@budibase/backend-core 3.18.11 → 3.18.12

package/dist/index.js

@@ -34,6 +34,6 @@ attempted value: ${s}
       emit(doc.ssoId, doc._id)
     }
   }`,"platform_users_lowercase_2")},Fs=async(t,e)=>{let r={account_by_email:fT,platform_users_lowercase_2:pT};return Ge(de.PLATFORM_INFO.name,async n=>{let i=r[t];return hf(t,e,n,i,{arrayResponse:!0})})},mT={by_email2:uT,by_api_key:lT,by_app:cT},Mt=async(t,e,r,n)=>{r||(r=Y());let i=mT[t];return hf(t,e,r,i,n)};async function Ef(t,e,r){let n=Y(),i=mT[t];return Ms(t,e,n,i,r)}var Ib=M(require("pouchdb"));var gf=class{constructor({source:e,target:r}){this.source=Je(e),this.target=Je(r),e.startsWith("app_dev")&&r.startsWith("app")?this.direction="toProduction":e.startsWith("app")&&r.startsWith("app_dev")&&(this.direction="toDev")}async close(){await Promise.all([Ss(this.source),Ss(this.target)])}replicate(e={}){return new Promise(r=>{this.source.replicate.to(this.target,e).on("denied",function(n){throw new Error(`Denied: Document failed to replicate ${n}`)}).on("complete",function(n){return r(n)}).on("error",function(n){throw n})})}appReplicateOpts(e={}){if(typeof e.filter=="string")return e;let r=e.filter,i=this.direction==="toDev";delete e.filter;let s=e.isCreation,o=e.tablesToSync;delete e.isCreation,delete e.tablesToSync;let a=!1,u;typeof o=="string"&&o==="all"?a=!0:o&&(u=o);let c=(d,f)=>d?.startsWith(f+C),l=d=>c(d,"ro")||c(d,"li");return{...e,filter:(d,f)=>!s&&d._id==="_design/migrations"||i&&d._id.startsWith("_design")?!1:d._deleted||c(d._id,ps)?!0:l(d._id)?!!u?.find(m=>d._id.includes(m))||a:c(d._id,"log_au")||d._id==="app_metadata"?!1:r?r(d,f):!0}}async rollback(){await this.target.destroy(),this.target=Je(this.target.name),await this.replicate()}},hT=gf;var gT=M(require("node-fetch"));var Bs=or.removeKeyNumbering;function sn(t){return t==null||t===""}var Ft=class t{#l;#d;#e;#r;#n;#i;#s;#o;#t;#f;#a;#u=!1;#c;static{this.maxLimit=200}constructor(e,r,n){this.#l=e,this.#d=r,this.#e={allOr:!1,onEmptyFilter:"all",string:{},fuzzy:{},range:{},equal:{},notEqual:{},empty:{},notEmpty:{},oneOf:{},contains:{},notContains:{},containsAny:{},...n},this.#r=50,this.#s="ascending",this.#o="string",this.#t=!0}disableEscaping(){return this.#u=!0,this}setIndexBuilder(e){return this.#a=e,this}setVersion(e){return e!=null&&(this.#f=e),this}setTable(e){return this.#e.equal.tableId=e,this}setLimit(e){return e!=null&&(this.#r=e),this}setSort(e){return e!=null&&(this.#n=e),this}setSortOrder(e){return e!=null&&(this.#s=e),this}setSortType(e){return e!=null&&(this.#o=e),this}setBookmark(e){return e!=null&&(this.#i=e),this}setSkip(e){return this.#c=e,this}excludeDocs(){return this.#t=!1,this}includeDocs(){return this.#t=!0,this}addString(e,r){return this.#e.string[e]=r,this}addFuzzy(e,r){return this.#e.fuzzy[e]=r,this}addRange(e,r,n){return this.#e.range[e]={low:r,high:n},this}addEqual(e,r){return this.#e.equal[e]=r,this}addNotEqual(e,r){return this.#e.notEqual[e]=r,this}addEmpty(e,r){return this.#e.empty[e]=r,this}addNotEmpty(e,r){return this.#e.notEmpty[e]=r,this}addOneOf(e,r){return this.#e.oneOf[e]=r,this}addContains(e,r){return this.#e.contains[e]=r,this}addNotContains(e,r){return this.#e.notContains[e]=r,this}addContainsAny(e,r){return this.#e.containsAny[e]=r,this}setAllOr(){this.#e.allOr=!0}setOnEmptyFilter(e){this.#e.onEmptyFilter=e}handleSpaces(e){return this.#u?e:e.replace(/ /g,"_")}preprocess(e,{escape:r,lowercase:n,wrap:i,type:s}={}){let o=!!this.#f,a=typeof e;return e&&n&&(e=e.toLowerCase?e.toLowerCase():e),!this.#u&&r&&a==="string"&&(e=`${e}`.replace(/[ /#+\-&|!(){}\]^"~*?:\\]/g,"\\$&")),a==="string"&&!isNaN(e)&&!s?e=`"${e}"`:o&&i&&(e=a==="number"?e:`"${e}"`),e}isMultiCondition(){let e=0;for(let r of Object.values(this.#e))typeof r=="object"&&(e+=Object.keys(r).length);return e>1}compressFilters(e){let r={};for(let s of Object.keys(e)){let o=Bs(s);r[o]?r[o]=r[o].concat(e[s]):r[o]=e[s]}let n={},i=1;for(let[s,o]of Object.entries(r))n[`${i++}:${s}`]=o;return n}buildSearchQuery(){let e=this,r=this.#e&&this.#e.allOr,n=r?"":"*:*",i=!0,s={escape:!0,lowercase:!0,wrap:!0},o="";this.#e.equal.tableId&&(o=this.#e.equal.tableId,delete this.#e.equal.tableId);let a=(p,E)=>sn(E)?null:`${p}:${e.preprocess(E,s)}`,u=(p,E,g="AND")=>{if(sn(E))return null;if(!Array.isArray(E))return`${p}:${E}`;let T=`${e.preprocess(E[0],{escape:!0})}`;for(let _=1;_<E.length;_++)T+=` ${g} ${e.preprocess(E[_],{escape:!0})}`;return`${p}:(${T})`},c=(p,E)=>sn(E)?null:(E=e.preprocess(E,{escape:!0,lowercase:!0,type:"fuzzy"}),`${p}:/.*${E}.*/`),l=(p,E)=>{let g=r?"*:* AND ":"",T=r?"AND":void 0;return g+"NOT "+u(p,E,T)},d=(p,E)=>u(p,E,"OR"),f=(p,E)=>{if(sn(E))return"*:*";if(!Array.isArray(E))if(typeof E=="string")E=E.split(",");else return"";let g=`${e.preprocess(E[0],s)}`;for(let T=1;T<E.length;T++)g+=` OR ${e.preprocess(E[T],s)}`;return`${p}:(${g})`};function m(p,E,g){let T="";for(let[_,A]of Object.entries(p)){_=Bs(_),_=e.preprocess(e.handleSpaces(_),{escape:!0});let w=E(_,A);if(w!=null){if(T.length>0||n.length>0){let y=g?.mode?g.mode:r?"OR":"AND";T+=` ${y} `}T+=w,(typeof A!="string"&&A!=null||typeof A=="string"&&A!==o&&A!=="")&&(i=!1)}}if(g?.returnBuilt)return T;n+=T}if(this.#e.string&&m(this.#e.string,(p,E)=>sn(E)?null:(E=e.preprocess(E,{escape:!0,lowercase:!0,type:"string"}),`${p}:${E}*`)),this.#e.range&&m(this.#e.range,(p,E)=>{if(sn(E)||E.low==null||E.low===""||E.high==null||E.high==="")return null;let g=e.preprocess(E.low,s),T=e.preprocess(E.high,s);return`${p}:[${g} TO ${T}]`}),this.#e.fuzzy&&m(this.#e.fuzzy,c),this.#e.equal&&m(this.#e.equal,a),this.#e.notEqual&&m(this.#e.notEqual,(p,E)=>sn(E)?null:typeof E=="boolean"?`(*:* AND !${p}:${E})`:`!${p}:${e.preprocess(E,s)}`),this.#e.empty&&m(this.#e.empty,p=>(i=!1,`(*:* -${p}:["" TO *])`)),this.#e.notEmpty&&m(this.#e.notEmpty,p=>(i=!1,`${p}:["" TO *]`)),this.#e.oneOf&&m(this.#e.oneOf,f),this.#e.contains&&m(this.#e.contains,u),this.#e.notContains&&m(this.compressFilters(this.#e.notContains),l),this.#e.containsAny&&m(this.#e.containsAny,d),o&&(n=this.isMultiCondition()?`(${n})`:n,r=!1,m({tableId:o},a)),i){if(this.#e.onEmptyFilter==="none")return"";if(this.#e?.allOr)return n.replace("()","(*:*)")}return n}buildSearchBody(){let e={q:this.buildSearchQuery(),limit:Math.min(this.#r,t.maxLimit),include_docs:this.#t};if(this.#i&&(e.bookmark=this.#i),this.#n){let r=this.#s==="descending"?"-":"",n=`<${this.#o}>`;e.sort=`${r}${this.handleSpaces(this.#n)}${n}`}return e}async run(){return this.#c&&await this.#m(this.#c),await this.#p()}async#m(e){let r=this.#t,n=this.#r;this.excludeDocs();let i=e,s=0;do{let o=Math.min(t.maxLimit,i);this.setLimit(o);let{bookmark:a,rows:u}=await this.#p();this.setBookmark(a),s=u.length,i-=u.length}while(i>0&&s>0);this.#t=r,this.#r=n}async#p(){let{url:e,cookie:r}=ct(),n=`${e}/${this.#l}/_design/database/_search/${this.#d}`,i=this.buildSearchBody();try{return await ET(n,i,r)}catch(s){if(s.status===404&&this.#a)return await this.#a(),await ET(n,i,r);throw s}}};async function ET(t,e,r){let n=await(0,gT.default)(t,{body:JSON.stringify(e),method:"POST",headers:{Authorization:r}});if(n.status===404)throw n;let i=await n.json(),s={rows:[],totalRows:0};return i.rows!=null&&i.rows.length>0&&(s.rows=i.rows.map(o=>o.doc)),i.bookmark&&(s.bookmark=i.bookmark),i.total_rows&&(s.totalRows=i.total_rows),s}async function yT(t,e,r,n){let i=n.bookmark,s=n.rows||[];if(n.limit&&s.length>=n.limit)return s;let o=Ft.maxLimit;n.limit&&s.length>n.limit-Ft.maxLimit&&(o=n.limit-s.length);let a=new Ft(t,e,r);a.setVersion(n.version).setBookmark(i).setLimit(o).setSort(n.sort).setSortOrder(n.sortOrder).setSortType(n.sortType),n.tableId&&a.setTable(n.tableId);let u=await a.run();if(!u.rows.length)return s;if(u.rows.length<Ft.maxLimit)return[...s,...u.rows];let c={...n,bookmark:u.bookmark,rows:[...s,...u.rows]};return await yT(t,e,r,c)}async function wb(t,e,r,n){let i=n.limit;(i==null||isNaN(i)||i<0)&&(i=50),i=Math.min(i,Ft.maxLimit);let s=new Ft(t,e,r);n.version&&s.setVersion(n.version),n.tableId&&s.setTable(n.tableId),n.sort&&s.setSort(n.sort).setSortOrder(n.sortOrder).setSortType(n.sortType),n.indexer&&s.setIndexBuilder(n.indexer),n.disableEscaping&&s.disableEscaping();let o=await s.setBookmark(n.bookmark).setLimit(i).run();s.setBookmark(o.bookmark).setLimit(1),n.tableId&&s.setTable(n.tableId);let a=await s.run();return{...o,hasNextPage:a.rows&&a.rows.length>0}}async function Db(t,e,r,n){let i=n.limit;return(i==null||isNaN(i)||i<0)&&(i=1e3),n.limit=Math.min(i,1e3),{rows:await yT(t,e,r,n)}}var yf={};P(yf,{createUserIndex:()=>Rb});async function Rb(){let t=Y(),e;try{e=await t.get("_design/database")}catch(n){n.status===404&&(e={_id:"_design/database"})}let r=function(n){if(n._id&&!n._id.startsWith("us_"))return;let i=["_id","_rev","password","account","license","budibaseAccess","accountPortalAccess","csrfToken"];function s(o,a){for(let u of Object.keys(o)){if(i.includes(u))continue;let c=a!=null?`${a}.${u}`:u;typeof o[u]=="string"?index(c,o[u].toLowerCase(),{facet:!0}):typeof o[u]!="object"?index(c,o[u],{facet:!0}):s(o[u],c)}}s(n)};e.indexes={user:{index:r.toString(),analyzer:{default:"keyword",name:"perfield"}}},await t.put(e)}function TT(t,e){let r=e.toString();if(typeof t=="object")return t.status===e||t.message?.includes(r);if(typeof t=="number")return t===e;if(typeof t=="string")return t.includes(r)}function Cb(t){return TT(t,409)}var $s={};P($s,{addTenantToUrl:()=>bb,getTenantDB:()=>Tf,getTenantIDFromCtx:()=>Ws,isUserInAppTenant:()=>xb});function Tf(t){return De(Xr(t))}function bb(t){let e=V();if(lr()){let r=t.indexOf("?")===-1?"?":"&";t+=`${r}tenantId=${e}`}return t}var xb=(t,e)=>{let r;return e?r=e.tenantId||oe:r=V(),(Yn(t)||oe)===r},vb=Object.values(Ai),Ws=(t,e)=>{if(!lr())return oe;e.allowNoTenant===void 0&&(e.allowNoTenant=!1),e.includeStrategies||(e.includeStrategies=vb),e.excludeStrategies||(e.excludeStrategies=[]);let r=n=>{if(e.excludeStrategies?.includes(n))return!1;if(e.includeStrategies?.includes(n))return!0};if(r("user")){let n=t.user?.tenantId;if(n)return n}if(r("header")){let n=t.request.headers["x-budibase-tenant-id"];if(n)return n}if(r("query")){let n=t.request.query.tenantId;if(n)return n}if(r("subdomain")){let n;try{n=new URL(jd()).host.split(":")[0]}catch(s){if(s.code!=="ERR_INVALID_URL")throw s}let i=t.host;if(n&&i.includes(n)){let s=i.substring(0,i.indexOf(`.${n}`));if(s)return s}}if(r("path")){let n=t.matched.find(o=>!!o.paramNames.find(a=>a.name==="tenantId")),i=t.originalUrl,s;if(i.includes("?")?s=i.split("?")[0]:s=i,n){let o=n.params(s,n.captures(s),{});if(o.tenantId)return o.tenantId}}e.allowNoTenant||t.throw(403,"Tenant id not set")};var Sf="app"+C,ST="/app/",Pb="/builder",Nb=`${Pb}/workspace/`,Ub="/api/public/v";async function Lb(t){let r=`/${t.path.split("/")[2].toLowerCase()}`,n=V();!h.isDev()&&h.MULTI_TENANCY&&(n=Ws(t,{includeStrategies:["subdomain"]}));let s=(await Re(n,()=>ks({dev:!1}))).filter(o=>o.url&&o.url.toLowerCase()===r)[0];return s&&s.appId?s.appId:void 0}function kb(t){return t.path.startsWith(`/${Sf}`)?!0:t.path.startsWith(ST)}function Mb(t){return t.path.startsWith(Nb)}function Fb(t){return AT(t.path)}function AT(t){return new RegExp(/^\/app\/app_\w+\/preview$/).test(t)}function Bb(t){return t.path.startsWith(Ub)}async function Wb(t){let e;function r(a){return!a||!a.startsWith(Sf)?e:(e&&e!==a&&t.throw("App id conflict",403),e??a)}let n=t.request.headers["x-budibase-app-id"]||[];typeof n=="string"&&(n=[n]);for(let a of n)e=r(a);t.request.body&&t.request.body.appId&&(e=r(t.request.body.appId));let i=$b(t.path);i&&(e=r(i)),t.query?.appId&&(e=r(t.query?.appId));let s=AT(t.path);return t.path.startsWith(ST)&&!s&&(e=r(await Lb(t))),e}function $b(t){if(t)return t.split("?")[0].split("/").find(e=>e.startsWith(Sf))}function nu(t){if(t)try{return ru.default.verify(t,h.JWT_SECRET)}catch(e){if(h.JWT_SECRET_FALLBACK)return ru.default.verify(t,h.JWT_SECRET_FALLBACK);throw e}}function Vs(t){return h.INTERNAL_API_KEY&&h.INTERNAL_API_KEY===t?!0:!!(h.INTERNAL_API_KEY_FALLBACK&&h.INTERNAL_API_KEY_FALLBACK===t)}function Bt(t,e){let r=t.cookies.get(e);if(r)return nu(r)}function _T(t,e,r="builder",n={sign:!0}){e&&n&&n.sign&&(e=ru.default.sign(e,h.JWT_SECRET));let i={expires:La,path:"/",httpOnly:!1,overwrite:!0};h.COOKIE_DOMAIN&&(i.domain=h.COOKIE_DOMAIN),t.cookies.set(r,e,i)}function mr(t,e){_T(t,null,e)}function Vb(t){return t.headers["x-budibase-type"]==="client"}function Af(t){return new Promise(e=>setTimeout(e,t))}function _f(t){return!!Im[t]}function Gb(t){if(typeof t!="object")return!1;try{JSON.stringify(t)}catch(e){if(e instanceof Error&&e?.message.includes("circular structure"))return!0}return!1}function qb(t){return!!t.match(/^.+:\/\/.+$/)}function Of(t){return t&&!!t.match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)}var If=(s=>(s.MILLISECONDS="milliseconds",s.SECONDS="seconds",s.MINUTES="minutes",s.HOURS="hours",s.DAYS="days",s))(If||{}),iu={milliseconds:1,seconds:1e3,minutes:6e4,hours:36e5,days:864e5},me=class t{constructor(e){this.ms=e}to(e){return this.ms/iu[e]}toMs(){return this.ms}toSeconds(){return this.to("seconds")}static convert(e,r,n){return n*iu[e]/iu[r]}static from(e,r){return new t(r*iu[e])}static fromSeconds(e){return t.from("seconds",e)}static fromMinutes(e){return t.from("minutes",e)}static fromHours(e){return t.from("hours",e)}static fromDays(e){return t.from("days",e)}static fromMilliseconds(e){return t.from("milliseconds",e)}};async function Kb(t){let e=performance.now();return[await t(),me.fromMilliseconds(performance.now()-e)]}function Qb(t){let e="",r=-1,n,i,s=t.opts?.repeat;return s&&(i=s.endDate?new Date(s.endDate).getTime():Date.now(),n=s.tz,"cron"in s?e=s.cron:r=s.every),{id:t.id.toString(),name:"",key:t.id.toString(),tz:n,endDate:i,cron:e,every:r,next:0}}var su=class{constructor(e,r){this._name=e,this._opts=r,this._messages=[],this._emitter=new OT.default.EventEmitter,this._runCount=0,this._addCount=0,this._queuedJobIds=new Set,this._attempts=r?.defaultJobOptions?.attempts||1}async process(e,r){r=typeof e=="number"?r:e,this._emitter.on("message",async n=>{if(!n.manualTrigger&&n.opts?.repeat!=null)return;function i(){return r.length===1?r(n):new Promise((u,c)=>{r(n,(d,f)=>{d?c(d):u(f)})})}let s=this._attempts;async function o(u,c=0){try{return await u}catch(l){if(c++,c<s&&!n._isDiscarded)return await Pe.wait(100*c),await o(i(),c);throw l}}try{let u=await o(i());this._emitter.emit("completed",n,u);let c=this._messages.indexOf(n);if(c===-1)throw"Failed deleting a processed message";this._messages.splice(c,1)}catch(u){console.error(u),this._emitter.emit("error",n,u)}this._runCount++;let a=n.opts?.jobId?.toString();a&&n.opts?.removeOnComplete&&this._queuedJobIds.delete(a)})}async isReady(){return this}async add(e,r){if(typeof e=="string")throw new Error("doesn't support named jobs");let n=r,i=n?.jobId?.toString();if(i&&this._queuedJobIds.has(i)){console.log(`Ignoring already queued job ${i}`);return}if(typeof e!="object")throw"Queue only supports carrying JSON.";i&&this._queuedJobIds.add(i);let s=re(),o=()=>{let u={id:s,timestamp:Date.now(),queue:this,data:e,opts:n,discard:async()=>{u._isDiscarded=!0}};this._messages.push(u),this._messages.length>1e3&&this._messages.shift(),this._addCount++,this._emitter.emit("message",u)},a=n?.delay;return a?setTimeout(o,a):o(),{id:i,finished:()=>new Promise((u,c)=>{let l=(f,m)=>{f.id===s&&(this._emitter.off("error",l),this._emitter.off("completed",d),c(m))},d=(f,m)=>{f.id===s&&(this._emitter.off("error",l),this._emitter.off("completed",d),u(m))};this._emitter.on("error",l),this._emitter.on("completed",d)})}}async close(){}async removeRepeatableByKey(e){for(let[r,n]of this._messages.entries())if(n.id===e){this._messages.splice(r,1),this._emitter.emit("removed",n);return}}async removeJobs(e){}async clean(){return[]}async getJob(e){for(let r of this._messages)if(r.id===e)return r;return null}manualTrigger(e){for(let r of this._messages)if(r.id===e){this._emitter.emit("message",{...r,manualTrigger:!0});return}throw new Error(`Job with id ${e} not found`)}on(e,r){return this._emitter.on(e,r),this}off(e,r){return this._emitter.off(e,r),this}async count(){return this._messages.length}async getCompletedCount(){return this._runCount}async getRepeatableJobs(){return this._messages.filter(e=>e.opts?.repeat!=null).map(e=>Qb(e))}async whenCurrentJobsFinished(){do await Af(50);while(this.hasRunningJobs())}hasRunningJobs(){return this._addCount>this._runCount}},IT=su;var Rf=M(require("bull"));var Xn=(a=>(a.AUTOMATION="automationQueue",a.APP_BACKUP="appBackupQueue",a.AUDIT_LOG="auditLogQueue",a.SYSTEM_EVENT_QUEUE="systemEventQueue",a.APP_MIGRATION="appMigration",a.DOC_WRITETHROUGH_QUEUE="docWritethroughQueue",a.DEV_REVERT_PROCESSOR="devRevertProcessorQueue",a))(Xn||{});function wT(t,e,r){Hb(t,e),r&&jb(t,r)}function jb(t,e){t.on("stalled",async r=>{if(e)await e(r);else if(r.opts.repeat){let n=r.id,i=await t.getRepeatableJobs();for(let s of i)s.id===n&&await t.removeRepeatableByKey(s.key);console.log(`jobId=${n} disabled`)}})}function Ze(t,e,r={},n={}){let i=`[BULL] ${t}=${e}`,s=r.error,o={_logKey:"bull",eventType:t,event:e,job:r.job,jobId:r.jobId||r.job?.id,...n},a;return r.job?.data?.automation&&(a={_logKey:"automation",trigger:r.job?r.job.data.automation.definition.trigger.event:void 0}),[i,s,o,a]}var Yb={automationQueue:"automation-event",appBackupQueue:"app-backup-event",auditLogQueue:"audit-log-event",systemEventQueue:"system-event",appMigration:"app-migration",docWritethroughQueue:"doc-writethrough",devRevertProcessorQueue:"dev-revert-event"};function Hb(t,e){let r=Yb[e];function n(i,s){let o=i.data.event?.appId;if(o)return Yd(o,s);s()}t.on("stalled",async i=>{await n(i,()=>{console.error(...Ze(r,"stalled",{job:i}))})}).on("error",i=>{console.error(...Ze(r,"error",{error:i}))}),process.env.NODE_DEBUG?.includes("bull")&&t.on("waiting",i=>{console.info(...Ze(r,"waiting",{jobId:i}))}).on("active",async i=>{await n(i,()=>{console.info(...Ze(r,"active",{job:i}))})}).on("progress",async(i,s)=>{await n(i,()=>{console.info(...Ze(r,"progress",{job:i},{progress:s}))})}).on("completed",async(i,s)=>{await n(i,()=>{console.info(...Ze(r,"completed",{job:i},{result:s}))})}).on("failed",async(i,s)=>{await n(i,()=>{console.error(...Ze(r,"failed",{job:i,error:s}))})}).on("paused",()=>{console.info(...Ze(r,"paused"))}).on("resumed",()=>{console.info(...Ze(r,"resumed"))}).on("cleaned",(i,s)=>{console.info(...Ze(r,"cleaned",{},{length:i.length,type:s}))}).on("drained",()=>{console.info(...Ze(r,"drained"))}).on("removed",i=>{console.info(...Ze(r,"removed",{job:i}))})}var ou={};P(ou,{cleanup:()=>zb,clear:()=>Df,set:()=>wf});var Gs=[];function wf(t,e){let r=setInterval(t,e);return Gs.push(r),r}function Df(t){let e=Gs.indexOf(t);e!==-1&&Gs.splice(e,1),clearInterval(t)}function zb(){for(let t of Gs)clearInterval(t);Gs=[]}var Wt=M(require("dd-trace")),qs=M(require("object-sizeof")),Jb=me.fromMinutes(5).toMs(),Zb=me.fromSeconds(30).toMs(),Cf=me.fromSeconds(60).toMs(),Ks=[],au;async function DT(){for(let t of Ks)await t.clean(Cf,"completed"),await t.clean(Cf,"failed")}async function Xb(t,e,r){let n=performance.now();try{let i=await e();return Wt.default.dogstatsd.increment(`${t}.success`,1,r),i}catch(i){throw Wt.default.dogstatsd.increment(`${t}.error`,1,r),i}finally{let i=performance.now()-n;Wt.default.dogstatsd.distribution(`${t}.duration.ms`,i,r),Wt.default.dogstatsd.increment(t,1,r)}}function RT(t){return{"job.opts.attempts":t.attempts,"job.opts.backoff":t.backoff,"job.opts.delay":t.delay,"job.opts.jobId":t.jobId,"job.opts.lifo":t.lifo,"job.opts.preventParsingData":t.preventParsingData,"job.opts.priority":t.priority,"job.opts.removeOnComplete":t.removeOnComplete,"job.opts.removeOnFail":t.removeOnFail,"job.opts.repeat":t.repeat,"job.opts.stackTraceLimit":t.stackTraceLimit,"job.opts.timeout":t.timeout}}function ex(t){return{"job.id":t.id,"job.attemptsMade":t.attemptsMade,"job.timestamp":t.timestamp,"job.data.sizeBytes":(0,qs.default)(t.data),...RT(t.opts||{})}}var pt=class{constructor(e,r={}){this.opts=r,this.jobQueue=e,this.queue=this.initQueue()}get name(){return this.queue.name}initQueue(){let r={redis:Jr(),settings:{maxStalledCount:this.opts.maxStalledCount?this.opts.maxStalledCount:0,lockDuration:Jb,lockRenewTime:Zb}};this.opts.jobOptions&&(r.defaultJobOptions=this.opts.jobOptions);let n;return h.isTest()?process.env.BULL_TEST_REDIS_PORT&&!isNaN(+process.env.BULL_TEST_REDIS_PORT)?n=new Rf.default(this.jobQueue,{...r,redis:{host:"localhost",port:+process.env.BULL_TEST_REDIS_PORT}}):n=new IT(this.jobQueue,r):n=new Rf.default(this.jobQueue,r),wT(n,this.jobQueue,this.opts.removeStalledCb),Ks.push(n),!au&&!h.isTest()&&(au=wf(DT,Cf),DT().catch(i=>{console.error(`Unable to cleanup ${this.jobQueue} initially - ${i}`)})),n}getBullQueue(){return this.queue}process(...e){let r,n;e.length===2?(r=e[0],n=e[1]):n=e[0];let i=async(o,a)=>{await Wt.default.trace("queue.process",async u=>{if(o.data._parentSpanContext){let c=o.data._parentSpanContext,l={traceId:c.traceId,spanId:c.spanId,toTraceId:()=>c.traceId,toSpanId:()=>c.spanId,toTraceparent:()=>""};u.addLink(l)}u.addTags({"queue.name":this.jobQueue,...ex(o)}),this.opts.jobTags&&u.addTags(this.opts.jobTags(o.data)),Wt.default.dogstatsd.distribution("queue.process.sizeBytes",(0,qs.default)(o.data),this.metricTags()),await this.withMetrics("queue.process",()=>a?n(o,a):n(o))})},s;return n.length===1?s=o=>i(o):s=i,r?this.queue.process(r,s):this.queue.process(s)}async add(e,r){return await Wt.default.trace("queue.add",async n=>(n.addTags({"queue.name":this.jobQueue,"job.data.sizeBytes":(0,qs.default)(e),...RT(r||{})}),this.opts.jobTags&&n.addTags(this.opts.jobTags(e)),e._parentSpanContext={traceId:n.context().toTraceId(),spanId:n.context().toSpanId()},Wt.default.dogstatsd.distribution("queue.add.sizeBytes",(0,qs.default)(e),this.metricTags()),await this.withMetrics("queue.add",()=>this.queue.add(e,r))))}withMetrics(e,r){return Xb(e,r,this.metricTags())}metricTags(){return{queueName:this.jobQueue}}close(e){return this.queue.close(e)}whenCurrentJobsFinished(){return this.queue.whenCurrentJobsFinished()}};async function tx(){au&&Df(au),console.log("Waiting for current queue jobs to finish...");for(let t of Ks)await t.whenCurrentJobsFinished();console.log("Closing queue Redis connections...");for(let t of Ks)await t.close();Ks=[],console.log("Queues shutdown")}var Zs={};P(Zs,{correlation:()=>Qs,logAlert:()=>an,logAlertWithInfo:()=>Nx,logWarn:()=>ri,logger:()=>hu,system:()=>Gf});var Qs={};P(Qs,{getId:()=>bf,setHeader:()=>rx});var CT=require("correlation-id"),rx=t=>{let e=CT.getId();e&&(t["x-budibase-correlation-id"]=e)};function bf(){return CT.getId()}var mu=M(require("pino")),tS=M(require("pino-pretty")),qf=M(require("dd-trace")),rS=require("dd-trace/ext");var Gf={};P(Gf,{getLogReadStream:()=>Rx,getSingleFileMaxSizeInfo:()=>eS,localFileDestination:()=>Vf});var Js=M(require("fs")),$f=M(require("path")),zT=M(require("rotating-file-stream"));var Wf={};P(Wf,{ObjectStore:()=>mt,ObjectStoreBuckets:()=>ix,SIGNED_FILE_PREFIX:()=>kf,bucketTTLConfig:()=>uu,budibaseTempDir:()=>on,clientLibraryCDNUrl:()=>Sx,clientLibraryPath:()=>$T,clientLibraryUrl:()=>Ax,createBucketIfNotExists:()=>zs,deleteFile:()=>px,deleteFiles:()=>mx,deleteFolder:()=>FT,downloadTarball:()=>Ex,downloadTarballDirect:()=>hx,enrichPWAImages:()=>_x,enrichPluginURLs:()=>Ix,extractBucketAndPath:()=>xf,getAppFileUrl:()=>VT,getGlobalFileS3Key:()=>GT,getGlobalFileUrl:()=>Ox,getObjectMetadata:()=>gx,getPluginIconKey:()=>QT,getPluginJSKey:()=>KT,getPluginS3Dir:()=>YT,getPresignedUrl:()=>yr,getReadStream:()=>cu,listAllObjects:()=>MT,processAutomationAttachment:()=>ox,processObjectStoreAttachment:()=>NT,retrieve:()=>kT,retrieveDirectory:()=>fx,retrieveToTmp:()=>dx,sanitizeBucket:()=>Ne,sanitizeKey:()=>_e,streamUpload:()=>LT,upload:()=>lx,uploadDirectory:()=>Mf});var du=require("@aws-sdk/client-s3"),vf=require("@aws-sdk/lib-storage"),UT=require("@aws-sdk/s3-request-presigner");var gr=M(require("dd-trace")),ei=M(require("fs")),Ys=M(require("fs/promises")),Pf=M(require("node-fetch")),Er=require("path"),fu=M(require("stream")),Hs=require("stream/promises"),Nf=M(require("tar-fs")),Uf=require("uuid"),Lf=M(require("zlib"));var js=M(require("path")),bT=require("os"),xT=M(require("fs"));var vT=M(require("stream")),ix={BACKUPS:h.BACKUPS_BUCKET_NAME,APPS:h.APPS_BUCKET_NAME,TEMPLATES:h.TEMPLATES_BUCKET_NAME,GLOBAL:h.GLOBAL_BUCKET_NAME,PLUGINS:h.PLUGIN_BUCKET_NAME,TEMP:h.TEMP_BUCKET_NAME},PT=(0,js.join)((0,bT.tmpdir)(),".budibase");try{xT.default.mkdirSync(PT)}catch(t){if(t.code!=="EEXIST")throw t}function on(){return PT}var uu=(t,e)=>{let n={Rules:[{ID:`${t}-ExpireAfter${e}days`,Prefix:"",Status:"Enabled",Expiration:{Days:e}}]};return{Bucket:t,LifecycleConfiguration:n}};async function sx(t){let e=await fetch(t.url);if(!e.ok||!e.body)throw new Error(`Unexpected response ${e.statusText}`);let r=js.default.basename(new URL(t.url).pathname);if(!e.body)throw new Error("No response received for attachment");return{filename:t.filename||r,content:vT.default.Readable.fromWeb(e.body)}}async function NT(t){let e=xf(t.url);if(e===null)throw new Error("Invalid signed URL");let{bucket:r,path:n}=e,i=await cu(r,n),s=js.default.basename(n);return{bucket:r,path:n,filename:t.filename||s,content:i}}async function ox(t){return t.url?.startsWith("http://")||t.url?.startsWith("https://")?await sx(t):await NT(t)}var ax=require("sanitize-s3-objectkey"),ux={bucketCreationPromises:{}},kf="/files/signed",hr={txt:"text/plain",html:"text/html",css:"text/css",js:"application/javascript",json:"application/json",gz:"application/gzip",svg:"image/svg+xml",form:"multipart/form-data"},cx=[hr.html,hr.css,hr.js,hr.json];function _e(t){return ax(Ne(t)).replace(/\\/g,"/")}function Ne(t){return t.replace(new RegExp(ze,"g"),He)}function mt(t={presigning:!1}){let e={forcePathStyle:!0,credentials:{accessKeyId:h.MINIO_ACCESS_KEY,secretAccessKey:h.MINIO_SECRET_KEY},region:h.AWS_REGION};return!h.MINIO_ENABLED&&h.AWS_SESSION_TOKEN&&(e.credentials={accessKeyId:h.MINIO_ACCESS_KEY,secretAccessKey:h.MINIO_SECRET_KEY,sessionToken:h.AWS_SESSION_TOKEN}),h.MINIO_URL&&(t.presigning&&h.MINIO_ENABLED?e.endpoint="http://minio-service":e.endpoint=h.MINIO_URL),new du.S3(e)}async function zs(t,e){e=Ne(e);try{return await t.headBucket({Bucket:e}),{created:!1,exists:!0}}catch(r){let n=r.statusCode||r.$response?.statusCode,i=ux.bucketCreationPromises,s=n===404,o=n===403;if(i[e])return await i[e],{created:!1,exists:!0};if(s||o){if(s)return i[e]=t.createBucket({Bucket:e}).catch(a=>{if(a.Code!=="BucketAlreadyOwnedByYou")throw a}),await i[e],delete i[e],{created:!0,exists:!1};throw new Error("Access denied to object store bucket."+r)}else throw new Error("Unable to write to object store bucket.")}}async function lx({bucket:t,filename:e,path:r,type:n,metadata:i,body:s,ttl:o}){let a=e.split(".").pop(),u=r?(await Ys.default.open(r)).createReadStream():s,c=mt(),l=await zs(c,t);if(o&&l.created){let E=uu(t,o);await c.putBucketLifecycleConfiguration(E)}let d=n,f=d||(a?hr[a.toLowerCase()]:hr.txt),m={Bucket:Ne(t),Key:_e(e),Body:u,ContentType:f};if(i&&typeof i=="object"){for(let E of Object.keys(i))(!i[E]||typeof i[E]!="string")&&delete i[E];m.Metadata=i}return new vf.Upload({client:c,params:m}).done()}async function LT({bucket:t,stream:e,filename:r,type:n,extra:i,ttl:s}){return await gr.default.trace("streamUpload",async o=>{if(o.addTags({bucketName:t,filename:r,type:n,ttl:s}),!e)throw new Error("Stream to upload is invalid/undefined");let a=r.split(".").pop(),u=mt(),c=await zs(u,t);if(o.addTags({bucketCreated:c.created,bucketExists:c.exists,extension:a}),s&&c.created){let T=uu(t,s);await u.putBucketLifecycleConfiguration(T)}let l=n;l||(l=a?hr[a.toLowerCase()]:hr.txt),o.addTags({contentType:l});let d=Ne(t),f=_e(r),m={Bucket:d,Key:f,Body:e,ContentType:l,...i},E=await new vf.Upload({client:u,params:m}).done(),g=await u.headObject({Bucket:d,Key:f});return o.addTags({contentLength:g.ContentLength}),{...E,ContentLength:g.ContentLength}})}async function kT(t,e){return await gr.default.trace("retrieve",async r=>{r.addTags({bucketName:t,filepath:e});let n=mt(),i={Bucket:Ne(t),Key:_e(e)},s=await n.getObject(i);if(!s.Body)throw new Error("Unable to retrieve object");if(r.addTags({contentLength:s.ContentLength,contentType:s.ContentType}),cx.includes(s.ContentType))return r.addTags({string:!0}),s.Body.transformToString();{r.addTags({string:!1});let o=s.Body.transformToWebStream();return fu.default.Readable.fromWeb(o)}})}async function*MT(t,e){let r=mt(),n=(o={})=>r.listObjectsV2({...o,Bucket:Ne(t),Prefix:_e(e)}),i=!1,s;do{let o={};s&&(o.ContinuationToken=s);let a=await n(o);if(a.Contents)for(let u of a.Contents)yield u;i=!!a.IsTruncated,s=a.NextContinuationToken}while(i&&s)}async function yr(t,e,r=3600){let n=mt({presigning:!0}),i={Bucket:Ne(t),Key:_e(e)},s=await(0,UT.getSignedUrl)(n,new du.GetObjectCommand(i),{expiresIn:r});if(h.MINIO_ENABLED){let o=new URL(s),a=o.pathname,u=o.search;return`${kf}${a}${u}`}else return s}async function dx(t,e){return await gr.default.trace("retrieveToTmp",async r=>{r.addTags({bucketName:t,filepath:e}),t=Ne(t),e=_e(e);let n=await kT(t,e),i=(0,Er.join)(on(),(0,Uf.v4)());return r.addTags({outputPath:i}),n instanceof fu.default.Readable?(r.addTags({stream:!0}),await(0,Hs.pipeline)(n,ei.default.createWriteStream(i))):(r.addTags({stream:!1}),ei.default.writeFileSync(i,n)),i})}async function fx(t,e){return await gr.default.trace("retrieveDirectory",async r=>{r.addTags({bucketName:t,path:e});let n=(0,Er.join)(on(),(0,Uf.v4)());await Ys.default.mkdir(n,{recursive:!0});let i=0;return await Zt.parallelForeach(MT(t,e),async s=>{i++,await gr.default.trace("retrieveDirectory.object",async o=>{let a=s.Key;o.addTags({filename:a});let u=await cu(t,a),c=a.split("/"),l=c.slice(0,c.length-1),d=(0,Er.join)(n,...l);c.length>1&&!ei.default.existsSync(d)&&await Ys.default.mkdir(d,{recursive:!0}),await(0,Hs.pipeline)(u,ei.default.createWriteStream((0,Er.join)(n,...c),{mode:420}))})},5),r.addTags({numObjects:i}),n})}async function px(t,e){let r=mt();await zs(r,t);let n={Bucket:t,Key:_e(e)};return r.deleteObject(n)}async function mx(t,e){let r=mt();await zs(r,t);let n={Bucket:t,Delete:{Objects:e.map(i=>({Key:_e(i)}))}};return r.deleteObjects(n)}async function FT(t,e){t=Ne(t),e=_e(e);let r=mt(),n={Bucket:t,Prefix:e},i=await r.listObjects(n);if(i.Contents?.length===0)return;let s={Bucket:t,Delete:{Objects:[]}};if(i.Contents?.forEach(o=>{s.Delete.Objects.push({Key:o.Key})}),s.Delete.Objects.length&&(await r.deleteObjects(s)).Deleted?.length===1e3)return FT(t,e)}async function Mf(t,e,r){return await gr.default.trace("uploadDirectory",async n=>{n.addTags({bucketName:t,localPath:e,bucketPath:r}),t=Ne(t);let i=await Ys.default.readdir(e,{withFileTypes:!0});n.addTags({numFiles:i.length});for(let s of i){let o=_e((0,Er.join)(r,s.name)),a=(0,Er.join)(e,s.name);s.isDirectory()?await Mf(t,a,o):await LT({bucket:t,filename:o,stream:ei.default.createReadStream(a)})}return i})}async function hx(t,e,r={}){e=_e(e);let n=await(0,Pf.default)(t,{headers:r});if(!n.ok)throw new Error(`unexpected response ${n.statusText}`);await(0,Hs.pipeline)(n.body,Lf.default.createUnzip(),Nf.default.extract(e))}async function Ex(t,e,r){e=Ne(e),r=_e(r);let n=await(0,Pf.default)(t);if(!n.ok)throw new Error(`unexpected response ${n.statusText}`);let i=(0,Er.join)(on(),r);return await(0,Hs.pipeline)(n.body,Lf.default.createUnzip(),Nf.default.extract(i)),!h.isTest()&&h.SELF_HOSTED&&await Mf(e,i,r),i}async function cu(t,e){return await gr.default.trace("getReadStream",async r=>{t=Ne(t),e=_e(e),r.addTags({bucketName:t,path:e});let n=mt(),i={Bucket:t,Key:e},s=await n.getObject(i);if(!s.Body||!