npm - @base44-preview/cli - Versions diffs - 0.0.50-pr.484.f8f85fa → 0.0.50-pr.487.fc1c45a - Mend

@base44-preview/cli 0.0.50-pr.484.f8f85fa → 0.0.50-pr.487.fc1c45a

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli/index.js CHANGED Viewed

@@ -219982,7 +219982,8 @@ var theme = {
     bold: source_default.bold,
     dim: source_default.dim,
     error: source_default.red,
-    warn: source_default.yellow
+    warn: source_default.yellow,
+    info: source_default.cyan
   },
   format: {
     errorContext(ctx) {
@@ -242001,88 +242002,121 @@ async function pushCustomOAuthSecret(provider, clientSecret) {
     [providerInfo.customOAuth.secretKey]: clientSecret
   });
 }
-// src/core/resources/auth-config/sso.ts
-var KNOWN_SSO_PROVIDERS = [
-  "google",
-  "microsoft",
-  "github",
-  "okta",
-  "custom"
-];
-var BASE_SSO_SCOPE = "openid email profile";
-var SSO_PROVIDER_SCHEMAS = {
-  google: {
-    requiredKeys: [],
-    defaults: {
-      sso_scope: BASE_SSO_SCOPE,
-      sso_discovery_url: "https://accounts.google.com/.well-known/openid-configuration"
-    }
-  },
-  microsoft: {
-    requiredKeys: ["sso_tenant_id"],
-    defaults: {
-      sso_scope: BASE_SSO_SCOPE
-    },
-    deriveDefaults: (options) => {
-      const tenantId = options.sso_tenant_id;
-      if (tenantId) {
-        return {
-          sso_discovery_url: `https://login.microsoftonline.com/${tenantId}/v2.0/.well-known/openid-configuration`
-        };
-      }
-      return {};
-    }
+// src/core/resources/auth-config/sso/secret-keys.ts
+var SSOSecretKey;
+((SSOSecretKey2) => {
+  SSOSecretKey2["Name"] = "sso_name";
+  SSOSecretKey2["ClientId"] = "sso_client_id";
+  SSOSecretKey2["ClientSecret"] = "sso_client_secret";
+  SSOSecretKey2["Scope"] = "sso_scope";
+  SSOSecretKey2["DiscoveryUrl"] = "sso_discovery_url";
+  SSOSecretKey2["TenantId"] = "sso_tenant_id";
+  SSOSecretKey2["AuthEndpoint"] = "sso_auth_endpoint";
+  SSOSecretKey2["TokenEndpoint"] = "sso_token_endpoint";
+  SSOSecretKey2["UserinfoEndpoint"] = "sso_userinfo_endpoint";
+  SSOSecretKey2["OktaDomain"] = "sso_okta_domain";
+  SSOSecretKey2["JwksUri"] = "sso_jwks_uri";
+})(SSOSecretKey ||= {});
+var ALL_SSO_SECRET_KEYS = Object.values(SSOSecretKey);
+var DEFAULT_OIDC_SCOPE = "openid email profile";
+var DEFAULT_GITHUB_SCOPE = "user:email";
+// src/core/resources/auth-config/sso/providers/custom.ts
+var customProvider = {
+  requiredKeys: [
+    "sso_auth_endpoint" /* AuthEndpoint */,
+    "sso_token_endpoint" /* TokenEndpoint */,
+    "sso_userinfo_endpoint" /* UserinfoEndpoint */,
+    "sso_jwks_uri" /* JwksUri */
+  ],
+  defaults: {
+    ["sso_scope" /* Scope */]: DEFAULT_OIDC_SCOPE
+  }
+};
+// src/core/resources/auth-config/sso/providers/github.ts
+var githubProvider = {
+  requiredKeys: [],
+  defaults: {
+    ["sso_scope" /* Scope */]: DEFAULT_GITHUB_SCOPE,
+    ["sso_auth_endpoint" /* AuthEndpoint */]: "https://github.com/login/oauth/authorize",
+    ["sso_token_endpoint" /* TokenEndpoint */]: "https://github.com/login/oauth/access_token",
+    ["sso_userinfo_endpoint" /* UserinfoEndpoint */]: "https://api.github.com/user"
+  }
+};
+// src/core/resources/auth-config/sso/providers/google.ts
+var googleProvider = {
+  requiredKeys: [],
+  defaults: {
+    ["sso_scope" /* Scope */]: DEFAULT_OIDC_SCOPE,
+    ["sso_discovery_url" /* DiscoveryUrl */]: "https://accounts.google.com/.well-known/openid-configuration"
+  }
+};
+// src/core/resources/auth-config/sso/providers/microsoft.ts
+var microsoftProvider = {
+  requiredKeys: ["sso_tenant_id" /* TenantId */],
+  defaults: {
+    ["sso_scope" /* Scope */]: DEFAULT_OIDC_SCOPE
   },
-  github: {
-    requiredKeys: [],
-    defaults: {
-      sso_scope: "user:email",
-      sso_auth_endpoint: "https://github.com/login/oauth/authorize",
-      sso_token_endpoint: "https://github.com/login/oauth/access_token",
-      sso_userinfo_endpoint: "https://api.github.com/user"
+  deriveDefaults: (secrets) => {
+    const tenantId = secrets["sso_tenant_id" /* TenantId */];
+    if (tenantId) {
