (message.includes(\"challenge\") || message.includes(\"expired\")) {\n\t\t\treturn apiError(\"CHALLENGE_EXPIRED\", \"Registration expired. Please try again.\", 400);\n\t\t}\n\n\t\treturn apiError(\"PASSKEY_REGISTER_ERROR\", \"Registration failed\", 500);\n\t}\n};\n"],"mappings":";;;;;;;;;;;;;;;;AAQA,MAAa,YAAY;AAczB,MAAM,eAAe;AAWrB,MAAa,OAAiB,OAAO,EAAE,SAAS,aAAa;CAC5D,MAAM,EAAE,QAAQ,SAAS;AAEzB,KAAI,CAAC,QAAQ,GACZ,QAAO,SAAS,kBAAkB,6BAA6B,IAAI;AAIpE,KAAI,CAAC,KACJ,QAAO,SAAS,qBAAqB,qBAAqB,IAAI;AAG/D,KAAI;EACH,MAAM,UAAU,oBAAoB,OAAO,GAAG;AAI9C,MADc,MAAM,QAAQ,yBAAyB,KAAK,GAAG,IAChD,aACZ,QAAO,SAAS,iBAAiB,cAAc,aAAa,oBAAoB,IAAI;EAIrF,MAAM,OAAO,MAAM,UAAU,SAAS,0BAA0B;AAChE,MAAI,aAAa,KAAK,CAAE,QAAO;EAG/B,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;EAChC,MAAM,cAAc,IAAI,kBAAkB,OAAO,GAAG;EACpD,MAAM,WAAY,MAAM,YAAY,IAAY,oBAAoB,IAAK;EACzE,MAAM,UAAU,gBAAgB,KAAK,QAAQ,OAAO;EAKpD,MAAM,gBAAgB,iBAAiB,KAAK,UAAU,SAJ/B,uBACtB,SACA,4BAA4B,QAAQ,OAAO,CAC3C,CAC6E;EAG9E,MAAM,iBAAiB,qBAAqB,OAAO,GAAG;EACtD,MAAM,WAAW,MAAM,2BACtB,eACA,KAAK,YACL,eACA;EAGD,IAAI,cAAkC,KAAK,QAAQ;AACnD,MAAI,CAAC,aAAa;GACjB,MAAM,UAAU,MAAM,YAAY,IAAuB,0BAA0B,KAAK,KAAK;AAC7F,OAAI,SAAS,KACZ,eAAc,QAAQ;;AAKxB,QAAM,YAAY,OAAO,0BAA0B,KAAK,KAAK;EAG7D,MAAM,aAAa,MAAM,gBAAgB,SAAS,KAAK,IAAI,UAAU,YAAY;AAYjF,SAAO,WAAW,EAAE,SATa;GAChC,IAAI,WAAW;GACf,MAAM,WAAW;GACjB,YAAY,WAAW;GACvB,UAAU,WAAW;GACrB,WAAW,WAAW,UAAU,aAAa;GAC7C,YAAY,WAAW,WAAW,aAAa;GAC/C,EAE4B,CAAC;UACtB,OAAO;AACf,UAAQ,MAAM,sCAAsC,MAAM;EAG1D,MAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU;AAGzD,MAAI,QAAQ,SAAS,oBAAoB,IAAI,QAAQ,SAAS,UAAU,CACvE,QAAO,SAAS,qBAAqB,sCAAsC,IAAI;AAIhF,MAAI,QAAQ,SAAS,YAAY,IAAI,QAAQ,SAAS,UAAU,CAC/D,QAAO,SAAS,qBAAqB,2CAA2C,IAAI;AAGrF,SAAO,SAAS,0BAA0B,uBAAuB,IAAI"}

package/dist/astro/routes/api/auth/passkey/verify.d.mts ADDED Viewed

@@ -0,0 +1,8 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/auth/passkey/verify.d.ts
+declare const prerender = false;
+declare const POST: APIRoute;
+//#endregion
+export { POST, prerender };
+//# sourceMappingURL=verify.d.mts.map

package/dist/astro/routes/api/auth/passkey/verify.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verify.d.mts","names":[],"sources":["../../../../../../src/astro/routes/api/auth/passkey/verify.ts"],"mappings":";;;cAQa,SAAA;AAAA,cAcA,IAAA,EAAM,QAAA"}

package/dist/astro/routes/api/auth/passkey/verify.mjs ADDED Viewed

@@ -0,0 +1,49 @@
+import "../../../../../base64-CqR-7kqF.mjs";
+import "../../../../../types-CwXMEPRr.mjs";
+import { t as OptionsRepository } from "../../../../../options-BL4X94qY.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-tSQWIl5U.mjs";
+import { n as parseBody, t as isParseError } from "../../../../../parse-BFTPon-J.mjs";
+import "../../../../../redirects-Dmj6KRU3.mjs";
+import { x as passkeyVerifyBody } from "../../../../../setup-BGAJ2uXs.mjs";
+import "../../../../../api/schemas/index.mjs";
+import { n as getPublicOrigin } from "../../../../../public-url-CseXl9Fv.mjs";
+import { n as validateAllowedOrigins, t as getConfiguredAllowedOrigins } from "../../../../../allowed-origins-CDdG-4Gd.mjs";
+import { n as createChallengeStore } from "../../../../../challenge-store-CJ0OOHOr.mjs";
+import { t as getPasskeyConfig } from "../../../../../passkey-config-Cg86_ISa.mjs";
+import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
+import { PasskeyAuthenticationError, authenticateWithPasskey } from "@emdash-cms/auth/passkey";
+//#region src/astro/routes/api/auth/passkey/verify.ts
+const prerender = false;
+const POST = async ({ request, locals, session }) => {
+	const { emdash } = locals;
+	if (!emdash?.db) return apiError("NOT_CONFIGURED", "EmDash is not initialized", 500);
+	try {
+		const body = await parseBody(request, passkeyVerifyBody);
+		if (isParseError(body)) return body;
+		const url = new URL(request.url);
+		const siteName = await new OptionsRepository(emdash.db).get("emdash:site_title") ?? void 0;
+		const siteUrl = getPublicOrigin(url, emdash?.config);
+		const passkeyConfig = getPasskeyConfig(url, siteName, siteUrl, validateAllowedOrigins(siteUrl, getConfiguredAllowedOrigins(emdash?.config)));
+		const adapter = createKyselyAdapter(emdash.db);
+		const challengeStore = createChallengeStore(emdash.db);
+		const user = await authenticateWithPasskey(passkeyConfig, adapter, body.credential, challengeStore);
+		if (session) session.set("user", { id: user.id });
+		return apiSuccess({
+			success: true,
+			user: {
+				id: user.id,
+				email: user.email,
+				name: user.name,
+				role: user.role
+			}
+		});
+	} catch (error) {
+		if (error instanceof PasskeyAuthenticationError) return apiError("UNAUTHORIZED", "Authentication failed", 401);
+		return handleError(error, "Authentication failed", "PASSKEY_VERIFY_ERROR");
+	}
+};
+//#endregion
+export { POST, prerender };
+//# sourceMappingURL=verify.mjs.map

