npm - @sonicjs-cms/core - Versions diffs - 2.17.2 → 2.18.1 - Mend

@sonicjs-cms/core 2.17.2 → 2.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

package/dist/{chunk-ITGOUYVN.js → chunk-4R3NOOL3.js} +2 -2
package/dist/{chunk-ITGOUYVN.js.map → chunk-4R3NOOL3.js.map} +1 -1
package/dist/{chunk-LVGB5UU5.cjs → chunk-C54YUA23.cjs} +2 -2
package/dist/{chunk-LVGB5UU5.cjs.map → chunk-C54YUA23.cjs.map} +1 -1
package/dist/{chunk-P4RAIX7B.cjs → chunk-DSUJ5YQH.cjs} +8 -8
package/dist/{chunk-P4RAIX7B.cjs.map → chunk-DSUJ5YQH.cjs.map} +1 -1
package/dist/{chunk-NAYUXSNR.js → chunk-EW5NOBVU.js} +9 -3
package/dist/chunk-EW5NOBVU.js.map +1 -0
package/dist/{chunk-K6QVIOTA.js → chunk-I2H5NGJQ.js} +4 -4
package/dist/{chunk-K6QVIOTA.js.map → chunk-I2H5NGJQ.js.map} +1 -1
package/dist/{chunk-I2Z72YTD.js → chunk-MGFRZO24.js} +3 -3
package/dist/{chunk-I2Z72YTD.js.map → chunk-MGFRZO24.js.map} +1 -1
package/dist/{chunk-Q3W6LCEN.cjs → chunk-SQ6FNXU2.cjs} +3 -3
package/dist/{chunk-Q3W6LCEN.cjs.map → chunk-SQ6FNXU2.cjs.map} +1 -1
package/dist/{chunk-2VY2G7OR.cjs → chunk-SXXTQETM.cjs} +245 -125
package/dist/chunk-SXXTQETM.cjs.map +1 -0
package/dist/{chunk-FXWF5D5V.cjs → chunk-T3Q5V33G.cjs} +9 -3
package/dist/chunk-T3Q5V33G.cjs.map +1 -0
package/dist/{chunk-KJSZMIBF.js → chunk-XXDFQERJ.js} +131 -12
package/dist/chunk-XXDFQERJ.js.map +1 -0
package/dist/index.cjs +211 -158
package/dist/index.cjs.map +1 -1
package/dist/index.js +80 -27
package/dist/index.js.map +1 -1
package/dist/middleware.cjs +32 -32
package/dist/middleware.js +3 -3
package/dist/migrations-IYNTWDC6.cjs +13 -0
package/dist/{migrations-Q7C6F2RM.cjs.map → migrations-IYNTWDC6.cjs.map} +1 -1
package/dist/migrations-R337UD46.js +4 -0
package/dist/{migrations-IFZLGVV3.js.map → migrations-R337UD46.js.map} +1 -1
package/dist/routes.cjs +28 -28
package/dist/routes.js +5 -5
package/dist/services.cjs +23 -23
package/dist/services.js +2 -2
package/dist/utils.cjs +11 -11
package/dist/utils.js +1 -1
package/package.json +1 -1
package/dist/chunk-2VY2G7OR.cjs.map +0 -1
package/dist/chunk-FXWF5D5V.cjs.map +0 -1
package/dist/chunk-KJSZMIBF.js.map +0 -1
package/dist/chunk-NAYUXSNR.js.map +0 -1
package/dist/migrations-IFZLGVV3.js +0 -4
package/dist/migrations-Q7C6F2RM.cjs +0 -13

package/dist/{chunk-2VY2G7OR.cjs → chunk-SXXTQETM.cjs} RENAMED Viewed

@@ -1,13 +1,13 @@
 'use strict';
 var chunkWAEQXGCX_cjs = require('./chunk-WAEQXGCX.cjs');
-var chunkP4RAIX7B_cjs = require('./chunk-P4RAIX7B.cjs');
-var chunkFXWF5D5V_cjs = require('./chunk-FXWF5D5V.cjs');
-var chunkLVGB5UU5_cjs = require('./chunk-LVGB5UU5.cjs');
+var chunkDSUJ5YQH_cjs = require('./chunk-DSUJ5YQH.cjs');
+var chunkT3Q5V33G_cjs = require('./chunk-T3Q5V33G.cjs');
+var chunkC54YUA23_cjs = require('./chunk-C54YUA23.cjs');
 var chunkOHYBNCVL_cjs = require('./chunk-OHYBNCVL.cjs');
 var chunkUYJ6TJHX_cjs = require('./chunk-UYJ6TJHX.cjs');
 var chunk635JAMSE_cjs = require('./chunk-635JAMSE.cjs');
-var chunkQ3W6LCEN_cjs = require('./chunk-Q3W6LCEN.cjs');
+var chunkSQ6FNXU2_cjs = require('./chunk-SQ6FNXU2.cjs');
 var chunkRCQ2HIQD_cjs = require('./chunk-RCQ2HIQD.cjs');
 var chunkMNWKYY5E_cjs = require('./chunk-MNWKYY5E.cjs');
 var hono = require('hono');
@@ -189,7 +189,7 @@ apiContentCrudRoutes.get("/:id", async (c) => {
     }, 500);
   }
 });
-apiContentCrudRoutes.post("/", chunkP4RAIX7B_cjs.requireAuth(), chunkP4RAIX7B_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+apiContentCrudRoutes.post("/", chunkDSUJ5YQH_cjs.requireAuth(), chunkDSUJ5YQH_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const db = c.env.DB;
     const user = c.get("user");
@@ -255,7 +255,7 @@ apiContentCrudRoutes.post("/", chunkP4RAIX7B_cjs.requireAuth(), chunkP4RAIX7B_cj
     }, 500);
   }
 });
-apiContentCrudRoutes.put("/:id", chunkP4RAIX7B_cjs.requireAuth(), chunkP4RAIX7B_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+apiContentCrudRoutes.put("/:id", chunkDSUJ5YQH_cjs.requireAuth(), chunkDSUJ5YQH_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const id = c.req.param("id");
     const db = c.env.DB;
@@ -319,7 +319,7 @@ apiContentCrudRoutes.put("/:id", chunkP4RAIX7B_cjs.requireAuth(), chunkP4RAIX7B_
     }, 500);
   }
 });
-apiContentCrudRoutes.delete("/:id", chunkP4RAIX7B_cjs.requireAuth(), chunkP4RAIX7B_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+apiContentCrudRoutes.delete("/:id", chunkDSUJ5YQH_cjs.requireAuth(), chunkDSUJ5YQH_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const id = c.req.param("id");
     const db = c.env.DB;
@@ -355,7 +355,7 @@ apiRoutes.use("*", async (c, next) => {
   c.header("X-Response-Time", `${totalTime}ms`);
 });
 apiRoutes.use("*", async (c, next) => {
-  const cacheEnabled = await chunkP4RAIX7B_cjs.isPluginActive(c.env.DB, "core-cache");
+  const cacheEnabled = await chunkDSUJ5YQH_cjs.isPluginActive(c.env.DB, "core-cache");
   c.set("cacheEnabled", cacheEnabled);
   await next();
 });
@@ -846,7 +846,7 @@ apiRoutes.get("/collections", async (c) => {
     return c.json({ error: "Failed to fetch collections" }, 500);
   }
 });
-apiRoutes.get("/content", chunkP4RAIX7B_cjs.optionalAuth(), async (c) => {
+apiRoutes.get("/content", chunkDSUJ5YQH_cjs.optionalAuth(), async (c) => {
   const executionStart = Date.now();
   try {
     const db = c.env.DB;
@@ -869,13 +869,13 @@ apiRoutes.get("/content", chunkP4RAIX7B_cjs.optionalAuth(), async (c) => {
         });
       }
     }
-    const filter = chunkQ3W6LCEN_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
+    const filter = chunkSQ6FNXU2_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
     const normalizedFilter = normalizePublicContentFilter(filter, c.get("user")?.role);
     if (!normalizedFilter.limit) {
       normalizedFilter.limit = 50;
     }
     normalizedFilter.limit = Math.min(normalizedFilter.limit, 1e3);
-    const builder3 = new chunkQ3W6LCEN_cjs.QueryFilterBuilder();
+    const builder3 = new chunkSQ6FNXU2_cjs.QueryFilterBuilder();
     const queryResult = builder3.build("content", normalizedFilter);
     if (queryResult.errors.length > 0) {
       return c.json({
@@ -947,7 +947,7 @@ apiRoutes.get("/content", chunkP4RAIX7B_cjs.optionalAuth(), async (c) => {
     }, 500);
   }
 });
-apiRoutes.get("/collections/:collection/content", chunkP4RAIX7B_cjs.optionalAuth(), async (c) => {
+apiRoutes.get("/collections/:collection/content", chunkDSUJ5YQH_cjs.optionalAuth(), async (c) => {
   const executionStart = Date.now();
   try {
     const collection = c.req.param("collection");
