npm - @sonicjs-cms/core - Versions diffs - 2.10.0 → 2.11.0 - Mend

@sonicjs-cms/core 2.10.0 → 2.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

package/dist/{chunk-CJYFSKH7.js → chunk-2MXF4RYZ.js} +3 -3
package/dist/{chunk-CJYFSKH7.js.map → chunk-2MXF4RYZ.js.map} +1 -1
package/dist/{chunk-MNFY6DWY.cjs → chunk-56GUBLJE.cjs} +7 -7
package/dist/{chunk-MNFY6DWY.cjs.map → chunk-56GUBLJE.cjs.map} +1 -1
package/dist/{chunk-IIBRG5S5.cjs → chunk-6BVLPACH.cjs} +408 -2
package/dist/chunk-6BVLPACH.cjs.map +1 -0
package/dist/{chunk-RCA6R6VE.cjs → chunk-ASAEJ4B7.cjs} +315 -162
package/dist/chunk-ASAEJ4B7.cjs.map +1 -0
package/dist/{chunk-IT2TC4ZD.cjs → chunk-B2ASV5RD.cjs} +13 -7
package/dist/chunk-B2ASV5RD.cjs.map +1 -0
package/dist/{chunk-IZWNIUJI.js → chunk-BUU2US2Z.js} +3 -3
package/dist/{chunk-IZWNIUJI.js.map → chunk-BUU2US2Z.js.map} +1 -1
package/dist/{chunk-ZMVWMJ3S.cjs → chunk-DE5YTNCD.cjs} +9 -2
package/dist/chunk-DE5YTNCD.cjs.map +1 -0
package/dist/{chunk-4TTMQQC7.js → chunk-GKRGDJGG.js} +10 -4
package/dist/chunk-GKRGDJGG.js.map +1 -0
package/dist/{chunk-6O3RJV3C.js → chunk-H55AYIRI.js} +9 -2
package/dist/chunk-H55AYIRI.js.map +1 -0
package/dist/{chunk-JTNUM7JE.js → chunk-JTQBNSZX.js} +187 -34
package/dist/chunk-JTQBNSZX.js.map +1 -0
package/dist/{chunk-64APW3DW.cjs → chunk-LFAQUR7P.cjs} +9 -2
package/dist/chunk-LFAQUR7P.cjs.map +1 -0
package/dist/{chunk-27AOVQTR.js → chunk-NMLFKXWW.js} +402 -3
package/dist/chunk-NMLFKXWW.js.map +1 -0
package/dist/{chunk-EKPLKUZT.cjs → chunk-QLPFENZ2.cjs} +3 -3
package/dist/{chunk-EKPLKUZT.cjs.map → chunk-QLPFENZ2.cjs.map} +1 -1
package/dist/{chunk-KYGRJCZM.cjs → chunk-QTFKZBLC.cjs} +3 -2
package/dist/chunk-QTFKZBLC.cjs.map +1 -0
package/dist/{chunk-LOUJRBXV.js → chunk-QXOZI5Q2.js} +3 -2
package/dist/chunk-QXOZI5Q2.js.map +1 -0
package/dist/{chunk-7JMMLHPQ.js → chunk-VJCLJH3X.js} +9 -2
package/dist/chunk-VJCLJH3X.js.map +1 -0
package/dist/index.cjs +751 -152
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +125 -5
package/dist/index.d.ts +125 -5
package/dist/index.js +582 -15
package/dist/index.js.map +1 -1
package/dist/middleware.cjs +29 -29
package/dist/middleware.js +3 -3
package/dist/migrations-UFVJTPVT.js +4 -0
package/dist/{migrations-N2C2VPJU.js.map → migrations-UFVJTPVT.js.map} +1 -1
package/dist/migrations-VNYOSUNE.cjs +13 -0
package/dist/{migrations-ONIAY6GK.cjs.map → migrations-VNYOSUNE.cjs.map} +1 -1
package/dist/{plugin-0Xogrln-.d.cts → plugin-DDYetMF-.d.cts} +1 -0
package/dist/{plugin-0Xogrln-.d.ts → plugin-DDYetMF-.d.ts} +1 -0
package/dist/{plugin-bootstrap-fpG98Otb.d.cts → plugin-bootstrap-DCXpeQVb.d.cts} +229 -1
package/dist/{plugin-bootstrap-WmpvYM5w.d.ts → plugin-bootstrap-DXBAYaqM.d.ts} +229 -1
package/dist/{plugin-manager-GcIeb226.d.cts → plugin-manager-BoM3Q7o7.d.cts} +1 -1
package/dist/{plugin-manager-Clf2gXwj.d.ts → plugin-manager-Efx9RyDX.d.ts} +1 -1
package/dist/plugins.cjs +10 -10
package/dist/plugins.d.cts +2 -2
package/dist/plugins.d.ts +2 -2
package/dist/plugins.js +2 -2
package/dist/routes.cjs +29 -29
package/dist/routes.js +6 -6
package/dist/services.cjs +60 -32
package/dist/services.d.cts +1 -1
package/dist/services.d.ts +1 -1
package/dist/services.js +3 -3
package/dist/types.cjs +2 -2
package/dist/types.d.cts +1 -1
