@base44-preview/cli 0.0.50-pr.484.031bd45 → 0.0.50-pr.484.1c556f7

package/dist/cli/index.js

@@ -219982,7 +219982,8 @@ var theme = {
     bold: source_default.bold,
     dim: source_default.dim,
     error: source_default.red,
-    warn: source_default.yellow
+    warn: source_default.yellow,
+    info: source_default.cyan
   },
   format: {
     errorContext(ctx) {
@@ -242001,88 +242002,123 @@ async function pushCustomOAuthSecret(provider, clientSecret) {
     [providerInfo.customOAuth.secretKey]: clientSecret
   });
 }
-// src/core/resources/auth-config/sso.ts
-var KNOWN_SSO_PROVIDERS = [
-  "google",
-  "microsoft",
-  "github",
-  "okta",
-  "custom"
-];
-var BASE_SSO_SCOPE = "openid email profile";
-var SSO_PROVIDER_SCHEMAS = {
-  google: {
-    requiredKeys: [],
-    defaults: {
-      sso_scope: BASE_SSO_SCOPE,
-      sso_discovery_url: "https://accounts.google.com/.well-known/openid-configuration"
-    }
-  },
-  microsoft: {
-    requiredKeys: ["sso_tenant_id"],
-    defaults: {
-      sso_scope: BASE_SSO_SCOPE
-    },
-    deriveDefaults: (options) => {
-      const tenantId = options.sso_tenant_id;
-      if (tenantId) {
-        return {
-          sso_discovery_url: `https://login.microsoftonline.com/${tenantId}/v2.0/.well-known/openid-configuration`
-        };
-      }
-      return {};
-    }
+// src/core/resources/auth-config/sso/secret-keys.ts
+var SSOSecretKey;
+((SSOSecretKey2) => {
+  SSOSecretKey2["Name"] = "sso_name";
+  SSOSecretKey2["ClientId"] = "sso_client_id";
+  SSOSecretKey2["ClientSecret"] = "sso_client_secret";
+  SSOSecretKey2["Scope"] = "sso_scope";
+  SSOSecretKey2["DiscoveryUrl"] = "sso_discovery_url";
+  SSOSecretKey2["TenantId"] = "sso_tenant_id";
+  SSOSecretKey2["AuthEndpoint"] = "sso_auth_endpoint";
+  SSOSecretKey2["TokenEndpoint"] = "sso_token_endpoint";
+  SSOSecretKey2["UserinfoEndpoint"] = "sso_userinfo_endpoint";
+  SSOSecretKey2["OktaDomain"] = "sso_okta_domain";
+  SSOSecretKey2["JwksUri"] = "sso_jwks_uri";
+})(SSOSecretKey ||= {});
+var ALL_SSO_SECRET_KEYS = Object.values(SSOSecretKey);
+
+// src/core/resources/auth-config/sso/providers/custom.ts
+var DEFAULT_SCOPE = "openid email profile";
+var customProvider = {
+  requiredKeys: [
+    "sso_auth_endpoint" /* AuthEndpoint */,
+    "sso_token_endpoint" /* TokenEndpoint */,
+    "sso_userinfo_endpoint" /* UserinfoEndpoint */,
+    "sso_jwks_uri" /* JwksUri */
+  ],
+  defaults: {
+    ["sso_scope" /* Scope */]: DEFAULT_SCOPE
+  }
+};
+
+// src/core/resources/auth-config/sso/providers/github.ts
+var githubProvider = {
+  requiredKeys: [],
+  defaults: {
+    ["sso_scope" /* Scope */]: "user:email",
+    ["sso_auth_endpoint" /* AuthEndpoint */]: "https://github.com/login/oauth/authorize",
+    ["sso_token_endpoint" /* TokenEndpoint */]: "https://github.com/login/oauth/access_token",
+    ["sso_userinfo_endpoint" /* UserinfoEndpoint */]: "https://api.github.com/user"
+  }
+};
+
+// src/core/resources/auth-config/sso/providers/google.ts
+var DEFAULT_SCOPE2 = "openid email profile";
+var googleProvider = {
+  requiredKeys: [],
+  defaults: {
+    ["sso_scope" /* Scope */]: DEFAULT_SCOPE2,
+    ["sso_discovery_url" /* DiscoveryUrl */]: "https://accounts.google.com/.well-known/openid-configuration"
+  }
+};
+
+// src/core/resources/auth-config/sso/providers/microsoft.ts
+var DEFAULT_SCOPE3 = "openid email profile";
+var microsoftProvider = {
+  requiredKeys: ["sso_tenant_id" /* TenantId */],
+  defaults: {
+    ["sso_scope" /* Scope */]: DEFAULT_SCOPE3
