emdash 0.14.0 → 0.16.0

package/dist/astro/routes/api/admin/themes/marketplace/_id_/index.mjs

@@ -1,38 +1,39 @@
 import "../../../../../../../dialect-helpers-BKCvISIQ.mjs";
-import "../../../../../../../content-D6YG26WG.mjs";
+import "../../../../../../../content-8voQNTXX.mjs";
 import "../../../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../../../types-CwXMEPRr.mjs";
-import "../../../../../../../media-Dg7he9uK.mjs";
-import "../../../../../../../user-Dr1bOCqS.mjs";
-import "../../../../../../../taxonomy-wPfusMK9.mjs";
-import "../../../../../../../comment-Dd9MI82-.mjs";
+import "../../../../../../../types-B0bmgwMG.mjs";
+import "../../../../../../../media-CKQd8AYU.mjs";
+import "../../../../../../../user-hUSOaIJy.mjs";
+import "../../../../../../../taxonomy-zqGQUqgu.mjs";
+import "../../../../../../../comment-C76G-9tz.mjs";
 import "../../../../../../../options-BL4X94qY.mjs";
-import "../../../../../../../menus-DOzIecHi.mjs";
-import "../../../../../../../redirect-DkaDxq8e.mjs";
-import "../../../../../../../byline-D09BaS4j.mjs";
-import "../../../../../../../seo-DRq9-EPP.mjs";
-import { l as handleThemeGetDetail } from "../../../../../../../api-BMLZuwM4.mjs";
+import "../../../../../../../menus-arUNspyU.mjs";
+import "../../../../../../../redirect-CjfDGrTd.mjs";
+import "../../../../../../../byline-BDylH_m4.mjs";
+import "../../../../../../../seo-BGCyDlkb.mjs";
+import { h as handleThemeGetDetail } from "../../../../../../../api-BNKqxyFX.mjs";
 import "../../../../../../../request-cache-dzCt8TZB.mjs";
-import "../../../../../../../dashboard-BmWSIUwY.mjs";
-import "../../../../../../../fts-manager-B633C-kQ.mjs";
-import "../../../../../../../registry-BnCeHYsf.mjs";
-import "../../../../../../../loader-Cs6-Bqe6.mjs";
-import "../../../../../../../schema-BmqagCwG.mjs";
-import "../../../../../../../zod-generator-DSyz01KE.mjs";
-import "../../../../../../../seo-BoR4wCUh.mjs";
-import "../../../../../../../sections-Cm-zb-gZ.mjs";
-import "../../../../../../../settings-xQKsWnzQ.mjs";
-import "../../../../../../../settings-CBBj7HUd.mjs";
-import "../../../../../../../taxonomies-Cn9UpaR2.mjs";
-import "../../../../../../../taxonomies-Dc0mzlms.mjs";
-import "../../../../../../../manifest-schema-HCtSh4Jq.mjs";
-import "../../../../../../../types-Db67HHlU.mjs";
-import "../../../../../../../ssrf-DzFN_qV-.mjs";
-import { a as unwrapResult, t as apiError } from "../../../../../../../error-tSQWIl5U.mjs";
-import "../../../../../../../parse-BFTPon-J.mjs";
-import "../../../../../../../redirects-Dmj6KRU3.mjs";
-import "../../../../../../../setup-BGAJ2uXs.mjs";
-import { n as requirePerm } from "../../../../../../../authorize-BlyCH-96.mjs";
+import "../../../../../../../dashboard-BeaFSPpx.mjs";
+import "../../../../../../../fts-manager-C_b-4x8u.mjs";
+import "../../../../../../../registry-Cyp-dx6J.mjs";
+import "../../../../../../../loader-D-vIJjfY.mjs";
+import "../../../../../../../schema-CI9mYPX3.mjs";
+import "../../../../../../../zod-generator-B80aap1J.mjs";
+import "../../../../../../../seo-Dq707mNQ.mjs";
+import "../../../../../../../sections-DBbCDIAT.mjs";
+import "../../../../../../../settings-BSXRtTzk.mjs";
+import "../../../../../../../settings-DfwNyQkf.mjs";
+import "../../../../../../../resolve-D6sM-SgF.mjs";
+import "../../../../../../../taxonomies-CcvrMLbR.mjs";
+import "../../../../../../../taxonomies-4vx0nmMr.mjs";
+import "../../../../../../../manifest-schema-Czqf0TLu.mjs";
+import "../../../../../../../types-1NNkmTIn.mjs";
+import "../../../../../../../ssrf-MZ-zrG6-.mjs";
+import { a as unwrapResult, t as apiError } from "../../../../../../../error-ChfADBuu.mjs";
+import "../../../../../../../parse-DHbXfvxO.mjs";
+import "../../../../../../../redirects-COMLwsV5.mjs";
+import "../../../../../../../setup-Cf_TyOv5.mjs";
+import { n as requirePerm } from "../../../../../../../authorize-Bn4S4DUT.mjs";
 
 //#region src/astro/routes/api/admin/themes/marketplace/[id]/index.ts
 const prerender = false;

package/dist/astro/routes/api/admin/themes/marketplace/_id_/index.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"index.mjs","names":[],"sources":["../../../../../../../../src/astro/routes/api/admin/themes/marketplace/[id]/index.ts"],"sourcesContent":["/**\n * Theme marketplace detail proxy endpoint\n *\n * GET /_emdash/api/admin/themes/marketplace/:id - Get theme details\n */\n\nimport type { APIRoute } from \"astro\";\n\nimport { requirePerm } from \"#api/authorize.js\";\nimport { apiError, unwrapResult } from \"#api/error.js\";\nimport { handleThemeGetDetail } from \"#api/index.js\";\n\nexport const prerender = false;\n\nexport const GET: APIRoute = async ({ params, locals }) => {\n\tconst { emdash, user } = locals;\n\tconst { id } = params;\n\n\tif (!emdash?.db) {\n\t\treturn apiError(\"NOT_CONFIGURED\", \"EmDash is not initialized\", 500);\n\t}\n\n\tconst denied = requirePerm(user, \"plugins:read\");\n\tif (denied) return denied;\n\n\tif (!id) {\n\t\treturn apiError(\"INVALID_REQUEST\", \"Theme ID required\", 400);\n\t}\n\n\tconst result = await handleThemeGetDetail(emdash.config.marketplace, id);\n\n\treturn unwrapResult(result);\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYA,MAAa,YAAY;AAEzB,MAAa,MAAgB,OAAO,EAAE,QAAQ,aAAa;CAC1D,MAAM,EAAE,QAAQ,SAAS;CACzB,MAAM,EAAE,OAAO;AAEf,KAAI,CAAC,QAAQ,GACZ,QAAO,SAAS,kBAAkB,6BAA6B,IAAI;CAGpE,MAAM,SAAS,YAAY,MAAM,eAAe;AAChD,KAAI,OAAQ,QAAO;AAEnB,KAAI,CAAC,GACJ,QAAO,SAAS,mBAAmB,qBAAqB,IAAI;AAK7D,QAAO,aAFQ,MAAM,qBAAqB,OAAO,OAAO,aAAa,GAAG,CAE7C"}
+{"version":3,"file":"index.mjs","names":[],"sources":["../../../../../../../../src/astro/routes/api/admin/themes/marketplace/[id]/index.ts"],"sourcesContent":["/**\n * Theme marketplace detail proxy endpoint\n *\n * GET /_emdash/api/admin/themes/marketplace/:id - Get theme details\n */\n\nimport type { APIRoute } from \"astro\";\n\nimport { requirePerm } from \"#api/authorize.js\";\nimport { apiError, unwrapResult } from \"#api/error.js\";\nimport { handleThemeGetDetail } from \"#api/index.js\";\n\nexport const prerender = false;\n\nexport const GET: APIRoute = async ({ params, locals }) => {\n\tconst { emdash, user } = locals;\n\tconst { id } = params;\n\n\tif (!emdash?.db) {\n\t\treturn apiError(\"NOT_CONFIGURED\", \"EmDash is not initialized\", 500);\n\t}\n\n\tconst denied = requirePerm(user, \"plugins:read\");\n\tif (denied) return denied;\n\n\tif (!id) {\n\t\treturn apiError(\"INVALID_REQUEST\", \"Theme ID required\", 400);\n\t}\n\n\tconst result = await handleThemeGetDetail(emdash.config.marketplace, id);\n\n\treturn unwrapResult(result);\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYA,MAAa,YAAY;AAEzB,MAAa,MAAgB,OAAO,EAAE,QAAQ,aAAa;CAC1D,MAAM,EAAE,QAAQ,SAAS;CACzB,MAAM,EAAE,OAAO;AAEf,KAAI,CAAC,QAAQ,GACZ,QAAO,SAAS,kBAAkB,6BAA6B,IAAI;CAGpE,MAAM,SAAS,YAAY,MAAM,eAAe;AAChD,KAAI,OAAQ,QAAO;AAEnB,KAAI,CAAC,GACJ,QAAO,SAAS,mBAAmB,qBAAqB,IAAI;AAK7D,QAAO,aAFQ,MAAM,qBAAqB,OAAO,OAAO,aAAa,GAAG,CAE7C"}

package/dist/astro/routes/api/admin/themes/marketplace/_id_/thumbnail.mjs

@@ -1,7 +1,7 @@
 import "../../../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../../../types-CwXMEPRr.mjs";
-import { t as apiError } from "../../../../../../../error-tSQWIl5U.mjs";
-import { n as requirePerm } from "../../../../../../../authorize-BlyCH-96.mjs";
+import "../../../../../../../types-B0bmgwMG.mjs";
+import { t as apiError } from "../../../../../../../error-ChfADBuu.mjs";
+import { n as requirePerm } from "../../../../../../../authorize-Bn4S4DUT.mjs";
 
 //#region src/astro/routes/api/admin/themes/marketplace/[id]/thumbnail.ts
 const prerender = false;

