@sonicjs-cms/core 2.10.0 → 2.11.0

package/dist/{chunk-JTNUM7JE.js → chunk-JTQBNSZX.js}

@@ -1,10 +1,10 @@
-import { getCacheService, CACHE_CONFIGS, getLogger, SettingsService, getAppInstance, buildRouteList, CATEGORY_INFO } from './chunk-7JMMLHPQ.js';
-import { requireAuth, requireRole, isPluginActive, optionalAuth, rateLimit, AuthManager, logActivity, generateCsrfToken } from './chunk-4TTMQQC7.js';
-import { PluginService } from './chunk-27AOVQTR.js';
-import { MigrationService } from './chunk-6O3RJV3C.js';
+import { getCacheService, CACHE_CONFIGS, SettingsService, getLogger, getAppInstance, buildRouteList, CATEGORY_INFO } from './chunk-VJCLJH3X.js';
+import { requireAuth, requireRole, isPluginActive, optionalAuth, rateLimit, AuthManager, logActivity, generateCsrfToken } from './chunk-GKRGDJGG.js';
+import { PluginService, createContentFromSubmission } from './chunk-NMLFKXWW.js';
+import { MigrationService } from './chunk-H55AYIRI.js';
 import { init_admin_layout_catalyst_template, renderDesignPage, renderCheckboxPage, renderTestimonialsList, renderCodeExamplesList, renderAlert, renderTable, renderPagination, renderConfirmationDialog, getConfirmationDialogScript, renderAdminLayoutCatalyst, renderAdminLayout, adminLayoutV2, renderForm } from './chunk-JJS7JZCH.js';
 import { PluginBuilder, TurnstileService } from './chunk-J5WGMRSU.js';
-import { QueryFilterBuilder, getCoreVersion, getBlocksFieldConfig, parseBlocksValue } from './chunk-IZWNIUJI.js';
+import { QueryFilterBuilder, getCoreVersion, getBlocksFieldConfig, parseBlocksValue } from './chunk-BUU2US2Z.js';
 import { metricsTracker } from './chunk-FICTAGD4.js';
 import { escapeHtml, sanitizeRichText, sanitizeInput } from './chunk-TQABQWOP.js';
 import { Hono } from 'hono';
@@ -59,6 +59,69 @@ function normalizePublicContentFilter(filter, userRole) {
   });
   return normalizedFilter;
 }
+
+// src/plugins/core-plugins/global-variables-plugin/variable-resolver.ts
+var TOKEN_PATTERN = /\{([a-z0-9_]+)\}/g;
+function resolveVariables(text, variables) {
+  if (!text || variables.size === 0) return text;
+  return text.replace(TOKEN_PATTERN, (match, key) => {
+    const value = variables.get(key);
+    return value !== void 0 ? value : match;
+  });
+}
+function resolveVariablesInObject(obj, variables) {
+  if (!obj || variables.size === 0) return obj;
+  if (typeof obj === "string") {
+    return resolveVariables(obj, variables);
+  }
+  if (Array.isArray(obj)) {
+    return obj.map((item) => resolveVariablesInObject(item, variables));
+  }
+  if (typeof obj === "object") {
+    const result = {};
+    for (const [key, value] of Object.entries(obj)) {
+      result[key] = resolveVariablesInObject(value, variables);
+    }
+    return result;
+  }
+  return obj;
+}
+var variableCache = null;
+var cacheTimestamp = 0;
+var CACHE_TTL_MS = 3e5;
+function getVariablesCached() {
+  const now = Date.now();
+  if (variableCache && now - cacheTimestamp < CACHE_TTL_MS) {
+    return variableCache;
+  }
+  return null;
+}
+function setVariablesCache(map) {
+  variableCache = map;
+  cacheTimestamp = Date.now();
+}
+async function resolveContentVariables(contentData, db) {
+  if (!db || !contentData) return contentData;
+  try {
+    let variables = getVariablesCached();
+    if (!variables) {
+      const { results } = await db.prepare(
+        "SELECT key, value FROM global_variables WHERE is_active = 1"
+      ).all();
+      variables = /* @__PURE__ */ new Map();
+      for (const row of results || []) {
+        variables.set(row.key, row.value);
+      }
+      setVariablesCache(variables);
+    }
+    if (variables.size === 0) return contentData;
+    return resolveVariablesInObject(contentData, variables);
+  } catch {
+    return contentData;
+  }
+}
+
+// src/routes/api-content-crud.ts
 var apiContentCrudRoutes = new Hono();
 apiContentCrudRoutes.get("/check-slug", async (c) => {
   try {
@@ -110,6 +173,10 @@ apiContentCrudRoutes.get("/:id", async (c) => {
       created_at: content.created_at,
       updated_at: content.updated_at
     };
+    const resolveVars = c.req.query("resolve_variables") !== "false";
+    if (resolveVars) {
+      transformedContent.data = await resolveContentVariables(transformedContent.data, db);
+    }
     return c.json({ data: transformedContent });
   } catch (error) {
     console.error("Error fetching content:", error);
@@ -748,7 +815,7 @@ apiRoutes.get("/collections", async (c) => {
