@sonicjs-cms/core 2.2.0 → 2.3.1

package/dist/version-vktVAxhe.d.cts

@@ -0,0 +1,195 @@
+/**
+ * HTML sanitization utilities for preventing XSS attacks
+ */
+/**
+ * Escapes HTML special characters to prevent XSS attacks
+ * @param text - The text to escape
+ * @returns The escaped text safe for HTML output
+ */
+declare function escapeHtml(text: string): string;
+/**
+ * Sanitizes user input by escaping HTML special characters
+ * This should be used for all user-provided text fields to prevent XSS
+ * @param input - The input string to sanitize
+ * @returns The sanitized string
+ */
+declare function sanitizeInput(input: string | null | undefined): string;
+/**
+ * Sanitizes an object's string properties
+ * @param obj - Object with string properties to sanitize
+ * @param fields - Array of field names to sanitize
+ * @returns New object with sanitized fields
+ */
+declare function sanitizeObject<T extends Record<string, any>>(obj: T, fields: (keyof T)[]): T;
+
+interface TemplateData {
+    [key: string]: any;
+}
+declare class TemplateRenderer {
+    private templateCache;
+    constructor();
+    /**
+     * Simple Handlebars-like template engine
+     */
+    private renderTemplate;
+    /**
+     * Get nested value from object using dot notation
+     */
+    private getNestedValue;
+    /**
+     * Title case helper function
+     */
+    private titleCase;
+    /**
+     * Render a template string with data
+     */
+    render(template: string, data?: TemplateData): string;
+    /**
+     * Clear template cache (useful for development)
+     */
+    clearCache(): void;
+}
+declare const templateRenderer: TemplateRenderer;
+declare function renderTemplate(template: string, data?: TemplateData): string;
+
+/**
+ * Query Filter Builder for SonicJS AI
+ * Supports comprehensive filtering with AND/OR logic
+ * Compatible with D1 Database (SQLite)
+ */
+type FilterOperator = 'equals' | 'not_equals' | 'greater_than' | 'greater_than_equal' | 'less_than' | 'less_than_equal' | 'like' | 'contains' | 'in' | 'not_in' | 'all' | 'exists' | 'near' | 'within' | 'intersects';
+interface FilterCondition {
+    field: string;
+    operator: FilterOperator;
+    value: any;
+}
+interface FilterGroup {
+    and?: FilterCondition[];
+    or?: FilterCondition[];
+}
+interface QueryFilter {
+    where?: FilterGroup;
+    limit?: number;
+    offset?: number;
+    sort?: {
+        field: string;
+        order: 'asc' | 'desc';
+    }[];
+}
+interface QueryResult {
+    sql: string;
+    params: any[];
+    errors: string[];
+}
+/**
+ * Query Filter Builder
+ * Converts filter objects into SQL WHERE clauses with parameterized queries
+ */
+declare class QueryFilterBuilder {
+    private params;
+    private errors;
+    /**
+     * Build a complete SQL query from filter object
+     */
+    build(baseTable: string, filter: QueryFilter): QueryResult;
+    /**
+     * Build WHERE clause from filter group
+     */
+    private buildWhereClause;
+    /**
+     * Build a single condition
+     */
+    private buildCondition;
+    /**
+     * Build equals condition
+     */
+    private buildEquals;
+    /**
+     * Build not equals condition
+     */
+    private buildNotEquals;
+    /**
+     * Build comparison condition (>, >=, <, <=)
+     */
+    private buildComparison;
+    /**
+     * Build LIKE condition (case-insensitive, all words must be present)
+     */
+    private buildLike;
+    /**
+     * Build CONTAINS condition (case-insensitive substring)
+     */
+    private buildContains;
+    /**
+     * Build IN condition
+     */
+    private buildIn;
+    /**
+     * Build NOT IN condition
+     */
+    private buildNotIn;
+    /**
+     * Build ALL condition (value must contain all items in list)
+     * For SQLite, we'll check if a JSON array contains all values
+     */
+    private buildAll;
+    /**
+     * Build EXISTS condition
+     */
+    private buildExists;
+    /**
+     * Sanitize field names to prevent SQL injection
+     */
+    private sanitizeFieldName;
+    /**
+     * Parse filter from query string
+     */
+    static parseFromQuery(query: Record<string, any>): QueryFilter;
+}
+/**
+ * Helper function to build query from filter
+ */
+declare function buildQuery(table: string, filter: QueryFilter): QueryResult;
+
+/**
+ * Simple in-memory metrics tracker for real-time analytics
+ * Tracks requests per second using a sliding window
+ */
+declare class MetricsTracker {
+    private requests;
+    private readonly windowSize;
+    /**
+     * Record a new request
+     */
+    recordRequest(): void;
+    /**
+     * Clean up old requests outside the window
+     */
+    private cleanup;
+    /**
+     * Get current requests per second
+     */
+    getRequestsPerSecond(): number;
+    /**
+     * Get total requests in the current window
+     */
+    getTotalRequests(): number;
+    /**
+     * Get average requests per second over the window
+     */
+    getAverageRPS(): number;
+}
+declare const metricsTracker: MetricsTracker;
+
+/**
+ * Version utility
+ *
+ * Provides the current version of @sonicjs-cms/core package
+ */
+declare const SONICJS_VERSION: string;
+/**
+ * Get the current SonicJS core version
+ */
+declare function getCoreVersion(): string;
+
+export { type FilterOperator as F, QueryFilterBuilder as Q, SONICJS_VERSION as S, TemplateRenderer as T, sanitizeObject as a, buildQuery as b, type FilterCondition as c, type FilterGroup as d, escapeHtml as e, type QueryFilter as f, getCoreVersion as g, type QueryResult as h, metricsTracker as m, renderTemplate as r, sanitizeInput as s, templateRenderer as t };

