third-audience-mdx 1.0.0

package/dist/dashboard/routes/llms-txt-route.js

@@ -0,0 +1,119 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/dashboard/routes/llms-txt-route.ts
+var llms_txt_route_exports = {};
+__export(llms_txt_route_exports, {
+  GET: () => GET
+});
+module.exports = __toCommonJS(llms_txt_route_exports);
+var import_server = require("next/server");
+var import_path2 = __toESM(require("path"));
+
+// src/core/mdx-reader.ts
+var import_fs = __toESM(require("fs"));
+var import_path = __toESM(require("path"));
+var import_gray_matter = __toESM(require("gray-matter"));
+var MdxReader = class {
+  constructor(options) {
+    this.contentDir = options.contentDir;
+  }
+  /** Read a single MDX file by slug. Returns null if not found. */
+  read(slug) {
+    const candidates = [
+      import_path.default.join(this.contentDir, `${slug}.mdx`),
+      import_path.default.join(this.contentDir, `${slug}.md`),
+      import_path.default.join(this.contentDir, slug, "index.mdx"),
+      import_path.default.join(this.contentDir, slug, "index.md")
+    ];
+    for (const filePath of candidates) {
+      if (import_fs.default.existsSync(filePath)) {
+        return this.parseFile(slug, filePath);
+      }
+    }
+    return null;
+  }
+  /** Read all MDX files recursively. */
+  readAll() {
+    if (!import_fs.default.existsSync(this.contentDir)) return [];
+    return this.walkDir(this.contentDir, this.contentDir);
+  }
+  walkDir(dir, root) {
+    const results = [];
+    for (const entry of import_fs.default.readdirSync(dir, { withFileTypes: true })) {
+      const fullPath = import_path.default.join(dir, entry.name);
+      if (entry.isDirectory()) {
+        results.push(...this.walkDir(fullPath, root));
+      } else if (entry.name.endsWith(".mdx") || entry.name.endsWith(".md")) {
+        const relative = import_path.default.relative(root, fullPath);
+        const slug = relative.replace(/\.(mdx|md)$/, "").replace(/\/index$/, "");
+        results.push(this.parseFile(slug, fullPath));
+      }
+    }
+    return results;
+  }
+  parseFile(slug, filePath) {
+    const raw = import_fs.default.readFileSync(filePath, "utf-8");
+    const { data: frontmatter, content: rawContent } = (0, import_gray_matter.default)(raw);
+    return { slug, filePath, frontmatter, rawContent };
+  }
+};
+
+// src/discovery/llms-txt.ts
+function generateLlmsTxt(files, baseUrl) {
+  const lines = [
+    "# LLMs.txt \u2014 AI-readable content index",
+    `# Generated by third-audience-mdx`,
+    ""
+  ];
+  for (const file of files) {
+    const fm = file.frontmatter;
+    const url = `${baseUrl.replace(/\/$/, "")}/${file.slug}`;
+    const title = String(fm.title ?? file.slug);
+    const desc = fm.description ? ` \u2014 ${String(fm.description)}` : "";
+    lines.push(`- [${title}](${url})${desc}`);
+  }
+  return lines.join("\n") + "\n";
+}
+
+// src/dashboard/routes/llms-txt-route.ts
+var reader = new MdxReader({ contentDir: import_path2.default.join(process.cwd(), process.env.TA_CONTENT_DIR ?? "content") });
+async function GET(req) {
+  const baseUrl = process.env.NEXT_PUBLIC_SITE_URL ?? `${req.nextUrl.protocol}//${req.nextUrl.host}`;
+  const files = reader.readAll();
+  const content = generateLlmsTxt(files, baseUrl);
+  return new import_server.NextResponse(content, {
+    headers: { "Content-Type": "text/plain; charset=utf-8" }
+  });
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  GET
+});
+//# sourceMappingURL=llms-txt-route.js.map

package/dist/dashboard/routes/llms-txt-route.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/dashboard/routes/llms-txt-route.ts","../../../src/core/mdx-reader.ts","../../../src/discovery/llms-txt.ts"],"sourcesContent":["import { NextResponse, type NextRequest } from 'next/server'\nimport path from 'path'\nimport { MdxReader } from '../../core/mdx-reader.js'\nimport { generateLlmsTxt } from '../../discovery/llms-txt.js'\n\nconst reader = new MdxReader({ contentDir: path.join(process.cwd(), process.env.TA_CONTENT_DIR ?? 'content') })\n\n/** Handler for GET /llms.txt → rewired to /api/third-audience/llms-txt */\nexport async function GET(req: NextRequest) {\n  const baseUrl = process.env.NEXT_PUBLIC_SITE_URL\n    ?? `${req.nextUrl.protocol}//${req.nextUrl.host}`\n\n  const files = reader.readAll()\n  const content = generateLlmsTxt(files, baseUrl)\n\n  return new NextResponse(content, {\n    headers: { 'Content-Type': 'text/plain; charset=utf-8' },\n  })\n}\n","import fs from 'fs'\nimport path from 'path'\nimport matter from 'gray-matter'\n\nexport interface MdxFile {\n  slug: string       // relative path without extension, e.g. 'blog/my-post'\n  filePath: string   // absolute path to .mdx file\n  frontmatter: Record<string, unknown>\n  rawContent: string // body after frontmatter\n}\n\nexport interface MdxReaderOptions {\n  contentDir: string // absolute path to content directory\n}\n\nexport class MdxReader {\n  private contentDir: string\n\n  constructor(options: MdxReaderOptions) {\n    this.contentDir = options.contentDir\n  }\n\n  /** Read a single MDX file by slug. Returns null if not found. */\n  read(slug: string): MdxFile | null {\n    const candidates = [\n      path.join(this.contentDir, `${slug}.mdx`),\n      path.join(this.contentDir, `${slug}.md`),\n      path.join(this.contentDir, slug, 'index.mdx'),\n      path.join(this.contentDir, slug, 'index.md'),\n    ]\n\n    for (const filePath of candidates) {\n      if (fs.existsSync(filePath)) {\n        return this.parseFile(slug, filePath)\n      }\n    }\n\n    return null\n  }\n\n  /** Read all MDX files recursively. */\n  readAll(): MdxFile[] {\n    if (!fs.existsSync(this.contentDir)) return []\n    return this.walkDir(this.contentDir, this.contentDir)\n  }\n\n  private walkDir(dir: string, root: string): MdxFile[] {\n    const results: MdxFile[] = []\n    for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {\n      const fullPath = path.join(dir, entry.name)\n      if (entry.isDirectory()) {\n        results.push(...this.walkDir(fullPath, root))\n      } else if (entry.name.endsWith('.mdx') || entry.name.endsWith('.md')) {\n        const relative = path.relative(root, fullPath)\n        const slug = relative.replace(/\\.