@budibase/backend-core 2.9.38 → 2.9.39-alpha.1

package/dist/src/middleware/passport/sso/tests/sso.spec.js

@@ -0,0 +1,167 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var import_tests = require("../../../../../tests");
+var import_extra = require("../../../../../tests/extra");
+var import_errors = require("../../../../errors");
+var sso = __toESM(require("../sso"));
+var context = __toESM(require("../../../../context"));
+var _users = __toESM(require("../../../../users"));
+const mockDone = jest.fn();
+const mockSaveUser = jest.fn();
+jest.mock("../../../../users");
+const users = jest.mocked(_users);
+const getErrorMessage = () => {
+  return mockDone.mock.calls[0][2].message;
+};
+describe("sso", () => {
+  describe("authenticate", () => {
+    beforeEach(() => {
+      jest.clearAllMocks();
+      import_extra.testEnv.singleTenant();
+    });
+    describe("validation", () => {
+      const testValidation = async (details, message) => {
+        await sso.authenticate(details, false, mockDone, mockSaveUser);
+        expect(mockDone.mock.calls.length).toBe(1);
+        expect(getErrorMessage()).toContain(message);
+      };
+      it("user id fails", async () => {
+        const details = import_tests.structures.sso.authDetails();
+        details.userId = void 0;
+        await testValidation(details, "sso user id required");
+      });
+      it("email fails", async () => {
+        const details = import_tests.structures.sso.authDetails();
+        details.email = void 0;
+        await testValidation(details, "sso user email required");
+      });
+    });
+    function mockGetProfilePicture() {
+      import_tests.mocks.fetch.mockReturnValueOnce(
+        Promise.resolve({
+          status: 200,
+          headers: { get: () => "image/" }
+        })
+      );
+    }
+    describe("when the user doesn't exist", () => {
+      let user;
+      let details;
+      beforeEach(() => {
+        users.getById.mockImplementationOnce(() => {
+          throw new import_errors.HTTPError("", 404);
+        });
+        mockGetProfilePicture();
+        user = import_tests.structures.users.user();
+        delete user._rev;
+        delete user._id;
+        details = import_tests.structures.sso.authDetails(user);
+        details.userId = import_tests.structures.uuid();
+      });
+      describe("when a local account is required", () => {
+        it("returns an error message", async () => {
+          const details2 = import_tests.structures.sso.authDetails();
+          await sso.authenticate(details2, true, mockDone, mockSaveUser);
+          expect(mockDone.mock.calls.length).toBe(1);
+          expect(getErrorMessage()).toContain(
+            "Email does not yet exist. You must set up your local budibase account first."
+          );
+        });
+      });
+      describe("when a local account isn't required", () => {
+        it("creates and authenticates the user", async () => {
+          const ssoUser = import_tests.structures.users.ssoUser({ user, details });
+          mockSaveUser.mockReturnValueOnce(ssoUser);
+          await sso.authenticate(details, false, mockDone, mockSaveUser);
+          ssoUser.roles = {};
+          ssoUser._id = "us_" + details.userId;
+          delete ssoUser.password;
+          delete ssoUser._rev;
+          ssoUser.tenantId = context.getTenantId();
+          expect(mockSaveUser).toBeCalledWith(ssoUser, {
+            hashPassword: false,
+            requirePassword: false
+          });
+          expect(mockDone).toBeCalledWith(null, ssoUser);
+        });
+      });
+    });
+    describe("when the user exists", () => {
+      let existingUser;
+      let details;
+      beforeEach(() => {
+        existingUser = import_tests.structures.users.user();
+        existingUser._id = import_tests.structures.uuid();
+        details = import_tests.structures.sso.authDetails(existingUser);
+        mockGetProfilePicture();
+      });
+      describe("exists by email", () => {
+        beforeEach(() => {
+          users.getById.mockImplementationOnce(() => {
+            throw new import_errors.HTTPError("", 404);
+          });
+          users.getGlobalUserByEmail.mockReturnValueOnce(
+            Promise.resolve(existingUser)
+          );
+        });
+        it("syncs and authenticates the user", async () => {
+          const ssoUser = import_tests.structures.users.ssoUser({
+            user: existingUser,
+            details
+          });
+          mockSaveUser.mockReturnValueOnce(ssoUser);
+          await sso.authenticate(details, true, mockDone, mockSaveUser);
+          ssoUser.roles = existingUser.roles;
+          ssoUser._id = existingUser._id;
+          expect(mockSaveUser).toBeCalledWith(ssoUser, {
+            hashPassword: false,
+            requirePassword: false
+          });
+          expect(mockDone).toBeCalledWith(null, ssoUser);
+        });
+      });
+      describe("exists by id", () => {
+        beforeEach(() => {
+          users.getById.mockReturnValueOnce(Promise.resolve(existingUser));
+        });
+        it("syncs and authenticates the user", async () => {
+          const ssoUser = import_tests.structures.users.ssoUser({
+            user: existingUser,
+            details
+          });
+          mockSaveUser.mockReturnValueOnce(ssoUser);
+          await sso.authenticate(details, true, mockDone, mockSaveUser);
+          ssoUser.roles = existingUser.roles;
+          ssoUser._id = existingUser._id;
+          expect(mockSaveUser).toBeCalledWith(ssoUser, {
+            hashPassword: false,
+            requirePassword: false
+          });
+          expect(mockDone).toBeCalledWith(null, ssoUser);
+        });
+      });
+    });
+  });
+});
+//# sourceMappingURL=sso.spec.js.map

