npm - @sonicjs-cms/core - Versions diffs - 2.17.2 → 2.18.1 - Mend

@sonicjs-cms/core 2.17.2 → 2.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

package/dist/{chunk-ITGOUYVN.js → chunk-4R3NOOL3.js} +2 -2
package/dist/{chunk-ITGOUYVN.js.map → chunk-4R3NOOL3.js.map} +1 -1
package/dist/{chunk-LVGB5UU5.cjs → chunk-C54YUA23.cjs} +2 -2
package/dist/{chunk-LVGB5UU5.cjs.map → chunk-C54YUA23.cjs.map} +1 -1
package/dist/{chunk-P4RAIX7B.cjs → chunk-DSUJ5YQH.cjs} +8 -8
package/dist/{chunk-P4RAIX7B.cjs.map → chunk-DSUJ5YQH.cjs.map} +1 -1
package/dist/{chunk-NAYUXSNR.js → chunk-EW5NOBVU.js} +9 -3
package/dist/chunk-EW5NOBVU.js.map +1 -0
package/dist/{chunk-K6QVIOTA.js → chunk-I2H5NGJQ.js} +4 -4
package/dist/{chunk-K6QVIOTA.js.map → chunk-I2H5NGJQ.js.map} +1 -1
package/dist/{chunk-I2Z72YTD.js → chunk-MGFRZO24.js} +3 -3
package/dist/{chunk-I2Z72YTD.js.map → chunk-MGFRZO24.js.map} +1 -1
package/dist/{chunk-Q3W6LCEN.cjs → chunk-SQ6FNXU2.cjs} +3 -3
package/dist/{chunk-Q3W6LCEN.cjs.map → chunk-SQ6FNXU2.cjs.map} +1 -1
package/dist/{chunk-2VY2G7OR.cjs → chunk-SXXTQETM.cjs} +245 -125
package/dist/chunk-SXXTQETM.cjs.map +1 -0
package/dist/{chunk-FXWF5D5V.cjs → chunk-T3Q5V33G.cjs} +9 -3
package/dist/chunk-T3Q5V33G.cjs.map +1 -0
package/dist/{chunk-KJSZMIBF.js → chunk-XXDFQERJ.js} +131 -12
package/dist/chunk-XXDFQERJ.js.map +1 -0
package/dist/index.cjs +211 -158
package/dist/index.cjs.map +1 -1
package/dist/index.js +80 -27
package/dist/index.js.map +1 -1
package/dist/middleware.cjs +32 -32
package/dist/middleware.js +3 -3
package/dist/migrations-IYNTWDC6.cjs +13 -0
package/dist/{migrations-Q7C6F2RM.cjs.map → migrations-IYNTWDC6.cjs.map} +1 -1
package/dist/migrations-R337UD46.js +4 -0
package/dist/{migrations-IFZLGVV3.js.map → migrations-R337UD46.js.map} +1 -1
package/dist/routes.cjs +28 -28
package/dist/routes.js +5 -5
package/dist/services.cjs +23 -23
package/dist/services.js +2 -2
package/dist/utils.cjs +11 -11
package/dist/utils.js +1 -1
package/package.json +1 -1
package/dist/chunk-2VY2G7OR.cjs.map +0 -1
package/dist/chunk-FXWF5D5V.cjs.map +0 -1
package/dist/chunk-KJSZMIBF.js.map +0 -1
package/dist/chunk-NAYUXSNR.js.map +0 -1
package/dist/migrations-IFZLGVV3.js +0 -4
package/dist/migrations-Q7C6F2RM.cjs +0 -13

package/dist/index.js CHANGED Viewed

@@ -1,12 +1,12 @@
-import { renderConfirmationDialog, getConfirmationDialogScript, api_default, api_media_default, api_system_default, admin_api_default, router, adminCollectionsRoutes, adminFormsRoutes, adminSettingsRoutes, public_forms_default, router2, admin_content_default, adminMediaRoutes, userProfilesPlugin, adminPluginRoutes, adminLogsRoutes, userRoutes, auth_default, test_cleanup_default } from './chunk-KJSZMIBF.js';
-export { ROUTES_INFO, admin_api_default as adminApiRoutes, adminCheckboxRoutes, admin_code_examples_default as adminCodeExamplesRoutes, adminCollectionsRoutes, admin_content_default as adminContentRoutes, router as adminDashboardRoutes, adminDesignRoutes, adminLogsRoutes, adminMediaRoutes, adminPluginRoutes, adminSettingsRoutes, admin_testimonials_default as adminTestimonialsRoutes, userRoutes as adminUsersRoutes, api_content_crud_default as apiContentCrudRoutes, api_media_default as apiMediaRoutes, api_default as apiRoutes, api_system_default as apiSystemRoutes, auth_default as authRoutes, createUserProfilesPlugin, defineUserProfile, getUserProfileConfig, userProfilesPlugin } from './chunk-KJSZMIBF.js';
