@sonicjs-cms/core 2.8.0 → 2.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-JDFPB6UW.js → chunk-7Q2XPM2U.js} +2 -2
- package/dist/{chunk-JDFPB6UW.js.map → chunk-7Q2XPM2U.js.map} +1 -1
- package/dist/{chunk-BAWMAS5S.js → chunk-FZRZYQYU.js} +82 -30
- package/dist/chunk-FZRZYQYU.js.map +1 -0
- package/dist/{chunk-GPTMGUFN.cjs → chunk-GIWIJNBH.cjs} +4 -4
- package/dist/{chunk-GPTMGUFN.cjs.map → chunk-GIWIJNBH.cjs.map} +1 -1
- package/dist/{chunk-YE2MU7CN.cjs → chunk-JVRRG36J.cjs} +178 -126
- package/dist/chunk-JVRRG36J.cjs.map +1 -0
- package/dist/{chunk-34QIAULP.js → chunk-KAT3OKHE.js} +3 -3
- package/dist/{chunk-34QIAULP.js.map → chunk-KAT3OKHE.js.map} +1 -1
- package/dist/{chunk-3E76TKR5.js → chunk-QWTS6NSP.js} +3 -3
- package/dist/{chunk-3E76TKR5.js.map → chunk-QWTS6NSP.js.map} +1 -1
- package/dist/{chunk-5CENPGR2.cjs → chunk-SKLRRFJJ.cjs} +2 -2
- package/dist/{chunk-5CENPGR2.cjs.map → chunk-SKLRRFJJ.cjs.map} +1 -1
- package/dist/{chunk-5HMR2SJW.cjs → chunk-WDQZYCQO.cjs} +3 -3
- package/dist/{chunk-5HMR2SJW.cjs.map → chunk-WDQZYCQO.cjs.map} +1 -1
- package/dist/index.cjs +84 -84
- package/dist/index.js +7 -7
- package/dist/middleware.cjs +23 -23
- package/dist/middleware.js +2 -2
- package/dist/migrations-2NTJ44OR.js +4 -0
- package/dist/{migrations-YB77VTVF.js.map → migrations-2NTJ44OR.js.map} +1 -1
- package/dist/migrations-76NR5BVF.cjs +13 -0
- package/dist/{migrations-7JGSFOCM.cjs.map → migrations-76NR5BVF.cjs.map} +1 -1
- package/dist/routes.cjs +27 -27
- package/dist/routes.js +4 -4
- package/dist/services.cjs +2 -2
- package/dist/services.js +1 -1
- package/dist/utils.cjs +14 -14
- package/dist/utils.js +1 -1
- package/package.json +1 -1
- package/dist/chunk-BAWMAS5S.js.map +0 -1
- package/dist/chunk-YE2MU7CN.cjs.map +0 -1
- package/dist/migrations-7JGSFOCM.cjs +0 -13
- package/dist/migrations-YB77VTVF.js +0 -4
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
var chunkVNLR35GO_cjs = require('./chunk-VNLR35GO.cjs');
|
|
4
|
-
var
|
|
4
|
+
var chunkGIWIJNBH_cjs = require('./chunk-GIWIJNBH.cjs');
|
|
5
5
|
var chunkMPT5PA6U_cjs = require('./chunk-MPT5PA6U.cjs');
|
|
6
|
-
var
|
|
6
|
+
var chunkSKLRRFJJ_cjs = require('./chunk-SKLRRFJJ.cjs');
|
|
7
7
|
var chunkSHCYIZAN_cjs = require('./chunk-SHCYIZAN.cjs');
|
|
8
8
|
var chunk6FHNRRJ3_cjs = require('./chunk-6FHNRRJ3.cjs');
|
|
9
|
-
var
|
|
9
|
+
var chunkWDQZYCQO_cjs = require('./chunk-WDQZYCQO.cjs');
|
|
10
10
|
var chunkRCQ2HIQD_cjs = require('./chunk-RCQ2HIQD.cjs');
|
|
11
11
|
var hono = require('hono');
|
|
12
12
|
var cors = require('hono/cors');
|
|
@@ -16,6 +16,50 @@ var html = require('hono/html');
|
|
|
16
16
|
|
|
17
17
|
// src/schemas/index.ts
|
|
18
18
|
var schemaDefinitions = [];
|
|
19
|
+
|
|
20
|
+
// src/routes/api-content-access-policy.ts
|
|
21
|
+
function canReadNonPublicContent(userRole) {
|
|
22
|
+
return userRole === "admin" || userRole === "editor";
|
|
23
|
+
}
|
|
24
|
+
function isStatusCondition(condition) {
|
|
25
|
+
return condition.field === "status";
|
|
26
|
+
}
|
|
27
|
+
function stripStatusConditions(group) {
|
|
28
|
+
if (!group) {
|
|
29
|
+
return void 0;
|
|
30
|
+
}
|
|
31
|
+
const and = group.and?.filter((condition) => !isStatusCondition(condition));
|
|
32
|
+
const or = group.or?.filter((condition) => !isStatusCondition(condition));
|
|
33
|
+
const normalizedGroup = {};
|
|
34
|
+
if (and && and.length > 0) {
|
|
35
|
+
normalizedGroup.and = and;
|
|
36
|
+
}
|
|
37
|
+
if (or && or.length > 0) {
|
|
38
|
+
normalizedGroup.or = or;
|
|
39
|
+
}
|
|
40
|
+
return normalizedGroup;
|
|
41
|
+
}
|
|
42
|
+
function normalizePublicContentFilter(filter, userRole) {
|
|
43
|
+
if (canReadNonPublicContent(userRole)) {
|
|
44
|
+
return filter;
|
|
45
|
+
}
|
|
46
|
+
const normalizedFilter = {
|
|
47
|
+
...filter,
|
|
48
|
+
where: stripStatusConditions(filter.where)
|
|
49
|
+
};
|
|
50
|
+
if (!normalizedFilter.where) {
|
|
51
|
+
normalizedFilter.where = { and: [] };
|
|
52
|
+
}
|
|
53
|
+
if (!normalizedFilter.where.and) {
|
|
54
|
+
normalizedFilter.where.and = [];
|
|
55
|
+
}
|
|
56
|
+
normalizedFilter.where.and.push({
|
|
57
|
+
field: "status",
|
|
58
|
+
operator: "equals",
|
|
59
|
+
value: "published"
|
|
60
|
+
});
|
|
61
|
+
return normalizedFilter;
|
|
62
|
+
}
|
|
19
63
|
var apiContentCrudRoutes = new hono.Hono();
|
|
20
64
|
apiContentCrudRoutes.get("/check-slug", async (c) => {
|
|
21
65
|
try {
|
|
@@ -76,7 +120,7 @@ apiContentCrudRoutes.get("/:id", async (c) => {
|
|
|
76
120
|
}, 500);
|
|
77
121
|
}
|
|
78
122
|
});
|
|
79
|
-
apiContentCrudRoutes.post("/",
|
|
123
|
+
apiContentCrudRoutes.post("/", chunkGIWIJNBH_cjs.requireAuth(), async (c) => {
|
|
80
124
|
try {
|
|
81
125
|
const db = c.env.DB;
|
|
82
126
|
const user = c.get("user");
|
|
@@ -142,7 +186,7 @@ apiContentCrudRoutes.post("/", chunkGPTMGUFN_cjs.requireAuth(), async (c) => {
|
|
|
142
186
|
}, 500);
|
|
143
187
|
}
|
|
144
188
|
});
|
|
145
|
-
apiContentCrudRoutes.put("/:id",
|
|
189
|
+
apiContentCrudRoutes.put("/:id", chunkGIWIJNBH_cjs.requireAuth(), async (c) => {
|
|
146
190
|
try {
|
|
147
191
|
const id = c.req.param("id");
|
|
148
192
|
const db = c.env.DB;
|
|
@@ -206,7 +250,7 @@ apiContentCrudRoutes.put("/:id", chunkGPTMGUFN_cjs.requireAuth(), async (c) => {
|
|
|
206
250
|
}, 500);
|
|
207
251
|
}
|
|
208
252
|
});
|
|
209
|
-
apiContentCrudRoutes.delete("/:id",
|
|
253
|
+
apiContentCrudRoutes.delete("/:id", chunkGIWIJNBH_cjs.requireAuth(), async (c) => {
|
|
210
254
|
try {
|
|
211
255
|
const id = c.req.param("id");
|
|
212
256
|
const db = c.env.DB;
|
|
@@ -242,7 +286,7 @@ apiRoutes.use("*", async (c, next) => {
|
|
|
242
286
|
c.header("X-Response-Time", `${totalTime}ms`);
|
|
243
287
|
});
|
|
244
288
|
apiRoutes.use("*", async (c, next) => {
|
|
245
|
-
const cacheEnabled = await
|
|
289
|
+
const cacheEnabled = await chunkGIWIJNBH_cjs.isPluginActive(c.env.DB, "core-cache");
|
|
246
290
|
c.set("cacheEnabled", cacheEnabled);
|
|
247
291
|
await next();
|
|
248
292
|
});
|
|
@@ -371,7 +415,7 @@ apiRoutes.get("/", (c) => {
|
|
|
371
415
|
"/api/collections/{collection}/content": {
|
|
372
416
|
get: {
|
|
373
417
|
summary: "Get Collection Content",
|
|
374
|
-
description: "Returns content items from a specific collection with filtering support",
|
|
418
|
+
description: "Returns content items from a specific collection with filtering support. Anonymous, viewer, and author requests are restricted to published content; admin and editor requests may query other statuses.",
|
|
375
419
|
operationId: "getCollectionContent",
|
|
376
420
|
tags: ["Content"],
|
|
377
421
|
parameters: [
|
|
@@ -398,7 +442,7 @@ apiRoutes.get("/", (c) => {
|
|
|
398
442
|
name: "status",
|
|
399
443
|
in: "query",
|
|
400
444
|
schema: { type: "string", enum: ["draft", "published", "archived"] },
|
|
401
|
-
description: "Filter by content status"
|
|
445
|
+
description: "Filter by content status. Anonymous, viewer, and author requests are limited to published content."
