@budibase/backend-core 3.31.0 → 3.31.2

package/dist/index.js

@@ -34,6 +34,6 @@ attempted value: ${o}
       emit(doc.ssoId, doc._id)
     }
   }`,"platform_users_lowercase_2")},"createPlatformUserView"),Fs=s(async(t,e)=>{let r={account_by_email:HT,platform_users_lowercase_2:YT};return je(fe.PLATFORM_INFO.name,async n=>{let i=r[t];return Lf(t,e,n,i,{arrayResponse:!0})})},"queryPlatformView"),zT={by_email2:qT,by_api_key:QT,by_app:KT},qt=s(async(t,e,r,n)=>{r||(r=Y());let i=zT[t];return Lf(t,e,r,i,n)},"queryGlobalView");async function Bs(t,e,r){let n=Y(),i=zT[t];return ks(t,e,n,i,r)}s(Bs,"queryGlobalViewRaw");var Ux=B(require("pouchdb"));var JT=require("dd-trace");var Mf=class{static{s(this,"Replication")}constructor({source:e,target:r}){this.source=rt(e),this.target=rt(r),e.startsWith("app_dev")&&r.startsWith("app")?this.direction="toProduction":e.startsWith("app")&&r.startsWith("app_dev")&&(this.direction="toDev")}async close(){await Promise.all([Rs(this.source),Rs(this.target)])}replicate(e={}){return new Promise(r=>{this.source.replicate.to(this.target,e).on("denied",function(n){throw new Error(`Denied: Document failed to replicate ${n}`)}).on("complete",function(n){return r(n)}).on("error",function(n){throw n})})}async resolveInconsistencies(e){for(let r of e)try{let[n,i]=await Promise.all([this.source.get(r),this.target.get(r)]),o=this.replicationDelta(n,i);if(o<0||o===0&&n._rev===i._rev)continue;let a=o+1;await JT.tracer.trace("Replication.resolveInconsistencies",async u=>{u.addTags({versionsToJump:a,toFix:!0,id:r,sourceRev:n._rev,targetRev:i._rev});for(let c=0;c<a;c++){let l=await this.source.get(i._id);await this.source.put(l)}})}catch{console.warn("Cannot resolve inconsistencies for document",r)}}replicationDelta(e,r){let n=this.getRevisionNumber(e);return this.getRevisionNumber(r)-n}getRevisionNumber(e){return parseInt(e._rev?.split("-")[0]||"0")}appReplicateOpts(e={}){if(typeof e.filter=="string")return e;let r=e.filter,n=this.direction,i=n==="toDev";delete e.filter;let o=e.isCreation,a=e.tablesToSync;delete e.isCreation,delete e.tablesToSync;let u=!1,c;typeof a=="string"&&a==="all"?u=!0:a&&(c=a);let l=s((f,h)=>f?.startsWith(h+C),"startsWithID"),d=s(f=>l(f,"ro")||l(f,"li"),"isData");return{...e,filter:(f,h)=>!o&&f._id==="_design/migrations"||i&&f._id.startsWith("_design")?!1:f._deleted||l(f._id,Ss)?!0:n==="toProduction"&&!o&&l(f._id,"autocolumn_state")?!1:d(f._id)?!!c?.find(p=>f._id.includes(p))||u:l(f._id,"log_au")||f._id==="app_metadata"?!1:r?r(f,h):!0}}async rollback(){await this.target.destroy(),this.target=rt(this.target.name),await this.replicate()}},ZT=Mf;var eS=B(require("node-fetch"));var Ws=mr.removeKeyNumbering;function an(t){return t==null||t===""}s(an,"isEmpty");var Kt=class t{static{s(this,"QueryBuilder")}#l;#d;#e;#r;#n;#i;#s;#o;#t;#f;#a;#u=!1;#c;static{this.maxLimit=200}constructor(e,r,n){this.#l=e,this.#d=r,this.#e={allOr:!1,onEmptyFilter:"all",string:{},fuzzy:{},range:{},equal:{},notEqual:{},empty:{},notEmpty:{},oneOf:{},contains:{},notContains:{},containsAny:{},...n},this.#r=50,this.#s="ascending",this.#o="string",this.#t=!0}disableEscaping(){return this.#u=!0,this}setIndexBuilder(e){return this.#a=e,this}setVersion(e){return e!=null&&(this.#f=e),this}setTable(e){return this.#e.equal.tableId=e,this}setLimit(e){return e!=null&&(this.#r=e),this}setSort(e){return e!=null&&(this.#n=e),this}setSortOrder(e){return e!=null&&(this.#s=e),this}setSortType(e){return e!=null&&(this.#o=e),this}setBookmark(e){return e!=null&&(this.#i=e),this}setSkip(e){return this.#c=e,this}excludeDocs(){return this.#t=!1,this}includeDocs(){return this.#t=!0,this}addString(e,r){return this.#e.string[e]=r,this}addFuzzy(e,r){return this.#e.fuzzy[e]=r,this}addRange(e,r,n){return this.#e.range[e]={low:r,high:n},this}addEqual(e,r){return this.#e.equal[e]=r,this}addNotEqual(e,r){return this.#e.notEqual[e]=r,this}addEmpty(e,r){return this.#e.empty[e]=r,this}addNotEmpty(e,r){return this.#e.notEmpty[e]=r,this}addOneOf(e,r){return this.#e.oneOf[e]=r,this}addContains(e,r){return this.#e.contains[e]=r,this}addNotContains(e,r){return this.#e.notContains[e]=r,this}addContainsAny(e,r){return this.#e.containsAny[e]=r,this}setAllOr(){this.#e.allOr=!0}setOnEmptyFilter(e){this.#e.onEmptyFilter=e}handleSpaces(e){return this.#u?e:e.replace(/ /g,"_")}preprocess(e,{escape:r,lowercase:n,wrap:i,type:o}={}){let a=!!this.#f,u=typeof e;return e&&n&&(e=e.toLowerCase?e.toLowerCase():e),!this.#u&&r&&u==="string"&&(e=`${e}`.replace(/[ /#+\-&|!(){}\]^"~*?:\\]/g,"\\$&")),u==="string"&&!isNaN(e)&&!o?e=`"${e}"`:a&&i&&(e=u==="number"?e:`"${e}"`),e}isMultiCondition(){let e=0;for(let r of Object.values(this.#e))typeof r=="object"&&(e+=Object.keys(r).length);return e>1}compressFilters(e){let r={};for(let o of Object.keys(e)){let a=Ws(o);r[a]?r[a]=r[a].concat(e[o]):r[a]=e[o]}let n={},i=1;for(let[o,a]of Object.entries(r))n[`${i++}:${o}`]=a;return n}buildSearchQuery(){let e=this,r=this.#e&&this.#e.allOr,n=r?"":"*:*",i=!0,o={escape:!0,lowercase:!0,wrap:!0},a="";this.#e.equal.tableId&&(a=this.#e.equal.tableId,delete this.#e.equal.tableId);let u=s((S,m)=>an(m)?null:`${S}:${e.preprocess(m,o)}`,"equal"),c=s((S,m,E="AND")=>{if(an(m))return null;if(!Array.isArray(m))return`${S}:${m}`;let y=`${e.preprocess(m[0],{escape:!0})}`;for(let I=1;I<m.length;I++)y+=` ${E} ${e.preprocess(m[I],{escape:!0})}`;return`${S}:(${y})`},"contains"),l=s((S,m)=>an(m)?null:(m=e.preprocess(m,{escape:!0,lowercase:!0,type:"fuzzy"}),`${S}:/.*${m}.*/`),"fuzzy"),d=s((S,m)=>{let E=r?"*:* AND ":"",y=r?"AND":void 0;return E+"NOT "+c(S,m,y)},"notContains"),f=s((S,m)=>c(S,m,"OR"),"containsAny"),h=s((S,m)=>{if(an(m))return"*:*";if(!Array.isArray(m))if(typeof m=="string")m=m.split(",");else return"";let E=`${e.preprocess(m[0],o)}`;for(let y=1;y<m.length;y++)E+=` OR ${e.preprocess(m[y],o)}`;return`${S}:(${E})`},"oneOf");function p(S,m,E){let y="";for(let[I,_]of Object.entries(S)){I=Ws(I),I=e.preprocess(e.handleSpaces(I),{escape:!0});let D=m(I,_);if(D!=null){if(y.length>0||n.length>0){let T=E?.mode?E.mode:r?"OR":"AND";y+=` ${T} `}y+=D,(typeof _!="string"&&_!=null||typeof _=="string"&&_!==a&&_!=="")&&(i=!1)}}if(E?.returnBuilt)return y;n+=y}if(s(p,"build"),this.#e.string&&p(this.#e.string,(S,m)=>an(m)?null:(m=e.preprocess(m,{escape:!0,lowercase:!0,type:"string"}),`${S}:${m}*`)),this.#e.range&&p(this.#e.range,(S,m)=>{if(an(m)||m.low==null||m.low===""||m.high==null||m.high==="")return null;let E=e.preprocess(m.low,o),y=e.preprocess(m.high,o);return`${S}:[${E} TO ${y}]`}),this.#e.fuzzy&&p(this.#e.fuzzy,l),this.#e.equal&&p(this.#e.equal,u),this.#e.notEqual&&p(this.#e.notEqual,(S,m)=>an(m)?null:typeof m=="boolean"?`(*:* AND !${S}:${m})`:`!${S}:${e.preprocess(m,o)}`),this.#e.empty&&p(this.#e.empty,S=>(i=!1,`(*:* -${S}:["" TO *])`)),this.#e.notEmpty&&p(this.#e.notEmpty,S=>(i=!1,`${S}:["" TO *]`)),this.#e.oneOf&&p(this.#e.oneOf,h),this.#e.contains&&p(this.#e.contains,c),this.#e.notContains&&p(this.compressFilters(this.#e.notContains),d),this.#e.containsAny&&p(this.#e.containsAny,f),a&&(n=this.isMultiCondition()?`(${n})`:n,r=!1,p({tableId:a},u)),i){if(this.#e.onEmptyFilter==="none")return"";if(this.#e?.allOr)return n.replace("()","(*:*)")}return n}buildSearchBody(){let e={q:this.buildSearchQuery(),limit:Math.min(this.#r,t.maxLimit),include_docs:this.#t};if(this.#i&&(e.bookmark=this.#i),this.#n){let r=this.#s==="descending"?"-":"",n=`<${this.#o}>`;e.sort=`${r}${this.handleSpaces(this.#n)}${n}`}return e}async run(){return this.#c&&await this.#m(this.#c),await this.#p()}async#m(e){let r=this.#t,n=this.#r;this.excludeDocs();let i=e,o=0;do{let a=Math.min(t.maxLimit,i);this.setLimit(a);let{bookmark:u,rows:c}=await this.#p();this.setBookmark(u),o=c.length,i-=c.length}while(i>0&&o>0);this.#t=r,this.#r=n}async#p(){let{url:e,cookie:r}=mt(),n=`${e}/${this.#l}/_design/database/_search/${this.#d}`,i=this.buildSearchBody();try{return await XT(n,i,r)}catch(o){if(o.status===404&&this.#a)return await this.#a(),await XT(n,i,r);throw o}}};async function XT(t,e,r){let n=await(0,eS.default)(t,{body:JSON.stringify(e),method:"POST",headers:{Authorization:r}});if(n.status===404)throw n;let i=await n.json(),o={rows:[],totalRows:0};return i.rows!=null&&i.rows.length>0&&(o.rows=i.rows.map(a=>a.doc)),i.bookmark&&(o.bookmark=i.bookmark),i.total_rows&&(o.totalRows=i.total_rows),o}s(XT,"runQuery");async function tS(t,e,r,n){let i=n.bookmark,o=n.rows||[];if(n.limit&&o.length>=n.limit)return o;let a=Kt.maxLimit;n.limit&&o.length>n.limit-Kt.maxLimit&&(a=n.limit-o.length);let u=new Kt(t,e,r);u.setVersion(n.version).setBookmark(i).setLimit(a).setSort(n.sort).setSortOrder(n.sortOrder).setSortType(n.sortType),n.tableId&&u.setTable(n.tableId);let c=await u.run();if(!c.rows.length)return o;if(c.rows.length<Kt.maxLimit)return[...o,...c.rows];let l={...n,bookmark:c.bookmark,rows:[...o,...c.rows]};return await tS(t,e,r,l)}s(tS,"recursiveSearch");async function Lx(t,e,r,n){let i=n.limit;(i==null||isNaN(i)||i<0)&&(i=50),i=Math.min(i,Kt.maxLimit);let o=new Kt(t,e,r);n.version&&o.setVersion(n.version),n.tableId&&o.setTable(n.tableId),n.sort&&o.setSort(n.sort).setSortOrder(n.sortOrder).setSortType(n.sortType),n.indexer&&o.setIndexBuilder(n.indexer),n.disableEscaping&&o.disableEscaping();let a=await o.setBookmark(n.bookmark).setLimit(i).run();o.setBookmark(a.bookmark).setLimit(1),n.tableId&&o.setTable(n.tableId);let u=await o.run();return{...a,hasNextPage:u.rows&&u.rows.length>0}}s(Lx,"paginatedSearch");async function Mx(t,e,r,n){let i=n.limit;return(i==null||isNaN(i)||i<0)&&(i=1e3),n.limit=Math.min(i,1e3),{rows:await tS(t,e,r,n)}}s(Mx,"fullSearch");var kf={};P(kf,{createUserIndex:()=>kx});async function kx(){let t=Y(),e;try{e=await t.get("_design/database")}catch(n){n.status===404&&(e={_id:"_design/database"})}let r=s(function(n){if(n._id&&!n._id.startsWith("us_"))return;let i=["_id","_rev","password","account","license","budibaseAccess","accountPortalAccess","csrfToken"];function o(a,u){for(let c of Object.keys(a)){if(i.includes(c))continue;let l=u!=null?`${u}.${c}`:c;typeof a[c]=="string"?index(l,a[c].toLowerCase(),{facet:!0}):typeof a[c]!="object"?index(l,a[c],{facet:!0}):o(a[c],l)}}s(o,"idx"),o(n)},"fn");e.indexes={user:{index:r.toString(),analyzer:{default:"keyword",name:"perfield"}}},await t.put(e)}s(kx,"createUserIndex");function rS(t,e){let r=e.toString();if(typeof t=="object")return t.status===e||t.message?.includes(r);if(typeof t=="number")return t===e;if(typeof t=="string")return t.includes(r)}s(rS,"checkErrorCode");function Fx(t){return rS(t,409)}s(Fx,"isDocumentConflictError");var Gs={};P(Gs,{addTenantToUrl:()=>Bx,getTenantDB:()=>Ff,getTenantIDFromCtx:()=>$s,isUserInWorkspaceTenant:()=>Wx});function Ff(t){return Re(nn(t))}s(Ff,"getTenantDB");function Bx(t){let e=$();if(Er()){let r=t.indexOf("?")===-1?"?":"&";t+=`${r}tenantId=${e}`}return t}s(Bx,"addTenantToUrl");var Wx=s((t,e)=>{let r;return e?r=e.tenantId||ae:r=$(),(Xn(t)||ae)===r},"isUserInWorkspaceTenant"),$x=Object.values(Di),$s=s((t,e)=>{if(!Er())return ae;e.allowNoTenant===void 0&&(e.allowNoTenant=!1),e.includeStrategies||(e.includeStrategies=$x),e.excludeStrategies||(e.excludeStrategies=[]);let r=s(n=>{if(e.excludeStrategies?.includes(n))return!1;if(e.includeStrategies?.includes(n))return!0},"isAllowed");if(r("user")){let n=t.user?.tenantId;if(n)return n}if(r("header")){let n=t.request.headers["x-budibase-tenant-id"];if(n)return n}if(r("query")){let n=t.request.query.tenantId;if(n)return n}if(r("subdomain")){let n;try{n=new URL(hf()).host.split(":")[0]}catch(o){if(o.code!=="ERR_INVALID_URL")throw o}let i=t.host;if(n&&i.includes(n)){let o=i.substring(0,i.indexOf(`.${n}`));if(o)return o}}if(r("path")){let n=t.matched.find(a=>!!a.paramNames.find(u=>u.name==="tenantId")),i=t.originalUrl,o;if(i.includes("?")?o=i.split("?")[0]:o=i,n){let a=n.params(o,n.captures(o),{});if(a.tenantId)return a.tenantId}}e.allowNoTenant||t.throw(403,"Tenant id not set")},"getTenantIDFromCtx");var Bf="app"+C,nS="/app/",iS="/app-chat/";async function Gx(t){let r=t.path.split("/")[2];if(!r)return;let n=`/${r.toLowerCase()}`,i=$();!g.isDev()&&g.MULTI_TENANCY&&(i=$s(t,{includeStrategies:["subdomain"]}));let a=(await Ce(i,()=>Ms({dev:!1}))).filter(u=>u.url&&u.url.toLowerCase()===n)[0];return a&&a.appId?a.appId:void 0}s(Gx,"resolveAppUrl");function Vx(t){return t.path.startsWith(`/${Bf}`)?!0:t.path.startsWith(nS)||t.path.startsWith(iS)}s(Vx,"isServingApp");function qx(t){return t.path.startsWith("/builder/workspace/")}s(qx,"isServingBuilder");function Kx(t){return sS(t.path)}s(Kx,"isServingBuilderPreview");function sS(t){return new RegExp(/^\/app\/app_\w+\/preview$/).test(t)}s(sS,"isBuilderPreviewUrl");function Qx(t){return t.path.startsWith("/api/public/v")}s(Qx,"isPublicApiRequest");async function un(t){let e;function r(u){u&&u.startsWith(Bf)&&(e&&e!==u&&t.throw("App id conflict",403),e=u)}s(r,"setWorkspaceIdIfValid");function n(u){if(u){typeof u=="string"&&(u=[u]);for(let c of u)r(c)}}s(n,"checkPossibleValues"),n(t.request.headers["x-budibase-app-id"]),r(t.request.body?.appId);let i=jx(t.path);r(i),n(t.query?.appId);let o=sS(t.path);return(t.path.startsWith(nS)||t.path.startsWith(iS))&&!o&&r(await Gx(t)),e}s(un,"getWorkspaceIdFromCtx");function jx(t){if(t)return t.split("?")[0].split("/").find(e=>e.startsWith(Bf))}s(jx,"parseWorkspaceIdFromUrlPath");function gu(t){if(t)try{return hu.default.verify(t,g.JWT_SECRET)}catch(e){if(g.JWT_SECRET_FALLBACK)return hu.default.verify(t,g.JWT_SECRET_FALLBACK);throw e}}s(gu,"openJwt");function Vs(t){return g.INTERNAL_API_KEY&&g.INTERNAL_API_KEY===t?!0:!!(g.INTERNAL_API_KEY_FALLBACK&&g.INTERNAL_API_KEY_FALLBACK===t)}s(Vs,"isValidInternalAPIKey");function Qt(t,e){let r=t.cookies.get(e);if(r)return gu(r)}s(Qt,"getCookie");function oS(t,e,r="builder",n={sign:!0}){e&&n&&n.sign&&(e=hu.default.sign(e,g.JWT_SECRET));let i={expires:Wa,path:"/",httpOnly:!1,overwrite:!0};g.COOKIE_DOMAIN&&(i.domain=g.COOKIE_DOMAIN),t.cookies.set(r,e,i)}s(oS,"setCookie");function Ar(t,e){oS(t,null,e)}s(Ar,"clearCookie");function Hx(t){return t.headers["x-budibase-type"]==="client"}s(Hx,"isClient");function Wf(t){return new Promise(e=>setTimeout(e,t))}s(Wf,"timeout");function $f(t){return!!qm[t]}s($f,"isAudited");function Yx(t){if(typeof t!="object")return!1;try{JSON.stringify(t)}catch(e){if(e instanceof Error&&e?.message.includes("circular structure"))return!0}return!1}s(Yx,"hasCircularStructure");function zx(t){return!!t.match(/^.+:\/\/.+$/)}s(zx,"urlHasProtocol");function Gf(t){return t&&!!t.match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)}s(Gf,"validEmail");var Vf=(o=>(o.MILLISECONDS="milliseconds",o.SECONDS="seconds",o.MINUTES="minutes",o.HOURS="hours",o.DAYS="days",o))(Vf||{}),Eu={milliseconds:1,seconds:1e3,minutes:6e4,hours:36e5,days:864e5},pe=class t{constructor(e){this.ms=e}static{s(this,"Duration")}to(e){return this.ms/Eu[e]}toMs(){return this.ms}toSeconds(){return this.to("seconds")}static convert(e,r,n){return n*Eu[e]/Eu[r]}static from(e,r){return new t(r*Eu[e])}static fromSeconds(e){return t.from("seconds",e)}static fromMinutes(e){return t.from("minutes",e)}static fromHours(e){return t.from("hours",e)}static fromDays(e){return t.from("days",e)}static fromMilliseconds(e){return t.from("milliseconds",e)}};async function Jx(t){let e=performance.now();return[await t(),pe.fromMilliseconds(performance.now()-e)]}s(Jx,"time");var yu=require("undici");function Zx(t,e){let r,n=null;try{let o=new URL(t);r=o.hostname,n=o.port||null}catch{return!1}let i=e.split(/[\s,]+/).filter(o=>o.length>0);for(let o of i){let u=o.replace(/^\./,"*").match(/^(.+?)(?::(\d+))?$/);if(!u||!u[1])continue;let c=u[1].toLowerCase(),l=u[2]||null,d=!1;if(c==="*")d=!0;else if(c.startsWith("*")){let h=c.slice(1);d=r===h.slice(1)||r.endsWith(h)}else d=r===c;if(d&&(!l||n===l))return!0}return!1}s(Zx,"isUrlMatchingNoProxy");function Xx(t){let e=process.env.GLOBAL_AGENT_HTTP_PROXY||process.env.HTTP_PROXY,n=process.env.GLOBAL_AGENT_HTTPS_PROXY||process.env.HTTPS_PROXY||e;if(!n||!n.trim())return!0;try{new URL(n.trim())}catch{return console.log("[fetch] Invalid proxy URL format:",n),!0}if(t){let i=process.env.GLOBAL_AGENT_NO_PROXY||process.env.NO_PROXY||"";if(i&&Zx(t,i))return console.log("[fetch] URL matches NO_PROXY pattern, bypassing proxy",{url:t,noProxy:i}),!0}return!1}s(Xx,"shouldBypassProxy");function ev(t){return new yu.Agent({connect:{rejectUnauthorized:t}})}s(ev,"createDirectAgent");function tv(t){let e=process.env.GLOBAL_AGENT_HTTP_PROXY||process.env.HTTP_PROXY,n=(process.env.GLOBAL_AGENT_HTTPS_PROXY||process.env.HTTPS_PROXY||e).trim();console.log("[fetch] Creating ProxyAgent",{proxyUrl:n,rejectUnauthorized:t});let i={uri:n,requestTls:{rejectUnauthorized:t}};return n.startsWith("https://")&&(i.proxyTls={rejectUnauthorized:t}),new yu.ProxyAgent(i)}s(tv,"createProxyAgent");function rv(t){let e=t?.rejectUnauthorized??!0;return Xx(t?.url)?ev(e):tv(e)}s(rv,"createDispatcher");function nv(t){return rv(t)}s(nv,"getDispatcher");var qf=require("util"),Kf=B(require("zlib"));var iv=(0,qf.promisify)(Kf.default.gzip),sv=(0,qf.promisify)(Kf.default.gunzip),Tu="gzip:",ov=s(async t=>{let e=await iv(t);return`${Tu}${e.toString("base64")}`},"gzipToBase64"),av=s(async t=>{let e=t.startsWith(Tu)?t.slice(Tu.length):t,r=Buffer.from(e,"base64");return(await sv(new Uint8Array(r))).toString("utf8")},"gunzipFromBase64");function uv(t){let e=t.get("authorization");if(!e)return null;let r=e.match(/^Bearer\s+(.+)$/i);return r?r[1]:null}s(uv,"getBearerToken");function cv(t){let e="",r=-1,n,i,o=t.opts?.repeat;return o&&(i=o.endDate?new Date(o.endDate).getTime():Date.now(),n=o.tz,"cron"in o?e=o.cron:r=o.every),{id:t.id.toString(),name:"",key:t.id.toString(),tz:n,endDate:i,cron:e,every:r,next:0}}s(cv,"jobToJobInformation");var Su=class{static{s(this,"InMemoryQueue")}constructor(e,r){this._name=e,this._opts=r,this._messages=[],this._emitter=new aS.default.EventEmitter,this._runCount=0,this._addCount=0,this._queuedJobIds=new Set,this._attempts=r?.defaultJobOptions?.attempts||1}async process(e,r){r=typeof e=="number"?r:e,this._emitter.on("message",async n=>{if(!n.manualTrigger&&n.opts?.repeat!=null)return;function i(){return r.length===1?r(n):new Promise((c,l)=>{r(n,s((f,h)=>{f?l(f):c(h)},"done"))})}s(i,"execute");let o=this._attempts;async function a(c,l=0){try{return await c}catch(d){if(l++,l<o&&!n._isDiscarded)return await Le.wait(100*l),await a(i(),l);throw d}}s(a,"retryFunc");try{let c=await a(i());this._emitter.emit("completed",n,c);let l=this._messages.indexOf(n);if(l===-1)throw"Failed deleting a processed message";this._messages.splice(l,1)}catch(c){console.error(c),this._emitter.emit("error",n,c)}this._runCount++;let u=n.opts?.jobId?.toString();u&&n.opts?.removeOnComplete&&this._queuedJobIds.delete(u)})}async isReady(){return this}async add(e,r){if(typeof e=="string")throw new Error("doesn't support named jobs");let n=r,i=n?.jobId?.toString();if(i&&this._queuedJobIds.has(i)){console.log(`Ignoring already queued job ${i}`);return}if(typeof e!="object")throw"Queue only supports carrying JSON.";i&&this._queuedJobIds.add(i);let o=ee(),a=s(()=>{let c={id:o,timestamp:Date.now(),queue:this,data:e,opts:n,discard:async()=>{c._isDiscarded=!0}};this._messages.push(c),this._messages.length>1e3&&this._messages.shift(),this._addCount++,this._emitter.emit("message",c)},"pushMessage"),u=n?.delay;return u?setTimeout(a,u):a(),{id:i,finished:()=>new Promise((c,l)=>{let d=s((h,p)=>{h.id===o&&(this._emitter.off("error",d),this._emitter.off("completed",f),l(p))},"errorHandler"),f=s((h,p)=>{h.id===o&&(this._emitter.off("error",d),this._emitter.off("completed",f),c(p))},"completedHandler");this._emitter.on("error",d),this._emitter.on("completed",f)})}}async close(){}async removeRepeatableByKey(e){for(let[r,n]of this._messages.entries())if(n.id===e){this._messages.splice(r,1),this._emitter.emit("removed",n);return}}async removeJobs(e){}async clean(){return[]}async getJob(e){for(let r of this._messages)if(r.id===e)return r;return null}manualTrigger(e){for(let r of this._messages)if(r.id===e){this._emitter.emit("message",{...r,manualTrigger:!0});return}throw new Error(`Job with id ${e} not found`)}on(e,r){return this._emitter.on(e,r),this}off(e,r){return this._emitter.off(e,r),this}async count(){return this._messages.length}async getCompletedCount(){return this._runCount}async getRepeatableJobs(){return this._messages.filter(e=>e.opts?.repeat!=null).map(e=>cv(e))}async whenCurrentJobsFinished(){do await Wf(50);while(this.hasRunningJobs())}hasRunningJobs(){return this._addCount>this._runCount}},uS=Su;var Hf=B(require("bull"));var oi=(l=>(l.AUTOMATION="automationQueue",l.APP_BACKUP="appBackupQueue",l.AUDIT_LOG="auditLogQueue",l.SYSTEM_EVENT_QUEUE="systemEventQueue",l.APP_MIGRATION="appMigration",l.DOC_WRITETHROUGH_QUEUE="docWritethroughQueue",l.DEV_REVERT_PROCESSOR="devRevertProcessorQueue",l.BATCH_USER_SYNC_PROCESSOR="batchUserSyncProcessorQueue",l.RAG_INGESTION="ragIngestionQueue",l))(oi||{});function cS(t,e,r){fv(t,e),r&&lv(t,r)}s(cS,"addListeners");function lv(t,e){t.on("stalled",async r=>{if(e)await e(r);else if(r.opts.repeat){let n=r.id,i=await t.getRepeatableJobs();for(let o of i)o.id===n&&await t.removeRepeatableByKey(o.key);console.log(`jobId=${n} disabled`)}})}s(lv,"handleStalled");function it(t,e,r={},n={}){let i=`[BULL] ${t}=${e}`,o=r.error,a={_logKey:"bull",eventType:t,event:e,job:r.job,jobId:r.jobId||r.job?.id,...n},u;return r.job?.data?.automation&&(u={_logKey:"automation",trigger:r.job?r.job.data.automation.definition.trigger.event:void 0}),[i,o,a,u]}s(it,"getLogParams");var dv={automationQueue:"automation-event",appBackupQueue:"app-backup-event",auditLogQueue:"audit-log-event",systemEventQueue:"system-event",appMigration:"app-migration",docWritethroughQueue:"doc-writethrough",devRevertProcessorQueue:"dev-revert-event",batchUserSyncProcessorQueue:"batch-user-sync-processor",ragIngestionQueue:"rag-ingestion-processor"};function fv(t,e){let r=dv[e];function n(i,o){let a=i.data.event?.appId;if(a)return gf(a,o);o()}s(n,"doInJobContext"),t.on("stalled",async i=>{await n(i,()=>{console.error(...it(r,"stalled",{job:i}))})}).on("error",i=>{console.error(...it(r,"error",{error:i}))}),process.env.NODE_DEBUG?.includes("bull")&&t.on("waiting",i=>{console.info(...it(r,"waiting",{jobId:i}))}).on("active",async i=>{await n(i,()=>{console.info(...it(r,"active",{job:i}))})}).on("progress",async(i,o)=>{await n(i,()=>{console.info(...it(r,"progress",{job:i},{progress:o}))})}).on("completed",async(i,o)=>{await n(i,()=>{console.info(...it(r,"completed",{job:i},{result:o}))})}).on("failed",async(i,o)=>{await n(i,()=>{console.error(...it(r,"failed",{job:i,error:o}))})}).on("paused",()=>{console.info(...it(r,"paused"))}).on("resumed",()=>{console.info(...it(r,"resumed"))}).on("cleaned",(i,o)=>{console.info(...it(r,"cleaned",{},{length:i.length,type:o}))}).on("drained",()=>{console.info(...it(r,"drained"))}).on("removed",i=>{console.info(...it(r,"removed",{job:i}))})}s(fv,"logging");var Au={};P(Au,{cleanup:()=>pv,clear:()=>jf,set:()=>Qf});var qs=[];function Qf(t,e){let r=setInterval(t,e);return qs.push(r),r}s(Qf,"set");function jf(t){let e=qs.indexOf(t);e!