@sonicjs-cms/core 2.16.0 → 2.17.0

package/dist/{chunk-6ENX7QSA.cjs → chunk-J5MYHM6Z.cjs}

@@ -1,13 +1,13 @@
 'use strict';
 
-var chunkNZWFCUDA_cjs = require('./chunk-NZWFCUDA.cjs');
-var chunkCZ6BVQZX_cjs = require('./chunk-CZ6BVQZX.cjs');
-var chunkQ5VFZUXV_cjs = require('./chunk-Q5VFZUXV.cjs');
-var chunkOCLUXJ7E_cjs = require('./chunk-OCLUXJ7E.cjs');
+var chunkWAEQXGCX_cjs = require('./chunk-WAEQXGCX.cjs');
+var chunkRE3NVA23_cjs = require('./chunk-RE3NVA23.cjs');
+var chunk4HCUJ3MG_cjs = require('./chunk-4HCUJ3MG.cjs');
+var chunkFSWP4FBW_cjs = require('./chunk-FSWP4FBW.cjs');
 var chunkOHYBNCVL_cjs = require('./chunk-OHYBNCVL.cjs');
 var chunkUYJ6TJHX_cjs = require('./chunk-UYJ6TJHX.cjs');
 var chunk635JAMSE_cjs = require('./chunk-635JAMSE.cjs');
-var chunkYQW2GCJ3_cjs = require('./chunk-YQW2GCJ3.cjs');
+var chunkQBLBIAVZ_cjs = require('./chunk-QBLBIAVZ.cjs');
 var chunkRCQ2HIQD_cjs = require('./chunk-RCQ2HIQD.cjs');
 var chunkMNWKYY5E_cjs = require('./chunk-MNWKYY5E.cjs');
 var hono = require('hono');
@@ -189,7 +189,7 @@ apiContentCrudRoutes.get("/:id", async (c) => {
     }, 500);
   }
 });
-apiContentCrudRoutes.post("/", chunkCZ6BVQZX_cjs.requireAuth(), chunkCZ6BVQZX_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+apiContentCrudRoutes.post("/", chunkRE3NVA23_cjs.requireAuth(), chunkRE3NVA23_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const db = c.env.DB;
     const user = c.get("user");
@@ -230,7 +230,7 @@ apiContentCrudRoutes.post("/", chunkCZ6BVQZX_cjs.requireAuth(), chunkCZ6BVQZX_cj
       now,
       now
     ).run();
-    const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.api);
+    const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.api);
     await cache.invalidate(`content:list:${collectionId}:*`);
     await cache.invalidate("content-filtered:*");
     const getStmt = db.prepare("SELECT * FROM content WHERE id = ?");
@@ -255,7 +255,7 @@ apiContentCrudRoutes.post("/", chunkCZ6BVQZX_cjs.requireAuth(), chunkCZ6BVQZX_cj
     }, 500);
   }
 });
-apiContentCrudRoutes.put("/:id", chunkCZ6BVQZX_cjs.requireAuth(), chunkCZ6BVQZX_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+apiContentCrudRoutes.put("/:id", chunkRE3NVA23_cjs.requireAuth(), chunkRE3NVA23_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const id = c.req.param("id");
     const db = c.env.DB;
@@ -293,7 +293,7 @@ apiContentCrudRoutes.put("/:id", chunkCZ6BVQZX_cjs.requireAuth(), chunkCZ6BVQZX_
       WHERE id = ?
     `);
     await updateStmt.bind(...params).run();
-    const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.api);
+    const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.api);
     await cache.delete(cache.generateKey("content", id));
     await cache.invalidate(`content:list:${existing.collection_id}:*`);
     await cache.invalidate("content-filtered:*");
@@ -319,7 +319,7 @@ apiContentCrudRoutes.put("/:id", chunkCZ6BVQZX_cjs.requireAuth(), chunkCZ6BVQZX_
     }, 500);
   }
 });
-apiContentCrudRoutes.delete("/:id", chunkCZ6BVQZX_cjs.requireAuth(), chunkCZ6BVQZX_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+apiContentCrudRoutes.delete("/:id", chunkRE3NVA23_cjs.requireAuth(), chunkRE3NVA23_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const id = c.req.param("id");
     const db = c.env.DB;
@@ -330,7 +330,7 @@ apiContentCrudRoutes.delete("/:id", chunkCZ6BVQZX_cjs.requireAuth(), chunkCZ6BVQ
     }
     const deleteStmt = db.prepare("DELETE FROM content WHERE id = ?");
     await deleteStmt.bind(id).run();
-    const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.api);
+    const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.api);
     await cache.delete(cache.generateKey("content", id));
     await cache.invalidate(`content:list:${existing.collection_id}:*`);
     await cache.invalidate("content-filtered:*");
@@ -355,7 +355,7 @@ apiRoutes.use("*", async (c, next) => {
   c.header("X-Response-Time", `${totalTime}ms`);
 });
 apiRoutes.use("*", async (c, next) => {
-  const cacheEnabled = await chunkCZ6BVQZX_cjs.isPluginActive(c.env.DB, "core-cache");
+  const cacheEnabled = await chunkRE3NVA23_cjs.isPluginActive(c.env.DB, "core-cache");
   c.set("cacheEnabled", cacheEnabled);
   await next();
 });
@@ -792,7 +792,7 @@ apiRoutes.get("/collections", async (c) => {
   try {
     const db = c.env.DB;
     const cacheEnabled = c.get("cacheEnabled");
-    const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.api);
+    const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.api);
     const cacheKey = cache.generateKey("collections", "all");
     if (cacheEnabled) {
       const cacheResult = await cache.getWithSource(cacheKey);
@@ -846,7 +846,7 @@ apiRoutes.get("/collections", async (c) => {
     return c.json({ error: "Failed to fetch collections" }, 500);
   }
 });
-apiRoutes.get("/content", chunkCZ6BVQZX_cjs.optionalAuth(), async (c) => {
+apiRoutes.get("/content", chunkRE3NVA23_cjs.optionalAuth(), async (c) => {
   const executionStart = Date.now();
   try {
     const db = c.env.DB;
@@ -869,13 +869,13 @@ apiRoutes.get("/content", chunkCZ6BVQZX_cjs.optionalAuth(), async (c) => {
         });
       }
     }
-    const filter = chunkYQW2GCJ3_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
+    const filter = chunkQBLBIAVZ_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
     const normalizedFilter = normalizePublicContentFilter(filter, c.get("user")?.role);
     if (!normalizedFilter.limit) {
       normalizedFilter.limit = 50;
     }
     normalizedFilter.limit = Math.min(normalizedFilter.limit, 1e3);
-    const builder3 = new chunkYQW2GCJ3_cjs.QueryFilterBuilder();
+    const builder3 = new chunkQBLBIAVZ_cjs.QueryFilterBuilder();
     const queryResult = builder3.build("content", normalizedFilter);
     if (queryResult.errors.length > 0) {
       return c.json({
@@ -884,7 +884,7 @@ apiRoutes.get("/content", chunkCZ6BVQZX_cjs.optionalAuth(), async (c) => {
       }, 400);
     }
     const cacheEnabled = c.get("cacheEnabled");
-    const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.api);
+    const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.api);
     const cacheKey = cache.generateKey("content-filtered", JSON.stringify({ filter: normalizedFilter, query: queryResult.sql }));
     if (cacheEnabled) {
       const cacheResult = await cache.getWithSource(cacheKey);
@@ -947,7 +947,7 @@ apiRoutes.get("/content", chunkCZ6BVQZX_cjs.optionalAuth(), async (c) => {
     }, 500);
   }
 });
-apiRoutes.get("/collections/:collection/content", chunkCZ6BVQZX_cjs.optionalAuth(), async (c) => {
+apiRoutes.get("/collections/:collection/content", chunkRE3NVA23_cjs.optionalAuth(), async (c) => {
   const executionStart = Date.now();
   try {
     const collection = c.req.param("collection");
@@ -958,7 +958,7 @@ apiRoutes.get("/collections/:collection/content", chunkCZ6BVQZX_cjs.optionalAuth
     if (!collectionResult) {
       return c.json({ error: "Collection not found" }, 404);
     }
-    const filter = chunkYQW2GCJ3_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
+    const filter = chunkQBLBIAVZ_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
     const normalizedFilter = normalizePublicContentFilter(filter, c.get("user")?.role);
     if (!normalizedFilter.where) {
       normalizedFilter.where = { and: [] };
@@ -975,7 +975,7 @@ apiRoutes.get("/collections/:collection/content", chunkCZ6BVQZX_cjs.optionalAuth
       normalizedFilter.limit = 50;
     }
     normalizedFilter.limit = Math.min(normalizedFilter.limit, 1e3);
-    const builder3 = new chunkYQW2GCJ3_cjs.QueryFilterBuilder();
+    const builder3 = new chunkQBLBIAVZ_cjs.QueryFilterBuilder();
     const queryResult = builder3.build("content", normalizedFilter);
     if (queryResult.errors.length > 0) {
       return c.json({
@@ -984,7 +984,7 @@ apiRoutes.get("/collections/:collection/content", chunkCZ6BVQZX_cjs.optionalAuth
       }, 400);
     }
