@authhero/multi-tenancy 14.5.0 → 14.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/multi-tenancy.cjs +1 -1
  2. package/dist/multi-tenancy.mjs +438 -413
  3. package/dist/types/index.d.ts +2 -2
  4. package/dist/types/index.d.ts.map +1 -1
  5. package/dist/types/init.d.ts.map +1 -1
  6. package/dist/types/middleware/index.d.ts +2 -2
  7. package/dist/types/middleware/index.d.ts.map +1 -1
  8. package/dist/types/middleware/settings-inheritance.d.ts +8 -12
  9. package/dist/types/middleware/settings-inheritance.d.ts.map +1 -1
  10. package/package.json +4 -4
package/dist/multi-tenancy.mjs CHANGED
@@ -1,18 +1,18 @@
1
1
  var X = Object.defineProperty;
2
2
  var Y = (t, e, n) => e in t ? X(t, e, { enumerable: !0, configurable: !0, writable: !0, value: n }) : t[e] = n;
3
- var R = (t, e, n) => Y(t, typeof e != "symbol" ? e + "" : e, n);
3
+ var F = (t, e, n) => Y(t, typeof e != "symbol" ? e + "" : e, n);
4
4
  import { Hono as Z } from "hono";
5
- import { MANAGEMENT_API_SCOPES as x, MANAGEMENT_API_AUDIENCE as W, fetchAll as z, auth0QuerySchema as ee, tenantSchema as H, tenantInsertSchema as te, connectionSchema as F, connectionOptionsSchema as O, init as ne } from "authhero";
5
+ import { MANAGEMENT_API_SCOPES as x, MANAGEMENT_API_AUDIENCE as W, fetchAll as O, auth0QuerySchema as ee, tenantSchema as G, tenantInsertSchema as te, connectionSchema as R, connectionOptionsSchema as D, init as ne } from "authhero";
6
6
  import { OpenAPIHono as re, createRoute as M, z as S } from "@hono/zod-openapi";
7
7
  function se(t) {
8
8
  const { controlPlaneTenantId: e, requireOrganizationMatch: n = !0 } = t;
9
9
  return {
10
- async onTenantAccessValidation(r, s) {
11
- if (s === e)
10
+ async onTenantAccessValidation(r, a) {
11
+ if (a === e)
12
12
  return !0;
13
13
  if (n) {
14
- const c = r.var.org_name, o = r.var.organization_id, a = c || o;
15
- return a ? a.toLowerCase() === s.toLowerCase() : !1;
14
+ const c = r.var.org_name, l = r.var.organization_id, s = c || l;
15
+ return s ? s.toLowerCase() === a.toLowerCase() : !1;
16
16
  }
17
17
  return !0;
18
18
  }
@@ -21,8 +21,8 @@ function se(t) {
21
21
  function ae(t, e, n, r) {
22
22
  if (e === n)
23
23
  return !0;
24
- const s = r || t;
25
- return s ? s.toLowerCase() === e.toLowerCase() : !1;
24
+ const a = r || t;
25
+ return a ? a.toLowerCase() === e.toLowerCase() : !1;
26
26
  }
27
27
  function oe(t) {
28
28
  return {
@@ -51,19 +51,19 @@ function ce(t) {
51
51
  } : n;
52
52
  },
53
53
  async afterCreate(e, n) {
54
- const { accessControl: r, databaseIsolation: s } = t;
55
- r && e.ctx && await le(e, n, r), s != null && s.onProvision && await s.onProvision(n.id);
54
+ const { accessControl: r, databaseIsolation: a } = t;
55
+ r && e.ctx && await le(e, n, r), a != null && a.onProvision && await a.onProvision(n.id);
56
56
  },
57
57
  async beforeDelete(e, n) {
58
- const { accessControl: r, databaseIsolation: s } = t;
58
+ const { accessControl: r, databaseIsolation: a } = t;
59
59
  if (r)
60
60
  try {
61
- const o = (await e.adapters.organizations.list(
61
+ const l = (await e.adapters.organizations.list(
62
62
  r.controlPlaneTenantId
63
- )).organizations.find((a) => a.name === n);
64
- o && await e.adapters.organizations.remove(
63
+ )).organizations.find((s) => s.name === n);
64
+ l && await e.adapters.organizations.remove(
65
65
  r.controlPlaneTenantId,
66
- o.id
66
+ l.id
67
67
  );
68
68
  } catch (c) {
69
69
  console.warn(
@@ -71,9 +71,9 @@ function ce(t) {
71
71
  c
72
72
  );
73
73
  }
74
- if (s != null && s.onDeprovision)
74
+ if (a != null && a.onDeprovision)
75
75
  try {
76
- await s.onDeprovision(n);
76
+ await a.onDeprovision(n);
77
77
  } catch (c) {
78
78
  console.warn(
79
79
  `Failed to deprovision database for tenant ${n}:`,
@@ -86,12 +86,12 @@ function ce(t) {
86
86
  async function le(t, e, n) {
87
87
  const {
88
88
  controlPlaneTenantId: r,
89
- defaultPermissions: s,
89
+ defaultPermissions: a,
90
90
  defaultRoles: c,
91
- issuer: o,
92
- adminRoleName: a = "Tenant Admin",
93
- adminRoleDescription: d = "Full access to all tenant management operations",
94
- addCreatorToOrganization: u = !0
91
+ issuer: l,
92
+ adminRoleName: s = "Tenant Admin",
93
+ adminRoleDescription: p = "Full access to all tenant management operations",
94
+ addCreatorToOrganization: o = !0
95
95
  } = n, i = await t.adapters.organizations.create(
96
96
  r,
97
97
  {
@@ -100,40 +100,40 @@ async function le(t, e, n) {
100
100
  }
101
101
  );
102
102
  let f;
103
- if (o && (f = await ue(
103
+ if (l && (f = await ue(
104
104
  t,
105
105
  r,
106
- a,
107
- d
108
- )), u && t.ctx) {
109
- const l = t.ctx.var.user;
110
- if (l != null && l.sub && !await de(
106
+ s,
107
+ p
108
+ )), o && t.ctx) {
109
+ const d = t.ctx.var.user;
110
+ if (d != null && d.sub && !await de(
111
111
  t,
112
112
  r,
113
- l.sub
113
+ d.sub
114
114
  ))
115
115
  try {
116
116
  await t.adapters.userOrganizations.create(r, {
117
- user_id: l.sub,
117
+ user_id: d.sub,
118
118
  organization_id: i.id
119
119
  }), f && await t.adapters.userRoles.create(
120
120
  r,
121
- l.sub,
121
+ d.sub,
122
122
  f,
123
123
  i.id
124
124
  // organizationId
125
125
  );
126
- } catch (g) {
126
+ } catch (m) {
127
127
  console.warn(
128
- `Failed to add creator ${l.sub} to organization ${i.id}:`,
129
- g
128
+ `Failed to add creator ${d.sub} to organization ${i.id}:`,
129
+ m
130
130
  );
131
131
  }
132
132
  }
133
133
  c && c.length > 0 && console.log(
134
134
  `Would assign roles ${c.join(", ")} to organization ${i.id}`
135
- ), s && s.length > 0 && console.log(
136
- `Would grant permissions ${s.join(", ")} to organization ${i.id}`
135
+ ), a && a.length > 0 && console.log(
136
+ `Would grant permissions ${a.join(", ")} to organization ${i.id}`
137
137
  );
138
138
  }
139
139
  async function de(t, e, n) {
@@ -144,77 +144,77 @@ async function de(t, e, n) {
144
144
  ""
145
145
