emdash 0.7.0 → 1.0.0

package/src/auth/providers/github.ts

@@ -0,0 +1,31 @@
+/**
+ * GitHub OAuth Auth Provider
+ *
+ * Returns an AuthProviderDescriptor for GitHub OAuth login.
+ * Credentials are read from environment variables at runtime.
+ *
+ * @example
+ * ```ts
+ * import { github } from "emdash/auth/providers/github";
+ *
+ * emdash({
+ *   authProviders: [github()],
+ * })
+ * ```
+ */
+
+import type { AuthProviderDescriptor } from "../types.js";
+
+/**
+ * Configure GitHub OAuth as an auth provider.
+ *
+ * Requires `EMDASH_OAUTH_GITHUB_CLIENT_ID` and `EMDASH_OAUTH_GITHUB_CLIENT_SECRET`
+ * (or `GITHUB_CLIENT_ID` / `GITHUB_CLIENT_SECRET`) environment variables.
+ */
+export function github(): AuthProviderDescriptor {
+	return {
+		id: "github",
+		label: "GitHub",
+		adminEntry: "emdash/auth/providers/github-admin",
+	};
+}

package/src/auth/providers/google-admin.tsx

@@ -0,0 +1,44 @@
+/**
+ * Google OAuth Admin Components
+ *
+ * LoginButton for the login page, rendered via the auth provider virtual module.
+ */
+
+import { LinkButton } from "@cloudflare/kumo";
+import * as React from "react";
+
+function GoogleIcon({ className }: { className?: string }) {
+	return (
+		<svg className={className} viewBox="0 0 24 24">
+			<path
+				fill="#4285F4"
+				d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z"
+			/>
+			<path
+				fill="#34A853"
+				d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z"
+			/>
+			<path
+				fill="#FBBC05"
+				d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z"
+			/>
+			<path
+				fill="#EA4335"
+				d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z"
+			/>
+		</svg>
+	);
+}
+
+export function LoginButton() {
+	return (
+		<LinkButton
+			href="/_emdash/api/auth/oauth/google"
+			variant="outline"
+			className="w-full justify-center"
+		>
+			<GoogleIcon className="h-5 w-5" />
+			<span>Google</span>
+		</LinkButton>
+	);
+}

package/src/auth/providers/google.ts

@@ -0,0 +1,31 @@
+/**
+ * Google OAuth Auth Provider
+ *
+ * Returns an AuthProviderDescriptor for Google OAuth login.
+ * Credentials are read from environment variables at runtime.
+ *
+ * @example
+ * ```ts
+ * import { google } from "emdash/auth/providers/google";
+ *
+ * emdash({
+ *   authProviders: [google()],
+ * })
+ * ```
+ */
+
+import type { AuthProviderDescriptor } from "../types.js";
+
+/**
+ * Configure Google OAuth as an auth provider.
+ *
+ * Requires `EMDASH_OAUTH_GOOGLE_CLIENT_ID` and `EMDASH_OAUTH_GOOGLE_CLIENT_SECRET`
+ * (or `GOOGLE_CLIENT_ID` / `GOOGLE_CLIENT_SECRET`) environment variables.
+ */
+export function google(): AuthProviderDescriptor {
+	return {
+		id: "google",
+		label: "Google",
+		adminEntry: "emdash/auth/providers/google-admin",
+	};
+}

package/src/auth/types.ts

@@ -2,7 +2,13 @@
  * Auth Provider Types
  *
  * Defines the interfaces for pluggable authentication providers.
- * Providers like Cloudflare Access implement these interfaces.
+ *
+ * Two systems coexist:
+ * - `AuthDescriptor` — transparent auth (Cloudflare Access) that authenticates
+ *   every request via headers/cookies. No login UI needed.
+ * - `AuthProviderDescriptor` — pluggable login methods (GitHub, Google,
+ *   AT Protocol, etc.) that appear as options on the login page and setup
+ *   wizard. Passkey is built-in; providers are additive.
  */
 
