@backstage/plugin-app-backend 0.3.65 → 0.3.66-next.0

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # @backstage/plugin-app-backend
 
+## 0.3.66-next.0
+
+### Patch Changes
+
+- Updated dependencies
+  - @backstage/plugin-auth-node@0.4.13-next.0
+  - @backstage/backend-common@0.21.8-next.0
+  - @backstage/backend-plugin-api@0.6.18-next.0
+  - @backstage/config@1.2.0
+  - @backstage/config-loader@1.8.0
+  - @backstage/errors@1.2.4
+  - @backstage/types@1.1.1
+  - @backstage/plugin-app-node@0.1.18-next.0
+
 ## 0.3.65
 
 ### Patch Changes

package/alpha/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-app-backend",
-  "version": "0.3.65",
+  "version": "0.3.66-next.0",
   "main": "../dist/alpha.cjs.js",
   "types": "../dist/alpha.d.ts"
 }

package/dist/alpha.cjs.js

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 
 var backendPluginApi = require('@backstage/backend-plugin-api');
-var router = require('./cjs/router-B9fabz1o.cjs.js');
+var router = require('./cjs/router-Bff6_vkM.cjs.js');
 var pluginAppNode = require('@backstage/plugin-app-node');
 require('@backstage/backend-common');
 require('helmet');

package/dist/cjs/{router-B9fabz1o.cjs.js → router-Bff6_vkM.cjs.js}

@@ -81,7 +81,7 @@ var __accessCheck = (obj, member, msg) => {
 };
 var __privateGet = (obj, member, getter) => {
   __accessCheck(obj, member, "read from private field");
-  return getter ? getter.call(obj) : member.get(obj);
+  return member.get(obj);
 };
 var __privateAdd = (obj, member, value) => {
   if (member.has(obj))
@@ -90,7 +90,7 @@ var __privateAdd = (obj, member, value) => {
 };
 var __privateSet = (obj, member, value, setter) => {
   __accessCheck(obj, member, "write to private field");
-  setter ? setter.call(obj, value) : member.set(obj, value);
+  member.set(obj, value);
   return value;
 };
 var _db, _logger, _namespace;
@@ -401,4 +401,4 @@ async function createEntryPointRouter({
 }
 
 exports.createRouter = createRouter;
-//# sourceMappingURL=router-B9fabz1o.cjs.js.map
+//# sourceMappingURL=router-Bff6_vkM.cjs.js.map

