npm - @sonicjs-cms/core - Versions diffs - 2.10.1 → 2.11.0 - Mend

@sonicjs-cms/core 2.10.1 → 2.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

package/dist/{chunk-CJYFSKH7.js → chunk-2MXF4RYZ.js} +3 -3
package/dist/{chunk-CJYFSKH7.js.map → chunk-2MXF4RYZ.js.map} +1 -1
package/dist/{chunk-MNFY6DWY.cjs → chunk-56GUBLJE.cjs} +7 -7
package/dist/{chunk-MNFY6DWY.cjs.map → chunk-56GUBLJE.cjs.map} +1 -1
package/dist/{chunk-TWCQVJ6M.cjs → chunk-6BVLPACH.cjs} +37 -2
package/dist/chunk-6BVLPACH.cjs.map +1 -0
package/dist/{chunk-HGKBMUYY.cjs → chunk-ASAEJ4B7.cjs} +252 -125
package/dist/chunk-ASAEJ4B7.cjs.map +1 -0
package/dist/{chunk-5GO3AMON.cjs → chunk-B2ASV5RD.cjs} +8 -8
package/dist/{chunk-5GO3AMON.cjs.map → chunk-B2ASV5RD.cjs.map} +1 -1
package/dist/{chunk-YXTFJPMN.js → chunk-BUU2US2Z.js} +3 -3
package/dist/{chunk-YXTFJPMN.js.map → chunk-BUU2US2Z.js.map} +1 -1
package/dist/{chunk-EAJJHE5F.cjs → chunk-DE5YTNCD.cjs} +2 -2
package/dist/{chunk-EAJJHE5F.cjs.map → chunk-DE5YTNCD.cjs.map} +1 -1
package/dist/{chunk-JFMBYQTC.js → chunk-GKRGDJGG.js} +4 -4
package/dist/{chunk-JFMBYQTC.js.map → chunk-GKRGDJGG.js.map} +1 -1
package/dist/{chunk-FW5CGNM2.js → chunk-H55AYIRI.js} +2 -2
package/dist/{chunk-FW5CGNM2.js.map → chunk-H55AYIRI.js.map} +1 -1
package/dist/{chunk-SDAGUFOF.js → chunk-JTQBNSZX.js} +151 -24
package/dist/chunk-JTQBNSZX.js.map +1 -0
package/dist/{chunk-BUPNX3ZM.js → chunk-NMLFKXWW.js} +37 -2
package/dist/chunk-NMLFKXWW.js.map +1 -0
package/dist/{chunk-E2GKK5HX.cjs → chunk-QLPFENZ2.cjs} +3 -3
package/dist/{chunk-E2GKK5HX.cjs.map → chunk-QLPFENZ2.cjs.map} +1 -1
package/dist/{chunk-KYGRJCZM.cjs → chunk-QTFKZBLC.cjs} +3 -2
package/dist/chunk-QTFKZBLC.cjs.map +1 -0
package/dist/{chunk-LOUJRBXV.js → chunk-QXOZI5Q2.js} +3 -2
package/dist/chunk-QXOZI5Q2.js.map +1 -0
package/dist/index.cjs +685 -114
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +125 -5
package/dist/index.d.ts +125 -5
package/dist/index.js +580 -13
package/dist/index.js.map +1 -1
package/dist/middleware.cjs +29 -29
package/dist/middleware.js +3 -3
package/dist/migrations-UFVJTPVT.js +4 -0
package/dist/{migrations-ADK6YNM2.js.map → migrations-UFVJTPVT.js.map} +1 -1
package/dist/migrations-VNYOSUNE.cjs +13 -0
package/dist/{migrations-EM2D6EG2.cjs.map → migrations-VNYOSUNE.cjs.map} +1 -1
package/dist/{plugin-0Xogrln-.d.cts → plugin-DDYetMF-.d.cts} +1 -0
package/dist/{plugin-0Xogrln-.d.ts → plugin-DDYetMF-.d.ts} +1 -0
package/dist/{plugin-bootstrap-B8PXeGj_.d.cts → plugin-bootstrap-DCXpeQVb.d.cts} +1 -1
package/dist/{plugin-bootstrap-CD63DZ-p.d.ts → plugin-bootstrap-DXBAYaqM.d.ts} +1 -1
package/dist/{plugin-manager-GcIeb226.d.cts → plugin-manager-BoM3Q7o7.d.cts} +1 -1
package/dist/{plugin-manager-Clf2gXwj.d.ts → plugin-manager-Efx9RyDX.d.ts} +1 -1
package/dist/plugins.cjs +10 -10
package/dist/plugins.d.cts +2 -2
package/dist/plugins.d.ts +2 -2
package/dist/plugins.js +2 -2
package/dist/routes.cjs +28 -28
package/dist/routes.js +5 -5
package/dist/services.cjs +23 -23
package/dist/services.d.cts +1 -1
package/dist/services.d.ts +1 -1
package/dist/services.js +2 -2
package/dist/types.cjs +2 -2
package/dist/types.d.cts +1 -1
package/dist/types.d.ts +1 -1
package/dist/types.js +1 -1
package/dist/utils.cjs +11 -11
package/dist/utils.js +1 -1
package/package.json +1 -1
package/dist/chunk-BUPNX3ZM.js.map +0 -1
package/dist/chunk-HGKBMUYY.cjs.map +0 -1
package/dist/chunk-KYGRJCZM.cjs.map +0 -1
package/dist/chunk-LOUJRBXV.js.map +0 -1
package/dist/chunk-SDAGUFOF.js.map +0 -1
package/dist/chunk-TWCQVJ6M.cjs.map +0 -1
package/dist/migrations-ADK6YNM2.js +0 -4
package/dist/migrations-EM2D6EG2.cjs +0 -13

package/dist/index.cjs CHANGED Viewed

@@ -1,19 +1,19 @@
 'use strict';
-var chunkHGKBMUYY_cjs = require('./chunk-HGKBMUYY.cjs');
+var chunkASAEJ4B7_cjs = require('./chunk-ASAEJ4B7.cjs');
 var chunkLFAQUR7P_cjs = require('./chunk-LFAQUR7P.cjs');
-var chunk5GO3AMON_cjs = require('./chunk-5GO3AMON.cjs');
-var chunkTWCQVJ6M_cjs = require('./chunk-TWCQVJ6M.cjs');
-var chunkEAJJHE5F_cjs = require('./chunk-EAJJHE5F.cjs');
+var chunkB2ASV5RD_cjs = require('./chunk-B2ASV5RD.cjs');
+var chunk6BVLPACH_cjs = require('./chunk-6BVLPACH.cjs');
+var chunkDE5YTNCD_cjs = require('./chunk-DE5YTNCD.cjs');
 var chunk3G7XX4UI_cjs = require('./chunk-3G7XX4UI.cjs');
 var chunkLTKV7AE5_cjs = require('./chunk-LTKV7AE5.cjs');
-var chunkMNFY6DWY_cjs = require('./chunk-MNFY6DWY.cjs');
+var chunk56GUBLJE_cjs = require('./chunk-56GUBLJE.cjs');
 var chunk6FHNRRJ3_cjs = require('./chunk-6FHNRRJ3.cjs');
-var chunkE2GKK5HX_cjs = require('./chunk-E2GKK5HX.cjs');
+var chunkQLPFENZ2_cjs = require('./chunk-QLPFENZ2.cjs');
 require('./chunk-P3XDZL6Q.cjs');
 var chunkRCQ2HIQD_cjs = require('./chunk-RCQ2HIQD.cjs');
 var chunkMNWKYY5E_cjs = require('./chunk-MNWKYY5E.cjs');
-var chunkKYGRJCZM_cjs = require('./chunk-KYGRJCZM.cjs');
+var chunkQTFKZBLC_cjs = require('./chunk-QTFKZBLC.cjs');
 require('./chunk-IGJUBJBW.cjs');
 var hono = require('hono');
 var cookie = require('hono/cookie');
@@ -559,7 +559,7 @@ function formatCellValue(value) {
 // src/plugins/core-plugins/database-tools-plugin/admin-routes.ts
 function createDatabaseToolsAdminRoutes() {
   const router3 = new hono.Hono();