     const cacheEnabled = c.get("cacheEnabled");
-    const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.api);
+    const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.api);
     const cacheKey = cache.generateKey("collection-content-filtered", `${collection}:${JSON.stringify({ filter: normalizedFilter, query: queryResult.sql })}`);
     if (cacheEnabled) {
       const cacheResult = await cache.getWithSource(cacheKey);
@@ -1096,7 +1096,7 @@ var fileValidationSchema = zod.z.object({
   // 50MB max
 });
 var apiMediaRoutes = new hono.Hono();
-apiMediaRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
+apiMediaRoutes.use("*", chunkRE3NVA23_cjs.requireAuth());
 apiMediaRoutes.post("/upload", async (c) => {
   try {
     const user = c.get("user");
@@ -1840,8 +1840,8 @@ apiSystemRoutes.get("/env", (c) => {
 });
 var api_system_default = apiSystemRoutes;
 var adminApiRoutes = new hono.Hono();
-adminApiRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
-adminApiRoutes.use("*", chunkCZ6BVQZX_cjs.requireRole(["admin", "editor"]));
+adminApiRoutes.use("*", chunkRE3NVA23_cjs.requireAuth());
+adminApiRoutes.use("*", chunkRE3NVA23_cjs.requireRole(["admin", "editor"]));
 adminApiRoutes.get("/stats", async (c) => {
   try {
     const db = c.env.DB;
@@ -2353,7 +2353,7 @@ adminApiRoutes.delete("/collections/:id", async (c) => {
 });
 adminApiRoutes.get("/migrations/status", async (c) => {
   try {
-    const { MigrationService: MigrationService2 } = await import('./migrations-SVQTT7NV.cjs');
+    const { MigrationService: MigrationService2 } = await import('./migrations-ZYPYVSXI.cjs');
     const db = c.env.DB;
     const migrationService = new MigrationService2(db);
     const status = await migrationService.getMigrationStatus();
@@ -2378,7 +2378,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
         error: "Unauthorized. Admin access required."
       }, 403);
     }
-    const { MigrationService: MigrationService2 } = await import('./migrations-SVQTT7NV.cjs');
+    const { MigrationService: MigrationService2 } = await import('./migrations-ZYPYVSXI.cjs');
     const db = c.env.DB;
     const migrationService = new MigrationService2(db);
     const result = await migrationService.runPendingMigrations();
@@ -2400,7 +2400,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
 });
 adminApiRoutes.get("/migrations/validate", async (c) => {
   try {
-    const { MigrationService: MigrationService2 } = await import('./migrations-SVQTT7NV.cjs');
+    const { MigrationService: MigrationService2 } = await import('./migrations-ZYPYVSXI.cjs');
     const db = c.env.DB;
     const migrationService = new MigrationService2(db);
     const validation = await migrationService.validateSchema();
@@ -5150,16 +5150,17 @@ var userProfilesPlugin = createUserProfilesPlugin();
 
 // src/routes/auth.ts
 var JWT_SECRET_FALLBACK = "your-super-secret-jwt-key-change-in-production";
-async function setCsrfCookie(c) {
+async function setCsrfCookie(c, maxAge) {
   const secret = c.env?.JWT_SECRET || JWT_SECRET_FALLBACK;
   const isDev = c.env?.ENVIRONMENT === "development" || !c.env?.ENVIRONMENT;
-  const csrfToken = await chunkCZ6BVQZX_cjs.generateCsrfToken(secret);
+  const csrfToken = await chunkRE3NVA23_cjs.generateCsrfToken(secret);
+  const cookieMaxAge = await chunkRE3NVA23_cjs.getJwtExpirySecondsFromDb(c.env?.DB, c.env);
   cookie.setCookie(c, "csrf_token", csrfToken, {
     httpOnly: false,
     secure: !isDev,
     sameSite: "Strict",
     path: "/",
-    maxAge: 86400
+    maxAge: cookieMaxAge
   });
 }
 function clearCsrfCookie(c) {
@@ -5210,7 +5211,7 @@ var loginSchema = zod.z.object({
 });
 authRoutes.post(
   "/register",
-  chunkCZ6BVQZX_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
+  chunkRE3NVA23_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
   async (c) => {
     try {
       const db = c.env.DB;
@@ -5247,7 +5248,7 @@ authRoutes.post(
       if (existingUser) {
         return c.json({ error: "User with this email or username already exists" }, 400);
       }
-      const passwordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(password);
+      const passwordHash = await chunkRE3NVA23_cjs.AuthManager.hashPassword(password);
       const userId = crypto.randomUUID();
       const now = /* @__PURE__ */ new Date();
       await db.prepare(`
@@ -5281,13 +5282,13 @@ authRoutes.post(
           await saveCustomData(db, userId, sanitized);
         }
       }
-      const token = await chunkCZ6BVQZX_cjs.AuthManager.generateToken(userId, normalizedEmail, "viewer", c.env.JWT_SECRET);
+      const tokenTtl = await chunkRE3NVA23_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
+      const token = await chunkRE3NVA23_cjs.AuthManager.generateToken(userId, normalizedEmail, "viewer", c.env.JWT_SECRET, tokenTtl);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: true,
         sameSite: "Strict",
-        maxAge: 60 * 60 * 24
-        // 24 hours
+        maxAge: tokenTtl
       });
       await setCsrfCookie(c);
       return c.json({
@@ -5315,7 +5316,7 @@ authRoutes.post(
 );
 authRoutes.post(
   "/login",
-  chunkCZ6BVQZX_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
+  chunkRE3NVA23_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
   async (c) => {
     try {
       const body = await c.req.json();
@@ -5326,7 +5327,7 @@ authRoutes.post(
       const { email, password } = validation.data;
       const db = c.env.DB;
       const normalizedEmail = email.toLowerCase();
-      const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.user);
+      const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.user);
       let user = await cache.get(cache.generateKey("user", `email:${normalizedEmail}`));
       if (!user) {
         user = await db.prepare("SELECT * FROM users WHERE email = ? AND is_active = 1").bind(normalizedEmail).first();
@@ -5338,25 +5339,25 @@ authRoutes.post(
       if (!user) {
         return c.json({ error: "Invalid email or password" }, 401);
       }
-      const isValidPassword = await chunkCZ6BVQZX_cjs.AuthManager.verifyPassword(password, user.password_hash);
+      const isValidPassword = await chunkRE3NVA23_cjs.AuthManager.verifyPassword(password, user.password_hash);
       if (!isValidPassword) {
         return c.json({ error: "Invalid email or password" }, 401);
       }
-      if (chunkCZ6BVQZX_cjs.AuthManager.isLegacyHash(user.password_hash)) {
+      if (chunkRE3NVA23_cjs.AuthManager.isLegacyHash(user.password_hash)) {
         try {
-          const newHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(password);
+          const newHash = await chunkRE3NVA23_cjs.AuthManager.hashPassword(password);
           await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(newHash, Date.now(), user.id).run();
         } catch (rehashError) {
           console.error("Password rehash failed (non-fatal):", rehashError);
         }
       }
-      const token = await chunkCZ6BVQZX_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
+      const tokenTtl = await chunkRE3NVA23_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
+      const token = await chunkRE3NVA23_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET, tokenTtl);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: true,
         sameSite: "Strict",
-        maxAge: 60 * 60 * 24
-        // 24 hours
+        maxAge: tokenTtl
       });
       await setCsrfCookie(c);
       await db.prepare("UPDATE users SET last_login_at = ? WHERE id = ?").bind((/* @__PURE__ */ new Date()).getTime(), user.id).run();
@@ -5403,7 +5404,7 @@ authRoutes.get("/logout", (c) => {
   clearCsrfCookie(c);
   return c.redirect("/auth/login?message=You have been logged out successfully");
 });
-authRoutes.get("/me", chunkCZ6BVQZX_cjs.requireAuth(), async (c) => {
+authRoutes.get("/me", chunkRE3NVA23_cjs.requireAuth(), async (c) => {
   try {
     const user = c.get("user");
     if (!user) {
