@budibase/backend-core 3.13.29 → 3.14.1

package/dist/index.js

@@ -34,6 +34,6 @@ attempted value: ${s}
       emit(doc.ssoId, doc._id)
     }
   }`,"platform_users_lowercase_2")},ra=async(t,e)=>{let r={account_by_email:zA,platform_users_lowercase_2:ZA};return ct(xe.PLATFORM_INFO.name,async n=>{let i=r[t];return Uf(t,e,n,i,{arrayResponse:!0})})},XA={by_email2:HA,by_api_key:YA,by_app:KA},lr=async(t,e,r,n)=>{r||(r=ne());let i=XA[t];return Uf(t,e,r,i,n)};async function Lf(t,e,r){let n=ne(),i=XA[t];return ta(t,e,n,i,r)}var Mf=class{constructor({source:e,target:r}){this.source=Et(e),this.target=Et(r),e.startsWith("app_dev")&&r.startsWith("app")?this.direction="toProduction":e.startsWith("app")&&r.startsWith("app_dev")&&(this.direction="toDev")}async close(){await Promise.all([No(this.source),No(this.target)])}replicate(e={}){return new Promise(r=>{this.source.replicate.to(this.target,e).on("denied",function(n){throw new Error(`Denied: Document failed to replicate ${n}`)}).on("complete",function(n){return r(n)}).on("error",function(n){throw n})})}appReplicateOpts(e={}){if(typeof e.filter=="string")return e;let r=e.filter,i=this.direction==="toDev";delete e.filter;let s=e.isCreation;return delete e.isCreation,{...e,filter:(o,a)=>!s&&o._id==="_design/migrations"||i&&o._id?.startsWith("_design")?!1:o._deleted?!0:o._id?.startsWith("log_au")||o._id==="app_metadata"?!1:r?r(o,a):!0}}async rollback(){await this.target.destroy(),this.target=Et(this.target.name),await this.replicate()}},eS=Mf;var rS=q(require("node-fetch"));var na=Lr.removeKeyNumbering;function ui(t){return t==null||t===""}var dr=class t{#l;#d;#e;#r;#n;#i;#s;#o;#t;#p;#a;#u=!1;#c;static{this.maxLimit=200}constructor(e,r,n){this.#l=e,this.#d=r,this.#e={allOr:!1,onEmptyFilter:"all",string:{},fuzzy:{},range:{},equal:{},notEqual:{},empty:{},notEmpty:{},oneOf:{},contains:{},notContains:{},containsAny:{},...n},this.#r=50,this.#s="ascending",this.#o="string",this.#t=!0}disableEscaping(){return this.#u=!0,this}setIndexBuilder(e){return this.#a=e,this}setVersion(e){return e!=null&&(this.#p=e),this}setTable(e){return this.#e.equal.tableId=e,this}setLimit(e){return e!=null&&(this.#r=e),this}setSort(e){return e!=null&&(this.#n=e),this}setSortOrder(e){return e!=null&&(this.#s=e),this}setSortType(e){return e!=null&&(this.#o=e),this}setBookmark(e){return e!=null&&(this.#i=e),this}setSkip(e){return this.#c=e,this}excludeDocs(){return this.#t=!1,this}includeDocs(){return this.#t=!0,this}addString(e,r){return this.#e.string[e]=r,this}addFuzzy(e,r){return this.#e.fuzzy[e]=r,this}addRange(e,r,n){return this.#e.range[e]={low:r,high:n},this}addEqual(e,r){return this.#e.equal[e]=r,this}addNotEqual(e,r){return this.#e.notEqual[e]=r,this}addEmpty(e,r){return this.#e.empty[e]=r,this}addNotEmpty(e,r){return this.#e.notEmpty[e]=r,this}addOneOf(e,r){return this.#e.oneOf[e]=r,this}addContains(e,r){return this.#e.contains[e]=r,this}addNotContains(e,r){return this.#e.notContains[e]=r,this}addContainsAny(e,r){return this.#e.containsAny[e]=r,this}setAllOr(){this.#e.allOr=!0}setOnEmptyFilter(e){this.#e.onEmptyFilter=e}handleSpaces(e){return this.#u?e:e.replace(/ /g,"_")}preprocess(e,{escape:r,lowercase:n,wrap:i,type:s}={}){let o=!!this.#p,a=typeof e;return e&&n&&(e=e.toLowerCase?e.toLowerCase():e),!this.#u&&r&&a==="string"&&(e=`${e}`.replace(/[ /#+\-&|!(){}\]^"~*?:\\]/g,"\\$&")),a==="string"&&!isNaN(e)&&!s?e=`"${e}"`:o&&i&&(e=a==="number"?e:`"${e}"`),e}isMultiCondition(){let e=0;for(let r of Object.values(this.#e))typeof r=="object"&&(e+=Object.keys(r).length);return e>1}compressFilters(e){let r={};for(let s of Object.keys(e)){let o=na(s);r[o]?r[o]=r[o].concat(e[s]):r[o]=e[s]}let n={},i=1;for(let[s,o]of Object.entries(r))n[`${i++}:${s}`]=o;return n}buildSearchQuery(){let e=this,r=this.#e&&this.#e.allOr,n=r?"":"*:*",i=!0,s={escape:!0,lowercase:!0,wrap:!0},o="";this.#e.equal.tableId&&(o=this.#e.equal.tableId,delete this.#e.equal.tableId);let a=(p,g)=>ui(g)?null:`${p}:${e.preprocess(g,s)}`,u=(p,g,y="AND")=>{if(ui(g))return null;if(!Array.isArray(g))return`${p}:${g}`;let T=`${e.preprocess(g[0],{escape:!0})}`;for(let S=1;S<g.length;S++)T+=` ${y} ${e.preprocess(g[S],{escape:!0})}`;return`${p}:(${T})`},c=(p,g)=>ui(g)?null:(g=e.preprocess(g,{escape:!0,lowercase:!0,type:"fuzzy"}),`${p}:/.*${g}.*/`),l=(p,g)=>{let y=r?"*:* AND ":"",T=r?"AND":void 0;return y+"NOT "+u(p,g,T)},d=(p,g)=>u(p,g,"OR"),f=(p,g)=>{if(ui(g))return"*:*";if(!Array.isArray(g))if(typeof g=="string")g=g.split(",");else return"";let y=`${e.preprocess(g[0],s)}`;for(let T=1;T<g.length;T++)y+=` OR ${e.preprocess(g[T],s)}`;return`${p}:(${y})`};function m(p,g,y){let T="";for(let[S,O]of Object.entries(p)){S=na(S),S=e.preprocess(e.handleSpaces(S),{escape:!0});let R=g(S,O);if(R!=null){if(T.length>0||n.length>0){let E=y?.mode?y.mode:r?"OR":"AND";T+=` ${E} `}T+=R,(typeof O!="string"&&O!=null||typeof O=="string"&&O!==o&&O!=="")&&(i=!1)}}if(y?.returnBuilt)return T;n+=T}if(this.#e.string&&m(this.#e.string,(p,g)=>ui(g)?null:(g=e.preprocess(g,{escape:!0,lowercase:!0,type:"string"}),`${p}:${g}*`)),this.#e.range&&m(this.#e.range,(p,g)=>{if(ui(g)||g.low==null||g.low===""||g.high==null||g.high==="")return null;let y=e.preprocess(g.low,s),T=e.preprocess(g.high,s);return`${p}:[${y} TO ${T}]`}),this.#e.fuzzy&&m(this.#e.fuzzy,c),this.#e.equal&&m(this.#e.equal,a),this.#e.notEqual&&m(this.#e.notEqual,(p,g)=>ui(g)?null:typeof g=="boolean"?`(*:* AND !${p}:${g})`:`!${p}:${e.preprocess(g,s)}`),this.#e.empty&&m(this.#e.empty,p=>(i=!1,`(*:* -${p}:["" TO *])`)),this.#e.notEmpty&&m(this.#e.notEmpty,p=>(i=!1,`${p}:["" TO *]`)),this.#e.oneOf&&m(this.#e.oneOf,f),this.#e.contains&&m(this.#e.contains,u),this.#e.notContains&&m(this.compressFilters(this.#e.notContains),l),this.#e.containsAny&&m(this.#e.containsAny,d),o&&(n=this.isMultiCondition()?`(${n})`:n,r=!1,m({tableId:o},a)),i){if(this.#e.onEmptyFilter==="none")return"";if(this.#e?.allOr)return n.replace("()","(*:*)")}return n}buildSearchBody(){let e={q:this.buildSearchQuery(),limit:Math.min(this.#r,t.maxLimit),include_docs:this.#t};if(this.#i&&(e.bookmark=this.#i),this.#n){let r=this.#s==="descending"?"-":"",n=`<${this.#o}>`;e.sort=`${r}${this.handleSpaces(this.#n)}${n}`}return e}async run(){return this.#c&&await this.#m(this.#c),await this.#f()}async#m(e){let r=this.#t,n=this.#r;this.excludeDocs();let i=e,s=0;do{let o=Math.min(t.maxLimit,i);this.setLimit(o);let{bookmark:a,rows:u}=await this.#f();this.setBookmark(a),s=u.length,i-=u.length}while(i>0&&s>0);this.#t=r,this.#r=n}async#f(){let{url:e,cookie:r}=Nt(),n=`${e}/${this.#l}/_design/database/_search/${this.#d}`,i=this.buildSearchBody();try{return await tS(n,i,r)}catch(s){if(s.status===404&&this.#a)return await this.#a(),await tS(n,i,r);throw s}}};async function tS(t,e,r){let n=await(0,rS.default)(t,{body:JSON.stringify(e),method:"POST",headers:{Authorization:r}});if(n.status===404)throw n;let i=await n.json(),s={rows:[],totalRows:0};return i.rows!=null&&i.rows.length>0&&(s.rows=i.rows.map(o=>o.doc)),i.bookmark&&(s.bookmark=i.bookmark),i.total_rows&&(s.totalRows=i.total_rows),s}async function nS(t,e,r,n){let i=n.bookmark,s=n.rows||[];if(n.limit&&s.length>=n.limit)return s;let o=dr.maxLimit;n.limit&&s.length>n.limit-dr.maxLimit&&(o=n.limit-s.length);let a=new dr(t,e,r);a.setVersion(n.version).setBookmark(i).setLimit(o).setSort(n.sort).setSortOrder(n.sortOrder).setSortType(n.sortType),n.tableId&&a.setTable(n.tableId);let u=await a.run();if(!u.rows.length)return s;if(u.rows.length<dr.maxLimit)return[...s,...u.rows];let c={...n,bookmark:u.bookmark,rows:[...s,...u.rows]};return await nS(t,e,r,c)}async function TP(t,e,r,n){let i=n.limit;(i==null||isNaN(i)||i<0)&&(i=50),i=Math.min(i,dr.maxLimit);let s=new dr(t,e,r);n.version&&s.setVersion(n.version),n.tableId&&s.setTable(n.tableId),n.sort&&s.setSort(n.sort).setSortOrder(n.sortOrder).setSortType(n.sortType),n.indexer&&s.setIndexBuilder(n.indexer),n.disableEscaping&&s.disableEscaping();let o=await s.setBookmark(n.bookmark).setLimit(i).run();s.setBookmark(o.bookmark).setLimit(1),n.tableId&&s.setTable(n.tableId);let a=await s.run();return{...o,hasNextPage:a.rows&&a.rows.length>0}}async function AP(t,e,r,n){let i=n.limit;return(i==null||isNaN(i)||i<0)&&(i=1e3),n.limit=Math.min(i,1e3),{rows:await nS(t,e,r,n)}}var Ff={};N(Ff,{createUserIndex:()=>SP});async function SP(){let t=ne(),e;try{e=await t.get("_design/database")}catch(n){n.status===404&&(e={_id:"_design/database"})}let r=function(n){if(n._id&&!n._id.startsWith("us_"))return;let i=["_id","_rev","password","account","license","budibaseAccess","accountPortalAccess","csrfToken"];function s(o,a){for(let u of Object.keys(o)){if(i.includes(u))continue;let c=a!=null?`${a}.${u}`:u;typeof o[u]=="string"?index(c,o[u].toLowerCase(),{facet:!0}):typeof o[u]!="object"?index(c,o[u],{facet:!0}):s(o[u],c)}}s(n)};e.indexes={user:{index:r.toString(),analyzer:{default:"keyword",name:"perfield"}}},await t.put(e)}function iS(t,e){let r=e.toString();if(typeof t=="object")return t.status===e||t.message?.includes(r);if(typeof t=="number")return t===e;if(typeof t=="string")return t.includes(r)}function _P(t){return iS(t,409)}var ia=q(require("fs/promises")),Yr=q(require("dd-trace")),sa=require("stream/promises");var IP=require("sanitize-s3-objectkey"),OP={bucketCreationPromises:{}},qf="/files/signed",Hr={txt:"text/plain",html:"text/html",css:"text/css",js:"application/javascript",json:"application/json",gz:"application/gzip",svg:"image/svg+xml",form:"multipart/form-data"},xP=[Hr.html,Hr.css,Hr.js,Hr.json];function Le(t){return IP(Je(t)).replace(/\\/g,"/")}function Je(t){return t.replace(new RegExp(yt,"g"),gt)}function Ft(t={presigning:!1}){let e={forcePathStyle:!0,credentials:{accessKeyId:h.MINIO_ACCESS_KEY,secretAccessKey:h.MINIO_SECRET_KEY},region:h.AWS_REGION};return!h.MINIO_ENABLED&&h.AWS_SESSION_TOKEN&&(e.credentials={accessKeyId:h.MINIO_ACCESS_KEY,secretAccessKey:h.MINIO_SECRET_KEY,sessionToken:h.AWS_SESSION_TOKEN}),h.MINIO_URL&&(t.presigning&&h.MINIO_ENABLED?e.endpoint="http://minio-service":e.endpoint=h.MINIO_URL),new _c.S3(e)}async function oa(t,e){e=Je(e);try{return await t.headBucket({Bucket:e}),{created:!1,exists:!0}}catch(r){let n=r.statusCode||r.$response?.statusCode,i=OP.bucketCreationPromises,s=n===404,o=n===403;if(i[e])return await i[e],{created:!1,exists:!0};if(s||o){if(s)return i[e]=t.createBucket({Bucket:e}),await i[e],delete i[e],{created:!0,exists:!1};throw new Error("Access denied to object store bucket."+r)}else throw new Error("Unable to write to object store bucket.")}}async function RP({bucket:t,filename:e,path:r,type:n,metadata:i,body:s,ttl:o}){let a=e.split(".").pop(),u=r?(await ia.default.open(r)).createReadStream():s,c=Ft(),l=await oa(c,t);if(o&&l.created){let g=hc(t,o);await c.putBucketLifecycleConfiguration(g)}let d=n,f=d||(a?Hr[a.toLowerCase()]:Hr.txt),m={Bucket:Je(t),Key:Le(e),Body:u,ContentType:f};if(i&&typeof i=="object"){for(let g of Object.keys(i))(!i[g]||typeof i[g]!="string")&&delete i[g];m.Metadata=i}return new kf.Upload({client:c,params:m}).done()}async function oS({bucket:t,stream:e,filename:r,type:n,extra:i,ttl:s}){return await Yr.default.trace("streamUpload",async o=>{if(o.addTags({bucketName:t,filename:r,type:n,ttl:s}),!e)throw new Error("Stream to upload is invalid/undefined");let a=r.split(".").pop(),u=Ft(),c=await oa(u,t);if(o.addTags({bucketCreated:c.created,bucketExists:c.exists,extension:a}),s&&c.created){let T=hc(t,s);await u.putBucketLifecycleConfiguration(T)}r?.endsWith(".js")?i={...i,ContentType:"application/javascript"}:r?.endsWith(".svg")&&(i={...i,ContentType:"image"});let l=n;l||(l=a?Hr[a.toLowerCase()]:Hr.txt),o.addTags({contentType:l});let d=Je(t),f=Le(r),m={Bucket:d,Key:f,Body:e,ContentType:l,...i},g=await new kf.Upload({client:u,params:m}).done(),y=await u.headObject({Bucket:d,Key:f});return o.addTags({contentLength:y.ContentLength}),{...g,ContentLength:y.ContentLength}})}async function aS(t,e){return await Yr.default.trace("retrieve",async r=>{r.addTags({bucketName:t,filepath:e});let n=Ft(),i={Bucket:Je(t),Key:Le(e)},s=await n.getObject(i);if(!s.Body)throw new Error("Unable to retrieve object");if(r.addTags({contentLength:s.ContentLength,contentType:s.ContentType}),xP.includes(s.ContentType))return r.addTags({string:!0}),s.Body.transformToString();{r.addTags({string:!1});let o=s.Body.transformToWebStream();return Ic.default.Readable.fromWeb(o)}})}async function*uS(t,e){let r=Ft(),n=(o={})=>r.listObjectsV2({...o,Bucket:Je(t),Prefix:Le(e)}),i=!1,s;do{let o={};s&&(o.ContinuationToken=s);let a=await n(o);if(a.Contents)for(let u of a.Contents)yield u;i=!!a.IsTruncated,s=a.NextContinuationToken}while(i&&s)}async function Jr(t,e,r=3600){let n=Ft({presigning:!0}),i={Bucket:Je(t),Key:Le(e)},s=await(0,sS.getSignedUrl)(n,new _c.GetObjectCommand(i),{expiresIn:r});if(h.MINIO_ENABLED){let o=new URL(s),a=o.pathname,u=o.search;return`${qf}${a}${u}`}else return s}async function wP(t,e){return await Yr.default.trace("retrieveToTmp",async r=>{r.addTags({bucketName:t,filepath:e}),t=Je(t),e=Le(e);let n=await aS(t,e),i=(0,Kr.join)(oi(),(0,Vf.v4)());return r.addTags({outputPath:i}),n instanceof Ic.default.Readable?(r.addTags({stream:!0}),await(0,sa.pipeline)(n,os.default.createWriteStream(i))):(r.addTags({stream:!1}),os.default.writeFileSync(i,n)),i})}async function bP(t,e){return await Yr.default.trace("retrieveDirectory",async r=>{r.addTags({bucketName:t,path:e});let n=(0,Kr.join)(oi(),(0,Vf.v4)());await ia.default.mkdir(n,{recursive:!0});let i=0;return await br.parallelForeach(uS(t,e),async s=>{i++,await Yr.default.trace("retrieveDirectory.object",async o=>{let a=s.Key;o.addTags({filename:a});let u=await gc(t,a),c=a.split("/"),l=c.slice(0,c.length-1),d=(0,Kr.join)(n,...l);c.length>1&&!os.default.existsSync(d)&&await ia.default.mkdir(d,{recursive:!0}),await(0,sa.pipeline)(u,os.default.createWriteStream((0,Kr.join)(n,...c),{mode:420}))})},5),r.addTags({numObjects:i}),n})}async function DP(t,e){let r=Ft();await oa(r,t);let n={Bucket:t,Key:Le(e)};return r.deleteObject(n)}async function CP(t,e){let r=Ft();await oa(r,t);let n={Bucket:t,Delete:{Objects:e.map(i=>({Key:Le(i)}))}};return r.deleteObjects(n)}async function cS(t,e){t=Je(t),e=Le(e);let r=Ft(),n={Bucket:t,Prefix:e},i=await r.listObjects(n);if(i.Contents?.length===0)return;let s={Bucket:t,Delete:{Objects:[]}};if(i.Contents?.forEach(o=>{s.Delete.Objects.push({Key:o.Key})}),s.Delete.Objects.length&&(await r.deleteObjects(s)).Deleted?.length===1e3)return cS(t,e)}async function Wf(t,e,r){return await Yr.default.trace("uploadDirectory",async n=>{n.addTags({bucketName:t,localPath:e,bucketPath:r}),t=Je(t);let i=await ia.default.readdir(e,{withFileTypes:!0});n.addTags({numFiles:i.length});for(let s of i){let o=Le((0,Kr.join)(r,s.name)),a=(0,Kr.join)(e,s.name);s.isDirectory()?await Wf(t,a,o):await oS({bucket:t,filename:o,stream:os.default.createReadStream(a)})}return i})}async function vP(t,e,r={}){e=Le(e);let n=await(0,Bf.default)(t,{headers:r});if(!n.ok)throw new Error(`unexpected response ${n.statusText}`);await(0,sa.pipeline)(n.body,$f.default.createUnzip(),Gf.default.extract(e))}async function NP(t,e,r){e=Je(e),r=Le(r);let n=await(0,Bf.default)(t);if(!n.ok)throw new Error(`unexpected response ${n.statusText}`);let i=(0,Kr.join)(oi(),r);return await(0,sa.pipeline)(n.body,$f.default.createUnzip(),Gf.default.extract(i)),!h.isTest()&&h.SELF_HOSTED&&await Wf(e,i,r),i}async function gc(t,e){return await Yr.default.trace("getReadStream",async r=>{t=Je(t),e=Le(e),r.addTags({bucketName:t,path:e});let n=Ft(),i={Bucket:t,Key:e},s=await n.getObject(i);if(!s.Body||!(s.Body instanceof Ic.default.Readable))throw new Error("Unable to retrieve stream - invalid response");return r.addTags({contentLength:s.ContentLength,contentType:s.ContentType}),s.Body})}async function PP(t,e){t=Je(t),e=Le(e);let r=Ft(),n={Bucket:t,Key:e};try{return await r.headObject(n)}catch{throw new Error("Unable to retrieve metadata from object")}}function Rf(t){let e=t.split("?")[0],r=new RegExp(`^${qf}/(?<bucket>[^/]+)/(?<path>.+)$`),n=e.match(r);if(n&&n.groups){let{bucket:i,path:s}=n.groups;return{bucket:i,path:s}}return null}var lS=q(require("aws-cloudfront-sign")),Oc;function UP(){if(!h.CLOUDFRONT_PRIVATE_KEY_64)throw new Error("CLOUDFRONT_PRIVATE_KEY_64 is not set");return Oc||(Oc=Buffer.from(h.CLOUDFRONT_PRIVATE_KEY_64,"base64").toString("utf-8"),Oc)}var LP=()=>({keypairId:h.CLOUDFRONT_PUBLIC_KEY_ID,privateKeyString:UP(),expireTime:new Date().getTime()+1e3*60*60*24}),as=t=>{let e=Qf(t);return lS.getSignedUrl(e,LP())},Qf=t=>{let e="/";return t.startsWith("/")&&(e=""),`${h.CLOUDFRONT_CDN}${e}${t}`};var dS=q(require("querystring"));function pS(t){return`${Le(t)}/budibase-client.js`}async function MP(t,e){let r=pS(t);return h.CLOUDFRONT_CDN?(e&&(r+=`?v=${e}`),Qf(r)):await Jr(h.APPS_BUCKET_NAME,r)}function FP(t,e){let r,n;try{r=j()}finally{n={appId:t,version:e}}return r&&r!==Te&&(n.tenantId=r),`/api/assets/client?${dS.default.encode(n)}`}async function fS(t){return h.CLOUDFRONT_CDN?as(t):await Jr(h.APPS_BUCKET_NAME,t)}async function kP(t){if(t.length===0)return[];try{return await Promise.all(t.map(async e=>({...e,src:await fS(e.src),type:e.type||"image/png"})))}catch(e){return console.error("Error enriching PWA images:",e),t}}var BP=async(t,e,r)=>{let n=mS(t,e);return h.CLOUDFRONT_CDN?(r&&(n=`${n}?etag=${r}`),as(n)):await Jr(h.GLOBAL_BUCKET_NAME,n)},mS=(t,e)=>{let r=`${t}/${e}`;return h.MULTI_TENANCY&&(r=`${j()}/${r}`),r};async function GP(t){return!t||!t.length?[]:await Promise.all(t.map(async e=>{let r=await $P(e),n=await VP(e);return{...e,jsUrl:r,iconUrl:n}}))}async function $P(t){let e=gS(t);return hS(e)}async function VP(t){let e=yS(t);if(e)return hS(e)}async function hS(t){return h.CLOUDFRONT_CDN?as(t):await Jr(h.PLUGIN_BUCKET_NAME,t)}function gS(t){return ES(t,"plugin.min.js")}function yS(t){let e=t.iconUrl?"icon.svg":t.iconFileName;if(e)return ES(t,e)}function ES(t,e){return`${TS(t.name)}/${e}`}function TS(t){let e=`${t}`;return h.MULTI_TENANCY&&(e=`${j()}/${e}`),h.CLOUDFRONT_CDN&&(e=`plugins/${e}`),e}var _S="budibase.log",IS="budibase-logs-history.txt",OS=Kf.default.join(oi(),"systemlogs");function AS(t){return Kf.default.join(OS,t)}function xS(t){let e=/(\d+)([A-Za-z])/,r=t?.match(e);if(!r){console.warn("totalMaxSize does not have a valid value",{totalMaxSize:t});return}let n=+r[1],i=r[2];if(n===1)switch(i){case"B":return{size:`${n}B`,totalHistoryFiles:1};case"K":return{size:`${n*1e3/2}B`,totalHistoryFiles:1};case"M":return{size:`${n*1e3/2}K`,totalHistoryFiles:1};case"G":return{size:`${n*1e3/2}M`,totalHistoryFiles:1};default:return}return n%2===0?{size:`${n/2}${i}`,totalHistoryFiles:1}:{size:`1${i}`,totalHistoryFiles:n-1}}function Yf(){let t=xS(h.ROLLING_LOG_MAX_SIZE);return SS.createStream(_S,{size:t?.size,path:OS,maxFiles:t?.totalHistoryFiles||1,immutable:!0,history:IS,initialRotation:!1})}function qP(){let t=[],e=AS(IS);if(aa.default.existsSync(e)){let i=aa.default.readFileSync(e,"utf-8").split(`
-`);for(let s of i.filter(o=>o))t.push(aa.default.readFileSync(s))}return t.push(aa.default.readFileSync(AS(_S))),Buffer.concat(t)}function WP(t){return typeof t=="object"&&t!==null&&!(t instanceof Error)}function QP(t){return t instanceof Error}function jP(t){return typeof t=="string"}var zr;if(!h.DISABLE_PINO_LOGGER){let t=h.LOG_LEVEL,e={level:t,formatters:{level:u=>({level:u.toUpperCase()}),bindings:()=>h.SELF_HOSTED?{service:h.SERVICE_NAME}:{}},timestamp:()=>`,"timestamp":"${new Date(Date.now()).toISOString()}"`},r=[];r.push(h.isDev()?{stream:(0,RS.default)({singleLine:!0}),level:t}:{stream:process.stdout,level:t}),h.SELF_HOSTED&&r.push({stream:Yf(),level:t}),zr=r.length?(0,xc.default)(e,xc.default.multistream(r)):(0,xc.default)(e);let n=u=>{let c,l=[],d="";u.forEach(y=>{jP(y)&&(d=`${d} ${y}`.trimStart()),WP(y)&&l.push(y),QP(y)&&(c=y)});let f=a(),m={};m={tenantId:i(),appId:s(),automationId:o(),identityId:f?._id,identityType:f?.type,correlationId:xf()};let p=zf.default.scope().active();p&&zf.default.inject(p.context(),wS.formats.LOG,m);let g={err:c,pid:process.pid,...m};if(l.length){let y={},T=0;for(let S=0;S<l.length;S++){let O=l[S],R=O._logKey;R?(delete O._logKey,g[R]=O):(y[T]=O,T++)}Object.keys(y).length&&(g.data=y)}return[g,d]};console.log=(...u)=>{let[c,l]=n(u);zr?.info(c,l)},console.info=(...u)=>{let[c,l]=n(u);zr?.info(c,l)},console.warn=(...u)=>{let[c,l]=n(u);zr?.warn(c,l)},console.error=(...u)=>{let[c,l]=n(u);zr?.error(c,l)},console.trace=(...u)=>{let[c,l]=n(u);c.err||(c.err=new Error),zr?.trace(c,l)},console.debug=(...u)=>{let[c,l]=n(u);zr?.debug(c,l)};let i=()=>{let u;try{u=j()}catch{}return u},s=()=>{let u;try{u=Ue()}catch{}return u},o=()=>{let u;try{u=uf()}catch{}return u},a=()=>{let u;try{u=ar()}catch{}return u}}var Rc=zr;var HP=["AccountError"];function KP(t){return t&&t.suppressAlert}function ci(t,e){e&&HP.includes(e.name)&&KP(e)||console.error(`bb-alert: ${t}`,e)}function YP(t,e,r,n){t=`${t} - db: ${e} - doc: ${r} - error: `,ci(t,n)}function us(t,e){console.warn(`bb-warn: ${t}`,e)}var ca=class{constructor(e){this.host=e}async apiCall(e,r,n){n.headers||(n.headers={}),n.headers["Content-Type"]||(n.headers={"Content-Type":"application/json",Accept:"application/json",...n.headers});let i=n.headers["Content-Type"]==="application/json";Jo.setHeader(n.headers);let s={method:e,body:i?JSON.stringify(n.body):n.body,headers:n.headers,credentials:"include"};return await(0,bS.default)(`${this.host}${r}`,s)}async post(e,r){return this.apiCall("POST",e,r)}async get(e,r){return this.apiCall("GET",e,r)}async patch(e,r){return this.apiCall("PATCH",e,r)}async del(e,r){return this.apiCall("DELETE",e,r)}async put(e,r){return this.apiCall("PUT",e,r)}};var Zf=new ca(h.INTERNAL_ACCOUNT_PORTAL_URL),Xf=h.SELF_HOSTED||h.DISABLE_ACCOUNT_PORTAL,Zr=async t=>{if(Xf)return;let e={email:t},r=await Zf.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":h.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by email ${t}`);return(await r.json())[0]},cs=async t=>{if(Xf)return;let e={tenantId:t},r=await Zf.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":h.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by tenantId ${t}`);return(await r.json())[0]},JP=async()=>{if(Xf)return;let t=await Zf.get("/api/status",{headers:{"x-budibase-api-key":h.ACCOUNT_PORTAL_API_KEY}}),e=await t.json();if(t.status!==200)throw new Error("Error getting status");return e};var Es={};N(Es,{UserDB:()=>Yt,addAppBuilder:()=>k0,bulkGetGlobalUsersById:()=>nl,bulkUpdateGlobalUsers:()=>wa,cleanseUserObject:()=>Fm,creatorsInList:()=>di,doesUserExist:()=>P0,getAccountHolderFromUsers:()=>Vc,getAllUserIds:()=>v0,getAllUsers:()=>N0,getById:()=>mi,getCreatorCount:()=>M0,getExistingAccounts:()=>ds,getExistingPlatformUsers:()=>kS,getExistingTenantUsers:()=>FS,getFirstPlatformUser:()=>da,getGlobalUserByAppPage:()=>N_,getGlobalUserByEmail:()=>Gt,getPlatformUsers:()=>Cc,getUserCount:()=>L0,hasAdminPermissions:()=>tn,hasAppBuilderPermissions:()=>$S,hasBuilderPermissions:()=>Tt,isAdmin:()=>en,isAdminOrBuilder:()=>GS,isBuilder:()=>ms,isCreatorAsync:()=>pa,isCreatorSync:()=>Gc,isGlobalBuilder:()=>BS,paginatedUsers:()=>U_,removeAppBuilder:()=>B0,removePortalUserPermissions:()=>F0,searchExistingEmails:()=>lm,searchGlobalUsersByApp:()=>il,searchGlobalUsersByAppAccess:()=>Mm,searchGlobalUsersByEmail:()=>P_,validateUniqueUser:()=>$c});var dm={};N(dm,{creatorsInList:()=>di,getAccountHolderFromUsers:()=>Vc,hasAdminPermissions:()=>tn,hasAppBuilderPermissions:()=>$S,hasBuilderPermissions:()=>Tt,isAdmin:()=>en,isAdminOrBuilder:()=>GS,isBuilder:()=>ms,isCreatorAsync:()=>pa,isCreatorSync:()=>Gc,isGlobalBuilder:()=>BS,validateUniqueUser:()=>$c});var cm={};N(cm,{createCode:()=>lU,deleteCode:()=>pU,getCode:()=>dU,getExistingInvites:()=>um,getInviteCodes:()=>MS,updateCode:()=>cU});var ls={};N(ls,{Duration:()=>be,DurationType:()=>am,clearCookie:()=>Xr,compare:()=>rm,getAppIdFromCtx:()=>iU,getCookie:()=>pr,hasCircularStructure:()=>oU,hash:()=>tm,isAudited:()=>sm,isClient:()=>sU,isPublicApiRequest:()=>nU,isServingApp:()=>eU,isServingBuilder:()=>tU,isServingBuilderPreview:()=>rU,isValidInternalAPIKey:()=>la,newid:()=>me,openJwt:()=>bc,resolveAppUrl:()=>PS,setCookie:()=>US,time:()=>uU,timeout:()=>im,urlHasProtocol:()=>aU,validEmail:()=>om});var em=h.JS_BCRYPT?require("bcryptjs"):require("bcrypt"),zP=h.SALT_ROUNDS||10;async function tm(t){let e=await em.genSalt(zP);return em.hash(t,e)}async function rm(t,e){return em.compare(t,e)}var wc=q(require("jsonwebtoken")),nm="app"+v,CS="/app/",vS="/app/preview",ZP="/builder",NS=`${ZP}/app/`,XP="/api/public/v";async function PS(t){let r=`/${t.path.split("/")[2].toLowerCase()}`,n=j();!h.isDev()&&h.MULTI_TENANCY&&(n=Ho(t,{includeStrategies:["subdomain"]}));let s=(await We(n,()=>ea({dev:!1}))).filter(o=>o.url&&o.url.toLowerCase()===r)[0];return s&&s.appId?s.appId:void 0}function eU(t){return t.path.startsWith(`/${nm}`)?!0:t.path.startsWith(CS)}function tU(t){return t.path.startsWith(NS)}function rU(t){return t.path.startsWith(vS)}function nU(t){return t.path.startsWith(XP)}async function iU(t){let e=[t.request.headers["x-budibase-app-id"]],r;function n(u){return!u||!u.startsWith(nm)?r:(r&&Ji(r)!==Ji(u)&&t.throw("App id conflict",403),r??u)}for(let u of e)if(r=n(u),r)break;t.request.body&&t.request.body.appId&&(r=n(t.request.body.appId));let i=DS(t.path);i&&(r=n(i)),t.query?.appId&&(r=n(t.query?.appId));let s=t.path.startsWith(vS);if(t.path.startsWith(CS)&&!s&&(r=n(await PS(t))),t.request.headers.referer?.includes(NS)){let u=DS(t.request.headers.referer);r=n(u)}return r}function DS(t){if(t)return t.split("?")[0].split("/").find(e=>e.startsWith(nm))}function bc(t){if(t)try{return wc.default.verify(t,h.JWT_SECRET)}catch(e){if(h.JWT_SECRET_FALLBACK)return wc.default.verify(t,h.JWT_SECRET_FALLBACK);throw e}}function la(t){return h.INTERNAL_API_KEY&&h.INTERNAL_API_KEY===t?!0:!!(h.INTERNAL_API_KEY_FALLBACK&&h.INTERNAL_API_KEY_FALLBACK===t)}function pr(t,e){let r=t.cookies.get(e);if(r)return bc(r)}function US(t,e,r="builder",n={sign:!0}){e&&n&&n.sign&&(e=wc.default.sign(e,h.JWT_SECRET));let i={expires:Zu,path:"/",httpOnly:!1,overwrite:!0};h.COOKIE_DOMAIN&&(i.domain=h.COOKIE_DOMAIN),t.cookies.set(r,e,i)}function Xr(t,e){US(t,null,e)}function sU(t){return t.headers["x-budibase-type"]==="client"}function im(t){return new Promise(e=>setTimeout(e,t))}function sm(t){return!!Vh[t]}function oU(t){if(typeof t!="object")return!1;try{JSON.stringify(t)}catch(e){if(e instanceof Error&&e?.message.includes("circular structure"))return!0}return!1}function aU(t){return!!t.match(/^.+:\/\/.+$/)}function om(t){return t&&!!t.match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)}var am=(s=>(s.MILLISECONDS="milliseconds",s.SECONDS="seconds",s.MINUTES="minutes",s.HOURS="hours",s.DAYS="days",s))(am||{}),Dc={milliseconds:1,seconds:1e3,minutes:6e4,hours:36e5,days:864e5},be=class t{constructor(e){this.ms=e}to(e){return this.ms/Dc[e]}toMs(){return this.ms}toSeconds(){return this.to("seconds")}static convert(e,r,n){return n*Dc[e]/Dc[r]}static from(e,r){return new t(r*Dc[e])}static fromSeconds(e){return t.from("seconds",e)}static fromMinutes(e){return t.from("minutes",e)}static fromHours(e){return t.from("hours",e)}static fromDays(e){return t.from("days",e)}static fromMilliseconds(e){return t.from("milliseconds",e)}};async function uU(t){let e=performance.now();return[await t(),be.fromMilliseconds(performance.now()-e)]}var LS=be.fromDays(7).toSeconds();async function cU(t,e){await(await ti()).store(t,e,LS)}async function lU(t,e){let r=me();return await(await ti()).store(r,{email:t,info:e},LS),r}async function dU(t){let r=await(await ti()).get(t);if(!r)throw"Invitation is not valid or has expired, please request a new one.";return r}async function pU(t){await(await ti()).delete(t)}async function MS(){let r=(await(await ti()).scan()).map(i=>({...i.value,code:i.key}));if(!h.MULTI_TENANCY)return r;let n=j();return r.filter(i=>n===i.info.tenantId)}async function um(t){return(await MS()).filter(e=>t.includes(e.email))}async function lm(t){let e=[],r=await FS(t);e.push(...r.map(o=>o.email));let n=await kS(t);e.push(...n.map(o=>o._id));let i=await ds(t);e.push(...i.map(o=>o.email));let s=await um(t);return e.push(...s.map(o=>o.email)),[...new Set(e.map(o=>o.toLowerCase()))]}async function Cc(t){return await ra("platform_users_lowercase_2",{keys:[t.toLowerCase()],include_docs:!0})}async function da(t){return(await Cc(t))[0]??null}async function FS(t){let r={keys:t.map(i=>i.toLowerCase()),include_docs:!0},n={arrayResponse:!0};return await lr("by_email2",r,void 0,n)}async function kS(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await ra("platform_users_lowercase_2",r)}async function ds(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await ra("account_by_email",r)}var Bc={};N(Bc,{BadRequestError:()=>Pc,BudibaseError:()=>ps,EmailUnavailableError:()=>fr,FeatureDisabledError:()=>Fc,ForbiddenError:()=>Uc,HTTPError:()=>Ge,InvalidAPIKeyError:()=>fs,NotFoundError:()=>Nc,NotImplementedError:()=>Lc,UnexpectedError:()=>vc,UsageLimitError:()=>Mc,getPublicError:()=>kc});var ps=class extends Error{constructor(r,n){super(r);this.code=n}},kc=t=>{let e;return t.code&&(e={code:t.code},t.getPublicError&&(e={...e,...t.getPublicError()})),e},Ge=class t extends ps{constructor(r,n,i="http"){super(r,i);this.status=n}static async fromResponse(r){let n=await r.text(),i=n,s=r.status,o="http";try{let a=JSON.parse(n);i=a.message,s=a.status,o=a.error?.code}catch{}return new t(i,s,o)}},vc=class extends Ge{constructor(e){super(e,500)}},Nc=class extends Ge{constructor(e){super(e,404)}},Pc=class extends Ge{constructor(e){super(e,400)}},Uc=class extends Ge{constructor(e){super(e,403)}},Lc=class extends Ge{constructor(e){super(e,501)}},Mc=class extends Ge{constructor(r,n){super(r,400,"usage_limit_exceeded");this.limitName=n}getPublicError(){return{limitName:this.limitName}}},Fc=class extends Ge{constructor(r,n){super(r,400,"feature_disabled");this.featureName=n}getPublicError(){return{featureName:this.featureName}}},fs=class extends ps{constructor(){super("Invalid API key - may need re-generated, or user doesn't exist","invalid_api_key")}},fr=class extends Error{constructor(e){super(`Email already in use: '${e}'`)}};var ms=at.users.isBuilder,en=at.users.isAdmin,BS=at.users.isGlobalBuilder,GS=at.users.isAdminOrBuilder,tn=at.users.hasAdminPermissions,Tt=at.users.hasBuilderPermissions,$S=at.users.hasAppBuilderPermissions;async function di(t,e){let r=[...new Set(t.filter(i=>i.userGroups).flatMap(i=>i.userGroups))];return e=await ne().getMultiple(r,{allowMissing:!0}),t.map(i=>Gc(i,e))}async function pa(t){let e=[];return t.userGroups&&(e=await ne().getMultiple(t.userGroups)),Gc(t,e)}function Gc(t,e){let r=at.users.isCreator(t);return!r&&t?mU(t,e):r}function mU(t,e){let r=e?.filter(n=>t.userGroups?.indexOf(n._id)!