-  router3.use("*", chunk5GO3AMON_cjs.requireAuth());
+  router3.use("*", chunkB2ASV5RD_cjs.requireAuth());
   router3.get("/api/stats", async (c) => {
     try {
       const user = c.get("user");
@@ -1822,7 +1822,8 @@ function createOTPLoginPlugin() {
           email: normalizedEmail,
           ipAddress,
           timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-          appName: siteName
+          appName: siteName,
+          logoUrl: settings.logoUrl || ""
         });
         const emailPlugin2 = await db.prepare(`
           SELECT settings FROM plugins WHERE id = 'email'
@@ -1925,7 +1926,7 @@ function createOTPLoginPlugin() {
           error: "Account is deactivated"
         }, 403);
       }
-      const token = await chunk5GO3AMON_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
+      const token = await chunkB2ASV5RD_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: true,
@@ -1997,6 +1998,567 @@ function createOTPLoginPlugin() {
 }
 var otpLoginPlugin = createOTPLoginPlugin();
+// src/plugins/core-plugins/oauth-providers/oauth-service.ts
+var GITHUB_PROVIDER = {
+  id: "github",
+  name: "GitHub",
+  authorizeUrl: "https://github.com/login/oauth/authorize",
+  tokenUrl: "https://github.com/login/oauth/access_token",
+  userInfoUrl: "https://api.github.com/user",
+  scopes: ["read:user", "user:email"],
+  mapProfile: (profile) => ({
+    providerAccountId: String(profile.id),
+    email: profile.email || "",
+    name: profile.name || profile.login || "",
+    avatar: profile.avatar_url || void 0
+  })
+};
+var GOOGLE_PROVIDER = {
+  id: "google",
+  name: "Google",
+  authorizeUrl: "https://accounts.google.com/o/oauth2/v2/auth",
+  tokenUrl: "https://oauth2.googleapis.com/token",
+  userInfoUrl: "https://www.googleapis.com/oauth2/v2/userinfo",
+  scopes: ["openid", "email", "profile"],
+  mapProfile: (profile) => ({
+    providerAccountId: String(profile.id),
+    email: profile.email || "",
+    name: profile.name || "",
+    avatar: profile.picture || void 0
+  })
+};
+var BUILT_IN_PROVIDERS = {
+  github: GITHUB_PROVIDER,
+  google: GOOGLE_PROVIDER
+};
+var OAuthService = class {
+  constructor(db) {
+    this.db = db;
+  }
+  /**
+   * Build the authorization redirect URL for a provider.
+   */
+  buildAuthorizeUrl(provider, clientId, redirectUri, state) {
+    const params = new URLSearchParams({
+      client_id: clientId,
+      redirect_uri: redirectUri,
+      response_type: "code",
+      scope: provider.scopes.join(" "),
+      state
+    });
+    if (provider.id === "google") {
+      params.set("access_type", "offline");
+      params.set("prompt", "consent");
+    }
+    return `${provider.authorizeUrl}?${params.toString()}`;
+  }
+  /**
+   * Exchange authorization code for tokens using native fetch.
+   */
+  async exchangeCode(provider, clientId, clientSecret, code, redirectUri) {
+    const body = {
+      client_id: clientId,
+      client_secret: clientSecret,
+      code,
+      redirect_uri: redirectUri,
+      grant_type: "authorization_code"
+    };
+    const response = await fetch(provider.tokenUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        "Accept": "application/json"
+      },
+      body: new URLSearchParams(body).toString()
+    });
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(`Token exchange failed (${response.status}): ${errorText}`);
+    }
+    const data = await response.json();
+    if (data.error) {
+      throw new Error(`Token exchange error: ${data.error_description || data.error}`);
+    }
+    return {
+      access_token: data.access_token,
+      refresh_token: data.refresh_token,
+      expires_in: data.expires_in ? Number(data.expires_in) : void 0
+    };
+  }
+  /**
+   * Fetch user profile from the provider's userinfo endpoint.
+   */
+  async fetchUserProfile(provider, accessToken) {
+    const headers = {
+      "Authorization": `Bearer ${accessToken}`,
+      "Accept": "application/json"
+    };
+    if (provider.id === "github") {
+      headers["Authorization"] = `token ${accessToken}`;
+    }
+    const response = await fetch(provider.userInfoUrl, { headers });
+    if (!response.ok) {
+      throw new Error(`Failed to fetch user profile (${response.status})`);
+    }
+    const profile = await response.json();
+    if (provider.id === "github" && !profile.email) {
+      const emailResponse = await fetch("https://api.github.com/user/emails", {
+        headers: {
+          "Authorization": `token ${accessToken}`,
+          "Accept": "application/json"
+        }
+      });
+      if (emailResponse.ok) {
+        const emails = await emailResponse.json();
+        const primaryEmail = emails.find((e) => e.primary && e.verified);
+        if (primaryEmail) {
+          profile.email = primaryEmail.email;
+        }
+      }
+    }
+    return provider.mapProfile(profile);
+  }
+  // ─── Database Operations ────────────────────────────────────────────────
+  /**
+   * Find an existing OAuth account link.
+   */
+  async findOAuthAccount(provider, providerAccountId) {
+    return await this.db.prepare(`
+      SELECT * FROM oauth_accounts
+      WHERE provider = ? AND provider_account_id = ?
