@authhero/multi-tenancy 13.8.1 → 13.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +1 -1
  2. package/dist/multi-tenancy.cjs +1 -1
  3. package/dist/multi-tenancy.d.ts +167 -165
  4. package/dist/multi-tenancy.mjs +397 -443
  5. package/package.json +3 -3
package/dist/multi-tenancy.mjs CHANGED
@@ -1,33 +1,59 @@
1
- var B = Object.defineProperty;
2
- var E = (t, a, i) => a in t ? B(t, a, { enumerable: !0, configurable: !0, writable: !0, value: i }) : t[a] = i;
3
- var D = (t, a, i) => E(t, typeof a != "symbol" ? a + "" : a, i);
4
- import { Hono as F } from "hono";
5
- import { getTenantAudience as W, MANAGEMENT_API_SCOPES as V, init as L } from "authhero";
6
- import { MANAGEMENT_API_SCOPES as Ae, seed as Pe } from "authhero";
7
- import { z as Q } from "zod";
8
- import { auth0QuerySchema as U, tenantInsertSchema as $, tenantSchema as S } from "@authhero/adapter-interfaces";
9
- import { OpenAPIHono as G, createRoute as O, z as C } from "@hono/zod-openapi";
10
- function Y(t) {
1
+ var K = Object.defineProperty;
2
+ var B = (t, a, i) => a in t ? K(t, a, { enumerable: !0, configurable: !0, writable: !0, value: i }) : t[a] = i;
3
+ var D = (t, a, i) => B(t, typeof a != "symbol" ? a + "" : a, i);
4
+ import { Hono as U } from "hono";
5
+ import { getTenantAudience as W, MANAGEMENT_API_SCOPES as G, MANAGEMENT_API_AUDIENCE as L, fetchAll as z, init as Q } from "authhero";
6
+ import { MANAGEMENT_API_SCOPES as Pe, fetchAll as ze, seed as Ie } from "authhero";
7
+ import { z as V } from "zod";
8
+ import { auth0QuerySchema as F, tenantInsertSchema as j, tenantSchema as $ } from "@authhero/adapter-interfaces";
9
+ import { OpenAPIHono as Y, createRoute as S, z as C } from "@hono/zod-openapi";
10
+ var w = class extends Error {
11
+ /**
12
+ * Creates an instance of `HTTPException`.
13
+ * @param status - HTTP status code for the exception. Defaults to 500.
14
+ * @param options - Additional options for the exception.
15
+ */
16
+ constructor(a = 500, i) {
17
+ super(i == null ? void 0 : i.message, { cause: i == null ? void 0 : i.cause });
18
+ D(this, "res");
19
+ D(this, "status");
20
+ this.res = i == null ? void 0 : i.res, this.status = a;
21
+ }
22
+ /**
23
+ * Returns the response object associated with the exception.
24
+ * If a response object is not provided, a new response is created with the error message and status code.
25
+ * @returns The response object.
26
+ */
27
+ getResponse() {
28
+ return this.res ? new Response(this.res.body, {
29
+ status: this.status,
30
+ headers: this.res.headers
31
+ }) : new Response(this.message, {
32
+ status: this.status
33
+ });
34
+ }
35
+ };
36
+ function Z(t) {
11
37
  const { controlPlaneTenantId: a, requireOrganizationMatch: i = !0 } = t;
12
38
  return {
13
39
  async onTenantAccessValidation(e, n) {
14
40
  if (n === a)
15
41
  return !0;
16
42
  if (i) {
17
- const r = e.var.org_name, u = e.var.organization_id, o = r || u;
43
+ const r = e.var.org_name, l = e.var.organization_id, o = r || l;
18
44
  return o ? o === n : !1;
19
45
  }
20
46
  return !0;
21
47
  }
22
48
  };
23
49
  }
24
- function Z(t, a, i, e) {
50
+ function J(t, a, i, e) {
25
51
  if (a === i)
26
52
  return !0;
27
53
  const n = e || t;
28
54
  return n ? n === a : !1;
29
55
  }
30
- function J(t) {
56
+ function X(t) {
31
57
  return {
32
58
  async resolveDataAdapters(a) {
33
59
  try {
@@ -42,7 +68,7 @@ function J(t) {
42
68
  }
43
69
  };
44
70
  }
45
- function X(t) {
71
+ function H(t) {
46
72
  return {
47
73
  async beforeCreate(a, i) {
48
74
  return !i.audience && i.id ? {
@@ -52,18 +78,18 @@ function X(t) {
52
78
  },
53
79
  async afterCreate(a, i) {
54
80
  const { accessControl: e, databaseIsolation: n, settingsInheritance: r } = t;
55
- e && a.ctx && await H(a, i, e), n != null && n.onProvision && await n.onProvision(i.id), (r == null ? void 0 : r.inheritFromControlPlane) !== !1 && a.ctx && await x(a, i, t);
81
+ e && a.ctx && await k(a, i, e), n != null && n.onProvision && await n.onProvision(i.id), (r == null ? void 0 : r.inheritFromControlPlane) !== !1 && a.ctx && await ee(a, i, t);
56
82
  },
57
83
  async beforeDelete(a, i) {
58
84
  const { accessControl: e, databaseIsolation: n } = t;
59
85
  if (e)
60
86
  try {
61
- const u = (await a.adapters.organizations.list(
87
+ const l = (await a.adapters.organizations.list(
62
88
  e.controlPlaneTenantId
63
89
  )).organizations.find((o) => o.name === i);
64
- u && await a.adapters.organizations.remove(
90
+ l && await a.adapters.organizations.remove(
65
91
  e.controlPlaneTenantId,
66
- u.id
92
+ l.id
67
93
  );
68
94
  } catch (r) {
69
95
  console.warn(
@@ -83,27 +109,26 @@ function X(t) {
83
109
  }
84
110
  };
85
111
  }
86
- async function H(t, a, i) {
112
+ async function k(t, a, i) {
87
113
  const {
88
114
  controlPlaneTenantId: e,
89
115
  defaultPermissions: n,
90
116
  defaultRoles: r,
91
- issuer: u,
117
+ issuer: l,
92
118
  adminRoleName: o = "Tenant Admin",
93
119
  adminRoleDescription: c = "Full access to all tenant management operations",
94
120
  addCreatorToOrganization: s = !0
95
- } = i, l = await t.adapters.organizations.create(
121
+ } = i, u = await t.adapters.organizations.create(
96
122
  e,
97
123
  {
98
124
  name: a.id,
99
125
  display_name: a.friendly_name || a.id
100
126
  }
101
127
  );
102
- let f = null;
103
- if (u && (f = await k(
128
+ let f;
129
+ if (l && (f = await x(
104
130
  t,
105
131
  e,
106
- u,
107
132
  o,
108
133
  c
109
134
  )), s && t.ctx) {
@@ -112,46 +137,46 @@ async function H(t, a, i) {
112
137
  try {
113
138
  await t.adapters.userOrganizations.create(e, {
114
139
  user_id: d.sub,
115
- organization_id: l.id
140
+ organization_id: u.id
116
141
  }), f && await t.adapters.userRoles.create(
117
142
  e,
118
143
  d.sub,
119
144
  f,
120
- l.id
145
+ u.id
121
146
  // organizationId
122
147
  );
123
148
  } catch (p) {
124
149
  console.warn(
125
- `Failed to add creator ${d.sub} to organization ${l.id}:`,
150
+ `Failed to add creator ${d.sub} to organization ${u.id}:`,
126
151
  p
127
152
  );
128
153
  }
129
154
  }
130
155
  r && r.length > 0 && console.log(
131
