@access-dlsu/leapify 0.260507.1 → 0.260507.5

package/dist/worker.js

@@ -25089,13 +25089,22 @@ var errorHandler2 = (err, c) => {
   );
 };
 
+// src/types.ts
+function parseCmsMode(raw2) {
+  if (raw2 === "cloudflare" || raw2 === "contentful") return raw2;
+  return "hybrid";
+}
+
 // node_modules/hono/dist/middleware/cors/index.js
 var cors = (options) => {
-  const opts = {
+  const defaults = {
     origin: "*",
     allowMethods: ["GET", "HEAD", "PUT", "POST", "DELETE", "PATCH"],
     allowHeaders: [],
-    exposeHeaders: [],
+    exposeHeaders: []
+  };
+  const opts = {
+    ...defaults,
     ...options
   };
   const findAllowOrigin = ((optsOrigin) => {
@@ -25186,9 +25195,22 @@ function createCorsMiddleware(allowedOrigins) {
   });
   return async (c, next) => {
     const origin = c.req.header("origin");
+    if (c.req.path.startsWith("/api/uploads/images")) {
+      c.header("Access-Control-Allow-Origin", "*");
+      c.header("Access-Control-Allow-Methods", "GET, OPTIONS");
+      if (c.req.method === "OPTIONS") {
+        return c.body(null, 204);
+      }
+      return next();
+    }
     if (!c.req.path.startsWith("/health") && !c.req.path.startsWith("/api/auth") && !c.req.path.startsWith("/internal") && origin && !allowedOrigins.includes("*") && !allowedOrigins.includes(origin)) {
       return c.json(
-        { error: { code: "DOMAIN_RESTRICTED", message: `Origin ${origin} is not allowed` } },
+        {
+          error: {
+            code: "DOMAIN_RESTRICTED",
+            message: `Origin ${origin} is not allowed`
+          }
+        },
         403
       );
     }
@@ -25224,7 +25246,15 @@ var CHALLENGE_KV_PREFIX = "pow:challenge:";
 var DEFAULT_POW_DIFFICULTY = 4;
 var CHALLENGE_TTL_SEC = 120;
 var COOKIE_MAX_AGE_SEC = 3600;
-var EXEMPT_PATHS = ["/health", "/internal", "/api/auth"];
+var EXEMPT_PATHS = [
+  "/health",
+  "/internal",
+  "/api/auth",
+  "/api/uploads/images",
+  "/api/classes",
+  "/api/faqs",
+  "/api/config"
+];
 function base64urlEncode(bytes) {
   let binary2 = "";
   for (const byte of bytes) {
@@ -25389,16 +25419,24 @@ async function handlePowVerify(c) {
   const secret = c.env.INTERNAL_API_SECRET;
   const ip = getClientIp(c);
   const token = await signCookie(secret, ip);
+  const isSecure = c.req.raw.url.startsWith("https") || c.req.header("x-forwarded-proto") === "https";
   c.header(
     "Set-Cookie",
-    `${POW_COOKIE_NAME}=${token}; Path=/; Max-Age=${COOKIE_MAX_AGE_SEC}; Secure; HttpOnly; SameSite=Lax`
+    `${POW_COOKIE_NAME}=${token}; Path=/; Max-Age=${COOKIE_MAX_AGE_SEC}; ${isSecure ? "Secure; " : ""}HttpOnly; SameSite=Lax`
   );
   return c.json({ redirect: redir || "/" });
 }
 function createPowChallengeMiddleware() {
   return createMiddleware(async (c, next) => {
     if (c.req.path === POW_VERIFY_PATH) return next();
-    if (EXEMPT_PATHS.some((p) => c.req.path.startsWith(p))) return next();
+    const normalizedPath = c.req.path.toLowerCase().replace(/\/$/, "");
+    const isExempt = EXEMPT_PATHS.some((p) => {
+      const ep = p.toLowerCase().replace(/\/$/, "");
+      return normalizedPath === ep || normalizedPath.startsWith(ep + "/");
+    });
+    console.log(`[pow] path=${c.req.path} normalized=${normalizedPath} exempt=${isExempt}`);
+    if (isExempt) return next();
+    if (c.req.method === "OPTIONS") return next();
     if (c.req.header("Authorization")) return next();
     const cookieHeader = c.req.header("Cookie") ?? "";
     const cookieMatch = cookieHeader.match(
@@ -62511,12 +62549,14 @@ function drizzle(client, config3 = {}) {
 // src/db/schema/index.ts
 var schema_exports = {};
 __export(schema_exports, {
+  CONTENTFUL_CONFIG_KEYS: () => CONTENTFUL_CONFIG_KEYS,
   authAccount: () => authAccount,
   authSession: () => authSession,
   authUser: () => authUser,
   authVerification: () => authVerification,
   bookmarks: () => bookmarks,
   bookmarksRelations: () => bookmarksRelations,
+  contentfulConfig: () => contentfulConfig,
   events: () => events,
   eventsRelations: () => eventsRelations,
   faqs: () => faqs,
@@ -62568,7 +62608,7 @@ var organizationsRelations = relations(organizations, ({ many }) => ({
   events: many(events)
 }));
 
-// src/db/schema/events.ts
+// src/db/schema/classes.ts
 var events = sqliteTable(
   "events",
   {
@@ -62593,7 +62633,7 @@ var events = sqliteTable(
     // start time string
     endTime: text("end_time"),
     // end time string
-    isMajor: integer2("is_major", { mode: "boolean" }).notNull().default(false),
+    isSpotlight: integer2("is_spotlight", { mode: "boolean" }).notNull().default(false),
     // Slot tracking (local counter — NOT polled from Google Forms)
     maxSlots: integer2("max_slots").notNull().default(0),
     registeredSlots: integer2("registered_slots").notNull().default(0),
@@ -62650,6 +62690,18 @@ var siteConfig = sqliteTable("site_config", {
   // JSON-serializable string
   updatedAt: integer2("updated_at").notNull().default(sql2`(unixepoch())`)
 });
+var CONTENTFUL_CONFIG_KEYS = {
+  ENABLED: "contentful.enabled",
+  SPACE_ID: "contentful.spaceId",
+  MANAGEMENT_TOKEN: "contentful.managementToken",
+  DEFAULT_SPACE_ID: "dlsu-events"
