Repository: ai-tmarks/tmarks
Branch: main
Commit: 6d976e5e7713
Files: 383
Total size: 1.5 MB
Directory structure:
gitextract_hsh8svta/
├── DEPLOYMENT.md
├── LICENSE
├── README.md
└── tmarks/
├── .gitignore
├── .prettierignore
├── .prettierrc
├── API-DATABASE-AUDIT.md
├── eslint.config.js
├── functions/
│ ├── api/
│ │ ├── _middleware.ts
│ │ ├── index.ts
│ │ ├── public/
│ │ │ └── [slug].ts
│ │ ├── share/
│ │ │ └── [token].ts
│ │ ├── shared/
│ │ │ └── cache.ts
│ │ ├── snapshot-images/
│ │ │ └── [hash].ts
│ │ ├── tab/
│ │ │ ├── bookmarks/
│ │ │ │ ├── [id]/
│ │ │ │ │ ├── click.ts
│ │ │ │ │ ├── permanent.ts
│ │ │ │ │ ├── restore.ts
│ │ │ │ │ ├── snapshot-upload.ts
│ │ │ │ │ ├── snapshots/
│ │ │ │ │ │ ├── [snapshotId].ts
│ │ │ │ │ │ └── cleanup.ts
│ │ │ │ │ ├── snapshots-v2.ts
│ │ │ │ │ ├── snapshots.ts
│ │ │ │ │ └── trash.ts
│ │ │ │ ├── [id].ts
│ │ │ │ ├── batch/
│ │ │ │ │ └── index.ts
│ │ │ │ ├── batch-handler.ts
│ │ │ │ ├── bookmark-batch.ts
│ │ │ │ ├── bookmark-list.ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── reorder-pinned.ts
│ │ │ │ ├── trash/
│ │ │ │ │ └── empty.ts
│ │ │ │ └── trash.ts
│ │ │ ├── me.ts
│ │ │ ├── search.ts
│ │ │ ├── statistics/
│ │ │ │ └── index.ts
│ │ │ ├── tab-groups/
│ │ │ │ ├── [id]/
│ │ │ │ │ ├── items/
│ │ │ │ │ │ └── batch.ts
│ │ │ │ │ ├── permanent-delete.ts
│ │ │ │ │ ├── restore.ts
│ │ │ │ │ └── share.ts
│ │ │ │ ├── [id].ts
│ │ │ │ ├── index.ts
│ │ │ │ ├── items/
│ │ │ │ │ ├── [id]/
│ │ │ │ │ │ └── move.ts
│ │ │ │ │ └── [id].ts
│ │ │ │ └── trash.ts
│ │ │ └── tags/
│ │ │ ├── [id]/
│ │ │ │ └── click.ts
│ │ │ ├── [id].ts
│ │ │ └── index.ts
│ │ └── v1/
│ │ ├── auth/
│ │ │ ├── login.ts
│ │ │ ├── logout.ts
│ │ │ ├── refresh.ts
│ │ │ └── register.ts
│ │ ├── bookmarks/
│ │ │ ├── [id]/
│ │ │ │ ├── click.ts
│ │ │ │ ├── permanent.ts
│ │ │ │ ├── restore.ts
│ │ │ │ ├── snapshot-cleanup.ts
│ │ │ │ ├── snapshots/
│ │ │ │ │ ├── [snapshotId]/
│ │ │ │ │ │ └── view.ts
│ │ │ │ │ ├── [snapshotId].ts
│ │ │ │ │ └── cleanup.ts
│ │ │ │ └── snapshots.ts
│ │ │ ├── [id].ts
│ │ │ ├── bulk.ts
│ │ │ ├── index.ts
│ │ │ ├── statistics-helpers.ts
│ │ │ ├── statistics.ts
│ │ │ ├── trash/
│ │ │ │ └── empty.ts
│ │ │ └── trash.ts
│ │ ├── change-password.ts
│ │ ├── export.ts
│ │ ├── health.ts
│ │ ├── preferences-helpers.ts
│ │ ├── preferences.ts
│ │ ├── settings/
│ │ │ ├── api-keys/
│ │ │ │ ├── [id].ts
│ │ │ │ └── index.ts
│ │ │ ├── share.ts
│ │ │ └── storage.ts
│ │ ├── shared/
│ │ │ └── cache.ts
│ │ ├── statistics/
│ │ │ └── index.ts
│ │ ├── tab-groups/
│ │ │ ├── [id]/
│ │ │ │ ├── items/
│ │ │ │ │ └── batch.ts
│ │ │ │ ├── permanent-delete.ts
│ │ │ │ ├── restore.ts
│ │ │ │ └── share.ts
│ │ │ ├── [id].ts
│ │ │ ├── batch-update.ts
│ │ │ ├── index.ts
│ │ │ ├── items/
│ │ │ │ ├── [id]/
│ │ │ │ │ └── move.ts
│ │ │ │ └── [id].ts
│ │ │ └── trash.ts
│ │ └── tags/
│ │ ├── [id].ts
│ │ └── index.ts
│ ├── lib/
│ │ ├── api-key/
│ │ │ ├── generator.ts
│ │ │ ├── logger.ts
│ │ │ ├── rate-limiter-types.ts
│ │ │ ├── rate-limiter.ts
│ │ │ └── validator.ts
│ │ ├── bookmark-utils.ts
│ │ ├── cache/
│ │ │ ├── README.md
│ │ │ ├── bookmark-cache.ts
│ │ │ ├── config.ts
│ │ │ ├── index.ts
│ │ │ ├── service.ts
│ │ │ ├── strategies.ts
│ │ │ └── types.ts
│ │ ├── config.ts
│ │ ├── crypto.ts
│ │ ├── data-fetchers.ts
│ │ ├── error-handler.ts
│ │ ├── image-sig.ts
│ │ ├── image-upload.ts
│ │ ├── import-export/
│ │ │ ├── collect-export-data.ts
│ │ │ ├── export-scope.ts
│ │ │ ├── export-stats.ts
│ │ │ └── exporters/
│ │ │ ├── html-exporter.ts
│ │ │ ├── json-exporter.ts
│ │ │ └── tab-groups-netscape.ts
│ │ ├── index.ts
│ │ ├── input-sanitizer.ts
│ │ ├── jwt.ts
│ │ ├── rate-limit.ts
│ │ ├── response.ts
│ │ ├── signed-url.ts
│ │ ├── storage-quota.ts
│ │ ├── tags.ts
│ │ ├── types.ts
│ │ ├── utils.ts
│ │ └── validation.ts
│ └── middleware/
│ ├── api-key-auth-pages.ts
│ ├── api-key-auth.ts
│ ├── auth.ts
│ ├── dual-auth.ts
│ ├── index.ts
│ └── security.ts
├── index.html
├── migrations/
│ ├── 0001_d1_console.sql
│ ├── 0002_d1_console_ai_settings.sql
│ ├── 0103_api_key_rate_limits.sql
│ └── 0104_rate_limits.sql
├── package.json
├── postcss.config.js
├── public/
│ ├── _headers
│ └── _routes.json
├── scripts/
│ ├── auto-migrate.js
│ ├── check-db-schema.js
│ ├── check-migrations.js
│ └── prepare-deploy.js
├── shared/
│ ├── import-export-types.ts
│ └── permissions.ts
├── src/
│ ├── App.tsx
│ ├── components/
│ │ ├── api-keys/
│ │ │ ├── ApiKeyCard.tsx
│ │ │ ├── ApiKeyDetailModal.tsx
│ │ │ ├── CreateApiKeyModal.tsx
│ │ │ ├── StepBasicInfo.tsx
│ │ │ ├── StepPermissions.tsx
│ │ │ └── StepSuccess.tsx
│ │ ├── auth/
│ │ │ └── ProtectedRoute.tsx
│ │ ├── bookmarks/
│ │ │ ├── BatchActionBar.tsx
│ │ │ ├── BookmarkCardView.tsx
│ │ │ ├── BookmarkForm.tsx
│ │ │ ├── BookmarkListContainer.tsx
│ │ │ ├── BookmarkListItem.tsx
│ │ │ ├── BookmarkListLayout.tsx
│ │ │ ├── BookmarkListView.tsx
│ │ │ ├── BookmarkMinimalListView.tsx
│ │ │ ├── BookmarkTitleView.tsx
│ │ │ ├── DefaultBookmarkIcon.tsx
│ │ │ ├── SnapshotViewer.tsx
│ │ │ ├── TagSelector.tsx
│ │ │ ├── bookmark-utils.ts
│ │ │ ├── defaultIconOptions.ts
│ │ │ ├── hooks/
│ │ │ │ └── useBookmarkFormState.ts
│ │ │ ├── shared/
│ │ │ │ ├── BookmarkActions.tsx
│ │ │ │ ├── BookmarkTagList.tsx
│ │ │ │ ├── MasonryGrid.tsx
│ │ │ │ ├── useFaviconFallback.ts
│ │ │ │ └── useResponsiveColumns.ts
│ │ │ ├── useBookmarkForm.ts
│ │ │ └── useSnapshots.ts
│ │ ├── common/
│ │ │ ├── AdaptiveImage.tsx
│ │ │ ├── AlertDialog.tsx
│ │ │ ├── BookmarkIcons.tsx
│ │ │ ├── BottomNav.tsx
│ │ │ ├── CircularProgress.tsx
│ │ │ ├── ColorThemeSelector.tsx
│ │ │ ├── ConfirmDialog.tsx
│ │ │ ├── DialogHost.tsx
│ │ │ ├── DragDropUpload.tsx
│ │ │ ├── Drawer.tsx
│ │ │ ├── DropdownMenu.tsx
│ │ │ ├── ErrorBoundary.tsx
│ │ │ ├── ErrorDisplay.tsx
│ │ │ ├── LanguageSelector.tsx
│ │ │ ├── LazyImage.tsx
│ │ │ ├── MobileHeader.tsx
│ │ │ ├── PaginationFooter.tsx
│ │ │ ├── ProgressIndicator.tsx
│ │ │ ├── ResizablePanel.tsx
│ │ │ ├── SearchToolbar.tsx
│ │ │ ├── SimpleProgress.tsx
│ │ │ ├── SortSelector.tsx
│ │ │ ├── ThemeToggle.tsx
│ │ │ ├── Toast.tsx
│ │ │ ├── Toggle.tsx
│ │ │ ├── progressUtils.ts
│ │ │ └── useAnimatedProgress.ts
│ │ ├── import-export/
│ │ │ ├── ExportOptionsForm.tsx
│ │ │ └── ExportSection.tsx
│ │ ├── layout/
│ │ │ ├── AppShell.tsx
│ │ │ ├── FullScreenAppShell.tsx
│ │ │ ├── MobileBottomNav.tsx
│ │ │ ├── PublicAppShell.tsx
│ │ │ ├── ShellHeader.tsx
│ │ │ └── ThemedRoot.tsx
│ │ ├── settings/
│ │ │ ├── InfoBox.tsx
│ │ │ ├── SearchAutoClearSettings.tsx
│ │ │ ├── SettingsNav.tsx
│ │ │ ├── SettingsSaveBar.tsx
│ │ │ ├── SettingsSection.tsx
│ │ │ ├── SettingsTips.tsx
│ │ │ ├── TagSelectionAutoClearSettings.tsx
│ │ │ └── tabs/
│ │ │ ├── ApiSettingsTab.tsx
│ │ │ ├── AutomationSettingsTab.tsx
│ │ │ ├── BasicSettingsTab.tsx
│ │ │ ├── BrowserSettingsTab.tsx
│ │ │ ├── DataSettingsTab.tsx
│ │ │ ├── ShareSettingsTab.tsx
│ │ │ └── SnapshotSettingsTab.tsx
│ │ ├── tab-groups/
│ │ │ ├── BatchActionBar.tsx
│ │ │ ├── ColorPicker.tsx
│ │ │ ├── EmptyState.tsx
│ │ │ ├── InsertionIndicator.tsx
│ │ │ ├── MoveItemDialog.tsx
│ │ │ ├── MoveToFolderDialog.tsx
│ │ │ ├── PinnedItemsSection.tsx
│ │ │ ├── SearchBar.tsx
│ │ │ ├── ShareDialog.tsx
│ │ │ ├── SortSelector.tsx
│ │ │ ├── TabGroupCard.tsx
│ │ │ ├── TabGroupHeader.tsx
│ │ │ ├── TabGroupSidebar.tsx
│ │ │ ├── TabGroupTree.tsx
│ │ │ ├── TabItem.tsx
│ │ │ ├── TabItemList.tsx
│ │ │ ├── TagsInput.tsx
│ │ │ ├── TodoItemCard.tsx
│ │ │ ├── TodoSidebar.tsx
│ │ │ ├── colorUtils.ts
│ │ │ ├── sortUtils.ts
│ │ │ └── tree/
│ │ │ ├── TreeNode.css
│ │ │ ├── TreeNode.tsx
│ │ │ ├── TreeNodeContent.tsx
│ │ │ ├── TreeNodeMenu.tsx
│ │ │ ├── TreeNodeSimple.tsx
│ │ │ ├── TreeUtils.ts
│ │ │ └── useDragAndDrop.ts
│ │ └── tags/
│ │ ├── TagControls.tsx
│ │ ├── TagFormModal.tsx
│ │ ├── TagItem.tsx
│ │ ├── TagManageModal.tsx
│ │ ├── TagSidebar.tsx
│ │ └── useTagFiltering.ts
│ ├── hooks/
│ │ ├── buildTabOpenerHtml.ts
│ │ ├── index.ts
│ │ ├── useAnimatedProgress.ts
│ │ ├── useApiKeys.ts
│ │ ├── useBatchActions.ts
│ │ ├── useBookmarkFilters.ts
│ │ ├── useBookmarks.ts
│ │ ├── useClientSideFilter.ts
│ │ ├── useLanguage.ts
│ │ ├── useLocalPreferences.ts
│ │ ├── useMediaQuery.ts
│ │ ├── usePreferences.ts
│ │ ├── useShare.ts
│ │ ├── useStorage.ts
│ │ ├── useTabGroupActions.ts
│ │ ├── useTabGroupItemActions.ts
│ │ ├── useTabGroupMenu.ts
│ │ ├── useTabGroupsQuery.ts
│ │ └── useTags.ts
│ ├── i18n/
│ │ ├── index.ts
│ │ └── locales/
│ │ ├── en/
│ │ │ ├── auth.json
│ │ │ ├── bookmarks.json
│ │ │ ├── common.json
│ │ │ ├── errors.json
│ │ │ ├── import.json
│ │ │ ├── info.json
│ │ │ ├── settings.json
│ │ │ ├── share.json
│ │ │ ├── tabGroups.json
│ │ │ └── tags.json
│ │ └── zh-CN/
│ │ ├── auth.json
│ │ ├── bookmarks.json
│ │ ├── common.json
│ │ ├── errors.json
│ │ ├── import.json
│ │ ├── info.json
│ │ ├── settings.json
│ │ ├── share.json
│ │ ├── tabGroups.json
│ │ └── tags.json
│ ├── lib/
│ │ ├── ai/
│ │ │ ├── client.ts
│ │ │ ├── constants.ts
│ │ │ └── models.ts
│ │ ├── api-client.ts
│ │ ├── constants/
│ │ │ ├── bookmarks.ts
│ │ │ └── z-index.ts
│ │ ├── image-utils.ts
│ │ ├── logger.ts
│ │ ├── query-client.ts
│ │ ├── search-utils.ts
│ │ ├── types/
│ │ │ ├── api.types.ts
│ │ │ ├── auth.types.ts
│ │ │ ├── bookmark.types.ts
│ │ │ ├── index.ts
│ │ │ ├── preferences.types.ts
│ │ │ └── tab-group.types.ts
│ │ └── types.ts
│ ├── main.tsx
│ ├── pages/
│ │ ├── about/
│ │ │ └── AboutPage.tsx
│ │ ├── auth/
│ │ │ ├── LoginPage.tsx
│ │ │ └── RegisterPage.tsx
│ │ ├── bookmarks/
│ │ │ ├── BookmarkStatisticsPage.tsx
│ │ │ ├── BookmarkTrashPage.tsx
│ │ │ ├── BookmarksPage.tsx
│ │ │ ├── TrashBookmarkItem.tsx
│ │ │ ├── components/
│ │ │ │ ├── BatchSelectionPrompt.tsx
│ │ │ │ ├── MobileTagDrawer.tsx
│ │ │ │ └── StatisticsCards.tsx
│ │ │ └── hooks/
│ │ │ ├── useBookmarksEffects.ts
│ │ │ ├── useBookmarksState.ts
│ │ │ └── useStatisticsData.ts
│ │ ├── extension/
│ │ │ └── ExtensionPage.tsx
│ │ ├── info/
│ │ │ ├── AboutPage.tsx
│ │ │ ├── HelpPage.tsx
│ │ │ ├── PrivacyPage.tsx
│ │ │ └── TermsPage.tsx
│ │ ├── settings/
│ │ │ ├── ApiKeysPage.tsx
│ │ │ ├── GeneralSettingsPage.tsx
│ │ │ ├── ImportExportPage.tsx
│ │ │ ├── PermissionsPage.tsx
│ │ │ └── ShareSettingsPage.tsx
│ │ ├── share/
│ │ │ ├── PublicSharePage.tsx
│ │ │ ├── components/
│ │ │ │ └── ShareTopBar.tsx
│ │ │ └── hooks/
│ │ │ └── usePublicShareState.ts
│ │ └── tab-groups/
│ │ ├── StatisticsPage.tsx
│ │ ├── TabGroupDetailHeader.tsx
│ │ ├── TabGroupDetailPage.tsx
│ │ ├── TabGroupEmptyState.tsx
│ │ ├── TabGroupItem.tsx
│ │ ├── TabGroupsPage.tsx
│ │ ├── TodoPage.tsx
│ │ ├── TrashPage.tsx
│ │ ├── components/
│ │ │ ├── TabGroupsGrid.tsx
│ │ │ └── TabGroupsList.tsx
│ │ └── hooks/
│ │ ├── useGroupManagement.ts
│ │ ├── useTabGroupDetailState.ts
│ │ ├── useTabGroupItemDnD.ts
│ │ ├── useTabGroupsData.ts
│ │ └── useTabGroupsState.ts
│ ├── routes/
│ │ └── index.tsx
│ ├── services/
│ │ ├── api-keys.ts
│ │ ├── auth.ts
│ │ ├── bookmarks.ts
│ │ ├── index.ts
│ │ ├── preferences.ts
│ │ ├── share.ts
│ │ ├── storage.ts
│ │ ├── tab-groups.ts
│ │ └── tags.ts
│ ├── stores/
│ │ ├── authStore.ts
│ │ ├── dialogStore.ts
│ │ ├── index.ts
│ │ ├── themeStore.ts
│ │ └── toastStore.ts
│ ├── styles/
│ │ ├── components.css
│ │ ├── index.css
│ │ └── themes/
│ │ ├── default.css
│ │ └── orange.css
│ └── vite-env.d.ts
├── tailwind.config.js
├── test-register.js
├── tsconfig.json
├── vite.config.ts
└── wrangler.toml.example
================================================
FILE CONTENTS
================================================
================================================
FILE: DEPLOYMENT.md
================================================
# 🚀 TMarks 部署指南
## 📹 视频教程
**完整部署教程视频**: [点击观看](https://bushutmarks.pages.dev/course/tmarks)
跟随视频教程,3 分钟完成部署。
---
## 开源用户一页部署指南
**前置条件**
- 有 Cloudflare 账号
- 有 GitHub 账号
---
### 1. 连接仓库并配置构建
1. 在 GitHub 上 Fork 本仓库
2. 打开 Cloudflare Dashboard → **Workers & Pages** → **Pages** → **创建项目**
3. 选择「连接到 Git」,选中你的 Fork
4. 构建配置:
- 根目录:`tmarks`
- 构建命令:`pnpm install && pnpm build:deploy`
- 构建输出目录:`.deploy`
5. 保存并触发一次部署(第一次失败没关系,后面会修好)
### 2. 创建 Cloudflare 资源
1. **D1 数据库(必需)**
- Workers & Pages → **D1 SQL Database** → Create database
- 名称:`tmarks-prod-db`
2. **R2 存储桶(可选,快照用)**
- R2 对象存储 → 创建存储桶
- 名称:`tmarks-snapshots`
- 不创建则快照功能不可用,但其他功能正常
> **注意**:KV 命名空间已不再需要,代码中已移除 KV 依赖
### 3. 在 Pages 项目中绑定资源
进入 Pages 项目 → **设置 → 函数**:
- **D1 绑定(必需)**:
- 新建 D1 绑定,变量名:`DB` → 选择 `tmarks-prod-db`
- **R2 绑定(可选)**:
- 新建 R2 绑定,变量名:`SNAPSHOTS_BUCKET` → 选择 `tmarks-snapshots`
> **重要**:如果之前配置过 KV 绑定(变量名 `TMARKS_KV`),请删除该绑定,代码中已不再使用 KV。
>
> 没有 R2 时,可以跳过 R2 绑定,应用仍然可以启动(快照功能不可用)。
### 4. 配置环境变量
进入 Pages 项目 → **设置 → 环境变量(生产环境)**,复制以下配置:
```
ALLOW_REGISTRATION = "true"
ENVIRONMENT = "production"
JWT_ACCESS_TOKEN_EXPIRES_IN = "365d"
JWT_REFRESH_TOKEN_EXPIRES_IN = "365d"
R2_MAX_TOTAL_BYTES = "7516192768"
JWT_SECRET = "your-long-random-jwt-secret-at-least-48-characters"
ENCRYPTION_KEY = "your-long-random-encryption-key-at-least-48-characters"
```
> **重要**:`JWT_SECRET` 和 `ENCRYPTION_KEY` 必须替换为你自己生成的随机字符串(建议 ≥ 48 位)
### 5. 初始化数据库
1. 打开 **Workers & Pages → D1 SQL Database**
2. 进入 `tmarks-prod-db` → **Console**
3. 打开仓库中的以下 SQL 文件:
- `tmarks/migrations/0001_d1_console.sql`
- `tmarks/migrations/0002_d1_console_ai_settings.sql`
- `tmarks/migrations/0100_d1_console.sql`
- `tmarks/migrations/0101_d1_console.sql`
4. 复制全部 SQL,粘贴到控制台,点击 **Execute** 执行
### 6. 重新部署
1. 回到 Pages 项目 → 部署
2. 对之前失败的部署点击「重试」,或推送任意提交重新触发
3. 构建成功后,就可以访问你的 TMarks 站点了 🎉
> 之后更新:只要往 GitHub 推代码,Cloudflare 会自动重新构建和部署,之前配置的数据库 / R2 / 环境变量都不会丢。
---
## 常见问题
### 部署失败:KV namespace not found
**原因**:Cloudflare Pages Dashboard 中配置了 KV 绑定,但代码中已不再使用 KV。
**解决方案**:
1. 进入 Pages 项目 → 设置 → 函数
2. 找到 KV namespace bindings
3. 删除名为 `TMARKS_KV` 的绑定
4. 保存并重新部署
### 部署失败:D1 database not found
**原因**:D1 数据库绑定配置不正确或数据库不存在。
**解决方案**:
1. 确认已创建 D1 数据库 `tmarks-prod-db`
2. 进入 Pages 项目 → 设置 → 函数
3. 检查 D1 绑定:变量名必须是 `DB`,选择正确的数据库
4. 保存并重新部署
### 如何更新到最新版本
1. 在 GitHub 上同步你的 Fork(Sync fork 按钮)
2. Cloudflare Pages 会自动检测到更新并重新部署
3. 如果有数据库迁移,需要在 D1 Console 中执行新的 SQL 文件
---
## 本地开发
```bash
# 1. 克隆项目
git clone https://github.com/ai-tmarks/tmarks.git
cd tmarks
# 2. 安装依赖
cd tmarks
pnpm install
# 3. 创建数据库并迁移
wrangler d1 create tmarks-prod-db --local
pnpm db:migrate:local
# 4. 启动开发服务器
pnpm dev
# 访问 http://localhost:5173
```
---
## 技术支持
- [问题反馈](https://github.com/ai-tmarks/tmarks/issues)
- [功能建议](https://github.com/ai-tmarks/tmarks/discussions)
- [视频教程](https://bushutmarks.pages.dev/course/tmarks)
================================================
FILE: LICENSE
================================================
Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0)
Copyright (c) 2024 TMarks Team
You are free to:
Share — copy and redistribute the material in any medium or format
Adapt — remix, transform, and build upon the material
Under the following terms:
Attribution — You must give appropriate credit, provide a link to the
license, and indicate if changes were made. You may do so in any reasonable
manner, but not in any way that suggests the licensor endorses you or your use.
NonCommercial — You may not use the material for commercial purposes.
No additional restrictions — You may not apply legal terms or technological
measures that legally restrict others from doing anything the license permits.
Full license text: https://creativecommons.org/licenses/by-nc/4.0/legalcode
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
================================================
FILE: README.md
================================================
# 🔖 TMarks
**AI 驱动的智能书签管理系统**
[](https://www.typescriptlang.org/)
[](https://reactjs.org/)
[](https://vitejs.dev/)
[](https://workers.cloudflare.com/)
[](LICENSE)
简体中文
[在线演示](https://tmarks.669696.xyz) | [视频教程](https://bushutmarks.pages.dev/course/tmarks) | [问题反馈](https://github.com/ai-tmarks/tmarks/issues) | [功能建议](https://github.com/ai-tmarks/tmarks/discussions)
---
## ✨ 项目简介
TMarks 是一个现代化的智能书签管理系统,结合 AI 技术自动生成标签,让书签管理变得简单高效。
### 核心特性
- 📚 **智能书签管理** - AI自动标签、多维筛选、批量操作、拖拽排序
- 🗂️ **标签页组管理** - 一键收纳标签页、智能分组、快速恢复
- 🌐 **公开分享** - 创建个性化书签展示页、KV缓存加速
- 🔌 **浏览器扩展** - 快速保存、AI推荐、离线支持、自动同步
- 🔐 **安全可靠** - JWT认证、API Key管理、数据加密
### 技术栈
- **前端**: React 18/19 + TypeScript + Vite + TailwindCSS 4
- **后端**: Cloudflare Workers + Pages Functions
- **数据库**: Cloudflare D1 (SQLite)
- **快照存储**: Cloudflare R2(可选,用于存储网页快照 HTML 与图片,支持全局 7GB 配额限制)
- **AI集成**: 支持 OpenAI、Anthropic、DeepSeek、智谱等 8+ 提供商
---
## 🔌 浏览器扩展
登录 TMarks 后,进入 **个人设置** 页面下载并安装浏览器扩展。
### 扩展功能
- **快速保存书签** - 一键保存当前网页,AI 自动推荐标签
- **标签页收纳** - 一键收纳所有标签页,改天再看
### 支持浏览器
Chrome / Edge / Opera / Brave / 360 / QQ / 搜狗
---
## 🚀 部署
📖 **详细部署文档**: [DEPLOYMENT.md](DEPLOYMENT.md)
📹 **视频教程**: [点击观看](https://bushutmarks.pages.dev/course/tmarks)(3 分钟完成部署)
---
## 📄 许可证
本项目采用 [MIT License](LICENSE) 开源协议。
================================================
FILE: tmarks/.gitignore
================================================
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
pnpm-debug.log*
lerna-debug.log*
node_modules
dist
dist-ssr
*.local
# Editor directories and files
.vscode/*
!.vscode/extensions.json
.idea
.DS_Store
*.suo
*.ntvs*
*.njsproj
*.sln
*.sw?
# Environment
.env
.env.local
.env.*.local
.dev.vars
# Wrangler
.wrangler
.mf
# Testing
coverage
# Build
build
.deploy
# Database migration history (local only)
.migration-history.json
.migration-history-prod.json
================================================
FILE: tmarks/.prettierignore
================================================
# Dependencies
node_modules
# Build outputs
dist
dist-ssr
build
.wrangler
# Environment
.env
.env.local
.dev.vars
# Logs
*.log
# OS
.DS_Store
# IDE
.vscode
.idea
================================================
FILE: tmarks/.prettierrc
================================================
{
"semi": false,
"singleQuote": true,
"tabWidth": 2,
"trailingComma": "es5",
"printWidth": 100,
"arrowParens": "always"
}
================================================
FILE: tmarks/API-DATABASE-AUDIT.md
================================================
# 数据库表与 API 接口一致性审计报告
生成时间: 2026-04-15
## 📊 总体统计
- **总 API 端点数**: 73
- **总数据库表数**: 21
- **已使用的表数**: 17 (81.0%)
- **未使用的表数**: 4 (19.0%)
- **中间件/工具使用**: 3 (rate_limits, api_key_rate_limits, bookmark_images)
---
## ✅ 核心功能表使用情况
### 1. 书签相关 (Bookmarks)
| 表名 | 使用端点数 | 状态 |
|------|-----------|------|
| `bookmarks` | 37 | ✅ 核心表 |
| `bookmark_tags` | 24 | ✅ 活跃 |
| `bookmark_snapshots` | 16 | ✅ 活跃 |
| `bookmark_click_events` | 3 | ✅ 正常 |
| `bookmark_images` | 0 (工具函数使用) | ✅ 正常 |
**分析**:
- 书签核心功能完整,包括标签、快照、点击统计
- `bookmark_images` 通过 `lib/image-upload.ts` 和 `lib/storage-quota.ts` 使用,用于封面图管理
### 2. 标签组相关 (Tab Groups)
| 表名 | 使用端点数 | 状态 |
|------|-----------|------|
| `tab_groups` | 22 | ✅ 核心表 |
| `tab_group_items` | 17 | ✅ 活跃 |
| `shares` | 4 | ✅ 正常 |
**分析**: 标签组功能完整,包括分享功能
### 3. 标签相关 (Tags)
| 表名 | 使用端点数 | 状态 |
|------|-----------|------|
| `tags` | 21 | ✅ 核心表 |
**分析**: 标签功能活跃,与书签紧密集成
### 4. 用户与认证
| 表名 | 使用端点数 | 状态 |
|------|-----------|------|
| `users` | 8 | ✅ 核心表 |
| `auth_tokens` | 3 | ✅ 正常 |
| `user_preferences` | 5 | ✅ 正常 |
**分析**: 用户认证和偏好设置功能正常
### 5. API 密钥管理
| 表名 | 使用端点数 | 状态 |
|------|-----------|------|
| `api_keys` | 2 | ✅ 正常 |
| `api_key_logs` | 1 | ✅ 正常 |
| `api_key_rate_limits` | 0 (中间件使用) | ✅ 正常 |
**分析**:
- API 密钥基础功能正常
- `api_key_rate_limits` 在中间件 `rate-limiter.ts` 中使用,用于 API Key 速率限制
### 6. 审计与统计
| 表名 | 使用端点数 | 状态 |
|------|-----------|------|
| `audit_logs` | 6 | ✅ 正常 |
| `statistics` | 0 | ⚠️ 未使用 |
**分析**:
- 审计日志功能正常
- `statistics` 表未使用,统计可能通过实时查询实现
---
## ⚠️ 未使用的数据库表
以下表在数据库中定义,但未被任何 API 端点直接使用:
### 1. `bookmark_images` ✅ 工具函数使用
- **定义位置**: `0001_d1_console.sql`
- **用途**: 存储书签封面图片(去重存储)
- **实际使用**:
- `lib/image-upload.ts` - 图片上传和管理
- `lib/storage-quota.ts` - 存储配额计算
- **状态**: ✅ 正常使用,通过工具函数间接调用
### 2. `statistics`
- **定义位置**: `0001_d1_console.sql`
- **用途**: 存储每日统计数据
- **建议**:
- 检查是否有计划使用此表
- 当前统计通过实时查询实现,考虑是否需要持久化
### 3. `registration_limits`
- **定义位置**: `0001_d1_console.sql`
- **用途**: 限制每日注册数量
- **建议**:
- 检查注册限流逻辑是否在其他地方实现
- 如果功能已实现,添加对应的 API 使用
### 4. `ai_settings`
- **定义位置**: `0002_d1_console_ai_settings.sql`
- **用途**: AI 功能配置
- **建议**:
- 这是新功能表,可能尚未实现 API
- 需要添加 AI 设置相关的 API 端点
### 5. `api_key_rate_limits` ✅ 中间件使用
- **定义位置**: `0103_api_key_rate_limits.sql`
- **用途**: API 密钥速率限制
- **实际使用**: `lib/api-key/rate-limiter.ts` - API Key 速率限制中间件
- **状态**: ✅ 正常使用,在中间件层面使用
### 6. `rate_limits` ✅ 中间件使用
- **定义位置**: `0104_rate_limits.sql`
- **用途**: 通用速率限制
- **实际使用**: `lib/rate-limit.ts` - 通用速率限制工具
- **状态**: ✅ 正常使用,在中间件层面使用
### 7. `schema_migrations`
- **定义位置**: `0001_d1_console.sql`
- **用途**: 数据库迁移版本管理
- **状态**: ✅ 系统表,正常未使用
---
## 📍 API 端点分类
### /api/tab/* (扩展 API - 需要 API Key)
- 共 34 个端点
- 主要功能:书签、标签组、标签、搜索、统计
- 认证方式:API Key (X-API-Key header)
### /api/v1/* (Web API - 需要 JWT)
- 共 35 个端点
- 主要功能:认证、书签、标签组、标签、设置、统计
- 认证方式:JWT Token
### /api/public/* (公开 API)
- 1 个端点:公开分享页面
- 无需认证
### /api/share/* (分享 API)
- 1 个端点:标签组分享
- 通过 token 访问
### /api/snapshot-images/* (快照图片)
- 1 个端点:获取快照图片
- 需要签名验证
---
## 🔍 潜在问题与建议
### 1. 真正未使用的表
**需要确认的表**:
- `ai_settings`: 需要实现 AI 设置 API(新功能)
- `statistics`: 评估是否需要持久化统计数据
- `registration_limits`: 确认注册限流策略
### 2. API 一致性
**建议**:
- `/api/tab/*` 和 `/api/v1/*` 存在功能重复
- 考虑统一 API 设计,减少维护成本
- 明确两套 API 的使用场景和差异
### 3. 缺失的功能
**可能需要添加的 API**:
- AI 设置管理 (`/api/v1/settings/ai`)
- 注册限流管理 (管理员功能)
- 速率限制查询 API(如果需要对外暴露)
### 4. 数据完整性
**建议检查**:
- 所有外键约束是否正确设置
- 级联删除是否符合业务逻辑
- 索引是否覆盖常用查询
---
## 📋 详细端点列表
### 书签管理 (Bookmarks)
#### /api/tab/bookmarks
- `GET` - 获取书签列表
- `POST` - 创建书签
- 使用表: `bookmarks`, `tags`, `bookmark_tags`, `bookmark_snapshots`
#### /api/tab/bookmarks/:id
- `GET` - 获取书签详情
- `PATCH` - 更新书签
- `DELETE` - 软删除书签
- 使用表: `bookmarks`, `tags`, `bookmark_tags`, `bookmark_snapshots`
#### /api/tab/bookmarks/:id/click
- `POST` - 记录书签点击
- 使用表: `bookmarks`, `bookmark_click_events`
#### /api/tab/bookmarks/:id/snapshots
- `GET` - 获取快照列表
- `POST` - 创建快照
- 使用表: `bookmarks`, `bookmark_snapshots`, `user_preferences`
#### /api/tab/bookmarks/batch
- `POST` - 批量创建书签
- 使用表: `bookmarks`, `tags`, `bookmark_tags`, `audit_logs`
#### /api/tab/bookmarks/trash
- `GET` - 获取回收站书签
- 使用表: `bookmarks`, `tags`, `bookmark_tags`
#### /api/tab/bookmarks/trash/empty
- `DELETE` - 清空回收站
- 使用表: `bookmarks`, `bookmark_tags`, `bookmark_snapshots`
### 标签组管理 (Tab Groups)
#### /api/tab/tab-groups
- `GET` - 获取标签组列表
- `POST` - 创建标签组
- 使用表: `tab_groups`, `tab_group_items`
#### /api/tab/tab-groups/:id
- `GET` - 获取标签组详情
- `PATCH` - 更新标签组
- `DELETE` - 删除标签组
- 使用表: `tab_groups`, `tab_group_items`
#### /api/tab/tab-groups/:id/share
- `POST` - 创建分享
- `DELETE` - 删除分享
- 使用表: `tab_groups`, `shares`
### 标签管理 (Tags)
#### /api/tab/tags
- `GET` - 获取标签列表
- `POST` - 创建标签
- 使用表: `tags`, `bookmark_tags`
#### /api/tab/tags/:id
- `GET` - 获取标签详情
- `PATCH` - 更新标签
- `DELETE` - 删除标签
- 使用表: `tags`, `bookmark_tags`
### 认证 (Authentication)
#### /api/v1/auth/register
- `POST` - 用户注册
- 使用表: `users`, `user_preferences`, `audit_logs`
#### /api/v1/auth/login
- `POST` - 用户登录
- 使用表: `users`, `auth_tokens`, `audit_logs`
#### /api/v1/auth/logout
- `POST` - 用户登出
- 使用表: `auth_tokens`, `audit_logs`
#### /api/v1/auth/refresh
- `POST` - 刷新 Token
- 使用表: `users`, `auth_tokens`, `audit_logs`
### 设置 (Settings)
#### /api/v1/preferences
- `GET` - 获取用户偏好
- `PUT` - 更新用户偏好
- 使用表: `user_preferences`
#### /api/v1/settings/api-keys
- `GET` - 获取 API 密钥列表
- `POST` - 创建 API 密钥
- 使用表: `api_keys`
#### /api/v1/settings/api-keys/:id
- `GET` - 获取 API 密钥详情
- `PATCH` - 更新 API 密钥
- `DELETE` - 删除 API 密钥
- 使用表: `api_keys`, `api_key_logs`
#### /api/v1/settings/share
- `GET` - 获取公开分享设置
- `PUT` - 更新公开分享设置
- 使用表: `users`
### 统计 (Statistics)
#### /api/tab/statistics
- `GET` - 获取统计数据
- 使用表: `tab_groups`, `tab_group_items`, `shares`
#### /api/v1/statistics
- `GET` - 获取统计数据
- 使用表: `tab_groups`, `tab_group_items`
#### /api/v1/bookmarks/statistics
- `GET` - 获取书签统计
- 使用表: `bookmarks`, `tags`, `bookmark_tags`, `bookmark_click_events`
---
## 🎯 行动建议
### 立即执行
1. ✅ 修复导入路径问题(已完成)
2. ✅ 确认速率限制功能的实现位置(已确认在中间件中)
3. ✅ 确认 bookmark_images 功能(已确认在工具函数中)
### 短期计划
1. 实现 AI 设置相关 API
2. 评估 `statistics` 表的使用需求
3. 确认 `registration_limits` 的实现方式
### 长期规划
1. 统一 `/api/tab/*` 和 `/api/v1/*` 的设计
2. 完善 API 文档
3. 添加更多的统计和分析功能
---
## 📝 备注
- 本报告基于代码静态分析生成
- 未包含中间件和工具函数中的数据库操作
- 建议定期更新此报告以保持同步
================================================
FILE: tmarks/eslint.config.js
================================================
import js from '@eslint/js'
import globals from 'globals'
import reactHooks from 'eslint-plugin-react-hooks'
import reactRefresh from 'eslint-plugin-react-refresh'
import tseslint from 'typescript-eslint'
export default tseslint.config(
{
ignores: [
'node_modules',
'dist',
'dist-ssr',
'build',
'.wrangler',
'.deploy',
'**/*.config.js',
'**/*.config.ts',
'vite.config.ts',
],
},
{
extends: [js.configs.recommended, ...tseslint.configs.recommended],
files: ['**/*.{ts,tsx}'],
languageOptions: {
ecmaVersion: 2020,
globals: globals.browser,
},
plugins: {
'react-hooks': reactHooks,
'react-refresh': reactRefresh,
},
rules: {
...reactHooks.configs.recommended.rules,
'react-refresh/only-export-components': [
'warn',
{ allowConstantExport: true },
],
},
},
)
================================================
FILE: tmarks/functions/api/_middleware.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import { corsHeaders, securityHeaders, requestLogger } from '../middleware/security'
export const onRequest: PagesFunction[] = [
requestLogger,
corsHeaders,
securityHeaders,
]
================================================
FILE: tmarks/functions/api/index.ts
================================================
/**
* API - API
* : /api
*
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../lib/types'
export const onRequestGet: PagesFunction = async () => {
return Response.json({
name: 'TMarks API',
version: 'v1',
description: 'TMarks Bookmark Management API',
documentation: '/api/docs',
endpoints: {
bookmarks: {
list: 'GET /api/bookmarks',
create: 'POST /api/bookmarks',
get: 'GET /api/bookmarks/:id',
update: 'PATCH /api/bookmarks/:id',
delete: 'DELETE /api/bookmarks/:id',
},
tags: {
list: 'GET /api/tags',
create: 'POST /api/tags',
get: 'GET /api/tags/:id',
update: 'PATCH /api/tags/:id',
delete: 'DELETE /api/tags/:id',
},
user: {
me: 'GET /api/me',
},
search: {
global: 'GET /api/search?q=keyword',
},
},
authentication: {
type: 'API Key',
header: 'X-API-Key',
format: 'tmk_live_xxxxxxxxxxxxxxxxxxxx',
how_to_get: 'Create an API Key in TMarks Settings > API Keys',
},
rate_limits: {
per_minute: 60,
per_hour: 1000,
per_day: 10000,
},
support: {
docs: '/help',
},
})
}
================================================
FILE: tmarks/functions/api/public/[slug].ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, BookmarkRow, PublicProfile } from '../../lib/types'
import { notFound, success, internalError } from '../../lib/response'
import { normalizeBookmark } from '../../lib/bookmark-utils'
import { CacheService } from '../../lib/cache'
import { generateCacheKey } from '../../lib/cache/strategies'
interface PublicSharePayload {
profile: {
username: string
title: string | null
description: string | null
slug: string
}
bookmarks: Array & { tags: Array<{ id: string; name: string; color: string | null }> }>
tags: Array<{ id: string; name: string; color: string | null; bookmark_count: number }>
generated_at: string
}
interface PublicSharePaginatedPayload {
profile: {
username: string
title: string | null
description: string | null
slug: string
}
bookmarks: Array & { tags: Array<{ id: string; name: string; color: string | null }> }>
tags: Array<{ id: string; name: string; color: string | null; bookmark_count: number }>
meta: {
page_size: number
count: number
next_cursor: string | null
has_more: boolean
}
}
export const onRequestGet: PagesFunction = async (context) => {
const slug = (context.params.slug as string | undefined)?.toLowerCase()
if (!slug) {
return notFound('Share link not found')
}
const url = new URL(context.request.url)
const pageSize = Math.min(parseInt(url.searchParams.get('page_size') || '30', 10) || 30, 100)
const pageCursor = url.searchParams.get('page_cursor') || ''
// ,()
const usePagination = url.searchParams.has('page_size') || url.searchParams.has('page_cursor')
//
const cache = new CacheService(context.env)
const cacheKey = usePagination
? generateCacheKey('publicShare', slug, { page_cursor: pageCursor || 'first', page_size: pageSize })
: generateCacheKey('publicShare', slug)
try {
//
const user = await context.env.DB.prepare(
`SELECT id as user_id, username, public_share_enabled, public_slug, public_page_title, public_page_description
FROM users
WHERE LOWER(public_slug) = ? AND public_share_enabled = 1`
)
.bind(slug)
.first()
if (!user || !user.public_share_enabled || !user.public_slug) {
return notFound('Share link not found')
}
//
const cached = await cache.get('publicShare', cacheKey)
if (cached) {
return success({
...cached,
_cached: true, //
})
}
//
let bookmarkQuery = `
SELECT *
FROM bookmarks
WHERE user_id = ?
