@budibase/backend-core 2.13.10 → 2.13.11

package/dist/index.js

@@ -3151,11 +3151,14 @@ var init_exports = {};
 __export(init_exports, {
   getAppClient: () => getAppClient,
   getCacheClient: () => getCacheClient,
+  getInviteClient: () => getInviteClient,
   getLockClient: () => getLockClient,
+  getPasswordResetClient: () => getPasswordResetClient,
   getSessionClient: () => getSessionClient,
   getSocketClient: () => getSocketClient,
   getUserClient: () => getUserClient,
   getWritethroughClient: () => getWritethroughClient,
+  init: () => init3,
   shutdown: () => shutdown
 });
 async function init3() {
@@ -3165,6 +3168,8 @@ async function init3() {
   cacheClient = await new redis_default("data_cache" /* GENERIC_CACHE */).init();
   lockClient = await new redis_default("locks" /* LOCKS */).init();
   writethroughClient = await new redis_default("writeThrough" /* WRITE_THROUGH */).init();
+  inviteClient = await new redis_default("invitation" /* INVITATIONS */).init();
+  passwordResetClient = await new redis_default("pwReset" /* PW_RESETS */).init();
   socketClient = await new redis_default(
     "socket_io" /* SOCKET_IO */,
     1 /* SOCKET_IO */
@@ -3183,6 +3188,10 @@ async function shutdown() {
     await writethroughClient.finish();
   if (lockClient)
     await lockClient.finish();
+  if (inviteClient)
+    await inviteClient.finish();
+  if (passwordResetClient)
+    await passwordResetClient.finish();
   if (socketClient)
     await socketClient.finish();
 }
@@ -3228,7 +3237,19 @@ async function getSocketClient() {
   }
   return socketClient;
 }
-var userClient, sessionClient, appClient, cacheClient, writethroughClient, lockClient, socketClient;
+async function getInviteClient() {
+  if (!inviteClient) {
+    await init3();
+  }
+  return inviteClient;
+}
+async function getPasswordResetClient() {
+  if (!passwordResetClient) {
+    await init3();
+  }
+  return passwordResetClient;
+}
+var userClient, sessionClient, appClient, cacheClient, writethroughClient, lockClient, socketClient, inviteClient, passwordResetClient;
 var init_init = __esm({
   "src/redis/init.ts"() {
     "use strict";
@@ -3240,86 +3261,6 @@ var init_init = __esm({
   }
 });
 
-// src/cache/base/index.ts
-var base_exports = {};
-__export(base_exports, {
-  default: () => BaseCache
-});
-function generateTenantKey(key) {
-  const tenantId = getTenantId();
-  return `${key}:${tenantId}`;
-}
-var BaseCache;
-var init_base = __esm({
-  "src/cache/base/index.ts"() {
-    "use strict";
-    init_context2();
-    init_init();
-    BaseCache = class {
-      constructor(client = void 0) {
-        this.client = client;
-      }
-      async getClient() {
-        return !this.client ? await getCacheClient() : this.client;
-      }
-      async keys(pattern) {
-        const client = await this.getClient();
-        return client.keys(pattern);
-      }
-      /**
-       * Read only from the cache.
-       */
-      async get(key, opts = { useTenancy: true }) {
-        key = opts.useTenancy ? generateTenantKey(key) : key;
-        const client = await this.getClient();
-        return client.get(key);
-      }
-      /**
-       * Write to the cache.
-       */
-      async store(key, value, ttl = null, opts = { useTenancy: true }) {
-        key = opts.useTenancy ? generateTenantKey(key) : key;
-        const client = await this.getClient();
-        await client.store(key, value, ttl);
-      }
-      /**
-       * Remove from cache.
-       */
-      async delete(key, opts = { useTenancy: true }) {
-        key = opts.useTenancy ? generateTenantKey(key) : key;
-        const client = await this.getClient();
-        return client.delete(key);
-      }
-      /**
-       * Read from the cache. Write to the cache if not exists.