==-1&&qs.splice(e,1),clearInterval(t)}s(jf,"clear");function pv(){for(let t of qs)clearInterval(t);qs=[]}s(pv,"cleanup");var jt=B(require("dd-trace")),Ks=B(require("object-sizeof"));var mv=pe.fromMinutes(5).toMs(),hv=pe.fromSeconds(30).toMs(),Yf=pe.fromSeconds(60).toMs(),Qs=[],_u;async function lS(){for(let t of Qs)await t.clean(Yf,"completed"),await t.clean(Yf,"failed")}s(lS,"cleanup");async function gv(t,e,r){let n=performance.now();try{let i=await e();return jt.default.dogstatsd.increment(`${t}.success`,1,r),i}catch(i){throw jt.default.dogstatsd.increment(`${t}.error`,1,r),i}finally{let i=performance.now()-n;jt.default.dogstatsd.distribution(`${t}.duration.ms`,i,r),jt.default.dogstatsd.increment(t,1,r)}}s(gv,"withMetrics");function dS(t){return{"job.opts.attempts":t.attempts,"job.opts.backoff":t.backoff,"job.opts.delay":t.delay,"job.opts.jobId":t.jobId,"job.opts.lifo":t.lifo,"job.opts.preventParsingData":t.preventParsingData,"job.opts.priority":t.priority,"job.opts.removeOnComplete":t.removeOnComplete,"job.opts.removeOnFail":t.removeOnFail,"job.opts.repeat":t.repeat,"job.opts.stackTraceLimit":t.stackTraceLimit,"job.opts.timeout":t.timeout}}s(dS,"jobOptsTags");function Ev(t){return{"job.id":t.id,"job.attemptsMade":t.attemptsMade,"job.timestamp":t.timestamp,"job.data.sizeBytes":(0,Ks.default)(t.data),...dS(t.opts||{})}}s(Ev,"jobTags");var Et=class{static{s(this,"BudibaseQueue")}constructor(e,r={}){this.opts=r,this.jobQueue=e,this.queue=this.initQueue()}get name(){return this.queue.name}initQueue(){let r={redis:tn(),settings:{maxStalledCount:this.opts.maxStalledCount?this.opts.maxStalledCount:0,lockDuration:mv,lockRenewTime:hv}};this.opts.jobOptions&&(r.defaultJobOptions=this.opts.jobOptions);let n;return g.isTest()?process.env.BULL_TEST_REDIS_PORT&&!isNaN(+process.env.BULL_TEST_REDIS_PORT)?n=new Hf.default(this.jobQueue,{...r,redis:{host:"localhost",port:+process.env.BULL_TEST_REDIS_PORT}}):n=new uS(this.jobQueue,r):n=new Hf.default(this.jobQueue,r),cS(n,this.jobQueue,this.opts.removeStalledCb),Qs.push(n),!_u&&!g.isTest()&&(_u=Qf(lS,Yf),lS().catch(i=>{console.error(`Unable to cleanup ${this.jobQueue} initially - ${i}`)})),n}getBullQueue(){return this.queue}process(...e){let r,n;e.length===2?(r=e[0],n=e[1]):n=e[0];let i=s(async(a,u)=>{await jt.default.trace("queue.process",async c=>{if(a.data._parentSpanContext){let l=a.data._parentSpanContext,d={traceId:l.traceId,spanId:l.spanId,toTraceId:()=>l.traceId,toSpanId:()=>l.spanId,toTraceparent:()=>""};c.addLink(d)}c.addTags({"queue.name":this.jobQueue,...Ev(a)}),this.opts.jobTags&&c.addTags(this.opts.jobTags(a.data)),jt.default.dogstatsd.distribution("queue.process.sizeBytes",(0,Ks.default)(a.data),this.metricTags()),await this.withMetrics("queue.process",()=>u?n(a,u):n(a))})},"processCallback"),o;return n.length===1?o=s(a=>i(a),"wrappedCb"):o=i,r?this.queue.process(r,o):this.queue.process(o)}async add(e,r){return await jt.default.trace("queue.add",async n=>(n.addTags({"queue.name":this.jobQueue,"job.data.sizeBytes":(0,Ks.default)(e),...dS(r||{})}),this.opts.jobTags&&n.addTags(this.opts.jobTags(e)),e._parentSpanContext={traceId:n.context().toTraceId(),spanId:n.context().toSpanId()},jt.default.dogstatsd.distribution("queue.add.sizeBytes",(0,Ks.default)(e),this.metricTags()),await this.withMetrics("queue.add",()=>this.queue.add(e,r))))}withMetrics(e,r){return gv(e,r,this.metricTags())}metricTags(){return{queueName:this.jobQueue}}close(e){return this.queue.close(e)}whenCurrentJobsFinished(){return this.queue.whenCurrentJobsFinished()}};async function yv(){_u&&jf(_u),console.log("Waiting for current queue jobs to finish...");for(let t of Qs)await t.whenCurrentJobsFinished();console.log("Closing queue Redis connections...");for(let t of Qs)await t.close();Qs=[],console.log("Queues shutdown")}s(yv,"shutdown");var Xs={};P(Xs,{correlation:()=>js,logAlert:()=>dn,logAlertWithInfo:()=>rP,logWarn:()=>ci,logger:()=>xu,system:()=>lp});var js={};P(js,{getId:()=>zf,setHeader:()=>Tv});var fS=require("correlation-id"),Tv=s(t=>{let e=fS.getId();e&&(t["x-budibase-correlation-id"]=e)},"setHeader");function zf(){return fS.getId()}s(zf,"getId");var bu=B(require("pino")),GS=B(require("pino-pretty")),dp=B(require("dd-trace")),VS=require("dd-trace/ext");var lp={};P(lp,{getLogReadStream:()=>zv,getSingleFileMaxSizeInfo:()=>$S,localFileDestination:()=>cp});var Zs=B(require("fs")),up=B(require("path")),kS=B(require("rotating-file-stream"));var ap={};P(ap,{ObjectStore:()=>st,ObjectStoreBuckets:()=>Av,SIGNED_FILE_PREFIX:()=>np,bucketTTLConfig:()=>Ou,budibaseTempDir:()=>cn,client3rdPartyLibrary:()=>Vv,clientLibraryPath:()=>Gv,clientLibraryUrl:()=>qv,createBucketIfNotExists:()=>Js,deleteFile:()=>Nv,deleteFiles:()=>Uv,deleteFolder:()=>wS,downloadTarball:()=>Mv,downloadTarballDirect:()=>Lv,enrichPWAImages:()=>Kv,enrichPluginURLs:()=>jv,extractBucketAndPath:()=>Jf,getAllFiles:()=>xv,getAppFileUrl:()=>bS,getClientCacheKey:()=>CS,getGlobalFileS3Key:()=>xS,getGlobalFileUrl:()=>Qv,getObjectMetadata:()=>kv,getPluginIconKey:()=>NS,getPluginJSKey:()=>PS,getPluginS3Dir:()=>LS,getPresignedUrl:()=>ln,getReadStream:()=>Iu,listAllObjects:()=>ip,objectExists:()=>Fv,processAutomationAttachment:()=>Ov,processObjectStoreAttachment:()=>ES,retrieve:()=>IS,retrieveDirectory:()=>Pv,retrieveToTmp:()=>vv,sanitizeBucket:()=>xe,sanitizeKey:()=>ge,streamUpload:()=>OS,streamUploadMany:()=>bv,upload:()=>Cv,uploadDirectory:()=>sp});var Du=require("@aws-sdk/client-s3"),Zf=require("@aws-sdk/lib-storage"),yS=require("@aws-sdk/s3-request-presigner"),TS=require("@smithy/node-http-handler");var Ht=B(require("dd-trace")),ai=B(require("fs")),Ys=B(require("fs/promises")),SS=B(require("https")),Xf=B(require("node-fetch")),Or=require("path"),Ru=B(require("stream")),zs=require("stream/promises"),ep=B(require("tar-fs")),tp=require("uuid"),rp=B(require("zlib"));var pS=B(require("fs")),mS=require("os"),Hs=B(require("path")),hS=B(require("stream"));var Av={BACKUPS:g.BACKUPS_BUCKET_NAME,APPS:g.APPS_BUCKET_NAME,TEMPLATES:g.TEMPLATES_BUCKET_NAME,GLOBAL:g.GLOBAL_BUCKET_NAME,PLUGINS:g.PLUGIN_BUCKET_NAME,TEMP:g.TEMP_BUCKET_NAME},gS=(0,Hs.join)((0,mS.tmpdir)(),".budibase");try{pS.default.mkdirSync(gS)}catch(t){if(t.code!=="EEXIST")throw t}function cn(){return gS}s(cn,"budibaseTempDir");var Ou=s((t,e)=>{let n={Rules:[{ID:`${t}-ExpireAfter${e}days`,Prefix:"",Status:"Enabled",Expiration:{Days:e}}]};return{Bucket:t,LifecycleConfiguration:n}},"bucketTTLConfig");async function _v(t){let e=await fetch(t.url);if(!e.ok||!e.body)throw new Error(`Unexpected response ${e.statusText}`);let r=Hs.default.basename(new URL(t.url).pathname);if(!e.body)throw new Error("No response received for attachment");return{filename:t.filename||r,content:hS.default.Readable.fromWeb(e.body)}}s(_v,"processUrlAttachment");async function ES(t){let e=Jf(t.url);if(e===null)throw new Error("Invalid signed URL");let{bucket:r,path:n}=e,{stream:i}=await Iu(r,n),o=Hs.default.basename(n);return{bucket:r,path:n,filename:t.filename||o,content:i}}s(ES,"processObjectStoreAttachment");async function Ov(t){return t.url?.startsWith("http://")||t.url?.startsWith("https://")?await _v(t):await ES(t)}s(Ov,"processAutomationAttachment");var Iv=require("sanitize-s3-objectkey"),wv={bucketCreationPromises:{}},np="/files/signed",_r={txt:"text/plain",html:"text/html",css:"text/css",js:"application/javascript",json:"application/json",gz:"application/gzip",svg:"image/svg+xml",form:"multipart/form-data"},Dv=[_r.html,_r.css,_r.js,_r.json];function ge(t){return Iv(xe(t)).replace(/\\/g,"/")}s(ge,"sanitizeKey");function xe(t){return t.replace(new RegExp(tt,"g"),et)}s(xe,"sanitizeBucket");function st(t={presigning:!1}){let e={forcePathStyle:!0,credentials:{accessKeyId:g.MINIO_ACCESS_KEY,secretAccessKey:g.MINIO_SECRET_KEY},region:g.AWS_REGION};if(!g.MINIO_ENABLED&&g.AWS_SESSION_TOKEN&&(e.credentials={accessKeyId:g.MINIO_ACCESS_KEY,secretAccessKey:g.MINIO_SECRET_KEY,sessionToken:g.AWS_SESSION_TOKEN}),g.MINIO_URL&&(t.presigning&&g.MINIO_ENABLED?e.endpoint="http://minio-service":e.endpoint=g.MINIO_URL),g.S3_IGNORE_SELF_SIGNED==="true"){let r=new SS.default.Agent({rejectUnauthorized:!1});e.requestHandler=new TS.NodeHttpHandler({httpsAgent:r})}return new Du.S3(e)}s(st,"ObjectStore");async function Js(t,e){e=xe(e);try{return await t.headBucket({Bucket:e}),{created:!1,exists:!0}}catch(r){let n=r.statusCode||r.$response?.statusCode,i=wv.bucketCreationPromises,o=n===404,a=n===403;if(i[e])return await i[e],{created:!1,exists:!0};if(o||a){if(o)return i[e]=t.createBucket({Bucket:e}).catch(u=>{if(u.Code!=="BucketAlreadyOwnedByYou")throw u}),await i[e],delete i[e],{created:!0,exists:!1};throw new Error("Access denied to object store bucket."+r)}else throw new Error("Unable to write to object store bucket.")}}s(Js,"createBucketIfNotExists");var Rv=s((t,e)=>{if(e)return e;let r=t.split(".").pop();return r?_r[r.toLowerCase()]:_r.txt},"resolveContentType"),AS=s(async(t,e,r)=>{let n=xe(t),i=st(),o=await Js(i,n);if(r.addTags({bucketCreated:o.created,bucketExists:o.exists}),e&&o.created){let a=Ou(n,e);await i.putBucketLifecycleConfiguration(a)}return{bucket:n,client:i,bucketCreated:o}},"initialiseBucket"),_S=s(async({client:t,bucket:e,filename:r,stream:n,type:i,extra:o})=>{if(!n)throw new Error("Stream to upload is invalid/undefined");let a=Rv(r,i),u=ge(r),c={Bucket:e,Key:u,Body:n,ContentType:a,...o??{}};return{details:await new Zf.Upload({client:t,params:c}).done(),contentType:a}},"streamUploadInternal");async function Cv({bucket:t,filename:e,path:r,type:n,metadata:i,body:o,ttl:a}){let u=e.split(".").pop(),c=r?(await Ys.default.open(r)).createReadStream():o,l=st(),d=await Js(l,t);if(a&&d.created){let m=Ou(t,a);await l.putBucketLifecycleConfiguration(m)}let f=n,h=f||(u?_r[u.toLowerCase()]:_r.txt),p={Bucket:xe(t),Key:ge(e),Body:c,ContentType:h};if(i&&typeof i=="object"){for(let m of Object.keys(i))(!i[m]||typeof i[m]!="string")&&delete i[m];p.Metadata=i}return new Zf.Upload({client:l,params:p}).done()}s(Cv,"upload");async function OS({bucket:t,stream:e,filename:r,type:n,extra:i,ttl:o}){return await Ht.default.trace("streamUpload",async a=>{a.addTags({bucketName:t,filename:r,type:n,ttl:o});let u=r.split(".").pop();a.addTags({extension:u});let{bucket:c,client:l}=await AS(t,o,a),{details:d,contentType:f}=await _S({client:l,bucket:c,filename:r,stream:e,type:n,extra:i}),h=await l.headObject({Bucket:c,Key:ge(r)});return a.addTags({contentType:f,contentLength:h.ContentLength}),{...d,ContentLength:h.ContentLength}})}s(OS,"streamUpload");async function bv({bucket:t,files:e,ttl:r}){return await Ht.default.trace("streamUploadMany",async i=>{if(i.addTags({bucketName:t,ttl:r,fileCount:e.length}),!e.length)return[];let{bucket:o,client:a}=await AS(t,r,i),u=e.map((l,d)=>({...l,index:d})),c=new Array(e.length);return await _t.parallelForeach(u,async l=>{let{details:d}=await _S({client:a,bucket:o,filename:l.filename,stream:l.stream,type:l.type,extra:l.extra});c[l.index]=d},10),c})}s(bv,"streamUploadMany");async function IS(t,e){return await Ht.default.trace("retrieve",async r=>{r.addTags({bucketName:t,filepath:e});let n=st(),i={Bucket:xe(t),Key:ge(e)},o=await n.getObject(i);if(!o.Body)throw new Error("Unable to retrieve object");if(r.addTags({contentLength:o.ContentLength,contentType:o.ContentType}),Dv.includes(o.ContentType))return r.addTags({string:!0}),o.Body.transformToString();{r.addTags({string:!1});let a=o.Body.transformToWebStream();return Ru.default.Readable.fromWeb(a)}})}s(IS,"retrieve");async function*ip(t,e){let r=st(),n=s((a={})=>r.listObjectsV2({...a,Bucket:xe(t),Prefix:ge(e)}),"list"),i=!1,o;do{let a={};o&&(a.ContinuationToken=o);let u=await n(a);if(u.Contents)for(let c of u.Contents)yield c;i=!!u.IsTruncated,o=u.NextContinuationToken}while(i&&o)}s(ip,"listAllObjects");async function xv(t,e){let r={};return await _t.parallelForeach(ip(t,e),async n=>{if(!n.Key)throw new Error("file.Key must be defined");r[n.Key]=n},5),r}s(xv,"getAllFiles");async function ln(t,e,r=3600){let n=st({presigning:!0}),i={Bucket:xe(t),Key:ge(e)},o=await(0,yS.getSignedUrl)(n,new Du.GetObjectCommand(i),{expiresIn:r});if(g.MINIO_ENABLED){let a=new URL(o),u=a.pathname,c=a.search;return`${np}${u}${c}`}else return o}s(ln,"getPresignedUrl");async function vv(t,e){return await Ht.default.trace("retrieveToTmp",async r=>{r.addTags({bucketName:t,filepath:e}),t=xe(t),e=ge(e);let n=await IS(t,e),i=(0,Or.join)(cn(),(0,tp.v4)());return r.addTags({outputPath:i}),n instanceof Ru.default.Readable?(r.addTags({stream:!0}),await(0,zs.pipeline)(n,ai.default.createWriteStream(i))):(r.addTags({stream:!1}),ai.default.writeFileSync(i,n)),i})}s(vv,"retrieveToTmp");async function Pv(t,e,r){return await Ht.default.trace("retrieveDirectory",async n=>{n.addTags({bucketName:t,path:e});let i=(0,Or.join)(cn(),(0,tp.v4)());await Ys.default.mkdir(i,{recursive:!0});let o=0;return await _t.parallelForeach(ip(t,e),async a=>{let{Key:u}=a;!u||r?.some(c=>c.test(u))||(o++,await Ht.default.trace("retrieveDirectory.object",async c=>{let l=a.Key;c.addTags({filename:l});let{stream:d}=await Iu(t,l),f=l.split("/"),h=f.slice(0,f.length-1),p=(0,Or.join)(i,...h);f.length>1&&!ai.default.existsSync(p)&&await Ys.default.mkdir(p,{recursive:!0}),await(0,zs.pipeline)(d,ai.default.createWriteStream((0,Or.join)(i,...f),{mode:420}))}))},5),n.addTags({numObjects:o}),i})}s(Pv,"retrieveDirectory");async function Nv(t,e){let r=st();await Js(r,t);let n={Bucket:t,Key:ge(e)};return r.deleteObject(n)}s(Nv,"deleteFile");async function Uv(t,e){let r=st();await Js(r,t);let n={Bucket:t,Delete:{Objects:e.map(i=>({Key:ge(i)}))}};return r.deleteObjects(n)}s(Uv,"deleteFiles");async function wS(t,e){t=xe(t),e=ge(e);let r=st(),n={Bucket:t,Prefix:e},i=await r.listObjects(n);if(i.Contents?.length===0)return;let o={Bucket:t,Delete:{Objects:[]}};if(i.Contents?.forEach(a=>{o.Delete.Objects.push({Key:a.Key})}),o.Delete.Objects.length&&(await r.deleteObjects(o)).Deleted?.length===1e3)return wS(t,e)}s(wS,"deleteFolder");async function sp(t,e,r){return await Ht.default.trace("uploadDirectory",async n=>{n.addTags({bucketName:t,localPath:e,bucketPath:r}),t=xe(t);let i=await Ys.default.readdir(e,{withFileTypes:!0});n.addTags({numFiles:i.length});for(let o of i){let a=ge((0,Or.join)(r,o.name)),u=(0,Or.join)(e,o.name);o.isDirectory()?await sp(t,u,a):await OS({bucket:t,filename:a,stream:ai.default.createReadStream(u)})}return i})}s(sp,"uploadDirectory");async function Lv(t,e,r={}){e=ge(e);let n=await(0,Xf.default)(t,{headers:r});if(!n.ok)throw new Error(`unexpected response ${n.statusText}`);await(0,zs.pipeline)(n.body,rp.default.createUnzip(),ep.default.extract(e))}s(Lv,"downloadTarballDirect");async function Mv(t,e,r){e=xe(e),r=ge(r);let n=await(0,Xf.default)(t);if(!n.ok)throw new Error(`unexpected response ${n.statusText}`);let i=(0,Or.join)(cn(),r);return await(0,zs.pipeline)(n.body,rp.default.createUnzip(),ep.default.extract(i)),!g.isTest()&&g.SELF_HOSTED&&await sp(e,i,r),i}s(Mv,"downloadTarball");async function Iu(t,e){return await Ht.default.trace("getReadStream",async r=>{t=xe(t),e=ge(e),r.addTags({bucketName:t,path:e});let n=st(),i={Bucket:t,Key:e},o=await n.getObject(i);if(!o.Body||!(o.Body instanceof Ru.default.Readable))throw new Error("Unable to retrieve stream - invalid response");return r.addTags({contentLength:o.ContentLength,contentType:o.ContentType}),{stream:o.Body,contentLength:o.ContentLength,contentType:o.ContentType}})}s(Iu,"getReadStream");async function kv(t,e){t=xe(t),e=ge(e);let r=st(),n={Bucket:t,Key:e};try{return await r.headObject(n)}catch{throw new Error("Unable to retrieve metadata from object")}}s(kv,"getObjectMetadata");async function Fv(t,e){t=xe(t),e=ge(e);let r=st(),n={Bucket:t,Key:e};try{return await r.headObject(n),!0}catch(i){if((i.statusCode||i.$response?.statusCode)===404)return!1;throw i}}s(Fv,"objectExists");function Jf(t){let e=t.split("?")[0],r=new RegExp(`^${np}/(?<bucket>[^/]+)/(?<path>.+)$`),n=e.match(r);if(n&&n.groups){let{bucket:i,path:o}=n.groups;return{bucket:i,path:o}}return null}s(Jf,"extractBucketAndPath");var RS=B(require("querystring"));var DS=B(require("aws-cloudfront-sign"));var Cu;function Bv(){if(!g.CLOUDFRONT_PRIVATE_KEY_64)throw new Error("CLOUDFRONT_PRIVATE_KEY_64 is not set");return Cu||(Cu=Buffer.from(g.CLOUDFRONT_PRIVATE_KEY_64,"base64").toString("utf-8"),Cu)}s(Bv,"getPrivateKey");var Wv=s(()=>({keypairId:g.CLOUDFRONT_PUBLIC_KEY_ID,privateKeyString:Bv(),expireTime:new Date().getTime()+1e3*60*60*24}),"getCloudfrontSignParams"),ui=s(t=>{let e=$v(t);return DS.getSignedUrl(e,Wv())},"getPresignedUrl"),$v=s(t=>{let e="/";return t.startsWith("/")&&(e=""),`${g.CLOUDFRONT_CDN}${e}${t}`},"getUrl");function Gv(t){return`${ge(t)}/budibase-client.js`}s(Gv,"clientLibraryPath");function Vv(t,e){return`${ge(t)}/${e}`}s(Vv,"client3rdPartyLibrary");async function qv(t,e){return`/api/assets/${t}/client?${await CS(e)}`}s(qv,"clientLibraryUrl");async function CS(t){let e,r;try{e=$()}finally{r={version:t}}return e&&e!==ae&&(r.tenantId=e),RS.default.encode(r)}s(CS,"getClientCacheKey");async function bS(t){return g.CLOUDFRONT_CDN?ui(t):await ln(g.APPS_BUCKET_NAME,t)}s(bS,"getAppFileUrl");async function Kv(t){if(t.length===0)return[];try{return await Promise.all(t.map(async e=>({...e,src:await bS(e.src),type:e.type||"image/png"})))}catch(e){return console.error("Error enriching PWA images:",e),t}}s(Kv,"enrichPWAImages");var Qv=s(async(t,e,r)=>{let n=xS(t,e);return g.CLOUDFRONT_CDN?(r&&(n=`${n}?etag=${r}`),ui(n)):await ln(g.GLOBAL_BUCKET_NAME,n)},"getGlobalFileUrl"),xS=s((t,e)=>{let r=`${t}/${e}`;return g.MULTI_TENANCY&&(r=`${$()}/${r}`),r},"getGlobalFileS3Key");async function jv(t){return!t||!t.length?[]:await Promise.all(t.map(async e=>{let r=await Hv(e),n=await Yv(e);return{...e,jsUrl:r,iconUrl:n}}))}s(jv,"enrichPluginURLs");async function Hv(t){let e=PS(t);return vS(e)}s(Hv,"getPluginJSUrl");async function Yv(t){let e=NS(t);if(e)return vS(e)}s(Yv,"getPluginIconUrl");async function vS(t){return g.CLOUDFRONT_CDN?ui(t):await ln(g.PLUGIN_BUCKET_NAME,t)}s(vS,"getPluginUrl");function PS(t){return US(t,"plugin.min.js")}s(PS,"getPluginJSKey");function NS(t){let e=t.iconUrl?"icon.svg":t.iconFileName;if(e)return US(t,e)}s(NS,"getPluginIconKey");function US(t,e){return`${LS(t.name)}/${e}`}s(US,"getPluginS3Key");function LS(t){let e=`${t}`;return g.MULTI_TENANCY&&(e=`${$()}/${e}`),g.CLOUDFRONT_CDN&&(e=`plugins/${e}`),e}s(LS,"getPluginS3Dir");var FS="budibase.log",BS="budibase-logs-history.txt",WS=up.default.join(cn(),"systemlogs");function MS(t){return up.default.join(WS,t)}s(MS,"getFullPath");function $S(t){let e=/(\d+)([A-Za-z])/,r=t?.match(e);if(!r){console.warn("totalMaxSize does not have a valid value",{totalMaxSize:t});return}let n=+r[1],i=r[2];if(n===1)switch(i){case"B":return{size:`${n}B`,totalHistoryFiles:1};case"K":return{size:`${n*1e3/2}B`,totalHistoryFiles:1};case"M":return{size:`${n*1e3/2}K`,totalHistoryFiles:1};case"G":return{size:`${n*1e3/2}M`,totalHistoryFiles:1};default:return}return n%2===0?{size:`${n/2}${i}`,totalHistoryFiles:1}:{size:`1${i}`,totalHistoryFiles:n-1}}s($S,"getSingleFileMaxSizeInfo");function cp(){let t=$S(g.ROLLING_LOG_MAX_SIZE);return kS.createStream(FS,{size:t?.size,path:WS,maxFiles:t?.totalHistoryFiles||1,immutable:!0,history:BS,initialRotation:!1})}s(cp,"localFileDestination");function zv(){let t=[],e=MS(BS);if(Zs.default.existsSync(e)){let i=Zs.default.readFileSync(e,"utf-8").split(`
-`);for(let o of i.filter(a=>a))t.push(Zs.default.readFileSync(o))}return t.push(Zs.default.readFileSync(MS(FS))),Buffer.concat(t.map(n=>new Uint8Array(n)))}s(zv,"getLogReadStream");function Jv(t){return typeof t=="object"&&t!==null&&!(t instanceof Error)}s(Jv,"isPlainObject");function Zv(t){return t instanceof Error}s(Zv,"isError");function Xv(t){return typeof t=="string"}s(Xv,"isMessage");var Ir;if(!g.DISABLE_PINO_LOGGER){let t=g.LOG_LEVEL,e={level:t,formatters:{level:c=>({level:c.toUpperCase()}),bindings:()=>g.SELF_HOSTED?{service:g.SERVICE_NAME}:{}},timestamp:()=>`,"timestamp":"${new Date(Date.now()).toISOString()}"`},r=[];r.push(g.isDev()?{stream:(0,GS.default)({singleLine:!0}),level:t}:{stream:process.stdout,level:t}),g.SELF_HOSTED&&r.push({stream:cp(),level:t}),Ir=r.length?(0,bu.default)(e,bu.default.multistream(r)):(0,bu.default)(e);let n=s(c=>{let l,d=[],f="";c.forEach(E=>{Xv(E)&&(f=`${f} ${E}`.trimStart()),Jv(E)&&d.push(E),Zv(E)&&(l=E)});let h=u(),p={};p={tenantId:i(),appId:o(),automationId:a(),identityId:h?._id,identityType:h?.type,correlationId:zf()};let S=dp.default.scope().active();S&&dp.default.inject(S.context(),VS.formats.LOG,p);let m={err:l,pid:process.pid,...p};if(d.length){let E={},y=0;for(let I=0;I<d.length;I++){let _=d[I],D=_._logKey;D?(delete _._logKey,m[D]=_):(E[y]=_,y++)}Object.keys(E).length&&(m.data=E)}return[m,f]},"getLogParams");console.log=(...c)=>{let[l,d]=n(c);Ir?.info(l,d)},console.info=(...c)=>{let[l,d]=n(c);Ir?.info(l,d)},console.warn=(...c)=>{let[l,d]=n(c);Ir?.warn(l,d)},console.error=(...c)=>{let[l,d]=n(c);Ir?.error(l,d)},console.trace=(...c)=>{let[l,d]=n(c);l.err||(l.err=new Error),Ir?.trace(l,d)},console.debug=(...c)=>{let[l,d]=n(c);Ir?.debug(l,d)};let i=s(()=>{let c;try{c=$()}catch{}return c},"getTenantId"),o=s(()=>{let c;try{c=be()}catch{}return c},"getAppId"),a=s(()=>{let c;try{c=Ef()}catch{}return c},"getAutomationId"),u=s(()=>{let c;try{c=$t()}catch{}return c},"getIdentity")}var xu=Ir;var eP=["AccountError"];function tP(t){return t&&t.suppressAlert}s(tP,"isSuppressed");function dn(t,e){e&&eP.includes(e.name)&&tP(e)||console.error(`bb-alert: ${t}`,e)}s(dn,"logAlert");function rP(t,e,r,n){t=`${t} - db: ${e} - doc: ${r} - error: `,dn(t,n)}s(rP,"logAlertWithInfo");function ci(t,e){console.warn(`bb-warn: ${t}`,e)}s(ci,"logWarn");var vu=class extends Error{static{s(this,"UnretriableError")}constructor(e){super(e),this.name="PermanentError"}},fp=class{static{s(this,"QueuedProcessor")}constructor(e,r={}){let{maxAttempts:n=3,removeOnFail:i=!0,removeOnComplete:o=!0,maxStalledCount:a=3}=r;this.waitForCompletionMs=r.waitForCompletionMs||1e4,this._queue=new Et(e,{maxStalledCount:a,jobOptions:{attempts:n,removeOnFail:i,removeOnComplete:o}}),this._queue.process(async(u,c)=>{try{let l=await this.processFn(u.data);c?.(null,l)}catch(l){l instanceof vu&&await u.discard(),dn(`Failed to process job in ${this._queue.name}`,l),c?.(l)}})}async close(e){await this._queue.close(e)}async execute(e){try{let r=await this._queue.add(e);return{success:!0,result:await Le.withTimeout(this.waitForCompletionMs,()=>r.finished())}}catch(r){if(r.errno!