+      return {
+        ["sso_discovery_url" /* DiscoveryUrl */]: `https://login.microsoftonline.com/${tenantId}/v2.0/.well-known/openid-configuration`
+      };
     }
+    return {};
+  }
+};
+// src/core/resources/auth-config/sso/providers/okta.ts
+var oktaProvider = {
+  requiredKeys: ["sso_okta_domain" /* OktaDomain */],
+  defaults: {
+    ["sso_scope" /* Scope */]: DEFAULT_OIDC_SCOPE
   },
-  okta: {
-    requiredKeys: ["sso_okta_domain"],
-    defaults: {
-      sso_scope: BASE_SSO_SCOPE
-    },
-    deriveDefaults: (options) => {
-      const domain2 = options.sso_okta_domain;
-      if (domain2) {
-        return {
-          sso_discovery_url: `https://${domain2}/.well-known/openid-configuration`
-        };
-      }
-      return {};
+  deriveDefaults: (secrets) => {
+    const domain2 = secrets["sso_okta_domain" /* OktaDomain */];
+    if (domain2) {
+      return {
+        ["sso_discovery_url" /* DiscoveryUrl */]: `https://${domain2}/.well-known/openid-configuration`
+      };
     }
-  },
-  custom: {
-    requiredKeys: [
-      "sso_auth_endpoint",
-      "sso_token_endpoint",
-      "sso_userinfo_endpoint",
-      "sso_jwks_uri"
-    ],
-    optionalKeys: ["sso_discovery_url"],
-    defaults: {
-      sso_scope: BASE_SSO_SCOPE
-    }
-  }
-};
-var ALL_SSO_SECRET_KEYS = [
-  "sso_name",
-  "sso_client_id",
-  "sso_client_secret",
-  "sso_scope",
-  "sso_discovery_url",
-  "sso_tenant_id",
-  "sso_auth_endpoint",
-  "sso_token_endpoint",
-  "sso_userinfo_endpoint",
-  "sso_okta_domain",
-  "sso_jwks_uri"
-];
+    return {};
+  }
+};
+// src/core/resources/auth-config/sso/providers/index.ts
+var SSO_PROVIDER_SCHEMAS = {
+  google: googleProvider,
+  microsoft: microsoftProvider,
+  github: githubProvider,
+  okta: oktaProvider,
+  custom: customProvider
+};
+// src/core/resources/auth-config/sso/types.ts
+var KNOWN_SSO_PROVIDERS = {
+  google: "google",
+  microsoft: "microsoft",
+  github: "github",
+  okta: "okta",
+  custom: "custom"
+};
+// src/core/resources/auth-config/sso/operations.ts
+var OPTION_TO_SECRET_KEY = {
+  scope: "sso_scope" /* Scope */,
+  discoveryUrl: "sso_discovery_url" /* DiscoveryUrl */,
+  tenantId: "sso_tenant_id" /* TenantId */,
+  oktaDomain: "sso_okta_domain" /* OktaDomain */,
+  authEndpoint: "sso_auth_endpoint" /* AuthEndpoint */,
+  tokenEndpoint: "sso_token_endpoint" /* TokenEndpoint */,
+  userinfoEndpoint: "sso_userinfo_endpoint" /* UserinfoEndpoint */,
+  jwksUri: "sso_jwks_uri" /* JwksUri */
+};
 async function updateSSOConfig(authDir, provider, enable) {
   const current = await readAuthConfig(authDir) ?? DEFAULT_AUTH_CONFIG;
   const merged = {
@@ -242099,22 +242133,12 @@ async function updateSSOConfig(authDir, provider, enable) {
   await writeAuthConfig(authDir, merged);
   return merged;
 }
-var OPTION_TO_SECRET_KEY = {
-  scope: "sso_scope",
-  discoveryUrl: "sso_discovery_url",
-  tenantId: "sso_tenant_id",
-  oktaDomain: "sso_okta_domain",
-  authEndpoint: "sso_auth_endpoint",
-  tokenEndpoint: "sso_token_endpoint",
-  userinfoEndpoint: "sso_userinfo_endpoint",
-  jwksUri: "sso_jwks_uri"
-};
 function buildSSOSecrets(provider, options) {
   const schema3 = SSO_PROVIDER_SCHEMAS[provider];
   const secrets = {};
-  secrets.sso_name = options.ssoName ?? provider;
-  secrets.sso_client_id = options.clientId;
-  secrets.sso_client_secret = options.clientSecret;
+  secrets["sso_name" /* Name */] = options.ssoName ?? provider;
+  secrets["sso_client_id" /* ClientId */] = options.clientId;
+  secrets["sso_client_secret" /* ClientSecret */] = options.clientSecret;
   for (const [optionKey, secretKey] of Object.entries(OPTION_TO_SECRET_KEY)) {
     const value = options[optionKey];
     if (typeof value === "string" && value.length > 0) {
@@ -242140,8 +242164,8 @@ function buildSSOSecrets(provider, options) {
       missing.push(key);
     }
   }
-  if (provider === "custom" && !options.ssoName) {
-    missing.push("sso_name");
+  if (provider === KNOWN_SSO_PROVIDERS.custom && !options.ssoName) {
