@authhero/multi-tenancy 14.0.0 → 14.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/multi-tenancy.cjs +1 -1
  2. package/dist/multi-tenancy.d.ts +42 -13
  3. package/dist/multi-tenancy.mjs +420 -478
  4. package/package.json +3 -3
package/dist/multi-tenancy.mjs CHANGED
@@ -1,31 +1,31 @@
1
1
  var W = Object.defineProperty;
2
2
  var Q = (t, e, n) => e in t ? W(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
3
- var O = (t, e, n) => Q(t, typeof e != "symbol" ? e + "" : e, n);
4
- import { Hono as J } from "hono";
5
- import { MANAGEMENT_API_SCOPES as X, MANAGEMENT_API_AUDIENCE as U, fetchAll as z, init as Y } from "authhero";
6
- import { OpenAPIHono as Z, createRoute as R, z as I } from "@hono/zod-openapi";
7
- import { auth0QuerySchema as x, tenantSchema as N, tenantInsertSchema as ee, connectionSchema as D, connectionOptionsSchema as F } from "@authhero/adapter-interfaces";
8
- function te(t) {
3
+ var $ = (t, e, n) => Q(t, typeof e != "symbol" ? e + "" : e, n);
4
+ import { Hono as V } from "hono";
5
+ import { MANAGEMENT_API_SCOPES as J, MANAGEMENT_API_AUDIENCE as L, fetchAll as I, init as X } from "authhero";
6
+ import { OpenAPIHono as Y, createRoute as z, z as C } from "@hono/zod-openapi";
7
+ import { auth0QuerySchema as Z, tenantSchema as k, tenantInsertSchema as x, connectionSchema as R, connectionOptionsSchema as O } from "@authhero/adapter-interfaces";
8
+ function ee(t) {
9
9
  const { controlPlaneTenantId: e, requireOrganizationMatch: n = !0 } = t;
10
10
  return {
11
- async onTenantAccessValidation(s, r) {
12
- if (r === e)
11
+ async onTenantAccessValidation(s, a) {
12
+ if (a === e)
13
13
  return !0;
14
14
  if (n) {
15
- const i = s.var.org_name, o = s.var.organization_id, a = i || o;
16
- return a ? a.toLowerCase() === r.toLowerCase() : !1;
15
+ const i = s.var.org_name, o = s.var.organization_id, r = i || o;
16
+ return r ? r.toLowerCase() === a.toLowerCase() : !1;
17
17
  }
18
18
  return !0;
19
19
  }
20
20
  };
21
21
  }
22
- function ne(t, e, n, s) {
22
+ function te(t, e, n, s) {
23
23
  if (e === n)
24
24
  return !0;
25
- const r = s || t;
26
- return r ? r.toLowerCase() === e.toLowerCase() : !1;
25
+ const a = s || t;
26
+ return a ? a.toLowerCase() === e.toLowerCase() : !1;
27
27
  }
28
- function se(t) {
28
+ function ne(t) {
29
29
  return {
30
30
  async resolveDataAdapters(e) {
31
31
  try {
@@ -40,7 +40,7 @@ function se(t) {
40
40
  }
41
41
  };
42
42
  }
43
- function ae(t) {
43
+ function se(t) {
44
44
  return `urn:authhero:tenant:${t.toLowerCase()}`;
45
45
  }
46
46
  function re(t) {
@@ -48,20 +48,20 @@ function re(t) {
48
48
  async beforeCreate(e, n) {
49
49
  return !n.audience && n.id ? {
50
50
  ...n,
51
- audience: ae(n.id)
51
+ audience: se(n.id)
52
52
  } : n;
53
53
  },
54
54
  async afterCreate(e, n) {
55
- const { accessControl: s, databaseIsolation: r } = t;
56
- s && e.ctx && await oe(e, n, s), r != null && r.onProvision && await r.onProvision(n.id);
55
+ const { accessControl: s, databaseIsolation: a } = t;
56
+ s && e.ctx && await ae(e, n, s), a != null && a.onProvision && await a.onProvision(n.id);
57
57
  },
58
58
  async beforeDelete(e, n) {
59
- const { accessControl: s, databaseIsolation: r } = t;
59
+ const { accessControl: s, databaseIsolation: a } = t;
60
60
  if (s)
61
61
  try {
62
62
  const o = (await e.adapters.organizations.list(
63
63
  s.controlPlaneTenantId
64
- )).organizations.find((a) => a.name === n);
64
+ )).organizations.find((r) => r.name === n);
65
65
  o && await e.adapters.organizations.remove(
66
66
  s.controlPlaneTenantId,
67
67
  o.id
@@ -72,9 +72,9 @@ function re(t) {
72
72
  i
73
73
  );
74
74
  }
75
- if (r != null && r.onDeprovision)
75
+ if (a != null && a.onDeprovision)
76
76
  try {
77
- await r.onDeprovision(n);
77
+ await a.onDeprovision(n);
78
78
  } catch (i) {
79
79
  console.warn(
80
80
  `Failed to deprovision database for tenant ${n}:`,
@@ -84,16 +84,16 @@ function re(t) {
84
84
  }
85
85
  };
86
86
  }
87
- async function oe(t, e, n) {
87
+ async function ae(t, e, n) {
88
88
  const {
89
89
  controlPlaneTenantId: s,
90
- defaultPermissions: r,
90
+ defaultPermissions: a,
91
91
  defaultRoles: i,
92
92
  issuer: o,
93
- adminRoleName: a = "Tenant Admin",
94
- adminRoleDescription: u = "Full access to all tenant management operations",
95
- addCreatorToOrganization: d = !0
96
- } = n, c = await t.adapters.organizations.create(
93
+ adminRoleName: r = "Tenant Admin",
94
+ adminRoleDescription: c = "Full access to all tenant management operations",
95
+ addCreatorToOrganization: m = !0
96
+ } = n, l = await t.adapters.organizations.create(
97
97
  s,
98
98
  {
99
99
  name: e.id,
@@ -101,43 +101,43 @@ async function oe(t, e, n) {
101
101
  }
102
102
  );
103
103
  let f;
104
- if (o && (f = await ce(
104
+ if (o && (f = await ie(
105
105
  t,
106
106
  s,
107
- a,
108
- u
109
- )), d && t.ctx) {
110
- const l = t.ctx.var.user;
111
- if (l != null && l.sub && !await ie(
107
+ r,
108
+ c
109
+ )), m && t.ctx) {
110
+ const d = t.ctx.var.user;
111
+ if (d != null && d.sub && !await oe(
112
112
  t,
113
113
  s,
114
- l.sub
114
+ d.sub
115
115
  ))
116
116
  try {
117
117
  await t.adapters.userOrganizations.create(s, {
118
- user_id: l.sub,
119
- organization_id: c.id
118
+ user_id: d.sub,
119
+ organization_id: l.id
120
120
  }), f && await t.adapters.userRoles.create(
121
121
  s,
122
- l.sub,
122
+ d.sub,
123
123
  f,
124
- c.id
124
+ l.id
125
125
  // organizationId
126
126
  );
127
- } catch (w) {
127
+ } catch (p) {
128
128
  console.warn(
129
- `Failed to add creator ${l.sub} to organization ${c.id}:`,
130
- w
129
+ `Failed to add creator ${d.sub} to organization ${l.id}:`,
130
+ p
131
131
  );
132
132
  }
133
133
  }
134
134
  i && i.length > 0 && console.log(
