@budibase/backend-core 3.23.22 → 3.23.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/package.json +2 -2
- package/package.json +2 -2
package/dist/index.js
CHANGED
|
@@ -34,6 +34,6 @@ attempted value: ${o}
|
|
|
34
34
|
emit(doc.ssoId, doc._id)
|
|
35
35
|
}
|
|
36
36
|
}`,"platform_users_lowercase_2")},"createPlatformUserView"),Vs=s(async(t,e)=>{let r={account_by_email:yT,platform_users_lowercase_2:TT};return Ke(fe.PLATFORM_INFO.name,async n=>{let i=r[t];return Tf(t,e,n,i,{arrayResponse:!0})})},"queryPlatformView"),ST={by_email2:mT,by_api_key:ET,by_app:hT},Gt=s(async(t,e,r,n)=>{r||(r=H());let i=ST[t];return Tf(t,e,r,i,n)},"queryGlobalView");async function Sf(t,e,r){let n=H(),i=ST[t];return Gs(t,e,n,i,r)}s(Sf,"queryGlobalViewRaw");var Bb=B(require("pouchdb"));var Af=class{static{s(this,"Replication")}constructor({source:e,target:r}){this.source=et(e),this.target=et(r),e.startsWith("app_dev")&&r.startsWith("app")?this.direction="toProduction":e.startsWith("app")&&r.startsWith("app_dev")&&(this.direction="toDev")}async close(){await Promise.all([ws(this.source),ws(this.target)])}replicate(e={}){return new Promise(r=>{this.source.replicate.to(this.target,e).on("denied",function(n){throw new Error(`Denied: Document failed to replicate ${n}`)}).on("complete",function(n){return r(n)}).on("error",function(n){throw n})})}async resolveInconsistencies(e){let r=[];for(let n of e)try{let[i,o]=await Promise.all([this.source.get(n),this.target.get(n)]);this.haveReplicationInconsistencies(i,o)&&(await this.target.remove({_id:o._id,_rev:o._rev}),r.push(i._id))}catch{console.warn("Cannot resolve inconsistencies for document",n)}r.length>0&&await this.replicate({doc_ids:r})}haveReplicationInconsistencies(e,r){let n=this.getRevisionNumber(e);return this.getRevisionNumber(r)>n}getRevisionNumber(e){return parseInt(e._rev?.split("-")[0]||"0")}appReplicateOpts(e={}){if(typeof e.filter=="string")return e;let r=e.filter,n=this.direction,i=n==="toDev";delete e.filter;let o=e.isCreation,a=e.tablesToSync;delete e.isCreation,delete e.tablesToSync;let u=!1,c;typeof a=="string"&&a==="all"?u=!0:a&&(c=a);let l=s((f,p)=>f?.startsWith(p+C),"startsWithID"),d=s(f=>l(f,"ro")||l(f,"li"),"isData");return{...e,filter:(f,p)=>!o&&f._id==="_design/migrations"||i&&f._id.startsWith("_design")?!1:f._deleted||l(f._id,ys)?!0:n==="toProduction"&&!o&&l(f._id,"autocolumn_state")?!1:d(f._id)?!!c?.find(m=>f._id.includes(m))||u:l(f._id,"log_au")||f._id==="app_metadata"?!1:r?r(f,p):!0}}async rollback(){await this.target.destroy(),this.target=et(this.target.name),await this.replicate()}},AT=Af;var OT=B(require("node-fetch"));var qs=lr.removeKeyNumbering;function on(t){return t==null||t===""}s(on,"isEmpty");var Vt=class t{static{s(this,"QueryBuilder")}#l;#d;#e;#r;#n;#i;#s;#o;#t;#f;#a;#u=!1;#c;static{this.maxLimit=200}constructor(e,r,n){this.#l=e,this.#d=r,this.#e={allOr:!1,onEmptyFilter:"all",string:{},fuzzy:{},range:{},equal:{},notEqual:{},empty:{},notEmpty:{},oneOf:{},contains:{},notContains:{},containsAny:{},...n},this.#r=50,this.#s="ascending",this.#o="string",this.#t=!0}disableEscaping(){return this.#u=!0,this}setIndexBuilder(e){return this.#a=e,this}setVersion(e){return e!=null&&(this.#f=e),this}setTable(e){return this.#e.equal.tableId=e,this}setLimit(e){return e!=null&&(this.#r=e),this}setSort(e){return e!=null&&(this.#n=e),this}setSortOrder(e){return e!=null&&(this.#s=e),this}setSortType(e){return e!=null&&(this.#o=e),this}setBookmark(e){return e!=null&&(this.#i=e),this}setSkip(e){return this.#c=e,this}excludeDocs(){return this.#t=!1,this}includeDocs(){return this.#t=!0,this}addString(e,r){return this.#e.string[e]=r,this}addFuzzy(e,r){return this.#e.fuzzy[e]=r,this}addRange(e,r,n){return this.#e.range[e]={low:r,high:n},this}addEqual(e,r){return this.#e.equal[e]=r,this}addNotEqual(e,r){return this.#e.notEqual[e]=r,this}addEmpty(e,r){return this.#e.empty[e]=r,this}addNotEmpty(e,r){return this.#e.notEmpty[e]=r,this}addOneOf(e,r){return this.#e.oneOf[e]=r,this}addContains(e,r){return this.#e.contains[e]=r,this}addNotContains(e,r){return this.#e.notContains[e]=r,this}addContainsAny(e,r){return this.#e.containsAny[e]=r,this}setAllOr(){this.#e.allOr=!0}setOnEmptyFilter(e){this.#e.onEmptyFilter=e}handleSpaces(e){return this.#u?e:e.replace(/ /g,"_")}preprocess(e,{escape:r,lowercase:n,wrap:i,type:o}={}){let a=!!this.#f,u=typeof e;return e&&n&&(e=e.toLowerCase?e.toLowerCase():e),!this.#u&&r&&u==="string"&&(e=`${e}`.replace(/[ /#+\-&|!(){}\]^"~*?:\\]/g,"\\$&")),u==="string"&&!isNaN(e)&&!o?e=`"${e}"`:a&&i&&(e=u==="number"?e:`"${e}"`),e}isMultiCondition(){let e=0;for(let r of Object.values(this.#e))typeof r=="object"&&(e+=Object.keys(r).length);return e>1}compressFilters(e){let r={};for(let o of Object.keys(e)){let a=qs(o);r[a]?r[a]=r[a].concat(e[o]):r[a]=e[o]}let n={},i=1;for(let[o,a]of Object.entries(r))n[`${i++}:${o}`]=a;return n}buildSearchQuery(){let e=this,r=this.#e&&this.#e.allOr,n=r?"":"*:*",i=!0,o={escape:!0,lowercase:!0,wrap:!0},a="";this.#e.equal.tableId&&(a=this.#e.equal.tableId,delete this.#e.equal.tableId);let u=s((h,g)=>on(g)?null:`${h}:${e.preprocess(g,o)}`,"equal"),c=s((h,g,y="AND")=>{if(on(g))return null;if(!Array.isArray(g))return`${h}:${g}`;let S=`${e.preprocess(g[0],{escape:!0})}`;for(let O=1;O<g.length;O++)S+=` ${y} ${e.preprocess(g[O],{escape:!0})}`;return`${h}:(${S})`},"contains"),l=s((h,g)=>on(g)?null:(g=e.preprocess(g,{escape:!0,lowercase:!0,type:"fuzzy"}),`${h}:/.*${g}.*/`),"fuzzy"),d=s((h,g)=>{let y=r?"*:* AND ":"",S=r?"AND":void 0;return y+"NOT "+c(h,g,S)},"notContains"),f=s((h,g)=>c(h,g,"OR"),"containsAny"),p=s((h,g)=>{if(on(g))return"*:*";if(!Array.isArray(g))if(typeof g=="string")g=g.split(",");else return"";let y=`${e.preprocess(g[0],o)}`;for(let S=1;S<g.length;S++)y+=` OR ${e.preprocess(g[S],o)}`;return`${h}:(${y})`},"oneOf");function m(h,g,y){let S="";for(let[O,_]of Object.entries(h)){O=qs(O),O=e.preprocess(e.handleSpaces(O),{escape:!0});let w=g(O,_);if(w!=null){if(S.length>0||n.length>0){let T=y?.mode?y.mode:r?"OR":"AND";S+=` ${T} `}S+=w,(typeof _!="string"&&_!=null||typeof _=="string"&&_!==a&&_!=="")&&(i=!1)}}if(y?.returnBuilt)return S;n+=S}if(s(m,"build"),this.#e.string&&m(this.#e.string,(h,g)=>on(g)?null:(g=e.preprocess(g,{escape:!0,lowercase:!0,type:"string"}),`${h}:${g}*`)),this.#e.range&&m(this.#e.range,(h,g)=>{if(on(g)||g.low==null||g.low===""||g.high==null||g.high==="")return null;let y=e.preprocess(g.low,o),S=e.preprocess(g.high,o);return`${h}:[${y} TO ${S}]`}),this.#e.fuzzy&&m(this.#e.fuzzy,l),this.#e.equal&&m(this.#e.equal,u),this.#e.notEqual&&m(this.#e.notEqual,(h,g)=>on(g)?null:typeof g=="boolean"?`(*:* AND !${h}:${g})`:`!${h}:${e.preprocess(g,o)}`),this.#e.empty&&m(this.#e.empty,h=>(i=!1,`(*:* -${h}:["" TO *])`)),this.#e.notEmpty&&m(this.#e.notEmpty,h=>(i=!1,`${h}:["" TO *]`)),this.#e.oneOf&&m(this.#e.oneOf,p),this.#e.contains&&m(this.#e.contains,c),this.#e.notContains&&m(this.compressFilters(this.#e.notContains),d),this.#e.containsAny&&m(this.#e.containsAny,f),a&&(n=this.isMultiCondition()?`(${n})`:n,r=!1,m({tableId:a},u)),i){if(this.#e.onEmptyFilter==="none")return"";if(this.#e?.allOr)return n.replace("()","(*:*)")}return n}buildSearchBody(){let e={q:this.buildSearchQuery(),limit:Math.min(this.#r,t.maxLimit),include_docs:this.#t};if(this.#i&&(e.bookmark=this.#i),this.#n){let r=this.#s==="descending"?"-":"",n=`<${this.#o}>`;e.sort=`${r}${this.handleSpaces(this.#n)}${n}`}return e}async run(){return this.#c&&await this.#m(this.#c),await this.#p()}async#m(e){let r=this.#t,n=this.#r;this.excludeDocs();let i=e,o=0;do{let a=Math.min(t.maxLimit,i);this.setLimit(a);let{bookmark:u,rows:c}=await this.#p();this.setBookmark(u),o=c.length,i-=c.length}while(i>0&&o>0);this.#t=r,this.#r=n}async#p(){let{url:e,cookie:r}=ft(),n=`${e}/${this.#l}/_design/database/_search/${this.#d}`,i=this.buildSearchBody();try{return await _T(n,i,r)}catch(o){if(o.status===404&&this.#a)return await this.#a(),await _T(n,i,r);throw o}}};async function _T(t,e,r){let n=await(0,OT.default)(t,{body:JSON.stringify(e),method:"POST",headers:{Authorization:r}});if(n.status===404)throw n;let i=await n.json(),o={rows:[],totalRows:0};return i.rows!=null&&i.rows.length>0&&(o.rows=i.rows.map(a=>a.doc)),i.bookmark&&(o.bookmark=i.bookmark),i.total_rows&&(o.totalRows=i.total_rows),o}s(_T,"runQuery");async function IT(t,e,r,n){let i=n.bookmark,o=n.rows||[];if(n.limit&&o.length>=n.limit)return o;let a=Vt.maxLimit;n.limit&&o.length>n.limit-Vt.maxLimit&&(a=n.limit-o.length);let u=new Vt(t,e,r);u.setVersion(n.version).setBookmark(i).setLimit(a).setSort(n.sort).setSortOrder(n.sortOrder).setSortType(n.sortType),n.tableId&&u.setTable(n.tableId);let c=await u.run();if(!c.rows.length)return o;if(c.rows.length<Vt.maxLimit)return[...o,...c.rows];let l={...n,bookmark:c.bookmark,rows:[...o,...c.rows]};return await IT(t,e,r,l)}s(IT,"recursiveSearch");async function Wb(t,e,r,n){let i=n.limit;(i==null||isNaN(i)||i<0)&&(i=50),i=Math.min(i,Vt.maxLimit);let o=new Vt(t,e,r);n.version&&o.setVersion(n.version),n.tableId&&o.setTable(n.tableId),n.sort&&o.setSort(n.sort).setSortOrder(n.sortOrder).setSortType(n.sortType),n.indexer&&o.setIndexBuilder(n.indexer),n.disableEscaping&&o.disableEscaping();let a=await o.setBookmark(n.bookmark).setLimit(i).run();o.setBookmark(a.bookmark).setLimit(1),n.tableId&&o.setTable(n.tableId);let u=await o.run();return{...a,hasNextPage:u.rows&&u.rows.length>0}}s(Wb,"paginatedSearch");async function $b(t,e,r,n){let i=n.limit;return(i==null||isNaN(i)||i<0)&&(i=1e3),n.limit=Math.min(i,1e3),{rows:await IT(t,e,r,n)}}s($b,"fullSearch");var _f={};N(_f,{createUserIndex:()=>Gb});async function Gb(){let t=H(),e;try{e=await t.get("_design/database")}catch(n){n.status===404&&(e={_id:"_design/database"})}let r=s(function(n){if(n._id&&!n._id.startsWith("us_"))return;let i=["_id","_rev","password","account","license","budibaseAccess","accountPortalAccess","csrfToken"];function o(a,u){for(let c of Object.keys(a)){if(i.includes(c))continue;let l=u!=null?`${u}.${c}`:c;typeof a[c]=="string"?index(l,a[c].toLowerCase(),{facet:!0}):typeof a[c]!="object"?index(l,a[c],{facet:!0}):o(a[c],l)}}s(o,"idx"),o(n)},"fn");e.indexes={user:{index:r.toString(),analyzer:{default:"keyword",name:"perfield"}}},await t.put(e)}s(Gb,"createUserIndex");function wT(t,e){let r=e.toString();if(typeof t=="object")return t.status===e||t.message?.includes(r);if(typeof t=="number")return t===e;if(typeof t=="string")return t.includes(r)}s(wT,"checkErrorCode");function Vb(t){return wT(t,409)}s(Vb,"isDocumentConflictError");var Qs={};N(Qs,{addTenantToUrl:()=>qb,getTenantDB:()=>Of,getTenantIDFromCtx:()=>Ks,isUserInWorkspaceTenant:()=>Kb});function Of(t){return De(en(t))}s(Of,"getTenantDB");function qb(t){let e=V();if(mr()){let r=t.indexOf("?")===-1?"?":"&";t+=`${r}tenantId=${e}`}return t}s(qb,"addTenantToUrl");var Kb=s((t,e)=>{let r;return e?r=e.tenantId||ae:r=V(),(Jn(t)||ae)===r},"isUserInWorkspaceTenant"),Qb=Object.values(Ii),Ks=s((t,e)=>{if(!mr())return ae;e.allowNoTenant===void 0&&(e.allowNoTenant=!1),e.includeStrategies||(e.includeStrategies=Qb),e.excludeStrategies||(e.excludeStrategies=[]);let r=s(n=>{if(e.excludeStrategies?.includes(n))return!1;if(e.includeStrategies?.includes(n))return!0},"isAllowed");if(r("user")){let n=t.user?.tenantId;if(n)return n}if(r("header")){let n=t.request.headers["x-budibase-tenant-id"];if(n)return n}if(r("query")){let n=t.request.query.tenantId;if(n)return n}if(r("subdomain")){let n;try{n=new URL(Jd()).host.split(":")[0]}catch(o){if(o.code!=="ERR_INVALID_URL")throw o}let i=t.host;if(n&&i.includes(n)){let o=i.substring(0,i.indexOf(`.${n}`));if(o)return o}}if(r("path")){let n=t.matched.find(a=>!!a.paramNames.find(u=>u.name==="tenantId")),i=t.originalUrl,o;if(i.includes("?")?o=i.split("?")[0]:o=i,n){let a=n.params(o,n.captures(o),{});if(a.tenantId)return a.tenantId}}e.allowNoTenant||t.throw(403,"Tenant id not set")},"getTenantIDFromCtx");var If="app"+C,DT="/app/";async function jb(t){let r=`/${t.path.split("/")[2].toLowerCase()}`,n=V();!E.isDev()&&E.MULTI_TENANCY&&(n=Ks(t,{includeStrategies:["subdomain"]}));let o=(await Re(n,()=>$s({dev:!1}))).filter(a=>a.url&&a.url.toLowerCase()===r)[0];return o&&o.appId?o.appId:void 0}s(jb,"resolveAppUrl");function Yb(t){return t.path.startsWith(`/${If}`)?!0:t.path.startsWith(DT)}s(Yb,"isServingApp");function Hb(t){return t.path.startsWith("/builder/workspace/")}s(Hb,"isServingBuilder");function zb(t){return RT(t.path)}s(zb,"isServingBuilderPreview");function RT(t){return new RegExp(/^\/app\/app_\w+\/preview$/).test(t)}s(RT,"isBuilderPreviewUrl");function Jb(t){return t.path.startsWith("/api/public/v")}s(Jb,"isPublicApiRequest");async function an(t){let e;function r(u){u&&u.startsWith(If)&&(e&&e!==u&&t.throw("App id conflict",403),e=u)}s(r,"setWorkspaceIdIfValid");function n(u){if(u){typeof u=="string"&&(u=[u]);for(let c of u)r(c)}}s(n,"checkPossibleValues"),n(t.request.headers["x-budibase-app-id"]),r(t.request.body?.appId);let i=Zb(t.path);r(i),n(t.query?.appId);let o=RT(t.path);return t.path.startsWith(DT)&&!o&&r(await jb(t)),e}s(an,"getWorkspaceIdFromCtx");function Zb(t){if(t)return t.split("?")[0].split("/").find(e=>e.startsWith(If))}s(Zb,"parseWorkspaceIdFromUrlPath");function su(t){if(t)try{return iu.default.verify(t,E.JWT_SECRET)}catch(e){if(E.JWT_SECRET_FALLBACK)return iu.default.verify(t,E.JWT_SECRET_FALLBACK);throw e}}s(su,"openJwt");function js(t){return E.INTERNAL_API_KEY&&E.INTERNAL_API_KEY===t?!0:!!(E.INTERNAL_API_KEY_FALLBACK&&E.INTERNAL_API_KEY_FALLBACK===t)}s(js,"isValidInternalAPIKey");function qt(t,e){let r=t.cookies.get(e);if(r)return su(r)}s(qt,"getCookie");function CT(t,e,r="builder",n={sign:!0}){e&&n&&n.sign&&(e=iu.default.sign(e,E.JWT_SECRET));let i={expires:Ma,path:"/",httpOnly:!1,overwrite:!0};E.COOKIE_DOMAIN&&(i.domain=E.COOKIE_DOMAIN),t.cookies.set(r,e,i)}s(CT,"setCookie");function yr(t,e){CT(t,null,e)}s(yr,"clearCookie");function Xb(t){return t.headers["x-budibase-type"]==="client"}s(Xb,"isClient");function wf(t){return new Promise(e=>setTimeout(e,t))}s(wf,"timeout");function Df(t){return!!Cm[t]}s(Df,"isAudited");function ex(t){if(typeof t!="object")return!1;try{JSON.stringify(t)}catch(e){if(e instanceof Error&&e?.message.includes("circular structure"))return!0}return!1}s(ex,"hasCircularStructure");function tx(t){return!!t.match(/^.+:\/\/.+$/)}s(tx,"urlHasProtocol");function Rf(t){return t&&!!t.match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)}s(Rf,"validEmail");var Cf=(o=>(o.MILLISECONDS="milliseconds",o.SECONDS="seconds",o.MINUTES="minutes",o.HOURS="hours",o.DAYS="days",o))(Cf||{}),ou={milliseconds:1,seconds:1e3,minutes:6e4,hours:36e5,days:864e5},he=class t{constructor(e){this.ms=e}static{s(this,"Duration")}to(e){return this.ms/ou[e]}toMs(){return this.ms}toSeconds(){return this.to("seconds")}static convert(e,r,n){return n*ou[e]/ou[r]}static from(e,r){return new t(r*ou[e])}static fromSeconds(e){return t.from("seconds",e)}static fromMinutes(e){return t.from("minutes",e)}static fromHours(e){return t.from("hours",e)}static fromDays(e){return t.from("days",e)}static fromMilliseconds(e){return t.from("milliseconds",e)}};async function rx(t){let e=performance.now();return[await t(),he.fromMilliseconds(performance.now()-e)]}s(rx,"time");var xT=require("undici");function bT(t){let e=process.env.GLOBAL_AGENT_HTTP_PROXY||process.env.HTTP_PROXY,n=process.env.GLOBAL_AGENT_HTTPS_PROXY||process.env.HTTPS_PROXY||e;if(!n||!n.trim())return!1;let i=n.trim();try{new URL(i)}catch{return console.log("[fetch] Invalid proxy URL format:",n),!1}let o=t?.rejectUnauthorized!==void 0?t?.rejectUnauthorized:!0;console.log("[fetch] Creating ProxyAgent",{proxyUrl:i,rejectUnauthorized:o});let a={uri:i,requestTls:{rejectUnauthorized:o}};i.startsWith("https://")&&(a.proxyTls={rejectUnauthorized:o});try{return new xT.ProxyAgent(a)}catch(u){return console.log("[fetch] Failed to create ProxyAgent:",u),!1}}s(bT,"createProxyDispatcher");var au=null;function nx(t){return t?bT(t)||!1:(au===null&&(au=bT()),au||!1)}s(nx,"getProxyDispatcher");function ix(){au=null}s(ix,"resetProxyDispatcherCache");function sx(t){let e="",r=-1,n,i,o=t.opts?.repeat;return o&&(i=o.endDate?new Date(o.endDate).getTime():Date.now(),n=o.tz,"cron"in o?e=o.cron:r=o.every),{id:t.id.toString(),name:"",key:t.id.toString(),tz:n,endDate:i,cron:e,every:r,next:0}}s(sx,"jobToJobInformation");var uu=class{static{s(this,"InMemoryQueue")}constructor(e,r){this._name=e,this._opts=r,this._messages=[],this._emitter=new vT.default.EventEmitter,this._runCount=0,this._addCount=0,this._queuedJobIds=new Set,this._attempts=r?.defaultJobOptions?.attempts||1}async process(e,r){r=typeof e=="number"?r:e,this._emitter.on("message",async n=>{if(!n.manualTrigger&&n.opts?.repeat!=null)return;function i(){return r.length===1?r(n):new Promise((c,l)=>{r(n,s((f,p)=>{f?l(f):c(p)},"done"))})}s(i,"execute");let o=this._attempts;async function a(c,l=0){try{return await c}catch(d){if(l++,l<o&&!n._isDiscarded)return await Ne.wait(100*l),await a(i(),l);throw d}}s(a,"retryFunc");try{let c=await a(i());this._emitter.emit("completed",n,c);let l=this._messages.indexOf(n);if(l===-1)throw"Failed deleting a processed message";this._messages.splice(l,1)}catch(c){console.error(c),this._emitter.emit("error",n,c)}this._runCount++;let u=n.opts?.jobId?.toString();u&&n.opts?.removeOnComplete&&this._queuedJobIds.delete(u)})}async isReady(){return this}async add(e,r){if(typeof e=="string")throw new Error("doesn't support named jobs");let n=r,i=n?.jobId?.toString();if(i&&this._queuedJobIds.has(i)){console.log(`Ignoring already queued job ${i}`);return}if(typeof e!="object")throw"Queue only supports carrying JSON.";i&&this._queuedJobIds.add(i);let o=te(),a=s(()=>{let c={id:o,timestamp:Date.now(),queue:this,data:e,opts:n,discard:async()=>{c._isDiscarded=!0}};this._messages.push(c),this._messages.length>1e3&&this._messages.shift(),this._addCount++,this._emitter.emit("message",c)},"pushMessage"),u=n?.delay;return u?setTimeout(a,u):a(),{id:i,finished:()=>new Promise((c,l)=>{let d=s((p,m)=>{p.id===o&&(this._emitter.off("error",d),this._emitter.off("completed",f),l(m))},"errorHandler"),f=s((p,m)=>{p.id===o&&(this._emitter.off("error",d),this._emitter.off("completed",f),c(m))},"completedHandler");this._emitter.on("error",d),this._emitter.on("completed",f)})}}async close(){}async removeRepeatableByKey(e){for(let[r,n]of this._messages.entries())if(n.id===e){this._messages.splice(r,1),this._emitter.emit("removed",n);return}}async removeJobs(e){}async clean(){return[]}async getJob(e){for(let r of this._messages)if(r.id===e)return r;return null}manualTrigger(e){for(let r of this._messages)if(r.id===e){this._emitter.emit("message",{...r,manualTrigger:!0});return}throw new Error(`Job with id ${e} not found`)}on(e,r){return this._emitter.on(e,r),this}off(e,r){return this._emitter.off(e,r),this}async count(){return this._messages.length}async getCompletedCount(){return this._runCount}async getRepeatableJobs(){return this._messages.filter(e=>e.opts?.repeat!=null).map(e=>sx(e))}async whenCurrentJobsFinished(){do await wf(50);while(this.hasRunningJobs())}hasRunningJobs(){return this._addCount>this._runCount}},PT=uu;var vf=B(require("bull"));var ri=(c=>(c.AUTOMATION="automationQueue",c.APP_BACKUP="appBackupQueue",c.AUDIT_LOG="auditLogQueue",c.SYSTEM_EVENT_QUEUE="systemEventQueue",c.APP_MIGRATION="appMigration",c.DOC_WRITETHROUGH_QUEUE="docWritethroughQueue",c.DEV_REVERT_PROCESSOR="devRevertProcessorQueue",c.BATCH_USER_SYNC_PROCESSOR="batchUserSyncProcessorQueue",c))(ri||{});function NT(t,e,r){ux(t,e),r&&ox(t,r)}s(NT,"addListeners");function ox(t,e){t.on("stalled",async r=>{if(e)await e(r);else if(r.opts.repeat){let n=r.id,i=await t.getRepeatableJobs();for(let o of i)o.id===n&&await t.removeRepeatableByKey(o.key);console.log(`jobId=${n} disabled`)}})}s(ox,"handleStalled");function tt(t,e,r={},n={}){let i=`[BULL] ${t}=${e}`,o=r.error,a={_logKey:"bull",eventType:t,event:e,job:r.job,jobId:r.jobId||r.job?.id,...n},u;return r.job?.data?.automation&&(u={_logKey:"automation",trigger:r.job?r.job.data.automation.definition.trigger.event:void 0}),[i,o,a,u]}s(tt,"getLogParams");var ax={automationQueue:"automation-event",appBackupQueue:"app-backup-event",auditLogQueue:"audit-log-event",systemEventQueue:"system-event",appMigration:"app-migration",docWritethroughQueue:"doc-writethrough",devRevertProcessorQueue:"dev-revert-event",batchUserSyncProcessorQueue:"batch-user-sync-processor"};function ux(t,e){let r=ax[e];function n(i,o){let a=i.data.event?.appId;if(a)return Zd(a,o);o()}s(n,"doInJobContext"),t.on("stalled",async i=>{await n(i,()=>{console.error(...tt(r,"stalled",{job:i}))})}).on("error",i=>{console.error(...tt(r,"error",{error:i}))}),process.env.NODE_DEBUG?.includes("bull")&&t.on("waiting",i=>{console.info(...tt(r,"waiting",{jobId:i}))}).on("active",async i=>{await n(i,()=>{console.info(...tt(r,"active",{job:i}))})}).on("progress",async(i,o)=>{await n(i,()=>{console.info(...tt(r,"progress",{job:i},{progress:o}))})}).on("completed",async(i,o)=>{await n(i,()=>{console.info(...tt(r,"completed",{job:i},{result:o}))})}).on("failed",async(i,o)=>{await n(i,()=>{console.error(...tt(r,"failed",{job:i,error:o}))})}).on("paused",()=>{console.info(...tt(r,"paused"))}).on("resumed",()=>{console.info(...tt(r,"resumed"))}).on("cleaned",(i,o)=>{console.info(...tt(r,"cleaned",{},{length:i.length,type:o}))}).on("drained",()=>{console.info(...tt(r,"drained"))}).on("removed",i=>{console.info(...tt(r,"removed",{job:i}))})}s(ux,"logging");var cu={};N(cu,{cleanup:()=>cx,clear:()=>xf,set:()=>bf});var Ys=[];function bf(t,e){let r=setInterval(t,e);return Ys.push(r),r}s(bf,"set");function xf(t){let e=Ys.indexOf(t);e!==-1&&Ys.splice(e,1),clearInterval(t)}s(xf,"clear");function cx(){for(let t of Ys)clearInterval(t);Ys=[]}s(cx,"cleanup");var Kt=B(require("dd-trace")),Hs=B(require("object-sizeof"));var lx=he.fromMinutes(5).toMs(),dx=he.fromSeconds(30).toMs(),Pf=he.fromSeconds(60).toMs(),zs=[],lu;async function UT(){for(let t of zs)await t.clean(Pf,"completed"),await t.clean(Pf,"failed")}s(UT,"cleanup");async function fx(t,e,r){let n=performance.now();try{let i=await e();return Kt.default.dogstatsd.increment(`${t}.success`,1,r),i}catch(i){throw Kt.default.dogstatsd.increment(`${t}.error`,1,r),i}finally{let i=performance.now()-n;Kt.default.dogstatsd.distribution(`${t}.duration.ms`,i,r),Kt.default.dogstatsd.increment(t,1,r)}}s(fx,"withMetrics");function LT(t){return{"job.opts.attempts":t.attempts,"job.opts.backoff":t.backoff,"job.opts.delay":t.delay,"job.opts.jobId":t.jobId,"job.opts.lifo":t.lifo,"job.opts.preventParsingData":t.preventParsingData,"job.opts.priority":t.priority,"job.opts.removeOnComplete":t.removeOnComplete,"job.opts.removeOnFail":t.removeOnFail,"job.opts.repeat":t.repeat,"job.opts.stackTraceLimit":t.stackTraceLimit,"job.opts.timeout":t.timeout}}s(LT,"jobOptsTags");function px(t){return{"job.id":t.id,"job.attemptsMade":t.attemptsMade,"job.timestamp":t.timestamp,"job.data.sizeBytes":(0,Hs.default)(t.data),...LT(t.opts||{})}}s(px,"jobTags");var Et=class{static{s(this,"BudibaseQueue")}constructor(e,r={}){this.opts=r,this.jobQueue=e,this.queue=this.initQueue()}get name(){return this.queue.name}initQueue(){let r={redis:Zr(),settings:{maxStalledCount:this.opts.maxStalledCount?this.opts.maxStalledCount:0,lockDuration:lx,lockRenewTime:dx}};this.opts.jobOptions&&(r.defaultJobOptions=this.opts.jobOptions);let n;return E.isTest()?process.env.BULL_TEST_REDIS_PORT&&!isNaN(+process.env.BULL_TEST_REDIS_PORT)?n=new vf.default(this.jobQueue,{...r,redis:{host:"localhost",port:+process.env.BULL_TEST_REDIS_PORT}}):n=new PT(this.jobQueue,r):n=new vf.default(this.jobQueue,r),NT(n,this.jobQueue,this.opts.removeStalledCb),zs.push(n),!lu&&!E.isTest()&&(lu=bf(UT,Pf),UT().catch(i=>{console.error(`Unable to cleanup ${this.jobQueue} initially - ${i}`)})),n}getBullQueue(){return this.queue}process(...e){let r,n;e.length===2?(r=e[0],n=e[1]):n=e[0];let i=s(async(a,u)=>{await Kt.default.trace("queue.process",async c=>{if(a.data._parentSpanContext){let l=a.data._parentSpanContext,d={traceId:l.traceId,spanId:l.spanId,toTraceId:()=>l.traceId,toSpanId:()=>l.spanId,toTraceparent:()=>""};c.addLink(d)}c.addTags({"queue.name":this.jobQueue,...px(a)}),this.opts.jobTags&&c.addTags(this.opts.jobTags(a.data)),Kt.default.dogstatsd.distribution("queue.process.sizeBytes",(0,Hs.default)(a.data),this.metricTags()),await this.withMetrics("queue.process",()=>u?n(a,u):n(a))})},"processCallback"),o;return n.length===1?o=s(a=>i(a),"wrappedCb"):o=i,r?this.queue.process(r,o):this.queue.process(o)}async add(e,r){return await Kt.default.trace("queue.add",async n=>(n.addTags({"queue.name":this.jobQueue,"job.data.sizeBytes":(0,Hs.default)(e),...LT(r||{})}),this.opts.jobTags&&n.addTags(this.opts.jobTags(e)),e._parentSpanContext={traceId:n.context().toTraceId(),spanId:n.context().toSpanId()},Kt.default.dogstatsd.distribution("queue.add.sizeBytes",(0,Hs.default)(e),this.metricTags()),await this.withMetrics("queue.add",()=>this.queue.add(e,r))))}withMetrics(e,r){return fx(e,r,this.metricTags())}metricTags(){return{queueName:this.jobQueue}}close(e){return this.queue.close(e)}whenCurrentJobsFinished(){return this.queue.whenCurrentJobsFinished()}};async function mx(){lu&&xf(lu),console.log("Waiting for current queue jobs to finish...");for(let t of zs)await t.whenCurrentJobsFinished();console.log("Closing queue Redis connections...");for(let t of zs)await t.close();zs=[],console.log("Queues shutdown")}s(mx,"shutdown");var no={};N(no,{correlation:()=>Js,logAlert:()=>ln,logAlertWithInfo:()=>Zx,logWarn:()=>si,logger:()=>yu,system:()=>jf});var Js={};N(Js,{getId:()=>Nf,setHeader:()=>hx});var kT=require("correlation-id"),hx=s(t=>{let e=kT.getId();e&&(t["x-budibase-correlation-id"]=e)},"setHeader");function Nf(){return kT.getId()}s(Nf,"getId");var gu=B(require("pino")),lS=B(require("pino-pretty")),Yf=B(require("dd-trace")),dS=require("dd-trace/ext");var jf={};N(jf,{getLogReadStream:()=>Qx,getSingleFileMaxSizeInfo:()=>cS,localFileDestination:()=>Qf});var ro=B(require("fs")),Kf=B(require("path")),sS=B(require("rotating-file-stream"));var qf={};N(qf,{ObjectStore:()=>rt,ObjectStoreBuckets:()=>gx,SIGNED_FILE_PREFIX:()=>Wf,bucketTTLConfig:()=>du,budibaseTempDir:()=>un,client3rdPartyLibrary:()=>Bx,clientLibraryPath:()=>Fx,clientLibraryUrl:()=>Wx,createBucketIfNotExists:()=>to,deleteFile:()=>bx,deleteFiles:()=>xx,deleteFolder:()=>jT,downloadTarball:()=>Px,downloadTarballDirect:()=>vx,enrichPWAImages:()=>$x,enrichPluginURLs:()=>Vx,extractBucketAndPath:()=>Uf,getAllFiles:()=>Dx,getAppFileUrl:()=>JT,getClientCacheKey:()=>zT,getGlobalFileS3Key:()=>ZT,getGlobalFileUrl:()=>Gx,getObjectMetadata:()=>Nx,getPluginIconKey:()=>tS,getPluginJSKey:()=>eS,getPluginS3Dir:()=>nS,getPresignedUrl:()=>cn,getReadStream:()=>fu,listAllObjects:()=>$f,objectExists:()=>Ux,processAutomationAttachment:()=>Tx,processObjectStoreAttachment:()=>$T,retrieve:()=>QT,retrieveDirectory:()=>Cx,retrieveToTmp:()=>Rx,sanitizeBucket:()=>be,sanitizeKey:()=>Ee,streamUpload:()=>KT,streamUploadMany:()=>wx,upload:()=>Ix,uploadDirectory:()=>Gf});var mu=require("@aws-sdk/client-s3"),Lf=require("@aws-sdk/lib-storage"),GT=require("@aws-sdk/s3-request-presigner");var Qt=B(require("dd-trace")),ni=B(require("fs")),Xs=B(require("fs/promises")),kf=B(require("node-fetch")),Sr=require("path"),hu=B(require("stream")),eo=require("stream/promises"),Mf=B(require("tar-fs")),Ff=require("uuid"),Bf=B(require("zlib"));var MT=B(require("fs")),FT=require("os"),Zs=B(require("path")),BT=B(require("stream"));var gx={BACKUPS:E.BACKUPS_BUCKET_NAME,APPS:E.APPS_BUCKET_NAME,TEMPLATES:E.TEMPLATES_BUCKET_NAME,GLOBAL:E.GLOBAL_BUCKET_NAME,PLUGINS:E.PLUGIN_BUCKET_NAME,TEMP:E.TEMP_BUCKET_NAME},WT=(0,Zs.join)((0,FT.tmpdir)(),".budibase");try{MT.default.mkdirSync(WT)}catch(t){if(t.code!=="EEXIST")throw t}function un(){return WT}s(un,"budibaseTempDir");var du=s((t,e)=>{let n={Rules:[{ID:`${t}-ExpireAfter${e}days`,Prefix:"",Status:"Enabled",Expiration:{Days:e}}]};return{Bucket:t,LifecycleConfiguration:n}},"bucketTTLConfig");async function yx(t){let e=await fetch(t.url);if(!e.ok||!e.body)throw new Error(`Unexpected response ${e.statusText}`);let r=Zs.default.basename(new URL(t.url).pathname);if(!e.body)throw new Error("No response received for attachment");return{filename:t.filename||r,content:BT.default.Readable.fromWeb(e.body)}}s(yx,"processUrlAttachment");async function $T(t){let e=Uf(t.url);if(e===null)throw new Error("Invalid signed URL");let{bucket:r,path:n}=e,{stream:i}=await fu(r,n),o=Zs.default.basename(n);return{bucket:r,path:n,filename:t.filename||o,content:i}}s($T,"processObjectStoreAttachment");async function Tx(t){return t.url?.startsWith("http://")||t.url?.startsWith("https://")?await yx(t):await $T(t)}s(Tx,"processAutomationAttachment");var Sx=require("sanitize-s3-objectkey"),Ax={bucketCreationPromises:{}},Wf="/files/signed",Tr={txt:"text/plain",html:"text/html",css:"text/css",js:"application/javascript",json:"application/json",gz:"application/gzip",svg:"image/svg+xml",form:"multipart/form-data"},_x=[Tr.html,Tr.css,Tr.js,Tr.json];function Ee(t){return Sx(be(t)).replace(/\\/g,"/")}s(Ee,"sanitizeKey");function be(t){return t.replace(new RegExp(Xe,"g"),Ze)}s(be,"sanitizeBucket");function rt(t={presigning:!1}){let e={forcePathStyle:!0,credentials:{accessKeyId:E.MINIO_ACCESS_KEY,secretAccessKey:E.MINIO_SECRET_KEY},region:E.AWS_REGION};return!E.MINIO_ENABLED&&E.AWS_SESSION_TOKEN&&(e.credentials={accessKeyId:E.MINIO_ACCESS_KEY,secretAccessKey:E.MINIO_SECRET_KEY,sessionToken:E.AWS_SESSION_TOKEN}),E.MINIO_URL&&(t.presigning&&E.MINIO_ENABLED?e.endpoint="http://minio-service":e.endpoint=E.MINIO_URL),new mu.S3(e)}s(rt,"ObjectStore");async function to(t,e){e=be(e);try{return await t.headBucket({Bucket:e}),{created:!1,exists:!0}}catch(r){let n=r.statusCode||r.$response?.statusCode,i=Ax.bucketCreationPromises,o=n===404,a=n===403;if(i[e])return await i[e],{created:!1,exists:!0};if(o||a){if(o)return i[e]=t.createBucket({Bucket:e}).catch(u=>{if(u.Code!=="BucketAlreadyOwnedByYou")throw u}),await i[e],delete i[e],{created:!0,exists:!1};throw new Error("Access denied to object store bucket."+r)}else throw new Error("Unable to write to object store bucket.")}}s(to,"createBucketIfNotExists");var Ox=s((t,e)=>{if(e)return e;let r=t.split(".").pop();return r?Tr[r.toLowerCase()]:Tr.txt},"resolveContentType"),VT=s(async(t,e,r)=>{let n=be(t),i=rt(),o=await to(i,n);if(r.addTags({bucketCreated:o.created,bucketExists:o.exists}),e&&o.created){let a=du(n,e);await i.putBucketLifecycleConfiguration(a)}return{bucket:n,client:i,bucketCreated:o}},"initialiseBucket"),qT=s(async({client:t,bucket:e,filename:r,stream:n,type:i,extra:o})=>{if(!n)throw new Error("Stream to upload is invalid/undefined");let a=Ox(r,i),u=Ee(r),c={Bucket:e,Key:u,Body:n,ContentType:a,...o??{}};return{details:await new Lf.Upload({client:t,params:c}).done(),contentType:a}},"streamUploadInternal");async function Ix({bucket:t,filename:e,path:r,type:n,metadata:i,body:o,ttl:a}){let u=e.split(".").pop(),c=r?(await Xs.default.open(r)).createReadStream():o,l=rt(),d=await to(l,t);if(a&&d.created){let g=du(t,a);await l.putBucketLifecycleConfiguration(g)}let f=n,p=f||(u?Tr[u.toLowerCase()]:Tr.txt),m={Bucket:be(t),Key:Ee(e),Body:c,ContentType:p};if(i&&typeof i=="object"){for(let g of Object.keys(i))(!i[g]||typeof i[g]!="string")&&delete i[g];m.Metadata=i}return new Lf.Upload({client:l,params:m}).done()}s(Ix,"upload");async function KT({bucket:t,stream:e,filename:r,type:n,extra:i,ttl:o}){return await Qt.default.trace("streamUpload",async a=>{a.addTags({bucketName:t,filename:r,type:n,ttl:o});let u=r.split(".").pop();a.addTags({extension:u});let{bucket:c,client:l}=await VT(t,o,a),{details:d,contentType:f}=await qT({client:l,bucket:c,filename:r,stream:e,type:n,extra:i}),p=await l.headObject({Bucket:c,Key:Ee(r)});return a.addTags({contentType:f,contentLength:p.ContentLength}),{...d,ContentLength:p.ContentLength}})}s(KT,"streamUpload");async function wx({bucket:t,files:e,ttl:r}){return await Qt.default.trace("streamUploadMany",async i=>{if(i.addTags({bucketName:t,ttl:r,fileCount:e.length}),!e.length)return[];let{bucket:o,client:a}=await VT(t,r,i),u=e.map((l,d)=>({...l,index:d})),c=new Array(e.length);return await At.parallelForeach(u,async l=>{let{details:d}=await qT({client:a,bucket:o,filename:l.filename,stream:l.stream,type:l.type,extra:l.extra});c[l.index]=d},10),c})}s(wx,"streamUploadMany");async function QT(t,e){return await Qt.default.trace("retrieve",async r=>{r.addTags({bucketName:t,filepath:e});let n=rt(),i={Bucket:be(t),Key:Ee(e)},o=await n.getObject(i);if(!o.Body)throw new Error("Unable to retrieve object");if(r.addTags({contentLength:o.ContentLength,contentType:o.ContentType}),_x.includes(o.ContentType))return r.addTags({string:!0}),o.Body.transformToString();{r.addTags({string:!1});let a=o.Body.transformToWebStream();return hu.default.Readable.fromWeb(a)}})}s(QT,"retrieve");async function*$f(t,e){let r=rt(),n=s((a={})=>r.listObjectsV2({...a,Bucket:be(t),Prefix:Ee(e)}),"list"),i=!1,o;do{let a={};o&&(a.ContinuationToken=o);let u=await n(a);if(u.Contents)for(let c of u.Contents)yield c;i=!!u.IsTruncated,o=u.NextContinuationToken}while(i&&o)}s($f,"listAllObjects");async function Dx(t,e){let r={};return await At.parallelForeach($f(t,e),async n=>{if(!n.Key)throw new Error("file.Key must be defined");r[n.Key]=n},5),r}s(Dx,"getAllFiles");async function cn(t,e,r=3600){let n=rt({presigning:!0}),i={Bucket:be(t),Key:Ee(e)},o=await(0,GT.getSignedUrl)(n,new mu.GetObjectCommand(i),{expiresIn:r});if(E.MINIO_ENABLED){let a=new URL(o),u=a.pathname,c=a.search;return`${Wf}${u}${c}`}else return o}s(cn,"getPresignedUrl");async function Rx(t,e){return await Qt.default.trace("retrieveToTmp",async r=>{r.addTags({bucketName:t,filepath:e}),t=be(t),e=Ee(e);let n=await QT(t,e),i=(0,Sr.join)(un(),(0,Ff.v4)());return r.addTags({outputPath:i}),n instanceof hu.default.Readable?