 /**
@@ -22,10 +28,10 @@ export interface AuthResult {
 }
 
 /**
- * Auth descriptor - returned by auth adapter functions (e.g., access())
+ * Auth descriptor — transparent auth providers (e.g., Cloudflare Access).
  *
- * Similar to DatabaseDescriptor and StorageDescriptor, this allows
- * auth providers to be configured at build time and loaded at runtime.
+ * These authenticate every request via headers/cookies. No login UI needed.
+ * The module's `authenticate()` function is called by middleware on each request.
  */
 export interface AuthDescriptor {
 	/**
@@ -64,6 +70,110 @@ export interface AuthProviderModule {
 	authenticate(request: Request, config: unknown): Promise<AuthResult>;
 }
 
+// ---------------------------------------------------------------------------
+// Pluggable Auth Providers (additive login methods)
+// ---------------------------------------------------------------------------
+
+/**
+ * Descriptor for a pluggable auth provider.
+ *
+ * Auth providers appear as login options on the login page and setup wizard.
+ * They coexist with passkey (which is built-in) and with each other.
+ * Any provider can be used to create the initial admin account.
+ *
+ * @example
+ * ```ts
+ * // astro.config.ts
+ * import { atproto } from "@emdash-cms/auth-atproto";
+ *
+ * emdash({
+ *   authProviders: [atproto(), github(), google()],
+ * })
+ * ```
+ */
+export interface AuthProviderDescriptor {
+	/** Unique provider ID (e.g., "github", "atproto") */
+	id: string;
+
+	/** Human-readable label for UI (e.g., "GitHub", "AT Protocol") */
+	label: string;
+
+	/** Provider-specific config (JSON-serializable) */
+	config?: unknown;
+
+	/**
+	 * Module exporting React components for the admin UI.
+	 * Statically imported at build time via virtual module.
+	 *
+	 * The module should export components matching `AuthProviderAdminExports`.
+	 */
+	adminEntry?: string;
+
+	/**
+	 * Astro route handlers this provider needs injected at build time.
+	 * Used for login initiation, OAuth callbacks, well-known endpoints, etc.
+	 */
+	routes?: AuthRouteDescriptor[];
+
+	/**
+	 * URL prefixes/paths that should bypass auth middleware.
+	 * Added to the public routes set so login/callback endpoints work
+	 * for unauthenticated users.
+	 */
+	publicRoutes?: string[];
+
+	/**
+	 * Storage collections for persistent auth state (e.g., OAuth sessions).
+	 * Same format as plugin storage — collections are stored in the shared
+	 * `_plugin_storage` table namespaced under `auth:<providerId>`.
+	 *
+	 * Access via `getAuthProviderStorage()` from `emdash/api/route-utils`.
+	 */
+	storage?: Record<
+		string,
+		{ indexes?: Array<string | string[]>; uniqueIndexes?: Array<string | string[]> }
+	>;
+}
+
+/**
+ * A route that an auth provider needs injected into the Astro app.
+ */
+export interface AuthRouteDescriptor {
+	/** URL pattern (e.g., "/_emdash/api/auth/atproto/login") */
+	pattern: string;
+	/** Module specifier for the Astro route handler */
+	entrypoint: string;
+}
+
+/**
+ * Expected exports from an auth provider's `adminEntry` module.
+ *
+ * All exports are optional. Providers export whichever components
+ * make sense for their auth flow.
+ */
+export interface AuthProviderAdminExports {
+	/**
+	 * Compact button for the login page (icon + label).
+	 * Used for providers with a simple redirect flow (GitHub, Google).
+	 * Rendered in the "Or continue with" section.
+	 */
+	LoginButton?: import("react").ComponentType;
+
+	/**
+	 * Full login form for providers that need custom input.
+	 * Used for providers like AT Protocol that need a handle field.
+	 * Rendered as an expandable section on the login page.
+	 */
+	LoginForm?: import("react").ComponentType;
+
+	/**
+	 * Setup wizard step for creating the admin account via this provider.
+	 * When present, this provider appears as an option in the setup wizard's
+	 * "Create admin account" step.
+	 */
+	SetupStep?: import("react").ComponentType<{ onComplete: () => void }>;
+}
+
 /**
  * Configuration options common to external auth providers
  */

package/src/cli/commands/bundle.ts

@@ -38,7 +38,7 @@ import {
 	ICON_SIZE,
 } from "./bundle-utils.js";
 