|
|
402
446
|
}
|
|
403
447
|
],
|
|
404
448
|
responses: {
|
|
@@ -425,7 +469,7 @@ apiRoutes.get("/", (c) => {
|
|
|
425
469
|
"/api/content": {
|
|
426
470
|
get: {
|
|
427
471
|
summary: "List Content",
|
|
428
|
-
description: "Returns content items with advanced filtering support",
|
|
472
|
+
description: "Returns content items with advanced filtering support. Anonymous, viewer, and author requests are restricted to published content; admin and editor requests may query other statuses.",
|
|
429
473
|
operationId: "getContent",
|
|
430
474
|
tags: ["Content"],
|
|
431
475
|
parameters: [
|
|
@@ -446,6 +490,12 @@ apiRoutes.get("/", (c) => {
|
|
|
446
490
|
in: "query",
|
|
447
491
|
schema: { type: "integer", default: 0 },
|
|
448
492
|
description: "Number of items to skip"
|
|
493
|
+
},
|
|
494
|
+
{
|
|
495
|
+
name: "status",
|
|
496
|
+
in: "query",
|
|
497
|
+
schema: { type: "string", enum: ["draft", "published", "archived"] },
|
|
498
|
+
description: "Filter by content status. Anonymous, viewer, and author requests are limited to published content."
|
|
449
499
|
}
|
|
450
500
|
],
|
|
451
501
|
responses: {
|
|
@@ -722,7 +772,7 @@ apiRoutes.get("/collections", async (c) => {
|
|
|
722
772
|
return c.json({ error: "Failed to fetch collections" }, 500);
|
|
723
773
|
}
|
|
724
774
|
});
|
|
725
|
-
apiRoutes.get("/content", async (c) => {
|
|
775
|
+
apiRoutes.get("/content", chunkGIWIJNBH_cjs.optionalAuth(), async (c) => {
|
|
726
776
|
const executionStart = Date.now();
|
|
727
777
|
try {
|
|
728
778
|
const db = c.env.DB;
|
|
@@ -745,13 +795,14 @@ apiRoutes.get("/content", async (c) => {
|
|
|
745
795
|
});
|
|
746
796
|
}
|
|
747
797
|
}
|
|
748
|
-
const filter =
|
|
749
|
-
|
|
750
|
-
|
|
798
|
+
const filter = chunkWDQZYCQO_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
|
|
799
|
+
const normalizedFilter = normalizePublicContentFilter(filter, c.get("user")?.role);
|
|
800
|
+
if (!normalizedFilter.limit) {
|
|
801
|
+
normalizedFilter.limit = 50;
|
|
751
802
|
}
|
|
752
|
-
|
|
753
|
-
const builder3 = new
|
|
754
|
-
const queryResult = builder3.build("content",
|
|
803
|
+
normalizedFilter.limit = Math.min(normalizedFilter.limit, 1e3);
|
|
804
|
+
const builder3 = new chunkWDQZYCQO_cjs.QueryFilterBuilder();
|
|
805
|
+
const queryResult = builder3.build("content", normalizedFilter);
|
|
755
806
|
if (queryResult.errors.length > 0) {
|
|
756
807
|
return c.json({
|
|
757
808
|
error: "Invalid filter parameters",
|
|
@@ -760,7 +811,7 @@ apiRoutes.get("/content", async (c) => {
|
|
|
760
811
|
}
|
|
761
812
|
const cacheEnabled = c.get("cacheEnabled");
|
|
762
813
|
const cache = chunkVNLR35GO_cjs.getCacheService(chunkVNLR35GO_cjs.CACHE_CONFIGS.api);
|
|
763
|
-
const cacheKey = cache.generateKey("content-filtered", JSON.stringify({ filter, query: queryResult.sql }));
|
|
814
|
+
const cacheKey = cache.generateKey("content-filtered", JSON.stringify({ filter: normalizedFilter, query: queryResult.sql }));
|
|
764
815
|
if (cacheEnabled) {
|
|
765
816
|
const cacheResult = await cache.getWithSource(cacheKey);
|
|
766
817
|
if (cacheResult.hit && cacheResult.data) {
|
|
@@ -803,7 +854,7 @@ apiRoutes.get("/content", async (c) => {
|
|
|
803
854
|
meta: addTimingMeta(c, {
|
|
804
855
|
count: results.length,
|
|
805
856
|
timestamp: (/* @__PURE__ */ new Date()).toISOString(),
|
|
806
|
-
filter,
|
|
857
|
+
filter: normalizedFilter,
|
|
807
858
|
query: {
|
|
808
859
|
sql: queryResult.sql,
|
|
809
860
|
params: queryResult.params
|
|
@@ -826,7 +877,7 @@ apiRoutes.get("/content", async (c) => {
|
|
|
826
877
|
}, 500);
|
|
827
878
|
}
|
|
828
879
|
});
|
|
829
|
-
apiRoutes.get("/collections/:collection/content", async (c) => {
|
|
880
|
+
apiRoutes.get("/collections/:collection/content", chunkGIWIJNBH_cjs.optionalAuth(), async (c) => {
|
|
830
881
|
const executionStart = Date.now();
|
|
831
882
|
try {
|
|
832
883
|
const collection = c.req.param("collection");
|
|
@@ -837,24 +888,25 @@ apiRoutes.get("/collections/:collection/content", async (c) => {
|
|
|
837
888
|
if (!collectionResult) {
|
|
838
889
|
return c.json({ error: "Collection not found" }, 404);
|
|
839
890
|
}
|
|
840
|
-
const filter =
|
|
841
|
-
|
|
842
|
-
|
|
891
|
+
const filter = chunkWDQZYCQO_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
|
|
892
|
+
const normalizedFilter = normalizePublicContentFilter(filter, c.get("user")?.role);
|
|
893
|
+
if (!normalizedFilter.where) {
|
|
894
|
+
normalizedFilter.where = { and: [] };
|
|
843
895
|
}
|
|
844
|
-
if (!
