@authhero/multi-tenancy 13.14.0 → 13.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +46 -0
  2. package/dist/multi-tenancy.cjs +1 -1
  3. package/dist/multi-tenancy.d.ts +97 -42
  4. package/dist/multi-tenancy.mjs +616 -534
  5. package/package.json +3 -3
package/dist/multi-tenancy.mjs CHANGED
@@ -1,22 +1,22 @@
1
- var ne = Object.defineProperty;
2
- var re = (r, e, t) => e in r ? ne(r, e, { enumerable: !0, configurable: !0, writable: !0, value: t }) : r[e] = t;
3
- var U = (r, e, t) => re(r, typeof e != "symbol" ? e + "" : e, t);
4
- import { Hono as x } from "hono";
5
- import { getTenantAudience as ae, MANAGEMENT_API_SCOPES as se, MANAGEMENT_API_AUDIENCE as oe, fetchAll as F, init as ie } from "authhero";
1
+ var se = Object.defineProperty;
2
+ var oe = (t, e, n) => e in t ? se(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
3
+ var U = (t, e, n) => oe(t, typeof e != "symbol" ? e + "" : e, n);
4
+ import { Hono as te } from "hono";
5
+ import { getTenantAudience as ie, MANAGEMENT_API_SCOPES as ce, MANAGEMENT_API_AUDIENCE as le, fetchAll as F, init as de } from "authhero";
6
6
  export * from "authhero";
7
- import { OpenAPIHono as ce, createRoute as K, z } from "@hono/zod-openapi";
8
- import { auth0QuerySchema as le, tenantSchema as Z, tenantInsertSchema as de } from "@authhero/adapter-interfaces";
7
+ import { OpenAPIHono as ue, createRoute as B, z } from "@hono/zod-openapi";
8
+ import { auth0QuerySchema as me, tenantSchema as k, tenantInsertSchema as pe, connectionSchema as G, connectionOptionsSchema as K } from "@authhero/adapter-interfaces";
9
9
  var S = class extends Error {
10
10
  /**
11
11
  * Creates an instance of `HTTPException`.
12
12
  * @param status - HTTP status code for the exception. Defaults to 500.
13
13
  * @param options - Additional options for the exception.
14
14
  */
15
- constructor(e = 500, t) {
16
- super(t == null ? void 0 : t.message, { cause: t == null ? void 0 : t.cause });
15
+ constructor(e = 500, n) {
16
+ super(n == null ? void 0 : n.message, { cause: n == null ? void 0 : n.cause });
17
17
  U(this, "res");
18
18
  U(this, "status");
19
- this.res = t == null ? void 0 : t.res, this.status = e;
19
+ this.res = n == null ? void 0 : n.res, this.status = e;
20
20
  }
21
21
  /**
22
22
  * Returns the response object associated with the exception.
@@ -32,209 +32,173 @@ var S = class extends Error {
32
32
  });
33
33
  }
34
34
  };
35
- function ue(r) {
36
- const { controlPlaneTenantId: e, requireOrganizationMatch: t = !0 } = r;
35
+ function fe(t) {
36
+ const { controlPlaneTenantId: e, requireOrganizationMatch: n = !0 } = t;
37
37
  return {
38
- async onTenantAccessValidation(a, n) {
39
- if (n === e)
38
+ async onTenantAccessValidation(a, r) {
39
+ if (r === e)
40
40
  return !0;
41
- if (t) {
42
- const i = a.var.org_name, l = a.var.organization_id, o = i || l;
43
- return o ? o === n : !1;
41
+ if (n) {
42
+ const l = a.var.org_name, s = a.var.organization_id, i = l || s;
43
+ return i ? i === r : !1;
44
44
  }
45
45
  return !0;
46
46
  }
47
47
  };
48
48
  }
49
- function me(r, e, t, a) {
50
- if (e === t)
49
+ function we(t, e, n, a) {
50
+ if (e === n)
51
51
  return !0;
52
- const n = a || r;
53
- return n ? n === e : !1;
52
+ const r = a || t;
53
+ return r ? r === e : !1;
54
54
  }
55
- function pe(r) {
55
+ function ge(t) {
56
56
  return {
57
57
  async resolveDataAdapters(e) {
58
58
  try {
59
- return await r.getAdapters(e);
60
- } catch (t) {
59
+ return await t.getAdapters(e);
60
+ } catch (n) {
61
61
  console.error(
62
62
  `Failed to resolve data adapters for tenant ${e}:`,
63
- t
63
+ n
64
64
  );
65
65
  return;
66
66
  }
67
67
  }
68
68
  };
69
69
  }
70
- function fe(r) {
70
+ function he(t) {
71
71
  return {
72
- async beforeCreate(e, t) {
73
- return !t.audience && t.id ? {
74
- ...t,
75
- audience: ae(t.id)
76
- } : t;
72
+ async beforeCreate(e, n) {
73
+ return !n.audience && n.id ? {
74
+ ...n,
75
+ audience: ie(n.id)
76
+ } : n;
77
77
  },
78
- async afterCreate(e, t) {
79
- const { accessControl: a, databaseIsolation: n, settingsInheritance: i } = r;
80
- a && e.ctx && await we(e, t, a), n != null && n.onProvision && await n.onProvision(t.id), (i == null ? void 0 : i.inheritFromControlPlane) !== !1 && e.ctx && await ve(e, t, r);
78
+ async afterCreate(e, n) {
79
+ const { accessControl: a, databaseIsolation: r } = t;
80
+ a && e.ctx && await ve(e, n, a), r != null && r.onProvision && await r.onProvision(n.id);
81
81
  },
82
- async beforeDelete(e, t) {
83
- const { accessControl: a, databaseIsolation: n } = r;
82
+ async beforeDelete(e, n) {
83
+ const { accessControl: a, databaseIsolation: r } = t;
84
84
  if (a)
85
85
  try {
86
- const l = (await e.adapters.organizations.list(
86
+ const s = (await e.adapters.organizations.list(
87
87
  a.controlPlaneTenantId
88
- )).organizations.find((o) => o.name === t);
89
- l && await e.adapters.organizations.remove(
88
+ )).organizations.find((i) => i.name === n);
89
+ s && await e.adapters.organizations.remove(
90
90
  a.controlPlaneTenantId,
91
- l.id
91
+ s.id
92
92
  );
93
- } catch (i) {
93
+ } catch (l) {
94
94
  console.warn(
95
- `Failed to remove organization for tenant ${t}:`,
96
- i
95
+ `Failed to remove organization for tenant ${n}:`,
96
+ l
97
97
  );
98
98
  }
99
- if (n != null && n.onDeprovision)
99
+ if (r != null && r.onDeprovision)
100
100
  try {
101
- await n.onDeprovision(t);
102
- } catch (i) {
101
+ await r.onDeprovision(n);
102
+ } catch (l) {
103
103
  console.warn(
104
- `Failed to deprovision database for tenant ${t}:`,
105
- i
104
+ `Failed to deprovision database for tenant ${n}:`,
105
+ l
106
106
  );
107
107
  }
108
108
  }
109
109
  };
110
110
  }
111
- async function we(r, e, t) {
111
+ async function ve(t, e, n) {
112
112
  const {
113
113
  controlPlaneTenantId: a,
114
- defaultPermissions: n,
115
- defaultRoles: i,
116
- issuer: l,
117
- adminRoleName: o = "Tenant Admin",
118
- adminRoleDescription: m = "Full access to all tenant management operations",
119
- addCreatorToOrganization: s = !0
120
- } = t, c = await r.adapters.organizations.create(
114
+ defaultPermissions: r,
115
+ defaultRoles: l,
116
+ issuer: s,
117
+ adminRoleName: i = "Tenant Admin",
118
+ adminRoleDescription: p = "Full access to all tenant management operations",
119
+ addCreatorToOrganization: o = !0
120
+ } = n, c = await t.adapters.organizations.create(
121
121
  a,
122
122
  {
123
123
  name: e.id,
124
124
  display_name: e.friendly_name || e.id
125
125
  }
126
126
  );
127
- let d;
128
- if (l && (d = await ge(
129
- r,
127
+ let u;
128
+ if (s && (u = await ye(
129
+ t,
130
130
  a,
131
- o,
132
- m
133
- )), s && r.ctx) {
134
- const u = r.ctx.var.user;
135
- if (u != null && u.sub && !await he(
136
- r,
131
+ i,
132
+ p
133
+ )), o && t.ctx) {
134
+ const d = t.ctx.var.user;
135
+ if (d != null && d.sub && !await _e(
136
+ t,
137
137
  a,
138
- u.sub
138
+ d.sub
139
139
  ))
140
140
  try {
141
- await r.adapters.userOrganizations.create(a, {
142
- user_id: u.sub,
141
+ await t.adapters.userOrganizations.create(a, {
