Add author auth, forking, tags, and stats tracking

Introduce token-based author authentication (register/verify API), skill forking with EditGate protection, tag metadata on skills, and download/push stats. Enhanced push scripts with token auth and per-skill filtering. Updated UI with stats, tags, and author info on skill cards.
2026-02-12 14:37:40 +01:00
parent 39d8afb251
commit aa477a553b
80 changed files with 3618 additions and 660 deletions
--- a/dist/server/pages/api/auth/register.astro.mjs
+++ b/dist/server/pages/api/auth/register.astro.mjs
@@ -0,0 +1,55 @@
+import { h as hasToken, g as generateToken } from '../../../chunks/tokens_CAzj9Aj8.mjs';
+export { renderers } from '../../../renderers.mjs';
+
+const POST = async ({ request }) => {
+  let body;
+  try {
+    body = await request.json();
+  } catch {
+    return new Response(JSON.stringify({ error: "Invalid JSON" }), {
+      status: 400,
+      headers: { "Content-Type": "application/json" }
+    });
+  }
+  const { email, name } = body;
+  if (!email) {
+    return new Response(JSON.stringify({ error: "email is required" }), {
+      status: 400,
+      headers: { "Content-Type": "application/json" }
+    });
+  }
+  if (await hasToken(email)) {
+    return new Response(JSON.stringify({ error: "Email already registered" }), {
+      status: 409,
+      headers: { "Content-Type": "application/json" }
+    });
+  }
+  try {
+    const token = await generateToken(email, name || "");
+    return new Response(JSON.stringify({ token }), {
+      status: 201,
+      headers: { "Content-Type": "application/json" }
+    });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Unknown error";
+    if (message.includes("already registered")) {
+      return new Response(JSON.stringify({ error: message }), {
+        status: 409,
+        headers: { "Content-Type": "application/json" }
+      });
+    }
+    return new Response(JSON.stringify({ error: message }), {
+      status: 500,
+      headers: { "Content-Type": "application/json" }
+    });
+  }
+};
+
+const _page = /*#__PURE__*/Object.freeze(/*#__PURE__*/Object.defineProperty({
+  __proto__: null,
+  POST
+}, Symbol.toStringTag, { value: 'Module' }));
+
+const page = () => _page;
+
+export { page };
--- a/dist/server/pages/api/auth/verify.astro.mjs
+++ b/dist/server/pages/api/auth/verify.astro.mjs
@@ -0,0 +1,40 @@
+import { v as verifyToken } from '../../../chunks/tokens_CAzj9Aj8.mjs';
+export { renderers } from '../../../renderers.mjs';
+
+const POST = async ({ request }) => {
+  let body;
+  try {
+    body = await request.json();
+  } catch {
+    return new Response(JSON.stringify({ error: "Invalid JSON" }), {
+      status: 400,
+      headers: { "Content-Type": "application/json" }
+    });
+  }
+  const { email, token } = body;
+  if (!email || !token) {
+    return new Response(JSON.stringify({ error: "email and token are required" }), {
+      status: 400,
+      headers: { "Content-Type": "application/json" }
+    });
+  }
+  const valid = await verifyToken(email, token);
+  if (!valid) {
+    return new Response(JSON.stringify({ error: "Invalid token" }), {
+      status: 403,
+      headers: { "Content-Type": "application/json" }
+    });
+  }
+  return new Response(JSON.stringify({ ok: true }), {
+    headers: { "Content-Type": "application/json" }
+  });
+};
+
+const _page = /*#__PURE__*/Object.freeze(/*#__PURE__*/Object.defineProperty({
+  __proto__: null,
+  POST
+}, Symbol.toStringTag, { value: 'Module' }));
+
+const page = () => _page;
+
+export { page };
--- a/dist/server/pages/api/skills.astro.mjs
+++ b/dist/server/pages/api/skills.astro.mjs
@@ -1,4 +1,7 @@
-import { l as listSkills, i as isValidSlug, c as createSkill } from '../../chunks/skills_COWfD5oy.mjs';
+import matter from 'gray-matter';
+import { l as listSkills, i as isValidSlug, c as createSkill } from '../../chunks/skills_BacVQUiS.mjs';
+import { h as hasToken, e as extractBearerToken, v as verifyToken } from '../../chunks/tokens_CAzj9Aj8.mjs';
+import { r as recordPush } from '../../chunks/stats_CaDi9y9J.mjs';
 export { renderers } from '../../renderers.mjs';