|
|
845
|
-
|
|
896
|
+
if (!normalizedFilter.where.and) {
|
|
897
|
+
normalizedFilter.where.and = [];
|
|
846
898
|
}
|
|
847
|
-
|
|
899
|
+
normalizedFilter.where.and.push({
|
|
848
900
|
field: "collection_id",
|
|
849
901
|
operator: "equals",
|
|
850
902
|
value: collectionResult.id
|
|
851
903
|
});
|
|
852
|
-
if (!
|
|
853
|
-
|
|
904
|
+
if (!normalizedFilter.limit) {
|
|
905
|
+
normalizedFilter.limit = 50;
|
|
854
906
|
}
|
|
855
|
-
|
|
856
|
-
const builder3 = new
|
|
857
|
-
const queryResult = builder3.build("content",
|
|
907
|
+
normalizedFilter.limit = Math.min(normalizedFilter.limit, 1e3);
|
|
908
|
+
const builder3 = new chunkWDQZYCQO_cjs.QueryFilterBuilder();
|
|
909
|
+
const queryResult = builder3.build("content", normalizedFilter);
|
|
858
910
|
if (queryResult.errors.length > 0) {
|
|
859
911
|
return c.json({
|
|
860
912
|
error: "Invalid filter parameters",
|
|
@@ -863,7 +915,7 @@ apiRoutes.get("/collections/:collection/content", async (c) => {
|
|
|
863
915
|
}
|
|
864
916
|
const cacheEnabled = c.get("cacheEnabled");
|
|
865
917
|
const cache = chunkVNLR35GO_cjs.getCacheService(chunkVNLR35GO_cjs.CACHE_CONFIGS.api);
|
|
866
|
-
const cacheKey = cache.generateKey("collection-content-filtered", `${collection}:${JSON.stringify({ filter, query: queryResult.sql })}`);
|
|
918
|
+
const cacheKey = cache.generateKey("collection-content-filtered", `${collection}:${JSON.stringify({ filter: normalizedFilter, query: queryResult.sql })}`);
|
|
867
919
|
if (cacheEnabled) {
|
|
868
920
|
const cacheResult = await cache.getWithSource(cacheKey);
|
|
869
921
|
if (cacheResult.hit && cacheResult.data) {
|
|
@@ -910,7 +962,7 @@ apiRoutes.get("/collections/:collection/content", async (c) => {
|
|
|
910
962
|
},
|
|
911
963
|
count: results.length,
|
|
912
964
|
timestamp: (/* @__PURE__ */ new Date()).toISOString(),
|
|
913
|
-
filter,
|
|
965
|
+
filter: normalizedFilter,
|
|
914
966
|
query: {
|
|
915
967
|
sql: queryResult.sql,
|
|
916
968
|
params: queryResult.params
|
|
@@ -978,7 +1030,7 @@ var fileValidationSchema = zod.z.object({
|
|
|
978
1030
|
// 50MB max
|
|
979
1031
|
});
|
|
980
1032
|
var apiMediaRoutes = new hono.Hono();
|
|
981
|
-
apiMediaRoutes.use("*",
|
|
1033
|
+
apiMediaRoutes.use("*", chunkGIWIJNBH_cjs.requireAuth());
|
|
982
1034
|
apiMediaRoutes.post("/upload", async (c) => {
|
|
983
1035
|
try {
|
|
984
1036
|
const user = c.get("user");
|
|
@@ -1722,8 +1774,8 @@ apiSystemRoutes.get("/env", (c) => {
|
|
|
1722
1774
|
});
|
|
1723
1775
|
var api_system_default = apiSystemRoutes;
|
|
1724
1776
|
var adminApiRoutes = new hono.Hono();
|
|
1725
|
-
adminApiRoutes.use("*",
|
|
1726
|
-
adminApiRoutes.use("*",
|
|
1777
|
+
adminApiRoutes.use("*", chunkGIWIJNBH_cjs.requireAuth());
|
|
1778
|
+
adminApiRoutes.use("*", chunkGIWIJNBH_cjs.requireRole(["admin", "editor"]));
|
|
1727
1779
|
adminApiRoutes.get("/stats", async (c) => {
|
|
1728
1780
|
try {
|
|
1729
1781
|
const db = c.env.DB;
|
|
@@ -2233,7 +2285,7 @@ adminApiRoutes.delete("/collections/:id", async (c) => {
|
|
|
2233
2285
|
});
|
|
2234
2286
|
adminApiRoutes.get("/migrations/status", async (c) => {
|
|
2235
2287
|
try {
|
|
2236
|
-
const { MigrationService: MigrationService2 } = await import('./migrations-
|
|
2288
|
+
const { MigrationService: MigrationService2 } = await import('./migrations-76NR5BVF.cjs');
|
|
2237
2289
|
const db = c.env.DB;
|
|
2238
2290
|
const migrationService = new MigrationService2(db);
|
|
2239
2291
|
const status = await migrationService.getMigrationStatus();
|
|
@@ -2258,7 +2310,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
|
|
|
2258
2310
|
error: "Unauthorized. Admin access required."
|
|
2259
2311
|
}, 403);
|
|
2260
2312
|
}
|
|
2261
|
-
const { MigrationService: MigrationService2 } = await import('./migrations-
|
|
2313
|
+
const { MigrationService: MigrationService2 } = await import('./migrations-76NR5BVF.cjs');
|
|
2262
2314
|
const db = c.env.DB;
|
|
2263
2315
|
const migrationService = new MigrationService2(db);
|
|
2264
2316
|
const result = await migrationService.runPendingMigrations();
|
|
@@ -2277,7 +2329,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
|
|
|
2277
2329
|
});
|
|
2278
2330
|
adminApiRoutes.get("/migrations/validate", async (c) => {
|
|
2279
2331
|
try {
|
|
2280
|
-
const { MigrationService: MigrationService2 } = await import('./migrations-
|
|
2332
|
+
const { MigrationService: MigrationService2 } = await import('./migrations-76NR5BVF.cjs');
|
|
2281
2333
|
const db = c.env.DB;
|
|
2282
2334
|
const migrationService = new MigrationService2(db);
|
|
2283
2335
|
const validation = await migrationService.validateSchema();
|
|
@@ -2759,7 +2811,7 @@ authRoutes.post(
|
|
|
2759
2811
|
if (existingUser) {
|
|
2760
2812
|
return c.json({ error: "User with this email or username already exists" }, 400);
|
|
2761
2813
|
}
|
|
2762
|
-
const passwordHash = await
|
|
2814
|
+
const passwordHash = await chunkGIWIJNBH_cjs.AuthManager.hashPassword(password);
|
|
2763
2815
|
const userId = crypto.randomUUID();
|
|
2764
2816
|
const now = /* @__PURE__ */ new Date();
|
|
2765
2817
|
await db.prepare(`
|
|
@@ -2779,7 +2831,7 @@ authRoutes.post(
|
|
|
2779
2831
|
now.getTime(),
|
|
2780
2832
|
now.getTime()
|
|
2781
2833
|
).run();
|
|
2782
|
-
const token = await
|
|
2834
|
+
const token = await chunkGIWIJNBH_cjs.AuthManager.generateToken(userId, normalizedEmail, "viewer");
|
|
2783
2835
|
cookie.setCookie(c, "auth_token", token, {
|
|
2784
2836
|
httpOnly: true,
|
|
2785
2837
|
secure: true,
|
|
@@ -2832,11 +2884,11 @@ authRoutes.post("/login", async (c) => {
|
|
|
2832
2884
|
if (!user) {
|
|
2833
2885
|
return c.json({ error: "Invalid email or password" }, 401);
|
|
2834
2886
|
}
|
|
2835
|
-
const isValidPassword = await
|
|
2887
|
+
const isValidPassword = await chunkGIWIJNBH_cjs.AuthManager.verifyPassword(password, user.password_hash);
|
|
2836
2888
|
if (!isValidPassword) {
|
|
2837
2889
|
return c.json({ error: "Invalid email or password" }, 401);
|
|
2838
2890
|
}
|
|
2839
|
-
const token = await
|
|
2891
|
+
const token = await chunkGIWIJNBH_cjs.AuthManager.generateToken(user.id, user.email, user.role);
|
|
2840
2892
|
cookie.setCookie(c, "auth_token", token, {
|
|
2841
2893
|
