@sonicjs-cms/core 2.16.0 → 2.16.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{app-COElO4Rm.d.cts → app-D9L3mrC-.d.cts} +1 -0
- package/dist/{app-COElO4Rm.d.ts → app-D9L3mrC-.d.ts} +1 -0
- package/dist/{chunk-CZ6BVQZX.cjs → chunk-7HHIZQNE.cjs} +8 -8
- package/dist/{chunk-CZ6BVQZX.cjs.map → chunk-7HHIZQNE.cjs.map} +1 -1
- package/dist/{chunk-WLSIUKNM.js → chunk-BAMJVG33.js} +9 -9
- package/dist/{chunk-WLSIUKNM.js.map → chunk-BAMJVG33.js.map} +1 -1
- package/dist/{chunk-OCLUXJ7E.cjs → chunk-HU4MN74Q.cjs} +48 -5
- package/dist/chunk-HU4MN74Q.cjs.map +1 -0
- package/dist/{chunk-MVSCB4E3.js → chunk-JF5RQXPN.js} +3 -3
- package/dist/{chunk-MVSCB4E3.js.map → chunk-JF5RQXPN.js.map} +1 -1
- package/dist/{chunk-Y5EH32F5.js → chunk-KYAF33AF.js} +4 -4
- package/dist/{chunk-Y5EH32F5.js.map → chunk-KYAF33AF.js.map} +1 -1
- package/dist/{chunk-6ENX7QSA.cjs → chunk-MZS33LLH.cjs} +114 -114
- package/dist/{chunk-6ENX7QSA.cjs.map → chunk-MZS33LLH.cjs.map} +1 -1
- package/dist/{chunk-VFQUULAV.js → chunk-PUZMLXOJ.js} +48 -5
- package/dist/chunk-PUZMLXOJ.js.map +1 -0
- package/dist/{chunk-Q5VFZUXV.cjs → chunk-U6FOL6EO.cjs} +2 -2
- package/dist/{chunk-Q5VFZUXV.cjs.map → chunk-U6FOL6EO.cjs.map} +1 -1
- package/dist/{chunk-YQW2GCJ3.cjs → chunk-V76ERLX6.cjs} +3 -3
- package/dist/{chunk-YQW2GCJ3.cjs.map → chunk-V76ERLX6.cjs.map} +1 -1
- package/dist/{chunk-INSDRCG3.js → chunk-W33MHOPA.js} +2 -2
- package/dist/{chunk-INSDRCG3.js.map → chunk-W33MHOPA.js.map} +1 -1
- package/dist/index.cjs +150 -134
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +26 -10
- package/dist/index.js.map +1 -1
- package/dist/middleware.cjs +29 -29
- package/dist/middleware.d.cts +1 -1
- package/dist/middleware.d.ts +1 -1
- package/dist/middleware.js +3 -3
- package/dist/migrations-MYQI2KAJ.cjs +13 -0
- package/dist/{migrations-SVQTT7NV.cjs.map → migrations-MYQI2KAJ.cjs.map} +1 -1
- package/dist/migrations-WCEBO5QQ.js +4 -0
- package/dist/{migrations-7HQ7LYAL.js.map → migrations-WCEBO5QQ.js.map} +1 -1
- package/dist/routes.cjs +28 -28
- package/dist/routes.d.cts +1 -1
- package/dist/routes.d.ts +1 -1
- package/dist/routes.js +5 -5
- package/dist/services.cjs +23 -23
- package/dist/services.js +2 -2
- package/dist/utils.cjs +11 -11
- package/dist/utils.js +1 -1
- package/migrations/035_user_profiles_data_column.sql +14 -15
- package/package.json +1 -1
- package/dist/chunk-OCLUXJ7E.cjs.map +0 -1
- package/dist/chunk-VFQUULAV.js.map +0 -1
- package/dist/migrations-7HQ7LYAL.js +0 -4
- package/dist/migrations-SVQTT7NV.cjs +0 -13
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
var chunkNZWFCUDA_cjs = require('./chunk-NZWFCUDA.cjs');
|
|
4
|
-
var
|
|
5
|
-
var
|
|
6
|
-
var
|
|
4
|
+
var chunk7HHIZQNE_cjs = require('./chunk-7HHIZQNE.cjs');
|
|
5
|
+
var chunkU6FOL6EO_cjs = require('./chunk-U6FOL6EO.cjs');
|
|
6
|
+
var chunkHU4MN74Q_cjs = require('./chunk-HU4MN74Q.cjs');
|
|
7
7
|
var chunkOHYBNCVL_cjs = require('./chunk-OHYBNCVL.cjs');
|
|
8
8
|
var chunkUYJ6TJHX_cjs = require('./chunk-UYJ6TJHX.cjs');
|
|
9
9
|
var chunk635JAMSE_cjs = require('./chunk-635JAMSE.cjs');
|
|
10
|
-
var
|
|
10
|
+
var chunkV76ERLX6_cjs = require('./chunk-V76ERLX6.cjs');
|
|
11
11
|
var chunkRCQ2HIQD_cjs = require('./chunk-RCQ2HIQD.cjs');
|
|
12
12
|
var chunkMNWKYY5E_cjs = require('./chunk-MNWKYY5E.cjs');
|
|
13
13
|
var hono = require('hono');
|
|
@@ -189,7 +189,7 @@ apiContentCrudRoutes.get("/:id", async (c) => {
|
|
|
189
189
|
}, 500);
|
|
190
190
|
}
|
|
191
191
|
});
|
|
192
|
-
apiContentCrudRoutes.post("/",
|
|
192
|
+
apiContentCrudRoutes.post("/", chunk7HHIZQNE_cjs.requireAuth(), chunk7HHIZQNE_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
|
|
193
193
|
try {
|
|
194
194
|
const db = c.env.DB;
|
|
195
195
|
const user = c.get("user");
|
|
@@ -255,7 +255,7 @@ apiContentCrudRoutes.post("/", chunkCZ6BVQZX_cjs.requireAuth(), chunkCZ6BVQZX_cj
|
|
|
255
255
|
}, 500);
|
|
256
256
|
}
|
|
257
257
|
});
|
|
258
|
-
apiContentCrudRoutes.put("/:id",
|
|
258
|
+
apiContentCrudRoutes.put("/:id", chunk7HHIZQNE_cjs.requireAuth(), chunk7HHIZQNE_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
|
|
259
259
|
try {
|
|
260
260
|
const id = c.req.param("id");
|
|
261
261
|
const db = c.env.DB;
|
|
@@ -319,7 +319,7 @@ apiContentCrudRoutes.put("/:id", chunkCZ6BVQZX_cjs.requireAuth(), chunkCZ6BVQZX_
|
|
|
319
319
|
}, 500);
|
|
320
320
|
}
|
|
321
321
|
});
|
|
322
|
-
apiContentCrudRoutes.delete("/:id",
|
|
322
|
+
apiContentCrudRoutes.delete("/:id", chunk7HHIZQNE_cjs.requireAuth(), chunk7HHIZQNE_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
|
|
323
323
|
try {
|
|
324
324
|
const id = c.req.param("id");
|
|
325
325
|
const db = c.env.DB;
|
|
@@ -355,7 +355,7 @@ apiRoutes.use("*", async (c, next) => {
|
|
|
355
355
|
