@authhero/multi-tenancy 13.17.0 → 13.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +66 -24
  2. package/dist/multi-tenancy.cjs +1 -1
  3. package/dist/multi-tenancy.d.ts +25843 -15
  4. package/dist/multi-tenancy.mjs +484 -425
  5. package/package.json +4 -4
package/dist/multi-tenancy.mjs CHANGED
@@ -1,96 +1,96 @@
1
1
  var V = Object.defineProperty;
2
- var W = (t, e, n) => e in t ? V(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
3
- var O = (t, e, n) => W(t, typeof e != "symbol" ? e + "" : e, n);
2
+ var W = (n, e, t) => e in n ? V(n, e, { enumerable: !0, configurable: !0, writable: !0, value: t }) : n[e] = t;
3
+ var O = (n, e, t) => W(n, typeof e != "symbol" ? e + "" : e, t);
4
4
  import { Hono as Q } from "hono";
5
- import { getTenantAudience as J, MANAGEMENT_API_SCOPES as X, MANAGEMENT_API_AUDIENCE as Y, fetchAll as z } from "authhero";
6
- import { OpenAPIHono as Z, createRoute as R, z as I } from "@hono/zod-openapi";
7
- import { auth0QuerySchema as x, tenantSchema as j, tenantInsertSchema as ee, connectionSchema as k, connectionOptionsSchema as D } from "@authhero/adapter-interfaces";
8
- function te(t) {
9
- const { controlPlaneTenantId: e, requireOrganizationMatch: n = !0 } = t;
5
+ import { getTenantAudience as J, MANAGEMENT_API_SCOPES as X, MANAGEMENT_API_AUDIENCE as Y, fetchAll as $, init as Z } from "authhero";
6
+ import { OpenAPIHono as x, createRoute as R, z as I } from "@hono/zod-openapi";
7
+ import { auth0QuerySchema as ee, tenantSchema as N, tenantInsertSchema as te, connectionSchema as D, connectionOptionsSchema as F } from "@authhero/adapter-interfaces";
8
+ function ne(n) {
9
+ const { controlPlaneTenantId: e, requireOrganizationMatch: t = !0 } = n;
10
10
  return {
11
- async onTenantAccessValidation(s, a) {
12
- if (a === e)
11
+ async onTenantAccessValidation(s, r) {
12
+ if (r === e)
13
13
  return !0;
14
- if (n) {
15
- const o = s.var.org_name, r = s.var.organization_id, i = o || r;
16
- return i ? i === a : !1;
14
+ if (t) {
15
+ const i = s.var.org_name, o = s.var.organization_id, a = i || o;
16
+ return a ? a === r : !1;
17
17
  }
18
18
  return !0;
19
19
  }
20
20
  };
21
21
  }
22
- function ne(t, e, n, s) {
23
- if (e === n)
22
+ function se(n, e, t, s) {
23
+ if (e === t)
24
24
  return !0;
25
- const a = s || t;
26
- return a ? a === e : !1;
25
+ const r = s || n;
26
+ return r ? r === e : !1;
27
27
  }
28
- function se(t) {
28
+ function re(n) {
29
29
  return {
30
30
  async resolveDataAdapters(e) {
31
31
  try {
32
- return await t.getAdapters(e);
33
- } catch (n) {
32
+ return await n.getAdapters(e);
33
+ } catch (t) {
34
34
  console.error(
35
35
  `Failed to resolve data adapters for tenant ${e}:`,
36
- n
36
+ t
37
37
  );
38
38
  return;
39
39
  }
40
40
  }
41
41
  };
42
42
  }
43
- function ae(t) {
43
+ function ae(n) {
44
44
  return {
45
- async beforeCreate(e, n) {
46
- return !n.audience && n.id ? {
47
- ...n,
48
- audience: J(n.id)
49
- } : n;
45
+ async beforeCreate(e, t) {
46
+ return !t.audience && t.id ? {
47
+ ...t,
48
+ audience: J(t.id)
49
+ } : t;
50
50
  },
51
- async afterCreate(e, n) {
52
- const { accessControl: s, databaseIsolation: a } = t;
53
- s && e.ctx && await re(e, n, s), a != null && a.onProvision && await a.onProvision(n.id);
51
+ async afterCreate(e, t) {
52
+ const { accessControl: s, databaseIsolation: r } = n;
53
+ s && e.ctx && await oe(e, t, s), r != null && r.onProvision && await r.onProvision(t.id);
54
54
  },
55
- async beforeDelete(e, n) {
56
- const { accessControl: s, databaseIsolation: a } = t;
55
+ async beforeDelete(e, t) {
56
+ const { accessControl: s, databaseIsolation: r } = n;
57
57
  if (s)
58
58
  try {
59
- const r = (await e.adapters.organizations.list(
59
+ const o = (await e.adapters.organizations.list(
60
60
  s.controlPlaneTenantId
61
- )).organizations.find((i) => i.name === n);
62
- r && await e.adapters.organizations.remove(
61
+ )).organizations.find((a) => a.name === t);
62
+ o && await e.adapters.organizations.remove(
63
63
  s.controlPlaneTenantId,
64
- r.id
64
+ o.id
65
65
  );
66
- } catch (o) {
66
+ } catch (i) {
67
67
  console.warn(
68
- `Failed to remove organization for tenant ${n}:`,
69
- o
68
+ `Failed to remove organization for tenant ${t}:`,
69
+ i
70
70
  );
71
71
  }
72
- if (a != null && a.onDeprovision)
72
+ if (r != null && r.onDeprovision)
73
73
  try {
74
- await a.onDeprovision(n);
75
- } catch (o) {
74
+ await r.onDeprovision(t);
75
+ } catch (i) {
76
76
  console.warn(
77
- `Failed to deprovision database for tenant ${n}:`,
78
- o
77
+ `Failed to deprovision database for tenant ${t}:`,
78
+ i
79
79
  );
80
80
  }
81
81
  }
82
82
  };
83
83
  }
84
- async function re(t, e, n) {
84
+ async function oe(n, e, t) {
85
85
  const {
86
86
  controlPlaneTenantId: s,
87
- defaultPermissions: a,
88
- defaultRoles: o,
89
- issuer: r,
90
- adminRoleName: i = "Tenant Admin",
87
+ defaultPermissions: r,
88
+ defaultRoles: i,
89
+ issuer: o,
90
+ adminRoleName: a = "Tenant Admin",
91
91
  adminRoleDescription: m = "Full access to all tenant management operations",
92
92
  addCreatorToOrganization: d = !0
93
- } = n, c = await t.adapters.organizations.create(
93
+ } = t, c = await n.adapters.organizations.create(
94
94
  s,
95
95
  {
96
96
  name: e.id,
@@ -98,80 +98,80 @@ async function re(t, e, n) {
98
98
  }
99
99
  );
100
100
  let p;
101
- if (r && (p = await ie(
102
- t,
101
+ if (o && (p = await ce(
102
+ n,
103
103
  s,
104
- i,
104
+ a,
105
105
  m
106
- )), d && t.ctx) {
107
- const l = t.ctx.var.user;
108
- if (l != null && l.sub && !await oe(