httpOnly: true,
|
|
2842
2894
|
secure: true,
|
|
@@ -2885,7 +2937,7 @@ authRoutes.get("/logout", (c) => {
|
|
|
2885
2937
|
});
|
|
2886
2938
|
return c.redirect("/auth/login?message=You have been logged out successfully");
|
|
2887
2939
|
});
|
|
2888
|
-
authRoutes.get("/me",
|
|
2940
|
+
authRoutes.get("/me", chunkGIWIJNBH_cjs.requireAuth(), async (c) => {
|
|
2889
2941
|
try {
|
|
2890
2942
|
const user = c.get("user");
|
|
2891
2943
|
if (!user) {
|
|
@@ -2902,13 +2954,13 @@ authRoutes.get("/me", chunkGPTMGUFN_cjs.requireAuth(), async (c) => {
|
|
|
2902
2954
|
return c.json({ error: "Failed to get user" }, 500);
|
|
2903
2955
|
}
|
|
2904
2956
|
});
|
|
2905
|
-
authRoutes.post("/refresh",
|
|
2957
|
+
authRoutes.post("/refresh", chunkGIWIJNBH_cjs.requireAuth(), async (c) => {
|
|
2906
2958
|
try {
|
|
2907
2959
|
const user = c.get("user");
|
|
2908
2960
|
if (!user) {
|
|
2909
2961
|
return c.json({ error: "Not authenticated" }, 401);
|
|
2910
2962
|
}
|
|
2911
|
-
const token = await
|
|
2963
|
+
const token = await chunkGIWIJNBH_cjs.AuthManager.generateToken(user.userId, user.email, user.role);
|
|
2912
2964
|
cookie.setCookie(c, "auth_token", token, {
|
|
2913
2965
|
httpOnly: true,
|
|
2914
2966
|
secure: true,
|
|
@@ -2968,7 +3020,7 @@ authRoutes.post("/register/form", async (c) => {
|
|
|
2968
3020
|
</div>
|
|
2969
3021
|
`);
|
|
2970
3022
|
}
|
|
2971
|
-
const passwordHash = await
|
|
3023
|
+
const passwordHash = await chunkGIWIJNBH_cjs.AuthManager.hashPassword(password);
|
|
2972
3024
|
const role = isFirstUser ? "admin" : "viewer";
|
|
2973
3025
|
const userId = crypto.randomUUID();
|
|
2974
3026
|
const now = /* @__PURE__ */ new Date();
|
|
@@ -2988,7 +3040,7 @@ authRoutes.post("/register/form", async (c) => {
|
|
|
2988
3040
|
now.getTime(),
|
|
2989
3041
|
now.getTime()
|
|
2990
3042
|
).run();
|
|
2991
|
-
const token = await
|
|
3043
|
+
const token = await chunkGIWIJNBH_cjs.AuthManager.generateToken(userId, normalizedEmail, role);
|
|
2992
3044
|
cookie.setCookie(c, "auth_token", token, {
|
|
2993
3045
|
httpOnly: true,
|
|
2994
3046
|
secure: false,
|
|
@@ -3040,7 +3092,7 @@ authRoutes.post("/login/form", async (c) => {
|
|
|
3040
3092
|
</div>
|
|
3041
3093
|
`);
|
|
3042
3094
|
}
|
|
3043
|
-
const isValidPassword = await
|
|
3095
|
+
const isValidPassword = await chunkGIWIJNBH_cjs.AuthManager.verifyPassword(password, user.password_hash);
|
|
3044
3096
|
if (!isValidPassword) {
|
|
3045
3097
|
return c.html(html.html`
|
|
3046
3098
|
<div class="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded">
|
|
@@ -3048,7 +3100,7 @@ authRoutes.post("/login/form", async (c) => {
|
|
|
3048
3100
|
</div>
|
|
3049
3101
|
`);
|
|
3050
3102
|
}
|
|
3051
|
-
const token = await
|
|
3103
|
+
const token = await chunkGIWIJNBH_cjs.AuthManager.generateToken(user.id, user.email, user.role);
|
|
3052
3104
|
cookie.setCookie(c, "auth_token", token, {
|
|
3053
3105
|
httpOnly: true,
|
|
3054
3106
|
secure: false,
|
|
@@ -3107,7 +3159,7 @@ authRoutes.post("/seed-admin", async (c) => {
|
|
|
3107
3159
|
`).run();
|
|
3108
3160
|
const existingAdmin = await db.prepare("SELECT id FROM users WHERE email = ? OR username = ?").bind("admin@sonicjs.com", "admin").first();
|
|
3109
3161
|
if (existingAdmin) {
|
|
3110
|
-
const passwordHash2 = await
|
|
3162
|
+
const passwordHash2 = await chunkGIWIJNBH_cjs.AuthManager.hashPassword("sonicjs!");
|
|
3111
3163
|
await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(passwordHash2, Date.now(), existingAdmin.id).run();
|
|
3112
3164
|
return c.json({
|
|
3113
3165
|
message: "Admin user already exists (password updated)",
|
|
@@ -3119,7 +3171,7 @@ authRoutes.post("/seed-admin", async (c) => {
|
|
|
3119
3171
|
}
|
|
3120
3172
|
});
|
|
3121
3173
|
}
|
|
3122
|
-
const passwordHash = await
|
|
3174
|
+
const passwordHash = await chunkGIWIJNBH_cjs.AuthManager.hashPassword("sonicjs!");
|
|
3123
3175
|
const userId = "admin-user-id";
|
|
3124
3176
|
const now = Date.now();
|
|
3125
3177
|
const adminEmail = "admin@sonicjs.com".toLowerCase();
|
|
@@ -3339,7 +3391,7 @@ authRoutes.post("/accept-invitation", async (c) => {
|
|
|
3339
3391
|
if (existingUsername) {
|
|
3340
3392
|
return c.json({ error: "Username is already taken" }, 400);
|
|
3341
3393
|
}
|
|
3342
|
-
const passwordHash = await
|
|
3394
|
+
const passwordHash = await chunkGIWIJNBH_cjs.AuthManager.hashPassword(password);
|
|
3343
3395
|
const updateStmt = db.prepare(`
|
|
3344
3396
|
UPDATE users SET
|
|
3345
3397
|
username = ?,
|
|
@@ -3358,7 +3410,7 @@ authRoutes.post("/accept-invitation", async (c) => {
|
|
|
3358
3410
|
Date.now(),
|
|
3359
3411
|
invitedUser.id
|
|
3360
3412
|
).run();
|
|
3361
|
-
const authToken = await
|
|
3413
|
+
const authToken = await chunkGIWIJNBH_cjs.AuthManager.generateToken(invitedUser.id, invitedUser.email, invitedUser.role);
|
|
3362
3414
|
cookie.setCookie(c, "auth_token", authToken, {
|
|
3363
3415
|
httpOnly: true,
|
|
3364
3416
|
secure: true,
|
|
@@ -3588,7 +3640,7 @@ authRoutes.post("/reset-password", async (c) => {
|
|
|
3588
3640
|
if (Date.now() > user.password_reset_expires) {
|
|
3589
3641
|
return c.json({ error: "Reset token has expired" }, 400);
|
|
3590
3642
|
}
|
|
3591
|
-
const newPasswordHash = await
|
|
3643
|
+
const newPasswordHash = await chunkGIWIJNBH_cjs.AuthManager.hashPassword(password);
|
|
3592
3644
|
try {
|
|
3593
3645
|
const historyStmt = db.prepare(`
|
|
3594
3646
|
INSERT INTO password_history (id, user_id, password_hash, created_at)
|
|
@@ -8015,9 +8067,9 @@ function parseFieldValue(field, formData, options = {}) {
|
|
|
8015
8067
|
const { skipValidation = false } = options;
|
|
8016
8068
|
const value = formData.get(field.field_name);
|
|
8017
8069
|
const errors = [];
|
|
8018
|
-
const blocksConfig =
|
|
8070
|
+
const blocksConfig = chunkWDQZYCQO_cjs.getBlocksFieldConfig(field.field_options);
|
|
8019
8071
|
if (blocksConfig) {
|
|
8020
|
-
const parsed =
|
|
8072
|
+
const parsed = chunkWDQZYCQO_cjs.parseBlocksValue(value, blocksConfig);
|
|
8021
8073
|
if (!skipValidation && field.is_required && parsed.value.length === 0) {
|
|
8022
8074
|
parsed.errors.push(`${field.field_label} is required`);
|
|
8023
8075
|
}
|
|