package/dist/types.d.ts +1 -1
package/dist/types.js +1 -1
package/dist/utils.cjs +11 -11
package/dist/utils.js +1 -1
package/migrations/033_form_content_integration.sql +19 -0
package/package.json +1 -1
package/dist/chunk-27AOVQTR.js.map +0 -1
package/dist/chunk-4TTMQQC7.js.map +0 -1
package/dist/chunk-64APW3DW.cjs.map +0 -1
package/dist/chunk-6O3RJV3C.js.map +0 -1
package/dist/chunk-7JMMLHPQ.js.map +0 -1
package/dist/chunk-IIBRG5S5.cjs.map +0 -1
package/dist/chunk-IT2TC4ZD.cjs.map +0 -1
package/dist/chunk-JTNUM7JE.js.map +0 -1
package/dist/chunk-KYGRJCZM.cjs.map +0 -1
package/dist/chunk-LOUJRBXV.js.map +0 -1
package/dist/chunk-RCA6R6VE.cjs.map +0 -1
package/dist/chunk-ZMVWMJ3S.cjs.map +0 -1
package/dist/migrations-N2C2VPJU.js +0 -4
package/dist/migrations-ONIAY6GK.cjs +0 -13

package/dist/index.d.cts CHANGED Viewed

@@ -1,12 +1,12 @@
 export { B as Bindings, S as SonicJSApp, a as SonicJSConfig, V as Variables, c as createSonicJSApp, s as setupCoreMiddleware, b as setupCoreRoutes } from './app-Ozl9agJG.cjs';
-import { s as schema } from './plugin-bootstrap-fpG98Otb.cjs';
-export { C as Collection, a as Content, b as CorePlugin, P as DbPlugin, c as DbPluginHook, L as LogCategory, d as LogConfig, e as LogEntry, f as LogFilter, g as LogLevel, h as Logger, M as Media, i as Migration, j as MigrationService, k as MigrationStatus, N as NewCollection, l as NewContent, m as NewLogConfig, n as NewMedia, o as NewPlugin, p as NewPluginActivityLog, q as NewPluginAsset, r as NewPluginHook, t as NewPluginRoute, u as NewSystemLog, v as NewUser, w as NewWorkflowHistory, x as PluginActivityLog, y as PluginAsset, z as PluginBootstrapService, A as PluginRoute, B as PluginServiceClass, S as SystemLog, U as User, W as WorkflowHistory, D as apiTokens, E as cleanupRemovedCollections, F as collections, G as content, H as contentVersions, I as fullCollectionSync, J as getAvailableCollectionNames, K as getLogger, O as getManagedCollections, Q as initLogger, R as insertCollectionSchema, T as insertContentSchema, V as insertLogConfigSchema, X as insertMediaSchema, Y as insertPluginActivityLogSchema, Z as insertPluginAssetSchema, _ as insertPluginHookSchema, $ as insertPluginRouteSchema, a0 as insertPluginSchema, a1 as insertSystemLogSchema, a2 as insertUserSchema, a3 as insertWorkflowHistorySchema, a4 as isCollectionManaged, a5 as loadCollectionConfig, a6 as loadCollectionConfigs, a7 as logConfig, a8 as media, a9 as pluginActivityLog, aa as pluginAssets, ab as pluginHooks, ac as pluginRoutes, ad as plugins, ae as registerCollections, af as selectCollectionSchema, ag as selectContentSchema, ah as selectLogConfigSchema, ai as selectMediaSchema, aj as selectPluginActivityLogSchema, ak as selectPluginAssetSchema, al as selectPluginHookSchema, am as selectPluginRouteSchema, an as selectPluginSchema, ao as selectSystemLogSchema, ap as selectUserSchema, aq as selectWorkflowHistorySchema, ar as syncCollection, as as syncCollections, at as systemLogs, au as users, av as validateCollectionConfig, aw as workflowHistory } from './plugin-bootstrap-fpG98Otb.cjs';
+import { B as schema } from './plugin-bootstrap-DCXpeQVb.cjs';