package/dist/src/middleware/passport/sso/tests/sso.spec.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../../../src/middleware/passport/sso/tests/sso.spec.ts"],
+  "sourcesContent": ["import { structures, mocks } from \"../../../../../tests\"\nimport { testEnv } from \"../../../../../tests/extra\"\nimport { SSOAuthDetails, User } from \"@budibase/types\"\n\nimport { HTTPError } from \"../../../../errors\"\nimport * as sso from \"../sso\"\nimport * as context from \"../../../../context\"\n\nconst mockDone = jest.fn()\nconst mockSaveUser = jest.fn()\n\njest.mock(\"../../../../users\")\nimport * as _users from \"../../../../users\"\nconst users = jest.mocked(_users)\n\nconst getErrorMessage = () => {\n  return mockDone.mock.calls[0][2].message\n}\n\ndescribe(\"sso\", () => {\n  describe(\"authenticate\", () => {\n    beforeEach(() => {\n      jest.clearAllMocks()\n      testEnv.singleTenant()\n    })\n\n    describe(\"validation\", () => {\n      const testValidation = async (\n        details: SSOAuthDetails,\n        message: string\n      ) => {\n        await sso.authenticate(details, false, mockDone, mockSaveUser)\n\n        expect(mockDone.mock.calls.length).toBe(1)\n        expect(getErrorMessage()).toContain(message)\n      }\n\n      it(\"user id fails\", async () => {\n        const details = structures.sso.authDetails()\n        details.userId = undefined!\n\n        await testValidation(details, \"sso user id required\")\n      })\n\n      it(\"email fails\", async () => {\n        const details = structures.sso.authDetails()\n        details.email = undefined!\n\n        await testValidation(details, \"sso user email required\")\n      })\n    })\n\n    function mockGetProfilePicture() {\n      mocks.fetch.mockReturnValueOnce(\n        Promise.resolve({\n          status: 200,\n          headers: { get: () => \"image/\" },\n        })\n      )\n    }\n\n    describe(\"when the user doesn't exist\", () => {\n      let user: User\n      let details: SSOAuthDetails\n\n      beforeEach(() => {\n        users.getById.mockImplementationOnce(() => {\n          throw new HTTPError(\"\", 404)\n        })\n        mockGetProfilePicture()\n\n        user = structures.users.user()\n        delete user._rev\n        delete user._id\n\n        details = structures.sso.authDetails(user)\n        details.userId = structures.uuid()\n      })\n\n      describe(\"when a local account is required\", () => {\n        it(\"returns an error message\", async () => {\n          const details = structures.sso.authDetails()\n\n          await sso.authenticate(details, true, mockDone, mockSaveUser)\n\n          expect(mockDone.mock.calls.length).toBe(1)\n          expect(getErrorMessage()).toContain(\n            \"Email does not yet exist. You must set up your local budibase account first.\"\n          )\n        })\n      })\n\n      describe(\"when a local account isn't required\", () => {\n        it(\"creates and authenticates the user\", async () => {\n          const ssoUser = structures.users.ssoUser({ user, details })\n          mockSaveUser.mockReturnValueOnce(ssoUser)\n\n          await sso.authenticate(details, false, mockDone, mockSaveUser)\n\n          // default roles for new user\n          ssoUser.roles = {}\n\n          // modified external id to match user format\n          ssoUser._id = \"us_\" + details.userId\n\n          // new sso user won't have a password\n          delete ssoUser.password\n\n          // new user isn't saved with rev\n          delete ssoUser._rev\n\n          // tenant id added\n          ssoUser.tenantId = context.getTenantId()\n\n          expect(mockSaveUser).toBeCalledWith(ssoUser, {\n            hashPassword: false,\n            requirePassword: false,\n          })\n          expect(mockDone).toBeCalledWith(null, ssoUser)\n        })\n      })\n    })\n\n    describe(\"when the user exists\", () => {\n      let existingUser: User\n      let details: SSOAuthDetails\n\n      beforeEach(() => {\n        existingUser = structures.users.user()\n        existingUser._id = structures.uuid()\n        details = structures.sso.authDetails(existingUser)\n        mockGetProfilePicture()\n      })\n\n      describe(\"exists by email\", () => {\n        beforeEach(() => {\n          users.getById.mockImplementationOnce(() => {\n            throw new HTTPError(\"\", 404)\n          })\n          users.getGlobalUserByEmail.mockReturnValueOnce(\n            Promise.resolve(existingUser)\n          )\n        })\n\n        it(\"syncs and authenticates the user\", async () => {\n          const ssoUser = structures.users.ssoUser({\n            user: existingUser,\n            details,\n          })\n          mockSaveUser.mockReturnValueOnce(ssoUser)\n\n          await sso.authenticate(details, true, mockDone, mockSaveUser)\n\n          // roles preserved\n          ssoUser.roles = existingUser.roles\n\n          // existing id preserved\n          ssoUser._id = existingUser._id\n\n          expect(mockSaveUser).toBeCalledWith(ssoUser, {\n            hashPassword: false,\n            requirePassword: false,\n          })\n          expect(mockDone).toBeCalledWith(null, ssoUser)\n        })\n      })\n\n      describe(\"exists by id\", () => {\n        beforeEach(() => {\n          users.getById.mockReturnValueOnce(Promise.resolve(existingUser))\n        })\n\n        it(\"syncs and authenticates the user\", async () => {\n          const ssoUser = structures.users.ssoUser({\n            user: existingUser,\n            details,\n          })\n          mockSaveUser.mockReturnValueOnce(ssoUser)\n\n          await sso.authenticate(details, true, mockDone, mockSaveUser)\n\n          // roles preserved\n          ssoUser.roles = existingUser.roles\n\n          // existing id preserved\n          ssoUser._id = existingUser._id\n\n          expect(mockSaveUser).toBeCalledWith(ssoUser, {\n            hashPassword: false,\n            requirePassword: false,\n          })\n          expect(mockDone).toBeCalledWith(null, ssoUser)\n        })\n      })\n    })\n  })\n})\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;AAAA,mBAAkC;AAClC,mBAAwB;AAGxB,oBAA0B;AAC1B,UAAqB;AACrB,cAAyB;AAMzB,aAAwB;AAJxB,MAAM,WAAW,KAAK,GAAG;AACzB,MAAM,eAAe,KAAK,GAAG;AAE7B,KAAK,KAAK,mBAAmB;AAE7B,MAAM,QAAQ,KAAK,OAAO,MAAM;AAEhC,MAAM,kBAAkB,MAAM;AAC5B,SAAO,SAAS,KAAK,MAAM,CAAC,EAAE,CAAC,EAAE;AACnC;AAEA,SAAS,OAAO,MAAM;AACpB,WAAS,gBAAgB,MAAM;AAC7B,eAAW,MAAM;AACf,WAAK,cAAc;AACnB,2BAAQ,aAAa;AAAA,IACvB,CAAC;AAED,aAAS,cAAc,MAAM;AAC3B,YAAM,iBAAiB,OACrB,SACA,YACG;AACH,cAAM,IAAI,aAAa,SAAS,OAAO,UAAU,YAAY;AAE7D,eAAO,SAAS,KAAK,MAAM,MAAM,EAAE,KAAK,CAAC;AACzC,eAAO,gBAAgB,CAAC,EAAE,UAAU,OAAO;AAAA,MAC7C;AAEA,SAAG,iBAAiB,YAAY;AAC9B,cAAM,UAAU,wBAAW,IAAI,YAAY;AAC3C,gBAAQ,SAAS;AAEjB,cAAM,eAAe,SAAS,sBAAsB;AAAA,MACtD,CAAC;AAED,SAAG,eAAe,YAAY;AAC5B,cAAM,UAAU,wBAAW,IAAI,YAAY;AAC3C,gBAAQ,QAAQ;AAEhB,cAAM,eAAe,SAAS,yBAAyB;AAAA,MACzD,CAAC;AAAA,IACH,CAAC;AAED,aAAS,wBAAwB;AAC/B,yBAAM,MAAM;AAAA,QACV,QAAQ,QAAQ;AAAA,UACd,QAAQ;AAAA,UACR,SAAS,EAAE,KAAK,MAAM,SAAS;AAAA,QACjC,CAAC;AAAA,MACH;AAAA,IACF;AAEA,aAAS,+BAA+B,MAAM;AAC5C,UAAI;AACJ,UAAI;AAEJ,iBAAW,MAAM;AACf,cAAM,QAAQ,uBAAuB,MAAM;AACzC,gBAAM,IAAI,wBAAU,IAAI,GAAG;AAAA,QAC7B,CAAC;AACD,8BAAsB;AAEtB,eAAO,wBAAW,MAAM,KAAK;AAC7B,eAAO,KAAK;AACZ,eAAO,KAAK;AAEZ,kBAAU,wBAAW,IAAI,YAAY,IAAI;AACzC,gBAAQ,SAAS,wBAAW,KAAK;AAAA,MACnC,CAAC;AAED,eAAS,oCAAoC,MAAM;AACjD,WAAG,4BAA4B,YAAY;AACzC,gBAAMA,WAAU,wBAAW,IAAI,YAAY;AAE3C,gBAAM,IAAI,aAAaA,UAAS,MAAM,UAAU,YAAY;AAE5D,iBAAO,SAAS,KAAK,MAAM,MAAM,EAAE,KAAK,CAAC;AACzC,iBAAO,gBAAgB,CAAC,EAAE;AAAA,YACxB;AAAA,UACF;AAAA,QACF,CAAC;AAAA,MACH,CAAC;AAED,eAAS,uCAAuC,MAAM;AACpD,WAAG,sCAAsC,YAAY;AACnD,gBAAM,UAAU,wBAAW,MAAM,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAC1D,uBAAa,oBAAoB,OAAO;AAExC,gBAAM,IAAI,aAAa,SAAS,OAAO,UAAU,YAAY;AAG7D,kBAAQ,QAAQ,CAAC;AAGjB,kBAAQ,MAAM,QAAQ,QAAQ;AAG9B,iBAAO,QAAQ;AAGf,iBAAO,QAAQ;AAGf,kBAAQ,WAAW,QAAQ,YAAY;AAEvC,iBAAO,YAAY,EAAE,eAAe,SAAS;AAAA,YAC3C,cAAc;AAAA,YACd,iBAAiB;AAAA,UACnB,CAAC;AACD,iBAAO,QAAQ,EAAE,eAAe,MAAM,OAAO;AAAA,QAC/C,CAAC;AAAA,MACH,CAAC;AAAA,IACH,CAAC;AAED,aAAS,wBAAwB,MAAM;AACrC,UAAI;AACJ,UAAI;AAEJ,iBAAW,MAAM;AACf,uBAAe,wBAAW,MAAM,KAAK;AACrC,qBAAa,MAAM,wBAAW,KAAK;AACnC,kBAAU,wBAAW,IAAI,YAAY,YAAY;AACjD,8BAAsB;AAAA,MACxB,CAAC;AAED,eAAS,mBAAmB,MAAM;AAChC,mBAAW,MAAM;AACf,gBAAM,QAAQ,uBAAuB,MAAM;AACzC,kBAAM,IAAI,wBAAU,IAAI,GAAG;AAAA,UAC7B,CAAC;AACD,gBAAM,qBAAqB;AAAA,YACzB,QAAQ,QAAQ,YAAY;AAAA,UAC9B;AAAA,QACF,CAAC;AAED,WAAG,oCAAoC,YAAY;AACjD,gBAAM,UAAU,wBAAW,MAAM,QAAQ;AAAA,YACvC,MAAM;AAAA,YACN;AAAA,UACF,CAAC;AACD,uBAAa,oBAAoB,OAAO;AAExC,gBAAM,IAAI,aAAa,SAAS,MAAM,UAAU,YAAY;AAG5D,kBAAQ,QAAQ,aAAa;AAG7B,kBAAQ,MAAM,aAAa;AAE3B,iBAAO,YAAY,EAAE,eAAe,SAAS;AAAA,YAC3C,cAAc;AAAA,YACd,iBAAiB;AAAA,UACnB,CAAC;AACD,iBAAO,QAAQ,EAAE,eAAe,MAAM,OAAO;AAAA,QAC/C,CAAC;AAAA,MACH,CAAC;AAED,eAAS,gBAAgB,MAAM;AAC7B,mBAAW,MAAM;AACf,gBAAM,QAAQ,oBAAoB,QAAQ,QAAQ,YAAY,CAAC;AAAA,QACjE,CAAC;AAED,WAAG,oCAAoC,YAAY;AACjD,gBAAM,UAAU,wBAAW,MAAM,QAAQ;AAAA,YACvC,MAAM;AAAA,YACN;AAAA,UACF,CAAC;AACD,uBAAa,oBAAoB,OAAO;AAExC,gBAAM,IAAI,aAAa,SAAS,MAAM,UAAU,YAAY;AAG5D,kBAAQ,QAAQ,aAAa;AAG7B,kBAAQ,MAAM,aAAa;AAE3B,iBAAO,YAAY,EAAE,eAAe,SAAS;AAAA,YAC3C,cAAc;AAAA,YACd,iBAAiB;AAAA,UACnB,CAAC;AACD,iBAAO,QAAQ,EAAE,eAAe,MAAM,OAAO;AAAA,QAC/C,CAAC;AAAA,MACH,CAAC;AAAA,IACH,CAAC;AAAA,EACH,CAAC;AACH,CAAC;",
+  "names": ["details"]
+}