@@ -958,7 +958,7 @@ apiRoutes.get("/collections/:collection/content", chunkP4RAIX7B_cjs.optionalAuth
     if (!collectionResult) {
       return c.json({ error: "Collection not found" }, 404);
     }
-    const filter = chunkQ3W6LCEN_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
+    const filter = chunkSQ6FNXU2_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
     const normalizedFilter = normalizePublicContentFilter(filter, c.get("user")?.role);
     if (!normalizedFilter.where) {
       normalizedFilter.where = { and: [] };
@@ -975,7 +975,7 @@ apiRoutes.get("/collections/:collection/content", chunkP4RAIX7B_cjs.optionalAuth
       normalizedFilter.limit = 50;
     }
     normalizedFilter.limit = Math.min(normalizedFilter.limit, 1e3);
-    const builder3 = new chunkQ3W6LCEN_cjs.QueryFilterBuilder();
+    const builder3 = new chunkSQ6FNXU2_cjs.QueryFilterBuilder();
     const queryResult = builder3.build("content", normalizedFilter);
     if (queryResult.errors.length > 0) {
       return c.json({
@@ -1096,7 +1096,7 @@ var fileValidationSchema = zod.z.object({
   // 50MB max
 });
 var apiMediaRoutes = new hono.Hono();
-apiMediaRoutes.use("*", chunkP4RAIX7B_cjs.requireAuth());
+apiMediaRoutes.use("*", chunkDSUJ5YQH_cjs.requireAuth());
 apiMediaRoutes.post("/upload", async (c) => {
   try {
     const user = c.get("user");
@@ -1840,8 +1840,8 @@ apiSystemRoutes.get("/env", (c) => {
 });
 var api_system_default = apiSystemRoutes;
 var adminApiRoutes = new hono.Hono();
-adminApiRoutes.use("*", chunkP4RAIX7B_cjs.requireAuth());
-adminApiRoutes.use("*", chunkP4RAIX7B_cjs.requireRole(["admin", "editor"]));
+adminApiRoutes.use("*", chunkDSUJ5YQH_cjs.requireAuth());
+adminApiRoutes.use("*", chunkDSUJ5YQH_cjs.requireRole(["admin", "editor"]));
 adminApiRoutes.get("/stats", async (c) => {
   try {
     const db = c.env.DB;
@@ -2353,7 +2353,7 @@ adminApiRoutes.delete("/collections/:id", async (c) => {
 });
 adminApiRoutes.get("/migrations/status", async (c) => {
   try {
-    const { MigrationService: MigrationService2 } = await import('./migrations-Q7C6F2RM.cjs');
+    const { MigrationService: MigrationService2 } = await import('./migrations-IYNTWDC6.cjs');
     const db = c.env.DB;
     const migrationService = new MigrationService2(db);
     const status = await migrationService.getMigrationStatus();
@@ -2378,7 +2378,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
         error: "Unauthorized. Admin access required."
       }, 403);
     }
-    const { MigrationService: MigrationService2 } = await import('./migrations-Q7C6F2RM.cjs');
+    const { MigrationService: MigrationService2 } = await import('./migrations-IYNTWDC6.cjs');
     const db = c.env.DB;
     const migrationService = new MigrationService2(db);
     const result = await migrationService.runPendingMigrations();
@@ -2400,7 +2400,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
 });
 adminApiRoutes.get("/migrations/validate", async (c) => {
   try {
-    const { MigrationService: MigrationService2 } = await import('./migrations-Q7C6F2RM.cjs');
+    const { MigrationService: MigrationService2 } = await import('./migrations-IYNTWDC6.cjs');
     const db = c.env.DB;
     const migrationService = new MigrationService2(db);
     const validation = await migrationService.validateSchema();
@@ -5153,8 +5153,8 @@ var JWT_SECRET_FALLBACK = "your-super-secret-jwt-key-change-in-production";
 async function setCsrfCookie(c, maxAge) {
   const secret = c.env?.JWT_SECRET || JWT_SECRET_FALLBACK;
   const isDev = c.env?.ENVIRONMENT === "development" || !c.env?.ENVIRONMENT;
-  const csrfToken = await chunkP4RAIX7B_cjs.generateCsrfToken(secret);
-  const cookieMaxAge = await chunkP4RAIX7B_cjs.getJwtExpirySecondsFromDb(c.env?.DB, c.env);
+  const csrfToken = await chunkDSUJ5YQH_cjs.generateCsrfToken(secret);
+  const cookieMaxAge = await chunkDSUJ5YQH_cjs.getJwtExpirySecondsFromDb(c.env?.DB, c.env);
   cookie.setCookie(c, "csrf_token", csrfToken, {
     httpOnly: false,
     secure: !isDev,
@@ -5211,7 +5211,7 @@ var loginSchema = zod.z.object({
 });
 authRoutes.post(
   "/register",
-  chunkP4RAIX7B_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
+  chunkDSUJ5YQH_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
   async (c) => {
     try {
       const db = c.env.DB;
@@ -5248,7 +5248,7 @@ authRoutes.post(
       if (existingUser) {
         return c.json({ error: "User with this email or username already exists" }, 400);
       }
-      const passwordHash = await chunkP4RAIX7B_cjs.AuthManager.hashPassword(password);
+      const passwordHash = await chunkDSUJ5YQH_cjs.AuthManager.hashPassword(password);
       const userId = crypto.randomUUID();
       const now = /* @__PURE__ */ new Date();
       await db.prepare(`
@@ -5282,8 +5282,8 @@ authRoutes.post(
           await saveCustomData(db, userId, sanitized);
         }
       }
-      const tokenTtl = await chunkP4RAIX7B_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
-      const token = await chunkP4RAIX7B_cjs.AuthManager.generateToken(userId, normalizedEmail, "viewer", c.env.JWT_SECRET, tokenTtl);
+      const tokenTtl = await chunkDSUJ5YQH_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
+      const token = await chunkDSUJ5YQH_cjs.AuthManager.generateToken(userId, normalizedEmail, "viewer", c.env.JWT_SECRET, tokenTtl);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: true,
@@ -5316,7 +5316,7 @@ authRoutes.post(
 );
 authRoutes.post(
   "/login",
-  chunkP4RAIX7B_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
+  chunkDSUJ5YQH_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
   async (c) => {
     try {
       const body = await c.req.json();
@@ -5339,20 +5339,20 @@ authRoutes.post(
       if (!user) {
         return c.json({ error: "Invalid email or password" }, 401);
       }
-      const isValidPassword = await chunkP4RAIX7B_cjs.AuthManager.verifyPassword(password, user.password_hash);
+      const isValidPassword = await chunkDSUJ5YQH_cjs.AuthManager.verifyPassword(password, user.password_hash);
       if (!isValidPassword) {
         return c.json({ error: "Invalid email or password" }, 401);
       }
-      if (chunkP4RAIX7B_cjs.AuthManager.isLegacyHash(user.password_hash)) {
+      if (chunkDSUJ5YQH_cjs.AuthManager.isLegacyHash(user.password_hash)) {
         try {
-          const newHash = await chunkP4RAIX7B_cjs.AuthManager.hashPassword(password);