package/dist/version-vktVAxhe.d.ts

@@ -0,0 +1,195 @@
+/**
+ * HTML sanitization utilities for preventing XSS attacks
+ */
+/**
+ * Escapes HTML special characters to prevent XSS attacks
+ * @param text - The text to escape
+ * @returns The escaped text safe for HTML output
+ */
+declare function escapeHtml(text: string): string;
+/**
+ * Sanitizes user input by escaping HTML special characters
+ * This should be used for all user-provided text fields to prevent XSS
+ * @param input - The input string to sanitize
+ * @returns The sanitized string
+ */
+declare function sanitizeInput(input: string | null | undefined): string;
+/**
+ * Sanitizes an object's string properties
+ * @param obj - Object with string properties to sanitize
+ * @param fields - Array of field names to sanitize
+ * @returns New object with sanitized fields
+ */
+declare function sanitizeObject<T extends Record<string, any>>(obj: T, fields: (keyof T)[]): T;
+
+interface TemplateData {
+    [key: string]: any;
+}
+declare class TemplateRenderer {
+    private templateCache;
+    constructor();
+    /**
+     * Simple Handlebars-like template engine
+     */
+    private renderTemplate;
+    /**
+     * Get nested value from object using dot notation
+     */
+    private getNestedValue;
+    /**
+     * Title case helper function
+     */
+    private titleCase;
+    /**
+     * Render a template string with data
+     */
+    render(template: string, data?: TemplateData): string;
+    /**
+     * Clear template cache (useful for development)
+     */
+    clearCache(): void;
+}
+declare const templateRenderer: TemplateRenderer;
+declare function renderTemplate(template: string, data?: TemplateData): string;
+
+/**
+ * Query Filter Builder for SonicJS AI
+ * Supports comprehensive filtering with AND/OR logic
+ * Compatible with D1 Database (SQLite)
+ */
+type FilterOperator = 'equals' | 'not_equals' | 'greater_than' | 'greater_than_equal' | 'less_than' | 'less_than_equal' | 'like' | 'contains' | 'in' | 'not_in' | 'all' | 'exists' | 'near' | 'within' | 'intersects';
+interface FilterCondition {
+    field: string;
+    operator: FilterOperator;
+    value: any;
+}
+interface FilterGroup {
+    and?: FilterCondition[];
+    or?: FilterCondition[];
+}
+interface QueryFilter {
+    where?: FilterGroup;
+    limit?: number;
+    offset?: number;
+    sort?: {
+        field: string;
+        order: 'asc' | 'desc';
+    }[];
+}
+interface QueryResult {
+    sql: string;
+    params: any[];
+    errors: string[];
+}
+/**
+ * Query Filter Builder
+ * Converts filter objects into SQL WHERE clauses with parameterized queries
+ */
+declare class QueryFilterBuilder {
+    private params;
+    private errors;
+    /**
+     * Build a complete SQL query from filter object
+     */
+    build(baseTable: string, filter: QueryFilter): QueryResult;
+    /**
+     * Build WHERE clause from filter group
+     */
+    private buildWhereClause;
+    /**
+     * Build a single condition
+     */