- `Would assign roles ${r.join(", ")} to organization ${l.id}`
156
+ `Would assign roles ${r.join(", ")} to organization ${u.id}`
132
157
  ), n && n.length > 0 && console.log(
133
- `Would grant permissions ${n.join(", ")} to organization ${l.id}`
158
+ `Would grant permissions ${n.join(", ")} to organization ${u.id}`
134
159
  );
135
160
  }
136
- async function k(t, a, i, e, n) {
137
- const u = (await t.adapters.roles.list(a, {})).roles.find((l) => l.name === e);
138
- if (u)
139
- return u.id;
140
- const o = await t.adapters.roles.create(a, {
141
- name: e,
142
- description: n
143
- }), c = `${i}api/v2/`, s = V.map((l) => ({
144
- role_id: o.id,
145
- resource_server_identifier: c,
146
- permission_name: l.value
161
+ async function x(t, a, i, e) {
162
+ const r = (await t.adapters.roles.list(a, {})).roles.find((s) => s.name === i);
163
+ if (r)
164
+ return r.id;
165
+ const l = await t.adapters.roles.create(a, {
166
+ name: i,
167
+ description: e
168
+ }), o = L, c = G.map((s) => ({
169
+ role_id: l.id,
170
+ resource_server_identifier: o,
171
+ permission_name: s.value
147
172
  }));
148
173
  return await t.adapters.rolePermissions.assign(
149
174
  a,
150
- o.id,
151
- s
152
- ), o.id;
175
+ l.id,
176
+ c
177
+ ), l.id;
153
178
  }
154
- async function x(t, a, i) {
179
+ async function ee(t, a, i) {
155
180
  const { accessControl: e, settingsInheritance: n } = i;
156
181
  if (!e)
157
182
  return;
@@ -160,7 +185,7 @@ async function x(t, a, i) {
160
185
  );
161
186
  if (!r)
162
187
  return;
163
- let u = { ...r };
188
+ let l = { ...r };
164
189
  const o = [
165
190
  "id",
166
191
  "created_at",
@@ -172,63 +197,22 @@ async function x(t, a, i) {
172
197
  "sender_name"
173
198
  ];
174
199
  for (const c of o)
175
- delete u[c];
200
+ delete l[c];
176
201
  if (n != null && n.inheritedKeys) {
177
202
  const c = {};
178
203
  for (const s of n.inheritedKeys)
179
204
  s in r && !o.includes(s) && (c[s] = r[s]);
180
- u = c;
205
+ l = c;
181
206
  }
182
207
  if (n != null && n.excludedKeys)
183
208
  for (const c of n.excludedKeys)
184
- delete u[c];
185
- n != null && n.transformSettings && (u = n.transformSettings(
186
- u,
209
+ delete l[c];
210
+ n != null && n.transformSettings && (l = n.transformSettings(
211
+ l,
187
212
  a.id
188
- )), Object.keys(u).length > 0 && await t.adapters.tenants.update(a.id, u);
213
+ )), Object.keys(l).length > 0 && await t.adapters.tenants.update(a.id, l);
189
214
  }
190
- async function z(t, a, i = {}) {
191
- const {
192
- cursorField: e = "id",
193
- sortOrder: n = "asc",
194
- pageSize: r = 100,
195
- maxItems: u = 1e4,
196
- q: o
197
- } = i, c = [];
198
- let s, l = !0;
199
- for (; l; ) {
200
- let f = o || "";
201
- if (s) {
202
- const y = `${e}:${n === "asc" ? ">" : "<"}${s}`;
203
- f = f ? `(${f}) AND ${y}` : y;
204
- }
205
- const d = {
206
- per_page: r,
207
- page: 0,
208
- // Always use page 0 since we're doing cursor-based pagination
209
- sort: {
210
- sort_by: e,
211
- sort_order: n
212
- },
213
- ...f && { q: f }
214
- }, h = (await t(d))[a] || [];
215
- if (h.length === 0)
216
- l = !1;
217
- else {
218
- c.push(...h);
219
- const m = h[h.length - 1];
220
- if (m && typeof m == "object") {
221
- const y = m[e];
222
- y != null && (s = String(y));
223
- }
224
- h.length < r && (l = !1), u !== -1 && c.length >= u && (console.warn(
225
- `fetchAll: Reached maxItems limit (${u}). There may be more items.`
226
- ), l = !1);
227
- }
228
- }
229
- return c;
230
- }
231
- function ee(t) {
215
+ function te(t) {
232
216
  const {
233
217
  controlPlaneTenantId: a,
234
218
  getChildTenantIds: i,
@@ -236,18 +220,18 @@ function ee(t) {
236
220
  shouldSync: n = () => !0,
237
221
  transformForSync: r
238
222
  } = t;
239
- async function u(s, l, f) {
240
- return (await s.resourceServers.list(l, {
223
+ async function l(s, u, f) {
224
+ return (await s.resourceServers.list(u, {
241
225
  q: `identifier:${f}`,
242
226
  per_page: 1
243
227
  })).resource_servers[0] ?? null;
244
228
  }
245
- async function o(s, l) {
229
+ async function o(s, u) {
246
230
  const f = await i();
247
231
  await Promise.all(
248
232
  f.map(async (d) => {
249
233
  try {
250
- const p = await e(d), m = { ...r ? r(s, d) : {
234
+ const p = await e(d), y = { ...r ? r(s, d) : {
251
235
  name: s.name,
252
236
  identifier: s.identifier,
253
237
  scopes: s.scopes,
@@ -260,27 +244,27 @@ function ee(t) {
260
244
  verificationKey: s.verificationKey,
261
245
  options: s.options
262
246
  }, is_system: !0 };
263
- if (l === "create") {
264
- const y = await u(
247
+ if (u === "create") {
248
+ const T = await l(
265
249
  p,
266
250
  d,
267
251
  s.identifier
268
252
  );
269
- y && y.id ? await p.resourceServers.update(
253
+ T && T.id ? await p.resourceServers.update(
270
254
  d,
271
- y.id,
272
- m
273
- ) : await p.resourceServers.create(d, m);
255
+ T.id,
256
+ y
257
+ ) : await p.resourceServers.create(d, y);
274
258
  } else {
275
- const y = await u(
259
+ const T = await l(
276
260
  p,
277
261
  d,
278
262
  s.identifier
279
263
  );
280
- y && y.id && await p.resourceServers.update(
264
+ T && T.id && await p.resourceServers.update(
281
265
  d,
282
- y.id,
283
- m
266
+ T.id,
267
+ y
284
268
  );
285
269
  }
286
270
  } catch (p) {
@@ -293,11 +277,11 @@ function ee(t) {
293
277
  );
294
278
  }
295
279
  async function c(s) {
296
- const l = await i();
280
+ const u = await i();
297
281
  await Promise.all(
298
- l.map(async (f) => {
282
+ u.map(async (f) => {
299
283
  try {
300
- const d = await e(f), p = await u(
284
+ const d = await e(f), p = await l(
301
285
  d,
302
286
  f,
303
287
  s
@@ -313,18 +297,18 @@ function ee(t) {
313
297
  );
314
298
  }
315
299
  return {
316
- afterCreate: async (s, l) => {
317
- s.tenantId === a && n(l) && await o(l, "create");
300
+ afterCreate: async (s, u) => {
301
+ s.tenantId === a && n(u) && await o(u, "create");
318
302
  },
319
- afterUpdate: async (s, l, f) => {
303
+ afterUpdate: async (s, u, f) => {
320
304
  s.tenantId === a && n(f) && await o(f, "update");
321
305
  },
322
- afterDelete: async (s, l) => {
323