     }
     c.header("X-Cache-Status", "MISS");
     c.header("X-Cache-Source", "database");
-    const stmt = db.prepare("SELECT * FROM collections WHERE is_active = 1");
+    const stmt = db.prepare("SELECT * FROM collections WHERE is_active = 1 AND (source_type IS NULL OR source_type = 'user')");
     const { results } = await stmt.all();
     const transformedResults = results.map((row) => ({
       ...row,
@@ -1777,7 +1844,7 @@ adminApiRoutes.get("/stats", async (c) => {
     const db = c.env.DB;
     let collectionsCount = 0;
     try {
-      const collectionsStmt = db.prepare("SELECT COUNT(*) as count FROM collections WHERE is_active = 1");
+      const collectionsStmt = db.prepare("SELECT COUNT(*) as count FROM collections WHERE is_active = 1 AND (source_type IS NULL OR source_type = 'user')");
       const collectionsResult = await collectionsStmt.first();
       collectionsCount = collectionsResult?.count || 0;
     } catch (error) {
@@ -1785,7 +1852,7 @@ adminApiRoutes.get("/stats", async (c) => {
     }
     let contentCount = 0;
     try {
-      const contentStmt = db.prepare("SELECT COUNT(*) as count FROM content WHERE deleted_at IS NULL");
+      const contentStmt = db.prepare("SELECT COUNT(*) as count FROM content c JOIN collections col ON c.collection_id = col.id WHERE c.deleted_at IS NULL AND (col.source_type IS NULL OR col.source_type = 'user')");
       const contentResult = await contentStmt.first();
       contentCount = contentResult?.count || 0;
     } catch (error) {
@@ -1927,6 +1994,7 @@ adminApiRoutes.get("/collections", async (c) => {
         SELECT id, name, display_name, description, created_at, updated_at, is_active, managed
         FROM collections
         WHERE ${includeInactive ? "1=1" : "is_active = 1"}
+        AND (source_type IS NULL OR source_type = 'user')
         AND (name LIKE ? OR display_name LIKE ? OR description LIKE ?)
         ORDER BY created_at DESC
       `);
@@ -1937,7 +2005,8 @@ adminApiRoutes.get("/collections", async (c) => {
       stmt = db.prepare(`
         SELECT id, name, display_name, description, created_at, updated_at, is_active, managed
         FROM collections
-        ${includeInactive ? "" : "WHERE is_active = 1"}
+        WHERE (source_type IS NULL OR source_type = 'user')
+        ${includeInactive ? "" : "AND is_active = 1"}
         ORDER BY created_at DESC
       `);
       const queryResults = await stmt.all();
@@ -2281,7 +2350,7 @@ adminApiRoutes.delete("/collections/:id", async (c) => {
 });
 adminApiRoutes.get("/migrations/status", async (c) => {
   try {
-    const { MigrationService: MigrationService2 } = await import('./migrations-N2C2VPJU.js');
+    const { MigrationService: MigrationService2 } = await import('./migrations-UFVJTPVT.js');
     const db = c.env.DB;
     const migrationService = new MigrationService2(db);
     const status = await migrationService.getMigrationStatus();
@@ -2306,7 +2375,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
         error: "Unauthorized. Admin access required."
       }, 403);
     }
-    const { MigrationService: MigrationService2 } = await import('./migrations-N2C2VPJU.js');
+    const { MigrationService: MigrationService2 } = await import('./migrations-UFVJTPVT.js');
     const db = c.env.DB;
     const migrationService = new MigrationService2(db);
     const result = await migrationService.runPendingMigrations();
@@ -2325,7 +2394,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
 });
 adminApiRoutes.get("/migrations/validate", async (c) => {
   try {
-    const { MigrationService: MigrationService2 } = await import('./migrations-N2C2VPJU.js');
+    const { MigrationService: MigrationService2 } = await import('./migrations-UFVJTPVT.js');
     const db = c.env.DB;
     const migrationService = new MigrationService2(db);
     const validation = await migrationService.validateSchema();
@@ -8137,7 +8206,15 @@ function renderContentFormPage(data) {
         fetch(\`/admin/content/\${contentId}/versions\`)
         .then(response => response.text())
         .then(html => {
-          document.getElementById('version-history-content').innerHTML = html;
+          const container = document.getElementById('version-history-content');
+          container.innerHTML = html;
+          // Script tags inserted via innerHTML are not executed by the browser,
+          // so we need to manually create and append them for execution.