142
+ user_id: d.sub,
143
143
  organization_id: c.id
144
- }), d && await r.adapters.userRoles.create(
144
+ }), u && await t.adapters.userRoles.create(
145
145
  a,
146
- u.sub,
147
- d,
146
+ d.sub,
147
+ u,
148
148
  c.id
149
149
  // organizationId
150
150
  );
151
151
  } catch (f) {
152
152
  console.warn(
153
- `Failed to add creator ${u.sub} to organization ${c.id}:`,
153
+ `Failed to add creator ${d.sub} to organization ${c.id}:`,
154
154
  f
155
155
  );
156
156
  }
157
157
  }
158
- i && i.length > 0 && console.log(
159
- `Would assign roles ${i.join(", ")} to organization ${c.id}`
160
- ), n && n.length > 0 && console.log(
161
- `Would grant permissions ${n.join(", ")} to organization ${c.id}`
158
+ l && l.length > 0 && console.log(
159
+ `Would assign roles ${l.join(", ")} to organization ${c.id}`
160
+ ), r && r.length > 0 && console.log(
161
+ `Would grant permissions ${r.join(", ")} to organization ${c.id}`
162
162
  );
163
163
  }
164
- async function he(r, e, t) {
165
- const a = await r.adapters.userRoles.list(
164
+ async function _e(t, e, n) {
165
+ const a = await t.adapters.userRoles.list(
166
166
  e,
167
- t,
167
+ n,
168
168
  void 0,
169
169
  ""
170
170
  // Empty string for global roles
171
171
  );
172
- for (const n of a)
173
- if ((await r.adapters.rolePermissions.list(
172
+ for (const r of a)
173
+ if ((await t.adapters.rolePermissions.list(
174
174
  e,
175
- n.id,
175
+ r.id,
176
176
  { per_page: 1e3 }
177
177
  )).some(
178
- (o) => o.permission_name === "admin:organizations"
178
+ (i) => i.permission_name === "admin:organizations"
179
179
  ))
180
180
  return !0;
181
181
  return !1;
182
182
  }
183
- async function ge(r, e, t, a) {
184
- const i = (await r.adapters.roles.list(e, {})).roles.find((s) => s.name === t);
185
- if (i)
186
- return i.id;
187
- const l = await r.adapters.roles.create(e, {
188
- name: t,
183
+ async function ye(t, e, n, a) {
184
+ const l = (await t.adapters.roles.list(e, {})).roles.find((o) => o.name === n);
185
+ if (l)
186
+ return l.id;
187
+ const s = await t.adapters.roles.create(e, {
188
+ name: n,
189
189
  description: a
190
- }), o = oe, m = se.map((s) => ({
191
- role_id: l.id,
192
- resource_server_identifier: o,
193
- permission_name: s.value
190
+ }), i = le, p = ce.map((o) => ({
191
+ role_id: s.id,
192
+ resource_server_identifier: i,
193
+ permission_name: o.value
194
194
  }));
195
- return await r.adapters.rolePermissions.assign(
195
+ return await t.adapters.rolePermissions.assign(
196
196
  e,
197
- l.id,
198
- m
199
- ), l.id;
200
- }
201
- async function ve(r, e, t) {
202
- const { accessControl: a, settingsInheritance: n } = t;
203
- if (!a)
204
- return;
205
- const i = await r.adapters.tenants.get(
206
- a.controlPlaneTenantId
207
- );
208
- if (!i)
209
- return;
210
- let l = { ...i };
211
- const o = [
212
- "id",
213
- "created_at",
214
- "updated_at",
215
- // Tenant-specific required fields that should not be inherited
216
- "friendly_name",
217
- "audience",
218
- "sender_email",
219
- "sender_name"
220
- ];
221
- for (const m of o)
222
- delete l[m];
223
- if (n != null && n.inheritedKeys) {
224
- const m = {};
225
- for (const s of n.inheritedKeys)
226
- s in i && !o.includes(s) && (m[s] = i[s]);
227
- l = m;
228
- }
229
- if (n != null && n.excludedKeys)
230
- for (const m of n.excludedKeys)
231
- delete l[m];
232
- n != null && n.transformSettings && (l = n.transformSettings(
233
- l,
234
- e.id
235
- )), Object.keys(l).length > 0 && await r.adapters.tenants.update(e.id, l);
197
+ s.id,
198
+ p
199
+ ), s.id;
236
200
  }
237
- const _e = [
201
+ const be = [
238
202
  "client_id",
239
203
  "client_secret",
240
204
  "app_secret",
@@ -243,115 +207,115 @@ const _e = [
243
207
  "twilio_sid",
244
208
  "twilio_token"
245
209
  ];
246
- function B(r, e, t = () => !0) {
247
- const { controlPlaneTenantId: a, getChildTenantIds: n, getAdapters: i } = r, l = /* @__PURE__ */ new Map();
248
- async function o(c, d, u) {
249
- return (await e(c).list(d, {
250
- q: `name:${u}`,
210
+ function L(t, e, n = () => !0) {
211
+ const { controlPlaneTenantId: a, getChildTenantIds: r, getAdapters: l } = t, s = /* @__PURE__ */ new Map();
212
+ async function i(c, u, d) {
213
+ return (await e(c).list(u, {
214
+ q: `name:${d}`,
251
215
  per_page: 1
252
216
  }))[0] ?? null;
253
217
  }
254
- async function m(c) {
255
- const d = await n(), u = e(await i(a));
218
+ async function p(c) {
219
+ const u = await r(), d = e(await l(a));
256
220
  await Promise.all(
257
- d.map(async (p) => {
221
+ u.map(async (m) => {
258
222
  try {
259
- const f = await i(p), w = e(f), g = {
260
- ...u.transform(c),
223
+ const f = await l(m), w = e(f), h = {
224
+ ...d.transform(c),
261
225
  is_system: !0
262
- }, v = await o(f, p, c.name), _ = v ? w.getId(v) : void 0;
226
+ }, v = await i(f, m, c.name), _ = v ? w.getId(v) : void 0;
263
227
  if (v && _) {
264
- const C = w.preserveOnUpdate ? w.preserveOnUpdate(v, g) : g;
265
- await w.update(p, _, C);
228
+ const A = w.preserveOnUpdate ? w.preserveOnUpdate(v, h) : h;
229
+ await w.update(m, _, A);
266
230
  } else
267
- await w.create(p, g);
231
+ await w.create(m, h);
268
232
  } catch (f) {
269
233
  console.error(
270
- `Failed to sync ${u.listKey} "${c.name}" to tenant "${p}":`,
234
+ `Failed to sync ${d.listKey} "${c.name}" to tenant "${m}":`,
271
235
  f
272
236
  );
273
237
  }
274
238
  })
275
239
  );
276
240
  }
277
- async function s(c) {
278
- const d = await n();
241
+ async function o(c) {
242
+ const u = await r();
279
243
  await Promise.all(
280
- d.map(async (u) => {
244
+ u.map(async (d) => {
281
245
  try {
282
- const p = await i(u), f = e(p), w = await o(p, u, c), h = w ? f.getId(w) : void 0;
283
- w && h && await f.remove(u, h);
284
- } catch (p) {
246
+ const m = await l(d), f = e(m), w = await i(m, d, c), g = w ? f.getId(w) : void 0;
247
+ w && g && await f.remove(d, g);
248
+ } catch (m) {
285
249
  console.error(
286
- `Failed to delete entity "${c}" from tenant "${u}":`,
287
- p
250
+ `Failed to delete entity "${c}" from tenant "${d}":`,
251
+ m
288
252
  );
289
253
  }
290
254
  })
291
255
  );
292
256
  }
293
257
  return {
294
- afterCreate: async (c, d) => {
295
- c.tenantId === a && t(d) && await m(d);
258
+ afterCreate: async (c, u) => {
259
+ c.tenantId === a && n(u) && await p(u);
296
260
  },
297
- afterUpdate: async (c, d, u) => {
298
- c.tenantId === a && t(u) && await m(u);
261
+ afterUpdate: async (c, u, d) => {
262
+ c.tenantId === a && n(d) && await p(d);
299
263
  },
300
- beforeDelete: async (c, d) => {
264
+ beforeDelete: async (c, u) => {
301
265
  if (c.tenantId !== a) return;
302
- const p = await e(c.adapters).get(c.tenantId, d);
303
- p && t(p) && l.set(d, p);
266
+ const m = await e(c.adapters).get(c.tenantId, u);
267
+ m && n(m) && s.set(u, m);
304
268
  },
305
- afterDelete: async (c, d) => {
269
+ afterDelete: async (c, u) => {
306
270
  if (c.tenantId !== a) return;
307
- const u = l.get(d);
308
- u && (l.delete(d), await s(u.name));
271
+ const d = s.get(u);
