@authhero/multi-tenancy 13.16.0 → 13.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +59 -24
  2. package/dist/multi-tenancy.cjs +1 -1
  3. package/dist/multi-tenancy.d.ts +14066 -63169
  4. package/dist/multi-tenancy.mjs +461 -598
  5. package/package.json +5 -4
package/dist/multi-tenancy.mjs CHANGED
@@ -1,58 +1,31 @@
1
- var ae = Object.defineProperty;
2
- var se = (t, e, n) => e in t ? ae(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
3
- var U = (t, e, n) => se(t, typeof e != "symbol" ? e + "" : e, n);
4
- import { Hono as ee } from "hono";
5
- import { getTenantAudience as oe, MANAGEMENT_API_SCOPES as ie, MANAGEMENT_API_AUDIENCE as ce, fetchAll as F, init as le } from "authhero";
6
- export * from "authhero";
7
- import { OpenAPIHono as de, createRoute as B, z } from "@hono/zod-openapi";
8
- import { auth0QuerySchema as ue, tenantSchema as E, tenantInsertSchema as me, connectionSchema as G, connectionOptionsSchema as K } from "@authhero/adapter-interfaces";
9
- var S = class extends Error {
10
- /**
11
- * Creates an instance of `HTTPException`.
12
- * @param status - HTTP status code for the exception. Defaults to 500.
13
- * @param options - Additional options for the exception.
14
- */
15
- constructor(e = 500, n) {
16
- super(n == null ? void 0 : n.message, { cause: n == null ? void 0 : n.cause });
17
- U(this, "res");
18
- U(this, "status");
19
- this.res = n == null ? void 0 : n.res, this.status = e;
20
- }
21
- /**
22
- * Returns the response object associated with the exception.
23
- * If a response object is not provided, a new response is created with the error message and status code.
24
- * @returns The response object.
25
- */
26
- getResponse() {
27
- return this.res ? new Response(this.res.body, {
28
- status: this.status,
29
- headers: this.res.headers
30
- }) : new Response(this.message, {
31
- status: this.status
32
- });
33
- }
34
- };
35
- function pe(t) {
1
+ var V = Object.defineProperty;
2
+ var W = (t, e, n) => e in t ? V(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
3
+ var O = (t, e, n) => W(t, typeof e != "symbol" ? e + "" : e, n);
4
+ import { Hono as Q } from "hono";
5
+ import { getTenantAudience as J, MANAGEMENT_API_SCOPES as X, MANAGEMENT_API_AUDIENCE as Y, fetchAll as z } from "authhero";
6
+ import { OpenAPIHono as Z, createRoute as R, z as I } from "@hono/zod-openapi";
7
+ import { auth0QuerySchema as x, tenantSchema as j, tenantInsertSchema as ee, connectionSchema as k, connectionOptionsSchema as D } from "@authhero/adapter-interfaces";
8
+ function te(t) {
36
9
  const { controlPlaneTenantId: e, requireOrganizationMatch: n = !0 } = t;
37
10
  return {
38
- async onTenantAccessValidation(r, a) {
11
+ async onTenantAccessValidation(s, a) {
39
12
  if (a === e)
40
13
  return !0;
41
14
  if (n) {
42
- const c = r.var.org_name, s = r.var.organization_id, i = c || s;
15
+ const o = s.var.org_name, r = s.var.organization_id, i = o || r;
43
16
  return i ? i === a : !1;
44
17
  }
45
18
  return !0;
46
19
  }
47
20
  };
48
21
  }
49
- function fe(t, e, n, r) {
22
+ function ne(t, e, n, s) {
50
23
  if (e === n)
51
24
  return !0;
52
- const a = r || t;
25
+ const a = s || t;
53
26
  return a ? a === e : !1;
54
27
  }
55
- function we(t) {
28
+ function se(t) {
56
29
  return {
57
30
  async resolveDataAdapters(e) {
58
31
  try {
@@ -67,109 +40,109 @@ function we(t) {
67
40
  }
68
41
  };
69
42
  }
70
- function ge(t) {
43
+ function ae(t) {
71
44
  return {
72
45
  async beforeCreate(e, n) {
73
46
  return !n.audience && n.id ? {
74
47
  ...n,
75
- audience: oe(n.id)
48
+ audience: J(n.id)
76
49
  } : n;
77
50
  },
78
51
  async afterCreate(e, n) {
79
- const { accessControl: r, databaseIsolation: a } = t;
80
- r && e.ctx && await he(e, n, r), a != null && a.onProvision && await a.onProvision(n.id);
52
+ const { accessControl: s, databaseIsolation: a } = t;
53
+ s && e.ctx && await re(e, n, s), a != null && a.onProvision && await a.onProvision(n.id);
81
54
  },
82
55
  async beforeDelete(e, n) {
83
- const { accessControl: r, databaseIsolation: a } = t;
84
- if (r)
56
+ const { accessControl: s, databaseIsolation: a } = t;
57
+ if (s)
85
58
  try {
86
- const s = (await e.adapters.organizations.list(
87
- r.controlPlaneTenantId
59
+ const r = (await e.adapters.organizations.list(
60
+ s.controlPlaneTenantId
88
61
  )).organizations.find((i) => i.name === n);
89
- s && await e.adapters.organizations.remove(
90
- r.controlPlaneTenantId,
91
- s.id
62
+ r && await e.adapters.organizations.remove(
63
+ s.controlPlaneTenantId,
64
+ r.id
92
65
  );
93
- } catch (c) {
66
+ } catch (o) {
94
67
  console.warn(
95
68
  `Failed to remove organization for tenant ${n}:`,
96
- c
69
+ o
97
70
  );
98
71
  }
99
72
  if (a != null && a.onDeprovision)
100
73
  try {
101
74
  await a.onDeprovision(n);
102
- } catch (c) {
75
+ } catch (o) {
103
76
  console.warn(
104
77
  `Failed to deprovision database for tenant ${n}:`,
105
- c
78
+ o
106
79
  );
107
80
  }
108
81
  }
109
82
  };
110
83
  }
111
- async function he(t, e, n) {
84
+ async function re(t, e, n) {
112
85
  const {
113
- controlPlaneTenantId: r,
86
+ controlPlaneTenantId: s,
114
87
  defaultPermissions: a,
115
- defaultRoles: c,
116
- issuer: s,
88
+ defaultRoles: o,
89
+ issuer: r,
117
90
  adminRoleName: i = "Tenant Admin",
118
- adminRoleDescription: p = "Full access to all tenant management operations",
119
- addCreatorToOrganization: o = !0
120
- } = n, l = await t.adapters.organizations.create(
121
- r,
91
+ adminRoleDescription: m = "Full access to all tenant management operations",
92
+ addCreatorToOrganization: d = !0
93
+ } = n, c = await t.adapters.organizations.create(
94
+ s,
122
95
  {
123
96
  name: e.id,
124
97
  display_name: e.friendly_name || e.id
125
98
  }
126
99
  );
127
- let u;
128
- if (s && (u = await _e(
100
+ let p;
101
+ if (r && (p = await ie(
129
102
  t,
130
- r,
103
+ s,
131
104
  i,
132
- p
133
- )), o && t.ctx) {
134
- const d = t.ctx.var.user;
135
- if (d != null && d.sub && !await ve(
105
+ m
106
+ )), d && t.ctx) {
107
+ const l = t.ctx.var.user;
108
+ if (l != null && l.sub && !await oe(
136
109
  t,
137
- r,
138
- d.sub
110
+ s,
111
+ l.sub
139
112
  ))
140
113
  try {
141
- await t.adapters.userOrganizations.create(r, {
142
- user_id: d.sub,
143
- organization_id: l.id
144
- }), u && await t.adapters.userRoles.create(
145
- r,
146
- d.sub,
147
- u,
148
- l.id
114