=="ETIME")throw r;return{success:!1,reason:"timeout"}}}};var nP=100,Pu,eo=class t{static{s(this,"DocWritethroughProcessor")}static get queue(){return t._queue||(t._queue=new Et("docWritethroughQueue",{jobOptions:{attempts:nP}})),t._queue}init(){return t.queue.process(async e=>{try{await this.persistToDb(e.data)}catch(r){throw r.status===409?new Error(`Conflict persisting message ${e.id}. Attempt ${e.attemptsMade}`):r}}),this}async persistToDb({dbName:e,docId:r,data:n}){if(r.startsWith("scimlog"))return;let i=Re(e),o;try{o=await i.get(r)}catch{o={_id:r}}o={...o,...n},await i.put(o)}},mp=class{static{s(this,"DocWritethrough")}constructor(e,r){this.db=e,this._docId=r}get docId(){return this._docId}async patch(e){await eo.queue.add({dbName:this.db.name,docId:this.docId,data:e})}};function qS(){return Pu=new eo().init(),Pu}s(qS,"init");function iP(){return Pu||qS()}s(iP,"getProcessor");var ro={};P(ro,{CacheKey:()=>ye,TTL:()=>mn,bustCache:()=>li,destroy:()=>to,get:()=>hn,keys:()=>Nu,store:()=>Yt,withCache:()=>wr,withCacheWithDynamicTTL:()=>KS});function Ct(t){let e=$();return`${t}:${e}`}s(Ct,"generateTenantKey");var fn=class{static{s(this,"BaseCache")}constructor(e=void 0){this.client=e}async getClient(){return this.client?this.client:await wf()}async keys(e){return(await this.getClient()).keys(e)}async exists(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).exists(e)}async scan(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).scan(e)}async get(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).get(e)}async bulkGet(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Ct(i)):e,(await this.getClient()).bulkGet(e)}async store(e,r,n=null,i={useTenancy:!0}){e=i.useTenancy?Ct(e):e,await(await this.getClient()).store(e,r,n)}async bulkStore(e,r=null,n={useTenancy:!0}){n.useTenancy&&(e=Object.entries(e).reduce((o,[a,u])=>(o[Ct(a)]=u,o),{})),await(await this.getClient()).bulkStore(e,r)}async delete(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).delete(e)}async bulkDelete(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Ct(i)):e,(await this.getClient()).bulkDelete(e)}async withCache(e,r=null,n,i={useTenancy:!0}){let o=await this.get(e,i);if(o)return o;try{let a=await n();return await this.store(e,a,r,i),a}catch(a){throw console.error("Error fetching before cache - ",a),a}}async withCacheWithDynamicTTL(e,r,n={useTenancy:!0}){let i=await this.get(e,n);if(i)return i;try{let o=await r(),{value:a,ttl:u}=o;return await this.store(e,a,u,{useTenancy:n.useTenancy}),a}catch(o){throw console.error("Error fetching before cache - ",o),o}}async bustCache(e){let r=await this.getClient();try{await r.delete(Ct(e))}catch(n){throw console.error("Error busting cache - ",n),n}}async deleteIfValue(e,r,n={useTenancy:!0}){e=n.useTenancy?Ct(e):e,await(await this.getClient()).deleteIfValue(e,r)}};var pn=new fn,ye={CHECKLIST:"checklist",INSTALLATION:"installation",ANALYTICS_ENABLED:"analyticsEnabled",UNIQUE_TENANT_ID:"uniqueTenantId",EVENTS:"events",BACKFILL_METADATA:"backfillMetadata",EVENTS_RATE_LIMIT:"eventsRateLimit",OAUTH2_TOKEN:t=>`oauth2Token_${t}`},mn=(n=>(n[n.ONE_MINUTE=600]="ONE_MINUTE",n[n.ONE_HOUR=3600]="ONE_HOUR",n[n.ONE_DAY=86400]="ONE_DAY",n))(mn||{}),Nu=s((...t)=>pn.keys(...t),"keys"),hn=s((...t)=>pn.get(...t),"get"),Yt=s((...t)=>pn.store(...t),"store"),to=s((...t)=>pn.delete(...t),"destroy"),wr=s((...t)=>pn.withCache(...t),"withCache"),KS=s((...t)=>pn.withCacheWithDynamicTTL(...t),"withCacheWithDynamicTTL"),li=s((...t)=>pn.bustCache(...t),"bustCache");var yp={};P(yp,{createCode:()=>fP,deleteCode:()=>mP,getCode:()=>pP,getExistingInvites:()=>Ep,getInviteCodes:()=>ZS,updateCode:()=>dP});var En={};P(En,{AUTO_EXTEND_POLLING_MS:()=>HS,doWithLock:()=>no,newRedlock:()=>gn});var jS=B(require("redlock"));async function sP(t,e){if(t==="custom")return gn(e);switch(t){case"try_once":return gn(di.TRY_ONCE);case"try_twice":return gn(di.TRY_TWICE);case"default":return gn(di.DEFAULT);case"delay_500":return gn(di.DELAY_500);case"auto_extend":return gn(di.AUTO_EXTEND);default:throw _t.unreachable(t)}}s(sP,"getClient");var di={TRY_ONCE:{retryCount:0},TRY_TWICE:{retryCount:1},DEFAULT:{driftFactor:.01,retryCount:10,retryDelay:200,retryJitter:100},DELAY_500:{retryDelay:500},CUSTOM:{},AUTO_EXTEND:{retryCount:-1}};async function gn(t={}){let e={...di.DEFAULT,...t},n=(await Rf()).client;return new jS.default([n],e)}s(gn,"newRedlock");function oP(t){let r=`lock:${t.systemLock?"system":$()}_${t.name}`;return t.resource&&(r=r+`_${t.resource}`),r}s(oP,"getLockName");var HS=pe.fromSeconds(10).toMs();async function no(t,e){let r=await sP(t.type,t.customOptions),n,i;try{let o=oP(t),a=t.type==="auto_extend"?HS:t.ttl;if(n=await r.lock(o,a),t.type==="auto_extend"){let c=s(()=>{i=setTimeout(async()=>{n=await n.extend(a,()=>t.onExtend&&t.onExtend()),c()},a/2)},"extendInIntervals");c()}return{executed:!0,result:await e()}}catch(o){if(o.name==="LockError"){if(t.type==="try_once")return{executed:!1};throw o}else throw o}finally{clearTimeout(i),await n?.unlock()}}s(no,"doWithLock");var YS=pe.fromDays(7).toSeconds(),uP=pe.fromSeconds(10).toMs(),Uu="Invitation is not valid or has expired, please request a new one.";function zS(t,e){if(!t)return null;let r=t.tenantId||e;return r?{tenantId:r,invites:t.invites||{}}:null}s(zS,"normaliseInviteList");function cP(t){let e=!1,r=Date.now();for(let[n,i]of Object.entries(t.invites))(!i?.expiresAt||i.expiresAt<=r)&&(delete t.invites[n],e=!0);return{list:t,changed:e}}s(cP,"pruneExpiredInvites");async function gp(t){let r=await(await Ps()).get(t);return zS(r,t)}s(gp,"loadInviteList");async function io(t,e){await(await Ps()).store(t,e)}s(io,"saveInviteList");async function so(t,e){let{result:r}=await no({type:"default",name:"process_user_invite",systemLock:!0,resource:t,ttl:uP},e);return r}s(so,"withInviteListLock");function lP(t,e){return{code:t,email:e.email,info:e.info}}s(lP,"toInviteWithCode");async function JS(t,e){let r=await Ps(),n=zS(await r.get(e),e);if(!n)throw new Error(Uu);if(!Object.keys(n.invites).includes(t))throw new Error(Uu);return{list:n,invite:n.invites[t]}}s(JS,"findInviteInList");async function dP(t,e){let r={...e.info},n=r.tenantId||$();r.tenantId=n,await so(n,async()=>{let i=await gp(n)||{tenantId:n,invites:{}};i.invites[t]={email:e.email,info:r,expiresAt:Date.now()+YS*1e3},await io(n,i)})}s(dP,"updateCode");async function fP(t,e){let r=ee(),n={...e||{}},i=n.tenantId||$();return n.tenantId=i,await so(i,async()=>{let o=await gp(i)||{tenantId:i,invites:{}};o.invites[r]={email:t,info:n,expiresAt:Date.now()+YS*1e3},await io(i,o)}),r}s(fP,"createCode");async function pP(t,e){let r=e||$();return await so(r,async()=>{let n=await JS(t,r),{list:i,invite:o}=n;if(o.expiresAt<=Date.now())throw delete i.invites[t],await io(i.tenantId,i),new Error(Uu);return{email:o.email,info:o.info}})}s(pP,"getCode");async function mP(t,e){let r=e||$();try{await so(r,async()=>{let n=await JS(t,r);delete n.list.invites[t],await io(n.list.tenantId,n.list)})}catch(n){if(n instanceof Error&&n.message===Uu)return;throw n}}s(mP,"deleteCode");async function ZS(){let t=$(),e=await so(t,async()=>{let n=await gp(t)||{tenantId:t,invites:{}},i=cP(n);return n=i.list,i.changed&&await io(t,n),n}),r=new Map;for(let[n,i]of Object.entries(e.invites))r.set(n,lP(n,i));return Array.from(r.values())}s(ZS,"getInviteCodes");async function Ep(t){let e=new Set(t.map(r=>r.toLowerCase()));return(await ZS()).filter(r=>e.has(r.email.toLowerCase()))}s(Ep,"getExistingInvites");var Tp={};P(Tp,{createCode:()=>gP,getCode:()=>EP,invalidateCode:()=>yP});var hP=pe.fromHours(1).toSeconds();async function gP(t,e){let r=ee();return await(await Ns()).store(r,{userId:t,info:e},hP),r}s(gP,"createCode");async function EP(t){let r=await(await Ns()).get(t);if(!r)throw new Error("Provided information is not valid, cannot reset password - please try again.");return r}s(EP,"getCode");async function yP(t){await(await Ns()).delete(t)}s(yP,"invalidateCode");var br={};P(br,{getUser:()=>Ro,getUsers:()=>jL,invalidateUser:()=>Co});var oo={};P(oo,{getPlatformDB:()=>Dr,users:()=>yt});var yt={};P(yt,{addSsoUser:()=>eA,addUser:()=>IP,getUserDoc:()=>XS,lookupTenantId:()=>TP,removeUser:()=>wP,updateUserDoc:()=>SP});function Dr(){return Re(fe.PLATFORM_INFO.name)}s(Dr,"getPlatformDB");async function TP(t){return g.MULTI_TENANCY?(await XS(t)).tenantId:ae}s(TP,"lookupTenantId");async function XS(t){return Dr().get(t)}s(XS,"getUserDoc");async function SP(t){await Dr().put(t)}s(SP,"updateUserDoc");function AP(t,e){return{_id:t,tenantId:e}}s(AP,"newUserIdDoc");function _P(t,e,r){return{_id:e,userId:t,tenantId:r}}s(_P,"newUserEmailDoc");function OP(t,e,r,n){return{_id:t,userId:r,email:e,tenantId:n}}s(OP,"newUserSsoIdDoc");async function Sp(t,e){let r=Dr(),n;try{await r.get(t)}catch(i){if(i.status===404)n=e(),await r.put(n);else throw i}}s(Sp,"addUserDoc");async function eA(t,e,r,n){return Sp(t,()=>OP(t,e,r,n))}s(eA,"addSsoUser");async function IP(t,e,r,n){let i=[Sp(e,()=>AP(e,t)),Sp(r,()=>_P(e,r,t))];n&&i.push(eA(n,r,e,t)),await Promise.all(i)}s(IP,"addUser");async function wP(t){let e=Dr(),r=[t._id,t.email],n=await e.allDocs({keys:r,include_docs:!0});await e.bulkRemove(n.rows.map(i=>i.doc),{silenceErrors:!0})}s(wP,"removeUser");var yn={};P(yn,{getAccount:()=>Rr,getAccountByTenantId:()=>fi,getStatus:()=>DP});var tA=B(require("node-fetch"));var ao=class{static{s(this,"API")}constructor(e){this.host=e}async apiCall(e,r,n){n.headers||(n.headers={}),n.headers["Content-Type"]||(n.headers={"Content-Type":"application/json",Accept:"application/json",...n.headers});let i=n.headers["Content-Type"]==="application/json";js.setHeader(n.headers);let o={method:e,body:i?JSON.stringify(n.body):n.body,headers:n.headers,credentials:"include"};return await(0,tA.default)(`${this.host}${r}`,o)}async post(e,r){return this.apiCall("POST",e,r)}async get(e,r){return this.apiCall("GET",e,r)}async patch(e,r){return this.apiCall("PATCH",e,r)}async del(e,r){return this.apiCall("DELETE",e,r)}async put(e,r){return this.apiCall("PUT",e,r)}};var Ap=new ao(g.INTERNAL_ACCOUNT_PORTAL_URL),_p=g.SELF_HOSTED||g.DISABLE_ACCOUNT_PORTAL,Rr=s(async t=>{if(_p)return;let e={email:t},r=await Ap.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by email ${t}`);return(await r.json())[0]},"getAccount"),fi=s(async t=>{if(_p)return;let e={tenantId:t},r=await Ap.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by tenantId ${t}`);return(await r.json())[0]},"getAccountByTenantId"),DP=s(async()=>{if(_p)return;let t=await Ap.get("/api/status",{headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}}),e=await t.json();if(t.status!==200)throw new Error("Error getting status");return e},"getStatus");var Ei={};P(Ei,{UserDB:()=>xt,addAppBuilder:()=>VL,bulkGetGlobalUsersById:()=>ic,bulkUpdateGlobalUsers:()=>Io,cleanseUserObject:()=>qp,creatorsInList:()=>An,doesUserExist:()=>FL,getAccountHolderFromUsers:()=>nc,getAllUserIds:()=>ML,getAllUsers:()=>kL,getById:()=>_n,getCreatorCount:()=>$L,getExistingAccounts:()=>gi,getExistingPlatformUsers:()=>VA,getExistingTenantUsers:()=>GA,getFirstPlatformUser:()=>_o,getGlobalUserByAppPage:()=>zA,getGlobalUserByEmail:()=>At,getPlatformUsers:()=>Xu,getUserCount:()=>WL,hasAdminPermissions:()=>Cr,hasAppBuilderPermissions:()=>QA,hasBuilderPermissions:()=>Fe,isAdmin:()=>bt,isAdminOrBuilder:()=>KA,isAdminOrWorkspaceBuilder:()=>ec,isBuilder:()=>Si,isCreatorAsync:()=>Oo,isCreatorSync:()=>tc,isGlobalBuilder:()=>qA,paginatedUsers:()=>ZA,removeAppBuilder:()=>qL,removePortalUserPermissions:()=>GL,searchExistingEmails:()=>Bp,searchGlobalUsersByApp:()=>YA,searchGlobalUsersByAppAccess:()=>Vp,searchGlobalUsersByEmail:()=>JA,validateUniqueUser:()=>rc});var Vu={};P(Vu,{ActiveContentFileError:()=>ku,BadRequestError:()=>co,BudibaseError:()=>uo,EmailUnavailableError:()=>zt,FeatureDisabledError:()=>Wu,ForbiddenError:()=>Fu,HTTPError:()=>ke,NotFoundError:()=>Mu,NotImplementedError:()=>Bu,UnexpectedError:()=>Lu,UsageLimitError:()=>$u,getErrorMessage:()=>rA,getPublicError:()=>Gu});var uo=class extends Error{constructor(r,n){super(r);this.code=n}static{s(this,"BudibaseError")}};function rA(t){if(t==null)return"No error provided.";if(t instanceof Error)return t.message;if(typeof t=="string")return t;if(typeof t=="object"&&"message"in t)return String(t.message);try{let r=JSON.stringify(t);if(r!=="{}")return r}catch{}let e=String(t);return e!=="[object Object]"?e:"An unknown error occurred"}s(rA,"getErrorMessage");var Gu=s(t=>{let e;return t.code&&(e={code:t.code},t.getPublicError&&(e={...e,...t.getPublicError()})),e},"getPublicError"),ke=class t extends uo{constructor(r,n,i="http"){super(r,i);this.status=n}static{s(this,"HTTPError")}static async fromResponse(r){let n=await r.text(),i=n,o=r.status,a="http";try{let u=JSON.parse(n);i=u.message,o=u.status,a=u.error?.code}catch{}return new t(i,o,a)}},Lu=class extends ke{static{s(this,"UnexpectedError")}constructor(e){super(e,500)}},Mu=class extends ke{static{s(this,"NotFoundError")}constructor(e){super(e,404)}},co=class extends ke{static{s(this,"BadRequestError")}constructor(e){super(e,400)}},ku=class extends co{static{s(this,"ActiveContentFileError")}constructor(e){super(`File "${e}" contains active content which is not permitted`)}},Fu=class extends ke{static{s(this,"ForbiddenError")}constructor(e){super(e,403)}},Bu=class extends ke{static{s(this,"NotImplementedError")}constructor(e){super(e,501)}},Wu=class extends Error{static{s(this,"FeatureDisabledError")}constructor(e){super(`Feature disabled: '${e}'`)}},$u=class extends Error{static{s(this,"UsageLimitError")}constructor(e){super(`Usage limit exceeded: '${e}'`)}},zt=class extends Error{static{s(this,"EmailUnavailableError")}constructor(e){super(`Email already in use: '${e}'`)}};var Dp={};P(Dp,{PASSWORD_MAX_LENGTH:()=>Ip,PASSWORD_MIN_LENGTH:()=>Op,validatePassword:()=>wp});var Op=+(g.PASSWORD_MIN_LENGTH||12),Ip=+(g.PASSWORD_MAX_LENGTH||512);function wp(t){return!t||t.length<Op?{valid:!1,error:`Password invalid. Minimum ${Op} characters.`}:t.length>Ip?{valid:!1,error:`Password invalid. Maximum ${Ip} characters.`}:{valid:!0}}s(wp,"validatePassword");var qu={};P(qu,{createASession:()=>RP,endSession:()=>CP,getSession:()=>Cp,getSessionsForUser:()=>lo,invalidateSessions:()=>Tn,updateSessionTTL:()=>Rp});var iA=require("uuid");var sA=g.SESSION_EXPIRY_SECONDS?parseInt(g.SESSION_EXPIRY_SECONDS):pe.fromDays(7).toSeconds();function pi(t,e){return`${t}/${e}`}s(pi,"makeSessionID");async function lo(t){return t?(await(await yr()).scan(t)).map(n=>n.value):(console.trace("Cannot get sessions for undefined userId"),[])}s(lo,"getSessionsForUser");async function Tn(t,e={}){try{let r=e?.reason||"unknown",n=e.sessionIds||[],i;if(n.length===0?i=(await lo(t)).map(a=>({key:pi(a.userId,a.sessionId)})):(n=Array.isArray(n)?n:[n],i=n.map(o=>({key:pi(t,o)}))),i&&i.length>0){let o=await yr(),a=[];for(let u of i)a.push(o.delete(u.key));g.isTest()||ci(`Invalidating sessions for ${t} (reason: ${r}) - ${i.map(u=>u.key).join(", ")}`),await Promise.all(a)}}catch(r){console.error(`Error invalidating sessions: ${r}`)}}s(Tn,"invalidateSessions");async function RP(t,e){let r=await lo(t),n=0;if(r.length>=3){let l=r.sort((h,p)=>new Date(h.createdAt).getTime()-new Date(p.createdAt).getTime()),d=r.length-3+1,f=l.slice(0,d).map(h=>h.sessionId);n=f.length,await Tn(t,{sessionIds:f,reason:"session limit exceeded"})}let i=await yr(),o=e.sessionId,a=e.csrfToken?e.csrfToken:(0,iA.v4)(),u=pi(t,o),c={...e,csrfToken:a,createdAt:new Date().toISOString(),lastAccessedAt:new Date().toISOString(),userId:t};return await i.store(u,c,sA),{session:c,invalidatedSessionCount:n}}s(RP,"createASession");async function Rp(t){let e=await yr(),r=pi(t.userId,t.sessionId);t.lastAccessedAt=new Date().toISOString(),await e.store(r,t,sA)}s(Rp,"updateSessionTTL");async function CP(t,e){await(await yr()).delete(pi(t,e))}s(CP,"endSession");async function Cp(t,e){if(!t||!e)throw new Error(`Invalid session details - ${t} - ${e}`);let n=await(await yr()).get(pi(t,e));if(!n)throw new Error(`Session not found - ${t} - ${e}`);return n}s(Cp,"getSession");var hi={};P(hi,{account:()=>EA,action:()=>yA,ai:()=>TA,analytics:()=>Qu,app:()=>SA,asyncEventQueue:()=>Tt,auditLog:()=>AA,auth:()=>Zu,automation:()=>_A,backfill:()=>OA,backfillCache:()=>Yu,backup:()=>IA,datasource:()=>wA,email:()=>DA,environmentVariable:()=>RA,group:()=>CA,identification:()=>St,initAsyncEvents:()=>OL,installation:()=>go,layout:()=>bA,license:()=>xA,org:()=>vA,plugin:()=>PA,processors:()=>Up,publishEvent:()=>A,query:()=>NA,resource:()=>UA,role:()=>Ao,rowAction:()=>LA,rows:()=>MA,screen:()=>kA,serve:()=>FA,shutdown:()=>IL,table:()=>BA,user:()=>Be,view:()=>WA,workspace:()=>$A});var Qu={};P(Qu,{enabled:()=>Ku});var Ku=s(async()=>ju(),"enabled");var Tt;function Hu(){Tt=new Et("systemEventQueue",{jobTags:t=>({"event.name":t.event})})}s(Hu,"init");async function oA(){Tt&&await Tt.close()}s(oA,"shutdown");async function aA(t){Tt||Hu();let{event:e,identity:r}=t;Vm.indexOf(e)!==-1&&r.tenantId&&await Tt.add(t)}s(aA,"publishAsyncEvent");var Yu={};P(Yu,{end:()=>xP,isAlreadySent:()=>vp,isBackfillingEvent:()=>xp,recordEvent:()=>bp,start:()=>bP});var bP=s(async t=>PP({eventWhitelist:t}),"start"),bp=s(async(t,e)=>{let r=Pp(t,e);await Yt(r,e,void 0,{useTenancy:!1})},"recordEvent"),xP=s(async()=>{await NP(),await UP()},"end"),vP=s(async()=>hn(ye.BACKFILL_METADATA),"getBackfillMetadata"),PP=s(async t=>Yt(ye.BACKFILL_METADATA,t),"saveBackfillMetadata"),NP=s(async()=>{await to(ye.BACKFILL_METADATA)},"deleteBackfillMetadata"),UP=s(async()=>{let t=Pp(),e=await Nu(t);for(let r of e)await to(r,{useTenancy:!1})},"clearEvents"),xp=s(async t=>{let r=(await vP())?.eventWhitelist;return!!(r&&r.includes(t))},"isBackfillingEvent"),vp=s(async(t,e)=>{let r=Pp(t,e);return!!await hn(r,{useTenancy:!1})},"isAlreadySent"),LP={"automation:created":t=>t.automationId,"automation:step:created":t=>t.stepId,"datasource:created":t=>t.datasourceId,"layout:created":t=>t.layoutId,"query:created":t=>t.queryId,"role:created":t=>t.roleId,"screen:created":t=>t.screenId,"table:created":t=>t.tableId,"view:created":t=>t.tableId,"view:calculation:created":t=>t.tableId,"view:filter:created":t=>t.tableId,"app:created":t=>t.appId,"app:published":t=>t.appId,"auth:sso:created":t=>t.type,"auth:sso:activated":t=>t.type,"user:created":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:builder:assigned":t=>t.userId,"role:assigned":t=>`${t.roleId}-${t.userId}`},Pp=s((t,e)=>{let r,n=$();if(t){r=`${ye.EVENTS}:${n}:${t}`;let i=LP[t],o=i?i(e):void 0;o&&(r=`${r}:${o}`)}else r=`${ye.EVENTS}:${n}:*`;return r},"getEventKey");var Up={};P(Up,{analyticsProcessor:()=>mA,init:()=>KP,processors:()=>Zt});var fA=require("posthog-node");var MP=s(t=>t==="served:builder"||t==="served:app:preview"||t==="served:app","isRateLimited"),kP=s(t=>t==="served:app:preview"||t==="served:app","isPerApp");var cA={"served:app":"calendarDay","served:app:preview":"calendarDay","served:builder":"calendarDay"},lA=s(async t=>{if(!MP(t))return!1;let e=await FP(t);if(e){let r=new Date(e.timestamp);switch(cA[t]){case"calendarDay":return r.setDate(r.getDate()+1),r.setHours(0,0,0,0),Date.now()>r.getTime()?(await uA(t,{timestamp:Date.now()}),!1):!0}}else return await uA(t,{timestamp:Date.now()}),!1},"limited"),dA=s(t=>{let e=`${ye.EVENTS_RATE_LIMIT}:${t}`;return kP(t)&&(e=e+":"+be()),e},"eventKey"),FP=s(async t=>{let e=dA(t);return await hn(e)},"readEvent"),uA=s(async(t,e)=>{let r=dA(t),n=cA[t],i;switch(n){case"calendarDay":i=86400}await Yt(r,e,i)},"recordEvent");var WP=["user:updated","email:smtp:updated","auth:sso:updated","app:updated","role:updated","datasource:updated","query:updated","view:updated","view:calculation:updated","automation:trigger:updated","user_group:updated"],fo=class{static{s(this,"PosthogProcessor")}constructor(e){if(!e)throw new Error("Posthog token is not defined");this.posthog=new fA.PostHog(e)}async processEvent(e,r,n,i){if(WP.includes(e)||await lA(e))return;n=this.clearPIIProperties(n),n.version=g.VERSION,n.service=g.SERVICE,n.environment=r.environment,n.hosting=r.hosting;let o=be();o&&(n.appId=o);let a={distinctId:r.id,event:e,properties:n};i&&(a.timestamp=new Date(i)),(r.installationId||r.tenantId)&&(a.groups={},r.installationId&&(a.groups.installation=r.installationId,a.properties.installationId=r.installationId),r.tenantId&&(a.groups.tenant=r.tenantId,a.properties.tenantId=r.tenantId)),this.posthog.capture(a)}clearPIIProperties(e){return e.email&&delete e.email,e.audited&&delete e.audited,e}async identify(e,r){let n={distinctId:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.identify(n)}async identifyGroup(e,r){let n={distinctId:e.id,groupType:e.type,groupKey:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.groupIdentify(n)}async shutdown(){await this.posthog.shutdown()}};var pA=fo;var $P=["installation:version:upgraded","installation:version:downgraded"],GP=["installation","tenant"],po=class{static{s(this,"AnalyticsProcessor")}constructor(){g.POSTHOG_TOKEN&&!g.isTest()&&(this.posthog=new pA(g.POSTHOG_TOKEN))}async processEvent(e,r,n,i){!$P.includes(e)&&!await Ku()||this.posthog&&await this.posthog.processEvent(e,r,n,i)}async identify(e,r){!GP.includes(e.type)&&!await Ku()||this.posthog&&await this.posthog.identify(e,r)}async identifyGroup(e,r){this.posthog&&await this.posthog.identifyGroup(e,r)}async shutdown(){this.posthog&&await this.posthog.shutdown()}};var Np=g.SELF_HOSTED&&!g.isDev(),mo=class{static{s(this,"LoggingProcessor")}async processEvent(e,r,n){Np||console.log(`[audit] [identityType=${r.type}] ${e}`,n)}async identify(e){Np||console.log("[audit] identified",e)}async identifyGroup(e){Np||console.log("[audit] group identified",e)}async shutdown(){}};var mi=class t{static{s(this,"AuditLogsProcessor")}static{this.auditLogsEnabled=!1}static init(e){t.auditLogsEnabled=!0;let r=e;return t.auditLogQueue=new Et("auditLogQueue",{jobTags:n=>({"event.name":n.event})}),t.auditLogQueue.process(async n=>{await Ce(n.data.tenantId,async()=>{let i=n.data.properties;i.audited&&(i={...i,...i.audited},delete i.audited);let o={};g.ENABLE_AUDIT_LOG_IP_ADDR&&(o=n.data.opts.hostInfo),await r(n.data.event,i,{userId:n.data.opts.userId,timestamp:n.data.opts.timestamp,appId:n.data.opts.appId,hostInfo:o})})})}async processEvent(e,r,n,i){if(t.auditLogsEnabled&&$f(e)){let o=r.type==="user"?r.id:void 0;await t.auditLogQueue.add({event:e,properties:n,opts:{userId:o,timestamp:i,appId:be(),hostInfo:r.hostInfo},tenantId:$()})}}async identify(){}async identifyGroup(){}async shutdown(){await t.auditLogQueue?.close()}};var ho=class{constructor(e){this.initialised=!1;this.processors=[];this.processors=e}static{s(this,"Processor")}async processEvent(e,r,n,i){for(let o of this.processors)await o.processEvent(e,r,n,i)}async identify(e,r){for(let n of this.processors)n.identify&&await n.identify(e,r)}async identifyGroup(e,r){for(let n of this.processors)n.identifyGroup&&await n.identifyGroup(e,r)}async shutdown(){for(let e of this.processors)e.shutdown&&await e.shutdown()}};var mA=new po,VP=new mo,qP=new mi;function KP(t){return mi.init(t)}s(KP,"init");var Zt=new ho([mA,VP,qP]);var zu={};P(zu,{checkInstallVersion:()=>HP,getInstall:()=>Eo,getInstallFromDB:()=>Mp});var Lp=B(require("semver"));var Eo=s(async()=>wr(ye.INSTALLATION,86400,Mp,{useTenancy:!1}),"getInstall");async function QP(t){let e={_id:fe.PLATFORM_INFO.docs.install,installId:ee(),version:g.VERSION};try{let r=await t.put(e);return e._rev=r.rev,e}catch(r){if(r.status===409)return Mp();throw r}}s(QP,"createInstallDoc");var Mp=s(async()=>je(fe.PLATFORM_INFO.name,async t=>{let e;try{e=await t.get(fe.PLATFORM_INFO.docs.install)}catch(r){if(r.status===404)e=await QP(t);else throw r}return e}),"getInstallFromDB"),jP=s(async t=>{try{await je(fe.PLATFORM_INFO.name,async e=>{let r=await Eo();r.version=t,await e.put(r),await li(ye.INSTALLATION)})}catch(e){if(e.status===409)return!1;throw e}return!0},"updateVersion"),HP=s(async()=>{let t=await Eo(),e=t.version,r=g.VERSION;try{if(e!