npm - @wecode-team/cms-supabase-api - Versions diffs - 0.1.47 → 0.1.49 - Mend

@wecode-team/cms-supabase-api 0.1.47 → 0.1.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/config/feishu-alert.d.ts +4 -0
package/dist/handlers/auth.d.ts +30 -0
package/dist/index.d.ts +4 -2
package/dist/index.esm.js +543 -443
package/dist/index.esm.js.map +1 -1
package/dist/index.js +545 -445
package/dist/index.js.map +1 -1
package/dist/types/index.d.ts +2 -1
package/dist/utils/admin-registry.d.ts +5 -0
package/dist/utils/feishu-alert.d.ts +13 -0
package/dist/utils/route-helpers.d.ts +0 -1
package/package.json +2 -1
package/supabase-setup.sql +1 -26
package/dist/handlers/analytics.d.ts +0 -11
package/dist/handlers/configs.d.ts +0 -23

package/dist/index.js CHANGED Viewed

@@ -1,6 +1,7 @@
 'use strict';
 var supabaseJs = require('@supabase/supabase-js');
+var emailVerify = require('@wecode-team/email-verify');
 var jwt = require('jsonwebtoken');
 var bcrypt = require('bcryptjs');
@@ -695,6 +696,10 @@ function getSupabaseSetupSQL() {
   return "-- Supabase Setup SQL for we0-cms-supabase-hono-api\n-- \u8BF7\u5728 Supabase SQL \u7F16\u8F91\u5668\u4E2D\u6267\u884C\u4EE5\u4E0B\u5B8C\u6574\u811A\u672C\n\n-- Function to execute SQL queries\nCREATE OR REPLACE FUNCTION execute_sql(sql_query text)\nRETURNS json\nLANGUAGE plpgsql\nSECURITY DEFINER\nAS $$\nDECLARE\n  result json;\n  row_count integer;\nBEGIN\n  EXECUTE sql_query;\n  GET DIAGNOSTICS row_count = ROW_COUNT;\n  RETURN json_build_object('success', true, 'rows_affected', row_count);\nEXCEPTION\n  WHEN OTHERS THEN\n    RETURN json_build_object('success', false, 'error', SQLERRM);\nEND;\n$$;\n\n-- Function to execute SQL with parameters (simplified version)\nCREATE OR REPLACE FUNCTION execute_sql_with_params(sql_query text, params json)\nRETURNS json\nLANGUAGE plpgsql\nSECURITY DEFINER\nAS $$\nDECLARE\n  result json;\n  row_count integer;\nBEGIN\n  -- Note: This is a simplified version for basic use cases\n  -- In production, you might want more sophisticated parameter binding\n  EXECUTE sql_query;\n  GET DIAGNOSTICS row_count = ROW_COUNT;\n  RETURN json_build_object('success', true, 'rows_affected', row_count);\nEXCEPTION\n  WHEN OTHERS THEN\n    RETURN json_build_object('success', false, 'error', SQLERRM);\nEND;\n$$;\n\n-- Function to check if table exists\nCREATE OR REPLACE FUNCTION check_table_exists(input_table_name text)\nRETURNS boolean\nLANGUAGE plpgsql\nSECURITY DEFINER\nAS $$\nBEGIN\n  RETURN EXISTS (\n    SELECT 1 FROM information_schema.tables\n    WHERE table_schema = 'public' \n    AND table_name = input_table_name\n  );\nEND;\n$$;\n\n-- Function to get table structure\nCREATE OR REPLACE FUNCTION get_table_structure(table_name text)\nRETURNS json\nLANGUAGE plpgsql\nSECURITY DEFINER\nAS $$\nDECLARE\n  result json;\nBEGIN\n  SELECT json_agg(\n    json_build_object(\n      'column_name', column_name,\n      'data_type', data_type,\n      'is_nullable', is_nullable,\n      'column_default', column_default,\n      'character_maximum_length', character_maximum_length\n    )\n  ) INTO result\n  FROM information_schema.columns\n  WHERE table_schema = 'public' AND table_name = $1\n  ORDER BY ordinal_position;\n  \n  RETURN COALESCE(result, '[]'::json);\nEND;\n$$;\n\n-- Function to create CMS models table if not exists\nCREATE OR REPLACE FUNCTION create_cms_models_table_if_not_exists()\nRETURNS json\nLANGUAGE plpgsql\nSECURITY DEFINER\nAS $$\nBEGIN\n  -- Create the CMS models table\n  CREATE TABLE IF NOT EXISTS \"_cms_models\" (\n    id SERIAL PRIMARY KEY,\n    name VARCHAR(100) NOT NULL,\n    table_name VARCHAR(100) NOT NULL UNIQUE,\n    json_schema JSONB NOT NULL,\n    created_at TIMESTAMPTZ DEFAULT NOW(),\n    updated_at TIMESTAMPTZ DEFAULT NOW()\n  );\n  \n  -- Create or replace the trigger function for updating timestamps\n  CREATE OR REPLACE FUNCTION update_updated_at_column()\n  RETURNS TRIGGER AS $trigger$\n  BEGIN\n    NEW.updated_at = NOW();\n    RETURN NEW;\n  END;\n  $trigger$ language 'plpgsql';\n  \n  -- Drop existing trigger if it exists and create new one\n  DROP TRIGGER IF EXISTS update_cms_models_updated_at ON \"_cms_models\";\n  CREATE TRIGGER update_cms_models_updated_at\n    BEFORE UPDATE ON \"_cms_models\"\n    FOR EACH ROW\n    EXECUTE FUNCTION update_updated_at_column();\n    \n  RETURN json_build_object('success', true, 'message', 'CMS models table created successfully');\nEXCEPTION\n  WHEN OTHERS THEN\n    RETURN json_build_object('success', false, 'error', SQLERRM);\nEND;\n$$;\n\n-- Initialize the CMS models table\nSELECT create_cms_models_table_if_not_exists();\n\n-- Grant necessary permissions (adjust as needed for your security requirements)\n-- Note: Be careful with these permissions in production\nGRANT USAGE ON SCHEMA public TO anon, authenticated;\nGRANT ALL ON ALL TABLES IN SCHEMA public TO anon, authenticated;\nGRANT ALL ON ALL SEQUENCES IN SCHEMA public TO anon, authenticated;\nGRANT ALL ON ALL FUNCTIONS IN SCHEMA public TO anon, authenticated;\n\n-- Create RLS policies for the CMS models table (optional, adjust as needed)\nALTER TABLE \"_cms_models\" ENABLE ROW LEVEL SECURITY;\n\n-- Allow all operations for all users (development environment)\nCREATE POLICY \"Allow all operations\" ON \"_cms_models\"\n  FOR ALL USING (true);\n\nCOMMENT ON TABLE \"_cms_models\" IS 'CMS models configuration table for we0-cms-supabase-hono-api';\nCOMMENT ON FUNCTION execute_sql(text) IS 'Execute SQL queries for dynamic table management';\nCOMMENT ON FUNCTION check_table_exists(text) IS 'Check if a table exists in the public schema';\nCOMMENT ON FUNCTION get_table_structure(text) IS 'Get the structure of a table';";
 }
+var feishuAlertConfig = {
+  crudErrorWebhookUrls: ["https://open.feishu.cn/open-apis/bot/v2/hook/784e9470-c1fd-4e38-97a2-b9a1856c00b1"]
+};
 function _classCallCheck(a, n) {
   if (!(a instanceof n)) throw new TypeError("Cannot call a class as a function");
 }
@@ -1029,8 +1034,8 @@ function _defineProperty(e, r, t) {
   }) : e[r] = t, e;
 }
-function ownKeys$5(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
-function _objectSpread$5(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$5(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$5(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
+function ownKeys$3(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
+function _objectSpread$3(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$3(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$3(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
 function _createForOfIteratorHelper$2(r, e) { var t = "undefined" != typeof Symbol && r[Symbol.iterator] || r["@@iterator"]; if (!t) { if (Array.isArray(r) || (t = _unsupportedIterableToArray$3(r)) || e && r && "number" == typeof r.length) { t && (r = t); var _n = 0, F = function F() {}; return { s: F, n: function n() { return _n >= r.length ? { done: !0 } : { done: !1, value: r[_n++] }; }, e: function e(r) { throw r; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var o, a = !0, u = !1; return { s: function s() { t = t.call(r); }, n: function n() { var r = t.next(); return a = r.done, r; }, e: function e(r) { u = !0, o = r; }, f: function f() { try { a || null == t["return"] || t["return"](); } finally { if (u) throw o; } } }; }
 function _unsupportedIterableToArray$3(r, a) { if (r) { if ("string" == typeof r) return _arrayLikeToArray$3(r, a); var t = {}.toString.call(r).slice(8, -1); return "Object" === t && r.constructor && (t = r.constructor.name), "Map" === t || "Set" === t ? Array.from(r) : "Arguments" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? _arrayLikeToArray$3(r, a) : void 0; } }
 function _arrayLikeToArray$3(r, a) { (null == a || a > r.length) && (a = r.length); for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e]; return n; }
@@ -1038,6 +1043,7 @@ function _arrayLikeToArray$3(r, a) { (null == a || a > r.length) && (a = r.lengt
 var fieldTypeMapping = {
   string: "text",
   text: "text",
+  richText: "text",
   integer: "int4",
   "float": "float8",
   "boolean": "bool",
@@ -2085,7 +2091,7 @@ var DynamicTableService = /*#__PURE__*/function () {
               throw error;
             case 2:
               return _context14.abrupt("return", (data || []).map(function (item) {
-                return _objectSpread$5({
+                return _objectSpread$3({
                   id: item.id,
                   label: item[displayField] || "ID: ".concat(item.id)
                 }, item);
@@ -2198,8 +2204,8 @@ function getDynamicTableService() {
   return defaultService$1;
 }
-function ownKeys$4(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
-function _objectSpread$4(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$4(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$4(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