AND is_public = 1
AND deleted_at IS NULL
`
const bookmarkParams: (string | number)[] = [user.user_id]
//
if (usePagination && pageCursor) {
bookmarkQuery += ' AND id < ?'
bookmarkParams.push(pageCursor)
}
bookmarkQuery += ' ORDER BY is_pinned DESC, created_at DESC'
// , LIMIT
if (usePagination) {
bookmarkQuery += ' LIMIT ?'
bookmarkParams.push(pageSize + 1) //
}
const { results: bookmarkRows } = await context.env.DB.prepare(bookmarkQuery)
.bind(...bookmarkParams)
.all()
// ()
const hasMore = usePagination && bookmarkRows.length > pageSize
const bookmarksToProcess = usePagination && hasMore
? bookmarkRows.slice(0, pageSize)
: bookmarkRows
const nextCursor = usePagination && hasMore && bookmarksToProcess.length > 0
? String(bookmarksToProcess[bookmarksToProcess.length - 1].id)
: null
const bookmarkIds = bookmarksToProcess.map((row) => row.id)
let allTags: Array<{ bookmark_id: string; id: string; name: string; color: string | null }> = []
if (bookmarkIds.length > 0) {
const placeholders = bookmarkIds.map(() => '?').join(',')
const { results: tagRows } = await context.env.DB.prepare(
`SELECT bt.bookmark_id, t.id, t.name, t.color
FROM bookmark_tags bt
INNER JOIN tags t ON t.id = bt.tag_id
WHERE bt.bookmark_id IN (${placeholders})
AND t.deleted_at IS NULL
ORDER BY t.name`
)
.bind(...bookmarkIds)
.all<{ bookmark_id: string; id: string; name: string; color: string | null }>()
allTags = tagRows || []
}
const tagsByBookmark = new Map>()
for (const tag of allTags) {
if (!tagsByBookmark.has(tag.bookmark_id)) {
tagsByBookmark.set(tag.bookmark_id, [])
}
const tags = tagsByBookmark.get(tag.bookmark_id)
if (tags) {
tags.push({ id: tag.id, name: tag.name, color: tag.color })
}
}
const bookmarks = bookmarksToProcess.map((row) => ({
...normalizeBookmark(row),
tags: tagsByBookmark.get(row.id) || [],
}))
// ()
let tags: Array<{ id: string; name: string; color: string | null; bookmark_count: number }> = []
if (!usePagination || !pageCursor) {
const tagsCacheKey = generateCacheKey('publicShare', `${slug}:tags`)
//
const cachedTags = await cache.get('publicShare', tagsCacheKey)
if (cachedTags) {
tags = cachedTags
} else {
//
const { results: tagStats } = await context.env.DB.prepare(
`SELECT t.id, t.name, t.color, COUNT(DISTINCT bt.bookmark_id) as bookmark_count
FROM tags t
INNER JOIN bookmark_tags bt ON t.id = bt.tag_id
INNER JOIN bookmarks b ON bt.bookmark_id = b.id
WHERE b.user_id = ?
AND b.is_public = 1
AND b.deleted_at IS NULL
AND t.deleted_at IS NULL
GROUP BY t.id, t.name, t.color
ORDER BY t.name`
)
.bind(user.user_id)
.all<{ id: string; name: string; color: string | null; bookmark_count: number }>()
tags = tagStats || []
// (30)
if (tags.length > 0) {
await cache.set('publicShare', tagsCacheKey, tags, { async: true })
}
}
}
//
if (usePagination) {
const paginatedPayload: PublicSharePaginatedPayload = {
profile: {
username: user.username,
title: user.public_page_title,
description: user.public_page_description,
slug: user.public_slug,
},
bookmarks,
tags,
meta: {
page_size: pageSize,
count: bookmarks.length,
next_cursor: nextCursor,
has_more: hasMore,
},
}
// (30 TTL, Level 0 )
await cache.set('publicShare', cacheKey, paginatedPayload, { async: true })
return success(paginatedPayload)
} else {
const payload: PublicSharePayload = {
profile: {
username: user.username,
title: user.public_page_title,
description: user.public_page_description,
slug: user.public_slug,
},
bookmarks,
tags,
generated_at: new Date().toISOString(),
}
// (30 TTL, Level 0 )
await cache.set('publicShare', cacheKey, payload, { async: true })
return success(payload)
}
} catch (error) {
console.error('Public share error:', error)
return internalError('Failed to load shared bookmarks')
}
}
================================================
FILE: tmarks/functions/api/share/[token].ts
================================================
/**
* API
* : /api/share/:token
* : ()
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../lib/types'
import { success, notFound, internalError } from '../../lib/response'
interface ShareRow {
id: string
group_id: string
user_id: string
share_token: string
is_public: number
view_count: number
created_at: string
expires_at: string | null
}
interface TabGroupRow {
id: string
user_id: string
title: string
color: string | null
tags: string | null
created_at: string
updated_at: string
}
interface TabGroupItemRow {
id: string
group_id: string
title: string
url: string
favicon: string | null
position: number
is_pinned: number
is_todo: number
created_at: string
}
// GET /api/share/:token -
export const onRequestGet: PagesFunction = async (context) => {
const shareToken = context.params.token
try {
// Get share
const share = await context.env.DB.prepare(
'SELECT * FROM shares WHERE share_token = ?'
)
.bind(shareToken)
.first()
if (!share) {
return notFound('Share not found')
}
// Check if share is public
if (share.is_public !== 1) {
return notFound('Share is private')
}
// Check if share has expired
if (share.expires_at) {
const expiresAt = new Date(share.expires_at)
if (expiresAt < new Date()) {
return notFound('Share has expired')
}
}
// Get tab group
const groupRow = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE id = ? AND is_deleted = 0'
)
.bind(share.group_id)
.first()
if (!groupRow) {
return notFound('Tab group not found')
}
// Get tab group items
const { results: items } = await context.env.DB.prepare(
'SELECT * FROM tab_group_items WHERE group_id = ? ORDER BY position ASC'
)
.bind(share.group_id)
.all()
// Parse tags
let tags: string[] | null = null
if (groupRow.tags) {
try {
tags = JSON.parse(groupRow.tags)
} catch {
tags = null
}
}
// Increment view count
await context.env.DB.prepare(
'UPDATE shares SET view_count = view_count + 1 WHERE id = ?'
)
.bind(share.id)
.run()
return success({
tab_group: {
...groupRow,
tags,
items: items || [],
item_count: items?.length || 0,
},
share_info: {
view_count: share.view_count + 1,
created_at: share.created_at,
expires_at: share.expires_at,
},
})
} catch (error) {
console.error('Get shared tab group error:', error)
return internalError('Failed to get shared tab group')
}
}
================================================
FILE: tmarks/functions/api/shared/cache.ts
================================================
import type { Env } from '../../lib/types'
import { CacheService } from '../../lib/cache'
import { getCacheInvalidationPrefix } from '../../lib/cache/strategies'
/**
*
*/
export async function invalidatePublicShareCache(env: Env, userId: string) {
// slug
const record = await env.DB.prepare(
`SELECT public_slug FROM users WHERE id = ? AND public_share_enabled = 1`
)
.bind(userId)
.first<{ public_slug: string | null }>()
if (!record?.public_slug) {
return
}
// CacheService
const cache = new CacheService(env)
const prefix = getCacheInvalidationPrefix(record.public_slug.toLowerCase(), 'publicShare')
await cache.invalidate(prefix)
}
================================================
FILE: tmarks/functions/api/snapshot-images/[hash].ts
================================================
/**
* API
* : /api/snapshot-images/:hash
* R2
*
* : API
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../lib/types'
import { notFound, internalError } from '../../lib/response'
import { generateImageSig } from '../../lib/image-sig'
// OPTIONS /api/snapshot-images/:hash - CORS
export const onRequestOptions: PagesFunction = async () => {
return new Response(null, {
status: 204,
headers: {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'GET, OPTIONS',
'Access-Control-Allow-Headers': 'Content-Type',
'Access-Control-Max-Age': '86400',
},
})
}
// GET /api/snapshot-images/:hash -
export const onRequestGet: PagesFunction = async (context) => {
try {
const hash = context.params.hash as string
const bucket = context.env.SNAPSHOTS_BUCKET
const db = context.env.DB
if (!bucket || !db) {
return internalError('Storage not configured')
}
// URL
const url = new URL(context.request.url)
const userId = url.searchParams.get('u')
const bookmarkId = url.searchParams.get('b')
const version = url.searchParams.get('v')
console.log(`[Snapshot Image API] Request: hash=${hash}, u=${userId}, b=${bookmarkId}, v=${version}`)
if (!userId || !bookmarkId || !version) {
console.warn(`[Snapshot Image API] Missing parameters: u=${userId}, b=${bookmarkId}, v=${version}`)
return new Response('Missing required parameters', {
status: 400,
headers: {
'Content-Type': 'text/plain',
'Access-Control-Allow-Origin': '*',
},
})
}
//
//
const snapshot = await db
.prepare(
`SELECT s.id
FROM bookmark_snapshots s
JOIN bookmarks b ON s.bookmark_id = b.id
WHERE s.bookmark_id = ?
AND s.user_id = ?
AND s.version = ?
AND b.deleted_at IS NULL`
)
.bind(bookmarkId, userId, parseInt(version, 10) || 0)
.first()
if (!snapshot) {
console.warn(`[Snapshot Image API] Snapshot not found or access denied: u=${userId}, b=${bookmarkId}, v=${version}, hash=${hash}`)
return notFound('Snapshot not found or access denied')
}
//
const sig = url.searchParams.get('sig')
if (!sig) {
return new Response('Missing image signature', {
status: 403,
headers: {
'Content-Type': 'text/plain',
'Access-Control-Allow-Origin': '*',
},
})
}
const expectedSig = await generateImageSig(hash, userId, bookmarkId, context.env.JWT_SECRET)
if (sig !== expectedSig) {
return new Response('Invalid image signature', {
status: 403,
headers: {
'Content-Type': 'text/plain',
'Access-Control-Allow-Origin': '*',
},
})
}
// R2
let imageKey = `${userId}/${bookmarkId}/v${version}/images/${hash}`
console.log(`[Snapshot Image API] Fetching: ${imageKey}`)
// R2
let r2Object = await bucket.get(imageKey)
// ,(/)
if (!r2Object) {
console.log(`[Snapshot Image API] Not found, trying alternative formats...`)
// hash ,
if (hash.includes('.')) {
const hashWithoutExt = hash.replace(/\.(webp|jpg|jpeg|png|gif)$/i, '')
const altKey = `${userId}/${bookmarkId}/v${version}/images/${hashWithoutExt}`
console.log(`[Snapshot Image API] Trying without extension: ${altKey}`)
r2Object = await bucket.get(altKey)
if (r2Object) imageKey = altKey
} else {
// hash ,
const extensions = ['.webp', '.jpg', '.jpeg', '.png', '.gif']
for (const ext of extensions) {
const altKey = `${userId}/${bookmarkId}/v${version}/images/${hash}${ext}`
console.log(`[Snapshot Image API] Trying with extension: ${altKey}`)
r2Object = await bucket.get(altKey)
if (r2Object) {
imageKey = altKey
break
}
}
}
}
if (!r2Object) {
console.warn(`[Snapshot Image API] Image not found in R2 (tried all formats): ${hash}`)
return new Response('Image not found', {
status: 404,
headers: {
'Content-Type': 'text/plain',
'Access-Control-Allow-Origin': '*',
},
})
}
//
const imageData = await r2Object.arrayBuffer()
const contentType = r2Object.httpMetadata?.contentType || 'image/jpeg'
console.log(`[Snapshot Image API] Serving: ${imageKey}, ${(imageData.byteLength / 1024).toFixed(1)}KB, type: ${contentType}`)
return new Response(imageData, {
headers: {
'Content-Type': contentType,
'Cache-Control': 'public, max-age=31536000, immutable', //
'Access-Control-Allow-Origin': '*', // ()
'Access-Control-Allow-Methods': 'GET, OPTIONS',
'Access-Control-Allow-Headers': 'Content-Type',
},
})
} catch (error) {
console.error('[Snapshot Image API] Error:', error)
// ,
return new Response('Failed to load image', {
status: 500,
headers: {
'Content-Type': 'text/plain',
'Access-Control-Allow-Origin': '*',
},
})
}
}
================================================
FILE: tmarks/functions/api/tab/bookmarks/[id]/click.ts
================================================
/**
* API -
* : /api/tab/bookmarks/:id/click
* : API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../lib/types'
import { success, notFound, internalError } from '../../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../../middleware/api-key-auth-pages'
// POST /api/tab/bookmarks/:id/click -
export const onRequestPost: PagesFunction[] = [
requireApiKeyAuth('bookmarks.update'),
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id
try {
const db = context.env.DB
const now = new Date().toISOString()
//
const bookmark = await db.prepare(
'SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NULL'
)
.bind(bookmarkId, userId)
.first()
if (!bookmark) {
return notFound('Bookmark not found')
}
// ,
await db.batch([
db.prepare(
'UPDATE bookmarks SET click_count = click_count + 1, last_clicked_at = ? WHERE id = ?'
).bind(now, bookmarkId),
db.prepare(
'INSERT INTO bookmark_click_events (bookmark_id, user_id, clicked_at) VALUES (?, ?, ?)'
).bind(bookmarkId, userId, now),
])
return success({
message: 'Click recorded successfully',
clicked_at: now,
})
} catch (error) {
console.error('Record bookmark click error:', error)
return internalError('Failed to record click')
}
},
]
================================================
FILE: tmarks/functions/api/tab/bookmarks/[id]/permanent.ts
================================================
/**
* API -
* : /api/tab/bookmarks/:id/permanent
* : API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../lib/types'
import { noContent, notFound, internalError } from '../../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../../middleware/api-key-auth-pages'
// DELETE /api/tab/bookmarks/:id/permanent - ()
export const onRequestDelete: PagesFunction[] = [
requireApiKeyAuth('bookmarks.delete'),
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id
try {
//
const existing = await context.env.DB.prepare(
'SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NOT NULL'
)
.bind(bookmarkId, userId)
.first()
if (!existing) {
return notFound('Bookmark not found in trash')
}
//
await context.env.DB.prepare('DELETE FROM bookmark_tags WHERE bookmark_id = ?')
.bind(bookmarkId)
.run()
//
await context.env.DB.prepare('DELETE FROM bookmark_snapshots WHERE bookmark_id = ?')
.bind(bookmarkId)
.run()
//
await context.env.DB.prepare('DELETE FROM bookmarks WHERE id = ?')
.bind(bookmarkId)
.run()
return noContent()
} catch (error) {
console.error('Permanent delete bookmark error:', error)
return internalError('Failed to permanently delete bookmark')
}
},
]
================================================
FILE: tmarks/functions/api/tab/bookmarks/[id]/restore.ts
================================================
/**
* API -
* : /api/tab/bookmarks/:id/restore
* : API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, BookmarkRow, RouteParams } from '../../../../lib/types'
import { success, notFound, internalError } from '../../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../../middleware/api-key-auth-pages'
import { normalizeBookmark } from '../../../../lib/bookmark-utils'
// PATCH /api/tab/bookmarks/:id/restore -
export const onRequestPatch: PagesFunction[] = [
requireApiKeyAuth('bookmarks.update'),
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id
try {
//
const existing = await context.env.DB.prepare(
'SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NOT NULL'
)
.bind(bookmarkId, userId)
.first()
if (!existing) {
return notFound('Bookmark not found in trash')
}
const now = new Date().toISOString()
// : deleted_at
await context.env.DB.prepare(
'UPDATE bookmarks SET deleted_at = NULL, updated_at = ? WHERE id = ?'
)
.bind(now, bookmarkId)
.run()
//
const bookmarkRow = await context.env.DB.prepare(
'SELECT * FROM bookmarks WHERE id = ?'
)
.bind(bookmarkId)
.first()
if (!bookmarkRow) {
return internalError('Failed to load bookmark after restore')
}
//
const { results: tags } = await context.env.DB.prepare(
`SELECT t.id, t.name, t.color
FROM tags t
INNER JOIN bookmark_tags bt ON t.id = bt.tag_id
WHERE bt.bookmark_id = ? AND t.deleted_at IS NULL`
)
.bind(bookmarkId)
.all<{ id: string; name: string; color: string | null }>()
return success({
bookmark: {
...normalizeBookmark(bookmarkRow),
tags: tags || [],
},
})
} catch (error) {
console.error('Restore bookmark error:', error)
return internalError('Failed to restore bookmark')
}
},
]
================================================
FILE: tmarks/functions/api/tab/bookmarks/[id]/snapshot-upload.ts
================================================
/**
*
* Base64 R2
*/
import type { R2Bucket } from '@cloudflare/workers-types'
const R2_UPLOAD_CONCURRENCY = 6
interface ImageInput {
hash: string
data: string // base64
type: string
}
interface DecodedImage {
hash: string
bytes: Uint8Array
type: string
}
/** Base64 , charCodeAt */
export function decodeBase64Image(image: ImageInput): DecodedImage | null {
try {
const base64Data = image.data.includes(',')
? image.data.split(',')[1]
: image.data
const binaryString = atob(base64Data)
const bytes = new Uint8Array(binaryString.length)
for (let i = 0; i < binaryString.length; i++) {
bytes[i] = binaryString.charCodeAt(i)
}
return { hash: image.hash, bytes, type: image.type }
} catch {
return null
}
}
interface UploadResult {
uploadedHashes: string[]
totalImageSize: number
}
/**
* R2
* N R2_UPLOAD_CONCURRENCY
*/
export async function uploadImagesConcurrently(
decoded: DecodedImage[],
bucket: R2Bucket,
userId: string,
bookmarkId: string,
version: number,
timestamp: number,
): Promise {
const uploadedHashes: string[] = []
let totalImageSize = 0
for (let i = 0; i < decoded.length; i += R2_UPLOAD_CONCURRENCY) {
const batch = decoded.slice(i, i + R2_UPLOAD_CONCURRENCY)
const results = await Promise.allSettled(
batch.map(async (img) => {
const imageKey = `${userId}/${bookmarkId}/v${version}/images/${img.hash}`
await bucket.put(imageKey, img.bytes, {
httpMetadata: { contentType: img.type },
customMetadata: {
userId,
bookmarkId,
version: version.toString(),
snapshotTimestamp: timestamp.toString(),
},
})
return img
})
)
for (const result of results) {
if (result.status === 'fulfilled') {
uploadedHashes.push(result.value.hash)
totalImageSize += result.value.bytes.length
} else {
console.error('[Snapshot Upload] Image upload failed:', result.reason)
}
}
}
return { uploadedHashes, totalImageSize }
}
/**
* HTML URL
* , O(n*m) replace
*/
export function replaceImagePlaceholders(
html: string,
uploadedHashes: string[],
userId: string,
bookmarkId: string,
version: number,
): string {
if (uploadedHashes.length === 0) return html
const hashSet = new Set(uploadedHashes)
// Match all /api/snapshot-images/{hash} placeholders in one pass
return html.replace(
/\/api\/snapshot-images\/([a-f0-9]+)/g,
(match, hash) => {
if (hashSet.has(hash)) {
return `/api/snapshot-images/${hash}?u=${userId}&b=${bookmarkId}&v=${version}`
}
return match
}
)
}
================================================
FILE: tmarks/functions/api/tab/bookmarks/[id]/snapshots/[snapshotId].ts
================================================
/**
* API
* : /api/tab/bookmarks/:id/snapshots/:snapshotId
* : API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../../../lib/types'
import { success, notFound, internalError } from '../../../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../../../middleware/api-key-auth-pages'
// GET /api/tab/bookmarks/:id/snapshots/:snapshotId -
export const onRequestGet: PagesFunction[] = [
requireApiKeyAuth('bookmarks.read'),
async (context) => {
try {
const userId = context.data.user_id
const bookmarkId = context.params.id as string
const snapshotId = context.params.snapshotId as string
const db = context.env.DB
const bucket = context.env.SNAPSHOTS_BUCKET
if (!bucket) {
return internalError('Storage not configured')
}
//
const snapshot = await db
.prepare(
`SELECT s.*, b.url as bookmark_url
FROM bookmark_snapshots s
JOIN bookmarks b ON s.bookmark_id = b.id
WHERE s.id = ? AND s.bookmark_id = ? AND s.user_id = ?`
)
.bind(snapshotId, bookmarkId, userId)
.first()
if (!snapshot) {
return notFound('Snapshot not found')
}
// R2
const r2Object = await bucket.get(snapshot.r2_key as string)
if (!r2Object) {
return notFound('Snapshot file not found')
}
// HTML
let htmlContent = await r2Object.text()
// data URL ()
const dataUrlCount = (htmlContent.match(/src="data:/g) || []).length
const htmlSize = new Blob([htmlContent]).size
console.log(`[Snapshot API] Retrieved from R2: ${(htmlSize / 1024).toFixed(1)}KB, data URLs: ${dataUrlCount}`)
// CSP meta HTML head ()
const cspMetaTag = '';
if (htmlContent.includes('')) {
htmlContent = htmlContent.replace('', `${cspMetaTag}`);
console.log(`[Snapshot API] Injected CSP meta tag`);
} else if (htmlContent.includes('')) {
htmlContent = htmlContent.replace('', `${cspMetaTag}`);
console.log(`[Snapshot API] Injected CSP meta tag`);
}
// V2 ( /api/snapshot-images/ )
const isV2 = htmlContent.includes('/api/snapshot-images/')
if (isV2) {
const version = (snapshot as Record).version as number || 1
// URL: URL,
let replacedCount = 0
htmlContent = htmlContent.replace(
/\/api\/snapshot-images\/([a-zA-Z0-9._-]+?)(?:\?[^"\s)]*)?(?=["\s)]|$)/g,
(_match: string, hash: string) => {
replacedCount++
// ,()
return `/api/snapshot-images/${hash}?u=${userId}&b=${bookmarkId}&v=${version}`;
}
)
console.log(`[Snapshot API] V2 format detected, normalized ${replacedCount} image URLs`)
}
return new Response(htmlContent, {
headers: {
'Content-Type': 'text/html; charset=utf-8',
'Cache-Control': 'public, max-age=3600',
'X-Content-Type-Options': 'nosniff',
// CSP ()
'Content-Security-Policy': "default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; img-src * data: blob:; font-src * data:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; frame-src *; connect-src *;",
},
})
} catch (error) {
console.error('Get snapshot error:', error)
return internalError('Failed to get snapshot')
}
},
]
// DELETE /api/tab/bookmarks/:id/snapshots/:snapshotId -
export const onRequestDelete: PagesFunction[] = [
requireApiKeyAuth('bookmarks.delete'),
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id as string
const snapshotId = context.params.snapshotId as string
try {
const db = context.env.DB
const bucket = context.env.SNAPSHOTS_BUCKET
if (!bucket) {
return internalError('Storage not configured')
}
//
const snapshot = await db
.prepare(
`SELECT id, r2_key, is_latest
FROM bookmark_snapshots
WHERE id = ? AND bookmark_id = ? AND user_id = ?`
)
.bind(snapshotId, bookmarkId, userId)
.first()
if (!snapshot) {
return notFound('Snapshot not found')
}
// R2
await bucket.delete(snapshot.r2_key as string)
//
await db
.prepare('DELETE FROM bookmark_snapshots WHERE id = ?')
.bind(snapshotId)
.run()
// (1)
await db
.prepare(
`UPDATE bookmarks
SET snapshot_count = MAX(0, snapshot_count - 1)
WHERE id = ?`
)
.bind(bookmarkId)
.run()
// ,
if (snapshot.is_latest) {
const nextLatest = await db
.prepare(
`SELECT id FROM bookmark_snapshots
WHERE bookmark_id = ? AND user_id = ?
ORDER BY version DESC
LIMIT 1`
)
.bind(bookmarkId, userId)
.first()
if (nextLatest) {
await db
.prepare(
`UPDATE bookmark_snapshots
SET is_latest = 1
WHERE id = ?`
)
.bind(nextLatest.id)
.run()
} else {
// ,
await db
.prepare(
`UPDATE bookmarks
SET has_snapshot = 0,
latest_snapshot_at = NULL,
snapshot_count = 0
WHERE id = ?`
)
.bind(bookmarkId)
.run()
}
}
return success({ message: 'Snapshot deleted successfully' })
} catch (error) {
console.error('Delete snapshot error:', error)
return internalError('Failed to delete snapshot')
}
},
]
================================================
FILE: tmarks/functions/api/tab/bookmarks/[id]/snapshots/cleanup.ts
================================================
/**
* API
* : /api/v1/bookmarks/:id/snapshots/cleanup
* : JWT Token
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../../../lib/types'
import { success, badRequest, notFound, internalError } from '../../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../../middleware/auth'
interface CleanupRequest {
keep_count?: number
older_than_days?: number
verify_and_fix?: boolean
}
interface RouteParams {
id: string
}
interface SnapshotRow {
id: string
r2_key: string
file_size: number
}
async function deleteSnapshotRows(
db: D1Database, ids: string[], userId: string,
): Promise {
const placeholders = ids.map(() => '?').join(',')
await db
.prepare(`DELETE FROM bookmark_snapshots WHERE id IN (${placeholders}) AND user_id = ?`)
.bind(...ids, userId)
.run()
}
async function updateBookmarkSnapshotCount(
db: D1Database, bookmarkId: string, userId: string,
): Promise {
const remaining = await db
.prepare(
`SELECT COUNT(*) as count FROM bookmark_snapshots
WHERE bookmark_id = ? AND user_id = ?`,
)
.bind(bookmarkId, userId)
.first()
const remainingCount = (remaining?.count as number) || 0
if (remainingCount === 0) {
await db
.prepare(
`UPDATE bookmarks
SET has_snapshot = 0, latest_snapshot_at = NULL, snapshot_count = 0
WHERE id = ? AND user_id = ?`,
)
.bind(bookmarkId, userId)
.run()
} else {
await db
.prepare(`UPDATE bookmarks SET snapshot_count = ? WHERE id = ? AND user_id = ?`)
.bind(remainingCount, bookmarkId, userId)
.run()
}
}
async function handleVerifyAndFix(
db: D1Database, bucket: R2Bucket, bookmarkId: string, userId: string,
) {
const { results: allSnapshots } = await db
.prepare(
`SELECT id, r2_key, file_size FROM bookmark_snapshots
WHERE bookmark_id = ? AND user_id = ?`,
)
.bind(bookmarkId, userId)
.all()
const orphaned: SnapshotRow[] = []
for (const snapshot of allSnapshots || []) {
try {
const r2Object = await bucket.head(snapshot.r2_key)
if (!r2Object) orphaned.push(snapshot)
} catch {
orphaned.push(snapshot)
}
}
if (orphaned.length === 0) {
return success({
deleted_count: 0,
freed_space: 0,
message: 'All snapshots are valid, no orphaned records found',
})
}
await deleteSnapshotRows(db, orphaned.map((s) => s.id), userId)
await updateBookmarkSnapshotCount(db, bookmarkId, userId)
return success({
deleted_count: orphaned.length,
freed_space: 0,
message: `Fixed ${orphaned.length} orphaned snapshot records`,
})
}
// POST /api/v1/bookmarks/:id/snapshots/cleanup
export const onRequestPost: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id
try {
const body = await context.request.json() as CleanupRequest
const { keep_count, older_than_days, verify_and_fix } = body
const db = context.env.DB
const bucket = context.env.SNAPSHOTS_BUCKET
if (!bucket) {
return internalError('Storage not configured')
}
const bookmark = await db
.prepare('SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NULL')
.bind(bookmarkId, userId)
.first()
if (!bookmark) return notFound('Bookmark not found')
if (verify_and_fix) {
return handleVerifyAndFix(db, bucket, bookmarkId, userId)
}
let toDelete: SnapshotRow[] = []
if (keep_count !== undefined && keep_count >= 0) {
const result = await db
.prepare(
`SELECT id, r2_key, file_size FROM bookmark_snapshots
WHERE bookmark_id = ? AND user_id = ?
ORDER BY version DESC LIMIT -1 OFFSET ?`,
)
.bind(bookmarkId, userId, keep_count)
.all()
toDelete = result.results || []
} else if (older_than_days !== undefined && older_than_days > 0) {
const cutoffDate = new Date()
cutoffDate.setDate(cutoffDate.getDate() - older_than_days)
const result = await db
.prepare(
`SELECT id, r2_key, file_size FROM bookmark_snapshots
WHERE bookmark_id = ? AND user_id = ? AND created_at < ?
ORDER BY version ASC`,
)
.bind(bookmarkId, userId, cutoffDate.toISOString())
.all()
toDelete = result.results || []
} else {
return badRequest('Must specify keep_count or older_than_days')
}
if (toDelete.length === 0) {
return success({ deleted_count: 0, freed_space: 0, message: 'No snapshots to delete' })
}
const freedSpace = toDelete.reduce((sum, s) => sum + (s.file_size as number || 0), 0)
for (const snapshot of toDelete) {
await bucket.delete(snapshot.r2_key as string)
}
await deleteSnapshotRows(db, toDelete.map((s) => s.id), userId)
await updateBookmarkSnapshotCount(db, bookmarkId, userId)
return success({
deleted_count: toDelete.length,
freed_space: freedSpace,
message: `Deleted ${toDelete.length} snapshots`,
})
} catch (error) {
console.error('Cleanup snapshots error:', error)
return internalError('Failed to cleanup snapshots')
}
},
]
================================================
FILE: tmarks/functions/api/tab/bookmarks/[id]/snapshots-v2.ts
================================================
/**
* API V2 -
* : /api/tab/bookmarks/:id/snapshots-v2
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../../lib/types'
import { success, badRequest, notFound, internalError } from '../../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../../middleware/api-key-auth-pages'
import { generateSignedUrl } from '../../../../lib/signed-url'
import { checkR2Quota } from '../../../../lib/storage-quota'
import {
decodeBase64Image,
uploadImagesConcurrently,
replaceImagePlaceholders,
} from './snapshot-upload'
function generateNanoId(): string {
const alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
const randomValues = new Uint8Array(21)
crypto.getRandomValues(randomValues)
let id = ''
for (let i = 0; i < 21; i++) {
id += alphabet[randomValues[i] % alphabet.length]
}
return id
}
async function sha256(content: string): Promise {
const data = new TextEncoder().encode(content)
const hashBuffer = await crypto.subtle.digest('SHA-256', data)
const hashArray = Array.from(new Uint8Array(hashBuffer))
return hashArray.map(b => b.toString(16).padStart(2, '0')).join('')
}
interface CreateSnapshotV2Request {
html_content: string
title: string
url: string
images: Array<{ hash: string; data: string; type: string }>
force?: boolean
}
// POST /api/tab/bookmarks/:id/snapshots-v2 - (V2)
export const onRequestPost: PagesFunction[] = [
requireApiKeyAuth('bookmarks.create'),
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id as string
try {
const body = await context.request.json() as CreateSnapshotV2Request
const { html_content, title, url, images = [], force = false } = body
if (!html_content || !title || !url) {
return badRequest('Missing required fields')
}
const db = context.env.DB
const bucket = context.env.SNAPSHOTS_BUCKET
if (!bucket) {
return internalError('Storage not configured')
}
//
const bookmark = await db
.prepare('SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NULL')
.bind(bookmarkId, userId)
.first()
if (!bookmark) {
return notFound('Bookmark not found')
}
// & ()
const [contentHash, latestSnapshot, versionResult] = await Promise.all([
sha256(html_content),
force ? Promise.resolve(null) : db
.prepare('SELECT content_hash FROM bookmark_snapshots WHERE bookmark_id = ? AND is_latest = 1')
.bind(bookmarkId)
.first(),
db
.prepare('SELECT COALESCE(MAX(version), 0) + 1 as next_version FROM bookmark_snapshots WHERE bookmark_id = ?')
.bind(bookmarkId)
.first(),
])
if (!force && latestSnapshot && latestSnapshot.content_hash === contentHash) {
return success({ message: 'Content unchanged, no new snapshot created', is_duplicate: true })
}
const version = (versionResult && typeof versionResult.next_version === 'number')
? versionResult.next_version
: 1
const timestamp = Date.now()
// 1. (CPU ,)
const decoded = images
.map(decodeBase64Image)
.filter((d): d is NonNullable => d !== null)
// 2. :
const htmlBytes = new TextEncoder().encode(html_content)
const totalImageBytes = decoded.reduce((sum, d) => sum + d.bytes.length, 0)
const totalSize = htmlBytes.length + totalImageBytes
const quota = await checkR2Quota(db, context.env, totalSize)
if (!quota.allowed) {
const usedGB = quota.usedBytes / (1024 * 1024 * 1024)
const limitGB = quota.limitBytes / (1024 * 1024 * 1024)
return badRequest({
code: 'R2_STORAGE_LIMIT_EXCEEDED',
message: `Snapshot storage limit exceeded. Used ${usedGB.toFixed(2)}GB of ${limitGB.toFixed(2)}GB.`,
})
}
// 3. R2(6)
const { uploadedHashes, totalImageSize } = await uploadImagesConcurrently(
decoded, bucket, userId, bookmarkId, version, timestamp
)
// 4. HTML
const processedHtml = replaceImagePlaceholders(
html_content, uploadedHashes, userId, bookmarkId, version
)
// 5. HTML
const htmlKey = `${userId}/${bookmarkId}/snapshot-${timestamp}-v${version}.html`
const processedHtmlBytes = new TextEncoder().encode(processedHtml)
await bucket.put(htmlKey, processedHtmlBytes, {
httpMetadata: { contentType: 'text/html; charset=utf-8' },
customMetadata: {
userId,
bookmarkId,
version: version.toString(),
title,
imageCount: uploadedHashes.length.toString(),
snapshotVersion: '2',
},
})
// 6.
const snapshotId = generateNanoId()
const now = new Date().toISOString()
const finalSize = processedHtmlBytes.length + totalImageSize
await db.batch([
db.prepare(
`INSERT INTO bookmark_snapshots
(id, bookmark_id, user_id, version, is_latest, content_hash,
r2_key, r2_bucket, file_size, mime_type, snapshot_url,
snapshot_title, snapshot_status, created_at, updated_at)
VALUES (?, ?, ?, ?, 1, ?, ?, 'tmarks-snapshots', ?, 'text/html', ?, ?, 'completed', ?, ?)`
).bind(
snapshotId, bookmarkId, userId, version, contentHash,
htmlKey, finalSize, url, title, now, now
),
db.prepare('UPDATE bookmark_snapshots SET is_latest = 0 WHERE bookmark_id = ? AND user_id = ? AND id != ?')
.bind(bookmarkId, userId, snapshotId),
db.prepare(
'UPDATE bookmarks SET has_snapshot = 1, latest_snapshot_at = ?, snapshot_count = snapshot_count + 1 WHERE id = ? AND user_id = ?'
).bind(now, bookmarkId, userId),
])
// URL(24 )
const baseUrl = new URL(context.request.url).origin
const { signature, expires } = await generateSignedUrl(
{ userId, resourceId: snapshotId, expiresIn: 24 * 3600, action: 'view' },
context.env.JWT_SECRET
)
const viewUrl = `${baseUrl}/api/v1/bookmarks/${bookmarkId}/snapshots/${snapshotId}/view?sig=${signature}&exp=${expires}&u=${userId}&a=view`
return success({
snapshot: {
id: snapshotId,
version,
file_size: finalSize,
image_count: uploadedHashes.length,
content_hash: contentHash,
snapshot_title: title,
is_latest: true,
created_at: now,
view_url: viewUrl,
},
message: 'Snapshot created successfully (V2)',
})
} catch (error) {
console.error('[Snapshot V2 API] Error:', error)
return internalError('Failed to create snapshot')
}
},
]
================================================
FILE: tmarks/functions/api/tab/bookmarks/[id]/snapshots.ts
================================================
/**
* API
* : /api/tab/bookmarks/:id/snapshots
* : API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../../lib/types'
import { success, badRequest, notFound, internalError } from '../../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../../middleware/api-key-auth-pages'
import { checkR2Quota } from '../../../../lib/storage-quota'
// nanoid ID(21 )
function generateNanoId(): string {
const alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
const length = 21
const randomValues = new Uint8Array(length)
crypto.getRandomValues(randomValues)
let id = ''
for (let i = 0; i < length; i++) {
id += alphabet[randomValues[i] % alphabet.length]
}
return id
}
// Web Crypto API SHA-256
async function sha256(content: string): Promise {
const encoder = new TextEncoder()
const data = encoder.encode(content)
const hashBuffer = await crypto.subtle.digest('SHA-256', data)
const hashArray = Array.from(new Uint8Array(hashBuffer))
return hashArray.map(b => b.toString(16).padStart(2, '0')).join('')
}
interface CreateSnapshotRequest {
html_content: string
title: string
url: string
force?: boolean
}
//
const MAX_SNAPSHOT_SIZE = 50 * 1024 * 1024 // 50MB
// GET /api/tab/bookmarks/:id/snapshots -
export const onRequestGet: PagesFunction[] = [
requireApiKeyAuth('bookmarks.read'),
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id
try {
const db = context.env.DB
//
const bookmark = await db
.prepare('SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NULL')
.bind(bookmarkId, userId)
.first()
if (!bookmark) {
return notFound('Bookmark not found')
}
//
const snapshots = await db
.prepare(
`SELECT id, version, file_size, content_hash, snapshot_title,
is_latest, created_at
FROM bookmark_snapshots
WHERE bookmark_id = ? AND user_id = ?
ORDER BY version DESC`
)
.bind(bookmarkId, userId)
.all()
return success({
snapshots: snapshots.results || [],
total: snapshots.results?.length || 0,
})
} catch (error) {
console.error('Get snapshots error:', error)
return internalError('Failed to get snapshots')
}
},
]
// POST /api/tab/bookmarks/:id/snapshots -
export const onRequestPost: PagesFunction[] = [
requireApiKeyAuth('bookmarks.create'),
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id
try {
const body = await context.request.json() as CreateSnapshotRequest
const { html_content, title, url, force = false } = body
if (!html_content || !title || !url) {
return badRequest('Missing required fields')
}
//
const originalSize = new Blob([html_content]).size
if (originalSize > MAX_SNAPSHOT_SIZE) {
return badRequest(
`Snapshot too large (${(originalSize / 1024 / 1024).toFixed(2)}MB). Maximum size is ${MAX_SNAPSHOT_SIZE / 1024 / 1024}MB.`
)
}
// data URL ()
const dataUrlCount = (html_content.match(/src="data:/g) || []).length
console.log(`[Snapshot API] Received HTML: ${(originalSize / 1024).toFixed(1)}KB, data URLs: ${dataUrlCount}`)
const db = context.env.DB
const bucket = context.env.SNAPSHOTS_BUCKET
if (!bucket) {
return internalError('Storage not configured')
}
//
const bookmark = await db
.prepare('SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NULL')
.bind(bookmarkId, userId)
.first()
if (!bookmark) {
return notFound('Bookmark not found')
}
//
const contentHash = await sha256(html_content)
// ()
if (!force) {
const latestSnapshot = await db
.prepare(
`SELECT content_hash FROM bookmark_snapshots
WHERE bookmark_id = ? AND is_latest = 1`
)
.bind(bookmarkId)
.first()
if (latestSnapshot && latestSnapshot.content_hash === contentHash) {
return success({
message: 'Content unchanged, no new snapshot created',
is_duplicate: true,
})
}
}
//
const versionResult = await db
.prepare(
`SELECT COALESCE(MAX(version), 0) + 1 as next_version
FROM bookmark_snapshots
WHERE bookmark_id = ?`
)
.bind(bookmarkId)
.first()
const version = versionResult?.next_version as number || 1
// R2
const timestamp = Date.now()
const r2Key = `${userId}/${bookmarkId}/snapshot-${timestamp}-v${version}.html`
// HTML UTF-8
const encoder = new TextEncoder()
const htmlBytes = encoder.encode(html_content)
console.log(`[Snapshot API] Encoded to UTF-8: ${(htmlBytes.length / 1024).toFixed(1)}KB`)
//
const quota = await checkR2Quota(db, context.env, htmlBytes.length)
if (!quota.allowed) {
const usedGB = quota.usedBytes / (1024 * 1024 * 1024)
const limitGB = quota.limitBytes / (1024 * 1024 * 1024)
return badRequest({
code: 'R2_STORAGE_LIMIT_EXCEEDED',
message: `Snapshot storage limit exceeded. Used ${usedGB.toFixed(2)}GB of ${limitGB.toFixed(2)}GB. Please delete some snapshots or images and try again.`,
})
}
// UTF-8 R2
await bucket.put(r2Key, htmlBytes, {
httpMetadata: {
contentType: 'text/html; charset=utf-8',
},
customMetadata: {
userId,
bookmarkId,
version: version.toString(),
title,
fileSize: htmlBytes.length.toString(),
dataUrlCount: dataUrlCount.toString(),
},
})
console.log(`[Snapshot API] Uploaded to R2: ${r2Key}`)
const snapshotId = generateNanoId()
const now = new Date().toISOString()
// ( INSERT ,)
const batch = [
// ,
db.prepare(
`INSERT INTO bookmark_snapshots
(id, bookmark_id, user_id, version, is_latest, content_hash,
r2_key, r2_bucket, file_size, mime_type, snapshot_url,
snapshot_title, snapshot_status, created_at, updated_at)
VALUES (?, ?, ?,
(SELECT COALESCE(MAX(version), 0) + 1 FROM bookmark_snapshots WHERE bookmark_id = ?),
1, ?, ?, 'tmarks-snapshots', ?, 'text/html', ?, ?, 'completed', ?, ?)`
).bind(
snapshotId,
bookmarkId,
userId,
bookmarkId,
contentHash,
r2Key,
originalSize,
url,
title,
now,
now
),
// is_latest
db.prepare(
`UPDATE bookmark_snapshots
SET is_latest = 0
WHERE bookmark_id = ? AND id != ?`
).bind(bookmarkId, snapshotId),
// ()
db.prepare(
`UPDATE bookmarks
SET has_snapshot = 1,
latest_snapshot_at = ?,
snapshot_count = snapshot_count + 1
WHERE id = ?`
).bind(now, bookmarkId),
]
await db.batch(batch)
//
await cleanupOldSnapshots(db, bucket, bookmarkId, userId)
return success({
snapshot: {
id: snapshotId,
version,
file_size: originalSize,
content_hash: contentHash,
created_at: now,
},
message: 'Snapshot created successfully',
})
} catch (error) {
console.error('Create snapshot error:', error)
return internalError('Failed to create snapshot')
}
},
]
//
async function cleanupOldSnapshots(
db: D1Database,
bucket: R2Bucket,
bookmarkId: string,
userId: string
) {
try {
//
const bookmarkSettings = await db
.prepare('SELECT snapshot_retention_count FROM bookmarks WHERE id = ?')