  // Empty string for global roles
146
146
  );
147
- for (const s of r)
147
+ for (const a of r)
148
148
  if ((await t.adapters.rolePermissions.list(
149
149
  e,
150
- s.id,
150
+ a.id,
151
151
  { per_page: 1e3 }
152
152
  )).some(
153
- (a) => a.permission_name === "admin:organizations"
153
+ (s) => s.permission_name === "admin:organizations"
154
154
  ))
155
155
  return !0;
156
156
  return !1;
157
157
  }
158
158
  async function ue(t, e, n, r) {
159
- const c = (await t.adapters.roles.list(e, {})).roles.find((u) => u.name === n);
159
+ const c = (await t.adapters.roles.list(e, {})).roles.find((o) => o.name === n);
160
160
  if (c)
161
161
  return c.id;
162
- const o = await t.adapters.roles.create(e, {
162
+ const l = await t.adapters.roles.create(e, {
163
163
  name: n,
164
164
  description: r
165
- }), a = W, d = x.map((u) => ({
166
- role_id: o.id,
167
- resource_server_identifier: a,
168
- permission_name: u.value
165
+ }), s = W, p = x.map((o) => ({
166
+ role_id: l.id,
167
+ resource_server_identifier: s,
168
+ permission_name: o.value
169
169
  }));
170
170
  return await t.adapters.rolePermissions.assign(
171
171
  e,
172
- o.id,
173
- d
174
- ), o.id;
172
+ l.id,
173
+ p
174
+ ), l.id;
175
175
  }
176
- function G(t, e, n = () => !0) {
177
- const { controlPlaneTenantId: r, getChildTenantIds: s, getAdapters: c } = t, o = /* @__PURE__ */ new Map();
178
- async function a(i, f, l) {
176
+ function L(t, e, n = () => !0) {
177
+ const { controlPlaneTenantId: r, getChildTenantIds: a, getAdapters: c } = t, l = /* @__PURE__ */ new Map();
178
+ async function s(i, f, d) {
179
179
  return (await e(i).list(f, {
180
- q: `name:${l}`,
180
+ q: `name:${d}`,
181
181
  per_page: 1
182
182
  }))[0] ?? null;
183
183
  }
184
- async function d(i) {
185
- const f = await s(), l = e(await c(r));
184
+ async function p(i) {
185
+ const f = await a(), d = e(await c(r));
186
186
  await Promise.all(
187
- f.map(async (m) => {
187
+ f.map(async (u) => {
188
188
  try {
189
- const g = await c(m), p = e(g), w = {
190
- ...l.transform(i),
189
+ const m = await c(u), g = e(m), w = {
190
+ ...d.transform(i),
191
191
  is_system: !0
192
- }, y = await a(g, m, i.name), T = y ? p.getId(y) : void 0;
193
- if (y && T) {
194
- const b = p.preserveOnUpdate ? p.preserveOnUpdate(y, w) : w;
195
- await p.update(m, T, b);
192
+ }, y = await s(m, u, i.name), _ = y ? g.getId(y) : void 0;
193
+ if (y && _) {
194
+ const T = g.preserveOnUpdate ? g.preserveOnUpdate(y, w) : w;
195
+ await g.update(u, _, T);
196
196
  } else
197
- await p.create(m, w);
198
- } catch (g) {
197
+ await g.create(u, w);
198
+ } catch (m) {
199
199
  console.error(
200
- `Failed to sync ${l.listKey} "${i.name}" to tenant "${m}":`,
201
- g
200
+ `Failed to sync ${d.listKey} "${i.name}" to tenant "${u}":`,
201
+ m
202
202
  );
203
203
  }
204
204
  })
205
205
  );
206
206
  }
207
- async function u(i) {
208
- const f = await s();
207
+ async function o(i) {
208
+ const f = await a();
209
209
  await Promise.all(
210
- f.map(async (l) => {
210
+ f.map(async (d) => {
211
211
  try {
212
- const m = await c(l), g = e(m), p = await a(m, l, i), h = p ? g.getId(p) : void 0;
213
- p && h && await g.remove(l, h);
214
- } catch (m) {
212
+ const u = await c(d), m = e(u), g = await s(u, d, i), h = g ? m.getId(g) : void 0;
213
+ g && h && await m.remove(d, h);
214
+ } catch (u) {
215
215
  console.error(
216
- `Failed to delete entity "${i}" from tenant "${l}":`,
217
- m
216
+ `Failed to delete entity "${i}" from tenant "${d}":`,
217
+ u
218
218
  );
219
219
  }
220
220
  })
@@ -222,60 +222,60 @@ function G(t, e, n = () => !0) {
222
222
  }
223
223
  return {
224
224
  afterCreate: async (i, f) => {
225
- i.tenantId === r && n(f) && await d(f);
225
+ i.tenantId === r && n(f) && await p(f);
226
226
  },
227
- afterUpdate: async (i, f, l) => {
228
- i.tenantId === r && n(l) && await d(l);
227
+ afterUpdate: async (i, f, d) => {
228
+ i.tenantId === r && n(d) && await p(d);
229
229
  },
230
230
  beforeDelete: async (i, f) => {
231
231
  if (i.tenantId !== r) return;
232
- const m = await e(i.adapters).get(i.tenantId, f);
233
- m && n(m) && o.set(f, m);
232
+ const u = await e(i.adapters).get(i.tenantId, f);
233
+ u && n(u) && l.set(f, u);
234
234
  },
235
235
  afterDelete: async (i, f) => {
236
236
  if (i.tenantId !== r) return;
237
- const l = o.get(f);
238
- l && (o.delete(f), await u(l.name));
237
+ const d = l.get(f);
238
+ d && (l.delete(f), await o(d.name));
239
239
  }
240
240
  };
241
241
  }
242
- function L(t, e, n = () => !0) {
243
- const { controlPlaneTenantId: r, getControlPlaneAdapters: s, getAdapters: c } = t;
242
+ function U(t, e, n = () => !0) {
243
+ const { controlPlaneTenantId: r, getControlPlaneAdapters: a, getAdapters: c } = t;
244
244
  return {
245
- async afterCreate(o, a) {
246
- if (a.id !== r)
245
+ async afterCreate(l, s) {
246
+ if (s.id !== r)
247
247
  try {
248
- const d = await s(), u = await c(a.id), i = e(d), f = e(u), l = await z(
249
- (m) => i.listPaginated(r, m),
248
+ const p = await a(), o = await c(s.id), i = e(p), f = e(o), d = await O(
249
+ (u) => i.listPaginated(r, u),
250
250
  i.listKey,
251
251
  { cursorField: "id", pageSize: 100 }
252
252
  );
253
253
  await Promise.all(
254
- l.filter((m) => n(m)).map(async (m) => {
254
+ d.filter((u) => n(u)).map(async (u) => {
255
255
  try {
256
- const g = i.transform(m);
257
- await f.create(a.id, {
258
- ...g,
256
+ const m = i.transform(u);
257
+ await f.create(s.id, {
258
+ ...m,
259
259
  is_system: !0
260
260
  });
261
- } catch (g) {
261
+ } catch (m) {
262
262
  console.error(
263
- `Failed to sync entity to new tenant "${a.id}":`,
264
- g
263
+ `Failed to sync entity to new tenant "${s.id}":`,
264
+ m
265
265
  );
266
266
  }
267
267
  })
268
268
  );
269
- } catch (d) {
269
+ } catch (p) {
270
270
  console.error(
271
- `Failed to sync entities to new tenant "${a.id}":`,
272
- d
271