+export { D as Collection, E as Content, C as CorePlugin, F as DbPlugin, G as DbPluginHook, L as LogCategory, H as LogConfig, a as LogEntry, b as LogFilter, c as LogLevel, d as Logger, I as Media, M as Migration, e as MigrationService, f as MigrationStatus, N as NewCollection, J as NewContent, K as NewLogConfig, O as NewMedia, Q as NewPlugin, R as NewPluginActivityLog, S as NewPluginAsset, T as NewPluginHook, U as NewPluginRoute, V as NewSystemLog, W as NewUser, X as NewWorkflowHistory, Y as PluginActivityLog, Z as PluginAsset, P as PluginBootstrapService, _ as PluginRoute, g as PluginServiceClass, $ as SystemLog, a0 as User, a1 as WorkflowHistory, a2 as apiTokens, h as backfillFormSubmissions, i as cleanupRemovedCollections, a3 as collections, a4 as content, a5 as contentVersions, j as createContentFromSubmission, k as deriveCollectionSchemaFromFormio, l as deriveSubmissionTitle, m as fullCollectionSync, n as getAvailableCollectionNames, o as getLogger, p as getManagedCollections, q as initLogger, a6 as insertCollectionSchema, a7 as insertContentSchema, a8 as insertLogConfigSchema, a9 as insertMediaSchema, aa as insertPluginActivityLogSchema, ab as insertPluginAssetSchema, ac as insertPluginHookSchema, ad as insertPluginRouteSchema, ae as insertPluginSchema, af as insertSystemLogSchema, ag as insertUserSchema, ah as insertWorkflowHistorySchema, r as isCollectionManaged, s as loadCollectionConfig, t as loadCollectionConfigs, ai as logConfig, u as mapFormStatusToContentStatus, aj as media, ak as pluginActivityLog, al as pluginAssets, am as pluginHooks, an as pluginRoutes, ao as plugins, v as registerCollections, ap as selectCollectionSchema, aq as selectContentSchema, ar as selectLogConfigSchema, as as selectMediaSchema, at as selectPluginActivityLogSchema, au as selectPluginAssetSchema, av as selectPluginHookSchema, aw as selectPluginRouteSchema, ax as selectPluginSchema, ay as selectSystemLogSchema, az as selectUserSchema, aA as selectWorkflowHistorySchema, w as syncAllFormCollections, x as syncCollection, y as syncCollections, z as syncFormCollection, aB as systemLogs, aC as users, A as validateCollectionConfig, aD as workflowHistory } from './plugin-bootstrap-DCXpeQVb.cjs';
 export { AuthManager, Permission, PermissionManager, UserPermissions, bootstrapMiddleware, cacheHeaders, compressionMiddleware, detailedLoggingMiddleware, getActivePlugins, isPluginActive, logActivity, loggingMiddleware, optionalAuth, performanceLoggingMiddleware, requireActivePlugin, requireActivePlugins, requireAnyPermission, requireAuth, requirePermission, requireRole, securityHeaders, securityLoggingMiddleware } from './middleware.cjs';
-export { H as HookSystemImpl, a as HookUtils, P as PluginManagerClass, b as PluginRegistryImpl, c as PluginValidatorClass, S as ScopedHookSystemClass } from './plugin-manager-GcIeb226.cjs';
+export { H as HookSystemImpl, a as HookUtils, P as PluginManagerClass, b as PluginRegistryImpl, c as PluginValidatorClass, S as ScopedHookSystemClass } from './plugin-manager-BoM3Q7o7.cjs';
 export { ROUTES_INFO, adminApiRoutes, adminCheckboxRoutes, adminCodeExamplesRoutes, adminCollectionsRoutes, adminContentRoutes, adminDashboardRoutes, adminDesignRoutes, adminLogsRoutes, adminMediaRoutes, adminPluginRoutes, adminSettingsRoutes, adminTestimonialsRoutes, adminUsersRoutes, apiContentCrudRoutes, apiMediaRoutes, apiRoutes, apiSystemRoutes, authRoutes } from './routes.cjs';