.bind(bookmarkId)
.first()
const userSettings = await db
.prepare('SELECT snapshot_retention_count FROM user_preferences WHERE user_id = ?')
.bind(userId)
.first()
const retentionCount =
(bookmarkSettings?.snapshot_retention_count as number | null) ??
(userSettings?.snapshot_retention_count as number | null) ??
5
// -1
if (retentionCount === -1) {
return
}
//
const toDelete = await db
.prepare(
`SELECT id, r2_key
FROM bookmark_snapshots
WHERE bookmark_id = ? AND user_id = ?
ORDER BY version DESC
LIMIT -1 OFFSET ?`
)
.bind(bookmarkId, userId, retentionCount)
.all()
if (!toDelete.results || toDelete.results.length === 0) {
return
}
// R2 ()
const deletedIds: unknown[] = []
for (const snapshot of toDelete.results) {
try {
await bucket.delete(snapshot.r2_key as string)
deletedIds.push(snapshot.id)
} catch (error) {
console.error('Failed to delete R2 file:', snapshot.r2_key, error)
}
}
if (deletedIds.length === 0) return
// R2
const placeholders = deletedIds.map(() => '?').join(',')
await db
.prepare(`DELETE FROM bookmark_snapshots WHERE id IN (${placeholders})`)
.bind(...deletedIds)
.run()
} catch (error) {
console.error('Cleanup snapshots error:', error)
}
}
================================================
FILE: tmarks/functions/api/tab/bookmarks/[id]/trash.ts
================================================
/**
* API -
* : /api/tab/bookmarks/:id/trash
* : API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../lib/types'
import { success, notFound, internalError } from '../../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../../middleware/api-key-auth-pages'
// PATCH /api/tab/bookmarks/:id/trash - ()
export const onRequestPatch: PagesFunction[] = [
requireApiKeyAuth('bookmarks.delete'),
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id
try {
//
const existing = await context.env.DB.prepare(
'SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NULL'
)
.bind(bookmarkId, userId)
.first()
if (!existing) {
return notFound('Bookmark not found')
}
const now = new Date().toISOString()
// : deleted_at
await context.env.DB.prepare(
'UPDATE bookmarks SET deleted_at = ?, updated_at = ? WHERE id = ?'
)
.bind(now, now, bookmarkId)
.run()
return success({ message: 'Bookmark moved to trash' })
} catch (error) {
console.error('Trash bookmark error:', error)
return internalError('Failed to trash bookmark')
}
},
]
================================================
FILE: tmarks/functions/api/tab/bookmarks/[id].ts
================================================
/**
* API -
* : /api/tab/bookmarks/:id
* : API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, BookmarkRow, RouteParams, SQLParam } from '../../../lib/types'
import { success, badRequest, notFound, noContent, internalError } from '../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../middleware/api-key-auth-pages'
import { isValidUrl, sanitizeString } from '../../../lib/validation'
import { normalizeBookmark } from '../../../lib/bookmark-utils'
import { getValidTagIds, replaceBookmarkTags, replaceBookmarkTagsByNames } from '../../../lib/tags'
import { invalidatePublicShareCache } from '../../shared/cache'
interface UpdateBookmarkRequest {
title?: string
url?: string
description?: string
cover_image?: string
favicon?: string
tag_ids?: string[] // : ID
tags?: string[] // :()
is_pinned?: boolean
is_archived?: boolean
is_public?: boolean
}
// GET /api/bookmarks/:id -
export const onRequestGet: PagesFunction[] = [
requireApiKeyAuth('bookmarks.read'),
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id
try {
const bookmarkRow = await context.env.DB.prepare(
'SELECT * FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NULL'
)
.bind(bookmarkId, userId)
.first()
if (!bookmarkRow) {
return notFound('Bookmark not found')
}
const { results: tags } = await context.env.DB.prepare(
`SELECT t.id, t.name, t.color
FROM tags t
INNER JOIN bookmark_tags bt ON t.id = bt.tag_id
WHERE bt.bookmark_id = ? AND bt.user_id = ? AND t.deleted_at IS NULL`
)
.bind(bookmarkId, userId)
.all<{ id: string; name: string; color: string | null }>()
const snapshotCountResult = await context.env.DB.prepare(
`SELECT COUNT(*) as count FROM bookmark_snapshots WHERE bookmark_id = ? AND user_id = ?`
)
.bind(bookmarkId, userId)
.first<{ count: number }>()
const snapshotCount = snapshotCountResult?.count || 0
await invalidatePublicShareCache(context.env, userId)
return success({
bookmark: {
...normalizeBookmark(bookmarkRow),
tags: tags || [],
snapshot_count: snapshotCount,
has_snapshot: snapshotCount > 0,
},
})
} catch (error) {
console.error('Get bookmark error:', error)
return internalError('Failed to get bookmark')
}
},
]
// PATCH /api/bookmarks/:id -
export const onRequestPatch: PagesFunction[] = [
requireApiKeyAuth('bookmarks.update'),
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id
try {
const existing = await context.env.DB.prepare(
'SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NULL'
)
.bind(bookmarkId, userId)
.first()
if (!existing) {
return notFound('Bookmark not found')
}
const body = (await context.request.json()) as UpdateBookmarkRequest
const updates: string[] = []
const values: SQLParam[] = []
if (body.title !== undefined) {
if (!body.title.trim()) return badRequest('Title cannot be empty')
updates.push('title = ?')
values.push(sanitizeString(body.title, 500))
}
if (body.url !== undefined) {
if (!body.url.trim()) return badRequest('URL cannot be empty')
if (!isValidUrl(body.url)) return badRequest('Invalid URL format')
updates.push('url = ?')
values.push(sanitizeString(body.url, 2000))
}
if (body.description !== undefined) {
updates.push('description = ?')
values.push(body.description ? sanitizeString(body.description, 1000) : null)
}
if (body.cover_image !== undefined) {
updates.push('cover_image = ?')
values.push(body.cover_image ? sanitizeString(body.cover_image, 2000) : null)
}
if (body.favicon !== undefined) {
updates.push('favicon = ?')
values.push(body.favicon ? sanitizeString(body.favicon, 2000) : null)
}
if (body.is_pinned !== undefined) {
updates.push('is_pinned = ?')
values.push(body.is_pinned ? 1 : 0)
}
if (body.is_archived !== undefined) {
updates.push('is_archived = ?')
values.push(body.is_archived ? 1 : 0)
}
if (body.is_public !== undefined) {
updates.push('is_public = ?')
values.push(body.is_public ? 1 : 0)
}
const now = new Date().toISOString()
if (updates.length > 0) {
updates.push('updated_at = ?')
values.push(now)
values.push(bookmarkId, userId)
await context.env.DB.prepare(
`UPDATE bookmarks SET ${updates.join(', ')} WHERE id = ? AND user_id = ?`
)
.bind(...values)
.run()
}
if (body.tags !== undefined) {
await replaceBookmarkTagsByNames(context.env.DB, bookmarkId, body.tags, userId, now)
} else if (body.tag_ids !== undefined) {
const validTagIds = await getValidTagIds(context.env.DB, userId, body.tag_ids)
await replaceBookmarkTags(context.env.DB, bookmarkId, userId, validTagIds, now)
}
const bookmarkRow = await context.env.DB.prepare(
'SELECT * FROM bookmarks WHERE id = ? AND user_id = ?'
)
.bind(bookmarkId, userId)
.first()
const { results: tags } = await context.env.DB.prepare(
`SELECT t.id, t.name, t.color
FROM tags t
INNER JOIN bookmark_tags bt ON t.id = bt.tag_id
WHERE bt.bookmark_id = ? AND bt.user_id = ?`
)
.bind(bookmarkId, userId)
.all<{ id: string; name: string; color: string | null }>()
if (!bookmarkRow) {
return internalError('Failed to load bookmark after update')
}
return success({
bookmark: {
...normalizeBookmark(bookmarkRow),
tags: tags || [],
},
})
} catch (error) {
console.error('Update bookmark error:', error)
return internalError('Failed to update bookmark')
}
},
]
// DELETE /api/bookmarks/:id -
export const onRequestDelete: PagesFunction[] = [
requireApiKeyAuth('bookmarks.delete'),
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id
try {
const existing = await context.env.DB.prepare(
'SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NULL'
)
.bind(bookmarkId, userId)
.first()
if (!existing) {
return notFound('Bookmark not found')
}
const now = new Date().toISOString()
await context.env.DB.prepare(
'UPDATE bookmarks SET deleted_at = ?, updated_at = ? WHERE id = ? AND user_id = ?'
)
.bind(now, now, bookmarkId, userId)
.run()
await invalidatePublicShareCache(context.env, userId)
return noContent()
} catch (error) {
console.error('Delete bookmark error:', error)
return internalError('Failed to delete bookmark')
}
},
]
================================================
FILE: tmarks/functions/api/tab/bookmarks/batch/index.ts
================================================
/**
* API
* : /api/tab/bookmarks/batch
* : API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../lib/types'
import { success, badRequest, internalError } from '../../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../../middleware/api-key-auth-pages'
import { isValidUrl, sanitizeString } from '../../../../lib/validation'
import { generateUUID } from '../../../../lib/crypto'
import { invalidatePublicShareCache } from '../../../shared/cache'
import { replaceBookmarkTags, replaceBookmarkTagsByNames } from '../../../../lib/tags'
interface BatchCreateBookmarkItem {
title: string
url: string
description?: string
cover_image?: string
favicon?: string
tags?: string[]
is_pinned?: boolean
is_archived?: boolean
is_public?: boolean
}
interface BatchCreateRequest {
bookmarks: BatchCreateBookmarkItem[]
}
interface BatchCreateResult {
success: number
failed: number
skipped: number
total: number
errors?: Array<{
index: number
url: string
error: string
}>
created_bookmarks: Array<{
id: string
url: string
title: string
}>
}
/**
* GET /api/tab/bookmarks/batch
*/
export const onRequestGet: PagesFunction[] = [
async () => {
return new Response(JSON.stringify({
error: {
code: 'METHOD_NOT_ALLOWED',
message: 'GET method is not supported for batch operations. Use POST instead.'
}
}), {
status: 405,
headers: {
'Content-Type': 'application/json',
'Allow': 'POST'
}
})
}
]
/**
* POST /api/tab/bookmarks/batch
*
*/
export const onRequestPost: PagesFunction[] = [
requireApiKeyAuth('bookmarks.create'),
async (context) => {
const userId = context.data.user_id
try {
const body = (await context.request.json()) as BatchCreateRequest
if (!body.bookmarks || !Array.isArray(body.bookmarks) || body.bookmarks.length === 0) {
return badRequest('bookmarks array is required and cannot be empty')
}
if (body.bookmarks.length > 100) {
return badRequest('Cannot create more than 100 bookmarks at once')
}
const result: BatchCreateResult = {
success: 0,
failed: 0,
skipped: 0,
total: body.bookmarks.length,
errors: [],
created_bookmarks: []
}
const now = new Date().toISOString()
for (let i = 0; i < body.bookmarks.length; i++) {
const item = body.bookmarks[i]
try {
if (!item.title || !item.url) {
result.failed++
result.errors!.push({ index: i, url: item.url || '', error: 'Title and URL are required' })
continue
}
if (!isValidUrl(item.url)) {
result.failed++
result.errors!.push({ index: i, url: item.url, error: 'Invalid URL format' })
continue
}
const title = sanitizeString(item.title, 500)
const url = sanitizeString(item.url, 2000)
const description = item.description ? sanitizeString(item.description, 1000) : null
const coverImage = item.cover_image ? sanitizeString(item.cover_image, 2000) : null
const favicon = item.favicon ? sanitizeString(item.favicon, 2000) : null
const isPinned = item.is_pinned ? 1 : 0
const isArchived = item.is_archived ? 1 : 0
const isPublic = item.is_public ? 1 : 0
const existing = await context.env.DB.prepare(
'SELECT id, deleted_at FROM bookmarks WHERE user_id = ? AND url = ?'
)
.bind(userId, url)
.first<{ id: string; deleted_at: string | null }>()
const restoredDeletedBookmark = Boolean(existing?.deleted_at)
let bookmarkId: string
if (existing) {
if (!existing.deleted_at) {
result.skipped++
continue
}
bookmarkId = existing.id
await context.env.DB.prepare(
`UPDATE bookmarks
SET title = ?, description = ?, cover_image = ?, favicon = ?,
is_pinned = ?, is_archived = ?, is_public = ?,
deleted_at = NULL, updated_at = ?
WHERE id = ? AND user_id = ?`
)
.bind(title, description, coverImage, favicon, isPinned, isArchived, isPublic, now, bookmarkId, userId)
.run()
} else {
bookmarkId = generateUUID()
await context.env.DB.prepare(
`INSERT INTO bookmarks (id, user_id, title, url, description, cover_image, cover_image_id, favicon, is_pinned, is_archived, is_public, created_at, updated_at)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
)
.bind(bookmarkId, userId, title, url, description, coverImage, null, favicon, isPinned, isArchived, isPublic, now, now)
.run()
}
if (item.tags !== undefined) {
await replaceBookmarkTagsByNames(context.env.DB, bookmarkId, item.tags, userId, now)
} else if (restoredDeletedBookmark) {
await replaceBookmarkTags(context.env.DB, bookmarkId, userId, [], now)
}
result.success++
result.created_bookmarks.push({ id: bookmarkId, url, title })
} catch (error) {
result.failed++
result.errors!.push({ index: i, url: item.url || '', error: 'Failed to create bookmark' })
console.error(`[Batch Create] Failed to create bookmark ${i}:`, error)
}
}
if (result.errors!.length === 0) {
delete result.errors
}
if (result.success > 0) {
await context.env.DB.prepare(
`UPDATE tags
SET usage_count = (
SELECT COUNT(*) FROM bookmark_tags
WHERE tag_id = tags.id AND user_id = ?
)
WHERE user_id = ? AND deleted_at IS NULL`
)
.bind(userId, userId)
.run()
}
await context.env.DB.prepare(
`INSERT INTO audit_logs (user_id, event_type, payload, created_at)
VALUES (?, 'batch_create_bookmarks', ?, datetime('now'))`
)
.bind(userId, JSON.stringify({
total: result.total,
success: result.success,
failed: result.failed,
skipped: result.skipped
}))
.run()
await invalidatePublicShareCache(context.env, userId)
return success(result)
} catch (error) {
console.error('Batch create bookmarks error:', error)
return internalError('Failed to batch create bookmarks')
}
}
]
================================================
FILE: tmarks/functions/api/tab/bookmarks/batch-handler.ts
================================================
/**
*/
import type { EventContext } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../lib/types'
import type { ApiKeyAuthContext } from '../../../middleware/api-key-auth-pages'
import { success, badRequest } from '../../../lib/response'
import { isValidUrl, sanitizeString } from '../../../lib/validation'
import { generateUUID } from '../../../lib/crypto'
import { replaceBookmarkTags, replaceBookmarkTagsByNames } from '../../../lib/tags'
import { invalidatePublicShareCache } from '../../shared/cache'
interface BatchCreateBookmarkItem {
title: string
url: string
description?: string
cover_image?: string
favicon?: string
tags?: string[]
is_pinned?: boolean
is_archived?: boolean
is_public?: boolean
}
interface BatchCreateResult {
success: number
failed: number
skipped: number
total: number
errors?: Array<{
index: number
url: string
error: string
}>
created_bookmarks: Array<{
id: string
url: string
title: string
}>
}
export async function batchCreateBookmarks(
context: EventContext,
userId: string,
bookmarks: BatchCreateBookmarkItem[]
): Promise {
console.log('[Batch Handler] Starting batch create')
console.log('[Batch Handler] User ID:', userId)
console.log('[Batch Handler] Bookmarks count:', bookmarks?.length)
if (!bookmarks || !Array.isArray(bookmarks) || bookmarks.length === 0) {
return badRequest('bookmarks array is required and cannot be empty')
}
//
if (bookmarks.length > 100) {
return badRequest('Cannot create more than 100 bookmarks at once')
}
const result: BatchCreateResult = {
success: 0,
failed: 0,
skipped: 0,
total: bookmarks.length,
errors: [],
created_bookmarks: []
}
const now = new Date().toISOString()
//
for (let i = 0; i < bookmarks.length; i++) {
const item = bookmarks[i]
try {
//
if (!item.title || !item.url) {
result.failed++
result.errors!.push({
index: i,
url: item.url || '',
error: 'Title and URL are required'
})
continue
}
// URL
if (!isValidUrl(item.url)) {
result.failed++
result.errors!.push({
index: i,
url: item.url,
error: 'Invalid URL format'
})
continue
}
const title = sanitizeString(item.title, 500)
const url = sanitizeString(item.url, 2000)
const description = item.description ? sanitizeString(item.description, 1000) : null
const coverImage = item.cover_image ? sanitizeString(item.cover_image, 2000) : null
const favicon = item.favicon ? sanitizeString(item.favicon, 2000) : null
const isPinned = item.is_pinned ? 1 : 0
const isArchived = item.is_archived ? 1 : 0
const isPublic = item.is_public ? 1 : 0
const existing = await context.env.DB.prepare(
'SELECT id, deleted_at FROM bookmarks WHERE user_id = ? AND url = ?'
)
.bind(userId, url)
.first<{ id: string; deleted_at: string | null }>()
const restoredDeletedBookmark = Boolean(existing?.deleted_at)
let bookmarkId: string
if (existing) {
if (!existing.deleted_at) {
// ,
result.skipped++
continue
}
//
bookmarkId = existing.id
await context.env.DB.prepare(
`UPDATE bookmarks
SET title = ?, description = ?, cover_image = ?, favicon = ?,
is_pinned = ?, is_archived = ?, is_public = ?,
deleted_at = NULL, updated_at = ?
WHERE id = ? AND user_id = ?`
)
.bind(
title,
description,
coverImage,
favicon,
isPinned,
isArchived,
isPublic,
now,
bookmarkId,
userId
)
.run()
} else {
bookmarkId = generateUUID()
await context.env.DB.prepare(
`INSERT INTO bookmarks (id, user_id, title, url, description, cover_image, cover_image_id, favicon, is_pinned, is_archived, is_public, created_at, updated_at)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
)
.bind(
bookmarkId,
userId,
title,
url,
description,
coverImage,
null, // cover_image_id
favicon,
isPinned,
isArchived,
isPublic,
now,
now
)
.run()
}
//
if (item.tags !== undefined) {
await replaceBookmarkTagsByNames(context.env.DB, bookmarkId, item.tags, userId, now)
} else if (restoredDeletedBookmark) {
await replaceBookmarkTags(context.env.DB, bookmarkId, userId, [], now)
}
result.success++
result.created_bookmarks.push({
id: bookmarkId,
url,
title
})
} catch (error) {
result.failed++
console.error(`[Batch Handler] Failed to create bookmark ${i}:`, error)
result.errors!.push({
index: i,
url: item.url || '',
error: 'Failed to create bookmark'
})
}
}
if (result.errors!.length === 0) {
delete result.errors
}
// usage_count
if (result.success > 0) {
await context.env.DB.prepare(
`UPDATE tags
SET usage_count = (
SELECT COUNT(*) FROM bookmark_tags
WHERE tag_id = tags.id AND user_id = ?
)
WHERE user_id = ? AND deleted_at IS NULL`
)
.bind(userId, userId)
.run()
}
//
await invalidatePublicShareCache(context.env, userId)
console.log('[Batch Handler] Complete:', result)
return success(result)
}
================================================
FILE: tmarks/functions/api/tab/bookmarks/bookmark-batch.ts
================================================
import type { D1Database } from '../../../lib/types'
import { isValidUrl, sanitizeString } from '../../../lib/validation'
import { generateUUID } from '../../../lib/crypto'
import { replaceBookmarkTags, replaceBookmarkTagsByNames } from '../../../lib/tags'
export type BatchCreateResult = {
success: number
failed: number
skipped: number
total: number
errors?: Array<{ index: number; url: string; error: string }>
created_bookmarks: Array<{ id: string; url: string; title: string }>
}
export async function handleBatchCreate(
db: D1Database,
userId: string,
bookmarks: Array<{
title: string
url: string
description?: string
cover_image?: string
favicon?: string
tags?: string[]
is_pinned?: boolean
is_archived?: boolean
is_public?: boolean
}>,
now: string
): Promise {
const result: BatchCreateResult = {
success: 0,
failed: 0,
skipped: 0,
total: bookmarks.length,
errors: [],
created_bookmarks: [],
}
for (let i = 0; i < bookmarks.length; i++) {
const item = bookmarks[i]
try {
if (!item.title || !item.url) {
result.failed++
result.errors.push({
index: i,
url: item.url || '',
error: 'Title and URL are required',
})
continue
}
if (!isValidUrl(item.url)) {
result.failed++
result.errors.push({
index: i,
url: item.url,
error: 'Invalid URL format',
})
continue
}
const title = sanitizeString(item.title, 500)
const url = sanitizeString(item.url, 2000)
const description = item.description ? sanitizeString(item.description, 1000) : null
const coverImage = item.cover_image ? sanitizeString(item.cover_image, 2000) : null
const favicon = item.favicon ? sanitizeString(item.favicon, 2000) : null
const isPinned = item.is_pinned ? 1 : 0
const isArchived = item.is_archived ? 1 : 0
const isPublic = item.is_public ? 1 : 0
const existing = await db.prepare(
'SELECT id, deleted_at FROM bookmarks WHERE user_id = ? AND url = ?'
)
.bind(userId, url)
.first<{ id: string; deleted_at: string | null }>()
const restoredDeletedBookmark = Boolean(existing?.deleted_at)
let bookmarkId: string
if (existing) {
if (!existing.deleted_at) {
result.skipped++
continue
}
bookmarkId = existing.id
await db.prepare(
`UPDATE bookmarks
SET title = ?, description = ?, cover_image = ?, favicon = ?,
is_pinned = ?, is_archived = ?, is_public = ?,
deleted_at = NULL, updated_at = ?
WHERE id = ? AND user_id = ?`
)
.bind(title, description, coverImage, favicon, isPinned, isArchived, isPublic, now, bookmarkId, userId)
.run()
} else {
bookmarkId = generateUUID()
await db.prepare(
`INSERT INTO bookmarks (id, user_id, title, url, description, cover_image, cover_image_id, favicon, is_pinned, is_archived, is_public, created_at, updated_at)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
)
.bind(bookmarkId, userId, title, url, description, coverImage, null, favicon, isPinned, isArchived, isPublic, now, now)
.run()
}
if (item.tags !== undefined) {
await replaceBookmarkTagsByNames(db, bookmarkId, item.tags, userId, now)
} else if (restoredDeletedBookmark) {
await replaceBookmarkTags(db, bookmarkId, userId, [], now)
}
result.success++
result.created_bookmarks.push({ id: bookmarkId, url, title })
} catch (error) {
result.failed++
result.errors.push({
index: i,
url: item.url || '',
error: 'Failed to create bookmark',
})
console.error(`[Batch] Failed to create bookmark ${i}:`, error)
}
}
if (result.errors.length === 0) {
delete result.errors
}
if (result.success > 0) {
await db.prepare(
`UPDATE tags
SET usage_count = (
SELECT COUNT(*) FROM bookmark_tags
WHERE tag_id = tags.id AND user_id = ?
)
WHERE user_id = ? AND deleted_at IS NULL`
)
.bind(userId, userId)
.run()
}
return result
}
================================================
FILE: tmarks/functions/api/tab/bookmarks/bookmark-list.ts
================================================
import type { Bookmark, BookmarkRow, SQLParam, D1Database } from '../../../lib/types'
export interface BookmarkWithTags extends Bookmark {
tags: Array<{ id: string; name: string; color: string | null }>
}
export interface BookmarkListRow extends BookmarkRow {
pin_order?: number | null
}
export interface BookmarkPageCursor {
id: string
isPinned: boolean
pinOrder: number | null
sortValue: string
}
export function parseBookmarkPageCursor(raw: string | null): BookmarkPageCursor | null {
if (!raw) return null
try {
const parsed = JSON.parse(raw) as Partial
if (
typeof parsed?.id === 'string' &&
typeof parsed?.isPinned === 'boolean' &&
typeof parsed?.sortValue === 'string' &&
(typeof parsed?.pinOrder === 'number' || parsed?.pinOrder === null || parsed?.pinOrder === undefined)
) {
return {
id: parsed.id,
isPinned: parsed.isPinned,
pinOrder: typeof parsed.pinOrder === 'number' ? parsed.pinOrder : null,
sortValue: parsed.sortValue,
}
}
} catch {
return null
}
return null
}
export function createBookmarkPageCursor(row: BookmarkListRow, sortBy: 'created' | 'updated' | 'pinned'): string {
return JSON.stringify({
id: row.id,
isPinned: Boolean(row.is_pinned),
pinOrder: row.is_pinned ? Number(row.pin_order ?? 0) : null,
sortValue: sortBy === 'updated' ? row.updated_at : row.created_at,
} satisfies BookmarkPageCursor)
}
export function buildBookmarkListQuery(
userId: string,
url: URL
): { query: string; params: SQLParam[]; pageSize: number; sortBy: 'created' | 'updated' | 'pinned' } {
const keyword = url.searchParams.get('keyword')
const tags = url.searchParams.get('tags')
const pageSize = Math.max(1, Math.min(parseInt(url.searchParams.get('page_size') || '100') || 100, 200))
const pageCursor = url.searchParams.get('page_cursor')
const parsedCursor = parseBookmarkPageCursor(pageCursor)
const sortBy = (url.searchParams.get('sort') as 'created' | 'updated' | 'pinned') || 'created'
const pinnedParam = url.searchParams.get('pinned')
const pinned = pinnedParam ? pinnedParam === 'true' : undefined
const sortField = sortBy === 'updated' ? 'b.updated_at' : 'b.created_at'
//
let query = `
SELECT DISTINCT b.*
FROM bookmarks b
WHERE b.user_id = ? AND b.deleted_at IS NULL
`
const params: SQLParam[] = [userId]
//
if (pinned !== undefined) {
query += ` AND b.is_pinned = ?`
params.push(pinned ? 1 : 0)
}
if (keyword) {
query += ` AND (b.title LIKE ? OR b.description LIKE ? OR b.url LIKE ?)`
const searchPattern = `%${keyword}%`
params.push(searchPattern, searchPattern, searchPattern)
}
// (:)
if (tags) {
const tagIds = tags.split(',').filter(Boolean)
if (tagIds.length > 0) {
query += ` AND b.id IN (
SELECT bt.bookmark_id
FROM bookmark_tags bt
WHERE bt.tag_id IN (${tagIds.map(() => '?').join(',')})
GROUP BY bt.bookmark_id
HAVING COUNT(DISTINCT bt.tag_id) = ?
)`
params.push(...tagIds, tagIds.length)
}
}
//
if (parsedCursor) {
if (pinned === true) {
query += ` AND (
b.pin_order > ?
OR (b.pin_order = ? AND (${sortField} < ? OR (${sortField} = ? AND b.id < ?)))
)`
params.push(
parsedCursor.pinOrder ?? 0,
parsedCursor.pinOrder ?? 0,
parsedCursor.sortValue,
parsedCursor.sortValue,
parsedCursor.id
)
} else if (pinned === false) {
query += ` AND (
${sortField} < ?
OR (${sortField} = ? AND b.id < ?)
)`
params.push(parsedCursor.sortValue, parsedCursor.sortValue, parsedCursor.id)
} else if (parsedCursor.isPinned) {
query += ` AND (
b.is_pinned = 0
OR (
b.is_pinned = 1 AND (
b.pin_order > ?
OR (b.pin_order = ? AND (${sortField} < ? OR (${sortField} = ? AND b.id < ?)))
)
)
)`
params.push(
parsedCursor.pinOrder ?? 0,
parsedCursor.pinOrder ?? 0,
parsedCursor.sortValue,
parsedCursor.sortValue,
parsedCursor.id
)
} else {
query += ` AND b.is_pinned = 0 AND (
${sortField} < ?
OR (${sortField} = ? AND b.id < ?)
)`
params.push(parsedCursor.sortValue, parsedCursor.sortValue, parsedCursor.id)
}
} else if (pageCursor) {
query += ` AND b.id < ?`
params.push(pageCursor)
}
let orderBy = ''
switch (sortBy) {
case 'updated':
orderBy = 'ORDER BY b.is_pinned DESC, CASE WHEN b.is_pinned = 1 THEN b.pin_order ELSE NULL END ASC, b.updated_at DESC, b.id DESC'
break
case 'pinned':
orderBy = 'ORDER BY b.is_pinned DESC, CASE WHEN b.is_pinned = 1 THEN b.pin_order ELSE NULL END ASC, b.created_at DESC, b.id DESC'
break
case 'created':
default:
orderBy = 'ORDER BY b.is_pinned DESC, CASE WHEN b.is_pinned = 1 THEN b.pin_order ELSE NULL END ASC, b.created_at DESC, b.id DESC'
break
}
query += ` ${orderBy} LIMIT ?`
params.push(pageSize + 1)
return { query, params, pageSize, sortBy }
}
export async function fetchBookmarkTags(
db: D1Database,
bookmarkIds: string[]
): Promise>> {
const tagsByBookmarkId = new Map>()
if (bookmarkIds.length === 0) return tagsByBookmarkId
const placeholders = bookmarkIds.map(() => '?').join(',')
const { results: tagResults } = await db.prepare(
`SELECT
bt.bookmark_id,
t.id,
t.name,
t.color
FROM tags t
INNER JOIN bookmark_tags bt ON t.id = bt.tag_id
WHERE bt.bookmark_id IN (${placeholders})
AND t.deleted_at IS NULL
ORDER BY bt.bookmark_id, t.name`
)
.bind(...bookmarkIds)
.all<{ bookmark_id: string; id: string; name: string; color: string | null }>()
const allTags = tagResults ?? []
for (const tag of allTags) {
if (!tagsByBookmarkId.has(tag.bookmark_id)) {
tagsByBookmarkId.set(tag.bookmark_id, [])
}
tagsByBookmarkId.get(tag.bookmark_id)!.push({
id: tag.id,
name: tag.name,
color: tag.color,
})
}
return tagsByBookmarkId
}
================================================
FILE: tmarks/functions/api/tab/bookmarks/index.ts
================================================
/**
* API -
* : /api/tab/bookmarks
* : API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, BookmarkRow, RouteParams } from '../../../lib/types'
import { success, badRequest, created, internalError } from '../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../middleware/api-key-auth-pages'
import { isValidUrl, sanitizeString } from '../../../lib/validation'
import { generateUUID } from '../../../lib/crypto'
import { normalizeBookmark } from '../../../lib/bookmark-utils'
import { invalidatePublicShareCache } from '../../shared/cache'
import { uploadCoverImageToR2 } from '../../../lib/image-upload'
import { getValidTagIds, replaceBookmarkTags, replaceBookmarkTagsByNames } from '../../../lib/tags'
import {
buildBookmarkListQuery,
fetchBookmarkTags,
createBookmarkPageCursor,
BookmarkListRow,
BookmarkWithTags
} from './bookmark-list'
import { handleBatchCreate } from './bookmark-batch'
interface CreateBookmarkRequest {
title?: string
url?: string
description?: string
cover_image?: string
favicon?: string
tag_ids?: string[] // :
tags?: string[] // :(
is_pinned?: boolean
is_public?: boolean
bookmarks?: Array<{ //
title: string
url: string
description?: string
cover_image?: string
favicon?: string
tags?: string[]
is_pinned?: boolean
is_archived?: boolean
is_public?: boolean
}>
}
// GET /api/bookmarks -
export const onRequestGet: PagesFunction[] = [
requireApiKeyAuth('bookmarks.read'),
async (context) => {
const userId = context.data.user_id
const url = new URL(context.request.url)
try {
const { query, params, pageSize, sortBy } = buildBookmarkListQuery(userId, url)
const { results } = await context.env.DB.prepare(query).bind(...params).all()
const hasMore = results.length > pageSize
const bookmarks = hasMore ? results.slice(0, pageSize) : results
const nextCursor = hasMore && bookmarks.length > 0
? createBookmarkPageCursor(bookmarks[bookmarks.length - 1], sortBy)
: null
const bookmarkIds = bookmarks.map(b => b.id)
const tagsByBookmarkId = await fetchBookmarkTags(context.env.DB, bookmarkIds)
const bookmarksWithTags: BookmarkWithTags[] = bookmarks.map(row => {
const normalized = normalizeBookmark(row)
return {
...normalized,
tags: tagsByBookmarkId.get(row.id) || [],
}
})
return success({
bookmarks: bookmarksWithTags,
meta: {
page_size: pageSize,
count: bookmarks.length,
next_cursor: nextCursor,
has_more: hasMore,
},
})
} catch (error) {
console.error('Get bookmarks error:', error)
return internalError('Failed to get bookmarks')
}
},
]
export const onRequestPost: PagesFunction[] = [
requireApiKeyAuth('bookmarks.create'),
async (context) => {
const userId = context.data.user_id
try {
const body = (await context.request.json()) as CreateBookmarkRequest
//
if (body.bookmarks && Array.isArray(body.bookmarks) && body.bookmarks.length > 0) {
if (body.bookmarks.length > 100) {
return badRequest('Cannot create more than 100 bookmarks at once')
}
const now = new Date().toISOString()
const result = await handleBatchCreate(context.env.DB, userId, body.bookmarks, now)
await invalidatePublicShareCache(context.env, userId)
return success(result)
}
//
if (!body.title || !body.url) {
return badRequest({
message: 'Title and URL are required',
code: 'MISSING_FIELDS'
})
}
if (!isValidUrl(body.url)) {
return badRequest('Invalid URL format')
}
const title = sanitizeString(body.title, 500)
const url = sanitizeString(body.url, 2000)
const description = body.description ? sanitizeString(body.description, 1000) : null
let coverImage = body.cover_image ? sanitizeString(body.cover_image, 2000) : null
const favicon = body.favicon ? sanitizeString(body.favicon, 2000) : null
const existing = await context.env.DB.prepare(
'SELECT id, deleted_at FROM bookmarks WHERE user_id = ? AND url = ?'
)
.bind(userId, url)
.first<{ id: string; deleted_at: string | null }>()
const restoredDeletedBookmark = Boolean(existing?.deleted_at)
const now = new Date().toISOString()
let bookmarkId: string
const isPinned = body.is_pinned ? 1 : 0
const isPublic = body.is_public ? 1 : 0
// R2 bucket, R2
let coverImageId: string | null = null
if (coverImage && context.env.SNAPSHOTS_BUCKET && context.env.R2_PUBLIC_URL) {
const tempBookmarkId = existing?.id || generateUUID()
const uploadResult = await uploadCoverImageToR2(
coverImage,
userId,
tempBookmarkId,
context.env.SNAPSHOTS_BUCKET,
context.env.DB,
context.env.R2_PUBLIC_URL,
context.env
)
if (uploadResult.success && uploadResult.r2Url) {
coverImage = uploadResult.r2Url
coverImageId = uploadResult.imageId || null
}
}
if (existing) {
if (!existing.deleted_at) {
//
const bookmarkRow = await context.env.DB.prepare('SELECT * FROM bookmarks WHERE id = ? AND user_id = ?')
.bind(existing.id, userId)
.first()
const { results: tags } = await context.env.DB.prepare(
`SELECT t.id, t.name, t.color
FROM tags t
INNER JOIN bookmark_tags bt ON t.id = bt.tag_id
WHERE bt.bookmark_id = ? AND bt.user_id = ?`
)
.bind(existing.id, userId)
.all<{ id: string; name: string; color: string | null }>()
const snapshotCountResult = await context.env.DB.prepare(
`SELECT COUNT(*) as count FROM bookmark_snapshots WHERE bookmark_id = ? AND user_id = ?`
)
.bind(existing.id, userId)
.first<{ count: number }>()
const snapshotCount = snapshotCountResult?.count || 0
if (!bookmarkRow) {
return internalError('Failed to retrieve bookmark')
}
const bookmark = normalizeBookmark(bookmarkRow)
return success(
{
bookmark: {
...bookmark,
tags: tags || [],
snapshot_count: snapshotCount,
has_snapshot: snapshotCount > 0,
},
},
{
message: 'Bookmark already exists',
code: 'BOOKMARK_EXISTS',
}
)
}
//
bookmarkId = existing.id
await context.env.DB.prepare(
`UPDATE bookmarks
SET title = ?, description = ?, cover_image = ?, favicon = ?,
is_pinned = ?, is_public = ?,
deleted_at = NULL, updated_at = ?
WHERE id = ? AND user_id = ?`
)
.bind(title, description, coverImage, favicon, isPinned, isPublic, now, bookmarkId, userId)
.run()
} else {
bookmarkId = generateUUID()
await context.env.DB.prepare(
`INSERT INTO bookmarks (id, user_id, title, url, description, cover_image, cover_image_id, favicon, is_pinned, is_public, created_at, updated_at)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`
)
.bind(bookmarkId, userId, title, url, description, coverImage, coverImageId, favicon, isPinned, isPublic, now, now)
.run()
}
//
if (body.tags !== undefined) {
await replaceBookmarkTagsByNames(context.env.DB, bookmarkId, body.tags, userId, now)
} else if (body.tag_ids !== undefined) {
const validTagIds = await getValidTagIds(context.env.DB, userId, body.tag_ids)
await replaceBookmarkTags(context.env.DB, bookmarkId, userId, validTagIds, now)
} else if (restoredDeletedBookmark) {
await replaceBookmarkTags(context.env.DB, bookmarkId, userId, [], now)
}
const bookmarkRow = await context.env.DB.prepare('SELECT * FROM bookmarks WHERE id = ? AND user_id = ?')
.bind(bookmarkId, userId)
.first()
const { results: tags } = await context.env.DB.prepare(
`SELECT t.id, t.name, t.color
FROM tags t
INNER JOIN bookmark_tags bt ON t.id = bt.tag_id
WHERE bt.bookmark_id = ? AND bt.user_id = ?`
)
.bind(bookmarkId, userId)
.all<{ id: string; name: string; color: string | null }>()
if (!bookmarkRow) {
return internalError('Failed to load bookmark after creation')
}
await invalidatePublicShareCache(context.env, userId)
return created({
bookmark: {
...normalizeBookmark(bookmarkRow),
tags: tags || [],
},
})
} catch (error) {
console.error('Create bookmark error:', error)
return internalError('Failed to create bookmark')
}
},
]
================================================
FILE: tmarks/functions/api/tab/bookmarks/reorder-pinned.ts
================================================
/**
*
* POST /api/tab/bookmarks/reorder-pinned
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../lib/types'
import { success, badRequest, internalError } from '../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../middleware/api-key-auth-pages'
interface ReorderPinnedRequest {
bookmark_ids: string[]
}
export const onRequestPost: PagesFunction[] = [
requireApiKeyAuth('bookmarks.write'),
async (context) => {
try {
const userId = context.data.user_id
const body = (await context.request.json()) as ReorderPinnedRequest
if (!body.bookmark_ids || !Array.isArray(body.bookmark_ids) || body.bookmark_ids.length === 0) {
return badRequest('bookmark_ids is required and must be a non-empty array')
}
//
const placeholders = body.bookmark_ids.map(() => '?').join(',')
const { results: bookmarks } = await context.env.DB.prepare(
`SELECT id FROM bookmarks
WHERE id IN (${placeholders})
AND user_id = ?
AND is_pinned = 1
AND deleted_at IS NULL`
)
.bind(...body.bookmark_ids, userId)
.all<{ id: string }>()
if (bookmarks.length !== body.bookmark_ids.length) {
return badRequest('Some bookmarks are not found, not pinned, or do not belong to you')
}
//
const now = new Date().toISOString()
const updates = body.bookmark_ids.map((id, index) => {
return context.env.DB.prepare(
'UPDATE bookmarks SET pin_order = ?, updated_at = ? WHERE id = ? AND user_id = ?'