109
- t,
106
+ )), d && n.ctx) {
107
+ const l = n.ctx.var.user;
108
+ if (l != null && l.sub && !await ie(
109
+ n,
110
110
  s,
111
111
  l.sub
112
112
  ))
113
113
  try {
114
- await t.adapters.userOrganizations.create(s, {
114
+ await n.adapters.userOrganizations.create(s, {
115
115
  user_id: l.sub,
116
116
  organization_id: c.id
117
- }), p && await t.adapters.userRoles.create(
117
+ }), p && await n.adapters.userRoles.create(
118
118
  s,
119
119
  l.sub,
120
120
  p,
121
121
  c.id
122
122
  // organizationId
123
123
  );
124
- } catch (f) {
124
+ } catch (w) {
125
125
  console.warn(
126
126
  `Failed to add creator ${l.sub} to organization ${c.id}:`,
127
- f
127
+ w
128
128
  );
129
129
  }
130
130
  }
131
- o && o.length > 0 && console.log(
132
- `Would assign roles ${o.join(", ")} to organization ${c.id}`
133
- ), a && a.length > 0 && console.log(
134
- `Would grant permissions ${a.join(", ")} to organization ${c.id}`
131
+ i && i.length > 0 && console.log(
132
+ `Would assign roles ${i.join(", ")} to organization ${c.id}`
133
+ ), r && r.length > 0 && console.log(
134
+ `Would grant permissions ${r.join(", ")} to organization ${c.id}`
135
135
  );
136
136
  }
137
- async function oe(t, e, n) {
138
- const s = await t.adapters.userRoles.list(
137
+ async function ie(n, e, t) {
138
+ const s = await n.adapters.userRoles.list(
139
139
  e,
140
- n,
140
+ t,
141
141
  void 0,
142
142
  ""
143
143
  // Empty string for global roles
144
144
  );
145
- for (const a of s)
146
- if ((await t.adapters.rolePermissions.list(
145
+ for (const r of s)
146
+ if ((await n.adapters.rolePermissions.list(
147
147
  e,
148
- a.id,
148
+ r.id,
149
149
  { per_page: 1e3 }
150
150
  )).some(
151
- (i) => i.permission_name === "admin:organizations"
151
+ (a) => a.permission_name === "admin:organizations"
152
152
  ))
153
153
  return !0;
154
154
  return !1;
155
155
  }
156
- async function ie(t, e, n, s) {
157
- const o = (await t.adapters.roles.list(e, {})).roles.find((d) => d.name === n);
158
- if (o)
159
- return o.id;
160
- const r = await t.adapters.roles.create(e, {
161
- name: n,
156
+ async function ce(n, e, t, s) {
157
+ const i = (await n.adapters.roles.list(e, {})).roles.find((d) => d.name === t);
158
+ if (i)
159
+ return i.id;
160
+ const o = await n.adapters.roles.create(e, {
161
+ name: t,
162
162
  description: s
163
- }), i = Y, m = X.map((d) => ({
164
- role_id: r.id,
165
- resource_server_identifier: i,
163
+ }), a = Y, m = X.map((d) => ({
164
+ role_id: o.id,
165
+ resource_server_identifier: a,
166
166
  permission_name: d.value
167
167
  }));
168
- return await t.adapters.rolePermissions.assign(
168
+ return await n.adapters.rolePermissions.assign(
169
169
  e,
170
- r.id,
170
+ o.id,
171
171
  m
172
- ), r.id;
172
+ ), o.id;
173
173
  }
174
- const ce = [
174
+ const le = [
175
175
  "client_id",
176
176
  "client_secret",
177
177
  "app_secret",
@@ -180,44 +180,44 @@ const ce = [
180
180
  "twilio_sid",
181
181
  "twilio_token"
182
182
  ];
183
- function E(t, e, n = () => !0) {
184
- const { controlPlaneTenantId: s, getChildTenantIds: a, getAdapters: o } = t, r = /* @__PURE__ */ new Map();
185
- async function i(c, p, l) {
183
+ function q(n, e, t = () => !0) {
184
+ const { controlPlaneTenantId: s, getChildTenantIds: r, getAdapters: i } = n, o = /* @__PURE__ */ new Map();
185
+ async function a(c, p, l) {
186
186
  return (await e(c).list(p, {
187
187
  q: `name:${l}`,
188
188
  per_page: 1
189
189
  }))[0] ?? null;
190
190
  }
191
191
  async function m(c) {
192
- const p = await a(), l = e(await o(s));
192
+ const p = await r(), l = e(await i(s));
193
193
  await Promise.all(
194
194
  p.map(async (u) => {
195
195
  try {
196
- const f = await o(u), g = e(f), h = {
196
+ const w = await i(u), g = e(w), h = {
197
197
  ...l.transform(c),
198
198
  is_system: !0
199
- }, y = await i(f, u, c.name), v = y ? g.getId(y) : void 0;
199
+ }, y = await a(w, u, c.name), v = y ? g.getId(y) : void 0;
200
200
  if (y && v) {
201
- const A = g.preserveOnUpdate ? g.preserveOnUpdate(y, h) : h;
202
- await g.update(u, v, A);
201
+ const b = g.preserveOnUpdate ? g.preserveOnUpdate(y, h) : h;
202
+ await g.update(u, v, b);
203
203
  } else
204
204
  await g.create(u, h);
205
- } catch (f) {
205
+ } catch (w) {
206
206
  console.error(
207
207
  `Failed to sync ${l.listKey} "${c.name}" to tenant "${u}":`,
208
- f
208
+ w
209
209
  );
210
210
  }
211
211
  })
212
212
  );
213
213
  }
214
214
  async function d(c) {
215
- const p = await a();
215
+ const p = await r();
216
216
  await Promise.all(
217
217
  p.map(async (l) => {
218
218
  try {
219
- const u = await o(l), f = e(u), g = await i(u, l, c), w = g ? f.getId(g) : void 0;
220
- g && w && await f.remove(l, w);
219
+ const u = await i(l), w = e(u), g = await a(u, l, c), f = g ? w.getId(g) : void 0;
220
+ g && f && await w.remove(l, f);
221
221
  } catch (u) {
222
222
  console.error(
223
223
  `Failed to delete entity "${c}" from tenant "${l}":`,
@@ -229,66 +229,66 @@ function E(t, e, n = () => !0) {
229
229
  }
230
230
  return {
231
231
  afterCreate: async (c, p) => {
232
- c.tenantId === s && n(p) && await m(p);
232
+ c.tenantId === s && t(p) && await m(p);
233
233
  },
234
234
  afterUpdate: async (c, p, l) => {
235
- c.tenantId === s && n(l) && await m(l);
235
+ c.tenantId === s && t(l) && await m(l);
236
236
  },
237
237
  beforeDelete: async (c, p) => {
238
238
  if (c.tenantId !== s) return;
239
239
  const u = await e(c.adapters).get(c.tenantId, p);
240
- u && n(u) && r.set(p, u);
240
+ u && t(u) && o.set(p, u);