 export { A as AlertData, C as ConfirmationDialogOptions, F as Filter, a as FilterBarData, b as FilterOption, c as FormData, d as FormField, P as PaginationData, T as TableColumn, e as TableData, g as getConfirmationDialogScript, r as renderAlert, f as renderConfirmationDialog, h as renderFilterBar, i as renderForm, j as renderFormField, k as renderPagination, l as renderTable } from './filter-bar.template-DlVYMk-T.cjs';
 export { C as CollectionConfig, b as CollectionConfigModule, c as CollectionSchema, d as CollectionSyncResult, F as FieldConfig, e as FieldType } from './collection-config-B4PG-AaF.cjs';
-export { A as AuthService, C as ContentService, H as HOOKS, a as HookContext, b as HookHandler, c as HookName, d as HookSystem, M as MediaService, P as Plugin, f as PluginAdminPage, g as PluginBuilderOptions, h as PluginComponent, i as PluginConfig, j as PluginContext, k as PluginHook, l as PluginLogger, m as PluginManager, n as PluginMenuItem, o as PluginMiddleware, p as PluginModel, q as PluginRegistry, r as PluginRoutes, s as PluginService, t as PluginStatus, u as PluginValidationResult, v as PluginValidator, S as ScopedHookSystem } from './plugin-0Xogrln-.cjs';
+export { A as AuthService, C as ContentService, H as HOOKS, a as HookContext, b as HookHandler, c as HookName, d as HookSystem, M as MediaService, P as Plugin, f as PluginAdminPage, g as PluginBuilderOptions, h as PluginComponent, i as PluginConfig, j as PluginContext, k as PluginHook, l as PluginLogger, m as PluginManager, n as PluginMenuItem, o as PluginMiddleware, p as PluginModel, q as PluginRegistry, r as PluginRoutes, s as PluginService, t as PluginStatus, u as PluginValidationResult, v as PluginValidator, S as ScopedHookSystem } from './plugin-DDYetMF-.cjs';
 export { P as PluginManifest } from './plugin-manifest-Dpy8wxIB.cjs';
 export { F as FilterCondition, a as FilterGroup, b as FilterOperator, Q as QueryFilter, c as QueryFilterBuilder, d as QueryResult, S as SONICJS_VERSION, T as TemplateRenderer, e as buildQuery, f as escapeHtml, g as getCoreVersion, m as metricsTracker, r as renderTemplate, s as sanitizeInput, h as sanitizeObject, t as templateRenderer } from './version-ChpccWQ1.cjs';
 import * as drizzle_orm_d1 from 'drizzle-orm/d1';
@@ -516,6 +516,126 @@ declare class PluginHelpers {
     }>): z.ZodSchema;
 }
+/**
+ * OAuth Providers Plugin
+ *
+ * OAuth2/OIDC social login support for SonicJS.
+ * Phase 1: Core OAuth2 authorization code flow with GitHub and Google providers.
+ *
+ * Routes:
+ *   GET  /auth/oauth/:provider          → Redirect to provider authorization
+ *   GET  /auth/oauth/:provider/callback → Handle OAuth callback
+ *   POST /auth/oauth/link               → Link OAuth provider to logged-in account
+ *   POST /auth/oauth/unlink             → Unlink OAuth provider from account
+ *   GET  /auth/oauth/accounts           → List linked OAuth accounts for current user
+ */
+declare function createOAuthProvidersPlugin(): Plugin;
+declare const oauthProvidersPlugin: Plugin;
+/**
+ * OAuth Service
+ * Handles OAuth2 authorization code flow, token exchange, and user info fetching.
+ * Provider-agnostic — each provider is a simple config object.