).bind(index, now, id, userId)
})
await context.env.DB.batch(updates)
return success({
message: 'Pinned bookmarks reordered successfully',
count: body.bookmark_ids.length,
})
} catch (error) {
console.error('Reorder pinned bookmarks error:', error)
return internalError('Failed to reorder pinned bookmarks')
}
},
]
================================================
FILE: tmarks/functions/api/tab/bookmarks/trash/empty.ts
================================================
/**
* : /api/tab/bookmarks/trash/empty
* : API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../../lib/types'
import { success, internalError } from '../../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../../middleware/api-key-auth-pages'
export const onRequestDelete: PagesFunction[] = [
requireApiKeyAuth('bookmarks.delete'),
async (context) => {
const userId = context.data.user_id
try {
const { results: trashBookmarks } = await context.env.DB.prepare(
'SELECT id FROM bookmarks WHERE user_id = ? AND deleted_at IS NOT NULL'
)
.bind(userId)
.all<{ id: string }>()
if (trashBookmarks.length === 0) {
return success({ message: 'Trash is already empty', count: 0 })
}
const bookmarkIds = trashBookmarks.map(b => b.id)
//
for (const id of bookmarkIds) {
await context.env.DB.prepare('DELETE FROM bookmark_tags WHERE bookmark_id = ?')
.bind(id)
.run()
}
//
for (const id of bookmarkIds) {
await context.env.DB.prepare('DELETE FROM bookmark_snapshots WHERE bookmark_id = ?')
.bind(id)
.run()
}
//
await context.env.DB.prepare(
'DELETE FROM bookmarks WHERE user_id = ? AND deleted_at IS NOT NULL'
)
.bind(userId)
.run()
return success({
message: 'Trash emptied successfully',
count: bookmarkIds.length,
})
} catch (error) {
console.error('Empty trash error:', error)
return internalError('Failed to empty trash')
}
},
]
================================================
FILE: tmarks/functions/api/tab/bookmarks/trash.ts
================================================
/**
* : /api/tab/bookmarks/trash
* : API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, BookmarkRow } from '../../../lib/types'
import { success, internalError } from '../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../middleware/api-key-auth-pages'
import { normalizeBookmark } from '../../../lib/bookmark-utils'
interface TrashQueryParams {
page_size?: string
page_cursor?: string
sort?: string
}
export const onRequestGet: PagesFunction[] = [
requireApiKeyAuth('bookmarks.read'),
async (context) => {
const userId = context.data.user_id
const url = new URL(context.request.url)
const params: TrashQueryParams = {
page_size: url.searchParams.get('page_size') || undefined,
page_cursor: url.searchParams.get('page_cursor') || undefined,
sort: url.searchParams.get('sort') || undefined,
}
try {
const pageSize = Math.min(Math.max(parseInt(params.page_size || '20', 10) || 20, 1), 100)
const sort = params.sort === 'deleted_at_asc' ? 'ASC' : 'DESC'
let query = `
SELECT * FROM bookmarks
WHERE user_id = ? AND deleted_at IS NOT NULL
`
const queryParams: (string | number)[] = [userId]
//
if (params.page_cursor) {
query += ` AND deleted_at < ?`
queryParams.push(params.page_cursor)
}
query += ` ORDER BY deleted_at ${sort} LIMIT ?`
queryParams.push(pageSize + 1)
const { results: bookmarks } = await context.env.DB.prepare(query)
.bind(...queryParams)
.all()
const hasMore = bookmarks.length > pageSize
const items = hasMore ? bookmarks.slice(0, pageSize) : bookmarks
const bookmarksWithTags = await Promise.all(
items.map(async (bookmark) => {
const { results: tags } = await context.env.DB.prepare(
`SELECT t.id, t.name, t.color
FROM tags t
INNER JOIN bookmark_tags bt ON t.id = bt.tag_id
WHERE bt.bookmark_id = ? AND t.deleted_at IS NULL`
)
.bind(bookmark.id)
.all<{ id: string; name: string; color: string | null }>()
return {
...normalizeBookmark(bookmark),
tags: tags || [],
}
})
)
//
const countResult = await context.env.DB.prepare(
'SELECT COUNT(*) as count FROM bookmarks WHERE user_id = ? AND deleted_at IS NOT NULL'
)
.bind(userId)
.first<{ count: number }>()
return success({
bookmarks: bookmarksWithTags,
meta: {
total: countResult?.count || 0,
page_size: pageSize,
has_more: hasMore,
next_cursor: hasMore && items.length > 0 ? items[items.length - 1].deleted_at : null,
},
})
} catch (error) {
console.error('Get trash bookmarks error:', error)
return internalError('Failed to get trash bookmarks')
}
},
]
================================================
FILE: tmarks/functions/api/tab/me.ts
================================================
/**
* API -
* : /api/tab/me
* : API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../lib/types'
import { success, internalError } from '../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../middleware/api-key-auth-pages'
// GET /api/me -
type BookmarkStats = {
total_bookmarks: number | null
pinned_bookmarks: number | null
}
export const onRequestGet: PagesFunction[] = [
requireApiKeyAuth('user.read'),
async (context) => {
const userId = context.data.user_id
try {
//
const user = await context.env.DB.prepare(
'SELECT id, username, email, created_at FROM users WHERE id = ?'
)
.bind(userId)
.first()
if (!user) {
return internalError('User not found')
}
//
const stats = await context.env.DB.prepare(
`SELECT
COUNT(CASE WHEN deleted_at IS NULL THEN 1 END) as total_bookmarks,
COUNT(CASE WHEN deleted_at IS NULL AND is_pinned = 1 THEN 1 END) as pinned_bookmarks
FROM bookmarks
WHERE user_id = ?`
)
.bind(userId)
.first()
const tagCount = await context.env.DB.prepare(
'SELECT COUNT(*) as count FROM tags WHERE user_id = ? AND deleted_at IS NULL'
)
.bind(userId)
.first<{ count: number }>()
return success({
user: {
...user,
stats: {
total_bookmarks: stats?.total_bookmarks ?? 0,
pinned_bookmarks: stats?.pinned_bookmarks ?? 0,
total_tags: tagCount?.count || 0,
},
},
api_key: {
id: context.data.api_key_id,
permissions: context.data.api_key_permissions,
},
})
} catch (error) {
console.error('Get user info error:', error)
return internalError('Failed to get user info')
}
},
]
================================================
FILE: tmarks/functions/api/tab/search.ts
================================================
/**
* External API - Global Search
* Path: /api/tab/search
* Auth: API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, Bookmark, RouteParams } from '../../lib/types'
import { success, badRequest, internalError } from '../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../middleware/api-key-auth-pages'
// GET /api/search - Global search for bookmarks and tags
type BookmarkWithTags = Bookmark & {
tags: Array<{ id: string; name: string; color: string | null }>
}
export const onRequestGet: PagesFunction[] = [
requireApiKeyAuth('bookmarks.read'),
async (context) => {
const userId = context.data.user_id
const url = new URL(context.request.url)
const query = url.searchParams.get('q')
if (!query || query.trim().length === 0) {
return badRequest('Search query is required')
}
const searchTerm = `%${query.trim()}%`
const limit = Math.min(parseInt(url.searchParams.get('limit') || '20', 10) || 20, 100)
try {
// Search bookmarks
const { results: bookmarks } = await context.env.DB.prepare(
`SELECT b.*
FROM bookmarks b
WHERE b.user_id = ? AND b.deleted_at IS NULL
AND (b.title LIKE ? OR b.description LIKE ? OR b.url LIKE ?)
ORDER BY b.is_pinned DESC, b.updated_at DESC
LIMIT ?`
)
.bind(userId, searchTerm, searchTerm, searchTerm, limit)
.all()
// Optimize: Use single query to get all bookmark tags
let bookmarksWithTags: BookmarkWithTags[] = (bookmarks || []).map(bookmark => ({
...bookmark,
tags: [],
}))
if (bookmarksWithTags.length > 0) {
const bookmarkIds = bookmarksWithTags.map(b => b.id)
// Get all tags for bookmarks at once
const { results: allTags } = await context.env.DB.prepare(
`SELECT
bt.bookmark_id,
t.id,
t.name,
t.color
FROM tags t
INNER JOIN bookmark_tags bt ON t.id = bt.tag_id
WHERE bt.bookmark_id IN (${bookmarkIds.map(() => '?').join(',')})
AND t.deleted_at IS NULL
ORDER BY bt.bookmark_id, t.name`
)
.bind(...bookmarkIds)
.all<{ bookmark_id: string; id: string; name: string; color: string | null }>()
// Group tags by bookmark ID
const tagsByBookmarkId = new Map>()
for (const tag of allTags || []) {
if (!tagsByBookmarkId.has(tag.bookmark_id)) {
tagsByBookmarkId.set(tag.bookmark_id, [])
}
const tags = tagsByBookmarkId.get(tag.bookmark_id)
if (tags) {
tags.push({
id: tag.id,
name: tag.name,
color: tag.color,
})
}
}
// Assemble bookmarks with tags
bookmarksWithTags = bookmarksWithTags.map(bookmark => ({
...bookmark,
tags: tagsByBookmarkId.get(bookmark.id) || [],
}))
}
// Search tags
const { results: tags } = await context.env.DB.prepare(
`SELECT
t.id,
t.name,
t.color,
t.created_at,
t.updated_at,
COUNT(bt.bookmark_id) as bookmark_count
FROM tags t
LEFT JOIN bookmark_tags bt ON t.id = bt.tag_id AND bt.user_id = t.user_id
LEFT JOIN bookmarks b ON bt.bookmark_id = b.id AND b.deleted_at IS NULL
WHERE t.user_id = ? AND t.deleted_at IS NULL
AND t.name LIKE ?
GROUP BY t.id
ORDER BY t.name ASC
LIMIT ?`
)
.bind(userId, searchTerm, limit)
.all()
return success({
query,
results: {
bookmarks: bookmarksWithTags,
tags: tags || [],
},
meta: {
bookmark_count: bookmarksWithTags.length,
tag_count: (tags || []).length,
},
})
} catch (error) {
console.error('Search error:', error)
return internalError('Failed to search')
}
},
]
================================================
FILE: tmarks/functions/api/tab/statistics/index.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../lib/types'
import { success, internalError } from '../../../lib/response'
import { requireDualAuth, DualAuthContext } from '../../../middleware/dual-auth'
interface DomainCount {
domain: string
count: number
}
// GET /api/tab/statistics - Retrieve tab statistics
export const onRequestGet: PagesFunction[] = [
requireDualAuth('tab_groups.read'),
async (context) => {
const userId = context.data.user_id
const url = new URL(context.request.url)
const days = parseInt(url.searchParams.get('days') || '30', 10) || 30
try {
const startDate = new Date()
startDate.setDate(startDate.getDate() - days)
const startDateStr = startDate.toISOString().split('T')[0]
const [
groupsResult,
deletedGroupsResult,
itemsResult,
sharesResult,
groupsTrend,
itemsTrend,
domains,
groupSizes
] = await Promise.all([
context.env.DB.prepare(
'SELECT COUNT(*) as count FROM tab_groups WHERE user_id = ? AND is_deleted = 0'
)
.bind(userId)
.all<{ count: number }>(),
context.env.DB.prepare(
'SELECT COUNT(*) as count FROM tab_groups WHERE user_id = ? AND is_deleted = 1'
)
.bind(userId)
.all<{ count: number }>(),
context.env.DB.prepare(
'SELECT COUNT(*) as count FROM tab_group_items WHERE group_id IN (SELECT id FROM tab_groups WHERE user_id = ?)'
)
.bind(userId)
.all<{ count: number }>(),
context.env.DB.prepare(
'SELECT COUNT(*) as count FROM shares WHERE user_id = ?'
)
.bind(userId)
.all<{ count: number }>(),
context.env.DB.prepare(
`SELECT DATE(created_at) as date, COUNT(*) as count
FROM tab_groups
WHERE user_id = ? AND DATE(created_at) >= ?
GROUP BY DATE(created_at)
ORDER BY date ASC`
)
.bind(userId, startDateStr)
.all<{ date: string; count: number }>(),
context.env.DB.prepare(
`SELECT DATE(created_at) as date, COUNT(*) as count
FROM tab_group_items
WHERE group_id IN (SELECT id FROM tab_groups WHERE user_id = ?)
AND DATE(created_at) >= ?
GROUP BY DATE(created_at)
ORDER BY date ASC`
)
.bind(userId, startDateStr)
.all<{ date: string; count: number }>(),
context.env.DB.prepare(
`SELECT
CASE
WHEN url LIKE 'http://%' THEN SUBSTR(url, 8, INSTR(SUBSTR(url, 8), '/') - 1)
WHEN url LIKE 'https://%' THEN SUBSTR(url, 9, INSTR(SUBSTR(url, 9), '/') - 1)
ELSE url
END as domain,
COUNT(*) as count
FROM tab_group_items
WHERE group_id IN (SELECT id FROM tab_groups WHERE user_id = ?)
GROUP BY domain
ORDER BY count DESC
LIMIT 10`
)
.bind(userId)
.all(),
context.env.DB.prepare(
`SELECT
CASE
WHEN item_count = 0 THEN '0'
WHEN item_count <= 5 THEN '1-5'
WHEN item_count <= 10 THEN '6-10'
WHEN item_count <= 20 THEN '11-20'
WHEN item_count <= 50 THEN '21-50'
ELSE '50+'
END as range,
COUNT(*) as count
FROM (
SELECT g.id, COUNT(i.id) as item_count
FROM tab_groups g
LEFT JOIN tab_group_items i ON g.id = i.group_id
WHERE g.user_id = ? AND g.is_deleted = 0
GROUP BY g.id
)
GROUP BY range
ORDER BY
CASE range
WHEN '0' THEN 1
WHEN '1-5' THEN 2
WHEN '6-10' THEN 3
WHEN '11-20' THEN 4
WHEN '21-50' THEN 5
ELSE 6
END`
)
.bind(userId)
.all<{ range: string; count: number }>()
])
return success({
summary: {
total_groups: groupsResult.results?.[0]?.count || 0,
total_deleted_groups: deletedGroupsResult.results?.[0]?.count || 0,
total_items: itemsResult.results?.[0]?.count || 0,
total_shares: sharesResult.results?.[0]?.count || 0,
},
trends: {
groups: groupsTrend.results || [],
items: itemsTrend.results || [],
},
top_domains: domains.results || [],
group_size_distribution: groupSizes.results || [],
})
} catch (error) {
console.error('Get statistics error:', error)
return internalError('Failed to get statistics')
}
},
]
================================================
FILE: tmarks/functions/api/tab/tab-groups/[id]/items/batch.ts
================================================
/**
* API -
* : /api/tab/tab-groups/:id/items/batch
* : API Key (X-API-Key header) JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../../lib/types'
import { success, badRequest, notFound, internalError } from '../../../../../lib/response'
import { requireDualAuth, DualAuthContext } from '../../../../../middleware/dual-auth'
import { sanitizeString } from '../../../../../lib/validation'
import { generateUUID } from '../../../../../lib/crypto'
interface TabGroupRow {
id: string
user_id: string
title: string
}
interface BatchAddItemsRequest {
items: Array<{
title: string
url: string
favicon?: string
}>
}
// POST /api/tab/tab-groups/:id/items/batch -
export const onRequestPost: PagesFunction[] = [
requireDualAuth('tab_groups.update'),
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
const body = (await context.request.json()) as BatchAddItemsRequest
if (!body.items || !Array.isArray(body.items) || body.items.length === 0) {
return badRequest('items array is required and must not be empty')
}
//
const group = await context.env.DB.prepare(
'SELECT id, user_id, title FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
if (!group) {
return notFound('Tab group not found')
}
// position
const maxPositionResult = await context.env.DB.prepare(
'SELECT MAX(position) as max_position FROM tab_group_items WHERE group_id = ?'
)
.bind(groupId)
.first<{ max_position: number | null }>()
let currentPosition = (maxPositionResult?.max_position ?? -1) + 1
//
const timestamp = new Date().toISOString()
const insertPromises = body.items.map((item) => {
const itemId = generateUUID()
const itemTitle = sanitizeString(item.title, 500)
const itemUrl = sanitizeString(item.url, 2000)
const favicon = item.favicon ? sanitizeString(item.favicon, 2000) : null
const promise = context.env.DB.prepare(
'INSERT INTO tab_group_items (id, group_id, title, url, favicon, position, created_at) VALUES (?, ?, ?, ?, ?, ?, ?)'
)
.bind(itemId, groupId, itemTitle, itemUrl, favicon, currentPosition, timestamp)
.run()
currentPosition++
return promise
})
await Promise.all(insertPromises)
// (with user_id verification for security)
const { results: items } = await context.env.DB.prepare(
`SELECT tgi.*
FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.group_id = ? AND tg.user_id = ?
ORDER BY tgi.position ASC`
)
.bind(groupId, userId)
.all()
return success({
message: `Successfully added ${body.items.length} items`,
added_count: body.items.length,
total_items: items?.length || 0,
items: items || [],
})
} catch (error) {
console.error('Batch add items error:', error)
return internalError('Failed to batch add items')
}
},
]
================================================
FILE: tmarks/functions/api/tab/tab-groups/[id]/permanent-delete.ts
================================================
/**
* API
* : /api/tab/tab-groups/:id/permanent-delete
* : API Key (X-API-Key header) JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../lib/types'
import { notFound, internalError } from '../../../../lib/response'
import { requireDualAuth, DualAuthContext } from '../../../../middleware/dual-auth'
interface TabGroupRow {
id: string
user_id: string
is_deleted: number
}
// DELETE /api/tab/tab-groups/:id/permanent-delete -
export const onRequestDelete: PagesFunction[] = [
requireDualAuth('tab_groups.delete'),
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
// Check if tab group exists and is deleted
const groupRow = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE id = ? AND user_id = ? AND is_deleted = 1'
)
.bind(groupId, userId)
.first()
if (!groupRow) {
return notFound('Tab group not found in trash')
}
// Delete tab group items first
await context.env.DB.prepare('DELETE FROM tab_group_items WHERE group_id = ?')
.bind(groupId)
.run()
// Delete shares
await context.env.DB.prepare('DELETE FROM shares WHERE group_id = ?')
.bind(groupId)
.run()
// Permanently delete tab group
await context.env.DB.prepare('DELETE FROM tab_groups WHERE id = ?')
.bind(groupId)
.run()
return new Response(null, { status: 204 })
} catch (error) {
console.error('Permanent delete tab group error:', error)
return internalError('Failed to permanently delete tab group')
}
},
]
================================================
FILE: tmarks/functions/api/tab/tab-groups/[id]/restore.ts
================================================
/**
* API
* : /api/tab/tab-groups/:id/restore
* : API Key (X-API-Key header) JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../lib/types'
import { success, notFound, internalError } from '../../../../lib/response'
import { requireDualAuth, DualAuthContext } from '../../../../middleware/dual-auth'
interface TabGroupRow {
id: string
user_id: string
is_deleted: number
}
// POST /api/tab/tab-groups/:id/restore -
export const onRequestPost: PagesFunction[] = [
requireDualAuth('tab_groups.update'),
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
// Check if tab group exists and is deleted
const groupRow = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE id = ? AND user_id = ? AND is_deleted = 1'
)
.bind(groupId, userId)
.first()
if (!groupRow) {
return notFound('Tab group not found in trash')
}
// Restore tab group
await context.env.DB.prepare(
'UPDATE tab_groups SET is_deleted = 0, deleted_at = NULL, updated_at = ? WHERE id = ?'
)
.bind(new Date().toISOString(), groupId)
.run()
return success({ message: 'Tab group restored successfully' })
} catch (error) {
console.error('Restore tab group error:', error)
return internalError('Failed to restore tab group')
}
},
]
================================================
FILE: tmarks/functions/api/tab/tab-groups/[id]/share.ts
================================================
/**
* API
* : /api/tab/tab-groups/:id/share
* : API Key (X-API-Key header) JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../lib/types'
import { success, notFound, internalError } from '../../../../lib/response'
import { requireDualAuth, DualAuthContext } from '../../../../middleware/dual-auth'
import { generateUUID } from '../../../../lib/crypto'
interface TabGroupRow {
id: string
user_id: string
is_deleted: number
}
interface ShareRow {
id: string
group_id: string
user_id: string
share_token: string
is_public: number
view_count: number
created_at: string
expires_at: string | null
}
interface CreateShareRequest {
is_public?: boolean
expires_in_days?: number
}
// POST /api/tab/tab-groups/:id/share -
export const onRequestPost: PagesFunction[] = [
requireDualAuth('tab_groups.update'),
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
const body = (await context.request.json().catch(() => ({}))) as CreateShareRequest
// Check if tab group exists and belongs to user
const groupRow = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE id = ? AND user_id = ? AND is_deleted = 0'
)
.bind(groupId, userId)
.first()
if (!groupRow) {
return notFound('Tab group not found')
}
// Check if share already exists
const existingShare = await context.env.DB.prepare(
'SELECT * FROM shares WHERE group_id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
if (existingShare) {
return success({
share: existingShare,
share_url: `${new URL(context.request.url).origin}/share/${existingShare.share_token}`,
})
}
// Generate share token
const shareToken = generateUUID().replace(/-/g, '').substring(0, 16)
const shareId = generateUUID()
const now = new Date().toISOString()
const isPublic = body.is_public !== false ? 1 : 0
let expiresAt: string | null = null
if (body.expires_in_days && body.expires_in_days > 0) {
const expiresDate = new Date()
expiresDate.setDate(expiresDate.getDate() + body.expires_in_days)
expiresAt = expiresDate.toISOString()
}
// Create share
await context.env.DB.prepare(
'INSERT INTO shares (id, group_id, user_id, share_token, is_public, view_count, created_at, expires_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?)'
)
.bind(shareId, groupId, userId, shareToken, isPublic, 0, now, expiresAt)
.run()
const share = {
id: shareId,
group_id: groupId,
user_id: userId,
share_token: shareToken,
is_public: isPublic,
view_count: 0,
created_at: now,
expires_at: expiresAt,
}
return success({
share,
share_url: `${new URL(context.request.url).origin}/share/${shareToken}`,
})
} catch (error) {
console.error('Create share error:', error)
return internalError('Failed to create share')
}
},
]
// GET /api/tab/tab-groups/:id/share -
export const onRequestGet: PagesFunction[] = [
requireDualAuth('tab_groups.read'),
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
// Get share
const share = await context.env.DB.prepare(
'SELECT * FROM shares WHERE group_id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
if (!share) {
return notFound('Share not found')
}
return success({
share,
share_url: `${new URL(context.request.url).origin}/share/${share.share_token}`,
})
} catch (error) {
console.error('Get share error:', error)
return internalError('Failed to get share')
}
},
]
// DELETE /api/tab/tab-groups/:id/share -
export const onRequestDelete: PagesFunction[] = [
requireDualAuth('tab_groups.delete'),
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
// Delete share
await context.env.DB.prepare('DELETE FROM shares WHERE group_id = ? AND user_id = ?')
.bind(groupId, userId)
.run()
return new Response(null, { status: 204 })
} catch (error) {
console.error('Delete share error:', error)
return internalError('Failed to delete share')
}
},
]
================================================
FILE: tmarks/functions/api/tab/tab-groups/[id].ts
================================================
/**
* API -
* : /api/tab/tab-groups/:id
* : API Key (X-API-Key header) JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../lib/types'
import { success, badRequest, notFound, internalError } from '../../../lib/response'
import { requireDualAuth, DualAuthContext } from '../../../middleware/dual-auth'
import { sanitizeString } from '../../../lib/validation'
interface TabGroupRow {
id: string
user_id: string
title: string
color: string | null
tags: string | null
parent_id: string | null
is_folder: number
is_deleted: number
deleted_at: string | null
position: number
created_at: string
updated_at: string
}
interface TabGroupItemRow {
id: string
group_id: string
title: string
url: string
favicon: string | null
position: number
created_at: string
}
interface UpdateTabGroupRequest {
title?: string
color?: string | null
tags?: string[] | null
parent_id?: string | null
position?: number
}
// GET /api/tab/tab-groups/:id -
export const onRequestGet: PagesFunction[] = [
requireDualAuth('tab_groups.read'),
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
// Get tab group (exclude deleted by default)
let groupRow: TabGroupRow | null = null
try {
groupRow = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE id = ? AND user_id = ? AND (is_deleted IS NULL OR is_deleted = 0)'
)
.bind(groupId, userId)
.first()
} catch {
// Fallback: query without is_deleted column
groupRow = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
}
if (!groupRow) {
return notFound('Tab group not found')
}
// Parse tags if exists
let tags: string[] | null = null
if (groupRow.tags) {
try {
tags = JSON.parse(groupRow.tags)
} catch {
tags = null
}
}
// Get tab group items (with user_id verification for security)
const { results: items } = await context.env.DB.prepare(
`SELECT tgi.*
FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.group_id = ? AND tg.user_id = ?
ORDER BY COALESCE(tgi.is_pinned, 0) DESC, tgi.position ASC`
)
.bind(groupId, userId)
.all()
return success({
tab_group: {
...groupRow,
tags,
items: items || [],
item_count: items?.length || 0,
},
})
} catch (error) {
console.error('Get tab group error:', error)
return internalError('Failed to get tab group')
}
},
]
// PATCH /api/tab/tab-groups/:id -
export const onRequestPatch: PagesFunction[] = [
requireDualAuth('tab_groups.update'),
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
let body: UpdateTabGroupRequest
try {
body = (await context.request.json()) as UpdateTabGroupRequest
} catch (parseError) {
console.error('Failed to parse request body:', parseError)
return badRequest('Invalid request body: ' + (parseError instanceof Error ? parseError.message : 'JSON parse error'))
}
// Check if tab group exists and belongs to user
const groupRow = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
if (!groupRow) {
return notFound('Tab group not found')
}
// Update tab group
const updates: string[] = []
const params: (string | number | null)[] = []
if (body.title !== undefined) {
updates.push('title = ?')
params.push(sanitizeString(body.title, 200))
}
// Only add color/tags if they exist in the request
// Try to update, if column doesn't exist, skip silently
let hasColorOrTags = false
if (body.color !== undefined) {
updates.push('color = ?')
params.push(body.color)
hasColorOrTags = true
}
if (body.tags !== undefined) {
updates.push('tags = ?')
params.push(body.tags ? JSON.stringify(body.tags) : null)
hasColorOrTags = true
}
if (body.parent_id !== undefined) {
updates.push('parent_id = ?')
params.push(body.parent_id)
}
if (body.position !== undefined) {
updates.push('position = ?')
params.push(body.position)
}
if (updates.length === 0) {
return badRequest('No fields to update')
}
updates.push('updated_at = ?')
params.push(new Date().toISOString())
params.push(groupId)
// Add user_id to WHERE clause params
params.push(userId)
try {
await context.env.DB.prepare(
`UPDATE tab_groups SET ${updates.join(', ')} WHERE id = ? AND user_id = ?`
)
.bind(...params)
.run()
} catch (e) {
// If update fails (likely due to missing columns), try without color/tags
if (hasColorOrTags && body.title !== undefined) {
await context.env.DB.prepare(
'UPDATE tab_groups SET title = ?, updated_at = ? WHERE id = ? AND user_id = ?'
)
.bind(sanitizeString(body.title, 200), new Date().toISOString(), groupId, userId)
.run()
} else {
throw e
}
}
// Get updated tab group with items
const updatedGroup = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE id = ?'
)
.bind(groupId)
.first()
const { results: items } = await context.env.DB.prepare(
`SELECT tgi.*
FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.group_id = ? AND tg.user_id = ?
ORDER BY tgi.position ASC`
)
.bind(groupId, userId)
.all()
if (!updatedGroup) {
return internalError('Failed to load tab group after update')
}
return success({
tab_group: {
...updatedGroup,
items: items || [],
item_count: items?.length || 0,
},
})
} catch (error) {
console.error('Update tab group error:', error)
return internalError('Failed to update tab group')
}
},
]
// DELETE /api/tab/tab-groups/:id - ()
export const onRequestDelete: PagesFunction[] = [
requireDualAuth('tab_groups.delete'),
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
// Check if tab group exists and belongs to user
let groupRow: TabGroupRow | null = null
try {
groupRow = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE id = ? AND user_id = ? AND (is_deleted IS NULL OR is_deleted = 0)'
)
.bind(groupId, userId)
.first()
} catch {
// Fallback: query without is_deleted column
groupRow = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
}
if (!groupRow) {
return notFound('Tab group not found')
}
// Soft delete - mark as deleted (only if column exists)
try {
await context.env.DB.prepare(
'UPDATE tab_groups SET is_deleted = 1, deleted_at = ?, updated_at = ? WHERE id = ?'
)
.bind(new Date().toISOString(), new Date().toISOString(), groupId)
.run()
} catch {
// If is_deleted column doesn't exist, do hard delete
await context.env.DB.prepare('DELETE FROM tab_groups WHERE id = ?')
.bind(groupId)
.run()
}
return new Response(null, { status: 204 })
} catch (error) {
console.error('Delete tab group error:', error)
return internalError('Failed to delete tab group')
}
},
]
================================================
FILE: tmarks/functions/api/tab/tab-groups/index.ts
================================================
/**
* API -
* : /api/tab/tab-groups
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams, SQLParam } from '../../../lib/types'
import { success, created, internalError } from '../../../lib/response'
import { requireDualAuth, DualAuthContext } from '../../../middleware/dual-auth'
import { sanitizeString } from '../../../lib/validation'
import { generateUUID } from '../../../lib/crypto'
interface TabGroupRow {
id: string
user_id: string
title: string
color: string | null
tags: string | null
parent_id: string | null
is_folder: number
is_deleted: number
deleted_at: string | null
position: number
created_at: string
updated_at: string
}
interface TabGroupItemRow {
id: string
group_id: string
title: string
url: string
favicon: string | null
position: number
created_at: string
}
interface CreateTabGroupRequest {
title?: string
parent_id?: string | null
is_folder?: boolean
items?: Array<{
title: string
url: string
favicon?: string
}>
}
function parseTags(group: TabGroupRow): string[] | null {
if (!group.tags) return null
try {
return JSON.parse(group.tags)
} catch {
return null
}
}
// GET /api/tab/tab-groups
export const onRequestGet: PagesFunction[] = [
requireDualAuth('tab_groups.read'),
async (context) => {
const userId = context.data.user_id
const url = new URL(context.request.url)
const pageSize = Math.min(parseInt(url.searchParams.get('page_size') || '30', 10) || 30, 100)
const pageCursor = url.searchParams.get('page_cursor') || ''
try {
let groups: TabGroupRow[] = []
try {
let query = `
SELECT *
FROM tab_groups
WHERE user_id = ? AND (is_deleted IS NULL OR is_deleted = 0)
`
const params: SQLParam[] = [userId]
if (pageCursor) {
query += ` AND created_at < ?`
params.push(pageCursor)
}
query += ` ORDER BY created_at DESC LIMIT ?`
params.push(pageSize + 1)
const result = await context.env.DB.prepare(query)
.bind(...params)
.all()
groups = result.results
} catch {
let query = `
SELECT *
FROM tab_groups
WHERE user_id = ?
`
const params: SQLParam[] = [userId]
if (pageCursor) {
query += ` AND created_at < ?`
params.push(pageCursor)
}
query += ` ORDER BY created_at DESC LIMIT ?`
params.push(pageSize + 1)
const result = await context.env.DB.prepare(query)
.bind(...params)
.all()
groups = result.results
}
const hasMore = groups.length > pageSize
const tabGroups = hasMore ? groups.slice(0, pageSize) : groups
const nextCursor = hasMore ? tabGroups[tabGroups.length - 1].created_at : undefined
// Batch fetch all items (avoids N+1)
const groupIds = tabGroups.map((g) => g.id)
let allItems: TabGroupItemRow[] = []
if (groupIds.length > 0) {
const placeholders = groupIds.map(() => '?').join(',')
const { results: items } = await context.env.DB.prepare(
`SELECT tgi.*
FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.group_id IN (${placeholders}) AND tg.user_id = ?
ORDER BY COALESCE(tgi.is_pinned, 0) DESC, tgi.position ASC`
)
.bind(...groupIds, userId)
.all()
allItems = items || []
}
const itemsByGroup = new Map()
for (const item of allItems) {
const arr = itemsByGroup.get(item.group_id) || []
arr.push(item)
itemsByGroup.set(item.group_id, arr)
}
const groupsWithItems = tabGroups.map((group) => {
const items = itemsByGroup.get(group.id) || []
return {
...group,
tags: parseTags(group),
items,
item_count: items.length,
}
})
return success({
tab_groups: groupsWithItems,
meta: {
page_size: pageSize,
next_cursor: nextCursor,
},
})
} catch (error) {
console.error('Get tab groups error:', error)
return internalError('Failed to get tab groups')
}
},
]
// POST /api/tab/tab-groups
export const onRequestPost: PagesFunction[] = [
requireDualAuth('tab_groups.create'),
async (context) => {
const userId = context.data.user_id
try {
const body = (await context.request.json()) as CreateTabGroupRequest
const isFolder = body.is_folder || false
const now = new Date()
const defaultTitle = body.title || (isFolder ? '' : now.toLocaleString('zh-CN', {
year: 'numeric',
month: '2-digit',
day: '2-digit',
hour: '2-digit',
minute: '2-digit',
hour12: false,
}).replace(/\//g, '-'))
const title = sanitizeString(defaultTitle, 200)
const groupId = generateUUID()
const timestamp = now.toISOString()
const parentId = body.parent_id || null
// Atomic batch: group + all items
const stmts = [
context.env.DB.prepare(
'INSERT INTO tab_groups (id, user_id, title, parent_id, is_folder, is_deleted, created_at, updated_at) VALUES (?, ?, ?, ?, ?, 0, ?, ?)'
).bind(groupId, userId, title, parentId, isFolder ? 1 : 0, timestamp, timestamp),
]
if (!isFolder && body.items && body.items.length > 0) {
for (let i = 0; i < body.items.length; i++) {
const item = body.items[i]
const itemId = generateUUID()
const itemTitle = sanitizeString(item.title, 500)
const itemUrl = sanitizeString(item.url, 2000)
const favicon = item.favicon ? sanitizeString(item.favicon, 2000) : null
stmts.push(
context.env.DB.prepare(
'INSERT INTO tab_group_items (id, group_id, title, url, favicon, position, created_at) VALUES (?, ?, ?, ?, ?, ?, ?)'
).bind(itemId, groupId, itemTitle, itemUrl, favicon, i, timestamp)
)
}
}
await context.env.DB.batch(stmts)
const groupRow = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
if (!groupRow) {
return internalError('Failed to load tab group after creation')
}
const { results: items } = await context.env.DB.prepare(
`SELECT tgi.*
FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.group_id = ? AND tg.user_id = ?
ORDER BY tgi.position ASC`
)
.bind(groupId, userId)
.all()
return created({
tab_group: {
...groupRow,
items: items || [],
item_count: items?.length || 0,
},
})
} catch (error) {
console.error('Create tab group error:', error)
return internalError('Failed to create tab group')
}
},
]
================================================
FILE: tmarks/functions/api/tab/tab-groups/items/[id]/move.ts
================================================
/**
* API -
* : /api/tab/tab-groups/items/:id/move
* : API Key (X-API-Key header) JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../../lib/types'
import { success, badRequest, notFound, internalError } from '../../../../../lib/response'
import { requireDualAuth, DualAuthContext } from '../../../../../middleware/dual-auth'
interface TabGroupItemRow {
id: string
group_id: string
title: string
url: string
favicon: string | null
position: number
created_at: string
is_pinned?: number
is_todo?: number
}
interface MoveItemRequest {
target_group_id: string
position?: number
}
// POST /api/tab/tab-groups/items/:id/move -
export const onRequestPost: PagesFunction[] = [
requireDualAuth('tab_groups.update'),
async (context) => {
const userId = context.data.user_id
const itemId = context.params.id
try {
const body = (await context.request.json()) as MoveItemRequest
if (!body.target_group_id) {
return badRequest('target_group_id is required')
}
// 1.
const item = await context.env.DB.prepare(
`SELECT tgi.*, tg.user_id
FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.id = ?`
)
.bind(itemId)
.first()
if (!item) {
return notFound('Tab group item not found')
}
if (item.user_id !== userId) {
return notFound('Tab group item not found')
}
// 2.
const targetGroup = await context.env.DB.prepare(
'SELECT id, user_id FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(body.target_group_id, userId)
.first<{ id: string; user_id: string }>()
if (!targetGroup) {
return badRequest('Target group not found or access denied')
}
// 3. ,
if (item.group_id === body.target_group_id) {
if (body.position !== undefined) {
//
await context.env.DB.prepare(
'UPDATE tab_group_items SET position = ? WHERE id = ?'
)
.bind(body.position, itemId)
.run()
//
await context.env.DB.prepare(
`UPDATE tab_group_items
SET position = position + 1
WHERE group_id = ? AND id != ? AND position >= ?`
)
.bind(item.group_id, itemId, body.position)
.run()
}
} else {
// 4.
// 4.1
const maxPositionResult = await context.env.DB.prepare(
'SELECT MAX(position) as max_position FROM tab_group_items WHERE group_id = ?'
)
.bind(body.target_group_id)
.first<{ max_position: number | null }>()
const targetPosition =
body.position !== undefined
? body.position
: (maxPositionResult?.max_position ?? -1) + 1
// 4.2
await context.env.DB.prepare(
`UPDATE tab_group_items
SET group_id = ?, position = ?
WHERE id = ?`
)
.bind(body.target_group_id, targetPosition, itemId)
.run()
// 4.3 ()
await context.env.DB.prepare(
`UPDATE tab_group_items
SET position = position - 1
WHERE group_id = ? AND position > ?`
)
.bind(item.group_id, item.position)
.run()
// 4.4 ()
if (body.position !== undefined) {
await context.env.DB.prepare(
`UPDATE tab_group_items
SET position = position + 1
WHERE group_id = ? AND id != ? AND position >= ?`
)
.bind(body.target_group_id, itemId, targetPosition)
.run()
}
}
// 5.
const updatedItem = await context.env.DB.prepare(
'SELECT * FROM tab_group_items WHERE id = ?'
)
.bind(itemId)
.first()
if (!updatedItem) {
return internalError('Failed to load item after move')
}
return success({
item: updatedItem,
message: 'Item moved successfully',
})
} catch (error) {
console.error('Move tab group item error:', error)
return internalError('Failed to move tab group item')
}
},
]
================================================
FILE: tmarks/functions/api/tab/tab-groups/items/[id].ts
================================================
/**
* API -
* : /api/tab/tab-groups/items/:id
* : API Key (X-API-Key header) JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../lib/types'
import { success, badRequest, notFound, internalError } from '../../../../lib/response'
import { requireDualAuth, DualAuthContext } from '../../../../middleware/dual-auth'
import { sanitizeString } from '../../../../lib/validation'
interface TabGroupItemRow {
id: string
group_id: string
title: string
url: string
favicon: string | null
position: number
created_at: string
is_pinned?: number
is_todo?: number
is_archived?: number
}
interface UpdateTabGroupItemRequest {
title?: string
is_pinned?: boolean
is_todo?: boolean
is_archived?: boolean
position?: number
}
// PATCH /api/tab/tab-groups/items/:id -
export const onRequestPatch: PagesFunction[] = [
requireDualAuth('tab_groups.update'),
async (context) => {
const userId = context.data.user_id
const itemId = context.params.id
try {
const body = (await context.request.json()) as UpdateTabGroupItemRequest
// Check if item exists and user has permission
const item = await context.env.DB.prepare(
`SELECT tgi.*, tg.user_id
FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.id = ?`
)
.bind(itemId)
.first()
if (!item) {
return notFound('Tab group item not found')
}
if (item.user_id !== userId) {
return notFound('Tab group item not found')
}
// Build update query
const updates: string[] = []
const params: (string | number)[] = []
if (body.title !== undefined) {
updates.push('title = ?')
params.push(sanitizeString(body.title, 500))
}
if (body.is_pinned !== undefined) {
updates.push('is_pinned = ?')
params.push(body.is_pinned ? 1 : 0)
// If pinning, set position to 0 and shift others
if (body.is_pinned) {
await context.env.DB.prepare(
'UPDATE tab_group_items SET position = position + 1 WHERE group_id = ? AND id != ?'
)
.bind(item.group_id, itemId)
.run()
updates.push('position = ?')
params.push(0)
}
}
if (body.is_todo !== undefined) {
updates.push('is_todo = ?')
params.push(body.is_todo ? 1 : 0)
}
if (body.is_archived !== undefined) {
updates.push('is_archived = ?')
params.push(body.is_archived ? 1 : 0)
}
if (body.position !== undefined) {
updates.push('position = ?')
params.push(body.position)
}
if (updates.length === 0) {
return badRequest('No fields to update')
}
params.push(itemId, item.group_id, userId)
await context.env.DB.prepare(
`UPDATE tab_group_items SET ${updates.join(', ')} WHERE id = ? AND group_id IN (SELECT id FROM tab_groups WHERE id = ? AND user_id = ?)`
)
.bind(...params)
.run()
// Get updated item
const updatedItem = await context.env.DB.prepare(
`SELECT tgi.* FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.id = ? AND tg.user_id = ?`
)
.bind(itemId, userId)
.first()
if (!updatedItem) {
return internalError('Failed to load item after update')
}
return success({
item: updatedItem,
})
} catch (error) {
console.error('Update tab group item error:', error)
return internalError('Failed to update tab group item')
}
},
]
// DELETE /api/tab/tab-groups/items/:id -
export const onRequestDelete: PagesFunction[] = [
requireDualAuth('tab_groups.delete'),
async (context) => {
const userId = context.data.user_id
const itemId = context.params.id
try {
// Check if item exists and user has permission
const item = await context.env.DB.prepare(
`SELECT tgi.*, tg.user_id
FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.id = ?`
)
.bind(itemId)
.first()
if (!item) {
return notFound('Tab group item not found')
}
if (item.user_id !== userId) {
return notFound('Tab group item not found')
}
// Delete item with ownership check
await context.env.DB.prepare(
'DELETE FROM tab_group_items WHERE id = ? AND group_id IN (SELECT id FROM tab_groups WHERE id = ? AND user_id = ?)'
)
.bind(itemId, item.group_id, userId)
.run()
// Reorder remaining items
await context.env.DB.prepare(
'UPDATE tab_group_items SET position = position - 1 WHERE group_id = ? AND position > ?'