+};
+var contentfulConfig = sqliteTable("contentful_config", {
+  space_id: text("space_id"),
+  contentful_enabled: integer2("contentful_enabled").notNull().default(0),
+  last_sync_at: integer2("last_sync_at"),
+  updated_at: integer2("updated_at").default(sql2`(unixepoch())`).notNull()
+});
 
 // src/db/schema/faqs.ts
 var faqs = sqliteTable("faqs", {
@@ -62819,11 +62871,21 @@ function createAuth(env2) {
             };
             if (isFirstUser) {
               await db.insert(users).values(base).onConflictDoUpdate({
-                target: users.betterAuthId,
-                set: { role: "super_admin" }
+                target: users.email,
+                set: {
+                  betterAuthId: user.id,
+                  role: "super_admin",
+                  name: user.name ?? user.email.split("@")[0]
+                }
               });
             } else {
-              await db.insert(users).values(base).onConflictDoNothing({ target: users.betterAuthId });
+              await db.insert(users).values(base).onConflictDoUpdate({
+                target: users.email,
+                set: {
+                  betterAuthId: user.id,
+                  name: user.name ?? user.email.split("@")[0]
+                }
+              });
             }
           }
         }
@@ -62852,7 +62914,13 @@ async function resolveUser(env2, betterAuthUserId, betterAuthUserEmail, betterAu
       betterAuthId: betterAuthUserId,
       email: betterAuthUserEmail,
       name: betterAuthUserName ?? betterAuthUserEmail.split("@")[0]
-    }).onConflictDoNothing({ target: users.betterAuthId }).returning();
+    }).onConflictDoUpdate({
+      target: users.email,
+      set: {
+        betterAuthId: betterAuthUserId,
+        name: betterAuthUserName ?? betterAuthUserEmail.split("@")[0]
+      }
+    }).returning();
     dbUser = created;
   }
   if (!dbUser) throw unauthorized("Failed to resolve user record");
@@ -63819,7 +63887,7 @@ var adminEventsRateLimit = createRateLimitMiddleware({
   identifier: "uid"
 });
 
-// src/routes/events.ts
+// src/routes/classes.ts
 var EVENTS_LIST_KV_KEY = "events:list";
 var EVENTS_ETAG_KV_KEY = "events:etag";
 var EVENTS_LIST_TTL = 300;
@@ -63835,7 +63903,7 @@ async function pushEventToContentful(env2, event) {
     const fields = {
       title: ContentfulManagement.locale(event.title),
       slug: ContentfulManagement.locale(event.slug),
-      isMajor: ContentfulManagement.locale(event.isMajor),
+      isSpotlight: ContentfulManagement.locale(event.isSpotlight),
       maxSlots: ContentfulManagement.locale(event.maxSlots)
     };
     if (event.themeId) fields.theme = ContentfulManagement.entryRef(event.themeId);
@@ -63898,7 +63966,7 @@ var createEventSchema = external_exports.object({
   startTime: external_exports.string().optional(),
   endTime: external_exports.string().optional(),
   registrationClosesAt: external_exports.number().optional(),
-  isMajor: external_exports.boolean().default(false),
+  isSpotlight: external_exports.boolean().default(false),
   maxSlots: external_exports.number().int().min(0).default(0),
   gformsId: external_exports.string().optional(),
   gformsUrl: external_exports.string().url().optional(),
@@ -63907,11 +63975,11 @@ var createEventSchema = external_exports.object({
   contentfulEntryId: external_exports.string().optional(),
   status: external_exports.enum(["draft", "queued", "published"]).default("draft")
 });
-var eventsRoute = new Hono2();
+var classesRoute = new Hono2();
 function generateSlug(title) {
   return title.toLowerCase().trim().replace(/[^\w\s-]/g, "").replace(/[\s_-]+/g, "-").replace(/^-+|-+$/g, "");
 }
-eventsRoute.get("/admin", authMiddleware, adminMiddleware, async (c) => {
+classesRoute.get("/admin", authMiddleware, adminMiddleware, async (c) => {
   const db = createDb(c.env.DB);
   const data = await db.query.events.findMany({
     with: { theme: true, organization: true },
@@ -63919,7 +63987,7 @@ eventsRoute.get("/admin", authMiddleware, adminMiddleware, async (c) => {
   });
   return c.json({ data });
 });
-eventsRoute.post("/admin/publish", authMiddleware, adminMiddleware, async (c) => {
+classesRoute.post("/admin/publish", authMiddleware, adminMiddleware, async (c) => {
   const body = await c.req.json();
   const db = createDb(c.env.DB);
   const cache3 = new CacheService(c.env.KV);
@@ -63947,7 +64015,7 @@ eventsRoute.post("/admin/publish", authMiddleware, adminMiddleware, async (c) =>
   ]);
   return c.json({ data: { updated: body.ids.length } });
 });
-eventsRoute.get("/", eventsListRateLimit, async (c) => {
+classesRoute.get("/", eventsListRateLimit, async (c) => {
   const db = createDb(c.env.DB);
   const cache3 = new CacheService(c.env.KV);
   const [latest] = await db.select({ max: events.publishedAt }).from(events).where(eq(events.status, "published")).limit(1);
@@ -63958,7 +64026,7 @@ eventsRoute.get("/", eventsListRateLimit, async (c) => {
   );
   const ifNoneMatch = c.req.header("If-None-Match");
   if (ifNoneMatch === etag) {
-    return c.newResponse(null, 304);
+    return c.body(null, 304);
   }
   const data = await cache3.getOrSet(
