@authhero/multi-tenancy 13.10.0 → 13.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/multi-tenancy.cjs +1 -1
  2. package/dist/multi-tenancy.d.ts +17842 -4685
  3. package/dist/multi-tenancy.mjs +654 -916
  4. package/package.json +4 -4
package/dist/multi-tenancy.mjs CHANGED
@@ -1,23 +1,22 @@
1
1
  var K = Object.defineProperty;
2
- var B = (t, a, i) => a in t ? K(t, a, { enumerable: !0, configurable: !0, writable: !0, value: i }) : t[a] = i;
3
- var D = (t, a, i) => B(t, typeof a != "symbol" ? a + "" : a, i);
2
+ var E = (e, t, s) => t in e ? K(e, t, { enumerable: !0, configurable: !0, writable: !0, value: s }) : e[t] = s;
3
+ var D = (e, t, s) => E(e, typeof t != "symbol" ? t + "" : t, s);
4
4
  import { Hono as U } from "hono";
5
- import { getTenantAudience as W, MANAGEMENT_API_SCOPES as G, MANAGEMENT_API_AUDIENCE as L, fetchAll as z, init as Q } from "authhero";
6
- import { MANAGEMENT_API_SCOPES as Pe, fetchAll as ze, seed as Ie } from "authhero";
7
- import { z as V } from "zod";
8
- import { auth0QuerySchema as F, tenantInsertSchema as j, tenantSchema as $ } from "@authhero/adapter-interfaces";
9
- import { OpenAPIHono as Y, createRoute as S, z as C } from "@hono/zod-openapi";
10
- var w = class extends Error {
5
+ import { getTenantAudience as B, MANAGEMENT_API_SCOPES as W, MANAGEMENT_API_AUDIENCE as G, fetchAll as S, init as L } from "authhero";
6
+ import { MANAGEMENT_API_SCOPES as ve, fetchAll as be, seed as Pe } from "authhero";
7
+ import { OpenAPIHono as Q, createRoute as M, z as P } from "@hono/zod-openapi";
8
+ import { auth0QuerySchema as V, tenantSchema as O, tenantInsertSchema as J } from "@authhero/adapter-interfaces";
9
+ var C = class extends Error {
11
10
  /**
12
11
  * Creates an instance of `HTTPException`.
13
12
  * @param status - HTTP status code for the exception. Defaults to 500.
14
13
  * @param options - Additional options for the exception.
15
14
  */
16
- constructor(a = 500, i) {
17
- super(i == null ? void 0 : i.message, { cause: i == null ? void 0 : i.cause });
15
+ constructor(t = 500, s) {
16
+ super(s == null ? void 0 : s.message, { cause: s == null ? void 0 : s.cause });
18
17
  D(this, "res");
19
18
  D(this, "status");
20
- this.res = i == null ? void 0 : i.res, this.status = a;
19
+ this.res = s == null ? void 0 : s.res, this.status = t;
21
20
  }
22
21
  /**
23
22
  * Returns the response object associated with the exception.
@@ -33,160 +32,160 @@ var w = class extends Error {
33
32
  });
34
33
  }
35
34
  };
36
- function Z(t) {
37
- const { controlPlaneTenantId: a, requireOrganizationMatch: i = !0 } = t;
35
+ function X(e) {
36
+ const { controlPlaneTenantId: t, requireOrganizationMatch: s = !0 } = e;
38
37
  return {
39
- async onTenantAccessValidation(e, n) {
40
- if (n === a)
38
+ async onTenantAccessValidation(a, i) {
39
+ if (i === t)
41
40
  return !0;
42
- if (i) {
43
- const r = e.var.org_name, l = e.var.organization_id, o = r || l;
44
- return o ? o === n : !1;
41
+ if (s) {
42
+ const n = a.var.org_name, u = a.var.organization_id, l = n || u;
43
+ return l ? l === i : !1;
45
44
  }
46
45
  return !0;
47
46
  }
48
47
  };
49
48
  }
50
- function J(t, a, i, e) {
51
- if (a === i)
49
+ function Y(e, t, s, a) {
50
+ if (t === s)
52
51
  return !0;
53
- const n = e || t;
54
- return n ? n === a : !1;
52
+ const i = a || e;
53
+ return i ? i === t : !1;
55
54
  }
56
- function X(t) {
55
+ function Z(e) {
57
56
  return {
58
- async resolveDataAdapters(a) {
57
+ async resolveDataAdapters(t) {
59
58
  try {
60
- return await t.getAdapters(a);
61
- } catch (i) {
59
+ return await e.getAdapters(t);
60
+ } catch (s) {
62
61
  console.error(
63
- `Failed to resolve data adapters for tenant ${a}:`,
64
- i
62
+ `Failed to resolve data adapters for tenant ${t}:`,
63
+ s
65
64
  );
66
65
  return;
67
66
  }
68
67
  }
69
68
  };
70
69
  }
71
- function H(t) {
70
+ function k(e) {
72
71
  return {
73
- async beforeCreate(a, i) {
74
- return !i.audience && i.id ? {
75
- ...i,
76
- audience: W(i.id)
77
- } : i;
72
+ async beforeCreate(t, s) {
73
+ return !s.audience && s.id ? {
74
+ ...s,
75
+ audience: B(s.id)
76
+ } : s;
78
77
  },
79
- async afterCreate(a, i) {
80
- const { accessControl: e, databaseIsolation: n, settingsInheritance: r } = t;
81
- e && a.ctx && await k(a, i, e), n != null && n.onProvision && await n.onProvision(i.id), (r == null ? void 0 : r.inheritFromControlPlane) !== !1 && a.ctx && await ee(a, i, t);
78
+ async afterCreate(t, s) {
79
+ const { accessControl: a, databaseIsolation: i, settingsInheritance: n } = e;
80
+ a && t.ctx && await H(t, s, a), i != null && i.onProvision && await i.onProvision(s.id), (n == null ? void 0 : n.inheritFromControlPlane) !== !1 && t.ctx && await ee(t, s, e);
82
81
  },
83
- async beforeDelete(a, i) {
84
- const { accessControl: e, databaseIsolation: n } = t;
85
- if (e)
82
+ async beforeDelete(t, s) {
83
+ const { accessControl: a, databaseIsolation: i } = e;
84
+ if (a)
86
85
  try {
87
- const l = (await a.adapters.organizations.list(
88
- e.controlPlaneTenantId
89
- )).organizations.find((o) => o.name === i);
90
- l && await a.adapters.organizations.remove(
91
- e.controlPlaneTenantId,
92
- l.id
86
+ const u = (await t.adapters.organizations.list(
87
+ a.controlPlaneTenantId
88
+ )).organizations.find((l) => l.name === s);
89
+ u && await t.adapters.organizations.remove(
90
+ a.controlPlaneTenantId,
91
+ u.id
93
92
  );
94
- } catch (r) {
93
+ } catch (n) {
95
94
  console.warn(
96
- `Failed to remove organization for tenant ${i}:`,
97
- r
95
+ `Failed to remove organization for tenant ${s}:`,
96
+ n
98
97
  );
99
98
  }
100
- if (n != null && n.onDeprovision)
99
+ if (i != null && i.onDeprovision)
101
100
  try {
102
- await n.onDeprovision(i);
103
- } catch (r) {
101
+ await i.onDeprovision(s);
102
+ } catch (n) {
104
103
  console.warn(
105
- `Failed to deprovision database for tenant ${i}:`,
106
- r
104
+ `Failed to deprovision database for tenant ${s}:`,
105
+ n
107
106
  );
108
107
  }
109
108
  }
110
109
  };
111
110
  }
112
- async function k(t, a, i) {
111
+ async function H(e, t, s) {
113
112
  const {
114
- controlPlaneTenantId: e,
115
- defaultPermissions: n,
116
- defaultRoles: r,
117
- issuer: l,
118
- adminRoleName: o = "Tenant Admin",
113
+ controlPlaneTenantId: a,
114
+ defaultPermissions: i,
115
+ defaultRoles: n,
116
+ issuer: u,
117
+ adminRoleName: l = "Tenant Admin",
119
118
  adminRoleDescription: c = "Full access to all tenant management operations",
120
- addCreatorToOrganization: s = !0
121
- } = i, u = await t.adapters.organizations.create(
122
- e,
119
+ addCreatorToOrganization: r = !0
120
+ } = s, f = await e.adapters.organizations.create(
121
+ a,
123
122
  {
124
- name: a.id,
125
- display_name: a.friendly_name || a.id
123
+ name: t.id,
124
+ display_name: t.friendly_name || t.id
126
125
  }
127
126
  );
128
- let f;
129
- if (l && (f = await x(
130
- t,
127
+ let d;
128
+ if (u && (d = await x(
131
129
  e,
132
- o,
130
+ a,
131
+ l,
133
132
  c
134
- )), s && t.ctx) {
135
- const d = t.ctx.var.user;
136
- if (d != null && d.sub)
133
+ )), r && e.ctx) {
134
+ const o = e.ctx.var.user;
135
+ if (o != null && o.sub)
137
136
  try {
138
- await t.adapters.userOrganizations.create(e, {
139
- user_id: d.sub,
140
- organization_id: u.id
141
- }), f && await t.adapters.userRoles.create(
142
- e,
143
- d.sub,
144
- f,
145
- u.id
137
+ await e.adapters.userOrganizations.create(a, {
138
+ user_id: o.sub,
139
+ organization_id: f.id
140
+ }), d && await e.adapters.userRoles.create(
141
+ a,
142
+ o.sub,
143
+ d,
144
+ f.id
146
145
  // organizationId
147
146
  );
148
147
  } catch (p) {
149
148
  console.warn(
150
- `Failed to add creator ${d.sub} to organization ${u.id}:`,
149
+ `Failed to add creator ${o.sub} to organization ${f.id}:`,
151
150
  p
152
151
  );
153
152
  }
154
153
  }
155
- r && r.length > 0 && console.log(
156
- `Would assign roles ${r.join(", ")} to organization ${u.id}`