+function ownKeys$2(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
+function _objectSpread$2(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$2(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$2(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
 var AuthService = /*#__PURE__*/function () {
   function AuthService() {
     _classCallCheck(this, AuthService);
@@ -2376,7 +2382,7 @@ var AuthService = /*#__PURE__*/function () {
         return _regeneratorRuntime.wrap(function (_context4) {
           while (1) switch (_context4.prev = _context4.next) {
             case 0:
-              finalUserData = _objectSpread$4({
+              finalUserData = _objectSpread$2({
                 tableName: this.defaultTableName
               }, userData);
               _context4.prev = 1;
@@ -2434,7 +2440,7 @@ var AuthService = /*#__PURE__*/function () {
             case 0:
               updateData = _args5.length > 1 && _args5[1] !== undefined ? _args5[1] : {};
               // 设置默认值
-              finalUpdateData = _objectSpread$4({
+              finalUpdateData = _objectSpread$2({
                 tableName: this.defaultTableName
               }, updateData);
               _context5.prev = 1;
@@ -2842,8 +2848,8 @@ function _toConsumableArray(r) {
   return _arrayWithoutHoles(r) || _iterableToArray(r) || _unsupportedIterableToArray$2(r) || _nonIterableSpread();
 }
-function ownKeys$3(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
-function _objectSpread$3(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$3(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$3(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
+function ownKeys$1(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
+function _objectSpread$1(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$1(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$1(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
 function _callSuper$1(t, o, e) { return o = _getPrototypeOf(o), _possibleConstructorReturn(t, _isNativeReflectConstruct$1() ? Reflect.construct(o, e || [], _getPrototypeOf(t).constructor) : o.apply(t, e)); }
 function _isNativeReflectConstruct$1() { try { var t = !Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); } catch (t) {} return (_isNativeReflectConstruct$1 = function _isNativeReflectConstruct() { return !!t; })(); }
 // src/error.ts
@@ -3371,7 +3377,7 @@ var DEFAULT_LIMITS = {
   other: 10 * 1024 * 1024
 };
 function getSizeLimit(fileName, limits) {
-  var merged = _objectSpread$3(_objectSpread$3({}, DEFAULT_LIMITS), limits);
+  var merged = _objectSpread$1(_objectSpread$1({}, DEFAULT_LIMITS), limits);
   if (isImage(fileName)) return merged.image;
   if (isVideo(fileName)) return merged.video;
   return merged.other;
@@ -3399,7 +3405,7 @@ function _compressImageBlob() {
     return _regeneratorRuntime.wrap(function (_context10) {
       while (1) switch (_context10.prev = _context10.next) {
         case 0:
-          opts = _objectSpread$3(_objectSpread$3({}, DEFAULT_COMPRESS), options);
+          opts = _objectSpread$1(_objectSpread$1({}, DEFAULT_COMPRESS), options);
           if (!(typeof createImageBitmap === "undefined" || typeof OffscreenCanvas === "undefined")) {
             _context10.next = 1;
             break;
@@ -3465,7 +3471,7 @@ function _processFile() {
     return _regeneratorRuntime.wrap(function (_context11) {
       while (1) switch (_context11.prev = _context11.next) {
         case 0:
-          opts = _objectSpread$3(_objectSpread$3({}, DEFAULT_COMPRESS), compress);
+          opts = _objectSpread$1(_objectSpread$1({}, DEFAULT_COMPRESS), compress);
           if (!(opts.enabled && isImage(fileName))) {
             _context11.next = 2;
             break;
@@ -3529,7 +3535,7 @@ function createOssClient() {
   var allowedExtensions = options.allowedExtensions;
   function mergeRetry(override) {
     if (!defaultRetry && !override) return void 0;
-    return _objectSpread$3(_objectSpread$3({}, defaultRetry), override);
+    return _objectSpread$1(_objectSpread$1({}, defaultRetry), override);
   }
   function resolveCompress(override) {
     if (override === false) return {
@@ -3539,7 +3545,7 @@ function createOssClient() {
       enabled: false
     };
     var base = _typeof$1(defaultCompress) === "object" ? defaultCompress : {};
-    return override ? _objectSpread$3(_objectSpread$3({}, base), override) : Object.keys(base).length ? base : void 0;
+    return override ? _objectSpread$1(_objectSpread$1({}, base), override) : Object.keys(base).length ? base : void 0;
   }
   function uploadOne(_x25, _x26, _x27, _x28) {
     return _uploadOne.apply(this, arguments);
@@ -3625,7 +3631,7 @@ function createOssClient() {
                     var i = index++;
                     var item = files[i];
                     running++;
-                    var fileOpts = _objectSpread$3({
+                    var fileOpts = _objectSpread$1({
                       retry: opts === null || opts === void 0 ? void 0 : opts.retry,
                       compress: opts === null || opts === void 0 ? void 0 : opts.compress
                     }, item.options);
@@ -4041,12 +4047,12 @@ function _getSessionAdminRow() {
   }));
   return _getSessionAdminRow.apply(this, arguments);
 }
-function isUserSessionAdmin(_x4, _x5, _x6) {
-  return _isUserSessionAdmin.apply(this, arguments);
+function getSessionAdminRowByEmail(_x4, _x5, _x6) {
+  return _getSessionAdminRowByEmail.apply(this, arguments);
 }
-function _isUserSessionAdmin() {
-  _isUserSessionAdmin = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee3(supabase, sessionId, userId) {
-    var row;
+function _getSessionAdminRowByEmail() {
+  _getSessionAdminRowByEmail = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee3(supabase, sessionId, email) {
+    var row, normalizedEmail, rowEmail;
     return _regeneratorRuntime.wrap(function (_context3) {
       while (1) switch (_context3.prev = _context3.next) {
         case 0:
@@ -4058,18 +4064,189 @@ function _isUserSessionAdmin() {
             _context3.next = 2;
             break;
           }
-          return _context3.abrupt("return", false);
+          return _context3.abrupt("return", null);
         case 2:
-          return _context3.abrupt("return", row.user_id === userId);
+          normalizedEmail = (email || "").trim().toLowerCase();
+          rowEmail = (row.email || "").trim().toLowerCase();
+          if (!(!normalizedEmail || rowEmail !== normalizedEmail)) {
+            _context3.next = 3;
+            break;
+          }
+          return _context3.abrupt("return", null);
         case 3:
+          return _context3.abrupt("return", row);
+        case 4:
         case "end":
           return _context3.stop();
       }
     }, _callee3);
   }));
+  return _getSessionAdminRowByEmail.apply(this, arguments);
+}
+function isUserSessionAdmin(_x7, _x8, _x9) {
+  return _isUserSessionAdmin.apply(this, arguments);
+}
+function _isUserSessionAdmin() {
+  _isUserSessionAdmin = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee4(supabase, sessionId, userId) {
+    var row;
+    return _regeneratorRuntime.wrap(function (_context4) {
+      while (1) switch (_context4.prev = _context4.next) {
+        case 0:
+          _context4.next = 1;
+          return getSessionAdminRow(supabase, sessionId);
+        case 1:
+          row = _context4.sent;
+          if (row) {
+            _context4.next = 2;
+            break;
+          }
+          return _context4.abrupt("return", false);
+        case 2:
+          return _context4.abrupt("return", row.user_id === userId);
+        case 3:
+        case "end":
+          return _context4.stop();
+      }
+    }, _callee4);
+  }));
   return _isUserSessionAdmin.apply(this, arguments);
 }
+var ACTION_LABELS = {
+  create: "创建",
+  read: "查询",
+  update: "更新",
+  "delete": "删除"
+};
+var TARGET_LABELS = {
+  data: "数据",
+  model: "模型"
+};
+function getWebhookUrls() {
+  return feishuAlertConfig.crudErrorWebhookUrls.map(function (item) {
+    return item.trim();
+  }).filter(Boolean);
+}
+function getErrorMessage(error) {
+  if (error instanceof Error) {
+    return error.message;
+  }
+  return String(error);
+}
+function getErrorStack(error) {
+  if (error instanceof Error) {
+    return error.stack || "";
+  }
+  return "";
+}
+function buildRequestSummary(c) {
+  var url = new URL(c.req.url);
+  return ["method: ".concat(c.req.method), "path: ".concat(url.pathname), "query: ".concat(url.search || "-"), "userAgent: ".concat(c.req.header("user-agent") || "-")].join("\n");
+}
+function getSessionId(c) {
+  return c.req.header("X-Session-Id") || c.req.header("x-session-id") || "-";