     EVENTS_LIST_KV_KEY,
@@ -63982,7 +64050,7 @@ eventsRoute.get("/", eventsListRateLimit, async (c) => {
         startTime: true,
         endTime: true,
         registrationClosesAt: true,
-        isMajor: true,
+        isSpotlight: true,
         maxSlots: true,
         registeredSlots: true,
         gformsUrl: true,
@@ -63999,7 +64067,7 @@ eventsRoute.get("/", eventsListRateLimit, async (c) => {
   );
   return c.json({ data });
 });
-eventsRoute.get("/:slug", async (c) => {
+classesRoute.get("/:slug", async (c) => {
   const { slug } = c.req.param();
   const db = createDb(c.env.DB);
   const event = await db.query.events.findFirst({
@@ -64011,7 +64079,7 @@ eventsRoute.get("/:slug", async (c) => {
   if (!event) throw notFound("Event");
   return c.json({ data: event });
 });
-eventsRoute.get("/:slug/slots", eventsSlotsRateLimit, async (c) => {
+classesRoute.get("/:slug/slots", eventsSlotsRateLimit, async (c) => {
   const { slug } = c.req.param();
   const db = createDb(c.env.DB);
   const cache3 = new CacheService(c.env.KV);
@@ -64021,7 +64089,7 @@ eventsRoute.get("/:slug/slots", eventsSlotsRateLimit, async (c) => {
   c.header("Cache-Control", "public, max-age=5, stale-while-revalidate=5");
   return c.json({ data: info2 });
 });
-eventsRoute.post(
+classesRoute.post(
   "/",
   authMiddleware,
   adminMiddleware,
@@ -64056,11 +64124,13 @@ eventsRoute.post(
       cache3.del(EVENTS_LIST_KV_KEY),
       cache3.del(EVENTS_ETAG_KV_KEY)
     ]);
-    c.executionCtx.waitUntil(pushEventToContentful(c.env, created));
+    if (c.get("cmsMode") === "hybrid") {
+      c.executionCtx.waitUntil(pushEventToContentful(c.env, created));
+    }
     return c.json({ data: created }, 201);
   }
 );
-eventsRoute.patch("/:slug", authMiddleware, adminMiddleware, async (c) => {
+classesRoute.patch("/:slug", authMiddleware, adminMiddleware, async (c) => {
   const { slug } = c.req.param();
   const body = await c.req.json();
   const db = createDb(c.env.DB);
@@ -64075,10 +64145,12 @@ eventsRoute.patch("/:slug", authMiddleware, adminMiddleware, async (c) => {
     cache3.del(EVENTS_LIST_KV_KEY),
     cache3.del(EVENTS_ETAG_KV_KEY)
   ]);
-  c.executionCtx.waitUntil(pushEventToContentful(c.env, updated));
+  if (c.get("cmsMode") === "hybrid") {
+    c.executionCtx.waitUntil(pushEventToContentful(c.env, updated));
+  }
   return c.json({ data: updated });
 });
-eventsRoute.delete("/:slug", authMiddleware, adminMiddleware, async (c) => {
+classesRoute.delete("/:slug", authMiddleware, adminMiddleware, async (c) => {
   const { slug } = c.req.param();
   const db = createDb(c.env.DB);
   const cache3 = new CacheService(c.env.KV);
@@ -64177,7 +64249,447 @@ usersRoute.delete("/me/bookmarks/:eventId", authMiddleware, async (c) => {
   return c.json({ data: { bookmarked: false } });
 });
 
+// src/services/contentful.ts
+var CONTENTFUL_CDN = "https://cdn.contentful.com";
+var ContentfulService = class _ContentfulService {
+  spaceId;
+  accessToken;
+  environment;
+  constructor(spaceId, accessToken, environment = "master") {
+    this.spaceId = spaceId;
+    this.accessToken = accessToken;
+    this.environment = environment;
+  }
+  /**
+   * Returns true if the required Contentful credentials are configured.
+   */
+  static isConfigured(spaceId, accessToken) {
+    return !!(spaceId && accessToken);
+  }
+  // ─── Entries ─────────────────────────────────────────────────────────────
+  /**
+   * Fetch all entries of a given content type.
+   * Handles pagination automatically (100 per page, Contentful max).
+   */
+  async getEntries(contentTypeId) {
+    const allItems = [];
+    let skip = 0;
+    const limit = 100;
+    do {
+      const url2 = this.buildUrl(`/entries`, {
+        content_type: contentTypeId,
+        skip: String(skip),
+        limit: String(limit),
+        include: "2"
+        // resolve up to 2 levels of linked entries/assets
+      });
+      const res = await fetch(url2, { headers: this.headers() });
+      if (!res.ok) {
+        throw new Error(`Contentful entries error: ${res.status} ${await res.text()}`);
+      }
+      const data = await res.json();
+      allItems.push(...data.items);
+      skip += limit;
+      if (allItems.length >= data.total) break;
+    } while (true);
+    return allItems;
+  }
+  /**
+   * Fetch all assets. Handles pagination.
+   */
+  async getAssets() {
+    const allItems = [];
+    let skip = 0;
+    const limit = 100;
+    do {
+      const url2 = this.buildUrl(`/assets`, {
+        skip: String(skip),
+        limit: String(limit)
+      });
+      const res = await fetch(url2, { headers: this.headers() });
+      if (!res.ok) {
+        throw new Error(`Contentful assets error: ${res.status} ${await res.text()}`);
+      }
+      const data = await res.json();
+      allItems.push(...data.items);
+      skip += limit;
+      if (allItems.length >= data.total) break;
+    } while (true);
+    return allItems;
+  }
+  // ─── Asset file download ─────────────────────────────────────────────────
+  /**
+   * Download an asset file from Contentful's CDN.
+   * Returns the raw ArrayBuffer and content type.