272
+ d && (s.delete(u), await o(d.name));
309
273
  }
310
274
  };
311
275
  }
312
- function G(r, e, t = () => !0) {
313
- const { controlPlaneTenantId: a, getControlPlaneAdapters: n, getAdapters: i } = r;
276
+ function V(t, e, n = () => !0) {
277
+ const { controlPlaneTenantId: a, getControlPlaneAdapters: r, getAdapters: l } = t;
314
278
  return {
315
- async afterCreate(l, o) {
316
- if (o.id !== a)
279
+ async afterCreate(s, i) {
280
+ if (i.id !== a)
317
281
  try {
318
- const m = await n(), s = await i(o.id), c = e(m), d = e(s), u = await F(
319
- (p) => c.listPaginated(a, p),
282
+ const p = await r(), o = await l(i.id), c = e(p), u = e(o), d = await F(
283
+ (m) => c.listPaginated(a, m),
320
284
  c.listKey,
321
285
  { cursorField: "id", pageSize: 100 }
322
286
  );
323
287
  await Promise.all(
324
- u.filter((p) => t(p)).map(async (p) => {
288
+ d.filter((m) => n(m)).map(async (m) => {
325
289
  try {
326
- const f = c.transform(p);
327
- await d.create(o.id, {
290
+ const f = c.transform(m);
291
+ await u.create(i.id, {
328
292
  ...f,
329
293
  is_system: !0
330
294
  });
331
295
  } catch (f) {
332
296
  console.error(
333
- `Failed to sync entity to new tenant "${o.id}":`,
297
+ `Failed to sync entity to new tenant "${i.id}":`,
334
298
  f
335
299
  );
336
300
  }
337
301
  })
338
302
  );
339
- } catch (m) {
303
+ } catch (p) {
340
304
  console.error(
341
- `Failed to sync entities to new tenant "${o.id}":`,
342
- m
305
+ `Failed to sync entities to new tenant "${i.id}":`,
306
+ p
343
307
  );
344
308
  }
345
309
  }
346
310
  };
347
311
  }
348
- const E = (r) => ({
349
- list: async (e, t) => (await r.resourceServers.list(e, t)).resource_servers,
350
- listPaginated: (e, t) => r.resourceServers.list(e, t),
351
- get: (e, t) => r.resourceServers.get(e, t),
352
- create: (e, t) => r.resourceServers.create(e, t),
353
- update: (e, t, a) => r.resourceServers.update(e, t, a),
354
- remove: (e, t) => r.resourceServers.remove(e, t),
312
+ const H = (t) => ({
313
+ list: async (e, n) => (await t.resourceServers.list(e, n)).resource_servers,
314
+ listPaginated: (e, n) => t.resourceServers.list(e, n),
315
+ get: (e, n) => t.resourceServers.get(e, n),
316
+ create: (e, n) => t.resourceServers.create(e, n),
317
+ update: (e, n, a) => t.resourceServers.update(e, n, a),
318
+ remove: (e, n) => t.resourceServers.remove(e, n),
355
319
  listKey: "resource_servers",
356
320
  getId: (e) => e.id,
357
321
  transform: (e) => ({
@@ -362,37 +326,37 @@ const E = (r) => ({
362
326
  token_lifetime: e.token_lifetime,
363
327
  token_lifetime_for_web: e.token_lifetime_for_web
364
328
  })
365
- }), k = (r) => ({
366
- list: async (e, t) => (await r.roles.list(e, t)).roles,
367
- listPaginated: (e, t) => r.roles.list(e, t),
368
- get: (e, t) => r.roles.get(e, t),
369
- create: (e, t) => r.roles.create(e, t),
370
- update: (e, t, a) => r.roles.update(e, t, a),
371
- remove: (e, t) => r.roles.remove(e, t),
329
+ }), x = (t) => ({
330
+ list: async (e, n) => (await t.roles.list(e, n)).roles,
331
+ listPaginated: (e, n) => t.roles.list(e, n),
332
+ get: (e, n) => t.roles.get(e, n),
333
+ create: (e, n) => t.roles.create(e, n),
334
+ update: (e, n, a) => t.roles.update(e, n, a),
335
+ remove: (e, n) => t.roles.remove(e, n),
372
336
  listKey: "roles",
373
337
  getId: (e) => e.id,
374
338
  transform: (e) => ({
375
339
  name: e.name,
376
340
  description: e.description
377
341
  })
378
- }), H = (r) => ({
379
- list: async (e, t) => (await r.connections.list(e, t)).connections,
380
- listPaginated: (e, t) => r.connections.list(e, t),
381
- get: (e, t) => r.connections.get(e, t),
382
- create: (e, t) => r.connections.create(e, t),
383
- update: (e, t, a) => r.connections.update(e, t, a),
384
- remove: (e, t) => r.connections.remove(e, t),
342
+ }), ee = (t) => ({
343
+ list: async (e, n) => (await t.connections.list(e, n)).connections,
344
+ listPaginated: (e, n) => t.connections.list(e, n),
345
+ get: (e, n) => t.connections.get(e, n),
346
+ create: (e, n) => t.connections.create(e, n),
347
+ update: (e, n, a) => t.connections.update(e, n, a),
348
+ remove: (e, n) => t.connections.remove(e, n),
385
349
  listKey: "connections",
386
350
  getId: (e) => e.id,
387
351
  transform: (e) => {
388
- const t = e.options ? { ...e.options } : {};
389
- for (const a of _e)
390
- delete t[a];
352
+ const n = e.options ? { ...e.options } : {};
353
+ for (const a of be)
354
+ delete n[a];
391
355
  return {
392
356
  name: e.name,
393
357
  display_name: e.display_name,
394
358
  strategy: e.strategy,
395
- options: t,
359
+ options: n,
396
360
  response_type: e.response_type,
397
361
  response_mode: e.response_mode,
398
362
  is_domain_connection: e.is_domain_connection,
@@ -400,12 +364,12 @@ const E = (r) => ({
400
364
  metadata: e.metadata
401
365
  };
402
366
  },
403
- preserveOnUpdate: (e, t) => {
367
+ preserveOnUpdate: (e, n) => {
404
368
  const a = e.options || {};
405
369
  return {
406
- ...t,
370
+ ...n,
407
371
  options: {
408
- ...t.options,
372
+ ...n.options,
409
373
  client_id: a.client_id,
410
374
  client_secret: a.client_secret,
411
375
  app_secret: a.app_secret,
@@ -417,122 +381,122 @@ const E = (r) => ({
417
381
  };
418
382
  }
419
383
  });
420
- function ye(r) {
421
- const { sync: e = {}, filters: t = {} } = r, a = e.resourceServers ?? !0, n = e.roles ?? !0, i = e.connections ?? !0, l = a ? B(
422
- r,
423
- E,
424
- t.resourceServers
425
- ) : void 0, o = n ? B(
426
- r,
427
- k,
428
- t.roles
429
- ) : void 0, m = i ? B(
430
- r,
384
+ function Ce(t) {
385
+ const { sync: e = {}, filters: n = {} } = t, a = e.resourceServers ?? !0, r = e.roles ?? !0, l = e.connections ?? !0, s = a ? L(
386
+ t,
431
387
  H,
432
- t.connections
433
- ) : void 0, s = a ? G(
434
- r,
435
- E,
436
- t.resourceServers
437
- ) : void 0, c = n ? G(
438
- r,
439
- k,
440
- t.roles
441
- ) : void 0, d = i ? G(
442
- r,
388
+ n.resourceServers
389
+ ) : void 0, i = r ? L(
390
+ t,
391
+ x,
392
+ n.roles
393
+ ) : void 0, p = l ? L(
394
+ t,
395
+ ee,
396
+ n.connections
397
+ ) : void 0, o = a ? V(
398
+ t,
443
399
  H,
444
- t.connections
445
- ) : void 0, u = n ? {
446
- async afterCreate(w, h) {
447
- var g;
448
- if (h.id !== r.controlPlaneTenantId) {
449
- await ((g = c == null ? void 0 : c.afterCreate) == null ? void 0 : g.call(c, w, h));
400
+ n.resourceServers
401
+ ) : void 0, c = r ? V(
402
+ t,
403
+ x,
404
+ n.roles
405
+ ) : void 0, u = l ? V(
406
+ t,
407
+ ee,
408
+ n.connections
409
+ ) : void 0, d = r ? {
410
+ async afterCreate(w, g) {
411
+ var h;
412
+ if (g.id !== t.controlPlaneTenantId) {
413
+ await ((h = c == null ? void 0 : c.afterCreate) == null ? void 0 : h.call(c, w, g));
450
414
  try {
451
- const v = await r.getControlPlaneAdapters(), _ = await r.getAdapters(h.id), C = await F(
415
+ const v = await t.getControlPlaneAdapters(), _ = await t.getAdapters(g.id), A = await F(
452
416
  (b) => v.roles.list(
453
- r.controlPlaneTenantId,
417
+ t.controlPlaneTenantId,
454
418
  b
455
419
  ),
456
420
  "roles",
457
421
