@budibase/backend-core 2.32.6 → 2.32.8

package/dist/index.js

@@ -54228,6 +54228,7 @@ var configs_exports = {};
 __export(configs_exports, {
   analyticsEnabled: () => analyticsEnabled,
   generateConfigID: () => generateConfigID,
+  getAIConfig: () => getAIConfig,
   getConfig: () => getConfig,
   getDefaultGoogleConfig: () => getDefaultGoogleConfig,
   getGoogleConfig: () => getGoogleConfig,
@@ -58452,6 +58453,7 @@ var AppState = /* @__PURE__ */ ((AppState2) => {
   return AppState2;
 })(AppState || {});
 var EXPIRY_SECONDS = 3600;
+var INVALID_EXPIRY_SECONDS = 60;
 async function populateFromDB(appId) {
   return doWithDB(
     appId,
@@ -58474,7 +58476,7 @@ async function getAppMetadata(appId) {
     } catch (err) {
       if (err && err.status === 404) {
         metadata = { state: "invalid" /* INVALID */ };
-        expiry = void 0;
+        expiry = INVALID_EXPIRY_SECONDS;
       } else {
         throw err;
       }
@@ -59814,6 +59816,385 @@ __export(features_exports, {
 });
 var import_posthog_node = require("posthog-node");
 var import_dd_trace3 = __toESM(require("dd-trace"));
+
+// src/utils/index.ts
+var utils_exports4 = {};
+__export(utils_exports4, {
+  Duration: () => Duration,
+  DurationType: () => DurationType,
+  clearCookie: () => clearCookie,
+  compare: () => compare,
+  getAppIdFromCtx: () => getAppIdFromCtx,
+  getCookie: () => getCookie,
+  hasCircularStructure: () => hasCircularStructure,
+  hash: () => hash,
+  isAudited: () => isAudited,
+  isClient: () => isClient,
+  isPublicApiRequest: () => isPublicApiRequest,
+  isServingApp: () => isServingApp,
+  isServingBuilder: () => isServingBuilder,
+  isServingBuilderPreview: () => isServingBuilderPreview,
+  isValidInternalAPIKey: () => isValidInternalAPIKey,
+  newid: () => newid,
+  openJwt: () => openJwt,
+  resolveAppUrl: () => resolveAppUrl,
+  setCookie: () => setCookie,
+  timeout: () => timeout,
+  validEmail: () => validEmail
+});
+
+// src/utils/hashing.ts
+var bcrypt = environment_default.JS_BCRYPT ? require("bcryptjs") : require("bcrypt");
+var SALT_ROUNDS = environment_default.SALT_ROUNDS || 10;
+async function hash(data) {
+  const salt = await bcrypt.genSalt(SALT_ROUNDS);
+  return bcrypt.hash(data, salt);
+}
+async function compare(data, encrypted) {
+  return bcrypt.compare(data, encrypted);
+}
+
+// src/tenancy/index.ts
+var tenancy_exports = {};
+__export(tenancy_exports, {
+  addTenantToUrl: () => addTenantToUrl,
+  getTenantDB: () => getTenantDB,
+  getTenantIDFromCtx: () => getTenantIDFromCtx,
+  getTenantInfo: () => getTenantInfo,
+  isUserInAppTenant: () => isUserInAppTenant,
+  saveTenantInfo: () => saveTenantInfo
+});
+
+// src/tenancy/db.ts
+function getTenantDB(tenantId) {
+  return getDB(getGlobalDBName(tenantId));
+}
+async function saveTenantInfo(tenantInfo) {
+  const db = getTenantDB(tenantInfo.tenantId);
+  return db.put({
+    _id: "tenant_info",
+    ...tenantInfo
+  });
+}
+async function getTenantInfo(tenantId) {
+  try {
+    const db = getTenantDB(tenantId);
+    const tenantInfo = await db.get("tenant_info");
+    delete tenantInfo.owner.password;
+    return tenantInfo;
+  } catch {
+    return void 0;
+  }
+}
+
+// src/tenancy/tenancy.ts
+function addTenantToUrl(url) {
+  const tenantId = getTenantId();
+  if (isMultiTenant()) {
+    const char = url.indexOf("?") === -1 ? "?" : "&";
+    url += `${char}tenantId=${tenantId}`;
+  }
+  return url;
+}
+var isUserInAppTenant = (appId, user) => {
+  let userTenantId;
+  if (user) {
+    userTenantId = user.tenantId || DEFAULT_TENANT_ID;
+  } else {
+    userTenantId = getTenantId();
+  }
+  const tenantId = getTenantIDFromAppID(appId) || DEFAULT_TENANT_ID;
+  return tenantId === userTenantId;
+};
+var ALL_STRATEGIES = Object.values(TenantResolutionStrategy);
+var getTenantIDFromCtx = (ctx, opts) => {
+  if (!isMultiTenant()) {
+    return DEFAULT_TENANT_ID;
+  }
+  if (opts.allowNoTenant === void 0) {