(mdx|md)$/, '').replace(/\\/index$/, '')\n        results.push(this.parseFile(slug, fullPath))\n      }\n    }\n    return results\n  }\n\n  private parseFile(slug: string, filePath: string): MdxFile {\n    const raw = fs.readFileSync(filePath, 'utf-8')\n    const { data: frontmatter, content: rawContent } = matter(raw)\n    return { slug, filePath, frontmatter, rawContent }\n  }\n}\n","import type { MdxFile } from '../core/mdx-reader.js'\n\n/**\n * Generates /llms.txt content from MDX frontmatter.\n * Format: one entry per line — URL, title, description.\n */\nexport function generateLlmsTxt(files: MdxFile[], baseUrl: string): string {\n  const lines: string[] = [\n    '# LLMs.txt — AI-readable content index',\n    `# Generated by third-audience-mdx`,\n    '',\n  ]\n\n  for (const file of files) {\n    const fm = file.frontmatter\n    const url = `${baseUrl.replace(/\\/$/, '')}/${file.slug}`\n    const title = String(fm.title ?? file.slug)\n    const desc = fm.description ? ` — ${String(fm.description)}` : ''\n    lines.push(`- [${title}](${url})${desc}`)\n  }\n\n  return lines.join('\\n') + '\\n'\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAA+C;AAC/C,IAAAA,eAAiB;;;ACDjB,gBAAe;AACf,kBAAiB;AACjB,yBAAmB;AAaZ,IAAM,YAAN,MAAgB;AAAA,EAGrB,YAAY,SAA2B;AACrC,SAAK,aAAa,QAAQ;AAAA,EAC5B;AAAA;AAAA,EAGA,KAAK,MAA8B;AACjC,UAAM,aAAa;AAAA,MACjB,YAAAC,QAAK,KAAK,KAAK,YAAY,GAAG,IAAI,MAAM;AAAA,MACxC,YAAAA,QAAK,KAAK,KAAK,YAAY,GAAG,IAAI,KAAK;AAAA,MACvC,YAAAA,QAAK,KAAK,KAAK,YAAY,MAAM,WAAW;AAAA,MAC5C,YAAAA,QAAK,KAAK,KAAK,YAAY,MAAM,UAAU;AAAA,IAC7C;AAEA,eAAW,YAAY,YAAY;AACjC,UAAI,UAAAC,QAAG,WAAW,QAAQ,GAAG;AAC3B,eAAO,KAAK,UAAU,MAAM,QAAQ;AAAA,MACtC;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA,EAGA,UAAqB;AACnB,QAAI,CAAC,UAAAA,QAAG,WAAW,KAAK,UAAU,EAAG,QAAO,CAAC;AAC7C,WAAO,KAAK,QAAQ,KAAK,YAAY,KAAK,UAAU;AAAA,EACtD;AAAA,EAEQ,QAAQ,KAAa,MAAyB;AACpD,UAAM,UAAqB,CAAC;AAC5B,eAAW,SAAS,UAAAA,QAAG,YAAY,KAAK,EAAE,eAAe,KAAK,CAAC,GAAG;AAChE,YAAM,WAAW,YAAAD,QAAK,KAAK,KAAK,MAAM,IAAI;AAC1C,UAAI,MAAM,YAAY,GAAG;AACvB,gBAAQ,KAAK,GAAG,KAAK,QAAQ,UAAU,IAAI,CAAC;AAAA,MAC9C,WAAW,MAAM,KAAK,SAAS,MAAM,KAAK,MAAM,KAAK,SAAS,KAAK,GAAG;AACpE,cAAM,WAAW,YAAAA,QAAK,SAAS,MAAM,QAAQ;AAC7C,cAAM,OAAO,SAAS,QAAQ,eAAe,EAAE,EAAE,QAAQ,YAAY,EAAE;AACvE,gBAAQ,KAAK,KAAK,UAAU,MAAM,QAAQ,CAAC;AAAA,MAC7C;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAAA,EAEQ,UAAU,MAAc,UAA2B;AACzD,UAAM,MAAM,UAAAC,QAAG,aAAa,UAAU,OAAO;AAC7C,UAAM,EAAE,MAAM,aAAa,SAAS,WAAW,QAAI,mBAAAC,SAAO,GAAG;AAC7D,WAAO,EAAE,MAAM,UAAU,aAAa,WAAW;AAAA,EACnD;AACF;;;AC5DO,SAAS,gBAAgB,OAAkB,SAAyB;AACzE,QAAM,QAAkB;AAAA,IACtB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,aAAW,QAAQ,OAAO;AACxB,UAAM,KAAK,KAAK;AAChB,UAAM,MAAM,GAAG,QAAQ,QAAQ,OAAO,EAAE,CAAC,IAAI,KAAK,IAAI;AACtD,UAAM,QAAQ,OAAO,GAAG,SAAS,KAAK,IAAI;AAC1C,UAAM,OAAO,GAAG,cAAc,WAAM,OAAO,GAAG,WAAW,CAAC,KAAK;AAC/D,UAAM,KAAK,MAAM,KAAK,KAAK,GAAG,IAAI,IAAI,EAAE;AAAA,EAC1C;AAEA,SAAO,MAAM,KAAK,IAAI,IAAI;AAC5B;;;AFjBA,IAAM,SAAS,IAAI,UAAU,EAAE,YAAY,aAAAC,QAAK,KAAK,QAAQ,IAAI,GAAG,QAAQ,IAAI,kBAAkB,SAAS,EAAE,CAAC;AAG9G,eAAsB,IAAI,KAAkB;AAC1C,QAAM,UAAU,QAAQ,IAAI,wBACvB,GAAG,IAAI,QAAQ,QAAQ,KAAK,IAAI,QAAQ,IAAI;AAEjD,QAAM,QAAQ,OAAO,QAAQ;AAC7B,QAAM,UAAU,gBAAgB,OAAO,OAAO;AAE9C,SAAO,IAAI,2BAAa,SAAS;AAAA,IAC/B,SAAS,EAAE,gBAAgB,4BAA4B;AAAA,EACzD,CAAC;AACH;","names":["import_path","path","fs","matter","path"]}

package/dist/dashboard/routes/llms-txt-route.mjs

@@ -0,0 +1,84 @@
+// src/dashboard/routes/llms-txt-route.ts
+import { NextResponse } from "next/server";
+import path2 from "path";
+
+// src/core/mdx-reader.ts
+import fs from "fs";
+import path from "path";
+import matter from "gray-matter";
+var MdxReader = class {
+  constructor(options) {
+    this.contentDir = options.contentDir;
+  }
+  /** Read a single MDX file by slug. Returns null if not found. */
+  read(slug) {
+    const candidates = [
+      path.join(this.contentDir, `${slug}.mdx`),
+      path.join(this.contentDir, `${slug}.md`),
+      path.join(this.contentDir, slug, "index.mdx"),
+      path.join(this.contentDir, slug, "index.md")
+    ];
+    for (const filePath of candidates) {
+      if (fs.existsSync(filePath)) {
+        return this.parseFile(slug, filePath);
+      }
+    }
+    return null;
+  }
+  /** Read all MDX files recursively. */
+  readAll() {
+    if (!fs.existsSync(this.contentDir)) return [];
+    return this.walkDir(this.contentDir, this.contentDir);
+  }
+  walkDir(dir, root) {
+    const results = [];
+    for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+      const fullPath = path.join(dir, entry.name);
+      if (entry.isDirectory()) {
+        results.push(...this.walkDir(fullPath, root));
+      } else if (entry.name.endsWith(".mdx") || entry.name.endsWith(".md")) {
+        const relative = path.relative(root, fullPath);
+        const slug = relative.replace(/\.(mdx|md)$/, "").replace(/\/index$/, "");
+        results.push(this.parseFile(slug, fullPath));
+      }
+    }
+    return results;
+  }
+  parseFile(slug, filePath) {
+    const raw = fs.readFileSync(filePath, "utf-8");
+    const { data: frontmatter, content: rawContent } = matter(raw);
+    return { slug, filePath, frontmatter, rawContent };
+  }
+};
+
+// src/discovery/llms-txt.ts
+function generateLlmsTxt(files, baseUrl) {
+  const lines = [
+    "# LLMs.txt \u2014 AI-readable content index",
+    `# Generated by third-audience-mdx`,
+    ""
+  ];
+  for (const file of files) {
+    const fm = file.frontmatter;
+    const url = `${baseUrl.replace(/\/$/, "")}/${file.slug}`;
+    const title = String(fm.title ?? file.slug);
+    const desc = fm.description ? ` \u2014 ${String(fm.description)}` : "";
+    lines.push(`- [${title}](${url})${desc}`);
+  }
+  return lines.join("\n") + "\n";
+}
+
