@sonicjs-cms/core 2.18.1 → 3.0.0-beta.10

package/dist/middleware.cjs

@@ -1,128 +1,134 @@
 'use strict';
 
-var chunkDSUJ5YQH_cjs = require('./chunk-DSUJ5YQH.cjs');
-require('./chunk-T3Q5V33G.cjs');
-require('./chunk-C54YUA23.cjs');
+var chunkMUNO67TT_cjs = require('./chunk-MUNO67TT.cjs');
+require('./chunk-2CB4KY7I.cjs');
+require('./chunk-JEQ7FLOD.cjs');
+require('./chunk-R4ILO3W6.cjs');
+require('./chunk-IHTXB7AT.cjs');
+require('./chunk-K623Q6WD.cjs');
+require('./chunk-J6JTWD2A.cjs');
 require('./chunk-RCQ2HIQD.cjs');
+require('./chunk-P3XDZL6Q.cjs');
+require('./chunk-MNWKYY5E.cjs');
 require('./chunk-IGJUBJBW.cjs');
 
 
 
 Object.defineProperty(exports, "AuthManager", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.AuthManager; }
+  get: function () { return chunkMUNO67TT_cjs.AuthManager; }
 });
 Object.defineProperty(exports, "PermissionManager", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.PermissionManager; }
+  get: function () { return chunkMUNO67TT_cjs.PermissionManager; }
 });
 Object.defineProperty(exports, "bootstrapMiddleware", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.bootstrapMiddleware; }
+  get: function () { return chunkMUNO67TT_cjs.bootstrapMiddleware; }
 });
 Object.defineProperty(exports, "cacheHeaders", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.cacheHeaders; }
+  get: function () { return chunkMUNO67TT_cjs.cacheHeaders; }
 });
 Object.defineProperty(exports, "compressionMiddleware", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.compressionMiddleware; }
+  get: function () { return chunkMUNO67TT_cjs.compressionMiddleware; }
 });
 Object.defineProperty(exports, "csrfProtection", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.csrfProtection; }
+  get: function () { return chunkMUNO67TT_cjs.csrfProtection; }
 });
 Object.defineProperty(exports, "detailedLoggingMiddleware", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.detailedLoggingMiddleware; }
+  get: function () { return chunkMUNO67TT_cjs.detailedLoggingMiddleware; }
 });
 Object.defineProperty(exports, "generateCsrfToken", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.generateCsrfToken; }
+  get: function () { return chunkMUNO67TT_cjs.generateCsrfToken; }
 });
 Object.defineProperty(exports, "getActivePlugins", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.getActivePlugins; }
+  get: function () { return chunkMUNO67TT_cjs.getActivePlugins; }
 });
 Object.defineProperty(exports, "getJwtExpirySeconds", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.getJwtExpirySeconds; }
+  get: function () { return chunkMUNO67TT_cjs.getJwtExpirySeconds; }
 });
 Object.defineProperty(exports, "getJwtExpirySecondsFromDb", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.getJwtExpirySecondsFromDb; }
+  get: function () { return chunkMUNO67TT_cjs.getJwtExpirySecondsFromDb; }
 });
 Object.defineProperty(exports, "getJwtRefreshGraceSecondsFromDb", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.getJwtRefreshGraceSecondsFromDb; }
+  get: function () { return chunkMUNO67TT_cjs.getJwtRefreshGraceSecondsFromDb; }
 });
 Object.defineProperty(exports, "isPluginActive", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.isPluginActive; }
+  get: function () { return chunkMUNO67TT_cjs.isPluginActive; }
 });
 Object.defineProperty(exports, "logActivity", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.logActivity; }
+  get: function () { return chunkMUNO67TT_cjs.logActivity; }
 });
 Object.defineProperty(exports, "loggingMiddleware", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.loggingMiddleware; }
+  get: function () { return chunkMUNO67TT_cjs.loggingMiddleware; }
 });
 Object.defineProperty(exports, "metricsMiddleware", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.metricsMiddleware; }
+  get: function () { return chunkMUNO67TT_cjs.metricsMiddleware; }
 });
 Object.defineProperty(exports, "optionalAuth", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.optionalAuth; }
+  get: function () { return chunkMUNO67TT_cjs.optionalAuth; }
 });
 Object.defineProperty(exports, "performanceLoggingMiddleware", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.performanceLoggingMiddleware; }
+  get: function () { return chunkMUNO67TT_cjs.performanceLoggingMiddleware; }
 });
 Object.defineProperty(exports, "rateLimit", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.rateLimit; }
+  get: function () { return chunkMUNO67TT_cjs.rateLimit; }
 });
 Object.defineProperty(exports, "requireActivePlugin", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.requireActivePlugin; }
+  get: function () { return chunkMUNO67TT_cjs.requireActivePlugin; }
 });
 Object.defineProperty(exports, "requireActivePlugins", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.requireActivePlugins; }
+  get: function () { return chunkMUNO67TT_cjs.requireActivePlugins; }
 });
 Object.defineProperty(exports, "requireAnyPermission", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.requireAnyPermission; }
+  get: function () { return chunkMUNO67TT_cjs.requireAnyPermission; }
 });
 Object.defineProperty(exports, "requireAuth", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.requireAuth; }
+  get: function () { return chunkMUNO67TT_cjs.requireAuth; }
 });
 Object.defineProperty(exports, "requirePermission", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.requirePermission; }
+  get: function () { return chunkMUNO67TT_cjs.requirePermission; }
 });
 Object.defineProperty(exports, "requireRole", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.requireRole; }
+  get: function () { return chunkMUNO67TT_cjs.requireRole; }
 });
 Object.defineProperty(exports, "securityHeaders", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.securityHeadersMiddleware; }
+  get: function () { return chunkMUNO67TT_cjs.securityHeadersMiddleware; }
 });
 Object.defineProperty(exports, "securityLoggingMiddleware", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.securityLoggingMiddleware; }
+  get: function () { return chunkMUNO67TT_cjs.securityLoggingMiddleware; }
 });
 Object.defineProperty(exports, "validateCsrfToken", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.validateCsrfToken; }
+  get: function () { return chunkMUNO67TT_cjs.validateCsrfToken; }
 });
 Object.defineProperty(exports, "verifySecurityConfig", {
   enumerable: true,
-  get: function () { return chunkDSUJ5YQH_cjs.verifySecurityConfig; }
+  get: function () { return chunkMUNO67TT_cjs.verifySecurityConfig; }
 });
 //# sourceMappingURL=middleware.cjs.map
 //# sourceMappingURL=middleware.cjs.map