241
241
  },
242
242
  afterDelete: async (c, p) => {
243
243
  if (c.tenantId !== s) return;
244
- const l = r.get(p);
245
- l && (r.delete(p), await d(l.name));
244
+ const l = o.get(p);
245
+ l && (o.delete(p), await d(l.name));
246
246
  }
247
247
  };
248
248
  }
249
- function F(t, e, n = () => !0) {
250
- const { controlPlaneTenantId: s, getControlPlaneAdapters: a, getAdapters: o } = t;
249
+ function M(n, e, t = () => !0) {
250
+ const { controlPlaneTenantId: s, getControlPlaneAdapters: r, getAdapters: i } = n;
251
251
  return {
252
- async afterCreate(r, i) {
253
- if (i.id !== s)
252
+ async afterCreate(o, a) {
253
+ if (a.id !== s)
254
254
  try {
255
- const m = await a(), d = await o(i.id), c = e(m), p = e(d), l = await z(
255
+ const m = await r(), d = await i(a.id), c = e(m), p = e(d), l = await $(
256
256
  (u) => c.listPaginated(s, u),
257
257
  c.listKey,
258
258
  { cursorField: "id", pageSize: 100 }
259
259
  );
260
260
  await Promise.all(
261
- l.filter((u) => n(u)).map(async (u) => {
261
+ l.filter((u) => t(u)).map(async (u) => {
262
262
  try {
263
- const f = c.transform(u);
264
- await p.create(i.id, {
265
- ...f,
263
+ const w = c.transform(u);
264
+ await p.create(a.id, {
265
+ ...w,
266
266
  is_system: !0
267
267
  });
268
- } catch (f) {
268
+ } catch (w) {
269
269
  console.error(
270
- `Failed to sync entity to new tenant "${i.id}":`,
271
- f
270
+ `Failed to sync entity to new tenant "${a.id}":`,
271
+ w
272
272
  );
273
273
  }
274
274
  })
275
275
  );
276
276
  } catch (m) {
277
277
  console.error(
278
- `Failed to sync entities to new tenant "${i.id}":`,
278
+ `Failed to sync entities to new tenant "${a.id}":`,
279
279
  m
280
280
  );
281
281
  }
282
282
  }
283
283
  };
284
284
  }
285
- const N = (t) => ({
286
- list: async (e, n) => (await t.resourceServers.list(e, n)).resource_servers,
287
- listPaginated: (e, n) => t.resourceServers.list(e, n),
288
- get: (e, n) => t.resourceServers.get(e, n),
289
- create: (e, n) => t.resourceServers.create(e, n),
290
- update: (e, n, s) => t.resourceServers.update(e, n, s),
291
- remove: (e, n) => t.resourceServers.remove(e, n),
285
+ const H = (n) => ({
286
+ list: async (e, t) => (await n.resourceServers.list(e, t)).resource_servers,
287
+ listPaginated: (e, t) => n.resourceServers.list(e, t),
288
+ get: (e, t) => n.resourceServers.get(e, t),
289
+ create: (e, t) => n.resourceServers.create(e, t),
290
+ update: (e, t, s) => n.resourceServers.update(e, t, s),
291
+ remove: (e, t) => n.resourceServers.remove(e, t),
292
292
  listKey: "resource_servers",
293
293
  getId: (e) => e.id,
294
294
  transform: (e) => ({
@@ -300,13 +300,13 @@ const N = (t) => ({
300
300
  token_lifetime: e.token_lifetime,
301
301
  token_lifetime_for_web: e.token_lifetime_for_web
302
302
  })
303
- }), H = (t) => ({
304
- list: async (e, n) => (await t.roles.list(e, n)).roles,
305
- listPaginated: (e, n) => t.roles.list(e, n),
306
- get: (e, n) => t.roles.get(e, n),
307
- create: (e, n) => t.roles.create(e, n),
308
- update: (e, n, s) => t.roles.update(e, n, s),
309
- remove: (e, n) => t.roles.remove(e, n),
303
+ }), G = (n) => ({
304
+ list: async (e, t) => (await n.roles.list(e, t)).roles,
305
+ listPaginated: (e, t) => n.roles.list(e, t),
306
+ get: (e, t) => n.roles.get(e, t),
307
+ create: (e, t) => n.roles.create(e, t),
308
+ update: (e, t, s) => n.roles.update(e, t, s),
309
+ remove: (e, t) => n.roles.remove(e, t),
310
310
  listKey: "roles",
311
311
  getId: (e) => e.id,
312
312
  transform: (e) => ({
@@ -314,25 +314,25 @@ const N = (t) => ({
314
314
  name: e.name,
315
315
  description: e.description
316
316
  })
317
- }), U = (t) => ({
318
- list: async (e, n) => (await t.connections.list(e, n)).connections,
319
- listPaginated: (e, n) => t.connections.list(e, n),
320
- get: (e, n) => t.connections.get(e, n),
321
- create: (e, n) => t.connections.create(e, n),
322
- update: (e, n, s) => t.connections.update(e, n, s),
323
- remove: (e, n) => t.connections.remove(e, n),
317
+ }), U = (n) => ({
318
+ list: async (e, t) => (await n.connections.list(e, t)).connections,
319
+ listPaginated: (e, t) => n.connections.list(e, t),
320
+ get: (e, t) => n.connections.get(e, t),
321
+ create: (e, t) => n.connections.create(e, t),
322
+ update: (e, t, s) => n.connections.update(e, t, s),
323
+ remove: (e, t) => n.connections.remove(e, t),
324
324
  listKey: "connections",
325
325
  getId: (e) => e.id,
326
326
  transform: (e) => {
327
- const n = e.options ? { ...e.options } : {};
328
- for (const s of ce)
329
- delete n[s];
327
+ const t = e.options ? { ...e.options } : {};
328
+ for (const s of le)
329
+ delete t[s];
330
330
  return {
331
331
  id: e.id,
332
332
  name: e.name,
333
333
  display_name: e.display_name,
334
334
  strategy: e.strategy,
335
- options: n,
335
+ options: t,
336
336
  response_type: e.response_type,
337
337
  response_mode: e.response_mode,
338
338
  is_domain_connection: e.is_domain_connection,
@@ -340,12 +340,12 @@ const N = (t) => ({
340
340
  metadata: e.metadata
341
341
  };
342
342
  },
343
- preserveOnUpdate: (e, n) => {
343
+ preserveOnUpdate: (e, t) => {
344
344
  const s = e.options || {};
345
345
  return {
346
- ...n,
346
+ ...t,
347
347
  options: {
348
- ...n.options,
348
+ ...t.options,
349
349
  client_id: s.client_id,
350
350
  client_secret: s.client_secret,
351
351
  app_secret: s.app_secret,
@@ -357,111 +357,111 @@ const N = (t) => ({
357
357
  };
358
358
  }
359
359
  });
360
- function Te(t) {
361