+}
+function buildAlertText(c, options) {
+  var _options$modelId, _options$recordId;
+  var actionLabel = ACTION_LABELS[options.action];
+  var targetLabel = TARGET_LABELS[options.target];
+  var lines = ["\u5305\u540D: @wecode-team/cms-supabase-api", "\u5BBF\u4E3B\u9879\u76EE\u6807\u8BC6(sessionId): ".concat(getSessionId(c)), "\u64CD\u4F5C\u5BF9\u8C61: ".concat(targetLabel), "\u64CD\u4F5C\u7C7B\u578B: ".concat(actionLabel), "\u6570\u636E\u8868\u540D: ".concat(options.tableName || "-"), "\u6A21\u578B ID: ".concat((_options$modelId = options.modelId) !== null && _options$modelId !== void 0 ? _options$modelId : "-"), "\u8BB0\u5F55 ID: ".concat((_options$recordId = options.recordId) !== null && _options$recordId !== void 0 ? _options$recordId : "-"), "\u65F6\u95F4: ".concat(new Date().toISOString()), "\u9519\u8BEF\u4FE1\u606F: ".concat(getErrorMessage(options.error)), "\u8BF7\u6C42\u4FE1\u606F:\n".concat(buildRequestSummary(c))];
+  var stack = getErrorStack(options.error);
+  if (stack) {
+    lines.push("\u9519\u8BEF\u5806\u6808:\n".concat(stack));
+  }
+  return lines.join("\n\n");
+}
+function postWebhook(_x, _x2) {
+  return _postWebhook.apply(this, arguments);
+}
+function _postWebhook() {
+  _postWebhook = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee(webhook, body) {
+    var response;
+    return _regeneratorRuntime.wrap(function (_context) {
+      while (1) switch (_context.prev = _context.next) {
+        case 0:
+          _context.next = 1;
+          return fetch(webhook, {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/json"
+            },
+            body: JSON.stringify(body)
+          });
+        case 1:
+          response = _context.sent;
+          if (response.ok) {
+            _context.next = 2;
+            break;
+          }
+          throw new Error("\u98DE\u4E66\u62A5\u8B66\u53D1\u9001\u5931\u8D25: ".concat(response.status, " ").concat(response.statusText));
+        case 2:
+        case "end":
+          return _context.stop();
+      }
+    }, _callee);
+  }));
+  return _postWebhook.apply(this, arguments);
+}
+function notifyCmsCrudErrorToFeishu(_x3, _x4) {
+  return _notifyCmsCrudErrorToFeishu.apply(this, arguments);
+}
+function _notifyCmsCrudErrorToFeishu() {
+  _notifyCmsCrudErrorToFeishu = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee2(c, options) {
+    var webhookUrls, body, results, failed;
+    return _regeneratorRuntime.wrap(function (_context2) {
+      while (1) switch (_context2.prev = _context2.next) {
+        case 0:
+          webhookUrls = getWebhookUrls();
+          if (!(webhookUrls.length === 0)) {
+            _context2.next = 1;
+            break;
+          }
+          return _context2.abrupt("return");
+        case 1:
+          body = {
+            msg_type: "post",
+            content: {
+              post: {
+                zh_cn: {
+                  title: "[cms-supabase-api] ".concat(TARGET_LABELS[options.target]).concat(ACTION_LABELS[options.action], "\u5F02\u5E38"),
+                  content: [[{
+                    tag: "text",
+                    text: buildAlertText(c, options)
+                  }]]
+                }
+              }
+            }
+          };
+          _context2.next = 2;
+          return Promise.allSettled(webhookUrls.map(function (url) {
+            return postWebhook(url, body);
+          }));
+        case 2:
+          results = _context2.sent;
+          failed = results.find(function (result) {
+            return result.status === "rejected";
+          });
+          if (!((failed === null || failed === void 0 ? void 0 : failed.status) === "rejected")) {
+            _context2.next = 3;
+            break;
+          }
+          throw failed.reason;
+        case 3:
+        case "end":
+          return _context2.stop();
+      }
+    }, _callee2);
+  }));
+  return _notifyCmsCrudErrorToFeishu.apply(this, arguments);
+}
+function reportCmsCrudErrorToFeishu(c, options) {
+  void notifyCmsCrudErrorToFeishu(c, options)["catch"](function (feishuError) {
+    console.error("飞书报警发送失败:", feishuError);
+  });
+}
 function _createForOfIteratorHelper$1(r, e) { var t = "undefined" != typeof Symbol && r[Symbol.iterator] || r["@@iterator"]; if (!t) { if (Array.isArray(r) || (t = _unsupportedIterableToArray$1(r)) || e && r && "number" == typeof r.length) { t && (r = t); var _n = 0, F = function F() {}; return { s: F, n: function n() { return _n >= r.length ? { done: !0 } : { done: !1, value: r[_n++] }; }, e: function e(r) { throw r; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var o, a = !0, u = !1; return { s: function s() { t = t.call(r); }, n: function n() { var r = t.next(); return a = r.done, r; }, e: function e(r) { u = !0, o = r; }, f: function f() { try { a || null == t["return"] || t["return"](); } finally { if (u) throw o; } } }; }
 function _unsupportedIterableToArray$1(r, a) { if (r) { if ("string" == typeof r) return _arrayLikeToArray$1(r, a); var t = {}.toString.call(r).slice(8, -1); return "Object" === t && r.constructor && (t = r.constructor.name), "Map" === t || "Set" === t ? Array.from(r) : "Arguments" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? _arrayLikeToArray$1(r, a) : void 0; } }
 function _arrayLikeToArray$1(r, a) { (null == a || a > r.length) && (a = r.length); for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e]; return n; }
@@ -4371,6 +4548,11 @@ function _createModel() {
           _context3.prev = 15;
           _t3 = _context3["catch"](0);
           console.error("创建模型失败:", _t3);
+          reportCmsCrudErrorToFeishu(c, {
+            action: "create",
+            target: "model",
+            error: _t3
+          });
           _response9 = {
             success: false,
             message: "创建模型失败",
@@ -4462,6 +4644,11 @@ function _updateModel() {
           _context4.prev = 8;
           _t4 = _context4["catch"](0);
           console.error("更新模型失败:", _t4);
+          reportCmsCrudErrorToFeishu(c, {
+            action: "update",
+            target: "model",
+            error: _t4
+          });
           _response11 = {
             success: false,
             message: "更新模型失败",
@@ -4543,6 +4730,11 @@ function _deleteModel() {
           _context5.prev = 8;
           _t5 = _context5["catch"](0);
           console.error("删除模型失败:", _t5);
+          reportCmsCrudErrorToFeishu(c, {
+            action: "delete",
+            target: "model",
+            error: _t5
+          });
           _response15 = {
             success: false,
             message: "删除模型失败",
@@ -4604,8 +4796,8 @@ var _excluded = ["id", "created_at", "updated_at"],
 function _createForOfIteratorHelper(r, e) { var t = "undefined" != typeof Symbol && r[Symbol.iterator] || r["@@iterator"]; if (!t) { if (Array.isArray(r) || (t = _unsupportedIterableToArray(r)) || e && r && "number" == typeof r.length) { t && (r = t); var _n2 = 0, F = function F() {}; return { s: F, n: function n() { return _n2 >= r.length ? { done: !0 } : { done: !1, value: r[_n2++] }; }, e: function e(r) { throw r; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var o, a = !0, u = !1; return { s: function s() { t = t.call(r); }, n: function n() { var r = t.next(); return a = r.done, r; }, e: function e(r) { u = !0, o = r; }, f: function f() { try { a || null == t["return"] || t["return"](); } finally { if (u) throw o; } } }; }
 function _unsupportedIterableToArray(r, a) { if (r) { if ("string" == typeof r) return _arrayLikeToArray(r, a); var t = {}.toString.call(r).slice(8, -1); return "Object" === t && r.constructor && (t = r.constructor.name), "Map" === t || "Set" === t ? Array.from(r) : "Arguments" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? _arrayLikeToArray(r, a) : void 0; } }
 function _arrayLikeToArray(r, a) { (null == a || a > r.length) && (a = r.length); for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e]; return n; }
-function ownKeys$2(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
-function _objectSpread$2(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$2(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$2(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
+function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
+function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
 function normalizeJsonLikeFields(schemaFields, payload) {
   if (!schemaFields || schemaFields.length === 0) return payload;
   var jsonLikeFieldNames = new Set(schemaFields.filter(function (f) {
@@ -4614,7 +4806,7 @@ function normalizeJsonLikeFields(schemaFields, payload) {
     return f.name;
   }));
   if (jsonLikeFieldNames.size === 0) return payload;
-  var normalized = _objectSpread$2({}, payload);
