@sonicjs-cms/core 2.10.1 → 2.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-CJYFSKH7.js → chunk-2MXF4RYZ.js} +3 -3
- package/dist/{chunk-CJYFSKH7.js.map → chunk-2MXF4RYZ.js.map} +1 -1
- package/dist/{chunk-MNFY6DWY.cjs → chunk-56GUBLJE.cjs} +7 -7
- package/dist/{chunk-MNFY6DWY.cjs.map → chunk-56GUBLJE.cjs.map} +1 -1
- package/dist/{chunk-TWCQVJ6M.cjs → chunk-6BVLPACH.cjs} +37 -2
- package/dist/chunk-6BVLPACH.cjs.map +1 -0
- package/dist/{chunk-HGKBMUYY.cjs → chunk-ASAEJ4B7.cjs} +252 -125
- package/dist/chunk-ASAEJ4B7.cjs.map +1 -0
- package/dist/{chunk-5GO3AMON.cjs → chunk-B2ASV5RD.cjs} +8 -8
- package/dist/{chunk-5GO3AMON.cjs.map → chunk-B2ASV5RD.cjs.map} +1 -1
- package/dist/{chunk-YXTFJPMN.js → chunk-BUU2US2Z.js} +3 -3
- package/dist/{chunk-YXTFJPMN.js.map → chunk-BUU2US2Z.js.map} +1 -1
- package/dist/{chunk-EAJJHE5F.cjs → chunk-DE5YTNCD.cjs} +2 -2
- package/dist/{chunk-EAJJHE5F.cjs.map → chunk-DE5YTNCD.cjs.map} +1 -1
- package/dist/{chunk-JFMBYQTC.js → chunk-GKRGDJGG.js} +4 -4
- package/dist/{chunk-JFMBYQTC.js.map → chunk-GKRGDJGG.js.map} +1 -1
- package/dist/{chunk-FW5CGNM2.js → chunk-H55AYIRI.js} +2 -2
- package/dist/{chunk-FW5CGNM2.js.map → chunk-H55AYIRI.js.map} +1 -1
- package/dist/{chunk-SDAGUFOF.js → chunk-JTQBNSZX.js} +151 -24
- package/dist/chunk-JTQBNSZX.js.map +1 -0
- package/dist/{chunk-BUPNX3ZM.js → chunk-NMLFKXWW.js} +37 -2
- package/dist/chunk-NMLFKXWW.js.map +1 -0
- package/dist/{chunk-E2GKK5HX.cjs → chunk-QLPFENZ2.cjs} +3 -3
- package/dist/{chunk-E2GKK5HX.cjs.map → chunk-QLPFENZ2.cjs.map} +1 -1
- package/dist/{chunk-KYGRJCZM.cjs → chunk-QTFKZBLC.cjs} +3 -2
- package/dist/chunk-QTFKZBLC.cjs.map +1 -0
- package/dist/{chunk-LOUJRBXV.js → chunk-QXOZI5Q2.js} +3 -2
- package/dist/chunk-QXOZI5Q2.js.map +1 -0
- package/dist/index.cjs +685 -114
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +125 -5
- package/dist/index.d.ts +125 -5
- package/dist/index.js +580 -13
- package/dist/index.js.map +1 -1
- package/dist/middleware.cjs +29 -29
- package/dist/middleware.js +3 -3
- package/dist/migrations-UFVJTPVT.js +4 -0
- package/dist/{migrations-ADK6YNM2.js.map → migrations-UFVJTPVT.js.map} +1 -1
- package/dist/migrations-VNYOSUNE.cjs +13 -0
- package/dist/{migrations-EM2D6EG2.cjs.map → migrations-VNYOSUNE.cjs.map} +1 -1
- package/dist/{plugin-0Xogrln-.d.cts → plugin-DDYetMF-.d.cts} +1 -0
- package/dist/{plugin-0Xogrln-.d.ts → plugin-DDYetMF-.d.ts} +1 -0
- package/dist/{plugin-bootstrap-B8PXeGj_.d.cts → plugin-bootstrap-DCXpeQVb.d.cts} +1 -1
- package/dist/{plugin-bootstrap-CD63DZ-p.d.ts → plugin-bootstrap-DXBAYaqM.d.ts} +1 -1
- package/dist/{plugin-manager-GcIeb226.d.cts → plugin-manager-BoM3Q7o7.d.cts} +1 -1
- package/dist/{plugin-manager-Clf2gXwj.d.ts → plugin-manager-Efx9RyDX.d.ts} +1 -1
- package/dist/plugins.cjs +10 -10
- package/dist/plugins.d.cts +2 -2
- package/dist/plugins.d.ts +2 -2
- package/dist/plugins.js +2 -2
- package/dist/routes.cjs +28 -28
- package/dist/routes.js +5 -5
- package/dist/services.cjs +23 -23
- package/dist/services.d.cts +1 -1
- package/dist/services.d.ts +1 -1
- package/dist/services.js +2 -2
- package/dist/types.cjs +2 -2
- package/dist/types.d.cts +1 -1
- package/dist/types.d.ts +1 -1
- package/dist/types.js +1 -1
- package/dist/utils.cjs +11 -11
- package/dist/utils.js +1 -1
- package/package.json +1 -1
- package/dist/chunk-BUPNX3ZM.js.map +0 -1
- package/dist/chunk-HGKBMUYY.cjs.map +0 -1
- package/dist/chunk-KYGRJCZM.cjs.map +0 -1
- package/dist/chunk-LOUJRBXV.js.map +0 -1
- package/dist/chunk-SDAGUFOF.js.map +0 -1
- package/dist/chunk-TWCQVJ6M.cjs.map +0 -1
- package/dist/migrations-ADK6YNM2.js +0 -4
- package/dist/migrations-EM2D6EG2.cjs +0 -13
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
var chunkLFAQUR7P_cjs = require('./chunk-LFAQUR7P.cjs');
|
|
4
|
-
var
|
|
5
|
-
var
|
|
6
|
-
var
|
|
4
|
+
var chunkB2ASV5RD_cjs = require('./chunk-B2ASV5RD.cjs');
|
|
5
|
+
var chunk6BVLPACH_cjs = require('./chunk-6BVLPACH.cjs');
|
|
6
|
+
var chunkDE5YTNCD_cjs = require('./chunk-DE5YTNCD.cjs');
|
|
7
7
|
var chunkLTKV7AE5_cjs = require('./chunk-LTKV7AE5.cjs');
|
|
8
8
|
var chunk6FHNRRJ3_cjs = require('./chunk-6FHNRRJ3.cjs');
|
|
9
|
-
var
|
|
9
|
+
var chunkQLPFENZ2_cjs = require('./chunk-QLPFENZ2.cjs');
|
|
10
10
|
var chunkRCQ2HIQD_cjs = require('./chunk-RCQ2HIQD.cjs');
|
|
11
11
|
var chunkMNWKYY5E_cjs = require('./chunk-MNWKYY5E.cjs');
|
|
12
12
|
var hono = require('hono');
|
|
@@ -61,6 +61,69 @@ function normalizePublicContentFilter(filter, userRole) {
|
|
|
61
61
|
});
|
|
62
62
|
return normalizedFilter;
|
|
63
63
|
}
|
|
64
|
+
|
|
65
|
+
// src/plugins/core-plugins/global-variables-plugin/variable-resolver.ts
|
|
66
|
+
var TOKEN_PATTERN = /\{([a-z0-9_]+)\}/g;
|
|
67
|
+
function resolveVariables(text, variables) {
|
|
68
|
+
if (!text || variables.size === 0) return text;
|
|
69
|
+
return text.replace(TOKEN_PATTERN, (match, key) => {
|
|
70
|
+
const value = variables.get(key);
|
|
71
|
+
return value !== void 0 ? value : match;
|
|
72
|
+
});
|
|
73
|
+
}
|
|
74
|
+
function resolveVariablesInObject(obj, variables) {
|
|
75
|
+
if (!obj || variables.size === 0) return obj;
|
|
76
|
+
if (typeof obj === "string") {
|
|
77
|
+
return resolveVariables(obj, variables);
|
|
78
|
+
}
|
|
79
|
+
if (Array.isArray(obj)) {
|
|
80
|
+
return obj.map((item) => resolveVariablesInObject(item, variables));
|
|
81
|
+
}
|
|
82
|
+
if (typeof obj === "object") {
|
|
83
|
+
const result = {};
|
|
84
|
+
for (const [key, value] of Object.entries(obj)) {
|
|
85
|
+
result[key] = resolveVariablesInObject(value, variables);
|
|
86
|
+
}
|
|
87
|
+
return result;
|
|
88
|
+
}
|
|
89
|
+
return obj;
|
|
90
|
+
}
|
|
91
|
+
var variableCache = null;
|
|
92
|
+
var cacheTimestamp = 0;
|
|
93
|
+
var CACHE_TTL_MS = 3e5;
|
|
94
|
+
function getVariablesCached() {
|
|
95
|
+
const now = Date.now();
|
|
96
|
+
if (variableCache && now - cacheTimestamp < CACHE_TTL_MS) {
|
|
97
|
+
return variableCache;
|
|
98
|
+
}
|
|
99
|
+
return null;
|
|
100
|
+
}
|
|
101
|
+
function setVariablesCache(map) {
|
|
102
|
+
variableCache = map;
|
|
103
|
+
cacheTimestamp = Date.now();
|
|
104
|
+
}
|
|
105
|
+
async function resolveContentVariables(contentData, db) {
|
|
106
|
+
if (!db || !contentData) return contentData;
|
|
107
|
+
try {
|
|
108
|
+
let variables = getVariablesCached();
|
|
109
|
+
if (!variables) {
|
|
110
|
+
const { results } = await db.prepare(
|
|
111
|
+
"SELECT key, value FROM global_variables WHERE is_active = 1"
|
|
112
|
+
).all();
|
|
113
|
+
variables = /* @__PURE__ */ new Map();
|
|
114
|
+
for (const row of results || []) {
|
|
115
|
+
variables.set(row.key, row.value);
|
|
116
|
+
}
|
|
117
|
+
setVariablesCache(variables);
|
|
118
|
+
}
|
|
119
|
+
if (variables.size === 0) return contentData;
|
|
120
|
+
return resolveVariablesInObject(contentData, variables);
|
|
121
|
+
} catch {
|
|
122
|
+
return contentData;
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