c.header("X-Response-Time", `${totalTime}ms`);
|
|
356
356
|
});
|
|
357
357
|
apiRoutes.use("*", async (c, next) => {
|
|
358
|
-
const cacheEnabled = await
|
|
358
|
+
const cacheEnabled = await chunk7HHIZQNE_cjs.isPluginActive(c.env.DB, "core-cache");
|
|
359
359
|
c.set("cacheEnabled", cacheEnabled);
|
|
360
360
|
await next();
|
|
361
361
|
});
|
|
@@ -846,7 +846,7 @@ apiRoutes.get("/collections", async (c) => {
|
|
|
846
846
|
return c.json({ error: "Failed to fetch collections" }, 500);
|
|
847
847
|
}
|
|
848
848
|
});
|
|
849
|
-
apiRoutes.get("/content",
|
|
849
|
+
apiRoutes.get("/content", chunk7HHIZQNE_cjs.optionalAuth(), async (c) => {
|
|
850
850
|
const executionStart = Date.now();
|
|
851
851
|
try {
|
|
852
852
|
const db = c.env.DB;
|
|
@@ -869,13 +869,13 @@ apiRoutes.get("/content", chunkCZ6BVQZX_cjs.optionalAuth(), async (c) => {
|
|
|
869
869
|
});
|
|
870
870
|
}
|
|
871
871
|
}
|
|
872
|
-
const filter =
|
|
872
|
+
const filter = chunkV76ERLX6_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
|
|
873
873
|
const normalizedFilter = normalizePublicContentFilter(filter, c.get("user")?.role);
|
|
874
874
|
if (!normalizedFilter.limit) {
|
|
875
875
|
normalizedFilter.limit = 50;
|
|
876
876
|
}
|
|
877
877
|
normalizedFilter.limit = Math.min(normalizedFilter.limit, 1e3);
|
|
878
|
-
const builder3 = new
|
|
878
|
+
const builder3 = new chunkV76ERLX6_cjs.QueryFilterBuilder();
|
|
879
879
|
const queryResult = builder3.build("content", normalizedFilter);
|
|
880
880
|
if (queryResult.errors.length > 0) {
|
|
881
881
|
return c.json({
|
|
@@ -947,7 +947,7 @@ apiRoutes.get("/content", chunkCZ6BVQZX_cjs.optionalAuth(), async (c) => {
|
|
|
947
947
|
}, 500);
|
|
948
948
|
}
|
|
949
949
|
});
|
|
950
|
-
apiRoutes.get("/collections/:collection/content",
|
|
950
|
+
apiRoutes.get("/collections/:collection/content", chunk7HHIZQNE_cjs.optionalAuth(), async (c) => {
|
|
951
951
|
const executionStart = Date.now();
|
|
952
952
|
try {
|
|
953
953
|
const collection = c.req.param("collection");
|
|
@@ -958,7 +958,7 @@ apiRoutes.get("/collections/:collection/content", chunkCZ6BVQZX_cjs.optionalAuth
|
|
|
958
958
|
if (!collectionResult) {
|
|
959
959
|
return c.json({ error: "Collection not found" }, 404);
|
|
960
960
|
}
|
|
961
|
-
const filter =
|
|
961
|
+
const filter = chunkV76ERLX6_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
|
|
962
962
|
const normalizedFilter = normalizePublicContentFilter(filter, c.get("user")?.role);
|
|
963
963
|
if (!normalizedFilter.where) {
|
|
964
964
|
normalizedFilter.where = { and: [] };
|
|
@@ -975,7 +975,7 @@ apiRoutes.get("/collections/:collection/content", chunkCZ6BVQZX_cjs.optionalAuth
|
|
|
975
975
|
normalizedFilter.limit = 50;
|
|
976
976
|
}
|
|
977
977
|
normalizedFilter.limit = Math.min(normalizedFilter.limit, 1e3);
|
|
978
|
-
const builder3 = new
|
|
978
|
+
const builder3 = new chunkV76ERLX6_cjs.QueryFilterBuilder();
|
|
979
979
|
const queryResult = builder3.build("content", normalizedFilter);
|
|
980
980
|
if (queryResult.errors.length > 0) {
|
|
981
981
|
return c.json({
|
|
@@ -1096,7 +1096,7 @@ var fileValidationSchema = zod.z.object({
|
|
|
1096
1096
|
// 50MB max
|
|
1097
1097
|
});
|
|
1098
1098
|
var apiMediaRoutes = new hono.Hono();
|
|
1099
|
-
apiMediaRoutes.use("*",
|
|
1099
|
+
apiMediaRoutes.use("*", chunk7HHIZQNE_cjs.requireAuth());
|
|
1100
1100
|
apiMediaRoutes.post("/upload", async (c) => {
|
|
1101
1101
|
try {
|
|
1102
1102
|
const user = c.get("user");
|
|
@@ -1840,8 +1840,8 @@ apiSystemRoutes.get("/env", (c) => {
|
|
|
1840
1840
|
});
|
|
1841
1841
|
var api_system_default = apiSystemRoutes;
|
|
1842
1842
|
var adminApiRoutes = new hono.Hono();
|
|
1843
|
-
adminApiRoutes.use("*",
|
|
1844
|
-
adminApiRoutes.use("*",
|
|
1843
|
+
adminApiRoutes.use("*", chunk7HHIZQNE_cjs.requireAuth());
|
|
1844
|
+
adminApiRoutes.use("*", chunk7HHIZQNE_cjs.requireRole(["admin", "editor"]));
|
|
1845
1845
|
adminApiRoutes.get("/stats", async (c) => {
|
|
1846
1846
|
try {
|
|
1847
1847
|
const db = c.env.DB;
|
|
@@ -2353,7 +2353,7 @@ adminApiRoutes.delete("/collections/:id", async (c) => {
|
|
|
2353
2353
|
});
|
|
2354
2354
|
adminApiRoutes.get("/migrations/status", async (c) => {
|
|
2355
2355
|
try {
|
|
2356
|
-
const { MigrationService: MigrationService2 } = await import('./migrations-
|
|
2356
|
+
const { MigrationService: MigrationService2 } = await import('./migrations-MYQI2KAJ.cjs');
|
|
2357
2357
|
const db = c.env.DB;
|
|
2358
2358
|
const migrationService = new MigrationService2(db);
|
|
2359
2359
|
const status = await migrationService.getMigrationStatus();
|
|
@@ -2378,7 +2378,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
|
|
|
2378
2378
|
error: "Unauthorized. Admin access required."