@@ -5420,30 +5421,48 @@ authRoutes.get("/me", chunkCZ6BVQZX_cjs.requireAuth(), async (c) => {
     return c.json({ error: "Failed to get user" }, 500);
   }
 });
-authRoutes.post("/refresh", chunkCZ6BVQZX_cjs.requireAuth(), async (c) => {
-  try {
-    const user = c.get("user");
-    if (!user) {
-      return c.json({ error: "Not authenticated" }, 401);
+authRoutes.post(
+  "/refresh",
+  chunkRE3NVA23_cjs.rateLimit({ max: 60, windowMs: 60 * 1e3, keyPrefix: "refresh" }),
+  async (c) => {
+    try {
+      let token = c.req.header("Authorization")?.replace("Bearer ", "");
+      if (!token) token = cookie.getCookie(c, "auth_token");
+      if (!token) {
+        return c.json({ error: "Authentication required" }, 401);
+      }
+      const db = c.env.DB;
+      const grace = await chunkRE3NVA23_cjs.getJwtRefreshGraceSecondsFromDb(db, c.env);
+      const payload = await chunkRE3NVA23_cjs.AuthManager.verifyToken(token, c.env.JWT_SECRET, grace);
+      if (!payload) {
+        return c.json({ error: "Invalid or expired token" }, 401);
+      }
+      const row = await db.prepare("SELECT id, email, role, is_active FROM users WHERE id = ?").bind(payload.userId).first();
+      if (!row || !row.is_active) {
+        return c.json({ error: "User is not active" }, 401);
+      }
+      const tokenTtl = await chunkRE3NVA23_cjs.getJwtExpirySecondsFromDb(db, c.env);
+      const newToken = await chunkRE3NVA23_cjs.AuthManager.generateToken(row.id, row.email, row.role, c.env.JWT_SECRET, tokenTtl);
+      cookie.setCookie(c, "auth_token", newToken, {
+        httpOnly: true,
+        secure: true,
+        sameSite: "Strict",
+        maxAge: tokenTtl
+      });
+      await setCsrfCookie(c);
+      return c.json({
+        token: newToken,
+        expiresIn: tokenTtl
+      });
+    } catch (error) {
+      console.error("Token refresh error:", error);
+      return c.json({ error: "Token refresh failed" }, 500);
     }
-    const token = await chunkCZ6BVQZX_cjs.AuthManager.generateToken(user.userId, user.email, user.role, c.env.JWT_SECRET);
-    cookie.setCookie(c, "auth_token", token, {
-      httpOnly: true,
-      secure: true,
-      sameSite: "Strict",
-      maxAge: 60 * 60 * 24
-      // 24 hours
-    });
-    await setCsrfCookie(c);
-    return c.json({ token });
-  } catch (error) {
-    console.error("Token refresh error:", error);
-    return c.json({ error: "Token refresh failed" }, 500);
   }
-});
+);
 authRoutes.post(
   "/register/form",
-  chunkCZ6BVQZX_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
+  chunkRE3NVA23_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
   async (c) => {
     try {
       const db = c.env.DB;
@@ -5490,7 +5509,7 @@ authRoutes.post(
         </div>
       `);
       }
-      const passwordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(password);
+      const passwordHash = await chunkRE3NVA23_cjs.AuthManager.hashPassword(password);
       const role = isFirstUser ? "admin" : "viewer";
       const userId = crypto.randomUUID();
       const now = /* @__PURE__ */ new Date();
@@ -5525,14 +5544,14 @@ authRoutes.post(
           await saveCustomData(db, userId, sanitized);
         }
       }
-      const token = await chunkCZ6BVQZX_cjs.AuthManager.generateToken(userId, normalizedEmail, role, c.env.JWT_SECRET);
+      const tokenTtl = await chunkRE3NVA23_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
+      const token = await chunkRE3NVA23_cjs.AuthManager.generateToken(userId, normalizedEmail, role, c.env.JWT_SECRET, tokenTtl);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: false,
         // Set to true in production with HTTPS
         sameSite: "Strict",
-        maxAge: 60 * 60 * 24
-        // 24 hours
+        maxAge: tokenTtl
       });
       await setCsrfCookie(c);
       const redirectUrl = role === "admin" ? "/admin/dashboard" : "/admin/dashboard";
@@ -5558,7 +5577,7 @@ authRoutes.post(
 );
 authRoutes.post(
   "/login/form",
-  chunkCZ6BVQZX_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
+  chunkRE3NVA23_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
   async (c) => {
     try {
       const formData = await c.req.formData();
@@ -5582,7 +5601,7 @@ authRoutes.post(
         </div>
       `);
       }
-      const isValidPassword = await chunkCZ6BVQZX_cjs.AuthManager.verifyPassword(password, user.password_hash);
+      const isValidPassword = await chunkRE3NVA23_cjs.AuthManager.verifyPassword(password, user.password_hash);
       if (!isValidPassword) {
         return c.html(html.html`
         <div class="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded">
@@ -5590,22 +5609,22 @@ authRoutes.post(
         </div>
       `);
       }
-      if (chunkCZ6BVQZX_cjs.AuthManager.isLegacyHash(user.password_hash)) {
+      if (chunkRE3NVA23_cjs.AuthManager.isLegacyHash(user.password_hash)) {
         try {
-          const newHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(password);
+          const newHash = await chunkRE3NVA23_cjs.AuthManager.hashPassword(password);
           await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(newHash, Date.now(), user.id).run();
         } catch (rehashError) {
           console.error("Password rehash failed (non-fatal):", rehashError);
         }
       }
-      const token = await chunkCZ6BVQZX_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
+      const tokenTtl = await chunkRE3NVA23_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
+      const token = await chunkRE3NVA23_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET, tokenTtl);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: false,
         // Set to true in production with HTTPS
         sameSite: "Strict",
-        maxAge: 60 * 60 * 24
-        // 24 hours
+        maxAge: tokenTtl
       });
       await setCsrfCookie(c);
       await db.prepare("UPDATE users SET last_login_at = ? WHERE id = ?").bind((/* @__PURE__ */ new Date()).getTime(), user.id).run();
@@ -5640,7 +5659,7 @@ authRoutes.post(
 );
 authRoutes.post(
   "/seed-admin",
-  chunkCZ6BVQZX_cjs.rateLimit({ max: 10, windowMs: 60 * 1e3, keyPrefix: "seed-admin" }),
+  chunkRE3NVA23_cjs.rateLimit({ max: 10, windowMs: 60 * 1e3, keyPrefix: "seed-admin" }),
   async (c) => {
     try {
       const db = c.env.DB;
@@ -5662,7 +5681,7 @@ authRoutes.post(
     `).run();
       const existingAdmin = await db.prepare("SELECT id FROM users WHERE email = ? OR username = ?").bind("admin@sonicjs.com", "admin").first();
       if (existingAdmin) {
-        const passwordHash2 = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword("sonicjs!");
+        const passwordHash2 = await chunkRE3NVA23_cjs.AuthManager.hashPassword("sonicjs!");
         await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(passwordHash2, Date.now(), existingAdmin.id).run();
         return c.json({
           message: "Admin user already exists (password updated)",
@@ -5674,7 +5693,7 @@ authRoutes.post(
           }
         });
       }
-      const passwordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword("sonicjs!");
+      const passwordHash = await chunkRE3NVA23_cjs.AuthManager.hashPassword("sonicjs!");
       const userId = "admin-user-id";
       const now = Date.now();
       const adminEmail = "admin@sonicjs.com".toLowerCase();
@@ -5895,7 +5914,7 @@ authRoutes.post("/accept-invitation", async (c) => {
     if (existingUsername) {
       return c.json({ error: "Username is already taken" }, 400);
     }
-    const passwordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(password);
+    const passwordHash = await chunkRE3NVA23_cjs.AuthManager.hashPassword(password);
     const updateStmt = db.prepare(`
       UPDATE users SET 
         username = ?,
@@ -5914,13 +5933,13 @@ authRoutes.post("/accept-invitation", async (c) => {
       Date.now(),
       invitedUser.id
     ).run();