+    missing.push("sso_name" /* Name */);
   }
   if (missing.length > 0) {
     throw new InvalidInputError(`Missing required fields for ${provider}: ${missing.join(", ")}`);
@@ -243564,6 +243588,7 @@ var package_default = {
     "@types/ejs": "^3.1.5",
     "@types/express": "^5.0.6",
     "@types/json-schema": "^7.0.15",
+    "@types/jsonwebtoken": "^9.0.10",
     "@types/lodash": "^4.17.24",
     "@types/multer": "^2.0.0",
     "@types/node": "^22.10.5",
@@ -243582,6 +243607,7 @@ var package_default = {
     globby: "^16.1.0",
     "http-proxy-middleware": "^3.0.5",
     "json-schema-to-typescript": "^15.0.4",
+    jsonwebtoken: "^9.0.3",
     json5: "^2.2.3",
     ky: "^1.14.2",
     lodash: "^4.17.23",
@@ -243597,6 +243623,7 @@ var package_default = {
     typescript: "^5.7.2",
     vitest: "^4.0.16",
     yaml: "^2.8.2",
+    qs: "^6.12.3",
     zod: "^4.3.5"
   },
   engines: {
@@ -251234,23 +251261,34 @@ function mergeFileWithFlags(fileConfig, options) {
     ssoName: options.ssoName ?? fileConfig.ssoName
   };
 }
+var providerNames = Object.keys(KNOWN_SSO_PROVIDERS);
+function secretKeyToFlag(key) {
+  return `--${key.replace(/^sso_/, "").replace(/_/g, "-")}`;
+}
+function exampleCommand(provider) {
+  let cmd = `base44 auth sso enable --provider ${provider} --client-id <id> --client-secret <secret>`;
+  if (provider === KNOWN_SSO_PROVIDERS.microsoft)
+    cmd += " --tenant-id <id>";
+  if (provider === KNOWN_SSO_PROVIDERS.okta)
+    cmd += " --okta-domain <domain>";
+  if (provider === KNOWN_SSO_PROVIDERS.custom)
+    cmd += " --sso-name <name> --auth-endpoint <url> --token-endpoint <url> --userinfo-endpoint <url> --jwks-uri <url>";
+  return cmd;
+}
 function validateProvider(provider) {
   if (!provider) {
     throw new InvalidInputError("Missing --provider.", {
       hints: [
         {
-          message: `Valid providers: ${KNOWN_SSO_PROVIDERS.join(", ")}`,
+          message: `Valid providers: ${providerNames.join(", ")}`,
           command: "base44 auth sso enable --provider <provider> --client-id <id> --client-secret <secret>"
         }
       ]
     });
   }
-  if (!KNOWN_SSO_PROVIDERS.includes(provider)) {
-    throw new InvalidInputError(`Unknown provider "${provider}". Valid providers: ${KNOWN_SSO_PROVIDERS.join(", ")}`);
-  }
   return provider;
 }
-async function ssoEnableAction({ isNonInteractive, log, runTask: runTask2 }, options) {
+async function ssoEnableAction({ isNonInteractive, runTask: runTask2 }, options) {
   let merged = options;
   if (options.file) {
     const fileConfig = await loadSSOConfigFile(options.file);
@@ -251310,7 +251348,23 @@ async function ssoEnableAction({ isNonInteractive, log, runTask: runTask2 }, opt
     jwksUri: merged.jwksUri,
     ssoName: merged.ssoName
   };
-  const secrets = buildSSOSecrets(provider, secretOptions);
+  let secrets;
+  try {
+    secrets = buildSSOSecrets(provider, secretOptions);
+  } catch (error48) {
+    if (error48 instanceof InvalidInputError) {
+      const flagMessage = error48.message.replace(/sso_[a-z_]+/g, (key) => secretKeyToFlag(key));
+      throw new InvalidInputError(flagMessage, {
+        hints: [
+          {
+            message: `Example: ${exampleCommand(provider)}`,
+            command: exampleCommand(provider)
+          }
+        ]
+      });
+    }
+    throw error48;
+  }
   const { project: project2 } = await readProjectConfig();
   const configDir = dirname11(project2.configPath);
   const authDir = join16(configDir, project2.authDir);
@@ -251321,7 +251375,6 @@ async function ssoEnableAction({ isNonInteractive, log, runTask: runTask2 }, opt
   };
 }
 async function ssoDisableAction({
-  log,
   runTask: runTask2
 }) {
   const { project: project2 } = await readProjectConfig();
@@ -251343,7 +251396,7 @@ function getSSOCommand() {
   return new Base44Command("sso").description("Configure SSO identity provider (google, microsoft, github, okta, custom)").addArgument(new Argument("<action>", "enable or disable SSO").choices([
     "enable",
     "disable"