   },
-  github: {
-    requiredKeys: [],
-    defaults: {
-      sso_scope: "user:email",
-      sso_auth_endpoint: "https://github.com/login/oauth/authorize",
-      sso_token_endpoint: "https://github.com/login/oauth/access_token",
-      sso_userinfo_endpoint: "https://api.github.com/user"
+  deriveDefaults: (secrets) => {
+    const tenantId = secrets["sso_tenant_id" /* TenantId */];
+    if (tenantId) {
+      return {
+        ["sso_discovery_url" /* DiscoveryUrl */]: `https://login.microsoftonline.com/${tenantId}/v2.0/.well-known/openid-configuration`
+      };
     }
+    return {};
+  }
+};
+
+// src/core/resources/auth-config/sso/providers/okta.ts
+var DEFAULT_SCOPE4 = "openid email profile";
+var oktaProvider = {
+  requiredKeys: ["sso_okta_domain" /* OktaDomain */],
+  defaults: {
+    ["sso_scope" /* Scope */]: DEFAULT_SCOPE4
   },
-  okta: {
-    requiredKeys: ["sso_okta_domain"],
-    defaults: {
-      sso_scope: BASE_SSO_SCOPE
-    },
-    deriveDefaults: (options) => {
-      const domain2 = options.sso_okta_domain;
-      if (domain2) {
-        return {
-          sso_discovery_url: `https://${domain2}/.well-known/openid-configuration`
-        };
-      }
-      return {};
+  deriveDefaults: (secrets) => {
+    const domain2 = secrets["sso_okta_domain" /* OktaDomain */];
+    if (domain2) {
+      return {
+        ["sso_discovery_url" /* DiscoveryUrl */]: `https://${domain2}/.well-known/openid-configuration`
+      };
     }
-  },
-  custom: {
-    requiredKeys: [
-      "sso_auth_endpoint",
-      "sso_token_endpoint",
-      "sso_userinfo_endpoint",
-      "sso_jwks_uri"
-    ],
-    optionalKeys: ["sso_discovery_url"],
-    defaults: {
-      sso_scope: BASE_SSO_SCOPE
-    }
-  }
-};
-var ALL_SSO_SECRET_KEYS = [
-  "sso_name",
-  "sso_client_id",
-  "sso_client_secret",
-  "sso_scope",
-  "sso_discovery_url",
-  "sso_tenant_id",
-  "sso_auth_endpoint",
-  "sso_token_endpoint",
-  "sso_userinfo_endpoint",
-  "sso_okta_domain",
-  "sso_jwks_uri"
-];
+    return {};
+  }
+};
+
+// src/core/resources/auth-config/sso/providers/index.ts
+var SSO_PROVIDER_SCHEMAS = {
+  google: googleProvider,
+  microsoft: microsoftProvider,
+  github: githubProvider,
+  okta: oktaProvider,
+  custom: customProvider
+};
+
+// src/core/resources/auth-config/sso/types.ts
+var KNOWN_SSO_PROVIDERS = {
+  google: "google",
+  microsoft: "microsoft",
+  github: "github",
+  okta: "okta",
+  custom: "custom"
+};
+
+// src/core/resources/auth-config/sso/operations.ts
+var OPTION_TO_SECRET_KEY = {
+  scope: "sso_scope" /* Scope */,
+  discoveryUrl: "sso_discovery_url" /* DiscoveryUrl */,
+  tenantId: "sso_tenant_id" /* TenantId */,
+  oktaDomain: "sso_okta_domain" /* OktaDomain */,
+  authEndpoint: "sso_auth_endpoint" /* AuthEndpoint */,
+  tokenEndpoint: "sso_token_endpoint" /* TokenEndpoint */,
+  userinfoEndpoint: "sso_userinfo_endpoint" /* UserinfoEndpoint */,
+  jwksUri: "sso_jwks_uri" /* JwksUri */
+};
 async function updateSSOConfig(authDir, provider, enable) {
   const current = await readAuthConfig(authDir) ?? DEFAULT_AUTH_CONFIG;
   const merged = {
@@ -242099,22 +242135,12 @@ async function updateSSOConfig(authDir, provider, enable) {
   await writeAuthConfig(authDir, merged);
   return merged;
 }
-var OPTION_TO_SECRET_KEY = {
-  scope: "sso_scope",
-  discoveryUrl: "sso_discovery_url",
-  tenantId: "sso_tenant_id",
-  oktaDomain: "sso_okta_domain",
-  authEndpoint: "sso_auth_endpoint",
-  tokenEndpoint: "sso_token_endpoint",