|
|
2379
2379
|
}, 403);
|
|
2380
2380
|
}
|
|
2381
|
-
const { MigrationService: MigrationService2 } = await import('./migrations-
|
|
2381
|
+
const { MigrationService: MigrationService2 } = await import('./migrations-MYQI2KAJ.cjs');
|
|
2382
2382
|
const db = c.env.DB;
|
|
2383
2383
|
const migrationService = new MigrationService2(db);
|
|
2384
2384
|
const result = await migrationService.runPendingMigrations();
|
|
@@ -2400,7 +2400,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
|
|
|
2400
2400
|
});
|
|
2401
2401
|
adminApiRoutes.get("/migrations/validate", async (c) => {
|
|
2402
2402
|
try {
|
|
2403
|
-
const { MigrationService: MigrationService2 } = await import('./migrations-
|
|
2403
|
+
const { MigrationService: MigrationService2 } = await import('./migrations-MYQI2KAJ.cjs');
|
|
2404
2404
|
const db = c.env.DB;
|
|
2405
2405
|
const migrationService = new MigrationService2(db);
|
|
2406
2406
|
const validation = await migrationService.validateSchema();
|
|
@@ -5153,7 +5153,7 @@ var JWT_SECRET_FALLBACK = "your-super-secret-jwt-key-change-in-production";
|
|
|
5153
5153
|
async function setCsrfCookie(c) {
|
|
5154
5154
|
const secret = c.env?.JWT_SECRET || JWT_SECRET_FALLBACK;
|
|
5155
5155
|
const isDev = c.env?.ENVIRONMENT === "development" || !c.env?.ENVIRONMENT;
|
|
5156
|
-
const csrfToken = await
|
|
5156
|
+
const csrfToken = await chunk7HHIZQNE_cjs.generateCsrfToken(secret);
|
|
5157
5157
|
cookie.setCookie(c, "csrf_token", csrfToken, {
|
|
5158
5158
|
httpOnly: false,
|
|
5159
5159
|
secure: !isDev,
|
|
@@ -5210,7 +5210,7 @@ var loginSchema = zod.z.object({
|
|
|
5210
5210
|
});
|
|
5211
5211
|
authRoutes.post(
|
|
5212
5212
|
"/register",
|
|
5213
|
-
|
|
5213
|
+
chunk7HHIZQNE_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
|
|
5214
5214
|
async (c) => {
|
|
5215
5215
|
try {
|
|
5216
5216
|
const db = c.env.DB;
|
|
@@ -5247,7 +5247,7 @@ authRoutes.post(
|
|
|
5247
5247
|
if (existingUser) {
|
|
5248
5248
|
return c.json({ error: "User with this email or username already exists" }, 400);
|
|
5249
5249
|
}
|
|
5250
|
-
const passwordHash = await
|
|
5250
|
+
const passwordHash = await chunk7HHIZQNE_cjs.AuthManager.hashPassword(password);
|
|
5251
5251
|
const userId = crypto.randomUUID();
|
|
5252
5252
|
const now = /* @__PURE__ */ new Date();
|
|
5253
5253
|
await db.prepare(`
|
|
@@ -5281,7 +5281,7 @@ authRoutes.post(
|
|
|
5281
5281
|
await saveCustomData(db, userId, sanitized);
|
|
5282
5282
|
}
|
|
5283
5283
|
}
|
|
5284
|
-
const token = await
|
|
5284
|
+
const token = await chunk7HHIZQNE_cjs.AuthManager.generateToken(userId, normalizedEmail, "viewer", c.env.JWT_SECRET);
|
|
5285
5285
|
cookie.setCookie(c, "auth_token", token, {
|
|
5286
5286
|
httpOnly: true,
|
|
5287
5287
|
secure: true,
|
|
@@ -5315,7 +5315,7 @@ authRoutes.post(
|
|
|
5315
5315
|
);
|
|
5316
5316
|
authRoutes.post(
|
|
5317
5317
|
"/login",
|
|
5318
|
-
|
|
5318
|
+
chunk7HHIZQNE_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
|
|
5319
5319
|
async (c) => {
|
|
5320
5320
|
try {
|
|
5321
5321
|
const body = await c.req.json();
|
|
@@ -5338,19 +5338,19 @@ authRoutes.post(
|
|
|
5338
5338
|
if (!user) {
|
|
5339
5339
|
return c.json({ error: "Invalid email or password" }, 401);
|
|
5340
5340
|
}
|
|
5341
|
-
const isValidPassword = await
|
|
5341
|
+
const isValidPassword = await chunk7HHIZQNE_cjs.AuthManager.verifyPassword(password, user.password_hash);
|
|
5342
5342
|
if (!isValidPassword) {
|
|
5343
5343
|
return c.json({ error: "Invalid email or password" }, 401);
|
|
5344
5344
|
}
|
|
5345
|
-
if (
|
|
5345
|
+
if (chunk7HHIZQNE_cjs.AuthManager.isLegacyHash(user.password_hash)) {
|
|
5346
5346
|
try {
|
|
5347
|
-
const newHash = await
|
|
5347
|
+
const newHash = await chunk7HHIZQNE_cjs.AuthManager.hashPassword(password);
|
|
5348
5348
|
await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(newHash, Date.now(), user.id).run();
|
|
5349
5349
|
} catch (rehashError) {
|
|
5350
5350
|
console.error("Password rehash failed (non-fatal):", rehashError);
|
|
5351
5351
|
}
|
|
5352
5352
|
}
|
|
5353
|
-
const token = await
|
|
5353
|
+
const token = await chunk7HHIZQNE_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
|
|
5354
5354
|
cookie.setCookie(c, "auth_token", token, {
|
|
5355
5355
|
httpOnly: true,
|
|
5356
5356
|
secure: true,
|
|
@@ -5403,7 +5403,7 @@ authRoutes.get("/logout", (c) => {
|
|
|
5403
5403
|
clearCsrfCookie(c);
|
|
5404
5404
|
return c.redirect("/auth/login?message=You have been logged out successfully");
|
|
5405
5405
|
});
|
|
5406
|
-
authRoutes.get("/me",
|
|
5406
|
+
authRoutes.get("/me", chunk7HHIZQNE_cjs.requireAuth(), async (c) => {
|
|
5407
5407
|
try {
|
|
5408
5408
|
const user = c.get("user");
|
|
5409
5409
|
if (!user) {
|
|
@@ -5420,13 +5420,13 @@ authRoutes.get("/me", chunkCZ6BVQZX_cjs.requireAuth(), async (c) => {
|
|
|
5420
5420
|
return c.json({ error: "Failed to get user" }, 500);
|
|
5421
5421
|
}
|
|
5422
5422
|
});
|
|
5423
|
-
authRoutes.post("/refresh",
|
|
5423
|
+
authRoutes.post("/refresh", chunk7HHIZQNE_cjs.requireAuth(), async (c) => {
|
|
5424
5424
|
try {
|
|
5425
5425
|
const user = c.get("user");
|
|
5426
5426
|
if (!user) {
|
|
5427
5427
|
return c.json({ error: "Not authenticated" }, 401);
|
|
5428
5428
|
}
|
|
5429
|
-
const token = await
|
|
5429
|
+
const token = await chunk7HHIZQNE_cjs.AuthManager.generateToken(user.userId, user.email, user.role, c.env.JWT_SECRET);
|
|
5430
5430
|
cookie.setCookie(c, "auth_token", token, {
|
|
5431
5431
|
httpOnly: true,
|
|
5432
5432
|
secure: true,
|
|
@@ -5443,7 +5443,7 @@ authRoutes.post("/refresh", chunkCZ6BVQZX_cjs.requireAuth(), async (c) => {
|
|
|
5443
5443
|
});
|
|
5444
5444
|
authRoutes.post(
|
|
5445
5445
|
"/register/form",
|
|
5446
|
-
|
|
5446
|
+
chunk7HHIZQNE_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
|
|
5447
5447
|
async (c) => {
|
|
5448
5448
|
try {
|
|
5449
5449
|
const db = c.env.DB;
|
|
@@ -5490,7 +5490,7 @@ authRoutes.post(
|
|
|
5490
5490
|
</div>
|
|
5491
5491
|
`);
|
|
5492
5492
|
}
|
|
5493
|
-
const passwordHash = await
|
|
5493
|
+
const passwordHash = await chunk7HHIZQNE_cjs.AuthManager.hashPassword(password);