(s.Body instanceof fu.default.Readable))throw new Error("Unable to retrieve stream - invalid response");return r.addTags({contentLength:s.ContentLength,contentType:s.ContentType}),s.Body})}async function gx(t,e){t=Ne(t),e=_e(e);let r=mt(),n={Bucket:t,Key:e};try{return await r.headObject(n)}catch{throw new Error("Unable to retrieve metadata from object")}}function xf(t){let e=t.split("?")[0],r=new RegExp(`^${kf}/(?<bucket>[^/]+)/(?<path>.+)$`),n=e.match(r);if(n&&n.groups){let{bucket:i,path:s}=n.groups;return{bucket:i,path:s}}return null}var BT=M(require("aws-cloudfront-sign")),pu;function yx(){if(!h.CLOUDFRONT_PRIVATE_KEY_64)throw new Error("CLOUDFRONT_PRIVATE_KEY_64 is not set");return pu||(pu=Buffer.from(h.CLOUDFRONT_PRIVATE_KEY_64,"base64").toString("utf-8"),pu)}var Tx=()=>({keypairId:h.CLOUDFRONT_PUBLIC_KEY_ID,privateKeyString:yx(),expireTime:new Date().getTime()+1e3*60*60*24}),ti=t=>{let e=Ff(t);return BT.getSignedUrl(e,Tx())},Ff=t=>{let e="/";return t.startsWith("/")&&(e=""),`${h.CLOUDFRONT_CDN}${e}${t}`};var WT=M(require("querystring"));function $T(t){return`${_e(t)}/budibase-client.js`}async function Sx(t,e){let r=$T(t);return h.CLOUDFRONT_CDN?(e&&(r+=`?v=${e}`),Ff(r)):await yr(h.APPS_BUCKET_NAME,r)}function Ax(t,e){let r,n;try{r=V()}finally{n={appId:t,version:e}}return r&&r!==oe&&(n.tenantId=r),`/api/assets/client?${WT.default.encode(n)}`}async function VT(t){return h.CLOUDFRONT_CDN?ti(t):await yr(h.APPS_BUCKET_NAME,t)}async function _x(t){if(t.length===0)return[];try{return await Promise.all(t.map(async e=>({...e,src:await VT(e.src),type:e.type||"image/png"})))}catch(e){return console.error("Error enriching PWA images:",e),t}}var Ox=async(t,e,r)=>{let n=GT(t,e);return h.CLOUDFRONT_CDN?(r&&(n=`${n}?etag=${r}`),ti(n)):await yr(h.GLOBAL_BUCKET_NAME,n)},GT=(t,e)=>{let r=`${t}/${e}`;return h.MULTI_TENANCY&&(r=`${V()}/${r}`),r};async function Ix(t){return!t||!t.length?[]:await Promise.all(t.map(async e=>{let r=await wx(e),n=await Dx(e);return{...e,jsUrl:r,iconUrl:n}}))}async function wx(t){let e=KT(t);return qT(e)}async function Dx(t){let e=QT(t);if(e)return qT(e)}async function qT(t){return h.CLOUDFRONT_CDN?ti(t):await yr(h.PLUGIN_BUCKET_NAME,t)}function KT(t){return jT(t,"plugin.min.js")}function QT(t){let e=t.iconUrl?"icon.svg":t.iconFileName;if(e)return jT(t,e)}function jT(t,e){return`${YT(t.name)}/${e}`}function YT(t){let e=`${t}`;return h.MULTI_TENANCY&&(e=`${V()}/${e}`),h.CLOUDFRONT_CDN&&(e=`plugins/${e}`),e}var JT="budibase.log",ZT="budibase-logs-history.txt",XT=$f.default.join(on(),"systemlogs");function HT(t){return $f.default.join(XT,t)}function eS(t){let e=/(\d+)([A-Za-z])/,r=t?.match(e);if(!r){console.warn("totalMaxSize does not have a valid value",{totalMaxSize:t});return}let n=+r[1],i=r[2];if(n===1)switch(i){case"B":return{size:`${n}B`,totalHistoryFiles:1};case"K":return{size:`${n*1e3/2}B`,totalHistoryFiles:1};case"M":return{size:`${n*1e3/2}K`,totalHistoryFiles:1};case"G":return{size:`${n*1e3/2}M`,totalHistoryFiles:1};default:return}return n%2===0?{size:`${n/2}${i}`,totalHistoryFiles:1}:{size:`1${i}`,totalHistoryFiles:n-1}}function Vf(){let t=eS(h.ROLLING_LOG_MAX_SIZE);return zT.createStream(JT,{size:t?.size,path:XT,maxFiles:t?.totalHistoryFiles||1,immutable:!0,history:ZT,initialRotation:!1})}function Rx(){let t=[],e=HT(ZT);if(Js.default.existsSync(e)){let i=Js.default.readFileSync(e,"utf-8").split(`
-`);for(let s of i.filter(o=>o))t.push(Js.default.readFileSync(s))}return t.push(Js.default.readFileSync(HT(JT))),Buffer.concat(t.map(n=>new Uint8Array(n)))}function Cx(t){return typeof t=="object"&&t!==null&&!(t instanceof Error)}function bx(t){return t instanceof Error}function xx(t){return typeof t=="string"}var Tr;if(!h.DISABLE_PINO_LOGGER){let t=h.LOG_LEVEL,e={level:t,formatters:{level:u=>({level:u.toUpperCase()}),bindings:()=>h.SELF_HOSTED?{service:h.SERVICE_NAME}:{}},timestamp:()=>`,"timestamp":"${new Date(Date.now()).toISOString()}"`},r=[];r.push(h.isDev()?{stream:(0,tS.default)({singleLine:!0}),level:t}:{stream:process.stdout,level:t}),h.SELF_HOSTED&&r.push({stream:Vf(),level:t}),Tr=r.length?(0,mu.default)(e,mu.default.multistream(r)):(0,mu.default)(e);let n=u=>{let c,l=[],d="";u.forEach(g=>{xx(g)&&(d=`${d} ${g}`.trimStart()),Cx(g)&&l.push(g),bx(g)&&(c=g)});let f=a(),m={};m={tenantId:i(),appId:s(),automationId:o(),identityId:f?._id,identityType:f?.type,correlationId:bf()};let p=qf.default.scope().active();p&&qf.default.inject(p.context(),rS.formats.LOG,m);let E={err:c,pid:process.pid,...m};if(l.length){let g={},T=0;for(let _=0;_<l.length;_++){let A=l[_],w=A._logKey;w?(delete A._logKey,E[w]=A):(g[T]=A,T++)}Object.keys(g).length&&(E.data=g)}return[E,d]};console.log=(...u)=>{let[c,l]=n(u);Tr?.info(c,l)},console.info=(...u)=>{let[c,l]=n(u);Tr?.info(c,l)},console.warn=(...u)=>{let[c,l]=n(u);Tr?.warn(c,l)},console.error=(...u)=>{let[c,l]=n(u);Tr?.error(c,l)},console.trace=(...u)=>{let[c,l]=n(u);c.err||(c.err=new Error),Tr?.trace(c,l)},console.debug=(...u)=>{let[c,l]=n(u);Tr?.debug(c,l)};let i=()=>{let u;try{u=V()}catch{}return u},s=()=>{let u;try{u=Ae()}catch{}return u},o=()=>{let u;try{u=Hd()}catch{}return u},a=()=>{let u;try{u=Ut()}catch{}return u}}var hu=Tr;var vx=["AccountError"];function Px(t){return t&&t.suppressAlert}function an(t,e){e&&vx.includes(e.name)&&Px(e)||console.error(`bb-alert: ${t}`,e)}function Nx(t,e,r,n){t=`${t} - db: ${e} - doc: ${r} - error: `,an(t,n)}function ri(t,e){console.warn(`bb-warn: ${t}`,e)}var Eu=class extends Error{constructor(e){super(e),this.name="PermanentError"}},Kf=class{constructor(e,r={}){let{maxAttempts:n=3,removeOnFail:i=!0,removeOnComplete:s=!0,maxStalledCount:o=3}=r;this.waitForCompletionMs=r.waitForCompletionMs||1e4,this._queue=new pt(e,{maxStalledCount:o,jobOptions:{attempts:n,removeOnFail:i,removeOnComplete:s}}),this._queue.process(async(a,u)=>{try{let c=await this.processFn(a.data);u?.(null,c)}catch(c){c instanceof Eu&&await a.discard(),an(`Failed to process job in ${this._queue.name}`,c),u?.(c)}})}async close(e){await this._queue.close(e)}async execute(e){try{let r=await this._queue.add(e);return{success:!0,result:await Pe.withTimeout(this.waitForCompletionMs,()=>r.finished())}}catch(r){if(r.errno!=="ETIME")throw r;return{success:!1,reason:"timeout"}}}};var Ux=100,gu,Xs=class t{static get queue(){return t._queue||(t._queue=new pt("docWritethroughQueue",{jobOptions:{attempts:Ux}})),t._queue}init(){return t.queue.process(async e=>{try{await this.persistToDb(e.data)}catch(r){throw r.status===409?new Error(`Conflict persisting message ${e.id}. Attempt ${e.attemptsMade}`):r}}),this}async persistToDb({dbName:e,docId:r,data:n}){if(r.startsWith("scimlog"))return;let i=De(e),s;try{s=await i.get(r)}catch{s={_id:r}}s={...s,...n},await i.put(s)}},jf=class{constructor(e,r){this.db=e,this._docId=r}get docId(){return this._docId}async patch(e){await Xs.queue.add({dbName:this.db.name,docId:this.docId,data:e})}};function nS(){return gu=new Xs().init(),gu}function Lx(){return gu||nS()}var to={};P(to,{CacheKey:()=>Ee,TTL:()=>ln,bustCache:()=>ni,destroy:()=>eo,get:()=>dn,keys:()=>yu,store:()=>$t,withCache:()=>Sr,withCacheWithDynamicTTL:()=>iS});function Ot(t){let e=V();return`${t}:${e}`}var un=class{constructor(e=void 0){this.client=e}async getClient(){return this.client?this.client:await sf()}async keys(e){return(await this.getClient()).keys(e)}async exists(e,r={useTenancy:!0}){return e=r.useTenancy?Ot(e):e,(await this.getClient()).exists(e)}async scan(e,r={useTenancy:!0}){return e=r.useTenancy?Ot(e):e,(await this.getClient()).scan(e)}async get(e,r={useTenancy:!0}){return e=r.useTenancy?Ot(e):e,(await this.getClient()).get(e)}async bulkGet(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Ot(i)):e,(await this.getClient()).bulkGet(e)}async store(e,r,n=null,i={useTenancy:!0}){e=i.useTenancy?Ot(e):e,await(await this.getClient()).store(e,r,n)}async bulkStore(e,r=null,n={useTenancy:!0}){n.useTenancy&&(e=Object.entries(e).reduce((s,[o,a])=>(s[Ot(o)]=a,s),{})),await(await this.getClient()).bulkStore(e,r)}async delete(e,r={useTenancy:!0}){return e=r.useTenancy?Ot(e):e,(await this.getClient()).delete(e)}async bulkDelete(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Ot(i)):e,(await this.getClient()).bulkDelete(e)}async withCache(e,r=null,n,i={useTenancy:!0}){let s=await this.get(e,i);if(s)return s;try{let o=await n();return await this.store(e,o,r,i),o}catch(o){throw console.error("Error fetching before cache - ",o),o}}async withCacheWithDynamicTTL(e,r,n={useTenancy:!0}){let i=await this.get(e,n);if(i)return i;try{let s=await r(),{value:o,ttl:a}=s;return await this.store(e,o,a,{useTenancy:n.useTenancy}),o}catch(s){throw console.error("Error fetching before cache - ",s),s}}async bustCache(e){let r=await this.getClient();try{await r.delete(Ot(e))}catch(n){throw console.error("Error busting cache - ",n),n}}async deleteIfValue(e,r,n={useTenancy:!0}){e=n.useTenancy?Ot(e):e,await(await this.getClient()).deleteIfValue(e,r)}};var cn=new un,Ee={CHECKLIST:"checklist",INSTALLATION:"installation",ANALYTICS_ENABLED:"analyticsEnabled",UNIQUE_TENANT_ID:"uniqueTenantId",EVENTS:"events",BACKFILL_METADATA:"backfillMetadata",EVENTS_RATE_LIMIT:"eventsRateLimit",OAUTH2_TOKEN:t=>`oauth2Token_${t}`},ln=(n=>(n[n.ONE_MINUTE=600]="ONE_MINUTE",n[n.ONE_HOUR=3600]="ONE_HOUR",n[n.ONE_DAY=86400]="ONE_DAY",n))(ln||{}),yu=(...t)=>cn.keys(...t),dn=(...t)=>cn.get(...t),$t=(...t)=>cn.store(...t),eo=(...t)=>cn.delete(...t),Sr=(...t)=>cn.withCache(...t),iS=(...t)=>cn.withCacheWithDynamicTTL(...t),ni=(...t)=>cn.bustCache(...t);var zf={};P(zf,{createCode:()=>Mx,deleteCode:()=>Bx,getCode:()=>Fx,getExistingInvites:()=>Hf,getInviteCodes:()=>oS,updateCode:()=>kx});var sS=me.fromDays(7).toSeconds();async function kx(t,e){await(await rn()).store(t,e,sS)}async function Mx(t,e){let r=re();return await(await rn()).store(r,{email:t,info:e},sS),r}async function Fx(t){let r=await(await rn()).get(t);if(!r)throw"Invitation is not valid or has expired, please request a new one.";return r}async function Bx(t){await(await rn()).delete(t)}async function oS(){let r=(await(await rn()).scan()).map(i=>({...i.value,code:i.key}));if(!h.MULTI_TENANCY)return r;let n=V();return r.filter(i=>n===i.info.tenantId)}async function Hf(t){return(await oS()).filter(e=>t.includes(e.email))}var Jf={};P(Jf,{createCode:()=>$x,getCode:()=>Vx,invalidateCode:()=>Gx});var Wx=me.fromHours(1).toSeconds();async function $x(t,e){let r=re();return await(await Ns()).store(r,{userId:t,info:e},Wx),r}async function Vx(t){let r=await(await Ns()).get(t);if(!r)throw new Error("Provided information is not valid, cannot reset password - please try again.");return r}async function Gx(t){await(await Ns()).delete(t)}var wr={};P(wr,{getUser:()=>Ao,getUsers:()=>yU,invalidateUser:()=>_o});var ro={};P(ro,{getPlatformDB:()=>Ar,users:()=>ht});var ht={};P(ht,{addSsoUser:()=>uS,addUser:()=>Hx,getUserDoc:()=>aS,lookupTenantId:()=>qx,removeUser:()=>zx,updateUserDoc:()=>Kx});function Ar(){return De(de.PLATFORM_INFO.name)}async function qx(t){return h.MULTI_TENANCY?(await aS(t)).tenantId:oe}async function aS(t){return Ar().get(t)}async function Kx(t){await Ar().put(t)}function Qx(t,e){return{_id:t,tenantId:e}}function jx(t,e,r){return{_id:e,userId:t,tenantId:r}}function Yx(t,e,r,n){return{_id:t,userId:r,email:e,tenantId:n}}async function Zf(t,e){let r=Ar(),n;try{await r.get(t)}catch(i){if(i.status===404)n=e(),await r.put(n);else throw i}}async function uS(t,e,r,n){return Zf(t,()=>Yx(t,e,r,n))}async function Hx(t,e,r,n){let i=[Zf(e,()=>Qx(e,t)),Zf(r,()=>jx(e,r,t))];n&&i.push(uS(n,r,e,t)),await Promise.all(i)}async function zx(t){let e=Ar(),r=[t._id,t.email],n=await e.allDocs({keys:r,include_docs:!0});await e.bulkRemove(n.rows.map(i=>i.doc),{silenceErrors:!0})}var fn={};P(fn,{getAccount:()=>_r,getAccountByTenantId:()=>ii,getStatus:()=>Jx});var cS=M(require("node-fetch"));var no=class{constructor(e){this.host=e}async apiCall(e,r,n){n.headers||(n.headers={}),n.headers["Content-Type"]||(n.headers={"Content-Type":"application/json",Accept:"application/json",...n.headers});let i=n.headers["Content-Type"]==="application/json";Qs.setHeader(n.headers);let s={method:e,body:i?JSON.stringify(n.body):n.body,headers:n.headers,credentials:"include"};return await(0,cS.default)(`${this.host}${r}`,s)}async post(e,r){return this.apiCall("POST",e,r)}async get(e,r){return this.apiCall("GET",e,r)}async patch(e,r){return this.apiCall("PATCH",e,r)}async del(e,r){return this.apiCall("DELETE",e,r)}async put(e,r){return this.apiCall("PUT",e,r)}};var Xf=new no(h.INTERNAL_ACCOUNT_PORTAL_URL),ep=h.SELF_HOSTED||h.DISABLE_ACCOUNT_PORTAL,_r=async t=>{if(ep)return;let e={email:t},r=await Xf.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":h.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by email ${t}`);return(await r.json())[0]},ii=async t=>{if(ep)return;let e={tenantId:t},r=await Xf.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":h.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by tenantId ${t}`);return(await r.json())[0]},Jx=async()=>{if(ep)return;let t=await Xf.get("/api/status",{headers:{"x-budibase-api-key":h.ACCOUNT_PORTAL_API_KEY}}),e=await t.json();if(t.status!==200)throw new Error("Error getting status");return e};var ui={};P(ui,{UserDB:()=>It,addAppBuilder:()=>mU,bulkGetGlobalUsersById:()=>$u,bulkUpdateGlobalUsers:()=>yo,cleanseUserObject:()=>_p,creatorsInList:()=>mn,doesUserExist:()=>cU,getAccountHolderFromUsers:()=>Bu,getAllUserIds:()=>aU,getAllUsers:()=>uU,getById:()=>En,getCreatorCount:()=>fU,getExistingAccounts:()=>ai,getExistingPlatformUsers:()=>QS,getExistingTenantUsers:()=>KS,getFirstPlatformUser:()=>ho,getGlobalUserByAppPage:()=>tA,getGlobalUserByEmail:()=>gt,getPlatformUsers:()=>Ru,getUserCount:()=>dU,hasAdminPermissions:()=>Or,hasAppBuilderPermissions:()=>HS,hasBuilderPermissions:()=>Xe,isAdmin:()=>Ir,isAdminOrBuilder:()=>YS,isBuilder:()=>pi,isCreatorAsync:()=>Eo,isCreatorSync:()=>Mu,isGlobalBuilder:()=>jS,paginatedUsers:()=>nA,removeAppBuilder:()=>hU,removePortalUserPermissions:()=>pU,searchExistingEmails:()=>dp,searchGlobalUsersByApp:()=>Vu,searchGlobalUsersByAppAccess:()=>Ap,searchGlobalUsersByEmail:()=>rA,validateUniqueUser:()=>Fu});var oi={};P(oi,{account:()=>AS,action:()=>_S,ai:()=>RS,analytics:()=>Su,app:()=>OS,auditLog:()=>VS,auth:()=>Du,automation:()=>IS,backfill:()=>MS,backfillCache:()=>Iu,backup:()=>WS,datasource:()=>wS,email:()=>DS,environmentVariable:()=>$S,group:()=>FS,identification:()=>Et,initAsyncEvents:()=>KN,installation:()=>uo,layout:()=>bS,license:()=>CS,org:()=>xS,plugin:()=>BS,processors:()=>rp,publishEvent:()=>S,query:()=>vS,role:()=>mo,rowAction:()=>GS,rows:()=>NS,screen:()=>PS,serve:()=>LS,shutdown:()=>QN,table:()=>US,user:()=>Ue,view:()=>kS,workspace:()=>qS});var rp={};P(rp,{analyticsProcessor:()=>ES,init:()=>av,processors:()=>Gt});var Su={};P(Su,{enabled:()=>Tu});var Tu=async()=>Au();var mS=require("posthog-node");var Zx=t=>t==="served:builder"||t==="served:app:preview"||t==="served:app",Xx=t=>t==="served:app:preview"||t==="served:app";var dS={"served:app":"calendarDay","served:app:preview":"calendarDay","served:builder":"calendarDay"},fS=async t=>{if(!Zx(t))return!1;let e=await ev(t);if(e){let r=new Date(e.timestamp);switch(dS[t]){case"calendarDay":return r.setDate(r.getDate()+1),r.setHours(0,0,0,0),Date.now()>r.getTime()?(await lS(t,{timestamp:Date.now()}),!1):!0}}else return await lS(t,{timestamp:Date.now()}),!1},pS=t=>{let e=`${Ee.EVENTS_RATE_LIMIT}:${t}`;return Xx(t)&&(e=e+":"+Ae()),e},ev=async t=>{let e=pS(t);return await dn(e)},lS=async(t,e)=>{let r=pS(t),n=dS[t],i;switch(n){case"calendarDay":i=86400}await $t(r,e,i)};var rv=["user:updated","email:smtp:updated","auth:sso:updated","app:updated","role:updated","datasource:updated","query:updated","view:updated","view:calculation:updated","automation:trigger:updated","user_group:updated"],io=class{constructor(e){if(!e)throw new Error("Posthog token is not defined");this.posthog=new mS.PostHog(e)}async processEvent(e,r,n,i){if(rv.includes(e)||await fS(e))return;n=this.clearPIIProperties(n),n.version=h.VERSION,n.service=h.SERVICE,n.environment=r.environment,n.hosting=r.hosting;let s=Ae();s&&(n.appId=s);let o={distinctId:r.id,event:e,properties:n};i&&(o.timestamp=new Date(i)),(r.installationId||r.tenantId)&&(o.groups={},r.installationId&&(o.groups.installation=r.installationId,o.properties.installationId=r.installationId),r.tenantId&&(o.groups.tenant=r.tenantId,o.properties.tenantId=r.tenantId)),this.posthog.capture(o)}clearPIIProperties(e){return e.email&&delete e.email,e.audited&&delete e.audited,e}async identify(e,r){let n={distinctId:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.identify(n)}async identifyGroup(e,r){let n={distinctId:e.id,groupType:e.type,groupKey:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.groupIdentify(n)}async shutdown(){await this.posthog.shutdown()}};var hS=io;var nv=["installation:version:upgraded","installation:version:downgraded"],iv=["installation","tenant"],so=class{constructor(){h.POSTHOG_TOKEN&&!h.isTest()&&(this.posthog=new hS(h.POSTHOG_TOKEN))}async processEvent(e,r,n,i){!nv.includes(e)&&!await Tu()||this.posthog&&await this.posthog.processEvent(e,r,n,i)}async identify(e,r){!iv.includes(e.type)&&!await Tu()||this.posthog&&await this.posthog.identify(e,r)}async identifyGroup(e,r){this.posthog&&await this.posthog.identifyGroup(e,r)}async shutdown(){this.posthog&&await this.posthog.shutdown()}};var tp=h.SELF_HOSTED&&!h.isDev(),oo=class{async processEvent(e,r,n){tp||console.log(`[audit] [identityType=${r.type}] ${e}`,n)}async identify(e){tp||console.log("[audit] identified",e)}async identifyGroup(e){tp||console.log("[audit] group identified",e)}async shutdown(){}};var si=class t{static{this.auditLogsEnabled=!1}static init(e){t.auditLogsEnabled=!0;let r=e;return t.auditLogQueue=new pt("auditLogQueue",{jobTags:n=>({"event.name":n.event})}),t.auditLogQueue.process(async n=>{await Re(n.data.tenantId,async()=>{let i=n.data.properties;i.audited&&(i={...i,...i.audited},delete i.audited);let s={};h.ENABLE_AUDIT_LOG_IP_ADDR&&(s=n.data.opts.hostInfo),await r(n.data.event,i,{userId:n.data.opts.userId,timestamp:n.data.opts.timestamp,appId:n.data.opts.appId,hostInfo:s})})})}async processEvent(e,r,n,i){if(t.auditLogsEnabled&&_f(e)){let s=r.type==="user"?r.id:void 0;await t.auditLogQueue.add({event:e,properties:n,opts:{userId:s,timestamp:i,appId:Ae(),hostInfo:r.hostInfo},tenantId:V()})}}async identify(){}async identifyGroup(){}async shutdown(){await t.auditLogQueue?.close()}};var ao=class{constructor(e){this.initialised=!1;this.processors=[];this.processors=e}async processEvent(e,r,n,i){for(let s of this.processors)await s.processEvent(e,r,n,i)}async identify(e,r){for(let n of this.processors)n.identify&&await n.identify(e,r)}async identifyGroup(e,r){for(let n of this.processors)n.identifyGroup&&await n.identifyGroup(e,r)}async shutdown(){for(let e of this.processors)e.shutdown&&await e.shutdown()}};var ES=new so,sv=new oo,ov=new si;function av(t){return si.init(t)}var Gt=new ao([ES,sv,ov]);var _u={};P(_u,{checkInstallVersion:()=>lv,getInstall:()=>co,getInstallFromDB:()=>ip});var np=M(require("semver"));var co=async()=>Sr(Ee.INSTALLATION,86400,ip,{useTenancy:!1});async function uv(t){let e={_id:de.PLATFORM_INFO.docs.install,installId:re(),version:h.VERSION};try{let r=await t.put(e);return e._rev=r.rev,e}catch(r){if(r.status===409)return ip();throw r}}var ip=async()=>Ge(de.PLATFORM_INFO.name,async t=>{let e;try{e=await t.get(de.PLATFORM_INFO.docs.install)}catch(r){if(r.status===404)e=await uv(t);else throw r}return e}),cv=async t=>{try{await Ge(de.PLATFORM_INFO.name,async e=>{let r=await co();r.version=t,await e.put(r),await ni(Ee.INSTALLATION)})}catch(e){if(e.status===409)return!1;throw e}return!0},lv=async()=>{let t=await co(),e=t.version,r=h.VERSION;try{if(e!==r){let n=np.default.gt(r,e),i=np.default.lt(r,e);await cv(r)&&(await ys({_id:t.installId,type:"installation"},async()=>{n?await uo.upgraded(e,r):i&&await uo.downgraded(e,r)}),await Et.identifyInstallationGroup(t.installId))}}catch(n){n?.message?.includes("Invalid Version")?an(`Invalid version "${r}" - is it semver?`):an("Failed to retrieve version",n)}};var dv=async()=>{let t=vd(),e=po(),r;if(t?r=t.type:r="tenant",r==="installation"){let n=await pn(),i=lo();return{id:gS(n,r),hosting:i,type:r,installationId:n,environment:e}}else if(r==="tenant"){let n=await pn(),i=await Ou(V()),s=lo();return{id:gS(i,r),type:r,hosting:s,installationId:n,tenantId:i,realTenantId:V(),environment:e}}else if(r==="user"){let n=t,i=await Ou(V()),s=await pn(),o=n.account,a;return o?a=o.hosting:a=lo(),{id:n._id,type:r,hosting:a,installationId:s,tenantId:i,environment:e,realTenantId:V(),hostInfo:n.hostInfo}}else throw new Error("Unknown identity type")},fv=async(t,e)=>{let r=t,n="installation",i=lo(),s=h.VERSION,o=po(),a={id:r,type:n,hosting:i,version:s,environment:o};await sp(a,e),await fo({...a,id:`$${n}_${r}`},e)},pv=async(t,e,r,n=h.VERSION)=>{let i=await Ou(t),s="tenant",o=await pn(),a=po(),u={id:i,type:s,hosting:e,environment:a,installationId:o,createdAt:r,createdVersion:n};await sp(u,r),await fo({...u,id:`$${s}_${i}`},r)},mv=async(t,e,r)=>{let n=t._id,i=await Ou(t.tenantId),s="user",o=Xe(t),a=Or(t),u;Bo(t)&&(u=t.providerType);let l=(await ai([t.email])).length>0,d=!!e&&l&&e.verified,f=await pn(),m=e?e.hosting:lo(),p=po();await fo({id:n,type:s,hosting:m,installationId:f,tenantId:i,verified:d,accountHolder:l,providerType:u,builder:o,admin:a,environment:p},r)},hv=async t=>{let e=t.accountId,r=t.tenantId,n="user",i=Fo(t)?t.providerType:void 0,s=t.verified,o=!0,a=t.hosting,u=await pn(),c=po();if(Mo(t)){let d=await gt(t.email);d?._id&&(e=d._id)}await fo({id:e,type:n,hosting:a,installationId:u,tenantId:r,providerType:i,verified:s,accountHolder:o,environment:c})},fo=async(t,e)=>{await Gt.identify(t,e)},sp=async(t,e)=>{await Gt.identifyGroup(t,e)},po=()=>h.isDev()?"development":h.DEPLOYMENT_ENVIRONMENT,lo=()=>h.SELF_HOSTED?"self":"cloud",pn=async()=>Ev()?"account-portal":(await co()).installId,Ou=async t=>h.SELF_HOSTED?yS(t):t,yS=async t=>Re(t,()=>Sr(Ee.UNIQUE_TENANT_ID,86400,async()=>{let e=Y(),r=await ci(),n;return r.config.uniqueTenantId?r.config.uniqueTenantId:(n=`${re()}_${t}`,r.config.uniqueTenantId=n,r.config.createdVersion=h.VERSION,await e.put(r),n)})),Ev=()=>h.SERVICE==="account-portal",gS=(t,e)=>e==="installation"||e==="tenant"?`$${e}_${t}`:t,Et={getCurrentIdentity:dv,identifyInstallationGroup:fv,identifyTenantGroup:pv,identifyUser:mv,identifyAccount:hv,identify:fo,identifyGroup:sp,getInstallationId:pn,getUniqueTenantId:yS};var Iu={};P(Iu,{end:()=>yv,isAlreadySent:()=>up,isBackfillingEvent:()=>ap,recordEvent:()=>op,start:()=>gv});var gv=async t=>Sv({eventWhitelist:t}),op=async(t,e)=>{let r=cp(t,e);await $t(r,e,void 0,{useTenancy:!1})},yv=async()=>{await Av(),await _v()},Tv=async()=>dn(Ee.BACKFILL_METADATA),Sv=async t=>$t(Ee.BACKFILL_METADATA,t),Av=async()=>{await eo(Ee.BACKFILL_METADATA)},_v=async()=>{let t=cp(),e=await yu(t);for(let r of e)await eo(r,{useTenancy:!1})},ap=async t=>{let r=(await Tv())?.eventWhitelist;return!!(r&&r.includes(t))},up=async(t,e)=>{let r=cp(t,e);return!!await dn(r,{useTenancy:!1})},Ov={"automation:created":t=>t.automationId,"automation:step:created":t=>t.stepId,"datasource:created":t=>t.datasourceId,"layout:created":t=>t.layoutId,"query:created":t=>t.queryId,"role:created":t=>t.roleId,"screen:created":t=>t.screenId,"table:created":t=>t.tableId,"view:created":t=>t.tableId,"view:calculation:created":t=>t.tableId,"view:filter:created":t=>t.tableId,"app:created":t=>t.appId,"app:published":t=>t.appId,"auth:sso:created":t=>t.type,"auth:sso:activated":t=>t.type,"user:created":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:builder:assigned":t=>t.userId,"role:assigned":t=>`${t.roleId}-${t.userId}`},cp=(t,e)=>{let r,n=V();if(t){r=`${Ee.EVENTS}:${n}:${t}`;let i=Ov[t],s=i?i(e):void 0;s&&(r=`${r}:${s}`)}else r=`${Ee.EVENTS}:${n}:*`;return r};var qt;function wu(){qt=new pt("systemEventQueue",{jobTags:t=>({"event.name":t.event})})}async function TS(){qt&&await qt.close()}async function SS(t){qt||wu();let{event:e,identity:r}=t;Om.indexOf(e)!==-1&&r.tenantId&&await qt.add(t)}var S=async(t,e,r,n)=>{let i=n||await Et.getCurrentIdentity();if(!(n?!1:await ap(t))){await SS({event:t,identity:i,properties:e,timestamp:r}),await Gt.processEvent(t,i,e,r);return}await up(t,e)||(await Gt.processEvent(t,i,e,r),await op(t,e))};async function Iv(t,e){let r={tenantId:t.tenantId};await S("account:created",r,void 0,e)}async function wv(t){let e={tenantId:t.tenantId};await S("account:deleted",e)}async function Dv(t){let e={tenantId:t.tenantId};await S("account:verified",e)}var AS={created:Iv,deleted:wv,verified:Dv};async function Rv(t,e){await S("action:automation_step:executed",t,e)}async function Cv(t,e){await S("action:crud:executed",t,e)}async function bv(t,e){await S("action:ai_agent:executed",t,e)}var _S={aiAgentExecuted:bv,automationStepExecuted:Rv,crudExecuted:Cv};var xv=async(t,e)=>{let r={appId:t.appId,version:t.version,audited:{name:t.name}};await S("app:created",r,e)};async function vv(t){let e={appId:t.appId,version:t.version,audited:{name:t.name}};await S("app:updated",e)}async function Pv(t){let e={appId:t.appId,audited:{name:t.name}};await S("app:deleted",e)}async function Nv(t,e){let r={appId:t.appId,audited:{name:t.name}};await S("app:published",r,e)}async function Uv(t){let e={appId:t.appId,audited:{name:t.name}};await S("app:unpublished",e)}async function Lv(t){let e={appId:t.appId,audited:{name:t.name}};await S("app:file:imported",e)}async function kv(t,e){let r={duplicateAppId:e,appId:t.appId,audited:{name:t.name}};await S("app:duplicated",r)}async function Mv(t,e){let r={appId:t.appId,templateKey:e,audited:{name:t.name}};await S("app:template:imported",r)}async function Fv(t,e,r){let n={appId:t.appId,currentVersion:e,updatedToVersion:r,audited:{name:t.name}};await S("app:version:updated",n)}async function Bv(t,e,r){let n={appId:t.appId,currentVersion:e,revertedToVersion:r,audited:{name:t.name}};await S("app:version:reverted",n)}async function Wv(t){let e={appId:t.appId,audited:{name:t.name}};await S("app:reverted",e)}async function $v(t){let e={appId:t.appId,audited:{name:t.name}};await S("app:exported",e)}var OS={created:xv,updated:vv,deleted:Pv,published:Nv,unpublished:Uv,fileImported:Lv,duplicated:kv,templateImported:Mv,versionUpdated:Fv,versionReverted:Bv,reverted:Wv,exported:$v};async function Vv(t,e){let n={userId:(await Et.getCurrentIdentity()).id,source:t,audited:{email:e}};await S("auth:login",n)}async function Gv(t){let r={userId:(await Et.getCurrentIdentity()).id,audited:{email:t}};await S("auth:logout",r)}async function qv(t,e){let r={type:t};await S("auth:sso:created",r,e)}async function Kv(t){let e={type:t};await S("auth:sso:updated",e)}async function Qv(t,e){let r={type:t};await S("auth:sso:activated",r,e)}async function jv(t){let e={type:t};await S("auth:sso:deactivated",e)}var Du={login:Vv,logout:Gv,SSOCreated:qv,SSOUpdated:Kv,SSOActivated:Qv,SSODeactivated:jv};async function Yv(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await S("automation:created",r,e)}async function Hv(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await S("automation:trigger:updated",e)}async function zv(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await S("automation:deleted",e)}async function Jv(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await S("automation:tested",e)}var Zv=async(t,e)=>{let r={count:t};await S("automations:run",r,e)};async function Xv(t,e,r){let n={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await S("automation:step:created",n,r)}async function eP(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await S("automation:step:deleted",r)}var IS={created:Yv,triggerUpdated:Hv,deleted:zv,tested:Jv,run:Zv,stepCreated:Xv,stepDeleted:eP};function lp(t){return!Object.values(No).includes(t.source)}async function tP(t,e){let r={datasourceId:t._id,source:t.source,custom:lp(t)};await S("datasource:created",r,e)}async function rP(t){let e={datasourceId:t._id,source:t.source,custom:lp(t)};await S("datasource:updated",e)}async function nP(t){let e={datasourceId:t._id,source:t.source,custom:lp(t)};await S("datasource:deleted",e)}var wS={created:tP,updated:rP,deleted:nP};async function iP(t){let e={};await S("email:smtp:created",e,t)}async function sP(){let t={};await S("email:smtp:updated",t)}var DS={SMTPCreated:iP,SMTPUpdated:sP};async function oP(t){let e={};await S("ai:config:created",e,t)}async function aP(){let t={};await S("ai:config:updated",t)}var RS={AIConfigCreated:oP,AIConfigUpdated:aP};async function uP(t,e){let r={accountId:t.accountId,...e};await S("license:plan:changed",r)}async function cP(t){let e={accountId:t.accountId};await S("license:activated",e)}async function lP(t){let e={accountId:t.accountId};await S("license:checkout:opened",e)}async function dP(t){let e={accountId:t.accountId};await S("license:checkout:success",e)}async function fP(t){let e={accountId:t.accountId};await S("license:portal:opened",e)}async function pP(t){let e={accountId:t.accountId};await S("license:payment:failed",e)}async function mP(t){let e={accountId:t.accountId};await S("license:payment:recovered",e)}var CS={planChanged:uP,activated:cP,checkoutOpened:lP,checkoutSuccess:dP,portalOpened:fP,paymentFailed:pP,paymentRecovered:mP};async function hP(t,e){let r={layoutId:t._id};await S("layout:created",r,e)}async function EP(t){let e={layoutId:t};await S("layout:deleted",e)}var bS={created:hP,deleted:EP};async function gP(t){let e={};await S("org:info:name:updated",e,t)}async function yP(t){let e={};await S("org:info:logo:updated",e,t)}async function TP(t){let e={};await S("org:platformurl:updated",e,t)}async function SP(){let t={};await S("analytics:opt:out",t)}async function AP(){let t={};await S("analytics:opt:out",t)}var xS={nameUpdated:gP,logoUpdated:yP,platformURLUpdated:TP,analyticsOptOut:SP,analyticsOptIn:AP};var _P=async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await S("query:created",n,r)},OP=async(t,e)=>{let r={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await S("query:updated",r)},IP=async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb,appId:r};await S("query:deleted",n)},wP=async(t,e,r)=>{let n={datasourceId:t._id,source:t.source,count:r,importSource:e};await S("query:import",n)},DP=async(t,e)=>{let r={count:t};await S("queries:run",r,e)},RP=async(t,e)=>{let r={queryId:e.queryId,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await S("query:previewed",r)},vS={created:_P,updated:OP,deleted:IP,imported:wP,run:DP,previewed:RP};async function CP(t,e){let r={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await S("role:created",r,e)}async function bP(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await S("role:updated",e)}async function xP(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await S("role:deleted",e)}async function vP(t,e,r){let n={userId:t._id,roleId:e};await S("role:assigned",n,r)}async function PP(t,e){let r={userId:t._id,roleId:e};await S("role:unassigned",r)}var mo={created:CP,updated:bP,deleted:xP,assigned:vP,unassigned:PP};async function NP(t,e){let r={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await S("screen:created",r,e)}async function UP(t){let e={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await S("screen:deleted",e)}var PS={created:NP,deleted:UP};var LP=async(t,e)=>{let r={count:t};await S("rows:created",r,e)},kP=async(t,e)=>{let r={tableId:t._id,count:e};await S("rows:imported",r)},NS={created:LP,imported:kP};async function MP(t,e){let r={tableId:t._id,audited:{name:t.name}};await S("table:created",r,e)}async function FP(t,e){let r,n;for(let s in e.schema)if(!t.schema[s]){let o=e.schema[s];"default"in o&&o.default!