==r){let n=Lp.default.gt(r,e),i=Lp.default.lt(r,e);await jP(r)&&(await ws({_id:t.installId,type:"installation"},async()=>{n?await go.upgraded(e,r):i&&await go.downgraded(e,r)}),await St.identifyInstallationGroup(t.installId))}}catch(n){n?.message?.includes("Invalid Version")?dn(`Invalid version "${r}" - is it semver?`):dn("Failed to retrieve version",n)}},"checkInstallVersion");var YP=s(async()=>{let t=Zd(),e=So(),r;if(t?r=t.type:r="tenant",r==="installation"){let n=await Sn(),i=yo();return{id:hA(n,r),hosting:i,type:r,installationId:n,environment:e}}else if(r==="tenant"){let n=await Sn(),i=await Ju($()),o=yo();return{id:hA(i,r),type:r,hosting:o,installationId:n,tenantId:i,realTenantId:$(),environment:e}}else if(r==="user"){let n=t,i=await Ju($()),o=await Sn(),a=n.account,u;return a?u=a.hosting:u=yo(),{id:n._id,type:r,hosting:u,installationId:o,tenantId:i,environment:e,realTenantId:$(),hostInfo:n.hostInfo}}else throw new Error("Unknown identity type")},"getCurrentIdentity"),zP=s(async(t,e)=>{let r=t,n="installation",i=yo(),o=g.VERSION,a=So(),u={id:r,type:n,hosting:i,version:o,environment:a};await kp(u,e),await To({...u,id:`$${n}_${r}`},e)},"identifyInstallationGroup"),JP=s(async(t,e,r,n=g.VERSION)=>{let i=await Ju(t),o="tenant",a=await Sn(),u=So(),c={id:i,type:o,hosting:e,environment:u,installationId:a,createdAt:r,createdVersion:n};await kp(c,r),await To({...c,id:`$${o}_${i}`},r)},"identifyTenantGroup"),ZP=s(async(t,e,r)=>{let n=t._id,i=await Ju(t.tenantId),o="user",a=Fe(t),u=Cr(t),c;Ko(t)&&(c=t.providerType);let d=(await gi([t.email])).length>0,f=!!e&&d&&e.verified,h=await Sn(),p=e?e.hosting:yo(),S=So();await To({id:n,type:o,hosting:p,installationId:h,tenantId:i,verified:f,accountHolder:d,providerType:c,builder:a,admin:u,environment:S},r)},"identifyUser"),XP=s(async t=>{let e=t.accountId,r=t.tenantId,n="user",i=qo(t)?t.providerType:void 0,o=t.verified,a=!0,u=t.hosting,c=await Sn(),l=So();if(Vo(t)){let f=await At(t.email);f?._id&&(e=f._id)}await To({id:e,type:n,hosting:u,installationId:c,tenantId:r,providerType:i,verified:o,accountHolder:a,environment:l})},"identifyAccount"),To=s(async(t,e)=>{await Zt.identify(t,e)},"identify"),kp=s(async(t,e)=>{await Zt.identifyGroup(t,e)},"identifyGroup"),So=s(()=>g.isDev()?"development":g.DEPLOYMENT_ENVIRONMENT,"getDeploymentEnvironment"),yo=s(()=>g.SELF_HOSTED?"self":"cloud","getHostingFromEnv"),Sn=s(async()=>eN()?"account-portal":(await Eo()).installId,"getInstallationId"),Ju=s(async t=>g.SELF_HOSTED?gA(t):t,"getEventTenantId"),gA=s(async t=>Ce(t,()=>wr(ye.UNIQUE_TENANT_ID,86400,async()=>{let e=Y(),r=await yi(),n;return r.config.uniqueTenantId?r.config.uniqueTenantId:(n=`${ee()}_${t}`,r.config.uniqueTenantId=n,r.config.createdVersion=g.VERSION,await e.put(r),n)})),"getUniqueTenantId"),eN=s(()=>g.SERVICE==="account-portal","isAccountPortal"),hA=s((t,e)=>e==="installation"||e==="tenant"?`$${e}_${t}`:t,"formatDistinctId"),St={getCurrentIdentity:YP,identifyInstallationGroup:zP,identifyTenantGroup:JP,identifyUser:ZP,identifyAccount:XP,identify:To,identifyGroup:kp,getInstallationId:Sn,getUniqueTenantId:gA};var A=s(async(t,e,r,n)=>{let i=n||await St.getCurrentIdentity();if(!(n?!1:await xp(t))){await aA({event:t,identity:i,properties:e,timestamp:r}),await Zt.processEvent(t,i,e,r);return}await vp(t,e)||(await Zt.processEvent(t,i,e,r),await bp(t,e))},"publishEvent");async function tN(t,e){let r={tenantId:t.tenantId};await A("account:created",r,void 0,e)}s(tN,"created");async function rN(t){let e={tenantId:t.tenantId};await A("account:deleted",e)}s(rN,"deleted");async function nN(t){let e={tenantId:t.tenantId};await A("account:verified",e)}s(nN,"verified");var EA={created:tN,deleted:rN,verified:nN};async function iN(t,e){console.info("action:automation_step:executed",`disabled. Action step ${t.stepId} not published at ${e}`)}s(iN,"automationStepExecuted");async function sN(t,e){console.info("action:automation_step:executed",`disabled. Action type ${t.type} not published at ${e}`)}s(sN,"crudExecuted");async function oN(t,e){console.info("action:automation_step:executed",`disabled. Execution for ai agent ${t.agentId} not published at ${e}`)}s(oN,"aiAgentExecuted");var yA={aiAgentExecuted:oN,automationStepExecuted:iN,crudExecuted:sN};async function aN(t){let e={};await A("ai:config:created",e,t)}s(aN,"AIConfigCreated");async function uN(){let t={};await A("ai:config:updated",t)}s(uN,"AIConfigUpdated");var TA={AIConfigCreated:aN,AIConfigUpdated:uN};var cN=s(async(t,e)=>{let r={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:created",r,e)},"created");async function lN(t){let e={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:updated",e)}s(lN,"updated");async function dN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:deleted",e)}s(dN,"deleted");async function fN(t,e){let r={appId:t.appId,audited:{name:t.name}};await A("app:published",r,e)}s(fN,"published");async function pN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:unpublished",e)}s(pN,"unpublished");async function mN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:file:imported",e)}s(mN,"fileImported");async function hN(t,e){let r={duplicateAppId:e,appId:t.appId,audited:{name:t.name}};await A("app:duplicated",r)}s(hN,"duplicated");async function gN(t,e){let r={appId:t.appId,templateKey:e,audited:{name:t.name}};await A("app:template:imported",r)}s(gN,"templateImported");async function EN(t,e,r){let n={appId:t.appId,currentVersion:e,updatedToVersion:r,audited:{name:t.name}};await A("app:version:updated",n)}s(EN,"versionUpdated");async function yN(t,e,r){let n={appId:t.appId,currentVersion:e,revertedToVersion:r,audited:{name:t.name}};await A("app:version:reverted",n)}s(yN,"versionReverted");async function TN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:reverted",e)}s(TN,"reverted");async function SN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:exported",e)}s(SN,"exported");var SA={created:cN,updated:lN,deleted:dN,published:fN,unpublished:pN,fileImported:mN,duplicated:hN,templateImported:gN,versionUpdated:EN,versionReverted:yN,reverted:TN,exported:SN};async function AN(t){let e={filters:t};await A("audit_log:filtered",e)}s(AN,"filtered");async function _N(t){let e={filters:t};await A("audit_log:downloaded",e)}s(_N,"downloaded");var AA={filtered:AN,downloaded:_N};async function ON(t,e){let n={userId:(await St.getCurrentIdentity()).id,source:t,audited:{email:e}};await A("auth:login",n)}s(ON,"login");async function IN(t){let r={userId:(await St.getCurrentIdentity()).id,audited:{email:t}};await A("auth:logout",r)}s(IN,"logout");async function wN(t,e){let r={type:t};await A("auth:sso:created",r,e)}s(wN,"SSOCreated");async function DN(t){let e={type:t};await A("auth:sso:updated",e)}s(DN,"SSOUpdated");async function RN(t,e){let r={type:t};await A("auth:sso:activated",r,e)}s(RN,"SSOActivated");async function CN(t){let e={type:t};await A("auth:sso:deactivated",e)}s(CN,"SSODeactivated");var Zu={login:ON,logout:IN,SSOCreated:wN,SSOUpdated:DN,SSOActivated:RN,SSODeactivated:CN};async function bN(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:created",r,e)}s(bN,"created");async function xN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:trigger:updated",e)}s(xN,"triggerUpdated");async function vN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:deleted",e)}s(vN,"deleted");async function PN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:tested",e)}s(PN,"tested");var NN=s(async(t,e)=>{let r={count:t};await A("automations:run",r,e)},"run");async function UN(t,e,r){let n={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:created",n,r)}s(UN,"stepCreated");async function LN(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:deleted",r)}s(LN,"stepDeleted");var _A={created:bN,triggerUpdated:xN,deleted:vN,tested:PN,run:NN,stepCreated:UN,stepDeleted:LN};var Ti=!g.SELF_HOSTED&&!g.isDev();async function MN(t){Ti||await A("app:backfill:succeeded",t)}s(MN,"appSucceeded");async function kN(t){if(Ti)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("app:backfill:failed",e)}s(kN,"appFailed");async function FN(t){Ti||await A("tenant:backfill:succeeded",t)}s(FN,"tenantSucceeded");async function BN(t){if(Ti)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("tenant:backfill:failed",e)}s(BN,"tenantFailed");async function WN(){if(Ti)return;let t={};await A("installation:backfill:succeeded",t)}s(WN,"installationSucceeded");async function $N(t){if(Ti)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("installation:backfill:failed",e)}s($N,"installationFailed");var OA={appSucceeded:MN,appFailed:kN,tenantSucceeded:FN,tenantFailed:BN,installationSucceeded:WN,installationFailed:$N};async function GN(t){let e={appId:t.appId,restoreId:t._id,backupCreatedAt:t.timestamp,name:t.name};await A("app:backup:restored",e)}s(GN,"appBackupRestored");async function VN(t,e,r,n,i){let o={appId:t,backupId:e,type:r,trigger:n,name:i};await A("app:backup:triggered",o)}s(VN,"appBackupTriggered");var IA={appBackupRestored:GN,appBackupTriggered:VN};function Fp(t){return!Object.values(Bo).includes(t.source)}s(Fp,"isCustom");async function qN(t,e){let r={datasourceId:t._id,source:t.source,custom:Fp(t)};await A("datasource:created",r,e)}s(qN,"created");async function KN(t){let e={datasourceId:t._id,source:t.source,custom:Fp(t)};await A("datasource:updated",e)}s(KN,"updated");async function QN(t){let e={datasourceId:t._id,source:t.source,custom:Fp(t)};await A("datasource:deleted",e)}s(QN,"deleted");var wA={created:qN,updated:KN,deleted:QN};async function jN(t){let e={};await A("email:smtp:created",e,t)}s(jN,"SMTPCreated");async function HN(){let t={};await A("email:smtp:updated",t)}s(HN,"SMTPUpdated");var DA={SMTPCreated:jN,SMTPUpdated:HN};async function YN(t,e){let r={name:t,environments:e};await A("environment_variable:created",r)}s(YN,"created");async function zN(t){let e={name:t};await A("environment_variable:deleted",e)}s(zN,"deleted");async function JN(t){let e={userId:t};await A("environment_variable:upgrade_panel_opened",e)}s(JN,"upgradePanelOpened");var RA={created:YN,deleted:zN,upgradePanelOpened:JN};async function ZN(t,e){let r={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:created",r,e)}s(ZN,"created");async function XN(t){let e={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:updated",e)}s(XN,"updated");async function eU(t){let e={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:deleted",e)}s(eU,"deleted");async function tU(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:gt(),audited:{name:e.name}};await A("user_group:user_added",n)}s(tU,"usersAdded");async function rU(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:gt(),audited:{name:e.name}};await A("user_group:users_deleted",n)}s(rU,"usersDeleted");async function nU(t){let e={groupId:t,onboarding:!0};await A("user_group:onboarding_added",e)}s(nU,"createdOnboarding");async function iU(t){let e={permissions:t.roles,groupId:t._id,audited:{name:t.name}};await A("user_group:permissions_edited",e)}s(iU,"permissionsEdited");var CA={created:ZN,updated:XN,deleted:eU,usersAdded:tU,usersDeleted:rU,createdOnboarding:nU,permissionsEdited:iU};async function sU(t){let e={currentVersion:t};await A("installation:version:checked",e)}s(sU,"versionChecked");async function oU(t,e){let r={from:t,to:e};await A("installation:version:upgraded",r)}s(oU,"upgraded");async function aU(t,e){let r={from:t,to:e};await A("installation:version:downgraded",r)}s(aU,"downgraded");async function uU(){let t={};await A("installation:firstStartup",t)}s(uU,"firstStartup");var go={versionChecked:sU,upgraded:oU,downgraded:aU,firstStartup:uU};async function cU(t,e){let r={layoutId:t._id};await A("layout:created",r,e)}s(cU,"created");async function lU(t){let e={layoutId:t};await A("layout:deleted",e)}s(lU,"deleted");var bA={created:cU,deleted:lU};async function dU(t,e){let r={accountId:t.accountId,...e};await A("license:plan:changed",r)}s(dU,"planChanged");async function fU(t){let e={accountId:t.accountId};await A("license:activated",e)}s(fU,"activated");async function pU(t){let e={accountId:t.accountId};await A("license:checkout:opened",e)}s(pU,"checkoutOpened");async function mU(t){let e={accountId:t.accountId};await A("license:checkout:success",e)}s(mU,"checkoutSuccess");async function hU(t){let e={accountId:t.accountId};await A("license:portal:opened",e)}s(hU,"portalOpened");async function gU(t){let e={accountId:t.accountId};await A("license:payment:failed",e)}s(gU,"paymentFailed");async function EU(t){let e={accountId:t.accountId};await A("license:payment:recovered",e)}s(EU,"paymentRecovered");var xA={planChanged:dU,activated:fU,checkoutOpened:pU,checkoutSuccess:mU,portalOpened:hU,paymentFailed:gU,paymentRecovered:EU};async function yU(t){let e={};await A("org:info:name:updated",e,t)}s(yU,"nameUpdated");async function TU(t){let e={};await A("org:info:logo:updated",e,t)}s(TU,"logoUpdated");async function SU(t){let e={};await A("org:platformurl:updated",e,t)}s(SU,"platformURLUpdated");async function AU(){let t={};await A("analytics:opt:out",t)}s(AU,"analyticsOptOut");async function _U(){let t={};await A("analytics:opt:out",t)}s(_U,"analyticsOptIn");var vA={nameUpdated:yU,logoUpdated:TU,platformURLUpdated:SU,analyticsOptOut:AU,analyticsOptIn:_U};async function OU(t){let e={type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:init",e)}s(OU,"init");async function IU(t){let e={pluginId:t._id,type:t.schema.type,source:t.source,name:t.name,description:t.description,version:t.version};await A("plugin:imported",e)}s(IU,"imported");async function wU(t){let e={pluginId:t._id,type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:deleted",e)}s(wU,"deleted");var PA={init:OU,imported:IU,deleted:wU};var DU=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:created",n,r)},"created"),RU=s(async(t,e)=>{let r={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:updated",r)},"updated"),CU=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb,appId:r};await A("query:deleted",n)},"deleted"),bU=s(async(t,e,r)=>{let n={datasourceId:t._id,source:t.source,count:r,importSource:e};await A("query:import",n)},"imported"),xU=s(async(t,e)=>{let r={count:t};await A("queries:run",r,e)},"run"),vU=s(async(t,e)=>{let r={queryId:e.queryId,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:previewed",r)},"previewed"),NA={created:DU,updated:RU,deleted:CU,imported:bU,run:xU,previewed:vU};async function PU({resource:t,fromWorkspace:e,toWorkspace:r},n){let i={resource:t,fromWorkspace:e,toWorkspace:r};await A("resource:copied_to_workspace",i,n)}s(PU,"duplicatedToWorkspace");var UA={duplicatedToWorkspace:PU};async function NU(t,e){let r={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:created",r,e)}s(NU,"created");async function UU(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:updated",e)}s(UU,"updated");async function LU(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:deleted",e)}s(LU,"deleted");async function MU(t,e,r){let n={userId:t._id,roleId:e};await A("role:assigned",n,r)}s(MU,"assigned");async function kU(t,e){let r={userId:t._id,roleId:e};await A("role:unassigned",r)}s(kU,"unassigned");var Ao={created:NU,updated:UU,deleted:LU,assigned:MU,unassigned:kU};async function FU(t,e){await A("row_action:created",t,e)}s(FU,"created");var LA={created:FU};var BU=s(async(t,e)=>{let r={count:t};await A("rows:created",r,e)},"created"),WU=s(async(t,e)=>{let r={tableId:t._id,count:e};await A("rows:imported",r)},"imported"),MA={created:BU,imported:WU};async function $U(t,e){let r={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:created",r,e)}s($U,"created");async function GU(t){let e={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:deleted",e)}s(GU,"deleted");var kA={created:$U,deleted:GU};async function VU(t){let e={timezone:t};await A("served:builder",e)}s(VU,"servedBuilder");async function qU(t,e,r){let n={appVersion:t.version,timezone:e,embed:r===!0};await A("served:app",n)}s(qU,"servedApp");async function KU(t,e){let r={appId:t.appId,appVersion:t.version,timezone:e};await A("served:app:preview",r)}s(KU,"servedAppPreview");var FA={servedBuilder:VU,servedApp:qU,servedAppPreview:KU};async function QU(t,e){let r={tableId:t._id,audited:{name:t.name}};await A("table:created",r,e)}s(QU,"created");async function jU(t,e){let r,n;for(let o in e.schema)if(!t.schema[o]){let a=e.schema[o];"default"in a&&a.default!=null&&(r=!0),a.type==="ai"&&(n=a.operation)}let i={tableId:e._id,defaultValues:r,aiColumn:n,audited:{name:e.name}};(r||n)&&await A("table:updated",i)}s(jU,"updated");async function HU(t,e){let r={tableId:t._id,audited:{name:t.name},appId:e};await A("table:deleted",r)}s(HU,"deleted");async function YU(t,e){let r={tableId:t._id,format:e,audited:{name:t.name}};await A("table:exported",r)}s(YU,"exported");async function zU(t){let e={tableId:t._id,audited:{name:t.name}};await A("table:imported",e)}s(zU,"imported");var BA={created:QU,updated:jU,deleted:HU,exported:YU,imported:zU};async function JU(t,e){let r={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:created",r,e)}s(JU,"created");async function ZU(t){let e={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:updated",e)}s(ZU,"updated");async function XU(t){let e={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:deleted",e)}s(XU,"deleted");async function eL(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:admin:assigned",r,e)}s(eL,"permissionAdminAssigned");async function tL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:admin:removed",e)}s(tL,"permissionAdminRemoved");async function rL(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:builder:assigned",r,e)}s(rL,"permissionBuilderAssigned");async function nL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:builder:removed",e)}s(nL,"permissionBuilderRemoved");async function iL(t){let e={audited:{email:t}};await A("user:invited",e)}s(iL,"invited");async function sL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:invite:accepted",e)}s(sL,"inviteAccepted");async function oL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:force:reset",e)}s(oL,"passwordForceReset");async function aL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:updated",e)}s(aL,"passwordUpdated");async function uL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset:requested",e)}s(uL,"passwordResetRequested");async function cL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset",e)}s(cL,"passwordReset");async function lL(t){let e={users:t};await A("user:data:collaboration",e)}s(lL,"dataCollaboration");var Be={created:JU,updated:ZU,deleted:XU,permissionAdminAssigned:eL,permissionAdminRemoved:tL,permissionBuilderAssigned:rL,permissionBuilderRemoved:nL,invited:iL,inviteAccepted:sL,passwordForceReset:oL,passwordUpdated:aL,passwordResetRequested:uL,passwordReset:cL,dataCollaboration:lL};async function dL(t,e){let r={name:t.name,type:t.type,tableId:t.tableId};await A("view:created",r,e)}s(dL,"created");async function fL(t){let e={tableId:t.tableId};await A("view:updated",e)}s(fL,"updated");async function pL(t,e){let r={...Le.views.isV2(t)?{id:t.id,tableId:t.tableId,appId:e}:{}};await A("view:deleted",r)}s(pL,"deleted");async function mL(t,e){let r={tableId:t._id,format:e};await A("view:exported",r)}s(mL,"exported");async function hL({tableId:t,filterGroups:e},r){let n={tableId:t,filterGroups:e};await A("view:filter:created",n,r)}s(hL,"filterCreated");async function gL({tableId:t,filterGroups:e}){let r={tableId:t,filterGroups:e};await A("view:filter:updated",r)}s(gL,"filterUpdated");async function EL(t){let e={tableId:t.tableId};await A("view:filter:deleted",e)}s(EL,"filterDeleted");async function yL({tableId:t,calculationType:e},r){let n={tableId:t,calculation:e};await A("view:calculation:created",n,r)}s(yL,"calculationCreated");async function TL(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:updated",e)}s(TL,"calculationUpdated");async function SL(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:deleted",e)}s(SL,"calculationDeleted");async function AL(t,e){let r={tableId:t};await A("view:join:created",r,e)}s(AL,"viewJoinCreated");var WA={created:dL,updated:fL,deleted:pL,exported:mL,filterCreated:hL,filterUpdated:gL,filterDeleted:EL,calculationCreated:yL,calculationUpdated:TL,calculationDeleted:SL,viewJoinCreated:AL};async function _L(t,e){let r={workspaceAppId:t._id,audited:{name:t.name},appId:e};await A("workspace_app:deleted",r)}s(_L,"deleted");var $A={deleted:_L};function OL(){}s(OL,"initAsyncEvents");var IL=s(async()=>{await Zt.shutdown(),console.log("Events shutdown")},"shutdown");var Wp={};P(Wp,{creatorsInList:()=>An,getAccountHolderFromUsers:()=>nc,hasAdminPermissions:()=>Cr,hasAppBuilderPermissions:()=>QA,hasBuilderPermissions:()=>Fe,isAdmin:()=>bt,isAdminOrBuilder:()=>KA,isAdminOrWorkspaceBuilder:()=>ec,isBuilder:()=>Si,isCreatorAsync:()=>Oo,isCreatorSync:()=>tc,isGlobalBuilder:()=>qA,validateUniqueUser:()=>rc});async function Bp(t){let e=[],r=await GA(t);e.push(...r.map(a=>a.email));let n=await VA(t);e.push(...n.map(a=>a._id));let i=await gi(t);e.push(...i.map(a=>a.email));let o=await Ep(t);return e.push(...o.map(a=>a.email)),[...new Set(e.map(a=>a.toLowerCase()))]}s(Bp,"searchExistingEmails");async function Xu(t){return await Fs("platform_users_lowercase_2",{keys:[t.toLowerCase()],include_docs:!0})}s(Xu,"getPlatformUsers");async function _o(t){return(await Xu(t))[0]??null}s(_o,"getFirstPlatformUser");async function GA(t){let r={keys:t.map(i=>i.toLowerCase()),include_docs:!0},n={arrayResponse:!0};return await qt("by_email2",r,void 0,n)}s(GA,"getExistingTenantUsers");async function VA(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await Fs("platform_users_lowercase_2",r)}s(VA,"getExistingPlatformUsers");async function gi(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await Fs("account_by_email",r)}s(gi,"getExistingAccounts");var Si=Me.users.isBuilder,bt=Me.users.isAdmin,qA=Me.users.isGlobalBuilder,KA=Me.users.isAdminOrBuilder,Cr=Me.users.hasAdminPermissions,Fe=Me.users.hasBuilderPermissions,QA=Me.users.hasAppBuilderPermissions,ec=Me.users.isAdminOrWorkspaceBuilder;async function An(t,e){let r=[...new Set(t.filter(i=>i.userGroups).flatMap(i=>i.userGroups))];return e=await Y().getMultiple(r,{allowMissing:!0}),t.map(i=>tc(i,e))}s(An,"creatorsInList");async function Oo(t){let e=[];return t.userGroups&&(e=await Y().getMultiple(t.userGroups)),tc(t,e)}s(Oo,"isCreatorAsync");function tc(t,e){let r=Me.users.isCreator(t);return!r&&t?wL(t,e):r}s(tc,"isCreatorSync");function wL(t,e){let r=e?.filter(n=>t.userGroups?.indexOf(n._id)!==-1);return r&&r.length>0?r.some(n=>Object.values(n.roles||{}).includes("CREATOR")):!1}s(wL,"isCreatorByGroupMembership");async function rc(t,e){if(g.MULTI_TENANCY){let r=await _o(t);if(r!=null&&r.tenantId!==e)throw new zt(t)}if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let r=await Rr(t);if(r&&r.verified&&r.tenantId!