+    opts.allowNoTenant = false;
+  }
+  if (!opts.includeStrategies) {
+    opts.includeStrategies = ALL_STRATEGIES;
+  }
+  if (!opts.excludeStrategies) {
+    opts.excludeStrategies = [];
+  }
+  const isAllowed = (strategy) => {
+    if (opts.excludeStrategies?.includes(strategy)) {
+      return false;
+    }
+    if (opts.includeStrategies?.includes(strategy)) {
+      return true;
+    }
+  };
+  if (isAllowed("user" /* USER */)) {
+    const userTenantId = ctx.user?.tenantId;
+    if (userTenantId) {
+      return userTenantId;
+    }
+  }
+  if (isAllowed("header" /* HEADER */)) {
+    const headerTenantId = ctx.request.headers["x-budibase-tenant-id" /* TENANT_ID */];
+    if (headerTenantId) {
+      return headerTenantId;
+    }
+  }
+  if (isAllowed("query" /* QUERY */)) {
+    const queryTenantId = ctx.request.query.tenantId;
+    if (queryTenantId) {
+      return queryTenantId;
+    }
+  }
+  if (isAllowed("subdomain" /* SUBDOMAIN */)) {
+    let platformHost;
+    try {
+      platformHost = new URL(getPlatformURL()).host.split(":")[0];
+    } catch (err) {
+      if (err.code !== "ERR_INVALID_URL") {
+        throw err;
+      }
+    }
+    const requestHost = ctx.host;
+    if (platformHost && requestHost.includes(platformHost)) {
+      const tenantId = requestHost.substring(
+        0,
+        requestHost.indexOf(`.${platformHost}`)
+      );
+      if (tenantId) {
+        return tenantId;
+      }
+    }
+  }
+  if (isAllowed("path" /* PATH */)) {
+    const match = ctx.matched.find(
+      (m) => !!m.paramNames.find((p) => p.name === "tenantId")
+    );
+    const ctxUrl = ctx.originalUrl;
+    let url;
+    if (ctxUrl.includes("?")) {
+      url = ctxUrl.split("?")[0];
+    } else {
+      url = ctxUrl;
+    }
+    if (match) {
+      const params2 = match.params(url, match.captures(url), {});
+      if (params2.tenantId) {
+        return params2.tenantId;
+      }
+    }
+  }
+  if (!opts.allowNoTenant) {
+    ctx.throw(403, "Tenant id not set");
+  }
+  return void 0;
+};
+
+// src/utils/utils.ts
+var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
+var APP_PREFIX3 = "app" /* APP */ + SEPARATOR;
+var PROD_APP_PREFIX = "/app/";
+var BUILDER_PREVIEW_PATH = "/app/preview";
+var BUILDER_PREFIX = "/builder";
+var BUILDER_APP_PREFIX = `${BUILDER_PREFIX}/app/`;
+var PUBLIC_API_PREFIX = "/api/public/v";
+function confirmAppId(possibleAppId) {
+  return possibleAppId && possibleAppId.startsWith(APP_PREFIX3) ? possibleAppId : void 0;
+}
+async function resolveAppUrl(ctx) {
+  const appUrl = ctx.path.split("/")[2];
+  let possibleAppUrl = `/${appUrl.toLowerCase()}`;
+  let tenantId = getTenantId();
+  if (!environment_default.isDev() && environment_default.MULTI_TENANCY) {
+    tenantId = getTenantIDFromCtx(ctx, {
+      includeStrategies: ["subdomain" /* SUBDOMAIN */]
+    });
+  }
+  const apps = await doInTenant(
+    tenantId,
+    () => getAllApps({ dev: false })
+  );
+  const app = apps.filter(
+    (a) => a.url && a.url.toLowerCase() === possibleAppUrl
+  )[0];
+  return app && app.appId ? app.appId : void 0;
+}
+function isServingApp(ctx) {
+  if (ctx.path.startsWith(`/${APP_PREFIX3}`)) {
+    return true;
+  }
+  return ctx.path.startsWith(PROD_APP_PREFIX);
+}
+function isServingBuilder(ctx) {
+  return ctx.path.startsWith(BUILDER_APP_PREFIX);
+}
+function isServingBuilderPreview(ctx) {
+  return ctx.path.startsWith(BUILDER_PREVIEW_PATH);
+}
+function isPublicApiRequest(ctx) {
+  return ctx.path.startsWith(PUBLIC_API_PREFIX);
+}
+async function getAppIdFromCtx(ctx) {
+  const options2 = [ctx.request.headers["x-budibase-app-id" /* APP_ID */]];
+  let appId;
+  for (let option of options2) {
+    appId = confirmAppId(option);
+    if (appId) {
+      break;
+    }
+  }
+  if (!appId && ctx.request.body && ctx.request.body.appId) {
+    appId = confirmAppId(ctx.request.body.appId);
+  }
+  const pathId = parseAppIdFromUrlPath(ctx.path);
+  if (!appId && pathId) {