+    `).bind(provider, providerAccountId).first();
+  }
+  /**
+   * Find all OAuth accounts for a user.
+   */
+  async findUserOAuthAccounts(userId) {
+    const result = await this.db.prepare(`
+      SELECT * FROM oauth_accounts WHERE user_id = ?
+    `).bind(userId).all();
+    return result.results || [];
+  }
+  /**
+   * Create a new OAuth account link.
+   */
+  async createOAuthAccount(params) {
+    const id = crypto.randomUUID();
+    const now = Date.now();
+    await this.db.prepare(`
+      INSERT INTO oauth_accounts (
+        id, user_id, provider, provider_account_id,
+        access_token, refresh_token, token_expires_at,
+        profile_data, created_at, updated_at
+      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `).bind(
+      id,
+      params.userId,
+      params.provider,
+      params.providerAccountId,
+      params.accessToken,
+      params.refreshToken || null,
+      params.tokenExpiresAt || null,
+      params.profileData || null,
+      now,
+      now
+    ).run();
+    return {
+      id,
+      user_id: params.userId,
+      provider: params.provider,
+      provider_account_id: params.providerAccountId,
+      access_token: params.accessToken,
+      refresh_token: params.refreshToken || null,
+      token_expires_at: params.tokenExpiresAt || null,
+      profile_data: params.profileData || null,
+      created_at: now,
+      updated_at: now
+    };
+  }
+  /**
+   * Update tokens for an existing OAuth account.
+   */
+  async updateOAuthTokens(id, accessToken, refreshToken, tokenExpiresAt) {
+    await this.db.prepare(`
+      UPDATE oauth_accounts
+      SET access_token = ?, refresh_token = ?, token_expires_at = ?, updated_at = ?
+      WHERE id = ?
+    `).bind(accessToken, refreshToken || null, tokenExpiresAt || null, Date.now(), id).run();
+  }
+  /**
+   * Unlink an OAuth account from a user (only if they have another auth method).
+   */
+  async unlinkOAuthAccount(userId, provider) {
+    const user = await this.db.prepare(`
+      SELECT password_hash FROM users WHERE id = ?
+    `).bind(userId).first();
+    const otherLinks = await this.db.prepare(`
+      SELECT COUNT(*) as count FROM oauth_accounts
+      WHERE user_id = ? AND provider != ?
+    `).bind(userId, provider).first();
+    const hasPassword = !!user?.password_hash;
+    const hasOtherLinks = (otherLinks?.count || 0) > 0;
+    if (!hasPassword && !hasOtherLinks) {
+      return false;
+    }
+    await this.db.prepare(`
+      DELETE FROM oauth_accounts WHERE user_id = ? AND provider = ?
+    `).bind(userId, provider).run();
+    return true;
+  }
+  /**
+   * Find a user by email.
+   */
+  async findUserByEmail(email) {
+    return await this.db.prepare(`
+      SELECT id, email, role, is_active, first_name, last_name
+      FROM users WHERE email = ?
+    `).bind(email.toLowerCase()).first();
+  }
+  /**
+   * Create a new user from an OAuth profile.
+   */
+  async createUserFromOAuth(profile) {
+    const id = crypto.randomUUID();
+    const now = Date.now();
+    const email = profile.email.toLowerCase();
+    const nameParts = (profile.name || email.split("@")[0] || "User").split(" ");
+    const firstName = nameParts[0] || "User";
+    const lastName = nameParts.slice(1).join(" ") || "";
+    const username = email.split("@")[0] || id.substring(0, 8);
+    const existing = await this.db.prepare(
+      "SELECT id FROM users WHERE username = ?"
+    ).bind(username).first();
+    const finalUsername = existing ? `${username}-${id.substring(0, 6)}` : username;
+    await this.db.prepare(`
+      INSERT INTO users (
+        id, email, username, first_name, last_name,
+        password_hash, role, avatar, is_active, created_at, updated_at
+      ) VALUES (?, ?, ?, ?, ?, NULL, 'viewer', ?, 1, ?, ?)
+    `).bind(
+      id,
+      email,
+      finalUsername,
+      firstName,
+      lastName,
+      profile.avatar || null,
+      now,
+      now
+    ).run();
+    return id;
+  }
+  /**
+   * Generate a cryptographically random state parameter for CSRF protection.
+   */
+  generateState() {
+    const bytes = new Uint8Array(32);
+    crypto.getRandomValues(bytes);
+    return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+};
+// src/plugins/core-plugins/oauth-providers/index.ts
+var STATE_COOKIE_NAME = "oauth_state";
+var STATE_COOKIE_MAX_AGE = 600;
+function createOAuthProvidersPlugin() {
+  const builder = chunk6FHNRRJ3_cjs.PluginBuilder.create({
+    name: "oauth-providers",
+    version: "1.0.0-beta.1",
+    description: "OAuth2/OIDC social login with GitHub, Google, and more"
+  });
+  builder.metadata({
+    author: {
+      name: "SonicJS Team",
+      email: "team@sonicjs.com"
+    },
+    license: "MIT",
+    compatibility: "^2.0.0"
+  });
+  function getCallbackUrl(c, provider) {
+    const proto = c.req.header("x-forwarded-proto") || "https";
+    const host = c.req.header("host") || "localhost";
+    return `${proto}://${host}/auth/oauth/${provider}/callback`;
+  }
+  async function loadSettings(db) {
+    const row = await db.prepare(
+      `SELECT settings FROM plugins WHERE id = 'oauth-providers'`
+    ).first();
+    if (!row?.settings) return null;
+    try {
+      return JSON.parse(row.settings);
+    } catch {
+      return null;
+    }
+  }
+  function getProviderCredentials(settings, providerId) {
+    if (!settings?.providers?.[providerId]) return null;
+    const p = settings.providers[providerId];
+    if (!p.enabled || !p.clientId || !p.clientSecret) return null;
+    return { clientId: p.clientId, clientSecret: p.clientSecret };
+  }
+  const oauthAPI = new hono.Hono();
+  oauthAPI.get("/:provider", async (c) => {
+    try {
+      const providerId = c.req.param("provider");
+      const providerConfig = BUILT_IN_PROVIDERS[providerId];
+      if (!providerConfig) {
+        return c.json({ error: `Unknown OAuth provider: ${providerId}` }, 400);
+      }
+      const db = c.env.DB;
+      const settings = await loadSettings(db);
+      const creds = getProviderCredentials(settings, providerId);
+      if (!creds) {
+        return c.json({
+          error: `OAuth provider "${providerId}" is not configured or not enabled`
+        }, 400);
+      }
+      const oauthService = new OAuthService(db);
+      const state = oauthService.generateState();
+      const redirectUri = getCallbackUrl(c, providerId);
+      cookie.setCookie(c, STATE_COOKIE_NAME, state, {
+        httpOnly: true,
+        secure: true,
+        sameSite: "Lax",
+        // Lax required for OAuth redirect flow
+        maxAge: STATE_COOKIE_MAX_AGE,
+        path: "/auth/oauth"
+      });
+      const authorizeUrl = oauthService.buildAuthorizeUrl(
+        providerConfig,
+        creds.clientId,
+        redirectUri,
+        state
+      );
+      return c.redirect(authorizeUrl);
+    } catch (error) {
+      console.error("OAuth authorize error:", error);
+      return c.json({ error: "Failed to initiate OAuth flow" }, 500);