+          const newHash = await chunkDSUJ5YQH_cjs.AuthManager.hashPassword(password);
           await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(newHash, Date.now(), user.id).run();
         } catch (rehashError) {
           console.error("Password rehash failed (non-fatal):", rehashError);
         }
       }
-      const tokenTtl = await chunkP4RAIX7B_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
-      const token = await chunkP4RAIX7B_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET, tokenTtl);
+      const tokenTtl = await chunkDSUJ5YQH_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
+      const token = await chunkDSUJ5YQH_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET, tokenTtl);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: true,
@@ -5404,7 +5404,7 @@ authRoutes.get("/logout", (c) => {
   clearCsrfCookie(c);
   return c.redirect("/auth/login?message=You have been logged out successfully");
 });
-authRoutes.get("/me", chunkP4RAIX7B_cjs.requireAuth(), async (c) => {
+authRoutes.get("/me", chunkDSUJ5YQH_cjs.requireAuth(), async (c) => {
   try {
     const user = c.get("user");
     if (!user) {
@@ -5415,7 +5415,8 @@ authRoutes.get("/me", chunkP4RAIX7B_cjs.requireAuth(), async (c) => {
     if (!userData) {
       return c.json({ error: "User not found" }, 404);
     }
-    return c.json({ user: userData });
+    const customData = await getCustomData(db, user.userId);
+    return c.json({ user: { ...userData, ...customData } });
   } catch (error) {
     console.error("Get user error:", error);
     return c.json({ error: "Failed to get user" }, 500);
@@ -5423,7 +5424,7 @@ authRoutes.get("/me", chunkP4RAIX7B_cjs.requireAuth(), async (c) => {
 });
 authRoutes.post(
   "/refresh",
-  chunkP4RAIX7B_cjs.rateLimit({ max: 60, windowMs: 60 * 1e3, keyPrefix: "refresh" }),
+  chunkDSUJ5YQH_cjs.rateLimit({ max: 60, windowMs: 60 * 1e3, keyPrefix: "refresh" }),
   async (c) => {
     try {
       let token = c.req.header("Authorization")?.replace("Bearer ", "");
@@ -5432,8 +5433,8 @@ authRoutes.post(
         return c.json({ error: "Authentication required" }, 401);
       }
       const db = c.env.DB;
-      const grace = await chunkP4RAIX7B_cjs.getJwtRefreshGraceSecondsFromDb(db, c.env);
-      const payload = await chunkP4RAIX7B_cjs.AuthManager.verifyToken(token, c.env.JWT_SECRET, grace);
+      const grace = await chunkDSUJ5YQH_cjs.getJwtRefreshGraceSecondsFromDb(db, c.env);
+      const payload = await chunkDSUJ5YQH_cjs.AuthManager.verifyToken(token, c.env.JWT_SECRET, grace);
       if (!payload) {
         return c.json({ error: "Invalid or expired token" }, 401);
       }
@@ -5441,8 +5442,8 @@ authRoutes.post(
       if (!row || !row.is_active) {
         return c.json({ error: "User is not active" }, 401);
       }
-      const tokenTtl = await chunkP4RAIX7B_cjs.getJwtExpirySecondsFromDb(db, c.env);
-      const newToken = await chunkP4RAIX7B_cjs.AuthManager.generateToken(row.id, row.email, row.role, c.env.JWT_SECRET, tokenTtl);
+      const tokenTtl = await chunkDSUJ5YQH_cjs.getJwtExpirySecondsFromDb(db, c.env);
+      const newToken = await chunkDSUJ5YQH_cjs.AuthManager.generateToken(row.id, row.email, row.role, c.env.JWT_SECRET, tokenTtl);
       cookie.setCookie(c, "auth_token", newToken, {
         httpOnly: true,
         secure: true,
@@ -5462,7 +5463,7 @@ authRoutes.post(
 );
 authRoutes.post(
   "/register/form",
-  chunkP4RAIX7B_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
+  chunkDSUJ5YQH_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
   async (c) => {
     try {
       const db = c.env.DB;
@@ -5509,7 +5510,7 @@ authRoutes.post(
         </div>
       `);
       }
-      const passwordHash = await chunkP4RAIX7B_cjs.AuthManager.hashPassword(password);
+      const passwordHash = await chunkDSUJ5YQH_cjs.AuthManager.hashPassword(password);
       const role = isFirstUser ? "admin" : "viewer";
       const userId = crypto.randomUUID();
       const now = /* @__PURE__ */ new Date();
@@ -5544,8 +5545,8 @@ authRoutes.post(
           await saveCustomData(db, userId, sanitized);
         }
       }
-      const tokenTtl = await chunkP4RAIX7B_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
-      const token = await chunkP4RAIX7B_cjs.AuthManager.generateToken(userId, normalizedEmail, role, c.env.JWT_SECRET, tokenTtl);
+      const tokenTtl = await chunkDSUJ5YQH_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
+      const token = await chunkDSUJ5YQH_cjs.AuthManager.generateToken(userId, normalizedEmail, role, c.env.JWT_SECRET, tokenTtl);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: false,
@@ -5577,7 +5578,7 @@ authRoutes.post(
 );
 authRoutes.post(
   "/login/form",
-  chunkP4RAIX7B_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
+  chunkDSUJ5YQH_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
   async (c) => {
     try {
       const formData = await c.req.formData();
@@ -5601,7 +5602,7 @@ authRoutes.post(
         </div>
       `);
       }
-      const isValidPassword = await chunkP4RAIX7B_cjs.AuthManager.verifyPassword(password, user.password_hash);
+      const isValidPassword = await chunkDSUJ5YQH_cjs.AuthManager.verifyPassword(password, user.password_hash);
       if (!isValidPassword) {
         return c.html(html.html`
         <div class="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded">
@@ -5609,16 +5610,16 @@ authRoutes.post(
         </div>
       `);
       }
-      if (chunkP4RAIX7B_cjs.AuthManager.isLegacyHash(user.password_hash)) {
+      if (chunkDSUJ5YQH_cjs.AuthManager.isLegacyHash(user.password_hash)) {
         try {
-          const newHash = await chunkP4RAIX7B_cjs.AuthManager.hashPassword(password);
+          const newHash = await chunkDSUJ5YQH_cjs.AuthManager.hashPassword(password);
           await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(newHash, Date.now(), user.id).run();
         } catch (rehashError) {
           console.error("Password rehash failed (non-fatal):", rehashError);
         }
       }
-      const tokenTtl = await chunkP4RAIX7B_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
-      const token = await chunkP4RAIX7B_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET, tokenTtl);
+      const tokenTtl = await chunkDSUJ5YQH_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
+      const token = await chunkDSUJ5YQH_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET, tokenTtl);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: false,