|
|
5494
5494
|
const role = isFirstUser ? "admin" : "viewer";
|
|
5495
5495
|
const userId = crypto.randomUUID();
|
|
5496
5496
|
const now = /* @__PURE__ */ new Date();
|
|
@@ -5525,7 +5525,7 @@ authRoutes.post(
|
|
|
5525
5525
|
await saveCustomData(db, userId, sanitized);
|
|
5526
5526
|
}
|
|
5527
5527
|
}
|
|
5528
|
-
const token = await
|
|
5528
|
+
const token = await chunk7HHIZQNE_cjs.AuthManager.generateToken(userId, normalizedEmail, role, c.env.JWT_SECRET);
|
|
5529
5529
|
cookie.setCookie(c, "auth_token", token, {
|
|
5530
5530
|
httpOnly: true,
|
|
5531
5531
|
secure: false,
|
|
@@ -5558,7 +5558,7 @@ authRoutes.post(
|
|
|
5558
5558
|
);
|
|
5559
5559
|
authRoutes.post(
|
|
5560
5560
|
"/login/form",
|
|
5561
|
-
|
|
5561
|
+
chunk7HHIZQNE_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
|
|
5562
5562
|
async (c) => {
|
|
5563
5563
|
try {
|
|
5564
5564
|
const formData = await c.req.formData();
|
|
@@ -5582,7 +5582,7 @@ authRoutes.post(
|
|
|
5582
5582
|
</div>
|
|
5583
5583
|
`);
|
|
5584
5584
|
}
|
|
5585
|
-
const isValidPassword = await
|
|
5585
|
+
const isValidPassword = await chunk7HHIZQNE_cjs.AuthManager.verifyPassword(password, user.password_hash);
|
|
5586
5586
|
if (!isValidPassword) {
|
|
5587
5587
|
return c.html(html.html`
|
|
5588
5588
|
<div class="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded">
|
|
@@ -5590,15 +5590,15 @@ authRoutes.post(
|
|
|
5590
5590
|
</div>
|
|
5591
5591
|
`);
|
|
5592
5592
|
}
|
|
5593
|
-
if (
|
|
5593
|
+
if (chunk7HHIZQNE_cjs.AuthManager.isLegacyHash(user.password_hash)) {
|
|
5594
5594
|
try {
|
|
5595
|
-
const newHash = await
|
|
5595
|
+
const newHash = await chunk7HHIZQNE_cjs.AuthManager.hashPassword(password);
|
|
5596
5596
|
await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(newHash, Date.now(), user.id).run();
|
|
5597
5597
|
} catch (rehashError) {
|
|
5598
5598
|
console.error("Password rehash failed (non-fatal):", rehashError);
|
|
5599
5599
|
}
|
|
5600
5600
|
}
|
|
5601
|
-
const token = await
|
|
5601
|
+
const token = await chunk7HHIZQNE_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
|
|
5602
5602
|
cookie.setCookie(c, "auth_token", token, {
|
|
5603
5603
|
httpOnly: true,
|
|
5604
5604
|
secure: false,
|
|
@@ -5640,7 +5640,7 @@ authRoutes.post(
|
|
|
5640
5640
|
);
|
|
5641
5641
|
authRoutes.post(
|
|
5642
5642
|
"/seed-admin",
|
|
5643
|
-
|
|
5643
|
+
chunk7HHIZQNE_cjs.rateLimit({ max: 10, windowMs: 60 * 1e3, keyPrefix: "seed-admin" }),
|
|
5644
5644
|
async (c) => {
|
|
5645
5645
|
try {
|
|
5646
5646
|
const db = c.env.DB;
|
|
@@ -5662,7 +5662,7 @@ authRoutes.post(
|
|
|
5662
5662
|
`).run();
|
|
5663
5663
|
const existingAdmin = await db.prepare("SELECT id FROM users WHERE email = ? OR username = ?").bind("admin@sonicjs.com", "admin").first();
|
|
5664
5664
|
if (existingAdmin) {
|
|
5665
|
-
const passwordHash2 = await
|
|
5665
|
+
const passwordHash2 = await chunk7HHIZQNE_cjs.AuthManager.hashPassword("sonicjs!");
|
|
5666
5666
|
await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(passwordHash2, Date.now(), existingAdmin.id).run();
|
|
5667
5667
|
return c.json({
|
|
5668
5668
|
message: "Admin user already exists (password updated)",
|
|
@@ -5674,7 +5674,7 @@ authRoutes.post(
|
|
|
5674
5674
|
}
|
|
5675
5675
|
});
|
|
5676
5676
|
}
|
|
5677
|
-
const passwordHash = await
|
|
5677
|
+
const passwordHash = await chunk7HHIZQNE_cjs.AuthManager.hashPassword("sonicjs!");
|
|
5678
5678
|
const userId = "admin-user-id";
|
|
5679
5679
|
const now = Date.now();
|
|
5680
5680
|
const adminEmail = "admin@sonicjs.com".toLowerCase();
|
|
@@ -5895,7 +5895,7 @@ authRoutes.post("/accept-invitation", async (c) => {
|
|
|
5895
5895
|
if (existingUsername) {
|
|
5896
5896
|
return c.json({ error: "Username is already taken" }, 400);
|
|
5897
5897
|
}
|
|
5898
|
-
const passwordHash = await
|
|
5898
|
+
const passwordHash = await chunk7HHIZQNE_cjs.AuthManager.hashPassword(password);
|
|
5899
5899
|
const updateStmt = db.prepare(`
|
|
5900
5900
|
UPDATE users SET
|
|
5901
5901
|
username = ?,
|
|
@@ -5914,7 +5914,7 @@ authRoutes.post("/accept-invitation", async (c) => {
|
|
|
5914
5914
|
Date.now(),
|
|
5915
5915
|
invitedUser.id
|
|
5916
5916
|
).run();
|
|
5917
|
-
const authToken = await
|
|
5917
|
+
const authToken = await chunk7HHIZQNE_cjs.AuthManager.generateToken(invitedUser.id, invitedUser.email, invitedUser.role, c.env.JWT_SECRET);
|
|
5918
5918
|
cookie.setCookie(c, "auth_token", authToken, {
|
|
5919
5919
|
httpOnly: true,
|
|
5920
5920
|
secure: true,
|
|
@@ -5931,7 +5931,7 @@ authRoutes.post("/accept-invitation", async (c) => {
|
|
|
5931
5931
|
});
|
|
5932
5932
|
authRoutes.post(
|
|
5933
5933
|
"/request-password-reset",
|
|
5934
|
-
|
|
5934
|
+
chunk7HHIZQNE_cjs.rateLimit({ max: 3, windowMs: 15 * 60 * 1e3, keyPrefix: "password-reset" }),
|
|
5935
5935
|
async (c) => {
|
|
5936
5936
|
try {
|
|
5937
5937
|
const formData = await c.req.formData();
|
|
@@ -6149,7 +6149,7 @@ authRoutes.post("/reset-password", async (c) => {
|
|
|
6149
6149
|
if (Date.now() > user.password_reset_expires) {
|
|
6150
6150
|
return c.json({ error: "Reset token has expired" }, 400);
|
|
6151
6151
|
}
|
|
6152
|
-
const newPasswordHash = await
|
|
6152
|
+
const newPasswordHash = await chunk7HHIZQNE_cjs.AuthManager.hashPassword(password);
|
|
6153
6153
|
try {
|
|
6154
6154
|
const historyStmt = db.prepare(`
|
|
6155
6155
|
INSERT INTO password_history (id, user_id, password_hash, created_at)
|
|
@@ -9525,9 +9525,9 @@ function parseFieldValue(field, formData, options = {}) {
|
|
|
9525
9525
|
const { skipValidation = false } = options;
|
|
9526
9526
|
const value = formData.get(field.field_name);
|
|
9527
9527
|
const errors = [];
|
|
9528
|
-
const blocksConfig =
|
|
9528
|
+
const blocksConfig = chunkV76ERLX6_cjs.getBlocksFieldConfig(field.field_options);
|
|
9529
9529
|
if (blocksConfig) {
|
|
9530
|
-
const parsed =
|
|
9530
|
+
const parsed = chunkV76ERLX6_cjs.parseBlocksValue(value, blocksConfig);
|
|
9531
9531
|
if (!skipValidation && field.is_required && parsed.value.length === 0) {
|
|
9532
9532
|
parsed.errors.push(`${field.field_label} is required`);
|
|
9533
9533
|