135
- `Would assign roles ${i.join(", ")} to organization ${c.id}`
136
- ), r && r.length > 0 && console.log(
137
- `Would grant permissions ${r.join(", ")} to organization ${c.id}`
135
+ `Would assign roles ${i.join(", ")} to organization ${l.id}`
136
+ ), a && a.length > 0 && console.log(
137
+ `Would grant permissions ${a.join(", ")} to organization ${l.id}`
138
138
  );
139
139
  }
140
- async function ie(t, e, n) {
140
+ async function oe(t, e, n) {
141
141
  const s = await t.adapters.userRoles.list(
142
142
  e,
143
143
  n,
@@ -145,141 +145,132 @@ async function ie(t, e, n) {
145
145
  ""
146
146
  // Empty string for global roles
147
147
  );
148
- for (const r of s)
148
+ for (const a of s)
149
149
  if ((await t.adapters.rolePermissions.list(
150
150
  e,
151
- r.id,
151
+ a.id,
152
152
  { per_page: 1e3 }
153
153
  )).some(
154
- (a) => a.permission_name === "admin:organizations"
154
+ (r) => r.permission_name === "admin:organizations"
155
155
  ))
156
156
  return !0;
157
157
  return !1;
158
158
  }
159
- async function ce(t, e, n, s) {
160
- const i = (await t.adapters.roles.list(e, {})).roles.find((d) => d.name === n);
159
+ async function ie(t, e, n, s) {
160
+ const i = (await t.adapters.roles.list(e, {})).roles.find((m) => m.name === n);
161
161
  if (i)
162
162
  return i.id;
163
163
  const o = await t.adapters.roles.create(e, {
164
164
  name: n,
165
165
  description: s
166
- }), a = U, u = X.map((d) => ({
166
+ }), r = L, c = J.map((m) => ({
167
167
  role_id: o.id,
168
- resource_server_identifier: a,
169
- permission_name: d.value
168
+ resource_server_identifier: r,
169
+ permission_name: m.value
170
170
  }));
171
171
  return await t.adapters.rolePermissions.assign(
172
172
  e,
173
173
  o.id,
174
- u
174
+ c
175
175
  ), o.id;
176
176
  }
177
- const le = [
178
- "client_id",
179
- "client_secret",
180
- "app_secret",
181
- "kid",
182
- "team_id",
183
- "twilio_sid",
184
- "twilio_token"
185
- ];
186
- function M(t, e, n = () => !0) {
187
- const { controlPlaneTenantId: s, getChildTenantIds: r, getAdapters: i } = t, o = /* @__PURE__ */ new Map();
188
- async function a(c, f, l) {
189
- return (await e(c).list(f, {
190
- q: `name:${l}`,
177
+ function E(t, e, n = () => !0) {
178
+ const { controlPlaneTenantId: s, getChildTenantIds: a, getAdapters: i } = t, o = /* @__PURE__ */ new Map();
179
+ async function r(l, f, d) {
180
+ return (await e(l).list(f, {
181
+ q: `name:${d}`,
191
182
  per_page: 1
192
183
  }))[0] ?? null;
193
184
  }
194
- async function u(c) {
195
- const f = await r(), l = e(await i(s));
185
+ async function c(l) {
186
+ const f = await a(), d = e(await i(s));
196
187
  await Promise.all(
197
- f.map(async (m) => {
188
+ f.map(async (u) => {
198
189
  try {
199
- const w = await i(m), g = e(w), h = {
200
- ...l.transform(c),
190
+ const p = await i(u), g = e(p), w = {
191
+ ...d.transform(l),
201
192
  is_system: !0
202
- }, y = await a(w, m, c.name), v = y ? g.getId(y) : void 0;
203
- if (y && v) {
204
- const b = g.preserveOnUpdate ? g.preserveOnUpdate(y, h) : h;
205
- await g.update(m, v, b);
193
+ }, A = await r(p, u, l.name), v = A ? g.getId(A) : void 0;
194
+ if (A && v) {
195
+ const h = g.preserveOnUpdate ? g.preserveOnUpdate(A, w) : w;
196
+ await g.update(u, v, h);
206
197
  } else
207
- await g.create(m, h);
208
- } catch (w) {
198
+ await g.create(u, w);
199
+ } catch (p) {
209
200
  console.error(
210
- `Failed to sync ${l.listKey} "${c.name}" to tenant "${m}":`,
211
- w
201
+ `Failed to sync ${d.listKey} "${l.name}" to tenant "${u}":`,
202
+ p
212
203
  );
213
204
  }
214
205
  })
215
206
  );
216
207
  }
217
- async function d(c) {
218
- const f = await r();
208
+ async function m(l) {
209
+ const f = await a();
219
210
  await Promise.all(
220
- f.map(async (l) => {
211
+ f.map(async (d) => {
221
212
  try {
222
- const m = await i(l), w = e(m), g = await a(m, l, c), p = g ? w.getId(g) : void 0;
223
- g && p && await w.remove(l, p);
224
- } catch (m) {
213
+ const u = await i(d), p = e(u), g = await r(u, d, l), y = g ? p.getId(g) : void 0;
214
+ g && y && await p.remove(d, y);
215
+ } catch (u) {
225
216
  console.error(
226
- `Failed to delete entity "${c}" from tenant "${l}":`,
227
- m
217
+ `Failed to delete entity "${l}" from tenant "${d}":`,
218
+ u
228
219
  );
229
220
  }
230
221
  })
231
222
  );
232
223
  }
233
224
  return {
234
- afterCreate: async (c, f) => {
235
- c.tenantId === s && n(f) && await u(f);
225
+ afterCreate: async (l, f) => {
226
+ l.tenantId === s && n(f) && await c(f);
236
227
  },
237
- afterUpdate: async (c, f, l) => {
238
- c.tenantId === s && n(l) && await u(l);
228
+ afterUpdate: async (l, f, d) => {
229
+ l.tenantId === s && n(d) && await c(d);
239
230
  },
240
- beforeDelete: async (c, f) => {
241
- if (c.tenantId !== s) return;
242
- const m = await e(c.adapters).get(c.tenantId, f);
243
- m && n(m) && o.set(f, m);
231
+ beforeDelete: async (l, f) => {
232
+ if (l.tenantId !== s) return;
233
+ const u = await e(l.adapters).get(l.tenantId, f);
234
+ u && n(u) && o.set(f, u);
244
235
  },
245
- afterDelete: async (c, f) => {
246
- if (c.tenantId !== s) return;
247
- const l = o.get(f);
248
- l && (o.delete(f), await d(l.name));
236
+ afterDelete: async (l, f) => {
237
+ if (l.tenantId !== s) return;
238
+ const d = o.get(f);
239
+ d && (o.delete(f), await m(d.name));
249
240
  }
250
241
  };
251
242
  }
252
- function q(t, e, n = () => !0) {
253
- const { controlPlaneTenantId: s, getControlPlaneAdapters: r, getAdapters: i } = t;
243
+ function N(t, e, n = () => !0) {
244
+ const { controlPlaneTenantId: s, getControlPlaneAdapters: a, getAdapters: i } = t;
254
245
  return {
255
- async afterCreate(o, a) {
256
- if (a.id !== s)
246
+ async afterCreate(o, r) {
