@authhero/multi-tenancy 14.2.0 → 14.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/dist/multi-tenancy.cjs +1 -1
  2. package/dist/multi-tenancy.mjs +429 -426
  3. package/dist/types/hooks/access-control.d.ts +25 -0
  4. package/dist/types/hooks/access-control.d.ts.map +1 -0
  5. package/dist/types/hooks/database.d.ts +35 -0
  6. package/dist/types/hooks/database.d.ts.map +1 -0
  7. package/dist/types/hooks/index.d.ts +5 -0
  8. package/dist/types/hooks/index.d.ts.map +1 -0
  9. package/dist/types/hooks/provisioning.d.ts +15 -0
  10. package/dist/types/hooks/provisioning.d.ts.map +1 -0
  11. package/dist/types/hooks/resource-server-sync.d.ts +140 -0
  12. package/dist/types/hooks/resource-server-sync.d.ts.map +1 -0
  13. package/dist/types/hooks/role-sync.d.ts +145 -0
  14. package/dist/types/hooks/role-sync.d.ts.map +1 -0
  15. package/dist/types/hooks/sync.d.ts +54 -0
  16. package/dist/types/hooks/sync.d.ts.map +1 -0
  17. package/dist/types/index.d.ts +117 -0
  18. package/dist/types/index.d.ts.map +1 -0
  19. package/dist/types/init.d.ts +110 -0
  20. package/dist/types/init.d.ts.map +1 -0
  21. package/dist/types/middleware/index.d.ts +114 -0
  22. package/dist/types/middleware/index.d.ts.map +1 -0
  23. package/dist/types/middleware/protect-synced.d.ts +40 -0
  24. package/dist/types/middleware/protect-synced.d.ts.map +1 -0
  25. package/dist/types/middleware/settings-inheritance.d.ts +89 -0
  26. package/dist/types/middleware/settings-inheritance.d.ts.map +1 -0
  27. package/dist/types/plugin.d.ts +66 -0
  28. package/dist/types/plugin.d.ts.map +1 -0
  29. package/dist/types/routes/index.d.ts +2 -0
  30. package/dist/types/routes/index.d.ts.map +1 -0
  31. package/dist/types/routes/tenants.d.ts +18 -0
  32. package/dist/types/routes/tenants.d.ts.map +1 -0
  33. package/dist/types/types.d.ts +295 -0
  34. package/dist/types/types.d.ts.map +1 -0
  35. package/dist/types/utils/index.d.ts +3 -0
  36. package/dist/types/utils/index.d.ts.map +1 -0
  37. package/package.json +9 -9
  38. package/dist/multi-tenancy.d.ts +0 -41331
package/dist/multi-tenancy.mjs CHANGED
@@ -1,31 +1,30 @@
1
- var W = Object.defineProperty;
2
- var Q = (t, e, n) => e in t ? W(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
3
- var $ = (t, e, n) => Q(t, typeof e != "symbol" ? e + "" : e, n);
4
- import { Hono as V } from "hono";
5
- import { MANAGEMENT_API_SCOPES as J, MANAGEMENT_API_AUDIENCE as L, fetchAll as I, init as X } from "authhero";
6
- import { OpenAPIHono as Y, createRoute as z, z as C } from "@hono/zod-openapi";
7
- import { auth0QuerySchema as Z, tenantSchema as k, tenantInsertSchema as x, connectionSchema as R, connectionOptionsSchema as O } from "@authhero/adapter-interfaces";
8
- function ee(t) {
1
+ var Q = Object.defineProperty;
2
+ var V = (t, e, n) => e in t ? Q(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
3
+ var z = (t, e, n) => V(t, typeof e != "symbol" ? e + "" : e, n);
4
+ import { Hono as J } from "hono";
5
+ import { MANAGEMENT_API_SCOPES as X, MANAGEMENT_API_AUDIENCE as U, fetchAll as $, auth0QuerySchema as Y, tenantSchema as k, tenantInsertSchema as Z, connectionSchema as R, connectionOptionsSchema as F, init as x } from "authhero";
6
+ import { OpenAPIHono as ee, createRoute as O, z as S } from "@hono/zod-openapi";
7
+ function te(t) {
9
8
  const { controlPlaneTenantId: e, requireOrganizationMatch: n = !0 } = t;
10
9
  return {
11
- async onTenantAccessValidation(s, a) {
12
- if (a === e)
10
+ async onTenantAccessValidation(s, r) {
11
+ if (r === e)
13
12
  return !0;
14
13
  if (n) {
15
- const i = s.var.org_name, o = s.var.organization_id, r = i || o;
16
- return r ? r.toLowerCase() === a.toLowerCase() : !1;
14
+ const c = s.var.org_name, o = s.var.organization_id, a = c || o;
15
+ return a ? a.toLowerCase() === r.toLowerCase() : !1;
17
16
  }
18
17
  return !0;
19
18
  }
20
19
  };
21
20
  }
22
- function te(t, e, n, s) {
21
+ function ne(t, e, n, s) {
23
22
  if (e === n)
24
23
  return !0;
25
- const a = s || t;
26
- return a ? a.toLowerCase() === e.toLowerCase() : !1;
24
+ const r = s || t;
25
+ return r ? r.toLowerCase() === e.toLowerCase() : !1;
27
26
  }
28
- function ne(t) {
27
+ function se(t) {
29
28
  return {
30
29
  async resolveDataAdapters(e) {
31
30
  try {
@@ -40,60 +39,60 @@ function ne(t) {
40
39
  }
41
40
  };
42
41
  }
43
- function se(t) {
42
+ function re(t) {
44
43
  return `urn:authhero:tenant:${t.toLowerCase()}`;
45
44
  }
46
- function re(t) {
45
+ function ae(t) {
47
46
  return {
48
47
  async beforeCreate(e, n) {
49
48
  return !n.audience && n.id ? {
50
49
  ...n,
51
- audience: se(n.id)
50
+ audience: re(n.id)
52
51
  } : n;
53
52
  },
54
53
  async afterCreate(e, n) {
55
- const { accessControl: s, databaseIsolation: a } = t;
56
- s && e.ctx && await ae(e, n, s), a != null && a.onProvision && await a.onProvision(n.id);
54
+ const { accessControl: s, databaseIsolation: r } = t;
55
+ s && e.ctx && await oe(e, n, s), r != null && r.onProvision && await r.onProvision(n.id);
57
56
  },
58
57
  async beforeDelete(e, n) {
59
- const { accessControl: s, databaseIsolation: a } = t;
58
+ const { accessControl: s, databaseIsolation: r } = t;
60
59
  if (s)
61
60
  try {
62
61
  const o = (await e.adapters.organizations.list(
63
62
  s.controlPlaneTenantId
64
- )).organizations.find((r) => r.name === n);
63
+ )).organizations.find((a) => a.name === n);
65
64
  o && await e.adapters.organizations.remove(
66
65
  s.controlPlaneTenantId,
67
66
  o.id
68
67
  );
69
- } catch (i) {
68
+ } catch (c) {
70
69
  console.warn(
71
70
  `Failed to remove organization for tenant ${n}:`,
72
- i
71
+ c
73
72
  );
74
73
  }
75
- if (a != null && a.onDeprovision)
74
+ if (r != null && r.onDeprovision)
76
75
  try {
77
- await a.onDeprovision(n);
78
- } catch (i) {
76
+ await r.onDeprovision(n);
77
+ } catch (c) {
79