}
|
|
@@ -9637,7 +9637,7 @@ function extractFieldData(fields, formData, options = {}) {
|
|
|
9637
9637
|
}
|
|
9638
9638
|
return { data, errors };
|
|
9639
9639
|
}
|
|
9640
|
-
adminContentRoutes.use("*",
|
|
9640
|
+
adminContentRoutes.use("*", chunk7HHIZQNE_cjs.requireAuth());
|
|
9641
9641
|
async function getCollectionFields(db, collectionId) {
|
|
9642
9642
|
const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.collection);
|
|
9643
9643
|
return cache.getOrSet(
|
|
@@ -9914,21 +9914,21 @@ adminContentRoutes.get("/new", async (c) => {
|
|
|
9914
9914
|
const tinymceEnabled = await isPluginActive2(db, "tinymce-plugin");
|
|
9915
9915
|
let tinymceSettings;
|
|
9916
9916
|
if (tinymceEnabled) {
|
|
9917
|
-
const pluginService = new
|
|
9917
|
+
const pluginService = new chunkU6FOL6EO_cjs.PluginService(db);
|
|
9918
9918
|
const tinymcePlugin2 = await pluginService.getPlugin("tinymce-plugin");
|
|
9919
9919
|
tinymceSettings = tinymcePlugin2?.settings;
|
|
9920
9920
|
}
|
|
9921
9921
|
const quillEnabled = await isPluginActive2(db, "quill-editor");
|
|
9922
9922
|
let quillSettings;
|
|
9923
9923
|
if (quillEnabled) {
|
|
9924
|
-
const pluginService = new
|
|
9924
|
+
const pluginService = new chunkU6FOL6EO_cjs.PluginService(db);
|
|
9925
9925
|
const quillPlugin = await pluginService.getPlugin("quill-editor");
|
|
9926
9926
|
quillSettings = quillPlugin?.settings;
|
|
9927
9927
|
}
|
|
9928
9928
|
const mdxeditorEnabled = await isPluginActive2(db, "easy-mdx");
|
|
9929
9929
|
let mdxeditorSettings;
|
|
9930
9930
|
if (mdxeditorEnabled) {
|
|
9931
|
-
const pluginService = new
|
|
9931
|
+
const pluginService = new chunkU6FOL6EO_cjs.PluginService(db);
|
|
9932
9932
|
const mdxeditorPlugin = await pluginService.getPlugin("easy-mdx");
|
|
9933
9933
|
mdxeditorSettings = mdxeditorPlugin?.settings;
|
|
9934
9934
|
}
|
|
@@ -10019,21 +10019,21 @@ adminContentRoutes.get("/:id/edit", async (c) => {
|
|
|
10019
10019
|
const tinymceEnabled = await isPluginActive2(db, "tinymce-plugin");
|
|
10020
10020
|
let tinymceSettings;
|
|
10021
10021
|
if (tinymceEnabled) {
|
|
10022
|
-
const pluginService = new
|
|
10022
|
+
const pluginService = new chunkU6FOL6EO_cjs.PluginService(db);
|
|
10023
10023
|
const tinymcePlugin2 = await pluginService.getPlugin("tinymce-plugin");
|
|
10024
10024
|
tinymceSettings = tinymcePlugin2?.settings;
|
|
10025
10025
|
}
|
|
10026
10026
|
const quillEnabled = await isPluginActive2(db, "quill-editor");
|
|
10027
10027
|
let quillSettings;
|
|
10028
10028
|
if (quillEnabled) {
|
|
10029
|
-
const pluginService = new
|
|
10029
|
+
const pluginService = new chunkU6FOL6EO_cjs.PluginService(db);
|
|
10030
10030
|
const quillPlugin = await pluginService.getPlugin("quill-editor");
|
|
10031
10031
|
quillSettings = quillPlugin?.settings;
|
|
10032
10032
|
}
|
|
10033
10033
|
const mdxeditorEnabled = await isPluginActive2(db, "easy-mdx");
|
|
10034
10034
|
let mdxeditorSettings;
|
|
10035
10035
|
if (mdxeditorEnabled) {
|
|
10036
|
-
const pluginService = new
|
|
10036
|
+
const pluginService = new chunkU6FOL6EO_cjs.PluginService(db);
|
|
10037
10037
|
const mdxeditorPlugin = await pluginService.getPlugin("easy-mdx");
|
|
10038
10038
|
mdxeditorSettings = mdxeditorPlugin?.settings;
|
|
10039
10039
|
}
|
|
@@ -10328,7 +10328,7 @@ adminContentRoutes.put("/:id", async (c) => {
|
|
|
10328
10328
|
`);
|
|
10329
10329
|
}
|
|
10330
10330
|
});
|
|
10331
|
-
adminContentRoutes.post("/preview",
|
|
10331
|
+
adminContentRoutes.post("/preview", chunk7HHIZQNE_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
|
|
10332
10332
|
try {
|
|
10333
10333
|
const formData = await c.req.formData();
|
|
10334
10334
|
const collectionId = formData.get("collection_id");
|
|
@@ -10706,7 +10706,7 @@ adminContentRoutes.post("/:id/restore/:version", async (c) => {
|
|
|
10706
10706
|
return c.json({ success: false, error: "Failed to restore version" });
|
|
10707
10707
|
}
|
|
10708
10708
|
});
|
|
10709
|
-
adminContentRoutes.get("/:id/version/:version/preview",
|
|
10709
|
+
adminContentRoutes.get("/:id/version/:version/preview", chunk7HHIZQNE_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
|
|
10710
10710
|
try {
|
|
10711
10711
|
const id = c.req.param("id");
|
|
10712
10712
|
const version = parseInt(c.req.param("version") || "0");
|
|
@@ -12707,14 +12707,14 @@ function renderUsersListPage(data) {
|
|
|
12707
12707
|
|
|
12708
12708
|
// src/routes/admin-users.ts
|
|
12709
12709
|
var userRoutes = new hono.Hono();
|
|
12710
|
-
userRoutes.use("*",
|
|
12711
|
-
userRoutes.use("/users/*",
|
|
12712
|
-
userRoutes.use("/users",
|
|
12713
|
-
userRoutes.use("/invite-user",
|
|
12714
|
-
userRoutes.use("/resend-invitation/*",
|
|
12715
|
-
userRoutes.use("/cancel-invitation/*",
|
|
12716
|
-
userRoutes.use("/activity-logs",
|
|
12717
|
-
userRoutes.use("/activity-logs/*",
|
|
12710
|
+
userRoutes.use("*", chunk7HHIZQNE_cjs.requireAuth());
|
|
12711
|
+
userRoutes.use("/users/*", chunk7HHIZQNE_cjs.requireRole(["admin"]));
|
|
12712
|
+
userRoutes.use("/users", chunk7HHIZQNE_cjs.requireRole(["admin"]));
|
|
12713
|
+
userRoutes.use("/invite-user", chunk7HHIZQNE_cjs.requireRole(["admin"]));
|
|
12714
|
+
userRoutes.use("/resend-invitation/*", chunk7HHIZQNE_cjs.requireRole(["admin"]));
|
|
12715
|
+
userRoutes.use("/cancel-invitation/*", chunk7HHIZQNE_cjs.requireRole(["admin"]));
|
|
12716
|
+
userRoutes.use("/activity-logs", chunk7HHIZQNE_cjs.requireRole(["admin"]));
|
|
12717
|
+
userRoutes.use("/activity-logs/*", chunk7HHIZQNE_cjs.requireRole(["admin"]));
|
|
12718
12718
|
userRoutes.get("/", (c) => {
|
|
12719
12719
|
return c.redirect("/admin/dashboard");
|
|
12720
12720
|
});
|
|
@@ -12884,7 +12884,7 @@ userRoutes.put("/profile", async (c) => {
|
|
|
12884
12884
|
}
|
|
12885
12885
|
await saveCustomData(db, user.userId, sanitized);
|
|
12886
12886
|
}
|
|
12887
|
-
await
|
|
12887
|
+
await chunk7HHIZQNE_cjs.logActivity(
|
|
12888
12888
|
db,
|
|
12889
12889
|
user.userId,
|
|
12890
12890
|
"profile.update",
|
|
@@ -12947,7 +12947,7 @@ userRoutes.post("/profile/avatar", async (c) => {
|
|
|
12947
12947
|
SELECT first_name, last_name FROM users WHERE id = ?