+ `Failed to sync entities to new tenant "${s.id}":`,
272
+ p
273
273
  );
274
274
  }
275
275
  }
276
276
  };
277
277
  }
278
- const U = (t) => ({
278
+ const B = (t) => ({
279
279
  list: async (e, n) => (await t.resourceServers.list(e, n)).resource_servers,
280
280
  listPaginated: (e, n) => t.resourceServers.list(e, n),
281
281
  get: (e, n) => t.resourceServers.get(e, n),
@@ -293,7 +293,7 @@ const U = (t) => ({
293
293
  token_lifetime: e.token_lifetime,
294
294
  token_lifetime_for_web: e.token_lifetime_for_web
295
295
  })
296
- }), B = (t) => ({
296
+ }), K = (t) => ({
297
297
  list: async (e, n) => (await t.roles.list(e, n)).roles,
298
298
  listPaginated: (e, n) => t.roles.list(e, n),
299
299
  get: (e, n) => t.roles.get(e, n),
@@ -308,116 +308,116 @@ const U = (t) => ({
308
308
  description: e.description
309
309
  })
310
310
  });
311
- function K(t) {
311
+ function V(t) {
312
312
  var e;
313
313
  return ((e = t.metadata) == null ? void 0 : e.sync) !== !1;
314
314
  }
315
315
  function fe(t) {
316
- const { sync: e = {}, filters: n = {} } = t, r = e.resourceServers ?? !0, s = e.roles ?? !0, c = (g) => K(g) ? n.resourceServers ? n.resourceServers(g) : !0 : !1, o = (g) => K(g) ? n.roles ? n.roles(g) : !0 : !1, a = r ? G(
316
+ const { sync: e = {}, filters: n = {} } = t, r = e.resourceServers ?? !0, a = e.roles ?? !0, c = (m) => V(m) ? n.resourceServers ? n.resourceServers(m) : !0 : !1, l = (m) => V(m) ? n.roles ? n.roles(m) : !0 : !1, s = r ? L(
317
317
  t,
318
- U,
318
+ B,
319
319
  c
320
- ) : void 0, d = s ? G(
320
+ ) : void 0, p = a ? L(
321
321
  t,
322
- B,
323
- o
324
- ) : void 0, u = r ? L(
322
+ K,
323
+ l
324
+ ) : void 0, o = r ? U(
325
325
  t,
326
- U,
326
+ B,
327
327
  c
328
- ) : void 0, i = s ? L(
328
+ ) : void 0, i = a ? U(
329
329
  t,
330
- B,
331
- o
332
- ) : void 0, f = s ? {
333
- async afterCreate(g, p) {
330
+ K,
331
+ l
332
+ ) : void 0, f = a ? {
333
+ async afterCreate(m, g) {
334
334
  var h;
335
- if (p.id !== t.controlPlaneTenantId) {
336
- await ((h = i == null ? void 0 : i.afterCreate) == null ? void 0 : h.call(i, g, p));
335
+ if (g.id !== t.controlPlaneTenantId) {
336
+ await ((h = i == null ? void 0 : i.afterCreate) == null ? void 0 : h.call(i, m, g));
337
337
  try {
338
- const w = await t.getControlPlaneAdapters(), y = await t.getAdapters(p.id), T = await z(
338
+ const w = await t.getControlPlaneAdapters(), y = await t.getAdapters(g.id), _ = await O(
339
339
  (A) => w.roles.list(
340
340
  t.controlPlaneTenantId,
341
341
  A
342
342
  ),
343
343
  "roles",
344
344
  { cursorField: "id", pageSize: 100 }
345
- ), b = /* @__PURE__ */ new Map();
346
- for (const A of T.filter(
347
- (_) => {
348
- var v;
349
- return ((v = n.roles) == null ? void 0 : v.call(n, _)) ?? !0;
345
+ ), T = /* @__PURE__ */ new Map();
346
+ for (const A of _.filter(
347
+ (v) => {
348
+ var b;
349
+ return ((b = n.roles) == null ? void 0 : b.call(n, v)) ?? !0;
350
350
  }
351
351
  )) {
352
- const _ = await l(
352
+ const v = await d(
353
353
  y,
354
- p.id,
354
+ g.id,
355
355
  A.name
356
356
  );
357
- _ && b.set(A.name, _.id);
357
+ v && T.set(A.name, v.id);
358
358
  }
359
- for (const A of T.filter(
360
- (_) => {
361
- var v;
362
- return ((v = n.roles) == null ? void 0 : v.call(n, _)) ?? !0;
359
+ for (const A of _.filter(
360
+ (v) => {
361
+ var b;
362
+ return ((b = n.roles) == null ? void 0 : b.call(n, v)) ?? !0;
363
363
  }
364
364
  )) {
365
- const _ = b.get(A.name);
366
- if (_)
365
+ const v = T.get(A.name);
366
+ if (v)
367
367
  try {
368
- const v = await w.rolePermissions.list(
368
+ const b = await w.rolePermissions.list(
369
369
  t.controlPlaneTenantId,
370
370
  A.id,
371
371
  {}
372
372
  );
373
- v.length > 0 && await y.rolePermissions.assign(
374
- p.id,
375
- _,
376
- v.map((P) => ({
377
- role_id: _,
378
- resource_server_identifier: P.resource_server_identifier,
379
- permission_name: P.permission_name
373
+ b.length > 0 && await y.rolePermissions.assign(
374
+ g.id,
375
+ v,
376
+ b.map((C) => ({
377
+ role_id: v,
378
+ resource_server_identifier: C.resource_server_identifier,
379
+ permission_name: C.permission_name
380
380
  }))
381
381
  );
382
- } catch (v) {
382
+ } catch (b) {
383
383
  console.error(
384
- `Failed to sync permissions for role "${A.name}" to tenant "${p.id}":`,
385
- v
384
+ `Failed to sync permissions for role "${A.name}" to tenant "${g.id}":`,
385
+ b
386
386
  );
387
387
  }
388
388
  }
389
389
  } catch (w) {
390
390
  console.error(
391
- `Failed to sync role permissions to tenant "${p.id}":`,
391
+ `Failed to sync role permissions to tenant "${g.id}":`,
392
392
  w
393
393
  );
394
394
  }
395
395
  }
396
396
  }
397
397
  } : void 0;
398
- async function l(g, p, h) {
399
- return (await g.roles.list(p, {
398
+ async function d(m, g, h) {
399
+ return (await m.roles.list(g, {
400
400
  q: `name:${h}`,
401
401
  per_page: 1
402
402
  })).roles[0] ?? null;
403
403
  }
404
404
  return {
405
405
  entityHooks: {
406
- resourceServers: a,
407
- roles: d
406
+ resourceServers: s,
407
+ roles: p
408
408
  },
409
409
  tenantHooks: {
410
- async afterCreate(g, p) {
410
+ async afterCreate(m, g) {
411
411
  const h = [
412
- u == null ? void 0 : u.afterCreate,
412
+ o == null ? void 0 : o.afterCreate,
413
413
  (f == null ? void 0 : f.afterCreate) ?? (i == null ? void 0 : i.afterCreate)
414
414
  ], w = [];
415
415
  for (const y of h)
416
416
  if (y)
417
417
  try {
418
- await y(g, p);
419
- } catch (T) {
420
- w.push(T instanceof Error ? T : new Error(String(T)));
418
+ await y(m, g);
419
+ } catch (_) {
420
+ w.push(_ instanceof Error ? _ : new Error(String(_)));
421
421
  }
422
422
  if (w.length === 1) throw w[0];
423
423
  if (w.length > 1)
@@ -429,7 +429,7 @@ function fe(t) {
429
429
  }
430
430
  };
431
431
  }
432
- var C = class extends Error {
432
+ var P = class extends Error {
433
433
  /**
434
434
  * Creates an instance of `HTTPException`.