78
  console.warn(
80
79
  `Failed to deprovision database for tenant ${n}:`,
81
- i
80
+ c
82
81
  );
83
82
  }
84
83
  }
85
84
  };
86
85
  }
87
- async function ae(t, e, n) {
86
+ async function oe(t, e, n) {
88
87
  const {
89
88
  controlPlaneTenantId: s,
90
- defaultPermissions: a,
91
- defaultRoles: i,
89
+ defaultPermissions: r,
90
+ defaultRoles: c,
92
91
  issuer: o,
93
- adminRoleName: r = "Tenant Admin",
94
- adminRoleDescription: c = "Full access to all tenant management operations",
95
- addCreatorToOrganization: m = !0
96
- } = n, l = await t.adapters.organizations.create(
92
+ adminRoleName: a = "Tenant Admin",
93
+ adminRoleDescription: d = "Full access to all tenant management operations",
94
+ addCreatorToOrganization: l = !0
95
+ } = n, i = await t.adapters.organizations.create(
97
96
  s,
98
97
  {
99
98
  name: e.id,
@@ -101,43 +100,43 @@ async function ae(t, e, n) {
101
100
  }
102
101
  );
103
102
  let f;
104
- if (o && (f = await ie(
103
+ if (o && (f = await ce(
105
104
  t,
106
105
  s,
107
- r,
108
- c
109
- )), m && t.ctx) {
110
- const d = t.ctx.var.user;
111
- if (d != null && d.sub && !await oe(
106
+ a,
107
+ d
108
+ )), l && t.ctx) {
109
+ const u = t.ctx.var.user;
110
+ if (u != null && u.sub && !await ie(
112
111
  t,
113
112
  s,
114
- d.sub
113
+ u.sub
115
114
  ))
116
115
  try {
117
116
  await t.adapters.userOrganizations.create(s, {
118
- user_id: d.sub,
119
- organization_id: l.id
117
+ user_id: u.sub,
118
+ organization_id: i.id
120
119
  }), f && await t.adapters.userRoles.create(
121
120
  s,
122
- d.sub,
121
+ u.sub,
123
122
  f,
124
- l.id
123
+ i.id
125
124
  // organizationId
126
125
  );
127
- } catch (p) {
126
+ } catch (g) {
128
127
  console.warn(
129
- `Failed to add creator ${d.sub} to organization ${l.id}:`,
130
- p
128
+ `Failed to add creator ${u.sub} to organization ${i.id}:`,
129
+ g
131
130
  );
132
131
  }
133
132
  }
134
- i && i.length > 0 && console.log(
135
- `Would assign roles ${i.join(", ")} to organization ${l.id}`
136
- ), a && a.length > 0 && console.log(
137
- `Would grant permissions ${a.join(", ")} to organization ${l.id}`
133
+ c && c.length > 0 && console.log(
134
+ `Would assign roles ${c.join(", ")} to organization ${i.id}`
135
+ ), r && r.length > 0 && console.log(
136
+ `Would grant permissions ${r.join(", ")} to organization ${i.id}`
138
137
  );
139
138
  }
140
- async function oe(t, e, n) {
139
+ async function ie(t, e, n) {
141
140
  const s = await t.adapters.userRoles.list(
142
141
  e,
143
142
  n,
@@ -145,132 +144,132 @@ async function oe(t, e, n) {
145
144
  ""
146
145
  // Empty string for global roles
147
146
  );
148
- for (const a of s)
147
+ for (const r of s)
149
148
  if ((await t.adapters.rolePermissions.list(
150
149
  e,
151
- a.id,
150
+ r.id,
152
151
  { per_page: 1e3 }
153
152
  )).some(
154
- (r) => r.permission_name === "admin:organizations"
153
+ (a) => a.permission_name === "admin:organizations"
155
154
  ))
156
155
  return !0;
157
156
  return !1;
158
157
  }
159
- async function ie(t, e, n, s) {
160
- const i = (await t.adapters.roles.list(e, {})).roles.find((m) => m.name === n);
161
- if (i)
162
- return i.id;
158
+ async function ce(t, e, n, s) {
159
+ const c = (await t.adapters.roles.list(e, {})).roles.find((l) => l.name === n);
160
+ if (c)
161
+ return c.id;
163
162
  const o = await t.adapters.roles.create(e, {
164
163
  name: n,
165
164
  description: s
166
- }), r = L, c = J.map((m) => ({
165
+ }), a = U, d = X.map((l) => ({
167
166
  role_id: o.id,
168
- resource_server_identifier: r,
169
- permission_name: m.value
167
+ resource_server_identifier: a,
168
+ permission_name: l.value
170
169
  }));
171
170
  return await t.adapters.rolePermissions.assign(
172
171
  e,
173
172
  o.id,
174
- c
173
+ d
175
174
  ), o.id;
176
175
  }
177
176
  function E(t, e, n = () => !0) {
178
- const { controlPlaneTenantId: s, getChildTenantIds: a, getAdapters: i } = t, o = /* @__PURE__ */ new Map();
179
- async function r(l, f, d) {
180
- return (await e(l).list(f, {
181
- q: `name:${d}`,
177
+ const { controlPlaneTenantId: s, getChildTenantIds: r, getAdapters: c } = t, o = /* @__PURE__ */ new Map();
178
+ async function a(i, f, u) {
179
+ return (await e(i).list(f, {
180
+ q: `name:${u}`,
182
181
  per_page: 1
183
182
  }))[0] ?? null;
184
183
  }
185
- async function c(l) {
186
- const f = await a(), d = e(await i(s));
184
+ async function d(i) {
185
+ const f = await r(), u = e(await c(s));
187
186
  await Promise.all(
188
- f.map(async (u) => {
187
+ f.map(async (m) => {
189
188
  try {
190
- const p = await i(u), g = e(p), w = {
191
- ...d.transform(l),
189
+ const g = await c(m), p = e(g), w = {
190
+ ...u.transform(i),
192
191
  is_system: !0
193
- }, A = await r(p, u, l.name), v = A ? g.getId(A) : void 0;
194
- if (A && v) {
195
- const h = g.preserveOnUpdate ? g.preserveOnUpdate(A, w) : w;
196
- await g.update(u, v, h);
192
+ }, v = await a(g, m, i.name), _ = v ? p.getId(v) : void 0;
193
+ if (v && _) {
194
+ const b = p.preserveOnUpdate ? p.preserveOnUpdate(v, w) : w;
195
+ await p.update(m, _, b);
197
196
  } else
198
- await g.create(u, w);
199
- } catch (p) {
197
+ await p.create(m, w);
198
+ } catch (g) {
200
199
  console.error(
201
- `Failed to sync ${d.listKey} "${l.name}" to tenant "${u}":`,
202
- p
200
+ `Failed to sync ${u.listKey} "${i.name}" to tenant "${m}":`,
201
+ g
203
202
  );
204
203
  }
205
204
  })
206
205
  );
207
206
  }
208
- async function m(l) {
209
- const f = await a();
207
+ async function l(i) {
208
+ const f = await r();
210
209
  await Promise.all(
211
- f.map(async (d) => {
210
+ f.map(async (u) => {
212
211
  try {
213
- const u = await i(d), p = e(u), g = await r(u, d, l), y = g ? p.getId(g) : void 0;
214
- g && y && await p.remove(d, y);
215
- } catch (u) {
212