==-1);return r&&r.length>0?r.some(n=>Object.values(n.roles||{}).includes("CREATOR")):!1}async function $c(t,e){if(h.MULTI_TENANCY){let r=await da(t);if(r!=null&&r.tenantId!==e)throw new fr(t)}if(!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let r=await Zr(t);if(r&&r.verified&&r.tenantId!==e)throw new fr(t)}}async function Vc(t){if(!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let e=await ds(t.map(r=>r.email));return t.find(r=>e.map(n=>n.email).includes(r.email))}}var ys={};N(ys,{account:()=>i_,action:()=>s_,ai:()=>l_,analytics:()=>Wc,app:()=>o_,auditLog:()=>x_,auth:()=>tl,automation:()=>a_,backfill:()=>A_,backfillCache:()=>Xc,backup:()=>I_,datasource:()=>u_,email:()=>c_,environmentVariable:()=>O_,group:()=>S_,identification:()=>Bt,initAsyncEvents:()=>y0,installation:()=>Aa,layout:()=>p_,license:()=>d_,org:()=>f_,plugin:()=>__,processors:()=>Tm,publishEvent:()=>A,query:()=>m_,role:()=>xa,rowAction:()=>R_,rows:()=>g_,screen:()=>h_,serve:()=>E_,shutdown:()=>E0,table:()=>y_,user:()=>ze,view:()=>T_});var Tm={};N(Tm,{analyticsProcessor:()=>XS,init:()=>UU,processors:()=>hr});var Wc={};N(Wc,{enabled:()=>qc});var qc=async()=>Qc();var jS=require("posthog-node");var hU=t=>t==="served:builder"||t==="served:app:preview"||t==="served:app",gU=t=>t==="served:app:preview"||t==="served:app";var qS={"served:app":"calendarDay","served:app:preview":"calendarDay","served:builder":"calendarDay"},WS=async t=>{if(!hU(t))return!1;let e=await yU(t);if(e){let r=new Date(e.timestamp);switch(qS[t]){case"calendarDay":return r.setDate(r.getDate()+1),r.setHours(0,0,0,0),Date.now()>r.getTime()?(await VS(t,{timestamp:Date.now()}),!1):!0}}else return await VS(t,{timestamp:Date.now()}),!1},QS=t=>{let e=`${Ce.EVENTS_RATE_LIMIT}:${t}`;return gU(t)&&(e=e+":"+Ue()),e},yU=async t=>{let e=QS(t);return await si(e)},VS=async(t,e)=>{let r=QS(t),n=qS[t],i;switch(n){case"calendarDay":i=86400}await ur(r,e,i)};var TU=["user:updated","email:smtp:updated","auth:sso:updated","app:updated","role:updated","datasource:updated","query:updated","view:updated","view:calculation:updated","automation:trigger:updated","user_group:updated"],fa=class{constructor(e){if(!e)throw new Error("Posthog token is not defined");this.posthog=new jS.PostHog(e)}async processEvent(e,r,n,i){if(TU.includes(e)||await WS(e))return;n=this.clearPIIProperties(n),n.version=h.VERSION,n.service=h.SERVICE,n.environment=r.environment,n.hosting=r.hosting;let s=Ue();s&&(n.appId=s);let o={distinctId:r.id,event:e,properties:n};i&&(o.timestamp=new Date(i)),(r.installationId||r.tenantId)&&(o.groups={},r.installationId&&(o.groups.installation=r.installationId,o.properties.installationId=r.installationId),r.tenantId&&(o.groups.tenant=r.tenantId,o.properties.tenantId=r.tenantId)),this.posthog.capture(o)}clearPIIProperties(e){return e.email&&delete e.email,e.audited&&delete e.audited,e}async identify(e,r){let n={distinctId:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.identify(n)}async identifyGroup(e,r){let n={distinctId:e.id,groupType:e.type,groupKey:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.groupIdentify(n)}async shutdown(){await this.posthog.shutdown()}};var HS=fa;var AU=["installation:version:upgraded","installation:version:downgraded"],SU=["installation","tenant"],ma=class{constructor(){h.POSTHOG_TOKEN&&!h.isTest()&&(this.posthog=new HS(h.POSTHOG_TOKEN))}async processEvent(e,r,n,i){!AU.includes(e)&&!await qc()||this.posthog&&await this.posthog.processEvent(e,r,n,i)}async identify(e,r){!SU.includes(e.type)&&!await qc()||this.posthog&&await this.posthog.identify(e,r)}async identifyGroup(e,r){this.posthog&&await this.posthog.identifyGroup(e,r)}async shutdown(){this.posthog&&await this.posthog.shutdown()}};var pm=h.SELF_HOSTED&&!h.isDev(),ha=class{async processEvent(e,r,n){pm||console.log(`[audit] [identityType=${r.type}] ${e}`,n)}async identify(e){pm||console.log("[audit] identified",e)}async identifyGroup(e){pm||console.log("[audit] group identified",e)}async shutdown(){}};var Em={};N(Em,{BudibaseQueue:()=>kt,InMemoryQueue:()=>jc,JobQueue:()=>hs,QueuedProcessor:()=>ym,UnretriableError:()=>Yc,shutdown:()=>vU});var KS=q(require("events"));function _U(t){let e="",r=-1,n,i,s=t.opts?.repeat;return s&&(i=s.endDate?new Date(s.endDate).getTime():Date.now(),n=s.tz,"cron"in s?e=s.cron:r=s.every),{id:t.id.toString(),name:"",key:t.id.toString(),tz:n,endDate:i,cron:e,every:r,next:0}}var jc=class{constructor(e,r){this._name=e,this._opts=r,this._messages=[],this._emitter=new KS.default.EventEmitter,this._runCount=0,this._addCount=0,this._queuedJobIds=new Set,this._attempts=r?.defaultJobOptions?.attempts||1}async process(e,r){r=typeof e=="number"?r:e,this._emitter.on("message",async n=>{if(!n.manualTrigger&&n.opts?.repeat!=null)return;function i(){return r.length===1?r(n):new Promise((u,c)=>{r(n,(d,f)=>{d?c(d):u(f)})})}let s=this._attempts;async function o(u,c=0){try{return await u}catch(l){if(c++,c<s&&!n._isDiscarded)return await ht.wait(100*c),await o(i(),c);throw l}}try{let u=await o(i());this._emitter.emit("completed",n,u);let c=this._messages.indexOf(n);if(c===-1)throw"Failed deleting a processed message";this._messages.splice(c,1)}catch(u){console.error(u),this._emitter.emit("error",n,u)}this._runCount++;let a=n.opts?.jobId?.toString();a&&n.opts?.removeOnComplete&&this._queuedJobIds.delete(a)})}async isReady(){return this}async add(e,r){if(typeof e=="string")throw new Error("doesn't support named jobs");let n=r,i=n?.jobId?.toString();if(i&&this._queuedJobIds.has(i)){console.log(`Ignoring already queued job ${i}`);return}if(typeof e!="object")throw"Queue only supports carrying JSON.";i&&this._queuedJobIds.add(i);let s=me(),o=()=>{let u={id:s,timestamp:Date.now(),queue:this,data:e,opts:n,discard:async()=>{u._isDiscarded=!0}};this._messages.push(u),this._messages.length>1e3&&this._messages.shift(),this._addCount++,this._emitter.emit("message",u)},a=n?.delay;return a?setTimeout(o,a):o(),{id:i,finished:()=>new Promise((u,c)=>{let l=(f,m)=>{f.id===s&&(this._emitter.off("error",l),this._emitter.off("completed",d),c(m))},d=(f,m)=>{f.id===s&&(this._emitter.off("error",l),this._emitter.off("completed",d),u(m))};this._emitter.on("error",l),this._emitter.on("completed",d)})}}async close(){}async removeRepeatableByKey(e){for(let[r,n]of this._messages.entries())if(n.id===e){this._messages.splice(r,1),this._emitter.emit("removed",n);return}}async removeJobs(e){}async clean(){return[]}async getJob(e){for(let r of this._messages)if(r.id===e)return r;return null}manualTrigger(e){for(let r of this._messages)if(r.id===e){this._emitter.emit("message",{...r,manualTrigger:!0});return}throw new Error(`Job with id ${e} not found`)}on(e,r){return this._emitter.on(e,r),this}off(e,r){return this._emitter.off(e,r),this}async count(){return this._messages.length}async getCompletedCount(){return this._runCount}async getRepeatableJobs(){return this._messages.filter(e=>e.opts?.repeat!=null).map(e=>_U(e))}async whenCurrentJobsFinished(){do await im(50);while(this.hasRunningJobs())}hasRunningJobs(){return this._addCount>this._runCount}},YS=jc;var hm=q(require("bull"));var hs=(a=>(a.AUTOMATION="automationQueue",a.APP_BACKUP="appBackupQueue",a.AUDIT_LOG="auditLogQueue",a.SYSTEM_EVENT_QUEUE="systemEventQueue",a.APP_MIGRATION="appMigration",a.DOC_WRITETHROUGH_QUEUE="docWritethroughQueue",a.DEV_REVERT_PROCESSOR="devRevertProcessorQueue",a))(hs||{});function JS(t,e,r){xU(t,e),r&&IU(t,r)}function IU(t,e){t.on("stalled",async r=>{if(e)await e(r);else if(r.opts.repeat){let n=r.id,i=await t.getRepeatableJobs();for(let s of i)s.id===n&&await t.removeRepeatableByKey(s.key);console.log(`jobId=${n} disabled`)}})}function At(t,e,r={},n={}){let i=`[BULL] ${t}=${e}`,s=r.error,o={_logKey:"bull",eventType:t,event:e,job:r.job,jobId:r.jobId||r.job?.id,...n},a;return r.job?.data?.automation&&(a={_logKey:"automation",trigger:r.job?r.job.data.automation.definition.trigger.event:void 0}),[i,s,o,a]}var OU={automationQueue:"automation-event",appBackupQueue:"app-backup-event",auditLogQueue:"audit-log-event",systemEventQueue:"system-event",appMigration:"app-migration",docWritethroughQueue:"doc-writethrough",devRevertProcessorQueue:"dev-revert-event"};function xU(t,e){let r=OU[e];function n(i,s){let o=i.data.event?.appId;if(o)return af(o,s);s()}t.on("stalled",async i=>{await n(i,()=>{console.error(...At(r,"stalled",{job:i}))})}).on("error",i=>{console.error(...At(r,"error",{error:i}))}),process.env.NODE_DEBUG?.includes("bull")&&t.on("waiting",i=>{console.info(...At(r,"waiting",{jobId:i}))}).on("active",async i=>{await n(i,()=>{console.info(...At(r,"active",{job:i}))})}).on("progress",async(i,s)=>{await n(i,()=>{console.info(...At(r,"progress",{job:i},{progress:s}))})}).on("completed",async(i,s)=>{await n(i,()=>{console.info(...At(r,"completed",{job:i},{result:s}))})}).on("failed",async(i,s)=>{await n(i,()=>{console.error(...At(r,"failed",{job:i,error:s}))})}).on("paused",()=>{console.info(...At(r,"paused"))}).on("resumed",()=>{console.info(...At(r,"resumed"))}).on("cleaned",(i,s)=>{console.info(...At(r,"cleaned",{},{length:i.length,type:s}))}).on("drained",()=>{console.info(...At(r,"drained"))}).on("removed",i=>{console.info(...At(r,"removed",{job:i}))})}var Hc={};N(Hc,{cleanup:()=>RU,clear:()=>mm,set:()=>fm});var ga=[];function fm(t,e){let r=setInterval(t,e);return ga.push(r),r}function mm(t){let e=ga.indexOf(t);e!==-1&&ga.splice(e,1),clearInterval(t)}function RU(){for(let t of ga)clearInterval(t);ga=[]}var mr=q(require("dd-trace")),ya=q(require("object-sizeof")),wU=be.fromMinutes(5).toMs(),bU=be.fromSeconds(30).toMs(),gm=be.fromSeconds(60).toMs(),Ea=[],Kc;async function zS(){for(let t of Ea)await t.clean(gm,"completed"),await t.clean(gm,"failed")}async function DU(t,e,r){let n=performance.now();try{let i=await e();return mr.default.dogstatsd.increment(`${t}.success`,1,r),i}catch(i){throw mr.default.dogstatsd.increment(`${t}.error`,1,r),i}finally{let i=performance.now()-n;mr.default.dogstatsd.distribution(`${t}.duration.ms`,i,r),mr.default.dogstatsd.increment(t,1,r)}}function ZS(t){return{"job.opts.attempts":t.attempts,"job.opts.backoff":t.backoff,"job.opts.delay":t.delay,"job.opts.jobId":t.jobId,"job.opts.lifo":t.lifo,"job.opts.preventParsingData":t.preventParsingData,"job.opts.priority":t.priority,"job.opts.removeOnComplete":t.removeOnComplete,"job.opts.removeOnFail":t.removeOnFail,"job.opts.repeat":t.repeat,"job.opts.stackTraceLimit":t.stackTraceLimit,"job.opts.timeout":t.timeout}}function CU(t){return{"job.id":t.id,"job.attemptsMade":t.attemptsMade,"job.timestamp":t.timestamp,"job.data.sizeBytes":(0,ya.default)(t.data),...ZS(t.opts||{})}}var kt=class{constructor(e,r={}){this.opts=r,this.jobQueue=e,this.queue=this.initQueue()}get name(){return this.queue.name}initQueue(){let r={redis:Xn(),settings:{maxStalledCount:this.opts.maxStalledCount?this.opts.maxStalledCount:0,lockDuration:wU,lockRenewTime:bU}};this.opts.jobOptions&&(r.defaultJobOptions=this.opts.jobOptions);let n;return h.isTest()?process.env.BULL_TEST_REDIS_PORT&&!isNaN(+process.env.BULL_TEST_REDIS_PORT)?n=new hm.default(this.jobQueue,{...r,redis:{host:"localhost",port:+process.env.BULL_TEST_REDIS_PORT}}):n=new YS(this.jobQueue,r):n=new hm.default(this.jobQueue,r),JS(n,this.jobQueue,this.opts.removeStalledCb),Ea.push(n),!Kc&&!h.isTest()&&(Kc=fm(zS,gm),zS().catch(i=>{console.error(`Unable to cleanup ${this.jobQueue} initially - ${i}`)})),n}getBullQueue(){return this.queue}process(...e){let r,n;e.length===2?(r=e[0],n=e[1]):n=e[0];let i=async(o,a)=>{await mr.default.trace("queue.process",async u=>{if(o.data._parentSpanContext){let c=o.data._parentSpanContext,l={traceId:c.traceId,spanId:c.spanId,toTraceId:()=>c.traceId,toSpanId:()=>c.spanId,toTraceparent:()=>""};u.addLink(l)}u.addTags({"queue.name":this.jobQueue,...CU(o)}),this.opts.jobTags&&u.addTags(this.opts.jobTags(o.data)),mr.default.dogstatsd.distribution("queue.process.sizeBytes",(0,ya.default)(o.data),this.metricTags()),await this.withMetrics("queue.process",()=>a?n(o,a):n(o))})},s;return n.length===1?s=o=>i(o):s=i,r?this.queue.process(r,s):this.queue.process(s)}async add(e,r){return await mr.default.trace("queue.add",async n=>(n.addTags({"queue.name":this.jobQueue,"job.data.sizeBytes":(0,ya.default)(e),...ZS(r||{})}),this.opts.jobTags&&n.addTags(this.opts.jobTags(e)),e._parentSpanContext={traceId:n.context().toTraceId(),spanId:n.context().toSpanId()},mr.default.dogstatsd.distribution("queue.add.sizeBytes",(0,ya.default)(e),this.metricTags()),await this.withMetrics("queue.add",()=>this.queue.add(e,r))))}withMetrics(e,r){return DU(e,r,this.metricTags())}metricTags(){return{queueName:this.jobQueue}}close(e){return this.queue.close(e)}whenCurrentJobsFinished(){return this.queue.whenCurrentJobsFinished()}};async function vU(){Kc&&mm(Kc),console.log("Waiting for current queue jobs to finish...");for(let t of Ea)await t.whenCurrentJobsFinished();console.log("Closing queue Redis connections...");for(let t of Ea)await t.close();Ea=[],console.log("Queues shutdown")}var Yc=class extends Error{constructor(e){super(e),this.name="PermanentError"}},ym=class{constructor(e,r={}){let{maxAttempts:n=3,removeOnFail:i=!0,removeOnComplete:s=!0,maxStalledCount:o=3}=r;this.waitForCompletionMs=r.waitForCompletionMs||1e4,this._queue=new kt(e,{maxStalledCount:o,jobOptions:{attempts:n,removeOnFail:i,removeOnComplete:s}}),this._queue.process(async(a,u)=>{try{let c=await this.processFn(a.data);u?.(null,c)}catch(c){c instanceof Yc&&await a.discard(),ci(`Failed to process job in ${this._queue.name}`,c),u?.(c)}})}async close(e){await this._queue.close(e)}async execute(e){try{let r=await this._queue.add(e);return{success:!0,result:await ht.withTimeout(this.waitForCompletionMs,()=>r.finished())}}catch(r){if(r.errno!=="ETIME")throw r;return{success:!1,reason:"timeout"}}}};var gs=class t{static{this.auditLogsEnabled=!1}static init(e){t.auditLogsEnabled=!0;let r=e;return t.auditLogQueue=new kt("auditLogQueue",{jobTags:n=>({"event.name":n.event})}),t.auditLogQueue.process(async n=>{await We(n.data.tenantId,async()=>{let i=n.data.properties;i.audited&&(i={...i,...i.audited},delete i.audited);let s={};h.ENABLE_AUDIT_LOG_IP_ADDR&&(s=n.data.opts.hostInfo),await r(n.data.event,i,{userId:n.data.opts.userId,timestamp:n.data.opts.timestamp,appId:n.data.opts.appId,hostInfo:s})})})}async processEvent(e,r,n,i){if(t.auditLogsEnabled&&sm(e)){let s=r.type==="user"?r.id:void 0;await t.auditLogQueue.add({event:e,properties:n,opts:{userId:s,timestamp:i,appId:Ue(),hostInfo:r.hostInfo},tenantId:j()})}}async identify(){}async identifyGroup(){}async shutdown(){await t.auditLogQueue?.close()}};var Ta=class{constructor(e){this.initialised=!1;this.processors=[];this.processors=e}async processEvent(e,r,n,i){for(let s of this.processors)await s.processEvent(e,r,n,i)}async identify(e,r){for(let n of this.processors)n.identify&&await n.identify(e,r)}async identifyGroup(e,r){for(let n of this.processors)n.identifyGroup&&await n.identifyGroup(e,r)}async shutdown(){for(let e of this.processors)e.shutdown&&await e.shutdown()}};var XS=new ma,NU=new ha,PU=new gs;function UU(t){return gs.init(t)}var hr=new Ta([XS,NU,PU]);var Jc={};N(Jc,{checkInstallVersion:()=>FU,getInstall:()=>Sa,getInstallFromDB:()=>Sm});var Am=q(require("semver"));var Sa=async()=>qr(Ce.INSTALLATION,86400,Sm,{useTenancy:!1});async function LU(t){let e={_id:xe.PLATFORM_INFO.docs.install,installId:me(),version:h.VERSION};try{let r=await t.put(e);return e._rev=r.rev,e}catch(r){if(r.status===409)return Sm();throw r}}var Sm=async()=>ct(xe.PLATFORM_INFO.name,async t=>{let e;try{e=await t.get(xe.PLATFORM_INFO.docs.install)}catch(r){if(r.status===404)e=await LU(t);else throw r}return e}),MU=async t=>{try{await ct(xe.PLATFORM_INFO.name,async e=>{let r=await Sa();r.version=t,await e.put(r),await ns(Ce.INSTALLATION)})}catch(e){if(e.status===409)return!1;throw e}return!0},FU=async()=>{let t=await Sa(),e=t.version,r=h.VERSION;try{if(e!==r){let n=Am.default.gt(r,e),i=Am.default.lt(r,e);await MU(r)&&(await wo({_id:t.installId,type:"installation"},async()=>{n?await Aa.upgraded(e,r):i&&await Aa.downgraded(e,r)}),await Bt.identifyInstallationGroup(t.installId))}}catch(n){n?.message?.includes("Invalid Version")?ci(`Invalid version "${r}" - is it semver?`):ci("Failed to retrieve version",n)}};var kU=async()=>{let t=$p(),e=Oa(),r;if(t?r=t.type:r="tenant",r==="installation"){let n=await pi(),i=_a();return{id:e_(n,r),hosting:i,type:r,installationId:n,environment:e}}else if(r==="tenant"){let n=await pi(),i=await zc(j()),s=_a();return{id:e_(i,r),type:r,hosting:s,installationId:n,tenantId:i,realTenantId:j(),environment:e}}else if(r==="user"){let n=t,i=await zc(j()),s=await pi(),o=n.account,a;return o?a=o.hosting:a=_a(),{id:n._id,type:r,hosting:a,installationId:s,tenantId:i,environment:e,realTenantId:j(),hostInfo:n.hostInfo}}else throw new Error("Unknown identity type")},BU=async(t,e)=>{let r=t,n="installation",i=_a(),s=h.VERSION,o=Oa(),a={id:r,type:n,hosting:i,version:s,environment:o};await _m(a,e),await Ia({...a,id:`$${n}_${r}`},e)},GU=async(t,e,r)=>{let n=await zc(t),i="tenant",s=await pi(),o=Oa(),a={id:n,type:i,hosting:e,environment:o,installationId:s};await _m(a,r),await Ia({...a,id:`$${i}_${n}`},r)},$U=async(t,e,r)=>{let n=t._id,i=await zc(t.tenantId),s="user",o=Tt(t),a=tn(t),u;Ya(t)&&(u=t.providerType);let l=(await ds([t.email])).length>0,d=!!e&&l&&e.verified,f=await pi(),m=e?e.hosting:_a(),p=Oa();await Ia({id:n,type:s,hosting:m,installationId:f,tenantId:i,verified:d,accountHolder:l,providerType:u,builder:o,admin:a,environment:p},r)},VU=async t=>{let e=t.accountId,r=t.tenantId,n="user",i=Ka(t)?t.providerType:void 0,s=t.verified,o=!0,a=t.hosting,u=await pi(),c=Oa();if(Ha(t)){let d=await Gt(t.email);d?._id&&(e=d._id)}await Ia({id:e,type:n,hosting:a,installationId:u,tenantId:r,providerType:i,verified:s,accountHolder:o,environment:c})},Ia=async(t,e)=>{await hr.identify(t,e)},_m=async(t,e)=>{await hr.identifyGroup(t,e)},Oa=()=>h.isDev()?"development":h.DEPLOYMENT_ENVIRONMENT,_a=()=>h.SELF_HOSTED?"self":"cloud",pi=async()=>qU()?"account-portal":(await Sa()).installId,zc=async t=>h.SELF_HOSTED?t_(t):t,t_=async t=>We(t,()=>qr(Ce.UNIQUE_TENANT_ID,86400,async()=>{let e=ne(),r=await Zc(),n;return r.config.uniqueTenantId?r.config.uniqueTenantId:(n=`${me()}_${t}`,r.config.uniqueTenantId=n,await e.put(r),n)})),qU=()=>h.SERVICE==="account-portal",e_=(t,e)=>e==="installation"||e==="tenant"?`$${e}_${t}`:t,Bt={getCurrentIdentity:kU,identifyInstallationGroup:BU,identifyTenantGroup:GU,identifyUser:$U,identifyAccount:VU,identify:Ia,identifyGroup:_m,getInstallationId:pi,getUniqueTenantId:t_};var Xc={};N(Xc,{end:()=>QU,isAlreadySent:()=>xm,isBackfillingEvent:()=>Om,recordEvent:()=>Im,start:()=>WU});var WU=async t=>HU({eventWhitelist:t}),Im=async(t,e)=>{let r=Rm(t,e);await ur(r,e,void 0,{useTenancy:!1})},QU=async()=>{await KU(),await YU()},jU=async()=>si(Ce.BACKFILL_METADATA),HU=async t=>ur(Ce.BACKFILL_METADATA,t),KU=async()=>{await Qo(Ce.BACKFILL_METADATA)},YU=async()=>{let t=Rm(),e=await mc(t);for(let r of e)await Qo(r,{useTenancy:!1})},Om=async t=>{let r=(await jU())?.eventWhitelist;return!!(r&&r.includes(t))},xm=async(t,e)=>{let r=Rm(t,e);return!!await si(r,{useTenancy:!1})},JU={"automation:created":t=>t.automationId,"automation:step:created":t=>t.stepId,"datasource:created":t=>t.datasourceId,"layout:created":t=>t.layoutId,"query:created":t=>t.queryId,"role:created":t=>t.roleId,"screen:created":t=>t.screenId,"table:created":t=>t.tableId,"view:created":t=>t.tableId,"view:calculation:created":t=>t.tableId,"view:filter:created":t=>t.tableId,"app:created":t=>t.appId,"app:published":t=>t.appId,"auth:sso:created":t=>t.type,"auth:sso:activated":t=>t.type,"user:created":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:builder:assigned":t=>t.userId,"role:assigned":t=>`${t.roleId}-${t.userId}`},Rm=(t,e)=>{let r,n=j();if(t){r=`${Ce.EVENTS}:${n}:${t}`;let i=JU[t],s=i?i(e):void 0;s&&(r=`${r}:${s}`)}else r=`${Ce.EVENTS}:${n}:*`;return r};var gr;function el(){gr=new kt("systemEventQueue",{jobTags:t=>({"event.name":t.event})})}async function r_(){gr&&await gr.close()}async function n_(t){gr||el();let{event:e,identity:r}=t;$h.indexOf(e)!==-1&&r.tenantId&&await gr.add(t)}var A=async(t,e,r,n)=>{let i=n||await Bt.getCurrentIdentity();if(!(n?!1:await Om(t))){await n_({event:t,identity:i,properties:e,timestamp:r}),await hr.processEvent(t,i,e,r);return}await xm(t,e)||(await hr.processEvent(t,i,e,r),await Im(t,e))};async function zU(t,e){let r={tenantId:t.tenantId};await A("account:created",r,void 0,e)}async function ZU(t){let e={tenantId:t.tenantId};await A("account:deleted",e)}async function XU(t){let e={tenantId:t.tenantId};await A("account:verified",e)}var i_={created:zU,deleted:ZU,verified:XU};async function eL(t,e){await A("action:automation_step:executed",t,e)}async function tL(t,e){await A("action:crud:executed",t,e)}async function rL(t,e){await A("action:ai_agent:executed",t,e)}var s_={aiAgentExecuted:rL,automationStepExecuted:eL,crudExecuted:tL};var nL=async(t,e)=>{let r={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:created",r,e)};async function iL(t){let e={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:updated",e)}async function sL(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:deleted",e)}async function oL(t,e){let r={appId:t.appId,audited:{name:t.name}};await A("app:published",r,e)}async function aL(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:unpublished",e)}async function uL(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:file:imported",e)}async function cL(t,e){let r={duplicateAppId:e,appId:t.appId,audited:{name:t.name}};await A("app:duplicated",r)}async function lL(t,e){let r={appId:t.appId,templateKey:e,audited:{name:t.name}};await A("app:template:imported",r)}async function dL(t,e,r){let n={appId:t.appId,currentVersion:e,updatedToVersion:r,audited:{name:t.name}};await A("app:version:updated",n)}async function pL(t,e,r){let n={appId:t.appId,currentVersion:e,revertedToVersion:r,audited:{name:t.name}};await A("app:version:reverted",n)}async function fL(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:reverted",e)}async function mL(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:exported",e)}var o_={created:nL,updated:iL,deleted:sL,published:oL,unpublished:aL,fileImported:uL,duplicated:cL,templateImported:lL,versionUpdated:dL,versionReverted:pL,reverted:fL,exported:mL};async function hL(t,e){let n={userId:(await Bt.getCurrentIdentity()).id,source:t,audited:{email:e}};await A("auth:login",n)}async function gL(t){let r={userId:(await Bt.getCurrentIdentity()).id,audited:{email:t}};await A("auth:logout",r)}async function yL(t,e){let r={type:t};await A("auth:sso:created",r,e)}async function EL(t){let e={type:t};await A("auth:sso:updated",e)}async function TL(t,e){let r={type:t};await A("auth:sso:activated",r,e)}async function AL(t){let e={type:t};await A("auth:sso:deactivated",e)}var tl={login:hL,logout:gL,SSOCreated:yL,SSOUpdated:EL,SSOActivated:TL,SSODeactivated:AL};async function SL(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:created",r,e)}async function _L(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:trigger:updated",e)}async function IL(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:deleted",e)}async function OL(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:tested",e)}var xL=async(t,e)=>{let r={count:t};await A("automations:run",r,e)};async function RL(t,e,r){let n={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:created",n,r)}async function wL(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:deleted",r)}var a_={created:SL,triggerUpdated:_L,deleted:IL,tested:OL,run:xL,stepCreated:RL,stepDeleted:wL};function wm(t){return!Object.values(qa).includes(t.source)}async function bL(t,e){let r={datasourceId:t._id,source:t.source,custom:wm(t)};await A("datasource:created",r,e)}async function DL(t){let e={datasourceId:t._id,source:t.source,custom:wm(t)};await A("datasource:updated",e)}async function CL(t){let e={datasourceId:t._id,source:t.source,custom:wm(t)};await A("datasource:deleted",e)}var u_={created:bL,updated:DL,deleted:CL};async function vL(t){let e={};await A("email:smtp:created",e,t)}async function NL(){let t={};await A("email:smtp:updated",t)}var c_={SMTPCreated:vL,SMTPUpdated:NL};async function PL(t){let e={};await A("ai:config:created",e,t)}async function UL(){let t={};await A("ai:config:updated",t)}var l_={AIConfigCreated:PL,AIConfigUpdated:UL};async function LL(t,e){let r={accountId:t.accountId,...e};await A("license:plan:changed",r)}async function ML(t){let e={accountId:t.accountId};await A("license:activated",e)}async function FL(t){let e={accountId:t.accountId};await A("license:checkout:opened",e)}async function kL(t){let e={accountId:t.accountId};await A("license:checkout:success",e)}async function BL(t){let e={accountId:t.accountId};await A("license:portal:opened",e)}async function GL(t){let e={accountId:t.accountId};await A("license:payment:failed",e)}async function $L(t){let e={accountId:t.accountId};await A("license:payment:recovered",e)}var d_={planChanged:LL,activated:ML,checkoutOpened:FL,checkoutSuccess:kL,portalOpened:BL,paymentFailed:GL,paymentRecovered:$L};async function VL(t,e){let r={layoutId:t._id};await A("layout:created",r,e)}async function qL(t){let e={layoutId:t};await A("layout:deleted",e)}var p_={created:VL,deleted:qL};async function WL(t){let e={};await A("org:info:name:updated",e,t)}async function QL(t){let e={};await A("org:info:logo:updated",e,t)}async function jL(t){let e={};await A("org:platformurl:updated",e,t)}async function HL(){let t={};await A("analytics:opt:out",t)}async function KL(){let t={};await A("analytics:opt:out",t)}var f_={nameUpdated:WL,logoUpdated:QL,platformURLUpdated:jL,analyticsOptOut:HL,analyticsOptIn:KL};var YL=async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:created",n,r)},JL=async(t,e)=>{let r={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:updated",r)},zL=async(t,e)=>{let r={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:deleted",r)},ZL=async(t,e,r)=>{let n={datasourceId:t._id,source:t.source,count:r,importSource:e};await A("query:import",n)},XL=async(t,e)=>{let r={count:t};await A("queries:run",r,e)},eM=async(t,e)=>{let r={queryId:e.queryId,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:previewed",r)},m_={created:YL,updated:JL,deleted:zL,imported:ZL,run:XL,previewed:eM};async function tM(t,e){let r={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:created",r,e)}async function rM(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:updated",e)}async function nM(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:deleted",e)}async function iM(t,e,r){let n={userId:t._id,roleId:e};await A("role:assigned",n,r)}async function sM(t,e){let r={userId:t._id,roleId:e};await A("role:unassigned",r)}var xa={created:tM,updated:rM,deleted:nM,assigned:iM,unassigned:sM};async function oM(t,e){let r={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:created",r,e)}async function aM(t){let e={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:deleted",e)}var h_={created:oM,deleted:aM};var uM=async(t,e)=>{let r={count:t};await A("rows:created",r,e)},cM=async(t,e)=>{let r={tableId:t._id,count:e};await A("rows:imported",r)},g_={created:uM,imported:cM};async function lM(t,e){let r={tableId:t._id,audited:{name:t.name}};await A("table:created",r,e)}async function dM(t,e){let r,n;for(let s in e.schema)if(!t.schema[s]){let o=e.schema[s];"default"in o&&o.default!