+          container.querySelectorAll('script').forEach(oldScript => {
+            const newScript = document.createElement('script');
+            newScript.textContent = oldScript.textContent;
+            oldScript.replaceWith(newScript);
+          });
         })
         .catch(error => {
           console.error('Error loading version history:', error);
@@ -9357,7 +9434,7 @@ adminContentRoutes.get("/", async (c) => {
     const status = url.searchParams.get("status") || "all";
     const search = url.searchParams.get("search") || "";
     const offset = (page - 1) * limit;
-    const collectionsStmt = db.prepare("SELECT id, name, display_name FROM collections WHERE is_active = 1 ORDER BY display_name");
+    const collectionsStmt = db.prepare("SELECT id, name, display_name FROM collections WHERE is_active = 1 AND (source_type IS NULL OR source_type = 'user') ORDER BY display_name");
     const { results: collectionsResults } = await collectionsStmt.all();
     const models = (collectionsResults || []).map((row) => ({
       name: row.name,
@@ -9365,6 +9442,7 @@ adminContentRoutes.get("/", async (c) => {
     }));
     const conditions = [];
     const params = [];
+    conditions.push("(col.source_type IS NULL OR col.source_type = 'user')");
     if (status !== "deleted") {
       conditions.push("c.status != 'deleted'");
     }
@@ -9493,7 +9571,7 @@ adminContentRoutes.get("/new", async (c) => {
     const collectionId = url.searchParams.get("collection");
     if (!collectionId) {
       const db2 = c.env.DB;
-      const collectionsStmt = db2.prepare("SELECT id, name, display_name, description FROM collections WHERE is_active = 1 ORDER BY display_name");
+      const collectionsStmt = db2.prepare("SELECT id, name, display_name, description FROM collections WHERE is_active = 1 AND (source_type IS NULL OR source_type = 'user') ORDER BY display_name");
       const { results } = await collectionsStmt.all();
       const collections = (results || []).map((row) => ({
         id: row.id,
@@ -11417,6 +11495,36 @@ function renderUserEditPage(data) {
                 </div>
               </div>
 
+              <!-- Set Password -->
+              <div class="mb-8">
+                <h3 class="text-base font-semibold text-zinc-950 dark:text-white mb-4">Set Password</h3>
+                <p class="text-sm text-zinc-500 dark:text-zinc-400 mb-4">Leave blank to keep the current password</p>
+                <div class="grid grid-cols-1 md:grid-cols-2 gap-6">
+                  <div>
+                    <label class="block text-sm font-medium text-zinc-950 dark:text-white mb-2">New Password</label>
+                    <input
+                      type="password"
+                      name="new_password"
+                      minlength="8"
+                      placeholder="Minimum 8 characters"
+                      autocomplete="new-password"
+                      class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
+                    />
+                  </div>
+                  <div>
+                    <label class="block text-sm font-medium text-zinc-950 dark:text-white mb-2">Confirm Password</label>
+                    <input
+                      type="password"
+                      name="confirm_password"
+                      minlength="8"
+                      placeholder="Repeat new password"
+                      autocomplete="new-password"
+                      class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
+                    />
+                  </div>
+                </div>
+              </div>
+
               <!-- Account Status -->
               <div class="mb-8">
                 <h3 class="text-base font-semibold text-zinc-950 dark:text-white mb-4">Account Status</h3>
@@ -12738,6 +12846,7 @@ userRoutes.get("/users", async (c) => {
       formattedLastLogin: u.last_login_at ? new Date(u.last_login_at).toLocaleDateString() : void 0,
       formattedCreatedAt: new Date(u.created_at).toLocaleDateString()
     }));
+    const successMessage = c.req.query("success") || void 0;
     const pageData = {
       users,
       currentPage: page,
@@ -12746,6 +12855,7 @@ userRoutes.get("/users", async (c) => {
       searchFilter: search,
       roleFilter,
       statusFilter,
+      success: successMessage,
       pagination: {
         currentPage: page,
         totalPages: Math.ceil(totalUsers / limit),
@@ -12889,7 +12999,8 @@ userRoutes.post("/users/new", async (c) => {