@@ -5659,7 +5660,7 @@ authRoutes.post(
 );
 authRoutes.post(
   "/seed-admin",
-  chunkP4RAIX7B_cjs.rateLimit({ max: 10, windowMs: 60 * 1e3, keyPrefix: "seed-admin" }),
+  chunkDSUJ5YQH_cjs.rateLimit({ max: 10, windowMs: 60 * 1e3, keyPrefix: "seed-admin" }),
   async (c) => {
     try {
       const db = c.env.DB;
@@ -5681,7 +5682,7 @@ authRoutes.post(
     `).run();
       const existingAdmin = await db.prepare("SELECT id FROM users WHERE email = ? OR username = ?").bind("admin@sonicjs.com", "admin").first();
       if (existingAdmin) {
-        const passwordHash2 = await chunkP4RAIX7B_cjs.AuthManager.hashPassword("sonicjs!");
+        const passwordHash2 = await chunkDSUJ5YQH_cjs.AuthManager.hashPassword("sonicjs!");
         await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(passwordHash2, Date.now(), existingAdmin.id).run();
         return c.json({
           message: "Admin user already exists (password updated)",
@@ -5693,7 +5694,7 @@ authRoutes.post(
           }
         });
       }
-      const passwordHash = await chunkP4RAIX7B_cjs.AuthManager.hashPassword("sonicjs!");
+      const passwordHash = await chunkDSUJ5YQH_cjs.AuthManager.hashPassword("sonicjs!");
       const userId = "admin-user-id";
       const now = Date.now();
       const adminEmail = "admin@sonicjs.com".toLowerCase();
@@ -5914,7 +5915,7 @@ authRoutes.post("/accept-invitation", async (c) => {
     if (existingUsername) {
       return c.json({ error: "Username is already taken" }, 400);
     }
-    const passwordHash = await chunkP4RAIX7B_cjs.AuthManager.hashPassword(password);
+    const passwordHash = await chunkDSUJ5YQH_cjs.AuthManager.hashPassword(password);
     const updateStmt = db.prepare(`
       UPDATE users SET
         username = ?,
@@ -5933,8 +5934,8 @@ authRoutes.post("/accept-invitation", async (c) => {
       Date.now(),
       invitedUser.id
     ).run();
-    const tokenTtl = await chunkP4RAIX7B_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
-    const authToken = await chunkP4RAIX7B_cjs.AuthManager.generateToken(invitedUser.id, invitedUser.email, invitedUser.role, c.env.JWT_SECRET, tokenTtl);
+    const tokenTtl = await chunkDSUJ5YQH_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
+    const authToken = await chunkDSUJ5YQH_cjs.AuthManager.generateToken(invitedUser.id, invitedUser.email, invitedUser.role, c.env.JWT_SECRET, tokenTtl);
     cookie.setCookie(c, "auth_token", authToken, {
       httpOnly: true,
       secure: true,
@@ -5950,7 +5951,7 @@ authRoutes.post("/accept-invitation", async (c) => {
 });
 authRoutes.post(
   "/request-password-reset",
-  chunkP4RAIX7B_cjs.rateLimit({ max: 3, windowMs: 15 * 60 * 1e3, keyPrefix: "password-reset" }),
+  chunkDSUJ5YQH_cjs.rateLimit({ max: 3, windowMs: 15 * 60 * 1e3, keyPrefix: "password-reset" }),
   async (c) => {
     try {
       const formData = await c.req.formData();
@@ -6168,7 +6169,7 @@ authRoutes.post("/reset-password", async (c) => {
     if (Date.now() > user.password_reset_expires) {
       return c.json({ error: "Reset token has expired" }, 400);
     }
-    const newPasswordHash = await chunkP4RAIX7B_cjs.AuthManager.hashPassword(password);
+    const newPasswordHash = await chunkDSUJ5YQH_cjs.AuthManager.hashPassword(password);
     try {
       const historyStmt = db.prepare(`
         INSERT INTO password_history (id, user_id, password_hash, created_at)
@@ -9544,9 +9545,9 @@ function parseFieldValue(field, formData, options = {}) {
   const { skipValidation = false } = options;
   const value = formData.get(field.field_name);
   const errors = [];
-  const blocksConfig = chunkQ3W6LCEN_cjs.getBlocksFieldConfig(field.field_options);
+  const blocksConfig = chunkSQ6FNXU2_cjs.getBlocksFieldConfig(field.field_options);
   if (blocksConfig) {
-    const parsed = chunkQ3W6LCEN_cjs.parseBlocksValue(value, blocksConfig);
+    const parsed = chunkSQ6FNXU2_cjs.parseBlocksValue(value, blocksConfig);
     if (!skipValidation && field.is_required && parsed.value.length === 0) {
       parsed.errors.push(`${field.field_label} is required`);
     }
@@ -9656,7 +9657,7 @@ function extractFieldData(fields, formData, options = {}) {
   }
   return { data, errors };
 }
-adminContentRoutes.use("*", chunkP4RAIX7B_cjs.requireAuth());
+adminContentRoutes.use("*", chunkDSUJ5YQH_cjs.requireAuth());
 async function getCollectionFields(db, collectionId) {
   const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.collection);
   return cache.getOrSet(
@@ -9933,21 +9934,21 @@ adminContentRoutes.get("/new", async (c) => {
     const tinymceEnabled = await isPluginActive2(db, "tinymce-plugin");
     let tinymceSettings;
     if (tinymceEnabled) {
-      const pluginService = new chunkFXWF5D5V_cjs.PluginService(db);
+      const pluginService = new chunkT3Q5V33G_cjs.PluginService(db);
       const tinymcePlugin2 = await pluginService.getPlugin("tinymce-plugin");
       tinymceSettings = tinymcePlugin2?.settings;
     }
     const quillEnabled = await isPluginActive2(db, "quill-editor");
     let quillSettings;
     if (quillEnabled) {
-      const pluginService = new chunkFXWF5D5V_cjs.PluginService(db);
+      const pluginService = new chunkT3Q5V33G_cjs.PluginService(db);
       const quillPlugin = await pluginService.getPlugin("quill-editor");
       quillSettings = quillPlugin?.settings;
     }
     const mdxeditorEnabled = await isPluginActive2(db, "easy-mdx");
     let mdxeditorSettings;
     if (mdxeditorEnabled) {
-      const pluginService = new chunkFXWF5D5V_cjs.PluginService(db);
+      const pluginService = new chunkT3Q5V33G_cjs.PluginService(db);
       const mdxeditorPlugin = await pluginService.getPlugin("easy-mdx");
       mdxeditorSettings = mdxeditorPlugin?.settings;
     }
@@ -10038,21 +10039,21 @@ adminContentRoutes.get("/:id/edit", async (c) => {
     const tinymceEnabled = await isPluginActive2(db, "tinymce-plugin");
     let tinymceSettings;
     if (tinymceEnabled) {
-      const pluginService = new chunkFXWF5D5V_cjs.PluginService(db);
+      const pluginService = new chunkT3Q5V33G_cjs.PluginService(db);
       const tinymcePlugin2 = await pluginService.getPlugin("tinymce-plugin");
       tinymceSettings = tinymcePlugin2?.settings;
     }
     const quillEnabled = await isPluginActive2(db, "quill-editor");
     let quillSettings;
     if (quillEnabled) {
-      const pluginService = new chunkFXWF5D5V_cjs.PluginService(db);