=null&&(r=!0),o.type==="ai"&&(n=o.operation)}let i={tableId:e._id,defaultValues:r,aiColumn:n,audited:{name:e.name}};(r||n)&&await S("table:updated",i)}async function BP(t,e){let r={tableId:t._id,audited:{name:t.name},appId:e};await S("table:deleted",r)}async function WP(t,e){let r={tableId:t._id,format:e,audited:{name:t.name}};await S("table:exported",r)}async function $P(t){let e={tableId:t._id,audited:{name:t.name}};await S("table:imported",e)}var US={created:MP,updated:FP,deleted:BP,exported:WP,imported:$P};async function VP(t){let e={timezone:t};await S("served:builder",e)}async function GP(t,e,r){let n={appVersion:t.version,timezone:e,embed:r===!0};await S("served:app",n)}async function qP(t,e){let r={appId:t.appId,appVersion:t.version,timezone:e};await S("served:app:preview",r)}var LS={servedBuilder:VP,servedApp:GP,servedAppPreview:qP};async function KP(t,e){let r={userId:t._id,viaScim:dt(),audited:{email:t.email}};await S("user:created",r,e)}async function QP(t){let e={userId:t._id,viaScim:dt(),audited:{email:t.email}};await S("user:updated",e)}async function jP(t){let e={userId:t._id,viaScim:dt(),audited:{email:t.email}};await S("user:deleted",e)}async function YP(t,e){let r={userId:t._id,audited:{email:t.email}};await S("user:admin:assigned",r,e)}async function HP(t){let e={userId:t._id,audited:{email:t.email}};await S("user:admin:removed",e)}async function zP(t,e){let r={userId:t._id,audited:{email:t.email}};await S("user:builder:assigned",r,e)}async function JP(t){let e={userId:t._id,audited:{email:t.email}};await S("user:builder:removed",e)}async function ZP(t){let e={audited:{email:t}};await S("user:invited",e)}async function XP(t){let e={userId:t._id,audited:{email:t.email}};await S("user:invite:accepted",e)}async function eN(t){let e={userId:t._id,audited:{email:t.email}};await S("user:password:force:reset",e)}async function tN(t){let e={userId:t._id,audited:{email:t.email}};await S("user:password:updated",e)}async function rN(t){let e={userId:t._id,audited:{email:t.email}};await S("user:password:reset:requested",e)}async function nN(t){let e={userId:t._id,audited:{email:t.email}};await S("user:password:reset",e)}async function iN(t){let e={users:t};await S("user:data:collaboration",e)}var Ue={created:KP,updated:QP,deleted:jP,permissionAdminAssigned:YP,permissionAdminRemoved:HP,permissionBuilderAssigned:zP,permissionBuilderRemoved:JP,invited:ZP,inviteAccepted:XP,passwordForceReset:eN,passwordUpdated:tN,passwordResetRequested:rN,passwordReset:nN,dataCollaboration:iN};async function sN(t,e){let r={name:t.name,type:t.type,tableId:t.tableId};await S("view:created",r,e)}async function oN(t){let e={tableId:t.tableId};await S("view:updated",e)}async function aN(t,e){let r={...Pe.views.isV2(t)?{id:t.id,tableId:t.tableId,appId:e}:{}};await S("view:deleted",r)}async function uN(t,e){let r={tableId:t._id,format:e};await S("view:exported",r)}async function cN({tableId:t,filterGroups:e},r){let n={tableId:t,filterGroups:e};await S("view:filter:created",n,r)}async function lN({tableId:t,filterGroups:e}){let r={tableId:t,filterGroups:e};await S("view:filter:updated",r)}async function dN(t){let e={tableId:t.tableId};await S("view:filter:deleted",e)}async function fN({tableId:t,calculationType:e},r){let n={tableId:t,calculation:e};await S("view:calculation:created",n,r)}async function pN(t){let e={tableId:t.tableId,calculation:t.calculation};await S("view:calculation:updated",e)}async function mN(t){let e={tableId:t.tableId,calculation:t.calculation};await S("view:calculation:deleted",e)}async function hN(t,e){let r={tableId:t};await S("view:join:created",r,e)}var kS={created:sN,updated:oN,deleted:aN,exported:uN,filterCreated:cN,filterUpdated:lN,filterDeleted:dN,calculationCreated:fN,calculationUpdated:pN,calculationDeleted:mN,viewJoinCreated:hN};async function EN(t){let e={currentVersion:t};await S("installation:version:checked",e)}async function gN(t,e){let r={from:t,to:e};await S("installation:version:upgraded",r)}async function yN(t,e){let r={from:t,to:e};await S("installation:version:downgraded",r)}async function TN(){let t={};await S("installation:firstStartup",t)}var uo={versionChecked:EN,upgraded:gN,downgraded:yN,firstStartup:TN};var li=!h.SELF_HOSTED&&!h.isDev();async function SN(t){li||await S("app:backfill:succeeded",t)}async function AN(t){if(li)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await S("app:backfill:failed",e)}async function _N(t){li||await S("tenant:backfill:succeeded",t)}async function ON(t){if(li)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await S("tenant:backfill:failed",e)}async function IN(){if(li)return;let t={};await S("installation:backfill:succeeded",t)}async function wN(t){if(li)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await S("installation:backfill:failed",e)}var MS={appSucceeded:SN,appFailed:AN,tenantSucceeded:_N,tenantFailed:ON,installationSucceeded:IN,installationFailed:wN};async function DN(t,e){let r={groupId:t._id,viaScim:dt(),audited:{name:t.name}};await S("user_group:created",r,e)}async function RN(t){let e={groupId:t._id,viaScim:dt(),audited:{name:t.name}};await S("user_group:updated",e)}async function CN(t){let e={groupId:t._id,viaScim:dt(),audited:{name:t.name}};await S("user_group:deleted",e)}async function bN(t,e){let r={count:t,groupId:e._id,viaScim:dt(),audited:{name:e.name}};await S("user_group:user_added",r)}async function xN(t,e){let r={count:t,groupId:e._id,viaScim:dt(),audited:{name:e.name}};await S("user_group:users_deleted",r)}async function vN(t){let e={groupId:t,onboarding:!0};await S("user_group:onboarding_added",e)}async function PN(t){let e={permissions:t.roles,groupId:t._id,audited:{name:t.name}};await S("user_group:permissions_edited",e)}var FS={created:DN,updated:RN,deleted:CN,usersAdded:bN,usersDeleted:xN,createdOnboarding:vN,permissionsEdited:PN};async function NN(t){let e={type:t.schema.type,name:t.name,description:t.description,version:t.version};await S("plugin:init",e)}async function UN(t){let e={pluginId:t._id,type:t.schema.type,source:t.source,name:t.name,description:t.description,version:t.version};await S("plugin:imported",e)}async function LN(t){let e={pluginId:t._id,type:t.schema.type,name:t.name,description:t.description,version:t.version};await S("plugin:deleted",e)}var BS={init:NN,imported:UN,deleted:LN};async function kN(t){let e={appId:t.appId,restoreId:t._id,backupCreatedAt:t.timestamp,name:t.name};await S("app:backup:restored",e)}async function MN(t,e,r,n,i){let s={appId:t,backupId:e,type:r,trigger:n,name:i};await S("app:backup:triggered",s)}var WS={appBackupRestored:kN,appBackupTriggered:MN};async function FN(t,e){let r={name:t,environments:e};await S("environment_variable:created",r)}async function BN(t){let e={name:t};await S("environment_variable:deleted",e)}async function WN(t){let e={userId:t};await S("environment_variable:upgrade_panel_opened",e)}var $S={created:FN,deleted:BN,upgradePanelOpened:WN};async function $N(t){let e={filters:t};await S("audit_log:filtered",e)}async function VN(t){let e={filters:t};await S("audit_log:downloaded",e)}var VS={filtered:$N,downloaded:VN};async function GN(t,e){await S("row_action:created",t,e)}var GS={created:GN};async function qN(t,e){let r={workspaceAppId:t._id,audited:{name:t.name},appId:e};await S("workspace_app:deleted",r)}var qS={deleted:qN};function KN(){}var QN=async()=>{await Gt.shutdown(),console.log("Events shutdown")};var fp={};P(fp,{creatorsInList:()=>mn,getAccountHolderFromUsers:()=>Bu,hasAdminPermissions:()=>Or,hasAppBuilderPermissions:()=>HS,hasBuilderPermissions:()=>Xe,isAdmin:()=>Ir,isAdminOrBuilder:()=>YS,isBuilder:()=>pi,isCreatorAsync:()=>Eo,isCreatorSync:()=>Mu,isGlobalBuilder:()=>jS,validateUniqueUser:()=>Fu});async function dp(t){let e=[],r=await KS(t);e.push(...r.map(o=>o.email));let n=await QS(t);e.push(...n.map(o=>o._id));let i=await ai(t);e.push(...i.map(o=>o.email));let s=await Hf(t);return e.push(...s.map(o=>o.email)),[...new Set(e.map(o=>o.toLowerCase()))]}async function Ru(t){return await Fs("platform_users_lowercase_2",{keys:[t.toLowerCase()],include_docs:!0})}async function ho(t){return(await Ru(t))[0]??null}async function KS(t){let r={keys:t.map(i=>i.toLowerCase()),include_docs:!0},n={arrayResponse:!0};return await Mt("by_email2",r,void 0,n)}async function QS(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await Fs("platform_users_lowercase_2",r)}async function ai(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await Fs("account_by_email",r)}var ku={};P(ku,{BadRequestError:()=>xu,BudibaseError:()=>di,EmailUnavailableError:()=>Kt,FeatureDisabledError:()=>Uu,ForbiddenError:()=>vu,HTTPError:()=>we,InvalidAPIKeyError:()=>fi,NotFoundError:()=>bu,NotImplementedError:()=>Pu,UnexpectedError:()=>Cu,UsageLimitError:()=>Nu,getPublicError:()=>Lu});var di=class extends Error{constructor(r,n){super(r);this.code=n}},Lu=t=>{let e;return t.code&&(e={code:t.code},t.getPublicError&&(e={...e,...t.getPublicError()})),e},we=class t extends di{constructor(r,n,i="http"){super(r,i);this.status=n}static async fromResponse(r){let n=await r.text(),i=n,s=r.status,o="http";try{let a=JSON.parse(n);i=a.message,s=a.status,o=a.error?.code}catch{}return new t(i,s,o)}},Cu=class extends we{constructor(e){super(e,500)}},bu=class extends we{constructor(e){super(e,404)}},xu=class extends we{constructor(e){super(e,400)}},vu=class extends we{constructor(e){super(e,403)}},Pu=class extends we{constructor(e){super(e,501)}},Nu=class extends we{constructor(r,n){super(r,400,"usage_limit_exceeded");this.limitName=n}getPublicError(){return{limitName:this.limitName}}},Uu=class extends we{constructor(r,n){super(r,400,"feature_disabled");this.featureName=n}getPublicError(){return{featureName:this.featureName}}},fi=class extends di{constructor(){super("Invalid API key - may need re-generated, or user doesn't exist","invalid_api_key")}},Kt=class extends Error{constructor(e){super(`Email already in use: '${e}'`)}};var pi=Ve.users.isBuilder,Ir=Ve.users.isAdmin,jS=Ve.users.isGlobalBuilder,YS=Ve.users.isAdminOrBuilder,Or=Ve.users.hasAdminPermissions,Xe=Ve.users.hasBuilderPermissions,HS=Ve.users.hasAppBuilderPermissions;async function mn(t,e){let r=[...new Set(t.filter(i=>i.userGroups).flatMap(i=>i.userGroups))];return e=await Y().getMultiple(r,{allowMissing:!0}),t.map(i=>Mu(i,e))}async function Eo(t){let e=[];return t.userGroups&&(e=await Y().getMultiple(t.userGroups)),Mu(t,e)}function Mu(t,e){let r=Ve.users.isCreator(t);return!r&&t?YN(t,e):r}function YN(t,e){let r=e?.filter(n=>t.userGroups?.indexOf(n._id)!==-1);return r&&r.length>0?r.some(n=>Object.values(n.roles||{}).includes("CREATOR")):!1}async function Fu(t,e){if(h.MULTI_TENANCY){let r=await ho(t);if(r!=null&&r.tenantId!==e)throw new Kt(t)}if(!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let r=await _r(t);if(r&&r.verified&&r.tenantId!==e)throw new Kt(t)}}async function Bu(t){if(!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let e=await ai(t.map(r=>r.email));return t.find(r=>e.map(n=>n.email).includes(r.email))}}var pp=async t=>{await Ue.deleted(t),Xe(t)&&await Ue.permissionBuilderRemoved(t),Or(t)&&await Ue.permissionAdminRemoved(t)},HN=async(t,e,r)=>{for(let[n,i]of Object.entries(e))(!r||r[n]!==i)&&await mo.assigned(t,i)},zN=async(t,e,r)=>{if(r)for(let[n,i]of Object.entries(r))(!e||e[n]!==i)&&await mo.unassigned(t,i)},JN=async(t,e)=>{let r=t.roles,n=e?.roles;await HN(t,r,n),await zN(t,r,n)},mp=async(t,e)=>{let r=V(),n;!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL&&(n=await ii(r)),await Et.identifyUser(t,n),e?(await Ue.updated(t),XN(t,e)&&await Ue.permissionBuilderRemoved(t),tU(t,e)&&await Ue.permissionAdminRemoved(t),!e.forceResetPassword&&t.forceResetPassword&&t.password&&await Ue.passwordForceReset(t),t.password!==e.password&&await Ue.passwordUpdated(t)):await Ue.created(t),ZN(t,e)&&await Ue.permissionBuilderAssigned(t),eU(t,e)&&await Ue.permissionAdminAssigned(t),await JN(t,e)},ZN=(t,e)=>zS(t,e,Xe),XN=(t,e)=>JS(t,e,Xe),eU=(t,e)=>zS(t,e,Or),tU=(t,e)=>JS(t,e,Or),zS=(t,e,r)=>!(!r(t)||e&&r(e)),JS=(t,e,r)=>!(r(t)||!e||!r(e));var Wu={};P(Wu,{createASession:()=>nU,endSession:()=>iU,getSession:()=>Ep,getSessionsForUser:()=>go,invalidateSessions:()=>hn,updateSessionTTL:()=>hp});var XS=require("uuid");var eA=h.SESSION_EXPIRY_SECONDS?parseInt(h.SESSION_EXPIRY_SECONDS):me.fromDays(7).toSeconds();function mi(t,e){return`${t}/${e}`}async function go(t){return t?(await(await dr()).scan(t)).map(n=>n.value):(console.trace("Cannot get sessions for undefined userId"),[])}async function hn(t,e={}){try{let r=e?.reason||"unknown",n=e.sessionIds||[],i;if(n.length===0?i=(await go(t)).map(o=>({key:mi(o.userId,o.sessionId)})):(n=Array.isArray(n)?n:[n],i=n.map(s=>({key:mi(t,s)}))),i&&i.length>0){let s=await dr(),o=[];for(let a of i)o.push(s.delete(a.key));h.isTest()||ri(`Invalidating sessions for ${t} (reason: ${r}) - ${i.map(a=>a.key).join(", ")}`),await Promise.all(o)}}catch(r){console.error(`Error invalidating sessions: ${r}`)}}async function nU(t,e){let r=await go(t),n=0;if(r.length>=3){let c=r.sort((f,m)=>new Date(f.createdAt).getTime()-new Date(m.createdAt).getTime()),l=r.length-3+1,d=c.slice(0,l).map(f=>f.sessionId);n=d.length,await hn(t,{sessionIds:d,reason:"session limit exceeded"})}let i=await dr(),s=e.sessionId,o=e.csrfToken?e.csrfToken:(0,XS.v4)(),a=mi(t,s),u={...e,csrfToken:o,createdAt:new Date().toISOString(),lastAccessedAt:new Date().toISOString(),userId:t};return await i.store(a,u,eA),{session:u,invalidatedSessionCount:n}}async function hp(t){let e=await dr(),r=mi(t.userId,t.sessionId);t.lastAccessedAt=new Date().toISOString(),await e.store(r,t,eA)}async function iU(t,e){await(await dr()).delete(mi(t,e))}async function Ep(t,e){if(!t||!e)throw new Error(`Invalid session details - ${t} - ${e}`);let n=await(await dr()).get(mi(t,e));if(!n)throw new Error(`Session not found - ${t} - ${e}`);return n}var Sp={};P(Sp,{PASSWORD_MAX_LENGTH:()=>yp,PASSWORD_MIN_LENGTH:()=>gp,validatePassword:()=>Tp});var gp=+(h.PASSWORD_MIN_LENGTH||12),yp=+(h.PASSWORD_MAX_LENGTH||512);function Tp(t){return!t||t.length<gp?{valid:!1,error:`Password invalid. Minimum ${gp} characters.`}:t.length>yp?{valid:!1,error:`Password invalid. Maximum ${yp} characters.`}:{valid:!0}}var sU=async t=>{let e=t._id;await ht.removeUser(t),await pp(t),await wr.invalidateUser(e),await hn(e,{reason:"bulk-deletion"})},It=class t{static init(e,r,n){t.quotas=e,t.groups=r,t.features=n}static async isPreventPasswordActions(e,r){return h.ENABLE_SSO_MAINTENANCE_MODE&&Ir(e)?!1:await t.features.isSSOEnforced()||Bo(e)?!0:(r||(r=await ii(V())),!!(r&&r.email===e.email&&Fo(r)))}static async buildUser(e,r={hashPassword:!0,requirePassword:!0},n,i,s){let{password:o,_id:a}=e;i&&!i.password&&(r.requirePassword=!1);let u;if(o){if(await t.isPreventPasswordActions(e,s))throw new we("Password change is disabled for this user",400);if(!r.skipPasswordValidation){let d=Tp(o);if(!d.valid)throw new we(d.error,400)}u=r.hashPassword?await bd(o):o}else i&&(u=i.password);let c=r.requirePassword&&!await t.features.isSSOEnforced();if(!u&&c)throw"Password must be specified.";a=a||zn();let l={createdAt:Date.now(),...i,...e,_id:a,password:u,tenantId:n};return l.roles||(l.roles={}),l.status==null&&(l.status="active"),l}static async allUsers(){return(await Y().allDocs(nn(null,{include_docs:!0}))).rows.map(n=>n.doc)}static async countUsersByApp(e){return{userCount:(await Vu(e,{})).length}}static async getUsersByAppAccess(e){return await Ap(e.appId,{limit:e.limit||50})}static async getUserByEmail(e){return gt(e)}static async getUser(e){let r=await En(e);return r&&delete r.password,r}static async bulkGet(e){return await $u(e)}static async bulkUpdate(e){return await yo(e)}static async save(e,r={}){r.hashPassword==null&&(r.hashPassword=!0),r.requirePassword==null&&(r.requirePassword=!0);let n=V(),i=Y(),{email:s,_id:o,userGroups:a=[],roles:u}=e;if(!s&&!o)throw new Error("_id or email is required");let c;if(o)try{if(c=await En(o),s&&c.email!==s&&!r.allowChangingEmail)throw new Error("Email address cannot be changed")}catch(f){if(f.status!==404)throw f}if(!c&&s&&(c=await gt(s),c&&c._id!==o))throw new Kt(s);let l=1,d=0;if((r.isAccountHolder||c)&&(l=0,d=1),c){let[f,m]=await mn([c,e]);d=f!==m?1:0}return t.quotas.addUsers(l,d,async()=>{r.isAccountHolder||await Fu(s,n);let f=await t.buildUser(e,r,n,c);r.currentUserId&&r.currentUserId===c?._id&&(f=_p(f,c)),!c&&u?.length&&(f.roles={...u});let m=[];if(!o&&a.length>0)for(let p of a)m.push(t.groups.addUsers(p,[f._id]));try{let p=await i.put(f);return f._rev=p.rev,await mp(f,c),c&&f.email!==c.email&&await ht.removeUser({email:c.email}),await ht.addUser(n,f._id,f.email,f.ssoId),await wr.invalidateUser(p.id),await Promise.all(m),i.get(f._id)}catch(p){throw p.status===409?"User exists already":p}})}static async bulkCreate(e,r){let n=V(),i=[],s=[],o=[],a=e.map(f=>f.email),u=await dp(a),c=[];for(let f of e){let m=s.find(E=>E.email.toLowerCase()===f.email.toLowerCase()),p=u.includes(f.email.toLowerCase());if(m||p){c.push({email:f.email,reason:"Unavailable"});continue}f.userGroups=r||[],s.push(f),await Eo(f)&&o.push(f)}let l=await ii(n),d=await t.features.isSSOEnforced();return t.quotas.addUsers(s.length,o.length,async()=>{for(let p of s)d&&delete p.password,i.push(t.buildUser(p,{hashPassword:!0,requirePassword:!d},n,void 0,l));let f=await Promise.all(i);await yo(f);for(let p of f)await ht.addUser(n,p._id,p.email),await mp(p,void 0);let m=f.map(p=>({_id:p._id,email:p.email}));if(Array.isArray(m)&&r){let p=[],E=m.map(g=>g._id);for(let g of r)p.push(t.groups.addUsers(g,E));await Promise.all(p)}return{successful:m,unsuccessful:c}})}static async bulkDelete(e){let r=Y(),n={successful:[],unsuccessful:[]},i=await Bu(e);i&&(e=e.filter(m=>m.userId!==i.userId),n.unsuccessful.push({_id:i.userId,email:i.email,reason:"Account holder cannot be deleted"}));let o=(await r.allDocs({include_docs:!0,keys:e.map(m=>m.userId)})).rows.map(m=>m.doc),a=o.map(m=>({...m,_deleted:!0})),u=await yo(a),l=(await mn(o)).filter(m=>m).length,d=[];for(let m of o){let E=(await ho(m._id)).ssoId;E&&(await Ru(E)).filter(T=>T.ssoId==null).forEach(T=>{d.push({...T,_deleted:!0})}),await sU(m)}await Ar().bulkDocs(d),await t.quotas.removeUsers(a.length,l);let f={};return o.reduce((m,p)=>(m[p._id]=p,m),f),u.forEach(m=>{let p=f[m.id].email;m.ok?n.successful.push({_id:m.id,email:p}):n.unsuccessful.push({_id:m.id,email:p,reason:"Database error"})}),n}static async destroy(e){let r=Y(),n=await r.get(e),i=n._id;if(!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let o=n.email;if(await _r(o))throw n.userId===Ut()._id?new we('Please visit "Account" to delete this user',400):new we("Account holder cannot be deleted",400)}await ht.removeUser(n),await r.remove(i,n._rev);let s=await Eo(n)?1:0;await t.quotas.removeUsers(1,s),await pp(n),await wr.invalidateUser(i),await hn(i,{reason:"deletion"})}static async createAdminUser(e,r,n){let i=n?.password,s={email:e,password:i,createdAt:Date.now(),roles:{},builder:{global:!0},admin:{global:!0},tenantId:r,firstName:n?.firstName,lastName:n?.lastName};return n?.ssoId&&(s.ssoId=n.ssoId),await ni(Ee.CHECKLIST),await t.save(s,{hashPassword:n?.hashPassword,requirePassword:n?.requirePassword,skipPasswordValidation:n?.skipPasswordValidation,isAccountHolder:!0})}static async getGroups(e){return await this.groups.getBulk(e)}static async getGroupBuilderAppIds(e){return await this.groups.getGroupBuilderAppIds(e)}};function So(t){return Array.isArray(t)?t.map(e=>{if(e)return delete e.password,e}):t&&(delete t.password,t)}async function $u(t,e){let n=(await Y().allDocs({keys:t,include_docs:!0})).rows.map(i=>i.doc);return e?.cleanup&&(n=So(n)),n}async function aU(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${xe}`})).rows.map(n=>n.id)}async function uU(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${xe}`,include_docs:!0})).rows.map(n=>n.doc)}async function yo(t){return await Y().bulkDocs(t)}async function En(t,e){let n=await Y().get(t);return e?.cleanup&&(n=So(n)),n}async function gt(t,e){if(t==null)throw"Must supply an email address to view";let r=await Mt("by_email2",{key:t.toLowerCase(),include_docs:!0});if(Array.isArray(r))throw new Error(`Multiple users found with email address: ${t}`);let n=r;return e?.cleanup&&(n=So(n)),n}async function cU(t){try{let e=await gt(t);if(Array.isArray(e)||e!=null)return!0}catch{return!1}return!1}async function Vu(t,e,r){if(typeof t!="string")throw new Error("Must provide a string based workspace ID");let n=eu(t,{include_docs:!0});n.startkey=e&&e.startkey?e.startkey:n.startkey;let i=await Mt("by_app",n);i||(i=[]);let s=Array.isArray(i)?i:[i];return r?.cleanup&&(s=So(s)),s}async function Ap(t,e){let r=`roles.${t}`,n=[{"builder.global":!0},{"admin.global":!0}];if(t){let o={[r]:{$exists:!0}};n.push(o)}return(await Y().find({selector:{$or:n,_id:{$regex:"^us_"}},limit:e?.limit||50})).docs}function tA(t,e){if(e)return Xa(qe(t),e._id)}async function rA(t,e,r){if(typeof t!="string")throw new Error("Must provide a string to search by");let n=t.toLowerCase(),i=e&&e.startkey?e.startkey:n,s=await Mt("by_email2",{...e,startkey:i,endkey:`${n}${xe}`});s||(s=[]);let o=Array.isArray(s)?s:[s];return r?.cleanup&&(o=So(o)),o}var lU=8;async function nA({bookmark:t,query:e,appId:r,limit:n}={}){let i=Y(),s=n??lU,a={include_docs:!0,limit:s+1};t&&(a.startkey=t);let u,c="_id",l;return e?.equal?._id?u=[await En(e.equal._id)]:r?(u=await Vu(r,a),l=d=>tA(r,d)):e?.string?.email?(u=await rA(e?.string?.email,a),c="email"):e?.oneOf?._id?u=await $u(e?.oneOf?._id,{cleanup:!0}):e?(u=(await i.allDocs(nn(null,{...a,limit:void 0}))).rows.map(f=>f.doc),u=or.search(u,{query:e,limit:a.limit}).rows):u=(await i.allDocs(nn(null,a))).rows.map(f=>f.doc),pf(u,s,{paginate:!0,property:c,getKey:l})}async function dU(){return(await Ef("by_email2",{limit:0,include_docs:!1})).total_rows}async function fU(){let t=0;async function e(r){let n=await nA({bookmark:r}),i=await mn(n.data);t+=i.filter(s=>s).length,n.hasNextPage&&await e(n.nextPage)}return await e(),t}function pU(t){return delete t.admin,delete t.builder,t}function _p(t,e){return delete t.admin,delete t.builder,delete t.roles,e&&(t.admin=e.admin,t.builder=e.builder,t.roles=e.roles),t}async function mU(t,e){let r=qe(e);t.builder??={},t.builder.creator=!0,t.builder.apps??=[],t.builder.apps.push(r),await It.save(t,{hashPassword:!1})}async function hU(t,e){let r=qe(e);t.builder&&t.builder.apps?.includes(r)&&(t.builder.apps=t.builder.apps.filter(n=>n!==r)),await It.save(t,{hashPassword:!1})}var iA=3600;async function EU(t,e){let n=await Tf(e).get(t);if(n.budibaseAccess=!0,!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let i=await _r(n.email);i&&(n.account=i,n.accountPortalAccess=!0)}return n}async function gU(t){let e=await It.bulkGet(t),r=t.filter((i,s)=>!e[s]),n=e.filter(i=>i);return await Promise.all(n.map(async i=>{if(i.budibaseAccess=!0,!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let s=await _r(i.email);s&&(i.account=s,i.accountPortalAccess=!0)}})),r.length?{users:n,notFoundIds:r}:{users:n}}async function Ao({userId:t,tenantId:e,email:r,populateUser:n}){if(n||(n=EU),!e)try{e=V()}catch{e=await ht.lookupTenantId(t)}let i=await Ps(),s=await i.get(t);return s||(s=await n(t,e,r),await i.store(t,s,iA)),s&&!s.tenantId&&e&&(s.tenantId=e),s.userGroups&&!Ve.users.isGlobalBuilder(s)&&await Re(e,async()=>{let o=await It.getGroupBuilderAppIds(s);if(o.length){let a=s.builder?.apps||[];s.builder={apps:[...new Set(a.concat(o))]}}}),s}async function yU(t){let e=await Ps(),r=await e.bulkGet(t),n=t.filter(o=>!r[o]),i=Object.values(r).filter(o=>!!o),s;if(n.length){let o=await gU(n);s=o.notFoundIds;for(let a of o.users)await e.store(a._id,a,iA);i.push(...o.users)}return{users:i,notFoundIds:s}}async function _o(t){await(await Ps()).delete(t)}var Rp={};P(Rp,{Writethrough:()=>wp});var Ei={};P(Ei,{AUTO_EXTEND_POLLING_MS:()=>oA,doWithLock:()=>Op,newRedlock:()=>gn});var sA=M(require("redlock"));async function SU(t,e){if(t==="custom")return gn(e);switch(t){case"try_once":return gn(hi.TRY_ONCE);case"try_twice":return gn(hi.TRY_TWICE);case"default":return gn(hi.DEFAULT);case"delay_500":return gn(hi.DELAY_500);case"auto_extend":return gn(hi.AUTO_EXTEND);default:throw Zt.unreachable(t)}}var hi={TRY_ONCE:{retryCount:0},TRY_TWICE:{retryCount:1},DEFAULT:{driftFactor:.01,retryCount:10,retryDelay:200,retryJitter:100},DELAY_500:{retryDelay:500},CUSTOM:{},AUTO_EXTEND:{retryCount:-1}};async function gn(t={}){let e={...hi.DEFAULT,...t},n=(await af()).client;return new sA.default([n],e)}function AU(t){let r=`lock:${t.systemLock?"system":V()}_${t.name}`;return t.resource&&(r=r+`_${t.resource}`),r}var oA=me.fromSeconds(10).toMs();async function Op(t,e){let r=await SU(t.type,t.customOptions),n,i;try{let s=AU(t),o=t.type==="auto_extend"?oA:t.ttl;if(n=await r.lock(s,o),t.type==="auto_extend"){let u=()=>{i=setTimeout(async()=>{n=await n.extend(o,()=>t.onExtend&&t.onExtend()),u()},o/2)};u()}return{executed:!0,result:await e()}}catch(s){if(s.name==="LockError"){if(t.type==="try_once")return{executed:!1};throw s}else throw s}finally{clearTimeout(i),await n?.unlock()}}var aA=1e4,Ip=null;async function Gu(){if(!Ip){let t=await of();Ip=new un(t)}return Ip}function Oo(t,e){return t.name+e}function Dp(t,e=null){return{doc:t,lastWrite:e||Date.now()}}async function _U(t,e,r=aA){let n=await Gu(),i=e._id,s;i&&(s=await n.get(Oo(t,i)));let o=!s||s.lastWrite<Date.now()-r,a=e;return o&&((await Op({type:"try_once",name:"persist_writethrough",resource:i,ttl:15e3},async()=>{let c=async l=>{let d=await t.put(l,{force:!0});a._id=d.id,a._rev=d.rev};try{await c(e)}catch(l){if(l.status!==409)throw l;ri("Ignoring conflict in write-through cache")}})).executed||ri("Ignoring redlock conflict in write-through cache")),s=Dp(a,o?null:s?.lastWrite),a._id&&await n.store(Oo(t,a._id),s),{ok:!0,id:a._id,rev:a._rev}}async function OU(t,e){let r=await Gu(),n=Oo(t,e),i=await r.get(n);if(!i){let s=await t.get(e);i=Dp(s),await r.store(n,i)}return i.doc}async function IU(t,e){let r=await Gu(),n=Oo(t,e),i=await r.get(n);if(!i){let s=await t.tryGet(e);if(!s)return null;i=Dp(s),await r.store(n,i)}return i.doc}async function wU(t,e,r){let n=await Gu();if(!e)throw new Error("No ID/Rev provided.");let i=typeof e=="string"?e:e._id;r=typeof e=="string"?r:e._rev;try{await n.delete(Oo(t,i))}finally{await t.remove(i,r)}}var wp=class{constructor(e,r=aA){this.db=e,this.writeRateMs=r}async put(e,r=this.writeRateMs){return _U(this.db,e,r)}async get(e){return OU(this.db,e)}async tryGet(e){return IU(this.db,e)}async remove(e,r){return wU(this.db,e,r)}};function qu(t){return`config${C}${t}`}async function et(t){let e=Y();try{return await e.get(qu(t))}catch(r){if(r.status===404)return;throw r}}async function DU(t){return t._id||(t._id=qu(t.type)),Y().put(t)}async function ci(){let t=await et("settings");return t||(t={_id:qu("settings"),type:"settings",config:{}}),t.config.platformUrl=await Io({tenantAware:!0,config:t.config}),t.config.analyticsEnabled=await Au({config:t.config}),t}async function xp(){return(await ci()).config}async function Io(t={tenantAware:!0}){let e=h.PLATFORM_URL||"http://localhost:10000";if(!h.SELF_HOSTED&&h.MULTI_TENANCY&&t.tenantAware){let r=V();e.includes("localhost:")||(e=e.replace("://",`://${r}.`))}else if(h.SELF_HOSTED){let r=t?.config?t.config:(await et("settings"))?.config;r?.platformUrl&&(e=r.platformUrl)}return e}var Au=async t=>{if(!h.SELF_HOSTED)return!!h.ENABLE_ANALYTICS;let e=await Sr(Ee.ANALYTICS_ENABLED,86400,async()=>{let n=t?.config?t.config:(await et("settings"))?.config;if(n?.analyticsEnabled===!1)return!1;if(n?.analyticsEnabled===!0)return!0});if(e!==void 0)return e;let r=h.ENABLE_ANALYTICS;return!