package/dist/cjs/{router-B9fabz1o.cjs.js.map → router-Bff6_vkM.cjs.js.map}

@@ -1 +1 @@
-{"version":3,"file":"router-B9fabz1o.cjs.js","sources":["../../src/lib/config.ts","../../src/lib/assets/StaticAssetsStore.ts","../../src/lib/assets/findStaticAssets.ts","../../src/lib/headers.ts","../../src/lib/assets/createStaticAssetMiddleware.ts","../../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport fs from 'fs-extra';\nimport { resolve as resolvePath } from 'path';\nimport { AppConfig, Config } from '@backstage/config';\nimport { JsonObject } from '@backstage/types';\nimport {\n  ConfigSchema,\n  loadConfigSchema,\n  readEnvConfig,\n} from '@backstage/config-loader';\nimport { LoggerService } from '@backstage/backend-plugin-api';\n\ntype InjectOptions = {\n  appConfigs: AppConfig[];\n  // Directory of the static JS files to search for file to inject\n  staticDir: string;\n  logger: LoggerService;\n};\n\n/**\n * Injects configs into the app bundle, replacing any existing injected config.\n */\nexport async function injectConfig(\n  options: InjectOptions,\n): Promise<string | undefined> {\n  const { staticDir, logger, appConfigs } = options;\n\n  const files = await fs.readdir(staticDir);\n  const jsFiles = files.filter(file => file.endsWith('.js'));\n\n  const escapedData = JSON.stringify(appConfigs).replace(/(\"|'|\\\\)/g, '\\\\$1');\n  const injected = `/*__APP_INJECTED_CONFIG_MARKER__*/\"${escapedData}\"/*__INJECTED_END__*/`;\n\n  for (const jsFile of jsFiles) {\n    const path = resolvePath(staticDir, jsFile);\n\n    const content = await fs.readFile(path, 'utf8');\n    if (content.includes('__APP_INJECTED_RUNTIME_CONFIG__')) {\n      logger.info(`Injecting env config into ${jsFile}`);\n\n      const newContent = content.replaceAll(\n        '\"__APP_INJECTED_RUNTIME_CONFIG__\"',\n        injected,\n      );\n      await fs.writeFile(path, newContent, 'utf8');\n      return path;\n    } else if (content.includes('__APP_INJECTED_CONFIG_MARKER__')) {\n      logger.info(`Replacing injected env config in ${jsFile}`);\n\n      const newContent = content.replaceAll(\n        /\\/\\*__APP_INJECTED_CONFIG_MARKER__\\*\\/.*?\\/\\*__INJECTED_END__\\*\\//g,\n        injected,\n      );\n      await fs.writeFile(path, newContent, 'utf8');\n      return path;\n    }\n  }\n  logger.info('Env config not injected');\n  return undefined;\n}\n\ntype ReadOptions = {\n  env: { [name: string]: string | undefined };\n  appDistDir: string;\n  config: Config;\n  schema?: ConfigSchema;\n};\n\n/**\n * Read config from environment and process the backend config using the\n * schema that is embedded in the frontend build.\n */\nexport async function readConfigs(options: ReadOptions): Promise<AppConfig[]> {\n  const { env, appDistDir, config } = options;\n\n  const appConfigs = readEnvConfig(env);\n\n  const schemaPath = resolvePath(appDistDir, '.config-schema.json');\n  if (await fs.pathExists(schemaPath)) {\n    const serializedSchema = await fs.readJson(schemaPath);\n\n    try {\n      const schema =\n        options.schema ||\n        (await loadConfigSchema({\n          serialized: serializedSchema,\n        }));\n\n      const frontendConfigs = await schema.process(\n        [{ data: config.get() as JsonObject, context: 'app' }],\n        { visibility: ['frontend'], withDeprecatedKeys: true },\n      );\n      appConfigs.push(...frontendConfigs);\n    } catch (error) {\n      throw new Error(\n        'Invalid app bundle schema. If this error is unexpected you need to run `yarn build` in the app. ' +\n          `If that doesn't help you should make sure your config schema is correct and rebuild the app bundle again. ` +\n          `Caused by the following schema error, ${error}`,\n      );\n    }\n  }\n\n  return appConfigs;\n}\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  PluginDatabaseManager,\n  resolvePackagePath,\n} from '@backstage/backend-common';\nimport { Knex } from 'knex';\nimport { DateTime } from 'luxon';\nimport partition from 'lodash/partition';\nimport { StaticAsset, StaticAssetInput, StaticAssetProvider } from './types';\nimport { LoggerService } from '@backstage/backend-plugin-api';\n\nconst migrationsDir = resolvePackagePath(\n  '@backstage/plugin-app-backend',\n  'migrations',\n);\n\ninterface StaticAssetRow {\n  path: string;\n  content: Buffer;\n  namespace: string | null;\n  last_modified_at: Date;\n}\n\n/** @internal */\nexport interface StaticAssetsStoreOptions {\n  database: PluginDatabaseManager;\n  logger: LoggerService;\n}\n\n/**\n * A storage for static assets that are assumed to be immutable.\n *\n * @internal\n */\nexport class StaticAssetsStore implements StaticAssetProvider {\n  #db: Knex;\n  #logger: LoggerService;\n  #namespace: string;\n\n  static async create(options: StaticAssetsStoreOptions) {\n    const { database } = options;\n    const client = await database.getClient();\n\n    if (!database.migrations?.skip) {\n      await client.migrate.latest({\n        directory: migrationsDir,\n      });\n    }\n\n    return new StaticAssetsStore(client, options.logger);\n  }\n\n  private constructor(client: Knex, logger: LoggerService, namespace?: string) {\n    this.#db = client;\n    this.#logger = logger;\n    this.#namespace = namespace ?? 'default';\n  }\n\n  /**\n   * Creates a new store with the provided namespace, using the same underlying storage.\n   */\n  withNamespace(namespace: string): StaticAssetsStore {\n    return new StaticAssetsStore(this.#db, this.#logger, namespace);\n  }\n\n  /**\n   * Store the provided assets.\n   *\n   * If an asset for a given path already exists the modification time will be\n   * updated, but the contents will not.\n   */\n  async storeAssets(assets: StaticAssetInput[]) {\n    const existingRows = await this.#db<StaticAssetRow>('static_assets_cache')\n      .where('namespace', this.#namespace)\n      .whereIn(\n        'path',\n        assets.map(a => a.path),\n      );\n    const existingAssetPaths = new Set(existingRows.map(r => r.path));\n\n    const [modified, added] = partition(assets, asset =>\n      existingAssetPaths.has(asset.path),\n    );\n\n    this.#logger.info(\n      `Storing ${modified.length} updated assets and ${added.length} new assets`,\n    );\n\n    await this.#db('static_assets_cache')\n      .update({\n        last_modified_at: this.#db.fn.now(),\n      })\n      .where('namespace', this.#namespace)\n      .whereIn(\n        'path',\n        modified.map(a => a.path),\n      );\n\n    for (const asset of added) {\n      // We ignore conflicts with other nodes, it doesn't matter if someone else\n      // added the same asset just before us.\n      await this.#db('static_assets_cache')\n        .insert({\n          path: asset.path,\n          content: await asset.content(),\n          namespace: this.#namespace,\n        })\n        .onConflict(['namespace', 'path'])\n        .ignore();\n    }\n  }\n\n  /**\n   * Retrieve an asset from the store with the given path.\n   */\n  async getAsset(path: string): Promise<StaticAsset | undefined> {\n    const [row] = await this.#db<StaticAssetRow>('static_assets_cache').where({\n      path,\n      namespace: this.#namespace,\n    });\n    if (!row) {\n      return undefined;\n    }\n    return {\n      path: row.path,\n      content: row.content,\n      lastModifiedAt:\n        typeof row.last_modified_at === 'string'\n          ? DateTime.fromSQL(row.last_modified_at, { zone: 'UTC' }).toJSDate()\n          : row.last_modified_at,\n    };\n  }\n\n  /**\n   * Delete any assets from the store whose modification time is older than the max age.\n   */\n  async trimAssets(options: { maxAgeSeconds: number }) {\n    const { maxAgeSeconds } = options;\n    let lastModifiedInterval = this.#db.raw(\n      `now() + interval '${-maxAgeSeconds} seconds'`,\n    );\n    if (this.#db.client.config.client.includes('mysql')) {\n      lastModifiedInterval = this.#db.raw(\n        `date_sub(now(), interval ${maxAgeSeconds} second)`,\n      );\n    } else if (this.#db.client.config.client.includes('sqlite3')) {\n      lastModifiedInterval = this.#db.raw(`datetime('now', ?)`, [\n        `-${maxAgeSeconds} seconds`,\n      ]);\n    }\n    await this.#db<StaticAssetRow>('static_assets_cache')\n      .where('namespace', this.#namespace)\n      .where('last_modified_at', '<=', lastModifiedInterval)\n      .delete();\n  }\n}\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport fs from 'fs-extra';\nimport globby from 'globby';\nimport { StaticAssetInput } from './types';\nimport { resolveSafeChildPath } from '@backstage/backend-common';\n\n/**\n * Finds all static assets within a directory\n *\n * @internal\n */\nexport async function findStaticAssets(\n  staticDir: string,\n): Promise<StaticAssetInput[]> {\n  const assetPaths = await globby('**/*', {\n    ignore: ['**/*.map'], // Ignore source maps since they're quite large\n    cwd: staticDir,\n    dot: true,\n  });\n\n  return assetPaths.map(path => ({\n    path,\n    content: async () => fs.readFile(resolveSafeChildPath(staticDir, path)),\n  }));\n}\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport const CACHE_CONTROL_NO_CACHE = 'no-store, max-age=0';\nexport const CACHE_CONTROL_MAX_CACHE = 'public, max-age=1209600'; // 14 days\nexport const CACHE_CONTROL_REVALIDATE_CACHE = 'no-cache'; // require revalidating cached responses before reuse them.\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { extname } from 'path';\nimport { RequestHandler } from 'express';\nimport { StaticAssetProvider } from './types';\nimport { CACHE_CONTROL_MAX_CACHE } from '../headers';\n\n/**\n * Creates a middleware that serves static assets from a static asset provider\n *\n * @internal\n */\nexport function createStaticAssetMiddleware(\n  store: StaticAssetProvider,\n): RequestHandler {\n  return (req, res, next) => {\n    if (req.method !== 'GET' && req.method !== 'HEAD') {\n      next();\n      return;\n    }\n\n    // Let's not assume we're in promise-router\n    Promise.resolve(\n      (async () => {\n        // Drop leading slashes from the incoming path\n        const path = req.path.startsWith('/') ? req.path.slice(1) : req.path;\n\n        const asset = await store.getAsset(path);\n        if (!asset) {\n          next();\n          return;\n        }\n\n        // Set the Content-Type header, falling back to octet-stream\n        const ext = extname(asset.path);\n        if (ext) {\n          res.type(ext);\n        } else {\n          res.type('bin');\n        }\n\n        // Same as our express.static override\n        res.setHeader('Cache-Control', CACHE_CONTROL_MAX_CACHE);\n        res.setHeader('Last-Modified', asset.lastModifiedAt.toUTCString());\n\n        res.send(asset.content);\n      })(),\n    ).catch(next);\n  };\n}\n","/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  notFoundHandler,\n  PluginDatabaseManager,\n  resolvePackagePath,\n} from '@backstage/backend-common';\nimport { AppConfig, Config } from '@backstage/config';\nimport helmet from 'helmet';\nimport express from 'express';\nimport Router from 'express-promise-router';\nimport fs from 'fs-extra';\nimport { resolve as resolvePath } from 'path';\nimport { injectConfig, readConfigs } from '../lib/config';\nimport {\n  createStaticAssetMiddleware,\n  findStaticAssets,\n  StaticAssetsStore,\n} from '../lib/assets';\nimport {\n  CACHE_CONTROL_MAX_CACHE,\n  CACHE_CONTROL_NO_CACHE,\n  CACHE_CONTROL_REVALIDATE_CACHE,\n} from '../lib/headers';\nimport { ConfigSchema } from '@backstage/config-loader';\nimport {\n  AuthService,\n  HttpAuthService,\n  LoggerService,\n} from '@backstage/backend-plugin-api';\nimport { AuthenticationError } from '@backstage/errors';\n\n// express uses mime v1 while we only have types for mime v2\ntype Mime = { lookup(arg0: string): string };\n\n/** @public */\nexport interface RouterOptions {\n  config: Config;\n  logger: LoggerService;\n  auth?: AuthService;\n  httpAuth?: HttpAuthService;\n\n  /**\n   * If a database is provided it will be used to cache previously deployed static assets.