package/dist/astro/routes/api/auth/passkey/verify.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verify.mjs","names":[],"sources":["../../../../../../src/astro/routes/api/auth/passkey/verify.ts"],"sourcesContent":["/**\n * POST /_emdash/api/auth/passkey/verify\n *\n * Verify a passkey authentication and create a session\n */\n\nimport type { APIRoute } from \"astro\";\n\nexport const prerender = false;\n\nimport { createKyselyAdapter } from \"@emdash-cms/auth/adapters/kysely\";\nimport { authenticateWithPasskey, PasskeyAuthenticationError } from \"@emdash-cms/auth/passkey\";\n\nimport { apiError, apiSuccess, handleError } from \"#api/error.js\";\nimport { isParseError, parseBody } from \"#api/parse.js\";\nimport { getPublicOrigin } from \"#api/public-url.js\";\nimport { passkeyVerifyBody } from \"#api/schemas.js\";\nimport { getConfiguredAllowedOrigins, validateAllowedOrigins } from \"#auth/allowed-origins.js\";\nimport { createChallengeStore } from \"#auth/challenge-store.js\";\nimport { getPasskeyConfig } from \"#auth/passkey-config.js\";\nimport { OptionsRepository } from \"#db/repositories/options.js\";\n\nexport const POST: APIRoute = async ({ request, locals, session }) => {\n\tconst { emdash } = locals;\n\n\tif (!emdash?.db) {\n\t\treturn apiError(\"NOT_CONFIGURED\", \"EmDash is not initialized\", 500);\n\t}\n\n\ttry {\n\t\tconst body = await parseBody(request, passkeyVerifyBody);\n\t\tif (isParseError(body)) return body;\n\n\t\t// Get passkey config\n\t\tconst url = new URL(request.url);\n\t\tconst options = new OptionsRepository(emdash.db);\n\t\tconst siteName = (await options.get<string>(\"emdash:site_title\")) ?? undefined;\n\t\tconst siteUrl = getPublicOrigin(url, emdash?.config);\n\t\tconst allowedOrigins = validateAllowedOrigins(\n\t\t\tsiteUrl,\n\t\t\tgetConfiguredAllowedOrigins(emdash?.config),\n\t\t);\n\t\tconst passkeyConfig = getPasskeyConfig(url, siteName, siteUrl, allowedOrigins);\n\n\t\t// Authenticate with passkey\n\t\tconst adapter = createKyselyAdapter(emdash.db);\n\t\tconst challengeStore = createChallengeStore(emdash.db);\n\n\t\tconst user = await authenticateWithPasskey(\n\t\t\tpasskeyConfig,\n\t\t\tadapter,\n\t\t\tbody.credential,\n\t\t\tchallengeStore,\n\t\t);\n\n\t\t// Create session\n\t\tif (session) {\n\t\t\tsession.set(\"user\", { id: user.id });\n\t\t}\n\n\t\treturn apiSuccess({\n\t\t\tsuccess: true,\n\t\t\tuser: {\n\t\t\t\tid: user.id,\n\t\t\t\temail: user.email,\n\t\t\t\tname: user.name,\n\t\t\t\trole: user.role,\n\t\t\t},\n\t\t});\n\t} catch (error) {\n\t\tif (error instanceof PasskeyAuthenticationError) {\n\t\t\treturn apiError(\"UNAUTHORIZED\", \"Authentication failed\", 401);\n\t\t}\n\n\t\treturn handleError(error, \"Authentication failed\", \"PASSKEY_VERIFY_ERROR\");\n\t}\n};\n"],"mappings":";;;;;;;;;;;;;;;;AAQA,MAAa,YAAY;AAczB,MAAa,OAAiB,OAAO,EAAE,SAAS,QAAQ,cAAc;CACrE,MAAM,EAAE,WAAW;AAEnB,KAAI,CAAC,QAAQ,GACZ,QAAO,SAAS,kBAAkB,6BAA6B,IAAI;AAGpE,KAAI;EACH,MAAM,OAAO,MAAM,UAAU,SAAS,kBAAkB;AACxD,MAAI,aAAa,KAAK,CAAE,QAAO;EAG/B,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;EAEhC,MAAM,WAAY,MADF,IAAI,kBAAkB,OAAO,GAAG,CAChB,IAAY,oBAAoB,IAAK;EACrE,MAAM,UAAU,gBAAgB,KAAK,QAAQ,OAAO;EAKpD,MAAM,gBAAgB,iBAAiB,KAAK,UAAU,SAJ/B,uBACtB,SACA,4BAA4B,QAAQ,OAAO,CAC3C,CAC6E;EAG9E,MAAM,UAAU,oBAAoB,OAAO,GAAG;EAC9C,MAAM,iBAAiB,qBAAqB,OAAO,GAAG;EAEtD,MAAM,OAAO,MAAM,wBAClB,eACA,SACA,KAAK,YACL,eACA;AAGD,MAAI,QACH,SAAQ,IAAI,QAAQ,EAAE,IAAI,KAAK,IAAI,CAAC;AAGrC,SAAO,WAAW;GACjB,SAAS;GACT,MAAM;IACL,IAAI,KAAK;IACT,OAAO,KAAK;IACZ,MAAM,KAAK;IACX,MAAM,KAAK;IACX;GACD,CAAC;UACM,OAAO;AACf,MAAI,iBAAiB,2BACpB,QAAO,SAAS,gBAAgB,yBAAyB,IAAI;AAG9D,SAAO,YAAY,OAAO,yBAAyB,uBAAuB"}

package/dist/astro/routes/api/auth/signup/complete.d.mts ADDED Viewed

@@ -0,0 +1,8 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/auth/signup/complete.d.ts
+declare const prerender = false;
+declare const POST: APIRoute;
+//#endregion
+export { POST, prerender };
+//# sourceMappingURL=complete.d.mts.map

package/dist/astro/routes/api/auth/signup/complete.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"complete.d.mts","names":[],"sources":["../../../../../../src/astro/routes/api/auth/signup/complete.ts"],"mappings":";;;cASa,SAAA;AAAA,cAeA,IAAA,EAAM,QAAA"}

package/dist/astro/routes/api/auth/signup/complete.mjs ADDED Viewed

@@ -0,0 +1,57 @@
+import "../../../../../base64-CqR-7kqF.mjs";
+import "../../../../../types-CwXMEPRr.mjs";
+import { t as OptionsRepository } from "../../../../../options-BL4X94qY.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-tSQWIl5U.mjs";
+import { n as parseBody, t as isParseError } from "../../../../../parse-BFTPon-J.mjs";
+import "../../../../../redirects-Dmj6KRU3.mjs";
+import { S as signupCompleteBody } from "../../../../../setup-BGAJ2uXs.mjs";
+import "../../../../../api/schemas/index.mjs";
+import { n as getPublicOrigin } from "../../../../../public-url-CseXl9Fv.mjs";
+import { n as validateAllowedOrigins, t as getConfiguredAllowedOrigins } from "../../../../../allowed-origins-CDdG-4Gd.mjs";
+import { n as createChallengeStore } from "../../../../../challenge-store-CJ0OOHOr.mjs";
+import { t as getPasskeyConfig } from "../../../../../passkey-config-Cg86_ISa.mjs";
+import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
+import { SignupError, completeSignup } from "@emdash-cms/auth";
+import { registerPasskey, verifyRegistrationResponse } from "@emdash-cms/auth/passkey";
+//#region src/astro/routes/api/auth/signup/complete.ts
+const prerender = false;
+const POST = async ({ request, locals, session }) => {
+	const { emdash } = locals;
+	if (!emdash?.db) return apiError("NOT_CONFIGURED", "EmDash is not initialized", 500);
+	try {
+		const body = await parseBody(request, signupCompleteBody);
+		if (isParseError(body)) return body;
+		const adapter = createKyselyAdapter(emdash.db);
+		const url = new URL(request.url);
+		const siteName = await new OptionsRepository(emdash.db).get("emdash:site_title") ?? void 0;
+		const siteUrl = getPublicOrigin(url, emdash?.config);
+		const passkeyConfig = getPasskeyConfig(url, siteName, siteUrl, validateAllowedOrigins(siteUrl, getConfiguredAllowedOrigins(emdash?.config)));
+		const challengeStore = createChallengeStore(emdash.db);
+		const verified = await verifyRegistrationResponse(passkeyConfig, body.credential, challengeStore);
+		const user = await completeSignup(adapter, body.token, { name: body.name });
+		await registerPasskey(adapter, user.id, verified, "Initial passkey");
+		if (session) session.set("user", { id: user.id });
+		return apiSuccess({
+			success: true,
+			user: {
+				id: user.id,
+				email: user.email,
+				name: user.name,
+				role: user.role
+			}
+		});
+	} catch (error) {
+		if (error instanceof SignupError) return apiError(error.code.toUpperCase(), error.message, {
+			invalid_token: 404,
+			token_expired: 410,
+			user_exists: 409,
+			domain_not_allowed: 403
+		}[error.code] ?? 400);
+		return handleError(error, "Failed to complete signup", "SIGNUP_COMPLETE_ERROR");
+	}
+};
+//#endregion
+export { POST, prerender };
+//# sourceMappingURL=complete.mjs.map