-  ])).option("--provider <provider>", "SSO provider: google, microsoft, github, okta, custom").option("--client-id <id>", "OAuth client ID").option("--client-secret <secret>", "OAuth client secret").option("--client-secret-stdin", "Read client secret from stdin").option("--env-file <path>", "Read client secret from a .env file (key: sso_client_secret)").option("--file <path>", "JSON config file with all SSO settings").option("--scope <scope>", "OAuth scope (defaults per provider)").option("--discovery-url <url>", "OIDC discovery URL").option("--tenant-id <id>", "Microsoft tenant ID (required for microsoft)").option("--okta-domain <domain>", "Okta domain (required for okta)").option("--auth-endpoint <url>", "Authorization endpoint (required for custom)").option("--token-endpoint <url>", "Token endpoint (required for custom)").option("--userinfo-endpoint <url>", "Userinfo endpoint (required for custom)").option("--jwks-uri <url>", "JWKS URI (required for custom)").option("--sso-name <name>", "Provider display name (required for custom)").action(ssoAction);
+  ])).addOption(new Option("--provider <provider>", "SSO provider").choices(Object.values(KNOWN_SSO_PROVIDERS))).option("--client-id <id>", "OAuth client ID").option("--client-secret <secret>", "OAuth client secret").option("--client-secret-stdin", "Read client secret from stdin").option("--env-file <path>", "Read client secret from a .env file (key: sso_client_secret)").option("--file <path>", "JSON config file with all SSO settings").option("--scope <scope>", "OAuth scope (defaults per provider)").option("--discovery-url <url>", "OIDC discovery URL").option("--tenant-id <id>", "Microsoft tenant ID (required for microsoft)").option("--okta-domain <domain>", "Okta domain (required for okta)").option("--auth-endpoint <url>", "Authorization endpoint (required for custom)").option("--token-endpoint <url>", "Token endpoint (required for custom)").option("--userinfo-endpoint <url>", "Userinfo endpoint (required for custom)").option("--jwks-uri <url>", "JWKS URI (required for custom)").option("--sso-name <name>", "Provider display name (required for custom)").action(ssoAction);
 }
 // src/cli/commands/auth/index.ts
@@ -253367,9 +253420,12 @@ function getTypesCommand() {
   return new Command("types").description("Manage TypeScript type generation").addCommand(getTypesGenerateCommand());
 }
+// src/cli/commands/dev.ts
+import process21 from "node:process";
 // src/cli/dev/dev-server/main.ts
 var import_cors = __toESM(require_lib4(), 1);
-var import_express5 = __toESM(require_express(), 1);
+var import_express6 = __toESM(require_express(), 1);
 import { dirname as dirname18, join as join25 } from "node:path";
 // ../../node_modules/get-port/index.js
@@ -253933,7 +253989,9 @@ class Validator {
 }
 // src/cli/dev/dev-server/db/database.ts
+var PRIVATE_COLLECTION_PREFIX = "$";
 var USER_COLLECTION = "user";
+var PRIVATE_USER_COLLECTION = PRIVATE_COLLECTION_PREFIX + USER_COLLECTION;
 class Database {
   collections = new Map;
@@ -253955,6 +254013,7 @@ class Database {
     this.schemas.set(USER_COLLECTION, this.buildUserSchema(userEntity));
     const collection = new import_nedb.default;
     this.collections.set(USER_COLLECTION, collection);
+    this.collections.set(PRIVATE_USER_COLLECTION, new import_nedb.default);
     const userInfo = await readAuth();
     const now = getNowISOTimestamp();
     await collection.insertAsync({
@@ -253996,7 +254055,9 @@ class Database {
     return this.collections.get(this.normalizeName(name2));
   }
   getCollectionNames() {
-    return Array.from(this.collections.keys());
+    return Array.from(this.collections.keys()).filter((name2) => {
+      return !name2.startsWith(PRIVATE_COLLECTION_PREFIX);
+    });
   }
   dropAll() {
     for (const collection of this.collections.values()) {
@@ -254060,15 +254121,229 @@ function broadcastEntityEvent(io6, appId, entityName, event) {
   });
 }
-// src/cli/dev/dev-server/routes/entities/entities-router.ts
-var import_express3 = __toESM(require_express(), 1);