+import { getCustomData, renderConfirmationDialog, getConfirmationDialogScript, api_default, api_media_default, api_system_default, admin_api_default, router, adminCollectionsRoutes, adminFormsRoutes, adminSettingsRoutes, public_forms_default, router2, admin_content_default, adminMediaRoutes, userProfilesPlugin, adminPluginRoutes, adminLogsRoutes, userRoutes, auth_default, test_cleanup_default } from './chunk-XXDFQERJ.js';
+export { ROUTES_INFO, admin_api_default as adminApiRoutes, adminCheckboxRoutes, admin_code_examples_default as adminCodeExamplesRoutes, adminCollectionsRoutes, admin_content_default as adminContentRoutes, router as adminDashboardRoutes, adminDesignRoutes, adminLogsRoutes, adminMediaRoutes, adminPluginRoutes, adminSettingsRoutes, admin_testimonials_default as adminTestimonialsRoutes, userRoutes as adminUsersRoutes, api_content_crud_default as apiContentCrudRoutes, api_media_default as apiMediaRoutes, api_default as apiRoutes, api_system_default as apiSystemRoutes, auth_default as authRoutes, createUserProfilesPlugin, defineUserProfile, getUserProfileConfig, userProfilesPlugin } from './chunk-XXDFQERJ.js';
 import { SettingsService, setAppInstance, schema_exports } from './chunk-QFWHAFEO.js';
 export { Logger, apiTokens, collections, content, contentVersions, getLogger, initLogger, insertCollectionSchema, insertContentSchema, insertLogConfigSchema, insertMediaSchema, insertPluginActivityLogSchema, insertPluginAssetSchema, insertPluginHookSchema, insertPluginRouteSchema, insertPluginSchema, insertSystemLogSchema, insertUserSchema, insertWorkflowHistorySchema, logConfig, media, pluginActivityLog, pluginAssets, pluginHooks, pluginRoutes, plugins, selectCollectionSchema, selectContentSchema, selectLogConfigSchema, selectMediaSchema, selectPluginActivityLogSchema, selectPluginAssetSchema, selectPluginHookSchema, selectPluginRouteSchema, selectPluginSchema, selectSystemLogSchema, selectUserSchema, selectWorkflowHistorySchema, systemLogs, users, workflowHistory } from './chunk-QFWHAFEO.js';
-import { requireAuth, getJwtExpirySecondsFromDb, AuthManager, metricsMiddleware, bootstrapMiddleware, securityHeadersMiddleware, csrfProtection, requireRole } from './chunk-K6QVIOTA.js';
-export { AuthManager, PermissionManager, bootstrapMiddleware, cacheHeaders, compressionMiddleware, detailedLoggingMiddleware, getActivePlugins, isPluginActive, logActivity, loggingMiddleware, optionalAuth, performanceLoggingMiddleware, requireActivePlugin, requireActivePlugins, requireAnyPermission, requireAuth, requirePermission, requireRole, securityHeadersMiddleware as securityHeaders, securityLoggingMiddleware } from './chunk-K6QVIOTA.js';
-import { PluginService, PLUGIN_REGISTRY } from './chunk-NAYUXSNR.js';
-export { PluginBootstrapService, PluginService as PluginServiceClass, backfillFormSubmissions, cleanupRemovedCollections, createContentFromSubmission, deriveCollectionSchemaFromFormio, deriveSubmissionTitle, fullCollectionSync, getAvailableCollectionNames, getManagedCollections, isCollectionManaged, loadCollectionConfig, loadCollectionConfigs, mapFormStatusToContentStatus, registerCollections, syncAllFormCollections, syncCollection, syncCollections, syncFormCollection, validateCollectionConfig } from './chunk-NAYUXSNR.js';
-export { MigrationService } from './chunk-ITGOUYVN.js';
+import { requireAuth, getJwtExpirySecondsFromDb, AuthManager, metricsMiddleware, bootstrapMiddleware, securityHeadersMiddleware, csrfProtection, requireRole } from './chunk-I2H5NGJQ.js';
+export { AuthManager, PermissionManager, bootstrapMiddleware, cacheHeaders, compressionMiddleware, detailedLoggingMiddleware, getActivePlugins, isPluginActive, logActivity, loggingMiddleware, optionalAuth, performanceLoggingMiddleware, requireActivePlugin, requireActivePlugins, requireAnyPermission, requireAuth, requirePermission, requireRole, securityHeadersMiddleware as securityHeaders, securityLoggingMiddleware } from './chunk-I2H5NGJQ.js';