package/dist/astro/routes/api/auth/signup/complete.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"complete.mjs","names":[],"sources":["../../../../../../src/astro/routes/api/auth/signup/complete.ts"],"sourcesContent":["/**\n * POST /_emdash/api/auth/signup/complete\n *\n * Complete self-signup by registering a passkey for the new user.\n * This creates the user account and establishes a session.\n */\n\nimport type { APIRoute } from \"astro\";\n\nexport const prerender = false;\n\nimport { completeSignup, SignupError } from \"@emdash-cms/auth\";\nimport { createKyselyAdapter } from \"@emdash-cms/auth/adapters/kysely\";\nimport { verifyRegistrationResponse, registerPasskey } from \"@emdash-cms/auth/passkey\";\n\nimport { apiError, apiSuccess, handleError } from \"#api/error.js\";\nimport { isParseError, parseBody } from \"#api/parse.js\";\nimport { getPublicOrigin } from \"#api/public-url.js\";\nimport { signupCompleteBody } from \"#api/schemas.js\";\nimport { getConfiguredAllowedOrigins, validateAllowedOrigins } from \"#auth/allowed-origins.js\";\nimport { createChallengeStore } from \"#auth/challenge-store.js\";\nimport { getPasskeyConfig } from \"#auth/passkey-config.js\";\nimport { OptionsRepository } from \"#db/repositories/options.js\";\n\nexport const POST: APIRoute = async ({ request, locals, session }) => {\n\tconst { emdash } = locals;\n\n\tif (!emdash?.db) {\n\t\treturn apiError(\"NOT_CONFIGURED\", \"EmDash is not initialized\", 500);\n\t}\n\n\ttry {\n\t\tconst body = await parseBody(request, signupCompleteBody);\n\t\tif (isParseError(body)) return body;\n\n\t\tconst adapter = createKyselyAdapter(emdash.db);\n\n\t\t// Get passkey config\n\t\tconst url = new URL(request.url);\n\t\tconst options = new OptionsRepository(emdash.db);\n\t\tconst siteName = (await options.get<string>(\"emdash:site_title\")) ?? undefined;\n\t\tconst siteUrl = getPublicOrigin(url, emdash?.config);\n\t\tconst allowedOrigins = validateAllowedOrigins(\n\t\t\tsiteUrl,\n\t\t\tgetConfiguredAllowedOrigins(emdash?.config),\n\t\t);\n\t\tconst passkeyConfig = getPasskeyConfig(url, siteName, siteUrl, allowedOrigins);\n\n\t\t// Verify the passkey registration response\n\t\tconst challengeStore = createChallengeStore(emdash.db);\n\t\tconst verified = await verifyRegistrationResponse(\n\t\t\tpasskeyConfig,\n\t\t\tbody.credential,\n\t\t\tchallengeStore,\n\t\t);\n\n\t\t// Complete the signup - creates the user\n\t\tconst user = await completeSignup(adapter, body.token, {\n\t\t\tname: body.name,\n\t\t});\n\n\t\t// Register the passkey for the new user\n\t\tawait registerPasskey(adapter, user.id, verified, \"Initial passkey\");\n\n\t\t// Create session\n\t\tif (session) {\n\t\t\tsession.set(\"user\", { id: user.id });\n\t\t}\n\n\t\treturn apiSuccess({\n\t\t\tsuccess: true,\n\t\t\tuser: {\n\t\t\t\tid: user.id,\n\t\t\t\temail: user.email,\n\t\t\t\tname: user.name,\n\t\t\t\trole: user.role,\n\t\t\t},\n\t\t});\n\t} catch (error) {\n\t\tif (error instanceof SignupError) {\n\t\t\tconst statusMap: Record<string, number> = {\n\t\t\t\tinvalid_token: 404,\n\t\t\t\ttoken_expired: 410,\n\t\t\t\tuser_exists: 409,\n\t\t\t\tdomain_not_allowed: 403,\n\t\t\t};\n\t\t\treturn apiError(error.code.toUpperCase(), error.message, statusMap[error.code] ?? 400);\n\t\t}\n\n\t\treturn handleError(error, \"Failed to complete signup\", \"SIGNUP_COMPLETE_ERROR\");\n\t}\n};\n"],"mappings":";;;;;;;;;;;;;;;;;AASA,MAAa,YAAY;AAezB,MAAa,OAAiB,OAAO,EAAE,SAAS,QAAQ,cAAc;CACrE,MAAM,EAAE,WAAW;AAEnB,KAAI,CAAC,QAAQ,GACZ,QAAO,SAAS,kBAAkB,6BAA6B,IAAI;AAGpE,KAAI;EACH,MAAM,OAAO,MAAM,UAAU,SAAS,mBAAmB;AACzD,MAAI,aAAa,KAAK,CAAE,QAAO;EAE/B,MAAM,UAAU,oBAAoB,OAAO,GAAG;EAG9C,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;EAEhC,MAAM,WAAY,MADF,IAAI,kBAAkB,OAAO,GAAG,CAChB,IAAY,oBAAoB,IAAK;EACrE,MAAM,UAAU,gBAAgB,KAAK,QAAQ,OAAO;EAKpD,MAAM,gBAAgB,iBAAiB,KAAK,UAAU,SAJ/B,uBACtB,SACA,4BAA4B,QAAQ,OAAO,CAC3C,CAC6E;EAG9E,MAAM,iBAAiB,qBAAqB,OAAO,GAAG;EACtD,MAAM,WAAW,MAAM,2BACtB,eACA,KAAK,YACL,eACA;EAGD,MAAM,OAAO,MAAM,eAAe,SAAS,KAAK,OAAO,EACtD,MAAM,KAAK,MACX,CAAC;AAGF,QAAM,gBAAgB,SAAS,KAAK,IAAI,UAAU,kBAAkB;AAGpE,MAAI,QACH,SAAQ,IAAI,QAAQ,EAAE,IAAI,KAAK,IAAI,CAAC;AAGrC,SAAO,WAAW;GACjB,SAAS;GACT,MAAM;IACL,IAAI,KAAK;IACT,OAAO,KAAK;IACZ,MAAM,KAAK;IACX,MAAM,KAAK;IACX;GACD,CAAC;UACM,OAAO;AACf,MAAI,iBAAiB,YAOpB,QAAO,SAAS,MAAM,KAAK,aAAa,EAAE,MAAM,SANN;GACzC,eAAe;GACf,eAAe;GACf,aAAa;GACb,oBAAoB;GACpB,CACkE,MAAM,SAAS,IAAI;AAGvF,SAAO,YAAY,OAAO,6BAA6B,wBAAwB"}

package/dist/astro/routes/api/auth/signup/request.d.mts ADDED Viewed

@@ -0,0 +1,8 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/auth/signup/request.d.ts
+declare const prerender = false;
+declare const POST: APIRoute;
+//#endregion
+export { POST, prerender };
+//# sourceMappingURL=request.d.mts.map

package/dist/astro/routes/api/auth/signup/request.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"request.d.mts","names":[],"sources":["../../../../../../src/astro/routes/api/auth/signup/request.ts"],"mappings":";;;cAWa,SAAA;AAAA,cAqBA,IAAA,EAAM,QAAA"}

package/dist/astro/routes/api/auth/signup/request.mjs ADDED Viewed

@@ -0,0 +1,46 @@
+import "../../../../../base64-CqR-7kqF.mjs";
+import "../../../../../types-CwXMEPRr.mjs";
+import { t as OptionsRepository } from "../../../../../options-BL4X94qY.mjs";
+import { n as apiSuccess, t as apiError } from "../../../../../error-tSQWIl5U.mjs";
+import { n as parseBody, t as isParseError } from "../../../../../parse-BFTPon-J.mjs";
+import "../../../../../redirects-Dmj6KRU3.mjs";
+import { C as signupRequestBody } from "../../../../../setup-BGAJ2uXs.mjs";
+import "../../../../../api/schemas/index.mjs";
+import { t as getTrustedProxyHeaders } from "../../../../../trusted-proxy-CJhQIk65.mjs";
+import { t as getSiteBaseUrl } from "../../../../../site-url-D-M4Fd8O.mjs";
+import { n as getClientIp, t as checkRateLimit } from "../../../../../rate-limit-t5CVjCO6.mjs";
+import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
+import { requestSignup } from "@emdash-cms/auth";
+//#region src/astro/routes/api/auth/signup/request.ts
+const prerender = false;
+const GENERIC_SUCCESS = {
+	success: true,
+	message: "If your email domain is allowed, you'll receive a verification email."
+};
+const POST = async ({ request, locals }) => {
+	const { emdash } = locals;
+	if (!emdash?.db) return apiError("NOT_CONFIGURED", "EmDash is not initialized", 500);
+	if (!emdash.email?.isAvailable()) return apiError("EMAIL_NOT_CONFIGURED", "Email not configured. Self-signup is unavailable.", 503);
+	try {
+		const body = await parseBody(request, signupRequestBody);
+		if (isParseError(body)) return body;
+		const ip = getClientIp(request, getTrustedProxyHeaders(emdash.config));
+		if (!(await checkRateLimit(emdash.db, ip, "signup/request", 3, 300)).allowed) return apiSuccess(GENERIC_SUCCESS);
+		const adapter = createKyselyAdapter(emdash.db);
+		const siteName = await new OptionsRepository(emdash.db).get("emdash:site_title") || "EmDash";
+		await requestSignup({
+			baseUrl: await getSiteBaseUrl(emdash.db, request),
+			siteName,
+			email: (message) => emdash.email.send(message, "system")
+		}, adapter, body.email.toLowerCase().trim());
+		return apiSuccess(GENERIC_SUCCESS);
+	} catch (error) {
+		console.error("Signup request error:", error);
+		return apiSuccess(GENERIC_SUCCESS);
+	}
+};
+//#endregion
+export { POST, prerender };
+//# sourceMappingURL=request.mjs.map