157
- ), n && n.length > 0 && console.log(
158
- `Would grant permissions ${n.join(", ")} to organization ${u.id}`
154
+ n && n.length > 0 && console.log(
155
+ `Would assign roles ${n.join(", ")} to organization ${f.id}`
156
+ ), i && i.length > 0 && console.log(
157
+ `Would grant permissions ${i.join(", ")} to organization ${f.id}`
159
158
  );
160
159
  }
161
- async function x(t, a, i, e) {
162
- const r = (await t.adapters.roles.list(a, {})).roles.find((s) => s.name === i);
163
- if (r)
164
- return r.id;
165
- const l = await t.adapters.roles.create(a, {
166
- name: i,
167
- description: e
168
- }), o = L, c = G.map((s) => ({
169
- role_id: l.id,
170
- resource_server_identifier: o,
171
- permission_name: s.value
160
+ async function x(e, t, s, a) {
161
+ const n = (await e.adapters.roles.list(t, {})).roles.find((r) => r.name === s);
162
+ if (n)
163
+ return n.id;
164
+ const u = await e.adapters.roles.create(t, {
165
+ name: s,
166
+ description: a
167
+ }), l = G, c = W.map((r) => ({
168
+ role_id: u.id,
169
+ resource_server_identifier: l,
170
+ permission_name: r.value
172
171
  }));
173
- return await t.adapters.rolePermissions.assign(
174
- a,
175
- l.id,
172
+ return await e.adapters.rolePermissions.assign(
173
+ t,
174
+ u.id,
176
175
  c
177
- ), l.id;
176
+ ), u.id;
178
177
  }
179
- async function ee(t, a, i) {
180
- const { accessControl: e, settingsInheritance: n } = i;
181
- if (!e)
178
+ async function ee(e, t, s) {
179
+ const { accessControl: a, settingsInheritance: i } = s;
180
+ if (!a)
182
181
  return;
183
- const r = await t.adapters.tenants.get(
184
- e.controlPlaneTenantId
182
+ const n = await e.adapters.tenants.get(
183
+ a.controlPlaneTenantId
185
184
  );
186
- if (!r)
185
+ if (!n)
187
186
  return;
188
- let l = { ...r };
189
- const o = [
187
+ let u = { ...n };
188
+ const l = [
190
189
  "id",
191
190
  "created_at",
192
191
  "updated_at",
@@ -196,162 +195,162 @@ async function ee(t, a, i) {
196
195
  "sender_email",
197
196
  "sender_name"
198
197
  ];
199
- for (const c of o)
200
- delete l[c];
201
- if (n != null && n.inheritedKeys) {
198
+ for (const c of l)
199
+ delete u[c];
200
+ if (i != null && i.inheritedKeys) {
202
201
  const c = {};
203
- for (const s of n.inheritedKeys)
204
- s in r && !o.includes(s) && (c[s] = r[s]);
205
- l = c;
202
+ for (const r of i.inheritedKeys)
203
+ r in n && !l.includes(r) && (c[r] = n[r]);
204
+ u = c;
206
205
  }
207
- if (n != null && n.excludedKeys)
208
- for (const c of n.excludedKeys)
209
- delete l[c];
210
- n != null && n.transformSettings && (l = n.transformSettings(
211
- l,
212
- a.id
213
- )), Object.keys(l).length > 0 && await t.adapters.tenants.update(a.id, l);
206
+ if (i != null && i.excludedKeys)
207
+ for (const c of i.excludedKeys)
208
+ delete u[c];
209
+ i != null && i.transformSettings && (u = i.transformSettings(
210
+ u,
211
+ t.id
212
+ )), Object.keys(u).length > 0 && await e.adapters.tenants.update(t.id, u);
214
213
  }
215
- function te(t) {
214
+ function te(e) {
216
215
  const {
217
- controlPlaneTenantId: a,
218
- getChildTenantIds: i,
219
- getAdapters: e,
220
- shouldSync: n = () => !0,
221
- transformForSync: r
222
- } = t;
223
- async function l(s, u, f) {
224
- return (await s.resourceServers.list(u, {
225
- q: `identifier:${f}`,
216
+ controlPlaneTenantId: t,
217
+ getChildTenantIds: s,
218
+ getAdapters: a,
219
+ shouldSync: i = () => !0,
220
+ transformForSync: n
221
+ } = e;
222
+ async function u(r, f, d) {
223
+ return (await r.resourceServers.list(f, {
224
+ q: `identifier:${d}`,
226
225
  per_page: 1
227
226
  })).resource_servers[0] ?? null;
228
227
  }
229
- async function o(s, u) {
230
- const f = await i();
228
+ async function l(r, f) {
229
+ const d = await s();
231
230
  await Promise.all(
232
- f.map(async (d) => {
231
+ d.map(async (o) => {
233
232
  try {
234
- const p = await e(d), y = { ...r ? r(s, d) : {
235
- name: s.name,
236
- identifier: s.identifier,
237
- scopes: s.scopes,
238
- signing_alg: s.signing_alg,
239
- signing_secret: s.signing_secret,
240
- token_lifetime: s.token_lifetime,
241
- token_lifetime_for_web: s.token_lifetime_for_web,
242
- skip_consent_for_verifiable_first_party_clients: s.skip_consent_for_verifiable_first_party_clients,
243
- allow_offline_access: s.allow_offline_access,
244
- verificationKey: s.verificationKey,
245
- options: s.options
233
+ const p = await a(o), h = { ...n ? n(r, o) : {
234
+ name: r.name,
235
+ identifier: r.identifier,
236
+ scopes: r.scopes,
237
+ signing_alg: r.signing_alg,
238
+ signing_secret: r.signing_secret,
239
+ token_lifetime: r.token_lifetime,
240
+ token_lifetime_for_web: r.token_lifetime_for_web,
241
+ skip_consent_for_verifiable_first_party_clients: r.skip_consent_for_verifiable_first_party_clients,
242
+ allow_offline_access: r.allow_offline_access,
243
+ verificationKey: r.verificationKey,
244
+ options: r.options
246
245
  }, is_system: !0 };
247
- if (u === "create") {
248
- const T = await l(
246
+ if (f === "create") {
247
+ const T = await u(
249
248
  p,
250
- d,
251
- s.identifier
249
+ o,
250
+ r.identifier
252
251
  );
253
252
  T && T.id ? await p.resourceServers.update(
254
- d,
253
+ o,
255
254
  T.id,
256
- y
257
- ) : await p.resourceServers.create(d, y);
255
+ h
256
+ ) : await p.resourceServers.create(o, h);
258
257
  } else {
259
- const T = await l(
258
+ const T = await u(
260
259
  p,
261
- d,
262
- s.identifier
260
+ o,
261
+ r.identifier
263
262
  );
264
- T && T.id && await p.resourceServers.update(
265
- d,
263
+ T && T.id ? await p.resourceServers.update(
264
+ o,
266
265
  T.id,
267
- y
268
- );
266
+ h
267
+ ) : await p.resourceServers.create(o, h);
269
268
  }
270
269
  } catch (p) {
271
270
  console.error(
272
- `Failed to sync resource server "${s.identifier}" to tenant "${d}":`,
271
+ `Failed to sync resource server "${r.identifier}" to tenant "${o}":`,
273
272
  p
274
273
  );
275
274
  }
276
275
  })
277
276
  );
278
277
  }
279
- async function c(s) {
280
- const u = await i();
278
+ async function c(r) {
279
+ const f = await s();
281
280
  await Promise.all(
282
- u.map(async (f) => {
281
+ f.map(async (d) => {
283
282
  try {
284
- const d = await e(f), p = await l(
283
+ const o = await a(d), p = await u(
284
+ o,
285
285
  d,
286
- f,
287
- s
286
+ r
288
287
  );
289
- p && p.id && await d.resourceServers.remove(f, p.id);
290
- } catch (d) {
288
+ p && p.id && await o.resourceServers.remove(d, p.id);
289
+ } catch (o) {
291
290
  console.error(
292
- `Failed to delete resource server "${s}" from tenant "${f}":`,
293
- d
291
+ `Failed to delete resource server "${r}" from tenant "${d}":`,
292
+ o
294
293
  );
295
294
  }
296
295
  })
297
296
  );
298
297
  }
299
298
  return {
300
- afterCreate: async (s, u) => {
301
- s.tenantId === a && n(u) && await o(u, "create");
299
+ afterCreate: async (r, f) => {
300
+ r.tenantId === t && i(f) && await l(f, "create");
302
301
  },
303
- afterUpdate: async (s, u, f) => {
304
- s.tenantId === a && n(f) && await o(f, "update");
302
+ afterUpdate: async (r, f, d) => {
303
+ r.tenantId === t && i(d) && await l(d, "update");
305
304
  },
306
- afterDelete: async (s, u) => {
307
- s.tenantId === a && await c(u);
305
+ afterDelete: async (r, f) => {
306
+ r.tenantId === t && await c(f);
308
307
  }
309
308
  };
310
309
  }
311
- function ae(t) {
310
+ function ae(e) {
312
311
  const {
313
- controlPlaneTenantId: a,
314
- getControlPlaneAdapters: i,
315
- getAdapters: e,
316
- shouldSync: n = () => !0,
317
- transformForSync: r
318
- } = t;
312
+ controlPlaneTenantId: t,
313
+ getControlPlaneAdapters: s,
314
+ getAdapters: a,
315
+ shouldSync: i = () => !0,
316
+ transformForSync: n
317
+ } = e;
319
318
  return {
320
- async afterCreate(l, o) {
321
- if (o.id !== a)
319
+ async afterCreate(u, l) {
320
+ if (l.id !== t)
322
321
  try {
323
- const c = await i(), s = await e(o.id), u = await z(
324
- (f) => c.resourceServers.list(