package/dist/astro/routes/api/admin/themes/marketplace/index.mjs

@@ -1,38 +1,39 @@
 import "../../../../../../dialect-helpers-BKCvISIQ.mjs";
-import "../../../../../../content-D6YG26WG.mjs";
+import "../../../../../../content-8voQNTXX.mjs";
 import "../../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../../types-CwXMEPRr.mjs";
-import "../../../../../../media-Dg7he9uK.mjs";
-import "../../../../../../user-Dr1bOCqS.mjs";
-import "../../../../../../taxonomy-wPfusMK9.mjs";
-import "../../../../../../comment-Dd9MI82-.mjs";
+import "../../../../../../types-B0bmgwMG.mjs";
+import "../../../../../../media-CKQd8AYU.mjs";
+import "../../../../../../user-hUSOaIJy.mjs";
+import "../../../../../../taxonomy-zqGQUqgu.mjs";
+import "../../../../../../comment-C76G-9tz.mjs";
 import "../../../../../../options-BL4X94qY.mjs";
-import "../../../../../../menus-DOzIecHi.mjs";
-import "../../../../../../redirect-DkaDxq8e.mjs";
-import "../../../../../../byline-D09BaS4j.mjs";
-import "../../../../../../seo-DRq9-EPP.mjs";
-import { u as handleThemeSearch } from "../../../../../../api-BMLZuwM4.mjs";
+import "../../../../../../menus-arUNspyU.mjs";
+import "../../../../../../redirect-CjfDGrTd.mjs";
+import "../../../../../../byline-BDylH_m4.mjs";
+import "../../../../../../seo-BGCyDlkb.mjs";
+import { g as handleThemeSearch } from "../../../../../../api-BNKqxyFX.mjs";
 import "../../../../../../request-cache-dzCt8TZB.mjs";
-import "../../../../../../dashboard-BmWSIUwY.mjs";
-import "../../../../../../fts-manager-B633C-kQ.mjs";
-import "../../../../../../registry-BnCeHYsf.mjs";
-import "../../../../../../loader-Cs6-Bqe6.mjs";
-import "../../../../../../schema-BmqagCwG.mjs";
-import "../../../../../../zod-generator-DSyz01KE.mjs";
-import "../../../../../../seo-BoR4wCUh.mjs";
-import "../../../../../../sections-Cm-zb-gZ.mjs";
-import "../../../../../../settings-xQKsWnzQ.mjs";
-import "../../../../../../settings-CBBj7HUd.mjs";
-import "../../../../../../taxonomies-Cn9UpaR2.mjs";
-import "../../../../../../taxonomies-Dc0mzlms.mjs";
-import "../../../../../../manifest-schema-HCtSh4Jq.mjs";
-import "../../../../../../types-Db67HHlU.mjs";
-import "../../../../../../ssrf-DzFN_qV-.mjs";
-import { a as unwrapResult, t as apiError } from "../../../../../../error-tSQWIl5U.mjs";
-import "../../../../../../parse-BFTPon-J.mjs";
-import "../../../../../../redirects-Dmj6KRU3.mjs";
-import "../../../../../../setup-BGAJ2uXs.mjs";
-import { n as requirePerm } from "../../../../../../authorize-BlyCH-96.mjs";
+import "../../../../../../dashboard-BeaFSPpx.mjs";
+import "../../../../../../fts-manager-C_b-4x8u.mjs";
+import "../../../../../../registry-Cyp-dx6J.mjs";
+import "../../../../../../loader-D-vIJjfY.mjs";
+import "../../../../../../schema-CI9mYPX3.mjs";
+import "../../../../../../zod-generator-B80aap1J.mjs";
+import "../../../../../../seo-Dq707mNQ.mjs";
+import "../../../../../../sections-DBbCDIAT.mjs";
+import "../../../../../../settings-BSXRtTzk.mjs";
+import "../../../../../../settings-DfwNyQkf.mjs";
+import "../../../../../../resolve-D6sM-SgF.mjs";
+import "../../../../../../taxonomies-CcvrMLbR.mjs";
+import "../../../../../../taxonomies-4vx0nmMr.mjs";
+import "../../../../../../manifest-schema-Czqf0TLu.mjs";
+import "../../../../../../types-1NNkmTIn.mjs";
+import "../../../../../../ssrf-MZ-zrG6-.mjs";
+import { a as unwrapResult, t as apiError } from "../../../../../../error-ChfADBuu.mjs";
+import "../../../../../../parse-DHbXfvxO.mjs";
+import "../../../../../../redirects-COMLwsV5.mjs";
+import "../../../../../../setup-Cf_TyOv5.mjs";
+import { n as requirePerm } from "../../../../../../authorize-Bn4S4DUT.mjs";
 
 //#region src/astro/routes/api/admin/themes/marketplace/index.ts
 const prerender = false;

package/dist/astro/routes/api/admin/themes/marketplace/index.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"index.mjs","names":[],"sources":["../../../../../../../src/astro/routes/api/admin/themes/marketplace/index.ts"],"sourcesContent":["/**\n * Theme marketplace search proxy endpoint\n *\n * GET /_emdash/api/admin/themes/marketplace - Search marketplace themes\n */\n\nimport type { APIRoute } from \"astro\";\n\nimport { requirePerm } from \"#api/authorize.js\";\nimport { apiError, unwrapResult } from \"#api/error.js\";\nimport { handleThemeSearch } from \"#api/index.js\";\n\nexport const prerender = false;\n\nexport const GET: APIRoute = async ({ url, locals }) => {\n\tconst { emdash, user } = locals;\n\n\tif (!emdash?.db) {\n\t\treturn apiError(\"NOT_CONFIGURED\", \"EmDash is not initialized\", 500);\n\t}\n\n\tconst denied = requirePerm(user, \"plugins:read\");\n\tif (denied) return denied;\n\n\tconst query = url.searchParams.get(\"q\") ?? undefined;\n\tconst keyword = url.searchParams.get(\"keyword\") ?? undefined;\n\tconst sortParam = url.searchParams.get(\"sort\");\n\tconst validSorts = new Set([\"name\", \"created\", \"updated\"]);\n\tlet sort: \"name\" | \"created\" | \"updated\" | undefined;\n\tif (sortParam && validSorts.has(sortParam)) {\n\t\tsort = sortParam as \"name\" | \"created\" | \"updated\"; // eslint-disable-line typescript-eslint(no-unsafe-type-assertion) -- validated by Set.has()\n\t}\n\tconst cursor = url.searchParams.get(\"cursor\") ?? undefined;\n\tconst limitParam = url.searchParams.get(\"limit\");\n\tconst limit = limitParam ? Math.min(Math.max(1, parseInt(limitParam, 10) || 50), 100) : undefined;\n\n\tconst result = await handleThemeSearch(emdash.config.marketplace, query, {\n\t\tkeyword,\n\t\tsort,\n\t\tcursor,\n\t\tlimit,\n\t});\n\n\treturn unwrapResult(result);\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYA,MAAa,YAAY;AAEzB,MAAa,MAAgB,OAAO,EAAE,KAAK,aAAa;CACvD,MAAM,EAAE,QAAQ,SAAS;AAEzB,KAAI,CAAC,QAAQ,GACZ,QAAO,SAAS,kBAAkB,6BAA6B,IAAI;CAGpE,MAAM,SAAS,YAAY,MAAM,eAAe;AAChD,KAAI,OAAQ,QAAO;CAEnB,MAAM,QAAQ,IAAI,aAAa,IAAI,IAAI,IAAI;CAC3C,MAAM,UAAU,IAAI,aAAa,IAAI,UAAU,IAAI;CACnD,MAAM,YAAY,IAAI,aAAa,IAAI,OAAO;CAC9C,MAAM,aAAa,IAAI,IAAI;EAAC;EAAQ;EAAW;EAAU,CAAC;CAC1D,IAAI;AACJ,KAAI,aAAa,WAAW,IAAI,UAAU,CACzC,QAAO;CAER,MAAM,SAAS,IAAI,aAAa,IAAI,SAAS,IAAI;CACjD,MAAM,aAAa,IAAI,aAAa,IAAI,QAAQ;CAChD,MAAM,QAAQ,aAAa,KAAK,IAAI,KAAK,IAAI,GAAG,SAAS,YAAY,GAAG,IAAI,GAAG,EAAE,IAAI,GAAG;AASxF,QAAO,aAPQ,MAAM,kBAAkB,OAAO,OAAO,aAAa,OAAO;EACxE;EACA;EACA;EACA;EACA,CAAC,CAEyB"}
+{"version":3,"file":"index.mjs","names":[],"sources":["../../../../../../../src/astro/routes/api/admin/themes/marketplace/index.ts"],"sourcesContent":["/**\n * Theme marketplace search proxy endpoint\n *\n * GET /_emdash/api/admin/themes/marketplace - Search marketplace themes\n */\n\nimport type { APIRoute } from \"astro\";\n\nimport { requirePerm } from \"#api/authorize.js\";\nimport { apiError, unwrapResult } from \"#api/error.js\";\nimport { handleThemeSearch } from \"#api/index.js\";\n\nexport const prerender = false;\n\nexport const GET: APIRoute = async ({ url, locals }) => {\n\tconst { emdash, user } = locals;\n\n\tif (!emdash?.db) {\n\t\treturn apiError(\"NOT_CONFIGURED\", \"EmDash is not initialized\", 500);\n\t}\n\n\tconst denied = requirePerm(user, \"plugins:read\");\n\tif (denied) return denied;\n\n\tconst query = url.searchParams.get(\"q\") ?? undefined;\n\tconst keyword = url.searchParams.get(\"keyword\") ?? undefined;\n\tconst sortParam = url.searchParams.get(\"sort\");\n\tconst validSorts = new Set([\"name\", \"created\", \"updated\"]);\n\tlet sort: \"name\" | \"created\" | \"updated\" | undefined;\n\tif (sortParam && validSorts.has(sortParam)) {\n\t\tsort = sortParam as \"name\" | \"created\" | \"updated\"; // eslint-disable-line typescript/no-unsafe-type-assertion -- validated by Set.has()\n\t}\n\tconst cursor = url.searchParams.get(\"cursor\") ?? undefined;\n\tconst limitParam = url.searchParams.get(\"limit\");\n\tconst limit = limitParam ? Math.min(Math.max(1, parseInt(limitParam, 10) || 50), 100) : undefined;\n\n\tconst result = await handleThemeSearch(emdash.config.marketplace, query, {\n\t\tkeyword,\n\t\tsort,\n\t\tcursor,\n\t\tlimit,\n\t});\n\n\treturn unwrapResult(result);\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYA,MAAa,YAAY;AAEzB,MAAa,MAAgB,OAAO,EAAE,KAAK,aAAa;CACvD,MAAM,EAAE,QAAQ,SAAS;AAEzB,KAAI,CAAC,QAAQ,GACZ,QAAO,SAAS,kBAAkB,6BAA6B,IAAI;CAGpE,MAAM,SAAS,YAAY,MAAM,eAAe;AAChD,KAAI,OAAQ,QAAO;CAEnB,MAAM,QAAQ,IAAI,aAAa,IAAI,IAAI,IAAI;CAC3C,MAAM,UAAU,IAAI,aAAa,IAAI,UAAU,IAAI;CACnD,MAAM,YAAY,IAAI,aAAa,IAAI,OAAO;CAC9C,MAAM,aAAa,IAAI,IAAI;EAAC;EAAQ;EAAW;EAAU,CAAC;CAC1D,IAAI;AACJ,KAAI,aAAa,WAAW,IAAI,UAAU,CACzC,QAAO;CAER,MAAM,SAAS,IAAI,aAAa,IAAI,SAAS,IAAI;CACjD,MAAM,aAAa,IAAI,aAAa,IAAI,QAAQ;CAChD,MAAM,QAAQ,aAAa,KAAK,IAAI,KAAK,IAAI,GAAG,SAAS,YAAY,GAAG,IAAI,GAAG,EAAE,IAAI,GAAG;AASxF,QAAO,aAPQ,MAAM,kBAAkB,OAAO,OAAO,aAAa,OAAO;EACxE;EACA;EACA;EACA;EACA,CAAC,CAEyB"}

package/dist/astro/routes/api/admin/users/_id_/disable.mjs

@@ -1,7 +1,7 @@
 import "../../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../../types-CwXMEPRr.mjs";
+import "../../../../../../types-B0bmgwMG.mjs";
 import { t as withTransaction } from "../../../../../../transaction-NQj4VJ7Z.mjs";
-import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../../error-tSQWIl5U.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../../error-ChfADBuu.mjs";
 import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
 import { Role } from "@emdash-cms/auth";
 

package/dist/astro/routes/api/admin/users/_id_/enable.mjs

@@ -1,6 +1,6 @@
 import "../../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../../types-CwXMEPRr.mjs";
-import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../../error-tSQWIl5U.mjs";
+import "../../../../../../types-B0bmgwMG.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../../error-ChfADBuu.mjs";
 import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
 import { Role } from "@emdash-cms/auth";
 