-const TS_EXT_RE = /\.tsx?$/;
+const TS_EXT_RE = /\.(tsx?|[mc]?js)$/;
 const SLASH_RE = /\//g;
 const LEADING_AT_RE = /^@/;
 const emdash_SCOPE_RE = /^@emdash-cms\//;
@@ -163,6 +163,8 @@ export const bundleCommand = defineCommand({
 		const tmpDir = join(pluginDir, ".emdash-bundle-tmp");
 
 		try {
+			// Clean up any stale temp directory from a previous failed run
+			await rm(tmpDir, { recursive: true, force: true });
 			await mkdir(tmpDir, { recursive: true });
 
 			// Build main entry to extract manifest.

package/src/components/EmDashImage.astro

@@ -20,6 +20,7 @@ import type { MediaValue } from "../fields/types.js";
 import type { HTMLAttributes } from "astro/types";
 import type { ImageEmbed } from "../media/types.js";
 import { getMediaProvider } from "../media/provider-loader.js";
+import { buildRenderMediaUrl } from "../media/url.js";
 // Standard responsive breakpoints
 const BREAKPOINTS = [640, 750, 828, 960, 1080, 1280, 1600, 1920];
 
@@ -53,14 +54,14 @@ function normalizeImage(
 }
 
 /**
- * Build the URL for a local image
+ * Build the URL for a local image. Prefers `meta.storageKey`; falls back to
+ * the internal proxy with `img.id` when no storage key is available.
  */
 function buildLocalImageUrl(img: MediaValue): string {
-	const storageKey = (img.meta?.storageKey as string) || img.id;
-	if (storageKey) {
-		return `/_emdash/api/media/file/${storageKey}`;
-	}
-	return "";
+	return buildRenderMediaUrl(Astro.locals.emdash?.getPublicMediaUrl, {
+		storageKey: img.meta?.storageKey as string | undefined,
+		id: img.id,
+	});
 }
 
 /**

package/src/components/Gallery.astro

@@ -6,6 +6,7 @@
  * Uses Astro's Image component for optimization when dimensions are available.
  */
 import { Image as AstroImage } from "astro:assets";
+import { buildRenderMediaUrl } from "../media/url.js";
 
 export interface Props {
 	node: {
@@ -39,9 +40,10 @@ if (!images.length) {
 <div class="emdash-gallery" style={`--columns: ${columns}`}>
 	{
 		images.map((image) => {
-			const src =
-				image.asset.url ||
-				`/_emdash/api/media/file/${image.asset._ref}`;
+			const src = buildRenderMediaUrl(Astro.locals.emdash?.getPublicMediaUrl, {
+				url: image.asset.url,
+				id: image.asset._ref,
+			});
 			const hasSize = image.width && image.height;
 			return (
 				<figure class="emdash-gallery-item">

package/src/components/Image.astro

@@ -7,6 +7,7 @@
  */
 import type { ImageEmbed } from "../media/types.js";
 import { getMediaProvider } from "../media/provider-loader.js";
+import { buildRenderMediaUrl } from "../media/url.js";
 // Standard responsive breakpoints
 const BREAKPOINTS = [640, 750, 828, 960, 1080, 1280, 1600, 1920];
 
@@ -122,10 +123,14 @@ if (providerId && providerId !== "local") {
 	}
 }
 
-// Fallback for local provider — prefer stored URL (includes storage key with extension),
-// fall back to _ref (bare ULID, works if media file endpoint supports ID lookup)
+// Fallback for local provider. `asset.url` carries the storage key with
+// extension when present; `asset._ref` is a bare ULID that only the internal
+// `/file/{id}` route can resolve. `buildRenderMediaUrl` picks the right shape.
 if (!src) {
-	src = asset.url || `/_emdash/api/media/file/${asset._ref}`;
+	src = buildRenderMediaUrl(Astro.locals.emdash?.getPublicMediaUrl, {
+		url: asset.url,
+		id: asset._ref,
+	});
 }
 