325
- a,
326
- f
322
+ const c = await s(), r = await a(l.id), f = await S(
323
+ (d) => c.resourceServers.list(
324
+ t,
325
+ d
327
326
  ),
328
327
  "resource_servers",
329
328
  { cursorField: "id", pageSize: 100 }
330
329
  );
331
330
  await Promise.all(
332
- u.filter((f) => n(f)).map(async (f) => {
333
- const d = f;
331
+ f.filter((d) => i(d)).map(async (d) => {
332
+ const o = d;
334
333
  try {
335
- const p = r ? r(d, o.id) : {
336
- name: d.name,
337
- identifier: d.identifier,
338
- scopes: d.scopes,
339
- signing_alg: d.signing_alg,
340
- signing_secret: d.signing_secret,
341
- token_lifetime: d.token_lifetime,
342
- token_lifetime_for_web: d.token_lifetime_for_web,
343
- skip_consent_for_verifiable_first_party_clients: d.skip_consent_for_verifiable_first_party_clients,
344
- allow_offline_access: d.allow_offline_access,
345
- verificationKey: d.verificationKey,
346
- options: d.options
334
+ const p = n ? n(o, l.id) : {
335
+ name: o.name,
336
+ identifier: o.identifier,
337
+ scopes: o.scopes,
338
+ signing_alg: o.signing_alg,
339
+ signing_secret: o.signing_secret,
340
+ token_lifetime: o.token_lifetime,
341
+ token_lifetime_for_web: o.token_lifetime_for_web,
342
+ skip_consent_for_verifiable_first_party_clients: o.skip_consent_for_verifiable_first_party_clients,
343
+ allow_offline_access: o.allow_offline_access,
344
+ verificationKey: o.verificationKey,
345
+ options: o.options
347
346
  };
348
- await s.resourceServers.create(o.id, {
347
+ await r.resourceServers.create(l.id, {
349
348
  ...p,
350
349
  is_system: !0
351
350
  });
352
351
  } catch (p) {
353
352
  console.error(
354
- `Failed to sync resource server "${d.identifier}" to new tenant "${o.id}":`,
353
+ `Failed to sync resource server "${o.identifier}" to new tenant "${l.id}":`,
355
354
  p
356
355
  );
357
356
  }
@@ -359,305 +358,152 @@ function ae(t) {
359
358
  );
360
359
  } catch (c) {
361
360
  console.error(
362
- `Failed to sync resource servers to new tenant "${o.id}":`,
361
+ `Failed to sync resource servers to new tenant "${l.id}":`,
363
362
  c
364
363
  );
365
364
  }
366
365
  }
367
366
  };
368
367
  }
369
- function ne(t) {
368
+ function ne(e) {
370
369
  const {
371
- controlPlaneTenantId: a,
372
- getChildTenantIds: i,
373
- getAdapters: e,
374
- shouldSync: n = () => !0,
375
- transformForSync: r
376
- } = t;
377
- async function l(c, s, u) {
378
- return (await c.roles.list(s, {
379
- q: `name:${u}`,
370
+ controlPlaneTenantId: t,
371
+ getChildTenantIds: s,
372
+ getAdapters: a,
373
+ shouldSync: i = () => !0,
374
+ transformForSync: n
375
+ } = e;
376
+ async function u(c, r, f) {
377
+ return (await c.roles.list(r, {
378
+ q: `name:${f}`,
380
379
  per_page: 1
381
380
  })).roles[0] ?? null;
382
381
  }
383
- async function o(c, s) {
384
- const u = await i();
382
+ async function l(c, r) {
383
+ const f = await s();
385
384
  await Promise.all(
386
- u.map(async (f) => {
385
+ f.map(async (d) => {
387
386
  try {
388
- const d = await e(f), _ = { ...r ? r(c, f) : {
387
+ const o = await a(d), g = { ...n ? n(c, d) : {
389
388
  name: c.name,
390
389
  description: c.description
391
390
  }, is_system: !0 };
392
- if (s === "create") {
393
- const y = await l(d, f, c.name);
394
- y && y.id ? await d.roles.update(
395
- f,
396
- y.id,
397
- _
398
- ) : await d.roles.create(f, _);
391
+ if (r === "create") {
392
+ const h = await u(o, d, c.name);
393
+ h && h.id ? await o.roles.update(
394
+ d,
395
+ h.id,
396
+ g
397
+ ) : await o.roles.create(d, g);
399
398
  } else {
400
- const y = await l(d, f, c.name);
401
- y && y.id && await d.roles.update(
402
- f,
403
- y.id,
404
- _
405
- );
399
+ const h = await u(o, d, c.name);
400
+ h && h.id ? await o.roles.update(
401
+ d,
402
+ h.id,
403
+ g
404
+ ) : await o.roles.create(d, g);
406
405
  }
407
- } catch (d) {
406
+ } catch (o) {
408
407
  console.error(
409
- `Failed to sync role "${c.name}" to tenant "${f}":`,
410
- d
408
+ `Failed to sync role "${c.name}" to tenant "${d}":`,
409
+ o
411
410
  );
412
411
  }
413
412
  })
414
413
  );
415
414
  }
416
415
  return {
417
- afterCreate: async (c, s) => {
418
- c.tenantId === a && n(s) && await o(s, "create");
416
+ afterCreate: async (c, r) => {
417
+ c.tenantId === t && i(r) && await l(r, "create");
419
418
  },
420
- afterUpdate: async (c, s, u) => {
421
- c.tenantId === a && n(u) && await o(u, "update");
419
+ afterUpdate: async (c, r, f) => {
420
+ c.tenantId === t && i(f) && await l(f, "update");
422
421
  },
423
- afterDelete: async (c, s) => {
424
- c.tenantId === a && console.warn(
425
- `Role ${s} was deleted from control plane. Child tenant roles with matching names should be deleted manually or implement role name tracking.`
422
+ afterDelete: async (c, r) => {
423
+ c.tenantId === t && console.warn(
424
+ `Role ${r} was deleted from control plane. Child tenant roles with matching names should be deleted manually or implement role name tracking.`
426
425
  );
427
426
  }
428
427
  };
429
428
  }
430
- function se(t) {
429
+ function re(e) {
431
430
  const {
432
- controlPlaneTenantId: a,
433
- getControlPlaneAdapters: i,
434
- getAdapters: e,
435
- shouldSync: n = () => !0,
436
- transformForSync: r,
437
- syncPermissions: l = !0
438
- } = t;
431
+ controlPlaneTenantId: t,
432
+ getControlPlaneAdapters: s,
433
+ getAdapters: a,
434
+ shouldSync: i = () => !0,
435
+ transformForSync: n,
436
+ syncPermissions: u = !0
437
+ } = e;
439
438
  return {
440
- async afterCreate(o, c) {
441
- if (c.id !== a)
439
+ async afterCreate(l, c) {
440
+ if (c.id !== t)
442
441
  try {
443
- const s = await i(), u = await e(c.id), f = await z(
444
- (p) => s.roles.list(a, p),
442
+ const r = await s(), f = await a(c.id), d = await S(
443
+ (p) => r.roles.list(t, p),
445
444
  "roles",
446
445
  { cursorField: "id", pageSize: 100 }
447
- ), d = /* @__PURE__ */ new Map();
446
+ ), o = /* @__PURE__ */ new Map();
448
447
  if (await Promise.all(
449
- f.filter((p) => n(p)).map(async (p) => {
450
- const _ = p;
448
+ d.filter((p) => i(p)).map(async (p) => {
449
+ const g = p;
451
450
  try {
452
- const y = r ? r(_, c.id) : {
453
- name: _.name,
454
- description: _.description
455
- }, T = await u.roles.create(c.id, {
456
- ...y,
451
+ const h = n ? n(g, c.id) : {
452
+ name: g.name,
453
+ description: g.description
454
+ }, T = await f.roles.create(c.id, {
455
+ ...h,
457
456
  is_system: !0
458
457
  });
459
- d.set(_.id, T.id);
460
- } catch (y) {
458
+ o.set(g.id, T.id);
459
+ } catch (h) {
461
460
  console.error(
462
- `Failed to sync role "${_.name}" to new tenant "${c.id}":`,
463
- y
461
+ `Failed to sync role "${g.name}" to new tenant "${c.id}":`,
462
+ h
464
463
  );
465
464
  }
466
465
  })
467
- ), l)
468
- for (const [p, _] of d)
466
+ ), u)
467
+ for (const [p, g] of o)
469
468
  try {
470
- const y = await s.rolePermissions.list(
471
- a,
469
+ const h = await r.rolePermissions.list(
470
+ t,
472
471
  p,
473
472
  {}
474
473
  );
475
- y.length > 0 && await u.rolePermissions.assign(
474
+ h.length > 0 && await f.rolePermissions.assign(
476
475
  c.id,
477
- _,
478
- y.map((T) => ({
479
- role_id: _,
476
+ g,
477
+ h.map((T) => ({
478
+ role_id: g,
480
479
  resource_server_identifier: T.resource_server_identifier,
481
480
  permission_name: T.permission_name
482
481
  }))
483
482
  );
484
- } catch (y) {
483
+ } catch (h) {
485
484
  console.error(
486
485
  `Failed to sync permissions for role to new tenant "${c.id}":`,
487
- y
486
+ h
488
487
  );
489
488
  }
490
- } catch (s) {
489
+ } catch (r) {
491
490
  console.error(
492
491
  `Failed to sync roles to new tenant "${c.id}":`,
493
- s
492
+ r
494
493
  );
495
494
  }
496
495
  }
497
496
  };
498
497
  }
499
- function M(t, a) {
500
- const i = new U();
501
- return i.get("/", async (e) => {
502
- var f, d;
503
- const n = F.parse(e.req.query()), { page: r, per_page: l, include_totals: o, q: c } = n, s = e.var.user;
504