+    }
+  });
+  oauthAPI.get("/:provider/callback", async (c) => {
+    try {
+      const providerId = c.req.param("provider");
+      const providerConfig = BUILT_IN_PROVIDERS[providerId];
+      if (!providerConfig) {
+        return c.redirect("/auth/login?error=Unknown OAuth provider");
+      }
+      const stateParam = c.req.query("state");
+      const stateCookie = cookie.getCookie(c, STATE_COOKIE_NAME);
+      if (!stateParam || !stateCookie || stateParam !== stateCookie) {
+        return c.redirect("/auth/login?error=Invalid OAuth state. Please try again.");
+      }
+      cookie.setCookie(c, STATE_COOKIE_NAME, "", {
+        httpOnly: true,
+        secure: true,
+        sameSite: "Lax",
+        maxAge: 0,
+        path: "/auth/oauth"
+      });
+      const errorParam = c.req.query("error");
+      if (errorParam) {
+        const errorDesc = c.req.query("error_description") || errorParam;
+        return c.redirect(`/auth/login?error=${encodeURIComponent(errorDesc)}`);
+      }
+      const code = c.req.query("code");
+      if (!code) {
+        return c.redirect("/auth/login?error=No authorization code received");
+      }
+      const db = c.env.DB;
+      const settings = await loadSettings(db);
+      const creds = getProviderCredentials(settings, providerId);
+      if (!creds) {
+        return c.redirect("/auth/login?error=OAuth provider not configured");
+      }
+      const oauthService = new OAuthService(db);
+      const redirectUri = getCallbackUrl(c, providerId);
+      const tokens = await oauthService.exchangeCode(
+        providerConfig,
+        creds.clientId,
+        creds.clientSecret,
+        code,
+        redirectUri
+      );
+      const profile = await oauthService.fetchUserProfile(providerConfig, tokens.access_token);
+      if (!profile.email) {
+        return c.redirect("/auth/login?error=Could not retrieve email from OAuth provider. Please ensure your email is public or grant email permission.");
+      }
+      const tokenExpiresAt = tokens.expires_in ? Date.now() + tokens.expires_in * 1e3 : null;
+      const existingOAuth = await oauthService.findOAuthAccount(providerId, profile.providerAccountId);
+      if (existingOAuth) {
+        await oauthService.updateOAuthTokens(
+          existingOAuth.id,
+          tokens.access_token,
+          tokens.refresh_token,
+          tokenExpiresAt ?? void 0
+        );
+        const user = await db.prepare(
+          "SELECT id, email, role, is_active FROM users WHERE id = ?"
+        ).bind(existingOAuth.user_id).first();
+        if (!user || !user.is_active) {
+          return c.redirect("/auth/login?error=Account is deactivated");
+        }
+        const jwt2 = await chunkB2ASV5RD_cjs.AuthManager.generateToken(
+          user.id,
+          user.email,
+          user.role,
+          c.env.JWT_SECRET
+        );
+        chunkB2ASV5RD_cjs.AuthManager.setAuthCookie(c, jwt2, { sameSite: "Lax" });
+        return c.redirect("/admin");
+      }
+      const existingUser = await oauthService.findUserByEmail(profile.email);
+      if (existingUser) {
+        if (!existingUser.is_active) {
+          return c.redirect("/auth/login?error=Account is deactivated");
+        }
+        await oauthService.createOAuthAccount({
+          userId: existingUser.id,
+          provider: providerId,
+          providerAccountId: profile.providerAccountId,
+          accessToken: tokens.access_token,
+          refreshToken: tokens.refresh_token,
+          tokenExpiresAt: tokenExpiresAt ?? void 0,
+          profileData: JSON.stringify(profile)
+        });
+        const jwt2 = await chunkB2ASV5RD_cjs.AuthManager.generateToken(
+          existingUser.id,
+          existingUser.email,
+          existingUser.role,
+          c.env.JWT_SECRET
+        );
+        chunkB2ASV5RD_cjs.AuthManager.setAuthCookie(c, jwt2, { sameSite: "Lax" });
+        return c.redirect("/admin");
+      }
+      const newUserId = await oauthService.createUserFromOAuth(profile);
+      await oauthService.createOAuthAccount({
+        userId: newUserId,
+        provider: providerId,
+        providerAccountId: profile.providerAccountId,
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        tokenExpiresAt: tokenExpiresAt ?? void 0,
+        profileData: JSON.stringify(profile)
+      });
+      const jwt = await chunkB2ASV5RD_cjs.AuthManager.generateToken(
+        newUserId,
+        profile.email.toLowerCase(),
+        "viewer",
+        c.env.JWT_SECRET
+      );
+      chunkB2ASV5RD_cjs.AuthManager.setAuthCookie(c, jwt, { sameSite: "Lax" });
+      return c.redirect("/admin");
+    } catch (error) {
+      console.error("OAuth callback error:", error);
+      const message = error instanceof Error ? error.message : "OAuth authentication failed";
+      return c.redirect(`/auth/login?error=${encodeURIComponent(message)}`);
+    }
+  });
+  oauthAPI.post("/link", async (c) => {
+    try {
+      const user = c.get("user");
+      if (!user) {
+        return c.json({ error: "Authentication required" }, 401);
+      }
+      const body = await c.req.json();
+      const { provider } = body;
+      if (!provider || !BUILT_IN_PROVIDERS[provider]) {
+        return c.json({ error: "Invalid provider" }, 400);
+      }
+      const db = c.env.DB;
+      const settings = await loadSettings(db);
+      const creds = getProviderCredentials(settings, provider);
+      if (!creds) {
+        return c.json({ error: `OAuth provider "${provider}" is not configured` }, 400);
+      }
+      const oauthService = new OAuthService(db);
+      const state = oauthService.generateState();
+      const redirectUri = getCallbackUrl(c, provider);
+      cookie.setCookie(c, STATE_COOKIE_NAME, state, {
+        httpOnly: true,
+        secure: true,
+        sameSite: "Lax",
+        maxAge: STATE_COOKIE_MAX_AGE,
+        path: "/auth/oauth"
+      });
+      const authorizeUrl = oauthService.buildAuthorizeUrl(
+        BUILT_IN_PROVIDERS[provider],
+        creds.clientId,
+        redirectUri,
+        state
+      );
+      return c.json({ redirectUrl: authorizeUrl });
+    } catch (error) {
+      console.error("OAuth link error:", error);
+      return c.json({ error: "Failed to initiate account linking" }, 500);
+    }
+  });
+  oauthAPI.post("/unlink", async (c) => {
+    try {
+      const user = c.get("user");
+      if (!user) {
+        return c.json({ error: "Authentication required" }, 401);
+      }
+      const body = await c.req.json();
+      const { provider } = body;
+      if (!provider) {
+        return c.json({ error: "Provider is required" }, 400);
+      }
+      const db = c.env.DB;
+      const oauthService = new OAuthService(db);
+      const success = await oauthService.unlinkOAuthAccount(user.userId, provider);
+      if (!success) {
+        return c.json({
+          error: "Cannot unlink the only authentication method. Set a password first."