+ const m = await c(u), g = e(m), p = await a(m, u, i), h = p ? g.getId(p) : void 0;
213
+ p && h && await g.remove(u, h);
214
+ } catch (m) {
216
215
  console.error(
217
- `Failed to delete entity "${l}" from tenant "${d}":`,
218
- u
216
+ `Failed to delete entity "${i}" from tenant "${u}":`,
217
+ m
219
218
  );
220
219
  }
221
220
  })
222
221
  );
223
222
  }
224
223
  return {
225
- afterCreate: async (l, f) => {
226
- l.tenantId === s && n(f) && await c(f);
224
+ afterCreate: async (i, f) => {
225
+ i.tenantId === s && n(f) && await d(f);
227
226
  },
228
- afterUpdate: async (l, f, d) => {
229
- l.tenantId === s && n(d) && await c(d);
227
+ afterUpdate: async (i, f, u) => {
228
+ i.tenantId === s && n(u) && await d(u);
230
229
  },
231
- beforeDelete: async (l, f) => {
232
- if (l.tenantId !== s) return;
233
- const u = await e(l.adapters).get(l.tenantId, f);
234
- u && n(u) && o.set(f, u);
230
+ beforeDelete: async (i, f) => {
231
+ if (i.tenantId !== s) return;
232
+ const m = await e(i.adapters).get(i.tenantId, f);
233
+ m && n(m) && o.set(f, m);
235
234
  },
236
- afterDelete: async (l, f) => {
237
- if (l.tenantId !== s) return;
238
- const d = o.get(f);
239
- d && (o.delete(f), await m(d.name));
235
+ afterDelete: async (i, f) => {
236
+ if (i.tenantId !== s) return;
237
+ const u = o.get(f);
238
+ u && (o.delete(f), await l(u.name));
240
239
  }
241
240
  };
242
241
  }
243
242
  function N(t, e, n = () => !0) {
244
- const { controlPlaneTenantId: s, getControlPlaneAdapters: a, getAdapters: i } = t;
243
+ const { controlPlaneTenantId: s, getControlPlaneAdapters: r, getAdapters: c } = t;
245
244
  return {
246
- async afterCreate(o, r) {
247
- if (r.id !== s)
245
+ async afterCreate(o, a) {
246
+ if (a.id !== s)
248
247
  try {
249
- const c = await a(), m = await i(r.id), l = e(c), f = e(m), d = await I(
250
- (u) => l.listPaginated(s, u),
251
- l.listKey,
248
+ const d = await r(), l = await c(a.id), i = e(d), f = e(l), u = await $(
249
+ (m) => i.listPaginated(s, m),
250
+ i.listKey,
252
251
  { cursorField: "id", pageSize: 100 }
253
252
  );
254
253
  await Promise.all(
255
- d.filter((u) => n(u)).map(async (u) => {
254
+ u.filter((m) => n(m)).map(async (m) => {
256
255
  try {
257
- const p = l.transform(u);
258
- await f.create(r.id, {
259
- ...p,
256
+ const g = i.transform(m);
257
+ await f.create(a.id, {
258
+ ...g,
260
259
  is_system: !0
261
260
  });
262
- } catch (p) {
261
+ } catch (g) {
263
262
  console.error(
264
- `Failed to sync entity to new tenant "${r.id}":`,
265
- p
263
+ `Failed to sync entity to new tenant "${a.id}":`,
264
+ g
266
265
  );
267
266
  }
268
267
  })
269
268
  );
270
- } catch (c) {
269
+ } catch (d) {
271
270
  console.error(
272
- `Failed to sync entities to new tenant "${r.id}":`,
273
- c
271
+ `Failed to sync entities to new tenant "${a.id}":`,
272
+ d
274
273
  );
275
274
  }
276
275
  }
@@ -309,124 +308,128 @@ const H = (t) => ({
309
308
  description: e.description
310
309
  })
311
310
  });
312
- function ce(t) {
313
- const { sync: e = {}, filters: n = {} } = t, s = e.resourceServers ?? !0, a = e.roles ?? !0, i = s ? E(
311
+ function L(t) {
312
+ var e;
313
+ return ((e = t.metadata) == null ? void 0 : e.sync) !== !1;
314
+ }
315
+ function le(t) {
316
+ const { sync: e = {}, filters: n = {} } = t, s = e.resourceServers ?? !0, r = e.roles ?? !0, c = (g) => L(g) ? n.resourceServers ? n.resourceServers(g) : !0 : !1, o = (g) => L(g) ? n.roles ? n.roles(g) : !0 : !1, a = s ? E(
314
317
  t,
315
318
  H,
316
- n.resourceServers
317
- ) : void 0, o = a ? E(
319
+ c
320
+ ) : void 0, d = r ? E(
318
321
  t,
319
322
  G,
320
- n.roles
321
- ) : void 0, r = s ? N(
323
+ o
324
+ ) : void 0, l = s ? N(
322
325
  t,
323
326
  H,
324
- n.resourceServers
325
- ) : void 0, c = a ? N(
327
+ c
328
+ ) : void 0, i = r ? N(
326
329
  t,
327
330
  G,
328
- n.roles
329
- ) : void 0, m = a ? {
330
- async afterCreate(d, u) {
331
- var p;
332
- if (u.id !== t.controlPlaneTenantId) {
333
- await ((p = c == null ? void 0 : c.afterCreate) == null ? void 0 : p.call(c, d, u));
331
+ o
332
+ ) : void 0, f = r ? {
333
+ async afterCreate(g, p) {
334
+ var h;
335
+ if (p.id !== t.controlPlaneTenantId) {
336
+ await ((h = i == null ? void 0 : i.afterCreate) == null ? void 0 : h.call(i, g, p));
334
337
  try {
335
- const g = await t.getControlPlaneAdapters(), y = await t.getAdapters(u.id), w = await I(
336
- (v) => g.roles.list(
338
+ const w = await t.getControlPlaneAdapters(), v = await t.getAdapters(p.id), _ = await $(
339
+ (A) => w.roles.list(
337
340
  t.controlPlaneTenantId,
338
- v
341
+ A
339
342
  ),
340
343
  "roles",
341
344
  { cursorField: "id", pageSize: 100 }
342
- ), A = /* @__PURE__ */ new Map();
343
- for (const v of w.filter(
344
- (h) => {
345
+ ), b = /* @__PURE__ */ new Map();
346
+ for (const A of _.filter(
347
+ (y) => {
345
348
  var T;
346
- return ((T = n.roles) == null ? void 0 : T.call(n, h)) ?? !0;
349
+ return ((T = n.roles) == null ? void 0 : T.call(n, y)) ?? !0;
347
350
  }
348
351
  )) {
349
- const h = await l(
350
- y,
351
- u.id,
352
- v.name
352
+ const y = await u(
353
+ v,
354
+ p.id,
355
+ A.name
353
356
  );
354
- h && A.set(v.name, h.id);
357
+ y && b.set(A.name, y.id);
355
358
  }
356
- for (const v of w.filter(
357
- (h) => {
359
+ for (const A of _.filter(
360
+ (y) => {
358
361
  var T;
359
- return ((T = n.roles) == null ? void 0 : T.call(n, h)) ?? !0;
362
+ return ((T = n.roles) == null ? void 0 : T.call(n, y)) ?? !0;
360
363
  }
361
364
  )) {
362
- const h = A.get(v.name);
363
- if (h)
365
+ const y = b.get(A.name);
366
+ if (y)
364
367
  try {
365
- const T = await g.rolePermissions.list(
368
+ const T = await w.rolePermissions.list(
366
369
  t.controlPlaneTenantId,
367
- v.id,
370
+ A.id,
368
371
  {}
369
372
  );
370
- T.length > 0 && await y.rolePermissions.assign(
371
- u.id,
372
- h,
373
- T.map((_) => ({