- s.tenantId === a && await c(l);
306
+ afterDelete: async (s, u) => {
307
+ s.tenantId === a && await c(u);
324
308
  }
325
309
  };
326
310
  }
327
- function te(t) {
311
+ function ae(t) {
328
312
  const {
329
313
  controlPlaneTenantId: a,
330
314
  getControlPlaneAdapters: i,
@@ -333,10 +317,10 @@ function te(t) {
333
317
  transformForSync: r
334
318
  } = t;
335
319
  return {
336
- async afterCreate(u, o) {
320
+ async afterCreate(l, o) {
337
321
  if (o.id !== a)
338
322
  try {
339
- const c = await i(), s = await e(o.id), l = await z(
323
+ const c = await i(), s = await e(o.id), u = await z(
340
324
  (f) => c.resourceServers.list(
341
325
  a,
342
326
  f
@@ -345,7 +329,7 @@ function te(t) {
345
329
  { cursorField: "id", pageSize: 100 }
346
330
  );
347
331
  await Promise.all(
348
- l.filter((f) => n(f)).map(async (f) => {
332
+ u.filter((f) => n(f)).map(async (f) => {
349
333
  const d = f;
350
334
  try {
351
335
  const p = r ? r(d, o.id) : {
@@ -382,7 +366,7 @@ function te(t) {
382
366
  }
383
367
  };
384
368
  }
385
- function ae(t) {
369
+ function ne(t) {
386
370
  const {
387
371
  controlPlaneTenantId: a,
388
372
  getChildTenantIds: i,
@@ -390,34 +374,34 @@ function ae(t) {
390
374
  shouldSync: n = () => !0,
391
375
  transformForSync: r
392
376
  } = t;
393
- async function u(c, s, l) {
377
+ async function l(c, s, u) {
394
378
  return (await c.roles.list(s, {
395
- q: `name:${l}`,
379
+ q: `name:${u}`,
396
380
  per_page: 1
397
381
  })).roles[0] ?? null;
398
382
  }
399
383
  async function o(c, s) {
400
- const l = await i();
384
+ const u = await i();
401
385
  await Promise.all(
402
- l.map(async (f) => {
386
+ u.map(async (f) => {
403
387
  try {
404
- const d = await e(f), h = { ...r ? r(c, f) : {
388
+ const d = await e(f), _ = { ...r ? r(c, f) : {
405
389
  name: c.name,
406
390
  description: c.description
407
391
  }, is_system: !0 };
408
392
  if (s === "create") {
409
- const m = await u(d, f, c.name);
410
- m && m.id ? await d.roles.update(
393
+ const y = await l(d, f, c.name);
394
+ y && y.id ? await d.roles.update(
411
395
  f,
412
- m.id,
413
- h
414
- ) : await d.roles.create(f, h);
396
+ y.id,
397
+ _
398
+ ) : await d.roles.create(f, _);
415
399
  } else {
416
- const m = await u(d, f, c.name);
417
- m && m.id && await d.roles.update(
400
+ const y = await l(d, f, c.name);
401
+ y && y.id && await d.roles.update(
418
402
  f,
419
- m.id,
420
- h
403
+ y.id,
404
+ _
421
405
  );
422
406
  }
423
407
  } catch (d) {
@@ -433,8 +417,8 @@ function ae(t) {
433
417
  afterCreate: async (c, s) => {
434
418
  c.tenantId === a && n(s) && await o(s, "create");
435
419
  },
436
- afterUpdate: async (c, s, l) => {
437
- c.tenantId === a && n(l) && await o(l, "update");
420
+ afterUpdate: async (c, s, u) => {
421
+ c.tenantId === a && n(u) && await o(u, "update");
438
422
  },
439
423
  afterDelete: async (c, s) => {
440
424
  c.tenantId === a && console.warn(
@@ -443,64 +427,64 @@ function ae(t) {
443
427
  }
444
428
  };
445
429
  }
446
- function ne(t) {
430
+ function se(t) {
447
431
  const {
448
432
  controlPlaneTenantId: a,
449
433
  getControlPlaneAdapters: i,
450
434
  getAdapters: e,
451
435
  shouldSync: n = () => !0,
452
436
  transformForSync: r,
453
- syncPermissions: u = !0
437
+ syncPermissions: l = !0
454
438
  } = t;
455
439
  return {
456
440
  async afterCreate(o, c) {
457
441
  if (c.id !== a)
458
442
  try {
459
- const s = await i(), l = await e(c.id), f = await z(
443
+ const s = await i(), u = await e(c.id), f = await z(
460
444
  (p) => s.roles.list(a, p),
461
445
  "roles",
462
446
  { cursorField: "id", pageSize: 100 }
463
447
  ), d = /* @__PURE__ */ new Map();
464
448
  if (await Promise.all(
465
449
  f.filter((p) => n(p)).map(async (p) => {
466
- const h = p;
450
+ const _ = p;
467
451
  try {
468
- const m = r ? r(h, c.id) : {
469
- name: h.name,
470
- description: h.description
471
- }, y = await l.roles.create(c.id, {
472
- ...m,
452
+ const y = r ? r(_, c.id) : {
453
+ name: _.name,
454
+ description: _.description
455
+ }, T = await u.roles.create(c.id, {
456
+ ...y,
473
457
  is_system: !0
474
458
  });
475
- d.set(h.id, y.id);
476
- } catch (m) {
459
+ d.set(_.id, T.id);
460
+ } catch (y) {
477
461
  console.error(
478
- `Failed to sync role "${h.name}" to new tenant "${c.id}":`,
479
- m
462
+ `Failed to sync role "${_.name}" to new tenant "${c.id}":`,
463
+ y
480
464
  );
481
465
  }
482
466
  })
483
- ), u)
484
- for (const [p, h] of d)
467
+ ), l)
468
+ for (const [p, _] of d)
485
469
  try {
486
- const m = await s.rolePermissions.list(
470
+ const y = await s.rolePermissions.list(
487
471
  a,
488
472
  p,
489
473
  {}
490
474
  );
491
- m.length > 0 && await l.rolePermissions.assign(
475
+ y.length > 0 && await u.rolePermissions.assign(
492
476
  c.id,
493
- h,
494
- m.map((y) => ({
495
- role_id: h,
496
- resource_server_identifier: y.resource_server_identifier,
497
- permission_name: y.permission_name
477
+ _,
478
+ y.map((T) => ({
479
+ role_id: _,
480
+ resource_server_identifier: T.resource_server_identifier,
481
+ permission_name: T.permission_name
498
482
  }))
499
483
  );
500
- } catch (m) {
484
+ } catch (y) {
501
485
  console.error(
502
486
  `Failed to sync permissions for role to new tenant "${c.id}":`,
503
- m
487
+ y
504
488
  );
505
489
  }
506
490
  } catch (s) {
@@ -512,100 +496,72 @@ function ne(t) {
512
496
  }
513
497
  };
514
498
  }
515
- var g = class extends Error {
516
- /**
517
- * Creates an instance of `HTTPException`.
518
- * @param status - HTTP status code for the exception. Defaults to 500.
519
- * @param options - Additional options for the exception.
520
- */
521
- constructor(a = 500, i) {
522
- super(i == null ? void 0 : i.message, { cause: i == null ? void 0 : i.cause });
523
- D(this, "res");
524
- D(this, "status");
525
- this.res = i == null ? void 0 : i.res, this.status = a;
526
- }
527
- /**
528
- * Returns the response object associated with the exception.
529
- * If a response object is not provided, a new response is created with the error message and status code.
530
- * @returns The response object.