+        }, 400);
+      }
+      return c.json({ success: true, message: `${provider} account unlinked` });
+    } catch (error) {
+      console.error("OAuth unlink error:", error);
+      return c.json({ error: "Failed to unlink account" }, 500);
+    }
+  });
+  oauthAPI.get("/accounts", async (c) => {
+    try {
+      const user = c.get("user");
+      if (!user) {
+        return c.json({ error: "Authentication required" }, 401);
+      }
+      const db = c.env.DB;
+      const oauthService = new OAuthService(db);
+      const accounts = await oauthService.findUserOAuthAccounts(user.userId);
+      return c.json({
+        accounts: accounts.map((a) => ({
+          provider: a.provider,
+          providerAccountId: a.provider_account_id,
+          linkedAt: a.created_at
+        }))
+      });
+    } catch (error) {
+      console.error("OAuth accounts error:", error);
+      return c.json({ error: "Failed to fetch linked accounts" }, 500);
+    }
+  });
+  builder.addRoute("/auth/oauth", oauthAPI, {
+    description: "OAuth2 social login endpoints",
+    requiresAuth: false,
+    priority: 100
+  });
+  builder.addMenuItem("OAuth Providers", "/admin/plugins/oauth-providers", {
+    icon: "shield",
+    order: 86,
+    permissions: ["oauth:manage"]
+  });
+  builder.lifecycle({
+    activate: async () => {
+      console.info("\u2705 OAuth Providers plugin activated");
+    },
+    deactivate: async () => {
+      console.info("\u274C OAuth Providers plugin deactivated");
+    }
+  });
+  return builder.build();
+}
+var oauthProvidersPlugin = createOAuthProvidersPlugin();
 // src/plugins/core-plugins/ai-search-plugin/services/embedding.service.ts
 var EmbeddingService = class {
   constructor(ai) {
@@ -3575,7 +4137,7 @@ function renderSettingsPage(data) {
 // src/plugins/core-plugins/ai-search-plugin/routes/admin.ts
 var adminRoutes = new hono.Hono();
-adminRoutes.use("*", chunk5GO3AMON_cjs.requireAuth());
+adminRoutes.use("*", chunkB2ASV5RD_cjs.requireAuth());
 adminRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -3976,13 +4538,13 @@ function createMagicLinkAuthPlugin() {
         SET used = 1, used_at = ?
         WHERE id = ?
       `).bind(Date.now(), magicLink.id).run();
-      const jwtToken = await chunk5GO3AMON_cjs.AuthManager.generateToken(
+      const jwtToken = await chunkB2ASV5RD_cjs.AuthManager.generateToken(
         user.id,
         user.email,
         user.role,
         c.env.JWT_SECRET
       );
-      chunk5GO3AMON_cjs.AuthManager.setAuthCookie(c, jwtToken);
+      chunkB2ASV5RD_cjs.AuthManager.setAuthCookie(c, jwtToken);
       await db.prepare(`
         UPDATE users SET last_login_at = ? WHERE id = ?
       `).bind(Date.now(), user.id).run();
@@ -5268,7 +5830,7 @@ function renderCacheDashboard(data) {
     </script>
     <!-- Confirmation Dialogs -->
-    ${chunkHGKBMUYY_cjs.renderConfirmationDialog({
+    ${chunkASAEJ4B7_cjs.renderConfirmationDialog({
     id: "clear-all-cache-confirm",
     title: "Clear All Cache",
     message: "Are you sure you want to clear all cache entries? This cannot be undone.",
@@ -5279,7 +5841,7 @@ function renderCacheDashboard(data) {
     onConfirm: "performClearAllCaches()"
   })}
-    ${chunkHGKBMUYY_cjs.renderConfirmationDialog({
+    ${chunkASAEJ4B7_cjs.renderConfirmationDialog({
     id: "clear-namespace-cache-confirm",
     title: "Clear Namespace Cache",
     message: "Clear cache for this namespace?",
@@ -5290,7 +5852,7 @@ function renderCacheDashboard(data) {
     onConfirm: "performClearNamespaceCache()"
   })}
-    ${chunkHGKBMUYY_cjs.getConfirmationDialogScript()}
+    ${chunkASAEJ4B7_cjs.getConfirmationDialogScript()}
   `;
   const layoutData = {
     title: "Cache System",
@@ -5976,14 +6538,14 @@ var faviconSvg = `<?xml version="1.0" encoding="UTF-8" standalone="no"?>
 // src/app.ts
 function createSonicJSApp(config = {}) {
   const app2 = new hono.Hono();
-  const appVersion = config.version || chunkE2GKK5HX_cjs.getCoreVersion();
+  const appVersion = config.version || chunkQLPFENZ2_cjs.getCoreVersion();
   const appName = config.name || "SonicJS AI";
   app2.use("*", async (c, next) => {
     c.set("appVersion", appVersion);
     await next();
   });
-  app2.use("*", chunk5GO3AMON_cjs.metricsMiddleware());
-  app2.use("*", chunk5GO3AMON_cjs.bootstrapMiddleware(config));
+  app2.use("*", chunkB2ASV5RD_cjs.metricsMiddleware());
+  app2.use("*", chunkB2ASV5RD_cjs.bootstrapMiddleware(config));
   if (config.middleware?.beforeAuth) {
     for (const middleware of config.middleware.beforeAuth) {
       app2.use("*", middleware);
@@ -5992,44 +6554,49 @@ function createSonicJSApp(config = {}) {
   app2.use("*", async (_c, next) => {
     await next();
   });
-  app2.use("*", chunk5GO3AMON_cjs.securityHeadersMiddleware());
-  app2.use("*", chunk5GO3AMON_cjs.csrfProtection());
+  app2.use("*", chunkB2ASV5RD_cjs.securityHeadersMiddleware());
+  app2.use("*", chunkB2ASV5RD_cjs.csrfProtection());
   if (config.middleware?.afterAuth) {
     for (const middleware of config.middleware.afterAuth) {
       app2.use("*", middleware);
     }
   }
-  app2.route("/api", chunkHGKBMUYY_cjs.api_default);
-  app2.route("/api/media", chunkHGKBMUYY_cjs.api_media_default);
-  app2.route("/api/system", chunkHGKBMUYY_cjs.api_system_default);
-  app2.route("/admin/api", chunkHGKBMUYY_cjs.admin_api_default);
-  app2.route("/admin/dashboard", chunkHGKBMUYY_cjs.router);
-  app2.route("/admin/collections", chunkHGKBMUYY_cjs.adminCollectionsRoutes);
-  app2.route("/admin/forms", chunkHGKBMUYY_cjs.adminFormsRoutes);
-  app2.route("/admin/settings", chunkHGKBMUYY_cjs.adminSettingsRoutes);
-  app2.route("/forms", chunkHGKBMUYY_cjs.public_forms_default);
-  app2.route("/api/forms", chunkHGKBMUYY_cjs.public_forms_default);
-  app2.route("/admin/api-reference", chunkHGKBMUYY_cjs.router2);
+  app2.route("/api", chunkASAEJ4B7_cjs.api_default);
+  app2.route("/api/media", chunkASAEJ4B7_cjs.api_media_default);
+  app2.route("/api/system", chunkASAEJ4B7_cjs.api_system_default);
+  app2.route("/admin/api", chunkASAEJ4B7_cjs.admin_api_default);
+  app2.route("/admin/dashboard", chunkASAEJ4B7_cjs.router);