@@ -8127,7 +8179,7 @@ function extractFieldData(fields, formData, options = {}) {
|
|
|
8127
8179
|
}
|
|
8128
8180
|
return { data, errors };
|
|
8129
8181
|
}
|
|
8130
|
-
adminContentRoutes.use("*",
|
|
8182
|
+
adminContentRoutes.use("*", chunkGIWIJNBH_cjs.requireAuth());
|
|
8131
8183
|
async function getCollectionFields(db, collectionId) {
|
|
8132
8184
|
const cache = chunkVNLR35GO_cjs.getCacheService(chunkVNLR35GO_cjs.CACHE_CONFIGS.collection);
|
|
8133
8185
|
return cache.getOrSet(
|
|
@@ -10110,7 +10162,7 @@ function renderUserEditPage(data) {
|
|
|
10110
10162
|
<input
|
|
10111
10163
|
type="text"
|
|
10112
10164
|
name="first_name"
|
|
10113
|
-
value="${
|
|
10165
|
+
value="${chunkWDQZYCQO_cjs.escapeHtml(data.userToEdit.firstName || "")}"
|
|
10114
10166
|
required
|
|
10115
10167
|
class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
|
|
10116
10168
|
/>
|
|
@@ -10121,7 +10173,7 @@ function renderUserEditPage(data) {
|
|
|
10121
10173
|
<input
|
|
10122
10174
|
type="text"
|
|
10123
10175
|
name="last_name"
|
|
10124
|
-
value="${
|
|
10176
|
+
value="${chunkWDQZYCQO_cjs.escapeHtml(data.userToEdit.lastName || "")}"
|
|
10125
10177
|
required
|
|
10126
10178
|
class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
|
|
10127
10179
|
/>
|
|
@@ -10132,7 +10184,7 @@ function renderUserEditPage(data) {
|
|
|
10132
10184
|
<input
|
|
10133
10185
|
type="text"
|
|
10134
10186
|
name="username"
|
|
10135
|
-
value="${
|
|
10187
|
+
value="${chunkWDQZYCQO_cjs.escapeHtml(data.userToEdit.username || "")}"
|
|
10136
10188
|
required
|
|
10137
10189
|
class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
|
|
10138
10190
|
/>
|
|
@@ -10143,7 +10195,7 @@ function renderUserEditPage(data) {
|
|
|
10143
10195
|
<input
|
|
10144
10196
|
type="email"
|
|
10145
10197
|
name="email"
|
|
10146
|
-
value="${
|
|
10198
|
+
value="${chunkWDQZYCQO_cjs.escapeHtml(data.userToEdit.email || "")}"
|
|
10147
10199
|
required
|
|
10148
10200
|
class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
|
|
10149
10201
|
/>
|
|
@@ -10154,7 +10206,7 @@ function renderUserEditPage(data) {
|
|
|
10154
10206
|
<input
|
|
10155
10207
|
type="tel"
|
|
10156
10208
|
name="phone"
|
|
10157
|
-
value="${
|
|
10209
|
+
value="${chunkWDQZYCQO_cjs.escapeHtml(data.userToEdit.phone || "")}"
|
|
10158
10210
|
class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
|
|
10159
10211
|
/>
|
|
10160
10212
|
</div>
|
|
@@ -10168,7 +10220,7 @@ function renderUserEditPage(data) {
|
|
|
10168
10220
|
class="col-start-1 row-start-1 w-full appearance-none rounded-md bg-white/5 dark:bg-white/5 py-1.5 pl-3 pr-8 text-base text-zinc-950 dark:text-white outline outline-1 -outline-offset-1 outline-zinc-500/30 dark:outline-zinc-400/30 *:bg-white dark:*:bg-zinc-800 focus-visible:outline focus-visible:outline-2 focus-visible:-outline-offset-2 focus-visible:outline-zinc-500 dark:focus-visible:outline-zinc-400 sm:text-sm/6"
|
|
10169
10221
|
>
|
|
10170
10222
|
${data.roles.map((role) => `
|
|
10171
|
-
<option value="${
|
|
10223
|
+
<option value="${chunkWDQZYCQO_cjs.escapeHtml(role.value)}" ${data.userToEdit.role === role.value ? "selected" : ""}>${chunkWDQZYCQO_cjs.escapeHtml(role.label)}</option>
|
|
10172
10224
|
`).join("")}
|
|
10173
10225
|
</select>
|
|
10174
10226
|
<svg viewBox="0 0 16 16" fill="currentColor" data-slot="icon" aria-hidden="true" class="pointer-events-none col-start-1 row-start-1 mr-2 size-5 self-center justify-self-end text-zinc-600 dark:text-zinc-400 sm:size-4">
|
|
@@ -10189,7 +10241,7 @@ function renderUserEditPage(data) {
|
|
|
10189
10241
|
<input
|
|
10190
10242
|
type="text"
|
|
10191
10243
|
name="profile_display_name"
|
|
10192
|
-
value="${
|
|
10244
|
+
value="${chunkWDQZYCQO_cjs.escapeHtml(data.userToEdit.profile?.displayName || "")}"
|
|
10193
10245
|
placeholder="Public display name"
|
|
10194
10246
|
class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
|
|
10195
10247
|
/>
|
|
@@ -10200,7 +10252,7 @@ function renderUserEditPage(data) {
|
|
|
10200
10252
|
<input
|
|
10201
10253
|
type="text"
|
|
10202
10254
|
name="profile_company"
|
|
10203
|
-
value="${
|
|
10255
|
+
value="${chunkWDQZYCQO_cjs.escapeHtml(data.userToEdit.profile?.company || "")}"
|
|
10204
10256
|
placeholder="Company or organization"
|
|
10205
10257
|
class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
|
|
10206
10258
|
/>
|
|
@@ -10211,7 +10263,7 @@ function renderUserEditPage(data) {
|
|
|
10211
10263
|
<input
|
|
10212
10264
|
type="text"
|
|
10213
10265
|
name="profile_job_title"
|
|
10214
|
-
value="${
|
|
10266
|
+
value="${chunkWDQZYCQO_cjs.escapeHtml(data.userToEdit.profile?.jobTitle || "")}"
|
|
10215
10267
|
placeholder="Job title or role"
|
|
10216
10268
|
class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
|
|
10217
10269
|
/>
|
|
@@ -10222,7 +10274,7 @@ function renderUserEditPage(data) {
|
|
|
10222
10274
|
<input
|
|
10223
10275
|
type="url"
|
|
10224
10276
|
name="profile_website"
|
|
10225
|
-
value="${
|
|
10277
|
+
value="${chunkWDQZYCQO_cjs.escapeHtml(data.userToEdit.profile?.website || "")}"
|
|
10226
10278
|
placeholder="https://example.com"
|
|
10227
10279
|
class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
|
|
10228
10280
|
/>
|
|
@@ -10233,7 +10285,7 @@ function renderUserEditPage(data) {
|
|
|
10233
10285
|
<input
|
|
10234
10286
|
type="text"
|
|
10235
10287
|
name="profile_location"
|
|
10236
|
-
value="${
|
|
10288
|
+
value="${chunkWDQZYCQO_cjs.escapeHtml(data.userToEdit.profile?.location || "")}"
|
|
10237
10289
|
placeholder="City, Country"
|
|
10238
10290
|
class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
|
|
10239
10291
|
/>
|
|
@@ -10257,7 +10309,7 @@ function renderUserEditPage(data) {
|
|
|
10257
10309
|
rows="3"
|
|
10258
10310
|
placeholder="Short bio or description"
|
|
10259
10311
|
class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
|
|
10260
|
-
>${
|
|
10312
|
+
>${chunkWDQZYCQO_cjs.escapeHtml(data.userToEdit.profile?.bio || "")}</textarea>
|
|
10261
10313
|
</div>
|
|
10262
10314
|
</div>
|
|
10263
10315
|
|
|
@@ -11157,7 +11209,7 @@ function renderUsersListPage(data) {
|
|
|
11157
11209
|
|
|
11158
11210
|
// src/routes/admin-users.ts
|
|
11159
11211
|
var userRoutes = new hono.Hono();
|
|
11160
|
-