|
|
12948
12948
|
`);
|
|
12949
12949
|
const userData = await userStmt.bind(user.userId).first();
|
|
12950
|
-
await
|
|
12950
|
+
await chunk7HHIZQNE_cjs.logActivity(
|
|
12951
12951
|
db,
|
|
12952
12952
|
user.userId,
|
|
12953
12953
|
"profile.avatar_update",
|
|
@@ -13018,7 +13018,7 @@ userRoutes.post("/profile/password", async (c) => {
|
|
|
13018
13018
|
dismissible: true
|
|
13019
13019
|
}));
|
|
13020
13020
|
}
|
|
13021
|
-
const validPassword = await
|
|
13021
|
+
const validPassword = await chunk7HHIZQNE_cjs.AuthManager.verifyPassword(currentPassword, userData.password_hash);
|
|
13022
13022
|
if (!validPassword) {
|
|
13023
13023
|
return c.html(renderAlert2({
|
|
13024
13024
|
type: "error",
|
|
@@ -13026,7 +13026,7 @@ userRoutes.post("/profile/password", async (c) => {
|
|
|
13026
13026
|
dismissible: true
|
|
13027
13027
|
}));
|
|
13028
13028
|
}
|
|
13029
|
-
const newPasswordHash = await
|
|
13029
|
+
const newPasswordHash = await chunk7HHIZQNE_cjs.AuthManager.hashPassword(newPassword);
|
|
13030
13030
|
const historyStmt = db.prepare(`
|
|
13031
13031
|
INSERT INTO password_history (id, user_id, password_hash, created_at)
|
|
13032
13032
|
VALUES (?, ?, ?, ?)
|
|
@@ -13042,7 +13042,7 @@ userRoutes.post("/profile/password", async (c) => {
|
|
|
13042
13042
|
WHERE id = ?
|
|
13043
13043
|
`);
|
|
13044
13044
|
await updateStmt.bind(newPasswordHash, Date.now(), user.userId).run();
|
|
13045
|
-
await
|
|
13045
|
+
await chunk7HHIZQNE_cjs.logActivity(
|
|
13046
13046
|
db,
|
|
13047
13047
|
user.userId,
|
|
13048
13048
|
"profile.password_change",
|
|
@@ -13109,7 +13109,7 @@ userRoutes.get("/users", async (c) => {
|
|
|
13109
13109
|
`);
|
|
13110
13110
|
const countResult = await countStmt.bind(...params).first();
|
|
13111
13111
|
const totalUsers = countResult?.total || 0;
|
|
13112
|
-
await
|
|
13112
|
+
await chunk7HHIZQNE_cjs.logActivity(
|
|
13113
13113
|
db,
|
|
13114
13114
|
user.userId,
|
|
13115
13115
|
"users.list_view",
|
|
@@ -13267,7 +13267,7 @@ userRoutes.post("/users/new", async (c) => {
|
|
|
13267
13267
|
dismissible: true
|
|
13268
13268
|
}));
|
|
13269
13269
|
}
|
|
13270
|
-
const passwordHash = await
|
|
13270
|
+
const passwordHash = await chunk7HHIZQNE_cjs.AuthManager.hashPassword(password);
|
|
13271
13271
|
const userId = crypto.randomUUID();
|
|
13272
13272
|
const createStmt = db.prepare(`
|
|
13273
13273
|
INSERT INTO users (
|
|
@@ -13290,7 +13290,7 @@ userRoutes.post("/users/new", async (c) => {
|
|
|
13290
13290
|
Date.now(),
|
|
13291
13291
|
Date.now()
|
|
13292
13292
|
).run();
|
|
13293
|
-
await
|
|
13293
|
+
await chunk7HHIZQNE_cjs.logActivity(
|
|
13294
13294
|
db,
|
|
13295
13295
|
user.userId,
|
|
13296
13296
|
"user!.create",
|
|
@@ -13329,7 +13329,7 @@ userRoutes.get("/users/:id", async (c) => {
|
|
|
13329
13329
|
if (!userRecord) {
|
|
13330
13330
|
return c.json({ error: "User not found" }, 404);
|
|
13331
13331
|
}
|
|
13332
|
-
await
|
|
13332
|
+
await chunk7HHIZQNE_cjs.logActivity(
|
|
13333
13333
|
db,
|
|
13334
13334
|
user.userId,
|
|
13335
13335
|
"user!.view",
|
|
@@ -13555,7 +13555,7 @@ userRoutes.put("/users/:id", async (c) => {
|
|
|
13555
13555
|
userId
|
|
13556
13556
|
).run();
|
|
13557
13557
|
if (newPassword) {
|
|
13558
|
-
const passwordHash = await
|
|
13558
|
+
const passwordHash = await chunk7HHIZQNE_cjs.AuthManager.hashPassword(newPassword);
|
|
13559
13559
|
const updatePasswordStmt = db.prepare(`
|
|
13560
13560
|
UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?
|
|
13561
13561
|
`);
|
|
@@ -13609,7 +13609,7 @@ userRoutes.put("/users/:id", async (c) => {
|
|
|
13609
13609
|
).run();
|
|
13610
13610
|
}
|
|
13611
13611
|
}
|
|
13612
|
-
await
|
|
13612
|
+
await chunk7HHIZQNE_cjs.logActivity(
|
|
13613
13613
|
db,
|
|
13614
13614
|
user.userId,
|
|
13615
13615
|
"user.update",
|
|
@@ -13654,7 +13654,7 @@ userRoutes.post("/users/:id/toggle", async (c) => {
|
|
|
13654
13654
|
UPDATE users SET is_active = ?, updated_at = ? WHERE id = ?
|
|
13655
13655
|
`);
|
|
13656
13656
|
await toggleStmt.bind(active ? 1 : 0, Date.now(), userId).run();
|
|
13657
|
-
await
|
|
13657
|
+
await chunk7HHIZQNE_cjs.logActivity(
|
|
13658
13658
|
db,
|
|
13659
13659
|
user.userId,
|
|
13660
13660
|
active ? "user.activate" : "user.deactivate",
|
|
@@ -13695,7 +13695,7 @@ userRoutes.delete("/users/:id", async (c) => {
|
|
|
13695
13695
|
DELETE FROM users WHERE id = ?
|
|
13696
13696
|
`);
|
|
13697
13697
|
await deleteStmt.bind(userId).run();
|
|
13698
|
-
await
|
|
13698
|
+
await chunk7HHIZQNE_cjs.logActivity(
|
|
13699
13699
|
db,
|
|
13700
13700
|
user.userId,
|
|
13701
13701
|
"user!.hard_delete",
|
|
@@ -13714,7 +13714,7 @@ userRoutes.delete("/users/:id", async (c) => {
|
|
|
13714
13714
|
UPDATE users SET is_active = 0, updated_at = ? WHERE id = ?