-  userinfoEndpoint: "sso_userinfo_endpoint",
-  jwksUri: "sso_jwks_uri"
-};
 function buildSSOSecrets(provider, options) {
   const schema3 = SSO_PROVIDER_SCHEMAS[provider];
   const secrets = {};
-  secrets.sso_name = options.ssoName ?? provider;
-  secrets.sso_client_id = options.clientId;
-  secrets.sso_client_secret = options.clientSecret;
+  secrets["sso_name" /* Name */] = options.ssoName ?? provider;
+  secrets["sso_client_id" /* ClientId */] = options.clientId;
+  secrets["sso_client_secret" /* ClientSecret */] = options.clientSecret;
   for (const [optionKey, secretKey] of Object.entries(OPTION_TO_SECRET_KEY)) {
     const value = options[optionKey];
     if (typeof value === "string" && value.length > 0) {
@@ -242140,8 +242166,8 @@ function buildSSOSecrets(provider, options) {
       missing.push(key);
     }
   }
-  if (provider === "custom" && !options.ssoName) {
-    missing.push("sso_name");
+  if (provider === KNOWN_SSO_PROVIDERS.custom && !options.ssoName) {
+    missing.push("sso_name" /* Name */);
   }
   if (missing.length > 0) {
     throw new InvalidInputError(`Missing required fields for ${provider}: ${missing.join(", ")}`);
@@ -243564,6 +243590,7 @@ var package_default = {
     "@types/ejs": "^3.1.5",
     "@types/express": "^5.0.6",
     "@types/json-schema": "^7.0.15",
+    "@types/jsonwebtoken": "^9.0.10",
     "@types/lodash": "^4.17.24",
     "@types/multer": "^2.0.0",
     "@types/node": "^22.10.5",
@@ -243582,6 +243609,7 @@ var package_default = {
     globby: "^16.1.0",
     "http-proxy-middleware": "^3.0.5",
     "json-schema-to-typescript": "^15.0.4",
+    jsonwebtoken: "^9.0.3",
     json5: "^2.2.3",
     ky: "^1.14.2",
     lodash: "^4.17.23",
@@ -243597,6 +243625,7 @@ var package_default = {
     typescript: "^5.7.2",
     vitest: "^4.0.16",
     yaml: "^2.8.2",
+    qs: "^6.12.3",
     zod: "^4.3.5"
   },
   engines: {
@@ -251234,19 +251263,20 @@ function mergeFileWithFlags(fileConfig, options) {
     ssoName: options.ssoName ?? fileConfig.ssoName
   };
 }
+var providerNames = Object.keys(KNOWN_SSO_PROVIDERS);
 function validateProvider(provider) {
   if (!provider) {
     throw new InvalidInputError("Missing --provider.", {
       hints: [
         {
-          message: `Valid providers: ${KNOWN_SSO_PROVIDERS.join(", ")}`,
-          command: "base44 auth sso enable --provider google --client-id <id> --client-secret <secret>"
+          message: `Valid providers: ${providerNames.join(", ")}`,
+          command: "base44 auth sso enable --provider <provider> --client-id <id> --client-secret <secret>"
         }
       ]
     });
   }
-  if (!KNOWN_SSO_PROVIDERS.includes(provider)) {
-    throw new InvalidInputError(`Unknown provider "${provider}". Valid providers: ${KNOWN_SSO_PROVIDERS.join(", ")}`);
+  if (!(provider in KNOWN_SSO_PROVIDERS)) {
+    throw new InvalidInputError(`Unknown provider "${provider}". Valid providers: ${providerNames.join(", ")}`);
   }
   return provider;
 }
@@ -253367,9 +253397,12 @@ function getTypesCommand() {
   return new Command("types").description("Manage TypeScript type generation").addCommand(getTypesGenerateCommand());
 }
 
+// src/cli/commands/dev.ts
+import process21 from "node:process";
+
 // src/cli/dev/dev-server/main.ts
 var import_cors = __toESM(require_lib4(), 1);
-var import_express5 = __toESM(require_express(), 1);
+var import_express6 = __toESM(require_express(), 1);
 import { dirname as dirname18, join as join25 } from "node:path";
 