(r===0||r===!1)};async function RU(){return await et("google")}async function Ku(){return(await RU())?.config}async function vp(){if(!h.SELF_HOSTED)return Cp();let t=await Ku();return(!t||!t.activated)&&(t=Cp()),t}function Cp(){if(h.GOOGLE_CLIENT_ID&&h.GOOGLE_CLIENT_SECRET)return{clientID:h.GOOGLE_CLIENT_ID,clientSecret:h.GOOGLE_CLIENT_SECRET,activated:!0}}async function CU(){return et("logos_oidc")}async function bU(){return et("oidc")}async function xU(){let t=(await bU())?.config;return t?.configs&&t.configs[0]}async function Pp(t){let e=(await et("oidc"))?.config;return e&&e.configs.filter(r=>r.uuid===t)[0]}async function uA(){return et("smtp")}async function vU(t){let e=await uA();if(e)return e.config;let r=h.SELF_HOSTED||!t;if(h.SMTP_FALLBACK_ENABLED&&r)return{port:h.SMTP_PORT,host:h.SMTP_HOST,secure:!1,from:h.SMTP_FROM_ADDRESS,auth:{user:h.SMTP_USER,pass:h.SMTP_PASSWORD},fallback:!0}}async function PU(){return(await et("scim"))?.config}async function NU(){return et("ai")}async function UU(){return et("recaptcha")}var Vp={};P(Vp,{AccessController:()=>Lp,BUILTIN_ROLE_IDS:()=>kp,Role:()=>Dr,RoleHierarchyTraversal:()=>Qu,RoleIDVersion:()=>Mp,builtinRoleToNumber:()=>wo,checkForRoleResourceArray:()=>fA,externalRole:()=>WU,findRole:()=>Do,getAllRoleIds:()=>qU,getAllRoles:()=>$p,getBuiltinRole:()=>lA,getBuiltinRoles:()=>Bp,getDBRoleID:()=>pA,getExternalRoleID:()=>Rr,getExternalRoleIDs:()=>mA,getRole:()=>$U,getUserRoleHierarchy:()=>Wp,getUserRoleIdHierarchy:()=>dA,isBuiltin:()=>yn,lowerBuiltinRoleID:()=>BU,prefixRoleIDNoBuiltin:()=>Up,roleIDsAreEqual:()=>tt,roleToNumber:()=>FU,saveRoles:()=>VU,validInherits:()=>MU});var cA=require("lodash"),ju=M(require("lodash/fp/cloneDeep")),Np=M(require("semver"));var kp={ADMIN:"ADMIN",POWER:"POWER",BASIC:"BASIC",PUBLIC:"PUBLIC"},ne={...kp,BUILDER:"BUILDER"},Mp={UUID:void 0,NAME:"name"};function kU(t,e){return Array.isArray(e)?e.filter(r=>t.includes(r)).length===e.length:t.includes(e)}var Dr=class{constructor(e,r,n,i){this.permissions={};this._id=e,this.name=r,this.uiMetadata=i,this.permissionId=n,this.version=Mp.NAME}addInheritance(e){return e&&typeof e=="string"?e=Up(e):e&&Array.isArray(e)&&(e=e.map(Up)),this.inherits=e,this}},Qu=class{constructor(e,r){this.allRoles=e,this.opts=r}walk(e){let r=this.opts,n=this.allRoles,i=[];if(!e||!e._id)return i;if(i.push(e),Array.isArray(e.inherits))for(let s of e.inherits){let o=Do(s,n,r);o&&(i=i.concat(this.walk(o)))}else{let s=[],o=e;for(;o&&o.inherits&&!kU(s,o.inherits);){if(Array.isArray(o.inherits))return i.concat(this.walk(o));if(s.push(o.inherits),o=Do(o.inherits,n,r),o&&i.push(o),Pe.roles.checkForRoleInheritanceLoops(i))break}}return(0,cA.uniqBy)(i,s=>s._id)}},Fp={ADMIN:new Dr(ne.ADMIN,ne.ADMIN,"admin",{displayName:"App admin",description:"Can do everything",color:"var(--spectrum-global-color-static-red-400)"}).addInheritance(ne.POWER),POWER:new Dr(ne.POWER,ne.POWER,"power",{displayName:"App power user",description:"An app user with more access",color:"var(--spectrum-global-color-static-orange-400)"}).addInheritance(ne.BASIC),BASIC:new Dr(ne.BASIC,ne.BASIC,"write",{displayName:"App user",description:"Any logged in user",color:"var(--spectrum-global-color-static-green-400)"}).addInheritance(ne.PUBLIC),PUBLIC:new Dr(ne.PUBLIC,ne.PUBLIC,"public",{displayName:"Public user",description:"Accessible to anyone",color:"var(--spectrum-global-color-static-blue-400)"}),BUILDER:new Dr(ne.BUILDER,ne.BUILDER,"admin",{displayName:"Builder user",description:"Users that can edit this app",color:"var(--spectrum-global-color-static-magenta-600)"})};function Bp(){return(0,ju.default)(Fp)}function yn(t){return Object.values(kp).includes(t)}function Up(t){return yn(t)?t:Lt(t)}function lA(t){let e=Object.values(Fp).find(r=>t.includes(r._id));if(e)return(0,ju.default)(e)}function MU(t,e){if(!e)return!1;let r=n=>t.find(i=>tt(i._id,n));if(Array.isArray(e)){let n=e.filter(i=>r(i));return e.length!==0&&n.length===e.length}else return!!r(e)}function wo(t){let e=Bp(),r=Object.values(e).length+1;if(tt(t,ne.ADMIN)||tt(t,ne.BUILDER))return r;let n=e[t],i=0;do{if(!n)break;if(Array.isArray(n.inherits))throw new Error("Built-in roles don't support multi-inheritance");n=e[n.inherits],i++}while(n!==null);return i}async function FU(t){if(yn(t))return wo(t);let e=await Wp(t,{defaultPublic:!0}),r=n=>{if(!n.inherits)return 0;if(Array.isArray(n.inherits)){let i=n.inherits.map(s=>{let o=e.find(a=>tt(a._id,s));if(o)return r(o)+1}).filter(s=>s).sort().pop();if(i!=null)return i}else if(yn(n.inherits))return wo(n.inherits)+1;return 0};return Math.max(...e.map(r))}function BU(t,e){return t?e&&wo(t)>wo(e)?e:t:e}function tt(t,e){return Lt(t)===Lt(e)}function WU(t){let e;return t._id&&(e=Rr(t._id)),{...t,_id:e,inherits:mA(t.inherits,t.version)}}function Do(t,e,r){let n=lA(t);n||(t=Lt(t));let i=e.find(s=>s._id&&tt(s._id,t));return!i&&!yn(t)&&r?.defaultPublic?(0,ju.default)(Fp.PUBLIC):(n=Object.assign(n||{},i),n?._id&&(n._id=Rr(n._id,n.version)),Object.keys(n).length===0?void 0:n)}async function $U(t,e){let r=Hn(),n=[];if(!yn(t)){let i=await r.tryGet(pA(t));i&&n.push(i)}return Do(t,n,e)}async function VU(t){await Hn().bulkDocs(t.filter(r=>r._id).map(r=>({...r,_id:Lt(r._id)})))}async function GU(t,e){let r=await $p();if(tt(t,ne.ADMIN))return r;let n=Do(t,r,e),i=[];return n&&(i=new Qu(r,e).walk(n)),i}async function dA(t){return(await Wp(t)).map(r=>r._id)}async function Wp(t,e){return GU(t,e)}function fA(t,e){if(t&&!Array.isArray(t[e])){let r=t[e];t[e]=[r],r==="write"&&t[e].push("read")}return t}async function qU(t){return(await $p(t)).map(r=>r._id)}async function $p(t){if(t)return Ge(t,e);{let r;try{r=Hn()}catch{}return e(r)}async function e(r){let n=[];r&&(n=(await r.allDocs(tu(null,{include_docs:!0}))).rows.map(a=>a.doc),n.forEach(a=>a._id=Rr(a._id,a.version)));let i=Bp(),s=[];!r||await KU(r)?s=[ne.ADMIN,ne.POWER,ne.BASIC,ne.PUBLIC]:s=[ne.ADMIN,ne.BASIC,ne.PUBLIC];for(let o of s){let a=i[o],u=n.filter(c=>tt(c._id,o))[0];u==null?n.push(a||i.BASIC):(n=n.filter(c=>c._id!==u._id),u._id=Rr(a._id,u.version),n.push({...a,...u,name:a.name,_id:Rr(a._id,a.version)}))}for(let o of n)if(o.permissions)for(let a of Object.keys(o.permissions))o.permissions=fA(o.permissions,a);return n}}async function KU(t){let r=(await t.tryGet("app_metadata"))?.creationVersion;return!r||!Np.default.valid(r)?!0:!Np.default.gte(r,h.MIN_VERSION_WITHOUT_POWER_ROLE)}var Lp=class{constructor(){this.userHierarchies={}}async hasAccess(e,r){if(e==null||e===""||tt(e,ne.BUILDER)||tt(r,e)||tt(r,ne.BUILDER))return!0;let n=r?this.userHierarchies[r]:null;return!n&&r&&(n=await dA(r),this.userHierarchies[r]=n),n?.find(i=>tt(i,e))!==void 0}async checkScreensAccess(e,r){let n=[];for(let i of e){let s=await this.checkScreenAccess(i,r);s&&n.push(s)}return n}async checkScreenAccess(e,r){let n=e&&e.routing?e.routing.roleId:void 0;return await this.hasAccess(n,r)?e:null}};function pA(t){return t?.startsWith("role")?t:Lt(t)}function Rr(t,e){if(t.startsWith(`role${C}`)&&(yn(t)||e===Mp.NAME)){let r=t.split(C);return r.shift(),r.join(C)}return t}function mA(t,e){return t&&(typeof t=="string"?Rr(t,e):t.map(r=>Rr(r,e)))}var Gp={};P(Gp,{BUILDER:()=>zU,BUILTIN_PERMISSIONS:()=>Yu,CREATOR:()=>JU,GLOBAL_BUILDER:()=>ZU,PermissionImpl:()=>ie,PermissionLevel:()=>_i,PermissionType:()=>ko,doesHaveBasePermission:()=>YU,getAllowedLevels:()=>yA,getBuiltinPermissionByID:()=>jU,getBuiltinPermissions:()=>QU,isPermissionLevelHigherThanRead:()=>HU,levelToNumber:()=>gA});var hA=M(require("lodash/flatten")),EA=M(require("lodash/fp/cloneDeep")),ie=class{constructor(e,r){this.type=e,this.level=r}};function gA(t){switch(t){case"execute":return 0;case"read":return 1;case"write":return 2;case"admin":return 3;default:return-1}}function yA(t){switch(t){case"execute":return["execute"];case"read":return["execute","read"];case"write":case"admin":return["execute","read","write"];default:return[]}}var Yu={PUBLIC:{_id:"public",name:"Public",permissions:[new ie("webhook","execute")]},READ_ONLY:{_id:"read_only",name:"Read only",permissions:[new ie("query","read"),new ie("table","read"),new ie("app","read")]},WRITE:{_id:"write",name:"Read/Write",permissions:[new ie("query","write"),new ie("table","write"),new ie("automation","execute"),new ie("legacy_view","read"),new ie("app","read")]},POWER:{_id:"power",name:"Power",permissions:[new ie("table","write"),new ie("user","read"),new ie("automation","execute"),new ie("webhook","read"),new ie("legacy_view","read"),new ie("app","read")]},ADMIN:{_id:"admin",name:"Admin",permissions:[new ie("table","admin"),new ie("user","admin"),new ie("automation","admin"),new ie("webhook","read"),new ie("query","admin"),new ie("legacy_view","read"),new ie("app","read")]}};function QU(){return(0,EA.default)(Yu)}function jU(t){return Object.values(Yu).find(r=>r._id===t)}function YU(t,e,r){let n=[...new Set(r.map(o=>o.permissionId))],i=Object.values(Yu),s=(0,hA.default)(i.filter(o=>n.indexOf(o._id)!==-1).map(o=>o.permissions));for(let o of s)if(o.type===t&&yA(o.level).indexOf(e)!==-1)return!0;return!1}function HU(t){return gA(t)>1}var zU="builder",JU="creator",ZU="globalBuilder";var Qp={};P(Qp,{FlagSet:()=>zu,all:()=>rL,flags:()=>qp,getEnvFlags:()=>_A,init:()=>XU,isEnabled:()=>tL,parseEnvFlags:()=>Zu,shutdown:()=>eL,testutils:()=>Kp});var Ju=M(require("crypto"));var TA=require("posthog-node"),SA=M(require("dd-trace"));var AA=require("lodash");var Hu;function XU(t){h.POSTHOG_TOKEN&&h.POSTHOG_API_HOST&&!h.SELF_HOSTED&&h.POSTHOG_FEATURE_FLAGS_ENABLED?(console.log("initializing posthog client..."),Hu=new TA.PostHog(h.POSTHOG_TOKEN,{host:h.POSTHOG_API_HOST,personalApiKey:h.POSTHOG_PERSONAL_TOKEN,featureFlagsPollingInterval:me.fromMinutes(3).toMs(),...t})):console.log("posthog disabled")}function eL(){Hu?.shutdown()}function Zu(t){let e=t.split(",").map(n=>n.split(":")),r=[];for(let[n,...i]of e)for(let s of i){let o=!0;s.startsWith("!")&&(s=s.slice(1),o=!1),r.push({tenantId:n,key:s,value:o})}return r}function _A(){return Zu(h.TENANT_FEATURE_FLAGS||"")}var zu=class{constructor(e){this.flagSchema=e;this.setId=Ju.randomUUID()}defaults(){return(0,AA.cloneDeep)(this.flagSchema)}isFlagName(e){return this.flagSchema[e]!==void 0}async isEnabled(e){return(await this.fetch())[e]}async fetch(){return await SA.default.trace("features.fetch",async e=>{let r=Zd(this.setId);if(r)return e?.addTags({fromCache:!0}),r;let n={},i=this.defaults(),s=V(),o=new Set;if(Ya())return i;for(let{tenantId:d,key:f,value:m}of _A())if(!(!d||d!=="*"&&d!==s)&&(n.readFromEnvironmentVars=!0,m===!1&&o.add(f),!!this.isFlagName(f))){if(typeof i[f]!="boolean")throw new Error(`Feature: ${f} is not a boolean`);i[f]=m,n[`flags.${f}.source`]="environment"}let a=Ut(),u=a?._id;if(!u){let d=zd();d&&(u=Ju.createHash("sha512").update(d).digest("hex"))}let c=a?.tenantId;if(c||(c=s),n["identity.type"]=a?.type,n["identity._id"]=a?._id,n.tenantId=c,n.userId=u,Hu&&u){n.readFromPostHog=!0;let d=await ci(),f={tenantId:c},m={tenant:{id:c}};d.config.createdVersion&&(m.tenant.createdVersion=d.config.createdVersion),d.createdAt&&(m.tenant.createdAt=`${d.createdAt}`);let p=await Hu.getAllFlags(u,{personProperties:f,onlyEvaluateLocally:!0,groups:{tenant:c},groupProperties:m});for(let[E,g]of Object.entries(p))if(this.isFlagName(E)){if(typeof g!="boolean"){console.warn(`Invalid value for posthog flag "${E}": ${g}`);continue}if(!(i[E]===!0||o.has(E)))try{i[E]=g,n[`flags.${E}.source`]="posthog"}catch(T){console.warn(`Error parsing posthog flag "${E}": ${g}`,T)}}}let l=ef();for(let[d,f]of Object.entries(l))this.isFlagName(d)&&typeof f=="boolean"&&(i[d]=f,n[`flags.${d}.source`]="override");Xd(this.setId,i);for(let[d,f]of Object.entries(i))n[`flags.${d}.value`]=f;return e?.addTags(n),i})}},qp=new zu(Cm);async function tL(t){return await qp.isEnabled(t)}async function rL(){return await qp.fetch()}var Kp={};P(Kp,{setFeatureFlags:()=>OA,withFeatureFlags:()=>sL});function nL(){let t={};for(let{tenantId:e,key:r,value:n}of Zu(process.env.TENANT_FEATURE_FLAGS||"")){let i=t[e]||{};i[r]!==!1&&(i[r]=n,t[e]=i)}return t}function iL(t){let e=[];for(let[r,n]of Object.entries(t))for(let[i,s]of Object.entries(n))s===!1?e.push(`${r}:!${i}`):e.push(`${r}:${i}`);return e.join(",")}function OA(t,e){let r=nL();for(let[i,s]of Object.entries(e)){let o=r[t]||{};o[i]=s,r[t]=o}let n=iL(r);return Es({TENANT_FEATURE_FLAGS:n})}function sL(t,e,r){let n=OA(t,e),i=r();return i instanceof Promise?i.finally(n):(n(),i)}var im={};P(im,{adminOnly:()=>cc,auditLog:()=>sc,authError:()=>Oe,buildAuthMiddleware:()=>VL,buildCsrfMiddleware:()=>qL,buildTenancyMiddleware:()=>GL,builderOnly:()=>dc,builderOrAdmin:()=>lc,google:()=>Qt,internalApi:()=>ac,joiValidator:()=>Co,oidc:()=>jt,passport:()=>KL,platformLogout:()=>zL,refreshOAuthToken:()=>YL,ssoCallbackUrl:()=>Cr,updateUserOAuth:()=>HL});var nm={};P(nm,{adminOnly:()=>cc,auditLog:()=>sc,authError:()=>Oe,authenticated:()=>ic,builderOnly:()=>dc,builderOrAdmin:()=>lc,correlation:()=>MA,csp:()=>GA,csrf:()=>uc,datasource:()=>WL,errorHandling:()=>BA,featureFlagCookie:()=>qA,google:()=>Qt,internalApi:()=>ac,ip:()=>QA,joiValidator:()=>Co,local:()=>gi,oidc:()=>jt,pino:()=>LA,querystringToBody:()=>WA,ssoCallbackUrl:()=>Cr,tenancy:()=>oc});var gi={};P(gi,{authenticate:()=>uL,options:()=>aL});function Oe(t,e,r){return t(r,null,{message:e})}async function Cr(t,e){if(e&&e.callbackURL)return e.callbackURL;let r=await xp(),n="/api/global/auth";return lr()&&(n+=`/${V()}`),n+=`/${t}/callback`,`${r.platformUrl}${n}`}var jp="Invalid credentials",oL="This account has expired. Please reset your password",aL={passReqToCallback:!0};async function uL(t,e,r,n){if(!e)return Oe(n,"Email Required");if(!r)return Oe(n,"Password Required");let i=await gt(e);return i==null?(console.info(`user=${e} could not be found`),Oe(n,jp)):i.status==="inactive"?(console.info(`user=${e} is inactive`,i),Oe(n,jp)):i.password?await xd(r,i.password)?(delete i.password,n(null,i)):Oe(n,jp):(console.info(`user=${e} has no password set`,i),Oe(n,oL))}var Qt={};P(Qt,{buildVerifyFn:()=>DA,getCallbackUrl:()=>dL,strategyFactory:()=>Yp});var Ro=t=>Promise.resolve(t);async function Xu(t,e=!0,r,n){if(!n)throw new Error("Save user function must be provided");if(!t.userId)return Oe(r,"sso user id required");if(!t.email)return Oe(r,"sso user email required");let i=zn(t.userId),s;try{s=await En(i)}catch(a){if(!a.status||a.status!==404)return Oe(r,"Unexpected error when retrieving existing user",a)}if(s||(s=await gt(t.email)),!s&&e)return Oe(r,"Email does not yet exist. You must set up your local budibase account first.");s||(s={_id:i,email:t.email,roles:{},tenantId:V()});let o=await cL(s,t);o.forceResetPassword=!1;try{delete o.password,o=await n(o,{hashPassword:!1,requirePassword:!1})}catch(a){return Oe(r,"Error saving user",a)}return r(null,o)}async function cL(t,e){let r,n,i;if(e.profile){let s=e.profile;if(s.name){let o=s.name;o.givenName&&(r=o.givenName),o.familyName&&(n=o.familyName)}}return e.oauth2&&(i={...e.oauth2}),{...t,provider:e.provider,providerType:e.providerType,firstName:r,lastName:n,oauth2:i}}var lL=require("passport-google-oauth").OAuth2Strategy;function DA(t){return(e,r,n,i)=>{let s={provider:"google",providerType:"google",userId:n.id,profile:n,email:n._json.email,oauth2:{accessToken:e,refreshToken:r}};return Xu(s,!0,i,t)}}async function Yp(t,e,r){try{let{clientID:n,clientSecret:i}=t;if(!n||!i)throw new Error("Configuration invalid. Must contain google clientID and clientSecret");let s=DA(r);return new lL({clientID:t.clientID,clientSecret:t.clientSecret,callbackURL:e},s)}catch(n){throw new Error(`Error constructing google authentication strategy: ${n}`)}}async function dL(t){return Cr("google",t)}var jt={};P(jt,{buildVerifyFn:()=>CA,fetchStrategyConfig:()=>hL,getCallbackUrl:()=>EL,strategyFactory:()=>mL});var RA=M(require("node-fetch"));var fL=require("@techpass/passport-openidconnect").Strategy;function CA(t){return async(e,r,n,i,s,o,a,u,c)=>{let l={provider:e,providerType:"oidc",userId:n.id,profile:n,email:pL(n,i),oauth2:{accessToken:s,refreshToken:o}};return Xu(l,!1,c,t)}}function pL(t,e){if(t._json.email)return t._json.email;if(e.email)return e.email;let r=e.preferred_username;if(r&&Of(r))return r;throw new Error(`Could not determine user email from profile ${JSON.stringify(t)} and claims ${JSON.stringify(e)}`)}async function mL(t,e){try{let r=CA(e),n=new fL(t,r);return n.name="oidc",n}catch(r){throw new Error(`Error constructing OIDC authentication strategy - ${r}`)}}async function hL(t,e){try{let{clientID:r,clientSecret:n,configUrl:i,pkce:s}=t;if(!r||!n||!e||!i)throw new Error("Configuration invalid. Must contain clientID, clientSecret, callbackUrl and configUrl");let o=await(0,RA.default)(i);if(!o.ok)throw new Error(`Unexpected response when fetching openid-configuration: ${o.statusText}`);let a=await o.json();return{issuer:a.issuer,authorizationURL:a.authorization_endpoint,tokenURL:a.token_endpoint,userInfoURL:a.userinfo_endpoint,clientID:r,clientSecret:n,callbackURL:e,pkce:s}}catch(r){throw new Error(`Error constructing OIDC authentication configuration - ${r}`)}}async function EL(){return Cr("oidc")}var Hp={};P(Hp,{postAuth:()=>TL,preAuth:()=>yL});var gL=require("passport-google-oauth").OAuth2Strategy;async function bA(){let t=await vp();if(!t)throw new Error("No google configuration found");return t}async function yL(t,e,r){let n=await bA(),s=`${await Io({tenantAware:!1})}/api/global/auth/datasource/google/callback`,o=await Yp(n,s,Ro);return e.query.appId||e.throw(400,"appId query param not present."),t.authenticate(o,{scope:["profile","email","https://www.googleapis.com/auth/spreadsheets"],accessType:"offline",prompt:"consent"})(e,r)}async function TL(t,e,r){let n=await bA(),s=`${await Io({tenantAware:!1})}/api/global/auth/datasource/google/callback`,o=Bt(e,"budibase:datasourceauth");if(!o)throw new Error("Unable to fetch datasource auth cookie");return t.authenticate(new gL({clientID:n.clientID,clientSecret:n.clientSecret,callbackURL:s},(a,u,c,l)=>{mr(e,"budibase:datasourceauth"),l(null,{accessToken:a,refreshToken:u})}),{successRedirect:"/",failureRedirect:"/error"},async(a,u)=>{let c=`/builder/app/${o.appId}/data`,l=re();await $t(`datasource:creation:${o.appId}:google:${l}`,{tokens:u}),e.redirect(`${c}/new?continue_google_setup=${l}`)})(e,r)}var SL=/\/:(.*?)(\/.*)?$/g,Tn=t=>t?t.map(e=>{let r=e.route,n=e.method,i=r.match(SL);if(i)for(let s of i){let a="/.*"+(s.endsWith("/")?"/":"");r=r.replace(s,a)}return{regex:new RegExp(r),method:n,route:r}}):[],Sn=(t,e)=>e.find(({regex:r,method:n})=>{let i=r.test(t.request.url),s=n==="ALL"?!0:t.request.method.toLowerCase()===n.toLowerCase();return i&&s});var tm={};P(tm,{SecretOption:()=>PA,decrypt:()=>em,decryptFile:()=>DL,encrypt:()=>OL,encryptFile:()=>IL,getSecret:()=>Xp});var Yt=M(require("crypto")),br=M(require("fs")),Jp=M(require("zlib"));var zp=require("path"),ec="aes-256-ctr",vA="-",AL=1e4,_L=32,tc=16,Zp=16,PA=(r=>(r.API="api",r.ENCRYPTION="encryption",r))(PA||{});function Xp(t){let e,r;switch(t){case"encryption":e=h.ENCRYPTION_KEY,r="ENCRYPTION_KEY";break;case"api":default:e=h.API_ENCRYPTION_KEY,r="API_ENCRYPTION_KEY";break}if(!e)throw new Error(`Secret "${r}" has not been set in environment.`);return e}function rc(t,e){return Yt.default.pbkdf2Sync(t,new Uint8Array(e),AL,_L,"sha512")}function OL(t,e="api"){let r=Yt.default.randomBytes(tc),n=rc(Xp(e),r),i=Yt.default.createCipheriv(ec,new Uint8Array(n),new Uint8Array(r)),s=i.update(t,"utf8"),o=i.final(),a=Buffer.concat([new Uint8Array(s),new Uint8Array(o)]).toString("hex");return`${r.toString("hex")}${vA}${a}`}function em(t,e="api"){let[r,n]=t.split(vA),i=Buffer.from(r,"hex"),s=rc(Xp(e),i),o=Yt.default.createDecipheriv(ec,new Uint8Array(s),new Uint8Array(i)),a=o.update(n,"hex"),u=o.final();return Buffer.concat([new Uint8Array(a),new Uint8Array(u)]).toString()}async function IL({dir:t,filename:e},r){let n=`${e}.enc`,i=(0,zp.join)(t,e);if(br.default.lstatSync(i).isDirectory())throw new Error("Unable to encrypt directory");let s=br.default.createReadStream(i),o=br.default.createWriteStream((0,zp.join)(t,n)),a=Yt.default.randomBytes(tc),u=Yt.default.randomBytes(Zp),c=rc(r,a),l=Yt.default.createCipheriv(ec,new Uint8Array(c),new Uint8Array(u));return o.write(a),o.write(u),s.pipe(Jp.default.createGzip()).pipe(l).pipe(o),new Promise(d=>{o.on("finish",()=>{d({filename:n,dir:t})})})}async function wL(t){let e=br.default.createReadStream(t),r=await xA(e,tc),n=await xA(e,Zp);return e.close(),{salt:r,iv:n}}async function DL(t,e,r){if(br.default.lstatSync(t).isDirectory())throw new Error("Unable to encrypt directory");let{salt:n,iv:i}=await wL(t),s=br.default.createReadStream(t,{start:tc+Zp}),o=br.default.createWriteStream(e),a=rc(r,n),u=Yt.default.createDecipheriv(ec,new Uint8Array(a),new Uint8Array(i)),c=Jp.default.createGunzip();return s.pipe(u).pipe(c).pipe(o),new Promise((l,d)=>{o.on("finish",()=>{o.close(),l()}),s.on("error",f=>{o.close(),d(f)}),u.on("error",f=>{o.close(),d(f)}),c.on("error",f=>{o.close(),d(f)}),o.on("error",f=>{o.close(),d(f)})})}function xA(t,e){return new Promise((r,n)=>{let i=0,s=[];t.on("readable",()=>{let o;for(;(o=t.read(e-i))!==null;)s.push(o),i+=o.length;r(Buffer.concat(s.map(a=>new Uint8Array(a))))}),t.on("end",()=>{n(new Error("Insufficient data in the stream."))}),t.on("error",o=>{n(o)})})}var UA=M(require("dd-trace")),RL=h.SESSION_UPDATE_PERIOD?parseInt(h.SESSION_UPDATE_PERIOD):60*1e3;function CL(){return new Date(Date.now()-RL).toISOString()}function NA(t,e={}){t.publicEndpoint=e.publicEndpoint||!1,t.isAuthenticated=e.authenticated||!1,t.loginMethod=e.loginMethod,t.user=e.user,t.internal=e.internal||!1,t.version=e.version}async function bL(t,e){if(Vs(t))return{valid:!0,user:void 0};let n=em(t).split(C)[0];return Re(n,async()=>{let i;try{let s=Y();i=await Mt("by_api_key",{key:t},s)}catch{i=void 0}if(i)return{valid:!0,user:await Ao({userId:i,tenantId:n,populateUser:e})};throw new fi})}function nc(t,e){let r=t.request.headers[e];if(Array.isArray(r))throw new Error("Unexpected header format");return r}function ic(t=[],e={publicAllowed:!1}){let r=t?Tn(t):[];return async(n,i)=>{let s=!1,o=nc(n,"x-budibase-api-version");Sn(n,r)&&(s=!0);try{let u=nc(n,"x-budibase-token"),c=Bt(n,"budibase:auth")||nu(u),l=nc(n,"x-budibase-api-key");!l&&n.request.headers.authorization&&(l=n.request.headers.authorization.split(" ")[1]);let d=nc(n,"x-budibase-tenant-id"),f=!1,m,p=!1,E;if(c&&!l){let T=c.sessionId,_=c.userId,A;try{A=await Ep(_,T),e&&e.populateUser?m=await Ao({userId:_,tenantId:A.tenantId,email:A.email,populateUser:e.populateUser(n)}):m=await Ao({userId:_,tenantId:A.tenantId,email:A.email}),m.csrfToken=A.csrfToken,E="cookie",A?.lastAccessedAt<CL()&&await hp(A),f=!0}catch(w){f=!1,console.error(`Auth Error: ${w.message}`),mr(n,"budibase:auth")}}if(!f&&l){let T=e.populateUser?e.populateUser(n):null,{valid:_,user:A}=await bL(l,T);_&&(f=!0,E="api_key",m=A,p=!A)}!m&&d?m={tenantId:d}:m&&"password"in m&&delete m.password,f||(f=!1);let g=T=>T&&T.email;return g(m)&&UA.default.setUser({id:m._id,tenantId:m.tenantId,budibaseAccess:m.budibaseAccess,status:m.status}),NA(n,{authenticated:f,user:m,internal:p,version:o,publicEndpoint:s,loginMethod:E}),g(m)?Nd(m,n,i):i()}catch(u){if(console.error(`Auth Error: ${u.message}`),u?.name==="JsonWebTokenError"?mr(n,"budibase:auth"):u?.code==="invalid_api_key"&&n.throw(403,u.message),e&&e.publicAllowed||s)return NA(n,{authenticated:!1,version:o,publicEndpoint:s}),i();n.throw(u.status||403,u)}}}var sc=async(t,e)=>e();function oc(t,e,r={noTenancyRequired:!1}){let n=Tn(t),i=Tn(e);return async function(s,o){let u={allowNoTenant:r.noTenancyRequired||!!Sn(s,i)};!!Sn(s,n)||(u.excludeStrategies=["query"]);let l=Ws(s,u);return s.set("x-budibase-tenant-id",l),Re(l,o)}}async function ac(t,e){let r=t.request.headers["x-budibase-api-key"];return r||t.throw(403,"Unauthorized"),Array.isArray(r)&&t.throw(403,"Unauthorized"),Vs(r)||t.throw(403,"Unauthorized"),e()}var xL=["GET","HEAD","OPTIONS"],vL=["application/x-www-form-urlencoded","multipart/form-data","text/plain"];function uc(t={noCsrfPatterns:[]}){let e=Tn(t.noCsrfPatterns);return async(r,n)=>{if(Sn(r,e)||xL.indexOf(r.method)!==-1)return n();let s=r.get("content-type")?r.get("content-type").toLowerCase():"";if(!vL.filter(u=>s.includes(u)).length||r.internal)return n();let o=r.user?.csrfToken;if(!o)return n();let a=r.get("x-csrf-token");return(!a||a!==o)&&r.throw(403,"Invalid CSRF token"),n()}}var cc=async(t,e)=>(!t.internal&&!Ir(t.user)&&t.throw(403,"Admin user only endpoint."),e());async function lc(t,e){let r=Ae(),n=h.isWorker()||!r?Xe:h.isApps()?pi:void 0;if(!n)throw new Error("Service name unknown - middleware inactive.");return!t.internal&&!n(t.user,r)&&!Ir(t.user)&&t.throw(403,"Admin/Builder user only endpoint."),e()}async function dc(t,e){let r=Ae(),n;if(h.isWorker()||!r?n=Xe:h.isApps()&&(n=pi),!n)throw new Error("Service name unknown - middleware inactive.");return!t.internal&&!n(t.user,r)&&t.throw(403,"Builder user only endpoint."),e()}var PL=require("koa-pino-logger"),NL=require("correlation-id");function UL(){return{logger:hu,genReqId:NL.getId,autoLogging:{ignore:t=>!!t.url?.includes("/health")},serializers:{req:t=>({method:t.method,url:t.url,correlationId:t.id}),res:t=>({status:t.statusCode})}}}function LL(){return h.HTTP_LOGGING?PL(UL()):(t,e)=>e()}var LA=LL();var kA=require("uuid"),kL=require("correlation-id"),MA=(t,e)=>{let r=t.headers["x-budibase-correlation-id"];return r||(r=(0,kA.v4)()),kL.withId(r,()=>e())};function FA(t){if(t.includes("-----BEGIN PRIVATE KEY-----"))return!0;for(let e of Ty){let r=h[e];if(!(typeof r!="string"||r==="")&&t.includes(r))return!0}return!1}async function BA(t,e){try{await e()}catch(r){let n=r.status||r.statusCode||500;t.status=n,n>=400&&n<500?console.warn(r):console.error("Got 400 response code",r);let i={message:r.message,status:n,validationErrors:r.validation,error:Lu(r)};if(FA(JSON.stringify(i))&&(i={message:"Unexpected error",status:n,error:"Unexpected error"}),h.isTest()&&t.headers["x-budibase-include-stacktrace"]){let s=r;for(;s.cause;)s=s.cause;i.stack=s.stack}t.body=i}}function WA(t,e){let r=t.request.query?.query;if(t.request.method.toLowerCase()!=="get"&&t.throw(500,"Query to download middleware can only be used for get requests."),!r)return e();let n=decodeURIComponent(r),i;try{i=JSON.parse(n)}catch{return e()}return t.request.body=i,e()}var VA=M(require("crypto"));var $A={"default-src":["'self'"],"script-src":["'self'","'unsafe-eval'","https://*.budibase.net","https://cdn.budi.live","https://js.intercomcdn.com","https://widget.intercom.io","https://d2l5prqdbvm3op.cloudfront.net","https://us-assets.i.posthog.com","https://www.google.com/recaptcha/api.js"],"style-src":["'self'","'unsafe-inline'","https://cdn.jsdelivr.net","https://fonts.googleapis.com","https://rsms.me","https://maxcdn.bootstrapcdn.com"],"object-src":["'none'"],"base-uri":["'self'"],"connect-src":["'self'","https://*.budibase.app","https://*.budibaseqa.app","https://*.budibase.net","https://api-iam.intercom.io","https://api-ping.intercom.io","https://app.posthog.com","https://us.i.posthog.com","wss://nexus-websocket-a.intercom.io","wss://nexus-websocket-b.intercom.io","https://nexus-websocket-a.intercom.io","https://nexus-websocket-b.intercom.io","https://uploads.intercomcdn.com","https://uploads.intercomusercontent.com","https://*.amazonaws.com","https://*.s3.amazonaws.com","https://*.s3.us-east-2.amazonaws.com","https://*.s3.us-east-1.amazonaws.com","https://*.s3.us-west-1.amazonaws.com","https://*.s3.us-west-2.amazonaws.com","https://*.s3.af-south-1.amazonaws.com","https://*.s3.ap-east-1.amazonaws.com","https://*.s3.ap-south-1.amazonaws.com","https://*.s3.ap-northeast-2.amazonaws.com","https://*.s3.ap-southeast-1.amazonaws.com","https://*.s3.ap-southeast-2.amazonaws.com","https://*.s3.ap-northeast-1.amazonaws.com","https://*.s3.ca-central-1.amazonaws.com","https://*.s3.cn-north-1.amazonaws.com","https://*.s3.cn-northwest-1.amazonaws.com","https://*.s3.eu-central-1.amazonaws.com","https://*.s3.eu-west-1.amazonaws.com","https://*.s3.eu-west-2.amazonaws.com","https://*.s3.eu-south-1.amazonaws.com","https://*.s3.eu-west-3.amazonaws.com","https://*.s3.eu-north-1.amazonaws.com","https://*.s3.sa-east-1.amazonaws.com","https://*.s3.me-south-1.amazonaws.com","https://*.s3.us-gov-east-1.amazonaws.com","https://*.s3.us-gov-west-1.amazonaws.com","https://api.github.com"],"font-src":["'self'","data:","https://cdn.jsdelivr.net","https://fonts.gstatic.com","https://rsms.me","https://maxcdn.bootstrapcdn.com","https://js.intercomcdn.com","https://fonts.intercomcdn.com"],"frame-src":["'self'","https:"],"img-src":["http:","https:","data:","blob:"],"manifest-src":["'self'"],"media-src":["'self'","https://js.intercomcdn.com","https://cdn.budi.live"],"worker-src":["blob:","'self'"]},ML=/^[A-Za-z0-9-*:/.]+$/,GA=async(t,e)=>{let r=VA.default.randomBytes(16).toString("base64");t.state.nonce=r;let n={...$A};if(n["script-src"]=[...$A["script-src"],`'nonce-${r}'`],t.user?.license?.features.includes("customAppScripts")&&t.appId)try{let o=await Us.getWorkspaceMetadata(t.appId);if("name"in o)for(let a of o.scripts||[]){let u=(a.cspWhitelist||"").split(`