|
|
13715
13715
|
`);
|
|
13716
13716
|
await deleteStmt.bind(Date.now(), userId).run();
|
|
13717
|
-
await
|
|
13717
|
+
await chunk7HHIZQNE_cjs.logActivity(
|
|
13718
13718
|
db,
|
|
13719
13719
|
user.userId,
|
|
13720
13720
|
"user!.soft_delete",
|
|
@@ -13780,7 +13780,7 @@ userRoutes.post("/invite-user", async (c) => {
|
|
|
13780
13780
|
Date.now(),
|
|
13781
13781
|
Date.now()
|
|
13782
13782
|
).run();
|
|
13783
|
-
await
|
|
13783
|
+
await chunk7HHIZQNE_cjs.logActivity(
|
|
13784
13784
|
db,
|
|
13785
13785
|
user.userId,
|
|
13786
13786
|
"user!.invite_sent",
|
|
@@ -13837,7 +13837,7 @@ userRoutes.post("/resend-invitation/:id", async (c) => {
|
|
|
13837
13837
|
Date.now(),
|
|
13838
13838
|
userId
|
|
13839
13839
|
).run();
|
|
13840
|
-
await
|
|
13840
|
+
await chunk7HHIZQNE_cjs.logActivity(
|
|
13841
13841
|
db,
|
|
13842
13842
|
user.userId,
|
|
13843
13843
|
"user!.invitation_resent",
|
|
@@ -13873,7 +13873,7 @@ userRoutes.delete("/cancel-invitation/:id", async (c) => {
|
|
|
13873
13873
|
}
|
|
13874
13874
|
const deleteStmt = db.prepare(`DELETE FROM users WHERE id = ?`);
|
|
13875
13875
|
await deleteStmt.bind(userId).run();
|
|
13876
|
-
await
|
|
13876
|
+
await chunk7HHIZQNE_cjs.logActivity(
|
|
13877
13877
|
db,
|
|
13878
13878
|
user.userId,
|
|
13879
13879
|
"user!.invitation_cancelled",
|
|
@@ -13956,7 +13956,7 @@ userRoutes.get("/activity-logs", async (c) => {
|
|
|
13956
13956
|
...log,
|
|
13957
13957
|
details: log.details ? JSON.parse(log.details) : null
|
|
13958
13958
|
}));
|
|
13959
|
-
await
|
|
13959
|
+
await chunk7HHIZQNE_cjs.logActivity(
|
|
13960
13960
|
db,
|
|
13961
13961
|
user.userId,
|
|
13962
13962
|
"activity.logs_viewed",
|
|
@@ -14063,7 +14063,7 @@ userRoutes.get("/activity-logs/export", async (c) => {
|
|
|
14063
14063
|
csvRows.push(row.join(","));
|
|
14064
14064
|
}
|
|
14065
14065
|
const csvContent = csvRows.join("\n");
|
|
14066
|
-
await
|
|
14066
|
+
await chunk7HHIZQNE_cjs.logActivity(
|
|
14067
14067
|
db,
|
|
14068
14068
|
user.userId,
|
|
14069
14069
|
"activity.logs_exported",
|
|
@@ -15402,7 +15402,7 @@ var fileValidationSchema2 = zod.z.object({
|
|
|
15402
15402
|
// 50MB max
|
|
15403
15403
|
});
|
|
15404
15404
|
var adminMediaRoutes = new hono.Hono();
|
|
15405
|
-
adminMediaRoutes.use("*",
|
|
15405
|
+
adminMediaRoutes.use("*", chunk7HHIZQNE_cjs.requireAuth());
|
|
15406
15406
|
adminMediaRoutes.get("/", async (c) => {
|
|
15407
15407
|
try {
|
|
15408
15408
|
const user = c.get("user");
|
|
@@ -15988,7 +15988,7 @@ adminMediaRoutes.put("/:id", async (c) => {
|
|
|
15988
15988
|
`);
|
|
15989
15989
|
}
|
|
15990
15990
|
});
|
|
15991
|
-
adminMediaRoutes.delete("/cleanup",
|
|
15991
|
+
adminMediaRoutes.delete("/cleanup", chunk7HHIZQNE_cjs.requireRole("admin"), async (c) => {
|
|
15992
15992
|
try {
|
|
15993
15993
|
const db = c.env.DB;
|
|
15994
15994
|
const allMediaStmt = db.prepare("SELECT id, r2_key, filename FROM media WHERE deleted_at IS NULL");
|
|
@@ -18213,8 +18213,8 @@ function renderEmailSettingsContent(plugin, settings) {
|
|
|
18213
18213
|
|
|
18214
18214
|
// src/routes/admin-plugins.ts
|
|
18215
18215
|
var adminPluginRoutes = new hono.Hono();
|
|
18216
|
-
adminPluginRoutes.use("*",
|
|
18217
|
-
var AVAILABLE_PLUGINS = Object.values(
|
|
18216
|
+
adminPluginRoutes.use("*", chunk7HHIZQNE_cjs.requireAuth());
|
|
18217
|
+
var AVAILABLE_PLUGINS = Object.values(chunkU6FOL6EO_cjs.PLUGIN_REGISTRY).map((p) => ({
|
|
18218
18218
|
id: p.id,
|
|
18219
18219
|
name: p.codeName,
|
|
18220
18220
|
display_name: p.displayName,
|
|
@@ -18234,7 +18234,7 @@ adminPluginRoutes.get("/", async (c) => {
|
|
|
18234
18234
|
if (user?.role !== "admin") {
|
|
18235
18235
|
return c.text("Access denied", 403);
|
|
18236
18236
|
}
|
|
18237
|
-
const pluginService = new
|
|
18237
|
+
const pluginService = new chunkU6FOL6EO_cjs.PluginService(db);
|
|
18238
18238
|
let installedPlugins = [];
|
|
18239
18239
|
let stats = { total: 0, active: 0, inactive: 0, errors: 0, uninstalled: 0 };
|
|
18240
18240
|
try {
|
|
@@ -18306,7 +18306,7 @@ adminPluginRoutes.get("/:id", async (c) => {
|
|
|
18306
18306
|
if (user?.role !== "admin") {
|
|
18307
18307
|
return c.redirect("/admin/plugins");
|
|
18308
18308
|
}
|
|
18309
|
-
const pluginService = new
|
|
18309
|
+
const pluginService = new chunkU6FOL6EO_cjs.PluginService(db);
|
|
18310
18310
|
const plugin = await pluginService.getPlugin(pluginId);
|
|
18311
18311
|
if (!plugin) {
|
|
18312
18312
|
return c.text("Plugin not found", 404);
|
|
@@ -18382,7 +18382,7 @@ adminPluginRoutes.post("/:id/activate", async (c) => {
|
|
|
18382
18382
|
if (user?.role !== "admin") {
|
|
18383
18383
|
return c.json({ error: "Access denied" }, 403);
|
|
18384
18384
|
}
|
|
18385
|
-
const pluginService = new
|
|
18385
|
+
const pluginService = new chunkU6FOL6EO_cjs.PluginService(db);
|
|
18386
18386
|
await pluginService.activatePlugin(pluginId);
|
|
18387
18387
|
return c.json({ success: true });
|
|
18388
18388
|
} catch (error) {
|
|
@@ -18399,7 +18399,7 @@ adminPluginRoutes.post("/:id/deactivate", async (c) => {
|
|
|
18399
18399
|
if (user?.role !== "admin") {
|
|
18400
18400
|
return c.json({ error: "Access denied" }, 403);
|
|
18401
18401
|
}
|
|
18402
|
-
const pluginService = new
|
|
18402
|
+
const pluginService = new chunkU6FOL6EO_cjs.PluginService(db);
|
|
18403
18403
|
await pluginService.deactivatePlugin(pluginId);
|
|
18404
18404
|
return c.json({ success: true });
|
|
18405
18405
|
} catch (error) {
|
|
@@ -18416,8 +18416,8 @@ adminPluginRoutes.post("/install", async (c) => {
|
|
|
18416
18416
|
return c.json({ error: "Access denied" }, 403);
|
|
18417
18417
|
}
|
|
18418
18418
|
const body = await c.req.json();
|
|
18419
|
-
const pluginService = new
|
|
18420
|
-
const registryEntry =
|
|
18419
|
+
const pluginService = new chunkU6FOL6EO_cjs.PluginService(db);
|
|
18420
|
+
const registryEntry = chunkU6FOL6EO_cjs.findPluginByCodeName(body.name) || chunkU6FOL6EO_cjs.PLUGIN_REGISTRY[body.name] || chunkU6FOL6EO_cjs.PLUGIN_REGISTRY[body.id];
|
|
18421
18421
|
if (!registryEntry) {
|
|
18422
18422
|
return c.json({ error: "Plugin not found in registry" }, 404);
|
|
18423
18423
|
}
|
|
@@ -18450,7 +18450,7 @@ adminPluginRoutes.post("/:id/uninstall", async (c) => {
|
|
|
18450
18450
|
if (user?.role !== "admin") {
|
|
18451
18451
|
return c.json({ error: "Access denied" }, 403);