+  var normalized = _objectSpread({}, payload);
   for (var _i = 0, _Object$entries = Object.entries(payload); _i < _Object$entries.length; _i++) {
     var _Object$entries$_i = _slicedToArray(_Object$entries[_i], 2),
       key = _Object$entries$_i[0],
@@ -4909,7 +5101,7 @@ function _getTableData() {
           }
           // 找到所有文本类型的字段
           searchableFields = schemaFields.filter(function (field) {
-            return field.type === 'string' || field.type === 'text';
+            return field.type === 'string' || field.type === 'text' || field.type === 'richText';
           }).map(function (field) {
             return field.name;
           });
@@ -4954,6 +5146,12 @@ function _getTableData() {
           _context.prev = 16;
           _t2 = _context["catch"](0);
           console.error("获取表数据失败:", _t2);
+          reportCmsCrudErrorToFeishu(c, {
+            action: "read",
+            target: "data",
+            tableName: tableName,
+            error: _t2
+          });
           _response3 = {
             success: false,
             message: "获取表数据失败",
@@ -5040,6 +5238,12 @@ function _createTableData() {
           _context2.prev = 8;
           _t4 = _context2["catch"](0);
           console.error("创建数据失败:", _t4);
+          reportCmsCrudErrorToFeishu(c, {
+            action: "create",
+            target: "data",
+            tableName: tableName,
+            error: _t4
+          });
           _response5 = {
             success: false,
             message: "创建数据失败",
@@ -5171,6 +5375,12 @@ function _updateTableData() {
           _context3.prev = 13;
           _t6 = _context3["catch"](0);
           console.error("更新数据失败:", _t6);
+          reportCmsCrudErrorToFeishu(c, {
+            action: "update",
+            target: "data",
+            tableName: tableName,
+            error: _t6
+          });
           _response1 = {
             success: false,
             message: "更新数据失败",
@@ -5254,6 +5464,12 @@ function _deleteTableData() {
           _context4.prev = 7;
           _t7 = _context4["catch"](0);
           console.error("删除数据失败:", _t7);
+          reportCmsCrudErrorToFeishu(c, {
+            action: "delete",
+            target: "data",
+            tableName: tableName,
+            error: _t7
+          });
           _response13 = {
             success: false,
             message: "删除数据失败",
@@ -5710,8 +5926,6 @@ var AuthUtils = /*#__PURE__*/function () {
   }]);
 }();
-function ownKeys$1(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
-function _objectSpread$1(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$1(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$1(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
 function getRoleFromSupabaseUser$2(user) {
   var _user$app_metadata, _user$user_metadata;
   var appRole = user === null || user === void 0 || (_user$app_metadata = user.app_metadata) === null || _user$app_metadata === void 0 ? void 0 : _user$app_metadata.role;
@@ -5721,10 +5935,46 @@ function getRoleFromSupabaseUser$2(user) {
 function getAdminRegistrySetupSQL() {
   return "-- Create admin registry table (run in Supabase SQL editor)\nCREATE TABLE IF NOT EXISTS \"_cms_admin_registry\" (\n  session_id TEXT PRIMARY KEY,\n  user_id UUID NOT NULL,\n  email TEXT,\n  created_at TIMESTAMPTZ DEFAULT NOW()\n);\n\nALTER TABLE \"_cms_admin_registry\" ENABLE ROW LEVEL SECURITY;\nDROP POLICY IF EXISTS \"Allow all operations\" ON \"_cms_admin_registry\";\nCREATE POLICY \"Allow all operations\" ON \"_cms_admin_registry\"\n  FOR ALL USING (true) WITH CHECK (true);";
 }
-function isSupabaseUserAlreadyExistsError(error) {
-  var msg = String((error === null || error === void 0 ? void 0 : error.message) || "").toLowerCase();
-  // 兼容不同 Supabase 文案
-  return msg.includes("already registered") || msg.includes("already exists") || msg.includes("user already") || msg.includes("email address") && msg.includes("already");
+function isEmailLike(value) {
+  return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(value.trim());
+}
+var PASSWORD_RESET_MESSAGES = {
+  "zh-CN": {
+    emailRequired: "邮箱不能为空",
+    emailInvalid: "请输入邮箱格式的用户名",
+    codeRequired: "验证码不能为空",
+    passwordTooShort: "新密码至少需要 6 位",
+    codeSent: "如果账号存在，验证码已发送",
+    codeSendFailed: "发送重置密码验证码失败",
+    codeSendRetry: "验证码发送失败，请稍后重试",
+    userNotFound: "验证码无效或账号不存在",
+    codeInvalidOrExpired: "验证码无效或已过期",
+    resetSuccess: "密码已重置，请重新登录",
+    resetFailed: "重置密码失败"
+  },
+  "en-US": {
+    emailRequired: "Email is required",
+    emailInvalid: "Please enter a valid email address",
+    codeRequired: "Verification code is required",
+    passwordTooShort: "New password must be at least 6 characters",
+    codeSent: "If the account exists, a verification code has been sent",
+    codeSendFailed: "Failed to send password reset code",
+    codeSendRetry: "Failed to send verification code. Please try again later",
+    userNotFound: "Invalid code or account not found",
+    codeInvalidOrExpired: "Invalid or expired verification code",
+    resetSuccess: "Password has been reset. Please log in again",
+    resetFailed: "Failed to reset password"
+  }
+};
+function getLocaleFromRequest(c) {
+  var raw = (c.req.header("accept-language") || c.req.header("Accept-Language") || "").toLowerCase();
+  if (raw.includes("en")) {
+    return "en-US";
+  }
+  return "zh-CN";
+}
+function getPasswordResetMessages(c) {
+  return PASSWORD_RESET_MESSAGES[getLocaleFromRequest(c)];
 }
 function toSupabaseEmail(account, sessionId) {
   // 简单规则：`{session_id}_{邮箱前缀}@{邮箱后缀}`
@@ -5736,168 +5986,235 @@ function toSupabaseEmail(account, sessionId) {
   var sid = normalizeSessionId(sessionId);
   return "".concat(sid, "_").concat(localPart, "@").concat(domain);
 }
-function buildAdminMetadata(existingMetadata, sessionId, account) {
-  return _objectSpread$1(_objectSpread$1({}, existingMetadata || {}), {}, {
-    role: "admin",
-    session_id: normalizeSessionId(sessionId),
-    original_username: account
-  });
+function isEmailVerifyError(error) {
+  var name = String((error === null || error === void 0 ? void 0 : error.name) || "");
+  return name === "EmailVerifyError";
 }
-function findAuthUserByEmail(_x, _x2) {
-  return _findAuthUserByEmail.apply(this, arguments);
+// POST - 发送重置密码验证码
+function forgotPassword(_x, _x2) {
+  return _forgotPassword.apply(this, arguments);
 }
-function _findAuthUserByEmail() {
-  _findAuthUserByEmail = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee2(supabase, email) {
-    var normalizedEmail, page, _yield$supabase$auth$2, data, error, users, matchedUser;
+// POST - 通过邮箱验证码重置密码
+function _forgotPassword() {
+  _forgotPassword = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee2(c, tableName) {
+    var _body$username, i18n, body, account, supabase, sessionId, adminRow, _i18n, _t3;
     return _regeneratorRuntime.wrap(function (_context2) {
       while (1) switch (_context2.prev = _context2.next) {
         case 0:
-          normalizedEmail = email.trim().toLowerCase();
-          page = 1;
+          _context2.prev = 0;
+          i18n = getPasswordResetMessages(c);
+          _context2.next = 1;
+          return c.req.json();
         case 1:
-          if (!(page <= 10)) {
-            _context2.next = 6;
+          body = _context2.sent;
+          account = (_body$username = body.username) === null || _body$username === void 0 ? void 0 : _body$username.trim();
+          if (account) {
+            _context2.next = 2;
             break;
           }
-          _context2.next = 2;
-          return supabase.auth.admin.listUsers({
-            page: page,
-            perPage: 200
-          });
+          return _context2.abrupt("return", c.json({
+            success: false,
+            message: i18n.emailRequired
+          }, 200));
         case 2:
-          _yield$supabase$auth$2 = _context2.sent;
-          data = _yield$supabase$auth$2.data;
-          error = _yield$supabase$auth$2.error;
-          if (!error) {
+          if (isEmailLike(account)) {
             _context2.next = 3;
             break;
           }
-          throw error;
+          return _context2.abrupt("return", c.json({
+            success: false,
+            message: i18n.emailInvalid
+          }, 200));
         case 3:
-          users = (data === null || data === void 0 ? void 0 : data.users) || [];
-          matchedUser = users.find(function (user) {
-            var _user$email;
-            return ((_user$email = user.email) === null || _user$email === void 0 ? void 0 : _user$email.trim().toLowerCase()) === normalizedEmail;
-          });
-          if (!matchedUser) {
-            _context2.next = 4;
-            break;
-          }
-          return _context2.abrupt("return", matchedUser);