package/dist/astro/routes/api/auth/signup/request.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"request.mjs","names":[],"sources":["../../../../../../src/astro/routes/api/auth/signup/request.ts"],"sourcesContent":["/**\n * POST /_emdash/api/auth/signup/request\n *\n * Request self-signup. Sends verification email if domain is allowed.\n * Always returns 200 to prevent email enumeration.\n *\n * Rate limited: 3 requests per 5 minutes per IP. Mirrors magic-link/send.\n */\n\nimport type { APIRoute } from \"astro\";\n\nexport const prerender = false;\n\nimport { requestSignup } from \"@emdash-cms/auth\";\nimport { createKyselyAdapter } from \"@emdash-cms/auth/adapters/kysely\";\n\nimport { apiError, apiSuccess } from \"#api/error.js\";\nimport { isParseError, parseBody } from \"#api/parse.js\";\nimport { signupRequestBody } from \"#api/schemas.js\";\nimport { getSiteBaseUrl } from \"#api/site-url.js\";\nimport { checkRateLimit, getClientIp } from \"#auth/rate-limit.js\";\nimport { getTrustedProxyHeaders } from \"#auth/trusted-proxy.js\";\nimport { OptionsRepository } from \"#db/repositories/options.js\";\n\n// Generic response body used for both the real success path and the\n// rate-limited / domain-disallowed paths. Keeping them identical prevents\n// the caller from distinguishing between them.\nconst GENERIC_SUCCESS = {\n\tsuccess: true,\n\tmessage: \"If your email domain is allowed, you'll receive a verification email.\",\n};\n\nexport const POST: APIRoute = async ({ request, locals }) => {\n\tconst { emdash } = locals;\n\n\tif (!emdash?.db) {\n\t\treturn apiError(\"NOT_CONFIGURED\", \"EmDash is not initialized\", 500);\n\t}\n\n\t// Check if email pipeline is available\n\tif (!emdash.email?.isAvailable()) {\n\t\treturn apiError(\n\t\t\t\"EMAIL_NOT_CONFIGURED\",\n\t\t\t\"Email not configured. Self-signup is unavailable.\",\n\t\t\t503,\n\t\t);\n\t}\n\n\ttry {\n\t\t// Parse the body first — this avoids burning a rate-limit slot on\n\t\t// malformed input and keeps the timing of the rate-limited and\n\t\t// real paths aligned.\n\t\tconst body = await parseBody(request, signupRequestBody);\n\t\tif (isParseError(body)) return body;\n\n\t\t// Rate limit: 3 requests per 300 seconds per IP. Matches magic-link/send.\n\t\tconst ip = getClientIp(request, getTrustedProxyHeaders(emdash.config));\n\t\tconst rateLimit = await checkRateLimit(emdash.db, ip, \"signup/request\", 3, 300);\n\t\tif (!rateLimit.allowed) {\n\t\t\t// Return success-shaped response to avoid revealing rate limiting\n\t\t\t// (and by extension, the fact that the caller is probing).\n\t\t\treturn apiSuccess(GENERIC_SUCCESS);\n\t\t}\n\n\t\tconst adapter = createKyselyAdapter(emdash.db);\n\n\t\t// Get site config for signup email\n\t\tconst options = new OptionsRepository(emdash.db);\n\t\tconst siteName = (await options.get<string>(\"emdash:site_title\")) || \"EmDash\";\n\n\t\t// Use stored site URL to prevent Host header spoofing in signup emails\n\t\tconst baseUrl = await getSiteBaseUrl(emdash.db, request);\n\n\t\t// Request signup - this handles all checks internally and fails silently\n\t\t// if domain not allowed or user exists (to prevent enumeration)\n\t\tawait requestSignup(\n\t\t\t{\n\t\t\t\tbaseUrl,\n\t\t\t\tsiteName,\n\t\t\t\temail: (message) => emdash.email!.send(message, \"system\"),\n\t\t\t},\n\t\t\tadapter,\n\t\t\tbody.email.toLowerCase().trim(),\n\t\t);\n\n\t\t// Always return success to prevent email enumeration\n\t\treturn apiSuccess(GENERIC_SUCCESS);\n\t} catch (error) {\n\t\tconsole.error(\"Signup request error:\", error);\n\n\t\t// Don't reveal internal errors - just return generic success\n\t\t// to prevent information leakage\n\t\treturn apiSuccess(GENERIC_SUCCESS);\n\t}\n};\n"],"mappings":";;;;;;;;;;;;;;;AAWA,MAAa,YAAY;AAgBzB,MAAM,kBAAkB;CACvB,SAAS;CACT,SAAS;CACT;AAED,MAAa,OAAiB,OAAO,EAAE,SAAS,aAAa;CAC5D,MAAM,EAAE,WAAW;AAEnB,KAAI,CAAC,QAAQ,GACZ,QAAO,SAAS,kBAAkB,6BAA6B,IAAI;AAIpE,KAAI,CAAC,OAAO,OAAO,aAAa,CAC/B,QAAO,SACN,wBACA,qDACA,IACA;AAGF,KAAI;EAIH,MAAM,OAAO,MAAM,UAAU,SAAS,kBAAkB;AACxD,MAAI,aAAa,KAAK,CAAE,QAAO;EAG/B,MAAM,KAAK,YAAY,SAAS,uBAAuB,OAAO,OAAO,CAAC;AAEtE,MAAI,EADc,MAAM,eAAe,OAAO,IAAI,IAAI,kBAAkB,GAAG,IAAI,EAChE,QAGd,QAAO,WAAW,gBAAgB;EAGnC,MAAM,UAAU,oBAAoB,OAAO,GAAG;EAI9C,MAAM,WAAY,MADF,IAAI,kBAAkB,OAAO,GAAG,CAChB,IAAY,oBAAoB,IAAK;AAOrE,QAAM,cACL;GACC,SANc,MAAM,eAAe,OAAO,IAAI,QAAQ;GAOtD;GACA,QAAQ,YAAY,OAAO,MAAO,KAAK,SAAS,SAAS;GACzD,EACD,SACA,KAAK,MAAM,aAAa,CAAC,MAAM,CAC/B;AAGD,SAAO,WAAW,gBAAgB;UAC1B,OAAO;AACf,UAAQ,MAAM,yBAAyB,MAAM;AAI7C,SAAO,WAAW,gBAAgB"}

package/dist/astro/routes/api/auth/signup/verify.d.mts ADDED Viewed

@@ -0,0 +1,8 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/auth/signup/verify.d.ts
+declare const prerender = false;
+declare const GET: APIRoute;
+//#endregion
+export { GET, prerender };
+//# sourceMappingURL=verify.d.mts.map

package/dist/astro/routes/api/auth/signup/verify.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verify.d.mts","names":[],"sources":["../../../../../../src/astro/routes/api/auth/signup/verify.ts"],"mappings":";;;cASa,SAAA;AAAA,cAOA,GAAA,EAAK,QAAA"}

package/dist/astro/routes/api/auth/signup/verify.mjs ADDED Viewed

@@ -0,0 +1,35 @@
+import "../../../../../base64-CqR-7kqF.mjs";
+import "../../../../../types-CwXMEPRr.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-tSQWIl5U.mjs";
+import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
+import { SignupError, roleFromLevel, validateSignupToken } from "@emdash-cms/auth";
+//#region src/astro/routes/api/auth/signup/verify.ts
+const prerender = false;
+const GET = async ({ url, locals }) => {
+	const { emdash } = locals;
+	if (!emdash?.db) return apiError("NOT_CONFIGURED", "EmDash is not initialized", 500);
+	const token = url.searchParams.get("token");
+	if (!token) return apiError("MISSING_PARAM", "Token is required", 400);
+	try {
+		const result = await validateSignupToken(createKyselyAdapter(emdash.db), token);
+		return apiSuccess({
+			success: true,
+			email: result.email,
+			role: result.role,
+			roleName: roleFromLevel(result.role)
+		});
+	} catch (error) {
+		if (error instanceof SignupError) return apiError(error.code.toUpperCase(), error.message, {
+			invalid_token: 404,
+			token_expired: 410,
+			user_exists: 409,
+			domain_not_allowed: 403
+		}[error.code] ?? 400);
+		return handleError(error, "Failed to validate signup token", "SIGNUP_VERIFY_ERROR");
+	}
+};
+//#endregion
+export { GET, prerender };
+//# sourceMappingURL=verify.mjs.map

package/dist/astro/routes/api/auth/signup/verify.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verify.mjs","names":[],"sources":["../../../../../../src/astro/routes/api/auth/signup/verify.ts"],"sourcesContent":["/**\n * GET /_emdash/api/auth/signup/verify\n *\n * Validate a signup verification token (called when user clicks email link).\n * Returns the email and role for the UI to display.\n */\n\nimport type { APIRoute } from \"astro\";\n\nexport const prerender = false;\n\nimport { validateSignupToken, SignupError, roleFromLevel } from \"@emdash-cms/auth\";\nimport { createKyselyAdapter } from \"@emdash-cms/auth/adapters/kysely\";\n\nimport { apiError, apiSuccess, handleError } from \"#api/error.js\";\n\nexport const GET: APIRoute = async ({ url, locals }) => {\n\tconst { emdash } = locals;\n\n\tif (!emdash?.db) {\n\t\treturn apiError(\"NOT_CONFIGURED\", \"EmDash is not initialized\", 500);\n\t}\n\n\tconst token = url.searchParams.get(\"token\");\n\n\tif (!token) {\n\t\treturn apiError(\"MISSING_PARAM\", \"Token is required\", 400);\n\t}\n\n\ttry {\n\t\tconst adapter = createKyselyAdapter(emdash.db);\n\t\tconst result = await validateSignupToken(adapter, token);\n\n\t\treturn apiSuccess({\n\t\t\tsuccess: true,\n\t\t\temail: result.email,\n\t\t\trole: result.role,\n\t\t\troleName: roleFromLevel(result.role),\n\t\t});\n\t} catch (error) {\n\t\tif (error instanceof SignupError) {\n\t\t\tconst statusMap: Record<string, number> = {\n\t\t\t\tinvalid_token: 404,\n\t\t\t\ttoken_expired: 410,\n\t\t\t\tuser_exists: 409,\n\t\t\t\tdomain_not_allowed: 403,\n\t\t\t};\n\t\t\treturn apiError(error.code.toUpperCase(), error.message, statusMap[error.code] ?? 400);\n\t\t}\n\n\t\treturn handleError(error, \"Failed to validate signup token\", \"SIGNUP_VERIFY_ERROR\");\n\t}\n};\n"],"mappings":";;;;;;;AASA,MAAa,YAAY;AAOzB,MAAa,MAAgB,OAAO,EAAE,KAAK,aAAa;CACvD,MAAM,EAAE,WAAW;AAEnB,KAAI,CAAC,QAAQ,GACZ,QAAO,SAAS,kBAAkB,6BAA6B,IAAI;CAGpE,MAAM,QAAQ,IAAI,aAAa,IAAI,QAAQ;AAE3C,KAAI,CAAC,MACJ,QAAO,SAAS,iBAAiB,qBAAqB,IAAI;AAG3D,KAAI;EAEH,MAAM,SAAS,MAAM,oBADL,oBAAoB,OAAO,GAAG,EACI,MAAM;AAExD,SAAO,WAAW;GACjB,SAAS;GACT,OAAO,OAAO;GACd,MAAM,OAAO;GACb,UAAU,cAAc,OAAO,KAAK;GACpC,CAAC;UACM,OAAO;AACf,MAAI,iBAAiB,YAOpB,QAAO,SAAS,MAAM,KAAK,aAAa,EAAE,MAAM,SANN;GACzC,eAAe;GACf,eAAe;GACf,aAAa;GACb,oBAAoB;GACpB,CACkE,MAAM,SAAS,IAAI;AAGvF,SAAO,YAAY,OAAO,mCAAmC,sBAAsB"}

package/dist/astro/routes/api/comments/_collection_/_contentId_/index.d.mts ADDED Viewed

@@ -0,0 +1,15 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/comments/[collection]/[contentId]/index.d.ts
+declare const prerender = false;
+/**
+ * List approved comments for a content item (public, no auth required)
+ */
+declare const GET: APIRoute;
+/**
+ * Submit a comment (public, gated by anti-spam checks)
+ */
+declare const POST: APIRoute;
+//#endregion
+export { GET, POST, prerender };
+//# sourceMappingURL=index.d.mts.map

package/dist/astro/routes/api/comments/_collection_/_contentId_/index.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.mts","names":[],"sources":["../../../../../../../src/astro/routes/api/comments/[collection]/[contentId]/index.ts"],"mappings":";;;cAsBa,SAAA;AAKb;;;AAAA,cAAa,GAAA,EAAK,QAAA;;AA8ClB;;cAAa,IAAA,EAAM,QAAA"}

package/dist/astro/routes/api/comments/_collection_/_contentId_/index.mjs ADDED Viewed