-       */
-      async withCache(key, ttl, fetchFn, opts = { useTenancy: true }) {
-        const cachedValue = await this.get(key, opts);
-        if (cachedValue) {
-          return cachedValue;
-        }
-        try {
-          const fetchedValue = await fetchFn();
-          await this.store(key, fetchedValue, ttl, opts);
-          return fetchedValue;
-        } catch (err) {
-          console.error("Error fetching before cache - ", err);
-          throw err;
-        }
-      }
-      async bustCache(key, opts = { client: null }) {
-        const client = await this.getClient();
-        try {
-          await client.delete(generateTenantKey(key));
-        } catch (err) {
-          console.error("Error busting cache - ", err);
-          throw err;
-        }
-      }
-    };
-  }
-});
-
 // src/logging/correlation/correlation.ts
 var correlation_exports = {};
 __export(correlation_exports, {
@@ -3606,6 +3547,35 @@ var init_params = __esm({
 });
 
 // src/docIds/index.ts
+var docIds_exports = {};
+__export(docIds_exports, {
+  generateAppID: () => generateAppID,
+  generateAppUserID: () => generateAppUserID,
+  generateDevInfoID: () => generateDevInfoID,
+  generateGlobalUserID: () => generateGlobalUserID,
+  generatePluginID: () => generatePluginID,
+  generateRoleID: () => generateRoleID,
+  generateRowID: () => generateRowID,
+  generateTemplateID: () => generateTemplateID,
+  generateUserMetadataID: () => generateUserMetadataID,
+  generateWorkspaceID: () => generateWorkspaceID,
+  getDocParams: () => getDocParams,
+  getGlobalIDFromUserMetadataID: () => getGlobalIDFromUserMetadataID,
+  getGlobalUserParams: () => getGlobalUserParams,
+  getPluginParams: () => getPluginParams,
+  getQueryIndex: () => getQueryIndex,
+  getRoleParams: () => getRoleParams,
+  getRowParams: () => getRowParams,
+  getStartEndKeyURL: () => getStartEndKeyURL,
+  getTemplateParams: () => getTemplateParams,
+  getUserMetadataParams: () => getUserMetadataParams,
+  getUsersByAppParams: () => getUsersByAppParams,
+  getWorkspaceParams: () => getWorkspaceParams,
+  isDatasourceId: () => isDatasourceId,
+  isGlobalUserID: () => isGlobalUserID,
+  isTableId: () => isTableId,
+  prefixRoleID: () => prefixRoleID
+});
 var init_docIds = __esm({
   "src/docIds/index.ts"() {
     "use strict";
@@ -5672,6 +5642,7 @@ __export(src_exports, {
   constants: () => constants_exports,
   context: () => context_exports,
   db: () => db_exports,
+  docIds: () => docIds_exports,
   docUpdates: () => docUpdates_exports,
   encryption: () => encryption_exports,
   env: () => environment_default,
@@ -5697,7 +5668,7 @@ __export(src_exports, {
   tenancy: () => tenancy,
   timers: () => timers_exports,
   users: () => users_exports3,
-  utils: () => utils_exports3
+  utils: () => utils_exports2
 });
 module.exports = __toCommonJS(src_exports);
 
@@ -5736,7 +5707,9 @@ __export(cache_exports, {
   destroy: () => destroy,
   generic: () => generic_exports,
   get: () => get,
+  invite: () => invite_exports,
   keys: () => keys,
+  passwordReset: () => passwordReset_exports,
   store: () => store,
   user: () => user_exports,
   withCache: () => withCache,
@@ -5755,8 +5728,79 @@ __export(generic_exports, {
   store: () => store,
   withCache: () => withCache
 });
-var BaseCache2 = (init_base(), __toCommonJS(base_exports));
-var GENERIC = new BaseCache2.default();
+
+// src/cache/base/index.ts
+init_context2();
+init_init();
+function generateTenantKey(key) {
+  const tenantId = getTenantId();
+  return `${key}:${tenantId}`;
+}
+var BaseCache = class {
+  constructor(client = void 0) {
+    this.client = client;
+  }
+  async getClient() {
+    return !this.client ? await getCacheClient() : this.client;
+  }
+  async keys(pattern) {
+    const client = await this.getClient();
+    return client.keys(pattern);
+  }
+  /**
+   * Read only from the cache.
+   */
+  async get(key, opts = { useTenancy: true }) {
+    key = opts.useTenancy ? generateTenantKey(key) : key;
+    const client = await this.getClient();
+    return client.get(key);
+  }
+  /**
+   * Write to the cache.