 // ../../node_modules/get-port/index.js
@@ -253933,7 +253966,9 @@ class Validator {
 }
 
 // src/cli/dev/dev-server/db/database.ts
+var PRIVATE_COLLECTION_PREFIX = "$";
 var USER_COLLECTION = "user";
+var PRIVATE_USER_COLLECTION = PRIVATE_COLLECTION_PREFIX + USER_COLLECTION;
 
 class Database {
   collections = new Map;
@@ -253955,6 +253990,7 @@ class Database {
     this.schemas.set(USER_COLLECTION, this.buildUserSchema(userEntity));
     const collection = new import_nedb.default;
     this.collections.set(USER_COLLECTION, collection);
+    this.collections.set(PRIVATE_USER_COLLECTION, new import_nedb.default);
     const userInfo = await readAuth();
     const now = getNowISOTimestamp();
     await collection.insertAsync({
@@ -253996,7 +254032,9 @@ class Database {
     return this.collections.get(this.normalizeName(name2));
   }
   getCollectionNames() {
-    return Array.from(this.collections.keys());
+    return Array.from(this.collections.keys()).filter((name2) => {
+      return !name2.startsWith(PRIVATE_COLLECTION_PREFIX);
+    });
   }
   dropAll() {
     for (const collection of this.collections.values()) {
@@ -254060,15 +254098,229 @@ function broadcastEntityEvent(io6, appId, entityName, event) {
   });
 }
 
-// src/cli/dev/dev-server/routes/entities/entities-router.ts
-var import_express3 = __toESM(require_express(), 1);
-
-// src/cli/dev/dev-server/routes/entities/entities-user-router.ts
+// src/cli/dev/dev-server/routes/auth-router.ts
 var import_express2 = __toESM(require_express(), 1);
 var import_jsonwebtoken = __toESM(require_jsonwebtoken(), 1);
-function createUserRouter(db2, logger2) {
+import { randomInt } from "node:crypto";
+var LOCAL_DEV_SECRET = "LOCAL_DEV_SECRET";
+var TEN_MINUTES = 10 * 60 * 1000;
+var generateCode = () => {
+  return randomInt(1e5, 1e6).toString();
+};
+var createJwtToken = (email3) => {
+  return import_jsonwebtoken.default.sign({ sub: email3 }, LOCAL_DEV_SECRET, {
+    expiresIn: "360d"
+  });
+};
+var LoginBody = object({ email: email2(), password: string2() });
+var VerifyOtpBody = object({ email: email2(), otp_code: string2() });
+function createAuthRouter(db2, logger2) {
   const router = import_express2.Router({ mergeParams: true });
   const parseBody = import_express2.json();
+  router.post("/login", parseBody, async (req, res) => {
+    const { email: email3, password } = LoginBody.parse(req.body);
+    const result = await db2.getCollection(USER_COLLECTION)?.findOneAsync({ email: email3 });
+    if (result) {
+      const privateUserData = await db2.getCollection(PRIVATE_USER_COLLECTION)?.findOneAsync({ email: email3 });
+      if (result.role === "admin" || privateUserData?.password === password) {
+        res.json({
+          access_token: createJwtToken(email3),
+          success: true,
+          user: {}
+        });
+      } else {
+        res.status(400).json({
+          detail: "Invalid email or password",
+          error_type: "HTTPException",
+          message: "Invalid email or password",
+          request_id: null,
+          traceback: ""
+        });
+      }
+      return;
+    }
+    res.status(401).json({ error: "Unauthorized" });
+  });
+  router.post("/register", parseBody, async (req, res) => {
+    const { email: email3, password } = LoginBody.parse(req.body);
+    if ((password || "").length < 8) {
+      res.status(400).json({
+        detail: "Password must be at least 8 characters long",
+        error_type: "HTTPException",