package/dist/astro/routes/api/admin/users/_id_/index.mjs

@@ -1,10 +1,10 @@
 import "../../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../../types-CwXMEPRr.mjs";
+import "../../../../../../types-B0bmgwMG.mjs";
 import { t as withTransaction } from "../../../../../../transaction-NQj4VJ7Z.mjs";
-import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../../error-tSQWIl5U.mjs";
-import { n as parseBody, t as isParseError } from "../../../../../../parse-BFTPon-J.mjs";
-import { E as userUpdateBody } from "../../../../../../redirects-Dmj6KRU3.mjs";
-import "../../../../../../setup-BGAJ2uXs.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../../error-ChfADBuu.mjs";
+import { n as parseBody, t as isParseError } from "../../../../../../parse-DHbXfvxO.mjs";
+import { E as userUpdateBody } from "../../../../../../redirects-COMLwsV5.mjs";
+import "../../../../../../setup-Cf_TyOv5.mjs";
 import "../../../../../../api/schemas/index.mjs";
 import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
 import { Role } from "@emdash-cms/auth";

package/dist/astro/routes/api/admin/users/_id_/send-recovery.mjs

@@ -1,8 +1,8 @@
 import "../../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../../types-CwXMEPRr.mjs";
+import "../../../../../../types-B0bmgwMG.mjs";
 import { t as OptionsRepository } from "../../../../../../options-BL4X94qY.mjs";
-import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../../error-tSQWIl5U.mjs";
-import { t as getSiteBaseUrl } from "../../../../../../site-url-D-M4Fd8O.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../../error-ChfADBuu.mjs";
+import { t as getSiteBaseUrl } from "../../../../../../site-url-xkhw1tcz.mjs";
 import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
 import { Role, sendMagicLink } from "@emdash-cms/auth";
 

package/dist/astro/routes/api/admin/users/index.mjs

@@ -1,9 +1,9 @@
 import "../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../types-CwXMEPRr.mjs";
-import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-tSQWIl5U.mjs";
-import { i as parseQuery, t as isParseError } from "../../../../../parse-BFTPon-J.mjs";
-import { D as usersListQuery } from "../../../../../redirects-Dmj6KRU3.mjs";
-import "../../../../../setup-BGAJ2uXs.mjs";
+import "../../../../../types-B0bmgwMG.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-ChfADBuu.mjs";
+import { i as parseQuery, t as isParseError } from "../../../../../parse-DHbXfvxO.mjs";
+import { D as usersListQuery } from "../../../../../redirects-COMLwsV5.mjs";
+import "../../../../../setup-Cf_TyOv5.mjs";
 import "../../../../../api/schemas/index.mjs";
 import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
 import { Role } from "@emdash-cms/auth";

package/dist/astro/routes/api/auth/dev-bypass.mjs

@@ -1,10 +1,10 @@
-import { r as runMigrations } from "../../../../runner-DdnQIwz_.mjs";
+import { r as runMigrations } from "../../../../runner-Drnvs96u.mjs";
 import "../../../../dialect-helpers-BKCvISIQ.mjs";
 import "../../../../base64-CqR-7kqF.mjs";
-import "../../../../types-CwXMEPRr.mjs";
-import { n as apiSuccess, r as handleError, t as apiError } from "../../../../error-tSQWIl5U.mjs";
-import { t as escapeHtml } from "../../../../escape-B8bdIryO.mjs";
-import { t as isSafeRedirect } from "../../../../redirect-DGRsLO2I.mjs";
+import "../../../../types-B0bmgwMG.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../error-ChfADBuu.mjs";
+import { t as escapeHtml } from "../../../../escape-Cg6kMELH.mjs";
+import { t as isSafeRedirect } from "../../../../redirect-BINiRYq4.mjs";
 import { ulid } from "ulidx";
 
 //#region src/astro/routes/api/auth/dev-bypass.ts

package/dist/astro/routes/api/auth/invite/accept.mjs

@@ -1,6 +1,6 @@
 import "../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../types-CwXMEPRr.mjs";
-import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-tSQWIl5U.mjs";
+import "../../../../../types-B0bmgwMG.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-ChfADBuu.mjs";
 import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
 import { InviteError, roleFromLevel, validateInvite } from "@emdash-cms/auth";
 

package/dist/astro/routes/api/auth/invite/complete.mjs

@@ -1,15 +1,15 @@
 import "../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../types-CwXMEPRr.mjs";
+import "../../../../../types-B0bmgwMG.mjs";
 import { t as OptionsRepository } from "../../../../../options-BL4X94qY.mjs";
-import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-tSQWIl5U.mjs";
-import { n as parseBody, t as isParseError } from "../../../../../parse-BFTPon-J.mjs";
-import "../../../../../redirects-Dmj6KRU3.mjs";
-import { p as inviteCompleteBody } from "../../../../../setup-BGAJ2uXs.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-ChfADBuu.mjs";
+import { n as parseBody, t as isParseError } from "../../../../../parse-DHbXfvxO.mjs";
+import "../../../../../redirects-COMLwsV5.mjs";
+import { p as inviteCompleteBody } from "../../../../../setup-Cf_TyOv5.mjs";
 import "../../../../../api/schemas/index.mjs";
-import { n as getPublicOrigin } from "../../../../../public-url-CseXl9Fv.mjs";
-import { n as validateAllowedOrigins, t as getConfiguredAllowedOrigins } from "../../../../../allowed-origins-CDdG-4Gd.mjs";
-import { n as createChallengeStore } from "../../../../../challenge-store-CJ0OOHOr.mjs";
-import { t as getPasskeyConfig } from "../../../../../passkey-config-Cg86_ISa.mjs";
+import { n as getPublicOrigin } from "../../../../../public-url-CUWWFME2.mjs";
+import { n as validateAllowedOrigins, t as getConfiguredAllowedOrigins } from "../../../../../allowed-origins-D0fFk9a6.mjs";
+import { n as createChallengeStore } from "../../../../../challenge-store-Dng1SxKT.mjs";
+import { t as getPasskeyConfig } from "../../../../../passkey-config-BloQOT3y.mjs";
 import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
 import { InviteError, completeInvite } from "@emdash-cms/auth";
 import { registerPasskey, verifyRegistrationResponse } from "@emdash-cms/auth/passkey";

package/dist/astro/routes/api/auth/invite/index.mjs

@@ -1,12 +1,12 @@
 import "../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../types-CwXMEPRr.mjs";
+import "../../../../../types-B0bmgwMG.mjs";
 import { t as OptionsRepository } from "../../../../../options-BL4X94qY.mjs";
-import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-tSQWIl5U.mjs";
-import { n as parseBody, t as isParseError } from "../../../../../parse-BFTPon-J.mjs";
-import "../../../../../redirects-Dmj6KRU3.mjs";
-import { m as inviteCreateBody } from "../../../../../setup-BGAJ2uXs.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-ChfADBuu.mjs";
+import { n as parseBody, t as isParseError } from "../../../../../parse-DHbXfvxO.mjs";
+import "../../../../../redirects-COMLwsV5.mjs";
+import { m as inviteCreateBody } from "../../../../../setup-Cf_TyOv5.mjs";
 import "../../../../../api/schemas/index.mjs";
-import { t as getSiteBaseUrl } from "../../../../../site-url-D-M4Fd8O.mjs";
+import { t as getSiteBaseUrl } from "../../../../../site-url-xkhw1tcz.mjs";
 import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
 import { InviteError, Role, createInvite } from "@emdash-cms/auth";
 

package/dist/astro/routes/api/auth/invite/register-options.mjs

@@ -1,14 +1,14 @@
 import "../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../types-CwXMEPRr.mjs";
+import "../../../../../types-B0bmgwMG.mjs";
 import { t as OptionsRepository } from "../../../../../options-BL4X94qY.mjs";
-import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-tSQWIl5U.mjs";
-import { n as parseBody, t as isParseError } from "../../../../../parse-BFTPon-J.mjs";
-import "../../../../../redirects-Dmj6KRU3.mjs";
-import { h as inviteRegisterOptionsBody } from "../../../../../setup-BGAJ2uXs.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-ChfADBuu.mjs";
+import { n as parseBody, t as isParseError } from "../../../../../parse-DHbXfvxO.mjs";
+import "../../../../../redirects-COMLwsV5.mjs";
+import { h as inviteRegisterOptionsBody } from "../../../../../setup-Cf_TyOv5.mjs";
 import "../../../../../api/schemas/index.mjs";
-import { n as getPublicOrigin } from "../../../../../public-url-CseXl9Fv.mjs";
-import { n as createChallengeStore } from "../../../../../challenge-store-CJ0OOHOr.mjs";
-import { t as getPasskeyConfig } from "../../../../../passkey-config-Cg86_ISa.mjs";
+import { n as getPublicOrigin } from "../../../../../public-url-CUWWFME2.mjs";
+import { n as createChallengeStore } from "../../../../../challenge-store-Dng1SxKT.mjs";
+import { t as getPasskeyConfig } from "../../../../../passkey-config-BloQOT3y.mjs";
 import { ulid } from "ulidx";
 import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
 import { InviteError, validateInvite } from "@emdash-cms/auth";

package/dist/astro/routes/api/auth/logout.mjs

@@ -1,7 +1,7 @@
 import "../../../../base64-CqR-7kqF.mjs";
-import "../../../../types-CwXMEPRr.mjs";
-import { n as apiSuccess, r as handleError } from "../../../../error-tSQWIl5U.mjs";
-import { t as isSafeRedirect } from "../../../../redirect-DGRsLO2I.mjs";
+import "../../../../types-B0bmgwMG.mjs";
+import { n as apiSuccess, r as handleError } from "../../../../error-ChfADBuu.mjs";
+import { t as isSafeRedirect } from "../../../../redirect-BINiRYq4.mjs";
 
 //#region src/astro/routes/api/auth/logout.ts
 const prerender = false;

package/dist/astro/routes/api/auth/magic-link/send.mjs

@@ -1,14 +1,14 @@
 import "../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../types-CwXMEPRr.mjs";
+import "../../../../../types-B0bmgwMG.mjs";
 import { t as OptionsRepository } from "../../../../../options-BL4X94qY.mjs";
-import { n as apiSuccess, t as apiError } from "../../../../../error-tSQWIl5U.mjs";
-import { n as parseBody, t as isParseError } from "../../../../../parse-BFTPon-J.mjs";
-import "../../../../../redirects-Dmj6KRU3.mjs";
-import { g as magicLinkSendBody } from "../../../../../setup-BGAJ2uXs.mjs";
+import { n as apiSuccess, t as apiError } from "../../../../../error-ChfADBuu.mjs";
+import { n as parseBody, t as isParseError } from "../../../../../parse-DHbXfvxO.mjs";
+import "../../../../../redirects-COMLwsV5.mjs";
+import { g as magicLinkSendBody } from "../../../../../setup-Cf_TyOv5.mjs";
 import "../../../../../api/schemas/index.mjs";
-import { t as getTrustedProxyHeaders } from "../../../../../trusted-proxy-CJhQIk65.mjs";
-import { t as getSiteBaseUrl } from "../../../../../site-url-D-M4Fd8O.mjs";
-import { n as getClientIp, t as checkRateLimit } from "../../../../../rate-limit-t5CVjCO6.mjs";
+import { t as getTrustedProxyHeaders } from "../../../../../trusted-proxy-97pajC2f.mjs";
+import { t as getSiteBaseUrl } from "../../../../../site-url-xkhw1tcz.mjs";
+import { n as getClientIp, t as checkRateLimit } from "../../../../../rate-limit-D8RAXN8b.mjs";
 import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
 import { sendMagicLink } from "@emdash-cms/auth";
 

package/dist/astro/routes/api/auth/magic-link/verify.mjs

@@ -1,7 +1,7 @@
 import "../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../types-CwXMEPRr.mjs";
-import { t as apiError } from "../../../../../error-tSQWIl5U.mjs";
-import { t as isSafeRedirect } from "../../../../../redirect-DGRsLO2I.mjs";
+import "../../../../../types-B0bmgwMG.mjs";
+import { t as apiError } from "../../../../../error-ChfADBuu.mjs";
+import { t as isSafeRedirect } from "../../../../../redirect-BINiRYq4.mjs";
 import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
 import { MagicLinkError, verifyMagicLink } from "@emdash-cms/auth";
 

package/dist/astro/routes/api/auth/me.mjs

@@ -1,9 +1,9 @@
 import "../../../../base64-CqR-7kqF.mjs";
-import "../../../../types-CwXMEPRr.mjs";
-import { n as apiSuccess, t as apiError } from "../../../../error-tSQWIl5U.mjs";
-import { n as parseBody, t as isParseError } from "../../../../parse-BFTPon-J.mjs";
-import "../../../../redirects-Dmj6KRU3.mjs";
-import { f as authMeActionBody } from "../../../../setup-BGAJ2uXs.mjs";
+import "../../../../types-B0bmgwMG.mjs";
+import { n as apiSuccess, t as apiError } from "../../../../error-ChfADBuu.mjs";
+import { n as parseBody, t as isParseError } from "../../../../parse-DHbXfvxO.mjs";
+import "../../../../redirects-COMLwsV5.mjs";
+import { f as authMeActionBody } from "../../../../setup-Cf_TyOv5.mjs";
 import "../../../../api/schemas/index.mjs";
 