@@ -0,0 +1,193 @@
+import { t as validateIdentifier } from "../../../../../../validate-VPnKoIzW.mjs";
+import "../../../../../../base64-CqR-7kqF.mjs";
+import "../../../../../../types-CwXMEPRr.mjs";
+import { t as CommentRepository } from "../../../../../../comment-Dd9MI82-.mjs";
+import "../../../../../../options-BL4X94qY.mjs";
+import { a as unwrapResult, i as requireDb, n as apiSuccess, r as handleError, t as apiError } from "../../../../../../error-tSQWIl5U.mjs";
+import { n as parseBody, t as isParseError } from "../../../../../../parse-BFTPon-J.mjs";
+import { yt as createCommentBody } from "../../../../../../redirects-Dmj6KRU3.mjs";
+import "../../../../../../setup-BGAJ2uXs.mjs";
+import "../../../../../../api/schemas/index.mjs";
+import { t as extractRequestMeta } from "../../../../../../request-meta-CLCwSQOS.mjs";
+import { i as resolveSecretsCached } from "../../../../../../secrets-6pgZyq0K.mjs";
+import { c as hashIp, s as handleCommentList, t as checkRateLimit } from "../../../../../../comments-koGI0FrK.mjs";
+import { t as getSiteBaseUrl } from "../../../../../../site-url-D-M4Fd8O.mjs";
+import { i as sendCommentNotification, t as createComment } from "../../../../../../service-vByySp-2.mjs";
+//#region src/astro/routes/api/comments/[collection]/[contentId]/index.ts
+const prerender = false;
+/**
+* List approved comments for a content item (public, no auth required)
+*/
+const GET = async ({ params, url, locals }) => {
+	const { emdash } = locals;
+	const { collection, contentId } = params;
+	if (!collection || !contentId) return apiError("VALIDATION_ERROR", "Collection and content ID required", 400);
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	try {
+		const limit = Math.min(Number(url.searchParams.get("limit") || 50), 100);
+		const cursor = url.searchParams.get("cursor") ?? void 0;
+		const threaded = url.searchParams.get("threaded") === "true";
+		const collectionRow = await emdash.db.selectFrom("_emdash_collections").select(["comments_enabled"]).where("slug", "=", collection).executeTakeFirst();
+		if (!collectionRow) return apiError("NOT_FOUND", `Collection '${collection}' not found`, 404);
+		if (!collectionRow.comments_enabled) return apiError("COMMENTS_DISABLED", "Comments are not enabled for this collection", 403);
+		return unwrapResult(await handleCommentList(emdash.db, collection, contentId, {
+			limit,
+			cursor,
+			threaded
+		}));
+	} catch (error) {
+		return handleError(error, "Failed to list comments", "COMMENT_LIST_ERROR");
+	}
+};
+/**
+* Submit a comment (public, gated by anti-spam checks)
+*/
+const POST = async ({ params, request, locals }) => {
+	const { emdash, user } = locals;
+	const { collection, contentId } = params;
+	if (!collection || !contentId) return apiError("VALIDATION_ERROR", "Collection and content ID required", 400);
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	try {
+		const body = await parseBody(request, createCommentBody);
+		if (isParseError(body)) return body;
+		const collectionRow = await emdash.db.selectFrom("_emdash_collections").select([
+			"comments_enabled",
+			"comments_moderation",
+			"comments_closed_after_days",
+			"comments_auto_approve_users"
+		]).where("slug", "=", collection).executeTakeFirst();
+		if (!collectionRow) return apiError("NOT_FOUND", `Collection '${collection}' not found`, 404);
+		if (!collectionRow.comments_enabled) return apiError("COMMENTS_DISABLED", "Comments are not enabled for this collection", 403);
+		validateIdentifier(collection, "collection");
+		const contentRow = await emdash.db.selectFrom(`ec_${collection}`).select([
+			"id",
+			"slug",
+			"author_id",
+			"published_at"
+		]).where("id", "=", contentId).where("status", "=", "published").where("deleted_at", "is", null).executeTakeFirst();
+		if (!contentRow) return apiError("NOT_FOUND", "Content not found", 404);
+		if (collectionRow.comments_closed_after_days > 0) {
+			const publishedAt = contentRow.published_at;
+			if (publishedAt) {
+				const closedDate = new Date(publishedAt);
+				closedDate.setDate(closedDate.getDate() + collectionRow.comments_closed_after_days);
+				if (/* @__PURE__ */ new Date() > closedDate) return apiError("COMMENTS_CLOSED", "Comments are closed for this content", 403);
+			}
+		}
+		if (body.website_url) return apiSuccess({
+			status: "pending",
+			message: "Comment submitted for review"
+		});
+		const meta = extractRequestMeta(request, emdash.config);
+		const { ipSalt } = await resolveSecretsCached(emdash.db);
+		let ipHash;
+		if (meta.ip) ipHash = await hashIp(meta.ip, ipSalt);
+		else ipHash = "unknown";
+		const unknownBucketLimit = ipHash === "unknown" ? 20 : void 0;
+		if (await checkRateLimit(emdash.db, ipHash, unknownBucketLimit)) return apiError("RATE_LIMITED", "Too many comments. Please try again later.", 429);
+		const collectionSettings = {
+			commentsEnabled: collectionRow.comments_enabled === 1,
+			commentsModeration: collectionRow.comments_moderation,
+			commentsClosedAfterDays: collectionRow.comments_closed_after_days,
+			commentsAutoApproveUsers: collectionRow.comments_auto_approve_users === 1
+		};
+		let authorName = body.authorName;
+		let authorEmail = body.authorEmail;
+		let authorUserId = null;
+		if (user) {
+			authorName = user.name || authorName;
+			authorEmail = user.email;
+			authorUserId = user.id;
+		}
+		let resolvedParentId = body.parentId ?? null;
+		if (body.parentId) {
+			const parent = await new CommentRepository(emdash.db).findById(body.parentId);
+			if (!parent) return apiError("VALIDATION_ERROR", "Parent comment not found", 400);
+			if (parent.collection !== collection || parent.contentId !== contentId) return apiError("VALIDATION_ERROR", "Parent comment belongs to different content", 400);
+			resolvedParentId = parent.parentId ?? parent.id;
+		}
+		const hookRunner = {
+			async runBeforeCreate(event) {
+				return emdash.hooks.runCommentBeforeCreate(event);
+			},
+			async runModerate(event) {
+				const result = await emdash.hooks.invokeExclusiveHook("comment:moderate", event);
+				if (!result) return {
+					status: "pending",
+					reason: "No moderator configured"
+				};
+				if (result.error) {
+					console.error(`[comments] Moderation error (${result.pluginId}):`, result.error.message);
+					return {
+						status: "pending",
+						reason: "Moderation error"
+					};
+				}
+				return result.result;
+			},
+			fireAfterCreate(event) {
+				emdash.hooks.runCommentAfterCreate(event).catch((err) => console.error("[comments] afterCreate error:", err instanceof Error ? err.message : err));
+			},
+			fireAfterModerate(event) {
+				emdash.hooks.runCommentAfterModerate(event).catch((err) => console.error("[comments] afterModerate error:", err instanceof Error ? err.message : err));
+			}
+		};
+		const typedContent = contentRow;
+		let contentAuthor;
+		if (typedContent.author_id) {
+			const authorRow = await emdash.db.selectFrom("users").select([
+				"id",
+				"name",
+				"email",
+				"email_verified"
+			]).where("id", "=", typedContent.author_id).executeTakeFirst();
+			if (authorRow && authorRow.email_verified) contentAuthor = {
+				id: authorRow.id,
+				name: authorRow.name,
+				email: authorRow.email
+			};
+		}
+		const result = await createComment(emdash.db, {
+			collection,
+			contentId,
+			parentId: resolvedParentId,
+			authorName,
+			authorEmail,
+			authorUserId,
+			body: body.body,
+			ipHash,
+			userAgent: meta.userAgent
+		}, collectionSettings, hookRunner, {
+			id: typedContent.id,
+			collection,
+			slug: typedContent.slug,
+			author: contentAuthor
+		});
+		if (!result) return apiError("COMMENT_REJECTED", "Comment was rejected", 403);
+		if (result.comment.status === "approved" && emdash.email && contentAuthor) try {
+			const adminBaseUrl = await getSiteBaseUrl(emdash.db, request);
+			await sendCommentNotification({
+				email: emdash.email,
+				comment: result.comment,
+				contentAuthor,
+				adminBaseUrl
+			});
+		} catch (err) {
+			console.error("[comments] notification error:", err instanceof Error ? err.message : err);
+		}
+		return apiSuccess({
+			id: result.comment.id,
+			status: result.comment.status,
+			message: result.comment.status === "approved" ? "Comment published" : "Comment submitted for review"
+		}, 201);
+	} catch (error) {
+		return handleError(error, "Failed to submit comment", "COMMENT_CREATE_ERROR");
+	}
+};
+//#endregion
+export { GET, POST, prerender };
+//# sourceMappingURL=index.mjs.map

