@dyrected/core 2.5.16 → 2.5.18

package/dist/index.cjs

@@ -1170,19 +1170,27 @@ function parseMongoWhere(where) {
 }
 
 // src/utils/hooks.ts
-async function runCollectionHooks(hooks, args) {
+async function runCollectionHooks(hooks, args, options = {}) {
   if (!hooks || hooks.length === 0) {
     return args.data ?? args.doc ?? void 0;
   }
   let currentPayload = args.data ?? args.doc ?? void 0;
   for (const hook of hooks) {
-    const result = await hook({
-      ...args,
-      data: args.data !== void 0 ? currentPayload : void 0,
-      doc: args.doc !== void 0 ? currentPayload : void 0
-    });
-    if (result !== void 0) {
-      currentPayload = result;
+    try {
+      const result = await hook({
+        ...args,
+        data: args.data !== void 0 ? currentPayload : void 0,
+        doc: args.doc !== void 0 ? currentPayload : void 0
+      });
+      if (result !== void 0) {
+        currentPayload = result;
+      }
+    } catch (err) {
+      if (options.isolated) {
+        console.error("[dyrected/core] Side-effect hook failed (error isolated \u2014 DB write was successful):", err);
+      } else {
+        throw err;
+      }
     }
   }
   return currentPayload;
@@ -1683,7 +1691,7 @@ var CollectionController = class {
       user,
       req: c.req,
       operation: "create"
-    });
+    }, { isolated: true });
     const readDoc = await runCollectionHooks(this.collection.hooks?.afterRead, {
       doc,
       req: c.req,
@@ -1741,7 +1749,7 @@ var CollectionController = class {
       user,
       req: c.req,
       operation: "create"
-    });
+    }, { isolated: true });
     const readDoc = await runCollectionHooks(this.collection.hooks?.afterRead, {
       doc,
       req: c.req,
@@ -1799,7 +1807,7 @@ var CollectionController = class {
       user,
       req: c.req,
       operation: "update"
-    });
+    }, { isolated: true });
     const readDoc = await runCollectionHooks(this.collection.hooks?.afterRead, {
       doc,
       req: c.req,
@@ -1914,7 +1922,7 @@ var CollectionController = class {
       doc,
       user,
       req: c.req
-    });
+    }, { isolated: true });
     return c.json({ message: "Deleted" });
   }
   async deleteMany(c) {
@@ -1971,7 +1979,7 @@ var CollectionController = class {
           doc,
           user,
           req: c.req
-        });
+        }, { isolated: true });
       } catch (err) {
         failed.push({ id, error: err?.message ?? "Unknown error" });
       }
@@ -2073,7 +2081,7 @@ var GlobalController = class {
       user,
       req: c.req,
       operation: "update"
-    });
+    }, { isolated: true });
     const readDoc = await runCollectionHooks(this.global.hooks?.afterRead, {
       doc: updated,
       req: c.req,
@@ -2305,11 +2313,37 @@ function buildWelcomeEmail(config, args) {
   return {
     subject: custom?.subject ?? "Welcome \u2014 your account is ready",
     html: custom?.html ?? `
-      <div style="font-family:sans-serif;max-width:600px;margin:0 auto">
-        <h2>Welcome!</h2>
-        <p>Your account has been created. You can now log in with:</p>
-        <p><strong>${args.email}</strong></p>
-      </div>`
+      <table cellpadding="0" cellspacing="0" border="0" style="width:100%;background-color:#f9fafb;table-layout:fixed">
+        <tr>
+          <td align="center" style="padding:40px 16px">
+            <table cellpadding="0" cellspacing="0" border="0" style="width:100%;max-width:600px;background-color:#ffffff;border-radius:12px;border:1px solid #e5e7eb;table-layout:fixed">
+              <tr>
+                <td style="padding:32px 32px 0">
+                  <p style="margin:0 0 4px;font-size:12px;font-weight:600;color:#6b7280;font-family:sans-serif;text-transform:uppercase;letter-spacing:0.05em">Dyrected</p>
+                  <h1 style="margin:0 0 24px;font-size:22px;font-weight:700;color:#111827;font-family:sans-serif">Welcome!</h1>
+                </td>
+              </tr>
+              <tr>
+                <td style="padding:0 32px">
+                  <p style="margin:0 0 12px;font-size:14px;color:#4b5563;line-height:1.6;font-family:sans-serif">Your account has been created. You can now log in with:</p>
+                  <table cellpadding="0" cellspacing="0" border="0" style="width:100%;background-color:#f3f4f6;border-radius:6px;table-layout:fixed">
+                    <tr>
+                      <td style="padding:12px 16px;font-size:14px;font-weight:600;color:#111827;font-family:sans-serif;word-break:break-all">
+                        ${args.email}
+                      </td>
+                    </tr>