)
.bind(item.group_id, item.position)
.run()
return new Response(null, { status: 204 })
} catch (error) {
console.error('Delete tab group item error:', error)
return internalError('Failed to delete tab group item')
}
},
]
================================================
FILE: tmarks/functions/api/tab/tab-groups/trash.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../lib/types'
import { success, internalError } from '../../../lib/response'
import { requireDualAuth, DualAuthContext } from '../../../middleware/dual-auth'
interface TabGroupRow {
id: string
user_id: string
title: string
color: string | null
tags: string | null
is_deleted: number
deleted_at: string | null
created_at: string
updated_at: string
}
// GET /api/tab/tab-groups/trash - Retrieve trashed tab groups
export const onRequestGet: PagesFunction[] = [
requireDualAuth('tab_groups.read'),
async (context) => {
const userId = context.data.user_id
try {
const { results: groups } = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE user_id = ? AND is_deleted = 1 ORDER BY deleted_at DESC'
)
.bind(userId)
.all()
const groupsWithCounts = await Promise.all(
(groups || []).map(async (group) => {
const { results: items } = await context.env.DB.prepare(
'SELECT COUNT(*) as count FROM tab_group_items WHERE group_id = ?'
)
.bind(group.id)
.all<{ count: number }>()
let tags: string[] | null = null
if (group.tags) {
try {
tags = JSON.parse(group.tags)
} catch {
tags = null
}
}
return {
...group,
tags,
item_count: items?.[0]?.count || 0,
}
})
)
return success({
tab_groups: groupsWithCounts,
total: groupsWithCounts.length,
})
} catch (error) {
console.error('Get trash error:', error)
return internalError('Failed to get trash')
}
},
]
================================================
FILE: tmarks/functions/api/tab/tags/[id]/click.ts
================================================
/**
* API -
* : /api/tab/tags/:id/click
* : API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../lib/types'
import { success, notFound, internalError } from '../../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../../middleware/api-key-auth-pages'
// PATCH /api/tags/:id/click -
export const onRequestPatch: PagesFunction[] = [
requireApiKeyAuth('tags.update'),
async (context) => {
const userId = context.data.user_id
const tagId = context.params.id
try {
//
const existing = await context.env.DB.prepare(
'SELECT id FROM tags WHERE id = ? AND user_id = ? AND deleted_at IS NULL'
)
.bind(tagId, userId)
.first()
if (!existing) {
return notFound('Tag not found')
}
const now = new Date().toISOString()
//
await context.env.DB.prepare(
`UPDATE tags
SET click_count = click_count + 1,
last_clicked_at = ?,
updated_at = ?
WHERE id = ? AND user_id = ?`
)
.bind(now, now, tagId, userId)
.run()
return success({ message: 'Click count incremented' })
} catch (error) {
console.error('Increment tag click count error:', error)
return internalError('Failed to increment click count')
}
},
]
================================================
FILE: tmarks/functions/api/tab/tags/[id].ts
================================================
/**
* API -
* : /api/tab/tags/:id
* : API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams, SQLParam } from '../../../lib/types'
import { success, badRequest, notFound, noContent, internalError } from '../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../middleware/api-key-auth-pages'
import { sanitizeString } from '../../../lib/validation'
interface UpdateTagRequest {
name?: string
color?: string
}
// GET /api/tags/:id -
export const onRequestGet: PagesFunction[] = [
requireApiKeyAuth('tags.read'),
async (context) => {
const userId = context.data.user_id
const tagId = context.params.id
try {
const tag = await context.env.DB.prepare(
`SELECT
t.id,
t.name,
t.color,
t.created_at,
t.updated_at,
COUNT(bt.bookmark_id) as bookmark_count
FROM tags t
LEFT JOIN bookmark_tags bt ON t.id = bt.tag_id AND bt.user_id = t.user_id
LEFT JOIN bookmarks b ON bt.bookmark_id = b.id AND b.deleted_at IS NULL
WHERE t.id = ? AND t.user_id = ? AND t.deleted_at IS NULL
GROUP BY t.id`
)
.bind(tagId, userId)
.first()
if (!tag) {
return notFound('Tag not found')
}
return success({ tag })
} catch (error) {
console.error('Get tag error:', error)
return internalError('Failed to get tag')
}
},
]
// PATCH /api/tags/:id -
export const onRequestPatch: PagesFunction[] = [
requireApiKeyAuth('tags.update'),
async (context) => {
const userId = context.data.user_id
const tagId = context.params.id
try {
const existing = await context.env.DB.prepare(
'SELECT id FROM tags WHERE id = ? AND user_id = ? AND deleted_at IS NULL'
)
.bind(tagId, userId)
.first()
if (!existing) {
return notFound('Tag not found')
}
const body = (await context.request.json()) as UpdateTagRequest
const updates: string[] = []
const values: SQLParam[] = []
//
if (body.name !== undefined) {
if (!body.name.trim()) {
return badRequest('Tag name cannot be empty')
}
const name = sanitizeString(body.name, 50)
//
const duplicate = await context.env.DB.prepare(
'SELECT id FROM tags WHERE user_id = ? AND LOWER(name) = LOWER(?) AND id != ? AND deleted_at IS NULL'
)
.bind(userId, name, tagId)
.first()
if (duplicate) {
return badRequest('Tag with this name already exists')
}
updates.push('name = ?')
values.push(name)
}
//
if (body.color !== undefined) {
updates.push('color = ?')
values.push(body.color ? sanitizeString(body.color, 20) : null)
}
if (updates.length === 0) {
return badRequest('No fields to update')
}
const now = new Date().toISOString()
updates.push('updated_at = ?')
values.push(now)
values.push(tagId, userId)
await context.env.DB.prepare(
`UPDATE tags SET ${updates.join(', ')} WHERE id = ? AND user_id = ?`
)
.bind(...values)
.run()
const tag = await context.env.DB.prepare('SELECT * FROM tags WHERE id = ? AND user_id = ?')
.bind(tagId, userId)
.first()
return success({ tag })
} catch (error) {
console.error('Update tag error:', error)
return internalError('Failed to update tag')
}
},
]
// DELETE /api/tags/:id -
export const onRequestDelete: PagesFunction[] = [
requireApiKeyAuth('tags.delete'),
async (context) => {
const userId = context.data.user_id
const tagId = context.params.id
try {
const existing = await context.env.DB.prepare(
'SELECT id FROM tags WHERE id = ? AND user_id = ? AND deleted_at IS NULL'
)
.bind(tagId, userId)
.first()
if (!existing) {
return notFound('Tag not found')
}
const now = new Date().toISOString()
//
await context.env.DB.prepare(
'UPDATE tags SET deleted_at = ?, updated_at = ? WHERE id = ? AND user_id = ?'
)
.bind(now, now, tagId, userId)
.run()
await context.env.DB.prepare('DELETE FROM bookmark_tags WHERE tag_id = ? AND user_id = ?')
.bind(tagId, userId)
.run()
return noContent()
} catch (error) {
console.error('Delete tag error:', error)
return internalError('Failed to delete tag')
}
},
]
================================================
FILE: tmarks/functions/api/tab/tags/index.ts
================================================
/**
* API -
* : /api/tab/tags
* : API Key (X-API-Key header)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../lib/types'
import { success, badRequest, created, internalError } from '../../../lib/response'
import { requireApiKeyAuth, ApiKeyAuthContext } from '../../../middleware/api-key-auth-pages'
import { sanitizeString } from '../../../lib/validation'
import { generateUUID } from '../../../lib/crypto'
interface CreateTagRequest {
name: string
color?: string
}
interface TagWithCount {
id: string
name: string
color: string | null
bookmark_count: number
created_at: string
updated_at: string
}
// GET /api/tags -
export const onRequestGet: PagesFunction[] = [
requireApiKeyAuth('tags.read'),
async (context) => {
const userId = context.data.user_id
try {
const { results: tags } = await context.env.DB.prepare(
`SELECT
t.id,
t.name,
t.color,
t.created_at,
t.updated_at,
COUNT(bt.bookmark_id) as bookmark_count
FROM tags t
LEFT JOIN bookmark_tags bt ON t.id = bt.tag_id AND bt.user_id = t.user_id
LEFT JOIN bookmarks b ON bt.bookmark_id = b.id AND b.deleted_at IS NULL
WHERE t.user_id = ? AND t.deleted_at IS NULL
GROUP BY t.id
ORDER BY t.name ASC`
)
.bind(userId)
.all()
return success({ tags: tags || [] })
} catch (error) {
console.error('Get tags error:', error)
return internalError('Failed to get tags')
}
},
]
// POST /api/tags -
export const onRequestPost: PagesFunction[] = [
requireApiKeyAuth('tags.create'),
async (context) => {
const userId = context.data.user_id
try {
const body = (await context.request.json()) as CreateTagRequest
if (!body.name || !body.name.trim()) {
return badRequest('Tag name is required')
}
const name = sanitizeString(body.name, 50)
const color = body.color ? sanitizeString(body.color, 20) : null
//
const existing = await context.env.DB.prepare(
'SELECT id FROM tags WHERE user_id = ? AND LOWER(name) = LOWER(?) AND deleted_at IS NULL'
)
.bind(userId, name)
.first()
if (existing) {
return badRequest('Tag with this name already exists')
}
const now = new Date().toISOString()
const tagId = generateUUID()
await context.env.DB.prepare(
`INSERT INTO tags (id, user_id, name, color, created_at, updated_at)
VALUES (?, ?, ?, ?, ?, ?)`
)
.bind(tagId, userId, name, color, now, now)
.run()
const tag = await context.env.DB.prepare('SELECT * FROM tags WHERE id = ?')
.bind(tagId)
.first()
return created({ tag })
} catch (error) {
console.error('Create tag error:', error)
return internalError('Failed to create tag')
}
},
]
================================================
FILE: tmarks/functions/api/v1/auth/login.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, User } from '../../../lib/types'
import { badRequest, unauthorized, success, internalError } from '../../../lib/response'
import { verifyPassword, generateToken, hashRefreshToken, generateUUID } from '../../../lib/crypto'
import { generateJWT, parseExpiry } from '../../../lib/jwt'
import { loginRateLimiter } from '../../../lib/rate-limit'
import { getJwtAccessTokenExpiresIn, getJwtRefreshTokenExpiresIn } from '../../../lib/config'
interface LoginRequest {
username: string
password: string
remember_me?: boolean
}
export const onRequestPost: PagesFunction[] = [
loginRateLimiter,
async (context) => {
try {
const body = await context.request.json() as LoginRequest
if (!body.username || !body.password) {
return badRequest('Username and password are required')
}
// ()
type DbUser = User & { role?: string | null }
let user: DbUser | null = null
try {
user = await context.env.DB.prepare(
`SELECT id, username, email, password_hash, role
FROM users
WHERE LOWER(username) = LOWER(?) OR LOWER(email) = LOWER(?)`
)
.bind(body.username, body.username)
.first()
} catch (error) {
if (error instanceof Error && /no such column: role/i.test(error.message)) {
user = await context.env.DB.prepare(
`SELECT id, username, email, password_hash
FROM users
WHERE LOWER(username) = LOWER(?) OR LOWER(email) = LOWER(?)`
)
.bind(body.username, body.username)
.first()
} else {
throw error
}
}
if (!user) {
const ip = context.request.headers.get('CF-Connecting-IP') || 'unknown'
await context.env.DB.prepare(
`INSERT INTO audit_logs (event_type, payload, ip, created_at)
VALUES ('auth.login_failed', ?, ?, ?)`
)
.bind(
JSON.stringify({ username: body.username, reason: 'user_not_found' }),
ip,
new Date().toISOString()
)
.run()
return unauthorized('Invalid username or password')
}
//
const isValid = await verifyPassword(body.password, user.password_hash)
if (!isValid) {
const ip = context.request.headers.get('CF-Connecting-IP') || 'unknown'
await context.env.DB.prepare(
`INSERT INTO audit_logs (user_id, event_type, payload, ip, created_at)
VALUES (?, 'auth.login_failed', ?, ?, ?)`
)
.bind(
user.id,
JSON.stringify({ username: body.username, reason: 'invalid_password' }),
ip,
new Date().toISOString()
)
.run()
return unauthorized('Invalid username or password')
}
// session_id
const sessionId = generateUUID()
const role = user.role ?? 'user'
// ()
const accessTokenExpiresInStr = getJwtAccessTokenExpiresIn(context.env)
const accessTokenExpiresIn = parseExpiry(accessTokenExpiresInStr)
const accessToken = await generateJWT(
{ sub: user.id, session_id: sessionId },
context.env.JWT_SECRET,
accessTokenExpiresInStr
)
//
const refreshToken = generateToken(32)
const refreshTokenHash = await hashRefreshToken(refreshToken)
//
const refreshTokenExpiresInStr = getJwtRefreshTokenExpiresIn(context.env)
const refreshTokenExpiresIn = parseExpiry(refreshTokenExpiresInStr)
const refreshTokenExpiresAt = new Date(Date.now() + refreshTokenExpiresIn * 1000)
//
await context.env.DB.prepare(
`INSERT INTO auth_tokens (user_id, refresh_token_hash, expires_at, created_at)
VALUES (?, ?, ?, ?)`
)
.bind(user.id, refreshTokenHash, refreshTokenExpiresAt.toISOString(), new Date().toISOString())
.run()
const ip = context.request.headers.get('CF-Connecting-IP') || 'unknown'
const userAgent = context.request.headers.get('User-Agent') || 'unknown'
await context.env.DB.prepare(
`INSERT INTO audit_logs (user_id, event_type, payload, ip, user_agent, created_at)
VALUES (?, 'auth.login_success', ?, ?, ?, ?)`
)
.bind(
user.id,
JSON.stringify({ session_id: sessionId, remember_me: body.remember_me }),
ip,
userAgent,
new Date().toISOString()
)
.run()
return success({
access_token: accessToken,
refresh_token: refreshToken,
token_type: 'Bearer',
expires_in: accessTokenExpiresIn,
user: {
id: user.id,
username: user.username,
email: user.email,
role,
},
})
} catch (error) {
console.error('Login error:', error)
return internalError('Login failed')
}
},
]
================================================
FILE: tmarks/functions/api/v1/auth/logout.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../lib/types'
import { badRequest, noContent, internalError } from '../../../lib/response'
import { hashRefreshToken } from '../../../lib/crypto'
import { requireAuth, AuthContext } from '../../../middleware/auth'
interface LogoutRequest {
refresh_token: string
revoke_all?: boolean //
}
export const onRequest: PagesFunction[] = [
requireAuth,
async (context) => {
try {
const body = await context.request.json() as LogoutRequest
if (!body.refresh_token) {
return badRequest('Refresh token is required')
}
const userId = context.data.user_id
const now = new Date().toISOString()
if (body.revoke_all) {
await context.env.DB.prepare(
`UPDATE auth_tokens
SET revoked_at = ?
WHERE user_id = ? AND revoked_at IS NULL`
)
.bind(now, userId)
.run()
//
const ip = context.request.headers.get('CF-Connecting-IP') || 'unknown'
await context.env.DB.prepare(
`INSERT INTO audit_logs (user_id, event_type, payload, ip, created_at)
VALUES (?, 'auth.logout_all_devices', ?, ?, ?)`
)
.bind(userId, JSON.stringify({ revoked_count: 'all' }), ip, now)
.run()
} else {
//
const tokenHash = await hashRefreshToken(body.refresh_token)
await context.env.DB.prepare(
`UPDATE auth_tokens
SET revoked_at = ?
WHERE refresh_token_hash = ? AND user_id = ? AND revoked_at IS NULL`
)
.bind(now, tokenHash, userId)
.run()
//
const ip = context.request.headers.get('CF-Connecting-IP') || 'unknown'
await context.env.DB.prepare(
`INSERT INTO audit_logs (user_id, event_type, payload, ip, created_at)
VALUES (?, 'auth.logout', ?, ?, ?)`
)
.bind(userId, JSON.stringify({ single_device: true }), ip, now)
.run()
}
return noContent()
} catch (error) {
console.error('Logout error:', error)
return internalError('Logout failed')
}
},
]
================================================
FILE: tmarks/functions/api/v1/auth/refresh.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../lib/types'
import { badRequest, unauthorized, success, internalError } from '../../../lib/response'
import { hashRefreshToken, generateUUID } from '../../../lib/crypto'
import { generateJWT } from '../../../lib/jwt'
import { getJwtAccessTokenExpiresIn } from '../../../lib/config'
interface RefreshRequest {
refresh_token: string
}
export const onRequestPost: PagesFunction = async (context) => {
try {
const body = await context.request.json() as RefreshRequest
if (!body.refresh_token) {
return badRequest('Refresh token is required')
}
//
const tokenHash = await hashRefreshToken(body.refresh_token)
//
const tokenRecord = await context.env.DB.prepare(
`SELECT id, user_id, expires_at, revoked_at
FROM auth_tokens
WHERE refresh_token_hash = ?`
)
.bind(tokenHash)
.first<{
id: number
user_id: string
expires_at: string
revoked_at: string | null
}>()
if (!tokenRecord) {
return unauthorized('Invalid refresh token')
}
//
if (tokenRecord.revoked_at) {
return unauthorized('Refresh token has been revoked')
}
const expiresAt = new Date(tokenRecord.expires_at)
if (expiresAt < new Date()) {
return unauthorized('Refresh token has expired')
}
// session_id
const sessionId = generateUUID()
//
const accessToken = await generateJWT(
{ sub: tokenRecord.user_id, session_id: sessionId },
context.env.JWT_SECRET,
getJwtAccessTokenExpiresIn(context.env)
)
//
type DbUser = { id: string; username: string; email: string | null; role?: string | null }
let user: DbUser | null = null
try {
user = await context.env.DB.prepare(
'SELECT id, username, email, role FROM users WHERE id = ?'
)
.bind(tokenRecord.user_id)
.first()
} catch (error) {
if (error instanceof Error && /no such column: role/i.test(error.message)) {
user = await context.env.DB.prepare(
'SELECT id, username, email FROM users WHERE id = ?'
)
.bind(tokenRecord.user_id)
.first()
} else {
throw error
}
}
if (!user) {
return unauthorized('User not found')
}
const role = user.role ?? 'user'
//
const ip = context.request.headers.get('CF-Connecting-IP') || 'unknown'
await context.env.DB.prepare(
`INSERT INTO audit_logs (user_id, event_type, payload, ip, created_at)
VALUES (?, 'auth.token_refreshed', ?, ?, ?)`
)
.bind(
tokenRecord.user_id,
JSON.stringify({ session_id: sessionId }),
ip,
new Date().toISOString()
)
.run()
return success({
access_token: accessToken,
token_type: 'Bearer',
expires_in: parseExpiresInToSeconds(getJwtAccessTokenExpiresIn(context.env)),
user: {
id: user.id,
username: user.username,
email: user.email,
role,
},
})
} catch (error) {
console.error('Refresh error:', error)
return internalError('Token refresh failed')
}
}
function parseExpiresInToSeconds(expiresIn: string): number {
const match = expiresIn.match(/^(\d+)(s|m|h|d)$/)
if (!match) return 31536000
const value = parseInt(match[1], 10)
switch (match[2]) {
case 's': return value
case 'm': return value * 60
case 'h': return value * 3600
case 'd': return value * 86400
default: return 31536000
}
}
================================================
FILE: tmarks/functions/api/v1/auth/register.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../lib/types'
import { badRequest, created, conflict, internalError } from '../../../lib/response'
import { isValidUsername, isValidPassword, isValidEmail, sanitizeString } from '../../../lib/validation'
import { hashPassword, generateUUID } from '../../../lib/crypto'
interface RegisterRequest {
username: string
password: string
email?: string
}
export const onRequestPost: PagesFunction = async (context) => {
try {
const db = context.env.DB
// Rate limiting: Max 5 registration attempts per IP per hour
const clientIP = context.request.headers.get('CF-Connecting-IP') || 'unknown'
// Log registration attempt (ignore errors)
try {
await db.prepare(
`INSERT INTO audit_logs (user_id, event_type, ip, payload, created_at)
VALUES ('system', 'register_attempt', ?, ?, datetime('now'))`
).bind(clientIP, JSON.stringify({ ip: clientIP })).run()
} catch {
// Ignore audit log errors
}
const rateCheck = await db.prepare(
`SELECT COUNT(*) as cnt FROM audit_logs
WHERE event_type = 'register_attempt'
AND ip = ?
AND created_at > datetime('now', '-1 hour')`
).bind(clientIP).first<{ cnt: number }>()
if (rateCheck && rateCheck.cnt >= 5) {
return new Response(JSON.stringify({ code: 'RATE_LIMITED', message: 'Too many registration attempts' }), {
status: 429,
headers: { 'Content-Type': 'application/json', 'Retry-After': '3600' }
})
}
// Check if registration is enabled
if (context.env.ALLOW_REGISTRATION !== 'true') {
return badRequest('Registration is currently disabled')
}
const body = await context.request.json() as RegisterRequest
//
if (!body.username || !body.password) {
return badRequest('Username and password are required')
}
if (!isValidUsername(body.username)) {
return badRequest('Username must be 3-20 characters and contain only letters, numbers, and underscores')
}
if (!isValidPassword(body.password)) {
return badRequest('Password must be at least 8 characters')
}
if (body.email && !isValidEmail(body.email)) {
return badRequest('Invalid email format')
}
const username = sanitizeString(body.username, 20)
const email = body.email ? sanitizeString(body.email, 255) : null
// Check if username exists
const existingUser = await db.prepare(
'SELECT id FROM users WHERE LOWER(username) = LOWER(?)'
)
.bind(username)
.first()
if (existingUser) {
return conflict('Username already exists')
}
// Check if email exists
if (email) {
const existingEmail = await db.prepare(
'SELECT id FROM users WHERE LOWER(email) = LOWER(?)'
)
.bind(email)
.first()
if (existingEmail) {
return conflict('Email already exists')
}
}
// Hash password
const passwordHash = await hashPassword(body.password)
// Generate UUID
const userId = generateUUID()
const now = new Date()
const nowISO = now.toISOString()
const ip = context.request.headers.get('CF-Connecting-IP') || 'unknown'
const userAgent = context.request.headers.get('User-Agent') || 'unknown'
// Create user
await db.prepare(
`INSERT INTO users (id, username, email, password_hash, created_at, updated_at)
VALUES (?, ?, ?, ?, ?, ?)`
)
.bind(userId, username, email, passwordHash, nowISO, nowISO)
.run()
// Create default preferences
try {
await db.prepare(
`INSERT INTO user_preferences (user_id, theme, page_size, view_mode, density, tag_layout, sort_by, updated_at)
VALUES (?, 'light', 30, 'list', 'normal', 'grid', 'popular', ?)`
)
.bind(userId, nowISO)
.run()
} catch (error) {
if (error instanceof Error && (/no such column: tag_layout/i.test(error.message) || /no such column: sort_by/i.test(error.message))) {
// Fallback for older schema without tag_layout and sort_by
await db.prepare(
`INSERT INTO user_preferences (user_id, theme, page_size, view_mode, density, updated_at)
VALUES (?, 'light', 30, 'list', 'normal', ?)`
)
.bind(userId, nowISO)
.run()
} else {
throw error
}
}
// Log registration (ignore errors)
try {
await db.prepare(
`INSERT INTO audit_logs (user_id, event_type, payload, ip, user_agent, created_at)
VALUES (?, 'user.registered', ?, ?, ?, ?)`
)
.bind(
userId,
JSON.stringify({ username, email: email || null }),
ip,
userAgent,
nowISO
)
.run()
} catch (auditError) {
console.error('Failed to create audit log:', auditError)
}
return created({
user: {
id: userId,
username,
email: email || null,
created_at: nowISO,
},
})
} catch (error) {
console.error('Register error:', error)
return internalError('Registration failed')
}
}
================================================
FILE: tmarks/functions/api/v1/bookmarks/[id]/click.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../../lib/types'
import { success, notFound, internalError } from '../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../middleware/auth'
// POST /api/v1/bookmarks/:id/click -
export const onRequestPost: PagesFunction[] = [
requireAuth,
async (context) => {
try {
const userId = context.data.user_id
const bookmarkId = context.params.id as string
const now = new Date().toISOString()
const db = context.env.DB
//
const bookmark = await db.prepare(
'SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NULL'
)
.bind(bookmarkId, userId)
.first()
if (!bookmark) {
return notFound('Bookmark not found')
}
// ,
await db.batch([
db.prepare(
'UPDATE bookmarks SET click_count = click_count + 1, last_clicked_at = ? WHERE id = ?'
).bind(now, bookmarkId),
db.prepare(
'INSERT INTO bookmark_click_events (bookmark_id, user_id, clicked_at) VALUES (?, ?, ?)'
).bind(bookmarkId, userId, now),
])
return success({
message: 'Click recorded successfully',
clicked_at: now,
})
} catch (error) {
console.error('Record click error:', error)
return internalError('Failed to record click')
}
},
]
================================================
FILE: tmarks/functions/api/v1/bookmarks/[id]/permanent.ts
================================================
/**
* API
* : /api/v1/bookmarks/:id/permanent
* : JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../lib/types'
import { noContent, notFound, internalError } from '../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../middleware/auth'
// DELETE /api/v1/bookmarks/:id/permanent - ()
export const onRequestDelete: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id
try {
//
const existing = await context.env.DB.prepare(
'SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NOT NULL'
)
.bind(bookmarkId, userId)
.first()
if (!existing) {
return notFound('Bookmark not found in trash')
}
//
await context.env.DB.prepare('DELETE FROM bookmark_tags WHERE bookmark_id = ?')
.bind(bookmarkId)
.run()
//
await context.env.DB.prepare('DELETE FROM bookmark_snapshots WHERE bookmark_id = ?')
.bind(bookmarkId)
.run()
//
await context.env.DB.prepare('DELETE FROM bookmarks WHERE id = ?')
.bind(bookmarkId)
.run()
return noContent()
} catch (error) {
console.error('Permanent delete bookmark error:', error)
return internalError('Failed to permanently delete bookmark')
}
},
]
================================================
FILE: tmarks/functions/api/v1/bookmarks/[id]/restore.ts
================================================
/**
* API
* : /api/v1/bookmarks/:id/restore
* : JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, BookmarkRow, RouteParams } from '../../../../lib/types'
import { success, notFound, internalError } from '../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../middleware/auth'
import { normalizeBookmark } from '../../../../lib/bookmark-utils'
// PATCH /api/v1/bookmarks/:id/restore -
export const onRequestPatch: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id
try {
//
const existing = await context.env.DB.prepare(
'SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NOT NULL'
)
.bind(bookmarkId, userId)
.first()
if (!existing) {
return notFound('Bookmark not found in trash')
}
const now = new Date().toISOString()
// : deleted_at
await context.env.DB.prepare(
'UPDATE bookmarks SET deleted_at = NULL, updated_at = ? WHERE id = ?'
)
.bind(now, bookmarkId)
.run()
//
const bookmarkRow = await context.env.DB.prepare(
'SELECT * FROM bookmarks WHERE id = ?'
)
.bind(bookmarkId)
.first()
if (!bookmarkRow) {
return internalError('Failed to load bookmark after restore')
}
//
const { results: tags } = await context.env.DB.prepare(
`SELECT t.id, t.name, t.color
FROM tags t
INNER JOIN bookmark_tags bt ON t.id = bt.tag_id
WHERE bt.bookmark_id = ? AND t.deleted_at IS NULL`
)
.bind(bookmarkId)
.all<{ id: string; name: string; color: string | null }>()
return success({
bookmark: {
...normalizeBookmark(bookmarkRow),
tags: tags || [],
},
})
} catch (error) {
console.error('Restore bookmark error:', error)
return internalError('Failed to restore bookmark')
}
},
]
================================================
FILE: tmarks/functions/api/v1/bookmarks/[id]/snapshot-cleanup.ts
================================================
/**
* —
*/
export async function cleanupOldSnapshots(
db: D1Database,
bucket: R2Bucket,
bookmarkId: string,
userId: string
) {
try {
const bookmarkSettings = await db
.prepare('SELECT snapshot_retention_count FROM bookmarks WHERE id = ? AND user_id = ?')
.bind(bookmarkId, userId)
.first()
const userSettings = await db
.prepare('SELECT snapshot_retention_count FROM user_preferences WHERE user_id = ?')
.bind(userId)
.first()
const retentionCount =
(bookmarkSettings?.snapshot_retention_count as number | null) ??
(userSettings?.snapshot_retention_count as number | null) ??
5
if (retentionCount === -1) {
return
}
const toDelete = await db
.prepare(
`SELECT id, r2_key
FROM bookmark_snapshots
WHERE bookmark_id = ? AND user_id = ?
ORDER BY version DESC
LIMIT -1 OFFSET ?`
)
.bind(bookmarkId, userId, retentionCount)
.all()
if (!toDelete.results || toDelete.results.length === 0) {
return
}
const deletedIds: unknown[] = []
for (const snapshot of toDelete.results) {
try {
await bucket.delete(snapshot.r2_key as string)
deletedIds.push(snapshot.id)
} catch (error) {
console.error('Failed to delete R2 file:', snapshot.r2_key, error)
}
}
if (deletedIds.length === 0) return
const placeholders = deletedIds.map(() => '?').join(',')
await db
.prepare(`DELETE FROM bookmark_snapshots WHERE id IN (${placeholders}) AND user_id = ?`)
.bind(...deletedIds, userId)
.run()
} catch (error) {
console.error('Cleanup snapshots error:', error)
}
}
================================================
FILE: tmarks/functions/api/v1/bookmarks/[id]/snapshots/[snapshotId]/view.ts
================================================
/**
* API - URL
* : /api/v1/bookmarks/:id/snapshots/:snapshotId/view
* : URL( JWT Token)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../../../../lib/types'
import { unauthorized, notFound, internalError } from '../../../../../../lib/response'
import { verifySignedUrl, extractSignedParams } from '../../../../../../lib/signed-url'
import { generateImageSig } from '../../../../../../lib/image-sig'
// GET /api/v1/bookmarks/:id/snapshots/:snapshotId/view - URL
export const onRequestGet: PagesFunction = async (context) => {
try {
const bookmarkId = context.params.id as string
const snapshotId = context.params.snapshotId as string
const db = context.env.DB
const bucket = context.env.SNAPSHOTS_BUCKET
if (!bucket) {
return internalError('Storage not configured')
}
//
const { signature, expires, userId, action } = extractSignedParams(context.request as unknown as Request)
if (!signature || !expires || !userId) {
return unauthorized('Missing signature parameters')
}
//
const verification = await verifySignedUrl(
signature,
expires,
userId,
snapshotId,
context.env.JWT_SECRET,
action || undefined
)
if (!verification.valid) {
return unauthorized(verification.error || 'Invalid signature')
}
//
const snapshot = await db
.prepare(
`SELECT s.*, b.url as bookmark_url
FROM bookmark_snapshots s
JOIN bookmarks b ON s.bookmark_id = b.id
WHERE s.id = ? AND s.bookmark_id = ? AND s.user_id = ?`
)
.bind(snapshotId, bookmarkId, userId)
.first()
if (!snapshot) {
return notFound('Snapshot not found')
}
// R2
const r2Object = await bucket.get(snapshot.r2_key as string)
if (!r2Object) {
return notFound('Snapshot file not found')
}
// HTML
let htmlContent = await r2Object.text()
const htmlSize = new Blob([htmlContent]).size
console.log(`[Snapshot View API] Retrieved from R2: ${(htmlSize / 1024).toFixed(1)}KB`)
// V2 ( /api/snapshot-images/ )
const isV2 = htmlContent.includes('/api/snapshot-images/')
if (isV2) {
const version = (snapshot as Record).version as number || 1
// hash
const imgUrlRegex = /\/api\/snapshot-images\/([a-zA-Z0-9._-]+?)(?:\?[^"\s)]*)?(?=["\s)]|$)/g
const matches = Array.from(htmlContent.matchAll(imgUrlRegex))
const uniqueHashes = [...new Set(matches.map(m => m[1]).filter(h => h.length <= 128))]
//
const sigMap = new Map()
for (const hash of uniqueHashes) {
sigMap.set(hash, await generateImageSig(hash, userId, bookmarkId, context.env.JWT_SECRET))
}
let replacedCount = 0
htmlContent = htmlContent.replace(imgUrlRegex, (_match: string, hash: string) => {
replacedCount++
const sig = sigMap.get(hash) || ''
return `/api/snapshot-images/${hash}?u=${userId}&b=${bookmarkId}&v=${version}&sig=${sig}`
})
console.log(`[Snapshot View API] V2 format: normalized ${replacedCount} image URLs with signatures`)
}
return new Response(htmlContent, {
headers: {
'Content-Type': 'text/html; charset=utf-8',
'Cache-Control': 'public, max-age=3600',
'X-Content-Type-Options': 'nosniff',
// CSP :,
'Content-Security-Policy': "default-src 'none'; img-src * data: blob:; style-src 'unsafe-inline' *; font-src * data:; frame-src 'none'; script-src 'none'; connect-src 'none';",
// X-Frame-Options iframe
'X-Frame-Options': 'DENY',
},
})
} catch (error) {
console.error('[Snapshot View API] Error:', error)
return internalError('Failed to get snapshot')
}
}
================================================
FILE: tmarks/functions/api/v1/bookmarks/[id]/snapshots/[snapshotId].ts
================================================
/**
* API (V1 - JWT Auth)
* : /api/v1/bookmarks/:id/snapshots/:snapshotId
* : JWT Token
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../../../lib/types'
import { notFound, internalError } from '../../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../../middleware/auth'
// GET /api/v1/bookmarks/:id/snapshots/:snapshotId -
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
try {
const userId = context.data.user_id
const bookmarkId = context.params.id as string
const snapshotId = context.params.snapshotId as string
const db = context.env.DB
const bucket = context.env.SNAPSHOTS_BUCKET
if (!bucket) {
return internalError('Storage not configured')
}
//
const snapshot = await db
.prepare(
`SELECT s.*, b.url as bookmark_url
FROM bookmark_snapshots s
JOIN bookmarks b ON s.bookmark_id = b.id
WHERE s.id = ? AND s.bookmark_id = ? AND s.user_id = ?`
)
.bind(snapshotId, bookmarkId, userId)
.first()
if (!snapshot) {
return notFound('Snapshot not found')
}
// R2
const r2Object = await bucket.get(snapshot.r2_key as string)
if (!r2Object) {
return notFound('Snapshot file not found')
}
// HTML
let htmlContent = await r2Object.text()
// data URL ()
const dataUrlCount = (htmlContent.match(/src="data:/g) || []).length
const htmlSize = new Blob([htmlContent]).size
console.log(`[Snapshot API V1] Retrieved from R2: ${(htmlSize / 1024).toFixed(1)}KB, data URLs: ${dataUrlCount}`)
// CSP meta HTML head ()
const cspMetaTag = '';
if (htmlContent.includes('')) {
htmlContent = htmlContent.replace('', `${cspMetaTag}`);
console.log(`[Snapshot API V1] Injected CSP meta tag`);
} else if (htmlContent.includes('')) {
htmlContent = htmlContent.replace('', `${cspMetaTag}`);
console.log(`[Snapshot API V1] Injected CSP meta tag`);
}
// V2 ( /api/snapshot-images/ )
const isV2 = htmlContent.includes('/api/snapshot-images/')
if (isV2) {
const version = (snapshot as Record).version as number || 1
// URL: URL,
let replacedCount = 0
htmlContent = htmlContent.replace(
/\/api\/snapshot-images\/([a-zA-Z0-9._-]+?)(?:\?[^"\s)]*)?(?=["\s)]|$)/g,
(_match: string, hash: string) => {
replacedCount++
// ,()
return `/api/snapshot-images/${hash}?u=${userId}&b=${bookmarkId}&v=${version}`;
}
)
console.log(`[Snapshot API V1] V2 format detected, normalized ${replacedCount} image URLs`)
}
return new Response(htmlContent, {
headers: {
'Content-Type': 'text/html; charset=utf-8',
'Cache-Control': 'public, max-age=3600',
'X-Content-Type-Options': 'nosniff',
// CSP ()
'Content-Security-Policy': "default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; img-src * data: blob:; font-src * data:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; frame-src *; connect-src *;",
},
})
} catch (error) {
console.error('[Snapshot API V1] Get snapshot error:', error)
return internalError('Failed to get snapshot')
}
},
]
// DELETE /api/v1/bookmarks/:id/snapshots/:snapshotId -
export const onRequestDelete: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id as string
const snapshotId = context.params.snapshotId as string
try {
const db = context.env.DB
const bucket = context.env.SNAPSHOTS_BUCKET
if (!bucket) {
return internalError('Storage not configured')
}
//
const snapshot = await db
.prepare(
`SELECT id, r2_key, is_latest, version
FROM bookmark_snapshots
WHERE id = ? AND bookmark_id = ? AND user_id = ?`
)
.bind(snapshotId, bookmarkId, userId)
.first()
if (!snapshot) {
return notFound('Snapshot not found')
}
const version = (snapshot as Record).version as number || 1
// R2 HTML
await bucket.delete(snapshot.r2_key as string)
// V2 ()
try {
//
const imagePrefix = `${userId}/${bookmarkId}/v${version}/images/`
const imageList = await bucket.list({ prefix: imagePrefix })
if (imageList.objects && imageList.objects.length > 0) {
console.log(`[Snapshot API V1] Deleting ${imageList.objects.length} images for version ${version}`)
//
for (const obj of imageList.objects) {
await bucket.delete(obj.key)
}
}
} catch (error) {
console.warn('[Snapshot API V1] Failed to delete images:', error)
// ,
}
//
await db
.prepare('DELETE FROM bookmark_snapshots WHERE id = ?')
.bind(snapshotId)
.run()
// (1)
await db
.prepare(
`UPDATE bookmarks
SET snapshot_count = MAX(0, snapshot_count - 1)
WHERE id = ?`
)
.bind(bookmarkId)
.run()
// ,
if (snapshot.is_latest) {
const nextLatest = await db
.prepare(
`SELECT id FROM bookmark_snapshots
WHERE bookmark_id = ? AND user_id = ?
ORDER BY version DESC
LIMIT 1`
)
.bind(bookmarkId, userId)
.first()
if (nextLatest) {
await db
.prepare(
`UPDATE bookmark_snapshots
SET is_latest = 1
WHERE id = ?`
)
.bind(nextLatest.id)
.run()
} else {
// ,
await db
.prepare(
`UPDATE bookmarks
SET has_snapshot = 0,
latest_snapshot_at = NULL,
snapshot_count = 0
WHERE id = ?`
)
.bind(bookmarkId)
.run()
}
}
return new Response(JSON.stringify({
success: true,
data: { message: 'Snapshot deleted successfully' }
}), {
headers: { 'Content-Type': 'application/json' }
})
} catch (error) {
console.error('[Snapshot API V1] Delete snapshot error:', error)
return internalError('Failed to delete snapshot')
}
},
]
================================================
FILE: tmarks/functions/api/v1/bookmarks/[id]/snapshots/cleanup.ts
================================================
/**
* API
* : /api/v1/bookmarks/:id/snapshots/cleanup
* : JWT Token
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../../../lib/types'
import { success, badRequest, notFound, internalError } from '../../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../../middleware/auth'
interface CleanupRequest {
keep_count?: number
older_than_days?: number
verify_and_fix?: boolean
}
interface RouteParams {
id: string
}
interface SnapshotRow {
id: string
r2_key: string
file_size: number
}
async function deleteSnapshotRows(
db: D1Database, ids: string[], userId: string,
): Promise {
const placeholders = ids.map(() => '?').join(',')
await db
.prepare(`DELETE FROM bookmark_snapshots WHERE id IN (${placeholders}) AND user_id = ?`)
.bind(...ids, userId)
.run()
}
async function updateBookmarkSnapshotCount(
db: D1Database, bookmarkId: string, userId: string,
): Promise {
const remaining = await db
.prepare(
`SELECT COUNT(*) as count FROM bookmark_snapshots
WHERE bookmark_id = ? AND user_id = ?`,
)
.bind(bookmarkId, userId)
.first()
const remainingCount = (remaining?.count as number) || 0
if (remainingCount === 0) {
await db
.prepare(
`UPDATE bookmarks
SET has_snapshot = 0, latest_snapshot_at = NULL, snapshot_count = 0
WHERE id = ? AND user_id = ?`,
)
.bind(bookmarkId, userId)
.run()
} else {
await db
.prepare(`UPDATE bookmarks SET snapshot_count = ? WHERE id = ? AND user_id = ?`)
.bind(remainingCount, bookmarkId, userId)
.run()
}
}
async function handleVerifyAndFix(
db: D1Database, bucket: R2Bucket, bookmarkId: string, userId: string,
) {
const { results: allSnapshots } = await db
.prepare(
`SELECT id, r2_key, file_size FROM bookmark_snapshots
WHERE bookmark_id = ? AND user_id = ?`,
)
.bind(bookmarkId, userId)
.all()
const orphaned: SnapshotRow[] = []
for (const snapshot of allSnapshots || []) {
try {
const r2Object = await bucket.head(snapshot.r2_key)
if (!r2Object) orphaned.push(snapshot)
} catch {
orphaned.push(snapshot)
}
}
if (orphaned.length === 0) {
return success({
deleted_count: 0,
freed_space: 0,
message: 'All snapshots are valid, no orphaned records found',
})
}
await deleteSnapshotRows(db, orphaned.map((s) => s.id), userId)
await updateBookmarkSnapshotCount(db, bookmarkId, userId)
return success({
deleted_count: orphaned.length,
freed_space: 0,
message: `Fixed ${orphaned.length} orphaned snapshot records`,
})
}
// POST /api/v1/bookmarks/:id/snapshots/cleanup
export const onRequestPost: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id
try {
const body = await context.request.json() as CleanupRequest
const { keep_count, older_than_days, verify_and_fix } = body
const db = context.env.DB
const bucket = context.env.SNAPSHOTS_BUCKET
if (!bucket) {
return internalError('Storage not configured')
}
const bookmark = await db
.prepare('SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NULL')
.bind(bookmarkId, userId)
.first()
if (!bookmark) return notFound('Bookmark not found')
if (verify_and_fix) {
return handleVerifyAndFix(db, bucket, bookmarkId, userId)
}
let toDelete: SnapshotRow[] = []
if (keep_count !== undefined && keep_count >= 0) {
const result = await db
.prepare(
`SELECT id, r2_key, file_size FROM bookmark_snapshots
WHERE bookmark_id = ? AND user_id = ?