+ */
+interface OAuthProviderConfig {
+    id: string;
+    name: string;
+    authorizeUrl: string;
+    tokenUrl: string;
+    userInfoUrl: string;
+    scopes: string[];
+    /** Map provider profile JSON to a normalized user profile */
+    mapProfile: (profile: Record<string, any>) => OAuthUserProfile;
+}
+interface OAuthUserProfile {
+    providerAccountId: string;
+    email: string;
+    name: string;
+    avatar?: string;
+}
+declare const BUILT_IN_PROVIDERS: Record<string, OAuthProviderConfig>;
+interface OAuthAccount {
+    id: string;
+    user_id: string;
+    provider: string;
+    provider_account_id: string;
+    access_token: string | null;
+    refresh_token: string | null;
+    token_expires_at: number | null;
+    profile_data: string | null;
+    created_at: number;
+    updated_at: number;
+}
+declare class OAuthService {
+    private db;
+    constructor(db: D1Database$1);
+    /**
+     * Build the authorization redirect URL for a provider.
+     */
+    buildAuthorizeUrl(provider: OAuthProviderConfig, clientId: string, redirectUri: string, state: string): string;
+    /**
+     * Exchange authorization code for tokens using native fetch.
+     */
+    exchangeCode(provider: OAuthProviderConfig, clientId: string, clientSecret: string, code: string, redirectUri: string): Promise<{
+        access_token: string;
+        refresh_token?: string;
+        expires_in?: number;
+    }>;
+    /**
+     * Fetch user profile from the provider's userinfo endpoint.
+     */
+    fetchUserProfile(provider: OAuthProviderConfig, accessToken: string): Promise<OAuthUserProfile>;
+    /**
+     * Find an existing OAuth account link.
+     */
+    findOAuthAccount(provider: string, providerAccountId: string): Promise<OAuthAccount | null>;
+    /**
+     * Find all OAuth accounts for a user.
+     */
+    findUserOAuthAccounts(userId: string): Promise<OAuthAccount[]>;
+    /**
+     * Create a new OAuth account link.
+     */
+    createOAuthAccount(params: {
+        userId: string;
+        provider: string;
+        providerAccountId: string;
+        accessToken: string;
+        refreshToken?: string;
+        tokenExpiresAt?: number;
+        profileData?: string;
+    }): Promise<OAuthAccount>;
+    /**
+     * Update tokens for an existing OAuth account.
+     */
+    updateOAuthTokens(id: string, accessToken: string, refreshToken?: string, tokenExpiresAt?: number): Promise<void>;
+    /**
+     * Unlink an OAuth account from a user (only if they have another auth method).
+     */
+    unlinkOAuthAccount(userId: string, provider: string): Promise<boolean>;
+    /**
+     * Find a user by email.
+     */
+    findUserByEmail(email: string): Promise<{
+        id: string;
+        email: string;
+        role: string;
+        is_active: number;
+        first_name: string;
+        last_name: string;
+    } | null>;
+    /**
+     * Create a new user from an OAuth profile.
+     */
+    createUserFromOAuth(profile: OAuthUserProfile): Promise<string>;
+    /**
+     * Generate a cryptographically random state parameter for CSRF protection.
+     */
+    generateState(): string;
+}
 /**
  * @sonicjs/core - Main Entry Point
  *
@@ -536,4 +656,4 @@ declare class PluginHelpers {
 declare const VERSION: string;
-export { PluginBuilder, PluginHelpers, VERSION, createDb };
+export { BUILT_IN_PROVIDERS, OAuthService, PluginBuilder, PluginHelpers, VERSION, createDb, createOAuthProvidersPlugin, oauthProvidersPlugin };

package/dist/index.d.ts CHANGED Viewed

@@ -1,12 +1,12 @@
 export { B as Bindings, S as SonicJSApp, a as SonicJSConfig, V as Variables, c as createSonicJSApp, s as setupCoreMiddleware, b as setupCoreRoutes } from './app-Ozl9agJG.js';
-import { s as schema } from './plugin-bootstrap-WmpvYM5w.js';