+      const pluginService = new chunkT3Q5V33G_cjs.PluginService(db);
       const quillPlugin = await pluginService.getPlugin("quill-editor");
       quillSettings = quillPlugin?.settings;
     }
     const mdxeditorEnabled = await isPluginActive2(db, "easy-mdx");
     let mdxeditorSettings;
     if (mdxeditorEnabled) {
-      const pluginService = new chunkFXWF5D5V_cjs.PluginService(db);
+      const pluginService = new chunkT3Q5V33G_cjs.PluginService(db);
       const mdxeditorPlugin = await pluginService.getPlugin("easy-mdx");
       mdxeditorSettings = mdxeditorPlugin?.settings;
     }
@@ -10347,7 +10348,7 @@ adminContentRoutes.put("/:id", async (c) => {
     `);
   }
 });
-adminContentRoutes.post("/preview", chunkP4RAIX7B_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+adminContentRoutes.post("/preview", chunkDSUJ5YQH_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const formData = await c.req.formData();
     const collectionId = formData.get("collection_id");
@@ -10725,7 +10726,7 @@ adminContentRoutes.post("/:id/restore/:version", async (c) => {
     return c.json({ success: false, error: "Failed to restore version" });
   }
 });
-adminContentRoutes.get("/:id/version/:version/preview", chunkP4RAIX7B_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+adminContentRoutes.get("/:id/version/:version/preview", chunkDSUJ5YQH_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const id = c.req.param("id");
     const version = parseInt(c.req.param("version") || "0");
@@ -12724,14 +12725,14 @@ function renderUsersListPage(data) {
 // src/routes/admin-users.ts
 var userRoutes = new hono.Hono();
-userRoutes.use("*", chunkP4RAIX7B_cjs.requireAuth());
-userRoutes.use("/users/*", chunkP4RAIX7B_cjs.requireRole(["admin"]));
-userRoutes.use("/users", chunkP4RAIX7B_cjs.requireRole(["admin"]));
-userRoutes.use("/invite-user", chunkP4RAIX7B_cjs.requireRole(["admin"]));
-userRoutes.use("/resend-invitation/*", chunkP4RAIX7B_cjs.requireRole(["admin"]));
-userRoutes.use("/cancel-invitation/*", chunkP4RAIX7B_cjs.requireRole(["admin"]));
-userRoutes.use("/activity-logs", chunkP4RAIX7B_cjs.requireRole(["admin"]));
-userRoutes.use("/activity-logs/*", chunkP4RAIX7B_cjs.requireRole(["admin"]));
+userRoutes.use("*", chunkDSUJ5YQH_cjs.requireAuth());
+userRoutes.use("/users/*", chunkDSUJ5YQH_cjs.requireRole(["admin"]));
+userRoutes.use("/users", chunkDSUJ5YQH_cjs.requireRole(["admin"]));
+userRoutes.use("/invite-user", chunkDSUJ5YQH_cjs.requireRole(["admin"]));
+userRoutes.use("/resend-invitation/*", chunkDSUJ5YQH_cjs.requireRole(["admin"]));
+userRoutes.use("/cancel-invitation/*", chunkDSUJ5YQH_cjs.requireRole(["admin"]));
+userRoutes.use("/activity-logs", chunkDSUJ5YQH_cjs.requireRole(["admin"]));
+userRoutes.use("/activity-logs/*", chunkDSUJ5YQH_cjs.requireRole(["admin"]));
 userRoutes.get("/", (c) => {
   return c.redirect("/admin/dashboard");
 });
@@ -12901,7 +12902,7 @@ userRoutes.put("/profile", async (c) => {
       }
       await saveCustomData(db, user.userId, sanitized);
     }
-    await chunkP4RAIX7B_cjs.logActivity(
+    await chunkDSUJ5YQH_cjs.logActivity(
       db,
       user.userId,
       "profile.update",
@@ -12964,7 +12965,7 @@ userRoutes.post("/profile/avatar", async (c) => {
       SELECT first_name, last_name FROM users WHERE id = ?
     `);
     const userData = await userStmt.bind(user.userId).first();
-    await chunkP4RAIX7B_cjs.logActivity(
+    await chunkDSUJ5YQH_cjs.logActivity(
       db,
       user.userId,
       "profile.avatar_update",
@@ -13035,7 +13036,7 @@ userRoutes.post("/profile/password", async (c) => {
         dismissible: true
       }));
     }
-    const validPassword = await chunkP4RAIX7B_cjs.AuthManager.verifyPassword(currentPassword, userData.password_hash);
+    const validPassword = await chunkDSUJ5YQH_cjs.AuthManager.verifyPassword(currentPassword, userData.password_hash);
     if (!validPassword) {
       return c.html(renderAlert2({
         type: "error",
@@ -13043,7 +13044,7 @@ userRoutes.post("/profile/password", async (c) => {
         dismissible: true
       }));
     }
-    const newPasswordHash = await chunkP4RAIX7B_cjs.AuthManager.hashPassword(newPassword);
+    const newPasswordHash = await chunkDSUJ5YQH_cjs.AuthManager.hashPassword(newPassword);
     const historyStmt = db.prepare(`
       INSERT INTO password_history (id, user_id, password_hash, created_at)
       VALUES (?, ?, ?, ?)
@@ -13059,7 +13060,7 @@ userRoutes.post("/profile/password", async (c) => {
       WHERE id = ?
     `);
     await updateStmt.bind(newPasswordHash, Date.now(), user.userId).run();
-    await chunkP4RAIX7B_cjs.logActivity(
+    await chunkDSUJ5YQH_cjs.logActivity(
       db,
       user.userId,
       "profile.password_change",
@@ -13126,7 +13127,7 @@ userRoutes.get("/users", async (c) => {
     `);
     const countResult = await countStmt.bind(...params).first();
     const totalUsers = countResult?.total || 0;
-    await chunkP4RAIX7B_cjs.logActivity(
+    await chunkDSUJ5YQH_cjs.logActivity(
       db,
       user.userId,
       "users.list_view",
@@ -13284,7 +13285,7 @@ userRoutes.post("/users/new", async (c) => {
         dismissible: true
       }));
     }
-    const passwordHash = await chunkP4RAIX7B_cjs.AuthManager.hashPassword(password);
+    const passwordHash = await chunkDSUJ5YQH_cjs.AuthManager.hashPassword(password);
     const userId = crypto.randomUUID();
     const createStmt = db.prepare(`
       INSERT INTO users (
@@ -13307,7 +13308,7 @@ userRoutes.post("/users/new", async (c) => {
       Date.now(),
       Date.now()
     ).run();
-    await chunkP4RAIX7B_cjs.logActivity(
+    await chunkDSUJ5YQH_cjs.logActivity(
       db,
       user.userId,
       "user!.create",
@@ -13346,7 +13347,7 @@ userRoutes.get("/users/:id", async (c) => {
     if (!userRecord) {
       return c.json({ error: "User not found" }, 404);
     }
-    await chunkP4RAIX7B_cjs.logActivity(
+    await chunkDSUJ5YQH_cjs.logActivity(
       db,
       user.userId,
       "user!.view",
@@ -13572,7 +13573,7 @@ userRoutes.put("/users/:id", async (c) => {
       userId
     ).run();
     if (newPassword) {
-      const passwordHash = await chunkP4RAIX7B_cjs.AuthManager.hashPassword(newPassword);
+      const passwordHash = await chunkDSUJ5YQH_cjs.AuthManager.hashPassword(newPassword);
       const updatePasswordStmt = db.prepare(`
         UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?