+import { PluginService, PLUGIN_REGISTRY } from './chunk-EW5NOBVU.js';
+export { PluginBootstrapService, PluginService as PluginServiceClass, backfillFormSubmissions, cleanupRemovedCollections, createContentFromSubmission, deriveCollectionSchemaFromFormio, deriveSubmissionTitle, fullCollectionSync, getAvailableCollectionNames, getManagedCollections, isCollectionManaged, loadCollectionConfig, loadCollectionConfigs, mapFormStatusToContentStatus, registerCollections, syncAllFormCollections, syncCollection, syncCollections, syncFormCollection, validateCollectionConfig } from './chunk-EW5NOBVU.js';
+export { MigrationService } from './chunk-4R3NOOL3.js';
 export { renderFilterBar } from './chunk-ON5ZMSU4.js';
 import { renderAdminLayout } from './chunk-XWIA3HVX.js';
 export { getConfirmationDialogScript, renderAlert, renderConfirmationDialog, renderForm, renderFormField, renderPagination, renderTable } from './chunk-XWIA3HVX.js';
@@ -14,8 +14,8 @@ import { init_admin_layout_catalyst_template, renderAdminLayoutCatalyst } from '
 export { HookSystemImpl, HookUtils, PluginManager as PluginManagerClass, PluginRegistryImpl, PluginValidator as PluginValidatorClass, ScopedHookSystem as ScopedHookSystemClass } from './chunk-TFNTM3OA.js';
 import { PluginBuilder, PluginHelpers } from './chunk-EXNEW5US.js';
 export { PluginBuilder, PluginHelpers } from './chunk-EXNEW5US.js';
-import { package_default, getCoreVersion } from './chunk-I2Z72YTD.js';
-export { QueryFilterBuilder, SONICJS_VERSION, TemplateRenderer, buildQuery, getCoreVersion, renderTemplate, templateRenderer } from './chunk-I2Z72YTD.js';
+import { package_default, getCoreVersion } from './chunk-MGFRZO24.js';
+export { QueryFilterBuilder, SONICJS_VERSION, TemplateRenderer, buildQuery, getCoreVersion, renderTemplate, templateRenderer } from './chunk-MGFRZO24.js';
 import './chunk-X7ZAEI5S.js';
 export { metricsTracker } from './chunk-FICTAGD4.js';
 export { escapeHtml, sanitizeInput, sanitizeObject } from './chunk-TQABQWOP.js';
@@ -1613,7 +1613,27 @@ var OTPService = class {
 };
 // src/plugins/core-plugins/otp-login-plugin/email-templates.ts
+function sanitizeColor(value) {
+  if (!value) return "";
+  if (/^#[0-9a-fA-F]{3,8}$/.test(value)) return value;
+  if (/^[a-zA-Z]+$/.test(value)) return value;
+  if (/^(rgb|rgba|hsl|hsla)\([0-9.,\s%]+\)$/.test(value)) return value;
+  return "";
+}
+function escapeHtml3(value) {
+  return value.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/'/g, "&#39;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+}
 function renderOTPEmailHTML(data) {
+  const logoUrl = data.logoUrl ? escapeHtml3(data.logoUrl) : "";
+  const loginUrl = data.loginUrl ? escapeHtml3(data.loginUrl) : "";
+  const appName = escapeHtml3(data.appName);
+  const loginButtonText = escapeHtml3(
+    data.loginButtonText && data.loginButtonText.trim() || `Sign in to ${data.appName}`
+  );
+  const logoWidth = Math.max(20, Math.min(600, Number(data.logoWidth) || 150));
+  const logoBorderWidth = Math.max(0, Math.min(20, Number(data.logoBorderWidth) || 0));
+  const logoBorderColor = sanitizeColor(data.logoBorderColor);
+  const logoBorderStyle = logoBorderWidth > 0 && logoBorderColor ? `border: ${logoBorderWidth}px solid ${logoBorderColor}; border-radius: 8px;` : "";
   return `<!DOCTYPE html>
 <html>
 <head>
@@ -1625,15 +1645,15 @@ function renderOTPEmailHTML(data) {