  { cursorField: "id", pageSize: 100 }
458
422
  ), $ = /* @__PURE__ */ new Map();
459
- for (const b of C.filter(
423
+ for (const b of A.filter(
460
424
  (y) => {
461
- var A;
462
- return ((A = t.roles) == null ? void 0 : A.call(t, y)) ?? !0;
425
+ var C;
426
+ return ((C = n.roles) == null ? void 0 : C.call(n, y)) ?? !0;
463
427
  }
464
428
  )) {
465
- const y = await p(
429
+ const y = await m(
466
430
  _,
467
- h.id,
431
+ g.id,
468
432
  b.name
469
433
  );
470
434
  y && $.set(b.name, y.id);
471
435
  }
472
- for (const b of C.filter(
436
+ for (const b of A.filter(
473
437
  (y) => {
474
- var A;
475
- return ((A = t.roles) == null ? void 0 : A.call(t, y)) ?? !0;
438
+ var C;
439
+ return ((C = n.roles) == null ? void 0 : C.call(n, y)) ?? !0;
476
440
  }
477
441
  )) {
478
442
  const y = $.get(b.name);
479
443
  if (y)
480
444
  try {
481
- const A = await v.rolePermissions.list(
482
- r.controlPlaneTenantId,
445
+ const C = await v.rolePermissions.list(
446
+ t.controlPlaneTenantId,
483
447
  b.id,
484
448
  {}
485
449
  );
486
- A.length > 0 && await _.rolePermissions.assign(
487
- h.id,
450
+ C.length > 0 && await _.rolePermissions.assign(
451
+ g.id,
488
452
  y,
489
- A.map((I) => ({
453
+ C.map((P) => ({
490
454
  role_id: y,
491
- resource_server_identifier: I.resource_server_identifier,
492
- permission_name: I.permission_name
455
+ resource_server_identifier: P.resource_server_identifier,
456
+ permission_name: P.permission_name
493
457
  }))
494
458
  );
495
- } catch (A) {
459
+ } catch (C) {
496
460
  console.error(
497
- `Failed to sync permissions for role "${b.name}" to tenant "${h.id}":`,
498
- A
461
+ `Failed to sync permissions for role "${b.name}" to tenant "${g.id}":`,
462
+ C
499
463
  );
500
464
  }
501
465
  }
502
466
  } catch (v) {
503
467
  console.error(
504
- `Failed to sync role permissions to tenant "${h.id}":`,
468
+ `Failed to sync role permissions to tenant "${g.id}":`,
505
469
  v
506
470
  );
507
471
  }
508
472
  }
509
473
  }
510
474
  } : void 0;
511
- async function p(w, h, g) {
512
- return (await w.roles.list(h, {
513
- q: `name:${g}`,
475
+ async function m(w, g, h) {
476
+ return (await w.roles.list(g, {
477
+ q: `name:${h}`,
514
478
  per_page: 1
515
479
  })).roles[0] ?? null;
516
480
  }
517
481
  return {
518
482
  entityHooks: {
519
- resourceServers: l,
520
- roles: o,
521
- connections: m
483
+ resourceServers: s,
484
+ roles: i,
485
+ connections: p
522
486
  },
523
487
  tenantHooks: {
524
- async afterCreate(w, h) {
525
- const g = [
526
- s == null ? void 0 : s.afterCreate,
527
- (u == null ? void 0 : u.afterCreate) ?? (c == null ? void 0 : c.afterCreate),
528
- d == null ? void 0 : d.afterCreate
488
+ async afterCreate(w, g) {
489
+ const h = [
490
+ o == null ? void 0 : o.afterCreate,
491
+ (d == null ? void 0 : d.afterCreate) ?? (c == null ? void 0 : c.afterCreate),
492
+ u == null ? void 0 : u.afterCreate
529
493
  ], v = [];
530
- for (const _ of g)
494
+ for (const _ of h)
531
495
  if (_)
532
496
  try {
533
- await _(w, h);
534
- } catch (C) {
535
- v.push(C instanceof Error ? C : new Error(String(C)));
497
+ await _(w, g);
498
+ } catch (A) {
499
+ v.push(A instanceof Error ? A : new Error(String(A)));
536
500
  }
537
501
  if (v.length === 1) throw v[0];
538
502
  if (v.length > 1)
@@ -544,15 +508,15 @@ function ye(r) {
544
508
  }
545
509
  };
546
510
  }
547
- function L(r, e) {
548
- const t = new ce();
549
- return t.openapi(
550
- K({
511
+ function W(t, e) {
512
+ const n = new ue();
513
+ return n.openapi(
514
+ B({
551
515
  tags: ["tenants"],
552
516
  method: "get",
553
517
  path: "/",
554
518
  request: {
555
- query: le
519
+ query: me
556
520
  },
557
521
  security: [
558
522
  {
@@ -564,7 +528,7 @@ function L(r, e) {
564
528
  content: {
565
529
  "application/json": {
566
530
  schema: z.object({
567
- tenants: z.array(Z),
531
+ tenants: z.array(k),
568
532
  start: z.number().optional(),
569
533
  limit: z.number().optional(),
570
534
  length: z.number().optional()
@@ -576,74 +540,74 @@ function L(r, e) {
576
540
  }
577
541
  }),
578
542
  async (a) => {
579
- var p, f, w, h;
580
- const n = a.req.valid("query"), { page: i, per_page: l, include_totals: o, q: m } = n, s = a.var.user, c = (s == null ? void 0 : s.permissions) || [];
543
+ var m, f, w, g;
544
+ const r = a.req.valid("query"), { page: l, per_page: s, include_totals: i, q: p } = r, o = a.var.user, c = (o == null ? void 0 : o.permissions) || [];
581
545
  if (c.includes("auth:read") || c.includes("admin:organizations")) {
582
- const g = await a.env.data.tenants.list({
583
- page: i,
584
- per_page: l,
585
- include_totals: o,
586
- q: m
546
+ const h = await a.env.data.tenants.list({
547
+ page: l,
548
+ per_page: s,
549
+ include_totals: i,
550
+ q: p
587
551
  });
588
- return o ? a.json({
589
- tenants: g.tenants,
590
- start: ((p = g.totals) == null ? void 0 : p.start) ?? 0,
591
- limit: ((f = g.totals) == null ? void 0 : f.limit) ?? l,
592
- length: g.tenants.length
593
- }) : a.json({ tenants: g.tenants });
552
+ return i ? a.json({
553
+ tenants: h.tenants,
554
+ start: ((m = h.totals) == null ? void 0 : m.start) ?? 0,
555
+ limit: ((f = h.totals) == null ? void 0 : f.limit) ?? s,
556
+ length: h.tenants.length
557
+ }) : a.json({ tenants: h.tenants });
594
558
  }
595
- if (r.accessControl && (s != null && s.sub)) {
596
- const g = r.accessControl.controlPlaneTenantId, _ = (await F(
559
+ if (t.accessControl && (o != null && o.sub)) {
560
+ const h = t.accessControl.controlPlaneTenantId, _ = (await F(
597
561
  (D) => a.env.data.userOrganizations.listUserOrganizations(
598
- g,
599
- s.sub,
562
+ h,
563
+ o.sub,
600
564
  D
601
565
  ),
602
566
  "organizations"
603
567
  )).map((D) => D.name);
604
568
  if (_.length === 0)
605
- return o ? a.json({
569
+ return i ? a.json({
606
570
  tenants: [],
607
571
  start: 0,
608
- limit: l ?? 50,
572
+ limit: s ?? 50,
609
573
  length: 0
610
574
  }) : a.json({ tenants: [] });
611
- const C = _.length, $ = i ?? 0, b = l ?? 50, y = $ * b, A = _.slice(y, y + b);
612
- if (A.length === 0)
613
- return o ? a.json({
575
+ const A = _.length, $ = l ?? 0, b = s ?? 50, y = $ * b, C = _.slice(y, y + b);
576
+ if (C.length === 0)
577
+ return i ? a.json({
614
578
  tenants: [],
615
579
  start: y,
616
580
  limit: b,
617
- length: C
581
+ length: A
618
582
  }) : a.json({ tenants: [] });
619
- const I = A.map((D) => `id:${D}`).join(" OR "), j = m ? `(${I}) AND (${m})` : I, R = await a.env.data.tenants.list({
620
- q: j,
583
+ const P = C.map((D) => `id:${D}`).join(" OR "), q = p ? `(${P}) AND (${p})` : P, R = await a.env.data.tenants.list({
584
+ q,
621
585
  per_page: b,
622
586
  include_totals: !1
623
587
  // We calculate totals from accessibleTenantIds
624
588
  });
625
- return o ? a.json({
589
+ return i ? a.json({
626
590
  tenants: R.tenants,
627
591
  start: y,
628
592
  limit: b,
629
- length: C
593
+ length: A
630
594
  }) : a.json({ tenants: R.tenants });
631
595
  }
632
- const u = await a.env.data.tenants.list({
633
- page: i,
634
- per_page: l,