|
|
126
|
+
// src/routes/api-content-crud.ts
|
|
64
127
|
var apiContentCrudRoutes = new hono.Hono();
|
|
65
128
|
apiContentCrudRoutes.get("/check-slug", async (c) => {
|
|
66
129
|
try {
|
|
@@ -112,6 +175,10 @@ apiContentCrudRoutes.get("/:id", async (c) => {
|
|
|
112
175
|
created_at: content.created_at,
|
|
113
176
|
updated_at: content.updated_at
|
|
114
177
|
};
|
|
178
|
+
const resolveVars = c.req.query("resolve_variables") !== "false";
|
|
179
|
+
if (resolveVars) {
|
|
180
|
+
transformedContent.data = await resolveContentVariables(transformedContent.data, db);
|
|
181
|
+
}
|
|
115
182
|
return c.json({ data: transformedContent });
|
|
116
183
|
} catch (error) {
|
|
117
184
|
console.error("Error fetching content:", error);
|
|
@@ -121,7 +188,7 @@ apiContentCrudRoutes.get("/:id", async (c) => {
|
|
|
121
188
|
}, 500);
|
|
122
189
|
}
|
|
123
190
|
});
|
|
124
|
-
apiContentCrudRoutes.post("/",
|
|
191
|
+
apiContentCrudRoutes.post("/", chunkB2ASV5RD_cjs.requireAuth(), chunkB2ASV5RD_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
|
|
125
192
|
try {
|
|
126
193
|
const db = c.env.DB;
|
|
127
194
|
const user = c.get("user");
|
|
@@ -187,7 +254,7 @@ apiContentCrudRoutes.post("/", chunk5GO3AMON_cjs.requireAuth(), chunk5GO3AMON_cj
|
|
|
187
254
|
}, 500);
|
|
188
255
|
}
|
|
189
256
|
});
|
|
190
|
-
apiContentCrudRoutes.put("/:id",
|
|
257
|
+
apiContentCrudRoutes.put("/:id", chunkB2ASV5RD_cjs.requireAuth(), chunkB2ASV5RD_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
|
|
191
258
|
try {
|
|
192
259
|
const id = c.req.param("id");
|
|
193
260
|
const db = c.env.DB;
|
|
@@ -251,7 +318,7 @@ apiContentCrudRoutes.put("/:id", chunk5GO3AMON_cjs.requireAuth(), chunk5GO3AMON_
|
|
|
251
318
|
}, 500);
|
|
252
319
|
}
|
|
253
320
|
});
|
|
254
|
-
apiContentCrudRoutes.delete("/:id",
|
|
321
|
+
apiContentCrudRoutes.delete("/:id", chunkB2ASV5RD_cjs.requireAuth(), chunkB2ASV5RD_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
|
|
255
322
|
try {
|
|
256
323
|
const id = c.req.param("id");
|
|
257
324
|
const db = c.env.DB;
|
|
@@ -287,7 +354,7 @@ apiRoutes.use("*", async (c, next) => {
|
|
|
287
354
|
c.header("X-Response-Time", `${totalTime}ms`);
|
|
288
355
|
});
|
|
289
356
|
apiRoutes.use("*", async (c, next) => {
|
|
290
|
-
const cacheEnabled = await
|
|
357
|
+
const cacheEnabled = await chunkB2ASV5RD_cjs.isPluginActive(c.env.DB, "core-cache");
|
|
291
358
|
c.set("cacheEnabled", cacheEnabled);
|
|
292
359
|
await next();
|
|
293
360
|
});
|
|
@@ -778,7 +845,7 @@ apiRoutes.get("/collections", async (c) => {
|
|
|
778
845
|
return c.json({ error: "Failed to fetch collections" }, 500);
|
|
779
846
|
}
|
|
780
847
|
});
|
|
781
|
-
apiRoutes.get("/content",
|
|
848
|
+
apiRoutes.get("/content", chunkB2ASV5RD_cjs.optionalAuth(), async (c) => {
|
|
782
849
|
const executionStart = Date.now();
|
|
783
850
|
try {
|
|
784
851
|
const db = c.env.DB;
|
|
@@ -801,13 +868,13 @@ apiRoutes.get("/content", chunk5GO3AMON_cjs.optionalAuth(), async (c) => {
|
|
|
801
868
|
});
|
|
802
869
|
}
|
|
803
870
|
}
|
|
804
|
-
const filter =
|
|
871
|
+
const filter = chunkQLPFENZ2_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
|
|
805
872
|
const normalizedFilter = normalizePublicContentFilter(filter, c.get("user")?.role);
|
|
806
873
|
if (!normalizedFilter.limit) {
|
|
807
874
|
normalizedFilter.limit = 50;
|
|
808
875
|
}
|
|
809
876
|
normalizedFilter.limit = Math.min(normalizedFilter.limit, 1e3);
|
|
810
|
-
const builder3 = new
|
|
877
|
+
const builder3 = new chunkQLPFENZ2_cjs.QueryFilterBuilder();
|
|
811
878
|
const queryResult = builder3.build("content", normalizedFilter);
|
|
812
879
|
if (queryResult.errors.length > 0) {
|
|
813
880
|
return c.json({
|
|
@@ -879,7 +946,7 @@ apiRoutes.get("/content", chunk5GO3AMON_cjs.optionalAuth(), async (c) => {
|
|
|
879
946
|
}, 500);
|
|
880
947
|
}
|
|
881
948
|
});
|
|
882
|
-
apiRoutes.get("/collections/:collection/content",
|
|
949
|
+
apiRoutes.get("/collections/:collection/content", chunkB2ASV5RD_cjs.optionalAuth(), async (c) => {
|
|
883
950
|
const executionStart = Date.now();
|
|
884
951
|
try {
|
|
885
952
|
const collection = c.req.param("collection");
|
|
@@ -890,7 +957,7 @@ apiRoutes.get("/collections/:collection/content", chunk5GO3AMON_cjs.optionalAuth
|
|
|
890
957
|
if (!collectionResult) {
|
|
891
958
|
return c.json({ error: "Collection not found" }, 404);
|
|
892
959
|
}
|
|
893
|
-
const filter =
|
|
960
|
+
const filter = chunkQLPFENZ2_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
|
|
894
961
|
const normalizedFilter = normalizePublicContentFilter(filter, c.get("user")?.role);
|
|
895
962
|
if (!normalizedFilter.where) {
|
|
896
963
|
normalizedFilter.where = { and: [] };
|
|
@@ -907,7 +974,7 @@ apiRoutes.get("/collections/:collection/content", chunk5GO3AMON_cjs.optionalAuth
|
|
|
907
974
|
normalizedFilter.limit = 50;
|
|
908
975
|
}
|
|
909
976
|
normalizedFilter.limit = Math.min(normalizedFilter.limit, 1e3);
|
|
910
|
-
const builder3 = new
|
|
977
|
+
const builder3 = new chunkQLPFENZ2_cjs.QueryFilterBuilder();
|
|
911
978
|
const queryResult = builder3.build("content", normalizedFilter);
|
|
912
979
|
if (queryResult.errors.length > 0) {
|
|
913
980
|
return c.json({
|
|
@@ -1028,7 +1095,7 @@ var fileValidationSchema = zod.z.object({
|
|
|
1028
1095
|
// 50MB max
|
|
1029
1096
|
});
|
|
1030
1097
|
var apiMediaRoutes = new hono.Hono();
|
|
1031
|
-
apiMediaRoutes.use("*",
|
|
1098
|
+
apiMediaRoutes.use("*", chunkB2ASV5RD_cjs.requireAuth());
|
|
1032
1099
|
apiMediaRoutes.post("/upload", async (c) => {
|
|
1033
1100
|
try {
|
|
1034
1101
|
const user = c.get("user");
|
|
@@ -1772,8 +1839,8 @@ apiSystemRoutes.get("/env", (c) => {
|
|
|
1772
1839
|
});
|
|
1773
1840
|
var api_system_default = apiSystemRoutes;
|
|
1774
1841
|
var adminApiRoutes = new hono.Hono();
|
|
1775
|
-
adminApiRoutes.use("*",
|
|
1776
|
-
adminApiRoutes.use("*",
|
|
1842
|
+
adminApiRoutes.use("*", chunkB2ASV5RD_cjs.requireAuth());
|
|
1843
|
+
adminApiRoutes.use("*", chunkB2ASV5RD_cjs.requireRole(["admin", "editor"]));
|
|
1777
1844
|
adminApiRoutes.get("/stats", async (c) => {
|
|
1778
1845
|
try {
|
|
1779
1846
|
const db = c.env.DB;
|
|
@@ -2285,7 +2352,7 @@ adminApiRoutes.delete("/collections/:id", async (c) => {
|
|
|
2285
2352
|
});
|
|
2286
2353
|
adminApiRoutes.get("/migrations/status", async (c) => {
|
|
2287
2354
|
try {
|
|
2288
|
-
const { MigrationService: MigrationService2 } = await import('./migrations-
|
|
2355
|
+
const { MigrationService: MigrationService2 } = await import('./migrations-VNYOSUNE.cjs');
|
|
2289
2356
|
const db = c.env.DB;
|
|
2290
2357
|
const migrationService = new MigrationService2(db);
|
|
2291
2358
|
const status = await migrationService.getMigrationStatus();
|
|
@@ -2310,7 +2377,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
|
|
|
2310
2377
|
error: "Unauthorized. Admin access required."