+   */
+  async store(key, value, ttl = null, opts = { useTenancy: true }) {
+    key = opts.useTenancy ? generateTenantKey(key) : key;
+    const client = await this.getClient();
+    await client.store(key, value, ttl);
+  }
+  /**
+   * Remove from cache.
+   */
+  async delete(key, opts = { useTenancy: true }) {
+    key = opts.useTenancy ? generateTenantKey(key) : key;
+    const client = await this.getClient();
+    return client.delete(key);
+  }
+  /**
+   * Read from the cache. Write to the cache if not exists.
+   */
+  async withCache(key, ttl, fetchFn, opts = { useTenancy: true }) {
+    const cachedValue = await this.get(key, opts);
+    if (cachedValue) {
+      return cachedValue;
+    }
+    try {
+      const fetchedValue = await fetchFn();
+      await this.store(key, fetchedValue, ttl, opts);
+      return fetchedValue;
+    } catch (err) {
+      console.error("Error fetching before cache - ", err);
+      throw err;
+    }
+  }
+  async bustCache(key, opts = { client: null }) {
+    const client = await this.getClient();
+    try {
+      await client.delete(generateTenantKey(key));
+    } catch (err) {
+      console.error("Error busting cache - ", err);
+      throw err;
+    }
+  }
+};
+
+// src/cache/generic.ts
+var GENERIC = new BaseCache();
 var CacheKey = /* @__PURE__ */ ((CacheKey2) => {
   CacheKey2["CHECKLIST"] = "checklist";
   CacheKey2["INSTALLATION"] = "installation";
@@ -6371,8 +6415,320 @@ init_context2();
 init_environment2();
 
 // src/users/lookup.ts
-init_db4();
-init_constants3();
+init_db4();
+init_constants3();
+
+// src/cache/invite.ts
+var invite_exports = {};
+__export(invite_exports, {
+  createCode: () => createCode,
+  deleteCode: () => deleteCode,
+  getCode: () => getCode,
+  getExistingInvites: () => getExistingInvites,
+  getInviteCodes: () => getInviteCodes,
+  updateCode: () => updateCode
+});
+
+// src/utils/index.ts
+var utils_exports2 = {};
+__export(utils_exports2, {
+  Duration: () => Duration,
+  DurationType: () => DurationType,
+  clearCookie: () => clearCookie,
+  compare: () => compare,
+  getAppIdFromCtx: () => getAppIdFromCtx,
+  getCookie: () => getCookie,
+  hasCircularStructure: () => hasCircularStructure,
+  hash: () => hash,
+  isAudited: () => isAudited,
+  isClient: () => isClient,
+  isPublicApiRequest: () => isPublicApiRequest,
+  isServingApp: () => isServingApp,
+  isServingBuilder: () => isServingBuilder,
+  isServingBuilderPreview: () => isServingBuilderPreview,
+  isValidInternalAPIKey: () => isValidInternalAPIKey,
+  newid: () => newid,
+  openJwt: () => openJwt,
+  resolveAppUrl: () => resolveAppUrl,
+  setCookie: () => setCookie,
+  timeout: () => timeout,
+  validEmail: () => validEmail
+});
+
+// src/utils/hashing.ts
+init_environment2();
+init_newid();
+var bcrypt = environment_default.JS_BCRYPT ? require("bcryptjs") : require("bcrypt");
+var SALT_ROUNDS = environment_default.SALT_ROUNDS || 10;
+async function hash(data) {
+  const salt = await bcrypt.genSalt(SALT_ROUNDS);
+  return bcrypt.hash(data, salt);
+}
+async function compare(data, encrypted) {
+  return bcrypt.compare(data, encrypted);
+}
+
+// src/utils/utils.ts
+init_db4();
+init_constants3();
+init_environment2();
+init_context2();
+init_src();
+var jwt = require("jsonwebtoken");
+var APP_PREFIX2 = "app" /* APP */ + SEPARATOR;
+var PROD_APP_PREFIX = "/app/";
+var BUILDER_PREVIEW_PATH = "/app/preview";
+var BUILDER_PREFIX = "/builder";
+var BUILDER_APP_PREFIX = `${BUILDER_PREFIX}/app/`;
+var PUBLIC_API_PREFIX = "/api/public/v";
+function confirmAppId(possibleAppId) {