+          supabase = getSupabase();
+          sessionId = extractSessionIdFromAuthTableName(tableName);
+          _context2.next = 4;
+          return getSessionAdminRowByEmail(supabase, sessionId, account);
         case 4:
-          if (!(users.length < 200)) {
+          adminRow = _context2.sent;
+          if (adminRow !== null && adminRow !== void 0 && adminRow.user_id) {
             _context2.next = 5;
             break;
           }
-          return _context2.abrupt("return", null);
+          return _context2.abrupt("return", c.json({
+            success: true,
+            message: i18n.codeSent
+          }, 200));
         case 5:
-          page += 1;
-          _context2.next = 1;
-          break;
+          _context2.next = 6;
+          return emailVerify.sendCode(account);
         case 6:
-          return _context2.abrupt("return", null);
+          return _context2.abrupt("return", c.json({
+            success: true,
+            message: i18n.codeSent
+          }, 200));
         case 7:
+          _context2.prev = 7;
+          _t3 = _context2["catch"](0);
+          console.error("发送重置密码验证码失败:", _t3);
+          _i18n = getPasswordResetMessages(c);
+          return _context2.abrupt("return", c.json({
+            success: false,
+            message: isEmailVerifyError(_t3) ? _i18n.codeSendRetry : _i18n.codeSendFailed,
+            error: _t3.message
+          }, 500));
+        case 8:
         case "end":
           return _context2.stop();
       }
-    }, _callee2);
+    }, _callee2, null, [[0, 7]]);
   }));
-  return _findAuthUserByEmail.apply(this, arguments);
+  return _forgotPassword.apply(this, arguments);
 }
-function insertAdminRegistryRow(_x3, _x4, _x5, _x6) {
-  return _insertAdminRegistryRow.apply(this, arguments);
+function resetPassword(_x3, _x4) {
+  return _resetPassword.apply(this, arguments);
 }
-function _insertAdminRegistryRow() {
-  _insertAdminRegistryRow = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee3(supabase, sessionId, userId, account) {
+function _resetPassword() {
+  _resetPassword = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee3(c, tableName) {
+    var _body$username2, _body$code, i18n, body, account, code, password, supabase, sessionId, adminRow, verifyResult, _yield$supabase$auth$2, updateError, _i18n2, _t4;
     return _regeneratorRuntime.wrap(function (_context3) {
       while (1) switch (_context3.prev = _context3.next) {
         case 0:
+          _context3.prev = 0;
+          i18n = getPasswordResetMessages(c);
           _context3.next = 1;
-          return supabase.from("_cms_admin_registry").insert({
-            session_id: normalizeSessionId(sessionId),
-            user_id: userId,
-            email: account
-          });
-        case 1:
-          return _context3.abrupt("return", _context3.sent);
-        case 2:
-        case "end":
-          return _context3.stop();
-      }
-    }, _callee3);
-  }));
-  return _insertAdminRegistryRow.apply(this, arguments);
-}
-function promoteExistingUserToSessionAdmin(_x7, _x8, _x9, _x0) {
-  return _promoteExistingUserToSessionAdmin.apply(this, arguments);
-}
-function _promoteExistingUserToSessionAdmin() {
-  _promoteExistingUserToSessionAdmin = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee4(supabase, email, sessionId, account) {
-    var existingUser, _yield$supabase$auth$3, updatedData, updateError, insertRes;
-    return _regeneratorRuntime.wrap(function (_context4) {
-      while (1) switch (_context4.prev = _context4.next) {
-        case 0:
-          _context4.next = 1;
-          return findAuthUserByEmail(supabase, email);
+          return c.req.json();
         case 1:
-          existingUser = _context4.sent;
-          if (existingUser) {
-            _context4.next = 2;
+          body = _context3.sent;
+          account = (_body$username2 = body.username) === null || _body$username2 === void 0 ? void 0 : _body$username2.trim();
+          code = (_body$code = body.code) === null || _body$code === void 0 ? void 0 : _body$code.trim();
+          password = body.password;
+          if (account) {
+            _context3.next = 2;
             break;
           }
-          return _context4.abrupt("return", {
+          return _context3.abrupt("return", c.json({
             success: false,
-            message: "用户名已存在，但未能找到对应用户"
-          });
+            message: i18n.emailRequired
+          }, 200));
         case 2:
-          _context4.next = 3;
-          return supabase.auth.admin.updateUserById(existingUser.id, {
-            app_metadata: buildAdminMetadata(existingUser.app_metadata, sessionId, account),
-            user_metadata: buildAdminMetadata(existingUser.user_metadata, sessionId, account)
-          });
+          if (isEmailLike(account)) {
+            _context3.next = 3;
+            break;
+          }
+          return _context3.abrupt("return", c.json({
+            success: false,
+            message: i18n.emailInvalid
+          }, 200));
         case 3:
-          _yield$supabase$auth$3 = _context4.sent;
-          updatedData = _yield$supabase$auth$3.data;
-          updateError = _yield$supabase$auth$3.error;
-          if (!(updateError || !(updatedData !== null && updatedData !== void 0 && updatedData.user))) {
-            _context4.next = 4;
+          if (code) {
+            _context3.next = 4;
             break;
           }
-          return _context4.abrupt("return", {
+          return _context3.abrupt("return", c.json({
             success: false,
-            message: (updateError === null || updateError === void 0 ? void 0 : updateError.message) || "管理员账号升级失败"
-          });
+            message: i18n.codeRequired
+          }, 200));
         case 4:
-          _context4.next = 5;
-          return insertAdminRegistryRow(supabase, sessionId, updatedData.user.id, account);
+          if (!(!password || password.length < 6)) {
+            _context3.next = 5;
+            break;
+          }
+          return _context3.abrupt("return", c.json({
+            success: false,
+            message: i18n.passwordTooShort
+          }, 200));
         case 5:
-          insertRes = _context4.sent;
-          if (!insertRes.error) {
-            _context4.next = 6;
+          supabase = getSupabase();
+          sessionId = extractSessionIdFromAuthTableName(tableName);
+          _context3.next = 6;
+          return getSessionAdminRowByEmail(supabase, sessionId, account);
+        case 6:
+          adminRow = _context3.sent;
+          if (adminRow !== null && adminRow !== void 0 && adminRow.user_id) {
+            _context3.next = 7;
             break;
           }
-          return _context4.abrupt("return", {
+          return _context3.abrupt("return", c.json({
             success: false,
-            message: "管理员已被创建，请使用已有账号登录"
+            message: i18n.userNotFound
+          }, 200));
+        case 7:
+          _context3.next = 8;
+          return emailVerify.verifyCode(account, code);
+        case 8:
+          verifyResult = _context3.sent;
+          if (verifyResult !== null && verifyResult !== void 0 && verifyResult.verified) {
+            _context3.next = 9;
+            break;
+          }
+          return _context3.abrupt("return", c.json({
+            success: false,
+            message: i18n.codeInvalidOrExpired
+          }, 200));
+        case 9:
+          _context3.next = 10;
+          return supabase.auth.admin.updateUserById(adminRow.user_id, {
+            password: password
           });
-        case 6:
-          return _context4.abrupt("return", {
+        case 10:
+          _yield$supabase$auth$2 = _context3.sent;
+          updateError = _yield$supabase$auth$2.error;
+          if (!updateError) {
+            _context3.next = 11;
+            break;
+          }
+          return _context3.abrupt("return", c.json({
+            success: false,
+            message: updateError.message || i18n.resetFailed
+          }, 200));
+        case 11:
+          return _context3.abrupt("return", c.json({
             success: true,
-            user: updatedData.user
+            message: i18n.resetSuccess
+          }, 200));
+        case 12:
+          _context3.prev = 12;
+          _t4 = _context3["catch"](0);
+          console.error("重置密码失败:", _t4);
+          _i18n2 = getPasswordResetMessages(c);
+          return _context3.abrupt("return", c.json({
+            success: false,
+            message: _i18n2.resetFailed,
+            error: _t4.message
+          }, 500));
+        case 13:
+        case "end":
+          return _context3.stop();
+      }
+    }, _callee3, null, [[0, 12]]);
+  }));
+  return _resetPassword.apply(this, arguments);
+}