|
|
2311
2378
|
}, 403);
|
|
2312
2379
|
}
|
|
2313
|
-
const { MigrationService: MigrationService2 } = await import('./migrations-
|
|
2380
|
+
const { MigrationService: MigrationService2 } = await import('./migrations-VNYOSUNE.cjs');
|
|
2314
2381
|
const db = c.env.DB;
|
|
2315
2382
|
const migrationService = new MigrationService2(db);
|
|
2316
2383
|
const result = await migrationService.runPendingMigrations();
|
|
@@ -2329,7 +2396,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
|
|
|
2329
2396
|
});
|
|
2330
2397
|
adminApiRoutes.get("/migrations/validate", async (c) => {
|
|
2331
2398
|
try {
|
|
2332
|
-
const { MigrationService: MigrationService2 } = await import('./migrations-
|
|
2399
|
+
const { MigrationService: MigrationService2 } = await import('./migrations-VNYOSUNE.cjs');
|
|
2333
2400
|
const db = c.env.DB;
|
|
2334
2401
|
const migrationService = new MigrationService2(db);
|
|
2335
2402
|
const validation = await migrationService.validateSchema();
|
|
@@ -2740,7 +2807,7 @@ var JWT_SECRET_FALLBACK = "your-super-secret-jwt-key-change-in-production";
|
|
|
2740
2807
|
async function setCsrfCookie(c) {
|
|
2741
2808
|
const secret = c.env?.JWT_SECRET || JWT_SECRET_FALLBACK;
|
|
2742
2809
|
const isDev = c.env?.ENVIRONMENT === "development" || !c.env?.ENVIRONMENT;
|
|
2743
|
-
const csrfToken = await
|
|
2810
|
+
const csrfToken = await chunkB2ASV5RD_cjs.generateCsrfToken(secret);
|
|
2744
2811
|
cookie.setCookie(c, "csrf_token", csrfToken, {
|
|
2745
2812
|
httpOnly: false,
|
|
2746
2813
|
secure: !isDev,
|
|
@@ -2797,7 +2864,7 @@ var loginSchema = zod.z.object({
|
|
|
2797
2864
|
});
|
|
2798
2865
|
authRoutes.post(
|
|
2799
2866
|
"/register",
|
|
2800
|
-
|
|
2867
|
+
chunkB2ASV5RD_cjs.rateLimit({ max: 3, windowMs: 60 * 1e3, keyPrefix: "register" }),
|
|
2801
2868
|
async (c) => {
|
|
2802
2869
|
try {
|
|
2803
2870
|
const db = c.env.DB;
|
|
@@ -2834,7 +2901,7 @@ authRoutes.post(
|
|
|
2834
2901
|
if (existingUser) {
|
|
2835
2902
|
return c.json({ error: "User with this email or username already exists" }, 400);
|
|
2836
2903
|
}
|
|
2837
|
-
const passwordHash = await
|
|
2904
|
+
const passwordHash = await chunkB2ASV5RD_cjs.AuthManager.hashPassword(password);
|
|
2838
2905
|
const userId = crypto.randomUUID();
|
|
2839
2906
|
const now = /* @__PURE__ */ new Date();
|
|
2840
2907
|
await db.prepare(`
|
|
@@ -2854,7 +2921,7 @@ authRoutes.post(
|
|
|
2854
2921
|
now.getTime(),
|
|
2855
2922
|
now.getTime()
|
|
2856
2923
|
).run();
|
|
2857
|
-
const token = await
|
|
2924
|
+
const token = await chunkB2ASV5RD_cjs.AuthManager.generateToken(userId, normalizedEmail, "viewer", c.env.JWT_SECRET);
|
|
2858
2925
|
cookie.setCookie(c, "auth_token", token, {
|
|
2859
2926
|
httpOnly: true,
|
|
2860
2927
|
secure: true,
|
|
@@ -2888,7 +2955,7 @@ authRoutes.post(
|
|
|
2888
2955
|
);
|
|
2889
2956
|
authRoutes.post(
|
|
2890
2957
|
"/login",
|
|
2891
|
-
|
|
2958
|
+
chunkB2ASV5RD_cjs.rateLimit({ max: 5, windowMs: 60 * 1e3, keyPrefix: "login" }),
|
|
2892
2959
|
async (c) => {
|
|
2893
2960
|
try {
|
|
2894
2961
|
const body = await c.req.json();
|
|
@@ -2911,19 +2978,19 @@ authRoutes.post(
|
|
|
2911
2978
|
if (!user) {
|
|
2912
2979
|
return c.json({ error: "Invalid email or password" }, 401);
|
|
2913
2980
|
}
|
|
2914
|
-
const isValidPassword = await
|
|
2981
|
+
const isValidPassword = await chunkB2ASV5RD_cjs.AuthManager.verifyPassword(password, user.password_hash);
|
|
2915
2982
|
if (!isValidPassword) {
|
|
2916
2983
|
return c.json({ error: "Invalid email or password" }, 401);
|
|
2917
2984
|
}
|
|
2918
|
-
if (
|
|
2985
|
+
if (chunkB2ASV5RD_cjs.AuthManager.isLegacyHash(user.password_hash)) {
|
|
2919
2986
|
try {
|
|
2920
|
-
const newHash = await
|
|
2987
|
+
const newHash = await chunkB2ASV5RD_cjs.AuthManager.hashPassword(password);
|
|
2921
2988
|
await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(newHash, Date.now(), user.id).run();
|
|
2922
2989
|
} catch (rehashError) {
|
|
2923
2990
|
console.error("Password rehash failed (non-fatal):", rehashError);
|
|
2924
2991
|
}
|
|
2925
2992
|
}
|
|
2926
|
-
const token = await
|
|
2993
|
+
const token = await chunkB2ASV5RD_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
|
|
2927
2994
|
cookie.setCookie(c, "auth_token", token, {
|
|
2928
2995
|
httpOnly: true,
|
|
2929
2996
|
secure: true,
|
|
@@ -2976,7 +3043,7 @@ authRoutes.get("/logout", (c) => {
|
|
|
2976
3043
|
clearCsrfCookie(c);
|
|
2977
3044
|
return c.redirect("/auth/login?message=You have been logged out successfully");
|
|
2978
3045
|
});
|
|
2979
|
-
authRoutes.get("/me",
|
|
3046
|
+
authRoutes.get("/me", chunkB2ASV5RD_cjs.requireAuth(), async (c) => {
|
|
2980
3047
|
try {
|
|
2981
3048
|
const user = c.get("user");
|
|
2982
3049
|
if (!user) {
|
|
@@ -2993,13 +3060,13 @@ authRoutes.get("/me", chunk5GO3AMON_cjs.requireAuth(), async (c) => {
|
|
|
2993
3060
|
return c.json({ error: "Failed to get user" }, 500);
|
|
2994
3061
|
}
|
|
2995
3062
|
});
|
|
2996
|
-
authRoutes.post("/refresh",
|
|
3063
|
+
authRoutes.post("/refresh", chunkB2ASV5RD_cjs.requireAuth(), async (c) => {
|
|
2997
3064
|
try {
|
|
2998
3065
|
const user = c.get("user");
|
|
2999
3066
|
if (!user) {
|
|
3000
3067
|
return c.json({ error: "Not authenticated" }, 401);
|
|
3001
3068
|
}
|
|
3002
|
-
const token = await
|
|
3069
|
+
const token = await chunkB2ASV5RD_cjs.AuthManager.generateToken(user.userId, user.email, user.role, c.env.JWT_SECRET);
|
|
3003
3070
|
cookie.setCookie(c, "auth_token", token, {
|
|
3004
3071
|
httpOnly: true,
|
|
3005
3072
|
secure: true,
|
|
@@ -3016,7 +3083,7 @@ authRoutes.post("/refresh", chunk5GO3AMON_cjs.requireAuth(), async (c) => {
|
|
|
3016
3083
|
});
|
|
3017
3084
|
authRoutes.post(
|
|
3018
3085
|
"/register/form",
|
|
3019
|
-
|
|
3086
|
+
chunkB2ASV5RD_cjs.rateLimit({ max: 3, windowMs: 60 * 1e3, keyPrefix: "register" }),
|
|
3020
3087
|
async (c) => {
|
|
3021
3088
|
try {
|
|
3022
3089
|
const db = c.env.DB;
|
|
@@ -3063,7 +3130,7 @@ authRoutes.post(
|
|
|
3063
3130
|
</div>
|
|
3064
3131
|
`);
|
|
3065
3132
|
}
|
|
3066
|
-
const passwordHash = await
|
|
3133
|
+
const passwordHash = await chunkB2ASV5RD_cjs.AuthManager.hashPassword(password);
|
|
3067
3134
|
const role = isFirstUser ? "admin" : "viewer";
|
|
3068
3135
|
const userId = crypto.randomUUID();
|
|
3069
3136
|
const now = /* @__PURE__ */ new Date();
|
|
@@ -3083,7 +3150,7 @@ authRoutes.post(
|
|
|
3083
3150
|
now.getTime(),
|
|
3084
3151
|
now.getTime()
|
|
3085
3152
|
).run();
|
|
3086
|
-
const token = await
|
|
3153
|
+
const token = await chunkB2ASV5RD_cjs.AuthManager.generateToken(userId, normalizedEmail, role, c.env.JWT_SECRET);
|
|
3087
3154
|
cookie.setCookie(c, "auth_token", token, {
|
|
3088
3155
|
httpOnly: true,
|
|
3089
3156
|
secure: false,
|
|
@@ -3116,7 +3183,7 @@ authRoutes.post(
|
|
|
3116
3183
|
);
|
|
3117
3184
|
authRoutes.post(
|
|
3118
3185
|
"/login/form",
|
|
3119
|
-
|
|
3186
|
+
chunkB2ASV5RD_cjs.rateLimit({ max: 5, windowMs: 60 * 1e3, keyPrefix: "login" }),
|
|
3120
3187
|
async (c) => {
|
|
3121
3188
|
try {
|
|
3122
3189
|
const formData = await c.req.formData();
|
|
@@ -3140,7 +3207,7 @@ authRoutes.post(
|
|
|
3140
3207
|
</div>
|
|
3141
3208
|
`);
|
|
3142
3209
|
}
|
|
3143
|
-
const isValidPassword = await
|
|
3210
|
+
const isValidPassword = await chunkB2ASV5RD_cjs.AuthManager.verifyPassword(password, user.password_hash);
|
|
3144
3211
|