-    const authToken = await chunkCZ6BVQZX_cjs.AuthManager.generateToken(invitedUser.id, invitedUser.email, invitedUser.role, c.env.JWT_SECRET);
+    const tokenTtl = await chunkRE3NVA23_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
+    const authToken = await chunkRE3NVA23_cjs.AuthManager.generateToken(invitedUser.id, invitedUser.email, invitedUser.role, c.env.JWT_SECRET, tokenTtl);
     cookie.setCookie(c, "auth_token", authToken, {
       httpOnly: true,
       secure: true,
       sameSite: "Strict",
-      maxAge: 60 * 60 * 24
-      // 24 hours
+      maxAge: tokenTtl
     });
     await setCsrfCookie(c);
     return c.redirect("/admin/dashboard?welcome=true");
@@ -5931,7 +5950,7 @@ authRoutes.post("/accept-invitation", async (c) => {
 });
 authRoutes.post(
   "/request-password-reset",
-  chunkCZ6BVQZX_cjs.rateLimit({ max: 3, windowMs: 15 * 60 * 1e3, keyPrefix: "password-reset" }),
+  chunkRE3NVA23_cjs.rateLimit({ max: 3, windowMs: 15 * 60 * 1e3, keyPrefix: "password-reset" }),
   async (c) => {
     try {
       const formData = await c.req.formData();
@@ -6149,7 +6168,7 @@ authRoutes.post("/reset-password", async (c) => {
     if (Date.now() > user.password_reset_expires) {
       return c.json({ error: "Reset token has expired" }, 400);
     }
-    const newPasswordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(password);
+    const newPasswordHash = await chunkRE3NVA23_cjs.AuthManager.hashPassword(password);
     try {
       const historyStmt = db.prepare(`
         INSERT INTO password_history (id, user_id, password_hash, created_at)
@@ -9525,9 +9544,9 @@ function parseFieldValue(field, formData, options = {}) {
   const { skipValidation = false } = options;
   const value = formData.get(field.field_name);
   const errors = [];
-  const blocksConfig = chunkYQW2GCJ3_cjs.getBlocksFieldConfig(field.field_options);
+  const blocksConfig = chunkQBLBIAVZ_cjs.getBlocksFieldConfig(field.field_options);
   if (blocksConfig) {
-    const parsed = chunkYQW2GCJ3_cjs.parseBlocksValue(value, blocksConfig);
+    const parsed = chunkQBLBIAVZ_cjs.parseBlocksValue(value, blocksConfig);
     if (!skipValidation && field.is_required && parsed.value.length === 0) {
       parsed.errors.push(`${field.field_label} is required`);
     }
@@ -9637,9 +9656,9 @@ function extractFieldData(fields, formData, options = {}) {
   }
   return { data, errors };
 }
-adminContentRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
+adminContentRoutes.use("*", chunkRE3NVA23_cjs.requireAuth());
 async function getCollectionFields(db, collectionId) {
-  const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.collection);
+  const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.collection);
   return cache.getOrSet(
     cache.generateKey("fields", collectionId),
     async () => {
@@ -9688,7 +9707,7 @@ async function getCollectionFields(db, collectionId) {
   );
 }
 async function getCollection(db, collectionId) {
-  const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.collection);
+  const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.collection);
   return cache.getOrSet(
     cache.generateKey("collection", collectionId),
     async () => {
@@ -9914,21 +9933,21 @@ adminContentRoutes.get("/new", async (c) => {
     const tinymceEnabled = await isPluginActive2(db, "tinymce-plugin");
     let tinymceSettings;
     if (tinymceEnabled) {
-      const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
+      const pluginService = new chunk4HCUJ3MG_cjs.PluginService(db);
       const tinymcePlugin2 = await pluginService.getPlugin("tinymce-plugin");
       tinymceSettings = tinymcePlugin2?.settings;
     }
     const quillEnabled = await isPluginActive2(db, "quill-editor");
     let quillSettings;
     if (quillEnabled) {
-      const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
+      const pluginService = new chunk4HCUJ3MG_cjs.PluginService(db);
       const quillPlugin = await pluginService.getPlugin("quill-editor");
       quillSettings = quillPlugin?.settings;
     }
     const mdxeditorEnabled = await isPluginActive2(db, "easy-mdx");
     let mdxeditorSettings;
     if (mdxeditorEnabled) {
-      const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
+      const pluginService = new chunk4HCUJ3MG_cjs.PluginService(db);
       const mdxeditorPlugin = await pluginService.getPlugin("easy-mdx");
       mdxeditorSettings = mdxeditorPlugin?.settings;
     }
@@ -9978,7 +9997,7 @@ adminContentRoutes.get("/:id/edit", async (c) => {
     const db = c.env.DB;
     const url = new URL(c.req.url);
     const referrerParams = url.searchParams.get("ref") || "";
-    const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.content);
+    const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.content);
     const content = await cache.getOrSet(
       cache.generateKey("content", id),
       async () => {
@@ -10019,21 +10038,21 @@ adminContentRoutes.get("/:id/edit", async (c) => {
     const tinymceEnabled = await isPluginActive2(db, "tinymce-plugin");
     let tinymceSettings;
     if (tinymceEnabled) {
-      const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
+      const pluginService = new chunk4HCUJ3MG_cjs.PluginService(db);
       const tinymcePlugin2 = await pluginService.getPlugin("tinymce-plugin");
       tinymceSettings = tinymcePlugin2?.settings;
     }
     const quillEnabled = await isPluginActive2(db, "quill-editor");
     let quillSettings;
     if (quillEnabled) {
-      const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
+      const pluginService = new chunk4HCUJ3MG_cjs.PluginService(db);
       const quillPlugin = await pluginService.getPlugin("quill-editor");
       quillSettings = quillPlugin?.settings;
     }
     const mdxeditorEnabled = await isPluginActive2(db, "easy-mdx");
     let mdxeditorSettings;
     if (mdxeditorEnabled) {
-      const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
+      const pluginService = new chunk4HCUJ3MG_cjs.PluginService(db);
       const mdxeditorPlugin = await pluginService.getPlugin("easy-mdx");
       mdxeditorSettings = mdxeditorPlugin?.settings;
     }
@@ -10154,7 +10173,7 @@ adminContentRoutes.post("/", async (c) => {
       now,
       now
     ).run();
-    const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.content);
+    const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.content);
     await cache.invalidate(`content:list:${collectionId}:*`);
     const versionStmt = db.prepare(`
       INSERT INTO content_versions (id, content_id, version, data, author_id, created_at)
@@ -10273,7 +10292,7 @@ adminContentRoutes.put("/:id", async (c) => {
       now,
       id
     ).run();
-    const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.content);
+    const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.content);
     await cache.delete(cache.generateKey("content", id));
     await cache.invalidate(`content:list:${existingContent.collection_id}:*`);
     const existingData = JSON.parse(existingContent.data || "{}");
@@ -10328,7 +10347,7 @@ adminContentRoutes.put("/:id", async (c) => {
     `);
   }
 });
-adminContentRoutes.post("/preview", chunkCZ6BVQZX_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+adminContentRoutes.post("/preview", chunkRE3NVA23_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const formData = await c.req.formData();
     const collectionId = formData.get("collection_id");
@@ -10550,7 +10569,7 @@ adminContentRoutes.post("/bulk-action", async (c) => {
     } else {
       return c.json({ success: false, error: "Invalid action" });
     }
-    const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.content);
+    const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.content);
     for (const contentId of ids) {
       await cache.delete(cache.generateKey("content", contentId));
     }
@@ -10578,7 +10597,7 @@ adminContentRoutes.delete("/:id", async (c) => {
       WHERE id = ?