userRoutes.use("*",
|
|
11212
|
+
userRoutes.use("*", chunkGIWIJNBH_cjs.requireAuth());
|
|
11161
11213
|
userRoutes.get("/", (c) => {
|
|
11162
11214
|
return c.redirect("/admin/dashboard");
|
|
11163
11215
|
});
|
|
@@ -11256,12 +11308,12 @@ userRoutes.put("/profile", async (c) => {
|
|
|
11256
11308
|
const db = c.env.DB;
|
|
11257
11309
|
try {
|
|
11258
11310
|
const formData = await c.req.formData();
|
|
11259
|
-
const firstName =
|
|
11260
|
-
const lastName =
|
|
11261
|
-
const username =
|
|
11311
|
+
const firstName = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("first_name")?.toString());
|
|
11312
|
+
const lastName = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("last_name")?.toString());
|
|
11313
|
+
const username = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("username")?.toString());
|
|
11262
11314
|
const email = formData.get("email")?.toString()?.trim().toLowerCase() || "";
|
|
11263
|
-
const phone =
|
|
11264
|
-
const bio =
|
|
11315
|
+
const phone = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("phone")?.toString()) || null;
|
|
11316
|
+
const bio = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("bio")?.toString()) || null;
|
|
11265
11317
|
const timezone = formData.get("timezone")?.toString() || "UTC";
|
|
11266
11318
|
const language = formData.get("language")?.toString() || "en";
|
|
11267
11319
|
const emailNotifications = formData.get("email_notifications") === "1";
|
|
@@ -11312,7 +11364,7 @@ userRoutes.put("/profile", async (c) => {
|
|
|
11312
11364
|
Date.now(),
|
|
11313
11365
|
user.userId
|
|
11314
11366
|
).run();
|
|
11315
|
-
await
|
|
11367
|
+
await chunkGIWIJNBH_cjs.logActivity(
|
|
11316
11368
|
db,
|
|
11317
11369
|
user.userId,
|
|
11318
11370
|
"profile.update",
|
|
@@ -11375,7 +11427,7 @@ userRoutes.post("/profile/avatar", async (c) => {
|
|
|
11375
11427
|
SELECT first_name, last_name FROM users WHERE id = ?
|
|
11376
11428
|
`);
|
|
11377
11429
|
const userData = await userStmt.bind(user.userId).first();
|
|
11378
|
-
await
|
|
11430
|
+
await chunkGIWIJNBH_cjs.logActivity(
|
|
11379
11431
|
db,
|
|
11380
11432
|
user.userId,
|
|
11381
11433
|
"profile.avatar_update",
|
|
@@ -11446,7 +11498,7 @@ userRoutes.post("/profile/password", async (c) => {
|
|
|
11446
11498
|
dismissible: true
|
|
11447
11499
|
}));
|
|
11448
11500
|
}
|
|
11449
|
-
const validPassword = await
|
|
11501
|
+
const validPassword = await chunkGIWIJNBH_cjs.AuthManager.verifyPassword(currentPassword, userData.password_hash);
|
|
11450
11502
|
if (!validPassword) {
|
|
11451
11503
|
return c.html(renderAlert2({
|
|
11452
11504
|
type: "error",
|
|
@@ -11454,7 +11506,7 @@ userRoutes.post("/profile/password", async (c) => {
|
|
|
11454
11506
|
dismissible: true
|
|
11455
11507
|
}));
|
|
11456
11508
|
}
|
|
11457
|
-
const newPasswordHash = await
|
|
11509
|
+
const newPasswordHash = await chunkGIWIJNBH_cjs.AuthManager.hashPassword(newPassword);
|
|
11458
11510
|
const historyStmt = db.prepare(`
|
|
11459
11511
|
INSERT INTO password_history (id, user_id, password_hash, created_at)
|
|
11460
11512
|
VALUES (?, ?, ?, ?)
|
|
@@ -11470,7 +11522,7 @@ userRoutes.post("/profile/password", async (c) => {
|
|
|
11470
11522
|
WHERE id = ?
|
|
11471
11523
|
`);
|
|
11472
11524
|
await updateStmt.bind(newPasswordHash, Date.now(), user.userId).run();
|
|
11473
|
-
await
|
|
11525
|
+
await chunkGIWIJNBH_cjs.logActivity(
|
|
11474
11526
|
db,
|
|
11475
11527
|
user.userId,
|
|
11476
11528
|
"profile.password_change",
|
|
@@ -11537,7 +11589,7 @@ userRoutes.get("/users", async (c) => {
|
|
|
11537
11589
|
`);
|
|
11538
11590
|
const countResult = await countStmt.bind(...params).first();
|
|
11539
11591
|
const totalUsers = countResult?.total || 0;
|
|
11540
|
-
await
|
|
11592
|
+
await chunkGIWIJNBH_cjs.logActivity(
|
|
11541
11593
|
db,
|
|
11542
11594
|
user.userId,
|
|
11543
11595
|
"users.list_view",
|
|
@@ -11639,12 +11691,12 @@ userRoutes.post("/users/new", async (c) => {
|
|
|
11639
11691
|
const user = c.get("user");
|
|
11640
11692
|
try {
|
|
11641
11693
|
const formData = await c.req.formData();
|
|
11642
|
-
const firstName =
|
|
11643
|
-
const lastName =
|
|
11644
|
-
const username =
|
|
11694
|
+
const firstName = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("first_name")?.toString());
|
|
11695
|
+
const lastName = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("last_name")?.toString());
|
|
11696
|
+
const username = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("username")?.toString());
|
|
11645
11697
|
const email = formData.get("email")?.toString()?.trim().toLowerCase() || "";
|
|
11646
|
-
const phone =
|
|
11647
|
-
const bio =
|
|
11698
|
+
const phone = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("phone")?.toString()) || null;
|
|
11699
|
+
const bio = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("bio")?.toString()) || null;
|
|
11648
11700
|
const role = formData.get("role")?.toString() || "viewer";
|
|
11649
11701
|
const password = formData.get("password")?.toString() || "";
|
|
11650
11702
|
const confirmPassword = formData.get("confirm_password")?.toString() || "";
|
|
@@ -11691,7 +11743,7 @@ userRoutes.post("/users/new", async (c) => {
|
|
|
11691
11743
|
dismissible: true
|
|
11692
11744
|
}));
|
|
11693
11745
|
}
|
|
11694
|
-
const passwordHash = await
|
|
11746
|
+
const passwordHash = await chunkGIWIJNBH_cjs.AuthManager.hashPassword(password);
|
|
11695
11747
|
const userId = crypto.randomUUID();
|
|
11696
11748
|
const createStmt = db.prepare(`
|
|
11697
11749
|
INSERT INTO users (
|
|
@@ -11714,7 +11766,7 @@ userRoutes.post("/users/new", async (c) => {
|
|
|
11714
11766
|
Date.now(),
|
|
11715
11767
|
Date.now()
|
|
11716
11768
|
).run();
|
|
11717
|
-
await
|
|
11769
|
+
await chunkGIWIJNBH_cjs.logActivity(
|
|
11718
11770
|
db,
|
|
11719
11771
|
user.userId,
|
|
11720
11772
|
"user!.create",
|
|
@@ -11752,7 +11804,7 @@ userRoutes.get("/users/:id", async (c) => {
|
|
|
11752
11804
|
if (!userRecord) {
|
|
11753
11805
|
return c.json({ error: "User not found" }, 404);
|
|
11754
11806
|
}
|
|
11755
|
-
await
|
|
11807
|
+
await chunkGIWIJNBH_cjs.logActivity(
|
|
11756
11808
|
db,
|
|
11757
11809
|
user.userId,
|
|
11758