ORDER BY version DESC LIMIT -1 OFFSET ?`,
)
.bind(bookmarkId, userId, keep_count)
.all()
toDelete = result.results || []
} else if (older_than_days !== undefined && older_than_days > 0) {
const cutoffDate = new Date()
cutoffDate.setDate(cutoffDate.getDate() - older_than_days)
const result = await db
.prepare(
`SELECT id, r2_key, file_size FROM bookmark_snapshots
WHERE bookmark_id = ? AND user_id = ? AND created_at < ?
ORDER BY version ASC`,
)
.bind(bookmarkId, userId, cutoffDate.toISOString())
.all()
toDelete = result.results || []
} else {
return badRequest('Must specify keep_count or older_than_days')
}
if (toDelete.length === 0) {
return success({ deleted_count: 0, freed_space: 0, message: 'No snapshots to delete' })
}
const freedSpace = toDelete.reduce((sum, s) => sum + (s.file_size as number || 0), 0)
for (const snapshot of toDelete) {
await bucket.delete(snapshot.r2_key as string)
}
await deleteSnapshotRows(db, toDelete.map((s) => s.id), userId)
await updateBookmarkSnapshotCount(db, bookmarkId, userId)
return success({
deleted_count: toDelete.length,
freed_space: freedSpace,
message: `Deleted ${toDelete.length} snapshots`,
})
} catch (error) {
console.error('Cleanup snapshots error:', error)
return internalError('Failed to cleanup snapshots')
}
},
]
================================================
FILE: tmarks/functions/api/v1/bookmarks/[id]/snapshots.ts
================================================
/**
* API
* : /api/v1/bookmarks/:id/snapshots
* : JWT Token
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../../lib/types'
import { success, badRequest, notFound, internalError } from '../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../middleware/auth'
import { generateSignedUrl } from '../../../../lib/signed-url'
import { generateNanoId } from '../../../../lib/crypto'
import { checkR2Quota } from '../../../../lib/storage-quota'
import { cleanupOldSnapshots } from './snapshot-cleanup'
// Web Crypto API SHA-256
async function sha256(content: string): Promise {
const encoder = new TextEncoder()
const data = encoder.encode(content)
const hashBuffer = await crypto.subtle.digest('SHA-256', data)
const hashArray = Array.from(new Uint8Array(hashBuffer))
return hashArray.map(b => b.toString(16).padStart(2, '0')).join('')
}
interface CreateSnapshotRequest {
html_content: string
title: string
url: string
force?: boolean
}
//
const MAX_SNAPSHOT_SIZE = 50 * 1024 * 1024 // 50MB
// GET /api/v1/bookmarks/:id/snapshots -
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id
try {
const db = context.env.DB
//
const bookmark = await db
.prepare('SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NULL')
.bind(bookmarkId, userId)
.first()
if (!bookmark) {
return notFound('Bookmark not found')
}
//
const snapshots = await db
.prepare(
`SELECT id, version, file_size, content_hash, snapshot_title,
is_latest, created_at
FROM bookmark_snapshots
WHERE bookmark_id = ? AND user_id = ?
ORDER BY version DESC`
)
.bind(bookmarkId, userId)
.all()
// URL
const snapshotsWithUrls = await Promise.all(
(snapshots.results || []).map(async (snapshot: Record) => {
// 24 URL
const { signature, expires } = await generateSignedUrl(
{
userId,
resourceId: snapshot.id,
expiresIn: 24 * 3600, // 24
action: 'view',
},
context.env.JWT_SECRET
)
// URL
const baseUrl = new URL(context.request.url).origin
const viewUrl = `${baseUrl}/api/v1/bookmarks/${bookmarkId}/snapshots/${snapshot.id}/view?sig=${signature}&exp=${expires}&u=${userId}&a=view`
return {
...snapshot,
view_url: viewUrl,
}
})
)
return success({
snapshots: snapshotsWithUrls,
total: snapshotsWithUrls.length,
})
} catch (error) {
console.error('Get snapshots error:', error)
return internalError('Failed to get snapshots')
}
},
]
// POST /api/v1/bookmarks/:id/snapshots -
export const onRequestPost: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const bookmarkId = context.params.id
try {
const body = await context.request.json() as CreateSnapshotRequest
const { html_content, title, url, force = false } = body
if (!html_content || !title || !url) {
return badRequest('Missing required fields')
}
//
const originalSize = new Blob([html_content]).size
if (originalSize > MAX_SNAPSHOT_SIZE) {
return badRequest(
`Snapshot too large (${(originalSize / 1024 / 1024).toFixed(2)}MB). Maximum size is ${MAX_SNAPSHOT_SIZE / 1024 / 1024}MB.`
)
}
const db = context.env.DB
const bucket = context.env.SNAPSHOTS_BUCKET
if (!bucket) {
return internalError('Storage not configured')
}
//
const bookmark = await db
.prepare('SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NULL')
.bind(bookmarkId, userId)
.first()
if (!bookmark) {
return notFound('Bookmark not found')
}
//
const contentHash = await sha256(html_content)
// ()
if (!force) {
const latestSnapshot = await db
.prepare(
`SELECT content_hash FROM bookmark_snapshots
WHERE bookmark_id = ? AND is_latest = 1`
)
.bind(bookmarkId)
.first()
if (latestSnapshot && latestSnapshot.content_hash === contentHash) {
return success({
message: 'Content unchanged, no new snapshot created',
is_duplicate: true,
})
}
}
//
const versionResult = await db
.prepare(
`SELECT COALESCE(MAX(version), 0) + 1 as next_version
FROM bookmark_snapshots
WHERE bookmark_id = ?`
)
.bind(bookmarkId)
.first()
const version = versionResult?.next_version as number || 1
// R2
const timestamp = Date.now()
const r2Key = `${userId}/${bookmarkId}/snapshot-${timestamp}-v${version}.html`
// HTML UTF-8
const encoder = new TextEncoder()
const htmlBytes = encoder.encode(html_content)
// ( bookmark_snapshots.file_size )
const quota = await checkR2Quota(db, context.env, htmlBytes.length)
if (!quota.allowed) {
const usedGB = quota.usedBytes / (1024 * 1024 * 1024)
const limitGB = quota.limitBytes / (1024 * 1024 * 1024)
return badRequest({
code: 'R2_STORAGE_LIMIT_EXCEEDED',
message: `Snapshot storage limit exceeded. Used ${usedGB.toFixed(2)}GB of ${limitGB.toFixed(2)}GB. Please delete some snapshots or images and try again.`,
})
}
// UTF-8 R2
await bucket.put(r2Key, htmlBytes, {
httpMetadata: {
contentType: 'text/html; charset=utf-8',
},
customMetadata: {
userId,
bookmarkId,
version: version.toString(),
title,
fileSize: htmlBytes.length.toString(),
},
})
const snapshotId = generateNanoId()
const now = new Date().toISOString()
// ( INSERT ,)
const batch = [
// ,
db.prepare(
`INSERT INTO bookmark_snapshots
(id, bookmark_id, user_id, version, is_latest, content_hash,
r2_key, r2_bucket, file_size, mime_type, snapshot_url,
snapshot_title, snapshot_status, created_at, updated_at)
VALUES (?, ?, ?,
(SELECT COALESCE(MAX(version), 0) + 1 FROM bookmark_snapshots WHERE bookmark_id = ?),
1, ?, ?, 'tmarks-snapshots', ?, 'text/html', ?, ?, 'completed', ?, ?)`
).bind(
snapshotId,
bookmarkId,
userId,
bookmarkId,
contentHash,
r2Key,
htmlBytes.length,
url,
title,
now,
now
),
// is_latest
db.prepare(
`UPDATE bookmark_snapshots
SET is_latest = 0
WHERE bookmark_id = ? AND id != ?`
).bind(bookmarkId, snapshotId),
// ()
db.prepare(
`UPDATE bookmarks
SET has_snapshot = 1,
latest_snapshot_at = ?,
snapshot_count = snapshot_count + 1
WHERE id = ?`
).bind(now, bookmarkId),
]
await db.batch(batch)
//
await cleanupOldSnapshots(db, bucket, bookmarkId, userId)
// URL(24 )
const { signature, expires } = await generateSignedUrl(
{
userId,
resourceId: snapshotId,
expiresIn: 24 * 3600,
action: 'view',
},
context.env.JWT_SECRET
)
// URL
const baseUrl = new URL(context.request.url).origin
const viewUrl = `${baseUrl}/api/v1/bookmarks/${bookmarkId}/snapshots/${snapshotId}/view?sig=${signature}&exp=${expires}&u=${userId}&a=view`
return success({
snapshot: {
id: snapshotId,
version,
file_size: htmlBytes.length,
content_hash: contentHash,
snapshot_title: title,
is_latest: true,
created_at: now,
view_url: viewUrl,
},
message: 'Snapshot created successfully',
})
} catch (error) {
console.error('Create snapshot error:', error)
return internalError('Failed to create snapshot')
}
},
]
================================================
FILE: tmarks/functions/api/v1/bookmarks/[id].ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, Bookmark, BookmarkRow, RouteParams, SQLParam } from '../../../lib/types'
import { success, badRequest, notFound, noContent, internalError } from '../../../lib/response'
import { requireAuth, AuthContext } from '../../../middleware/auth'
import { isValidUrl, sanitizeString } from '../../../lib/validation'
import { normalizeBookmark } from '../../../lib/bookmark-utils'
import { getValidTagIds, replaceBookmarkTags, replaceBookmarkTagsByNames } from '../../../lib/tags'
import { invalidatePublicShareCache } from '../../shared/cache'
interface UpdateBookmarkRequest {
title?: string
url?: string
description?: string
cover_image?: string
favicon?: string
tag_ids?: string[] // : ID
tags?: string[] // :()
is_pinned?: boolean
is_public?: boolean
}
// PATCH /api/v1/bookmarks/:id -
export const onRequestPatch: PagesFunction[] = [
requireAuth,
async (context) => {
try {
const userId = context.data.user_id
const bookmarkId = context.params.id
const body = await context.request.json() as UpdateBookmarkRequest
//
const bookmarkRow = await context.env.DB.prepare(
'SELECT * FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NULL'
)
.bind(bookmarkId, userId)
.first()
if (!bookmarkRow) {
return notFound('Bookmark not found')
}
//
if (body.url && !isValidUrl(body.url)) {
return badRequest('Invalid URL format')
}
//
const updates: string[] = []
const values: SQLParam[] = []
if (body.title !== undefined) {
updates.push('title = ?')
values.push(sanitizeString(body.title, 500))
}
if (body.url !== undefined) {
updates.push('url = ?')
values.push(sanitizeString(body.url, 2000))
}
if (body.description !== undefined) {
updates.push('description = ?')
values.push(body.description ? sanitizeString(body.description, 1000) : null)
}
if (body.cover_image !== undefined) {
updates.push('cover_image = ?')
values.push(body.cover_image ? sanitizeString(body.cover_image, 2000) : null)
}
if (body.favicon !== undefined) {
updates.push('favicon = ?')
values.push(body.favicon ? sanitizeString(body.favicon, 2000) : null)
}
if (body.is_pinned !== undefined) {
updates.push('is_pinned = ?')
values.push(body.is_pinned ? 1 : 0)
}
if (body.is_public !== undefined) {
updates.push('is_public = ?')
values.push(body.is_public ? 1 : 0)
}
const now = new Date().toISOString()
if (updates.length > 0) {
updates.push('updated_at = ?')
values.push(now)
values.push(bookmarkId, userId)
await context.env.DB.prepare(
`UPDATE bookmarks SET ${updates.join(', ')} WHERE id = ? AND user_id = ?`
)
.bind(...values)
.run()
}
//
if (body.tags !== undefined) {
await replaceBookmarkTagsByNames(context.env.DB, bookmarkId, body.tags, userId, now)
} else if (body.tag_ids !== undefined) {
const validTagIds = await getValidTagIds(context.env.DB, userId, body.tag_ids)
await replaceBookmarkTags(context.env.DB, bookmarkId, userId, validTagIds, now)
}
//
const updatedBookmarkRow = await context.env.DB.prepare('SELECT * FROM bookmarks WHERE id = ? AND user_id = ?')
.bind(bookmarkId, userId)
.first()
const { results: tags } = await context.env.DB.prepare(
`SELECT t.id, t.name, t.color
FROM tags t
INNER JOIN bookmark_tags bt ON t.id = bt.tag_id
WHERE bt.bookmark_id = ? AND bt.user_id = ? AND t.deleted_at IS NULL`
)
.bind(bookmarkId, userId)
.all<{ id: string; name: string; color: string | null }>()
if (!updatedBookmarkRow) {
return internalError('Failed to load bookmark after update')
}
await invalidatePublicShareCache(context.env, userId)
return success({
bookmark: {
...normalizeBookmark(updatedBookmarkRow),
tags: tags || [],
},
})
} catch (error) {
console.error('Update bookmark error:', error)
return internalError('Failed to update bookmark')
}
},
]
// DELETE /api/v1/bookmarks/:id -
export const onRequestDelete: PagesFunction[] = [
requireAuth,
async (context) => {
try {
const userId = context.data.user_id
const bookmarkId = context.params.id
//
const bookmark = await context.env.DB.prepare(
'SELECT id FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NULL'
)
.bind(bookmarkId, userId)
.first()
if (!bookmark) {
return notFound('Bookmark not found')
}
const now = new Date().toISOString()
await context.env.DB.prepare(
'UPDATE bookmarks SET deleted_at = ?, updated_at = ?, click_count = 0, last_clicked_at = NULL WHERE id = ? AND user_id = ?'
).bind(now, now, bookmarkId, userId).run()
await invalidatePublicShareCache(context.env, userId)
return noContent()
} catch (error) {
console.error('Delete bookmark error:', error)
return internalError('Failed to delete bookmark')
}
},
]
// PUT /api/v1/bookmarks/:id -
export const onRequestPut: PagesFunction[] = [
requireAuth,
async (context) => {
try {
const userId = context.data.user_id
const bookmarkId = context.params.id
// 、
const bookmark = await context.env.DB.prepare(
'SELECT * FROM bookmarks WHERE id = ? AND user_id = ? AND deleted_at IS NOT NULL'
)
.bind(bookmarkId, userId)
.first()
if (!bookmark) {
return notFound('Deleted bookmark not found')
}
//
const now = new Date().toISOString()
await context.env.DB.prepare(
'UPDATE bookmarks SET deleted_at = NULL, updated_at = ? WHERE id = ? AND user_id = ?'
)
.bind(now, bookmarkId, userId)
.run()
//
const restoredBookmarkRow = await context.env.DB.prepare('SELECT * FROM bookmarks WHERE id = ? AND user_id = ?')
.bind(bookmarkId, userId)
.first()
const { results: tags } = await context.env.DB.prepare(
`SELECT t.id, t.name, t.color
FROM tags t
INNER JOIN bookmark_tags bt ON t.id = bt.tag_id
WHERE bt.bookmark_id = ? AND bt.user_id = ? AND t.deleted_at IS NULL`
)
.bind(bookmarkId, userId)
.all<{ id: string; name: string; color: string | null }>()
if (!restoredBookmarkRow) {
return internalError('Failed to load bookmark after restore')
}
await invalidatePublicShareCache(context.env, userId)
return success({
bookmark: {
...normalizeBookmark(restoredBookmarkRow),
tags: tags || [],
},
})
} catch (error) {
console.error('Restore bookmark error:', error)
return internalError('Failed to restore bookmark')
}
},
]
================================================
FILE: tmarks/functions/api/v1/bookmarks/bulk.ts
================================================
import type { PagesFunction, D1PreparedStatement } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../lib/types'
import { requireAuth, type AuthContext } from '../../../middleware/auth'
import { invalidatePublicShareCache } from '../../shared/cache'
import { CacheService } from '../../../lib/cache'
import { createBookmarkCacheManager } from '../../../lib/cache/bookmark-cache'
type BatchActionType = 'delete' | 'update_tags' | 'pin' | 'unpin' | 'archive' | 'unarchive'
interface BatchActionRequest {
action: BatchActionType
bookmark_ids: string[]
add_tag_ids?: string[]
remove_tag_ids?: string[]
}
interface BatchActionResponse {
success: boolean
affected_count: number
errors?: Array<{ bookmark_id: string; message: string }>
}
export const onRequestPatch: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
let body: BatchActionRequest | null = null
try {
body = (await context.request.json()) as BatchActionRequest
const { action, bookmark_ids, add_tag_ids, remove_tag_ids } = body
if (!action || !bookmark_ids || !Array.isArray(bookmark_ids) || bookmark_ids.length === 0) {
return new Response(JSON.stringify({ code: 'INVALID_REQUEST', message: 'action and bookmark_ids are required' }), { status: 400, headers: { 'Content-Type': 'application/json' } })
}
if (bookmark_ids.length > 100) {
return new Response(JSON.stringify({ code: 'TOO_MANY_ITEMS', message: 'Cannot process more than 100 bookmarks at once' }), { status: 400, headers: { 'Content-Type': 'application/json' } })
}
const db = context.env.DB
const placeholders = bookmark_ids.map(() => '?').join(',')
let affectedCount = 0
const errors: Array<{ bookmark_id: string; message: string }> = []
switch (action) {
case 'delete': {
const result = await db.prepare(
`UPDATE bookmarks SET deleted_at = datetime('now'), click_count = 0, last_clicked_at = NULL WHERE id IN (${placeholders}) AND user_id = ? AND deleted_at IS NULL`
).bind(...bookmark_ids, userId).run()
affectedCount = result.meta.changes || 0
await db.prepare(`INSERT INTO audit_logs (user_id, event_type, payload, created_at) VALUES (?, 'batch_delete_bookmarks', ?, datetime('now'))`).bind(userId, JSON.stringify({ bookmark_ids, count: affectedCount })).run()
break
}
case 'pin': {
const result = await db.prepare(`UPDATE bookmarks SET is_pinned = 1, updated_at = datetime('now') WHERE id IN (${placeholders}) AND user_id = ? AND deleted_at IS NULL`).bind(...bookmark_ids, userId).run()
affectedCount = result.meta.changes || 0
break
}
case 'unpin': {
const result = await db.prepare(`UPDATE bookmarks SET is_pinned = 0, updated_at = datetime('now') WHERE id IN (${placeholders}) AND user_id = ? AND deleted_at IS NULL`).bind(...bookmark_ids, userId).run()
affectedCount = result.meta.changes || 0
break
}
case 'update_tags': {
if (add_tag_ids && add_tag_ids.length > 50) {
return new Response(JSON.stringify({ code: 'INVALID_REQUEST', message: 'Cannot add more than 50 tags at once' }), { status: 400, headers: { 'Content-Type': 'application/json' } })
}
if (remove_tag_ids && remove_tag_ids.length > 50) {
return new Response(JSON.stringify({ code: 'INVALID_REQUEST', message: 'Cannot remove more than 50 tags at once' }), { status: 400, headers: { 'Content-Type': 'application/json' } })
}
const verifyResult = await db.prepare(`SELECT id FROM bookmarks WHERE id IN (${placeholders}) AND user_id = ? AND deleted_at IS NULL`).bind(...bookmark_ids, userId).all<{ id: string }>()
const validBookmarkIds = verifyResult.results.map((row: { id: string }) => row.id)
if (validBookmarkIds.length === 0) {
return new Response(JSON.stringify({ code: 'NO_VALID_BOOKMARKS', message: 'No valid bookmarks found' }), { status: 404, headers: { 'Content-Type': 'application/json' } })
}
// Collect all tag mutation statements for atomic batch execution
const tagStmts: D1PreparedStatement[] = []
if (remove_tag_ids && remove_tag_ids.length > 0) {
const tagPlaceholders = remove_tag_ids.map(() => '?').join(',')
const bookmarkPlaceholders = validBookmarkIds.map(() => '?').join(',')
tagStmts.push(
db.prepare(`DELETE FROM bookmark_tags WHERE bookmark_id IN (${bookmarkPlaceholders}) AND tag_id IN (${tagPlaceholders}) AND user_id = ?`).bind(...validBookmarkIds, ...remove_tag_ids, userId)
)
}
let validTagIds: string[] = []
if (add_tag_ids && add_tag_ids.length > 0) {
const tagPlaceholders = add_tag_ids.map(() => '?').join(',')
const tagsResult = await db.prepare(`SELECT id FROM tags WHERE id IN (${tagPlaceholders}) AND user_id = ? AND deleted_at IS NULL`).bind(...add_tag_ids, userId).all<{ id: string }>()
validTagIds = tagsResult.results.map((row: { id: string }) => row.id)
if (validTagIds.length > 0) {
for (const bookmarkId of validBookmarkIds) {
for (const tagId of validTagIds) {
tagStmts.push(
db.prepare(`INSERT OR IGNORE INTO bookmark_tags (bookmark_id, tag_id, user_id, created_at) VALUES (?, ?, ?, datetime('now'))`).bind(bookmarkId, tagId, userId)
)
}
}
}
}
// Add usage count updates, bookmark timestamps, and audit log
const bookmarkPlaceholders = validBookmarkIds.map(() => '?').join(',')
if (validTagIds.length > 0) {
for (const tagId of validTagIds) {
tagStmts.push(
db.prepare(`UPDATE tags SET usage_count = (SELECT COUNT(*) FROM bookmark_tags WHERE tag_id = ? AND user_id = ?) WHERE id = ? AND user_id = ?`).bind(tagId, userId, tagId, userId)
)
}
}
if (remove_tag_ids && remove_tag_ids.length > 0) {
for (const tagId of remove_tag_ids) {
tagStmts.push(
db.prepare(`UPDATE tags SET usage_count = (SELECT COUNT(*) FROM bookmark_tags WHERE tag_id = ? AND user_id = ?) WHERE id = ? AND user_id = ?`).bind(tagId, userId, tagId, userId)
)
}
}
tagStmts.push(
db.prepare(`UPDATE bookmarks SET updated_at = datetime('now') WHERE id IN (${bookmarkPlaceholders}) AND user_id = ?`).bind(...validBookmarkIds, userId),
db.prepare(`INSERT INTO audit_logs (user_id, event_type, payload, created_at) VALUES (?, 'batch_update_tags', ?, datetime('now'))`).bind(userId, JSON.stringify({ bookmark_ids: validBookmarkIds, add_tag_ids, remove_tag_ids })),
)
affectedCount = validBookmarkIds.length
try {
await db.batch(tagStmts)
} catch (e) {
console.error('Batch tag update failed:', e)
errors.push({ bookmark_id: 'batch', message: 'Failed to update tags in batch' })
}
break
}
default:
return new Response(JSON.stringify({ code: 'INVALID_ACTION', message: `Invalid action: ${action}` }), { status: 400, headers: { 'Content-Type': 'application/json' } })
}
const response: BatchActionResponse = { success: true, affected_count: affectedCount }
if (errors.length > 0) response.errors = errors
const cache = new CacheService(context.env)
const bookmarkCache = createBookmarkCacheManager(cache)
await bookmarkCache.handleBatchOperation(userId)
await invalidatePublicShareCache(context.env, userId)
return new Response(JSON.stringify(response), { status: 200, headers: { 'Content-Type': 'application/json' } })
} catch (error) {
console.error('Batch operation error:', error)
return new Response(JSON.stringify({ code: 'INTERNAL_ERROR', message: 'Failed to perform batch operation' }), { status: 500, headers: { 'Content-Type': 'application/json' } })
}
},
]
================================================
FILE: tmarks/functions/api/v1/bookmarks/index.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, BookmarkRow, RouteParams, SQLParam } from '../../../lib/types'
import { success, badRequest, internalError } from '../../../lib/response'
import { requireAuth, AuthContext } from '../../../middleware/auth'
import { fetchFullBookmarks } from '../../../lib/data-fetchers'
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
const { env, request, data } = context
const db = env.DB
const userId = data.user_id
if (!userId) {
return badRequest('User not authenticated')
}
try {
const url = new URL(request.url)
const keyword = url.searchParams.get('keyword')
const tagIds = url.searchParams.get('tagIds')?.split(',').filter(Boolean)
const groupId = url.searchParams.get('groupId')
const sortBy = url.searchParams.get('sortBy') || 'created_at'
const sortOrder = url.searchParams.get('sortOrder') || 'DESC'
const limit = parseInt(url.searchParams.get('limit') || '50', 10) || 50
const offset = parseInt(url.searchParams.get('offset') || '0', 10) || 0
let query = `
SELECT DISTINCT b.*
FROM bookmarks b
LEFT JOIN bookmark_tags bt ON b.id = bt.bookmark_id
WHERE b.user_id = ?
`
const params: SQLParam[] = [userId]
const conditions: string[] = []
const conditionParams: SQLParam[] = []
if (keyword) {
conditions.push('(b.title LIKE ? OR b.description LIKE ? OR b.url LIKE ?)')
const searchPattern = `%${keyword}%`
conditionParams.push(searchPattern, searchPattern, searchPattern)
}
if (tagIds && tagIds.length > 0) {
conditions.push(`bt.tag_id IN (${tagIds.map(() => '?').join(',')})`)
conditionParams.push(...tagIds)
}
if (groupId) {
if (groupId === 'none') {
conditions.push('b.group_id IS NULL')
} else {
conditions.push('b.group_id = ?')
conditionParams.push(groupId)
}
}
if (conditions.length > 0) {
query += ' AND ' + conditions.join(' AND ')
}
const countQuery = `SELECT COUNT(DISTINCT b.id) as total FROM bookmarks b LEFT JOIN bookmark_tags bt ON b.id = bt.bookmark_id WHERE b.user_id = ? ${conditions.length > 0 ? ' AND ' + conditions.join(' AND ') : ''}`
const totalResult = await db.prepare(countQuery).bind(userId, ...conditionParams).first<{ total: number }>()
const total = totalResult?.total || 0
const validSortFields = ['created_at', 'updated_at', 'title']
const sortField = validSortFields.includes(sortBy) ? sortBy : 'created_at'
const direction = sortOrder.toUpperCase() === 'ASC' ? 'ASC' : 'DESC'
query += ` ORDER BY b.${sortField} ${direction} LIMIT ? OFFSET ?`
params.push(...conditionParams, limit, offset)
const { results: rows } = await db.prepare(query).bind(...params).all()
const bookmarks = await fetchFullBookmarks(db, rows, userId)
return success({
bookmarks,
pagination: {
total,
limit,
offset,
},
})
} catch (error: unknown) {
console.error('Fetch bookmarks error:', error)
return internalError('Failed to fetch bookmarks')
}
},
]
================================================
FILE: tmarks/functions/api/v1/bookmarks/statistics-helpers.ts
================================================
export interface BookmarkStatistics {
summary: {
total_bookmarks: number
total_tags: number
total_clicks: number
public_bookmarks: number
}
top_bookmarks: Array<{
id: string
title: string
url: string
click_count: number
last_clicked_at: string | null
}>
top_tags: Array<{
id: string
name: string
color: string | null
click_count: number
bookmark_count: number
}>
top_domains: Array<{
domain: string
count: number
}>
bookmark_clicks: Array<{
id: string
title: string
url: string
click_count: number
}>
recent_clicks: Array<{
id: string
title: string
url: string
last_clicked_at: string
}>
trends: {
bookmarks: Array<{ date: string; count: number }>
clicks: Array<{ date: string; count: number }>
}
}
/**
* SQL
* @param granularity : day, week, month, year
* @param field
*/
export function getDateGroupSql(granularity: string, field: string) {
let dateGroupBy = ''
let dateSelect = ''
switch (granularity) {
case 'year':
dateGroupBy = `strftime('%Y', ${field})`
dateSelect = `strftime('%Y', ${field}) as date`
break
case 'month':
dateGroupBy = `strftime('%Y-%m', ${field})`
dateSelect = `strftime('%Y-%m', ${field}) as date`
break
case 'week':
dateGroupBy = `strftime('%Y-W%W', ${field})`
dateSelect = `strftime('%Y-W%W', ${field}) as date`
break
case 'day':
default:
dateGroupBy = `DATE(${field})`
dateSelect = `DATE(${field}) as date`
break
}
return { dateGroupBy, dateSelect }
}
================================================
FILE: tmarks/functions/api/v1/bookmarks/statistics.ts
================================================
/**
* API
* : /api/v1/bookmarks/statistics
* : JWT Token
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../lib/types'
import { success, internalError } from '../../../lib/response'
import { requireAuth, AuthContext } from '../../../middleware/auth'
import { BookmarkStatistics, getDateGroupSql } from './statistics-helpers'
// GET /api/v1/bookmarks/statistics -
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const url = new URL(context.request.url)
//
const granularity = url.searchParams.get('granularity') || 'day' // day, week, month, year
const startDate = url.searchParams.get('start_date') // YYYY-MM-DD
const endDate = url.searchParams.get('end_date') // YYYY-MM-DD
try {
const db = context.env.DB
const { dateGroupBy, dateSelect } = getDateGroupSql(granularity, 'created_at')
const { dateGroupBy: clickDateGroupBy, dateSelect: clickDateSelect } = getDateGroupSql(granularity, 'clicked_at')
const [
summary,
tagCount,
topBookmarks,
topTags,
topDomains,
recentClicks,
bookmarkTrends,
clickTrends,
bookmarkClickStats,
] = await Promise.all([
db.prepare(
`SELECT
COUNT(*) as total_bookmarks,
SUM(CASE WHEN deleted_at IS NULL THEN 1 ELSE 0 END) as active_bookmarks,
SUM(CASE WHEN is_public = 1 AND deleted_at IS NULL THEN 1 ELSE 0 END) as public_bookmarks,
SUM(click_count) as total_clicks
FROM bookmarks
WHERE user_id = ? AND deleted_at IS NULL`
)
.bind(userId)
.first(),
// 2.
db.prepare(
`SELECT COUNT(*) as total_tags
FROM tags
WHERE user_id = ? AND deleted_at IS NULL`
)
.bind(userId)
.first(),
// 3. Top 10
db.prepare(
`SELECT id, title, url, click_count, last_clicked_at
FROM bookmarks
WHERE user_id = ? AND deleted_at IS NULL AND click_count > 0
ORDER BY click_count DESC, last_clicked_at DESC
LIMIT 10`
)
.bind(userId)
.all(),
// 4. Top 10()
db.prepare(
`SELECT
t.id,
t.name,
t.color,
t.click_count,
COUNT(DISTINCT bt.bookmark_id) as bookmark_count
FROM tags t
LEFT JOIN bookmark_tags bt ON t.id = bt.tag_id
WHERE t.user_id = ? AND t.deleted_at IS NULL
GROUP BY t.id, t.name, t.color, t.click_count
ORDER BY t.click_count DESC, bookmark_count DESC
LIMIT 10`
)
.bind(userId)
.all(),
// 5. Top 10
db.prepare(
`SELECT
CASE
WHEN url LIKE 'http://%' THEN substr(url, 8, instr(substr(url, 8), '/') - 1)
WHEN url LIKE 'https://%' THEN substr(url, 9, instr(substr(url, 9), '/') - 1)
ELSE url
END as domain,
COUNT(*) as count
FROM bookmarks
WHERE user_id = ? AND deleted_at IS NULL
GROUP BY domain
ORDER BY count DESC
LIMIT 10`
)
.bind(userId)
.all(),
db.prepare(
`SELECT id, title, url, last_clicked_at
FROM bookmarks
WHERE user_id = ? AND deleted_at IS NULL AND last_clicked_at IS NOT NULL
ORDER BY last_clicked_at DESC
LIMIT 10`
)
.bind(userId)
.all(),
// 7.
db.prepare(
`SELECT
${dateSelect},
COUNT(*) as count
FROM bookmarks
WHERE user_id = ? AND deleted_at IS NULL
${startDate ? `AND DATE(created_at) >= ?` : ''}
${endDate ? `AND DATE(created_at) <= ?` : ''}
GROUP BY ${dateGroupBy}
ORDER BY date ASC`
)
.bind(userId, ...[startDate, endDate].filter(Boolean))
.all(),
db.prepare(
`SELECT
${clickDateSelect},
COUNT(*) as count
FROM bookmark_click_events
WHERE user_id = ?
${startDate ? `AND DATE(clicked_at) >= ?` : ''}
${endDate ? `AND DATE(clicked_at) <= ?` : ''}
GROUP BY ${clickDateGroupBy}
ORDER BY date ASC`
)
.bind(userId, ...[startDate, endDate].filter(Boolean))
.all(),
// 9.
db.prepare(
`SELECT
b.id,
b.title,
b.url,
COUNT(e.id) as click_count
FROM bookmark_click_events e
JOIN bookmarks b ON e.bookmark_id = b.id
WHERE e.user_id = ? AND b.deleted_at IS NULL
${startDate ? `AND DATE(e.clicked_at) >= ?` : ''}
${endDate ? `AND DATE(e.clicked_at) <= ?` : ''}
GROUP BY b.id, b.title, b.url
ORDER BY click_count DESC`
)
.bind(userId, ...[startDate, endDate].filter(Boolean))
.all()
])
const statistics: BookmarkStatistics = {
summary: {
total_bookmarks: (summary?.total_bookmarks as number) || 0,
total_tags: (tagCount?.total_tags as number) || 0,
total_clicks: (summary?.total_clicks as number) || 0,
public_bookmarks: (summary?.public_bookmarks as number) || 0,
},
top_bookmarks: (topBookmarks.results || []) as Array<{
id: string
title: string
url: string
click_count: number
last_clicked_at: string | null
}>,
top_tags: (topTags.results || []) as Array<{
id: string
name: string
color: string | null
click_count: number
bookmark_count: number
}>,
top_domains: (topDomains.results || []) as Array<{
domain: string
count: number
}>,
recent_clicks: (recentClicks.results || []) as Array<{
id: string
title: string
url: string
last_clicked_at: string
}>,
bookmark_clicks: (bookmarkClickStats.results || []) as Array<{
id: string
title: string
url: string
click_count: number
}>,
trends: {
bookmarks: (bookmarkTrends.results || []) as Array<{ date: string; count: number }>,
clicks: (clickTrends.results || []) as Array<{ date: string; count: number }>,
},
}
return success(statistics)
} catch (error) {
console.error('Get bookmark statistics error:', error)
return internalError('Failed to get statistics')
}
},
]
================================================
FILE: tmarks/functions/api/v1/bookmarks/trash/empty.ts
================================================
/**
* : /api/v1/bookmarks/trash/empty
* : JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../../lib/types'
import { success, internalError } from '../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../middleware/auth'
export const onRequestDelete: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
try {
const { results: trashBookmarks } = await context.env.DB.prepare(
'SELECT id FROM bookmarks WHERE user_id = ? AND deleted_at IS NOT NULL'
)
.bind(userId)
.all<{ id: string }>()
if (trashBookmarks.length === 0) {
return success({ message: 'Trash is already empty', count: 0 })
}
const bookmarkIds = trashBookmarks.map(b => b.id)
//
for (const id of bookmarkIds) {
await context.env.DB.prepare('DELETE FROM bookmark_tags WHERE bookmark_id = ?')
.bind(id)
.run()
}
//
for (const id of bookmarkIds) {
await context.env.DB.prepare('DELETE FROM bookmark_snapshots WHERE bookmark_id = ?')
.bind(id)
.run()
}
//
await context.env.DB.prepare(
'DELETE FROM bookmarks WHERE user_id = ? AND deleted_at IS NOT NULL'
)
.bind(userId)
.run()
return success({
message: 'Trash emptied successfully',
count: bookmarkIds.length,
})
} catch (error) {
console.error('Empty trash error:', error)
return internalError('Failed to empty trash')
}
},
]
================================================
FILE: tmarks/functions/api/v1/bookmarks/trash.ts
================================================
/**
* : /api/v1/bookmarks/trash
* : JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, BookmarkRow } from '../../../lib/types'
import { success, internalError } from '../../../lib/response'
import { requireAuth, AuthContext } from '../../../middleware/auth'
import { normalizeBookmark } from '../../../lib/bookmark-utils'
interface TrashQueryParams {
page_size?: string
page_cursor?: string
sort?: string
}
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const url = new URL(context.request.url)
const params: TrashQueryParams = {
page_size: url.searchParams.get('page_size') || undefined,
page_cursor: url.searchParams.get('page_cursor') || undefined,
sort: url.searchParams.get('sort') || undefined,
}
try {
const pageSize = Math.min(Math.max(parseInt(params.page_size || '20', 10) || 20, 1), 100)
const sort = params.sort === 'deleted_at_asc' ? 'ASC' : 'DESC'
let query = `
SELECT * FROM bookmarks
WHERE user_id = ? AND deleted_at IS NOT NULL
`
const queryParams: (string | number)[] = [userId]
//
if (params.page_cursor) {
query += ` AND deleted_at < ?`
queryParams.push(params.page_cursor)
}
query += ` ORDER BY deleted_at ${sort} LIMIT ?`
queryParams.push(pageSize + 1)
const { results: bookmarks } = await context.env.DB.prepare(query)
.bind(...queryParams)
.all()
const hasMore = bookmarks.length > pageSize
const items = hasMore ? bookmarks.slice(0, pageSize) : bookmarks
const bookmarksWithTags = await Promise.all(
items.map(async (bookmark) => {
const { results: tags } = await context.env.DB.prepare(
`SELECT t.id, t.name, t.color
FROM tags t
INNER JOIN bookmark_tags bt ON t.id = bt.tag_id
WHERE bt.bookmark_id = ? AND t.deleted_at IS NULL`
)
.bind(bookmark.id)
.all<{ id: string; name: string; color: string | null }>()
return {
...normalizeBookmark(bookmark),
tags: tags || [],
}
})
)
//
const countResult = await context.env.DB.prepare(
'SELECT COUNT(*) as count FROM bookmarks WHERE user_id = ? AND deleted_at IS NOT NULL'
)
.bind(userId)
.first<{ count: number }>()
return success({
bookmarks: bookmarksWithTags,
meta: {
total: countResult?.count || 0,
page_size: pageSize,
has_more: hasMore,
next_cursor: hasMore && items.length > 0 ? items[items.length - 1].deleted_at : null,
},
})
} catch (error) {
console.error('Get trash bookmarks error:', error)
return internalError('Failed to get trash bookmarks')
}
},
]
================================================
FILE: tmarks/functions/api/v1/change-password.ts
================================================
/**
* Change Password API
* Path: /api/v1/change-password
* Auth: JWT Token
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../lib/types'
import { success, badRequest, unauthorized, internalError } from '../../lib/response'
import { requireAuth, AuthContext } from '../../middleware/auth'
import { hashPassword, verifyPassword } from '../../lib/crypto'
interface ChangePasswordRequest {
current_password: string
new_password: string
}
// POST /api/v1/change-password - Change password
export const onRequestPost: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
try {
const body = (await context.request.json()) as ChangePasswordRequest
// Validate request parameters
if (!body.current_password || !body.new_password) {
return badRequest('Current password and new password are required')
}
// Validate new password length
if (body.new_password.length < 6) {
return badRequest('New password must be at least 6 characters')
}
// Get user's current password hash
const user = await context.env.DB.prepare(
'SELECT password_hash FROM users WHERE id = ?'
)
.bind(userId)
.first<{ password_hash: string }>()
if (!user) {
return unauthorized('User not found')
}
// Verify current password
const isCurrentPasswordValid = await verifyPassword(
body.current_password,
user.password_hash
)
if (!isCurrentPasswordValid) {
return unauthorized('Current password is incorrect')
}
// Generate new password hash
const newPasswordHash = await hashPassword(body.new_password)
// Update password
const now = new Date().toISOString()
await context.env.DB.prepare(
'UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?'