-// src/cli/dev/dev-server/routes/entities/entities-user-router.ts
+// src/cli/dev/dev-server/routes/auth-router.ts
 var import_express2 = __toESM(require_express(), 1);
 var import_jsonwebtoken = __toESM(require_jsonwebtoken(), 1);
-function createUserRouter(db2, logger2) {
+import { randomInt } from "node:crypto";
+var LOCAL_DEV_SECRET = "LOCAL_DEV_SECRET";
+var TEN_MINUTES = 10 * 60 * 1000;
+var generateCode = () => {
+  return randomInt(1e5, 1e6).toString();
+};
+var createJwtToken = (email3) => {
+  return import_jsonwebtoken.default.sign({ sub: email3 }, LOCAL_DEV_SECRET, {
+    expiresIn: "360d"
+  });
+};
+var LoginBody = object({ email: email2(), password: string2() });
+var VerifyOtpBody = object({ email: email2(), otp_code: string2() });
+function createAuthRouter(db2, logger2) {
   const router = import_express2.Router({ mergeParams: true });
   const parseBody = import_express2.json();
+  router.post("/login", parseBody, async (req, res) => {
+    const { email: email3, password } = LoginBody.parse(req.body);
+    const result = await db2.getCollection(USER_COLLECTION)?.findOneAsync({ email: email3 });
+    if (result) {
+      const privateUserData = await db2.getCollection(PRIVATE_USER_COLLECTION)?.findOneAsync({ email: email3 });
+      if (result.role === "admin" || privateUserData?.password === password) {
+        res.json({
+          access_token: createJwtToken(email3),
+          success: true,
+          user: {}
+        });
+      } else {
+        res.status(400).json({
+          detail: "Invalid email or password",
+          error_type: "HTTPException",
+          message: "Invalid email or password",
+          request_id: null,
+          traceback: ""
+        });
+      }
+      return;
+    }
+    res.status(401).json({ error: "Unauthorized" });
+  });
+  router.post("/register", parseBody, async (req, res) => {
+    const { email: email3, password } = LoginBody.parse(req.body);
+    if ((password || "").length < 8) {
+      res.status(400).json({
+        detail: "Password must be at least 8 characters long",
+        error_type: "HTTPException",
+        message: "Password must be at least 8 characters long",
+        request_id: null,
+        traceback: ""
+      });
+      return;
+    }
+    const result = await db2.getCollection(USER_COLLECTION)?.findOneAsync({ email: email3 });
+    if (result) {
+      res.status(400).json({
+        detail: "A user with this email already exists",
+        error_type: "HTTPException",
+        message: "A user with this email already exists",
+        request_id: null,
+        traceback: ""
+      });
+      return;
+    }
+    const privateUserCollection = db2.getCollection(PRIVATE_USER_COLLECTION);
+    const privateUserData = await privateUserCollection?.findOneAsync({
+      email: email3
+    });
+    const otpCode = generateCode();
+    const id2 = privateUserData ? privateUserData.id : nanoid3();
+    if (!privateUserData) {
+      await privateUserCollection?.insertAsync({
+        id: id2,
+        email: email3,
+        otpCode,
+        password,
+        createdAt: Date.now()
+      });
+    } else {
+      await privateUserCollection?.updateAsync({
+        email: email3
+      }, {
+        $set: {
+          otpCode,
+          createdAt: Date.now()
+        }
+      });
+    }
+    logger2.log(theme.styles.info(`
+In order to complete registration use this verification code: ${otpCode}
+`));
+    res.json({
+      id: id2,
+      message: "Registration successful. Please check your email for the verification code.",
+      otp_expires_in_minutes: 10
+    });
+  });
+  router.post("/verify-otp", parseBody, async (req, res) => {
+    const { email: email3, otp_code } = VerifyOtpBody.parse(req.body);
+    const privateUserCollection = db2.getCollection(PRIVATE_USER_COLLECTION);
+    const privateUserData = await privateUserCollection?.findOneAsync({
+      email: email3
+    });
+    if (!privateUserData || privateUserData.otpCode !== otp_code) {