=null&&(r=!0),o.type==="ai"&&(n=o.operation)}let i={tableId:e._id,defaultValues:r,aiColumn:n,audited:{name:e.name}};(r||n)&&await A("table:updated",i)}async function pM(t){let e={tableId:t._id,audited:{name:t.name}};await A("table:deleted",e)}async function fM(t,e){let r={tableId:t._id,format:e,audited:{name:t.name}};await A("table:exported",r)}async function mM(t){let e={tableId:t._id,audited:{name:t.name}};await A("table:imported",e)}var y_={created:lM,updated:dM,deleted:pM,exported:fM,imported:mM};async function hM(t){let e={timezone:t};await A("served:builder",e)}async function gM(t,e,r){let n={appVersion:t.version,timezone:e,embed:r===!0};await A("served:app",n)}async function yM(t,e){let r={appId:t.appId,appVersion:t.version,timezone:e};await A("served:app:preview",r)}var E_={servedBuilder:hM,servedApp:gM,servedAppPreview:yM};async function EM(t,e){let r={userId:t._id,viaScim:Ut(),audited:{email:t.email}};await A("user:created",r,e)}async function TM(t){let e={userId:t._id,viaScim:Ut(),audited:{email:t.email}};await A("user:updated",e)}async function AM(t){let e={userId:t._id,viaScim:Ut(),audited:{email:t.email}};await A("user:deleted",e)}async function SM(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:admin:assigned",r,e)}async function _M(t){let e={userId:t._id,audited:{email:t.email}};await A("user:admin:removed",e)}async function IM(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:builder:assigned",r,e)}async function OM(t){let e={userId:t._id,audited:{email:t.email}};await A("user:builder:removed",e)}async function xM(t){let e={audited:{email:t}};await A("user:invited",e)}async function RM(t){let e={userId:t._id,audited:{email:t.email}};await A("user:invite:accepted",e)}async function wM(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:force:reset",e)}async function bM(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:updated",e)}async function DM(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset:requested",e)}async function CM(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset",e)}async function vM(t){let e={users:t};await A("user:data:collaboration",e)}var ze={created:EM,updated:TM,deleted:AM,permissionAdminAssigned:SM,permissionAdminRemoved:_M,permissionBuilderAssigned:IM,permissionBuilderRemoved:OM,invited:xM,inviteAccepted:RM,passwordForceReset:wM,passwordUpdated:bM,passwordResetRequested:DM,passwordReset:CM,dataCollaboration:vM};async function NM(t,e){let r={name:t.name,type:t.type,tableId:t.tableId};await A("view:created",r,e)}async function PM(t){let e={tableId:t.tableId};await A("view:updated",e)}async function UM(t){let e={tableId:t.tableId};await A("view:deleted",e)}async function LM(t,e){let r={tableId:t._id,format:e};await A("view:exported",r)}async function MM({tableId:t,filterGroups:e},r){let n={tableId:t,filterGroups:e};await A("view:filter:created",n,r)}async function FM({tableId:t,filterGroups:e}){let r={tableId:t,filterGroups:e};await A("view:filter:updated",r)}async function kM(t){let e={tableId:t.tableId};await A("view:filter:deleted",e)}async function BM({tableId:t,calculationType:e},r){let n={tableId:t,calculation:e};await A("view:calculation:created",n,r)}async function GM(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:updated",e)}async function $M(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:deleted",e)}async function VM(t,e){let r={tableId:t};await A("view:join:created",r,e)}var T_={created:NM,updated:PM,deleted:UM,exported:LM,filterCreated:MM,filterUpdated:FM,filterDeleted:kM,calculationCreated:BM,calculationUpdated:GM,calculationDeleted:$M,viewJoinCreated:VM};async function qM(t){let e={currentVersion:t};await A("installation:version:checked",e)}async function WM(t,e){let r={from:t,to:e};await A("installation:version:upgraded",r)}async function QM(t,e){let r={from:t,to:e};await A("installation:version:downgraded",r)}async function jM(){let t={};await A("installation:firstStartup",t)}var Aa={versionChecked:qM,upgraded:WM,downgraded:QM,firstStartup:jM};var Ts=!h.SELF_HOSTED&&!h.isDev();async function HM(t){Ts||await A("app:backfill:succeeded",t)}async function KM(t){if(Ts)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("app:backfill:failed",e)}async function YM(t){Ts||await A("tenant:backfill:succeeded",t)}async function JM(t){if(Ts)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("tenant:backfill:failed",e)}async function zM(){if(Ts)return;let t={};await A("installation:backfill:succeeded",t)}async function ZM(t){if(Ts)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("installation:backfill:failed",e)}var A_={appSucceeded:HM,appFailed:KM,tenantSucceeded:YM,tenantFailed:JM,installationSucceeded:zM,installationFailed:ZM};async function XM(t,e){let r={groupId:t._id,viaScim:Ut(),audited:{name:t.name}};await A("user_group:created",r,e)}async function e0(t){let e={groupId:t._id,viaScim:Ut(),audited:{name:t.name}};await A("user_group:updated",e)}async function t0(t){let e={groupId:t._id,viaScim:Ut(),audited:{name:t.name}};await A("user_group:deleted",e)}async function r0(t,e){let r={count:t,groupId:e._id,viaScim:Ut(),audited:{name:e.name}};await A("user_group:user_added",r)}async function n0(t,e){let r={count:t,groupId:e._id,viaScim:Ut(),audited:{name:e.name}};await A("user_group:users_deleted",r)}async function i0(t){let e={groupId:t,onboarding:!0};await A("user_group:onboarding_added",e)}async function s0(t){let e={permissions:t.roles,groupId:t._id,audited:{name:t.name}};await A("user_group:permissions_edited",e)}var S_={created:XM,updated:e0,deleted:t0,usersAdded:r0,usersDeleted:n0,createdOnboarding:i0,permissionsEdited:s0};async function o0(t){let e={type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:init",e)}async function a0(t){let e={pluginId:t._id,type:t.schema.type,source:t.source,name:t.name,description:t.description,version:t.version};await A("plugin:imported",e)}async function u0(t){let e={pluginId:t._id,type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:deleted",e)}var __={init:o0,imported:a0,deleted:u0};async function c0(t){let e={appId:t.appId,restoreId:t._id,backupCreatedAt:t.timestamp,name:t.name};await A("app:backup:restored",e)}async function l0(t,e,r,n,i){let s={appId:t,backupId:e,type:r,trigger:n,name:i};await A("app:backup:triggered",s)}var I_={appBackupRestored:c0,appBackupTriggered:l0};async function d0(t,e){let r={name:t,environments:e};await A("environment_variable:created",r)}async function p0(t){let e={name:t};await A("environment_variable:deleted",e)}async function f0(t){let e={userId:t};await A("environment_variable:upgrade_panel_opened",e)}var O_={created:d0,deleted:p0,upgradePanelOpened:f0};async function m0(t){let e={filters:t};await A("audit_log:filtered",e)}async function h0(t){let e={filters:t};await A("audit_log:downloaded",e)}var x_={filtered:m0,downloaded:h0};async function g0(t,e){await A("row_action:created",t,e)}var R_={created:g0};function y0(){}var E0=async()=>{await hr.shutdown(),console.log("Events shutdown")};var bm=async t=>{await ze.deleted(t),Tt(t)&&await ze.permissionBuilderRemoved(t),tn(t)&&await ze.permissionAdminRemoved(t)},T0=async(t,e,r)=>{for(let[n,i]of Object.entries(e))(!r||r[n]!==i)&&await xa.assigned(t,i)},A0=async(t,e,r)=>{if(r)for(let[n,i]of Object.entries(r))(!e||e[n]!==i)&&await xa.unassigned(t,i)},S0=async(t,e)=>{let r=t.roles,n=e?.roles;await T0(t,r,n),await A0(t,r,n)},Dm=async(t,e)=>{let r=j(),n;!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL&&(n=await cs(r)),await Bt.identifyUser(t,n),e?(await ze.updated(t),I0(t,e)&&await ze.permissionBuilderRemoved(t),x0(t,e)&&await ze.permissionAdminRemoved(t),!e.forceResetPassword&&t.forceResetPassword&&t.password&&await ze.passwordForceReset(t),t.password!==e.password&&await ze.passwordUpdated(t)):await ze.created(t),_0(t,e)&&await ze.permissionBuilderAssigned(t),O0(t,e)&&await ze.permissionAdminAssigned(t),await S0(t,e)},_0=(t,e)=>w_(t,e,Tt),I0=(t,e)=>b_(t,e,Tt),O0=(t,e)=>w_(t,e,tn),x0=(t,e)=>b_(t,e,tn),w_=(t,e,r)=>!(!r(t)||e&&r(e)),b_=(t,e,r)=>!(r(t)||!e||!r(e));var rl={};N(rl,{createASession:()=>w0,endSession:()=>b0,getSession:()=>vm,getSessionsForUser:()=>Ra,invalidateSessions:()=>fi,updateSessionTTL:()=>Cm});var C_=require("uuid");var v_=h.SESSION_EXPIRY_SECONDS?parseInt(h.SESSION_EXPIRY_SECONDS):be.fromDays(7).toSeconds();function As(t,e){return`${t}/${e}`}async function Ra(t){return t?(await(await $r()).scan(t)).map(n=>n.value):(console.trace("Cannot get sessions for undefined userId"),[])}async function fi(t,e={}){try{let r=e?.reason||"unknown",n=e.sessionIds||[],i;if(n.length===0?i=(await Ra(t)).map(o=>({key:As(o.userId,o.sessionId)})):(n=Array.isArray(n)?n:[n],i=n.map(s=>({key:As(t,s)}))),i&&i.length>0){let s=await $r(),o=[];for(let a of i)o.push(s.delete(a.key));h.isTest()||us(`Invalidating sessions for ${t} (reason: ${r}) - ${i.map(a=>a.key).join(", ")}`),await Promise.all(o)}}catch(r){console.error(`Error invalidating sessions: ${r}`)}}async function w0(t,e){let r=await Ra(t),n=0;if(r.length>=3){let c=r.sort((f,m)=>new Date(f.createdAt).getTime()-new Date(m.createdAt).getTime()),l=r.length-3+1,d=c.slice(0,l).map(f=>f.sessionId);n=d.length,await fi(t,{sessionIds:d,reason:"session limit exceeded"})}let i=await $r(),s=e.sessionId,o=e.csrfToken?e.csrfToken:(0,C_.v4)(),a=As(t,s),u={...e,csrfToken:o,createdAt:new Date().toISOString(),lastAccessedAt:new Date().toISOString(),userId:t};return await i.store(a,u,v_),{session:u,invalidatedSessionCount:n}}async function Cm(t){let e=await $r(),r=As(t.userId,t.sessionId);t.lastAccessedAt=new Date().toISOString(),await e.store(r,t,v_)}async function b0(t,e){await(await $r()).delete(As(t,e))}async function vm(t,e){if(!t||!e)throw new Error(`Invalid session details - ${t} - ${e}`);let n=await(await $r()).get(As(t,e));if(!n)throw new Error(`Session not found - ${t} - ${e}`);return n}var Lm={};N(Lm,{PASSWORD_MAX_LENGTH:()=>Pm,PASSWORD_MIN_LENGTH:()=>Nm,validatePassword:()=>Um});var Nm=+(h.PASSWORD_MIN_LENGTH||12),Pm=+(h.PASSWORD_MAX_LENGTH||512);function Um(t){return!t||t.length<Nm?{valid:!1,error:`Password invalid. Minimum ${Nm} characters.`}:t.length>Pm?{valid:!1,error:`Password invalid. Maximum ${Pm} characters.`}:{valid:!0}}var D0=async t=>{let e=t._id;await Mt.removeUser(t),await bm(t),await nn.invalidateUser(e),await fi(e,{reason:"bulk-deletion"})},Yt=class t{static init(e,r,n){t.quotas=e,t.groups=r,t.features=n}static async isPreventPasswordActions(e,r){return h.ENABLE_SSO_MAINTENANCE_MODE&&en(e)?!1:await t.features.isSSOEnforced()||Ya(e)?!0:(r||(r=await cs(j())),!!(r&&r.email===e.email&&Ka(r)))}static async buildUser(e,r={hashPassword:!0,requirePassword:!0},n,i,s){let{password:o,_id:a}=e;i&&!i.password&&(r.requirePassword=!1);let u;if(o){if(await t.isPreventPasswordActions(e,s))throw new Ge("Password change is disabled for this user",400);if(!r.skipPasswordValidation){let d=Um(o);if(!d.valid)throw new Ge(d.error,400)}u=r.hashPassword?await tm(o):o}else i&&(u=i.password);let c=r.requirePassword&&!await t.features.isSSOEnforced();if(!u&&c)throw"Password must be specified.";a=a||is();let l={createdAt:Date.now(),...i,...e,_id:a,password:u,tenantId:n};return l.roles||(l.roles={}),l.status==null&&(l.status="active"),l}static async allUsers(){return(await ne().allDocs(ai(null,{include_docs:!0}))).rows.map(n=>n.doc)}static async countUsersByApp(e){return{userCount:(await il(e,{})).length}}static async getUsersByAppAccess(e){return await Mm(e.appId,{limit:e.limit||50})}static async getUserByEmail(e){return Gt(e)}static async getUser(e){let r=await mi(e);return r&&delete r.password,r}static async bulkGet(e){return await nl(e)}static async bulkUpdate(e){return await wa(e)}static async save(e,r={}){r.hashPassword==null&&(r.hashPassword=!0),r.requirePassword==null&&(r.requirePassword=!0);let n=j(),i=ne(),{email:s,_id:o,userGroups:a=[],roles:u}=e;if(!s&&!o)throw new Error("_id or email is required");let c;if(o)try{if(c=await mi(o),s&&c.email!==s&&!r.allowChangingEmail)throw new Error("Email address cannot be changed")}catch(f){if(f.status!==404)throw f}if(!c&&s&&(c=await Gt(s),c&&c._id!==o))throw new fr(s);let l=1,d=0;if((r.isAccountHolder||c)&&(l=0,d=1),c){let[f,m]=await di([c,e]);d=f!==m?1:0}return t.quotas.addUsers(l,d,async()=>{r.isAccountHolder||await $c(s,n);let f=await t.buildUser(e,r,n,c);r.currentUserId&&r.currentUserId===c?._id&&(f=Fm(f,c)),!c&&u?.length&&(f.roles={...u});let m=[];if(!o&&a.length>0)for(let p of a)m.push(t.groups.addUsers(p,[f._id]));try{let p=await i.put(f);return f._rev=p.rev,await Dm(f,c),c&&f.email!==c.email&&await Mt.removeUser({email:c.email}),await Mt.addUser(n,f._id,f.email,f.ssoId),await nn.invalidateUser(p.id),await Promise.all(m),i.get(f._id)}catch(p){throw p.status===409?"User exists already":p}})}static async bulkCreate(e,r){let n=j(),i=[],s=[],o=[],a=e.map(f=>f.email),u=await lm(a),c=[];for(let f of e){let m=s.find(g=>g.email.toLowerCase()===f.email.toLowerCase()),p=u.includes(f.email.toLowerCase());if(m||p){c.push({email:f.email,reason:"Unavailable"});continue}f.userGroups=r||[],s.push(f),await pa(f)&&o.push(f)}let l=await cs(n),d=await t.features.isSSOEnforced();return t.quotas.addUsers(s.length,o.length,async()=>{for(let p of s)d&&delete p.password,i.push(t.buildUser(p,{hashPassword:!0,requirePassword:!d},n,void 0,l));let f=await Promise.all(i);await wa(f);for(let p of f)await Mt.addUser(n,p._id,p.email),await Dm(p,void 0);let m=f.map(p=>({_id:p._id,email:p.email}));if(Array.isArray(m)&&r){let p=[],g=m.map(y=>y._id);for(let y of r)p.push(t.groups.addUsers(y,g));await Promise.all(p)}return{successful:m,unsuccessful:c}})}static async bulkDelete(e){let r=ne(),n={successful:[],unsuccessful:[]},i=await Vc(e);i&&(e=e.filter(m=>m.userId!==i.userId),n.unsuccessful.push({_id:i.userId,email:i.email,reason:"Account holder cannot be deleted"}));let o=(await r.allDocs({include_docs:!0,keys:e.map(m=>m.userId)})).rows.map(m=>m.doc),a=o.map(m=>({...m,_deleted:!0})),u=await wa(a),l=(await di(o)).filter(m=>m).length,d=[];for(let m of o){let g=(await da(m._id)).ssoId;g&&(await Cc(g)).filter(T=>T.ssoId==null).forEach(T=>{d.push({...T,_deleted:!0})}),await D0(m)}await Wr().bulkDocs(d),await t.quotas.removeUsers(a.length,l);let f={};return o.reduce((m,p)=>(m[p._id]=p,m),f),u.forEach(m=>{let p=f[m.id].email;m.ok?n.successful.push({_id:m.id,email:p}):n.unsuccessful.push({_id:m.id,email:p,reason:"Database error"})}),n}static async destroy(e){let r=ne(),n=await r.get(e),i=n._id;if(!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let o=n.email;if(await Zr(o))throw n.userId===ar()._id?new Ge('Please visit "Account" to delete this user',400):new Ge("Account holder cannot be deleted",400)}await Mt.removeUser(n),await r.remove(i,n._rev);let s=await pa(n)?1:0;await t.quotas.removeUsers(1,s),await bm(n),await nn.invalidateUser(i),await fi(i,{reason:"deletion"})}static async createAdminUser(e,r,n){let i=n?.password,s={email:e,password:i,createdAt:Date.now(),roles:{},builder:{global:!0},admin:{global:!0},tenantId:r,firstName:n?.firstName,lastName:n?.lastName};return n?.ssoId&&(s.ssoId=n.ssoId),await ns(Ce.CHECKLIST),await t.save(s,{hashPassword:n?.hashPassword,requirePassword:n?.requirePassword,skipPasswordValidation:n?.skipPasswordValidation,isAccountHolder:!0})}static async getGroups(e){return await this.groups.getBulk(e)}static async getGroupBuilderAppIds(e){return await this.groups.getGroupBuilderAppIds(e)}};function Da(t){return Array.isArray(t)?t.map(e=>{if(e)return delete e.password,e}):t&&(delete t.password,t)}async function nl(t,e){let n=(await ne().allDocs({keys:t,include_docs:!0})).rows.map(i=>i.doc);return e?.cleanup&&(n=Da(n)),n}async function v0(){let t=ne(),e=`us${v}`;return(await t.allDocs({startkey:e,endkey:`${e}${$e}`})).rows.map(n=>n.id)}async function N0(){let t=ne(),e=`us${v}`;return(await t.allDocs({startkey:e,endkey:`${e}${$e}`,include_docs:!0})).rows.map(n=>n.doc)}async function wa(t){return await ne().bulkDocs(t)}async function mi(t,e){let n=await ne().get(t);return e?.cleanup&&(n=Da(n)),n}async function Gt(t,e){if(t==null)throw"Must supply an email address to view";let r=await lr("by_email2",{key:t.toLowerCase(),include_docs:!0});if(Array.isArray(r))throw new Error(`Multiple users found with email address: ${t}`);let n=r;return e?.cleanup&&(n=Da(n)),n}async function P0(t){try{let e=await Gt(t);if(Array.isArray(e)||e!=null)return!0}catch{return!1}return!1}async function il(t,e,r){if(typeof t!="string")throw new Error("Must provide a string based app ID");let n=Ac(t,{include_docs:!0});n.startkey=e&&e.startkey?e.startkey:n.startkey;let i=await lr("by_app",n);i||(i=[]);let s=Array.isArray(i)?i:[i];return r?.cleanup&&(s=Da(s)),s}async function Mm(t,e){let r=`roles.${t}`,n=[{"builder.global":!0},{"admin.global":!0}];if(t){let o={[r]:{$exists:!0}};n.push(o)}return(await ne().find({selector:{$or:n,_id:{$regex:"^us_"}},limit:e?.limit||50})).docs}function N_(t,e){if(e)return Tc(ut(t),e._id)}async function P_(t,e,r){if(typeof t!="string")throw new Error("Must provide a string to search by");let n=t.toLowerCase(),i=e&&e.startkey?e.startkey:n,s=await lr("by_email2",{...e,startkey:i,endkey:`${n}${$e}`});s||(s=[]);let o=Array.isArray(s)?s:[s];return r?.cleanup&&(o=Da(o)),o}var U0=8;async function U_({bookmark:t,query:e,appId:r,limit:n}={}){let i=ne(),s=n??U0,a={include_docs:!0,limit:s+1};t&&(a.startkey=t);let u,c="_id",l;return e?.equal?._id?u=[await mi(e.equal._id)]:r?(u=await il(r,a),l=d=>N_(r,d)):e?.string?.email?(u=await P_(e?.string?.email,a),c="email"):e?.oneOf?._id?u=await nl(e?.oneOf?._id,{cleanup:!0}):e?(u=(await i.allDocs(ai(null,{...a,limit:void 0}))).rows.map(f=>f.doc),u=Lr.search(u,{query:e,limit:a.limit}).rows):u=(await i.allDocs(ai(null,a))).rows.map(f=>f.doc),Nf(u,s,{paginate:!0,property:c,getKey:l})}async function L0(){return(await Lf("by_email2",{limit:0,include_docs:!1})).total_rows}async function M0(){let t=0;async function e(r){let n=await U_({bookmark:r}),i=await di(n.data);t+=i.filter(s=>s).length,n.hasNextPage&&await e(n.nextPage)}return await e(),t}function F0(t){return delete t.admin,delete t.builder,t}function Fm(t,e){return delete t.admin,delete t.builder,delete t.roles,e&&(t.admin=e.admin,t.builder=e.builder,t.roles=e.roles),t}async function k0(t,e){let r=ut(e);t.builder??={},t.builder.creator=!0,t.builder.apps??=[],t.builder.apps.push(r),await Yt.save(t,{hashPassword:!1})}async function B0(t,e){let r=ut(e);t.builder&&t.builder.apps?.includes(r)&&(t.builder.apps=t.builder.apps.filter(n=>n!==r)),await Yt.save(t,{hashPassword:!1})}var L_=3600;async function G0(t,e){let n=await If(e).get(t);if(n.budibaseAccess=!0,!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let i=await Zr(n.email);i&&(n.account=i,n.accountPortalAccess=!0)}return n}async function $0(t){let e=await Yt.bulkGet(t),r=t.filter((i,s)=>!e[s]),n=e.filter(i=>i);return await Promise.all(n.map(async i=>{if(i.budibaseAccess=!0,!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let s=await Zr(i.email);s&&(i.account=s,i.accountPortalAccess=!0)}})),r.length?{users:n,notFoundIds:r}:{users:n}}async function Ca({userId:t,tenantId:e,email:r,populateUser:n}){if(n||(n=G0),!e)try{e=j()}catch{e=await Mt.lookupTenantId(t)}let i=await qo(),s=await i.get(t);return s||(s=await n(t,e,r),await i.store(t,s,L_)),s&&!s.tenantId&&e&&(s.tenantId=e),s.userGroups&&!at.users.isGlobalBuilder(s)&&await We(e,async()=>{let o=await Yt.getGroupBuilderAppIds(s);if(o.length){let a=s.builder?.apps||[];s.builder={apps:[...new Set(a.concat(o))]}}}),s}async function V0(t){let e=await qo(),r=await e.bulkGet(t),n=t.filter(o=>!r[o]),i=Object.values(r).filter(o=>!!o),s;if(n.length){let o=await $0(n);s=o.notFoundIds;for(let a of o.users)await e.store(a._id,a,L_);i.push(...o.users)}return{users:i,notFoundIds:s}}async function va(t){await(await qo()).delete(t)}var Vm={};N(Vm,{Writethrough:()=>Gm});var _s={};N(_s,{AUTO_EXTEND_POLLING_MS:()=>F_,doWithLock:()=>km,newRedlock:()=>hi});var M_=q(require("redlock"));async function W0(t,e){if(t==="custom")return hi(e);switch(t){case"try_once":return hi(Ss.TRY_ONCE);case"try_twice":return hi(Ss.TRY_TWICE);case"default":return hi(Ss.DEFAULT);case"delay_500":return hi(Ss.DELAY_500);case"auto_extend":return hi(Ss.AUTO_EXTEND);default:throw br.unreachable(t)}}var Ss={TRY_ONCE:{retryCount:0},TRY_TWICE:{retryCount:1},DEFAULT:{driftFactor:.01,retryCount:10,retryDelay:200,retryJitter:100},DELAY_500:{retryDelay:500},CUSTOM:{},AUTO_EXTEND:{retryCount:-1}};async function hi(t={}){let e={...Ss.DEFAULT,...t},n=(await _f()).client;return new M_.default([n],e)}function Q0(t){let r=`lock:${t.systemLock?"system":j()}_${t.name}`;return t.resource&&(r=r+`_${t.resource}`),r}var F_=be.fromSeconds(10).toMs();async function km(t,e){let r=await W0(t.type,t.customOptions),n,i;try{let s=Q0(t),o=t.type==="auto_extend"?F_:t.ttl;if(n=await r.lock(s,o),t.type==="auto_extend"){let u=()=>{i=setTimeout(async()=>{n=await n.extend(o,()=>t.onExtend&&t.onExtend()),u()},o/2)};u()}return{executed:!0,result:await e()}}catch(s){if(s.name==="LockError"){if(t.type==="try_once")return{executed:!1};throw s}else throw s}finally{clearTimeout(i),await n?.unlock()}}var k_=1e4,Bm=null;async function sl(){if(!Bm){let t=await Sf();Bm=new ri(t)}return Bm}function Na(t,e){return t.name+e}function $m(t,e=null){return{doc:t,lastWrite:e||Date.now()}}async function j0(t,e,r=k_){let n=await sl(),i=e._id,s;i&&(s=await n.get(Na(t,i)));let o=!s||s.lastWrite<Date.now()-r,a=e;return o&&((await km({type:"try_once",name:"persist_writethrough",resource:i,ttl:15e3},async()=>{let c=async l=>{let d=await t.put(l,{force:!0});a._id=d.id,a._rev=d.rev};try{await c(e)}catch(l){if(l.status!==409)throw l;us("Ignoring conflict in write-through cache")}})).executed||us("Ignoring redlock conflict in write-through cache")),s=$m(a,o?null:s?.lastWrite),a._id&&await n.store(Na(t,a._id),s),{ok:!0,id:a._id,rev:a._rev}}async function H0(t,e){let r=await sl(),n=Na(t,e),i=await r.get(n);if(!i){let s=await t.get(e);i=$m(s),await r.store(n,i)}return i.doc}async function K0(t,e){let r=await sl(),n=Na(t,e),i=await r.get(n);if(!i){let s=await t.tryGet(e);if(!s)return null;i=$m(s),await r.store(n,i)}return i.doc}async function Y0(t,e,r){let n=await sl();if(!e)throw new Error("No ID/Rev provided.");let i=typeof e=="string"?e:e._id;r=typeof e=="string"?r:e._rev;try{await n.delete(Na(t,i))}finally{await t.remove(i,r)}}var Gm=class{constructor(e,r=k_){this.db=e,this.writeRateMs=r}async put(e,r=this.writeRateMs){return j0(this.db,e,r)}async get(e){return H0(this.db,e)}async tryGet(e){return K0(this.db,e)}async remove(e,r){return Y0(this.db,e,r)}};var qm={};N(qm,{createCode:()=>z0,getCode:()=>Z0,invalidateCode:()=>X0});var J0=be.fromHours(1).toSeconds();async function z0(t,e){let r=me();return await(await Wo()).store(r,{userId:t,info:e},J0),r}async function Z0(t){let r=await(await Wo()).get(t);if(!r)throw new Error("Provided information is not valid, cannot reset password - please try again.");return r}async function X0(t){await(await Wo()).delete(t)}var Qm={};N(Qm,{DocWritethrough:()=>Wm,DocWritethroughProcessor:()=>Pa,getProcessor:()=>tF,init:()=>B_});var eF=100,ol,Pa=class t{static get queue(){return t._queue||(t._queue=new kt("docWritethroughQueue",{jobOptions:{attempts:eF}})),t._queue}init(){return t.queue.process(async e=>{try{await this.persistToDb(e.data)}catch(r){throw r.status===409?new Error(`Conflict persisting message ${e.id}. Attempt ${e.attemptsMade}`):r}}),this}async persistToDb({dbName:e,docId:r,data:n}){if(r.startsWith("scimlog"))return;let i=qe(e),s;try{s=await i.get(r)}catch{s={_id:r}}s={...s,...n},await i.put(s)}},Wm=class{constructor(e,r){this.db=e,this._docId=r}get docId(){return this._docId}async patch(e){await Pa.queue.add({dbName:this.db.name,docId:this.docId,data:e})}};function B_(){return ol=new Pa().init(),ol}function tF(){return ol||B_()}function al(t){return`config${v}${t}`}async function St(t){let e=ne();try{return await e.get(al(t))}catch(r){if(r.status===404)return;throw r}}async function rF(t){return t._id||(t._id=al(t.type)),ne().put(t)}async function Zc(){let t=await St("settings");return t||(t={_id:al("settings"),type:"settings",config:{}}),t.config.platformUrl=await Ua({tenantAware:!0,config:t.config}),t.config.analyticsEnabled=await Qc({config:t.config}),t}async function Km(){return(await Zc()).config}async function Ua(t={tenantAware:!0}){let e=h.PLATFORM_URL||"http://localhost:10000";if(!h.SELF_HOSTED&&h.MULTI_TENANCY&&t.tenantAware){let r=j();e.includes("localhost:")||(e=e.replace("://",`://${r}.`))}else if(h.SELF_HOSTED){let r=t?.config?t.config:(await St("settings"))?.config;r?.platformUrl&&(e=r.platformUrl)}return e}var Qc=async t=>{if(!h.SELF_HOSTED)return!!h.ENABLE_ANALYTICS;let e=await qr(Ce.ANALYTICS_ENABLED,86400,async()=>{let n=t?.config?t.config:(await St("settings"))?.config;if(n?.analyticsEnabled===!1)return!1;if(n?.analyticsEnabled===!0)return!0});if(e!==void 0)return e;let r=h.ENABLE_ANALYTICS;return!(r===0||r===!1)};async function nF(){return await St("google")}async function ul(){return(await nF())?.config}async function Ym(){if(!h.SELF_HOSTED)return jm();let t=await ul();return(!t||!t.activated)&&(t=jm()),t}function jm(){if(h.GOOGLE_CLIENT_ID&&h.GOOGLE_CLIENT_SECRET)return{clientID:h.GOOGLE_CLIENT_ID,clientSecret:h.GOOGLE_CLIENT_SECRET,activated:!0}}async function iF(){return St("logos_oidc")}async function sF(){return St("oidc")}async function oF(){let t=(await sF())?.config;return t?.configs&&t.configs[0]}async function Jm(t){let e=(await St("oidc"))?.config;return e&&e.configs.filter(r=>r.uuid===t)[0]}async function G_(){return St("smtp")}async function aF(t){let e=await G_();if(e)return e.config;let r=h.SELF_HOSTED||!t;if(h.SMTP_FALLBACK_ENABLED&&r)return{port:h.SMTP_PORT,host:h.SMTP_HOST,secure:!1,from:h.SMTP_FROM_ADDRESS,auth:{user:h.SMTP_USER,pass:h.SMTP_PASSWORD},fallback:!0}}async function uF(){return(await St("scim"))?.config}async function cF(){return St("ai")}async function lF(){return St("recaptcha")}var oh={};N(oh,{AccessController:()=>Xm,BUILTIN_ROLE_IDS:()=>eh,Role:()=>sn,RoleHierarchyTraversal:()=>cl,RoleIDVersion:()=>th,builtinRoleToNumber:()=>La,checkForRoleResourceArray:()=>W_,externalRole:()=>gF,findRole:()=>Ma,getAllRoleIds:()=>AF,getAllRoles:()=>sh,getBuiltinRole:()=>V_,getBuiltinRoles:()=>nh,getDBRoleID:()=>Q_,getExternalRoleID:()=>on,getExternalRoleIDs:()=>j_,getRole:()=>yF,getUserRoleHierarchy:()=>ih,getUserRoleIdHierarchy:()=>q_,isBuiltin:()=>gi,lowerBuiltinRoleID:()=>hF,prefixRoleIDNoBuiltin:()=>Zm,roleIDsAreEqual:()=>_t,roleToNumber:()=>mF,saveRoles:()=>EF,validInherits:()=>fF});var zm=q(require("semver"));var ll=q(require("lodash/fp/cloneDeep"));var $_=require("lodash");var eh={ADMIN:"ADMIN",POWER:"POWER",BASIC:"BASIC",PUBLIC:"PUBLIC"},he={...eh,BUILDER:"BUILDER"},th={UUID:void 0,NAME:"name"};function pF(t,e){return Array.isArray(e)?e.filter(r=>t.includes(r)).length===e.length:t.includes(e)}var sn=class{constructor(e,r,n,i){this.permissions={};this._id=e,this.name=r,this.uiMetadata=i,this.permissionId=n,this.version=th.NAME}addInheritance(e){return e&&typeof e=="string"?e=Zm(e):e&&Array.isArray(e)&&(e=e.map(Zm)),this.inherits=e,this}},cl=class{constructor(e,r){this.allRoles=e,this.opts=r}walk(e){let r=this.opts,n=this.allRoles,i=[];if(!e||!e._id)return i;if(i.push(e),Array.isArray(e.inherits))for(let s of e.inherits){let o=Ma(s,n,r);o&&(i=i.concat(this.walk(o)))}else{let s=[],o=e;for(;o&&o.inherits&&!pF(s,o.inherits);){if(Array.isArray(o.inherits))return i.concat(this.walk(o));if(s.push(o.inherits),o=Ma(o.inherits,n,r),o&&i.push(o),ht.roles.checkForRoleInheritanceLoops(i))break}}return(0,$_.uniqBy)(i,s=>s._id)}},rh={ADMIN:new sn(he.ADMIN,he.ADMIN,"admin",{displayName:"App admin",description:"Can do everything",color:"var(--spectrum-global-color-static-red-400)"}).addInheritance(he.POWER),POWER:new sn(he.POWER,he.POWER,"power",{displayName:"App power user",description:"An app user with more access",color:"var(--spectrum-global-color-static-orange-400)"}).addInheritance(he.BASIC),BASIC:new sn(he.BASIC,he.BASIC,"write",{displayName:"App user",description:"Any logged in user",color:"var(--spectrum-global-color-static-green-400)"}).addInheritance(he.PUBLIC),PUBLIC:new sn(he.PUBLIC,he.PUBLIC,"public",{displayName:"Public user",description:"Accessible to anyone",color:"var(--spectrum-global-color-static-blue-400)"}),BUILDER:new sn(he.BUILDER,he.BUILDER,"admin",{displayName:"Builder user",description:"Users that can edit this app",color:"var(--spectrum-global-color-static-magenta-600)"})};function nh(){return(0,ll.default)(rh)}function gi(t){return Object.values(eh).includes(t)}function Zm(t){return gi(t)?t:cr(t)}function V_(t){let e=Object.values(rh).find(r=>t.includes(r._id));if(e)return(0,ll.default)(e)}function fF(t,e){if(!e)return!1;let r=n=>t.find(i=>_t(i._id,n));if(Array.isArray(e)){let n=e.filter(i=>r(i));return e.length!==0&&n.length===e.length}else return!!r(e)}function La(t){let e=nh(),r=Object.values(e).length+1;if(_t(t,he.ADMIN)||_t(t,he.BUILDER))return r;let n=e[t],i=0;do{if(!n)break;if(Array.isArray(n.inherits))throw new Error("Built-in roles don't support multi-inheritance");n=e[n.inherits],i++}while(n!==null);return i}async function mF(t){if(gi(t))return La(t);let e=await ih(t,{defaultPublic:!0}),r=n=>{if(!n.inherits)return 0;if(Array.isArray(n.inherits)){let i=n.inherits.map(s=>{let o=e.find(a=>_t(a._id,s));if(o)return r(o)+1}).filter(s=>s).sort().pop();if(i!=null)return i}else if(gi(n.inherits))return La(n.inherits)+1;return 0};return Math.max(...e.map(r))}function hF(t,e){return t?e&&La(t)>La(e)?e:t:e}function _t(t,e){return cr(t)===cr(e)}function gF(t){let e;return t._id&&(e=on(t._id)),{...t,_id:e,inherits:j_(t.inherits,t.version)}}function Ma(t,e,r){let n=V_(t);n||(t=cr(t));let i=e.find(s=>s._id&&_t(s._id,t));return!i&&!gi(t)&&r?.defaultPublic?(0,ll.default)(rh.PUBLIC):(n=Object.assign(n||{},i),n?._id&&(n._id=on(n._id,n.version)),Object.keys(n).length===0?void 0:n)}async function yF(t,e){let r=ts(),n=[];if(!gi(t)){let i=await r.tryGet(Q_(t));i&&n.push(i)}return Ma(t,n,e)}async function EF(t){await ts().bulkDocs(t.filter(r=>r._id).map(r=>({...r,_id:cr(r._id)})))}async function TF(t,e){let r=await sh();if(_t(t,he.ADMIN))return r;let n=Ma(t,r,e),i=[];return n&&(i=new cl(r,e).walk(n)),i}async function q_(t){return(await ih(t)).map(r=>r._id)}async function ih(t,e){return TF(t,e)}function W_(t,e){if(t&&!Array.isArray(t[e])){let r=t[e];t[e]=[r],r==="write"&&t[e].push("read")}return t}async function AF(t){return(await sh(t)).map(r=>r._id)}async function sh(t){if(t)return ct(t,e);{let r;try{r=ts()}catch{}return e(r)}async function e(r){let n=[];r&&(n=(await r.allDocs(Sc(null,{include_docs:!0}))).rows.map(a=>a.doc),n.forEach(a=>a._id=on(a._id,a.version)));let i=nh(),s=[];!r||await SF(r)?s=[he.ADMIN,he.POWER,he.BASIC,he.PUBLIC]:s=[he.ADMIN,he.BASIC,he.PUBLIC];for(let o of s){let a=i[o],u=n.filter(c=>_t(c._id,o))[0];u==null?n.push(a||i.BASIC):(n=n.filter(c=>c._id!==u._id),u._id=on(a._id,u.version),n.push({...a,...u,name:a.name,_id:on(a._id,a.version)}))}for(let o of n)if(o.permissions)for(let a of Object.keys(o.permissions))o.permissions=W_(o.permissions,a);return n}}async function SF(t){let r=(await t.tryGet("app_metadata"))?.creationVersion;return!r||!zm.default.valid(r)?!0:!zm.default.gte(r,h.MIN_VERSION_WITHOUT_POWER_ROLE)}var Xm=class{constructor(){this.userHierarchies={}}async hasAccess(e,r){if(e==null||e===""||_t(e,he.BUILDER)||_t(r,e)||_t(r,he.BUILDER))return!0;let n=r?this.userHierarchies[r]:null;return!n&&r&&(n=await q_(r),this.userHierarchies[r]=n),n?.find(i=>_t(i,e))!