 // Build placeholder background style

package/src/components/InlinePortableTextEditor.tsx

@@ -1741,6 +1741,7 @@ export function InlinePortableTextEditor({
 		editorProps: {
 			attributes: {
 				class: "prose prose-sm sm:prose-base dark:prose-invert max-w-none emdash-inline-editor",
+				dir: "auto",
 			},
 		},
 		onUpdate: () => {
@@ -1795,7 +1796,7 @@ export function InlinePortableTextEditor({
 			// Don't save if focus moved to the slash menu (portalled to body)
 			if (related?.closest(".emdash-slash-menu")) return;
 			if (related?.closest(".emdash-media-picker")) return;
-			save();
+			void save();
 		},
 		[save, mediaPickerOpen],
 	);

package/src/components/LiveSearch.astro

@@ -109,13 +109,6 @@ const config = {
 </emdash-live-search>
 
 <script>
-	// Sanitization patterns for search snippets (allow only <mark> tags from FTS5)
-	const SNIPPET_AMP_RE = /&/g;
-	const SNIPPET_LT_RE = /</g;
-	const SNIPPET_GT_RE = />/g;
-	const SNIPPET_MARK_OPEN_RE = /&lt;mark&gt;/g;
-	const SNIPPET_MARK_CLOSE_RE = /&lt;\/mark&gt;/g;
-
 	interface SearchResult {
 		collection: string;
 		id: string;
@@ -396,17 +389,15 @@ const config = {
 						collectionEl.textContent = result.collection;
 					}
 
-					// Fill in snippet (sanitize to allow only <mark> tags from FTS5 highlighting)
+					// Snippets returned by /api/search are already sanitised
+					// server-side by sanitizeSnippet() — they contain only
+					// HTML-escaped text plus literal <mark>...</mark> tags
+					// around matched terms.
 					const snippetEl = link.querySelector(
 						".emdash-live-search-result-snippet"
 					);
 					if (snippetEl && this.config.showSnippets && result.snippet) {
-						snippetEl.innerHTML = result.snippet
-							.replace(SNIPPET_AMP_RE, "&amp;")
-							.replace(SNIPPET_LT_RE, "&lt;")
-							.replace(SNIPPET_GT_RE, "&gt;")
-							.replace(SNIPPET_MARK_OPEN_RE, "<mark>")
-							.replace(SNIPPET_MARK_CLOSE_RE, "</mark>");
+						snippetEl.innerHTML = result.snippet;
 					} else if (snippetEl) {
 						snippetEl.remove();
 					}

package/src/database/repositories/audit.ts

@@ -143,14 +143,12 @@ export class AuditRepository {
 
 		if (query.cursor) {
 			const decoded = decodeCursor(query.cursor);
-			if (decoded) {
-				q = q.where((eb) =>
-					eb.or([
-						eb("timestamp", "<", decoded.orderValue),
-						eb.and([eb("timestamp", "=", decoded.orderValue), eb("id", "<", decoded.id)]),
-					]),
-				);
-			}
+			q = q.where((eb) =>
+				eb.or([
+					eb("timestamp", "<", decoded.orderValue),
+					eb.and([eb("timestamp", "=", decoded.orderValue), eb("id", "<", decoded.id)]),
+				]),
+			);
 		}
 
 		const rows = await q.execute();

package/src/database/repositories/byline.ts

@@ -123,14 +123,12 @@ export class BylineRepository {
 
 		if (options?.cursor) {
 			const decoded = decodeCursor(options.cursor);
-			if (decoded) {
-				query = query.where((eb) =>
-					eb.or([
-						eb("created_at", "<", decoded.orderValue),
-						eb.and([eb("created_at", "=", decoded.orderValue), eb("id", "<", decoded.id)]),
-					]),
-				);
-			}
+			query = query.where((eb) =>
+				eb.or([
+					eb("created_at", "<", decoded.orderValue),
+					eb.and([eb("created_at", "=", decoded.orderValue), eb("id", "<", decoded.id)]),
+				]),
+			);
 		}
 
 		const rows = await query.execute();