+  return possibleAppId && possibleAppId.startsWith(APP_PREFIX2) ? possibleAppId : void 0;
+}
+async function resolveAppUrl(ctx) {
+  const appUrl = ctx.path.split("/")[2];
+  let possibleAppUrl = `/${appUrl.toLowerCase()}`;
+  let tenantId = getTenantId();
+  if (environment_default.MULTI_TENANCY) {
+    tenantId = getTenantIDFromCtx(ctx, {
+      includeStrategies: ["subdomain" /* SUBDOMAIN */]
+    });
+  }
+  const apps = await doInTenant(
+    tenantId,
+    () => getAllApps({ dev: false })
+  );
+  const app = apps.filter(
+    (a) => a.url && a.url.toLowerCase() === possibleAppUrl
+  )[0];
+  return app && app.appId ? app.appId : void 0;
+}
+function isServingApp(ctx) {
+  if (ctx.path.startsWith(`/${APP_PREFIX2}`)) {
+    return true;
+  }
+  if (ctx.path.startsWith(PROD_APP_PREFIX)) {
+    return true;
+  }
+  return false;
+}
+function isServingBuilder(ctx) {
+  return ctx.path.startsWith(BUILDER_APP_PREFIX);
+}
+function isServingBuilderPreview(ctx) {
+  return ctx.path.startsWith(BUILDER_PREVIEW_PATH);
+}
+function isPublicApiRequest(ctx) {
+  return ctx.path.startsWith(PUBLIC_API_PREFIX);
+}
+async function getAppIdFromCtx(ctx) {
+  const options2 = [ctx.request.headers["x-budibase-app-id" /* APP_ID */]];
+  let appId;
+  for (let option of options2) {
+    appId = confirmAppId(option);
+    if (appId) {
+      break;
+    }
+  }
+  if (!appId && ctx.request.body && ctx.request.body.appId) {
+    appId = confirmAppId(ctx.request.body.appId);
+  }
+  const pathId = parseAppIdFromUrl(ctx.path);
+  if (!appId && pathId) {
+    appId = confirmAppId(pathId);
+  }
+  const isBuilderPreview = ctx.path.startsWith(BUILDER_PREVIEW_PATH);
+  const isViewingProdApp = ctx.path.startsWith(PROD_APP_PREFIX) && !isBuilderPreview;
+  if (!appId && isViewingProdApp) {
+    appId = confirmAppId(await resolveAppUrl(ctx));
+  }
+  const referer = ctx.request.headers.referer;
+  if (!appId && referer?.includes(BUILDER_APP_PREFIX)) {
+    const refererId = parseAppIdFromUrl(ctx.request.headers.referer);
+    appId = confirmAppId(refererId);
+  }
+  return appId;
+}
+function parseAppIdFromUrl(url) {
+  if (!url) {
+    return;
+  }
+  return url.split("/").find((subPath) => subPath.startsWith(APP_PREFIX2));
+}
+function openJwt(token) {
+  if (!token) {
+    return token;
+  }
+  try {
+    return jwt.verify(token, environment_default.JWT_SECRET);
+  } catch (e) {
+    if (environment_default.JWT_SECRET_FALLBACK) {
+      return jwt.verify(token, environment_default.JWT_SECRET_FALLBACK);
+    } else {
+      throw e;
+    }
+  }
+}
+function isValidInternalAPIKey(apiKey) {
+  if (environment_default.INTERNAL_API_KEY && environment_default.INTERNAL_API_KEY === apiKey) {
+    return true;
+  }
+  if (environment_default.INTERNAL_API_KEY_FALLBACK && environment_default.INTERNAL_API_KEY_FALLBACK === apiKey) {
+    return true;
+  }
+  return false;
+}
+function getCookie(ctx, name) {
+  const cookie = ctx.cookies.get(name);
+  if (!cookie) {
+    return cookie;
+  }
+  return openJwt(cookie);
+}
+function setCookie(ctx, value, name = "builder", opts = { sign: true }) {
+  if (value && opts && opts.sign) {
+    value = jwt.sign(value, environment_default.JWT_SECRET);
+  }
+  const config = {
+    expires: MAX_VALID_DATE,
+    path: "/",
+    httpOnly: false,
+    overwrite: true
+  };
+  if (environment_default.COOKIE_DOMAIN) {
+    config.domain = environment_default.COOKIE_DOMAIN;
+  }
+  ctx.cookies.set(name, value, config);
+}
+function clearCookie(ctx, name) {
+  setCookie(ctx, null, name);
+}