+ await t.adapters.userOrganizations.create(s, {
115
+ user_id: l.sub,
116
+ organization_id: c.id
117
+ }), p && await t.adapters.userRoles.create(
118
+ s,
119
+ l.sub,
120
+ p,
121
+ c.id
149
122
  // organizationId
150
123
  );
151
124
  } catch (f) {
152
125
  console.warn(
153
- `Failed to add creator ${d.sub} to organization ${l.id}:`,
126
+ `Failed to add creator ${l.sub} to organization ${c.id}:`,
154
127
  f
155
128
  );
156
129
  }
157
130
  }
158
- c && c.length > 0 && console.log(
159
- `Would assign roles ${c.join(", ")} to organization ${l.id}`
131
+ o && o.length > 0 && console.log(
132
+ `Would assign roles ${o.join(", ")} to organization ${c.id}`
160
133
  ), a && a.length > 0 && console.log(
161
- `Would grant permissions ${a.join(", ")} to organization ${l.id}`
134
+ `Would grant permissions ${a.join(", ")} to organization ${c.id}`
162
135
  );
163
136
  }
164
- async function ve(t, e, n) {
165
- const r = await t.adapters.userRoles.list(
137
+ async function oe(t, e, n) {
138
+ const s = await t.adapters.userRoles.list(
166
139
  e,
167
140
  n,
168
141
  void 0,
169
142
  ""
170
143
  // Empty string for global roles
171
144
  );
172
- for (const a of r)
145
+ for (const a of s)
173
146
  if ((await t.adapters.rolePermissions.list(
174
147
  e,
175
148
  a.id,
@@ -180,25 +153,25 @@ async function ve(t, e, n) {
180
153
  return !0;
181
154
  return !1;
182
155
  }
183
- async function _e(t, e, n, r) {
184
- const c = (await t.adapters.roles.list(e, {})).roles.find((o) => o.name === n);
185
- if (c)
186
- return c.id;
187
- const s = await t.adapters.roles.create(e, {
156
+ async function ie(t, e, n, s) {
157
+ const o = (await t.adapters.roles.list(e, {})).roles.find((d) => d.name === n);
158
+ if (o)
159
+ return o.id;
160
+ const r = await t.adapters.roles.create(e, {
188
161
  name: n,
189
- description: r
190
- }), i = ce, p = ie.map((o) => ({
191
- role_id: s.id,
162
+ description: s
163
+ }), i = Y, m = X.map((d) => ({
164
+ role_id: r.id,
192
165
  resource_server_identifier: i,
193
- permission_name: o.value
166
+ permission_name: d.value
194
167
  }));
195
168
  return await t.adapters.rolePermissions.assign(
196
169
  e,
197
- s.id,
198
- p
199
- ), s.id;
170
+ r.id,
171
+ m
172
+ ), r.id;
200
173
  }
201
- const ye = [
174
+ const ce = [
202
175
  "client_id",
203
176
  "client_secret",
204
177
  "app_secret",
@@ -207,88 +180,88 @@ const ye = [
207
180
  "twilio_sid",
208
181
  "twilio_token"
209
182
  ];
210
- function L(t, e, n = () => !0) {
211
- const { controlPlaneTenantId: r, getChildTenantIds: a, getAdapters: c } = t, s = /* @__PURE__ */ new Map();
212
- async function i(l, u, d) {
213
- return (await e(l).list(u, {
214
- q: `name:${d}`,
183
+ function E(t, e, n = () => !0) {
184
+ const { controlPlaneTenantId: s, getChildTenantIds: a, getAdapters: o } = t, r = /* @__PURE__ */ new Map();
185
+ async function i(c, p, l) {
186
+ return (await e(c).list(p, {
187
+ q: `name:${l}`,
215
188
  per_page: 1
216
189
  }))[0] ?? null;
217
190
  }
218
- async function p(l) {
219
- const u = await a(), d = e(await c(r));
191
+ async function m(c) {
192
+ const p = await a(), l = e(await o(s));
220
193
  await Promise.all(
221
- u.map(async (m) => {
194
+ p.map(async (u) => {
222
195
  try {
223
- const f = await c(m), w = e(f), h = {
224
- ...d.transform(l),
196
+ const f = await o(u), g = e(f), h = {
197
+ ...l.transform(c),
225
198
  is_system: !0
226
- }, v = await i(f, m, l.name), _ = v ? w.getId(v) : void 0;
227
- if (v && _) {
228
- const A = w.preserveOnUpdate ? w.preserveOnUpdate(v, h) : h;
229
- await w.update(m, _, A);
199
+ }, y = await i(f, u, c.name), v = y ? g.getId(y) : void 0;
200
+ if (y && v) {
201
+ const A = g.preserveOnUpdate ? g.preserveOnUpdate(y, h) : h;
202
+ await g.update(u, v, A);
230
203
  } else
231
- await w.create(m, h);
204
+ await g.create(u, h);
232
205
  } catch (f) {
233
206
  console.error(
234
- `Failed to sync ${d.listKey} "${l.name}" to tenant "${m}":`,
207
+ `Failed to sync ${l.listKey} "${c.name}" to tenant "${u}":`,
235
208
  f
236
209
  );
237
210
  }
238
211
  })
239
212
  );
240
213
  }
241
- async function o(l) {
242
- const u = await a();
214
+ async function d(c) {
215
+ const p = await a();
243
216
  await Promise.all(
244
- u.map(async (d) => {
217
+ p.map(async (l) => {
245
218
  try {
246
- const m = await c(d), f = e(m), w = await i(m, d, l), g = w ? f.getId(w) : void 0;
247
- w && g && await f.remove(d, g);
248
- } catch (m) {
219
+ const u = await o(l), f = e(u), g = await i(u, l, c), w = g ? f.getId(g) : void 0;
220
+ g && w && await f.remove(l, w);
221
+ } catch (u) {
249
222
  console.error(
250
- `Failed to delete entity "${l}" from tenant "${d}":`,
251
- m
223
+ `Failed to delete entity "${c}" from tenant "${l}":`,
224
+ u
252
225
  );
253
226
  }
254
227
  })
255
228
  );
256
229
  }
257
230
  return {
258
- afterCreate: async (l, u) => {
259
- l.tenantId === r && n(u) && await p(u);
231
+ afterCreate: async (c, p) => {
232
+ c.tenantId === s && n(p) && await m(p);
260
233
  },
261
- afterUpdate: async (l, u, d) => {
262
- l.tenantId === r && n(d) && await p(d);
234
+ afterUpdate: async (c, p, l) => {
235
+ c.tenantId === s && n(l) && await m(l);
263
236
  },
264
- beforeDelete: async (l, u) => {
265
- if (l.tenantId !== r) return;
266
- const m = await e(l.adapters).get(l.tenantId, u);
267
- m && n(m) && s.set(u, m);
237
+ beforeDelete: async (c, p) => {
238
+ if (c.tenantId !== s) return;
239
+ const u = await e(c.adapters).get(c.tenantId, p);
240
+ u && n(u) && r.set(p, u);
268
241
  },
269
- afterDelete: async (l, u) => {
270
- if (l.tenantId !== r) return;
271
- const d = s.get(u);
272
- d && (s.delete(u), await o(d.name));
242
+ afterDelete: async (c, p) => {
243
+ if (c.tenantId !== s) return;
244
+ const l = r.get(p);
245
+ l && (r.delete(p), await d(l.name));
273
246
  }
274
247
  };
275
248
  }
276
- function V(t, e, n = () => !0) {
277
- const { controlPlaneTenantId: r, getControlPlaneAdapters: a, getAdapters: c } = t;
249
+ function F(t, e, n = () => !0) {
250
+ const { controlPlaneTenantId: s, getControlPlaneAdapters: a, getAdapters: o } = t;
278
251
  return {
279
- async afterCreate(s, i) {
280
- if (i.id !== r)
252
+ async afterCreate(r, i) {
253
+ if (i.id !== s)
281
254
  try {
282
- const p = await a(), o = await c(i.id), l = e(p), u = e(o), d = await F(
283
- (m) => l.listPaginated(r, m),