package/src/database/repositories/comment.ts

@@ -143,14 +143,12 @@ export class CommentRepository {
 		// Cursor pagination (ascending by created_at)
 		if (options.cursor) {
 			const decoded = decodeCursor(options.cursor);
-			if (decoded) {
-				query = query.where((eb: ExpressionBuilder<Database, "_emdash_comments">) =>
-					eb.or([
-						eb("created_at", ">", decoded.orderValue),
-						eb.and([eb("created_at", "=", decoded.orderValue), eb("id", ">", decoded.id)]),
-					]),
-				);
-			}
+			query = query.where((eb: ExpressionBuilder<Database, "_emdash_comments">) =>
+				eb.or([
+					eb("created_at", ">", decoded.orderValue),
+					eb.and([eb("created_at", "=", decoded.orderValue), eb("id", ">", decoded.id)]),
+				]),
+			);
 		}
 
 		query = query
@@ -202,14 +200,12 @@ export class CommentRepository {
 		// Cursor pagination (descending by created_at)
 		if (options.cursor) {
 			const decoded = decodeCursor(options.cursor);
-			if (decoded) {
-				query = query.where((eb: ExpressionBuilder<Database, "_emdash_comments">) =>
-					eb.or([
-						eb("created_at", "<", decoded.orderValue),
-						eb.and([eb("created_at", "=", decoded.orderValue), eb("id", "<", decoded.id)]),
-					]),
-				);
-			}
+			query = query.where((eb: ExpressionBuilder<Database, "_emdash_comments">) =>
+				eb.or([
+					eb("created_at", "<", decoded.orderValue),
+					eb.and([eb("created_at", "=", decoded.orderValue), eb("id", "<", decoded.id)]),
+				]),
+			);
 		}
 
 		query = query

package/src/database/repositories/content.ts

@@ -489,27 +489,26 @@ export class ContentRepository {
 			query = query.where("locale" as any, "=", options.where.locale);
 		}
 
-		// Handle cursor pagination
+		// Handle cursor pagination — decodeCursor throws InvalidCursorError
+		// on malformed input; let it propagate so handlers surface a
+		// structured INVALID_CURSOR rather than silently returning page 1.
 		if (options.cursor) {
-			const decoded = decodeCursor(options.cursor);
-			if (decoded) {
-				const { orderValue, id: cursorId } = decoded;
-
-				if (safeOrderDirection === "DESC") {
-					query = query.where((eb) =>
-						eb.or([
-							eb(dbField as any, "<", orderValue),
-							eb.and([eb(dbField as any, "=", orderValue), eb("id", "<", cursorId)]),
-						]),
-					);
-				} else {
-					query = query.where((eb) =>
-						eb.or([
-							eb(dbField as any, ">", orderValue),
-							eb.and([eb(dbField as any, "=", orderValue), eb("id", ">", cursorId)]),
-						]),
-					);
-				}
+			const { orderValue, id: cursorId } = decodeCursor(options.cursor);
+
+			if (safeOrderDirection === "DESC") {
+				query = query.where((eb) =>
+					eb.or([
+						eb(dbField as any, "<", orderValue),
+						eb.and([eb(dbField as any, "=", orderValue), eb("id", "<", cursorId)]),
+					]),
+				);
+			} else {
+				query = query.where((eb) =>
+					eb.or([
+						eb(dbField as any, ">", orderValue),
+						eb.and([eb(dbField as any, "=", orderValue), eb("id", ">", cursorId)]),
+					]),
+				);
 			}
 		}
 
@@ -671,27 +670,24 @@ export class ContentRepository {
 			.selectAll()
 			.where("deleted_at" as never, "is not", null);
 