if (!isValidPassword) {
|
|
3145
3212
|
return c.html(html.html`
|
|
3146
3213
|
<div class="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded">
|
|
@@ -3148,15 +3215,15 @@ authRoutes.post(
|
|
|
3148
3215
|
</div>
|
|
3149
3216
|
`);
|
|
3150
3217
|
}
|
|
3151
|
-
if (
|
|
3218
|
+
if (chunkB2ASV5RD_cjs.AuthManager.isLegacyHash(user.password_hash)) {
|
|
3152
3219
|
try {
|
|
3153
|
-
const newHash = await
|
|
3220
|
+
const newHash = await chunkB2ASV5RD_cjs.AuthManager.hashPassword(password);
|
|
3154
3221
|
await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(newHash, Date.now(), user.id).run();
|
|
3155
3222
|
} catch (rehashError) {
|
|
3156
3223
|
console.error("Password rehash failed (non-fatal):", rehashError);
|
|
3157
3224
|
}
|
|
3158
3225
|
}
|
|
3159
|
-
const token = await
|
|
3226
|
+
const token = await chunkB2ASV5RD_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
|
|
3160
3227
|
cookie.setCookie(c, "auth_token", token, {
|
|
3161
3228
|
httpOnly: true,
|
|
3162
3229
|
secure: false,
|
|
@@ -3198,7 +3265,7 @@ authRoutes.post(
|
|
|
3198
3265
|
);
|
|
3199
3266
|
authRoutes.post(
|
|
3200
3267
|
"/seed-admin",
|
|
3201
|
-
|
|
3268
|
+
chunkB2ASV5RD_cjs.rateLimit({ max: 2, windowMs: 60 * 1e3, keyPrefix: "seed-admin" }),
|
|
3202
3269
|
async (c) => {
|
|
3203
3270
|
try {
|
|
3204
3271
|
const db = c.env.DB;
|
|
@@ -3220,7 +3287,7 @@ authRoutes.post(
|
|
|
3220
3287
|
`).run();
|
|
3221
3288
|
const existingAdmin = await db.prepare("SELECT id FROM users WHERE email = ? OR username = ?").bind("admin@sonicjs.com", "admin").first();
|
|
3222
3289
|
if (existingAdmin) {
|
|
3223
|
-
const passwordHash2 = await
|
|
3290
|
+
const passwordHash2 = await chunkB2ASV5RD_cjs.AuthManager.hashPassword("sonicjs!");
|
|
3224
3291
|
await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(passwordHash2, Date.now(), existingAdmin.id).run();
|
|
3225
3292
|
return c.json({
|
|
3226
3293
|
message: "Admin user already exists (password updated)",
|
|
@@ -3232,7 +3299,7 @@ authRoutes.post(
|
|
|
3232
3299
|
}
|
|
3233
3300
|
});
|
|
3234
3301
|
}
|
|
3235
|
-
const passwordHash = await
|
|
3302
|
+
const passwordHash = await chunkB2ASV5RD_cjs.AuthManager.hashPassword("sonicjs!");
|
|
3236
3303
|
const userId = "admin-user-id";
|
|
3237
3304
|
const now = Date.now();
|
|
3238
3305
|
const adminEmail = "admin@sonicjs.com".toLowerCase();
|
|
@@ -3453,7 +3520,7 @@ authRoutes.post("/accept-invitation", async (c) => {
|
|
|
3453
3520
|
if (existingUsername) {
|
|
3454
3521
|
return c.json({ error: "Username is already taken" }, 400);
|
|
3455
3522
|
}
|
|
3456
|
-
const passwordHash = await
|
|
3523
|
+
const passwordHash = await chunkB2ASV5RD_cjs.AuthManager.hashPassword(password);
|
|
3457
3524
|
const updateStmt = db.prepare(`
|
|
3458
3525
|
UPDATE users SET
|
|
3459
3526
|
username = ?,
|
|
@@ -3472,7 +3539,7 @@ authRoutes.post("/accept-invitation", async (c) => {
|
|
|
3472
3539
|
Date.now(),
|
|
3473
3540
|
invitedUser.id
|
|
3474
3541
|
).run();
|
|
3475
|
-
const authToken = await
|
|
3542
|
+
const authToken = await chunkB2ASV5RD_cjs.AuthManager.generateToken(invitedUser.id, invitedUser.email, invitedUser.role, c.env.JWT_SECRET);
|
|
3476
3543
|
cookie.setCookie(c, "auth_token", authToken, {
|
|
3477
3544
|
httpOnly: true,
|
|
3478
3545
|
secure: true,
|
|
@@ -3489,7 +3556,7 @@ authRoutes.post("/accept-invitation", async (c) => {
|
|
|
3489
3556
|
});
|
|
3490
3557
|
authRoutes.post(
|
|
3491
3558
|
"/request-password-reset",
|
|
3492
|
-
|
|
3559
|
+
chunkB2ASV5RD_cjs.rateLimit({ max: 3, windowMs: 15 * 60 * 1e3, keyPrefix: "password-reset" }),
|
|
3493
3560
|
async (c) => {
|
|
3494
3561
|
try {
|
|
3495
3562
|
const formData = await c.req.formData();
|
|
@@ -3707,7 +3774,7 @@ authRoutes.post("/reset-password", async (c) => {
|
|
|
3707
3774
|
if (Date.now() > user.password_reset_expires) {
|
|
3708
3775
|
return c.json({ error: "Reset token has expired" }, 400);
|
|
3709
3776
|
}
|
|
3710
|
-
const newPasswordHash = await
|
|
3777
|
+
const newPasswordHash = await chunkB2ASV5RD_cjs.AuthManager.hashPassword(password);
|
|
3711
3778
|
try {
|
|
3712
3779
|
const historyStmt = db.prepare(`
|
|
3713
3780
|
INSERT INTO password_history (id, user_id, password_hash, created_at)
|
|
@@ -8141,7 +8208,15 @@ function renderContentFormPage(data) {
|
|
|
8141
8208
|
fetch(\`/admin/content/\${contentId}/versions\`)
|
|
8142
8209
|
.then(response => response.text())
|
|
8143
8210
|
.then(html => {
|
|
8144
|
-
document.getElementById('version-history-content')
|
|
8211
|
+
const container = document.getElementById('version-history-content');
|
|
8212
|
+
container.innerHTML = html;
|
|
8213
|
+
// Script tags inserted via innerHTML are not executed by the browser,
|
|
8214
|
+
// so we need to manually create and append them for execution.
|
|
8215
|
+
container.querySelectorAll('script').forEach(oldScript => {
|
|
8216
|
+
const newScript = document.createElement('script');
|
|
8217
|
+
newScript.textContent = oldScript.textContent;
|
|
8218
|
+
oldScript.replaceWith(newScript);
|
|
8219
|
+
});
|
|
8145
8220
|
})
|
|
8146
8221
|
.catch(error => {
|
|
8147
8222
|
console.error('Error loading version history:', error);
|
|
@@ -9170,9 +9245,9 @@ function parseFieldValue(field, formData, options = {}) {
|
|
|
9170
9245
|
const { skipValidation = false } = options;
|
|
9171
9246
|
const value = formData.get(field.field_name);
|
|
9172
9247
|
const errors = [];
|
|
9173
|
-
const blocksConfig =
|
|
9248
|
+
const blocksConfig = chunkQLPFENZ2_cjs.getBlocksFieldConfig(field.field_options);
|
|
9174
9249
|
if (blocksConfig) {
|
|
9175
|
-
const parsed =
|
|
9250
|
+
const parsed = chunkQLPFENZ2_cjs.parseBlocksValue(value, blocksConfig);
|
|
9176
9251
|
if (!skipValidation && field.is_required && parsed.value.length === 0) {
|
|
9177
9252
|
parsed.errors.push(`${field.field_label} is required`);
|
|
9178
9253
|
}
|
|
@@ -9282,7 +9357,7 @@ function extractFieldData(fields, formData, options = {}) {
|
|
|
9282
9357
|
}
|
|
9283
9358
|
return { data, errors };
|
|
9284
9359
|
}
|
|
9285
|
-
adminContentRoutes.use("*",
|
|
9360
|
+
adminContentRoutes.use("*", chunkB2ASV5RD_cjs.requireAuth());
|
|
9286
9361
|
async function getCollectionFields(db, collectionId) {
|
|
9287
9362
|
const cache = chunkLFAQUR7P_cjs.getCacheService(chunkLFAQUR7P_cjs.CACHE_CONFIGS.collection);
|
|
9288
9363
|
return cache.getOrSet(
|
|
@@ -9559,21 +9634,21 @@ adminContentRoutes.get("/new", async (c) => {
|
|
|
9559
9634
|
const tinymceEnabled = await isPluginActive2(db, "tinymce-plugin");
|
|
9560
9635
|
let tinymceSettings;
|
|
9561
9636
|
if (tinymceEnabled) {
|
|
9562
|
-
const pluginService = new
|
|
9637
|
+
const pluginService = new chunk6BVLPACH_cjs.PluginService(db);
|
|
9563
9638
|
const tinymcePlugin2 = await pluginService.getPlugin("tinymce-plugin");
|
|
9564
9639
|
tinymceSettings = tinymcePlugin2?.settings;
|
|
9565
9640
|
}
|
|
9566
9641
|
const quillEnabled = await isPluginActive2(db, "quill-editor");
|
|
9567
9642
|
let quillSettings;
|
|
9568
9643
|
if (quillEnabled) {
|
|
9569
|
-
const pluginService = new
|
|
9644
|
+
const pluginService = new chunk6BVLPACH_cjs.PluginService(db);
|
|
9570
9645
|
const quillPlugin = await pluginService.getPlugin("quill-editor");
|
|
9571
9646
|
quillSettings = quillPlugin?.settings;
|
|
9572
9647
|
}
|
|
9573
9648
|
const mdxeditorEnabled = await isPluginActive2(db, "easy-mdx");
|
|