package/dist/src/middleware/passport/utils.js

@@ -0,0 +1,62 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var utils_exports = {};
+__export(utils_exports, {
+  authError: () => authError,
+  ssoCallbackUrl: () => ssoCallbackUrl
+});
+module.exports = __toCommonJS(utils_exports);
+var import_context = require("../../context");
+var configs = __toESM(require("../../configs"));
+function authError(done, message, err) {
+  return done(
+    err,
+    null,
+    // never return a user
+    { message }
+  );
+}
+async function ssoCallbackUrl(type, config) {
+  if (config && config.callbackURL) {
+    return config.callbackURL;
+  }
+  const settingsConfig = await configs.getSettingsConfig();
+  let callbackUrl = `/api/global/auth`;
+  if ((0, import_context.isMultiTenant)()) {
+    callbackUrl += `/${(0, import_context.getTenantId)()}`;
+  }
+  callbackUrl += `/${type}/callback`;
+  return `${settingsConfig.platformUrl}${callbackUrl}`;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  authError,
+  ssoCallbackUrl
+});
+//# sourceMappingURL=utils.js.map

package/dist/src/middleware/passport/utils.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/middleware/passport/utils.ts"],
+  "sourcesContent": ["import { getTenantId, isMultiTenant } from \"../../context\"\nimport * as configs from \"../../configs\"\nimport { ConfigType, GoogleInnerConfig } from \"@budibase/types\"\n\n/**\n * Utility to handle authentication errors.\n *\n * @param {*} done The passport callback.\n * @param {*} message Message that will be returned in the response body\n * @param {*} err (Optional) error that will be logged\n */\n\nexport function authError(done: Function, message: string, err?: any) {\n  return done(\n    err,\n    null, // never return a user\n    { message: message }\n  )\n}\n\nexport async function ssoCallbackUrl(\n  type: ConfigType,\n  config?: GoogleInnerConfig\n) {\n  // incase there is a callback URL from before\n  if (config && (config as GoogleInnerConfig).callbackURL) {\n    return (config as GoogleInnerConfig).callbackURL as string\n  }\n  const settingsConfig = await configs.getSettingsConfig()\n\n  let callbackUrl = `/api/global/auth`\n  if (isMultiTenant()) {\n    callbackUrl += `/${getTenantId()}`\n  }\n  callbackUrl += `/${type}/callback`\n\n  return `${settingsConfig.platformUrl}${callbackUrl}`\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qBAA2C;AAC3C,cAAyB;AAWlB,SAAS,UAAU,MAAgB,SAAiB,KAAW;AACpE,SAAO;AAAA,IACL;AAAA,IACA;AAAA;AAAA,IACA,EAAE,QAAiB;AAAA,EACrB;AACF;AAEA,eAAsB,eACpB,MACA,QACA;AAEA,MAAI,UAAW,OAA6B,aAAa;AACvD,WAAQ,OAA6B;AAAA,EACvC;AACA,QAAM,iBAAiB,MAAM,QAAQ,kBAAkB;AAEvD,MAAI,cAAc;AAClB,UAAI,8BAAc,GAAG;AACnB,mBAAe,QAAI,4BAAY,CAAC;AAAA,EAClC;AACA,iBAAe,IAAI,IAAI;AAEvB,SAAO,GAAG,eAAe,WAAW,GAAG,WAAW;AACpD;",
+  "names": []
+}

package/dist/src/middleware/querystringToBody.js

@@ -0,0 +1,45 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var querystringToBody_exports = {};
+__export(querystringToBody_exports, {
+  default: () => querystringToBody_default
+});
+module.exports = __toCommonJS(querystringToBody_exports);
+function querystringToBody_default(ctx, next) {
+  const queryString = ctx.request.query?.query;
+  if (ctx.request.method.toLowerCase() !== "get") {
+    ctx.throw(
+      500,
+      "Query to download middleware can only be used for get requests."
+    );
+  }
+  if (!queryString) {
+    return next();
+  }
+  const decoded = decodeURIComponent(queryString);
+  let json;
+  try {
+    json = JSON.parse(decoded);
+  } catch (err) {
+    return next();
+  }
+  ctx.request.body = json;
+  return next();
+}
+//# sourceMappingURL=querystringToBody.js.map

package/dist/src/middleware/querystringToBody.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/middleware/querystringToBody.ts"],
+  "sourcesContent": ["import { Ctx } from \"@budibase/types\"\n\n/**\n * Expects a standard \"query\" query string property which is the JSON body\n * of the request, which has to be sent via query string due to the requirement\n * of making an endpoint a GET request e.g. downloading a file stream.\n */\nexport default function (ctx: Ctx, next: any) {\n  const queryString = ctx.request.query?.query as string | undefined\n  if (ctx.request.method.toLowerCase() !== \"get\") {\n    ctx.throw(\n      500,\n      \"Query to download middleware can only be used for get requests.\"\n    )\n  }\n  if (!queryString) {\n    return next()\n  }\n  const decoded = decodeURIComponent(queryString)\n  let json\n  try {\n    json = JSON.parse(decoded)\n  } catch (err) {\n    return next()\n  }\n  ctx.request.body = json\n  return next()\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAOe,SAAR,0BAAkB,KAAU,MAAW;AAC5C,QAAM,cAAc,IAAI,QAAQ,OAAO;AACvC,MAAI,IAAI,QAAQ,OAAO,YAAY,MAAM,OAAO;AAC9C,QAAI;AAAA,MACF;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACA,MAAI,CAAC,aAAa;AAChB,WAAO,KAAK;AAAA,EACd;AACA,QAAM,UAAU,mBAAmB,WAAW;AAC9C,MAAI;AACJ,MAAI;AACF,WAAO,KAAK,MAAM,OAAO;AAAA,EAC3B,SAAS,KAAK;AACZ,WAAO,KAAK;AAAA,EACd;AACA,MAAI,QAAQ,OAAO;AACnB,SAAO,KAAK;AACd;",
+  "names": []
+}