==e)throw new zt(t)}}s(rc,"validateUniqueUser");async function nc(t){if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let e=await gi(t.map(r=>r.email));return t.find(r=>e.map(n=>n.email).includes(r.email))}}s(nc,"getAccountHolderFromUsers");var $p=s(async t=>{await Be.deleted(t),Fe(t)&&await Be.permissionBuilderRemoved(t),Cr(t)&&await Be.permissionAdminRemoved(t)},"handleDeleteEvents"),DL=s(async(t,e,r)=>{for(let[n,i]of Object.entries(e))(!r||r[n]!==i)&&await Ao.assigned(t,i)},"assignAppRoleEvents"),RL=s(async(t,e,r)=>{if(r)for(let[n,i]of Object.entries(r))(!e||e[n]!==i)&&await Ao.unassigned(t,i)},"unassignAppRoleEvents"),CL=s(async(t,e)=>{let r=t.roles,n=e?.roles;await DL(t,r,n),await RL(t,r,n)},"handleAppRoleEvents"),Gp=s(async(t,e)=>{let r=$(),n;!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL&&(n=await fi(r)),await St.identifyUser(t,n),e?(await Be.updated(t),xL(t,e)&&await Be.permissionBuilderRemoved(t),PL(t,e)&&await Be.permissionAdminRemoved(t),!e.forceResetPassword&&t.forceResetPassword&&t.password&&await Be.passwordForceReset(t),t.password!==e.password&&await Be.passwordUpdated(t)):await Be.created(t),bL(t,e)&&await Be.permissionBuilderAssigned(t),vL(t,e)&&await Be.permissionAdminAssigned(t),await CL(t,e)},"handleSaveEvents"),bL=s((t,e)=>jA(t,e,Fe),"isAddingBuilder"),xL=s((t,e)=>HA(t,e,Fe),"isRemovingBuilder"),vL=s((t,e)=>jA(t,e,Cr),"isAddingAdmin"),PL=s((t,e)=>HA(t,e,Cr),"isRemovingAdmin"),jA=s((t,e,r)=>!(!r(t)||e&&r(e)),"isAddingPermission"),HA=s((t,e,r)=>!(r(t)||!e||!r(e)),"isRemovingPermission");var UL=s(async t=>{let e=t._id;await yt.removeUser(t),await $p(t),await br.invalidateUser(e),await Tn(e,{reason:"bulk-deletion"})},"bulkDeleteProcessing"),xt=class t{static{s(this,"UserDB")}static init(e,r,n){t.quotas=e,t.groups=r,t.features=n}static async isPreventPasswordActions(e,r){return g.ENABLE_SSO_MAINTENANCE_MODE&&bt(e)?!1:await t.features.isSSOEnforced()||Ko(e)?!0:(r||(r=await fi($())),!!(r&&r.email===e.email&&qo(r)))}static async buildUser(e,r={hashPassword:!0,requirePassword:!0},n,i,o){let{password:a,_id:u}=e;i&&!i.password&&(r.requirePassword=!1);let c;if(a&&a!==i?.password){if(await t.isPreventPasswordActions(e,o))throw new ke("Password change is disabled for this user",400);if(!r.skipPasswordValidation){let f=wp(a);if(!f.valid)throw new ke(f.error,400)}c=r.hashPassword?await zd(a):a}else i&&(c=i.password);let l=r.requirePassword&&!await t.features.isSSOEnforced();if(!c&&l)throw"Password must be specified.";u=u||ri();let d={createdAt:Date.now(),...i,...e,_id:u,password:c,tenantId:n};return d.roles||(d.roles={}),d.status==null&&(d.status="active"),d}static async allUsers(){return(await Y().allDocs(on(null,{include_docs:!0}))).rows.map(n=>n.doc)}static async countUsersByWorkspace(e){if(typeof e!="string"||!e)throw new Error("Must provide a string based workspace ID");return{userCount:(await Bs("by_app",ni(e,{include_docs:!1}))).rows.length}}static async getUsersByAppAccess(e){return await Vp(e.appId,{limit:e.limit||50})}static async getUserByEmail(e){return At(e)}static async getUser(e){let r=await _n(e);return r&&delete r.password,r}static async bulkGet(e){return await ic(e)}static async bulkUpdate(e){return await Io(e)}static async save(e,r={}){r.hashPassword==null&&(r.hashPassword=!0),r.requirePassword==null&&(r.requirePassword=!0);let n=$(),i=Y(),{email:o,_id:a,userGroups:u=[],roles:c}=e;if(!o&&!a)throw new Error("_id or email is required");let l;if(a)try{if(l=await _n(a),o&&l.email!==o&&!r.allowChangingEmail)throw new Error("Email address cannot be changed")}catch(m){if(m.status!==404)throw m}if(!l&&o&&(l=await At(o),l&&l._id!==a))throw new zt(o);let d=1,f=0;if((r.isAccountHolder||l)&&(d=0,f=1),l){let[m,E]=await An([l,e]);f=m!==E?1:0}let h=!l,p=!!l&&!!o&&l.email!==o,S=!r.isAccountHolder&&!!o&&(h||p);return t.quotas.addUsers(d,f,async()=>{S&&await rc(o,n);let m=await t.buildUser(e,r,n,l);r.currentUserId&&r.currentUserId===l?._id&&(m=qp(m,l)),!l&&c?.length&&(m.roles={...c});let E=[];if(!a&&u.length>0)for(let y of u)E.push(t.groups.addUsers(y,[m._id]));try{let y=await i.put(m);return m._rev=y.rev,await Gp(m,l),l&&m.email!==l.email&&await yt.removeUser({email:l.email}),await yt.addUser(n,m._id,m.email,m.ssoId),await br.invalidateUser(y.id),await Promise.all(E),i.get(m._id)}catch(y){throw y.status===409?"User exists already":y}})}static async bulkCreate(e,r){let n=$(),i=[],o=[],a=[],u=e.map(h=>h.email),c=await Bp(u),l=[];for(let h of e){let p=o.find(m=>m.email.toLowerCase()===h.email.toLowerCase()),S=c.includes(h.email.toLowerCase());if(p||S){l.push({email:h.email,reason:"Unavailable"});continue}h.userGroups=r||[],o.push(h),await Oo(h)&&a.push(h)}let d=await fi(n),f=await t.features.isSSOEnforced();return t.quotas.addUsers(o.length,a.length,async()=>{for(let S of o)f&&delete S.password,i.push(t.buildUser(S,{hashPassword:!0,requirePassword:!f},n,void 0,d));let h=await Promise.all(i);await Io(h);for(let S of h)await yt.addUser(n,S._id,S.email),await Gp(S,void 0);let p=h.map(S=>({_id:S._id,email:S.email}));if(Array.isArray(p)&&r){let S=[],m=p.map(E=>E._id);for(let E of r)S.push(t.groups.addUsers(E,m));await Promise.all(S)}return{successful:p,unsuccessful:l}})}static async bulkDelete(e){let r=Y(),n={successful:[],unsuccessful:[]},i=await nc(e);i&&(e=e.filter(p=>p.userId!==i.userId),n.unsuccessful.push({_id:i.userId,email:i.email,reason:"Account holder cannot be deleted"}));let a=(await r.allDocs({include_docs:!0,keys:e.map(p=>p.userId)})).rows.map(p=>p.doc),u=a.map(p=>({...p,_deleted:!0})),c=await Io(u),d=(await An(a)).filter(p=>p).length,f=[];for(let p of a){let m=(await _o(p._id)).ssoId;m&&(await Xu(m)).filter(y=>y.ssoId==null).forEach(y=>{f.push({...y,_deleted:!0})}),await UL(p)}await Dr().bulkDocs(f),await t.quotas.removeUsers(u.length,d);let h={};return a.reduce((p,S)=>(p[S._id]=S,p),h),c.forEach(p=>{let S=h[p.id].email;p.ok?n.successful.push({_id:p.id,email:S}):n.unsuccessful.push({_id:p.id,email:S,reason:"Database error"})}),n}static async destroy(e){let r=Y(),n=await r.get(e),i=n._id;if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let a=n.email;if(await Rr(a))throw n.userId===$t()._id?new ke('Please visit "Account" to delete this user',400):new ke("Account holder cannot be deleted",400)}await yt.removeUser(n),await r.remove(i,n._rev);let o=await Oo(n)?1:0;await t.quotas.removeUsers(1,o),await $p(n),await br.invalidateUser(i),await Tn(i,{reason:"deletion"})}static async createAdminUser(e,r,n){let i=n?.password,o={email:e,password:i,createdAt:Date.now(),roles:{},builder:{global:!0},admin:{global:!0},tenantId:r,firstName:n?.firstName,lastName:n?.lastName};return n?.ssoId&&(o.ssoId=n.ssoId),await li(ye.CHECKLIST),await t.save(o,{hashPassword:n?.hashPassword,requirePassword:n?.requirePassword,skipPasswordValidation:n?.skipPasswordValidation,isAccountHolder:!0})}static async getGroups(e){return await this.groups.getBulk(e)}static async getGroupBuilderAppIds(e){return await this.groups.getGroupBuilderAppIds(e)}};function Do(t){return Array.isArray(t)?t.map(e=>{if(e)return delete e.password,e}):t&&(delete t.password,t)}s(Do,"removeUserPassword");async function ic(t,e){let n=(await Y().allDocs({keys:t,include_docs:!0})).rows.map(i=>i.doc);return e?.cleanup&&(n=Do(n)),n}s(ic,"bulkGetGlobalUsersById");async function ML(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${Ne}`})).rows.map(n=>n.id)}s(ML,"getAllUserIds");async function kL(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${Ne}`,include_docs:!0})).rows.map(n=>n.doc)}s(kL,"getAllUsers");async function Io(t){return await Y().bulkDocs(t)}s(Io,"bulkUpdateGlobalUsers");async function _n(t,e){let n=await Y().get(t);return e?.cleanup&&(n=Do(n)),n}s(_n,"getById");async function At(t,e){if(t==null)throw"Must supply an email address to view";let r=await qt("by_email2",{key:t.toLowerCase(),include_docs:!0});if(Array.isArray(r))throw new Error(`Multiple users found with email address: ${t}`);let n=r;return e?.cleanup&&(n=Do(n)),n}s(At,"getGlobalUserByEmail");async function FL(t){try{let e=await At(t);if(Array.isArray(e)||e!=null)return!0}catch{return!1}return!1}s(FL,"doesUserExist");async function YA(t,e,r){if(typeof t!="string")throw new Error("Must provide a string based workspace ID");let n=ni(t,{include_docs:!0});n.startkey=e&&e.startkey?e.startkey:n.startkey;let i=await qt("by_app",n);i||(i=[]);let o=Array.isArray(i)?i:[i];return r?.cleanup&&(o=Do(o)),o}s(YA,"searchGlobalUsersByApp");async function Vp(t,e){let r=`roles.${t}`,n=[{"builder.global":!0},{"admin.global":!0}];if(t){let a={[r]:{$exists:!0}};n.push(a)}return(await Y().find({selector:{$or:n,_id:{$regex:"^us_"}},limit:e?.limit||50})).docs}s(Vp,"searchGlobalUsersByAppAccess");function zA(t,e){if(e)return pu(He(t),e._id)}s(zA,"getGlobalUserByAppPage");async function JA(t,e,r){if(typeof t!="string")throw new Error("Must provide a string to search by");let n=t.toLowerCase(),i=e&&e.startkey?e.startkey:n,o=await qt("by_email2",{...e,startkey:i,endkey:`${n}${Ne}`});o||(o=[]);let a=Array.isArray(o)?o:[o];return r?.cleanup&&(a=Do(a)),a}s(JA,"searchGlobalUsersByEmail");var BL=8;async function ZA({bookmark:t,query:e,appId:r,limit:n}={}){let i=Y(),o=n??BL,u={include_docs:!0,limit:o+1};t&&(u.startkey=t);let c,l="_id",d;return e?.equal?._id?c=[await _n(e.equal._id)]:r?(c=await YA(r,u),d=s(f=>zA(r,f),"getKey")):e?.string?.email?(c=await JA(e?.string?.email,u),l="email"):e?.oneOf?._id?c=await ic(e?.oneOf?._id,{cleanup:!0}):e?(c=(await i.allDocs(on(null,{...u,limit:void 0}))).rows.map(h=>h.doc),c=mr.search(c,{query:e,limit:u.limit}).rows):c=(await i.allDocs(on(null,u))).rows.map(h=>h.doc),Nf(c,o,{paginate:!0,property:l,getKey:d})}s(ZA,"paginatedUsers");async function WL(){return(await Bs("by_email2",{limit:0,include_docs:!1})).total_rows}s(WL,"getUserCount");async function $L(){let t=0;async function e(r){let n=await ZA({bookmark:r}),i=await An(n.data);t+=i.filter(o=>o).length,n.hasNextPage&&await e(n.nextPage)}return s(e,"iterate"),await e(),t}s($L,"getCreatorCount");function GL(t){return delete t.admin,delete t.builder,t}s(GL,"removePortalUserPermissions");function qp(t,e){return delete t.admin,delete t.builder,delete t.roles,e&&(t.admin=e.admin,t.builder=e.builder,t.roles=e.roles),t}s(qp,"cleanseUserObject");async function VL(t,e){let r=He(e);t.builder??={},t.builder.creator=!0,t.builder.apps??=[],t.builder.apps.push(r),await xt.save(t,{hashPassword:!1})}s(VL,"addAppBuilder");async function qL(t,e){let r=He(e);t.builder&&t.builder.apps?.includes(r)&&(t.builder.apps=t.builder.apps.filter(n=>n!==r)),await xt.save(t,{hashPassword:!1})}s(qL,"removeAppBuilder");var XA=3600;async function KL(t,e){let n=await Ff(e).get(t);if(n.budibaseAccess=!0,!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let i=await Rr(n.email);i&&(n.account=i,n.accountPortalAccess=!0)}return n}s(KL,"populateFromDB");async function QL(t){let e=await xt.bulkGet(t),r=t.filter((i,o)=>!e[o]),n=e.filter(i=>i);return await Promise.all(n.map(async i=>{if(i.budibaseAccess=!0,!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let o=await Rr(i.email);o&&(i.account=o,i.accountPortalAccess=!0)}})),r.length?{users:n,notFoundIds:r}:{users:n}}s(QL,"populateUsersFromDB");async function Ro({userId:t,tenantId:e,email:r,populateUser:n}){if(n||(n=KL),!e)try{e=$()}catch{e=await yt.lookupTenantId(t)}let i=await vs(),o=await i.get(t);return o||(o=await n(t,e,r),await i.store(t,o,XA)),o&&!o.tenantId&&e&&(o.tenantId=e),o.userGroups&&!Me.users.isGlobalBuilder(o)&&await Ce(e,async()=>{let a=await xt.getGroupBuilderAppIds(o);if(a.length){let u=o.builder?.apps||[];o.builder={apps:[...new Set(u.concat(a))]}}}),o}s(Ro,"getUser");async function jL(t){let e=await vs(),r=await e.bulkGet(t),n=t.filter(a=>!r[a]),i=Object.values(r).filter(a=>!!a),o;if(n.length){let a=await QL(n);o=a.notFoundIds;for(let u of a.users)await e.store(u._id,u,XA);i.push(...a.users)}return{users:i,notFoundIds:o}}s(jL,"getUsers");async function Co(t){await(await vs()).delete(t)}s(Co,"invalidateUser");var Hp={};P(Hp,{Writethrough:()=>Qp});var e_=1e4,Kp=null;async function sc(){if(!Kp){let t=await Df();Kp=new fn(t)}return Kp}s(sc,"getCache");function bo(t,e){return t.name+e}s(bo,"makeCacheKey");function jp(t,e=null){return{doc:t,lastWrite:e||Date.now()}}s(jp,"makeCacheItem");async function HL(t,e,r=e_){let n=await sc(),i=e._id,o;i&&(o=await n.get(bo(t,i)));let a=!o||o.lastWrite<Date.now()-r,u=e;return a&&((await no({type:"try_once",name:"persist_writethrough",resource:i,ttl:15e3},async()=>{let l=s(async d=>{let f=await t.put(d,{force:!0});u._id=f.id,u._rev=f.rev},"writeDb");try{await l(e)}catch(d){if(d.status!==409)throw d;ci("Ignoring conflict in write-through cache")}})).executed||ci("Ignoring redlock conflict in write-through cache")),o=jp(u,a?null:o?.lastWrite),u._id&&await n.store(bo(t,u._id),o),{ok:!0,id:u._id,rev:u._rev}}s(HL,"put");async function YL(t,e){let r=await sc(),n=bo(t,e),i=await r.get(n);if(!i){let o=await t.get(e);i=jp(o),await r.store(n,i)}return i.doc}s(YL,"get");async function zL(t,e){let r=await sc(),n=bo(t,e),i=await r.get(n);if(!i){let o=await t.tryGet(e);if(!o)return null;i=jp(o),await r.store(n,i)}return i.doc}s(zL,"tryGet");async function JL(t,e,r){let n=await sc();if(!e)throw new Error("No ID/Rev provided.");let i=typeof e=="string"?e:e._id;r=typeof e=="string"?r:e._rev;try{await n.delete(bo(t,i))}finally{await t.remove(i,r)}}s(JL,"remove");var Qp=class{static{s(this,"Writethrough")}constructor(e,r=e_){this.db=e,this.writeRateMs=r}async put(e,r=this.writeRateMs){return HL(this.db,e,r)}async get(e){return YL(this.db,e)}async tryGet(e){return zL(this.db,e)}async remove(e,r){return JL(this.db,e,r)}};function xo(t){return`config${C}${t}`}s(xo,"generateConfigID");var oc="en";function ZL(){return{_id:xo("translations"),type:"translations",config:{defaultLocale:oc,locales:{[oc]:{label:"English",overrides:{}}}}}}s(ZL,"createDefaultTranslationsConfig");function XL(t){let e=t?.defaultLocale||oc,r={...t?.locales??{}};r[e]||(r[e]={label:e===oc?"English":e,overrides:{}});for(let n of Object.keys(r))r[n].overrides||(r[n]={...r[n],overrides:{}});return{defaultLocale:e,locales:r}}s(XL,"prepareTranslationsConfig");async function ve(t){let e=Y();try{return await e.get(xo(t))}catch(r){if(r.status===404)return;throw r}}s(ve,"getConfig");async function e0(t){return t._id||(t._id=xo(t.type)),Y().put(t)}s(e0,"save");async function t_(){let t=await ve("translations");return t?(t.config=XL(t.config),t):ZL()}s(t_,"getTranslationsConfigDoc");async function t0(){return(await t_()).config}s(t0,"getTranslationsConfig");async function yi(){let t=await ve("settings");return t||(t={_id:xo("settings"),type:"settings",config:{}}),t.config.platformUrl=await vo({tenantAware:!0,config:t.config}),t.config.analyticsEnabled=await ju({config:t.config}),t}s(yi,"getSettingsConfigDoc");async function zp(){return(await yi()).config}s(zp,"getSettingsConfig");async function vo(t={tenantAware:!0}){let e=g.PLATFORM_URL||"http://localhost:10000";if(!g.SELF_HOSTED&&g.MULTI_TENANCY&&t.tenantAware){let r=$();e.includes("localhost:")||(e=e.replace("://",`://${r}.`))}else if(g.SELF_HOSTED){let r=t?.config?t.config:(await ve("settings"))?.config;r?.platformUrl&&(e=r.platformUrl)}return e}s(vo,"getPlatformUrl");var ju=s(async t=>{if(!g.SELF_HOSTED)return!!g.ENABLE_ANALYTICS;let e=await wr(ye.ANALYTICS_ENABLED,86400,async()=>{let n=t?.config?t.config:(await ve("settings"))?.config;if(n?.analyticsEnabled===!1)return!1;if(n?.analyticsEnabled===!0)return!0});if(e!==void 0)return e;let r=g.ENABLE_ANALYTICS;return!(r===0||r===!1)},"analyticsEnabled");async function r0(){return await ve("google")}s(r0,"getGoogleConfigDoc");async function uc(){return(await r0())?.config}s(uc,"getGoogleConfig");async function Jp(){if(!g.SELF_HOSTED)return Yp();let t=await uc();return(!t||!t.activated)&&(t=Yp()),t}s(Jp,"getGoogleDatasourceConfig");function Yp(){if(g.GOOGLE_CLIENT_ID&&g.GOOGLE_CLIENT_SECRET)return{clientID:g.GOOGLE_CLIENT_ID,clientSecret:g.GOOGLE_CLIENT_SECRET,activated:!0}}s(Yp,"getDefaultGoogleConfig");async function n0(){return ve("logos_oidc")}s(n0,"getOIDCLogosDoc");async function i0(){return ve("oidc")}s(i0,"getOIDCConfigDoc");async function s0(){let t=(await i0())?.config;return t?.configs&&t.configs[0]}s(s0,"getOIDCConfig");async function Zp(t){let e=(await ve("oidc"))?.config;return e&&e.configs.filter(r=>r.uuid===t)[0]}s(Zp,"getOIDCConfigById");async function r_(){return ve("smtp")}s(r_,"getSMTPConfigDoc");async function o0(t){let e=await r_();if(e)return e.config;let r=g.SELF_HOSTED||!t;if(g.SMTP_FALLBACK_ENABLED&&r)return{port:g.SMTP_PORT,host:g.SMTP_HOST,secure:!1,from:g.SMTP_FROM_ADDRESS,auth:{user:g.SMTP_USER,pass:g.SMTP_PASSWORD},fallback:!0}}s(o0,"getSMTPConfig");async function a0(){return(await ve("scim"))?.config}s(a0,"getSCIMConfig");async function u0(){return ve("ai")}s(u0,"getAIConfig");async function c0(){return ve("recaptcha")}s(c0,"getRecaptchaConfig");var um={};P(um,{AccessController:()=>tm,BUILTIN_ROLE_IDS:()=>rm,Role:()=>xr,RoleHierarchyTraversal:()=>cc,RoleIDVersion:()=>nm,builtinRoleToNumber:()=>Po,checkForRoleResourceArray:()=>o_,externalRole:()=>h0,findRole:()=>No,getAllRoleIds:()=>T0,getAllRoles:()=>am,getBuiltinRole:()=>i_,getBuiltinRoles:()=>sm,getDBRoleID:()=>a_,getExternalRoleID:()=>vr,getExternalRoleIDs:()=>u_,getRole:()=>g0,getUserRoleHierarchy:()=>om,getUserRoleIdHierarchy:()=>s_,isBuiltin:()=>On,lowerBuiltinRoleID:()=>m0,prefixRoleIDNoBuiltin:()=>em,roleIDsAreEqual:()=>ot,roleToNumber:()=>p0,saveRoles:()=>E0,validInherits:()=>f0});var n_=require("lodash"),lc=B(require("lodash/fp/cloneDeep")),Xp=B(require("semver"));var rm={ADMIN:"ADMIN",POWER:"POWER",BASIC:"BASIC",PUBLIC:"PUBLIC"},ie={...rm,BUILDER:"BUILDER"},nm={UUID:void 0,NAME:"name"};function d0(t,e){return Array.isArray(e)?e.filter(r=>t.includes(r)).length===e.length:t.includes(e)}s(d0,"rolesInList");var xr=class{constructor(e,r,n,i){this.permissions={};this._id=e,this.name=r,this.uiMetadata=i,this.permissionId=n,this.version=nm.NAME}static{s(this,"Role")}addInheritance(e){return e&&typeof e=="string"?e=em(e):e&&Array.isArray(e)&&(e=e.map(em)),this.inherits=e,this}},cc=class{static{s(this,"RoleHierarchyTraversal")}constructor(e,r){this.allRoles=e,this.opts=r}walk(e){let r=this.opts,n=this.allRoles,i=[];if(!e||!e._id)return i;if(i.push(e),Array.isArray(e.inherits))for(let o of e.inherits){let a=No(o,n,r);a&&(i=i.concat(this.walk(a)))}else{let o=[],a=e;for(;a&&a.inherits&&!d0(o,a.inherits);){if(Array.isArray(a.inherits))return i.concat(this.walk(a));if(o.push(a.inherits),a=No(a.inherits,n,r),a&&i.push(a),Le.roles.checkForRoleInheritanceLoops(i))break}}return(0,n_.uniqBy)(i,o=>o._id)}},im={ADMIN:new xr(ie.ADMIN,ie.ADMIN,"admin",{displayName:"Admin user",description:"Can do everything",color:"var(--spectrum-global-color-static-red-400)"}).addInheritance(ie.POWER),POWER:new xr(ie.POWER,ie.POWER,"power",{displayName:"App power user",description:"An app user with more access",color:"var(--spectrum-global-color-static-orange-400)"}).addInheritance(ie.BASIC),BASIC:new xr(ie.BASIC,ie.BASIC,"write",{displayName:"Basic user",description:"Any logged in user",color:"var(--spectrum-global-color-static-green-400)"}).addInheritance(ie.PUBLIC),PUBLIC:new xr(ie.PUBLIC,ie.PUBLIC,"public",{displayName:"Public user",description:"Accessible to anyone",color:"var(--spectrum-global-color-static-blue-400)"}),BUILDER:new xr(ie.BUILDER,ie.BUILDER,"admin",{displayName:"Builder user",description:"Users that can edit this app",color:"var(--spectrum-global-color-static-magenta-600)"})};function sm(){return(0,lc.default)(im)}s(sm,"getBuiltinRoles");function On(t){return Object.values(rm).includes(t)}s(On,"isBuiltin");function em(t){return On(t)?t:Gt(t)}s(em,"prefixRoleIDNoBuiltin");function i_(t){let e=Object.values(im).find(r=>t.includes(r._id));if(e)return(0,lc.default)(e)}s(i_,"getBuiltinRole");function f0(t,e){if(!e)return!1;let r=s(n=>t.find(i=>ot(i._id,n)),"find");if(Array.isArray(e)){let n=e.filter(i=>r(i));return e.length!==0&&n.length===e.length}else return!!r(e)}s(f0,"validInherits");function Po(t){let e=sm(),r=Object.values(e).length+1;if(ot(t,ie.ADMIN)||ot(t,ie.BUILDER))return r;let n=e[t],i=0;do{if(!n)break;if(Array.isArray(n.inherits))throw new Error("Built-in roles don't support multi-inheritance");n=e[n.inherits],i++}while(n!==null);return i}s(Po,"builtinRoleToNumber");async function p0(t){if(On(t))return Po(t);let e=await om(t,{defaultPublic:!0}),r=s(n=>{if(!n.inherits)return 0;if(Array.isArray(n.inherits)){let i=n.inherits.map(o=>{let a=e.find(u=>ot(u._id,o));if(a)return r(a)+1}).filter(o=>o).sort().pop();if(i!=null)return i}else if(On(n.inherits))return Po(n.inherits)+1;return 0},"findNumber");return Math.max(...e.map(r))}s(p0,"roleToNumber");function m0(t,e){return t?e&&Po(t)>Po(e)?e:t:e}s(m0,"lowerBuiltinRoleID");function ot(t,e){return Gt(t)===Gt(e)}s(ot,"roleIDsAreEqual");function h0(t){let e;return t._id&&(e=vr(t._id)),{...t,_id:e,inherits:u_(t.inherits,t.version)}}s(h0,"externalRole");function No(t,e,r){let n=i_(t);n||(t=Gt(t));let i=e.find(o=>o._id&&ot(o._id,t));return!i&&!On(t)&&r?.defaultPublic?(0,lc.default)(im.PUBLIC):(n=Object.assign(n||{},i),n?._id&&(n._id=vr(n._id,n.version)),Object.keys(n).length===0?void 0:n)}s(No,"findRole");async function g0(t,e){let r=ei(),n=[];if(!On(t)){let i=await r.tryGet(a_(t));i&&n.push(i)}return No(t,n,e)}s(g0,"getRole");async function E0(t){await ei().bulkDocs(t.filter(r=>r._id).map(r=>({...r,_id:Gt(r._id)})))}s(E0,"saveRoles");async function y0(t,e){let r=await am();if(ot(t,ie.ADMIN))return r;let n=No(t,r,e),i=[];return n&&(i=new cc(r,e).walk(n)),i}s(y0,"getAllUserRoles");async function s_(t){return(await om(t)).map(r=>r._id)}s(s_,"getUserRoleIdHierarchy");async function om(t,e){return y0(t,e)}s(om,"getUserRoleHierarchy");function o_(t,e){if(t&&!Array.isArray(t[e])){let r=t[e];t[e]=[r],r==="write"&&t[e].push("read")}return t}s(o_,"checkForRoleResourceArray");async function T0(t){return(await am(t)).map(r=>r._id)}s(T0,"getAllRoleIds");async function am(t){if(t)return je(t,e);{let r;try{r=ei()}catch{}return e(r)}async function e(r){let n=[];r&&(n=(await r.allDocs(mu(null,{include_docs:!0}))).rows.map(u=>u.doc),n.forEach(u=>u._id=vr(u._id,u.version)));let i=sm(),o=[];!r||await S0(r)?o=[ie.ADMIN,ie.POWER,ie.BASIC,ie.PUBLIC]:o=[ie.ADMIN,ie.BASIC,ie.PUBLIC];for(let a of o){let u=i[a],c=n.filter(l=>ot(l._id,a))[0];c==null?n.push(u||i.BASIC):(n=n.filter(l=>l._id!==c._id),c._id=vr(u._id,c.version),n.push({...u,...c,name:u.name,_id:vr(u._id,u.version),uiMetadata:{...c.uiMetadata,...u.uiMetadata}}))}for(let a of n)if(a.permissions)for(let u of Object.keys(a.permissions))a.permissions=o_(a.permissions,u);return n}s(e,"internal")}s(am,"getAllRoles");async function S0(t){let r=(await t.tryGet("app_metadata"))?.creationVersion;return!r||!Xp.default.valid(r)?!0:!Xp.default.gte(r,g.MIN_VERSION_WITHOUT_POWER_ROLE)}s(S0,"shouldIncludePowerRole");var tm=class{static{s(this,"AccessController")}constructor(){this.userHierarchies={}}async hasAccess(e,r){if(e==null||e===""||ot(e,ie.BUILDER)||ot(r,e)||ot(r,ie.BUILDER))return!0;let n=r?this.userHierarchies[r]:null;return!n&&r&&(n=await s_(r),this.userHierarchies[r]=n),n?.find(i=>ot(i,e))!