Emdash source with visual editor image upload fix

Fixes: 1. media.ts: wrap placeholder generation in try-catch 2. toolbar.ts: check r.ok, display error message in popover
2026-05-03 10:44:54 +07:00
parent 78f81bebb6
commit 2d1be52177
2352 changed files with 662964 additions and 0 deletions
--- a/packages/core/tests/unit/page/get-page-runtime.test.ts
+++ b/packages/core/tests/unit/page/get-page-runtime.test.ts
@@ -0,0 +1,108 @@
+/**
+ * getPageRuntime() Tests
+ *
+ * Tests the gatekeeper function that Astro components (EmDashHead, EmDashBodyStart,
+ * EmDashBodyEnd) use to access plugin page contribution methods from locals.
+ *
+ * Bug context: The middleware's anonymous fast-path returned early without
+ * initializing the runtime, so locals.emdash was never populated for anonymous
+ * visitors. getPageRuntime() returned undefined, and all plugin page hooks
+ * (page:metadata, page:fragments) were silently skipped.
+ *
+ * Fix: The middleware now always initializes the runtime, so locals.emdash
+ * includes collectPageMetadata and collectPageFragments for all requests.
+ */
+
+import { describe, it, expect, vi } from "vitest";
+
+import { getPageRuntime } from "../../../src/page/index.js";
+
+describe("getPageRuntime", () => {
+	it("returns undefined when locals has no emdash property", () => {
+		const locals: Record<string, unknown> = {};
+
+		const result = getPageRuntime(locals);
+
+		expect(result).toBeUndefined();
+	});
+
+	it("returns undefined when locals.emdash is null", () => {
+		const locals: Record<string, unknown> = { emdash: null };
+
+		const result = getPageRuntime(locals);
+
+		expect(result).toBeUndefined();
+	});
+
+	it("returns undefined when locals.emdash is missing collectPageMetadata", () => {
+		const locals: Record<string, unknown> = {
+			emdash: {
+				collectPageFragments: vi.fn(),
+			},
+		};
+
+		const result = getPageRuntime(locals);
+
+		expect(result).toBeUndefined();
+	});
+
+	it("returns undefined when locals.emdash is missing collectPageFragments", () => {
+		const locals: Record<string, unknown> = {
+			emdash: {
+				collectPageMetadata: vi.fn(),
+			},
+		};
+
+		const result = getPageRuntime(locals);
+
+		expect(result).toBeUndefined();
+	});
+
+	it("returns the runtime when both page contribution methods are present", () => {
+		const collectPageMetadata = vi.fn();
+		const collectPageFragments = vi.fn();
+		const locals: Record<string, unknown> = {
+			emdash: {
+				collectPageMetadata,
+				collectPageFragments,
+			},
+		};
+
+		const result = getPageRuntime(locals);
+
+		expect(result).toBeDefined();
+		expect(result!.collectPageMetadata).toBe(collectPageMetadata);
+		expect(result!.collectPageFragments).toBe(collectPageFragments);
+	});
+
+	it("returns the runtime from a full middleware-shaped locals.emdash", () => {
+		// Simulate the full shape that the middleware binds to locals.emdash,
+		// verifying that the page contribution methods are extractable even
+		// alongside all the other handler bindings.
+		const collectPageMetadata = vi.fn();
+		const collectPageFragments = vi.fn();
+		const locals: Record<string, unknown> = {
+			emdash: {
+				handleContentList: vi.fn(),
+				handleContentGet: vi.fn(),
+				handleContentCreate: vi.fn(),
+				handleContentUpdate: vi.fn(),
+				handleContentDelete: vi.fn(),
+				handleMediaList: vi.fn(),
+				handlePluginApiRoute: vi.fn(),
+				collectPageMetadata,
+				collectPageFragments,
+				storage: null,
+				db: {},
+				hooks: {},
+				config: {},
+			},
+		};
+
+		const result = getPageRuntime(locals);
+
+		expect(result).toBeDefined();
+		expect(result!.collectPageMetadata).toBe(collectPageMetadata);
+		expect(result!.collectPageFragments).toBe(collectPageFragments);
+	});
+});
--- a/packages/core/tests/unit/page/seo-contributions.test.ts
+++ b/packages/core/tests/unit/page/seo-contributions.test.ts
@@ -0,0 +1,88 @@
+/**
+ * generateSiteSeoContributions() Tests
+ *
+ * Bug context: SiteSettings.seo.googleVerification and bingVerification are
+ * stored in the database and editable in the admin UI, but were never emitted
+ * as <meta> tags into <head>. This left Google Search Console and Bing
+ * Webmaster Tools verification impossible via meta-tag method.
+ *
+ * Fix: A new pure function generates the verification meta contributions from
+ * site SEO settings, and EmDashHead.astro loads settings and includes them.