531
- */
532
- getResponse() {
533
- return this.res ? new Response(this.res.body, {
534
- status: this.status,
535
- headers: this.res.headers
536
- }) : new Response(this.message, {
537
- status: this.status
538
- });
539
- }
540
- };
541
499
  function M(t, a) {
542
- const i = new F();
500
+ const i = new U();
543
501
  return i.get("/", async (e) => {
544
502
  var f, d;
545
- const n = U.parse(e.req.query()), { page: r, per_page: u, include_totals: o, q: c } = n, s = e.var.user;
503
+ const n = F.parse(e.req.query()), { page: r, per_page: l, include_totals: o, q: c } = n, s = e.var.user;
546
504
  if (t.accessControl && (s != null && s.sub)) {
547
- const p = t.accessControl.controlPlaneTenantId, m = (await e.env.data.userOrganizations.listUserOrganizations(
505
+ const p = t.accessControl.controlPlaneTenantId, y = (await e.env.data.userOrganizations.listUserOrganizations(
548
506
  p,
549
507
  s.sub,
550
508
  {}
551
- )).organizations.map((A) => A.name);
552
- m.includes(p) || m.push(p);
553
- const y = await e.env.data.tenants.list({
509
+ )).organizations.map((A) => A.name), T = await e.env.data.tenants.list({
554
510
  page: r,
555
- per_page: u,
511
+ per_page: l,
556
512
  include_totals: o,
557
513
  q: c
558
- }), P = y.tenants.filter(
559
- (A) => m.includes(A.id)
514
+ }), P = T.tenants.filter(
515
+ (A) => y.includes(A.id)
560
516
  );
561
517
  return o ? e.json({
562
518
  tenants: P,
563
- start: ((f = y.totals) == null ? void 0 : f.start) ?? 0,
564
- limit: ((d = y.totals) == null ? void 0 : d.limit) ?? u,
519
+ start: ((f = T.totals) == null ? void 0 : f.start) ?? 0,
520
+ limit: ((d = T.totals) == null ? void 0 : d.limit) ?? l,
565
521
  length: P.length
566
522
  }) : e.json(P);
567
523
  }
568
- const l = await e.env.data.tenants.list({
524
+ const u = await e.env.data.tenants.list({
569
525
  page: r,
570
- per_page: u,
526
+ per_page: l,
571
527
  include_totals: o,
572
528
  q: c
573
529
  });
574
- return o ? e.json(l) : e.json(l.tenants);
530
+ return o ? e.json(u) : e.json(u.tenants);
575
531
  }), i.get("/:id", async (e) => {
576
532
  const n = e.req.param("id");
577
533
  if (t.accessControl) {
578
- const u = e.var.user, o = t.accessControl.controlPlaneTenantId;
534
+ const l = e.var.user, o = t.accessControl.controlPlaneTenantId;
579
535
  if (n !== o) {
580
- if (!(u != null && u.sub))
581
- throw new g(401, {
536
+ if (!(l != null && l.sub))
537
+ throw new w(401, {
582
538
  message: "Authentication required"
583
539
  });
584
540
  if (!(await e.env.data.userOrganizations.listUserOrganizations(
585
541
  o,
586
- u.sub,
542
+ l.sub,
587
543
  {}
588
- )).organizations.some((l) => l.name === n))
589
- throw new g(403, {
544
+ )).organizations.some((u) => u.name === n))
545
+ throw new w(403, {
590
546
  message: "Access denied to this tenant"
591
547
  });
592
548
  }
593
549
  }
594
550
  const r = await e.env.data.tenants.get(n);
595
551
  if (!r)
596
- throw new g(404, {
552
+ throw new w(404, {
597
553
  message: "Tenant not found"
598
554
  });
599
555
  return e.json(r);
600
556
  }), i.post("/", async (e) => {
601
- var n, r, u;
557
+ var n, r, l;
602
558
  try {
603
559
  const o = e.var.user;
604
560
  if (!(o != null && o.sub))
605
- throw new g(401, {
561
+ throw new w(401, {
606
562
  message: "Authentication required to create tenants"
607
563
  });
608
- let c = $.parse(
564
+ let c = j.parse(
609
565
  await e.req.json()
610
566
  );
611
567
  const s = {
@@ -613,13 +569,13 @@ function M(t, a) {
613
569
  ctx: e
614
570
  };
615
571
  (n = a.tenants) != null && n.beforeCreate && (c = await a.tenants.beforeCreate(s, c));
616
- const l = await e.env.data.tenants.create(c);
617
- return (r = a.tenants) != null && r.afterCreate && await a.tenants.afterCreate(s, l), e.json(l, 201);
572
+ const u = await e.env.data.tenants.create(c);
573
+ return (r = a.tenants) != null && r.afterCreate && await a.tenants.afterCreate(s, u), e.json(u, 201);
618
574
  } catch (o) {
619
- throw o instanceof Q.ZodError ? new g(400, {
575
+ throw o instanceof V.ZodError ? new w(400, {
620
576
  message: "Validation error",
621
577
  cause: o
622
- }) : o instanceof Error && ("code" in o && o.code === "SQLITE_CONSTRAINT_PRIMARYKEY" || (u = o.message) != null && u.includes("UNIQUE constraint failed")) ? new g(409, {
578
+ }) : o instanceof Error && ("code" in o && o.code === "SQLITE_CONSTRAINT_PRIMARYKEY" || (l = o.message) != null && l.includes("UNIQUE constraint failed")) ? new w(409, {
623
579
  message: "Tenant with this ID already exists"
624
580
  }) : o;
625
581
  }
@@ -627,35 +583,35 @@ function M(t, a) {
627
583
  var d, p;
628
584
  const n = e.req.param("id");
629
585
  if (t.accessControl) {
630
- const h = e.var.user;
631
- if (!(h != null && h.sub))
632
- throw new g(401, {
586
+ const _ = e.var.user;
587
+ if (!(_ != null && _.sub))
588
+ throw new w(401, {
633
589
  message: "Authentication required to update tenants"
634
590
  });
635
- const m = t.accessControl.controlPlaneTenantId;
636
- if (n !== m && !(await e.env.data.userOrganizations.listUserOrganizations(
637
- m,
638
- h.sub,
591
+ const y = t.accessControl.controlPlaneTenantId;
592
+ if (n !== y && !(await e.env.data.userOrganizations.listUserOrganizations(
593
+ y,
594
+ _.sub,
639
595
  {}
640
596
  )).organizations.some((A) => A.name === n))
641
- throw new g(403, {
597
+ throw new w(403, {
642
598
  message: "Access denied to update this tenant"
643
599
  });
644
600
  }
645
- const r = $.partial().parse(await e.req.json()), { id: u, ...o } = r;
601
+ const r = j.partial().parse(await e.req.json()), { id: l, ...o } = r;
646
602
  if (!await e.env.data.tenants.get(n))
647
- throw new g(404, {
603
+ throw new w(404, {
648
604
  message: "Tenant not found"
649
605
  });
650
606
  const s = {
651
607
  adapters: e.env.data,
652
608
  ctx: e
653
609
  };
654
- let l = o;
655
- (d = a.tenants) != null && d.beforeUpdate && (l = await a.tenants.beforeUpdate(s, n, o)), await e.env.data.tenants.update(n, l);
610
+ let u = o;
611
+ (d = a.tenants) != null && d.beforeUpdate && (u = await a.tenants.beforeUpdate(s, n, o)), await e.env.data.tenants.update(n, u);
656
612
  const f = await e.env.data.tenants.get(n);
657
613
  if (!f)
658
- throw new g(404, {
614
+ throw new w(404, {
659
615
  message: "Tenant not found after update"
660
616
  });
661
617
  return (p = a.tenants) != null && p.afterUpdate && await a.tenants.afterUpdate(s, f), e.json(f);
@@ -663,49 +619,49 @@ function M(t, a) {
663
619
  var o, c;
664
620
  const n = e.req.param("id");
665
621
  if (t.accessControl && n === t.accessControl.controlPlaneTenantId)
666
- throw new g(400, {
622
+ throw new w(400, {
667
623
  message: "Cannot delete the control plane"
668
624
  });
669
625
  if (t.accessControl) {
670
626
  const s = e.var.user;
671
627
  if (!(s != null && s.sub))
672
- throw new g(401, {
628
+ throw new w(401, {
673
629
  message: "Authentication required to delete tenants"
674
630
  });
675
- const l = t.accessControl.controlPlaneTenantId;
631
+ const u = t.accessControl.controlPlaneTenantId;
676
632
  if (!(await e.env.data.userOrganizations.listUserOrganizations(
677
- l,
633
+ u,
678
634
  s.sub,
679
635
  {}
680
636
  )).organizations.some((p) => p.name === n))
681
- throw new g(403, {
637
+ throw new w(403, {
682
638
  message: "Access denied to delete this tenant"
683
639
  });
684
640
  }
685
641
  if (!await e.env.data.tenants.get(n))
686
- throw new g(404, {
642
+ throw new w(404, {
687
643
  message: "Tenant not found"
688
644
  });
689
- const u = {
645
+ const l = {
690
646
  adapters: e.env.data,
691
647
  ctx: e