+// src/dashboard/routes/llms-txt-route.ts
+var reader = new MdxReader({ contentDir: path2.join(process.cwd(), process.env.TA_CONTENT_DIR ?? "content") });
+async function GET(req) {
+  const baseUrl = process.env.NEXT_PUBLIC_SITE_URL ?? `${req.nextUrl.protocol}//${req.nextUrl.host}`;
+  const files = reader.readAll();
+  const content = generateLlmsTxt(files, baseUrl);
+  return new NextResponse(content, {
+    headers: { "Content-Type": "text/plain; charset=utf-8" }
+  });
+}
+export {
+  GET
+};
+//# sourceMappingURL=llms-txt-route.mjs.map

package/dist/dashboard/routes/llms-txt-route.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/dashboard/routes/llms-txt-route.ts","../../../src/core/mdx-reader.ts","../../../src/discovery/llms-txt.ts"],"sourcesContent":["import { NextResponse, type NextRequest } from 'next/server'\nimport path from 'path'\nimport { MdxReader } from '../../core/mdx-reader.js'\nimport { generateLlmsTxt } from '../../discovery/llms-txt.js'\n\nconst reader = new MdxReader({ contentDir: path.join(process.cwd(), process.env.TA_CONTENT_DIR ?? 'content') })\n\n/** Handler for GET /llms.txt → rewired to /api/third-audience/llms-txt */\nexport async function GET(req: NextRequest) {\n  const baseUrl = process.env.NEXT_PUBLIC_SITE_URL\n    ?? `${req.nextUrl.protocol}//${req.nextUrl.host}`\n\n  const files = reader.readAll()\n  const content = generateLlmsTxt(files, baseUrl)\n\n  return new NextResponse(content, {\n    headers: { 'Content-Type': 'text/plain; charset=utf-8' },\n  })\n}\n","import fs from 'fs'\nimport path from 'path'\nimport matter from 'gray-matter'\n\nexport interface MdxFile {\n  slug: string       // relative path without extension, e.g. 'blog/my-post'\n  filePath: string   // absolute path to .mdx file\n  frontmatter: Record<string, unknown>\n  rawContent: string // body after frontmatter\n}\n\nexport interface MdxReaderOptions {\n  contentDir: string // absolute path to content directory\n}\n\nexport class MdxReader {\n  private contentDir: string\n\n  constructor(options: MdxReaderOptions) {\n    this.contentDir = options.contentDir\n  }\n\n  /** Read a single MDX file by slug. Returns null if not found. */\n  read(slug: string): MdxFile | null {\n    const candidates = [\n      path.join(this.contentDir, `${slug}.mdx`),\n      path.join(this.contentDir, `${slug}.md`),\n      path.join(this.contentDir, slug, 'index.mdx'),\n      path.join(this.contentDir, slug, 'index.md'),\n    ]\n\n    for (const filePath of candidates) {\n      if (fs.existsSync(filePath)) {\n        return this.parseFile(slug, filePath)\n      }\n    }\n\n    return null\n  }\n\n  /** Read all MDX files recursively. */\n  readAll(): MdxFile[] {\n    if (!fs.existsSync(this.contentDir)) return []\n    return this.walkDir(this.contentDir, this.contentDir)\n  }\n\n  private walkDir(dir: string, root: string): MdxFile[] {\n    const results: MdxFile[] = []\n    for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {\n      const fullPath = path.join(dir, entry.name)\n      if (entry.isDirectory()) {\n        results.push(...this.walkDir(fullPath, root))\n      } else if (entry.name.endsWith('.mdx') || entry.name.endsWith('.md')) {\n        const relative = path.relative(root, fullPath)\n        const slug = relative.replace(/\\.(mdx|md)$/, '').replace(/\\/index$/, '')\n        results.push(this.parseFile(slug, fullPath))\n      }\n    }\n    return results\n  }\n\n  private parseFile(slug: string, filePath: string): MdxFile {\n    const raw = fs.readFileSync(filePath, 'utf-8')\n    const { data: frontmatter, content: rawContent } = matter(raw)\n    return { slug, filePath, frontmatter, rawContent }\n  }\n}\n","import type { MdxFile } from '../core/mdx-reader.js'\n\n/**\n * Generates /llms.txt content from MDX frontmatter.\n * Format: one entry per line — URL, title, description.\n */\nexport function generateLlmsTxt(files: MdxFile[], baseUrl: string): string {\n  const lines: string[] = [\n    '# LLMs.txt — AI-readable content index',\n    `# Generated by third-audience-mdx`,\n    '',\n  ]\n\n  for (const file of files) {\n    const fm = file.frontmatter\n    const url = `${baseUrl.replace(/\\/$/, '')}/${file.slug}`\n    const title = String(fm.title ?? file.slug)\n    const desc = fm.description ? ` — ${String(fm.description)}` : ''\n    lines.push(`- [${title}](${url})${desc}`)\n  }\n\n  return lines.join('\\n') + '\\n'\n}\n"],"mappings":";AAAA,SAAS,oBAAsC;AAC/C,OAAOA,WAAU;;;ACDjB,OAAO,QAAQ;AACf,OAAO,UAAU;AACjB,OAAO,YAAY;AAaZ,IAAM,YAAN,MAAgB;AAAA,EAGrB,YAAY,SAA2B;AACrC,SAAK,aAAa,QAAQ;AAAA,EAC5B;AAAA;AAAA,EAGA,KAAK,MAA8B;AACjC,UAAM,aAAa;AAAA,MACjB,KAAK,KAAK,KAAK,YAAY,GAAG,IAAI,MAAM;AAAA,MACxC,KAAK,KAAK,KAAK,YAAY,GAAG,IAAI,KAAK;AAAA,MACvC,KAAK,KAAK,KAAK,YAAY,MAAM,WAAW;AAAA,MAC5C,KAAK,KAAK,KAAK,YAAY,MAAM,UAAU;AAAA,IAC7C;AAEA,eAAW,YAAY,YAAY;AACjC,UAAI,GAAG,WAAW,QAAQ,GAAG;AAC3B,eAAO,KAAK,UAAU,MAAM,QAAQ;AAAA,MACtC;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA,EAGA,UAAqB;AACnB,QAAI,CAAC,GAAG,WAAW,KAAK,UAAU,EAAG,QAAO,CAAC;AAC7C,WAAO,KAAK,QAAQ,KAAK,YAAY,KAAK,UAAU;AAAA,EACtD;AAAA,EAEQ,QAAQ,KAAa,MAAyB;AACpD,UAAM,UAAqB,CAAC;AAC5B,eAAW,SAAS,GAAG,YAAY,KAAK,EAAE,eAAe,KAAK,CAAC,GAAG;AAChE,YAAM,WAAW,KAAK,KAAK,KAAK,MAAM,IAAI;AAC1C,UAAI,MAAM,YAAY,GAAG;AACvB,gBAAQ,KAAK,GAAG,KAAK,QAAQ,UAAU,IAAI,CAAC;AAAA,MAC9C,WAAW,MAAM,KAAK,SAAS,MAAM,KAAK,MAAM,KAAK,SAAS,KAAK,GAAG;AACpE,cAAM,WAAW,KAAK,SAAS,MAAM,QAAQ;AAC7C,cAAM,OAAO,SAAS,QAAQ,eAAe,EAAE,EAAE,QAAQ,YAAY,EAAE;AACvE,gBAAQ,KAAK,KAAK,UAAU,MAAM,QAAQ,CAAC;AAAA,MAC7C;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAAA,EAEQ,UAAU,MAAc,UAA2B;AACzD,UAAM,MAAM,GAAG,aAAa,UAAU,OAAO;AAC7C,UAAM,EAAE,MAAM,aAAa,SAAS,WAAW,IAAI,OAAO,GAAG;AAC7D,WAAO,EAAE,MAAM,UAAU,aAAa,WAAW;AAAA,EACnD;AACF;;;AC5DO,SAAS,gBAAgB,OAAkB,SAAyB;AACzE,QAAM,QAAkB;AAAA,IACtB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,aAAW,QAAQ,OAAO;AACxB,UAAM,KAAK,KAAK;AAChB,UAAM,MAAM,GAAG,QAAQ,QAAQ,OAAO,EAAE,CAAC,IAAI,KAAK,IAAI;AACtD,UAAM,QAAQ,OAAO,GAAG,SAAS,KAAK,IAAI;AAC1C,UAAM,OAAO,GAAG,cAAc,WAAM,OAAO,GAAG,WAAW,CAAC,KAAK;AAC/D,UAAM,KAAK,MAAM,KAAK,KAAK,GAAG,IAAI,IAAI,EAAE;AAAA,EAC1C;AAEA,SAAO,MAAM,KAAK,IAAI,IAAI;AAC5B;;;AFjBA,IAAM,SAAS,IAAI,UAAU,EAAE,YAAYC,MAAK,KAAK,QAAQ,IAAI,GAAG,QAAQ,IAAI,kBAAkB,SAAS,EAAE,CAAC;AAG9G,eAAsB,IAAI,KAAkB;AAC1C,QAAM,UAAU,QAAQ,IAAI,wBACvB,GAAG,IAAI,QAAQ,QAAQ,KAAK,IAAI,QAAQ,IAAI;AAEjD,QAAM,QAAQ,OAAO,QAAQ;AAC7B,QAAM,UAAU,gBAAgB,OAAO,OAAO;AAE9C,SAAO,IAAI,aAAa,SAAS;AAAA,IAC/B,SAAS,EAAE,gBAAgB,4BAA4B;AAAA,EACzD,CAAC;AACH;","names":["path","path"]}