-export { C as Collection, a as Content, b as CorePlugin, P as DbPlugin, c as DbPluginHook, L as LogCategory, d as LogConfig, e as LogEntry, f as LogFilter, g as LogLevel, h as Logger, M as Media, i as Migration, j as MigrationService, k as MigrationStatus, N as NewCollection, l as NewContent, m as NewLogConfig, n as NewMedia, o as NewPlugin, p as NewPluginActivityLog, q as NewPluginAsset, r as NewPluginHook, t as NewPluginRoute, u as NewSystemLog, v as NewUser, w as NewWorkflowHistory, x as PluginActivityLog, y as PluginAsset, z as PluginBootstrapService, A as PluginRoute, B as PluginServiceClass, S as SystemLog, U as User, W as WorkflowHistory, D as apiTokens, E as cleanupRemovedCollections, F as collections, G as content, H as contentVersions, I as fullCollectionSync, J as getAvailableCollectionNames, K as getLogger, O as getManagedCollections, Q as initLogger, R as insertCollectionSchema, T as insertContentSchema, V as insertLogConfigSchema, X as insertMediaSchema, Y as insertPluginActivityLogSchema, Z as insertPluginAssetSchema, _ as insertPluginHookSchema, $ as insertPluginRouteSchema, a0 as insertPluginSchema, a1 as insertSystemLogSchema, a2 as insertUserSchema, a3 as insertWorkflowHistorySchema, a4 as isCollectionManaged, a5 as loadCollectionConfig, a6 as loadCollectionConfigs, a7 as logConfig, a8 as media, a9 as pluginActivityLog, aa as pluginAssets, ab as pluginHooks, ac as pluginRoutes, ad as plugins, ae as registerCollections, af as selectCollectionSchema, ag as selectContentSchema, ah as selectLogConfigSchema, ai as selectMediaSchema, aj as selectPluginActivityLogSchema, ak as selectPluginAssetSchema, al as selectPluginHookSchema, am as selectPluginRouteSchema, an as selectPluginSchema, ao as selectSystemLogSchema, ap as selectUserSchema, aq as selectWorkflowHistorySchema, ar as syncCollection, as as syncCollections, at as systemLogs, au as users, av as validateCollectionConfig, aw as workflowHistory } from './plugin-bootstrap-WmpvYM5w.js';
+import { B as schema } from './plugin-bootstrap-DXBAYaqM.js';
+export { D as Collection, E as Content, C as CorePlugin, F as DbPlugin, G as DbPluginHook, L as LogCategory, H as LogConfig, a as LogEntry, b as LogFilter, c as LogLevel, d as Logger, I as Media, M as Migration, e as MigrationService, f as MigrationStatus, N as NewCollection, J as NewContent, K as NewLogConfig, O as NewMedia, Q as NewPlugin, R as NewPluginActivityLog, S as NewPluginAsset, T as NewPluginHook, U as NewPluginRoute, V as NewSystemLog, W as NewUser, X as NewWorkflowHistory, Y as PluginActivityLog, Z as PluginAsset, P as PluginBootstrapService, _ as PluginRoute, g as PluginServiceClass, $ as SystemLog, a0 as User, a1 as WorkflowHistory, a2 as apiTokens, h as backfillFormSubmissions, i as cleanupRemovedCollections, a3 as collections, a4 as content, a5 as contentVersions, j as createContentFromSubmission, k as deriveCollectionSchemaFromFormio, l as deriveSubmissionTitle, m as fullCollectionSync, n as getAvailableCollectionNames, o as getLogger, p as getManagedCollections, q as initLogger, a6 as insertCollectionSchema, a7 as insertContentSchema, a8 as insertLogConfigSchema, a9 as insertMediaSchema, aa as insertPluginActivityLogSchema, ab as insertPluginAssetSchema, ac as insertPluginHookSchema, ad as insertPluginRouteSchema, ae as insertPluginSchema, af as insertSystemLogSchema, ag as insertUserSchema, ah as insertWorkflowHistorySchema, r as isCollectionManaged, s as loadCollectionConfig, t as loadCollectionConfigs, ai as logConfig, u as mapFormStatusToContentStatus, aj as media, ak as pluginActivityLog, al as pluginAssets, am as pluginHooks, an as pluginRoutes, ao as plugins, v as registerCollections, ap as selectCollectionSchema, aq as selectContentSchema, ar as selectLogConfigSchema, as as selectMediaSchema, at as selectPluginActivityLogSchema, au as selectPluginAssetSchema, av as selectPluginHookSchema, aw as selectPluginRouteSchema, ax as selectPluginSchema, ay as selectSystemLogSchema, az as selectUserSchema, aA as selectWorkflowHistorySchema, w as syncAllFormCollections, x as syncCollection, y as syncCollections, z as syncFormCollection, aB as systemLogs, aC as users, A as validateCollectionConfig, aD as workflowHistory } from './plugin-bootstrap-DXBAYaqM.js';