692
648
  };
693
- return (o = a.tenants) != null && o.beforeDelete && await a.tenants.beforeDelete(u, n), await e.env.data.tenants.remove(n), (c = a.tenants) != null && c.afterDelete && await a.tenants.afterDelete(u, n), e.body(null, 204);
649
+ return (o = a.tenants) != null && o.beforeDelete && await a.tenants.beforeDelete(l, n), await e.env.data.tenants.remove(n), (c = a.tenants) != null && c.afterDelete && await a.tenants.afterDelete(l, n), e.body(null, 204);
694
650
  }), i;
695
651
  }
696
- function se(t, a) {
697
- const i = new G();
652
+ function re(t, a) {
653
+ const i = new Y();
698
654
  return i.openapi(
699
- O({
655
+ S({
700
656
  tags: ["tenants"],
701
657
  method: "get",
702
658
  path: "/",
703
659
  request: {
704
- query: U
660
+ query: F
705
661
  },
706
662
  security: [
707
663
  {
708
- Bearer: ["auth:read"]
664
+ Bearer: []
709
665
  }
710
666
  ],
711
667
  responses: {
@@ -713,7 +669,7 @@ function se(t, a) {
713
669
  content: {
714
670
  "application/json": {
715
671
  schema: C.object({
716
- tenants: C.array(S),
672
+ tenants: C.array($),
717
673
  start: C.number().optional(),
718
674
  limit: C.number().optional(),
719
675
  length: C.number().optional()
@@ -725,48 +681,46 @@ function se(t, a) {
725
681
  }
726
682
  }),
727
683
  async (e) => {
728
- var f, d, p, h;
729
- const n = e.req.valid("query"), { page: r, per_page: u, include_totals: o, q: c } = n, s = e.var.user;
684
+ var f, d, p, _;
685
+ const n = e.req.valid("query"), { page: r, per_page: l, include_totals: o, q: c } = n, s = e.var.user;
730
686
  if (t.accessControl && (s != null && s.sub)) {
731
- const m = t.accessControl.controlPlaneTenantId, P = (await z(
687
+ const y = t.accessControl.controlPlaneTenantId, P = (await z(
732
688
  (I) => e.env.data.userOrganizations.listUserOrganizations(
733
- m,
689
+ y,
734
690
  s.sub,
735
691
  I
736
692
  ),
737
693
  "organizations"
738
- )).map((I) => I.name);
739
- P.includes(m) || P.push(m);
740
- const A = await e.env.data.tenants.list({
694
+ )).map((I) => I.name), A = await e.env.data.tenants.list({
741
695
  page: r,
742
- per_page: u,
696
+ per_page: l,
743
697
  include_totals: o,
744
698
  q: c
745
- }), q = A.tenants.filter(
699
+ }), O = A.tenants.filter(
746
700
  (I) => P.includes(I.id)
747
701
  );
748
702
  return o ? e.json({
749
- tenants: q,
703
+ tenants: O,
750
704
  start: ((f = A.totals) == null ? void 0 : f.start) ?? 0,
751
- limit: ((d = A.totals) == null ? void 0 : d.limit) ?? u,
752
- length: q.length
753
- }) : e.json({ tenants: q });
705
+ limit: ((d = A.totals) == null ? void 0 : d.limit) ?? l,
706
+ length: O.length
707
+ }) : e.json({ tenants: O });
754
708
  }
755
- const l = await e.env.data.tenants.list({
709
+ const u = await e.env.data.tenants.list({
756
710
  page: r,
757
- per_page: u,
711
+ per_page: l,
758
712
  include_totals: o,
759
713
  q: c
760
714
  });
761
715
  return o ? e.json({
762
- tenants: l.tenants,
763
- start: ((p = l.totals) == null ? void 0 : p.start) ?? 0,
764
- limit: ((h = l.totals) == null ? void 0 : h.limit) ?? u,
765
- length: l.tenants.length
766
- }) : e.json({ tenants: l.tenants });
716
+ tenants: u.tenants,
717
+ start: ((p = u.totals) == null ? void 0 : p.start) ?? 0,
718
+ limit: ((_ = u.totals) == null ? void 0 : _.limit) ?? l,
719
+ length: u.tenants.length
720
+ }) : e.json({ tenants: u.tenants });
767
721
  }
768
722
  ), i.openapi(
769
- O({
723
+ S({
770
724
  tags: ["tenants"],
771
725
  method: "get",
772
726
  path: "/{id}",
@@ -777,14 +731,14 @@ function se(t, a) {
777
731
  },
778
732
  security: [
779
733
  {
780
- Bearer: ["auth:read"]
734
+ Bearer: []
781
735
  }
782
736
  ],
783
737
  responses: {
784
738
  200: {
785
739
  content: {
786
740
  "application/json": {
787
- schema: S
741
+ schema: $
788
742
  }
789
743
  },
790
744
  description: "Tenant details"
@@ -797,34 +751,34 @@ function se(t, a) {
797
751
  async (e) => {
798
752
  const { id: n } = e.req.valid("param");
799
753
  if (t.accessControl) {
800
- const u = e.var.user, o = t.accessControl.controlPlaneTenantId;
754
+ const l = e.var.user, o = t.accessControl.controlPlaneTenantId;
801
755
  if (n !== o) {
802
- if (!(u != null && u.sub))
803
- throw new g(401, {
756
+ if (!(l != null && l.sub))
757
+ throw new w(401, {
804
758
  message: "Authentication required"
805
759
  });
806
760
  if (!(await z(
807
- (l) => e.env.data.userOrganizations.listUserOrganizations(
761
+ (u) => e.env.data.userOrganizations.listUserOrganizations(
808
762
  o,
809
- u.sub,
810
- l
763
+ l.sub,
764
+ u
811
765
  ),
812
766
  "organizations"
813
- )).some((l) => l.name === n))
814
- throw new g(403, {
767
+ )).some((u) => u.name === n))
768
+ throw new w(403, {
815
769
  message: "Access denied to this tenant"
816
770
  });
817
771
  }
818
772
  }
819
773
  const r = await e.env.data.tenants.get(n);
820
774
  if (!r)
821
- throw new g(404, {
775
+ throw new w(404, {
822
776
  message: "Tenant not found"
823
777
  });
824
778
  return e.json(r);
825
779
  }
826
780
  ), i.openapi(
827
- O({
781
+ S({
828
782
  tags: ["tenants"],
829
783
  method: "post",
830
784
  path: "/",
@@ -832,21 +786,21 @@ function se(t, a) {
832
786
  body: {
833
787
  content: {
834
788
  "application/json": {
835
- schema: $
789
+ schema: j
836
790
  }
837
791
  }
838
792
  }
839
793
  },
840
794
  security: [
841
795
  {
842
- Bearer: ["auth:write"]
796
+ Bearer: []
843
797
  }
844
798
  ],
845
799
  responses: {
846
800
  201: {
847
801
  content: {
848
802
  "application/json": {
849
- schema: S
803
+ schema: $
850
804
  }
851
805
  },
852
806
  description: "Tenant created"
@@ -860,20 +814,20 @@ function se(t, a) {
860
814
  var c, s;
861
815
  const n = e.var.user;
862
816
  if (!(n != null && n.sub))
863
- throw new g(401, {
817
+ throw new w(401, {
864
818
  message: "Authentication required to create tenants"
865
819
  });
866
820
  let r = e.req.valid("json");
867
- const u = {
821
+ const l = {
868
822
  adapters: e.env.data,
869
823
  ctx: e
870
824
  };
871
- (c = a.tenants) != null && c.beforeCreate && (r = await a.tenants.beforeCreate(u, r));
825
+ (c = a.tenants) != null && c.beforeCreate && (r = await a.tenants.beforeCreate(l, r));
872
826
  const o = await e.env.data.tenants.create(r);
873
- return (s = a.tenants) != null && s.afterCreate && await a.tenants.afterCreate(u, o), e.json(o, 201);
827
+ return (s = a.tenants) != null && s.afterCreate && await a.tenants.afterCreate(l, o), e.json(o, 201);
874
828
  }
875
829
  ), i.openapi(
876
- O({
830
+ S({
877
831
  tags: ["tenants"],
878
832
  method: "patch",
879
833
  path: "/{id}",
@@ -884,21 +838,21 @@ function se(t, a) {
884
838
  body: {
885
839
  content: {
886
840
  "application/json": {
887
- schema: C.object($.shape).partial()
841
+ schema: C.object(j.shape).partial()
888
842
  }
889
843
  }
890
844
  }
891
845
  },
892
846
  security: [
893
847
  {
894
- Bearer: ["auth:write"]
848
+ Bearer: ["update:tenants"]
895
849
  }
896
850
  ],
897
851
  responses: {
898
852
  200: {
899
853
  content: {
900
854
  "application/json": {
901
- schema: S
855
+ schema: $
902
856
  }
903
857
  },
904
858
  description: "Tenant updated"
@@ -912,49 +866,49 @@ function se(t, a) {
912
866
  }
913
867
  }),
914
868
  async (e) => {
915
- var l, f;
869
+ var u, f;
916
870
  const { id: n } = e.req.valid("param");
917
871
  if (t.accessControl) {
918
872
  const d = e.var.user, p = t.accessControl.controlPlaneTenantId;
919
873
  if (!(d != null && d.sub))
920
- throw new g(401, {
874
+ throw new w(401, {
921
875
  message: "Authentication required"
922
876
  });
923
877
  if (n !== p && !(await z(