284
- l.listKey,
255
+ const m = await a(), d = await o(i.id), c = e(m), p = e(d), l = await z(
256
+ (u) => c.listPaginated(s, u),
257
+ c.listKey,
285
258
  { cursorField: "id", pageSize: 100 }
286
259
  );
287
260
  await Promise.all(
288
- d.filter((m) => n(m)).map(async (m) => {
261
+ l.filter((u) => n(u)).map(async (u) => {
289
262
  try {
290
- const f = l.transform(m);
291
- await u.create(i.id, {
263
+ const f = c.transform(u);
264
+ await p.create(i.id, {
292
265
  ...f,
293
266
  is_system: !0
294
267
  });
@@ -300,21 +273,21 @@ function V(t, e, n = () => !0) {
300
273
  }
301
274
  })
302
275
  );
303
- } catch (p) {
276
+ } catch (m) {
304
277
  console.error(
305
278
  `Failed to sync entities to new tenant "${i.id}":`,
306
- p
279
+ m
307
280
  );
308
281
  }
309
282
  }
310
283
  };
311
284
  }
312
- const k = (t) => ({
285
+ const N = (t) => ({
313
286
  list: async (e, n) => (await t.resourceServers.list(e, n)).resource_servers,
314
287
  listPaginated: (e, n) => t.resourceServers.list(e, n),
315
288
  get: (e, n) => t.resourceServers.get(e, n),
316
289
  create: (e, n) => t.resourceServers.create(e, n),
317
- update: (e, n, r) => t.resourceServers.update(e, n, r),
290
+ update: (e, n, s) => t.resourceServers.update(e, n, s),
318
291
  remove: (e, n) => t.resourceServers.remove(e, n),
319
292
  listKey: "resource_servers",
320
293
  getId: (e) => e.id,
@@ -332,7 +305,7 @@ const k = (t) => ({
332
305
  listPaginated: (e, n) => t.roles.list(e, n),
333
306
  get: (e, n) => t.roles.get(e, n),
334
307
  create: (e, n) => t.roles.create(e, n),
335
- update: (e, n, r) => t.roles.update(e, n, r),
308
+ update: (e, n, s) => t.roles.update(e, n, s),
336
309
  remove: (e, n) => t.roles.remove(e, n),
337
310
  listKey: "roles",
338
311
  getId: (e) => e.id,
@@ -341,19 +314,19 @@ const k = (t) => ({
341
314
  name: e.name,
342
315
  description: e.description
343
316
  })
344
- }), x = (t) => ({
317
+ }), U = (t) => ({
345
318
  list: async (e, n) => (await t.connections.list(e, n)).connections,
346
319
  listPaginated: (e, n) => t.connections.list(e, n),
347
320
  get: (e, n) => t.connections.get(e, n),
348
321
  create: (e, n) => t.connections.create(e, n),
349
- update: (e, n, r) => t.connections.update(e, n, r),
322
+ update: (e, n, s) => t.connections.update(e, n, s),
350
323
  remove: (e, n) => t.connections.remove(e, n),
351
324
  listKey: "connections",
352
325
  getId: (e) => e.id,
353
326
  transform: (e) => {
354
327
  const n = e.options ? { ...e.options } : {};
355
- for (const r of ye)
356
- delete n[r];
328
+ for (const s of ce)
329
+ delete n[s];
357
330
  return {
358
331
  id: e.id,
359
332
  name: e.name,
@@ -368,55 +341,55 @@ const k = (t) => ({
368
341
  };
369
342
  },
370
343
  preserveOnUpdate: (e, n) => {
371
- const r = e.options || {};
344
+ const s = e.options || {};
372
345
  return {
373
346
  ...n,
374
347
  options: {
375
348
  ...n.options,
376
- client_id: r.client_id,
377
- client_secret: r.client_secret,
378
- app_secret: r.app_secret,
379
- kid: r.kid,
380
- team_id: r.team_id,
381
- twilio_sid: r.twilio_sid,
382
- twilio_token: r.twilio_token
349
+ client_id: s.client_id,
350
+ client_secret: s.client_secret,
351
+ app_secret: s.app_secret,
352
+ kid: s.kid,
353
+ team_id: s.team_id,
354
+ twilio_sid: s.twilio_sid,
355
+ twilio_token: s.twilio_token
383
356
  }
384
357
  };
385
358
  }
386
359
  });
387
- function be(t) {
388
- const { sync: e = {}, filters: n = {} } = t, r = e.resourceServers ?? !0, a = e.roles ?? !0, c = e.connections ?? !0, s = r ? L(
360
+ function Te(t) {
361
+ const { sync: e = {}, filters: n = {} } = t, s = e.resourceServers ?? !0, a = e.roles ?? !0, o = e.connections ?? !0, r = s ? E(
389
362
  t,
390
- k,
363
+ N,
391
364
  n.resourceServers
392
- ) : void 0, i = a ? L(
365
+ ) : void 0, i = a ? E(
393
366
  t,
394
367
  H,
395
368
  n.roles
396
- ) : void 0, p = c ? L(
369
+ ) : void 0, m = o ? E(
397
370
  t,
398
- x,
371
+ U,
399
372
  n.connections
400
- ) : void 0, o = r ? V(
373
+ ) : void 0, d = s ? F(
401
374
  t,
402
- k,
375
+ N,
403
376
  n.resourceServers
404
- ) : void 0, l = a ? V(
377
+ ) : void 0, c = a ? F(
405
378
  t,
406
379
  H,
407
380
  n.roles
408
- ) : void 0, u = c ? V(
381
+ ) : void 0, p = o ? F(
409
382
  t,
410
- x,
383
+ U,
411
384
  n.connections
412
- ) : void 0, d = a ? {
413
- async afterCreate(w, g) {
385
+ ) : void 0, l = a ? {
386
+ async afterCreate(g, w) {
414
387
  var h;
415
- if (g.id !== t.controlPlaneTenantId) {
416
- await ((h = l == null ? void 0 : l.afterCreate) == null ? void 0 : h.call(l, w, g));
388
+ if (w.id !== t.controlPlaneTenantId) {
389
+ await ((h = c == null ? void 0 : c.afterCreate) == null ? void 0 : h.call(c, g, w));
417
390
  try {
418
- const v = await t.getControlPlaneAdapters(), _ = await t.getAdapters(g.id), A = await F(
419
- (b) => v.roles.list(
391
+ const y = await t.getControlPlaneAdapters(), v = await t.getAdapters(w.id), A = await z(
392
+ (b) => y.roles.list(
420
393
  t.controlPlaneTenantId,
421
394
  b
422
395
  ),
@@ -424,102 +397,128 @@ function be(t) {
424
397
  { cursorField: "id", pageSize: 100 }
425
398
  ), $ = /* @__PURE__ */ new Map();
426
399
  for (const b of A.filter(
427
- (y) => {
428
- var C;
429
- return ((C = n.roles) == null ? void 0 : C.call(n, y)) ?? !0;
400
+ (_) => {
401
+ var T;
402
+ return ((T = n.roles) == null ? void 0 : T.call(n, _)) ?? !0;
430
403
  }
431
404
  )) {
432
- const y = await m(
433
- _,
434
- g.id,
405
+ const _ = await u(
406
+ v,
407
+ w.id,
435
408
  b.name
436
409
  );
437
- y && $.set(b.name, y.id);
410
+ _ && $.set(b.name, _.id);
438
411
  }
439
412
  for (const b of A.filter(
440
- (y) => {
441
- var C;
442
- return ((C = n.roles) == null ? void 0 : C.call(n, y)) ?? !0;
413
+ (_) => {
414
+ var T;
415
+ return ((T = n.roles) == null ? void 0 : T.call(n, _)) ?? !0;
443
416
  }
444
417
  )) {
445
- const y = $.get(b.name);
446
- if (y)
418
+ const _ = $.get(b.name);
419
+ if (_)
447
420
  try {
448
- const C = await v.rolePermissions.list(
421
+ const T = await y.rolePermissions.list(
449
422
  t.controlPlaneTenantId,
450
423
  b.id,
451
424
  {}
452
425
  );
453
- C.length > 0 && await _.rolePermissions.assign(
454
- g.id,
455
- y,
456
- C.map((P) => ({
457
- role_id: y,
426
+ T.length > 0 && await v.rolePermissions.assign(
427
+ w.id,
428
+ _,
429
+ T.map((P) => ({
430
+ role_id: _,
458
431