435
435
  * @param status - HTTP status code for the exception. Defaults to 500.
@@ -437,8 +437,8 @@ var C = class extends Error {
437
437
  */
438
438
  constructor(e = 500, n) {
439
439
  super(n == null ? void 0 : n.message, { cause: n == null ? void 0 : n.cause });
440
- R(this, "res");
441
- R(this, "status");
440
+ F(this, "res");
441
+ F(this, "status");
442
442
  this.res = n == null ? void 0 : n.res, this.status = e;
443
443
  }
444
444
  /**
@@ -455,7 +455,7 @@ var C = class extends Error {
455
455
  });
456
456
  }
457
457
  };
458
- function D(t, e) {
458
+ function E(t, e) {
459
459
  const n = new re();
460
460
  return n.openapi(
461
461
  M({
@@ -475,7 +475,7 @@ function D(t, e) {
475
475
  content: {
476
476
  "application/json": {
477
477
  schema: S.object({
478
- tenants: S.array(H),
478
+ tenants: S.array(G),
479
479
  start: S.number().optional(),
480
480
  limit: S.number().optional(),
481
481
  length: S.number().optional()
@@ -487,72 +487,72 @@ function D(t, e) {
487
487
  }
488
488
  }),
489
489
  async (r) => {
490
- var g, p, h, w, y, T;
491
- const s = r.req.valid("query"), { page: c, per_page: o, include_totals: a, q: d } = s, u = r.var.user, i = (u == null ? void 0 : u.permissions) || [];
490
+ var m, g, h, w, y, _;
491
+ const a = r.req.valid("query"), { page: c, per_page: l, include_totals: s, q: p } = a, o = r.var.user, i = (o == null ? void 0 : o.permissions) || [];
492
492
  if (i.includes("auth:read") || i.includes("admin:organizations")) {
493
- const b = await r.env.data.tenants.list({
493
+ const T = await r.env.data.tenants.list({
494
494
  page: c,
495
- per_page: o,
496
- include_totals: a,
497
- q: d
495
+ per_page: l,
496
+ include_totals: s,
497
+ q: p
498
498
  });
499
- return a ? r.json({
500
- tenants: b.tenants,
501
- start: ((g = b.totals) == null ? void 0 : g.start) ?? 0,
502
- limit: ((p = b.totals) == null ? void 0 : p.limit) ?? o,
503
- length: b.tenants.length
504
- }) : r.json({ tenants: b.tenants });
499
+ return s ? r.json({
500
+ tenants: T.tenants,
501
+ start: ((m = T.totals) == null ? void 0 : m.start) ?? 0,
502
+ limit: ((g = T.totals) == null ? void 0 : g.limit) ?? l,
503
+ length: T.tenants.length
504
+ }) : r.json({ tenants: T.tenants });
505
505
  }
506
- const l = ((h = t.accessControl) == null ? void 0 : h.controlPlaneTenantId) ?? ((w = r.env.data.multiTenancyConfig) == null ? void 0 : w.controlPlaneTenantId);
507
- if (l && (u != null && u.sub)) {
508
- const A = (await z(
509
- ($) => r.env.data.userOrganizations.listUserOrganizations(
510
- l,
511
- u.sub,
512
- $
506
+ const d = ((h = t.accessControl) == null ? void 0 : h.controlPlaneTenantId) ?? ((w = r.env.data.multiTenancyConfig) == null ? void 0 : w.controlPlaneTenantId);
507
+ if (d && (o != null && o.sub)) {
508
+ const A = (await O(
509
+ (z) => r.env.data.userOrganizations.listUserOrganizations(
510
+ d,
511
+ o.sub,
512
+ z
513
513
  ),
514
514
  "organizations"
515
- )).map(($) => $.name);
515
+ )).map((z) => z.name);
516
516
  if (A.length === 0)
517
- return a ? r.json({
517
+ return s ? r.json({
518
518
  tenants: [],
519
519
  start: 0,
520
- limit: o ?? 50,
520
+ limit: l ?? 50,
521
521
  length: 0
522
522
  }) : r.json({ tenants: [] });
523
- const _ = A.length, v = c ?? 0, P = o ?? 50, I = v * P, k = A.slice(I, I + P);
524
- if (k.length === 0)
525
- return a ? r.json({
523
+ const v = A.length, b = c ?? 0, C = l ?? 50, $ = b * C, I = A.slice($, $ + C);
524
+ if (I.length === 0)
525
+ return s ? r.json({
526
526
  tenants: [],
527
- start: I,
528
- limit: P,
529
- length: _
527
+ start: $,
528
+ limit: C,
529
+ length: v
530
530
  }) : r.json({ tenants: [] });
531
- const E = k.map(($) => `id:${$}`).join(" OR "), J = d ? `(${E}) AND (${d})` : E, N = await r.env.data.tenants.list({
531
+ const N = I.map((z) => `id:${z}`).join(" OR "), J = p ? `(${N}) AND (${p})` : N, H = await r.env.data.tenants.list({
532
532
  q: J,
533
- per_page: P,
533
+ per_page: C,
534
534
  include_totals: !1
535
535
  // We calculate totals from accessibleTenantIds
536
536
  });
537
- return a ? r.json({
538
- tenants: N.tenants,
539
- start: I,
540
- limit: P,
541
- length: _
542
- }) : r.json({ tenants: N.tenants });
537
+ return s ? r.json({
538
+ tenants: H.tenants,
539
+ start: $,
540
+ limit: C,
541
+ length: v
542
+ }) : r.json({ tenants: H.tenants });
543
543
  }
544
- const m = await r.env.data.tenants.list({
544
+ const u = await r.env.data.tenants.list({
545
545
  page: c,
546
- per_page: o,
547
- include_totals: a,
548
- q: d
546
+ per_page: l,
547
+ include_totals: s,
548
+ q: p
549
549
  });
550
- return a ? r.json({
551
- tenants: m.tenants,
552
- start: ((y = m.totals) == null ? void 0 : y.start) ?? 0,
553
- limit: ((T = m.totals) == null ? void 0 : T.limit) ?? o,
554
- length: m.tenants.length
555
- }) : r.json({ tenants: m.tenants });
550
+ return s ? r.json({
551
+ tenants: u.tenants,
552
+ start: ((y = u.totals) == null ? void 0 : y.start) ?? 0,
553
+ limit: ((_ = u.totals) == null ? void 0 : _.limit) ?? l,
554
+ length: u.tenants.length
555
+ }) : r.json({ tenants: u.tenants });
556
556
  }
557
557
  ), n.openapi(
558
558
  M({
@@ -577,7 +577,7 @@ function D(t, e) {