==void 0}async checkScreensAccess(e,r){let n=[];for(let i of e){let o=await this.checkScreenAccess(i,r);o&&n.push(o)}return n}async checkScreenAccess(e,r){let n=e&&e.routing?e.routing.roleId:void 0;return await this.hasAccess(n,r)?e:null}};function a_(t){return t?.startsWith("role")?t:Gt(t)}s(a_,"getDBRoleID");function vr(t,e){if(t.startsWith(`role${C}`)&&(On(t)||e===nm.NAME)){let r=t.split(C);return r.shift(),r.join(C)}return t}s(vr,"getExternalRoleID");function u_(t,e){return t&&(typeof t=="string"?vr(t,e):t.map(r=>vr(r,e)))}s(u_,"getExternalRoleIDs");var cm={};P(cm,{BUILDER:()=>w0,BUILTIN_PERMISSIONS:()=>dc,CREATOR:()=>D0,GLOBAL_BUILDER:()=>R0,PermissionImpl:()=>se,PermissionLevel:()=>Ri,PermissionType:()=>Go,doesHaveBasePermission:()=>O0,getAllowedLevels:()=>f_,getBuiltinPermissionByID:()=>_0,getBuiltinPermissions:()=>A0,isPermissionLevelHigherThanRead:()=>I0,levelToNumber:()=>d_});var c_=B(require("lodash/flatten")),l_=B(require("lodash/fp/cloneDeep"));var se=class{static{s(this,"PermissionImpl")}constructor(e,r){this.type=e,this.level=r}};function d_(t){switch(t){case"execute":return 0;case"read":return 1;case"write":return 2;case"admin":return 3;default:return-1}}s(d_,"levelToNumber");function f_(t){switch(t){case"execute":return["execute"];case"read":return["execute","read"];case"write":case"admin":return["execute","read","write"];default:return[]}}s(f_,"getAllowedLevels");var dc={PUBLIC:{_id:"public",name:"Public",permissions:[new se("webhook","execute")]},READ_ONLY:{_id:"read_only",name:"Read only",permissions:[new se("query","read"),new se("table","read"),new se("app","read")]},WRITE:{_id:"write",name:"Read/Write",permissions:[new se("query","write"),new se("table","write"),new se("automation","execute"),new se("legacy_view","read"),new se("app","read")]},POWER:{_id:"power",name:"Power",permissions:[new se("table","write"),new se("user","read"),new se("automation","execute"),new se("webhook","read"),new se("legacy_view","read"),new se("app","read")]},ADMIN:{_id:"admin",name:"Admin",permissions:[new se("table","admin"),new se("user","admin"),new se("automation","admin"),new se("webhook","read"),new se("query","admin"),new se("legacy_view","read"),new se("app","read")]}};function A0(){return(0,l_.default)(dc)}s(A0,"getBuiltinPermissions");function _0(t){return Object.values(dc).find(r=>r._id===t)}s(_0,"getBuiltinPermissionByID");function O0(t,e,r){let n=[...new Set(r.map(a=>a.permissionId))],i=Object.values(dc),o=(0,c_.default)(i.filter(a=>n.indexOf(a._id)!==-1).map(a=>a.permissions));for(let a of o)if(a.type===t&&f_(a.level).indexOf(e)!==-1)return!0;return!1}s(O0,"doesHaveBasePermission");function I0(t){return d_(t)>1}s(I0,"isPermissionLevelHigherThanRead");var w0="builder",D0="creator",R0="globalBuilder";var fm={};P(fm,{FlagSet:()=>pc,all:()=>P0,flags:()=>lm,getEnvFlags:()=>g_,init:()=>C0,isEnabled:()=>v0,parseEnvFlags:()=>hc,shutdown:()=>b0,testutils:()=>dm});var mc=B(require("crypto")),p_=B(require("dd-trace")),m_=require("lodash"),h_=require("posthog-node");var fc;function C0(t){g.POSTHOG_TOKEN&&g.POSTHOG_API_HOST&&!g.SELF_HOSTED&&g.POSTHOG_FEATURE_FLAGS_ENABLED?(console.log("initializing posthog client..."),fc=new h_.PostHog(g.POSTHOG_TOKEN,{host:g.POSTHOG_API_HOST,personalApiKey:g.POSTHOG_PERSONAL_TOKEN,featureFlagsPollingInterval:pe.fromMinutes(3).toMs(),...t})):console.log("posthog disabled")}s(C0,"init");function b0(){fc?.shutdown()}s(b0,"shutdown");function hc(t){let e=t.split(",").map(n=>n.split(":")),r=[];for(let[n,...i]of e)for(let o of i){let a=!0;o.startsWith("!")&&(o=o.slice(1),a=!1),r.push({tenantId:n,key:o,value:a})}return r}s(hc,"parseEnvFlags");function g_(){return hc(g.TENANT_FEATURE_FLAGS||"")}s(g_,"getEnvFlags");var pc=class{constructor(e){this.flagSchema=e;this.setId=mc.randomUUID()}static{s(this,"FlagSet")}defaults(){return(0,m_.cloneDeep)(this.flagSchema)}isFlagName(e){return this.flagSchema[e]!==void 0}async isEnabled(e){return(await this.fetch())[e]}async fetch(){return await p_.default.trace("features.fetch",async e=>{let r=Sf(this.setId);if(r)return e?.addTags({fromCache:!0}),r;let n={},i=this.defaults(),o=$(),a=new Set;if(Xa())return i;for(let{tenantId:f,key:h,value:p}of g_())if(!(!f||f!=="*"&&f!==o)&&(n.readFromEnvironmentVars=!0,p===!1&&a.add(h),!!this.isFlagName(h))){if(typeof i[h]!="boolean")throw new Error(`Feature: ${h} is not a boolean`);i[h]=p,n[`flags.${h}.source`]="environment"}let u=$t(),c=u?._id;if(!c){let f=yf();f&&(c=mc.createHash("sha512").update(f).digest("hex"))}let l=u?.tenantId;if(l||(l=o),n["identity.type"]=u?.type,n["identity._id"]=u?._id,n.tenantId=l,n.userId=c,fc&&c){n.readFromPostHog=!0;let f=await yi(),h={tenantId:l},p={tenant:{id:l}};f.config.createdVersion&&(p.tenant.createdVersion=f.config.createdVersion),f.createdAt&&(p.tenant.createdAt=`${f.createdAt}`);let S=await fc.getAllFlags(c,{personProperties:h,onlyEvaluateLocally:!0,groups:{tenant:l},groupProperties:p});for(let[m,E]of Object.entries(S))if(this.isFlagName(m)){if(typeof E!="boolean"){console.warn(`Invalid value for posthog flag "${m}": ${E}`);continue}if(!(i[m]===!0||a.has(m)))try{i[m]=E,n[`flags.${m}.source`]="posthog"}catch(y){console.warn(`Error parsing posthog flag "${m}": ${E}`,y)}}}let d=_f();for(let[f,h]of Object.entries(d))this.isFlagName(f)&&typeof h=="boolean"&&(i[f]=h,n[`flags.${f}.source`]="override");Af(this.setId,i);for(let[f,h]of Object.entries(i))n[`flags.${f}.value`]=h;return e?.addTags(n),i})}},x0={USE_ZOD_VALIDATOR:!1,AI_AGENTS:!1,AI_CHAT:!1,AI_RAG:!1,WORKSPACE_HOME:!1,DEBUG_UI:g.isDev(),DEV_USE_CLIENT_FROM_STORAGE:!1,USE_NEW_AICONFIGS:!1},lm=new pc(x0);async function v0(t){return await lm.isEnabled(t)}s(v0,"isEnabled");async function P0(){return await lm.fetch()}s(P0,"all");var dm={};P(dm,{setFeatureFlags:()=>E_,withFeatureFlags:()=>L0});function N0(){let t={};for(let{tenantId:e,key:r,value:n}of hc(process.env.TENANT_FEATURE_FLAGS||"")){let i=t[e]||{};i[r]!==!1&&(i[r]=n,t[e]=i)}return t}s(N0,"getCurrentFlags");function U0(t){let e=[];for(let[r,n]of Object.entries(t))for(let[i,o]of Object.entries(n))o===!1?e.push(`${r}:!${i}`):e.push(`${r}:${i}`);return e.join(",")}s(U0,"buildFlagString");function E_(t,e){let r=N0();for(let[i,o]of Object.entries(e)){let a=r[t]||{};a[i]=o,r[t]=a}let n=U0(r);return Os({TENANT_FEATURE_FLAGS:n})}s(E_,"setFeatureFlags");function L0(t,e,r){let n=E_(t,e),i=r();return i instanceof Promise?i.finally(n):(n(),i)}s(L0,"withFeatureFlags");var Im={};P(Im,{adminOnly:()=>gc,auditLog:()=>Ec,authError:()=>Oe,buildAuthMiddleware:()=>SM,buildCsrfMiddleware:()=>_M,buildTenancyMiddleware:()=>AM,builderOnly:()=>Dc,builderOrAdmin:()=>Rc,google:()=>tr,internalApi:()=>bc,joiValidator:()=>Uo,oidc:()=>rr,passport:()=>OM,platformLogout:()=>CM,refreshOAuthToken:()=>DM,ssoCallbackUrl:()=>Nr,updateUserOAuth:()=>RM,workspaceBuilderOrAdmin:()=>Pc});var Om={};P(Om,{activeTenant:()=>G_,adminOnly:()=>gc,auditLog:()=>Ec,authError:()=>Oe,authenticated:()=>wc,builderOnly:()=>Dc,builderOrAdmin:()=>Rc,correlation:()=>T_,csp:()=>b_,csrf:()=>Cc,datasource:()=>yM,errorHandling:()=>v_,featureFlagCookie:()=>P_,google:()=>tr,internalApi:()=>bc,ip:()=>N_,joiValidator:()=>Uo,local:()=>_i,oidc:()=>rr,pino:()=>S_,querystringToBody:()=>$_,ssoCallbackUrl:()=>Nr,tenancy:()=>vc,workspaceBuilderOrAdmin:()=>Pc});var y_=require("uuid");var M0=require("correlation-id"),T_=s((t,e)=>{let r=t.headers["x-budibase-correlation-id"];return r||(r=(0,y_.v4)()),M0.withId(r,()=>e())},"correlationMiddleware");var k0=require("koa-pino-logger"),F0=require("correlation-id");function B0(){return{logger:xu,genReqId:F0.getId,autoLogging:{ignore:t=>!!t.url?.includes("/health")},serializers:{req:t=>({method:t.method,url:t.url,correlationId:t.id}),res:t=>({status:t.statusCode})}}}s(B0,"pinoSettings");function W0(){return g.HTTP_LOGGING?k0(B0()):(t,e)=>e()}s(W0,"getMiddleware");var S_=W0();var gc=s(async(t,e)=>(!t.internal&&!bt(t.user)&&t.throw(403,"Admin user only endpoint."),e()),"adminOnly");var Ec=s(async(t,e)=>e(),"auditLog");var $0=/\/:(.*?)(\/.*)?$/g,Xt=s(t=>t?t.map(e=>{let r=e.route,n=e.method,i=r.match($0);if(i)for(let o of i){let u="/.*"+(o.endsWith("/")?"/":"");r=r.replace(o,u)}return{regex:new RegExp(r),method:n,route:r}}):[],"buildMatcherRegex"),er=s((t,e)=>e.find(({regex:r,method:n})=>{let i=r.test(t.request.url),o=n==="ALL"?!0:t.request.method.toLowerCase()===n.toLowerCase();return i&&o}),"matches");var Em={};P(Em,{SecretOption:()=>O_,compare:()=>K0,decrypt:()=>Ac,decryptFile:()=>H0,encrypt:()=>q0,encryptFile:()=>Q0,getSecret:()=>gm});var vt=B(require("crypto")),Pr=B(require("fs")),pm=require("path"),mm=B(require("zlib"));var yc="aes-256-ctr",__="-",G0=1e4,V0=32,Tc=16,hm=16,O_=(r=>(r.API="api",r.ENCRYPTION="encryption",r))(O_||{});function gm(t){let e,r;switch(t){case"encryption":e=g.ENCRYPTION_KEY,r="ENCRYPTION_KEY";break;case"api":default:e=g.API_ENCRYPTION_KEY,r="API_ENCRYPTION_KEY";break}if(!e)throw new Error(`Secret "${r}" has not been set in environment.`);return e}s(gm,"getSecret");function Sc(t,e){return vt.default.pbkdf2Sync(t,new Uint8Array(e),G0,V0,"sha512")}s(Sc,"stretchString");function q0(t,e="api"){let r=vt.default.randomBytes(Tc),n=Sc(gm(e),r),i=vt.default.createCipheriv(yc,new Uint8Array(n),new Uint8Array(r)),o=i.update(t,"utf8"),a=i.final(),u=Buffer.concat([new Uint8Array(o),new Uint8Array(a)]).toString("hex");return`${r.toString("hex")}${__}${u}`}s(q0,"encrypt");function Ac(t,e="api"){let[r,n]=t.split(__),i=Buffer.from(r,"hex"),o=Sc(gm(e),i),a=vt.default.createDecipheriv(yc,new Uint8Array(o),new Uint8Array(i)),u=a.update(n,"hex"),c=a.final();return Buffer.concat([new Uint8Array(u),new Uint8Array(c)]).toString()}s(Ac,"decrypt");function K0(t,e,r="api"){try{let n=new TextEncoder,i=n.encode(Ac(e,r)),o=n.encode(t);return i.length!==o.length?!1:vt.default.timingSafeEqual(i,o)}catch{return!1}}s(K0,"compare");async function Q0({dir:t,filename:e},r){let n=`${e}.enc`,i=(0,pm.join)(t,e);if(Pr.default.lstatSync(i).isDirectory())throw new Error("Unable to encrypt directory");let o=Pr.default.createReadStream(i),a=Pr.default.createWriteStream((0,pm.join)(t,n)),u=vt.default.randomBytes(Tc),c=vt.default.randomBytes(hm),l=Sc(r,u),d=vt.default.createCipheriv(yc,new Uint8Array(l),new Uint8Array(c));return a.write(u),a.write(c),o.pipe(mm.default.createGzip()).pipe(d).pipe(a),new Promise(f=>{a.on("finish",()=>{f({filename:n,dir:t})})})}s(Q0,"encryptFile");async function j0(t){let e=Pr.default.createReadStream(t),r=await A_(e,Tc),n=await A_(e,hm);return e.close(),{salt:r,iv:n}}s(j0,"getSaltAndIV");async function H0(t,e,r){if(Pr.default.lstatSync(t).isDirectory())throw new Error("Unable to decrypt directory");let{salt:n,iv:i}=await j0(t),o=Pr.default.createReadStream(t,{start:Tc+hm}),a=Pr.default.createWriteStream(e),u=Sc(r,n),c=vt.default.createDecipheriv(yc,new Uint8Array(u),new Uint8Array(i)),l=mm.default.createGunzip();return o.pipe(c).pipe(l).pipe(a),new Promise((d,f)=>{a.on("finish",()=>{a.close(),d()}),o.on("error",h=>{a.close(),f(h)}),c.on("error",h=>{a.close(),f(h)}),l.on("error",h=>{a.close(),f(h)}),a.on("error",h=>{a.close(),f(h)})})}s(H0,"decryptFile");function A_(t,e){return new Promise((r,n)=>{let i=0,o=[];t.on("readable",()=>{let a;for(;(a=t.read(e-i))!==null;)o.push(a),i+=a.length;r(Buffer.concat(o.map(u=>new Uint8Array(u))))}),t.on("end",()=>{n(new Error("Insufficient data in the stream."))}),t.on("error",a=>{n(a)})})}s(A_,"readBytes");var ym={};P(ym,{APIWarning:()=>In,FeatureDisabledWarning:()=>Oc,InvalidAPIKeyWarning:()=>Ai,UsageLimitWarning:()=>_c});var In=class extends Error{constructor(r,n){super(r);this.code=n}static{s(this,"APIWarning")}},Ai=class extends In{static{s(this,"InvalidAPIKeyWarning")}constructor(){super("Invalid API key","invalid_api_key")}},_c=class extends In{constructor(r){super(`Usage limit exceeded: '${r}'`,"usage_limit_exceeded");this.limitName=r}static{s(this,"UsageLimitWarning")}getPublicWarning(){return{limitName:this.limitName}}},Oc=class extends In{constructor(r){super(`Feature disabled: '${r}'`,"feature_disabled");this.featureName=r,this.status=400}static{s(this,"FeatureDisabledWarning")}getPublicWarning(){return{featureName:this.featureName}}getPublicError(){return{featureName:this.featureName}}};var w_=B(require("dd-trace"));var z0=g.SESSION_UPDATE_PERIOD?parseInt(g.SESSION_UPDATE_PERIOD):60*1e3;function J0(){return new Date(Date.now()-z0).toISOString()}s(J0,"timeMinusOneMinute");function I_(t,e={}){t.publicEndpoint=e.publicEndpoint||!1,t.isAuthenticated=e.authenticated||!1,t.loginMethod=e.loginMethod,t.user=e.user,t.internal=e.internal||!1,t.version=e.version}s(I_,"finalise");async function Z0(t,e){if(Vs(t))return{valid:!0,user:void 0};let n=Ac(t).split(C)[0];return Ce(n,async()=>{let i;try{let o=Y();i=await qt("by_api_key",{key:t},o)}catch{i=void 0}if(i)return{valid:!0,user:await Ro({userId:i,tenantId:n,populateUser:e})};throw new Ai})}s(Z0,"checkApiKey");function Ic(t,e){let r=t.request.headers[e];if(Array.isArray(r))throw new Error("Unexpected header format");return r}s(Ic,"getHeader");function wc(t=[],e={publicAllowed:!1}){let r=t?Xt(t):[];return async(n,i)=>{let o=!1,a=Ic(n,"x-budibase-api-version");er(n,r)&&(o=!0);try{let c=Ic(n,"x-budibase-token"),l=Qt(n,"budibase:auth")||gu(c),d=Ic(n,"x-budibase-api-key");!d&&n.request.headers.authorization&&(d=n.request.headers.authorization.split(" ")[1]);let f=Ic(n,"x-budibase-tenant-id"),h=!1,p,S=!1,m;if(l&&!d){let y=l.sessionId,I=l.userId,_;try{_=await Cp(I,y),e&&e.populateUser?p=await Ro({userId:I,tenantId:_.tenantId,email:_.email,populateUser:e.populateUser(n)}):p=await Ro({userId:I,tenantId:_.tenantId,email:_.email}),p.csrfToken=_.csrfToken,m="cookie",_?.lastAccessedAt<J0()&&await Rp(_),h=!0}catch(D){h=!1,console.warn(`Auth Error: ${D.message}`),Ar(n,"budibase:auth")}}if(!h&&d){let y=e.populateUser?e.populateUser(n):null,{valid:I,user:_}=await Z0(d,y);I&&(h=!0,m="api_key",p=_,S=!_)}!p&&f?p={tenantId:f}:p&&"password"in p&&delete p.password,h||(h=!1);let E=s(y=>y&&y.email,"isUser");return E(p)&&w_.default.setUser({id:p._id,tenantId:p.tenantId,budibaseAccess:p.budibaseAccess,status:p.status}),I_(n,{authenticated:h,user:p,internal:S,version:a,publicEndpoint:o,loginMethod:m}),E(p)?ef(p,n,i):i()}catch(c){if(console.warn(`Auth Error: ${c.message}`),c?.name==="JsonWebTokenError"?Ar(n,"budibase:auth"):c?.code==="invalid_api_key"&&n.throw(403,c.message),e&&e.publicAllowed||o)return I_(n,{authenticated:!1,version:a,publicEndpoint:o}),i();n.throw(c.status||403,c)}}}s(wc,"authenticated");async function Dc(t,e){if(t.internal)return e();let r=await un(t);return!r&&!g.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!Fe(t.user)?t.throw(403,"Builder user only endpoint."):r&&!Si(t.user,r)&&t.throw(403,"Workspace builder user only endpoint."),e()}s(Dc,"builderOnly");async function Rc(t,e){if(t.internal||bt(t.user))return e();let r=await un(t);return!r&&!g.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!Fe(t.user)?t.throw(403,"Admin/Builder user only endpoint."):r&&!Si(t.user,r)&&t.throw(403,"Workspace Admin/Builder user only endpoint."),e()}s(Rc,"builderOrAdmin");var C_=B(require("crypto"));var D_={"default-src":["'self'"],"script-src":["'self'","'unsafe-eval'","https://*.budibase.net","https://cdn.budi.live","https://js.intercomcdn.com","https://widget.intercom.io","https://d2l5prqdbvm3op.cloudfront.net","https://us-assets.i.posthog.com","https://www.google.com/recaptcha/api.js"],"style-src":["'self'","'unsafe-inline'","https://cdn.jsdelivr.net","https://fonts.googleapis.com","https://rsms.me","https://maxcdn.bootstrapcdn.com"],"object-src":["'none'"],"base-uri":["'self'"],"connect-src":["'self'","https://*.budibase.app","https://*.budibaseqa.app","https://*.budibase.net","https://api-iam.intercom.io","https://api-ping.intercom.io","https://app.posthog.com","https://us.i.posthog.com","wss://nexus-websocket-a.intercom.io","wss://nexus-websocket-b.intercom.io","https://nexus-websocket-a.intercom.io","https://nexus-websocket-b.intercom.io","https://uploads.intercomcdn.com","https://uploads.intercomusercontent.com","https://*.amazonaws.com","https://*.s3.amazonaws.com","https://*.s3.us-east-2.amazonaws.com","https://*.s3.us-east-1.amazonaws.com","https://*.s3.us-west-1.amazonaws.com","https://*.s3.us-west-2.amazonaws.com","https://*.s3.af-south-1.amazonaws.com","https://*.s3.ap-east-1.amazonaws.com","https://*.s3.ap-south-1.amazonaws.com","https://*.s3.ap-northeast-2.amazonaws.com","https://*.s3.ap-southeast-1.amazonaws.com","https://*.s3.ap-southeast-2.amazonaws.com","https://*.s3.ap-northeast-1.amazonaws.com","https://*.s3.ca-central-1.amazonaws.com","https://*.s3.cn-north-1.amazonaws.com","https://*.s3.cn-northwest-1.amazonaws.com","https://*.s3.eu-central-1.amazonaws.com","https://*.s3.eu-west-1.amazonaws.com","https://*.s3.eu-west-2.amazonaws.com","https://*.s3.eu-south-1.amazonaws.com","https://*.s3.eu-west-3.amazonaws.com","https://*.s3.eu-north-1.amazonaws.com","https://*.s3.sa-east-1.amazonaws.com","https://*.s3.me-south-1.amazonaws.com","https://*.s3.us-gov-east-1.amazonaws.com","https://*.s3.us-gov-west-1.amazonaws.com","https://api.github.com","https://d2l5prqdbvm3op.cloudfront.net"],"font-src":["'self'","data:","https://cdn.jsdelivr.net","https://fonts.gstatic.com","https://rsms.me","https://maxcdn.bootstrapcdn.com","https://js.intercomcdn.com","https://fonts.intercomcdn.com"],"frame-src":["'self'","https:"],"img-src":["http:","https:","data:","blob:"],"manifest-src":["'self'"],"media-src":["'self'","https://js.intercomcdn.com","https://cdn.budi.live"],"worker-src":["blob:","'self'"]},R_=/^[A-Za-z0-9-*:/.]+$/,b_=s(async(t,e)=>{let r=C_.default.randomBytes(16).toString("base64");t.state.nonce=r;let n={...D_};n["script-src"]=[...D_["script-src"],`'nonce-${r}'`];let i={"media-src":g.CUSTOM_CSP_MEDIA_SRC,"script-src":g.CUSTOM_CSP_SCRIPT_SRC,"connect-src":g.CUSTOM_CSP_CONNECT_SRC,"img-src":g.CUSTOM_CSP_IMG_SRC,"font-src":g.CUSTOM_CSP_FONT_SRC,"frame-src":g.CUSTOM_CSP_FRAME_SRC};for(let[u,c]of Object.entries(i))if(c){let l=c.split(",").map(d=>d.trim()).filter(d=>R_.test(d));n[u]=[...n[u]||[],...l]}if(t.user?.license?.features.includes("customAppScripts")&&t.appId)try{let u=await Us.getWorkspaceMetadata(t.appId);if("name"in u)for(let c of u.scripts||[]){let l=(c.cspWhitelist||"").split(`
+`);for(let o of i.filter(a=>a))t.push(Zs.default.readFileSync(o))}return t.push(Zs.default.readFileSync(MS(FS))),Buffer.concat(t.map(n=>new Uint8Array(n)))}s(zv,"getLogReadStream");function Jv(t){return typeof t=="object"&&t!==null&&!(t instanceof Error)}s(Jv,"isPlainObject");function Zv(t){return t instanceof Error}s(Zv,"isError");function Xv(t){return typeof t=="string"}s(Xv,"isMessage");var Ir;if(!g.DISABLE_PINO_LOGGER){let t=g.LOG_LEVEL,e={level:t,formatters:{level:c=>({level:c.toUpperCase()}),bindings:()=>g.SELF_HOSTED?{service:g.SERVICE_NAME}:{}},timestamp:()=>`,"timestamp":"${new Date(Date.now()).toISOString()}"`},r=[];r.push(g.isDev()?{stream:(0,GS.default)({singleLine:!0}),level:t}:{stream:process.stdout,level:t}),g.SELF_HOSTED&&r.push({stream:cp(),level:t}),Ir=r.length?(0,bu.default)(e,bu.default.multistream(r)):(0,bu.default)(e);let n=s(c=>{let l,d=[],f="";c.forEach(E=>{Xv(E)&&(f=`${f} ${E}`.trimStart()),Jv(E)&&d.push(E),Zv(E)&&(l=E)});let h=u(),p={};p={tenantId:i(),appId:o(),automationId:a(),identityId:h?._id,identityType:h?.type,correlationId:zf()};let S=dp.default.scope().active();S&&dp.default.inject(S.context(),VS.formats.LOG,p);let m={err:l,pid:process.pid,...p};if(d.length){let E={},y=0;for(let I=0;I<d.length;I++){let _=d[I],D=_._logKey;D?(delete _._logKey,m[D]=_):(E[y]=_,y++)}Object.keys(E).length&&(m.data=E)}return[m,f]},"getLogParams");console.log=(...c)=>{let[l,d]=n(c);Ir?.info(l,d)},console.info=(...c)=>{let[l,d]=n(c);Ir?.info(l,d)},console.warn=(...c)=>{let[l,d]=n(c);Ir?.warn(l,d)},console.error=(...c)=>{let[l,d]=n(c);Ir?.error(l,d)},console.trace=(...c)=>{let[l,d]=n(c);l.err||(l.err=new Error),Ir?.trace(l,d)},console.debug=(...c)=>{let[l,d]=n(c);Ir?.debug(l,d)};let i=s(()=>{let c;try{c=$()}catch{}return c},"getTenantId"),o=s(()=>{let c;try{c=be()}catch{}return c},"getAppId"),a=s(()=>{let c;try{c=Ef()}catch{}return c},"getAutomationId"),u=s(()=>{let c;try{c=$t()}catch{}return c},"getIdentity")}var xu=Ir;var eP=["AccountError"];function tP(t){return t&&t.suppressAlert}s(tP,"isSuppressed");function dn(t,e){e&&eP.includes(e.name)&&tP(e)||console.error(`bb-alert: ${t}`,e)}s(dn,"logAlert");function rP(t,e,r,n){t=`${t} - db: ${e} - doc: ${r} - error: `,dn(t,n)}s(rP,"logAlertWithInfo");function ci(t,e){console.warn(`bb-warn: ${t}`,e)}s(ci,"logWarn");var vu=class extends Error{static{s(this,"UnretriableError")}constructor(e){super(e),this.name="PermanentError"}},fp=class{static{s(this,"QueuedProcessor")}constructor(e,r={}){let{maxAttempts:n=3,removeOnFail:i=!0,removeOnComplete:o=!0,maxStalledCount:a=3}=r;this.waitForCompletionMs=r.waitForCompletionMs||1e4,this._queue=new Et(e,{maxStalledCount:a,jobOptions:{attempts:n,removeOnFail:i,removeOnComplete:o}}),this._queue.process(async(u,c)=>{try{let l=await this.processFn(u.data);c?.(null,l)}catch(l){l instanceof vu&&await u.discard(),dn(`Failed to process job in ${this._queue.name}`,l),c?.(l)}})}async close(e){await this._queue.close(e)}async execute(e){try{let r=await this._queue.add(e);return{success:!0,result:await Le.withTimeout(this.waitForCompletionMs,()=>r.finished())}}catch(r){if(r.errno!