+   */
+  async downloadAsset(assetUrl) {
+    const url2 = assetUrl.startsWith("//") ? `https:${assetUrl}` : assetUrl;
+    const res = await fetch(url2);
+    if (!res.ok) {
+      throw new Error(`Failed to download asset: ${res.status}`);
+    }
+    const contentType = res.headers.get("Content-Type") ?? "application/octet-stream";
+    const data = await res.arrayBuffer();
+    return { data, contentType };
+  }
+  // ─── Helpers ─────────────────────────────────────────────────────────────
+  /**
+   * Extract a field value from a Contentful entry, handling locale wrapping.
+   * Contentful fields are often `{ "en-US": value }` — this unwraps them.
+   */
+  static getField(entry, fieldName) {
+    const raw2 = entry.fields[fieldName];
+    if (raw2 === void 0 || raw2 === null) return void 0;
+    if (typeof raw2 === "object" && !Array.isArray(raw2) && "en-US" in raw2) {
+      return raw2["en-US"];
+    }
+    return raw2;
+  }
+  /**
+   * Extract a linked entry/sys reference ID from a reference field.
+   */
+  static getRefId(entry, fieldName) {
+    const ref = _ContentfulService.getField(entry, fieldName);
+    return ref?.sys?.id;
+  }
+  /**
+   * Extract an asset URL from a linked asset field.
+   */
+  static getAssetUrl(entry, fieldName) {
+    const asset = _ContentfulService.getField(entry, fieldName);
+    return asset?.sys?.id;
+  }
+  /**
+   * Resolve an asset URL by ID from a list of fetched assets.
+   */
+  static resolveAssetUrl(assets, assetId) {
+    const asset = assets.find((a) => a.sys.id === assetId);
+    return asset?.fields?.file?.url;
+  }
+  // ─── Private ─────────────────────────────────────────────────────────────
+  headers() {
+    return {
+      Authorization: `Bearer ${this.accessToken}`,
+      "Content-Type": "application/json"
+    };
+  }
+  buildUrl(path, params = {}) {
+    const url2 = new URL(
+      `/spaces/${this.spaceId}/environments/${this.environment}${path}`,
+      CONTENTFUL_CDN
+    );
+    for (const [key, value] of Object.entries(params)) {
+      url2.searchParams.set(key, value);
+    }
+    return url2.toString();
+  }
+};
+
 // src/services/snapshot.ts
+var DEFAULT_FIELDS = {
+  event: {
+    title: "title",
+    slug: "slug",
+    theme: "theme",
+    organization: "organization",
+    venue: "venue",
+    date: "date",
+    startTime: "startTime",
+    endTime: "endTime",
+    price: "price",
+    image: "image",
+    isSpotlight: "isSpotlight",
+    maxSlots: "maxSlots",
+    gformsUrl: "gformsUrl",
+    gformsEditorUrl: "gformsEditorUrl",
+    registrationClosesAt: "registrationClosesAt",
+    classCode: "classCode"
+  },
+  theme: {
+    name: "name",
+    path: "path"
+  },
+  faq: {
+    question: "question",
+    answer: "answer",
+    category: "category",
+    sortOrder: "sortOrder"
+  },
+  organization: {
+    name: "name",
+    acronym: "acronym",
+    logoUrl: "logoUrl",
+    link: "link"
+  },
+  siteConfig: {
+    key: "key",
+    value: "value"
+  }
+};
+var CONTENTFUL_CACHE_PREFIX = "contentful:cache";
+var CONTENTFUL_CACHE_TTL = 300;
+async function snapshotAllContent(db, bucket, contentful, config3 = {}, kv) {
+  const mergedConfig = {
+    eventTypeId: config3.eventTypeId ?? "event",
+    themeTypeId: config3.themeTypeId ?? "theme",
+    faqTypeId: config3.faqTypeId ?? "faq",
+    organizationTypeId: config3.organizationTypeId ?? "organization",
+    fields: {
+      event: { ...DEFAULT_FIELDS.event, ...config3.fields?.event },
+      theme: { ...DEFAULT_FIELDS.theme, ...config3.fields?.theme },
+      faq: { ...DEFAULT_FIELDS.faq, ...config3.fields?.faq },
+      organization: { ...DEFAULT_FIELDS.organization, ...config3.fields?.organization },
+      siteConfig: { ...DEFAULT_FIELDS.siteConfig, ...config3.fields?.siteConfig }
+    }
+  };
+  const result = {
+    themesSynced: 0,
+    eventsSynced: 0,
+    faqsSynced: 0,
+    organizationsSynced: 0,
+    imagesUploaded: 0,
+    imagesSkipped: 0,
+    errors: []
+  };
+  let allAssets = [];
+  if (bucket) {
+    try {
+      allAssets = await contentful.getAssets();
+    } catch (err) {
+      result.errors.push(`Failed to fetch assets: ${err}`);
+    }
+  }
+  try {
+    const cacheKey = `${CONTENTFUL_CACHE_PREFIX}:themes`;
+    let themeEntries;
+    if (kv) {
+      const cached2 = await kv.get(cacheKey, "json");
+      if (cached2) {
+        themeEntries = cached2;
+      } else {
+        themeEntries = await contentful.getEntries(mergedConfig.themeTypeId);
+        await kv.put(cacheKey, JSON.stringify(themeEntries), { expirationTtl: CONTENTFUL_CACHE_TTL });
+      }
+    } else {
+      themeEntries = await contentful.getEntries(mergedConfig.themeTypeId);
+    }
+    result.themesSynced = await syncThemes(db, themeEntries, mergedConfig);
+  } catch (err) {
+    result.errors.push(`Themes sync failed: ${err}`);
+  }
+  try {
+    const cacheKey = `${CONTENTFUL_CACHE_PREFIX}:organizations`;
+    let orgEntries;
+    if (kv) {
+      const cached2 = await kv.get(cacheKey, "json");
+      if (cached2) {
+        orgEntries = cached2;
+      } else {
+        orgEntries = await contentful.getEntries(mergedConfig.organizationTypeId);