(r.addTags({stream:!0}),await(0,eo.pipeline)(n,ni.default.createWriteStream(i))):(r.addTags({stream:!1}),ni.default.writeFileSync(i,n)),i})}s(Rx,"retrieveToTmp");async function Cx(t,e,r){return await Qt.default.trace("retrieveDirectory",async n=>{n.addTags({bucketName:t,path:e});let i=(0,Sr.join)(un(),(0,Ff.v4)());await Xs.default.mkdir(i,{recursive:!0});let o=0;return await At.parallelForeach($f(t,e),async a=>{let{Key:u}=a;!u||r?.some(c=>c.test(u))||(o++,await Qt.default.trace("retrieveDirectory.object",async c=>{let l=a.Key;c.addTags({filename:l});let{stream:d}=await fu(t,l),f=l.split("/"),p=f.slice(0,f.length-1),m=(0,Sr.join)(i,...p);f.length>1&&!ni.default.existsSync(m)&&await Xs.default.mkdir(m,{recursive:!0}),await(0,eo.pipeline)(d,ni.default.createWriteStream((0,Sr.join)(i,...f),{mode:420}))}))},5),n.addTags({numObjects:o}),i})}s(Cx,"retrieveDirectory");async function bx(t,e){let r=rt();await to(r,t);let n={Bucket:t,Key:Ee(e)};return r.deleteObject(n)}s(bx,"deleteFile");async function xx(t,e){let r=rt();await to(r,t);let n={Bucket:t,Delete:{Objects:e.map(i=>({Key:Ee(i)}))}};return r.deleteObjects(n)}s(xx,"deleteFiles");async function jT(t,e){t=be(t),e=Ee(e);let r=rt(),n={Bucket:t,Prefix:e},i=await r.listObjects(n);if(i.Contents?.length===0)return;let o={Bucket:t,Delete:{Objects:[]}};if(i.Contents?.forEach(a=>{o.Delete.Objects.push({Key:a.Key})}),o.Delete.Objects.length&&(await r.deleteObjects(o)).Deleted?.length===1e3)return jT(t,e)}s(jT,"deleteFolder");async function Gf(t,e,r){return await Qt.default.trace("uploadDirectory",async n=>{n.addTags({bucketName:t,localPath:e,bucketPath:r}),t=be(t);let i=await Xs.default.readdir(e,{withFileTypes:!0});n.addTags({numFiles:i.length});for(let o of i){let a=Ee((0,Sr.join)(r,o.name)),u=(0,Sr.join)(e,o.name);o.isDirectory()?await Gf(t,u,a):await KT({bucket:t,filename:a,stream:ni.default.createReadStream(u)})}return i})}s(Gf,"uploadDirectory");async function vx(t,e,r={}){e=Ee(e);let n=await(0,kf.default)(t,{headers:r});if(!n.ok)throw new Error(`unexpected response ${n.statusText}`);await(0,eo.pipeline)(n.body,Bf.default.createUnzip(),Mf.default.extract(e))}s(vx,"downloadTarballDirect");async function Px(t,e,r){e=be(e),r=Ee(r);let n=await(0,kf.default)(t);if(!n.ok)throw new Error(`unexpected response ${n.statusText}`);let i=(0,Sr.join)(un(),r);return await(0,eo.pipeline)(n.body,Bf.default.createUnzip(),Mf.default.extract(i)),!E.isTest()&&E.SELF_HOSTED&&await Gf(e,i,r),i}s(Px,"downloadTarball");async function fu(t,e){return await Qt.default.trace("getReadStream",async r=>{t=be(t),e=Ee(e),r.addTags({bucketName:t,path:e});let n=rt(),i={Bucket:t,Key:e},o=await n.getObject(i);if(!o.Body||!(o.Body instanceof hu.default.Readable))throw new Error("Unable to retrieve stream - invalid response");return r.addTags({contentLength:o.ContentLength,contentType:o.ContentType}),{stream:o.Body,contentLength:o.ContentLength,contentType:o.ContentType}})}s(fu,"getReadStream");async function Nx(t,e){t=be(t),e=Ee(e);let r=rt(),n={Bucket:t,Key:e};try{return await r.headObject(n)}catch{throw new Error("Unable to retrieve metadata from object")}}s(Nx,"getObjectMetadata");async function Ux(t,e){t=be(t),e=Ee(e);let r=rt(),n={Bucket:t,Key:e};try{return await r.headObject(n),!0}catch(i){if((i.statusCode||i.$response?.statusCode)===404)return!1;throw i}}s(Ux,"objectExists");function Uf(t){let e=t.split("?")[0],r=new RegExp(`^${Wf}/(?<bucket>[^/]+)/(?<path>.+)$`),n=e.match(r);if(n&&n.groups){let{bucket:i,path:o}=n.groups;return{bucket:i,path:o}}return null}s(Uf,"extractBucketAndPath");var HT=B(require("querystring"));var YT=B(require("aws-cloudfront-sign"));var Eu;function Lx(){if(!E.CLOUDFRONT_PRIVATE_KEY_64)throw new Error("CLOUDFRONT_PRIVATE_KEY_64 is not set");return Eu||(Eu=Buffer.from(E.CLOUDFRONT_PRIVATE_KEY_64,"base64").toString("utf-8"),Eu)}s(Lx,"getPrivateKey");var kx=s(()=>({keypairId:E.CLOUDFRONT_PUBLIC_KEY_ID,privateKeyString:Lx(),expireTime:new Date().getTime()+1e3*60*60*24}),"getCloudfrontSignParams"),ii=s(t=>{let e=Mx(t);return YT.getSignedUrl(e,kx())},"getPresignedUrl"),Mx=s(t=>{let e="/";return t.startsWith("/")&&(e=""),`${E.CLOUDFRONT_CDN}${e}${t}`},"getUrl");function Fx(t){return`${Ee(t)}/budibase-client.js`}s(Fx,"clientLibraryPath");function Bx(t,e){return`${Ee(t)}/${e}`}s(Bx,"client3rdPartyLibrary");async function Wx(t,e){return`/api/assets/${t}/client?${await zT(e)}`}s(Wx,"clientLibraryUrl");async function zT(t){let e,r;try{e=V()}finally{r={version:t}}return e&&e!==ae&&(r.tenantId=e),HT.default.encode(r)}s(zT,"getClientCacheKey");async function JT(t){return E.CLOUDFRONT_CDN?ii(t):await cn(E.APPS_BUCKET_NAME,t)}s(JT,"getAppFileUrl");async function $x(t){if(t.length===0)return[];try{return await Promise.all(t.map(async e=>({...e,src:await JT(e.src),type:e.type||"image/png"})))}catch(e){return console.error("Error enriching PWA images:",e),t}}s($x,"enrichPWAImages");var Gx=s(async(t,e,r)=>{let n=ZT(t,e);return E.CLOUDFRONT_CDN?(r&&(n=`${n}?etag=${r}`),ii(n)):await cn(E.GLOBAL_BUCKET_NAME,n)},"getGlobalFileUrl"),ZT=s((t,e)=>{let r=`${t}/${e}`;return E.MULTI_TENANCY&&(r=`${V()}/${r}`),r},"getGlobalFileS3Key");async function Vx(t){return!t||!t.length?[]:await Promise.all(t.map(async e=>{let r=await qx(e),n=await Kx(e);return{...e,jsUrl:r,iconUrl:n}}))}s(Vx,"enrichPluginURLs");async function qx(t){let e=eS(t);return XT(e)}s(qx,"getPluginJSUrl");async function Kx(t){let e=tS(t);if(e)return XT(e)}s(Kx,"getPluginIconUrl");async function XT(t){return E.CLOUDFRONT_CDN?ii(t):await cn(E.PLUGIN_BUCKET_NAME,t)}s(XT,"getPluginUrl");function eS(t){return rS(t,"plugin.min.js")}s(eS,"getPluginJSKey");function tS(t){let e=t.iconUrl?"icon.svg":t.iconFileName;if(e)return rS(t,e)}s(tS,"getPluginIconKey");function rS(t,e){return`${nS(t.name)}/${e}`}s(rS,"getPluginS3Key");function nS(t){let e=`${t}`;return E.MULTI_TENANCY&&(e=`${V()}/${e}`),E.CLOUDFRONT_CDN&&(e=`plugins/${e}`),e}s(nS,"getPluginS3Dir");var oS="budibase.log",aS="budibase-logs-history.txt",uS=Kf.default.join(un(),"systemlogs");function iS(t){return Kf.default.join(uS,t)}s(iS,"getFullPath");function cS(t){let e=/(\d+)([A-Za-z])/,r=t?.match(e);if(!r){console.warn("totalMaxSize does not have a valid value",{totalMaxSize:t});return}let n=+r[1],i=r[2];if(n===1)switch(i){case"B":return{size:`${n}B`,totalHistoryFiles:1};case"K":return{size:`${n*1e3/2}B`,totalHistoryFiles:1};case"M":return{size:`${n*1e3/2}K`,totalHistoryFiles:1};case"G":return{size:`${n*1e3/2}M`,totalHistoryFiles:1};default:return}return n%2===0?{size:`${n/2}${i}`,totalHistoryFiles:1}:{size:`1${i}`,totalHistoryFiles:n-1}}s(cS,"getSingleFileMaxSizeInfo");function Qf(){let t=cS(E.ROLLING_LOG_MAX_SIZE);return sS.createStream(oS,{size:t?.size,path:uS,maxFiles:t?.totalHistoryFiles||1,immutable:!0,history:aS,initialRotation:!1})}s(Qf,"localFileDestination");function Qx(){let t=[],e=iS(aS);if(ro.default.existsSync(e)){let i=ro.default.readFileSync(e,"utf-8").split(`
|
|
37
|
-
`);for(let o of i.filter(a=>a))t.push(ro.default.readFileSync(o))}return t.push(ro.default.readFileSync(iS(oS))),Buffer.concat(t.map(n=>new Uint8Array(n)))}s(Qx,"getLogReadStream");function jx(t){return typeof t=="object"&&t!==null&&!(t instanceof Error)}s(jx,"isPlainObject");function Yx(t){return t instanceof Error}s(Yx,"isError");function Hx(t){return typeof t=="string"}s(Hx,"isMessage");var Ar;if(!E.DISABLE_PINO_LOGGER){let t=E.LOG_LEVEL,e={level:t,formatters:{level:c=>({level:c.toUpperCase()}),bindings:()=>E.SELF_HOSTED?{service:E.SERVICE_NAME}:{}},timestamp:()=>`,"timestamp":"${new Date(Date.now()).toISOString()}"`},r=[];r.push(E.isDev()?{stream:(0,lS.default)({singleLine:!0}),level:t}:{stream:process.stdout,level:t}),E.SELF_HOSTED&&r.push({stream:Qf(),level:t}),Ar=r.length?(0,gu.default)(e,gu.default.multistream(r)):(0,gu.default)(e);let n=s(c=>{let l,d=[],f="";c.forEach(y=>{Hx(y)&&(f=`${f} ${y}`.trimStart()),jx(y)&&d.push(y),Yx(y)&&(l=y)});let p=u(),m={};m={tenantId:i(),appId:o(),automationId:a(),identityId:p?._id,identityType:p?.type,correlationId:Nf()};let h=Yf.default.scope().active();h&&Yf.default.inject(h.context(),dS.formats.LOG,m);let g={err:l,pid:process.pid,...m};if(d.length){let y={},S=0;for(let O=0;O<d.length;O++){let _=d[O],w=_._logKey;w?(delete _._logKey,g[w]=_):(y[S]=_,S++)}Object.keys(y).length&&(g.data=y)}return[g,f]},"getLogParams");console.log=(...c)=>{let[l,d]=n(c);Ar?.info(l,d)},console.info=(...c)=>{let[l,d]=n(c);Ar?.info(l,d)},console.warn=(...c)=>{let[l,d]=n(c);Ar?.warn(l,d)},console.error=(...c)=>{let[l,d]=n(c);Ar?.error(l,d)},console.trace=(...c)=>{let[l,d]=n(c);l.err||(l.err=new Error),Ar?.trace(l,d)},console.debug=(...c)=>{let[l,d]=n(c);Ar?.debug(l,d)};let i=s(()=>{let c;try{c=V()}catch{}return c},"getTenantId"),o=s(()=>{let c;try{c=Le()}catch{}return c},"getAppId"),a=s(()=>{let c;try{c=Xd()}catch{}return c},"getAutomationId"),u=s(()=>{let c;try{c=Bt()}catch{}return c},"getIdentity")}var yu=Ar;var zx=["AccountError"];function Jx(t){return t&&t.suppressAlert}s(Jx,"isSuppressed");function ln(t,e){e&&zx.includes(e.name)&&Jx(e)||console.error(`bb-alert: ${t}`,e)}s(ln,"logAlert");function Zx(t,e,r,n){t=`${t} - db: ${e} - doc: ${r} - error: `,ln(t,n)}s(Zx,"logAlertWithInfo");function si(t,e){console.warn(`bb-warn: ${t}`,e)}s(si,"logWarn");var Tu=class extends Error{static{s(this,"UnretriableError")}constructor(e){super(e),this.name="PermanentError"}},Hf=class{static{s(this,"QueuedProcessor")}constructor(e,r={}){let{maxAttempts:n=3,removeOnFail:i=!0,removeOnComplete:o=!0,maxStalledCount:a=3}=r;this.waitForCompletionMs=r.waitForCompletionMs||1e4,this._queue=new Et(e,{maxStalledCount:a,jobOptions:{attempts:n,removeOnFail:i,removeOnComplete:o}}),this._queue.process(async(u,c)=>{try{let l=await this.processFn(u.data);c?.(null,l)}catch(l){l instanceof Tu&&await u.discard(),ln(`Failed to process job in ${this._queue.name}`,l),c?.(l)}})}async close(e){await this._queue.close(e)}async execute(e){try{let r=await this._queue.add(e);return{success:!0,result:await Ne.withTimeout(this.waitForCompletionMs,()=>r.finished())}}catch(r){if(r.errno!=="ETIME")throw r;return{success:!1,reason:"timeout"}}}};var Xx=100,Su,io=class t{static{s(this,"DocWritethroughProcessor")}static get queue(){return t._queue||(t._queue=new Et("docWritethroughQueue",{jobOptions:{attempts:Xx}})),t._queue}init(){return t.queue.process(async e=>{try{await this.persistToDb(e.data)}catch(r){throw r.status===409?new Error(`Conflict persisting message ${e.id}. Attempt ${e.attemptsMade}`):r}}),this}async persistToDb({dbName:e,docId:r,data:n}){if(r.startsWith("scimlog"))return;let i=De(e),o;try{o=await i.get(r)}catch{o={_id:r}}o={...o,...n},await i.put(o)}},Jf=class{static{s(this,"DocWritethrough")}constructor(e,r){this.db=e,this._docId=r}get docId(){return this._docId}async patch(e){await io.queue.add({dbName:this.db.name,docId:this.docId,data:e})}};function fS(){return Su=new io().init(),Su}s(fS,"init");function ev(){return Su||fS()}s(ev,"getProcessor");var oo={};N(oo,{CacheKey:()=>ye,TTL:()=>pn,bustCache:()=>oi,destroy:()=>so,get:()=>mn,keys:()=>Au,store:()=>jt,withCache:()=>_r,withCacheWithDynamicTTL:()=>pS});function Rt(t){let e=V();return`${t}:${e}`}s(Rt,"generateTenantKey");var dn=class{static{s(this,"BaseCache")}constructor(e=void 0){this.client=e}async getClient(){return this.client?this.client:await cf()}async keys(e){return(await this.getClient()).keys(e)}async exists(e,r={useTenancy:!0}){return e=r.useTenancy?Rt(e):e,(await this.getClient()).exists(e)}async scan(e,r={useTenancy:!0}){return e=r.useTenancy?Rt(e):e,(await this.getClient()).scan(e)}async get(e,r={useTenancy:!0}){return e=r.useTenancy?Rt(e):e,(await this.getClient()).get(e)}async bulkGet(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Rt(i)):e,(await this.getClient()).bulkGet(e)}async store(e,r,n=null,i={useTenancy:!0}){e=i.useTenancy?Rt(e):e,await(await this.getClient()).store(e,r,n)}async bulkStore(e,r=null,n={useTenancy:!0}){n.useTenancy&&(e=Object.entries(e).reduce((o,[a,u])=>(o[Rt(a)]=u,o),{})),await(await this.getClient()).bulkStore(e,r)}async delete(e,r={useTenancy:!0}){return e=r.useTenancy?Rt(e):e,(await this.getClient()).delete(e)}async bulkDelete(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Rt(i)):e,(await this.getClient()).bulkDelete(e)}async withCache(e,r=null,n,i={useTenancy:!0}){let o=await this.get(e,i);if(o)return o;try{let a=await n();return await this.store(e,a,r,i),a}catch(a){throw console.error("Error fetching before cache - ",a),a}}async withCacheWithDynamicTTL(e,r,n={useTenancy:!0}){let i=await this.get(e,n);if(i)return i;try{let o=await r(),{value:a,ttl:u}=o;return await this.store(e,a,u,{useTenancy:n.useTenancy}),a}catch(o){throw console.error("Error fetching before cache - ",o),o}}async bustCache(e){let r=await this.getClient();try{await r.delete(Rt(e))}catch(n){throw console.error("Error busting cache - ",n),n}}async deleteIfValue(e,r,n={useTenancy:!0}){e=n.useTenancy?Rt(e):e,await(await this.getClient()).deleteIfValue(e,r)}};var fn=new dn,ye={CHECKLIST:"checklist",INSTALLATION:"installation",ANALYTICS_ENABLED:"analyticsEnabled",UNIQUE_TENANT_ID:"uniqueTenantId",EVENTS:"events",BACKFILL_METADATA:"backfillMetadata",EVENTS_RATE_LIMIT:"eventsRateLimit",OAUTH2_TOKEN:t=>`oauth2Token_${t}`},pn=(n=>(n[n.ONE_MINUTE=600]="ONE_MINUTE",n[n.ONE_HOUR=3600]="ONE_HOUR",n[n.ONE_DAY=86400]="ONE_DAY",n))(pn||{}),Au=s((...t)=>fn.keys(...t),"keys"),mn=s((...t)=>fn.get(...t),"get"),jt=s((...t)=>fn.store(...t),"store"),so=s((...t)=>fn.delete(...t),"destroy"),_r=s((...t)=>fn.withCache(...t),"withCache"),pS=s((...t)=>fn.withCacheWithDynamicTTL(...t),"withCacheWithDynamicTTL"),oi=s((...t)=>fn.bustCache(...t),"bustCache");var ep={};N(ep,{createCode:()=>rv,deleteCode:()=>iv,getCode:()=>nv,getExistingInvites:()=>Xf,getInviteCodes:()=>hS,updateCode:()=>tv});var mS=he.fromDays(7).toSeconds();async function tv(t,e){await(await nn()).store(t,e,mS)}s(tv,"updateCode");async function rv(t,e){let r=te();return await(await nn()).store(r,{email:t,info:e},mS),r}s(rv,"createCode");async function nv(t){let r=await(await nn()).get(t);if(!r)throw"Invitation is not valid or has expired, please request a new one.";return r}s(nv,"getCode");async function iv(t){await(await nn()).delete(t)}s(iv,"deleteCode");async function hS(){let r=(await(await nn()).scan()).map(i=>({...i.value,code:i.key}));if(!E.MULTI_TENANCY)return r;let n=V();return r.filter(i=>n===i.info.tenantId)}s(hS,"getInviteCodes");async function Xf(t){return(await hS()).filter(e=>t.includes(e.email))}s(Xf,"getExistingInvites");var tp={};N(tp,{createCode:()=>ov,getCode:()=>av,invalidateCode:()=>uv});var sv=he.fromHours(1).toSeconds();async function ov(t,e){let r=te();return await(await Fs()).store(r,{userId:t,info:e},sv),r}s(ov,"createCode");async function av(t){let r=await(await Fs()).get(t);if(!r)throw new Error("Provided information is not valid, cannot reset password - please try again.");return r}s(av,"getCode");async function uv(t){await(await Fs()).delete(t)}s(uv,"invalidateCode");var Dr={};N(Dr,{getUser:()=>Do,getUsers:()=>FU,invalidateUser:()=>Ro});var ao={};N(ao,{getPlatformDB:()=>Or,users:()=>gt});var gt={};N(gt,{addSsoUser:()=>gS,addUser:()=>mv,getUserDoc:()=>ES,lookupTenantId:()=>cv,removeUser:()=>hv,updateUserDoc:()=>lv});function Or(){return De(fe.PLATFORM_INFO.name)}s(Or,"getPlatformDB");async function cv(t){return E.MULTI_TENANCY?(await ES(t)).tenantId:ae}s(cv,"lookupTenantId");async function ES(t){return Or().get(t)}s(ES,"getUserDoc");async function lv(t){await Or().put(t)}s(lv,"updateUserDoc");function dv(t,e){return{_id:t,tenantId:e}}s(dv,"newUserIdDoc");function fv(t,e,r){return{_id:e,userId:t,tenantId:r}}s(fv,"newUserEmailDoc");function pv(t,e,r,n){return{_id:t,userId:r,email:e,tenantId:n}}s(pv,"newUserSsoIdDoc");async function rp(t,e){let r=Or(),n;try{await r.get(t)}catch(i){if(i.status===404)n=e(),await r.put(n);else throw i}}s(rp,"addUserDoc");async function gS(t,e,r,n){return rp(t,()=>pv(t,e,r,n))}s(gS,"addSsoUser");async function mv(t,e,r,n){let i=[rp(e,()=>dv(e,t)),rp(r,()=>fv(e,r,t))];n&&i.push(gS(n,r,e,t)),await Promise.all(i)}s(mv,"addUser");async function hv(t){let e=Or(),r=[t._id,t.email],n=await e.allDocs({keys:r,include_docs:!0});await e.bulkRemove(n.rows.map(i=>i.doc),{silenceErrors:!0})}s(hv,"removeUser");var hn={};N(hn,{getAccount:()=>Ir,getAccountByTenantId:()=>ai,getStatus:()=>Ev});var yS=B(require("node-fetch"));var uo=class{static{s(this,"API")}constructor(e){this.host=e}async apiCall(e,r,n){n.headers||(n.headers={}),n.headers["Content-Type"]||(n.headers={"Content-Type":"application/json",Accept:"application/json",...n.headers});let i=n.headers["Content-Type"]==="application/json";Js.setHeader(n.headers);let o={method:e,body:i?JSON.stringify(n.body):n.body,headers:n.headers,credentials:"include"};return await(0,yS.default)(`${this.host}${r}`,o)}async post(e,r){return this.apiCall("POST",e,r)}async get(e,r){return this.apiCall("GET",e,r)}async patch(e,r){return this.apiCall("PATCH",e,r)}async del(e,r){return this.apiCall("DELETE",e,r)}async put(e,r){return this.apiCall("PUT",e,r)}};var np=new uo(E.INTERNAL_ACCOUNT_PORTAL_URL),ip=E.SELF_HOSTED||E.DISABLE_ACCOUNT_PORTAL,Ir=s(async t=>{if(ip)return;let e={email:t},r=await np.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":E.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by email ${t}`);return(await r.json())[0]},"getAccount"),ai=s(async t=>{if(ip)return;let e={tenantId:t},r=await np.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":E.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by tenantId ${t}`);return(await r.json())[0]},"getAccountByTenantId"),Ev=s(async()=>{if(ip)return;let t=await np.get("/api/status",{headers:{"x-budibase-api-key":E.ACCOUNT_PORTAL_API_KEY}}),e=await t.json();if(t.status!==200)throw new Error("Error getting status");return e},"getStatus");var mi={};N(mi,{UserDB:()=>bt,addAppBuilder:()=>UU,bulkGetGlobalUsersById:()=>Ku,bulkUpdateGlobalUsers:()=>Oo,cleanseUserObject:()=>Dp,creatorsInList:()=>yn,doesUserExist:()=>bU,getAccountHolderFromUsers:()=>qu,getAllUserIds:()=>RU,getAllUsers:()=>CU,getById:()=>Tn,getCreatorCount:()=>PU,getExistingAccounts:()=>pi,getExistingPlatformUsers:()=>sA,getExistingTenantUsers:()=>iA,getFirstPlatformUser:()=>Ao,getGlobalUserByAppPage:()=>dA,getGlobalUserByEmail:()=>St,getPlatformUsers:()=>Wu,getUserCount:()=>vU,hasAdminPermissions:()=>wr,hasAppBuilderPermissions:()=>uA,hasBuilderPermissions:()=>ke,isAdmin:()=>Ct,isAdminOrBuilder:()=>aA,isAdminOrWorkspaceBuilder:()=>$u,isBuilder:()=>gi,isCreatorAsync:()=>_o,isCreatorSync:()=>Gu,isGlobalBuilder:()=>oA,paginatedUsers:()=>pA,removeAppBuilder:()=>LU,removePortalUserPermissions:()=>NU,searchExistingEmails:()=>Ap,searchGlobalUsersByApp:()=>Qu,searchGlobalUsersByAppAccess:()=>wp,searchGlobalUsersByEmail:()=>fA,validateUniqueUser:()=>Vu});var xu={};N(xu,{BadRequestError:()=>Iu,BudibaseError:()=>ui,EmailUnavailableError:()=>Yt,FeatureDisabledError:()=>Cu,ForbiddenError:()=>wu,HTTPError:()=>we,InvalidAPIKeyError:()=>ci,NotFoundError:()=>Ou,NotImplementedError:()=>Du,UnexpectedError:()=>_u,UsageLimitError:()=>Ru,getPublicError:()=>bu});var ui=class extends Error{constructor(r,n){super(r);this.code=n}static{s(this,"BudibaseError")}},bu=s(t=>{let e;return t.code&&(e={code:t.code},t.getPublicError&&(e={...e,...t.getPublicError()})),e},"getPublicError"),we=class t extends ui{constructor(r,n,i="http"){super(r,i);this.status=n}static{s(this,"HTTPError")}static async fromResponse(r){let n=await r.text(),i=n,o=r.status,a="http";try{let u=JSON.parse(n);i=u.message,o=u.status,a=u.error?.code}catch{}return new t(i,o,a)}},_u=class extends we{static{s(this,"UnexpectedError")}constructor(e){super(e,500)}},Ou=class extends we{static{s(this,"NotFoundError")}constructor(e){super(e,404)}},Iu=class extends we{static{s(this,"BadRequestError")}constructor(e){super(e,400)}},wu=class extends we{static{s(this,"ForbiddenError")}constructor(e){super(e,403)}},Du=class extends we{static{s(this,"NotImplementedError")}constructor(e){super(e,501)}},Ru=class extends we{constructor(r,n){super(r,400,"usage_limit_exceeded");this.limitName=n}static{s(this,"UsageLimitError")}getPublicError(){return{limitName:this.limitName}}},Cu=class extends we{constructor(r,n){super(r,400,"feature_disabled");this.featureName=n}static{s(this,"FeatureDisabledError")}getPublicError(){return{featureName:this.featureName}}},ci=class extends ui{static{s(this,"InvalidAPIKeyError")}constructor(){super("Invalid API key - may need re-generated, or user doesn't exist","invalid_api_key")}},Yt=class extends Error{static{s(this,"EmailUnavailableError")}constructor(e){super(`Email already in use: '${e}'`)}};var up={};N(up,{PASSWORD_MAX_LENGTH:()=>op,PASSWORD_MIN_LENGTH:()=>sp,validatePassword:()=>ap});var sp=+(E.PASSWORD_MIN_LENGTH||12),op=+(E.PASSWORD_MAX_LENGTH||512);function ap(t){return!t||t.length<sp?{valid:!1,error:`Password invalid. Minimum ${sp} characters.`}:t.length>op?{valid:!1,error:`Password invalid. Maximum ${op} characters.`}:{valid:!0}}s(ap,"validatePassword");var vu={};N(vu,{createASession:()=>yv,endSession:()=>Tv,getSession:()=>lp,getSessionsForUser:()=>co,invalidateSessions:()=>En,updateSessionTTL:()=>cp});var SS=require("uuid");var AS=E.SESSION_EXPIRY_SECONDS?parseInt(E.SESSION_EXPIRY_SECONDS):he.fromDays(7).toSeconds();function li(t,e){return`${t}/${e}`}s(li,"makeSessionID");async function co(t){return t?(await(await hr()).scan(t)).map(n=>n.value):(console.trace("Cannot get sessions for undefined userId"),[])}s(co,"getSessionsForUser");async function En(t,e={}){try{let r=e?.reason||"unknown",n=e.sessionIds||[],i;if(n.length===0?i=(await co(t)).map(a=>({key:li(a.userId,a.sessionId)})):(n=Array.isArray(n)?n:[n],i=n.map(o=>({key:li(t,o)}))),i&&i.length>0){let o=await hr(),a=[];for(let u of i)a.push(o.delete(u.key));E.isTest()||si(`Invalidating sessions for ${t} (reason: ${r}) - ${i.map(u=>u.key).join(", ")}`),await Promise.all(a)}}catch(r){console.error(`Error invalidating sessions: ${r}`)}}s(En,"invalidateSessions");async function yv(t,e){let r=await co(t),n=0;if(r.length>=3){let l=r.sort((p,m)=>new Date(p.createdAt).getTime()-new Date(m.createdAt).getTime()),d=r.length-3+1,f=l.slice(0,d).map(p=>p.sessionId);n=f.length,await En(t,{sessionIds:f,reason:"session limit exceeded"})}let i=await hr(),o=e.sessionId,a=e.csrfToken?e.csrfToken:(0,SS.v4)(),u=li(t,o),c={...e,csrfToken:a,createdAt:new Date().toISOString(),lastAccessedAt:new Date().toISOString(),userId:t};return await i.store(u,c,AS),{session:c,invalidatedSessionCount:n}}s(yv,"createASession");async function cp(t){let e=await hr(),r=li(t.userId,t.sessionId);t.lastAccessedAt=new Date().toISOString(),await e.store(r,t,AS)}s(cp,"updateSessionTTL");async function Tv(t,e){await(await hr()).delete(li(t,e))}s(Tv,"endSession");async function lp(t,e){if(!t||!e)throw new Error(`Invalid session details - ${t} - ${e}`);let n=await(await hr()).get(li(t,e));if(!n)throw new Error(`Session not found - ${t} - ${e}`);return n}s(lp,"getSession");var fi={};N(fi,{account:()=>NS,action:()=>US,ai:()=>LS,analytics:()=>Nu,app:()=>kS,asyncEventQueue:()=>yt,auditLog:()=>MS,auth:()=>Bu,automation:()=>FS,backfill:()=>BS,backfillCache:()=>ku,backup:()=>WS,datasource:()=>$S,email:()=>GS,environmentVariable:()=>VS,group:()=>qS,identification:()=>Tt,initAsyncEvents:()=>mU,installation:()=>ho,layout:()=>KS,license:()=>QS,org:()=>jS,plugin:()=>YS,processors:()=>Ep,publishEvent:()=>A,query:()=>HS,resource:()=>zS,role:()=>So,rowAction:()=>JS,rows:()=>ZS,screen:()=>XS,serve:()=>eA,shutdown:()=>hU,table:()=>tA,user:()=>Me,view:()=>rA,workspace:()=>nA});var Nu={};N(Nu,{enabled:()=>Pu});var Pu=s(async()=>Uu(),"enabled");var yt;function Lu(){yt=new Et("systemEventQueue",{jobTags:t=>({"event.name":t.event})})}s(Lu,"init");async function _S(){yt&&await yt.close()}s(_S,"shutdown");async function OS(t){yt||Lu();let{event:e,identity:r}=t;Rm.indexOf(e)!==-1&&r.tenantId&&await yt.add(t)}s(OS,"publishAsyncEvent");var ku={};N(ku,{end:()=>Av,isAlreadySent:()=>pp,isBackfillingEvent:()=>fp,recordEvent:()=>dp,start:()=>Sv});var Sv=s(async t=>Ov({eventWhitelist:t}),"start"),dp=s(async(t,e)=>{let r=mp(t,e);await jt(r,e,void 0,{useTenancy:!1})},"recordEvent"),Av=s(async()=>{await Iv(),await wv()},"end"),_v=s(async()=>mn(ye.BACKFILL_METADATA),"getBackfillMetadata"),Ov=s(async t=>jt(ye.BACKFILL_METADATA,t),"saveBackfillMetadata"),Iv=s(async()=>{await so(ye.BACKFILL_METADATA)},"deleteBackfillMetadata"),wv=s(async()=>{let t=mp(),e=await Au(t);for(let r of e)await so(r,{useTenancy:!1})},"clearEvents"),fp=s(async t=>{let r=(await _v())?.eventWhitelist;return!!(r&&r.includes(t))},"isBackfillingEvent"),pp=s(async(t,e)=>{let r=mp(t,e);return!!await mn(r,{useTenancy:!1})},"isAlreadySent"),Dv={"automation:created":t=>t.automationId,"automation:step:created":t=>t.stepId,"datasource:created":t=>t.datasourceId,"layout:created":t=>t.layoutId,"query:created":t=>t.queryId,"role:created":t=>t.roleId,"screen:created":t=>t.screenId,"table:created":t=>t.tableId,"view:created":t=>t.tableId,"view:calculation:created":t=>t.tableId,"view:filter:created":t=>t.tableId,"app:created":t=>t.appId,"app:published":t=>t.appId,"auth:sso:created":t=>t.type,"auth:sso:activated":t=>t.type,"user:created":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:builder:assigned":t=>t.userId,"role:assigned":t=>`${t.roleId}-${t.userId}`},mp=s((t,e)=>{let r,n=V();if(t){r=`${ye.EVENTS}:${n}:${t}`;let i=Dv[t],o=i?i(e):void 0;o&&(r=`${r}:${o}`)}else r=`${ye.EVENTS}:${n}:*`;return r},"getEventKey");var Ep={};N(Ep,{analyticsProcessor:()=>xS,init:()=>kv,processors:()=>zt});var CS=require("posthog-node");var Rv=s(t=>t==="served:builder"||t==="served:app:preview"||t==="served:app","isRateLimited"),Cv=s(t=>t==="served:app:preview"||t==="served:app","isPerApp");var wS={"served:app":"calendarDay","served:app:preview":"calendarDay","served:builder":"calendarDay"},DS=s(async t=>{if(!Rv(t))return!1;let e=await bv(t);if(e){let r=new Date(e.timestamp);switch(wS[t]){case"calendarDay":return r.setDate(r.getDate()+1),r.setHours(0,0,0,0),Date.now()>r.getTime()?(await IS(t,{timestamp:Date.now()}),!1):!0}}else return await IS(t,{timestamp:Date.now()}),!1},"limited"),RS=s(t=>{let e=`${ye.EVENTS_RATE_LIMIT}:${t}`;return Cv(t)&&(e=e+":"+Le()),e},"eventKey"),bv=s(async t=>{let e=RS(t);return await mn(e)},"readEvent"),IS=s(async(t,e)=>{let r=RS(t),n=wS[t],i;switch(n){case"calendarDay":i=86400}await jt(r,e,i)},"recordEvent");var vv=["user:updated","email:smtp:updated","auth:sso:updated","app:updated","role:updated","datasource:updated","query:updated","view:updated","view:calculation:updated","automation:trigger:updated","user_group:updated"],lo=class{static{s(this,"PosthogProcessor")}constructor(e){if(!e)throw new Error("Posthog token is not defined");this.posthog=new CS.PostHog(e)}async processEvent(e,r,n,i){if(vv.includes(e)||await DS(e))return;n=this.clearPIIProperties(n),n.version=E.VERSION,n.service=E.SERVICE,n.environment=r.environment,n.hosting=r.hosting;let o=Le();o&&(n.appId=o);let a={distinctId:r.id,event:e,properties:n};i&&(a.timestamp=new Date(i)),(r.installationId||r.tenantId)&&(a.groups={},r.installationId&&(a.groups.installation=r.installationId,a.properties.installationId=r.installationId),r.tenantId&&(a.groups.tenant=r.tenantId,a.properties.tenantId=r.tenantId)),this.posthog.capture(a)}clearPIIProperties(e){return e.email&&delete e.email,e.audited&&delete e.audited,e}async identify(e,r){let n={distinctId:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.identify(n)}async identifyGroup(e,r){let n={distinctId:e.id,groupType:e.type,groupKey:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.groupIdentify(n)}async shutdown(){await this.posthog.shutdown()}};var bS=lo;var Pv=["installation:version:upgraded","installation:version:downgraded"],Nv=["installation","tenant"],fo=class{static{s(this,"AnalyticsProcessor")}constructor(){E.POSTHOG_TOKEN&&!E.isTest()&&(this.posthog=new bS(E.POSTHOG_TOKEN))}async processEvent(e,r,n,i){!Pv.includes(e)&&!await Pu()||this.posthog&&await this.posthog.processEvent(e,r,n,i)}async identify(e,r){!Nv.includes(e.type)&&!await Pu()||this.posthog&&await this.posthog.identify(e,r)}async identifyGroup(e,r){this.posthog&&await this.posthog.identifyGroup(e,r)}async shutdown(){this.posthog&&await this.posthog.shutdown()}};var hp=E.SELF_HOSTED&&!E.isDev(),po=class{static{s(this,"LoggingProcessor")}async processEvent(e,r,n){hp||console.log(`[audit] [identityType=${r.type}] ${e}`,n)}async identify(e){hp||console.log("[audit] identified",e)}async identifyGroup(e){hp||console.log("[audit] group identified",e)}async shutdown(){}};var di=class t{static{s(this,"AuditLogsProcessor")}static{this.auditLogsEnabled=!1}static init(e){t.auditLogsEnabled=!0;let r=e;return t.auditLogQueue=new Et("auditLogQueue",{jobTags:n=>({"event.name":n.event})}),t.auditLogQueue.process(async n=>{await Re(n.data.tenantId,async()=>{let i=n.data.properties;i.audited&&(i={...i,...i.audited},delete i.audited);let o={};E.ENABLE_AUDIT_LOG_IP_ADDR&&(o=n.data.opts.hostInfo),await r(n.data.event,i,{userId:n.data.opts.userId,timestamp:n.data.opts.timestamp,appId:n.data.opts.appId,hostInfo:o})})})}async processEvent(e,r,n,i){if(t.auditLogsEnabled&&Df(e)){let o=r.type==="user"?r.id:void 0;await t.auditLogQueue.add({event:e,properties:n,opts:{userId:o,timestamp:i,appId:Le(),hostInfo:r.hostInfo},tenantId:V()})}}async identify(){}async identifyGroup(){}async shutdown(){await t.auditLogQueue?.close()}};var mo=class{constructor(e){this.initialised=!1;this.processors=[];this.processors=e}static{s(this,"Processor")}async processEvent(e,r,n,i){for(let o of this.processors)await o.processEvent(e,r,n,i)}async identify(e,r){for(let n of this.processors)n.identify&&await n.identify(e,r)}async identifyGroup(e,r){for(let n of this.processors)n.identifyGroup&&await n.identifyGroup(e,r)}async shutdown(){for(let e of this.processors)e.shutdown&&await e.shutdown()}};var xS=new fo,Uv=new po,Lv=new di;function kv(t){return di.init(t)}s(kv,"init");var zt=new mo([xS,Uv,Lv]);var Mu={};N(Mu,{checkInstallVersion:()=>Bv,getInstall:()=>Eo,getInstallFromDB:()=>yp});var gp=B(require("semver"));var Eo=s(async()=>_r(ye.INSTALLATION,86400,yp,{useTenancy:!1}),"getInstall");async function Mv(t){let e={_id:fe.PLATFORM_INFO.docs.install,installId:te(),version:E.VERSION};try{let r=await t.put(e);return e._rev=r.rev,e}catch(r){if(r.status===409)return yp();throw r}}s(Mv,"createInstallDoc");var yp=s(async()=>Ke(fe.PLATFORM_INFO.name,async t=>{let e;try{e=await t.get(fe.PLATFORM_INFO.docs.install)}catch(r){if(r.status===404)e=await Mv(t);else throw r}return e}),"getInstallFromDB"),Fv=s(async t=>{try{await Ke(fe.PLATFORM_INFO.name,async e=>{let r=await Eo();r.version=t,await e.put(r),await oi(ye.INSTALLATION)})}catch(e){if(e.status===409)return!1;throw e}return!0},"updateVersion"),Bv=s(async()=>{let t=await Eo(),e=t.version,r=E.VERSION;try{if(e!==r){let n=gp.default.gt(r,e),i=gp.default.lt(r,e);await Fv(r)&&(await Os({_id:t.installId,type:"installation"},async()=>{n?await ho.upgraded(e,r):i&&await ho.downgraded(e,r)}),await Tt.identifyInstallationGroup(t.installId))}}catch(n){n?.message?.includes("Invalid Version")?ln(`Invalid version "${r}" - is it semver?