package/dist/astro/routes/api/comments/_collection_/_contentId_/index.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.mjs","names":[],"sources":["../../../../../../../src/astro/routes/api/comments/[collection]/[contentId]/index.ts"],"sourcesContent":["/**\n * Public comment endpoints\n *\n * GET /_emdash/api/comments/:collection/:contentId - List approved comments\n * POST /_emdash/api/comments/:collection/:contentId - Submit a comment\n */\n\nimport type { APIRoute } from \"astro\";\n\nimport { apiError, apiSuccess, handleError, requireDb, unwrapResult } from \"#api/error.js\";\nimport { handleCommentList, checkRateLimit, hashIp } from \"#api/handlers/comments.js\";\nimport { isParseError, parseBody } from \"#api/parse.js\";\nimport { createCommentBody } from \"#api/schemas.js\";\nimport { getSiteBaseUrl } from \"#api/site-url.js\";\nimport { sendCommentNotification } from \"#comments/notifications.js\";\nimport { createComment, type CommentHookRunner } from \"#comments/service.js\";\nimport { resolveSecretsCached } from \"#config/secrets.js\";\nimport { CommentRepository } from \"#db/repositories/comment.js\";\nimport { validateIdentifier } from \"#db/validate.js\";\nimport { extractRequestMeta } from \"#plugins/request-meta.js\";\nimport type { CollectionCommentSettings, ModerationDecision } from \"#plugins/types.js\";\n\nexport const prerender = false;\n\n/**\n * List approved comments for a content item (public, no auth required)\n */\nexport const GET: APIRoute = async ({ params, url, locals }) => {\n\tconst { emdash } = locals;\n\tconst { collection, contentId } = params;\n\n\tif (!collection || !contentId) {\n\t\treturn apiError(\"VALIDATION_ERROR\", \"Collection and content ID required\", 400);\n\t}\n\n\tconst dbErr = requireDb(emdash?.db);\n\tif (dbErr) return dbErr;\n\n\ttry {\n\t\tconst limit = Math.min(Number(url.searchParams.get(\"limit\") || 50), 100);\n\t\tconst cursor = url.searchParams.get(\"cursor\") ?? undefined;\n\t\tconst threaded = url.searchParams.get(\"threaded\") === \"true\";\n\n\t\t// Check collection exists and has comments enabled\n\t\tconst collectionRow = await emdash.db\n\t\t\t.selectFrom(\"_emdash_collections\")\n\t\t\t.select([\"comments_enabled\"])\n\t\t\t.where(\"slug\", \"=\", collection)\n\t\t\t.executeTakeFirst();\n\n\t\tif (!collectionRow) {\n\t\t\treturn apiError(\"NOT_FOUND\", `Collection '${collection}' not found`, 404);\n\t\t}\n\n\t\tif (!collectionRow.comments_enabled) {\n\t\t\treturn apiError(\"COMMENTS_DISABLED\", \"Comments are not enabled for this collection\", 403);\n\t\t}\n\n\t\tconst result = await handleCommentList(emdash.db, collection, contentId, {\n\t\t\tlimit,\n\t\t\tcursor,\n\t\t\tthreaded,\n\t\t});\n\n\t\treturn unwrapResult(result);\n\t} catch (error) {\n\t\treturn handleError(error, \"Failed to list comments\", \"COMMENT_LIST_ERROR\");\n\t}\n};\n\n/**\n * Submit a comment (public, gated by anti-spam checks)\n */\nexport const POST: APIRoute = async ({ params, request, locals }) => {\n\tconst { emdash, user } = locals;\n\tconst { collection, contentId } = params;\n\n\tif (!collection || !contentId) {\n\t\treturn apiError(\"VALIDATION_ERROR\", \"Collection and content ID required\", 400);\n\t}\n\n\tconst dbErr = requireDb(emdash?.db);\n\tif (dbErr) return dbErr;\n\n\ttry {\n\t\t// Parse and validate input\n\t\tconst body = await parseBody(request, createCommentBody);\n\t\tif (isParseError(body)) return body;\n\n\t\t// Check collection exists and has comments enabled\n\t\tconst collectionRow = await emdash.db\n\t\t\t.selectFrom(\"_emdash_collections\")\n\t\t\t.select([\n\t\t\t\t\"comments_enabled\",\n\t\t\t\t\"comments_moderation\",\n\t\t\t\t\"comments_closed_after_days\",\n\t\t\t\t\"comments_auto_approve_users\",\n\t\t\t])\n\t\t\t.where(\"slug\", \"=\", collection)\n\t\t\t.executeTakeFirst();\n\n\t\tif (!collectionRow) {\n\t\t\treturn apiError(\"NOT_FOUND\", `Collection '${collection}' not found`, 404);\n\t\t}\n\n\t\tif (!collectionRow.comments_enabled) {\n\t\t\treturn apiError(\"COMMENTS_DISABLED\", \"Comments are not enabled for this collection\", 403);\n\t\t}\n\n\t\t// Verify the content item exists, is published, and not soft-deleted\n\t\tvalidateIdentifier(collection, \"collection\");\n\t\tconst contentRow = await emdash.db\n\t\t\t.selectFrom(`ec_${collection}` as never)\n\t\t\t.select([\"id\" as never, \"slug\" as never, \"author_id\" as never, \"published_at\" as never])\n\t\t\t.where(\"id\" as never, \"=\", contentId as never)\n\t\t\t.where(\"status\" as never, \"=\", \"published\" as never)\n\t\t\t.where(\"deleted_at\" as never, \"is\", null as never)\n\t\t\t.executeTakeFirst();\n\n\t\tif (!contentRow) {\n\t\t\treturn apiError(\"NOT_FOUND\", \"Content not found\", 404);\n\t\t}\n\n\t\t// Check if comments are closed (published_at + closed_after_days)\n\t\tif (collectionRow.comments_closed_after_days > 0) {\n\t\t\tconst publishedAt = (contentRow as { published_at: string | null }).published_at;\n\t\t\tif (publishedAt) {\n\t\t\t\tconst closedDate = new Date(publishedAt);\n\t\t\t\tclosedDate.setDate(closedDate.getDate() + collectionRow.comments_closed_after_days);\n\t\t\t\tif (new Date() > closedDate) {\n\t\t\t\t\treturn apiError(\"COMMENTS_CLOSED\", \"Comments are closed for this content\", 403);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// Anti-spam: Honeypot — hidden field filled only by bots\n\t\tif (body.website_url) {\n\t\t\t// Silently accept — don't reveal the honeypot to bots\n\t\t\treturn apiSuccess({ status: \"pending\", message: \"Comment submitted for review\" });\n\t\t}\n\n\t\t// Anti-spam: Rate limiting\n\t\tconst meta = extractRequestMeta(request, emdash.config);\n\t\tconst { ipSalt } = await resolveSecretsCached(emdash.db);\n\t\tlet ipHash: string;\n\t\tif (meta.ip) {\n\t\t\tipHash = await hashIp(meta.ip, ipSalt);\n\t\t} else {\n\t\t\t// No trusted IP — fail closed by bucketing all unidentifiable\n\t\t\t// requests together. A larger limit reflects the shared bucket.\n\t\t\t//\n\t\t\t// Self-hosted operators behind a reverse proxy should set\n\t\t\t// `trustedProxyHeaders` in the EmDash config (or the\n\t\t\t// EMDASH_TRUSTED_PROXY_HEADERS env var) so this path isn't hit\n\t\t\t// for legitimate traffic. UA-hashing was previously used here\n\t\t\t// but was trivially rotatable — the shared bucket is stricter\n\t\t\t// and forces operators toward a real fix.\n\t\t\tipHash = \"unknown\";\n\t\t}\n\t\tconst unknownBucketLimit = ipHash === \"unknown\" ? 20 : undefined;\n\t\tconst rateLimited = await checkRateLimit(emdash.db, ipHash, unknownBucketLimit);\n\t\tif (rateLimited) {\n\t\t\treturn apiError(\"RATE_LIMITED\", \"Too many comments. Please try again later.\", 429);\n\t\t}\n\n\t\t// Build collection settings\n\t\tconst collectionSettings: CollectionCommentSettings = {\n\t\t\tcommentsEnabled: collectionRow.comments_enabled === 1,\n\t\t\tcommentsModeration:\n\t\t\t\tcollectionRow.comments_moderation as CollectionCommentSettings[\"commentsModeration\"],\n\t\t\tcommentsClosedAfterDays: collectionRow.comments_closed_after_days,\n\t\t\tcommentsAutoApproveUsers: collectionRow.comments_auto_approve_users === 1,\n\t\t};\n\n\t\t// Determine author fields — authenticated user overrides form input\n\t\tlet authorName = body.authorName;\n\t\tlet authorEmail = body.authorEmail;\n\t\tlet authorUserId: string | null = null;\n\n\t\tif (user) {\n\t\t\tauthorName = user.name || authorName;\n\t\t\tauthorEmail = user.email;\n\t\t\tauthorUserId = user.id;\n\t\t}\n\n\t\t// Validate parent exists and belongs to the same content.\n\t\t// Enforce 1-level nesting: if the parent is itself a reply, attach to its root.\n\t\tlet resolvedParentId = body.parentId ?? null;\n\t\tif (body.parentId) {\n\t\t\tconst repo = new CommentRepository(emdash.db);\n\t\t\tconst parent = await repo.findById(body.parentId);\n\t\t\tif (!parent) {\n\t\t\t\treturn apiError(\"VALIDATION_ERROR\", \"Parent comment not found\", 400);\n\t\t\t}\n\t\t\tif (parent.collection !== collection || parent.contentId !