- const { sync: e = {}, filters: n = {} } = t, s = e.resourceServers ?? !0, a = e.roles ?? !0, o = e.connections ?? !0, r = s ? E(
362
- t,
363
- N,
364
- n.resourceServers
365
- ) : void 0, i = a ? E(
366
- t,
360
+ function de(n) {
361
+ const { sync: e = {}, filters: t = {} } = n, s = e.resourceServers ?? !0, r = e.roles ?? !0, i = e.connections ?? !0, o = s ? q(
362
+ n,
367
363
  H,
368
- n.roles
369
- ) : void 0, m = o ? E(
370
- t,
364
+ t.resourceServers
365
+ ) : void 0, a = r ? q(
366
+ n,
367
+ G,
368
+ t.roles
369
+ ) : void 0, m = i ? q(
370
+ n,
371
371
  U,
372
- n.connections
373
- ) : void 0, d = s ? F(
374
- t,
375
- N,
376
- n.resourceServers
377
- ) : void 0, c = a ? F(
378
- t,
372
+ t.connections
373
+ ) : void 0, d = s ? M(
374
+ n,
379
375
  H,
380
- n.roles
381
- ) : void 0, p = o ? F(
382
- t,
376
+ t.resourceServers
377
+ ) : void 0, c = r ? M(
378
+ n,
379
+ G,
380
+ t.roles
381
+ ) : void 0, p = i ? M(
382
+ n,
383
383
  U,
384
- n.connections
385
- ) : void 0, l = a ? {
386
- async afterCreate(g, w) {
384
+ t.connections
385
+ ) : void 0, l = r ? {
386
+ async afterCreate(g, f) {
387
387
  var h;
388
- if (w.id !== t.controlPlaneTenantId) {
389
- await ((h = c == null ? void 0 : c.afterCreate) == null ? void 0 : h.call(c, g, w));
388
+ if (f.id !== n.controlPlaneTenantId) {
389
+ await ((h = c == null ? void 0 : c.afterCreate) == null ? void 0 : h.call(c, g, f));
390
390
  try {
391
- const y = await t.getControlPlaneAdapters(), v = await t.getAdapters(w.id), A = await z(
392
- (b) => y.roles.list(
393
- t.controlPlaneTenantId,
394
- b
391
+ const y = await n.getControlPlaneAdapters(), v = await n.getAdapters(f.id), b = await $(
392
+ (_) => y.roles.list(
393
+ n.controlPlaneTenantId,
394
+ _
395
395
  ),
396
396
  "roles",
397
397
  { cursorField: "id", pageSize: 100 }
398
- ), $ = /* @__PURE__ */ new Map();
399
- for (const b of A.filter(
400
- (_) => {
401
- var T;
402
- return ((T = n.roles) == null ? void 0 : T.call(n, _)) ?? !0;
398
+ ), S = /* @__PURE__ */ new Map();
399
+ for (const _ of b.filter(
400
+ (T) => {
401
+ var A;
402
+ return ((A = t.roles) == null ? void 0 : A.call(t, T)) ?? !0;
403
403
  }
404
404
  )) {
405
- const _ = await u(
405
+ const T = await u(
406
406
  v,
407
- w.id,
408
- b.name
407
+ f.id,
408
+ _.name
409
409
  );
410
- _ && $.set(b.name, _.id);
410
+ T && S.set(_.name, T.id);
411
411
  }
412
- for (const b of A.filter(
413
- (_) => {
414
- var T;
415
- return ((T = n.roles) == null ? void 0 : T.call(n, _)) ?? !0;
412
+ for (const _ of b.filter(
413
+ (T) => {
414
+ var A;
415
+ return ((A = t.roles) == null ? void 0 : A.call(t, T)) ?? !0;
416
416
  }
417
417
  )) {
418
- const _ = $.get(b.name);
419
- if (_)
418
+ const T = S.get(_.name);
419
+ if (T)
420
420
  try {
421
- const T = await y.rolePermissions.list(
422
- t.controlPlaneTenantId,
423
- b.id,
421
+ const A = await y.rolePermissions.list(
422
+ n.controlPlaneTenantId,
423
+ _.id,
424
424
  {}
425
425
  );
426
- T.length > 0 && await v.rolePermissions.assign(
427
- w.id,
428
- _,
429
- T.map((P) => ({
430
- role_id: _,
426
+ A.length > 0 && await v.rolePermissions.assign(
427
+ f.id,
428
+ T,
429
+ A.map((P) => ({
430
+ role_id: T,
431
431
  resource_server_identifier: P.resource_server_identifier,
432
432
  permission_name: P.permission_name
433
433
  }))
434
434
  );
435
- } catch (T) {
435
+ } catch (A) {
436
436
  console.error(
437
- `Failed to sync permissions for role "${b.name}" to tenant "${w.id}":`,
438
- T
437
+ `Failed to sync permissions for role "${_.name}" to tenant "${f.id}":`,
438
+ A
439
439
  );
440
440
  }
441
441
  }
442
442
  } catch (y) {
443
443
  console.error(
444
- `Failed to sync role permissions to tenant "${w.id}":`,
444
+ `Failed to sync role permissions to tenant "${f.id}":`,
445
445
  y
446
446
  );
447
447
  }
448
448
  }
449
449
  }
450
450
  } : void 0;
451
- async function u(g, w, h) {
452
- return (await g.roles.list(w, {
451
+ async function u(g, f, h) {
452
+ return (await g.roles.list(f, {
453
453
  q: `name:${h}`,
454
454
  per_page: 1
455
455
  })).roles[0] ?? null;
456
456
  }
457
457
  return {
458
458
  entityHooks: {
459
- resourceServers: r,
460
- roles: i,
459
+ resourceServers: o,
460
+ roles: a,
461
461
  connections: m
462
462
  },
463
463
  tenantHooks: {
464
- async afterCreate(g, w) {
464
+ async afterCreate(g, f) {
465
465
  const h = [
466
466
  d == null ? void 0 : d.afterCreate,
467
467
  (l == null ? void 0 : l.afterCreate) ?? (c == null ? void 0 : c.afterCreate),
@@ -470,9 +470,9 @@ function Te(t) {
470
470
  for (const v of h)
471
471
  if (v)
472
472
  try {
473
- await v(g, w);
474
- } catch (A) {
475
- y.push(A instanceof Error ? A : new Error(String(A)));
473
+ await v(g, f);
474
+ } catch (b) {
475
+ y.push(b instanceof Error ? b : new Error(String(b)));
476
476
  }
477
477
  if (y.length === 1) throw y[0];
478
478
  if (y.length > 1)
@@ -490,11 +490,11 @@ var C = class extends Error {
490
490
  * @param status - HTTP status code for the exception. Defaults to 500.
491
491
  * @param options - Additional options for the exception.
492
492
  */
493
- constructor(e = 500, n) {
494
- super(n == null ? void 0 : n.message, { cause: n == null ? void 0 : n.cause });
493
+ constructor(e = 500, t) {
494
+ super(t == null ? void 0 : t.message, { cause: t == null ? void 0 : t.cause });
495
495
  O(this, "res");
496
496
  O(this, "status");
497
- this.res = n == null ? void 0 : n.res, this.status = e;
497
+ this.res = t == null ? void 0 : t.res, this.status = e;
498
498
  }
499
499
  /**
500
500
  * Returns the response object associated with the exception.