+  app2.route("/admin/collections", chunkASAEJ4B7_cjs.adminCollectionsRoutes);
+  app2.route("/admin/forms", chunkASAEJ4B7_cjs.adminFormsRoutes);
+  app2.route("/admin/settings", chunkASAEJ4B7_cjs.adminSettingsRoutes);
+  app2.route("/forms", chunkASAEJ4B7_cjs.public_forms_default);
+  app2.route("/api/forms", chunkASAEJ4B7_cjs.public_forms_default);
+  app2.route("/admin/api-reference", chunkASAEJ4B7_cjs.router2);
   app2.route("/admin/database-tools", createDatabaseToolsAdminRoutes());
   app2.route("/admin/seed-data", createSeedDataAdminRoutes());
-  app2.route("/admin/content", chunkHGKBMUYY_cjs.admin_content_default);
-  app2.route("/admin/media", chunkHGKBMUYY_cjs.adminMediaRoutes);
+  app2.route("/admin/content", chunkASAEJ4B7_cjs.admin_content_default);
+  app2.route("/admin/media", chunkASAEJ4B7_cjs.adminMediaRoutes);
   if (aiSearchPlugin.routes && aiSearchPlugin.routes.length > 0) {
     for (const route of aiSearchPlugin.routes) {
       app2.route(route.path, route.handler);
     }
   }
   app2.route("/admin/cache", cache_default.getRoutes());
+  if (oauthProvidersPlugin.routes && oauthProvidersPlugin.routes.length > 0) {
+    for (const route of oauthProvidersPlugin.routes) {
+      app2.route(route.path, route.handler);
+    }
+  }
   if (otpLoginPlugin.routes && otpLoginPlugin.routes.length > 0) {
     for (const route of otpLoginPlugin.routes) {
       app2.route(route.path, route.handler);
     }
   }
-  app2.route("/admin/plugins", chunkHGKBMUYY_cjs.adminPluginRoutes);
-  app2.route("/admin/logs", chunkHGKBMUYY_cjs.adminLogsRoutes);
-  app2.route("/admin", chunkHGKBMUYY_cjs.userRoutes);
-  app2.route("/auth", chunkHGKBMUYY_cjs.auth_default);
-  app2.route("/", chunkHGKBMUYY_cjs.test_cleanup_default);
+  app2.route("/admin/plugins", chunkASAEJ4B7_cjs.adminPluginRoutes);
+  app2.route("/admin/logs", chunkASAEJ4B7_cjs.adminLogsRoutes);
+  app2.route("/admin", chunkASAEJ4B7_cjs.userRoutes);
+  app2.route("/auth", chunkASAEJ4B7_cjs.auth_default);
+  app2.route("/", chunkASAEJ4B7_cjs.test_cleanup_default);
   if (emailPlugin.routes && emailPlugin.routes.length > 0) {
     for (const route of emailPlugin.routes) {
       app2.route(route.path, route.handler);
@@ -6113,83 +6680,83 @@ function createDb(d1$1) {
 }
 // src/index.ts
-var VERSION = chunkE2GKK5HX_cjs.package_default.version;
+var VERSION = chunkQLPFENZ2_cjs.package_default.version;
 Object.defineProperty(exports, "ROUTES_INFO", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.ROUTES_INFO; }
+  get: function () { return chunkASAEJ4B7_cjs.ROUTES_INFO; }
 });
 Object.defineProperty(exports, "adminApiRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.admin_api_default; }
+  get: function () { return chunkASAEJ4B7_cjs.admin_api_default; }
 });
 Object.defineProperty(exports, "adminCheckboxRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.adminCheckboxRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.adminCheckboxRoutes; }
 });
 Object.defineProperty(exports, "adminCodeExamplesRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.admin_code_examples_default; }
+  get: function () { return chunkASAEJ4B7_cjs.admin_code_examples_default; }
 });
 Object.defineProperty(exports, "adminCollectionsRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.adminCollectionsRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.adminCollectionsRoutes; }
 });
 Object.defineProperty(exports, "adminContentRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.admin_content_default; }
+  get: function () { return chunkASAEJ4B7_cjs.admin_content_default; }
 });
 Object.defineProperty(exports, "adminDashboardRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.router; }
+  get: function () { return chunkASAEJ4B7_cjs.router; }
 });
 Object.defineProperty(exports, "adminDesignRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.adminDesignRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.adminDesignRoutes; }
 });
 Object.defineProperty(exports, "adminLogsRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.adminLogsRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.adminLogsRoutes; }
 });
 Object.defineProperty(exports, "adminMediaRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.adminMediaRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.adminMediaRoutes; }
 });
 Object.defineProperty(exports, "adminPluginRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.adminPluginRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.adminPluginRoutes; }
 });
 Object.defineProperty(exports, "adminSettingsRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.adminSettingsRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.adminSettingsRoutes; }
 });
 Object.defineProperty(exports, "adminTestimonialsRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.admin_testimonials_default; }
+  get: function () { return chunkASAEJ4B7_cjs.admin_testimonials_default; }
 });
 Object.defineProperty(exports, "adminUsersRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.userRoutes; }
+  get: function () { return chunkASAEJ4B7_cjs.userRoutes; }
 });
 Object.defineProperty(exports, "apiContentCrudRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.api_content_crud_default; }
+  get: function () { return chunkASAEJ4B7_cjs.api_content_crud_default; }
 });
 Object.defineProperty(exports, "apiMediaRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.api_media_default; }
+  get: function () { return chunkASAEJ4B7_cjs.api_media_default; }
 });
 Object.defineProperty(exports, "apiRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.api_default; }
+  get: function () { return chunkASAEJ4B7_cjs.api_default; }
 });
 Object.defineProperty(exports, "apiSystemRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.api_system_default; }
+  get: function () { return chunkASAEJ4B7_cjs.api_system_default; }
 });
 Object.defineProperty(exports, "authRoutes", {
   enumerable: true,
-  get: function () { return chunkHGKBMUYY_cjs.auth_default; }
+  get: function () { return chunkASAEJ4B7_cjs.auth_default; }
 });
 Object.defineProperty(exports, "Logger", {
   enumerable: true,
@@ -6357,167 +6924,167 @@ Object.defineProperty(exports, "workflowHistory", {