       `);
@@ -13626,7 +13627,7 @@ userRoutes.put("/users/:id", async (c) => {
         ).run();
       }
     }
-    await chunkP4RAIX7B_cjs.logActivity(
+    await chunkDSUJ5YQH_cjs.logActivity(
       db,
       user.userId,
       "user.update",
@@ -13671,7 +13672,7 @@ userRoutes.post("/users/:id/toggle", async (c) => {
       UPDATE users SET is_active = ?, updated_at = ? WHERE id = ?
     `);
     await toggleStmt.bind(active ? 1 : 0, Date.now(), userId).run();
-    await chunkP4RAIX7B_cjs.logActivity(
+    await chunkDSUJ5YQH_cjs.logActivity(
       db,
       user.userId,
       active ? "user.activate" : "user.deactivate",
@@ -13712,7 +13713,7 @@ userRoutes.delete("/users/:id", async (c) => {
         DELETE FROM users WHERE id = ?
       `);
       await deleteStmt.bind(userId).run();
-      await chunkP4RAIX7B_cjs.logActivity(
+      await chunkDSUJ5YQH_cjs.logActivity(
         db,
         user.userId,
         "user!.hard_delete",
@@ -13731,7 +13732,7 @@ userRoutes.delete("/users/:id", async (c) => {
         UPDATE users SET is_active = 0, updated_at = ? WHERE id = ?
       `);
       await deleteStmt.bind(Date.now(), userId).run();
-      await chunkP4RAIX7B_cjs.logActivity(
+      await chunkDSUJ5YQH_cjs.logActivity(
         db,
         user.userId,
         "user!.soft_delete",
@@ -13797,7 +13798,7 @@ userRoutes.post("/invite-user", async (c) => {
       Date.now(),
       Date.now()
     ).run();
-    await chunkP4RAIX7B_cjs.logActivity(
+    await chunkDSUJ5YQH_cjs.logActivity(
       db,
       user.userId,
       "user!.invite_sent",
@@ -13854,7 +13855,7 @@ userRoutes.post("/resend-invitation/:id", async (c) => {
       Date.now(),
       userId
     ).run();
-    await chunkP4RAIX7B_cjs.logActivity(
+    await chunkDSUJ5YQH_cjs.logActivity(
       db,
       user.userId,
       "user!.invitation_resent",
@@ -13890,7 +13891,7 @@ userRoutes.delete("/cancel-invitation/:id", async (c) => {
     }
     const deleteStmt = db.prepare(`DELETE FROM users WHERE id = ?`);
     await deleteStmt.bind(userId).run();
-    await chunkP4RAIX7B_cjs.logActivity(
+    await chunkDSUJ5YQH_cjs.logActivity(
       db,
       user.userId,
       "user!.invitation_cancelled",
@@ -13973,7 +13974,7 @@ userRoutes.get("/activity-logs", async (c) => {
       ...log,
       details: log.details ? JSON.parse(log.details) : null
     }));
-    await chunkP4RAIX7B_cjs.logActivity(
+    await chunkDSUJ5YQH_cjs.logActivity(
       db,
       user.userId,
       "activity.logs_viewed",
@@ -14080,7 +14081,7 @@ userRoutes.get("/activity-logs/export", async (c) => {
       csvRows.push(row.join(","));
     }
     const csvContent = csvRows.join("\n");
-    await chunkP4RAIX7B_cjs.logActivity(
+    await chunkDSUJ5YQH_cjs.logActivity(
       db,
       user.userId,
       "activity.logs_exported",
@@ -15419,7 +15420,7 @@ var fileValidationSchema2 = zod.z.object({
   // 50MB max
 });
 var adminMediaRoutes = new hono.Hono();
-adminMediaRoutes.use("*", chunkP4RAIX7B_cjs.requireAuth());
+adminMediaRoutes.use("*", chunkDSUJ5YQH_cjs.requireAuth());
 adminMediaRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -16005,7 +16006,7 @@ adminMediaRoutes.put("/:id", async (c) => {
     `);
   }
 });
-adminMediaRoutes.delete("/cleanup", chunkP4RAIX7B_cjs.requireRole("admin"), async (c) => {
+adminMediaRoutes.delete("/cleanup", chunkDSUJ5YQH_cjs.requireRole("admin"), async (c) => {
   try {
     const db = c.env.DB;
     const allMediaStmt = db.prepare("SELECT id, r2_key, filename FROM media WHERE deleted_at IS NULL");
@@ -17733,6 +17734,13 @@ function renderOTPLoginSettingsContent(plugin, settings) {
   const rateLimitPerHour = settings.rateLimitPerHour || 5;
   const allowNewUserRegistration = settings.allowNewUserRegistration || false;
   const logoUrl = settings.logoUrl || "";
+  const logoWidth = Number(settings.logoWidth) || 150;
+  const logoBorderWidth = Number(settings.logoBorderWidth) || 0;
+  const logoBorderColor = settings.logoBorderColor || "#ffffff";
+  const loginUrl = settings.loginUrl || "";
+  const loginButtonText = settings.loginButtonText || "";
+  const previewButtonText = loginButtonText.trim() || `Sign in to ${siteName}`;
+  const previewLogoBorder = logoBorderWidth > 0 && logoBorderColor ? `border: ${logoBorderWidth}px solid ${escapeHtmlAttr(logoBorderColor)}; border-radius: 8px;` : "";
   return `
     <div class="space-y-6">
       <!-- Test OTP Section -->
@@ -17823,6 +17831,109 @@ function renderOTPLoginSettingsContent(plugin, settings) {
         <h3 class="text-lg font-semibold text-white mb-4">Code Settings</h3>
         <form id="settings-form" class="space-y-4">
+          <div>
+            <label for="setting_logoUrl" class="block text-sm font-medium text-gray-300 mb-2">
+              Logo URL
+            </label>
+            <input
+              type="url"
+              id="setting_logoUrl"
+              name="setting_logoUrl"
+              value="${escapeHtmlAttr(logoUrl)}"
+              placeholder="https://yourdomain.com/logo.png"
+              class="w-full px-3 py-2 rounded-lg bg-white/5 border border-white/10 focus:border-blue-500 focus:outline-none text-white"
+            />
+            <p class="text-xs text-gray-500 mt-1">Optional. Displayed at the top of the OTP email.</p>
+          </div>
+          <div class="grid grid-cols-1 md:grid-cols-3 gap-4">
+            <div>
+              <label for="setting_logoWidth" class="block text-sm font-medium text-gray-300 mb-2">
+                Logo Width (px)
+              </label>
+              <input
+                type="number"
+                id="setting_logoWidth"
+                name="setting_logoWidth"
+                min="20"
+                max="600"
+                value="${logoWidth}"
+                class="w-full px-3 py-2 rounded-lg bg-white/5 border border-white/10 focus:border-blue-500 focus:outline-none text-white"
+              />
+              <p class="text-xs text-gray-500 mt-1">Max width of the logo (20-600).</p>
+            </div>
+            <div>
+              <label for="setting_logoBorderWidth" class="block text-sm font-medium text-gray-300 mb-2">
+                Border Thickness (px)
+              </label>
+              <input
+                type="number"
+                id="setting_logoBorderWidth"
+                name="setting_logoBorderWidth"
+                min="0"
+                max="20"
+                value="${logoBorderWidth}"
+                class="w-full px-3 py-2 rounded-lg bg-white/5 border border-white/10 focus:border-blue-500 focus:outline-none text-white"
+              />
+              <p class="text-xs text-gray-500 mt-1">0 disables the border.</p>
+            </div>