+        message: "Password must be at least 8 characters long",
+        request_id: null,
+        traceback: ""
+      });
+      return;
+    }
+    const result = await db2.getCollection(USER_COLLECTION)?.findOneAsync({ email: email3 });
+    if (result) {
+      res.status(400).json({
+        detail: "A user with this email already exists",
+        error_type: "HTTPException",
+        message: "A user with this email already exists",
+        request_id: null,
+        traceback: ""
+      });
+      return;
+    }
+    const privateUserCollection = db2.getCollection(PRIVATE_USER_COLLECTION);
+    const privateUserData = await privateUserCollection?.findOneAsync({
+      email: email3
+    });
+    const otpCode = generateCode();
+    const id2 = privateUserData ? privateUserData.id : nanoid3();
+    if (!privateUserData) {
+      await privateUserCollection?.insertAsync({
+        id: id2,
+        email: email3,
+        otpCode,
+        password,
+        createdAt: Date.now()
+      });
+    } else {
+      await privateUserCollection?.updateAsync({
+        email: email3
+      }, {
+        $set: {
+          otpCode,
+          createdAt: Date.now()
+        }
+      });
+    }
+    logger2.log(theme.styles.info(`
+In order to complete registration use this verification code: ${otpCode}
+`));
+    res.json({
+      id: id2,
+      message: "Registration successful. Please check your email for the verification code.",
+      otp_expires_in_minutes: 10
+    });
+  });
+  router.post("/verify-otp", parseBody, async (req, res) => {
+    const { email: email3, otp_code } = VerifyOtpBody.parse(req.body);
+    const privateUserCollection = db2.getCollection(PRIVATE_USER_COLLECTION);
+    const privateUserData = await privateUserCollection?.findOneAsync({
+      email: email3
+    });
+    if (!privateUserData || privateUserData.otpCode !== otp_code) {
+      const appId = req.params.appId;
+      res.status(500).json({
+        detail: `{'email': '${email3}', 'app_id': '${appId}}'} -> Object not found`,
+        error_type: "ObjectNotFoundError",
+        message: `{'email': '${email3}', 'app_id': '${appId}}'} -> Object not found`,
+        request_id: null,
+        traceback: ""
+      });
+      return;
+    }
+    if (+Date.now() - privateUserData.createdAt > TEN_MINUTES) {
+      res.status(400).json({
+        detail: "Verification code has expired",
+        error_type: "HTTPException",
+        message: "Verification code has expired",
+        request_id: null,
+        traceback: ""
+      });
+    } else {
+      await privateUserCollection?.updateAsync({
+        email: email3
+      }, {
+        $unset: { otpCode: true }
+      });
+      const collection = db2.getCollection(USER_COLLECTION);
+      const now = getNowISOTimestamp();
+      const nameFromEmailMatch = /^([^@]+)/.exec(email3);
+      const fullName = nameFromEmailMatch ? nameFromEmailMatch[1] : email3;
+      await collection?.insertAsync({
+        id: privateUserData.id,
+        email: email3,
+        full_name: fullName,
+        is_service: false,
+        is_verified: true,
+        disabled: null,
+        role: "user",
+        collaborator_role: "editor",
+        created_date: now,
+        updated_date: now
+      });
+      res.json({
+        id: privateUserData.id,
+        access_token: createJwtToken(email3),
+        message: "Email verified successfully. You are now logged in.",
+        success: true
+      });
+    }
+  });
+  return router;