+                  </table>
+                </td>
+              </tr>
+              <tr>
+                <td style="padding:32px">
+                  <p style="margin:0;font-size:12px;color:#9ca3af;font-family:sans-serif">If you didn't create this account, you can safely ignore this email.</p>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>`
   };
 }
 function buildInviteEmail(config, args) {
@@ -2317,24 +2351,89 @@ function buildInviteEmail(config, args) {
   return {
     subject: custom?.subject ?? "You've been invited",
     html: custom?.html ?? `
-      <div style="font-family:sans-serif;max-width:600px;margin:0 auto">
-        <h2>You've been invited</h2>
-        ${args.invitedByEmail ? `<p>Invited by <strong>${args.invitedByEmail}</strong>.</p>` : ""}
-        <p>Use the token below to accept your invitation. It expires in 7 days.</p>
-        <pre style="background:#f4f4f4;padding:12px;border-radius:4px;word-break:break-all">${args.token}</pre>
-      </div>`
+      <table cellpadding="0" cellspacing="0" border="0" style="width:100%;background-color:#f9fafb;table-layout:fixed">
+        <tr>
+          <td align="center" style="padding:40px 16px">
+            <table cellpadding="0" cellspacing="0" border="0" style="width:100%;max-width:600px;background-color:#ffffff;border-radius:12px;border:1px solid #e5e7eb;table-layout:fixed">
+              <tr>
+                <td style="padding:32px 32px 0">
+                  <p style="margin:0 0 4px;font-size:12px;font-weight:600;color:#6b7280;font-family:sans-serif;text-transform:uppercase;letter-spacing:0.05em">Dyrected</p>
+                  <h1 style="margin:0 0 24px;font-size:22px;font-weight:700;color:#111827;font-family:sans-serif">You've been invited</h1>
+                </td>
+              </tr>
+              <tr>
+                <td style="padding:0 32px">
+                  ${args.invitedByEmail ? `<p style="margin:0 0 12px;font-size:14px;color:#4b5563;line-height:1.6;font-family:sans-serif">You were invited by <strong style="color:#111827">${args.invitedByEmail}</strong>.</p>` : ""}
+                  <p style="margin:0 0 16px;font-size:14px;color:#4b5563;line-height:1.6;font-family:sans-serif">Use the token below to accept your invitation. It expires in 7 days.</p>
+                  <table cellpadding="0" cellspacing="0" border="0" style="width:100%;background-color:#f3f4f6;border-radius:6px;table-layout:fixed">
+                    <tr>
+                      <td style="padding:12px 16px;font-family:monospace;font-size:12px;color:#374151;word-break:break-all;white-space:normal;line-height:1.4">
+                        ${args.token}
+                      </td>
+                    </tr>
+                  </table>
+                </td>
+              </tr>
+              <tr>
+                <td style="padding:32px">
+                  <p style="margin:0;font-size:12px;color:#9ca3af;font-family:sans-serif">If you weren't expecting this invitation, you can safely ignore this email.</p>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>`
   };
 }
 function buildResetPasswordEmail(config, args) {
   const custom = config.email?.templates?.resetPassword?.(args);
+  const resetLink = args.url;
   return {
     subject: custom?.subject ?? "Reset your password",
     html: custom?.html ?? `
-      <div style="font-family:sans-serif;max-width:600px;margin:0 auto">
-        <h2>Reset your password</h2>
-        <p>Use the token below to reset your password. It expires in 1 hour.</p>
-        <pre style="background:#f4f4f4;padding:12px;border-radius:4px;word-break:break-all">${args.token}</pre>
-      </div>`
+      <table cellpadding="0" cellspacing="0" border="0" style="width:100%;background-color:#f9fafb;table-layout:fixed">
+        <tr>
+          <td align="center" style="padding:40px 16px">
+            <table cellpadding="0" cellspacing="0" border="0" style="width:100%;max-width:600px;background-color:#ffffff;border-radius:12px;border:1px solid #e5e7eb;table-layout:fixed">
+              <tr>
+                <td style="padding:32px 32px 0">
+                  <p style="margin:0 0 4px;font-size:12px;font-weight:600;color:#6b7280;font-family:sans-serif;text-transform:uppercase;letter-spacing:0.05em">Dyrected</p>
+                  <h1 style="margin:0 0 24px;font-size:22px;font-weight:700;color:#111827;font-family:sans-serif">Reset your password</h1>
+                </td>
+              </tr>
+              <tr>
+                <td style="padding:0 32px">