  resource_server_identifier: P.resource_server_identifier,
459
432
  permission_name: P.permission_name
460
433
  }))
461
434
  );
462
- } catch (C) {
435
+ } catch (T) {
463
436
  console.error(
464
- `Failed to sync permissions for role "${b.name}" to tenant "${g.id}":`,
465
- C
437
+ `Failed to sync permissions for role "${b.name}" to tenant "${w.id}":`,
438
+ T
466
439
  );
467
440
  }
468
441
  }
469
- } catch (v) {
442
+ } catch (y) {
470
443
  console.error(
471
- `Failed to sync role permissions to tenant "${g.id}":`,
472
- v
444
+ `Failed to sync role permissions to tenant "${w.id}":`,
445
+ y
473
446
  );
474
447
  }
475
448
  }
476
449
  }
477
450
  } : void 0;
478
- async function m(w, g, h) {
479
- return (await w.roles.list(g, {
451
+ async function u(g, w, h) {
452
+ return (await g.roles.list(w, {
480
453
  q: `name:${h}`,
481
454
  per_page: 1
482
455
  })).roles[0] ?? null;
483
456
  }
484
457
  return {
485
458
  entityHooks: {
486
- resourceServers: s,
459
+ resourceServers: r,
487
460
  roles: i,
488
- connections: p
461
+ connections: m
489
462
  },
490
463
  tenantHooks: {
491
- async afterCreate(w, g) {
464
+ async afterCreate(g, w) {
492
465
  const h = [
493
- o == null ? void 0 : o.afterCreate,
494
- (d == null ? void 0 : d.afterCreate) ?? (l == null ? void 0 : l.afterCreate),
495
- u == null ? void 0 : u.afterCreate
496
- ], v = [];
497
- for (const _ of h)
498
- if (_)
466
+ d == null ? void 0 : d.afterCreate,
467
+ (l == null ? void 0 : l.afterCreate) ?? (c == null ? void 0 : c.afterCreate),
468
+ p == null ? void 0 : p.afterCreate
469
+ ], y = [];
470
+ for (const v of h)
471
+ if (v)
499
472
  try {
500
- await _(w, g);
473
+ await v(g, w);
501
474
  } catch (A) {
502
- v.push(A instanceof Error ? A : new Error(String(A)));
475
+ y.push(A instanceof Error ? A : new Error(String(A)));
503
476
  }
504
- if (v.length === 1) throw v[0];
505
- if (v.length > 1)
477
+ if (y.length === 1) throw y[0];
478
+ if (y.length > 1)
506
479
  throw new AggregateError(
507
- v,
508
- v.map((_) => _.message).join("; ")
480
+ y,
481
+ y.map((v) => v.message).join("; ")
509
482
  );
510
483
  }
511
484
  }
512
485
  };
513
486
  }
514
- function W(t, e) {
515
- const n = new de();
487
+ var C = class extends Error {
488
+ /**
489
+ * Creates an instance of `HTTPException`.
490
+ * @param status - HTTP status code for the exception. Defaults to 500.
491
+ * @param options - Additional options for the exception.
492
+ */
493
+ constructor(e = 500, n) {
494
+ super(n == null ? void 0 : n.message, { cause: n == null ? void 0 : n.cause });
495
+ O(this, "res");
496
+ O(this, "status");
497
+ this.res = n == null ? void 0 : n.res, this.status = e;
498
+ }
499
+ /**
500
+ * Returns the response object associated with the exception.
501
+ * If a response object is not provided, a new response is created with the error message and status code.
502
+ * @returns The response object.
503
+ */
504
+ getResponse() {
505
+ return this.res ? new Response(this.res.body, {
506
+ status: this.status,
507
+ headers: this.res.headers
508
+ }) : new Response(this.message, {
509
+ status: this.status
510
+ });
511
+ }
512
+ };
513
+ function B(t, e) {
514
+ const n = new Z();
516
515
  return n.openapi(
517
- B({
516
+ R({
518
517
  tags: ["tenants"],
519
518
  method: "get",
520
519
  path: "/",
521
520
  request: {
522
- query: ue
521
+ query: x
523
522
  },
524
523
  security: [
525
524
  {
@@ -530,11 +529,11 @@ function W(t, e) {
530
529
  200: {
531
530
  content: {
532
531
  "application/json": {
533
- schema: z.object({
534
- tenants: z.array(E),
535
- start: z.number().optional(),
536
- limit: z.number().optional(),
537
- length: z.number().optional()
532
+ schema: I.object({
533
+ tenants: I.array(j),
534
+ start: I.number().optional(),
535
+ limit: I.number().optional(),
536
+ length: I.number().optional()
538
537
  })
539
538
  }
540
539
  },
@@ -542,75 +541,75 @@ function W(t, e) {
542
541
  }
543
542
  }
544
543
  }),
545
- async (r) => {
546
- var m, f, w, g;
547
- const a = r.req.valid("query"), { page: c, per_page: s, include_totals: i, q: p } = a, o = r.var.user, l = (o == null ? void 0 : o.permissions) || [];
548
- if (l.includes("auth:read") || l.includes("admin:organizations")) {
549
- const h = await r.env.data.tenants.list({
550
- page: c,
551
- per_page: s,
544
+ async (s) => {
545
+ var u, f, g, w;
546
+ const a = s.req.valid("query"), { page: o, per_page: r, include_totals: i, q: m } = a, d = s.var.user, c = (d == null ? void 0 : d.permissions) || [];
547
+ if (c.includes("auth:read") || c.includes("admin:organizations")) {
548
+ const h = await s.env.data.tenants.list({
549
+ page: o,
550
+ per_page: r,
552
551
  include_totals: i,
553
- q: p
552
+ q: m
554
553
  });
555
- return i ? r.json({
554
+ return i ? s.json({
556
555
  tenants: h.tenants,
557
- start: ((m = h.totals) == null ? void 0 : m.start) ?? 0,
558
- limit: ((f = h.totals) == null ? void 0 : f.limit) ?? s,
556
+ start: ((u = h.totals) == null ? void 0 : u.start) ?? 0,
557
+ limit: ((f = h.totals) == null ? void 0 : f.limit) ?? r,
559
558
  length: h.tenants.length
560
- }) : r.json({ tenants: h.tenants });
559
+ }) : s.json({ tenants: h.tenants });
561
560
  }
562
- if (t.accessControl && (o != null && o.sub)) {
563
- const h = t.accessControl.controlPlaneTenantId, _ = (await F(
564
- (D) => r.env.data.userOrganizations.listUserOrganizations(
561
+ if (t.accessControl && (d != null && d.sub)) {
562
+ const h = t.accessControl.controlPlaneTenantId, v = (await z(
563
+ (S) => s.env.data.userOrganizations.listUserOrganizations(
565
564
  h,
566
- o.sub,
567
- D
565
+ d.sub,
566
+ S
568
567
  ),
569
568
  "organizations"
570
- )).map((D) => D.name);
571
- if (_.length === 0)
572
- return i ? r.json({
569
+ )).map((S) => S.name);
570
+ if (v.length === 0)
571
+ return i ? s.json({
573
572
  tenants: [],
574
573
  start: 0,
575
- limit: s ?? 50,
574
+ limit: r ?? 50,
576
575
  length: 0
577
- }) : r.json({ tenants: [] });
578
- const A = _.length, $ = c ?? 0, b = s ?? 50, y = $ * b, C = _.slice(y, y + b);
579
- if (C.length === 0)
580
- return i ? r.json({
576
+ }) : s.json({ tenants: [] });
577
+ const A = v.length, $ = o ?? 0, b = r ?? 50, _ = $ * b, T = v.slice(_, _ + b);
578
+ if (T.length === 0)
579
+ return i ? s.json({
581
580
  tenants: [],
582
- start: y,
581
+ start: _,
583
582
  limit: b,
584
583
  length: A
585