     `);
     await deleteStmt.bind(now, id).run();
-    const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.content);
+    const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.content);
     await cache.delete(cache.generateKey("content", id));
     await cache.invalidate("content:list:*");
     return c.html(`
@@ -10706,7 +10725,7 @@ adminContentRoutes.post("/:id/restore/:version", async (c) => {
     return c.json({ success: false, error: "Failed to restore version" });
   }
 });
-adminContentRoutes.get("/:id/version/:version/preview", chunkCZ6BVQZX_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+adminContentRoutes.get("/:id/version/:version/preview", chunkRE3NVA23_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const id = c.req.param("id");
     const version = parseInt(c.req.param("version") || "0");
@@ -12707,14 +12726,14 @@ function renderUsersListPage(data) {
 
 // src/routes/admin-users.ts
 var userRoutes = new hono.Hono();
-userRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
-userRoutes.use("/users/*", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
-userRoutes.use("/users", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
-userRoutes.use("/invite-user", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
-userRoutes.use("/resend-invitation/*", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
-userRoutes.use("/cancel-invitation/*", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
-userRoutes.use("/activity-logs", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
-userRoutes.use("/activity-logs/*", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
+userRoutes.use("*", chunkRE3NVA23_cjs.requireAuth());
+userRoutes.use("/users/*", chunkRE3NVA23_cjs.requireRole(["admin"]));
+userRoutes.use("/users", chunkRE3NVA23_cjs.requireRole(["admin"]));
+userRoutes.use("/invite-user", chunkRE3NVA23_cjs.requireRole(["admin"]));
+userRoutes.use("/resend-invitation/*", chunkRE3NVA23_cjs.requireRole(["admin"]));
+userRoutes.use("/cancel-invitation/*", chunkRE3NVA23_cjs.requireRole(["admin"]));
+userRoutes.use("/activity-logs", chunkRE3NVA23_cjs.requireRole(["admin"]));
+userRoutes.use("/activity-logs/*", chunkRE3NVA23_cjs.requireRole(["admin"]));
 userRoutes.get("/", (c) => {
   return c.redirect("/admin/dashboard");
 });
@@ -12884,7 +12903,7 @@ userRoutes.put("/profile", async (c) => {
       }
       await saveCustomData(db, user.userId, sanitized);
     }
-    await chunkCZ6BVQZX_cjs.logActivity(
+    await chunkRE3NVA23_cjs.logActivity(
       db,
       user.userId,
       "profile.update",
@@ -12947,7 +12966,7 @@ userRoutes.post("/profile/avatar", async (c) => {
       SELECT first_name, last_name FROM users WHERE id = ?
     `);
     const userData = await userStmt.bind(user.userId).first();
-    await chunkCZ6BVQZX_cjs.logActivity(
+    await chunkRE3NVA23_cjs.logActivity(
       db,
       user.userId,
       "profile.avatar_update",
@@ -13018,7 +13037,7 @@ userRoutes.post("/profile/password", async (c) => {
         dismissible: true
       }));
     }
-    const validPassword = await chunkCZ6BVQZX_cjs.AuthManager.verifyPassword(currentPassword, userData.password_hash);
+    const validPassword = await chunkRE3NVA23_cjs.AuthManager.verifyPassword(currentPassword, userData.password_hash);
     if (!validPassword) {
       return c.html(renderAlert2({
         type: "error",
@@ -13026,7 +13045,7 @@ userRoutes.post("/profile/password", async (c) => {
         dismissible: true
       }));
     }
-    const newPasswordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(newPassword);
+    const newPasswordHash = await chunkRE3NVA23_cjs.AuthManager.hashPassword(newPassword);
     const historyStmt = db.prepare(`
       INSERT INTO password_history (id, user_id, password_hash, created_at)
       VALUES (?, ?, ?, ?)
@@ -13042,7 +13061,7 @@ userRoutes.post("/profile/password", async (c) => {
       WHERE id = ?
     `);
     await updateStmt.bind(newPasswordHash, Date.now(), user.userId).run();
-    await chunkCZ6BVQZX_cjs.logActivity(
+    await chunkRE3NVA23_cjs.logActivity(
       db,
       user.userId,
       "profile.password_change",
@@ -13109,7 +13128,7 @@ userRoutes.get("/users", async (c) => {
     `);
     const countResult = await countStmt.bind(...params).first();
     const totalUsers = countResult?.total || 0;
-    await chunkCZ6BVQZX_cjs.logActivity(
+    await chunkRE3NVA23_cjs.logActivity(
       db,
       user.userId,
       "users.list_view",
@@ -13267,7 +13286,7 @@ userRoutes.post("/users/new", async (c) => {
         dismissible: true
       }));
     }
-    const passwordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(password);
+    const passwordHash = await chunkRE3NVA23_cjs.AuthManager.hashPassword(password);
     const userId = crypto.randomUUID();
     const createStmt = db.prepare(`
       INSERT INTO users (
@@ -13290,7 +13309,7 @@ userRoutes.post("/users/new", async (c) => {
       Date.now(),
       Date.now()
     ).run();
-    await chunkCZ6BVQZX_cjs.logActivity(
+    await chunkRE3NVA23_cjs.logActivity(
       db,
       user.userId,
       "user!.create",
@@ -13329,7 +13348,7 @@ userRoutes.get("/users/:id", async (c) => {
     if (!userRecord) {
       return c.json({ error: "User not found" }, 404);
     }
-    await chunkCZ6BVQZX_cjs.logActivity(
+    await chunkRE3NVA23_cjs.logActivity(
       db,
       user.userId,
       "user!.view",
@@ -13555,7 +13574,7 @@ userRoutes.put("/users/:id", async (c) => {
       userId
     ).run();
     if (newPassword) {
-      const passwordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(newPassword);
+      const passwordHash = await chunkRE3NVA23_cjs.AuthManager.hashPassword(newPassword);
       const updatePasswordStmt = db.prepare(`
         UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?
       `);
@@ -13609,7 +13628,7 @@ userRoutes.put("/users/:id", async (c) => {
         ).run();
       }
     }
-    await chunkCZ6BVQZX_cjs.logActivity(
+    await chunkRE3NVA23_cjs.logActivity(
       db,
       user.userId,
       "user.update",
@@ -13654,7 +13673,7 @@ userRoutes.post("/users/:id/toggle", async (c) => {
       UPDATE users SET is_active = ?, updated_at = ? WHERE id = ?
     `);
     await toggleStmt.bind(active ? 1 : 0, Date.now(), userId).run();
-    await chunkCZ6BVQZX_cjs.logActivity(
+    await chunkRE3NVA23_cjs.logActivity(
       db,
       user.userId,
       active ? "user.activate" : "user.deactivate",
@@ -13695,7 +13714,7 @@ userRoutes.delete("/users/:id", async (c) => {
         DELETE FROM users WHERE id = ?
       `);
       await deleteStmt.bind(userId).run();
-      await chunkCZ6BVQZX_cjs.logActivity(
+      await chunkRE3NVA23_cjs.logActivity(
         db,
         user.userId,
         "user!.hard_delete",
@@ -13714,7 +13733,7 @@ userRoutes.delete("/users/:id", async (c) => {
         UPDATE users SET is_active = 0, updated_at = ? WHERE id = ?