+    private buildCondition;
+    /**
+     * Build equals condition
+     */
+    private buildEquals;
+    /**
+     * Build not equals condition
+     */
+    private buildNotEquals;
+    /**
+     * Build comparison condition (>, >=, <, <=)
+     */
+    private buildComparison;
+    /**
+     * Build LIKE condition (case-insensitive, all words must be present)
+     */
+    private buildLike;
+    /**
+     * Build CONTAINS condition (case-insensitive substring)
+     */
+    private buildContains;
+    /**
+     * Build IN condition
+     */
+    private buildIn;
+    /**
+     * Build NOT IN condition
+     */
+    private buildNotIn;
+    /**
+     * Build ALL condition (value must contain all items in list)
+     * For SQLite, we'll check if a JSON array contains all values
+     */
+    private buildAll;
+    /**
+     * Build EXISTS condition
+     */
+    private buildExists;
+    /**
+     * Sanitize field names to prevent SQL injection
+     */
+    private sanitizeFieldName;
+    /**
+     * Parse filter from query string
+     */
+    static parseFromQuery(query: Record<string, any>): QueryFilter;
+}
+/**
+ * Helper function to build query from filter
+ */
+declare function buildQuery(table: string, filter: QueryFilter): QueryResult;
+
+/**
+ * Simple in-memory metrics tracker for real-time analytics
+ * Tracks requests per second using a sliding window
+ */
+declare class MetricsTracker {
+    private requests;
+    private readonly windowSize;
+    /**
+     * Record a new request
+     */
+    recordRequest(): void;
+    /**
+     * Clean up old requests outside the window
+     */
+    private cleanup;
+    /**
+     * Get current requests per second
+     */
+    getRequestsPerSecond(): number;
+    /**
+     * Get total requests in the current window
+     */
+    getTotalRequests(): number;
+    /**
+     * Get average requests per second over the window
+     */
+    getAverageRPS(): number;
+}
+declare const metricsTracker: MetricsTracker;
+
+/**
+ * Version utility
+ *
+ * Provides the current version of @sonicjs-cms/core package
+ */
+declare const SONICJS_VERSION: string;
+/**
+ * Get the current SonicJS core version
+ */
+declare function getCoreVersion(): string;
+
+export { type FilterOperator as F, QueryFilterBuilder as Q, SONICJS_VERSION as S, TemplateRenderer as T, sanitizeObject as a, buildQuery as b, type FilterCondition as c, type FilterGroup as d, escapeHtml as e, type QueryFilter as f, getCoreVersion as g, type QueryResult as h, metricsTracker as m, renderTemplate as r, sanitizeInput as s, templateRenderer as t };

package/migrations/001_initial_schema.sql

@@ -139,7 +139,7 @@ INSERT OR IGNORE INTO users (
   'admin',
   'Admin',
   'User',
-  'd1c379e871838f44e21d5a55841349e50636f06df139bfef11870eec74c381db', -- SHA-256 hash of 'sonicjs!'
+  '9c9ec10df964f588e51acc794a63f18d5582e9b91c8366ba292ebde84d3834fd', -- SHA-256 hash of 'sonicjs!' with salt
   'admin',
   1,
   strftime('%s', 'now') * 1000,