+`);for(let s of i.filter(o=>o))t.push(Js.default.readFileSync(s))}return t.push(Js.default.readFileSync(HT(JT))),Buffer.concat(t.map(n=>new Uint8Array(n)))}function Cx(t){return typeof t=="object"&&t!==null&&!(t instanceof Error)}function bx(t){return t instanceof Error}function xx(t){return typeof t=="string"}var Tr;if(!h.DISABLE_PINO_LOGGER){let t=h.LOG_LEVEL,e={level:t,formatters:{level:u=>({level:u.toUpperCase()}),bindings:()=>h.SELF_HOSTED?{service:h.SERVICE_NAME}:{}},timestamp:()=>`,"timestamp":"${new Date(Date.now()).toISOString()}"`},r=[];r.push(h.isDev()?{stream:(0,tS.default)({singleLine:!0}),level:t}:{stream:process.stdout,level:t}),h.SELF_HOSTED&&r.push({stream:Vf(),level:t}),Tr=r.length?(0,mu.default)(e,mu.default.multistream(r)):(0,mu.default)(e);let n=u=>{let c,l=[],d="";u.forEach(g=>{xx(g)&&(d=`${d} ${g}`.trimStart()),Cx(g)&&l.push(g),bx(g)&&(c=g)});let f=a(),m={};m={tenantId:i(),appId:s(),automationId:o(),identityId:f?._id,identityType:f?.type,correlationId:bf()};let p=qf.default.scope().active();p&&qf.default.inject(p.context(),rS.formats.LOG,m);let E={err:c,pid:process.pid,...m};if(l.length){let g={},T=0;for(let _=0;_<l.length;_++){let A=l[_],w=A._logKey;w?(delete A._logKey,E[w]=A):(g[T]=A,T++)}Object.keys(g).length&&(E.data=g)}return[E,d]};console.log=(...u)=>{let[c,l]=n(u);Tr?.info(c,l)},console.info=(...u)=>{let[c,l]=n(u);Tr?.info(c,l)},console.warn=(...u)=>{let[c,l]=n(u);Tr?.warn(c,l)},console.error=(...u)=>{let[c,l]=n(u);Tr?.error(c,l)},console.trace=(...u)=>{let[c,l]=n(u);c.err||(c.err=new Error),Tr?.trace(c,l)},console.debug=(...u)=>{let[c,l]=n(u);Tr?.debug(c,l)};let i=()=>{let u;try{u=V()}catch{}return u},s=()=>{let u;try{u=Ae()}catch{}return u},o=()=>{let u;try{u=Hd()}catch{}return u},a=()=>{let u;try{u=Ut()}catch{}return u}}var hu=Tr;var vx=["AccountError"];function Px(t){return t&&t.suppressAlert}function an(t,e){e&&vx.includes(e.name)&&Px(e)||console.error(`bb-alert: ${t}`,e)}function Nx(t,e,r,n){t=`${t} - db: ${e} - doc: ${r} - error: `,an(t,n)}function ri(t,e){console.warn(`bb-warn: ${t}`,e)}var Eu=class extends Error{constructor(e){super(e),this.name="PermanentError"}},Kf=class{constructor(e,r={}){let{maxAttempts:n=3,removeOnFail:i=!0,removeOnComplete:s=!0,maxStalledCount:o=3}=r;this.waitForCompletionMs=r.waitForCompletionMs||1e4,this._queue=new pt(e,{maxStalledCount:o,jobOptions:{attempts:n,removeOnFail:i,removeOnComplete:s}}),this._queue.process(async(a,u)=>{try{let c=await this.processFn(a.data);u?.(null,c)}catch(c){c instanceof Eu&&await a.discard(),an(`Failed to process job in ${this._queue.name}`,c),u?.(c)}})}async close(e){await this._queue.close(e)}async execute(e){try{let r=await this._queue.add(e);return{success:!0,result:await Pe.withTimeout(this.waitForCompletionMs,()=>r.finished())}}catch(r){if(r.errno!=="ETIME")throw r;return{success:!1,reason:"timeout"}}}};var Ux=100,gu,Xs=class t{static get queue(){return t._queue||(t._queue=new pt("docWritethroughQueue",{jobOptions:{attempts:Ux}})),t._queue}init(){return t.queue.process(async e=>{try{await this.persistToDb(e.data)}catch(r){throw r.status===409?new Error(`Conflict persisting message ${e.id}. Attempt ${e.attemptsMade}`):r}}),this}async persistToDb({dbName:e,docId:r,data:n}){if(r.startsWith("scimlog"))return;let i=De(e),s;try{s=await i.get(r)}catch{s={_id:r}}s={...s,...n},await i.put(s)}},jf=class{constructor(e,r){this.db=e,this._docId=r}get docId(){return this._docId}async patch(e){await Xs.queue.add({dbName:this.db.name,docId:this.docId,data:e})}};function nS(){return gu=new Xs().init(),gu}function Lx(){return gu||nS()}var to={};P(to,{CacheKey:()=>Ee,TTL:()=>ln,bustCache:()=>ni,destroy:()=>eo,get:()=>dn,keys:()=>yu,store:()=>$t,withCache:()=>Sr,withCacheWithDynamicTTL:()=>iS});function Ot(t){let e=V();return`${t}:${e}`}var un=class{constructor(e=void 0){this.client=e}async getClient(){return this.client?this.client:await sf()}async keys(e){return(await this.getClient()).keys(e)}async exists(e,r={useTenancy:!0}){return e=r.useTenancy?Ot(e):e,(await this.getClient()).exists(e)}async scan(e,r={useTenancy:!0}){return e=r.useTenancy?Ot(e):e,(await this.getClient()).scan(e)}async get(e,r={useTenancy:!0}){return e=r.useTenancy?Ot(e):e,(await this.getClient()).get(e)}async bulkGet(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Ot(i)):e,(await this.getClient()).bulkGet(e)}async store(e,r,n=null,i={useTenancy:!0}){e=i.useTenancy?Ot(e):e,await(await this.getClient()).store(e,r,n)}async bulkStore(e,r=null,n={useTenancy:!0}){n.useTenancy&&(e=Object.entries(e).reduce((s,[o,a])=>(s[Ot(o)]=a,s),{})),await(await this.getClient()).bulkStore(e,r)}async delete(e,r={useTenancy:!0}){return e=r.useTenancy?Ot(e):e,(await this.getClient()).delete(e)}async bulkDelete(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Ot(i)):e,(await this.getClient()).bulkDelete(e)}async withCache(e,r=null,n,i={useTenancy:!0}){let s=await this.get(e,i);if(s)return s;try{let o=await n();return await this.store(e,o,r,i),o}catch(o){throw console.error("Error fetching before cache - ",o),o}}async withCacheWithDynamicTTL(e,r,n={useTenancy:!0}){let i=await this.get(e,n);if(i)return i;try{let s=await r(),{value:o,ttl:a}=s;return await this.store(e,o,a,{useTenancy:n.useTenancy}),o}catch(s){throw console.error("Error fetching before cache - ",s),s}}async bustCache(e){let r=await this.getClient();try{await r.delete(Ot(e))}catch(n){throw console.error("Error busting cache - ",n),n}}async deleteIfValue(e,r,n={useTenancy:!0}){e=n.useTenancy?Ot(e):e,await(await this.getClient()).deleteIfValue(e,r)}};var cn=new un,Ee={CHECKLIST:"checklist",INSTALLATION:"installation",ANALYTICS_ENABLED:"analyticsEnabled",UNIQUE_TENANT_ID:"uniqueTenantId",EVENTS:"events",BACKFILL_METADATA:"backfillMetadata",EVENTS_RATE_LIMIT:"eventsRateLimit",OAUTH2_TOKEN:t=>`oauth2Token_${t}`},ln=(n=>(n[n.ONE_MINUTE=600]="ONE_MINUTE",n[n.ONE_HOUR=3600]="ONE_HOUR",n[n.ONE_DAY=86400]="ONE_DAY",n))(ln||{}),yu=(...t)=>cn.keys(...t),dn=(...t)=>cn.get(...t),$t=(...t)=>cn.store(...t),eo=(...t)=>cn.delete(...t),Sr=(...t)=>cn.withCache(...t),iS=(...t)=>cn.withCacheWithDynamicTTL(...t),ni=(...t)=>cn.bustCache(...t);var zf={};P(zf,{createCode:()=>Mx,deleteCode:()=>Bx,getCode:()=>Fx,getExistingInvites:()=>Hf,getInviteCodes:()=>oS,updateCode:()=>kx});var sS=me.fromDays(7).toSeconds();async function kx(t,e){await(await rn()).store(t,e,sS)}async function Mx(t,e){let r=re();return await(await rn()).store(r,{email:t,info:e},sS),r}async function Fx(t){let r=await(await rn()).get(t);if(!r)throw"Invitation is not valid or has expired, please request a new one.";return r}async function Bx(t){await(await rn()).delete(t)}async function oS(){let r=(await(await rn()).scan()).map(i=>({...i.value,code:i.key}));if(!h.MULTI_TENANCY)return r;let n=V();return r.filter(i=>n===i.info.tenantId)}async function Hf(t){return(await oS()).filter(e=>t.includes(e.email))}var Jf={};P(Jf,{createCode:()=>$x,getCode:()=>Vx,invalidateCode:()=>Gx});var Wx=me.fromHours(1).toSeconds();async function $x(t,e){let r=re();return await(await Ns()).store(r,{userId:t,info:e},Wx),r}async function Vx(t){let r=await(await Ns()).get(t);if(!r)throw new Error("Provided information is not valid, cannot reset password - please try again.");return r}async function Gx(t){await(await Ns()).delete(t)}var wr={};P(wr,{getUser:()=>Ao,getUsers:()=>yU,invalidateUser:()=>_o});var ro={};P(ro,{getPlatformDB:()=>Ar,users:()=>ht});var ht={};P(ht,{addSsoUser:()=>uS,addUser:()=>Hx,getUserDoc:()=>aS,lookupTenantId:()=>qx,removeUser:()=>zx,updateUserDoc:()=>Kx});function Ar(){return De(de.PLATFORM_INFO.name)}async function qx(t){return h.MULTI_TENANCY?(await aS(t)).tenantId:oe}async function aS(t){return Ar().get(t)}async function Kx(t){await Ar().put(t)}function Qx(t,e){return{_id:t,tenantId:e}}function jx(t,e,r){return{_id:e,userId:t,tenantId:r}}function Yx(t,e,r,n){return{_id:t,userId:r,email:e,tenantId:n}}async function Zf(t,e){let r=Ar(),n;try{await r.get(t)}catch(i){if(i.status===404)n=e(),await r.put(n);else throw i}}async function uS(t,e,r,n){return Zf(t,()=>Yx(t,e,r,n))}async function Hx(t,e,r,n){let i=[Zf(e,()=>Qx(e,t)),Zf(r,()=>jx(e,r,t))];n&&i.push(uS(n,r,e,t)),await Promise.all(i)}async function zx(t){let e=Ar(),r=[t._id,t.email],n=await e.allDocs({keys:r,include_docs:!0});await e.bulkRemove(n.rows.map(i=>i.doc),{silenceErrors:!0})}var fn={};P(fn,{getAccount:()=>_r,getAccountByTenantId:()=>ii,getStatus:()=>Jx});var cS=M(require("node-fetch"));var no=class{constructor(e){this.host=e}async apiCall(e,r,n){n.headers||(n.headers={}),n.headers["Content-Type"]||(n.headers={"Content-Type":"application/json",Accept:"application/json",...n.headers});let i=n.headers["Content-Type"]==="application/json";Qs.setHeader(n.headers);let s={method:e,body:i?JSON.stringify(n.body):n.body,headers:n.headers,credentials:"include"};return await(0,cS.default)(`${this.host}${r}`,s)}async post(e,r){return this.apiCall("POST",e,r)}async get(e,r){return this.apiCall("GET",e,r)}async patch(e,r){return this.apiCall("PATCH",e,r)}async del(e,r){return this.apiCall("DELETE",e,r)}async put(e,r){return this.apiCall("PUT",e,r)}};var Xf=new no(h.INTERNAL_ACCOUNT_PORTAL_URL),ep=h.SELF_HOSTED||h.DISABLE_ACCOUNT_PORTAL,_r=async t=>{if(ep)return;let e={email:t},r=await Xf.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":h.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by email ${t}`);return(await r.json())[0]},ii=async t=>{if(ep)return;let e={tenantId:t},r=await Xf.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":h.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by tenantId ${t}`);return(await r.json())[0]},Jx=async()=>{if(ep)return;let t=await Xf.get("/api/status",{headers:{"x-budibase-api-key":h.ACCOUNT_PORTAL_API_KEY}}),e=await t.json();if(t.status!==200)throw new Error("Error getting status");return e};var ui={};P(ui,{UserDB:()=>It,addAppBuilder:()=>mU,bulkGetGlobalUsersById:()=>$u,bulkUpdateGlobalUsers:()=>yo,cleanseUserObject:()=>_p,creatorsInList:()=>mn,doesUserExist:()=>cU,getAccountHolderFromUsers:()=>Bu,getAllUserIds:()=>aU,getAllUsers:()=>uU,getById:()=>En,getCreatorCount:()=>fU,getExistingAccounts:()=>ai,getExistingPlatformUsers:()=>QS,getExistingTenantUsers:()=>KS,getFirstPlatformUser:()=>ho,getGlobalUserByAppPage:()=>tA,getGlobalUserByEmail:()=>gt,getPlatformUsers:()=>Ru,getUserCount:()=>dU,hasAdminPermissions:()=>Or,hasAppBuilderPermissions:()=>HS,hasBuilderPermissions:()=>Xe,isAdmin:()=>Ir,isAdminOrBuilder:()=>YS,isBuilder:()=>pi,isCreatorAsync:()=>Eo,isCreatorSync:()=>Mu,isGlobalBuilder:()=>jS,paginatedUsers:()=>nA,removeAppBuilder:()=>hU,removePortalUserPermissions:()=>pU,searchExistingEmails:()=>dp,searchGlobalUsersByApp:()=>Vu,searchGlobalUsersByAppAccess:()=>Ap,searchGlobalUsersByEmail:()=>rA,validateUniqueUser:()=>Fu});var oi={};P(oi,{account:()=>AS,action:()=>_S,ai:()=>RS,analytics:()=>Su,app:()=>OS,auditLog:()=>VS,auth:()=>Du,automation:()=>IS,backfill:()=>MS,backfillCache:()=>Iu,backup:()=>WS,datasource:()=>wS,email:()=>DS,environmentVariable:()=>$S,group:()=>FS,identification:()=>Et,initAsyncEvents:()=>KN,installation:()=>uo,layout:()=>bS,license:()=>CS,org:()=>xS,plugin:()=>BS,processors:()=>rp,publishEvent:()=>S,query:()=>vS,role:()=>mo,rowAction:()=>GS,rows:()=>NS,screen:()=>PS,serve:()=>LS,shutdown:()=>QN,table:()=>US,user:()=>Ue,view:()=>kS,workspace:()=>qS});var rp={};P(rp,{analyticsProcessor:()=>ES,init:()=>av,processors:()=>Gt});var Su={};P(Su,{enabled:()=>Tu});var Tu=async()=>Au();var mS=require("posthog-node");var Zx=t=>t==="served:builder"||t==="served:app:preview"||t==="served:app",Xx=t=>t==="served:app:preview"||t==="served:app";var dS={"served:app":"calendarDay","served:app:preview":"calendarDay","served:builder":"calendarDay"},fS=async t=>{if(!Zx(t))return!1;let e=await ev(t);if(e){let r=new Date(e.timestamp);switch(dS[t]){case"calendarDay":return r.setDate(r.getDate()+1),r.setHours(0,0,0,0),Date.now()>r.getTime()?(await lS(t,{timestamp:Date.now()}),!1):!0}}else return await lS(t,{timestamp:Date.now()}),!1},pS=t=>{let e=`${Ee.EVENTS_RATE_LIMIT}:${t}`;return Xx(t)&&(e=e+":"+Ae()),e},ev=async t=>{let e=pS(t);return await dn(e)},lS=async(t,e)=>{let r=pS(t),n=dS[t],i;switch(n){case"calendarDay":i=86400}await $t(r,e,i)};var rv=["user:updated","email:smtp:updated","auth:sso:updated","app:updated","role:updated","datasource:updated","query:updated","view:updated","view:calculation:updated","automation:trigger:updated","user_group:updated"],io=class{constructor(e){if(!e)throw new Error("Posthog token is not defined");this.posthog=new mS.PostHog(e)}async processEvent(e,r,n,i){if(rv.includes(e)||await fS(e))return;n=this.clearPIIProperties(n),n.version=h.VERSION,n.service=h.SERVICE,n.environment=r.environment,n.hosting=r.hosting;let s=Ae();s&&(n.appId=s);let o={distinctId:r.id,event:e,properties:n};i&&(o.timestamp=new Date(i)),(r.installationId||r.tenantId)&&(o.groups={},r.installationId&&(o.groups.installation=r.installationId,o.properties.installationId=r.installationId),r.tenantId&&(o.groups.tenant=r.tenantId,o.properties.tenantId=r.tenantId)),this.posthog.capture(o)}clearPIIProperties(e){return e.email&&delete e.email,e.audited&&delete e.audited,e}async identify(e,r){let n={distinctId:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.identify(n)}async identifyGroup(e,r){let n={distinctId:e.id,groupType:e.type,groupKey:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.groupIdentify(n)}async shutdown(){await this.posthog.shutdown()}};var hS=io;var nv=["installation:version:upgraded","installation:version:downgraded"],iv=["installation","tenant"],so=class{constructor(){h.POSTHOG_TOKEN&&!h.isTest()&&(this.posthog=new hS(h.POSTHOG_TOKEN))}async processEvent(e,r,n,i){!nv.includes(e)&&!await Tu()||this.posthog&&await this.posthog.processEvent(e,r,n,i)}async identify(e,r){!iv.includes(e.type)&&!await Tu()||this.posthog&&await this.posthog.identify(e,r)}async identifyGroup(e,r){this.posthog&&await this.posthog.identifyGroup(e,r)}async shutdown(){this.posthog&&await this.posthog.shutdown()}};var tp=h.SELF_HOSTED&&!h.isDev(),oo=class{async processEvent(e,r,n){tp||console.log(`[audit] [identityType=${r.type}] ${e}`,n)}async identify(e){tp||console.log("[audit] identified",e)}async identifyGroup(e){tp||console.log("[audit] group identified",e)}async shutdown(){}};var si=class t{static{this.auditLogsEnabled=!1}static init(e){t.auditLogsEnabled=!0;let r=e;return t.auditLogQueue=new pt("auditLogQueue",{jobTags:n=>({"event.name":n.event})}),t.auditLogQueue.process(async n=>{await Re(n.data.tenantId,async()=>{let i=n.data.properties;i.audited&&(i={...i,...i.audited},delete i.audited);let s={};h.ENABLE_AUDIT_LOG_IP_ADDR&&(s=n.data.opts.hostInfo),await r(n.data.event,i,{userId:n.data.opts.userId,timestamp:n.data.opts.timestamp,appId:n.data.opts.appId,hostInfo:s})})})}async processEvent(e,r,n,i){if(t.auditLogsEnabled&&_f(e)){let s=r.type==="user"?r.id:void 0;await t.auditLogQueue.add({event:e,properties:n,opts:{userId:s,timestamp:i,appId:Ae(),hostInfo:r.hostInfo},tenantId:V()})}}async identify(){}async identifyGroup(){}async shutdown(){await t.auditLogQueue?.close()}};var ao=class{constructor(e){this.initialised=!1;this.processors=[];this.processors=e}async processEvent(e,r,n,i){for(let s of this.processors)await s.processEvent(e,r,n,i)}async identify(e,r){for(let n of this.processors)n.identify&&await n.identify(e,r)}async identifyGroup(e,r){for(let n of this.processors)n.identifyGroup&&await n.identifyGroup(e,r)}async shutdown(){for(let e of this.processors)e.shutdown&&await e.shutdown()}};var ES=new so,sv=new oo,ov=new si;function av(t){return si.init(t)}var Gt=new ao([ES,sv,ov]);var _u={};P(_u,{checkInstallVersion:()=>lv,getInstall:()=>co,getInstallFromDB:()=>ip});var np=M(require("semver"));var co=async()=>Sr(Ee.INSTALLATION,86400,ip,{useTenancy:!1});async function uv(t){let e={_id:de.PLATFORM_INFO.docs.install,installId:re(),version:h.VERSION};try{let r=await t.put(e);return e._rev=r.rev,e}catch(r){if(r.status===409)return ip();throw r}}var ip=async()=>Ge(de.PLATFORM_INFO.name,async t=>{let e;try{e=await t.get(de.PLATFORM_INFO.docs.install)}catch(r){if(r.status===404)e=await uv(t);else throw r}return e}),cv=async t=>{try{await Ge(de.PLATFORM_INFO.name,async e=>{let r=await co();r.version=t,await e.put(r),await ni(Ee.INSTALLATION)})}catch(e){if(e.status===409)return!1;throw e}return!0},lv=async()=>{let t=await co(),e=t.version,r=h.VERSION;try{if(e!==r){let n=np.default.gt(r,e),i=np.default.lt(r,e);await cv(r)&&(await ys({_id:t.installId,type:"installation"},async()=>{n?await uo.upgraded(e,r):i&&await uo.downgraded(e,r)}),await Et.identifyInstallationGroup(t.installId))}}catch(n){n?.message?.includes("Invalid Version")?an(`Invalid version "${r}" - is it semver?`):an("Failed to retrieve version",n)}};var dv=async()=>{let t=vd(),e=po(),r;if(t?r=t.type:r="tenant",r==="installation"){let n=await pn(),i=lo();return{id:gS(n,r),hosting:i,type:r,installationId:n,environment:e}}else if(r==="tenant"){let n=await pn(),i=await Ou(V()),s=lo();return{id:gS(i,r),type:r,hosting:s,installationId:n,tenantId:i,realTenantId:V(),environment:e}}else if(r==="user"){let n=t,i=await Ou(V()),s=await pn(),o=n.account,a;return o?a=o.hosting:a=lo(),{id:n._id,type:r,hosting:a,installationId:s,tenantId:i,environment:e,realTenantId:V(),hostInfo:n.hostInfo}}else throw new Error("Unknown identity type")},fv=async(t,e)=>{let r=t,n="installation",i=lo(),s=h.VERSION,o=po(),a={id:r,type:n,hosting:i,version:s,environment:o};await sp(a,e),await fo({...a,id:`$${n}_${r}`},e)},pv=async(t,e,r,n=h.VERSION)=>{let i=await Ou(t),s="tenant",o=await pn(),a=po(),u={id:i,type:s,hosting:e,environment:a,installationId:o,createdAt:r,createdVersion:n};await sp(u,r),await fo({...u,id:`$${s}_${i}`},r)},mv=async(t,e,r)=>{let n=t._id,i=await Ou(t.tenantId),s="user",o=Xe(t),a=Or(t),u;Bo(t)&&(u=t.providerType);let l=(await ai([t.email])).length>0,d=!!e&&l&&e.verified,f=await pn(),m=e?e.hosting:lo(),p=po();await fo({id:n,type:s,hosting:m,installationId:f,tenantId:i,verified:d,accountHolder:l,providerType:u,builder:o,admin:a,environment:p},r)},hv=async t=>{let e=t.accountId,r=t.tenantId,n="user",i=Fo(t)?t.providerType:void 0,s=t.verified,o=!0,a=t.hosting,u=await pn(),c=po();if(Mo(t)){let d=await gt(t.email);d?._id&&(e=d._id)}await fo({id:e,type:n,hosting:a,installationId:u,tenantId:r,providerType:i,verified:s,accountHolder:o,environment:c})},fo=async(t,e)=>{await Gt.identify(t,e)},sp=async(t,e)=>{await Gt.identifyGroup(t,e)},po=()=>h.isDev()?"development":h.DEPLOYMENT_ENVIRONMENT,lo=()=>h.SELF_HOSTED?"self":"cloud",pn=async()=>Ev()?"account-portal":(await co()).installId,Ou=async t=>h.SELF_HOSTED?yS(t):t,yS=async t=>Re(t,()=>Sr(Ee.UNIQUE_TENANT_ID,86400,async()=>{let e=Y(),r=await ci(),n;return r.config.uniqueTenantId?r.config.uniqueTenantId:(n=`${re()}_${t}`,r.config.uniqueTenantId=n,r.config.createdVersion=h.VERSION,await e.put(r),n)})),Ev=()=>h.SERVICE==="account-portal",gS=(t,e)=>e==="installation"||e==="tenant"?`$${e}_${t}`:t,Et={getCurrentIdentity:dv,identifyInstallationGroup:fv,identifyTenantGroup:pv,identifyUser:mv,identifyAccount:hv,identify:fo,identifyGroup:sp,getInstallationId:pn,getUniqueTenantId:yS};var Iu={};P(Iu,{end:()=>yv,isAlreadySent:()=>up,isBackfillingEvent:()=>ap,recordEvent:()=>op,start:()=>gv});var gv=async t=>Sv({eventWhitelist:t}),op=async(t,e)=>{let r=cp(t,e);await $t(r,e,void 0,{useTenancy:!1})},yv=async()=>{await Av(),await _v()},Tv=async()=>dn(Ee.BACKFILL_METADATA),Sv=async t=>$t(Ee.BACKFILL_METADATA,t),Av=async()=>{await eo(Ee.BACKFILL_METADATA)},_v=async()=>{let t=cp(),e=await yu(t);for(let r of e)await eo(r,{useTenancy:!1})},ap=async t=>{let r=(await Tv())?.eventWhitelist;return!!(r&&r.includes(t))},up=async(t,e)=>{let r=cp(t,e);return!!await dn(r,{useTenancy:!1})},Ov={"automation:created":t=>t.automationId,"automation:step:created":t=>t.stepId,"datasource:created":t=>t.datasourceId,"layout:created":t=>t.layoutId,"query:created":t=>t.queryId,"role:created":t=>t.roleId,"screen:created":t=>t.screenId,"table:created":t=>t.tableId,"view:created":t=>t.tableId,"view:calculation:created":t=>t.tableId,"view:filter:created":t=>t.tableId,"app:created":t=>t.appId,"app:published":t=>t.appId,"auth:sso:created":t=>t.type,"auth:sso:activated":t=>t.type,"user:created":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:builder:assigned":t=>t.userId,"role:assigned":t=>`${t.roleId}-${t.userId}`},cp=(t,e)=>{let r,n=V();if(t){r=`${Ee.EVENTS}:${n}:${t}`;let i=Ov[t],s=i?i(e):void 0;s&&(r=`${r}:${s}`)}else r=`${Ee.EVENTS}:${n}:*`;return r};var qt;function wu(){qt=new pt("systemEventQueue",{jobTags:t=>({"event.name":t.event})})}async function TS(){qt&&await qt.close()}async function SS(t){qt||wu();let{event:e,identity:r}=t;Om.indexOf(e)!==-1&&r.tenantId&&await qt.add(t)}var S=async(t,e,r,n)=>{let i=n||await Et.getCurrentIdentity();if(!(n?!1:await ap(t))){await SS({event:t,identity:i,properties:e,timestamp:r}),await Gt.processEvent(t,i,e,r);return}await up(t,e)||(await Gt.processEvent(t,i,e,r),await op(t,e))};async function Iv(t,e){let r={tenantId:t.tenantId};await S("account:created",r,void 0,e)}async function wv(t){let e={tenantId:t.tenantId};await S("account:deleted",e)}async function Dv(t){let e={tenantId:t.tenantId};await S("account:verified",e)}var AS={created:Iv,deleted:wv,verified:Dv};async function Rv(t,e){await S("action:automation_step:executed",t,e)}async function Cv(t,e){await S("action:crud:executed",t,e)}async function bv(t,e){await S("action:ai_agent:executed",t,e)}var _S={aiAgentExecuted:bv,automationStepExecuted:Rv,crudExecuted:Cv};var xv=async(t,e)=>{let r={appId:t.appId,version:t.version,audited:{name:t.name}};await S("app:created",r,e)};async function vv(t){let e={appId:t.appId,version:t.version,audited:{name:t.name}};await S("app:updated",e)}async function Pv(t){let e={appId:t.appId,audited:{name:t.name}};await S("app:deleted",e)}async function Nv(t,e){let r={appId:t.appId,audited:{name:t.name}};await S("app:published",r,e)}async function Uv(t){let e={appId:t.appId,audited:{name:t.name}};await S("app:unpublished",e)}async function Lv(t){let e={appId:t.appId,audited:{name:t.name}};await S("app:file:imported",e)}async function kv(t,e){let r={duplicateAppId:e,appId:t.appId,audited:{name:t.name}};await S("app:duplicated",r)}async function Mv(t,e){let r={appId:t.appId,templateKey:e,audited:{name:t.name}};await S("app:template:imported",r)}async function Fv(t,e,r){let n={appId:t.appId,currentVersion:e,updatedToVersion:r,audited:{name:t.name}};await S("app:version:updated",n)}async function Bv(t,e,r){let n={appId:t.appId,currentVersion:e,revertedToVersion:r,audited:{name:t.name}};await S("app:version:reverted",n)}async function Wv(t){let e={appId:t.appId,audited:{name:t.name}};await S("app:reverted",e)}async function $v(t){let e={appId:t.appId,audited:{name:t.name}};await S("app:exported",e)}var OS={created:xv,updated:vv,deleted:Pv,published:Nv,unpublished:Uv,fileImported:Lv,duplicated:kv,templateImported:Mv,versionUpdated:Fv,versionReverted:Bv,reverted:Wv,exported:$v};async function Vv(t,e){let n={userId:(await Et.getCurrentIdentity()).id,source:t,audited:{email:e}};await S("auth:login",n)}async function Gv(t){let r={userId:(await Et.getCurrentIdentity()).id,audited:{email:t}};await S("auth:logout",r)}async function qv(t,e){let r={type:t};await S("auth:sso:created",r,e)}async function Kv(t){let e={type:t};await S("auth:sso:updated",e)}async function Qv(t,e){let r={type:t};await S("auth:sso:activated",r,e)}async function jv(t){let e={type:t};await S("auth:sso:deactivated",e)}var Du={login:Vv,logout:Gv,SSOCreated:qv,SSOUpdated:Kv,SSOActivated:Qv,SSODeactivated:jv};async function Yv(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await S("automation:created",r,e)}async function Hv(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await S("automation:trigger:updated",e)}async function zv(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await S("automation:deleted",e)}async function Jv(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await S("automation:tested",e)}var Zv=async(t,e)=>{let r={count:t};await S("automations:run",r,e)};async function Xv(t,e,r){let n={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await S("automation:step:created",n,r)}async function eP(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await S("automation:step:deleted",r)}var IS={created:Yv,triggerUpdated:Hv,deleted:zv,tested:Jv,run:Zv,stepCreated:Xv,stepDeleted:eP};function lp(t){return!Object.values(No).includes(t.source)}async function tP(t,e){let r={datasourceId:t._id,source:t.source,custom:lp(t)};await S("datasource:created",r,e)}async function rP(t){let e={datasourceId:t._id,source:t.source,custom:lp(t)};await S("datasource:updated",e)}async function nP(t){let e={datasourceId:t._id,source:t.source,custom:lp(t)};await S("datasource:deleted",e)}var wS={created:tP,updated:rP,deleted:nP};async function iP(t){let e={};await S("email:smtp:created",e,t)}async function sP(){let t={};await S("email:smtp:updated",t)}var DS={SMTPCreated:iP,SMTPUpdated:sP};async function oP(t){let e={};await S("ai:config:created",e,t)}async function aP(){let t={};await S("ai:config:updated",t)}var RS={AIConfigCreated:oP,AIConfigUpdated:aP};async function uP(t,e){let r={accountId:t.accountId,...e};await S("license:plan:changed",r)}async function cP(t){let e={accountId:t.accountId};await S("license:activated",e)}async function lP(t){let e={accountId:t.accountId};await S("license:checkout:opened",e)}async function dP(t){let e={accountId:t.accountId};await S("license:checkout:success",e)}async function fP(t){let e={accountId:t.accountId};await S("license:portal:opened",e)}async function pP(t){let e={accountId:t.accountId};await S("license:payment:failed",e)}async function mP(t){let e={accountId:t.accountId};await S("license:payment:recovered",e)}var CS={planChanged:uP,activated:cP,checkoutOpened:lP,checkoutSuccess:dP,portalOpened:fP,paymentFailed:pP,paymentRecovered:mP};async function hP(t,e){let r={layoutId:t._id};await S("layout:created",r,e)}async function EP(t){let e={layoutId:t};await S("layout:deleted",e)}var bS={created:hP,deleted:EP};async function gP(t){let e={};await S("org:info:name:updated",e,t)}async function yP(t){let e={};await S("org:info:logo:updated",e,t)}async function TP(t){let e={};await S("org:platformurl:updated",e,t)}async function SP(){let t={};await S("analytics:opt:out",t)}async function AP(){let t={};await S("analytics:opt:out",t)}var xS={nameUpdated:gP,logoUpdated:yP,platformURLUpdated:TP,analyticsOptOut:SP,analyticsOptIn:AP};var _P=async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await S("query:created",n,r)},OP=async(t,e)=>{let r={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await S("query:updated",r)},IP=async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb,appId:r};await S("query:deleted",n)},wP=async(t,e,r)=>{let n={datasourceId:t._id,source:t.source,count:r,importSource:e};await S("query:import",n)},DP=async(t,e)=>{let r={count:t};await S("queries:run",r,e)},RP=async(t,e)=>{let r={queryId:e.queryId,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await S("query:previewed",r)},vS={created:_P,updated:OP,deleted:IP,imported:wP,run:DP,previewed:RP};async function CP(t,e){let r={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await S("role:created",r,e)}async function bP(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await S("role:updated",e)}async function xP(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await S("role:deleted",e)}async function vP(t,e,r){let n={userId:t._id,roleId:e};await S("role:assigned",n,r)}async function PP(t,e){let r={userId:t._id,roleId:e};await S("role:unassigned",r)}var mo={created:CP,updated:bP,deleted:xP,assigned:vP,unassigned:PP};async function NP(t,e){let r={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await S("screen:created",r,e)}async function UP(t){let e={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await S("screen:deleted",e)}var PS={created:NP,deleted:UP};var LP=async(t,e)=>{let r={count:t};await S("rows:created",r,e)},kP=async(t,e)=>{let r={tableId:t._id,count:e};await S("rows:imported",r)},NS={created:LP,imported:kP};async function MP(t,e){let r={tableId:t._id,audited:{name:t.name}};await S("table:created",r,e)}async function FP(t,e){let r,n;for(let s in e.schema)if(!t.schema[s]){let o=e.schema[s];"default"in o&&o.default!=null&&(r=!0),o.type==="ai"&&(n=o.operation)}let i={tableId:e._id,defaultValues:r,aiColumn:n,audited:{name:e.name}};(r||n)&&await S("table:updated",i)}async function BP(t,e){let r={tableId:t._id,audited:{name:t.name},appId:e};await S("table:deleted",r)}async function WP(t,e){let r={tableId:t._id,format:e,audited:{name:t.name}};await S("table:exported",r)}async function $P(t){let e={tableId:t._id,audited:{name:t.name}};await S("table:imported",e)}var US={created:MP,updated:FP,deleted:BP,exported:WP,imported:$P};async function VP(t){let e={timezone:t};await S("served:builder",e)}async function GP(t,e,r){let n={appVersion:t.version,timezone:e,embed:r===!0};await S("served:app",n)}async function qP(t,e){let r={appId:t.appId,appVersion:t.version,timezone:e};await S("served:app:preview",r)}var LS={servedBuilder:VP,servedApp:GP,servedAppPreview:qP};async function KP(t,e){let r={userId:t._id,viaScim:dt(),audited:{email:t.email}};await S("user:created",r,e)}async function QP(t){let e={userId:t._id,viaScim:dt(),audited:{email:t.email}};await S("user:updated",e)}async function jP(t){let e={userId:t._id,viaScim:dt(),audited:{email:t.email}};await S("user:deleted",e)}async function YP(t,e){let r={userId:t._id,audited:{email:t.email}};await S("user:admin:assigned",r,e)}async function HP(t){let e={userId:t._id,audited:{email:t.email}};await S("user:admin:removed",e)}async function zP(t,e){let r={userId:t._id,audited:{email:t.email}};await S("user:builder:assigned",r,e)}async function JP(t){let e={userId:t._id,audited:{email:t.email}};await S("user:builder:removed",e)}async function ZP(t){let e={audited:{email:t}};await S("user:invited",e)}async function XP(t){let e={userId:t._id,audited:{email:t.email}};await S("user:invite:accepted",e)}async function eN(t){let e={userId:t._id,audited:{email:t.email}};await S("user:password:force:reset",e)}async function tN(t){let e={userId:t._id,audited:{email:t.email}};await S("user:password:updated",e)}async function rN(t){let e={userId:t._id,audited:{email:t.email}};await S("user:password:reset:requested",e)}async function nN(t){let e={userId:t._id,audited:{email:t.email}};await S("user:password:reset",e)}async function iN(t){let e={users:t};await S("user:data:collaboration",e)}var Ue={created:KP,updated:QP,deleted:jP,permissionAdminAssigned:YP,permissionAdminRemoved:HP,permissionBuilderAssigned:zP,permissionBuilderRemoved:JP,invited:ZP,inviteAccepted:XP,passwordForceReset:eN,passwordUpdated:tN,passwordResetRequested:rN,passwordReset:nN,dataCollaboration:iN};async function sN(t,e){let r={name:t.name,type:t.type,tableId:t.tableId};await S("view:created",r,e)}async function oN(t){let e={tableId:t.tableId};await S("view:updated",e)}async function aN(t,e){let r={...Pe.views.isV2(t)?