   <div style="background: white; border-radius: 12px; overflow: hidden; box-shadow: 0 2px 8px rgba(0,0,0,0.1);">
-    ${data.logoUrl ? `
+    ${logoUrl ? `
     <div style="text-align: center; padding: 30px 20px 20px;">
-      <img src="${data.logoUrl}" alt="Logo" style="max-width: 150px; height: auto;">
+      <img src="${logoUrl}" alt="${appName}" style="max-width: ${logoWidth}px; width: 100%; height: auto; ${logoBorderStyle}">
     </div>
     ` : ""}
     <div style="background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 40px 30px; text-align: center;">
       <h1 style="margin: 0 0 10px 0; font-size: 32px; font-weight: 600;">Your Login Code</h1>
-      <p style="margin: 0; opacity: 0.95; font-size: 16px;">Enter this code to sign in to ${data.appName}</p>
+      <p style="margin: 0; opacity: 0.95; font-size: 16px;">Enter this code to sign in to ${appName}</p>
     </div>
     <div style="padding: 40px 30px;">
@@ -1643,6 +1663,14 @@ function renderOTPEmailHTML(data) {
         </div>
       </div>
+      ${loginUrl ? `
+      <div style="text-align: center; margin: 0 0 30px 0;">
+        <a href="${loginUrl}" style="display: inline-block; background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; text-decoration: none; padding: 14px 32px; border-radius: 8px; font-weight: 600; font-size: 16px;">
+          ${loginButtonText}
+        </a>
+      </div>
+      ` : ""}
       <div style="background: #fff3cd; border-left: 4px solid #ffc107; padding: 16px 20px; margin: 0 0 30px 0; border-radius: 6px;">
         <p style="margin: 0; font-size: 14px; color: #856404;">
           <strong>\u26A0\uFE0F This code expires in ${data.expiryMinutes} minutes</strong>
@@ -1664,7 +1692,7 @@ function renderOTPEmailHTML(data) {
           \u{1F512} Security Notice
         </p>
         <p style="margin: 0; font-size: 13px; color: #004080; line-height: 1.6;">
-          Never share this code with anyone. ${data.appName} will never ask you for this code via phone, email, or social media.
+          Never share this code with anyone. ${appName} will never ask you for this code via phone, email, or social media.
         </p>
       </div>
     </div>
@@ -1676,22 +1704,23 @@ function renderOTPEmailHTML(data) {
       </p>
       <div style="text-align: center; color: #999; font-size: 12px; line-height: 1.6;">
-        <p style="margin: 5px 0;">This email was sent to ${data.email}</p>
-        ${data.ipAddress ? `<p style="margin: 5px 0;">IP Address: ${data.ipAddress}</p>` : ""}
-        <p style="margin: 5px 0;">Time: ${data.timestamp}</p>
+        <p style="margin: 5px 0;">This email was sent to ${escapeHtml3(data.email)}</p>
+        ${data.ipAddress ? `<p style="margin: 5px 0;">IP Address: ${escapeHtml3(data.ipAddress)}</p>` : ""}
+        <p style="margin: 5px 0;">Time: ${escapeHtml3(data.timestamp)}</p>
       </div>
     </div>
   </div>
   <div style="text-align: center; padding: 20px; color: #999; font-size: 12px;">
-    <p style="margin: 0;">&copy; ${(/* @__PURE__ */ new Date()).getFullYear()} ${data.appName}. All rights reserved.</p>
+    <p style="margin: 0;">&copy; ${(/* @__PURE__ */ new Date()).getFullYear()} ${appName}. All rights reserved.</p>
   </div>
 </body>
 </html>`;
 }
 function renderOTPEmailText(data) {
+  const ctaLabel = data.loginButtonText && data.loginButtonText.trim() || `Sign in to ${data.appName}`;
   return `Your Login Code for ${data.appName}
 Your one-time verification code is:
@@ -1699,6 +1728,9 @@ Your one-time verification code is:
 ${data.code}
 This code expires in ${data.expiryMinutes} minutes.