+function isClient(ctx) {
+  return ctx.headers["x-budibase-type" /* TYPE */] === "client";
+}
+function timeout(timeMs) {
+  return new Promise((resolve) => setTimeout(resolve, timeMs));
+}
+function isAudited(event) {
+  return !!AuditedEventFriendlyName[event];
+}
+function hasCircularStructure(json) {
+  if (typeof json !== "object") {
+    return false;
+  }
+  try {
+    JSON.stringify(json);
+  } catch (err) {
+    if (err instanceof Error && err?.message.includes("circular structure")) {
+      return true;
+    }
+  }
+  return false;
+}
+
+// src/utils/stringUtils.ts
+function validEmail(value) {
+  return value && !!value.match(
+    /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
+  );
+}
+
+// src/utils/Duration.ts
+var DurationType = /* @__PURE__ */ ((DurationType4) => {
+  DurationType4["MILLISECONDS"] = "milliseconds";
+  DurationType4["SECONDS"] = "seconds";
+  DurationType4["MINUTES"] = "minutes";
+  DurationType4["HOURS"] = "hours";
+  DurationType4["DAYS"] = "days";
+  return DurationType4;
+})(DurationType || {});
+var conversion = {
+  milliseconds: 1,
+  seconds: 1e3,
+  minutes: 60 * 1e3,
+  hours: 60 * 60 * 1e3,
+  days: 24 * 60 * 60 * 1e3
+};
+var Duration = class _Duration {
+  static convert(from, to, duration) {
+    const milliseconds = duration * conversion[from];
+    return milliseconds / conversion[to];
+  }
+  static from(from, duration) {
+    return {
+      to: (to) => {
+        return _Duration.convert(from, to, duration);
+      },
+      toMs: () => {
+        return _Duration.convert(from, "milliseconds" /* MILLISECONDS */, duration);
+      },
+      toSeconds: () => {
+        return _Duration.convert(from, "seconds" /* SECONDS */, duration);
+      }
+    };
+  }
+  static fromSeconds(duration) {
+    return _Duration.from("seconds" /* SECONDS */, duration);
+  }
+  static fromMinutes(duration) {
+    return _Duration.from("minutes" /* MINUTES */, duration);
+  }
+  static fromHours(duration) {
+    return _Duration.from("hours" /* HOURS */, duration);
+  }
+  static fromDays(duration) {
+    return _Duration.from("days" /* DAYS */, duration);
+  }
+};
+
+// src/cache/invite.ts
+init_environment2();
+init_context2();
+init_init();
+var TTL_SECONDS = Duration.fromDays(7).toSeconds();
+async function updateCode(code, value) {
+  const client = await getInviteClient();
+  await client.store(code, value, TTL_SECONDS);
+}
+async function createCode(email, info) {
+  const code = newid();
+  const client = await getInviteClient();
+  await client.store(code, { email, info }, TTL_SECONDS);
+  return code;
+}
+async function getCode(code) {
+  const client = await getInviteClient();
+  const value = await client.get(code);
+  if (!value) {
+    throw "Invitation is not valid or has expired, please request a new one.";
+  }
+  return value;
+}
+async function deleteCode(code) {
+  const client = await getInviteClient();
+  await client.delete(code);
+}
+async function getInviteCodes() {
+  const client = await getInviteClient();
+  const invites = await client.scan();
+  const results = invites.map((invite) => {
+    return {
+      ...invite.value,
+      code: invite.key
+    };
+  });
+  if (!environment_default.MULTI_TENANCY) {
+    return results;
+  }
+  const tenantId = getTenantId();
+  return results.filter((invite) => tenantId === invite.info.tenantId);
+}
+async function getExistingInvites(emails) {
+  return (await getInviteCodes()).filter(
+    (invite) => emails.includes(invite.email)
+  );
+}
+
+// src/users/lookup.ts
 async function searchExistingEmails(emails) {