{id:t.id,tableId:t.tableId,appId:e}:{}};await S("view:deleted",r)}async function uN(t,e){let r={tableId:t._id,format:e};await S("view:exported",r)}async function cN({tableId:t,filterGroups:e},r){let n={tableId:t,filterGroups:e};await S("view:filter:created",n,r)}async function lN({tableId:t,filterGroups:e}){let r={tableId:t,filterGroups:e};await S("view:filter:updated",r)}async function dN(t){let e={tableId:t.tableId};await S("view:filter:deleted",e)}async function fN({tableId:t,calculationType:e},r){let n={tableId:t,calculation:e};await S("view:calculation:created",n,r)}async function pN(t){let e={tableId:t.tableId,calculation:t.calculation};await S("view:calculation:updated",e)}async function mN(t){let e={tableId:t.tableId,calculation:t.calculation};await S("view:calculation:deleted",e)}async function hN(t,e){let r={tableId:t};await S("view:join:created",r,e)}var kS={created:sN,updated:oN,deleted:aN,exported:uN,filterCreated:cN,filterUpdated:lN,filterDeleted:dN,calculationCreated:fN,calculationUpdated:pN,calculationDeleted:mN,viewJoinCreated:hN};async function EN(t){let e={currentVersion:t};await S("installation:version:checked",e)}async function gN(t,e){let r={from:t,to:e};await S("installation:version:upgraded",r)}async function yN(t,e){let r={from:t,to:e};await S("installation:version:downgraded",r)}async function TN(){let t={};await S("installation:firstStartup",t)}var uo={versionChecked:EN,upgraded:gN,downgraded:yN,firstStartup:TN};var li=!h.SELF_HOSTED&&!h.isDev();async function SN(t){li||await S("app:backfill:succeeded",t)}async function AN(t){if(li)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await S("app:backfill:failed",e)}async function _N(t){li||await S("tenant:backfill:succeeded",t)}async function ON(t){if(li)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await S("tenant:backfill:failed",e)}async function IN(){if(li)return;let t={};await S("installation:backfill:succeeded",t)}async function wN(t){if(li)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await S("installation:backfill:failed",e)}var MS={appSucceeded:SN,appFailed:AN,tenantSucceeded:_N,tenantFailed:ON,installationSucceeded:IN,installationFailed:wN};async function DN(t,e){let r={groupId:t._id,viaScim:dt(),audited:{name:t.name}};await S("user_group:created",r,e)}async function RN(t){let e={groupId:t._id,viaScim:dt(),audited:{name:t.name}};await S("user_group:updated",e)}async function CN(t){let e={groupId:t._id,viaScim:dt(),audited:{name:t.name}};await S("user_group:deleted",e)}async function bN(t,e){let r={count:t,groupId:e._id,viaScim:dt(),audited:{name:e.name}};await S("user_group:user_added",r)}async function xN(t,e){let r={count:t,groupId:e._id,viaScim:dt(),audited:{name:e.name}};await S("user_group:users_deleted",r)}async function vN(t){let e={groupId:t,onboarding:!0};await S("user_group:onboarding_added",e)}async function PN(t){let e={permissions:t.roles,groupId:t._id,audited:{name:t.name}};await S("user_group:permissions_edited",e)}var FS={created:DN,updated:RN,deleted:CN,usersAdded:bN,usersDeleted:xN,createdOnboarding:vN,permissionsEdited:PN};async function NN(t){let e={type:t.schema.type,name:t.name,description:t.description,version:t.version};await S("plugin:init",e)}async function UN(t){let e={pluginId:t._id,type:t.schema.type,source:t.source,name:t.name,description:t.description,version:t.version};await S("plugin:imported",e)}async function LN(t){let e={pluginId:t._id,type:t.schema.type,name:t.name,description:t.description,version:t.version};await S("plugin:deleted",e)}var BS={init:NN,imported:UN,deleted:LN};async function kN(t){let e={appId:t.appId,restoreId:t._id,backupCreatedAt:t.timestamp,name:t.name};await S("app:backup:restored",e)}async function MN(t,e,r,n,i){let s={appId:t,backupId:e,type:r,trigger:n,name:i};await S("app:backup:triggered",s)}var WS={appBackupRestored:kN,appBackupTriggered:MN};async function FN(t,e){let r={name:t,environments:e};await S("environment_variable:created",r)}async function BN(t){let e={name:t};await S("environment_variable:deleted",e)}async function WN(t){let e={userId:t};await S("environment_variable:upgrade_panel_opened",e)}var $S={created:FN,deleted:BN,upgradePanelOpened:WN};async function $N(t){let e={filters:t};await S("audit_log:filtered",e)}async function VN(t){let e={filters:t};await S("audit_log:downloaded",e)}var VS={filtered:$N,downloaded:VN};async function GN(t,e){await S("row_action:created",t,e)}var GS={created:GN};async function qN(t,e){let r={workspaceAppId:t._id,audited:{name:t.name},appId:e};await S("workspace_app:deleted",r)}var qS={deleted:qN};function KN(){}var QN=async()=>{await Gt.shutdown(),console.log("Events shutdown")};var fp={};P(fp,{creatorsInList:()=>mn,getAccountHolderFromUsers:()=>Bu,hasAdminPermissions:()=>Or,hasAppBuilderPermissions:()=>HS,hasBuilderPermissions:()=>Xe,isAdmin:()=>Ir,isAdminOrBuilder:()=>YS,isBuilder:()=>pi,isCreatorAsync:()=>Eo,isCreatorSync:()=>Mu,isGlobalBuilder:()=>jS,validateUniqueUser:()=>Fu});async function dp(t){let e=[],r=await KS(t);e.push(...r.map(o=>o.email));let n=await QS(t);e.push(...n.map(o=>o._id));let i=await ai(t);e.push(...i.map(o=>o.email));let s=await Hf(t);return e.push(...s.map(o=>o.email)),[...new Set(e.map(o=>o.toLowerCase()))]}async function Ru(t){return await Fs("platform_users_lowercase_2",{keys:[t.toLowerCase()],include_docs:!0})}async function ho(t){return(await Ru(t))[0]??null}async function KS(t){let r={keys:t.map(i=>i.toLowerCase()),include_docs:!0},n={arrayResponse:!0};return await Mt("by_email2",r,void 0,n)}async function QS(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await Fs("platform_users_lowercase_2",r)}async function ai(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await Fs("account_by_email",r)}var ku={};P(ku,{BadRequestError:()=>xu,BudibaseError:()=>di,EmailUnavailableError:()=>Kt,FeatureDisabledError:()=>Uu,ForbiddenError:()=>vu,HTTPError:()=>we,InvalidAPIKeyError:()=>fi,NotFoundError:()=>bu,NotImplementedError:()=>Pu,UnexpectedError:()=>Cu,UsageLimitError:()=>Nu,getPublicError:()=>Lu});var di=class extends Error{constructor(r,n){super(r);this.code=n}},Lu=t=>{let e;return t.code&&(e={code:t.code},t.getPublicError&&(e={...e,...t.getPublicError()})),e},we=class t extends di{constructor(r,n,i="http"){super(r,i);this.status=n}static async fromResponse(r){let n=await r.text(),i=n,s=r.status,o="http";try{let a=JSON.parse(n);i=a.message,s=a.status,o=a.error?.code}catch{}return new t(i,s,o)}},Cu=class extends we{constructor(e){super(e,500)}},bu=class extends we{constructor(e){super(e,404)}},xu=class extends we{constructor(e){super(e,400)}},vu=class extends we{constructor(e){super(e,403)}},Pu=class extends we{constructor(e){super(e,501)}},Nu=class extends we{constructor(r,n){super(r,400,"usage_limit_exceeded");this.limitName=n}getPublicError(){return{limitName:this.limitName}}},Uu=class extends we{constructor(r,n){super(r,400,"feature_disabled");this.featureName=n}getPublicError(){return{featureName:this.featureName}}},fi=class extends di{constructor(){super("Invalid API key - may need re-generated, or user doesn't exist","invalid_api_key")}},Kt=class extends Error{constructor(e){super(`Email already in use: '${e}'`)}};var pi=Ve.users.isBuilder,Ir=Ve.users.isAdmin,jS=Ve.users.isGlobalBuilder,YS=Ve.users.isAdminOrBuilder,Or=Ve.users.hasAdminPermissions,Xe=Ve.users.hasBuilderPermissions,HS=Ve.users.hasAppBuilderPermissions;async function mn(t,e){let r=[...new Set(t.filter(i=>i.userGroups).flatMap(i=>i.userGroups))];return e=await Y().getMultiple(r,{allowMissing:!0}),t.map(i=>Mu(i,e))}async function Eo(t){let e=[];return t.userGroups&&(e=await Y().getMultiple(t.userGroups)),Mu(t,e)}function Mu(t,e){let r=Ve.users.isCreator(t);return!r&&t?YN(t,e):r}function YN(t,e){let r=e?.filter(n=>t.userGroups?.indexOf(n._id)!==-1);return r&&r.length>0?r.some(n=>Object.values(n.roles||{}).includes("CREATOR")):!1}async function Fu(t,e){if(h.MULTI_TENANCY){let r=await ho(t);if(r!=null&&r.tenantId!==e)throw new Kt(t)}if(!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let r=await _r(t);if(r&&r.verified&&r.tenantId!==e)throw new Kt(t)}}async function Bu(t){if(!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let e=await ai(t.map(r=>r.email));return t.find(r=>e.map(n=>n.email).includes(r.email))}}var pp=async t=>{await Ue.deleted(t),Xe(t)&&await Ue.permissionBuilderRemoved(t),Or(t)&&await Ue.permissionAdminRemoved(t)},HN=async(t,e,r)=>{for(let[n,i]of Object.entries(e))(!r||r[n]!==i)&&await mo.assigned(t,i)},zN=async(t,e,r)=>{if(r)for(let[n,i]of Object.entries(r))(!e||e[n]!==i)&&await mo.unassigned(t,i)},JN=async(t,e)=>{let r=t.roles,n=e?.roles;await HN(t,r,n),await zN(t,r,n)},mp=async(t,e)=>{let r=V(),n;!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL&&(n=await ii(r)),await Et.identifyUser(t,n),e?(await Ue.updated(t),XN(t,e)&&await Ue.permissionBuilderRemoved(t),tU(t,e)&&await Ue.permissionAdminRemoved(t),!e.forceResetPassword&&t.forceResetPassword&&t.password&&await Ue.passwordForceReset(t),t.password!==e.password&&await Ue.passwordUpdated(t)):await Ue.created(t),ZN(t,e)&&await Ue.permissionBuilderAssigned(t),eU(t,e)&&await Ue.permissionAdminAssigned(t),await JN(t,e)},ZN=(t,e)=>zS(t,e,Xe),XN=(t,e)=>JS(t,e,Xe),eU=(t,e)=>zS(t,e,Or),tU=(t,e)=>JS(t,e,Or),zS=(t,e,r)=>!(!r(t)||e&&r(e)),JS=(t,e,r)=>!(r(t)||!e||!r(e));var Wu={};P(Wu,{createASession:()=>nU,endSession:()=>iU,getSession:()=>Ep,getSessionsForUser:()=>go,invalidateSessions:()=>hn,updateSessionTTL:()=>hp});var XS=require("uuid");var eA=h.SESSION_EXPIRY_SECONDS?parseInt(h.SESSION_EXPIRY_SECONDS):me.fromDays(7).toSeconds();function mi(t,e){return`${t}/${e}`}async function go(t){return t?(await(await dr()).scan(t)).map(n=>n.value):(console.trace("Cannot get sessions for undefined userId"),[])}async function hn(t,e={}){try{let r=e?.reason||"unknown",n=e.sessionIds||[],i;if(n.length===0?i=(await go(t)).map(o=>({key:mi(o.userId,o.sessionId)})):(n=Array.isArray(n)?n:[n],i=n.map(s=>({key:mi(t,s)}))),i&&i.length>0){let s=await dr(),o=[];for(let a of i)o.push(s.delete(a.key));h.isTest()||ri(`Invalidating sessions for ${t} (reason: ${r}) - ${i.map(a=>a.key).join(", ")}`),await Promise.all(o)}}catch(r){console.error(`Error invalidating sessions: ${r}`)}}async function nU(t,e){let r=await go(t),n=0;if(r.length>=3){let c=r.sort((f,m)=>new Date(f.createdAt).getTime()-new Date(m.createdAt).getTime()),l=r.length-3+1,d=c.slice(0,l).map(f=>f.sessionId);n=d.length,await hn(t,{sessionIds:d,reason:"session limit exceeded"})}let i=await dr(),s=e.sessionId,o=e.csrfToken?e.csrfToken:(0,XS.v4)(),a=mi(t,s),u={...e,csrfToken:o,createdAt:new Date().toISOString(),lastAccessedAt:new Date().toISOString(),userId:t};return await i.store(a,u,eA),{session:u,invalidatedSessionCount:n}}async function hp(t){let e=await dr(),r=mi(t.userId,t.sessionId);t.lastAccessedAt=new Date().toISOString(),await e.store(r,t,eA)}async function iU(t,e){await(await dr()).delete(mi(t,e))}async function Ep(t,e){if(!t||!e)throw new Error(`Invalid session details - ${t} - ${e}`);let n=await(await dr()).get(mi(t,e));if(!n)throw new Error(`Session not found - ${t} - ${e}`);return n}var Sp={};P(Sp,{PASSWORD_MAX_LENGTH:()=>yp,PASSWORD_MIN_LENGTH:()=>gp,validatePassword:()=>Tp});var gp=+(h.PASSWORD_MIN_LENGTH||12),yp=+(h.PASSWORD_MAX_LENGTH||512);function Tp(t){return!t||t.length<gp?{valid:!1,error:`Password invalid. Minimum ${gp} characters.`}:t.length>yp?{valid:!1,error:`Password invalid. Maximum ${yp} characters.`}:{valid:!0}}var sU=async t=>{let e=t._id;await ht.removeUser(t),await pp(t),await wr.invalidateUser(e),await hn(e,{reason:"bulk-deletion"})},It=class t{static init(e,r,n){t.quotas=e,t.groups=r,t.features=n}static async isPreventPasswordActions(e,r){return h.ENABLE_SSO_MAINTENANCE_MODE&&Ir(e)?!1:await t.features.isSSOEnforced()||Bo(e)?!0:(r||(r=await ii(V())),!!(r&&r.email===e.email&&Fo(r)))}static async buildUser(e,r={hashPassword:!0,requirePassword:!0},n,i,s){let{password:o,_id:a}=e;i&&!i.password&&(r.requirePassword=!1);let u;if(o){if(await t.isPreventPasswordActions(e,s))throw new we("Password change is disabled for this user",400);if(!r.skipPasswordValidation){let d=Tp(o);if(!d.valid)throw new we(d.error,400)}u=r.hashPassword?await bd(o):o}else i&&(u=i.password);let c=r.requirePassword&&!await t.features.isSSOEnforced();if(!u&&c)throw"Password must be specified.";a=a||zn();let l={createdAt:Date.now(),...i,...e,_id:a,password:u,tenantId:n};return l.roles||(l.roles={}),l.status==null&&(l.status="active"),l}static async allUsers(){return(await Y().allDocs(nn(null,{include_docs:!0}))).rows.map(n=>n.doc)}static async countUsersByApp(e){return{userCount:(await Vu(e,{})).length}}static async getUsersByAppAccess(e){return await Ap(e.appId,{limit:e.limit||50})}static async getUserByEmail(e){return gt(e)}static async getUser(e){let r=await En(e);return r&&delete r.password,r}static async bulkGet(e){return await $u(e)}static async bulkUpdate(e){return await yo(e)}static async save(e,r={}){r.hashPassword==null&&(r.hashPassword=!0),r.requirePassword==null&&(r.requirePassword=!0);let n=V(),i=Y(),{email:s,_id:o,userGroups:a=[],roles:u}=e;if(!s&&!o)throw new Error("_id or email is required");let c;if(o)try{if(c=await En(o),s&&c.email!==s&&!r.allowChangingEmail)throw new Error("Email address cannot be changed")}catch(f){if(f.status!==404)throw f}if(!c&&s&&(c=await gt(s),c&&c._id!==o))throw new Kt(s);let l=1,d=0;if((r.isAccountHolder||c)&&(l=0,d=1),c){let[f,m]=await mn([c,e]);d=f!==m?1:0}return t.quotas.addUsers(l,d,async()=>{r.isAccountHolder||await Fu(s,n);let f=await t.buildUser(e,r,n,c);r.currentUserId&&r.currentUserId===c?._id&&(f=_p(f,c)),!c&&u?.length&&(f.roles={...u});let m=[];if(!o&&a.length>0)for(let p of a)m.push(t.groups.addUsers(p,[f._id]));try{let p=await i.put(f);return f._rev=p.rev,await mp(f,c),c&&f.email!==c.email&&await ht.removeUser({email:c.email}),await ht.addUser(n,f._id,f.email,f.ssoId),await wr.invalidateUser(p.id),await Promise.all(m),i.get(f._id)}catch(p){throw p.status===409?"User exists already":p}})}static async bulkCreate(e,r){let n=V(),i=[],s=[],o=[],a=e.map(f=>f.email),u=await dp(a),c=[];for(let f of e){let m=s.find(E=>E.email.toLowerCase()===f.email.toLowerCase()),p=u.includes(f.email.toLowerCase());if(m||p){c.push({email:f.email,reason:"Unavailable"});continue}f.userGroups=r||[],s.push(f),await Eo(f)&&o.push(f)}let l=await ii(n),d=await t.features.isSSOEnforced();return t.quotas.addUsers(s.length,o.length,async()=>{for(let p of s)d&&delete p.password,i.push(t.buildUser(p,{hashPassword:!0,requirePassword:!d},n,void 0,l));let f=await Promise.all(i);await yo(f);for(let p of f)await ht.addUser(n,p._id,p.email),await mp(p,void 0);let m=f.map(p=>({_id:p._id,email:p.email}));if(Array.isArray(m)&&r){let p=[],E=m.map(g=>g._id);for(let g of r)p.push(t.groups.addUsers(g,E));await Promise.all(p)}return{successful:m,unsuccessful:c}})}static async bulkDelete(e){let r=Y(),n={successful:[],unsuccessful:[]},i=await Bu(e);i&&(e=e.filter(m=>m.userId!==i.userId),n.unsuccessful.push({_id:i.userId,email:i.email,reason:"Account holder cannot be deleted"}));let o=(await r.allDocs({include_docs:!0,keys:e.map(m=>m.userId)})).rows.map(m=>m.doc),a=o.map(m=>({...m,_deleted:!0})),u=await yo(a),l=(await mn(o)).filter(m=>m).length,d=[];for(let m of o){let E=(await ho(m._id)).ssoId;E&&(await Ru(E)).filter(T=>T.ssoId==null).forEach(T=>{d.push({...T,_deleted:!0})}),await sU(m)}await Ar().bulkDocs(d),await t.quotas.removeUsers(a.length,l);let f={};return o.reduce((m,p)=>(m[p._id]=p,m),f),u.forEach(m=>{let p=f[m.id].email;m.ok?n.successful.push({_id:m.id,email:p}):n.unsuccessful.push({_id:m.id,email:p,reason:"Database error"})}),n}static async destroy(e){let r=Y(),n=await r.get(e),i=n._id;if(!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let o=n.email;if(await _r(o))throw n.userId===Ut()._id?new we('Please visit "Account" to delete this user',400):new we("Account holder cannot be deleted",400)}await ht.removeUser(n),await r.remove(i,n._rev);let s=await Eo(n)?1:0;await t.quotas.removeUsers(1,s),await pp(n),await wr.invalidateUser(i),await hn(i,{reason:"deletion"})}static async createAdminUser(e,r,n){let i=n?.password,s={email:e,password:i,createdAt:Date.now(),roles:{},builder:{global:!0},admin:{global:!0},tenantId:r,firstName:n?.firstName,lastName:n?.lastName};return n?.ssoId&&(s.ssoId=n.ssoId),await ni(Ee.CHECKLIST),await t.save(s,{hashPassword:n?.hashPassword,requirePassword:n?.requirePassword,skipPasswordValidation:n?.skipPasswordValidation,isAccountHolder:!0})}static async getGroups(e){return await this.groups.getBulk(e)}static async getGroupBuilderAppIds(e){return await this.groups.getGroupBuilderAppIds(e)}};function So(t){return Array.isArray(t)?t.map(e=>{if(e)return delete e.password,e}):t&&(delete t.password,t)}async function $u(t,e){let n=(await Y().allDocs({keys:t,include_docs:!0})).rows.map(i=>i.doc);return e?.cleanup&&(n=So(n)),n}async function aU(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${xe}`})).rows.map(n=>n.id)}async function uU(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${xe}`,include_docs:!0})).rows.map(n=>n.doc)}async function yo(t){return await Y().bulkDocs(t)}async function En(t,e){let n=await Y().get(t);return e?.cleanup&&(n=So(n)),n}async function gt(t,e){if(t==null)throw"Must supply an email address to view";let r=await Mt("by_email2",{key:t.toLowerCase(),include_docs:!0});if(Array.isArray(r))throw new Error(`Multiple users found with email address: ${t}`);let n=r;return e?.cleanup&&(n=So(n)),n}async function cU(t){try{let e=await gt(t);if(Array.isArray(e)||e!=null)return!0}catch{return!1}return!1}async function Vu(t,e,r){if(typeof t!="string")throw new Error("Must provide a string based workspace ID");let n=eu(t,{include_docs:!0});n.startkey=e&&e.startkey?e.startkey:n.startkey;let i=await Mt("by_app",n);i||(i=[]);let s=Array.isArray(i)?i:[i];return r?.cleanup&&(s=So(s)),s}async function Ap(t,e){let r=`roles.${t}`,n=[{"builder.global":!0},{"admin.global":!0}];if(t){let o={[r]:{$exists:!0}};n.push(o)}return(await Y().find({selector:{$or:n,_id:{$regex:"^us_"}},limit:e?.limit||50})).docs}function tA(t,e){if(e)return Xa(qe(t),e._id)}async function rA(t,e,r){if(typeof t!="string")throw new Error("Must provide a string to search by");let n=t.toLowerCase(),i=e&&e.startkey?e.startkey:n,s=await Mt("by_email2",{...e,startkey:i,endkey:`${n}${xe}`});s||(s=[]);let o=Array.isArray(s)?s:[s];return r?.cleanup&&(o=So(o)),o}var lU=8;async function nA({bookmark:t,query:e,appId:r,limit:n}={}){let i=Y(),s=n??lU,a={include_docs:!0,limit:s+1};t&&(a.startkey=t);let u,c="_id",l;return e?.equal?._id?u=[await En(e.equal._id)]:r?(u=await Vu(r,a),l=d=>tA(r,d)):e?.string?.email?(u=await rA(e?.string?.email,a),c="email"):e?.oneOf?._id?u=await $u(e?.oneOf?._id,{cleanup:!0}):e?(u=(await i.allDocs(nn(null,{...a,limit:void 0}))).rows.map(f=>f.doc),u=or.search(u,{query:e,limit:a.limit}).rows):u=(await i.allDocs(nn(null,a))).rows.map(f=>f.doc),pf(u,s,{paginate:!0,property:c,getKey:l})}async function dU(){return(await Ef("by_email2",{limit:0,include_docs:!1})).total_rows}async function fU(){let t=0;async function e(r){let n=await nA({bookmark:r}),i=await mn(n.data);t+=i.filter(s=>s).length,n.hasNextPage&&await e(n.nextPage)}return await e(),t}function pU(t){return delete t.admin,delete t.builder,t}function _p(t,e){return delete t.admin,delete t.builder,delete t.roles,e&&(t.admin=e.admin,t.builder=e.builder,t.roles=e.roles),t}async function mU(t,e){let r=qe(e);t.builder??={},t.builder.creator=!0,t.builder.apps??=[],t.builder.apps.push(r),await It.save(t,{hashPassword:!1})}async function hU(t,e){let r=qe(e);t.builder&&t.builder.apps?.includes(r)&&(t.builder.apps=t.builder.apps.filter(n=>n!==r)),await It.save(t,{hashPassword:!1})}var iA=3600;async function EU(t,e){let n=await Tf(e).get(t);if(n.budibaseAccess=!0,!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let i=await _r(n.email);i&&(n.account=i,n.accountPortalAccess=!0)}return n}async function gU(t){let e=await It.bulkGet(t),r=t.filter((i,s)=>!e[s]),n=e.filter(i=>i);return await Promise.all(n.map(async i=>{if(i.budibaseAccess=!0,!h.SELF_HOSTED&&!h.DISABLE_ACCOUNT_PORTAL){let s=await _r(i.email);s&&(i.account=s,i.accountPortalAccess=!0)}})),r.length?{users:n,notFoundIds:r}:{users:n}}async function Ao({userId:t,tenantId:e,email:r,populateUser:n}){if(n||(n=EU),!e)try{e=V()}catch{e=await ht.lookupTenantId(t)}let i=await Ps(),s=await i.get(t);return s||(s=await n(t,e,r),await i.store(t,s,iA)),s&&!s.tenantId&&e&&(s.tenantId=e),s.userGroups&&!Ve.users.isGlobalBuilder(s)&&await Re(e,async()=>{let o=await It.getGroupBuilderAppIds(s);if(o.length){let a=s.builder?.apps||[];s.builder={apps:[...new Set(a.concat(o))]}}}),s}async function yU(t){let e=await Ps(),r=await e.bulkGet(t),n=t.filter(o=>!r[o]),i=Object.values(r).filter(o=>!!o),s;if(n.length){let o=await gU(n);s=o.notFoundIds;for(let a of o.users)await e.store(a._id,a,iA);i.push(...o.users)}return{users:i,notFoundIds:s}}async function _o(t){await(await Ps()).delete(t)}var Rp={};P(Rp,{Writethrough:()=>wp});var Ei={};P(Ei,{AUTO_EXTEND_POLLING_MS:()=>oA,doWithLock:()=>Op,newRedlock:()=>gn});var sA=M(require("redlock"));async function SU(t,e){if(t==="custom")return gn(e);switch(t){case"try_once":return gn(hi.TRY_ONCE);case"try_twice":return gn(hi.TRY_TWICE);case"default":return gn(hi.DEFAULT);case"delay_500":return gn(hi.DELAY_500);case"auto_extend":return gn(hi.AUTO_EXTEND);default:throw Zt.unreachable(t)}}var hi={TRY_ONCE:{retryCount:0},TRY_TWICE:{retryCount:1},DEFAULT:{driftFactor:.01,retryCount:10,retryDelay:200,retryJitter:100},DELAY_500:{retryDelay:500},CUSTOM:{},AUTO_EXTEND:{retryCount:-1}};async function gn(t={}){let e={...hi.DEFAULT,...t},n=(await af()).client;return new sA.default([n],e)}function AU(t){let r=`lock:${t.systemLock?"system":V()}_${t.name}`;return t.resource&&(r=r+`_${t.resource}`),r}var oA=me.fromSeconds(10).toMs();async function Op(t,e){let r=await SU(t.type,t.customOptions),n,i;try{let s=AU(t),o=t.type==="auto_extend"?oA:t.ttl;if(n=await r.lock(s,o),t.type==="auto_extend"){let u=()=>{i=setTimeout(async()=>{n=await n.extend(o,()=>t.onExtend&&t.onExtend()),u()},o/2)};u()}return{executed:!0,result:await e()}}catch(s){if(s.name==="LockError"){if(t.type==="try_once")return{executed:!1};throw s}else throw s}finally{clearTimeout(i),await n?.unlock()}}var aA=1e4,Ip=null;async function Gu(){if(!Ip){let t=await of();Ip=new un(t)}return Ip}function Oo(t,e){return t.name+e}function Dp(t,e=null){return{doc:t,lastWrite:e||Date.now()}}async function _U(t,e,r=aA){let n=await Gu(),i=e._id,s;i&&(s=await n.get(Oo(t,i)));let o=!s||s.lastWrite<Date.now()-r,a=e;return o&&((await Op({type:"try_once",name:"persist_writethrough",resource:i,ttl:15e3},async()=>{let c=async l=>{let d=await t.put(l,{force:!0});a._id=d.id,a._rev=d.rev};try{await c(e)}catch(l){if(l.status!==409)throw l;ri("Ignoring conflict in write-through cache")}})).executed||ri("Ignoring redlock conflict in write-through cache")),s=Dp(a,o?null:s?.lastWrite),a._id&&await n.store(Oo(t,a._id),s),{ok:!0,id:a._id,rev:a._rev}}async function OU(t,e){let r=await Gu(),n=Oo(t,e),i=await r.get(n);if(!i){let s=await t.get(e);i=Dp(s),await r.store(n,i)}return i.doc}async function IU(t,e){let r=await Gu(),n=Oo(t,e),i=await r.get(n);if(!i){let s=await t.tryGet(e);if(!s)return null;i=Dp(s),await r.store(n,i)}return i.doc}async function wU(t,e,r){let n=await Gu();if(!e)throw new Error("No ID/Rev provided.");let i=typeof e=="string"?e:e._id;r=typeof e=="string"?r:e._rev;try{await n.delete(Oo(t,i))}finally{await t.remove(i,r)}}var wp=class{constructor(e,r=aA){this.db=e,this.writeRateMs=r}async put(e,r=this.writeRateMs){return _U(this.db,e,r)}async get(e){return OU(this.db,e)}async tryGet(e){return IU(this.db,e)}async remove(e,r){return wU(this.db,e,r)}};function qu(t){return`config${C}${t}`}async function et(t){let e=Y();try{return await e.get(qu(t))}catch(r){if(r.status===404)return;throw r}}async function DU(t){return t._id||(t._id=qu(t.type)),Y().put(t)}async function ci(){let t=await et("settings");return t||(t={_id:qu("settings"),type:"settings",config:{}}),t.config.platformUrl=await Io({tenantAware:!0,config:t.config}),t.config.analyticsEnabled=await Au({config:t.config}),t}async function xp(){return(await ci()).config}async function Io(t={tenantAware:!0}){let e=h.PLATFORM_URL||"http://localhost:10000";if(!h.SELF_HOSTED&&h.MULTI_TENANCY&&t.tenantAware){let r=V();e.includes("localhost:")||(e=e.replace("://",`://${r}.`))}else if(h.SELF_HOSTED){let r=t?.config?t.config:(await et("settings"))?.config;r?.platformUrl&&(e=r.platformUrl)}return e}var Au=async t=>{if(!h.SELF_HOSTED)return!!h.ENABLE_ANALYTICS;let e=await Sr(Ee.ANALYTICS_ENABLED,86400,async()=>{let n=t?.config?t.config:(await et("settings"))?.config;if(n?.analyticsEnabled===!1)return!1;if(n?.analyticsEnabled===!0)return!0});if(e!==void 0)return e;let r=h.ENABLE_ANALYTICS;return!(r===0||r===!1)};async function RU(){return await et("google")}async function Ku(){return(await RU())?.config}async function vp(){if(!h.SELF_HOSTED)return Cp();let t=await Ku();return(!t||!t.activated)&&(t=Cp()),t}function Cp(){if(h.GOOGLE_CLIENT_ID&&h.GOOGLE_CLIENT_SECRET)return{clientID:h.GOOGLE_CLIENT_ID,clientSecret:h.GOOGLE_CLIENT_SECRET,activated:!0}}async function CU(){return et("logos_oidc")}async function bU(){return et("oidc")}async function xU(){let t=(await bU())?.config;return t?.configs&&t.configs[0]}async function Pp(t){let e=(await et("oidc"))?.config;return e&&e.configs.filter(r=>r.uuid===t)[0]}async function uA(){return et("smtp")}async function vU(t){let e=await uA();if(e)return e.config;let r=h.SELF_HOSTED||!t;if(h.SMTP_FALLBACK_ENABLED&&r)return{port:h.SMTP_PORT,host:h.SMTP_HOST,secure:!1,from:h.SMTP_FROM_ADDRESS,auth:{user:h.SMTP_USER,pass:h.SMTP_PASSWORD},fallback:!0}}async function PU(){return(await et("scim"))?.config}async function NU(){return et("ai")}async function UU(){return et("recaptcha")}var Vp={};P(Vp,{AccessController:()=>Lp,BUILTIN_ROLE_IDS:()=>kp,Role:()=>Dr,RoleHierarchyTraversal:()=>Qu,RoleIDVersion:()=>Mp,builtinRoleToNumber:()=>wo,checkForRoleResourceArray:()=>fA,externalRole:()=>WU,findRole:()=>Do,getAllRoleIds:()=>qU,getAllRoles:()=>$p,getBuiltinRole:()=>lA,getBuiltinRoles:()=>Bp,getDBRoleID:()=>pA,getExternalRoleID:()=>Rr,getExternalRoleIDs:()=>mA,getRole:()=>$U,getUserRoleHierarchy:()=>Wp,getUserRoleIdHierarchy:()=>dA,isBuiltin:()=>yn,lowerBuiltinRoleID:()=>BU,prefixRoleIDNoBuiltin:()=>Up,roleIDsAreEqual:()=>tt,roleToNumber:()=>FU,saveRoles:()=>VU,validInherits:()=>MU});var cA=require("lodash"),ju=M(require("lodash/fp/cloneDeep")),Np=M(require("semver"));var kp={ADMIN:"ADMIN",POWER:"POWER",BASIC:"BASIC",PUBLIC:"PUBLIC"},ne={...kp,BUILDER:"BUILDER"},Mp={UUID:void 0,NAME:"name"};function kU(t,e){return Array.isArray(e)?e.filter(r=>t.includes(r)).length===e.length:t.includes(e)}var Dr=class{constructor(e,r,n,i){this.permissions={};this._id=e,this.name=r,this.uiMetadata=i,this.permissionId=n,this.version=Mp.NAME}addInheritance(e){return e&&typeof e=="string"?e=Up(e):e&&Array.isArray(e)&&(e=e.map(Up)),this.inherits=e,this}},Qu=class{constructor(e,r){this.allRoles=e,this.opts=r}walk(e){let r=this.opts,n=this.allRoles,i=[];if(!e||!e._id)return i;if(i.push(e),Array.isArray(e.inherits))for(let s of e.inherits){let o=Do(s,n,r);o&&(i=i.concat(this.walk(o)))}else{let s=[],o=e;for(;o&&o.inherits&&!kU(s,o.inherits);){if(Array.isArray(o.inherits))return i.concat(this.walk(o));if(s.push(o.inherits),o=Do(o.inherits,n,r),o&&i.push(o),Pe.roles.checkForRoleInheritanceLoops(i))break}}return(0,cA.uniqBy)(i,s=>s._id)}},Fp={ADMIN:new Dr(ne.ADMIN,ne.ADMIN,"admin",{displayName:"App admin",description:"Can do everything",color:"var(--spectrum-global-color-static-red-400)"}).addInheritance(ne.POWER),POWER:new Dr(ne.POWER,ne.POWER,"power",{displayName:"App power user",description:"An app user with more access",color:"var(--spectrum-global-color-static-orange-400)"}).addInheritance(ne.BASIC),BASIC:new Dr(ne.BASIC,ne.BASIC,"write",{displayName:"App user",description:"Any logged in user",color:"var(--spectrum-global-color-static-green-400)"}).addInheritance(ne.PUBLIC),PUBLIC:new Dr(ne.PUBLIC,ne.PUBLIC,"public",{displayName:"Public user",description:"Accessible to anyone",color:"var(--spectrum-global-color-static-blue-400)"}),BUILDER:new Dr(ne.BUILDER,ne.BUILDER,"admin",{displayName:"Builder user",description:"Users that can edit this app",color:"var(--spectrum-global-color-static-magenta-600)"})};function Bp(){return(0,ju.default)(Fp)}function yn(t){return Object.values(kp).includes(t)}function Up(t){return yn(t)?t:Lt(t)}function lA(t){let e=Object.values(Fp).find(r=>t.includes(r._id));if(e)return(0,ju.default)(e)}function MU(t,e){if(!e)return!1;let r=n=>t.find(i=>tt(i._id,n));if(Array.isArray(e)){let n=e.filter(i=>r(i));return e.length!==0&&n.length===e.length}else return!!r(e)}function wo(t){let e=Bp(),r=Object.values(e).length+1;if(tt(t,ne.ADMIN)||tt(t,ne.BUILDER))return r;let n=e[t],i=0;do{if(!n)break;if(Array.isArray(n.inherits))throw new Error("Built-in roles don't support multi-inheritance");n=e[n.inherits],i++}while(n!==null);return i}async function FU(t){if(yn(t))return wo(t);let e=await Wp(t,{defaultPublic:!0}),r=n=>{if(!n.inherits)return 0;if(Array.isArray(n.inherits)){let i=n.inherits.map(s=>{let o=e.find(a=>tt(a._id,s));if(o)return r(o)+1}).filter(s=>s).sort().pop();if(i!=null)return i}else if(yn(n.inherits))return wo(n.inherits)+1;return 0};return Math.max(...e.map(r))}function BU(t,e){return t?e&&wo(t)>wo(e)?e:t:e}function tt(t,e){return Lt(t)===Lt(e)}function WU(t){let e;return t._id&&(e=Rr(t._id)),{...t,_id:e,inherits:mA(t.inherits,t.version)}}function Do(t,e,r){let n=lA(t);n||(t=Lt(t));let i=e.find(s=>s._id&&tt(s._id,t));return!i&&!yn(t)&&r?.defaultPublic?(0,ju.default)(Fp.PUBLIC):(n=Object.assign(n||{},i),n?._id&&(n._id=Rr(n._id,n.version)),Object.keys(n).length===0?void 0:n)}async function $U(t,e){let r=Hn(),n=[];if(!yn(t)){let i=await r.tryGet(pA(t));i&&n.push(i)}return Do(t,n,e)}async function VU(t){await Hn().bulkDocs(t.filter(r=>r._id).map(r=>({...r,_id:Lt(r._id)})))}async function GU(t,e){let r=await $p();if(tt(t,ne.ADMIN))return r;let n=Do(t,r,e),i=[];return n&&(i=new Qu(r,e).walk(n)),i}async function dA(t){return(await Wp(t)).map(r=>r._id)}async function Wp(t,e){return GU(t,e)}function fA(t,e){if(t&&!Array.isArray(t[e])){let r=t[e];t[e]=[r],r==="write"&&t[e].push("read")}return t}async function qU(t){return(await $p(t)).map(r=>r._id)}async function $p(t){if(t)return Ge(t,e);{let r;try{r=Hn()}catch{}return e(r)}async function e(r){let n=[];r&&(n=(await r.allDocs(tu(null,{include_docs:!0}))).rows.map(a=>a.doc),n.forEach(a=>a._id=Rr(a._id,a.version)));let i=Bp(),s=[];!r||await KU(r)?s=[ne.ADMIN,ne.POWER,ne.BASIC,ne.PUBLIC]:s=[ne.ADMIN,ne.BASIC,ne.PUBLIC];for(let o of s){let a=i[o],u=n.filter(c=>tt(c._id,o))[0];u==null?n.push(a||i.BASIC):(n=n.filter(c=>c._id!==u._id),u._id=Rr(a._id,u.version),n.push({...a,...u,name:a.name,_id:Rr(a._id,a.version)}))}for(let o of n)if(o.permissions)for(let a of Object.keys(o.permissions))o.permissions=fA(o.permissions,a);return n}}async function KU(t){let r=(await t.tryGet("app_metadata"))?.creationVersion;return!r||!Np.default.valid(r)?!0:!Np.default.gte(r,h.MIN_VERSION_WITHOUT_POWER_ROLE)}var Lp=class{constructor(){this.userHierarchies={}}async hasAccess(e,r){if(e==null||e===""||tt(e,ne.BUILDER)||tt(r,e)||tt(r,ne.BUILDER))return!0;let n=r?this.userHierarchies[r]:null;return!n&&r&&(n=await dA(r),this.userHierarchies[r]=n),n?.find(i=>tt(i,e))!