=="ETIME")throw r;return{success:!1,reason:"timeout"}}}};var nP=100,Pu,eo=class t{static{s(this,"DocWritethroughProcessor")}static get queue(){return t._queue||(t._queue=new Et("docWritethroughQueue",{jobOptions:{attempts:nP}})),t._queue}init(){return t.queue.process(async e=>{try{await this.persistToDb(e.data)}catch(r){throw r.status===409?new Error(`Conflict persisting message ${e.id}. Attempt ${e.attemptsMade}`):r}}),this}async persistToDb({dbName:e,docId:r,data:n}){if(r.startsWith("scimlog"))return;let i=Re(e),o;try{o=await i.get(r)}catch{o={_id:r}}o={...o,...n},await i.put(o)}},mp=class{static{s(this,"DocWritethrough")}constructor(e,r){this.db=e,this._docId=r}get docId(){return this._docId}async patch(e){await eo.queue.add({dbName:this.db.name,docId:this.docId,data:e})}};function qS(){return Pu=new eo().init(),Pu}s(qS,"init");function iP(){return Pu||qS()}s(iP,"getProcessor");var ro={};P(ro,{CacheKey:()=>ye,TTL:()=>mn,bustCache:()=>li,destroy:()=>to,get:()=>hn,keys:()=>Nu,store:()=>Yt,withCache:()=>wr,withCacheWithDynamicTTL:()=>KS});function Ct(t){let e=$();return`${t}:${e}`}s(Ct,"generateTenantKey");var fn=class{static{s(this,"BaseCache")}constructor(e=void 0){this.client=e}async getClient(){return this.client?this.client:await wf()}async keys(e){return(await this.getClient()).keys(e)}async exists(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).exists(e)}async scan(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).scan(e)}async get(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).get(e)}async bulkGet(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Ct(i)):e,(await this.getClient()).bulkGet(e)}async store(e,r,n=null,i={useTenancy:!0}){e=i.useTenancy?Ct(e):e,await(await this.getClient()).store(e,r,n)}async bulkStore(e,r=null,n={useTenancy:!0}){n.useTenancy&&(e=Object.entries(e).reduce((o,[a,u])=>(o[Ct(a)]=u,o),{})),await(await this.getClient()).bulkStore(e,r)}async delete(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).delete(e)}async bulkDelete(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Ct(i)):e,(await this.getClient()).bulkDelete(e)}async withCache(e,r=null,n,i={useTenancy:!0}){let o=await this.get(e,i);if(o)return o;try{let a=await n();return await this.store(e,a,r,i),a}catch(a){throw console.error("Error fetching before cache - ",a),a}}async withCacheWithDynamicTTL(e,r,n={useTenancy:!0}){let i=await this.get(e,n);if(i)return i;try{let o=await r(),{value:a,ttl:u}=o;return await this.store(e,a,u,{useTenancy:n.useTenancy}),a}catch(o){throw console.error("Error fetching before cache - ",o),o}}async bustCache(e){let r=await this.getClient();try{await r.delete(Ct(e))}catch(n){throw console.error("Error busting cache - ",n),n}}async deleteIfValue(e,r,n={useTenancy:!0}){e=n.useTenancy?Ct(e):e,await(await this.getClient()).deleteIfValue(e,r)}};var pn=new fn,ye={CHECKLIST:"checklist",INSTALLATION:"installation",ANALYTICS_ENABLED:"analyticsEnabled",UNIQUE_TENANT_ID:"uniqueTenantId",EVENTS:"events",BACKFILL_METADATA:"backfillMetadata",EVENTS_RATE_LIMIT:"eventsRateLimit",OAUTH2_TOKEN:t=>`oauth2Token_${t}`},mn=(n=>(n[n.ONE_MINUTE=600]="ONE_MINUTE",n[n.ONE_HOUR=3600]="ONE_HOUR",n[n.ONE_DAY=86400]="ONE_DAY",n))(mn||{}),Nu=s((...t)=>pn.keys(...t),"keys"),hn=s((...t)=>pn.get(...t),"get"),Yt=s((...t)=>pn.store(...t),"store"),to=s((...t)=>pn.delete(...t),"destroy"),wr=s((...t)=>pn.withCache(...t),"withCache"),KS=s((...t)=>pn.withCacheWithDynamicTTL(...t),"withCacheWithDynamicTTL"),li=s((...t)=>pn.bustCache(...t),"bustCache");var yp={};P(yp,{createCode:()=>fP,deleteCode:()=>mP,getCode:()=>pP,getExistingInvites:()=>Ep,getInviteCodes:()=>ZS,updateCode:()=>dP});var En={};P(En,{AUTO_EXTEND_POLLING_MS:()=>HS,doWithLock:()=>no,newRedlock:()=>gn});var jS=B(require("redlock"));async function sP(t,e){if(t==="custom")return gn(e);switch(t){case"try_once":return gn(di.TRY_ONCE);case"try_twice":return gn(di.TRY_TWICE);case"default":return gn(di.DEFAULT);case"delay_500":return gn(di.DELAY_500);case"auto_extend":return gn(di.AUTO_EXTEND);default:throw _t.unreachable(t)}}s(sP,"getClient");var di={TRY_ONCE:{retryCount:0},TRY_TWICE:{retryCount:1},DEFAULT:{driftFactor:.01,retryCount:10,retryDelay:200,retryJitter:100},DELAY_500:{retryDelay:500},CUSTOM:{},AUTO_EXTEND:{retryCount:-1}};async function gn(t={}){let e={...di.DEFAULT,...t},n=(await Rf()).client;return new jS.default([n],e)}s(gn,"newRedlock");function oP(t){let r=`lock:${t.systemLock?"system":$()}_${t.name}`;return t.resource&&(r=r+`_${t.resource}`),r}s(oP,"getLockName");var HS=pe.fromSeconds(10).toMs();async function no(t,e){let r=await sP(t.type,t.customOptions),n,i;try{let o=oP(t),a=t.type==="auto_extend"?HS:t.ttl;if(n=await r.lock(o,a),t.type==="auto_extend"){let c=s(()=>{i=setTimeout(async()=>{n=await n.extend(a,()=>t.onExtend&&t.onExtend()),c()},a/2)},"extendInIntervals");c()}return{executed:!0,result:await e()}}catch(o){if(o.name==="LockError"){if(t.type==="try_once")return{executed:!1};throw o}else throw o}finally{clearTimeout(i),await n?.unlock()}}s(no,"doWithLock");var YS=pe.fromDays(7).toSeconds(),uP=pe.fromSeconds(10).toMs(),Uu="Invitation is not valid or has expired, please request a new one.";function zS(t,e){if(!t)return null;let r=t.tenantId||e;return r?{tenantId:r,invites:t.invites||{}}:null}s(zS,"normaliseInviteList");function cP(t){let e=!1,r=Date.now();for(let[n,i]of Object.entries(t.invites))(!i?.expiresAt||i.expiresAt<=r)&&(delete t.invites[n],e=!0);return{list:t,changed:e}}s(cP,"pruneExpiredInvites");async function gp(t){let r=await(await Ps()).get(t);return zS(r,t)}s(gp,"loadInviteList");async function io(t,e){await(await Ps()).store(t,e)}s(io,"saveInviteList");async function so(t,e){let{result:r}=await no({type:"default",name:"process_user_invite",systemLock:!0,resource:t,ttl:uP},e);return r}s(so,"withInviteListLock");function lP(t,e){return{code:t,email:e.email,info:e.info}}s(lP,"toInviteWithCode");async function JS(t,e){let r=await Ps(),n=zS(await r.get(e),e);if(!n)throw new Error(Uu);if(!Object.keys(n.invites).includes(t))throw new Error(Uu);return{list:n,invite:n.invites[t]}}s(JS,"findInviteInList");async function dP(t,e){let r={...e.info},n=r.tenantId||$();r.tenantId=n,await so(n,async()=>{let i=await gp(n)||{tenantId:n,invites:{}};i.invites[t]={email:e.email,info:r,expiresAt:Date.now()+YS*1e3},await io(n,i)})}s(dP,"updateCode");async function fP(t,e){let r=ee(),n={...e||{}},i=n.tenantId||$();return n.tenantId=i,await so(i,async()=>{let o=await gp(i)||{tenantId:i,invites:{}};o.invites[r]={email:t,info:n,expiresAt:Date.now()+YS*1e3},await io(i,o)}),r}s(fP,"createCode");async function pP(t,e){let r=e||$();return await so(r,async()=>{let n=await JS(t,r),{list:i,invite:o}=n;if(o.expiresAt<=Date.now())throw delete i.invites[t],await io(i.tenantId,i),new Error(Uu);return{email:o.email,info:o.info}})}s(pP,"getCode");async function mP(t,e){let r=e||$();try{await so(r,async()=>{let n=await JS(t,r);delete n.list.invites[t],await io(n.list.tenantId,n.list)})}catch(n){if(n instanceof Error&&n.message===Uu)return;throw n}}s(mP,"deleteCode");async function ZS(){let t=$(),e=await so(t,async()=>{let n=await gp(t)||{tenantId:t,invites:{}},i=cP(n);return n=i.list,i.changed&&await io(t,n),n}),r=new Map;for(let[n,i]of Object.entries(e.invites))r.set(n,lP(n,i));return Array.from(r.values())}s(ZS,"getInviteCodes");async function Ep(t){let e=new Set(t.map(r=>r.toLowerCase()));return(await ZS()).filter(r=>e.has(r.email.toLowerCase()))}s(Ep,"getExistingInvites");var Tp={};P(Tp,{createCode:()=>gP,getCode:()=>EP,invalidateCode:()=>yP});var hP=pe.fromHours(1).toSeconds();async function gP(t,e){let r=ee();return await(await Ns()).store(r,{userId:t,info:e},hP),r}s(gP,"createCode");async function EP(t){let r=await(await Ns()).get(t);if(!r)throw new Error("Provided information is not valid, cannot reset password - please try again.");return r}s(EP,"getCode");async function yP(t){await(await Ns()).delete(t)}s(yP,"invalidateCode");var br={};P(br,{getUser:()=>Ro,getUsers:()=>jL,invalidateUser:()=>Co});var oo={};P(oo,{getPlatformDB:()=>Dr,users:()=>yt});var yt={};P(yt,{addSsoUser:()=>eA,addUser:()=>IP,getUserDoc:()=>XS,lookupTenantId:()=>TP,removeUser:()=>wP,updateUserDoc:()=>SP});function Dr(){return Re(fe.PLATFORM_INFO.name)}s(Dr,"getPlatformDB");async function TP(t){return g.MULTI_TENANCY?(await XS(t)).tenantId:ae}s(TP,"lookupTenantId");async function XS(t){return Dr().get(t)}s(XS,"getUserDoc");async function SP(t){await Dr().put(t)}s(SP,"updateUserDoc");function AP(t,e){return{_id:t,tenantId:e}}s(AP,"newUserIdDoc");function _P(t,e,r){return{_id:e,userId:t,tenantId:r}}s(_P,"newUserEmailDoc");function OP(t,e,r,n){return{_id:t,userId:r,email:e,tenantId:n}}s(OP,"newUserSsoIdDoc");async function Sp(t,e){let r=Dr(),n;try{await r.get(t)}catch(i){if(i.status===404)n=e(),await r.put(n);else throw i}}s(Sp,"addUserDoc");async function eA(t,e,r,n){return Sp(t,()=>OP(t,e,r,n))}s(eA,"addSsoUser");async function IP(t,e,r,n){let i=[Sp(e,()=>AP(e,t)),Sp(r,()=>_P(e,r,t))];n&&i.push(eA(n,r,e,t)),await Promise.all(i)}s(IP,"addUser");async function wP(t){let e=Dr(),r=[t._id,t.email],n=await e.allDocs({keys:r,include_docs:!0});await e.bulkRemove(n.rows.map(i=>i.doc),{silenceErrors:!0})}s(wP,"removeUser");var yn={};P(yn,{getAccount:()=>Rr,getAccountByTenantId:()=>fi,getStatus:()=>DP});var tA=B(require("node-fetch"));var ao=class{static{s(this,"API")}constructor(e){this.host=e}async apiCall(e,r,n){n.headers||(n.headers={}),n.headers["Content-Type"]||(n.headers={"Content-Type":"application/json",Accept:"application/json",...n.headers});let i=n.headers["Content-Type"]==="application/json";js.setHeader(n.headers);let o={method:e,body:i?JSON.stringify(n.body):n.body,headers:n.headers,credentials:"include"};return await(0,tA.default)(`${this.host}${r}`,o)}async post(e,r){return this.apiCall("POST",e,r)}async get(e,r){return this.apiCall("GET",e,r)}async patch(e,r){return this.apiCall("PATCH",e,r)}async del(e,r){return this.apiCall("DELETE",e,r)}async put(e,r){return this.apiCall("PUT",e,r)}};var Ap=new ao(g.INTERNAL_ACCOUNT_PORTAL_URL),_p=g.SELF_HOSTED||g.DISABLE_ACCOUNT_PORTAL,Rr=s(async t=>{if(_p)return;let e={email:t},r=await Ap.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by email ${t}`);return(await r.json())[0]},"getAccount"),fi=s(async t=>{if(_p)return;let e={tenantId:t},r=await Ap.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by tenantId ${t}`);return(await r.json())[0]},"getAccountByTenantId"),DP=s(async()=>{if(_p)return;let t=await Ap.get("/api/status",{headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}}),e=await t.json();if(t.status!==200)throw new Error("Error getting status");return e},"getStatus");var Ei={};P(Ei,{UserDB:()=>xt,addAppBuilder:()=>VL,bulkGetGlobalUsersById:()=>ic,bulkUpdateGlobalUsers:()=>Io,cleanseUserObject:()=>qp,creatorsInList:()=>An,doesUserExist:()=>FL,getAccountHolderFromUsers:()=>nc,getAllUserIds:()=>ML,getAllUsers:()=>kL,getById:()=>_n,getCreatorCount:()=>$L,getExistingAccounts:()=>gi,getExistingPlatformUsers:()=>VA,getExistingTenantUsers:()=>GA,getFirstPlatformUser:()=>_o,getGlobalUserByAppPage:()=>zA,getGlobalUserByEmail:()=>At,getPlatformUsers:()=>Xu,getUserCount:()=>WL,hasAdminPermissions:()=>Cr,hasAppBuilderPermissions:()=>QA,hasBuilderPermissions:()=>Fe,isAdmin:()=>bt,isAdminOrBuilder:()=>KA,isAdminOrWorkspaceBuilder:()=>ec,isBuilder:()=>Si,isCreatorAsync:()=>Oo,isCreatorSync:()=>tc,isGlobalBuilder:()=>qA,paginatedUsers:()=>ZA,removeAppBuilder:()=>qL,removePortalUserPermissions:()=>GL,searchExistingEmails:()=>Bp,searchGlobalUsersByApp:()=>YA,searchGlobalUsersByAppAccess:()=>Vp,searchGlobalUsersByEmail:()=>JA,validateUniqueUser:()=>rc});var Vu={};P(Vu,{ActiveContentFileError:()=>ku,BadRequestError:()=>co,BudibaseError:()=>uo,EmailUnavailableError:()=>zt,FeatureDisabledError:()=>Wu,ForbiddenError:()=>Fu,HTTPError:()=>ke,NotFoundError:()=>Mu,NotImplementedError:()=>Bu,UnexpectedError:()=>Lu,UsageLimitError:()=>$u,getErrorMessage:()=>rA,getPublicError:()=>Gu});var uo=class extends Error{constructor(r,n){super(r);this.code=n}static{s(this,"BudibaseError")}};function rA(t){if(t==null)return"No error provided.";if(t instanceof Error)return t.message;if(typeof t=="string")return t;if(typeof t=="object"&&"message"in t)return String(t.message);try{let r=JSON.stringify(t);if(r!=="{}")return r}catch{}let e=String(t);return e!=="[object Object]"?e:"An unknown error occurred"}s(rA,"getErrorMessage");var Gu=s(t=>{let e;return t.code&&(e={code:t.code},t.getPublicError&&(e={...e,...t.getPublicError()})),e},"getPublicError"),ke=class t extends uo{constructor(r,n,i="http"){super(r,i);this.status=n}static{s(this,"HTTPError")}static async fromResponse(r){let n=await r.text(),i=n,o=r.status,a="http";try{let u=JSON.parse(n);i=u.message,o=u.status,a=u.error?.code}catch{}return new t(i,o,a)}},Lu=class extends ke{static{s(this,"UnexpectedError")}constructor(e){super(e,500)}},Mu=class extends ke{static{s(this,"NotFoundError")}constructor(e){super(e,404)}},co=class extends ke{static{s(this,"BadRequestError")}constructor(e){super(e,400)}},ku=class extends co{static{s(this,"ActiveContentFileError")}constructor(e){super(`File "${e}" contains active content which is not permitted`)}},Fu=class extends ke{static{s(this,"ForbiddenError")}constructor(e){super(e,403)}},Bu=class extends ke{static{s(this,"NotImplementedError")}constructor(e){super(e,501)}},Wu=class extends Error{static{s(this,"FeatureDisabledError")}constructor(e){super(`Feature disabled: '${e}'`)}},$u=class extends Error{static{s(this,"UsageLimitError")}constructor(e){super(`Usage limit exceeded: '${e}'`)}},zt=class extends Error{static{s(this,"EmailUnavailableError")}constructor(e){super(`Email already in use: '${e}'`)}};var Dp={};P(Dp,{PASSWORD_MAX_LENGTH:()=>Ip,PASSWORD_MIN_LENGTH:()=>Op,validatePassword:()=>wp});var Op=+(g.PASSWORD_MIN_LENGTH||12),Ip=+(g.PASSWORD_MAX_LENGTH||512);function wp(t){return!t||t.length<Op?{valid:!1,error:`Password invalid. Minimum ${Op} characters.`}:t.length>Ip?{valid:!1,error:`Password invalid. Maximum ${Ip} characters.`}:{valid:!0}}s(wp,"validatePassword");var qu={};P(qu,{createASession:()=>RP,endSession:()=>CP,getSession:()=>Cp,getSessionsForUser:()=>lo,invalidateSessions:()=>Tn,updateSessionTTL:()=>Rp});var iA=require("uuid");var sA=g.SESSION_EXPIRY_SECONDS?parseInt(g.SESSION_EXPIRY_SECONDS):pe.fromDays(7).toSeconds();function pi(t,e){return`${t}/${e}`}s(pi,"makeSessionID");async function lo(t){return t?(await(await yr()).scan(t)).map(n=>n.value):(console.trace("Cannot get sessions for undefined userId"),[])}s(lo,"getSessionsForUser");async function Tn(t,e={}){try{let r=e?.reason||"unknown",n=e.sessionIds||[],i;if(n.length===0?i=(await lo(t)).map(a=>({key:pi(a.userId,a.sessionId)})):(n=Array.isArray(n)?n:[n],i=n.map(o=>({key:pi(t,o)}))),i&&i.length>0){let o=await yr(),a=[];for(let u of i)a.push(o.delete(u.key));g.isTest()||ci(`Invalidating sessions for ${t} (reason: ${r}) - ${i.map(u=>u.key).join(", ")}`),await Promise.all(a)}}catch(r){console.error(`Error invalidating sessions: ${r}`)}}s(Tn,"invalidateSessions");async function RP(t,e){let r=await lo(t),n=0;if(r.length>=3){let l=r.sort((h,p)=>new Date(h.createdAt).getTime()-new Date(p.createdAt).getTime()),d=r.length-3+1,f=l.slice(0,d).map(h=>h.sessionId);n=f.length,await Tn(t,{sessionIds:f,reason:"session limit exceeded"})}let i=await yr(),o=e.sessionId,a=e.csrfToken?e.csrfToken:(0,iA.v4)(),u=pi(t,o),c={...e,csrfToken:a,createdAt:new Date().toISOString(),lastAccessedAt:new Date().toISOString(),userId:t};return await i.store(u,c,sA),{session:c,invalidatedSessionCount:n}}s(RP,"createASession");async function Rp(t){let e=await yr(),r=pi(t.userId,t.sessionId);t.lastAccessedAt=new Date().toISOString(),await e.store(r,t,sA)}s(Rp,"updateSessionTTL");async function CP(t,e){await(await yr()).delete(pi(t,e))}s(CP,"endSession");async function Cp(t,e){if(!t||!e)throw new Error(`Invalid session details - ${t} - ${e}`);let n=await(await yr()).get(pi(t,e));if(!n)throw new Error(`Session not found - ${t} - ${e}`);return n}s(Cp,"getSession");var hi={};P(hi,{account:()=>EA,action:()=>yA,ai:()=>TA,analytics:()=>Qu,app:()=>SA,asyncEventQueue:()=>Tt,auditLog:()=>AA,auth:()=>Zu,automation:()=>_A,backfill:()=>OA,backfillCache:()=>Yu,backup:()=>IA,datasource:()=>wA,email:()=>DA,environmentVariable:()=>RA,group:()=>CA,identification:()=>St,initAsyncEvents:()=>OL,installation:()=>go,layout:()=>bA,license:()=>xA,org:()=>vA,plugin:()=>PA,processors:()=>Up,publishEvent:()=>A,query:()=>NA,resource:()=>UA,role:()=>Ao,rowAction:()=>LA,rows:()=>MA,screen:()=>kA,serve:()=>FA,shutdown:()=>IL,table:()=>BA,user:()=>Be,view:()=>WA,workspace:()=>$A});var Qu={};P(Qu,{enabled:()=>Ku});var Ku=s(async()=>ju(),"enabled");var Tt;function Hu(){Tt=new Et("systemEventQueue",{jobTags:t=>({"event.name":t.event})})}s(Hu,"init");async function oA(){Tt&&await Tt.close()}s(oA,"shutdown");async function aA(t){Tt||Hu();let{event:e,identity:r}=t;Vm.indexOf(e)!==-1&&r.tenantId&&await Tt.add(t)}s(aA,"publishAsyncEvent");var Yu={};P(Yu,{end:()=>xP,isAlreadySent:()=>vp,isBackfillingEvent:()=>xp,recordEvent:()=>bp,start:()=>bP});var bP=s(async t=>PP({eventWhitelist:t}),"start"),bp=s(async(t,e)=>{let r=Pp(t,e);await Yt(r,e,void 0,{useTenancy:!1})},"recordEvent"),xP=s(async()=>{await NP(),await UP()},"end"),vP=s(async()=>hn(ye.BACKFILL_METADATA),"getBackfillMetadata"),PP=s(async t=>Yt(ye.BACKFILL_METADATA,t),"saveBackfillMetadata"),NP=s(async()=>{await to(ye.BACKFILL_METADATA)},"deleteBackfillMetadata"),UP=s(async()=>{let t=Pp(),e=await Nu(t);for(let r of e)await to(r,{useTenancy:!1})},"clearEvents"),xp=s(async t=>{let r=(await vP())?.eventWhitelist;return!!(r&&r.includes(t))},"isBackfillingEvent"),vp=s(async(t,e)=>{let r=Pp(t,e);return!!await hn(r,{useTenancy:!1})},"isAlreadySent"),LP={"automation:created":t=>t.automationId,"automation:step:created":t=>t.stepId,"datasource:created":t=>t.datasourceId,"layout:created":t=>t.layoutId,"query:created":t=>t.queryId,"role:created":t=>t.roleId,"screen:created":t=>t.screenId,"table:created":t=>t.tableId,"view:created":t=>t.tableId,"view:calculation:created":t=>t.tableId,"view:filter:created":t=>t.tableId,"app:created":t=>t.appId,"app:published":t=>t.appId,"auth:sso:created":t=>t.type,"auth:sso:activated":t=>t.type,"user:created":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:builder:assigned":t=>t.userId,"role:assigned":t=>`${t.roleId}-${t.userId}`},Pp=s((t,e)=>{let r,n=$();if(t){r=`${ye.EVENTS}:${n}:${t}`;let i=LP[t],o=i?i(e):void 0;o&&(r=`${r}:${o}`)}else r=`${ye.EVENTS}:${n}:*`;return r},"getEventKey");var Up={};P(Up,{analyticsProcessor:()=>mA,init:()=>KP,processors:()=>Zt});var fA=require("posthog-node");var MP=s(t=>t==="served:builder"||t==="served:app:preview"||t==="served:app","isRateLimited"),kP=s(t=>t==="served:app:preview"||t==="served:app","isPerApp");var cA={"served:app":"calendarDay","served:app:preview":"calendarDay","served:builder":"calendarDay"},lA=s(async t=>{if(!MP(t))return!1;let e=await FP(t);if(e){let r=new Date(e.timestamp);switch(cA[t]){case"calendarDay":return r.setDate(r.getDate()+1),r.setHours(0,0,0,0),Date.now()>r.getTime()?(await uA(t,{timestamp:Date.now()}),!1):!0}}else return await uA(t,{timestamp:Date.now()}),!1},"limited"),dA=s(t=>{let e=`${ye.EVENTS_RATE_LIMIT}:${t}`;return kP(t)&&(e=e+":"+be()),e},"eventKey"),FP=s(async t=>{let e=dA(t);return await hn(e)},"readEvent"),uA=s(async(t,e)=>{let r=dA(t),n=cA[t],i;switch(n){case"calendarDay":i=86400}await Yt(r,e,i)},"recordEvent");var WP=["user:updated","email:smtp:updated","auth:sso:updated","app:updated","role:updated","datasource:updated","query:updated","view:updated","view:calculation:updated","automation:trigger:updated","user_group:updated"],fo=class{static{s(this,"PosthogProcessor")}constructor(e){if(!e)throw new Error("Posthog token is not defined");this.posthog=new fA.PostHog(e)}async processEvent(e,r,n,i){if(WP.includes(e)||await lA(e))return;n=this.clearPIIProperties(n),n.version=g.VERSION,n.service=g.SERVICE,n.environment=r.environment,n.hosting=r.hosting;let o=be();o&&(n.appId=o);let a={distinctId:r.id,event:e,properties:n};i&&(a.timestamp=new Date(i)),(r.installationId||r.tenantId)&&(a.groups={},r.installationId&&(a.groups.installation=r.installationId,a.properties.installationId=r.installationId),r.tenantId&&(a.groups.tenant=r.tenantId,a.properties.tenantId=r.tenantId)),this.posthog.capture(a)}clearPIIProperties(e){return e.email&&delete e.email,e.audited&&delete e.audited,e}async identify(e,r){let n={distinctId:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.identify(n)}async identifyGroup(e,r){let n={distinctId:e.id,groupType:e.type,groupKey:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.groupIdentify(n)}async shutdown(){await this.posthog.shutdown()}};var pA=fo;var $P=["installation:version:upgraded","installation:version:downgraded"],GP=["installation","tenant"],po=class{static{s(this,"AnalyticsProcessor")}constructor(){g.POSTHOG_TOKEN&&!g.isTest()&&(this.posthog=new pA(g.POSTHOG_TOKEN))}async processEvent(e,r,n,i){!$P.includes(e)&&!await Ku()||this.posthog&&await this.posthog.processEvent(e,r,n,i)}async identify(e,r){!GP.includes(e.type)&&!await Ku()||this.posthog&&await this.posthog.identify(e,r)}async identifyGroup(e,r){this.posthog&&await this.posthog.identifyGroup(e,r)}async shutdown(){this.posthog&&await this.posthog.shutdown()}};var Np=g.SELF_HOSTED&&!g.isDev(),mo=class{static{s(this,"LoggingProcessor")}async processEvent(e,r,n){Np||console.log(`[audit] [identityType=${r.type}] ${e}`,n)}async identify(e){Np||console.log("[audit] identified",e)}async identifyGroup(e){Np||console.log("[audit] group identified",e)}async shutdown(){}};var mi=class t{static{s(this,"AuditLogsProcessor")}static{this.auditLogsEnabled=!1}static init(e){t.auditLogsEnabled=!0;let r=e;return t.auditLogQueue=new Et("auditLogQueue",{jobTags:n=>({"event.name":n.event})}),t.auditLogQueue.process(async n=>{await Ce(n.data.tenantId,async()=>{let i=n.data.properties;i.audited&&(i={...i,...i.audited},delete i.audited);let o={};g.ENABLE_AUDIT_LOG_IP_ADDR&&(o=n.data.opts.hostInfo),await r(n.data.event,i,{userId:n.data.opts.userId,timestamp:n.data.opts.timestamp,appId:n.data.opts.appId,hostInfo:o})})})}async processEvent(e,r,n,i){if(t.auditLogsEnabled&&$f(e)){let o=r.type==="user"?r.id:void 0;await t.auditLogQueue.add({event:e,properties:n,opts:{userId:o,timestamp:i,appId:be(),hostInfo:r.hostInfo},tenantId:$()})}}async identify(){}async identifyGroup(){}async shutdown(){await t.auditLogQueue?.close()}};var ho=class{constructor(e){this.initialised=!1;this.processors=[];this.processors=e}static{s(this,"Processor")}async processEvent(e,r,n,i){for(let o of this.processors)await o.processEvent(e,r,n,i)}async identify(e,r){for(let n of this.processors)n.identify&&await n.identify(e,r)}async identifyGroup(e,r){for(let n of this.processors)n.identifyGroup&&await n.identifyGroup(e,r)}async shutdown(){for(let e of this.processors)e.shutdown&&await e.shutdown()}};var mA=new po,VP=new mo,qP=new mi;function KP(t){return mi.init(t)}s(KP,"init");var Zt=new ho([mA,VP,qP]);var zu={};P(zu,{checkInstallVersion:()=>HP,getInstall:()=>Eo,getInstallFromDB:()=>Mp});var Lp=B(require("semver"));var Eo=s(async()=>wr(ye.INSTALLATION,86400,Mp,{useTenancy:!1}),"getInstall");async function QP(t){let e={_id:fe.PLATFORM_INFO.docs.install,installId:ee(),version:g.VERSION};try{let r=await t.put(e);return e._rev=r.rev,e}catch(r){if(r.status===409)return Mp();throw r}}s(QP,"createInstallDoc");var Mp=s(async()=>je(fe.PLATFORM_INFO.name,async t=>{let e;try{e=await t.get(fe.PLATFORM_INFO.docs.install)}catch(r){if(r.status===404)e=await QP(t);else throw r}return e}),"getInstallFromDB"),jP=s(async t=>{try{await je(fe.PLATFORM_INFO.name,async e=>{let r=await Eo();r.version=t,await e.put(r),await li(ye.INSTALLATION)})}catch(e){if(e.status===409)return!1;throw e}return!0},"updateVersion"),HP=s(async()=>{let t=await Eo(),e=t.version,r=g.VERSION;try{if(e!==r){let n=Lp.default.gt(r,e),i=Lp.default.lt(r,e);await jP(r)&&(await ws({_id:t.installId,type:"installation"},async()=>{n?await go.upgraded(e,r):i&&await go.downgraded(e,r)}),await St.identifyInstallationGroup(t.installId))}}catch(n){n?.message?.includes("Invalid Version")?dn(`Invalid version "${r}" - is it semver?