577
577
  201: {
578
578
  content: {
579
579
  "application/json": {
580
- schema: H
580
+ schema: G
581
581
  }
582
582
  },
583
583
  description: "Tenant created"
@@ -591,20 +591,20 @@ function D(t, e) {
591
591
  }
592
592
  }),
593
593
  async (r) => {
594
- var d, u;
595
- const s = r.var.user;
596
- if (!(s != null && s.sub))
597
- throw new C(401, {
594
+ var p, o;
595
+ const a = r.var.user;
596
+ if (!(a != null && a.sub))
597
+ throw new P(401, {
598
598
  message: "Authentication required to create tenants"
599
599
  });
600
600
  let c = r.req.valid("json");
601
- const o = {
601
+ const l = {
602
602
  adapters: r.env.data,
603
603
  ctx: r
604
604
  };
605
- (d = e.tenants) != null && d.beforeCreate && (c = await e.tenants.beforeCreate(o, c));
606
- const a = await r.env.data.tenants.create(c);
607
- return (u = e.tenants) != null && u.afterCreate && await e.tenants.afterCreate(o, a), r.json(a, 201);
605
+ (p = e.tenants) != null && p.beforeCreate && (c = await e.tenants.beforeCreate(l, c));
606
+ const s = await r.env.data.tenants.create(c);
607
+ return (o = e.tenants) != null && o.afterCreate && await e.tenants.afterCreate(l, s), r.json(s, 201);
608
608
  }
609
609
  ), n.openapi(
610
610
  M({
@@ -634,39 +634,39 @@ function D(t, e) {
634
634
  }
635
635
  }),
636
636
  async (r) => {
637
- var d, u, i, f;
638
- const { id: s } = r.req.valid("param"), c = ((d = t.accessControl) == null ? void 0 : d.controlPlaneTenantId) ?? ((u = r.env.data.multiTenancyConfig) == null ? void 0 : u.controlPlaneTenantId);
637
+ var p, o, i, f;
638
+ const { id: a } = r.req.valid("param"), c = ((p = t.accessControl) == null ? void 0 : p.controlPlaneTenantId) ?? ((o = r.env.data.multiTenancyConfig) == null ? void 0 : o.controlPlaneTenantId);
639
639
  if (c) {
640
- const l = r.var.user;
641
- if (!(l != null && l.sub))
642
- throw new C(401, {
640
+ const d = r.var.user;
641
+ if (!(d != null && d.sub))
642
+ throw new P(401, {
643
643
  message: "Authentication required"
644
644
  });
645
- if (s === c)
646
- throw new C(403, {
645
+ if (a === c)
646
+ throw new P(403, {
647
647
  message: "Cannot delete the control plane"
648
648
  });
649
- if (!(await z(
650
- (p) => r.env.data.userOrganizations.listUserOrganizations(
649
+ if (!(await O(
650
+ (g) => r.env.data.userOrganizations.listUserOrganizations(
651
651
  c,
652
- l.sub,
653
- p
652
+ d.sub,
653
+ g
654
654
  ),
655
655
  "organizations"
656
- )).some((p) => p.name === s))
657
- throw new C(403, {
656
+ )).some((g) => g.name === a))
657
+ throw new P(403, {
658
658
  message: "Access denied to this tenant"
659
659
  });
660
660
  }
661
- if (!await r.env.data.tenants.get(s))
662
- throw new C(404, {
661
+ if (!await r.env.data.tenants.get(a))
662
+ throw new P(404, {
663
663
  message: "Tenant not found"
664
664
  });
665
- const a = {
665
+ const s = {
666
666
  adapters: r.env.data,
667
667
  ctx: r
668
668
  };
669
- return (i = e.tenants) != null && i.beforeDelete && await e.tenants.beforeDelete(a, s), await r.env.data.tenants.remove(s), (f = e.tenants) != null && f.afterDelete && await e.tenants.afterDelete(a, s), r.body(null, 204);
669
+ return (i = e.tenants) != null && i.beforeDelete && await e.tenants.beforeDelete(s, a), await r.env.data.tenants.remove(a), (f = e.tenants) != null && f.afterDelete && await e.tenants.afterDelete(s, a), r.body(null, 204);
670
670
  }
671
671
  ), n;
672
672
  }
@@ -680,13 +680,13 @@ function me(t) {
680
680
  { pattern: /\/api\/v2\/connections\/([^/]+)$/, type: "connection" }
681
681
  ];
682
682
  for (const { pattern: n, type: r } of e) {
683
- const s = t.match(n);
684
- if (s && s[1])
685
- return { type: r, id: s[1] };
683
+ const a = t.match(n);
684
+ if (a && a[1])
685
+ return { type: r, id: a[1] };
686
686
  }
687
687
  return null;
688
688
  }
689
- async function ge(t, e, n) {
689
+ async function pe(t, e, n) {
690
690
  try {
691
691
  switch (n.type) {
692
692
  case "resource_server": {
@@ -708,7 +708,7 @@ async function ge(t, e, n) {
708
708
  return !1;
709
709
  }
710
710
  }
711
- function pe(t) {
711
+ function ge(t) {
712
712
  return {
713
713
  resource_server: "resource server",
714
714
  role: "role",
@@ -725,15 +725,31 @@ function we() {
725
725
  const r = t.var.tenant_id || t.req.header("x-tenant-id") || t.req.header("tenant-id");
726
726
  if (!r)
727
727
  return e();
728
- if (await ge(t.env.data, r, n))
729
- throw new C(403, {
730
- message: `This ${pe(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
728
+ if (await pe(t.env.data, r, n))
729
+ throw new P(403, {
730
+ message: `This ${ge(n.type)} is a system resource and cannot be modified. Make changes in the control plane instead.`
731
731
  });
732
732
  return e();
733
733
  };
734
734
  }
735
- function Q(t, e) {
736
- const { controlPlaneTenantId: n, controlPlaneClientId: r } = e;
735
+ const ye = [
736
+ "client_secret",
737
+ "app_secret",
738
+ "twilio_token"
739
+ ];
740
+ function q(t) {
741
+ if (!t) return t;
742
+ const e = { ...t };
743
+ for (const n of ye)
744
+ delete e[n];
745
+ return e;
746
+ }
747
+ function he(t, e) {
748
+ const {
749
+ controlPlaneTenantId: n,
750
+ controlPlaneClientId: r,
751