==void 0}async checkScreensAccess(e,r){let n=[];for(let i of e){let s=await this.checkScreenAccess(i,r);s&&n.push(s)}return n}async checkScreenAccess(e,r){let n=e&&e.routing?e.routing.roleId:void 0;return await this.hasAccess(n,r)?e:null}};function Q_(t){return t?.startsWith("role")?t:cr(t)}function on(t,e){if(t.startsWith(`role${v}`)&&(gi(t)||e===th.NAME)){let r=t.split(v);return r.shift(),r.join(v)}return t}function j_(t,e){return t&&(typeof t=="string"?on(t,e):t.map(r=>on(r,e)))}var ah={};N(ah,{BUILDER:()=>RF,BUILTIN_PERMISSIONS:()=>dl,CREATOR:()=>wF,GLOBAL_BUILDER:()=>bF,PermissionImpl:()=>ge,PermissionLevel:()=>ws,PermissionType:()=>ja,doesHaveBasePermission:()=>OF,getAllowedLevels:()=>J_,getBuiltinPermissionByID:()=>IF,getBuiltinPermissions:()=>_F,isPermissionLevelHigherThanRead:()=>xF,levelToNumber:()=>Y_});var H_=q(require("lodash/flatten")),K_=q(require("lodash/fp/cloneDeep")),ge=class{constructor(e,r){this.type=e,this.level=r}};function Y_(t){switch(t){case"execute":return 0;case"read":return 1;case"write":return 2;case"admin":return 3;default:return-1}}function J_(t){switch(t){case"execute":return["execute"];case"read":return["execute","read"];case"write":case"admin":return["execute","read","write"];default:return[]}}var dl={PUBLIC:{_id:"public",name:"Public",permissions:[new ge("webhook","execute")]},READ_ONLY:{_id:"read_only",name:"Read only",permissions:[new ge("query","read"),new ge("table","read"),new ge("app","read")]},WRITE:{_id:"write",name:"Read/Write",permissions:[new ge("query","write"),new ge("table","write"),new ge("automation","execute"),new ge("legacy_view","read"),new ge("app","read")]},POWER:{_id:"power",name:"Power",permissions:[new ge("table","write"),new ge("user","read"),new ge("automation","execute"),new ge("webhook","read"),new ge("legacy_view","read"),new ge("app","read")]},ADMIN:{_id:"admin",name:"Admin",permissions:[new ge("table","admin"),new ge("user","admin"),new ge("automation","admin"),new ge("webhook","read"),new ge("query","admin"),new ge("legacy_view","read"),new ge("app","read")]}};function _F(){return(0,K_.default)(dl)}function IF(t){return Object.values(dl).find(r=>r._id===t)}function OF(t,e,r){let n=[...new Set(r.map(o=>o.permissionId))],i=Object.values(dl),s=(0,H_.default)(i.filter(o=>n.indexOf(o._id)!==-1).map(o=>o.permissions));for(let o of s)if(o.type===t&&J_(o.level).indexOf(e)!==-1)return!0;return!1}function xF(t){return Y_(t)>1}var RF="builder",wF="creator",bF="globalBuilder";var lh={};N(lh,{FlagSet:()=>fl,all:()=>NF,flags:()=>uh,getEnvFlags:()=>eI,init:()=>DF,isEnabled:()=>vF,parseEnvFlags:()=>hl,shutdown:()=>CF,testutils:()=>ch});var ml=q(require("crypto"));var z_=require("posthog-node"),Z_=q(require("dd-trace"));var X_=require("lodash");var pl;function DF(t){h.POSTHOG_TOKEN&&h.POSTHOG_API_HOST&&!h.SELF_HOSTED&&h.POSTHOG_FEATURE_FLAGS_ENABLED?(console.log("initializing posthog client..."),pl=new z_.PostHog(h.POSTHOG_TOKEN,{host:h.POSTHOG_API_HOST,personalApiKey:h.POSTHOG_PERSONAL_TOKEN,featureFlagsPollingInterval:be.fromMinutes(3).toMs(),...t})):console.log("posthog disabled")}function CF(){pl?.shutdown()}function hl(t){let e=t.split(",").map(n=>n.split(":")),r=[];for(let[n,...i]of e)for(let s of i){let o=!0;s.startsWith("!")&&(s=s.slice(1),o=!1),r.push({tenantId:n,key:s,value:o})}return r}function eI(){return hl(h.TENANT_FEATURE_FLAGS||"")}var fl=class{constructor(e){this.flagSchema=e;this.setId=ml.randomUUID()}defaults(){return(0,X_.cloneDeep)(this.flagSchema)}isFlagName(e){return this.flagSchema[e]!==void 0}async isEnabled(e){return(await this.fetch())[e]}async fetch(){return await Z_.default.trace("features.fetch",async e=>{let r=df(this.setId);if(r)return e?.addTags({fromCache:!0}),r;let n={},i=this.defaults(),s=j(),o=new Set;for(let{tenantId:d,key:f,value:m}of eI())if(!(!d||d!=="*"&&d!==s)&&(n.readFromEnvironmentVars=!0,m===!1&&o.add(f),!!this.isFlagName(f))){if(typeof i[f]!="boolean")throw new Error(`Feature: ${f} is not a boolean`);i[f]=m,n[`flags.${f}.source`]="environment"}let a=ar(),u=a?._id;if(!u){let d=cf();d&&(u=ml.createHash("sha512").update(d).digest("hex"))}let c=a?.tenantId;if(c||(c=s),n["identity.type"]=a?.type,n["identity._id"]=a?._id,n.tenantId=c,n.userId=u,pl&&u){n.readFromPostHog=!0;let d={tenantId:c},f=await pl.getAllFlags(u,{personProperties:d,onlyEvaluateLocally:!0});for(let[m,p]of Object.entries(f))if(this.isFlagName(m)){if(typeof p!="boolean"){console.warn(`Invalid value for posthog flag "${m}": ${p}`);continue}if(!(i[m]===!0||o.has(m)))try{i[m]=p,n[`flags.${m}.source`]="posthog"}catch(g){console.warn(`Error parsing posthog flag "${m}": ${p}`,g)}}}let l=ff();for(let[d,f]of Object.entries(l))this.isFlagName(d)&&typeof f=="boolean"&&(i[d]=f,n[`flags.${d}.source`]="override");pf(this.setId,i);for(let[d,f]of Object.entries(i))n[`flags.${d}.value`]=f;return e?.addTags(n),i})}},uh=new fl(jh);async function vF(t){return await uh.isEnabled(t)}async function NF(){return await uh.fetch()}var ch={};N(ch,{setFeatureFlags:()=>tI,withFeatureFlags:()=>LF});function PF(){let t={};for(let{tenantId:e,key:r,value:n}of hl(process.env.TENANT_FEATURE_FLAGS||"")){let i=t[e]||{};i[r]!==!1&&(i[r]=n,t[e]=i)}return t}function UF(t){let e=[];for(let[r,n]of Object.entries(t))for(let[i,s]of Object.entries(n))s===!1?e.push(`${r}:!${i}`):e.push(`${r}:${i}`);return e.join(",")}function tI(t,e){let r=PF();for(let[i,s]of Object.entries(e)){let o=r[t]||{};o[i]=s,r[t]=o}let n=UF(r);return Do({TENANT_FEATURE_FLAGS:n})}function LF(t,e,r){let n=tI(t,e),i=r();return i instanceof Promise?i.finally(n):(n(),i)}var _h={};N(_h,{adminOnly:()=>Rl,auditLog:()=>_l,authError:()=>Me,buildAuthMiddleware:()=>Ek,buildCsrfMiddleware:()=>Ak,buildTenancyMiddleware:()=>Tk,builderOnly:()=>bl,builderOrAdmin:()=>wl,google:()=>yr,internalApi:()=>Ol,joiValidator:()=>ka,oidc:()=>Er,passport:()=>Sk,platformLogout:()=>Rk,refreshOAuthToken:()=>Ok,ssoCallbackUrl:()=>an,updateUserOAuth:()=>xk});var Sh={};N(Sh,{adminOnly:()=>Rl,auditLog:()=>_l,authError:()=>Me,authenticated:()=>Sl,builderOnly:()=>bl,builderOrAdmin:()=>wl,correlation:()=>hI,csp:()=>SI,csrf:()=>xl,datasource:()=>gk,errorHandling:()=>yI,featureFlagCookie:()=>_I,google:()=>yr,internalApi:()=>Ol,ip:()=>OI,joiValidator:()=>ka,local:()=>Is,oidc:()=>Er,pino:()=>fI,querystringToBody:()=>EI,ssoCallbackUrl:()=>an,tenancy:()=>Il});var Is={};N(Is,{authenticate:()=>kF,options:()=>FF});function Me(t,e,r){return t(r,null,{message:e})}async function an(t,e){if(e&&e.callbackURL)return e.callbackURL;let r=await Km(),n="/api/global/auth";return Gr()&&(n+=`/${j()}`),n+=`/${t}/callback`,`${r.platformUrl}${n}`}var dh="Invalid credentials",MF="This account has expired. Please reset your password",FF={passReqToCallback:!0};async function kF(t,e,r,n){if(!e)return Me(n,"Email Required");if(!r)return Me(n,"Password Required");let i=await Gt(e);return i==null?(console.info(`user=${e} could not be found`),Me(n,dh)):i.status==="inactive"?(console.info(`user=${e} is inactive`,i),Me(n,dh)):i.password?await rm(r,i.password)?(delete i.password,n(null,i)):Me(n,dh):(console.info(`user=${e} has no password set`,i),Me(n,MF))}var yr={};N(yr,{buildVerifyFn:()=>iI,getCallbackUrl:()=>$F,strategyFactory:()=>ph});var Fa=t=>Promise.resolve(t);async function gl(t,e=!0,r,n){if(!n)throw new Error("Save user function must be provided");if(!t.userId)return Me(r,"sso user id required");if(!t.email)return Me(r,"sso user email required");let i=is(t.userId),s;try{s=await mi(i)}catch(a){if(!a.status||a.status!==404)return Me(r,"Unexpected error when retrieving existing user",a)}if(s||(s=await Gt(t.email)),!s&&e)return Me(r,"Email does not yet exist. You must set up your local budibase account first.");s||(s={_id:i,email:t.email,roles:{},tenantId:j()});let o=await BF(s,t);o.forceResetPassword=!1;try{delete o.password,o=await n(o,{hashPassword:!1,requirePassword:!1})}catch(a){return Me(r,"Error saving user",a)}return r(null,o)}async function BF(t,e){let r,n,i;if(e.profile){let s=e.profile;if(s.name){let o=s.name;o.givenName&&(r=o.givenName),o.familyName&&(n=o.familyName)}}return e.oauth2&&(i={...e.oauth2}),{...t,provider:e.provider,providerType:e.providerType,firstName:r,lastName:n,oauth2:i}}var GF=require("passport-google-oauth").OAuth2Strategy;function iI(t){return(e,r,n,i)=>{let s={provider:"google",providerType:"google",userId:n.id,profile:n,email:n._json.email,oauth2:{accessToken:e,refreshToken:r}};return gl(s,!0,i,t)}}async function ph(t,e,r){try{let{clientID:n,clientSecret:i}=t;if(!n||!i)throw new Error("Configuration invalid. Must contain google clientID and clientSecret");let s=iI(r);return new GF({clientID:t.clientID,clientSecret:t.clientSecret,callbackURL:e},s)}catch(n){throw new Error(`Error constructing google authentication strategy: ${n}`)}}async function $F(t){return an("google",t)}var Er={};N(Er,{buildVerifyFn:()=>oI,fetchStrategyConfig:()=>QF,getCallbackUrl:()=>jF,strategyFactory:()=>WF});var sI=q(require("node-fetch"));var VF=require("@techpass/passport-openidconnect").Strategy;function oI(t){return async(e,r,n,i,s,o,a,u,c)=>{let l={provider:e,providerType:"oidc",userId:n.id,profile:n,email:qF(n,i),oauth2:{accessToken:s,refreshToken:o}};return gl(l,!1,c,t)}}function qF(t,e){if(t._json.email)return t._json.email;if(e.email)return e.email;let r=e.preferred_username;if(r&&om(r))return r;throw new Error(`Could not determine user email from profile ${JSON.stringify(t)} and claims ${JSON.stringify(e)}`)}async function WF(t,e){try{let r=oI(e),n=new VF(t,r);return n.name="oidc",n}catch(r){throw new Error(`Error constructing OIDC authentication strategy - ${r}`)}}async function QF(t,e){try{let{clientID:r,clientSecret:n,configUrl:i}=t;if(!r||!n||!e||!i)throw new Error("Configuration invalid. Must contain clientID, clientSecret, callbackUrl and configUrl");let s=await(0,sI.default)(i);if(!s.ok)throw new Error(`Unexpected response when fetching openid-configuration: ${s.statusText}`);let o=await s.json();return{issuer:o.issuer,authorizationURL:o.authorization_endpoint,tokenURL:o.token_endpoint,userInfoURL:o.userinfo_endpoint,clientID:r,clientSecret:n,callbackURL:e}}catch(r){throw new Error(`Error constructing OIDC authentication configuration - ${r}`)}}async function jF(){return an("oidc")}var fh={};N(fh,{postAuth:()=>YF,preAuth:()=>KF});var HF=require("passport-google-oauth").OAuth2Strategy;async function aI(){let t=await Ym();if(!t)throw new Error("No google configuration found");return t}async function KF(t,e,r){let n=await aI(),s=`${await Ua({tenantAware:!1})}/api/global/auth/datasource/google/callback`,o=await ph(n,s,Fa);return e.query.appId||e.throw(400,"appId query param not present."),t.authenticate(o,{scope:["profile","email","https://www.googleapis.com/auth/spreadsheets"],accessType:"offline",prompt:"consent"})(e,r)}async function YF(t,e,r){let n=await aI(),s=`${await Ua({tenantAware:!1})}/api/global/auth/datasource/google/callback`,o=pr(e,"budibase:datasourceauth");if(!o)throw new Error("Unable to fetch datasource auth cookie");return t.authenticate(new HF({clientID:n.clientID,clientSecret:n.clientSecret,callbackURL:s},(a,u,c,l)=>{Xr(e,"budibase:datasourceauth"),l(null,{accessToken:a,refreshToken:u})}),{successRedirect:"/",failureRedirect:"/error"},async(a,u)=>{let c=`/builder/app/${o.appId}/data`,l=me();await ur(`datasource:creation:${o.appId}:google:${l}`,{tokens:u}),e.redirect(`${c}/new?continue_google_setup=${l}`)})(e,r)}var JF=/\/:(.*?)(\/.*)?$/g,yi=t=>t?t.map(e=>{let r=e.route,n=e.method,i=r.match(JF);if(i)for(let s of i){let a="/.*"+(s.endsWith("/")?"/":"");r=r.replace(s,a)}return{regex:new RegExp(r),method:n,route:r}}):[],Ei=(t,e)=>e.find(({regex:r,method:n})=>{let i=r.test(t.request.url),s=n==="ALL"?!0:t.request.method.toLowerCase()===n.toLowerCase();return i&&s});var Th={};N(Th,{SecretOption:()=>lI,decrypt:()=>Eh,decryptFile:()=>rk,encrypt:()=>XF,encryptFile:()=>ek,getSecret:()=>yh});var Tr=q(require("crypto")),un=q(require("fs")),hh=q(require("zlib"));var mh=require("path"),yl="aes-256-ctr",cI="-",zF=1e4,ZF=32,El=16,gh=16,lI=(r=>(r.API="api",r.ENCRYPTION="encryption",r))(lI||{});function yh(t){let e,r;switch(t){case"encryption":e=h.ENCRYPTION_KEY,r="ENCRYPTION_KEY";break;case"api":default:e=h.API_ENCRYPTION_KEY,r="API_ENCRYPTION_KEY";break}if(!e)throw new Error(`Secret "${r}" has not been set in environment.`);return e}function Tl(t,e){return Tr.default.pbkdf2Sync(t,e,zF,ZF,"sha512")}function XF(t,e="api"){let r=Tr.default.randomBytes(El),n=Tl(yh(e),r),i=Tr.default.createCipheriv(yl,n,r),s=i.update(t),o=i.final(),a=Buffer.concat([s,o]).toString("hex");return`${r.toString("hex")}${cI}${a}`}function Eh(t,e="api"){let[r,n]=t.split(cI),i=Buffer.from(r,"hex"),s=Tl(yh(e),i),o=Tr.default.createDecipheriv(yl,s,i),a=o.update(Buffer.from(n,"hex")),u=o.final();return Buffer.concat([a,u]).toString()}async function ek({dir:t,filename:e},r){let n=`${e}.enc`,i=(0,mh.join)(t,e);if(un.default.lstatSync(i).isDirectory())throw new Error("Unable to encrypt directory");let s=un.default.createReadStream(i),o=un.default.createWriteStream((0,mh.join)(t,n)),a=Tr.default.randomBytes(El),u=Tr.default.randomBytes(gh),c=Tl(r,a),l=Tr.default.createCipheriv(yl,c,u);return o.write(a),o.write(u),s.pipe(hh.default.createGzip()).pipe(l).pipe(o),new Promise(d=>{o.on("finish",()=>{d({filename:n,dir:t})})})}async function tk(t){let e=un.default.createReadStream(t),r=await uI(e,El),n=await uI(e,gh);return e.close(),{salt:r,iv:n}}async function rk(t,e,r){if(un.default.lstatSync(t).isDirectory())throw new Error("Unable to encrypt directory");let{salt:n,iv:i}=await tk(t),s=un.default.createReadStream(t,{start:El+gh}),o=un.default.createWriteStream(e),a=Tl(r,n),u=Tr.default.createDecipheriv(yl,a,i),c=hh.default.createGunzip();return s.pipe(u).pipe(c).pipe(o),new Promise((l,d)=>{o.on("finish",()=>{o.close(),l()}),s.on("error",f=>{o.close(),d(f)}),u.on("error",f=>{o.close(),d(f)}),c.on("error",f=>{o.close(),d(f)}),o.on("error",f=>{o.close(),d(f)})})}function uI(t,e){return new Promise((r,n)=>{let i=0,s=[];t.on("readable",()=>{let o;for(;(o=t.read(e-i))!==null;)s.push(o),i+=o.length;r(Buffer.concat(s))}),t.on("end",()=>{n(new Error("Insufficient data in the stream."))}),t.on("error",o=>{n(o)})})}var pI=q(require("dd-trace")),nk=h.SESSION_UPDATE_PERIOD?parseInt(h.SESSION_UPDATE_PERIOD):60*1e3;function ik(){return new Date(Date.now()-nk).toISOString()}function dI(t,e={}){t.publicEndpoint=e.publicEndpoint||!1,t.isAuthenticated=e.authenticated||!1,t.loginMethod=e.loginMethod,t.user=e.user,t.internal=e.internal||!1,t.version=e.version}async function sk(t,e){if(la(t))return{valid:!0,user:void 0};let n=Eh(t).split(v)[0];return We(n,async()=>{let i;try{let s=ne();i=await lr("by_api_key",{key:t},s)}catch{i=void 0}if(i)return{valid:!0,user:await Ca({userId:i,tenantId:n,populateUser:e})};throw new fs})}function Al(t,e){let r=t.request.headers[e];if(Array.isArray(r))throw new Error("Unexpected header format");return r}function Sl(t=[],e={publicAllowed:!1}){let r=t?yi(t):[];return async(n,i)=>{let s=!1,o=Al(n,"x-budibase-api-version");Ei(n,r)&&(s=!0);try{let u=Al(n,"x-budibase-token"),c=pr(n,"budibase:auth")||bc(u),l=Al(n,"x-budibase-api-key");!l&&n.request.headers.authorization&&(l=n.request.headers.authorization.split(" ")[1]);let d=Al(n,"x-budibase-tenant-id"),f=!1,m,p=!1,g;if(c&&!l){let T=c.sessionId,S=c.userId,O;try{O=await vm(S,T),e&&e.populateUser?m=await Ca({userId:S,tenantId:O.tenantId,email:O.email,populateUser:e.populateUser(n)}):m=await Ca({userId:S,tenantId:O.tenantId,email:O.email}),m.csrfToken=O.csrfToken,g="cookie",O?.lastAccessedAt<ik()&&await Cm(O),f=!0}catch(R){f=!1,console.error(`Auth Error: ${R.message}`),Xr(n,"budibase:auth")}}if(!f&&l){let T=e.populateUser?e.populateUser(n):null,{valid:S,user:O}=await sk(l,T);S&&(f=!0,g="api_key",m=O,p=!O)}!m&&d?m={tenantId:d}:m&&"password"in m&&delete m.password,f||(f=!1);let y=T=>T&&T.email;return y(m)&&pI.default.setUser({id:m._id,tenantId:m.tenantId,budibaseAccess:m.budibaseAccess,status:m.status}),dI(n,{authenticated:f,user:m,internal:p,version:o,publicEndpoint:s,loginMethod:g}),y(m)?qp(m,n,i):i()}catch(u){if(console.error(`Auth Error: ${u.message}`),u?.name==="JsonWebTokenError"?Xr(n,"budibase:auth"):u?.code==="invalid_api_key"&&n.throw(403,u.message),e&&e.publicAllowed||s)return dI(n,{authenticated:!1,version:o,publicEndpoint:s}),i();n.throw(u.status||403,u)}}}var _l=async(t,e)=>e();function Il(t,e,r={noTenancyRequired:!1}){let n=yi(t),i=yi(e);return async function(s,o){let u={allowNoTenant:r.noTenancyRequired||!!Ei(s,i)};!!Ei(s,n)||(u.excludeStrategies=["query"]);let l=Ho(s,u);return s.set("x-budibase-tenant-id",l),We(l,o)}}async function Ol(t,e){let r=t.request.headers["x-budibase-api-key"];return r||t.throw(403,"Unauthorized"),Array.isArray(r)&&t.throw(403,"Unauthorized"),la(r)||t.throw(403,"Unauthorized"),e()}var ok=["GET","HEAD","OPTIONS"],ak=["application/x-www-form-urlencoded","multipart/form-data","text/plain"];function xl(t={noCsrfPatterns:[]}){let e=yi(t.noCsrfPatterns);return async(r,n)=>{if(Ei(r,e)||ok.indexOf(r.method)!==-1)return n();let s=r.get("content-type")?r.get("content-type").toLowerCase():"";if(!ak.filter(u=>s.includes(u)).length||r.internal)return n();let o=r.user?.csrfToken;if(!o)return n();let a=r.get("x-csrf-token");return(!a||a!==o)&&r.throw(403,"Invalid CSRF token"),n()}}var Rl=async(t,e)=>(!t.internal&&!en(t.user)&&t.throw(403,"Admin user only endpoint."),e());async function wl(t,e){let r=Ue(),n=h.isWorker()||!r?Tt:h.isApps()?ms:void 0;if(!n)throw new Error("Service name unknown - middleware inactive.");return!t.internal&&!n(t.user,r)&&!en(t.user)&&t.throw(403,"Admin/Builder user only endpoint."),e()}async function bl(t,e){let r=Ue(),n;if(h.isWorker()||!r?n=Tt:h.isApps()&&(n=ms),!n)throw new Error("Service name unknown - middleware inactive.");return!t.internal&&!n(t.user,r)&&t.throw(403,"Builder user only endpoint."),e()}var uk=require("koa-pino-logger"),ck=require("correlation-id");function lk(){return{logger:Rc,genReqId:ck.getId,autoLogging:{ignore:t=>!!t.url?.includes("/health")},serializers:{req:t=>({method:t.method,url:t.url,correlationId:t.id}),res:t=>({status:t.statusCode})}}}function dk(){return h.HTTP_LOGGING?uk(lk()):(t,e)=>e()}var fI=dk();var mI=require("uuid"),pk=require("correlation-id"),hI=(t,e)=>{let r=t.headers["x-budibase-correlation-id"];return r||(r=(0,mI.v4)()),pk.withId(r,()=>e())};function gI(t){if(t.includes("-----BEGIN PRIVATE KEY-----"))return!0;for(let e of YT){let r=h[e];if(!(typeof r!="string"||r==="")&&t.includes(r))return!0}return!1}async function yI(t,e){try{await e()}catch(r){let n=r.status||r.statusCode||500;t.status=n,n>=400&&n<500?console.warn(r):console.error("Got 400 response code",r);let i={message:r.message,status:n,validationErrors:r.validation,error:kc(r)};if(gI(JSON.stringify(i))&&(i={message:"Unexpected error",status:n,error:"Unexpected error"}),h.isTest()&&t.headers["x-budibase-include-stacktrace"]){let s=r;for(;s.cause;)s=s.cause;i.stack=s.stack}t.body=i}}function EI(t,e){let r=t.request.query?.query;if(t.request.method.toLowerCase()!=="get"&&t.throw(500,"Query to download middleware can only be used for get requests."),!r)return e();let n=decodeURIComponent(r),i;try{i=JSON.parse(n)}catch{return e()}return t.request.body=i,e()}var AI=q(require("crypto"));var TI={"default-src":["'self'"],"script-src":["'self'","'unsafe-eval'","https://*.budibase.net","https://cdn.budi.live","https://js.intercomcdn.com","https://widget.intercom.io","https://d2l5prqdbvm3op.cloudfront.net","https://us-assets.i.posthog.com","https://www.google.com/recaptcha/api.js"],"style-src":["'self'","'unsafe-inline'","https://cdn.jsdelivr.net","https://fonts.googleapis.com","https://rsms.me","https://maxcdn.bootstrapcdn.com"],"object-src":["'none'"],"base-uri":["'self'"],"connect-src":["'self'","https://*.budibase.app","https://*.budibaseqa.app","https://*.budibase.net","https://api-iam.intercom.io","https://api-ping.intercom.io","https://app.posthog.com","https://us.i.posthog.com","wss://nexus-websocket-a.intercom.io","wss://nexus-websocket-b.intercom.io","https://nexus-websocket-a.intercom.io","https://nexus-websocket-b.intercom.io","https://uploads.intercomcdn.com","https://uploads.intercomusercontent.com","https://*.amazonaws.com","https://*.s3.amazonaws.com","https://*.s3.us-east-2.amazonaws.com","https://*.s3.us-east-1.amazonaws.com","https://*.s3.us-west-1.amazonaws.com","https://*.s3.us-west-2.amazonaws.com","https://*.s3.af-south-1.amazonaws.com","https://*.s3.ap-east-1.amazonaws.com","https://*.s3.ap-south-1.amazonaws.com","https://*.s3.ap-northeast-2.amazonaws.com","https://*.s3.ap-southeast-1.amazonaws.com","https://*.s3.ap-southeast-2.amazonaws.com","https://*.s3.ap-northeast-1.amazonaws.com","https://*.s3.ca-central-1.amazonaws.com","https://*.s3.cn-north-1.amazonaws.com","https://*.s3.cn-northwest-1.amazonaws.com","https://*.s3.eu-central-1.amazonaws.com","https://*.s3.eu-west-1.amazonaws.com","https://*.s3.eu-west-2.amazonaws.com","https://*.s3.eu-south-1.amazonaws.com","https://*.s3.eu-west-3.amazonaws.com","https://*.s3.eu-north-1.amazonaws.com","https://*.s3.sa-east-1.amazonaws.com","https://*.s3.me-south-1.amazonaws.com","https://*.s3.us-gov-east-1.amazonaws.com","https://*.s3.us-gov-west-1.amazonaws.com","https://api.github.com"],"font-src":["'self'","data:","https://cdn.jsdelivr.net","https://fonts.gstatic.com","https://rsms.me","https://maxcdn.bootstrapcdn.com","https://js.intercomcdn.com","https://fonts.intercomcdn.com"],"frame-src":["'self'","https:"],"img-src":["http:","https:","data:","blob:"],"manifest-src":["'self'"],"media-src":["'self'","https://js.intercomcdn.com","https://cdn.budi.live"],"worker-src":["blob:","'self'"]},fk=/^[A-Za-z0-9-*:/.]+$/,SI=async(t,e)=>{let r=AI.default.randomBytes(16).toString("base64");t.state.nonce=r;let n={...TI};if(n["script-src"]=[...TI["script-src"],`'nonce-${r}'`],t.user?.license?.features.includes("customAppScripts")&&t.appId)try{let o=await Zo.getAppMetadata(t.appId);if("name"in o)for(let a of o.scripts||[]){let u=(a.cspWhitelist||"").split(`
+`);for(let s of i.filter(o=>o))t.push(aa.default.readFileSync(s))}return t.push(aa.default.readFileSync(AS(_S))),Buffer.concat(t)}function WP(t){return typeof t=="object"&&t!==null&&!(t instanceof Error)}function QP(t){return t instanceof Error}function jP(t){return typeof t=="string"}var zr;if(!h.DISABLE_PINO_LOGGER){let t=h.LOG_LEVEL,e={level:t,formatters:{level:u=>({level:u.toUpperCase()}),bindings:()=>h.SELF_HOSTED?{service:h.SERVICE_NAME}:{}},timestamp:()=>`,"timestamp":"${new Date(Date.now()).toISOString()}"`},r=[];r.push(h.isDev()?{stream:(0,RS.default)({singleLine:!0}),level:t}:{stream:process.stdout,level:t}),h.SELF_HOSTED&&r.push({stream:Yf(),level:t}),zr=r.length?(0,xc.default)(e,xc.default.multistream(r)):(0,xc.default)(e);let n=u=>{let c,l=[],d="";u.forEach(y=>{jP(y)&&(d=`${d} ${y}`.trimStart()),WP(y)&&l.push(y),QP(y)&&(c=y)});let f=a(),m={};m={tenantId:i(),appId:s(),automationId:o(),identityId:f?._id,identityType:f?.type,correlationId:xf()};let p=zf.default.scope().active();p&&zf.default.inject(p.context(),wS.formats.LOG,m);let g={err:c,pid:process.pid,...m};if(l.length){let y={},T=0;for(let S=0;S<l.length;S++){let O=l[S],R=O._logKey;R?(delete O._logKey,g[R]=O):(y[T]=O,T++)}Object.keys(y).length&&(g.data=y)}return[g,d]};console.log=(...u)=>{let[c,l]=n(u);zr?.info(c,l)},console.info=(...u)=>{let[c,l]=n(u);zr?.info(c,l)},console.warn=(...u)=>{let[c,l]=n(u);zr?.warn(c,l)},console.error=(...u)=>{let[c,l]=n(u);zr?.error(c,l)},console.trace=(...u)=>{let[c,l]=n(u);c.err||(c.err=new Error),zr?.trace(c,l)},console.debug=(...u)=>{let[c,l]=n(u);zr?.debug(c,l)};let i=()=>{let u;try{u=j()}catch{}return u},s=()=>{let u;try{u=Ue()}catch{}return u},o=()=>{let u;try{u=uf()}catch{}return u},a=()=>{let u;try{u=ar()}catch{}return u}}var Rc=zr;var HP=["AccountError"];function KP(t){return t&&t.suppressAlert}function ci(t,e){e&&HP.includes(e.name)&&KP(e)||console.error(`bb-alert: ${t}`,e)}function YP(t,e,r,n){t=`${t} - db: ${e} - doc: ${r} - error: `,ci(t,n)}function us(t,e){console.warn(`bb-warn: ${t}`,e)}var ca=class{constructor(e){this.host=e}async apiCall(e,r,n){n.headers||(n.headers={}),n.headers["Content-Type"]||(n.headers={"Content-Type":"application/json",Accept:"application/json",...n.headers});let i=n.headers["Content-Type"]==="application/json";Jo.setHeader(n.headers);let s={method:e,body:i?JSON.stringify(n.body):n.body,headers:n.headers,credentials:"include"};return await(0,bS.default)(`${this.host}${r}`,s)}async post(e,r){return this.apiCall("POST",e,r)}async get(e,r){return this.apiCall("GET",e,r)}async patch(e,r){return this.apiCall("PATCH",e,r)}async del(e,r){return this.apiCall("DELETE",e,r)}async put(e,r){return this.apiCall("PUT",e,r)}};var Zf=new ca(h.INTERNAL_ACCOUNT_PORTAL_URL),Xf=h.SELF_HOSTED||h.DISABLE_ACCOUNT_PORTAL,Zr=async t=>{if(Xf)return;let e={email:t},r=await Zf.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":h.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by email ${t}`);return(await r.json())[0]},cs=async t=>{if(Xf)return;let e={tenantId:t},r=await Zf.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":h.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by tenantId ${t}`);return(await r.json())[0]},JP=async()=>{if(Xf)return;let t=await Zf.get("/api/status",{headers:{"x-budibase-api-key":h.ACCOUNT_PORTAL_API_KEY}}),e=await t.json();if(t.status!==200)throw new Error("Error getting status");return e};var Es={};N(Es,{UserDB:()=>Yt,addAppBuilder:()=>k0,bulkGetGlobalUsersById:()=>nl,bulkUpdateGlobalUsers:()=>wa,cleanseUserObject:()=>Fm,creatorsInList:()=>di,doesUserExist:()=>P0,getAccountHolderFromUsers:()=>Vc,getAllUserIds:()=>v0,getAllUsers:()=>N0,getById:()=>mi,getCreatorCount:()=>M0,getExistingAccounts:()=>ds,getExistingPlatformUsers:()=>kS,getExistingTenantUsers:()=>FS,getFirstPlatformUser:()=>da,getGlobalUserByAppPage:()=>N_,getGlobalUserByEmail:()=>Gt,getPlatformUsers:()=>Cc,getUserCount:()=>L0,hasAdminPermissions:()=>tn,hasAppBuilderPermissions:()=>$S,hasBuilderPermissions:()=>Tt,isAdmin:()=>en,isAdminOrBuilder:()=>GS,isBuilder:()=>ms,isCreatorAsync:()=>pa,isCreatorSync:()=>Gc,isGlobalBuilder:()=>BS,paginatedUsers:()=>U_,removeAppBuilder:()=>B0,removePortalUserPermissions:()=>F0,searchExistingEmails:()=>lm,searchGlobalUsersByApp:()=>il,searchGlobalUsersByAppAccess:()=>Mm,searchGlobalUsersByEmail:()=>P_,validateUniqueUser:()=>$c});var dm={};N(dm,{creatorsInList:()=>di,getAccountHolderFromUsers:()=>Vc,hasAdminPermissions:()=>tn,hasAppBuilderPermissions:()=>$S,hasBuilderPermissions:()=>Tt,isAdmin:()=>en,isAdminOrBuilder:()=>GS,isBuilder:()=>ms,isCreatorAsync:()=>pa,isCreatorSync:()=>Gc,isGlobalBuilder:()=>BS,validateUniqueUser:()=>$c});var cm={};N(cm,{createCode:()=>lU,deleteCode:()=>pU,getCode:()=>dU,getExistingInvites:()=>um,getInviteCodes:()=>MS,updateCode:()=>cU});var ls={};N(ls,{Duration:()=>be,DurationType:()=>am,clearCookie:()=>Xr,compare:()=>rm,getAppIdFromCtx:()=>iU,getCookie:()=>pr,hasCircularStructure:()=>oU,hash:()=>tm,isAudited:()=>sm,isClient:()=>sU,isPublicApiRequest:()=>nU,isServingApp:()=>eU,isServingBuilder:()=>tU,isServingBuilderPreview:()=>rU,isValidInternalAPIKey:()=>la,newid:()=>me,openJwt:()=>bc,resolveAppUrl:()=>PS,setCookie:()=>US,time:()=>uU,timeout:()=>im,urlHasProtocol:()=>aU,validEmail:()=>om});var em=h.JS_BCRYPT?require("bcryptjs"):require("bcrypt"),zP=h.SALT_ROUNDS||10;async function tm(t){let e=await em.genSalt(zP);return em.hash(t,e)}async function rm(t,e){return em.compare(t,e)}var wc=q(require("jsonwebtoken")),nm="app"+v,CS="/app/",vS="/app/preview",ZP="/builder",NS=`${ZP}/app/`,XP="/api/public/v";async function PS(t){let r=`/${t.path.split("/")[2].toLowerCase()}`,n=j();!h.isDev()&&h.MULTI_TENANCY&&(n=Ho(t,{includeStrategies:["subdomain"]}));let s=(await We(n,()=>ea({dev:!1}))).filter(o=>o.url&&o.url.toLowerCase()===r)[0];return s&&s.appId?s.appId:void 0}function eU(t){return t.path.startsWith(`/${nm}`)?!0:t.path.startsWith(CS)}function tU(t){return t.path.startsWith(NS)}function rU(t){return t.path.startsWith(vS)}function nU(t){return t.path.startsWith(XP)}async function iU(t){let e=[t.request.headers["x-budibase-app-id"]],r;function n(u){return!u||!u.startsWith(nm)?r:(r&&Ji(r)!==Ji(u)&&t.throw("App id conflict",403),r??u)}for(let u of e)if(r=n(u),r)break;t.request.body&&t.request.body.appId&&(r=n(t.request.body.appId));let i=DS(t.path);i&&(r=n(i)),t.query?.appId&&(r=n(t.query?.appId));let s=t.path.startsWith(vS);if(t.path.startsWith(CS)&&!s&&(r=n(await PS(t))),t.request.headers.referer?.includes(NS)){let u=DS(t.request.headers.referer);r=n(u)}return r}function DS(t){if(t)return t.split("?")[0].split("/").find(e=>e.startsWith(nm))}function bc(t){if(t)try{return wc.default.verify(t,h.JWT_SECRET)}catch(e){if(h.JWT_SECRET_FALLBACK)return wc.default.verify(t,h.JWT_SECRET_FALLBACK);throw e}}function la(t){return h.INTERNAL_API_KEY&&h.INTERNAL_API_KEY===t?!0:!!(h.INTERNAL_API_KEY_FALLBACK&&h.INTERNAL_API_KEY_FALLBACK===t)}function pr(t,e){let r=t.cookies.get(e);if(r)return bc(r)}function US(t,e,r="builder",n={sign:!0}){e&&n&&n.sign&&(e=wc.default.sign(e,h.JWT_SECRET));let i={expires:Zu,path:"/",httpOnly:!1,overwrite:!0};h.COOKIE_DOMAIN&&(i.domain=h.COOKIE_DOMAIN),t.cookies.set(r,e,i)}function Xr(t,e){US(t,null,e)}function sU(t){return t.headers["x-budibase-type"]==="client"}function im(t){return new Promise(e=>setTimeout(e,t))}function sm(t){return!!Vh[t]}function oU(t){if(typeof t!="object")return!1;try{JSON.stringify(t)}catch(e){if(e instanceof Error&&e?.message.includes("circular structure"))return!0}return!1}function aU(t){return!!t.match(/^.+:\/\/.