       c.req.header("x-forwarded-for") || c.req.header("cf-connecting-ip"),
       c.req.header("user-agent")
     );
-    return c.redirect(`/admin/users/${userId}/edit?success=User created successfully`);
+    c.header("HX-Redirect", "/admin/users?success=User created successfully");
+    return c.body(null, 200);
   } catch (error) {
     console.error("User creation error:", error);
     return c.html(renderAlert2({
@@ -13035,6 +13146,8 @@ userRoutes.put("/users/:id", async (c) => {
     const role = validRoles.includes(roleInput) ? roleInput : "viewer";
     const isActive = formData.get("is_active") === "1";
     const emailVerified = formData.get("email_verified") === "1";
+    const newPassword = formData.get("new_password")?.toString() || "";
+    const confirmPassword = formData.get("confirm_password")?.toString() || "";
     const profileDisplayName = sanitizeInput(formData.get("profile_display_name")?.toString()) || null;
     const profileBio = sanitizeInput(formData.get("profile_bio")?.toString()) || null;
     const profileCompany = sanitizeInput(formData.get("profile_company")?.toString()) || null;
@@ -13058,6 +13171,22 @@ userRoutes.put("/users/:id", async (c) => {
         dismissible: true
       }));
     }
+    if (newPassword) {
+      if (newPassword.length < 8) {
+        return c.html(renderAlert2({
+          type: "error",
+          message: "Password must be at least 8 characters long.",
+          dismissible: true
+        }));
+      }
+      if (newPassword !== confirmPassword) {
+        return c.html(renderAlert2({
+          type: "error",
+          message: "Passwords do not match.",
+          dismissible: true
+        }));
+      }
+    }
     if (profileWebsite) {
       try {
         new URL(profileWebsite);
@@ -13100,6 +13229,13 @@ userRoutes.put("/users/:id", async (c) => {
       Date.now(),
       userId
     ).run();
+    if (newPassword) {
+      const passwordHash = await AuthManager.hashPassword(newPassword);
+      const updatePasswordStmt = db.prepare(`
+        UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?
+      `);
+      await updatePasswordStmt.bind(passwordHash, Date.now(), userId).run();
+    }
     const hasProfileData = profileDisplayName || profileBio || profileCompany || profileJobTitle || profileWebsite || profileLocation || profileDateOfBirth;
     if (hasProfileData) {
       const now = Date.now();
@@ -13150,7 +13286,7 @@ userRoutes.put("/users/:id", async (c) => {
       "user.update",
       "users",
       userId,
-      { fields: ["first_name", "last_name", "username", "email", "phone", "role", "is_active", "email_verified", "profile"] },
+      { fields: ["first_name", "last_name", "username", "email", "phone", "role", "is_active", "email_verified", "profile", ...newPassword ? ["password"] : []] },
       c.req.header("x-forwarded-for") || c.req.header("cf-connecting-ip"),
       c.req.header("user-agent")
     );
@@ -17250,6 +17386,7 @@ function renderOTPLoginSettingsContent(plugin, settings) {
   const maxAttempts = settings.maxAttempts || 3;
   const rateLimitPerHour = settings.rateLimitPerHour || 5;
   const allowNewUserRegistration = settings.allowNewUserRegistration || false;
+  const logoUrl = settings.logoUrl || "";
   return `
     <div class="space-y-6">
       <!-- Test OTP Section -->
@@ -17433,6 +17570,7 @@ function renderOTPLoginSettingsContent(plugin, settings) {
 
         <div class="bg-white rounded-lg overflow-hidden shadow-lg">
           <div style="background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 30px 20px; text-align: center;">
+            ${logoUrl ? `<img src="${logoUrl}" alt="Logo" style="max-width: 150px; height: auto; margin: 0 auto 16px;">` : ""}
             <h3 style="margin: 0 0 8px 0; font-size: 24px; font-weight: 600;">Your Login Code</h3>
             <p style="margin: 0; opacity: 0.95; font-size: 14px;">Enter this code to sign in to ${siteName}</p>
           </div>
@@ -17957,17 +18095,9 @@ adminPluginRoutes.get("/:id", async (c) => {
     const activity = await pluginService.getPluginActivity(pluginId, 20);
     let enrichedSettings = plugin.settings || {};
     if (pluginId === "otp-login") {
-      const generalSettings = await db.prepare(`
-        SELECT value FROM settings WHERE key = 'general'
-      `).first();
-      let siteName = "SonicJS";
-      if (generalSettings?.value) {
-        try {
-          const parsed = JSON.parse(generalSettings.value);