11810
|
"user!.view",
|
|
@@ -11860,20 +11912,20 @@ userRoutes.put("/users/:id", async (c) => {
|
|
|
11860
11912
|
const userId = c.req.param("id");
|
|
11861
11913
|
try {
|
|
11862
11914
|
const formData = await c.req.formData();
|
|
11863
|
-
const firstName =
|
|
11864
|
-
const lastName =
|
|
11865
|
-
const username =
|
|
11915
|
+
const firstName = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("first_name")?.toString());
|
|
11916
|
+
const lastName = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("last_name")?.toString());
|
|
11917
|
+
const username = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("username")?.toString());
|
|
11866
11918
|
const email = formData.get("email")?.toString()?.trim().toLowerCase() || "";
|
|
11867
|
-
const phone =
|
|
11919
|
+
const phone = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("phone")?.toString()) || null;
|
|
11868
11920
|
const role = formData.get("role")?.toString() || "viewer";
|
|
11869
11921
|
const isActive = formData.get("is_active") === "1";
|
|
11870
11922
|
const emailVerified = formData.get("email_verified") === "1";
|
|
11871
|
-
const profileDisplayName =
|
|
11872
|
-
const profileBio =
|
|
11873
|
-
const profileCompany =
|
|
11874
|
-
const profileJobTitle =
|
|
11923
|
+
const profileDisplayName = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("profile_display_name")?.toString()) || null;
|
|
11924
|
+
const profileBio = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("profile_bio")?.toString()) || null;
|
|
11925
|
+
const profileCompany = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("profile_company")?.toString()) || null;
|
|
11926
|
+
const profileJobTitle = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("profile_job_title")?.toString()) || null;
|
|
11875
11927
|
const profileWebsite = formData.get("profile_website")?.toString()?.trim() || null;
|
|
11876
|
-
const profileLocation =
|
|
11928
|
+
const profileLocation = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("profile_location")?.toString()) || null;
|
|
11877
11929
|
const profileDateOfBirthStr = formData.get("profile_date_of_birth")?.toString()?.trim() || null;
|
|
11878
11930
|
const profileDateOfBirth = profileDateOfBirthStr ? new Date(profileDateOfBirthStr).getTime() : null;
|
|
11879
11931
|
if (!firstName || !lastName || !username || !email) {
|
|
@@ -11977,7 +12029,7 @@ userRoutes.put("/users/:id", async (c) => {
|
|
|
11977
12029
|
).run();
|
|
11978
12030
|
}
|
|
11979
12031
|
}
|
|
11980
|
-
await
|
|
12032
|
+
await chunkGIWIJNBH_cjs.logActivity(
|
|
11981
12033
|
db,
|
|
11982
12034
|
user.userId,
|
|
11983
12035
|
"user.update",
|
|
@@ -12022,7 +12074,7 @@ userRoutes.post("/users/:id/toggle", async (c) => {
|
|
|
12022
12074
|
UPDATE users SET is_active = ?, updated_at = ? WHERE id = ?
|
|
12023
12075
|
`);
|
|
12024
12076
|
await toggleStmt.bind(active ? 1 : 0, Date.now(), userId).run();
|
|
12025
|
-
await
|
|
12077
|
+
await chunkGIWIJNBH_cjs.logActivity(
|
|
12026
12078
|
db,
|
|
12027
12079
|
user.userId,
|
|
12028
12080
|
active ? "user.activate" : "user.deactivate",
|
|
@@ -12063,7 +12115,7 @@ userRoutes.delete("/users/:id", async (c) => {
|
|
|
12063
12115
|
DELETE FROM users WHERE id = ?
|
|
12064
12116
|
`);
|
|
12065
12117
|
await deleteStmt.bind(userId).run();
|
|
12066
|
-
await
|
|
12118
|
+
await chunkGIWIJNBH_cjs.logActivity(
|
|
12067
12119
|
db,
|
|
12068
12120
|
user.userId,
|
|
12069
12121
|
"user!.hard_delete",
|
|
@@ -12082,7 +12134,7 @@ userRoutes.delete("/users/:id", async (c) => {
|
|
|
12082
12134
|
UPDATE users SET is_active = 0, updated_at = ? WHERE id = ?
|
|
12083
12135
|
`);
|
|
12084
12136
|
await deleteStmt.bind(Date.now(), userId).run();
|
|
12085
|
-
await
|
|
12137
|
+
await chunkGIWIJNBH_cjs.logActivity(
|
|
12086
12138
|
db,
|
|
12087
12139
|
user.userId,
|
|
12088
12140
|
"user!.soft_delete",
|
|
@@ -12109,8 +12161,8 @@ userRoutes.post("/invite-user", async (c) => {
|
|
|
12109
12161
|
const formData = await c.req.formData();
|
|
12110
12162
|
const email = formData.get("email")?.toString()?.trim().toLowerCase() || "";
|
|
12111
12163
|
const role = formData.get("role")?.toString()?.trim() || "viewer";
|
|
12112
|
-
const firstName =
|
|
12113
|
-
const lastName =
|
|
12164
|
+
const firstName = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("first_name")?.toString());
|
|
12165
|
+
const lastName = chunkWDQZYCQO_cjs.sanitizeInput(formData.get("last_name")?.toString());
|
|
12114
12166
|
if (!email || !firstName || !lastName) {
|
|
12115
12167
|
return c.json({ error: "Email, first name, and last name are required" }, 400);
|
|
12116
12168
|
}
|
|
@@ -12148,7 +12200,7 @@ userRoutes.post("/invite-user", async (c) => {
|
|
|
12148
12200
|
Date.now(),
|
|
12149
12201
|
Date.now()
|
|
12150
12202
|
).run();
|
|
12151
|
-
await
|
|
12203
|
+
await chunkGIWIJNBH_cjs.logActivity(
|
|
12152
12204
|
db,
|
|
12153
12205
|
user.userId,
|
|
12154
12206
|
"user!.invite_sent",
|
|
@@ -12205,7 +12257,7 @@ userRoutes.post("/resend-invitation/:id", async (c) => {
|
|
|
12205
12257
|
Date.now(),
|
|
12206
12258
|
userId
|
|
12207
12259
|
).run();
|
|
12208
|
-
await
|
|
12260
|
+
await chunkGIWIJNBH_cjs.logActivity(
|
|
12209
12261
|
db,
|
|
12210
12262
|
user.userId,
|
|
12211
12263
|
"user!.invitation_resent",
|
|
@@ -12241,7 +12293,7 @@ userRoutes.delete("/cancel-invitation/:id", async (c) => {
|
|
|
12241
12293
|
}
|
|
12242
12294
|
const deleteStmt = db.prepare(`DELETE FROM users WHERE id = ?`);
|
|
12243
12295
|
await deleteStmt.bind(userId).run();
|
|
12244
|
-
await
|
|
12296
|
+
await chunkGIWIJNBH_cjs.logActivity(
|
|
12245
12297
|
db,
|
|
12246
12298
|
user.userId,
|
|
12247
12299
|
"user!.invitation_cancelled",
|
|
@@ -12324,7 +12376,7 @@ userRoutes.get("/activity-logs", async (c) => {
|
|
|
12324
12376
|
...log,
|
|
12325
12377
|
details: log.details ? JSON.parse(log.details) : null
|
|
12326
12378
|
}));
|
|
12327
|
-
await
|
|
12379
|
+
await chunkGIWIJNBH_cjs.logActivity(
|
|
12328
12380
|
db,
|
|
12329
12381
|
user.userId,
|
|
12330
12382
|
"activity.logs_viewed",
|
|
@@ -12431,7 +12483,7 @@ userRoutes.get("/activity-logs/export", async (c) => {
|
|
|
12431
12483
|
csvRows.push(row.join(","));