+$/)}function om(t){return t&&!!t.match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)}var am=(s=>(s.MILLISECONDS="milliseconds",s.SECONDS="seconds",s.MINUTES="minutes",s.HOURS="hours",s.DAYS="days",s))(am||{}),Dc={milliseconds:1,seconds:1e3,minutes:6e4,hours:36e5,days:864e5},be=class t{constructor(e){this.ms=e}to(e){return this.ms/Dc[e]}toMs(){return this.ms}toSeconds(){return this.to("seconds")}static convert(e,r,n){return n*Dc[e]/Dc[r]}static from(e,r){return new t(r*Dc[e])}static fromSeconds(e){return t.from("seconds",e)}static fromMinutes(e){return t.from("minutes",e)}static fromHours(e){return t.from("hours",e)}static fromDays(e){return t.from("days",e)}static fromMilliseconds(e){return t.from("milliseconds",e)}};async function uU(t){let e=performance.now();return[await t(),be.fromMilliseconds(performance.now()-e)]}var LS=be.fromDays(7).toSeconds();async function cU(t,e){await(await ti()).store(t,e,LS)}async function lU(t,e){let r=me();return await(await ti()).store(r,{email:t,info:e},LS),r}async function dU(t){let r=await(await ti()).get(t);if(!r)throw"Invitation is not valid or has expired, please request a new one.";return r}async function pU(t){await(await ti()).delete(t)}async function MS(){let r=(await(await ti()).scan()).map(i=>({...i.value,code:i.key}));if(!h.MULTI_TENANCY)return r;let n=j();return r.filter(i=>n===i.info.tenantId)}async function um(t){return(await MS()).filter(e=>t.includes(e.email))}async function lm(t){let e=[],r=await FS(t);e.push(...r.map(o=>o.email));let n=await kS(t);e.push(...n.map(o=>o._id));let i=await ds(t);e.push(...i.map(o=>o.email));let s=await um(t);return e.push(...s.map(o=>o.email)),[...new Set(e.map(o=>o.toLowerCase()))]}async function Cc(t){return await ra("platform_users_lowercase_2",{keys:[t.toLowerCase()],include_docs:!0})}async function da(t){return(await Cc(t))[0]??null}async function FS(t){let r={keys:t.map(i=>i.toLowerCase()),include_docs:!0},n={arrayResponse:!0};return await lr("by_email2",r,void 0,n)}async function kS(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await ra("platform_users_lowercase_2",r)}async function ds(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await ra("account_by_email",r)}var Bc={};N(Bc,{BadRequestError:()=>Pc,BudibaseError:()=>ps,EmailUnavailableError:()=>fr,FeatureDisabledError:()=>Fc,ForbiddenError:()=>Uc,HTTPError:()=>Ge,InvalidAPIKeyError:()=>fs,NotFoundError:()=>Nc,NotImplementedError:()=>Lc,UnexpectedError:()=>vc,UsageLimitError:()=>Mc,getPublicError:()=>kc});var ps=class extends Error{constructor(r,n){super(r);this.code=n}},kc=t=>{let e;return t.code&&(e={code:t.code},t.getPublicError&&(e={...e,...t.getPublicError()})),e},Ge=class t extends ps{constructor(r,n,i="http"){super(r,i);this.status=n}static async fromResponse(r){let n=await r.text(),i=n,s=r.status,o="http";try{let a=JSON.parse(n);i=a.message,s=a.status,o=a.error?.code}catch{}return new t(i,s,o)}},vc=class extends Ge{constructor(e){super(e,500)}},Nc=class extends Ge{constructor(e){super(e,404)}},Pc=class extends Ge{constructor(e){super(e,400)}},Uc=class extends Ge{constructor(e){super(e,403)}},Lc=class extends Ge{constructor(e){super(e,501)}},Mc=class extends Ge{constructor(r,n){super(r,400,"usage_limit_exceeded");this.limitName=n}getPublicError(){return{limitName:this.limitName}}},Fc=class extends Ge{constructor(r,n){super(r,400,"feature_disabled");this.featureName=n}getPublicError(){return{featureName:this.featureName}}},fs=class extends ps{constructor(){super("Invalid API key - may need re-generated, or user doesn't exist","invalid_api_key")}},fr=class extends Error{constructor(e){super(`Email already in use: '${e}'`)}};var ms=at.users.isBuilder,en=at.users.isAdmin,BS=at.users.isGlobalBuilder,GS=at.users.isAdminOrBuilder,tn=at.users.hasAdminPermissions,Tt=at.users.hasBuilderPermissions,$S=at.users.hasAppBuilderPermissions;async function di(t,e){let r=[...new Set(t.filter(i=>i.userGroups).flatMap(i=>i.userGroups))];return e=await ne().getMultiple(r,{allowMissing:!0}),t.map(i=>Gc(i,e))}async function pa(t){let e=[];return t.userGroups&&(e=await ne().getMultiple(t.userGroups)),Gc(t,e)}function Gc(t,e){let r=at.users.isCreator(t);return!r&&t?mU(t,e):r}function mU(t,e){let r=e?.filter(n=>t.userGroups?.indexOf(n._id)!==-1);return r&&r.length>0?r.some(n=>Object.values(n.roles||{}).includes("CREATOR")):!1}async function $c(t,e){if(h.MULTI_TENANCY){let r=await da(t);if(r!=null&&r.tenantId!==e)throw new fr(t)}if(!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let r=await Zr(t);if(r&&r.verified&&r.tenantId!==e)throw new fr(t)}}async function Vc(t){if(!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let e=await ds(t.map(r=>r.email));return t.find(r=>e.map(n=>n.email).includes(r.email))}}var ys={};N(ys,{account:()=>i_,action:()=>s_,ai:()=>l_,analytics:()=>Wc,app:()=>o_,auditLog:()=>x_,auth:()=>tl,automation:()=>a_,backfill:()=>A_,backfillCache:()=>Xc,backup:()=>I_,datasource:()=>u_,email:()=>c_,environmentVariable:()=>O_,group:()=>S_,identification:()=>Bt,initAsyncEvents:()=>y0,installation:()=>Aa,layout:()=>p_,license:()=>d_,org:()=>f_,plugin:()=>__,processors:()=>Tm,publishEvent:()=>A,query:()=>m_,role:()=>xa,rowAction:()=>R_,rows:()=>g_,screen:()=>h_,serve:()=>E_,shutdown:()=>E0,table:()=>y_,user:()=>ze,view:()=>T_});var Tm={};N(Tm,{analyticsProcessor:()=>XS,init:()=>UU,processors:()=>hr});var Wc={};N(Wc,{enabled:()=>qc});var qc=async()=>Qc();var jS=require("posthog-node");var hU=t=>t==="served:builder"||t==="served:app:preview"||t==="served:app",gU=t=>t==="served:app:preview"||t==="served:app";var qS={"served:app":"calendarDay","served:app:preview":"calendarDay","served:builder":"calendarDay"},WS=async t=>{if(!hU(t))return!1;let e=await yU(t);if(e){let r=new Date(e.timestamp);switch(qS[t]){case"calendarDay":return r.setDate(r.getDate()+1),r.setHours(0,0,0,0),Date.now()>r.getTime()?(await VS(t,{timestamp:Date.now()}),!1):!0}}else return await VS(t,{timestamp:Date.now()}),!1},QS=t=>{let e=`${Ce.EVENTS_RATE_LIMIT}:${t}`;return gU(t)&&(e=e+":"+Ue()),e},yU=async t=>{let e=QS(t);return await si(e)},VS=async(t,e)=>{let r=QS(t),n=qS[t],i;switch(n){case"calendarDay":i=86400}await ur(r,e,i)};var TU=["user:updated","email:smtp:updated","auth:sso:updated","app:updated","role:updated","datasource:updated","query:updated","view:updated","view:calculation:updated","automation:trigger:updated","user_group:updated"],fa=class{constructor(e){if(!e)throw new Error("Posthog token is not defined");this.posthog=new jS.PostHog(e)}async processEvent(e,r,n,i){if(TU.includes(e)||await WS(e))return;n=this.clearPIIProperties(n),n.version=h.VERSION,n.service=h.SERVICE,n.environment=r.environment,n.hosting=r.hosting;let s=Ue();s&&(n.appId=s);let o={distinctId:r.id,event:e,properties:n};i&&(o.timestamp=new Date(i)),(r.installationId||r.tenantId)&&(o.groups={},r.installationId&&(o.groups.installation=r.installationId,o.properties.installationId=r.installationId),r.tenantId&&(o.groups.tenant=r.tenantId,o.properties.tenantId=r.tenantId)),this.posthog.capture(o)}clearPIIProperties(e){return e.email&&delete e.email,e.audited&&delete e.audited,e}async identify(e,r){let n={distinctId:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.identify(n)}async identifyGroup(e,r){let n={distinctId:e.id,groupType:e.type,groupKey:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.groupIdentify(n)}async shutdown(){await this.posthog.shutdown()}};var HS=fa;var AU=["installation:version:upgraded","installation:version:downgraded"],SU=["installation","tenant"],ma=class{constructor(){h.POSTHOG_TOKEN&&!h.isTest()&&(this.posthog=new HS(h.POSTHOG_TOKEN))}async processEvent(e,r,n,i){!AU.includes(e)&&!await qc()||this.posthog&&await this.posthog.processEvent(e,r,n,i)}async identify(e,r){!SU.includes(e.type)&&!await qc()||this.posthog&&await this.posthog.identify(e,r)}async identifyGroup(e,r){this.posthog&&await this.posthog.identifyGroup(e,r)}async shutdown(){this.posthog&&await this.posthog.shutdown()}};var pm=h.SELF_HOSTED&&!h.isDev(),ha=class{async processEvent(e,r,n){pm||console.log(`[audit] [identityType=${r.type}] ${e}`,n)}async identify(e){pm||console.log("[audit] identified",e)}async identifyGroup(e){pm||console.log("[audit] group identified",e)}async shutdown(){}};var Em={};N(Em,{BudibaseQueue:()=>kt,InMemoryQueue:()=>jc,JobQueue:()=>hs,QueuedProcessor:()=>ym,UnretriableError:()=>Yc,shutdown:()=>vU});var KS=q(require("events"));function _U(t){let e="",r=-1,n,i,s=t.opts?.repeat;return s&&(i=s.endDate?new Date(s.endDate).getTime():Date.now(),n=s.tz,"cron"in s?e=s.cron:r=s.every),{id:t.id.toString(),name:"",key:t.id.toString(),tz:n,endDate:i,cron:e,every:r,next:0}}var jc=class{constructor(e,r){this._name=e,this._opts=r,this._messages=[],this._emitter=new KS.default.EventEmitter,this._runCount=0,this._addCount=0,this._queuedJobIds=new Set,this._attempts=r?.defaultJobOptions?.attempts||1}async process(e,r){r=typeof e=="number"?r:e,this._emitter.on("message",async n=>{if(!n.manualTrigger&&n.opts?.repeat!=null)return;function i(){return r.length===1?r(n):new Promise((u,c)=>{r(n,(d,f)=>{d?c(d):u(f)})})}let s=this._attempts;async function o(u,c=0){try{return await u}catch(l){if(c++,c<s&&!n._isDiscarded)return await ht.wait(100*c),await o(i(),c);throw l}}try{let u=await o(i());this._emitter.emit("completed",n,u);let c=this._messages.indexOf(n);if(c===-1)throw"Failed deleting a processed message";this._messages.splice(c,1)}catch(u){console.error(u),this._emitter.emit("error",n,u)}this._runCount++;let a=n.opts?.jobId?.toString();a&&n.opts?.removeOnComplete&&this._queuedJobIds.delete(a)})}async isReady(){return this}async add(e,r){if(typeof e=="string")throw new Error("doesn't support named jobs");let n=r,i=n?.jobId?.toString();if(i&&this._queuedJobIds.has(i)){console.log(`Ignoring already queued job ${i}`);return}if(typeof e!="object")throw"Queue only supports carrying JSON.";i&&this._queuedJobIds.add(i);let s=me(),o=()=>{let u={id:s,timestamp:Date.now(),queue:this,data:e,opts:n,discard:async()=>{u._isDiscarded=!0}};this._messages.push(u),this._messages.length>1e3&&this._messages.shift(),this._addCount++,this._emitter.emit("message",u)},a=n?.delay;return a?setTimeout(o,a):o(),{id:i,finished:()=>new Promise((u,c)=>{let l=(f,m)=>{f.id===s&&(this._emitter.off("error",l),this._emitter.off("completed",d),c(m))},d=(f,m)=>{f.id===s&&(this._emitter.off("error",l),this._emitter.off("completed",d),u(m))};this._emitter.on("error",l),this._emitter.on("completed",d)})}}async close(){}async removeRepeatableByKey(e){for(let[r,n]of this._messages.entries())if(n.id===e){this._messages.splice(r,1),this._emitter.emit("removed",n);return}}async removeJobs(e){}async clean(){return[]}async getJob(e){for(let r of this._messages)if(r.id===e)return r;return null}manualTrigger(e){for(let r of this._messages)if(r.id===e){this._emitter.emit("message",{...r,manualTrigger:!0});return}throw new Error(`Job with id ${e} not found`)}on(e,r){return this._emitter.on(e,r),this}off(e,r){return this._emitter.off(e,r),this}async count(){return this._messages.length}async getCompletedCount(){return this._runCount}async getRepeatableJobs(){return this._messages.filter(e=>e.opts?.repeat!=null).map(e=>_U(e))}async whenCurrentJobsFinished(){do await im(50);while(this.hasRunningJobs())}hasRunningJobs(){return this._addCount>this._runCount}},YS=jc;var hm=q(require("bull"));var hs=(a=>(a.AUTOMATION="automationQueue",a.APP_BACKUP="appBackupQueue",a.AUDIT_LOG="auditLogQueue",a.SYSTEM_EVENT_QUEUE="systemEventQueue",a.APP_MIGRATION="appMigration",a.DOC_WRITETHROUGH_QUEUE="docWritethroughQueue",a.DEV_REVERT_PROCESSOR="devRevertProcessorQueue",a))(hs||{});function JS(t,e,r){xU(t,e),r&&IU(t,r)}function IU(t,e){t.on("stalled",async r=>{if(e)await e(r);else if(r.opts.repeat){let n=r.id,i=await t.getRepeatableJobs();for(let s of i)s.id===n&&await t.removeRepeatableByKey(s.key);console.log(`jobId=${n} disabled`)}})}function At(t,e,r={},n={}){let i=`[BULL] ${t}=${e}`,s=r.error,o={_logKey:"bull",eventType:t,event:e,job:r.job,jobId:r.jobId||r.job?.id,...n},a;return r.job?.data?.automation&&(a={_logKey:"automation",trigger:r.job?r.job.data.automation.definition.trigger.event:void 0}),[i,s,o,a]}var OU={automationQueue:"automation-event",appBackupQueue:"app-backup-event",auditLogQueue:"audit-log-event",systemEventQueue:"system-event",appMigration:"app-migration",docWritethroughQueue:"doc-writethrough",devRevertProcessorQueue:"dev-revert-event"};function xU(t,e){let r=OU[e];function n(i,s){let o=i.data.event?.appId;if(o)return af(o,s);s()}t.on("stalled",async i=>{await n(i,()=>{console.error(...At(r,"stalled",{job:i}))})}).on("error",i=>{console.error(...At(r,"error",{error:i}))}),process.env.NODE_DEBUG?.includes("bull")&&t.on("waiting",i=>{console.info(...At(r,"waiting",{jobId:i}))}).on("active",async i=>{await n(i,()=>{console.info(...At(r,"active",{job:i}))})}).on("progress",async(i,s)=>{await n(i,()=>{console.info(...At(r,"progress",{job:i},{progress:s}))})}).on("completed",async(i,s)=>{await n(i,()=>{console.info(...At(r,"completed",{job:i},{result:s}))})}).on("failed",async(i,s)=>{await n(i,()=>{console.error(...At(r,"failed",{job:i,error:s}))})}).on("paused",()=>{console.info(...At(r,"paused"))}).on("resumed",()=>{console.info(...At(r,"resumed"))}).on("cleaned",(i,s)=>{console.info(...At(r,"cleaned",{},{length:i.length,type:s}))}).on("drained",()=>{console.info(...At(r,"drained"))}).on("removed",i=>{console.info(...At(r,"removed",{job:i}))})}var Hc={};N(Hc,{cleanup:()=>RU,clear:()=>mm,set:()=>fm});var ga=[];function fm(t,e){let r=setInterval(t,e);return ga.push(r),r}function mm(t){let e=ga.indexOf(t);e!==-1&&ga.splice(e,1),clearInterval(t)}function RU(){for(let t of ga)clearInterval(t);ga=[]}var mr=q(require("dd-trace")),ya=q(require("object-sizeof")),wU=be.fromMinutes(5).toMs(),bU=be.fromSeconds(30).toMs(),gm=be.fromSeconds(60).toMs(),Ea=[],Kc;async function zS(){for(let t of Ea)await t.clean(gm,"completed"),await t.clean(gm,"failed")}async function DU(t,e,r){let n=performance.now();try{let i=await e();return mr.default.dogstatsd.increment(`${t}.success`,1,r),i}catch(i){throw mr.default.dogstatsd.increment(`${t}.error`,1,r),i}finally{let i=performance.now()-n;mr.default.dogstatsd.distribution(`${t}.duration.ms`,i,r),mr.default.dogstatsd.increment(t,1,r)}}function ZS(t){return{"job.opts.attempts":t.attempts,"job.opts.backoff":t.backoff,"job.opts.delay":t.delay,"job.opts.jobId":t.jobId,"job.opts.lifo":t.lifo,"job.opts.preventParsingData":t.preventParsingData,"job.opts.priority":t.priority,"job.opts.removeOnComplete":t.removeOnComplete,"job.opts.removeOnFail":t.removeOnFail,"job.opts.repeat":t.repeat,"job.opts.stackTraceLimit":t.stackTraceLimit,"job.opts.timeout":t.timeout}}function CU(t){return{"job.id":t.id,"job.attemptsMade":t.attemptsMade,"job.timestamp":t.timestamp,"job.data.sizeBytes":(0,ya.default)(t.data),...ZS(t.opts||{})}}var kt=class{constructor(e,r={}){this.opts=r,this.jobQueue=e,this.queue=this.initQueue()}get name(){return this.queue.name}initQueue(){let r={redis:Xn(),settings:{maxStalledCount:this.opts.maxStalledCount?this.opts.maxStalledCount:0,lockDuration:wU,lockRenewTime:bU}};this.opts.jobOptions&&(r.defaultJobOptions=this.opts.jobOptions);let n;return h.isTest()?process.env.BULL_TEST_REDIS_PORT&&!isNaN(+process.env.BULL_TEST_REDIS_PORT)?n=new hm.default(this.jobQueue,{...r,redis:{host:"localhost",port:+process.env.BULL_TEST_REDIS_PORT}}):n=new YS(this.jobQueue,r):n=new hm.default(this.jobQueue,r),JS(n,this.jobQueue,this.opts.removeStalledCb),Ea.push(n),!Kc&&!h.isTest()&&(Kc=fm(zS,gm),zS().catch(i=>{console.error(`Unable to cleanup ${this.jobQueue} initially - ${i}`)})),n}getBullQueue(){return this.queue}process(...e){let r,n;e.length===2?(r=e[0],n=e[1]):n=e[0];let i=async(o,a)=>{await mr.default.trace("queue.process",async u=>{if(o.data._parentSpanContext){let c=o.data._parentSpanContext,l={traceId:c.traceId,spanId:c.spanId,toTraceId:()=>c.traceId,toSpanId:()=>c.spanId,toTraceparent:()=>""};u.addLink(l)}u.addTags({"queue.name":this.jobQueue,...CU(o)}),this.opts.jobTags&&u.addTags(this.opts.jobTags(o.data)),mr.default.dogstatsd.distribution("queue.process.sizeBytes",(0,ya.default)(o.data),this.metricTags()),await this.withMetrics("queue.process",()=>a?n(o,a):n(o))})},s;return n.length===1?s=o=>i(o):s=i,r?this.queue.process(r,s):this.queue.process(s)}async add(e,r){return await mr.default.trace("queue.add",async n=>(n.addTags({"queue.name":this.jobQueue,"job.data.sizeBytes":(0,ya.default)(e),...ZS(r||{})}),this.opts.jobTags&&n.addTags(this.opts.jobTags(e)),e._parentSpanContext={traceId:n.context().toTraceId(),spanId:n.context().toSpanId()},mr.default.dogstatsd.distribution("queue.add.sizeBytes",(0,ya.default)(e),this.metricTags()),await this.withMetrics("queue.add",()=>this.queue.add(e,r))))}withMetrics(e,r){return DU(e,r,this.metricTags())}metricTags(){return{queueName:this.jobQueue}}close(e){return this.queue.close(e)}whenCurrentJobsFinished(){return this.queue.whenCurrentJobsFinished()}};async function vU(){Kc&&mm(Kc),console.log("Waiting for current queue jobs to finish...");for(let t of Ea)await t.whenCurrentJobsFinished();console.log("Closing queue Redis connections...");for(let t of Ea)await t.close();Ea=[],console.log("Queues shutdown")}var Yc=class extends Error{constructor(e){super(e),this.name="PermanentError"}},ym=class{constructor(e,r={}){let{maxAttempts:n=3,removeOnFail:i=!0,removeOnComplete:s=!0,maxStalledCount:o=3}=r;this.waitForCompletionMs=r.waitForCompletionMs||1e4,this._queue=new kt(e,{maxStalledCount:o,jobOptions:{attempts:n,removeOnFail:i,removeOnComplete:s}}),this._queue.process(async(a,u)=>{try{let c=await this.processFn(a.data);u?.(null,c)}catch(c){c instanceof Yc&&await a.discard(),ci(`Failed to process job in ${this._queue.name}`,c),u?.(c)}})}async close(e){await this._queue.close(e)}async execute(e){try{let r=await this._queue.add(e);return{success:!0,result:await ht.withTimeout(this.waitForCompletionMs,()=>r.finished())}}catch(r){if(r.errno!=="ETIME")throw r;return{success:!1,reason:"timeout"}}}};var gs=class t{static{this.auditLogsEnabled=!1}static init(e){t.auditLogsEnabled=!0;let r=e;return t.auditLogQueue=new kt("auditLogQueue",{jobTags:n=>({"event.name":n.event})}),t.auditLogQueue.process(async n=>{await We(n.data.tenantId,async()=>{let i=n.data.properties;i.audited&&(i={...i,...i.audited},delete i.audited);let s={};h.ENABLE_AUDIT_LOG_IP_ADDR&&(s=n.data.opts.hostInfo),await r(n.data.event,i,{userId:n.data.opts.userId,timestamp:n.data.opts.timestamp,appId:n.data.opts.appId,hostInfo:s})})})}async processEvent(e,r,n,i){if(t.auditLogsEnabled&&sm(e)){let s=r.type==="user"?r.id:void 0;await t.auditLogQueue.add({event:e,properties:n,opts:{userId:s,timestamp:i,appId:Ue(),hostInfo:r.hostInfo},tenantId:j()})}}async identify(){}async identifyGroup(){}async shutdown(){await t.auditLogQueue?.close()}};var Ta=class{constructor(e){this.initialised=!1;this.processors=[];this.processors=e}async processEvent(e,r,n,i){for(let s of this.processors)await s.processEvent(e,r,n,i)}async identify(e,r){for(let n of this.processors)n.identify&&await n.identify(e,r)}async identifyGroup(e,r){for(let n of this.processors)n.identifyGroup&&await n.identifyGroup(e,r)}async shutdown(){for(let e of this.processors)e.shutdown&&await e.shutdown()}};var XS=new ma,NU=new ha,PU=new gs;function UU(t){return gs.init(t)}var hr=new Ta([XS,NU,PU]);var Jc={};N(Jc,{checkInstallVersion:()=>FU,getInstall:()=>Sa,getInstallFromDB:()=>Sm});var Am=q(require("semver"));var Sa=async()=>qr(Ce.INSTALLATION,86400,Sm,{useTenancy:!1});async function LU(t){let e={_id:xe.PLATFORM_INFO.docs.install,installId:me(),version:h.VERSION};try{let r=await t.put(e);return e._rev=r.rev,e}catch(r){if(r.status===409)return Sm();throw r}}var Sm=async()=>ct(xe.PLATFORM_INFO.name,async t=>{let e;try{e=await t.get(xe.PLATFORM_INFO.docs.install)}catch(r){if(r.status===404)e=await LU(t);else throw r}return e}),MU=async t=>{try{await ct(xe.PLATFORM_INFO.name,async e=>{let r=await Sa();r.version=t,await e.put(r),await ns(Ce.INSTALLATION)})}catch(e){if(e.status===409)return!1;throw e}return!0},FU=async()=>{let t=await Sa(),e=t.version,r=h.VERSION;try{if(e!==r){let n=Am.default.gt(r,e),i=Am.default.lt(r,e);await MU(r)&&(await wo({_id:t.installId,type:"installation"},async()=>{n?await Aa.upgraded(e,r):i&&await Aa.downgraded(e,r)}),await Bt.identifyInstallationGroup(t.installId))}}catch(n){n?.message?.includes("Invalid Version")?ci(`Invalid version "${r}" - is it semver?`):ci("Failed to retrieve version",n)}};var kU=async()=>{let t=$p(),e=Oa(),r;if(t?r=t.type:r="tenant",r==="installation"){let n=await pi(),i=_a();return{id:e_(n,r),hosting:i,type:r,installationId:n,environment:e}}else if(r==="tenant"){let n=await pi(),i=await zc(j()),s=_a();return{id:e_(i,r),type:r,hosting:s,installationId:n,tenantId:i,realTenantId:j(),environment:e}}else if(r==="user"){let n=t,i=await zc(j()),s=await pi(),o=n.account,a;return o?a=o.hosting:a=_a(),{id:n._id,type:r,hosting:a,installationId:s,tenantId:i,environment:e,realTenantId:j(),hostInfo:n.hostInfo}}else throw new Error("Unknown identity type")},BU=async(t,e)=>{let r=t,n="installation",i=_a(),s=h.VERSION,o=Oa(),a={id:r,type:n,hosting:i,version:s,environment:o};await _m(a,e),await Ia({...a,id:`$${n}_${r}`},e)},GU=async(t,e,r)=>{let n=await zc(t),i="tenant",s=await pi(),o=Oa(),a={id:n,type:i,hosting:e,environment:o,installationId:s};await _m(a,r),await Ia({...a,id:`$${i}_${n}`},r)},$U=async(t,e,r)=>{let n=t._id,i=await zc(t.tenantId),s="user",o=Tt(t),a=tn(t),u;Ya(t)&&(u=t.providerType);let l=(await ds([t.email])).length>0,d=!!e&&l&&e.verified,f=await pi(),m=e?e.hosting:_a(),p=Oa();await Ia({id:n,type:s,hosting:m,installationId:f,tenantId:i,verified:d,accountHolder:l,providerType:u,builder:o,admin:a,environment:p},r)},VU=async t=>{let e=t.accountId,r=t.tenantId,n="user",i=Ka(t)?t.providerType:void 0,s=t.verified,o=!0,a=t.hosting,u=await pi(),c=Oa();if(Ha(t)){let d=await Gt(t.email);d?._id&&(e=d._id)}await Ia({id:e,type:n,hosting:a,installationId:u,tenantId:r,providerType:i,verified:s,accountHolder:o,environment:c})},Ia=async(t,e)=>{await hr.identify(t,e)},_m=async(t,e)=>{await hr.identifyGroup(t,e)},Oa=()=>h.isDev()?"development":h.DEPLOYMENT_ENVIRONMENT,_a=()=>h.SELF_HOSTED?"self":"cloud",pi=async()=>qU()?"account-portal":(await Sa()).installId,zc=async t=>h.SELF_HOSTED?t_(t):t,t_=async t=>We(t,()=>qr(Ce.UNIQUE_TENANT_ID,86400,async()=>{let e=ne(),r=await Zc(),n;return r.config.uniqueTenantId?r.config.uniqueTenantId:(n=`${me()}_${t}`,r.config.uniqueTenantId=n,await e.put(r),n)})),qU=()=>h.SERVICE==="account-portal",e_=(t,e)=>e==="installation"||e==="tenant"?`$${e}_${t}`:t,Bt={getCurrentIdentity:kU,identifyInstallationGroup:BU,identifyTenantGroup:GU,identifyUser:$U,identifyAccount:VU,identify:Ia,identifyGroup:_m,getInstallationId:pi,getUniqueTenantId:t_};var Xc={};N(Xc,{end:()=>QU,isAlreadySent:()=>xm,isBackfillingEvent:()=>Om,recordEvent:()=>Im,start:()=>WU});var WU=async t=>HU({eventWhitelist:t}),Im=async(t,e)=>{let r=Rm(t,e);await ur(r,e,void 0,{useTenancy:!1})},QU=async()=>{await KU(),await YU()},jU=async()=>si(Ce.BACKFILL_METADATA),HU=async t=>ur(Ce.BACKFILL_METADATA,t),KU=async()=>{await Qo(Ce.BACKFILL_METADATA)},YU=async()=>{let t=Rm(),e=await mc(t);for(let r of e)await Qo(r,{useTenancy:!1})},Om=async t=>{let r=(await jU())?.eventWhitelist;return!!(r&&r.includes(t))},xm=async(t,e)=>{let r=Rm(t,e);return!!await si(r,{useTenancy:!1})},JU={"automation:created":t=>t.automationId,"automation:step:created":t=>t.stepId,"datasource:created":t=>t.datasourceId,"layout:created":t=>t.layoutId,"query:created":t=>t.queryId,"role:created":t=>t.roleId,"screen:created":t=>t.screenId,"table:created":t=>t.tableId,"view:created":t=>t.tableId,"view:calculation:created":t=>t.tableId,"view:filter:created":t=>t.tableId,"app:created":t=>t.appId,"app:published":t=>t.appId,"auth:sso:created":t=>t.type,"auth:sso:activated":t=>t.type,"user:created":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:builder:assigned":t=>t.userId,"role:assigned":t=>`${t.roleId}-${t.userId}`},Rm=(t,e)=>{let r,n=j();if(t){r=`${Ce.EVENTS}:${n}:${t}`;let i=JU[t],s=i?i(e):void 0;s&&(r=`${r}:${s}`)}else r=`${Ce.EVENTS}:${n}:*`;return r};var gr;function el(){gr=new kt("systemEventQueue",{jobTags:t=>({"event.name":t.event})})}async function r_(){gr&&await gr.close()}async function n_(t){gr||el();let{event:e,identity:r}=t;$h.indexOf(e)!==-1&&r.tenantId&&await gr.add(t)}var A=async(t,e,r,n)=>{let i=n||await Bt.getCurrentIdentity();if(!(n?!1:await Om(t))){await n_({event:t,identity:i,properties:e,timestamp:r}),await hr.processEvent(t,i,e,r);return}await xm(t,e)||(await hr.processEvent(t,i,e,r),await Im(t,e))};async function zU(t,e){let r={tenantId:t.tenantId};await A("account:created",r,void 0,e)}async function ZU(t){let e={tenantId:t.tenantId};await A("account:deleted",e)}async function XU(t){let e={tenantId:t.tenantId};await A("account:verified",e)}var i_={created:zU,deleted:ZU,verified:XU};async function eL(t,e){await A("action:automation_step:executed",t,e)}async function tL(t,e){await A("action:crud:executed",t,e)}async function rL(t,e){await A("action:ai_agent:executed",t,e)}var s_={aiAgentExecuted:rL,automationStepExecuted:eL,crudExecuted:tL};var nL=async(t,e)=>{let r={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:created",r,e)};async function iL(t){let e={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:updated",e)}async function sL(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:deleted",e)}async function oL(t,e){let r={appId:t.appId,audited:{name:t.name}};await A("app:published",r,e)}async function aL(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:unpublished",e)}async function uL(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:file:imported",e)}async function cL(t,e){let r={duplicateAppId:e,appId:t.appId,audited:{name:t.name}};await A("app:duplicated",r)}async function lL(t,e){let r={appId:t.appId,templateKey:e,audited:{name:t.name}};await A("app:template:imported",r)}async function dL(t,e,r){let n={appId:t.appId,currentVersion:e,updatedToVersion:r,audited:{name:t.name}};await A("app:version:updated",n)}async function pL(t,e,r){let n={appId:t.appId,currentVersion:e,revertedToVersion:r,audited:{name:t.name}};await A("app:version:reverted",n)}async function fL(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:reverted",e)}async function mL(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:exported",e)}var o_={created:nL,updated:iL,deleted:sL,published:oL,unpublished:aL,fileImported:uL,duplicated:cL,templateImported:lL,versionUpdated:dL,versionReverted:pL,reverted:fL,exported:mL};async function hL(t,e){let n={userId:(await Bt.getCurrentIdentity()).id,source:t,audited:{email:e}};await A("auth:login",n)}async function gL(t){let r={userId:(await Bt.getCurrentIdentity()).id,audited:{email:t}};await A("auth:logout",r)}async function yL(t,e){let r={type:t};await A("auth:sso:created",r,e)}async function EL(t){let e={type:t};await A("auth:sso:updated",e)}async function TL(t,e){let r={type:t};await A("auth:sso:activated",r,e)}async function AL(t){let e={type:t};await A("auth:sso:deactivated",e)}var tl={login:hL,logout:gL,SSOCreated:yL,SSOUpdated:EL,SSOActivated:TL,SSODeactivated:AL};async function SL(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:created",r,e)}async function _L(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:trigger:updated",e)}async function IL(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:deleted",e)}async function OL(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:tested",e)}var xL=async(t,e)=>{let r={count:t};await A("automations:run",r,e)};async function RL(t,e,r){let n={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:created",n,r)}async function wL(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:deleted",r)}var a_={created:SL,triggerUpdated:_L,deleted:IL,tested:OL,run:xL,stepCreated:RL,stepDeleted:wL};function wm(t){return!Object.values(qa).includes(t.source)}async function bL(t,e){let r={datasourceId:t._id,source:t.source,custom:wm(t)};await A("datasource:created",r,e)}async function DL(t){let e={datasourceId:t._id,source:t.source,custom:wm(t)};await A("datasource:updated",e)}async function CL(t){let e={datasourceId:t._id,source:t.source,custom:wm(t)};await A("datasource:deleted",e)}var u_={created:bL,updated:DL,deleted:CL};async function vL(t){let e={};await A("email:smtp:created",e,t)}async function NL(){let t={};await A("email:smtp:updated",t)}var c_={SMTPCreated:vL,SMTPUpdated:NL};async function PL(t){let e={};await A("ai:config:created",e,t)}async function UL(){let t={};await A("ai:config:updated",t)}var l_={AIConfigCreated:PL,AIConfigUpdated:UL};async function LL(t,e){let r={accountId:t.accountId,...e};await A("license:plan:changed",r)}async function ML(t){let e={accountId:t.accountId};await A("license:activated",e)}async function FL(t){let e={accountId:t.accountId};await A("license:checkout:opened",e)}async function kL(t){let e={accountId:t.accountId};await A("license:checkout:success",e)}async function BL(t){let e={accountId:t.accountId};await A("license:portal:opened",e)}async function GL(t){let e={accountId:t.accountId};await A("license:payment:failed",e)}async function $L(t){let e={accountId:t.accountId};await A("license:payment:recovered",e)}var d_={planChanged:LL,activated:ML,checkoutOpened:FL,checkoutSuccess:kL,portalOpened:BL,paymentFailed:GL,paymentRecovered:$L};async function VL(t,e){let r={layoutId:t._id};await A("layout:created",r,e)}async function qL(t){let e={layoutId:t};await A("layout:deleted",e)}var p_={created:VL,deleted:qL};async function WL(t){let e={};await A("org:info:name:updated",e,t)}async function QL(t){let e={};await A("org:info:logo:updated",e,t)}async function jL(t){let e={};await A("org:platformurl:updated",e,t)}async function HL(){let t={};await A("analytics:opt:out",t)}async function KL(){let t={};await A("analytics:opt:out",t)}var f_={nameUpdated:WL,logoUpdated:QL,platformURLUpdated:jL,analyticsOptOut:HL,analyticsOptIn:KL};var YL=async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:created",n,r)},JL=async(t,e)=>{let r={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:updated",r)},zL=async(t,e)=>{let r={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:deleted",r)},ZL=async(t,e,r)=>{let n={datasourceId:t._id,source:t.source,count:r,importSource:e};await A("query:import",n)},XL=async(t,e)=>{let r={count:t};await A("queries:run",r,e)},eM=async(t,e)=>{let r={queryId:e.queryId,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:previewed",r)},m_={created:YL,updated:JL,deleted:zL,imported:ZL,run:XL,previewed:eM};async function tM(t,e){let r={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:created",r,e)}async function rM(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:updated",e)}async function nM(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:deleted",e)}async function iM(t,e,r){let n={userId:t._id,roleId:e};await A("role:assigned",n,r)}async function sM(t,e){let r={userId:t._id,roleId:e};await A("role:unassigned",r)}var xa={created:tM,updated:rM,deleted:nM,assigned:iM,unassigned:sM};async function oM(t,e){let r={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:created",r,e)}async function aM(t){let e={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:deleted",e)}var h_={created:oM,deleted:aM};var uM=async(t,e)=>{let r={count:t};await A("rows:created",r,e)},cM=async(t,e)=>{let r={tableId:t._id,count:e};await A("rows:imported",r)},g_={created:uM,imported:cM};async function lM(t,e){let r={tableId:t._id,audited:{name:t.name}};await A("table:created",r,e)}async function dM(t,e){let r,n;for(let s in e.schema)if(!t.schema[s]){let o=e.schema[s];"default"in o&&o.default!