+      const appId = req.params.appId;
+      res.status(500).json({
+        detail: `{'email': '${email3}', 'app_id': '${appId}}'} -> Object not found`,
+        error_type: "ObjectNotFoundError",
+        message: `{'email': '${email3}', 'app_id': '${appId}}'} -> Object not found`,
+        request_id: null,
+        traceback: ""
+      });
+      return;
+    }
+    if (+Date.now() - privateUserData.createdAt > TEN_MINUTES) {
+      res.status(400).json({
+        detail: "Verification code has expired",
+        error_type: "HTTPException",
+        message: "Verification code has expired",
+        request_id: null,
+        traceback: ""
+      });
+    } else {
+      await privateUserCollection?.updateAsync({
+        email: email3
+      }, {
+        $unset: { otpCode: true }
+      });
+      const collection = db2.getCollection(USER_COLLECTION);
+      const now = getNowISOTimestamp();
+      const nameFromEmailMatch = /^([^@]+)/.exec(email3);
+      const fullName = nameFromEmailMatch ? nameFromEmailMatch[1] : email3;
+      await collection?.insertAsync({
+        id: privateUserData.id,
+        email: email3,
+        full_name: fullName,
+        is_service: false,
+        is_verified: true,
+        disabled: null,
+        role: "user",
+        collaborator_role: "editor",
+        created_date: now,
+        updated_date: now
+      });
+      res.json({
+        id: privateUserData.id,
+        access_token: createJwtToken(email3),
+        message: "Email verified successfully. You are now logged in.",
+        success: true
+      });
+    }
+  });
+  return router;
+}
+// src/cli/dev/dev-server/routes/entities/entities-router.ts
+var import_express4 = __toESM(require_express(), 1);
+// src/cli/dev/dev-server/db/entity-queries.ts
+function parseSort(sort) {
+  if (!sort) {
+    return;
+  }
+  if (sort.startsWith("-")) {
+    return { [sort.slice(1)]: -1 };
+  }
+  return { [sort]: 1 };
+}
+function parseFields(fields) {
+  if (!fields) {
+    return;
+  }
+  const projection = {};
+  for (const field of fields.split(",")) {
+    const trimmed = field.trim();
+    if (trimmed) {
+      projection[trimmed] = 1;
+    }
+  }
+  return Object.keys(projection).length > 0 ? projection : undefined;
+}
+var queryEntity = async (collection, reqQuery) => {
+  const { sort, limit, skip: skip2, fields, q: q13 } = reqQuery;
+  let query = {};
+  if (q13 && typeof q13 === "string") {
+    try {
+      query = JSON.parse(q13);
+    } catch {
+      throw new InvalidInputError("Invalid query parameter 'q'");
+    }
+  }
+  let cursor3 = collection.findAsync(query);
+  const sortObj = parseSort(sort);
+  if (sortObj) {
+    cursor3 = cursor3.sort(sortObj);
+  }
+  if (skip2) {
+    const skipNum = Number.parseInt(skip2, 10);
+    if (!Number.isNaN(skipNum)) {
+      cursor3 = cursor3.skip(skipNum);
+    }
+  }
+  if (limit) {
+    const limitNum = Number.parseInt(limit, 10);
+    if (!Number.isNaN(limitNum)) {
+      cursor3 = cursor3.limit(limitNum);
+    }
+  }
+  const projection = parseFields(fields);
+  if (projection) {
+    cursor3 = cursor3.projection(projection);
+  }
+  return cursor3;
+};
+// src/cli/dev/dev-server/routes/entities/entities-user-router.ts
+var import_express3 = __toESM(require_express(), 1);
+var import_jsonwebtoken2 = __toESM(require_jsonwebtoken(), 1);
+function createUserRouter(db2, logger2) {
+  const router = import_express3.Router({ mergeParams: true });
+  const parseBody = import_express3.json();
   function withAuth(handler) {
     return async (req, res) => {
       const auth2 = req.headers.authorization;
@@ -254077,7 +254352,7 @@ function createUserRouter(db2, logger2) {
         return;
       }
       try {
-        const { payload } = import_jsonwebtoken.default.decode(auth2.replace("Bearer ", ""), { complete: true }) ?? {};
+        const { payload } = import_jsonwebtoken2.default.decode(auth2.replace("Bearer ", ""), { complete: true }) ?? {};
         const result = await db2.getCollection(USER_COLLECTION)?.findOneAsync({ email: payload?.sub });