`):ln("Failed to retrieve version",n)}},"checkInstallVersion");var Wv=s(async()=>{let t=Ld(),e=To(),r;if(t?r=t.type:r="tenant",r==="installation"){let n=await gn(),i=go();return{id:vS(n,r),hosting:i,type:r,installationId:n,environment:e}}else if(r==="tenant"){let n=await gn(),i=await Fu(V()),o=go();return{id:vS(i,r),type:r,hosting:o,installationId:n,tenantId:i,realTenantId:V(),environment:e}}else if(r==="user"){let n=t,i=await Fu(V()),o=await gn(),a=n.account,u;return a?u=a.hosting:u=go(),{id:n._id,type:r,hosting:u,installationId:o,tenantId:i,environment:e,realTenantId:V(),hostInfo:n.hostInfo}}else throw new Error("Unknown identity type")},"getCurrentIdentity"),$v=s(async(t,e)=>{let r=t,n="installation",i=go(),o=E.VERSION,a=To(),u={id:r,type:n,hosting:i,version:o,environment:a};await Tp(u,e),await yo({...u,id:`$${n}_${r}`},e)},"identifyInstallationGroup"),Gv=s(async(t,e,r,n=E.VERSION)=>{let i=await Fu(t),o="tenant",a=await gn(),u=To(),c={id:i,type:o,hosting:e,environment:u,installationId:a,createdAt:r,createdVersion:n};await Tp(c,r),await yo({...c,id:`$${o}_${i}`},r)},"identifyTenantGroup"),Vv=s(async(t,e,r)=>{let n=t._id,i=await Fu(t.tenantId),o="user",a=ke(t),u=wr(t),c;Vo(t)&&(c=t.providerType);let d=(await pi([t.email])).length>0,f=!!e&&d&&e.verified,p=await gn(),m=e?e.hosting:go(),h=To();await yo({id:n,type:o,hosting:m,installationId:p,tenantId:i,verified:f,accountHolder:d,providerType:c,builder:a,admin:u,environment:h},r)},"identifyUser"),qv=s(async t=>{let e=t.accountId,r=t.tenantId,n="user",i=Go(t)?t.providerType:void 0,o=t.verified,a=!0,u=t.hosting,c=await gn(),l=To();if($o(t)){let f=await St(t.email);f?._id&&(e=f._id)}await yo({id:e,type:n,hosting:u,installationId:c,tenantId:r,providerType:i,verified:o,accountHolder:a,environment:l})},"identifyAccount"),yo=s(async(t,e)=>{await zt.identify(t,e)},"identify"),Tp=s(async(t,e)=>{await zt.identifyGroup(t,e)},"identifyGroup"),To=s(()=>E.isDev()?"development":E.DEPLOYMENT_ENVIRONMENT,"getDeploymentEnvironment"),go=s(()=>E.SELF_HOSTED?"self":"cloud","getHostingFromEnv"),gn=s(async()=>Kv()?"account-portal":(await Eo()).installId,"getInstallationId"),Fu=s(async t=>E.SELF_HOSTED?PS(t):t,"getEventTenantId"),PS=s(async t=>Re(t,()=>_r(ye.UNIQUE_TENANT_ID,86400,async()=>{let e=H(),r=await hi(),n;return r.config.uniqueTenantId?r.config.uniqueTenantId:(n=`${te()}_${t}`,r.config.uniqueTenantId=n,r.config.createdVersion=E.VERSION,await e.put(r),n)})),"getUniqueTenantId"),Kv=s(()=>E.SERVICE==="account-portal","isAccountPortal"),vS=s((t,e)=>e==="installation"||e==="tenant"?`$${e}_${t}`:t,"formatDistinctId"),Tt={getCurrentIdentity:Wv,identifyInstallationGroup:$v,identifyTenantGroup:Gv,identifyUser:Vv,identifyAccount:qv,identify:yo,identifyGroup:Tp,getInstallationId:gn,getUniqueTenantId:PS};var A=s(async(t,e,r,n)=>{let i=n||await Tt.getCurrentIdentity();if(!(n?!1:await fp(t))){await OS({event:t,identity:i,properties:e,timestamp:r}),await zt.processEvent(t,i,e,r);return}await pp(t,e)||(await zt.processEvent(t,i,e,r),await dp(t,e))},"publishEvent");async function Qv(t,e){let r={tenantId:t.tenantId};await A("account:created",r,void 0,e)}s(Qv,"created");async function jv(t){let e={tenantId:t.tenantId};await A("account:deleted",e)}s(jv,"deleted");async function Yv(t){let e={tenantId:t.tenantId};await A("account:verified",e)}s(Yv,"verified");var NS={created:Qv,deleted:jv,verified:Yv};async function Hv(t,e){console.info("action:automation_step:executed",`disabled. Action step ${t.stepId} not published at ${e}`)}s(Hv,"automationStepExecuted");async function zv(t,e){console.info("action:automation_step:executed",`disabled. Action type ${t.type} not published at ${e}`)}s(zv,"crudExecuted");async function Jv(t,e){console.info("action:automation_step:executed",`disabled. Execution for ai agent ${t.agentId} not published at ${e}`)}s(Jv,"aiAgentExecuted");var US={aiAgentExecuted:Jv,automationStepExecuted:Hv,crudExecuted:zv};async function Zv(t){let e={};await A("ai:config:created",e,t)}s(Zv,"AIConfigCreated");async function Xv(){let t={};await A("ai:config:updated",t)}s(Xv,"AIConfigUpdated");var LS={AIConfigCreated:Zv,AIConfigUpdated:Xv};var eP=s(async(t,e)=>{let r={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:created",r,e)},"created");async function tP(t){let e={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:updated",e)}s(tP,"updated");async function rP(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:deleted",e)}s(rP,"deleted");async function nP(t,e){let r={appId:t.appId,audited:{name:t.name}};await A("app:published",r,e)}s(nP,"published");async function iP(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:unpublished",e)}s(iP,"unpublished");async function sP(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:file:imported",e)}s(sP,"fileImported");async function oP(t,e){let r={duplicateAppId:e,appId:t.appId,audited:{name:t.name}};await A("app:duplicated",r)}s(oP,"duplicated");async function aP(t,e){let r={appId:t.appId,templateKey:e,audited:{name:t.name}};await A("app:template:imported",r)}s(aP,"templateImported");async function uP(t,e,r){let n={appId:t.appId,currentVersion:e,updatedToVersion:r,audited:{name:t.name}};await A("app:version:updated",n)}s(uP,"versionUpdated");async function cP(t,e,r){let n={appId:t.appId,currentVersion:e,revertedToVersion:r,audited:{name:t.name}};await A("app:version:reverted",n)}s(cP,"versionReverted");async function lP(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:reverted",e)}s(lP,"reverted");async function dP(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:exported",e)}s(dP,"exported");var kS={created:eP,updated:tP,deleted:rP,published:nP,unpublished:iP,fileImported:sP,duplicated:oP,templateImported:aP,versionUpdated:uP,versionReverted:cP,reverted:lP,exported:dP};async function fP(t){let e={filters:t};await A("audit_log:filtered",e)}s(fP,"filtered");async function pP(t){let e={filters:t};await A("audit_log:downloaded",e)}s(pP,"downloaded");var MS={filtered:fP,downloaded:pP};async function mP(t,e){let n={userId:(await Tt.getCurrentIdentity()).id,source:t,audited:{email:e}};await A("auth:login",n)}s(mP,"login");async function hP(t){let r={userId:(await Tt.getCurrentIdentity()).id,audited:{email:t}};await A("auth:logout",r)}s(hP,"logout");async function EP(t,e){let r={type:t};await A("auth:sso:created",r,e)}s(EP,"SSOCreated");async function gP(t){let e={type:t};await A("auth:sso:updated",e)}s(gP,"SSOUpdated");async function yP(t,e){let r={type:t};await A("auth:sso:activated",r,e)}s(yP,"SSOActivated");async function TP(t){let e={type:t};await A("auth:sso:deactivated",e)}s(TP,"SSODeactivated");var Bu={login:mP,logout:hP,SSOCreated:EP,SSOUpdated:gP,SSOActivated:yP,SSODeactivated:TP};async function SP(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:created",r,e)}s(SP,"created");async function AP(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:trigger:updated",e)}s(AP,"triggerUpdated");async function _P(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:deleted",e)}s(_P,"deleted");async function OP(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:tested",e)}s(OP,"tested");var IP=s(async(t,e)=>{let r={count:t};await A("automations:run",r,e)},"run");async function wP(t,e,r){let n={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:created",n,r)}s(wP,"stepCreated");async function DP(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:deleted",r)}s(DP,"stepDeleted");var FS={created:SP,triggerUpdated:AP,deleted:_P,tested:OP,run:IP,stepCreated:wP,stepDeleted:DP};var Ei=!E.SELF_HOSTED&&!E.isDev();async function RP(t){Ei||await A("app:backfill:succeeded",t)}s(RP,"appSucceeded");async function CP(t){if(Ei)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("app:backfill:failed",e)}s(CP,"appFailed");async function bP(t){Ei||await A("tenant:backfill:succeeded",t)}s(bP,"tenantSucceeded");async function xP(t){if(Ei)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("tenant:backfill:failed",e)}s(xP,"tenantFailed");async function vP(){if(Ei)return;let t={};await A("installation:backfill:succeeded",t)}s(vP,"installationSucceeded");async function PP(t){if(Ei)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("installation:backfill:failed",e)}s(PP,"installationFailed");var BS={appSucceeded:RP,appFailed:CP,tenantSucceeded:bP,tenantFailed:xP,installationSucceeded:vP,installationFailed:PP};async function NP(t){let e={appId:t.appId,restoreId:t._id,backupCreatedAt:t.timestamp,name:t.name};await A("app:backup:restored",e)}s(NP,"appBackupRestored");async function UP(t,e,r,n,i){let o={appId:t,backupId:e,type:r,trigger:n,name:i};await A("app:backup:triggered",o)}s(UP,"appBackupTriggered");var WS={appBackupRestored:NP,appBackupTriggered:UP};function Sp(t){return!Object.values(Mo).includes(t.source)}s(Sp,"isCustom");async function LP(t,e){let r={datasourceId:t._id,source:t.source,custom:Sp(t)};await A("datasource:created",r,e)}s(LP,"created");async function kP(t){let e={datasourceId:t._id,source:t.source,custom:Sp(t)};await A("datasource:updated",e)}s(kP,"updated");async function MP(t){let e={datasourceId:t._id,source:t.source,custom:Sp(t)};await A("datasource:deleted",e)}s(MP,"deleted");var $S={created:LP,updated:kP,deleted:MP};async function FP(t){let e={};await A("email:smtp:created",e,t)}s(FP,"SMTPCreated");async function BP(){let t={};await A("email:smtp:updated",t)}s(BP,"SMTPUpdated");var GS={SMTPCreated:FP,SMTPUpdated:BP};async function WP(t,e){let r={name:t,environments:e};await A("environment_variable:created",r)}s(WP,"created");async function $P(t){let e={name:t};await A("environment_variable:deleted",e)}s($P,"deleted");async function GP(t){let e={userId:t};await A("environment_variable:upgrade_panel_opened",e)}s(GP,"upgradePanelOpened");var VS={created:WP,deleted:$P,upgradePanelOpened:GP};async function VP(t,e){let r={groupId:t._id,viaScim:mt(),audited:{name:t.name}};await A("user_group:created",r,e)}s(VP,"created");async function qP(t){let e={groupId:t._id,viaScim:mt(),audited:{name:t.name}};await A("user_group:updated",e)}s(qP,"updated");async function KP(t){let e={groupId:t._id,viaScim:mt(),audited:{name:t.name}};await A("user_group:deleted",e)}s(KP,"deleted");async function QP(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:mt(),audited:{name:e.name}};await A("user_group:user_added",n)}s(QP,"usersAdded");async function jP(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:mt(),audited:{name:e.name}};await A("user_group:users_deleted",n)}s(jP,"usersDeleted");async function YP(t){let e={groupId:t,onboarding:!0};await A("user_group:onboarding_added",e)}s(YP,"createdOnboarding");async function HP(t){let e={permissions:t.roles,groupId:t._id,audited:{name:t.name}};await A("user_group:permissions_edited",e)}s(HP,"permissionsEdited");var qS={created:VP,updated:qP,deleted:KP,usersAdded:QP,usersDeleted:jP,createdOnboarding:YP,permissionsEdited:HP};async function zP(t){let e={currentVersion:t};await A("installation:version:checked",e)}s(zP,"versionChecked");async function JP(t,e){let r={from:t,to:e};await A("installation:version:upgraded",r)}s(JP,"upgraded");async function ZP(t,e){let r={from:t,to:e};await A("installation:version:downgraded",r)}s(ZP,"downgraded");async function XP(){let t={};await A("installation:firstStartup",t)}s(XP,"firstStartup");var ho={versionChecked:zP,upgraded:JP,downgraded:ZP,firstStartup:XP};async function eN(t,e){let r={layoutId:t._id};await A("layout:created",r,e)}s(eN,"created");async function tN(t){let e={layoutId:t};await A("layout:deleted",e)}s(tN,"deleted");var KS={created:eN,deleted:tN};async function rN(t,e){let r={accountId:t.accountId,...e};await A("license:plan:changed",r)}s(rN,"planChanged");async function nN(t){let e={accountId:t.accountId};await A("license:activated",e)}s(nN,"activated");async function iN(t){let e={accountId:t.accountId};await A("license:checkout:opened",e)}s(iN,"checkoutOpened");async function sN(t){let e={accountId:t.accountId};await A("license:checkout:success",e)}s(sN,"checkoutSuccess");async function oN(t){let e={accountId:t.accountId};await A("license:portal:opened",e)}s(oN,"portalOpened");async function aN(t){let e={accountId:t.accountId};await A("license:payment:failed",e)}s(aN,"paymentFailed");async function uN(t){let e={accountId:t.accountId};await A("license:payment:recovered",e)}s(uN,"paymentRecovered");var QS={planChanged:rN,activated:nN,checkoutOpened:iN,checkoutSuccess:sN,portalOpened:oN,paymentFailed:aN,paymentRecovered:uN};async function cN(t){let e={};await A("org:info:name:updated",e,t)}s(cN,"nameUpdated");async function lN(t){let e={};await A("org:info:logo:updated",e,t)}s(lN,"logoUpdated");async function dN(t){let e={};await A("org:platformurl:updated",e,t)}s(dN,"platformURLUpdated");async function fN(){let t={};await A("analytics:opt:out",t)}s(fN,"analyticsOptOut");async function pN(){let t={};await A("analytics:opt:out",t)}s(pN,"analyticsOptIn");var jS={nameUpdated:cN,logoUpdated:lN,platformURLUpdated:dN,analyticsOptOut:fN,analyticsOptIn:pN};async function mN(t){let e={type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:init",e)}s(mN,"init");async function hN(t){let e={pluginId:t._id,type:t.schema.type,source:t.source,name:t.name,description:t.description,version:t.version};await A("plugin:imported",e)}s(hN,"imported");async function EN(t){let e={pluginId:t._id,type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:deleted",e)}s(EN,"deleted");var YS={init:mN,imported:hN,deleted:EN};var gN=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:created",n,r)},"created"),yN=s(async(t,e)=>{let r={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:updated",r)},"updated"),TN=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb,appId:r};await A("query:deleted",n)},"deleted"),SN=s(async(t,e,r)=>{let n={datasourceId:t._id,source:t.source,count:r,importSource:e};await A("query:import",n)},"imported"),AN=s(async(t,e)=>{let r={count:t};await A("queries:run",r,e)},"run"),_N=s(async(t,e)=>{let r={queryId:e.queryId,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:previewed",r)},"previewed"),HS={created:gN,updated:yN,deleted:TN,imported:SN,run:AN,previewed:_N};async function ON({resource:t,fromWorkspace:e,toWorkspace:r},n){let i={resource:t,fromWorkspace:e,toWorkspace:r};await A("resource:copied_to_workspace",i,n)}s(ON,"duplicatedToWorkspace");var zS={duplicatedToWorkspace:ON};async function IN(t,e){let r={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:created",r,e)}s(IN,"created");async function wN(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:updated",e)}s(wN,"updated");async function DN(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:deleted",e)}s(DN,"deleted");async function RN(t,e,r){let n={userId:t._id,roleId:e};await A("role:assigned",n,r)}s(RN,"assigned");async function CN(t,e){let r={userId:t._id,roleId:e};await A("role:unassigned",r)}s(CN,"unassigned");var So={created:IN,updated:wN,deleted:DN,assigned:RN,unassigned:CN};async function bN(t,e){await A("row_action:created",t,e)}s(bN,"created");var JS={created:bN};var xN=s(async(t,e)=>{let r={count:t};await A("rows:created",r,e)},"created"),vN=s(async(t,e)=>{let r={tableId:t._id,count:e};await A("rows:imported",r)},"imported"),ZS={created:xN,imported:vN};async function PN(t,e){let r={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:created",r,e)}s(PN,"created");async function NN(t){let e={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:deleted",e)}s(NN,"deleted");var XS={created:PN,deleted:NN};async function UN(t){let e={timezone:t};await A("served:builder",e)}s(UN,"servedBuilder");async function LN(t,e,r){let n={appVersion:t.version,timezone:e,embed:r===!0};await A("served:app",n)}s(LN,"servedApp");async function kN(t,e){let r={appId:t.appId,appVersion:t.version,timezone:e};await A("served:app:preview",r)}s(kN,"servedAppPreview");var eA={servedBuilder:UN,servedApp:LN,servedAppPreview:kN};async function MN(t,e){let r={tableId:t._id,audited:{name:t.name}};await A("table:created",r,e)}s(MN,"created");async function FN(t,e){let r,n;for(let o in e.schema)if(!t.schema[o]){let a=e.schema[o];"default"in a&&a.default!=null&&(r=!0),a.type==="ai"&&(n=a.operation)}let i={tableId:e._id,defaultValues:r,aiColumn:n,audited:{name:e.name}};(r||n)&&await A("table:updated",i)}s(FN,"updated");async function BN(t,e){let r={tableId:t._id,audited:{name:t.name},appId:e};await A("table:deleted",r)}s(BN,"deleted");async function WN(t,e){let r={tableId:t._id,format:e,audited:{name:t.name}};await A("table:exported",r)}s(WN,"exported");async function $N(t){let e={tableId:t._id,audited:{name:t.name}};await A("table:imported",e)}s($N,"imported");var tA={created:MN,updated:FN,deleted:BN,exported:WN,imported:$N};async function GN(t,e){let r={userId:t._id,viaScim:mt(),audited:{email:t.email}};await A("user:created",r,e)}s(GN,"created");async function VN(t){let e={userId:t._id,viaScim:mt(),audited:{email:t.email}};await A("user:updated",e)}s(VN,"updated");async function qN(t){let e={userId:t._id,viaScim:mt(),audited:{email:t.email}};await A("user:deleted",e)}s(qN,"deleted");async function KN(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:admin:assigned",r,e)}s(KN,"permissionAdminAssigned");async function QN(t){let e={userId:t._id,audited:{email:t.email}};await A("user:admin:removed",e)}s(QN,"permissionAdminRemoved");async function jN(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:builder:assigned",r,e)}s(jN,"permissionBuilderAssigned");async function YN(t){let e={userId:t._id,audited:{email:t.email}};await A("user:builder:removed",e)}s(YN,"permissionBuilderRemoved");async function HN(t){let e={audited:{email:t}};await A("user:invited",e)}s(HN,"invited");async function zN(t){let e={userId:t._id,audited:{email:t.email}};await A("user:invite:accepted",e)}s(zN,"inviteAccepted");async function JN(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:force:reset",e)}s(JN,"passwordForceReset");async function ZN(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:updated",e)}s(ZN,"passwordUpdated");async function XN(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset:requested",e)}s(XN,"passwordResetRequested");async function eU(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset",e)}s(eU,"passwordReset");async function tU(t){let e={users:t};await A("user:data:collaboration",e)}s(tU,"dataCollaboration");var Me={created:GN,updated:VN,deleted:qN,permissionAdminAssigned:KN,permissionAdminRemoved:QN,permissionBuilderAssigned:jN,permissionBuilderRemoved:YN,invited:HN,inviteAccepted:zN,passwordForceReset:JN,passwordUpdated:ZN,passwordResetRequested:XN,passwordReset:eU,dataCollaboration:tU};async function rU(t,e){let r={name:t.name,type:t.type,tableId:t.tableId};await A("view:created",r,e)}s(rU,"created");async function nU(t){let e={tableId:t.tableId};await A("view:updated",e)}s(nU,"updated");async function iU(t,e){let r={...Ne.views.isV2(t)?{id:t.id,tableId:t.tableId,appId:e}:{}};await A("view:deleted",r)}s(iU,"deleted");async function sU(t,e){let r={tableId:t._id,format:e};await A("view:exported",r)}s(sU,"exported");async function oU({tableId:t,filterGroups:e},r){let n={tableId:t,filterGroups:e};await A("view:filter:created",n,r)}s(oU,"filterCreated");async function aU({tableId:t,filterGroups:e}){let r={tableId:t,filterGroups:e};await A("view:filter:updated",r)}s(aU,"filterUpdated");async function uU(t){let e={tableId:t.tableId};await A("view:filter:deleted",e)}s(uU,"filterDeleted");async function cU({tableId:t,calculationType:e},r){let n={tableId:t,calculation:e};await A("view:calculation:created",n,r)}s(cU,"calculationCreated");async function lU(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:updated",e)}s(lU,"calculationUpdated");async function dU(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:deleted",e)}s(dU,"calculationDeleted");async function fU(t,e){let r={tableId:t};await A("view:join:created",r,e)}s(fU,"viewJoinCreated");var rA={created:rU,updated:nU,deleted:iU,exported:sU,filterCreated:oU,filterUpdated:aU,filterDeleted:uU,calculationCreated:cU,calculationUpdated:lU,calculationDeleted:dU,viewJoinCreated:fU};async function pU(t,e){let r={workspaceAppId:t._id,audited:{name:t.name},appId:e};await A("workspace_app:deleted",r)}s(pU,"deleted");var nA={deleted:pU};function mU(){}s(mU,"initAsyncEvents");var hU=s(async()=>{await zt.shutdown(),console.log("Events shutdown")},"shutdown");var _p={};N(_p,{creatorsInList:()=>yn,getAccountHolderFromUsers:()=>qu,hasAdminPermissions:()=>wr,hasAppBuilderPermissions:()=>uA,hasBuilderPermissions:()=>ke,isAdmin:()=>Ct,isAdminOrBuilder:()=>aA,isAdminOrWorkspaceBuilder:()=>$u,isBuilder:()=>gi,isCreatorAsync:()=>_o,isCreatorSync:()=>Gu,isGlobalBuilder:()=>oA,validateUniqueUser:()=>Vu});async function Ap(t){let e=[],r=await iA(t);e.push(...r.map(a=>a.email));let n=await sA(t);e.push(...n.map(a=>a._id));let i=await pi(t);e.push(...i.map(a=>a.email));let o=await Xf(t);return e.push(...o.map(a=>a.email)),[...new Set(e.map(a=>a.toLowerCase()))]}s(Ap,"searchExistingEmails");async function Wu(t){return await Vs("platform_users_lowercase_2",{keys:[t.toLowerCase()],include_docs:!0})}s(Wu,"getPlatformUsers");async function Ao(t){return(await Wu(t))[0]??null}s(Ao,"getFirstPlatformUser");async function iA(t){let r={keys:t.map(i=>i.toLowerCase()),include_docs:!0},n={arrayResponse:!0};return await Gt("by_email2",r,void 0,n)}s(iA,"getExistingTenantUsers");async function sA(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await Vs("platform_users_lowercase_2",r)}s(sA,"getExistingPlatformUsers");async function pi(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await Vs("account_by_email",r)}s(pi,"getExistingAccounts");var gi=Ue.users.isBuilder,Ct=Ue.users.isAdmin,oA=Ue.users.isGlobalBuilder,aA=Ue.users.isAdminOrBuilder,wr=Ue.users.hasAdminPermissions,ke=Ue.users.hasBuilderPermissions,uA=Ue.users.hasAppBuilderPermissions,$u=Ue.users.isAdminOrWorkspaceBuilder;async function yn(t,e){let r=[...new Set(t.filter(i=>i.userGroups).flatMap(i=>i.userGroups))];return e=await H().getMultiple(r,{allowMissing:!0}),t.map(i=>Gu(i,e))}s(yn,"creatorsInList");async function _o(t){let e=[];return t.userGroups&&(e=await H().getMultiple(t.userGroups)),Gu(t,e)}s(_o,"isCreatorAsync");function Gu(t,e){let r=Ue.users.isCreator(t);return!r&&t?EU(t,e):r}s(Gu,"isCreatorSync");function EU(t,e){let r=e?.filter(n=>t.userGroups?.indexOf(n._id)!==-1);return r&&r.length>0?r.some(n=>Object.values(n.roles||{}).includes("CREATOR")):!1}s(EU,"isCreatorByGroupMembership");async function Vu(t,e){if(E.MULTI_TENANCY){let r=await Ao(t);if(r!=null&&r.tenantId!==e)throw new Yt(t)}if(!E.SELF_HOSTED&&!E.DISABLE_ACCOUNT_PORTAL){let r=await Ir(t);if(r&&r.verified&&r.tenantId!==e)throw new Yt(t)}}s(Vu,"validateUniqueUser");async function qu(t){if(!E.SELF_HOSTED&&!E.DISABLE_ACCOUNT_PORTAL){let e=await pi(t.map(r=>r.email));return t.find(r=>e.map(n=>n.email).includes(r.email))}}s(qu,"getAccountHolderFromUsers");var Op=s(async t=>{await Me.deleted(t),ke(t)&&await Me.permissionBuilderRemoved(t),wr(t)&&await Me.permissionAdminRemoved(t)},"handleDeleteEvents"),gU=s(async(t,e,r)=>{for(let[n,i]of Object.entries(e))(!r||r[n]!==i)&&await So.assigned(t,i)},"assignAppRoleEvents"),yU=s(async(t,e,r)=>{if(r)for(let[n,i]of Object.entries(r))(!e||e[n]!==i)&&await So.unassigned(t,i)},"unassignAppRoleEvents"),TU=s(async(t,e)=>{let r=t.roles,n=e?.roles;await gU(t,r,n),await yU(t,r,n)},"handleAppRoleEvents"),Ip=s(async(t,e)=>{let r=V(),n;!E.SELF_HOSTED&&!E.DISABLE_ACCOUNT_PORTAL&&(n=await ai(r)),await Tt.identifyUser(t,n),e?(await Me.updated(t),AU(t,e)&&await Me.permissionBuilderRemoved(t),OU(t,e)&&await Me.permissionAdminRemoved(t),!e.forceResetPassword&&t.forceResetPassword&&t.password&&await Me.passwordForceReset(t),t.password!==e.password&&await Me.passwordUpdated(t)):await Me.created(t),SU(t,e)&&await Me.permissionBuilderAssigned(t),_U(t,e)&&await Me.permissionAdminAssigned(t),await TU(t,e)},"handleSaveEvents"),SU=s((t,e)=>cA(t,e,ke),"isAddingBuilder"),AU=s((t,e)=>lA(t,e,ke),"isRemovingBuilder"),_U=s((t,e)=>cA(t,e,wr),"isAddingAdmin"),OU=s((t,e)=>lA(t,e,wr),"isRemovingAdmin"),cA=s((t,e,r)=>!(!r(t)||e&&r(e)),"isAddingPermission"),lA=s((t,e,r)=>!(r(t)||!e||!r(e)),"isRemovingPermission");var wU=s(async t=>{let e=t._id;await gt.removeUser(t),await Op(t),await Dr.invalidateUser(e),await En(e,{reason:"bulk-deletion"})},"bulkDeleteProcessing"),bt=class t{static{s(this,"UserDB")}static init(e,r,n){t.quotas=e,t.groups=r,t.features=n}static async isPreventPasswordActions(e,r){return E.ENABLE_SSO_MAINTENANCE_MODE&&Ct(e)?!1:await t.features.isSSOEnforced()||Vo(e)?!0:(r||(r=await ai(V())),!!(r&&r.email===e.email&&Go(r)))}static async buildUser(e,r={hashPassword:!0,requirePassword:!0},n,i,o){let{password:a,_id:u}=e;i&&!i.password&&(r.requirePassword=!1);let c;if(a&&a!==i?.password){if(await t.isPreventPasswordActions(e,o))throw new we("Password change is disabled for this user",400);if(!r.skipPasswordValidation){let f=ap(a);if(!f.valid)throw new we(f.error,400)}c=r.hashPassword?await Nd(a):a}else i&&(c=i.password);let l=r.requirePassword&&!await t.features.isSSOEnforced();if(!c&&l)throw"Password must be specified.";u=u||Xn();let d={createdAt:Date.now(),...i,...e,_id:u,password:c,tenantId:n};return d.roles||(d.roles={}),d.status==null&&(d.status="active"),d}static async allUsers(){return(await H().allDocs(sn(null,{include_docs:!0}))).rows.map(n=>n.doc)}static async countUsersByApp(e){return{userCount:(await Qu(e,{})).length}}static async getUsersByAppAccess(e){return await wp(e.appId,{limit:e.limit||50})}static async getUserByEmail(e){return St(e)}static async getUser(e){let r=await Tn(e);return r&&delete r.password,r}static async bulkGet(e){return await Ku(e)}static async bulkUpdate(e){return await Oo(e)}static async save(e,r={}){r.hashPassword==null&&(r.hashPassword=!0),r.requirePassword==null&&(r.requirePassword=!0);let n=V(),i=H(),{email:o,_id:a,userGroups:u=[],roles:c}=e;if(!o&&!a)throw new Error("_id or email is required");let l;if(a)try{if(l=await Tn(a),o&&l.email!==o&&!r.allowChangingEmail)throw new Error("Email address cannot be changed")}catch(p){if(p.status!==404)throw p}if(!l&&o&&(l=await St(o),l&&l._id!==a))throw new Yt(o);let d=1,f=0;if((r.isAccountHolder||l)&&(d=0,f=1),l){let[p,m]=await yn([l,e]);f=p!==m?1:0}return t.quotas.addUsers(d,f,async()=>{r.isAccountHolder||await Vu(o,n);let p=await t.buildUser(e,r,n,l);r.currentUserId&&r.currentUserId===l?._id&&(p=Dp(p,l)),!l&&c?.length&&(p.roles={...c});let m=[];if(!a&&u.length>0)for(let h of u)m.push(t.groups.addUsers(h,[p._id]));try{let h=await i.put(p);return p._rev=h.rev,await Ip(p,l),l&&p.email!==l.email&&await gt.removeUser({email:l.email}),await gt.addUser(n,p._id,p.email,p.ssoId),await Dr.invalidateUser(h.id),await Promise.all(m),i.get(p._id)}catch(h){throw h.status===409?"User exists already":h}})}static async bulkCreate(e,r){let n=V(),i=[],o=[],a=[],u=e.map(p=>p.email),c=await Ap(u),l=[];for(let p of e){let m=o.find(g=>g.email.toLowerCase()===p.email.toLowerCase()),h=c.includes(p.email.toLowerCase());if(m||h){l.push({email:p.email,reason:"Unavailable"});continue}p.userGroups=r||[],o.push(p),await _o(p)&&a.push(p)}let d=await ai(n),f=await t.features.isSSOEnforced();return t.quotas.addUsers(o.length,a.length,async()=>{for(let h of o)f&&delete h.password,i.push(t.buildUser(h,{hashPassword:!0,requirePassword:!f},n,void 0,d));let p=await Promise.all(i);await Oo(p);for(let h of p)await gt.addUser(n,h._id,h.email),await Ip(h,void 0);let m=p.map(h=>({_id:h._id,email:h.email}));if(Array.isArray(m)&&r){let h=[],g=m.map(y=>y._id);for(let y of r)h.push(t.groups.addUsers(y,g));await Promise.all(h)}return{successful:m,unsuccessful:l}})}static async bulkDelete(e){let r=H(),n={successful:[],unsuccessful:[]},i=await qu(e);i&&(e=e.filter(m=>m.userId!==i.userId),n.unsuccessful.push({_id:i.userId,email:i.email,reason:"Account holder cannot be deleted"}));let a=(await r.allDocs({include_docs:!0,keys:e.map(m=>m.userId)})).rows.map(m=>m.doc),u=a.map(m=>({...m,_deleted:!0})),c=await Oo(u),d=(await yn(a)).filter(m=>m).length,f=[];for(let m of a){let g=(await Ao(m._id)).ssoId;g&&(await Wu(g)).filter(S=>S.ssoId==null).forEach(S=>{f.push({...S,_deleted:!0})}),await wU(m)}await Or().bulkDocs(f),await t.quotas.removeUsers(u.length,d);let p={};return a.reduce((m,h)=>(m[h._id]=h,m),p),c.forEach(m=>{let h=p[m.id].email;m.ok?n.successful.push({_id:m.id,email:h}):n.unsuccessful.push({_id:m.id,email:h,reason:"Database error"})}),n}static async destroy(e){let r=H(),n=await r.get(e),i=n._id;if(!E.SELF_HOSTED&&!E.DISABLE_ACCOUNT_PORTAL){let a=n.email;if(await Ir(a))throw n.userId===Bt()._id?new we('Please visit "Account" to delete this user',400):new we("Account holder cannot be deleted",400)}await gt.removeUser(n),await r.remove(i,n._rev);let o=await _o(n)?1:0;await t.quotas.removeUsers(1,o),await Op(n),await Dr.invalidateUser(i),await En(i,{reason:"deletion"})}static async createAdminUser(e,r,n){let i=n?.password,o={email:e,password:i,createdAt:Date.now(),roles:{},builder:{global:!0},admin:{global:!0},tenantId:r,firstName:n?.firstName,lastName:n?.lastName};return n?.ssoId&&(o.ssoId=n.ssoId),await oi(ye.CHECKLIST),await t.save(o,{hashPassword:n?.hashPassword,requirePassword:n?.requirePassword,skipPasswordValidation:n?.skipPasswordValidation,isAccountHolder:!0})}static async getGroups(e){return await this.groups.getBulk(e)}static async getGroupBuilderAppIds(e){return await this.groups.getGroupBuilderAppIds(e)}};function wo(t){return Array.isArray(t)?t.map(e=>{if(e)return delete e.password,e}):t&&(delete t.password,t)}s(wo,"removeUserPassword");async function Ku(t,e){let n=(await H().allDocs({keys:t,include_docs:!0})).rows.map(i=>i.doc);return e?.cleanup&&(n=wo(n)),n}s(Ku,"bulkGetGlobalUsersById");async function RU(){let t=H(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${ve}`})).rows.map(n=>n.id)}s(RU,"getAllUserIds");async function CU(){let t=H(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${ve}`,include_docs:!0})).rows.map(n=>n.doc)}s(CU,"getAllUsers");async function Oo(t){return await H().bulkDocs(t)}s(Oo,"bulkUpdateGlobalUsers");async function Tn(t,e){let n=await H().get(t);return e?.cleanup&&(n=wo(n)),n}s(Tn,"getById");async function St(t,e){if(t==null)throw"Must supply an email address to view";let r=await Gt("by_email2",{key:t.toLowerCase(),include_docs:!0});if(Array.isArray(r))throw new Error(`Multiple users found with email address: ${t}`);let n=r;return e?.cleanup&&(n=wo(n)),n}s(St,"getGlobalUserByEmail");async function bU(t){try{let e=await St(t);if(Array.isArray(e)||e!=null)return!0}catch{return!1}return!1}s(bU,"doesUserExist");async function Qu(t,e,r){if(typeof t!="string")throw new Error("Must provide a string based workspace ID");let n=ru(t,{include_docs:!0});n.startkey=e&&e.startkey?e.startkey:n.startkey;let i=await Gt("by_app",n);i||(i=[]);let o=Array.isArray(i)?i:[i];return r?.cleanup&&(o=wo(o)),o}s(Qu,"searchGlobalUsersByApp");async function wp(t,e){let r=`roles.${t}`,n=[{"builder.global":!0},{"admin.global":!0}];if(t){let a={[r]:{$exists:!0}};n.push(a)}return(await H().find({selector:{$or:n,_id:{$regex:"^us_"}},limit:e?.limit||50})).docs}s(wp,"searchGlobalUsersByAppAccess");function dA(t,e){if(e)return tu(Qe(t),e._id)}s(dA,"getGlobalUserByAppPage");async function fA(t,e,r){if(typeof t!="string")throw new Error("Must provide a string to search by");let n=t.toLowerCase(),i=e&&e.startkey?e.startkey:n,o=await Gt("by_email2",{...e,startkey:i,endkey:`${n}${ve}`});o||(o=[]);let a=Array.isArray(o)?o:[o];return r?.cleanup&&(a=wo(a)),a}s(fA,"searchGlobalUsersByEmail");var xU=8;async function pA({bookmark:t,query:e,appId:r,limit:n}={}){let i=H(),o=n??xU,u={include_docs:!0,limit:o+1};t&&(u.startkey=t);let c,l="_id",d;return e?.equal?._id?c=[await Tn(e.equal._id)]:r?(c=await Qu(r,u),d=s(f=>dA(r,f),"getKey")):e?.string?.email?(c=await fA(e?.string?.email,u),l="email"):e?.oneOf?._id?c=await Ku(e?.oneOf?._id,{cleanup:!0}):e?(c=(await i.allDocs(sn(null,{...u,limit:void 0}))).rows.map(p=>p.doc),c=lr.search(c,{query:e,limit:u.limit}).rows):c=(await i.allDocs(sn(null,u))).rows.map(p=>p.doc),gf(c,o,{paginate:!0,property:l,getKey:d})}s(pA,"paginatedUsers");async function vU(){return(await Sf("by_email2",{limit:0,include_docs:!1})).total_rows}s(vU,"getUserCount");async function PU(){let t=0;async function e(r){let n=await pA({bookmark:r}),i=await yn(n.data);t+=i.filter(o=>o).length,n.hasNextPage&&await e(n.nextPage)}return s(e,"iterate"),await e(),t}s(PU,"getCreatorCount");function NU(t){return delete t.admin,delete t.builder,t}s(NU,"removePortalUserPermissions");function Dp(t,e){return delete t.admin,delete t.builder,delete t.roles,e&&(t.admin=e.admin,t.builder=e.builder,t.roles=e.roles),t}s(Dp,"cleanseUserObject");async function UU(t,e){let r=Qe(e);t.builder??={},t.builder.creator=!0,t.builder.apps??=[],t.builder.apps.push(r),await bt.save(t,{hashPassword:!1})}s(UU,"addAppBuilder");async function LU(t,e){let r=Qe(e);t.builder&&t.builder.apps?.includes(r)&&(t.builder.apps=t.builder.apps.filter(n=>n!==r)),await bt.save(t,{hashPassword:!1})}s(LU,"removeAppBuilder");var mA=3600;async function kU(t,e){let n=await Of(e).get(t);if(n.budibaseAccess=!0,!E.SELF_HOSTED&&!E.DISABLE_ACCOUNT_PORTAL){let i=await Ir(n.email);i&&(n.account=i,n.accountPortalAccess=!0)}return n}s(kU,"populateFromDB");async function MU(t){let e=await bt.bulkGet(t),r=t.filter((i,o)=>!e[o]),n=e.filter(i=>i);return await Promise.all(n.map(async i=>{if(i.budibaseAccess=!0,!E.SELF_HOSTED&&!E.DISABLE_ACCOUNT_PORTAL){let o=await Ir(i.email);o&&(i.account=o,i.accountPortalAccess=!0)}})),r.length?