@@ -510,15 +510,15 @@ var C = class extends Error {
510
510
  });
511
511
  }
512
512
  };
513
- function B(t, e) {
514
- const n = new Z();
515
- return n.openapi(
513
+ function k(n, e) {
514
+ const t = new x();
515
+ return t.openapi(
516
516
  R({
517
517
  tags: ["tenants"],
518
518
  method: "get",
519
519
  path: "/",
520
520
  request: {
521
- query: x
521
+ query: ee
522
522
  },
523
523
  security: [
524
524
  {
@@ -530,7 +530,7 @@ function B(t, e) {
530
530
  content: {
531
531
  "application/json": {
532
532
  schema: I.object({
533
- tenants: I.array(j),
533
+ tenants: I.array(N),
534
534
  start: I.number().optional(),
535
535
  limit: I.number().optional(),
536
536
  length: I.number().optional()
@@ -542,73 +542,73 @@ function B(t, e) {
542
542
  }
543
543
  }),
544
544
  async (s) => {
545
- var u, f, g, w;
546
- const a = s.req.valid("query"), { page: o, per_page: r, include_totals: i, q: m } = a, d = s.var.user, c = (d == null ? void 0 : d.permissions) || [];
545
+ var u, w, g, f;
546
+ const r = s.req.valid("query"), { page: i, per_page: o, include_totals: a, q: m } = r, d = s.var.user, c = (d == null ? void 0 : d.permissions) || [];
547
547
  if (c.includes("auth:read") || c.includes("admin:organizations")) {
548
548
  const h = await s.env.data.tenants.list({
549
- page: o,
550
- per_page: r,
551
- include_totals: i,
549
+ page: i,
550
+ per_page: o,
551
+ include_totals: a,
552
552
  q: m
553
553
  });
554
- return i ? s.json({
554
+ return a ? s.json({
555
555
  tenants: h.tenants,
556
556
  start: ((u = h.totals) == null ? void 0 : u.start) ?? 0,
557
- limit: ((f = h.totals) == null ? void 0 : f.limit) ?? r,
557
+ limit: ((w = h.totals) == null ? void 0 : w.limit) ?? o,
558
558
  length: h.tenants.length
559
559
  }) : s.json({ tenants: h.tenants });
560
560
  }
561
- if (t.accessControl && (d != null && d.sub)) {
562
- const h = t.accessControl.controlPlaneTenantId, v = (await z(
563
- (S) => s.env.data.userOrganizations.listUserOrganizations(
561
+ if (n.accessControl && (d != null && d.sub)) {
562
+ const h = n.accessControl.controlPlaneTenantId, v = (await $(
563
+ (z) => s.env.data.userOrganizations.listUserOrganizations(
564
564
  h,
565
565
  d.sub,
566
- S
566
+ z
567
567
  ),
568
568
  "organizations"
569
- )).map((S) => S.name);
569
+ )).map((z) => z.name);
570
570
  if (v.length === 0)
571
- return i ? s.json({
571
+ return a ? s.json({
572
572
  tenants: [],
573
573
  start: 0,
574
- limit: r ?? 50,
574
+ limit: o ?? 50,
575
575
  length: 0
576
576
  }) : s.json({ tenants: [] });
577
- const A = v.length, $ = o ?? 0, b = r ?? 50, _ = $ * b, T = v.slice(_, _ + b);
578
- if (T.length === 0)
579
- return i ? s.json({
577
+ const b = v.length, S = i ?? 0, _ = o ?? 50, T = S * _, A = v.slice(T, T + _);
578
+ if (A.length === 0)
579
+ return a ? s.json({
580
580
  tenants: [],
581
- start: _,
582
- limit: b,
583
- length: A
581
+ start: T,
582
+ limit: _,
583
+ length: b
584
584
  }) : s.json({ tenants: [] });
585
- const P = T.map((S) => `id:${S}`).join(" OR "), L = m ? `(${P}) AND (${m})` : P, M = await s.env.data.tenants.list({
585
+ const P = A.map((z) => `id:${z}`).join(" OR "), L = m ? `(${P}) AND (${m})` : P, E = await s.env.data.tenants.list({
586
586
  q: L,
587
- per_page: b,
587
+ per_page: _,
588
588
  include_totals: !1
589
589
  // We calculate totals from accessibleTenantIds
590
590
  });
591
- return i ? s.json({
592
- tenants: M.tenants,
593
- start: _,
594
- limit: b,
595
- length: A
596
- }) : s.json({ tenants: M.tenants });
591
+ return a ? s.json({
592
+ tenants: E.tenants,
593
+ start: T,
594
+ limit: _,
595
+ length: b
596
+ }) : s.json({ tenants: E.tenants });
597
597
  }
598
598
  const l = await s.env.data.tenants.list({
599
- page: o,
600
- per_page: r,
601
- include_totals: i,
599
+ page: i,
600
+ per_page: o,
601
+ include_totals: a,
602
602
  q: m
603
603
  });
604
- return i ? s.json({
604
+ return a ? s.json({
605
605
  tenants: l.tenants,
606
606
  start: ((g = l.totals) == null ? void 0 : g.start) ?? 0,
607
- limit: ((w = l.totals) == null ? void 0 : w.limit) ?? r,
607
+ limit: ((f = l.totals) == null ? void 0 : f.limit) ?? o,
608
608
  length: l.tenants.length
609
609
  }) : s.json({ tenants: l.tenants });
610
610
  }
611
- ), n.openapi(
611
+ ), t.openapi(
612
612
  R({
613
613
  tags: ["tenants"],
614
614
  method: "post",
@@ -617,7 +617,7 @@ function B(t, e) {
617
617
  body: {
618
618
  content: {
619
619
  "application/json": {
620
- schema: ee
620
+ schema: te
621
621
  }
622
622
  }
623
623
  }
@@ -631,7 +631,7 @@ function B(t, e) {
631
631
  201: {
632
632
  content: {
633
633
  "application/json": {
634
- schema: j
634
+ schema: N
635
635
  }
636
636
  },
637
637
  description: "Tenant created"
@@ -646,21 +646,21 @@ function B(t, e) {
646
646
  }),
647
647
  async (s) => {
648
648
  var m, d;
649
- const a = s.var.user;
650
- if (!(a != null && a.sub))
649
+ const r = s.var.user;
650
+ if (!(r != null && r.sub))
651
651
  throw new C(401, {
652
652
  message: "Authentication required to create tenants"
653
653
  });
654
- let o = s.req.valid("json");
655
- const r = {
654
+ let i = s.req.valid("json");
655
+ const o = {
656
656
  adapters: s.env.data,
657
657
  ctx: s
658
658
  };
659
- (m = e.tenants) != null && m.beforeCreate && (o = await e.tenants.beforeCreate(r, o));
660
- const i = await s.env.data.tenants.create(o);
661
- return (d = e.tenants) != null && d.afterCreate && await e.tenants.afterCreate(r, i), s.json(i, 201);
659
+ (m = e.tenants) != null && m.beforeCreate && (i = await e.tenants.beforeCreate(o, i));
660
+ const a = await s.env.data.tenants.create(i);
661
+ return (d = e.tenants) != null && d.afterCreate && await e.tenants.afterCreate(o, a), s.json(a, 201);
662
662
  }
663
- ), n.openapi(
663
+ ), t.openapi(
664
664
  R({
665
665
  tags: ["tenants"],
666
666
  method: "delete",
@@ -688,43 +688,43 @@ function B(t, e) {
688
688
  }
689
689
  }),
690
690
  async (s) => {
691
- var i, m;
692
- const { id: a } = s.req.valid("param");
693
- if (t.accessControl) {
694
- const d = s.var.user, c = t.accessControl.controlPlaneTenantId;
691
+ var a, m;
692