635
- include_totals: o,
636
- q: m
596
+ const d = await a.env.data.tenants.list({
597
+ page: l,
598
+ per_page: s,
599
+ include_totals: i,
600
+ q: p
637
601
  });
638
- return o ? a.json({
639
- tenants: u.tenants,
640
- start: ((w = u.totals) == null ? void 0 : w.start) ?? 0,
641
- limit: ((h = u.totals) == null ? void 0 : h.limit) ?? l,
642
- length: u.tenants.length
643
- }) : a.json({ tenants: u.tenants });
602
+ return i ? a.json({
603
+ tenants: d.tenants,
604
+ start: ((w = d.totals) == null ? void 0 : w.start) ?? 0,
605
+ limit: ((g = d.totals) == null ? void 0 : g.limit) ?? s,
606
+ length: d.tenants.length
607
+ }) : a.json({ tenants: d.tenants });
644
608
  }
645
- ), t.openapi(
646
- K({
609
+ ), n.openapi(
610
+ B({
647
611
  tags: ["tenants"],
648
612
  method: "post",
649
613
  path: "/",
@@ -651,7 +615,7 @@ function L(r, e) {
651
615
  body: {
652
616
  content: {
653
617
  "application/json": {
654
- schema: de
618
+ schema: pe
655
619
  }
656
620
  }
657
621
  }
@@ -665,7 +629,7 @@ function L(r, e) {
665
629
  201: {
666
630
  content: {
667
631
  "application/json": {
668
- schema: Z
632
+ schema: k
669
633
  }
670
634
  },
671
635
  description: "Tenant created"
@@ -679,23 +643,23 @@ function L(r, e) {
679
643
  }
680
644
  }),
681
645
  async (a) => {
682
- var m, s;
683
- const n = a.var.user;
684
- if (!(n != null && n.sub))
646
+ var p, o;
647
+ const r = a.var.user;
648
+ if (!(r != null && r.sub))
685
649
  throw new S(401, {
686
650
  message: "Authentication required to create tenants"
687
651
  });
688
- let i = a.req.valid("json");
689
- const l = {
652
+ let l = a.req.valid("json");
653
+ const s = {
690
654
  adapters: a.env.data,
691
655
  ctx: a
692
656
  };
693
- (m = e.tenants) != null && m.beforeCreate && (i = await e.tenants.beforeCreate(l, i));
694
- const o = await a.env.data.tenants.create(i);
695
- return (s = e.tenants) != null && s.afterCreate && await e.tenants.afterCreate(l, o), a.json(o, 201);
657
+ (p = e.tenants) != null && p.beforeCreate && (l = await e.tenants.beforeCreate(s, l));
658
+ const i = await a.env.data.tenants.create(l);
659
+ return (o = e.tenants) != null && o.afterCreate && await e.tenants.afterCreate(s, i), a.json(i, 201);
696
660
  }
697
- ), t.openapi(
698
- K({
661
+ ), n.openapi(
662
+ B({
699
663
  tags: ["tenants"],
700
664
  method: "delete",
701
665
  path: "/{id}",
@@ -722,43 +686,43 @@ function L(r, e) {
722
686
  }
723
687
  }),
724
688
  async (a) => {
725
- var o, m;
726
- const { id: n } = a.req.valid("param");
727
- if (r.accessControl) {
728
- const s = a.var.user, c = r.accessControl.controlPlaneTenantId;
729
- if (!(s != null && s.sub))
689
+ var i, p;
690
+ const { id: r } = a.req.valid("param");
691
+ if (t.accessControl) {
692
+ const o = a.var.user, c = t.accessControl.controlPlaneTenantId;
693
+ if (!(o != null && o.sub))
730
694
  throw new S(401, {
731
695
  message: "Authentication required"
732
696
  });
733
- if (n === c)
697
+ if (r === c)
734
698
  throw new S(403, {
735
699
  message: "Cannot delete the control plane"
736
700
  });
737
701
  if (!(await F(
738
- (p) => a.env.data.userOrganizations.listUserOrganizations(
702
+ (m) => a.env.data.userOrganizations.listUserOrganizations(
739
703
  c,
740
- s.sub,
741
- p
704
+ o.sub,
705
+ m
742
706
  ),
743
707
  "organizations"
744
- )).some((p) => p.name === n))
708
+ )).some((m) => m.name === r))
745
709
  throw new S(403, {
746
710
  message: "Access denied to this tenant"
747
711
  });
748
712
  }
749
- if (!await a.env.data.tenants.get(n))
713
+ if (!await a.env.data.tenants.get(r))
750
714
  throw new S(404, {
751
715
  message: "Tenant not found"
752
716
  });
753
- const l = {
717
+ const s = {
754
718
  adapters: a.env.data,
755
719
  ctx: a
756
720
  };
757
- return (o = e.tenants) != null && o.beforeDelete && await e.tenants.beforeDelete(l, n), await a.env.data.tenants.remove(n), (m = e.tenants) != null && m.afterDelete && await e.tenants.afterDelete(l, n), a.body(null, 204);
721
+ return (i = e.tenants) != null && i.beforeDelete && await e.tenants.beforeDelete(s, r), await a.env.data.tenants.remove(r), (p = e.tenants) != null && p.afterDelete && await e.tenants.afterDelete(s, r), a.body(null, 204);
758
722
  }
759
- ), t;
723
+ ), n;
760
724
  }
761
- function be(r) {
725
+ function Ae(t) {
762
726
  const e = [
763
727
  {
764
728
  pattern: /\/api\/v2\/resource-servers\/([^/]+)$/,
@@ -767,26 +731,26 @@ function be(r) {
767
731
  { pattern: /\/api\/v2\/roles\/([^/]+)$/, type: "role" },
768
732
  { pattern: /\/api\/v2\/connections\/([^/]+)$/, type: "connection" }
769
733
  ];
770
- for (const { pattern: t, type: a } of e) {
771
- const n = r.match(t);
772
- if (n && n[1])
773
- return { type: a, id: n[1] };
734
+ for (const { pattern: n, type: a } of e) {
735
+ const r = t.match(n);
736
+ if (r && r[1])
737
+ return { type: a, id: r[1] };
774
738
  }
775
739
  return null;
776
740
  }
777
- async function Ae(r, e, t) {
741
+ async function Te(t, e, n) {
778
742
  try {
779
- switch (t.type) {
743
+ switch (n.type) {
780
744
  case "resource_server": {
781
- const a = await r.resourceServers.get(e, t.id);
745
+ const a = await t.resourceServers.get(e, n.id);
782
746
  return (a == null ? void 0 : a.is_system) === !0;
783
747
  }
784
748
  case "role": {
785
- const a = await r.roles.get(e, t.id);
749
+ const a = await t.roles.get(e, n.id);
786
750
  return (a == null ? void 0 : a.is_system) === !0;
787
751
  }
788
752
  case "connection": {
789
- const a = await r.connections.get(e, t.id);
753
+ const a = await t.connections.get(e, n.id);
790
754
  return (a == null ? void 0 : a.is_system) === !0;
791
755
  }
792
756
  default:
@@ -796,169 +760,283 @@ async function Ae(r, e, t) {
796
760
  return !1;
797
761
  }
798
762
  }
799
- function Ce(r) {
763
+ function Se(t) {
800
764
  return {
801
765
  resource_server: "resource server",
802
766
  role: "role",
803
767
  connection: "connection"
804
- }[r];
768
+ }[t];
805
769
  }
806
- function Te() {
807
- return async (r, e) => {
808
- if (!["PATCH", "PUT", "DELETE"].includes(r.req.method))
770
+ function Ie() {
771
+ return async (t, e) => {
772
+ if (!["PATCH", "PUT", "DELETE"].includes(t.req.method))
809
773
  return e();
810
- const t = be(r.req.path);
811
- if (!t)
774
+ const n = Ae(t.req.path);
775
+ if (!n)
812
776
  return e();
813
- const a = r.var.tenant_id || r.req.header("x-tenant-id") || r.req.header("tenant-id");
777
+ const a = t.var.tenant_id || t.req.header("x-tenant-id") || t.req.header("tenant-id");
814
778
  if (!a)
815
779
  return e();
816
- if (await Ae(r.env.data, a, t))
780
+ if (await Te(t.env.data, a, n))
817
781
  throw new S(403, {
818
- message: `This ${Ce(t.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
782
+ message: `This ${Se(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
819
783
  });
820
784
  return e();
821
785
  };
822
786
  }
823
- function Se(r) {
824
- return async (e, t) => {
825
- if (!r.accessControl)
826
- return t();
827
- const a = e.var.tenant_id, n = e.var.organization_id;