+                  <p style="margin:0 0 24px;font-size:14px;color:#4b5563;line-height:1.6;font-family:sans-serif">We received a request to reset your password. Use the button below to set a new password. It will expire in 1 hour.</p>
+                  ${resetLink ? `
+                  <table cellpadding="0" cellspacing="0" border="0" style="margin-bottom:24px">
+                    <tr>
+                      <td style="border-radius:6px;background-color:#111827">
+                        <a href="${resetLink}" style="display:inline-block;padding:12px 28px;font-size:14px;font-weight:600;color:#ffffff;text-decoration:none;font-family:sans-serif;border-radius:6px">
+                          Reset Password
+                        </a>
+                      </td>
+                    </tr>
+                  </table>
+                  ` : ""}
+                  <p style="margin:0 0 8px;font-size:12px;color:#9ca3af;font-family:sans-serif">Or copy and paste this token manually in the admin dashboard:</p>
+                  <table cellpadding="0" cellspacing="0" border="0" style="width:100%;background-color:#f3f4f6;border-radius:6px;table-layout:fixed">
+                    <tr>
+                      <td style="padding:12px 16px;font-family:monospace;font-size:12px;color:#374151;word-break:break-all;white-space:normal;line-height:1.4">
+                        ${args.token}
+                      </td>
+                    </tr>
+                  </table>
+                </td>
+              </tr>
+              <tr>
+                <td style="padding:32px">
+                  <p style="margin:0;font-size:12px;color:#9ca3af;font-family:sans-serif">If you didn't request a password reset, you can safely ignore this email.</p>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>`
   };
 }
 function buildPasswordChangedEmail(config, args) {
@@ -2342,11 +2441,44 @@ function buildPasswordChangedEmail(config, args) {
   return {
     subject: custom?.subject ?? "Your password has been changed",
     html: custom?.html ?? `
-      <div style="font-family:sans-serif;max-width:600px;margin:0 auto">
-        <h2>Password changed</h2>
-        <p>The password for <strong>${args.email}</strong> was just changed.</p>
-        <p>If you did not make this change, please contact support immediately.</p>
-      </div>`
+      <table cellpadding="0" cellspacing="0" border="0" style="width:100%;background-color:#f9fafb;table-layout:fixed">
+        <tr>
+          <td align="center" style="padding:40px 16px">
+            <table cellpadding="0" cellspacing="0" border="0" style="width:100%;max-width:600px;background-color:#ffffff;border-radius:12px;border:1px solid #e5e7eb;table-layout:fixed">
+              <tr>
+                <td style="padding:32px 32px 0">
+                  <p style="margin:0 0 4px;font-size:12px;font-weight:600;color:#6b7280;font-family:sans-serif;text-transform:uppercase;letter-spacing:0.05em">Dyrected</p>
+                  <h1 style="margin:0 0 24px;font-size:22px;font-weight:700;color:#111827;font-family:sans-serif">Password changed</h1>
+                </td>
+              </tr>
+              <tr>
+                <td style="padding:0 32px">
+                  <p style="margin:0 0 12px;font-size:14px;color:#4b5563;line-height:1.6;font-family:sans-serif">The password for your account was just changed:</p>
+                  <table cellpadding="0" cellspacing="0" border="0" style="width:100%;background-color:#f3f4f6;border-radius:6px;table-layout:fixed">
+                    <tr>
+                      <td style="padding:12px 16px;font-size:14px;font-weight:600;color:#111827;font-family:sans-serif;word-break:break-all">
+                        ${args.email}
+                      </td>
+                    </tr>
+                  </table>
+                  <table cellpadding="0" cellspacing="0" border="0" style="width:100%;margin-top:16px;background-color:#fef2f2;border-radius:6px;border:1px solid #fecaca;table-layout:fixed">
+                    <tr>
+                      <td style="padding:12px 16px;font-size:13px;color:#b91c1c;line-height:1.5;font-family:sans-serif">
+                        If you did not make this change, please contact support immediately.
+                      </td>
+                    </tr>
+                  </table>
+                </td>
+              </tr>
+              <tr>
+                <td style="padding:32px">
+                  <p style="margin:0;font-size:12px;color:#9ca3af;font-family:sans-serif">This is an automated security notification.</p>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>`
   };
 }
 