+ const { id: r } = s.req.valid("param");
693
+ if (n.accessControl) {
694
+ const d = s.var.user, c = n.accessControl.controlPlaneTenantId;
695
695
  if (!(d != null && d.sub))
696
696
  throw new C(401, {
697
697
  message: "Authentication required"
698
698
  });
699
- if (a === c)
699
+ if (r === c)
700
700
  throw new C(403, {
701
701
  message: "Cannot delete the control plane"
702
702
  });
703
- if (!(await z(
703
+ if (!(await $(
704
704
  (u) => s.env.data.userOrganizations.listUserOrganizations(
705
705
  c,
706
706
  d.sub,
707
707
  u
708
708
  ),
709
709
  "organizations"
710
- )).some((u) => u.name === a))
710
+ )).some((u) => u.name === r))
711
711
  throw new C(403, {
712
712
  message: "Access denied to this tenant"
713
713
  });
714
714
  }
715
- if (!await s.env.data.tenants.get(a))
715
+ if (!await s.env.data.tenants.get(r))
716
716
  throw new C(404, {
717
717
  message: "Tenant not found"
718
718
  });
719
- const r = {
719
+ const o = {
720
720
  adapters: s.env.data,
721
721
  ctx: s
722
722
  };
723
- return (i = e.tenants) != null && i.beforeDelete && await e.tenants.beforeDelete(r, a), await s.env.data.tenants.remove(a), (m = e.tenants) != null && m.afterDelete && await e.tenants.afterDelete(r, a), s.body(null, 204);
723
+ return (a = e.tenants) != null && a.beforeDelete && await e.tenants.beforeDelete(o, r), await s.env.data.tenants.remove(r), (m = e.tenants) != null && m.afterDelete && await e.tenants.afterDelete(o, r), s.body(null, 204);
724
724
  }
725
- ), n;
725
+ ), t;
726
726
  }
727
- function le(t) {
727
+ function ue(n) {
728
728
  const e = [
729
729
  {
730
730
  pattern: /\/api\/v2\/resource-servers\/([^/]+)$/,
@@ -733,26 +733,26 @@ function le(t) {
733
733
  { pattern: /\/api\/v2\/roles\/([^/]+)$/, type: "role" },
734
734
  { pattern: /\/api\/v2\/connections\/([^/]+)$/, type: "connection" }
735
735
  ];
736
- for (const { pattern: n, type: s } of e) {
737
- const a = t.match(n);
738
- if (a && a[1])
739
- return { type: s, id: a[1] };
736
+ for (const { pattern: t, type: s } of e) {
737
+ const r = n.match(t);
738
+ if (r && r[1])
739
+ return { type: s, id: r[1] };
740
740
  }
741
741
  return null;
742
742
  }
743
- async function de(t, e, n) {
743
+ async function me(n, e, t) {
744
744
  try {
745
- switch (n.type) {
745
+ switch (t.type) {
746
746
  case "resource_server": {
747
- const s = await t.resourceServers.get(e, n.id);
747
+ const s = await n.resourceServers.get(e, t.id);
748
748
  return (s == null ? void 0 : s.is_system) === !0;
749
749
  }
750
750
  case "role": {
751
- const s = await t.roles.get(e, n.id);
751
+ const s = await n.roles.get(e, t.id);
752
752
  return (s == null ? void 0 : s.is_system) === !0;
753
753
  }
754
754
  case "connection": {
755
- const s = await t.connections.get(e, n.id);
755
+ const s = await n.connections.get(e, t.id);
756
756
  return (s == null ? void 0 : s.is_system) === !0;
757
757
  }
758
758
  default:
@@ -762,75 +762,75 @@ async function de(t, e, n) {
762
762
  return !1;
763
763
  }
764
764
  }
765
- function ue(t) {
765
+ function pe(n) {
766
766
  return {
767
767
  resource_server: "resource server",
768
768
  role: "role",
769
769
  connection: "connection"
770
- }[t];
770
+ }[n];
771
771
  }
772
- function Ae() {
773
- return async (t, e) => {
774
- if (!["PATCH", "PUT", "DELETE"].includes(t.req.method))
772
+ function fe() {
773
+ return async (n, e) => {
774
+ if (!["PATCH", "PUT", "DELETE"].includes(n.req.method))
775
775
  return e();
776
- const n = le(t.req.path);
777
- if (!n)
776
+ const t = ue(n.req.path);
777
+ if (!t)
778
778
  return e();
779
- const s = t.var.tenant_id || t.req.header("x-tenant-id") || t.req.header("tenant-id");
779
+ const s = n.var.tenant_id || n.req.header("x-tenant-id") || n.req.header("tenant-id");
780
780
  if (!s)
781
781
  return e();
782
- if (await de(t.env.data, s, n))
782
+ if (await me(n.env.data, s, t))
783
783
  throw new C(403, {
784
- message: `This ${ue(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
784
+ message: `This ${pe(t.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
785
785
  });
786
786
  return e();
787
787
  };
788
788
  }
789
- function G(t, e) {
790
- const { controlPlaneTenantId: n, controlPlaneClientId: s } = e;
789
+ function B(n, e) {
790
+ const { controlPlaneTenantId: t, controlPlaneClientId: s } = e;
791
791
  return {
792
- ...t,
792
+ ...n,
793
793
  legacyClients: {
794
- ...t.legacyClients,
795
- get: async (a) => {
794
+ ...n.legacyClients,
795
+ get: async (r) => {
796
796
  var p;
797
- const o = await t.legacyClients.get(a);
798
- if (!o)
797
+ const i = await n.legacyClients.get(r);
798
+ if (!i)
799
799
  return null;
800
- const r = s ? await t.legacyClients.get(s) : void 0, i = await t.connections.list(
801
- o.tenant.id
802
- ), m = n ? await t.connections.list(n) : { connections: [] }, d = i.connections.map((l) => {
800
+ const o = s ? await n.legacyClients.get(s) : void 0, a = await n.connections.list(
801
+ i.tenant.id
802
+ ), m = t ? await n.connections.list(t) : { connections: [] }, d = a.connections.map((l) => {
803
803
  var g;
804
804
  const u = (g = m.connections) == null ? void 0 : g.find(
805
- (w) => w.name === l.name
805
+ (f) => f.name === l.name
806
806
  );
807
807
  if (!(u != null && u.options))
808
808
  return l;
809
- const f = k.parse({
809
+ const w = D.parse({
810
810
  ...u || {},
811
811
  ...l
812
812
  });
813
- return f.options = D.parse({
813
+ return w.options = F.parse({
814
814
  ...u.options || {},
815
815
  ...l.options
816
- }), f;
816
+ }), w;
817
817
  }).filter((l) => l), c = {
818
- ...(r == null ? void 0 : r.tenant) || {},
819
- ...o.tenant
818
+ ...(o == null ? void 0 : o.tenant) || {},
819
+ ...i.tenant
820
820
  };
821
- return !o.tenant.audience && ((p = r == null ? void 0 : r.tenant) != null && p.audience) && (c.audience = r.tenant.audience), {
822
- ...o,
821
+ return !i.tenant.audience && ((p = o == null ? void 0 : o.tenant) != null && p.audience) && (c.audience = o.tenant.audience), {
822
+ ...i,
823
823
  web_origins: [
824
- ...(r == null ? void 0 : r.web_origins) || [],
825
- ...o.web_origins || []
824