+        await kv.put(cacheKey, JSON.stringify(orgEntries), { expirationTtl: CONTENTFUL_CACHE_TTL });
+      }
+    } else {
+      orgEntries = await contentful.getEntries(mergedConfig.organizationTypeId);
+    }
+    await syncOrganizations(db, orgEntries, mergedConfig);
+  } catch (err) {
+    result.errors.push(`Organizations sync failed: ${err}`);
+  }
+  try {
+    const cacheKey = `${CONTENTFUL_CACHE_PREFIX}:events`;
+    let eventEntries;
+    if (kv) {
+      const cached2 = await kv.get(cacheKey, "json");
+      if (cached2) {
+        eventEntries = cached2;
+      } else {
+        eventEntries = await contentful.getEntries(mergedConfig.eventTypeId);
+        await kv.put(cacheKey, JSON.stringify(eventEntries), { expirationTtl: CONTENTFUL_CACHE_TTL });
+      }
+    } else {
+      eventEntries = await contentful.getEntries(mergedConfig.eventTypeId);
+    }
+    result.eventsSynced = await syncEvents(db, bucket, contentful, allAssets, eventEntries, mergedConfig, result);
+  } catch (err) {
+    result.errors.push(`Events sync failed: ${err}`);
+  }
+  try {
+    const cacheKey = `${CONTENTFUL_CACHE_PREFIX}:faqs`;
+    let faqEntries;
+    if (kv) {
+      const cached2 = await kv.get(cacheKey, "json");
+      if (cached2) {
+        faqEntries = cached2;
+      } else {
+        faqEntries = await contentful.getEntries(mergedConfig.faqTypeId);
+        await kv.put(cacheKey, JSON.stringify(faqEntries), { expirationTtl: CONTENTFUL_CACHE_TTL });
+      }
+    } else {
+      faqEntries = await contentful.getEntries(mergedConfig.faqTypeId);
+    }
+    result.faqsSynced = await syncFaqs(db, faqEntries, mergedConfig);
+  } catch (err) {
+    result.errors.push(`FAQs sync failed: ${err}`);
+  }
+  console.log(
+    `[Snapshot] Complete: ${result.themesSynced} themes, ${result.organizationsSynced} organizations, ${result.eventsSynced} events, ${result.faqsSynced} FAQs, ${result.imagesUploaded} images uploaded, ${result.imagesSkipped} images skipped, ${result.errors.length} errors`
+  );
+  return result;
+}
+async function syncThemes(db, entries, config3) {
+  let count2 = 0;
+  for (const entry of entries) {
+    const cfId = entry.sys.id;
+    const name = ContentfulService.getField(entry, config3.fields.theme.name);
+    const path = ContentfulService.getField(entry, config3.fields.theme.path);
+    if (!name || !path) continue;
+    await db.insert(themes).values({ id: cfId, name, path }).onConflictDoUpdate({
+      target: themes.id,
+      set: { name, path }
+    });
+    count2++;
+  }
+  return count2;
+}
+async function syncOrganizations(db, entries, config3) {
+  let count2 = 0;
+  for (const entry of entries) {
+    const cfId = entry.sys.id;
+    const f = config3.fields.organization;
+    const name = ContentfulService.getField(entry, f.name);
+    const acronym = ContentfulService.getField(entry, f.acronym);
+    if (!name || !acronym) continue;
+    const logoUrl = ContentfulService.getField(entry, f.logoUrl) ?? null;
+    const link = ContentfulService.getField(entry, f.link) ?? null;
+    await db.insert(organizations).values({ id: cfId, name, acronym, logoUrl, link }).onConflictDoUpdate({
+      target: organizations.id,
+      set: { name, acronym, logoUrl, link }
+    });
+    count2++;
+  }
+  return count2;
+}
+async function syncEvents(db, bucket, contentful, allAssets, entries, config3, result) {
+  let count2 = 0;
+  for (const entry of entries) {
+    try {
+      const cfId = entry.sys.id;
+      const f = config3.fields.event;
+      const title = ContentfulService.getField(entry, f.title);
+      if (!title) {
+        result.errors.push(`Event ${cfId}: missing title, skipping`);
+        continue;
+      }
+      const slug = ContentfulService.getField(entry, f.slug) ?? slugify2(title);
+      const themeRef = ContentfulService.getField(entry, f.theme);
+      const themeId = themeRef?.sys?.id ?? null;
+      const orgRef = ContentfulService.getField(entry, f.organization);
+      const organizationId = orgRef?.sys?.id ?? null;
+      let backgroundImageUrl = null;
+      if (bucket) {
+        const imageRef = ContentfulService.getField(entry, f.image);
+        const assetId = imageRef?.sys?.id;
+        if (assetId) {
+          const assetUrl = ContentfulService.resolveAssetUrl(allAssets, assetId);
+          if (assetUrl) {
+            const r2Key = `contentful/${assetId}`;
+            const uploaded = await uploadAssetIfChanged(bucket, contentful, assetUrl, r2Key);
+            if (uploaded.skipped) {
+              result.imagesSkipped++;
+            } else {
+              result.imagesUploaded++;
+            }
+            backgroundImageUrl = `/uploads/images/${r2Key}`;
+          }
+        }
+      }
+      const values = {
+        id: cfId,
+        contentfulEntryId: cfId,
+        title,
+        slug,
+        themeId,
+        organizationId,
+        updatedAt: entry.sys.updatedAt
+      };
+      const venue = ContentfulService.getField(entry, f.venue);
+      if (venue !== void 0) values.venue = venue;
+      const date5 = ContentfulService.getField(entry, f.date);
+      if (date5 !== void 0) values.dateTime = date5;
+      const price = ContentfulService.getField(entry, f.price);