+ excludeSensitiveFields: a = !1
752
+ } = e;
737
753
  return {
738
754
  ...t,
739
755
  // Store config for use by tenants route access control
@@ -743,98 +759,98 @@ function Q(t, e) {
743
759
  },
744
760
  legacyClients: {
745
761
  ...t.legacyClients,
746
- get: async (s) => {
747
- var f;
748
- const c = await t.legacyClients.get(s);
749
- if (!c)
762
+ get: async (c) => {
763
+ var d;
764
+ const l = await t.legacyClients.get(c);
765
+ if (!l)
750
766
  return null;
751
- const o = r ? await t.legacyClients.get(r) : void 0, a = await t.connections.list(
752
- c.tenant.id
753
- ), d = n ? await t.connections.list(n) : { connections: [] }, u = a.connections.map((l) => {
754
- var p;
755
- const m = (p = d.connections) == null ? void 0 : p.find(
756
- (h) => h.strategy === l.strategy
767
+ const s = r ? await t.legacyClients.get(r) : void 0, p = await t.connections.list(
768
+ l.tenant.id
769
+ ), o = n ? await t.connections.list(n) : { connections: [] }, i = p.connections.map((u) => {
770
+ var w;
771
+ const m = (w = o.connections) == null ? void 0 : w.find(
772
+ (y) => y.strategy === u.strategy
757
773
  );
758
774
  if (!(m != null && m.options))
759
- return l;
760
- const g = F.parse({
775
+ return u;
776
+ const g = R.parse({
761
777
  ...m || {},
762
- ...l
763
- });
764
- return g.options = O.parse({
765
- ...m.options || {},
766
- ...l.options
778
+ ...u
779
+ }), h = a ? q(m.options) : m.options;
780
+ return g.options = D.parse({
781
+ ...h || {},
782
+ ...u.options
767
783
  }), g;
768
- }).filter((l) => l), i = {
769
- ...(o == null ? void 0 : o.tenant) || {},
770
- ...c.tenant
784
+ }).filter((u) => u), f = {
785
+ ...(s == null ? void 0 : s.tenant) || {},
786
+ ...l.tenant
771
787
  };
772
- return !c.tenant.audience && ((f = o == null ? void 0 : o.tenant) != null && f.audience) && (i.audience = o.tenant.audience), {
773
- ...c,
788
+ return !l.tenant.audience && ((d = s == null ? void 0 : s.tenant) != null && d.audience) && (f.audience = s.tenant.audience), {
789
+ ...l,
774
790
  web_origins: [
775
- ...(o == null ? void 0 : o.web_origins) || [],
776
- ...c.web_origins || []
791
+ ...(s == null ? void 0 : s.web_origins) || [],
792
+ ...l.web_origins || []
777
793
  ],
778
794
  allowed_logout_urls: [
779
- ...(o == null ? void 0 : o.allowed_logout_urls) || [],
780
- ...c.allowed_logout_urls || []
795
+ ...(s == null ? void 0 : s.allowed_logout_urls) || [],
796
+ ...l.allowed_logout_urls || []
781
797
  ],
782
798
  callbacks: [
783
- ...(o == null ? void 0 : o.callbacks) || [],
784
- ...c.callbacks || []
799
+ ...(s == null ? void 0 : s.callbacks) || [],
800
+ ...l.callbacks || []
785
801
  ],
786
- connections: u,
787
- tenant: i
802
+ connections: i,
803
+ tenant: f
788
804
  };
789
805
  }
790
806
  },
791
807
  connections: {
792
808
  ...t.connections,
793
- get: async (s, c) => {
794
- var i;
795
- const o = await t.connections.get(
796
- s,
797
- c
809
+ get: async (c, l) => {
810
+ var d;
811
+ const s = await t.connections.get(
812
+ c,
813
+ l
798
814
  );
799
- if (!o || !n || s === n)
800
- return o;
801
- const d = (i = (await t.connections.list(n)).connections) == null ? void 0 : i.find(
802
- (f) => f.strategy === o.strategy
815
+ if (!s || !n || c === n)
816
+ return s;
817
+ const o = (d = (await t.connections.list(n)).connections) == null ? void 0 : d.find(
818
+ (u) => u.strategy === s.strategy
803
819
  );
804
- if (!(d != null && d.options))
805
- return o;
806
- const u = F.parse({
807
- ...d,
808
- ...o
809
- });
810
- return u.options = O.parse({
811
- ...d.options || {},
812
- ...o.options
813
- }), u;
820
+ if (!(o != null && o.options))
821
+ return s;
822
+ const i = R.parse({
823
+ ...o,
824
+ ...s
825
+ }), f = a ? q(o.options) : o.options;
826
+ return i.options = D.parse({
827
+ ...f || {},
828
+ ...s.options
829
+ }), i;
814
830
  },
815
- list: async (s, c) => {
816
- const o = await t.connections.list(s, c);
817
- if (!n || s === n)
818
- return o;
819
- const a = await t.connections.list(n), d = o.connections.map((u) => {
820
- var l;
821
- const i = (l = a.connections) == null ? void 0 : l.find(
822
- (m) => m.strategy === u.strategy
831
+ list: async (c, l) => {
832
+ const s = await t.connections.list(c, l);
833
+ if (!n || c === n)
834
+ return s;
835
+ const p = await t.connections.list(n), o = s.connections.map((i) => {
836
+ var m;
837
+ const f = (m = p.connections) == null ? void 0 : m.find(
838
+ (g) => g.strategy === i.strategy
823
839
  );
824
- if (!(i != null && i.options))
825
- return u;
826
- const f = F.parse({
827
- ...i,
828
- ...u
829
- });
830
- return f.options = O.parse({
831
- ...i.options || {},
832
- ...u.options
833
- }), f;
840
+ if (!(f != null && f.options))
841
+ return i;
842
+ const d = R.parse({
843
+ ...f,
844
+ ...i
845
+ }), u = a ? q(f.options) : f.options;
846
+ return d.options = D.parse({
847
+ ...u || {},
848
+ ...i.options
849
+ }), d;
834
850
  });
835
851
  return {
836
- ...o,
837
- connections: d
852
+ ...s,
853
+ connections: o
838
854
  };
839
855
  }
840
856
  }
@@ -847,174 +863,185 @@ function Q(t, e) {
847
863
  // They remain part of ...baseAdapters and can be properly wrapped by caching.