+ ...(o == null ? void 0 : o.web_origins) || [],
825
+ ...i.web_origins || []
826
826
  ],
827
827
  allowed_logout_urls: [
828
- ...(r == null ? void 0 : r.allowed_logout_urls) || [],
829
- ...o.allowed_logout_urls || []
828
+ ...(o == null ? void 0 : o.allowed_logout_urls) || [],
829
+ ...i.allowed_logout_urls || []
830
830
  ],
831
831
  callbacks: [
832
- ...(r == null ? void 0 : r.callbacks) || [],
833
- ...o.callbacks || []
832
+ ...(o == null ? void 0 : o.callbacks) || [],
833
+ ...i.callbacks || []
834
834
  ],
835
835
  connections: d,
836
836
  tenant: c
@@ -838,51 +838,51 @@ function G(t, e) {
838
838
  }
839
839
  },
840
840
  connections: {
841
- ...t.connections,
842
- get: async (a, o) => {
843
- const r = await t.connections.get(
844
- a,
845
- o
841
+ ...n.connections,
842
+ get: async (r, i) => {
843
+ const o = await n.connections.get(
844
+ r,
845
+ i
846
846
  );
847
- if (!r || !n)
848
- return r;
849
- const i = await t.connections.get(
850
- n,
851
- o
847
+ if (!o || !t)
848
+ return o;
849
+ const a = await n.connections.get(
850
+ t,
851
+ i
852
852
  );
853
- if (!i)
854
- return r;
855
- const m = k.parse({
856
- ...i,
857
- ...r
853
+ if (!a)
854
+ return o;
855
+ const m = D.parse({
856
+ ...a,
857
+ ...o
858
858
  });
859
- return m.options = D.parse({
860
- ...i.options || {},
861
- ...r.options
859
+ return m.options = F.parse({
860
+ ...a.options || {},
861
+ ...o.options
862
862
  }), m;
863
863
  },
864
- list: async (a, o) => {
865
- const r = await t.connections.list(a, o);
866
- if (!n || a === n)
867
- return r;
868
- const i = await t.connections.list(n), m = r.connections.map((d) => {
864
+ list: async (r, i) => {
865
+ const o = await n.connections.list(r, i);
866
+ if (!t || r === t)
867
+ return o;
868
+ const a = await n.connections.list(t), m = o.connections.map((d) => {
869
869
  var l;
870
- const c = (l = i.connections) == null ? void 0 : l.find(
870
+ const c = (l = a.connections) == null ? void 0 : l.find(
871
871
  (u) => u.name === d.name
872
872
  );
873
873
  if (!(c != null && c.options))
874
874
  return d;
875
- const p = k.parse({
875
+ const p = D.parse({
876
876
  ...c,
877
877
  ...d
878
878
  });
879
- return p.options = D.parse({
879
+ return p.options = F.parse({
880
880
  ...c.options || {},
881
881
  ...d.options
882
882
  }), p;
883
883
  });
884
884
  return {
885
- ...r,
885
+ ...o,
886
886
  connections: m
887
887
  };
888
888
  }
@@ -896,158 +896,217 @@ function G(t, e) {
896
896
  // They remain part of ...baseAdapters and can be properly wrapped by caching.
897
897
  };
898
898
  }
899
- function me(t, e) {
900
- return G(t, e);
899
+ function ge(n, e) {
900
+ return B(n, e);
901
901
  }
902
- const Ce = G, Ie = me;
903
- function pe(t) {
904
- return async (e, n) => {
905
- if (!t.accessControl)
906
- return n();
907
- const s = e.var.tenant_id, a = e.var.organization_id;
902
+ const Ie = B, Se = ge;
903
+ function we(n) {
904
+ return async (e, t) => {
905
+ if (!n.accessControl)
906
+ return t();
907
+ const s = e.var.tenant_id, r = e.var.organization_id;
908
908
  if (!s)
909
909
  throw new C(400, {
910
910
  message: "Tenant ID not found in request"
911
911
  });
912
- if (!ne(
913
- a,
912
+ if (!se(
913
+ r,
914
914
  s,
915
- t.accessControl.controlPlaneTenantId
915
+ n.accessControl.controlPlaneTenantId
916
916
  ))
917
917
  throw new C(403, {
918
918
  message: `Access denied to tenant ${s}`
919
919
  });
920
- return n();
920
+ return t();
921
921
  };
922
922
  }
923
- function fe(t) {
924
- return async (e, n) => {
925
- if (!t.subdomainRouting)
926
- return n();
923
+ function he(n) {
924
+ return async (e, t) => {
925
+ if (!n.subdomainRouting)
926
+ return t();
927
927
  const {
928
928
  baseDomain: s,
929
- reservedSubdomains: a = [],
930
- resolveSubdomain: o
931
- } = t.subdomainRouting, r = e.req.header("host") || "";
932
- let i = null;
933
- if (r.endsWith(s)) {
934
- const d = r.slice(0, -(s.length + 1));
935
- d && !d.includes(".") && (i = d);
929
+ reservedSubdomains: r = [],
930
+ resolveSubdomain: i
931
+ } = n.subdomainRouting, o = e.req.header("host") || "";
932
+ let a = null;
933
+ if (o.endsWith(s)) {
934
+ const d = o.slice(0, -(s.length + 1));
935
+ d && !d.includes(".") && (a = d);
936
936
  }
937
- if (i && a.includes(i) && (i = null), !i)
938
- return t.accessControl && e.set("tenant_id", t.accessControl.controlPlaneTenantId), n();
937
+ if (a && r.includes(a) && (a = null), !a)
938
+ return n.accessControl && e.set("tenant_id", n.accessControl.controlPlaneTenantId), t();
939
939
  let m = null;
940
- if (o)
941
- m = await o(i);
942
- else if (t.subdomainRouting.useOrganizations !== !1 && t.accessControl)
940
+ if (i)
941
+ m = await i(a);
942
+ else if (n.subdomainRouting.useOrganizations !== !1 && n.accessControl)
943
943
  try {
944
944
  const d = await e.env.data.organizations.get(
945
- t.accessControl.controlPlaneTenantId,
946
- i
945
+ n.accessControl.controlPlaneTenantId,
946
+ a
947
947
  );
948
948
  d && (m = d.id);
949
949
  } catch {
950
950
  }
951
951
  if (!m)
952
952
  throw new C(404, {
953
- message: `Tenant not found for subdomain: ${i}`
953
+ message: `Tenant not found for subdomain: ${a}`
954
954
  });
955
- return e.set("tenant_id", m), n();
955
+ return e.set("tenant_id", m), t();
956
956
  };
957
957
  }
958
- function ge(t) {
959
- return async (e, n) => {
960
- if (!t.databaseIsolation)
961
- return n();
958
+ function ye(n) {
959
+ return async (e, t) => {
960
+ if (!n.databaseIsolation)
961
+ return t();
962
962
  const s = e.var.tenant_id;
963
963
  if (!s)
964
964
  throw new C(400, {
965
965
  message: "Tenant ID not found in request"
966
966
  });
967
967
  try {
968
- const a = await t.databaseIsolation.getAdapters(s);
969
- e.env.data = a;
970
- } catch (a) {
968
+ const r = await n.databaseIsolation.getAdapters(s);
969
+ e.env.data = r;
970
+ } catch (r) {
971
971
  throw console.error(
972
972
  `Failed to resolve database for tenant ${s}:`,
973
- a
973
+ r
974
974
  ), new C(500, {
975
975
  message: "Failed to resolve tenant database"
976
976
  });
977
977
  }
978
- return n();
978
+ return t();