-		// Handle cursor pagination
+		// Handle cursor pagination — decodeCursor throws on invalid input.
 		if (options.cursor) {
-			const decoded = decodeCursor(options.cursor);
-			if (decoded) {
-				const { orderValue, id: cursorId } = decoded;
-
-				if (safeOrderDirection === "DESC") {
-					query = query.where((eb) =>
-						eb.or([
-							eb(dbField as any, "<", orderValue),
-							eb.and([eb(dbField as any, "=", orderValue), eb("id", "<", cursorId)]),
-						]),
-					);
-				} else {
-					query = query.where((eb) =>
-						eb.or([
-							eb(dbField as any, ">", orderValue),
-							eb.and([eb(dbField as any, "=", orderValue), eb("id", ">", cursorId)]),
-						]),
-					);
-				}
+			const { orderValue, id: cursorId } = decodeCursor(options.cursor);
+
+			if (safeOrderDirection === "DESC") {
+				query = query.where((eb) =>
+					eb.or([
+						eb(dbField as any, "<", orderValue),
+						eb.and([eb(dbField as any, "=", orderValue), eb("id", "<", cursorId)]),
+					]),
+				);
+			} else {
+				query = query.where((eb) =>
+					eb.or([
+						eb(dbField as any, ">", orderValue),
+						eb.and([eb(dbField as any, "=", orderValue), eb("id", ">", cursorId)]),
+					]),
+				);
 			}
 		}
 
@@ -1018,6 +1014,7 @@ export class ContentRepository {
 			UPDATE ${sql.ref(tableName)}
 			SET live_revision_id = NULL,
 				status = 'draft',
+				published_at = NULL,
 				updated_at = ${now}
 			WHERE id = ${id}
 			AND deleted_at IS NULL
@@ -1198,7 +1195,10 @@ export class ContentRepository {
 			scheduledAt: "scheduled_at",
 			deletedAt: "deleted_at",
 			title: "title",
+			name: "name",
 			slug: "slug",
+			status: "status",
+			locale: "locale",
 		};
 
 		const mapped = mapping[field];

package/src/database/repositories/index.ts

@@ -27,4 +27,4 @@ export { RedirectRepository } from "./redirect.js";
 export { BylineRepository } from "./byline.js";
 export type { CreateBylineInput, UpdateBylineInput, ContentBylineInput } from "./byline.js";
 export type * from "./types.js";
-export { EmDashValidationError, encodeCursor, decodeCursor } from "./types.js";
+export { EmDashValidationError, InvalidCursorError, encodeCursor, decodeCursor } from "./types.js";

package/src/database/repositories/media.ts

@@ -202,20 +202,17 @@ export class MediaRepository {
 			.orderBy("id", "desc")
 			.limit(limit + 1);
 
-		// Handle cursor-based pagination
+		// Handle cursor-based pagination — throws on invalid cursor.
 		if (options.cursor) {
-			const decoded = decodeCursor(options.cursor);
-			if (decoded) {
-				const { orderValue: createdAt, id: cursorId } = decoded;
-
-				// Keyset pagination: get items where (created_at, id) < cursor
-				query = query.where((eb) =>
-					eb.or([
-						eb("created_at", "<", createdAt),
-						eb.and([eb("created_at", "=", createdAt), eb("id", "<", cursorId)]),
-					]),
-				);
-			}
+			const { orderValue: createdAt, id: cursorId } = decodeCursor(options.cursor);
+
+			// Keyset pagination: get items where (created_at, id) < cursor
+			query = query.where((eb) =>
+				eb.or([
+					eb("created_at", "<", createdAt),
+					eb.and([eb("created_at", "=", createdAt), eb("id", "<", cursorId)]),
+				]),
+			);
 		}
 
 		if (options.mimeType) {

package/src/database/repositories/plugin-storage.ts

@@ -226,14 +226,12 @@ export class PluginStorageRepository<T = unknown> implements StorageCollection<T
 			query = query.where(({ eb }) => eb(sql.join(whereSqlParts, sql.raw("")), "=", sql.raw("1")));
 		}
 
-		// Handle cursor-based pagination
+		// Handle cursor-based pagination — throws on invalid cursor.
 		if (cursor) {
 			const decoded = decodeCursor(cursor);
-			if (decoded) {
-				query = query.where(({ eb }) =>
-					eb(sql`(created_at, id)`, ">", sql`(${decoded.orderValue}, ${decoded.id})`),
-				);
-			}
+			query = query.where(({ eb }) =>
+				eb(sql`(created_at, id)`, ">", sql`(${decoded.orderValue}, ${decoded.id})`),
+			);
 		}
 
 		// Build ORDER BY using sql template