- if (t.accessControl && (s != null && s.sub)) {
505
- const p = t.accessControl.controlPlaneTenantId, y = (await e.env.data.userOrganizations.listUserOrganizations(
506
- p,
507
- s.sub,
508
- {}
509
- )).organizations.map((A) => A.name), T = await e.env.data.tenants.list({
510
- page: r,
511
- per_page: l,
512
- include_totals: o,
513
- q: c
514
- }), P = T.tenants.filter(
515
- (A) => y.includes(A.id)
516
- );
517
- return o ? e.json({
518
- tenants: P,
519
- start: ((f = T.totals) == null ? void 0 : f.start) ?? 0,
520
- limit: ((d = T.totals) == null ? void 0 : d.limit) ?? l,
521
- length: P.length
522
- }) : e.json(P);
523
- }
524
- const u = await e.env.data.tenants.list({
525
- page: r,
526
- per_page: l,
527
- include_totals: o,
528
- q: c
529
- });
530
- return o ? e.json(u) : e.json(u.tenants);
531
- }), i.get("/:id", async (e) => {
532
- const n = e.req.param("id");
533
- if (t.accessControl) {
534
- const l = e.var.user, o = t.accessControl.controlPlaneTenantId;
535
- if (n !== o) {
536
- if (!(l != null && l.sub))
537
- throw new w(401, {
538
- message: "Authentication required"
539
- });
540
- if (!(await e.env.data.userOrganizations.listUserOrganizations(
541
- o,
542
- l.sub,
543
- {}
544
- )).organizations.some((u) => u.name === n))
545
- throw new w(403, {
546
- message: "Access denied to this tenant"
547
- });
548
- }
549
- }
550
- const r = await e.env.data.tenants.get(n);
551
- if (!r)
552
- throw new w(404, {
553
- message: "Tenant not found"
554
- });
555
- return e.json(r);
556
- }), i.post("/", async (e) => {
557
- var n, r, l;
558
- try {
559
- const o = e.var.user;
560
- if (!(o != null && o.sub))
561
- throw new w(401, {
562
- message: "Authentication required to create tenants"
563
- });
564
- let c = j.parse(
565
- await e.req.json()
566
- );
567
- const s = {
568
- adapters: e.env.data,
569
- ctx: e
570
- };
571
- (n = a.tenants) != null && n.beforeCreate && (c = await a.tenants.beforeCreate(s, c));
572
- const u = await e.env.data.tenants.create(c);
573
- return (r = a.tenants) != null && r.afterCreate && await a.tenants.afterCreate(s, u), e.json(u, 201);
574
- } catch (o) {
575
- throw o instanceof V.ZodError ? new w(400, {
576
- message: "Validation error",
577
- cause: o
578
- }) : o instanceof Error && ("code" in o && o.code === "SQLITE_CONSTRAINT_PRIMARYKEY" || (l = o.message) != null && l.includes("UNIQUE constraint failed")) ? new w(409, {
579
- message: "Tenant with this ID already exists"
580
- }) : o;
581
- }
582
- }), i.patch("/:id", async (e) => {
583
- var d, p;
584
- const n = e.req.param("id");
585
- if (t.accessControl) {
586
- const _ = e.var.user;
587
- if (!(_ != null && _.sub))
588
- throw new w(401, {
589
- message: "Authentication required to update tenants"
590
- });
591
- const y = t.accessControl.controlPlaneTenantId;
592
- if (n !== y && !(await e.env.data.userOrganizations.listUserOrganizations(
593
- y,
594
- _.sub,
595
- {}
596
- )).organizations.some((A) => A.name === n))
597
- throw new w(403, {
598
- message: "Access denied to update this tenant"
599
- });
600
- }
601
- const r = j.partial().parse(await e.req.json()), { id: l, ...o } = r;
602
- if (!await e.env.data.tenants.get(n))
603
- throw new w(404, {
604
- message: "Tenant not found"
605
- });
606
- const s = {
607
- adapters: e.env.data,
608
- ctx: e
609
- };
610
- let u = o;
611
- (d = a.tenants) != null && d.beforeUpdate && (u = await a.tenants.beforeUpdate(s, n, o)), await e.env.data.tenants.update(n, u);
612
- const f = await e.env.data.tenants.get(n);
613
- if (!f)
614
- throw new w(404, {
615
- message: "Tenant not found after update"
616
- });
617
- return (p = a.tenants) != null && p.afterUpdate && await a.tenants.afterUpdate(s, f), e.json(f);
618
- }), i.delete("/:id", async (e) => {
619
- var o, c;
620
- const n = e.req.param("id");
621
- if (t.accessControl && n === t.accessControl.controlPlaneTenantId)
622
- throw new w(400, {
623
- message: "Cannot delete the control plane"
624
- });
625
- if (t.accessControl) {
626
- const s = e.var.user;
627
- if (!(s != null && s.sub))
628
- throw new w(401, {
629
- message: "Authentication required to delete tenants"
630
- });
631
- const u = t.accessControl.controlPlaneTenantId;
632
- if (!(await e.env.data.userOrganizations.listUserOrganizations(
633
- u,
634
- s.sub,
635
- {}
636
- )).organizations.some((p) => p.name === n))
637
- throw new w(403, {
638
- message: "Access denied to delete this tenant"
639
- });
640
- }
641
- if (!await e.env.data.tenants.get(n))
642
- throw new w(404, {
643
- message: "Tenant not found"
644
- });
645
- const l = {
646
- adapters: e.env.data,
647
- ctx: e
648
- };
649
- return (o = a.tenants) != null && o.beforeDelete && await a.tenants.beforeDelete(l, n), await e.env.data.tenants.remove(n), (c = a.tenants) != null && c.afterDelete && await a.tenants.afterDelete(l, n), e.body(null, 204);
650
- }), i;
651
- }
652
- function re(t, a) {
653
- const i = new Y();
654
- return i.openapi(
655
- S({
498
+ function j(e, t) {
499
+ const s = new Q();
500
+ return s.openapi(
501
+ M({
656
502
  tags: ["tenants"],
657
503
  method: "get",
658
504
  path: "/",
659
505
  request: {
660
- query: F
506
+ query: V
661
507
  },
662
508
  security: [
663
509
  {
@@ -668,11 +514,11 @@ function re(t, a) {
668
514
  200: {
669
515
  content: {
670
516
  "application/json": {
671
- schema: C.object({
672
- tenants: C.array($),
673
- start: C.number().optional(),
674
- limit: C.number().optional(),
675
- length: C.number().optional()
517
+ schema: P.object({
518
+ tenants: P.array(O),
519
+ start: P.number().optional(),
520
+ limit: P.number().optional(),
521
+ length: P.number().optional()
676
522
  })
677
523
  }
678
524
  },
@@ -680,105 +526,75 @@ function re(t, a) {
680
526
  }
681
527
  }
682
528
  }),
683
- async (e) => {
684
- var f, d, p, _;
685
- const n = e.req.valid("query"), { page: r, per_page: l, include_totals: o, q: c } = n, s = e.var.user;
686
- if (t.accessControl && (s != null && s.sub)) {
687
- const y = t.accessControl.controlPlaneTenantId, P = (await z(
688
- (I) => e.env.data.userOrganizations.listUserOrganizations(
689
- y,
690
- s.sub,
691
- I
529
+ async (a) => {
530
+ var p, g, h, T;
531
+ const i = a.req.valid("query"), { page: n, per_page: u, include_totals: l, q: c } = i, r = a.var.user, f = ((r == null ? void 0 : r.scope) || "").split(" "), d = f.includes("auth:read");
532
+ if (console.log("User scopes:", f, "hasAuthRead:", d), d) {
533
+ const b = await a.env.data.tenants.list({
534
+ page: n,
535
+ per_page: u,
536
+ include_totals: l,
537
+ q: c
538
+ });
539
+ return l ? a.json({
540
+ tenants: b.tenants,
541
+ start: ((p = b.totals) == null ? void 0 : p.start) ?? 0,
542
+ limit: ((g = b.totals) == null ? void 0 : g.limit) ?? u,
543
+ length: b.tenants.length
544
+ }) : a.json({ tenants: b.tenants });
545
+ }
546
+ if (e.accessControl && (r != null && r.sub)) {
547
+ const b = e.accessControl.controlPlaneTenantId, $ = (await S(
548
+ (R) => a.env.data.userOrganizations.listUserOrganizations(
549
+ b,
550
+ r.sub,
551
+ R
692
552
  ),
693
553
  "organizations"
694
- )).map((I) => I.name), A = await e.env.data.tenants.list({
695
- page: r,
696
- per_page: l,
697
- include_totals: o,
698
- q: c
699
- }), O = A.tenants.filter(
700
- (I) => P.includes(I.id)
701
- );
702
- return o ? e.json({
703
- tenants: O,
704
- start: ((f = A.totals) == null ? void 0 : f.start) ?? 0,
705
- limit: ((d = A.totals) == null ? void 0 : d.limit) ?? l,
706
- length: O.length
707
- }) : e.json({ tenants: O });
554
+ )).map((R) => R.name);
555
+ if ($.length === 0)
556
+ return l ? a.json({
557
+ tenants: [],
558
+ start: 0,
559
+ limit: u ?? 50,
560
+ length: 0
561
+ }) : a.json({ tenants: [] });
562
+ const z = $.length, F = n ?? 0, v = u ?? 50, w = F * v, m = $.slice(w, w + v);
563
+ if (m.length === 0)
564
+ return l ? a.json({
565
+ tenants: [],
566
+ start: w,
567
+ limit: v,
568
+ length: z
569
+ }) : a.json({ tenants: [] });
