build: carry over source from blogpress

.codecov.yml

@@ -0,0 +1,2 @@
+coverage:
+  range: '75...100'

.editorconfig

@@ -0,0 +1,9 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+charset = utf-8
+indent_style = space
+indent_size = 2

.env.default

@@ -0,0 +1,163 @@
+### GLOBAL VARIABLES ###
+
+# If !false, Next's bundle(s) will be analyzed and report files generated.
+ANALYZE=false
+
+# This will overwrite the NODE_ENV setting during runtime and for the compiled
+# applications.
+#
+# Recognized values: test development production
+# Default value: empty
+NODE_ENV=
+
+# MongoDB connect URI. Specify auth credentials if necessary. YOU MUST *NOT*
+# SPECIFY A DATABASE AT THE END!
+MONGODB_URI=mongodb://127.0.0.1:27017
+
+# Dedicated port to be used by the MongoDB Memory Server during unit tests.
+# Especially useful when stepping through code, since you can always access the
+# db at `mongodb://127.0.0.1:MONGODB_MS_PORT` when the debugger is paused.
+# Tip: call `jest.setTimeout()` with a large number (i.e. 10**6) to ensure the
+# MongoClient isn't closed randomly leading to strange errors.
+#
+# Leave this blank to choose any random port (not recommended). Note: this
+# option is also used when Node is started in debug mode, e.g. `node
+# --inspect-brk` or `node --debug`, or if the debugger is attached before the
+# database connection is memoized.
+MONGODB_MS_PORT=6666
+
+# Determines the maximum allowed character length of an *entire* HTTP
+# Authorization header. The default is 500.
+AUTH_HEADER_MAX_LENGTH=500
+
+# Controls which versions of the API will respond to requests. Examples (disable
+# v1; disable v1 and v2; disable v3, v5, and v7):
+#   DISABLED_API_VERSIONS=1
+#   DISABLED_API_VERSIONS=1,2
+#   DISABLED_API_VERSIONS=3,5,7
+#
+# Note that `DISABLED_API_VERSIONS=` (i.e. empty) means no
+# versions are disabled!
+DISABLED_API_VERSIONS=
+
+# Determines the number of items returned by paginated endpoints.
+RESULTS_PER_PAGE=100
+
+# If !false, all rate limits and exponential soft banning will be ignored.
+IGNORE_RATE_LIMITS=false
+
+# If !false, no one will be able to use the API.
+LOCKOUT_ALL_CLIENTS=false
+
+# Controls what request methods are allowed. Empty means all are allowed
+# (default).
+#
+# Example, to make API read-only:
+#   DISALLOWED_METHODS=POST,PUT
+DISALLOWED_METHODS=
+
+# Every Nth request will be be cancelled and an HTTP 555 response returned. Note
+# that, in addition to every Nth request, the very first request sent to the API
+# will also return a contrived error. Set to 0 to disable all contrived errors.
+REQUESTS_PER_CONTRIVED_ERROR=10
+
+# Maximum allowed size of a request body (and content-length header value) in
+# bytes. Should be a string like 1kb, 1mb, 500b.
+MAX_CONTENT_LENGTH_BYTES=10kb
+
+# Maximum number of parameters that can be passed to endpoints that accept
+# multiple slash parameters.
+MAX_PARAMS_PER_REQUEST=100
+
+# Minimum allowed string length of a username.
+MIN_USER_NAME_LENGTH=4
+
+# Maximum allowed string length of a username.
+MAX_USER_NAME_LENGTH=16
+
+# Minimum allowed string length of a user email.
+MIN_USER_EMAIL_LENGTH=4
+
+# Maximum allowed string length of a user email.
+MAX_USER_EMAIL_LENGTH=75
+
+# Expected string length of a user's cryptographic salt (hexadecimal length).
+USER_SALT_LENGTH=32
+
+# Expected string length of a user's cryptographic key (hexadecimal length).
+USER_KEY_LENGTH=128
+
+# Maximum number of pages a blog can have.
+MAX_USER_BLOG_PAGES=100
+
+# Maximum allowed length of a blog name.
+MAX_BLOG_NAME_LENGTH=100
+
+# Maximum allowed length of a blog navigation link's href.
+MAX_NAV_LINK_HREF_LENGTH=150
+
+# Maximum allowed length of a blog navigation link's text.
+MAX_NAV_LINK_TEXT_LENGTH=50
+
+# Maximum allowed length of a blog page's name.
+MAX_BLOG_PAGE_NAME_LENGTH=100
+
+# Maximum allowed length of a blog page's name. Should be a string like 1kb,
+# 1mb, 500b.
+MAX_BLOG_PAGE_CONTENTS_LENGTH_BYTES=3kb
+
+# How long active sessions are kept around before being deleted. Renewing an
+# active session will reset the session's time-to-live.
+SESSION_EXPIRE_AFTER_SECONDS=30
+
+### EXTERNAL SCRIPT VARIABLES ###
+# (optional unless using the relevant external script)
+
+# How often this script is going to be invoked. This doesn't determine anything
+# automatically on its own, this is useful to ensure the script works no matter
+# how often you decide to call it.
+BAN_HAMMER_WILL_BE_CALLED_EVERY_SECONDS=60
+
+# The maximum number of requests per BAN_HAMMER_RESOLUTION_WINDOW_SECONDS
+# allowed by a single client.
+BAN_HAMMER_MAX_REQUESTS_PER_WINDOW=10
+
+# How far back into the past this script looks when checking a key or ip against
+# BAN_HAMMER_MAX_REQUESTS_PER_WINDOW.
+BAN_HAMMER_RESOLUTION_WINDOW_SECONDS=1
+
+# The initial amount of time an offender is banned.
+BAN_HAMMER_DEFAULT_BAN_TIME_MINUTES=1
+
+# When an offender is banned twice in the same "period," they're banned for
+# BAN_HAMMER_DEFAULT_BAN_TIME_MINUTES * BAN_HAMMER_RECIDIVISM_PUNISH_MULTIPLIER
+# minutes instead of the default. This is also the length of the "period".
+BAN_HAMMER_RECIDIVISM_PUNISH_MULTIPLIER=2
+
+# The size (in bytes) of the root request-log collection will not be allowed to
+# exceed this amount. Oldest entries are deleted first. Should be a string like
+# 1kb, 1mb, 500b.
+PRUNE_DATA_MAX_LOGS_BYTES=50mb
+
+# The size (in bytes) of the root limited-log collection will not be allowed to
+# exceed this amount. Oldest entries are deleted first. Should be a string like
+# 1kb, 1mb, 500b.
+PRUNE_DATA_MAX_BANNED_BYTES=10mb
+
+# The size (in bytes) of the pages collection will not be allowed to exceed this
+# amount. Oldest entries are deleted first. Should be a string like 1kb, 1mb,
+# 500b.
+PRUNE_DATA_MAX_PAGES_BYTES=300mb
+
+# The size (in bytes) of the sessions collection will not be allowed to exceed
+# this amount. Oldest entries are deleted first. Should be a string like 1kb,
+# 1mb, 500b.
+PRUNE_DATA_MAX_SESSIONS_BYTES=20mb
+
+# The size (in bytes) of the users collection will not be allowed to exceed this
+# amount. Oldest entries are deleted first. Should be a string like 1kb, 1mb,
+# 500b.
+PRUNE_DATA_MAX_USERS_BYTES=50mb
+
+### TOOLS FRONTEND VARIABLES ###
+# (optional unless using tools)