+    appId = confirmAppId(pathId);
+  }
+  const isBuilderPreview = ctx.path.startsWith(BUILDER_PREVIEW_PATH);
+  const isViewingProdApp = ctx.path.startsWith(PROD_APP_PREFIX) && !isBuilderPreview;
+  if (!appId && isViewingProdApp) {
+    appId = confirmAppId(await resolveAppUrl(ctx));
+  }
+  const referer = ctx.request.headers.referer;
+  if (!appId && referer?.includes(BUILDER_APP_PREFIX)) {
+    const refererId = parseAppIdFromUrlPath(ctx.request.headers.referer);
+    appId = confirmAppId(refererId);
+  }
+  return appId;
+}
+function parseAppIdFromUrlPath(url) {
+  if (!url) {
+    return;
+  }
+  return url.split("?")[0].split("/").find((subPath) => subPath.startsWith(APP_PREFIX3));
+}
+function openJwt(token) {
+  if (!token) {
+    return void 0;
+  }
+  try {
+    return import_jsonwebtoken.default.verify(token, environment_default.JWT_SECRET);
+  } catch (e) {
+    if (environment_default.JWT_SECRET_FALLBACK) {
+      return import_jsonwebtoken.default.verify(token, environment_default.JWT_SECRET_FALLBACK);
+    } else {
+      throw e;
+    }
+  }
+}
+function isValidInternalAPIKey(apiKey) {
+  if (environment_default.INTERNAL_API_KEY && environment_default.INTERNAL_API_KEY === apiKey) {
+    return true;
+  }
+  return !!(environment_default.INTERNAL_API_KEY_FALLBACK && environment_default.INTERNAL_API_KEY_FALLBACK === apiKey);
+}
+function getCookie(ctx, name) {
+  const cookie = ctx.cookies.get(name);
+  if (!cookie) {
+    return void 0;
+  }
+  return openJwt(cookie);
+}
+function setCookie(ctx, value, name = "builder", opts = { sign: true }) {
+  if (value && opts && opts.sign) {
+    value = import_jsonwebtoken.default.sign(value, environment_default.JWT_SECRET);
+  }
+  const config = {
+    expires: MAX_VALID_DATE,
+    path: "/",
+    httpOnly: false,
+    overwrite: true
+  };
+  if (environment_default.COOKIE_DOMAIN) {
+    config.domain = environment_default.COOKIE_DOMAIN;
+  }
+  ctx.cookies.set(name, value, config);
+}
+function clearCookie(ctx, name) {
+  setCookie(ctx, null, name);
+}
+function isClient(ctx) {
+  return ctx.headers["x-budibase-type" /* TYPE */] === "client";
+}
+function timeout(timeMs) {
+  return new Promise((resolve) => setTimeout(resolve, timeMs));
+}
+function isAudited(event) {
+  return !!AuditedEventFriendlyName[event];
+}
+function hasCircularStructure(json) {
+  if (typeof json !== "object") {
+    return false;
+  }
+  try {
+    JSON.stringify(json);
+  } catch (err) {
+    if (err instanceof Error && err?.message.includes("circular structure")) {
+      return true;
+    }
+  }
+  return false;
+}
+
+// src/utils/stringUtils.ts
+function validEmail(value) {
+  return value && !!value.match(
+    /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
+  );
+}
+
+// src/utils/Duration.ts
+var DurationType = /* @__PURE__ */ ((DurationType2) => {
+  DurationType2["MILLISECONDS"] = "milliseconds";
+  DurationType2["SECONDS"] = "seconds";
+  DurationType2["MINUTES"] = "minutes";
+  DurationType2["HOURS"] = "hours";
+  DurationType2["DAYS"] = "days";
+  return DurationType2;
+})(DurationType || {});
+var conversion = {
+  milliseconds: 1,
+  seconds: 1e3,
+  minutes: 60 * 1e3,
+  hours: 60 * 60 * 1e3,
+  days: 24 * 60 * 60 * 1e3
+};
+var Duration = class _Duration {
+  static convert(from, to, duration) {
+    const milliseconds = duration * conversion[from];
+    return milliseconds / conversion[to];
+  }
+  static from(from, duration) {
+    return {
+      to: (to) => {
+        return _Duration.convert(from, to, duration);
+      },
+      toMs: () => {
+        return _Duration.convert(from, "milliseconds" /* MILLISECONDS */, duration);
+      },
+      toSeconds: () => {
+        return _Duration.convert(from, "seconds" /* SECONDS */, duration);
+      }
+    };
+  }
+  static fromSeconds(duration) {
+    return _Duration.from("seconds" /* SECONDS */, duration);
+  }
+  static fromMinutes(duration) {