+ */
+
+import { describe, it, expect } from "vitest";
+
+import { generateSiteSeoContributions } from "../../../src/page/seo-contributions.js";
+
+describe("generateSiteSeoContributions", () => {
+	it("returns empty array when no settings provided", () => {
+		const result = generateSiteSeoContributions(undefined);
+		expect(result).toEqual([]);
+	});
+
+	it("returns empty array when seo settings are empty", () => {
+		const result = generateSiteSeoContributions({});
+		expect(result).toEqual([]);
+	});
+
+	it("emits google-site-verification meta when googleVerification is set", () => {
+		const result = generateSiteSeoContributions({
+			googleVerification: "abc123",
+		});
+
+		expect(result).toContainEqual({
+			kind: "meta",
+			name: "google-site-verification",
+			content: "abc123",
+		});
+	});
+
+	it("emits msvalidate.01 meta when bingVerification is set", () => {
+		const result = generateSiteSeoContributions({
+			bingVerification: "xyz789",
+		});
+
+		expect(result).toContainEqual({
+			kind: "meta",
+			name: "msvalidate.01",
+			content: "xyz789",
+		});
+	});
+
+	it("emits both verification tags when both are set", () => {
+		const result = generateSiteSeoContributions({
+			googleVerification: "g-token",
+			bingVerification: "b-token",
+		});
+
+		expect(result).toHaveLength(2);
+		expect(result).toContainEqual({
+			kind: "meta",
+			name: "google-site-verification",
+			content: "g-token",
+		});
+		expect(result).toContainEqual({
+			kind: "meta",
+			name: "msvalidate.01",
+			content: "b-token",
+		});
+	});
+
+	it("ignores empty string values", () => {
+		const result = generateSiteSeoContributions({
+			googleVerification: "",
+			bingVerification: "",
+		});
+
+		expect(result).toEqual([]);
+	});
+
+	it("ignores unrelated seo settings without crashing", () => {
+		const result = generateSiteSeoContributions({
+			titleSeparator: " | ",
+			robotsTxt: "User-agent: *\nAllow: /",
+		});
+
+		expect(result).toEqual([]);
+	});
+});
--- a/packages/core/tests/unit/page/site-identity.test.ts
+++ b/packages/core/tests/unit/page/site-identity.test.ts
@@ -0,0 +1,90 @@
+/**
+ * renderSiteIdentity() Tests
+ *
+ * Bug context (#831): user-configured site favicons were not emitted into
+ * `<head>` by core. The 17 template `Base.astro` files emitted their own
+ * `<link rel="icon">` but only when the template had been updated post
+ * #448, and even then dropped the `type` attribute, so SVG favicons did
+ * not render in Chromium browsers (which require `type="image/svg+xml"`
+ * when the URL has no `.svg` extension).
+ *
+ * Fix: a first-party `renderSiteIdentity()` helper that emits the favicon
+ * tag with the correct MIME type. Lives outside the plugin contribution
+ * pipeline because that pipeline's `isSafeHref` check rejects same-origin
+ * paths like `/_emdash/api/media/file/...`.
+ */
+
+import { describe, it, expect } from "vitest";
+
+import { renderSiteIdentity } from "../../../src/page/site-identity.js";
+
+describe("renderSiteIdentity", () => {
+	it("returns empty string when no input provided", () => {
+		expect(renderSiteIdentity(undefined)).toBe("");
+	});
+
+	it("returns empty string when input has no favicon", () => {
+		expect(renderSiteIdentity({})).toBe("");
+	});
+
+	it("returns empty string when favicon has no resolved URL", () => {
+		// Unresolved MediaReference (no url field) should be a no-op.
+		expect(
+			renderSiteIdentity({
+				favicon: { mediaId: "med_123" },
+			}),
+		).toBe("");
+	});
+
+	it("emits link tag for favicon with URL", () => {
+		const html = renderSiteIdentity({
+			favicon: {
+				mediaId: "med_123",
+				url: "/_emdash/api/media/file/abc.png",
+				contentType: "image/png",
+			},
+		});
+		expect(html).toBe('<link rel="icon" href="/_emdash/api/media/file/abc.png" type="image/png">');
+	});
+
+	it("includes type attribute for SVG favicons (the #831 bug)", () => {
+		// SVG URLs from EmDash are extension-less (`/_emdash/api/media/file/<ulid>`),
+		// so without `type="image/svg+xml"` Chromium will not render them.
+		const html = renderSiteIdentity({
+			favicon: {
+				mediaId: "med_svg",
+				url: "/_emdash/api/media/file/01KNTC51CKNJG1RFP3YV93BR17",
+				contentType: "image/svg+xml",
+			},
+		});
+		expect(html).toContain('type="image/svg+xml"');
+	});
+
+	it("omits type attribute when contentType is not set", () => {
+		// Tolerate older stored references that predate contentType resolution.
+		const html = renderSiteIdentity({
+			favicon: {
+				mediaId: "med_legacy",
+				url: "/_emdash/api/media/file/legacy.ico",
+			},
+		});
+		expect(html).toBe('<link rel="icon" href="/_emdash/api/media/file/legacy.ico">');
+		expect(html).not.toContain("type=");
+	});
+
+	it("escapes hostile content in href and type", () => {
+		// MediaReference URLs come from a controlled construction in
+		// resolveMediaReference, but the renderer should still escape attribute
+		// contents defensively.
+		const html = renderSiteIdentity({
+			favicon: {
+				mediaId: "med_x",
+				url: '/path"><script>alert(1)</script>',
+				contentType: 'image/png"><x',
+			},
+		});
+		expect(html).not.toContain("<script>");
+		expect(html).toContain("&quot;");
+		expect(html).toContain("&lt;");
+	});
+});