9574
9649
|
let mdxeditorSettings;
|
|
9575
9650
|
if (mdxeditorEnabled) {
|
|
9576
|
-
const pluginService = new
|
|
9651
|
+
const pluginService = new chunk6BVLPACH_cjs.PluginService(db);
|
|
9577
9652
|
const mdxeditorPlugin = await pluginService.getPlugin("easy-mdx");
|
|
9578
9653
|
mdxeditorSettings = mdxeditorPlugin?.settings;
|
|
9579
9654
|
}
|
|
@@ -9664,21 +9739,21 @@ adminContentRoutes.get("/:id/edit", async (c) => {
|
|
|
9664
9739
|
const tinymceEnabled = await isPluginActive2(db, "tinymce-plugin");
|
|
9665
9740
|
let tinymceSettings;
|
|
9666
9741
|
if (tinymceEnabled) {
|
|
9667
|
-
const pluginService = new
|
|
9742
|
+
const pluginService = new chunk6BVLPACH_cjs.PluginService(db);
|
|
9668
9743
|
const tinymcePlugin2 = await pluginService.getPlugin("tinymce-plugin");
|
|
9669
9744
|
tinymceSettings = tinymcePlugin2?.settings;
|
|
9670
9745
|
}
|
|
9671
9746
|
const quillEnabled = await isPluginActive2(db, "quill-editor");
|
|
9672
9747
|
let quillSettings;
|
|
9673
9748
|
if (quillEnabled) {
|
|
9674
|
-
const pluginService = new
|
|
9749
|
+
const pluginService = new chunk6BVLPACH_cjs.PluginService(db);
|
|
9675
9750
|
const quillPlugin = await pluginService.getPlugin("quill-editor");
|
|
9676
9751
|
quillSettings = quillPlugin?.settings;
|
|
9677
9752
|
}
|
|
9678
9753
|
const mdxeditorEnabled = await isPluginActive2(db, "easy-mdx");
|
|
9679
9754
|
let mdxeditorSettings;
|
|
9680
9755
|
if (mdxeditorEnabled) {
|
|
9681
|
-
const pluginService = new
|
|
9756
|
+
const pluginService = new chunk6BVLPACH_cjs.PluginService(db);
|
|
9682
9757
|
const mdxeditorPlugin = await pluginService.getPlugin("easy-mdx");
|
|
9683
9758
|
mdxeditorSettings = mdxeditorPlugin?.settings;
|
|
9684
9759
|
}
|
|
@@ -9973,7 +10048,7 @@ adminContentRoutes.put("/:id", async (c) => {
|
|
|
9973
10048
|
`);
|
|
9974
10049
|
}
|
|
9975
10050
|
});
|
|
9976
|
-
adminContentRoutes.post("/preview",
|
|
10051
|
+
adminContentRoutes.post("/preview", chunkB2ASV5RD_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
|
|
9977
10052
|
try {
|
|
9978
10053
|
const formData = await c.req.formData();
|
|
9979
10054
|
const collectionId = formData.get("collection_id");
|
|
@@ -10351,7 +10426,7 @@ adminContentRoutes.post("/:id/restore/:version", async (c) => {
|
|
|
10351
10426
|
return c.json({ success: false, error: "Failed to restore version" });
|
|
10352
10427
|
}
|
|
10353
10428
|
});
|
|
10354
|
-
adminContentRoutes.get("/:id/version/:version/preview",
|
|
10429
|
+
adminContentRoutes.get("/:id/version/:version/preview", chunkB2ASV5RD_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
|
|
10355
10430
|
try {
|
|
10356
10431
|
const id = c.req.param("id");
|
|
10357
10432
|
const version = parseInt(c.req.param("version") || "0");
|
|
@@ -11422,6 +11497,36 @@ function renderUserEditPage(data) {
|
|
|
11422
11497
|
</div>
|
|
11423
11498
|
</div>
|
|
11424
11499
|
|
|
11500
|
+
<!-- Set Password -->
|
|
11501
|
+
<div class="mb-8">
|
|
11502
|
+
<h3 class="text-base font-semibold text-zinc-950 dark:text-white mb-4">Set Password</h3>
|
|
11503
|
+
<p class="text-sm text-zinc-500 dark:text-zinc-400 mb-4">Leave blank to keep the current password</p>
|
|
11504
|
+
<div class="grid grid-cols-1 md:grid-cols-2 gap-6">
|
|
11505
|
+
<div>
|
|
11506
|
+
<label class="block text-sm font-medium text-zinc-950 dark:text-white mb-2">New Password</label>
|
|
11507
|
+
<input
|
|
11508
|
+
type="password"
|
|
11509
|
+
name="new_password"
|
|
11510
|
+
minlength="8"
|
|
11511
|
+
placeholder="Minimum 8 characters"
|
|
11512
|
+
autocomplete="new-password"
|
|
11513
|
+
class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
|
|
11514
|
+
/>
|
|
11515
|
+
</div>
|
|
11516
|
+
<div>
|
|
11517
|
+
<label class="block text-sm font-medium text-zinc-950 dark:text-white mb-2">Confirm Password</label>
|
|
11518
|
+
<input
|
|
11519
|
+
type="password"
|
|
11520
|
+
name="confirm_password"
|
|
11521
|
+
minlength="8"
|
|
11522
|
+
placeholder="Repeat new password"
|
|
11523
|
+
autocomplete="new-password"
|
|
11524
|
+
class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
|
|
11525
|
+
/>
|
|
11526
|
+
</div>
|
|
11527
|
+
</div>
|
|
11528
|
+
</div>
|
|
11529
|
+
|
|
11425
11530
|
<!-- Account Status -->
|
|
11426
11531
|
<div class="mb-8">
|
|
11427
11532
|
<h3 class="text-base font-semibold text-zinc-950 dark:text-white mb-4">Account Status</h3>
|
|
@@ -12318,14 +12423,14 @@ function renderUsersListPage(data) {
|
|
|
12318
12423
|
|
|
12319
12424
|
// src/routes/admin-users.ts
|
|
12320
12425
|
var userRoutes = new hono.Hono();
|
|
12321
|
-
userRoutes.use("*",
|
|
12322
|
-
userRoutes.use("/users/*",
|
|
12323
|
-
userRoutes.use("/users",
|
|
12324
|
-
userRoutes.use("/invite-user",
|
|
12325
|
-
userRoutes.use("/resend-invitation/*",
|
|
12326
|
-
userRoutes.use("/cancel-invitation/*",
|
|
12327
|
-
userRoutes.use("/activity-logs",
|
|
12328
|
-
userRoutes.use("/activity-logs/*",
|
|
12426
|
+
userRoutes.use("*", chunkB2ASV5RD_cjs.requireAuth());
|
|
12427
|
+
userRoutes.use("/users/*", chunkB2ASV5RD_cjs.requireRole(["admin"]));
|
|
12428
|
+
userRoutes.use("/users", chunkB2ASV5RD_cjs.requireRole(["admin"]));
|
|
12429
|
+
userRoutes.use("/invite-user", chunkB2ASV5RD_cjs.requireRole(["admin"]));
|
|
12430
|
+
userRoutes.use("/resend-invitation/*", chunkB2ASV5RD_cjs.requireRole(["admin"]));
|
|
12431
|
+
userRoutes.use("/cancel-invitation/*", chunkB2ASV5RD_cjs.requireRole(["admin"]));
|
|
12432
|
+
userRoutes.use("/activity-logs", chunkB2ASV5RD_cjs.requireRole(["admin"]));
|
|
12433
|
+
userRoutes.use("/activity-logs/*", chunkB2ASV5RD_cjs.requireRole(["admin"]));
|
|
12329
12434
|
userRoutes.get("/", (c) => {
|
|
12330
12435
|
return c.redirect("/admin/dashboard");
|
|
12331
12436
|
});
|
|
@@ -12480,7 +12585,7 @@ userRoutes.put("/profile", async (c) => {
|
|
|
12480
12585
|
Date.now(),
|
|
12481
12586
|
user.userId
|
|
12482
12587
|
).run();
|
|
12483
|
-
await
|
|
12588
|
+
await chunkB2ASV5RD_cjs.logActivity(
|
|
12484
12589
|
db,
|
|
12485
12590
|
user.userId,
|
|
12486
12591
|
"profile.update",
|
|
@@ -12543,7 +12648,7 @@ userRoutes.post("/profile/avatar", async (c) => {
|
|
|
12543
12648
|
SELECT first_name, last_name FROM users WHERE id = ?
|
|
12544
12649
|
`);
|
|
12545
12650
|
const userData = await userStmt.bind(user.userId).first();
|
|
12546
|
-
await
|
|
12651
|
+
await chunkB2ASV5RD_cjs.logActivity(
|
|
12547
12652
|
db,
|
|
12548
12653
|
user.userId,
|
|
12549
12654
|
"profile.avatar_update",
|
|
@@ -12614,7 +12719,7 @@ userRoutes.post("/profile/password", async (c) => {
|
|
|
12614
12719
|
dismissible: true
|
|
12615
12720
|
}));
|
|
12616
12721
|
}
|
|
12617
|
-
const validPassword = await
|
|
12722
|
+
const validPassword = await chunkB2ASV5RD_cjs.AuthManager.verifyPassword(currentPassword, userData.password_hash);
|
|
12618
12723
|
if (!validPassword) {
|
|
12619
12724
|
return c.html(renderAlert2({
|
|
12620
12725
|
type: "error",
|
|
@@ -12622,7 +12727,7 @@ userRoutes.post("/profile/password", async (c) => {
|
|
|
12622
12727
|
dismissible: true
|
|
12623
12728
|
}));
|
|
12624
12729
|
}
|
|
12625
|
-
const newPasswordHash = await
|
|
12730
|
+
const newPasswordHash = await chunkB2ASV5RD_cjs.AuthManager.hashPassword(newPassword);
|
|
12626
12731
|
const historyStmt = db.prepare(`
|
|
12627
12732
|
INSERT INTO password_history (id, user_id, password_hash, created_at)
|
|
12628
12733
|
VALUES (?, ?, ?, ?)