package/dist/dashboard/routes/login-route.d.mts

@@ -0,0 +1,6 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+declare function GET(req: NextRequest): Promise<NextResponse>;
+declare function POST(req: NextRequest): Promise<NextResponse>;
+
+export { GET, POST };

package/dist/dashboard/routes/login-route.d.ts

@@ -0,0 +1,6 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+declare function GET(req: NextRequest): Promise<NextResponse>;
+declare function POST(req: NextRequest): Promise<NextResponse>;
+
+export { GET, POST };

package/dist/dashboard/routes/login-route.js

@@ -0,0 +1,313 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/dashboard/admin-store.ts
+var admin_store_exports = {};
+__export(admin_store_exports, {
+  DEFAULT_PASSWORD: () => DEFAULT_PASSWORD,
+  generateApiKey: () => generateApiKey,
+  generateDefaultPassword: () => generateDefaultPassword,
+  getApiKey: () => getApiKey,
+  hashPassword: () => hashPassword,
+  initAdmin: () => initAdmin,
+  loadAdmin: () => loadAdmin,
+  recordLogin: () => recordLogin,
+  rotateApiKey: () => rotateApiKey,
+  saveAdmin: () => saveAdmin,
+  signSession: () => signSession,
+  updatePassword: () => updatePassword,
+  verifyApiKey: () => verifyApiKey,
+  verifyPassword: () => verifyPassword,
+  verifySession: () => verifySession
+});
+function adminFilePath() {
+  const dataDir = process.env.TA_DATA_DIR ?? "data";
+  return import_path.default.join(process.cwd(), dataDir, "ta-admin.json");
+}
+function generateDefaultPassword() {
+  return import_crypto.default.randomBytes(6).toString("hex");
+}
+function hashPassword(password) {
+  const secret = process.env.THIRD_AUDIENCE_SECRET ?? "ta-salt";
+  return import_crypto.default.createHash("sha256").update(secret + password).digest("hex");
+}
+function loadAdmin() {
+  const filePath = adminFilePath();
+  if (!import_fs.default.existsSync(filePath)) return null;
+  try {
+    return JSON.parse(import_fs.default.readFileSync(filePath, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function saveAdmin(record) {
+  const filePath = adminFilePath();
+  const dir = import_path.default.dirname(filePath);
+  if (!import_fs.default.existsSync(dir)) import_fs.default.mkdirSync(dir, { recursive: true });
+  import_fs.default.writeFileSync(filePath, JSON.stringify(record, null, 2), "utf-8");
+}
+function initAdmin() {
+  const existing = loadAdmin();
+  if (existing) return { password: "", apiKey: "", isNew: false };
+  const apiKey = generateApiKey();
+  saveAdmin({
+    passwordHash: hashPassword(DEFAULT_PASSWORD),
+    isDefaultPassword: true,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    lastLoginAt: null,
+    apiKey: encryptApiKey(apiKey)
+  });
+  return { password: DEFAULT_PASSWORD, apiKey, isNew: true };
+}
+function verifyPassword(password) {
+  const record = loadAdmin();
+  if (!record) return false;
+  return record.passwordHash === hashPassword(password);
+}
+function updatePassword(newPassword) {
+  const record = loadAdmin();
+  if (!record) return;
+  saveAdmin({
+    ...record,
+    passwordHash: hashPassword(newPassword),
+    isDefaultPassword: false
+  });
+}
+function recordLogin() {
+  const record = loadAdmin();
+  if (!record) return;
+  saveAdmin({ ...record, lastLoginAt: (/* @__PURE__ */ new Date()).toISOString() });
+}
+function getEncryptionKey() {
+  const secret = process.env.THIRD_AUDIENCE_SECRET ?? "ta-fallback-key-change-me";
+  return import_crypto.default.createHash("sha256").update(secret).digest();
+}
+function encryptApiKey(plaintext) {
+  const iv = import_crypto.default.randomBytes(12);
+  const key = getEncryptionKey();
+  const cipher = import_crypto.default.createCipheriv(CIPHER, key, iv);
+  const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return iv.toString("hex") + tag.toString("hex") + encrypted.toString("hex");
+}
+function decryptApiKey(encoded) {
+  try {
+    const iv = Buffer.from(encoded.slice(0, 24), "hex");
+    const tag = Buffer.from(encoded.slice(24, 56), "hex");
+    const encrypted = Buffer.from(encoded.slice(56), "hex");
+    const key = getEncryptionKey();
+    const decipher = import_crypto.default.createDecipheriv(CIPHER, key, iv);
+    decipher.setAuthTag(tag);
+    return decipher.update(encrypted) + decipher.final("utf8");
+  } catch {
+    return null;
+  }
+}
+function generateApiKey() {
+  return "ta_" + import_crypto.default.randomBytes(24).toString("hex");
+}
+function getApiKey() {
+  const record = loadAdmin();
+  if (!record?.apiKey) return null;
+  return decryptApiKey(record.apiKey);
+}
+function rotateApiKey() {
+  const record = loadAdmin();
+  if (!record) throw new Error("Admin store not initialised");
+  const newKey = generateApiKey();
+  saveAdmin({ ...record, apiKey: encryptApiKey(newKey) });
+  return newKey;
+}
+function verifyApiKey(key) {
+  const stored = getApiKey();
+  if (!stored) return false;
+  if (key.length !== stored.length) return false;
+  return import_crypto.default.timingSafeEqual(Buffer.from(key), Buffer.from(stored));
+}
+function signSession(payload) {
+  const secret = process.env.THIRD_AUDIENCE_SECRET ?? "ta-salt";
+  const sig = import_crypto.default.createHmac("sha256", secret).update(payload).digest("hex");
+  return `${payload}.${sig}`;
+}
+function verifySession(token) {
+  const lastDot = token.lastIndexOf(".");
+  if (lastDot === -1) return false;
+  const payload = token.slice(0, lastDot);
+  const sig = token.slice(lastDot + 1);