=null&&(r=!0),o.type==="ai"&&(n=o.operation)}let i={tableId:e._id,defaultValues:r,aiColumn:n,audited:{name:e.name}};(r||n)&&await A("table:updated",i)}async function pM(t){let e={tableId:t._id,audited:{name:t.name}};await A("table:deleted",e)}async function fM(t,e){let r={tableId:t._id,format:e,audited:{name:t.name}};await A("table:exported",r)}async function mM(t){let e={tableId:t._id,audited:{name:t.name}};await A("table:imported",e)}var y_={created:lM,updated:dM,deleted:pM,exported:fM,imported:mM};async function hM(t){let e={timezone:t};await A("served:builder",e)}async function gM(t,e,r){let n={appVersion:t.version,timezone:e,embed:r===!0};await A("served:app",n)}async function yM(t,e){let r={appId:t.appId,appVersion:t.version,timezone:e};await A("served:app:preview",r)}var E_={servedBuilder:hM,servedApp:gM,servedAppPreview:yM};async function EM(t,e){let r={userId:t._id,viaScim:Ut(),audited:{email:t.email}};await A("user:created",r,e)}async function TM(t){let e={userId:t._id,viaScim:Ut(),audited:{email:t.email}};await A("user:updated",e)}async function AM(t){let e={userId:t._id,viaScim:Ut(),audited:{email:t.email}};await A("user:deleted",e)}async function SM(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:admin:assigned",r,e)}async function _M(t){let e={userId:t._id,audited:{email:t.email}};await A("user:admin:removed",e)}async function IM(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:builder:assigned",r,e)}async function OM(t){let e={userId:t._id,audited:{email:t.email}};await A("user:builder:removed",e)}async function xM(t){let e={audited:{email:t}};await A("user:invited",e)}async function RM(t){let e={userId:t._id,audited:{email:t.email}};await A("user:invite:accepted",e)}async function wM(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:force:reset",e)}async function bM(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:updated",e)}async function DM(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset:requested",e)}async function CM(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset",e)}async function vM(t){let e={users:t};await A("user:data:collaboration",e)}var ze={created:EM,updated:TM,deleted:AM,permissionAdminAssigned:SM,permissionAdminRemoved:_M,permissionBuilderAssigned:IM,permissionBuilderRemoved:OM,invited:xM,inviteAccepted:RM,passwordForceReset:wM,passwordUpdated:bM,passwordResetRequested:DM,passwordReset:CM,dataCollaboration:vM};async function NM(t,e){let r={name:t.name,type:t.type,tableId:t.tableId};await A("view:created",r,e)}async function PM(t){let e={tableId:t.tableId};await A("view:updated",e)}async function UM(t){let e={tableId:t.tableId};await A("view:deleted",e)}async function LM(t,e){let r={tableId:t._id,format:e};await A("view:exported",r)}async function MM({tableId:t,filterGroups:e},r){let n={tableId:t,filterGroups:e};await A("view:filter:created",n,r)}async function FM({tableId:t,filterGroups:e}){let r={tableId:t,filterGroups:e};await A("view:filter:updated",r)}async function kM(t){let e={tableId:t.tableId};await A("view:filter:deleted",e)}async function BM({tableId:t,calculationType:e},r){let n={tableId:t,calculation:e};await A("view:calculation:created",n,r)}async function GM(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:updated",e)}async function $M(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:deleted",e)}async function VM(t,e){let r={tableId:t};await A("view:join:created",r,e)}var T_={created:NM,updated:PM,deleted:UM,exported:LM,filterCreated:MM,filterUpdated:FM,filterDeleted:kM,calculationCreated:BM,calculationUpdated:GM,calculationDeleted:$M,viewJoinCreated:VM};async function qM(t){let e={currentVersion:t};await A("installation:version:checked",e)}async function WM(t,e){let r={from:t,to:e};await A("installation:version:upgraded",r)}async function QM(t,e){let r={from:t,to:e};await A("installation:version:downgraded",r)}async function jM(){let t={};await A("installation:firstStartup",t)}var Aa={versionChecked:qM,upgraded:WM,downgraded:QM,firstStartup:jM};var Ts=!h.SELF_HOSTED&&!h.isDev();async function HM(t){Ts||await A("app:backfill:succeeded",t)}async function KM(t){if(Ts)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("app:backfill:failed",e)}async function YM(t){Ts||await A("tenant:backfill:succeeded",t)}async function JM(t){if(Ts)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("tenant:backfill:failed",e)}async function zM(){if(Ts)return;let t={};await A("installation:backfill:succeeded",t)}async function ZM(t){if(Ts)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("installation:backfill:failed",e)}var A_={appSucceeded:HM,appFailed:KM,tenantSucceeded:YM,tenantFailed:JM,installationSucceeded:zM,installationFailed:ZM};async function XM(t,e){let r={groupId:t._id,viaScim:Ut(),audited:{name:t.name}};await A("user_group:created",r,e)}async function e0(t){let e={groupId:t._id,viaScim:Ut(),audited:{name:t.name}};await A("user_group:updated",e)}async function t0(t){let e={groupId:t._id,viaScim:Ut(),audited:{name:t.name}};await A("user_group:deleted",e)}async function r0(t,e){let r={count:t,groupId:e._id,viaScim:Ut(),audited:{name:e.name}};await A("user_group:user_added",r)}async function n0(t,e){let r={count:t,groupId:e._id,viaScim:Ut(),audited:{name:e.name}};await A("user_group:users_deleted",r)}async function i0(t){let e={groupId:t,onboarding:!0};await A("user_group:onboarding_added",e)}async function s0(t){let e={permissions:t.roles,groupId:t._id,audited:{name:t.name}};await A("user_group:permissions_edited",e)}var S_={created:XM,updated:e0,deleted:t0,usersAdded:r0,usersDeleted:n0,createdOnboarding:i0,permissionsEdited:s0};async function o0(t){let e={type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:init",e)}async function a0(t){let e={pluginId:t._id,type:t.schema.type,source:t.source,name:t.name,description:t.description,version:t.version};await A("plugin:imported",e)}async function u0(t){let e={pluginId:t._id,type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:deleted",e)}var __={init:o0,imported:a0,deleted:u0};async function c0(t){let e={appId:t.appId,restoreId:t._id,backupCreatedAt:t.timestamp,name:t.name};await A("app:backup:restored",e)}async function l0(t,e,r,n,i){let s={appId:t,backupId:e,type:r,trigger:n,name:i};await A("app:backup:triggered",s)}var I_={appBackupRestored:c0,appBackupTriggered:l0};async function d0(t,e){let r={name:t,environments:e};await A("environment_variable:created",r)}async function p0(t){let e={name:t};await A("environment_variable:deleted",e)}async function f0(t){let e={userId:t};await A("environment_variable:upgrade_panel_opened",e)}var O_={created:d0,deleted:p0,upgradePanelOpened:f0};async function m0(t){let e={filters:t};await A("audit_log:filtered",e)}async function h0(t){let e={filters:t};await A("audit_log:downloaded",e)}var x_={filtered:m0,downloaded:h0};async function g0(t,e){await A("row_action:created",t,e)}var R_={created:g0};function y0(){}var E0=async()=>{await hr.shutdown(),console.log("Events shutdown")};var bm=async t=>{await ze.deleted(t),Tt(t)&&await ze.permissionBuilderRemoved(t),tn(t)&&await ze.permissionAdminRemoved(t)},T0=async(t,e,r)=>{for(let[n,i]of Object.entries(e))(!r||r[n]!==i)&&await xa.assigned(t,i)},A0=async(t,e,r)=>{if(r)for(let[n,i]of Object.entries(r))(!e||e[n]!==i)&&await xa.unassigned(t,i)},S0=async(t,e)=>{let r=t.roles,n=e?.roles;await T0(t,r,n),await A0(t,r,n)},Dm=async(t,e)=>{let r=j(),n;!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL&&(n=await cs(r)),await Bt.identifyUser(t,n),e?(await ze.updated(t),I0(t,e)&&await ze.permissionBuilderRemoved(t),x0(t,e)&&await ze.permissionAdminRemoved(t),!e.forceResetPassword&&t.forceResetPassword&&t.password&&await ze.passwordForceReset(t),t.password!==e.password&&await ze.passwordUpdated(t)):await ze.created(t),_0(t,e)&&await ze.permissionBuilderAssigned(t),O0(t,e)&&await ze.permissionAdminAssigned(t),await S0(t,e)},_0=(t,e)=>w_(t,e,Tt),I0=(t,e)=>b_(t,e,Tt),O0=(t,e)=>w_(t,e,tn),x0=(t,e)=>b_(t,e,tn),w_=(t,e,r)=>!(!r(t)||e&&r(e)),b_=(t,e,r)=>!(r(t)||!e||!r(e));var rl={};N(rl,{createASession:()=>w0,endSession:()=>b0,getSession:()=>vm,getSessionsForUser:()=>Ra,invalidateSessions:()=>fi,updateSessionTTL:()=>Cm});var C_=require("uuid");var v_=h.SESSION_EXPIRY_SECONDS?parseInt(h.SESSION_EXPIRY_SECONDS):be.fromDays(7).toSeconds();function As(t,e){return`${t}/${e}`}async function Ra(t){return t?(await(await $r()).scan(t)).map(n=>n.value):(console.trace("Cannot get sessions for undefined userId"),[])}async function fi(t,e={}){try{let r=e?.reason||"unknown",n=e.sessionIds||[],i;if(n.length===0?i=(await Ra(t)).map(o=>({key:As(o.userId,o.sessionId)})):(n=Array.isArray(n)?n:[n],i=n.map(s=>({key:As(t,s)}))),i&&i.length>0){let s=await $r(),o=[];for(let a of i)o.push(s.delete(a.key));h.isTest()||us(`Invalidating sessions for ${t} (reason: ${r}) - ${i.map(a=>a.key).join(", ")}`),await Promise.all(o)}}catch(r){console.error(`Error invalidating sessions: ${r}`)}}async function w0(t,e){let r=await Ra(t),n=0;if(r.length>=3){let c=r.sort((f,m)=>new Date(f.createdAt).getTime()-new Date(m.createdAt).getTime()),l=r.length-3+1,d=c.slice(0,l).map(f=>f.sessionId);n=d.length,await fi(t,{sessionIds:d,reason:"session limit exceeded"})}let i=await $r(),s=e.sessionId,o=e.csrfToken?e.csrfToken:(0,C_.v4)(),a=As(t,s),u={...e,csrfToken:o,createdAt:new Date().toISOString(),lastAccessedAt:new Date().toISOString(),userId:t};return await i.store(a,u,v_),{session:u,invalidatedSessionCount:n}}async function Cm(t){let e=await $r(),r=As(t.userId,t.sessionId);t.lastAccessedAt=new Date().toISOString(),await e.store(r,t,v_)}async function b0(t,e){await(await $r()).delete(As(t,e))}async function vm(t,e){if(!t||!e)throw new Error(`Invalid session details - ${t} - ${e}`);let n=await(await $r()).get(As(t,e));if(!n)throw new Error(`Session not found - ${t} - ${e}`);return n}var Lm={};N(Lm,{PASSWORD_MAX_LENGTH:()=>Pm,PASSWORD_MIN_LENGTH:()=>Nm,validatePassword:()=>Um});var Nm=+(h.PASSWORD_MIN_LENGTH||12),Pm=+(h.PASSWORD_MAX_LENGTH||512);function Um(t){return!t||t.length<Nm?{valid:!1,error:`Password invalid. Minimum ${Nm} characters.`}:t.length>Pm?{valid:!1,error:`Password invalid. Maximum ${Pm} characters.`}:{valid:!0}}var D0=async t=>{let e=t._id;await Mt.removeUser(t),await bm(t),await nn.invalidateUser(e),await fi(e,{reason:"bulk-deletion"})},Yt=class t{static init(e,r,n){t.quotas=e,t.groups=r,t.features=n}static async isPreventPasswordActions(e,r){return h.ENABLE_SSO_MAINTENANCE_MODE&&en(e)?!1:await t.features.isSSOEnforced()||Ya(e)?!0:(r||(r=await cs(j())),!!(r&&r.email===e.email&&Ka(r)))}static async buildUser(e,r={hashPassword:!0,requirePassword:!0},n,i,s){let{password:o,_id:a}=e;i&&!i.password&&(r.requirePassword=!1);let u;if(o){if(await t.isPreventPasswordActions(e,s))throw new Ge("Password change is disabled for this user",400);if(!r.skipPasswordValidation){let d=Um(o);if(!d.valid)throw new Ge(d.error,400)}u=r.hashPassword?await tm(o):o}else i&&(u=i.password);let c=r.requirePassword&&!await t.features.isSSOEnforced();if(!u&&c)throw"Password must be specified.";a=a||is();let l={createdAt:Date.now(),...i,...e,_id:a,password:u,tenantId:n};return l.roles||(l.roles={}),l.status==null&&(l.status="active"),l}static async allUsers(){return(await ne().allDocs(ai(null,{include_docs:!0}))).rows.map(n=>n.doc)}static async countUsersByApp(e){return{userCount:(await il(e,{})).length}}static async getUsersByAppAccess(e){return await Mm(e.appId,{limit:e.limit||50})}static async getUserByEmail(e){return Gt(e)}static async getUser(e){let r=await mi(e);return r&&delete r.password,r}static async bulkGet(e){return await nl(e)}static async bulkUpdate(e){return await wa(e)}static async save(e,r={}){r.hashPassword==null&&(r.hashPassword=!0),r.requirePassword==null&&(r.requirePassword=!0);let n=j(),i=ne(),{email:s,_id:o,userGroups:a=[],roles:u}=e;if(!s&&!o)throw new Error("_id or email is required");let c;if(o)try{if(c=await mi(o),s&&c.email!==s&&!r.allowChangingEmail)throw new Error("Email address cannot be changed")}catch(f){if(f.status!==404)throw f}if(!c&&s&&(c=await Gt(s),c&&c._id!==o))throw new fr(s);let l=1,d=0;if((r.isAccountHolder||c)&&(l=0,d=1),c){let[f,m]=await di([c,e]);d=f!==m?1:0}return t.quotas.addUsers(l,d,async()=>{r.isAccountHolder||await $c(s,n);let f=await t.buildUser(e,r,n,c);r.currentUserId&&r.currentUserId===c?._id&&(f=Fm(f,c)),!c&&u?.length&&(f.roles={...u});let m=[];if(!o&&a.length>0)for(let p of a)m.push(t.groups.addUsers(p,[f._id]));try{let p=await i.put(f);return f._rev=p.rev,await Dm(f,c),c&&f.email!==c.email&&await Mt.removeUser({email:c.email}),await Mt.addUser(n,f._id,f.email,f.ssoId),await nn.invalidateUser(p.id),await Promise.all(m),i.get(f._id)}catch(p){throw p.status===409?"User exists already":p}})}static async bulkCreate(e,r){let n=j(),i=[],s=[],o=[],a=e.map(f=>f.email),u=await lm(a),c=[];for(let f of e){let m=s.find(g=>g.email.toLowerCase()===f.email.toLowerCase()),p=u.includes(f.email.toLowerCase());if(m||p){c.push({email:f.email,reason:"Unavailable"});continue}f.userGroups=r||[],s.push(f),await pa(f)&&o.push(f)}let l=await cs(n),d=await t.features.isSSOEnforced();return t.quotas.addUsers(s.length,o.length,async()=>{for(let p of s)d&&delete p.password,i.push(t.buildUser(p,{hashPassword:!0,requirePassword:!d},n,void 0,l));let f=await Promise.all(i);await wa(f);for(let p of f)await Mt.addUser(n,p._id,p.email),await Dm(p,void 0);let m=f.map(p=>({_id:p._id,email:p.email}));if(Array.isArray(m)&&r){let p=[],g=m.map(y=>y._id);for(let y of r)p.push(t.groups.addUsers(y,g));await Promise.all(p)}return{successful:m,unsuccessful:c}})}static async bulkDelete(e){let r=ne(),n={successful:[],unsuccessful:[]},i=await Vc(e);i&&(e=e.filter(m=>m.userId!==i.userId),n.unsuccessful.push({_id:i.userId,email:i.email,reason:"Account holder cannot be deleted"}));let o=(await r.allDocs({include_docs:!0,keys:e.map(m=>m.userId)})).rows.map(m=>m.doc),a=o.map(m=>({...m,_deleted:!0})),u=await wa(a),l=(await di(o)).filter(m=>m).length,d=[];for(let m of o){let g=(await da(m._id)).ssoId;g&&(await Cc(g)).filter(T=>T.ssoId==null).forEach(T=>{d.push({...T,_deleted:!0})}),await D0(m)}await Wr().bulkDocs(d),await t.quotas.removeUsers(a.length,l);let f={};return o.reduce((m,p)=>(m[p._id]=p,m),f),u.forEach(m=>{let p=f[m.id].email;m.ok?n.successful.push({_id:m.id,email:p}):n.unsuccessful.push({_id:m.id,email:p,reason:"Database error"})}),n}static async destroy(e){let r=ne(),n=await r.get(e),i=n._id;if(!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let o=n.email;if(await Zr(o))throw n.userId===ar()._id?new Ge('Please visit "Account" to delete this user',400):new Ge("Account holder cannot be deleted",400)}await Mt.removeUser(n),await r.remove(i,n._rev);let s=await pa(n)?1:0;await t.quotas.removeUsers(1,s),await bm(n),await nn.invalidateUser(i),await fi(i,{reason:"deletion"})}static async createAdminUser(e,r,n){let i=n?.password,s={email:e,password:i,createdAt:Date.now(),roles:{},builder:{global:!0},admin:{global:!0},tenantId:r,firstName:n?.firstName,lastName:n?.lastName};return n?.ssoId&&(s.ssoId=n.ssoId),await ns(Ce.CHECKLIST),await t.save(s,{hashPassword:n?.hashPassword,requirePassword:n?.requirePassword,skipPasswordValidation:n?.skipPasswordValidation,isAccountHolder:!0})}static async getGroups(e){return await this.groups.getBulk(e)}static async getGroupBuilderAppIds(e){return await this.groups.getGroupBuilderAppIds(e)}};function Da(t){return Array.isArray(t)?t.map(e=>{if(e)return delete e.password,e}):t&&(delete t.password,t)}async function nl(t,e){let n=(await ne().allDocs({keys:t,include_docs:!0})).rows.map(i=>i.doc);return e?.cleanup&&(n=Da(n)),n}async function v0(){let t=ne(),e=`us${v}`;return(await t.allDocs({startkey:e,endkey:`${e}${$e}`})).rows.map(n=>n.id)}async function N0(){let t=ne(),e=`us${v}`;return(await t.allDocs({startkey:e,endkey:`${e}${$e}`,include_docs:!0})).rows.map(n=>n.doc)}async function wa(t){return await ne().bulkDocs(t)}async function mi(t,e){let n=await ne().get(t);return e?.cleanup&&(n=Da(n)),n}async function Gt(t,e){if(t==null)throw"Must supply an email address to view";let r=await lr("by_email2",{key:t.toLowerCase(),include_docs:!0});if(Array.isArray(r))throw new Error(`Multiple users found with email address: ${t}`);let n=r;return e?.cleanup&&(n=Da(n)),n}async function P0(t){try{let e=await Gt(t);if(Array.isArray(e)||e!=null)return!0}catch{return!1}return!1}async function il(t,e,r){if(typeof t!="string")throw new Error("Must provide a string based app ID");let n=Ac(t,{include_docs:!0});n.startkey=e&&e.startkey?e.startkey:n.startkey;let i=await lr("by_app",n);i||(i=[]);let s=Array.isArray(i)?i:[i];return r?.cleanup&&(s=Da(s)),s}async function Mm(t,e){let r=`roles.${t}`,n=[{"builder.global":!0},{"admin.global":!0}];if(t){let o={[r]:{$exists:!0}};n.push(o)}return(await ne().find({selector:{$or:n,_id:{$regex:"^us_"}},limit:e?.limit||50})).docs}function N_(t,e){if(e)return Tc(ut(t),e._id)}async function P_(t,e,r){if(typeof t!="string")throw new Error("Must provide a string to search by");let n=t.toLowerCase(),i=e&&e.startkey?e.startkey:n,s=await lr("by_email2",{...e,startkey:i,endkey:`${n}${$e}`});s||(s=[]);let o=Array.isArray(s)?s:[s];return r?.cleanup&&(o=Da(o)),o}var U0=8;async function U_({bookmark:t,query:e,appId:r,limit:n}={}){let i=ne(),s=n??U0,a={include_docs:!0,limit:s+1};t&&(a.startkey=t);let u,c="_id",l;return e?.equal?._id?u=[await mi(e.equal._id)]:r?(u=await il(r,a),l=d=>N_(r,d)):e?.string?.email?(u=await P_(e?.string?.email,a),c="email"):e?.oneOf?._id?u=await nl(e?.oneOf?._id,{cleanup:!0}):e?(u=(await i.allDocs(ai(null,{...a,limit:void 0}))).rows.map(f=>f.doc),u=Lr.search(u,{query:e,limit:a.limit}).rows):u=(await i.allDocs(ai(null,a))).rows.map(f=>f.doc),Nf(u,s,{paginate:!0,property:c,getKey:l})}async function L0(){return(await Lf("by_email2",{limit:0,include_docs:!1})).total_rows}async function M0(){let t=0;async function e(r){let n=await U_({bookmark:r}),i=await di(n.data);t+=i.filter(s=>s).length,n.hasNextPage&&await e(n.nextPage)}return await e(),t}function F0(t){return delete t.admin,delete t.builder,t}function Fm(t,e){return delete t.admin,delete t.builder,delete t.roles,e&&(t.admin=e.admin,t.builder=e.builder,t.roles=e.roles),t}async function k0(t,e){let r=ut(e);t.builder??={},t.builder.creator=!0,t.builder.apps??=[],t.builder.apps.push(r),await Yt.save(t,{hashPassword:!1})}async function B0(t,e){let r=ut(e);t.builder&&t.builder.apps?.includes(r)&&(t.builder.apps=t.builder.apps.filter(n=>n!==r)),await Yt.save(t,{hashPassword:!1})}var L_=3600;async function G0(t,e){let n=await If(e).get(t);if(n.budibaseAccess=!0,!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let i=await Zr(n.email);i&&(n.account=i,n.accountPortalAccess=!0)}return n}async function $0(t){let e=await Yt.bulkGet(t),r=t.filter((i,s)=>!e[s]),n=e.filter(i=>i);return await Promise.all(n.map(async i=>{if(i.budibaseAccess=!0,!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let s=await Zr(i.email);s&&(i.account=s,i.accountPortalAccess=!0)}})),r.length?{users:n,notFoundIds:r}:{users:n}}async function Ca({userId:t,tenantId:e,email:r,populateUser:n}){if(n||(n=G0),!e)try{e=j()}catch{e=await Mt.lookupTenantId(t)}let i=await qo(),s=await i.get(t);return s||(s=await n(t,e,r),await i.store(t,s,L_)),s&&!s.tenantId&&e&&(s.tenantId=e),s.userGroups&&!at.users.isGlobalBuilder(s)&&await We(e,async()=>{let o=await Yt.getGroupBuilderAppIds(s);if(o.length){let a=s.builder?.apps||[];s.builder={apps:[...new Set(a.concat(o))]}}}),s}async function V0(t){let e=await qo(),r=await e.bulkGet(t),n=t.filter(o=>!r[o]),i=Object.values(r).filter(o=>!!o),s;if(n.length){let o=await $0(n);s=o.notFoundIds;for(let a of o.users)await e.store(a._id,a,L_);i.push(...o.users)}return{users:i,notFoundIds:s}}async function va(t){await(await qo()).delete(t)}var Vm={};N(Vm,{Writethrough:()=>Gm});var _s={};N(_s,{AUTO_EXTEND_POLLING_MS:()=>F_,doWithLock:()=>km,newRedlock:()=>hi});var M_=q(require("redlock"));async function W0(t,e){if(t==="custom")return hi(e);switch(t){case"try_once":return hi(Ss.TRY_ONCE);case"try_twice":return hi(Ss.TRY_TWICE);case"default":return hi(Ss.DEFAULT);case"delay_500":return hi(Ss.DELAY_500);case"auto_extend":return hi(Ss.AUTO_EXTEND);default:throw br.unreachable(t)}}var Ss={TRY_ONCE:{retryCount:0},TRY_TWICE:{retryCount:1},DEFAULT:{driftFactor:.01,retryCount:10,retryDelay:200,retryJitter:100},DELAY_500:{retryDelay:500},CUSTOM:{},AUTO_EXTEND:{retryCount:-1}};async function hi(t={}){let e={...Ss.DEFAULT,...t},n=(await _f()).client;return new M_.default([n],e)}function Q0(t){let r=`lock:${t.systemLock?"system":j()}_${t.name}`;return t.resource&&(r=r+`_${t.resource}`),r}var F_=be.fromSeconds(10).toMs();async function km(t,e){let r=await W0(t.type,t.customOptions),n,i;try{let s=Q0(t),o=t.type==="auto_extend"?F_:t.ttl;if(n=await r.lock(s,o),t.type==="auto_extend"){let u=()=>{i=setTimeout(async()=>{n=await n.extend(o,()=>t.onExtend&&t.onExtend()),u()},o/2)};u()}return{executed:!0,result:await e()}}catch(s){if(s.name==="LockError"){if(t.type==="try_once")return{executed:!1};throw s}else throw s}finally{clearTimeout(i),await n?.unlock()}}var k_=1e4,Bm=null;async function sl(){if(!Bm){let t=await Sf();Bm=new ri(t)}return Bm}function Na(t,e){return t.name+e}function $m(t,e=null){return{doc:t,lastWrite:e||Date.now()}}async function j0(t,e,r=k_){let n=await sl(),i=e._id,s;i&&(s=await n.get(Na(t,i)));let o=!s||s.lastWrite<Date.now()-r,a=e;return o&&((await km({type:"try_once",name:"persist_writethrough",resource:i,ttl:15e3},async()=>{let c=async l=>{let d=await t.put(l,{force:!0});a._id=d.id,a._rev=d.rev};try{await c(e)}catch(l){if(l.status!==409)throw l;us("Ignoring conflict in write-through cache")}})).executed||us("Ignoring redlock conflict in write-through cache")),s=$m(a,o?null:s?.lastWrite),a._id&&await n.store(Na(t,a._id),s),{ok:!0,id:a._id,rev:a._rev}}async function H0(t,e){let r=await sl(),n=Na(t,e),i=await r.get(n);if(!i){let s=await t.get(e);i=$m(s),await r.store(n,i)}return i.doc}async function K0(t,e){let r=await sl(),n=Na(t,e),i=await r.get(n);if(!i){let s=await t.tryGet(e);if(!s)return null;i=$m(s),await r.store(n,i)}return i.doc}async function Y0(t,e,r){let n=await sl();if(!e)throw new Error("No ID/Rev provided.");let i=typeof e=="string"?e:e._id;r=typeof e=="string"?r:e._rev;try{await n.delete(Na(t,i))}finally{await t.remove(i,r)}}var Gm=class{constructor(e,r=k_){this.db=e,this.writeRateMs=r}async put(e,r=this.writeRateMs){return j0(this.db,e,r)}async get(e){return H0(this.db,e)}async tryGet(e){return K0(this.db,e)}async remove(e,r){return Y0(this.db,e,r)}};var qm={};N(qm,{createCode:()=>z0,getCode:()=>Z0,invalidateCode:()=>X0});var J0=be.fromHours(1).toSeconds();async function z0(t,e){let r=me();return await(await Wo()).store(r,{userId:t,info:e},J0),r}async function Z0(t){let r=await(await Wo()).get(t);if(!r)throw new Error("Provided information is not valid, cannot reset password - please try again.");return r}async function X0(t){await(await Wo()).delete(t)}var Qm={};N(Qm,{DocWritethrough:()=>Wm,DocWritethroughProcessor:()=>Pa,getProcessor:()=>tF,init:()=>B_});var eF=100,ol,Pa=class t{static get queue(){return t._queue||(t._queue=new kt("docWritethroughQueue",{jobOptions:{attempts:eF}})),t._queue}init(){return t.queue.process(async e=>{try{await this.persistToDb(e.data)}catch(r){throw r.status===409?new Error(`Conflict persisting message ${e.id}. Attempt ${e.attemptsMade}`):r}}),this}async persistToDb({dbName:e,docId:r,data:n}){if(r.startsWith("scimlog"))return;let i=qe(e),s;try{s=await i.get(r)}catch{s={_id:r}}s={...s,...n},await i.put(s)}},Wm=class{constructor(e,r){this.db=e,this._docId=r}get docId(){return this._docId}async patch(e){await Pa.queue.add({dbName:this.db.name,docId:this.docId,data:e})}};function B_(){return ol=new Pa().init(),ol}function tF(){return ol||B_()}function al(t){return`config${v}${t}`}async function St(t){let e=ne();try{return await e.get(al(t))}catch(r){if(r.status===404)return;throw r}}async function rF(t){return t._id||(t._id=al(t.type)),ne().put(t)}async function Zc(){let t=await St("settings");return t||(t={_id:al("settings"),type:"settings",config:{}}),t.config.platformUrl=await Ua({tenantAware:!0,config:t.config}),t.config.analyticsEnabled=await Qc({config:t.config}),t}async function Km(){return(await Zc()).config}async function Ua(t={tenantAware:!0}){let e=h.PLATFORM_URL||"http://localhost:10000";if(!h.SELF_HOSTED&&h.MULTI_TENANCY&&t.tenantAware){let r=j();e.includes("localhost:")||(e=e.replace("://",`://${r}.`))}else if(h.SELF_HOSTED){let r=t?.config?t.config:(await St("settings"))?.config;r?.platformUrl&&(e=r.platformUrl)}return e}var Qc=async t=>{if(!h.SELF_HOSTED)return!!h.ENABLE_ANALYTICS;let e=await qr(Ce.ANALYTICS_ENABLED,86400,async()=>{let n=t?.config?t.config:(await St("settings"))?.config;if(n?.analyticsEnabled===!1)return!1;if(n?.analyticsEnabled===!0)return!0});if(e!==void 0)return e;let r=h.ENABLE_ANALYTICS;return!(r===0||r===!1)};async function nF(){return await St("google")}async function ul(){return(await nF())?.config}async function Ym(){if(!h.SELF_HOSTED)return jm();let t=await ul();return(!t||!t.activated)&&(t=jm()),t}function jm(){if(h.GOOGLE_CLIENT_ID&&h.GOOGLE_CLIENT_SECRET)return{clientID:h.GOOGLE_CLIENT_ID,clientSecret:h.GOOGLE_CLIENT_SECRET,activated:!0}}async function iF(){return St("logos_oidc")}async function sF(){return St("oidc")}async function oF(){let t=(await sF())?.config;return t?.configs&&t.configs[0]}async function Jm(t){let e=(await St("oidc"))?.config;return e&&e.configs.filter(r=>r.uuid===t)[0]}async function G_(){return St("smtp")}async function aF(t){let e=await G_();if(e)return e.config;let r=h.SELF_HOSTED||!t;if(h.SMTP_FALLBACK_ENABLED&&r)return{port:h.SMTP_PORT,host:h.SMTP_HOST,secure:!1,from:h.SMTP_FROM_ADDRESS,auth:{user:h.SMTP_USER,pass:h.SMTP_PASSWORD},fallback:!0}}async function uF(){return(await St("scim"))?.config}async function cF(){return St("ai")}async function lF(){return St("recaptcha")}var oh={};N(oh,{AccessController:()=>Xm,BUILTIN_ROLE_IDS:()=>eh,Role:()=>sn,RoleHierarchyTraversal:()=>cl,RoleIDVersion:()=>th,builtinRoleToNumber:()=>La,checkForRoleResourceArray:()=>W_,externalRole:()=>gF,findRole:()=>Ma,getAllRoleIds:()=>AF,getAllRoles:()=>sh,getBuiltinRole:()=>V_,getBuiltinRoles:()=>nh,getDBRoleID:()=>Q_,getExternalRoleID:()=>on,getExternalRoleIDs:()=>j_,getRole:()=>yF,getUserRoleHierarchy:()=>ih,getUserRoleIdHierarchy:()=>q_,isBuiltin:()=>gi,lowerBuiltinRoleID:()=>hF,prefixRoleIDNoBuiltin:()=>Zm,roleIDsAreEqual:()=>_t,roleToNumber:()=>mF,saveRoles:()=>EF,validInherits:()=>fF});var zm=q(require("semver"));var ll=q(require("lodash/fp/cloneDeep"));var $_=require("lodash");var eh={ADMIN:"ADMIN",POWER:"POWER",BASIC:"BASIC",PUBLIC:"PUBLIC"},he={...eh,BUILDER:"BUILDER"},th={UUID:void 0,NAME:"name"};function pF(t,e){return Array.isArray(e)?e.filter(r=>t.includes(r)).length===e.length:t.includes(e)}var sn=class{constructor(e,r,n,i){this.permissions={};this._id=e,this.name=r,this.uiMetadata=i,this.permissionId=n,this.version=th.NAME}addInheritance(e){return e&&typeof e=="string"?e=Zm(e):e&&Array.isArray(e)&&(e=e.map(Zm)),this.inherits=e,this}},cl=class{constructor(e,r){this.allRoles=e,this.opts=r}walk(e){let r=this.opts,n=this.allRoles,i=[];if(!e||!e._id)return i;if(i.push(e),Array.isArray(e.inherits))for(let s of e.inherits){let o=Ma(s,n,r);o&&(i=i.concat(this.walk(o)))}else{let s=[],o=e;for(;o&&o.inherits&&!pF(s,o.inherits);){if(Array.isArray(o.inherits))return i.concat(this.walk(o));if(s.push(o.inherits),o=Ma(o.inherits,n,r),o&&i.push(o),ht.roles.checkForRoleInheritanceLoops(i))break}}return(0,$_.uniqBy)(i,s=>s._id)}},rh={ADMIN:new sn(he.ADMIN,he.ADMIN,"admin",{displayName:"App admin",description:"Can do everything",color:"var(--spectrum-global-color-static-red-400)"}).addInheritance(he.POWER),POWER:new sn(he.POWER,he.POWER,"power",{displayName:"App power user",description:"An app user with more access",color:"var(--spectrum-global-color-static-orange-400)"}).addInheritance(he.BASIC),BASIC:new sn(he.BASIC,he.BASIC,"write",{displayName:"App user",description:"Any logged in user",color:"var(--spectrum-global-color-static-green-400)"}).addInheritance(he.PUBLIC),PUBLIC:new sn(he.PUBLIC,he.PUBLIC,"public",{displayName:"Public user",description:"Accessible to anyone",color:"var(--spectrum-global-color-static-blue-400)"}),BUILDER:new sn(he.BUILDER,he.BUILDER,"admin",{displayName:"Builder user",description:"Users that can edit this app",color:"var(--spectrum-global-color-static-magenta-600)"})};function nh(){return(0,ll.default)(rh)}function gi(t){return Object.values(eh).includes(t)}function Zm(t){return gi(t)?t:cr(t)}function V_(t){let e=Object.values(rh).find(r=>t.includes(r._id));if(e)return(0,ll.default)(e)}function fF(t,e){if(!e)return!1;let r=n=>t.find(i=>_t(i._id,n));if(Array.isArray(e)){let n=e.filter(i=>r(i));return e.length!==0&&n.length===e.length}else return!!r(e)}function La(t){let e=nh(),r=Object.values(e).length+1;if(_t(t,he.ADMIN)||_t(t,he.BUILDER))return r;let n=e[t],i=0;do{if(!n)break;if(Array.isArray(n.inherits))throw new Error("Built-in roles don't support multi-inheritance");n=e[n.inherits],i++}while(n!==null);return i}async function mF(t){if(gi(t))return La(t);let e=await ih(t,{defaultPublic:!0}),r=n=>{if(!n.inherits)return 0;if(Array.isArray(n.inherits)){let i=n.inherits.map(s=>{let o=e.find(a=>_t(a._id,s));if(o)return r(o)+1}).filter(s=>s).sort().pop();if(i!=null)return i}else if(gi(n.inherits))return La(n.inherits)+1;return 0};return Math.max(...e.map(r))}function hF(t,e){return t?e&&La(t)>La(e)?e:t:e}function _t(t,e){return cr(t)===cr(e)}function gF(t){let e;return t._id&&(e=on(t._id)),{...t,_id:e,inherits:j_(t.inherits,t.version)}}function Ma(t,e,r){let n=V_(t);n||(t=cr(t));let i=e.find(s=>s._id&&_t(s._id,t));return!i&&!gi(t)&&r?.defaultPublic?(0,ll.default)(rh.PUBLIC):(n=Object.assign(n||{},i),n?._id&&(n._id=on(n._id,n.version)),Object.keys(n).length===0?void 0:n)}async function yF(t,e){let r=ts(),n=[];if(!gi(t)){let i=await r.tryGet(Q_(t));i&&n.push(i)}return Ma(t,n,e)}async function EF(t){await ts().bulkDocs(t.filter(r=>r._id).map(r=>({...r,_id:cr(r._id)})))}async function TF(t,e){let r=await sh();if(_t(t,he.ADMIN))return r;let n=Ma(t,r,e),i=[];return n&&(i=new cl(r,e).walk(n)),i}async function q_(t){return(await ih(t)).map(r=>r._id)}async function ih(t,e){return TF(t,e)}function W_(t,e){if(t&&!Array.isArray(t[e])){let r=t[e];t[e]=[r],r==="write"&&t[e].push("read")}return t}async function AF(t){return(await sh(t)).map(r=>r._id)}async function sh(t){if(t)return ct(t,e);{let r;try{r=ts()}catch{}return e(r)}async function e(r){let n=[];r&&(n=(await r.allDocs(Sc(null,{include_docs:!0}))).rows.map(a=>a.doc),n.forEach(a=>a._id=on(a._id,a.version)));let i=nh(),s=[];!r||await SF(r)?s=[he.ADMIN,he.POWER,he.BASIC,he.PUBLIC]:s=[he.ADMIN,he.BASIC,he.PUBLIC];for(let o of s){let a=i[o],u=n.filter(c=>_t(c._id,o))[0];u==null?n.push(a||i.BASIC):(n=n.filter(c=>c._id!