787
+ function ne(t, e) {
788
+ const { controlPlaneTenantId: n, controlPlaneClientId: a } = e;
789
+ return {
790
+ ...t,
791
+ legacyClients: {
792
+ ...t.legacyClients,
793
+ get: async (r) => {
794
+ var u;
795
+ const l = await t.legacyClients.get(r);
796
+ if (!l)
797
+ return null;
798
+ const s = a ? await t.legacyClients.get(a) : void 0, i = await t.connections.list(
799
+ l.tenant.id
800
+ ), p = n ? await t.connections.list(n) : { connections: [] }, o = i.connections.map((d) => {
801
+ var w;
802
+ const m = (w = p.connections) == null ? void 0 : w.find(
803
+ (g) => g.name === d.name
804
+ );
805
+ if (!(m != null && m.options))
806
+ return d;
807
+ const f = G.parse({
808
+ ...m || {},
809
+ ...d
810
+ });
811
+ return f.options = K.parse({
812
+ ...m.options || {},
813
+ ...d.options
814
+ }), f;
815
+ }).filter((d) => d), c = {
816
+ ...(s == null ? void 0 : s.tenant) || {},
817
+ ...l.tenant
818
+ };
819
+ return !l.tenant.audience && ((u = s == null ? void 0 : s.tenant) != null && u.audience) && (c.audience = s.tenant.audience), {
820
+ ...l,
821
+ web_origins: [
822
+ ...(s == null ? void 0 : s.web_origins) || [],
823
+ ...l.web_origins || []
824
+ ],
825
+ allowed_logout_urls: [
826
+ ...(s == null ? void 0 : s.allowed_logout_urls) || [],
827
+ ...l.allowed_logout_urls || []
828
+ ],
829
+ callbacks: [
830
+ ...(s == null ? void 0 : s.callbacks) || [],
831
+ ...l.callbacks || []
832
+ ],
833
+ connections: o,
834
+ tenant: c
835
+ };
836
+ }
837
+ },
838
+ connections: {
839
+ ...t.connections,
840
+ get: async (r, l) => {
841
+ const s = await t.connections.get(
842
+ r,
843
+ l
844
+ );
845
+ if (!s || !n)
846
+ return s;
847
+ const i = await t.connections.get(
848
+ n,
849
+ l
850
+ );
851
+ if (!i)
852
+ return s;
853
+ const p = G.parse({
854
+ ...i,
855
+ ...s
856
+ });
857
+ return p.options = K.parse({
858
+ ...i.options || {},
859
+ ...s.options
860
+ }), p;
861
+ },
862
+ list: async (r, l) => {
863
+ const s = await t.connections.list(r, l);
864
+ if (!n || r === n)
865
+ return s;
866
+ const i = await t.connections.list(n), p = s.connections.map((o) => {
867
+ var d;
868
+ const c = (d = i.connections) == null ? void 0 : d.find(
869
+ (m) => m.name === o.name
870
+ );
871
+ if (!(c != null && c.options))
872
+ return o;
873
+ const u = G.parse({
874
+ ...c,
875
+ ...o
876
+ });
877
+ return u.options = K.parse({
878
+ ...c.options || {},
879
+ ...o.options
880
+ }), u;
881
+ });
882
+ return {
883
+ ...s,
884
+ connections: p
885
+ };
886
+ }
887
+ }
888
+ // Note: Additional adapters can be extended here for runtime fallback:
889
+ // - promptSettings: Fall back to control plane prompts
890
+ // - branding: Fall back to control plane branding/themes
891
+ // - emailProviders: Fall back to control plane SMTP settings
892
+ //
893
+ // For now, we pass through other adapters unchanged.
894
+ // They remain part of ...baseAdapters and can be properly wrapped by caching.
895
+ };
896
+ }
897
+ function Pe(t, e) {
898
+ return ne(t, e);
899
+ }
900
+ const Ne = ne, Ue = Pe;
901
+ function De(t) {
902
+ return async (e, n) => {
903
+ if (!t.accessControl)
904
+ return n();
905
+ const a = e.var.tenant_id, r = e.var.organization_id;
828
906
  if (!a)
829
907
  throw new S(400, {
830
908
  message: "Tenant ID not found in request"
831
909
  });
832
- if (!me(
833
- n,
910
+ if (!we(
911
+ r,
834
912
  a,
835
- r.accessControl.controlPlaneTenantId
913
+ t.accessControl.controlPlaneTenantId
836
914
  ))
837
915
  throw new S(403, {
838
916
  message: `Access denied to tenant ${a}`
839
917
  });
840
- return t();
918
+ return n();
841
919
  };
842
920
  }
843
- function Pe(r) {
844
- return async (e, t) => {
845
- if (!r.subdomainRouting)
846
- return t();
921
+ function $e(t) {
922
+ return async (e, n) => {
923
+ if (!t.subdomainRouting)
924
+ return n();
847
925
  const {
848
926
  baseDomain: a,
849
- reservedSubdomains: n = [],
850
- resolveSubdomain: i
851
- } = r.subdomainRouting, l = e.req.header("host") || "";
852
- let o = null;
853
- if (l.endsWith(a)) {
854
- const s = l.slice(0, -(a.length + 1));
855
- s && !s.includes(".") && (o = s);
927
+ reservedSubdomains: r = [],
928
+ resolveSubdomain: l
929
+ } = t.subdomainRouting, s = e.req.header("host") || "";
930
+ let i = null;
931
+ if (s.endsWith(a)) {
932
+ const o = s.slice(0, -(a.length + 1));
933
+ o && !o.includes(".") && (i = o);
856
934
  }
857
- if (o && n.includes(o) && (o = null), !o)
858
- return r.accessControl && e.set("tenant_id", r.accessControl.controlPlaneTenantId), t();
859
- let m = null;
860
- if (i)
861
- m = await i(o);
862
- else if (r.subdomainRouting.useOrganizations !== !1 && r.accessControl)
935
+ if (i && r.includes(i) && (i = null), !i)
936
+ return t.accessControl && e.set("tenant_id", t.accessControl.controlPlaneTenantId), n();
937
+ let p = null;
938
+ if (l)
939
+ p = await l(i);
940
+ else if (t.subdomainRouting.useOrganizations !== !1 && t.accessControl)
863
941
  try {
864
- const s = await e.env.data.organizations.get(
865
- r.accessControl.controlPlaneTenantId,
866
- o
942
+ const o = await e.env.data.organizations.get(
943
+ t.accessControl.controlPlaneTenantId,
944
+ i
867
945
  );
868
- s && (m = s.id);
946
+ o && (p = o.id);
869
947
  } catch {
870
948
  }
871
- if (!m)
949
+ if (!p)
872
950
  throw new S(404, {
873
- message: `Tenant not found for subdomain: ${o}`
951
+ message: `Tenant not found for subdomain: ${i}`
874
952
  });
875
- return e.set("tenant_id", m), t();
953
+ return e.set("tenant_id", p), n();
876
954
  };
877
955
  }
878
- function Ie(r) {
879
- return async (e, t) => {
880
- if (!r.databaseIsolation)
881
- return t();
956
+ function ze(t) {
957
+ return async (e, n) => {
958
+ if (!t.databaseIsolation)
959
+ return n();
882
960
  const a = e.var.tenant_id;
883
961
  if (!a)
884
962
  throw new S(400, {
885
963
  message: "Tenant ID not found in request"
886
964
  });
887
965
  try {
888
- const n = await r.databaseIsolation.getAdapters(a);
889
- e.env.data = n;
890
- } catch (n) {
966
+ const r = await t.databaseIsolation.getAdapters(a);
967
+ e.env.data = r;
968
+ } catch (r) {
891
969
  throw console.error(
892
970
  `Failed to resolve database for tenant ${a}:`,
893
- n
971
+ r
894
972
  ), new S(500, {
895
973
  message: "Failed to resolve tenant database"
896
974
  });
897
975
  }
898
- return t();
976
+ return n();
899
977
  };
900
978
  }
901
- function ee(r) {
902
- const e = Pe(r), t = Se(r), a = Ie(r);
903
- return async (n, i) => (await e(n, async () => {
904
- }), await t(n, async () => {
905
- }), await a(n, async () => {
906
- }), i());
979
+ function re(t) {
980
+ const e = $e(t), n = De(t), a = ze(t);
981
+ return async (r, l) => (await e(r, async () => {
982
+ }), await n(r, async () => {
983
+ }), await a(r, async () => {
984
+ }), l());
907
985
  }
908
- function je(r) {
909
- const e = q(r);
986
+ function Be(t) {
987
+ const e = j(t);
910
988
  return {
911
989
  name: "multi-tenancy",
912
990
  // Apply multi-tenancy middleware for subdomain routing, database resolution, etc.