247
+ if (r.id !== s)
257
248
  try {
258
- const u = await r(), d = await i(a.id), c = e(u), f = e(d), l = await z(
259
- (m) => c.listPaginated(s, m),
260
- c.listKey,
249
+ const c = await a(), m = await i(r.id), l = e(c), f = e(m), d = await I(
250
+ (u) => l.listPaginated(s, u),
251
+ l.listKey,
261
252
  { cursorField: "id", pageSize: 100 }
262
253
  );
263
254
  await Promise.all(
264
- l.filter((m) => n(m)).map(async (m) => {
255
+ d.filter((u) => n(u)).map(async (u) => {
265
256
  try {
266
- const w = c.transform(m);
267
- await f.create(a.id, {
268
- ...w,
257
+ const p = l.transform(u);
258
+ await f.create(r.id, {
259
+ ...p,
269
260
  is_system: !0
270
261
  });
271
- } catch (w) {
262
+ } catch (p) {
272
263
  console.error(
273
- `Failed to sync entity to new tenant "${a.id}":`,
274
- w
264
+ `Failed to sync entity to new tenant "${r.id}":`,
265
+ p
275
266
  );
276
267
  }
277
268
  })
278
269
  );
279
- } catch (u) {
270
+ } catch (c) {
280
271
  console.error(
281
- `Failed to sync entities to new tenant "${a.id}":`,
282
- u
272
+ `Failed to sync entities to new tenant "${r.id}":`,
273
+ c
283
274
  );
284
275
  }
285
276
  }
@@ -317,177 +308,125 @@ const H = (t) => ({
317
308
  name: e.name,
318
309
  description: e.description
319
310
  })
320
- }), L = (t) => ({
321
- list: async (e, n) => (await t.connections.list(e, n)).connections,
322
- listPaginated: (e, n) => t.connections.list(e, n),
323
- get: (e, n) => t.connections.get(e, n),
324
- create: (e, n) => t.connections.create(e, n),
325
- update: (e, n, s) => t.connections.update(e, n, s),
326
- remove: (e, n) => t.connections.remove(e, n),
327
- listKey: "connections",
328
- getId: (e) => e.id,
329
- transform: (e) => {
330
- const n = e.options ? { ...e.options } : {};
331
- for (const s of le)
332
- delete n[s];
333
- return {
334
- id: e.id,
335
- name: e.name,
336
- display_name: e.display_name,
337
- strategy: e.strategy,
338
- options: n,
339
- response_type: e.response_type,
340
- response_mode: e.response_mode,
341
- is_domain_connection: e.is_domain_connection,
342
- show_as_button: e.show_as_button,
343
- metadata: e.metadata
344
- };
345
- },
346
- preserveOnUpdate: (e, n) => {
347
- const s = e.options || {};
348
- return {
349
- ...n,
350
- options: {
351
- ...n.options,
352
- client_id: s.client_id,
353
- client_secret: s.client_secret,
354
- app_secret: s.app_secret,
355
- kid: s.kid,
356
- team_id: s.team_id,
357
- twilio_sid: s.twilio_sid,
358
- twilio_token: s.twilio_token
359
- }
360
- };
361
- }
362
311
  });
363
- function de(t) {
364
- const { sync: e = {}, filters: n = {} } = t, s = e.resourceServers ?? !0, r = e.roles ?? !0, i = e.connections ?? !0, o = s ? M(
312
+ function ce(t) {
313
+ const { sync: e = {}, filters: n = {} } = t, s = e.resourceServers ?? !0, a = e.roles ?? !0, i = s ? E(
365
314
  t,
366
315
  H,
367
316
  n.resourceServers
368
- ) : void 0, a = r ? M(
317
+ ) : void 0, o = a ? E(
369
318
  t,
370
319
  G,
371
320
  n.roles
372
- ) : void 0, u = i ? M(
373
- t,
374
- L,
375
- n.connections
376
- ) : void 0, d = s ? q(
321
+ ) : void 0, r = s ? N(
377
322
  t,
378
323
  H,
379
324
  n.resourceServers
380
- ) : void 0, c = r ? q(
325
+ ) : void 0, c = a ? N(
381
326
  t,
382
327
  G,
383
328
  n.roles
384
- ) : void 0, f = i ? q(
385
- t,
386
- L,
387
- n.connections
388
- ) : void 0, l = r ? {
389
- async afterCreate(g, p) {
390
- var h;
391
- if (p.id !== t.controlPlaneTenantId) {
392
- await ((h = c == null ? void 0 : c.afterCreate) == null ? void 0 : h.call(c, g, p));
329
+ ) : void 0, m = a ? {
330
+ async afterCreate(d, u) {
331
+ var p;
332
+ if (u.id !== t.controlPlaneTenantId) {
333
+ await ((p = c == null ? void 0 : c.afterCreate) == null ? void 0 : p.call(c, d, u));
393
334
  try {
394
- const y = await t.getControlPlaneAdapters(), v = await t.getAdapters(p.id), b = await z(
395
- (_) => y.roles.list(
335
+ const g = await t.getControlPlaneAdapters(), y = await t.getAdapters(u.id), w = await I(
336
+ (v) => g.roles.list(
396
337
  t.controlPlaneTenantId,
397
- _
338
+ v
398
339
  ),
399
340
  "roles",
400
341
  { cursorField: "id", pageSize: 100 }
401
- ), S = /* @__PURE__ */ new Map();
402
- for (const _ of b.filter(
403
- (T) => {
404
- var A;
405
- return ((A = n.roles) == null ? void 0 : A.call(n, T)) ?? !0;
342
+ ), A = /* @__PURE__ */ new Map();
343
+ for (const v of w.filter(
344
+ (h) => {
345
+ var T;
346
+ return ((T = n.roles) == null ? void 0 : T.call(n, h)) ?? !0;
406
347
  }
407
348
  )) {
408
- const T = await m(
409
- v,
410
- p.id,
411
- _.name
349
+ const h = await l(
350
+ y,
351
+ u.id,
352
+ v.name
412
353
  );
413
- T && S.set(_.name, T.id);
354
+ h && A.set(v.name, h.id);
414
355
  }
415
- for (const _ of b.filter(
416
- (T) => {
417
- var A;
418
- return ((A = n.roles) == null ? void 0 : A.call(n, T)) ?? !0;
356
+ for (const v of w.filter(
357
+ (h) => {
358
+ var T;
359
+ return ((T = n.roles) == null ? void 0 : T.call(n, h)) ?? !0;
419
360
  }
420
361
  )) {
421
- const T = S.get(_.name);
422
- if (T)
362
+ const h = A.get(v.name);
363
+ if (h)
423
364
  try {
424
- const A = await y.rolePermissions.list(
365
+ const T = await g.rolePermissions.list(
425
366
  t.controlPlaneTenantId,
426
- _.id,
367
+ v.id,
427
368
  {}
428
369
  );
429
- A.length > 0 && await v.rolePermissions.assign(
430
- p.id,
431
- T,
432
- A.map((P) => ({
433
- role_id: T,
434
- resource_server_identifier: P.resource_server_identifier,
435
- permission_name: P.permission_name
370
+ T.length > 0 && await y.rolePermissions.assign(
371
+ u.id,
372
+ h,
373
+ T.map((_) => ({
374
+ role_id: h,
375
+ resource_server_identifier: _.resource_server_identifier,
376
+ permission_name: _.permission_name
436
377
  }))
437
378
  );