   let matchedEmails = [];
   const existingTenantUsers = await getExistingTenantUsers(emails);
@@ -6381,6 +6737,8 @@ async function searchExistingEmails(emails) {
   matchedEmails.push(...existingPlatformUsers.map((user) => user._id));
   const existingAccounts = await getExistingAccounts(emails);
   matchedEmails.push(...existingAccounts.map((account) => account.email));
+  const invitedEmails = await getExistingInvites(emails);
+  matchedEmails.push(...invitedEmails.map((invite) => invite.email));
   return [...new Set(matchedEmails.map((email) => email.toLowerCase()))];
 }
 async function getPlatformUser(identifier) {
@@ -6618,7 +6976,7 @@ __export(applications_exports, {
   getProdAppID: () => getProdAppID2
 });
 init_src();
-var APP_PREFIX2 = prefixed("app" /* APP */);
+var APP_PREFIX3 = prefixed("app" /* APP */);
 var APP_DEV_PREFIX2 = prefixed("app_dev" /* APP_DEV */);
 function getDevAppID2(appId) {
   if (!appId) {
@@ -6627,9 +6985,9 @@ function getDevAppID2(appId) {
   if (appId.startsWith(APP_DEV_PREFIX2)) {
     return appId;
   }
-  const split = appId.split(APP_PREFIX2);
+  const split = appId.split(APP_PREFIX3);
   split.shift();
-  const rest = split.join(APP_PREFIX2);
+  const rest = split.join(APP_PREFIX3);
   return `${APP_DEV_PREFIX2}${rest}`;
 }
 function getProdAppID2(appId) {
@@ -6642,7 +7000,7 @@ function getProdAppID2(appId) {
   const split = appId.split(APP_DEV_PREFIX2);
   split.shift();
   const rest = split.join(APP_DEV_PREFIX2);
-  return `${APP_PREFIX2}${rest}`;
+  return `${APP_PREFIX3}${rest}`;
 }
 
 // ../shared-core/src/sdk/documents/users.ts
@@ -7359,256 +7717,6 @@ init_utils2();
 
 // src/queue/inMemoryQueue.ts
 var import_events2 = __toESM(require("events"));
-
-// src/utils/index.ts
-var utils_exports3 = {};
-__export(utils_exports3, {
-  Duration: () => Duration,
-  DurationType: () => DurationType,
-  clearCookie: () => clearCookie,
-  compare: () => compare,
-  getAppIdFromCtx: () => getAppIdFromCtx,
-  getCookie: () => getCookie,
-  hasCircularStructure: () => hasCircularStructure,
-  hash: () => hash,
-  isAudited: () => isAudited,
-  isClient: () => isClient,
-  isPublicApiRequest: () => isPublicApiRequest,
-  isServingApp: () => isServingApp,
-  isServingBuilder: () => isServingBuilder,
-  isServingBuilderPreview: () => isServingBuilderPreview,
-  isValidInternalAPIKey: () => isValidInternalAPIKey,
-  newid: () => newid,
-  openJwt: () => openJwt,
-  resolveAppUrl: () => resolveAppUrl,
-  setCookie: () => setCookie,
-  timeout: () => timeout,
-  validEmail: () => validEmail
-});
-
-// src/utils/hashing.ts
-init_environment2();
-init_newid();
-var bcrypt = environment_default.JS_BCRYPT ? require("bcryptjs") : require("bcrypt");
-var SALT_ROUNDS = environment_default.SALT_ROUNDS || 10;
-async function hash(data) {
-  const salt = await bcrypt.genSalt(SALT_ROUNDS);
-  return bcrypt.hash(data, salt);
-}
-async function compare(data, encrypted) {
-  return bcrypt.compare(data, encrypted);
-}
-
-// src/utils/utils.ts
-init_db4();
-init_constants3();
-init_environment2();
-init_context2();
-init_src();
-var jwt = require("jsonwebtoken");
-var APP_PREFIX3 = "app" /* APP */ + SEPARATOR;
-var PROD_APP_PREFIX = "/app/";
-var BUILDER_PREVIEW_PATH = "/app/preview";
-var BUILDER_PREFIX = "/builder";
-var BUILDER_APP_PREFIX = `${BUILDER_PREFIX}/app/`;
-var PUBLIC_API_PREFIX = "/api/public/v";
-function confirmAppId(possibleAppId) {
-  return possibleAppId && possibleAppId.startsWith(APP_PREFIX3) ? possibleAppId : void 0;
-}
-async function resolveAppUrl(ctx) {