913
- middleware: ee(r),
991
+ middleware: re(t),
914
992
  // Provide lifecycle hooks
915
993
  hooks: e,
916
994
  // Mount tenant management routes
917
995
  routes: [
918
996
  {
919
997
  path: "/management",
920
- handler: L(r, e)
998
+ handler: W(t, e)
921
999
  }
922
1000
  ],
923
1001
  // Called when plugin is registered
924
1002
  onRegister: async () => {
925
- console.log("Multi-tenancy plugin registered"), r.accessControl && console.log(
926
- ` - Access control enabled (control plane: ${r.accessControl.controlPlaneTenantId})`
927
- ), r.subdomainRouting && console.log(
928
- ` - Subdomain routing enabled (base domain: ${r.subdomainRouting.baseDomain})`
929
- ), r.databaseIsolation && console.log(" - Database isolation enabled");
1003
+ console.log("Multi-tenancy plugin registered"), t.accessControl && console.log(
1004
+ ` - Access control enabled (control plane: ${t.accessControl.controlPlaneTenantId})`
1005
+ ), t.subdomainRouting && console.log(
1006
+ ` - Subdomain routing enabled (base domain: ${t.subdomainRouting.baseDomain})`
1007
+ ), t.databaseIsolation && console.log(" - Database isolation enabled");
930
1008
  }
931
1009
  };
932
1010
  }
933
- function q(r) {
934
- const e = r.accessControl ? ue(r.accessControl) : {}, t = r.databaseIsolation ? pe(r.databaseIsolation) : {}, a = fe(r);
1011
+ function j(t) {
1012
+ const e = t.accessControl ? fe(t.accessControl) : {}, n = t.databaseIsolation ? ge(t.databaseIsolation) : {}, a = he(t);
935
1013
  return {
936
1014
  ...e,
937
- ...t,
1015
+ ...n,
938
1016
  tenants: a
939
1017
  };
940
1018
  }
941
- function De(r) {
942
- const e = new x(), t = q(r);
943
- return e.route("/tenants", L(r, t)), e;
1019
+ function Oe(t) {
1020
+ const e = new te(), n = j(t);
1021
+ return e.route("/tenants", W(t, n)), e;
944
1022
  }
945
- function qe(r) {
1023
+ function Ge(t) {
946
1024
  return {
947
- hooks: q(r),
948
- middleware: ee(r),
949
- app: De(r),
950
- config: r
1025
+ hooks: j(t),
1026
+ middleware: re(t),
1027
+ app: Oe(t),
1028
+ config: t
951
1029
  };
952
1030
  }
953
- function Me(r) {
954
- var C, $, b, y, A, I, j, R, D, V, W, Q, J, X, Y;
1031
+ function Ke(t) {
1032
+ var A, $, b, y, C, P, q, R, D, Q, J, X, Y, Z, E;
955
1033
  const {
956
1034
  controlPlaneTenantId: e = "control_plane",
957
- sync: t,
1035
+ sync: n,
958
1036
  multiTenancy: a,
959
- entityHooks: n,
960
- ...i
961
- } = r, l = {
1037
+ entityHooks: r,
1038
+ ...l
1039
+ } = t, s = {
962
1040
  ...a,
963
1041
  accessControl: {
964
1042
  controlPlaneTenantId: e,
@@ -966,24 +1044,24 @@ function Me(r) {
966
1044
  defaultPermissions: ["tenant:admin"],
967
1045
  ...a == null ? void 0 : a.accessControl
968
1046
  }
969
- }, o = q(l), m = ((C = a == null ? void 0 : a.databaseIsolation) == null ? void 0 : C.getAdapters) ?? (async () => r.dataAdapter), { entityHooks: s, tenantHooks: c } = ye({
1047
+ }, i = j(s), p = ((A = a == null ? void 0 : a.databaseIsolation) == null ? void 0 : A.getAdapters) ?? (async () => t.dataAdapter), { entityHooks: o, tenantHooks: c } = Ce({
970
1048
  controlPlaneTenantId: e,
971
1049
  getChildTenantIds: async () => (await F(
972
- (T) => r.dataAdapter.tenants.list(T),
1050
+ (T) => t.dataAdapter.tenants.list(T),
973
1051
  "tenants",
974
1052
  { cursorField: "id", pageSize: 100 }
975
1053
  )).filter((T) => T.id !== e).map((T) => T.id),
976
- getAdapters: m,
977
- getControlPlaneAdapters: async () => m(e),
978
- sync: t
1054
+ getAdapters: p,
1055
+ getControlPlaneAdapters: async () => p(e),
1056
+ sync: n
979
1057
  });
980
- function d(P, T) {
981
- if (!(!P && !T))
982
- return P ? T ? async (...te) => {
1058
+ function u(I, T) {
1059
+ if (!(!I && !T))
1060
+ return I ? T ? async (...ae) => {
983
1061
  const O = [];
984
- for (const M of [P, T])
1062
+ for (const M of [I, T])
985
1063
  try {
986
- await M(...te);
1064
+ await M(...ae);
987
1065
  } catch (N) {
988
1066
  O.push(N instanceof Error ? N : new Error(String(N)));
989
1067
  }
@@ -993,117 +1071,121 @@ function Me(r) {
993
1071
  O,
994
1072
  O.map((M) => M.message).join("; ")
995
1073
  );
996
- } : P : T;
1074
+ } : I : T;
997
1075
  }
998
- const u = {
999
- ...n,
1000
- resourceServers: s != null && s.resourceServers ? {
1001
- ...n == null ? void 0 : n.resourceServers,
1002
- afterCreate: d(
1003
- ($ = n == null ? void 0 : n.resourceServers) == null ? void 0 : $.afterCreate,
1004
- s.resourceServers.afterCreate
1076
+ const d = {
1077
+ ...r,
1078
+ resourceServers: o != null && o.resourceServers ? {
1079
+ ...r == null ? void 0 : r.resourceServers,
1080
+ afterCreate: u(
1081
+ ($ = r == null ? void 0 : r.resourceServers) == null ? void 0 : $.afterCreate,
1082
+ o.resourceServers.afterCreate
1005
1083
  ),
1006
- afterUpdate: d(
1007
- (b = n == null ? void 0 : n.resourceServers) == null ? void 0 : b.afterUpdate,
1008
- s.resourceServers.afterUpdate
1084
+ afterUpdate: u(
1085
+ (b = r == null ? void 0 : r.resourceServers) == null ? void 0 : b.afterUpdate,
1086
+ o.resourceServers.afterUpdate
1009
1087
  ),
1010
- beforeDelete: d(
1011
- (y = n == null ? void 0 : n.resourceServers) == null ? void 0 : y.beforeDelete,
1012
- s.resourceServers.beforeDelete
1088
+ beforeDelete: u(
1089
+ (y = r == null ? void 0 : r.resourceServers) == null ? void 0 : y.beforeDelete,
1090
+ o.resourceServers.beforeDelete
1013
1091
  ),
1014
- afterDelete: d(
1015
- (A = n == null ? void 0 : n.resourceServers) == null ? void 0 : A.afterDelete,
1016
- s.resourceServers.afterDelete
1092
+ afterDelete: u(
1093
+ (C = r == null ? void 0 : r.resourceServers) == null ? void 0 : C.afterDelete,
1094
+ o.resourceServers.afterDelete
1017
1095
  )
1018
- } : n == null ? void 0 : n.resourceServers,
1019
- roles: s != null && s.roles ? {
1020
- ...n == null ? void 0 : n.roles,
1021
- afterCreate: d(
1022
- (I = n == null ? void 0 : n.roles) == null ? void 0 : I.afterCreate,
1023