+      if (price !== void 0) values.price = price;
+      if (backgroundImageUrl) values.backgroundImageUrl = backgroundImageUrl;
+      const isSpotlight = ContentfulService.getField(entry, f.isSpotlight);
+      if (isSpotlight !== void 0) values.isSpotlight = isSpotlight;
+      const maxSlots = ContentfulService.getField(entry, f.maxSlots);
+      if (maxSlots !== void 0) values.maxSlots = maxSlots;
+      const gformsUrl = ContentfulService.getField(entry, f.gformsUrl);
+      if (gformsUrl !== void 0) values.gformsUrl = gformsUrl;
+      const gformsEditorUrl = ContentfulService.getField(entry, f.gformsEditorUrl);
+      if (gformsEditorUrl !== void 0) values.gformsEditorUrl = gformsEditorUrl;
+      const classCode = ContentfulService.getField(entry, f.classCode);
+      if (classCode !== void 0) values.classCode = classCode;
+      const startTime = ContentfulService.getField(entry, f.startTime);
+      if (startTime !== void 0) values.startTime = startTime;
+      const endTime = ContentfulService.getField(entry, f.endTime);
+      if (endTime !== void 0) values.endTime = endTime;
+      const regCloseRaw = ContentfulService.getField(entry, f.registrationClosesAt);
+      if (regCloseRaw) {
+        const ms = Date.parse(regCloseRaw);
+        if (!Number.isNaN(ms)) values.registrationClosesAt = Math.floor(ms / 1e3);
+      }
+      await db.insert(events).values(values).onConflictDoUpdate({
+        target: events.id,
+        set: values
+      });
+      count2++;
+    } catch (err) {
+      result.errors.push(`Event ${entry.sys.id}: ${err}`);
+    }
+  }
+  return count2;
+}
+async function syncFaqs(db, entries, config3) {
+  let count2 = 0;
+  for (const entry of entries) {
+    const cfId = entry.sys.id;
+    const f = config3.fields.faq;
+    const question = ContentfulService.getField(entry, f.question);
+    const answer = ContentfulService.getField(entry, f.answer);
+    if (!question || !answer) continue;
+    const category = ContentfulService.getField(entry, f.category) ?? null;
+    const sortOrder = ContentfulService.getField(entry, f.sortOrder) ?? 0;
+    await db.insert(faqs).values({
+      id: cfId,
+      question,
+      answer,
+      category,
+      sortOrder
+    }).onConflictDoUpdate({
+      target: faqs.id,
+      set: { question, answer, category, sortOrder }
+    });
+    count2++;
+  }
+  return count2;
+}
+async function uploadAssetIfChanged(bucket, contentful, assetUrl, r2Key) {
+  const { data, contentType } = await contentful.downloadAsset(assetUrl);
+  const sha = await computeSha256(data);
+  const existing = await bucket.head(r2Key);
+  if (existing?.customMetadata?.sha256 === sha) {
+    return { skipped: true };
+  }
+  await bucket.put(r2Key, data, {
+    httpMetadata: { contentType },
+    customMetadata: {
+      sha256: sha,
+      source: "contentful",
+      syncedAt: (/* @__PURE__ */ new Date()).toISOString()
+    }
+  });
+  return { skipped: false };
+}
 async function batchRun(items, fn, concurrency = 5) {
   const results = [];
   for (let i = 0; i < items.length; i += concurrency) {
@@ -64187,6 +64699,13 @@ async function batchRun(items, fn, concurrency = 5) {
   }
   return results;
 }
+async function computeSha256(data) {
+  const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+  return Array.from(new Uint8Array(hashBuffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function slugify2(text2) {
+  return text2.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "");
+}
 async function ensureContentTypes(mgmt, config3 = {}) {
   const eventTypeId = config3.eventTypeId ?? "event";
   const themeTypeId = config3.themeTypeId ?? "theme";
@@ -64207,7 +64726,7 @@ async function ensureContentTypes(mgmt, config3 = {}) {
     { id: "endTime", name: "End Time", type: "Symbol" },
     { id: "price", name: "Price", type: "Symbol" },
     { id: "image", name: "Image", type: "Link", linkType: "Asset" },
-    { id: "isMajor", name: "Major Event", type: "Boolean" },
+    { id: "isSpotlight", name: "Spotlight", type: "Boolean" },
     { id: "maxSlots", name: "Max Slots", type: "Integer" },
     { id: "gformsUrl", name: "Google Forms URL", type: "Symbol" },
     { id: "gformsEditorUrl", name: "Google Forms Editor URL", type: "Symbol" },
@@ -64292,7 +64811,7 @@ async function pushToContentful(db, mgmt, config3 = {}, kv, forceFull = false) {
       const fields = {
         title: ContentfulManagement.locale(event.title),
         slug: ContentfulManagement.locale(event.slug),
-        isMajor: ContentfulManagement.locale(event.isMajor),
+        isSpotlight: ContentfulManagement.locale(event.isSpotlight),
         maxSlots: ContentfulManagement.locale(event.maxSlots)
       };
       if (event.themeId) fields.theme = ContentfulManagement.entryRef(event.themeId);
@@ -64363,6 +64882,9 @@ siteConfigRoute.get("/", async (c) => {
       siteName: config3.site_name ?? null,
       registrationGloballyOpen: config3.registration_globally_open ?? true,
       maintenanceMode: config3.maintenance_mode ?? false,
+      // Prefer the D1-persisted value over the env-var default so that
+      // PATCH /config/cms_mode changes are reflected immediately.