374
- role_id: h,
375
- resource_server_identifier: _.resource_server_identifier,
376
- permission_name: _.permission_name
373
+ T.length > 0 && await v.rolePermissions.assign(
374
+ p.id,
375
+ y,
376
+ T.map((P) => ({
377
+ role_id: y,
378
+ resource_server_identifier: P.resource_server_identifier,
379
+ permission_name: P.permission_name
377
380
  }))
378
381
  );
379
382
  } catch (T) {
380
383
  console.error(
381
- `Failed to sync permissions for role "${v.name}" to tenant "${u.id}":`,
384
+ `Failed to sync permissions for role "${A.name}" to tenant "${p.id}":`,
382
385
  T
383
386
  );
384
387
  }
385
388
  }
386
- } catch (g) {
389
+ } catch (w) {
387
390
  console.error(
388
- `Failed to sync role permissions to tenant "${u.id}":`,
389
- g
391
+ `Failed to sync role permissions to tenant "${p.id}":`,
392
+ w
390
393
  );
391
394
  }
392
395
  }
393
396
  }
394
397
  } : void 0;
395
- async function l(d, u, p) {
396
- return (await d.roles.list(u, {
397
- q: `name:${p}`,
398
+ async function u(g, p, h) {
399
+ return (await g.roles.list(p, {
400
+ q: `name:${h}`,
398
401
  per_page: 1
399
402
  })).roles[0] ?? null;
400
403
  }
401
404
  return {
402
405
  entityHooks: {
403
- resourceServers: i,
404
- roles: o
406
+ resourceServers: a,
407
+ roles: d
405
408
  },
406
409
  tenantHooks: {
407
- async afterCreate(d, u) {
408
- const p = [
409
- r == null ? void 0 : r.afterCreate,
410
- (m == null ? void 0 : m.afterCreate) ?? (c == null ? void 0 : c.afterCreate)
411
- ], g = [];
412
- for (const y of p)
413
- if (y)
410
+ async afterCreate(g, p) {
411
+ const h = [
412
+ l == null ? void 0 : l.afterCreate,
413
+ (f == null ? void 0 : f.afterCreate) ?? (i == null ? void 0 : i.afterCreate)
414
+ ], w = [];
415
+ for (const v of h)
416
+ if (v)
414
417
  try {
415
- await y(d, u);
416
- } catch (w) {
417
- g.push(w instanceof Error ? w : new Error(String(w)));
418
+ await v(g, p);
419
+ } catch (_) {
420
+ w.push(_ instanceof Error ? _ : new Error(String(_)));
418
421
  }
419
- if (g.length === 1) throw g[0];
420
- if (g.length > 1)
422
+ if (w.length === 1) throw w[0];
423
+ if (w.length > 1)
421
424
  throw new AggregateError(
422
- g,
423
- g.map((y) => y.message).join("; ")
425
+ w,
426
+ w.map((v) => v.message).join("; ")
424
427
  );
425
428
  }
426
429
  }
427
430
  };
428
431
  }
429
- var b = class extends Error {
432
+ var C = class extends Error {
430
433
  /**
431
434
  * Creates an instance of `HTTPException`.
432
435
  * @param status - HTTP status code for the exception. Defaults to 500.
@@ -434,8 +437,8 @@ var b = class extends Error {
434
437
  */
435
438
  constructor(e = 500, n) {
436
439
  super(n == null ? void 0 : n.message, { cause: n == null ? void 0 : n.cause });
437
- $(this, "res");
438
- $(this, "status");
440
+ z(this, "res");
441
+ z(this, "status");
439
442
  this.res = n == null ? void 0 : n.res, this.status = e;
440
443
  }
441
444
  /**
@@ -453,14 +456,14 @@ var b = class extends Error {
453
456
  }
454
457
  };
455
458
  function M(t, e) {
456
- const n = new Y();
459
+ const n = new ee();
457
460
  return n.openapi(
458
- z({
461
+ O({
459
462
  tags: ["tenants"],
460
463
  method: "get",
461
464
  path: "/",
462
465
  request: {
463
- query: Z
466
+ query: Y
464
467
  },
465
468
  security: [
466
469
  {
@@ -471,11 +474,11 @@ function M(t, e) {
471
474
  200: {
472
475
  content: {
473
476
  "application/json": {
474
- schema: C.object({
475
- tenants: C.array(k),
476
- start: C.number().optional(),
477
- limit: C.number().optional(),
478
- length: C.number().optional()
477
+ schema: S.object({
478
+ tenants: S.array(k),
479
+ start: S.number().optional(),
480
+ limit: S.number().optional(),
481
+ length: S.number().optional()
479
482
  })
480
483
  }
481
484
  },
@@ -484,74 +487,74 @@ function M(t, e) {
484
487
  }
485
488
  }),
486
489
  async (s) => {
487
- var u, p, g, y;
488
- const a = s.req.valid("query"), { page: i, per_page: o, include_totals: r, q: c } = a, m = s.var.user, l = (m == null ? void 0 : m.permissions) || [];
489
- if (l.includes("auth:read") || l.includes("admin:organizations")) {
490
+ var m, g, p, h;
491
+ const r = s.req.valid("query"), { page: c, per_page: o, include_totals: a, q: d } = r, l = s.var.user, i = (l == null ? void 0 : l.permissions) || [];
492
+ if (i.includes("auth:read") || i.includes("admin:organizations")) {
490
493
  const w = await s.env.data.tenants.list({
491
- page: i,
494
+ page: c,
492
495
  per_page: o,
493
- include_totals: r,
494
- q: c
496
+ include_totals: a,
497
+ q: d
495
498
  });
496
- return r ? s.json({
499
+ return a ? s.json({
497
500
  tenants: w.tenants,
498
- start: ((u = w.totals) == null ? void 0 : u.start) ?? 0,
499
- limit: ((p = w.totals) == null ? void 0 : p.limit) ?? o,
501
+ start: ((m = w.totals) == null ? void 0 : m.start) ?? 0,
502
+ limit: ((g = w.totals) == null ? void 0 : g.limit) ?? o,
500
503
  length: w.tenants.length
501
504
  }) : s.json({ tenants: w.tenants });
502
505
  }
503
- if (t.accessControl && (m != null && m.sub)) {
504
- const w = t.accessControl.controlPlaneTenantId, v = (await I(
505
- (P) => s.env.data.userOrganizations.listUserOrganizations(
506
+ if (t.accessControl && (l != null && l.sub)) {
507
+ const w = t.accessControl.controlPlaneTenantId, _ = (await $(
508
+ (I) => s.env.data.userOrganizations.listUserOrganizations(
506
509
  w,
507
- m.sub,
508
- P
510
+ l.sub,
511
+ I
509
512
  ),
510
513
  "organizations"
511
- )).map((P) => P.name);
512
- if (v.length === 0)
513
- return r ? s.json({
514
+ )).map((I) => I.name);
515
+ if (_.length === 0)
516
+ return a ? s.json({
514
517
  tenants: [],
515
518
  start: 0,
516
519
  limit: o ?? 50,
517
520
  length: 0
518
521
  }) : s.json({ tenants: [] });
519
- const h = v.length, T = i ?? 0, _ = o ?? 50, S = T * _, D = v.slice(S, S + _);
520
- if (D.length === 0)