@@ -2507,8 +2639,10 @@ var AuthController = class {
         { sub: user.id, email: user.email, collection: this.collection.slug, purpose: "reset" },
         "1h"
       );
+      const resetUrl = body?.resetUrl;
+      const url = resetUrl ? `${resetUrl}${resetUrl.includes("?") ? "&" : "?"}token=${encodeURIComponent(resetToken)}` : void 0;
       try {
-        const { subject, html } = buildResetPasswordEmail(config, { token: resetToken });
+        const { subject, html } = buildResetPasswordEmail(config, { token: resetToken, url });
         await sendEmail(config, { to: user.email, subject, html });
       } catch (err) {
         console.error("[dyrected/core] Failed to send password reset email:", err);

package/dist/index.d.cts

@@ -1,5 +1,5 @@
-import { D as DyrectedConfig, F as Field, C as CollectionConfig, P as Prettify, I as InferDocShape, S as SystemDocFields, A as AuthDocFields, U as UploadDocFields, G as GlobalConfig } from './app-DO1s9YW1.cjs';
-export { a as AccessFunction, b as AdminConfig, c as AuthenticatedUser, B as BaseDocument, d as Block, e as CollectionAfterChangeHook, f as CollectionAfterDeleteHook, g as CollectionAfterReadHook, h as CollectionBeforeChangeHook, i as CollectionBeforeDeleteHook, j as CollectionBeforeReadHook, k as DatabaseAdapter, l as DynamicOptionItem, m as DynamicOptionsConfig, n as DynamicOptionsResolver, o as DynamicOptionsResolverArgs, p as DyrectedContext, q as FieldAfterReadHook, r as FieldBeforeChangeHook, s as FieldHook, t as FieldType, u as FileData, v as GlobalAfterChangeHook, w as GlobalAfterReadHook, x as GlobalBeforeChangeHook, y as GlobalBeforeReadHook, H as HookFunction, z as HookRequestContext, E as ImageService, J as PaginatedResult, K as StorageAdapter, L as UploadConfig, M as createDyrectedApp } from './app-DO1s9YW1.cjs';
+import { D as DyrectedConfig, F as Field, C as CollectionConfig, P as Prettify, I as InferDocShape, S as SystemDocFields, A as AuthDocFields, U as UploadDocFields, G as GlobalConfig } from './app-D0ffogDd.cjs';
+export { a as AccessFunction, b as AdminConfig, c as AuthenticatedUser, B as BaseDocument, d as Block, e as CollectionAfterChangeHook, f as CollectionAfterDeleteHook, g as CollectionAfterReadHook, h as CollectionBeforeChangeHook, i as CollectionBeforeDeleteHook, j as CollectionBeforeReadHook, k as DatabaseAdapter, l as DynamicOptionItem, m as DynamicOptionsConfig, n as DynamicOptionsResolver, o as DynamicOptionsResolverArgs, p as DyrectedContext, q as FieldAfterReadHook, r as FieldBeforeChangeHook, s as FieldHook, t as FieldType, u as FileData, v as GlobalAfterChangeHook, w as GlobalAfterReadHook, x as GlobalBeforeChangeHook, y as GlobalBeforeReadHook, H as HookFunction, z as HookRequestContext, E as ImageService, J as PaginatedResult, K as StorageAdapter, L as UploadConfig, M as createDyrectedApp } from './app-D0ffogDd.cjs';
 import 'hono/types';
 import 'hono';
 
@@ -91,6 +91,11 @@ type AnyHookFn = (args: any) => any;
  * Each hook receives the output of the previous hook merged back into the
  * original `args`. When a hook returns a non-undefined value it becomes the
  * `data` / `doc` for the next hook in the chain.
+ *
+ * Pass `{ isolated: true }` for hooks that run **after** a DB write has already
+ * been committed (`afterChange`, `afterDelete`). In isolated mode each hook is
+ * wrapped in a try/catch so a failing side-effect (email, webhook, etc.) never
+ * surfaces as an HTTP 500 to the caller — the write already succeeded.
  */
 declare function runCollectionHooks(hooks: AnyHookFn[] | undefined, args: {
     data?: unknown;
@@ -99,6 +104,8 @@ declare function runCollectionHooks(hooks: AnyHookFn[] | undefined, args: {
     req?: unknown;
     operation?: "create" | "update" | "delete";
     [key: string]: unknown;
+}, options?: {
+    isolated?: boolean;
 }): Promise<any>;
 /**
  * Execute field-level `beforeChange` hooks recursively on a data payload.