438
- } catch (A) {
379
+ } catch (T) {
439
380
  console.error(
440
- `Failed to sync permissions for role "${_.name}" to tenant "${p.id}":`,
441
- A
381
+ `Failed to sync permissions for role "${v.name}" to tenant "${u.id}":`,
382
+ T
442
383
  );
443
384
  }
444
385
  }
445
- } catch (y) {
386
+ } catch (g) {
446
387
  console.error(
447
- `Failed to sync role permissions to tenant "${p.id}":`,
448
- y
388
+ `Failed to sync role permissions to tenant "${u.id}":`,
389
+ g
449
390
  );
450
391
  }
451
392
  }
452
393
  }
453
394
  } : void 0;
454
- async function m(g, p, h) {
455
- return (await g.roles.list(p, {
456
- q: `name:${h}`,
395
+ async function l(d, u, p) {
396
+ return (await d.roles.list(u, {
397
+ q: `name:${p}`,
457
398
  per_page: 1
458
399
  })).roles[0] ?? null;
459
400
  }
460
401
  return {
461
402
  entityHooks: {
462
- resourceServers: o,
463
- roles: a,
464
- connections: u
403
+ resourceServers: i,
404
+ roles: o
465
405
  },
466
406
  tenantHooks: {
467
- async afterCreate(g, p) {
468
- const h = [
469
- d == null ? void 0 : d.afterCreate,
470
- (l == null ? void 0 : l.afterCreate) ?? (c == null ? void 0 : c.afterCreate),
471
- f == null ? void 0 : f.afterCreate
472
- ], y = [];
473
- for (const v of h)
474
- if (v)
407
+ async afterCreate(d, u) {
408
+ const p = [
409
+ r == null ? void 0 : r.afterCreate,
410
+ (m == null ? void 0 : m.afterCreate) ?? (c == null ? void 0 : c.afterCreate)
411
+ ], g = [];
412
+ for (const y of p)
413
+ if (y)
475
414
  try {
476
- await v(g, p);
477
- } catch (b) {
478
- y.push(b instanceof Error ? b : new Error(String(b)));
415
+ await y(d, u);
416
+ } catch (w) {
417
+ g.push(w instanceof Error ? w : new Error(String(w)));
479
418
  }
480
- if (y.length === 1) throw y[0];
481
- if (y.length > 1)
419
+ if (g.length === 1) throw g[0];
420
+ if (g.length > 1)
482
421
  throw new AggregateError(
483
- y,
484
- y.map((v) => v.message).join("; ")
422
+ g,
423
+ g.map((y) => y.message).join("; ")
485
424
  );
486
425
  }
487
426
  }
488
427
  };
489
428
  }
490
- var C = class extends Error {
429
+ var b = class extends Error {
491
430
  /**
492
431
  * Creates an instance of `HTTPException`.
493
432
  * @param status - HTTP status code for the exception. Defaults to 500.
@@ -495,8 +434,8 @@ var C = class extends Error {
495
434
  */
496
435
  constructor(e = 500, n) {
497
436
  super(n == null ? void 0 : n.message, { cause: n == null ? void 0 : n.cause });
498
- O(this, "res");
499
- O(this, "status");
437
+ $(this, "res");
438
+ $(this, "status");
500
439
  this.res = n == null ? void 0 : n.res, this.status = e;
501
440
  }
502
441
  /**
@@ -513,15 +452,15 @@ var C = class extends Error {
513
452
  });
514
453
  }
515
454
  };
516
- function k(t, e) {
517
- const n = new Z();
455
+ function M(t, e) {
456
+ const n = new Y();
518
457
  return n.openapi(
519
- R({
458
+ z({
520
459
  tags: ["tenants"],
521
460
  method: "get",
522
461
  path: "/",
523
462
  request: {
524
- query: x
463
+ query: Z
525
464
  },
526
465
  security: [
527
466
  {
@@ -532,11 +471,11 @@ function k(t, e) {
532
471
  200: {
533
472
  content: {
534
473
  "application/json": {
535
- schema: I.object({
536
- tenants: I.array(N),
537
- start: I.number().optional(),
538
- limit: I.number().optional(),
539
- length: I.number().optional()
474
+ schema: C.object({
475
+ tenants: C.array(k),
476
+ start: C.number().optional(),
477
+ limit: C.number().optional(),
478
+ length: C.number().optional()
540
479
  })
541
480
  }
542
481
  },
@@ -545,74 +484,74 @@ function k(t, e) {
545
484
  }
546
485
  }),
547
486
  async (s) => {
548
- var m, w, g, p;
549
- const r = s.req.valid("query"), { page: i, per_page: o, include_totals: a, q: u } = r, d = s.var.user, c = (d == null ? void 0 : d.permissions) || [];
550
- if (c.includes("auth:read") || c.includes("admin:organizations")) {
551
- const h = await s.env.data.tenants.list({
487
+ var u, p, g, y;
488
+ const a = s.req.valid("query"), { page: i, per_page: o, include_totals: r, q: c } = a, m = s.var.user, l = (m == null ? void 0 : m.permissions) || [];
489
+ if (l.includes("auth:read") || l.includes("admin:organizations")) {
490
+ const w = await s.env.data.tenants.list({
552
491
  page: i,
553
492
  per_page: o,
554
- include_totals: a,
555
- q: u
493
+ include_totals: r,
494
+ q: c
556
495
  });
557
- return a ? s.json({
558
- tenants: h.tenants,
559
- start: ((m = h.totals) == null ? void 0 : m.start) ?? 0,
560
- limit: ((w = h.totals) == null ? void 0 : w.limit) ?? o,
561
- length: h.tenants.length
562
- }) : s.json({ tenants: h.tenants });
496
+ return r ? s.json({
497
+ tenants: w.tenants,
498
+ start: ((u = w.totals) == null ? void 0 : u.start) ?? 0,
499
+ limit: ((p = w.totals) == null ? void 0 : p.limit) ?? o,
500
+ length: w.tenants.length
501
+ }) : s.json({ tenants: w.tenants });
563
502
  }
564
- if (t.accessControl && (d != null && d.sub)) {
565
- const h = t.accessControl.controlPlaneTenantId, v = (await z(
566
- ($) => s.env.data.userOrganizations.listUserOrganizations(
567
- h,
568
- d.sub,
569
- $
503
+ if (t.accessControl && (m != null && m.sub)) {
504
+ const w = t.accessControl.controlPlaneTenantId, v = (await I(
505
+ (P) => s.env.data.userOrganizations.listUserOrganizations(
506
+ w,
507
+ m.sub,
508
+ P
570
509
  ),
571
510
  "organizations"
572
- )).map(($) => $.name);
511
+ )).map((P) => P.name);
573
512
  if (v.length === 0)
574
- return a ? s.json({
513
+ return r ? s.json({
575
514
  tenants: [],
576
515
  start: 0,
577
516
  limit: o ?? 50,
578
517
  length: 0
579
518
  }) : s.json({ tenants: [] });
580
- const b = v.length, S = i ?? 0, _ = o ?? 50, T = S * _, A = v.slice(T, T + _);
581
- if (A.length === 0)
582
- return a ? s.json({
519