521
- return r ? s.json({
522
+ const b = _.length, A = c ?? 0, y = o ?? 50, T = A * y, P = _.slice(T, T + y);
523
+ if (P.length === 0)
524
+ return a ? s.json({
522
525
  tenants: [],
523
- start: S,
524
- limit: _,
525
- length: h
526
+ start: T,
527
+ limit: y,
528
+ length: b
526
529
  }) : s.json({ tenants: [] });
527
- const F = D.map((P) => `id:${P}`).join(" OR "), K = c ? `(${F}) AND (${c})` : F, j = await s.env.data.tenants.list({
528
- q: K,
529
- per_page: _,
530
+ const D = P.map((I) => `id:${I}`).join(" OR "), W = d ? `(${D}) AND (${d})` : D, j = await s.env.data.tenants.list({
531
+ q: W,
532
+ per_page: y,
530
533
  include_totals: !1
531
534
  // We calculate totals from accessibleTenantIds
532
535
  });
533
- return r ? s.json({
536
+ return a ? s.json({
534
537
  tenants: j.tenants,
535
- start: S,
536
- limit: _,
537
- length: h
538
+ start: T,
539
+ limit: y,
540
+ length: b
538
541
  }) : s.json({ tenants: j.tenants });
539
542
  }
540
- const d = await s.env.data.tenants.list({
541
- page: i,
543
+ const u = await s.env.data.tenants.list({
544
+ page: c,
542
545
  per_page: o,
543
- include_totals: r,
544
- q: c
546
+ include_totals: a,
547
+ q: d
545
548
  });
546
- return r ? s.json({
547
- tenants: d.tenants,
548
- start: ((g = d.totals) == null ? void 0 : g.start) ?? 0,
549
- limit: ((y = d.totals) == null ? void 0 : y.limit) ?? o,
550
- length: d.tenants.length
551
- }) : s.json({ tenants: d.tenants });
549
+ return a ? s.json({
550
+ tenants: u.tenants,
551
+ start: ((p = u.totals) == null ? void 0 : p.start) ?? 0,
552
+ limit: ((h = u.totals) == null ? void 0 : h.limit) ?? o,
553
+ length: u.tenants.length
554
+ }) : s.json({ tenants: u.tenants });
552
555
  }
553
556
  ), n.openapi(
554
- z({
557
+ O({
555
558
  tags: ["tenants"],
556
559
  method: "post",
557
560
  path: "/",
@@ -559,7 +562,7 @@ function M(t, e) {
559
562
  body: {
560
563
  content: {
561
564
  "application/json": {
562
- schema: x
565
+ schema: Z
563
566
  }
564
567
  }
565
568
  }
@@ -587,29 +590,29 @@ function M(t, e) {
587
590
  }
588
591
  }),
589
592
  async (s) => {
590
- var c, m;
591
- const a = s.var.user;
592
- if (!(a != null && a.sub))
593
- throw new b(401, {
593
+ var d, l;
594
+ const r = s.var.user;
595
+ if (!(r != null && r.sub))
596
+ throw new C(401, {
594
597
  message: "Authentication required to create tenants"
595
598
  });
596
- let i = s.req.valid("json");
599
+ let c = s.req.valid("json");
597
600
  const o = {
598
601
  adapters: s.env.data,
599
602
  ctx: s
600
603
  };
601
- (c = e.tenants) != null && c.beforeCreate && (i = await e.tenants.beforeCreate(o, i));
602
- const r = await s.env.data.tenants.create(i);
603
- return (m = e.tenants) != null && m.afterCreate && await e.tenants.afterCreate(o, r), s.json(r, 201);
604
+ (d = e.tenants) != null && d.beforeCreate && (c = await e.tenants.beforeCreate(o, c));
605
+ const a = await s.env.data.tenants.create(c);
606
+ return (l = e.tenants) != null && l.afterCreate && await e.tenants.afterCreate(o, a), s.json(a, 201);
604
607
  }
605
608
  ), n.openapi(
606
- z({
609
+ O({
607
610
  tags: ["tenants"],
608
611
  method: "delete",
609
612
  path: "/{id}",
610
613
  request: {
611
- params: C.object({
612
- id: C.string()
614
+ params: S.object({
615
+ id: S.string()
613
616
  })
614
617
  },
615
618
  security: [
@@ -630,43 +633,43 @@ function M(t, e) {
630
633
  }
631
634
  }),
632
635
  async (s) => {
633
- var r, c;
634
- const { id: a } = s.req.valid("param");
636
+ var a, d;
637
+ const { id: r } = s.req.valid("param");
635
638
  if (t.accessControl) {
636
- const m = s.var.user, l = t.accessControl.controlPlaneTenantId;
637
- if (!(m != null && m.sub))
638
- throw new b(401, {
639
+ const l = s.var.user, i = t.accessControl.controlPlaneTenantId;
640
+ if (!(l != null && l.sub))
641
+ throw new C(401, {
639
642
  message: "Authentication required"
640
643
  });
641
- if (a === l)
642
- throw new b(403, {
644
+ if (r === i)
645
+ throw new C(403, {
643
646
  message: "Cannot delete the control plane"
644
647
  });
645
- if (!(await I(
646
- (u) => s.env.data.userOrganizations.listUserOrganizations(
647
- l,
648
- m.sub,
649
- u
648
+ if (!(await $(
649
+ (m) => s.env.data.userOrganizations.listUserOrganizations(
650
+ i,
651
+ l.sub,
652
+ m
650
653
  ),
651
654
  "organizations"
652
- )).some((u) => u.name === a))
653
- throw new b(403, {
655
+ )).some((m) => m.name === r))
656
+ throw new C(403, {
654
657
  message: "Access denied to this tenant"
655
658
  });
656
659
  }
657
- if (!await s.env.data.tenants.get(a))
658
- throw new b(404, {
660
+ if (!await s.env.data.tenants.get(r))
661
+ throw new C(404, {
659
662
  message: "Tenant not found"
660
663
  });
661
664
  const o = {
662
665
  adapters: s.env.data,
663
666
  ctx: s
664
667
  };
665
- return (r = e.tenants) != null && r.beforeDelete && await e.tenants.beforeDelete(o, a), await s.env.data.tenants.remove(a), (c = e.tenants) != null && c.afterDelete && await e.tenants.afterDelete(o, a), s.body(null, 204);
668
+ return (a = e.tenants) != null && a.beforeDelete && await e.tenants.beforeDelete(o, r), await s.env.data.tenants.remove(r), (d = e.tenants) != null && d.afterDelete && await e.tenants.afterDelete(o, r), s.body(null, 204);
666
669
  }
667
670
  ), n;
668
671
  }
669
- function le(t) {
672
+ function de(t) {
670
673
  const e = [
671
674
  {
672
675
  pattern: /\/api\/v2\/resource-servers\/([^/]+)$/,
@@ -676,13 +679,13 @@ function le(t) {
676
679
  { pattern: /\/api\/v2\/connections\/([^/]+)$/, type: "connection" }
677
680
  ];
678
681
  for (const { pattern: n, type: s } of e) {
679
- const a = t.match(n);
680
- if (a && a[1])
681
- return { type: s, id: a[1] };
682
+ const r = t.match(n);
683
+ if (r && r[1])
684
+ return { type: s, id: r[1] };
682
685
  }
683
686
  return null;
684
687
  }
685