 //#region src/astro/routes/api/auth/me.ts

package/dist/astro/routes/api/auth/mode.mjs

@@ -1,4 +1,4 @@
-import { t as getAuthMode } from "../../../../mode-DPRPvJYm.mjs";
+import { t as getAuthMode } from "../../../../mode-CaaiebZI.mjs";
 
 //#region src/astro/routes/api/auth/mode.ts
 const prerender = false;

package/dist/astro/routes/api/auth/oauth/_provider_/callback.mjs

@@ -1,7 +1,7 @@
 import { t as OptionsRepository } from "../../../../../../options-BL4X94qY.mjs";
-import { n as getPublicOrigin } from "../../../../../../public-url-CseXl9Fv.mjs";
-import { t as finalizeSetup } from "../../../../../../setup-complete-C6ZCLhKo.mjs";
-import { t as createOAuthStateStore } from "../../../../../../oauth-state-store-DpsZViTu.mjs";
+import { n as getPublicOrigin } from "../../../../../../public-url-CUWWFME2.mjs";
+import { t as finalizeSetup } from "../../../../../../setup-complete-MzzN9u0b.mjs";
+import { t as createOAuthStateStore } from "../../../../../../oauth-state-store-vOSdOeGe.mjs";
 import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
 import { OAuthError, Role, handleOAuthCallback } from "@emdash-cms/auth";
 