 export { AuthManager, Permission, PermissionManager, UserPermissions, bootstrapMiddleware, cacheHeaders, compressionMiddleware, detailedLoggingMiddleware, getActivePlugins, isPluginActive, logActivity, loggingMiddleware, optionalAuth, performanceLoggingMiddleware, requireActivePlugin, requireActivePlugins, requireAnyPermission, requireAuth, requirePermission, requireRole, securityHeaders, securityLoggingMiddleware } from './middleware.js';
-export { H as HookSystemImpl, a as HookUtils, P as PluginManagerClass, b as PluginRegistryImpl, c as PluginValidatorClass, S as ScopedHookSystemClass } from './plugin-manager-Clf2gXwj.js';
+export { H as HookSystemImpl, a as HookUtils, P as PluginManagerClass, b as PluginRegistryImpl, c as PluginValidatorClass, S as ScopedHookSystemClass } from './plugin-manager-Efx9RyDX.js';
 export { ROUTES_INFO, adminApiRoutes, adminCheckboxRoutes, adminCodeExamplesRoutes, adminCollectionsRoutes, adminContentRoutes, adminDashboardRoutes, adminDesignRoutes, adminLogsRoutes, adminMediaRoutes, adminPluginRoutes, adminSettingsRoutes, adminTestimonialsRoutes, adminUsersRoutes, apiContentCrudRoutes, apiMediaRoutes, apiRoutes, apiSystemRoutes, authRoutes } from './routes.js';
 export { A as AlertData, C as ConfirmationDialogOptions, F as Filter, a as FilterBarData, b as FilterOption, c as FormData, d as FormField, P as PaginationData, T as TableColumn, e as TableData, g as getConfirmationDialogScript, r as renderAlert, f as renderConfirmationDialog, h as renderFilterBar, i as renderForm, j as renderFormField, k as renderPagination, l as renderTable } from './filter-bar.template-DlVYMk-T.js';
 export { C as CollectionConfig, b as CollectionConfigModule, c as CollectionSchema, d as CollectionSyncResult, F as FieldConfig, e as FieldType } from './collection-config-B4PG-AaF.js';
-export { A as AuthService, C as ContentService, H as HOOKS, a as HookContext, b as HookHandler, c as HookName, d as HookSystem, M as MediaService, P as Plugin, f as PluginAdminPage, g as PluginBuilderOptions, h as PluginComponent, i as PluginConfig, j as PluginContext, k as PluginHook, l as PluginLogger, m as PluginManager, n as PluginMenuItem, o as PluginMiddleware, p as PluginModel, q as PluginRegistry, r as PluginRoutes, s as PluginService, t as PluginStatus, u as PluginValidationResult, v as PluginValidator, S as ScopedHookSystem } from './plugin-0Xogrln-.js';
+export { A as AuthService, C as ContentService, H as HOOKS, a as HookContext, b as HookHandler, c as HookName, d as HookSystem, M as MediaService, P as Plugin, f as PluginAdminPage, g as PluginBuilderOptions, h as PluginComponent, i as PluginConfig, j as PluginContext, k as PluginHook, l as PluginLogger, m as PluginManager, n as PluginMenuItem, o as PluginMiddleware, p as PluginModel, q as PluginRegistry, r as PluginRoutes, s as PluginService, t as PluginStatus, u as PluginValidationResult, v as PluginValidator, S as ScopedHookSystem } from './plugin-DDYetMF-.js';
 export { P as PluginManifest } from './plugin-manifest-Dpy8wxIB.js';
 export { F as FilterCondition, a as FilterGroup, b as FilterOperator, Q as QueryFilter, c as QueryFilterBuilder, d as QueryResult, S as SONICJS_VERSION, T as TemplateRenderer, e as buildQuery, f as escapeHtml, g as getCoreVersion, m as metricsTracker, r as renderTemplate, s as sanitizeInput, h as sanitizeObject, t as templateRenderer } from './version-ChpccWQ1.js';
 import * as drizzle_orm_d1 from 'drizzle-orm/d1';
@@ -516,6 +516,126 @@ declare class PluginHelpers {
     }>): z.ZodSchema;
 }
+/**
+ * OAuth Providers Plugin
+ *
+ * OAuth2/OIDC social login support for SonicJS.
+ * Phase 1: Core OAuth2 authorization code flow with GitHub and Google providers.