+ const h = v.length, T = i ?? 0, _ = o ?? 50, S = T * _, D = v.slice(S, S + _);
520
+ if (D.length === 0)
521
+ return r ? s.json({
583
522
  tenants: [],
584
- start: T,
523
+ start: S,
585
524
  limit: _,
586
- length: b
525
+ length: h
587
526
  }) : s.json({ tenants: [] });
588
- const P = A.map(($) => `id:${$}`).join(" OR "), V = u ? `(${P}) AND (${u})` : P, E = await s.env.data.tenants.list({
589
- q: V,
527
+ const F = D.map((P) => `id:${P}`).join(" OR "), K = c ? `(${F}) AND (${c})` : F, j = await s.env.data.tenants.list({
528
+ q: K,
590
529
  per_page: _,
591
530
  include_totals: !1
592
531
  // We calculate totals from accessibleTenantIds
593
532
  });
594
- return a ? s.json({
595
- tenants: E.tenants,
596
- start: T,
533
+ return r ? s.json({
534
+ tenants: j.tenants,
535
+ start: S,
597
536
  limit: _,
598
- length: b
599
- }) : s.json({ tenants: E.tenants });
537
+ length: h
538
+ }) : s.json({ tenants: j.tenants });
600
539
  }
601
- const l = await s.env.data.tenants.list({
540
+ const d = await s.env.data.tenants.list({
602
541
  page: i,
603
542
  per_page: o,
604
- include_totals: a,
605
- q: u
543
+ include_totals: r,
544
+ q: c
606
545
  });
607
- return a ? s.json({
608
- tenants: l.tenants,
609
- start: ((g = l.totals) == null ? void 0 : g.start) ?? 0,
610
- limit: ((p = l.totals) == null ? void 0 : p.limit) ?? o,
611
- length: l.tenants.length
612
- }) : s.json({ tenants: l.tenants });
546
+ return r ? s.json({
547
+ tenants: d.tenants,
548
+ start: ((g = d.totals) == null ? void 0 : g.start) ?? 0,
549
+ limit: ((y = d.totals) == null ? void 0 : y.limit) ?? o,
550
+ length: d.tenants.length
551
+ }) : s.json({ tenants: d.tenants });
613
552
  }
614
553
  ), n.openapi(
615
- R({
554
+ z({
616
555
  tags: ["tenants"],
617
556
  method: "post",
618
557
  path: "/",
@@ -620,7 +559,7 @@ function k(t, e) {
620
559
  body: {
621
560
  content: {
622
561
  "application/json": {
623
- schema: ee
562
+ schema: x
624
563
  }
625
564
  }
626
565
  }
@@ -634,7 +573,7 @@ function k(t, e) {
634
573
  201: {
635
574
  content: {
636
575
  "application/json": {
637
- schema: N
576
+ schema: k
638
577
  }
639
578
  },
640
579
  description: "Tenant created"
@@ -648,10 +587,10 @@ function k(t, e) {
648
587
  }
649
588
  }),
650
589
  async (s) => {
651
- var u, d;
652
- const r = s.var.user;
653
- if (!(r != null && r.sub))
654
- throw new C(401, {
590
+ var c, m;
591
+ const a = s.var.user;
592
+ if (!(a != null && a.sub))
593
+ throw new b(401, {
655
594
  message: "Authentication required to create tenants"
656
595
  });
657
596
  let i = s.req.valid("json");
@@ -659,18 +598,18 @@ function k(t, e) {
659
598
  adapters: s.env.data,
660
599
  ctx: s
661
600
  };
662
- (u = e.tenants) != null && u.beforeCreate && (i = await e.tenants.beforeCreate(o, i));
663
- const a = await s.env.data.tenants.create(i);
664
- return (d = e.tenants) != null && d.afterCreate && await e.tenants.afterCreate(o, a), s.json(a, 201);
601
+ (c = e.tenants) != null && c.beforeCreate && (i = await e.tenants.beforeCreate(o, i));
602
+ const r = await s.env.data.tenants.create(i);
603
+ return (m = e.tenants) != null && m.afterCreate && await e.tenants.afterCreate(o, r), s.json(r, 201);
665
604
  }
666
605
  ), n.openapi(
667
- R({
606
+ z({
668
607
  tags: ["tenants"],
669
608
  method: "delete",
670
609
  path: "/{id}",
671
610
  request: {
672
- params: I.object({
673
- id: I.string()
611
+ params: C.object({
612
+ id: C.string()
674
613
  })
675
614
  },
676
615
  security: [
@@ -691,43 +630,43 @@ function k(t, e) {
691
630
  }
692
631
  }),
693
632
  async (s) => {
694
- var a, u;
695
- const { id: r } = s.req.valid("param");
633
+ var r, c;
634
+ const { id: a } = s.req.valid("param");
696
635
  if (t.accessControl) {
697
- const d = s.var.user, c = t.accessControl.controlPlaneTenantId;
698
- if (!(d != null && d.sub))
699
- throw new C(401, {
636
+ const m = s.var.user, l = t.accessControl.controlPlaneTenantId;
637
+ if (!(m != null && m.sub))
638
+ throw new b(401, {
700
639
  message: "Authentication required"
701
640
  });
702
- if (r === c)
703
- throw new C(403, {
641
+ if (a === l)
642
+ throw new b(403, {
704
643
  message: "Cannot delete the control plane"
705
644
  });
706
- if (!(await z(
707
- (m) => s.env.data.userOrganizations.listUserOrganizations(
708
- c,
709
- d.sub,
710
- m
645
+ if (!(await I(
646
+ (u) => s.env.data.userOrganizations.listUserOrganizations(
647
+ l,
648
+ m.sub,
649
+ u
711
650
  ),
712
651
  "organizations"
713
- )).some((m) => m.name === r))
714
- throw new C(403, {
652
+ )).some((u) => u.name === a))
653
+ throw new b(403, {
715
654
  message: "Access denied to this tenant"
716
655
  });
717
656
  }
718
- if (!await s.env.data.tenants.get(r))
719
- throw new C(404, {
657
+ if (!await s.env.data.tenants.get(a))
658
+ throw new b(404, {
720
659
  message: "Tenant not found"
721
660
  });
722
661
  const o = {
723
662
  adapters: s.env.data,
724
663
  ctx: s
725
664
  };
726
- return (a = e.tenants) != null && a.beforeDelete && await e.tenants.beforeDelete(o, r), await s.env.data.tenants.remove(r), (u = e.tenants) != null && u.afterDelete && await e.tenants.afterDelete(o, r), s.body(null, 204);
665
+ return (r = e.tenants) != null && r.beforeDelete && await e.tenants.beforeDelete(o, a), await s.env.data.tenants.remove(a), (c = e.tenants) != null && c.afterDelete && await e.tenants.afterDelete(o, a), s.body(null, 204);
727
666
  }
728
667
  ), n;
729
668
  }
730
- function ue(t) {
669
+ function le(t) {
731
670
  const e = [
732
671
  {
733
672
  pattern: /\/api\/v2\/resource-servers\/([^/]+)$/,
@@ -737,13 +676,13 @@ function ue(t) {
737
676
  { pattern: /\/api\/v2\/connections\/([^/]+)$/, type: "connection" }
738
677
  ];
739
678
  for (const { pattern: n, type: s } of e) {