+            <div>
+              <label for="setting_logoBorderColor" class="block text-sm font-medium text-gray-300 mb-2">
+                Border Color
+              </label>
+              <div class="flex gap-2">
+                <input
+                  type="color"
+                  id="setting_logoBorderColor_picker"
+                  value="${escapeHtmlAttr(/^#[0-9a-fA-F]{6}$/.test(logoBorderColor) ? logoBorderColor : "#ffffff")}"
+                  oninput="document.getElementById('setting_logoBorderColor').value = this.value"
+                  class="w-12 h-10 rounded-lg bg-white/5 border border-white/10 cursor-pointer"
+                />
+                <input
+                  type="text"
+                  id="setting_logoBorderColor"
+                  name="setting_logoBorderColor"
+                  value="${escapeHtmlAttr(logoBorderColor)}"
+                  placeholder="#ffffff"
+                  class="flex-1 px-3 py-2 rounded-lg bg-white/5 border border-white/10 focus:border-blue-500 focus:outline-none text-white"
+                />
+              </div>
+              <p class="text-xs text-gray-500 mt-1">Hex, rgb(), or named color.</p>
+            </div>
+          </div>
+          <div>
+            <label for="setting_loginUrl" class="block text-sm font-medium text-gray-300 mb-2">
+              Login URL
+            </label>
+            <input
+              type="url"
+              id="setting_loginUrl"
+              name="setting_loginUrl"
+              value="${escapeHtmlAttr(loginUrl)}"
+              placeholder="https://yourdomain.com/login"
+              class="w-full px-3 py-2 rounded-lg bg-white/5 border border-white/10 focus:border-blue-500 focus:outline-none text-white"
+            />
+            <p class="text-xs text-gray-500 mt-1">Optional. If set, a "Sign in" button is added to the email.</p>
+          </div>
+          <div>
+            <label for="setting_loginButtonText" class="block text-sm font-medium text-gray-300 mb-2">
+              Login Button Text
+            </label>
+            <input
+              type="text"
+              id="setting_loginButtonText"
+              name="setting_loginButtonText"
+              value="${escapeHtmlAttr(loginButtonText)}"
+              placeholder="Sign in to ${escapeHtmlAttr(siteName)}"
+              class="w-full px-3 py-2 rounded-lg bg-white/5 border border-white/10 focus:border-blue-500 focus:outline-none text-white"
+            />
+            <p class="text-xs text-gray-500 mt-1">Optional. Defaults to "Sign in to ${siteName}".</p>
+          </div>
           <div class="grid grid-cols-1 md:grid-cols-2 gap-4">
             <div>
               <label for="setting_codeLength" class="block text-sm font-medium text-gray-300 mb-2">
@@ -17916,7 +18027,7 @@ function renderOTPLoginSettingsContent(plugin, settings) {
         <div class="bg-white rounded-lg overflow-hidden shadow-lg">
           <div style="background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 30px 20px; text-align: center;">
-            ${logoUrl ? `<img src="${logoUrl}" alt="Logo" style="max-width: 150px; height: auto; margin: 0 auto 16px;">` : ""}
+            ${logoUrl ? `<img src="${escapeHtmlAttr(logoUrl)}" alt="Logo" style="max-width: ${logoWidth}px; width: 100%; height: auto; margin: 0 auto 16px; ${previewLogoBorder}">` : ""}
             <h3 style="margin: 0 0 8px 0; font-size: 24px; font-weight: 600;">Your Login Code</h3>
             <p style="margin: 0; opacity: 0.95; font-size: 14px;">Enter this code to sign in to ${siteName}</p>
           </div>
@@ -17928,6 +18039,14 @@ function renderOTPLoginSettingsContent(plugin, settings) {
               </div>
             </div>
+            ${loginUrl ? `
+            <div style="text-align: center; margin: 0 0 20px 0;">
+              <a href="${escapeHtmlAttr(loginUrl)}" style="display: inline-block; background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; text-decoration: none; padding: 12px 28px; border-radius: 6px; font-weight: 600; font-size: 14px;">
+                ${escapeHtmlAttr(previewButtonText)}
+              </a>
+            </div>
+            ` : ""}
             <div style="background: #fff3cd; border-left: 4px solid #ffc107; padding: 12px 16px; margin: 0 0 20px 0; border-radius: 4px;">
               <p style="margin: 0; font-size: 13px; color: #856404;">
                 <strong>\u26A0\uFE0F This code expires in ${codeExpiryMinutes} minutes</strong>
@@ -18230,8 +18349,8 @@ function renderEmailSettingsContent(plugin, settings) {
 // src/routes/admin-plugins.ts
 var adminPluginRoutes = new hono.Hono();
-adminPluginRoutes.use("*", chunkP4RAIX7B_cjs.requireAuth());
-var AVAILABLE_PLUGINS = Object.values(chunkFXWF5D5V_cjs.PLUGIN_REGISTRY).map((p) => ({
+adminPluginRoutes.use("*", chunkDSUJ5YQH_cjs.requireAuth());
+var AVAILABLE_PLUGINS = Object.values(chunkT3Q5V33G_cjs.PLUGIN_REGISTRY).map((p) => ({
   id: p.id,
   name: p.codeName,
   display_name: p.displayName,
@@ -18251,7 +18370,7 @@ adminPluginRoutes.get("/", async (c) => {
     if (user?.role !== "admin") {
       return c.text("Access denied", 403);
     }
-    const pluginService = new chunkFXWF5D5V_cjs.PluginService(db);
+    const pluginService = new chunkT3Q5V33G_cjs.PluginService(db);
     let installedPlugins = [];
     let stats = { total: 0, active: 0, inactive: 0, errors: 0, uninstalled: 0 };
     try {
@@ -18323,7 +18442,7 @@ adminPluginRoutes.get("/:id", async (c) => {
     if (user?.role !== "admin") {
       return c.redirect("/admin/plugins");
     }
-    const pluginService = new chunkFXWF5D5V_cjs.PluginService(db);
+    const pluginService = new chunkT3Q5V33G_cjs.PluginService(db);
     const plugin = await pluginService.getPlugin(pluginId);
     if (!plugin) {
       return c.text("Plugin not found", 404);
@@ -18399,7 +18518,7 @@ adminPluginRoutes.post("/:id/activate", async (c) => {
     if (user?.role !== "admin") {
       return c.json({ error: "Access denied" }, 403);
     }
-    const pluginService = new chunkFXWF5D5V_cjs.PluginService(db);
+    const pluginService = new chunkT3Q5V33G_cjs.PluginService(db);
     await pluginService.activatePlugin(pluginId);
     return c.json({ success: true });
   } catch (error) {
@@ -18416,7 +18535,7 @@ adminPluginRoutes.post("/:id/deactivate", async (c) => {
     if (user?.role !== "admin") {
       return c.json({ error: "Access denied" }, 403);
     }
-    const pluginService = new chunkFXWF5D5V_cjs.PluginService(db);
+    const pluginService = new chunkT3Q5V33G_cjs.PluginService(db);
     await pluginService.deactivatePlugin(pluginId);
     return c.json({ success: true });
   } catch (error) {