- }) : r.json({ tenants: [] });
586
- const P = C.map((D) => `id:${D}`).join(" OR "), q = p ? `(${P}) AND (${p})` : P, R = await r.env.data.tenants.list({
587
- q,
584
+ }) : s.json({ tenants: [] });
585
+ const P = T.map((S) => `id:${S}`).join(" OR "), L = m ? `(${P}) AND (${m})` : P, M = await s.env.data.tenants.list({
586
+ q: L,
588
587
  per_page: b,
589
588
  include_totals: !1
590
589
  // We calculate totals from accessibleTenantIds
591
590
  });
592
- return i ? r.json({
593
- tenants: R.tenants,
594
- start: y,
591
+ return i ? s.json({
592
+ tenants: M.tenants,
593
+ start: _,
595
594
  limit: b,
596
595
  length: A
597
- }) : r.json({ tenants: R.tenants });
596
+ }) : s.json({ tenants: M.tenants });
598
597
  }
599
- const d = await r.env.data.tenants.list({
600
- page: c,
601
- per_page: s,
598
+ const l = await s.env.data.tenants.list({
599
+ page: o,
600
+ per_page: r,
602
601
  include_totals: i,
603
- q: p
602
+ q: m
604
603
  });
605
- return i ? r.json({
606
- tenants: d.tenants,
607
- start: ((w = d.totals) == null ? void 0 : w.start) ?? 0,
608
- limit: ((g = d.totals) == null ? void 0 : g.limit) ?? s,
609
- length: d.tenants.length
610
- }) : r.json({ tenants: d.tenants });
604
+ return i ? s.json({
605
+ tenants: l.tenants,
606
+ start: ((g = l.totals) == null ? void 0 : g.start) ?? 0,
607
+ limit: ((w = l.totals) == null ? void 0 : w.limit) ?? r,
608
+ length: l.tenants.length
609
+ }) : s.json({ tenants: l.tenants });
611
610
  }
612
611
  ), n.openapi(
613
- B({
612
+ R({
614
613
  tags: ["tenants"],
615
614
  method: "post",
616
615
  path: "/",
@@ -618,7 +617,7 @@ function W(t, e) {
618
617
  body: {
619
618
  content: {
620
619
  "application/json": {
621
- schema: me
620
+ schema: ee
622
621
  }
623
622
  }
624
623
  }
@@ -632,7 +631,7 @@ function W(t, e) {
632
631
  201: {
633
632
  content: {
634
633
  "application/json": {
635
- schema: E
634
+ schema: j
636
635
  }
637
636
  },
638
637
  description: "Tenant created"
@@ -645,30 +644,30 @@ function W(t, e) {
645
644
  }
646
645
  }
647
646
  }),
648
- async (r) => {
649
- var p, o;
650
- const a = r.var.user;
647
+ async (s) => {
648
+ var m, d;
649
+ const a = s.var.user;
651
650
  if (!(a != null && a.sub))
652
- throw new S(401, {
651
+ throw new C(401, {
653
652
  message: "Authentication required to create tenants"
654
653
  });
655
- let c = r.req.valid("json");
656
- const s = {
657
- adapters: r.env.data,
658
- ctx: r
654
+ let o = s.req.valid("json");
655
+ const r = {
656
+ adapters: s.env.data,
657
+ ctx: s
659
658
  };
660
- (p = e.tenants) != null && p.beforeCreate && (c = await e.tenants.beforeCreate(s, c));
661
- const i = await r.env.data.tenants.create(c);
662
- return (o = e.tenants) != null && o.afterCreate && await e.tenants.afterCreate(s, i), r.json(i, 201);
659
+ (m = e.tenants) != null && m.beforeCreate && (o = await e.tenants.beforeCreate(r, o));
660
+ const i = await s.env.data.tenants.create(o);
661
+ return (d = e.tenants) != null && d.afterCreate && await e.tenants.afterCreate(r, i), s.json(i, 201);
663
662
  }
664
663
  ), n.openapi(
665
- B({
664
+ R({
666
665
  tags: ["tenants"],
667
666
  method: "delete",
668
667
  path: "/{id}",
669
668
  request: {
670
- params: z.object({
671
- id: z.string()
669
+ params: I.object({
670
+ id: I.string()
672
671
  })
673
672
  },
674
673
  security: [
@@ -688,44 +687,44 @@ function W(t, e) {
688
687
  }
689
688
  }
690
689
  }),
691
- async (r) => {
692
- var i, p;
693
- const { id: a } = r.req.valid("param");
690
+ async (s) => {
691
+ var i, m;
692
+ const { id: a } = s.req.valid("param");
694
693
  if (t.accessControl) {
695
- const o = r.var.user, l = t.accessControl.controlPlaneTenantId;
696
- if (!(o != null && o.sub))
697
- throw new S(401, {
694
+ const d = s.var.user, c = t.accessControl.controlPlaneTenantId;
695
+ if (!(d != null && d.sub))
696
+ throw new C(401, {
698
697
  message: "Authentication required"
699
698
  });
700
- if (a === l)
701
- throw new S(403, {
699
+ if (a === c)
700
+ throw new C(403, {
702
701
  message: "Cannot delete the control plane"
703
702
  });
704
- if (!(await F(
705
- (m) => r.env.data.userOrganizations.listUserOrganizations(
706
- l,
707
- o.sub,
708
- m
703
+ if (!(await z(
704
+ (u) => s.env.data.userOrganizations.listUserOrganizations(
705
+ c,
706
+ d.sub,
707
+ u
709
708
  ),
710
709
  "organizations"
711
- )).some((m) => m.name === a))
712
- throw new S(403, {
710
+ )).some((u) => u.name === a))
711
+ throw new C(403, {
713
712
  message: "Access denied to this tenant"
714
713
  });
715
714
  }
716
- if (!await r.env.data.tenants.get(a))
717
- throw new S(404, {
715
+ if (!await s.env.data.tenants.get(a))
716
+ throw new C(404, {
718
717
  message: "Tenant not found"
719
718
  });
720
- const s = {
721
- adapters: r.env.data,
722
- ctx: r
719
+ const r = {
720
+ adapters: s.env.data,
721
+ ctx: s
723
722
  };
724
- return (i = e.tenants) != null && i.beforeDelete && await e.tenants.beforeDelete(s, a), await r.env.data.tenants.remove(a), (p = e.tenants) != null && p.afterDelete && await e.tenants.afterDelete(s, a), r.body(null, 204);
723
+ return (i = e.tenants) != null && i.beforeDelete && await e.tenants.beforeDelete(r, a), await s.env.data.tenants.remove(a), (m = e.tenants) != null && m.afterDelete && await e.tenants.afterDelete(r, a), s.body(null, 204);
725
724
  }
726
725
  ), n;
727
726
  }
728
- function Ce(t) {
727
+ function le(t) {
729
728
  const e = [
730
729
  {
731
730
  pattern: /\/api\/v2\/resource-servers\/([^/]+)$/,
@@ -734,27 +733,27 @@ function Ce(t) {
734
733
  { pattern: /\/api\/v2\/roles\/([^/]+)$/, type: "role" },
735
734
  { pattern: /\/api\/v2\/connections\/([^/]+)$/, type: "connection" }
736
735
  ];
737
- for (const { pattern: n, type: r } of e) {
736
+ for (const { pattern: n, type: s } of e) {
738
737
  const a = t.match(n);
739
738
  if (a && a[1])
740
- return { type: r, id: a[1] };
739
+ return { type: s, id: a[1] };
741
740
  }
742
741
  return null;
743
742
  }
744
- async function Ae(t, e, n) {
743
+ async function de(t, e, n) {
745
744
  try {
746
745
  switch (n.type) {
747
746
  case "resource_server": {
748
- const r = await t.resourceServers.get(e, n.id);
749
- return (r == null ? void 0 : r.is_system) === !0;
747
+ const s = await t.resourceServers.get(e, n.id);
748
+ return (s == null ? void 0 : s.is_system) === !0;
750
749
  }
751
750
  case "role": {
752