package/dist/middleware.d.cts

@@ -1,7 +1,15 @@
 import * as hono from 'hono';
 import { Context, Next, MiddlewareHandler } from 'hono';
-import { S as SonicJSConfig } from './app-C9esKLmh.cjs';
-import '@cloudflare/workers-types';
+import { S as SonicJSConfig } from './app-Do66yCcV.cjs';
+import { D1Database as D1Database$1 } from '@cloudflare/workers-types';
+import 'better-auth/client';
+import 'better-auth/plugins/email-otp';
+import 'better-auth';
+import 'better-auth/plugins/magic-link';
+import 'better-call';
+import 'zod/v4/core';
+import 'zod';
+import './types-Dea1eNxU.cjs';
 
 type Bindings = {
     DB: D1Database;
@@ -22,6 +30,9 @@ declare function verifySecurityConfig(env: Bindings): void;
  */
 declare function bootstrapMiddleware(config?: SonicJSConfig): (c: Context<{
     Bindings: Bindings;
+    Variables: {
+        hookSystem?: unknown;
+    };
 }>, next: Next) => Promise<void>;
 
 type JWTPayload = {
@@ -62,12 +73,31 @@ declare class AuthManager {
     /**
      * Verify a token's signature and expiration.
      *
+     * IMPORTANT: pass the `JWT_SECRET` binding (e.g. `c.env.JWT_SECRET`) as the
+     * `secret` argument. If omitted, this falls back to a development-only
+     * placeholder secret — tokens signed with the real `JWT_SECRET` will then
+     * silently fail verification. From inside a Hono handler prefer
+     * `AuthManager.verifyAuthRequest(c)`, which handles header/cookie extraction
+     * and pulls the secret from `c.env` for you.
+     *
      * If `graceSeconds` > 0, tokens whose `exp` is within the grace window
      * (i.e. expired by no more than `graceSeconds`) are still returned. This
      * supports a sliding-session refresh endpoint that accepts recently-expired
      * tokens. Signature failures always return null.
      */
     static verifyToken(token: string, secret?: string, graceSeconds?: number): Promise<JWTPayload | null>;
+    /**
+     * Verify the JWT on an incoming Hono request using the `JWT_SECRET`
+     * binding from `c.env`. Reads the token from the `Authorization: Bearer …`
+     * header first, then falls back to the `auth_token` cookie. Returns the
+     * decoded payload, or null when the token is missing, malformed, expired,
+     * or signed with a different secret.
+     *
+     * Use this from custom Hono routes mounted alongside SonicJS — it
+     * resolves the secret the same way `requireAuth()` does, without forcing
+     * the caller to plumb it through manually.
+     */
+    static verifyAuthRequest(c: Context): Promise<JWTPayload | null>;
     static hashPassword(password: string): Promise<string>;
     static hashPasswordLegacy(password: string): Promise<string>;
     static verifyPassword(password: string, storedHash: string): Promise<boolean>;
@@ -93,7 +123,7 @@ declare const requireRole: (requiredRole: string | string[]) => (c: Context, nex
 }, 401, "json">) | (Response & hono.TypedResponse<{
     error: string;
 }, 403, "json">)>;
-declare const optionalAuth: () => (c: Context, next: Next) => Promise<void>;
+declare const optionalAuth: () => (_c: Context, next: Next) => Promise<void>;
 