924
- (y) => e.env.data.userOrganizations.listUserOrganizations(
878
+ (T) => e.env.data.userOrganizations.listUserOrganizations(
925
879
  p,
926
880
  d.sub,
927
- y
881
+ T
928
882
  ),
929
883
  "organizations"
930
- )).some((y) => y.name === n))
931
- throw new g(403, {
884
+ )).some((T) => T.name === n))
885
+ throw new w(403, {
932
886
  message: "Access denied to this tenant"
933
887
  });
934
888
  }
935
889
  if (!await e.env.data.tenants.get(n))
936
- throw new g(404, {
890
+ throw new w(404, {
937
891
  message: "Tenant not found"
938
892
  });
939
- const u = e.req.valid("json"), o = {
893
+ const l = e.req.valid("json"), o = {
940
894
  adapters: e.env.data,
941
895
  ctx: e
942
896
  };
943
- let c = u;
944
- (l = a.tenants) != null && l.beforeUpdate && (c = await a.tenants.beforeUpdate(
897
+ let c = l;
898
+ (u = a.tenants) != null && u.beforeUpdate && (c = await a.tenants.beforeUpdate(
945
899
  o,
946
900
  n,
947
- u
901
+ l
948
902
  )), await e.env.data.tenants.update(n, c);
949
903
  const s = await e.env.data.tenants.get(n);
950
904
  if (!s)
951
- throw new g(500, {
905
+ throw new w(500, {
952
906
  message: "Failed to retrieve updated tenant"
953
907
  });
954
908
  return (f = a.tenants) != null && f.afterUpdate && await a.tenants.afterUpdate(o, s), e.json(s);
955
909
  }
956
910
  ), i.openapi(
957
- O({
911
+ S({
958
912
  tags: ["tenants"],
959
913
  method: "delete",
960
914
  path: "/{id}",
@@ -965,7 +919,7 @@ function se(t, a) {
965
919
  },
966
920
  security: [
967
921
  {
968
- Bearer: ["auth:write"]
922
+ Bearer: ["delete:tenants"]
969
923
  }
970
924
  ],
971
925
  responses: {
@@ -984,40 +938,40 @@ function se(t, a) {
984
938
  var o, c;
985
939
  const { id: n } = e.req.valid("param");
986
940
  if (t.accessControl) {
987
- const s = e.var.user, l = t.accessControl.controlPlaneTenantId;
941
+ const s = e.var.user, u = t.accessControl.controlPlaneTenantId;
988
942
  if (!(s != null && s.sub))
989
- throw new g(401, {
943
+ throw new w(401, {
990
944
  message: "Authentication required"
991
945
  });
992
- if (n === l)
993
- throw new g(403, {
946
+ if (n === u)
947
+ throw new w(403, {
994
948
  message: "Cannot delete the control plane"
995
949
  });
996
950
  if (!(await z(
997
951
  (p) => e.env.data.userOrganizations.listUserOrganizations(
998
- l,
952
+ u,
999
953
  s.sub,
1000
954
  p
1001
955
  ),
1002
956
  "organizations"
1003
957
  )).some((p) => p.name === n))
1004
- throw new g(403, {
958
+ throw new w(403, {
1005
959
  message: "Access denied to this tenant"
1006
960
  });
1007
961
  }
1008
962
  if (!await e.env.data.tenants.get(n))
1009
- throw new g(404, {
963
+ throw new w(404, {
1010
964
  message: "Tenant not found"
1011
965
  });
1012
- const u = {
966
+ const l = {
1013
967
  adapters: e.env.data,
1014
968
  ctx: e
1015
969
  };
1016
- return (o = a.tenants) != null && o.beforeDelete && await a.tenants.beforeDelete(u, n), await e.env.data.tenants.remove(n), (c = a.tenants) != null && c.afterDelete && await a.tenants.afterDelete(u, n), e.body(null, 204);
970
+ return (o = a.tenants) != null && o.beforeDelete && await a.tenants.beforeDelete(l, n), await e.env.data.tenants.remove(n), (c = a.tenants) != null && c.afterDelete && await a.tenants.afterDelete(l, n), e.body(null, 204);
1017
971
  }
1018
972
  ), i;
1019
973
  }
1020
- function re(t) {
974
+ function ie(t) {
1021
975
  const a = [
1022
976
  {
1023
977
  pattern: /\/api\/v2\/resource-servers\/([^/]+)$/,
@@ -1033,7 +987,7 @@ function re(t) {
1033
987
  }
1034
988
  return null;
1035
989
  }
1036
- async function ie(t, a, i) {
990
+ async function oe(t, a, i) {
1037
991
  try {
1038
992
  switch (i.type) {
1039
993
  case "resource_server": {
@@ -1055,26 +1009,26 @@ async function ie(t, a, i) {
1055
1009
  return !1;
1056
1010
  }
1057
1011
  }
1058
- function oe(t) {
1012
+ function ce(t) {
1059
1013
  return {
1060
1014
  resource_server: "resource server",
1061
1015
  role: "role",
1062
1016
  connection: "connection"
1063
1017
  }[t];
1064
1018
  }
1065
- function ce() {
1019
+ function de() {
1066
1020
  return async (t, a) => {
1067
1021
  if (!["PATCH", "PUT", "DELETE"].includes(t.req.method))
1068
1022
  return a();
1069
- const i = re(t.req.path);
1023
+ const i = ie(t.req.path);
1070
1024
  if (!i)
1071
1025
  return a();
1072
1026
  const e = t.var.tenant_id || t.req.header("x-tenant-id") || t.req.header("tenant-id");
1073
1027
  if (!e)
1074
1028
  return a();
1075
- if (await ie(t.env.data, e, i))
1076
- throw new g(403, {
1077
- message: `This ${oe(i.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
1029
+ if (await oe(t.env.data, e, i))
1030
+ throw new w(403, {
1031
+ message: `This ${ce(i.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
1078
1032
  });
1079
1033
  return a();
1080
1034
  };
@@ -1085,21 +1039,21 @@ function le(t) {
1085
1039
  return i();
1086
1040
  const e = a.var.tenant_id, n = a.var.organization_id;
1087
1041
  if (!e)
1088
- throw new g(400, {
1042
+ throw new w(400, {
1089
1043
  message: "Tenant ID not found in request"
1090
1044
  });
1091
- if (!Z(
1045
+ if (!J(
1092
1046
  n,
1093
1047
  e,
1094
1048
  t.accessControl.controlPlaneTenantId
1095
1049
  ))
1096
- throw new g(403, {
1050
+ throw new w(403, {
1097
1051
  message: `Access denied to tenant ${e}`
1098
1052
  });
1099
1053
  return i();
1100
1054
  };
1101
1055
  }
1102
- function de(t) {
1056
+ function ue(t) {
1103
1057
  return async (a, i) => {
1104
1058
  if (!t.subdomainRouting)
1105
1059
  return i();
@@ -1107,10 +1061,10 @@ function de(t) {
1107
1061
  baseDomain: e,
1108
1062
  reservedSubdomains: n = [],
1109
1063
  resolveSubdomain: r
1110
- } = t.subdomainRouting, u = a.req.header("host") || "";
1064
+ } = t.subdomainRouting, l = a.req.header("host") || "";
1111
1065
  let o = null;
1112
- if (u.endsWith(e)) {
1113
- const s = u.slice(0, -(e.length + 1));
1066
+ if (l.endsWith(e)) {
1067
+ const s = l.slice(0, -(e.length + 1));
1114
1068
  s && !s.includes(".") && (o = s);
1115
1069
  }
1116
1070
  if (o && n.includes(o) && (o = null), !o)
@@ -1128,19 +1082,19 @@ function de(t) {
1128
1082
  } catch {
1129
1083
  }
1130
1084
  if (!c)
1131
- throw new g(404, {
1085
+ throw new w(404, {
1132
1086
  message: `Tenant not found for subdomain: ${o}`
1133
1087
  });
1134
1088
  return a.set("tenant_id", c), i();
1135
1089
  };
1136
1090
  }
1137
- function ue(t) {
1091
+ function fe(t) {
1138
1092
  return async (a, i) => {
1139
1093
  if (!t.databaseIsolation)
1140
1094
  return i();
1141
1095
  const e = a.var.tenant_id;
1142
1096
  if (!e)
1143
- throw new g(400, {
1097
+ throw new w(400, {
1144
1098
  message: "Tenant ID not found in request"
1145
1099
  });
1146
1100
  try {
@@ -1150,7 +1104,7 @@ function ue(t) {
1150
1104
  throw console.error(
1151
1105
  `Failed to resolve database for tenant ${e}:`,
1152
1106
  n
1153
- ), new g(500, {
1107
+ ), new w(500, {
1154
1108
  message: "Failed to resolve tenant database"
1155
1109
  });
1156
1110
  }
@@ -1158,14 +1112,14 @@ function ue(t) {
1158
1112
  };
1159
1113
  }
1160
1114
  function N(t) {
1161
- const a = de(t), i = le(t), e = ue(t);
1115
+ const a = ue(t), i = le(t), e = fe(t);
1162
1116
  return async (n, r) => (await a(n, async () => {
1163
1117
  }), await i(n, async () => {
1164
1118
  }), await e(n, async () => {
1165
1119
  }), r());
1166
1120
  }
1167
- function _e(t) {
1168
- const a = j(t);
1121
+ function Te(t) {
1122
+ const a = R(t);
1169
1123
  return {
1170
1124
  name: "multi-tenancy",
1171
1125
  // Apply multi-tenancy middleware for subdomain routing, database resolution, etc.