570
+ const y = m.map((R) => `id:${R}`).join(" OR "), _ = c ? `(${y}) AND (${c})` : y, A = await a.env.data.tenants.list({
571
+ q: _,
572
+ per_page: v,
573
+ include_totals: !1
574
+ // We calculate totals from accessibleTenantIds
575
+ });
576
+ return l ? a.json({
577
+ tenants: A.tenants,
578
+ start: w,
579
+ limit: v,
580
+ length: z
581
+ }) : a.json({ tenants: A.tenants });
708
582
  }
709
- const u = await e.env.data.tenants.list({
710
- page: r,
711
- per_page: l,
712
- include_totals: o,
583
+ const o = await a.env.data.tenants.list({
584
+ page: n,
585
+ per_page: u,
586
+ include_totals: l,
713
587
  q: c
714
588
  });
715
- return o ? e.json({
716
- tenants: u.tenants,
717
- start: ((p = u.totals) == null ? void 0 : p.start) ?? 0,
718
- limit: ((_ = u.totals) == null ? void 0 : _.limit) ?? l,
719
- length: u.tenants.length
720
- }) : e.json({ tenants: u.tenants });
721
- }
722
- ), i.openapi(
723
- S({
724
- tags: ["tenants"],
725
- method: "get",
726
- path: "/{id}",
727
- request: {
728
- params: C.object({
729
- id: C.string()
730
- })
731
- },
732
- security: [
733
- {
734
- Bearer: []
735
- }
736
- ],
737
- responses: {
738
- 200: {
739
- content: {
740
- "application/json": {
741
- schema: $
742
- }
743
- },
744
- description: "Tenant details"
745
- },
746
- 404: {
747
- description: "Tenant not found"
748
- }
749
- }
750
- }),
751
- async (e) => {
752
- const { id: n } = e.req.valid("param");
753
- if (t.accessControl) {
754
- const l = e.var.user, o = t.accessControl.controlPlaneTenantId;
755
- if (n !== o) {
756
- if (!(l != null && l.sub))
757
- throw new w(401, {
758
- message: "Authentication required"
759
- });
760
- if (!(await z(
761
- (u) => e.env.data.userOrganizations.listUserOrganizations(
762
- o,
763
- l.sub,
764
- u
765
- ),
766
- "organizations"
767
- )).some((u) => u.name === n))
768
- throw new w(403, {
769
- message: "Access denied to this tenant"
770
- });
771
- }
772
- }
773
- const r = await e.env.data.tenants.get(n);
774
- if (!r)
775
- throw new w(404, {
776
- message: "Tenant not found"
777
- });
778
- return e.json(r);
589
+ return l ? a.json({
590
+ tenants: o.tenants,
591
+ start: ((h = o.totals) == null ? void 0 : h.start) ?? 0,
592
+ limit: ((T = o.totals) == null ? void 0 : T.limit) ?? u,
593
+ length: o.tenants.length
594
+ }) : a.json({ tenants: o.tenants });
779
595
  }
780
- ), i.openapi(
781
- S({
596
+ ), s.openapi(
597
+ M({
782
598
  tags: ["tenants"],
783
599
  method: "post",
784
600
  path: "/",
@@ -786,7 +602,7 @@ function re(t, a) {
786
602
  body: {
787
603
  content: {
788
604
  "application/json": {
789
- schema: j
605
+ schema: J
790
606
  }
791
607
  }
792
608
  }
@@ -800,121 +616,43 @@ function re(t, a) {
800
616
  201: {
801
617
  content: {
802
618
  "application/json": {
803
- schema: $
619
+ schema: O
804
620
  }
805
621
  },
806
622
  description: "Tenant created"
807
623
  },
808
624
  400: {
809
625
  description: "Validation error"
810
- }
811
- }
812
- }),
813
- async (e) => {
814
- var c, s;
815
- const n = e.var.user;
816
- if (!(n != null && n.sub))
817
- throw new w(401, {
818
- message: "Authentication required to create tenants"
819
- });
820
- let r = e.req.valid("json");
821
- const l = {
822
- adapters: e.env.data,
823
- ctx: e
824
- };
825
- (c = a.tenants) != null && c.beforeCreate && (r = await a.tenants.beforeCreate(l, r));
826
- const o = await e.env.data.tenants.create(r);
827
- return (s = a.tenants) != null && s.afterCreate && await a.tenants.afterCreate(l, o), e.json(o, 201);
828
- }
829
- ), i.openapi(
830
- S({
831
- tags: ["tenants"],
832
- method: "patch",
833
- path: "/{id}",
834
- request: {
835
- params: C.object({
836
- id: C.string()
837
- }),
838
- body: {
839
- content: {
840
- "application/json": {
841
- schema: C.object(j.shape).partial()
842
- }
843
- }
844
- }
845
- },
846
- security: [
847
- {
848
- Bearer: ["update:tenants"]
849
- }
850
- ],
851
- responses: {
852
- 200: {
853
- content: {
854
- "application/json": {
855
- schema: $
856
- }
857
- },
858
- description: "Tenant updated"
859
- },
860
- 403: {
861
- description: "Access denied"
862
626
  },
863
- 404: {
864
- description: "Tenant not found"
627
+ 409: {
628
+ description: "Tenant with this ID already exists"
865
629
  }
866
630
  }
867
631
  }),
868
- async (e) => {
869
- var u, f;
870
- const { id: n } = e.req.valid("param");
871
- if (t.accessControl) {
872
- const d = e.var.user, p = t.accessControl.controlPlaneTenantId;
873
- if (!(d != null && d.sub))
874
- throw new w(401, {
875
- message: "Authentication required"
876
- });
877
- if (n !== p && !(await z(
878
- (T) => e.env.data.userOrganizations.listUserOrganizations(
879
- p,
880
- d.sub,
881
- T
882
- ),
883
- "organizations"
884
- )).some((T) => T.name === n))
885
- throw new w(403, {
886
- message: "Access denied to this tenant"
887
- });
888
- }
889
- if (!await e.env.data.tenants.get(n))
890
- throw new w(404, {
891
- message: "Tenant not found"
632
+ async (a) => {
633
+ var c, r;
634
+ const i = a.var.user;
635
+ if (!(i != null && i.sub))
636
+ throw new C(401, {
637
+ message: "Authentication required to create tenants"
892
638
  });
893
- const l = e.req.valid("json"), o = {
894
- adapters: e.env.data,
895
- ctx: e
639
+ let n = a.req.valid("json");
640
+ const u = {
641
+ adapters: a.env.data,
642
+ ctx: a
896
643
  };
897
- let c = l;
898
- (u = a.tenants) != null && u.beforeUpdate && (c = await a.tenants.beforeUpdate(
899
- o,
900
- n,
901
- l
902
- )), await e.env.data.tenants.update(n, c);
903
- const s = await e.env.data.tenants.get(n);
904
- if (!s)
905
- throw new w(500, {
906
- message: "Failed to retrieve updated tenant"
907
- });
908
- return (f = a.tenants) != null && f.afterUpdate && await a.tenants.afterUpdate(o, s), e.json(s);
644
+ (c = t.tenants) != null && c.beforeCreate && (n = await t.tenants.beforeCreate(u, n));
645
+ const l = await a.env.data.tenants.create(n);
646
+ return (r = t.tenants) != null && r.afterCreate && await t.tenants.afterCreate(u, l), a.json(l, 201);
909
647
  }
910
- ), i.openapi(
911
- S({
648
+ ), s.openapi(
649
+ M({
912
650
  tags: ["tenants"],
913
651
  method: "delete",
914
652
  path: "/{id}",
915
653
  request: {
916
- params: C.object({
917
- id: C.string()
654
+ params: P.object({
655
+ id: P.string()
918
656
  })
919
657
  },
920
658
  security: [
@@ -934,45 +672,45 @@ function re(t, a) {
934
672
  }
935
673
  }
936
674
  }),
937
- async (e) => {
938
- var o, c;
939
- const { id: n } = e.req.valid("param");
940
- if (t.accessControl) {
941
- const s = e.var.user, u = t.accessControl.controlPlaneTenantId;
942
- if (!(s != null && s.sub))
943
- throw new w(401, {
675
+ async (a) => {
676
+ var l, c;
677
+ const { id: i } = a.req.valid("param");
678
+ if (e.accessControl) {
679
+ const r = a.var.user, f = e.accessControl.controlPlaneTenantId;
680
+ if (!(r != null && r.sub))
681
+ throw new C(401, {
944
682
  message: "Authentication required"
945
683
  });
946
- if (n === u)
947
- throw new w(403, {
684
+ if (i === f)
685
+ throw new C(403, {
948
686
  message: "Cannot delete the control plane"
949
687
  });
950
- if (!(await z(
951
- (p) => e.env.data.userOrganizations.listUserOrganizations(
952
- u,
953
- s.sub,
688
+ if (!(await S(
689
+ (p) => a.env.data.userOrganizations.listUserOrganizations(
690
+ f,
691
+ r.sub,
954
692
  p
955
693
  ),
956
694
  "organizations"
957
- )).some((p) => p.name === n))
958
- throw new w(403, {
695
+ )).some((p) => p.name === i))
696
+ throw new C(403, {
959
697
  message: "Access denied to this tenant"
960
698
  });
961
699
  }
962
- if (!await e.env.data.tenants.get(n))
963
- throw new w(404, {
700
+ if (!await a.env.data.tenants.get(i))
701
+ throw new C(404, {
964
702
  message: "Tenant not found"
965
703
  });
966
- const l = {
967
- adapters: e.env.data,
968
- ctx: e
704
+ const u = {
705
+ adapters: a.env.data,
706
+ ctx: a
969
707
  };
970