==void 0}async checkScreensAccess(e,r){let n=[];for(let i of e){let s=await this.checkScreenAccess(i,r);s&&n.push(s)}return n}async checkScreenAccess(e,r){let n=e&&e.routing?e.routing.roleId:void 0;return await this.hasAccess(n,r)?e:null}};function pA(t){return t?.startsWith("role")?t:Lt(t)}function Rr(t,e){if(t.startsWith(`role${C}`)&&(yn(t)||e===Mp.NAME)){let r=t.split(C);return r.shift(),r.join(C)}return t}function mA(t,e){return t&&(typeof t=="string"?Rr(t,e):t.map(r=>Rr(r,e)))}var Gp={};P(Gp,{BUILDER:()=>zU,BUILTIN_PERMISSIONS:()=>Yu,CREATOR:()=>JU,GLOBAL_BUILDER:()=>ZU,PermissionImpl:()=>ie,PermissionLevel:()=>_i,PermissionType:()=>ko,doesHaveBasePermission:()=>YU,getAllowedLevels:()=>yA,getBuiltinPermissionByID:()=>jU,getBuiltinPermissions:()=>QU,isPermissionLevelHigherThanRead:()=>HU,levelToNumber:()=>gA});var hA=M(require("lodash/flatten")),EA=M(require("lodash/fp/cloneDeep")),ie=class{constructor(e,r){this.type=e,this.level=r}};function gA(t){switch(t){case"execute":return 0;case"read":return 1;case"write":return 2;case"admin":return 3;default:return-1}}function yA(t){switch(t){case"execute":return["execute"];case"read":return["execute","read"];case"write":case"admin":return["execute","read","write"];default:return[]}}var Yu={PUBLIC:{_id:"public",name:"Public",permissions:[new ie("webhook","execute")]},READ_ONLY:{_id:"read_only",name:"Read only",permissions:[new ie("query","read"),new ie("table","read"),new ie("app","read")]},WRITE:{_id:"write",name:"Read/Write",permissions:[new ie("query","write"),new ie("table","write"),new ie("automation","execute"),new ie("legacy_view","read"),new ie("app","read")]},POWER:{_id:"power",name:"Power",permissions:[new ie("table","write"),new ie("user","read"),new ie("automation","execute"),new ie("webhook","read"),new ie("legacy_view","read"),new ie("app","read")]},ADMIN:{_id:"admin",name:"Admin",permissions:[new ie("table","admin"),new ie("user","admin"),new ie("automation","admin"),new ie("webhook","read"),new ie("query","admin"),new ie("legacy_view","read"),new ie("app","read")]}};function QU(){return(0,EA.default)(Yu)}function jU(t){return Object.values(Yu).find(r=>r._id===t)}function YU(t,e,r){let n=[...new Set(r.map(o=>o.permissionId))],i=Object.values(Yu),s=(0,hA.default)(i.filter(o=>n.indexOf(o._id)!==-1).map(o=>o.permissions));for(let o of s)if(o.type===t&&yA(o.level).indexOf(e)!==-1)return!0;return!1}function HU(t){return gA(t)>1}var zU="builder",JU="creator",ZU="globalBuilder";var Qp={};P(Qp,{FlagSet:()=>zu,all:()=>rL,flags:()=>qp,getEnvFlags:()=>_A,init:()=>XU,isEnabled:()=>tL,parseEnvFlags:()=>Zu,shutdown:()=>eL,testutils:()=>Kp});var Ju=M(require("crypto"));var TA=require("posthog-node"),SA=M(require("dd-trace"));var AA=require("lodash");var Hu;function XU(t){h.POSTHOG_TOKEN&&h.POSTHOG_API_HOST&&!h.SELF_HOSTED&&h.POSTHOG_FEATURE_FLAGS_ENABLED?(console.log("initializing posthog client..."),Hu=new TA.PostHog(h.POSTHOG_TOKEN,{host:h.POSTHOG_API_HOST,personalApiKey:h.POSTHOG_PERSONAL_TOKEN,featureFlagsPollingInterval:me.fromMinutes(3).toMs(),...t})):console.log("posthog disabled")}function eL(){Hu?.shutdown()}function Zu(t){let e=t.split(",").map(n=>n.split(":")),r=[];for(let[n,...i]of e)for(let s of i){let o=!0;s.startsWith("!")&&(s=s.slice(1),o=!1),r.push({tenantId:n,key:s,value:o})}return r}function _A(){return Zu(h.TENANT_FEATURE_FLAGS||"")}var zu=class{constructor(e){this.flagSchema=e;this.setId=Ju.randomUUID()}defaults(){return(0,AA.cloneDeep)(this.flagSchema)}isFlagName(e){return this.flagSchema[e]!==void 0}async isEnabled(e){return(await this.fetch())[e]}async fetch(){return await SA.default.trace("features.fetch",async e=>{let r=Zd(this.setId);if(r)return e?.addTags({fromCache:!0}),r;let n={},i=this.defaults(),s=V(),o=new Set;if(Ya())return i;for(let{tenantId:d,key:f,value:m}of _A())if(!(!d||d!=="*"&&d!==s)&&(n.readFromEnvironmentVars=!0,m===!1&&o.add(f),!!this.isFlagName(f))){if(typeof i[f]!="boolean")throw new Error(`Feature: ${f} is not a boolean`);i[f]=m,n[`flags.${f}.source`]="environment"}let a=Ut(),u=a?._id;if(!u){let d=zd();d&&(u=Ju.createHash("sha512").update(d).digest("hex"))}let c=a?.tenantId;if(c||(c=s),n["identity.type"]=a?.type,n["identity._id"]=a?._id,n.tenantId=c,n.userId=u,Hu&&u){n.readFromPostHog=!0;let d=await ci(),f={tenantId:c},m={tenant:{id:c}};d.config.createdVersion&&(m.tenant.createdVersion=d.config.createdVersion),d.createdAt&&(m.tenant.createdAt=`${d.createdAt}`);let p=await Hu.getAllFlags(u,{personProperties:f,onlyEvaluateLocally:!0,groups:{tenant:c},groupProperties:m});for(let[E,g]of Object.entries(p))if(this.isFlagName(E)){if(typeof g!="boolean"){console.warn(`Invalid value for posthog flag "${E}": ${g}`);continue}if(!(i[E]===!0||o.has(E)))try{i[E]=g,n[`flags.${E}.source`]="posthog"}catch(T){console.warn(`Error parsing posthog flag "${E}": ${g}`,T)}}}let l=ef();for(let[d,f]of Object.entries(l))this.isFlagName(d)&&typeof f=="boolean"&&(i[d]=f,n[`flags.${d}.source`]="override");Xd(this.setId,i);for(let[d,f]of Object.entries(i))n[`flags.${d}.value`]=f;return e?.addTags(n),i})}},qp=new zu(Cm);async function tL(t){return await qp.isEnabled(t)}async function rL(){return await qp.fetch()}var Kp={};P(Kp,{setFeatureFlags:()=>OA,withFeatureFlags:()=>sL});function nL(){let t={};for(let{tenantId:e,key:r,value:n}of Zu(process.env.TENANT_FEATURE_FLAGS||"")){let i=t[e]||{};i[r]!==!1&&(i[r]=n,t[e]=i)}return t}function iL(t){let e=[];for(let[r,n]of Object.entries(t))for(let[i,s]of Object.entries(n))s===!1?e.push(`${r}:!${i}`):e.push(`${r}:${i}`);return e.join(",")}function OA(t,e){let r=nL();for(let[i,s]of Object.entries(e)){let o=r[t]||{};o[i]=s,r[t]=o}let n=iL(r);return Es({TENANT_FEATURE_FLAGS:n})}function sL(t,e,r){let n=OA(t,e),i=r();return i instanceof Promise?i.finally(n):(n(),i)}var im={};P(im,{adminOnly:()=>cc,auditLog:()=>sc,authError:()=>Oe,buildAuthMiddleware:()=>VL,buildCsrfMiddleware:()=>qL,buildTenancyMiddleware:()=>GL,builderOnly:()=>dc,builderOrAdmin:()=>lc,google:()=>Qt,internalApi:()=>ac,joiValidator:()=>Co,oidc:()=>jt,passport:()=>KL,platformLogout:()=>zL,refreshOAuthToken:()=>YL,ssoCallbackUrl:()=>Cr,updateUserOAuth:()=>HL});var nm={};P(nm,{adminOnly:()=>cc,auditLog:()=>sc,authError:()=>Oe,authenticated:()=>ic,builderOnly:()=>dc,builderOrAdmin:()=>lc,correlation:()=>MA,csp:()=>GA,csrf:()=>uc,datasource:()=>WL,errorHandling:()=>BA,featureFlagCookie:()=>qA,google:()=>Qt,internalApi:()=>ac,ip:()=>QA,joiValidator:()=>Co,local:()=>gi,oidc:()=>jt,pino:()=>LA,querystringToBody:()=>WA,ssoCallbackUrl:()=>Cr,tenancy:()=>oc});var gi={};P(gi,{authenticate:()=>uL,options:()=>aL});function Oe(t,e,r){return t(r,null,{message:e})}async function Cr(t,e){if(e&&e.callbackURL)return e.callbackURL;let r=await xp(),n="/api/global/auth";return lr()&&(n+=`/${V()}`),n+=`/${t}/callback`,`${r.platformUrl}${n}`}var jp="Invalid credentials",oL="This account has expired. Please reset your password",aL={passReqToCallback:!0};async function uL(t,e,r,n){if(!e)return Oe(n,"Email Required");if(!r)return Oe(n,"Password Required");let i=await gt(e);return i==null?(console.info(`user=${e} could not be found`),Oe(n,jp)):i.status==="inactive"?(console.info(`user=${e} is inactive`,i),Oe(n,jp)):i.password?await xd(r,i.password)?(delete i.password,n(null,i)):Oe(n,jp):(console.info(`user=${e} has no password set`,i),Oe(n,oL))}var Qt={};P(Qt,{buildVerifyFn:()=>DA,getCallbackUrl:()=>dL,strategyFactory:()=>Yp});var Ro=t=>Promise.resolve(t);async function Xu(t,e=!0,r,n){if(!n)throw new Error("Save user function must be provided");if(!t.userId)return Oe(r,"sso user id required");if(!t.email)return Oe(r,"sso user email required");let i=zn(t.userId),s;try{s=await En(i)}catch(a){if(!a.status||a.status!==404)return Oe(r,"Unexpected error when retrieving existing user",a)}if(s||(s=await gt(t.email)),!s&&e)return Oe(r,"Email does not yet exist. You must set up your local budibase account first.");s||(s={_id:i,email:t.email,roles:{},tenantId:V()});let o=await cL(s,t);o.forceResetPassword=!1;try{delete o.password,o=await n(o,{hashPassword:!1,requirePassword:!1})}catch(a){return Oe(r,"Error saving user",a)}return r(null,o)}async function cL(t,e){let r,n,i;if(e.profile){let s=e.profile;if(s.name){let o=s.name;o.givenName&&(r=o.givenName),o.familyName&&(n=o.familyName)}}return e.oauth2&&(i={...e.oauth2}),{...t,provider:e.provider,providerType:e.providerType,firstName:r,lastName:n,oauth2:i}}var lL=require("passport-google-oauth").OAuth2Strategy;function DA(t){return(e,r,n,i)=>{let s={provider:"google",providerType:"google",userId:n.id,profile:n,email:n._json.email,oauth2:{accessToken:e,refreshToken:r}};return Xu(s,!0,i,t)}}async function Yp(t,e,r){try{let{clientID:n,clientSecret:i}=t;if(!n||!i)throw new Error("Configuration invalid. Must contain google clientID and clientSecret");let s=DA(r);return new lL({clientID:t.clientID,clientSecret:t.clientSecret,callbackURL:e},s)}catch(n){throw new Error(`Error constructing google authentication strategy: ${n}`)}}async function dL(t){return Cr("google",t)}var jt={};P(jt,{buildVerifyFn:()=>CA,fetchStrategyConfig:()=>hL,getCallbackUrl:()=>EL,strategyFactory:()=>mL});var RA=M(require("node-fetch"));var fL=require("@techpass/passport-openidconnect").Strategy;function CA(t){return async(e,r,n,i,s,o,a,u,c)=>{let l={provider:e,providerType:"oidc",userId:n.id,profile:n,email:pL(n,i),oauth2:{accessToken:s,refreshToken:o}};return Xu(l,!1,c,t)}}function pL(t,e){if(t._json.email)return t._json.email;if(e.email)return e.email;let r=e.preferred_username;if(r&&Of(r))return r;throw new Error(`Could not determine user email from profile ${JSON.stringify(t)} and claims ${JSON.stringify(e)}`)}async function mL(t,e){try{let r=CA(e),n=new fL(t,r);return n.name="oidc",n}catch(r){throw new Error(`Error constructing OIDC authentication strategy - ${r}`)}}async function hL(t,e){try{let{clientID:r,clientSecret:n,configUrl:i,pkce:s}=t;if(!r||!n||!e||!i)throw new Error("Configuration invalid. Must contain clientID, clientSecret, callbackUrl and configUrl");let o=await(0,RA.default)(i);if(!o.ok)throw new Error(`Unexpected response when fetching openid-configuration: ${o.statusText}`);let a=await o.json();return{issuer:a.issuer,authorizationURL:a.authorization_endpoint,tokenURL:a.token_endpoint,userInfoURL:a.userinfo_endpoint,clientID:r,clientSecret:n,callbackURL:e,pkce:s}}catch(r){throw new Error(`Error constructing OIDC authentication configuration - ${r}`)}}async function EL(){return Cr("oidc")}var Hp={};P(Hp,{postAuth:()=>TL,preAuth:()=>yL});var gL=require("passport-google-oauth").OAuth2Strategy;async function bA(){let t=await vp();if(!t)throw new Error("No google configuration found");return t}async function yL(t,e,r){let n=await bA(),s=`${await Io({tenantAware:!1})}/api/global/auth/datasource/google/callback`,o=await Yp(n,s,Ro);return e.query.appId||e.throw(400,"appId query param not present."),t.authenticate(o,{scope:["profile","email","https://www.googleapis.com/auth/spreadsheets"],accessType:"offline",prompt:"consent"})(e,r)}async function TL(t,e,r){let n=await bA(),s=`${await Io({tenantAware:!1})}/api/global/auth/datasource/google/callback`,o=Bt(e,"budibase:datasourceauth");if(!o)throw new Error("Unable to fetch datasource auth cookie");return t.authenticate(new gL({clientID:n.clientID,clientSecret:n.clientSecret,callbackURL:s},(a,u,c,l)=>{mr(e,"budibase:datasourceauth"),l(null,{accessToken:a,refreshToken:u})}),{successRedirect:"/",failureRedirect:"/error"},async(a,u)=>{let c=`/builder/workspace/${o.appId}/data`,l=re();await $t(`datasource:creation:${o.appId}:google:${l}`,{tokens:u}),e.redirect(`${c}/new?continue_google_setup=${l}`)})(e,r)}var SL=/\/:(.*?)(\/.*)?$/g,Tn=t=>t?t.map(e=>{let r=e.route,n=e.method,i=r.match(SL);if(i)for(let s of i){let a="/.*"+(s.endsWith("/")?"/":"");r=r.replace(s,a)}return{regex:new RegExp(r),method:n,route:r}}):[],Sn=(t,e)=>e.find(({regex:r,method:n})=>{let i=r.test(t.request.url),s=n==="ALL"?!0:t.request.method.toLowerCase()===n.toLowerCase();return i&&s});var tm={};P(tm,{SecretOption:()=>PA,decrypt:()=>em,decryptFile:()=>DL,encrypt:()=>OL,encryptFile:()=>IL,getSecret:()=>Xp});var Yt=M(require("crypto")),br=M(require("fs")),Jp=M(require("zlib"));var zp=require("path"),ec="aes-256-ctr",vA="-",AL=1e4,_L=32,tc=16,Zp=16,PA=(r=>(r.API="api",r.ENCRYPTION="encryption",r))(PA||{});function Xp(t){let e,r;switch(t){case"encryption":e=h.ENCRYPTION_KEY,r="ENCRYPTION_KEY";break;case"api":default:e=h.API_ENCRYPTION_KEY,r="API_ENCRYPTION_KEY";break}if(!e)throw new Error(`Secret "${r}" has not been set in environment.`);return e}function rc(t,e){return Yt.default.pbkdf2Sync(t,new Uint8Array(e),AL,_L,"sha512")}function OL(t,e="api"){let r=Yt.default.randomBytes(tc),n=rc(Xp(e),r),i=Yt.default.createCipheriv(ec,new Uint8Array(n),new Uint8Array(r)),s=i.update(t,"utf8"),o=i.final(),a=Buffer.concat([new Uint8Array(s),new Uint8Array(o)]).toString("hex");return`${r.toString("hex")}${vA}${a}`}function em(t,e="api"){let[r,n]=t.split(vA),i=Buffer.from(r,"hex"),s=rc(Xp(e),i),o=Yt.default.createDecipheriv(ec,new Uint8Array(s),new Uint8Array(i)),a=o.update(n,"hex"),u=o.final();return Buffer.concat([new Uint8Array(a),new Uint8Array(u)]).toString()}async function IL({dir:t,filename:e},r){let n=`${e}.enc`,i=(0,zp.join)(t,e);if(br.default.lstatSync(i).isDirectory())throw new Error("Unable to encrypt directory");let s=br.default.createReadStream(i),o=br.default.createWriteStream((0,zp.join)(t,n)),a=Yt.default.randomBytes(tc),u=Yt.default.randomBytes(Zp),c=rc(r,a),l=Yt.default.createCipheriv(ec,new Uint8Array(c),new Uint8Array(u));return o.write(a),o.write(u),s.pipe(Jp.default.createGzip()).pipe(l).pipe(o),new Promise(d=>{o.on("finish",()=>{d({filename:n,dir:t})})})}async function wL(t){let e=br.default.createReadStream(t),r=await xA(e,tc),n=await xA(e,Zp);return e.close(),{salt:r,iv:n}}async function DL(t,e,r){if(br.default.lstatSync(t).isDirectory())throw new Error("Unable to encrypt directory");let{salt:n,iv:i}=await wL(t),s=br.default.createReadStream(t,{start:tc+Zp}),o=br.default.createWriteStream(e),a=rc(r,n),u=Yt.default.createDecipheriv(ec,new Uint8Array(a),new Uint8Array(i)),c=Jp.default.createGunzip();return s.pipe(u).pipe(c).pipe(o),new Promise((l,d)=>{o.on("finish",()=>{o.close(),l()}),s.on("error",f=>{o.close(),d(f)}),u.on("error",f=>{o.close(),d(f)}),c.on("error",f=>{o.close(),d(f)}),o.on("error",f=>{o.close(),d(f)})})}function xA(t,e){return new Promise((r,n)=>{let i=0,s=[];t.on("readable",()=>{let o;for(;(o=t.read(e-i))!==null;)s.push(o),i+=o.length;r(Buffer.concat(s.map(a=>new Uint8Array(a))))}),t.on("end",()=>{n(new Error("Insufficient data in the stream."))}),t.on("error",o=>{n(o)})})}var UA=M(require("dd-trace")),RL=h.SESSION_UPDATE_PERIOD?parseInt(h.SESSION_UPDATE_PERIOD):60*1e3;function CL(){return new Date(Date.now()-RL).toISOString()}function NA(t,e={}){t.publicEndpoint=e.publicEndpoint||!1,t.isAuthenticated=e.authenticated||!1,t.loginMethod=e.loginMethod,t.user=e.user,t.internal=e.internal||!1,t.version=e.version}async function bL(t,e){if(Vs(t))return{valid:!0,user:void 0};let n=em(t).split(C)[0];return Re(n,async()=>{let i;try{let s=Y();i=await Mt("by_api_key",{key:t},s)}catch{i=void 0}if(i)return{valid:!0,user:await Ao({userId:i,tenantId:n,populateUser:e})};throw new fi})}function nc(t,e){let r=t.request.headers[e];if(Array.isArray(r))throw new Error("Unexpected header format");return r}function ic(t=[],e={publicAllowed:!1}){let r=t?Tn(t):[];return async(n,i)=>{let s=!1,o=nc(n,"x-budibase-api-version");Sn(n,r)&&(s=!0);try{let u=nc(n,"x-budibase-token"),c=Bt(n,"budibase:auth")||nu(u),l=nc(n,"x-budibase-api-key");!l&&n.request.headers.authorization&&(l=n.request.headers.authorization.split(" ")[1]);let d=nc(n,"x-budibase-tenant-id"),f=!1,m,p=!1,E;if(c&&!l){let T=c.sessionId,_=c.userId,A;try{A=await Ep(_,T),e&&e.populateUser?m=await Ao({userId:_,tenantId:A.tenantId,email:A.email,populateUser:e.populateUser(n)}):m=await Ao({userId:_,tenantId:A.tenantId,email:A.email}),m.csrfToken=A.csrfToken,E="cookie",A?.lastAccessedAt<CL()&&await hp(A),f=!0}catch(w){f=!1,console.error(`Auth Error: ${w.message}`),mr(n,"budibase:auth")}}if(!f&&l){let T=e.populateUser?e.populateUser(n):null,{valid:_,user:A}=await bL(l,T);_&&(f=!0,E="api_key",m=A,p=!A)}!m&&d?m={tenantId:d}:m&&"password"in m&&delete m.password,f||(f=!1);let g=T=>T&&T.email;return g(m)&&UA.default.setUser({id:m._id,tenantId:m.tenantId,budibaseAccess:m.budibaseAccess,status:m.status}),NA(n,{authenticated:f,user:m,internal:p,version:o,publicEndpoint:s,loginMethod:E}),g(m)?Nd(m,n,i):i()}catch(u){if(console.error(`Auth Error: ${u.message}`),u?.name==="JsonWebTokenError"?mr(n,"budibase:auth"):u?.code==="invalid_api_key"&&n.throw(403,u.message),e&&e.publicAllowed||s)return NA(n,{authenticated:!1,version:o,publicEndpoint:s}),i();n.throw(u.status||403,u)}}}var sc=async(t,e)=>e();function oc(t,e,r={noTenancyRequired:!1}){let n=Tn(t),i=Tn(e);return async function(s,o){let u={allowNoTenant:r.noTenancyRequired||!!Sn(s,i)};!!Sn(s,n)||(u.excludeStrategies=["query"]);let l=Ws(s,u);return s.set("x-budibase-tenant-id",l),Re(l,o)}}async function ac(t,e){let r=t.request.headers["x-budibase-api-key"];return r||t.throw(403,"Unauthorized"),Array.isArray(r)&&t.throw(403,"Unauthorized"),Vs(r)||t.throw(403,"Unauthorized"),e()}var xL=["GET","HEAD","OPTIONS"],vL=["application/x-www-form-urlencoded","multipart/form-data","text/plain"];function uc(t={noCsrfPatterns:[]}){let e=Tn(t.noCsrfPatterns);return async(r,n)=>{if(Sn(r,e)||xL.indexOf(r.method)!==-1)return n();let s=r.get("content-type")?r.get("content-type").toLowerCase():"";if(!vL.filter(u=>s.includes(u)).length||r.internal)return n();let o=r.user?.csrfToken;if(!o)return n();let a=r.get("x-csrf-token");return(!a||a!==o)&&r.throw(403,"Invalid CSRF token"),n()}}var cc=async(t,e)=>(!t.internal&&!Ir(t.user)&&t.throw(403,"Admin user only endpoint."),e());async function lc(t,e){let r=Ae(),n=h.isWorker()||!r?Xe:h.isApps()?pi:void 0;if(!n)throw new Error("Service name unknown - middleware inactive.");return!t.internal&&!n(t.user,r)&&!Ir(t.user)&&t.throw(403,"Admin/Builder user only endpoint."),e()}async function dc(t,e){let r=Ae(),n;if(h.isWorker()||!r?n=Xe:h.isApps()&&(n=pi),!n)throw new Error("Service name unknown - middleware inactive.");return!t.internal&&!n(t.user,r)&&t.throw(403,"Builder user only endpoint."),e()}var PL=require("koa-pino-logger"),NL=require("correlation-id");function UL(){return{logger:hu,genReqId:NL.getId,autoLogging:{ignore:t=>!!t.url?.includes("/health")},serializers:{req:t=>({method:t.method,url:t.url,correlationId:t.id}),res:t=>({status:t.statusCode})}}}function LL(){return h.HTTP_LOGGING?PL(UL()):(t,e)=>e()}var LA=LL();var kA=require("uuid"),kL=require("correlation-id"),MA=(t,e)=>{let r=t.headers["x-budibase-correlation-id"];return r||(r=(0,kA.v4)()),kL.withId(r,()=>e())};function FA(t){if(t.includes("-----BEGIN PRIVATE KEY-----"))return!0;for(let e of Ty){let r=h[e];if(!(typeof r!="string"||r==="")&&t.includes(r))return!0}return!1}async function BA(t,e){try{await e()}catch(r){let n=r.status||r.statusCode||500;t.status=n,n>=400&&n<500?console.warn(r):console.error("Got 400 response code",r);let i={message:r.message,status:n,validationErrors:r.validation,error:Lu(r)};if(FA(JSON.stringify(i))&&(i={message:"Unexpected error",status:n,error:"Unexpected error"}),h.isTest()&&t.headers["x-budibase-include-stacktrace"]){let s=r;for(;s.cause;)s=s.cause;i.stack=s.stack}t.body=i}}function WA(t,e){let r=t.request.query?.query;if(t.request.method.toLowerCase()!=="get"&&t.throw(500,"Query to download middleware can only be used for get requests."),!r)return e();let n=decodeURIComponent(r),i;try{i=JSON.parse(n)}catch{return e()}return t.request.body=i,e()}var VA=M(require("crypto"));var $A={"default-src":["'self'"],"script-src":["'self'","'unsafe-eval'","https://*.budibase.net","https://cdn.budi.live","https://js.intercomcdn.com","https://widget.intercom.io","https://d2l5prqdbvm3op.cloudfront.net","https://us-assets.i.posthog.com","https://www.google.com/recaptcha/api.js"],"style-src":["'self'","'unsafe-inline'","https://cdn.jsdelivr.net","https://fonts.googleapis.com","https://rsms.me","https://maxcdn.bootstrapcdn.com"],"object-src":["'none'"],"base-uri":["'self'"],"connect-src":["'self'","https://*.budibase.app","https://*.budibaseqa.app","https://*.budibase.net","https://api-iam.intercom.io","https://api-ping.intercom.io","https://app.posthog.com","https://us.i.posthog.com","wss://nexus-websocket-a.intercom.io","wss://nexus-websocket-b.intercom.io","https://nexus-websocket-a.intercom.io","https://nexus-websocket-b.intercom.io","https://uploads.intercomcdn.com","https://uploads.intercomusercontent.com","https://*.amazonaws.com","https://*.s3.amazonaws.com","https://*.s3.us-east-2.amazonaws.com","https://*.s3.us-east-1.amazonaws.com","https://*.s3.us-west-1.amazonaws.com","https://*.s3.us-west-2.amazonaws.com","https://*.s3.af-south-1.amazonaws.com","https://*.s3.ap-east-1.amazonaws.com","https://*.s3.ap-south-1.amazonaws.com","https://*.s3.ap-northeast-2.amazonaws.com","https://*.s3.ap-southeast-1.amazonaws.com","https://*.s3.ap-southeast-2.amazonaws.com","https://*.s3.ap-northeast-1.amazonaws.com","https://*.s3.ca-central-1.amazonaws.com","https://*.s3.cn-north-1.amazonaws.com","https://*.s3.cn-northwest-1.amazonaws.com","https://*.s3.eu-central-1.amazonaws.com","https://*.s3.eu-west-1.amazonaws.com","https://*.s3.eu-west-2.amazonaws.com","https://*.s3.eu-south-1.amazonaws.com","https://*.s3.eu-west-3.amazonaws.com","https://*.s3.eu-north-1.amazonaws.com","https://*.s3.sa-east-1.amazonaws.com","https://*.s3.me-south-1.amazonaws.com","https://*.s3.us-gov-east-1.amazonaws.com","https://*.s3.us-gov-west-1.amazonaws.com","https://api.github.com"],"font-src":["'self'","data:","https://cdn.jsdelivr.net","https://fonts.gstatic.com","https://rsms.me","https://maxcdn.bootstrapcdn.com","https://js.intercomcdn.com","https://fonts.intercomcdn.com"],"frame-src":["'self'","https:"],"img-src":["http:","https:","data:","blob:"],"manifest-src":["'self'"],"media-src":["'self'","https://js.intercomcdn.com","https://cdn.budi.live"],"worker-src":["blob:","'self'"]},ML=/^[A-Za-z0-9-*:/.]+$/,GA=async(t,e)=>{let r=VA.default.randomBytes(16).toString("base64");t.state.nonce=r;let n={...$A};if(n["script-src"]=[...$A["script-src"],`'nonce-${r}'`],t.user?.license?.features.includes("customAppScripts")&&t.appId)try{let o=await Us.getWorkspaceMetadata(t.appId);if("name"in o)for(let a of o.scripts||[]){let u=(a.cspWhitelist||"").split(`
 `).filter(c=>ML.test(c));n["default-src"]=[...n["default-src"],...u]}}catch(o){console.error(`Error occurred in Content-Security-Policy middleware: ${o}`)}let s=Object.entries(n).map(([o,a])=>`${o} ${a.join(" ")}`).join("; ");t.set("Content-Security-Policy",s),await e()};var qA=async(t,e)=>{let n=Bt(t,"budibase:featureflags")?.flags||{};await tf(n,async()=>{await e()})};var Co={};P(Co,{body:()=>FL,params:()=>BL});var rm=M(require("joi"));function KA(t,e,r){let n=r?.errorPrefix??`Invalid ${e}`;return(i,s)=>{if(!t)return s();let o=null,a=i.request?.[e];i[e]!=null?o=i[e]:a!=null&&(o=a),t.append&&(t=t.append({createdAt:rm.default.any().optional(),updatedAt:rm.default.any().optional()}));let{error:u}=t.validate(o,{allowUnknown:r?.allowUnknown});if(u){let c=u.message;n&&(c=`Invalid ${e} - ${c}`),i.throw(400,c)}return s()}}function FL(t,e){return KA(t,"body",e)}function BL(t,e){return KA(t,"params",e)}async function QA(t,e){return t.ip?await Jd(t.ip,()=>e()):e()}var WL={google:Hp};var jA=require("koa-passport"),$L=require("passport-local").Strategy,fc=require("passport-oauth2-refresh"),VL=ic,GL=oc,qL=uc,KL=jA;jA.use(new $L(gi.options,gi.authenticate));async function QL(t,e){let r=await jt.getCallbackUrl(),n,i;try{if(n=await jt.fetchStrategyConfig(t,r),!n)throw new Error("OIDC Config contents invalid");i=await jt.strategyFactory(n,Ro)}catch{throw new Error("Could not refresh OAuth Token")}return fc.use(i,{setRefreshOAuth2(){return i._getOAuth2Client(n)}}),new Promise(s=>{fc.requestNewAccessToken("oidc",e,(o,a,u,c)=>{s({err:o,accessToken:a,refreshToken:u,params:c})})})}async function jL(t,e){let r=await Qt.getCallbackUrl(t),n;try{n=await Qt.strategyFactory(t,r,Ro)}catch(i){throw new Error(`Error constructing OIDC refresh strategy: message=${i.message}`)}return fc.use(n),new Promise(i=>{fc.requestNewAccessToken("google",e,(s,o,a,u)=>{i({err:s,accessToken:o,refreshToken:a,params:u})})})}async function YL(t,e,r){switch(e){case"oidc":{if(!r)return{err:{data:"OIDC config id not provided"}};let n=await Pp(r);return n?QL(n,t):{err:{data:"OIDC configuration not found"}}}case"google":{let n=await Ku();return n?jL(n,t):{err:{data:"Google configuration not found"}}}}}async function HL(t,e){let r={accessToken:e.accessToken,refreshToken:e.refreshToken};try{let n=Y(),i=await n.get(t);typeof r.refreshToken!="string"&&delete r.refreshToken,i.oauth2={...i.oauth2,...r},await n.put(i),await _o(t)}catch(n){console.error("Could not update OAuth details for current user",n)}}async function zL(t){let e=t.ctx,r=t.userId,n=t.keepActiveSession;if(!e)throw new Error("Koa context must be supplied to logout.");let i=Bt(e,"budibase:auth"),s=await go(r);i&&n?s=s.filter(a=>a.sessionId!==i.sessionId):mr(e,"budibase:auth");let o=s.map(({sessionId:a})=>a);await hn(r,{sessionIds:o,reason:"logout"}),await Du.logout(e.user?.email),await _o(r)}var om={};P(om,{validate:()=>t0});var R=M(require("joi")),JL=["Relational","Non-relational","Spreadsheet","Object store","Graph","API"];function sm(t,e){let{error:r}=t.validate(e);if(r)throw r}function ZL(t){let e=R.default.object({type:R.default.string().allow("component").required(),metadata:R.default.object().unknown(!0).required(),hash:R.default.string().optional(),version:R.default.string().optional(),schema:R.default.object({name:R.default.string().required(),settings:R.default.array().items(R.default.object().unknown(!0)).required()}).unknown(!0)});sm(e,t)}function XL(t){let e=R.default.object({type:R.default.string().allow(...Object.values(yc)).required(),required:R.default.boolean().required(),default:R.default.any(),display:R.default.string()}),r=R.default.object({type:R.default.string().allow(...Object.values(gc)),readable:R.default.boolean(),displayName:R.default.string(),fields:R.default.object().pattern(R.default.string(),e)}).required(),n=R.default.object({type:R.default.string().allow("datasource").required(),metadata:R.default.object().unknown(!0).required(),hash:R.default.string().optional(),version:R.default.string().optional(),schema:R.default.object({docs:R.default.string(),plus:R.default.boolean().optional(),isSQL:R.default.boolean().optional(),auth:R.default.object({type:R.default.string().required()}).optional(),features:R.default.object(Object.fromEntries(Object.values(Tc).map(i=>[i,R.default.boolean().optional()]))).optional(),relationships:R.default.boolean().optional(),description:R.default.string().required(),friendlyName:R.default.string().required(),type:R.default.string().allow(...JL),datasource:R.default.object().pattern(R.default.string(),e).required(),query:R.default.object().pattern(R.default.string(),r).unknown(!0).required(),extra:R.default.object().pattern(R.default.string(),R.default.object({type:R.default.string().required(),displayName:R.default.string().required(),required:R.default.boolean(),data:R.default.object()}))})});sm(n,t)}function e0(t){let e=R.default.object().pattern(R.default.string(),{type:R.default.string().allow(...Object.values(Sc)).required(),customType:R.default.string().allow(...Object.values(Ac)),title:R.default.string(),description:R.default.string(),enum:R.default.array().items(R.default.string()),pretty:R.default.array().items(R.default.string())}),r=R.default.object({properties:e,required:R.default.array().items(R.default.string())}).concat(e).required(),n=R.default.object({type:R.default.string().allow("automation").required(),metadata:R.default.object().unknown(!0).required(),hash:R.default.string().optional(),version:R.default.string().optional(),schema:R.default.object({name:R.default.string().required(),tagline:R.default.string().required(),icon:R.default.string().required(),description:R.default.string().required(),type:R.default.string().allow("ACTION","LOGIC").required(),stepId:R.default.string().disallow(...bm).required(),inputs:R.default.object().optional(),schema:R.default.object({inputs:r,outputs:r}).required()})});sm(n,t)}function t0(t){switch(t?.type){case"component":ZL(t);break;case"datasource":XL(t);break;case"automation":e0(t);break;default:throw new Error(`Unknown plugin type - check schema.json: ${t.type}`)}}var am={};P(am,{Client:()=>Ce,clients:()=>fr,locks:()=>Ei,utils:()=>Wa});var um={};P(um,{isBlacklisted:()=>n0,refreshBlacklist:()=>JA});var YA=M(require("dns")),mc=M(require("net"));var HA=require("util"),pc,r0=(0,HA.promisify)(YA.default.lookup);async function zA(t){return mc.default.isIP(t)||(t.startsWith("http")||(t=`https://${t}`),t=new URL(t).hostname),(await r0(t,{all:!0})).map(r=>r.address)}async function JA(){let e=h.BLACKLIST_IPS?.split(",")||[],r=[];for(let n of e){let i=n.trim();if(mc.default.isIP(i))r.push(i);else{let s=await zA(i);r=r.concat(s)}}pc=r}async function n0(t){if(pc||await JA(),pc?.length===0)return!1;let e;return mc.default.isIP(t)?e=[t]:e=await zA(t),!!pc?.find(r=>e.includes(r))}var lm={};P(lm,{init:()=>s0});var i0={"user:created":t=>t.userId,"user:updated":t=>t.userId,"user:deleted":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:admin:removed":t=>t.userId,"user:builder:assigned":t=>t.userId,"user:builder:removed":t=>t.userId,"user_group:created":t=>t.groupId,"user_group:updated":t=>t.groupId,"user_group:deleted":t=>t.groupId,"user_group:user_added":t=>t.groupId,"user_group:users_deleted":t=>t.groupId,"user_group:permissions_edited":t=>t.groupId,"automation:deleted":t=>t.automationId,"datasource:deleted":t=>t.datasourceId,"table:deleted":t=>t.tableId,"query:deleted":t=>t.queryId,"workspace_app:deleted":t=>t.workspaceAppId,"view:deleted":t=>t.id};function ZA(t,e){let r=i0[t];if(!r)throw new Error("Event does not have a method of document ID extraction");return r(e)}var bo=class{constructor(e){this.processors=[];this.processors=e}async processEvent(e,r,n){let i=r.realTenantId,s=ZA(e,n);if(!