+}
+
+// src/cli/dev/dev-server/routes/entities/entities-router.ts
+var import_express4 = __toESM(require_express(), 1);
+
+// src/cli/dev/dev-server/db/entity-queries.ts
+function parseSort(sort) {
+  if (!sort) {
+    return;
+  }
+  if (sort.startsWith("-")) {
+    return { [sort.slice(1)]: -1 };
+  }
+  return { [sort]: 1 };
+}
+function parseFields(fields) {
+  if (!fields) {
+    return;
+  }
+  const projection = {};
+  for (const field of fields.split(",")) {
+    const trimmed = field.trim();
+    if (trimmed) {
+      projection[trimmed] = 1;
+    }
+  }
+  return Object.keys(projection).length > 0 ? projection : undefined;
+}
+var queryEntity = async (collection, reqQuery) => {
+  const { sort, limit, skip: skip2, fields, q: q13 } = reqQuery;
+  let query = {};
+  if (q13 && typeof q13 === "string") {
+    try {
+      query = JSON.parse(q13);
+    } catch {
+      throw new InvalidInputError("Invalid query parameter 'q'");
+    }
+  }
+  let cursor3 = collection.findAsync(query);
+  const sortObj = parseSort(sort);
+  if (sortObj) {
+    cursor3 = cursor3.sort(sortObj);
+  }
+  if (skip2) {
+    const skipNum = Number.parseInt(skip2, 10);
+    if (!Number.isNaN(skipNum)) {
+      cursor3 = cursor3.skip(skipNum);
+    }
+  }
+  if (limit) {
+    const limitNum = Number.parseInt(limit, 10);
+    if (!Number.isNaN(limitNum)) {
+      cursor3 = cursor3.limit(limitNum);
+    }
+  }
+  const projection = parseFields(fields);
+  if (projection) {
+    cursor3 = cursor3.projection(projection);
+  }
+  return cursor3;
+};
+
+// src/cli/dev/dev-server/routes/entities/entities-user-router.ts
+var import_express3 = __toESM(require_express(), 1);
+var import_jsonwebtoken2 = __toESM(require_jsonwebtoken(), 1);
+function createUserRouter(db2, logger2) {
+  const router = import_express3.Router({ mergeParams: true });
+  const parseBody = import_express3.json();
   function withAuth(handler) {
     return async (req, res) => {
       const auth2 = req.headers.authorization;
@@ -254077,7 +254329,7 @@ function createUserRouter(db2, logger2) {
         return;
       }
       try {
-        const { payload } = import_jsonwebtoken.default.decode(auth2.replace("Bearer ", ""), { complete: true }) ?? {};
+        const { payload } = import_jsonwebtoken2.default.decode(auth2.replace("Bearer ", ""), { complete: true }) ?? {};
         const result = await db2.getCollection(USER_COLLECTION)?.findOneAsync({ email: payload?.sub });
         if (!result) {
           res.status(404).json({ error: "Unable to read data for the current user" });
@@ -254110,6 +254362,28 @@ function createUserRouter(db2, logger2) {
       ...req.body
     });
   }));
+  router.get("/", withAuth(async (req, res, currentUser) => {
+    const collection = db2.getCollection(USER_COLLECTION);
+    if (!collection) {
+      res.status(404).json({ error: `Entity "${USER_COLLECTION}" not found` });
+      return;
+    }
+    try {
+      if (currentUser.role === "admin") {
+        const result = await queryEntity(collection, req.query);
+        res.json(stripInternalFields(result));
+      } else {
+        res.json([stripInternalFields(currentUser)]);
+      }
+    } catch (error48) {
+      if (error48 instanceof InvalidInputError) {
+        res.status(400).json({ error: error48.message });
+      } else {
+        logger2.error(`Error in GET /${USER_COLLECTION}:`, error48);
+        res.status(500).json({ error: "Internal server error" });
+      }
+    }
+  }));