|
|
18452
18452
|
}
|
|
18453
|
-
const pluginService = new
|
|
18453
|
+
const pluginService = new chunkU6FOL6EO_cjs.PluginService(db);
|
|
18454
18454
|
await pluginService.uninstallPlugin(pluginId);
|
|
18455
18455
|
return c.json({ success: true });
|
|
18456
18456
|
} catch (error) {
|
|
@@ -18468,7 +18468,7 @@ adminPluginRoutes.post("/:id/settings", async (c) => {
|
|
|
18468
18468
|
return c.json({ error: "Access denied" }, 403);
|
|
18469
18469
|
}
|
|
18470
18470
|
const settings = await c.req.json();
|
|
18471
|
-
const pluginService = new
|
|
18471
|
+
const pluginService = new chunkU6FOL6EO_cjs.PluginService(db);
|
|
18472
18472
|
await pluginService.updatePluginSettings(pluginId, settings);
|
|
18473
18473
|
if (pluginId === "core-auth") {
|
|
18474
18474
|
try {
|
|
@@ -19276,7 +19276,7 @@ function renderLogConfigPage(data) {
|
|
|
19276
19276
|
|
|
19277
19277
|
// src/routes/admin-logs.ts
|
|
19278
19278
|
var adminLogsRoutes = new hono.Hono();
|
|
19279
|
-
adminLogsRoutes.use("*",
|
|
19279
|
+
adminLogsRoutes.use("*", chunk7HHIZQNE_cjs.requireAuth());
|
|
19280
19280
|
adminLogsRoutes.get("/", async (c) => {
|
|
19281
19281
|
try {
|
|
19282
19282
|
const user = c.get("user");
|
|
@@ -21604,9 +21604,9 @@ function renderStorageUsage(databaseSizeBytes, mediaSizeBytes) {
|
|
|
21604
21604
|
}
|
|
21605
21605
|
|
|
21606
21606
|
// src/routes/admin-dashboard.ts
|
|
21607
|
-
var VERSION =
|
|
21607
|
+
var VERSION = chunkV76ERLX6_cjs.getCoreVersion();
|
|
21608
21608
|
var router = new hono.Hono();
|
|
21609
|
-
router.use("*",
|
|
21609
|
+
router.use("*", chunk7HHIZQNE_cjs.requireAuth());
|
|
21610
21610
|
router.get("/", async (c) => {
|
|
21611
21611
|
const user = c.get("user");
|
|
21612
21612
|
try {
|
|
@@ -23425,10 +23425,10 @@ function renderCollectionFormPage(data) {
|
|
|
23425
23425
|
|
|
23426
23426
|
// src/routes/admin-collections.ts
|
|
23427
23427
|
var adminCollectionsRoutes = new hono.Hono();
|
|
23428
|
-
adminCollectionsRoutes.use("*",
|
|
23429
|
-
adminCollectionsRoutes.post("*",
|
|
23430
|
-
adminCollectionsRoutes.put("*",
|
|
23431
|
-
adminCollectionsRoutes.delete("*",
|
|
23428
|
+
adminCollectionsRoutes.use("*", chunk7HHIZQNE_cjs.requireAuth());
|
|
23429
|
+
adminCollectionsRoutes.post("*", chunk7HHIZQNE_cjs.requireRole(["admin"]));
|
|
23430
|
+
adminCollectionsRoutes.put("*", chunk7HHIZQNE_cjs.requireRole(["admin"]));
|
|
23431
|
+
adminCollectionsRoutes.delete("*", chunk7HHIZQNE_cjs.requireRole(["admin"]));
|
|
23432
23432
|
adminCollectionsRoutes.get("/", async (c) => {
|
|
23433
23433
|
try {
|
|
23434
23434
|
const user = c.get("user");
|
|
@@ -25624,7 +25624,7 @@ function renderDatabaseToolsSettings(settings) {
|
|
|
25624
25624
|
|
|
25625
25625
|
// src/routes/admin-settings.ts
|
|
25626
25626
|
var adminSettingsRoutes = new hono.Hono();
|
|
25627
|
-
adminSettingsRoutes.use("*",
|
|
25627
|
+
adminSettingsRoutes.use("*", chunk7HHIZQNE_cjs.requireAuth());
|
|
25628
25628
|
function getMockSettings(user) {
|
|
25629
25629
|
return {
|
|
25630
25630
|
general: {
|
|
@@ -25792,7 +25792,7 @@ adminSettingsRoutes.get("/database-tools", (c) => {
|
|
|
25792
25792
|
adminSettingsRoutes.get("/api/migrations/status", async (c) => {
|
|
25793
25793
|
try {
|
|
25794
25794
|
const db = c.env.DB;
|
|
25795
|
-
const migrationService = new
|
|
25795
|
+
const migrationService = new chunkHU4MN74Q_cjs.MigrationService(db);
|
|
25796
25796
|
const status = await migrationService.getMigrationStatus();
|
|
25797
25797
|
return c.json({
|
|
25798
25798
|
success: true,
|
|
@@ -25816,7 +25816,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
|
|
|
25816
25816
|
}, 403);
|
|
25817
25817
|
}
|
|
25818
25818
|
const db = c.env.DB;
|
|
25819
|
-
const migrationService = new
|
|
25819
|
+
const migrationService = new chunkHU4MN74Q_cjs.MigrationService(db);
|
|
25820
25820
|
const result = await migrationService.runPendingMigrations();
|
|
25821
25821
|
return c.json({
|
|
25822
25822
|
success: result.success,
|
|
@@ -25834,7 +25834,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
|
|
|
25834
25834
|
adminSettingsRoutes.get("/api/migrations/validate", async (c) => {
|
|
25835
25835
|
try {
|
|
25836
25836
|
const db = c.env.DB;
|
|
25837
|
-
const migrationService = new
|
|
25837
|
+
const migrationService = new chunkHU4MN74Q_cjs.MigrationService(db);
|
|
25838
25838
|
const validation = await migrationService.validateSchema();
|
|
25839
25839
|
return c.json({
|
|
25840
25840
|
success: true,
|
|
@@ -27724,7 +27724,7 @@ function renderFormCreatePage(data) {
|
|
|
27724
27724
|
|
|
27725
27725
|
// src/routes/admin-forms.ts
|
|
27726
27726
|
var adminFormsRoutes = new hono.Hono();
|
|
27727
|
-
adminFormsRoutes.use("*",
|
|
27727
|
+
adminFormsRoutes.use("*", chunk7HHIZQNE_cjs.requireAuth());
|
|
27728
27728
|
adminFormsRoutes.get("/", async (c) => {
|
|
27729
27729
|
try {
|
|
27730
27730
|
const user = c.get("user");
|
|
@@ -28529,7 +28529,7 @@ publicFormsRoutes.post("/:identifier/submit", async (c) => {
|
|
|
28529
28529
|
`).bind(now, form.id).run();
|
|
28530
28530
|
let contentId = null;
|
|
28531
28531
|
try {
|
|
28532
|
-
contentId = await
|
|
28532
|
+
contentId = await chunkU6FOL6EO_cjs.createContentFromSubmission(
|
|
28533
28533
|
db,
|
|
28534
28534
|
sanitizedData,
|
|
28535
28535
|
{ id: form.id, name: form.name, display_name: form.display_name },
|
|
@@ -28897,9 +28897,9 @@ function renderAPIReferencePage(data) {
|
|
|
28897
28897
|
}
|
|
28898
28898
|
|
|
28899
28899
|
// src/routes/admin-api-reference.ts
|
|
28900
|
-
var VERSION2 =
|
|
28900
|
+
var VERSION2 = chunkV76ERLX6_cjs.getCoreVersion();
|
|
28901
28901
|
var router2 = new hono.Hono();
|
|
28902
|
-
router2.use("*",
|
|
28902
|
+
router2.use("*", chunk7HHIZQNE_cjs.requireAuth());
|
|
28903
28903
|
router2.get("/", async (c) => {
|
|
28904
28904
|
const user = c.get("user");
|
|
28905
28905
|
try {
|
|
@@ -28990,5 +28990,5 @@ exports.router2 = router2;
|
|
|
28990
28990
|
exports.test_cleanup_default = test_cleanup_default;
|
|
28991
28991
|
exports.userProfilesPlugin = userProfilesPlugin;
|
|
28992
28992
|
exports.userRoutes = userRoutes;
|
|
28993
|
-
//# sourceMappingURL=chunk-
|
|
28994
|
-
//# sourceMappingURL=chunk-
|
|
28993
|
+
//# sourceMappingURL=chunk-MZS33LLH.cjs.map
|
|
28994
|
+
//# sourceMappingURL=chunk-MZS33LLH.cjs.map
|