{users:n,notFoundIds:r}:{users:n}}s(MU,"populateUsersFromDB");async function Do({userId:t,tenantId:e,email:r,populateUser:n}){if(n||(n=kU),!e)try{e=V()}catch{e=await gt.lookupTenantId(t)}let i=await Ms(),o=await i.get(t);return o||(o=await n(t,e,r),await i.store(t,o,mA)),o&&!o.tenantId&&e&&(o.tenantId=e),o.userGroups&&!Ue.users.isGlobalBuilder(o)&&await Re(e,async()=>{let a=await bt.getGroupBuilderAppIds(o);if(a.length){let u=o.builder?.apps||[];o.builder={apps:[...new Set(u.concat(a))]}}}),o}s(Do,"getUser");async function FU(t){let e=await Ms(),r=await e.bulkGet(t),n=t.filter(a=>!r[a]),i=Object.values(r).filter(a=>!!a),o;if(n.length){let a=await MU(n);o=a.notFoundIds;for(let u of a.users)await e.store(u._id,u,mA);i.push(...a.users)}return{users:i,notFoundIds:o}}s(FU,"getUsers");async function Ro(t){await(await Ms()).delete(t)}s(Ro,"invalidateUser");var vp={};N(vp,{Writethrough:()=>bp});var Ti={};N(Ti,{AUTO_EXTEND_POLLING_MS:()=>EA,doWithLock:()=>Rp,newRedlock:()=>Sn});var hA=B(require("redlock"));async function WU(t,e){if(t==="custom")return Sn(e);switch(t){case"try_once":return Sn(yi.TRY_ONCE);case"try_twice":return Sn(yi.TRY_TWICE);case"default":return Sn(yi.DEFAULT);case"delay_500":return Sn(yi.DELAY_500);case"auto_extend":return Sn(yi.AUTO_EXTEND);default:throw At.unreachable(t)}}s(WU,"getClient");var yi={TRY_ONCE:{retryCount:0},TRY_TWICE:{retryCount:1},DEFAULT:{driftFactor:.01,retryCount:10,retryDelay:200,retryJitter:100},DELAY_500:{retryDelay:500},CUSTOM:{},AUTO_EXTEND:{retryCount:-1}};async function Sn(t={}){let e={...yi.DEFAULT,...t},n=(await df()).client;return new hA.default([n],e)}s(Sn,"newRedlock");function $U(t){let r=`lock:${t.systemLock?"system":V()}_${t.name}`;return t.resource&&(r=r+`_${t.resource}`),r}s($U,"getLockName");var EA=he.fromSeconds(10).toMs();async function Rp(t,e){let r=await WU(t.type,t.customOptions),n,i;try{let o=$U(t),a=t.type==="auto_extend"?EA:t.ttl;if(n=await r.lock(o,a),t.type==="auto_extend"){let c=s(()=>{i=setTimeout(async()=>{n=await n.extend(a,()=>t.onExtend&&t.onExtend()),c()},a/2)},"extendInIntervals");c()}return{executed:!0,result:await e()}}catch(o){if(o.name==="LockError"){if(t.type==="try_once")return{executed:!1};throw o}else throw o}finally{clearTimeout(i),await n?.unlock()}}s(Rp,"doWithLock");var gA=1e4,Cp=null;async function ju(){if(!Cp){let t=await lf();Cp=new dn(t)}return Cp}s(ju,"getCache");function Co(t,e){return t.name+e}s(Co,"makeCacheKey");function xp(t,e=null){return{doc:t,lastWrite:e||Date.now()}}s(xp,"makeCacheItem");async function GU(t,e,r=gA){let n=await ju(),i=e._id,o;i&&(o=await n.get(Co(t,i)));let a=!o||o.lastWrite<Date.now()-r,u=e;return a&&((await Rp({type:"try_once",name:"persist_writethrough",resource:i,ttl:15e3},async()=>{let l=s(async d=>{let f=await t.put(d,{force:!0});u._id=f.id,u._rev=f.rev},"writeDb");try{await l(e)}catch(d){if(d.status!==409)throw d;si("Ignoring conflict in write-through cache")}})).executed||si("Ignoring redlock conflict in write-through cache")),o=xp(u,a?null:o?.lastWrite),u._id&&await n.store(Co(t,u._id),o),{ok:!0,id:u._id,rev:u._rev}}s(GU,"put");async function VU(t,e){let r=await ju(),n=Co(t,e),i=await r.get(n);if(!i){let o=await t.get(e);i=xp(o),await r.store(n,i)}return i.doc}s(VU,"get");async function qU(t,e){let r=await ju(),n=Co(t,e),i=await r.get(n);if(!i){let o=await t.tryGet(e);if(!o)return null;i=xp(o),await r.store(n,i)}return i.doc}s(qU,"tryGet");async function KU(t,e,r){let n=await ju();if(!e)throw new Error("No ID/Rev provided.");let i=typeof e=="string"?e:e._id;r=typeof e=="string"?r:e._rev;try{await n.delete(Co(t,i))}finally{await t.remove(i,r)}}s(KU,"remove");var bp=class{static{s(this,"Writethrough")}constructor(e,r=gA){this.db=e,this.writeRateMs=r}async put(e,r=this.writeRateMs){return GU(this.db,e,r)}async get(e){return VU(this.db,e)}async tryGet(e){return qU(this.db,e)}async remove(e,r){return KU(this.db,e,r)}};function Yu(t){return`config${C}${t}`}s(Yu,"generateConfigID");async function nt(t){let e=H();try{return await e.get(Yu(t))}catch(r){if(r.status===404)return;throw r}}s(nt,"getConfig");async function QU(t){return t._id||(t._id=Yu(t.type)),H().put(t)}s(QU,"save");async function hi(){let t=await nt("settings");return t||(t={_id:Yu("settings"),type:"settings",config:{}}),t.config.platformUrl=await bo({tenantAware:!0,config:t.config}),t.config.analyticsEnabled=await Uu({config:t.config}),t}s(hi,"getSettingsConfigDoc");async function Up(){return(await hi()).config}s(Up,"getSettingsConfig");async function bo(t={tenantAware:!0}){let e=E.PLATFORM_URL||"http://localhost:10000";if(!E.SELF_HOSTED&&E.MULTI_TENANCY&&t.tenantAware){let r=V();e.includes("localhost:")||(e=e.replace("://",`://${r}.`))}else if(E.SELF_HOSTED){let r=t?.config?t.config:(await nt("settings"))?.config;r?.platformUrl&&(e=r.platformUrl)}return e}s(bo,"getPlatformUrl");var Uu=s(async t=>{if(!E.SELF_HOSTED)return!!E.ENABLE_ANALYTICS;let e=await _r(ye.ANALYTICS_ENABLED,86400,async()=>{let n=t?.config?t.config:(await nt("settings"))?.config;if(n?.analyticsEnabled===!1)return!1;if(n?.analyticsEnabled===!0)return!0});if(e!==void 0)return e;let r=E.ENABLE_ANALYTICS;return!(r===0||r===!1)},"analyticsEnabled");async function jU(){return await nt("google")}s(jU,"getGoogleConfigDoc");async function Hu(){return(await jU())?.config}s(Hu,"getGoogleConfig");async function Lp(){if(!E.SELF_HOSTED)return Pp();let t=await Hu();return(!t||!t.activated)&&(t=Pp()),t}s(Lp,"getGoogleDatasourceConfig");function Pp(){if(E.GOOGLE_CLIENT_ID&&E.GOOGLE_CLIENT_SECRET)return{clientID:E.GOOGLE_CLIENT_ID,clientSecret:E.GOOGLE_CLIENT_SECRET,activated:!0}}s(Pp,"getDefaultGoogleConfig");async function YU(){return nt("logos_oidc")}s(YU,"getOIDCLogosDoc");async function HU(){return nt("oidc")}s(HU,"getOIDCConfigDoc");async function zU(){let t=(await HU())?.config;return t?.configs&&t.configs[0]}s(zU,"getOIDCConfig");async function kp(t){let e=(await nt("oidc"))?.config;return e&&e.configs.filter(r=>r.uuid===t)[0]}s(kp,"getOIDCConfigById");async function yA(){return nt("smtp")}s(yA,"getSMTPConfigDoc");async function JU(t){let e=await yA();if(e)return e.config;let r=E.SELF_HOSTED||!t;if(E.SMTP_FALLBACK_ENABLED&&r)return{port:E.SMTP_PORT,host:E.SMTP_HOST,secure:!1,from:E.SMTP_FROM_ADDRESS,auth:{user:E.SMTP_USER,pass:E.SMTP_PASSWORD},fallback:!0}}s(JU,"getSMTPConfig");async function ZU(){return(await nt("scim"))?.config}s(ZU,"getSCIMConfig");async function XU(){return nt("ai")}s(XU,"getAIConfig");async function eL(){return nt("recaptcha")}s(eL,"getRecaptchaConfig");var Qp={};N(Qp,{AccessController:()=>Bp,BUILTIN_ROLE_IDS:()=>Wp,Role:()=>Rr,RoleHierarchyTraversal:()=>zu,RoleIDVersion:()=>$p,builtinRoleToNumber:()=>xo,checkForRoleResourceArray:()=>_A,externalRole:()=>oL,findRole:()=>vo,getAllRoleIds:()=>lL,getAllRoles:()=>Kp,getBuiltinRole:()=>SA,getBuiltinRoles:()=>Vp,getDBRoleID:()=>OA,getExternalRoleID:()=>Cr,getExternalRoleIDs:()=>IA,getRole:()=>aL,getUserRoleHierarchy:()=>qp,getUserRoleIdHierarchy:()=>AA,isBuiltin:()=>An,lowerBuiltinRoleID:()=>sL,prefixRoleIDNoBuiltin:()=>Fp,roleIDsAreEqual:()=>it,roleToNumber:()=>iL,saveRoles:()=>uL,validInherits:()=>nL});var TA=require("lodash"),Ju=B(require("lodash/fp/cloneDeep")),Mp=B(require("semver"));var Wp={ADMIN:"ADMIN",POWER:"POWER",BASIC:"BASIC",PUBLIC:"PUBLIC"},ie={...Wp,BUILDER:"BUILDER"},$p={UUID:void 0,NAME:"name"};function rL(t,e){return Array.isArray(e)?e.filter(r=>t.includes(r)).length===e.length:t.includes(e)}s(rL,"rolesInList");var Rr=class{constructor(e,r,n,i){this.permissions={};this._id=e,this.name=r,this.uiMetadata=i,this.permissionId=n,this.version=$p.NAME}static{s(this,"Role")}addInheritance(e){return e&&typeof e=="string"?e=Fp(e):e&&Array.isArray(e)&&(e=e.map(Fp)),this.inherits=e,this}},zu=class{static{s(this,"RoleHierarchyTraversal")}constructor(e,r){this.allRoles=e,this.opts=r}walk(e){let r=this.opts,n=this.allRoles,i=[];if(!e||!e._id)return i;if(i.push(e),Array.isArray(e.inherits))for(let o of e.inherits){let a=vo(o,n,r);a&&(i=i.concat(this.walk(a)))}else{let o=[],a=e;for(;a&&a.inherits&&!rL(o,a.inherits);){if(Array.isArray(a.inherits))return i.concat(this.walk(a));if(o.push(a.inherits),a=vo(a.inherits,n,r),a&&i.push(a),Ne.roles.checkForRoleInheritanceLoops(i))break}}return(0,TA.uniqBy)(i,o=>o._id)}},Gp={ADMIN:new Rr(ie.ADMIN,ie.ADMIN,"admin",{displayName:"App admin",description:"Can do everything",color:"var(--spectrum-global-color-static-red-400)"}).addInheritance(ie.POWER),POWER:new Rr(ie.POWER,ie.POWER,"power",{displayName:"App power user",description:"An app user with more access",color:"var(--spectrum-global-color-static-orange-400)"}).addInheritance(ie.BASIC),BASIC:new Rr(ie.BASIC,ie.BASIC,"write",{displayName:"App user",description:"Any logged in user",color:"var(--spectrum-global-color-static-green-400)"}).addInheritance(ie.PUBLIC),PUBLIC:new Rr(ie.PUBLIC,ie.PUBLIC,"public",{displayName:"Public user",description:"Accessible to anyone",color:"var(--spectrum-global-color-static-blue-400)"}),BUILDER:new Rr(ie.BUILDER,ie.BUILDER,"admin",{displayName:"Builder user",description:"Users that can edit this app",color:"var(--spectrum-global-color-static-magenta-600)"})};function Vp(){return(0,Ju.default)(Gp)}s(Vp,"getBuiltinRoles");function An(t){return Object.values(Wp).includes(t)}s(An,"isBuiltin");function Fp(t){return An(t)?t:Wt(t)}s(Fp,"prefixRoleIDNoBuiltin");function SA(t){let e=Object.values(Gp).find(r=>t.includes(r._id));if(e)return(0,Ju.default)(e)}s(SA,"getBuiltinRole");function nL(t,e){if(!e)return!1;let r=s(n=>t.find(i=>it(i._id,n)),"find");if(Array.isArray(e)){let n=e.filter(i=>r(i));return e.length!==0&&n.length===e.length}else return!!r(e)}s(nL,"validInherits");function xo(t){let e=Vp(),r=Object.values(e).length+1;if(it(t,ie.ADMIN)||it(t,ie.BUILDER))return r;let n=e[t],i=0;do{if(!n)break;if(Array.isArray(n.inherits))throw new Error("Built-in roles don't support multi-inheritance");n=e[n.inherits],i++}while(n!==null);return i}s(xo,"builtinRoleToNumber");async function iL(t){if(An(t))return xo(t);let e=await qp(t,{defaultPublic:!0}),r=s(n=>{if(!n.inherits)return 0;if(Array.isArray(n.inherits)){let i=n.inherits.map(o=>{let a=e.find(u=>it(u._id,o));if(a)return r(a)+1}).filter(o=>o).sort().pop();if(i!=null)return i}else if(An(n.inherits))return xo(n.inherits)+1;return 0},"findNumber");return Math.max(...e.map(r))}s(iL,"roleToNumber");function sL(t,e){return t?e&&xo(t)>xo(e)?e:t:e}s(sL,"lowerBuiltinRoleID");function it(t,e){return Wt(t)===Wt(e)}s(it,"roleIDsAreEqual");function oL(t){let e;return t._id&&(e=Cr(t._id)),{...t,_id:e,inherits:IA(t.inherits,t.version)}}s(oL,"externalRole");function vo(t,e,r){let n=SA(t);n||(t=Wt(t));let i=e.find(o=>o._id&&it(o._id,t));return!i&&!An(t)&&r?.defaultPublic?(0,Ju.default)(Gp.PUBLIC):(n=Object.assign(n||{},i),n?._id&&(n._id=Cr(n._id,n.version)),Object.keys(n).length===0?void 0:n)}s(vo,"findRole");async function aL(t,e){let r=Zn(),n=[];if(!An(t)){let i=await r.tryGet(OA(t));i&&n.push(i)}return vo(t,n,e)}s(aL,"getRole");async function uL(t){await Zn().bulkDocs(t.filter(r=>r._id).map(r=>({...r,_id:Wt(r._id)})))}s(uL,"saveRoles");async function cL(t,e){let r=await Kp();if(it(t,ie.ADMIN))return r;let n=vo(t,r,e),i=[];return n&&(i=new zu(r,e).walk(n)),i}s(cL,"getAllUserRoles");async function AA(t){return(await qp(t)).map(r=>r._id)}s(AA,"getUserRoleIdHierarchy");async function qp(t,e){return cL(t,e)}s(qp,"getUserRoleHierarchy");function _A(t,e){if(t&&!Array.isArray(t[e])){let r=t[e];t[e]=[r],r==="write"&&t[e].push("read")}return t}s(_A,"checkForRoleResourceArray");async function lL(t){return(await Kp(t)).map(r=>r._id)}s(lL,"getAllRoleIds");async function Kp(t){if(t)return Ke(t,e);{let r;try{r=Zn()}catch{}return e(r)}async function e(r){let n=[];r&&(n=(await r.allDocs(nu(null,{include_docs:!0}))).rows.map(u=>u.doc),n.forEach(u=>u._id=Cr(u._id,u.version)));let i=Vp(),o=[];!r||await dL(r)?o=[ie.ADMIN,ie.POWER,ie.BASIC,ie.PUBLIC]:o=[ie.ADMIN,ie.BASIC,ie.PUBLIC];for(let a of o){let u=i[a],c=n.filter(l=>it(l._id,a))[0];c==null?n.push(u||i.BASIC):(n=n.filter(l=>l._id!==c._id),c._id=Cr(u._id,c.version),n.push({...u,...c,name:u.name,_id:Cr(u._id,u.version)}))}for(let a of n)if(a.permissions)for(let u of Object.keys(a.permissions))a.permissions=_A(a.permissions,u);return n}s(e,"internal")}s(Kp,"getAllRoles");async function dL(t){let r=(await t.tryGet("app_metadata"))?.creationVersion;return!r||!Mp.default.valid(r)?!0:!Mp.default.gte(r,E.MIN_VERSION_WITHOUT_POWER_ROLE)}s(dL,"shouldIncludePowerRole");var Bp=class{static{s(this,"AccessController")}constructor(){this.userHierarchies={}}async hasAccess(e,r){if(e==null||e===""||it(e,ie.BUILDER)||it(r,e)||it(r,ie.BUILDER))return!0;let n=r?this.userHierarchies[r]:null;return!n&&r&&(n=await AA(r),this.userHierarchies[r]=n),n?.find(i=>it(i,e))!==void 0}async checkScreensAccess(e,r){let n=[];for(let i of e){let o=await this.checkScreenAccess(i,r);o&&n.push(o)}return n}async checkScreenAccess(e,r){let n=e&&e.routing?e.routing.roleId:void 0;return await this.hasAccess(n,r)?e:null}};function OA(t){return t?.startsWith("role")?t:Wt(t)}s(OA,"getDBRoleID");function Cr(t,e){if(t.startsWith(`role${C}`)&&(An(t)||e===$p.NAME)){let r=t.split(C);return r.shift(),r.join(C)}return t}s(Cr,"getExternalRoleID");function IA(t,e){return t&&(typeof t=="string"?Cr(t,e):t.map(r=>Cr(r,e)))}s(IA,"getExternalRoleIDs");var jp={};N(jp,{BUILDER:()=>EL,BUILTIN_PERMISSIONS:()=>Zu,CREATOR:()=>gL,GLOBAL_BUILDER:()=>yL,PermissionImpl:()=>se,PermissionLevel:()=>wi,PermissionType:()=>Wo,doesHaveBasePermission:()=>mL,getAllowedLevels:()=>CA,getBuiltinPermissionByID:()=>pL,getBuiltinPermissions:()=>fL,isPermissionLevelHigherThanRead:()=>hL,levelToNumber:()=>RA});var wA=B(require("lodash/flatten")),DA=B(require("lodash/fp/cloneDeep"));var se=class{static{s(this,"PermissionImpl")}constructor(e,r){this.type=e,this.level=r}};function RA(t){switch(t){case"execute":return 0;case"read":return 1;case"write":return 2;case"admin":return 3;default:return-1}}s(RA,"levelToNumber");function CA(t){switch(t){case"execute":return["execute"];case"read":return["execute","read"];case"write":case"admin":return["execute","read","write"];default:return[]}}s(CA,"getAllowedLevels");var Zu={PUBLIC:{_id:"public",name:"Public",permissions:[new se("webhook","execute")]},READ_ONLY:{_id:"read_only",name:"Read only",permissions:[new se("query","read"),new se("table","read"),new se("app","read")]},WRITE:{_id:"write",name:"Read/Write",permissions:[new se("query","write"),new se("table","write"),new se("automation","execute"),new se("legacy_view","read"),new se("app","read")]},POWER:{_id:"power",name:"Power",permissions:[new se("table","write"),new se("user","read"),new se("automation","execute"),new se("webhook","read"),new se("legacy_view","read"),new se("app","read")]},ADMIN:{_id:"admin",name:"Admin",permissions:[new se("table","admin"),new se("user","admin"),new se("automation","admin"),new se("webhook","read"),new se("query","admin"),new se("legacy_view","read"),new se("app","read")]}};function fL(){return(0,DA.default)(Zu)}s(fL,"getBuiltinPermissions");function pL(t){return Object.values(Zu).find(r=>r._id===t)}s(pL,"getBuiltinPermissionByID");function mL(t,e,r){let n=[...new Set(r.map(a=>a.permissionId))],i=Object.values(Zu),o=(0,wA.default)(i.filter(a=>n.indexOf(a._id)!==-1).map(a=>a.permissions));for(let a of o)if(a.type===t&&CA(a.level).indexOf(e)!==-1)return!0;return!1}s(mL,"doesHaveBasePermission");function hL(t){return RA(t)>1}s(hL,"isPermissionLevelHigherThanRead");var EL="builder",gL="creator",yL="globalBuilder";var zp={};N(zp,{FlagSet:()=>ec,all:()=>OL,flags:()=>Yp,getEnvFlags:()=>PA,init:()=>TL,isEnabled:()=>_L,parseEnvFlags:()=>rc,shutdown:()=>SL,testutils:()=>Hp});var tc=B(require("crypto")),bA=B(require("dd-trace")),xA=require("lodash"),vA=require("posthog-node");var Xu;function TL(t){E.POSTHOG_TOKEN&&E.POSTHOG_API_HOST&&!E.SELF_HOSTED&&E.POSTHOG_FEATURE_FLAGS_ENABLED?(console.log("initializing posthog client..."),Xu=new vA.PostHog(E.POSTHOG_TOKEN,{host:E.POSTHOG_API_HOST,personalApiKey:E.POSTHOG_PERSONAL_TOKEN,featureFlagsPollingInterval:he.fromMinutes(3).toMs(),...t})):console.log("posthog disabled")}s(TL,"init");function SL(){Xu?.shutdown()}s(SL,"shutdown");function rc(t){let e=t.split(",").map(n=>n.split(":")),r=[];for(let[n,...i]of e)for(let o of i){let a=!0;o.startsWith("!")&&(o=o.slice(1),a=!1),r.push({tenantId:n,key:o,value:a})}return r}s(rc,"parseEnvFlags");function PA(){return rc(E.TENANT_FEATURE_FLAGS||"")}s(PA,"getEnvFlags");var ec=class{constructor(e){this.flagSchema=e;this.setId=tc.randomUUID()}static{s(this,"FlagSet")}defaults(){return(0,xA.cloneDeep)(this.flagSchema)}isFlagName(e){return this.flagSchema[e]!==void 0}async isEnabled(e){return(await this.fetch())[e]}async fetch(){return await bA.default.trace("features.fetch",async e=>{let r=rf(this.setId);if(r)return e?.addTags({fromCache:!0}),r;let n={},i=this.defaults(),o=V(),a=new Set;if(za())return i;for(let{tenantId:f,key:p,value:m}of PA())if(!(!f||f!=="*"&&f!==o)&&(n.readFromEnvironmentVars=!0,m===!1&&a.add(p),!!this.isFlagName(p))){if(typeof i[p]!="boolean")throw new Error(`Feature: ${p} is not a boolean`);i[p]=m,n[`flags.${p}.source`]="environment"}let u=Bt(),c=u?._id;if(!c){let f=ef();f&&(c=tc.createHash("sha512").update(f).digest("hex"))}let l=u?.tenantId;if(l||(l=o),n["identity.type"]=u?.type,n["identity._id"]=u?._id,n.tenantId=l,n.userId=c,Xu&&c){n.readFromPostHog=!0;let f=await hi(),p={tenantId:l},m={tenant:{id:l}};f.config.createdVersion&&(m.tenant.createdVersion=f.config.createdVersion),f.createdAt&&(m.tenant.createdAt=`${f.createdAt}`);let h=await Xu.getAllFlags(c,{personProperties:p,onlyEvaluateLocally:!0,groups:{tenant:l},groupProperties:m});for(let[g,y]of Object.entries(h))if(this.isFlagName(g)){if(typeof y!="boolean"){console.warn(`Invalid value for posthog flag "${g}": ${y}`);continue}if(!(i[g]===!0||a.has(g)))try{i[g]=y,n[`flags.${g}.source`]="posthog"}catch(S){console.warn(`Error parsing posthog flag "${g}": ${y}`,S)}}}let d=sf();for(let[f,p]of Object.entries(d))this.isFlagName(f)&&typeof p=="boolean"&&(i[f]=p,n[`flags.${f}.source`]="override");nf(this.setId,i);for(let[f,p]of Object.entries(i))n[`flags.${f}.value`]=p;return e?.addTags(n),i})}},AL={USE_ZOD_VALIDATOR:!1,AI_AGENTS:!1,EMAIL_TRIGGER:!1,DEBUG_UI:E.isDev(),DEV_USE_CLIENT_FROM_STORAGE:!1,DUPLICATE_APP:!1,COPY_RESOURCES_BETWEEN_WORKSPACES:!1,PRIVATE_LLMS:!1},Yp=new ec(AL);async function _L(t){return await Yp.isEnabled(t)}s(_L,"isEnabled");async function OL(){return await Yp.fetch()}s(OL,"all");var Hp={};N(Hp,{setFeatureFlags:()=>NA,withFeatureFlags:()=>DL});function IL(){let t={};for(let{tenantId:e,key:r,value:n}of rc(process.env.TENANT_FEATURE_FLAGS||"")){let i=t[e]||{};i[r]!==!1&&(i[r]=n,t[e]=i)}return t}s(IL,"getCurrentFlags");function wL(t){let e=[];for(let[r,n]of Object.entries(t))for(let[i,o]of Object.entries(n))o===!1?e.push(`${r}:!${i}`):e.push(`${r}:${i}`);return e.join(",")}s(wL,"buildFlagString");function NA(t,e){let r=IL();for(let[i,o]of Object.entries(e)){let a=r[t]||{};a[i]=o,r[t]=a}let n=wL(r);return As({TENANT_FEATURE_FLAGS:n})}s(NA,"setFeatureFlags");function DL(t,e,r){let n=NA(t,e),i=r();return i instanceof Promise?i.finally(n):(n(),i)}s(DL,"withFeatureFlags");var um={};N(um,{adminOnly:()=>nc,auditLog:()=>ic,authError:()=>Oe,buildAuthMiddleware:()=>c0,buildCsrfMiddleware:()=>d0,buildTenancyMiddleware:()=>l0,builderOnly:()=>lc,builderOrAdmin:()=>dc,google:()=>Zt,internalApi:()=>pc,joiValidator:()=>Po,oidc:()=>Xt,passport:()=>f0,platformLogout:()=>g0,refreshOAuthToken:()=>h0,ssoCallbackUrl:()=>xr,updateUserOAuth:()=>E0,workspaceBuilderOrAdmin:()=>Ec});var am={};N(am,{adminOnly:()=>nc,auditLog:()=>ic,authError:()=>Oe,authenticated:()=>cc,builderOnly:()=>lc,builderOrAdmin:()=>dc,correlation:()=>LA,csp:()=>qA,csrf:()=>fc,datasource:()=>a0,errorHandling:()=>QA,featureFlagCookie:()=>jA,google:()=>Zt,internalApi:()=>pc,ip:()=>YA,joiValidator:()=>Po,local:()=>Si,oidc:()=>Xt,pino:()=>kA,querystringToBody:()=>t_,ssoCallbackUrl:()=>xr,tenancy:()=>hc,workspaceBuilderOrAdmin:()=>Ec});var UA=require("uuid");var RL=require("correlation-id"),LA=s((t,e)=>{let r=t.headers["x-budibase-correlation-id"];return r||(r=(0,UA.v4)()),RL.withId(r,()=>e())},"correlationMiddleware");var CL=require("koa-pino-logger"),bL=require("correlation-id");function xL(){return{logger:yu,genReqId:bL.getId,autoLogging:{ignore:t=>!!t.url?.includes("/health")},serializers:{req:t=>({method:t.method,url:t.url,correlationId:t.id}),res:t=>({status:t.statusCode})}}}s(xL,"pinoSettings");function vL(){return E.HTTP_LOGGING?CL(xL()):(t,e)=>e()}s(vL,"getMiddleware");var kA=vL();var nc=s(async(t,e)=>(!t.internal&&!Ct(t.user)&&t.throw(403,"Admin user only endpoint."),e()),"adminOnly");var ic=s(async(t,e)=>e(),"auditLog");var PL=/\/:(.*?)(\/.*)?$/g,_n=s(t=>t?t.map(e=>{let r=e.route,n=e.method,i=r.match(PL);if(i)for(let o of i){let u="/.*"+(o.endsWith("/")?"/":"");r=r.replace(o,u)}return{regex:new RegExp(r),method:n,route:r}}):[],"buildMatcherRegex"),On=s((t,e)=>e.find(({regex:r,method:n})=>{let i=r.test(t.request.url),o=n==="ALL"?!0:t.request.method.toLowerCase()===n.toLowerCase();return i&&o}),"matches");var rm={};N(rm,{SecretOption:()=>BA,decrypt:()=>tm,decryptFile:()=>FL,encrypt:()=>LL,encryptFile:()=>kL,getSecret:()=>em});var Jt=B(require("crypto")),br=B(require("fs")),Jp=require("path"),Zp=B(require("zlib"));var sc="aes-256-ctr",FA="-",NL=1e4,UL=32,oc=16,Xp=16,BA=(r=>(r.API="api",r.ENCRYPTION="encryption",r))(BA||{});function em(t){let e,r;switch(t){case"encryption":e=E.ENCRYPTION_KEY,r="ENCRYPTION_KEY";break;case"api":default:e=E.API_ENCRYPTION_KEY,r="API_ENCRYPTION_KEY";break}if(!e)throw new Error(`Secret "${r}" has not been set in environment.`);return e}s(em,"getSecret");function ac(t,e){return Jt.default.pbkdf2Sync(t,new Uint8Array(e),NL,UL,"sha512")}s(ac,"stretchString");function LL(t,e="api"){let r=Jt.default.randomBytes(oc),n=ac(em(e),r),i=Jt.default.createCipheriv(sc,new Uint8Array(n),new Uint8Array(r)),o=i.update(t,"utf8"),a=i.final(),u=Buffer.concat([new Uint8Array(o),new Uint8Array(a)]).toString("hex");return`${r.toString("hex")}${FA}${u}`}s(LL,"encrypt");function tm(t,e="api"){let[r,n]=t.split(FA),i=Buffer.from(r,"hex"),o=ac(em(e),i),a=Jt.default.createDecipheriv(sc,new Uint8Array(o),new Uint8Array(i)),u=a.update(n,"hex"),c=a.final();return Buffer.concat([new Uint8Array(u),new Uint8Array(c)]).toString()}s(tm,"decrypt");async function kL({dir:t,filename:e},r){let n=`${e}.enc`,i=(0,Jp.join)(t,e);if(br.default.lstatSync(i).isDirectory())throw new Error("Unable to encrypt directory");let o=br.default.createReadStream(i),a=br.default.createWriteStream((0,Jp.join)(t,n)),u=Jt.default.randomBytes(oc),c=Jt.default.randomBytes(Xp),l=ac(r,u),d=Jt.default.createCipheriv(sc,new Uint8Array(l),new Uint8Array(c));return a.write(u),a.write(c),o.pipe(Zp.default.createGzip()).pipe(d).pipe(a),new Promise(f=>{a.on("finish",()=>{f({filename:n,dir:t})})})}s(kL,"encryptFile");async function ML(t){let e=br.default.createReadStream(t),r=await MA(e,oc),n=await MA(e,Xp);return e.close(),{salt:r,iv:n}}s(ML,"getSaltAndIV");async function FL(t,e,r){if(br.default.lstatSync(t).isDirectory())throw new Error("Unable to decrypt directory");let{salt:n,iv:i}=await ML(t),o=br.default.createReadStream(t,{start:oc+Xp}),a=br.default.createWriteStream(e),u=ac(r,n),c=Jt.default.createDecipheriv(sc,new Uint8Array(u),new Uint8Array(i)),l=Zp.default.createGunzip();return o.pipe(c).pipe(l).pipe(a),new Promise((d,f)=>{a.on("finish",()=>{a.close(),d()}),o.on("error",p=>{a.close(),f(p)}),c.on("error",p=>{a.close(),f(p)}),l.on("error",p=>{a.close(),f(p)}),a.on("error",p=>{a.close(),f(p)})})}s(FL,"decryptFile");function MA(t,e){return new Promise((r,n)=>{let i=0,o=[];t.on("readable",()=>{let a;for(;(a=t.read(e-i))!==null;)o.push(a),i+=a.length;r(Buffer.concat(o.map(u=>new Uint8Array(u))))}),t.on("end",()=>{n(new Error("Insufficient data in the stream."))}),t.on("error",a=>{n(a)})})}s(MA,"readBytes");var $A=B(require("dd-trace"));var BL=E.SESSION_UPDATE_PERIOD?parseInt(E.SESSION_UPDATE_PERIOD):60*1e3;function WL(){return new Date(Date.now()-BL).toISOString()}s(WL,"timeMinusOneMinute");function WA(t,e={}){t.publicEndpoint=e.publicEndpoint||!1,t.isAuthenticated=e.authenticated||!1,t.loginMethod=e.loginMethod,t.user=e.user,t.internal=e.internal||!1,t.version=e.version}s(WA,"finalise");async function $L(t,e){if(js(t))return{valid:!0,user:void 0};let n=tm(t).split(C)[0];return Re(n,async()=>{let i;try{let o=H();i=await Gt("by_api_key",{key:t},o)}catch{i=void 0}if(i)return{valid:!0,user:await Do({userId:i,tenantId:n,populateUser:e})};throw new ci})}s($L,"checkApiKey");function uc(t,e){let r=t.request.headers[e];if(Array.isArray(r))throw new Error("Unexpected header format");return r}s(uc,"getHeader");function cc(t=[],e={publicAllowed:!1}){let r=t?_n(t):[];return async(n,i)=>{let o=!1,a=uc(n,"x-budibase-api-version");On(n,r)&&(o=!0);try{let c=uc(n,"x-budibase-token"),l=qt(n,"budibase:auth")||su(c),d=uc(n,"x-budibase-api-key");!d&&n.request.headers.authorization&&(d=n.request.headers.authorization.split(" ")[1]);let f=uc(n,"x-budibase-tenant-id"),p=!1,m,h=!1,g;if(l&&!d){let S=l.sessionId,O=l.userId,_;try{_=await lp(O,S),e&&e.populateUser?m=await Do({userId:O,tenantId:_.tenantId,email:_.email,populateUser:e.populateUser(n)}):m=await Do({userId:O,tenantId:_.tenantId,email:_.email}),m.csrfToken=_.csrfToken,g="cookie",_?.lastAccessedAt<WL()&&await cp(_),p=!0}catch(w){p=!1,console.error(`Auth Error: ${w.message}`),yr(n,"budibase:auth")}}if(!p&&d){let S=e.populateUser?e.populateUser(n):null,{valid:O,user:_}=await $L(d,S);O&&(p=!0,g="api_key",m=_,h=!_)}!m&&f?m={tenantId:f}:m&&"password"in m&&delete m.password,p||(p=!1);let y=s(S=>S&&S.email,"isUser");return y(m)&&$A.default.setUser({id:m._id,tenantId:m.tenantId,budibaseAccess:m.budibaseAccess,status:m.status}),WA(n,{authenticated:p,user:m,internal:h,version:a,publicEndpoint:o,loginMethod:g}),y(m)?Md(m,n,i):i()}catch(c){if(console.error(`Auth Error: ${c.message}`),c?.name==="JsonWebTokenError"?yr(n,"budibase:auth"):c?.code==="invalid_api_key"&&n.throw(403,c.message),e&&e.publicAllowed||o)return WA(n,{authenticated:!1,version:a,publicEndpoint:o}),i();n.throw(c.status||403,c)}}}s(cc,"authenticated");async function lc(t,e){if(t.internal)return e();let r=await an(t);return!r&&!E.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!ke(t.user)?t.throw(403,"Builder user only endpoint."):r&&!gi(t.user,r)&&t.throw(403,"Workspace builder user only endpoint."),e()}s(lc,"builderOnly");async function dc(t,e){if(t.internal||Ct(t.user))return e();let r=await an(t);return!r&&!E.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!ke(t.user)?t.throw(403,"Admin/Builder user only endpoint."):r&&!gi(t.user,r)&&t.throw(403,"Workspace Admin/Builder user only endpoint."),e()}s(dc,"builderOrAdmin");var VA=B(require("crypto"));var GA={"default-src":["'self'"],"script-src":["'self'","'unsafe-eval'","https://*.budibase.net","https://cdn.budi.live","https://js.intercomcdn.com","https://widget.intercom.io","https://d2l5prqdbvm3op.cloudfront.net","https://us-assets.i.posthog.com","https://www.google.com/recaptcha/api.js"],"style-src":["'self'","'unsafe-inline'","https://cdn.jsdelivr.net","https://fonts.googleapis.com","https://rsms.me","https://maxcdn.bootstrapcdn.com"],"object-src":["'none'"],"base-uri":["'self'"],"connect-src":["'self'","https://*.budibase.app","https://*.budibaseqa.app","https://*.budibase.net","https://api-iam.intercom.io","https://api-ping.intercom.io","https://app.posthog.com","https://us.i.posthog.com","wss://nexus-websocket-a.intercom.io","wss://nexus-websocket-b.intercom.io","https://nexus-websocket-a.intercom.io","https://nexus-websocket-b.intercom.io","https://uploads.intercomcdn.com","https://uploads.intercomusercontent.com","https://*.amazonaws.com","https://*.s3.amazonaws.com","https://*.s3.us-east-2.amazonaws.com","https://*.s3.us-east-1.amazonaws.com","https://*.s3.us-west-1.amazonaws.com","https://*.s3.us-west-2.amazonaws.com","https://*.s3.af-south-1.amazonaws.com","https://*.s3.ap-east-1.amazonaws.com","https://*.s3.ap-south-1.amazonaws.com","https://*.s3.ap-northeast-2.amazonaws.com","https://*.s3.ap-southeast-1.amazonaws.com","https://*.s3.ap-southeast-2.amazonaws.com","https://*.s3.ap-northeast-1.amazonaws.com","https://*.s3.ca-central-1.amazonaws.com","https://*.s3.cn-north-1.amazonaws.com","https://*.s3.cn-northwest-1.amazonaws.com","https://*.s3.eu-central-1.amazonaws.com","https://*.s3.eu-west-1.amazonaws.com","https://*.s3.eu-west-2.amazonaws.com","https://*.s3.eu-south-1.amazonaws.com","https://*.s3.eu-west-3.amazonaws.com","https://*.s3.eu-north-1.amazonaws.com","https://*.s3.sa-east-1.amazonaws.com","https://*.s3.me-south-1.amazonaws.com","https://*.s3.us-gov-east-1.amazonaws.com","https://*.s3.us-gov-west-1.amazonaws.com","https://api.github.com"],"font-src":["'self'","data:","https://cdn.jsdelivr.net","https://fonts.gstatic.com","https://rsms.me","https://maxcdn.bootstrapcdn.com","https://js.intercomcdn.com","https://fonts.intercomcdn.com"],"frame-src":["'self'","https:"],"img-src":["http:","https:","data:","blob:"],"manifest-src":["'self'"],"media-src":["'self'","https://js.intercomcdn.com","https://cdn.budi.live"],"worker-src":["blob:","'self'"]},GL=/^[A-Za-z0-9-*:/.]+$/,qA=s(async(t,e)=>{let r=VA.default.randomBytes(16).toString("base64");t.state.nonce=r;let n={...GA};if(n["script-src"]=[...GA["script-src"],`'nonce-${r}'`],t.user?.license?.features.includes("customAppScripts")&&t.appId)try{let a=await Bs.getWorkspaceMetadata(t.appId);if("name"in a)for(let u of a.scripts||[]){let c=(u.cspWhitelist||"").split(`
|
|
37
|
+