- return (o = a.tenants) != null && o.beforeDelete && await a.tenants.beforeDelete(l, n), await e.env.data.tenants.remove(n), (c = a.tenants) != null && c.afterDelete && await a.tenants.afterDelete(l, n), e.body(null, 204);
708
+ return (l = t.tenants) != null && l.beforeDelete && await t.tenants.beforeDelete(u, i), await a.env.data.tenants.remove(i), (c = t.tenants) != null && c.afterDelete && await t.tenants.afterDelete(u, i), a.body(null, 204);
971
709
  }
972
- ), i;
710
+ ), s;
973
711
  }
974
- function ie(t) {
975
- const a = [
712
+ function se(e) {
713
+ const t = [
976
714
  {
977
715
  pattern: /\/api\/v2\/resource-servers\/([^/]+)$/,
978
716
  type: "resource_server"
@@ -980,27 +718,27 @@ function ie(t) {
980
718
  { pattern: /\/api\/v2\/roles\/([^/]+)$/, type: "role" },
981
719
  { pattern: /\/api\/v2\/connections\/([^/]+)$/, type: "connection" }
982
720
  ];
983
- for (const { pattern: i, type: e } of a) {
984
- const n = t.match(i);
985
- if (n && n[1])
986
- return { type: e, id: n[1] };
721
+ for (const { pattern: s, type: a } of t) {
722
+ const i = e.match(s);
723
+ if (i && i[1])
724
+ return { type: a, id: i[1] };
987
725
  }
988
726
  return null;
989
727
  }
990
- async function oe(t, a, i) {
728
+ async function ie(e, t, s) {
991
729
  try {
992
- switch (i.type) {
730
+ switch (s.type) {
993
731
  case "resource_server": {
994
- const e = await t.resourceServers.get(a, i.id);
995
- return (e == null ? void 0 : e.is_system) === !0;
732
+ const a = await e.resourceServers.get(t, s.id);
733
+ return (a == null ? void 0 : a.is_system) === !0;
996
734
  }
997
735
  case "role": {
998
- const e = await t.roles.get(a, i.id);
999
- return (e == null ? void 0 : e.is_system) === !0;
736
+ const a = await e.roles.get(t, s.id);
737
+ return (a == null ? void 0 : a.is_system) === !0;
1000
738
  }
1001
739
  case "connection": {
1002
- const e = await t.connections.get(a, i.id);
1003
- return (e == null ? void 0 : e.is_system) === !0;
740
+ const a = await e.connections.get(t, s.id);
741
+ return (a == null ? void 0 : a.is_system) === !0;
1004
742
  }
1005
743
  default:
1006
744
  return !1;
@@ -1009,382 +747,382 @@ async function oe(t, a, i) {
1009
747
  return !1;
1010
748
  }
1011
749
  }
1012
- function ce(t) {
750
+ function oe(e) {
1013
751
  return {
1014
752
  resource_server: "resource server",
1015
753
  role: "role",
1016
754
  connection: "connection"
1017
- }[t];
755
+ }[e];
1018
756
  }
1019
- function de() {
1020
- return async (t, a) => {
1021
- if (!["PATCH", "PUT", "DELETE"].includes(t.req.method))
1022
- return a();
1023
- const i = ie(t.req.path);
1024
- if (!i)
1025
- return a();
1026
- const e = t.var.tenant_id || t.req.header("x-tenant-id") || t.req.header("tenant-id");
1027
- if (!e)
1028
- return a();
1029
- if (await oe(t.env.data, e, i))
1030
- throw new w(403, {
1031
- message: `This ${ce(i.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
757
+ function ce() {
758
+ return async (e, t) => {
759
+ if (!["PATCH", "PUT", "DELETE"].includes(e.req.method))
760
+ return t();
761
+ const s = se(e.req.path);
762
+ if (!s)
763
+ return t();
764
+ const a = e.var.tenant_id || e.req.header("x-tenant-id") || e.req.header("tenant-id");
765
+ if (!a)
766
+ return t();
767
+ if (await ie(e.env.data, a, s))
768
+ throw new C(403, {
769
+ message: `This ${oe(s.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
1032
770
  });
1033
- return a();
771
+ return t();
1034
772
  };
1035
773
  }
1036
- function le(t) {
1037
- return async (a, i) => {
1038
- if (!t.accessControl)
1039
- return i();
1040
- const e = a.var.tenant_id, n = a.var.organization_id;
1041
- if (!e)
1042
- throw new w(400, {
774
+ function le(e) {
775
+ return async (t, s) => {
776
+ if (!e.accessControl)
777
+ return s();
778
+ const a = t.var.tenant_id, i = t.var.organization_id;
779
+ if (!a)
780
+ throw new C(400, {
1043
781
  message: "Tenant ID not found in request"
1044
782
  });
1045
- if (!J(
1046
- n,
1047
- e,
1048
- t.accessControl.controlPlaneTenantId
783
+ if (!Y(
784
+ i,
785
+ a,
786
+ e.accessControl.controlPlaneTenantId
1049
787
  ))
1050
- throw new w(403, {
1051
- message: `Access denied to tenant ${e}`
788
+ throw new C(403, {
789
+ message: `Access denied to tenant ${a}`
1052
790
  });
1053
- return i();
791
+ return s();
1054
792
  };
1055
793
  }
1056
- function ue(t) {
1057
- return async (a, i) => {
1058
- if (!t.subdomainRouting)
1059
- return i();
794
+ function de(e) {
795
+ return async (t, s) => {
796
+ if (!e.subdomainRouting)
797
+ return s();
1060
798
  const {
1061
- baseDomain: e,
1062
- reservedSubdomains: n = [],
1063
- resolveSubdomain: r
1064
- } = t.subdomainRouting, l = a.req.header("host") || "";
1065
- let o = null;
1066
- if (l.endsWith(e)) {
1067
- const s = l.slice(0, -(e.length + 1));
1068
- s && !s.includes(".") && (o = s);
799
+ baseDomain: a,
800
+ reservedSubdomains: i = [],
801
+ resolveSubdomain: n
802
+ } = e.subdomainRouting, u = t.req.header("host") || "";
803
+ let l = null;
804
+ if (u.endsWith(a)) {
805
+ const r = u.slice(0, -(a.length + 1));
806
+ r && !r.includes(".") && (l = r);
1069
807
  }
1070
- if (o && n.includes(o) && (o = null), !o)
1071
- return t.accessControl && a.set("tenant_id", t.accessControl.controlPlaneTenantId), i();
808
+ if (l && i.includes(l) && (l = null), !l)
809
+ return e.accessControl && t.set("tenant_id", e.accessControl.controlPlaneTenantId), s();
1072
810
  let c = null;
1073
- if (r)
1074
- c = await r(o);
1075
- else if (t.subdomainRouting.useOrganizations !== !1 && t.accessControl)
811
+ if (n)
812
+ c = await n(l);
813
+ else if (e.subdomainRouting.useOrganizations !== !1 && e.accessControl)
1076
814
  try {
1077
- const s = await a.env.data.organizations.get(
1078
- t.accessControl.controlPlaneTenantId,
1079
- o
815
+ const r = await t.env.data.organizations.get(
816
+ e.accessControl.controlPlaneTenantId,
817
+ l
1080
818
  );
1081
- s && (c = s.id);
819
+ r && (c = r.id);
1082
820
  } catch {
1083
821
  }
1084
822
  if (!c)
1085
- throw new w(404, {
1086
- message: `Tenant not found for subdomain: ${o}`
823
+ throw new C(404, {
824
+ message: `Tenant not found for subdomain: ${l}`
1087
825
  });
1088
- return a.set("tenant_id", c), i();
826
+ return t.set("tenant_id", c), s();
1089
827
  };
1090
828
  }
1091
- function fe(t) {
1092
- return async (a, i) => {
1093
- if (!t.databaseIsolation)
1094
- return i();
1095
- const e = a.var.tenant_id;
1096
- if (!e)
1097
- throw new w(400, {
829
+ function ue(e) {
830
+ return async (t, s) => {
831
+ if (!e.databaseIsolation)
832
+ return s();
833
+ const a = t.var.tenant_id;
834
+ if (!a)
835
+ throw new C(400, {
1098
836
  message: "Tenant ID not found in request"
1099
837
  });
1100
838
  try {
1101
- const n = await t.databaseIsolation.getAdapters(e);
1102
- a.env.data = n;
1103
- } catch (n) {
839
+ const i = await e.databaseIsolation.getAdapters(a);
840
+ t.env.data = i;
841
+ } catch (i) {
1104
842
  throw console.error(
1105
- `Failed to resolve database for tenant ${e}:`,
1106
- n
1107
- ), new w(500, {
843
+ `Failed to resolve database for tenant ${a}:`,
844
+ i
845
+ ), new C(500, {
1108
846
  message: "Failed to resolve tenant database"
1109
847
  });
1110
848
  }
1111
- return i();
849
+ return s();
1112
850
  };
1113
851
  }
1114
- function N(t) {
1115
- const a = ue(t), i = le(t), e = fe(t);
1116
- return async (n, r) => (await a(n, async () => {
1117
- }), await i(n, async () => {
1118
- }), await e(n, async () => {
1119
- }), r());
852
+ function N(e) {
853
+ const t = de(e), s = le(e), a = ue(e);
854
+ return async (i, n) => (await t(i, async () => {
855
+ }), await s(i, async () => {
856
+ }), await a(i, async () => {
857
+ }), n());
1120
858
  }
1121
- function Te(t) {
1122
- const a = R(t);
859
+ function ge(e) {
860
+ const t = I(e);
1123
861
  return {
1124
862
  name: "multi-tenancy",
1125
863
  // Apply multi-tenancy middleware for subdomain routing, database resolution, etc.