- async function de(t, e, n) {
688
+ async function ue(t, e, n) {
686
689
  try {
687
690
  switch (n.type) {
688
691
  case "resource_server": {
@@ -704,7 +707,7 @@ async function de(t, e, n) {
704
707
  return !1;
705
708
  }
706
709
  }
707
- function ue(t) {
710
+ function fe(t) {
708
711
  return {
709
712
  resource_server: "resource server",
710
713
  role: "role",
@@ -715,117 +718,117 @@ function me() {
715
718
  return async (t, e) => {
716
719
  if (!["PATCH", "PUT", "DELETE"].includes(t.req.method))
717
720
  return e();
718
- const n = le(t.req.path);
721
+ const n = de(t.req.path);
719
722
  if (!n)
720
723
  return e();
721
724
  const s = t.var.tenant_id || t.req.header("x-tenant-id") || t.req.header("tenant-id");
722
725
  if (!s)
723
726
  return e();
724
- if (await de(t.env.data, s, n))
725
- throw new b(403, {
726
- message: `This ${ue(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
727
+ if (await ue(t.env.data, s, n))
728
+ throw new C(403, {
729
+ message: `This ${fe(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
727
730
  });
728
731
  return e();
729
732
  };
730
733
  }
731
- function U(t, e) {
734
+ function B(t, e) {
732
735
  const { controlPlaneTenantId: n, controlPlaneClientId: s } = e;
733
736
  return {
734
737
  ...t,
735
738
  legacyClients: {
736
739
  ...t.legacyClients,
737
- get: async (a) => {
740
+ get: async (r) => {
738
741
  var f;
739
- const i = await t.legacyClients.get(a);
740
- if (!i)
742
+ const c = await t.legacyClients.get(r);
743
+ if (!c)
741
744
  return null;
742
- const o = s ? await t.legacyClients.get(s) : void 0, r = await t.connections.list(
743
- i.tenant.id
744
- ), c = n ? await t.connections.list(n) : { connections: [] }, m = r.connections.map((d) => {
745
- var g;
746
- const u = (g = c.connections) == null ? void 0 : g.find(
747
- (y) => y.strategy === d.strategy
745
+ const o = s ? await t.legacyClients.get(s) : void 0, a = await t.connections.list(
746
+ c.tenant.id
747
+ ), d = n ? await t.connections.list(n) : { connections: [] }, l = a.connections.map((u) => {
748
+ var p;
749
+ const m = (p = d.connections) == null ? void 0 : p.find(
750
+ (h) => h.strategy === u.strategy
748
751
  );
749
- if (!(u != null && u.options))
750
- return d;
751
- const p = R.parse({
752
- ...u || {},
753
- ...d
752
+ if (!(m != null && m.options))
753
+ return u;
754
+ const g = R.parse({
755
+ ...m || {},
756
+ ...u
754
757
  });
755
- return p.options = O.parse({
756
- ...u.options || {},
757
- ...d.options
758
- }), p;
759
- }).filter((d) => d), l = {
758
+ return g.options = F.parse({
759
+ ...m.options || {},
760
+ ...u.options
761
+ }), g;
762
+ }).filter((u) => u), i = {
760
763
  ...(o == null ? void 0 : o.tenant) || {},
761
- ...i.tenant
764
+ ...c.tenant
762
765
  };
763
- return !i.tenant.audience && ((f = o == null ? void 0 : o.tenant) != null && f.audience) && (l.audience = o.tenant.audience), {
764
- ...i,
766
+ return !c.tenant.audience && ((f = o == null ? void 0 : o.tenant) != null && f.audience) && (i.audience = o.tenant.audience), {
767
+ ...c,
765
768
  web_origins: [
766
769
  ...(o == null ? void 0 : o.web_origins) || [],
767
- ...i.web_origins || []
770
+ ...c.web_origins || []
768
771
  ],
769
772
  allowed_logout_urls: [
770
773
  ...(o == null ? void 0 : o.allowed_logout_urls) || [],
771
- ...i.allowed_logout_urls || []
774
+ ...c.allowed_logout_urls || []
772
775
  ],
773
776
  callbacks: [
774
777
  ...(o == null ? void 0 : o.callbacks) || [],
775
- ...i.callbacks || []
778
+ ...c.callbacks || []
776
779
  ],
777
- connections: m,
778
- tenant: l
780
+ connections: l,
781
+ tenant: i
779
782
  };
780
783
  }
781
784
  },
782
785
  connections: {
783
786
  ...t.connections,
784
- get: async (a, i) => {
785
- var l;
787
+ get: async (r, c) => {
788
+ var i;
786
789
  const o = await t.connections.get(
787
- a,
788
- i
790
+ r,
791
+ c
789
792
  );
790
- if (!o || !n || a === n)
793
+ if (!o || !n || r === n)
791
794
  return o;
792
- const c = (l = (await t.connections.list(n)).connections) == null ? void 0 : l.find(
795
+ const d = (i = (await t.connections.list(n)).connections) == null ? void 0 : i.find(
793
796
  (f) => f.strategy === o.strategy
794
797
  );
795
- if (!(c != null && c.options))
798
+ if (!(d != null && d.options))
796
799
  return o;
797
- const m = R.parse({
798
- ...c,
800
+ const l = R.parse({
801
+ ...d,
799
802
  ...o
800
803
  });
801
- return m.options = O.parse({
802
- ...c.options || {},
804
+ return l.options = F.parse({
805
+ ...d.options || {},
803
806
  ...o.options
804
- }), m;
807
+ }), l;
805
808
  },
806
- list: async (a, i) => {
807
- const o = await t.connections.list(a, i);
808
- if (!n || a === n)
809
+ list: async (r, c) => {
810
+ const o = await t.connections.list(r, c);
811
+ if (!n || r === n)
809
812
  return o;
810
- const r = await t.connections.list(n), c = o.connections.map((m) => {
811
- var d;
812
- const l = (d = r.connections) == null ? void 0 : d.find(
813
- (u) => u.strategy === m.strategy
813
+ const a = await t.connections.list(n), d = o.connections.map((l) => {
814
+ var u;
815
+ const i = (u = a.connections) == null ? void 0 : u.find(
816
+ (m) => m.strategy === l.strategy
814
817
  );
815
- if (!(l != null && l.options))
816
- return m;
818
+ if (!(i != null && i.options))
819
+ return l;
817
820
  const f = R.parse({
818
- ...l,
819
- ...m
821
+ ...i,
822
+ ...l
820
823
  });
821
- return f.options = O.parse({
822
- ...l.options || {},
823
- ...m.options
824
+ return f.options = F.parse({
825
+ ...i.options || {},
826
+ ...l.options
824
827
  }), f;
825
828
  });
826
829
  return {
827
830
  ...o,
828
- connections: c
831
+ connections: d
829
832
  };
830
833
  }
831
834
  }
@@ -838,164 +841,164 @@ function U(t, e) {
838
841
  // They remain part of ...baseAdapters and can be properly wrapped by caching.