+  const expected = import_crypto.default.createHmac("sha256", process.env.THIRD_AUDIENCE_SECRET ?? "ta-salt").update(payload).digest("hex");
+  if (sig.length !== expected.length) return false;
+  return import_crypto.default.timingSafeEqual(Buffer.from(sig, "hex"), Buffer.from(expected, "hex"));
+}
+var import_fs, import_path, import_crypto, DEFAULT_PASSWORD, CIPHER;
+var init_admin_store = __esm({
+  "src/dashboard/admin-store.ts"() {
+    "use strict";
+    import_fs = __toESM(require("fs"));
+    import_path = __toESM(require("path"));
+    import_crypto = __toESM(require("crypto"));
+    DEFAULT_PASSWORD = "Chang3M3Now!";
+    CIPHER = "aes-256-gcm";
+  }
+});
+
+// src/dashboard/routes/login-route.ts
+var login_route_exports = {};
+__export(login_route_exports, {
+  GET: () => GET,
+  POST: () => POST
+});
+module.exports = __toCommonJS(login_route_exports);
+var import_server = require("next/server");
+init_admin_store();
+var COOKIE_NAME = "ta_session";
+var COOKIE_MAX_AGE = 60 * 60 * 8;
+var LOGIN_HTML = (error, reset) => `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>${reset ? "Reset Password" : "Third Audience \u2014 Login"}</title>
+  <style>
+    *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+    body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; background: #f5f5f7; min-height: 100vh; display: flex; align-items: center; justify-content: center; }
+    .card { background: #fff; border-radius: 18px; box-shadow: 0 4px 24px rgba(0,0,0,.08); padding: 40px 48px; width: 100%; max-width: 380px; }
+    .logo { font-size: 22px; font-weight: 700; color: #1d1d1f; margin-bottom: 8px; }
+    .subtitle { font-size: 14px; color: #6e6e73; margin-bottom: 32px; }
+    label { display: block; font-size: 13px; font-weight: 500; color: #1d1d1f; margin-bottom: 6px; }
+    input[type=password] { width: 100%; padding: 10px 14px; border: 1.5px solid #d2d2d7; border-radius: 10px; font-size: 15px; outline: none; transition: border-color .15s; }
+    input[type=password]:focus { border-color: #007aff; }
+    .error { background: #fff2f2; border: 1px solid #ffbaba; border-radius: 8px; padding: 10px 14px; font-size: 13px; color: #c0392b; margin-bottom: 20px; }
+    .btn { width: 100%; background: #007aff; color: #fff; border: none; border-radius: 10px; padding: 12px; font-size: 15px; font-weight: 600; cursor: pointer; margin-top: 20px; transition: background .15s; }
+    .btn:hover { background: #0062cc; }
+    .hint { font-size: 12px; color: #6e6e73; text-align: center; margin-top: 16px; }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <div class="logo">Third Audience</div>
+    <div class="subtitle">${reset ? "Choose a new password to continue" : "Sign in to your dashboard"}</div>
+    ${error ? `<div class="error">${error}</div>` : ""}
+    <form method="POST">
+      ${reset ? `
+      <div style="margin-bottom:16px">
+        <label for="password">New password</label>
+        <input id="password" name="password" type="password" autocomplete="new-password" required minlength="8" placeholder="At least 8 characters">
+      </div>
+      <div>
+        <label for="confirm">Confirm password</label>
+        <input id="confirm" name="confirm" type="password" autocomplete="new-password" required placeholder="Repeat password">
+      </div>
+      <input type="hidden" name="action" value="reset">
+      <button class="btn" type="submit">Set password</button>
+      ` : `
+      <div>
+        <label for="password">Password</label>
+        <input id="password" name="password" type="password" autocomplete="current-password" required placeholder="Enter your password">
+      </div>
+      <button class="btn" type="submit">Sign in</button>
+      `}
+      <p class="hint">Third Audience Dashboard</p>
+    </form>
+  </div>
+</body>
+</html>`;
+async function GET(req) {
+  const reset = req.nextUrl.searchParams.get("reset") === "1";
+  return new import_server.NextResponse(LOGIN_HTML(void 0, reset), {
+    headers: { "Content-Type": "text/html; charset=utf-8" }
+  });
+}
+async function POST(req) {
+  const body = await req.formData();
+  const action = body.get("action");
+  const password = body.get("password");
+  const confirm = body.get("confirm");
+  if (action === "reset") {
+    if (!password || password.length < 8) {
+      return new import_server.NextResponse(LOGIN_HTML("Password must be at least 8 characters.", true), {
+        headers: { "Content-Type": "text/html; charset=utf-8" }
+      });
+    }
+    if (password !== confirm) {
+      return new import_server.NextResponse(LOGIN_HTML("Passwords do not match.", true), {
+        headers: { "Content-Type": "text/html; charset=utf-8" }
+      });
+    }
+    const { updatePassword: updatePassword2 } = await Promise.resolve().then(() => (init_admin_store(), admin_store_exports));
+    updatePassword2(password);
+    const token2 = signSession("admin:" + Date.now());
+    const res2 = import_server.NextResponse.redirect(new URL("/third-audience/", req.nextUrl));
+    res2.cookies.set(COOKIE_NAME, token2, {
+      httpOnly: true,
+      sameSite: "strict",
+      secure: process.env.NODE_ENV === "production",
+      maxAge: COOKIE_MAX_AGE,
+      path: "/"
+    });
+    return res2;
+  }
+  if (!password || !verifyPassword(password)) {
+    return new import_server.NextResponse(LOGIN_HTML("Incorrect password."), {
+      headers: { "Content-Type": "text/html; charset=utf-8" }
+    });
+  }
+  recordLogin();
+  const admin = loadAdmin();
+  const token = signSession("admin:" + Date.now());
+  if (admin?.isDefaultPassword) {
+    const res2 = import_server.NextResponse.redirect(new URL("/third-audience/login?reset=1", req.nextUrl));
+    res2.cookies.set(COOKIE_NAME + "_reset", token, {
+      httpOnly: true,
+      sameSite: "strict",
+      secure: process.env.NODE_ENV === "production",
+      maxAge: 300,
+      // 5 min to complete reset
+      path: "/third-audience/login"
+    });
+    return res2;