package/dist/astro/routes/api/auth/oauth/_provider_/callback.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"callback.mjs","names":[],"sources":["../../../../../../../src/astro/routes/api/auth/oauth/[provider]/callback.ts"],"sourcesContent":["/**\n * GET /_emdash/api/auth/oauth/[provider]/callback\n *\n * Handle OAuth callback from provider\n */\n\nimport type { APIRoute } from \"astro\";\n\nexport const prerender = false;\n\nimport {\n\thandleOAuthCallback,\n\tOAuthError,\n\tRole,\n\ttype OAuthConsumerConfig,\n\ttype RoleLevel,\n} from \"@emdash-cms/auth\";\nimport { createKyselyAdapter } from \"@emdash-cms/auth/adapters/kysely\";\n\nimport { getPublicOrigin } from \"#api/public-url.js\";\nimport { finalizeSetup } from \"#api/setup-complete.js\";\nimport { createOAuthStateStore } from \"#auth/oauth-state-store.js\";\nimport { OptionsRepository } from \"#db/repositories/options.js\";\n\ntype ProviderName = \"github\" | \"google\";\n\nconst VALID_PROVIDERS = new Set<string>([\"github\", \"google\"]);\n\nfunction isValidProvider(provider: string): provider is ProviderName {\n\treturn VALID_PROVIDERS.has(provider);\n}\n\n/** Safely extract a string value from an env-like record */\nfunction envString(env: Record<string, unknown>, ...keys: string[]): string | undefined {\n\tfor (const key of keys) {\n\t\tconst val = env[key];\n\t\tif (typeof val === \"string\" && val) return val;\n\t}\n\treturn undefined;\n}\n\n/**\n * Get OAuth config from environment variables\n */\nfunction getOAuthConfig(env: Record<string, unknown>): OAuthConsumerConfig[\"providers\"] {\n\tconst providers: OAuthConsumerConfig[\"providers\"] = {};\n\n\t// GitHub\n\tconst githubClientId = envString(env, \"EMDASH_OAUTH_GITHUB_CLIENT_ID\", \"GITHUB_CLIENT_ID\");\n\tconst githubClientSecret = envString(\n\t\tenv,\n\t\t\"EMDASH_OAUTH_GITHUB_CLIENT_SECRET\",\n\t\t\"GITHUB_CLIENT_SECRET\",\n\t);\n\tif (githubClientId && githubClientSecret) {\n\t\tproviders.github = {\n\t\t\tclientId: githubClientId,\n\t\t\tclientSecret: githubClientSecret,\n\t\t};\n\t}\n\n\t// Google\n\tconst googleClientId = envString(env, \"EMDASH_OAUTH_GOOGLE_CLIENT_ID\", \"GOOGLE_CLIENT_ID\");\n\tconst googleClientSecret = envString(\n\t\tenv,\n\t\t\"EMDASH_OAUTH_GOOGLE_CLIENT_SECRET\",\n\t\t\"GOOGLE_CLIENT_SECRET\",\n\t);\n\tif (googleClientId && googleClientSecret) {\n\t\tproviders.google = {\n\t\t\tclientId: googleClientId,\n\t\t\tclientSecret: googleClientSecret,\n\t\t};\n\t}\n\n\treturn providers;\n}\n\nexport const GET: APIRoute = async ({ params, request, locals, session, redirect }) => {\n\tconst { emdash } = locals;\n\tconst provider = params.provider;\n\n\t// Validate provider\n\tif (!provider || !isValidProvider(provider)) {\n\t\treturn redirect(\n\t\t\t`/_emdash/admin/login?error=invalid_provider&message=${encodeURIComponent(\"Invalid OAuth provider\")}`,\n\t\t);\n\t}\n\n\tif (!emdash?.db) {\n\t\treturn redirect(\n\t\t\t`/_emdash/admin/login?error=server_error&message=${encodeURIComponent(\"Database not configured\")}`,\n\t\t);\n\t}\n\n\tconst url = new URL(request.url);\n\tconst code = url.searchParams.get(\"code\");\n\tconst state = url.searchParams.get(\"state\");\n\tconst error = url.searchParams.get(\"error\");\n\tconst errorDescription = url.searchParams.get(\"error_description\");\n\n\t// Handle OAuth errors from provider\n\tif (error) {\n\t\tconst message = errorDescription || error;\n\t\treturn redirect(\n\t\t\t`/_emdash/admin/login?error=oauth_denied&message=${encodeURIComponent(message)}`,\n\t\t);\n\t}\n\n\t// Validate required params\n\tif (!code || !state) {\n\t\treturn redirect(\n\t\t\t`/_emdash/admin/login?error=invalid_callback&message=${encodeURIComponent(\"Missing code or state parameter\")}`,\n\t\t);\n\t}\n\n\ttry {\n\t\t// Get OAuth providers from environment\n\t\t// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- locals.runtime is injected by the Cloudflare adapter at runtime; not declared on App.Locals since the adapter is optional\n\t\tconst runtimeLocals = locals as unknown as { runtime?: { env?: Record<string, unknown> } };\n\t\t// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- import.meta.env is typed as ImportMetaEnv but we need Record<string, unknown> for getOAuthConfig\n\t\tconst env = runtimeLocals.runtime?.env ?? (import.meta.env as Record<string, unknown>);\n\t\tconst providers = getOAuthConfig(env);\n\n\t\tif (!providers[provider]) {\n\t\t\treturn redirect(\n\t\t\t\t`/_emdash/admin/login?error=provider_not_configured&message=${encodeURIComponent(`OAuth provider ${provider} is not configured`)}`,\n\t\t\t);\n\t\t}\n\n\t\tconst adapter = createKyselyAdapter(emdash.db);\n\t\tconst stateStore = createOAuthStateStore(emdash.db);\n\n\t\tconst config: OAuthConsumerConfig = {\n\t\t\tbaseUrl: `${getPublicOrigin(url, emdash?.config)}/_emdash`,\n\t\t\tproviders,\n\t\t\tcanSelfSignup: async (email: string) => {\n\t\t\t\t// During setup: first user becomes admin.\n\t\t\t\t// Check setup_complete flag instead of countUsers() to avoid\n\t\t\t\t// a TOCTOU race where concurrent callbacks both see 0 users.\n\t\t\t\tconst options = new OptionsRepository(emdash.db);\n\t\t\t\tconst setupComplete = await options.get(\"emdash:setup_complete\");\n\t\t\t\tif (setupComplete !== true && setupComplete !== \"true\") {\n\t\t\t\t\treturn { allowed: true, role: Role.ADMIN };\n\t\t\t\t}\n\n\t\t\t\t// Extract domain from email\n\t\t\t\tconst domain = email.split(\"@\")[1]?.toLowerCase();\n\t\t\t\tif (!domain) {\n\t\t\t\t\treturn null;\n\t\t\t\t}\n\n\t\t\t\t// Check allowed_domains table for a matching, enabled entry\n\t\t\t\tconst entry = await emdash.db\n\t\t\t\t\t.selectFrom(\"allowed_domains\")\n\t\t\t\t\t.selectAll()\n\t\t\t\t\t.where(\"domain\", \"=\", domain)\n\t\t\t\t\t.where(\"enabled\", \"=\", 1)\n\t\t\t\t\t.executeTakeFirst();\n\n\t\t\t\tif (!entry) {\n\t\t\t\t\treturn null;\n\t\t\t\t}\n\n\t\t\t\t// Map the stored role level to the Role enum\n\t\t\t\tconst roleLevel = entry.default_role;\n\t\t\t\tconst roleMap: Record<number, RoleLevel> = {\n\t\t\t\t\t50: Role.ADMIN,\n\t\t\t\t\t40: Role.EDITOR,\n\t\t\t\t\t30: Role.AUTHOR,\n\t\t\t\t\t20: Role.CONTRIBUTOR,\n\t\t\t\t\t10: Role.SUBSCRIBER,\n\t\t\t\t};\n\t\t\t\tconst role = roleMap[roleLevel] ?? Role.CONTRIBUTOR;\n\t\t\t\tif (!roleMap[roleLevel]) {\n\t\t\t\t\tconsole.warn(\n\t\t\t\t\t\t`[oauth] Unknown role level ${roleLevel} for domain ${domain}, defaulting to CONTRIBUTOR`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\treturn { allowed: true, role };\n\t\t\t},\n\t\t};\n\n\t\tconst options = new OptionsRepository(emdash.db);\n\t\tconst setupCompleteBefore = await options.get(\"emdash:setup_complete\");\n\t\tconst user = await handleOAuthCallback(config, adapter, provider, code, state, stateStore);\n\t\tconst isFirstUser = setupCompleteBefore !== true && setupCompleteBefore !== \"true\";\n\n\t\t// Finalize setup outside the transaction (idempotent, safe if two callbacks race).\n\t\tif (isFirstUser) {\n\t\t\tawait finalizeSetup(emdash.db);\n\t\t\tconsole.log(`[oauth] Setup complete: created admin user via ${provider} (${user.email})`);\n\t\t}\n\n\t\t// Create session\n\t\tif (session) {\n\t\t\tsession.set(\"user\", { id: user.id });\n\t\t}\n\n\t\t// Redirect to admin dashboard\n\t\treturn redirect(\"/_emdash/admin\");\n\t} catch (callbackError) {\n\t\tconsole.error(\"OAuth callback error:\", callbackError);\n\n\t\tlet message = \"Authentication failed\";\n\t\tlet errorCode = \"oauth_error\";\n\n\t\tif (callbackError instanceof OAuthError) {\n\t\t\terrorCode = callbackError.code;\n\n\t\t\t// Map all error codes to user-friendly messages (never expose raw error.message)\n\t\t\tswitch (callbackError.code) {\n\t\t\t\tcase \"invalid_state\":\n\t\t\t\t\tmessage = \"OAuth session expired or invalid. Please try again.