(!i||!s))for(let{events:o,processor:a}of this.processors)o.includes(e)&&await Re(i,async()=>{await a({id:s,tenantId:i,appId:n.appId})})}shutdown(){return TS()}};var XA,cm;function s0(t){qt||wu(),cm||(cm=new bo(t)),XA||(XA=qt.process(async e=>{let{event:r,identity:n,properties:i}=e.data;await cm.processEvent(r,n,i)}))}var Tm={};P(Tm,{COUNT_FIELD_NAME:()=>gm,Sql:()=>u_,SqlTable:()=>hc,designDoc:()=>ym,utils:()=>qd});var n_=require("knex");var o0=require("knex");function dm(t){return["link","formula","ai"].indexOf(t)!==-1}function e_(t,e,r,n,i){let s=e&&e.primary?e.primary:[],o=Object.values(e.schema),a=o.filter(f=>f.meta),u=a.length===o.length,c=[];n||(u?t.primary(a.map(f=>f.name)):s.length===1?(t.increments(s[0]).primary(),c.push(s[0])):t.primary(s));let l=Object.values(e.schema).map(f=>f.foreignKey);for(let[f,m]of Object.entries(e.schema)){let p=n?.schema[f];if(p&&p.type||c.includes(f)||i?.updated===f)continue;let E=m.type;switch(E){case"string":case"options":case"longform":case"barcodeqr":case"bb_reference_single":s.includes(f)?t.string(f,255):t.text(f);break;case"number":if(m.meta&&m.meta.toKey&&m.meta.toTable){let{toKey:g,toTable:T}=m.meta;t.integer(f).unsigned(),t.foreign(f).references(`${T}.${g}`)}else l.indexOf(f)===-1&&t.float(f);break;case"bigint":t.bigint(f);break;case"boolean":t.boolean(f);break;case"datetime":m.timeOnly?t.time(f):t.datetime(f,{useTz:!m.ignoreTimezones});break;case"array":case"bb_reference":Pe.schema.isDeprecatedSingleUserColumn(m)?t.text(f):t.json(f);break;case"link":if(m.relationshipType!=="many-to-one"&&m.relationshipType!=="many-to-many"){if(!m.foreignKey||!m.tableId)throw new Error("Invalid relationship schema");let{tableName:g}=Bd(m.tableId),T=r[g];if(!T||!T.primary)throw new Error("Referenced table doesn't exist or has no primary keys");let _=T.primary[0],A=T.schema[_].externalType;A?t.specificType(m.foreignKey,A):t.integer(m.foreignKey).unsigned(),t.foreign(m.foreignKey).references(`${g}.${_}`)}break;case"signature_single":case"attachment":case"attachment_single":t.json(f);break;case"formula":break;case"ai":break;case"auto":case"json":case"internal":throw new Error(`${m.type} is not a valid SQL type`);default:Zt.unreachable(E)}}let d=i?n?.schema[i.old].type:void 0;return i&&d&&!dm(d)&&t.renameColumn(i.old,i.updated),n&&Object.entries(n.schema).filter(([m,p])=>!dm(p.type)&&e.schema[m]==null).forEach(([m,p])=>{i?.old===m||dm(p.type)||(n.constrained&&n.constrained.indexOf(m)!==-1&&t.dropForeign(m),t.dropColumn(m))}),t}function u0(t,e,r){return t.createTable(e.name,n=>{e_(n,e,r)})}function c0(t,e,r,n,i){return t.alterTable(e.name,s=>{e_(s,e,r,n,i)})}function l0(t,e){return t.dropTable(e.name)}var fm=class{constructor(e){this.sqlClient=e}getBaseSqlClient(){return this.sqlClient}getSqlClient(){return this.extendedSqlClient||this.sqlClient}setExtendedSqlClient(e){this.extendedSqlClient=e}_operation(e){return e.operation}_tableQuery(e){let r=(0,o0.knex)({client:this.sqlClient}).schema;e?.schema&&(r=r.withSchema(e.schema));let n;if(!e.table||!e.tables)throw new Error("Cannot execute without table being specified");if(e.table.sourceType==="internal")throw new Error("Cannot perform table actions for SQS.");switch(this._operation(e)){case"CREATE_TABLE":n=u0(r,e.table,e.tables);break;case"UPDATE_TABLE":if(!e.table)throw new Error("Must specify old table for update");if(this.sqlClient==="mysql2"&&e.meta?.renamed){let i=e.meta.renamed.updated;return{sql:`alter table ${e?.schema?`\`${e.schema}\`.\`${e.table.name}\``:`\`${e.table.name}\``} rename column \`${e.meta.renamed.old}\` to \`${i}\`;`,bindings:[]}}if(n=c0(r,e.table,e.tables,e.meta?.oldTable,e.meta?.renamed),this.sqlClient==="mssql"&&e.meta?.renamed){let i=e.meta.renamed.old,s=e.meta.renamed.updated,o=e?.schema?`${e.schema}.${e.table.name}`:`${e.table.name}`,a=Qn(n);if(Array.isArray(a))for(let u of a)u.sql.startsWith("exec sp_rename")&&(u.sql=`exec sp_rename '${o}.${i}', '${s}', 'COLUMN'`,u.bindings=[]);return a}break;case"DELETE_TABLE":n=l0(r,e.table);break;default:throw new Error("Table operation is of unknown type")}return Qn(n)}},hc=fm;var i_=require("lodash"),gm="__bb_total";function t_(){return(h.SQL_MAX_ROWS?parseInt(h.SQL_MAX_ROWS):null)||5e3}function pm(){return(h.SQL_MAX_RELATED_ROWS?parseInt(h.SQL_MAX_RELATED_ROWS):null)||500}function d0(t,e){return t.sort((r,n)=>{let i=e.find(o=>o&&r.endsWith(o)),s=e.find(o=>o&&n.endsWith(o));return i&&!s?-1:!i&&s?1:r.localeCompare(n)})}function s_(t){return Array.isArray(t)?t.map(e=>s_(e)):(t.bindings&&(t.bindings=t.bindings.map(e=>typeof e=="boolean"?e?1:0:e)),t)}function r_(t){return t.sourceType==="internal"||t.sourceId===Ic}function f0(t,e='"'){return t.replace(new RegExp(e,"g"),`${e}${e}`)}function o_(t,e='"'){return`${e}${f0(t,e)}${e}`}function mm(t,e='"'){for(let r in t)typeof t[r]=="string"&&(t[r]=o_(t[r],e));return`[${t.join(",")}]`}function a_(t){return vm.includes(t.type)&&!Pe.schema.isDeprecatedSingleUserColumn(t)}var p0={equal:!1,notEqual:!0,empty:!1,notEmpty:!0,fuzzy:!1,string:!1,range:!1,contains:!1,notContains:!0,containsAny:!1,oneOf:!1,$and:!1,$or:!1},hm=class{constructor(e,r,n){this.SPECIAL_SELECT_CASES={POSTGRES_ARRAY:e=>this.client==="pg"&&e?.externalType?.toLowerCase()==="array",POSTGRES_MONEY:e=>this.client==="pg"&&e?.externalType?.includes("money"),POSTGRES_ENUM:e=>this.client==="pg"&&e?.externalType?.toLowerCase()==="user-defined"&&e?.type==="options",MSSQL_DATES:e=>this.client==="mssql"&&e?.type==="datetime"&&e.timeOnly};this.client=e,this.query=n,this.knex=r,this.splitter=new or.ColumnSplitter([this.table],{aliases:this.query.tableAliases,columnPrefix:this.query.meta?.columnPrefix})}get table(){return this.query.table}get knexClient(){return this.knex.client}getFieldSchema(e){let{column:r}=this.splitter.run(e);return this.table.schema[r]}requiresJsonAsStringClient(){return["mssql","mysql2","mariadb","oracledb"].includes(this.client)}quoteChars(){let e=this.knexClient.wrapIdentifier("foo",{});return[e[0],e[e.length-1]]}quote(e){return this.knexClient.wrapIdentifier(e,{})}isQuoted(e){let[r,n]=this.quoteChars();return e.startsWith(r)&&e.endsWith(n)}quotedIdentifier(e){return Array.isArray(e)||(e=this.splitIdentifier(e)),e.map(r=>this.quote(r)).join(".")}castIntToString(e){switch(this.client){case"oracledb":return this.knex.raw("to_char(??)",[e]);case"pg":return this.knex.raw("??::TEXT",[e]);case"mysql2":case"mariadb":return this.knex.raw("CAST(?? AS CHAR)",[e]);case"sqlite3":return this.knex.raw("printf('%d', ??)",[e]);case"mssql":return this.knex.raw("CONVERT(NVARCHAR, ??)",[e])}}rawQuotedIdentifier(e){return this.knex.raw(this.quotedIdentifier(e))}splitIdentifier(e){let[r,n]=this.quoteChars();return this.isQuoted(e)?e.slice(1,-1).split(`${n}.${r}`):e.split(".")}qualifyIdentifier(e){let r=this.getTableName(),n=this.splitIdentifier(e);return n[0]!==r&&n.unshift(r),this.isQuoted(e)?this.quotedIdentifier(n):n.join(".")}generateSelectStatement(){let{table:e,resource:r}=this.query;if(!r||!r.fields||r.fields.length===0)return"*";let n=this.getTableName(e),i=this.table.schema;return r.fields.map(o=>{let a=o.split(/\./g),u,c=a[0];return a.length>1&&(u=a[0],c=a.slice(1).join(".")),{table:u,column:c,field:o}}).filter(({table:o})=>!o||o===n).map(({table:o,column:a,field:u})=>{let c=i[a];return this.SPECIAL_SELECT_CASES.POSTGRES_MONEY(c)?this.knex.raw("??::money::numeric as ??",[this.rawQuotedIdentifier([o,a].join(".")),this.knex.raw(this.quote(u))]):this.SPECIAL_SELECT_CASES.MSSQL_DATES(c)?this.knex.raw("CONVERT(varchar, ??, 108) as ??",[this.rawQuotedIdentifier(u),this.knex.raw(this.quote(u))]):o?this.rawQuotedIdentifier(`${o}.${a}`):this.rawQuotedIdentifier(u)})}convertClobs(e,r){if(this.client!=="oracledb")throw new Error("you've called convertClobs on a DB that's not Oracle, this is a mistake");let i=this.splitIdentifier(e).pop(),s=this.table.schema[i],o=this.rawQuotedIdentifier(e);return(s.type==="string"||s.type==="longform"||s.type==="bb_reference_single"||s.type==="bb_reference"||s.type==="options"||s.type==="barcodeqr")&&(r?.forSelect?o=this.knex.raw("to_char(??) as ??",[o,this.rawQuotedIdentifier(i)]):o=this.knex.raw("to_char(??)",[o])),o}parse(e,r){if(Array.isArray(e))return JSON.stringify(e);if(e==null)return null;if(this.requiresJsonAsStringClient()&&a_(r)&&typeof e=="object")return JSON.stringify(e);if(this.SPECIAL_SELECT_CASES.POSTGRES_ARRAY(r))return`{${e}}`;if(this.client==="oracledb"&&r.type==="datetime"&&r.timeOnly){if(e instanceof Date){let n=e.getHours().toString().padStart(2,"0"),i=e.getMinutes().toString().padStart(2,"0"),s=e.getSeconds().toString().padStart(2,"0");return`${n}:${i}:${s}`}if(typeof e=="string")return new Date(`1970-01-01T${e}Z`)}if(typeof e=="string"&&r.type==="datetime")if(r.timeOnly){if(!Vd(e))return null}else if(r.dateOnly){let n=$d(e);return n?new Date(n):null}else return r.ignoreTimezones?Ka(e)?new Date(e):Wd(e)?new Date(e+"Z"):null:Ka(e)?new Date(e.trim()):null;return e}parseBody(e){for(let[r,n]of Object.entries(e)){let{column:i}=this.splitter.run(r),s=this.table.schema[i];s&&(e[r]=this.parse(n,s))}return e}parseFilters(e){e=(0,i_.cloneDeep)(e);for(let r of Object.values(Pr)){let n=e[r];if(n)for(let i of Object.keys(n)){if(Array.isArray(n[i])){n[i]=JSON.stringify(n[i]);continue}let{column:s}=this.splitter.run(i),o=this.table.schema[s];o&&(n[i]=this.parse(n[i],o))}}for(let r of Object.values(zt)){let n=e[r];if(n)for(let i of Object.keys(n)){let{column:s}=this.splitter.run(i),o=this.table.schema[s];o&&(n[i]=n[i].map(a=>this.parse(a,o)))}}for(let r of Object.values(On)){let n=e[r];if(n)for(let i of Object.keys(n)){let{column:s}=this.splitter.run(i),o=this.table.schema[s];if(!o)continue;let a=n[i];"low"in a&&(a.low=this.parse(a.low,o)),"high"in a&&(a.high=this.parse(a.high,o))}}return e}addJoinFieldCheck(e,r){let n=r.from?.split(".")[0]||"";return e.andWhere(`${n}.fieldName`,"=",r.column)}addRelationshipForFilter(e,r,n,i){let{relationships:s,schema:o,tableAliases:a,table:u}=this.query,c=a?.[u.name]||u.name,l=d=>n.match(new RegExp(`^${d}\\.`));if(!s)return e;for(let d of s){let f=d.tableName,m=a?.[f]||f,p=l(f)||l(m),E=l(d.column);if((p||E)&&d.to&&d.tableName){let g=this.knex.select(this.knex.raw(1)).from({[m]:f}),T=g.clone(),_=Gd(d),A;if(p?A=n:A=n.replace(new RegExp(`^${d.column}.`),`${a?.[d.tableName]||d.tableName}.`),_){let w=a?.[_.through]||d.through,y=this.tableNameWithSchema(_.through,{alias:w,schema:o});T=T.innerJoin(y,function(){this.on(`${m}.${_.toPrimary}`,"=",`${w}.${_.to}`)}).where(`${w}.${_.from}`,"=",this.rawQuotedIdentifier(`${c}.${_.fromPrimary}`)),this.client==="sqlite3"&&(T=this.addJoinFieldCheck(T,_)),e=e.where(O=>{O.whereExists(i(A,T)),r&&O.orWhereNotExists(g.clone().innerJoin(y,function(){this.on(`${c}.${_.fromPrimary}`,"=",`${w}.${_.from}`)}))})}else{let w=`${m}.${d.to}`,y=`${c}.${d.from}`;T=T.where(w,"=",this.rawQuotedIdentifier(y)),e=e.where(O=>{O.whereExists(i(A,T.clone())),r&&O.orWhereNotExists(T)})}}}return e}addFilters(e,r,n){if(!r)return e;let i=this;r=this.parseFilters({...r});let s=this.query.tableAliases,o=r.allOr,u=this.client==="sqlite3"?this.table._id:this.table.name;function c(p){return s?.[p]||p}function l(p,E,g,T){let _=(A,w,y)=>{let[O,...k]=w.split("."),v=k.join("."),L=c(O);return A.andWhere(j=>g(j,L?`${L}.${v}`:v,y))};for(let A in p){let w=p[A],y=Bs(A),O=y.includes("."),k=n?.relationship&&O,v;if(A==="_complexIdOperator"&&(v=p[A])&&T){let L=c(u);e=T(e,v.id.map(j=>L?`${L}.${j}`:j),v.values)}else if(O)k&&(o&&(e=e.or),e=i.addRelationshipForFilter(e,p0[E],y,(L,j)=>_(j,L,w)));else{let L=c(u);e=g(e,L?`${L}.${y}`:y,w)}}}let d=(p,E,g)=>((r?.fuzzyOr||o)&&(p=p.or),this.client==="oracledb"||this.client==="sqlite3"?p.whereRaw("LOWER(??) LIKE ?",[this.rawQuotedIdentifier(E),`%${g.toLowerCase()}%`]):p.whereILike(this.rawQuotedIdentifier(E),this.knex.raw("?",[`%${g}%`]))),f=(p,E=!1)=>{function g(T){return(o||p===r?.containsAny)&&(T=T.or),p===r?.notContains&&(T=T.not),T}this.client==="pg"?l(p,"contains",(T,_,A)=>{T=g(T);let w=this.getFieldSchema(_),y="::jsonb";return this.SPECIAL_SELECT_CASES.POSTGRES_ARRAY(w)&&(y="",A=`{${A.map(k=>k.substring(1,k.length-1))}}`),E?T.whereRaw(y?"COALESCE(??::jsonb \\?| array??, FALSE)":"COALESCE(?? && '??', FALSE)",[this.rawQuotedIdentifier(_),y?this.knex.raw(mm(A,"'")):this.knex.raw(A)]):T.whereRaw(`COALESCE(??${y} @> '??', FALSE)`,[this.rawQuotedIdentifier(_),y?this.knex.raw(mm(A)):this.knex.raw(A)])}):this.client==="mysql2"||this.client==="mariadb"?l(p,"contains",(T,_,A)=>g(T).whereRaw("COALESCE(?(??, ?), FALSE)",[this.knex.raw(E?"JSON_OVERLAPS":"JSON_CONTAINS"),this.rawQuotedIdentifier(_),this.knex.raw(o_(mm(A)))])):l(p,"contains",(T,_,A)=>(A.length===0||(T=T.where(w=>(p===r?.notContains&&(w=w.not),w=w.where(y=>{for(let O of A){p===r?.containsAny?y=y.or:y=y.and;let k=typeof O=="string"?`"${O.toLowerCase()}"`:O;y=y.whereLike(this.knex.raw("COALESCE(LOWER(??), '')",[this.rawQuotedIdentifier(_)]),`%${k}%`)}}),p===r?.notContains&&(w=w.or.whereNull(this.rawQuotedIdentifier(_))),w))),T))};if(r.$and){let{$and:p}=r;for(let E of p.conditions)e=e.where(g=>{this.addFilters(g,E,n)})}if(r.$or){let{$or:p}=r;e=e.where(E=>{for(let g of p.conditions)E.orWhere(T=>this.addFilters(T,{...g,allOr:!0},n))})}r.oneOf&&l(r.oneOf,"oneOf",(p,E,g)=>{let T=this.getFieldSchema(E),_=Array.isArray(g)?g:[g];if(o&&(p=p.or),this.client==="oracledb")E=this.convertClobs(E);else if(this.client==="sqlite3"&&T?.type==="datetime"&&T.dateOnly){for(let A of _)A!=null?p=p.or.whereLike(E,`${A.toISOString().slice(0,10)}%`):p=p.or.whereNull(E);return p}return p.whereIn(E,_)},(p,E,g)=>(o&&(p=p.or),this.client==="oracledb"&&(E=E.map(T=>this.convertClobs(T))),p.whereIn(E,Array.isArray(g)?g:[g]))),r.string&&l(r.string,"string",(p,E,g)=>{if(o&&(p=p.or),this.client==="oracledb"||this.client==="sqlite3")return p.whereRaw("LOWER(??) LIKE ?",[this.rawQuotedIdentifier(E),`${g.toLowerCase()}%`]);{let T=this.getFieldSchema(E);return this.SPECIAL_SELECT_CASES.POSTGRES_ENUM(T)?p.whereRaw(`??::text ilike '${g}%'`,[this.knex.raw(this.quote(T.name))]):p.whereILike(E,`${g}%`)}}),r.fuzzy&&l(r.fuzzy,"fuzzy",d),r.range&&l(r.range,"range",(p,E,g)=>{let T=v=>v&&Object.keys(v).length===0&&Object.getPrototypeOf(v)===Object.prototype;T(g.low)&&(g.low=""),T(g.high)&&(g.high="");let _=Qa(g.low),A=Qa(g.high),w=this.getFieldSchema(E),y=E,O=g.high,k=g.low;return this.client==="sqlite3"&&w?.type==="datetime"&&w.dateOnly&&(O!=null&&(O=`${O.toISOString().slice(0,10)}T23:59:59.999Z`),k!=null&&(k=k.toISOString().slice(0,10))),this.client==="oracledb"?y=this.convertClobs(E):this.client==="sqlite3"&&w?.type==="bigint"&&(y=this.knex.raw("CAST(?? AS INTEGER)",[this.rawQuotedIdentifier(E)]),O=this.knex.raw("CAST(? AS INTEGER)",[g.high]),k=this.knex.raw("CAST(? AS INTEGER)",[g.low])),o&&(p=p.or),_&&A?p.whereBetween(y,[k,O]):_?p.where(y,">=",k):A?p.where(y,"<=",O):p}),r.equal&&l(r.equal,"equal",(p,E,g)=>{let T=this.getFieldSchema(E);if(o&&(p=p.or),this.client==="mssql")return p.whereRaw("CASE WHEN ?? = ? THEN 1 ELSE 0 END = 1",[this.rawQuotedIdentifier(E),g]);if(this.client==="oracledb"){let _=this.convertClobs(E);return p.where(A=>A.whereNotNull(_).andWhere(_,g))}else return this.client==="sqlite3"&&T?.type==="datetime"&&T.dateOnly?g!=null?p.whereLike(E,`${g.toISOString().slice(0,10)}%`):p.whereNull(E):p.whereRaw("COALESCE(?? = ?, FALSE)",[this.rawQuotedIdentifier(E),g])}),r.notEqual&&l(r.notEqual,"notEqual",(p,E,g)=>{let T=this.getFieldSchema(E);if(o&&(p=p.or),this.client==="mssql")return p.whereRaw("CASE WHEN ?? = ? THEN 1 ELSE 0 END = 0",[this.rawQuotedIdentifier(E),g]);if(this.client==="oracledb"){let _=this.convertClobs(E);return p.where(A=>A.not.whereNull(_).and.where(_,"!=",g)).or.whereNull(_)}else return this.client==="sqlite3"&&T?.type==="datetime"&&T.dateOnly?g!=null?p.not.whereLike(E,`${g.toISOString().slice(0,10)}%`).or.whereNull(E):p.not.whereNull(E):p.whereRaw("COALESCE(?? != ?, TRUE)",[this.rawQuotedIdentifier(E),g])}),r.empty&&l(r.empty,"empty",(p,E)=>(o&&(p=p.or),p.whereNull(E))),r.notEmpty&&l(r.notEmpty,"notEmpty",(p,E)=>(o&&(p=p.or),p.whereNotNull(E))),r.contains&&f(r.contains),r.notContains&&f(r.notContains),r.containsAny&&f(r.containsAny,!0);let m=s?.[this.table._id]||this.table._id;return r.documentType&&!Fd(this.table)&&m&&e.andWhereLike(`${m}._id`,`${Jt(r.documentType)}%`),e}isSqs(){return r_(this.table)}getTableName(e){e||(e=this.table);let r=e.name;r_(e)&&e._id&&(r=e._id);let n=this.query.tableAliases||{};return n[r]?n[r]:r}addDistinctCount(e){if(!this.table.primary)throw new Error("SQL counting requires primary key to be supplied");return e.countDistinct(`${this.getTableName()}.${this.table.primary[0]} as ${gm}`)}addAggregations(e,r){let n=this.query.resource?.fields||[],i=this.getTableName();if(n.length>0){let s=n.map(o=>this.qualifyIdentifier(o));if(this.client==="oracledb"){let o=s.map(u=>this.convertClobs(u)),a=s.map(u=>this.convertClobs(u,{forSelect:!0}));e=e.groupBy(o).select(a)}else e=e.groupBy(s).select(s)}for(let s of r){let o=s.calculationType;if(o==="count")if("distinct"in s&&s.distinct)if(this.client==="oracledb"){let a=this.convertClobs(`${i}.${s.field}`);e=e.select(this.knex.raw("COUNT(DISTINCT ??) as ??",[a,s.name]))}else e=e.countDistinct(`${i}.${s.field} as ${s.name}`);else if(this.client==="oracledb"){let a=this.convertClobs(`${i}.${s.field}`);e=e.select(this.knex.raw("COUNT(??) as ??",[a,s.name]))}else e=e.count(`${s.field} as ${s.name}`);else{let a=this.getFieldSchema(s.field);if(!a)throw new Error(`field schema missing for aggregation target: ${s.field}`);let u=this.knex.raw("??(??)",[this.knex.raw(o),this.rawQuotedIdentifier(`${i}.${s.field}`)]);a.type==="bigint"&&(u=this.castIntToString(u)),e=e.select(this.knex.raw("?? as ??",[u,s.name]))}}return e}isAggregateField(e){return!!this.query.resource?.aggregations?.find(n=>n.name===e)}addSorting(e){let{sort:r,resource:n}=this.query,i=this.table.primary,s=this.getTableName();if(!Array.isArray(i))throw new Error("Sorting requires primary key to be specified for table");if(r&&Object.keys(r||{}).length>0)for(let[a,u]of Object.entries(r)){let c=u.direction==="ascending"?"asc":"desc",l;(this.client==="pg"||this.client==="oracledb")&&(l=u.direction==="ascending"?"first":"last");let d=`${s}.${a}`,f;this.isAggregateField(a)?f=this.rawQuotedIdentifier(a):this.client==="oracledb"?f=this.convertClobs(d):f=this.rawQuotedIdentifier(d),e=e.orderByRaw(`?? ?? ${l?"nulls ??":""}`,[f,this.knex.raw(c),...l?[this.knex.raw(l)]:[]])}if(!((n?.aggregations?.length??0)>0)&&(!r||r[i[0]]===void 0)){if(i[0]===void 0)throw new Error(`Primary key not found for table ${this.table.name}`);e=e.orderBy(`${s}.${i[0]}`)}return e}tableNameWithSchema(e,r){let n=r?.schema?`${r.schema}.${e}`:e;return r?.alias&&(n+=` as ${r.alias}`),n}buildJsonField(e,r){let n=r.split("."),i=n[n.length-1],s,o;if(n.length>1){let c=n.shift();s=n.join("."),o=`${c}.${s}`}else s=n.join("."),o=s;this.query.meta?.columnPrefix&&(i=i.replace(this.query.meta.columnPrefix,""));let a=this.rawQuotedIdentifier(o),u=e.schema[i];return u&&u.type==="bigint"&&(a=this.castIntToString(a)),[s,a]}maxFunctionParameters(){switch(this.client){case"sqlite3":return 127;case"pg":return 100;default:return 200}}addJsonRelationships(e,r,n){let i=this.client,s=this.knex,{resource:o,tableAliases:a,schema:u,tables:c}=this.query,l=o?.fields||[];for(let d of n){let{tableName:f,through:m,to:p,from:E,fromPrimary:g,toPrimary:T}=d;if(!f||!r)continue;let _=c[f];if(!_)throw new Error(`related table "${f}" not found in datasource`);let A=a?.[f]||f,w=a?.[r]||r,y=m&&a?.[m]||m,O=this.tableNameWithSchema(f,{alias:A,schema:u}),k=[..._?.primary||[],_?.primaryDisplay].filter(B=>B),v=d0(l.filter(B=>B.split(".")[0]===A),k);v=v.slice(0,Math.floor(this.maxFunctionParameters()/2));let L=v.map(B=>this.buildJsonField(_,B));if(!L.length)continue;let j=L.map(B=>{let z=this.client==="oracledb"?" VALUE ":",";return this.knex.raw(`?${z}??`,[B[0],B[1]]).toString()}).join(","),wt=`${A}.${T||p}`,F=s.from(O).orderBy(wt),U=m&&T&&g,x=U?`${y}.${E}`:`${A}.${p}`,W=U?`${w}.${g}`:`${w}.${E}`;if(U){let B=this.tableNameWithSchema(m,{alias:y,schema:u});F=F.join(B,function(){this.on(`${A}.${T}`,"=",`${y}.${p}`)})}F=F.where(this.rawQuotedIdentifier(x),"=",this.rawQuotedIdentifier(W));let I=B=>(F=F.select(v.map(z=>this.rawQuotedIdentifier(z))).limit(pm()),s.select(B).from({[A]:F})),q;switch(i){case"sqlite3":F=this.addJoinFieldCheck(F,d),q=I(this.knex.raw(`json_group_array(json_object(${j}))`));break;case"pg":q=I(this.knex.raw(`json_agg(json_build_object(${j}))`));break;case"mariadb":q=F.select(s.raw(`json_arrayagg(json_object(${j}) LIMIT ${pm()})`));break;case"mysql2":case"oracledb":q=I(this.knex.raw(`json_arrayagg(json_object(${j}))`));break;case"mssql":{let B=s.select("*").from({[w]:F.select(L.map(z=>s.ref(z[1]).as(z[0]))).limit(pm())});q=s.raw(`(SELECT ?? = (${B} FOR JSON PATH))`,[this.rawQuotedIdentifier(A)]);break}default:throw new Error(`JSON relationships not implement for ${i}`)}e=e.select({[d.column]:q})}return e}addJoin(e,r,n){let{tableAliases:i,schema:s}=this.query,o=r.to,a=r.from,u=r.through,c=i?.[o]||o,l=u&&i?.[u]||u,d=i?.[a]||a,f=this.tableNameWithSchema(o,{alias:c,schema:s}),m=u?this.tableNameWithSchema(u,{alias:l,schema:s}):void 0;return u?e=e.leftJoin(m,function(){for(let p of n){let E=p.fromPrimary,g=p.from;this.orOn(`${d}.${E}`,"=",`${l}.${g}`)}}).leftJoin(f,function(){for(let p of n){let E=p.toPrimary,g=p.to;this.orOn(`${c}.${E}`,`${l}.${g}`)}}):e=e.leftJoin(f,function(){for(let p of n){let E=p.from,g=p.to;this.orOn(`${d}.${E}`,"=",`${c}.${g}`)}}),e}qualifiedKnex(e){let r=this.query.tableAliases?.[this.query.table.name];return e?.alias===!1?r=void 0:typeof e?.alias=="string"&&(r=e.alias),this.knex(this.tableNameWithSchema(this.query.table.name,{alias:r,schema:this.query.schema}))}create(e){let{body:r}=this.query;if(!r)throw new Error("Cannot create without row body");let n=this.qualifiedKnex({alias:!1}),i=this.parseBody(r);if(this.client==="oracledb")for(let[s,o]of Object.entries(this.query.table.schema)){if(o.constraints?.presence===!0||o.type==="formula"||o.type==="auto"||o.type==="link"||o.type==="ai")continue;i[s]==null&&(i[s]=null)}else for(let[s,o]of Object.entries(i))o==null&&delete i[s];return e.disableReturning?n.insert(i):n.insert(i).returning("*")}bulkCreate(){let{body:e}=this.query,r=this.qualifiedKnex({alias:!1});if(!Array.isArray(e))return r;let n=e.map(i=>this.parseBody(i));return r.insert(n)}bulkUpsert(){let{body:e}=this.query,r=this.qualifiedKnex({alias:!1});if(!Array.isArray(e))return r;let n=e.map(i=>this.parseBody(i));if(this.client==="pg"||this.client==="sqlite3"||this.client==="mysql2"||this.client==="mariadb"){let i=this.table.primary;if(!i)throw new Error("Primary key is required for upsert");return r.insert(n).onConflict(i).merge()}else if(this.client==="mssql"||this.client==="oracledb")return r.insert(n);return r.upsert(n)}read(e={}){let{operation:r,filters:n,paginate:i,relationships:s,table:o}=this.query,{limits:a}=e,u=this.qualifiedKnex(),c=null,l=a?.query||a?.base;if(i&&i.page&&i.limit){let m=(i.page<=1?0:i.page-1)*i.limit;l=i.limit,c=m}else i&&i.offset&&i.limit?(l=i.limit,c=i.offset):i&&i.limit&&(l=i.limit);r!=="COUNT"&&(l!=null&&(u=u.limit(l)),c!=null&&(u=u.offset(c)));let d=this.query.resource?.aggregations||[];if(r==="COUNT"?u=this.addDistinctCount(u):d.length>0?u=this.addAggregations(u,d):u=u.select(this.generateSelectStatement()),r!=="COUNT"&&(u=this.addSorting(u)),u=this.addFilters(u,n,{relationship:!0}),s?.length&&d.length===0){let f=this.query.tableAliases?.[o.name]||o.name,m=this.addSorting(this.knex.with("paginated",u.clone().clearSelect().select("*")).select(this.generateSelectStatement()).from({[f]:"paginated"}));return this.addJsonRelationships(m,o.name,s)}return u}update(e){let{body:r,filters:n}=this.query;if(!r)throw new Error("Cannot update without row body");let i=this.qualifiedKnex(),s=this.parseBody(r);return i=this.addFilters(i,n),e.disableReturning?i.update(s):i.update(s).returning("*")}delete(e){let{filters:r}=this.query,n=this.qualifiedKnex();return n=this.addFilters(n,r),e.disableReturning?n.delete():n.delete().returning(this.generateSelectStatement())}},Em=class extends hc{constructor(r,n=t_()){super(r);this.limit=n}convertToNative(r,n={}){let i=this.getSqlClient();if(n?.disableBindings)return{sql:r.toString()};{let s=Qn(r);return i==="sqlite3"&&(s=s_(s)),s}}_query(r,n={}){let i=this.getSqlClient(),s={client:this.getBaseSqlClient()};(i==="sqlite3"||i==="oracledb")&&(s.useNullAsDefault=!0);let o=(0,n_.knex)(s),a,u=new hm(i,o,r);switch(this._operation(r)){case"CREATE":a=u.create(n);break;case"READ":a=u.read({limits:{query:this.limit,base:t_()}});break;case"COUNT":a=u.read();break;case"UPDATE":a=u.update(n);break;case"DELETE":a=u.delete(n);break;case"BULK_CREATE":a=u.bulkCreate();break;case"BULK_UPSERT":a=u.bulkUpsert();break;case"CREATE_TABLE":case"UPDATE_TABLE":case"DELETE_TABLE":return this._tableQuery(r);default:throw"Operation type is not supported by SQL query builder"}return this.convertToNative(a,n)}async getReturningRow(r,n){if(!n.extra||!n.extra.idFilter)return{};let i=this._query({operation:"READ",datasource:n.datasource,schema:n.schema,table:n.table,tables:n.tables,resource:{fields:[]},filters:n.extra?.idFilter,paginate:{limit:1}});return r(i,"READ")}checkLookupKeys(r,n){if(!r||!n.table.primary)return n;let i=n.table.primary[0];return n.extra={idFilter:{equal:{[i]:r}}},n}async queryWithReturning(r,n,i=s=>s){let s=this.getSqlClient(),o=this._operation(r),a=this._query(r,{disableReturning:!0});if(Array.isArray(a)){let d=[];for(let f of a)d.push(await n(f,o));return d}let u;o==="DELETE"&&(u=i(await this.getReturningRow(n,r)));let c=await n(a,o),l=i(c);if(o==="CREATE"||o==="UPDATE"){let d;s==="mssql"?d=l?.[0].id:(s==="mysql2"||s==="mariadb")&&(d=l?.insertId),u=i(await this.getReturningRow(n,this.checkLookupKeys(d,r)))}return o==="COUNT"?l:o!=="READ"?u:l.length?l:[{[o.toLowerCase()]:!0}]}getTableName(r,n){let i=r.name;if(r.sourceType==="internal"||r.sourceId===Ic){if(!r._id)return;i=r._id}return n?.[i]||i}convertJsonStringColumns(r,n,i){let s=this.getTableName(r,i);for(let[o,a]of Object.entries(r.schema)){if(!a_(a))continue;let u=`${s}.${o}`;for(let c of n)typeof c[u]=="string"&&(c[u]=JSON.parse(c[u])),typeof c[o]=="string"&&(c[o]=JSON.parse(c[o]))}return n}log(r,n){As(this.getSqlClient(),r,n)}},u_=Em;var ym={};P(ym,{base:()=>m0});function m0(t){return{_id:_t,language:"sqlite",sql:{tables:{},options:{table_name:t}}}}var Sm={};P(Sm,{jsonFromCsvString:()=>h0});var c_=M(require("csvtojson"));async function h0(t,e){let{ignoreEmpty:r=!1,allowSingleColumn:n=!1,possibleDelimiters:i=[",",";",":","|","~","	"," "]}=e||{};for(let s of i){let o,a=!1;try{let u=await(0,c_.default)({ignoreEmpty:r,delimiter:s}).fromString(t);for(let[,c]of u.entries()){let l=Object.keys(c);if(o==null&&(o=l),!n&&l.length===1){a=!0;break}if(o.length!==l.length){a=!0;break}for(let d of o)(c[d]===void 0||c[d]==="")&&(c[d]=null)}if(a)continue;return u}catch{continue}}throw new Error("Unable to determine delimiter")}var Am=class{constructor(e,r,n){this.method=e,this.url=r,this.controller=n,this.middlewares=[],this.outputMiddlewares=[]}addMiddleware(e,r){return r?.first?this.middlewares.unshift(e):this.middlewares.push(e),this}addOutputMiddleware(e,r){return r?.first?this.outputMiddlewares.unshift(e):this.outputMiddlewares.push(e),this}apply(e){let r=this.method,n=this.url,i=this.middlewares,s=this.controller,o=this.outputMiddlewares,a=()=>{},u=[n,...i,s,...o,a];e[r](...u)}},Ec=Am;var l_=M(require("@koa/router")),An=class{constructor(){this.endpoints=[];this.middlewares=[];this.outputMiddlewares=[];this.applied=!1;this.locked=!1}addGroupMiddleware(e,r={first:!0}){if(this.locked)throw new Error("Group locked, no more middleware can be added.");return this.middlewares.push({fn:e,first:r.first}),this}addGroupMiddlewareOutput(e,r={first:!1}){if(this.locked)throw new Error("Group locked, no more middleware can be added.");return this.outputMiddlewares.push({fn:e,first:r.first}),this}addEndpoint(e,r,...n){let i=n.pop(),s=new Ec(e,r,i);if(n.length!==0)for(let o of n)s.addMiddleware(o);return this.endpoints.push(s),this}lockMiddleware(){this.locked=!0}post(e,...r){return this.addEndpoint("post",e,...r)}patch(e,...r){return this.addEndpoint("patch",e,...r)}put(e,...r){return this.addEndpoint("put",e,...r)}get(e,...r){return this.addEndpoint("get",e,...r)}delete(e,...r){return this.addEndpoint("delete",e,...r)}head(e,...r){return this.addEndpoint("head",e,...r)}apply(e){let r=this.endpointList();e||(e=new l_.default);for(let n of r)n.apply(e);return e}endpointList(){if(this.applied)throw new Error("Already applied to router");this.applied=!0;for(let e of this.endpoints)this.middlewares.forEach(({fn:r,first:n})=>e.addMiddleware(r,{first:n})),this.outputMiddlewares.forEach(({fn:r,first:n})=>e.addOutputMiddleware(r,{first:n}));return this.endpoints}};var xo=class{constructor(){this.groups=[]}group(...e){let r=new An;return e.length&&e.forEach(n=>{"first"in n?r.addGroupMiddleware(n.middleware,{first:n.first}):r.addGroupMiddleware(n)}),this.groups.push(r),r}listAllEndpoints(){let e=this.groups.flatMap(i=>i.endpointList()),r=[],n=[];for(let i of e)i.url.includes(":")?n.push(i):r.push(i);return[...r,...n]}};var E0={...$s,...ae},g0=(t={})=>{Ga(t.db)};0&&(module.exports={AutomationViewMode,BUDIBASE_DATASOURCE_TYPE,BadRequestError,BudibaseError,Config,Cookie,DEFAULT_BB_DATASOURCE_ID,DEFAULT_EMPLOYEE_TABLE_ID,DEFAULT_EXPENSES_TABLE_ID,DEFAULT_INVENTORY_TABLE_ID,DEFAULT_JOBS_TABLE_ID,DEFAULT_TENANT_ID,DeprecatedViews,DesignDocuments,DocumentType,Duration,DurationType,EmailUnavailableError,Endpoint,EndpointGroup,EndpointGroupList,FeatureDisabledError,ForbiddenError,GlobalRole,HTTPError,Header,InternalTable,InvalidAPIKeyError,MAX_VALID_DATE,MIN_VALID_DATE,NotFoundError,NotImplementedError,RedisClient,SEPARATOR,SQLITE_DESIGN_DOC_ID,SQS_DATASOURCE_INTERNAL,StaticDatabases,UNICODE_MAX,USER_METADATA_PREFIX,UnexpectedError,UsageLimitError,UserStatus,ViewName,WORKSPACE_DEV,WORKSPACE_DEV_PREFIX,WORKSPACE_PREFIX,accounts,auth,blacklist,cache,configs,constants,context,csv,db,docIds,docUpdates,encryption,env,errors,events,features,getPublicError,init,installation,locks,logging,middleware,objectStore,permissions,platform,plugins,queue,redis,roles,security,sessions,setEnv,sql,tenancy,timers,userUtils,users,utils,withEnv});
 //# sourceMappingURL=index.js.map