\n   *\n   * This is a built-in alternative to using a `staticFallbackHandler`.\n   */\n  database?: PluginDatabaseManager;\n\n  /**\n   * The name of the app package that content should be served from. The same app package should be\n   * added as a dependency to the backend package in order for it to be accessible at runtime.\n   *\n   * In a typical setup with a single app package this would be set to 'app'.\n   */\n  appPackageName: string;\n\n  /**\n   * A request handler to handle requests for static content that are not present in the app bundle.\n   *\n   * This can be used to avoid issues with clients on older deployment versions trying to access lazy\n   * loaded content that is no longer present. Typically the requests would fall back to a long-term\n   * object store where all recently deployed versions of the app are present.\n   *\n   * Another option is to provide a `database` that will take care of storing the static assets instead.\n   *\n   * If both `database` and `staticFallbackHandler` are provided, the `database` will attempt to serve\n   * static assets first, and if they are not found, the `staticFallbackHandler` will be called.\n   */\n  staticFallbackHandler?: express.Handler;\n\n  /**\n   * Disables the configuration injection. This can be useful if you're running in an environment\n   * with a read-only filesystem, or for some other reason don't want configuration to be injected.\n   *\n   * Note that this will cause the configuration used when building the app bundle to be used, unless\n   * a separate configuration loading strategy is set up.\n   *\n   * This also disables configuration injection though `APP_CONFIG_` environment variables.\n   */\n  disableConfigInjection?: boolean;\n\n  /**\n   *\n   * Provides a ConfigSchema.\n   *\n   */\n  schema?: ConfigSchema;\n}\n\n/** @public */\nexport async function createRouter(\n  options: RouterOptions,\n): Promise<express.Router> {\n  const {\n    config,\n    logger,\n    appPackageName,\n    staticFallbackHandler,\n    auth,\n    httpAuth,\n  } = options;\n\n  const disableConfigInjection =\n    options.disableConfigInjection ??\n    config.getOptionalBoolean('app.disableConfigInjection');\n  const disableStaticFallbackCache = config.getOptionalBoolean(\n    'app.disableStaticFallbackCache',\n  );\n\n  const appDistDir = resolvePackagePath(appPackageName, 'dist');\n  const staticDir = resolvePath(appDistDir, 'static');\n\n  if (!(await fs.pathExists(staticDir))) {\n    if (process.env.NODE_ENV === 'production') {\n      logger.error(\n        `Can't serve static app content from ${staticDir}, directory doesn't exist`,\n      );\n    }\n\n    return Router();\n  }\n\n  logger.info(`Serving static app content from ${appDistDir}`);\n\n  const appConfigs = disableConfigInjection\n    ? undefined\n    : await readConfigs({\n        config,\n        appDistDir,\n        env: process.env,\n      });\n\n  const assetStore =\n    options.database && !disableStaticFallbackCache\n      ? await StaticAssetsStore.create({\n          logger,\n          database: options.database,\n        })\n      : undefined;\n\n  const router = Router();\n\n  router.use(helmet.frameguard({ action: 'deny' }));\n\n  const publicDistDir = resolvePath(appDistDir, 'public');\n\n  const enablePublicEntryPoint =\n    (await fs.pathExists(publicDistDir)) && auth && httpAuth;\n\n  if (enablePublicEntryPoint && auth && httpAuth) {\n    logger.info(\n      `App is running in protected mode, serving public content from ${publicDistDir}`,\n    );\n\n    const publicRouter = Router();\n\n    publicRouter.use(async (req, res, next) => {\n      try {\n        const credentials = await httpAuth.credentials(req, {\n          allow: ['user', 'service', 'none'],\n          allowLimitedAccess: true,\n        });\n\n        if (credentials.principal.type === 'none') {\n          next();\n        } else {\n          next('router');\n        }\n      } catch {\n        // If we fail to authenticate, make sure the session cookie is cleared\n        // and continue as unauthenticated. If the user is logged in they will\n        // immediately be redirected back to the protected app via the POST.\n        await httpAuth.issueUserCookie(res, {\n          credentials: await auth.getNoneCredentials(),\n        });\n        next();\n      }\n    });\n\n    publicRouter.post(\n      '*',\n      express.urlencoded({ extended: true }),\n      async (req, res, next) => {\n        if (req.body.type === 'sign-in') {\n          const credentials = await auth.authenticate(req.body.token);\n\n          if (!auth.isPrincipal(credentials, 'user')) {\n            throw new AuthenticationError('Invalid token, not a user');\n          }\n\n          await httpAuth.issueUserCookie(res, {\n            credentials,\n          });\n\n          // Resume as if it was a GET request towards the outer protected router, serving index.html\n          req.method = 'GET';\n          next('router');\n        } else {\n          throw new Error('Invalid POST request to /');\n        }\n      },\n    );\n\n    publicRouter.use(\n      await createEntryPointRouter({\n        logger: logger.child({ entry: 'public' }),\n        rootDir: publicDistDir,\n        assetStore: assetStore?.withNamespace('public'),\n        appConfigs, // TODO(Rugvip): We should not be including the full config here\n      }),\n    );\n\n    router.use(publicRouter);\n  }\n\n  router.use(\n    await createEntryPointRouter({\n      logger: logger.child({ entry: 'main' }),\n      rootDir: appDistDir,\n      assetStore,\n      staticFallbackHandler,\n      appConfigs,\n    }),\n  );\n\n  return router;\n}\n\nasync function createEntryPointRouter({\n  logger,\n  rootDir,\n  assetStore,\n  staticFallbackHandler,\n  appConfigs,\n}: {\n  logger: LoggerService;\n  rootDir: string;\n  assetStore?: StaticAssetsStore;\n  staticFallbackHandler?: express.Handler;\n  appConfigs?: AppConfig[];\n}) {\n  const staticDir = resolvePath(rootDir, 'static');\n\n  const injectedConfigPath =\n    appConfigs && (await injectConfig({ appConfigs, logger, staticDir }));\n\n  const router = Router();\n\n  // Use a separate router for static content so that a fallback can be provided by backend\n  const staticRouter = Router();\n  staticRouter.use(\n    express.static(staticDir, {\n      setHeaders: (res, path) => {\n        if (path === injectedConfigPath) {\n          res.setHeader('Cache-Control', CACHE_CONTROL_REVALIDATE_CACHE);\n        } else {\n          res.setHeader('Cache-Control', CACHE_CONTROL_MAX_CACHE);\n        }\n      },\n    }),\n  );\n\n  if (assetStore) {\n    const assets = await findStaticAssets(staticDir);\n    await assetStore.storeAssets(assets);\n    // Remove any assets that are older than 7 days\n    await assetStore.trimAssets({ maxAgeSeconds: 60 * 60 * 24 * 7 });\n\n    staticRouter.use(createStaticAssetMiddleware(assetStore));\n  }\n\n  if (staticFallbackHandler) {\n    staticRouter.use(staticFallbackHandler);\n  }\n  staticRouter.use(notFoundHandler());\n\n  router.use('/static', staticRouter);\n  router.use(\n    express.static(rootDir, {\n      setHeaders: (res, path) => {\n        // The Cache-Control header instructs the browser to not cache html files since it might\n        // link to static assets from recently deployed versions.\n        if (\n          (express.static.mime as unknown as Mime).lookup(path) === 'text/html'\n        ) {\n          res.setHeader('Cache-Control', CACHE_CONTROL_NO_CACHE);\n        }\n      },\n    }),\n  );\n\n  router.get('/*', (_req, res) => {\n    res.sendFile(resolvePath(rootDir, 'index.html'), {\n      headers: {\n        // The Cache-Control header instructs the browser to not cache the index.html since it might\n        // link to static assets from recently deployed versions.\n        'cache-control': CACHE_CONTROL_NO_CACHE,\n      },\n    });\n  });\n\n  return router;\n}\n"],"names":["fs","path","resolvePath","readEnvConfig","loadConfigSchema","resolvePackagePath","partition","DateTime","globby","resolveSafeChildPath","extname","Router","helmet","express","AuthenticationError","notFoundHandler"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AAqCA,eAAsB,aACpB,OAC6B,EAAA;AAC7B,EAAA,MAAM,EAAE,SAAA,EAAW,MAAQ,EAAA,UAAA,EAAe,GAAA,OAAA,CAAA;AAE1C,EAAA,MAAM,KAAQ,GAAA,MAAMA,mBAAG,CAAA,OAAA,CAAQ,SAAS,CAAA,CAAA;AACxC,EAAA,MAAM,UAAU,KAAM,CAAA,MAAA,CAAO,UAAQ,IAAK,CAAA,QAAA,CAAS,KAAK,CAAC,CAAA,CAAA;AAEzD,EAAA,MAAM,cAAc,IAAK,CAAA,SAAA,CAAU,UAAU,CAAE,CAAA,OAAA,CAAQ,aAAa,MAAM,CAAA,CAAA;AAC1E,EAAM,MAAA,QAAA,GAAW,sCAAsC,WAAW,CAAA,qBAAA,CAAA,CAAA;AAElE,EAAA,KAAA,MAAW,UAAU,OAAS,EAAA;AAC5B,IAAM,MAAAC,MAAA,GAAOC,YAAY,CAAA,SAAA,EAAW,MAAM,CAAA,CAAA;AAE1C,IAAA,MAAM,OAAU,GAAA,MAAMF,mBAAG,CAAA,QAAA,CAASC,QAAM,MAAM,CAAA,CAAA;AAC9C,IAAI,IAAA,OAAA,CAAQ,QAAS,CAAA,iCAAiC,CAAG,EAAA;AACvD,MAAO,MAAA,CAAA,IAAA,CAAK,CAA6B,0BAAA,EAAA,MAAM,CAAE,CAAA,CAAA,CAAA;AAEjD,MAAA,MAAM,aAAa,OAAQ,CAAA,UAAA;AAAA,QACzB,mCAAA;AAAA,QACA,QAAA;AAAA,OACF,CAAA;AACA,MAAA,MAAMD,mBAAG,CAAA,SAAA,CAAUC,MAAM,EAAA,UAAA,EAAY,MAAM,CAAA,CAAA;AAC3C,MAAO,OAAAA,MAAA,CAAA;AAAA,KACE,MAAA,IAAA,OAAA,CAAQ,QAAS,CAAA,gCAAgC,CAAG,EAAA;AAC7D,MAAO,MAAA,CAAA,IAAA,CAAK,CAAoC,iCAAA,EAAA,MAAM,CAAE,CAAA,CAAA,CAAA;AAExD,MAAA,MAAM,aAAa,OAAQ,CAAA,UAAA;AAAA,QACzB,oEAAA;AAAA,QACA,QAAA;AAAA,OACF,CAAA;AACA,MAAA,MAAMD,mBAAG,CAAA,SAAA,CAAUC,MAAM,EAAA,UAAA,EAAY,MAAM,CAAA,CAAA;AAC3C,MAAO,OAAAA,MAAA,CAAA;AAAA,KACT;AAAA,GACF;AACA,EAAA,MAAA,CAAO,KAAK,yBAAyB,CAAA,CAAA;AACrC,EAAO,OAAA,KAAA,CAAA,CAAA;AACT,CAAA;AAaA,eAAsB,YAAY,OAA4C,EAAA;AAC5E,EAAA,MAAM,EAAE,GAAA,EAAK,UAAY,EAAA,MAAA,EAAW,GAAA,OAAA,CAAA;AAEpC,EAAM,MAAA,UAAA,GAAaE,2BAAc,GAAG,CAAA,CAAA;AAEpC,EAAM,MAAA,UAAA,GAAaD,YAAY,CAAA,UAAA,EAAY,qBAAqB,CAAA,CAAA;AAChE,EAAA,IAAI,MAAMF,mBAAA,CAAG,UAAW,CAAA,UAAU,CAAG,EAAA;AACnC,IAAA,MAAM,gBAAmB,GAAA,MAAMA,mBAAG,CAAA,QAAA,CAAS,UAAU,CAAA,CAAA;AAErD,IAAI,IAAA;AACF,MAAA,MAAM,MACJ,GAAA,OAAA,CAAQ,MACP,IAAA,MAAMI,6BAAiB,CAAA;AAAA,QACtB,UAAY,EAAA,gBAAA;AAAA,OACb,CAAA,CAAA;AAEH,MAAM,MAAA,eAAA,GAAkB,MAAM,MAAO,CAAA,OAAA;AAAA,QACnC,CAAC,EAAE,IAAM,EAAA,MAAA,CAAO,KAAqB,EAAA,OAAA,EAAS,OAAO,CAAA;AAAA,QACrD,EAAE,UAAY,EAAA,CAAC,UAAU,CAAA,EAAG,oBAAoB,IAAK,EAAA;AAAA,OACvD,CAAA;AACA,MAAW,UAAA,CAAA,IAAA,CAAK,GAAG,eAAe,CAAA,CAAA;AAAA,aAC3B,KAAO,EAAA;AACd,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,qPAE2C,KAAK,CAAA,CAAA;AAAA,OAClD,CAAA;AAAA,KACF;AAAA,GACF;AAEA,EAAO,OAAA,UAAA,CAAA;AACT;;;;;;;;;;;;;;;;;;;;ACtHA,IAAA,GAAA,EAAA,OAAA,EAAA,UAAA,CAAA;AA0BA,MAAM,aAAgB,GAAAC,gCAAA;AAAA,EACpB,+BAAA;AAAA,EACA,YAAA;AACF,CAAA,CAAA;AAoBO,MAAM,kBAAA,GAAN,MAAM,kBAAiD,CAAA;AAAA,EAkBpD,WAAA,CAAY,MAAc,EAAA,MAAA,EAAuB,SAAoB,EAAA;AAjB7E,IAAA,YAAA,CAAA,IAAA,EAAA,GAAA,EAAA,KAAA,CAAA,CAAA,CAAA;AACA,IAAA,YAAA,CAAA,IAAA,EAAA,OAAA,EAAA,KAAA,CAAA,CAAA,CAAA;AACA,IAAA,YAAA,CAAA,IAAA,EAAA,UAAA,EAAA,KAAA,CAAA,CAAA,CAAA;AAgBE,IAAA,YAAA,CAAA,IAAA,EAAK,GAAM,EAAA,MAAA,CAAA,CAAA;AACX,IAAA,YAAA,CAAA,IAAA,EAAK,OAAU,EAAA,MAAA,CAAA,CAAA;AACf,IAAA,YAAA,CAAA,IAAA,EAAK,YAAa,SAAa,IAAA,IAAA,GAAA,SAAA,GAAA,SAAA,CAAA,CAAA;AAAA,GACjC;AAAA,EAjBA,aAAa,OAAO,OAAmC,EAAA;AAtDzD,IAAA,IAAA,EAAA,CAAA;AAuDI,IAAM,MAAA,EAAE,UAAa,GAAA,OAAA,CAAA;AACrB,IAAM,MAAA,MAAA,GAAS,MAAM,QAAA,CAAS,SAAU,EAAA,CAAA;AAExC,IAAA,IAAI,EAAC,CAAA,EAAA,GAAA,QAAA,CAAS,UAAT,KAAA,IAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAqB,IAAM,CAAA,EAAA;AAC9B,MAAM,MAAA,MAAA,CAAO,QAAQ,MAAO,CAAA;AAAA,QAC1B,SAAW,EAAA,aAAA;AAAA,OACZ,CAAA,CAAA;AAAA,KACH;AAEA,IAAA,OAAO,IAAI,kBAAA,CAAkB,MAAQ,EAAA,OAAA,CAAQ,MAAM,CAAA,CAAA;AAAA,GACrD;AAAA;AAAA;AAAA;AAAA,EAWA,cAAc,SAAsC,EAAA;AAClD,IAAA,OAAO,IAAI,kBAAkB,CAAA,YAAA,CAAA,IAAA,EAAK,GAAK,CAAA,EAAA,YAAA,CAAA,IAAA,EAAK,UAAS,SAAS,CAAA,CAAA;AAAA,GAChE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,YAAY,MAA4B,EAAA;AAC5C,IAAM,MAAA,YAAA,GAAe,MAAM,YAAA,CAAA,IAAA,EAAK,GAAL,CAAA,CAAA,IAAA,CAAA,IAAA,EAAyB,uBACjD,KAAM,CAAA,WAAA,EAAa,YAAK,CAAA,IAAA,EAAA,UAAA,CAAU,CAClC,CAAA,OAAA;AAAA,MACC,MAAA;AAAA,MACA,MAAO,CAAA,GAAA,CAAI,CAAK,CAAA,KAAA,CAAA,CAAE,IAAI,CAAA;AAAA,KACxB,CAAA;AACF,IAAM,MAAA,kBAAA,GAAqB,IAAI,GAAI,CAAA,YAAA,CAAa,IAAI,CAAK,CAAA,KAAA,CAAA,CAAE,IAAI,CAAC,CAAA,CAAA;AAEhE,IAAM,MAAA,CAAC,QAAU,EAAA,KAAK,CAAI,GAAAC,0BAAA;AAAA,MAAU,MAAA;AAAA,MAAQ,CAC1C,KAAA,KAAA,kBAAA,CAAmB,GAAI,CAAA,KAAA,CAAM,IAAI,CAAA;AAAA,KACnC,CAAA;AAEA,IAAA,YAAA,CAAA,IAAA,EAAK,OAAQ,CAAA,CAAA,IAAA;AAAA,MACX,CAAW,QAAA,EAAA,QAAA,CAAS,MAAM,CAAA,oBAAA,EAAuB,MAAM,MAAM,CAAA,WAAA,CAAA;AAAA,KAC/D,CAAA;AAEA,IAAA,MAAM,YAAK,CAAA,IAAA,EAAA,GAAA,CAAA,CAAL,IAAS,CAAA,IAAA,EAAA,qBAAA,CAAA,CACZ,MAAO,CAAA;AAAA,MACN,gBAAkB,EAAA,YAAA,CAAA,IAAA,EAAK,GAAI,CAAA,CAAA,EAAA,CAAG,GAAI,EAAA;AAAA,KACnC,CACA,CAAA,KAAA,CAAM,WAAa,EAAA,YAAA,CAAA,IAAA,EAAK,WAAU,CAClC,CAAA,OAAA;AAAA,MACC,MAAA;AAAA,MACA,QAAS,CAAA,GAAA,CAAI,CAAK,CAAA,KAAA,CAAA,CAAE,IAAI,CAAA;AAAA,KAC1B,CAAA;AAEF,IAAA,KAAA,MAAW,SAAS,KAAO,EAAA;AAGzB,MAAA,MAAM,YAAK,CAAA,IAAA,EAAA,GAAA,CAAA,CAAL,IAAS,CAAA,IAAA,EAAA,qBAAA,CAAA,CACZ,MAAO,CAAA;AAAA,QACN,MAAM,KAAM,CAAA,IAAA;AAAA,QACZ,OAAA,EAAS,MAAM,KAAA,CAAM,OAAQ,EAAA;AAAA,QAC7B,WAAW,YAAK,CAAA,IAAA,EAAA,UAAA,CAAA;AAAA,OACjB,EACA,UAAW,CAAA,CAAC,aAAa,MAAM,CAAC,EAChC,MAAO,EAAA,CAAA;AAAA,KACZ;AAAA,GACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAS,IAAgD,EAAA;AAC7D,IAAM,MAAA,CAAC,GAAG,CAAI,GAAA,MAAM,mBAAK,GAAL,CAAA,CAAA,IAAA,CAAA,IAAA,EAAyB,uBAAuB,KAAM,CAAA;AAAA,MACxE,IAAA;AAAA,MACA,WAAW,YAAK,CAAA,IAAA,EAAA,UAAA,CAAA;AAAA,KACjB,CAAA,CAAA;AACD,IAAA,IAAI,CAAC,GAAK,EAAA;AACR,MAAO,OAAA,KAAA,CAAA,CAAA;AAAA,KACT;AACA,IAAO,OAAA;AAAA,MACL,MAAM,GAAI,CAAA,IAAA;AAAA,MACV,SAAS,GAAI,CAAA,OAAA;AAAA,MACb,gBACE,OAAO,GAAA,CAAI,gBAAqB,KAAA,QAAA,GAC5BC,eAAS,OAAQ,CAAA,GAAA,CAAI,gBAAkB,EAAA,EAAE,MAAM,KAAM,EAAC,CAAE,CAAA,QAAA,KACxD,GAAI,CAAA,gBAAA;AAAA,KACZ,CAAA;AAAA,GACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAW,OAAoC,EAAA;AACnD,IAAM,MAAA,EAAE,eAAkB,GAAA,OAAA,CAAA;AAC1B,IAAI,IAAA,oBAAA,GAAuB,mBAAK,GAAI,CAAA,CAAA,GAAA;AAAA,MAClC,CAAA,kBAAA,EAAqB,CAAC,aAAa,CAAA,SAAA,CAAA;AAAA,KACrC,CAAA;AACA,IAAA,IAAI,mBAAK,GAAI,CAAA,CAAA,MAAA,CAAO,OAAO,MAAO,CAAA,QAAA,CAAS,OAAO,CAAG,EAAA;AACnD,MAAA,oBAAA,GAAuB,mBAAK,GAAI,CAAA,CAAA,GAAA;AAAA,QAC9B,4BAA4B,aAAa,CAAA,QAAA,CAAA;AAAA,OAC3C,CAAA;AAAA,KACF,MAAA,IAAW,mBAAK,GAAI,CAAA,CAAA,MAAA,CAAO,OAAO,MAAO,CAAA,QAAA,CAAS,SAAS,CAAG,EAAA;AAC5D,MAAuB,oBAAA,GAAA,YAAA,CAAA,IAAA,EAAK,GAAI,CAAA,CAAA,GAAA,CAAI,CAAsB,kBAAA,CAAA,EAAA;AAAA,QACxD,IAAI,aAAa,CAAA,QAAA,CAAA;AAAA,OAClB,CAAA,CAAA;AAAA,KACH;AACA,IAAA,MAAM,YAAK,CAAA,IAAA,EAAA,GAAA,CAAA,CAAL,IAAyB,CAAA,IAAA,EAAA,qBAAA,CAAA,CAC5B,MAAM,WAAa,EAAA,YAAA,CAAA,IAAA,EAAK,UAAU,CAAA,CAAA,CAClC,KAAM,CAAA,kBAAA,EAAoB,IAAM,EAAA,oBAAoB,EACpD,MAAO,EAAA,CAAA;AAAA,GACZ;AACF,CAAA,CAAA;AAxHE,GAAA,GAAA,IAAA,OAAA,EAAA,CAAA;AACA,OAAA,GAAA,IAAA,OAAA,EAAA,CAAA;AACA,UAAA,GAAA,IAAA,OAAA,EAAA,CAAA;AAHK,IAAM,iBAAN,GAAA,kBAAA;;ACvBP,eAAsB,iBACpB,SAC6B,EAAA;AAC7B,EAAM,MAAA,UAAA,GAAa,MAAMC,uBAAA,CAAO,MAAQ,EAAA;AAAA,IACtC,MAAA,EAAQ,CAAC,UAAU,CAAA;AAAA;AAAA,IACnB,GAAK,EAAA,SAAA;AAAA,IACL,GAAK,EAAA,IAAA;AAAA,GACN,CAAA,CAAA;AAED,EAAO,OAAA,UAAA,CAAW,IAAI,CAAS,IAAA,MAAA;AAAA,IAC7B,IAAA;AAAA,IACA,SAAS,YAAYR,mBAAA,CAAG,SAASS,kCAAqB,CAAA,SAAA,EAAW,IAAI,CAAC,CAAA;AAAA,GACtE,CAAA,CAAA,CAAA;AACJ;;ACvBO,MAAM,sBAAyB,GAAA,qBAAA,CAAA;AAC/B,MAAM,uBAA0B,GAAA,yBAAA,CAAA;AAChC,MAAM,8BAAiC,GAAA,UAAA;;ACQvC,SAAS,4BACd,KACgB,EAAA;AAChB,EAAO,OAAA,CAAC,GAAK,EAAA,GAAA,EAAK,IAAS,KAAA;AACzB,IAAA,IAAI,GAAI,CAAA,MAAA,KAAW,KAAS,IAAA,GAAA,CAAI,WAAW,MAAQ,EAAA;AACjD,MAAK,IAAA,EAAA,CAAA;AACL,MAAA,OAAA;AAAA,KACF;AAGA,IAAQ,OAAA,CAAA,OAAA;AAAA,MAAA,CACL,YAAY;AAEX,QAAM,MAAAR,MAAA,GAAO,GAAI,CAAA,IAAA,CAAK,UAAW,CAAA,GAAG,CAAI,GAAA,GAAA,CAAI,IAAK,CAAA,KAAA,CAAM,CAAC,CAAA,GAAI,GAAI,CAAA,IAAA,CAAA;AAEhE,QAAA,MAAM,KAAQ,GAAA,MAAM,KAAM,CAAA,QAAA,CAASA,MAAI,CAAA,CAAA;AACvC,QAAA,IAAI,CAAC,KAAO,EAAA;AACV,UAAK,IAAA,EAAA,CAAA;AACL,UAAA,OAAA;AAAA,SACF;AAGA,QAAM,MAAA,GAAA,GAAMS,YAAQ,CAAA,KAAA,CAAM,IAAI,CAAA,CAAA;AAC9B,QAAA,IAAI,GAAK,EAAA;AACP,UAAA,GAAA,CAAI,KAAK,GAAG,CAAA,CAAA;AAAA,SACP,MAAA;AACL,UAAA,GAAA,CAAI,KAAK,KAAK,CAAA,CAAA;AAAA,SAChB;AAGA,QAAI,GAAA,CAAA,SAAA,CAAU,iBAAiB,uBAAuB,CAAA,CAAA;AACtD,QAAA,GAAA,CAAI,SAAU,CAAA,eAAA,EAAiB,KAAM,CAAA,cAAA,CAAe,aAAa,CAAA,CAAA;AAEjE,QAAI,GAAA,CAAA,IAAA,CAAK,MAAM,OAAO,CAAA,CAAA;AAAA,OACrB,GAAA;AAAA,KACL,CAAE,MAAM,IAAI,CAAA,CAAA;AAAA,GACd,CAAA;AACF;;AC0CA,eAAsB,aACpB,OACyB,EAAA;AA3G3B,EAAA,IAAA,EAAA,CAAA;AA4GE,EAAM,MAAA;AAAA,IACJ,MAAA;AAAA,IACA,MAAA;AAAA,IACA,cAAA;AAAA,IACA,qBAAA;AAAA,IACA,IAAA;AAAA,IACA,QAAA;AAAA,GACE,GAAA,OAAA,CAAA;AAEJ,EAAA,MAAM,0BACJ,EAAQ,GAAA,OAAA,CAAA,sBAAA,KAAR,IACA,GAAA,EAAA,GAAA,MAAA,CAAO,mBAAmB,4BAA4B,CAAA,CAAA;AACxD,EAAA,MAAM,6BAA6B,MAAO,CAAA,kBAAA;AAAA,IACxC,gCAAA;AAAA,GACF,CAAA;AAEA,EAAM,MAAA,UAAA,GAAaL,gCAAmB,CAAA,cAAA,EAAgB,MAAM,CAAA,CAAA;AAC5D,EAAM,MAAA,SAAA,GAAYH,YAAY,CAAA,UAAA,EAAY,QAAQ,CAAA,CAAA;AAElD,EAAA,IAAI,CAAE,MAAMF,mBAAG,CAAA,UAAA,CAAW,SAAS,CAAI,EAAA;AACrC,IAAI,IAAA,OAAA,CAAQ,GAAI,CAAA,QAAA,KAAa,YAAc,EAAA;AACzC,MAAO,MAAA,CAAA,KAAA;AAAA,QACL,uCAAuC,SAAS,CAAA,yBAAA,CAAA;AAAA,OAClD,CAAA;AAAA,KACF;AAEA,IAAA,OAAOW,uBAAO,EAAA,CAAA;AAAA,GAChB;AAEA,EAAO,MAAA,CAAA,IAAA,CAAK,CAAmC,gCAAA,EAAA,UAAU,CAAE,CAAA,CAAA,CAAA;AAE3D,EAAA,MAAM,UAAa,GAAA,sBAAA,GACf,KACA,CAAA,GAAA,MAAM,WAAY,CAAA;AAAA,IAChB,MAAA;AAAA,IACA,UAAA;AAAA,IACA,KAAK,OAAQ,CAAA,GAAA;AAAA,GACd,CAAA,CAAA;AAEL,EAAA,MAAM,aACJ,OAAQ,CAAA,QAAA,IAAY,CAAC,0BACjB,GAAA,MAAM,kBAAkB,MAAO,CAAA;AAAA,IAC7B,MAAA;AAAA,IACA,UAAU,OAAQ,CAAA,QAAA;AAAA,GACnB,CACD,GAAA,KAAA,CAAA,CAAA;AAEN,EAAA,MAAM,SAASA,uBAAO,EAAA,CAAA;AAEtB,EAAA,MAAA,CAAO,IAAIC,uBAAO,CAAA,UAAA,CAAW,EAAE,MAAQ,EAAA,MAAA,EAAQ,CAAC,CAAA,CAAA;AAEhD,EAAM,MAAA,aAAA,GAAgBV,YAAY,CAAA,UAAA,EAAY,QAAQ,CAAA,CAAA;AAEtD,EAAA,MAAM,yBACH,MAAMF,mBAAA,CAAG,UAAW,CAAA,aAAa,KAAM,IAAQ,IAAA,QAAA,CAAA;AAElD,EAAI,IAAA,sBAAA,IAA0B,QAAQ,QAAU,EAAA;AAC9C,IAAO,MAAA,CAAA,IAAA;AAAA,MACL,iEAAiE,aAAa,CAAA,CAAA;AAAA,KAChF,CAAA;AAEA,IAAA,MAAM,eAAeW,uBAAO,EAAA,CAAA;AAE5B,IAAA,YAAA,CAAa,GAAI,CAAA,OAAO,GAAK,EAAA,GAAA,EAAK,IAAS,KAAA;AACzC,MAAI,IAAA;AACF,QAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAK,EAAA;AAAA,UAClD,KAAO,EAAA,CAAC,MAAQ,EAAA,SAAA,EAAW,MAAM,CAAA;AAAA,UACjC,kBAAoB,EAAA,IAAA;AAAA,SACrB,CAAA,CAAA;AAED,QAAI,IAAA,WAAA,CAAY,SAAU,CAAA,IAAA,KAAS,MAAQ,EAAA;AACzC,UAAK,IAAA,EAAA,CAAA;AAAA,SACA,MAAA;AACL,UAAA,IAAA,CAAK,QAAQ,CAAA,CAAA;AAAA,SACf;AAAA,OACM,CAAA,MAAA;AAIN,QAAM,MAAA,QAAA,CAAS,gBAAgB,GAAK,EAAA;AAAA,UAClC,WAAA,EAAa,MAAM,IAAA,CAAK,kBAAmB,EAAA;AAAA,SAC5C,CAAA,CAAA;AACD,QAAK,IAAA,EAAA,CAAA;AAAA,OACP;AAAA,KACD,CAAA,CAAA;AAED,IAAa,YAAA,CAAA,IAAA;AAAA,MACX,GAAA;AAAA,MACAE,wBAAQ,CAAA,UAAA,CAAW,EAAE,QAAA,EAAU,MAAM,CAAA;AAAA,MACrC,OAAO,GAAK,EAAA,GAAA,EAAK,IAAS,KAAA;AACxB,QAAI,IAAA,GAAA,CAAI,IAAK,CAAA,IAAA,KAAS,SAAW,EAAA;AAC/B,UAAA,MAAM,cAAc,MAAM,IAAA,CAAK,YAAa,CAAA,GAAA,CAAI,KAAK,KAAK,CAAA,CAAA;AAE1D,UAAA,IAAI,CAAC,IAAA,CAAK,WAAY,CAAA,WAAA,EAAa,MAAM,CAAG,EAAA;AAC1C,YAAM,MAAA,IAAIC,2BAAoB,2BAA2B,CAAA,CAAA;AAAA,WAC3D;AAEA,UAAM,MAAA,QAAA,CAAS,gBAAgB,GAAK,EAAA;AAAA,YAClC,WAAA;AAAA,WACD,CAAA,CAAA;AAGD,UAAA,GAAA,CAAI,MAAS,GAAA,KAAA,CAAA;AACb,UAAA,IAAA,CAAK,QAAQ,CAAA,CAAA;AAAA,SACR,MAAA;AACL,UAAM,MAAA,IAAI,MAAM,2BAA2B,CAAA,CAAA;AAAA,SAC7C;AAAA,OACF;AAAA,KACF,CAAA;AAEA,IAAa,YAAA,CAAA,GAAA;AAAA,MACX,MAAM,sBAAuB,CAAA;AAAA,QAC3B,QAAQ,MAAO,CAAA,KAAA,CAAM,EAAE,KAAA,EAAO,UAAU,CAAA;AAAA,QACxC,OAAS,EAAA,aAAA;AAAA,QACT,UAAA,EAAY,yCAAY,aAAc,CAAA,QAAA,CAAA;AAAA,QACtC,UAAA;AAAA;AAAA,OACD,CAAA;AAAA,KACH,CAAA;AAEA,IAAA,MAAA,CAAO,IAAI,YAAY,CAAA,CAAA;AAAA,GACzB;AAEA,EAAO,MAAA,CAAA,GAAA;AAAA,IACL,MAAM,sBAAuB,CAAA;AAAA,MAC3B,QAAQ,MAAO,CAAA,KAAA,CAAM,EAAE,KAAA,EAAO,QAAQ,CAAA;AAAA,MACtC,OAAS,EAAA,UAAA;AAAA,MACT,UAAA;AAAA,MACA,qBAAA;AAAA,MACA,UAAA;AAAA,KACD,CAAA;AAAA,GACH,CAAA;AAEA,EAAO,OAAA,MAAA,CAAA;AACT,CAAA;AAEA,eAAe,sBAAuB,CAAA;AAAA,EACpC,MAAA;AAAA,EACA,OAAA;AAAA,EACA,UAAA;AAAA,EACA,qBAAA;AAAA,EACA,UAAA;AACF,CAMG,EAAA;AACD,EAAM,MAAA,SAAA,GAAYZ,YAAY,CAAA,OAAA,EAAS,QAAQ,CAAA,CAAA;AAE/C,EAAM,MAAA,kBAAA,GACJ,cAAe,MAAM,YAAA,CAAa,EAAE,UAAY,EAAA,MAAA,EAAQ,WAAW,CAAA,CAAA;AAErE,EAAA,MAAM,SAASS,uBAAO,EAAA,CAAA;AAGtB,EAAA,MAAM,eAAeA,uBAAO,EAAA,CAAA;AAC5B,EAAa,YAAA,CAAA,GAAA;AAAA,IACXE,wBAAA,CAAQ,OAAO,SAAW,EAAA;AAAA,MACxB,UAAA,EAAY,CAAC,GAAA,EAAK,IAAS,KAAA;AACzB,QAAA,IAAI,SAAS,kBAAoB,EAAA;AAC/B,UAAI,GAAA,CAAA,SAAA,CAAU,iBAAiB,8BAA8B,CAAA,CAAA;AAAA,SACxD,MAAA;AACL,UAAI,GAAA,CAAA,SAAA,CAAU,iBAAiB,uBAAuB,CAAA,CAAA;AAAA,SACxD;AAAA,OACF;AAAA,KACD,CAAA;AAAA,GACH,CAAA;AAEA,EAAA,IAAI,UAAY,EAAA;AACd,IAAM,MAAA,MAAA,GAAS,MAAM,gBAAA,CAAiB,SAAS,CAAA,CAAA;AAC/C,IAAM,MAAA,UAAA,CAAW,YAAY,MAAM,CAAA,CAAA;AAEnC,IAAM,MAAA,UAAA,CAAW,WAAW,EAAE,aAAA,EAAe,KAAK,EAAK,GAAA,EAAA,GAAK,GAAG,CAAA,CAAA;AAE/D,IAAa,YAAA,CAAA,GAAA,CAAI,2BAA4B,CAAA,UAAU,CAAC,CAAA,CAAA;AAAA,GAC1D;AAEA,EAAA,IAAI,qBAAuB,EAAA;AACzB,IAAA,YAAA,CAAa,IAAI,qBAAqB,CAAA,CAAA;AAAA,GACxC;AACA,EAAa,YAAA,CAAA,GAAA,CAAIE,+BAAiB,CAAA,CAAA;AAElC,EAAO,MAAA,CAAA,GAAA,CAAI,WAAW,YAAY,CAAA,CAAA;AAClC,EAAO,MAAA,CAAA,GAAA;AAAA,IACLF,wBAAA,CAAQ,OAAO,OAAS,EAAA;AAAA,MACtB,UAAA,EAAY,CAAC,GAAA,EAAK,IAAS,KAAA;AAGzB,QAAA,IACGA,yBAAQ,MAAO,CAAA,IAAA,CAAyB,MAAO,CAAA,IAAI,MAAM,WAC1D,EAAA;AACA,UAAI,GAAA,CAAA,SAAA,CAAU,iBAAiB,sBAAsB,CAAA,CAAA;AAAA,SACvD;AAAA,OACF;AAAA,KACD,CAAA;AAAA,GACH,CAAA;AAEA,EAAA,MAAA,CAAO,GAAI,CAAA,IAAA,EAAM,CAAC,IAAA,EAAM,GAAQ,KAAA;AAC9B,IAAA,GAAA,CAAI,QAAS,CAAAX,YAAA,CAAY,OAAS,EAAA,YAAY,CAAG,EAAA;AAAA,MAC/C,OAAS,EAAA;AAAA;AAAA;AAAA,QAGP,eAAiB,EAAA,sBAAA;AAAA,OACnB;AAAA,KACD,CAAA,CAAA;AAAA,GACF,CAAA,CAAA;AAED,EAAO,OAAA,MAAA,CAAA;AACT;;;;"}