839
842
  };
840
843
  }
841
- function fe(t, e) {
842
- return U(t, e);
844
+ function ge(t, e) {
845
+ return B(t, e);
843
846
  }
844
- const Ce = U, Pe = fe;
845
- function ge(t) {
847
+ const Ce = B, Se = ge;
848
+ function pe(t) {
846
849
  return async (e, n) => {
847
850
  const s = e.var.user;
848
851
  return (s == null ? void 0 : s.tenant_id) === t && s.org_name && e.set("tenant_id", s.org_name), n();
849
852
  };
850
853
  }
851
- function pe(t) {
854
+ function we(t) {
852
855
  return async (e, n) => {
853
856
  if (!t.accessControl)
854
857
  return n();
855
- const { controlPlaneTenantId: s } = t.accessControl, a = e.var.org_name, i = e.var.organization_id, o = a || i;
856
- let r = e.var.tenant_id;
857
- const c = e.var.user, l = (c != null && c.aud ? Array.isArray(c.aud) ? c.aud : [c.aud] : []).includes(L);
858
- if (!r && o && l && (e.set("tenant_id", o), r = o), !r)
859
- throw new b(400, {
858
+ const { controlPlaneTenantId: s } = t.accessControl, r = e.var.org_name, c = e.var.organization_id, o = r || c;
859
+ let a = e.var.tenant_id;
860
+ const d = e.var.user, i = (d != null && d.aud ? Array.isArray(d.aud) ? d.aud : [d.aud] : []).includes(U);
861
+ if (!a && o && i && (e.set("tenant_id", o), a = o), !a)
862
+ throw new C(400, {
860
863
  message: "Tenant ID not found in request"
861
864
  });
862
- if (!te(
863
- i,
864
- r,
865
+ if (!ne(
866
+ c,
867
+ a,
865
868
  s,
866
- a
869
+ r
867
870
  ))
868
- throw new b(403, {
869
- message: `Access denied to tenant ${r}`
871
+ throw new C(403, {
872
+ message: `Access denied to tenant ${a}`
870
873
  });
871
874
  return n();
872
875
  };
873
876
  }
874
- function we(t) {
877
+ function ye(t) {
875
878
  return async (e, n) => {
876
879
  if (!t.subdomainRouting)
877
880
  return n();
878
881
  const {
879
882
  baseDomain: s,
880
- reservedSubdomains: a = [],
881
- resolveSubdomain: i
883
+ reservedSubdomains: r = [],
884
+ resolveSubdomain: c
882
885
  } = t.subdomainRouting, o = e.req.header("host") || "";
883
- let r = null;
886
+ let a = null;
884
887
  if (o.endsWith(s)) {
885
- const m = o.slice(0, -(s.length + 1));
886
- m && !m.includes(".") && (r = m);
888
+ const l = o.slice(0, -(s.length + 1));
889
+ l && !l.includes(".") && (a = l);
887
890
  }
888
- if (r && a.includes(r) && (r = null), !r)
891
+ if (a && r.includes(a) && (a = null), !a)
889
892
  return t.accessControl && e.set("tenant_id", t.accessControl.controlPlaneTenantId), n();
890
- let c = null;
891
- if (i)
892
- c = await i(r);
893
+ let d = null;
894
+ if (c)
895
+ d = await c(a);
893
896
  else if (t.subdomainRouting.useOrganizations !== !1 && t.accessControl)
894
897
  try {
895
- const m = await e.env.data.organizations.get(
898
+ const l = await e.env.data.organizations.get(
896
899
  t.accessControl.controlPlaneTenantId,
897
- r
900
+ a
898
901
  );
899
- m && (c = m.id);
902
+ l && (d = l.id);
900
903
  } catch {
901
904
  }
902
- if (!c)
903
- throw new b(404, {
904
- message: `Tenant not found for subdomain: ${r}`
905
+ if (!d)
906
+ throw new C(404, {
907
+ message: `Tenant not found for subdomain: ${a}`
905
908
  });
906
- return e.set("tenant_id", c), n();
909
+ return e.set("tenant_id", d), n();
907
910
  };
908
911
  }
909
- function ye(t) {
912
+ function he(t) {
910
913
  return async (e, n) => {
911
914
  if (!t.databaseIsolation)
912
915
  return n();
913
916
  const s = e.var.tenant_id;
914
917
  if (!s)
915
- throw new b(400, {
918
+ throw new C(400, {
916
919
  message: "Tenant ID not found in request"
917
920
  });
918
921
  try {
919
- const a = await t.databaseIsolation.getAdapters(s);
920
- e.env.data = a;
921
- } catch (a) {
922
+ const r = await t.databaseIsolation.getAdapters(s);
923
+ e.env.data = r;
924
+ } catch (r) {
922
925
  throw console.error(
923
926
  `Failed to resolve database for tenant ${s}:`,
924
- a
925
- ), new b(500, {
927
+ r
928
+ ), new C(500, {
926
929
  message: "Failed to resolve tenant database"
927
930
  });
928
931
  }
929
932
  return n();
930
933
  };
931
934
  }
932
- function B(t) {
933
- const e = we(t), n = pe(t), s = ye(t);
934
- return async (a, i) => (await e(a, async () => {
935
- }), await n(a, async () => {
936
- }), await s(a, async () => {
937
- }), i());
935
+ function K(t) {
936
+ const e = ye(t), n = we(t), s = he(t);
937
+ return async (r, c) => (await e(r, async () => {
938
+ }), await n(r, async () => {
939
+ }), await s(r, async () => {
940
+ }), c());
938
941
  }
939
- function Ie(t) {
942
+ function Pe(t) {
940
943
  const {
941
944
  dataAdapter: e,
942
945
  controlPlaneTenantId: n = "control_plane",
943
946
  sync: s = { resourceServers: !0, roles: !0 },
944
- defaultPermissions: a = ["tenant:admin"],
945
- requireOrganizationMatch: i = !1,
947
+ defaultPermissions: r = ["tenant:admin"],
948
+ requireOrganizationMatch: c = !1,
946
949
  managementApiExtensions: o = [],
947
- entityHooks: r,
948
- getChildTenantIds: c,
949
- getAdapters: m,
950
- ...l
951
- } = t, f = s !== !1, d = f ? {
950
+ entityHooks: a,
951
+ getChildTenantIds: d,
952
+ getAdapters: l,
953
+ ...i
954