\";\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"signup_not_allowed\":\n\t\t\t\t\tmessage = \"Self-signup is not allowed for your email. Please contact an administrator.\";\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"user_not_found\":\n\t\t\t\t\tmessage = \"Your account was not found. It may have been deleted.\";\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"token_exchange_failed\":\n\t\t\t\t\tmessage = \"Failed to complete authentication. Please try again.\";\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"profile_fetch_failed\":\n\t\t\t\t\tmessage = \"Failed to retrieve your profile. Please try again.\";\n\t\t\t\t\tbreak;\n\t\t\t\tdefault:\n\t\t\t\t\tmessage = \"Authentication failed. Please try again.\";\n\t\t\t\t\tbreak;\n\t\t\t}\n\t\t}\n\t\t// For generic errors, keep the default \"Authentication failed\" message\n\n\t\treturn redirect(\n\t\t\t`/_emdash/admin/login?error=${errorCode}&message=${encodeURIComponent(message)}`,\n\t\t);\n\t}\n};\n"],"mappings":";;;;;;;;AAQA,MAAa,YAAY;AAkBzB,MAAM,kBAAkB,IAAI,IAAY,CAAC,UAAU,SAAS,CAAC;AAE7D,SAAS,gBAAgB,UAA4C;AACpE,QAAO,gBAAgB,IAAI,SAAS;;;AAIrC,SAAS,UAAU,KAA8B,GAAG,MAAoC;AACvF,MAAK,MAAM,OAAO,MAAM;EACvB,MAAM,MAAM,IAAI;AAChB,MAAI,OAAO,QAAQ,YAAY,IAAK,QAAO;;;;;;AAQ7C,SAAS,eAAe,KAAgE;CACvF,MAAM,YAA8C,EAAE;CAGtD,MAAM,iBAAiB,UAAU,KAAK,iCAAiC,mBAAmB;CAC1F,MAAM,qBAAqB,UAC1B,KACA,qCACA,uBACA;AACD,KAAI,kBAAkB,mBACrB,WAAU,SAAS;EAClB,UAAU;EACV,cAAc;EACd;CAIF,MAAM,iBAAiB,UAAU,KAAK,iCAAiC,mBAAmB;CAC1F,MAAM,qBAAqB,UAC1B,KACA,qCACA,uBACA;AACD,KAAI,kBAAkB,mBACrB,WAAU,SAAS;EAClB,UAAU;EACV,cAAc;EACd;AAGF,QAAO;;AAGR,MAAa,MAAgB,OAAO,EAAE,QAAQ,SAAS,QAAQ,SAAS,eAAe;CACtF,MAAM,EAAE,WAAW;CACnB,MAAM,WAAW,OAAO;AAGxB,KAAI,CAAC,YAAY,CAAC,gBAAgB,SAAS,CAC1C,QAAO,SACN,uDAAuD,mBAAmB,yBAAyB,GACnG;AAGF,KAAI,CAAC,QAAQ,GACZ,QAAO,SACN,mDAAmD,mBAAmB,0BAA0B,GAChG;CAGF,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;CAChC,MAAM,OAAO,IAAI,aAAa,IAAI,OAAO;CACzC,MAAM,QAAQ,IAAI,aAAa,IAAI,QAAQ;CAC3C,MAAM,QAAQ,IAAI,aAAa,IAAI,QAAQ;CAC3C,MAAM,mBAAmB,IAAI,aAAa,IAAI,oBAAoB;AAGlE,KAAI,OAAO;EACV,MAAM,UAAU,oBAAoB;AACpC,SAAO,SACN,mDAAmD,mBAAmB,QAAQ,GAC9E;;AAIF,KAAI,CAAC,QAAQ,CAAC,MACb,QAAO,SACN,uDAAuD,mBAAmB,kCAAkC,GAC5G;AAGF,KAAI;EAMH,MAAM,YAAY,eAHI,OAEI,SAAS,OAAQ,OAAO,KAAK,IAClB;AAErC,MAAI,CAAC,UAAU,UACd,QAAO,SACN,8DAA8D,mBAAmB,kBAAkB,SAAS,oBAAoB,GAChI;EAGF,MAAM,UAAU,oBAAoB,OAAO,GAAG;EAC9C,MAAM,aAAa,sBAAsB,OAAO,GAAG;EAEnD,MAAM,SAA8B;GACnC,SAAS,GAAG,gBAAgB,KAAK,QAAQ,OAAO,CAAC;GACjD;GACA,eAAe,OAAO,UAAkB;IAKvC,MAAM,gBAAgB,MADN,IAAI,kBAAkB,OAAO,GAAG,CACZ,IAAI,wBAAwB;AAChE,QAAI,kBAAkB,QAAQ,kBAAkB,OAC/C,QAAO;KAAE,SAAS;KAAM,MAAM,KAAK;KAAO;IAI3C,MAAM,SAAS,MAAM,MAAM,IAAI,CAAC,IAAI,aAAa;AACjD,QAAI,CAAC,OACJ,QAAO;IAIR,MAAM,QAAQ,MAAM,OAAO,GACzB,WAAW,kBAAkB,CAC7B,WAAW,CACX,MAAM,UAAU,KAAK,OAAO,CAC5B,MAAM,WAAW,KAAK,EAAE,CACxB,kBAAkB;AAEpB,QAAI,CAAC,MACJ,QAAO;IAIR,MAAM,YAAY,MAAM;IACxB,MAAM,UAAqC;KAC1C,IAAI,KAAK;KACT,IAAI,KAAK;KACT,IAAI,KAAK;KACT,IAAI,KAAK;KACT,IAAI,KAAK;KACT;IACD,MAAM,OAAO,QAAQ,cAAc,KAAK;AACxC,QAAI,CAAC,QAAQ,WACZ,SAAQ,KACP,8BAA8B,UAAU,cAAc,OAAO,6BAC7D;AAGF,WAAO;KAAE,SAAS;KAAM;KAAM;;GAE/B;EAGD,MAAM,sBAAsB,MADZ,IAAI,kBAAkB,OAAO,GAAG,CACN,IAAI,wBAAwB;EACtE,MAAM,OAAO,MAAM,oBAAoB,QAAQ,SAAS,UAAU,MAAM,OAAO,WAAW;AAI1F,MAHoB,wBAAwB,QAAQ,wBAAwB,QAG3D;AAChB,SAAM,cAAc,OAAO,GAAG;AAC9B,WAAQ,IAAI,kDAAkD,SAAS,IAAI,KAAK,MAAM,GAAG;;AAI1F,MAAI,QACH,SAAQ,IAAI,QAAQ,EAAE,IAAI,KAAK,IAAI,CAAC;AAIrC,SAAO,SAAS,iBAAiB;UACzB,eAAe;AACvB,UAAQ,MAAM,yBAAyB,cAAc;EAErD,IAAI,UAAU;EACd,IAAI,YAAY;AAEhB,MAAI,yBAAyB,YAAY;AACxC,eAAY,cAAc;AAG1B,WAAQ,cAAc,MAAtB;IACC,KAAK;AACJ,eAAU;AACV;IACD,KAAK;AACJ,eAAU;AACV;IACD,KAAK;AACJ,eAAU;AACV;IACD,KAAK;AACJ,eAAU;AACV;IACD,KAAK;AACJ,eAAU;AACV;IACD;AACC,eAAU;AACV;;;AAKH,SAAO,SACN,8BAA8B,UAAU,WAAW,mBAAmB,QAAQ,GAC9E"}
+{"version":3,"file":"callback.mjs","names":[],"sources":["../../../../../../../src/astro/routes/api/auth/oauth/[provider]/callback.ts"],"sourcesContent":["/**\n * GET /_emdash/api/auth/oauth/[provider]/callback\n *\n * Handle OAuth callback from provider\n */\n\nimport type { APIRoute } from \"astro\";\n\nexport const prerender = false;\n\nimport {\n\thandleOAuthCallback,\n\tOAuthError,\n\tRole,\n\ttype OAuthConsumerConfig,\n\ttype RoleLevel,\n} from \"@emdash-cms/auth\";\nimport { createKyselyAdapter } from \"@emdash-cms/auth/adapters/kysely\";\n\nimport { getPublicOrigin } from \"#api/public-url.js\";\nimport { finalizeSetup } from \"#api/setup-complete.js\";\nimport { createOAuthStateStore } from \"#auth/oauth-state-store.js\";\nimport { OptionsRepository } from \"#db/repositories/options.js\";\n\ntype ProviderName = \"github\" | \"google\";\n\nconst VALID_PROVIDERS = new Set<string>([\"github\", \"google\"]);\n\nfunction isValidProvider(provider: string): provider is ProviderName {\n\treturn VALID_PROVIDERS.has(provider);\n}\n\n/** Safely extract a string value from an env-like record */\nfunction envString(env: Record<string, unknown>, ...keys: string[]): string | undefined {\n\tfor (const key of keys) {\n\t\tconst val = env[key];\n\t\tif (typeof val === \"string\" && val) return val;\n\t}\n\treturn undefined;\n}\n\n/**\n * Get OAuth config from environment variables\n */\nfunction getOAuthConfig(env: Record<string, unknown>): OAuthConsumerConfig[\"providers\"] {\n\tconst providers: OAuthConsumerConfig[\"providers\"] = {};\n\n\t// GitHub\n\tconst githubClientId = envString(env, \"EMDASH_OAUTH_GITHUB_CLIENT_ID\", \"GITHUB_CLIENT_ID\");\n\tconst githubClientSecret = envString(\n\t\tenv,\n\t\t\"EMDASH_OAUTH_GITHUB_CLIENT_SECRET\",\n\t\t\"GITHUB_CLIENT_SECRET\",\n\t);\n\tif (githubClientId && githubClientSecret) {\n\t\tproviders.github = {\n\t\t\tclientId: githubClientId,\n\t\t\tclientSecret: githubClientSecret,\n\t\t};\n\t}\n\n\t// Google\n\tconst googleClientId = envString(env, \"EMDASH_OAUTH_GOOGLE_CLIENT_ID\", \"GOOGLE_CLIENT_ID\");\n\tconst googleClientSecret = envString(\n\t\tenv,\n\t\t\"EMDASH_OAUTH_GOOGLE_CLIENT_SECRET\",\n\t\t\"GOOGLE_CLIENT_SECRET\",\n\t);\n\tif (googleClientId && googleClientSecret) {\n\t\tproviders.google = {\n\t\t\tclientId: googleClientId,\n\t\t\tclientSecret: googleClientSecret,\n\t\t};\n\t}\n\n\treturn providers;\n}\n\nexport const GET: APIRoute = async ({ params, request, locals, session, redirect }) => {\n\tconst { emdash } = locals;\n\tconst provider = params.provider;\n\n\t// Validate provider\n\tif (!provider || !isValidProvider(provider)) {\n\t\treturn redirect(\n\t\t\t`/_emdash/admin/login?error=invalid_provider&message=${encodeURIComponent(\"Invalid OAuth provider\")}`,\n\t\t);\n\t}\n\n\tif (!emdash?.db) {\n\t\treturn redirect(\n\t\t\t`/_emdash/admin/login?error=server_error&message=${encodeURIComponent(\"Database not configured\")}`,\n\t\t);\n\t}\n\n\tconst url = new URL(request.url);\n\tconst code = url.searchParams.get(\"code\");\n\tconst state = url.searchParams.get(\"state\");\n\tconst error = url.searchParams.get(\"error\");\n\tconst errorDescription = url.searchParams.get(\"error_description\");\n\n\t// Handle OAuth errors from provider\n\tif (error) {\n\t\tconst message = errorDescription || error;\n\t\treturn redirect(\n\t\t\t`/_emdash/admin/login?error=oauth_denied&message=${encodeURIComponent(message)}`,\n\t\t);\n\t}\n\n\t// Validate required params\n\tif (!code || !state) {\n\t\treturn redirect(\n\t\t\t`/_emdash/admin/login?error=invalid_callback&message=${encodeURIComponent(\"Missing code or state parameter\")}`,\n\t\t);\n\t}\n\n\ttry {\n\t\t// Get OAuth providers from environment\n\t\t// eslint-disable-next-line typescript/no-unsafe-type-assertion -- locals.runtime is injected by the Cloudflare adapter at runtime; not declared on App.Locals since the adapter is optional\n\t\tconst runtimeLocals = locals as unknown as { runtime?: { env?: Record<string, unknown> } };\n\t\t// eslint-disable-next-line typescript/no-unsafe-type-assertion -- import.meta.env is typed as ImportMetaEnv but we need Record<string, unknown> for getOAuthConfig\n\t\tconst env = runtimeLocals.runtime?.env ?? (import.meta.env as Record<string, unknown>);\n\t\tconst providers = getOAuthConfig(env);\n\n\t\tif (!providers[provider]) {\n\t\t\treturn redirect(\n\t\t\t\t`/_emdash/admin/login?error=provider_not_configured&message=${encodeURIComponent(`OAuth provider ${provider} is not configured`)}`,\n\t\t\t);\n\t\t}\n\n\t\tconst adapter = createKyselyAdapter(emdash.db);\n\t\tconst stateStore = createOAuthStateStore(emdash.db);\n\n\t\tconst config: OAuthConsumerConfig = {\n\t\t\tbaseUrl: `${getPublicOrigin(url, emdash?.config)}/_emdash`,\n\t\t\tproviders,\n\t\t\tcanSelfSignup: async (email: string) => {\n\t\t\t\t// During setup: first user becomes admin.