+{"version":3,"file":"router-Bff6_vkM.cjs.js","sources":["../../src/lib/config.ts","../../src/lib/assets/StaticAssetsStore.ts","../../src/lib/assets/findStaticAssets.ts","../../src/lib/headers.ts","../../src/lib/assets/createStaticAssetMiddleware.ts","../../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport fs from 'fs-extra';\nimport { resolve as resolvePath } from 'path';\nimport { AppConfig, Config } from '@backstage/config';\nimport { JsonObject } from '@backstage/types';\nimport {\n  ConfigSchema,\n  loadConfigSchema,\n  readEnvConfig,\n} from '@backstage/config-loader';\nimport { LoggerService } from '@backstage/backend-plugin-api';\n\ntype InjectOptions = {\n  appConfigs: AppConfig[];\n  // Directory of the static JS files to search for file to inject\n  staticDir: string;\n  logger: LoggerService;\n};\n\n/**\n * Injects configs into the app bundle, replacing any existing injected config.\n */\nexport async function injectConfig(\n  options: InjectOptions,\n): Promise<string | undefined> {\n  const { staticDir, logger, appConfigs } = options;\n\n  const files = await fs.readdir(staticDir);\n  const jsFiles = files.filter(file => file.endsWith('.js'));\n\n  const escapedData = JSON.stringify(appConfigs).replace(/(\"|'|\\\\)/g, '\\\\$1');\n  const injected = `/*__APP_INJECTED_CONFIG_MARKER__*/\"${escapedData}\"/*__INJECTED_END__*/`;\n\n  for (const jsFile of jsFiles) {\n    const path = resolvePath(staticDir, jsFile);\n\n    const content = await fs.readFile(path, 'utf8');\n    if (content.includes('__APP_INJECTED_RUNTIME_CONFIG__')) {\n      logger.info(`Injecting env config into ${jsFile}`);\n\n      const newContent = content.replaceAll(\n        '\"__APP_INJECTED_RUNTIME_CONFIG__\"',\n        injected,\n      );\n      await fs.writeFile(path, newContent, 'utf8');\n      return path;\n    } else if (content.includes('__APP_INJECTED_CONFIG_MARKER__')) {\n      logger.info(`Replacing injected env config in ${jsFile}`);\n\n      const newContent = content.replaceAll(\n        /\\/\\*__APP_INJECTED_CONFIG_MARKER__\\*\\/.*?\\/\\*__INJECTED_END__\\*\\//g,\n        injected,\n      );\n      await fs.writeFile(path, newContent, 'utf8');\n      return path;\n    }\n  }\n  logger.info('Env config not injected');\n  return undefined;\n}\n\ntype ReadOptions = {\n  env: { [name: string]: string | undefined };\n  appDistDir: string;\n  config: Config;\n  schema?: ConfigSchema;\n};\n\n/**\n * Read config from environment and process the backend config using the\n * schema that is embedded in the frontend build.\n */\nexport async function readConfigs(options: ReadOptions): Promise<AppConfig[]> {\n  const { env, appDistDir, config } = options;\n\n  const appConfigs = readEnvConfig(env);\n\n  const schemaPath = resolvePath(appDistDir, '.config-schema.json');\n  if (await fs.pathExists(schemaPath)) {\n    const serializedSchema = await fs.readJson(schemaPath);\n\n    try {\n      const schema =\n        options.schema ||\n        (await loadConfigSchema({\n          serialized: serializedSchema,\n        }));\n\n      const frontendConfigs = await schema.process(\n        [{ data: config.get() as JsonObject, context: 'app' }],\n        { visibility: ['frontend'], withDeprecatedKeys: true },\n      );\n      appConfigs.push(...frontendConfigs);\n    } catch (error) {\n      throw new Error(\n        'Invalid app bundle schema. If this error is unexpected you need to run `yarn build` in the app. ' +\n          `If that doesn't help you should make sure your config schema is correct and rebuild the app bundle again. ` +\n          `Caused by the following schema error, ${error}`,\n      );\n    }\n  }\n\n  return appConfigs;\n}\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  PluginDatabaseManager,\n  resolvePackagePath,\n} from '@backstage/backend-common';\nimport { Knex } from 'knex';\nimport { DateTime } from 'luxon';\nimport partition from 'lodash/partition';\nimport { StaticAsset, StaticAssetInput, StaticAssetProvider } from './types';\nimport { LoggerService } from '@backstage/backend-plugin-api';\n\nconst migrationsDir = resolvePackagePath(\n  '@backstage/plugin-app-backend',\n  'migrations',\n);\n\ninterface StaticAssetRow {\n  path: string;\n  content: Buffer;\n  namespace: string | null;\n  last_modified_at: Date;\n}\n\n/** @internal */\nexport interface StaticAssetsStoreOptions {\n  database: PluginDatabaseManager;\n  logger: LoggerService;\n}\n\n/**\n * A storage for static assets that are assumed to be immutable.\n *\n * @internal\n */\nexport class StaticAssetsStore implements StaticAssetProvider {\n  #db: Knex;\n  #logger: LoggerService;\n  #namespace: string;\n\n  static async create(options: StaticAssetsStoreOptions) {\n    const { database } = options;\n    const client = await database.getClient();\n\n    if (!database.migrations?.skip) {\n      await client.migrate.latest({\n        directory: migrationsDir,\n      });\n    }\n\n    return new StaticAssetsStore(client, options.logger);\n  }\n\n  private constructor(client: Knex, logger: LoggerService, namespace?: string) {\n    this.#db = client;\n    this.#logger = logger;\n    this.#namespace = namespace ?? 'default';\n  }\n\n  /**\n   * Creates a new store with the provided namespace, using the same underlying storage.\n   */\n  withNamespace(namespace: string): StaticAssetsStore {\n    return new StaticAssetsStore(this.#db, this.#logger, namespace);\n  }\n\n  /**\n   * Store the provided assets.\n   *\n   * If an asset for a given path already exists the modification time will be\n   * updated, but the contents will not.\n   */\n  async storeAssets(assets: StaticAssetInput[]) {\n    const existingRows = await this.#db<StaticAssetRow>('static_assets_cache')\n      .where('namespace', this.#namespace)\n      .whereIn(\n        'path',\n        assets.map(a => a.path),\n      );\n    const existingAssetPaths = new Set(existingRows.map(r => r.path));\n\n    const [modified, added] = partition(assets, asset =>\n      existingAssetPaths.has(asset.path),\n    );\n\n    this.#logger.info(\n      `Storing ${modified.length} updated assets and ${added.length} new assets`,\n    );\n\n    await this.#db('static_assets_cache')\n      .update({\n        last_modified_at: this.#db.fn.now(),\n      })\n      .where('namespace', this.#namespace)\n      .whereIn(\n        'path',\n        modified.map(a => a.path),\n      );\n\n    for (const asset of added) {\n      // We ignore conflicts with other nodes, it doesn't matter if someone else\n      // added the same asset just before us.\n      await this.#db('static_assets_cache')\n        .insert({\n          path: asset.path,\n          content: await asset.content(),\n          namespace: this.#namespace,\n        })\n        .onConflict(['namespace', 'path'])\n        .ignore();\n    }\n  }\n\n  /**\n   * Retrieve an asset from the store with the given path.\n   */\n  async getAsset(path: string): Promise<StaticAsset | undefined> {\n    const [row] = await this.#db<StaticAssetRow>('static_assets_cache').where({\n      path,\n      namespace: this.#namespace,\n    });\n    if (!row) {\n      return undefined;\n    }\n    return {\n      path: row.path,\n      content: row.content,\n      lastModifiedAt:\n        typeof row.last_modified_at === 'string'\n          ? DateTime.fromSQL(row.last_modified_at, { zone: 'UTC' }).toJSDate()\n          : row.last_modified_at,\n    };\n  }\n\n  /**\n   * Delete any assets from the store whose modification time is older than the max age.\n   */\n  async trimAssets(options: { maxAgeSeconds: number }) {\n    const { maxAgeSeconds } = options;\n    let lastModifiedInterval = this.#db.raw(\n      `now() + interval '${-maxAgeSeconds} seconds'`,\n    );\n    if (this.#db.client.config.client.includes('mysql')) {\n      lastModifiedInterval = this.#db.raw(\n        `date_sub(now(), interval ${maxAgeSeconds} second)`,\n      );\n    } else if (this.#db.client.config.client.includes('sqlite3')) {\n      lastModifiedInterval = this.#db.raw(`datetime('now', ?)`, [\n        `-${maxAgeSeconds} seconds`,\n      ]);\n    }\n    await this.#db<StaticAssetRow>('static_assets_cache')\n      .where('namespace', this.#namespace)\n      .where('last_modified_at', '<=', lastModifiedInterval)\n      .delete();\n  }\n}\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport fs from 'fs-extra';\nimport globby from 'globby';\nimport { StaticAssetInput } from './types';\nimport { resolveSafeChildPath } from '@backstage/backend-common';\n\n/**\n * Finds all static assets within a directory\n *\n * @internal\n */\nexport async function findStaticAssets(\n  staticDir: string,\n): Promise<StaticAssetInput[]> {\n  const assetPaths = await globby('**/*', {\n    ignore: ['**/*.map'], // Ignore source maps since they're quite large\n    cwd: staticDir,\n    dot: true,\n  });\n\n  return assetPaths.map(path => ({\n    path,\n    content: async () => fs.readFile(resolveSafeChildPath(staticDir, path)),\n  }));\n}\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nexport const CACHE_CONTROL_NO_CACHE = 'no-store, max-age=0';\nexport const CACHE_CONTROL_MAX_CACHE = 'public, max-age=1209600'; // 14 days\nexport const CACHE_CONTROL_REVALIDATE_CACHE = 'no-cache'; // require revalidating cached responses before reuse them.\n","/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { extname } from 'path';\nimport { RequestHandler } from 'express';\nimport { StaticAssetProvider } from './types';\nimport { CACHE_CONTROL_MAX_CACHE } from '../headers';\n\n/**\n * Creates a middleware that serves static assets from a static asset provider\n *\n * @internal\n */\nexport function createStaticAssetMiddleware(\n  store: StaticAssetProvider,\n): RequestHandler {\n  return (req, res, next) => {\n    if (req.method !== 'GET' && req.method !== 'HEAD') {\n      next();\n      return;\n    }\n\n    // Let's not assume we're in promise-router\n    Promise.resolve(\n      (async () => {\n        // Drop leading slashes from the incoming path\n        const path = req.path.startsWith('/') ? req.path.slice(1) : req.path;\n\n        const asset = await store.getAsset(path);\n        if (!asset) {\n          next();\n          return;\n        }\n\n        // Set the Content-Type header, falling back to octet-stream\n        const ext = extname(asset.path);\n        if (ext) {\n          res.type(ext);\n        } else {\n          res.type('bin');\n        }\n\n        // Same as our express.static override\n        res.setHeader('Cache-Control', CACHE_CONTROL_MAX_CACHE);\n        res.setHeader('Last-Modified', asset.lastModifiedAt.toUTCString());\n\n        res.send(asset.content);\n      })(),\n    ).catch(next);\n  };\n}\n","/*\n * Copyright 2020 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  notFoundHandler,\n  PluginDatabaseManager,\n  resolvePackagePath,\n} from '@backstage/backend-common';\nimport { AppConfig, Config } from '@backstage/config';\nimport helmet from 'helmet';\nimport express from 'express';\nimport Router from 'express-promise-router';\nimport fs from 'fs-extra';\nimport { resolve as resolvePath } from 'path';\nimport { injectConfig, readConfigs } from '../lib/config';\nimport {\n  createStaticAssetMiddleware,\n  findStaticAssets,\n  StaticAssetsStore,\n} from '../lib/assets';\nimport {\n  CACHE_CONTROL_MAX_CACHE,\n  CACHE_CONTROL_NO_CACHE,\n  CACHE_CONTROL_REVALIDATE_CACHE,\n} from '../lib/headers';\nimport { ConfigSchema } from '@backstage/config-loader';\nimport {\n  AuthService,\n  HttpAuthService,\n  LoggerService,\n} from '@backstage/backend-plugin-api';\nimport { AuthenticationError } from '@backstage/errors';\n\n// express uses mime v1 while we only have types for mime v2\ntype Mime = { lookup(arg0: string): string };\n\n/** @public */\nexport interface RouterOptions {\n  config: Config;\n  logger: LoggerService;\n  auth?: AuthService;\n  httpAuth?: HttpAuthService;\n\n  /**\n   * If a database is provided it will be used to cache previously deployed static assets.