+    return _Duration.from("minutes" /* MINUTES */, duration);
+  }
+  static fromHours(duration) {
+    return _Duration.from("hours" /* HOURS */, duration);
+  }
+  static fromDays(duration) {
+    return _Duration.from("days" /* DAYS */, duration);
+  }
+  static fromMilliseconds(duration) {
+    return _Duration.from("milliseconds" /* MILLISECONDS */, duration);
+  }
+};
+
+// src/features/index.ts
 var posthog;
 function init4(opts) {
   if (environment_default.POSTHOG_TOKEN && environment_default.POSTHOG_API_HOST && !environment_default.SELF_HOSTED && environment_default.POSTHOG_FEATURE_FLAGS_ENABLED) {
@@ -59821,6 +60202,7 @@ function init4(opts) {
     posthog = new import_posthog_node.PostHog(environment_default.POSTHOG_TOKEN, {
       host: environment_default.POSTHOG_API_HOST,
       personalApiKey: environment_default.POSTHOG_PERSONAL_TOKEN,
+      featureFlagsPollingInterval: Duration.fromMinutes(3).toMs(),
       ...opts
     });
   } else {
@@ -60097,7 +60479,7 @@ var DatabaseImpl = class _DatabaseImpl {
     return this.getDb();
   }
   // this function fetches the DB and handles if DB creation is needed
-  async performCall(call) {
+  async performCallWithDBCreation(call) {
     const db = this.getDb();
     const fnc = await call(db);
     try {
@@ -60105,11 +60487,20 @@ var DatabaseImpl = class _DatabaseImpl {
     } catch (err) {
       if (err.statusCode === 404 && err.reason === DATABASE_NOT_FOUND) {
         await this.checkAndCreateDb();
-        return await this.performCall(call);
+        return await this.performCallWithDBCreation(call);
       }
       throw new CouchDBError(`CouchDB error: ${err.message}`, err);
     }
   }
+  async performCall(call) {
+    const db = this.getDb();
+    const fnc = await call(db);
+    try {
+      return await fnc();
+    } catch (err) {
+      throw new CouchDBError(`CouchDB error: ${err.message}`, err);
+    }
+  }
   async get(id) {
     return this.performCall((db) => {
       if (!id) {
@@ -60193,7 +60584,7 @@ var DatabaseImpl = class _DatabaseImpl {
     if (!document._id) {
       throw new Error("Cannot store document without _id field.");
     }
-    return this.performCall(async (db) => {
+    return this.performCallWithDBCreation(async (db) => {
       if (!document.createdAt) {
         document.createdAt = (/* @__PURE__ */ new Date()).toISOString();
       }
@@ -60215,7 +60606,7 @@ var DatabaseImpl = class _DatabaseImpl {
   }
   async bulkDocs(documents) {
     const now = (/* @__PURE__ */ new Date()).toISOString();
-    return this.performCall((db) => {
+    return this.performCallWithDBCreation((db) => {
       return () => db.bulk({
         docs: documents.map((d) => ({ createdAt: now, ...d, updatedAt: now }))
       });
@@ -60223,7 +60614,21 @@ var DatabaseImpl = class _DatabaseImpl {
   }
   async allDocs(params2) {
     return this.performCall((db) => {
-      return () => db.list(params2);
+      return async () => {
+        try {
+          return await db.list(params2);
+        } catch (err) {
+          if (err.reason === DATABASE_NOT_FOUND) {
+            return {
+              offset: 0,
+              total_rows: 0,
+              rows: []
+            };
+          } else {
+            throw err;
+          }
+        }
+      };
     });
   }
   async _sqlQuery(url, method, body2) {
@@ -60786,142 +61191,6 @@ __export(user_exports, {
   invalidateUser: () => invalidateUser
 });
 
-// src/tenancy/index.ts
-var tenancy_exports = {};
-__export(tenancy_exports, {
-  addTenantToUrl: () => addTenantToUrl,
-  getTenantDB: () => getTenantDB,
-  getTenantIDFromCtx: () => getTenantIDFromCtx,
-  getTenantInfo: () => getTenantInfo,
-  isUserInAppTenant: () => isUserInAppTenant,
-  saveTenantInfo: () => saveTenantInfo
-});
-
-// src/tenancy/db.ts
-function getTenantDB(tenantId) {
-  return getDB(getGlobalDBName(tenantId));
-}
-async function saveTenantInfo(tenantInfo) {
-  const db = getTenantDB(tenantInfo.tenantId);