package/dist/src/middleware/tenancy.js

@@ -0,0 +1,46 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var tenancy_exports = {};
+__export(tenancy_exports, {
+  default: () => tenancy_default
+});
+module.exports = __toCommonJS(tenancy_exports);
+var import_context = require("../context");
+var import_tenancy = require("../tenancy");
+var import_matchers = require("./matchers");
+var import_constants = require("../constants");
+var import_types = require("@budibase/types");
+function tenancy_default(allowQueryStringPatterns, noTenancyPatterns, opts = { noTenancyRequired: false }) {
+  const allowQsOptions = (0, import_matchers.buildMatcherRegex)(allowQueryStringPatterns);
+  const noTenancyOptions = (0, import_matchers.buildMatcherRegex)(noTenancyPatterns);
+  return async function(ctx, next) {
+    const allowNoTenant = opts.noTenancyRequired || !!(0, import_matchers.matches)(ctx, noTenancyOptions);
+    const tenantOpts = {
+      allowNoTenant
+    };
+    const allowQs = !!(0, import_matchers.matches)(ctx, allowQsOptions);
+    if (!allowQs) {
+      tenantOpts.excludeStrategies = [import_types.TenantResolutionStrategy.QUERY];
+    }
+    const tenantId = (0, import_tenancy.getTenantIDFromCtx)(ctx, tenantOpts);
+    ctx.set(import_constants.Header.TENANT_ID, tenantId);
+    return (0, import_context.doInTenant)(tenantId, next);
+  };
+}
+//# sourceMappingURL=tenancy.js.map

package/dist/src/middleware/tenancy.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/middleware/tenancy.ts"],
+  "sourcesContent": ["import { doInTenant } from \"../context\"\nimport { getTenantIDFromCtx } from \"../tenancy\"\nimport { buildMatcherRegex, matches } from \"./matchers\"\nimport { Header } from \"../constants\"\nimport {\n  BBContext,\n  EndpointMatcher,\n  GetTenantIdOptions,\n  TenantResolutionStrategy,\n} from \"@budibase/types\"\n\nexport default function (\n  allowQueryStringPatterns: EndpointMatcher[],\n  noTenancyPatterns: EndpointMatcher[],\n  opts: { noTenancyRequired?: boolean } = { noTenancyRequired: false }\n) {\n  const allowQsOptions = buildMatcherRegex(allowQueryStringPatterns)\n  const noTenancyOptions = buildMatcherRegex(noTenancyPatterns)\n\n  return async function (ctx: BBContext | any, next: any) {\n    const allowNoTenant =\n      opts.noTenancyRequired || !!matches(ctx, noTenancyOptions)\n    const tenantOpts: GetTenantIdOptions = {\n      allowNoTenant,\n    }\n\n    const allowQs = !!matches(ctx, allowQsOptions)\n    if (!allowQs) {\n      tenantOpts.excludeStrategies = [TenantResolutionStrategy.QUERY]\n    }\n\n    const tenantId = getTenantIDFromCtx(ctx, tenantOpts)\n    ctx.set(Header.TENANT_ID, tenantId as string)\n    return doInTenant(tenantId, next)\n  }\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qBAA2B;AAC3B,qBAAmC;AACnC,sBAA2C;AAC3C,uBAAuB;AACvB,mBAKO;AAEQ,SAAR,gBACL,0BACA,mBACA,OAAwC,EAAE,mBAAmB,MAAM,GACnE;AACA,QAAM,qBAAiB,mCAAkB,wBAAwB;AACjE,QAAM,uBAAmB,mCAAkB,iBAAiB;AAE5D,SAAO,eAAgB,KAAsB,MAAW;AACtD,UAAM,gBACJ,KAAK,qBAAqB,CAAC,KAAC,yBAAQ,KAAK,gBAAgB;AAC3D,UAAM,aAAiC;AAAA,MACrC;AAAA,IACF;AAEA,UAAM,UAAU,CAAC,KAAC,yBAAQ,KAAK,cAAc;AAC7C,QAAI,CAAC,SAAS;AACZ,iBAAW,oBAAoB,CAAC,sCAAyB,KAAK;AAAA,IAChE;AAEA,UAAM,eAAW,mCAAmB,KAAK,UAAU;AACnD,QAAI,IAAI,wBAAO,WAAW,QAAkB;AAC5C,eAAO,2BAAW,UAAU,IAAI;AAAA,EAClC;AACF;",
+  "names": []
+}