\n   *\n   * This is a built-in alternative to using a `staticFallbackHandler`.\n   */\n  database?: PluginDatabaseManager;\n\n  /**\n   * The name of the app package that content should be served from. The same app package should be\n   * added as a dependency to the backend package in order for it to be accessible at runtime.\n   *\n   * In a typical setup with a single app package this would be set to 'app'.\n   */\n  appPackageName: string;\n\n  /**\n   * A request handler to handle requests for static content that are not present in the app bundle.\n   *\n   * This can be used to avoid issues with clients on older deployment versions trying to access lazy\n   * loaded content that is no longer present. Typically the requests would fall back to a long-term\n   * object store where all recently deployed versions of the app are present.\n   *\n   * Another option is to provide a `database` that will take care of storing the static assets instead.\n   *\n   * If both `database` and `staticFallbackHandler` are provided, the `database` will attempt to serve\n   * static assets first, and if they are not found, the `staticFallbackHandler` will be called.\n   */\n  staticFallbackHandler?: express.Handler;\n\n  /**\n   * Disables the configuration injection. This can be useful if you're running in an environment\n   * with a read-only filesystem, or for some other reason don't want configuration to be injected.\n   *\n   * Note that this will cause the configuration used when building the app bundle to be used, unless\n   * a separate configuration loading strategy is set up.\n   *\n   * This also disables configuration injection though `APP_CONFIG_` environment variables.\n   */\n  disableConfigInjection?: boolean;\n\n  /**\n   *\n   * Provides a ConfigSchema.\n   *\n   */\n  schema?: ConfigSchema;\n}\n\n/** @public */\nexport async function createRouter(\n  options: RouterOptions,\n): Promise<express.Router> {\n  const {\n    config,\n    logger,\n    appPackageName,\n    staticFallbackHandler,\n    auth,\n    httpAuth,\n  } = options;\n\n  const disableConfigInjection =\n    options.disableConfigInjection ??\n    config.getOptionalBoolean('app.disableConfigInjection');\n  const disableStaticFallbackCache = config.getOptionalBoolean(\n    'app.disableStaticFallbackCache',\n  );\n\n  const appDistDir = resolvePackagePath(appPackageName, 'dist');\n  const staticDir = resolvePath(appDistDir, 'static');\n\n  if (!(await fs.pathExists(staticDir))) {\n    if (process.env.NODE_ENV === 'production') {\n      logger.error(\n        `Can't serve static app content from ${staticDir}, directory doesn't exist`,\n      );\n    }\n\n    return Router();\n  }\n\n  logger.info(`Serving static app content from ${appDistDir}`);\n\n  const appConfigs = disableConfigInjection\n    ? undefined\n    : await readConfigs({\n        config,\n        appDistDir,\n        env: process.env,\n      });\n\n  const assetStore =\n    options.database && !disableStaticFallbackCache\n      ? await StaticAssetsStore.create({\n          logger,\n          database: options.database,\n        })\n      : undefined;\n\n  const router = Router();\n\n  router.use(helmet.frameguard({ action: 'deny' }));\n\n  const publicDistDir = resolvePath(appDistDir, 'public');\n\n  const enablePublicEntryPoint =\n    (await fs.pathExists(publicDistDir)) && auth && httpAuth;\n\n  if (enablePublicEntryPoint && auth && httpAuth) {\n    logger.info(\n      `App is running in protected mode, serving public content from ${publicDistDir}`,\n    );\n\n    const publicRouter = Router();\n\n    publicRouter.use(async (req, res, next) => {\n      try {\n        const credentials = await httpAuth.credentials(req, {\n          allow: ['user', 'service', 'none'],\n          allowLimitedAccess: true,\n        });\n\n        if (credentials.principal.type === 'none') {\n          next();\n        } else {\n          next('router');\n        }\n      } catch {\n        // If we fail to authenticate, make sure the session cookie is cleared\n        // and continue as unauthenticated. If the user is logged in they will\n        // immediately be redirected back to the protected app via the POST.\n        await httpAuth.issueUserCookie(res, {\n          credentials: await auth.getNoneCredentials(),\n        });\n        next();\n      }\n    });\n\n    publicRouter.post(\n      '*',\n      express.urlencoded({ extended: true }),\n      async (req, res, next) => {\n        if (req.body.type === 'sign-in') {\n          const credentials = await auth.authenticate(req.body.token);\n\n          if (!auth.isPrincipal(credentials, 'user')) {\n            throw new AuthenticationError('Invalid token, not a user');\n          }\n\n          await httpAuth.issueUserCookie(res, {\n            credentials,\n          });\n\n          // Resume as if it was a GET request towards the outer protected router, serving index.html\n          req.method = 'GET';\n          next('router');\n        } else {\n          throw new Error('Invalid POST request to /');\n        }\n      },\n    );\n\n    publicRouter.use(\n      await createEntryPointRouter({\n        logger: logger.child({ entry: 'public' }),\n        rootDir: publicDistDir,\n        assetStore: assetStore?.withNamespace('public'),\n        appConfigs, // TODO(Rugvip): We should not be including the full config here\n      }),\n    );\n\n    router.use(publicRouter);\n  }\n\n  router.use(\n    await createEntryPointRouter({\n      logger: logger.child({ entry: 'main' }),\n      rootDir: appDistDir,\n      assetStore,\n      staticFallbackHandler,\n      appConfigs,\n    }),\n  );\n\n  return router;\n}\n\nasync function createEntryPointRouter({\n  logger,\n  rootDir,\n  assetStore,\n  staticFallbackHandler,\n  appConfigs,\n}: {\n  logger: LoggerService;\n  rootDir: string;\n  assetStore?: StaticAssetsStore;\n  staticFallbackHandler?: express.Handler;\n  appConfigs?: AppConfig[];\n}) {\n  const staticDir = resolvePath(rootDir, 'static');\n\n  const injectedConfigPath =\n    appConfigs && (await injectConfig({ appConfigs, logger, staticDir }));\n\n  const router = Router();\n\n  // Use a separate router for static content so that a fallback can be provided by backend\n  const staticRouter = Router();\n  staticRouter.use(\n    express.static(staticDir, {\n      setHeaders: (res, path) => {\n        if (path === injectedConfigPath) {\n          res.setHeader('Cache-Control', CACHE_CONTROL_REVALIDATE_CACHE);\n        } else {\n          res.setHeader('Cache-Control', CACHE_CONTROL_MAX_CACHE);\n        }\n      },\n    }),\n  );\n\n  if (assetStore) {\n    const assets = await findStaticAssets(staticDir);\n    await assetStore.storeAssets(assets);\n    // Remove any assets that are older than 7 days\n    await assetStore.trimAssets({ maxAgeSeconds: 60 * 60 * 24 * 7 });\n\n    staticRouter.use(createStaticAssetMiddleware(assetStore));\n  }\n\n  if (staticFallbackHandler) {\n    staticRouter.use(staticFallbackHandler);\n  }\n  staticRouter.use(notFoundHandler());\n\n  router.use('/static', staticRouter);\n  router.use(\n    express.static(rootDir, {\n      setHeaders: (res, path) => {\n        // The Cache-Control header instructs the browser to not cache html files since it might\n        // link to static assets from recently deployed versions.\n        if (\n          (express.static.mime as unknown as Mime).lookup(path) === 'text/html'\n        ) {\n          res.setHeader('Cache-Control', CACHE_CONTROL_NO_CACHE);\n        }\n      },\n    }),\n  );\n\n  router.get('/*', (_req, res) => {\n    res.sendFile(resolvePath(rootDir, 'index.html'), {\n      headers: {\n        // The Cache-Control header instructs the browser to not cache the index.html since it might\n        // link to static assets from recently deployed versions.\n        'cache-control': CACHE_CONTROL_NO_CACHE,\n      },\n    });\n  });\n\n  return router;\n}\n"],"names":["fs","path","resolvePath","readEnvConfig","loadConfigSchema","resolvePackagePath","partition","DateTime","globby","resolveSafeChildPath","extname","Router","helmet","express","AuthenticationError","notFoundHandler"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AAqCA,eAAsB,aACpB,OAC6B,EAAA;AAC7B,EAAA,MAAM,EAAE,SAAA,EAAW,MAAQ,EAAA,UAAA,EAAe,GAAA,OAAA,CAAA;AAE1C,EAAA,MAAM,KAAQ,GAAA,MAAMA,mBAAG,CAAA,OAAA,CAAQ,SAAS,CAAA,CAAA;AACxC,EAAA,MAAM,UAAU,KAAM,CAAA,MAAA,CAAO,UAAQ,IAAK,CAAA,QAAA,CAAS,KAAK,CAAC,CAAA,CAAA;AAEzD,EAAA,MAAM,cAAc,IAAK,CAAA,SAAA,CAAU,UAAU,CAAE,CAAA,OAAA,CAAQ,aAAa,MAAM,CAAA,CAAA;AAC1E,EAAM,MAAA,QAAA,GAAW,sCAAsC,WAAW,CAAA,qBAAA,CAAA,CAAA;AAElE,EAAA,KAAA,MAAW,UAAU,OAAS,EAAA;AAC5B,IAAM,MAAAC,MAAA,GAAOC,YAAY,CAAA,SAAA,EAAW,MAAM,CAAA,CAAA;AAE1C,IAAA,MAAM,OAAU,GAAA,MAAMF,mBAAG,CAAA,QAAA,CAASC,QAAM,MAAM,CAAA,CAAA;AAC9C,IAAI,IAAA,OAAA,CAAQ,QAAS,CAAA,iCAAiC,CAAG,EAAA;AACvD,MAAO,MAAA,CAAA,IAAA,CAAK,CAA6B,0BAAA,EAAA,MAAM,CAAE,CAAA,CAAA,CAAA;AAEjD,MAAA,MAAM,aAAa,OAAQ,CAAA,UAAA;AAAA,QACzB,mCAAA;AAAA,QACA,QAAA;AAAA,OACF,CAAA;AACA,MAAA,MAAMD,mBAAG,CAAA,SAAA,CAAUC,MAAM,EAAA,UAAA,EAAY,MAAM,CAAA,CAAA;AAC3C,MAAO,OAAAA,MAAA,CAAA;AAAA,KACE,MAAA,IAAA,OAAA,CAAQ,QAAS,CAAA,gCAAgC,CAAG,EAAA;AAC7D,MAAO,MAAA,CAAA,IAAA,CAAK,CAAoC,iCAAA,EAAA,MAAM,CAAE,CAAA,CAAA,CAAA;AAExD,MAAA,MAAM,aAAa,OAAQ,CAAA,UAAA;AAAA,QACzB,oEAAA;AAAA,QACA,QAAA;AAAA,OACF,CAAA;AACA,MAAA,MAAMD,mBAAG,CAAA,SAAA,CAAUC,MAAM,EAAA,UAAA,EAAY,MAAM,CAAA,CAAA;AAC3C,MAAO,OAAAA,MAAA,CAAA;AAAA,KACT;AAAA,GACF;AACA,EAAA,MAAA,CAAO,KAAK,yBAAyB,CAAA,CAAA;AACrC,EAAO,OAAA,KAAA,CAAA,CAAA;AACT,CAAA;AAaA,eAAsB,YAAY,OAA4C,EAAA;AAC5E,EAAA,MAAM,EAAE,GAAA,EAAK,UAAY,EAAA,MAAA,EAAW,GAAA,OAAA,CAAA;AAEpC,EAAM,MAAA,UAAA,GAAaE,2BAAc,GAAG,CAAA,CAAA;AAEpC,EAAM,MAAA,UAAA,GAAaD,YAAY,CAAA,UAAA,EAAY,qBAAqB,CAAA,CAAA;AAChE,EAAA,IAAI,MAAMF,mBAAA,CAAG,UAAW,CAAA,UAAU,CAAG,EAAA;AACnC,IAAA,MAAM,gBAAmB,GAAA,MAAMA,mBAAG,CAAA,QAAA,CAAS,UAAU,CAAA,CAAA;AAErD,IAAI,IAAA;AACF,MAAA,MAAM,MACJ,GAAA,OAAA,CAAQ,MACP,IAAA,MAAMI,6BAAiB,CAAA;AAAA,QACtB,UAAY,EAAA,gBAAA;AAAA,OACb,CAAA,CAAA;AAEH,MAAM,MAAA,eAAA,GAAkB,MAAM,MAAO,CAAA,OAAA;AAAA,QACnC,CAAC,EAAE,IAAM,EAAA,MAAA,CAAO,KAAqB,EAAA,OAAA,EAAS,OAAO,CAAA;AAAA,QACrD,EAAE,UAAY,EAAA,CAAC,UAAU,CAAA,EAAG,oBAAoB,IAAK,EAAA;AAAA,OACvD,CAAA;AACA,MAAW,UAAA,CAAA,IAAA,CAAK,GAAG,eAAe,CAAA,CAAA;AAAA,aAC3B,KAAO,EAAA;AACd,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,qPAE2C,KAAK,CAAA,CAAA;AAAA,OAClD,CAAA;AAAA,KACF;AAAA,GACF;AAEA,EAAO,OAAA,UAAA,CAAA;AACT;;;;;;;;;;;;;;;;;;;;ACtHA,IAAA,GAAA,EAAA,OAAA,EAAA,UAAA,CAAA;AA0BA,MAAM,aAAgB,GAAAC,gCAAA;AAAA,EACpB,+BAAA;AAAA,EACA,YAAA;AACF,CAAA,CAAA;AAoBO,MAAM,kBAAA,GAAN,MAAM,kBAAiD,CAAA;AAAA,EAkBpD,WAAA,CAAY,MAAc,EAAA,MAAA,EAAuB,SAAoB,EAAA;AAjB7E,IAAA,YAAA,CAAA,IAAA,EAAA,GAAA,EAAA,KAAA,CAAA,CAAA,CAAA;AACA,IAAA,YAAA,CAAA,IAAA,EAAA,OAAA,EAAA,KAAA,CAAA,CAAA,CAAA;AACA,IAAA,YAAA,CAAA,IAAA,EAAA,UAAA,EAAA,KAAA,CAAA,CAAA,CAAA;AAgBE,IAAA,YAAA,CAAA,IAAA,EAAK,GAAM,EAAA,MAAA,CAAA,CAAA;AACX,IAAA,YAAA,CAAA,IAAA,EAAK,OAAU,EAAA,MAAA,CAAA,CAAA;AACf,IAAA,YAAA,CAAA,IAAA,EAAK,YAAa,SAAa,IAAA,IAAA,GAAA,SAAA,GAAA,SAAA,CAAA,CAAA;AAAA,GACjC;AAAA,EAjBA,aAAa,OAAO,OAAmC,EAAA;AAtDzD,IAAA,IAAA,EAAA,CAAA;AAuDI,IAAM,MAAA,EAAE,UAAa,GAAA,OAAA,CAAA;AACrB,IAAM,MAAA,MAAA,GAAS,MAAM,QAAA,CAAS,SAAU,EAAA,CAAA;AAExC,IAAA,IAAI,EAAC,CAAA,EAAA,GAAA,QAAA,CAAS,UAAT,KAAA,IAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAqB,IAAM,CAAA,EAAA;AAC9B,MAAM,MAAA,MAAA,CAAO,QAAQ,MAAO,CAAA;AAAA,QAC1B,SAAW,EAAA,aAAA;AAAA,OACZ,CAAA,CAAA;AAAA,KACH;AAEA,IAAA,OAAO,IAAI,kBAAA,CAAkB,MAAQ,EAAA,OAAA,CAAQ,MAAM,CAAA,CAAA;AAAA,GACrD;AAAA;AAAA;AAAA;AAAA,EAWA,cAAc,SAAsC,EAAA;AAClD,IAAA,OAAO,IAAI,kBAAkB,CAAA,YAAA,CAAA,IAAA,EAAK,GAAK,CAAA,EAAA,YAAA,CAAA,IAAA,EAAK,UAAS,SAAS,CAAA,CAAA;AAAA,GAChE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,YAAY,MAA4B,EAAA;AAC5C,IAAM,MAAA,YAAA,GAAe,MAAM,YAAA,CAAA,IAAA,EAAK,GAAL,CAAA,CAAA,IAAA,CAAA,IAAA,EAAyB,uBACjD,KAAM,CAAA,WAAA,EAAa,YAAK,CAAA,IAAA,EAAA,UAAA,CAAU,CAClC,CAAA,OAAA;AAAA,MACC,MAAA;AAAA,MACA,MAAO,CAAA,GAAA,CAAI,CAAK,CAAA,KAAA,CAAA,CAAE,IAAI,CAAA;AAAA,KACxB,CAAA;AACF,IAAM,MAAA,kBAAA,GAAqB,IAAI,GAAI,CAAA,YAAA,CAAa,IAAI,CAAK,CAAA,KAAA,CAAA,CAAE,IAAI,CAAC,CAAA,CAAA;AAEhE,IAAM,MAAA,CAAC,QAAU,EAAA,KAAK,CAAI,GAAAC,0BAAA;AAAA,MAAU,MAAA;AAAA,MAAQ,CAC1C,KAAA,KAAA,kBAAA,CAAmB,GAAI,CAAA,KAAA,CAAM,IAAI,CAAA;AAAA,KACnC,CAAA;AAEA,IAAA,YAAA,CAAA,IAAA,EAAK,OAAQ,CAAA,CAAA,IAAA;AAAA,MACX,CAAW,QAAA,EAAA,QAAA,CAAS,MAAM,CAAA,oBAAA,EAAuB,MAAM,MAAM,CAAA,WAAA,CAAA;AAAA,KAC/D,CAAA;AAEA,IAAA,MAAM,YAAK,CAAA,IAAA,EAAA,GAAA,CAAA,CAAL,IAAS,CAAA,IAAA,EAAA,qBAAA,CAAA,CACZ,MAAO,CAAA;AAAA,MACN,gBAAkB,EAAA,YAAA,CAAA,IAAA,EAAK,GAAI,CAAA,CAAA,EAAA,CAAG,GAAI,EAAA;AAAA,KACnC,CACA,CAAA,KAAA,CAAM,WAAa,EAAA,YAAA,CAAA,IAAA,EAAK,WAAU,CAClC,CAAA,OAAA;AAAA,MACC,MAAA;AAAA,MACA,QAAS,CAAA,GAAA,CAAI,CAAK,CAAA,KAAA,CAAA,CAAE,IAAI,CAAA;AAAA,KAC1B,CAAA;AAEF,IAAA,KAAA,MAAW,SAAS,KAAO,EAAA;AAGzB,MAAA,MAAM,YAAK,CAAA,IAAA,EAAA,GAAA,CAAA,CAAL,IAAS,CAAA,IAAA,EAAA,qBAAA,CAAA,CACZ,MAAO,CAAA;AAAA,QACN,MAAM,KAAM,CAAA,IAAA;AAAA,QACZ,OAAA,EAAS,MAAM,KAAA,CAAM,OAAQ,EAAA;AAAA,QAC7B,WAAW,YAAK,CAAA,IAAA,EAAA,UAAA,CAAA;AAAA,OACjB,EACA,UAAW,CAAA,CAAC,aAAa,MAAM,CAAC,EAChC,MAAO,EAAA,CAAA;AAAA,KACZ;AAAA,GACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAS,IAAgD,EAAA;AAC7D,IAAM,MAAA,CAAC,GAAG,CAAI,GAAA,MAAM,mBAAK,GAAL,CAAA,CAAA,IAAA,CAAA,IAAA,EAAyB,uBAAuB,KAAM,CAAA;AAAA,MACxE,IAAA;AAAA,MACA,WAAW,YAAK,CAAA,IAAA,EAAA,UAAA,CAAA;AAAA,KACjB,CAAA,CAAA;AACD,IAAA,IAAI,CAAC,GAAK,EAAA;AACR,MAAO,OAAA,KAAA,CAAA,CAAA;AAAA,KACT;AACA,IAAO,OAAA;AAAA,MACL,MAAM,GAAI,CAAA,IAAA;AAAA,MACV,SAAS,GAAI,CAAA,OAAA;AAAA,MACb,gBACE,OAAO,GAAA,CAAI,gBAAqB,KAAA,QAAA,GAC5BC,eAAS,OAAQ,CAAA,GAAA,CAAI,gBAAkB,EAAA,EAAE,MAAM,KAAM,EAAC,CAAE,CAAA,QAAA,KACxD,GAAI,CAAA,gBAAA;AAAA,KACZ,CAAA;AAAA,GACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAW,OAAoC,EAAA;AACnD,IAAM,MAAA,EAAE,eAAkB,GAAA,OAAA,CAAA;AAC1B,IAAI,IAAA,oBAAA,GAAuB,mBAAK,GAAI,CAAA,CAAA,GAAA;AAAA,MAClC,CAAA,kBAAA,EAAqB,CAAC,aAAa,CAAA,SAAA,CAAA;AAAA,KACrC,CAAA;AACA,IAAA,IAAI,mBAAK,GAAI,CAAA,CAAA,MAAA,CAAO,OAAO,MAAO,CAAA,QAAA,CAAS,OAAO,CAAG,EAAA;AACnD,MAAA,oBAAA,GAAuB,mBAAK,GAAI,CAAA,CAAA,GAAA;AAAA,QAC9B,4BAA4B,aAAa,CAAA,QAAA,CAAA;AAAA,OAC3C,CAAA;AAAA,KACF,MAAA,IAAW,mBAAK,GAAI,CAAA,CAAA,MAAA,CAAO,OAAO,MAAO,CAAA,QAAA,CAAS,SAAS,CAAG,EAAA;AAC5D,MAAuB,oBAAA,GAAA,YAAA,CAAA,IAAA,EAAK,GAAI,CAAA,CAAA,GAAA,CAAI,CAAsB,kBAAA,CAAA,EAAA;AAAA,QACxD,IAAI,aAAa,CAAA,QAAA,CAAA;AAAA,OAClB,CAAA,CAAA;AAAA,KACH;AACA,IAAA,MAAM,YAAK,CAAA,IAAA,EAAA,GAAA,CAAA,CAAL,IAAyB,CAAA,IAAA,EAAA,qBAAA,CAAA,CAC5B,MAAM,WAAa,EAAA,YAAA,CAAA,IAAA,EAAK,UAAU,CAAA,CAAA,CAClC,KAAM,CAAA,kBAAA,EAAoB,IAAM,EAAA,oBAAoB,EACpD,MAAO,EAAA,CAAA;AAAA,GACZ;AACF,CAAA,CAAA;AAxHE,GAAA,GAAA,IAAA,OAAA,EAAA,CAAA;AACA,OAAA,GAAA,IAAA,OAAA,EAAA,CAAA;AACA,UAAA,GAAA,IAAA,OAAA,EAAA,CAAA;AAHK,IAAM,iBAAN,GAAA,kBAAA;;ACvBP,eAAsB,iBACpB,SAC6B,EAAA;AAC7B,EAAM,MAAA,UAAA,GAAa,MAAMC,uBAAA,CAAO,MAAQ,EAAA;AAAA,IACtC,MAAA,EAAQ,CAAC,UAAU,CAAA;AAAA;AAAA,IACnB,GAAK,EAAA,SAAA;AAAA,IACL,GAAK,EAAA,IAAA;AAAA,GACN,CAAA,CAAA;AAED,EAAO,OAAA,UAAA,CAAW,IAAI,CAAS,IAAA,MAAA;AAAA,IAC7B,IAAA;AAAA,IACA,SAAS,YAAYR,mBAAA,CAAG,SAASS,kCAAqB,CAAA,SAAA,EAAW,IAAI,CAAC,CAAA;AAAA,GACtE,CAAA,CAAA,CAAA;AACJ;;ACvBO,MAAM,sBAAyB,GAAA,qBAAA,CAAA;AAC/B,MAAM,uBAA0B,GAAA,yBAAA,CAAA;AAChC,MAAM,8BAAiC,GAAA,UAAA;;ACQvC,SAAS,4BACd,KACgB,EAAA;AAChB,EAAO,OAAA,CAAC,GAAK,EAAA,GAAA,EAAK,IAAS,KAAA;AACzB,IAAA,IAAI,GAAI,CAAA,MAAA,KAAW,KAAS,IAAA,GAAA,CAAI,WAAW,MAAQ,EAAA;AACjD,MAAK,IAAA,EAAA,CAAA;AACL,MAAA,OAAA;AAAA,KACF;AAGA,IAAQ,OAAA,CAAA,OAAA;AAAA,MAAA,CACL,YAAY;AAEX,QAAM,MAAAR,MAAA,GAAO,GAAI,CAAA,IAAA,CAAK,UAAW,CAAA,GAAG,CAAI,GAAA,GAAA,CAAI,IAAK,CAAA,KAAA,CAAM,CAAC,CAAA,GAAI,GAAI,CAAA,IAAA,CAAA;AAEhE,QAAA,MAAM,KAAQ,GAAA,MAAM,KAAM,CAAA,QAAA,CAASA,MAAI,CAAA,CAAA;AACvC,QAAA,IAAI,CAAC,KAAO,EAAA;AACV,UAAK,IAAA,EAAA,CAAA;AACL,UAAA,OAAA;AAAA,SACF;AAGA,QAAM,MAAA,GAAA,GAAMS,YAAQ,CAAA,KAAA,CAAM,IAAI,CAAA,CAAA;AAC9B,QAAA,IAAI,GAAK,EAAA;AACP,UAAA,GAAA,CAAI,KAAK,GAAG,CAAA,CAAA;AAAA,SACP,MAAA;AACL,UAAA,GAAA,CAAI,KAAK,KAAK,CAAA,CAAA;AAAA,SAChB;AAGA,QAAI,GAAA,CAAA,SAAA,CAAU,iBAAiB,uBAAuB,CAAA,CAAA;AACtD,QAAA,GAAA,CAAI,SAAU,CAAA,eAAA,EAAiB,KAAM,CAAA,cAAA,CAAe,aAAa,CAAA,CAAA;AAEjE,QAAI,GAAA,CAAA,IAAA,CAAK,MAAM,OAAO,CAAA,CAAA;AAAA,OACrB,GAAA;AAAA,KACL,CAAE,MAAM,IAAI,CAAA,CAAA;AAAA,GACd,CAAA;AACF;;AC0CA,eAAsB,aACpB,OACyB,EAAA;AA3G3B,EAAA,IAAA,EAAA,CAAA;AA4GE,EAAM,MAAA;AAAA,IACJ,MAAA;AAAA,IACA,MAAA;AAAA,IACA,cAAA;AAAA,IACA,qBAAA;AAAA,IACA,IAAA;AAAA,IACA,QAAA;AAAA,GACE,GAAA,OAAA,CAAA;AAEJ,EAAA,MAAM,0BACJ,EAAQ,GAAA,OAAA,CAAA,sBAAA,KAAR,IACA,GAAA,EAAA,GAAA,MAAA,CAAO,mBAAmB,4BAA4B,CAAA,CAAA;AACxD,EAAA,MAAM,6BAA6B,MAAO,CAAA,kBAAA;AAAA,IACxC,gCAAA;AAAA,GACF,CAAA;AAEA,EAAM,MAAA,UAAA,GAAaL,gCAAmB,CAAA,cAAA,EAAgB,MAAM,CAAA,CAAA;AAC5D,EAAM,MAAA,SAAA,GAAYH,YAAY,CAAA,UAAA,EAAY,QAAQ,CAAA,CAAA;AAElD,EAAA,IAAI,CAAE,MAAMF,mBAAG,CAAA,UAAA,CAAW,SAAS,CAAI,EAAA;AACrC,IAAI,IAAA,OAAA,CAAQ,GAAI,CAAA,QAAA,KAAa,YAAc,EAAA;AACzC,MAAO,MAAA,CAAA,KAAA;AAAA,QACL,uCAAuC,SAAS,CAAA,yBAAA,CAAA;AAAA,OAClD,CAAA;AAAA,KACF;AAEA,IAAA,OAAOW,uBAAO,EAAA,CAAA;AAAA,GAChB;AAEA,EAAO,MAAA,CAAA,IAAA,CAAK,CAAmC,gCAAA,EAAA,UAAU,CAAE,CAAA,CAAA,CAAA;AAE3D,EAAA,MAAM,UAAa,GAAA,sBAAA,GACf,KACA,CAAA,GAAA,MAAM,WAAY,CAAA;AAAA,IAChB,MAAA;AAAA,IACA,UAAA;AAAA,IACA,KAAK,OAAQ,CAAA,GAAA;AAAA,GACd,CAAA,CAAA;AAEL,EAAA,MAAM,aACJ,OAAQ,CAAA,QAAA,IAAY,CAAC,0BACjB,GAAA,MAAM,kBAAkB,MAAO,CAAA;AAAA,IAC7B,MAAA;AAAA,IACA,UAAU,OAAQ,CAAA,QAAA;AAAA,GACnB,CACD,GAAA,KAAA,CAAA,CAAA;AAEN,EAAA,MAAM,SAASA,uBAAO,EAAA,CAAA;AAEtB,EAAA,MAAA,CAAO,IAAIC,uBAAO,CAAA,UAAA,CAAW,EAAE,MAAQ,EAAA,MAAA,EAAQ,CAAC,CAAA,CAAA;AAEhD,EAAM,MAAA,aAAA,GAAgBV,YAAY,CAAA,UAAA,EAAY,QAAQ,CAAA,CAAA;AAEtD,EAAA,MAAM,yBACH,MAAMF,mBAAA,CAAG,UAAW,CAAA,aAAa,KAAM,IAAQ,IAAA,QAAA,CAAA;AAElD,EAAI,IAAA,sBAAA,IAA0B,QAAQ,QAAU,EAAA;AAC9C,IAAO,MAAA,CAAA,IAAA;AAAA,MACL,iEAAiE,aAAa,CAAA,CAAA;AAAA,KAChF,CAAA;AAEA,IAAA,MAAM,eAAeW,uBAAO,EAAA,CAAA;AAE5B,IAAA,YAAA,CAAa,GAAI,CAAA,OAAO,GAAK,EAAA,GAAA,EAAK,IAAS,KAAA;AACzC,MAAI,IAAA;AACF,QAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,GAAK,EAAA;AAAA,UAClD,KAAO,EAAA,CAAC,MAAQ,EAAA,SAAA,EAAW,MAAM,CAAA;AAAA,UACjC,kBAAoB,EAAA,IAAA;AAAA,SACrB,CAAA,CAAA;AAED,QAAI,IAAA,WAAA,CAAY,SAAU,CAAA,IAAA,KAAS,MAAQ,EAAA;AACzC,UAAK,IAAA,EAAA,CAAA;AAAA,SACA,MAAA;AACL,UAAA,IAAA,CAAK,QAAQ,CAAA,CAAA;AAAA,SACf;AAAA,OACM,CAAA,MAAA;AAIN,QAAM,MAAA,QAAA,CAAS,gBAAgB,GAAK,EAAA;AAAA,UAClC,WAAA,EAAa,MAAM,IAAA,CAAK,kBAAmB,EAAA;AAAA,SAC5C,CAAA,CAAA;AACD,QAAK,IAAA,EAAA,CAAA;AAAA,OACP;AAAA,KACD,CAAA,CAAA;AAED,IAAa,YAAA,CAAA,IAAA;AAAA,MACX,GAAA;AAAA,MACAE,wBAAQ,CAAA,UAAA,CAAW,EAAE,QAAA,EAAU,MAAM,CAAA;AAAA,MACrC,OAAO,GAAK,EAAA,GAAA,EAAK,IAAS,KAAA;AACxB,QAAI,IAAA,GAAA,CAAI,IAAK,CAAA,IAAA,KAAS,SAAW,EAAA;AAC/B,UAAA,MAAM,cAAc,MAAM,IAAA,CAAK,YAAa,CAAA,GAAA,CAAI,KAAK,KAAK,CAAA,CAAA;AAE1D,UAAA,IAAI,CAAC,IAAA,CAAK,WAAY,CAAA,WAAA,EAAa,MAAM,CAAG,EAAA;AAC1C,YAAM,MAAA,IAAIC,2BAAoB,2BAA2B,CAAA,CAAA;AAAA,WAC3D;AAEA,UAAM,MAAA,QAAA,CAAS,gBAAgB,GAAK,EAAA;AAAA,YAClC,WAAA;AAAA,WACD,CAAA,CAAA;AAGD,UAAA,GAAA,CAAI,MAAS,GAAA,KAAA,CAAA;AACb,UAAA,IAAA,CAAK,QAAQ,CAAA,CAAA;AAAA,SACR,MAAA;AACL,UAAM,MAAA,IAAI,MAAM,2BAA2B,CAAA,CAAA;AAAA,SAC7C;AAAA,OACF;AAAA,KACF,CAAA;AAEA,IAAa,YAAA,CAAA,GAAA;AAAA,MACX,MAAM,sBAAuB,CAAA;AAAA,QAC3B,QAAQ,MAAO,CAAA,KAAA,CAAM,EAAE,KAAA,EAAO,UAAU,CAAA;AAAA,QACxC,OAAS,EAAA,aAAA;AAAA,QACT,UAAA,EAAY,yCAAY,aAAc,CAAA,QAAA,CAAA;AAAA,QACtC,UAAA;AAAA;AAAA,OACD,CAAA;AAAA,KACH,CAAA;AAEA,IAAA,MAAA,CAAO,IAAI,YAAY,CAAA,CAAA;AAAA,GACzB;AAEA,EAAO,MAAA,CAAA,GAAA;AAAA,IACL,MAAM,sBAAuB,CAAA;AAAA,MAC3B,QAAQ,MAAO,CAAA,KAAA,CAAM,EAAE,KAAA,EAAO,QAAQ,CAAA;AAAA,MACtC,OAAS,EAAA,UAAA;AAAA,MACT,UAAA;AAAA,MACA,qBAAA;AAAA,MACA,UAAA;AAAA,KACD,CAAA;AAAA,GACH,CAAA;AAEA,EAAO,OAAA,MAAA,CAAA;AACT,CAAA;AAEA,eAAe,sBAAuB,CAAA;AAAA,EACpC,MAAA;AAAA,EACA,OAAA;AAAA,EACA,UAAA;AAAA,EACA,qBAAA;AAAA,EACA,UAAA;AACF,CAMG,EAAA;AACD,EAAM,MAAA,SAAA,GAAYZ,YAAY,CAAA,OAAA,EAAS,QAAQ,CAAA,CAAA;AAE/C,EAAM,MAAA,kBAAA,GACJ,cAAe,MAAM,YAAA,CAAa,EAAE,UAAY,EAAA,MAAA,EAAQ,WAAW,CAAA,CAAA;AAErE,EAAA,MAAM,SAASS,uBAAO,EAAA,CAAA;AAGtB,EAAA,MAAM,eAAeA,uBAAO,EAAA,CAAA;AAC5B,EAAa,YAAA,CAAA,GAAA;AAAA,IACXE,wBAAA,CAAQ,OAAO,SAAW,EAAA;AAAA,MACxB,UAAA,EAAY,CAAC,GAAA,EAAK,IAAS,KAAA;AACzB,QAAA,IAAI,SAAS,kBAAoB,EAAA;AAC/B,UAAI,GAAA,CAAA,SAAA,CAAU,iBAAiB,8BAA8B,CAAA,CAAA;AAAA,SACxD,MAAA;AACL,UAAI,GAAA,CAAA,SAAA,CAAU,iBAAiB,uBAAuB,CAAA,CAAA;AAAA,SACxD;AAAA,OACF;AAAA,KACD,CAAA;AAAA,GACH,CAAA;AAEA,EAAA,IAAI,UAAY,EAAA;AACd,IAAM,MAAA,MAAA,GAAS,MAAM,gBAAA,CAAiB,SAAS,CAAA,CAAA;AAC/C,IAAM,MAAA,UAAA,CAAW,YAAY,MAAM,CAAA,CAAA;AAEnC,IAAM,MAAA,UAAA,CAAW,WAAW,EAAE,aAAA,EAAe,KAAK,EAAK,GAAA,EAAA,GAAK,GAAG,CAAA,CAAA;AAE/D,IAAa,YAAA,CAAA,GAAA,CAAI,2BAA4B,CAAA,UAAU,CAAC,CAAA,CAAA;AAAA,GAC1D;AAEA,EAAA,IAAI,qBAAuB,EAAA;AACzB,IAAA,YAAA,CAAa,IAAI,qBAAqB,CAAA,CAAA;AAAA,GACxC;AACA,EAAa,YAAA,CAAA,GAAA,CAAIE,+BAAiB,CAAA,CAAA;AAElC,EAAO,MAAA,CAAA,GAAA,CAAI,WAAW,YAAY,CAAA,CAAA;AAClC,EAAO,MAAA,CAAA,GAAA;AAAA,IACLF,wBAAA,CAAQ,OAAO,OAAS,EAAA;AAAA,MACtB,UAAA,EAAY,CAAC,GAAA,EAAK,IAAS,KAAA;AAGzB,QAAA,IACGA,yBAAQ,MAAO,CAAA,IAAA,CAAyB,MAAO,CAAA,IAAI,MAAM,WAC1D,EAAA;AACA,UAAI,GAAA,CAAA,SAAA,CAAU,iBAAiB,sBAAsB,CAAA,CAAA;AAAA,SACvD;AAAA,OACF;AAAA,KACD,CAAA;AAAA,GACH,CAAA;AAEA,EAAA,MAAA,CAAO,GAAI,CAAA,IAAA,EAAM,CAAC,IAAA,EAAM,GAAQ,KAAA;AAC9B,IAAA,GAAA,CAAI,QAAS,CAAAX,YAAA,CAAY,OAAS,EAAA,YAAY,CAAG,EAAA;AAAA,MAC/C,OAAS,EAAA;AAAA;AAAA;AAAA,QAGP,eAAiB,EAAA,sBAAA;AAAA,OACnB;AAAA,KACD,CAAA,CAAA;AAAA,GACF,CAAA,CAAA;AAED,EAAO,OAAA,MAAA,CAAA;AACT;;;;"}