package/migrations/002_faq_plugin.sql

@@ -0,0 +1,86 @@
+-- FAQ Plugin Migration (DEPRECATED - Now managed by third-party plugin)
+-- Creates FAQ table for the FAQ plugin
+-- NOTE: This migration is kept for historical purposes. 
+-- The FAQ functionality is now provided by the faq-plugin third-party plugin.
+
+CREATE TABLE IF NOT EXISTS faqs (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  question TEXT NOT NULL,
+  answer TEXT NOT NULL,
+  category TEXT,
+  tags TEXT,
+  isPublished INTEGER NOT NULL DEFAULT 1,
+  sortOrder INTEGER NOT NULL DEFAULT 0,
+  created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),
+  updated_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now'))
+);
+
+-- Create indexes for better performance
+CREATE INDEX IF NOT EXISTS idx_faqs_category ON faqs(category);
+CREATE INDEX IF NOT EXISTS idx_faqs_published ON faqs(isPublished);
+CREATE INDEX IF NOT EXISTS idx_faqs_sort_order ON faqs(sortOrder);
+
+-- Create trigger to update updated_at timestamp
+CREATE TRIGGER IF NOT EXISTS faqs_updated_at
+  AFTER UPDATE ON faqs
+BEGIN
+  UPDATE faqs SET updated_at = strftime('%s', 'now') WHERE id = NEW.id;
+END;
+
+-- Insert sample FAQ data
+INSERT OR IGNORE INTO faqs (question, answer, category, tags, isPublished, sortOrder) VALUES 
+('What is SonicJS AI?', 
+'SonicJS AI is a modern, TypeScript-first headless CMS built for Cloudflare''s edge platform. It provides a complete content management system with admin interface, API endpoints, and plugin architecture.',
+'general',
+'sonicjs, cms, cloudflare',
+1,
+1),
+
+('How do I get started with SonicJS AI?',
+'To get started: 1) Clone the repository, 2) Install dependencies with npm install, 3) Set up your Cloudflare account and services, 4) Run the development server with npm run dev, 5) Access the admin interface at /admin.',
+'general',
+'getting-started, setup',
+1,
+2),
+
+('What technologies does SonicJS AI use?',
+'SonicJS AI is built with: TypeScript for type safety, Hono.js as the web framework, Cloudflare D1 for the database, Cloudflare R2 for media storage, Cloudflare Workers for serverless execution, and Tailwind CSS for styling.',
+'technical',
+'technology-stack, typescript, cloudflare',
+1,
+3),
+
+('How do I create content in SonicJS AI?',
+'Content creation is done through the admin interface. Navigate to /admin, log in with your credentials, go to Content section, select a collection, and click "New Content" to create articles, pages, or other content types.',
+'general',
+'content-creation, admin',
+1,
+4),
+
+('Is SonicJS AI free to use?',
+'SonicJS AI is open source and free to use. You only pay for the Cloudflare services you consume (D1 database, R2 storage, Workers execution time). Cloudflare offers generous free tiers for development and small projects.',
+'billing',
+'pricing, open-source, cloudflare',
+1,
+5),
+
+('How do I add custom functionality?',
+'SonicJS AI features a plugin system that allows you to extend functionality. You can create plugins using the PluginBuilder API, add custom routes, models, admin pages, and integrate with external services.',
+'technical',
+'plugins, customization, development',
+1,
+6),
+
+('Can I customize the admin interface?',
+'Yes! The admin interface is built with TypeScript templates and can be customized. You can modify existing templates, create new components, add custom pages, and integrate your own styling while maintaining the dark theme.',
+'technical',
+'admin-interface, customization, templates',
+1,
+7),
+
+('How does authentication work?',
+'SonicJS AI includes a built-in authentication system with JWT tokens, role-based access control (admin, editor, viewer), secure password hashing, and session management. Users can be managed through the admin interface.',
+'technical',
+'authentication, security, users',
+1,
+8);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sonicjs-cms/core",
-  "version": "2.2.0",
+  "version": "2.3.1",
   "description": "Core framework for SonicJS headless CMS - Edge-first, TypeScript-native CMS built for Cloudflare Workers",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -56,6 +56,8 @@
     "LICENSE"
   ],
   "scripts": {
+    "generate:migrations": "npx tsx scripts/generate-migrations.ts",
+    "prebuild": "npm run generate:migrations",
     "build": "tsup",
     "dev": "tsup --watch",
     "type-check": "tsc --noEmit",