740
- const r = t.match(n);
741
- if (r && r[1])
742
- return { type: s, id: r[1] };
679
+ const a = t.match(n);
680
+ if (a && a[1])
681
+ return { type: s, id: a[1] };
743
682
  }
744
683
  return null;
745
684
  }
746
- async function me(t, e, n) {
685
+ async function de(t, e, n) {
747
686
  try {
748
687
  switch (n.type) {
749
688
  case "resource_server": {
@@ -765,63 +704,63 @@ async function me(t, e, n) {
765
704
  return !1;
766
705
  }
767
706
  }
768
- function fe(t) {
707
+ function ue(t) {
769
708
  return {
770
709
  resource_server: "resource server",
771
710
  role: "role",
772
711
  connection: "connection"
773
712
  }[t];
774
713
  }
775
- function pe() {
714
+ function me() {
776
715
  return async (t, e) => {
777
716
  if (!["PATCH", "PUT", "DELETE"].includes(t.req.method))
778
717
  return e();
779
- const n = ue(t.req.path);
718
+ const n = le(t.req.path);
780
719
  if (!n)
781
720
  return e();
782
721
  const s = t.var.tenant_id || t.req.header("x-tenant-id") || t.req.header("tenant-id");
783
722
  if (!s)
784
723
  return e();
785
- if (await me(t.env.data, s, n))
786
- throw new C(403, {
787
- message: `This ${fe(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
724
+ if (await de(t.env.data, s, n))
725
+ throw new b(403, {
726
+ message: `This ${ue(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
788
727
  });
789
728
  return e();
790
729
  };
791
730
  }
792
- function B(t, e) {
731
+ function U(t, e) {
793
732
  const { controlPlaneTenantId: n, controlPlaneClientId: s } = e;
794
733
  return {
795
734
  ...t,
796
735
  legacyClients: {
797
736
  ...t.legacyClients,
798
- get: async (r) => {
737
+ get: async (a) => {
799
738
  var f;
800
- const i = await t.legacyClients.get(r);
739
+ const i = await t.legacyClients.get(a);
801
740
  if (!i)
802
741
  return null;
803
- const o = s ? await t.legacyClients.get(s) : void 0, a = await t.connections.list(
742
+ const o = s ? await t.legacyClients.get(s) : void 0, r = await t.connections.list(
804
743
  i.tenant.id
805
- ), u = n ? await t.connections.list(n) : { connections: [] }, d = a.connections.map((l) => {
744
+ ), c = n ? await t.connections.list(n) : { connections: [] }, m = r.connections.map((d) => {
806
745
  var g;
807
- const m = (g = u.connections) == null ? void 0 : g.find(
808
- (p) => p.name === l.name
746
+ const u = (g = c.connections) == null ? void 0 : g.find(
747
+ (y) => y.strategy === d.strategy
809
748
  );
810
- if (!(m != null && m.options))
811
- return l;
812
- const w = D.parse({
813
- ...m || {},
814
- ...l
749
+ if (!(u != null && u.options))
750
+ return d;
751
+ const p = R.parse({
752
+ ...u || {},
753
+ ...d
815
754
  });
816
- return w.options = F.parse({
817
- ...m.options || {},
818
- ...l.options
819
- }), w;
820
- }).filter((l) => l), c = {
755
+ return p.options = O.parse({
756
+ ...u.options || {},
757
+ ...d.options
758
+ }), p;
759
+ }).filter((d) => d), l = {
821
760
  ...(o == null ? void 0 : o.tenant) || {},
822
761
  ...i.tenant
823
762
  };
824
- return !i.tenant.audience && ((f = o == null ? void 0 : o.tenant) != null && f.audience) && (c.audience = o.tenant.audience), {
763
+ return !i.tenant.audience && ((f = o == null ? void 0 : o.tenant) != null && f.audience) && (l.audience = o.tenant.audience), {
825
764
  ...i,
826
765
  web_origins: [
827
766
  ...(o == null ? void 0 : o.web_origins) || [],
@@ -835,58 +774,58 @@ function B(t, e) {
835
774
  ...(o == null ? void 0 : o.callbacks) || [],
836
775
  ...i.callbacks || []
837
776
  ],
838
- connections: d,
839
- tenant: c
777
+ connections: m,
778
+ tenant: l
840
779
  };
841
780
  }
842
781
  },
843
782
  connections: {
844
783
  ...t.connections,
845
- get: async (r, i) => {
784
+ get: async (a, i) => {
785
+ var l;
846
786
  const o = await t.connections.get(
847
- r,
787
+ a,
848
788
  i
849
789
  );
850
- if (!o || !n)
790
+ if (!o || !n || a === n)
851
791
  return o;
852
- const a = await t.connections.get(
853
- n,
854
- i
792
+ const c = (l = (await t.connections.list(n)).connections) == null ? void 0 : l.find(
793
+ (f) => f.strategy === o.strategy
855
794
  );
856
- if (!a)
795
+ if (!(c != null && c.options))
857
796
  return o;
858
- const u = D.parse({
859
- ...a,
797
+ const m = R.parse({
798
+ ...c,
860
799
  ...o
861
800
  });
862
- return u.options = F.parse({
863
- ...a.options || {},
801
+ return m.options = O.parse({
802
+ ...c.options || {},
864
803
  ...o.options
865
- }), u;
804
+ }), m;
866
805
  },
867
- list: async (r, i) => {
868
- const o = await t.connections.list(r, i);
869
- if (!n || r === n)
806
+ list: async (a, i) => {
807
+ const o = await t.connections.list(a, i);
808
+ if (!n || a === n)
870
809
  return o;
871
- const a = await t.connections.list(n), u = o.connections.map((d) => {
872
- var l;
873
- const c = (l = a.connections) == null ? void 0 : l.find(
874
- (m) => m.name === d.name
810
+ const r = await t.connections.list(n), c = o.connections.map((m) => {
811
+ var d;
812
+ const l = (d = r.connections) == null ? void 0 : d.find(
813
+ (u) => u.strategy === m.strategy
875
814
  );
876
- if (!(c != null && c.options))
877
- return d;
878
- const f = D.parse({
879
- ...c,
880
- ...d
815
+ if (!(l != null && l.options))
816
+ return m;
817
+ const f = R.parse({
818
+ ...l,
819
+ ...m
881
820
  });
882
- return f.options = F.parse({
883
- ...c.options || {},
884
- ...d.options
821
+ return f.options = O.parse({
822
+ ...l.options || {},
823
+ ...m.options
885
824
  }), f;
886
825
  });
887
826
  return {
888
827
  ...o,
889
- connections: u
828
+ connections: c
890
829
  };
891
830
  }
892
831
  }
@@ -899,66 +838,72 @@ function B(t, e) {
899
838
  // They remain part of ...baseAdapters and can be properly wrapped by caching.