+${data.loginUrl ? `
+${ctaLabel}: ${data.loginUrl}
+` : ""}
 Quick Tips:
 \u2022 Enter the code exactly as shown (${data.codeLength} digits)
@@ -1739,7 +1771,13 @@ var DEFAULT_SETTINGS = {
   codeExpiryMinutes: 10,
   maxAttempts: 3,
   rateLimitPerHour: 5,
-  allowNewUserRegistration: false
+  allowNewUserRegistration: false,
+  logoUrl: "",
+  logoWidth: 150,
+  logoBorderWidth: 0,
+  logoBorderColor: "#ffffff",
+  loginUrl: "",
+  loginButtonText: ""
 };
 function createOTPLoginPlugin() {
   const builder = PluginBuilder.create({
@@ -1829,7 +1867,12 @@ function createOTPLoginPlugin() {
           ipAddress,
           timestamp: (/* @__PURE__ */ new Date()).toISOString(),
           appName: siteName,
-          logoUrl: settings.logoUrl || ""
+          logoUrl: settings.logoUrl || "",
+          logoWidth: settings.logoWidth,
+          logoBorderWidth: settings.logoBorderWidth,
+          logoBorderColor: settings.logoBorderColor || "",
+          loginUrl: settings.loginUrl || "",
+          loginButtonText: settings.loginButtonText || ""
         });
         const emailPlugin2 = await db.prepare(`
           SELECT settings FROM plugins WHERE id = 'email'
@@ -1918,7 +1961,7 @@ function createOTPLoginPlugin() {
         }, 401);
       }
       let user = await db.prepare(`
-        SELECT id, email, role, is_active
+        SELECT id, email, username, first_name, last_name, role, is_active, created_at
         FROM users
         WHERE email = ?
       `).bind(normalizedEmail).first();
@@ -1932,7 +1975,16 @@ function createOTPLoginPlugin() {
             password_hash, role, is_active, email_verified, created_at, updated_at
           ) VALUES (?, ?, ?, '', '', NULL, 'viewer', 1, 1, ?, ?)
         `).bind(userId, normalizedEmail, username, now, now).run();
-        user = { id: userId, email: normalizedEmail, role: "viewer", is_active: 1 };
+        user = {
+          id: userId,
+          email: normalizedEmail,
+          username,
+          first_name: "",
+          last_name: "",
+          role: "viewer",
+          is_active: 1,
+          created_at: now
+        };
       }
       if (!user) {
         return c.json({
@@ -1952,12 +2004,13 @@ function createOTPLoginPlugin() {
         sameSite: "Strict",
         maxAge: tokenTtl
       });
+      const customData = await getCustomData(db, user.id);
+      const { is_active, ...publicUser } = user;
       return c.json({
         success: true,
         user: {
-          id: user.id,
-          email: user.email,
-          role: user.role
+          ...publicUser,
+          ...customData
         },
         token,
         message: "Authentication successful"
@@ -7868,7 +7921,7 @@ adminRoutes4.get("/", async (c) => {
         <div class="divide-y divide-zinc-950/5 dark:divide-white/10">
           ${topPages.length > 0 ? topPages.map((p) => `
             <div class="flex items-center justify-between px-6 py-3">
-              <span class="text-sm text-zinc-700 dark:text-zinc-300 font-mono truncate">${escapeHtml3(p.path)}</span>
+              <span class="text-sm text-zinc-700 dark:text-zinc-300 font-mono truncate">${escapeHtml4(p.path)}</span>
               <span class="text-sm font-medium text-zinc-500 dark:text-zinc-400">${p.views}</span>
             </div>
           `).join("") : `
@@ -7897,7 +7950,7 @@ adminRoutes4.get("/", async (c) => {
             <tbody class="divide-y divide-zinc-950/5 dark:divide-white/10">
               ${recentActivity.length > 0 ? recentActivity.map((a) => `
                 <tr>
-                  <td class="px-6 py-2 font-mono text-zinc-700 dark:text-zinc-300 truncate max-w-xs">${escapeHtml3(a.url || "")}</td>
+                  <td class="px-6 py-2 font-mono text-zinc-700 dark:text-zinc-300 truncate max-w-xs">${escapeHtml4(a.url || "")}</td>
                   <td class="px-6 py-2"><span class="inline-flex items-center rounded px-1.5 py-0.5 text-xs font-medium ${a.method === "GET" ? "bg-green-50 text-green-700 dark:bg-green-900/30 dark:text-green-400" : "bg-blue-50 text-blue-700 dark:bg-blue-900/30 dark:text-blue-400"}">${a.method || ""}</span></td>
                   <td class="px-6 py-2"><span class="inline-flex items-center rounded px-1.5 py-0.5 text-xs font-medium ${(a.status_code || 0) >= 400 ? "bg-red-50 text-red-700 dark:bg-red-900/30 dark:text-red-400" : "bg-green-50 text-green-700 dark:bg-green-900/30 dark:text-green-400"}">${a.status_code || ""}</span></td>
                   <td class="px-6 py-2 text-zinc-500 dark:text-zinc-400">${a.duration || 0}ms</td>
@@ -7927,7 +7980,7 @@ adminRoutes4.get("/", async (c) => {
     dynamicMenuItems: c.get("pluginMenuItems")
   }));
 });
-function escapeHtml3(str) {
+function escapeHtml4(str) {
   return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
 }