+  }
+  const res = import_server.NextResponse.redirect(new URL("/third-audience/", req.nextUrl));
+  res.cookies.set(COOKIE_NAME, token, {
+    httpOnly: true,
+    sameSite: "strict",
+    secure: process.env.NODE_ENV === "production",
+    maxAge: COOKIE_MAX_AGE,
+    path: "/"
+  });
+  return res;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  GET,
+  POST
+});
+//# sourceMappingURL=login-route.js.map

package/dist/dashboard/routes/login-route.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/dashboard/admin-store.ts","../../../src/dashboard/routes/login-route.ts"],"sourcesContent":["import fs from 'fs'\nimport path from 'path'\nimport crypto from 'crypto'\n\nexport interface AdminRecord {\n  passwordHash: string        // sha256(secret + password)\n  isDefaultPassword: boolean\n  createdAt: string\n  lastLoginAt: string | null\n  apiKey?: string             // AES-256-GCM encrypted, for headless/external API callers\n}\n\nfunction adminFilePath(): string {\n  const dataDir = process.env.TA_DATA_DIR ?? 'data'\n  return path.join(process.cwd(), dataDir, 'ta-admin.json')\n}\n\nexport function generateDefaultPassword(): string {\n  return crypto.randomBytes(6).toString('hex') // 12-char hex, easy to type\n}\n\nexport function hashPassword(password: string): string {\n  const secret = process.env.THIRD_AUDIENCE_SECRET ?? 'ta-salt'\n  return crypto.createHash('sha256').update(secret + password).digest('hex')\n}\n\nexport function loadAdmin(): AdminRecord | null {\n  const filePath = adminFilePath()\n  if (!fs.existsSync(filePath)) return null\n  try {\n    return JSON.parse(fs.readFileSync(filePath, 'utf-8')) as AdminRecord\n  } catch {\n    return null\n  }\n}\n\nexport function saveAdmin(record: AdminRecord): void {\n  const filePath = adminFilePath()\n  const dir = path.dirname(filePath)\n  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true })\n  fs.writeFileSync(filePath, JSON.stringify(record, null, 2), 'utf-8')\n}\n\nexport const DEFAULT_PASSWORD = 'Chang3M3Now!'\n\nexport function initAdmin(): { password: string; apiKey: string; isNew: boolean } {\n  const existing = loadAdmin()\n  if (existing) return { password: '', apiKey: '', isNew: false }\n\n  const apiKey = generateApiKey()\n  saveAdmin({\n    passwordHash: hashPassword(DEFAULT_PASSWORD),\n    isDefaultPassword: true,\n    createdAt: new Date().toISOString(),\n    lastLoginAt: null,\n    apiKey: encryptApiKey(apiKey),\n  })\n  return { password: DEFAULT_PASSWORD, apiKey, isNew: true }\n}\n\nexport function verifyPassword(password: string): boolean {\n  const record = loadAdmin()\n  if (!record) return false\n  return record.passwordHash === hashPassword(password)\n}\n\nexport function updatePassword(newPassword: string): void {\n  const record = loadAdmin()\n  if (!record) return\n  saveAdmin({\n    ...record,\n    passwordHash: hashPassword(newPassword),\n    isDefaultPassword: false,\n  })\n}\n\nexport function recordLogin(): void {\n  const record = loadAdmin()\n  if (!record) return\n  saveAdmin({ ...record, lastLoginAt: new Date().toISOString() })\n}\n\n// ---------------------------------------------------------------------------\n// API key — AES-256-GCM encrypted at rest, mirroring WP's SECURE_AUTH_KEY approach\n// ---------------------------------------------------------------------------\n\nconst CIPHER = 'aes-256-gcm'\n\nfunction getEncryptionKey(): Buffer {\n  const secret = process.env.THIRD_AUDIENCE_SECRET ?? 'ta-fallback-key-change-me'\n  // Derive a 32-byte key from the secret using SHA-256\n  return crypto.createHash('sha256').update(secret).digest()\n}\n\nfunction encryptApiKey(plaintext: string): string {\n  const iv = crypto.randomBytes(12)\n  const key = getEncryptionKey()\n  const cipher = crypto.createCipheriv(CIPHER, key, iv) as crypto.CipherGCM\n  const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()])\n  const tag = cipher.getAuthTag()\n  // Format: iv(24 hex) + tag(32 hex) + encrypted(hex)\n  return iv.toString('hex') + tag.toString('hex') + encrypted.toString('hex')\n}\n\nfunction decryptApiKey(encoded: string): string | null {\n  try {\n    const iv = Buffer.from(encoded.slice(0, 24), 'hex')\n    const tag = Buffer.from(encoded.slice(24, 56), 'hex')\n    const encrypted = Buffer.from(encoded.slice(56), 'hex')\n    const key = getEncryptionKey()\n    const decipher = crypto.createDecipheriv(CIPHER, key, iv) as crypto.DecipherGCM\n    decipher.setAuthTag(tag)\n    return decipher.update(encrypted) + decipher.final('utf8')\n  } catch {\n    return null\n  }\n}\n\nexport function generateApiKey(): string {\n  return 'ta_' + crypto.randomBytes(24).toString('hex') // 51-char key\n}\n\nexport function getApiKey(): string | null {\n  const record = loadAdmin()\n  if (!record?.apiKey) return null\n  return decryptApiKey(record.apiKey)\n}\n\nexport function rotateApiKey(): string {\n  const record = loadAdmin()\n  if (!record) throw new Error('Admin store not initialised')\n  const newKey = generateApiKey()\n  saveAdmin({ ...record, apiKey: encryptApiKey(newKey) })\n  return newKey\n}\n\nexport function verifyApiKey(key: string): boolean {\n  const stored = getApiKey()\n  if (!stored) return false\n  if (key.length !== stored.length) return false\n  return crypto.timingSafeEqual(Buffer.from(key), Buffer.from(stored))\n}\n\n// ---------------------------------------------------------------------------\n// Session cookie: HMAC-SHA256(secret, userId + timestamp) — stateless, no DB\n// ---------------------------------------------------------------------------\nexport function signSession(payload: string): string {\n  const secret = process.env.THIRD_AUDIENCE_SECRET ?? 'ta-salt'\n  const sig = crypto.createHmac('sha256', secret).update(payload).digest('hex')\n  return `${payload}.${sig}`\n}\n\nexport function verifySession(token: string): boolean {\n  const lastDot = token.lastIndexOf('.')