@@ -18433,8 +18552,8 @@ adminPluginRoutes.post("/install", async (c) => {
       return c.json({ error: "Access denied" }, 403);
     }
     const body = await c.req.json();
-    const pluginService = new chunkFXWF5D5V_cjs.PluginService(db);
-    const registryEntry = chunkFXWF5D5V_cjs.findPluginByCodeName(body.name) || chunkFXWF5D5V_cjs.PLUGIN_REGISTRY[body.name] || chunkFXWF5D5V_cjs.PLUGIN_REGISTRY[body.id];
+    const pluginService = new chunkT3Q5V33G_cjs.PluginService(db);
+    const registryEntry = chunkT3Q5V33G_cjs.findPluginByCodeName(body.name) || chunkT3Q5V33G_cjs.PLUGIN_REGISTRY[body.name] || chunkT3Q5V33G_cjs.PLUGIN_REGISTRY[body.id];
     if (!registryEntry) {
       return c.json({ error: "Plugin not found in registry" }, 404);
     }
@@ -18467,7 +18586,7 @@ adminPluginRoutes.post("/:id/uninstall", async (c) => {
     if (user?.role !== "admin") {
       return c.json({ error: "Access denied" }, 403);
     }
-    const pluginService = new chunkFXWF5D5V_cjs.PluginService(db);
+    const pluginService = new chunkT3Q5V33G_cjs.PluginService(db);
     await pluginService.uninstallPlugin(pluginId);
     return c.json({ success: true });
   } catch (error) {
@@ -18485,7 +18604,7 @@ adminPluginRoutes.post("/:id/settings", async (c) => {
       return c.json({ error: "Access denied" }, 403);
     }
     const settings = await c.req.json();
-    const pluginService = new chunkFXWF5D5V_cjs.PluginService(db);
+    const pluginService = new chunkT3Q5V33G_cjs.PluginService(db);
     await pluginService.updatePluginSettings(pluginId, settings);
     if (pluginId === "core-auth") {
       try {
@@ -19293,7 +19412,7 @@ function renderLogConfigPage(data) {
 // src/routes/admin-logs.ts
 var adminLogsRoutes = new hono.Hono();
-adminLogsRoutes.use("*", chunkP4RAIX7B_cjs.requireAuth());
+adminLogsRoutes.use("*", chunkDSUJ5YQH_cjs.requireAuth());
 adminLogsRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -21621,9 +21740,9 @@ function renderStorageUsage(databaseSizeBytes, mediaSizeBytes) {
 }
 // src/routes/admin-dashboard.ts
-var VERSION = chunkQ3W6LCEN_cjs.getCoreVersion();
+var VERSION = chunkSQ6FNXU2_cjs.getCoreVersion();
 var router = new hono.Hono();
-router.use("*", chunkP4RAIX7B_cjs.requireAuth());
+router.use("*", chunkDSUJ5YQH_cjs.requireAuth());
 router.get("/", async (c) => {
   const user = c.get("user");
   try {
@@ -23442,10 +23561,10 @@ function renderCollectionFormPage(data) {
 // src/routes/admin-collections.ts
 var adminCollectionsRoutes = new hono.Hono();
-adminCollectionsRoutes.use("*", chunkP4RAIX7B_cjs.requireAuth());
-adminCollectionsRoutes.post("*", chunkP4RAIX7B_cjs.requireRole(["admin"]));
-adminCollectionsRoutes.put("*", chunkP4RAIX7B_cjs.requireRole(["admin"]));
-adminCollectionsRoutes.delete("*", chunkP4RAIX7B_cjs.requireRole(["admin"]));
+adminCollectionsRoutes.use("*", chunkDSUJ5YQH_cjs.requireAuth());
+adminCollectionsRoutes.post("*", chunkDSUJ5YQH_cjs.requireRole(["admin"]));
+adminCollectionsRoutes.put("*", chunkDSUJ5YQH_cjs.requireRole(["admin"]));
+adminCollectionsRoutes.delete("*", chunkDSUJ5YQH_cjs.requireRole(["admin"]));
 adminCollectionsRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -25740,7 +25859,7 @@ function renderDatabaseToolsSettings(settings) {
 // src/routes/admin-settings.ts
 var adminSettingsRoutes = new hono.Hono();
-adminSettingsRoutes.use("*", chunkP4RAIX7B_cjs.requireAuth());
+adminSettingsRoutes.use("*", chunkDSUJ5YQH_cjs.requireAuth());
 function getMockSettings(user) {
   return {
     general: {
@@ -25917,7 +26036,7 @@ adminSettingsRoutes.get("/database-tools", (c) => {
 adminSettingsRoutes.get("/api/migrations/status", async (c) => {
   try {
     const db = c.env.DB;
-    const migrationService = new chunkLVGB5UU5_cjs.MigrationService(db);
+    const migrationService = new chunkC54YUA23_cjs.MigrationService(db);
     const status = await migrationService.getMigrationStatus();
     return c.json({
       success: true,
@@ -25941,7 +26060,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
       }, 403);
     }
     const db = c.env.DB;
-    const migrationService = new chunkLVGB5UU5_cjs.MigrationService(db);
+    const migrationService = new chunkC54YUA23_cjs.MigrationService(db);
     const result = await migrationService.runPendingMigrations();
     return c.json({
       success: result.success,
@@ -25959,7 +26078,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
 adminSettingsRoutes.get("/api/migrations/validate", async (c) => {
   try {
     const db = c.env.DB;
-    const migrationService = new chunkLVGB5UU5_cjs.MigrationService(db);
+    const migrationService = new chunkC54YUA23_cjs.MigrationService(db);
     const validation = await migrationService.validateSchema();
     return c.json({
       success: true,
@@ -27898,7 +28017,7 @@ function renderFormCreatePage(data) {
 // src/routes/admin-forms.ts
 var adminFormsRoutes = new hono.Hono();
-adminFormsRoutes.use("*", chunkP4RAIX7B_cjs.requireAuth());
+adminFormsRoutes.use("*", chunkDSUJ5YQH_cjs.requireAuth());
 adminFormsRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -28703,7 +28822,7 @@ publicFormsRoutes.post("/:identifier/submit", async (c) => {
     `).bind(now, form.id).run();
     let contentId = null;
     try {
-      contentId = await chunkFXWF5D5V_cjs.createContentFromSubmission(
+      contentId = await chunkT3Q5V33G_cjs.createContentFromSubmission(
         db,
         sanitizedData,
         { id: form.id, name: form.name, display_name: form.display_name },
@@ -29071,9 +29190,9 @@ function renderAPIReferencePage(data) {
 }
 // src/routes/admin-api-reference.ts
-var VERSION2 = chunkQ3W6LCEN_cjs.getCoreVersion();
+var VERSION2 = chunkSQ6FNXU2_cjs.getCoreVersion();
 var router2 = new hono.Hono();
-router2.use("*", chunkP4RAIX7B_cjs.requireAuth());
+router2.use("*", chunkDSUJ5YQH_cjs.requireAuth());
 router2.get("/", async (c) => {
   const user = c.get("user");
   try {
@@ -29156,6 +29275,7 @@ exports.auth_default = auth_default;
 exports.createUserProfilesPlugin = createUserProfilesPlugin;
 exports.defineUserProfile = defineUserProfile;
 exports.getConfirmationDialogScript = getConfirmationDialogScript2;
+exports.getCustomData = getCustomData;
 exports.getUserProfileConfig = getUserProfileConfig;
 exports.public_forms_default = public_forms_default;
 exports.renderConfirmationDialog = renderConfirmationDialog2;
@@ -29164,5 +29284,5 @@ exports.router2 = router2;
 exports.test_cleanup_default = test_cleanup_default;
 exports.userProfilesPlugin = userProfilesPlugin;
 exports.userRoutes = userRoutes;
-//# sourceMappingURL=chunk-2VY2G7OR.cjs.map
-//# sourceMappingURL=chunk-2VY2G7OR.cjs.map
+//# sourceMappingURL=chunk-SXXTQETM.cjs.map
+//# sourceMappingURL=chunk-SXXTQETM.cjs.map