- s.roles.afterCreate
1096
+ } : r == null ? void 0 : r.resourceServers,
1097
+ roles: o != null && o.roles ? {
1098
+ ...r == null ? void 0 : r.roles,
1099
+ afterCreate: u(
1100
+ (P = r == null ? void 0 : r.roles) == null ? void 0 : P.afterCreate,
1101
+ o.roles.afterCreate
1024
1102
  ),
1025
- afterUpdate: d(
1026
- (j = n == null ? void 0 : n.roles) == null ? void 0 : j.afterUpdate,
1027
- s.roles.afterUpdate
1103
+ afterUpdate: u(
1104
+ (q = r == null ? void 0 : r.roles) == null ? void 0 : q.afterUpdate,
1105
+ o.roles.afterUpdate
1028
1106
  ),
1029
- beforeDelete: d(
1030
- (R = n == null ? void 0 : n.roles) == null ? void 0 : R.beforeDelete,
1031
- s.roles.beforeDelete
1107
+ beforeDelete: u(
1108
+ (R = r == null ? void 0 : r.roles) == null ? void 0 : R.beforeDelete,
1109
+ o.roles.beforeDelete
1032
1110
  ),
1033
- afterDelete: d(
1034
- (D = n == null ? void 0 : n.roles) == null ? void 0 : D.afterDelete,
1035
- s.roles.afterDelete
1111
+ afterDelete: u(
1112
+ (D = r == null ? void 0 : r.roles) == null ? void 0 : D.afterDelete,
1113
+ o.roles.afterDelete
1036
1114
  )
1037
- } : n == null ? void 0 : n.roles,
1038
- connections: s != null && s.connections ? {
1039
- ...n == null ? void 0 : n.connections,
1040
- afterCreate: d(
1041
- (V = n == null ? void 0 : n.connections) == null ? void 0 : V.afterCreate,
1042
- s.connections.afterCreate
1115
+ } : r == null ? void 0 : r.roles,
1116
+ connections: o != null && o.connections ? {
1117
+ ...r == null ? void 0 : r.connections,
1118
+ afterCreate: u(
1119
+ (Q = r == null ? void 0 : r.connections) == null ? void 0 : Q.afterCreate,
1120
+ o.connections.afterCreate
1043
1121
  ),
1044
- afterUpdate: d(
1045
- (W = n == null ? void 0 : n.connections) == null ? void 0 : W.afterUpdate,
1046
- s.connections.afterUpdate
1122
+ afterUpdate: u(
1123
+ (J = r == null ? void 0 : r.connections) == null ? void 0 : J.afterUpdate,
1124
+ o.connections.afterUpdate
1047
1125
  ),
1048
- beforeDelete: d(
1049
- (Q = n == null ? void 0 : n.connections) == null ? void 0 : Q.beforeDelete,
1050
- s.connections.beforeDelete
1126
+ beforeDelete: u(
1127
+ (X = r == null ? void 0 : r.connections) == null ? void 0 : X.beforeDelete,
1128
+ o.connections.beforeDelete
1051
1129
  ),
1052
- afterDelete: d(
1053
- (J = n == null ? void 0 : n.connections) == null ? void 0 : J.afterDelete,
1054
- s.connections.afterDelete
1130
+ afterDelete: u(
1131
+ (Y = r == null ? void 0 : r.connections) == null ? void 0 : Y.afterDelete,
1132
+ o.connections.afterDelete
1055
1133
  )
1056
- } : n == null ? void 0 : n.connections,
1134
+ } : r == null ? void 0 : r.connections,
1057
1135
  tenants: c ? {
1058
- ...n == null ? void 0 : n.tenants,
1059
- afterCreate: d(
1060
- (X = n == null ? void 0 : n.tenants) == null ? void 0 : X.afterCreate,
1136
+ ...r == null ? void 0 : r.tenants,
1137
+ afterCreate: u(
1138
+ (Z = r == null ? void 0 : r.tenants) == null ? void 0 : Z.afterCreate,
1061
1139
  c.afterCreate
1062
1140
  )
1063
- } : n == null ? void 0 : n.tenants
1064
- }, p = {
1065
- ...o,
1141
+ } : r == null ? void 0 : r.tenants
1142
+ }, m = {
1143
+ ...i,
1066
1144
  tenants: c ? {
1067
- ...o.tenants,
1068
- afterCreate: d(
1069
- (Y = o.tenants) == null ? void 0 : Y.afterCreate,
1145
+ ...i.tenants,
1146
+ afterCreate: u(
1147
+ (E = i.tenants) == null ? void 0 : E.afterCreate,
1070
1148
  c.afterCreate
1071
1149
  )
1072
- } : o.tenants
1073
- }, f = L(
1074
- l,
1075
- p
1076
- ), w = ie({
1077
- ...i,
1078
- entityHooks: u,
1150
+ } : i.tenants
1151
+ }, f = W(
1152
+ s,
1153
+ m
1154
+ ), w = de({
1155
+ ...l,
1156
+ entityHooks: d,
1079
1157
  managementApiExtensions: [
1080
- ...i.managementApiExtensions || [],
1158
+ ...l.managementApiExtensions || [],
1081
1159
  { path: "/tenants", router: f }
1082
1160
  ]
1083
- }), { app: h, managementApp: g, ...v } = w, _ = new x();
1084
- return _.onError((P, T) => P instanceof S ? P.getResponse() : (console.error(P), T.json({ message: "Internal Server Error" }, 500))), _.use("/api/v2/*", Te()), _.route("/", h), {
1161
+ }), { app: g, managementApp: h, ...v } = w, _ = new te();
1162
+ return _.onError((I, T) => I instanceof S ? I.getResponse() : (console.error(I), T.json({ message: "Internal Server Error" }, 500))), _.use("/api/v2/*", Ie()), _.route("/", g), {
1085
1163
  app: _,
1086
- managementApp: g,
1164
+ managementApp: h,
1087
1165
  ...v,
1088
- multiTenancyConfig: l,
1089
- multiTenancyHooks: o
1166
+ multiTenancyConfig: s,
1167
+ multiTenancyHooks: i
1090
1168
  };
1091
1169
  }
1092
1170
  export {
1093
- ue as createAccessControlHooks,
1094
- Se as createAccessControlMiddleware,
1095
- pe as createDatabaseHooks,
1096
- Ie as createDatabaseMiddleware,
1097
- De as createMultiTenancy,
1098
- q as createMultiTenancyHooks,
1099
- ee as createMultiTenancyMiddleware,
1100
- je as createMultiTenancyPlugin,
1101
- Te as createProtectSyncedMiddleware,
1102
- fe as createProvisioningHooks,
1103
- Pe as createSubdomainMiddleware,
1104
- ye as createSyncHooks,
1105
- L as createTenantsOpenAPIRouter,
1106
- Me as init,
1107
- qe as setupMultiTenancy,
1108
- me as validateTenantAccess
1171
+ fe as createAccessControlHooks,
1172
+ De as createAccessControlMiddleware,
1173
+ ge as createDatabaseHooks,
1174
+ ze as createDatabaseMiddleware,
1175
+ Oe as createMultiTenancy,
1176
+ j as createMultiTenancyHooks,
1177
+ re as createMultiTenancyMiddleware,
1178
+ Be as createMultiTenancyPlugin,
1179
+ Ie as createProtectSyncedMiddleware,
1180
+ he as createProvisioningHooks,
1181
+ ne as createRuntimeFallbackAdapter,
1182
+ Ne as createSettingsInheritanceAdapter,
1183
+ $e as createSubdomainMiddleware,
1184
+ Ce as createSyncHooks,
1185
+ W as createTenantsOpenAPIRouter,
1186
+ Ke as init,
1187
+ Ge as setupMultiTenancy,
1188
+ we as validateTenantAccess,
1189
+ Pe as withRuntimeFallback,
1190
+ Ue as withSettingsInheritance
1109
1191
  };