-  return db.put({
-    _id: "tenant_info",
-    ...tenantInfo
-  });
-}
-async function getTenantInfo(tenantId) {
-  try {
-    const db = getTenantDB(tenantId);
-    const tenantInfo = await db.get("tenant_info");
-    delete tenantInfo.owner.password;
-    return tenantInfo;
-  } catch {
-    return void 0;
-  }
-}
-
-// src/tenancy/tenancy.ts
-function addTenantToUrl(url) {
-  const tenantId = getTenantId();
-  if (isMultiTenant()) {
-    const char = url.indexOf("?") === -1 ? "?" : "&";
-    url += `${char}tenantId=${tenantId}`;
-  }
-  return url;
-}
-var isUserInAppTenant = (appId, user) => {
-  let userTenantId;
-  if (user) {
-    userTenantId = user.tenantId || DEFAULT_TENANT_ID;
-  } else {
-    userTenantId = getTenantId();
-  }
-  const tenantId = getTenantIDFromAppID(appId) || DEFAULT_TENANT_ID;
-  return tenantId === userTenantId;
-};
-var ALL_STRATEGIES = Object.values(TenantResolutionStrategy);
-var getTenantIDFromCtx = (ctx, opts) => {
-  if (!isMultiTenant()) {
-    return DEFAULT_TENANT_ID;
-  }
-  if (opts.allowNoTenant === void 0) {
-    opts.allowNoTenant = false;
-  }
-  if (!opts.includeStrategies) {
-    opts.includeStrategies = ALL_STRATEGIES;
-  }
-  if (!opts.excludeStrategies) {
-    opts.excludeStrategies = [];
-  }
-  const isAllowed = (strategy) => {
-    if (opts.excludeStrategies?.includes(strategy)) {
-      return false;
-    }
-    if (opts.includeStrategies?.includes(strategy)) {
-      return true;
-    }
-  };
-  if (isAllowed("user" /* USER */)) {
-    const userTenantId = ctx.user?.tenantId;
-    if (userTenantId) {
-      return userTenantId;
-    }
-  }
-  if (isAllowed("header" /* HEADER */)) {
-    const headerTenantId = ctx.request.headers["x-budibase-tenant-id" /* TENANT_ID */];
-    if (headerTenantId) {
-      return headerTenantId;
-    }
-  }
-  if (isAllowed("query" /* QUERY */)) {
-    const queryTenantId = ctx.request.query.tenantId;
-    if (queryTenantId) {
-      return queryTenantId;
-    }
-  }
-  if (isAllowed("subdomain" /* SUBDOMAIN */)) {
-    let platformHost;
-    try {
-      platformHost = new URL(getPlatformURL()).host.split(":")[0];
-    } catch (err) {
-      if (err.code !== "ERR_INVALID_URL") {
-        throw err;
-      }
-    }
-    const requestHost = ctx.host;
-    if (platformHost && requestHost.includes(platformHost)) {
-      const tenantId = requestHost.substring(
-        0,
-        requestHost.indexOf(`.${platformHost}`)
-      );
-      if (tenantId) {
-        return tenantId;
-      }
-    }
-  }
-  if (isAllowed("path" /* PATH */)) {
-    const match = ctx.matched.find(
-      (m) => !!m.paramNames.find((p) => p.name === "tenantId")
-    );
-    const ctxUrl = ctx.originalUrl;
-    let url;
-    if (ctxUrl.includes("?")) {
-      url = ctxUrl.split("?")[0];
-    } else {
-      url = ctxUrl;
-    }
-    if (match) {
-      const params2 = match.params(url, match.captures(url), {});
-      if (params2.tenantId) {
-        return params2.tenantId;
-      }
-    }
-  }
-  if (!opts.allowNoTenant) {
-    ctx.throw(403, "Tenant id not set");
-  }
-  return void 0;
-};
-
 // src/platform/index.ts
 var platform_exports = {};
 __export(platform_exports, {
@@ -61044,249 +61313,6 @@ __export(redlockImpl_exports, {
   newRedlock: () => newRedlock
 });
 var import_redlock = __toESM(require("redlock"));
-
-// src/utils/index.ts
-var utils_exports4 = {};
-__export(utils_exports4, {
-  Duration: () => Duration,
-  DurationType: () => DurationType,
-  clearCookie: () => clearCookie,
-  compare: () => compare,
-  getAppIdFromCtx: () => getAppIdFromCtx,
-  getCookie: () => getCookie,
-  hasCircularStructure: () => hasCircularStructure,
-  hash: () => hash,
-  isAudited: () => isAudited,
-  isClient: () => isClient,
-  isPublicApiRequest: () => isPublicApiRequest,
-  isServingApp: () => isServingApp,
-  isServingBuilder: () => isServingBuilder,
-  isServingBuilderPreview: () => isServingBuilderPreview,