`);for(let o of i.filter(a=>a))t.push(ro.default.readFileSync(o))}return t.push(ro.default.readFileSync(iS(oS))),Buffer.concat(t.map(n=>new Uint8Array(n)))}s(Qx,"getLogReadStream");function jx(t){return typeof t=="object"&&t!==null&&!(t instanceof Error)}s(jx,"isPlainObject");function Yx(t){return t instanceof Error}s(Yx,"isError");function Hx(t){return typeof t=="string"}s(Hx,"isMessage");var Ar;if(!E.DISABLE_PINO_LOGGER){let t=E.LOG_LEVEL,e={level:t,formatters:{level:c=>({level:c.toUpperCase()}),bindings:()=>E.SELF_HOSTED?{service:E.SERVICE_NAME}:{}},timestamp:()=>`,"timestamp":"${new Date(Date.now()).toISOString()}"`},r=[];r.push(E.isDev()?{stream:(0,lS.default)({singleLine:!0}),level:t}:{stream:process.stdout,level:t}),E.SELF_HOSTED&&r.push({stream:Qf(),level:t}),Ar=r.length?(0,gu.default)(e,gu.default.multistream(r)):(0,gu.default)(e);let n=s(c=>{let l,d=[],f="";c.forEach(y=>{Hx(y)&&(f=`${f} ${y}`.trimStart()),jx(y)&&d.push(y),Yx(y)&&(l=y)});let p=u(),m={};m={tenantId:i(),appId:o(),automationId:a(),identityId:p?._id,identityType:p?.type,correlationId:Nf()};let h=Yf.default.scope().active();h&&Yf.default.inject(h.context(),dS.formats.LOG,m);let g={err:l,pid:process.pid,...m};if(d.length){let y={},S=0;for(let O=0;O<d.length;O++){let _=d[O],w=_._logKey;w?(delete _._logKey,g[w]=_):(y[S]=_,S++)}Object.keys(y).length&&(g.data=y)}return[g,f]},"getLogParams");console.log=(...c)=>{let[l,d]=n(c);Ar?.info(l,d)},console.info=(...c)=>{let[l,d]=n(c);Ar?.info(l,d)},console.warn=(...c)=>{let[l,d]=n(c);Ar?.warn(l,d)},console.error=(...c)=>{let[l,d]=n(c);Ar?.error(l,d)},console.trace=(...c)=>{let[l,d]=n(c);l.err||(l.err=new Error),Ar?.trace(l,d)},console.debug=(...c)=>{let[l,d]=n(c);Ar?.debug(l,d)};let i=s(()=>{let c;try{c=V()}catch{}return c},"getTenantId"),o=s(()=>{let c;try{c=Le()}catch{}return c},"getAppId"),a=s(()=>{let c;try{c=Xd()}catch{}return c},"getAutomationId"),u=s(()=>{let c;try{c=Bt()}catch{}return c},"getIdentity")}var yu=Ar;var zx=["AccountError"];function Jx(t){return t&&t.suppressAlert}s(Jx,"isSuppressed");function ln(t,e){e&&zx.includes(e.name)&&Jx(e)||console.error(`bb-alert: ${t}`,e)}s(ln,"logAlert");function Zx(t,e,r,n){t=`${t} - db: ${e} - doc: ${r} - error: `,ln(t,n)}s(Zx,"logAlertWithInfo");function si(t,e){console.warn(`bb-warn: ${t}`,e)}s(si,"logWarn");var Tu=class extends Error{static{s(this,"UnretriableError")}constructor(e){super(e),this.name="PermanentError"}},Hf=class{static{s(this,"QueuedProcessor")}constructor(e,r={}){let{maxAttempts:n=3,removeOnFail:i=!0,removeOnComplete:o=!0,maxStalledCount:a=3}=r;this.waitForCompletionMs=r.waitForCompletionMs||1e4,this._queue=new Et(e,{maxStalledCount:a,jobOptions:{attempts:n,removeOnFail:i,removeOnComplete:o}}),this._queue.process(async(u,c)=>{try{let l=await this.processFn(u.data);c?.(null,l)}catch(l){l instanceof Tu&&await u.discard(),ln(`Failed to process job in ${this._queue.name}`,l),c?.(l)}})}async close(e){await this._queue.close(e)}async execute(e){try{let r=await this._queue.add(e);return{success:!0,result:await Ne.withTimeout(this.waitForCompletionMs,()=>r.finished())}}catch(r){if(r.errno!=="ETIME")throw r;return{success:!1,reason:"timeout"}}}};var Xx=100,Su,io=class t{static{s(this,"DocWritethroughProcessor")}static get queue(){return t._queue||(t._queue=new Et("docWritethroughQueue",{jobOptions:{attempts:Xx}})),t._queue}init(){return t.queue.process(async e=>{try{await this.persistToDb(e.data)}catch(r){throw r.status===409?new Error(`Conflict persisting message ${e.id}. Attempt ${e.attemptsMade}`):r}}),this}async persistToDb({dbName:e,docId:r,data:n}){if(r.startsWith("scimlog"))return;let i=De(e),o;try{o=await i.get(r)}catch{o={_id:r}}o={...o,...n},await i.put(o)}},Jf=class{static{s(this,"DocWritethrough")}constructor(e,r){this.db=e,this._docId=r}get docId(){return this._docId}async patch(e){await io.queue.add({dbName:this.db.name,docId:this.docId,data:e})}};function fS(){return Su=new io().init(),Su}s(fS,"init");function ev(){return Su||fS()}s(ev,"getProcessor");var oo={};N(oo,{CacheKey:()=>ye,TTL:()=>pn,bustCache:()=>oi,destroy:()=>so,get:()=>mn,keys:()=>Au,store:()=>jt,withCache:()=>_r,withCacheWithDynamicTTL:()=>pS});function Rt(t){let e=V();return`${t}:${e}`}s(Rt,"generateTenantKey");var dn=class{static{s(this,"BaseCache")}constructor(e=void 0){this.client=e}async getClient(){return this.client?this.client:await cf()}async keys(e){return(await this.getClient()).keys(e)}async exists(e,r={useTenancy:!0}){return e=r.useTenancy?Rt(e):e,(await this.getClient()).exists(e)}async scan(e,r={useTenancy:!0}){return e=r.useTenancy?Rt(e):e,(await this.getClient()).scan(e)}async get(e,r={useTenancy:!0}){return e=r.useTenancy?Rt(e):e,(await this.getClient()).get(e)}async bulkGet(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Rt(i)):e,(await this.getClient()).bulkGet(e)}async store(e,r,n=null,i={useTenancy:!0}){e=i.useTenancy?Rt(e):e,await(await this.getClient()).store(e,r,n)}async bulkStore(e,r=null,n={useTenancy:!0}){n.useTenancy&&(e=Object.entries(e).reduce((o,[a,u])=>(o[Rt(a)]=u,o),{})),await(await this.getClient()).bulkStore(e,r)}async delete(e,r={useTenancy:!0}){return e=r.useTenancy?Rt(e):e,(await this.getClient()).delete(e)}async bulkDelete(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Rt(i)):e,(await this.getClient()).bulkDelete(e)}async withCache(e,r=null,n,i={useTenancy:!0}){let o=await this.get(e,i);if(o)return o;try{let a=await n();return await this.store(e,a,r,i),a}catch(a){throw console.error("Error fetching before cache - ",a),a}}async withCacheWithDynamicTTL(e,r,n={useTenancy:!0}){let i=await this.get(e,n);if(i)return i;try{let o=await r(),{value:a,ttl:u}=o;return await this.store(e,a,u,{useTenancy:n.useTenancy}),a}catch(o){throw console.error("Error fetching before cache - ",o),o}}async bustCache(e){let r=await this.getClient();try{await r.delete(Rt(e))}catch(n){throw console.error("Error busting cache - ",n),n}}async deleteIfValue(e,r,n={useTenancy:!0}){e=n.useTenancy?Rt(e):e,await(await this.getClient()).deleteIfValue(e,r)}};var fn=new dn,ye={CHECKLIST:"checklist",INSTALLATION:"installation",ANALYTICS_ENABLED:"analyticsEnabled",UNIQUE_TENANT_ID:"uniqueTenantId",EVENTS:"events",BACKFILL_METADATA:"backfillMetadata",EVENTS_RATE_LIMIT:"eventsRateLimit",OAUTH2_TOKEN:t=>`oauth2Token_${t}`},pn=(n=>(n[n.ONE_MINUTE=600]="ONE_MINUTE",n[n.ONE_HOUR=3600]="ONE_HOUR",n[n.ONE_DAY=86400]="ONE_DAY",n))(pn||{}),Au=s((...t)=>fn.keys(...t),"keys"),mn=s((...t)=>fn.get(...t),"get"),jt=s((...t)=>fn.store(...t),"store"),so=s((...t)=>fn.delete(...t),"destroy"),_r=s((...t)=>fn.withCache(...t),"withCache"),pS=s((...t)=>fn.withCacheWithDynamicTTL(...t),"withCacheWithDynamicTTL"),oi=s((...t)=>fn.bustCache(...t),"bustCache");var ep={};N(ep,{createCode:()=>rv,deleteCode:()=>iv,getCode:()=>nv,getExistingInvites:()=>Xf,getInviteCodes:()=>hS,updateCode:()=>tv});var mS=he.fromDays(7).toSeconds();async function tv(t,e){await(await nn()).store(t,e,mS)}s(tv,"updateCode");async function rv(t,e){let r=te();return await(await nn()).store(r,{email:t,info:e},mS),r}s(rv,"createCode");async function nv(t){let r=await(await nn()).get(t);if(!r)throw"Invitation is not valid or has expired, please request a new one.";return r}s(nv,"getCode");async function iv(t){await(await nn()).delete(t)}s(iv,"deleteCode");async function hS(){let r=(await(await nn()).scan()).map(i=>({...i.value,code:i.key}));if(!E.MULTI_TENANCY)return r;let n=V();return r.filter(i=>n===i.info.tenantId)}s(hS,"getInviteCodes");async function Xf(t){return(await hS()).filter(e=>t.includes(e.email))}s(Xf,"getExistingInvites");var tp={};N(tp,{createCode:()=>ov,getCode:()=>av,invalidateCode:()=>uv});var sv=he.fromHours(1).toSeconds();async function ov(t,e){let r=te();return await(await Fs()).store(r,{userId:t,info:e},sv),r}s(ov,"createCode");async function av(t){let r=await(await Fs()).get(t);if(!r)throw new Error("Provided information is not valid, cannot reset password - please try again.");return r}s(av,"getCode");async function uv(t){await(await Fs()).delete(t)}s(uv,"invalidateCode");var Dr={};N(Dr,{getUser:()=>Do,getUsers:()=>FU,invalidateUser:()=>Ro});var ao={};N(ao,{getPlatformDB:()=>Or,users:()=>gt});var gt={};N(gt,{addSsoUser:()=>gS,addUser:()=>mv,getUserDoc:()=>ES,lookupTenantId:()=>cv,removeUser:()=>hv,updateUserDoc:()=>lv});function Or(){return De(fe.PLATFORM_INFO.name)}s(Or,"getPlatformDB");async function cv(t){return E.MULTI_TENANCY?(await ES(t)).tenantId:ae}s(cv,"lookupTenantId");async function ES(t){return Or().get(t)}s(ES,"getUserDoc");async function lv(t){await Or().put(t)}s(lv,"updateUserDoc");function dv(t,e){return{_id:t,tenantId:e}}s(dv,"newUserIdDoc");function fv(t,e,r){return{_id:e,userId:t,tenantId:r}}s(fv,"newUserEmailDoc");function pv(t,e,r,n){return{_id:t,userId:r,email:e,tenantId:n}}s(pv,"newUserSsoIdDoc");async function rp(t,e){let r=Or(),n;try{await r.get(t)}catch(i){if(i.status===404)n=e(),await r.put(n);else throw i}}s(rp,"addUserDoc");async function gS(t,e,r,n){return rp(t,()=>pv(t,e,r,n))}s(gS,"addSsoUser");async function mv(t,e,r,n){let i=[rp(e,()=>dv(e,t)),rp(r,()=>fv(e,r,t))];n&&i.push(gS(n,r,e,t)),await Promise.all(i)}s(mv,"addUser");async function hv(t){let e=Or(),r=[t._id,t.email],n=await e.allDocs({keys:r,include_docs:!0});await e.bulkRemove(n.rows.map(i=>i.doc),{silenceErrors:!0})}s(hv,"removeUser");var hn={};N(hn,{getAccount:()=>Ir,getAccountByTenantId:()=>ai,getStatus:()=>Ev});var yS=B(require("node-fetch"));var uo=class{static{s(this,"API")}constructor(e){this.host=e}async apiCall(e,r,n){n.headers||(n.headers={}),n.headers["Content-Type"]||(n.headers={"Content-Type":"application/json",Accept:"application/json",...n.headers});let i=n.headers["Content-Type"]==="application/json";Js.setHeader(n.headers);let o={method:e,body:i?JSON.stringify(n.body):n.body,headers:n.headers,credentials:"include"};return await(0,yS.default)(`${this.host}${r}`,o)}async post(e,r){return this.apiCall("POST",e,r)}async get(e,r){return this.apiCall("GET",e,r)}async patch(e,r){return this.apiCall("PATCH",e,r)}async del(e,r){return this.apiCall("DELETE",e,r)}async put(e,r){return this.apiCall("PUT",e,r)}};var np=new uo(E.INTERNAL_ACCOUNT_PORTAL_URL),ip=E.SELF_HOSTED||E.DISABLE_ACCOUNT_PORTAL,Ir=s(async t=>{if(ip)return;let e={email:t},r=await np.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":E.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by email ${t}`);return(await r.json())[0]},"getAccount"),ai=s(async t=>{if(ip)return;let e={tenantId:t},r=await np.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":E.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by tenantId ${t}`);return(await r.json())[0]},"getAccountByTenantId"),Ev=s(async()=>{if(ip)return;let t=await np.get("/api/status",{headers:{"x-budibase-api-key":E.ACCOUNT_PORTAL_API_KEY}}),e=await t.json();if(t.status!==200)throw new Error("Error getting status");return e},"getStatus");var mi={};N(mi,{UserDB:()=>bt,addAppBuilder:()=>UU,bulkGetGlobalUsersById:()=>Ku,bulkUpdateGlobalUsers:()=>Oo,cleanseUserObject:()=>Dp,creatorsInList:()=>yn,doesUserExist:()=>bU,getAccountHolderFromUsers:()=>qu,getAllUserIds:()=>RU,getAllUsers:()=>CU,getById:()=>Tn,getCreatorCount:()=>PU,getExistingAccounts:()=>pi,getExistingPlatformUsers:()=>sA,getExistingTenantUsers:()=>iA,getFirstPlatformUser:()=>Ao,getGlobalUserByAppPage:()=>dA,getGlobalUserByEmail:()=>St,getPlatformUsers:()=>Wu,getUserCount:()=>vU,hasAdminPermissions:()=>wr,hasAppBuilderPermissions:()=>uA,hasBuilderPermissions:()=>ke,isAdmin:()=>Ct,isAdminOrBuilder:()=>aA,isAdminOrWorkspaceBuilder:()=>$u,isBuilder:()=>gi,isCreatorAsync:()=>_o,isCreatorSync:()=>Gu,isGlobalBuilder:()=>oA,paginatedUsers:()=>pA,removeAppBuilder:()=>LU,removePortalUserPermissions:()=>NU,searchExistingEmails:()=>Ap,searchGlobalUsersByApp:()=>Qu,searchGlobalUsersByAppAccess:()=>wp,searchGlobalUsersByEmail:()=>fA,validateUniqueUser:()=>Vu});var xu={};N(xu,{BadRequestError:()=>Iu,BudibaseError:()=>ui,EmailUnavailableError:()=>Yt,FeatureDisabledError:()=>Cu,ForbiddenError:()=>wu,HTTPError:()=>we,InvalidAPIKeyError:()=>ci,NotFoundError:()=>Ou,NotImplementedError:()=>Du,UnexpectedError:()=>_u,UsageLimitError:()=>Ru,getPublicError:()=>bu});var ui=class extends Error{constructor(r,n){super(r);this.code=n}static{s(this,"BudibaseError")}},bu=s(t=>{let e;return t.code&&(e={code:t.code},t.getPublicError&&(e={...e,...t.getPublicError()})),e},"getPublicError"),we=class t extends ui{constructor(r,n,i="http"){super(r,i);this.status=n}static{s(this,"HTTPError")}static async fromResponse(r){let n=await r.text(),i=n,o=r.status,a="http";try{let u=JSON.parse(n);i=u.message,o=u.status,a=u.error?.code}catch{}return new t(i,o,a)}},_u=class extends we{static{s(this,"UnexpectedError")}constructor(e){super(e,500)}},Ou=class extends we{static{s(this,"NotFoundError")}constructor(e){super(e,404)}},Iu=class extends we{static{s(this,"BadRequestError")}constructor(e){super(e,400)}},wu=class extends we{static{s(this,"ForbiddenError")}constructor(e){super(e,403)}},Du=class extends we{static{s(this,"NotImplementedError")}constructor(e){super(e,501)}},Ru=class extends we{constructor(r,n){super(r,400,"usage_limit_exceeded");this.limitName=n}static{s(this,"UsageLimitError")}getPublicError(){return{limitName:this.limitName}}},Cu=class extends we{constructor(r,n){super(r,400,"feature_disabled");this.featureName=n}static{s(this,"FeatureDisabledError")}getPublicError(){return{featureName:this.featureName}}},ci=class extends ui{static{s(this,"InvalidAPIKeyError")}constructor(){super("Invalid API key - may need re-generated, or user doesn't exist","invalid_api_key")}},Yt=class extends Error{static{s(this,"EmailUnavailableError")}constructor(e){super(`Email already in use: '${e}'`)}};var up={};N(up,{PASSWORD_MAX_LENGTH:()=>op,PASSWORD_MIN_LENGTH:()=>sp,validatePassword:()=>ap});var sp=+(E.PASSWORD_MIN_LENGTH||12),op=+(E.PASSWORD_MAX_LENGTH||512);function ap(t){return!t||t.length<sp?{valid:!1,error:`Password invalid. Minimum ${sp} characters.`}:t.length>op?{valid:!1,error:`Password invalid. Maximum ${op} characters.`}:{valid:!0}}s(ap,"validatePassword");var vu={};N(vu,{createASession:()=>yv,endSession:()=>Tv,getSession:()=>lp,getSessionsForUser:()=>co,invalidateSessions:()=>En,updateSessionTTL:()=>cp});var SS=require("uuid");var AS=E.SESSION_EXPIRY_SECONDS?parseInt(E.SESSION_EXPIRY_SECONDS):he.fromDays(7).toSeconds();function li(t,e){return`${t}/${e}`}s(li,"makeSessionID");async function co(t){return t?(await(await hr()).scan(t)).map(n=>n.value):(console.trace("Cannot get sessions for undefined userId"),[])}s(co,"getSessionsForUser");async function En(t,e={}){try{let r=e?.reason||"unknown",n=e.sessionIds||[],i;if(n.length===0?i=(await co(t)).map(a=>({key:li(a.userId,a.sessionId)})):(n=Array.isArray(n)?n:[n],i=n.map(o=>({key:li(t,o)}))),i&&i.length>0){let o=await hr(),a=[];for(let u of i)a.push(o.delete(u.key));E.isTest()||si(`Invalidating sessions for ${t} (reason: ${r}) - ${i.map(u=>u.key).join(", ")}`),await Promise.all(a)}}catch(r){console.error(`Error invalidating sessions: ${r}`)}}s(En,"invalidateSessions");async function yv(t,e){let r=await co(t),n=0;if(r.length>=3){let l=r.sort((p,m)=>new Date(p.createdAt).getTime()-new Date(m.createdAt).getTime()),d=r.length-3+1,f=l.slice(0,d).map(p=>p.sessionId);n=f.length,await En(t,{sessionIds:f,reason:"session limit exceeded"})}let i=await hr(),o=e.sessionId,a=e.csrfToken?e.csrfToken:(0,SS.v4)(),u=li(t,o),c={...e,csrfToken:a,createdAt:new Date().toISOString(),lastAccessedAt:new Date().toISOString(),userId:t};return await i.store(u,c,AS),{session:c,invalidatedSessionCount:n}}s(yv,"createASession");async function cp(t){let e=await hr(),r=li(t.userId,t.sessionId);t.lastAccessedAt=new Date().toISOString(),await e.store(r,t,AS)}s(cp,"updateSessionTTL");async function Tv(t,e){await(await hr()).delete(li(t,e))}s(Tv,"endSession");async function lp(t,e){if(!t||!e)throw new Error(`Invalid session details - ${t} - ${e}`);let n=await(await hr()).get(li(t,e));if(!n)throw new Error(`Session not found - ${t} - ${e}`);return n}s(lp,"getSession");var fi={};N(fi,{account:()=>NS,action:()=>US,ai:()=>LS,analytics:()=>Nu,app:()=>kS,asyncEventQueue:()=>yt,auditLog:()=>MS,auth:()=>Bu,automation:()=>FS,backfill:()=>BS,backfillCache:()=>ku,backup:()=>WS,datasource:()=>$S,email:()=>GS,environmentVariable:()=>VS,group:()=>qS,identification:()=>Tt,initAsyncEvents:()=>mU,installation:()=>ho,layout:()=>KS,license:()=>QS,org:()=>jS,plugin:()=>YS,processors:()=>Ep,publishEvent:()=>A,query:()=>HS,resource:()=>zS,role:()=>So,rowAction:()=>JS,rows:()=>ZS,screen:()=>XS,serve:()=>eA,shutdown:()=>hU,table:()=>tA,user:()=>Me,view:()=>rA,workspace:()=>nA});var Nu={};N(Nu,{enabled:()=>Pu});var Pu=s(async()=>Uu(),"enabled");var yt;function Lu(){yt=new Et("systemEventQueue",{jobTags:t=>({"event.name":t.event})})}s(Lu,"init");async function _S(){yt&&await yt.close()}s(_S,"shutdown");async function OS(t){yt||Lu();let{event:e,identity:r}=t;Rm.indexOf(e)!==-1&&r.tenantId&&await yt.add(t)}s(OS,"publishAsyncEvent");var ku={};N(ku,{end:()=>Av,isAlreadySent:()=>pp,isBackfillingEvent:()=>fp,recordEvent:()=>dp,start:()=>Sv});var Sv=s(async t=>Ov({eventWhitelist:t}),"start"),dp=s(async(t,e)=>{let r=mp(t,e);await jt(r,e,void 0,{useTenancy:!1})},"recordEvent"),Av=s(async()=>{await Iv(),await wv()},"end"),_v=s(async()=>mn(ye.BACKFILL_METADATA),"getBackfillMetadata"),Ov=s(async t=>jt(ye.BACKFILL_METADATA,t),"saveBackfillMetadata"),Iv=s(async()=>{await so(ye.BACKFILL_METADATA)},"deleteBackfillMetadata"),wv=s(async()=>{let t=mp(),e=await Au(t);for(let r of e)await so(r,{useTenancy:!1})},"clearEvents"),fp=s(async t=>{let r=(await _v())?.eventWhitelist;return!!(r&&r.includes(t))},"isBackfillingEvent"),pp=s(async(t,e)=>{let r=mp(t,e);return!!await mn(r,{useTenancy:!1})},"isAlreadySent"),Dv={"automation:created":t=>t.automationId,"automation:step:created":t=>t.stepId,"datasource:created":t=>t.datasourceId,"layout:created":t=>t.layoutId,"query:created":t=>t.queryId,"role:created":t=>t.roleId,"screen:created":t=>t.screenId,"table:created":t=>t.tableId,"view:created":t=>t.tableId,"view:calculation:created":t=>t.tableId,"view:filter:created":t=>t.tableId,"app:created":t=>t.appId,"app:published":t=>t.appId,"auth:sso:created":t=>t.type,"auth:sso:activated":t=>t.type,"user:created":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:builder:assigned":t=>t.userId,"role:assigned":t=>`${t.roleId}-${t.userId}`},mp=s((t,e)=>{let r,n=V();if(t){r=`${ye.EVENTS}:${n}:${t}`;let i=Dv[t],o=i?i(e):void 0;o&&(r=`${r}:${o}`)}else r=`${ye.EVENTS}:${n}:*`;return r},"getEventKey");var Ep={};N(Ep,{analyticsProcessor:()=>xS,init:()=>kv,processors:()=>zt});var CS=require("posthog-node");var Rv=s(t=>t==="served:builder"||t==="served:app:preview"||t==="served:app","isRateLimited"),Cv=s(t=>t==="served:app:preview"||t==="served:app","isPerApp");var wS={"served:app":"calendarDay","served:app:preview":"calendarDay","served:builder":"calendarDay"},DS=s(async t=>{if(!Rv(t))return!1;let e=await bv(t);if(e){let r=new Date(e.timestamp);switch(wS[t]){case"calendarDay":return r.setDate(r.getDate()+1),r.setHours(0,0,0,0),Date.now()>r.getTime()?(await IS(t,{timestamp:Date.now()}),!1):!0}}else return await IS(t,{timestamp:Date.now()}),!1},"limited"),RS=s(t=>{let e=`${ye.EVENTS_RATE_LIMIT}:${t}`;return Cv(t)&&(e=e+":"+Le()),e},"eventKey"),bv=s(async t=>{let e=RS(t);return await mn(e)},"readEvent"),IS=s(async(t,e)=>{let r=RS(t),n=wS[t],i;switch(n){case"calendarDay":i=86400}await jt(r,e,i)},"recordEvent");var vv=["user:updated","email:smtp:updated","auth:sso:updated","app:updated","role:updated","datasource:updated","query:updated","view:updated","view:calculation:updated","automation:trigger:updated","user_group:updated"],lo=class{static{s(this,"PosthogProcessor")}constructor(e){if(!e)throw new Error("Posthog token is not defined");this.posthog=new CS.PostHog(e)}async processEvent(e,r,n,i){if(vv.includes(e)||await DS(e))return;n=this.clearPIIProperties(n),n.version=E.VERSION,n.service=E.SERVICE,n.environment=r.environment,n.hosting=r.hosting;let o=Le();o&&(n.appId=o);let a={distinctId:r.id,event:e,properties:n};i&&(a.timestamp=new Date(i)),(r.installationId||r.tenantId)&&(a.groups={},r.installationId&&(a.groups.installation=r.installationId,a.properties.installationId=r.installationId),r.tenantId&&(a.groups.tenant=r.tenantId,a.properties.tenantId=r.tenantId)),this.posthog.capture(a)}clearPIIProperties(e){return e.email&&delete e.email,e.audited&&delete e.audited,e}async identify(e,r){let n={distinctId:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.identify(n)}async identifyGroup(e,r){let n={distinctId:e.id,groupType:e.type,groupKey:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.groupIdentify(n)}async shutdown(){await this.posthog.shutdown()}};var bS=lo;var Pv=["installation:version:upgraded","installation:version:downgraded"],Nv=["installation","tenant"],fo=class{static{s(this,"AnalyticsProcessor")}constructor(){E.POSTHOG_TOKEN&&!E.isTest()&&(this.posthog=new bS(E.POSTHOG_TOKEN))}async processEvent(e,r,n,i){!Pv.includes(e)&&!await Pu()||this.posthog&&await this.posthog.processEvent(e,r,n,i)}async identify(e,r){!Nv.includes(e.type)&&!await Pu()||this.posthog&&await this.posthog.identify(e,r)}async identifyGroup(e,r){this.posthog&&await this.posthog.identifyGroup(e,r)}async shutdown(){this.posthog&&await this.posthog.shutdown()}};var hp=E.SELF_HOSTED&&!E.isDev(),po=class{static{s(this,"LoggingProcessor")}async processEvent(e,r,n){hp||console.log(`[audit] [identityType=${r.type}] ${e}`,n)}async identify(e){hp||console.log("[audit] identified",e)}async identifyGroup(e){hp||console.log("[audit] group identified",e)}async shutdown(){}};var di=class t{static{s(this,"AuditLogsProcessor")}static{this.auditLogsEnabled=!1}static init(e){t.auditLogsEnabled=!0;let r=e;return t.auditLogQueue=new Et("auditLogQueue",{jobTags:n=>({"event.name":n.event})}),t.auditLogQueue.process(async n=>{await Re(n.data.tenantId,async()=>{let i=n.data.properties;i.audited&&(i={...i,...i.audited},delete i.audited);let o={};E.ENABLE_AUDIT_LOG_IP_ADDR&&(o=n.data.opts.hostInfo),await r(n.data.event,i,{userId:n.data.opts.userId,timestamp:n.data.opts.timestamp,appId:n.data.opts.appId,hostInfo:o})})})}async processEvent(e,r,n,i){if(t.auditLogsEnabled&&Df(e)){let o=r.type==="user"?r.id:void 0;await t.auditLogQueue.add({event:e,properties:n,opts:{userId:o,timestamp:i,appId:Le(),hostInfo:r.hostInfo},tenantId:V()})}}async identify(){}async identifyGroup(){}async shutdown(){await t.auditLogQueue?.close()}};var mo=class{constructor(e){this.initialised=!1;this.processors=[];this.processors=e}static{s(this,"Processor")}async processEvent(e,r,n,i){for(let o of this.processors)await o.processEvent(e,r,n,i)}async identify(e,r){for(let n of this.processors)n.identify&&await n.identify(e,r)}async identifyGroup(e,r){for(let n of this.processors)n.identifyGroup&&await n.identifyGroup(e,r)}async shutdown(){for(let e of this.processors)e.shutdown&&await e.shutdown()}};var xS=new fo,Uv=new po,Lv=new di;function kv(t){return di.init(t)}s(kv,"init");var zt=new mo([xS,Uv,Lv]);var Mu={};N(Mu,{checkInstallVersion:()=>Bv,getInstall:()=>Eo,getInstallFromDB:()=>yp});var gp=B(require("semver"));var Eo=s(async()=>_r(ye.INSTALLATION,86400,yp,{useTenancy:!1}),"getInstall");async function Mv(t){let e={_id:fe.PLATFORM_INFO.docs.install,installId:te(),version:E.VERSION};try{let r=await t.put(e);return e._rev=r.rev,e}catch(r){if(r.status===409)return yp();throw r}}s(Mv,"createInstallDoc");var yp=s(async()=>Ke(fe.PLATFORM_INFO.name,async t=>{let e;try{e=await t.get(fe.PLATFORM_INFO.docs.install)}catch(r){if(r.status===404)e=await Mv(t);else throw r}return e}),"getInstallFromDB"),Fv=s(async t=>{try{await Ke(fe.PLATFORM_INFO.name,async e=>{let r=await Eo();r.version=t,await e.put(r),await oi(ye.INSTALLATION)})}catch(e){if(e.status===409)return!1;throw e}return!0},"updateVersion"),Bv=s(async()=>{let t=await Eo(),e=t.version,r=E.VERSION;try{if(e!==r){let n=gp.default.gt(r,e),i=gp.default.lt(r,e);await Fv(r)&&(await Os({_id:t.installId,type:"installation"},async()=>{n?await ho.upgraded(e,r):i&&await ho.downgraded(e,r)}),await Tt.identifyInstallationGroup(t.installId))}}catch(n){n?.message?.includes("Invalid Version")?ln(`Invalid version "${r}" - is it semver?`):ln("Failed to retrieve version",n)}},"checkInstallVersion");var Wv=s(async()=>{let t=Ld(),e=To(),r;if(t?r=t.type:r="tenant",r==="installation"){let n=await gn(),i=go();return{id:vS(n,r),hosting:i,type:r,installationId:n,environment:e}}else if(r==="tenant"){let n=await gn(),i=await Fu(V()),o=go();return{id:vS(i,r),type:r,hosting:o,installationId:n,tenantId:i,realTenantId:V(),environment:e}}else if(r==="user"){let n=t,i=await Fu(V()),o=await gn(),a=n.account,u;return a?u=a.hosting:u=go(),{id:n._id,type:r,hosting:u,installationId:o,tenantId:i,environment:e,realTenantId:V(),hostInfo:n.hostInfo}}else throw new Error("Unknown identity type")},"getCurrentIdentity"),$v=s(async(t,e)=>{let r=t,n="installation",i=go(),o=E.VERSION,a=To(),u={id:r,type:n,hosting:i,version:o,environment:a};await Tp(u,e),await yo({...u,id:`$${n}_${r}`},e)},"identifyInstallationGroup"),Gv=s(async(t,e,r,n=E.VERSION)=>{let i=await Fu(t),o="tenant",a=await gn(),u=To(),c={id:i,type:o,hosting:e,environment:u,installationId:a,createdAt:r,createdVersion:n};await Tp(c,r),await yo({...c,id:`$${o}_${i}`},r)},"identifyTenantGroup"),Vv=s(async(t,e,r)=>{let n=t._id,i=await Fu(t.tenantId),o="user",a=ke(t),u=wr(t),c;Vo(t)&&(c=t.providerType);let d=(await pi([t.email])).length>0,f=!!e&&d&&e.verified,p=await gn(),m=e?e.hosting:go(),h=To();await yo({id:n,type:o,hosting:m,installationId:p,tenantId:i,verified:f,accountHolder:d,providerType:c,builder:a,admin:u,environment:h},r)},"identifyUser"),qv=s(async t=>{let e=t.accountId,r=t.tenantId,n="user",i=Go(t)?t.providerType:void 0,o=t.verified,a=!0,u=t.hosting,c=await gn(),l=To();if($o(t)){let f=await St(t.email);f?._id&&(e=f._id)}await yo({id:e,type:n,hosting:u,installationId:c,tenantId:r,providerType:i,verified:o,accountHolder:a,environment:l})},"identifyAccount"),yo=s(async(t,e)=>{await zt.identify(t,e)},"identify"),Tp=s(async(t,e)=>{await zt.identifyGroup(t,e)},"identifyGroup"),To=s(()=>E.isDev()?"development":E.DEPLOYMENT_ENVIRONMENT,"getDeploymentEnvironment"),go=s(()=>E.SELF_HOSTED?"self":"cloud","getHostingFromEnv"),gn=s(async()=>Kv()?"account-portal":(await Eo()).installId,"getInstallationId"),Fu=s(async t=>E.SELF_HOSTED?PS(t):t,"getEventTenantId"),PS=s(async t=>Re(t,()=>_r(ye.UNIQUE_TENANT_ID,86400,async()=>{let e=H(),r=await hi(),n;return r.config.uniqueTenantId?r.config.uniqueTenantId:(n=`${te()}_${t}`,r.config.uniqueTenantId=n,r.config.createdVersion=E.VERSION,await e.put(r),n)})),"getUniqueTenantId"),Kv=s(()=>E.SERVICE==="account-portal","isAccountPortal"),vS=s((t,e)=>e==="installation"||e==="tenant"?`$${e}_${t}`:t,"formatDistinctId"),Tt={getCurrentIdentity:Wv,identifyInstallationGroup:$v,identifyTenantGroup:Gv,identifyUser:Vv,identifyAccount:qv,identify:yo,identifyGroup:Tp,getInstallationId:gn,getUniqueTenantId:PS};var A=s(async(t,e,r,n)=>{let i=n||await Tt.getCurrentIdentity();if(!(n?!1:await fp(t))){await OS({event:t,identity:i,properties:e,timestamp:r}),await zt.processEvent(t,i,e,r);return}await pp(t,e)||(await zt.processEvent(t,i,e,r),await dp(t,e))},"publishEvent");async function Qv(t,e){let r={tenantId:t.tenantId};await A("account:created",r,void 0,e)}s(Qv,"created");async function jv(t){let e={tenantId:t.tenantId};await A("account:deleted",e)}s(jv,"deleted");async function Yv(t){let e={tenantId:t.tenantId};await A("account:verified",e)}s(Yv,"verified");var NS={created:Qv,deleted:jv,verified:Yv};async function Hv(t,e){console.info("action:automation_step:executed",`disabled. Action step ${t.stepId} not published at ${e}`)}s(Hv,"automationStepExecuted");async function zv(t,e){console.info("action:automation_step:executed",`disabled. Action type ${t.type} not published at ${e}`)}s(zv,"crudExecuted");async function Jv(t,e){console.info("action:automation_step:executed",`disabled. Execution for ai agent ${t.agentId} not published at ${e}`)}s(Jv,"aiAgentExecuted");var US={aiAgentExecuted:Jv,automationStepExecuted:Hv,crudExecuted:zv};async function Zv(t){let e={};await A("ai:config:created",e,t)}s(Zv,"AIConfigCreated");async function Xv(){let t={};await A("ai:config:updated",t)}s(Xv,"AIConfigUpdated");var LS={AIConfigCreated:Zv,AIConfigUpdated:Xv};var eP=s(async(t,e)=>{let r={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:created",r,e)},"created");async function tP(t){let e={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:updated",e)}s(tP,"updated");async function rP(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:deleted",e)}s(rP,"deleted");async function nP(t,e){let r={appId:t.appId,audited:{name:t.name}};await A("app:published",r,e)}s(nP,"published");async function iP(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:unpublished",e)}s(iP,"unpublished");async function sP(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:file:imported",e)}s(sP,"fileImported");async function oP(t,e){let r={duplicateAppId:e,appId:t.appId,audited:{name:t.name}};await A("app:duplicated",r)}s(oP,"duplicated");async function aP(t,e){let r={appId:t.appId,templateKey:e,audited:{name:t.name}};await A("app:template:imported",r)}s(aP,"templateImported");async function uP(t,e,r){let n={appId:t.appId,currentVersion:e,updatedToVersion:r,audited:{name:t.name}};await A("app:version:updated",n)}s(uP,"versionUpdated");async function cP(t,e,r){let n={appId:t.appId,currentVersion:e,revertedToVersion:r,audited:{name:t.name}};await A("app:version:reverted",n)}s(cP,"versionReverted");async function lP(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:reverted",e)}s(lP,"reverted");async function dP(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:exported",e)}s(dP,"exported");var kS={created:eP,updated:tP,deleted:rP,published:nP,unpublished:iP,fileImported:sP,duplicated:oP,templateImported:aP,versionUpdated:uP,versionReverted:cP,reverted:lP,exported:dP};async function fP(t){let e={filters:t};await A("audit_log:filtered",e)}s(fP,"filtered");async function pP(t){let e={filters:t};await A("audit_log:downloaded",e)}s(pP,"downloaded");var MS={filtered:fP,downloaded:pP};async function mP(t,e){let n={userId:(await Tt.getCurrentIdentity()).id,source:t,audited:{email:e}};await A("auth:login",n)}s(mP,"login");async function hP(t){let r={userId:(await Tt.getCurrentIdentity()).id,audited:{email:t}};await A("auth:logout",r)}s(hP,"logout");async function EP(t,e){let r={type:t};await A("auth:sso:created",r,e)}s(EP,"SSOCreated");async function gP(t){let e={type:t};await A("auth:sso:updated",e)}s(gP,"SSOUpdated");async function yP(t,e){let r={type:t};await A("auth:sso:activated",r,e)}s(yP,"SSOActivated");async function TP(t){let e={type:t};await A("auth:sso:deactivated",e)}s(TP,"SSODeactivated");var Bu={login:mP,logout:hP,SSOCreated:EP,SSOUpdated:gP,SSOActivated:yP,SSODeactivated:TP};async function SP(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:created",r,e)}s(SP,"created");async function AP(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:trigger:updated",e)}s(AP,"triggerUpdated");async function _P(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:deleted",e)}s(_P,"deleted");async function OP(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:tested",e)}s(OP,"tested");var IP=s(async(t,e)=>{let r={count:t};await A("automations:run",r,e)},"run");async function wP(t,e,r){let n={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:created",n,r)}s(wP,"stepCreated");async function DP(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:deleted",r)}s(DP,"stepDeleted");var FS={created:SP,triggerUpdated:AP,deleted:_P,tested:OP,run:IP,stepCreated:wP,stepDeleted:DP};var Ei=!E.SELF_HOSTED&&!E.isDev();async function RP(t){Ei||await A("app:backfill:succeeded",t)}s(RP,"appSucceeded");async function CP(t){if(Ei)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("app:backfill:failed",e)}s(CP,"appFailed");async function bP(t){Ei||await A("tenant:backfill:succeeded",t)}s(bP,"tenantSucceeded");async function xP(t){if(Ei)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("tenant:backfill:failed",e)}s(xP,"tenantFailed");async function vP(){if(Ei)return;let t={};await A("installation:backfill:succeeded",t)}s(vP,"installationSucceeded");async function PP(t){if(Ei)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("installation:backfill:failed",e)}s(PP,"installationFailed");var BS={appSucceeded:RP,appFailed:CP,tenantSucceeded:bP,tenantFailed:xP,installationSucceeded:vP,installationFailed:PP};async function NP(t){let e={appId:t.appId,restoreId:t._id,backupCreatedAt:t.timestamp,name:t.name};await A("app:backup:restored",e)}s(NP,"appBackupRestored");async function UP(t,e,r,n,i){let o={appId:t,backupId:e,type:r,trigger:n,name:i};await A("app:backup:triggered",o)}s(UP,"appBackupTriggered");var WS={appBackupRestored:NP,appBackupTriggered:UP};function Sp(t){return!Object.values(Mo).includes(t.source)}s(Sp,"isCustom");async function LP(t,e){let r={datasourceId:t._id,source:t.source,custom:Sp(t)};await A("datasource:created",r,e)}s(LP,"created");async function kP(t){let e={datasourceId:t._id,source:t.source,custom:Sp(t)};await A("datasource:updated",e)}s(kP,"updated");async function MP(t){let e={datasourceId:t._id,source:t.source,custom:Sp(t)};await A("datasource:deleted",e)}s(MP,"deleted");var $S={created:LP,updated:kP,deleted:MP};async function FP(t){let e={};await A("email:smtp:created",e,t)}s(FP,"SMTPCreated");async function BP(){let t={};await A("email:smtp:updated",t)}s(BP,"SMTPUpdated");var GS={SMTPCreated:FP,SMTPUpdated:BP};async function WP(t,e){let r={name:t,environments:e};await A("environment_variable:created",r)}s(WP,"created");async function $P(t){let e={name:t};await A("environment_variable:deleted",e)}s($P,"deleted");async function GP(t){let e={userId:t};await A("environment_variable:upgrade_panel_opened",e)}s(GP,"upgradePanelOpened");var VS={created:WP,deleted:$P,upgradePanelOpened:GP};async function VP(t,e){let r={groupId:t._id,viaScim:mt(),audited:{name:t.name}};await A("user_group:created",r,e)}s(VP,"created");async function qP(t){let e={groupId:t._id,viaScim:mt(),audited:{name:t.name}};await A("user_group:updated",e)}s(qP,"updated");async function KP(t){let e={groupId:t._id,viaScim:mt(),audited:{name:t.name}};await A("user_group:deleted",e)}s(KP,"deleted");async function QP(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:mt(),audited:{name:e.name}};await A("user_group:user_added",n)}s(QP,"usersAdded");async function jP(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:mt(),audited:{name:e.name}};await A("user_group:users_deleted",n)}s(jP,"usersDeleted");async function YP(t){let e={groupId:t,onboarding:!0};await A("user_group:onboarding_added",e)}s(YP,"createdOnboarding");async function HP(t){let e={permissions:t.roles,groupId:t._id,audited:{name:t.name}};await A("user_group:permissions_edited",e)}s(HP,"permissionsEdited");var qS={created:VP,updated:qP,deleted:KP,usersAdded:QP,usersDeleted:jP,createdOnboarding:YP,permissionsEdited:HP};async function zP(t){let e={currentVersion:t};await A("installation:version:checked",e)}s(zP,"versionChecked");async function JP(t,e){let r={from:t,to:e};await A("installation:version:upgraded",r)}s(JP,"upgraded");async function ZP(t,e){let r={from:t,to:e};await A("installation:version:downgraded",r)}s(ZP,"downgraded");async function XP(){let t={};await A("installation:firstStartup",t)}s(XP,"firstStartup");var ho={versionChecked:zP,upgraded:JP,downgraded:ZP,firstStartup:XP};async function eN(t,e){let r={layoutId:t._id};await A("layout:created",r,e)}s(eN,"created");async function tN(t){let e={layoutId:t};await A("layout:deleted",e)}s(tN,"deleted");var KS={created:eN,deleted:tN};async function rN(t,e){let r={accountId:t.accountId,...e};await A("license:plan:changed",r)}s(rN,"planChanged");async function nN(t){let e={accountId:t.accountId};await A("license:activated",e)}s(nN,"activated");async function iN(t){let e={accountId:t.accountId};await A("license:checkout:opened",e)}s(iN,"checkoutOpened");async function sN(t){let e={accountId:t.accountId};await A("license:checkout:success",e)}s(sN,"checkoutSuccess");async function oN(t){let e={accountId:t.accountId};await A("license:portal:opened",e)}s(oN,"portalOpened");async function aN(t){let e={accountId:t.accountId};await A("license:payment:failed",e)}s(aN,"paymentFailed");async function uN(t){let e={accountId:t.accountId};await A("license:payment:recovered",e)}s(uN,"paymentRecovered");var QS={planChanged:rN,activated:nN,checkoutOpened:iN,checkoutSuccess:sN,portalOpened:oN,paymentFailed:aN,paymentRecovered:uN};async function cN(t){let e={};await A("org:info:name:updated",e,t)}s(cN,"nameUpdated");async function lN(t){let e={};await A("org:info:logo:updated",e,t)}s(lN,"logoUpdated");async function dN(t){let e={};await A("org:platformurl:updated",e,t)}s(dN,"platformURLUpdated");async function fN(){let t={};await A("analytics:opt:out",t)}s(fN,"analyticsOptOut");async function pN(){let t={};await A("analytics:opt:out",t)}s(pN,"analyticsOptIn");var jS={nameUpdated:cN,logoUpdated:lN,platformURLUpdated:dN,analyticsOptOut:fN,analyticsOptIn:pN};async function mN(t){let e={type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:init",e)}s(mN,"init");async function hN(t){let e={pluginId:t._id,type:t.schema.type,source:t.source,name:t.name,description:t.description,version:t.version};await A("plugin:imported",e)}s(hN,"imported");async function EN(t){let e={pluginId:t._id,type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:deleted",e)}s(EN,"deleted");var YS={init:mN,imported:hN,deleted:EN};var gN=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:created",n,r)},"created"),yN=s(async(t,e)=>{let r={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:updated",r)},"updated"),TN=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb,appId:r};await A("query:deleted",n)},"deleted"),SN=s(async(t,e,r)=>{let n={datasourceId:t._id,source:t.source,count:r,importSource:e};await A("query:import",n)},"imported"),AN=s(async(t,e)=>{let r={count:t};await A("queries:run",r,e)},"run"),_N=s(async(t,e)=>{let r={queryId:e.queryId,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:previewed",r)},"previewed"),HS={created:gN,updated:yN,deleted:TN,imported:SN,run:AN,previewed:_N};async function ON({resource:t,fromWorkspace:e,toWorkspace:r},n){let i={resource:t,fromWorkspace:e,toWorkspace:r};await A("resource:copied_to_workspace",i,n)}s(ON,"duplicatedToWorkspace");var zS={duplicatedToWorkspace:ON};async function IN(t,e){let r={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:created",r,e)}s(IN,"created");async function wN(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:updated",e)}s(wN,"updated");async function DN(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:deleted",e)}s(DN,"deleted");async function RN(t,e,r){let n={userId:t._id,roleId:e};await A("role:assigned",n,r)}s(RN,"assigned");async function CN(t,e){let r={userId:t._id,roleId:e};await A("role:unassigned",r)}s(CN,"unassigned");var So={created:IN,updated:wN,deleted:DN,assigned:RN,unassigned:CN};async function bN(t,e){await A("row_action:created",t,e)}s(bN,"created");var JS={created:bN};var xN=s(async(t,e)=>{let r={count:t};await A("rows:created",r,e)},"created"),vN=s(async(t,e)=>{let r={tableId:t._id,count:e};await A("rows:imported",r)},"imported"),ZS={created:xN,imported:vN};async function PN(t,e){let r={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:created",r,e)}s(PN,"created");async function NN(t){let e={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:deleted",e)}s(NN,"deleted");var XS={created:PN,deleted:NN};async function UN(t){let e={timezone:t};await A("served:builder",e)}s(UN,"servedBuilder");async function LN(t,e,r){let n={appVersion:t.version,timezone:e,embed:r===!0};await A("served:app",n)}s(LN,"servedApp");async function kN(t,e){let r={appId:t.appId,appVersion:t.version,timezone:e};await A("served:app:preview",r)}s(kN,"servedAppPreview");var eA={servedBuilder:UN,servedApp:LN,servedAppPreview:kN};async function MN(t,e){let r={tableId:t._id,audited:{name:t.name}};await A("table:created",r,e)}s(MN,"created");async function FN(t,e){let r,n;for(let o in e.schema)if(!t.schema[o]){let a=e.schema[o];"default"in a&&a.default!