|
|
@@ -12638,7 +12743,7 @@ userRoutes.post("/profile/password", async (c) => {
|
|
|
12638
12743
|
WHERE id = ?
|
|
12639
12744
|
`);
|
|
12640
12745
|
await updateStmt.bind(newPasswordHash, Date.now(), user.userId).run();
|
|
12641
|
-
await
|
|
12746
|
+
await chunkB2ASV5RD_cjs.logActivity(
|
|
12642
12747
|
db,
|
|
12643
12748
|
user.userId,
|
|
12644
12749
|
"profile.password_change",
|
|
@@ -12705,7 +12810,7 @@ userRoutes.get("/users", async (c) => {
|
|
|
12705
12810
|
`);
|
|
12706
12811
|
const countResult = await countStmt.bind(...params).first();
|
|
12707
12812
|
const totalUsers = countResult?.total || 0;
|
|
12708
|
-
await
|
|
12813
|
+
await chunkB2ASV5RD_cjs.logActivity(
|
|
12709
12814
|
db,
|
|
12710
12815
|
user.userId,
|
|
12711
12816
|
"users.list_view",
|
|
@@ -12743,6 +12848,7 @@ userRoutes.get("/users", async (c) => {
|
|
|
12743
12848
|
formattedLastLogin: u.last_login_at ? new Date(u.last_login_at).toLocaleDateString() : void 0,
|
|
12744
12849
|
formattedCreatedAt: new Date(u.created_at).toLocaleDateString()
|
|
12745
12850
|
}));
|
|
12851
|
+
const successMessage = c.req.query("success") || void 0;
|
|
12746
12852
|
const pageData = {
|
|
12747
12853
|
users,
|
|
12748
12854
|
currentPage: page,
|
|
@@ -12751,6 +12857,7 @@ userRoutes.get("/users", async (c) => {
|
|
|
12751
12857
|
searchFilter: search,
|
|
12752
12858
|
roleFilter,
|
|
12753
12859
|
statusFilter,
|
|
12860
|
+
success: successMessage,
|
|
12754
12861
|
pagination: {
|
|
12755
12862
|
currentPage: page,
|
|
12756
12863
|
totalPages: Math.ceil(totalUsers / limit),
|
|
@@ -12861,7 +12968,7 @@ userRoutes.post("/users/new", async (c) => {
|
|
|
12861
12968
|
dismissible: true
|
|
12862
12969
|
}));
|
|
12863
12970
|
}
|
|
12864
|
-
const passwordHash = await
|
|
12971
|
+
const passwordHash = await chunkB2ASV5RD_cjs.AuthManager.hashPassword(password);
|
|
12865
12972
|
const userId = crypto.randomUUID();
|
|
12866
12973
|
const createStmt = db.prepare(`
|
|
12867
12974
|
INSERT INTO users (
|
|
@@ -12884,7 +12991,7 @@ userRoutes.post("/users/new", async (c) => {
|
|
|
12884
12991
|
Date.now(),
|
|
12885
12992
|
Date.now()
|
|
12886
12993
|
).run();
|
|
12887
|
-
await
|
|
12994
|
+
await chunkB2ASV5RD_cjs.logActivity(
|
|
12888
12995
|
db,
|
|
12889
12996
|
user.userId,
|
|
12890
12997
|
"user!.create",
|
|
@@ -12894,7 +13001,8 @@ userRoutes.post("/users/new", async (c) => {
|
|
|
12894
13001
|
c.req.header("x-forwarded-for") || c.req.header("cf-connecting-ip"),
|
|
12895
13002
|
c.req.header("user-agent")
|
|
12896
13003
|
);
|
|
12897
|
-
|
|
13004
|
+
c.header("HX-Redirect", "/admin/users?success=User created successfully");
|
|
13005
|
+
return c.body(null, 200);
|
|
12898
13006
|
} catch (error) {
|
|
12899
13007
|
console.error("User creation error:", error);
|
|
12900
13008
|
return c.html(renderAlert2({
|
|
@@ -12922,7 +13030,7 @@ userRoutes.get("/users/:id", async (c) => {
|
|
|
12922
13030
|
if (!userRecord) {
|
|
12923
13031
|
return c.json({ error: "User not found" }, 404);
|
|
12924
13032
|
}
|
|
12925
|
-
await
|
|
13033
|
+
await chunkB2ASV5RD_cjs.logActivity(
|
|
12926
13034
|
db,
|
|
12927
13035
|
user.userId,
|
|
12928
13036
|
"user!.view",
|
|
@@ -13040,6 +13148,8 @@ userRoutes.put("/users/:id", async (c) => {
|
|
|
13040
13148
|
const role = validRoles.includes(roleInput) ? roleInput : "viewer";
|
|
13041
13149
|
const isActive = formData.get("is_active") === "1";
|
|
13042
13150
|
const emailVerified = formData.get("email_verified") === "1";
|
|
13151
|
+
const newPassword = formData.get("new_password")?.toString() || "";
|
|
13152
|
+
const confirmPassword = formData.get("confirm_password")?.toString() || "";
|
|
13043
13153
|
const profileDisplayName = chunkMNWKYY5E_cjs.sanitizeInput(formData.get("profile_display_name")?.toString()) || null;
|
|
13044
13154
|
const profileBio = chunkMNWKYY5E_cjs.sanitizeInput(formData.get("profile_bio")?.toString()) || null;
|
|
13045
13155
|
const profileCompany = chunkMNWKYY5E_cjs.sanitizeInput(formData.get("profile_company")?.toString()) || null;
|
|
@@ -13063,6 +13173,22 @@ userRoutes.put("/users/:id", async (c) => {
|
|
|
13063
13173
|
dismissible: true
|
|
13064
13174
|
}));
|
|
13065
13175
|
}
|
|
13176
|
+
if (newPassword) {
|
|
13177
|
+
if (newPassword.length < 8) {
|
|
13178
|
+
return c.html(renderAlert2({
|
|
13179
|
+
type: "error",
|
|
13180
|
+
message: "Password must be at least 8 characters long.",
|
|
13181
|
+
dismissible: true
|
|
13182
|
+
}));
|
|
13183
|
+
}
|
|
13184
|
+
if (newPassword !== confirmPassword) {
|
|
13185
|
+
return c.html(renderAlert2({
|
|
13186
|
+
type: "error",
|
|
13187
|
+
message: "Passwords do not match.",
|
|
13188
|
+
dismissible: true
|
|
13189
|
+
}));
|
|
13190
|
+
}
|
|
13191
|
+
}
|
|
13066
13192
|
if (profileWebsite) {
|
|
13067
13193
|
try {
|
|
13068
13194
|
new URL(profileWebsite);
|
|
@@ -13105,6 +13231,13 @@ userRoutes.put("/users/:id", async (c) => {
|
|
|
13105
13231
|
Date.now(),
|
|
13106
13232
|
userId
|
|
13107
13233
|
).run();
|
|
13234
|
+
if (newPassword) {
|
|
13235
|
+
const passwordHash = await chunkB2ASV5RD_cjs.AuthManager.hashPassword(newPassword);
|
|
13236
|
+
const updatePasswordStmt = db.prepare(`
|
|
13237
|
+
UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?
|
|
13238
|
+
`);
|
|
13239
|
+
await updatePasswordStmt.bind(passwordHash, Date.now(), userId).run();
|
|
13240
|
+
}
|
|
13108
13241
|
const hasProfileData = profileDisplayName || profileBio || profileCompany || profileJobTitle || profileWebsite || profileLocation || profileDateOfBirth;
|
|
13109
13242
|
if (hasProfileData) {
|
|
13110
13243
|
const now = Date.now();
|
|
@@ -13149,13 +13282,13 @@ userRoutes.put("/users/:id", async (c) => {
|
|
|
13149
13282
|
).run();
|
|
13150
13283
|
}
|
|
13151
13284
|
}
|
|
13152
|
-
await
|
|
13285
|
+
await chunkB2ASV5RD_cjs.logActivity(
|
|
13153
13286
|
db,
|
|
13154
13287
|
user.userId,
|
|
13155
13288
|
"user.update",
|
|
13156
13289
|
"users",
|
|
13157
13290
|
userId,
|
|
13158
|
-
{ fields: ["first_name", "last_name", "username", "email", "phone", "role", "is_active", "email_verified", "profile"] },
|
|
13291
|
+
{ fields: ["first_name", "last_name", "username", "email", "phone", "role", "is_active", "email_verified", "profile", ...newPassword ? ["password"] : []] },
|
|
13159
13292
|
c.req.header("x-forwarded-for") || c.req.header("cf-connecting-ip"),
|
|
13160
13293
|
c.req.header("user-agent")
|
|
13161
13294
|
);
|
|
@@ -13194,7 +13327,7 @@ userRoutes.post("/users/:id/toggle", async (c) => {
|
|
|
13194
13327
|
UPDATE users SET is_active = ?, updated_at = ? WHERE id = ?
|
|
13195
13328
|
`);
|
|
13196
13329
|
await toggleStmt.bind(active ? 1 : 0, Date.now(), userId).run();
|
|
13197
|
-
await
|
|
13330
|
+
await chunkB2ASV5RD_cjs.logActivity(
|
|
13198
13331
|
db,
|
|
13199
13332
|
user.userId,
|
|
13200
13333
|
active ? "user.activate" : "user.deactivate",
|
|
@@ -13235,7 +13368,7 @@ userRoutes.delete("/users/:id", async (c) => {
|
|
|
13235
13368
|
DELETE FROM users WHERE id = ?
|
|
13236
13369
|
`);
|
|
13237
13370
|
await deleteStmt.bind(userId).run();
|
|
13238
|
-
await
|
|
13371
|
+
await chunkB2ASV5RD_cjs.logActivity(
|
|
13239
13372
|
db,
|
|
13240
13373
|
user.userId,
|
|
13241
13374
|
"user!.hard_delete",
|
|
@@ -13254,7 +13387,7 @@ userRoutes.delete("/users/:id", async (c) => {
|
|
|
13254
13387
|
UPDATE users SET is_active = 0, updated_at = ? WHERE id = ?