-  isValidInternalAPIKey: () => isValidInternalAPIKey,
-  newid: () => newid,
-  openJwt: () => openJwt,
-  resolveAppUrl: () => resolveAppUrl,
-  setCookie: () => setCookie,
-  timeout: () => timeout,
-  validEmail: () => validEmail
-});
-
-// src/utils/hashing.ts
-var bcrypt = environment_default.JS_BCRYPT ? require("bcryptjs") : require("bcrypt");
-var SALT_ROUNDS = environment_default.SALT_ROUNDS || 10;
-async function hash(data) {
-  const salt = await bcrypt.genSalt(SALT_ROUNDS);
-  return bcrypt.hash(data, salt);
-}
-async function compare(data, encrypted) {
-  return bcrypt.compare(data, encrypted);
-}
-
-// src/utils/utils.ts
-var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
-var APP_PREFIX3 = "app" /* APP */ + SEPARATOR;
-var PROD_APP_PREFIX = "/app/";
-var BUILDER_PREVIEW_PATH = "/app/preview";
-var BUILDER_PREFIX = "/builder";
-var BUILDER_APP_PREFIX = `${BUILDER_PREFIX}/app/`;
-var PUBLIC_API_PREFIX = "/api/public/v";
-function confirmAppId(possibleAppId) {
-  return possibleAppId && possibleAppId.startsWith(APP_PREFIX3) ? possibleAppId : void 0;
-}
-async function resolveAppUrl(ctx) {
-  const appUrl = ctx.path.split("/")[2];
-  let possibleAppUrl = `/${appUrl.toLowerCase()}`;
-  let tenantId = getTenantId();
-  if (!environment_default.isDev() && environment_default.MULTI_TENANCY) {
-    tenantId = getTenantIDFromCtx(ctx, {
-      includeStrategies: ["subdomain" /* SUBDOMAIN */]
-    });
-  }
-  const apps = await doInTenant(
-    tenantId,
-    () => getAllApps({ dev: false })
-  );
-  const app = apps.filter(
-    (a) => a.url && a.url.toLowerCase() === possibleAppUrl
-  )[0];
-  return app && app.appId ? app.appId : void 0;
-}
-function isServingApp(ctx) {
-  if (ctx.path.startsWith(`/${APP_PREFIX3}`)) {
-    return true;
-  }
-  return ctx.path.startsWith(PROD_APP_PREFIX);
-}
-function isServingBuilder(ctx) {
-  return ctx.path.startsWith(BUILDER_APP_PREFIX);
-}
-function isServingBuilderPreview(ctx) {
-  return ctx.path.startsWith(BUILDER_PREVIEW_PATH);
-}
-function isPublicApiRequest(ctx) {
-  return ctx.path.startsWith(PUBLIC_API_PREFIX);
-}
-async function getAppIdFromCtx(ctx) {
-  const options2 = [ctx.request.headers["x-budibase-app-id" /* APP_ID */]];
-  let appId;
-  for (let option of options2) {
-    appId = confirmAppId(option);
-    if (appId) {
-      break;
-    }
-  }
-  if (!appId && ctx.request.body && ctx.request.body.appId) {
-    appId = confirmAppId(ctx.request.body.appId);
-  }
-  const pathId = parseAppIdFromUrlPath(ctx.path);
-  if (!appId && pathId) {
-    appId = confirmAppId(pathId);
-  }
-  const isBuilderPreview = ctx.path.startsWith(BUILDER_PREVIEW_PATH);
-  const isViewingProdApp = ctx.path.startsWith(PROD_APP_PREFIX) && !isBuilderPreview;
-  if (!appId && isViewingProdApp) {
-    appId = confirmAppId(await resolveAppUrl(ctx));
-  }
-  const referer = ctx.request.headers.referer;
-  if (!appId && referer?.includes(BUILDER_APP_PREFIX)) {
-    const refererId = parseAppIdFromUrlPath(ctx.request.headers.referer);
-    appId = confirmAppId(refererId);
-  }
-  return appId;
-}
-function parseAppIdFromUrlPath(url) {
-  if (!url) {
-    return;
-  }
-  return url.split("?")[0].split("/").find((subPath) => subPath.startsWith(APP_PREFIX3));
-}
-function openJwt(token) {
-  if (!token) {
-    return void 0;
-  }
-  try {
-    return import_jsonwebtoken.default.verify(token, environment_default.JWT_SECRET);
-  } catch (e) {
-    if (environment_default.JWT_SECRET_FALLBACK) {
-      return import_jsonwebtoken.default.verify(token, environment_default.JWT_SECRET_FALLBACK);
-    } else {
-      throw e;
-    }
-  }
-}
-function isValidInternalAPIKey(apiKey) {
-  if (environment_default.INTERNAL_API_KEY && environment_default.INTERNAL_API_KEY === apiKey) {
-    return true;
-  }
-  return !!(environment_default.INTERNAL_API_KEY_FALLBACK && environment_default.INTERNAL_API_KEY_FALLBACK === apiKey);
-}
-function getCookie(ctx, name) {