=null&&(r=!0),a.type==="ai"&&(n=a.operation)}let i={tableId:e._id,defaultValues:r,aiColumn:n,audited:{name:e.name}};(r||n)&&await A("table:updated",i)}s(FN,"updated");async function BN(t,e){let r={tableId:t._id,audited:{name:t.name},appId:e};await A("table:deleted",r)}s(BN,"deleted");async function WN(t,e){let r={tableId:t._id,format:e,audited:{name:t.name}};await A("table:exported",r)}s(WN,"exported");async function $N(t){let e={tableId:t._id,audited:{name:t.name}};await A("table:imported",e)}s($N,"imported");var tA={created:MN,updated:FN,deleted:BN,exported:WN,imported:$N};async function GN(t,e){let r={userId:t._id,viaScim:mt(),audited:{email:t.email}};await A("user:created",r,e)}s(GN,"created");async function VN(t){let e={userId:t._id,viaScim:mt(),audited:{email:t.email}};await A("user:updated",e)}s(VN,"updated");async function qN(t){let e={userId:t._id,viaScim:mt(),audited:{email:t.email}};await A("user:deleted",e)}s(qN,"deleted");async function KN(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:admin:assigned",r,e)}s(KN,"permissionAdminAssigned");async function QN(t){let e={userId:t._id,audited:{email:t.email}};await A("user:admin:removed",e)}s(QN,"permissionAdminRemoved");async function jN(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:builder:assigned",r,e)}s(jN,"permissionBuilderAssigned");async function YN(t){let e={userId:t._id,audited:{email:t.email}};await A("user:builder:removed",e)}s(YN,"permissionBuilderRemoved");async function HN(t){let e={audited:{email:t}};await A("user:invited",e)}s(HN,"invited");async function zN(t){let e={userId:t._id,audited:{email:t.email}};await A("user:invite:accepted",e)}s(zN,"inviteAccepted");async function JN(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:force:reset",e)}s(JN,"passwordForceReset");async function ZN(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:updated",e)}s(ZN,"passwordUpdated");async function XN(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset:requested",e)}s(XN,"passwordResetRequested");async function eU(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset",e)}s(eU,"passwordReset");async function tU(t){let e={users:t};await A("user:data:collaboration",e)}s(tU,"dataCollaboration");var Me={created:GN,updated:VN,deleted:qN,permissionAdminAssigned:KN,permissionAdminRemoved:QN,permissionBuilderAssigned:jN,permissionBuilderRemoved:YN,invited:HN,inviteAccepted:zN,passwordForceReset:JN,passwordUpdated:ZN,passwordResetRequested:XN,passwordReset:eU,dataCollaboration:tU};async function rU(t,e){let r={name:t.name,type:t.type,tableId:t.tableId};await A("view:created",r,e)}s(rU,"created");async function nU(t){let e={tableId:t.tableId};await A("view:updated",e)}s(nU,"updated");async function iU(t,e){let r={...Ne.views.isV2(t)?{id:t.id,tableId:t.tableId,appId:e}:{}};await A("view:deleted",r)}s(iU,"deleted");async function sU(t,e){let r={tableId:t._id,format:e};await A("view:exported",r)}s(sU,"exported");async function oU({tableId:t,filterGroups:e},r){let n={tableId:t,filterGroups:e};await A("view:filter:created",n,r)}s(oU,"filterCreated");async function aU({tableId:t,filterGroups:e}){let r={tableId:t,filterGroups:e};await A("view:filter:updated",r)}s(aU,"filterUpdated");async function uU(t){let e={tableId:t.tableId};await A("view:filter:deleted",e)}s(uU,"filterDeleted");async function cU({tableId:t,calculationType:e},r){let n={tableId:t,calculation:e};await A("view:calculation:created",n,r)}s(cU,"calculationCreated");async function lU(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:updated",e)}s(lU,"calculationUpdated");async function dU(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:deleted",e)}s(dU,"calculationDeleted");async function fU(t,e){let r={tableId:t};await A("view:join:created",r,e)}s(fU,"viewJoinCreated");var rA={created:rU,updated:nU,deleted:iU,exported:sU,filterCreated:oU,filterUpdated:aU,filterDeleted:uU,calculationCreated:cU,calculationUpdated:lU,calculationDeleted:dU,viewJoinCreated:fU};async function pU(t,e){let r={workspaceAppId:t._id,audited:{name:t.name},appId:e};await A("workspace_app:deleted",r)}s(pU,"deleted");var nA={deleted:pU};function mU(){}s(mU,"initAsyncEvents");var hU=s(async()=>{await zt.shutdown(),console.log("Events shutdown")},"shutdown");var _p={};N(_p,{creatorsInList:()=>yn,getAccountHolderFromUsers:()=>qu,hasAdminPermissions:()=>wr,hasAppBuilderPermissions:()=>uA,hasBuilderPermissions:()=>ke,isAdmin:()=>Ct,isAdminOrBuilder:()=>aA,isAdminOrWorkspaceBuilder:()=>$u,isBuilder:()=>gi,isCreatorAsync:()=>_o,isCreatorSync:()=>Gu,isGlobalBuilder:()=>oA,validateUniqueUser:()=>Vu});async function Ap(t){let e=[],r=await iA(t);e.push(...r.map(a=>a.email));let n=await sA(t);e.push(...n.map(a=>a._id));let i=await pi(t);e.push(...i.map(a=>a.email));let o=await Xf(t);return e.push(...o.map(a=>a.email)),[...new Set(e.map(a=>a.toLowerCase()))]}s(Ap,"searchExistingEmails");async function Wu(t){return await Vs("platform_users_lowercase_2",{keys:[t.toLowerCase()],include_docs:!0})}s(Wu,"getPlatformUsers");async function Ao(t){return(await Wu(t))[0]??null}s(Ao,"getFirstPlatformUser");async function iA(t){let r={keys:t.map(i=>i.toLowerCase()),include_docs:!0},n={arrayResponse:!0};return await Gt("by_email2",r,void 0,n)}s(iA,"getExistingTenantUsers");async function sA(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await Vs("platform_users_lowercase_2",r)}s(sA,"getExistingPlatformUsers");async function pi(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await Vs("account_by_email",r)}s(pi,"getExistingAccounts");var gi=Ue.users.isBuilder,Ct=Ue.users.isAdmin,oA=Ue.users.isGlobalBuilder,aA=Ue.users.isAdminOrBuilder,wr=Ue.users.hasAdminPermissions,ke=Ue.users.hasBuilderPermissions,uA=Ue.users.hasAppBuilderPermissions,$u=Ue.users.isAdminOrWorkspaceBuilder;async function yn(t,e){let r=[...new Set(t.filter(i=>i.userGroups).flatMap(i=>i.userGroups))];return e=await H().getMultiple(r,{allowMissing:!0}),t.map(i=>Gu(i,e))}s(yn,"creatorsInList");async function _o(t){let e=[];return t.userGroups&&(e=await H().getMultiple(t.userGroups)),Gu(t,e)}s(_o,"isCreatorAsync");function Gu(t,e){let r=Ue.users.isCreator(t);return!r&&t?EU(t,e):r}s(Gu,"isCreatorSync");function EU(t,e){let r=e?.filter(n=>t.userGroups?.indexOf(n._id)!==-1);return r&&r.length>0?r.some(n=>Object.values(n.roles||{}).includes("CREATOR")):!1}s(EU,"isCreatorByGroupMembership");async function Vu(t,e){if(E.MULTI_TENANCY){let r=await Ao(t);if(r!=null&&r.tenantId!==e)throw new Yt(t)}if(!E.SELF_HOSTED&&!E.DISABLE_ACCOUNT_PORTAL){let r=await Ir(t);if(r&&r.verified&&r.tenantId!==e)throw new Yt(t)}}s(Vu,"validateUniqueUser");async function qu(t){if(!E.SELF_HOSTED&&!E.DISABLE_ACCOUNT_PORTAL){let e=await pi(t.map(r=>r.email));return t.find(r=>e.map(n=>n.email).includes(r.email))}}s(qu,"getAccountHolderFromUsers");var Op=s(async t=>{await Me.deleted(t),ke(t)&&await Me.permissionBuilderRemoved(t),wr(t)&&await Me.permissionAdminRemoved(t)},"handleDeleteEvents"),gU=s(async(t,e,r)=>{for(let[n,i]of Object.entries(e))(!r||r[n]!==i)&&await So.assigned(t,i)},"assignAppRoleEvents"),yU=s(async(t,e,r)=>{if(r)for(let[n,i]of Object.entries(r))(!e||e[n]!==i)&&await So.unassigned(t,i)},"unassignAppRoleEvents"),TU=s(async(t,e)=>{let r=t.roles,n=e?.roles;await gU(t,r,n),await yU(t,r,n)},"handleAppRoleEvents"),Ip=s(async(t,e)=>{let r=V(),n;!E.SELF_HOSTED&&!E.DISABLE_ACCOUNT_PORTAL&&(n=await ai(r)),await Tt.identifyUser(t,n),e?(await Me.updated(t),AU(t,e)&&await Me.permissionBuilderRemoved(t),OU(t,e)&&await Me.permissionAdminRemoved(t),!e.forceResetPassword&&t.forceResetPassword&&t.password&&await Me.passwordForceReset(t),t.password!==e.password&&await Me.passwordUpdated(t)):await Me.created(t),SU(t,e)&&await Me.permissionBuilderAssigned(t),_U(t,e)&&await Me.permissionAdminAssigned(t),await TU(t,e)},"handleSaveEvents"),SU=s((t,e)=>cA(t,e,ke),"isAddingBuilder"),AU=s((t,e)=>lA(t,e,ke),"isRemovingBuilder"),_U=s((t,e)=>cA(t,e,wr),"isAddingAdmin"),OU=s((t,e)=>lA(t,e,wr),"isRemovingAdmin"),cA=s((t,e,r)=>!(!r(t)||e&&r(e)),"isAddingPermission"),lA=s((t,e,r)=>!(r(t)||!e||!r(e)),"isRemovingPermission");var wU=s(async t=>{let e=t._id;await gt.removeUser(t),await Op(t),await Dr.invalidateUser(e),await En(e,{reason:"bulk-deletion"})},"bulkDeleteProcessing"),bt=class t{static{s(this,"UserDB")}static init(e,r,n){t.quotas=e,t.groups=r,t.features=n}static async isPreventPasswordActions(e,r){return E.ENABLE_SSO_MAINTENANCE_MODE&&Ct(e)?!1:await t.features.isSSOEnforced()||Vo(e)?!0:(r||(r=await ai(V())),!!(r&&r.email===e.email&&Go(r)))}static async buildUser(e,r={hashPassword:!0,requirePassword:!0},n,i,o){let{password:a,_id:u}=e;i&&!i.password&&(r.requirePassword=!1);let c;if(a&&a!==i?.password){if(await t.isPreventPasswordActions(e,o))throw new we("Password change is disabled for this user",400);if(!r.skipPasswordValidation){let f=ap(a);if(!f.valid)throw new we(f.error,400)}c=r.hashPassword?await Nd(a):a}else i&&(c=i.password);let l=r.requirePassword&&!await t.features.isSSOEnforced();if(!c&&l)throw"Password must be specified.";u=u||Xn();let d={createdAt:Date.now(),...i,...e,_id:u,password:c,tenantId:n};return d.roles||(d.roles={}),d.status==null&&(d.status="active"),d}static async allUsers(){return(await H().allDocs(sn(null,{include_docs:!0}))).rows.map(n=>n.doc)}static async countUsersByApp(e){return{userCount:(await Qu(e,{})).length}}static async getUsersByAppAccess(e){return await wp(e.appId,{limit:e.limit||50})}static async getUserByEmail(e){return St(e)}static async getUser(e){let r=await Tn(e);return r&&delete r.password,r}static async bulkGet(e){return await Ku(e)}static async bulkUpdate(e){return await Oo(e)}static async save(e,r={}){r.hashPassword==null&&(r.hashPassword=!0),r.requirePassword==null&&(r.requirePassword=!0);let n=V(),i=H(),{email:o,_id:a,userGroups:u=[],roles:c}=e;if(!o&&!a)throw new Error("_id or email is required");let l;if(a)try{if(l=await Tn(a),o&&l.email!==o&&!r.allowChangingEmail)throw new Error("Email address cannot be changed")}catch(p){if(p.status!==404)throw p}if(!l&&o&&(l=await St(o),l&&l._id!==a))throw new Yt(o);let d=1,f=0;if((r.isAccountHolder||l)&&(d=0,f=1),l){let[p,m]=await yn([l,e]);f=p!==m?1:0}return t.quotas.addUsers(d,f,async()=>{r.isAccountHolder||await Vu(o,n);let p=await t.buildUser(e,r,n,l);r.currentUserId&&r.currentUserId===l?._id&&(p=Dp(p,l)),!l&&c?.length&&(p.roles={...c});let m=[];if(!a&&u.length>0)for(let h of u)m.push(t.groups.addUsers(h,[p._id]));try{let h=await i.put(p);return p._rev=h.rev,await Ip(p,l),l&&p.email!==l.email&&await gt.removeUser({email:l.email}),await gt.addUser(n,p._id,p.email,p.ssoId),await Dr.invalidateUser(h.id),await Promise.all(m),i.get(p._id)}catch(h){throw h.status===409?"User exists already":h}})}static async bulkCreate(e,r){let n=V(),i=[],o=[],a=[],u=e.map(p=>p.email),c=await Ap(u),l=[];for(let p of e){let m=o.find(g=>g.email.toLowerCase()===p.email.toLowerCase()),h=c.includes(p.email.toLowerCase());if(m||h){l.push({email:p.email,reason:"Unavailable"});continue}p.userGroups=r||[],o.push(p),await _o(p)&&a.push(p)}let d=await ai(n),f=await t.features.isSSOEnforced();return t.quotas.addUsers(o.length,a.length,async()=>{for(let h of o)f&&delete h.password,i.push(t.buildUser(h,{hashPassword:!0,requirePassword:!f},n,void 0,d));let p=await Promise.all(i);await Oo(p);for(let h of p)await gt.addUser(n,h._id,h.email),await Ip(h,void 0);let m=p.map(h=>({_id:h._id,email:h.email}));if(Array.isArray(m)&&r){let h=[],g=m.map(y=>y._id);for(let y of r)h.push(t.groups.addUsers(y,g));await Promise.all(h)}return{successful:m,unsuccessful:l}})}static async bulkDelete(e){let r=H(),n={successful:[],unsuccessful:[]},i=await qu(e);i&&(e=e.filter(m=>m.userId!==i.userId),n.unsuccessful.push({_id:i.userId,email:i.email,reason:"Account holder cannot be deleted"}));let a=(await r.allDocs({include_docs:!0,keys:e.map(m=>m.userId)})).rows.map(m=>m.doc),u=a.map(m=>({...m,_deleted:!0})),c=await Oo(u),d=(await yn(a)).filter(m=>m).length,f=[];for(let m of a){let g=(await Ao(m._id)).ssoId;g&&(await Wu(g)).filter(S=>S.ssoId==null).forEach(S=>{f.push({...S,_deleted:!0})}),await wU(m)}await Or().bulkDocs(f),await t.quotas.removeUsers(u.length,d);let p={};return a.reduce((m,h)=>(m[h._id]=h,m),p),c.forEach(m=>{let h=p[m.id].email;m.ok?n.successful.push({_id:m.id,email:h}):n.unsuccessful.push({_id:m.id,email:h,reason:"Database error"})}),n}static async destroy(e){let r=H(),n=await r.get(e),i=n._id;if(!E.SELF_HOSTED&&!E.DISABLE_ACCOUNT_PORTAL){let a=n.email;if(await Ir(a))throw n.userId===Bt()._id?new we('Please visit "Account" to delete this user',400):new we("Account holder cannot be deleted",400)}await gt.removeUser(n),await r.remove(i,n._rev);let o=await _o(n)?1:0;await t.quotas.removeUsers(1,o),await Op(n),await Dr.invalidateUser(i),await En(i,{reason:"deletion"})}static async createAdminUser(e,r,n){let i=n?.password,o={email:e,password:i,createdAt:Date.now(),roles:{},builder:{global:!0},admin:{global:!0},tenantId:r,firstName:n?.firstName,lastName:n?.lastName};return n?.ssoId&&(o.ssoId=n.ssoId),await oi(ye.CHECKLIST),await t.save(o,{hashPassword:n?.hashPassword,requirePassword:n?.requirePassword,skipPasswordValidation:n?.skipPasswordValidation,isAccountHolder:!0})}static async getGroups(e){return await this.groups.getBulk(e)}static async getGroupBuilderAppIds(e){return await this.groups.getGroupBuilderAppIds(e)}};function wo(t){return Array.isArray(t)?t.map(e=>{if(e)return delete e.password,e}):t&&(delete t.password,t)}s(wo,"removeUserPassword");async function Ku(t,e){let n=(await H().allDocs({keys:t,include_docs:!0})).rows.map(i=>i.doc);return e?.cleanup&&(n=wo(n)),n}s(Ku,"bulkGetGlobalUsersById");async function RU(){let t=H(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${ve}`})).rows.map(n=>n.id)}s(RU,"getAllUserIds");async function CU(){let t=H(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${ve}`,include_docs:!0})).rows.map(n=>n.doc)}s(CU,"getAllUsers");async function Oo(t){return await H().bulkDocs(t)}s(Oo,"bulkUpdateGlobalUsers");async function Tn(t,e){let n=await H().get(t);return e?.cleanup&&(n=wo(n)),n}s(Tn,"getById");async function St(t,e){if(t==null)throw"Must supply an email address to view";let r=await Gt("by_email2",{key:t.toLowerCase(),include_docs:!0});if(Array.isArray(r))throw new Error(`Multiple users found with email address: ${t}`);let n=r;return e?.cleanup&&(n=wo(n)),n}s(St,"getGlobalUserByEmail");async function bU(t){try{let e=await St(t);if(Array.isArray(e)||e!=null)return!0}catch{return!1}return!1}s(bU,"doesUserExist");async function Qu(t,e,r){if(typeof t!="string")throw new Error("Must provide a string based workspace ID");let n=ru(t,{include_docs:!0});n.startkey=e&&e.startkey?e.startkey:n.startkey;let i=await Gt("by_app",n);i||(i=[]);let o=Array.isArray(i)?i:[i];return r?.cleanup&&(o=wo(o)),o}s(Qu,"searchGlobalUsersByApp");async function wp(t,e){let r=`roles.${t}`,n=[{"builder.global":!0},{"admin.global":!0}];if(t){let a={[r]:{$exists:!0}};n.push(a)}return(await H().find({selector:{$or:n,_id:{$regex:"^us_"}},limit:e?.limit||50})).docs}s(wp,"searchGlobalUsersByAppAccess");function dA(t,e){if(e)return tu(Qe(t),e._id)}s(dA,"getGlobalUserByAppPage");async function fA(t,e,r){if(typeof t!="string")throw new Error("Must provide a string to search by");let n=t.toLowerCase(),i=e&&e.startkey?e.startkey:n,o=await Gt("by_email2",{...e,startkey:i,endkey:`${n}${ve}`});o||(o=[]);let a=Array.isArray(o)?o:[o];return r?.cleanup&&(a=wo(a)),a}s(fA,"searchGlobalUsersByEmail");var xU=8;async function pA({bookmark:t,query:e,appId:r,limit:n}={}){let i=H(),o=n??xU,u={include_docs:!0,limit:o+1};t&&(u.startkey=t);let c,l="_id",d;return e?.equal?._id?c=[await Tn(e.equal._id)]:r?(c=await Qu(r,u),d=s(f=>dA(r,f),"getKey")):e?.string?.email?(c=await fA(e?.string?.email,u),l="email"):e?.oneOf?._id?c=await Ku(e?.oneOf?._id,{cleanup:!0}):e?(c=(await i.allDocs(sn(null,{...u,limit:void 0}))).rows.map(p=>p.doc),c=lr.search(c,{query:e,limit:u.limit}).rows):c=(await i.allDocs(sn(null,u))).rows.map(p=>p.doc),gf(c,o,{paginate:!0,property:l,getKey:d})}s(pA,"paginatedUsers");async function vU(){return(await Sf("by_email2",{limit:0,include_docs:!1})).total_rows}s(vU,"getUserCount");async function PU(){let t=0;async function e(r){let n=await pA({bookmark:r}),i=await yn(n.data);t+=i.filter(o=>o).length,n.hasNextPage&&await e(n.nextPage)}return s(e,"iterate"),await e(),t}s(PU,"getCreatorCount");function NU(t){return delete t.admin,delete t.builder,t}s(NU,"removePortalUserPermissions");function Dp(t,e){return delete t.admin,delete t.builder,delete t.roles,e&&(t.admin=e.admin,t.builder=e.builder,t.roles=e.roles),t}s(Dp,"cleanseUserObject");async function UU(t,e){let r=Qe(e);t.builder??={},t.builder.creator=!0,t.builder.apps??=[],t.builder.apps.push(r),await bt.save(t,{hashPassword:!1})}s(UU,"addAppBuilder");async function LU(t,e){let r=Qe(e);t.builder&&t.builder.apps?.includes(r)&&(t.builder.apps=t.builder.apps.filter(n=>n!==r)),await bt.save(t,{hashPassword:!1})}s(LU,"removeAppBuilder");var mA=3600;async function kU(t,e){let n=await Of(e).get(t);if(n.budibaseAccess=!0,!E.SELF_HOSTED&&!E.DISABLE_ACCOUNT_PORTAL){let i=await Ir(n.email);i&&(n.account=i,n.accountPortalAccess=!0)}return n}s(kU,"populateFromDB");async function MU(t){let e=await bt.bulkGet(t),r=t.filter((i,o)=>!e[o]),n=e.filter(i=>i);return await Promise.all(n.map(async i=>{if(i.budibaseAccess=!0,!E.SELF_HOSTED&&!E.DISABLE_ACCOUNT_PORTAL){let o=await Ir(i.email);o&&(i.account=o,i.accountPortalAccess=!0)}})),r.length?{users:n,notFoundIds:r}:{users:n}}s(MU,"populateUsersFromDB");async function Do({userId:t,tenantId:e,email:r,populateUser:n}){if(n||(n=kU),!e)try{e=V()}catch{e=await gt.lookupTenantId(t)}let i=await Ms(),o=await i.get(t);return o||(o=await n(t,e,r),await i.store(t,o,mA)),o&&!o.tenantId&&e&&(o.tenantId=e),o.userGroups&&!Ue.users.isGlobalBuilder(o)&&await Re(e,async()=>{let a=await bt.getGroupBuilderAppIds(o);if(a.length){let u=o.builder?.apps||[];o.builder={apps:[...new Set(u.concat(a))]}}}),o}s(Do,"getUser");async function FU(t){let e=await Ms(),r=await e.bulkGet(t),n=t.filter(a=>!r[a]),i=Object.values(r).filter(a=>!!a),o;if(n.length){let a=await MU(n);o=a.notFoundIds;for(let u of a.users)await e.store(u._id,u,mA);i.push(...a.users)}return{users:i,notFoundIds:o}}s(FU,"getUsers");async function Ro(t){await(await Ms()).delete(t)}s(Ro,"invalidateUser");var vp={};N(vp,{Writethrough:()=>bp});var Ti={};N(Ti,{AUTO_EXTEND_POLLING_MS:()=>EA,doWithLock:()=>Rp,newRedlock:()=>Sn});var hA=B(require("redlock"));async function WU(t,e){if(t==="custom")return Sn(e);switch(t){case"try_once":return Sn(yi.TRY_ONCE);case"try_twice":return Sn(yi.TRY_TWICE);case"default":return Sn(yi.DEFAULT);case"delay_500":return Sn(yi.DELAY_500);case"auto_extend":return Sn(yi.AUTO_EXTEND);default:throw At.unreachable(t)}}s(WU,"getClient");var yi={TRY_ONCE:{retryCount:0},TRY_TWICE:{retryCount:1},DEFAULT:{driftFactor:.01,retryCount:10,retryDelay:200,retryJitter:100},DELAY_500:{retryDelay:500},CUSTOM:{},AUTO_EXTEND:{retryCount:-1}};async function Sn(t={}){let e={...yi.DEFAULT,...t},n=(await df()).client;return new hA.default([n],e)}s(Sn,"newRedlock");function $U(t){let r=`lock:${t.systemLock?"system":V()}_${t.name}`;return t.resource&&(r=r+`_${t.resource}`),r}s($U,"getLockName");var EA=he.fromSeconds(10).toMs();async function Rp(t,e){let r=await WU(t.type,t.customOptions),n,i;try{let o=$U(t),a=t.type==="auto_extend"?EA:t.ttl;if(n=await r.lock(o,a),t.type==="auto_extend"){let c=s(()=>{i=setTimeout(async()=>{n=await n.extend(a,()=>t.onExtend&&t.onExtend()),c()},a/2)},"extendInIntervals");c()}return{executed:!0,result:await e()}}catch(o){if(o.name==="LockError"){if(t.type==="try_once")return{executed:!1};throw o}else throw o}finally{clearTimeout(i),await n?.unlock()}}s(Rp,"doWithLock");var gA=1e4,Cp=null;async function ju(){if(!Cp){let t=await lf();Cp=new dn(t)}return Cp}s(ju,"getCache");function Co(t,e){return t.name+e}s(Co,"makeCacheKey");function xp(t,e=null){return{doc:t,lastWrite:e||Date.now()}}s(xp,"makeCacheItem");async function GU(t,e,r=gA){let n=await ju(),i=e._id,o;i&&(o=await n.get(Co(t,i)));let a=!o||o.lastWrite<Date.now()-r,u=e;return a&&((await Rp({type:"try_once",name:"persist_writethrough",resource:i,ttl:15e3},async()=>{let l=s(async d=>{let f=await t.put(d,{force:!0});u._id=f.id,u._rev=f.rev},"writeDb");try{await l(e)}catch(d){if(d.status!==409)throw d;si("Ignoring conflict in write-through cache")}})).executed||si("Ignoring redlock conflict in write-through cache")),o=xp(u,a?null:o?.lastWrite),u._id&&await n.store(Co(t,u._id),o),{ok:!0,id:u._id,rev:u._rev}}s(GU,"put");async function VU(t,e){let r=await ju(),n=Co(t,e),i=await r.get(n);if(!i){let o=await t.get(e);i=xp(o),await r.store(n,i)}return i.doc}s(VU,"get");async function qU(t,e){let r=await ju(),n=Co(t,e),i=await r.get(n);if(!i){let o=await t.tryGet(e);if(!o)return null;i=xp(o),await r.store(n,i)}return i.doc}s(qU,"tryGet");async function KU(t,e,r){let n=await ju();if(!e)throw new Error("No ID/Rev provided.");let i=typeof e=="string"?e:e._id;r=typeof e=="string"?r:e._rev;try{await n.delete(Co(t,i))}finally{await t.remove(i,r)}}s(KU,"remove");var bp=class{static{s(this,"Writethrough")}constructor(e,r=gA){this.db=e,this.writeRateMs=r}async put(e,r=this.writeRateMs){return GU(this.db,e,r)}async get(e){return VU(this.db,e)}async tryGet(e){return qU(this.db,e)}async remove(e,r){return KU(this.db,e,r)}};function Yu(t){return`config${C}${t}`}s(Yu,"generateConfigID");async function nt(t){let e=H();try{return await e.get(Yu(t))}catch(r){if(r.status===404)return;throw r}}s(nt,"getConfig");async function QU(t){return t._id||(t._id=Yu(t.type)),H().put(t)}s(QU,"save");async function hi(){let t=await nt("settings");return t||(t={_id:Yu("settings"),type:"settings",config:{}}),t.config.platformUrl=await bo({tenantAware:!0,config:t.config}),t.config.analyticsEnabled=await Uu({config:t.config}),t}s(hi,"getSettingsConfigDoc");async function Up(){return(await hi()).config}s(Up,"getSettingsConfig");async function bo(t={tenantAware:!0}){let e=E.PLATFORM_URL||"http://localhost:10000";if(!E.SELF_HOSTED&&E.MULTI_TENANCY&&t.tenantAware){let r=V();e.includes("localhost:")||(e=e.replace("://",`://${r}.`))}else if(E.SELF_HOSTED){let r=t?.config?t.config:(await nt("settings"))?.config;r?.platformUrl&&(e=r.platformUrl)}return e}s(bo,"getPlatformUrl");var Uu=s(async t=>{if(!E.SELF_HOSTED)return!!E.ENABLE_ANALYTICS;let e=await _r(ye.ANALYTICS_ENABLED,86400,async()=>{let n=t?.config?t.config:(await nt("settings"))?.config;if(n?.analyticsEnabled===!1)return!1;if(n?.analyticsEnabled===!0)return!0});if(e!==void 0)return e;let r=E.ENABLE_ANALYTICS;return!(r===0||r===!1)},"analyticsEnabled");async function jU(){return await nt("google")}s(jU,"getGoogleConfigDoc");async function Hu(){return(await jU())?.config}s(Hu,"getGoogleConfig");async function Lp(){if(!E.SELF_HOSTED)return Pp();let t=await Hu();return(!t||!t.activated)&&(t=Pp()),t}s(Lp,"getGoogleDatasourceConfig");function Pp(){if(E.GOOGLE_CLIENT_ID&&E.GOOGLE_CLIENT_SECRET)return{clientID:E.GOOGLE_CLIENT_ID,clientSecret:E.GOOGLE_CLIENT_SECRET,activated:!0}}s(Pp,"getDefaultGoogleConfig");async function YU(){return nt("logos_oidc")}s(YU,"getOIDCLogosDoc");async function HU(){return nt("oidc")}s(HU,"getOIDCConfigDoc");async function zU(){let t=(await HU())?.config;return t?.configs&&t.configs[0]}s(zU,"getOIDCConfig");async function kp(t){let e=(await nt("oidc"))?.config;return e&&e.configs.filter(r=>r.uuid===t)[0]}s(kp,"getOIDCConfigById");async function yA(){return nt("smtp")}s(yA,"getSMTPConfigDoc");async function JU(t){let e=await yA();if(e)return e.config;let r=E.SELF_HOSTED||!t;if(E.SMTP_FALLBACK_ENABLED&&r)return{port:E.SMTP_PORT,host:E.SMTP_HOST,secure:!1,from:E.SMTP_FROM_ADDRESS,auth:{user:E.SMTP_USER,pass:E.SMTP_PASSWORD},fallback:!0}}s(JU,"getSMTPConfig");async function ZU(){return(await nt("scim"))?.config}s(ZU,"getSCIMConfig");async function XU(){return nt("ai")}s(XU,"getAIConfig");async function eL(){return nt("recaptcha")}s(eL,"getRecaptchaConfig");var Qp={};N(Qp,{AccessController:()=>Bp,BUILTIN_ROLE_IDS:()=>Wp,Role:()=>Rr,RoleHierarchyTraversal:()=>zu,RoleIDVersion:()=>$p,builtinRoleToNumber:()=>xo,checkForRoleResourceArray:()=>_A,externalRole:()=>oL,findRole:()=>vo,getAllRoleIds:()=>lL,getAllRoles:()=>Kp,getBuiltinRole:()=>SA,getBuiltinRoles:()=>Vp,getDBRoleID:()=>OA,getExternalRoleID:()=>Cr,getExternalRoleIDs:()=>IA,getRole:()=>aL,getUserRoleHierarchy:()=>qp,getUserRoleIdHierarchy:()=>AA,isBuiltin:()=>An,lowerBuiltinRoleID:()=>sL,prefixRoleIDNoBuiltin:()=>Fp,roleIDsAreEqual:()=>it,roleToNumber:()=>iL,saveRoles:()=>uL,validInherits:()=>nL});var TA=require("lodash"),Ju=B(require("lodash/fp/cloneDeep")),Mp=B(require("semver"));var Wp={ADMIN:"ADMIN",POWER:"POWER",BASIC:"BASIC",PUBLIC:"PUBLIC"},ie={...Wp,BUILDER:"BUILDER"},$p={UUID:void 0,NAME:"name"};function rL(t,e){return Array.isArray(e)?e.filter(r=>t.includes(r)).length===e.length:t.includes(e)}s(rL,"rolesInList");var Rr=class{constructor(e,r,n,i){this.permissions={};this._id=e,this.name=r,this.uiMetadata=i,this.permissionId=n,this.version=$p.NAME}static{s(this,"Role")}addInheritance(e){return e&&typeof e=="string"?e=Fp(e):e&&Array.isArray(e)&&(e=e.map(Fp)),this.inherits=e,this}},zu=class{static{s(this,"RoleHierarchyTraversal")}constructor(e,r){this.allRoles=e,this.opts=r}walk(e){let r=this.opts,n=this.allRoles,i=[];if(!e||!e._id)return i;if(i.push(e),Array.isArray(e.inherits))for(let o of e.inherits){let a=vo(o,n,r);a&&(i=i.concat(this.walk(a)))}else{let o=[],a=e;for(;a&&a.inherits&&!rL(o,a.inherits);){if(Array.isArray(a.inherits))return i.concat(this.walk(a));if(o.push(a.inherits),a=vo(a.inherits,n,r),a&&i.push(a),Ne.roles.checkForRoleInheritanceLoops(i))break}}return(0,TA.uniqBy)(i,o=>o._id)}},Gp={ADMIN:new Rr(ie.ADMIN,ie.ADMIN,"admin",{displayName:"App admin",description:"Can do everything",color:"var(--spectrum-global-color-static-red-400)"}).addInheritance(ie.POWER),POWER:new Rr(ie.POWER,ie.POWER,"power",{displayName:"App power user",description:"An app user with more access",color:"var(--spectrum-global-color-static-orange-400)"}).addInheritance(ie.BASIC),BASIC:new Rr(ie.BASIC,ie.BASIC,"write",{displayName:"App user",description:"Any logged in user",color:"var(--spectrum-global-color-static-green-400)"}).addInheritance(ie.PUBLIC),PUBLIC:new Rr(ie.PUBLIC,ie.PUBLIC,"public",{displayName:"Public user",description:"Accessible to anyone",color:"var(--spectrum-global-color-static-blue-400)"}),BUILDER:new Rr(ie.BUILDER,ie.BUILDER,"admin",{displayName:"Builder user",description:"Users that can edit this app",color:"var(--spectrum-global-color-static-magenta-600)"})};function Vp(){return(0,Ju.default)(Gp)}s(Vp,"getBuiltinRoles");function An(t){return Object.values(Wp).includes(t)}s(An,"isBuiltin");function Fp(t){return An(t)?t:Wt(t)}s(Fp,"prefixRoleIDNoBuiltin");function SA(t){let e=Object.values(Gp).find(r=>t.includes(r._id));if(e)return(0,Ju.default)(e)}s(SA,"getBuiltinRole");function nL(t,e){if(!e)return!1;let r=s(n=>t.find(i=>it(i._id,n)),"find");if(Array.isArray(e)){let n=e.filter(i=>r(i));return e.length!==0&&n.length===e.length}else return!!r(e)}s(nL,"validInherits");function xo(t){let e=Vp(),r=Object.values(e).length+1;if(it(t,ie.ADMIN)||it(t,ie.BUILDER))return r;let n=e[t],i=0;do{if(!n)break;if(Array.isArray(n.inherits))throw new Error("Built-in roles don't support multi-inheritance");n=e[n.inherits],i++}while(n!==null);return i}s(xo,"builtinRoleToNumber");async function iL(t){if(An(t))return xo(t);let e=await qp(t,{defaultPublic:!0}),r=s(n=>{if(!n.inherits)return 0;if(Array.isArray(n.inherits)){let i=n.inherits.map(o=>{let a=e.find(u=>it(u._id,o));if(a)return r(a)+1}).filter(o=>o).sort().pop();if(i!=null)return i}else if(An(n.inherits))return xo(n.inherits)+1;return 0},"findNumber");return Math.max(...e.map(r))}s(iL,"roleToNumber");function sL(t,e){return t?e&&xo(t)>xo(e)?e:t:e}s(sL,"lowerBuiltinRoleID");function it(t,e){return Wt(t)===Wt(e)}s(it,"roleIDsAreEqual");function oL(t){let e;return t._id&&(e=Cr(t._id)),{...t,_id:e,inherits:IA(t.inherits,t.version)}}s(oL,"externalRole");function vo(t,e,r){let n=SA(t);n||(t=Wt(t));let i=e.find(o=>o._id&&it(o._id,t));return!i&&!An(t)&&r?.defaultPublic?