\n\t\t\t\t// Check setup_complete flag instead of countUsers() to avoid\n\t\t\t\t// a TOCTOU race where concurrent callbacks both see 0 users.\n\t\t\t\tconst options = new OptionsRepository(emdash.db);\n\t\t\t\tconst setupComplete = await options.get(\"emdash:setup_complete\");\n\t\t\t\tif (setupComplete !== true && setupComplete !== \"true\") {\n\t\t\t\t\treturn { allowed: true, role: Role.ADMIN };\n\t\t\t\t}\n\n\t\t\t\t// Extract domain from email\n\t\t\t\tconst domain = email.split(\"@\")[1]?.toLowerCase();\n\t\t\t\tif (!domain) {\n\t\t\t\t\treturn null;\n\t\t\t\t}\n\n\t\t\t\t// Check allowed_domains table for a matching, enabled entry\n\t\t\t\tconst entry = await emdash.db\n\t\t\t\t\t.selectFrom(\"allowed_domains\")\n\t\t\t\t\t.selectAll()\n\t\t\t\t\t.where(\"domain\", \"=\", domain)\n\t\t\t\t\t.where(\"enabled\", \"=\", 1)\n\t\t\t\t\t.executeTakeFirst();\n\n\t\t\t\tif (!entry) {\n\t\t\t\t\treturn null;\n\t\t\t\t}\n\n\t\t\t\t// Map the stored role level to the Role enum\n\t\t\t\tconst roleLevel = entry.default_role;\n\t\t\t\tconst roleMap: Record<number, RoleLevel> = {\n\t\t\t\t\t50: Role.ADMIN,\n\t\t\t\t\t40: Role.EDITOR,\n\t\t\t\t\t30: Role.AUTHOR,\n\t\t\t\t\t20: Role.CONTRIBUTOR,\n\t\t\t\t\t10: Role.SUBSCRIBER,\n\t\t\t\t};\n\t\t\t\tconst role = roleMap[roleLevel] ?? Role.CONTRIBUTOR;\n\t\t\t\tif (!roleMap[roleLevel]) {\n\t\t\t\t\tconsole.warn(\n\t\t\t\t\t\t`[oauth] Unknown role level ${roleLevel} for domain ${domain}, defaulting to CONTRIBUTOR`,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\treturn { allowed: true, role };\n\t\t\t},\n\t\t};\n\n\t\tconst options = new OptionsRepository(emdash.db);\n\t\tconst setupCompleteBefore = await options.get(\"emdash:setup_complete\");\n\t\tconst user = await handleOAuthCallback(config, adapter, provider, code, state, stateStore);\n\t\tconst isFirstUser = setupCompleteBefore !== true && setupCompleteBefore !== \"true\";\n\n\t\t// Finalize setup outside the transaction (idempotent, safe if two callbacks race).\n\t\tif (isFirstUser) {\n\t\t\tawait finalizeSetup(emdash.db);\n\t\t\tconsole.log(`[oauth] Setup complete: created admin user via ${provider} (${user.email})`);\n\t\t}\n\n\t\t// Create session\n\t\tif (session) {\n\t\t\tsession.set(\"user\", { id: user.id });\n\t\t}\n\n\t\t// Redirect to admin dashboard\n\t\treturn redirect(\"/_emdash/admin\");\n\t} catch (callbackError) {\n\t\tconsole.error(\"OAuth callback error:\", callbackError);\n\n\t\tlet message = \"Authentication failed\";\n\t\tlet errorCode = \"oauth_error\";\n\n\t\tif (callbackError instanceof OAuthError) {\n\t\t\terrorCode = callbackError.code;\n\n\t\t\t// Map all error codes to user-friendly messages (never expose raw error.message)\n\t\t\tswitch (callbackError.code) {\n\t\t\t\tcase \"invalid_state\":\n\t\t\t\t\tmessage = \"OAuth session expired or invalid. Please try again.\";\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"signup_not_allowed\":\n\t\t\t\t\tmessage = \"Self-signup is not allowed for your email. Please contact an administrator.\";\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"user_not_found\":\n\t\t\t\t\tmessage = \"Your account was not found. It may have been deleted.\";\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"token_exchange_failed\":\n\t\t\t\t\tmessage = \"Failed to complete authentication. Please try again.\";\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"profile_fetch_failed\":\n\t\t\t\t\tmessage = \"Failed to retrieve your profile. Please try again.\";\n\t\t\t\t\tbreak;\n\t\t\t\tdefault:\n\t\t\t\t\tmessage = \"Authentication failed. Please try again.\";\n\t\t\t\t\tbreak;\n\t\t\t}\n\t\t}\n\t\t// For generic errors, keep the default \"Authentication failed\" message\n\n\t\treturn redirect(\n\t\t\t`/_emdash/admin/login?error=${errorCode}&message=${encodeURIComponent(message)}`,\n\t\t);\n\t}\n};\n"],"mappings":";;;;;;;;AAQA,MAAa,YAAY;AAkBzB,MAAM,kBAAkB,IAAI,IAAY,CAAC,UAAU,SAAS,CAAC;AAE7D,SAAS,gBAAgB,UAA4C;AACpE,QAAO,gBAAgB,IAAI,SAAS;;;AAIrC,SAAS,UAAU,KAA8B,GAAG,MAAoC;AACvF,MAAK,MAAM,OAAO,MAAM;EACvB,MAAM,MAAM,IAAI;AAChB,MAAI,OAAO,QAAQ,YAAY,IAAK,QAAO;;;;;;AAQ7C,SAAS,eAAe,KAAgE;CACvF,MAAM,YAA8C,EAAE;CAGtD,MAAM,iBAAiB,UAAU,KAAK,iCAAiC,mBAAmB;CAC1F,MAAM,qBAAqB,UAC1B,KACA,qCACA,uBACA;AACD,KAAI,kBAAkB,mBACrB,WAAU,SAAS;EAClB,UAAU;EACV,cAAc;EACd;CAIF,MAAM,iBAAiB,UAAU,KAAK,iCAAiC,mBAAmB;CAC1F,MAAM,qBAAqB,UAC1B,KACA,qCACA,uBACA;AACD,KAAI,kBAAkB,mBACrB,WAAU,SAAS;EAClB,UAAU;EACV,cAAc;EACd;AAGF,QAAO;;AAGR,MAAa,MAAgB,OAAO,EAAE,QAAQ,SAAS,QAAQ,SAAS,eAAe;CACtF,MAAM,EAAE,WAAW;CACnB,MAAM,WAAW,OAAO;AAGxB,KAAI,CAAC,YAAY,CAAC,gBAAgB,SAAS,CAC1C,QAAO,SACN,uDAAuD,mBAAmB,yBAAyB,GACnG;AAGF,KAAI,CAAC,QAAQ,GACZ,QAAO,SACN,mDAAmD,mBAAmB,0BAA0B,GAChG;CAGF,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;CAChC,MAAM,OAAO,IAAI,aAAa,IAAI,OAAO;CACzC,MAAM,QAAQ,IAAI,aAAa,IAAI,QAAQ;CAC3C,MAAM,QAAQ,IAAI,aAAa,IAAI,QAAQ;CAC3C,MAAM,mBAAmB,IAAI,aAAa,IAAI,oBAAoB;AAGlE,KAAI,OAAO;EACV,MAAM,UAAU,oBAAoB;AACpC,SAAO,SACN,mDAAmD,mBAAmB,QAAQ,GAC9E;;AAIF,KAAI,CAAC,QAAQ,CAAC,MACb,QAAO,SACN,uDAAuD,mBAAmB,kCAAkC,GAC5G;AAGF,KAAI;EAMH,MAAM,YAAY,eAHI,OAEI,SAAS,OAAQ,OAAO,KAAK,IAClB;AAErC,MAAI,CAAC,UAAU,UACd,QAAO,SACN,8DAA8D,mBAAmB,kBAAkB,SAAS,oBAAoB,GAChI;EAGF,MAAM,UAAU,oBAAoB,OAAO,GAAG;EAC9C,MAAM,aAAa,sBAAsB,OAAO,GAAG;EAEnD,MAAM,SAA8B;GACnC,SAAS,GAAG,gBAAgB,KAAK,QAAQ,OAAO,CAAC;GACjD;GACA,eAAe,OAAO,UAAkB;IAKvC,MAAM,gBAAgB,MADN,IAAI,kBAAkB,OAAO,GAAG,CACZ,IAAI,wBAAwB;AAChE,QAAI,kBAAkB,QAAQ,kBAAkB,OAC/C,QAAO;KAAE,SAAS;KAAM,MAAM,KAAK;KAAO;IAI3C,MAAM,SAAS,MAAM,MAAM,IAAI,CAAC,IAAI,aAAa;AACjD,QAAI,CAAC,OACJ,QAAO;IAIR,MAAM,QAAQ,MAAM,OAAO,GACzB,WAAW,kBAAkB,CAC7B,WAAW,CACX,MAAM,UAAU,KAAK,OAAO,CAC5B,MAAM,WAAW,KAAK,EAAE,CACxB,kBAAkB;AAEpB,QAAI,CAAC,MACJ,QAAO;IAIR,MAAM,YAAY,MAAM;IACxB,MAAM,UAAqC;KAC1C,IAAI,KAAK;KACT,IAAI,KAAK;KACT,IAAI,KAAK;KACT,IAAI,KAAK;KACT,IAAI,KAAK;KACT;IACD,MAAM,OAAO,QAAQ,cAAc,KAAK;AACxC,QAAI,CAAC,QAAQ,WACZ,SAAQ,KACP,8BAA8B,UAAU,cAAc,OAAO,6BAC7D;AAGF,WAAO;KAAE,SAAS;KAAM;KAAM;;GAE/B;EAGD,MAAM,sBAAsB,MADZ,IAAI,kBAAkB,OAAO,GAAG,CACN,IAAI,wBAAwB;EACtE,MAAM,OAAO,MAAM,oBAAoB,QAAQ,SAAS,UAAU,MAAM,OAAO,WAAW;AAI1F,MAHoB,wBAAwB,QAAQ,wBAAwB,QAG3D;AAChB,SAAM,cAAc,OAAO,GAAG;AAC9B,WAAQ,IAAI,kDAAkD,SAAS,IAAI,KAAK,MAAM,GAAG;;AAI1F,MAAI,QACH,SAAQ,IAAI,QAAQ,EAAE,IAAI,KAAK,IAAI,CAAC;AAIrC,SAAO,SAAS,iBAAiB;UACzB,eAAe;AACvB,UAAQ,MAAM,yBAAyB,cAAc;EAErD,IAAI,UAAU;EACd,IAAI,YAAY;AAEhB,MAAI,yBAAyB,YAAY;AACxC,eAAY,cAAc;AAG1B,WAAQ,cAAc,MAAtB;IACC,KAAK;AACJ,eAAU;AACV;IACD,KAAK;AACJ,eAAU;AACV;IACD,KAAK;AACJ,eAAU;AACV;IACD,KAAK;AACJ,eAAU;AACV;IACD,KAAK;AACJ,eAAU;AACV;IACD;AACC,eAAU;AACV;;;AAKH,SAAO,SACN,8BAA8B,UAAU,WAAW,mBAAmB,QAAQ,GAC9E"}