== contentId) {\n\t\t\t\treturn apiError(\"VALIDATION_ERROR\", \"Parent comment belongs to different content\", 400);\n\t\t\t}\n\t\t\t// Flatten: if parent is a reply, use its parent (the root) instead\n\t\t\tresolvedParentId = parent.parentId ?? parent.id;\n\t\t}\n\n\t\t// Wire the comment service to the real hook pipeline\n\t\tconst hookRunner: CommentHookRunner = {\n\t\t\tasync runBeforeCreate(event) {\n\t\t\t\treturn emdash.hooks.runCommentBeforeCreate(event);\n\t\t\t},\n\t\t\tasync runModerate(event) {\n\t\t\t\tconst result = await emdash.hooks.invokeExclusiveHook(\"comment:moderate\", event);\n\t\t\t\tif (!result) return { status: \"pending\" as const, reason: \"No moderator configured\" };\n\t\t\t\tif (result.error) {\n\t\t\t\t\tconsole.error(`[comments] Moderation error (${result.pluginId}):`, result.error.message);\n\t\t\t\t\treturn { status: \"pending\" as const, reason: \"Moderation error\" };\n\t\t\t\t}\n\t\t\t\treturn result.result as ModerationDecision;\n\t\t\t},\n\t\t\tfireAfterCreate(event) {\n\t\t\t\temdash.hooks\n\t\t\t\t\t.runCommentAfterCreate(event)\n\t\t\t\t\t.catch((err) =>\n\t\t\t\t\t\tconsole.error(\n\t\t\t\t\t\t\t\"[comments] afterCreate error:\",\n\t\t\t\t\t\t\terr instanceof Error ? err.message : err,\n\t\t\t\t\t\t),\n\t\t\t\t\t);\n\t\t\t},\n\t\t\tfireAfterModerate(event) {\n\t\t\t\temdash.hooks\n\t\t\t\t\t.runCommentAfterModerate(event)\n\t\t\t\t\t.catch((err) =>\n\t\t\t\t\t\tconsole.error(\n\t\t\t\t\t\t\t\"[comments] afterModerate error:\",\n\t\t\t\t\t\t\terr instanceof Error ? err.message : err,\n\t\t\t\t\t\t),\n\t\t\t\t\t);\n\t\t\t},\n\t\t};\n\n\t\t// Build content info for afterCreate hooks (e.g. email notifications)\n\t\tconst typedContent = contentRow as {\n\t\t\tid: string;\n\t\t\tslug: string;\n\t\t\tauthor_id: string | null;\n\t\t};\n\t\tlet contentAuthor: { id: string; name: string | null; email: string } | undefined;\n\t\tif (typedContent.author_id) {\n\t\t\tconst authorRow = await emdash.db\n\t\t\t\t.selectFrom(\"users\")\n\t\t\t\t.select([\"id\", \"name\", \"email\", \"email_verified\"])\n\t\t\t\t.where(\"id\", \"=\", typedContent.author_id)\n\t\t\t\t.executeTakeFirst();\n\t\t\tif (authorRow && authorRow.email_verified) {\n\t\t\t\tcontentAuthor = {\n\t\t\t\t\tid: authorRow.id,\n\t\t\t\t\tname: authorRow.name,\n\t\t\t\t\temail: authorRow.email,\n\t\t\t\t};\n\t\t\t}\n\t\t}\n\n\t\tconst result = await createComment(\n\t\t\temdash.db,\n\t\t\t{\n\t\t\t\tcollection,\n\t\t\t\tcontentId,\n\t\t\t\tparentId: resolvedParentId,\n\t\t\t\tauthorName,\n\t\t\t\tauthorEmail,\n\t\t\t\tauthorUserId,\n\t\t\t\tbody: body.body,\n\t\t\t\tipHash,\n\t\t\t\tuserAgent: meta.userAgent,\n\t\t\t},\n\t\t\tcollectionSettings,\n\t\t\thookRunner,\n\t\t\t{\n\t\t\t\tid: typedContent.id,\n\t\t\t\tcollection,\n\t\t\t\tslug: typedContent.slug,\n\t\t\t\tauthor: contentAuthor,\n\t\t\t},\n\t\t);\n\n\t\tif (!result) {\n\t\t\treturn apiError(\"COMMENT_REJECTED\", \"Comment was rejected\", 403);\n\t\t}\n\n\t\t// Send notification to content author (awaited so it completes before\n\t\t// the response is sent — required for Cloudflare Workers where the\n\t\t// isolate terminates after the response).\n\t\tif (result.comment.status === \"approved\" && emdash.email && contentAuthor) {\n\t\t\ttry {\n\t\t\t\tconst adminBaseUrl = await getSiteBaseUrl(emdash.db, request);\n\t\t\t\tawait sendCommentNotification({\n\t\t\t\t\temail: emdash.email,\n\t\t\t\t\tcomment: result.comment,\n\t\t\t\t\tcontentAuthor,\n\t\t\t\t\tadminBaseUrl,\n\t\t\t\t});\n\t\t\t} catch (err) {\n\t\t\t\tconsole.error(\"[comments] notification error:\", err instanceof Error ? err.message : err);\n\t\t\t}\n\t\t}\n\n\t\treturn apiSuccess(\n\t\t\t{\n\t\t\t\tid: result.comment.id,\n\t\t\t\tstatus: result.comment.status,\n\t\t\t\tmessage:\n\t\t\t\t\tresult.comment.status === \"approved\"\n\t\t\t\t\t\t? \"Comment published\"\n\t\t\t\t\t\t: \"Comment submitted for review\",\n\t\t\t},\n\t\t\t201,\n\t\t);\n\t} catch (error) {\n\t\treturn handleError(error, \"Failed to submit comment\", \"COMMENT_CREATE_ERROR\");\n\t}\n};\n"],"mappings":";;;;;;;;;;;;;;;;;AAsBA,MAAa,YAAY;;;;AAKzB,MAAa,MAAgB,OAAO,EAAE,QAAQ,KAAK,aAAa;CAC/D,MAAM,EAAE,WAAW;CACnB,MAAM,EAAE,YAAY,cAAc;AAElC,KAAI,CAAC,cAAc,CAAC,UACnB,QAAO,SAAS,oBAAoB,sCAAsC,IAAI;CAG/E,MAAM,QAAQ,UAAU,QAAQ,GAAG;AACnC,KAAI,MAAO,QAAO;AAElB,KAAI;EACH,MAAM,QAAQ,KAAK,IAAI,OAAO,IAAI,aAAa,IAAI,QAAQ,IAAI,GAAG,EAAE,IAAI;EACxE,MAAM,SAAS,IAAI,aAAa,IAAI,SAAS,IAAI;EACjD,MAAM,WAAW,IAAI,aAAa,IAAI,WAAW,KAAK;EAGtD,MAAM,gBAAgB,MAAM,OAAO,GACjC,WAAW,sBAAsB,CACjC,OAAO,CAAC,mBAAmB,CAAC,CAC5B,MAAM,QAAQ,KAAK,WAAW,CAC9B,kBAAkB;AAEpB,MAAI,CAAC,cACJ,QAAO,SAAS,aAAa,eAAe,WAAW,cAAc,IAAI;AAG1E,MAAI,CAAC,cAAc,iBAClB,QAAO,SAAS,qBAAqB,gDAAgD,IAAI;AAS1F,SAAO,aANQ,MAAM,kBAAkB,OAAO,IAAI,YAAY,WAAW;GACxE;GACA;GACA;GACA,CAAC,CAEyB;UACnB,OAAO;AACf,SAAO,YAAY,OAAO,2BAA2B,qBAAqB;;;;;;AAO5E,MAAa,OAAiB,OAAO,EAAE,QAAQ,SAAS,aAAa;CACpE,MAAM,EAAE,QAAQ,SAAS;CACzB,MAAM,EAAE,YAAY,cAAc;AAElC,KAAI,CAAC,cAAc,CAAC,UACnB,QAAO,SAAS,oBAAoB,sCAAsC,IAAI;CAG/E,MAAM,QAAQ,UAAU,QAAQ,GAAG;AACnC,KAAI,MAAO,QAAO;AAElB,KAAI;EAEH,MAAM,OAAO,MAAM,UAAU,SAAS,kBAAkB;AACxD,MAAI,aAAa,KAAK,CAAE,QAAO;EAG/B,MAAM,gBAAgB,MAAM,OAAO,GACjC,WAAW,sBAAsB,CACjC,OAAO;GACP;GACA;GACA;GACA;GACA,CAAC,CACD,MAAM,QAAQ,KAAK,WAAW,CAC9B,kBAAkB;AAEpB,MAAI,CAAC,cACJ,QAAO,SAAS,aAAa,eAAe,WAAW,cAAc,IAAI;AAG1E,MAAI,CAAC,cAAc,iBAClB,QAAO,SAAS,qBAAqB,gDAAgD,IAAI;AAI1F,qBAAmB,YAAY,aAAa;EAC5C,MAAM,aAAa,MAAM,OAAO,GAC9B,WAAW,MAAM,aAAsB,CACvC,OAAO;GAAC;GAAe;GAAiB;GAAsB;GAAwB,CAAC,CACvF,MAAM,MAAe,KAAK,UAAmB,CAC7C,MAAM,UAAmB,KAAK,YAAqB,CACnD,MAAM,cAAuB,MAAM,KAAc,CACjD,kBAAkB;AAEpB,MAAI,CAAC,WACJ,QAAO,SAAS,aAAa,qBAAqB,IAAI;AAIvD,MAAI,cAAc,6BAA6B,GAAG;GACjD,MAAM,cAAe,WAA+C;AACpE,OAAI,aAAa;IAChB,MAAM,aAAa,IAAI,KAAK,YAAY;AACxC,eAAW,QAAQ,WAAW,SAAS,GAAG,cAAc,2BAA2B;AACnF,wBAAI,IAAI,MAAM,GAAG,WAChB,QAAO,SAAS,mBAAmB,wCAAwC,IAAI;;;AAMlF,MAAI,KAAK,YAER,QAAO,WAAW;GAAE,QAAQ;GAAW,SAAS;GAAgC,CAAC;EAIlF,MAAM,OAAO,mBAAmB,SAAS,OAAO,OAAO;EACvD,MAAM,EAAE,WAAW,MAAM,qBAAqB,OAAO,GAAG;EACxD,IAAI;AACJ,MAAI,KAAK,GACR,UAAS,MAAM,OAAO,KAAK,IAAI,OAAO;MAWtC,UAAS;EAEV,MAAM,qBAAqB,WAAW,YAAY,KAAK;AAEvD,MADoB,MAAM,eAAe,OAAO,IAAI,QAAQ,mBAAmB,CAE9E,QAAO,SAAS,gBAAgB,8CAA8C,IAAI;EAInF,MAAM,qBAAgD;GACrD,iBAAiB,cAAc,qBAAqB;GACpD,oBACC,cAAc;GACf,yBAAyB,cAAc;GACvC,0BAA0B,cAAc,gCAAgC;GACxE;EAGD,IAAI,aAAa,KAAK;EACtB,IAAI,cAAc,KAAK;EACvB,IAAI,eAA8B;AAElC,MAAI,MAAM;AACT,gBAAa,KAAK,QAAQ;AAC1B,iBAAc,KAAK;AACnB,kBAAe,KAAK;;EAKrB,IAAI,mBAAmB,KAAK,YAAY;AACxC,MAAI,KAAK,UAAU;GAElB,MAAM,SAAS,MADF,IAAI,kBAAkB,OAAO,GAAG,CACnB,SAAS,KAAK,SAAS;AACjD,OAAI,CAAC,OACJ,QAAO,SAAS,oBAAoB,4BAA4B,IAAI;AAErE,OAAI,OAAO,eAAe,cAAc,OAAO,cAAc,UAC5D,QAAO,SAAS,oBAAoB,+CAA+C,IAAI;AAGxF,sBAAmB,OAAO,YAAY,OAAO;;EAI9C,MAAM,aAAgC;GACrC,MAAM,gBAAgB,OAAO;AAC5B,WAAO,OAAO,MAAM,uBAAuB,MAAM;;GAElD,MAAM,YAAY,OAAO;IACxB,MAAM,SAAS,MAAM,OAAO,MAAM,oBAAoB,oBAAoB,MAAM;AAChF,QAAI,CAAC,OAAQ,QAAO;KAAE,QAAQ;KAAoB,QAAQ;KAA2B;AACrF,QAAI,OAAO,OAAO;AACjB,aAAQ,MAAM,gCAAgC,OAAO,SAAS,KAAK,OAAO,MAAM,QAAQ;AACxF,YAAO;MAAE,QAAQ;MAAoB,QAAQ;MAAoB;;AAElE,WAAO,OAAO;;GAEf,gBAAgB,OAAO;AACtB,WAAO,MACL,sBAAsB,MAAM,CAC5B,OAAO,QACP,QAAQ,MACP,iCACA,eAAe,QAAQ,IAAI,UAAU,IACrC,CACD;;GAEH,kBAAkB,OAAO;AACxB,WAAO,MACL,wBAAwB,MAAM,CAC9B,OAAO,QACP,QAAQ,MACP,mCACA,eAAe,QAAQ,IAAI,UAAU,IACrC,CACD;;GAEH;EAGD,MAAM,eAAe;EAKrB,IAAI;AACJ,MAAI,aAAa,WAAW;GAC3B,MAAM,YAAY,MAAM,OAAO,GAC7B,WAAW,QAAQ,CACnB,OAAO;IAAC;IAAM;IAAQ;IAAS;IAAiB,CAAC,CACjD,MAAM,MAAM,KAAK,aAAa,UAAU,CACxC,kBAAkB;AACpB,OAAI,aAAa,UAAU,eAC1B,iBAAgB;IACf,IAAI,UAAU;IACd,MAAM,UAAU;IAChB,OAAO,UAAU;IACjB;;EAIH,MAAM,SAAS,MAAM,cACpB,OAAO,IACP;GACC;GACA;GACA,UAAU;GACV;GACA;GACA;GACA,MAAM,KAAK;GACX;GACA,WAAW,KAAK;GAChB,EACD,oBACA,YACA;GACC,IAAI,aAAa;GACjB;GACA,MAAM,aAAa;GACnB,QAAQ;GACR,CACD;AAED,MAAI,CAAC,OACJ,QAAO,SAAS,oBAAoB,wBAAwB,IAAI;AAMjE,MAAI,OAAO,QAAQ,WAAW,cAAc,OAAO,SAAS,cAC3D,KAAI;GACH,MAAM,eAAe,MAAM,eAAe,OAAO,IAAI,QAAQ;AAC7D,SAAM,wBAAwB;IAC7B,OAAO,OAAO;IACd,SAAS,OAAO;IAChB;IACA;IACA,CAAC;WACM,KAAK;AACb,WAAQ,MAAM,kCAAkC,eAAe,QAAQ,IAAI,UAAU,IAAI;;AAI3F,SAAO,WACN;GACC,IAAI,OAAO,QAAQ;GACnB,QAAQ,OAAO,QAAQ;GACvB,SACC,OAAO,QAAQ,WAAW,aACvB,sBACA;GACJ,EACD,IACA;UACO,OAAO;AACf,SAAO,YAAY,OAAO,4BAA4B,uBAAuB"}