848
864
  };
849
865
  }
850
- function q(t, e) {
851
- return Q(t, e);
866
+ function j(t, e) {
867
+ return he(t, e);
852
868
  }
853
- const Pe = Q, Se = q;
854
- function ye(t) {
869
+ function ve(t) {
855
870
  return async (e, n) => {
856
871
  const r = e.var.user;
857
872
  return (r == null ? void 0 : r.tenant_id) === t && r.org_name && e.set("tenant_id", r.org_name), n();
858
873
  };
859
874
  }
860
- function he(t) {
875
+ function _e(t) {
861
876
  return async (e, n) => {
862
877
  if (!t.accessControl)
863
878
  return n();
864
- const { controlPlaneTenantId: r } = t.accessControl, s = e.var.org_name, c = e.var.organization_id, o = s || c;
865
- let a = e.var.tenant_id;
866
- const d = e.var.user, i = (d != null && d.aud ? Array.isArray(d.aud) ? d.aud : [d.aud] : []).includes(W);
867
- if (!a && o && i && (e.set("tenant_id", o), a = o), !a)
868
- throw new C(400, {
879
+ const { controlPlaneTenantId: r } = t.accessControl, a = e.var.org_name, c = e.var.organization_id, l = a || c;
880
+ let s = e.var.tenant_id;
881
+ const p = e.var.user, i = (p != null && p.aud ? Array.isArray(p.aud) ? p.aud : [p.aud] : []).includes(W);
882
+ if (!s && l && i && (e.set("tenant_id", l), s = l), !s)
883
+ throw new P(400, {
869
884
  message: "Tenant ID not found in request"
870
885
  });
871
886
  if (!ae(
872
887
  c,
873
- a,
888
+ s,
874
889
  r,
875
- s
890
+ a
876
891
  ))
877
- throw new C(403, {
878
- message: `Access denied to tenant ${a}`
892
+ throw new P(403, {
893
+ message: `Access denied to tenant ${s}`
879
894
  });
880
895
  return n();
881
896
  };
882
897
  }
883
- function ve(t) {
898
+ function Te(t) {
884
899
  return async (e, n) => {
885
900
  if (!t.subdomainRouting)
886
901
  return n();
887
902
  const {
888
903
  baseDomain: r,
889
- reservedSubdomains: s = [],
904
+ reservedSubdomains: a = [],
890
905
  resolveSubdomain: c
891
- } = t.subdomainRouting, o = e.req.header("host") || "";
892
- let a = null;
893
- if (o.endsWith(r)) {
894
- const u = o.slice(0, -(r.length + 1));
895
- u && !u.includes(".") && (a = u);
906
+ } = t.subdomainRouting, l = e.req.header("host") || "";
907
+ let s = null;
908
+ if (l.endsWith(r)) {
909
+ const o = l.slice(0, -(r.length + 1));
910
+ o && !o.includes(".") && (s = o);
896
911
  }
897
- if (a && s.includes(a) && (a = null), !a)
912
+ if (s && a.includes(s) && (s = null), !s)
898
913
  return t.accessControl && e.set("tenant_id", t.accessControl.controlPlaneTenantId), n();
899
- let d = null;
914
+ let p = null;
900
915
  if (c)
901
- d = await c(a);
916
+ p = await c(s);
902
917
  else if (t.subdomainRouting.useOrganizations !== !1 && t.accessControl)
903
918
  try {
904
- const u = await e.env.data.organizations.get(
919
+ const o = await e.env.data.organizations.get(
905
920
  t.accessControl.controlPlaneTenantId,
906
- a
921
+ s
907
922
  );
908
- u && (d = u.id);
923
+ o && (p = o.id);
909
924
  } catch {
910
925
  }
911
- if (!d)
912
- throw new C(404, {
913
- message: `Tenant not found for subdomain: ${a}`
926
+ if (!p)
927
+ throw new P(404, {
928
+ message: `Tenant not found for subdomain: ${s}`
914
929
  });
915
- return e.set("tenant_id", d), n();
930
+ return e.set("tenant_id", p), n();
916
931
  };
917
932
  }
918
- function Te(t) {
933
+ function Ae(t) {
919
934
  return async (e, n) => {
920
935
  if (!t.databaseIsolation)
921
936
  return n();
922
937
  const r = e.var.tenant_id;
923
938
  if (!r)
924
- throw new C(400, {
939
+ throw new P(400, {
925
940
  message: "Tenant ID not found in request"
926
941
  });
927
942
  try {
928
- const s = await t.databaseIsolation.getAdapters(r);
929
- e.env.data = s;
930
- } catch (s) {
943
+ const a = await t.databaseIsolation.getAdapters(r);
944
+ e.env.data = a;
945
+ } catch (a) {
931
946
  throw console.error(
932
947
  `Failed to resolve database for tenant ${r}:`,
933
- s
934
- ), new C(500, {
948
+ a
949
+ ), new P(500, {
935
950
  message: "Failed to resolve tenant database"
936
951
  });
937
952
  }
938
953
  return n();
939
954
  };
940
955
  }
941
- function V(t) {
942
- const e = ve(t), n = he(t), r = Te(t);
943
- return async (s, c) => (await e(s, async () => {
944
- }), await n(s, async () => {
945
- }), await r(s, async () => {
956
+ function Q(t) {
957
+ const e = Te(t), n = _e(t), r = Ae(t);
958
+ return async (a, c) => (await e(a, async () => {
959
+ }), await n(a, async () => {
960
+ }), await r(a, async () => {
946
961
  }), c());
947
962
  }
948
963
  function $e(t) {
949
964
  const {
950
965
  dataAdapter: e,
951
966
  controlPlane: n,
952
- sync: r = { resourceServers: !0, roles: !0 },
953
- defaultPermissions: s = ["tenant:admin"],
954
- requireOrganizationMatch: c = !1,
955
- managementApiExtensions: o = [],
956
- entityHooks: a,
957
- getChildTenantIds: d,
958
- getAdapters: u,
959
- ...i
960
- } = t, f = (n == null ? void 0 : n.tenantId) ?? "control_plane", l = n == null ? void 0 : n.clientId, m = n ? q(e, {
961
- controlPlaneTenantId: f,
962
- controlPlaneClientId: l
963
- }) : e, g = r !== !1, p = g ? {
964
- resourceServers: r.resourceServers ?? !0,
965
- roles: r.roles ?? !0
966
- } : { resourceServers: !1, roles: !1 }, y = {
967
- controlPlaneTenantId: f,
968
- getChildTenantIds: d ?? (async () => (await z(
969
- (I) => m.tenants.list(I),
967
+ controlPlane: {
968
+ tenantId: r = "control_plane",
969
+ clientId: a
970
+ } = {},
971
+ sync: c = { resourceServers: !0, roles: !0 },
972
+ defaultPermissions: l = ["tenant:admin"],
973
+ requireOrganizationMatch: s = !1,
974
+ managementApiExtensions: p = [],
975
+ entityHooks: o,
976
+ getChildTenantIds: i,
977
+ getAdapters: f,
978
+ ...d
979
+ } = t;
980
+ let u = e, m = e;
981
+ n && (u = j(e, {
982
+ controlPlaneTenantId: r,
983
+ controlPlaneClientId: a
984