\n  if (lastDot === -1) return false\n  const payload = token.slice(0, lastDot)\n  const sig = token.slice(lastDot + 1)\n  const expected = crypto.createHmac('sha256', process.env.THIRD_AUDIENCE_SECRET ?? 'ta-salt')\n    .update(payload).digest('hex')\n  // Constant-time comparison\n  if (sig.length !== expected.length) return false\n  return crypto.timingSafeEqual(Buffer.from(sig, 'hex'), Buffer.from(expected, 'hex'))\n}\n","import { NextResponse, type NextRequest } from 'next/server'\nimport { verifyPassword, signSession, recordLogin, loadAdmin } from '../admin-store.js'\n\nconst COOKIE_NAME = 'ta_session'\nconst COOKIE_MAX_AGE = 60 * 60 * 8 // 8 hours\n\nconst LOGIN_HTML = (error?: string, reset?: boolean) => `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n  <meta charset=\"UTF-8\">\n  <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n  <title>${reset ? 'Reset Password' : 'Third Audience — Login'}</title>\n  <style>\n    *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }\n    body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; background: #f5f5f7; min-height: 100vh; display: flex; align-items: center; justify-content: center; }\n    .card { background: #fff; border-radius: 18px; box-shadow: 0 4px 24px rgba(0,0,0,.08); padding: 40px 48px; width: 100%; max-width: 380px; }\n    .logo { font-size: 22px; font-weight: 700; color: #1d1d1f; margin-bottom: 8px; }\n    .subtitle { font-size: 14px; color: #6e6e73; margin-bottom: 32px; }\n    label { display: block; font-size: 13px; font-weight: 500; color: #1d1d1f; margin-bottom: 6px; }\n    input[type=password] { width: 100%; padding: 10px 14px; border: 1.5px solid #d2d2d7; border-radius: 10px; font-size: 15px; outline: none; transition: border-color .15s; }\n    input[type=password]:focus { border-color: #007aff; }\n    .error { background: #fff2f2; border: 1px solid #ffbaba; border-radius: 8px; padding: 10px 14px; font-size: 13px; color: #c0392b; margin-bottom: 20px; }\n    .btn { width: 100%; background: #007aff; color: #fff; border: none; border-radius: 10px; padding: 12px; font-size: 15px; font-weight: 600; cursor: pointer; margin-top: 20px; transition: background .15s; }\n    .btn:hover { background: #0062cc; }\n    .hint { font-size: 12px; color: #6e6e73; text-align: center; margin-top: 16px; }\n  </style>\n</head>\n<body>\n  <div class=\"card\">\n    <div class=\"logo\">Third Audience</div>\n    <div class=\"subtitle\">${reset ? 'Choose a new password to continue' : 'Sign in to your dashboard'}</div>\n    ${error ? `<div class=\"error\">${error}</div>` : ''}\n    <form method=\"POST\">\n      ${reset ? `\n      <div style=\"margin-bottom:16px\">\n        <label for=\"password\">New password</label>\n        <input id=\"password\" name=\"password\" type=\"password\" autocomplete=\"new-password\" required minlength=\"8\" placeholder=\"At least 8 characters\">\n      </div>\n      <div>\n        <label for=\"confirm\">Confirm password</label>\n        <input id=\"confirm\" name=\"confirm\" type=\"password\" autocomplete=\"new-password\" required placeholder=\"Repeat password\">\n      </div>\n      <input type=\"hidden\" name=\"action\" value=\"reset\">\n      <button class=\"btn\" type=\"submit\">Set password</button>\n      ` : `\n      <div>\n        <label for=\"password\">Password</label>\n        <input id=\"password\" name=\"password\" type=\"password\" autocomplete=\"current-password\" required placeholder=\"Enter your password\">\n      </div>\n      <button class=\"btn\" type=\"submit\">Sign in</button>\n      `}\n      <p class=\"hint\">Third Audience Dashboard</p>\n    </form>\n  </div>\n</body>\n</html>`\n\nexport async function GET(req: NextRequest): Promise<NextResponse> {\n  const reset = req.nextUrl.searchParams.get('reset') === '1'\n  return new NextResponse(LOGIN_HTML(undefined, reset), {\n    headers: { 'Content-Type': 'text/html; charset=utf-8' },\n  })\n}\n\nexport async function POST(req: NextRequest): Promise<NextResponse> {\n  const body = await req.formData()\n  const action = body.get('action') as string | null\n  const password = body.get('password') as string | null\n  const confirm = body.get('confirm') as string | null\n\n  if (action === 'reset') {\n    if (!password || password.length < 8) {\n      return new NextResponse(LOGIN_HTML('Password must be at least 8 characters.', true), {\n        headers: { 'Content-Type': 'text/html; charset=utf-8' },\n      })\n    }\n    if (password !== confirm) {\n      return new NextResponse(LOGIN_HTML('Passwords do not match.', true), {\n        headers: { 'Content-Type': 'text/html; charset=utf-8' },\n      })\n    }\n    const { updatePassword } = await import('../admin-store.js')\n    updatePassword(password)\n    // Issue new session after reset\n    const token = signSession('admin:' + Date.now())\n    const res = NextResponse.redirect(new URL('/third-audience/', req.nextUrl))\n    res.cookies.set(COOKIE_NAME, token, {\n      httpOnly: true,\n      sameSite: 'strict',\n      secure: process.env.NODE_ENV === 'production',\n      maxAge: COOKIE_MAX_AGE,\n      path: '/',\n    })\n    return res\n  }\n\n  // Normal login\n  if (!password || !verifyPassword(password)) {\n    return new NextResponse(LOGIN_HTML('Incorrect password.'), {\n      headers: { 'Content-Type': 'text/html; charset=utf-8' },\n    })\n  }\n\n  recordLogin()\n\n  const admin = loadAdmin()\n  const token = signSession('admin:' + Date.now())\n\n  // If this was the default password, force reset before entering dashboard\n  if (admin?.isDefaultPassword) {\n    const res = NextResponse.redirect(new URL('/third-audience/login?reset=1', req.nextUrl))\n    // Set a temporary cookie so reset page knows we're authenticated\n    res.cookies.set(COOKIE_NAME + '_reset', token, {\n      httpOnly: true,\n      sameSite: 'strict',\n      secure: process.env.NODE_ENV === 'production',\n      maxAge: 300, // 5 min to complete reset\n      path: '/third-audience/login',\n    })\n    return res\n  }\n\n  const res = NextResponse.redirect(new