900
839
  };
901
840
  }
902
- function ge(t, e) {
903
- return B(t, e);
841
+ function fe(t, e) {
842
+ return U(t, e);
904
843
  }
905
- const Ie = B, Se = ge;
906
- function we(t) {
844
+ const Ce = U, Pe = fe;
845
+ function ge(t) {
846
+ return async (e, n) => {
847
+ const s = e.var.user;
848
+ return (s == null ? void 0 : s.tenant_id) === t && s.org_name && e.set("tenant_id", s.org_name), n();
849
+ };
850
+ }
851
+ function pe(t) {
907
852
  return async (e, n) => {
908
853
  if (!t.accessControl)
909
854
  return n();
910
- const { controlPlaneTenantId: s } = t.accessControl, r = e.var.org_name, i = e.var.organization_id, o = r || i;
911
- let a = e.var.tenant_id;
912
- const u = e.var.user, c = (u != null && u.aud ? Array.isArray(u.aud) ? u.aud : [u.aud] : []).includes(U);
913
- if (!a && o && c && (e.set("tenant_id", o), a = o), !a)
914
- throw new C(400, {
855
+ const { controlPlaneTenantId: s } = t.accessControl, a = e.var.org_name, i = e.var.organization_id, o = a || i;
856
+ let r = e.var.tenant_id;
857
+ const c = e.var.user, l = (c != null && c.aud ? Array.isArray(c.aud) ? c.aud : [c.aud] : []).includes(L);
858
+ if (!r && o && l && (e.set("tenant_id", o), r = o), !r)
859
+ throw new b(400, {
915
860
  message: "Tenant ID not found in request"
916
861
  });
917
- if (!ne(
862
+ if (!te(
918
863
  i,
919
- a,
864
+ r,
920
865
  s,
921
- r
866
+ a
922
867
  ))
923
- throw new C(403, {
924
- message: `Access denied to tenant ${a}`
868
+ throw new b(403, {
869
+ message: `Access denied to tenant ${r}`
925
870
  });
926
871
  return n();
927
872
  };
928
873
  }
929
- function he(t) {
874
+ function we(t) {
930
875
  return async (e, n) => {
931
876
  if (!t.subdomainRouting)
932
877
  return n();
933
878
  const {
934
879
  baseDomain: s,
935
- reservedSubdomains: r = [],
880
+ reservedSubdomains: a = [],
936
881
  resolveSubdomain: i
937
882
  } = t.subdomainRouting, o = e.req.header("host") || "";
938
- let a = null;
883
+ let r = null;
939
884
  if (o.endsWith(s)) {
940
- const d = o.slice(0, -(s.length + 1));
941
- d && !d.includes(".") && (a = d);
885
+ const m = o.slice(0, -(s.length + 1));
886
+ m && !m.includes(".") && (r = m);
942
887
  }
943
- if (a && r.includes(a) && (a = null), !a)
888
+ if (r && a.includes(r) && (r = null), !r)
944
889
  return t.accessControl && e.set("tenant_id", t.accessControl.controlPlaneTenantId), n();
945
- let u = null;
890
+ let c = null;
946
891
  if (i)
947
- u = await i(a);
892
+ c = await i(r);
948
893
  else if (t.subdomainRouting.useOrganizations !== !1 && t.accessControl)
949
894
  try {
950
- const d = await e.env.data.organizations.get(
895
+ const m = await e.env.data.organizations.get(
951
896
  t.accessControl.controlPlaneTenantId,
952
- a
897
+ r
953
898
  );
954
- d && (u = d.id);
899
+ m && (c = m.id);
955
900
  } catch {
956
901
  }
957
- if (!u)
958
- throw new C(404, {
959
- message: `Tenant not found for subdomain: ${a}`
902
+ if (!c)
903
+ throw new b(404, {
904
+ message: `Tenant not found for subdomain: ${r}`
960
905
  });
961
- return e.set("tenant_id", u), n();
906
+ return e.set("tenant_id", c), n();
962
907
  };
963
908
  }
964
909
  function ye(t) {
@@ -967,101 +912,97 @@ function ye(t) {
967
912
  return n();
968
913
  const s = e.var.tenant_id;
969
914
  if (!s)
970
- throw new C(400, {
915
+ throw new b(400, {
971
916
  message: "Tenant ID not found in request"
972
917
  });
973
918
  try {
974
- const r = await t.databaseIsolation.getAdapters(s);
975
- e.env.data = r;
976
- } catch (r) {
919
+ const a = await t.databaseIsolation.getAdapters(s);
920
+ e.env.data = a;
921
+ } catch (a) {
977
922
  throw console.error(
978
923
  `Failed to resolve database for tenant ${s}:`,
979
- r
980
- ), new C(500, {
924
+ a
925
+ ), new b(500, {
981
926
  message: "Failed to resolve tenant database"
982
927
  });
983
928
  }
984
929
  return n();
985
930
  };
986
931
  }
987
- function K(t) {
988
- const e = he(t), n = we(t), s = ye(t);
989
- return async (r, i) => (await e(r, async () => {
990
- }), await n(r, async () => {
991
- }), await s(r, async () => {
932
+ function B(t) {
933
+ const e = we(t), n = pe(t), s = ye(t);
934
+ return async (a, i) => (await e(a, async () => {
935
+ }), await n(a, async () => {
936
+ }), await s(a, async () => {
992
937
  }), i());
993
938
  }
994
- function Pe(t) {
939
+ function Ie(t) {
995
940
  const {
996
941
  dataAdapter: e,
997
942
  controlPlaneTenantId: n = "control_plane",
998
- sync: s = { resourceServers: !0, roles: !0, connections: !0 },
999
- defaultPermissions: r = ["tenant:admin"],
943
+ sync: s = { resourceServers: !0, roles: !0 },
944
+ defaultPermissions: a = ["tenant:admin"],
1000
945
  requireOrganizationMatch: i = !1,
1001
946
  managementApiExtensions: o = [],
1002
- entityHooks: a,
1003
- getChildTenantIds: u,
1004
- getAdapters: d,
1005
- ...c
1006
- } = t, f = s !== !1, l = f ? {
947
+ entityHooks: r,
948
+ getChildTenantIds: c,
949
+ getAdapters: m,
950
+ ...l
951
+ } = t, f = s !== !1, d = f ? {
1007
952
  resourceServers: s.resourceServers ?? !0,
1008
- roles: s.roles ?? !0,
1009
- connections: s.connections ?? !0
1010
- } : { resourceServers: !1, roles: !1, connections: !1 }, g = {
953
+ roles: s.roles ?? !0
954