979
979
  };
980
980
  }
981
- function K(t) {
982
- const e = fe(t), n = pe(t), s = ge(t);
983
- return async (a, o) => (await e(a, async () => {
984
- }), await n(a, async () => {
985
- }), await s(a, async () => {
986
- }), o());
981
+ function K(n) {
982
+ const e = he(n), t = we(n), s = ye(n);
983
+ return async (r, i) => (await e(r, async () => {
984
+ }), await t(r, async () => {
985
+ }), await s(r, async () => {
986
+ }), i());
987
987
  }
988
- function Pe(t) {
989
- const e = q(t);
988
+ function Pe(n) {
989
+ const {
990
+ dataAdapter: e,
991
+ controlPlaneTenantId: t = "control_plane",
992
+ sync: s = { resourceServers: !0, roles: !0, connections: !0 },
993
+ defaultPermissions: r = ["tenant:admin"],
994
+ requireOrganizationMatch: i = !1,
995
+ managementApiExtensions: o = [],
996
+ entityHooks: a,
997
+ getChildTenantIds: m,
998
+ getAdapters: d,
999
+ ...c
1000
+ } = n, p = s !== !1, l = p ? {
1001
+ resourceServers: s.resourceServers ?? !0,
1002
+ roles: s.roles ?? !0,
1003
+ connections: s.connections ?? !0
1004
+ } : { resourceServers: !1, roles: !1, connections: !1 }, g = {
1005
+ controlPlaneTenantId: t,
1006
+ getChildTenantIds: m ?? (async () => (await $(
1007
+ (_) => e.tenants.list(_),
1008
+ "tenants",
1009
+ { cursorField: "id", pageSize: 100 }
1010
+ )).filter((_) => _.id !== t).map((_) => _.id)),
1011
+ getAdapters: d ?? (async () => e),
1012
+ getControlPlaneAdapters: async () => e,
1013
+ sync: l
1014
+ }, { entityHooks: f, tenantHooks: h } = de(g), y = {
1015
+ resourceServers: [
1016
+ f.resourceServers,
1017
+ ...(a == null ? void 0 : a.resourceServers) ?? []
1018
+ ],
1019
+ roles: [f.roles, ...(a == null ? void 0 : a.roles) ?? []],
1020
+ connections: [
1021
+ f.connections,
1022
+ ...(a == null ? void 0 : a.connections) ?? []
1023
+ ],
1024
+ tenants: (a == null ? void 0 : a.tenants) ?? [],
1025
+ rolePermissions: (a == null ? void 0 : a.rolePermissions) ?? []
1026
+ }, v = k(
1027
+ {
1028
+ accessControl: {
1029
+ controlPlaneTenantId: t,
1030
+ requireOrganizationMatch: i,
1031
+ defaultPermissions: r
1032
+ }
1033
+ },
1034
+ { tenants: h }
1035
+ ), { app: b } = Z({
1036
+ dataAdapter: e,
1037
+ ...c,
1038
+ entityHooks: y,
1039
+ managementApiExtensions: [
1040
+ ...o,
1041
+ { path: "/tenants", router: v }
1042
+ ]
1043
+ });
1044
+ return p && b.use("/api/v2/*", fe()), { app: b, controlPlaneTenantId: t };
1045
+ }
1046
+ function ze(n) {
1047
+ const e = j(n);
990
1048
  return {
991
1049
  name: "multi-tenancy",
992
1050
  // Apply multi-tenancy middleware for subdomain routing, database resolution, etc.
993
- middleware: K(t),
1051
+ middleware: K(n),
994
1052
  // Provide lifecycle hooks
995
1053
  hooks: e,
996
1054
  // Mount tenant management routes
997
1055
  routes: [
998
1056
  {
999
1057
  path: "/management",
1000
- handler: B(t, e)
1058
+ handler: k(n, e)
1001
1059
  }
1002
1060
  ],
1003
1061
  // Called when plugin is registered
1004
1062
  onRegister: async () => {
1005
- console.log("Multi-tenancy plugin registered"), t.accessControl && console.log(
1006
- ` - Access control enabled (control plane: ${t.accessControl.controlPlaneTenantId})`
1007
- ), t.subdomainRouting && console.log(
1008
- ` - Subdomain routing enabled (base domain: ${t.subdomainRouting.baseDomain})`
1009
- ), t.databaseIsolation && console.log(" - Database isolation enabled");
1063
+ console.log("Multi-tenancy plugin registered"), n.accessControl && console.log(
1064
+ ` - Access control enabled (control plane: ${n.accessControl.controlPlaneTenantId})`
1065
+ ), n.subdomainRouting && console.log(
1066
+ ` - Subdomain routing enabled (base domain: ${n.subdomainRouting.baseDomain})`
1067
+ ), n.databaseIsolation && console.log(" - Database isolation enabled");
1010
1068
  }
1011
1069
  };
1012
1070
  }
1013
- function q(t) {
1014
- const e = t.accessControl ? te(t.accessControl) : {}, n = t.databaseIsolation ? se(t.databaseIsolation) : {}, s = ae(t);
1071
+ function j(n) {
1072
+ const e = n.accessControl ? ne(n.accessControl) : {}, t = n.databaseIsolation ? re(n.databaseIsolation) : {}, s = ae(n);
1015
1073
  return {
1016
1074
  ...e,
1017
- ...n,
1075
+ ...t,
1018
1076
  tenants: s
1019
1077
  };
1020
1078
  }
1021
- function we(t) {
1022
- const e = new Q(), n = q(t);
1023
- return e.route("/tenants", B(t, n)), e;
1079
+ function _e(n) {
1080
+ const e = new Q(), t = j(n);
1081
+ return e.route("/tenants", k(n, t)), e;
1024
1082
  }
1025
- function Se(t) {
1083
+ function $e(n) {
1026
1084
  return {
1027
- hooks: q(t),
1028
- middleware: K(t),
1029
- app: we(t),
1030
- config: t
1085
+ hooks: j(n),
1086
+ middleware: K(n),
1087
+ app: _e(n),
1088
+ config: n
1031
1089
  };
1032
1090
  }
1033
1091
  export {
1034
- te as createAccessControlHooks,
1035
- pe as createAccessControlMiddleware,
1036
- se as createDatabaseHooks,
1037
- ge as createDatabaseMiddleware,
1038
- we as createMultiTenancy,
1039
- q as createMultiTenancyHooks,
1092
+ ne as createAccessControlHooks,
1093
+ we as createAccessControlMiddleware,
1094
+ re as createDatabaseHooks,
1095
+ ye as createDatabaseMiddleware,
1096
+ _e as createMultiTenancy,
1097
+ j as createMultiTenancyHooks,
1040
1098
  K as createMultiTenancyMiddleware,
1041
- Pe as createMultiTenancyPlugin,
1042
- Ae as createProtectSyncedMiddleware,
1099
+ ze as createMultiTenancyPlugin,
1100
+ fe as createProtectSyncedMiddleware,
1043
1101
  ae as createProvisioningHooks,
1044
- G as createRuntimeFallbackAdapter,
1045
- Ce as createSettingsInheritanceAdapter,
1046
- fe as createSubdomainMiddleware,
1047
- Te as createSyncHooks,
1048
- B as createTenantsOpenAPIRouter,
1049
- Se as setupMultiTenancy,
1050
- ne as validateTenantAccess,
1051
- me as withRuntimeFallback,
1052
- Ie as withSettingsInheritance
1102
+ B as createRuntimeFallbackAdapter,
1103
+ Ie as createSettingsInheritanceAdapter,
1104
+ he as createSubdomainMiddleware,
1105
+ de as createSyncHooks,
1106
+ k as createTenantsOpenAPIRouter,
1107
+ Pe as initMultiTenant,
1108
+ $e as setupMultiTenancy,
1109
+ se as validateTenantAccess,
1110
+ ge as withRuntimeFallback,
1111
+ Se as withSettingsInheritance
1053
1112
  };