|
|
12432
12484
|
}
|
|
12433
12485
|
const csvContent = csvRows.join("\n");
|
|
12434
|
-
await
|
|
12486
|
+
await chunkGIWIJNBH_cjs.logActivity(
|
|
12435
12487
|
db,
|
|
12436
12488
|
user.userId,
|
|
12437
12489
|
"activity.logs_exported",
|
|
@@ -13770,7 +13822,7 @@ var fileValidationSchema2 = zod.z.object({
|
|
|
13770
13822
|
// 50MB max
|
|
13771
13823
|
});
|
|
13772
13824
|
var adminMediaRoutes = new hono.Hono();
|
|
13773
|
-
adminMediaRoutes.use("*",
|
|
13825
|
+
adminMediaRoutes.use("*", chunkGIWIJNBH_cjs.requireAuth());
|
|
13774
13826
|
adminMediaRoutes.get("/", async (c) => {
|
|
13775
13827
|
try {
|
|
13776
13828
|
const user = c.get("user");
|
|
@@ -14356,7 +14408,7 @@ adminMediaRoutes.put("/:id", async (c) => {
|
|
|
14356
14408
|
`);
|
|
14357
14409
|
}
|
|
14358
14410
|
});
|
|
14359
|
-
adminMediaRoutes.delete("/cleanup",
|
|
14411
|
+
adminMediaRoutes.delete("/cleanup", chunkGIWIJNBH_cjs.requireRole("admin"), async (c) => {
|
|
14360
14412
|
try {
|
|
14361
14413
|
const db = c.env.DB;
|
|
14362
14414
|
const allMediaStmt = db.prepare("SELECT id, r2_key, filename FROM media WHERE deleted_at IS NULL");
|
|
@@ -16579,7 +16631,7 @@ function renderEmailSettingsContent(plugin, settings) {
|
|
|
16579
16631
|
|
|
16580
16632
|
// src/routes/admin-plugins.ts
|
|
16581
16633
|
var adminPluginRoutes = new hono.Hono();
|
|
16582
|
-
adminPluginRoutes.use("*",
|
|
16634
|
+
adminPluginRoutes.use("*", chunkGIWIJNBH_cjs.requireAuth());
|
|
16583
16635
|
var AVAILABLE_PLUGINS = [
|
|
16584
16636
|
{
|
|
16585
16637
|
id: "third-party-faq",
|
|
@@ -17984,7 +18036,7 @@ function renderLogConfigPage(data) {
|
|
|
17984
18036
|
|
|
17985
18037
|
// src/routes/admin-logs.ts
|
|
17986
18038
|
var adminLogsRoutes = new hono.Hono();
|
|
17987
|
-
adminLogsRoutes.use("*",
|
|
18039
|
+
adminLogsRoutes.use("*", chunkGIWIJNBH_cjs.requireAuth());
|
|
17988
18040
|
adminLogsRoutes.get("/", async (c) => {
|
|
17989
18041
|
try {
|
|
17990
18042
|
const user = c.get("user");
|
|
@@ -20312,9 +20364,9 @@ function renderStorageUsage(databaseSizeBytes, mediaSizeBytes) {
|
|
|
20312
20364
|
}
|
|
20313
20365
|
|
|
20314
20366
|
// src/routes/admin-dashboard.ts
|
|
20315
|
-
var VERSION =
|
|
20367
|
+
var VERSION = chunkWDQZYCQO_cjs.getCoreVersion();
|
|
20316
20368
|
var router = new hono.Hono();
|
|
20317
|
-
router.use("*",
|
|
20369
|
+
router.use("*", chunkGIWIJNBH_cjs.requireAuth());
|
|
20318
20370
|
router.get("/", async (c) => {
|
|
20319
20371
|
const user = c.get("user");
|
|
20320
20372
|
try {
|
|
@@ -22094,7 +22146,7 @@ function renderCollectionFormPage(data) {
|
|
|
22094
22146
|
|
|
22095
22147
|
// src/routes/admin-collections.ts
|
|
22096
22148
|
var adminCollectionsRoutes = new hono.Hono();
|
|
22097
|
-
adminCollectionsRoutes.use("*",
|
|
22149
|
+
adminCollectionsRoutes.use("*", chunkGIWIJNBH_cjs.requireAuth());
|
|
22098
22150
|
adminCollectionsRoutes.get("/", async (c) => {
|
|
22099
22151
|
try {
|
|
22100
22152
|
const user = c.get("user");
|
|
@@ -24283,7 +24335,7 @@ function renderDatabaseToolsSettings(settings) {
|
|
|
24283
24335
|
|
|
24284
24336
|
// src/routes/admin-settings.ts
|
|
24285
24337
|
var adminSettingsRoutes = new hono.Hono();
|
|
24286
|
-
adminSettingsRoutes.use("*",
|
|
24338
|
+
adminSettingsRoutes.use("*", chunkGIWIJNBH_cjs.requireAuth());
|
|
24287
24339
|
function getMockSettings(user) {
|
|
24288
24340
|
return {
|
|
24289
24341
|
general: {
|
|
@@ -24451,7 +24503,7 @@ adminSettingsRoutes.get("/database-tools", (c) => {
|
|
|
24451
24503
|
adminSettingsRoutes.get("/api/migrations/status", async (c) => {
|
|
24452
24504
|
try {
|
|
24453
24505
|
const db = c.env.DB;
|
|
24454
|
-
const migrationService = new
|
|
24506
|
+
const migrationService = new chunkSKLRRFJJ_cjs.MigrationService(db);
|
|
24455
24507
|
const status = await migrationService.getMigrationStatus();
|
|
24456
24508
|
return c.json({
|
|
24457
24509
|
success: true,
|
|
@@ -24475,7 +24527,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
|
|
|
24475
24527
|
}, 403);
|
|
24476
24528
|
}
|
|
24477
24529
|
const db = c.env.DB;
|
|
24478
|
-
const migrationService = new
|
|
24530
|
+
const migrationService = new chunkSKLRRFJJ_cjs.MigrationService(db);
|
|
24479
24531
|
const result = await migrationService.runPendingMigrations();
|
|
24480
24532
|
return c.json({
|
|
24481
24533
|
success: result.success,
|
|
@@ -24493,7 +24545,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
|
|
|
24493
24545
|
adminSettingsRoutes.get("/api/migrations/validate", async (c) => {
|
|
24494
24546
|
try {
|
|
24495
24547
|
const db = c.env.DB;
|
|
24496
|
-
const migrationService = new
|
|
24548
|
+
const migrationService = new chunkSKLRRFJJ_cjs.MigrationService(db);
|
|
24497
24549
|
const validation = await migrationService.validateSchema();
|
|
24498
24550
|
return c.json({
|
|
24499
24551
|
success: true,
|
|
@@ -26371,7 +26423,7 @@ function renderFormCreatePage(data) {
|
|
|
26371
26423
|
|
|
26372
26424
|
// src/routes/admin-forms.ts
|
|
26373
26425
|
var adminFormsRoutes = new hono.Hono();
|
|
26374
|
-
adminFormsRoutes.use("*",
|
|
26426
|
+
adminFormsRoutes.use("*", chunkGIWIJNBH_cjs.requireAuth());
|
|
26375
26427
|
adminFormsRoutes.get("/", async (c) => {
|
|
26376
26428
|
try {
|
|
26377
26429
|
const user = c.get("user");
|
|
@@ -27501,9 +27553,9 @@ function renderAPIReferencePage(data) {
|
|
|
27501
27553
|
}
|
|
27502
27554
|
|
|
27503
27555
|
// src/routes/admin-api-reference.ts
|
|
27504
|
-
var VERSION2 =
|
|
27556
|
+
var VERSION2 = chunkWDQZYCQO_cjs.getCoreVersion();
|
|
27505
27557
|
var router2 = new hono.Hono();
|
|
27506
|
-
router2.use("*",
|
|
27558
|
+
router2.use("*", chunkGIWIJNBH_cjs.requireAuth());
|
|
27507
27559
|
var apiEndpoints = [
|
|
27508
27560
|
// Auth endpoints
|
|
27509
27561
|
{
|
|
@@ -27784,5 +27836,5 @@ exports.router = router;
|
|
|
27784
27836
|
exports.router2 = router2;
|
|
27785
27837
|
exports.test_cleanup_default = test_cleanup_default;
|
|
27786
27838
|
exports.userRoutes = userRoutes;
|
|
27787
|
-
//# sourceMappingURL=chunk-
|
|
27788
|
-
//# sourceMappingURL=chunk-
|
|
27839
|
+
//# sourceMappingURL=chunk-JVRRG36J.cjs.map
|
|
27840
|
+
//# sourceMappingURL=chunk-JVRRG36J.cjs.map
|