 const GET = async () => {
@@ -30,8 +33,21 @@ const POST = async ({ request }) => {
      headers: { "Content-Type": "application/json" }
    });
  }
+  const parsed = matter(content);
+  const authorEmail = parsed.data["author-email"] || "";
+  if (authorEmail && await hasToken(authorEmail)) {
+    const token = extractBearerToken(request);
+    const valid = await verifyToken(authorEmail, token);
+    if (!valid) {
+      return new Response(JSON.stringify({ error: "Valid token required to create a skill with author-email. Register first via POST /api/auth/register." }), {
+        status: 403,
+        headers: { "Content-Type": "application/json" }
+      });
+    }
+  }
  try {
    const skill = await createSkill(slug, content);
+    recordPush(slug);
    return new Response(JSON.stringify(skill), {
      status: 201,
      headers: { "Content-Type": "application/json" }
--- a/dist/server/pages/api/skills/_slug_.astro.mjs
+++ b/dist/server/pages/api/skills/_slug_.astro.mjs
@@ -1,4 +1,7 @@
-import { d as deleteSkill, g as getSkill, u as updateSkill } from '../../../chunks/skills_COWfD5oy.mjs';
+import 'gray-matter';
+import { g as getSkill, d as deleteSkill, u as updateSkill } from '../../../chunks/skills_BacVQUiS.mjs';
+import { h as hasToken, e as extractBearerToken, v as verifyToken } from '../../../chunks/tokens_CAzj9Aj8.mjs';
+import { r as recordPush } from '../../../chunks/stats_CaDi9y9J.mjs';
 export { renderers } from '../../../renderers.mjs';

 const GET = async ({ params }) => {
@@ -27,36 +30,59 @@ const PUT = async ({ params, request }) => {
    });
  }
  try {
+    const existing = await getSkill(params.slug);
+    if (!existing) {
+      return new Response(JSON.stringify({ error: "Skill not found" }), {
+        status: 404,
+        headers: { "Content-Type": "application/json" }
+      });
+    }
+    if (existing["author-email"] && await hasToken(existing["author-email"])) {
+      const token = extractBearerToken(request);
+      const valid = await verifyToken(existing["author-email"], token);
+      if (!valid) {
+        return new Response(JSON.stringify({ error: `Only ${existing.author || existing["author-email"]} can update this skill. Provide a valid token via Authorization: Bearer header.` }), {
+          status: 403,
+          headers: { "Content-Type": "application/json" }
+        });
+      }
+    }
    const skill = await updateSkill(params.slug, body.content);
+    recordPush(params.slug);
    return new Response(JSON.stringify(skill), {
      headers: { "Content-Type": "application/json" }
    });
  } catch (err) {
    const message = err instanceof Error ? err.message : "Unknown error";
-    if (message.includes("not found")) {
-      return new Response(JSON.stringify({ error: message }), {
-        status: 404,
-        headers: { "Content-Type": "application/json" }
-      });
-    }
    return new Response(JSON.stringify({ error: message }), {
      status: 500,
      headers: { "Content-Type": "application/json" }
    });
  }
 };
-const DELETE = async ({ params }) => {
+const DELETE = async ({ params, request }) => {
  try {
-    await deleteSkill(params.slug);
-    return new Response(null, { status: 204 });
-  } catch (err) {
-    const message = err instanceof Error ? err.message : "Unknown error";
-    if (message.includes("not found")) {
-      return new Response(JSON.stringify({ error: message }), {
+    const existing = await getSkill(params.slug);
+    if (!existing) {
+      return new Response(JSON.stringify({ error: "Skill not found" }), {
        status: 404,
        headers: { "Content-Type": "application/json" }
      });
    }
+    if (existing["author-email"] && await hasToken(existing["author-email"])) {
+      const token = extractBearerToken(request);
+      const valid = await verifyToken(existing["author-email"], token);
+      if (!valid) {
+        return new Response(JSON.stringify({ error: `Only ${existing.author || existing["author-email"]} can delete this skill. Provide a valid token via Authorization: Bearer header.` }), {
+          status: 403,
+          headers: { "Content-Type": "application/json" }
+        });
+      }
+    }
+    await deleteSkill(params.slug);
+    return new Response(null, { status: 204 });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : "Unknown error";
    return new Response(JSON.stringify({ error: message }), {
      status: 500,
      headers: { "Content-Type": "application/json" }
--- a/dist/server/pages/api/sync.astro.mjs
+++ b/dist/server/pages/api/sync.astro.mjs
@@ -1,4 +1,4 @@
-import { b as buildSyncScript } from '../../chunks/sync_B_Og9xl3.mjs';
+import { b as buildSyncScript } from '../../chunks/sync_BEq_wzpT.mjs';
 export { renderers } from '../../renderers.mjs';

 const GET = async ({ url }) => {
--- a/dist/server/pages/api/sync/project.astro.mjs
+++ b/dist/server/pages/api/sync/project.astro.mjs
@@ -1,4 +1,4 @@
-import { b as buildSyncScript } from '../../../chunks/sync_B_Og9xl3.mjs';
+import { b as buildSyncScript } from '../../../chunks/sync_BEq_wzpT.mjs';
 export { renderers } from '../../../renderers.mjs';

 const GET = async ({ url }) => {