package/dist/src/middleware/tests/builder.spec.js

@@ -0,0 +1,169 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var import_adminOnly = __toESM(require("../adminOnly"));
+var import_builderOnly = __toESM(require("../builderOnly"));
+var import_builderOrAdmin = __toESM(require("../builderOrAdmin"));
+var import_tests = require("../../../tests");
+var import_types = require("@budibase/types");
+var import_context = require("../../context");
+var import_environment = __toESM(require("../../environment"));
+import_environment.default._set("SERVICE_TYPE", import_types.ServiceType.APPS);
+const appId = "app_aaa";
+const basicUser = import_tests.structures.users.user();
+const adminUser = import_tests.structures.users.adminUser();
+const adminOnlyUser = import_tests.structures.users.adminOnlyUser();
+const builderUser = import_tests.structures.users.builderUser();
+const appBuilderUser = import_tests.structures.users.appBuilderUser(appId);
+function buildUserCtx(user) {
+  return {
+    internal: false,
+    user,
+    throw: jest.fn()
+  };
+}
+function passed(throwFn, nextFn) {
+  expect(throwFn).not.toBeCalled();
+  expect(nextFn).toBeCalled();
+}
+function threw(throwFn) {
+  expect(throwFn).toBeCalled();
+}
+describe("adminOnly middleware", () => {
+  it("should allow admin user", () => {
+    const ctx = buildUserCtx(adminUser), next = jest.fn();
+    (0, import_adminOnly.default)(ctx, next);
+    passed(ctx.throw, next);
+  });
+  it("should not allow basic user", () => {
+    const ctx = buildUserCtx(basicUser), next = jest.fn();
+    (0, import_adminOnly.default)(ctx, next);
+    threw(ctx.throw);
+  });
+  it("should not allow builder user", () => {
+    const ctx = buildUserCtx(builderUser), next = jest.fn();
+    (0, import_adminOnly.default)(ctx, next);
+    threw(ctx.throw);
+  });
+});
+describe("builderOnly middleware", () => {
+  it("should allow builder user", () => {
+    const ctx = buildUserCtx(builderUser), next = jest.fn();
+    (0, import_builderOnly.default)(ctx, next);
+    passed(ctx.throw, next);
+  });
+  it("should allow app builder user", () => {
+    const ctx = buildUserCtx(appBuilderUser), next = jest.fn();
+    (0, import_context.doInAppContext)(appId, () => {
+      (0, import_builderOnly.default)(ctx, next);
+    });
+    passed(ctx.throw, next);
+  });
+  it("should allow admin and builder user", () => {
+    const ctx = buildUserCtx(adminUser), next = jest.fn();
+    (0, import_builderOnly.default)(ctx, next);
+    passed(ctx.throw, next);
+  });
+  it("should not allow admin user", () => {
+    const ctx = buildUserCtx(adminOnlyUser), next = jest.fn();
+    (0, import_builderOnly.default)(ctx, next);
+    threw(ctx.throw);
+  });
+  it("should not allow app builder user to different app", () => {
+    const ctx = buildUserCtx(appBuilderUser), next = jest.fn();
+    (0, import_context.doInAppContext)("app_bbb", () => {
+      (0, import_builderOnly.default)(ctx, next);
+    });
+    threw(ctx.throw);
+  });
+  it("should not allow basic user", () => {
+    const ctx = buildUserCtx(basicUser), next = jest.fn();
+    (0, import_builderOnly.default)(ctx, next);
+    threw(ctx.throw);
+  });
+});
+describe("builderOrAdmin middleware", () => {
+  it("should allow builder user", () => {
+    const ctx = buildUserCtx(builderUser), next = jest.fn();
+    (0, import_builderOrAdmin.default)(ctx, next);
+    passed(ctx.throw, next);
+  });
+  it("should allow builder and admin user", () => {
+    const ctx = buildUserCtx(adminUser), next = jest.fn();
+    (0, import_builderOrAdmin.default)(ctx, next);
+    passed(ctx.throw, next);
+  });
+  it("should allow admin user", () => {
+    const ctx = buildUserCtx(adminOnlyUser), next = jest.fn();
+    (0, import_builderOrAdmin.default)(ctx, next);
+    passed(ctx.throw, next);
+  });
+  it("should allow app builder user", () => {
+    const ctx = buildUserCtx(appBuilderUser), next = jest.fn();
+    (0, import_context.doInAppContext)(appId, () => {
+      (0, import_builderOrAdmin.default)(ctx, next);
+    });
+    passed(ctx.throw, next);
+  });
+  it("should not allow basic user", () => {
+    const ctx = buildUserCtx(basicUser), next = jest.fn();
+    (0, import_builderOrAdmin.default)(ctx, next);
+    threw(ctx.throw);
+  });
+});
+describe("check service difference", () => {
+  it("should not allow without app ID in apps", () => {
+    import_environment.default._set("SERVICE_TYPE", import_types.ServiceType.APPS);
+    const appId2 = "app_a";
+    const ctx = buildUserCtx({
+      ...basicUser,
+      builder: {
+        apps: [appId2]
+      }
+    });
+    const next = jest.fn();
+    (0, import_context.doInAppContext)(appId2, () => {
+      (0, import_builderOnly.default)(ctx, next);
+    });
+    passed(ctx.throw, next);
+    (0, import_context.doInAppContext)("app_b", () => {
+      (0, import_builderOnly.default)(ctx, next);
+    });
+    threw(ctx.throw);
+  });
+  it("should allow without app ID in worker", () => {
+    import_environment.default._set("SERVICE_TYPE", import_types.ServiceType.WORKER);
+    const ctx = buildUserCtx({
+      ...basicUser,
+      builder: {
+        apps: ["app_a"]
+      }
+    });
+    const next = jest.fn();
+    (0, import_context.doInAppContext)("app_b", () => {
+      (0, import_builderOnly.default)(ctx, next);
+    });
+    passed(ctx.throw, next);
+  });
+});
+//# sourceMappingURL=builder.spec.js.map