package/dist/index.cjs.js

@@ -1,6 +1,6 @@
 'use strict';
 
-var router = require('./cjs/router-B9fabz1o.cjs.js');
+var router = require('./cjs/router-Bff6_vkM.cjs.js');
 require('@backstage/backend-common');
 require('helmet');
 require('express');

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@backstage/plugin-app-backend",
   "description": "A Backstage backend plugin that serves the Backstage frontend app",
-  "version": "0.3.65",
+  "version": "0.3.66-next.0",
   "main": "./dist/index.cjs.js",
   "types": "./dist/index.d.ts",
   "license": "Apache-2.0",
@@ -43,13 +43,13 @@
     "clean": "backstage-cli package clean"
   },
   "dependencies": {
-    "@backstage/backend-common": "^0.21.7",
-    "@backstage/backend-plugin-api": "^0.6.17",
+    "@backstage/backend-common": "^0.21.8-next.0",
+    "@backstage/backend-plugin-api": "^0.6.18-next.0",
     "@backstage/config": "^1.2.0",
     "@backstage/config-loader": "^1.8.0",
     "@backstage/errors": "^1.2.4",
-    "@backstage/plugin-app-node": "^0.1.17",
-    "@backstage/plugin-auth-node": "^0.4.12",
+    "@backstage/plugin-app-node": "^0.1.18-next.0",
+    "@backstage/plugin-auth-node": "^0.4.13-next.0",
     "@backstage/types": "^1.1.1",
     "@types/express": "^4.17.6",
     "express": "^4.17.1",
@@ -63,9 +63,9 @@
     "yn": "^4.0.0"
   },
   "devDependencies": {
-    "@backstage/backend-app-api": "^0.7.0",
-    "@backstage/backend-test-utils": "^0.3.7",
-    "@backstage/cli": "^0.26.3",
+    "@backstage/backend-app-api": "^0.7.1-next.0",
+    "@backstage/backend-test-utils": "^0.3.8-next.0",
+    "@backstage/cli": "^0.26.5-next.0",
     "@backstage/types": "^1.1.1",
     "@types/supertest": "^2.0.8",
     "node-fetch": "^2.6.7",