+function insertAdminRegistryRow(_x5, _x6, _x7, _x8) {
+  return _insertAdminRegistryRow.apply(this, arguments);
+}
+function _insertAdminRegistryRow() {
+  _insertAdminRegistryRow = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee4(supabase, sessionId, userId, account) {
+    return _regeneratorRuntime.wrap(function (_context4) {
+      while (1) switch (_context4.prev = _context4.next) {
+        case 0:
+          _context4.next = 1;
+          return supabase.from("_cms_admin_registry").insert({
+            session_id: normalizeSessionId(sessionId),
+            user_id: userId,
+            email: account
           });
-        case 7:
+        case 1:
+          return _context4.abrupt("return", _context4.sent);
+        case 2:
         case "end":
           return _context4.stop();
       }
     }, _callee4);
   }));
-  return _promoteExistingUserToSessionAdmin.apply(this, arguments);
+  return _insertAdminRegistryRow.apply(this, arguments);
 }
 function getUserSessionId(user) {
   var _user$user_metadata2;
   return normalizeSessionId(user === null || user === void 0 || (_user$user_metadata2 = user.user_metadata) === null || _user$user_metadata2 === void 0 ? void 0 : _user$user_metadata2.session_id);
 }
-function getEffectiveRoleForSession(_x1, _x10) {
+function getEffectiveRoleForSession(_x9, _x0) {
   return _getEffectiveRoleForSession.apply(this, arguments);
 } // POST - 用户登录
 function _getEffectiveRoleForSession() {
@@ -5934,13 +6251,13 @@ function _getEffectiveRoleForSession() {
   }));
   return _getEffectiveRoleForSession.apply(this, arguments);
 }
-function login(_x11, _x12) {
+function login(_x1, _x10) {
   return _login.apply(this, arguments);
 }
 // GET - 是否允许注册（首次进入需要创建管理员账号）
 function _login() {
   _login = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee6(c, tableName) {
-    var _data$session, body, username, password, supabase, sessionId, email, _yield$supabase$auth$4, data, error, token, user, role, _t3;
+    var _data$session, body, username, password, supabase, sessionId, email, _yield$supabase$auth$3, data, error, token, user, role, _t5;
     return _regeneratorRuntime.wrap(function (_context6) {
       while (1) switch (_context6.prev = _context6.next) {
         case 0:
@@ -5978,9 +6295,9 @@ function _login() {
             password: password
           });
         case 4:
-          _yield$supabase$auth$4 = _context6.sent;
-          data = _yield$supabase$auth$4.data;
-          error = _yield$supabase$auth$4.error;
+          _yield$supabase$auth$3 = _context6.sent;
+          data = _yield$supabase$auth$3.data;
+          error = _yield$supabase$auth$3.error;
           if (!(error || !(data !== null && data !== void 0 && (_data$session = data.session) !== null && _data$session !== void 0 && _data$session.access_token) || !(data !== null && data !== void 0 && data.user))) {
             _context6.next = 5;
             break;
@@ -6014,12 +6331,12 @@ function _login() {
           }, 200));
         case 8:
           _context6.prev = 8;
-          _t3 = _context6["catch"](0);
-          console.error("登录失败:", _t3);
+          _t5 = _context6["catch"](0);
+          console.error("登录失败:", _t5);
           return _context6.abrupt("return", c.json({
             success: false,
             message: "登录失败",
-            error: _t3.message
+            error: _t5.message
           }, 500));
         case 9:
         case "end":
@@ -6029,13 +6346,13 @@ function _login() {
   }));
   return _login.apply(this, arguments);
 }
-function signupStatus(_x13, _x14) {
+function signupStatus(_x11, _x12) {
   return _signupStatus.apply(this, arguments);
 }
 // POST - 首次注册管理员（每个 session_id 只允许一个）
 function _signupStatus() {
   _signupStatus = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee7(c, tableName) {
-    var supabase, sessionId, ok, row, data, _t4;
+    var supabase, sessionId, ok, row, data, _t6;
     return _regeneratorRuntime.wrap(function (_context7) {
       while (1) switch (_context7.prev = _context7.next) {
         case 0:
@@ -6073,12 +6390,12 @@ function _signupStatus() {
           }, 200));
         case 4:
           _context7.prev = 4;
-          _t4 = _context7["catch"](0);
-          console.error("获取注册状态失败:", _t4);
+          _t6 = _context7["catch"](0);
+          console.error("获取注册状态失败:", _t6);
           return _context7.abrupt("return", c.json({
             success: false,
             message: "获取注册状态失败",
-            error: _t4.message
+            error: _t6.message
           }, 500));
         case 5:
         case "end":
@@ -6088,13 +6405,13 @@ function _signupStatus() {
   }));
   return _signupStatus.apply(this, arguments);
 }
-function signup(_x15, _x16) {
+function signup(_x13, _x14) {
   return _signup.apply(this, arguments);
 }
 // POST - 验证token
 function _signup() {
   _signup = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee8(c, tableName) {
-    var _body$username, _data$session2, body, account, password, supabase, sessionId, email, ok, existing, _yield$supabase$auth$5, data, error, promoted, insertRes, token, user, role, _t5;
+    var _body$username3, _data$session2, body, account, password, supabase, sessionId, email, ok, existing, _yield$supabase$auth$4, data, error, insertRes, token, user, role, _t7;
     return _regeneratorRuntime.wrap(function (_context8) {
       while (1) switch (_context8.prev = _context8.next) {
         case 0:
@@ -6103,7 +6420,7 @@ function _signup() {
           return c.req.json();
         case 1:
           body = _context8.sent;
-          account = (_body$username = body.username) === null || _body$username === void 0 ? void 0 : _body$username.trim();
+          account = (_body$username3 = body.username) === null || _body$username3 === void 0 ? void 0 : _body$username3.trim();
           password = body.password;
           if (!(!account || !password)) {
             _context8.next = 2;
@@ -6169,67 +6486,61 @@ function _signup() {
             }
           });
         case 8:
-          _yield$supabase$auth$5 = _context8.sent;
-          data = _yield$supabase$auth$5.data;
-          error = _yield$supabase$auth$5.error;
+          _yield$supabase$auth$4 = _context8.sent;
+          data = _yield$supabase$auth$4.data;
+          error = _yield$supabase$auth$4.error;
           if (!(error || !(data !== null && data !== void 0 && data.user))) {
-            _context8.next = 12;
-            break;
-          }
-          if (!isSupabaseUserAlreadyExistsError(error)) {
-            _context8.next = 11;
-            break;
-          }
-          _context8.next = 9;
-          return promoteExistingUserToSessionAdmin(supabase, email, sessionId, account);
-        case 9:
-          promoted = _context8.sent;
-          if (promoted.success) {
-            _context8.next = 10;
+            _context8.next = 9;
             break;
           }
-          return _context8.abrupt("return", c.json({
-            success: false,
-            message: promoted.message
-          }, 200));
-        case 10:
-          return _context8.abrupt("return", c.json({
-            success: true,
-            message: "管理员账号已启用，请登录"
-          }, 200));
-        case 11:
+          console.log("注册失败:", error);
+          // if (isSupabaseUserAlreadyExistsError(error)) {
+          //   const promoted = await promoteExistingUserToSessionAdmin(
+          //     supabase,
+          //     email,
+          //     sessionId,
+          //     account,
+          //   )
+          //   if (!promoted.success) {
+          //     return c.json({ success: false, message: promoted.message } as ApiResponse, 200)
+          //   }
+          //   return c.json(
+          //     { success: true, message: "管理员账号已启用，请登录" } as ApiResponse,
+          //     200
+          //   )
+          // }
           return _context8.abrupt("return", c.json({
             success: false,
             message: (error === null || error === void 0 ? void 0 : error.message) || "注册失败"
           }, 200));
-        case 12:
+        case 9:
           if ((_data$session2 = data.session) !== null && _data$session2 !== void 0 && _data$session2.access_token) {
-            _context8.next = 13;
+            _context8.next = 10;
             break;
           }
           return _context8.abrupt("return", c.json({
             success: true,
             message: "注册成功，请完成邮箱验证后登录"
           }, 200));
-        case 13:
-          _context8.next = 14;
+        case 10:
+          _context8.next = 11;
           return insertAdminRegistryRow(supabase, sessionId, data.user.id, account);
-        case 14:
+        case 11:
           insertRes = _context8.sent;
           if (!insertRes.error) {
-            _context8.next = 15;