 /**
  * Middleware to track all HTTP requests for real-time analytics
@@ -170,6 +200,42 @@ declare function rateLimit(options: RateLimitOptions): (c: Context, next: Next)
  */
 declare const securityHeadersMiddleware: () => (c: Context, next: Next) => Promise<void>;
 
+/**
+ * Plugin Middleware
+ *
+ * Provides middleware functions for checking plugin status and enforcing plugin requirements
+ */
+
+/**
+ * Check if a plugin is active
+ * @param db - The D1 database instance
+ * @param pluginId - The plugin ID to check
+ * @returns Promise<boolean> - True if the plugin is active, false otherwise
+ */
+declare function isPluginActive(db: D1Database$1, pluginId: string): Promise<boolean>;
+/**
+ * Middleware to require a plugin to be active
+ * Throws an error if the plugin is not active
+ * @param db - The D1 database instance
+ * @param pluginId - The plugin ID to check
+ * @throws Error if plugin is not active
+ */
+declare function requireActivePlugin(db: D1Database$1, pluginId: string): Promise<void>;
+/**
+ * Middleware to require multiple plugins to be active
+ * Throws an error if any plugin is not active
+ * @param db - The D1 database instance
+ * @param pluginIds - Array of plugin IDs to check
+ * @throws Error if any plugin is not active
+ */
+declare function requireActivePlugins(db: D1Database$1, pluginIds: string[]): Promise<void>;
+/**
+ * Get all active plugins
+ * @param db - The D1 database instance
+ * @returns Promise<any[]> - Array of active plugin records
+ */
+declare function getActivePlugins(db: D1Database$1): Promise<any[]>;
+
 /**
  * Middleware Module Exports
  *
@@ -195,9 +261,5 @@ declare const PermissionManager: any;
 declare const requirePermission: any;
 declare const requireAnyPermission: any;
 declare const logActivity: any;
-declare const requireActivePlugin: any;
-declare const requireActivePlugins: any;
-declare const getActivePlugins: any;
-declare const isPluginActive: any;
 
 export { AuthManager, type Permission, PermissionManager, type UserPermissions, bootstrapMiddleware, cacheHeaders, compressionMiddleware, csrfProtection, detailedLoggingMiddleware, generateCsrfToken, getActivePlugins, getJwtExpirySeconds, getJwtExpirySecondsFromDb, getJwtRefreshGraceSecondsFromDb, isPluginActive, logActivity, loggingMiddleware, metricsMiddleware, optionalAuth, performanceLoggingMiddleware, rateLimit, requireActivePlugin, requireActivePlugins, requireAnyPermission, requireAuth, requirePermission, requireRole, securityHeadersMiddleware as securityHeaders, securityLoggingMiddleware, validateCsrfToken, verifySecurityConfig };

package/dist/middleware.d.ts

@@ -1,7 +1,15 @@
 import * as hono from 'hono';
 import { Context, Next, MiddlewareHandler } from 'hono';
-import { S as SonicJSConfig } from './app-C9esKLmh.js';
-import '@cloudflare/workers-types';
+import { S as SonicJSConfig } from './app-Bo0X1OWX.js';
+import { D1Database as D1Database$1 } from '@cloudflare/workers-types';
+import 'better-auth/client';
+import 'better-auth/plugins/email-otp';
+import 'better-auth';
+import 'better-auth/plugins/magic-link';
+import 'better-call';
+import 'zod/v4/core';
+import 'zod';
+import './types-Dea1eNxU.js';
 