+      cmsMode: config3.cms_mode ?? c.get("cmsMode"),
       now: Math.floor(Date.now() / 1e3)
     }
   });
@@ -64384,6 +64906,10 @@ siteConfigRoute.patch("/:key", authMiddleware, adminMiddleware, async (c) => {
 var SYNC_LOCK_KEY = "contentful:sync:lock";
 var SYNC_LOCK_TTL = 60;
 siteConfigRoute.post("/sync-content", authMiddleware, adminMiddleware, async (c) => {
+  const cmsMode = c.get("cmsMode");
+  if (cmsMode === "cloudflare") {
+    throw serviceUnavailable("Contentful sync is not available in Cloudflare-only mode.");
+  }
   if (!ContentfulManagement.isConfigured(c.env.CONTENTFUL_SPACE_ID, c.env.CONTENTFUL_MANAGEMENT_TOKEN)) {
     throw serviceUnavailable("Contentful Management API credentials not configured.");
   }
@@ -64470,7 +64996,9 @@ faqsRoute.post(
     const cache3 = new CacheService(c.env.KV);
     const [created] = await db.insert(faqs).values(body).returning();
     await cache3.del(FAQS_KV_KEY);
-    c.executionCtx.waitUntil(pushFaqToContentful(c.env, created));
+    if (c.get("cmsMode") === "hybrid") {
+      c.executionCtx.waitUntil(pushFaqToContentful(c.env, created));
+    }
     return c.json({ data: created }, 201);
   }
 );
@@ -64483,7 +65011,9 @@ faqsRoute.patch("/:id", authMiddleware, adminMiddleware, async (c) => {
   const [updated] = await db.update(faqs).set({ ...body, updatedAt: now2 }).where(eq(faqs.id, id)).returning();
   if (!updated) throw notFound("FAQ");
   await cache3.del(FAQS_KV_KEY);
-  c.executionCtx.waitUntil(pushFaqToContentful(c.env, updated));
+  if (c.get("cmsMode") === "hybrid") {
+    c.executionCtx.waitUntil(pushFaqToContentful(c.env, updated));
+  }
   return c.json({ data: updated });
 });
 faqsRoute.delete("/:id", authMiddleware, adminMiddleware, async (c) => {
@@ -64759,7 +65289,9 @@ themesRoute.post(
     const db = createDb(c.env.DB);
     try {
       const [created] = await db.insert(themes).values(body).returning();
-      c.executionCtx.waitUntil(pushThemeToContentful(c.env, created));
+      if (c.get("cmsMode") === "hybrid") {
+        c.executionCtx.waitUntil(pushThemeToContentful(c.env, created));
+      }
       return c.json({ data: created }, 201);
     } catch (err) {
       if (err.message && err.message.includes("UNIQUE constraint failed")) {
@@ -64780,7 +65312,9 @@ themesRoute.patch(
     try {
       const [updated] = await db.update(themes).set(body).where(eq(themes.id, id)).returning();
       if (!updated) throw notFound("Theme");
-      c.executionCtx.waitUntil(pushThemeToContentful(c.env, updated));
+      if (c.get("cmsMode") === "hybrid") {
+        c.executionCtx.waitUntil(pushThemeToContentful(c.env, updated));
+      }
       return c.json({ data: updated });
     } catch (err) {
       if (err.message && err.message.includes("UNIQUE constraint failed")) {
@@ -64795,7 +65329,9 @@ themesRoute.delete("/:id", authMiddleware, adminMiddleware, async (c) => {
   const db = createDb(c.env.DB);
   const [deleted] = await db.delete(themes).where(eq(themes.id, id)).returning();
   if (!deleted) throw notFound("Theme");
-  c.executionCtx.waitUntil(deleteThemeFromContentful(c.env, id));
+  if (c.get("cmsMode") === "hybrid") {
+    c.executionCtx.waitUntil(deleteThemeFromContentful(c.env, id));
+  }
   return c.body(null, 204);
 });
 
@@ -64859,6 +65395,83 @@ organizationsRoute.delete("/:id", authMiddleware, adminMiddleware, async (c) =>
   return c.body(null, 204);
 });
 
+// src/routes/contentful-sync.ts
+var contentfulSyncRoute = new Hono2();
+contentfulSyncRoute.post(
+  "/trigger",
+  authMiddleware,
+  adminMiddleware,
+  async (c) => {
+    const env2 = c.env;
+    const { CONTENTFUL_SPACE_ID, CONTENTFUL_ACCESS_TOKEN, CONTENTFUL_MANAGEMENT_TOKEN, CONTENTFUL_ENVIRONMENT } = env2;
+    if (!CONTENTFUL_SPACE_ID || !CONTENTFUL_ACCESS_TOKEN) {
+      return c.json({ error: { code: "NOT_CONFIGURED", message: "Contentful credentials missing" } }, 400);
+    }
+    const db = createDb(env2.DB);
+    const contentful = new ContentfulService(CONTENTFUL_SPACE_ID, CONTENTFUL_ACCESS_TOKEN, CONTENTFUL_ENVIRONMENT);
+    try {
+      if (CONTENTFUL_MANAGEMENT_TOKEN) {
+        const mgmt = new ContentfulManagement(CONTENTFUL_SPACE_ID, CONTENTFUL_MANAGEMENT_TOKEN, CONTENTFUL_ENVIRONMENT);
+        await ensureContentTypes(mgmt);
+      }
+      c.executionCtx.waitUntil(
+        snapshotAllContent(db, env2.FILES, contentful, {}, env2.KV).then((r) => console.log("[Contentful] Snapshot complete:", JSON.stringify(r))).catch((err) => console.error("[Contentful] Snapshot failed:", err))
+      );
+      return c.json({ message: "Contentful sync triggered", triggeredAt: Math.floor(Date.now() / 1e3) });
+    } catch (err) {
+      console.error("[Contentful] Sync trigger failed:", err);
+      return c.json({ error: { code: "SYNC_FAILED", message: err?.message ?? "Failed to trigger sync" } }, 500);
+    }
+  }
+);
+contentfulSyncRoute.post(
+  "/push",
+  authMiddleware,