 });
 Object.defineProperty(exports, "AuthManager", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.AuthManager; }
+  get: function () { return chunkB2ASV5RD_cjs.AuthManager; }
 });
 Object.defineProperty(exports, "PermissionManager", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.PermissionManager; }
+  get: function () { return chunkB2ASV5RD_cjs.PermissionManager; }
 });
 Object.defineProperty(exports, "bootstrapMiddleware", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.bootstrapMiddleware; }
+  get: function () { return chunkB2ASV5RD_cjs.bootstrapMiddleware; }
 });
 Object.defineProperty(exports, "cacheHeaders", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.cacheHeaders; }
+  get: function () { return chunkB2ASV5RD_cjs.cacheHeaders; }
 });
 Object.defineProperty(exports, "compressionMiddleware", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.compressionMiddleware; }
+  get: function () { return chunkB2ASV5RD_cjs.compressionMiddleware; }
 });
 Object.defineProperty(exports, "detailedLoggingMiddleware", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.detailedLoggingMiddleware; }
+  get: function () { return chunkB2ASV5RD_cjs.detailedLoggingMiddleware; }
 });
 Object.defineProperty(exports, "getActivePlugins", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.getActivePlugins; }
+  get: function () { return chunkB2ASV5RD_cjs.getActivePlugins; }
 });
 Object.defineProperty(exports, "isPluginActive", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.isPluginActive; }
+  get: function () { return chunkB2ASV5RD_cjs.isPluginActive; }
 });
 Object.defineProperty(exports, "logActivity", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.logActivity; }
+  get: function () { return chunkB2ASV5RD_cjs.logActivity; }
 });
 Object.defineProperty(exports, "loggingMiddleware", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.loggingMiddleware; }
+  get: function () { return chunkB2ASV5RD_cjs.loggingMiddleware; }
 });
 Object.defineProperty(exports, "optionalAuth", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.optionalAuth; }
+  get: function () { return chunkB2ASV5RD_cjs.optionalAuth; }
 });
 Object.defineProperty(exports, "performanceLoggingMiddleware", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.performanceLoggingMiddleware; }
+  get: function () { return chunkB2ASV5RD_cjs.performanceLoggingMiddleware; }
 });
 Object.defineProperty(exports, "requireActivePlugin", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.requireActivePlugin; }
+  get: function () { return chunkB2ASV5RD_cjs.requireActivePlugin; }
 });
 Object.defineProperty(exports, "requireActivePlugins", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.requireActivePlugins; }
+  get: function () { return chunkB2ASV5RD_cjs.requireActivePlugins; }
 });
 Object.defineProperty(exports, "requireAnyPermission", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.requireAnyPermission; }
+  get: function () { return chunkB2ASV5RD_cjs.requireAnyPermission; }
 });
 Object.defineProperty(exports, "requireAuth", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.requireAuth; }
+  get: function () { return chunkB2ASV5RD_cjs.requireAuth; }
 });
 Object.defineProperty(exports, "requirePermission", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.requirePermission; }
+  get: function () { return chunkB2ASV5RD_cjs.requirePermission; }
 });
 Object.defineProperty(exports, "requireRole", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.requireRole; }
+  get: function () { return chunkB2ASV5RD_cjs.requireRole; }
 });
 Object.defineProperty(exports, "securityHeaders", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.securityHeadersMiddleware; }
+  get: function () { return chunkB2ASV5RD_cjs.securityHeadersMiddleware; }
 });
 Object.defineProperty(exports, "securityLoggingMiddleware", {
   enumerable: true,
-  get: function () { return chunk5GO3AMON_cjs.securityLoggingMiddleware; }
+  get: function () { return chunkB2ASV5RD_cjs.securityLoggingMiddleware; }
 });
 Object.defineProperty(exports, "PluginBootstrapService", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.PluginBootstrapService; }
+  get: function () { return chunk6BVLPACH_cjs.PluginBootstrapService; }
 });
 Object.defineProperty(exports, "PluginServiceClass", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.PluginService; }
+  get: function () { return chunk6BVLPACH_cjs.PluginService; }
 });
 Object.defineProperty(exports, "backfillFormSubmissions", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.backfillFormSubmissions; }
+  get: function () { return chunk6BVLPACH_cjs.backfillFormSubmissions; }
 });
 Object.defineProperty(exports, "cleanupRemovedCollections", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.cleanupRemovedCollections; }
+  get: function () { return chunk6BVLPACH_cjs.cleanupRemovedCollections; }
 });
 Object.defineProperty(exports, "createContentFromSubmission", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.createContentFromSubmission; }
+  get: function () { return chunk6BVLPACH_cjs.createContentFromSubmission; }
 });
 Object.defineProperty(exports, "deriveCollectionSchemaFromFormio", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.deriveCollectionSchemaFromFormio; }
+  get: function () { return chunk6BVLPACH_cjs.deriveCollectionSchemaFromFormio; }
 });
 Object.defineProperty(exports, "deriveSubmissionTitle", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.deriveSubmissionTitle; }
+  get: function () { return chunk6BVLPACH_cjs.deriveSubmissionTitle; }
 });
 Object.defineProperty(exports, "fullCollectionSync", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.fullCollectionSync; }
+  get: function () { return chunk6BVLPACH_cjs.fullCollectionSync; }
 });
 Object.defineProperty(exports, "getAvailableCollectionNames", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.getAvailableCollectionNames; }
+  get: function () { return chunk6BVLPACH_cjs.getAvailableCollectionNames; }
 });
 Object.defineProperty(exports, "getManagedCollections", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.getManagedCollections; }