1126
- middleware: N(t),
864
+ middleware: N(e),
1127
865
  // Provide lifecycle hooks
1128
- hooks: a,
866
+ hooks: t,
1129
867
  // Mount tenant management routes
1130
868
  routes: [
1131
869
  {
1132
870
  path: "/management",
1133
- handler: M(t, a)
871
+ handler: j(e, t)
1134
872
  }
1135
873
  ],
1136
874
  // Called when plugin is registered
1137
875
  onRegister: async () => {
1138
- console.log("Multi-tenancy plugin registered"), t.accessControl && console.log(
1139
- ` - Access control enabled (control plane: ${t.accessControl.controlPlaneTenantId})`
1140
- ), t.subdomainRouting && console.log(
1141
- ` - Subdomain routing enabled (base domain: ${t.subdomainRouting.baseDomain})`
1142
- ), t.databaseIsolation && console.log(" - Database isolation enabled");
876
+ console.log("Multi-tenancy plugin registered"), e.accessControl && console.log(
877
+ ` - Access control enabled (control plane: ${e.accessControl.controlPlaneTenantId})`
878
+ ), e.subdomainRouting && console.log(
879
+ ` - Subdomain routing enabled (base domain: ${e.subdomainRouting.baseDomain})`
880
+ ), e.databaseIsolation && console.log(" - Database isolation enabled");
1143
881
  }
1144
882
  };
1145
883
  }
1146
- function R(t) {
1147
- const a = t.accessControl ? Z(t.accessControl) : {}, i = t.databaseIsolation ? X(t.databaseIsolation) : {}, e = H(t);
884
+ function I(e) {
885
+ const t = e.accessControl ? X(e.accessControl) : {}, s = e.databaseIsolation ? Z(e.databaseIsolation) : {}, a = k(e);
1148
886
  return {
1149
- ...a,
1150
- ...i,
1151
- tenants: e
887
+ ...t,
888
+ ...s,
889
+ tenants: a
1152
890
  };
1153
891
  }
1154
- function pe(t) {
1155
- const a = new U(), i = R(t);
1156
- return a.route("/tenants", M(t, i)), a;
892
+ function fe(e) {
893
+ const t = new U(), s = I(e);
894
+ return t.route("/tenants", j(e, s)), t;
1157
895
  }
1158
- function ve(t) {
896
+ function _e(e) {
1159
897
  return {
1160
- hooks: R(t),
1161
- middleware: N(t),
1162
- app: pe(t),
1163
- config: t
898
+ hooks: I(e),
899
+ middleware: N(e),
900
+ app: fe(e),
901
+ config: e
1164
902
  };
1165
903
  }
1166
- function be(t) {
904
+ function Te(e) {
1167
905
  const {
1168
- controlPlaneTenantId: a = "control_plane",
1169
- syncResourceServers: i = !0,
1170
- syncRoles: e = !0,
1171
- multiTenancy: n,
1172
- entityHooks: r,
1173
- ...l
1174
- } = t, o = {
1175
- ...n,
906
+ controlPlaneTenantId: t = "control_plane",
907
+ syncResourceServers: s = !0,
908
+ syncRoles: a = !0,
909
+ multiTenancy: i,
910
+ entityHooks: n,
911
+ ...u
912
+ } = e, l = {
913
+ ...i,
1176
914
  accessControl: {
1177
- controlPlaneTenantId: a,
915
+ controlPlaneTenantId: t,
1178
916
  requireOrganizationMatch: !1,
1179
917
  defaultPermissions: ["tenant:admin"],
1180
- ...n == null ? void 0 : n.accessControl
918
+ ...i == null ? void 0 : i.accessControl
1181
919
  }
1182
- }, c = R(o);
1183
- let s, u;
1184
- i && (s = te({
1185
- controlPlaneTenantId: a,
1186
- getChildTenantIds: async () => (await z(
1187
- (m) => t.dataAdapter.tenants.list(m),
920
+ }, c = I(l);
921
+ let r, f;
922
+ s && (r = te({
923
+ controlPlaneTenantId: t,
924
+ getChildTenantIds: async () => (await S(
925
+ (m) => e.dataAdapter.tenants.list(m),
1188
926
  "tenants",
1189
927
  { cursorField: "id", pageSize: 100 }
1190
- )).filter((m) => m.id !== a).map((m) => m.id),
1191
- getAdapters: async (g) => t.dataAdapter
1192
- }), u = ae({
1193
- controlPlaneTenantId: a,
1194
- getControlPlaneAdapters: async () => t.dataAdapter,
1195
- getAdapters: async (g) => t.dataAdapter
928
+ )).filter((m) => m.id !== t).map((m) => m.id),
929
+ getAdapters: async (w) => e.dataAdapter
930
+ }), f = ae({
931
+ controlPlaneTenantId: t,
932
+ getControlPlaneAdapters: async () => e.dataAdapter,
933
+ getAdapters: async (w) => e.dataAdapter
1196
934
  }));
1197
- let f, d;
1198
- e && (f = ne({
1199
- controlPlaneTenantId: a,
1200
- getChildTenantIds: async () => (await z(
1201
- (m) => t.dataAdapter.tenants.list(m),
935
+ let d, o;
936
+ a && (d = ne({
937
+ controlPlaneTenantId: t,
938
+ getChildTenantIds: async () => (await S(
939
+ (m) => e.dataAdapter.tenants.list(m),
1202
940
  "tenants",
1203
941
  { cursorField: "id", pageSize: 100 }
1204
- )).filter((m) => m.id !== a).map((m) => m.id),
1205
- getAdapters: async (g) => t.dataAdapter
1206
- }), d = se({
1207
- controlPlaneTenantId: a,
1208
- getControlPlaneAdapters: async () => t.dataAdapter,
1209
- getAdapters: async (g) => t.dataAdapter,
942
+ )).filter((m) => m.id !== t).map((m) => m.id),
943
+ getAdapters: async (w) => e.dataAdapter
944
+ }), o = re({
945
+ controlPlaneTenantId: t,
946
+ getControlPlaneAdapters: async () => e.dataAdapter,
947
+ getAdapters: async (w) => e.dataAdapter,
1210
948
  syncPermissions: !0
1211
949
  }));
1212
- const p = async (g, m, ...h) => {
1213
- const v = [];
1214
- if (g)
950
+ const p = async (w, m, ...y) => {
951
+ const _ = [];
952
+ if (w)
1215
953
  try {
1216
- await g(...h);
1217
- } catch (b) {
1218
- v.push(b instanceof Error ? b : new Error(String(b)));
954
+ await w(...y);
955
+ } catch (A) {
956
+ _.push(A instanceof Error ? A : new Error(String(A)));
1219
957
  }
1220
958
  if (m)
1221
959
  try {
1222
- await m(...h);
1223
- } catch (b) {
1224
- v.push(b instanceof Error ? b : new Error(String(b)));
960
+ await m(...y);
961
+ } catch (A) {
962
+ _.push(A instanceof Error ? A : new Error(String(A)));
1225
963
  }
1226
- if (v.length === 1)
1227
- throw v[0];
1228
- if (v.length > 1)
964
+ if (_.length === 1)
965
+ throw _[0];
966
+ if (_.length > 1)
1229
967
  throw new AggregateError(
1230
- v,
1231
- `Multiple hook errors: ${v.map((b) => b.message).join("; ")}`
968
+ _,
969
+ `Multiple hook errors: ${_.map((A) => A.message).join("; ")}`
1232
970
  );
1233
- }, _ = async (g, ...m) => {
1234
- const h = [];
1235
- for (const v of g)
1236
- if (v)
971
+ }, g = async (w, ...m) => {
972
+ const y = [];
973
+ for (const _ of w)
974
+ if (_)
1237
975
  try {
1238
- await v(...m);
1239
- } catch (b) {
1240
- h.push(
1241
- b instanceof Error ? b : new Error(String(b))
976
+ await _(...m);
977
+ } catch (A) {
978
+ y.push(
979
+ A instanceof Error ? A : new Error(String(A))
1242
980
  );
1243
981
  }
1244
- if (h.length === 1)
1245
- throw h[0];
1246
- if (h.length > 1)
982
+ if (y.length === 1)
983
+ throw y[0];
984
+ if (y.length > 1)
1247
985
  throw new AggregateError(
1248
- h,
1249
- `Multiple hook errors: ${h.map((v) => v.message).join("; ")}`
986
+ y,
987
+ `Multiple hook errors: ${y.map((_) => _.message).join("; ")}`
1250
988
  );
1251
- }, y = {
1252
- ...r,
1253
- resourceServers: s ? {
1254
- ...r == null ? void 0 : r.resourceServers,
1255
- afterCreate: async (g, m) => {
1256
- var h;
989
+ }, h = {
990
+ ...n,
991
+ resourceServers: r ? {
992
+ ...n == null ? void 0 : n.resourceServers,
993
+ afterCreate: async (w, m) => {
994
+ var y;
1257
995
  await p(
1258
- (h = r == null ? void 0 : r.resourceServers) == null ? void 0 : h.afterCreate,