)
.bind(newPasswordHash, now, userId)
.run()
return success({
message: 'Password changed successfully',
})
} catch (error) {
console.error('Change password error:', error)
return internalError('Failed to change password')
}
},
]
================================================
FILE: tmarks/functions/api/v1/export.ts
================================================
/**
* Export API endpoint
* GET /api/v1/export -> download JSON export
* POST /api/v1/export -> preview stats (counts + estimated size)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../lib/types'
import { requireAuth, type AuthContext } from '../../middleware/auth'
import type { ExportOptions } from '../../../shared/import-export-types'
import { createJsonExporter } from '../../lib/import-export/exporters/json-exporter'
import { collectExportData } from '../../lib/import-export/collect-export-data'
import { parseExportScope } from '../../lib/import-export/export-scope'
import { getExportFilename } from '../../lib/import-export/export-scope'
import { estimateExportSize, getExportStats } from '../../lib/import-export/export-stats'
interface ExportPreviewRequest {
format?: string
scope?: string
include_deleted?: boolean
}
function parseCommonOptions(url: URL): {
scope: ReturnType
includeDeleted: boolean
options: ExportOptions
} {
const requestedFormat = url.searchParams.get('format') ?? 'json'
if (requestedFormat !== 'json') {
throw new Error(`Unsupported export format: ${requestedFormat}`)
}
const scope = parseExportScope(url.searchParams.get('scope'))
const includeDeleted = url.searchParams.get('include_deleted') === 'true'
const includeMetadata = url.searchParams.get('include_metadata') !== 'false'
const includeTags = url.searchParams.get('include_tags') !== 'false'
const prettyPrint = url.searchParams.get('pretty_print') !== 'false'
const options: ExportOptions = {
include_tags: includeTags,
include_metadata: includeMetadata,
format_options: {
pretty_print: prettyPrint,
include_click_stats: url.searchParams.get('include_stats') === 'true',
include_user_info: url.searchParams.get('include_user') === 'true',
},
}
return { scope, includeDeleted, options }
}
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
try {
const userId = context.data.user_id
const url = new URL(context.request.url)
let scope: ReturnType
let includeDeleted: boolean
let options: ExportOptions
try {
;({ scope, includeDeleted, options } = parseCommonOptions(url))
} catch (error) {
const message = error instanceof Error ? error.message : String(error)
if (message.startsWith('Unsupported export format:')) {
return new Response(
JSON.stringify({ error: 'Unsupported export format', message }),
{ status: 400, headers: { 'Content-Type': 'application/json' } }
)
}
throw error
}
const exportData = await collectExportData(context.env.DB, userId, scope, includeDeleted)
const jsonExporter = createJsonExporter()
const result = await jsonExporter.export(exportData, options)
const filename = getExportFilename(exportData.exported_at, scope)
return new Response(result.content, {
status: 200,
headers: {
'Content-Type': result.mimeType,
'Content-Disposition': `attachment; filename="${filename}"`,
'Content-Length': result.size.toString(),
'Cache-Control': 'no-cache, no-store, must-revalidate',
},
})
} catch (error) {
console.error('Export error:', error)
return new Response(
JSON.stringify({
error: 'Export failed',
message: error instanceof Error ? error.message : 'Unknown error',
}),
{ status: 500, headers: { 'Content-Type': 'application/json' } }
)
}
},
]
export const onRequestPost: PagesFunction[] = [
requireAuth,
async (context) => {
try {
const userId = context.data.user_id
const body = (await context.request.json()) as ExportPreviewRequest
const requestedFormat = body.format ?? 'json'
if (requestedFormat !== 'json') {
return new Response(
JSON.stringify({
error: 'Unsupported export format',
message: `Unsupported export format: ${requestedFormat}`,
}),
{ status: 400, headers: { 'Content-Type': 'application/json' } }
)
}
const scope = parseExportScope(body.scope)
const includeDeleted = Boolean(body.include_deleted)
const stats = await getExportStats(context.env.DB, userId, scope, includeDeleted)
const estimatedSize = estimateExportSize(stats)
const estimatedFilename = getExportFilename(new Date().toISOString(), scope)
return new Response(
JSON.stringify({
stats,
estimated_size: estimatedSize,
format: 'json',
estimated_filename: estimatedFilename,
}),
{ status: 200, headers: { 'Content-Type': 'application/json' } }
)
} catch (error) {
console.error('Export preview error:', error)
return new Response(JSON.stringify({ error: 'Failed to get export preview' }), {
status: 500,
headers: { 'Content-Type': 'application/json' },
})
}
},
]
================================================
FILE: tmarks/functions/api/v1/health.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
export const onRequestGet: PagesFunction = async () => {
return Response.json({
status: 'ok',
timestamp: new Date().toISOString(),
version: '0.1.0',
})
}
================================================
FILE: tmarks/functions/api/v1/preferences-helpers.ts
================================================
export interface UserPreferences {
user_id: string
theme: 'light' | 'dark' | 'system'
page_size: number
view_mode: 'list' | 'card' | 'minimal' | 'title'
density: 'compact' | 'normal' | 'comfortable'
tag_layout?: 'grid' | 'masonry'
sort_by?: 'created' | 'updated' | 'pinned' | 'popular'
search_auto_clear_seconds?: number
tag_selection_auto_clear_seconds?: number
enable_search_auto_clear?: number
enable_tag_selection_auto_clear?: number
default_bookmark_icon?: string
snapshot_retention_count?: number
snapshot_auto_create?: number
snapshot_auto_dedupe?: number
snapshot_auto_cleanup_days?: number
updated_at: string
}
export interface UpdatePreferencesRequest {
theme?: 'light' | 'dark' | 'system'
page_size?: number
view_mode?: 'list' | 'card' | 'minimal' | 'title'
density?: 'compact' | 'normal' | 'comfortable'
tag_layout?: 'grid' | 'masonry'
sort_by?: 'created' | 'updated' | 'pinned' | 'popular'
search_auto_clear_seconds?: number
tag_selection_auto_clear_seconds?: number
enable_search_auto_clear?: boolean
enable_tag_selection_auto_clear?: boolean
default_bookmark_icon?: string
snapshot_retention_count?: number
snapshot_auto_create?: boolean
snapshot_auto_dedupe?: boolean
snapshot_auto_cleanup_days?: number
}
export async function hasTagLayoutColumn(db: D1Database): Promise {
try {
await db.prepare('SELECT tag_layout FROM user_preferences LIMIT 1').first()
return true
} catch (error) {
if (error instanceof Error && /no such column: tag_layout/i.test(error.message)) {
return false
}
throw error
}
}
export async function hasSortByColumn(db: D1Database): Promise {
try {
await db.prepare('SELECT sort_by FROM user_preferences LIMIT 1').first()
return true
} catch (error) {
if (error instanceof Error && /no such column: sort_by/i.test(error.message)) {
return false
}
throw error
}
}
export async function hasAutomationColumns(db: D1Database): Promise {
try {
await db
.prepare('SELECT search_auto_clear_seconds FROM user_preferences LIMIT 1')
.first()
return true
} catch (error) {
if (
error instanceof Error &&
/no such column: search_auto_clear_seconds/i.test(error.message)
) {
return false
}
throw error
}
}
export function mapPreferences(preferences: UserPreferences) {
return {
theme: preferences.theme,
page_size: preferences.page_size,
view_mode: preferences.view_mode,
density: preferences.density,
tag_layout: preferences.tag_layout ?? 'grid',
sort_by: preferences.sort_by ?? 'popular',
search_auto_clear_seconds: preferences.search_auto_clear_seconds ?? 15,
tag_selection_auto_clear_seconds: preferences.tag_selection_auto_clear_seconds ?? 30,
enable_search_auto_clear: preferences.enable_search_auto_clear === 1,
enable_tag_selection_auto_clear: preferences.enable_tag_selection_auto_clear === 1,
default_bookmark_icon: preferences.default_bookmark_icon ?? 'bookmark',
snapshot_retention_count: preferences.snapshot_retention_count ?? 5,
snapshot_auto_create: preferences.snapshot_auto_create === 1,
snapshot_auto_dedupe: preferences.snapshot_auto_dedupe === 1,
snapshot_auto_cleanup_days: preferences.snapshot_auto_cleanup_days ?? 0,
updated_at: preferences.updated_at,
}
}
export function validatePreferences(body: UpdatePreferencesRequest): string | null {
if (body.theme && !['light', 'dark', 'system'].includes(body.theme)) {
return 'Invalid theme value'
}
if (body.page_size && (body.page_size < 10 || body.page_size > 100)) {
return 'Page size must be between 10 and 100'
}
if (body.view_mode && !['list', 'card', 'minimal', 'title'].includes(body.view_mode)) {
return 'Invalid view mode'
}
if (body.density && !['compact', 'normal', 'comfortable'].includes(body.density)) {
return 'Invalid density value'
}
if (body.tag_layout && !['grid', 'masonry'].includes(body.tag_layout)) {
return 'Invalid tag layout value'
}
if (body.sort_by && !['created', 'updated', 'pinned', 'popular'].includes(body.sort_by)) {
return 'Invalid sort_by value'
}
if (body.search_auto_clear_seconds !== undefined && (body.search_auto_clear_seconds < 5 || body.search_auto_clear_seconds > 120)) {
return 'Search auto clear seconds must be between 5 and 120'
}
if (body.tag_selection_auto_clear_seconds !== undefined && (body.tag_selection_auto_clear_seconds < 10 || body.tag_selection_auto_clear_seconds > 300)) {
return 'Tag selection auto clear seconds must be between 10 and 300'
}
if (
body.default_bookmark_icon &&
!['gradient-glow', 'pulse-breath', 'orbital-spinner', 'bookmark'].includes(
body.default_bookmark_icon,
)
) {
return 'Invalid default bookmark icon value'
}
if (body.snapshot_retention_count !== undefined && (body.snapshot_retention_count < -1 || body.snapshot_retention_count > 100)) {
return 'Snapshot retention count must be between -1 and 100'
}
if (body.snapshot_auto_cleanup_days !== undefined && (body.snapshot_auto_cleanup_days < 0 || body.snapshot_auto_cleanup_days > 365)) {
return 'Snapshot auto cleanup days must be between 0 and 365'
}
return null
}
================================================
FILE: tmarks/functions/api/v1/preferences.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams, SQLParam } from '../../lib/types'
import { success, badRequest, notFound, internalError } from '../../lib/response'
import { requireAuth, AuthContext } from '../../middleware/auth'
import {
UserPreferences,
UpdatePreferencesRequest,
hasTagLayoutColumn,
hasSortByColumn,
hasAutomationColumns,
mapPreferences,
validatePreferences
} from './preferences-helpers'
// GET /api/v1/preferences - Retrieve user preferences
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
try {
const userId = context.data.user_id
const preferences = await context.env.DB.prepare(
'SELECT * FROM user_preferences WHERE user_id = ?'
)
.bind(userId)
.first()
if (!preferences) {
return notFound('Preferences not found')
}
return success({
preferences: mapPreferences(preferences),
})
} catch (error) {
console.error('Get preferences error:', error)
return internalError('Failed to get preferences')
}
},
]
// PATCH /api/v1/preferences - Update user preferences
export const onRequestPatch: PagesFunction[] = [
requireAuth,
async (context) => {
try {
const userId = context.data.user_id
const body = await context.request.json() as UpdatePreferencesRequest
const tagLayoutSupported = await hasTagLayoutColumn(context.env.DB)
const sortBySupported = await hasSortByColumn(context.env.DB)
const automationSupported = await hasAutomationColumns(context.env.DB)
const validationError = validatePreferences(body)
if (validationError) {
return badRequest(validationError)
}
const updates: string[] = []
const values: SQLParam[] = []
if (body.theme !== undefined) {
updates.push('theme = ?')
values.push(body.theme)
}
if (body.page_size !== undefined) {
updates.push('page_size = ?')
values.push(body.page_size)
}
if (body.view_mode !== undefined) {
updates.push('view_mode = ?')
values.push(body.view_mode)
}
if (body.density !== undefined) {
updates.push('density = ?')
values.push(body.density)
}
if (body.tag_layout !== undefined && tagLayoutSupported) {
updates.push('tag_layout = ?')
values.push(body.tag_layout)
}
if (body.sort_by !== undefined && sortBySupported) {
updates.push('sort_by = ?')
values.push(body.sort_by)
}
if (automationSupported) {
if (body.search_auto_clear_seconds !== undefined) {
updates.push('search_auto_clear_seconds = ?')
values.push(body.search_auto_clear_seconds)
}
if (body.tag_selection_auto_clear_seconds !== undefined) {
updates.push('tag_selection_auto_clear_seconds = ?')
values.push(body.tag_selection_auto_clear_seconds)
}
if (body.enable_search_auto_clear !== undefined) {
updates.push('enable_search_auto_clear = ?')
values.push(body.enable_search_auto_clear ? 1 : 0)
}
if (body.enable_tag_selection_auto_clear !== undefined) {
updates.push('enable_tag_selection_auto_clear = ?')
values.push(body.enable_tag_selection_auto_clear ? 1 : 0)
}
}
if (automationSupported) {
if (body.default_bookmark_icon !== undefined) {
updates.push('default_bookmark_icon = ?')
values.push(body.default_bookmark_icon)
}
if (body.snapshot_retention_count !== undefined) {
updates.push('snapshot_retention_count = ?')
values.push(body.snapshot_retention_count)
}
if (body.snapshot_auto_create !== undefined) {
updates.push('snapshot_auto_create = ?')
values.push(body.snapshot_auto_create ? 1 : 0)
}
if (body.snapshot_auto_dedupe !== undefined) {
updates.push('snapshot_auto_dedupe = ?')
values.push(body.snapshot_auto_dedupe ? 1 : 0)
}
if (body.snapshot_auto_cleanup_days !== undefined) {
updates.push('snapshot_auto_cleanup_days = ?')
values.push(body.snapshot_auto_cleanup_days)
}
}
if (updates.length === 0) {
if ((body.tag_layout !== undefined && !tagLayoutSupported) ||
(body.sort_by !== undefined && !sortBySupported)) {
const preferences = await context.env.DB.prepare(
'SELECT * FROM user_preferences WHERE user_id = ?'
)
.bind(userId)
.first()
if (!preferences) {
return internalError('Failed to load preferences')
}
return success({
preferences: mapPreferences(preferences),
})
}
return badRequest('No valid fields to update')
}
const now = new Date().toISOString()
updates.push('updated_at = ?')
values.push(now)
values.push(userId)
const insertStmt = context.env.DB.prepare(
`INSERT INTO user_preferences (user_id)
VALUES (?)
ON CONFLICT(user_id) DO NOTHING`
).bind(userId)
const updateStmt = context.env.DB.prepare(
`UPDATE user_preferences
SET ${updates.join(', ')}
WHERE user_id = ?`
).bind(...values)
await context.env.DB.batch([insertStmt, updateStmt])
const preferences = await context.env.DB.prepare(
'SELECT * FROM user_preferences WHERE user_id = ?'
)
.bind(userId)
.first()
if (!preferences) {
return internalError('Failed to load preferences after update')
}
return success({
preferences: mapPreferences(preferences),
})
} catch (error) {
console.error('Update preferences error:', error)
return internalError('Failed to update preferences')
}
},
]
================================================
FILE: tmarks/functions/api/v1/settings/api-keys/[id].ts
================================================
/**
* API Key
* GET /api/v1/settings/api-keys/:id - API Key
* PATCH /api/v1/settings/api-keys/:id - API Key
* DELETE /api/v1/settings/api-keys/:id - API Key
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams, SQLParam } from '../../../../lib/types'
import { success, badRequest, notFound, internalError } from '../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../middleware/auth'
import { getApiKeyStats } from '../../../../lib/api-key/logger'
import { PERMISSION_TEMPLATES } from '../../../../../shared/permissions'
interface UpdateApiKeyRequest {
name?: string
description?: string
permissions?: string[]
template?: 'READ_ONLY' | 'BASIC' | 'FULL'
expires_at?: string | null
}
// GET /api/v1/settings/api-keys/:id - API Key
interface ApiKeyDetail {
id: string
key_prefix: string
name: string
description: string | null
permissions: string
status: string
expires_at: string | null
last_used_at: string | null
last_used_ip: string | null
created_at: string
updated_at: string
}
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const keyId = context.params.id
try {
const keyData = await context.env.DB.prepare(
`SELECT id, key_prefix, name, description, permissions, status,
expires_at, last_used_at, last_used_ip, created_at, updated_at
FROM api_keys
WHERE id = ? AND user_id = ?`
)
.bind(keyId, userId)
.first()
if (!keyData) {
return notFound('API Key not found')
}
//
const stats = await getApiKeyStats(keyId, context.env.DB)
return success({
...keyData,
permissions: JSON.parse(keyData.permissions) as string[],
stats,
})
} catch (error) {
console.error('Failed to get API key:', error)
return internalError('Failed to get API key details')
}
},
]
// PATCH /api/v1/settings/api-keys/:id - API Key
export const onRequestPatch: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const keyId = context.params.id
try {
// 1. Key
const existingKey = await context.env.DB.prepare(
`SELECT id FROM api_keys WHERE id = ? AND user_id = ?`
)
.bind(keyId, userId)
.first()
if (!existingKey) {
return notFound('API Key not found')
}
// 2.
const body = (await context.request.json()) as UpdateApiKeyRequest
const { name, description, permissions, expires_at, template } = body
const updates: string[] = []
const values: SQLParam[] = []
if (name !== undefined) {
if (!name.trim()) {
return badRequest({
code: 'INVALID_INPUT',
message: 'Name cannot be empty',
})
}
updates.push('name = ?')
values.push(name.trim())
}
if (description !== undefined) {
updates.push('description = ?')
values.push(description?.trim() || null)
}
if (template || permissions) {
let permissionsList: string[] = []
if (template && PERMISSION_TEMPLATES[template]) {
permissionsList = PERMISSION_TEMPLATES[template].permissions
} else if (permissions && Array.isArray(permissions)) {
permissionsList = permissions
}
if (permissionsList.length > 0) {
updates.push('permissions = ?')
values.push(JSON.stringify(permissionsList))
}
}
if (expires_at !== undefined) {
if (expires_at === null) {
updates.push('expires_at = NULL')
} else {
let expiresDate: Date
// (30d, 90d ) ISO
if (expires_at.match(/^\d+d$/)) {
const days = parseInt(expires_at.slice(0, -1), 10)
expiresDate = new Date()
expiresDate.setDate(expiresDate.getDate() + days)
} else {
expiresDate = new Date(expires_at)
}
if (expiresDate <= new Date()) {
return badRequest({
code: 'INVALID_INPUT',
message: 'Expiration date must be in the future',
})
}
updates.push('expires_at = ?')
values.push(expiresDate.toISOString())
}
}
if (updates.length === 0) {
return badRequest({
code: 'INVALID_INPUT',
message: 'No valid fields to update',
})
}
// 3.
updates.push("updated_at = datetime('now')")
values.push(keyId, userId)
await context.env.DB.prepare(
`UPDATE api_keys
SET ${updates.join(', ')}
WHERE id = ? AND user_id = ?`
)
.bind(...values)
.run()
// 4.
const updatedKey = await context.env.DB.prepare(
`SELECT id, key_prefix, name, description, permissions, status,
expires_at, last_used_at, last_used_ip, created_at, updated_at
FROM api_keys
WHERE id = ?`
)
.bind(keyId)
.first()
if (!updatedKey) {
return internalError('Failed to load updated API key')
}
return success({
...updatedKey,
permissions: JSON.parse(updatedKey.permissions) as string[],
})
} catch (error) {
console.error('Failed to update API key:', error)
return internalError('Failed to update API key')
}
},
]
// DELETE /api/v1/settings/api-keys/:id - API Key
export const onRequestDelete: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const keyId = context.params.id
const url = new URL(context.request.url)
const hardDelete = url.searchParams.get('hard') === 'true'
try {
// 1. Key
const existingKey = await context.env.DB.prepare(
`SELECT id FROM api_keys WHERE id = ? AND user_id = ?`
)
.bind(keyId, userId)
.first()
if (!existingKey) {
return notFound('API Key not found')
}
if (hardDelete) {
try {
await context.env.DB.batch([
context.env.DB.prepare('DELETE FROM api_key_logs WHERE api_key_id = ?').bind(keyId),
context.env.DB.prepare('DELETE FROM api_keys WHERE id = ? AND user_id = ?').bind(keyId, userId),
])
} catch (error) {
console.error('Failed to delete API key records:', error)
throw error
}
return success({
message: 'API Key deleted permanently',
})
}
// 2. ()
await context.env.DB.prepare(
`UPDATE api_keys
SET status = 'revoked', updated_at = datetime('now')
WHERE id = ? AND user_id = ?`
)
.bind(keyId, userId)
.run()
return success({
message: 'API Key revoked successfully',
})
} catch (error) {
console.error('Failed to revoke API key:', error)
return internalError('Failed to revoke API key')
}
},
]
================================================
FILE: tmarks/functions/api/v1/settings/api-keys/index.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../lib/types'
import { success, badRequest, created, internalError } from '../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../middleware/auth'
import { generateApiKey } from '../../../../lib/api-key/generator'
import { PERMISSION_TEMPLATES } from '../../../../../shared/permissions'
interface CreateApiKeyRequest {
name: string
description?: string
permissions?: string[]
template?: 'READ_ONLY' | 'BASIC' | 'FULL'
expires_at?: string | null
}
async function getUserApiKeyLimit(_db: D1Database, _userId: string): Promise {
void _db
void _userId
return 999
}
// GET /api/v1/settings/api-keys - Retrieve API keys
interface ApiKeyRow {
id: string
key_prefix: string
name: string
description: string | null
permissions: string
status: string
expires_at: string | null
last_used_at: string | null
last_used_ip: string | null
created_at: string
updated_at: string
}
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
try {
const keys = await context.env.DB.prepare(
`SELECT id, key_prefix, name, description, permissions, status,
expires_at, last_used_at, last_used_ip, created_at, updated_at
FROM api_keys
WHERE user_id = ?
ORDER BY created_at DESC`
)
.bind(userId)
.all()
const quota = await context.env.DB.prepare(
`SELECT COUNT(*) as count FROM api_keys WHERE user_id = ? AND status = 'active'`
)
.bind(userId)
.first<{ count: number }>()
const used = quota?.count || 0
const limit = await getUserApiKeyLimit(context.env.DB, userId)
return success({
keys: (keys.results ?? []).map((key) => ({
...key,
permissions: JSON.parse(key.permissions) as string[],
})),
quota: {
used,
limit,
},
})
} catch (error) {
console.error('Failed to list API keys:', error)
return internalError('Failed to list API keys')
}
},
]
// POST /api/v1/settings/api-keys - Create new API Key
export const onRequestPost: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
try {
const quota = await context.env.DB.prepare(
`SELECT COUNT(*) as count FROM api_keys WHERE user_id = ? AND status = 'active'`
)
.bind(userId)
.first<{ count: number }>()
const used = quota?.count || 0
const limit = await getUserApiKeyLimit(context.env.DB, userId)
if (used >= limit) {
return badRequest({
code: 'QUOTA_EXCEEDED',
message: `Maximum ${limit} API keys allowed per user`,
quota: { used, limit },
})
}
const body = (await context.request.json()) as CreateApiKeyRequest
const { name, description, permissions, expires_at, template } = body
if (!name || !name.trim()) {
return badRequest({
code: 'INVALID_INPUT',
message: 'Name is required',
})
}
let permissionsList: string[] = []
if (template && PERMISSION_TEMPLATES[template]) {
permissionsList = PERMISSION_TEMPLATES[template].permissions
} else if (permissions && Array.isArray(permissions)) {
permissionsList = permissions
} else {
permissionsList = PERMISSION_TEMPLATES.BASIC.permissions
}
if (permissionsList.length === 0) {
return badRequest({
code: 'INVALID_INPUT',
message: 'At least one permission is required',
})
}
let expiresAt: string | null = null
if (expires_at) {
let expiresDate: Date
if (expires_at.match(/^\d+d$/)) {
const days = parseInt(expires_at.slice(0, -1), 10)
expiresDate = new Date()
expiresDate.setDate(expiresDate.getDate() + days)
} else {
expiresDate = new Date(expires_at)
}
if (expiresDate <= new Date()) {
return badRequest({
code: 'INVALID_INPUT',
message: 'Expiration date must be in the future',
})
}
expiresAt = expiresDate.toISOString()
}
const { key, prefix, hash } = await generateApiKey('live')
const keyId = crypto.randomUUID()
await context.env.DB.prepare(
`INSERT INTO api_keys
(id, user_id, key_hash, key_prefix, name, description, permissions, status, expires_at)
VALUES (?, ?, ?, ?, ?, ?, ?, 'active', ?)`
)
.bind(
keyId,
userId,
hash,
prefix,
name.trim(),
description?.trim() || null,
JSON.stringify(permissionsList),
expiresAt
)
.run()
return created({
id: keyId,
key,
key_prefix: prefix,
name: name.trim(),
description: description?.trim() || null,
permissions: permissionsList,
status: 'active',
expires_at: expiresAt,
created_at: new Date().toISOString(),
})
} catch (error) {
console.error('Failed to create API key:', error)
return internalError('Failed to create API key')
}
},
]
================================================
FILE: tmarks/functions/api/v1/settings/share.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../lib/types'
import { requireAuth, AuthContext } from '../../../middleware/auth'
import { success, badRequest, conflict, internalError } from '../../../lib/response'
import { sanitizeString } from '../../../lib/validation'
import { generateSlug } from '../../../lib/utils'
import { invalidatePublicShareCache } from '../../shared/cache'
interface UpdateShareSettingsRequest {
enabled?: boolean
slug?: string | null
title?: string | null
description?: string | null
regenerate_slug?: boolean
}
const SLUG_MAX_LENGTH = 64
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
try {
const record = await context.env.DB.prepare(
`SELECT public_share_enabled, public_slug, public_page_title, public_page_description
FROM users
WHERE id = ?`
)
.bind(userId)
.first<{ public_share_enabled: number; public_slug: string | null; public_page_title: string | null; public_page_description: string | null }>()
return success({
share: {
enabled: Boolean(record?.public_share_enabled),
slug: record?.public_slug || null,
title: record?.public_page_title || null,
description: record?.public_page_description || null,
},
})
} catch (error) {
console.error('Get share settings error:', error)
return internalError('Failed to load share settings')
}
},
]
export const onRequestPut: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
try {
const body = (await context.request.json()) as UpdateShareSettingsRequest
const updates: string[] = []
const values: Array = []
let newSlug: string | null | undefined
if (body.regenerate_slug) {
newSlug = await generateUniqueSlug(context.env, userId)
} else if (body.slug !== undefined) {
if (body.slug && !/^[a-z0-9-]+$/i.test(body.slug)) {
return badRequest('Slug can only contain letters, numbers, and hyphen')
}
newSlug = body.slug ? sanitizeString(body.slug.toLowerCase(), SLUG_MAX_LENGTH) : null
}
if (newSlug !== undefined) {
if (newSlug) {
const exist = await context.env.DB.prepare(
`SELECT id FROM users WHERE LOWER(public_slug) = ? AND id != ?`
)
.bind(newSlug.toLowerCase(), userId)
.first()
if (exist) {
return conflict('Slug already in use')
}
}
updates.push('public_slug = ?')
values.push(newSlug)
}
if (body.title !== undefined) {
updates.push('public_page_title = ?')
values.push(body.title ? sanitizeString(body.title, 200) : null)
}
if (body.description !== undefined) {
updates.push('public_page_description = ?')
values.push(body.description ? sanitizeString(body.description, 500) : null)
}
if (body.enabled !== undefined) {
updates.push('public_share_enabled = ?')
values.push(body.enabled ? 1 : 0)
}
if (updates.length === 0) {
return success({ message: 'No changes applied' })
}
updates.push('updated_at = datetime("now")')
await context.env.DB.prepare(
`UPDATE users SET ${updates.join(', ')} WHERE id = ?`
)
.bind(...values, userId)
.run()
await invalidatePublicShareCache(context.env, userId)
const record = await context.env.DB.prepare(
`SELECT public_share_enabled, public_slug, public_page_title, public_page_description
FROM users
WHERE id = ?`
)
.bind(userId)
.first<{ public_share_enabled: number; public_slug: string | null; public_page_title: string | null; public_page_description: string | null }>()
return success({
share: {
enabled: Boolean(record?.public_share_enabled),
slug: record?.public_slug || null,
title: record?.public_page_title || null,
description: record?.public_page_description || null,
},
})
} catch (error) {
console.error('Update share settings error:', error)
return internalError('Failed to update share settings')
}
},
]
async function generateUniqueSlug(env: Env, userId: string): Promise {
for (let i = 0; i < 5; i += 1) {
const candidate = generateSlug()
const existing = await env.DB.prepare(
`SELECT id FROM users WHERE LOWER(public_slug) = ? AND id != ?`
)
.bind(candidate.toLowerCase(), userId)
.first()
if (!existing) {
return candidate
}
}
throw new Error('Failed to generate unique slug')
}
================================================
FILE: tmarks/functions/api/v1/settings/storage.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../lib/types'
import { requireAuth, AuthContext } from '../../../middleware/auth'
import { success, internalError } from '../../../lib/response'
import { getCurrentR2UsageBytes, getR2MaxTotalBytes } from '../../../lib/storage-quota'
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
try {
const usedBytes = await getCurrentR2UsageBytes(context.env.DB)
const limitBytes = getR2MaxTotalBytes(context.env)
const unlimited = !Number.isFinite(limitBytes)
const safeLimitBytes = unlimited ? null : limitBytes
return success({
quota: {
used_bytes: usedBytes,
limit_bytes: safeLimitBytes,
unlimited,
},
})
} catch (error) {
console.error('Get R2 storage quota error:', error)
return internalError('Failed to load storage quota')
}
},
]
================================================
FILE: tmarks/functions/api/v1/shared/cache.ts
================================================
// Deprecated shim: keep old import path working but delegate to new implementation
export { invalidatePublicShareCache } from '../../shared/cache'
================================================
FILE: tmarks/functions/api/v1/statistics/index.ts
================================================
/**
* API
* : /api/v1/statistics
* : JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../lib/types'
import { success, internalError } from '../../../lib/response'
import { requireAuth, AuthContext } from '../../../middleware/auth'
interface DomainCount {
domain: string
count: number
}
// GET /api/v1/statistics - Retrieve user statistics
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const url = new URL(context.request.url)
const days = parseInt(url.searchParams.get('days') || '30', 10) || 30
const startDate = new Date()
startDate.setDate(startDate.getDate() - days)
const startDateStr = startDate.toISOString().split('T')[0]
try {
const [
groupsResult,
deletedGroupsResult,
itemsResult,
sharesResult,
groupsTrend,
itemsTrend,
domains,
groupSizes
] = await Promise.all([
context.env.DB.prepare(
'SELECT COUNT(*) as count FROM tab_groups WHERE user_id = ? AND is_deleted = 0'
)
.bind(userId)
.all<{ count: number }>(),
context.env.DB.prepare(
'SELECT COUNT(*) as count FROM tab_groups WHERE user_id = ? AND is_deleted = 1'
)
.bind(userId)
.all<{ count: number }>(),
context.env.DB.prepare(
'SELECT COUNT(*) as count FROM tab_group_items WHERE group_id IN (SELECT id FROM tab_groups WHERE user_id = ?)'
)
.bind(userId)
.all<{ count: number }>(),
context.env.DB.prepare(
'SELECT COUNT(*) as count FROM tab_group_shares WHERE group_id IN (SELECT id FROM tab_groups WHERE user_id = ?)'
)
.bind(userId)
.all<{ count: number }>(),
context.env.DB.prepare(
`SELECT DATE(created_at) as date, COUNT(*) as count
FROM tab_groups
WHERE user_id = ? AND DATE(created_at) >= ?
GROUP BY DATE(created_at)
ORDER BY date ASC`
)
.bind(userId, startDateStr)
.all<{ date: string; count: number }>(),
context.env.DB.prepare(
`SELECT DATE(created_at) as date, COUNT(*) as count
FROM tab_group_items
WHERE group_id IN (SELECT id FROM tab_groups WHERE user_id = ?)
AND DATE(created_at) >= ?
GROUP BY DATE(created_at)
ORDER BY date ASC`
)
.bind(userId, startDateStr)
.all<{ date: string; count: number }>(),
context.env.DB.prepare(
`SELECT
CASE
WHEN INSTR(SUBSTR(url, INSTR(url, '://') + 3), '/') > 0
THEN SUBSTR(SUBSTR(url, INSTR(url, '://') + 3), 1, INSTR(SUBSTR(url, INSTR(url, '://') + 3), '/') - 1)
ELSE SUBSTR(url, INSTR(url, '://') + 3)
END as domain,
COUNT(*) as count
FROM tab_group_items
WHERE group_id IN (SELECT id FROM tab_groups WHERE user_id = ?)
GROUP BY domain
ORDER BY count DESC
LIMIT 10`
)
.bind(userId)
.all(),
context.env.DB.prepare(
`SELECT
CASE
WHEN item_count = 0 THEN '0'
WHEN item_count BETWEEN 1 AND 5 THEN '1-5'
WHEN item_count BETWEEN 6 AND 10 THEN '6-10'
WHEN item_count BETWEEN 11 AND 20 THEN '11-20'
WHEN item_count BETWEEN 21 AND 50 THEN '21-50'
ELSE '50+'
END as range,
COUNT(*) as count
FROM (
SELECT tg.id, COUNT(tgi.id) as item_count
FROM tab_groups tg
LEFT JOIN tab_group_items tgi ON tg.id = tgi.group_id
WHERE tg.user_id = ? AND tg.is_deleted = 0 AND tg.is_folder = 0
GROUP BY tg.id
)
GROUP BY range
ORDER BY
CASE range
WHEN '0' THEN 0
WHEN '1-5' THEN 1
WHEN '6-10' THEN 2
WHEN '11-20' THEN 3
WHEN '21-50' THEN 4
ELSE 5
END`
)
.bind(userId)
.all<{ range: string; count: number }>()
])
return success({
summary: {
total_groups: groupsResult.results?.[0]?.count || 0,
total_deleted_groups: deletedGroupsResult.results?.[0]?.count || 0,
total_items: itemsResult.results?.[0]?.count || 0,
total_shares: sharesResult.results?.[0]?.count || 0,
},
trends: {
groups: groupsTrend.results || [],
items: itemsTrend.results || [],
},
top_domains: domains.results || [],
group_size_distribution: groupSizes.results || [],
})
} catch (error) {
console.error('Get statistics error:', error)
return internalError('Failed to get statistics')
}
},
]
================================================
FILE: tmarks/functions/api/v1/tab-groups/[id]/items/batch.ts
================================================
/**
* API -
* : /api/v1/tab-groups/:id/items/batch
* : JWT Token (Bearer)
*/
import type { PagesFunction, D1PreparedStatement } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../../lib/types'
import { success, badRequest, notFound, internalError } from '../../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../../middleware/auth'
import { sanitizeString } from '../../../../../lib/validation'
import { generateUUID } from '../../../../../lib/crypto'
interface TabGroupRow {
id: string
user_id: string
title: string
}
interface BatchAddItemsRequest {
items: Array<{
title: string
url: string
favicon?: string
}>
}
interface TabGroupItemRow {
id: string
group_id: string
title: string
url: string
favicon: string | null
position: number
created_at: string
}
// POST /api/v1/tab-groups/:id/items/batch -
export const onRequestPost: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
const body = (await context.request.json()) as BatchAddItemsRequest
if (!body.items || !Array.isArray(body.items) || body.items.length === 0) {
return badRequest('items array is required and must not be empty')
}
// Verify group exists and belongs to user
const group = await context.env.DB.prepare(
'SELECT id, user_id, title FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
if (!group) {
return notFound('Tab group not found')
}
// Get current max position
const maxPositionResult = await context.env.DB.prepare(
'SELECT MAX(position) as max_position FROM tab_group_items WHERE group_id = ?'
)
.bind(groupId)
.first<{ max_position: number | null }>()
let currentPosition = (maxPositionResult?.max_position ?? -1) + 1
// Insert items
const insertedItems: TabGroupItemRow[] = []
const stmts: D1PreparedStatement[] = []
const now = new Date().toISOString()
for (const item of body.items) {
if (!item.url || !item.title) {
continue // Skip invalid items
}
const itemId = generateUUID()
const sanitizedTitle = sanitizeString(item.title, 500)
const sanitizedUrl = sanitizeString(item.url, 2000)
const sanitizedFavicon = item.favicon ? sanitizeString(item.favicon, 2000) : null
stmts.push(
context.env.DB.prepare(
`INSERT INTO tab_group_items (id, group_id, title, url, favicon, position, created_at)
VALUES (?, ?, ?, ?, ?, ?, ?)`
).bind(itemId, groupId, sanitizedTitle, sanitizedUrl, sanitizedFavicon, currentPosition, now)
)
insertedItems.push({
id: itemId,
group_id: groupId,
title: sanitizedTitle,
url: sanitizedUrl,
favicon: sanitizedFavicon,
position: currentPosition,
created_at: now,
})
currentPosition++
}
if (stmts.length > 0) {
await context.env.DB.batch(stmts)
}
return success({
message: 'Items added successfully',
added_count: insertedItems.length,
total_items: currentPosition,
items: insertedItems,
})
} catch (error) {
console.error('Batch add items error:', error)
return internalError('Failed to add items to group')
}
},
]
================================================
FILE: tmarks/functions/api/v1/tab-groups/[id]/permanent-delete.ts
================================================
/**
* API
* : /api/v1/tab-groups/:id/permanent-delete
* : JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../lib/types'
import { success, notFound, internalError } from '../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../middleware/auth'
interface TabGroupRow {
id: string
user_id: string
is_deleted: number
}
// DELETE /api/v1/tab-groups/:id/permanent-delete -
export const onRequestDelete: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
// Check if group exists and is in trash
const group = await context.env.DB.prepare(
'SELECT id, user_id, is_deleted FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
if (!group) {
return notFound('Tab group not found')
}
if (group.is_deleted !== 1) {
return notFound('Tab group must be in trash before permanent deletion')
}
// Delete all items in the group
await context.env.DB.prepare('DELETE FROM tab_group_items WHERE group_id = ?')
.bind(groupId)
.run()
// Delete the group
await context.env.DB.prepare('DELETE FROM tab_groups WHERE id = ?')
.bind(groupId)
.run()
return success({ message: 'Tab group permanently deleted' })
} catch (error) {
console.error('Permanent delete tab group error:', error)
return internalError('Failed to permanently delete tab group')
}
},
]
================================================
FILE: tmarks/functions/api/v1/tab-groups/[id]/restore.ts
================================================
/**
* API
* : /api/v1/tab-groups/:id/restore
* : JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../lib/types'
import { success, notFound, internalError } from '../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../middleware/auth'
interface TabGroupRow {
id: string
user_id: string
is_deleted: number
}
// POST /api/v1/tab-groups/:id/restore -
export const onRequestPost: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
// Check if group exists and is deleted
const group = await context.env.DB.prepare(
'SELECT id, user_id, is_deleted FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
if (!group) {
return notFound('Tab group not found')
}
if (group.is_deleted !== 1) {
return success({ message: 'Tab group is not in trash' })
}
// Restore the group
await context.env.DB.prepare(
'UPDATE tab_groups SET is_deleted = 0, deleted_at = NULL, updated_at = ? WHERE id = ?'
)
.bind(new Date().toISOString(), groupId)
.run()
return success({ message: 'Tab group restored successfully' })
} catch (error) {
console.error('Restore tab group error:', error)
return internalError('Failed to restore tab group')
}
},
]
================================================
FILE: tmarks/functions/api/v1/tab-groups/[id]/share.ts
================================================
/**
* API
* : /api/v1/tab-groups/:id/share
* : JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../lib/types'
import { success, notFound, internalError } from '../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../middleware/auth'
import { generateUUID } from '../../../../lib/crypto'
interface TabGroupRow {
id: string
user_id: string
title: string
}
interface ShareRow {
id: string
group_id: string
share_token: string
is_public: number
expires_at: string | null
created_at: string
}
interface CreateShareRequest {
is_public?: boolean
expires_in_days?: number
}
// POST /api/v1/tab-groups/:id/share -
export const onRequestPost: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
const body = (await context.request.json()) as CreateShareRequest
// Verify group exists and belongs to user
const group = await context.env.DB.prepare(
'SELECT id, user_id, title FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
if (!group) {
return notFound('Tab group not found')
}
// Check if share already exists
const existingShare = await context.env.DB.prepare(
'SELECT * FROM tab_group_shares WHERE group_id = ?'
)
.bind(groupId)
.first()
if (existingShare) {
// Update existing share
const expiresAt = body.expires_in_days
? new Date(Date.now() + body.expires_in_days * 24 * 60 * 60 * 1000).toISOString()
: null
await context.env.DB.prepare(
'UPDATE tab_group_shares SET is_public = ?, expires_at = ? WHERE id = ?'
)
.bind(body.is_public ? 1 : 0, expiresAt, existingShare.id)
.run()
return success({
share_token: existingShare.share_token,
is_public: body.is_public ?? false,
expires_at: expiresAt,
share_url: `${new URL(context.request.url).origin}/share/${existingShare.share_token}`,
})
}
// Create new share
const shareId = generateUUID()
const shareToken = generateUUID()
const isPublic = body.is_public ?? false
const expiresAt = body.expires_in_days
? new Date(Date.now() + body.expires_in_days * 24 * 60 * 60 * 1000).toISOString()
: null
const now = new Date().toISOString()
await context.env.DB.prepare(
`INSERT INTO tab_group_shares (id, group_id, share_token, is_public, expires_at, created_at)
VALUES (?, ?, ?, ?, ?, ?)`
)
.bind(shareId, groupId, shareToken, isPublic ? 1 : 0, expiresAt, now)
.run()
return success({
share_token: shareToken,
is_public: isPublic,
expires_at: expiresAt,
share_url: `${new URL(context.request.url).origin}/share/${shareToken}`,
})
} catch (error) {
console.error('Create share error:', error)
return internalError('Failed to create share')
}
},
]
// GET /api/v1/tab-groups/:id/share -
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
// Verify group exists and belongs to user
const group = await context.env.DB.prepare(
'SELECT id, user_id FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
if (!group) {
return notFound('Tab group not found')
}
// Get share info
const share = await context.env.DB.prepare(
'SELECT * FROM tab_group_shares WHERE group_id = ?'
)
.bind(groupId)
.first()
if (!share) {
return notFound('Share not found')
}
return success({
share_token: share.share_token,
is_public: share.is_public === 1,
expires_at: share.expires_at,
share_url: `${new URL(context.request.url).origin}/share/${share.share_token}`,
created_at: share.created_at,
})
} catch (error) {
console.error('Get share error:', error)
return internalError('Failed to get share info')
}
},
]
// DELETE /api/v1/tab-groups/:id/share -
export const onRequestDelete: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
// Verify group exists and belongs to user
const group = await context.env.DB.prepare(
'SELECT id, user_id FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
if (!group) {
return notFound('Tab group not found')
}
// Delete share
await context.env.DB.prepare('DELETE FROM tab_group_shares WHERE group_id = ?')
.bind(groupId)
.run()
return success({ message: 'Share deleted successfully' })
} catch (error) {
console.error('Delete share error:', error)
return internalError('Failed to delete share')
}
},
]
================================================
FILE: tmarks/functions/api/v1/tab-groups/[id].ts
================================================
/**
* API -
* : /api/v1/tab-groups/:id
* : JWT Token
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../lib/types'
import { success, badRequest, notFound, noContent, internalError } from '../../../lib/response'
import { requireAuth, AuthContext } from '../../../middleware/auth'
import { sanitizeString } from '../../../lib/validation'
interface TabGroupRow {
id: string
user_id: string
title: string
color: string | null
tags: string | null
parent_id: string | null
is_folder: number
is_deleted: number
deleted_at: string | null
position: number
created_at: string
updated_at: string
}
interface TabGroupItemRow {
id: string
group_id: string
title: string
url: string
favicon: string | null
position: number
created_at: string
is_pinned?: number
is_todo?: number
}
interface UpdateTabGroupRequest {
title?: string
color?: string | null
tags?: string[] | null
parent_id?: string | null
position?: number
}
// GET /api/v1/tab-groups/:id -
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
// Get tab group
const groupRow = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
if (!groupRow) {
return notFound('Tab group not found')
}
// Get tab group items (with user_id verification for security)
const { results: items } = await context.env.DB.prepare(
`SELECT tgi.*
FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.group_id = ? AND tg.user_id = ?