URL('/third-audience/', req.nextUrl))\n  res.cookies.set(COOKIE_NAME, token, {\n    httpOnly: true,\n    sameSite: 'strict',\n    secure: process.env.NODE_ENV === 'production',\n    maxAge: COOKIE_MAX_AGE,\n    path: '/',\n  })\n  return res\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAYA,SAAS,gBAAwB;AAC/B,QAAM,UAAU,QAAQ,IAAI,eAAe;AAC3C,SAAO,YAAAA,QAAK,KAAK,QAAQ,IAAI,GAAG,SAAS,eAAe;AAC1D;AAEO,SAAS,0BAAkC;AAChD,SAAO,cAAAC,QAAO,YAAY,CAAC,EAAE,SAAS,KAAK;AAC7C;AAEO,SAAS,aAAa,UAA0B;AACrD,QAAM,SAAS,QAAQ,IAAI,yBAAyB;AACpD,SAAO,cAAAA,QAAO,WAAW,QAAQ,EAAE,OAAO,SAAS,QAAQ,EAAE,OAAO,KAAK;AAC3E;AAEO,SAAS,YAAgC;AAC9C,QAAM,WAAW,cAAc;AAC/B,MAAI,CAAC,UAAAC,QAAG,WAAW,QAAQ,EAAG,QAAO;AACrC,MAAI;AACF,WAAO,KAAK,MAAM,UAAAA,QAAG,aAAa,UAAU,OAAO,CAAC;AAAA,EACtD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,UAAU,QAA2B;AACnD,QAAM,WAAW,cAAc;AAC/B,QAAM,MAAM,YAAAF,QAAK,QAAQ,QAAQ;AACjC,MAAI,CAAC,UAAAE,QAAG,WAAW,GAAG,EAAG,WAAAA,QAAG,UAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AAC9D,YAAAA,QAAG,cAAc,UAAU,KAAK,UAAU,QAAQ,MAAM,CAAC,GAAG,OAAO;AACrE;AAIO,SAAS,YAAkE;AAChF,QAAM,WAAW,UAAU;AAC3B,MAAI,SAAU,QAAO,EAAE,UAAU,IAAI,QAAQ,IAAI,OAAO,MAAM;AAE9D,QAAM,SAAS,eAAe;AAC9B,YAAU;AAAA,IACR,cAAc,aAAa,gBAAgB;AAAA,IAC3C,mBAAmB;AAAA,IACnB,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,IAClC,aAAa;AAAA,IACb,QAAQ,cAAc,MAAM;AAAA,EAC9B,CAAC;AACD,SAAO,EAAE,UAAU,kBAAkB,QAAQ,OAAO,KAAK;AAC3D;AAEO,SAAS,eAAe,UAA2B;AACxD,QAAM,SAAS,UAAU;AACzB,MAAI,CAAC,OAAQ,QAAO;AACpB,SAAO,OAAO,iBAAiB,aAAa,QAAQ;AACtD;AAEO,SAAS,eAAe,aAA2B;AACxD,QAAM,SAAS,UAAU;AACzB,MAAI,CAAC,OAAQ;AACb,YAAU;AAAA,IACR,GAAG;AAAA,IACH,cAAc,aAAa,WAAW;AAAA,IACtC,mBAAmB;AAAA,EACrB,CAAC;AACH;AAEO,SAAS,cAAoB;AAClC,QAAM,SAAS,UAAU;AACzB,MAAI,CAAC,OAAQ;AACb,YAAU,EAAE,GAAG,QAAQ,cAAa,oBAAI,KAAK,GAAE,YAAY,EAAE,CAAC;AAChE;AAQA,SAAS,mBAA2B;AAClC,QAAM,SAAS,QAAQ,IAAI,yBAAyB;AAEpD,SAAO,cAAAD,QAAO,WAAW,QAAQ,EAAE,OAAO,MAAM,EAAE,OAAO;AAC3D;AAEA,SAAS,cAAc,WAA2B;AAChD,QAAM,KAAK,cAAAA,QAAO,YAAY,EAAE;AAChC,QAAM,MAAM,iBAAiB;AAC7B,QAAM,SAAS,cAAAA,QAAO,eAAe,QAAQ,KAAK,EAAE;AACpD,QAAM,YAAY,OAAO,OAAO,CAAC,OAAO,OAAO,WAAW,MAAM,GAAG,OAAO,MAAM,CAAC,CAAC;AAClF,QAAM,MAAM,OAAO,WAAW;AAE9B,SAAO,GAAG,SAAS,KAAK,IAAI,IAAI,SAAS,KAAK,IAAI,UAAU,SAAS,KAAK;AAC5E;AAEA,SAAS,cAAc,SAAgC;AACrD,MAAI;AACF,UAAM,KAAK,OAAO,KAAK,QAAQ,MAAM,GAAG,EAAE,GAAG,KAAK;AAClD,UAAM,MAAM,OAAO,KAAK,QAAQ,MAAM,IAAI,EAAE,GAAG,KAAK;AACpD,UAAM,YAAY,OAAO,KAAK,QAAQ,MAAM,EAAE,GAAG,KAAK;AACtD,UAAM,MAAM,iBAAiB;AAC7B,UAAM,WAAW,cAAAA,QAAO,iBAAiB,QAAQ,KAAK,EAAE;AACxD,aAAS,WAAW,GAAG;AACvB,WAAO,SAAS,OAAO,SAAS,IAAI,SAAS,MAAM,MAAM;AAAA,EAC3D,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,iBAAyB;AACvC,SAAO,QAAQ,cAAAA,QAAO,YAAY,EAAE,EAAE,SAAS,KAAK;AACtD;AAEO,SAAS,YAA2B;AACzC,QAAM,SAAS,UAAU;AACzB,MAAI,CAAC,QAAQ,OAAQ,QAAO;AAC5B,SAAO,cAAc,OAAO,MAAM;AACpC;AAEO,SAAS,eAAuB;AACrC,QAAM,SAAS,UAAU;AACzB,MAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,6BAA6B;AAC1D,QAAM,SAAS,eAAe;AAC9B,YAAU,EAAE,GAAG,QAAQ,QAAQ,cAAc,MAAM,EAAE,CAAC;AACtD,SAAO;AACT;AAEO,SAAS,aAAa,KAAsB;AACjD,QAAM,SAAS,UAAU;AACzB,MAAI,CAAC,OAAQ,QAAO;AACpB,MAAI,IAAI,WAAW,OAAO,OAAQ,QAAO;AACzC,SAAO,cAAAA,QAAO,gBAAgB,OAAO,KAAK,GAAG,GAAG,OAAO,KAAK,MAAM,CAAC;AACrE;AAKO,SAAS,YAAY,SAAyB;AACnD,QAAM,SAAS,QAAQ,IAAI,yBAAyB;AACpD,QAAM,MAAM,cAAAA,QAAO,WAAW,UAAU,MAAM,EAAE,OAAO,OAAO,EAAE,OAAO,KAAK;AAC5E,SAAO,GAAG,OAAO,IAAI,GAAG;AAC1B;AAEO,SAAS,cAAc,OAAwB;AACpD,QAAM,UAAU,MAAM,YAAY,GAAG;AACrC,MAAI,YAAY,GAAI,QAAO;AAC3B,QAAM,UAAU,MAAM,MAAM,GAAG,OAAO;AACtC,QAAM,MAAM,MAAM,MAAM,UAAU,CAAC;AACnC,QAAM,WAAW,cAAAA,QAAO,WAAW,UAAU,QAAQ,IAAI,yBAAyB,SAAS,EACxF,OAAO,OAAO,EAAE,OAAO,KAAK;AAE/B,MAAI,IAAI,WAAW,SAAS,OAAQ,QAAO;AAC3C,SAAO,cAAAA,QAAO,gBAAgB,OAAO,KAAK,KAAK,KAAK,GAAG,OAAO,KAAK,UAAU,KAAK,CAAC;AACrF;AAlKA,eACA,aACA,eAyCa,kBA2CP;AAtFN;AAAA;AAAA;AAAA,gBAAe;AACf,kBAAiB;AACjB,oBAAmB;AAyCZ,IAAM,mBAAmB;AA2ChC,IAAM,SAAS;AAAA;AAAA;;;ACtFf;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAA+C;AAC/C;AAEA,IAAM,cAAc;AACpB,IAAM,iBAAiB,KAAK,KAAK;AAEjC,IAAM,aAAa,CAAC,OAAgB,UAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,WAK7C,QAAQ,mBAAmB,6BAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,4BAmBlC,QAAQ,sCAAsC,2BAA2B;AAAA,MAC/F,QAAQ,sBAAsB,KAAK,WAAW,EAAE;AAAA;AAAA,QAE9C,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,UAWN;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,OAMH;AAAA;AAAA;AAAA;AAAA;AAAA;AAOP,eAAsB,IAAI,KAAyC;AACjE,QAAM,QAAQ,IAAI,QAAQ,aAAa,IAAI,OAAO,MAAM;AACxD,SAAO,IAAI,2BAAa,WAAW,QAAW,KAAK,GAAG;AAAA,IACpD,SAAS,EAAE,gBAAgB,2BAA2B;AAAA,EACxD,CAAC;AACH;AAEA,eAAsB,KAAK,KAAyC;AAClE,QAAM,OAAO,MAAM,IAAI,SAAS;AAChC,QAAM,SAAS,KAAK,IAAI,QAAQ;AAChC,QAAM,WAAW,KAAK,IAAI,UAAU;AACpC,QAAM,UAAU,KAAK,IAAI,SAAS;AAElC,MAAI,WAAW,SAAS;AACtB,QAAI,CAAC,YAAY,SAAS,SAAS,GAAG;AACpC,aAAO,IAAI,2BAAa,WAAW,2CAA2C,IAAI,GAAG;AAAA,QACnF,SAAS,EAAE,gBAAgB,2BAA2B;AAAA,MACxD,CAAC;AAAA,IACH;AACA,QAAI,aAAa,SAAS;AACxB,aAAO,IAAI,2BAAa,WAAW,2BAA2B,IAAI,GAAG;AAAA,QACnE,SAAS,EAAE,gBAAgB,2BAA2B;AAAA,MACxD,CAAC;AAAA,IACH;AACA,UAAM,EAAE,gBAAAE,gBAAe,IAAI,MAAM;AACjC,IAAAA,gBAAe,QAAQ;AAEvB,UAAMC,SAAQ,YAAY,WAAW,KAAK,IAAI,CAAC;AAC/C,UAAMC,OAAM,2BAAa,SAAS,IAAI,IAAI,oBAAoB,IAAI,OAAO,CAAC;AAC1E,IAAAA,KAAI,QAAQ,IAAI,aAAaD,QAAO;AAAA,MAClC,UAAU;AAAA,MACV,UAAU;AAAA,MACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,MACjC,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AACD,WAAOC;AAAA,EACT;AAGA,MAAI,CAAC,YAAY,CAAC,eAAe,QAAQ,GAAG;AAC1C,WAAO,IAAI,2BAAa,WAAW,qBAAqB,GAAG;AAAA,MACzD,SAAS,EAAE,gBAAgB,2BAA2B;AAAA,IACxD,CAAC;AAAA,EACH;AAEA,cAAY;AAEZ,QAAM,QAAQ,UAAU;AACxB,QAAM,QAAQ,YAAY,WAAW,KAAK,IAAI,CAAC;AAG/C,MAAI,OAAO,mBAAmB;AAC5B,UAAMA,OAAM,2BAAa,SAAS,IAAI,IAAI,iCAAiC,IAAI,OAAO,CAAC;AAEvF,IAAAA,KAAI,QAAQ,IAAI,cAAc,UAAU,OAAO;AAAA,MAC7C,UAAU;AAAA,MACV,UAAU;AAAA,MACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,MACjC,QAAQ;AAAA;AAAA,MACR,MAAM;AAAA,IACR,CAAC;AACD,WAAOA;AAAA,EACT;AAEA,QAAM,MAAM,2BAAa,SAAS,IAAI,IAAI,oBAAoB,IAAI,OAAO,CAAC;AAC1E,MAAI,QAAQ,IAAI,aAAa,OAAO;AAAA,IAClC,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAC;AACD,SAAO;AACT;","names":["path","crypto","fs","updatePassword","token","res"]}