@@ -1189,34 +1143,34 @@ function _e(t) {
1189
1143
  }
1190
1144
  };
1191
1145
  }
1192
- function j(t) {
1193
- const a = t.accessControl ? Y(t.accessControl) : {}, i = t.databaseIsolation ? J(t.databaseIsolation) : {}, e = X(t);
1146
+ function R(t) {
1147
+ const a = t.accessControl ? Z(t.accessControl) : {}, i = t.databaseIsolation ? X(t.databaseIsolation) : {}, e = H(t);
1194
1148
  return {
1195
1149
  ...a,
1196
1150
  ...i,
1197
1151
  tenants: e
1198
1152
  };
1199
1153
  }
1200
- function fe(t) {
1201
- const a = new F(), i = j(t);
1154
+ function pe(t) {
1155
+ const a = new U(), i = R(t);
1202
1156
  return a.route("/tenants", M(t, i)), a;
1203
1157
  }
1204
- function Te(t) {
1158
+ function ve(t) {
1205
1159
  return {
1206
- hooks: j(t),
1160
+ hooks: R(t),
1207
1161
  middleware: N(t),
1208
- app: fe(t),
1162
+ app: pe(t),
1209
1163
  config: t
1210
1164
  };
1211
1165
  }
1212
- function ve(t) {
1166
+ function be(t) {
1213
1167
  const {
1214
- controlPlaneTenantId: a = "main",
1168
+ controlPlaneTenantId: a = "control_plane",
1215
1169
  syncResourceServers: i = !0,
1216
1170
  syncRoles: e = !0,
1217
1171
  multiTenancy: n,
1218
1172
  entityHooks: r,
1219
- ...u
1173
+ ...l
1220
1174
  } = t, o = {
1221
1175
  ...n,
1222
1176
  accessControl: {
@@ -1225,47 +1179,47 @@ function ve(t) {
1225
1179
  defaultPermissions: ["tenant:admin"],
1226
1180
  ...n == null ? void 0 : n.accessControl
1227
1181
  }
1228
- }, c = j(o);
1229
- let s, l;
1230
- i && (s = ee({
1182
+ }, c = R(o);
1183
+ let s, u;
1184
+ i && (s = te({
1231
1185
  controlPlaneTenantId: a,
1232
1186
  getChildTenantIds: async () => (await z(
1233
- (w) => t.dataAdapter.tenants.list(w),
1187
+ (m) => t.dataAdapter.tenants.list(m),
1234
1188
  "tenants",
1235
1189
  { cursorField: "id", pageSize: 100 }
1236
- )).filter((w) => w.id !== a).map((w) => w.id),
1237
- getAdapters: async (T) => t.dataAdapter
1238
- }), l = te({
1190
+ )).filter((m) => m.id !== a).map((m) => m.id),
1191
+ getAdapters: async (g) => t.dataAdapter
1192
+ }), u = ae({
1239
1193
  controlPlaneTenantId: a,
1240
1194
  getControlPlaneAdapters: async () => t.dataAdapter,
1241
- getAdapters: async (T) => t.dataAdapter
1195
+ getAdapters: async (g) => t.dataAdapter
1242
1196
  }));
1243
1197
  let f, d;
1244
- e && (f = ae({
1198
+ e && (f = ne({
1245
1199
  controlPlaneTenantId: a,
1246
1200
  getChildTenantIds: async () => (await z(
1247
- (w) => t.dataAdapter.tenants.list(w),
1201
+ (m) => t.dataAdapter.tenants.list(m),
1248
1202
  "tenants",
1249
1203
  { cursorField: "id", pageSize: 100 }
1250
- )).filter((w) => w.id !== a).map((w) => w.id),
1251
- getAdapters: async (T) => t.dataAdapter
1252
- }), d = ne({
1204
+ )).filter((m) => m.id !== a).map((m) => m.id),
1205
+ getAdapters: async (g) => t.dataAdapter
1206
+ }), d = se({
1253
1207
  controlPlaneTenantId: a,
1254
1208
  getControlPlaneAdapters: async () => t.dataAdapter,
1255
- getAdapters: async (T) => t.dataAdapter,
1209
+ getAdapters: async (g) => t.dataAdapter,
1256
1210
  syncPermissions: !0
1257
1211
  }));
1258
- const p = async (T, w, ..._) => {
1212
+ const p = async (g, m, ...h) => {
1259
1213
  const v = [];
1260
- if (T)
1214
+ if (g)
1261
1215
  try {
1262
- await T(..._);
1216
+ await g(...h);
1263
1217
  } catch (b) {
1264
1218
  v.push(b instanceof Error ? b : new Error(String(b)));
1265
1219
  }
1266
- if (w)
1220
+ if (m)
1267
1221
  try {
1268
- await w(..._);
1222
+ await m(...h);
1269
1223
  } catch (b) {
1270
1224
  v.push(b instanceof Error ? b : new Error(String(b)));
1271
1225
  }
@@ -1276,161 +1230,161 @@ function ve(t) {
1276
1230
  v,
1277
1231
  `Multiple hook errors: ${v.map((b) => b.message).join("; ")}`
1278
1232
  );
1279
- }, h = async (T, ...w) => {
1280
- const _ = [];
1281
- for (const v of T)
1233
+ }, _ = async (g, ...m) => {
1234
+ const h = [];
1235
+ for (const v of g)
1282
1236
  if (v)
1283
1237
  try {
1284
- await v(...w);
1238
+ await v(...m);
1285
1239
  } catch (b) {
1286
- _.push(
1240
+ h.push(
1287
1241
  b instanceof Error ? b : new Error(String(b))
1288
1242
  );
1289
1243
  }
1290
- if (_.length === 1)
1291
- throw _[0];
1292
- if (_.length > 1)
1244
+ if (h.length === 1)
1245
+ throw h[0];
1246
+ if (h.length > 1)
1293
1247
  throw new AggregateError(
1294
- _,
1295
- `Multiple hook errors: ${_.map((v) => v.message).join("; ")}`
1248
+ h,
1249
+ `Multiple hook errors: ${h.map((v) => v.message).join("; ")}`
1296
1250
  );
1297
- }, m = {
1251
+ }, y = {
1298
1252
  ...r,
1299
1253
  resourceServers: s ? {
1300
1254
  ...r == null ? void 0 : r.resourceServers,
1301
- afterCreate: async (T, w) => {
1302
- var _;
1255
+ afterCreate: async (g, m) => {
1256
+ var h;
1303
1257
  await p(
1304
- (_ = r == null ? void 0 : r.resourceServers) == null ? void 0 : _.afterCreate,
1258
+ (h = r == null ? void 0 : r.resourceServers) == null ? void 0 : h.afterCreate,
1305
1259
  s == null ? void 0 : s.afterCreate,
1306
- T,
1307
- w
1260
+ g,
1261
+ m
1308
1262
  );
1309
1263
  },
1310
- afterUpdate: async (T, w, _) => {
1264
+ afterUpdate: async (g, m, h) => {
1311
1265
  var v;
1312
1266
  await p(
1313
1267
  (v = r == null ? void 0 : r.resourceServers) == null ? void 0 : v.afterUpdate,
1314
1268
  s == null ? void 0 : s.afterUpdate,
1315
- T,
1316
- w,
1317
- _
1269
+ g,
1270
+ m,
1271
+ h
1318
1272
  );
1319
1273
  },
1320
- afterDelete: async (T, w) => {
1321
- var _;
1274
+ afterDelete: async (g, m) => {
1275
+ var h;
1322
1276
  await p(
1323