(0,Ju.default)(Gp.PUBLIC):(n=Object.assign(n||{},i),n?._id&&(n._id=Cr(n._id,n.version)),Object.keys(n).length===0?void 0:n)}s(vo,"findRole");async function aL(t,e){let r=Zn(),n=[];if(!An(t)){let i=await r.tryGet(OA(t));i&&n.push(i)}return vo(t,n,e)}s(aL,"getRole");async function uL(t){await Zn().bulkDocs(t.filter(r=>r._id).map(r=>({...r,_id:Wt(r._id)})))}s(uL,"saveRoles");async function cL(t,e){let r=await Kp();if(it(t,ie.ADMIN))return r;let n=vo(t,r,e),i=[];return n&&(i=new zu(r,e).walk(n)),i}s(cL,"getAllUserRoles");async function AA(t){return(await qp(t)).map(r=>r._id)}s(AA,"getUserRoleIdHierarchy");async function qp(t,e){return cL(t,e)}s(qp,"getUserRoleHierarchy");function _A(t,e){if(t&&!Array.isArray(t[e])){let r=t[e];t[e]=[r],r==="write"&&t[e].push("read")}return t}s(_A,"checkForRoleResourceArray");async function lL(t){return(await Kp(t)).map(r=>r._id)}s(lL,"getAllRoleIds");async function Kp(t){if(t)return Ke(t,e);{let r;try{r=Zn()}catch{}return e(r)}async function e(r){let n=[];r&&(n=(await r.allDocs(nu(null,{include_docs:!0}))).rows.map(u=>u.doc),n.forEach(u=>u._id=Cr(u._id,u.version)));let i=Vp(),o=[];!r||await dL(r)?o=[ie.ADMIN,ie.POWER,ie.BASIC,ie.PUBLIC]:o=[ie.ADMIN,ie.BASIC,ie.PUBLIC];for(let a of o){let u=i[a],c=n.filter(l=>it(l._id,a))[0];c==null?n.push(u||i.BASIC):(n=n.filter(l=>l._id!==c._id),c._id=Cr(u._id,c.version),n.push({...u,...c,name:u.name,_id:Cr(u._id,u.version)}))}for(let a of n)if(a.permissions)for(let u of Object.keys(a.permissions))a.permissions=_A(a.permissions,u);return n}s(e,"internal")}s(Kp,"getAllRoles");async function dL(t){let r=(await t.tryGet("app_metadata"))?.creationVersion;return!r||!Mp.default.valid(r)?!0:!Mp.default.gte(r,E.MIN_VERSION_WITHOUT_POWER_ROLE)}s(dL,"shouldIncludePowerRole");var Bp=class{static{s(this,"AccessController")}constructor(){this.userHierarchies={}}async hasAccess(e,r){if(e==null||e===""||it(e,ie.BUILDER)||it(r,e)||it(r,ie.BUILDER))return!0;let n=r?this.userHierarchies[r]:null;return!n&&r&&(n=await AA(r),this.userHierarchies[r]=n),n?.find(i=>it(i,e))!==void 0}async checkScreensAccess(e,r){let n=[];for(let i of e){let o=await this.checkScreenAccess(i,r);o&&n.push(o)}return n}async checkScreenAccess(e,r){let n=e&&e.routing?e.routing.roleId:void 0;return await this.hasAccess(n,r)?e:null}};function OA(t){return t?.startsWith("role")?t:Wt(t)}s(OA,"getDBRoleID");function Cr(t,e){if(t.startsWith(`role${C}`)&&(An(t)||e===$p.NAME)){let r=t.split(C);return r.shift(),r.join(C)}return t}s(Cr,"getExternalRoleID");function IA(t,e){return t&&(typeof t=="string"?Cr(t,e):t.map(r=>Cr(r,e)))}s(IA,"getExternalRoleIDs");var jp={};N(jp,{BUILDER:()=>EL,BUILTIN_PERMISSIONS:()=>Zu,CREATOR:()=>gL,GLOBAL_BUILDER:()=>yL,PermissionImpl:()=>se,PermissionLevel:()=>wi,PermissionType:()=>Wo,doesHaveBasePermission:()=>mL,getAllowedLevels:()=>CA,getBuiltinPermissionByID:()=>pL,getBuiltinPermissions:()=>fL,isPermissionLevelHigherThanRead:()=>hL,levelToNumber:()=>RA});var wA=B(require("lodash/flatten")),DA=B(require("lodash/fp/cloneDeep"));var se=class{static{s(this,"PermissionImpl")}constructor(e,r){this.type=e,this.level=r}};function RA(t){switch(t){case"execute":return 0;case"read":return 1;case"write":return 2;case"admin":return 3;default:return-1}}s(RA,"levelToNumber");function CA(t){switch(t){case"execute":return["execute"];case"read":return["execute","read"];case"write":case"admin":return["execute","read","write"];default:return[]}}s(CA,"getAllowedLevels");var Zu={PUBLIC:{_id:"public",name:"Public",permissions:[new se("webhook","execute")]},READ_ONLY:{_id:"read_only",name:"Read only",permissions:[new se("query","read"),new se("table","read"),new se("app","read")]},WRITE:{_id:"write",name:"Read/Write",permissions:[new se("query","write"),new se("table","write"),new se("automation","execute"),new se("legacy_view","read"),new se("app","read")]},POWER:{_id:"power",name:"Power",permissions:[new se("table","write"),new se("user","read"),new se("automation","execute"),new se("webhook","read"),new se("legacy_view","read"),new se("app","read")]},ADMIN:{_id:"admin",name:"Admin",permissions:[new se("table","admin"),new se("user","admin"),new se("automation","admin"),new se("webhook","read"),new se("query","admin"),new se("legacy_view","read"),new se("app","read")]}};function fL(){return(0,DA.default)(Zu)}s(fL,"getBuiltinPermissions");function pL(t){return Object.values(Zu).find(r=>r._id===t)}s(pL,"getBuiltinPermissionByID");function mL(t,e,r){let n=[...new Set(r.map(a=>a.permissionId))],i=Object.values(Zu),o=(0,wA.default)(i.filter(a=>n.indexOf(a._id)!==-1).map(a=>a.permissions));for(let a of o)if(a.type===t&&CA(a.level).indexOf(e)!==-1)return!0;return!1}s(mL,"doesHaveBasePermission");function hL(t){return RA(t)>1}s(hL,"isPermissionLevelHigherThanRead");var EL="builder",gL="creator",yL="globalBuilder";var zp={};N(zp,{FlagSet:()=>ec,all:()=>OL,flags:()=>Yp,getEnvFlags:()=>PA,init:()=>TL,isEnabled:()=>_L,parseEnvFlags:()=>rc,shutdown:()=>SL,testutils:()=>Hp});var tc=B(require("crypto")),bA=B(require("dd-trace")),xA=require("lodash"),vA=require("posthog-node");var Xu;function TL(t){E.POSTHOG_TOKEN&&E.POSTHOG_API_HOST&&!E.SELF_HOSTED&&E.POSTHOG_FEATURE_FLAGS_ENABLED?(console.log("initializing posthog client..."),Xu=new vA.PostHog(E.POSTHOG_TOKEN,{host:E.POSTHOG_API_HOST,personalApiKey:E.POSTHOG_PERSONAL_TOKEN,featureFlagsPollingInterval:he.fromMinutes(3).toMs(),...t})):console.log("posthog disabled")}s(TL,"init");function SL(){Xu?.shutdown()}s(SL,"shutdown");function rc(t){let e=t.split(",").map(n=>n.split(":")),r=[];for(let[n,...i]of e)for(let o of i){let a=!0;o.startsWith("!")&&(o=o.slice(1),a=!1),r.push({tenantId:n,key:o,value:a})}return r}s(rc,"parseEnvFlags");function PA(){return rc(E.TENANT_FEATURE_FLAGS||"")}s(PA,"getEnvFlags");var ec=class{constructor(e){this.flagSchema=e;this.setId=tc.randomUUID()}static{s(this,"FlagSet")}defaults(){return(0,xA.cloneDeep)(this.flagSchema)}isFlagName(e){return this.flagSchema[e]!==void 0}async isEnabled(e){return(await this.fetch())[e]}async fetch(){return await bA.default.trace("features.fetch",async e=>{let r=rf(this.setId);if(r)return e?.addTags({fromCache:!0}),r;let n={},i=this.defaults(),o=V(),a=new Set;if(za())return i;for(let{tenantId:f,key:p,value:m}of PA())if(!(!f||f!=="*"&&f!==o)&&(n.readFromEnvironmentVars=!0,m===!1&&a.add(p),!!this.isFlagName(p))){if(typeof i[p]!="boolean")throw new Error(`Feature: ${p} is not a boolean`);i[p]=m,n[`flags.${p}.source`]="environment"}let u=Bt(),c=u?._id;if(!c){let f=ef();f&&(c=tc.createHash("sha512").update(f).digest("hex"))}let l=u?.tenantId;if(l||(l=o),n["identity.type"]=u?.type,n["identity._id"]=u?._id,n.tenantId=l,n.userId=c,Xu&&c){n.readFromPostHog=!0;let f=await hi(),p={tenantId:l},m={tenant:{id:l}};f.config.createdVersion&&(m.tenant.createdVersion=f.config.createdVersion),f.createdAt&&(m.tenant.createdAt=`${f.createdAt}`);let h=await Xu.getAllFlags(c,{personProperties:p,onlyEvaluateLocally:!0,groups:{tenant:l},groupProperties:m});for(let[g,y]of Object.entries(h))if(this.isFlagName(g)){if(typeof y!="boolean"){console.warn(`Invalid value for posthog flag "${g}": ${y}`);continue}if(!(i[g]===!0||a.has(g)))try{i[g]=y,n[`flags.${g}.source`]="posthog"}catch(S){console.warn(`Error parsing posthog flag "${g}": ${y}`,S)}}}let d=sf();for(let[f,p]of Object.entries(d))this.isFlagName(f)&&typeof p=="boolean"&&(i[f]=p,n[`flags.${f}.source`]="override");nf(this.setId,i);for(let[f,p]of Object.entries(i))n[`flags.${f}.value`]=p;return e?.addTags(n),i})}},AL={USE_ZOD_VALIDATOR:!1,AI_AGENTS:!1,DEBUG_UI:E.isDev(),DEV_USE_CLIENT_FROM_STORAGE:!1,DUPLICATE_APP:!1,COPY_RESOURCES_BETWEEN_WORKSPACES:!1,PRIVATE_LLMS:!1},Yp=new ec(AL);async function _L(t){return await Yp.isEnabled(t)}s(_L,"isEnabled");async function OL(){return await Yp.fetch()}s(OL,"all");var Hp={};N(Hp,{setFeatureFlags:()=>NA,withFeatureFlags:()=>DL});function IL(){let t={};for(let{tenantId:e,key:r,value:n}of rc(process.env.TENANT_FEATURE_FLAGS||"")){let i=t[e]||{};i[r]!==!1&&(i[r]=n,t[e]=i)}return t}s(IL,"getCurrentFlags");function wL(t){let e=[];for(let[r,n]of Object.entries(t))for(let[i,o]of Object.entries(n))o===!1?e.push(`${r}:!${i}`):e.push(`${r}:${i}`);return e.join(",")}s(wL,"buildFlagString");function NA(t,e){let r=IL();for(let[i,o]of Object.entries(e)){let a=r[t]||{};a[i]=o,r[t]=a}let n=wL(r);return As({TENANT_FEATURE_FLAGS:n})}s(NA,"setFeatureFlags");function DL(t,e,r){let n=NA(t,e),i=r();return i instanceof Promise?i.finally(n):(n(),i)}s(DL,"withFeatureFlags");var um={};N(um,{adminOnly:()=>nc,auditLog:()=>ic,authError:()=>Oe,buildAuthMiddleware:()=>c0,buildCsrfMiddleware:()=>d0,buildTenancyMiddleware:()=>l0,builderOnly:()=>lc,builderOrAdmin:()=>dc,google:()=>Zt,internalApi:()=>pc,joiValidator:()=>Po,oidc:()=>Xt,passport:()=>f0,platformLogout:()=>g0,refreshOAuthToken:()=>h0,ssoCallbackUrl:()=>xr,updateUserOAuth:()=>E0,workspaceBuilderOrAdmin:()=>Ec});var am={};N(am,{adminOnly:()=>nc,auditLog:()=>ic,authError:()=>Oe,authenticated:()=>cc,builderOnly:()=>lc,builderOrAdmin:()=>dc,correlation:()=>LA,csp:()=>qA,csrf:()=>fc,datasource:()=>a0,errorHandling:()=>QA,featureFlagCookie:()=>jA,google:()=>Zt,internalApi:()=>pc,ip:()=>YA,joiValidator:()=>Po,local:()=>Si,oidc:()=>Xt,pino:()=>kA,querystringToBody:()=>t_,ssoCallbackUrl:()=>xr,tenancy:()=>hc,workspaceBuilderOrAdmin:()=>Ec});var UA=require("uuid");var RL=require("correlation-id"),LA=s((t,e)=>{let r=t.headers["x-budibase-correlation-id"];return r||(r=(0,UA.v4)()),RL.withId(r,()=>e())},"correlationMiddleware");var CL=require("koa-pino-logger"),bL=require("correlation-id");function xL(){return{logger:yu,genReqId:bL.getId,autoLogging:{ignore:t=>!!t.url?.includes("/health")},serializers:{req:t=>({method:t.method,url:t.url,correlationId:t.id}),res:t=>({status:t.statusCode})}}}s(xL,"pinoSettings");function vL(){return E.HTTP_LOGGING?CL(xL()):(t,e)=>e()}s(vL,"getMiddleware");var kA=vL();var nc=s(async(t,e)=>(!t.internal&&!Ct(t.user)&&t.throw(403,"Admin user only endpoint."),e()),"adminOnly");var ic=s(async(t,e)=>e(),"auditLog");var PL=/\/:(.*?)(\/.*)?$/g,_n=s(t=>t?t.map(e=>{let r=e.route,n=e.method,i=r.match(PL);if(i)for(let o of i){let u="/.*"+(o.endsWith("/")?"/":"");r=r.replace(o,u)}return{regex:new RegExp(r),method:n,route:r}}):[],"buildMatcherRegex"),On=s((t,e)=>e.find(({regex:r,method:n})=>{let i=r.test(t.request.url),o=n==="ALL"?!0:t.request.method.toLowerCase()===n.toLowerCase();return i&&o}),"matches");var rm={};N(rm,{SecretOption:()=>BA,decrypt:()=>tm,decryptFile:()=>FL,encrypt:()=>LL,encryptFile:()=>kL,getSecret:()=>em});var Jt=B(require("crypto")),br=B(require("fs")),Jp=require("path"),Zp=B(require("zlib"));var sc="aes-256-ctr",FA="-",NL=1e4,UL=32,oc=16,Xp=16,BA=(r=>(r.API="api",r.ENCRYPTION="encryption",r))(BA||{});function em(t){let e,r;switch(t){case"encryption":e=E.ENCRYPTION_KEY,r="ENCRYPTION_KEY";break;case"api":default:e=E.API_ENCRYPTION_KEY,r="API_ENCRYPTION_KEY";break}if(!e)throw new Error(`Secret "${r}" has not been set in environment.`);return e}s(em,"getSecret");function ac(t,e){return Jt.default.pbkdf2Sync(t,new Uint8Array(e),NL,UL,"sha512")}s(ac,"stretchString");function LL(t,e="api"){let r=Jt.default.randomBytes(oc),n=ac(em(e),r),i=Jt.default.createCipheriv(sc,new Uint8Array(n),new Uint8Array(r)),o=i.update(t,"utf8"),a=i.final(),u=Buffer.concat([new Uint8Array(o),new Uint8Array(a)]).toString("hex");return`${r.toString("hex")}${FA}${u}`}s(LL,"encrypt");function tm(t,e="api"){let[r,n]=t.split(FA),i=Buffer.from(r,"hex"),o=ac(em(e),i),a=Jt.default.createDecipheriv(sc,new Uint8Array(o),new Uint8Array(i)),u=a.update(n,"hex"),c=a.final();return Buffer.concat([new Uint8Array(u),new Uint8Array(c)]).toString()}s(tm,"decrypt");async function kL({dir:t,filename:e},r){let n=`${e}.enc`,i=(0,Jp.join)(t,e);if(br.default.lstatSync(i).isDirectory())throw new Error("Unable to encrypt directory");let o=br.default.createReadStream(i),a=br.default.createWriteStream((0,Jp.join)(t,n)),u=Jt.default.randomBytes(oc),c=Jt.default.randomBytes(Xp),l=ac(r,u),d=Jt.default.createCipheriv(sc,new Uint8Array(l),new Uint8Array(c));return a.write(u),a.write(c),o.pipe(Zp.default.createGzip()).pipe(d).pipe(a),new Promise(f=>{a.on("finish",()=>{f({filename:n,dir:t})})})}s(kL,"encryptFile");async function ML(t){let e=br.default.createReadStream(t),r=await MA(e,oc),n=await MA(e,Xp);return e.close(),{salt:r,iv:n}}s(ML,"getSaltAndIV");async function FL(t,e,r){if(br.default.lstatSync(t).isDirectory())throw new Error("Unable to decrypt directory");let{salt:n,iv:i}=await ML(t),o=br.default.createReadStream(t,{start:oc+Xp}),a=br.default.createWriteStream(e),u=ac(r,n),c=Jt.default.createDecipheriv(sc,new Uint8Array(u),new Uint8Array(i)),l=Zp.default.createGunzip();return o.pipe(c).pipe(l).pipe(a),new Promise((d,f)=>{a.on("finish",()=>{a.close(),d()}),o.on("error",p=>{a.close(),f(p)}),c.on("error",p=>{a.close(),f(p)}),l.on("error",p=>{a.close(),f(p)}),a.on("error",p=>{a.close(),f(p)})})}s(FL,"decryptFile");function MA(t,e){return new Promise((r,n)=>{let i=0,o=[];t.on("readable",()=>{let a;for(;(a=t.read(e-i))!==null;)o.push(a),i+=a.length;r(Buffer.concat(o.map(u=>new Uint8Array(u))))}),t.on("end",()=>{n(new Error("Insufficient data in the stream."))}),t.on("error",a=>{n(a)})})}s(MA,"readBytes");var $A=B(require("dd-trace"));var BL=E.SESSION_UPDATE_PERIOD?parseInt(E.SESSION_UPDATE_PERIOD):60*1e3;function WL(){return new Date(Date.now()-BL).toISOString()}s(WL,"timeMinusOneMinute");function WA(t,e={}){t.publicEndpoint=e.publicEndpoint||!1,t.isAuthenticated=e.authenticated||!1,t.loginMethod=e.loginMethod,t.user=e.user,t.internal=e.internal||!1,t.version=e.version}s(WA,"finalise");async function $L(t,e){if(js(t))return{valid:!0,user:void 0};let n=tm(t).split(C)[0];return Re(n,async()=>{let i;try{let o=H();i=await Gt("by_api_key",{key:t},o)}catch{i=void 0}if(i)return{valid:!0,user:await Do({userId:i,tenantId:n,populateUser:e})};throw new ci})}s($L,"checkApiKey");function uc(t,e){let r=t.request.headers[e];if(Array.isArray(r))throw new Error("Unexpected header format");return r}s(uc,"getHeader");function cc(t=[],e={publicAllowed:!1}){let r=t?_n(t):[];return async(n,i)=>{let o=!1,a=uc(n,"x-budibase-api-version");On(n,r)&&(o=!0);try{let c=uc(n,"x-budibase-token"),l=qt(n,"budibase:auth")||su(c),d=uc(n,"x-budibase-api-key");!d&&n.request.headers.authorization&&(d=n.request.headers.authorization.split(" ")[1]);let f=uc(n,"x-budibase-tenant-id"),p=!1,m,h=!1,g;if(l&&!d){let S=l.sessionId,O=l.userId,_;try{_=await lp(O,S),e&&e.populateUser?m=await Do({userId:O,tenantId:_.tenantId,email:_.email,populateUser:e.populateUser(n)}):m=await Do({userId:O,tenantId:_.tenantId,email:_.email}),m.csrfToken=_.csrfToken,g="cookie",_?.lastAccessedAt<WL()&&await cp(_),p=!0}catch(w){p=!1,console.error(`Auth Error: ${w.message}`),yr(n,"budibase:auth")}}if(!p&&d){let S=e.populateUser?e.populateUser(n):null,{valid:O,user:_}=await $L(d,S);O&&(p=!0,g="api_key",m=_,h=!_)}!m&&f?m={tenantId:f}:m&&"password"in m&&delete m.password,p||(p=!1);let y=s(S=>S&&S.email,"isUser");return y(m)&&$A.default.setUser({id:m._id,tenantId:m.tenantId,budibaseAccess:m.budibaseAccess,status:m.status}),WA(n,{authenticated:p,user:m,internal:h,version:a,publicEndpoint:o,loginMethod:g}),y(m)?Md(m,n,i):i()}catch(c){if(console.error(`Auth Error: ${c.message}`),c?.name==="JsonWebTokenError"?yr(n,"budibase:auth"):c?.code==="invalid_api_key"&&n.throw(403,c.message),e&&e.publicAllowed||o)return WA(n,{authenticated:!1,version:a,publicEndpoint:o}),i();n.throw(c.status||403,c)}}}s(cc,"authenticated");async function lc(t,e){if(t.internal)return e();let r=await an(t);return!r&&!E.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!ke(t.user)?t.throw(403,"Builder user only endpoint."):r&&!gi(t.user,r)&&t.throw(403,"Workspace builder user only endpoint."),e()}s(lc,"builderOnly");async function dc(t,e){if(t.internal||Ct(t.user))return e();let r=await an(t);return!r&&!E.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!ke(t.user)?t.throw(403,"Admin/Builder user only endpoint."):r&&!gi(t.user,r)&&t.throw(403,"Workspace Admin/Builder user only endpoint."),e()}s(dc,"builderOrAdmin");var VA=B(require("crypto"));var GA={"default-src":["'self'"],"script-src":["'self'","'unsafe-eval'","https://*.budibase.net","https://cdn.budi.live","https://js.intercomcdn.com","https://widget.intercom.io","https://d2l5prqdbvm3op.cloudfront.net","https://us-assets.i.posthog.com","https://www.google.com/recaptcha/api.js"],"style-src":["'self'","'unsafe-inline'","https://cdn.jsdelivr.net","https://fonts.googleapis.com","https://rsms.me","https://maxcdn.bootstrapcdn.com"],"object-src":["'none'"],"base-uri":["'self'"],"connect-src":["'self'","https://*.budibase.app","https://*.budibaseqa.app","https://*.budibase.net","https://api-iam.intercom.io","https://api-ping.intercom.io","https://app.posthog.com","https://us.i.posthog.com","wss://nexus-websocket-a.intercom.io","wss://nexus-websocket-b.intercom.io","https://nexus-websocket-a.intercom.io","https://nexus-websocket-b.intercom.io","https://uploads.intercomcdn.com","https://uploads.intercomusercontent.com","https://*.amazonaws.com","https://*.s3.amazonaws.com","https://*.s3.us-east-2.amazonaws.com","https://*.s3.us-east-1.amazonaws.com","https://*.s3.us-west-1.amazonaws.com","https://*.s3.us-west-2.amazonaws.com","https://*.s3.af-south-1.amazonaws.com","https://*.s3.ap-east-1.amazonaws.com","https://*.s3.ap-south-1.amazonaws.com","https://*.s3.ap-northeast-2.amazonaws.com","https://*.s3.ap-southeast-1.amazonaws.com","https://*.s3.ap-southeast-2.amazonaws.com","https://*.s3.ap-northeast-1.amazonaws.com","https://*.s3.ca-central-1.amazonaws.com","https://*.s3.cn-north-1.amazonaws.com","https://*.s3.cn-northwest-1.amazonaws.com","https://*.s3.eu-central-1.amazonaws.com","https://*.s3.eu-west-1.amazonaws.com","https://*.s3.eu-west-2.amazonaws.com","https://*.s3.eu-south-1.amazonaws.com","https://*.s3.eu-west-3.amazonaws.com","https://*.s3.eu-north-1.amazonaws.com","https://*.s3.sa-east-1.amazonaws.com","https://*.s3.me-south-1.amazonaws.com","https://*.s3.us-gov-east-1.amazonaws.com","https://*.s3.us-gov-west-1.amazonaws.com","https://api.github.com"],"font-src":["'self'","data:","https://cdn.jsdelivr.net","https://fonts.gstatic.com","https://rsms.me","https://maxcdn.bootstrapcdn.com","https://js.intercomcdn.com","https://fonts.intercomcdn.com"],"frame-src":["'self'","https:"],"img-src":["http:","https:","data:","blob:"],"manifest-src":["'self'"],"media-src":["'self'","https://js.intercomcdn.com","https://cdn.budi.live"],"worker-src":["blob:","'self'"]},GL=/^[A-Za-z0-9-*:/.]+$/,qA=s(async(t,e)=>{let r=VA.default.randomBytes(16).toString("base64");t.state.nonce=r;let n={...GA};if(n["script-src"]=[...GA["script-src"],`'nonce-${r}'`],t.user?.license?.features.includes("customAppScripts")&&t.appId)try{let a=await Bs.getWorkspaceMetadata(t.appId);if("name"in a)for(let u of a.scripts||[]){let c=(u.cspWhitelist||"").split(`
|
|
38
38
|
`).filter(l=>GL.test(l));n["default-src"]=[...n["default-src"],...c]}}catch(a){console.error(`Error occurred in Content-Security-Policy middleware: ${a}`)}let o=Object.entries(n).map(([a,u])=>`${a} ${u.join(" ")}`).join("; ");t.set("Content-Security-Policy",o),await e()},"contentSecurityPolicy");var VL=["GET","HEAD","OPTIONS"],qL=["application/x-www-form-urlencoded","multipart/form-data","text/plain"];function fc(t={noCsrfPatterns:[]}){let e=_n(t.noCsrfPatterns);return async(r,n)=>{if(On(r,e)||VL.indexOf(r.method)!==-1)return n();let o=r.get("content-type")?r.get("content-type").toLowerCase():"";if(!qL.filter(c=>o.includes(c)).length||r.internal)return n();let a=r.user?.csrfToken;if(!a)return n();let u=r.get("x-csrf-token");return(!u||u!==a)&&r.throw(403,"Invalid CSRF token"),n()}}s(fc,"csrf");function KA(t){if(t.includes("-----BEGIN PRIVATE KEY-----"))return!0;for(let e of Oy){let r=E[e];if(!(typeof r!="string"||r==="")&&t.includes(r))return!0}return!1}s(KA,"stringContainsSecret");async function QA(t,e){try{await e()}catch(r){let n=r.status||r.statusCode||500;t.status=n,n>=400&&n<500?console.warn(r):console.error("Got 400 response code",r);let i={message:r.message,status:n,validationErrors:r.validation,error:bu(r)};if(KA(JSON.stringify(i))&&(i={message:"Unexpected error",status:n,error:"Unexpected error"}),E.isTest()&&t.headers["x-budibase-include-stacktrace"]){let o=r;for(;o.cause;)o=o.cause;i.stack=o.stack}t.body=i}}s(QA,"errorHandling");var jA=s(async(t,e)=>{let n=qt(t,"budibase:featureflags")?.flags||{};await of(n,async()=>{await e()})},"featureFlagCookie");async function pc(t,e){let r=t.request.headers["x-budibase-api-key"];return r||t.throw(403,"Unauthorized"),Array.isArray(r)&&t.throw(403,"Unauthorized"),js(r)||t.throw(403,"Unauthorized"),e()}s(pc,"internalApi");async function YA(t,e){return t.ip?await tf(t.ip,()=>e()):e()}s(YA,"ip");var Po={};N(Po,{body:()=>KL,params:()=>QL});var nm=B(require("joi"));function HA(t,e,r){let n=r?.errorPrefix??`Invalid ${e}`;return(i,o)=>{if(!t)return o();let a=null,u=i.request?.[e];i[e]!=null?a=i[e]:u!=null&&(a=u),t.append&&(t=t.append({createdAt:nm.default.any().optional(),updatedAt:nm.default.any().optional()}));let{error:c}=t.validate(a,{allowUnknown:r?.allowUnknown});if(c){let l=c.message;n&&(l=`Invalid ${e} - ${l}`),i.throw(400,l)}return o()}}s(HA,"validate");function KL(t,e){return HA(t,"body",e)}s(KL,"body");function QL(t,e){return HA(t,"params",e)}s(QL,"params");var Si={};N(Si,{authenticate:()=>HL,options:()=>YL});function Oe(t,e,r){return t(r,null,{message:e})}s(Oe,"authError");async function xr(t,e){if(e&&e.callbackURL)return e.callbackURL;let r=await Up(),n="/api/global/auth";return mr()&&(n+=`/${V()}`),n+=`/${t}/callback`,`${r.platformUrl}${n}`}s(xr,"ssoCallbackUrl");var im="Invalid credentials",jL="This account has expired. Please reset your password",YL={passReqToCallback:!0};async function HL(t,e,r,n){if(!e)return Oe(n,"Email Required");if(!r)return Oe(n,"Password Required");let i=await St(e);return i==null?(console.info(`user=${e} could not be found`),Oe(n,im)):i.status==="inactive"?(console.info(`user=${e} is inactive`,i),Oe(n,im)):i.password?await Ud(r,i.password)?(delete i.password,n(null,i)):Oe(n,im):(console.info(`user=${e} has no password set`,i),Oe(n,jL))}s(HL,"authenticate");var Zt={};N(Zt,{buildVerifyFn:()=>ZA,getCallbackUrl:()=>ZL,strategyFactory:()=>sm});var No=s(t=>Promise.resolve(t),"ssoSaveUserNoOp");async function mc(t,e=!0,r,n){if(!n)throw new Error("Save user function must be provided");if(!t.userId)return Oe(r,"sso user id required");if(!t.email)return Oe(r,"sso user email required");let i=Xn(t.userId),o;try{o=await Tn(i)}catch(u){if(!u.status||u.status!==404)return Oe(r,"Unexpected error when retrieving existing user",u)}if(o||(o=await St(t.email)),!o&&e)return Oe(r,"Email does not yet exist. You must set up your local budibase account first.");o||(o={_id:i,email:t.email,roles:{},tenantId:V()});let a=await zL(o,t);a.forceResetPassword=!1;try{delete a.password,a=await n(a,{hashPassword:!1,requirePassword:!1})}catch(u){return Oe(r,"Error saving user",u)}return r(null,a)}s(mc,"authenticate");async function zL(t,e){let r,n,i;if(e.profile){let o=e.profile;if(o.name){let a=o.name;a.givenName&&(r=a.givenName),a.familyName&&(n=a.familyName)}}return e.oauth2&&(i={...e.oauth2}),{...t,provider:e.provider,providerType:e.providerType,firstName:r,lastName:n,oauth2:i}}s(zL,"syncUser");var JL=require("passport-google-oauth").OAuth2Strategy;function ZA(t){return(e,r,n,i)=>{let o={provider:"google",providerType:"google",userId:n.id,profile:n,email:n._json.email,oauth2:{accessToken:e,refreshToken:r}};return mc(o,!0,i,t)}}s(ZA,"buildVerifyFn");async function sm(t,e,r){try{let{clientID:n,clientSecret:i}=t;if(!n||!i)throw new Error("Configuration invalid. Must contain google clientID and clientSecret");let o=ZA(r);return new JL({clientID:t.clientID,clientSecret:t.clientSecret,callbackURL:e},o)}catch(n){throw new Error(`Error constructing google authentication strategy: ${n}`)}}s(sm,"strategyFactory");async function ZL(t){return xr("google",t)}s(ZL,"getCallbackUrl");var Xt={};N(Xt,{buildVerifyFn:()=>e_,fetchStrategyConfig:()=>r0,getCallbackUrl:()=>n0,strategyFactory:()=>t0});var XA=B(require("node-fetch"));var XL=require("@techpass/passport-openidconnect").Strategy;function e_(t){return async(e,r,n,i,o,a,u,c,l)=>{let d={provider:e,providerType:"oidc",userId:n.id,profile:n,email:e0(n,i),oauth2:{accessToken:o,refreshToken:a}};return mc(d,!1,l,t)}}s(e_,"buildVerifyFn");function e0(t,e){if(t._json.email)return t._json.email;if(e.email)return e.email;let r=e.preferred_username;if(r&&Rf(r))return r;throw new Error(`Could not determine user email from profile ${JSON.stringify(t)} and claims ${JSON.stringify(e)}`)}s(e0,"getEmail");async function t0(t,e){try{let r=e_(e),n=new XL(t,r);return n.name="oidc",n}catch(r){throw new Error(`Error constructing OIDC authentication strategy - ${r}`)}}s(t0,"strategyFactory");async function r0(t,e){try{let{clientID:r,clientSecret:n,configUrl:i,pkce:o}=t;if(!r||!n||!e||!i)throw new Error("Configuration invalid. Must contain clientID, clientSecret, callbackUrl and configUrl");let a=await(0,XA.default)(i);if(!a.ok)throw new Error(`Unexpected response when fetching openid-configuration: ${a.statusText}`);let u=await a.json();return{issuer:u.issuer,authorizationURL:u.authorization_endpoint,tokenURL:u.token_endpoint,userInfoURL:u.userinfo_endpoint,clientID:r,clientSecret:n,callbackURL:e,pkce:o}}catch(r){throw new Error(`Error constructing OIDC authentication configuration - ${r}`)}}s(r0,"fetchStrategyConfig");async function n0(){return xr("oidc")}s(n0,"getCallbackUrl");function t_(t,e){let r=t.request.query?.query;if(t.request.method.toLowerCase()!=="get"&&t.throw(500,"Query to download middleware can only be used for get requests."),!r)return e();let n=decodeURIComponent(r),i;try{i=JSON.parse(n)}catch{return e()}return t.request.body=i,e()}s(t_,"querystringToBody");function hc(t,e,r={noTenancyRequired:!1}){let n=_n(t),i=_n(e);return async function(o,a){let c={allowNoTenant:r.noTenancyRequired||!!On(o,i)};!!On(o,n)||(c.excludeStrategies=["query"]);let d=Ks(o,c);return o.set("x-budibase-tenant-id",d),Re(d,a)}}s(hc,"tenancy");async function Ec(t,e){if(t.internal||Ct(t.user))return e();let r=await an(t);return r&&!$u(t.user,r)?t.throw(403,"Workspace Admin/Builder user only endpoint."):!r&&!E.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!ke(t.user)&&t.throw(403,"Admin/Builder user only endpoint."),e()}s(Ec,"workspaceBuilderOrAdmin");var om={};N(om,{postAuth:()=>o0,preAuth:()=>s0});var i0=require("passport-google-oauth").OAuth2Strategy;async function r_(){let t=await Lp();if(!t)throw new Error("No google configuration found");return t}s(r_,"fetchGoogleCreds");async function s0(t,e,r){let n=await r_(),o=`${await bo({tenantAware:!1})}/api/global/auth/datasource/google/callback`,a=await sm(n,o,No);return e.query.appId||e.throw(400,"appId query param not present."),t.authenticate(a,{scope:["profile","email","https://www.googleapis.com/auth/spreadsheets"],accessType:"offline",prompt:"consent"})(e,r)}s(s0,"preAuth");async function o0(t,e,r){let n=await r_(),o=`${await bo({tenantAware:!1})}/api/global/auth/datasource/google/callback`,a=qt(e,"budibase:datasourceauth");if(!a)throw new Error("Unable to fetch datasource auth cookie");return t.authenticate(new i0({clientID:n.clientID,clientSecret:n.clientSecret,callbackURL:o},(u,c,l,d)=>{yr(e,"budibase:datasourceauth"),d(null,{accessToken:u,refreshToken:c})}),{successRedirect:"/",failureRedirect:"/error"},async(u,c)=>{let l=`/builder/workspace/${a.appId}/data`,d=te();await jt(`datasource:creation:${a.appId}:google:${d}`,{tokens:c}),e.redirect(`${l}/new?continue_google_setup=${d}`)})(e,r)}s(o0,"postAuth");var a0={google:om};var n_=require("koa-passport"),u0=require("passport-local").Strategy,gc=require("passport-oauth2-refresh"),c0=cc,l0=hc,d0=fc,f0=n_;n_.use(new u0(Si.options,Si.authenticate));async function p0(t,e){let r=await Xt.getCallbackUrl(),n,i;try{if(n=await Xt.fetchStrategyConfig(t,r),!n)throw new Error("OIDC Config contents invalid");i=await Xt.strategyFactory(n,No)}catch{throw new Error("Could not refresh OAuth Token")}return gc.use(i,{setRefreshOAuth2(){return i._getOAuth2Client(n)}}),new Promise(o=>{gc.requestNewAccessToken("oidc",e,(a,u,c,l)=>{o({err:a,accessToken:u,refreshToken:c,params:l})})})}s(p0,"refreshOIDCAccessToken");async function m0(t,e){let r=await Zt.getCallbackUrl(t),n;try{n=await Zt.strategyFactory(t,r,No)}catch(i){throw new Error(`Error constructing OIDC refresh strategy: message=${i.message}`)}return gc.use(n),new Promise(i=>{gc.requestNewAccessToken("google",e,(o,a,u,c)=>{i({err:o,accessToken:a,refreshToken:u,params:c})})})}s(m0,"refreshGoogleAccessToken");async function h0(t,e,r){switch(e){case"oidc":{if(!r)return{err:{data:"OIDC config id not provided"}};let n=await kp(r);return n?p0(n,t):{err:{data:"OIDC configuration not found"}}}case"google":{let n=await Hu();return n?m0(n,t):{err:{data:"Google configuration not found"}}}}}s(h0,"refreshOAuthToken");async function E0(t,e){let r={accessToken:e.accessToken,refreshToken:e.refreshToken};try{let n=H(),i=await n.get(t);typeof r.refreshToken!="string"&&delete r.refreshToken,i.oauth2={...i.oauth2,...r},await n.put(i),await Ro(t)}catch(n){console.error("Could not update OAuth details for current user",n)}}s(E0,"updateUserOAuth");async function g0(t){let e=t.ctx,r=t.userId,n=t.keepActiveSession;if(!e)throw new Error("Koa context must be supplied to logout.");let i=qt(e,"budibase:auth"),o=await co(r);i&&n?o=o.filter(u=>u.sessionId!==i.sessionId):yr(e,"budibase:auth");let a=o.map(({sessionId:u})=>u);await En(r,{sessionIds:a,reason:"logout"}),await Bu.logout(e.user?.email),await Ro(r)}s(g0,"platformLogout");var lm={};N(lm,{validate:()=>_0});var b=B(require("joi"));var y0=["Relational","Non-relational","Spreadsheet","Object store","Graph","API"];function cm(t,e){let{error:r}=t.validate(e);if(r)throw r}s(cm,"runJoi");function T0(t){let e=b.default.object({type:b.default.string().allow("component").required(),metadata:b.default.object().unknown(!0).required(),hash:b.default.string().optional(),version:b.default.string().optional(),schema:b.default.object({name:b.default.string().required(),settings:b.default.array().items(b.default.object().unknown(!0)).required()}).unknown(!0)});cm(e,t)}s(T0,"validateComponent");function S0(t){let e=b.default.object({type:b.default.string().allow(...Object.values(Oc)).required(),required:b.default.boolean().required(),default:b.default.any(),display:b.default.string()}),r=b.default.object({type:b.default.string().allow(...Object.values(_c)),readable:b.default.boolean(),displayName:b.default.string(),fields:b.default.object().pattern(b.default.string(),e)}).required(),n=b.default.object({type:b.default.string().allow("datasource").required(),metadata:b.default.object().unknown(!0).required(),hash:b.default.string().optional(),version:b.default.string().optional(),schema:b.default.object({docs:b.default.string(),plus:b.default.boolean().optional(),isSQL:b.default.boolean().optional(),auth:b.default.object({type:b.default.string().required()}).optional(),features:b.default.object(Object.fromEntries(Object.values(Ic).map(i=>[i,b.default.boolean().optional()]))).optional(),relationships:b.default.boolean().optional(),description:b.default.string().required(),friendlyName:b.default.string().required(),type:b.default.string().allow(...y0),datasource:b.default.object().pattern(b.default.string(),e).required(),query:b.default.object().pattern(b.default.string(),r).unknown(!0).required(),extra:b.default.object().pattern(b.default.string(),b.default.object({type:b.default.string().required(),displayName:b.default.string().required(),required:b.default.boolean(),data:b.default.object()}))})});cm(n,t)}s(S0,"validateDatasource");function A0(t){let e=b.default.object().pattern(b.default.string(),{type:b.default.string().allow(...Object.values(wc)).required(),customType:b.default.string().allow(...Object.values(Dc)),title:b.default.string(),description:b.default.string(),enum:b.default.array().items(b.default.string()),pretty:b.default.array().items(b.default.string())}),r=b.default.object({properties:e,required:b.default.array().items(b.default.string())}).concat(e).required(),n=b.default.object({type:b.default.string().allow("automation").required(),metadata:b.default.object().unknown(!0).required(),hash:b.default.string().optional(),version:b.default.string().optional(),schema:b.default.object({name:b.default.string().required(),tagline:b.default.string().required(),icon:b.default.string().required(),description:b.default.string().required(),type:b.default.string().allow("ACTION","LOGIC").required(),stepId:b.default.string().disallow(...Pm).required(),inputs:b.default.object().optional(),schema:b.default.object({inputs:r,outputs:r}).required()})});cm(n,t)}s(A0,"validateAutomation");function _0(t){switch(t?.type){case"component":T0(t);break;case"datasource":S0(t);break;case"automation":A0(t);break;default:throw new Error(`Unknown plugin type - check schema.json: ${t.type}`)}}s(_0,"validate");var dm={};N(dm,{Client:()=>Ce,clients:()=>Er,locks:()=>Ti,utils:()=>Ga});var fm={};N(fm,{isBlacklisted:()=>I0,refreshBlacklist:()=>a_});var i_=B(require("dns")),Tc=B(require("net"));var s_=require("util");var yc,O0=(0,s_.promisify)(i_.default.lookup);async function o_(t){return Tc.default.isIP(t)||(t.startsWith("http")||(t=`https://${t}`),t=new URL(t).hostname),(await O0(t,{all:!0})).map(r=>r.address)}s(o_,"lookup");async function a_(){let e=E.BLACKLIST_IPS?.split(",")||[],r=[];for(let n of e){let i=n.trim();if(Tc.default.isIP(i))r.push(i);else{let o=await o_(i);r=r.concat(o)}}yc=r}s(a_,"refreshBlacklist");async function I0(t){if(yc||await a_(),yc?.length===0)return!1;let e;return Tc.default.isIP(t)?e=[t]:e=await o_(t),!!yc?.find(r=>e.includes(r))}s(I0,"isBlacklisted");var mm={};N(mm,{init:()=>D0});var w0={"user:created":t=>t.userId,"user:updated":t=>t.userId,"user:deleted":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:admin:removed":t=>t.userId,"user:builder:assigned":t=>t.userId,"user:builder:removed":t=>t.userId,"user_group:created":t=>t.groupId,"user_group:updated":t=>t.groupId,"user_group:deleted":t=>t.groupId,"user_group:user_added":t=>t.groupId,"user_group:users_deleted":t=>t.groupId,"user_group:permissions_edited":t=>t.groupId,"automation:deleted":t=>t.automationId,"datasource:deleted":t=>t.datasourceId,"table:deleted":t=>t.tableId,"query:deleted":t=>t.queryId,"workspace_app:deleted":t=>t.workspaceAppId,"view:deleted":t=>t.id};function u_(t,e){let r=w0[t];if(!r)throw new Error("Event does not have a method of document ID extraction");return r(e)}s(u_,"getDocumentId");var Uo=class{constructor(e){this.processors=[];this.processors=e}static{s(this,"DocumentUpdateProcessor")}async processEvent(e,r,n){let i=r.realTenantId,o=u_(e,n);if(!