1259
- s == null ? void 0 : s.afterCreate,
1260
- g,
996
+ (y = n == null ? void 0 : n.resourceServers) == null ? void 0 : y.afterCreate,
997
+ r == null ? void 0 : r.afterCreate,
998
+ w,
1261
999
  m
1262
1000
  );
1263
1001
  },
1264
- afterUpdate: async (g, m, h) => {
1265
- var v;
1002
+ afterUpdate: async (w, m, y) => {
1003
+ var _;
1266
1004
  await p(
1267
- (v = r == null ? void 0 : r.resourceServers) == null ? void 0 : v.afterUpdate,
1268
- s == null ? void 0 : s.afterUpdate,
1269
- g,
1005
+ (_ = n == null ? void 0 : n.resourceServers) == null ? void 0 : _.afterUpdate,
1006
+ r == null ? void 0 : r.afterUpdate,
1007
+ w,
1270
1008
  m,
1271
- h
1009
+ y
1272
1010
  );
1273
1011
  },
1274
- afterDelete: async (g, m) => {
1275
- var h;
1012
+ afterDelete: async (w, m) => {
1013
+ var y;
1276
1014
  await p(
1277
- (h = r == null ? void 0 : r.resourceServers) == null ? void 0 : h.afterDelete,
1278
- s == null ? void 0 : s.afterDelete,
1279
- g,
1015
+ (y = n == null ? void 0 : n.resourceServers) == null ? void 0 : y.afterDelete,
1016
+ r == null ? void 0 : r.afterDelete,
1017
+ w,
1280
1018
  m
1281
1019
  );
1282
1020
  }
1283
- } : r == null ? void 0 : r.resourceServers,
1284
- roles: f ? {
1285
- ...r == null ? void 0 : r.roles,
1286
- afterCreate: async (g, m) => {
1287
- var h;
1021
+ } : n == null ? void 0 : n.resourceServers,
1022
+ roles: d ? {
1023
+ ...n == null ? void 0 : n.roles,
1024
+ afterCreate: async (w, m) => {
1025
+ var y;
1288
1026
  await p(
1289
- (h = r == null ? void 0 : r.roles) == null ? void 0 : h.afterCreate,
1290
- f == null ? void 0 : f.afterCreate,
1291
- g,
1027
+ (y = n == null ? void 0 : n.roles) == null ? void 0 : y.afterCreate,
1028
+ d == null ? void 0 : d.afterCreate,
1029
+ w,
1292
1030
  m
1293
1031
  );
1294
1032
  },
1295
- afterUpdate: async (g, m, h) => {
1296
- var v;
1033
+ afterUpdate: async (w, m, y) => {
1034
+ var _;
1297
1035
  await p(
1298
- (v = r == null ? void 0 : r.roles) == null ? void 0 : v.afterUpdate,
1299
- f == null ? void 0 : f.afterUpdate,
1300
- g,
1036
+ (_ = n == null ? void 0 : n.roles) == null ? void 0 : _.afterUpdate,
1037
+ d == null ? void 0 : d.afterUpdate,
1038
+ w,
1301
1039
  m,
1302
- h
1040
+ y
1303
1041
  );
1304
1042
  },
1305
- afterDelete: async (g, m) => {
1306
- var h;
1043
+ afterDelete: async (w, m) => {
1044
+ var y;
1307
1045
  await p(
1308
- (h = r == null ? void 0 : r.roles) == null ? void 0 : h.afterDelete,
1309
- f == null ? void 0 : f.afterDelete,
1310
- g,
1046
+ (y = n == null ? void 0 : n.roles) == null ? void 0 : y.afterDelete,
1047
+ d == null ? void 0 : d.afterDelete,
1048
+ w,
1311
1049
  m
1312
1050
  );
1313
1051
  }
1314
- } : r == null ? void 0 : r.roles,
1315
- tenants: u || d ? {
1316
- ...r == null ? void 0 : r.tenants,
1317
- afterCreate: async (g, m) => {
1318
- var h;
1319
- await _(
1052
+ } : n == null ? void 0 : n.roles,
1053
+ tenants: f || o ? {
1054
+ ...n == null ? void 0 : n.tenants,
1055
+ afterCreate: async (w, m) => {
1056
+ var y;
1057
+ await g(
1320
1058
  [
1321
- (h = r == null ? void 0 : r.tenants) == null ? void 0 : h.afterCreate,
1322
- u == null ? void 0 : u.afterCreate,
1323
- d == null ? void 0 : d.afterCreate
1059
+ (y = n == null ? void 0 : n.tenants) == null ? void 0 : y.afterCreate,
1060
+ f == null ? void 0 : f.afterCreate,
1061
+ o == null ? void 0 : o.afterCreate
1324
1062
  ],
1325
- g,
1063
+ w,
1326
1064
  m
1327
1065
  );
1328
1066
  }
1329
- } : r == null ? void 0 : r.tenants
1067
+ } : n == null ? void 0 : n.tenants
1330
1068
  }, T = {
1331
1069
  ...c,
1332
- tenants: u || d ? {
1070
+ tenants: f || o ? {
1333
1071
  ...c.tenants,
1334
- afterCreate: async (g, m) => {
1335
- var h;
1336
- (h = c.tenants) != null && h.afterCreate && await c.tenants.afterCreate(g, m), await _(
1072
+ afterCreate: async (w, m) => {
1073
+ var y;
1074
+ (y = c.tenants) != null && y.afterCreate && await c.tenants.afterCreate(w, m), await g(
1337
1075
  [
1338
- u == null ? void 0 : u.afterCreate,
1339
- d == null ? void 0 : d.afterCreate
1076
+ f == null ? void 0 : f.afterCreate,
1077
+ o == null ? void 0 : o.afterCreate
1340
1078
  ],
1341
- g,
1079
+ w,
1342
1080
  m
1343
1081
  );
1344
1082
  }
1345
1083
  } : c.tenants
1346
- }, P = re(
1347
- o,
1084
+ }, b = j(
1085
+ l,
1348
1086
  T
1349
- ), A = Q({
1350
- ...l,
1351
- entityHooks: y,
1087
+ ), q = L({
1088
+ ...u,
1089
+ entityHooks: h,
1352
1090
  // Register tenant routes via the extension mechanism
1353
1091
  // This ensures they go through the full middleware chain (caching, tenant, auth, entity hooks)
1354
1092
  managementApiExtensions: [
1355
- ...l.managementApiExtensions || [],
1356
- { path: "/tenants", router: P }
1093
+ ...u.managementApiExtensions || [],
1094
+ { path: "/tenants", router: b }
1357
1095
  ]
1358
- }), { app: O, managementApp: I, ...E } = A, q = new U();
1359
- return q.onError((g, m) => g instanceof w ? g.getResponse() : (console.error(g), m.json({ message: "Internal Server Error" }, 500))), q.use("/api/v2/*", de()), q.route("/", O), {
1360
- app: q,
1361
- managementApp: I,
1362
- ...E,
1363
- multiTenancyConfig: o,
1096
+ }), { app: $, managementApp: z, ...F } = q, v = new U();
1097
+ return v.onError((w, m) => w instanceof C ? w.getResponse() : (console.error(w), m.json({ message: "Internal Server Error" }, 500))), v.use("/api/v2/*", ce()), v.route("/", $), {
1098
+ app: v,
1099
+ managementApp: z,
1100
+ ...F,
1101
+ multiTenancyConfig: l,
1364
1102
  multiTenancyHooks: c
1365
1103
  };
1366
1104
  }
1367
1105
  export {
1368
- Pe as MANAGEMENT_API_SCOPES,
1369
- Z as createAccessControlHooks,
1106
+ ve as MANAGEMENT_API_SCOPES,
1107
+ X as createAccessControlHooks,
1370
1108
  le as createAccessControlMiddleware,
1371
- X as createDatabaseHooks,
1372
- fe as createDatabaseMiddleware,
1373
- pe as createMultiTenancy,
1374
- R as createMultiTenancyHooks,
1109
+ Z as createDatabaseHooks,
1110
+ ue as createDatabaseMiddleware,
1111
+ fe as createMultiTenancy,
1112
+ I as createMultiTenancyHooks,
1375
1113
  N as createMultiTenancyMiddleware,
1376
- Te as createMultiTenancyPlugin,
1377
- de as createProtectSyncedMiddleware,
1378
- H as createProvisioningHooks,
1114
+ ge as createMultiTenancyPlugin,
1115
+ ce as createProtectSyncedMiddleware,
1116
+ k as createProvisioningHooks,
1379
1117
  te as createResourceServerSyncHooks,
1380
1118
  ne as createRoleSyncHooks,
1381
- ue as createSubdomainMiddleware,
1119
+ de as createSubdomainMiddleware,
1382
1120
  ae as createTenantResourceServerSyncHooks,
1383
- se as createTenantRoleSyncHooks,
1384
- M as createTenantsRouter,
1385
- ze as fetchAll,
1386
- be as init,
1387
- Ie as seed,
1388
- ve as setupMultiTenancy,
1389
- J as validateTenantAccess
1121
+ re as createTenantRoleSyncHooks,
1122
+ j as createTenantsOpenAPIRouter,
1123
+ be as fetchAll,
1124
+ Te as init,
1125
+ Pe as seed,
1126
+ _e as setupMultiTenancy,
1127
+ Y as validateTenantAccess
1390
1128
  };