   router.post("/bulk", async (_req, res) => {
     res.json({});
   });
@@ -254159,31 +254433,9 @@ function createUserRouter(db2, logger2) {
 }
 
 // src/cli/dev/dev-server/routes/entities/entities-router.ts
-function parseSort(sort) {
-  if (!sort) {
-    return;
-  }
-  if (sort.startsWith("-")) {
-    return { [sort.slice(1)]: -1 };
-  }
-  return { [sort]: 1 };
-}
-function parseFields(fields) {
-  if (!fields) {
-    return;
-  }
-  const projection = {};
-  for (const field of fields.split(",")) {
-    const trimmed = field.trim();
-    if (trimmed) {
-      projection[trimmed] = 1;
-    }
-  }
-  return Object.keys(projection).length > 0 ? projection : undefined;
-}
 async function createEntityRoutes(db2, logger2, broadcast) {
-  const router = import_express3.Router({ mergeParams: true });
-  const parseBody = import_express3.json();
+  const router = import_express4.Router({ mergeParams: true });
+  const parseBody = import_express4.json();
   function withCollection(handler) {
     return async (req, res) => {
       const collection = db2.getCollection(req.params.entityName);
@@ -254228,42 +254480,14 @@ async function createEntityRoutes(db2, logger2, broadcast) {
   router.get("/:entityName", withCollection(async (req, res, collection) => {
     const { entityName } = req.params;
     try {
-      const { sort, limit, skip: skip2, fields, q: q13 } = req.query;
-      let query = {};
-      if (q13 && typeof q13 === "string") {
-        try {
-          query = JSON.parse(q13);
-        } catch {
-          res.status(400).json({ error: "Invalid query parameter 'q'" });
-          return;
-        }
-      }
-      let cursor3 = collection.findAsync(query);
-      const sortObj = parseSort(sort);
-      if (sortObj) {
-        cursor3 = cursor3.sort(sortObj);
-      }
-      if (skip2) {
-        const skipNum = Number.parseInt(skip2, 10);
-        if (!Number.isNaN(skipNum)) {
-          cursor3 = cursor3.skip(skipNum);
-        }
-      }
-      if (limit) {
-        const limitNum = Number.parseInt(limit, 10);
-        if (!Number.isNaN(limitNum)) {
-          cursor3 = cursor3.limit(limitNum);
-        }
-      }
-      const projection = parseFields(fields);
-      if (projection) {
-        cursor3 = cursor3.projection(projection);
-      }
-      const docs = await cursor3;
-      res.json(stripInternalFields(docs));
+      res.json(stripInternalFields(await queryEntity(collection, req.query)));
     } catch (error48) {
-      logger2.error(`Error in GET /${entityName}:`, error48);
-      res.status(500).json({ error: "Internal server error" });
+      if (error48 instanceof InvalidInputError) {
+        res.status(400).json({ error: error48.message });
+      } else {
+        logger2.error(`Error in GET /${entityName}:`, error48);
+        res.status(500).json({ error: "Internal server error" });
+      }
     }
   }));
   router.post("/:entityName", parseBody, withCollection(async (req, res, collection) => {
@@ -254382,7 +254606,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
 }
 
 // src/cli/dev/dev-server/routes/integrations.ts
-var import_express4 = __toESM(require_express(), 1);
+var import_express5 = __toESM(require_express(), 1);
 var import_multer = __toESM(require_multer(), 1);
 import { createHash, randomUUID as randomUUID4 } from "node:crypto";
 import fs28 from "node:fs";
@@ -254391,8 +254615,8 @@ function createFileToken(fileUri) {
   return createHash("sha256").update(fileUri).digest("hex");
 }