(!i||!o))for(let{events:a,processor:u}of this.processors)a.includes(e)&&await Re(i,async()=>{await u({id:o,tenantId:i,appId:n.appId,properties:n})})}shutdown(){return _S()}};var c_,pm;function D0(t){yt||Lu(),pm||(pm=new Uo(t)),c_||(c_=yt.process(async e=>{let{event:r,identity:n,properties:i}=e.data;await pm.processEvent(r,n,i)}))}s(D0,"init");var Om={};N(Om,{COUNT_FIELD_NAME:()=>Am,Sql:()=>y_,SqlTable:()=>Sc,designDoc:()=>_m,utils:()=>Yd});var p_=require("knex");var R0=require("knex");function hm(t){return["link","formula","ai"].indexOf(t)!==-1}s(hm,"isIgnoredType");function l_(t,e,r,n,i){let o=e&&e.primary?e.primary:[],a=Object.values(e.schema),u=a.filter(p=>p.meta),c=u.length===a.length,l=[];n||(c?t.primary(u.map(p=>p.name)):o.length===1?(t.increments(o[0]).primary(),l.push(o[0])):t.primary(o));let d=Object.values(e.schema).map(p=>p.foreignKey);for(let[p,m]of Object.entries(e.schema)){let h=n?.schema[p];if(h&&h.type||l.includes(p)||i?.updated===p)continue;let g=m.type;switch(g){case"string":case"options":case"longform":case"barcodeqr":case"bb_reference_single":o.includes(p)?t.string(p,255):t.text(p);break;case"number":if(m.meta&&m.meta.toKey&&m.meta.toTable){let{toKey:y,toTable:S}=m.meta;t.integer(p).unsigned(),t.foreign(p).references(`${S}.${y}`)}else d.indexOf(p)===-1&&t.float(p);break;case"bigint":t.bigint(p);break;case"boolean":t.boolean(p);break;case"datetime":m.timeOnly?t.time(p):t.datetime(p,{useTz:!m.ignoreTimezones});break;case"array":case"bb_reference":Ne.schema.isDeprecatedSingleUserColumn(m)?t.text(p):t.json(p);break;case"link":if(m.relationshipType!=="many-to-one"&&m.relationshipType!=="many-to-many"){if(!m.foreignKey||!m.tableId)throw new Error("Invalid relationship schema");let{tableName:y}=Vd(m.tableId),S=r[y];if(!S||!S.primary)throw new Error("Referenced table doesn't exist or has no primary keys");let O=S.primary[0],_=S.schema[O].externalType;_?t.specificType(m.foreignKey,_):t.integer(m.foreignKey).unsigned(),t.foreign(m.foreignKey).references(`${y}.${O}`)}break;case"signature_single":case"attachment":case"attachment_single":t.json(p);break;case"formula":break;case"ai":break;case"auto":case"json":case"internal":throw new Error(`${m.type} is not a valid SQL type`);default:At.unreachable(g)}}let f=i?n?.schema[i.old].type:void 0;return i&&f&&!hm(f)&&t.renameColumn(i.old,i.updated),n&&Object.entries(n.schema).filter(([m,h])=>!hm(h.type)&&e.schema[m]==null).forEach(([m,h])=>{i?.old===m||hm(h.type)||(n.constrained&&n.constrained.indexOf(m)!==-1&&t.dropForeign(m),t.dropColumn(m))}),t}s(l_,"generateSchema");function b0(t,e,r){return t.createTable(e.name,n=>{l_(n,e,r)})}s(b0,"buildCreateTable");function x0(t,e,r,n,i){return t.alterTable(e.name,o=>{l_(o,e,r,n,i)})}s(x0,"buildUpdateTable");function v0(t,e){return t.dropTable(e.name)}s(v0,"buildDeleteTable");var Em=class{static{s(this,"SqlTableQueryBuilder")}constructor(e){this.sqlClient=e}getBaseSqlClient(){return this.sqlClient}getSqlClient(){return this.extendedSqlClient||this.sqlClient}setExtendedSqlClient(e){this.extendedSqlClient=e}_operation(e){return e.operation}_tableQuery(e){let r=(0,R0.knex)({client:this.sqlClient}).schema;e?.schema&&(r=r.withSchema(e.schema));let n;if(!e.table||!e.tables)throw new Error("Cannot execute without table being specified");if(e.table.sourceType==="internal")throw new Error("Cannot perform table actions for SQS.");switch(this._operation(e)){case"CREATE_TABLE":n=b0(r,e.table,e.tables);break;case"UPDATE_TABLE":if(!e.table)throw new Error("Must specify old table for update");if(this.sqlClient==="mysql2"&&e.meta?.renamed){let i=e.meta.renamed.updated;return{sql:`alter table ${e?.schema?`\`${e.schema}\`.\`${e.table.name}\``:`\`${e.table.name}\``} rename column \`${e.meta.renamed.old}\` to \`${i}\`;`,bindings:[]}}if(n=x0(r,e.table,e.tables,e.meta?.oldTable,e.meta?.renamed),this.sqlClient==="mssql"&&e.meta?.renamed){let i=e.meta.renamed.old,o=e.meta.renamed.updated,a=e?.schema?`${e.schema}.${e.table.name}`:`${e.table.name}`,u=Hn(n);if(Array.isArray(u))for(let c of u)c.sql.startsWith("exec sp_rename")&&(c.sql=`exec sp_rename '${a}.${i}', '${o}', 'COLUMN'`,c.bindings=[]);return u}break;case"DELETE_TABLE":n=v0(r,e.table);break;default:throw new Error("Table operation is of unknown type")}return Hn(n)}},Sc=Em;var m_=require("lodash");var Am="__bb_total";function d_(){return(E.SQL_MAX_ROWS?parseInt(E.SQL_MAX_ROWS):null)||5e3}s(d_,"getBaseLimit");function gm(){return(E.SQL_MAX_RELATED_ROWS?parseInt(E.SQL_MAX_RELATED_ROWS):null)||500}s(gm,"getRelationshipLimit");function P0(t,e){return t.sort((r,n)=>{let i=e.find(a=>a&&r.endsWith(a)),o=e.find(a=>a&&n.endsWith(a));return i&&!o?-1:!i&&o?1:r.localeCompare(n)})}s(P0,"prioritisedArraySort");function h_(t){return Array.isArray(t)?t.map(e=>h_(e)):(t.bindings&&(t.bindings=t.bindings.map(e=>typeof e=="boolean"?e?1:0:e)),t)}s(h_,"convertBooleans");function f_(t){return t.sourceType==="internal"||t.sourceId===bc}s(f_,"isSqs");function N0(t,e='"'){return t.replace(new RegExp(e,"g"),`${e}${e}`)}s(N0,"escapeQuotes");function E_(t,e='"'){return`${e}${N0(t,e)}${e}`}s(E_,"wrap");function ym(t,e='"'){for(let r in t)typeof t[r]=="string"&&(t[r]=E_(t[r],e));return`[${t.join(",")}]`}s(ym,"stringifyArray");function g_(t){return Um.includes(t.type)&&!Ne.schema.isDeprecatedSingleUserColumn(t)}s(g_,"isJsonColumn");var U0={equal:!1,notEqual:!0,empty:!1,notEmpty:!0,fuzzy:!1,string:!1,range:!1,contains:!1,notContains:!0,containsAny:!1,oneOf:!1,$and:!1,$or:!1},Tm=class{constructor(e,r,n){this.SPECIAL_SELECT_CASES={POSTGRES_ARRAY:e=>this.client==="pg"&&e?.externalType?.toLowerCase()==="array",POSTGRES_MONEY:e=>this.client==="pg"&&e?.externalType?.includes("money"),POSTGRES_ENUM:e=>this.client==="pg"&&e?.externalType?.toLowerCase()==="user-defined"&&e?.type==="options",MSSQL_DATES:e=>this.client==="mssql"&&e?.type==="datetime"&&e.timeOnly};this.client=e,this.query=n,this.knex=r,this.splitter=new lr.ColumnSplitter([this.table],{aliases:this.query.tableAliases,columnPrefix:this.query.meta?.columnPrefix})}static{s(this,"InternalBuilder")}get table(){return this.query.table}get knexClient(){return this.knex.client}getFieldSchema(e){let{column:r}=this.splitter.run(e);return this.table.schema[r]}requiresJsonAsStringClient(){return["mssql","mysql2","mariadb","oracledb"].includes(this.client)}quoteChars(){let e=this.knexClient.wrapIdentifier("foo",{});return[e[0],e[e.length-1]]}quote(e){return this.knexClient.wrapIdentifier(e,{})}isQuoted(e){let[r,n]=this.quoteChars();return e.startsWith(r)&&e.endsWith(n)}quotedIdentifier(e){return Array.isArray(e)||(e=this.splitIdentifier(e)),e.map(r=>this.quote(r)).join(".")}castIntToString(e){switch(this.client){case"oracledb":return this.knex.raw("to_char(??)",[e]);case"pg":return this.knex.raw("??::TEXT",[e]);case"mysql2":case"mariadb":return this.knex.raw("CAST(?? AS CHAR)",[e]);case"sqlite3":return this.knex.raw("printf('%d', ??)",[e]);case"mssql":return this.knex.raw("CONVERT(NVARCHAR, ??)",[e])}}rawQuotedIdentifier(e){return this.knex.raw(this.quotedIdentifier(e))}splitIdentifier(e){let[r,n]=this.quoteChars();return this.isQuoted(e)?e.slice(1,-1).split(`${n}.${r}`):e.split(".")}qualifyIdentifier(e){let r=this.getTableName(),n=this.splitIdentifier(e);return n[0]!==r&&n.unshift(r),this.isQuoted(e)?this.quotedIdentifier(n):n.join(".")}generateSelectStatement(){let{table:e,resource:r}=this.query;if(!r||!r.fields||r.fields.length===0)return"*";let n=this.getTableName(e),i=this.table.schema;return r.fields.map(a=>{let u=a.split(/\./g),c,l=u[0];return u.length>1&&(c=u[0],l=u.slice(1).join(".")),{table:c,column:l,field:a}}).filter(({table:a})=>!a||a===n).map(({table:a,column:u,field:c})=>{let l=i[u];return this.SPECIAL_SELECT_CASES.POSTGRES_MONEY(l)?this.knex.raw("??::money::numeric as ??",[this.rawQuotedIdentifier([a,u].join(".")),this.knex.raw(this.quote(c))]):this.SPECIAL_SELECT_CASES.MSSQL_DATES(l)?this.knex.raw("CONVERT(varchar, ??, 108) as ??",[this.rawQuotedIdentifier(c),this.knex.raw(this.quote(c))]):a?this.rawQuotedIdentifier(`${a}.${u}`):this.rawQuotedIdentifier(c)})}convertClobs(e,r){if(this.client!=="oracledb")throw new Error("you've called convertClobs on a DB that's not Oracle, this is a mistake");let i=this.splitIdentifier(e).pop(),o=this.table.schema[i],a=this.rawQuotedIdentifier(e);return(o.type==="string"||o.type==="longform"||o.type==="bb_reference_single"||o.type==="bb_reference"||o.type==="options"||o.type==="barcodeqr")&&(r?.forSelect?a=this.knex.raw("to_char(??) as ??",[a,this.rawQuotedIdentifier(i)]):a=this.knex.raw("to_char(??)",[a])),a}parse(e,r){if(Array.isArray(e))return JSON.stringify(e);if(e==null)return null;if(this.requiresJsonAsStringClient()&&g_(r)&&typeof e=="object")return JSON.stringify(e);if(this.SPECIAL_SELECT_CASES.POSTGRES_ARRAY(r))return`{${e}}`;if(this.client==="oracledb"&&r.type==="datetime"&&r.timeOnly){if(e instanceof Date){let n=e.getHours().toString().padStart(2,"0"),i=e.getMinutes().toString().padStart(2,"0"),o=e.getSeconds().toString().padStart(2,"0");return`${n}:${i}:${o}`}if(typeof e=="string")return new Date(`1970-01-01T${e}Z`)}if(typeof e=="string"&&r.type==="datetime")if(r.timeOnly){if(!Qd(e))return null}else if(r.dateOnly){let n=Kd(e);return n?new Date(n):null}else return r.ignoreTimezones?ja(e)?new Date(e):qd(e)?new Date(e+"Z"):null:ja(e)?new Date(e.trim()):null;return e}parseBody(e){for(let[r,n]of Object.entries(e)){let{column:i}=this.splitter.run(r),o=this.table.schema[i];o&&(e[r]=this.parse(n,o))}return e}parseFilters(e){e=(0,m_.cloneDeep)(e);for(let r of Object.values(Nr)){let n=e[r];if(n)for(let i of Object.keys(n)){if(Array.isArray(n[i])){n[i]=JSON.stringify(n[i]);continue}let{column:o}=this.splitter.run(i),a=this.table.schema[o];a&&(n[i]=this.parse(n[i],a))}}for(let r of Object.values(tr)){let n=e[r];if(n)for(let i of Object.keys(n)){let{column:o}=this.splitter.run(i),a=this.table.schema[o];a&&(n[i]=n[i].map(u=>this.parse(u,a)))}}for(let r of Object.values(Dn)){let n=e[r];if(n)for(let i of Object.keys(n)){let{column:o}=this.splitter.run(i),a=this.table.schema[o];if(!a)continue;let u=n[i];"low"in u&&(u.low=this.parse(u.low,a)),"high"in u&&(u.high=this.parse(u.high,a))}}return e}addJoinFieldCheck(e,r){let n=r.from?.split(".")[0]||"";return e.andWhere(`${n}.fieldName`,"=",r.column)}addRelationshipForFilter(e,r,n,i){let{relationships:o,schema:a,tableAliases:u,table:c}=this.query,l=u?.[c.name]||c.name,d=s(f=>n.match(new RegExp(`^${f}\\.`)),"matches");if(!o)return e;for(let f of o){let p=f.tableName,m=u?.[p]||p,h=d(p)||d(m),g=d(f.column);if((h||g)&&f.to&&f.tableName){let y=this.knex.select(this.knex.raw(1)).from({[m]:p}),S=y.clone(),O=jd(f),_;if(h?_=n:_=n.replace(new RegExp(`^${f.column}.`),`${u?.[f.tableName]||f.tableName}.`),O){let w=u?.[O.through]||f.through,T=this.tableNameWithSchema(O.through,{alias:w,schema:a});S=S.innerJoin(T,function(){this.on(`${m}.${O.toPrimary}`,"=",`${w}.${O.to}`)}).where(`${w}.${O.from}`,"=",this.rawQuotedIdentifier(`${l}.${O.fromPrimary}`)),this.client==="sqlite3"&&(S=this.addJoinFieldCheck(S,O)),e=e.where(I=>{I.whereExists(i(_,S)),r&&I.orWhereNotExists(y.clone().innerJoin(T,function(){this.on(`${l}.${O.fromPrimary}`,"=",`${w}.${O.from}`)}))})}else{let w=`${m}.${f.to}`,T=`${l}.${f.from}`;S=S.where(w,"=",this.rawQuotedIdentifier(T)),e=e.where(I=>{I.whereExists(i(_,S.clone())),r&&I.orWhereNotExists(S)})}}}return e}addFilters(e,r,n){if(!r)return e;let i=this;r=this.parseFilters({...r});let o=this.query.tableAliases,a=r.allOr,c=this.client==="sqlite3"?this.table._id:this.table.name;function l(h){return o?.[h]||h}s(l,"getTableAlias");function d(h,g,y,S){let O=s((_,w,T)=>{let[I,...F]=w.split("."),P=F.join("."),M=l(I);return _.andWhere(Y=>y(Y,M?`${M}.${P}`:P,T))},"handleRelationship");for(let _ in h){let w=h[_],T=qs(_),I=T.includes("."),F=n?.relationship&&I,P;if(_==="_complexIdOperator"&&(P=h[_])&&S){let M=l(c);e=S(e,P.id.map(Y=>M?`${M}.${Y}`:Y),P.values)}else if(I)F&&(a&&(e=e.or),e=i.addRelationshipForFilter(e,U0[g],T,(M,Y)=>O(Y,M,w)));else{let M=l(c);e=y(e,M?`${M}.${T}`:T,w)}}}s(d,"iterate");let f=s((h,g,y)=>((r?.fuzzyOr||a)&&(h=h.or),this.client==="oracledb"||this.client==="sqlite3"?h.whereRaw("LOWER(??) LIKE ?",[this.rawQuotedIdentifier(g),`%${y.toLowerCase()}%`]):h.whereILike(this.rawQuotedIdentifier(g),this.knex.raw("?",[`%${y}%`]))),"like"),p=s((h,g=!1)=>{function y(S){return(a||h===r?.containsAny)&&(S=S.or),h===r?.notContains&&(S=S.not),S}s(y,"addModifiers"),this.client==="pg"?d(h,"contains",(S,O,_)=>{S=y(S);let w=this.getFieldSchema(O),T="::jsonb";return this.SPECIAL_SELECT_CASES.POSTGRES_ARRAY(w)&&(T="",_=`{${_.map(F=>F.substring(1,F.length-1))}}`),g?S.whereRaw(T?"COALESCE(??::jsonb \\?| array??, FALSE)":"COALESCE(?? && '??', FALSE)",[this.rawQuotedIdentifier(O),T?this.knex.raw(ym(_,"'")):this.knex.raw(_)]):S.whereRaw(`COALESCE(??${T} @> '??', FALSE)`,[this.rawQuotedIdentifier(O),T?this.knex.raw(ym(_)):this.knex.raw(_)])}):this.client==="mysql2"||this.client==="mariadb"?d(h,"contains",(S,O,_)=>y(S).whereRaw("COALESCE(?(??, ?), FALSE)",[this.knex.raw(g?"JSON_OVERLAPS":"JSON_CONTAINS"),this.rawQuotedIdentifier(O),this.knex.raw(E_(ym(_)))])):d(h,"contains",(S,O,_)=>(_.length===0||(S=S.where(w=>(h===r?.notContains&&(w=w.not),w=w.where(T=>{for(let I of _){h===r?.containsAny?T=T.or:T=T.and;let F=typeof I=="string"?`"${I.toLowerCase()}"`:I;T=T.whereLike(this.knex.raw("COALESCE(LOWER(??), '')",[this.rawQuotedIdentifier(O)]),`%${F}%`)}}),h===r?.notContains&&(w=w.or.whereNull(this.rawQuotedIdentifier(O))),w))),S))},"contains");if(r.$and){let{$and:h}=r;for(let g of h.conditions)e=e.where(y=>{this.addFilters(y,g,n)})}if(r.$or){let{$or:h}=r;e=e.where(g=>{for(let y of h.conditions)g.orWhere(S=>this.addFilters(S,{...y,allOr:!0},n))})}r.oneOf&&d(r.oneOf,"oneOf",(h,g,y)=>{let S=this.getFieldSchema(g),O=Array.isArray(y)?y:[y];if(a&&(h=h.or),this.client==="oracledb")g=this.convertClobs(g);else if(this.client==="sqlite3"&&S?.type==="datetime"&&S.dateOnly){for(let _ of O)_!=null?h=h.or.whereLike(g,`${_.toISOString().slice(0,10)}%`):h=h.or.whereNull(g);return h}return h.whereIn(g,O)},(h,g,y)=>(a&&(h=h.or),this.client==="oracledb"&&(g=g.map(S=>this.convertClobs(S))),h.whereIn(g,Array.isArray(y)?y:[y]))),r.string&&d(r.string,"string",(h,g,y)=>{if(a&&(h=h.or),this.client==="oracledb"||this.client==="sqlite3")return h.whereRaw("LOWER(??) LIKE ?",[this.rawQuotedIdentifier(g),`${y.toLowerCase()}%`]);{let S=this.getFieldSchema(g);return this.SPECIAL_SELECT_CASES.POSTGRES_ENUM(S)?h.whereRaw(`??::text ilike '${y}%'`,[this.knex.raw(this.quote(S.name))]):h.whereILike(g,`${y}%`)}}),r.fuzzy&&d(r.fuzzy,"fuzzy",f),r.range&&d(r.range,"range",(h,g,y)=>{let S=s(P=>P&&Object.keys(P).length===0&&Object.getPrototypeOf(P)===Object.prototype,"isEmptyObject");S(y.low)&&(y.low=""),S(y.high)&&(y.high="");let O=Ya(y.low),_=Ya(y.high),w=this.getFieldSchema(g),T=g,I=y.high,F=y.low;return this.client==="sqlite3"&&w?.type==="datetime"&&w.dateOnly&&(I!=null&&(I=`${I.toISOString().slice(0,10)}T23:59:59.999Z`),F!=null&&(F=F.toISOString().slice(0,10))),this.client==="oracledb"?T=this.convertClobs(g):this.client==="sqlite3"&&w?.type==="bigint"&&(T=this.knex.raw("CAST(?? AS INTEGER)",[this.rawQuotedIdentifier(g)]),I=this.knex.raw("CAST(? AS INTEGER)",[y.high]),F=this.knex.raw("CAST(? AS INTEGER)",[y.low])),a&&(h=h.or),O&&_?h.whereBetween(T,[F,I]):O?h.where(T,">=",F):_?h.where(T,"<=",I):h}),r.equal&&d(r.equal,"equal",(h,g,y)=>{let S=this.getFieldSchema(g);if(a&&(h=h.or),this.client==="mssql")return h.whereRaw("CASE WHEN ?? = ? THEN 1 ELSE 0 END = 1",[this.rawQuotedIdentifier(g),y]);if(this.client==="oracledb"){let O=this.convertClobs(g);return h.where(_=>_.whereNotNull(O).andWhere(O,y))}else return this.client==="sqlite3"&&S?.type==="datetime"&&S.dateOnly?y!=null?h.whereLike(g,`${y.toISOString().slice(0,10)}%`):h.whereNull(g):h.whereRaw("COALESCE(?? = ?, FALSE)",[this.rawQuotedIdentifier(g),y])}),r.notEqual&&d(r.notEqual,"notEqual",(h,g,y)=>{let S=this.getFieldSchema(g);if(a&&(h=h.or),this.client==="mssql")return h.whereRaw("CASE WHEN ?? = ? THEN 1 ELSE 0 END = 0",[this.rawQuotedIdentifier(g),y]);if(this.client==="oracledb"){let O=this.convertClobs(g);return h.where(_=>_.not.whereNull(O).and.where(O,"!=",y)).or.whereNull(O)}else return this.client==="sqlite3"&&S?.type==="datetime"&&S.dateOnly?y!=null?h.not.whereLike(g,`${y.toISOString().slice(0,10)}%`).or.whereNull(g):h.not.whereNull(g):h.whereRaw("COALESCE(?? != ?, TRUE)",[this.rawQuotedIdentifier(g),y])}),r.empty&&d(r.empty,"empty",(h,g)=>(a&&(h=h.or),h.whereNull(g))),r.notEmpty&&d(r.notEmpty,"notEmpty",(h,g)=>(a&&(h=h.or),h.whereNotNull(g))),r.contains&&p(r.contains),r.notContains&&p(r.notContains),r.containsAny&&p(r.containsAny,!0);let m=o?.[this.table._id]||this.table._id;return r.documentType&&!Gd(this.table)&&m&&e.andWhereLike(`${m}._id`,`${rr(r.documentType)}%`),e}isSqs(){return f_(this.table)}getTableName(e){e||(e=this.table);let r=e.name;f_(e)&&e._id&&(r=e._id);let n=this.query.tableAliases||{};return n[r]?n[r]:r}addDistinctCount(e){if(!this.table.primary)throw new Error("SQL counting requires primary key to be supplied");return e.countDistinct(`${this.getTableName()}.${this.table.primary[0]} as ${Am}`)}addAggregations(e,r){let n=this.query.resource?.fields||[],i=this.getTableName();if(n.length>0){let o=n.map(a=>this.qualifyIdentifier(a));if(this.client==="oracledb"){let a=o.map(c=>this.convertClobs(c)),u=o.map(c=>this.convertClobs(c,{forSelect:!0}));e=e.groupBy(a).select(u)}else e=e.groupBy(o).select(o)}for(let o of r){let a=o.calculationType;if(a==="count")if("distinct"in o&&o.distinct)if(this.client==="oracledb"){let u=this.convertClobs(`${i}.${o.field}`);e=e.select(this.knex.raw("COUNT(DISTINCT ??) as ??",[u,o.name]))}else e=e.countDistinct(`${i}.${o.field} as ${o.name}`);else if(this.client==="oracledb"){let u=this.convertClobs(`${i}.${o.field}`);e=e.select(this.knex.raw("COUNT(??) as ??",[u,o.name]))}else e=e.count(`${o.field} as ${o.name}`);else{let u=this.getFieldSchema(o.field);if(!u)throw new Error(`field schema missing for aggregation target: ${o.field}`);let c=this.knex.raw("??(??)",[this.knex.raw(a),this.rawQuotedIdentifier(`${i}.${o.field}`)]);u.type==="bigint"&&(c=this.castIntToString(c)),e=e.select(this.knex.raw("?? as ??",[c,o.name]))}}return e}isAggregateField(e){return!!this.query.resource?.aggregations?.find(n=>n.name===e)}addSorting(e){let{sort:r,resource:n}=this.query,i=this.table.primary,o=this.getTableName();if(!Array.isArray(i))throw new Error("Sorting requires primary key to be specified for table");if(r&&Object.keys(r||{}).length>0)for(let[u,c]of Object.entries(r)){let l=this.getFieldSchema(u);if(this.isUnsortableField(l))continue;let d=c.direction==="ascending"?"asc":"desc",f;(this.client==="pg"||this.client==="oracledb")&&(f=c.direction==="ascending"?"first":"last");let p=`${o}.${u}`,m;this.isAggregateField(u)?m=this.rawQuotedIdentifier(u):this.client==="oracledb"?m=this.convertClobs(p):m=this.rawQuotedIdentifier(p),e=e.orderByRaw(`?? ?? ${f?"nulls ??":""}`,[m,this.knex.raw(d),...f?[this.knex.raw(f)]:[]])}if(!((n?.aggregations?.length??0)>0)){let u=this.findSortablePrimaryKey(i);if(u&&(!r||r[u]===void 0))e=e.orderBy(`${o}.${u}`);else if(!u&&(!r||Object.keys(r).length===0))throw new Error(`Primary key not found for table ${this.table.name}`)}return e}isUnsortableField(e){return e?.type==="json"}findSortablePrimaryKey(e){return e.find(r=>{if(r==null)return!1;let n=this.getFieldSchema(r);return!this.isUnsortableField(n)})}tableNameWithSchema(e,r){let n=r?.schema?`${r.schema}.${e}`:e;return r?.alias&&(n+=` as ${r.alias}`),n}buildJsonField(e,r){let n=r.split("."),i=n[n.length-1],o,a;if(n.length>1){let l=n.shift();o=n.join("."),a=`${l}.${o}`}else o=n.join("."),a=o;this.query.meta?.columnPrefix&&(i=i.replace(this.query.meta.columnPrefix,""));let u=this.rawQuotedIdentifier(a),c=e.schema[i];return c&&c.type==="bigint"&&(u=this.castIntToString(u)),[o,u]}maxFunctionParameters(){switch(this.client){case"sqlite3":return 127;case"pg":return 100;default:return 200}}addJsonRelationships(e,r,n){let i=this.client,o=this.knex,{resource:a,tableAliases:u,schema:c,tables:l}=this.query,d=a?.fields||[];for(let f of n){let{tableName:p,through:m,to:h,from:g,fromPrimary:y,toPrimary:S}=f;if(!p||!r)continue;let O=l[p];if(!O)throw new Error(`related table "${p}" not found in datasource`);let _=u?.[p]||p,w=u?.[r]||r,T=m&&u?.[m]||m,I=this.tableNameWithSchema(p,{alias:_,schema:c}),F=[...O?.primary||[],O?.primaryDisplay].filter($=>$),P=P0(d.filter($=>$.split(".")[0]===_),F);P=P.slice(0,Math.floor(this.maxFunctionParameters()/2));let M=P.map($=>this.buildJsonField(O,$));if(!M.length)continue;let Y=M.map($=>{let J=this.client==="oracledb"?" VALUE ":",";return this.knex.raw(`?${J}??`,[$[0],$[1]]).toString()}).join(","),xt=`${_}.${S||h}`,W=o.from(I).orderBy(xt),k=m&&S&&y,v=k?`${T}.${g}`:`${_}.${h}`,G=k?`${w}.${y}`:`${w}.${g}`;if(k){let $=this.tableNameWithSchema(m,{alias:T,schema:c});W=W.join($,function(){this.on(`${_}.${S}`,"=",`${T}.${h}`)})}W=W.where(this.rawQuotedIdentifier(v),"=",this.rawQuotedIdentifier(G));let L=s($=>(W=W.select(P.map(J=>this.rawQuotedIdentifier(J))).limit(gm()),o.select($).from({[_]:W})),"standardWrap"),D;switch(i){case"sqlite3":W=this.addJoinFieldCheck(W,f),D=L(this.knex.raw(`json_group_array(json_object(${Y}))`));break;case"pg":D=L(this.knex.raw(`json_agg(json_build_object(${Y}))`));break;case"mariadb":D=W.select(o.raw(`json_arrayagg(json_object(${Y}) LIMIT ${gm()})`));break;case"mysql2":case"oracledb":D=L(this.knex.raw(`json_arrayagg(json_object(${Y}))`));break;case"mssql":{let $=o.select("*").from({[w]:W.select(M.map(J=>o.ref(J[1]).as(J[0]))).limit(gm())});D=o.raw(`(SELECT ?? = (${$} FOR JSON PATH))`,[this.rawQuotedIdentifier(_)]);break}default:throw new Error(`JSON relationships not implement for ${i}`)}e=e.select({[f.column]:D})}return e}addJoin(e,r,n){let{tableAliases:i,schema:o}=this.query,a=r.to,u=r.from,c=r.through,l=i?.[a]||a,d=c&&i?.[c]||c,f=i?.[u]||u,p=this.tableNameWithSchema(a,{alias:l,schema:o}),m=c?this.tableNameWithSchema(c,{alias:d,schema:o}):void 0;return c?e=e.leftJoin(m,function(){for(let h of n){let g=h.fromPrimary,y=h.from;this.orOn(`${f}.${g}`,"=",`${d}.${y}`)}}).leftJoin(p,function(){for(let h of n){let g=h.toPrimary,y=h.to;this.orOn(`${l}.${g}`,`${d}.${y}`)}}):e=e.leftJoin(p,function(){for(let h of n){let g=h.from,y=h.to;this.orOn(`${f}.${g}`,"=",`${l}.${y}`)}}),e}qualifiedKnex(e){let r=this.query.tableAliases?.[this.query.table.name];return e?.alias===!1?r=void 0:typeof e?.alias=="string"&&(r=e.alias),this.knex(this.tableNameWithSchema(this.query.table.name,{alias:r,schema:this.query.schema}))}create(e){let{body:r}=this.query;if(!r)throw new Error("Cannot create without row body");let n=this.qualifiedKnex({alias:!1}),i=this.parseBody(r);if(this.client==="oracledb")for(let[o,a]of Object.entries(this.query.table.schema)){if(a.constraints?.presence===!0||a.type==="formula"||a.type==="auto"||a.type==="link"||a.type==="ai")continue;i[o]==null&&(i[o]=null)}else for(let[o,a]of Object.entries(i))a==null&&delete i[o];return e.disableReturning?n.insert(i):n.insert(i).returning("*")}bulkCreate(){let{body:e}=this.query,r=this.qualifiedKnex({alias:!1});if(!Array.isArray(e))return r;let n=e.map(i=>this.parseBody(i));return r.insert(n)}bulkUpsert(){let{body:e}=this.query,r=this.qualifiedKnex({alias:!1});if(!Array.isArray(e))return r;let n=e.map(i=>this.parseBody(i));if(this.client==="pg"||this.client==="sqlite3"||this.client==="mysql2"||this.client==="mariadb"){let i=this.table.primary;if(!i)throw new Error("Primary key is required for upsert");return r.insert(n).onConflict(i).merge()}else if(this.client==="mssql"||this.client==="oracledb")return r.insert(n);return r.upsert(n)}read(e={}){let{operation:r,filters:n,paginate:i,relationships:o,table:a}=this.query,{limits:u}=e,c=this.qualifiedKnex(),l=null,d=u?.query||u?.base;if(i&&i.page&&i.limit){let m=(i.page<=1?0:i.page-1)*i.limit;d=i.limit,l=m}else i&&i.offset&&i.limit?(d=i.limit,l=i.offset):i&&i.limit&&(d=i.limit);r!=="COUNT"&&(d!=null&&(c=c.limit(d)),l!=null&&(c=c.offset(l)));let f=this.query.resource?.aggregations||[];if(r==="COUNT"?c=this.addDistinctCount(c):f.length>0?c=this.addAggregations(c,f):c=c.select(this.generateSelectStatement()),r!=="COUNT"&&(c=this.addSorting(c)),c=this.addFilters(c,n,{relationship:!0}),o?.length&&f.length===0){let p=this.query.tableAliases?.[a.name]||a.name,m=this.addSorting(this.knex.with("paginated",c.clone().clearSelect().select("*")).select(this.generateSelectStatement()).from({[p]:"paginated"}));return this.addJsonRelationships(m,a.name,o)}return c}update(e){let{body:r,filters:n}=this.query;if(!r)throw new Error("Cannot update without row body");let i=this.qualifiedKnex(),o=this.parseBody(r);return i=this.addFilters(i,n),e.disableReturning?i.update(o):i.update(o).returning("*")}delete(e){let{filters:r}=this.query,n=this.qualifiedKnex();return n=this.addFilters(n,r),e.disableReturning?n.delete():n.delete().returning(this.generateSelectStatement())}},Sm=class extends Sc{constructor(r,n=d_()){super(r);this.limit=n}static{s(this,"SqlQueryBuilder")}convertToNative(r,n={}){let i=this.getSqlClient();if(n?.disableBindings)return{sql:r.toString()};{let o=Hn(r);return i==="sqlite3"&&(o=h_(o)),o}}_query(r,n={}){let i=this.getSqlClient(),o={client:this.getBaseSqlClient()};(i==="sqlite3"||i==="oracledb")&&(o.useNullAsDefault=!0);let a=(0,p_.knex)(o),u,c=new Tm(i,a,r);switch(this._operation(r)){case"CREATE":u=c.create(n);break;case"READ":u=c.read({limits:{query:this.limit,base:d_()}});break;case"COUNT":u=c.read();break;case"UPDATE":u=c.update(n);break;case"DELETE":u=c.delete(n);break;case"BULK_CREATE":u=c.bulkCreate();break;case"BULK_UPSERT":u=c.bulkUpsert();break;case"CREATE_TABLE":case"UPDATE_TABLE":case"DELETE_TABLE":return this._tableQuery(r);default:throw"Operation type is not supported by SQL query builder"}return this.convertToNative(u,n)}async getReturningRow(r,n){if(!n.extra||!n.extra.idFilter)return{};let i=this._query({operation:"READ",datasource:n.datasource,schema:n.schema,table:n.table,tables:n.tables,resource:{fields:[]},filters:n.extra?.idFilter,paginate:{limit:1}});return r(i,"READ")}checkLookupKeys(r,n){if(!r||!n.table.primary)return n;let i=n.table.primary[0];return n.extra={idFilter:{equal:{[i]:r}}},n}async queryWithReturning(r,n,i=o=>o){let o=this.getSqlClient(),a=this._operation(r),u=this._query(r,{disableReturning:!0});if(Array.isArray(u)){let f=[];for(let p of u)f.push(await n(p,a));return f}let c;a==="DELETE"&&(c=i(await this.getReturningRow(n,r)));let l=await n(u,a),d=i(l);if(a==="CREATE"||a==="UPDATE"){let f;o==="mssql"?f=d?.[0].id:(o==="mysql2"||o==="mariadb")&&(f=d?.insertId),c=i(await this.getReturningRow(n,this.checkLookupKeys(f,r)))}return a==="COUNT"?d:a!=="READ"?c:d.length?d:[{[a.toLowerCase()]:!0}]}getTableName(r,n){let i=r.name;if(r.sourceType==="internal"||r.sourceId===bc){if(!r._id)return;i=r._id}return n?.[i]||i}convertJsonStringColumns(r,n,i){let o=this.getTableName(r,i);for(let[a,u]of Object.entries(r.schema)){if(!g_(u))continue;let c=`${o}.${a}`;for(let l of n)typeof l[c]=="string"&&(l[c]=JSON.parse(l[c])),typeof l[a]=="string"&&(l[a]=JSON.parse(l[a]))}return n}log(r,n){Ds(this.getSqlClient(),r,n)}},y_=Sm;var _m={};N(_m,{base:()=>L0});function L0(t){return{_id:Dt,language:"sqlite",sql:{tables:{},options:{table_name:t}}}}s(L0,"base");var Im={};N(Im,{jsonFromCsvString:()=>k0});var T_=B(require("csvtojson"));async function k0(t,e){let{ignoreEmpty:r=!1,allowSingleColumn:n=!1,possibleDelimiters:i=[",",";",":","|","~"," "," "]}=e||{};for(let o of i){let a,u=!1;try{let c=await(0,T_.default)({ignoreEmpty:r,delimiter:o}).fromString(t);for(let[,l]of c.entries()){let d=Object.keys(l);if(a==null&&(a=d),!n&&d.length===1){u=!0;break}if(a.length!==d.length){u=!0;break}for(let f of a)(l[f]===void 0||l[f]==="")&&(l[f]=null)}if(u)continue;return c}catch{continue}}throw new Error("Unable to determine delimiter")}s(k0,"jsonFromCsvString");var wm=class{static{s(this,"Endpoint")}constructor(e,r,n){this.method=e,this.url=r,this.controller=n,this.middlewares=[],this.outputMiddlewares=[]}addMiddleware(e,r){return r?.first?this.middlewares.unshift(e):this.middlewares.push(e),this}addOutputMiddleware(e,r){return r?.first?this.outputMiddlewares.unshift(e):this.outputMiddlewares.push(e),this}apply(e){let r=this.method,n=this.url,i=this.middlewares,o=this.controller,a=this.outputMiddlewares,u=s(()=>{},"complete"),c=[n,...i,o,...a,u];e[r](...c)}},Ac=wm;var S_=B(require("@koa/router"));var In=class{constructor(){this.endpoints=[];this.middlewares=[];this.outputMiddlewares=[];this.applied=!1;this.locked=!1}static{s(this,"EndpointGroup")}addGroupMiddleware(e,r={first:!0}){if(this.locked)throw new Error("Group locked, no more middleware can be added.");return this.middlewares.push({fn:e,first:r.first}),this}addGroupMiddlewareOutput(e,r={first:!1}){if(this.locked)throw new Error("Group locked, no more middleware can be added.");return this.outputMiddlewares.push({fn:e,first:r.first}),this}addEndpoint(e,r,...n){let i=n.pop(),o=new Ac(e,r,i);if(n.length!==0)for(let a of n)o.addMiddleware(a);return this.endpoints.push(o),this}lockMiddleware(){this.locked=!0}post(e,...r){return this.addEndpoint("post",e,...r)}patch(e,...r){return this.addEndpoint("patch",e,...r)}put(e,...r){return this.addEndpoint("put",e,...r)}get(e,...r){return this.addEndpoint("get",e,...r)}delete(e,...r){return this.addEndpoint("delete",e,...r)}head(e,...r){return this.addEndpoint("head",e,...r)}apply(e){let r=this.endpointList();e||(e=new S_.default);for(let n of r)n.apply(e);return e}endpointList(){if(this.applied)throw new Error("Already applied to router");this.applied=!0;for(let e of this.endpoints)this.middlewares.forEach(({fn:r,first:n})=>e.addMiddleware(r,{first:n})),this.outputMiddlewares.forEach(({fn:r,first:n})=>e.addOutputMiddleware(r,{first:n}));return this.endpoints}};var Lo=class{constructor(){this.groups=[]}static{s(this,"EndpointGroupList")}group(...e){let r=new In;return e.length&&e.forEach(n=>{"first"in n?r.addGroupMiddleware(n.middleware,{first:n.first}):r.addGroupMiddleware(n)}),this.groups.push(r),r}listAllEndpoints(){let e=this.groups.flatMap(i=>i.endpointList()),r=[],n=[];for(let i of e)i.url.includes(":")?n.push(i):r.push(i);return[...r,...n]}};var M0={...Qs,...ue},F0=s((t={})=>{Ka(t.db)},"init");0&&(module.exports={AutomationViewMode,BUDIBASE_DATASOURCE_TYPE,BadRequestError,BudibaseError,Config,Cookie,DEFAULT_BB_DATASOURCE_ID,DEFAULT_EMPLOYEE_TABLE_ID,DEFAULT_EXPENSES_TABLE_ID,DEFAULT_INVENTORY_TABLE_ID,DEFAULT_JOBS_TABLE_ID,DEFAULT_TENANT_ID,DeprecatedViews,DesignDocuments,DocumentType,Duration,DurationType,EmailUnavailableError,Endpoint,EndpointGroup,EndpointGroupList,FeatureDisabledError,ForbiddenError,GlobalRole,HTTPError,Header,InternalTable,InvalidAPIKeyError,MAX_VALID_DATE,MIN_VALID_DATE,NotFoundError,NotImplementedError,RedisClient,SEPARATOR,SQLITE_DESIGN_DOC_ID,SQS_DATASOURCE_INTERNAL,StaticDatabases,UNICODE_MAX,USER_METADATA_PREFIX,UnexpectedError,UsageLimitError,UserStatus,ViewName,WORKSPACE_DEV,WORKSPACE_DEV_PREFIX,WORKSPACE_PREFIX,accounts,auth,blacklist,cache,configs,constants,context,csv,db,docIds,docUpdates,encryption,env,errors,events,features,getPublicError,init,installation,locks,logging,middleware,objectStore,permissions,platform,plugins,queue,redis,roles,security,sessions,setEnv,sql,tenancy,timers,userUtils,users,utils,withEnv});
|
|
39
39
|
//# sourceMappingURL=index.js.map
|