- const r = await t.roles.get(e, n.id);
753
- return (r == null ? void 0 : r.is_system) === !0;
751
+ const s = await t.roles.get(e, n.id);
752
+ return (s == null ? void 0 : s.is_system) === !0;
754
753
  }
755
754
  case "connection": {
756
- const r = await t.connections.get(e, n.id);
757
- return (r == null ? void 0 : r.is_system) === !0;
755
+ const s = await t.connections.get(e, n.id);
756
+ return (s == null ? void 0 : s.is_system) === !0;
758
757
  }
759
758
  default:
760
759
  return !1;
@@ -763,128 +762,128 @@ async function Ae(t, e, n) {
763
762
  return !1;
764
763
  }
765
764
  }
766
- function Te(t) {
765
+ function ue(t) {
767
766
  return {
768
767
  resource_server: "resource server",
769
768
  role: "role",
770
769
  connection: "connection"
771
770
  }[t];
772
771
  }
773
- function Se() {
772
+ function Ae() {
774
773
  return async (t, e) => {
775
774
  if (!["PATCH", "PUT", "DELETE"].includes(t.req.method))
776
775
  return e();
777
- const n = Ce(t.req.path);
776
+ const n = le(t.req.path);
778
777
  if (!n)
779
778
  return e();
780
- const r = t.var.tenant_id || t.req.header("x-tenant-id") || t.req.header("tenant-id");
781
- if (!r)
779
+ const s = t.var.tenant_id || t.req.header("x-tenant-id") || t.req.header("tenant-id");
780
+ if (!s)
782
781
  return e();
783
- if (await Ae(t.env.data, r, n))
784
- throw new S(403, {
785
- message: `This ${Te(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
782
+ if (await de(t.env.data, s, n))
783
+ throw new C(403, {
784
+ message: `This ${ue(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
786
785
  });
787
786
  return e();
788
787
  };
789
788
  }
790
- function te(t, e) {
791
- const { controlPlaneTenantId: n, controlPlaneClientId: r } = e;
789
+ function G(t, e) {
790
+ const { controlPlaneTenantId: n, controlPlaneClientId: s } = e;
792
791
  return {
793
792
  ...t,
794
793
  legacyClients: {
795
794
  ...t.legacyClients,
796
795
  get: async (a) => {
797
- var u;
798
- const c = await t.legacyClients.get(a);
799
- if (!c)
796
+ var p;
797
+ const o = await t.legacyClients.get(a);
798
+ if (!o)
800
799
  return null;
801
- const s = r ? await t.legacyClients.get(r) : void 0, i = await t.connections.list(
802
- c.tenant.id
803
- ), p = n ? await t.connections.list(n) : { connections: [] }, o = i.connections.map((d) => {
804
- var w;
805
- const m = (w = p.connections) == null ? void 0 : w.find(
806
- (g) => g.name === d.name
800
+ const r = s ? await t.legacyClients.get(s) : void 0, i = await t.connections.list(
801
+ o.tenant.id
802
+ ), m = n ? await t.connections.list(n) : { connections: [] }, d = i.connections.map((l) => {
803
+ var g;
804
+ const u = (g = m.connections) == null ? void 0 : g.find(
805
+ (w) => w.name === l.name
807
806
  );
808
- if (!(m != null && m.options))
809
- return d;
810
- const f = G.parse({
811
- ...m || {},
812
- ...d
807
+ if (!(u != null && u.options))
808
+ return l;
809
+ const f = k.parse({
810
+ ...u || {},
811
+ ...l
813
812
  });
814
- return f.options = K.parse({
815
- ...m.options || {},
816
- ...d.options
813
+ return f.options = D.parse({
814
+ ...u.options || {},
815
+ ...l.options
817
816
  }), f;
818
- }).filter((d) => d), l = {
819
- ...(s == null ? void 0 : s.tenant) || {},
820
- ...c.tenant
817
+ }).filter((l) => l), c = {
818
+ ...(r == null ? void 0 : r.tenant) || {},
819
+ ...o.tenant
821
820
  };
822
- return !c.tenant.audience && ((u = s == null ? void 0 : s.tenant) != null && u.audience) && (l.audience = s.tenant.audience), {
823
- ...c,
821
+ return !o.tenant.audience && ((p = r == null ? void 0 : r.tenant) != null && p.audience) && (c.audience = r.tenant.audience), {
822
+ ...o,
824
823
  web_origins: [
825
- ...(s == null ? void 0 : s.web_origins) || [],
826
- ...c.web_origins || []
824
+ ...(r == null ? void 0 : r.web_origins) || [],
825
+ ...o.web_origins || []
827
826
  ],
828
827
  allowed_logout_urls: [
829
- ...(s == null ? void 0 : s.allowed_logout_urls) || [],
830
- ...c.allowed_logout_urls || []
828
+ ...(r == null ? void 0 : r.allowed_logout_urls) || [],
829
+ ...o.allowed_logout_urls || []
831
830
  ],
832
831
  callbacks: [
833
- ...(s == null ? void 0 : s.callbacks) || [],
834
- ...c.callbacks || []
832
+ ...(r == null ? void 0 : r.callbacks) || [],
833
+ ...o.callbacks || []
835
834
  ],
836
- connections: o,
837
- tenant: l
835
+ connections: d,
836
+ tenant: c
838
837
  };
839
838
  }
840
839
  },
841
840
  connections: {
842
841
  ...t.connections,
843
- get: async (a, c) => {
844
- const s = await t.connections.get(
842
+ get: async (a, o) => {
843
+ const r = await t.connections.get(
845
844
  a,
846
- c
845
+ o
847
846
  );
848
- if (!s || !n)
849
- return s;
847
+ if (!r || !n)
848
+ return r;
850
849
  const i = await t.connections.get(
851
850
  n,
852
- c
851
+ o
853
852
  );
854
853
  if (!i)
855
- return s;
856
- const p = G.parse({
854
+ return r;
855
+ const m = k.parse({
857
856
  ...i,
858
- ...s
857
+ ...r
859
858
  });
860
- return p.options = K.parse({
859
+ return m.options = D.parse({
861
860
  ...i.options || {},
862
- ...s.options
863
- }), p;
861
+ ...r.options
862
+ }), m;
864
863
  },
865
- list: async (a, c) => {
866
- const s = await t.connections.list(a, c);
864
+ list: async (a, o) => {
865
+ const r = await t.connections.list(a, o);
867
866
  if (!n || a === n)
868
- return s;
869
- const i = await t.connections.list(n), p = s.connections.map((o) => {
870
- var d;
871
- const l = (d = i.connections) == null ? void 0 : d.find(
872
- (m) => m.name === o.name
867
+ return r;
868
+ const i = await t.connections.list(n), m = r.connections.map((d) => {
869
+ var l;
870
+ const c = (l = i.connections) == null ? void 0 : l.find(
871
+ (u) => u.name === d.name
873
872
  );
874
- if (!(l != null && l.options))
875
- return o;
876
- const u = G.parse({
877
- ...l,
878
- ...o
873
+ if (!(c != null && c.options))
874
+ return d;
875
+ const p = k.parse({
876
+ ...c,
877
+ ...d
879
878
  });
880
- return u.options = K.parse({
881
- ...l.options || {},
882
- ...o.options
883
- }), u;
879
+ return p.options = D.parse({
880
+ ...c.options || {},
881
+ ...d.options
882
+ }), p;
884
883
  });
885
884
  return {
886
- ...s,
887
- connections: p
885
+ ...r,
886
+ connections: m
888
887
  };
889
888
  }
890
889
  }
@@ -897,108 +896,108 @@ function te(t, e) {
897
896
  // They remain part of ...baseAdapters and can be properly wrapped by caching.