==u._id),u._id=on(a._id,u.version),n.push({...a,...u,name:a.name,_id:on(a._id,a.version)}))}for(let o of n)if(o.permissions)for(let a of Object.keys(o.permissions))o.permissions=W_(o.permissions,a);return n}}async function SF(t){let r=(await t.tryGet("app_metadata"))?.creationVersion;return!r||!zm.default.valid(r)?!0:!zm.default.gte(r,h.MIN_VERSION_WITHOUT_POWER_ROLE)}var Xm=class{constructor(){this.userHierarchies={}}async hasAccess(e,r){if(e==null||e===""||_t(e,he.BUILDER)||_t(r,e)||_t(r,he.BUILDER))return!0;let n=r?this.userHierarchies[r]:null;return!n&&r&&(n=await q_(r),this.userHierarchies[r]=n),n?.find(i=>_t(i,e))!==void 0}async checkScreensAccess(e,r){let n=[];for(let i of e){let s=await this.checkScreenAccess(i,r);s&&n.push(s)}return n}async checkScreenAccess(e,r){let n=e&&e.routing?e.routing.roleId:void 0;return await this.hasAccess(n,r)?e:null}};function Q_(t){return t?.startsWith("role")?t:cr(t)}function on(t,e){if(t.startsWith(`role${v}`)&&(gi(t)||e===th.NAME)){let r=t.split(v);return r.shift(),r.join(v)}return t}function j_(t,e){return t&&(typeof t=="string"?on(t,e):t.map(r=>on(r,e)))}var ah={};N(ah,{BUILDER:()=>RF,BUILTIN_PERMISSIONS:()=>dl,CREATOR:()=>wF,GLOBAL_BUILDER:()=>bF,PermissionImpl:()=>ge,PermissionLevel:()=>ws,PermissionType:()=>ja,doesHaveBasePermission:()=>OF,getAllowedLevels:()=>J_,getBuiltinPermissionByID:()=>IF,getBuiltinPermissions:()=>_F,isPermissionLevelHigherThanRead:()=>xF,levelToNumber:()=>Y_});var H_=q(require("lodash/flatten")),K_=q(require("lodash/fp/cloneDeep")),ge=class{constructor(e,r){this.type=e,this.level=r}};function Y_(t){switch(t){case"execute":return 0;case"read":return 1;case"write":return 2;case"admin":return 3;default:return-1}}function J_(t){switch(t){case"execute":return["execute"];case"read":return["execute","read"];case"write":case"admin":return["execute","read","write"];default:return[]}}var dl={PUBLIC:{_id:"public",name:"Public",permissions:[new ge("webhook","execute")]},READ_ONLY:{_id:"read_only",name:"Read only",permissions:[new ge("query","read"),new ge("table","read"),new ge("app","read")]},WRITE:{_id:"write",name:"Read/Write",permissions:[new ge("query","write"),new ge("table","write"),new ge("automation","execute"),new ge("legacy_view","read"),new ge("app","read")]},POWER:{_id:"power",name:"Power",permissions:[new ge("table","write"),new ge("user","read"),new ge("automation","execute"),new ge("webhook","read"),new ge("legacy_view","read"),new ge("app","read")]},ADMIN:{_id:"admin",name:"Admin",permissions:[new ge("table","admin"),new ge("user","admin"),new ge("automation","admin"),new ge("webhook","read"),new ge("query","admin"),new ge("legacy_view","read"),new ge("app","read")]}};function _F(){return(0,K_.default)(dl)}function IF(t){return Object.values(dl).find(r=>r._id===t)}function OF(t,e,r){let n=[...new Set(r.map(o=>o.permissionId))],i=Object.values(dl),s=(0,H_.default)(i.filter(o=>n.indexOf(o._id)!==-1).map(o=>o.permissions));for(let o of s)if(o.type===t&&J_(o.level).indexOf(e)!==-1)return!0;return!1}function xF(t){return Y_(t)>1}var RF="builder",wF="creator",bF="globalBuilder";var lh={};N(lh,{FlagSet:()=>fl,all:()=>NF,flags:()=>uh,getEnvFlags:()=>eI,init:()=>DF,isEnabled:()=>vF,parseEnvFlags:()=>hl,shutdown:()=>CF,testutils:()=>ch});var ml=q(require("crypto"));var z_=require("posthog-node"),Z_=q(require("dd-trace"));var X_=require("lodash");var pl;function DF(t){h.POSTHOG_TOKEN&&h.POSTHOG_API_HOST&&!h.SELF_HOSTED&&h.POSTHOG_FEATURE_FLAGS_ENABLED?(console.log("initializing posthog client..."),pl=new z_.PostHog(h.POSTHOG_TOKEN,{host:h.POSTHOG_API_HOST,personalApiKey:h.POSTHOG_PERSONAL_TOKEN,featureFlagsPollingInterval:be.fromMinutes(3).toMs(),...t})):console.log("posthog disabled")}function CF(){pl?.shutdown()}function hl(t){let e=t.split(",").map(n=>n.split(":")),r=[];for(let[n,...i]of e)for(let s of i){let o=!0;s.startsWith("!")&&(s=s.slice(1),o=!1),r.push({tenantId:n,key:s,value:o})}return r}function eI(){return hl(h.TENANT_FEATURE_FLAGS||"")}var fl=class{constructor(e){this.flagSchema=e;this.setId=ml.randomUUID()}defaults(){return(0,X_.cloneDeep)(this.flagSchema)}isFlagName(e){return this.flagSchema[e]!==void 0}async isEnabled(e){return(await this.fetch())[e]}async fetch(){return await Z_.default.trace("features.fetch",async e=>{let r=df(this.setId);if(r)return e?.addTags({fromCache:!0}),r;let n={},i=this.defaults(),s=j(),o=new Set;for(let{tenantId:d,key:f,value:m}of eI())if(!(!d||d!=="*"&&d!==s)&&(n.readFromEnvironmentVars=!0,m===!1&&o.add(f),!!this.isFlagName(f))){if(typeof i[f]!="boolean")throw new Error(`Feature: ${f} is not a boolean`);i[f]=m,n[`flags.${f}.source`]="environment"}let a=ar(),u=a?._id;if(!u){let d=cf();d&&(u=ml.createHash("sha512").update(d).digest("hex"))}let c=a?.tenantId;if(c||(c=s),n["identity.type"]=a?.type,n["identity._id"]=a?._id,n.tenantId=c,n.userId=u,pl&&u){n.readFromPostHog=!0;let d={tenantId:c},f=await pl.getAllFlags(u,{personProperties:d,onlyEvaluateLocally:!0});for(let[m,p]of Object.entries(f))if(this.isFlagName(m)){if(typeof p!="boolean"){console.warn(`Invalid value for posthog flag "${m}": ${p}`);continue}if(!(i[m]===!0||o.has(m)))try{i[m]=p,n[`flags.${m}.source`]="posthog"}catch(g){console.warn(`Error parsing posthog flag "${m}": ${p}`,g)}}}let l=ff();for(let[d,f]of Object.entries(l))this.isFlagName(d)&&typeof f=="boolean"&&(i[d]=f,n[`flags.${d}.source`]="override");pf(this.setId,i);for(let[d,f]of Object.entries(i))n[`flags.${d}.value`]=f;return e?.addTags(n),i})}},uh=new fl(jh);async function vF(t){return await uh.isEnabled(t)}async function NF(){return await uh.fetch()}var ch={};N(ch,{setFeatureFlags:()=>tI,withFeatureFlags:()=>LF});function PF(){let t={};for(let{tenantId:e,key:r,value:n}of hl(process.env.TENANT_FEATURE_FLAGS||"")){let i=t[e]||{};i[r]!==!1&&(i[r]=n,t[e]=i)}return t}function UF(t){let e=[];for(let[r,n]of Object.entries(t))for(let[i,s]of Object.entries(n))s===!1?e.push(`${r}:!${i}`):e.push(`${r}:${i}`);return e.join(",")}function tI(t,e){let r=PF();for(let[i,s]of Object.entries(e)){let o=r[t]||{};o[i]=s,r[t]=o}let n=UF(r);return Do({TENANT_FEATURE_FLAGS:n})}function LF(t,e,r){let n=tI(t,e),i=r();return i instanceof Promise?i.finally(n):(n(),i)}var _h={};N(_h,{adminOnly:()=>Rl,auditLog:()=>_l,authError:()=>Me,buildAuthMiddleware:()=>Ek,buildCsrfMiddleware:()=>Ak,buildTenancyMiddleware:()=>Tk,builderOnly:()=>bl,builderOrAdmin:()=>wl,google:()=>yr,internalApi:()=>Ol,joiValidator:()=>ka,oidc:()=>Er,passport:()=>Sk,platformLogout:()=>Rk,refreshOAuthToken:()=>Ok,ssoCallbackUrl:()=>an,updateUserOAuth:()=>xk});var Sh={};N(Sh,{adminOnly:()=>Rl,auditLog:()=>_l,authError:()=>Me,authenticated:()=>Sl,builderOnly:()=>bl,builderOrAdmin:()=>wl,correlation:()=>hI,csp:()=>SI,csrf:()=>xl,datasource:()=>gk,errorHandling:()=>yI,featureFlagCookie:()=>_I,google:()=>yr,internalApi:()=>Ol,ip:()=>OI,joiValidator:()=>ka,local:()=>Is,oidc:()=>Er,pino:()=>fI,querystringToBody:()=>EI,ssoCallbackUrl:()=>an,tenancy:()=>Il});var Is={};N(Is,{authenticate:()=>kF,options:()=>FF});function Me(t,e,r){return t(r,null,{message:e})}async function an(t,e){if(e&&e.callbackURL)return e.callbackURL;let r=await Km(),n="/api/global/auth";return Gr()&&(n+=`/${j()}`),n+=`/${t}/callback`,`${r.platformUrl}${n}`}var dh="Invalid credentials",MF="This account has expired. Please reset your password",FF={passReqToCallback:!0};async function kF(t,e,r,n){if(!e)return Me(n,"Email Required");if(!r)return Me(n,"Password Required");let i=await Gt(e);return i==null?(console.info(`user=${e} could not be found`),Me(n,dh)):i.status==="inactive"?(console.info(`user=${e} is inactive`,i),Me(n,dh)):i.password?await rm(r,i.password)?(delete i.password,n(null,i)):Me(n,dh):(console.info(`user=${e} has no password set`,i),Me(n,MF))}var yr={};N(yr,{buildVerifyFn:()=>iI,getCallbackUrl:()=>$F,strategyFactory:()=>ph});var Fa=t=>Promise.resolve(t);async function gl(t,e=!0,r,n){if(!n)throw new Error("Save user function must be provided");if(!t.userId)return Me(r,"sso user id required");if(!t.email)return Me(r,"sso user email required");let i=is(t.userId),s;try{s=await mi(i)}catch(a){if(!a.status||a.status!==404)return Me(r,"Unexpected error when retrieving existing user",a)}if(s||(s=await Gt(t.email)),!s&&e)return Me(r,"Email does not yet exist. You must set up your local budibase account first.");s||(s={_id:i,email:t.email,roles:{},tenantId:j()});let o=await BF(s,t);o.forceResetPassword=!1;try{delete o.password,o=await n(o,{hashPassword:!1,requirePassword:!1})}catch(a){return Me(r,"Error saving user",a)}return r(null,o)}async function BF(t,e){let r,n,i;if(e.profile){let s=e.profile;if(s.name){let o=s.name;o.givenName&&(r=o.givenName),o.familyName&&(n=o.familyName)}}return e.oauth2&&(i={...e.oauth2}),{...t,provider:e.provider,providerType:e.providerType,firstName:r,lastName:n,oauth2:i}}var GF=require("passport-google-oauth").OAuth2Strategy;function iI(t){return(e,r,n,i)=>{let s={provider:"google",providerType:"google",userId:n.id,profile:n,email:n._json.email,oauth2:{accessToken:e,refreshToken:r}};return gl(s,!0,i,t)}}async function ph(t,e,r){try{let{clientID:n,clientSecret:i}=t;if(!n||!i)throw new Error("Configuration invalid. Must contain google clientID and clientSecret");let s=iI(r);return new GF({clientID:t.clientID,clientSecret:t.clientSecret,callbackURL:e},s)}catch(n){throw new Error(`Error constructing google authentication strategy: ${n}`)}}async function $F(t){return an("google",t)}var Er={};N(Er,{buildVerifyFn:()=>oI,fetchStrategyConfig:()=>QF,getCallbackUrl:()=>jF,strategyFactory:()=>WF});var sI=q(require("node-fetch"));var VF=require("@techpass/passport-openidconnect").Strategy;function oI(t){return async(e,r,n,i,s,o,a,u,c)=>{let l={provider:e,providerType:"oidc",userId:n.id,profile:n,email:qF(n,i),oauth2:{accessToken:s,refreshToken:o}};return gl(l,!1,c,t)}}function qF(t,e){if(t._json.email)return t._json.email;if(e.email)return e.email;let r=e.preferred_username;if(r&&om(r))return r;throw new Error(`Could not determine user email from profile ${JSON.stringify(t)} and claims ${JSON.stringify(e)}`)}async function WF(t,e){try{let r=oI(e),n=new VF(t,r);return n.name="oidc",n}catch(r){throw new Error(`Error constructing OIDC authentication strategy - ${r}`)}}async function QF(t,e){try{let{clientID:r,clientSecret:n,configUrl:i,pkce:s}=t;if(!r||!n||!e||!i)throw new Error("Configuration invalid. Must contain clientID, clientSecret, callbackUrl and configUrl");let o=await(0,sI.default)(i);if(!o.ok)throw new Error(`Unexpected response when fetching openid-configuration: ${o.statusText}`);let a=await o.json();return{issuer:a.issuer,authorizationURL:a.authorization_endpoint,tokenURL:a.token_endpoint,userInfoURL:a.userinfo_endpoint,clientID:r,clientSecret:n,callbackURL:e,pkce:s}}catch(r){throw new Error(`Error constructing OIDC authentication configuration - ${r}`)}}async function jF(){return an("oidc")}var fh={};N(fh,{postAuth:()=>YF,preAuth:()=>KF});var HF=require("passport-google-oauth").OAuth2Strategy;async function aI(){let t=await Ym();if(!t)throw new Error("No google configuration found");return t}async function KF(t,e,r){let n=await aI(),s=`${await Ua({tenantAware:!1})}/api/global/auth/datasource/google/callback`,o=await ph(n,s,Fa);return e.query.appId||e.throw(400,"appId query param not present."),t.authenticate(o,{scope:["profile","email","https://www.googleapis.com/auth/spreadsheets"],accessType:"offline",prompt:"consent"})(e,r)}async function YF(t,e,r){let n=await aI(),s=`${await Ua({tenantAware:!1})}/api/global/auth/datasource/google/callback`,o=pr(e,"budibase:datasourceauth");if(!o)throw new Error("Unable to fetch datasource auth cookie");return t.authenticate(new HF({clientID:n.clientID,clientSecret:n.clientSecret,callbackURL:s},(a,u,c,l)=>{Xr(e,"budibase:datasourceauth"),l(null,{accessToken:a,refreshToken:u})}),{successRedirect:"/",failureRedirect:"/error"},async(a,u)=>{let c=`/builder/app/${o.appId}/data`,l=me();await ur(`datasource:creation:${o.appId}:google:${l}`,{tokens:u}),e.redirect(`${c}/new?continue_google_setup=${l}`)})(e,r)}var JF=/\/:(.*?)(\/.*)?$/g,yi=t=>t?t.map(e=>{let r=e.route,n=e.method,i=r.match(JF);if(i)for(let s of i){let a="/.*"+(s.endsWith("/")?"/":"");r=r.replace(s,a)}return{regex:new RegExp(r),method:n,route:r}}):[],Ei=(t,e)=>e.find(({regex:r,method:n})=>{let i=r.test(t.request.url),s=n==="ALL"?!0:t.request.method.toLowerCase()===n.toLowerCase();return i&&s});var Th={};N(Th,{SecretOption:()=>lI,decrypt:()=>Eh,decryptFile:()=>rk,encrypt:()=>XF,encryptFile:()=>ek,getSecret:()=>yh});var Tr=q(require("crypto")),un=q(require("fs")),hh=q(require("zlib"));var mh=require("path"),yl="aes-256-ctr",cI="-",zF=1e4,ZF=32,El=16,gh=16,lI=(r=>(r.API="api",r.ENCRYPTION="encryption",r))(lI||{});function yh(t){let e,r;switch(t){case"encryption":e=h.ENCRYPTION_KEY,r="ENCRYPTION_KEY";break;case"api":default:e=h.API_ENCRYPTION_KEY,r="API_ENCRYPTION_KEY";break}if(!e)throw new Error(`Secret "${r}" has not been set in environment.`);return e}function Tl(t,e){return Tr.default.pbkdf2Sync(t,e,zF,ZF,"sha512")}function XF(t,e="api"){let r=Tr.default.randomBytes(El),n=Tl(yh(e),r),i=Tr.default.createCipheriv(yl,n,r),s=i.update(t),o=i.final(),a=Buffer.concat([s,o]).toString("hex");return`${r.toString("hex")}${cI}${a}`}function Eh(t,e="api"){let[r,n]=t.split(cI),i=Buffer.from(r,"hex"),s=Tl(yh(e),i),o=Tr.default.createDecipheriv(yl,s,i),a=o.update(Buffer.from(n,"hex")),u=o.final();return Buffer.concat([a,u]).toString()}async function ek({dir:t,filename:e},r){let n=`${e}.enc`,i=(0,mh.join)(t,e);if(un.default.lstatSync(i).isDirectory())throw new Error("Unable to encrypt directory");let s=un.default.createReadStream(i),o=un.default.createWriteStream((0,mh.join)(t,n)),a=Tr.default.randomBytes(El),u=Tr.default.randomBytes(gh),c=Tl(r,a),l=Tr.default.createCipheriv(yl,c,u);return o.write(a),o.write(u),s.pipe(hh.default.createGzip()).pipe(l).pipe(o),new Promise(d=>{o.on("finish",()=>{d({filename:n,dir:t})})})}async function tk(t){let e=un.default.createReadStream(t),r=await uI(e,El),n=await uI(e,gh);return e.close(),{salt:r,iv:n}}async function rk(t,e,r){if(un.default.lstatSync(t).isDirectory())throw new Error("Unable to encrypt directory");let{salt:n,iv:i}=await tk(t),s=un.default.createReadStream(t,{start:El+gh}),o=un.default.createWriteStream(e),a=Tl(r,n),u=Tr.default.createDecipheriv(yl,a,i),c=hh.default.createGunzip();return s.pipe(u).pipe(c).pipe(o),new Promise((l,d)=>{o.on("finish",()=>{o.close(),l()}),s.on("error",f=>{o.close(),d(f)}),u.on("error",f=>{o.close(),d(f)}),c.on("error",f=>{o.close(),d(f)}),o.on("error",f=>{o.close(),d(f)})})}function uI(t,e){return new Promise((r,n)=>{let i=0,s=[];t.on("readable",()=>{let o;for(;(o=t.read(e-i))!==null;)s.push(o),i+=o.length;r(Buffer.concat(s))}),t.on("end",()=>{n(new Error("Insufficient data in the stream."))}),t.on("error",o=>{n(o)})})}var pI=q(require("dd-trace")),nk=h.SESSION_UPDATE_PERIOD?parseInt(h.SESSION_UPDATE_PERIOD):60*1e3;function ik(){return new Date(Date.now()-nk).toISOString()}function dI(t,e={}){t.publicEndpoint=e.publicEndpoint||!1,t.isAuthenticated=e.authenticated||!1,t.loginMethod=e.loginMethod,t.user=e.user,t.internal=e.internal||!1,t.version=e.version}async function sk(t,e){if(la(t))return{valid:!0,user:void 0};let n=Eh(t).split(v)[0];return We(n,async()=>{let i;try{let s=ne();i=await lr("by_api_key",{key:t},s)}catch{i=void 0}if(i)return{valid:!0,user:await Ca({userId:i,tenantId:n,populateUser:e})};throw new fs})}function Al(t,e){let r=t.request.headers[e];if(Array.isArray(r))throw new Error("Unexpected header format");return r}function Sl(t=[],e={publicAllowed:!1}){let r=t?yi(t):[];return async(n,i)=>{let s=!1,o=Al(n,"x-budibase-api-version");Ei(n,r)&&(s=!0);try{let u=Al(n,"x-budibase-token"),c=pr(n,"budibase:auth")||bc(u),l=Al(n,"x-budibase-api-key");!l&&n.request.headers.authorization&&(l=n.request.headers.authorization.split(" ")[1]);let d=Al(n,"x-budibase-tenant-id"),f=!1,m,p=!1,g;if(c&&!l){let T=c.sessionId,S=c.userId,O;try{O=await vm(S,T),e&&e.populateUser?m=await Ca({userId:S,tenantId:O.tenantId,email:O.email,populateUser:e.populateUser(n)}):m=await Ca({userId:S,tenantId:O.tenantId,email:O.email}),m.csrfToken=O.csrfToken,g="cookie",O?.lastAccessedAt<ik()&&await Cm(O),f=!0}catch(R){f=!1,console.error(`Auth Error: ${R.message}`),Xr(n,"budibase:auth")}}if(!f&&l){let T=e.populateUser?e.populateUser(n):null,{valid:S,user:O}=await sk(l,T);S&&(f=!0,g="api_key",m=O,p=!O)}!m&&d?m={tenantId:d}:m&&"password"in m&&delete m.password,f||(f=!1);let y=T=>T&&T.email;return y(m)&&pI.default.setUser({id:m._id,tenantId:m.tenantId,budibaseAccess:m.budibaseAccess,status:m.status}),dI(n,{authenticated:f,user:m,internal:p,version:o,publicEndpoint:s,loginMethod:g}),y(m)?qp(m,n,i):i()}catch(u){if(console.error(`Auth Error: ${u.message}`),u?.name==="JsonWebTokenError"?Xr(n,"budibase:auth"):u?.code==="invalid_api_key"&&n.throw(403,u.message),e&&e.publicAllowed||s)return dI(n,{authenticated:!1,version:o,publicEndpoint:s}),i();n.throw(u.status||403,u)}}}var _l=async(t,e)=>e();function Il(t,e,r={noTenancyRequired:!1}){let n=yi(t),i=yi(e);return async function(s,o){let u={allowNoTenant:r.noTenancyRequired||!!Ei(s,i)};!!Ei(s,n)||(u.excludeStrategies=["query"]);let l=Ho(s,u);return s.set("x-budibase-tenant-id",l),We(l,o)}}async function Ol(t,e){let r=t.request.headers["x-budibase-api-key"];return r||t.throw(403,"Unauthorized"),Array.isArray(r)&&t.throw(403,"Unauthorized"),la(r)||t.throw(403,"Unauthorized"),e()}var ok=["GET","HEAD","OPTIONS"],ak=["application/x-www-form-urlencoded","multipart/form-data","text/plain"];function xl(t={noCsrfPatterns:[]}){let e=yi(t.noCsrfPatterns);return async(r,n)=>{if(Ei(r,e)||ok.indexOf(r.method)!==-1)return n();let s=r.get("content-type")?r.get("content-type").toLowerCase():"";if(!ak.filter(u=>s.includes(u)).length||r.internal)return n();let o=r.user?.csrfToken;if(!o)return n();let a=r.get("x-csrf-token");return(!a||a!==o)&&r.throw(403,"Invalid CSRF token"),n()}}var Rl=async(t,e)=>(!t.internal&&!en(t.user)&&t.throw(403,"Admin user only endpoint."),e());async function wl(t,e){let r=Ue(),n=h.isWorker()||!r?Tt:h.isApps()?ms:void 0;if(!n)throw new Error("Service name unknown - middleware inactive.");return!t.internal&&!n(t.user,r)&&!en(t.user)&&t.throw(403,"Admin/Builder user only endpoint."),e()}async function bl(t,e){let r=Ue(),n;if(h.isWorker()||!r?n=Tt:h.isApps()&&(n=ms),!n)throw new Error("Service name unknown - middleware inactive.");return!t.internal&&!n(t.user,r)&&t.throw(403,"Builder user only endpoint."),e()}var uk=require("koa-pino-logger"),ck=require("correlation-id");function lk(){return{logger:Rc,genReqId:ck.getId,autoLogging:{ignore:t=>!!t.url?.includes("/health")},serializers:{req:t=>({method:t.method,url:t.url,correlationId:t.id}),res:t=>({status:t.statusCode})}}}function dk(){return h.HTTP_LOGGING?uk(lk()):(t,e)=>e()}var fI=dk();var mI=require("uuid"),pk=require("correlation-id"),hI=(t,e)=>{let r=t.headers["x-budibase-correlation-id"];return r||(r=(0,mI.v4)()),pk.withId(r,()=>e())};function gI(t){if(t.includes("-----BEGIN PRIVATE KEY-----"))return!0;for(let e of YT){let r=h[e];if(!(typeof r!="string"||r==="")&&t.includes(r))return!0}return!1}async function yI(t,e){try{await e()}catch(r){let n=r.status||r.statusCode||500;t.status=n,n>=400&&n<500?console.warn(r):console.error("Got 400 response code",r);let i={message:r.message,status:n,validationErrors:r.validation,error:kc(r)};if(gI(JSON.stringify(i))&&(i={message:"Unexpected error",status:n,error:"Unexpected error"}),h.isTest()&&t.headers["x-budibase-include-stacktrace"]){let s=r;for(;s.cause;)s=s.cause;i.stack=s.stack}t.body=i}}function EI(t,e){let r=t.request.query?.query;if(t.request.method.toLowerCase()!=="get"&&t.throw(500,"Query to download middleware can only be used for get requests."),!r)return e();let n=decodeURIComponent(r),i;try{i=JSON.parse(n)}catch{return e()}return t.request.body=i,e()}var AI=q(require("crypto"));var TI={"default-src":["'self'"],"script-src":["'self'","'unsafe-eval'","https://*.budibase.net","https://cdn.budi.live","https://js.intercomcdn.com","https://widget.intercom.io","https://d2l5prqdbvm3op.cloudfront.net","https://us-assets.i.posthog.com","https://www.google.com/recaptcha/api.js"],"style-src":["'self'","'unsafe-inline'","https://cdn.jsdelivr.net","https://fonts.googleapis.com","https://rsms.me","https://maxcdn.bootstrapcdn.com"],"object-src":["'none'"],"base-uri":["'self'"],"connect-src":["'self'","https://*.budibase.app","https://*.budibaseqa.app","https://*.budibase.net","https://api-iam.intercom.io","https://api-ping.intercom.io","https://app.posthog.com","https://us.i.posthog.com","wss://nexus-websocket-a.intercom.io","wss://nexus-websocket-b.intercom.io","https://nexus-websocket-a.intercom.io","https://nexus-websocket-b.intercom.io","https://uploads.intercomcdn.com","https://uploads.intercomusercontent.com","https://*.amazonaws.com","https://*.s3.amazonaws.com","https://*.s3.us-east-2.amazonaws.com","https://*.s3.us-east-1.amazonaws.com","https://*.s3.us-west-1.amazonaws.com","https://*.s3.us-west-2.amazonaws.com","https://*.s3.af-south-1.amazonaws.com","https://*.s3.ap-east-1.amazonaws.com","https://*.s3.ap-south-1.amazonaws.com","https://*.s3.ap-northeast-2.amazonaws.com","https://*.s3.ap-southeast-1.amazonaws.com","https://*.s3.ap-southeast-2.amazonaws.com","https://*.s3.ap-northeast-1.amazonaws.com","https://*.s3.ca-central-1.amazonaws.com","https://*.s3.cn-north-1.amazonaws.com","https://*.s3.cn-northwest-1.amazonaws.com","https://*.s3.eu-central-1.amazonaws.com","https://*.s3.eu-west-1.amazonaws.com","https://*.s3.eu-west-2.amazonaws.com","https://*.s3.eu-south-1.amazonaws.com","https://*.s3.eu-west-3.amazonaws.com","https://*.s3.eu-north-1.amazonaws.com","https://*.s3.sa-east-1.amazonaws.com","https://*.s3.me-south-1.amazonaws.com","https://*.s3.us-gov-east-1.amazonaws.com","https://*.s3.us-gov-west-1.amazonaws.com","https://api.github.com"],"font-src":["'self'","data:","https://cdn.jsdelivr.net","https://fonts.gstatic.com","https://rsms.me","https://maxcdn.bootstrapcdn.com","https://js.intercomcdn.com","https://fonts.intercomcdn.com"],"frame-src":["'self'","https:"],"img-src":["http:","https:","data:","blob:"],"manifest-src":["'self'"],"media-src":["'self'","https://js.intercomcdn.com","https://cdn.budi.live"],"worker-src":["blob:","'self'"]},fk=/^[A-Za-z0-9-*:/.]+$/,SI=async(t,e)=>{let r=AI.default.randomBytes(16).toString("base64");t.state.nonce=r;let n={...TI};if(n["script-src"]=[...TI["script-src"],`'nonce-${r}'`],t.user?.license?.features.includes("customAppScripts")&&t.appId)try{let o=await Zo.getAppMetadata(t.appId);if("name"in o)for(let a of o.scripts||[]){let u=(a.cspWhitelist||"").split(`
 `).filter(c=>fk.test(c));n["default-src"]=[...n["default-src"],...u]}}catch(o){console.error(`Error occurred in Content-Security-Policy middleware: ${o}`)}let s=Object.entries(n).map(([o,a])=>`${o} ${a.join(" ")}`).join("; ");t.set("Content-Security-Policy",s),await e()};var _I=async(t,e)=>{let n=pr(t,"budibase:featureflags")?.flags||{};await mf(n,async()=>{await e()})};var ka={};N(ka,{body:()=>mk,params:()=>hk});var Ah=q(require("joi"));function II(t,e,r){let n=r?.errorPrefix??`Invalid ${e}`;return(i,s)=>{if(!t)return s();let o=null,a=i.request?.[e];i[e]!=null?o=i[e]:a!=null&&(o=a),t.append&&(t=t.append({createdAt:Ah.default.any().optional(),updatedAt:Ah.default.any().optional()}));let{error:u}=t.validate(o,{allowUnknown:r?.allowUnknown});if(u){let c=u.message;n&&(c=`Invalid ${e} - ${c}`),i.throw(400,c)}return s()}}function mk(t,e){return II(t,"body",e)}function hk(t,e){return II(t,"params",e)}async function OI(t,e){return t.ip?await lf(t.ip,()=>e()):e()}var gk={google:fh};var xI=require("koa-passport"),yk=require("passport-local").Strategy,Dl=require("passport-oauth2-refresh"),Ek=Sl,Tk=Il,Ak=xl,Sk=xI;xI.use(new yk(Is.options,Is.authenticate));async function _k(t,e){let r=await Er.getCallbackUrl(),n,i;try{if(n=await Er.fetchStrategyConfig(t,r),!n)throw new Error("OIDC Config contents invalid");i=await Er.strategyFactory(n,Fa)}catch{throw new Error("Could not refresh OAuth Token")}return Dl.use(i,{setRefreshOAuth2(){return i._getOAuth2Client(n)}}),new Promise(s=>{Dl.requestNewAccessToken("oidc",e,(o,a,u,c)=>{s({err:o,accessToken:a,refreshToken:u,params:c})})})}async function Ik(t,e){let r=await yr.getCallbackUrl(t),n;try{n=await yr.strategyFactory(t,r,Fa)}catch(i){throw new Error(`Error constructing OIDC refresh strategy: message=${i.message}`)}return Dl.use(n),new Promise(i=>{Dl.requestNewAccessToken("google",e,(s,o,a,u)=>{i({err:s,accessToken:o,refreshToken:a,params:u})})})}async function Ok(t,e,r){switch(e){case"oidc":{if(!r)return{err:{data:"OIDC config id not provided"}};let n=await Jm(r);return n?_k(n,t):{err:{data:"OIDC configuration not found"}}}case"google":{let n=await ul();return n?Ik(n,t):{err:{data:"Google configuration not found"}}}}}async function xk(t,e){let r={accessToken:e.accessToken,refreshToken:e.refreshToken};try{let n=ne(),i=await n.get(t);typeof r.refreshToken!="string"&&delete r.refreshToken,i.oauth2={...i.oauth2,...r},await n.put(i),await va(t)}catch(n){console.error("Could not update OAuth details for current user",n)}}async function Rk(t){let e=t.ctx,r=t.userId,n=t.keepActiveSession;if(!e)throw new Error("Koa context must be supplied to logout.");let i=pr(e,"budibase:auth"),s=await Ra(r);i&&n?s=s.filter(a=>a.sessionId!==i.sessionId):Xr(e,"budibase:auth");let o=s.map(({sessionId:a})=>a);await fi(r,{sessionIds:o,reason:"logout"}),await tl.logout(e.user?.email),await va(r)}var Oh={};N(Oh,{validate:()=>vk});var D=q(require("joi")),wk=["Relational","Non-relational","Spreadsheet","Object store","Graph","API"];function Ih(t,e){let{error:r}=t.validate(e);if(r)throw r}function bk(t){let e=D.default.object({type:D.default.string().allow("component").required(),metadata:D.default.object().unknown(!0).required(),hash:D.default.string().optional(),version:D.default.string().optional(),schema:D.default.object({name:D.default.string().required(),settings:D.default.array().items(D.default.object().unknown(!0)).required()}).unknown(!0)});Ih(e,t)}function Dk(t){let e=D.default.object({type:D.default.string().allow(...Object.values(Ll)).required(),required:D.default.boolean().required(),default:D.default.any(),display:D.default.string()}),r=D.default.object({type:D.default.string().allow(...Object.values(Ul)),readable:D.default.boolean(),displayName:D.default.string(),fields:D.default.object().pattern(D.default.string(),e)}).required(),n=D.default.object({type:D.default.string().allow("datasource").required(),metadata:D.default.object().unknown(!0).required(),hash:D.default.string().optional(),version:D.default.string().optional(),schema:D.default.object({docs:D.default.string(),plus:D.default.boolean().optional(),isSQL:D.default.boolean().optional(),auth:D.default.object({type:D.default.string().required()}).optional(),features:D.default.object(Object.fromEntries(Object.values(Ml).map(i=>[i,D.default.boolean().optional()]))).optional(),relationships:D.default.boolean().optional(),description:D.default.string().required(),friendlyName:D.default.string().required(),type:D.default.string().allow(...wk),datasource:D.default.object().pattern(D.default.string(),e).required(),query:D.default.object().pattern(D.default.string(),r).unknown(!0).required(),extra:D.default.object().pattern(D.default.string(),D.default.object({type:D.default.string().required(),displayName:D.default.string().required(),required:D.default.boolean(),data:D.default.object()}))})});Ih(n,t)}function Ck(t){let e=D.default.object().pattern(D.default.string(),{type:D.default.string().allow(...Object.values(ee)).required(),customType:D.default.string().allow(...Object.values(pe)),title:D.default.string(),description:D.default.string(),enum:D.default.array().items(D.default.string()),pretty:D.default.array().items(D.default.string())}),r=D.default.object({properties:e,required:D.default.array().items(D.default.string())}).concat(e).required(),n=D.default.object({type:D.default.string().allow("automation").required(),metadata:D.default.object().unknown(!0).required(),hash:D.default.string().optional(),version:D.default.string().optional(),schema:D.default.object({name:D.default.string().required(),tagline:D.default.string().required(),icon:D.default.string().required(),description:D.default.string().required(),type:D.default.string().allow("ACTION","LOGIC").required(),stepId:D.default.string().disallow(...Hh).required(),inputs:D.default.object().optional(),schema:D.default.object({inputs:r,outputs:r}).required()})});Ih(n,t)}function vk(t){switch(t?.type){case"component":bk(t);break;case"datasource":Dk(t);break;case"automation":Ck(t);break;default:throw new Error(`Unknown plugin type - check schema.json: ${t.type}`)}}var xh={};N(xh,{Client:()=>Qe,clients:()=>Vr,locks:()=>_s,utils:()=>lc});var Rh={};N(Rh,{isBlacklisted:()=>Pk,refreshBlacklist:()=>DI});var RI=q(require("dns")),vl=q(require("net"));var wI=require("util"),Cl,Nk=(0,wI.promisify)(RI.default.lookup);async function bI(t){return vl.default.isIP(t)||(t.startsWith("http")||(t=`https://${t}`),t=new URL(t).hostname),(await Nk(t,{all:!0})).map(r=>r.address)}async function DI(){let e=h.BLACKLIST_IPS?.split(",")||[],r=[];for(let n of e){let i=n.trim();if(vl.default.isIP(i))r.push(i);else{let s=await bI(i);r=r.concat(s)}}Cl=r}async function Pk(t){if(Cl||await DI(),Cl?.length===0)return!1;let e;return vl.default.isIP(t)?e=[t]:e=await bI(t),!!Cl?.find(r=>e.includes(r))}var bh={};N(bh,{init:()=>Lk});var Uk={"user:created":t=>t.userId,"user:updated":t=>t.userId,"user:deleted":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:admin:removed":t=>t.userId,"user:builder:assigned":t=>t.userId,"user:builder:removed":t=>t.userId,"user_group:created":t=>t.groupId,"user_group:updated":t=>t.groupId,"user_group:deleted":t=>t.groupId,"user_group:user_added":t=>t.groupId,"user_group:users_deleted":t=>t.groupId,"user_group:permissions_edited":t=>t.groupId};function CI(t,e){let r=Uk[t];if(!r)throw new Error("Event does not have a method of document ID extraction");return r(e)}var Ba=class{constructor(e){this.processors=[];this.processors=e}async processEvent(e,r,n){let i=r.realTenantId,s=CI(e,n);if(!