+            _context8.next = 12;
             break;
           }
           return _context8.abrupt("return", c.json({
             success: false,
             message: "管理员已被创建，请使用已有账号登录"
           }, 200));
-        case 15:
+        case 12:
           token = data.session.access_token;
           user = data.user;
-          _context8.next = 16;
+          _context8.next = 13;
           return getEffectiveRoleForSession(user, sessionId);
-        case 16:
+        case 13:
           role = _context8.sent;
           return _context8.abrupt("return", c.json({
             success: true,
@@ -6244,30 +6555,30 @@ function _signup() {
               }
             }
           }, 200));
-        case 17:
-          _context8.prev = 17;
-          _t5 = _context8["catch"](0);
-          console.error("注册失败:", _t5);
+        case 14:
+          _context8.prev = 14;
+          _t7 = _context8["catch"](0);
+          console.error("注册失败:", _t7);
           return _context8.abrupt("return", c.json({
             success: false,
             message: "注册失败",
-            error: _t5.message
+            error: _t7.message
           }, 500));
-        case 18:
+        case 15:
         case "end":
           return _context8.stop();
       }
-    }, _callee8, null, [[0, 17]]);
+    }, _callee8, null, [[0, 14]]);
   }));
   return _signup.apply(this, arguments);
 }
-function verifyAuth(_x17, _x18) {
+function verifyAuth(_x15, _x16) {
   return _verifyAuth.apply(this, arguments);
 }
 // GET - 获取当前用户信息
 function _verifyAuth() {
   _verifyAuth = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee9(c, tableName) {
-    var authHeader, token, supabase, _yield$supabase$auth$6, data, error, sessionId, role, decoded, message, responseMessage, _t6, _t7;
+    var authHeader, token, supabase, _yield$supabase$auth$5, data, error, sessionId, role, decoded, message, responseMessage, _t8, _t9;
     return _regeneratorRuntime.wrap(function (_context9) {
       while (1) switch (_context9.prev = _context9.next) {
         case 0:
@@ -6288,9 +6599,9 @@ function _verifyAuth() {
           _context9.next = 2;
           return supabase.auth.getUser(token);
         case 2:
-          _yield$supabase$auth$6 = _context9.sent;
-          data = _yield$supabase$auth$6.data;
-          error = _yield$supabase$auth$6.error;
+          _yield$supabase$auth$5 = _context9.sent;
+          data = _yield$supabase$auth$5.data;
+          error = _yield$supabase$auth$5.error;
           if (!(error || !(data !== null && data !== void 0 && data.user))) {
             _context9.next = 3;
             break;
@@ -6317,8 +6628,8 @@ function _verifyAuth() {
           }));
         case 6:
           _context9.prev = 6;
-          _t6 = _context9["catch"](1);
-          message = _t6.message;
+          _t8 = _context9["catch"](1);
+          message = _t8.message;
           responseMessage = message === 'TOKEN_EXPIRED' ? "登录已过期，请重新登录" : "认证信息无效";
           return _context9.abrupt("return", c.json({
             success: false,
@@ -6326,12 +6637,12 @@ function _verifyAuth() {
           }, 200));
         case 7:
           _context9.prev = 7;
-          _t7 = _context9["catch"](0);
-          console.error("验证认证失败:", _t7);
+          _t9 = _context9["catch"](0);
+          console.error("验证认证失败:", _t9);
           return _context9.abrupt("return", c.json({
             success: false,
             message: "验证认证失败",
-            error: _t7.message
+            error: _t9.message
           }, 500));
         case 8:
         case "end":
@@ -6341,13 +6652,13 @@ function _verifyAuth() {
   }));
   return _verifyAuth.apply(this, arguments);
 }
-function getCurrentUser(_x19, _x20) {
+function getCurrentUser(_x17, _x18) {
   return _getCurrentUser.apply(this, arguments);
 }
 // 中间件：验证 Supabase JWT token
 function _getCurrentUser() {
   _getCurrentUser = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee0(c, tableName) {
-    var authHeader, token, supabase, _yield$supabase$auth$7, data, error, user, sessionId, role, _t8;
+    var authHeader, token, supabase, _yield$supabase$auth$6, data, error, user, sessionId, role, _t0;
     return _regeneratorRuntime.wrap(function (_context0) {
       while (1) switch (_context0.prev = _context0.next) {
         case 0:
@@ -6367,9 +6678,9 @@ function _getCurrentUser() {
           _context0.next = 2;
           return supabase.auth.getUser(token);
         case 2:
-          _yield$supabase$auth$7 = _context0.sent;
-          data = _yield$supabase$auth$7.data;
-          error = _yield$supabase$auth$7.error;
+          _yield$supabase$auth$6 = _context0.sent;
+          data = _yield$supabase$auth$6.data;
+          error = _yield$supabase$auth$6.error;
           if (!(error || !(data !== null && data !== void 0 && data.user))) {
             _context0.next = 3;
             break;
@@ -6402,12 +6713,12 @@ function _getCurrentUser() {
           }, 200));
         case 6:
           _context0.prev = 6;
-          _t8 = _context0["catch"](0);
-          console.error("获取用户信息失败:", _t8);
+          _t0 = _context0["catch"](0);
+          console.error("获取用户信息失败:", _t0);
           return _context0.abrupt("return", c.json({
             success: false,
             message: "获取用户信息失败",
-            error: _t8.message
+            error: _t0.message
           }, 500));
         case 7:
         case "end":
@@ -6487,7 +6798,7 @@ function requireAuth(handler) {
         }
       }, _callee, null, [[0, 5], [1, 4]]);
     }));
-    return function (_x21) {
+    return function (_x19) {
       return _ref.apply(this, arguments);
     };
   }();
@@ -6540,7 +6851,7 @@ function _resolveUploadMaxSize() {
   return _resolveUploadMaxSize.apply(this, arguments);
 }
 function readSessionId(c) {
-  return c.req.header("X-Session-Id") || c.req.header("x-session-id") || '';
+  return normalizeSessionId(c.req.header("X-Session-Id") || c.req.header("x-session-id")) || '';
 }
 function uploadToOss(_x3) {
   return _uploadToOss.apply(this, arguments);
@@ -6619,225 +6930,6 @@ function _uploadToOss() {
   return _uploadToOss.apply(this, arguments);
 }
-function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
-function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
-var CONFIG_NAMESPACE_RE = /^[a-zA-Z][a-zA-Z0-9_-]{0,63}$/;
-var CONFIG_SESSION_RE = /^[a-zA-Z0-9_]{1,128}$/;
-function getConfigSessionId(c) {
-  return normalizeSessionId(c.req.header("X-Session-Id") || c.req.header("x-session-id"));
-}
-function validateConfigSessionId(sessionId) {
-  if (!sessionId) return "缺少 X-Session-Id，无法访问配置中心";
-  if (!CONFIG_SESSION_RE.test(sessionId)) {
-    return "X-Session-Id 格式不合法";
-  }
-  return null;
-}
-function getConfigsTableName(sessionId) {
-  return "".concat(sessionId.replace('-', '_'), "__config__");
-}
-function normalizeValues(values) {
-  if (!values || _typeof$1(values) !== "object" || Array.isArray(values)) {
-    return {};
-  }
-  return values;
-}
-function buildFieldStatus(values) {
-  return Object.fromEntries(Object.entries(values).map(function (_ref) {
-    var _ref2 = _slicedToArray(_ref, 2),
-      key = _ref2[0],
-      value = _ref2[1];
-    return [key, {
-      configured: value !== null && value !== undefined && String(value).trim() !== ""
-    }];
-  }));
-}
-function validateNamespace(namespace) {
-  if (!namespace) return "缺少 namespace";
-  if (!CONFIG_NAMESPACE_RE.test(namespace)) {
-    return "namespace 只能包含字母、数字、下划线和连字符，且必须以字母开头";
-  }
-  return null;
-}
-function toConfigResponse(row, fallbackNamespace) {
-  var values = normalizeValues(row === null || row === void 0 ? void 0 : row.values);
-  return {
-    id: row === null || row === void 0 ? void 0 : row.id,
-    namespace: (row === null || row === void 0 ? void 0 : row.namespace) || fallbackNamespace,
-    values: values,
-    fields: buildFieldStatus(values),
-    created_at: row === null || row === void 0 ? void 0 : row.created_at,
-    updated_at: row === null || row === void 0 ? void 0 : row.updated_at
-  };
-}
-function getConfig(_x) {
-  return _getConfig.apply(this, arguments);
-}
-function _getConfig() {
-  _getConfig = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee(c) {
-    var namespace, namespaceError, _response, sessionId, sessionError, _response2, tableName, supabase, _yield$supabase$from$, data, error, response, _response3, _t;
-    return _regeneratorRuntime.wrap(function (_context) {
-      while (1) switch (_context.prev = _context.next) {
-        case 0:
-          _context.prev = 0;
-          namespace = (c.req.query("namespace") || "").trim();
-          namespaceError = validateNamespace(namespace);
-          if (!namespaceError) {
-            _context.next = 1;
-            break;
-          }
-          _response = {