-  const appUrl = ctx.path.split("/")[2];
-  let possibleAppUrl = `/${appUrl.toLowerCase()}`;
-  let tenantId = getTenantId();
-  if (environment_default.MULTI_TENANCY) {
-    tenantId = getTenantIDFromCtx(ctx, {
-      includeStrategies: ["subdomain" /* SUBDOMAIN */]
-    });
-  }
-  const apps = await doInTenant(
-    tenantId,
-    () => getAllApps({ dev: false })
-  );
-  const app = apps.filter(
-    (a) => a.url && a.url.toLowerCase() === possibleAppUrl
-  )[0];
-  return app && app.appId ? app.appId : void 0;
-}
-function isServingApp(ctx) {
-  if (ctx.path.startsWith(`/${APP_PREFIX3}`)) {
-    return true;
-  }
-  if (ctx.path.startsWith(PROD_APP_PREFIX)) {
-    return true;
-  }
-  return false;
-}
-function isServingBuilder(ctx) {
-  return ctx.path.startsWith(BUILDER_APP_PREFIX);
-}
-function isServingBuilderPreview(ctx) {
-  return ctx.path.startsWith(BUILDER_PREVIEW_PATH);
-}
-function isPublicApiRequest(ctx) {
-  return ctx.path.startsWith(PUBLIC_API_PREFIX);
-}
-async function getAppIdFromCtx(ctx) {
-  const options2 = [ctx.request.headers["x-budibase-app-id" /* APP_ID */]];
-  let appId;
-  for (let option of options2) {
-    appId = confirmAppId(option);
-    if (appId) {
-      break;
-    }
-  }
-  if (!appId && ctx.request.body && ctx.request.body.appId) {
-    appId = confirmAppId(ctx.request.body.appId);
-  }
-  const pathId = parseAppIdFromUrl(ctx.path);
-  if (!appId && pathId) {
-    appId = confirmAppId(pathId);
-  }
-  const isBuilderPreview = ctx.path.startsWith(BUILDER_PREVIEW_PATH);
-  const isViewingProdApp = ctx.path.startsWith(PROD_APP_PREFIX) && !isBuilderPreview;
-  if (!appId && isViewingProdApp) {
-    appId = confirmAppId(await resolveAppUrl(ctx));
-  }
-  const referer = ctx.request.headers.referer;
-  if (!appId && referer?.includes(BUILDER_APP_PREFIX)) {
-    const refererId = parseAppIdFromUrl(ctx.request.headers.referer);
-    appId = confirmAppId(refererId);
-  }
-  return appId;
-}
-function parseAppIdFromUrl(url) {
-  if (!url) {
-    return;
-  }
-  return url.split("/").find((subPath) => subPath.startsWith(APP_PREFIX3));
-}
-function openJwt(token) {
-  if (!token) {
-    return token;
-  }
-  try {
-    return jwt.verify(token, environment_default.JWT_SECRET);
-  } catch (e) {
-    if (environment_default.JWT_SECRET_FALLBACK) {
-      return jwt.verify(token, environment_default.JWT_SECRET_FALLBACK);
-    } else {
-      throw e;
-    }
-  }
-}
-function isValidInternalAPIKey(apiKey) {
-  if (environment_default.INTERNAL_API_KEY && environment_default.INTERNAL_API_KEY === apiKey) {
-    return true;
-  }
-  if (environment_default.INTERNAL_API_KEY_FALLBACK && environment_default.INTERNAL_API_KEY_FALLBACK === apiKey) {
-    return true;
-  }
-  return false;
-}
-function getCookie(ctx, name) {
-  const cookie = ctx.cookies.get(name);
-  if (!cookie) {
-    return cookie;
-  }
-  return openJwt(cookie);
-}
-function setCookie(ctx, value, name = "builder", opts = { sign: true }) {
-  if (value && opts && opts.sign) {
-    value = jwt.sign(value, environment_default.JWT_SECRET);
-  }
-  const config = {
-    expires: MAX_VALID_DATE,
-    path: "/",
-    httpOnly: false,
-    overwrite: true
-  };
-  if (environment_default.COOKIE_DOMAIN) {
-    config.domain = environment_default.COOKIE_DOMAIN;
-  }
-  ctx.cookies.set(name, value, config);
-}
-function clearCookie(ctx, name) {
-  setCookie(ctx, null, name);
-}
-function isClient(ctx) {
-  return ctx.headers["x-budibase-type" /* TYPE */] === "client";
-}
-function timeout(timeMs) {