+ } : { resourceServers: !1, roles: !1 }, g = {
1011
955
  controlPlaneTenantId: n,
1012
- getChildTenantIds: u ?? (async () => (await z(
956
+ getChildTenantIds: c ?? (async () => (await I(
1013
957
  (_) => e.tenants.list(_),
1014
958
  "tenants",
1015
959
  { cursorField: "id", pageSize: 100 }
1016
960
  )).filter((_) => _.id !== n).map((_) => _.id)),
1017
- getAdapters: d ?? (async () => e),
961
+ getAdapters: m ?? (async () => e),
1018
962
  getControlPlaneAdapters: async () => e,
1019
- sync: l
1020
- }, { entityHooks: p, tenantHooks: h } = de(g), y = {
963
+ sync: d
964
+ }, { entityHooks: y, tenantHooks: w } = ce(g), A = {
1021
965
  resourceServers: [
1022
- p.resourceServers,
1023
- ...(a == null ? void 0 : a.resourceServers) ?? []
966
+ y.resourceServers,
967
+ ...(r == null ? void 0 : r.resourceServers) ?? []
1024
968
  ],
1025
- roles: [p.roles, ...(a == null ? void 0 : a.roles) ?? []],
1026
- connections: [
1027
- p.connections,
1028
- ...(a == null ? void 0 : a.connections) ?? []
1029
- ],
1030
- tenants: (a == null ? void 0 : a.tenants) ?? [],
1031
- rolePermissions: (a == null ? void 0 : a.rolePermissions) ?? []
1032
- }, v = k(
969
+ roles: [y.roles, ...(r == null ? void 0 : r.roles) ?? []],
970
+ connections: (r == null ? void 0 : r.connections) ?? [],
971
+ tenants: (r == null ? void 0 : r.tenants) ?? [],
972
+ rolePermissions: (r == null ? void 0 : r.rolePermissions) ?? []
973
+ }, v = M(
1033
974
  {
1034
975
  accessControl: {
1035
976
  controlPlaneTenantId: n,
1036
977
  requireOrganizationMatch: i,
1037
- defaultPermissions: r
978
+ defaultPermissions: a
1038
979
  }
1039
980
  },
1040
- { tenants: h }
1041
- ), { app: b } = Y({
981
+ { tenants: w }
982
+ ), { app: h } = X({
1042
983
  dataAdapter: e,
1043
- ...c,
1044
- entityHooks: y,
984
+ ...l,
985
+ entityHooks: A,
1045
986
  managementApiExtensions: [
1046
987
  ...o,
1047
988
  { path: "/tenants", router: v }
1048
989
  ]
1049
990
  });
1050
- return f && b.use("/api/v2/*", pe()), { app: b, controlPlaneTenantId: n };
991
+ return h.use("/api/v2/*", ge(n)), f && h.use("/api/v2/*", me()), { app: h, controlPlaneTenantId: n };
1051
992
  }
1052
- function $e(t) {
1053
- const e = j(t);
993
+ function Se(t) {
994
+ const e = q(t);
1054
995
  return {
1055
996
  name: "multi-tenancy",
1056
997
  // Apply multi-tenancy middleware for subdomain routing, database resolution, etc.
1057
- middleware: K(t),
998
+ middleware: B(t),
1058
999
  // Provide lifecycle hooks
1059
1000
  hooks: e,
1060
1001
  // Mount tenant management routes
1061
1002
  routes: [
1062
1003
  {
1063
1004
  path: "/management",
1064
- handler: k(t, e)
1005
+ handler: M(t, e)
1065
1006
  }
1066
1007
  ],
1067
1008
  // Called when plugin is registered
@@ -1074,45 +1015,46 @@ function $e(t) {
1074
1015
  }
1075
1016
  };
1076
1017
  }
1077
- function j(t) {
1078
- const e = t.accessControl ? te(t.accessControl) : {}, n = t.databaseIsolation ? se(t.databaseIsolation) : {}, s = re(t);
1018
+ function q(t) {
1019
+ const e = t.accessControl ? ee(t.accessControl) : {}, n = t.databaseIsolation ? ne(t.databaseIsolation) : {}, s = re(t);
1079
1020
  return {
1080
1021
  ...e,
1081
1022
  ...n,
1082
1023
  tenants: s
1083
1024
  };
1084
1025
  }
1085
- function _e(t) {
1086
- const e = new J(), n = j(t);
1087
- return e.route("/tenants", k(t, n)), e;
1026
+ function he(t) {
1027
+ const e = new V(), n = q(t);
1028
+ return e.route("/tenants", M(t, n)), e;
1088
1029
  }
1089
- function ze(t) {
1030
+ function $e(t) {
1090
1031
  return {
1091
- hooks: j(t),
1092
- middleware: K(t),
1093
- app: _e(t),
1032
+ hooks: q(t),
1033
+ middleware: B(t),
1034
+ app: he(t),
1094
1035
  config: t
1095
1036
  };
1096
1037
  }
1097
1038
  export {
1098
- te as createAccessControlHooks,
1099
- we as createAccessControlMiddleware,
1100
- se as createDatabaseHooks,
1039
+ ee as createAccessControlHooks,
1040
+ pe as createAccessControlMiddleware,
1041
+ ge as createControlPlaneTenantMiddleware,
1042
+ ne as createDatabaseHooks,
1101
1043
  ye as createDatabaseMiddleware,
1102
- _e as createMultiTenancy,
1103
- j as createMultiTenancyHooks,
1104
- K as createMultiTenancyMiddleware,
1105
- $e as createMultiTenancyPlugin,
1106
- pe as createProtectSyncedMiddleware,
1044
+ he as createMultiTenancy,
1045
+ q as createMultiTenancyHooks,
1046
+ B as createMultiTenancyMiddleware,
1047
+ Se as createMultiTenancyPlugin,
1048
+ me as createProtectSyncedMiddleware,
1107
1049
  re as createProvisioningHooks,
1108
- B as createRuntimeFallbackAdapter,
1109
- Ie as createSettingsInheritanceAdapter,
1110
- he as createSubdomainMiddleware,
1111
- de as createSyncHooks,
1112
- k as createTenantsOpenAPIRouter,
1113
- Pe as initMultiTenant,
1114
- ze as setupMultiTenancy,
1115
- ne as validateTenantAccess,
1116
- ge as withRuntimeFallback,
1117
- Se as withSettingsInheritance
1050
+ U as createRuntimeFallbackAdapter,
1051
+ Ce as createSettingsInheritanceAdapter,
1052
+ we as createSubdomainMiddleware,
1053
+ ce as createSyncHooks,
1054
+ M as createTenantsOpenAPIRouter,
1055
+ Ie as initMultiTenant,
1056
+ $e as setupMultiTenancy,
1057
+ te as validateTenantAccess,
1058
+ fe as withRuntimeFallback,
1059
+ Pe as withSettingsInheritance
1118
1060
  };