 type Bindings = {
     DB: D1Database;
@@ -22,6 +30,9 @@ declare function verifySecurityConfig(env: Bindings): void;
  */
 declare function bootstrapMiddleware(config?: SonicJSConfig): (c: Context<{
     Bindings: Bindings;
+    Variables: {
+        hookSystem?: unknown;
+    };
 }>, next: Next) => Promise<void>;
 
 type JWTPayload = {
@@ -62,12 +73,31 @@ declare class AuthManager {
     /**
      * Verify a token's signature and expiration.
      *
+     * IMPORTANT: pass the `JWT_SECRET` binding (e.g. `c.env.JWT_SECRET`) as the
+     * `secret` argument. If omitted, this falls back to a development-only
+     * placeholder secret — tokens signed with the real `JWT_SECRET` will then
+     * silently fail verification. From inside a Hono handler prefer
+     * `AuthManager.verifyAuthRequest(c)`, which handles header/cookie extraction
+     * and pulls the secret from `c.env` for you.
+     *
      * If `graceSeconds` > 0, tokens whose `exp` is within the grace window
      * (i.e. expired by no more than `graceSeconds`) are still returned. This
      * supports a sliding-session refresh endpoint that accepts recently-expired
      * tokens. Signature failures always return null.
      */
     static verifyToken(token: string, secret?: string, graceSeconds?: number): Promise<JWTPayload | null>;
+    /**
+     * Verify the JWT on an incoming Hono request using the `JWT_SECRET`
+     * binding from `c.env`. Reads the token from the `Authorization: Bearer …`
+     * header first, then falls back to the `auth_token` cookie. Returns the
+     * decoded payload, or null when the token is missing, malformed, expired,
+     * or signed with a different secret.
+     *
+     * Use this from custom Hono routes mounted alongside SonicJS — it
+     * resolves the secret the same way `requireAuth()` does, without forcing
+     * the caller to plumb it through manually.
+     */
+    static verifyAuthRequest(c: Context): Promise<JWTPayload | null>;
     static hashPassword(password: string): Promise<string>;
     static hashPasswordLegacy(password: string): Promise<string>;
     static verifyPassword(password: string, storedHash: string): Promise<boolean>;
@@ -93,7 +123,7 @@ declare const requireRole: (requiredRole: string | string[]) => (c: Context, nex
 }, 401, "json">) | (Response & hono.TypedResponse<{
     error: string;
 }, 403, "json">)>;
-declare const optionalAuth: () => (c: Context, next: Next) => Promise<void>;
+declare const optionalAuth: () => (_c: Context, next: Next) => Promise<void>;
 
 /**
  * Middleware to track all HTTP requests for real-time analytics
@@ -170,6 +200,42 @@ declare function rateLimit(options: RateLimitOptions): (c: Context, next: Next)
  */
 declare const securityHeadersMiddleware: () => (c: Context, next: Next) => Promise<void>;
 
+/**
+ * Plugin Middleware
+ *
+ * Provides middleware functions for checking plugin status and enforcing plugin requirements
+ */
+
+/**
+ * Check if a plugin is active
+ * @param db - The D1 database instance
+ * @param pluginId - The plugin ID to check
+ * @returns Promise<boolean> - True if the plugin is active, false otherwise
+ */
+declare function isPluginActive(db: D1Database$1, pluginId: string): Promise<boolean>;
+/**
+ * Middleware to require a plugin to be active
+ * Throws an error if the plugin is not active
+ * @param db - The D1 database instance
+ * @param pluginId - The plugin ID to check
+ * @throws Error if plugin is not active
+ */
+declare function requireActivePlugin(db: D1Database$1, pluginId: string): Promise<void>;
+/**
+ * Middleware to require multiple plugins to be active
+ * Throws an error if any plugin is not active
+ * @param db - The D1 database instance
+ * @param pluginIds - Array of plugin IDs to check
+ * @throws Error if any plugin is not active
+ */
+declare function requireActivePlugins(db: D1Database$1, pluginIds: string[]): Promise<void>;
+/**
+ * Get all active plugins
+ * @param db - The D1 database instance
+ * @returns Promise<any[]> - Array of active plugin records
+ */
+declare function getActivePlugins(db: D1Database$1): Promise<any[]>;
+
 /**
  * Middleware Module Exports
  *
@@ -195,9 +261,5 @@ declare const PermissionManager: any;
 declare const requirePermission: any;
 declare const requireAnyPermission: any;
 declare const logActivity: any;
-declare const requireActivePlugin: any;
-declare const requireActivePlugins: any;
-declare const getActivePlugins: any;
-declare const isPluginActive: any;
 