package/dist/astro/routes/api/content/_collection_/_id_/compare.d.mts ADDED Viewed

@@ -0,0 +1,8 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/content/[collection]/[id]/compare.d.ts
+declare const prerender = false;
+declare const GET: APIRoute;
+//#endregion
+export { GET, prerender };
+//# sourceMappingURL=compare.d.mts.map

package/dist/astro/routes/api/content/_collection_/_id_/compare.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"compare.d.mts","names":[],"sources":["../../../../../../../src/astro/routes/api/content/[collection]/[id]/compare.ts"],"mappings":";;;cAWa,SAAA;AAAA,cAEA,GAAA,EAAK,QAAA"}

package/dist/astro/routes/api/content/_collection_/_id_/compare.mjs ADDED Viewed

@@ -0,0 +1,20 @@
+import "../../../../../../base64-CqR-7kqF.mjs";
+import "../../../../../../types-CwXMEPRr.mjs";
+import { a as unwrapResult, t as apiError } from "../../../../../../error-tSQWIl5U.mjs";
+import { n as requirePerm } from "../../../../../../authorize-BlyCH-96.mjs";
+//#region src/astro/routes/api/content/[collection]/[id]/compare.ts
+const prerender = false;
+const GET = async ({ params, locals }) => {
+	const { emdash, user } = locals;
+	const denied = requirePerm(user, "content:read_drafts");
+	if (denied) return denied;
+	const collection = params.collection;
+	const id = params.id;
+	if (!emdash?.handleContentCompare) return apiError("NOT_CONFIGURED", "EmDash is not initialized", 500);
+	return unwrapResult(await emdash.handleContentCompare(collection, id));
+};
+//#endregion
+export { GET, prerender };
+//# sourceMappingURL=compare.mjs.map

package/dist/astro/routes/api/content/_collection_/_id_/compare.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"compare.mjs","names":[],"sources":["../../../../../../../src/astro/routes/api/content/[collection]/[id]/compare.ts"],"sourcesContent":["/**\n * Compare live and draft revisions\n *\n * GET /_emdash/api/content/{collection}/{id}/compare\n */\n\nimport type { APIRoute } from \"astro\";\n\nimport { requirePerm } from \"#api/authorize.js\";\nimport { apiError, unwrapResult } from \"#api/error.js\";\n\nexport const prerender = false;\n\nexport const GET: APIRoute = async ({ params, locals }) => {\n\tconst { emdash, user } = locals;\n\tconst denied = requirePerm(user, \"content:read_drafts\");\n\tif (denied) return denied;\n\tconst collection = params.collection!;\n\tconst id = params.id!;\n\n\tif (!emdash?.handleContentCompare) {\n\t\treturn apiError(\"NOT_CONFIGURED\", \"EmDash is not initialized\", 500);\n\t}\n\n\tconst result = await emdash.handleContentCompare(collection, id);\n\n\treturn unwrapResult(result);\n};\n"],"mappings":";;;;;;AAWA,MAAa,YAAY;AAEzB,MAAa,MAAgB,OAAO,EAAE,QAAQ,aAAa;CAC1D,MAAM,EAAE,QAAQ,SAAS;CACzB,MAAM,SAAS,YAAY,MAAM,sBAAsB;AACvD,KAAI,OAAQ,QAAO;CACnB,MAAM,aAAa,OAAO;CAC1B,MAAM,KAAK,OAAO;AAElB,KAAI,CAAC,QAAQ,qBACZ,QAAO,SAAS,kBAAkB,6BAA6B,IAAI;AAKpE,QAAO,aAFQ,MAAM,OAAO,qBAAqB,YAAY,GAAG,CAErC"}

package/dist/astro/routes/api/content/_collection_/_id_/discard-draft.d.mts ADDED Viewed

@@ -0,0 +1,8 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/content/[collection]/[id]/discard-draft.d.ts
+declare const prerender = false;
+declare const POST: APIRoute;
+//#endregion
+export { POST, prerender };
+//# sourceMappingURL=discard-draft.d.mts.map

package/dist/astro/routes/api/content/_collection_/_id_/discard-draft.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"discard-draft.d.mts","names":[],"sources":["../../../../../../../src/astro/routes/api/content/[collection]/[id]/discard-draft.ts"],"mappings":";;;cAWa,SAAA;AAAA,cAEA,IAAA,EAAM,QAAA"}