+ }), m = j(e, {
985
+ controlPlaneTenantId: r,
986
+ controlPlaneClientId: a,
987
+ excludeSensitiveFields: !0
988
+ }));
989
+ const g = c !== !1, h = g ? {
990
+ resourceServers: c.resourceServers ?? !0,
991
+ roles: c.roles ?? !0
992
+ } : { resourceServers: !1, roles: !1 }, _ = {
993
+ controlPlaneTenantId: r,
994
+ getChildTenantIds: i ?? (async () => (await O(
995
+ (I) => u.tenants.list(I),
970
996
  "tenants",
971
997
  { cursorField: "id", pageSize: 100 }
972
- )).filter((I) => I.id !== f).map((I) => I.id)),
973
- getAdapters: u ?? (async () => m),
974
- getControlPlaneAdapters: async () => m,
975
- sync: p
976
- }, { entityHooks: T, tenantHooks: b } = fe(y), A = {
998
+ )).filter((I) => I.id !== r).map((I) => I.id)),
999
+ getAdapters: f ?? (async () => u),
1000
+ getControlPlaneAdapters: async () => u,
1001
+ sync: h
1002
+ }, { entityHooks: T, tenantHooks: A } = fe(_), v = {
977
1003
  resourceServers: [
978
1004
  T.resourceServers,
979
- ...(a == null ? void 0 : a.resourceServers) ?? []
1005
+ ...(o == null ? void 0 : o.resourceServers) ?? []
980
1006
  ],
981
- roles: [T.roles, ...(a == null ? void 0 : a.roles) ?? []],
982
- connections: (a == null ? void 0 : a.connections) ?? [],
983
- tenants: (a == null ? void 0 : a.tenants) ?? [],
984
- rolePermissions: (a == null ? void 0 : a.rolePermissions) ?? []
985
- }, _ = D(
1007
+ roles: [T.roles, ...(o == null ? void 0 : o.roles) ?? []],
1008
+ connections: (o == null ? void 0 : o.connections) ?? [],
1009
+ tenants: (o == null ? void 0 : o.tenants) ?? [],
1010
+ rolePermissions: (o == null ? void 0 : o.rolePermissions) ?? []
1011
+ }, b = E(
986
1012
  {
987
1013
  accessControl: {
988
- controlPlaneTenantId: f,
989
- requireOrganizationMatch: c,
990
- defaultPermissions: s
1014
+ controlPlaneTenantId: r,
1015
+ requireOrganizationMatch: s,
1016
+ defaultPermissions: l
991
1017
  }
992
1018
  },
993
- { tenants: b }
994
- ), { app: v } = ne({
995
- dataAdapter: m,
996
- ...i,
997
- entityHooks: A,
1019
+ { tenants: A }
1020
+ ), { app: C } = ne({
1021
+ dataAdapter: u,
1022
+ managementDataAdapter: m,
1023
+ ...d,
1024
+ entityHooks: v,
998
1025
  managementApiExtensions: [
999
- ...o,
1000
- { path: "/tenants", router: _ }
1026
+ ...p,
1027
+ { path: "/tenants", router: b }
1001
1028
  ]
1002
1029
  });
1003
- return v.use("/api/v2/*", ye(f)), g && v.use("/api/v2/*", we()), { app: v, controlPlaneTenantId: f };
1030
+ return C.use("/api/v2/*", ve(r)), g && C.use("/api/v2/*", we()), { app: C, controlPlaneTenantId: r };
1004
1031
  }
1005
1032
  function ze(t) {
1006
- const e = j(t);
1033
+ const e = k(t);
1007
1034
  return {
1008
1035
  name: "multi-tenancy",
1009
1036
  // Apply multi-tenancy middleware for subdomain routing, database resolution, etc.
1010
- middleware: V(t),
1037
+ middleware: Q(t),
1011
1038
  // Provide lifecycle hooks
1012
1039
  hooks: e,
1013
1040
  // Mount tenant management routes
1014
1041
  routes: [
1015
1042
  {
1016
1043
  path: "/management",
1017
- handler: D(t, e)
1044
+ handler: E(t, e)
1018
1045
  }
1019
1046
  ],
1020
1047
  // Called when plugin is registered
@@ -1027,7 +1054,7 @@ function ze(t) {
1027
1054
  }
1028
1055
  };
1029
1056
  }
1030
- function j(t) {
1057
+ function k(t) {
1031
1058
  const e = t.accessControl ? se(t.accessControl) : {}, n = t.databaseIsolation ? oe(t.databaseIsolation) : {}, r = ce(t);
1032
1059
  return {
1033
1060
  ...e,
@@ -1035,15 +1062,15 @@ function j(t) {
1035
1062
  tenants: r
1036
1063
  };
1037
1064
  }
1038
- function _e(t) {
1039
- const e = new Z(), n = j(t);
1040
- return e.route("/tenants", D(t, n)), e;
1065
+ function be(t) {
1066
+ const e = new Z(), n = k(t);
1067
+ return e.route("/tenants", E(t, n)), e;
1041
1068
  }
1042
- function Re(t) {
1069
+ function Oe(t) {
1043
1070
  return {
1044
- hooks: j(t),
1045
- middleware: V(t),
1046
- app: _e(t),
1071
+ hooks: k(t),
1072
+ middleware: Q(t),
1073
+ app: be(t),
1047
1074
  config: t,
1048
1075
  /**
1049
1076
  * Wraps data adapters with runtime fallback from the control plane.
@@ -1055,7 +1082,7 @@ function Re(t) {
1055
1082
  */
1056
1083
  wrapAdapters: (e, n) => {
1057
1084
  var r;
1058
- return q(e, {
1085
+ return j(e, {
1059
1086
  controlPlaneTenantId: (r = t.accessControl) == null ? void 0 : r.controlPlaneTenantId,
1060
1087
  controlPlaneClientId: n == null ? void 0 : n.controlPlaneClientId
1061
1088
  });
@@ -1064,24 +1091,22 @@ function Re(t) {
1064
1091
  }
1065
1092
  export {
1066
1093
  se as createAccessControlHooks,
1067
- he as createAccessControlMiddleware,
1068
- ye as createControlPlaneTenantMiddleware,
1094
+ _e as createAccessControlMiddleware,
1095
+ ve as createControlPlaneTenantMiddleware,
1069
1096
  oe as createDatabaseHooks,
1070
- Te as createDatabaseMiddleware,
1071
- _e as createMultiTenancy,
1072
- j as createMultiTenancyHooks,
1073
- V as createMultiTenancyMiddleware,
1097
+ Ae as createDatabaseMiddleware,
1098
+ be as createMultiTenancy,
1099
+ k as createMultiTenancyHooks,
1100
+ Q as createMultiTenancyMiddleware,
1074
1101
  ze as createMultiTenancyPlugin,
1075
1102
  we as createProtectSyncedMiddleware,
1076
1103
  ce as createProvisioningHooks,
1077
- Q as createRuntimeFallbackAdapter,
1078
- Pe as createSettingsInheritanceAdapter,
1079
- ve as createSubdomainMiddleware,
1104
+ he as createRuntimeFallbackAdapter,
1105
+ Te as createSubdomainMiddleware,
1080
1106
  fe as createSyncHooks,
1081
- D as createTenantsOpenAPIRouter,
1107
+ E as createTenantsOpenAPIRouter,
1082
1108
  $e as initMultiTenant,
1083
- Re as setupMultiTenancy,
1109
+ Oe as setupMultiTenancy,
1084
1110
  ae as validateTenantAccess,
1085
- q as withRuntimeFallback,
1086
- Se as withSettingsInheritance
1111
+ j as withRuntimeFallback
1087
1112
  };