         if (!result) {
           res.status(404).json({ error: "Unable to read data for the current user" });
@@ -254110,6 +254385,28 @@ function createUserRouter(db2, logger2) {
       ...req.body
     });
   }));
+  router.get("/", withAuth(async (req, res, currentUser) => {
+    const collection = db2.getCollection(USER_COLLECTION);
+    if (!collection) {
+      res.status(404).json({ error: `Entity "${USER_COLLECTION}" not found` });
+      return;
+    }
+    try {
+      if (currentUser.role === "admin") {
+        const result = await queryEntity(collection, req.query);
+        res.json(stripInternalFields(result));
+      } else {
+        res.json([stripInternalFields(currentUser)]);
+      }
+    } catch (error48) {
+      if (error48 instanceof InvalidInputError) {
+        res.status(400).json({ error: error48.message });
+      } else {
+        logger2.error(`Error in GET /${USER_COLLECTION}:`, error48);
+        res.status(500).json({ error: "Internal server error" });
+      }
+    }
+  }));
   router.post("/bulk", async (_req, res) => {
     res.json({});
   });
@@ -254159,31 +254456,9 @@ function createUserRouter(db2, logger2) {
 }
 // src/cli/dev/dev-server/routes/entities/entities-router.ts
-function parseSort(sort) {
-  if (!sort) {
-    return;
-  }
-  if (sort.startsWith("-")) {
-    return { [sort.slice(1)]: -1 };
-  }
-  return { [sort]: 1 };
-}
-function parseFields(fields) {
-  if (!fields) {
-    return;
-  }
-  const projection = {};
-  for (const field of fields.split(",")) {
-    const trimmed = field.trim();
-    if (trimmed) {
-      projection[trimmed] = 1;
-    }
-  }
-  return Object.keys(projection).length > 0 ? projection : undefined;
-}
 async function createEntityRoutes(db2, logger2, broadcast) {
-  const router = import_express3.Router({ mergeParams: true });
-  const parseBody = import_express3.json();
+  const router = import_express4.Router({ mergeParams: true });
+  const parseBody = import_express4.json();
   function withCollection(handler) {
     return async (req, res) => {
       const collection = db2.getCollection(req.params.entityName);
@@ -254228,42 +254503,14 @@ async function createEntityRoutes(db2, logger2, broadcast) {
   router.get("/:entityName", withCollection(async (req, res, collection) => {
     const { entityName } = req.params;
     try {
-      const { sort, limit, skip: skip2, fields, q: q13 } = req.query;
-      let query = {};
-      if (q13 && typeof q13 === "string") {
-        try {
-          query = JSON.parse(q13);
-        } catch {
-          res.status(400).json({ error: "Invalid query parameter 'q'" });
-          return;
-        }
-      }
-      let cursor3 = collection.findAsync(query);
-      const sortObj = parseSort(sort);
-      if (sortObj) {
-        cursor3 = cursor3.sort(sortObj);
-      }
-      if (skip2) {
-        const skipNum = Number.parseInt(skip2, 10);
-        if (!Number.isNaN(skipNum)) {
-          cursor3 = cursor3.skip(skipNum);
-        }
-      }
-      if (limit) {
-        const limitNum = Number.parseInt(limit, 10);
-        if (!Number.isNaN(limitNum)) {
-          cursor3 = cursor3.limit(limitNum);
-        }
-      }
-      const projection = parseFields(fields);
-      if (projection) {
-        cursor3 = cursor3.projection(projection);
-      }
-      const docs = await cursor3;
-      res.json(stripInternalFields(docs));
+      res.json(stripInternalFields(await queryEntity(collection, req.query)));
     } catch (error48) {
-      logger2.error(`Error in GET /${entityName}:`, error48);
-      res.status(500).json({ error: "Internal server error" });
+      if (error48 instanceof InvalidInputError) {
+        res.status(400).json({ error: error48.message });
+      } else {
+        logger2.error(`Error in GET /${entityName}:`, error48);
+        res.status(500).json({ error: "Internal server error" });
+      }
     }
   }));
   router.post("/:entityName", parseBody, withCollection(async (req, res, collection) => {