ORDER BY COALESCE(tgi.is_pinned, 0) DESC, tgi.position ASC`
)
.bind(groupId, userId)
.all()
return success({
tab_group: {
...groupRow,
items: items || [],
item_count: items?.length || 0,
},
})
} catch (error) {
console.error('Get tab group error:', error)
return internalError('Failed to get tab group')
}
},
]
// PATCH /api/v1/tab-groups/:id -
export const onRequestPatch: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
let body: UpdateTabGroupRequest
try {
body = (await context.request.json()) as UpdateTabGroupRequest
} catch (parseError) {
console.error('Failed to parse request body:', parseError)
return badRequest('Invalid request body: ' + (parseError instanceof Error ? parseError.message : 'JSON parse error'))
}
// Check if tab group exists and belongs to user
const groupRow = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
if (!groupRow) {
return notFound('Tab group not found')
}
// Build update query
const updates: string[] = []
const params: Array = []
if (body.title !== undefined) {
updates.push('title = ?')
params.push(sanitizeString(body.title, 200))
}
if (body.parent_id !== undefined) {
updates.push('parent_id = ?')
params.push(body.parent_id)
}
if (body.position !== undefined) {
updates.push('position = ?')
params.push(body.position)
}
if (body.color !== undefined) {
updates.push('color = ?')
params.push(body.color)
}
if (body.tags !== undefined) {
updates.push('tags = ?')
params.push(body.tags ? JSON.stringify(body.tags) : null)
}
if (updates.length === 0) {
return badRequest('No valid fields to update')
}
// Always update updated_at
updates.push('updated_at = ?')
params.push(new Date().toISOString())
// Add WHERE clause params
params.push(groupId, userId)
await context.env.DB.prepare(
`UPDATE tab_groups SET ${updates.join(', ')} WHERE id = ? AND user_id = ?`
)
.bind(...params)
.run()
// Fetch updated group with items
const updatedGroup = await context.env.DB.prepare('SELECT * FROM tab_groups WHERE id = ?')
.bind(groupId)
.first()
const { results: items } = await context.env.DB.prepare(
`SELECT tgi.*
FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.group_id = ? AND tg.user_id = ?
ORDER BY tgi.position ASC`
)
.bind(groupId, userId)
.all()
if (!updatedGroup) {
return internalError('Failed to load tab group after update')
}
return success({
tab_group: {
...updatedGroup,
items: items || [],
item_count: items?.length || 0,
},
})
} catch (error) {
console.error('Update tab group error:', error)
return internalError('Failed to update tab group')
}
},
]
// DELETE /api/v1/tab-groups/:id -
export const onRequestDelete: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const groupId = context.params.id
try {
// Check if tab group exists and belongs to user
const groupRow = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(groupId, userId)
.first()
if (!groupRow) {
return notFound('Tab group not found')
}
// Delete tab group (items will be cascade deleted)
await context.env.DB.prepare('DELETE FROM tab_groups WHERE id = ? AND user_id = ?')
.bind(groupId, userId)
.run()
return noContent()
} catch (error) {
console.error('Delete tab group error:', error)
return internalError('Failed to delete tab group')
}
},
]
================================================
FILE: tmarks/functions/api/v1/tab-groups/batch-update.ts
================================================
/**
* PATCH /api/v1/tab-groups/batch-update
* Batch update tab group positions
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../lib/types'
import { success, badRequest, internalError } from '../../../lib/response'
import { requireAuth, AuthContext } from '../../../middleware/auth'
interface BatchUpdateItem {
id: string
position: number
parent_id: string | null
}
interface BatchUpdateRequest {
updates: BatchUpdateItem[]
}
export const onRequestPatch: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
try {
const body = (await context.request.json()) as BatchUpdateRequest
if (!body.updates || !Array.isArray(body.updates) || body.updates.length === 0) {
return badRequest('updates array is required')
}
if (body.updates.length > 200) {
return badRequest('Cannot update more than 200 items at once')
}
const db = context.env.DB
const stmts = body.updates.map(item =>
db.prepare(
`UPDATE tab_groups
SET position = ?, parent_id = ?, updated_at = datetime('now')
WHERE id = ? AND user_id = ?`
).bind(item.position, item.parent_id, item.id, userId)
)
await db.batch(stmts)
return success({
message: 'Batch update successful',
updated_count: body.updates.length,
})
} catch (error) {
console.error('Batch update tab groups error:', error)
return internalError('Failed to batch update tab groups')
}
},
]
================================================
FILE: tmarks/functions/api/v1/tab-groups/index.ts
================================================
/**
* API -
* : /api/v1/tab-groups
* : JWT Token
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams, SQLParam } from '../../../lib/types'
import { success, created, internalError } from '../../../lib/response'
import { requireAuth, AuthContext } from '../../../middleware/auth'
import { sanitizeString } from '../../../lib/validation'
import { generateUUID } from '../../../lib/crypto'
interface TabGroupRow {
id: string
user_id: string
title: string
color: string | null
tags: string | null
parent_id: string | null
is_folder: number
is_deleted: number
deleted_at: string | null
position: number
created_at: string
updated_at: string
}
interface TabGroupItemRow {
id: string
group_id: string
title: string
url: string
favicon: string | null
position: number
created_at: string
is_pinned?: number
is_todo?: number
}
interface CreateTabGroupRequest {
title?: string
parent_id?: string | null
is_folder?: boolean
items?: Array<{
title: string
url: string
favicon?: string
}>
}
// GET /api/v1/tab-groups
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const url = new URL(context.request.url)
const pageSize = Math.min(parseInt(url.searchParams.get('page_size') || '30', 10) || 30, 100)
const pageCursor = url.searchParams.get('page_cursor') || ''
try {
let query = `
SELECT *
FROM tab_groups
WHERE user_id = ? AND (is_deleted IS NULL OR is_deleted = 0)
`
const params: SQLParam[] = [userId]
if (pageCursor) {
query += ' AND created_at < ?'
params.push(pageCursor)
}
query += ' ORDER BY created_at DESC LIMIT ?'
params.push(pageSize + 1)
const { results } = await context.env.DB.prepare(query)
.bind(...params)
.all()
const hasMore = results.length > pageSize
const tabGroups = hasMore ? results.slice(0, pageSize) : results
const nextCursor = hasMore ? tabGroups[tabGroups.length - 1].created_at : null
// Batch fetch all items for returned groups (avoids N+1)
const groupIds = tabGroups.map((g) => g.id)
let allItems: TabGroupItemRow[] = []
if (groupIds.length > 0) {
const placeholders = groupIds.map(() => '?').join(',')
const { results: items } = await context.env.DB.prepare(
`SELECT tgi.*
FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.group_id IN (${placeholders}) AND tg.user_id = ?
ORDER BY COALESCE(tgi.is_pinned, 0) DESC, tgi.position ASC`
)
.bind(...groupIds, userId)
.all()
allItems = items || []
}
// Group items by group_id in memory
const itemsByGroup = new Map()
for (const item of allItems) {
const arr = itemsByGroup.get(item.group_id) || []
arr.push(item)
itemsByGroup.set(item.group_id, arr)
}
const groupsWithItems = tabGroups.map((group) => {
const items = itemsByGroup.get(group.id) || []
return {
...group,
items,
item_count: items.length,
}
})
return success({
tab_groups: groupsWithItems,
meta: {
page_size: pageSize,
count: tabGroups.length,
next_cursor: nextCursor,
has_more: hasMore,
},
})
} catch (error) {
console.error('Get tab groups error:', error)
return internalError('Failed to get tab groups')
}
},
]
// POST /api/v1/tab-groups
export const onRequestPost: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
try {
const body = (await context.request.json()) as CreateTabGroupRequest
const isFolder = body.is_folder || false
const now = new Date()
const defaultTitle = body.title || (isFolder ? '' : now.toLocaleString('zh-CN', {
year: 'numeric',
month: '2-digit',
day: '2-digit',
hour: '2-digit',
minute: '2-digit',
hour12: false,
}).replace(/\//g, '-'))
const title = sanitizeString(defaultTitle, 200)
const groupId = generateUUID()
const timestamp = now.toISOString()
const parentId = body.parent_id || null
// Build all statements for atomic batch execution
const stmts = [
context.env.DB.prepare(
'INSERT INTO tab_groups (id, user_id, title, parent_id, is_folder, is_deleted, created_at, updated_at) VALUES (?, ?, ?, ?, ?, 0, ?, ?)'
).bind(groupId, userId, title, parentId, isFolder ? 1 : 0, timestamp, timestamp),
]
if (!isFolder && body.items && body.items.length > 0) {
for (let i = 0; i < body.items.length; i++) {
const item = body.items[i]
const itemId = generateUUID()
const itemTitle = sanitizeString(item.title, 500)
const itemUrl = sanitizeString(item.url, 2000)
const favicon = item.favicon ? sanitizeString(item.favicon, 2000) : null
stmts.push(
context.env.DB.prepare(
'INSERT INTO tab_group_items (id, group_id, title, url, favicon, position, created_at) VALUES (?, ?, ?, ?, ?, ?, ?)'
).bind(itemId, groupId, itemTitle, itemUrl, favicon, i, timestamp)
)
}
}
await context.env.DB.batch(stmts)
// Fetch the created group with items
const groupRow = await context.env.DB.prepare('SELECT * FROM tab_groups WHERE id = ?')
.bind(groupId)
.first()
const { results: items } = await context.env.DB.prepare(
`SELECT tgi.*
FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.group_id = ? AND tg.user_id = ?
ORDER BY tgi.position ASC`
)
.bind(groupId, userId)
.all()
if (!groupRow) {
return internalError('Failed to load tab group after creation')
}
return created({
tab_group: {
...groupRow,
items: items || [],
item_count: items?.length || 0,
},
})
} catch (error) {
console.error('Create tab group error:', error)
return internalError('Failed to create tab group')
}
},
]
================================================
FILE: tmarks/functions/api/v1/tab-groups/items/[id]/move.ts
================================================
/**
* API -
* : /api/v1/tab-groups/items/:id/move
* : JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../../lib/types'
import { success, badRequest, notFound, internalError } from '../../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../../middleware/auth'
interface TabGroupItemRow {
id: string
group_id: string
title: string
url: string
favicon: string | null
position: number
created_at: string
is_pinned?: number
is_todo?: number
}
interface MoveItemRequest {
target_group_id: string
position?: number
}
// POST /api/v1/tab-groups/items/:id/move -
export const onRequestPost: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const itemId = context.params.id
try {
const body = (await context.request.json()) as MoveItemRequest
if (!body.target_group_id) {
return badRequest('target_group_id is required')
}
// 1.
const item = await context.env.DB.prepare(
`SELECT tgi.*, tg.user_id
FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.id = ?`
)
.bind(itemId)
.first()
if (!item) {
return notFound('Tab group item not found')
}
if (item.user_id !== userId) {
return notFound('Tab group item not found')
}
// 2.
const targetGroup = await context.env.DB.prepare(
'SELECT id, user_id FROM tab_groups WHERE id = ? AND user_id = ?'
)
.bind(body.target_group_id, userId)
.first<{ id: string; user_id: string }>()
if (!targetGroup) {
return notFound('Target group not found')
}
// 3. ,
if (item.group_id === body.target_group_id) {
if (body.position !== undefined) {
//
await context.env.DB.prepare(
'UPDATE tab_group_items SET position = ? WHERE id = ?'
)
.bind(body.position, itemId)
.run()
//
await context.env.DB.prepare(
`UPDATE tab_group_items
SET position = position + 1
WHERE group_id = ? AND id != ? AND position >= ?`
)
.bind(item.group_id, itemId, body.position)
.run()
}
} else {
// 4.
// 4.1
const maxPositionResult = await context.env.DB.prepare(
'SELECT MAX(position) as max_position FROM tab_group_items WHERE group_id = ?'
)
.bind(body.target_group_id)
.first<{ max_position: number | null }>()
const targetPosition =
body.position !== undefined
? body.position
: (maxPositionResult?.max_position ?? -1) + 1
// 4.2
await context.env.DB.prepare(
`UPDATE tab_group_items
SET group_id = ?, position = ?
WHERE id = ?`
)
.bind(body.target_group_id, targetPosition, itemId)
.run()
// 4.3 ()
await context.env.DB.prepare(
`UPDATE tab_group_items
SET position = position - 1
WHERE group_id = ? AND position > ?`
)
.bind(item.group_id, item.position)
.run()
// 4.4 ()
if (body.position !== undefined) {
await context.env.DB.prepare(
`UPDATE tab_group_items
SET position = position + 1
WHERE group_id = ? AND id != ? AND position >= ?`
)
.bind(body.target_group_id, itemId, targetPosition)
.run()
}
}
// 5.
const updatedItem = await context.env.DB.prepare(
'SELECT * FROM tab_group_items WHERE id = ?'
)
.bind(itemId)
.first()
if (!updatedItem) {
return internalError('Failed to load item after move')
}
return success({
item: updatedItem,
message: 'Item moved successfully',
})
} catch (error) {
console.error('Move tab group item error:', error)
return internalError('Failed to move tab group item')
}
},
]
================================================
FILE: tmarks/functions/api/v1/tab-groups/items/[id].ts
================================================
/**
* API -
* : /api/v1/tab-groups/items/:id
* : JWT Token (Bearer)
*/
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, RouteParams } from '../../../../lib/types'
import { success, badRequest, notFound, internalError } from '../../../../lib/response'
import { requireAuth, AuthContext } from '../../../../middleware/auth'
import { sanitizeString } from '../../../../lib/validation'
interface TabGroupItemRow {
id: string
group_id: string
title: string
url: string
favicon: string | null
position: number
created_at: string
is_pinned?: number
is_todo?: number
is_archived?: number
}
interface UpdateTabGroupItemRequest {
title?: string
is_pinned?: boolean
is_todo?: boolean
is_archived?: boolean
position?: number
}
// PATCH /api/v1/tab-groups/items/:id -
export const onRequestPatch: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const itemId = context.params.id
try {
const body = (await context.request.json()) as UpdateTabGroupItemRequest
// Check if item exists and user has permission
const item = await context.env.DB.prepare(
`SELECT tgi.*, tg.user_id
FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.id = ?`
)
.bind(itemId)
.first()
if (!item) {
return notFound('Tab group item not found')
}
if (item.user_id !== userId) {
return notFound('Tab group item not found')
}
// Build update query
const updates: string[] = []
const params: (string | number)[] = []
if (body.title !== undefined) {
updates.push('title = ?')
params.push(sanitizeString(body.title, 500))
}
if (body.is_pinned !== undefined) {
updates.push('is_pinned = ?')
params.push(body.is_pinned ? 1 : 0)
// If pinning, set position to 0 and shift others
if (body.is_pinned) {
await context.env.DB.prepare(
'UPDATE tab_group_items SET position = position + 1 WHERE group_id = ? AND id != ?'
)
.bind(item.group_id, itemId)
.run()
updates.push('position = ?')
params.push(0)
}
}
if (body.is_todo !== undefined) {
updates.push('is_todo = ?')
params.push(body.is_todo ? 1 : 0)
}
if (body.is_archived !== undefined) {
updates.push('is_archived = ?')
params.push(body.is_archived ? 1 : 0)
}
if (body.position !== undefined) {
updates.push('position = ?')
params.push(body.position)
}
if (updates.length === 0) {
return badRequest('No fields to update')
}
// Add item ID to params — use subquery to enforce ownership
params.push(itemId, item.group_id, userId)
// Execute update with ownership check via group
await context.env.DB.prepare(
`UPDATE tab_group_items SET ${updates.join(', ')} WHERE id = ? AND group_id IN (SELECT id FROM tab_groups WHERE id = ? AND user_id = ?)`
)
.bind(...params)
.run()
// Get updated item
const updatedItem = await context.env.DB.prepare(
`SELECT tgi.* FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.id = ? AND tg.user_id = ?`
)
.bind(itemId, userId)
.first()
if (!updatedItem) {
return internalError('Failed to load item after update')
}
return success({
item: updatedItem,
message: 'Item updated successfully',
})
} catch (error) {
console.error('Update tab group item error:', error)
return internalError('Failed to update tab group item')
}
},
]
// DELETE /api/v1/tab-groups/items/:id -
export const onRequestDelete: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
const itemId = context.params.id
try {
// Check if item exists and user has permission
const item = await context.env.DB.prepare(
`SELECT tgi.*, tg.user_id
FROM tab_group_items tgi
JOIN tab_groups tg ON tgi.group_id = tg.id
WHERE tgi.id = ?`
)
.bind(itemId)
.first()
if (!item) {
return notFound('Tab group item not found')
}
if (item.user_id !== userId) {
return notFound('Tab group item not found')
}
// Delete item with ownership check
await context.env.DB.prepare(
'DELETE FROM tab_group_items WHERE id = ? AND group_id IN (SELECT id FROM tab_groups WHERE id = ? AND user_id = ?)'
)
.bind(itemId, item.group_id, userId)
.run()
// Reorder remaining items
await context.env.DB.prepare(
'UPDATE tab_group_items SET position = position - 1 WHERE group_id = ? AND position > ?'
)
.bind(item.group_id, item.position)
.run()
return success({
message: 'Item deleted successfully',
})
} catch (error) {
console.error('Delete tab group item error:', error)
return internalError('Failed to delete tab group item')
}
},
]
================================================
FILE: tmarks/functions/api/v1/tab-groups/trash.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env } from '../../../lib/types'
import { success, internalError } from '../../../lib/response'
import { requireAuth, AuthContext } from '../../../middleware/auth'
interface TabGroupRow {
id: string
user_id: string
title: string
color: string | null
tags: string | null
parent_id: string | null
is_folder: number
is_deleted: number
deleted_at: string | null
position: number
created_at: string
updated_at: string
}
// GET /api/v1/tab-groups/trash - Retrieve trashed tab groups
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
const userId = context.data.user_id
try {
const { results: groups } = await context.env.DB.prepare(
'SELECT * FROM tab_groups WHERE user_id = ? AND is_deleted = 1 ORDER BY deleted_at DESC'
)
.bind(userId)
.all()
const groupsWithCounts = await Promise.all(
(groups || []).map(async (group) => {
const { results: items } = await context.env.DB.prepare(
'SELECT COUNT(*) as count FROM tab_group_items WHERE group_id = ?'
)
.bind(group.id)
.all<{ count: number }>()
let tags: string[] | null = null
if (group.tags) {
try {
tags = JSON.parse(group.tags)
} catch {
tags = null
}
}
return {
...group,
tags,
item_count: items?.[0]?.count || 0,
}
})
)
return success({
tab_groups: groupsWithCounts,
total: groupsWithCounts.length,
})
} catch (error) {
console.error('Get trash error:', error)
return internalError('Failed to load trash')
}
},
]
================================================
FILE: tmarks/functions/api/v1/tags/[id].ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, Tag, RouteParams, SQLParam } from '../../../lib/types'
import { success, badRequest, notFound, noContent, conflict, internalError } from '../../../lib/response'
import { requireAuth, AuthContext } from '../../../middleware/auth'
import { sanitizeString } from '../../../lib/validation'
interface UpdateTagRequest {
name?: string
color?: string
}
// PATCH /api/v1/tags/:id -
export const onRequestPatch: PagesFunction[] = [
requireAuth,
async (context) => {
try {
const userId = context.data.user_id
const tagId = context.params.id
const body = await context.request.json() as UpdateTagRequest
//
const tag = await context.env.DB.prepare(
'SELECT * FROM tags WHERE id = ? AND user_id = ? AND deleted_at IS NULL'
)
.bind(tagId, userId)
.first()
if (!tag) {
return notFound('Tag not found')
}
const updates: string[] = []
const values: SQLParam[] = []
if (body.name !== undefined) {
const name = sanitizeString(body.name, 50)
//
const existing = await context.env.DB.prepare(
'SELECT id FROM tags WHERE user_id = ? AND LOWER(name) = LOWER(?) AND id != ? AND deleted_at IS NULL'
)
.bind(userId, name, tagId)
.first()
if (existing) {
return conflict('Tag with this name already exists')
}
updates.push('name = ?')
values.push(name)
}
if (body.color !== undefined) {
updates.push('color = ?')
values.push(body.color ? sanitizeString(body.color, 20) : null)
}
if (updates.length === 0) {
return badRequest('No valid fields to update')
}
const now = new Date().toISOString()
updates.push('updated_at = ?')
values.push(now)
values.push(tagId, userId)
await context.env.DB.prepare(`UPDATE tags SET ${updates.join(', ')} WHERE id = ? AND user_id = ?`)
.bind(...values)
.run()
//
const updatedTag = await context.env.DB.prepare('SELECT * FROM tags WHERE id = ? AND user_id = ?')
.bind(tagId, userId)
.first()
return success({ tag: updatedTag })
} catch (error) {
console.error('Update tag error:', error)
return internalError('Failed to update tag')
}
},
]
// DELETE /api/v1/tags/:id - ()
export const onRequestDelete: PagesFunction[] = [
requireAuth,
async (context) => {
try {
const userId = context.data.user_id
const tagId = context.params.id
//
const tag = await context.env.DB.prepare(
'SELECT id FROM tags WHERE id = ? AND user_id = ? AND deleted_at IS NULL'
)
.bind(tagId, userId)
.first()
if (!tag) {
return notFound('Tag not found')
}
const now = new Date().toISOString()
//
await context.env.DB.prepare('UPDATE tags SET deleted_at = ?, updated_at = ? WHERE id = ? AND user_id = ?')
.bind(now, now, tagId, userId)
.run()
// -
await context.env.DB.prepare('DELETE FROM bookmark_tags WHERE tag_id = ? AND user_id = ?')
.bind(tagId, userId)
.run()
return noContent()
} catch (error) {
console.error('Delete tag error:', error)
return internalError('Failed to delete tag')
}
},
]
================================================
FILE: tmarks/functions/api/v1/tags/index.ts
================================================
import type { PagesFunction } from '@cloudflare/workers-types'
import type { Env, Tag, RouteParams } from '../../../lib/types'
import { success, badRequest, created, conflict, internalError } from '../../../lib/response'
import { requireAuth, AuthContext } from '../../../middleware/auth'
import { sanitizeString } from '../../../lib/validation'
import { generateUUID } from '../../../lib/crypto'
interface CreateTagRequest {
name: string
color?: string
}
interface TagWithCount extends Tag {
bookmark_count: number
}
// GET /api/v1/tags - Retrieve all tags
export const onRequestGet: PagesFunction[] = [
requireAuth,
async (context) => {
try {
const userId = context.data.user_id
const url = new URL(context.request.url)
const sortBy = url.searchParams.get('sort') || 'usage'
let query = `
SELECT
t.*,
COUNT(bt.bookmark_id) as bookmark_count
FROM tags t
LEFT JOIN bookmark_tags bt ON t.id = bt.tag_id
WHERE t.user_id = ? AND t.deleted_at IS NULL
GROUP BY t.id
`
if (sortBy === 'name') {
query += ' ORDER BY LOWER(t.name) ASC'
} else if (sortBy === 'clicks') {
query += ' ORDER BY t.click_count DESC, LOWER(t.name) ASC'
} else {
query += ' ORDER BY bookmark_count DESC, LOWER(t.name) ASC'
}
const { results } = await context.env.DB.prepare(query)
.bind(userId)
.all()
return success({
tags: results || [],
})
} catch (error) {
console.error('Get tags error:', error)
return internalError('Failed to get tags')
}
},
]
// POST /api/v1/tags - Create a new tag
export const onRequestPost: PagesFunction[] = [
requireAuth,
async (context) => {
try {
const userId = context.data.user_id
const body = await context.request.json() as CreateTagRequest
if (!body.name) {
return badRequest('Tag name is required')
}
const name = sanitizeString(body.name, 50)
const color = body.color ? sanitizeString(body.color, 20) : null
const existing = await context.env.DB.prepare(
'SELECT id FROM tags WHERE user_id = ? AND LOWER(name) = LOWER(?) AND deleted_at IS NULL'
)
.bind(userId, name)
.first()
if (existing) {
return conflict('Tag with this name already exists')
}
const now = new Date().toISOString()
const tagUuid = generateUUID()
await context.env.DB.prepare(
`INSERT INTO tags (id, user_id, name, color, created_at, updated_at)
VALUES (?, ?, ?, ?, ?, ?)`
)
.bind(tagUuid, userId, name, color, now, now)
.run()
const tag = await context.env.DB.prepare('SELECT * FROM tags WHERE id = ?')
.bind(tagUuid)
.first()
return created({ tag })
} catch (error) {
console.error('Create tag error:', error)
return internalError('Failed to create tag')
}
},
]
================================================
FILE: tmarks/functions/lib/api-key/generator.ts
================================================
/**
* : tmk_live_[20]
*/
/**
* API Key
* @param env ('live' | 'test')
* @returns API Key, , SHA256
*/
export async function generateApiKey(env: 'live' | 'test' = 'live'): Promise<{
key: string
prefix: string
hash: string
}> {
const base62Chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
const randomBytes = new Uint8Array(20)
crypto.getRandomValues(randomBytes)
const randomStr = Array.from(randomBytes)
.map(byte => base62Chars[byte % base62Chars.length])
.join('')
const key = `tmk_${env}_${randomStr}`
const prefix = key.substring(0, 13) // tmk_live_1a2b
// SHA256
const hash = await hashApiKey(key)
return { key, prefix, hash }
}
/**
* SHA256
* @param key API Key
* @returns SHA256 (hex)
*/
export async function hashApiKey(key: string): Promise {
const encoder = new TextEncoder()
const data = encoder.encode(key)
const hashBuffer = await crypto.subtle.digest('SHA-256', data)
const hashArray = new Uint8Array(hashBuffer)
const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('')
return hashHex
}
/**
* API Key
*/
export function isValidApiKeyFormat(key: string): boolean {
// : tmk_(live|test)_[20base62]
const pattern = /^tmk_(live|test)_[a-zA-Z0-9]{20}$/
return pattern.test(key)
}
================================================
FILE: tmarks/functions/lib/api-key/logger.ts
================================================
/**
* API Key Logger - Records API key usage and provides statistics
* Automatically cleans up old logs, keeping only the latest 100 entries per key
*/
interface LogEntry {
api_key_id: string
user_id: string
endpoint: string
method: string
status: number
ip: string | null
}
/**
* Log API Key usage
* @param entry Log entry data
* @param db D1 Database
*/
export async function logApiKeyUsage(entry: LogEntry, db: D1Database): Promise {
try {
await db
.prepare(
`INSERT INTO api_key_logs (api_key_id, user_id, endpoint, method, status, ip)
VALUES (?, ?, ?, ?, ?, ?)`
)
.bind(
entry.api_key_id,
entry.user_id,
entry.endpoint,
entry.method,
entry.status,
entry.ip
)
.run()
// Async cleanup (keep only latest 100 logs per key)
await cleanupOldLogs(entry.api_key_id, db)
} catch (error) {
// Don't throw error, just log it
console.error('Failed to log API key usage:', error)
}
}
/**
* Cleanup old logs, keep only the latest 100 entries
* @param apiKeyId API Key ID
* @param db D1 Database
*/
async function cleanupOldLogs(apiKeyId: string, db: D1Database): Promise {
try {
// Keep only the latest 100 logs
await db
.prepare(
`DELETE FROM api_key_logs
WHERE api_key_id = ?
AND id NOT IN (
SELECT id FROM api_key_logs
WHERE api_key_id = ?
ORDER BY created_at DESC
LIMIT 100
)`
)
.bind(apiKeyId, apiKeyId)
.run()
} catch (error) {
console.error('Failed to cleanup old logs:', error)
}
}
/**
* Get API Key usage logs
* @param apiKeyId API Key ID
* @param limit Maximum number of logs to return (default: 10)
* @param db D1 Database
* @returns Array of log entries
*/
export async function getApiKeyLogs(
apiKeyId: string,
db: D1Database,
limit: number = 10
): Promise {
const result = await db
.prepare(
`SELECT api_key_id, user_id, endpoint, method, status, ip, created_at
FROM api_key_logs
WHERE api_key_id = ?
ORDER BY created_at DESC
LIMIT ?`
)
.bind(apiKeyId, limit)
.all()
return result.results as unknown as LogEntry[]
}
/**
* Get API Key usage statistics
* @param apiKeyId API Key ID
* @param db D1 Database
* @returns Statistics object with total requests, last used time and IP
*/
export async function getApiKeyStats(
apiKeyId: string,
db: D1Database
): Promise<{
total_requests: number
last_used_at: string | null
last_used_ip: string | null
}> {
const result = await db
.prepare(
`SELECT
COUNT(*) as total_requests,
MAX(created_at) as last_used_at,
(SELECT ip FROM api_key_logs
WHERE api_key_id = ?
ORDER BY created_at DESC
LIMIT 1) as last_used_ip
FROM api_key_logs
WHERE api_key_id = ?`
)
.bind(apiKeyId, apiKeyId)
.first()
return result as unknown as {
total_requests: number
last_used_at: string | null
last_used_ip: string | null
}
}
================================================
FILE: tmarks/functions/lib/api-key/rate-limiter-types.ts
================================================
/**
* API Key Rate Limiter Types
*/
export type RateLimitWindow = 'minute' | 'hour' | 'day';
export interface RateLimitConfig {
per_minute: number;
per_hour: number;
per_day: number;
}
// Default limits: reasonable for normal use, low enough to deter abuse.
export const DEFAULT_LIMITS: RateLimitConfig = {
per_minute: 60,
per_hour: 1000,
per_day: 10000,
};
export interface RateLimitResult {
allowed: boolean;
window: RateLimitWindow;
limit: number;
remaining: number;
reset: number; // unix ms
retryAfter?: number; // seconds
}
================================================
FILE: tmarks/functions/lib/api-key/rate-limiter.ts
================================================
/**
* API Key Rate Limiter (D1-backed)
*/
import {
RateLimitWindow,
RateLimitConfig,
RateLimitResult,
DEFAULT_LIMITS
} from './rate-limiter-types';
let ensureTablePromise: Promise | null = null;
async function ensureTable(db: D1Database): Promise {
if (ensureTablePromise) return ensureTablePromise;
ensureTablePromise = db
.prepare(
`CREATE TABLE IF NOT EXISTS api_key_rate_limits (
api_key_id TEXT NOT NULL,
window TEXT NOT NULL,
window_start INTEGER NOT NULL,
count INTEGER NOT NULL DEFAULT 0,
updated_at INTEGER NOT NULL,
PRIMARY KEY (api_key_id, window, window_start)
)`
)
.run()
.then(() => undefined)
.catch(() => undefined);
return ensureTablePromise;
}
function getWindowMs(window: RateLimitWindow): number {
if (window === 'minute') return 60_000;
if (window === 'hour') return 3_600_000;
return 86_400_000;
}
function getLimit(limits: RateLimitConfig, window: RateLimitWindow): number {
if (window === 'minute') return limits.per_minute;
if (window === 'hour') return limits.per_hour;
return limits.per_day;
}
function getWindowStart(now: number, windowMs: number): number {
return Math.floor(now / windowMs) * windowMs;
}
async function maybeCleanup(db: D1Database, now: number): Promise {
// Use a consistent 1% probability for cleanup
if (Math.random() < 0.01) {
const cutoff = now - 7 * 86_400_000;
await db.prepare(`DELETE FROM api_key_rate_limits WHERE updated_at < ?`).bind(cutoff).run();
}
}
async function getCounts(
db: D1Database,
apiKeyId: string,
windows: Array<{ window: RateLimitWindow; windowStart: number }>
): Promise> {
const counts = new Map();
windows.forEach((w) => counts.set(w.window, 0));
const minute = windows.find((w) => w.window === 'minute')!;
const hour = windows.find((w) => w.window === 'hour')!;
const day = windows.find((w) => w.window === 'day')!;
const result = await db
.prepare(
`SELECT window, count
FROM api_key_rate_limits
WHERE api_key_id = ?
AND (
(window = 'minute' AND window_start = ?)
OR (window = 'hour' AND window_start = ?)
OR (window = 'day' AND window_start = ?)
)`
)
.bind(apiKeyId, minute.windowStart, hour.windowStart, day.windowStart)
.all<{ window: RateLimitWindow; count: number }>();
(result.results || []).forEach((row) => {
counts.set(row.window, Number(row.count) || 0);
});
return counts;
}
/**
* Check rate limit without incrementing counters.
*/
export async function checkRateLimit(
apiKeyId: string,
db: D1Database,
limits: RateLimitConfig = DEFAULT_LIMITS
): Promise {
const now = Date.now();
try {
await ensureTable(db);
const windows: Array<{ window: RateLimitWindow; windowStart: number }> = (['minute', 'hour', 'day'] as const).map((w) => {
const windowMs = getWindowMs(w);
return { window: w, windowStart: getWindowStart(now, windowMs) };
});
const counts = await getCounts(db, apiKeyId, windows);
let minuteAllowedResult: RateLimitResult | null = null;
for (const w of ['minute', 'hour', 'day'] as const) {
const limit = getLimit(limits, w);
const current = counts.get(w) || 0;
const windowMs = getWindowMs(w);
const windowStart = windows.find((x) => x.window === w)!.windowStart;
const reset = windowStart + windowMs;
const remaining = Math.max(0, limit - current);
if (current >= limit) {
return {
allowed: false,
window: w,
limit,
remaining: 0,
reset,
retryAfter: Math.max(0, Math.ceil((reset - now) / 1000)),
};
}
if (w === 'minute') {
minuteAllowedResult = {
allowed: true,
window: w,
limit,
remaining,
reset,
};
}
}
return (
minuteAllowedResult || {
allowed: true,
window: 'minute',
limit: limits.per_minute,
remaining: limits.per_minute,
reset: now + 60_000,
}
);
} catch {
// Fail-open to avoid accidental outage.
return {
allowed: true,
window: 'minute',
limit: limits.per_minute,
remaining: limits.per_minute,
reset: now + 60_000,
};
}
}
/**
* Atomically consume one request from all rate-limit windows if allowed.
*/
export async function consumeRateLimit(
apiKeyId: string,
db: D1Database,
limits: RateLimitConfig = DEFAULT_LIMITS
): Promise {
// 1. Check current limits
const result = await checkRateLimit(apiKeyId, db, limits);
// 2. Only increment counters AFTER confirming the request is allowed
if (result.allowed) {
try {
await recordRequest(apiKeyId, db);
// Return the result with decremented remaining count
return {
...result,
remaining: Math.max(0, result.remaining - 1),
};
} catch {
// If recording fails, still allow the request (fail-open)
return result;
}
}
return result;
}
/**
* Record a request by incrementing all counters.
*/
export async function recordRequest(
apiKeyId: string,
db: D1Database
): Promise {
const now = Date.now();
await ensureTable(db);
const windows: RateLimitWindow[] = ['minute', 'hour', 'day'];
const statements = windows.map((w) => {
const windowMs = getWindowMs(w);
const windowStart = getWindowStart(now, windowMs);
return db
.prepare(
`INSERT INTO api_key_rate_limits (api_key_id, window, window_start, count, updated_at)
VALUES (?, ?, ?, 1, ?)
ON CONFLICT(api_key_id, window, window_start)
DO UPDATE SET count = count + 1, updated_at = excluded.updated_at`
)
.bind(apiKeyId, w, windowStart, now);
});
// D1 batch is best-effort here
const anyDb = db as unknown as { batch?: (stmts: unknown[]) => Promise };
if (typeof anyDb.batch === 'function') {
await anyDb.batch(statements);
} else {
for (const stmt of statements) {
await stmt.run();
}
}
// Opportunistic cleanup
await maybeCleanup(db, now);
}
================================================
FILE: tmarks/functions/lib/api-key/validator.ts
================================================
/**
* API Key Validator
*/
import { hashApiKey } from './generator'
import { hasPermission } from '../../../shared/permissions'
interface ApiKeyData {
id: string
user_id: string
permissions: string // JSON string
status: 'active' | 'revoked' | 'expired'
expires_at: string | null
last_used_at: string | null
last_used_ip: string | null
}
interface ValidationResult {
valid: boolean
error?: string
data?: ApiKeyData
permissions?: string[]
}
/**
* Validate API Key
* @param apiKey API Key string
* @param db D1 Database instance
* @returns Validation result
*/
export async function validateApiKey(
apiKey: string,
db: D1Database
): Promise {
// 1. Validate format
if (!apiKey || !apiKey.startsWith('tmk_')) {
return { valid: false, error: 'Invalid API Key format' }
}
try {
// 2. Hash and query database
const keyHash = await hashApiKey(apiKey)
const keyData = await db
.prepare(
`SELECT id, user_id, permissions, status, expires_at, last_used_at, last_used_ip
FROM api_keys
WHERE key_hash = ?`
)
.bind(keyHash)
.first()
if (!keyData) {
return { valid: false, error: 'API Key not found' }
}
// 3. Check if revoked
if (keyData.status === 'revoked') {
return { valid: false, error: 'API Key has been revoked' }
}
// 4. Check if expired
if (keyData.status === 'expired') {
return { valid: false, error: 'API Key has expired' }
}
// 5. Check expiration date
if (keyData.expires_at) {
const expiresAt = new Date(keyData.expires_at)
if (expiresAt < new Date()) {
await markAsExpired(keyData.id, db)
return { valid: false, error: 'API Key has expired' }
}
}
// 6. Parse permissions
const permissions = JSON.parse(keyData.permissions) as string[]
return {
valid: true,
data: keyData,
permissions,
}
} catch (error) {
console.error('API Key validation error:', error)
return { valid: false, error: 'Internal validation error' }
}
}
/**
* Check if permissions include required permission
* @param permissions Array of permission strings
* @param requiredPermission Required permission to check
* @returns True if permission is granted
*/
export function checkPermission(permissions: string[], requiredPermission: string): boolean {
return hasPermission(permissions, requiredPermission)
}
/**
* Mark API Key as expired
* @param keyId API Key ID
* @param db D1 Database instance
*/
async function markAsExpired(keyId: string, db: D1Database): Promise {
await db
.prepare(
`UPDATE api_keys
SET status = 'expired', updated_at = datetime('now')
WHERE id = ?`
)
.bind(keyId)
.run()
}
/**
* Update last used timestamp and IP address
* @param keyId API Key ID
* @param ip Client IP address
* @param db D1 Database instance
*/
export async function updateLastUsed(
keyId: string,
ip: string | null,
db: D1Database
): Promise {
await db
.prepare(
`UPDATE api_keys
SET last_used_at = datetime('now'),
last_used_ip = ?,
updated_at = datetime('now')
WHERE id = ?`
)
.bind(ip, keyId)
.run()
}
================================================
FILE: tmarks/functions/lib/bookmark-utils.ts
================================================
import type { Bookmark, BookmarkRow } from './types'
/**
* Bookmark
*/
export function normalizeBookmark(row: BookmarkRow): Bookmark {
return {
...row,
is_pinned: Boolean(row.is_pinned),
is_archived: Boolean(row.is_archived),
is_public: Boolean(row.is_public),
click_count: Number(row.click_count || 0),
has_snapshot: Boolean(row.has_snapshot),
snapshot_count: Number(row.snapshot_count || 0),
}
}
================================================
FILE: tmarks/functions/lib/cache/README.md
================================================
# TMarks 缓存系统
## 📖 概述
TMarks 缓存系统提供灵活、强健、成本可控的多层缓存解决方案。
### 核心特性
- ✅ **4 级配置** - 从无缓存到激进缓存
- ✅ **批量操作零成本** - 批量导入不写缓存
- ✅ **优雅降级** - KV 故障自动降级到 D1
- ✅ **多层缓存** - 内存 + KV + D1
- ✅ **模块化设计** - 易于维护和扩展
## 🏗️ 架构
```
用户请求
↓
L1: Worker 内存缓存 (<1ms)
↓ 未命中
L2: KV 边缘缓存 (<10ms)
↓ 未命中
L3: D1 数据库 (50-200ms)
```
## 📁 文件结构
```
cache/
├── types.ts # 类型定义
├── config.ts # 配置管理 (4 级预设)
├── strategies.ts # 缓存策略 (键生成、判断)
├── service.ts # 核心服务 (多层缓存、降级)
├── bookmark-cache.ts # 书签缓存封装
├── index.ts # 导出接口
└── README.md # 本文档
```
## 🚀 快速开始
### 1. 配置
```toml
# wrangler.toml
[vars]
CACHE_LEVEL = "1" # 0-3
ENABLE_KV_CACHE = "true"
```
### 2. 使用
```typescript
import { CacheService } from './lib/cache'
import { createBookmarkCacheManager } from './lib/cache/bookmark-cache'
// 初始化
const cache = new CacheService(env)
const bookmarkCache = createBookmarkCacheManager(cache)
// 获取缓存
const cached = await bookmarkCache.getBookmarkList(userId, params)
if (cached) return success(cached)
// 查询数据库
const data = await queryDB(...)
// 写入缓存 (异步)
await bookmarkCache.setBookmarkList(userId, params, data, { async: true })
```
## ⚙️ 配置级别
| 级别 | 说明 | 月成本 | 响应时间 | 命中率 |
|------|------|--------|----------|--------|
| 0 | 无缓存 | ~$5 | 100-300ms | 0% |
| 1 | 最小缓存 ⭐ | ~$8 | 50-100ms | 60-70% |
| 2 | 标准缓存 | ~$12 | 30-50ms | 80-85% |
| 3 | 激进缓存 | ~$20 | 20-30ms | 90-95% |
### Level 0: 无缓存
```typescript
strategies: {
rateLimit: true, // 仅速率限制
publicShare: false,
defaultList: false,
tagFilter: false,
search: false,
complexQuery: false,
}
```
### Level 1: 最小缓存 (推荐默认)
```typescript
strategies: {
rateLimit: true,
publicShare: true,
defaultList: true, // 缓存默认列表
tagFilter: false,
search: false,
complexQuery: false,
}
```
### Level 2: 标准缓存 (推荐生产)
```typescript
strategies: {
rateLimit: true,
publicShare: true,
defaultList: true,
tagFilter: true, // 缓存标签筛选
search: false,
complexQuery: false,
}
memoryCache: {
enabled: true, // 启用内存缓存
maxAge: 60,
}
```
### Level 3: 激进缓存
```typescript
strategies: {
rateLimit: true,
publicShare: true,
defaultList: true,
tagFilter: true,
search: true, // 缓存搜索
complexQuery: true, // 缓存复杂查询
}
```
## 🔧 API 参考
### CacheService
核心缓存服务类。
```typescript
class CacheService {
// 获取缓存
async get(type: CacheStrategyType, key: string): Promise
// 设置缓存
async set(type: CacheStrategyType, key: string, data: T, options?: CacheSetOptions): Promise
// 删除缓存
async delete(key: string): Promise