-          siteName = parsed.siteName || "SonicJS";
-        } catch (e) {
-        }
-      }
+      const settingsService = new SettingsService(db);
+      const generalSettings = await settingsService.getGeneralSettings();
+      const siteName = generalSettings.siteName || "SonicJS";
       const emailPlugin = await db.prepare(`
         SELECT settings FROM plugins WHERE id = 'email'
       `).first();
@@ -21524,7 +21654,7 @@ router.get("/stats", async (c) => {
     const db = c.env.DB;
     let collectionsCount = 0;
     try {
-      const collectionsStmt = db.prepare("SELECT COUNT(*) as count FROM collections WHERE is_active = 1");
+      const collectionsStmt = db.prepare("SELECT COUNT(*) as count FROM collections WHERE is_active = 1 AND (source_type IS NULL OR source_type = 'user')");
       const collectionsResult = await collectionsStmt.first();
       collectionsCount = collectionsResult?.count || 0;
     } catch (error) {
@@ -21532,7 +21662,7 @@ router.get("/stats", async (c) => {
     }
     let contentCount = 0;
     try {
-      const contentStmt = db.prepare("SELECT COUNT(*) as count FROM content");
+      const contentStmt = db.prepare("SELECT COUNT(*) as count FROM content c JOIN collections col ON c.collection_id = col.id WHERE (col.source_type IS NULL OR col.source_type = 'user')");
       const contentResult = await contentStmt.first();
       contentCount = contentResult?.count || 0;
     } catch (error) {
@@ -23329,6 +23459,7 @@ adminCollectionsRoutes.get("/", async (c) => {
         SELECT id, name, display_name, description, created_at, managed, schema
         FROM collections
         WHERE is_active = 1
+        AND (source_type IS NULL OR source_type = 'user')
         AND (name LIKE ? OR display_name LIKE ? OR description LIKE ?)
         ORDER BY created_at DESC
       `);
@@ -23336,7 +23467,7 @@ adminCollectionsRoutes.get("/", async (c) => {
       const queryResults = await stmt.bind(searchParam, searchParam, searchParam).all();
       results = queryResults.results;
     } else {
-      stmt = db.prepare("SELECT id, name, display_name, description, created_at, managed, schema FROM collections WHERE is_active = 1 ORDER BY created_at DESC");
+      stmt = db.prepare("SELECT id, name, display_name, description, created_at, managed, schema FROM collections WHERE is_active = 1 AND (source_type IS NULL OR source_type = 'user') ORDER BY created_at DESC");
       const queryResults = await stmt.all();
       results = queryResults.results;
     }
@@ -28408,14 +28539,36 @@ publicFormsRoutes.post("/:identifier/submit", async (c) => {
       now
     ).run();
     await db.prepare(`
-      UPDATE forms 
+      UPDATE forms
       SET submission_count = submission_count + 1,
           updated_at = ?
       WHERE id = ?
     `).bind(now, form.id).run();
+    let contentId = null;
+    try {
+      contentId = await createContentFromSubmission(
+        db,
+        sanitizedData,
+        { id: form.id, name: form.name, display_name: form.display_name },
+        submissionId,
+        {
+          ipAddress: c.req.header("cf-connecting-ip") || null,
+          userAgent: c.req.header("user-agent") || null,
+          userEmail: sanitizedData?.email || null,
+          userId: null
+          // anonymous submission
+        }
+      );
+      if (!contentId) {
+        console.warn("[FormSubmit] Content creation returned null for submission:", submissionId);
+      }
+    } catch (contentError) {
+      console.error("[FormSubmit] Error creating content from submission:", contentError);
+    }
     return c.json({
       success: true,
       submissionId,
+      contentId,
       message: "Form submitted successfully"
     });
   } catch (error) {
@@ -28826,5 +28979,5 @@ var ROUTES_INFO = {
 };
 
 export { ROUTES_INFO, adminCheckboxRoutes, adminCollectionsRoutes, adminDesignRoutes, adminFormsRoutes, adminLogsRoutes, adminMediaRoutes, adminPluginRoutes, adminSettingsRoutes, admin_api_default, admin_code_examples_default, admin_content_default, admin_testimonials_default, api_content_crud_default, api_default, api_media_default, api_system_default, auth_default, getConfirmationDialogScript2 as getConfirmationDialogScript, public_forms_default, renderConfirmationDialog2 as renderConfirmationDialog, router, router2, test_cleanup_default, userRoutes };
-//# sourceMappingURL=chunk-JTNUM7JE.js.map
-//# sourceMappingURL=chunk-JTNUM7JE.js.map
+//# sourceMappingURL=chunk-JTQBNSZX.js.map
+//# sourceMappingURL=chunk-JTQBNSZX.js.map