 export { AuthManager, type Permission, PermissionManager, type UserPermissions, bootstrapMiddleware, cacheHeaders, compressionMiddleware, csrfProtection, detailedLoggingMiddleware, generateCsrfToken, getActivePlugins, getJwtExpirySeconds, getJwtExpirySecondsFromDb, getJwtRefreshGraceSecondsFromDb, isPluginActive, logActivity, loggingMiddleware, metricsMiddleware, optionalAuth, performanceLoggingMiddleware, rateLimit, requireActivePlugin, requireActivePlugins, requireAnyPermission, requireAuth, requirePermission, requireRole, securityHeadersMiddleware as securityHeaders, securityLoggingMiddleware, validateCsrfToken, verifySecurityConfig };

package/dist/middleware.js

@@ -1,7 +1,13 @@
-export { AuthManager, PermissionManager, bootstrapMiddleware, cacheHeaders, compressionMiddleware, csrfProtection, detailedLoggingMiddleware, generateCsrfToken, getActivePlugins, getJwtExpirySeconds, getJwtExpirySecondsFromDb, getJwtRefreshGraceSecondsFromDb, isPluginActive, logActivity, loggingMiddleware, metricsMiddleware, optionalAuth, performanceLoggingMiddleware, rateLimit, requireActivePlugin, requireActivePlugins, requireAnyPermission, requireAuth, requirePermission, requireRole, securityHeadersMiddleware as securityHeaders, securityLoggingMiddleware, validateCsrfToken, verifySecurityConfig } from './chunk-I2H5NGJQ.js';
-import './chunk-EW5NOBVU.js';
-import './chunk-4R3NOOL3.js';
+export { AuthManager, PermissionManager, bootstrapMiddleware, cacheHeaders, compressionMiddleware, csrfProtection, detailedLoggingMiddleware, generateCsrfToken, getActivePlugins, getJwtExpirySeconds, getJwtExpirySecondsFromDb, getJwtRefreshGraceSecondsFromDb, isPluginActive, logActivity, loggingMiddleware, metricsMiddleware, optionalAuth, performanceLoggingMiddleware, rateLimit, requireActivePlugin, requireActivePlugins, requireAnyPermission, requireAuth, requirePermission, requireRole, securityHeadersMiddleware as securityHeaders, securityLoggingMiddleware, validateCsrfToken, verifySecurityConfig } from './chunk-IDCZBF35.js';
+import './chunk-BLMTL57B.js';
+import './chunk-GCDZZNIN.js';
+import './chunk-PYVFXCSD.js';
+import './chunk-ALDRXTUO.js';
+import './chunk-5V62WT6M.js';
+import './chunk-RNZFGN4R.js';
 import './chunk-FICTAGD4.js';
+import './chunk-X7ZAEI5S.js';
+import './chunk-TQABQWOP.js';
 import './chunk-V4OQ3NZ2.js';
 //# sourceMappingURL=middleware.js.map
 //# sourceMappingURL=middleware.js.map

package/dist/migrations-2XHQEGOQ.cjs

@@ -0,0 +1,13 @@
+'use strict';
+
+var chunkIHTXB7AT_cjs = require('./chunk-IHTXB7AT.cjs');
+require('./chunk-IGJUBJBW.cjs');
+
+
+
+Object.defineProperty(exports, "MigrationService", {
+  enumerable: true,
+  get: function () { return chunkIHTXB7AT_cjs.MigrationService; }
+});
+//# sourceMappingURL=migrations-2XHQEGOQ.cjs.map
+//# sourceMappingURL=migrations-2XHQEGOQ.cjs.map

package/dist/{migrations-IYNTWDC6.cjs.map → migrations-2XHQEGOQ.cjs.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"migrations-IYNTWDC6.cjs"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"migrations-2XHQEGOQ.cjs"}

package/dist/migrations-PE3CDVSM.js

@@ -0,0 +1,4 @@
+export { MigrationService } from './chunk-ALDRXTUO.js';
+import './chunk-V4OQ3NZ2.js';
+//# sourceMappingURL=migrations-PE3CDVSM.js.map
+//# sourceMappingURL=migrations-PE3CDVSM.js.map

package/dist/{migrations-R337UD46.js.map → migrations-PE3CDVSM.js.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"migrations-R337UD46.js"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"migrations-PE3CDVSM.js"}