+  get: function () { return chunk6BVLPACH_cjs.getManagedCollections; }
 });
 Object.defineProperty(exports, "isCollectionManaged", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.isCollectionManaged; }
+  get: function () { return chunk6BVLPACH_cjs.isCollectionManaged; }
 });
 Object.defineProperty(exports, "loadCollectionConfig", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.loadCollectionConfig; }
+  get: function () { return chunk6BVLPACH_cjs.loadCollectionConfig; }
 });
 Object.defineProperty(exports, "loadCollectionConfigs", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.loadCollectionConfigs; }
+  get: function () { return chunk6BVLPACH_cjs.loadCollectionConfigs; }
 });
 Object.defineProperty(exports, "mapFormStatusToContentStatus", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.mapFormStatusToContentStatus; }
+  get: function () { return chunk6BVLPACH_cjs.mapFormStatusToContentStatus; }
 });
 Object.defineProperty(exports, "registerCollections", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.registerCollections; }
+  get: function () { return chunk6BVLPACH_cjs.registerCollections; }
 });
 Object.defineProperty(exports, "syncAllFormCollections", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.syncAllFormCollections; }
+  get: function () { return chunk6BVLPACH_cjs.syncAllFormCollections; }
 });
 Object.defineProperty(exports, "syncCollection", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.syncCollection; }
+  get: function () { return chunk6BVLPACH_cjs.syncCollection; }
 });
 Object.defineProperty(exports, "syncCollections", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.syncCollections; }
+  get: function () { return chunk6BVLPACH_cjs.syncCollections; }
 });
 Object.defineProperty(exports, "syncFormCollection", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.syncFormCollection; }
+  get: function () { return chunk6BVLPACH_cjs.syncFormCollection; }
 });
 Object.defineProperty(exports, "validateCollectionConfig", {
   enumerable: true,
-  get: function () { return chunkTWCQVJ6M_cjs.validateCollectionConfig; }
+  get: function () { return chunk6BVLPACH_cjs.validateCollectionConfig; }
 });
 Object.defineProperty(exports, "MigrationService", {
   enumerable: true,
-  get: function () { return chunkEAJJHE5F_cjs.MigrationService; }
+  get: function () { return chunkDE5YTNCD_cjs.MigrationService; }
 });
 Object.defineProperty(exports, "renderFilterBar", {
   enumerable: true,
@@ -6553,27 +7120,27 @@ Object.defineProperty(exports, "renderTable", {
 });
 Object.defineProperty(exports, "HookSystemImpl", {
   enumerable: true,
-  get: function () { return chunkMNFY6DWY_cjs.HookSystemImpl; }
+  get: function () { return chunk56GUBLJE_cjs.HookSystemImpl; }
 });
 Object.defineProperty(exports, "HookUtils", {
   enumerable: true,
-  get: function () { return chunkMNFY6DWY_cjs.HookUtils; }
+  get: function () { return chunk56GUBLJE_cjs.HookUtils; }
 });
 Object.defineProperty(exports, "PluginManagerClass", {
   enumerable: true,
-  get: function () { return chunkMNFY6DWY_cjs.PluginManager; }
+  get: function () { return chunk56GUBLJE_cjs.PluginManager; }
 });
 Object.defineProperty(exports, "PluginRegistryImpl", {
   enumerable: true,
-  get: function () { return chunkMNFY6DWY_cjs.PluginRegistryImpl; }
+  get: function () { return chunk56GUBLJE_cjs.PluginRegistryImpl; }
 });
 Object.defineProperty(exports, "PluginValidatorClass", {
   enumerable: true,
-  get: function () { return chunkMNFY6DWY_cjs.PluginValidator; }
+  get: function () { return chunk56GUBLJE_cjs.PluginValidator; }
 });
 Object.defineProperty(exports, "ScopedHookSystemClass", {
   enumerable: true,
-  get: function () { return chunkMNFY6DWY_cjs.ScopedHookSystem; }
+  get: function () { return chunk56GUBLJE_cjs.ScopedHookSystem; }
 });
 Object.defineProperty(exports, "PluginBuilder", {
   enumerable: true,
@@ -6585,31 +7152,31 @@ Object.defineProperty(exports, "PluginHelpers", {
 });
 Object.defineProperty(exports, "QueryFilterBuilder", {
   enumerable: true,
-  get: function () { return chunkE2GKK5HX_cjs.QueryFilterBuilder; }
+  get: function () { return chunkQLPFENZ2_cjs.QueryFilterBuilder; }
 });
 Object.defineProperty(exports, "SONICJS_VERSION", {
   enumerable: true,
-  get: function () { return chunkE2GKK5HX_cjs.SONICJS_VERSION; }
+  get: function () { return chunkQLPFENZ2_cjs.SONICJS_VERSION; }
 });
 Object.defineProperty(exports, "TemplateRenderer", {
   enumerable: true,
-  get: function () { return chunkE2GKK5HX_cjs.TemplateRenderer; }
+  get: function () { return chunkQLPFENZ2_cjs.TemplateRenderer; }
 });
 Object.defineProperty(exports, "buildQuery", {
   enumerable: true,
-  get: function () { return chunkE2GKK5HX_cjs.buildQuery; }
+  get: function () { return chunkQLPFENZ2_cjs.buildQuery; }
 });
 Object.defineProperty(exports, "getCoreVersion", {
   enumerable: true,
-  get: function () { return chunkE2GKK5HX_cjs.getCoreVersion; }
+  get: function () { return chunkQLPFENZ2_cjs.getCoreVersion; }
 });
 Object.defineProperty(exports, "renderTemplate", {
   enumerable: true,
-  get: function () { return chunkE2GKK5HX_cjs.renderTemplate; }
+  get: function () { return chunkQLPFENZ2_cjs.renderTemplate; }
 });
 Object.defineProperty(exports, "templateRenderer", {
   enumerable: true,
-  get: function () { return chunkE2GKK5HX_cjs.templateRenderer; }
+  get: function () { return chunkQLPFENZ2_cjs.templateRenderer; }
 });
 Object.defineProperty(exports, "metricsTracker", {
   enumerable: true,
@@ -6629,11 +7196,15 @@ Object.defineProperty(exports, "sanitizeObject", {
 });
 Object.defineProperty(exports, "HOOKS", {
   enumerable: true,
-  get: function () { return chunkKYGRJCZM_cjs.HOOKS; }
+  get: function () { return chunkQTFKZBLC_cjs.HOOKS; }
 });
+exports.BUILT_IN_PROVIDERS = BUILT_IN_PROVIDERS;
+exports.OAuthService = OAuthService;
 exports.VERSION = VERSION;
 exports.createDb = createDb;
+exports.createOAuthProvidersPlugin = createOAuthProvidersPlugin;
 exports.createSonicJSApp = createSonicJSApp;
+exports.oauthProvidersPlugin = oauthProvidersPlugin;
 exports.setupCoreMiddleware = setupCoreMiddleware;
 exports.setupCoreRoutes = setupCoreRoutes;
 //# sourceMappingURL=index.cjs.map