-  const cookie = ctx.cookies.get(name);
-  if (!cookie) {
-    return void 0;
-  }
-  return openJwt(cookie);
-}
-function setCookie(ctx, value, name = "builder", opts = { sign: true }) {
-  if (value && opts && opts.sign) {
-    value = import_jsonwebtoken.default.sign(value, environment_default.JWT_SECRET);
-  }
-  const config = {
-    expires: MAX_VALID_DATE,
-    path: "/",
-    httpOnly: false,
-    overwrite: true
-  };
-  if (environment_default.COOKIE_DOMAIN) {
-    config.domain = environment_default.COOKIE_DOMAIN;
-  }
-  ctx.cookies.set(name, value, config);
-}
-function clearCookie(ctx, name) {
-  setCookie(ctx, null, name);
-}
-function isClient(ctx) {
-  return ctx.headers["x-budibase-type" /* TYPE */] === "client";
-}
-function timeout(timeMs) {
-  return new Promise((resolve) => setTimeout(resolve, timeMs));
-}
-function isAudited(event) {
-  return !!AuditedEventFriendlyName[event];
-}
-function hasCircularStructure(json) {
-  if (typeof json !== "object") {
-    return false;
-  }
-  try {
-    JSON.stringify(json);
-  } catch (err) {
-    if (err instanceof Error && err?.message.includes("circular structure")) {
-      return true;
-    }
-  }
-  return false;
-}
-
-// src/utils/stringUtils.ts
-function validEmail(value) {
-  return value && !!value.match(
-    /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
-  );
-}
-
-// src/utils/Duration.ts
-var DurationType = /* @__PURE__ */ ((DurationType2) => {
-  DurationType2["MILLISECONDS"] = "milliseconds";
-  DurationType2["SECONDS"] = "seconds";
-  DurationType2["MINUTES"] = "minutes";
-  DurationType2["HOURS"] = "hours";
-  DurationType2["DAYS"] = "days";
-  return DurationType2;
-})(DurationType || {});
-var conversion = {
-  milliseconds: 1,
-  seconds: 1e3,
-  minutes: 60 * 1e3,
-  hours: 60 * 60 * 1e3,
-  days: 24 * 60 * 60 * 1e3
-};
-var Duration = class _Duration {
-  static convert(from, to, duration) {
-    const milliseconds = duration * conversion[from];
-    return milliseconds / conversion[to];
-  }
-  static from(from, duration) {
-    return {
-      to: (to) => {
-        return _Duration.convert(from, to, duration);
-      },
-      toMs: () => {
-        return _Duration.convert(from, "milliseconds" /* MILLISECONDS */, duration);
-      },
-      toSeconds: () => {
-        return _Duration.convert(from, "seconds" /* SECONDS */, duration);
-      }
-    };
-  }
-  static fromSeconds(duration) {
-    return _Duration.from("seconds" /* SECONDS */, duration);
-  }
-  static fromMinutes(duration) {
-    return _Duration.from("minutes" /* MINUTES */, duration);
-  }
-  static fromHours(duration) {
-    return _Duration.from("hours" /* HOURS */, duration);
-  }
-  static fromDays(duration) {
-    return _Duration.from("days" /* DAYS */, duration);
-  }
-  static fromMilliseconds(duration) {
-    return _Duration.from("milliseconds" /* MILLISECONDS */, duration);
-  }
-};
-
-// src/redis/redlockImpl.ts
 async function getClient(type, opts) {
   if (type === "custom" /* CUSTOM */) {
     return newRedlock(opts);
@@ -66198,6 +66224,9 @@ async function getSCIMConfig() {
   const config = await getConfig("scim" /* SCIM */);
   return config?.config;
 }
+async function getAIConfig() {
+  return getConfig("ai" /* AI */);
+}
 
 // src/migrations/index.ts
 var migrations_exports = {};
@@ -67984,9 +68013,17 @@ var SqlTableQueryBuilder = class {
   constructor(client) {
     this.sqlClient = client;
   }
-  getSqlClient() {
+  getBaseSqlClient() {
     return this.sqlClient;
   }
+  getSqlClient() {
+    return this.extendedSqlClient || this.sqlClient;
+  }
+  // if working in a database like MySQL with many variants (MariaDB)
+  // we can set another client which overrides the base one
+  setExtendedSqlClient(client) {
+    this.extendedSqlClient = client;
+  }
   /**
    * @param json the input JSON structure from which an SQL query will be built.
    * @return the operation that was found in the JSON.