898
897
  };
899
898
  }
900
- function Ie(t, e) {
901
- return te(t, e);
899
+ function me(t, e) {
900
+ return G(t, e);
902
901
  }
903
- const Me = te, Ne = Ie;
904
- function Pe(t) {
902
+ const Ce = G, Ie = me;
903
+ function pe(t) {
905
904
  return async (e, n) => {
906
905
  if (!t.accessControl)
907
906
  return n();
908
- const r = e.var.tenant_id, a = e.var.organization_id;
909
- if (!r)
910
- throw new S(400, {
907
+ const s = e.var.tenant_id, a = e.var.organization_id;
908
+ if (!s)
909
+ throw new C(400, {
911
910
  message: "Tenant ID not found in request"
912
911
  });
913
- if (!fe(
912
+ if (!ne(
914
913
  a,
915
- r,
914
+ s,
916
915
  t.accessControl.controlPlaneTenantId
917
916
  ))
918
- throw new S(403, {
919
- message: `Access denied to tenant ${r}`
917
+ throw new C(403, {
918
+ message: `Access denied to tenant ${s}`
920
919
  });
921
920
  return n();
922
921
  };
923
922
  }
924
- function De(t) {
923
+ function fe(t) {
925
924
  return async (e, n) => {
926
925
  if (!t.subdomainRouting)
927
926
  return n();
928
927
  const {
929
- baseDomain: r,
928
+ baseDomain: s,
930
929
  reservedSubdomains: a = [],
931
- resolveSubdomain: c
932
- } = t.subdomainRouting, s = e.req.header("host") || "";
930
+ resolveSubdomain: o
931
+ } = t.subdomainRouting, r = e.req.header("host") || "";
933
932
  let i = null;
934
- if (s.endsWith(r)) {
935
- const o = s.slice(0, -(r.length + 1));
936
- o && !o.includes(".") && (i = o);
933
+ if (r.endsWith(s)) {
934
+ const d = r.slice(0, -(s.length + 1));
935
+ d && !d.includes(".") && (i = d);
937
936
  }
938
937
  if (i && a.includes(i) && (i = null), !i)
939
938
  return t.accessControl && e.set("tenant_id", t.accessControl.controlPlaneTenantId), n();
940
- let p = null;
941
- if (c)
942
- p = await c(i);
939
+ let m = null;
940
+ if (o)
941
+ m = await o(i);
943
942
  else if (t.subdomainRouting.useOrganizations !== !1 && t.accessControl)
944
943
  try {
945
- const o = await e.env.data.organizations.get(
944
+ const d = await e.env.data.organizations.get(
946
945
  t.accessControl.controlPlaneTenantId,
947
946
  i
948
947
  );
949
- o && (p = o.id);
948
+ d && (m = d.id);
950
949
  } catch {
951
950
  }
952
- if (!p)
953
- throw new S(404, {
951
+ if (!m)
952
+ throw new C(404, {
954
953
  message: `Tenant not found for subdomain: ${i}`
955
954
  });
956
- return e.set("tenant_id", p), n();
955
+ return e.set("tenant_id", m), n();
957
956
  };
958
957
  }
959
- function $e(t) {
958
+ function ge(t) {
960
959
  return async (e, n) => {
961
960
  if (!t.databaseIsolation)
962
961
  return n();
963
- const r = e.var.tenant_id;
964
- if (!r)
965
- throw new S(400, {
962
+ const s = e.var.tenant_id;
963
+ if (!s)
964
+ throw new C(400, {
966
965
  message: "Tenant ID not found in request"
967
966
  });
968
967
  try {
969
- const a = await t.databaseIsolation.getAdapters(r);
968
+ const a = await t.databaseIsolation.getAdapters(s);
970
969
  e.env.data = a;
971
970
  } catch (a) {
972
971
  throw console.error(
973
- `Failed to resolve database for tenant ${r}:`,
972
+ `Failed to resolve database for tenant ${s}:`,
974
973
  a
975
- ), new S(500, {
974
+ ), new C(500, {
976
975
  message: "Failed to resolve tenant database"
977
976
  });
978
977
  }
979
978
  return n();
980
979
  };
981
980
  }
982
- function ne(t) {
983
- const e = De(t), n = Pe(t), r = $e(t);
984
- return async (a, c) => (await e(a, async () => {
981
+ function K(t) {
982
+ const e = fe(t), n = pe(t), s = ge(t);
983
+ return async (a, o) => (await e(a, async () => {
985
984
  }), await n(a, async () => {
986
- }), await r(a, async () => {
987
- }), c());
985
+ }), await s(a, async () => {
986
+ }), o());
988
987
  }
989
- function Ue(t) {
990
- const e = j(t);
988
+ function Pe(t) {
989
+ const e = q(t);
991
990
  return {
992
991
  name: "multi-tenancy",
993
992
  // Apply multi-tenancy middleware for subdomain routing, database resolution, etc.