package/dist/astro/routes/api/auth/oauth/_provider_.mjs

@@ -1,5 +1,5 @@
-import { n as getPublicOrigin } from "../../../../../public-url-CseXl9Fv.mjs";
-import { t as createOAuthStateStore } from "../../../../../oauth-state-store-DpsZViTu.mjs";
+import { n as getPublicOrigin } from "../../../../../public-url-CUWWFME2.mjs";
+import { t as createOAuthStateStore } from "../../../../../oauth-state-store-vOSdOeGe.mjs";
 import { createAuthorizationUrl } from "@emdash-cms/auth";
 
 //#region src/astro/routes/api/auth/oauth/[provider].ts

package/dist/astro/routes/api/auth/oauth/_provider_.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"_provider_.mjs","names":[],"sources":["../../../../../../src/astro/routes/api/auth/oauth/[provider].ts"],"sourcesContent":["/**\n * GET /_emdash/api/auth/oauth/[provider]\n *\n * Start OAuth flow - redirects to provider authorization URL\n */\n\nimport type { APIRoute } from \"astro\";\n\nexport const prerender = false;\n\nimport { createAuthorizationUrl, type OAuthConsumerConfig } from \"@emdash-cms/auth\";\n\nimport { getPublicOrigin } from \"#api/public-url.js\";\nimport { createOAuthStateStore } from \"#auth/oauth-state-store.js\";\n\ntype ProviderName = \"github\" | \"google\";\n\nconst VALID_PROVIDERS = new Set<string>([\"github\", \"google\"]);\n\nfunction isValidProvider(provider: string): provider is ProviderName {\n\treturn VALID_PROVIDERS.has(provider);\n}\n\n/** Safely extract a string value from an env-like record */\nfunction envString(env: Record<string, unknown>, ...keys: string[]): string | undefined {\n\tfor (const key of keys) {\n\t\tconst val = env[key];\n\t\tif (typeof val === \"string\" && val) return val;\n\t}\n\treturn undefined;\n}\n\n/**\n * Get OAuth config from environment variables\n */\nfunction getOAuthConfig(env: Record<string, unknown>): OAuthConsumerConfig[\"providers\"] {\n\tconst providers: OAuthConsumerConfig[\"providers\"] = {};\n\n\t// GitHub\n\tconst githubClientId = envString(env, \"EMDASH_OAUTH_GITHUB_CLIENT_ID\", \"GITHUB_CLIENT_ID\");\n\tconst githubClientSecret = envString(\n\t\tenv,\n\t\t\"EMDASH_OAUTH_GITHUB_CLIENT_SECRET\",\n\t\t\"GITHUB_CLIENT_SECRET\",\n\t);\n\tif (githubClientId && githubClientSecret) {\n\t\tproviders.github = {\n\t\t\tclientId: githubClientId,\n\t\t\tclientSecret: githubClientSecret,\n\t\t};\n\t}\n\n\t// Google\n\tconst googleClientId = envString(env, \"EMDASH_OAUTH_GOOGLE_CLIENT_ID\", \"GOOGLE_CLIENT_ID\");\n\tconst googleClientSecret = envString(\n\t\tenv,\n\t\t\"EMDASH_OAUTH_GOOGLE_CLIENT_SECRET\",\n\t\t\"GOOGLE_CLIENT_SECRET\",\n\t);\n\tif (googleClientId && googleClientSecret) {\n\t\tproviders.google = {\n\t\t\tclientId: googleClientId,\n\t\t\tclientSecret: googleClientSecret,\n\t\t};\n\t}\n\n\treturn providers;\n}\n\nexport const GET: APIRoute = async ({ params, request, locals, redirect }) => {\n\tconst { emdash } = locals;\n\tconst provider = params.provider;\n\n\t// Determine where to redirect errors (setup wizard or login page)\n\tconst referer = request.headers.get(\"referer\") ?? \"\";\n\tconst errorRedirectBase = referer.includes(\"/setup\")\n\t\t? \"/_emdash/admin/setup\"\n\t\t: \"/_emdash/admin/login\";\n\n\t// Validate provider\n\tif (!provider || !isValidProvider(provider)) {\n\t\treturn redirect(\n\t\t\t`${errorRedirectBase}?error=invalid_provider&message=${encodeURIComponent(\"Invalid OAuth provider\")}`,\n\t\t);\n\t}\n\n\tif (!emdash?.db) {\n\t\treturn redirect(\n\t\t\t`${errorRedirectBase}?error=server_error&message=${encodeURIComponent(\"Database not configured\")}`,\n\t\t);\n\t}\n\n\ttry {\n\t\tconst url = new URL(request.url);\n\n\t\t// Get OAuth providers from environment\n\t\t// Access via locals.runtime for Cloudflare, or import.meta.env for Node\n\t\t// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- locals.runtime is injected by the Cloudflare adapter at runtime; not declared on App.Locals since the adapter is optional\n\t\tconst runtimeLocals = locals as unknown as { runtime?: { env?: Record<string, unknown> } };\n\t\t// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- import.meta.env is typed as ImportMetaEnv but we need Record<string, unknown> for getOAuthConfig\n\t\tconst env = runtimeLocals.runtime?.env ?? (import.meta.env as Record<string, unknown>);\n\t\tconst providers = getOAuthConfig(env);\n\n\t\tif (!providers[provider]) {\n\t\t\treturn redirect(\n\t\t\t\t`${errorRedirectBase}?error=provider_not_configured&message=${encodeURIComponent(`OAuth provider ${provider} is not configured. Set either EMDASH_OAUTH_${provider.toUpperCase()}_CLIENT_ID and EMDASH_OAUTH_${provider.toUpperCase()}_CLIENT_SECRET, or ${provider.toUpperCase()}_CLIENT_ID and ${provider.toUpperCase()}_CLIENT_SECRET.`)}`,\n\t\t\t);\n\t\t}\n\n\t\tconst config: OAuthConsumerConfig = {\n\t\t\tbaseUrl: `${getPublicOrigin(url, emdash?.config)}/_emdash`,\n\t\t\tproviders,\n\t\t};\n\n\t\tconst stateStore = createOAuthStateStore(emdash.db);\n\n\t\tconst { url: authUrl } = await createAuthorizationUrl(config, provider, stateStore);\n\n\t\treturn redirect(authUrl);\n\t} catch (error) {\n\t\tconsole.error(\"OAuth initiation error:\", error);\n\t\treturn redirect(\n\t\t\t`${errorRedirectBase}?error=oauth_error&message=${encodeURIComponent(\"Failed to start OAuth flow. Please try again.\")}`,\n\t\t);\n\t}\n};\n"],"mappings":";;;;;AAQA,MAAa,YAAY;AASzB,MAAM,kBAAkB,IAAI,IAAY,CAAC,UAAU,SAAS,CAAC;AAE7D,SAAS,gBAAgB,UAA4C;AACpE,QAAO,gBAAgB,IAAI,SAAS;;;AAIrC,SAAS,UAAU,KAA8B,GAAG,MAAoC;AACvF,MAAK,MAAM,OAAO,MAAM;EACvB,MAAM,MAAM,IAAI;AAChB,MAAI,OAAO,QAAQ,YAAY,IAAK,QAAO;;;;;;AAQ7C,SAAS,eAAe,KAAgE;CACvF,MAAM,YAA8C,EAAE;CAGtD,MAAM,iBAAiB,UAAU,KAAK,iCAAiC,mBAAmB;CAC1F,MAAM,qBAAqB,UAC1B,KACA,qCACA,uBACA;AACD,KAAI,kBAAkB,mBACrB,WAAU,SAAS;EAClB,UAAU;EACV,cAAc;EACd;CAIF,MAAM,iBAAiB,UAAU,KAAK,iCAAiC,mBAAmB;CAC1F,MAAM,qBAAqB,UAC1B,KACA,qCACA,uBACA;AACD,KAAI,kBAAkB,mBACrB,WAAU,SAAS;EAClB,UAAU;EACV,cAAc;EACd;AAGF,QAAO;;AAGR,MAAa,MAAgB,OAAO,EAAE,QAAQ,SAAS,QAAQ,eAAe;CAC7E,MAAM,EAAE,WAAW;CACnB,MAAM,WAAW,OAAO;CAIxB,MAAM,qBADU,QAAQ,QAAQ,IAAI,UAAU,IAAI,IAChB,SAAS,SAAS,GACjD,yBACA;AAGH,KAAI,CAAC,YAAY,CAAC,gBAAgB,SAAS,CAC1C,QAAO,SACN,GAAG,kBAAkB,kCAAkC,mBAAmB,yBAAyB,GACnG;AAGF,KAAI,CAAC,QAAQ,GACZ,QAAO,SACN,GAAG,kBAAkB,8BAA8B,mBAAmB,0BAA0B,GAChG;AAGF,KAAI;EACH,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;EAQhC,MAAM,YAAY,eAHI,OAEI,SAAS,OAAQ,OAAO,KAAK,IAClB;AAErC,MAAI,CAAC,UAAU,UACd,QAAO,SACN,GAAG,kBAAkB,yCAAyC,mBAAmB,kBAAkB,SAAS,8CAA8C,SAAS,aAAa,CAAC,8BAA8B,SAAS,aAAa,CAAC,qBAAqB,SAAS,aAAa,CAAC,iBAAiB,SAAS,aAAa,CAAC,iBAAiB,GAC3U;EAUF,MAAM,EAAE,KAAK,YAAY,MAAM,uBAPK;GACnC,SAAS,GAAG,gBAAgB,KAAK,QAAQ,OAAO,CAAC;GACjD;GACA,EAI6D,UAF3C,sBAAsB,OAAO,GAAG,CAEgC;AAEnF,SAAO,SAAS,QAAQ;UAChB,OAAO;AACf,UAAQ,MAAM,2BAA2B,MAAM;AAC/C,SAAO,SACN,GAAG,kBAAkB,6BAA6B,mBAAmB,gDAAgD,GACrH"}
+{"version":3,"file":"_provider_.mjs","names":[],"sources":["../../../../../../src/astro/routes/api/auth/oauth/[provider].ts"],"sourcesContent":["/**\n * GET /_emdash/api/auth/oauth/[provider]\n *\n * Start OAuth flow - redirects to provider authorization URL\n */\n\nimport type { APIRoute } from \"astro\";\n\nexport const prerender = false;\n\nimport { createAuthorizationUrl, type OAuthConsumerConfig } from \"@emdash-cms/auth\";\n\nimport { getPublicOrigin } from \"#api/public-url.js\";\nimport { createOAuthStateStore } from \"#auth/oauth-state-store.js\";\n\ntype ProviderName = \"github\" | \"google\";\n\nconst VALID_PROVIDERS = new Set<string>([\"github\", \"google\"]);\n\nfunction isValidProvider(provider: string): provider is ProviderName {\n\treturn VALID_PROVIDERS.has(provider);\n}\n\n/** Safely extract a string value from an env-like record */\nfunction envString(env: Record<string, unknown>, ...keys: string[]): string | undefined {\n\tfor (const key of keys) {\n\t\tconst val = env[key];\n\t\tif (typeof val === \"string\" && val) return val;\n\t}\n\treturn undefined;\n}\n\n/**\n * Get OAuth config from environment variables\n */\nfunction getOAuthConfig(env: Record<string, unknown>): OAuthConsumerConfig[\"providers\"] {\n\tconst providers: OAuthConsumerConfig[\"providers\"] = {};\n\n\t// GitHub\n\tconst githubClientId = envString(env, \"EMDASH_OAUTH_GITHUB_CLIENT_ID\", \"GITHUB_CLIENT_ID\");\n\tconst githubClientSecret = envString(\n\t\tenv,\n\t\t\"EMDASH_OAUTH_GITHUB_CLIENT_SECRET\",\n\t\t\"GITHUB_CLIENT_SECRET\",\n\t);\n\tif (githubClientId && githubClientSecret) {\n\t\tproviders.github = {\n\t\t\tclientId: githubClientId,\n\t\t\tclientSecret: githubClientSecret,\n\t\t};\n\t}\n\n\t// Google\n\tconst googleClientId = envString(env, \"EMDASH_OAUTH_GOOGLE_CLIENT_ID\", \"GOOGLE_CLIENT_ID\");\n\tconst googleClientSecret = envString(\n\t\tenv,\n\t\t\"EMDASH_OAUTH_GOOGLE_CLIENT_SECRET\",\n\t\t\"GOOGLE_CLIENT_SECRET\",\n\t);\n\tif (googleClientId && googleClientSecret) {\n\t\tproviders.google = {\n\t\t\tclientId: googleClientId,\n\t\t\tclientSecret: googleClientSecret,\n\t\t};\n\t}\n\n\treturn providers;\n}\n\nexport const GET: APIRoute = async ({ params, request, locals, redirect }) => {\n\tconst { emdash } = locals;\n\tconst provider = params.provider;\n\n\t// Determine where to redirect errors (setup wizard or login page)\n\tconst referer = request.headers.get(\"referer\") ?? \"\";\n\tconst errorRedirectBase = referer.includes(\"/setup\")\n\t\t? \"/_emdash/admin/setup\"\n\t\t: \"/_emdash/admin/login\";\n\n\t// Validate provider\n\tif (!provider || !isValidProvider(provider)) {\n\t\treturn redirect(\n\t\t\t`${errorRedirectBase}?error=invalid_provider&message=${encodeURIComponent(\"Invalid OAuth provider\")}`,\n\t\t);\n\t}\n\n\tif (!emdash?.db) {\n\t\treturn redirect(\n\t\t\t`${errorRedirectBase}?error=server_error&message=${encodeURIComponent(\"Database not configured\")}`,\n\t\t);\n\t}\n\n\ttry {\n\t\tconst url = new URL(request.url);\n\n\t\t// Get OAuth providers from environment\n\t\t// Access via locals.runtime for Cloudflare, or import.meta.env for Node\n\t\t// eslint-disable-next-line typescript/no-unsafe-type-assertion -- locals.runtime is injected by the Cloudflare adapter at runtime; not declared on App.Locals since the adapter is optional\n\t\tconst runtimeLocals = locals as unknown as { runtime?: { env?: Record<string, unknown> } };\n\t\t// eslint-disable-next-line typescript/no-unsafe-type-assertion -- import.meta.env is typed as ImportMetaEnv but we need Record<string, unknown> for getOAuthConfig\n\t\tconst env = runtimeLocals.runtime?.env ?? (import.meta.env as Record<string, unknown>);\n\t\tconst providers = getOAuthConfig(env);\n\n\t\tif (!providers[provider]) {\n\t\t\treturn redirect(\n\t\t\t\t`${errorRedirectBase}?error=provider_not_configured&message=${encodeURIComponent(`OAuth provider ${provider} is not configured. Set either EMDASH_OAUTH_${provider.toUpperCase()}_CLIENT_ID and EMDASH_OAUTH_${provider.toUpperCase()}_CLIENT_SECRET, or ${provider.toUpperCase()}_CLIENT_ID and ${provider.toUpperCase()}_CLIENT_SECRET.`)}`,\n\t\t\t);\n\t\t}\n\n\t\tconst config: OAuthConsumerConfig = {\n\t\t\tbaseUrl: `${getPublicOrigin(url, emdash?.config)}/_emdash`,\n\t\t\tproviders,\n\t\t};\n\n\t\tconst stateStore = createOAuthStateStore(emdash.db);\n\n\t\tconst { url: authUrl } = await createAuthorizationUrl(config, provider, stateStore);\n\n\t\treturn redirect(authUrl);\n\t} catch (error) {\n\t\tconsole.error(\"OAuth initiation error:\", error);\n\t\treturn redirect(\n\t\t\t`${errorRedirectBase}?error=oauth_error&message=${encodeURIComponent(\"Failed to start OAuth flow. Please try again.\")}`,\n\t\t);\n\t}\n};\n"],"mappings":";;;;;AAQA,MAAa,YAAY;AASzB,MAAM,kBAAkB,IAAI,IAAY,CAAC,UAAU,SAAS,CAAC;AAE7D,SAAS,gBAAgB,UAA4C;AACpE,QAAO,gBAAgB,IAAI,SAAS;;;AAIrC,SAAS,UAAU,KAA8B,GAAG,MAAoC;AACvF,MAAK,MAAM,OAAO,MAAM;EACvB,MAAM,MAAM,IAAI;AAChB,MAAI,OAAO,QAAQ,YAAY,IAAK,QAAO;;;;;;AAQ7C,SAAS,eAAe,KAAgE;CACvF,MAAM,YAA8C,EAAE;CAGtD,MAAM,iBAAiB,UAAU,KAAK,iCAAiC,mBAAmB;CAC1F,MAAM,qBAAqB,UAC1B,KACA,qCACA,uBACA;AACD,KAAI,kBAAkB,mBACrB,WAAU,SAAS;EAClB,UAAU;EACV,cAAc;EACd;CAIF,MAAM,iBAAiB,UAAU,KAAK,iCAAiC,mBAAmB;CAC1F,MAAM,qBAAqB,UAC1B,KACA,qCACA,uBACA;AACD,KAAI,kBAAkB,mBACrB,WAAU,SAAS;EAClB,UAAU;EACV,cAAc;EACd;AAGF,QAAO;;AAGR,MAAa,MAAgB,OAAO,EAAE,QAAQ,SAAS,QAAQ,eAAe;CAC7E,MAAM,EAAE,WAAW;CACnB,MAAM,WAAW,OAAO;CAIxB,MAAM,qBADU,QAAQ,QAAQ,IAAI,UAAU,IAAI,IAChB,SAAS,SAAS,GACjD,yBACA;AAGH,KAAI,CAAC,YAAY,CAAC,gBAAgB,SAAS,CAC1C,QAAO,SACN,GAAG,kBAAkB,kCAAkC,mBAAmB,yBAAyB,GACnG;AAGF,KAAI,CAAC,QAAQ,GACZ,QAAO,SACN,GAAG,kBAAkB,8BAA8B,mBAAmB,0BAA0B,GAChG;AAGF,KAAI;EACH,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;EAQhC,MAAM,YAAY,eAHI,OAEI,SAAS,OAAQ,OAAO,KAAK,IAClB;AAErC,MAAI,CAAC,UAAU,UACd,QAAO,SACN,GAAG,kBAAkB,yCAAyC,mBAAmB,kBAAkB,SAAS,8CAA8C,SAAS,aAAa,CAAC,8BAA8B,SAAS,aAAa,CAAC,qBAAqB,SAAS,aAAa,CAAC,iBAAiB,SAAS,aAAa,CAAC,iBAAiB,GAC3U;EAUF,MAAM,EAAE,KAAK,YAAY,MAAM,uBAPK;GACnC,SAAS,GAAG,gBAAgB,KAAK,QAAQ,OAAO,CAAC;GACjD;GACA,EAI6D,UAF3C,sBAAsB,OAAO,GAAG,CAEgC;AAEnF,SAAO,SAAS,QAAQ;UAChB,OAAO;AACf,UAAQ,MAAM,2BAA2B,MAAM;AAC/C,SAAO,SACN,GAAG,kBAAkB,6BAA6B,mBAAmB,gDAAgD,GACrH"}

package/dist/astro/routes/api/auth/passkey/_id_.mjs

@@ -1,9 +1,9 @@
 import "../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../types-CwXMEPRr.mjs";
-import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-tSQWIl5U.mjs";
-import { n as parseBody, t as isParseError } from "../../../../../parse-BFTPon-J.mjs";
-import "../../../../../redirects-Dmj6KRU3.mjs";
-import { b as passkeyRenameBody } from "../../../../../setup-BGAJ2uXs.mjs";
+import "../../../../../types-B0bmgwMG.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-ChfADBuu.mjs";
+import { n as parseBody, t as isParseError } from "../../../../../parse-DHbXfvxO.mjs";
+import "../../../../../redirects-COMLwsV5.mjs";
+import { b as passkeyRenameBody } from "../../../../../setup-Cf_TyOv5.mjs";
 import "../../../../../api/schemas/index.mjs";
 import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
 

package/dist/astro/routes/api/auth/passkey/index.mjs

@@ -1,6 +1,6 @@
 import "../../../../../base64-CqR-7kqF.mjs";
-import "../../../../../types-CwXMEPRr.mjs";
-import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-tSQWIl5U.mjs";
+import "../../../../../types-B0bmgwMG.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-ChfADBuu.mjs";
 import { createKyselyAdapter } from "@emdash-cms/auth/adapters/kysely";
 
 //#region src/astro/routes/api/auth/passkey/index.ts