@@ -68138,6 +68175,7 @@ var InternalBuilder = class {
         return `"${str}"`;
       case "mssql" /* MS_SQL */:
         return `[${str}]`;
+      case "mariadb" /* MARIADB */:
       case "mysql2" /* MY_SQL */:
         return `\`${str}\``;
     }
@@ -68445,7 +68483,7 @@ var InternalBuilder = class {
             )}${wrap}, FALSE)`
           );
         });
-      } else if (this.client === "mysql2" /* MY_SQL */) {
+      } else if (this.client === "mysql2" /* MY_SQL */ || this.client === "mariadb" /* MARIADB */) {
         const jsonFnc = any ? "JSON_OVERLAPS" : "JSON_CONTAINS";
         iterate(mode, (q2, key, value) => {
           return q2[rawFnc](
@@ -68748,7 +68786,7 @@ var InternalBuilder = class {
         continue;
       }
       const relatedTable = meta.tables?.[toTable];
-      const toAlias = aliases?.[toTable] || toTable, fromAlias = aliases?.[fromTable] || fromTable;
+      const toAlias = aliases?.[toTable] || toTable, fromAlias = aliases?.[fromTable] || fromTable, throughAlias = throughTable && aliases?.[throughTable] || throughTable;
       let toTableWithSchema = this.tableNameWithSchema(toTable, {
         alias: toAlias,
         schema: endpoint.schema
@@ -68767,29 +68805,25 @@ var InternalBuilder = class {
       );
       const fieldList = relationshipFields.map((field) => this.buildJsonField(field)).join(",");
       const primaryKey = `${toAlias}.${toPrimary || toKey}`;
-      let subQuery = knex3.from(toTableWithSchema).limit(getRelationshipLimit()).orderBy(primaryKey);
-      if (throughTable && toPrimary && fromPrimary) {
-        const throughAlias = aliases?.[throughTable] || throughTable;
+      let subQuery = knex3.from(toTableWithSchema).orderBy(primaryKey);
+      const isManyToMany = throughTable && toPrimary && fromPrimary;
+      let correlatedTo = isManyToMany ? `${throughAlias}.${fromKey}` : `${toAlias}.${toKey}`, correlatedFrom = isManyToMany ? `${fromAlias}.${fromPrimary}` : `${fromAlias}.${fromKey}`;
+      if (isManyToMany) {
         let throughTableWithSchema = this.tableNameWithSchema(throughTable, {
           alias: throughAlias,
           schema: endpoint.schema
         });
         subQuery = subQuery.join(throughTableWithSchema, function() {
           this.on(`${toAlias}.${toPrimary}`, "=", `${throughAlias}.${toKey}`);
-        }).where(
-          `${throughAlias}.${fromKey}`,
-          "=",
-          knex3.raw(this.quotedIdentifier(`${fromAlias}.${fromPrimary}`))
-        );
-      } else {
-        subQuery = subQuery.where(
-          `${toAlias}.${toKey}`,
-          "=",
-          knex3.raw(this.quotedIdentifier(`${fromAlias}.${fromKey}`))
-        );
+        });
       }
+      subQuery = subQuery.where(
+        correlatedTo,
+        "=",
+        knex3.raw(this.quotedIdentifier(correlatedFrom))
+      );
       const standardWrap = (select) => {
-        subQuery = subQuery.select(`${toAlias}.*`);
+        subQuery = subQuery.select(`${toAlias}.*`).limit(getRelationshipLimit());
         return knex3.select(knex3.raw(select)).from({
           [toAlias]: subQuery
         });
@@ -68807,11 +68841,14 @@ var InternalBuilder = class {
             `json_agg(json_build_object(${fieldList}))`
           );
           break;
-        case "mysql2" /* MY_SQL */:
+        case "mariadb" /* MARIADB */:
           wrapperQuery = subQuery.select(
-            knex3.raw(`json_arrayagg(json_object(${fieldList}))`)
+            knex3.raw(
+              `json_arrayagg(json_object(${fieldList}) LIMIT ${getRelationshipLimit()})`
+            )
           );
           break;
+        case "mysql2" /* MY_SQL */:
         case "oracledb" /* ORACLE */:
           wrapperQuery = standardWrap(
             `json_arrayagg(json_object(${fieldList}))`
@@ -68820,7 +68857,7 @@ var InternalBuilder = class {
         case "mssql" /* MS_SQL */:
           wrapperQuery = knex3.raw(
             `(SELECT ${this.quote(toAlias)} = (${knex3.select(`${fromAlias}.*`).from({
-              [fromAlias]: subQuery.select(`${toAlias}.*`)
+              [fromAlias]: subQuery.select(`${toAlias}.*`).limit(getRelationshipLimit())
             })} FOR JSON PATH))`
           );
           break;
@@ -68931,7 +68968,7 @@ var InternalBuilder = class {
       return query;
     }
     const parsedBody = body2.map((row) => this.parseBody(row));
-    if (this.client === "pg" /* POSTGRES */ || this.client === "sqlite3" /* SQL_LITE */ || this.client === "mysql2" /* MY_SQL */) {
+    if (this.client === "pg" /* POSTGRES */ || this.client === "sqlite3" /* SQL_LITE */ || this.client === "mysql2" /* MY_SQL */ || this.client === "mariadb" /* MARIADB */) {
       const primary = this.table.primary;
       if (!primary) {
         throw new Error("Primary key is required for upsert");
@@ -69035,7 +69072,7 @@ var SqlQueryBuilder = class extends sqlTable_default {
   _query(json, opts = {}) {
     const sqlClient = this.getSqlClient();
     const config = {
-      client: sqlClient
+      client: this.getBaseSqlClient()
     };
     if (sqlClient === "sqlite3" /* SQL_LITE */ || sqlClient === "oracledb" /* ORACLE */) {
       config.useNullAsDefault = true;
@@ -69137,7 +69174,7 @@ var SqlQueryBuilder = class extends sqlTable_default {
       let id;
       if (sqlClient === "mssql" /* MS_SQL */) {
         id = results?.[0].id;
-      } else if (sqlClient === "mysql2" /* MY_SQL */) {
+      } else if (sqlClient === "mysql2" /* MY_SQL */ || sqlClient === "mariadb" /* MARIADB */) {
         id = results?.insertId;
       }
       row = processFn(