+ *
+ * Routes:
+ *   GET  /auth/oauth/:provider          → Redirect to provider authorization
+ *   GET  /auth/oauth/:provider/callback → Handle OAuth callback
+ *   POST /auth/oauth/link               → Link OAuth provider to logged-in account
+ *   POST /auth/oauth/unlink             → Unlink OAuth provider from account
+ *   GET  /auth/oauth/accounts           → List linked OAuth accounts for current user
+ */
+declare function createOAuthProvidersPlugin(): Plugin;
+declare const oauthProvidersPlugin: Plugin;
+/**
+ * OAuth Service
+ * Handles OAuth2 authorization code flow, token exchange, and user info fetching.
+ * Provider-agnostic — each provider is a simple config object.
+ */
+interface OAuthProviderConfig {
+    id: string;
+    name: string;
+    authorizeUrl: string;
+    tokenUrl: string;
+    userInfoUrl: string;
+    scopes: string[];
+    /** Map provider profile JSON to a normalized user profile */
+    mapProfile: (profile: Record<string, any>) => OAuthUserProfile;
+}
+interface OAuthUserProfile {
+    providerAccountId: string;
+    email: string;
+    name: string;
+    avatar?: string;
+}
+declare const BUILT_IN_PROVIDERS: Record<string, OAuthProviderConfig>;
+interface OAuthAccount {
+    id: string;
+    user_id: string;
+    provider: string;
+    provider_account_id: string;
+    access_token: string | null;
+    refresh_token: string | null;
+    token_expires_at: number | null;
+    profile_data: string | null;
+    created_at: number;
+    updated_at: number;
+}
+declare class OAuthService {
+    private db;
+    constructor(db: D1Database$1);
+    /**
+     * Build the authorization redirect URL for a provider.
+     */
+    buildAuthorizeUrl(provider: OAuthProviderConfig, clientId: string, redirectUri: string, state: string): string;
+    /**
+     * Exchange authorization code for tokens using native fetch.
+     */
+    exchangeCode(provider: OAuthProviderConfig, clientId: string, clientSecret: string, code: string, redirectUri: string): Promise<{
+        access_token: string;
+        refresh_token?: string;
+        expires_in?: number;
+    }>;
+    /**
+     * Fetch user profile from the provider's userinfo endpoint.
+     */
+    fetchUserProfile(provider: OAuthProviderConfig, accessToken: string): Promise<OAuthUserProfile>;
+    /**
+     * Find an existing OAuth account link.
+     */
+    findOAuthAccount(provider: string, providerAccountId: string): Promise<OAuthAccount | null>;
+    /**
+     * Find all OAuth accounts for a user.
+     */
+    findUserOAuthAccounts(userId: string): Promise<OAuthAccount[]>;
+    /**
+     * Create a new OAuth account link.
+     */
+    createOAuthAccount(params: {
+        userId: string;
+        provider: string;
+        providerAccountId: string;
+        accessToken: string;
+        refreshToken?: string;
+        tokenExpiresAt?: number;
+        profileData?: string;
+    }): Promise<OAuthAccount>;
+    /**
+     * Update tokens for an existing OAuth account.
+     */
+    updateOAuthTokens(id: string, accessToken: string, refreshToken?: string, tokenExpiresAt?: number): Promise<void>;
+    /**
+     * Unlink an OAuth account from a user (only if they have another auth method).
+     */
+    unlinkOAuthAccount(userId: string, provider: string): Promise<boolean>;
+    /**
+     * Find a user by email.
+     */
+    findUserByEmail(email: string): Promise<{
+        id: string;
+        email: string;
+        role: string;
+        is_active: number;
+        first_name: string;
+        last_name: string;
+    } | null>;
+    /**
+     * Create a new user from an OAuth profile.
+     */
+    createUserFromOAuth(profile: OAuthUserProfile): Promise<string>;
+    /**
+     * Generate a cryptographically random state parameter for CSRF protection.
+     */
+    generateState(): string;
+}
 /**
  * @sonicjs/core - Main Entry Point
  *
@@ -536,4 +656,4 @@ declare class PluginHelpers {
 declare const VERSION: string;
-export { PluginBuilder, PluginHelpers, VERSION, createDb };
+export { BUILT_IN_PROVIDERS, OAuthService, PluginBuilder, PluginHelpers, VERSION, createDb, createOAuthProvidersPlugin, oauthProvidersPlugin };