package/dist/src/middleware/tests/builder.spec.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/middleware/tests/builder.spec.ts"],
+  "sourcesContent": ["import adminOnly from \"../adminOnly\"\nimport builderOnly from \"../builderOnly\"\nimport builderOrAdmin from \"../builderOrAdmin\"\nimport { structures } from \"../../../tests\"\nimport { ContextUser, ServiceType } from \"@budibase/types\"\nimport { doInAppContext } from \"../../context\"\nimport env from \"../../environment\"\nenv._set(\"SERVICE_TYPE\", ServiceType.APPS)\n\nconst appId = \"app_aaa\"\nconst basicUser = structures.users.user()\nconst adminUser = structures.users.adminUser()\nconst adminOnlyUser = structures.users.adminOnlyUser()\nconst builderUser = structures.users.builderUser()\nconst appBuilderUser = structures.users.appBuilderUser(appId)\n\nfunction buildUserCtx(user: ContextUser) {\n  return {\n    internal: false,\n    user,\n    throw: jest.fn(),\n  } as any\n}\n\nfunction passed(throwFn: jest.Func, nextFn: jest.Func) {\n  expect(throwFn).not.toBeCalled()\n  expect(nextFn).toBeCalled()\n}\n\nfunction threw(throwFn: jest.Func) {\n  // cant check next, the throw function doesn't actually throw - so it still continues\n  expect(throwFn).toBeCalled()\n}\n\ndescribe(\"adminOnly middleware\", () => {\n  it(\"should allow admin user\", () => {\n    const ctx = buildUserCtx(adminUser),\n      next = jest.fn()\n    adminOnly(ctx, next)\n    passed(ctx.throw, next)\n  })\n\n  it(\"should not allow basic user\", () => {\n    const ctx = buildUserCtx(basicUser),\n      next = jest.fn()\n    adminOnly(ctx, next)\n    threw(ctx.throw)\n  })\n\n  it(\"should not allow builder user\", () => {\n    const ctx = buildUserCtx(builderUser),\n      next = jest.fn()\n    adminOnly(ctx, next)\n    threw(ctx.throw)\n  })\n})\n\ndescribe(\"builderOnly middleware\", () => {\n  it(\"should allow builder user\", () => {\n    const ctx = buildUserCtx(builderUser),\n      next = jest.fn()\n    builderOnly(ctx, next)\n    passed(ctx.throw, next)\n  })\n\n  it(\"should allow app builder user\", () => {\n    const ctx = buildUserCtx(appBuilderUser),\n      next = jest.fn()\n    doInAppContext(appId, () => {\n      builderOnly(ctx, next)\n    })\n    passed(ctx.throw, next)\n  })\n\n  it(\"should allow admin and builder user\", () => {\n    const ctx = buildUserCtx(adminUser),\n      next = jest.fn()\n    builderOnly(ctx, next)\n    passed(ctx.throw, next)\n  })\n\n  it(\"should not allow admin user\", () => {\n    const ctx = buildUserCtx(adminOnlyUser),\n      next = jest.fn()\n    builderOnly(ctx, next)\n    threw(ctx.throw)\n  })\n\n  it(\"should not allow app builder user to different app\", () => {\n    const ctx = buildUserCtx(appBuilderUser),\n      next = jest.fn()\n    doInAppContext(\"app_bbb\", () => {\n      builderOnly(ctx, next)\n    })\n    threw(ctx.throw)\n  })\n\n  it(\"should not allow basic user\", () => {\n    const ctx = buildUserCtx(basicUser),\n      next = jest.fn()\n    builderOnly(ctx, next)\n    threw(ctx.throw)\n  })\n})\n\ndescribe(\"builderOrAdmin middleware\", () => {\n  it(\"should allow builder user\", () => {\n    const ctx = buildUserCtx(builderUser),\n      next = jest.fn()\n    builderOrAdmin(ctx, next)\n    passed(ctx.throw, next)\n  })\n\n  it(\"should allow builder and admin user\", () => {\n    const ctx = buildUserCtx(adminUser),\n      next = jest.fn()\n    builderOrAdmin(ctx, next)\n    passed(ctx.throw, next)\n  })\n\n  it(\"should allow admin user\", () => {\n    const ctx = buildUserCtx(adminOnlyUser),\n      next = jest.fn()\n    builderOrAdmin(ctx, next)\n    passed(ctx.throw, next)\n  })\n\n  it(\"should allow app builder user\", () => {\n    const ctx = buildUserCtx(appBuilderUser),\n      next = jest.fn()\n    doInAppContext(appId, () => {\n      builderOrAdmin(ctx, next)\n    })\n    passed(ctx.throw, next)\n  })\n\n  it(\"should not allow basic user\", () => {\n    const ctx = buildUserCtx(basicUser),\n      next = jest.fn()\n    builderOrAdmin(ctx, next)\n    threw(ctx.throw)\n  })\n})\n\ndescribe(\"check service difference\", () => {\n  it(\"should not allow without app ID in apps\", () => {\n    env._set(\"SERVICE_TYPE\", ServiceType.APPS)\n    const appId = \"app_a\"\n    const