- (_ = r == null ? void 0 : r.resourceServers) == null ? void 0 : _.afterDelete,
1277
+ (h = r == null ? void 0 : r.resourceServers) == null ? void 0 : h.afterDelete,
1324
1278
  s == null ? void 0 : s.afterDelete,
1325
- T,
1326
- w
1279
+ g,
1280
+ m
1327
1281
  );
1328
1282
  }
1329
1283
  } : r == null ? void 0 : r.resourceServers,
1330
1284
  roles: f ? {
1331
1285
  ...r == null ? void 0 : r.roles,
1332
- afterCreate: async (T, w) => {
1333
- var _;
1286
+ afterCreate: async (g, m) => {
1287
+ var h;
1334
1288
  await p(
1335
- (_ = r == null ? void 0 : r.roles) == null ? void 0 : _.afterCreate,
1289
+ (h = r == null ? void 0 : r.roles) == null ? void 0 : h.afterCreate,
1336
1290
  f == null ? void 0 : f.afterCreate,
1337
- T,
1338
- w
1291
+ g,
1292
+ m
1339
1293
  );
1340
1294
  },
1341
- afterUpdate: async (T, w, _) => {
1295
+ afterUpdate: async (g, m, h) => {
1342
1296
  var v;
1343
1297
  await p(
1344
1298
  (v = r == null ? void 0 : r.roles) == null ? void 0 : v.afterUpdate,
1345
1299
  f == null ? void 0 : f.afterUpdate,
1346
- T,
1347
- w,
1348
- _
1300
+ g,
1301
+ m,
1302
+ h
1349
1303
  );
1350
1304
  },
1351
- afterDelete: async (T, w) => {
1352
- var _;
1305
+ afterDelete: async (g, m) => {
1306
+ var h;
1353
1307
  await p(
1354
- (_ = r == null ? void 0 : r.roles) == null ? void 0 : _.afterDelete,
1308
+ (h = r == null ? void 0 : r.roles) == null ? void 0 : h.afterDelete,
1355
1309
  f == null ? void 0 : f.afterDelete,
1356
- T,
1357
- w
1310
+ g,
1311
+ m
1358
1312
  );
1359
1313
  }
1360
1314
  } : r == null ? void 0 : r.roles,
1361
- tenants: l || d ? {
1315
+ tenants: u || d ? {
1362
1316
  ...r == null ? void 0 : r.tenants,
1363
- afterCreate: async (T, w) => {
1364
- var _;
1365
- await h(
1317
+ afterCreate: async (g, m) => {
1318
+ var h;
1319
+ await _(
1366
1320
  [
1367
- (_ = r == null ? void 0 : r.tenants) == null ? void 0 : _.afterCreate,
1368
- l == null ? void 0 : l.afterCreate,
1321
+ (h = r == null ? void 0 : r.tenants) == null ? void 0 : h.afterCreate,
1322
+ u == null ? void 0 : u.afterCreate,
1369
1323
  d == null ? void 0 : d.afterCreate
1370
1324
  ],
1371
- T,
1372
- w
1325
+ g,
1326
+ m
1373
1327
  );
1374
1328
  }
1375
1329
  } : r == null ? void 0 : r.tenants
1376
- }, y = {
1330
+ }, T = {
1377
1331
  ...c,
1378
- tenants: l || d ? {
1332
+ tenants: u || d ? {
1379
1333
  ...c.tenants,
1380
- afterCreate: async (T, w) => {
1381
- var _;
1382
- (_ = c.tenants) != null && _.afterCreate && await c.tenants.afterCreate(T, w), await h(
1334
+ afterCreate: async (g, m) => {
1335
+ var h;
1336
+ (h = c.tenants) != null && h.afterCreate && await c.tenants.afterCreate(g, m), await _(
1383
1337
  [
1384
- l == null ? void 0 : l.afterCreate,
1338
+ u == null ? void 0 : u.afterCreate,
1385
1339
  d == null ? void 0 : d.afterCreate
1386
1340
  ],
1387
- T,
1388
- w
1341
+ g,
1342
+ m
1389
1343
  );
1390
1344
  }
1391
1345
  } : c.tenants
1392
- }, P = se(
1346
+ }, P = re(
1393
1347
  o,
1394
- y
1395
- ), A = L({
1396
- ...u,
1397
- entityHooks: m,
1348
+ T
1349
+ ), A = Q({
1350
+ ...l,
1351
+ entityHooks: y,
1398
1352
  // Register tenant routes via the extension mechanism
1399
1353
  // This ensures they go through the full middleware chain (caching, tenant, auth, entity hooks)
1400
1354
  managementApiExtensions: [
1401
- ...u.managementApiExtensions || [],
1355
+ ...l.managementApiExtensions || [],
1402
1356
  { path: "/tenants", router: P }
1403
1357
  ]
1404
- }), { app: q, managementApp: I, ...K } = A, R = new F();
1405
- return R.use("/api/v2/*", ce()), R.route("/", q), {
1406
- app: R,
1358
+ }), { app: O, managementApp: I, ...E } = A, q = new U();
1359
+ return q.onError((g, m) => g instanceof w ? g.getResponse() : (console.error(g), m.json({ message: "Internal Server Error" }, 500))), q.use("/api/v2/*", de()), q.route("/", O), {
1360
+ app: q,
1407
1361
  managementApp: I,
1408
- ...K,
1362
+ ...E,
1409
1363
  multiTenancyConfig: o,
1410
1364
  multiTenancyHooks: c
1411
1365
  };
1412
1366
  }
1413
1367
  export {
1414
- Ae as MANAGEMENT_API_SCOPES,
1415
- Y as createAccessControlHooks,
1368
+ Pe as MANAGEMENT_API_SCOPES,
1369
+ Z as createAccessControlHooks,
1416
1370
  le as createAccessControlMiddleware,
1417
- J as createDatabaseHooks,
1418
- ue as createDatabaseMiddleware,
1419
- fe as createMultiTenancy,
1420
- j as createMultiTenancyHooks,
1371
+ X as createDatabaseHooks,
1372
+ fe as createDatabaseMiddleware,
1373
+ pe as createMultiTenancy,
1374
+ R as createMultiTenancyHooks,
1421
1375
  N as createMultiTenancyMiddleware,
1422
- _e as createMultiTenancyPlugin,
1423
- ce as createProtectSyncedMiddleware,
1424
- X as createProvisioningHooks,
1425
- ee as createResourceServerSyncHooks,
1426
- ae as createRoleSyncHooks,
1427
- de as createSubdomainMiddleware,
1428
- te as createTenantResourceServerSyncHooks,
1429
- ne as createTenantRoleSyncHooks,
1376
+ Te as createMultiTenancyPlugin,
1377
+ de as createProtectSyncedMiddleware,
1378
+ H as createProvisioningHooks,
1379
+ te as createResourceServerSyncHooks,
1380
+ ne as createRoleSyncHooks,
1381
+ ue as createSubdomainMiddleware,
1382
+ ae as createTenantResourceServerSyncHooks,
1383
+ se as createTenantRoleSyncHooks,
1430
1384
  M as createTenantsRouter,
1431
- z as fetchAll,
1432
- ve as init,
1433
- Pe as seed,
1434
- Te as setupMultiTenancy,
1435
- Z as validateTenantAccess
1385
+ ze as fetchAll,
1386
+ be as init,
1387
+ Ie as seed,
1388
+ ve as setupMultiTenancy,
1389
+ J as validateTenantAccess
1436
1390
  };