       `);
       await deleteStmt.bind(Date.now(), userId).run();
-      await chunkCZ6BVQZX_cjs.logActivity(
+      await chunkRE3NVA23_cjs.logActivity(
         db,
         user.userId,
         "user!.soft_delete",
@@ -13780,7 +13799,7 @@ userRoutes.post("/invite-user", async (c) => {
       Date.now(),
       Date.now()
     ).run();
-    await chunkCZ6BVQZX_cjs.logActivity(
+    await chunkRE3NVA23_cjs.logActivity(
       db,
       user.userId,
       "user!.invite_sent",
@@ -13837,7 +13856,7 @@ userRoutes.post("/resend-invitation/:id", async (c) => {
       Date.now(),
       userId
     ).run();
-    await chunkCZ6BVQZX_cjs.logActivity(
+    await chunkRE3NVA23_cjs.logActivity(
       db,
       user.userId,
       "user!.invitation_resent",
@@ -13873,7 +13892,7 @@ userRoutes.delete("/cancel-invitation/:id", async (c) => {
     }
     const deleteStmt = db.prepare(`DELETE FROM users WHERE id = ?`);
     await deleteStmt.bind(userId).run();
-    await chunkCZ6BVQZX_cjs.logActivity(
+    await chunkRE3NVA23_cjs.logActivity(
       db,
       user.userId,
       "user!.invitation_cancelled",
@@ -13956,7 +13975,7 @@ userRoutes.get("/activity-logs", async (c) => {
       ...log,
       details: log.details ? JSON.parse(log.details) : null
     }));
-    await chunkCZ6BVQZX_cjs.logActivity(
+    await chunkRE3NVA23_cjs.logActivity(
       db,
       user.userId,
       "activity.logs_viewed",
@@ -14063,7 +14082,7 @@ userRoutes.get("/activity-logs/export", async (c) => {
       csvRows.push(row.join(","));
     }
     const csvContent = csvRows.join("\n");
-    await chunkCZ6BVQZX_cjs.logActivity(
+    await chunkRE3NVA23_cjs.logActivity(
       db,
       user.userId,
       "activity.logs_exported",
@@ -15402,7 +15421,7 @@ var fileValidationSchema2 = zod.z.object({
   // 50MB max
 });
 var adminMediaRoutes = new hono.Hono();
-adminMediaRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
+adminMediaRoutes.use("*", chunkRE3NVA23_cjs.requireAuth());
 adminMediaRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -15988,7 +16007,7 @@ adminMediaRoutes.put("/:id", async (c) => {
     `);
   }
 });
-adminMediaRoutes.delete("/cleanup", chunkCZ6BVQZX_cjs.requireRole("admin"), async (c) => {
+adminMediaRoutes.delete("/cleanup", chunkRE3NVA23_cjs.requireRole("admin"), async (c) => {
   try {
     const db = c.env.DB;
     const allMediaStmt = db.prepare("SELECT id, r2_key, filename FROM media WHERE deleted_at IS NULL");
@@ -18213,8 +18232,8 @@ function renderEmailSettingsContent(plugin, settings) {
 
 // src/routes/admin-plugins.ts
 var adminPluginRoutes = new hono.Hono();
-adminPluginRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
-var AVAILABLE_PLUGINS = Object.values(chunkQ5VFZUXV_cjs.PLUGIN_REGISTRY).map((p) => ({
+adminPluginRoutes.use("*", chunkRE3NVA23_cjs.requireAuth());
+var AVAILABLE_PLUGINS = Object.values(chunk4HCUJ3MG_cjs.PLUGIN_REGISTRY).map((p) => ({
   id: p.id,
   name: p.codeName,
   display_name: p.displayName,
@@ -18234,7 +18253,7 @@ adminPluginRoutes.get("/", async (c) => {
     if (user?.role !== "admin") {
       return c.text("Access denied", 403);
     }
-    const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
+    const pluginService = new chunk4HCUJ3MG_cjs.PluginService(db);
     let installedPlugins = [];
     let stats = { total: 0, active: 0, inactive: 0, errors: 0, uninstalled: 0 };
     try {
@@ -18306,7 +18325,7 @@ adminPluginRoutes.get("/:id", async (c) => {
     if (user?.role !== "admin") {
       return c.redirect("/admin/plugins");
     }
-    const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
+    const pluginService = new chunk4HCUJ3MG_cjs.PluginService(db);
     const plugin = await pluginService.getPlugin(pluginId);
     if (!plugin) {
       return c.text("Plugin not found", 404);
@@ -18314,7 +18333,7 @@ adminPluginRoutes.get("/:id", async (c) => {
     const activity = await pluginService.getPluginActivity(pluginId, 20);
     let enrichedSettings = plugin.settings || {};
     if (pluginId === "otp-login") {
-      const settingsService = new chunkNZWFCUDA_cjs.SettingsService(db);
+      const settingsService = new chunkWAEQXGCX_cjs.SettingsService(db);
       const generalSettings = await settingsService.getGeneralSettings();
       const siteName = generalSettings.siteName || "SonicJS";
       const emailPlugin = await db.prepare(`
@@ -18382,7 +18401,7 @@ adminPluginRoutes.post("/:id/activate", async (c) => {
     if (user?.role !== "admin") {
       return c.json({ error: "Access denied" }, 403);
     }
-    const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
+    const pluginService = new chunk4HCUJ3MG_cjs.PluginService(db);
     await pluginService.activatePlugin(pluginId);
     return c.json({ success: true });
   } catch (error) {
@@ -18399,7 +18418,7 @@ adminPluginRoutes.post("/:id/deactivate", async (c) => {
     if (user?.role !== "admin") {
       return c.json({ error: "Access denied" }, 403);
     }
-    const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
+    const pluginService = new chunk4HCUJ3MG_cjs.PluginService(db);
     await pluginService.deactivatePlugin(pluginId);
     return c.json({ success: true });
   } catch (error) {
@@ -18416,8 +18435,8 @@ adminPluginRoutes.post("/install", async (c) => {
       return c.json({ error: "Access denied" }, 403);
     }
     const body = await c.req.json();
-    const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
-    const registryEntry = chunkQ5VFZUXV_cjs.findPluginByCodeName(body.name) || chunkQ5VFZUXV_cjs.PLUGIN_REGISTRY[body.name] || chunkQ5VFZUXV_cjs.PLUGIN_REGISTRY[body.id];
+    const pluginService = new chunk4HCUJ3MG_cjs.PluginService(db);
+    const registryEntry = chunk4HCUJ3MG_cjs.findPluginByCodeName(body.name) || chunk4HCUJ3MG_cjs.PLUGIN_REGISTRY[body.name] || chunk4HCUJ3MG_cjs.PLUGIN_REGISTRY[body.id];
     if (!registryEntry) {
       return c.json({ error: "Plugin not found in registry" }, 404);
     }
@@ -18450,7 +18469,7 @@ adminPluginRoutes.post("/:id/uninstall", async (c) => {
     if (user?.role !== "admin") {
       return c.json({ error: "Access denied" }, 403);
     }
-    const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
+    const pluginService = new chunk4HCUJ3MG_cjs.PluginService(db);
     await pluginService.uninstallPlugin(pluginId);
     return c.json({ success: true });
   } catch (error) {
@@ -18468,7 +18487,7 @@ adminPluginRoutes.post("/:id/settings", async (c) => {
       return c.json({ error: "Access denied" }, 403);
     }
     const settings = await c.req.json();
-    const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
+    const pluginService = new chunk4HCUJ3MG_cjs.PluginService(db);
     await pluginService.updatePluginSettings(pluginId, settings);
     if (pluginId === "core-auth") {
       try {
@@ -19276,11 +19295,11 @@ function renderLogConfigPage(data) {
 
 // src/routes/admin-logs.ts
 var adminLogsRoutes = new hono.Hono();
-adminLogsRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
+adminLogsRoutes.use("*", chunkRE3NVA23_cjs.requireAuth());
 adminLogsRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
-    const logger = chunkNZWFCUDA_cjs.getLogger(c.env.DB);
+    const logger = chunkWAEQXGCX_cjs.getLogger(c.env.DB);
     const query = c.req.query();
     const page = parseInt(query.page || "1");
     const limit = parseInt(query.limit || "50");
@@ -19360,7 +19379,7 @@ adminLogsRoutes.get("/:id", async (c) => {
   try {
     const id = c.req.param("id");
     const user = c.get("user");
-    const logger = chunkNZWFCUDA_cjs.getLogger(c.env.DB);
+    const logger = chunkWAEQXGCX_cjs.getLogger(c.env.DB);
     const { logs } = await logger.getLogs({
       limit: 1,
       offset: 0,
@@ -19397,7 +19416,7 @@ adminLogsRoutes.get("/:id", async (c) => {
 adminLogsRoutes.get("/config", async (c) => {
   try {
     const user = c.get("user");
-    const logger = chunkNZWFCUDA_cjs.getLogger(c.env.DB);
+    const logger = chunkWAEQXGCX_cjs.getLogger(c.env.DB);
     const configs = await logger.getAllConfigs();
     const pageData = {
       configs,
@@ -19421,7 +19440,7 @@ adminLogsRoutes.post("/config/:category", async (c) => {
     const level = formData.get("level");
     const retention = parseInt(formData.get("retention"));
     const maxSize = parseInt(formData.get("max_size"));
-    const logger = chunkNZWFCUDA_cjs.getLogger(c.env.DB);
+    const logger = chunkWAEQXGCX_cjs.getLogger(c.env.DB);
     await logger.updateConfig(category, {
       enabled,
       level,
@@ -19450,7 +19469,7 @@ adminLogsRoutes.get("/export", async (c) => {
     const category = query.category;
     const startDate = query.start_date;
     const endDate = query.end_date;
-    const logger = chunkNZWFCUDA_cjs.getLogger(c.env.DB);
+    const logger = chunkWAEQXGCX_cjs.getLogger(c.env.DB);
     const filter = {
       limit: 1e4,
       // Export up to 10k logs
@@ -19531,7 +19550,7 @@ adminLogsRoutes.post("/cleanup", async (c) => {
         error: "Unauthorized. Admin access required."