|
|
13255
13388
|
`);
|
|
13256
13389
|
await deleteStmt.bind(Date.now(), userId).run();
|
|
13257
|
-
await
|
|
13390
|
+
await chunkB2ASV5RD_cjs.logActivity(
|
|
13258
13391
|
db,
|
|
13259
13392
|
user.userId,
|
|
13260
13393
|
"user!.soft_delete",
|
|
@@ -13320,7 +13453,7 @@ userRoutes.post("/invite-user", async (c) => {
|
|
|
13320
13453
|
Date.now(),
|
|
13321
13454
|
Date.now()
|
|
13322
13455
|
).run();
|
|
13323
|
-
await
|
|
13456
|
+
await chunkB2ASV5RD_cjs.logActivity(
|
|
13324
13457
|
db,
|
|
13325
13458
|
user.userId,
|
|
13326
13459
|
"user!.invite_sent",
|
|
@@ -13377,7 +13510,7 @@ userRoutes.post("/resend-invitation/:id", async (c) => {
|
|
|
13377
13510
|
Date.now(),
|
|
13378
13511
|
userId
|
|
13379
13512
|
).run();
|
|
13380
|
-
await
|
|
13513
|
+
await chunkB2ASV5RD_cjs.logActivity(
|
|
13381
13514
|
db,
|
|
13382
13515
|
user.userId,
|
|
13383
13516
|
"user!.invitation_resent",
|
|
@@ -13413,7 +13546,7 @@ userRoutes.delete("/cancel-invitation/:id", async (c) => {
|
|
|
13413
13546
|
}
|
|
13414
13547
|
const deleteStmt = db.prepare(`DELETE FROM users WHERE id = ?`);
|
|
13415
13548
|
await deleteStmt.bind(userId).run();
|
|
13416
|
-
await
|
|
13549
|
+
await chunkB2ASV5RD_cjs.logActivity(
|
|
13417
13550
|
db,
|
|
13418
13551
|
user.userId,
|
|
13419
13552
|
"user!.invitation_cancelled",
|
|
@@ -13496,7 +13629,7 @@ userRoutes.get("/activity-logs", async (c) => {
|
|
|
13496
13629
|
...log,
|
|
13497
13630
|
details: log.details ? JSON.parse(log.details) : null
|
|
13498
13631
|
}));
|
|
13499
|
-
await
|
|
13632
|
+
await chunkB2ASV5RD_cjs.logActivity(
|
|
13500
13633
|
db,
|
|
13501
13634
|
user.userId,
|
|
13502
13635
|
"activity.logs_viewed",
|
|
@@ -13603,7 +13736,7 @@ userRoutes.get("/activity-logs/export", async (c) => {
|
|
|
13603
13736
|
csvRows.push(row.join(","));
|
|
13604
13737
|
}
|
|
13605
13738
|
const csvContent = csvRows.join("\n");
|
|
13606
|
-
await
|
|
13739
|
+
await chunkB2ASV5RD_cjs.logActivity(
|
|
13607
13740
|
db,
|
|
13608
13741
|
user.userId,
|
|
13609
13742
|
"activity.logs_exported",
|
|
@@ -14942,7 +15075,7 @@ var fileValidationSchema2 = zod.z.object({
|
|
|
14942
15075
|
// 50MB max
|
|
14943
15076
|
});
|
|
14944
15077
|
var adminMediaRoutes = new hono.Hono();
|
|
14945
|
-
adminMediaRoutes.use("*",
|
|
15078
|
+
adminMediaRoutes.use("*", chunkB2ASV5RD_cjs.requireAuth());
|
|
14946
15079
|
adminMediaRoutes.get("/", async (c) => {
|
|
14947
15080
|
try {
|
|
14948
15081
|
const user = c.get("user");
|
|
@@ -15528,7 +15661,7 @@ adminMediaRoutes.put("/:id", async (c) => {
|
|
|
15528
15661
|
`);
|
|
15529
15662
|
}
|
|
15530
15663
|
});
|
|
15531
|
-
adminMediaRoutes.delete("/cleanup",
|
|
15664
|
+
adminMediaRoutes.delete("/cleanup", chunkB2ASV5RD_cjs.requireRole("admin"), async (c) => {
|
|
15532
15665
|
try {
|
|
15533
15666
|
const db = c.env.DB;
|
|
15534
15667
|
const allMediaStmt = db.prepare("SELECT id, r2_key, filename FROM media WHERE deleted_at IS NULL");
|
|
@@ -17255,6 +17388,7 @@ function renderOTPLoginSettingsContent(plugin, settings) {
|
|
|
17255
17388
|
const maxAttempts = settings.maxAttempts || 3;
|
|
17256
17389
|
const rateLimitPerHour = settings.rateLimitPerHour || 5;
|
|
17257
17390
|
const allowNewUserRegistration = settings.allowNewUserRegistration || false;
|
|
17391
|
+
const logoUrl = settings.logoUrl || "";
|
|
17258
17392
|
return `
|
|
17259
17393
|
<div class="space-y-6">
|
|
17260
17394
|
<!-- Test OTP Section -->
|
|
@@ -17438,6 +17572,7 @@ function renderOTPLoginSettingsContent(plugin, settings) {
|
|
|
17438
17572
|
|
|
17439
17573
|
<div class="bg-white rounded-lg overflow-hidden shadow-lg">
|
|
17440
17574
|
<div style="background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 30px 20px; text-align: center;">
|
|
17575
|
+
${logoUrl ? `<img src="${logoUrl}" alt="Logo" style="max-width: 150px; height: auto; margin: 0 auto 16px;">` : ""}
|
|
17441
17576
|
<h3 style="margin: 0 0 8px 0; font-size: 24px; font-weight: 600;">Your Login Code</h3>
|
|
17442
17577
|
<p style="margin: 0; opacity: 0.95; font-size: 14px;">Enter this code to sign in to ${siteName}</p>
|
|
17443
17578
|
</div>
|
|
@@ -17751,7 +17886,7 @@ function renderEmailSettingsContent(plugin, settings) {
|
|
|
17751
17886
|
|
|
17752
17887
|
// src/routes/admin-plugins.ts
|
|
17753
17888
|
var adminPluginRoutes = new hono.Hono();
|
|
17754
|
-
adminPluginRoutes.use("*",
|
|
17889
|
+
adminPluginRoutes.use("*", chunkB2ASV5RD_cjs.requireAuth());
|
|
17755
17890
|
var AVAILABLE_PLUGINS = [
|
|
17756
17891
|
{
|
|
17757
17892
|
id: "third-party-faq",
|
|
@@ -17878,7 +18013,7 @@ adminPluginRoutes.get("/", async (c) => {
|
|
|
17878
18013
|
if (user?.role !== "admin") {
|
|
17879
18014
|
return c.text("Access denied", 403);
|
|
17880
18015
|
}
|
|
17881
|
-
const pluginService = new
|
|
18016
|
+
const pluginService = new chunk6BVLPACH_cjs.PluginService(db);
|
|
17882
18017
|
let installedPlugins = [];
|
|
17883
18018
|
let stats = { total: 0, active: 0, inactive: 0, errors: 0, uninstalled: 0 };
|
|
17884
18019
|
try {
|
|
@@ -17954,7 +18089,7 @@ adminPluginRoutes.get("/:id", async (c) => {
|
|
|
17954
18089
|
if (user?.role !== "admin") {
|
|
17955
18090
|
return c.redirect("/admin/plugins");
|
|
17956
18091
|
}
|
|
17957
|
-
const pluginService = new
|
|
18092
|
+
const pluginService = new chunk6BVLPACH_cjs.PluginService(db);
|
|
17958
18093
|
const plugin = await pluginService.getPlugin(pluginId);
|
|
17959
18094
|
if (!plugin) {
|
|
17960
18095
|
return c.text("Plugin not found", 404);
|
|
@@ -17962,17 +18097,9 @@ adminPluginRoutes.get("/:id", async (c) => {
|
|
|
17962
18097
|
const activity = await pluginService.getPluginActivity(pluginId, 20);
|
|
17963
18098
|
let enrichedSettings = plugin.settings || {};
|
|
17964
18099
|
if (pluginId === "otp-login") {
|
|
17965
|
-
const
|
|
17966
|
-
|
|
17967
|
-
|
|
17968
|
-
let siteName = "SonicJS";
|
|
17969
|
-
if (generalSettings?.value) {
|
|
17970
|
-
try {
|
|
17971
|
-
const parsed = JSON.parse(generalSettings.value);
|
|
17972
|
-
siteName = parsed.siteName || "SonicJS";
|
|
17973
|
-
} catch (e) {
|
|
17974
|
-
}
|
|
17975
|
-
}
|
|
18100
|
+
const settingsService = new chunkLFAQUR7P_cjs.SettingsService(db);
|
|
18101
|
+
const generalSettings = await settingsService.getGeneralSettings();
|
|
18102
|
+
const siteName = generalSettings.siteName || "SonicJS";
|
|
17976
18103
|
const emailPlugin = await db.prepare(`
|
|
17977
18104
|
SELECT settings FROM plugins WHERE id = 'email'
|
|
17978
18105
|
`).first();
|
|
@@ -18038,7 +18165,7 @@ adminPluginRoutes.post("/:id/activate", async (c) => {
|
|
|
18038
18165
|
if (user?.role !== "admin") {
|
|
18039
18166
|
return c.json({ error: "Access denied" }, 403);
|
|
18040
18167
|
}
|
|
18041
|
-
const pluginService = new
|
|
18168
|
+
const pluginService = new chunk6BVLPACH_cjs.PluginService(db);
|
|
18042
18169
|
await pluginService.activatePlugin(pluginId);
|
|
18043
18170
|
return c.json({ success: true });
|
|
18044
18171
|
} catch (error) {
|
|
@@ -18055,7 +18182,7 @@ adminPluginRoutes.post("/:id/deactivate", async (c) => {
|
|
|
18055
18182
|
if (user?.role !== "admin") {
|
|
18056
18183
|
return c.json({ error: "Access denied" }, 403);
|
|
18057
18184
|
}
|
|
18058
|
-
const pluginService = new