+ } = t, f = s !== !1, u = f ? {
952
955
  resourceServers: s.resourceServers ?? !0,
953
956
  roles: s.roles ?? !0
954
- } : { resourceServers: !1, roles: !1 }, g = {
957
+ } : { resourceServers: !1, roles: !1 }, p = {
955
958
  controlPlaneTenantId: n,
956
- getChildTenantIds: c ?? (async () => (await I(
957
- (_) => e.tenants.list(_),
959
+ getChildTenantIds: d ?? (async () => (await $(
960
+ (y) => e.tenants.list(y),
958
961
  "tenants",
959
962
  { cursorField: "id", pageSize: 100 }
960
- )).filter((_) => _.id !== n).map((_) => _.id)),
961
- getAdapters: m ?? (async () => e),
963
+ )).filter((y) => y.id !== n).map((y) => y.id)),
964
+ getAdapters: l ?? (async () => e),
962
965
  getControlPlaneAdapters: async () => e,
963
- sync: d
964
- }, { entityHooks: y, tenantHooks: w } = ce(g), A = {
966
+ sync: u
967
+ }, { entityHooks: h, tenantHooks: w } = le(p), v = {
965
968
  resourceServers: [
966
- y.resourceServers,
967
- ...(r == null ? void 0 : r.resourceServers) ?? []
969
+ h.resourceServers,
970
+ ...(a == null ? void 0 : a.resourceServers) ?? []
968
971
  ],
969
- roles: [y.roles, ...(r == null ? void 0 : r.roles) ?? []],
970
- connections: (r == null ? void 0 : r.connections) ?? [],
971
- tenants: (r == null ? void 0 : r.tenants) ?? [],
972
- rolePermissions: (r == null ? void 0 : r.rolePermissions) ?? []
973
- }, v = M(
972
+ roles: [h.roles, ...(a == null ? void 0 : a.roles) ?? []],
973
+ connections: (a == null ? void 0 : a.connections) ?? [],
974
+ tenants: (a == null ? void 0 : a.tenants) ?? [],
975
+ rolePermissions: (a == null ? void 0 : a.rolePermissions) ?? []
976
+ }, _ = M(
974
977
  {
975
978
  accessControl: {
976
979
  controlPlaneTenantId: n,
977
- requireOrganizationMatch: i,
978
- defaultPermissions: a
980
+ requireOrganizationMatch: c,
981
+ defaultPermissions: r
979
982
  }
980
983
  },
981
984
  { tenants: w }
982
- ), { app: h } = X({
985
+ ), { app: b } = x({
983
986
  dataAdapter: e,
984
- ...l,
985
- entityHooks: A,
987
+ ...i,
988
+ entityHooks: v,
986
989
  managementApiExtensions: [
987
990
  ...o,
988
- { path: "/tenants", router: v }
991
+ { path: "/tenants", router: _ }
989
992
  ]
990
993
  });
991
- return h.use("/api/v2/*", ge(n)), f && h.use("/api/v2/*", me()), { app: h, controlPlaneTenantId: n };
994
+ return b.use("/api/v2/*", pe(n)), f && b.use("/api/v2/*", me()), { app: b, controlPlaneTenantId: n };
992
995
  }
993
- function Se(t) {
996
+ function Ie(t) {
994
997
  const e = q(t);
995
998
  return {
996
999
  name: "multi-tenancy",
997
1000
  // Apply multi-tenancy middleware for subdomain routing, database resolution, etc.
998
- middleware: B(t),
1001
+ middleware: K(t),
999
1002
  // Provide lifecycle hooks
1000
1003
  hooks: e,
1001
1004
  // Mount tenant management routes
@@ -1016,45 +1019,45 @@ function Se(t) {
1016
1019
  };
1017
1020
  }
1018
1021
  function q(t) {
1019
- const e = t.accessControl ? ee(t.accessControl) : {}, n = t.databaseIsolation ? ne(t.databaseIsolation) : {}, s = re(t);
1022
+ const e = t.accessControl ? te(t.accessControl) : {}, n = t.databaseIsolation ? se(t.databaseIsolation) : {}, s = ae(t);
1020
1023
  return {
1021
1024
  ...e,
1022
1025
  ...n,
1023
1026
  tenants: s
1024
1027
  };
1025
1028
  }
1026
- function he(t) {
1027
- const e = new V(), n = q(t);
1029
+ function ve(t) {
1030
+ const e = new J(), n = q(t);
1028
1031
  return e.route("/tenants", M(t, n)), e;
1029
1032
  }
1030
1033
  function $e(t) {
1031
1034
  return {
1032
1035
  hooks: q(t),
1033
- middleware: B(t),
1034
- app: he(t),
1036
+ middleware: K(t),
1037
+ app: ve(t),
1035
1038
  config: t
1036
1039
  };
1037
1040
  }
1038
1041
  export {
1039
- ee as createAccessControlHooks,
1040
- pe as createAccessControlMiddleware,
1041
- ge as createControlPlaneTenantMiddleware,
1042
- ne as createDatabaseHooks,
1043
- ye as createDatabaseMiddleware,
1044
- he as createMultiTenancy,
1042
+ te as createAccessControlHooks,
1043
+ we as createAccessControlMiddleware,
1044
+ pe as createControlPlaneTenantMiddleware,
1045
+ se as createDatabaseHooks,
1046
+ he as createDatabaseMiddleware,
1047
+ ve as createMultiTenancy,
1045
1048
  q as createMultiTenancyHooks,
1046
- B as createMultiTenancyMiddleware,
1047
- Se as createMultiTenancyPlugin,
1049
+ K as createMultiTenancyMiddleware,
1050
+ Ie as createMultiTenancyPlugin,
1048
1051
  me as createProtectSyncedMiddleware,
1049
- re as createProvisioningHooks,
1050
- U as createRuntimeFallbackAdapter,
1052
+ ae as createProvisioningHooks,
1053
+ B as createRuntimeFallbackAdapter,
1051
1054
  Ce as createSettingsInheritanceAdapter,
1052
- we as createSubdomainMiddleware,
1053
- ce as createSyncHooks,
1055
+ ye as createSubdomainMiddleware,
1056
+ le as createSyncHooks,
1054
1057
  M as createTenantsOpenAPIRouter,
1055
- Ie as initMultiTenant,
1058
+ Pe as initMultiTenant,
1056
1059
  $e as setupMultiTenancy,
1057
- te as validateTenantAccess,
1058
- fe as withRuntimeFallback,
1059
- Pe as withSettingsInheritance
1060
+ ne as validateTenantAccess,
1061
+ ge as withRuntimeFallback,
1062
+ Se as withSettingsInheritance
1060
1063
  };