@@ -254382,7 +254629,7 @@ async function createEntityRoutes(db2, logger2, broadcast) {
 }
 // src/cli/dev/dev-server/routes/integrations.ts
-var import_express4 = __toESM(require_express(), 1);
+var import_express5 = __toESM(require_express(), 1);
 var import_multer = __toESM(require_multer(), 1);
 import { createHash, randomUUID as randomUUID4 } from "node:crypto";
 import fs28 from "node:fs";
@@ -254391,8 +254638,8 @@ function createFileToken(fileUri) {
   return createHash("sha256").update(fileUri).digest("hex");
 }
 function createIntegrationRoutes(mediaFilesDir, baseUrl, remoteProxy, logger2) {
-  const router = import_express4.Router({ mergeParams: true });
-  const parseBody = import_express4.json();
+  const router = import_express5.Router({ mergeParams: true });
+  const parseBody = import_express5.json();
   const privateFilesDir = path18.join(mediaFilesDir, "private");
   fs28.mkdirSync(mediaFilesDir, { recursive: true });
   fs28.mkdirSync(privateFilesDir, { recursive: true });
@@ -254462,7 +254709,7 @@ function createIntegrationRoutes(mediaFilesDir, baseUrl, remoteProxy, logger2) {
   return router;
 }
 function createCustomIntegrationRoutes(remoteProxy, logger2) {
-  const router = import_express4.Router({ mergeParams: true });
+  const router = import_express5.Router({ mergeParams: true });
   router.post("/:slug/:operationId", (req, res, next) => {
     logger2.warn(`"${req.originalUrl}" is not supported in local development, passing call to production`);
     req.url = req.originalUrl;
@@ -256175,7 +256422,7 @@ async function createDevServer(options8) {
   const port = userPort ?? await getPorts({ port: DEFAULT_PORT });
   const baseUrl = `http://localhost:${port}`;
   const { functions, entities, project: project2 } = await options8.loadResources();
-  const app = import_express5.default();
+  const app = import_express6.default();
   const remoteProxy = import_http_proxy_middleware2.createProxyMiddleware({
     target: BASE44_APP_URL,
     changeOrigin: true
@@ -256207,6 +256454,8 @@ async function createDevServer(options8) {
   let emitEntityEvent = () => {};
   const entityRoutes = await createEntityRoutes(db2, devLogger, (...args) => emitEntityEvent(...args));
   app.use("/api/apps/:appId/entities", entityRoutes);
+  const authRouter = createAuthRouter(db2, devLogger);
+  app.use("/api/apps/:appId/auth", authRouter);
   const { path: mediaFilesDir } = await $dir();
   app.use("/media/private/:fileUri", (req, res, next) => {
     const { fileUri } = req.params;
@@ -256226,13 +256475,15 @@ async function createDevServer(options8) {
     }
     next();
   });
-  app.use("/media", import_express5.default.static(mediaFilesDir));
+  app.use("/media", import_express6.default.static(mediaFilesDir));
   const integrationRoutes = createIntegrationRoutes(mediaFilesDir, baseUrl, remoteProxy, devLogger);
   app.use("/api/apps/:appId/integration-endpoints", integrationRoutes);
   const customIntegrationRoutes = createCustomIntegrationRoutes(remoteProxy, devLogger);
   app.use("/api/apps/:appId/integrations/custom", customIntegrationRoutes);
   app.use((req, res, next) => {
-    devLogger.warn(`"${req.originalUrl}" is not supported in local development, passing call to production`);
+    if (!req.originalUrl.endsWith("analytics/track/batch")) {
+      devLogger.warn(`"${req.originalUrl}" is not supported in local development, passing call to production`);
+    }
     remoteProxy(req, res, next);
   });
   const server = await new Promise((resolve10, reject) => {
@@ -256303,6 +256554,7 @@ async function devAction({ log }, options8) {
   const { port: resolvedPort } = await createDevServer({
     log,
     port,
+    cwd: process21.cwd(),
     denoWrapperPath: getDenoWrapperPath(),
     loadResources: async () => {
       const { functions, entities, project: project2 } = await readProjectConfig();
@@ -260779,4 +261031,4 @@ export {
   CLIExitError
 };
-//# debugId=C23C26DBDA6AA44264756E2164756E21
+//# debugId=CDE136D996499A7364756E2164756E21