       }, 403);
     }
-    const logger = chunkNZWFCUDA_cjs.getLogger(c.env.DB);
+    const logger = chunkWAEQXGCX_cjs.getLogger(c.env.DB);
     await logger.cleanupByRetention();
     return c.html(html.html`
       <div class="bg-green-100 border border-green-400 text-green-700 px-4 py-3 rounded">
@@ -19553,7 +19572,7 @@ adminLogsRoutes.post("/search", async (c) => {
     const search = formData.get("search");
     const level = formData.get("level");
     const category = formData.get("category");
-    const logger = chunkNZWFCUDA_cjs.getLogger(c.env.DB);
+    const logger = chunkWAEQXGCX_cjs.getLogger(c.env.DB);
     const filter = {
       limit: 20,
       offset: 0,
@@ -21604,9 +21623,9 @@ function renderStorageUsage(databaseSizeBytes, mediaSizeBytes) {
 }
 
 // src/routes/admin-dashboard.ts
-var VERSION = chunkYQW2GCJ3_cjs.getCoreVersion();
+var VERSION = chunkQBLBIAVZ_cjs.getCoreVersion();
 var router = new hono.Hono();
-router.use("*", chunkCZ6BVQZX_cjs.requireAuth());
+router.use("*", chunkRE3NVA23_cjs.requireAuth());
 router.get("/", async (c) => {
   const user = c.get("user");
   try {
@@ -23425,10 +23444,10 @@ function renderCollectionFormPage(data) {
 
 // src/routes/admin-collections.ts
 var adminCollectionsRoutes = new hono.Hono();
-adminCollectionsRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
-adminCollectionsRoutes.post("*", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
-adminCollectionsRoutes.put("*", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
-adminCollectionsRoutes.delete("*", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
+adminCollectionsRoutes.use("*", chunkRE3NVA23_cjs.requireAuth());
+adminCollectionsRoutes.post("*", chunkRE3NVA23_cjs.requireRole(["admin"]));
+adminCollectionsRoutes.put("*", chunkRE3NVA23_cjs.requireRole(["admin"]));
+adminCollectionsRoutes.delete("*", chunkRE3NVA23_cjs.requireRole(["admin"]));
 adminCollectionsRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -24241,6 +24260,43 @@ function renderSettingsPage(data) {
         }
       }
 
+      async function saveSecuritySettings() {
+        const formData = new FormData();
+        const expiry = document.getElementById('jwtExpiresIn');
+        const grace = document.getElementById('jwtRefreshGraceSeconds');
+        if (expiry) formData.append('jwtExpiresIn', expiry.value);
+        if (grace) formData.append('jwtRefreshGraceSeconds', grace.value);
+
+        const saveBtn = document.querySelector('button[onclick="saveSecuritySettings()"]');
+        const originalText = saveBtn ? saveBtn.innerHTML : '';
+        if (saveBtn) {
+          saveBtn.innerHTML = '<svg class="animate-spin -ml-0.5 mr-1.5 h-5 w-5 inline" fill="none" stroke="currentColor" viewBox="0 0 24 24"><circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle><path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4z"></path></svg>Saving...';
+          saveBtn.disabled = true;
+        }
+
+        try {
+          const response = await fetch('/admin/settings/security', {
+            method: 'POST',
+            body: formData
+          });
+          const result = await response.json();
+          if (result.success) {
+            showNotification(result.message || 'Security settings saved successfully!', 'success');
+          } else {
+            showNotification(result.error || 'Failed to save security settings', 'error');
+          }
+        } catch (error) {
+          console.error('Error saving security settings:', error);
+          showNotification('Failed to save security settings. Please try again.', 'error');
+        } finally {
+          if (saveBtn) {
+            saveBtn.innerHTML = originalText;
+            saveBtn.disabled = false;
+          }
+        }
+      }
+      window.saveSecuritySettings = saveSecuritySettings;
+
       // Migration functions
       window.refreshMigrationStatus = async function() {
         try {
@@ -24823,9 +24879,71 @@ function renderAppearanceSettings(settings) {
   `;
 }
 function renderSecuritySettings(settings) {
+  const jwtExpiresIn = settings?.jwtExpiresIn ?? "30d";
+  const jwtRefreshGraceSeconds = typeof settings?.jwtRefreshGraceSeconds === "number" ? settings.jwtRefreshGraceSeconds : 60 * 60 * 24 * 7;
   return `
     <div class="space-y-6">
-      <!-- WIP Notice -->
+      <!-- Session / JWT card (live) -->
+      <div class="rounded-lg bg-white dark:bg-white/5 p-6 ring-1 ring-inset ring-zinc-950/5 dark:ring-white/10">
+        <h3 class="text-lg/7 font-semibold text-zinc-950 dark:text-white">Session / JWT</h3>
+        <p class="mt-1 text-sm/6 text-zinc-500 dark:text-zinc-400">
+          Configure how long a signed-in session lasts and how long an expired token can still be refreshed.
+          The <code class="text-xs">JWT_EXPIRES_IN</code> and <code class="text-xs">JWT_REFRESH_GRACE_SECONDS</code>
+          environment variables, when set, override the values below.
+        </p>
+
+        <div class="mt-6 grid grid-cols-1 md:grid-cols-2 gap-6">
+          <div>
+            <label for="jwtExpiresIn" class="block text-sm/6 font-medium text-zinc-950 dark:text-white mb-2">
+              JWT Expiration
+            </label>
+            <input
+              type="text"
+              id="jwtExpiresIn"
+              name="jwtExpiresIn"
+              value="${jwtExpiresIn}"
+              placeholder="30d"
+              class="w-full rounded-lg bg-white dark:bg-white/5 px-3 py-2 text-sm/6 text-zinc-950 dark:text-white ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-500 dark:placeholder:text-zinc-400 focus:ring-2 focus:ring-inset focus:ring-indigo-500 dark:focus:ring-indigo-400"
+            />
+            <p class="mt-1 text-xs text-zinc-500 dark:text-zinc-400">
+              Accepts <code>30d</code>, <code>12h</code>, <code>3600s</code>, or bare seconds. Default: 30 days.
+            </p>
+          </div>
+
+          <div>
+            <label for="jwtRefreshGraceSeconds" class="block text-sm/6 font-medium text-zinc-950 dark:text-white mb-2">
+              Refresh Grace Window (seconds)
+            </label>
+            <input
+              type="number"
+              id="jwtRefreshGraceSeconds"
+              name="jwtRefreshGraceSeconds"
+              value="${jwtRefreshGraceSeconds}"
+              min="0"
+              max="7776000"
+              class="w-full rounded-lg bg-white dark:bg-white/5 px-3 py-2 text-sm/6 text-zinc-950 dark:text-white ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-500 dark:placeholder:text-zinc-400 focus:ring-2 focus:ring-inset focus:ring-indigo-500 dark:focus:ring-indigo-400"
+            />
+            <p class="mt-1 text-xs text-zinc-500 dark:text-zinc-400">
+              How long an expired token can still be exchanged at <code>/auth/refresh</code>. Default: 604800 (7 days).
+            </p>
+          </div>
+        </div>
+
+        <div class="mt-6 pt-4 border-t border-zinc-950/5 dark:border-white/10 flex justify-end">
+          <button
+            type="button"
+            onclick="saveSecuritySettings()"
+            class="inline-flex items-center justify-center rounded-lg bg-zinc-950 dark:bg-white px-3.5 py-2.5 text-sm font-semibold text-white dark:text-zinc-950 hover:bg-zinc-800 dark:hover:bg-zinc-100 transition-colors shadow-sm"
+          >
+            <svg class="-ml-0.5 mr-1.5 h-5 w-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+              <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
+            </svg>
+            Save Session Settings
+          </button>
+        </div>
+      </div>
+
+      <!-- WIP Notice for remaining fields -->
       <div class="rounded-lg bg-blue-50 dark:bg-blue-950/20 p-6 ring-1 ring-inset ring-blue-600/20 dark:ring-blue-500/30">
         <div class="flex items-start space-x-3">
           <svg class="w-6 h-6 text-blue-600 dark:text-blue-400 mt-0.5 flex-shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
@@ -24834,7 +24952,7 @@ function renderSecuritySettings(settings) {
           <div class="flex-1">
             <h4 class="text-base/7 font-semibold text-blue-900 dark:text-blue-300">Work in Progress</h4>
             <p class="mt-1 text-sm/6 text-blue-700 dark:text-blue-200">
-              This settings section is currently under development and provided for reference and design feedback only. Changes made here will not be saved.
+              The fields below are under development and provided for reference and design feedback only. Changes made here will not be saved.