+  adminMiddleware,
+  async (c) => {
+    const env2 = c.env;
+    const { CONTENTFUL_SPACE_ID, CONTENTFUL_MANAGEMENT_TOKEN, CONTENTFUL_ENVIRONMENT } = env2;
+    if (!CONTENTFUL_SPACE_ID || !CONTENTFUL_MANAGEMENT_TOKEN) {
+      return c.json({ error: { code: "NOT_CONFIGURED", message: "Contentful management credentials missing" } }, 400);
+    }
+    const db = createDb(env2.DB);
+    const mgmt = new ContentfulManagement(CONTENTFUL_SPACE_ID, CONTENTFUL_MANAGEMENT_TOKEN, CONTENTFUL_ENVIRONMENT);
+    try {
+      c.executionCtx.waitUntil(
+        pushToContentful(db, mgmt, {}, env2.KV).then((r) => console.log("[Contentful] Push complete:", JSON.stringify(r))).catch((err) => console.error("[Contentful] Push failed:", err))
+      );
+      return c.json({ message: "Contentful push triggered", triggeredAt: Math.floor(Date.now() / 1e3) });
+    } catch (err) {
+      console.error("[Contentful] Push trigger failed:", err);
+      return c.json({ error: { code: "SYNC_FAILED", message: err?.message ?? "Failed to trigger push" } }, 500);
+    }
+  }
+);
+contentfulSyncRoute.get(
+  "/status",
+  authMiddleware,
+  adminMiddleware,
+  async (c) => {
+    const env2 = c.env;
+    const db = createDb(env2.DB);
+    const [[{ themes: themes2 }], [{ events: events2 }], [{ faqs: faqs2 }], [{ orgs }]] = await Promise.all([
+      db.all(sql2`SELECT count(*) as themes FROM themes`),
+      db.all(sql2`SELECT count(*) as events FROM events`),
+      db.all(sql2`SELECT count(*) as faqs FROM faqs`),
+      db.all(sql2`SELECT count(*) as orgs FROM organizations`)
+    ]);
+    const isConfigured = !!env2.CONTENTFUL_SPACE_ID && !!env2.CONTENTFUL_ACCESS_TOKEN;
+    const canPush = !!env2.CONTENTFUL_SPACE_ID && !!env2.CONTENTFUL_MANAGEMENT_TOKEN;
+    return c.json({
+      isConfigured,
+      canPush,
+      cmsMode: c.get("cmsMode"),
+      spaceId: env2.CONTENTFUL_SPACE_ID ?? null,
+      totals: { themes: themes2, events: events2, faqs: faqs2, organizations: orgs }
+    });
+  }
+);
+
 // src/app.ts
 function createApp(options = {}) {
   const app2 = new Hono2();
@@ -64872,6 +65485,12 @@ function createApp(options = {}) {
   app2.use("*", createCorsMiddleware(options.allowedOrigins ?? ["*"]));
   app2.use("*", createPowChallengeMiddleware());
   app2.use("*", createRefererGuard(options.allowedOrigins ?? ["*"]));
+  app2.use("*", async (c, next) => {
+    const overrideRaw = await c.env.KV.get("config:cms_mode").catch(() => null);
+    const override = overrideRaw ? JSON.parse(overrideRaw) : null;
+    c.set("cmsMode", parseCmsMode(override ?? c.env.CMS_MODE));
+    return next();
+  });
   app2.on(["POST", "GET"], "/api/auth/*", (c) => {
     const auth = createAuth(c.env);
     const req = c.req.raw;
@@ -64883,7 +65502,7 @@ function createApp(options = {}) {
       return auth.handler(new Request(req.url, {
         method: req.method,
         headers: newHeaders,
-        body: req.method === "GET" ? null : req.body,
+        body: req.method === "GET" || req.method === "HEAD" || req.method === "OPTIONS" ? null : req.body,
         redirect: req.redirect
       }));
     }
@@ -64904,12 +65523,13 @@ function createApp(options = {}) {
   app2.post(POW_VERIFY_PATH, handlePowVerify);
   app2.route("/health", healthRoute);
   app2.route("/api/config", siteConfigRoute);
-  app2.route("/api/events", eventsRoute);
+  app2.route("/api/classes", classesRoute);
   app2.route("/api/themes", themesRoute);
   app2.route("/api/users", usersRoute);
   app2.route("/api/organizations", organizationsRoute);
   app2.route("/api/faqs", faqsRoute);
   app2.route("/api/uploads", uploadsRoute);
+  app2.route("/api/contentful", contentfulSyncRoute);
   app2.route("/internal/gforms-webhook", gformsWebhookRoute);
   app2.onError(errorHandler2);
   app2.notFound(
@@ -65543,6 +66163,7 @@ var PATCH_STATEMENTS = [
   `ALTER TABLE "events" ADD COLUMN "class_code" text`,
   `ALTER TABLE "events" ADD COLUMN "start_time" text`,
   `ALTER TABLE "events" ADD COLUMN "end_time" text`,
+  `ALTER TABLE "events" RENAME COLUMN "is_major" TO "is_spotlight"`,
   `CREATE INDEX IF NOT EXISTS "idx_events_organization_id" ON "events" ("organization_id")`
 ];
 var CREATE_STATEMENTS = [
@@ -65646,7 +66267,7 @@ var CREATE_STATEMENTS = [
     "class_code" text,
     "start_time" text,
     "end_time" text,
-    "is_major" integer DEFAULT false NOT NULL,
+    "is_spotlight" integer DEFAULT false NOT NULL,
     "max_slots" integer DEFAULT 0 NOT NULL,
     "registered_slots" integer DEFAULT 0 NOT NULL,
     "gforms_id" text,
@@ -65708,7 +66329,9 @@ async function ensureDatabase(d1) {
     try {
       await d1.prepare(sql3).run();
     } catch (err) {
-      if (err?.message?.includes("duplicate column")) continue;
+      if (err?.message?.includes("duplicate column") || err?.message?.includes("no such column") && err?.message?.includes("is_major")) {
+        continue;
+      }
       throw err;
     }
   }