994
- middleware: ne(t),
993
+ middleware: K(t),
995
994
  // Provide lifecycle hooks
996
995
  hooks: e,
997
996
  // Mount tenant management routes
998
997
  routes: [
999
998
  {
1000
999
  path: "/management",
1001
- handler: W(t, e)
1000
+ handler: B(t, e)
1002
1001
  }
1003
1002
  ],
1004
1003
  // Called when plugin is registered
@@ -1011,180 +1010,44 @@ function Ue(t) {
1011
1010
  }
1012
1011
  };
1013
1012
  }
1014
- function j(t) {
1015
- const e = t.accessControl ? pe(t.accessControl) : {}, n = t.databaseIsolation ? we(t.databaseIsolation) : {}, r = ge(t);
1013
+ function q(t) {
1014
+ const e = t.accessControl ? te(t.accessControl) : {}, n = t.databaseIsolation ? se(t.databaseIsolation) : {}, s = ae(t);
1016
1015
  return {
1017
1016
  ...e,
1018
1017
  ...n,
1019
- tenants: r
1018
+ tenants: s
1020
1019
  };
1021
1020
  }
1022
- function ze(t) {
1023
- const e = new ee(), n = j(t);
1024
- return e.route("/tenants", W(t, n)), e;
1021
+ function we(t) {
1022
+ const e = new Q(), n = q(t);
1023
+ return e.route("/tenants", B(t, n)), e;
1025
1024
  }
1026
- function Be(t) {
1025
+ function Se(t) {
1027
1026
  return {
1028
- hooks: j(t),
1029
- middleware: ne(t),
1030
- app: ze(t),
1027
+ hooks: q(t),
1028
+ middleware: K(t),
1029
+ app: we(t),
1031
1030
  config: t
1032
1031
  };
1033
1032
  }
1034
- function Ge(t) {
1035
- var A, $, b, y, C, P, q, R, D, Q, J, X, Y, Z;
1036
- const {
1037
- controlPlaneTenantId: e = "control_plane",
1038
- sync: n,
1039
- multiTenancy: r,
1040
- entityHooks: a,
1041
- ...c
1042
- } = t, s = {
1043
- ...r,
1044
- accessControl: {
1045
- controlPlaneTenantId: e,
1046
- requireOrganizationMatch: !1,
1047
- defaultPermissions: ["tenant:admin"],
1048
- ...r == null ? void 0 : r.accessControl
1049
- }
1050
- }, i = j(s), p = ((A = r == null ? void 0 : r.databaseIsolation) == null ? void 0 : A.getAdapters) ?? (async () => t.dataAdapter), { entityHooks: o, tenantHooks: l } = be({
1051
- controlPlaneTenantId: e,
1052
- getChildTenantIds: async () => (await F(
1053
- (T) => t.dataAdapter.tenants.list(T),
1054
- "tenants",
1055
- { cursorField: "id", pageSize: 100 }
1056
- )).filter((T) => T.id !== e).map((T) => T.id),
1057
- getAdapters: p,
1058
- getControlPlaneAdapters: async () => p(e),
1059
- sync: n
1060
- });
1061
- function u(I, T) {
1062
- if (!(!I && !T))
1063
- return I ? T ? async (...re) => {
1064
- const O = [];
1065
- for (const M of [I, T])
1066
- try {
1067
- await M(...re);
1068
- } catch (N) {
1069
- O.push(N instanceof Error ? N : new Error(String(N)));
1070
- }
1071
- if (O.length === 1) throw O[0];
1072
- if (O.length > 1)
1073
- throw new AggregateError(
1074
- O,
1075
- O.map((M) => M.message).join("; ")
1076
- );
1077
- } : I : T;
1078
- }
1079
- const d = {
1080
- ...a,
1081
- resourceServers: o != null && o.resourceServers ? {
1082
- ...a == null ? void 0 : a.resourceServers,
1083
- afterCreate: u(
1084
- ($ = a == null ? void 0 : a.resourceServers) == null ? void 0 : $.afterCreate,
1085
- o.resourceServers.afterCreate
1086
- ),
1087
- afterUpdate: u(
1088
- (b = a == null ? void 0 : a.resourceServers) == null ? void 0 : b.afterUpdate,
1089
- o.resourceServers.afterUpdate
1090
- ),
1091
- beforeDelete: u(
1092
- (y = a == null ? void 0 : a.resourceServers) == null ? void 0 : y.beforeDelete,
1093
- o.resourceServers.beforeDelete
1094
- ),
1095
- afterDelete: u(
1096
- (C = a == null ? void 0 : a.resourceServers) == null ? void 0 : C.afterDelete,
1097
- o.resourceServers.afterDelete
1098
- )
1099
- } : a == null ? void 0 : a.resourceServers,
1100
- roles: o != null && o.roles ? {
1101
- ...a == null ? void 0 : a.roles,
1102
- afterCreate: u(
1103
- (P = a == null ? void 0 : a.roles) == null ? void 0 : P.afterCreate,
1104
- o.roles.afterCreate
1105
- ),
1106
- afterUpdate: u(
1107
- (q = a == null ? void 0 : a.roles) == null ? void 0 : q.afterUpdate,
1108
- o.roles.afterUpdate
1109
- ),
1110
- beforeDelete: u(
1111
- (R = a == null ? void 0 : a.roles) == null ? void 0 : R.beforeDelete,
1112
- o.roles.beforeDelete
1113
- ),
1114
- afterDelete: u(
1115
- (D = a == null ? void 0 : a.roles) == null ? void 0 : D.afterDelete,
1116
- o.roles.afterDelete
1117
- )
1118
- } : a == null ? void 0 : a.roles,
1119
- connections: o != null && o.connections ? {
1120
- ...a == null ? void 0 : a.connections,
1121
- afterCreate: u(
1122
- (Q = a == null ? void 0 : a.connections) == null ? void 0 : Q.afterCreate,
1123
- o.connections.afterCreate
1124
- ),
1125
- afterUpdate: u(
1126
- (J = a == null ? void 0 : a.connections) == null ? void 0 : J.afterUpdate,
1127
- o.connections.afterUpdate
1128
- ),
1129
- beforeDelete: u(
1130
- (X = a == null ? void 0 : a.connections) == null ? void 0 : X.beforeDelete,
1131
- o.connections.beforeDelete
1132
- ),
1133
- afterDelete: u(
1134
- (Y = a == null ? void 0 : a.connections) == null ? void 0 : Y.afterDelete,
1135
- o.connections.afterDelete
1136
- )
1137
- } : a == null ? void 0 : a.connections,
1138
- // Note: tenant sync hooks are only attached to combinedTenantHooks (for router use)
1139
- // to avoid duplicate execution. The entityHooks.tenants doesn't need the sync hook.
1140
- tenants: a == null ? void 0 : a.tenants
1141
- }, m = {
1142
- ...i,
1143
- tenants: l ? {
1144
- ...i.tenants,
1145
- afterCreate: u(
1146
- (Z = i.tenants) == null ? void 0 : Z.afterCreate,
1147
- l.afterCreate
1148
- )
1149
- } : i.tenants
1150
- }, f = W(
1151
- s,
1152
- m
1153
- ), w = le({
1154
- ...c,
1155
- entityHooks: d,
1156
- managementApiExtensions: [
1157
- ...c.managementApiExtensions || [],
1158
- { path: "/tenants", router: f }
1159
- ]
1160
- }), { app: g, managementApp: h, ...v } = w, _ = new ee();
1161
- return _.onError((I, T) => I instanceof S ? I.getResponse() : (console.error(I), T.json({ message: "Internal Server Error" }, 500))), _.use("/api/v2/*", Se()), _.route("/", g), {
1162
- app: _,
1163
- managementApp: h,
1164
- ...v,
1165
- multiTenancyConfig: s,
1166
- multiTenancyHooks: i
1167
- };
1168
- }
1169
1033
  export {
1170
- pe as createAccessControlHooks,
1171
- Pe as createAccessControlMiddleware,
1172
- we as createDatabaseHooks,
1173
- $e as createDatabaseMiddleware,
1174
- ze as createMultiTenancy,
1175
- j as createMultiTenancyHooks,
1176
- ne as createMultiTenancyMiddleware,
1177
- Ue as createMultiTenancyPlugin,
1178
- Se as createProtectSyncedMiddleware,
1179
- ge as createProvisioningHooks,
1180
- te as createRuntimeFallbackAdapter,
1181
- Me as createSettingsInheritanceAdapter,
1182
- De as createSubdomainMiddleware,
1183
- be as createSyncHooks,
1184
- W as createTenantsOpenAPIRouter,
1185
- Ge as init,
1186
- Be as setupMultiTenancy,
1187
- fe as validateTenantAccess,
1188
- Ie as withRuntimeFallback,
1189
- Ne as withSettingsInheritance
1034
+ te as createAccessControlHooks,
1035
+ pe as createAccessControlMiddleware,
1036
+ se as createDatabaseHooks,
1037
+ ge as createDatabaseMiddleware,
1038
+ we as createMultiTenancy,
1039
+ q as createMultiTenancyHooks,
1040
+ K as createMultiTenancyMiddleware,
1041
+ Pe as createMultiTenancyPlugin,
1042
+ Ae as createProtectSyncedMiddleware,
1043
+ ae as createProvisioningHooks,
1044
+ G as createRuntimeFallbackAdapter,
1045
+ Ce as createSettingsInheritanceAdapter,
1046
+ fe as createSubdomainMiddleware,
1047
+ Te as createSyncHooks,
1048
+ B as createTenantsOpenAPIRouter,
1049
+ Se as setupMultiTenancy,
1050
+ ne as validateTenantAccess,
1051
+ me as withRuntimeFallback,
1052
+ Ie as withSettingsInheritance
1190
1053
  };