|
|
18185
|
+
const pluginService = new chunk6BVLPACH_cjs.PluginService(db);
|
|
18059
18186
|
await pluginService.deactivatePlugin(pluginId);
|
|
18060
18187
|
return c.json({ success: true });
|
|
18061
18188
|
} catch (error) {
|
|
@@ -18072,7 +18199,7 @@ adminPluginRoutes.post("/install", async (c) => {
|
|
|
18072
18199
|
return c.json({ error: "Access denied" }, 403);
|
|
18073
18200
|
}
|
|
18074
18201
|
const body = await c.req.json();
|
|
18075
|
-
const pluginService = new
|
|
18202
|
+
const pluginService = new chunk6BVLPACH_cjs.PluginService(db);
|
|
18076
18203
|
if (body.name === "faq-plugin") {
|
|
18077
18204
|
const faqPlugin = await pluginService.installPlugin({
|
|
18078
18205
|
id: "third-party-faq",
|
|
@@ -18342,7 +18469,7 @@ adminPluginRoutes.post("/:id/uninstall", async (c) => {
|
|
|
18342
18469
|
if (user?.role !== "admin") {
|
|
18343
18470
|
return c.json({ error: "Access denied" }, 403);
|
|
18344
18471
|
}
|
|
18345
|
-
const pluginService = new
|
|
18472
|
+
const pluginService = new chunk6BVLPACH_cjs.PluginService(db);
|
|
18346
18473
|
await pluginService.uninstallPlugin(pluginId);
|
|
18347
18474
|
return c.json({ success: true });
|
|
18348
18475
|
} catch (error) {
|
|
@@ -18360,7 +18487,7 @@ adminPluginRoutes.post("/:id/settings", async (c) => {
|
|
|
18360
18487
|
return c.json({ error: "Access denied" }, 403);
|
|
18361
18488
|
}
|
|
18362
18489
|
const settings = await c.req.json();
|
|
18363
|
-
const pluginService = new
|
|
18490
|
+
const pluginService = new chunk6BVLPACH_cjs.PluginService(db);
|
|
18364
18491
|
await pluginService.updatePluginSettings(pluginId, settings);
|
|
18365
18492
|
if (pluginId === "core-auth") {
|
|
18366
18493
|
try {
|
|
@@ -19168,7 +19295,7 @@ function renderLogConfigPage(data) {
|
|
|
19168
19295
|
|
|
19169
19296
|
// src/routes/admin-logs.ts
|
|
19170
19297
|
var adminLogsRoutes = new hono.Hono();
|
|
19171
|
-
adminLogsRoutes.use("*",
|
|
19298
|
+
adminLogsRoutes.use("*", chunkB2ASV5RD_cjs.requireAuth());
|
|
19172
19299
|
adminLogsRoutes.get("/", async (c) => {
|
|
19173
19300
|
try {
|
|
19174
19301
|
const user = c.get("user");
|
|
@@ -21496,9 +21623,9 @@ function renderStorageUsage(databaseSizeBytes, mediaSizeBytes) {
|
|
|
21496
21623
|
}
|
|
21497
21624
|
|
|
21498
21625
|
// src/routes/admin-dashboard.ts
|
|
21499
|
-
var VERSION =
|
|
21626
|
+
var VERSION = chunkQLPFENZ2_cjs.getCoreVersion();
|
|
21500
21627
|
var router = new hono.Hono();
|
|
21501
|
-
router.use("*",
|
|
21628
|
+
router.use("*", chunkB2ASV5RD_cjs.requireAuth());
|
|
21502
21629
|
router.get("/", async (c) => {
|
|
21503
21630
|
const user = c.get("user");
|
|
21504
21631
|
try {
|
|
@@ -23317,10 +23444,10 @@ function renderCollectionFormPage(data) {
|
|
|
23317
23444
|
|
|
23318
23445
|
// src/routes/admin-collections.ts
|
|
23319
23446
|
var adminCollectionsRoutes = new hono.Hono();
|
|
23320
|
-
adminCollectionsRoutes.use("*",
|
|
23321
|
-
adminCollectionsRoutes.post("*",
|
|
23322
|
-
adminCollectionsRoutes.put("*",
|
|
23323
|
-
adminCollectionsRoutes.delete("*",
|
|
23447
|
+
adminCollectionsRoutes.use("*", chunkB2ASV5RD_cjs.requireAuth());
|
|
23448
|
+
adminCollectionsRoutes.post("*", chunkB2ASV5RD_cjs.requireRole(["admin"]));
|
|
23449
|
+
adminCollectionsRoutes.put("*", chunkB2ASV5RD_cjs.requireRole(["admin"]));
|
|
23450
|
+
adminCollectionsRoutes.delete("*", chunkB2ASV5RD_cjs.requireRole(["admin"]));
|
|
23324
23451
|
adminCollectionsRoutes.get("/", async (c) => {
|
|
23325
23452
|
try {
|
|
23326
23453
|
const user = c.get("user");
|
|
@@ -25516,7 +25643,7 @@ function renderDatabaseToolsSettings(settings) {
|
|
|
25516
25643
|
|
|
25517
25644
|
// src/routes/admin-settings.ts
|
|
25518
25645
|
var adminSettingsRoutes = new hono.Hono();
|
|
25519
|
-
adminSettingsRoutes.use("*",
|
|
25646
|
+
adminSettingsRoutes.use("*", chunkB2ASV5RD_cjs.requireAuth());
|
|
25520
25647
|
function getMockSettings(user) {
|
|
25521
25648
|
return {
|
|
25522
25649
|
general: {
|
|
@@ -25684,7 +25811,7 @@ adminSettingsRoutes.get("/database-tools", (c) => {
|
|
|
25684
25811
|
adminSettingsRoutes.get("/api/migrations/status", async (c) => {
|
|
25685
25812
|
try {
|
|
25686
25813
|
const db = c.env.DB;
|
|
25687
|
-
const migrationService = new
|
|
25814
|
+
const migrationService = new chunkDE5YTNCD_cjs.MigrationService(db);
|
|
25688
25815
|
const status = await migrationService.getMigrationStatus();
|
|
25689
25816
|
return c.json({
|
|
25690
25817
|
success: true,
|
|
@@ -25708,7 +25835,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
|
|
|
25708
25835
|
}, 403);
|
|
25709
25836
|
}
|
|
25710
25837
|
const db = c.env.DB;
|
|
25711
|
-
const migrationService = new
|
|
25838
|
+
const migrationService = new chunkDE5YTNCD_cjs.MigrationService(db);
|
|
25712
25839
|
const result = await migrationService.runPendingMigrations();
|
|
25713
25840
|
return c.json({
|
|
25714
25841
|
success: result.success,
|
|
@@ -25726,7 +25853,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
|
|
|
25726
25853
|
adminSettingsRoutes.get("/api/migrations/validate", async (c) => {
|
|
25727
25854
|
try {
|
|
25728
25855
|
const db = c.env.DB;
|
|
25729
|
-
const migrationService = new
|
|
25856
|
+
const migrationService = new chunkDE5YTNCD_cjs.MigrationService(db);
|
|
25730
25857
|
const validation = await migrationService.validateSchema();
|
|
25731
25858
|
return c.json({
|
|
25732
25859
|
success: true,
|
|
@@ -27616,7 +27743,7 @@ function renderFormCreatePage(data) {
|
|
|
27616
27743
|
|
|
27617
27744
|
// src/routes/admin-forms.ts
|
|
27618
27745
|
var adminFormsRoutes = new hono.Hono();
|
|
27619
|
-
adminFormsRoutes.use("*",
|
|
27746
|
+
adminFormsRoutes.use("*", chunkB2ASV5RD_cjs.requireAuth());
|
|
27620
27747
|
adminFormsRoutes.get("/", async (c) => {
|
|
27621
27748
|
try {
|
|
27622
27749
|
const user = c.get("user");
|
|
@@ -28421,7 +28548,7 @@ publicFormsRoutes.post("/:identifier/submit", async (c) => {
|
|
|
28421
28548
|
`).bind(now, form.id).run();
|
|
28422
28549
|
let contentId = null;
|
|
28423
28550
|
try {
|
|
28424
|
-
contentId = await
|
|
28551
|
+
contentId = await chunk6BVLPACH_cjs.createContentFromSubmission(
|
|
28425
28552
|
db,
|
|
28426
28553
|
sanitizedData,
|
|
28427
28554
|
{ id: form.id, name: form.name, display_name: form.display_name },
|
|
@@ -28789,9 +28916,9 @@ function renderAPIReferencePage(data) {
|
|
|
28789
28916
|
}
|
|
28790
28917
|
|
|
28791
28918
|
// src/routes/admin-api-reference.ts
|
|
28792
|
-
var VERSION2 =
|
|
28919
|
+
var VERSION2 = chunkQLPFENZ2_cjs.getCoreVersion();
|
|
28793
28920
|
var router2 = new hono.Hono();
|
|
28794
|
-
router2.use("*",
|
|
28921
|
+
router2.use("*", chunkB2ASV5RD_cjs.requireAuth());
|
|
28795
28922
|
router2.get("/", async (c) => {
|
|
28796
28923
|
const user = c.get("user");
|
|
28797
28924
|
try {
|
|
@@ -28878,5 +29005,5 @@ exports.router = router;
|
|
|
28878
29005
|
exports.router2 = router2;
|
|
28879
29006
|
exports.test_cleanup_default = test_cleanup_default;
|
|
28880
29007
|
exports.userRoutes = userRoutes;
|
|
28881
|
-
//# sourceMappingURL=chunk-
|
|
28882
|
-
//# sourceMappingURL=chunk-
|
|
29008
|
+
//# sourceMappingURL=chunk-ASAEJ4B7.cjs.map
|
|
29009
|
+
//# sourceMappingURL=chunk-ASAEJ4B7.cjs.map
|