 function createIntegrationRoutes(mediaFilesDir, baseUrl, remoteProxy, logger2) {
-  const router = import_express4.Router({ mergeParams: true });
-  const parseBody = import_express4.json();
+  const router = import_express5.Router({ mergeParams: true });
+  const parseBody = import_express5.json();
   const privateFilesDir = path18.join(mediaFilesDir, "private");
   fs28.mkdirSync(mediaFilesDir, { recursive: true });
   fs28.mkdirSync(privateFilesDir, { recursive: true });
@@ -254462,7 +254686,7 @@ function createIntegrationRoutes(mediaFilesDir, baseUrl, remoteProxy, logger2) {
   return router;
 }
 function createCustomIntegrationRoutes(remoteProxy, logger2) {
-  const router = import_express4.Router({ mergeParams: true });
+  const router = import_express5.Router({ mergeParams: true });
   router.post("/:slug/:operationId", (req, res, next) => {
     logger2.warn(`"${req.originalUrl}" is not supported in local development, passing call to production`);
     req.url = req.originalUrl;
@@ -256175,7 +256399,7 @@ async function createDevServer(options8) {
   const port = userPort ?? await getPorts({ port: DEFAULT_PORT });
   const baseUrl = `http://localhost:${port}`;
   const { functions, entities, project: project2 } = await options8.loadResources();
-  const app = import_express5.default();
+  const app = import_express6.default();
   const remoteProxy = import_http_proxy_middleware2.createProxyMiddleware({
     target: BASE44_APP_URL,
     changeOrigin: true
@@ -256207,6 +256431,8 @@ async function createDevServer(options8) {
   let emitEntityEvent = () => {};
   const entityRoutes = await createEntityRoutes(db2, devLogger, (...args) => emitEntityEvent(...args));
   app.use("/api/apps/:appId/entities", entityRoutes);
+  const authRouter = createAuthRouter(db2, devLogger);
+  app.use("/api/apps/:appId/auth", authRouter);
   const { path: mediaFilesDir } = await $dir();
   app.use("/media/private/:fileUri", (req, res, next) => {
     const { fileUri } = req.params;
@@ -256226,13 +256452,15 @@ async function createDevServer(options8) {
     }
     next();
   });
-  app.use("/media", import_express5.default.static(mediaFilesDir));
+  app.use("/media", import_express6.default.static(mediaFilesDir));
   const integrationRoutes = createIntegrationRoutes(mediaFilesDir, baseUrl, remoteProxy, devLogger);
   app.use("/api/apps/:appId/integration-endpoints", integrationRoutes);
   const customIntegrationRoutes = createCustomIntegrationRoutes(remoteProxy, devLogger);
   app.use("/api/apps/:appId/integrations/custom", customIntegrationRoutes);
   app.use((req, res, next) => {
-    devLogger.warn(`"${req.originalUrl}" is not supported in local development, passing call to production`);
+    if (!req.originalUrl.endsWith("analytics/track/batch")) {
+      devLogger.warn(`"${req.originalUrl}" is not supported in local development, passing call to production`);
+    }
     remoteProxy(req, res, next);
   });
   const server = await new Promise((resolve10, reject) => {
@@ -256303,6 +256531,7 @@ async function devAction({ log }, options8) {
   const { port: resolvedPort } = await createDevServer({
     log,
     port,
+    cwd: process21.cwd(),
     denoWrapperPath: getDenoWrapperPath(),
     loadResources: async () => {
       const { functions, entities, project: project2 } = await readProjectConfig();
@@ -260779,4 +261008,4 @@ export {
   CLIExitError
 };
 
-//# debugId=0E9D3CB9AD716D0D64756E2164756E21
+//# debugId=939FB46B90B442D864756E2164756E21