ctx = buildUserCtx({\n      ...basicUser,\n      builder: {\n        apps: [appId],\n      },\n    })\n    const next = jest.fn()\n    doInAppContext(appId, () => {\n      builderOnly(ctx, next)\n    })\n    passed(ctx.throw, next)\n    doInAppContext(\"app_b\", () => {\n      builderOnly(ctx, next)\n    })\n    threw(ctx.throw)\n  })\n\n  it(\"should allow without app ID in worker\", () => {\n    env._set(\"SERVICE_TYPE\", ServiceType.WORKER)\n    const ctx = buildUserCtx({\n      ...basicUser,\n      builder: {\n        apps: [\"app_a\"],\n      },\n    })\n    const next = jest.fn()\n    doInAppContext(\"app_b\", () => {\n      builderOnly(ctx, next)\n    })\n    passed(ctx.throw, next)\n  })\n})\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;AAAA,uBAAsB;AACtB,yBAAwB;AACxB,4BAA2B;AAC3B,mBAA2B;AAC3B,mBAAyC;AACzC,qBAA+B;AAC/B,yBAAgB;AAChB,mBAAAA,QAAI,KAAK,gBAAgB,yBAAY,IAAI;AAEzC,MAAM,QAAQ;AACd,MAAM,YAAY,wBAAW,MAAM,KAAK;AACxC,MAAM,YAAY,wBAAW,MAAM,UAAU;AAC7C,MAAM,gBAAgB,wBAAW,MAAM,cAAc;AACrD,MAAM,cAAc,wBAAW,MAAM,YAAY;AACjD,MAAM,iBAAiB,wBAAW,MAAM,eAAe,KAAK;AAE5D,SAAS,aAAa,MAAmB;AACvC,SAAO;AAAA,IACL,UAAU;AAAA,IACV;AAAA,IACA,OAAO,KAAK,GAAG;AAAA,EACjB;AACF;AAEA,SAAS,OAAO,SAAoB,QAAmB;AACrD,SAAO,OAAO,EAAE,IAAI,WAAW;AAC/B,SAAO,MAAM,EAAE,WAAW;AAC5B;AAEA,SAAS,MAAM,SAAoB;AAEjC,SAAO,OAAO,EAAE,WAAW;AAC7B;AAEA,SAAS,wBAAwB,MAAM;AACrC,KAAG,2BAA2B,MAAM;AAClC,UAAM,MAAM,aAAa,SAAS,GAChC,OAAO,KAAK,GAAG;AACjB,yBAAAC,SAAU,KAAK,IAAI;AACnB,WAAO,IAAI,OAAO,IAAI;AAAA,EACxB,CAAC;AAED,KAAG,+BAA+B,MAAM;AACtC,UAAM,MAAM,aAAa,SAAS,GAChC,OAAO,KAAK,GAAG;AACjB,yBAAAA,SAAU,KAAK,IAAI;AACnB,UAAM,IAAI,KAAK;AAAA,EACjB,CAAC;AAED,KAAG,iCAAiC,MAAM;AACxC,UAAM,MAAM,aAAa,WAAW,GAClC,OAAO,KAAK,GAAG;AACjB,yBAAAA,SAAU,KAAK,IAAI;AACnB,UAAM,IAAI,KAAK;AAAA,EACjB,CAAC;AACH,CAAC;AAED,SAAS,0BAA0B,MAAM;AACvC,KAAG,6BAA6B,MAAM;AACpC,UAAM,MAAM,aAAa,WAAW,GAClC,OAAO,KAAK,GAAG;AACjB,2BAAAC,SAAY,KAAK,IAAI;AACrB,WAAO,IAAI,OAAO,IAAI;AAAA,EACxB,CAAC;AAED,KAAG,iCAAiC,MAAM;AACxC,UAAM,MAAM,aAAa,cAAc,GACrC,OAAO,KAAK,GAAG;AACjB,uCAAe,OAAO,MAAM;AAC1B,6BAAAA,SAAY,KAAK,IAAI;AAAA,IACvB,CAAC;AACD,WAAO,IAAI,OAAO,IAAI;AAAA,EACxB,CAAC;AAED,KAAG,uCAAuC,MAAM;AAC9C,UAAM,MAAM,aAAa,SAAS,GAChC,OAAO,KAAK,GAAG;AACjB,2BAAAA,SAAY,KAAK,IAAI;AACrB,WAAO,IAAI,OAAO,IAAI;AAAA,EACxB,CAAC;AAED,KAAG,+BAA+B,MAAM;AACtC,UAAM,MAAM,aAAa,aAAa,GACpC,OAAO,KAAK,GAAG;AACjB,2BAAAA,SAAY,KAAK,IAAI;AACrB,UAAM,IAAI,KAAK;AAAA,EACjB,CAAC;AAED,KAAG,sDAAsD,MAAM;AAC7D,UAAM,MAAM,aAAa,cAAc,GACrC,OAAO,KAAK,GAAG;AACjB,uCAAe,WAAW,MAAM;AAC9B,6BAAAA,SAAY,KAAK,IAAI;AAAA,IACvB,CAAC;AACD,UAAM,IAAI,KAAK;AAAA,EACjB,CAAC;AAED,KAAG,+BAA+B,MAAM;AACtC,UAAM,MAAM,aAAa,SAAS,GAChC,OAAO,KAAK,GAAG;AACjB,2BAAAA,SAAY,KAAK,IAAI;AACrB,UAAM,IAAI,KAAK;AAAA,EACjB,CAAC;AACH,CAAC;AAED,SAAS,6BAA6B,MAAM;AAC1C,KAAG,6BAA6B,MAAM;AACpC,UAAM,MAAM,aAAa,WAAW,GAClC,OAAO,KAAK,GAAG;AACjB,8BAAAC,SAAe,KAAK,IAAI;AACxB,WAAO,IAAI,OAAO,IAAI;AAAA,EACxB,CAAC;AAED,KAAG,uCAAuC,MAAM;AAC9C,UAAM,MAAM,aAAa,SAAS,GAChC,OAAO,KAAK,GAAG;AACjB,8BAAAA,SAAe,KAAK,IAAI;AACxB,WAAO,IAAI,OAAO,IAAI;AAAA,EACxB,CAAC;AAED,KAAG,2BAA2B,MAAM;AAClC,UAAM,MAAM,aAAa,aAAa,GACpC,OAAO,KAAK,GAAG;AACjB,8BAAAA,SAAe,KAAK,IAAI;AACxB,WAAO,IAAI,OAAO,IAAI;AAAA,EACxB,CAAC;AAED,KAAG,iCAAiC,MAAM;AACxC,UAAM,MAAM,aAAa,cAAc,GACrC,OAAO,KAAK,GAAG;AACjB,uCAAe,OAAO,MAAM;AAC1B,gCAAAA,SAAe,KAAK,IAAI;AAAA,IAC1B,CAAC;AACD,WAAO,IAAI,OAAO,IAAI;AAAA,EACxB,CAAC;AAED,KAAG,+BAA+B,MAAM;AACtC,UAAM,MAAM,aAAa,SAAS,GAChC,OAAO,KAAK,GAAG;AACjB,8BAAAA,SAAe,KAAK,IAAI;AACxB,UAAM,IAAI,KAAK;AAAA,EACjB,CAAC;AACH,CAAC;AAED,SAAS,4BAA4B,MAAM;AACzC,KAAG,2CAA2C,MAAM;AAClD,uBAAAH,QAAI,KAAK,gBAAgB,yBAAY,IAAI;AACzC,UAAMI,SAAQ;AACd,UAAM,MAAM,aAAa;AAAA,MACvB,GAAG;AAAA,MACH,SAAS;AAAA,QACP,MAAM,CAACA,MAAK;AAAA,MACd;AAAA,IACF,CAAC;AACD,UAAM,OAAO,KAAK,GAAG;AACrB,uCAAeA,QAAO,MAAM;AAC1B,6BAAAF,SAAY,KAAK,IAAI;AAAA,IACvB,CAAC;AACD,WAAO,IAAI,OAAO,IAAI;AACtB,uCAAe,SAAS,MAAM;AAC5B,6BAAAA,SAAY,KAAK,IAAI;AAAA,IACvB,CAAC;AACD,UAAM,IAAI,KAAK;AAAA,EACjB,CAAC;AAED,KAAG,yCAAyC,MAAM;AAChD,uBAAAF,QAAI,KAAK,gBAAgB,yBAAY,MAAM;AAC3C,UAAM,MAAM,aAAa;AAAA,MACvB,GAAG;AAAA,MACH,SAAS;AAAA,QACP,MAAM,CAAC,OAAO;AAAA,MAChB;AAAA,IACF,CAAC;AACD,UAAM,OAAO,KAAK,GAAG;AACrB,uCAAe,SAAS,MAAM;AAC5B,6BAAAE,SAAY,KAAK,IAAI;AAAA,IACvB,CAAC;AACD,WAAO,IAAI,OAAO,IAAI;AAAA,EACxB,CAAC;AACH,CAAC;",
+  "names": ["env", "adminOnly", "builderOnly", "builderOrAdmin", "appId"]
+}