-            success: false,
-            message: namespaceError
-          };
-          return _context.abrupt("return", c.json(_response, 200));
-        case 1:
-          sessionId = getConfigSessionId(c);
-          sessionError = validateConfigSessionId(sessionId);
-          if (!sessionError) {
-            _context.next = 2;
-            break;
-          }
-          _response2 = {
-            success: false,
-            message: sessionError
-          };
-          return _context.abrupt("return", c.json(_response2, 200));
-        case 2:
-          tableName = getConfigsTableName(sessionId); // await ensureConfigsTable(tableName)
-          supabase = getSupabase();
-          _context.next = 3;
-          return supabase.from(tableName).select("*").eq("namespace", namespace).maybeSingle();
-        case 3:
-          _yield$supabase$from$ = _context.sent;
-          data = _yield$supabase$from$.data;
-          error = _yield$supabase$from$.error;
-          if (!error) {
-            _context.next = 4;
-            break;
-          }
-          throw error;
-        case 4:
-          response = {
-            success: true,
-            data: toConfigResponse(data, namespace)
-          };
-          return _context.abrupt("return", c.json(response, 200));
-        case 5:
-          _context.prev = 5;
-          _t = _context["catch"](0);
-          console.error("获取配置失败:", _t);
-          _response3 = {
-            success: false,
-            message: "获取配置失败",
-            error: _t.message
-          };
-          return _context.abrupt("return", c.json(_response3, 500));
-        case 6:
-        case "end":
-          return _context.stop();
-      }
-    }, _callee, null, [[0, 5]]);
-  }));
-  return _getConfig.apply(this, arguments);
-}
-function updateConfig(_x2) {
-  return _updateConfig.apply(this, arguments);
-}
-function _updateConfig() {
-  _updateConfig = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee2(c) {
-    var namespace, namespaceError, _response4, body, values, sessionId, sessionError, _response5, tableName, supabase, _yield$supabase$from$2, existing, existingError, nextValues, _yield$supabase$from$3, data, error, response, _response6, _t2;
-    return _regeneratorRuntime.wrap(function (_context2) {
-      while (1) switch (_context2.prev = _context2.next) {
-        case 0:
-          _context2.prev = 0;
-          namespace = (c.req.param("namespace") || "").trim();
-          namespaceError = validateNamespace(namespace);
-          if (!namespaceError) {
-            _context2.next = 1;
-            break;
-          }
-          _response4 = {
-            success: false,
-            message: namespaceError
-          };
-          return _context2.abrupt("return", c.json(_response4, 200));
-        case 1:
-          _context2.next = 2;
-          return c.req.json();
-        case 2:
-          body = _context2.sent;
-          values = normalizeValues(body === null || body === void 0 ? void 0 : body.values);
-          sessionId = getConfigSessionId(c);
-          sessionError = validateConfigSessionId(sessionId);
-          if (!sessionError) {
-            _context2.next = 3;
-            break;
-          }
-          _response5 = {
-            success: false,
-            message: sessionError
-          };
-          return _context2.abrupt("return", c.json(_response5, 200));
-        case 3:
-          tableName = getConfigsTableName(sessionId); // await ensureConfigsTable(tableName)
-          supabase = getSupabase();
-          _context2.next = 4;
-          return supabase.from(tableName).select("values").eq("namespace", namespace).maybeSingle();
-        case 4:
-          _yield$supabase$from$2 = _context2.sent;
-          existing = _yield$supabase$from$2.data;
-          existingError = _yield$supabase$from$2.error;
-          if (!existingError) {
-            _context2.next = 5;
-            break;
-          }
-          throw existingError;
-        case 5:
-          nextValues = _objectSpread(_objectSpread({}, normalizeValues(existing === null || existing === void 0 ? void 0 : existing.values)), values);
-          _context2.next = 6;
-          return supabase.from(tableName).upsert({
-            namespace: namespace,
-            values: nextValues,
-            updated_at: new Date().toISOString()
-          }, {
-            onConflict: "namespace"
-          }).select("*").single();
-        case 6:
-          _yield$supabase$from$3 = _context2.sent;
-          data = _yield$supabase$from$3.data;
-          error = _yield$supabase$from$3.error;
-          if (!error) {
-            _context2.next = 7;
-            break;
-          }
-          throw error;
-        case 7:
-          response = {
-            success: true,
-            message: "配置保存成功",
-            data: toConfigResponse(data, namespace)
-          };
-          return _context2.abrupt("return", c.json(response, 200));
-        case 8:
-          _context2.prev = 8;
-          _t2 = _context2["catch"](0);
-          console.error("保存配置失败:", _t2);
-          _response6 = {
-            success: false,
-            message: "保存配置失败",
-            error: _t2.message
-          };
-          return _context2.abrupt("return", c.json(_response6, 500));
-        case 9:
-        case "end":
-          return _context2.stop();
-      }
-    }, _callee2, null, [[0, 8]]);
-  }));
-  return _updateConfig.apply(this, arguments);
-}
 var AUTH_REQUIRED = "CMS_AUTH_REQUIRED";
 var AUTH_INVALID = "CMS_AUTH_INVALID";
 var CMS_FORBIDDEN = "CMS_FORBIDDEN";
@@ -7277,10 +7369,26 @@ function createDynamicAuthRoute(app) {
     var tableName = c.req.param("tableName");
     return signup(c, tableName);
   });
+  app.post("/auth/password/forgot/:tableName", function (c) {
+    var tableName = c.req.param("tableName");
+    return forgotPassword(c, tableName);
+  });
+  app.post("/auth/password/reset/:tableName", function (c) {
+    var tableName = c.req.param("tableName");
+    return resetPassword(c, tableName);
+  });
   app.post("/auth/:tableName/login", function (c) {
     var tableName = c.req.param("tableName");
     return login(c, tableName);
   });
+  app.post("/auth/:tableName/password/forgot", function (c) {
+    var tableName = c.req.param("tableName");
+    return forgotPassword(c, tableName);
+  });
+  app.post("/auth/:tableName/password/reset", function (c) {
+    var tableName = c.req.param("tableName");
+    return resetPassword(c, tableName);
+  });
   app.get("/auth/:tableName/current", function (c) {
     var tableName = c.req.param("tableName");
     return getCurrentUser(c, tableName);
@@ -7333,17 +7441,9 @@ function createOssUploadRoute(app) {
   app.post("/upload", requireJwtAuth, requireAdminRole, uploadToOss);
   return app;
 }
-function createConfigRoute(app) {
-  app.get("/configs", requireAdminRole, getConfig);
-  app.put("/configs/:namespace", requireAdminRole, function (c) {
-    return updateConfig(c);
-  });
-  return app;
-}
 // 一键创建所有CMS路由
 function createCmsRoutes(app) {
   createModelRoute(app);
-  createConfigRoute(app);
   createDynamicDataRoute(app);
   createDynamicAuthRoute(app);
   return app;
@@ -7359,7 +7459,6 @@ exports.closeDatabase = closeSupabase;
 exports.closeSupabase = closeSupabase;
 exports.createAuthRoute = createAuthRoute;
 exports.createCmsRoutes = createCmsRoutes;
-exports.createConfigRoute = createConfigRoute;
 exports.createDataRoute = createDataRoute;
 exports.createDynamicAuthRoute = createDynamicAuthRoute;
 exports.createDynamicDataRoute = createDynamicDataRoute;
@@ -7371,9 +7470,9 @@ exports.deleteModel = deleteModel;
 exports.deleteTableData = deleteTableData;
 exports.dropForeignKeys = dropForeignKeys;
 exports.executeSupabaseSetup = executeSupabaseSetup;
+exports.feishuAlertConfig = feishuAlertConfig;
 exports.getAuthService = getAuthService;
 exports.getCmsModelService = getCmsModelService;
-exports.getConfig = getConfig;
 exports.getCurrentUser = getCurrentUser;
 exports.getDatabase = getSupabase;
 exports.getDynamicTableService = getDynamicTableService;
@@ -7390,12 +7489,13 @@ exports.initializeDatabase = initializeSupabase;
 exports.initializeOssUpload = initializeOssUpload;
 exports.initializeSupabase = initializeSupabase;
 exports.login = login;
+exports.notifyCmsCrudErrorToFeishu = notifyCmsCrudErrorToFeishu;
+exports.reportCmsCrudErrorToFeishu = reportCmsCrudErrorToFeishu;
 exports.requireAuth = requireAuth;
 exports.signup = signup;
 exports.signupStatus = signupStatus;
 exports.syncDatabase = initializeCmsSystem;
 exports.testConnection = testConnection;
-exports.updateConfig = updateConfig;
 exports.updateModel = updateModel;
 exports.updateTableData = updateTableData;
 exports.uploadToOss = uploadToOss;