             </p>
           </div>
         </div>
@@ -25624,7 +25742,7 @@ function renderDatabaseToolsSettings(settings) {
 
 // src/routes/admin-settings.ts
 var adminSettingsRoutes = new hono.Hono();
-adminSettingsRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
+adminSettingsRoutes.use("*", chunkRE3NVA23_cjs.requireAuth());
 function getMockSettings(user) {
   return {
     general: {
@@ -25689,7 +25807,7 @@ adminSettingsRoutes.get("/", (c) => {
 adminSettingsRoutes.get("/general", async (c) => {
   const user = c.get("user");
   const db = c.env.DB;
-  const settingsService = new chunkNZWFCUDA_cjs.SettingsService(db);
+  const settingsService = new chunkWAEQXGCX_cjs.SettingsService(db);
   const generalSettings = await settingsService.getGeneralSettings(user?.email);
   const mockSettings = getMockSettings(user);
   mockSettings.general = generalSettings;
@@ -25719,15 +25837,24 @@ adminSettingsRoutes.get("/appearance", (c) => {
   };
   return c.html(renderSettingsPage(pageData));
 });
-adminSettingsRoutes.get("/security", (c) => {
+adminSettingsRoutes.get("/security", async (c) => {
   const user = c.get("user");
+  const db = c.env.DB;
+  const settingsService = new chunkWAEQXGCX_cjs.SettingsService(db);
+  const persisted = await settingsService.getSecuritySettings();
+  const mockSettings = getMockSettings(user);
+  mockSettings.security = {
+    ...mockSettings.security,
+    jwtExpiresIn: persisted.jwtExpiresIn,
+    jwtRefreshGraceSeconds: persisted.jwtRefreshGraceSeconds
+  };
   const pageData = {
     user: user ? {
       name: user.email,
       email: user.email,
       role: user.role
     } : void 0,
-    settings: getMockSettings(user),
+    settings: mockSettings,
     activeTab: "security",
     version: c.get("appVersion")
   };
@@ -25792,7 +25919,7 @@ adminSettingsRoutes.get("/database-tools", (c) => {
 adminSettingsRoutes.get("/api/migrations/status", async (c) => {
   try {
     const db = c.env.DB;
-    const migrationService = new chunkOCLUXJ7E_cjs.MigrationService(db);
+    const migrationService = new chunkFSWP4FBW_cjs.MigrationService(db);
     const status = await migrationService.getMigrationStatus();
     return c.json({
       success: true,
@@ -25816,7 +25943,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
       }, 403);
     }
     const db = c.env.DB;
-    const migrationService = new chunkOCLUXJ7E_cjs.MigrationService(db);
+    const migrationService = new chunkFSWP4FBW_cjs.MigrationService(db);
     const result = await migrationService.runPendingMigrations();
     return c.json({
       success: result.success,
@@ -25834,7 +25961,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
 adminSettingsRoutes.get("/api/migrations/validate", async (c) => {
   try {
     const db = c.env.DB;
-    const migrationService = new chunkOCLUXJ7E_cjs.MigrationService(db);
+    const migrationService = new chunkFSWP4FBW_cjs.MigrationService(db);
     const validation = await migrationService.validateSchema();
     return c.json({
       success: true,
@@ -26003,7 +26130,7 @@ adminSettingsRoutes.post("/general", async (c) => {
     }
     const formData = await c.req.formData();
     const db = c.env.DB;
-    const settingsService = new chunkNZWFCUDA_cjs.SettingsService(db);
+    const settingsService = new chunkWAEQXGCX_cjs.SettingsService(db);
     const settings = {
       siteName: formData.get("siteName"),
       siteDescription: formData.get("siteDescription"),
@@ -26038,6 +26165,55 @@ adminSettingsRoutes.post("/general", async (c) => {
     }, 500);
   }
 });
+adminSettingsRoutes.post("/security", async (c) => {
+  try {
+    const user = c.get("user");
+    if (!user || user.role !== "admin") {
+      return c.json({
+        success: false,
+        error: "Unauthorized. Admin access required."
+      }, 403);
+    }
+    const formData = await c.req.formData();
+    const db = c.env.DB;
+    const settingsService = new chunkWAEQXGCX_cjs.SettingsService(db);
+    const jwtExpiresInRaw = formData.get("jwtExpiresIn")?.trim() || "";
+    const graceRaw = formData.get("jwtRefreshGraceSeconds")?.trim() || "";
+    if (!/^\d+(?:s|m|h|d)?$/i.test(jwtExpiresInRaw)) {
+      return c.json({
+        success: false,
+        error: "JWT expiration must be a number optionally suffixed with s/m/h/d (e.g. 30d, 12h, 3600)."
+      }, 400);
+    }
+    const graceSeconds = Number.parseInt(graceRaw, 10);
+    if (!Number.isFinite(graceSeconds) || graceSeconds < 0 || graceSeconds > 60 * 60 * 24 * 90) {
+      return c.json({
+        success: false,
+        error: "Refresh grace must be an integer between 0 and 7776000 seconds (90 days)."
+      }, 400);
+    }
+    const success = await settingsService.saveSecuritySettings({
+      jwtExpiresIn: jwtExpiresInRaw,
+      jwtRefreshGraceSeconds: graceSeconds
+    });
+    if (success) {
+      return c.json({
+        success: true,
+        message: "Security settings saved successfully!"
+      });
+    }
+    return c.json({
+      success: false,
+      error: "Failed to save settings"
+    }, 500);
+  } catch (error) {
+    console.error("Error saving security settings:", error);
+    return c.json({
+      success: false,
+      error: "Failed to save settings. Please try again."
+    }, 500);
+  }
+});
 adminSettingsRoutes.post("/", async (c) => {
   return c.redirect("/admin/settings/general");
 });
@@ -27724,7 +27900,7 @@ function renderFormCreatePage(data) {
 
 // src/routes/admin-forms.ts
 var adminFormsRoutes = new hono.Hono();
-adminFormsRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
+adminFormsRoutes.use("*", chunkRE3NVA23_cjs.requireAuth());
 adminFormsRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -28529,7 +28705,7 @@ publicFormsRoutes.post("/:identifier/submit", async (c) => {
     `).bind(now, form.id).run();
     let contentId = null;
     try {
-      contentId = await chunkQ5VFZUXV_cjs.createContentFromSubmission(
+      contentId = await chunk4HCUJ3MG_cjs.createContentFromSubmission(
         db,
         sanitizedData,
         { id: form.id, name: form.name, display_name: form.display_name },
@@ -28703,7 +28879,7 @@ function renderAPIReferencePage(data) {
                 >
                   <option value="">All Categories</option>
                   ${categories.map((category) => {
-    const info = chunkNZWFCUDA_cjs.CATEGORY_INFO[category];
+    const info = chunkWAEQXGCX_cjs.CATEGORY_INFO[category];
     const title = info ? info.title : category;
     return `<option value="${category}">${title}</option>`;
   }).join("\n                  ")}
@@ -28720,7 +28896,7 @@ function renderAPIReferencePage(data) {
       <!-- API Categories -->
       <div class="space-y-6">
         ${Object.entries(endpointsByCategory).map(([category, endpoints]) => {
-    const info = chunkNZWFCUDA_cjs.CATEGORY_INFO[category] || { title: category, description: "", icon: "&#x1f4cb;" };
+    const info = chunkWAEQXGCX_cjs.CATEGORY_INFO[category] || { title: category, description: "", icon: "&#x1f4cb;" };
     return `
             <div class="api-category" data-category="${category}">
               <div class="rounded-lg bg-white dark:bg-zinc-900 shadow-sm ring-1 ring-zinc-950/5 dark:ring-white/10 overflow-hidden">
@@ -28897,14 +29073,14 @@ function renderAPIReferencePage(data) {
 }
 
 // src/routes/admin-api-reference.ts
-var VERSION2 = chunkYQW2GCJ3_cjs.getCoreVersion();
+var VERSION2 = chunkQBLBIAVZ_cjs.getCoreVersion();
 var router2 = new hono.Hono();
-router2.use("*", chunkCZ6BVQZX_cjs.requireAuth());
+router2.use("*", chunkRE3NVA23_cjs.requireAuth());
 router2.get("/", async (c) => {
   const user = c.get("user");
   try {
-    const app2 = chunkNZWFCUDA_cjs.getAppInstance();
-    const endpoints = chunkNZWFCUDA_cjs.buildRouteList(app2);
+    const app2 = chunkWAEQXGCX_cjs.getAppInstance();
+    const endpoints = chunkWAEQXGCX_cjs.buildRouteList(app2);
     const pageData = {
       endpoints,
       user: user ? {
@@ -28990,5 +29166,5 @@ exports.router2 = router2;
 exports.test_cleanup_default = test_cleanup_default;
 exports.userProfilesPlugin = userProfilesPlugin;
 exports.userRoutes = userRoutes;
-//# sourceMappingURL=chunk-6ENX7QSA.cjs.map
-//# sourceMappingURL=chunk-6ENX7QSA.cjs.map
+//# sourceMappingURL=chunk-J5MYHM6Z.cjs.map
+//# sourceMappingURL=chunk-J5MYHM6Z.cjs.map