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { D as DyrectedConfig, F as Field, C as CollectionConfig, P as Prettify, I as InferDocShape, S as SystemDocFields, A as AuthDocFields, U as UploadDocFields, G as GlobalConfig } from './app-DO1s9YW1.js';
-export { a as AccessFunction, b as AdminConfig, c as AuthenticatedUser, B as BaseDocument, d as Block, e as CollectionAfterChangeHook, f as CollectionAfterDeleteHook, g as CollectionAfterReadHook, h as CollectionBeforeChangeHook, i as CollectionBeforeDeleteHook, j as CollectionBeforeReadHook, k as DatabaseAdapter, l as DynamicOptionItem, m as DynamicOptionsConfig, n as DynamicOptionsResolver, o as DynamicOptionsResolverArgs, p as DyrectedContext, q as FieldAfterReadHook, r as FieldBeforeChangeHook, s as FieldHook, t as FieldType, u as FileData, v as GlobalAfterChangeHook, w as GlobalAfterReadHook, x as GlobalBeforeChangeHook, y as GlobalBeforeReadHook, H as HookFunction, z as HookRequestContext, E as ImageService, J as PaginatedResult, K as StorageAdapter, L as UploadConfig, M as createDyrectedApp } from './app-DO1s9YW1.js';
+import { D as DyrectedConfig, F as Field, C as CollectionConfig, P as Prettify, I as InferDocShape, S as SystemDocFields, A as AuthDocFields, U as UploadDocFields, G as GlobalConfig } from './app-D0ffogDd.js';
+export { a as AccessFunction, b as AdminConfig, c as AuthenticatedUser, B as BaseDocument, d as Block, e as CollectionAfterChangeHook, f as CollectionAfterDeleteHook, g as CollectionAfterReadHook, h as CollectionBeforeChangeHook, i as CollectionBeforeDeleteHook, j as CollectionBeforeReadHook, k as DatabaseAdapter, l as DynamicOptionItem, m as DynamicOptionsConfig, n as DynamicOptionsResolver, o as DynamicOptionsResolverArgs, p as DyrectedContext, q as FieldAfterReadHook, r as FieldBeforeChangeHook, s as FieldHook, t as FieldType, u as FileData, v as GlobalAfterChangeHook, w as GlobalAfterReadHook, x as GlobalBeforeChangeHook, y as GlobalBeforeReadHook, H as HookFunction, z as HookRequestContext, E as ImageService, J as PaginatedResult, K as StorageAdapter, L as UploadConfig, M as createDyrectedApp } from './app-D0ffogDd.js';
 import 'hono/types';
 import 'hono';
 
@@ -91,6 +91,11 @@ type AnyHookFn = (args: any) => any;
  * Each hook receives the output of the previous hook merged back into the
  * original `args`. When a hook returns a non-undefined value it becomes the
  * `data` / `doc` for the next hook in the chain.
+ *
+ * Pass `{ isolated: true }` for hooks that run **after** a DB write has already
+ * been committed (`afterChange`, `afterDelete`). In isolated mode each hook is
+ * wrapped in a try/catch so a failing side-effect (email, webhook, etc.) never
+ * surfaces as an HTTP 500 to the caller — the write already succeeded.
  */
 declare function runCollectionHooks(hooks: AnyHookFn[] | undefined, args: {
     data?: unknown;
@@ -99,6 +104,8 @@ declare function runCollectionHooks(hooks: AnyHookFn[] | undefined, args: {
     req?: unknown;
     operation?: "create" | "update" | "delete";
     [key: string]: unknown;
+}, options?: {
+    isolated?: boolean;
 }): Promise<any>;
 /**
  * Execute field-level `beforeChange` hooks recursively on a data payload.

package/dist/index.js

@@ -4,7 +4,7 @@ import {
   executeFieldBeforeChange,
   normalizeConfig,
   runCollectionHooks
-} from "./chunk-2JMA3M5S.js";
+} from "./chunk-TUUHGLB5.js";
 
 // src/utils/setup-prompt.ts
 function buildEnvironmentSection(frameworkLabel, isSelfHosted, config) {