(!i||!s))for(let{events:o,processor:a}of this.processors)o.includes(e)&&await We(i,async()=>{await a({id:s,tenantId:i})})}shutdown(){return r_()}};var vI,wh;function Lk(t){gr||el(),wh||(wh=new Ba(t)),vI||(vI=gr.process(async e=>{let{event:r,identity:n,properties:i}=e.data;await wh.processEvent(r,n,i)}))}var Fh={};N(Fh,{COUNT_FIELD_NAME:()=>Lh,Sql:()=>GI,SqlTable:()=>Nl,designDoc:()=>Mh,utils:()=>nf});var LI=require("knex");var Mk=require("knex");function Dh(t){return["link","formula","ai"].indexOf(t)!==-1}function NI(t,e,r,n,i){let s=e&&e.primary?e.primary:[],o=Object.values(e.schema),a=o.filter(f=>f.meta),u=a.length===o.length,c=[];n||(u?t.primary(a.map(f=>f.name)):s.length===1?(t.increments(s[0]).primary(),c.push(s[0])):t.primary(s));let l=Object.values(e.schema).map(f=>f.foreignKey);for(let[f,m]of Object.entries(e.schema)){let p=n?.schema[f];if(p&&p.type||c.includes(f)||i?.updated===f)continue;let g=m.type;switch(g){case"string":case"options":case"longform":case"barcodeqr":case"bb_reference_single":s.includes(f)?t.string(f,255):t.text(f);break;case"number":if(m.meta&&m.meta.toKey&&m.meta.toTable){let{toKey:y,toTable:T}=m.meta;t.integer(f).unsigned(),t.foreign(f).references(`${T}.${y}`)}else l.indexOf(f)===-1&&t.float(f);break;case"bigint":t.bigint(f);break;case"boolean":t.boolean(f);break;case"datetime":m.timeOnly?t.time(f):t.datetime(f,{useTz:!m.ignoreTimezones});break;case"array":case"bb_reference":ht.schema.isDeprecatedSingleUserColumn(m)?t.text(f):t.json(f);break;case"link":if(m.relationshipType!=="many-to-one"&&m.relationshipType!=="many-to-many"){if(!m.foreignKey||!m.tableId)throw new Error("Invalid relationship schema");let{tableName:y}=Zp(m.tableId),T=r[y];if(!T||!T.primary)throw new Error("Referenced table doesn't exist or has no primary keys");let S=T.primary[0],O=T.schema[S].externalType;O?t.specificType(m.foreignKey,O):t.integer(m.foreignKey).unsigned(),t.foreign(m.foreignKey).references(`${y}.${S}`)}break;case"signature_single":case"attachment":case"attachment_single":t.json(f);break;case"formula":break;case"ai":break;case"auto":case"json":case"internal":throw new Error(`${m.type} is not a valid SQL type`);default:br.unreachable(g)}}let d=i?n?.schema[i.old].type:void 0;return i&&d&&!Dh(d)&&t.renameColumn(i.old,i.updated),n&&Object.entries(n.schema).filter(([m,p])=>!Dh(p.type)&&e.schema[m]==null).forEach(([m,p])=>{i?.old===m||Dh(p.type)||(n.constrained&&n.constrained.indexOf(m)!==-1&&t.dropForeign(m),t.dropColumn(m))}),t}function kk(t,e,r){return t.createTable(e.name,n=>{NI(n,e,r)})}function Bk(t,e,r,n,i){return t.alterTable(e.name,s=>{NI(s,e,r,n,i)})}function Gk(t,e){return t.dropTable(e.name)}var Ch=class{constructor(e){this.sqlClient=e}getBaseSqlClient(){return this.sqlClient}getSqlClient(){return this.extendedSqlClient||this.sqlClient}setExtendedSqlClient(e){this.extendedSqlClient=e}_operation(e){return e.operation}_tableQuery(e){let r=(0,Mk.knex)({client:this.sqlClient}).schema;e?.schema&&(r=r.withSchema(e.schema));let n;if(!e.table||!e.tables)throw new Error("Cannot execute without table being specified");if(e.table.sourceType==="internal")throw new Error("Cannot perform table actions for SQS.");switch(this._operation(e)){case"CREATE_TABLE":n=kk(r,e.table,e.tables);break;case"UPDATE_TABLE":if(!e.table)throw new Error("Must specify old table for update");if(this.sqlClient==="mysql2"&&e.meta?.renamed){let i=e.meta.renamed.updated;return{sql:`alter table ${e?.schema?`\`${e.schema}\`.\`${e.table.name}\``:`\`${e.table.name}\``} rename column \`${e.meta.renamed.old}\` to \`${i}\`;`,bindings:[]}}if(n=Bk(r,e.table,e.tables,e.meta?.oldTable,e.meta?.renamed),this.sqlClient==="mssql"&&e.meta?.renamed){let i=e.meta.renamed.old,s=e.meta.renamed.updated,o=e?.schema?`${e.schema}.${e.table.name}`:`${e.table.name}`,a=Zi(n);if(Array.isArray(a))for(let u of a)u.sql.startsWith("exec sp_rename")&&(u.sql=`exec sp_rename '${o}.${i}', '${s}', 'COLUMN'`,u.bindings=[]);return a}break;case"DELETE_TABLE":n=Gk(r,e.table);break;default:throw new Error("Table operation is of unknown type")}return Zi(n)}},Nl=Ch;var MI=require("lodash"),Lh="__bb_total";function PI(){return(h.SQL_MAX_ROWS?parseInt(h.SQL_MAX_ROWS):null)||5e3}function vh(){return(h.SQL_MAX_RELATED_ROWS?parseInt(h.SQL_MAX_RELATED_ROWS):null)||500}function $k(t,e){return t.sort((r,n)=>{let i=e.find(o=>o&&r.endsWith(o)),s=e.find(o=>o&&n.endsWith(o));return i&&!s?-1:!i&&s?1:r.localeCompare(n)})}function FI(t){return Array.isArray(t)?t.map(e=>FI(e)):(t.bindings&&(t.bindings=t.bindings.map(e=>typeof e=="boolean"?e?1:0:e)),t)}function UI(t){return t.sourceType==="internal"||t.sourceId===ql}function Vk(t,e='"'){return t.replace(new RegExp(e,"g"),`${e}${e}`)}function kI(t,e='"'){return`${e}${Vk(t,e)}${e}`}function Nh(t,e='"'){for(let r in t)typeof t[r]=="string"&&(t[r]=kI(t[r],e));return`[${t.join(",")}]`}function BI(t){return Jh.includes(t.type)&&!ht.schema.isDeprecatedSingleUserColumn(t)}var qk={equal:!1,notEqual:!0,empty:!1,notEmpty:!0,fuzzy:!1,string:!1,range:!1,contains:!1,notContains:!0,containsAny:!1,oneOf:!1,$and:!1,$or:!1},Ph=class{constructor(e,r,n){this.SPECIAL_SELECT_CASES={POSTGRES_MONEY:e=>this.client==="pg"&&e?.externalType?.includes("money"),POSTGRES_ENUM:e=>this.client==="pg"&&e?.externalType?.toLowerCase()==="user-defined"&&e?.type==="options",MSSQL_DATES:e=>this.client==="mssql"&&e?.type==="datetime"&&e.timeOnly};this.client=e,this.query=n,this.knex=r,this.splitter=new Lr.ColumnSplitter([this.table],{aliases:this.query.tableAliases,columnPrefix:this.query.meta?.columnPrefix})}get table(){return this.query.table}get knexClient(){return this.knex.client}getFieldSchema(e){let{column:r}=this.splitter.run(e);return this.table.schema[r]}requiresJsonAsStringClient(){return["mssql","mysql2","mariadb","oracledb"].includes(this.client)}quoteChars(){let e=this.knexClient.wrapIdentifier("foo",{});return[e[0],e[e.length-1]]}quote(e){return this.knexClient.wrapIdentifier(e,{})}isQuoted(e){let[r,n]=this.quoteChars();return e.startsWith(r)&&e.endsWith(n)}quotedIdentifier(e){return Array.isArray(e)||(e=this.splitIdentifier(e)),e.map(r=>this.quote(r)).join(".")}quotedValue(e){return this.knexClient.formatter(this.knexClient.queryBuilder()).wrap(e,!1)}castIntToString(e){switch(this.client){case"oracledb":return this.knex.raw("to_char(??)",[e]);case"pg":return this.knex.raw("??::TEXT",[e]);case"mysql2":case"mariadb":return this.knex.raw("CAST(?? AS CHAR)",[e]);case"sqlite3":return this.knex.raw("printf('%d', ??)",[e]);case"mssql":return this.knex.raw("CONVERT(NVARCHAR, ??)",[e])}}rawQuotedIdentifier(e){return this.knex.raw(this.quotedIdentifier(e))}splitIdentifier(e){let[r,n]=this.quoteChars();return this.isQuoted(e)?e.slice(1,-1).split(`${n}.${r}`):e.split(".")}qualifyIdentifier(e){let r=this.getTableName(),n=this.splitIdentifier(e);return n[0]!==r&&n.unshift(r),this.isQuoted(e)?this.quotedIdentifier(n):n.join(".")}generateSelectStatement(){let{table:e,resource:r}=this.query;if(!r||!r.fields||r.fields.length===0)return"*";let n=this.getTableName(e),i=this.table.schema;return r.fields.map(o=>{let a=o.split(/\./g),u,c=a[0];return a.length>1&&(u=a[0],c=a.slice(1).join(".")),{table:u,column:c,field:o}}).filter(({table:o})=>!o||o===n).map(({table:o,column:a,field:u})=>{let c=i[a];return this.SPECIAL_SELECT_CASES.POSTGRES_MONEY(c)?this.knex.raw("??::money::numeric as ??",[this.rawQuotedIdentifier([o,a].join(".")),this.knex.raw(this.quote(u))]):this.SPECIAL_SELECT_CASES.MSSQL_DATES(c)?this.knex.raw("CONVERT(varchar, ??, 108) as ??",[this.rawQuotedIdentifier(u),this.knex.raw(this.quote(u))]):o?this.rawQuotedIdentifier(`${o}.${a}`):this.rawQuotedIdentifier(u)})}convertClobs(e,r){if(this.client!=="oracledb")throw new Error("you've called convertClobs on a DB that's not Oracle, this is a mistake");let i=this.splitIdentifier(e).pop(),s=this.table.schema[i],o=this.rawQuotedIdentifier(e);return(s.type==="string"||s.type==="longform"||s.type==="bb_reference_single"||s.type==="bb_reference"||s.type==="options"||s.type==="barcodeqr")&&(r?.forSelect?o=this.knex.raw("to_char(??) as ??",[o,this.rawQuotedIdentifier(i)]):o=this.knex.raw("to_char(??)",[o])),o}parse(e,r){if(Array.isArray(e))return JSON.stringify(e);if(e==null)return null;if(this.requiresJsonAsStringClient()&&BI(r)&&typeof e=="object")return JSON.stringify(e);if(this.client==="oracledb"&&r.type==="datetime"&&r.timeOnly){if(e instanceof Date){let n=e.getHours().toString().padStart(2,"0"),i=e.getMinutes().toString().padStart(2,"0"),s=e.getSeconds().toString().padStart(2,"0");return`${n}:${i}:${s}`}if(typeof e=="string")return new Date(`1970-01-01T${e}Z`)}if(typeof e=="string"&&r.type==="datetime")if(r.timeOnly){if(!tf(e))return null}else if(r.dateOnly){let n=ef(e);return n?new Date(n):null}else return r.ignoreTimezones?oc(e)?new Date(e):Xp(e)?new Date(e+"Z"):null:oc(e)?new Date(e.trim()):null;return e}parseBody(e){for(let[r,n]of Object.entries(e)){let{column:i}=this.splitter.run(r),s=this.table.schema[i];s&&(e[r]=this.parse(n,s))}return e}parseFilters(e){e=(0,MI.cloneDeep)(e);for(let r of Object.values(Sr)){let n=e[r];if(n)for(let i of Object.keys(n)){if(Array.isArray(n[i])){n[i]=JSON.stringify(n[i]);continue}let{column:s}=this.splitter.run(i),o=this.table.schema[s];o&&(n[i]=this.parse(n[i],o))}}for(let r of Object.values(Jt)){let n=e[r];if(n)for(let i of Object.keys(n)){let{column:s}=this.splitter.run(i),o=this.table.schema[s];o&&(n[i]=n[i].map(a=>this.parse(a,o)))}}for(let r of Object.values(pn)){let n=e[r];if(n)for(let i of Object.keys(n)){let{column:s}=this.splitter.run(i),o=this.table.schema[s];if(!o)continue;let a=n[i];"low"in a&&(a.low=this.parse(a.low,o)),"high"in a&&(a.high=this.parse(a.high,o))}}return e}addJoinFieldCheck(e,r){let n=r.from?.split(".")[0]||"";return e.andWhere(`${n}.fieldName`,"=",r.column)}addRelationshipForFilter(e,r,n,i){let{relationships:s,schema:o,tableAliases:a,table:u}=this.query,c=a?.[u.name]||u.name,l=d=>n.match(new RegExp(`^${d}\\.`));if(!s)return e;for(let d of s){let f=d.tableName,m=a?.[f]||f,p=l(f)||l(m),g=l(d.column);if((p||g)&&d.to&&d.tableName){let y=this.knex.select(this.knex.raw(1)).from({[m]:f}),T=y.clone(),S=rf(d),O;if(p?O=n:O=n.replace(new RegExp(`^${d.column}.`),`${a?.[d.tableName]||d.tableName}.`),S){let R=a?.[S.through]||d.through,E=this.tableNameWithSchema(S.through,{alias:R,schema:o});T=T.innerJoin(E,function(){this.on(`${m}.${S.toPrimary}`,"=",`${R}.${S.to}`)}).where(`${R}.${S.from}`,"=",this.rawQuotedIdentifier(`${c}.${S.fromPrimary}`)),this.client==="sqlite3"&&(T=this.addJoinFieldCheck(T,S)),e=e.where(_=>{_.whereExists(i(O,T)),r&&_.orWhereNotExists(y.clone().innerJoin(E,function(){this.on(`${c}.${S.fromPrimary}`,"=",`${R}.${S.from}`)}))})}else{let R=`${m}.${d.to}`,E=`${c}.${d.from}`;T=T.where(R,"=",this.rawQuotedIdentifier(E)),e=e.where(_=>{_.whereExists(i(O,T.clone())),r&&_.orWhereNotExists(T)})}}}return e}addFilters(e,r,n){if(!r)return e;let i=this;r=this.parseFilters({...r});let s=this.query.tableAliases,o=r.allOr,u=this.client==="sqlite3"?this.table._id:this.table.name;function c(p){return s?.[p]||p}function l(p,g,y,T){let S=(O,R,E)=>{let[_,...B]=R.split("."),b=B.join("."),k=c(_);return O.andWhere(de=>y(de,k?`${k}.${b}`:b,E))};for(let O in p){let R=p[O],E=na(O),_=E.includes("."),B=n?.relationship&&_,b;if(O==="_complexIdOperator"&&(b=p[O])&&T){let k=c(u);e=T(e,b.id.map(de=>k?`${k}.${de}`:de),b.values)}else if(_)B&&(o&&(e=e.or),e=i.addRelationshipForFilter(e,qk[g],E,(k,de)=>S(de,k,R)));else{let k=c(u);e=y(e,k?`${k}.${E}`:E,R)}}}let d=(p,g,y)=>((r?.fuzzyOr||o)&&(p=p.or),this.client==="oracledb"||this.client==="sqlite3"?p.whereRaw("LOWER(??) LIKE ?",[this.rawQuotedIdentifier(g),`%${y.toLowerCase()}%`]):p.whereILike(this.rawQuotedIdentifier(g),this.knex.raw("?",[`%${y}%`]))),f=(p,g=!1)=>{function y(T){return(o||p===r?.containsAny)&&(T=T.or),p===r?.notContains&&(T=T.not),T}this.client==="pg"?l(p,"contains",(T,S,O)=>(T=y(T),g?T.whereRaw("COALESCE(??::jsonb \\?| array??, FALSE)",[this.rawQuotedIdentifier(S),this.knex.raw(Nh(O,"'"))]):T.whereRaw("COALESCE(??::jsonb @> '??', FALSE)",[this.rawQuotedIdentifier(S),this.knex.raw(Nh(O))]))):this.client==="mysql2"||this.client==="mariadb"?l(p,"contains",(T,S,O)=>y(T).whereRaw("COALESCE(?(??, ?), FALSE)",[this.knex.raw(g?"JSON_OVERLAPS":"JSON_CONTAINS"),this.rawQuotedIdentifier(S),this.knex.raw(kI(Nh(O)))])):l(p,"contains",(T,S,O)=>(O.length===0||(T=T.where(R=>(p===r?.notContains&&(R=R.not),R=R.where(E=>{for(let _ of O){p===r?.containsAny?E=E.or:E=E.and;let B=typeof _=="string"?`"${_.toLowerCase()}"`:_;E=E.whereLike(this.knex.raw("COALESCE(LOWER(??), '')",[this.rawQuotedIdentifier(S)]),`%${B}%`)}}),p===r?.notContains&&(R=R.or.whereNull(this.rawQuotedIdentifier(S))),R))),T))};if(r.$and){let{$and:p}=r;for(let g of p.conditions)e=e.where(y=>{this.addFilters(y,g,n)})}if(r.$or){let{$or:p}=r;e=e.where(g=>{for(let y of p.conditions)g.orWhere(T=>this.addFilters(T,{...y,allOr:!0},n))})}r.oneOf&&l(r.oneOf,"oneOf",(p,g,y)=>{let T=this.getFieldSchema(g),S=Array.isArray(y)?y:[y];if(o&&(p=p.or),this.client==="oracledb")g=this.convertClobs(g);else if(this.client==="sqlite3"&&T?.type==="datetime"&&T.dateOnly){for(let O of S)O!=null?p=p.or.whereLike(g,`${O.toISOString().slice(0,10)}%`):p=p.or.whereNull(g);return p}return p.whereIn(g,S)},(p,g,y)=>(o&&(p=p.or),this.client==="oracledb"&&(g=g.map(T=>this.convertClobs(T))),p.whereIn(g,Array.isArray(y)?y:[y]))),r.string&&l(r.string,"string",(p,g,y)=>{if(o&&(p=p.or),this.client==="oracledb"||this.client==="sqlite3")return p.whereRaw("LOWER(??) LIKE ?",[this.rawQuotedIdentifier(g),`${y.toLowerCase()}%`]);{let T=this.getFieldSchema(g);return this.SPECIAL_SELECT_CASES.POSTGRES_ENUM(T)?p.whereRaw(`??::text ilike '${y}%'`,[this.knex.raw(this.quote(T.name))]):p.whereILike(g,`${y}%`)}}),r.fuzzy&&l(r.fuzzy,"fuzzy",d),r.range&&l(r.range,"range",(p,g,y)=>{let T=b=>b&&Object.keys(b).length===0&&Object.getPrototypeOf(b)===Object.prototype;T(y.low)&&(y.low=""),T(y.high)&&(y.high="");let S=ac(y.low),O=ac(y.high),R=this.getFieldSchema(g),E=g,_=y.high,B=y.low;return this.client==="sqlite3"&&R?.type==="datetime"&&R.dateOnly&&(_!=null&&(_=`${_.toISOString().slice(0,10)}T23:59:59.999Z`),B!=null&&(B=B.toISOString().slice(0,10))),this.client==="oracledb"?E=this.convertClobs(g):this.client==="sqlite3"&&R?.type==="bigint"&&(E=this.knex.raw("CAST(?? AS INTEGER)",[this.rawQuotedIdentifier(g)]),_=this.knex.raw("CAST(? AS INTEGER)",[y.high]),B=this.knex.raw("CAST(? AS INTEGER)",[y.low])),o&&(p=p.or),S&&O?p.whereBetween(E,[B,_]):S?p.where(E,">=",B):O?p.where(E,"<=",_):p}),r.equal&&l(r.equal,"equal",(p,g,y)=>{let T=this.getFieldSchema(g);if(o&&(p=p.or),this.client==="mssql")return p.whereRaw("CASE WHEN ?? = ? THEN 1 ELSE 0 END = 1",[this.rawQuotedIdentifier(g),y]);if(this.client==="oracledb"){let S=this.convertClobs(g);return p.where(O=>O.whereNotNull(S).andWhere(S,y))}else return this.client==="sqlite3"&&T?.type==="datetime"&&T.dateOnly?y!=null?p.whereLike(g,`${y.toISOString().slice(0,10)}%`):p.whereNull(g):p.whereRaw("COALESCE(?? = ?, FALSE)",[this.rawQuotedIdentifier(g),y])}),r.notEqual&&l(r.notEqual,"notEqual",(p,g,y)=>{let T=this.getFieldSchema(g);if(o&&(p=p.or),this.client==="mssql")return p.whereRaw("CASE WHEN ?? = ? THEN 1 ELSE 0 END = 0",[this.rawQuotedIdentifier(g),y]);if(this.client==="oracledb"){let S=this.convertClobs(g);return p.where(O=>O.not.whereNull(S).and.where(S,"!=",y)).or.whereNull(S)}else return this.client==="sqlite3"&&T?.type==="datetime"&&T.dateOnly?y!=null?p.not.whereLike(g,`${y.toISOString().slice(0,10)}%`).or.whereNull(g):p.not.whereNull(g):p.whereRaw("COALESCE(?? != ?, TRUE)",[this.rawQuotedIdentifier(g),y])}),r.empty&&l(r.empty,"empty",(p,g)=>(o&&(p=p.or),p.whereNull(g))),r.notEmpty&&l(r.notEmpty,"notEmpty",(p,g)=>(o&&(p=p.or),p.whereNotNull(g))),r.contains&&f(r.contains),r.notContains&&f(r.notContains),r.containsAny&&f(r.containsAny,!0);let m=s?.[this.table._id]||this.table._id;return r.documentType&&!zp(this.table)&&m&&e.andWhereLike(`${m}._id`,`${_r(r.documentType)}%`),e}isSqs(){return UI(this.table)}getTableName(e){e||(e=this.table);let r=e.name;UI(e)&&e._id&&(r=e._id);let n=this.query.tableAliases||{};return n[r]?n[r]:r}addDistinctCount(e){if(!this.table.primary)throw new Error("SQL counting requires primary key to be supplied");return e.countDistinct(`${this.getTableName()}.${this.table.primary[0]} as ${Lh}`)}addAggregations(e,r){let n=this.query.resource?.fields||[],i=this.getTableName();if(n.length>0){let s=n.map(o=>this.qualifyIdentifier(o));if(this.client==="oracledb"){let o=s.map(u=>this.convertClobs(u)),a=s.map(u=>this.convertClobs(u,{forSelect:!0}));e=e.groupBy(o).select(a)}else e=e.groupBy(s).select(s)}for(let s of r){let o=s.calculationType;if(o==="count")if("distinct"in s&&s.distinct)if(this.client==="oracledb"){let a=this.convertClobs(`${i}.${s.field}`);e=e.select(this.knex.raw("COUNT(DISTINCT ??) as ??",[a,s.name]))}else e=e.countDistinct(`${i}.${s.field} as ${s.name}`);else if(this.client==="oracledb"){let a=this.convertClobs(`${i}.${s.field}`);e=e.select(this.knex.raw("COUNT(??) as ??",[a,s.name]))}else e=e.count(`${s.field} as ${s.name}`);else{let a=this.getFieldSchema(s.field);if(!a)throw new Error(`field schema missing for aggregation target: ${s.field}`);let u=this.knex.raw("??(??)",[this.knex.raw(o),this.rawQuotedIdentifier(`${i}.${s.field}`)]);a.type==="bigint"&&(u=this.castIntToString(u)),e=e.select(this.knex.raw("?? as ??",[u,s.name]))}}return e}isAggregateField(e){return!!this.query.resource?.aggregations?.find(n=>n.name===e)}addSorting(e){let{sort:r,resource:n}=this.query,i=this.table.primary,s=this.getTableName();if(!Array.isArray(i))throw new Error("Sorting requires primary key to be specified for table");if(r&&Object.keys(r||{}).length>0)for(let[a,u]of Object.entries(r)){let c=u.direction==="ascending"?"asc":"desc",l;(this.client==="pg"||this.client==="oracledb")&&(l=u.direction==="ascending"?"first":"last");let d=`${s}.${a}`,f;this.isAggregateField(a)?f=this.rawQuotedIdentifier(a):this.client==="oracledb"?f=this.convertClobs(d):f=this.rawQuotedIdentifier(d),e=e.orderByRaw(`?? ?? ${l?"nulls ??":""}`,[f,this.knex.raw(c),...l?[this.knex.raw(l)]:[]])}if(!((n?.aggregations?.length??0)>0)&&(!r||r[i[0]]===void 0)){if(i[0]===void 0)throw new Error(`Primary key not found for table ${this.table.name}`);e=e.orderBy(`${s}.${i[0]}`)}return e}tableNameWithSchema(e,r){let n=r?.schema?`${r.schema}.${e}`:e;return r?.alias&&(n+=` as ${r.alias}`),n}buildJsonField(e,r){let n=r.split("."),i=n[n.length-1],s,o;if(n.length>1){let c=n.shift();s=n.join("."),o=`${c}.${s}`}else s=n.join("."),o=s;this.query.meta?.columnPrefix&&(i=i.replace(this.query.meta.columnPrefix,""));let a=this.rawQuotedIdentifier(o),u=e.schema[i];return u&&u.type==="bigint"&&(a=this.castIntToString(a)),[s,a]}maxFunctionParameters(){switch(this.client){case"sqlite3":return 127;case"pg":return 100;default:return 200}}addJsonRelationships(e,r,n){let i=this.client,s=this.knex,{resource:o,tableAliases:a,schema:u,tables:c}=this.query,l=o?.fields||[];for(let d of n){let{tableName:f,through:m,to:p,from:g,fromPrimary:y,toPrimary:T}=d;if(!f||!r)continue;let S=c[f];if(!S)throw new Error(`related table "${f}" not found in datasource`);let O=a?.[f]||f,R=a?.[r]||r,E=m&&a?.[m]||m,_=this.tableNameWithSchema(f,{alias:O,schema:u}),B=[...S?.primary||[],S?.primaryDisplay].filter(V=>V),b=$k(l.filter(V=>V.split(".")[0]===O),B);b=b.slice(0,Math.floor(this.maxFunctionParameters()/2));let k=b.map(V=>this.buildJsonField(S,V));if(!k.length)continue;let de=k.map(V=>{let ue=this.client==="oracledb"?" VALUE ":",";return this.knex.raw(`?${ue}??`,[V[0],V[1]]).toString()}).join(","),cn=`${O}.${T||p}`,$=s.from(_).orderBy(cn),F=m&&T&&y,I=F?`${E}.${g}`:`${O}.${p}`,W=F?`${R}.${y}`:`${R}.${g}`;if(F){let V=this.tableNameWithSchema(m,{alias:E,schema:u});$=$.join(V,function(){this.on(`${O}.${T}`,"=",`${E}.${p}`)})}$=$.where(this.rawQuotedIdentifier(I),"=",this.rawQuotedIdentifier(W));let L=V=>($=$.select(b.map(ue=>this.rawQuotedIdentifier(ue))).limit(vh()),s.select(V).from({[O]:$})),Y;switch(i){case"sqlite3":$=this.addJoinFieldCheck($,d),Y=L(this.knex.raw(`json_group_array(json_object(${de}))`));break;case"pg":Y=L(this.knex.raw(`json_agg(json_build_object(${de}))`));break;case"mariadb":Y=$.select(s.raw(`json_arrayagg(json_object(${de}) LIMIT ${vh()})`));break;case"mysql2":case"oracledb":Y=L(this.knex.raw(`json_arrayagg(json_object(${de}))`));break;case"mssql":{let V=s.select("*").from({[R]:$.select(k.map(ue=>s.ref(ue[1]).as(ue[0]))).limit(vh())});Y=s.raw(`(SELECT ?? = (${V} FOR JSON PATH))`,[this.rawQuotedIdentifier(O)]);break}default:throw new Error(`JSON relationships not implement for ${i}`)}e=e.select({[d.column]:Y})}return e}addJoin(e,r,n){let{tableAliases:i,schema:s}=this.query,o=r.to,a=r.from,u=r.through,c=i?.[o]||o,l=u&&i?.[u]||u,d=i?.[a]||a,f=this.tableNameWithSchema(o,{alias:c,schema:s}),m=u?this.tableNameWithSchema(u,{alias:l,schema:s}):void 0;return u?e=e.leftJoin(m,function(){for(let p of n){let g=p.fromPrimary,y=p.from;this.orOn(`${d}.${g}`,"=",`${l}.${y}`)}}).leftJoin(f,function(){for(let p of n){let g=p.toPrimary,y=p.to;this.orOn(`${c}.${g}`,`${l}.${y}`)}}):e=e.leftJoin(f,function(){for(let p of n){let g=p.from,y=p.to;this.orOn(`${d}.${g}`,"=",`${c}.${y}`)}}),e}qualifiedKnex(e){let r=this.query.tableAliases?.[this.query.table.name];return e?.alias===!1?r=void 0:typeof e?.alias=="string"&&(r=e.alias),this.knex(this.tableNameWithSchema(this.query.table.name,{alias:r,schema:this.query.schema}))}create(e){let{body:r}=this.query;if(!r)throw new Error("Cannot create without row body");let n=this.qualifiedKnex({alias:!1}),i=this.parseBody(r);if(this.client==="oracledb")for(let[s,o]of Object.entries(this.query.table.schema)){if(o.constraints?.presence===!0||o.type==="formula"||o.type==="auto"||o.type==="link"||o.type==="ai")continue;i[s]==null&&(i[s]=null)}else for(let[s,o]of Object.entries(i))o==null&&delete i[s];return e.disableReturning?n.insert(i):n.insert(i).returning("*")}bulkCreate(){let{body:e}=this.query,r=this.qualifiedKnex({alias:!1});if(!Array.isArray(e))return r;let n=e.map(i=>this.parseBody(i));return r.insert(n)}bulkUpsert(){let{body:e}=this.query,r=this.qualifiedKnex({alias:!1});if(!Array.isArray(e))return r;let n=e.map(i=>this.parseBody(i));if(this.client==="pg"||this.client==="sqlite3"||this.client==="mysql2"||this.client==="mariadb"){let i=this.table.primary;if(!i)throw new Error("Primary key is required for upsert");return r.insert(n).onConflict(i).merge()}else if(this.client==="mssql"||this.client==="oracledb")return r.insert(n);return r.upsert(n)}read(e={}){let{operation:r,filters:n,paginate:i,relationships:s,table:o}=this.query,{limits:a}=e,u=this.qualifiedKnex(),c=null,l=a?.query||a?.base;if(i&&i.page&&i.limit){let m=(i.page<=1?0:i.page-1)*i.limit;l=i.limit,c=m}else i&&i.offset&&i.limit?(l=i.limit,c=i.offset):i&&i.limit&&(l=i.limit);r!=="COUNT"&&(l!=null&&(u=u.limit(l)),c!=null&&(u=u.offset(c)));let d=this.query.resource?.aggregations||[];if(r==="COUNT"?u=this.addDistinctCount(u):d.length>0?u=this.addAggregations(u,d):u=u.select(this.generateSelectStatement()),r!=="COUNT"&&(u=this.addSorting(u)),u=this.addFilters(u,n,{relationship:!0}),s?.length&&d.length===0){let f=this.query.tableAliases?.[o.name]||o.name,m=this.addSorting(this.knex.with("paginated",u.clone().clearSelect().select("*")).select(this.generateSelectStatement()).from({[f]:"paginated"}));return this.addJsonRelationships(m,o.name,s)}return u}update(e){let{body:r,filters:n}=this.query;if(!r)throw new Error("Cannot update without row body");let i=this.qualifiedKnex(),s=this.parseBody(r);return i=this.addFilters(i,n),e.disableReturning?i.update(s):i.update(s).returning("*")}delete(e){let{filters:r}=this.query,n=this.qualifiedKnex();return n=this.addFilters(n,r),e.disableReturning?n.delete():n.delete().returning(this.generateSelectStatement())}},Uh=class extends Nl{constructor(r,n=PI()){super(r);this.limit=n}convertToNative(r,n={}){let i=this.getSqlClient();if(n?.disableBindings)return{sql:r.toString()};{let s=Zi(r);return i==="sqlite3"&&(s=FI(s)),s}}_query(r,n={}){let i=this.getSqlClient(),s={client:this.getBaseSqlClient()};(i==="sqlite3"||i==="oracledb")&&(s.useNullAsDefault=!0);let o=(0,LI.knex)(s),a,u=new Ph(i,o,r);switch(this._operation(r)){case"CREATE":a=u.create(n);break;case"READ":a=u.read({limits:{query:this.limit,base:PI()}});break;case"COUNT":a=u.read();break;case"UPDATE":a=u.update(n);break;case"DELETE":a=u.delete(n);break;case"BULK_CREATE":a=u.bulkCreate();break;case"BULK_UPSERT":a=u.bulkUpsert();break;case"CREATE_TABLE":case"UPDATE_TABLE":case"DELETE_TABLE":return this._tableQuery(r);default:throw"Operation type is not supported by SQL query builder"}return this.convertToNative(a,n)}async getReturningRow(r,n){if(!n.extra||!n.extra.idFilter)return{};let i=this._query({operation:"READ",datasource:n.datasource,schema:n.schema,table:n.table,tables:n.tables,resource:{fields:[]},filters:n.extra?.idFilter,paginate:{limit:1}});return r(i,"READ")}checkLookupKeys(r,n){if(!r||!n.table.primary)return n;let i=n.table.primary[0];return n.extra={idFilter:{equal:{[i]:r}}},n}async queryWithReturning(r,n,i=s=>s){let s=this.getSqlClient(),o=this._operation(r),a=this._query(r,{disableReturning:!0});if(Array.isArray(a)){let d=[];for(let f of a)d.push(await n(f,o));return d}let u;o==="DELETE"&&(u=i(await this.getReturningRow(n,r)));let c=await n(a,o),l=i(c);if(o==="CREATE"||o==="UPDATE"){let d;s==="mssql"?d=l?.[0].id:(s==="mysql2"||s==="mariadb")&&(d=l?.insertId),u=i(await this.getReturningRow(n,this.checkLookupKeys(d,r)))}return o==="COUNT"?l:o!=="READ"?u:l.length?l:[{[o.toLowerCase()]:!0}]}getTableName(r,n){let i=r.name;if(r.sourceType==="internal"||r.sourceId===ql){if(!r._id)return;i=r._id}return n?.[i]||i}convertJsonStringColumns(r,n,i){let s=this.getTableName(r,i);for(let[o,a]of Object.entries(r.schema)){if(!BI(a))continue;let u=`${s}.${o}`;for(let c of n)typeof c[u]=="string"&&(c[u]=JSON.parse(c[u])),typeof c[o]=="string"&&(c[o]=JSON.parse(c[o]))}return n}log(r,n){Po(this.getSqlClient(),r,n)}},GI=Uh;var Mh={};N(Mh,{base:()=>Wk});function Wk(t){return{_id:Ht,language:"sqlite",sql:{tables:{},options:{table_name:t}}}}var kh={};N(kh,{jsonFromCsvString:()=>Qk});var $I=q(require("csvtojson"));async function Qk(t,e){let{ignoreEmpty:r=!1,allowSingleColumn:n=!1,possibleDelimiters:i=[",",";",":","|","~","	"," "]}=e||{};for(let s of i){let o,a=!1;try{let u=await(0,$I.default)({ignoreEmpty:r,delimiter:s}).fromString(t);for(let[,c]of u.entries()){let l=Object.keys(c);if(o==null&&(o=l),!n&&l.length===1){a=!0;break}if(o.length!==l.length){a=!0;break}for(let d of o)(c[d]===void 0||c[d]==="")&&(c[d]=null)}if(a)continue;return u}catch{continue}}throw new Error("Unable to determine delimiter")}var Bh=class{constructor(e,r,n){this.method=e,this.url=r,this.controller=n,this.middlewares=[],this.outputMiddlewares=[]}addMiddleware(e,r){return r?.first?this.middlewares.unshift(e):this.middlewares.push(e),this}addOutputMiddleware(e,r){return r?.first?this.outputMiddlewares.unshift(e):this.outputMiddlewares.push(e),this}apply(e){let r=this.method,n=this.url,i=this.middlewares,s=this.controller,o=this.outputMiddlewares,a=()=>{},u=[n,...i,s,...o,a];e[r](...u)}},Pl=Bh;var VI=q(require("@koa/router")),Ti=class{constructor(){this.endpoints=[];this.middlewares=[];this.outputMiddlewares=[];this.applied=!1;this.locked=!1}addGroupMiddleware(e,r={first:!0}){if(this.locked)throw new Error("Group locked, no more middleware can be added.");return this.middlewares.push({fn:e,first:r.first}),this}addGroupMiddlewareOutput(e,r={first:!1}){if(this.locked)throw new Error("Group locked, no more middleware can be added.");return this.outputMiddlewares.push({fn:e,first:r.first}),this}addEndpoint(e,r,...n){let i=n.pop(),s=new Pl(e,r,i);if(n.length!==0)for(let o of n)s.addMiddleware(o);return this.endpoints.push(s),this}lockMiddleware(){this.locked=!0}post(e,...r){return this.addEndpoint("post",e,...r)}patch(e,...r){return this.addEndpoint("patch",e,...r)}put(e,...r){return this.addEndpoint("put",e,...r)}get(e,...r){return this.addEndpoint("get",e,...r)}delete(e,...r){return this.addEndpoint("delete",e,...r)}head(e,...r){return this.addEndpoint("head",e,...r)}apply(e){let r=this.endpointList();e||(e=new VI.default);for(let n of r)n.apply(e);return e}endpointList(){if(this.applied)throw new Error("Already applied to router");this.applied=!0;for(let e of this.endpoints)this.middlewares.forEach(({fn:r,first:n})=>e.addMiddleware(r,{first:n})),this.outputMiddlewares.forEach(({fn:r,first:n})=>e.addOutputMiddleware(r,{first:n}));return this.endpoints}};var Ga=class{constructor(){this.groups=[]}group(...e){let r=new Ti;return e.length&&e.forEach(n=>{"first"in n?r.addGroupMiddleware(n.middleware,{first:n.first}):r.addGroupMiddleware(n)}),this.groups.push(r),r}listAllEndpoints(){let e=this.groups.flatMap(r=>r.endpointList());return e.sort((r,n)=>{let i=r.url.includes(":"),s=n.url.includes(":");return i&&!s?1:!i&&s?-1:r.url.localeCompare(n.url)}),e}};var jk={...Ko,...Ae},Hk=(t={})=>{ic(t.db)};0&&(module.exports={APP_DEV,APP_DEV_PREFIX,APP_PREFIX,AutomationViewMode,BUDIBASE_DATASOURCE_TYPE,BadRequestError,BudibaseError,Config,Cookie,DEFAULT_BB_DATASOURCE_ID,DEFAULT_EMPLOYEE_TABLE_ID,DEFAULT_EXPENSES_TABLE_ID,DEFAULT_INVENTORY_TABLE_ID,DEFAULT_JOBS_TABLE_ID,DEFAULT_TENANT_ID,DeprecatedViews,DesignDocuments,DocumentType,Duration,DurationType,EmailUnavailableError,Endpoint,EndpointGroup,EndpointGroupList,FeatureDisabledError,ForbiddenError,GlobalRole,HTTPError,Header,InternalTable,InvalidAPIKeyError,MAX_VALID_DATE,MIN_VALID_DATE,NotFoundError,NotImplementedError,RedisClient,SEPARATOR,SQLITE_DESIGN_DOC_ID,SQS_DATASOURCE_INTERNAL,StaticDatabases,UNICODE_MAX,UnexpectedError,UsageLimitError,UserStatus,ViewName,accounts,auth,blacklist,cache,configs,constants,context,csv,db,docIds,docUpdates,encryption,env,errors,events,features,getPublicError,init,installation,locks,logging,middleware,objectStore,permissions,platform,plugins,queue,redis,roles,security,sessions,setEnv,sql,tenancy,timers,userUtils,users,utils,withEnv});
 //# sourceMappingURL=index.js.map