-  return new Promise((resolve) => setTimeout(resolve, timeMs));
-}
-function isAudited(event) {
-  return !!AuditedEventFriendlyName[event];
-}
-function hasCircularStructure(json) {
-  if (typeof json !== "object") {
-    return false;
-  }
-  try {
-    JSON.stringify(json);
-  } catch (err) {
-    if (err instanceof Error && err?.message.includes("circular structure")) {
-      return true;
-    }
-  }
-  return false;
-}
-
-// src/utils/stringUtils.ts
-function validEmail(value) {
-  return value && !!value.match(
-    /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
-  );
-}
-
-// src/utils/Duration.ts
-var DurationType = /* @__PURE__ */ ((DurationType2) => {
-  DurationType2["MILLISECONDS"] = "milliseconds";
-  DurationType2["SECONDS"] = "seconds";
-  DurationType2["MINUTES"] = "minutes";
-  DurationType2["HOURS"] = "hours";
-  DurationType2["DAYS"] = "days";
-  return DurationType2;
-})(DurationType || {});
-var conversion = {
-  milliseconds: 1,
-  seconds: 1e3,
-  minutes: 60 * 1e3,
-  hours: 60 * 60 * 1e3,
-  days: 24 * 60 * 60 * 1e3
-};
-var Duration = class _Duration {
-  static convert(from, to, duration) {
-    const milliseconds = duration * conversion[from];
-    return milliseconds / conversion[to];
-  }
-  static from(from, duration) {
-    return {
-      to: (to) => {
-        return _Duration.convert(from, to, duration);
-      },
-      toMs: () => {
-        return _Duration.convert(from, "milliseconds" /* MILLISECONDS */, duration);
-      }
-    };
-  }
-  static fromSeconds(duration) {
-    return _Duration.from("seconds" /* SECONDS */, duration);
-  }
-  static fromMinutes(duration) {
-    return _Duration.from("minutes" /* MINUTES */, duration);
-  }
-  static fromHours(duration) {
-    return _Duration.from("hours" /* HOURS */, duration);
-  }
-  static fromDays(duration) {
-    return _Duration.from("days" /* DAYS */, duration);
-  }
-};
-
-// src/queue/inMemoryQueue.ts
 function newJob(queue, message) {
   return {
     timestamp: Date.now(),
@@ -10162,7 +10270,7 @@ var UserDB = class _UserDB {
         });
         continue;
       }
-      newUser.userGroups = groups;
+      newUser.userGroups = groups || [];
       newUsers.push(newUser);
       if (isCreator2(newUser)) {
         newCreators.push(newUser);
@@ -10395,7 +10503,6 @@ var writethrough_exports = {};
 __export(writethrough_exports, {
   Writethrough: () => Writethrough
 });
-init_base();
 init_init();
 init_logging();
 init_src();
@@ -10501,6 +10608,29 @@ var Writethrough = class {
   }
 };
 
+// src/cache/passwordReset.ts
+var passwordReset_exports = {};
+__export(passwordReset_exports, {
+  createCode: () => createCode2,
+  getCode: () => getCode2
+});
+init_init();
+var TTL_SECONDS2 = Duration.fromHours(1).toSeconds();
+async function createCode2(userId, info) {
+  const code = newid();
+  const client = await getPasswordResetClient();
+  await client.store(code, { userId, info }, TTL_SECONDS2);
+  return code;
+}
+async function getCode2(code) {
+  const client = await getPasswordResetClient();
+  const value = await client.get(code);
+  if (!value) {
+    throw "Provided information is not valid, cannot reset password - please try again.";
+  }
+  return value;
+}
+
 // src/configs/configs.ts
 init_context2();
 init_environment2();
@@ -12844,6 +12974,7 @@ function init7(processors2) {
 
 // src/index.ts
 init_db4();
+init_docIds();
 init_context2();
 init_constants3();
 init_db4();
@@ -12896,6 +13027,7 @@ var init8 = (opts = {}) => {
   constants,
   context,
   db,
+  docIds,
   docUpdates,
   encryption,
   env,