`):dn("Failed to retrieve version",n)}},"checkInstallVersion");var YP=s(async()=>{let t=Zd(),e=So(),r;if(t?r=t.type:r="tenant",r==="installation"){let n=await Sn(),i=yo();return{id:hA(n,r),hosting:i,type:r,installationId:n,environment:e}}else if(r==="tenant"){let n=await Sn(),i=await Ju($()),o=yo();return{id:hA(i,r),type:r,hosting:o,installationId:n,tenantId:i,realTenantId:$(),environment:e}}else if(r==="user"){let n=t,i=await Ju($()),o=await Sn(),a=n.account,u;return a?u=a.hosting:u=yo(),{id:n._id,type:r,hosting:u,installationId:o,tenantId:i,environment:e,realTenantId:$(),hostInfo:n.hostInfo}}else throw new Error("Unknown identity type")},"getCurrentIdentity"),zP=s(async(t,e)=>{let r=t,n="installation",i=yo(),o=g.VERSION,a=So(),u={id:r,type:n,hosting:i,version:o,environment:a};await kp(u,e),await To({...u,id:`$${n}_${r}`},e)},"identifyInstallationGroup"),JP=s(async(t,e,r,n=g.VERSION)=>{let i=await Ju(t),o="tenant",a=await Sn(),u=So(),c={id:i,type:o,hosting:e,environment:u,installationId:a,createdAt:r,createdVersion:n};await kp(c,r),await To({...c,id:`$${o}_${i}`},r)},"identifyTenantGroup"),ZP=s(async(t,e,r)=>{let n=t._id,i=await Ju(t.tenantId),o="user",a=Fe(t),u=Cr(t),c;Ko(t)&&(c=t.providerType);let d=(await gi([t.email])).length>0,f=!!e&&d&&e.verified,h=await Sn(),p=e?e.hosting:yo(),S=So();await To({id:n,type:o,hosting:p,installationId:h,tenantId:i,verified:f,accountHolder:d,providerType:c,builder:a,admin:u,environment:S},r)},"identifyUser"),XP=s(async t=>{let e=t.accountId,r=t.tenantId,n="user",i=qo(t)?t.providerType:void 0,o=t.verified,a=!0,u=t.hosting,c=await Sn(),l=So();if(Vo(t)){let f=await At(t.email);f?._id&&(e=f._id)}await To({id:e,type:n,hosting:u,installationId:c,tenantId:r,providerType:i,verified:o,accountHolder:a,environment:l})},"identifyAccount"),To=s(async(t,e)=>{await Zt.identify(t,e)},"identify"),kp=s(async(t,e)=>{await Zt.identifyGroup(t,e)},"identifyGroup"),So=s(()=>g.isDev()?"development":g.DEPLOYMENT_ENVIRONMENT,"getDeploymentEnvironment"),yo=s(()=>g.SELF_HOSTED?"self":"cloud","getHostingFromEnv"),Sn=s(async()=>eN()?"account-portal":(await Eo()).installId,"getInstallationId"),Ju=s(async t=>g.SELF_HOSTED?gA(t):t,"getEventTenantId"),gA=s(async t=>Ce(t,()=>wr(ye.UNIQUE_TENANT_ID,86400,async()=>{let e=Y(),r=await yi(),n;return r.config.uniqueTenantId?r.config.uniqueTenantId:(n=`${ee()}_${t}`,r.config.uniqueTenantId=n,r.config.createdVersion=g.VERSION,await e.put(r),n)})),"getUniqueTenantId"),eN=s(()=>g.SERVICE==="account-portal","isAccountPortal"),hA=s((t,e)=>e==="installation"||e==="tenant"?`$${e}_${t}`:t,"formatDistinctId"),St={getCurrentIdentity:YP,identifyInstallationGroup:zP,identifyTenantGroup:JP,identifyUser:ZP,identifyAccount:XP,identify:To,identifyGroup:kp,getInstallationId:Sn,getUniqueTenantId:gA};var A=s(async(t,e,r,n)=>{let i=n||await St.getCurrentIdentity();if(!(n?!1:await xp(t))){await aA({event:t,identity:i,properties:e,timestamp:r}),await Zt.processEvent(t,i,e,r);return}await vp(t,e)||(await Zt.processEvent(t,i,e,r),await bp(t,e))},"publishEvent");async function tN(t,e){let r={tenantId:t.tenantId};await A("account:created",r,void 0,e)}s(tN,"created");async function rN(t){let e={tenantId:t.tenantId};await A("account:deleted",e)}s(rN,"deleted");async function nN(t){let e={tenantId:t.tenantId};await A("account:verified",e)}s(nN,"verified");var EA={created:tN,deleted:rN,verified:nN};async function iN(t,e){console.info("action:automation_step:executed",`disabled. Action step ${t.stepId} not published at ${e}`)}s(iN,"automationStepExecuted");async function sN(t,e){console.info("action:automation_step:executed",`disabled. Action type ${t.type} not published at ${e}`)}s(sN,"crudExecuted");async function oN(t,e){console.info("action:automation_step:executed",`disabled. Execution for ai agent ${t.agentId} not published at ${e}`)}s(oN,"aiAgentExecuted");var yA={aiAgentExecuted:oN,automationStepExecuted:iN,crudExecuted:sN};async function aN(t){let e={};await A("ai:config:created",e,t)}s(aN,"AIConfigCreated");async function uN(){let t={};await A("ai:config:updated",t)}s(uN,"AIConfigUpdated");var TA={AIConfigCreated:aN,AIConfigUpdated:uN};var cN=s(async(t,e)=>{let r={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:created",r,e)},"created");async function lN(t){let e={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:updated",e)}s(lN,"updated");async function dN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:deleted",e)}s(dN,"deleted");async function fN(t,e){let r={appId:t.appId,audited:{name:t.name}};await A("app:published",r,e)}s(fN,"published");async function pN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:unpublished",e)}s(pN,"unpublished");async function mN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:file:imported",e)}s(mN,"fileImported");async function hN(t,e){let r={duplicateAppId:e,appId:t.appId,audited:{name:t.name}};await A("app:duplicated",r)}s(hN,"duplicated");async function gN(t,e){let r={appId:t.appId,templateKey:e,audited:{name:t.name}};await A("app:template:imported",r)}s(gN,"templateImported");async function EN(t,e,r){let n={appId:t.appId,currentVersion:e,updatedToVersion:r,audited:{name:t.name}};await A("app:version:updated",n)}s(EN,"versionUpdated");async function yN(t,e,r){let n={appId:t.appId,currentVersion:e,revertedToVersion:r,audited:{name:t.name}};await A("app:version:reverted",n)}s(yN,"versionReverted");async function TN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:reverted",e)}s(TN,"reverted");async function SN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:exported",e)}s(SN,"exported");var SA={created:cN,updated:lN,deleted:dN,published:fN,unpublished:pN,fileImported:mN,duplicated:hN,templateImported:gN,versionUpdated:EN,versionReverted:yN,reverted:TN,exported:SN};async function AN(t){let e={filters:t};await A("audit_log:filtered",e)}s(AN,"filtered");async function _N(t){let e={filters:t};await A("audit_log:downloaded",e)}s(_N,"downloaded");var AA={filtered:AN,downloaded:_N};async function ON(t,e){let n={userId:(await St.getCurrentIdentity()).id,source:t,audited:{email:e}};await A("auth:login",n)}s(ON,"login");async function IN(t){let r={userId:(await St.getCurrentIdentity()).id,audited:{email:t}};await A("auth:logout",r)}s(IN,"logout");async function wN(t,e){let r={type:t};await A("auth:sso:created",r,e)}s(wN,"SSOCreated");async function DN(t){let e={type:t};await A("auth:sso:updated",e)}s(DN,"SSOUpdated");async function RN(t,e){let r={type:t};await A("auth:sso:activated",r,e)}s(RN,"SSOActivated");async function CN(t){let e={type:t};await A("auth:sso:deactivated",e)}s(CN,"SSODeactivated");var Zu={login:ON,logout:IN,SSOCreated:wN,SSOUpdated:DN,SSOActivated:RN,SSODeactivated:CN};async function bN(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:created",r,e)}s(bN,"created");async function xN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:trigger:updated",e)}s(xN,"triggerUpdated");async function vN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:deleted",e)}s(vN,"deleted");async function PN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:tested",e)}s(PN,"tested");var NN=s(async(t,e)=>{let r={count:t};await A("automations:run",r,e)},"run");async function UN(t,e,r){let n={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:created",n,r)}s(UN,"stepCreated");async function LN(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:deleted",r)}s(LN,"stepDeleted");var _A={created:bN,triggerUpdated:xN,deleted:vN,tested:PN,run:NN,stepCreated:UN,stepDeleted:LN};var Ti=!g.SELF_HOSTED&&!g.isDev();async function MN(t){Ti||await A("app:backfill:succeeded",t)}s(MN,"appSucceeded");async function kN(t){if(Ti)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("app:backfill:failed",e)}s(kN,"appFailed");async function FN(t){Ti||await A("tenant:backfill:succeeded",t)}s(FN,"tenantSucceeded");async function BN(t){if(Ti)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("tenant:backfill:failed",e)}s(BN,"tenantFailed");async function WN(){if(Ti)return;let t={};await A("installation:backfill:succeeded",t)}s(WN,"installationSucceeded");async function $N(t){if(Ti)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("installation:backfill:failed",e)}s($N,"installationFailed");var OA={appSucceeded:MN,appFailed:kN,tenantSucceeded:FN,tenantFailed:BN,installationSucceeded:WN,installationFailed:$N};async function GN(t){let e={appId:t.appId,restoreId:t._id,backupCreatedAt:t.timestamp,name:t.name};await A("app:backup:restored",e)}s(GN,"appBackupRestored");async function VN(t,e,r,n,i){let o={appId:t,backupId:e,type:r,trigger:n,name:i};await A("app:backup:triggered",o)}s(VN,"appBackupTriggered");var IA={appBackupRestored:GN,appBackupTriggered:VN};function Fp(t){return!Object.values(Bo).includes(t.source)}s(Fp,"isCustom");async function qN(t,e){let r={datasourceId:t._id,source:t.source,custom:Fp(t)};await A("datasource:created",r,e)}s(qN,"created");async function KN(t){let e={datasourceId:t._id,source:t.source,custom:Fp(t)};await A("datasource:updated",e)}s(KN,"updated");async function QN(t){let e={datasourceId:t._id,source:t.source,custom:Fp(t)};await A("datasource:deleted",e)}s(QN,"deleted");var wA={created:qN,updated:KN,deleted:QN};async function jN(t){let e={};await A("email:smtp:created",e,t)}s(jN,"SMTPCreated");async function HN(){let t={};await A("email:smtp:updated",t)}s(HN,"SMTPUpdated");var DA={SMTPCreated:jN,SMTPUpdated:HN};async function YN(t,e){let r={name:t,environments:e};await A("environment_variable:created",r)}s(YN,"created");async function zN(t){let e={name:t};await A("environment_variable:deleted",e)}s(zN,"deleted");async function JN(t){let e={userId:t};await A("environment_variable:upgrade_panel_opened",e)}s(JN,"upgradePanelOpened");var RA={created:YN,deleted:zN,upgradePanelOpened:JN};async function ZN(t,e){let r={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:created",r,e)}s(ZN,"created");async function XN(t){let e={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:updated",e)}s(XN,"updated");async function eU(t){let e={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:deleted",e)}s(eU,"deleted");async function tU(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:gt(),audited:{name:e.name}};await A("user_group:user_added",n)}s(tU,"usersAdded");async function rU(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:gt(),audited:{name:e.name}};await A("user_group:users_deleted",n)}s(rU,"usersDeleted");async function nU(t){let e={groupId:t,onboarding:!0};await A("user_group:onboarding_added",e)}s(nU,"createdOnboarding");async function iU(t){let e={permissions:t.roles,groupId:t._id,audited:{name:t.name}};await A("user_group:permissions_edited",e)}s(iU,"permissionsEdited");var CA={created:ZN,updated:XN,deleted:eU,usersAdded:tU,usersDeleted:rU,createdOnboarding:nU,permissionsEdited:iU};async function sU(t){let e={currentVersion:t};await A("installation:version:checked",e)}s(sU,"versionChecked");async function oU(t,e){let r={from:t,to:e};await A("installation:version:upgraded",r)}s(oU,"upgraded");async function aU(t,e){let r={from:t,to:e};await A("installation:version:downgraded",r)}s(aU,"downgraded");async function uU(){let t={};await A("installation:firstStartup",t)}s(uU,"firstStartup");var go={versionChecked:sU,upgraded:oU,downgraded:aU,firstStartup:uU};async function cU(t,e){let r={layoutId:t._id};await A("layout:created",r,e)}s(cU,"created");async function lU(t){let e={layoutId:t};await A("layout:deleted",e)}s(lU,"deleted");var bA={created:cU,deleted:lU};async function dU(t,e){let r={accountId:t.accountId,...e};await A("license:plan:changed",r)}s(dU,"planChanged");async function fU(t){let e={accountId:t.accountId};await A("license:activated",e)}s(fU,"activated");async function pU(t){let e={accountId:t.accountId};await A("license:checkout:opened",e)}s(pU,"checkoutOpened");async function mU(t){let e={accountId:t.accountId};await A("license:checkout:success",e)}s(mU,"checkoutSuccess");async function hU(t){let e={accountId:t.accountId};await A("license:portal:opened",e)}s(hU,"portalOpened");async function gU(t){let e={accountId:t.accountId};await A("license:payment:failed",e)}s(gU,"paymentFailed");async function EU(t){let e={accountId:t.accountId};await A("license:payment:recovered",e)}s(EU,"paymentRecovered");var xA={planChanged:dU,activated:fU,checkoutOpened:pU,checkoutSuccess:mU,portalOpened:hU,paymentFailed:gU,paymentRecovered:EU};async function yU(t){let e={};await A("org:info:name:updated",e,t)}s(yU,"nameUpdated");async function TU(t){let e={};await A("org:info:logo:updated",e,t)}s(TU,"logoUpdated");async function SU(t){let e={};await A("org:platformurl:updated",e,t)}s(SU,"platformURLUpdated");async function AU(){let t={};await A("analytics:opt:out",t)}s(AU,"analyticsOptOut");async function _U(){let t={};await A("analytics:opt:out",t)}s(_U,"analyticsOptIn");var vA={nameUpdated:yU,logoUpdated:TU,platformURLUpdated:SU,analyticsOptOut:AU,analyticsOptIn:_U};async function OU(t){let e={type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:init",e)}s(OU,"init");async function IU(t){let e={pluginId:t._id,type:t.schema.type,source:t.source,name:t.name,description:t.description,version:t.version};await A("plugin:imported",e)}s(IU,"imported");async function wU(t){let e={pluginId:t._id,type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:deleted",e)}s(wU,"deleted");var PA={init:OU,imported:IU,deleted:wU};var DU=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:created",n,r)},"created"),RU=s(async(t,e)=>{let r={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:updated",r)},"updated"),CU=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb,appId:r};await A("query:deleted",n)},"deleted"),bU=s(async(t,e,r)=>{let n={datasourceId:t._id,source:t.source,count:r,importSource:e};await A("query:import",n)},"imported"),xU=s(async(t,e)=>{let r={count:t};await A("queries:run",r,e)},"run"),vU=s(async(t,e)=>{let r={queryId:e.queryId,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:previewed",r)},"previewed"),NA={created:DU,updated:RU,deleted:CU,imported:bU,run:xU,previewed:vU};async function PU({resource:t,fromWorkspace:e,toWorkspace:r},n){let i={resource:t,fromWorkspace:e,toWorkspace:r};await A("resource:copied_to_workspace",i,n)}s(PU,"duplicatedToWorkspace");var UA={duplicatedToWorkspace:PU};async function NU(t,e){let r={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:created",r,e)}s(NU,"created");async function UU(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:updated",e)}s(UU,"updated");async function LU(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:deleted",e)}s(LU,"deleted");async function MU(t,e,r){let n={userId:t._id,roleId:e};await A("role:assigned",n,r)}s(MU,"assigned");async function kU(t,e){let r={userId:t._id,roleId:e};await A("role:unassigned",r)}s(kU,"unassigned");var Ao={created:NU,updated:UU,deleted:LU,assigned:MU,unassigned:kU};async function FU(t,e){await A("row_action:created",t,e)}s(FU,"created");var LA={created:FU};var BU=s(async(t,e)=>{let r={count:t};await A("rows:created",r,e)},"created"),WU=s(async(t,e)=>{let r={tableId:t._id,count:e};await A("rows:imported",r)},"imported"),MA={created:BU,imported:WU};async function $U(t,e){let r={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:created",r,e)}s($U,"created");async function GU(t){let e={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:deleted",e)}s(GU,"deleted");var kA={created:$U,deleted:GU};async function VU(t){let e={timezone:t};await A("served:builder",e)}s(VU,"servedBuilder");async function qU(t,e,r){let n={appVersion:t.version,timezone:e,embed:r===!0};await A("served:app",n)}s(qU,"servedApp");async function KU(t,e){let r={appId:t.appId,appVersion:t.version,timezone:e};await A("served:app:preview",r)}s(KU,"servedAppPreview");var FA={servedBuilder:VU,servedApp:qU,servedAppPreview:KU};async function QU(t,e){let r={tableId:t._id,audited:{name:t.name}};await A("table:created",r,e)}s(QU,"created");async function jU(t,e){let r,n;for(let o in e.schema)if(!t.schema[o]){let a=e.schema[o];"default"in a&&a.default!=null&&(r=!0),a.type==="ai"&&(n=a.operation)}let i={tableId:e._id,defaultValues:r,aiColumn:n,audited:{name:e.name}};(r||n)&&await A("table:updated",i)}s(jU,"updated");async function HU(t,e){let r={tableId:t._id,audited:{name:t.name},appId:e};await A("table:deleted",r)}s(HU,"deleted");async function YU(t,e){let r={tableId:t._id,format:e,audited:{name:t.name}};await A("table:exported",r)}s(YU,"exported");async function zU(t){let e={tableId:t._id,audited:{name:t.name}};await A("table:imported",e)}s(zU,"imported");var BA={created:QU,updated:jU,deleted:HU,exported:YU,imported:zU};async function JU(t,e){let r={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:created",r,e)}s(JU,"created");async function ZU(t){let e={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:updated",e)}s(ZU,"updated");async function XU(t){let e={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:deleted",e)}s(XU,"deleted");async function eL(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:admin:assigned",r,e)}s(eL,"permissionAdminAssigned");async function tL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:admin:removed",e)}s(tL,"permissionAdminRemoved");async function rL(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:builder:assigned",r,e)}s(rL,"permissionBuilderAssigned");async function nL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:builder:removed",e)}s(nL,"permissionBuilderRemoved");async function iL(t){let e={audited:{email:t}};await A("user:invited",e)}s(iL,"invited");async function sL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:invite:accepted",e)}s(sL,"inviteAccepted");async function oL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:force:reset",e)}s(oL,"passwordForceReset");async function aL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:updated",e)}s(aL,"passwordUpdated");async function uL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset:requested",e)}s(uL,"passwordResetRequested");async function cL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset",e)}s(cL,"passwordReset");async function lL(t){let e={users:t};await A("user:data:collaboration",e)}s(lL,"dataCollaboration");var Be={created:JU,updated:ZU,deleted:XU,permissionAdminAssigned:eL,permissionAdminRemoved:tL,permissionBuilderAssigned:rL,permissionBuilderRemoved:nL,invited:iL,inviteAccepted:sL,passwordForceReset:oL,passwordUpdated:aL,passwordResetRequested:uL,passwordReset:cL,dataCollaboration:lL};async function dL(t,e){let r={name:t.name,type:t.type,tableId:t.tableId};await A("view:created",r,e)}s(dL,"created");async function fL(t){let e={tableId:t.tableId};await A("view:updated",e)}s(fL,"updated");async function pL(t,e){let r={...Le.views.isV2(t)?{id:t.id,tableId:t.tableId,appId:e}:{}};await A("view:deleted",r)}s(pL,"deleted");async function mL(t,e){let r={tableId:t._id,format:e};await A("view:exported",r)}s(mL,"exported");async function hL({tableId:t,filterGroups:e},r){let n={tableId:t,filterGroups:e};await A("view:filter:created",n,r)}s(hL,"filterCreated");async function gL({tableId:t,filterGroups:e}){let r={tableId:t,filterGroups:e};await A("view:filter:updated",r)}s(gL,"filterUpdated");async function EL(t){let e={tableId:t.tableId};await A("view:filter:deleted",e)}s(EL,"filterDeleted");async function yL({tableId:t,calculationType:e},r){let n={tableId:t,calculation:e};await A("view:calculation:created",n,r)}s(yL,"calculationCreated");async function TL(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:updated",e)}s(TL,"calculationUpdated");async function SL(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:deleted",e)}s(SL,"calculationDeleted");async function AL(t,e){let r={tableId:t};await A("view:join:created",r,e)}s(AL,"viewJoinCreated");var WA={created:dL,updated:fL,deleted:pL,exported:mL,filterCreated:hL,filterUpdated:gL,filterDeleted:EL,calculationCreated:yL,calculationUpdated:TL,calculationDeleted:SL,viewJoinCreated:AL};async function _L(t,e){let r={workspaceAppId:t._id,audited:{name:t.name},appId:e};await A("workspace_app:deleted",r)}s(_L,"deleted");var $A={deleted:_L};function OL(){}s(OL,"initAsyncEvents");var IL=s(async()=>{await Zt.shutdown(),console.log("Events shutdown")},"shutdown");var Wp={};P(Wp,{creatorsInList:()=>An,getAccountHolderFromUsers:()=>nc,hasAdminPermissions:()=>Cr,hasAppBuilderPermissions:()=>QA,hasBuilderPermissions:()=>Fe,isAdmin:()=>bt,isAdminOrBuilder:()=>KA,isAdminOrWorkspaceBuilder:()=>ec,isBuilder:()=>Si,isCreatorAsync:()=>Oo,isCreatorSync:()=>tc,isGlobalBuilder:()=>qA,validateUniqueUser:()=>rc});async function Bp(t){let e=[],r=await GA(t);e.push(...r.map(a=>a.email));let n=await VA(t);e.push(...n.map(a=>a._id));let i=await gi(t);e.push(...i.map(a=>a.email));let o=await Ep(t);return e.push(...o.map(a=>a.email)),[...new Set(e.map(a=>a.toLowerCase()))]}s(Bp,"searchExistingEmails");async function Xu(t){return await Fs("platform_users_lowercase_2",{keys:[t.toLowerCase()],include_docs:!0})}s(Xu,"getPlatformUsers");async function _o(t){return(await Xu(t))[0]??null}s(_o,"getFirstPlatformUser");async function GA(t){let r={keys:t.map(i=>i.toLowerCase()),include_docs:!0},n={arrayResponse:!0};return await qt("by_email2",r,void 0,n)}s(GA,"getExistingTenantUsers");async function VA(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await Fs("platform_users_lowercase_2",r)}s(VA,"getExistingPlatformUsers");async function gi(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await Fs("account_by_email",r)}s(gi,"getExistingAccounts");var Si=Me.users.isBuilder,bt=Me.users.isAdmin,qA=Me.users.isGlobalBuilder,KA=Me.users.isAdminOrBuilder,Cr=Me.users.hasAdminPermissions,Fe=Me.users.hasBuilderPermissions,QA=Me.users.hasAppBuilderPermissions,ec=Me.users.isAdminOrWorkspaceBuilder;async function An(t,e){let r=[...new Set(t.filter(i=>i.userGroups).flatMap(i=>i.userGroups))];return e=await Y().getMultiple(r,{allowMissing:!0}),t.map(i=>tc(i,e))}s(An,"creatorsInList");async function Oo(t){let e=[];return t.userGroups&&(e=await Y().getMultiple(t.userGroups)),tc(t,e)}s(Oo,"isCreatorAsync");function tc(t,e){let r=Me.users.isCreator(t);return!r&&t?wL(t,e):r}s(tc,"isCreatorSync");function wL(t,e){let r=e?.filter(n=>t.userGroups?.indexOf(n._id)!==-1);return r&&r.length>0?r.some(n=>Object.values(n.roles||{}).includes("CREATOR")):!1}s(wL,"isCreatorByGroupMembership");async function rc(t,e){if(g.MULTI_TENANCY){let r=await _o(t);if(r!=null&&r.tenantId!==e)throw new zt(t)}if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let r=await Rr(t);if(r&&r.verified&&r.tenantId!==e)throw new zt(t)}}s(rc,"validateUniqueUser");async function nc(t){if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let e=await gi(t.map(r=>r.email));return t.find(r=>e.map(n=>n.email).includes(r.email))}}s(nc,"getAccountHolderFromUsers");var $p=s(async t=>{await Be.deleted(t),Fe(t)&&await Be.permissionBuilderRemoved(t),Cr(t)&&await Be.permissionAdminRemoved(t)},"handleDeleteEvents"),DL=s(async(t,e,r)=>{for(let[n,i]of Object.entries(e))(!r||r[n]!==i)&&await Ao.assigned(t,i)},"assignAppRoleEvents"),RL=s(async(t,e,r)=>{if(r)for(let[n,i]of Object.entries(r))(!e||e[n]!==i)&&await Ao.unassigned(t,i)},"unassignAppRoleEvents"),CL=s(async(t,e)=>{let r=t.roles,n=e?.roles;await DL(t,r,n),await RL(t,r,n)},"handleAppRoleEvents"),Gp=s(async(t,e,r)=>{let n=r;!n&&!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL&&(n=await fi($())),await St.identifyUser(t,n),e?(await Be.updated(t),xL(t,e)&&await Be.permissionBuilderRemoved(t),PL(t,e)&&await Be.permissionAdminRemoved(t),!e.forceResetPassword&&t.forceResetPassword&&t.password&&await Be.passwordForceReset(t),t.password!==e.password&&await Be.passwordUpdated(t)):await Be.created(t),bL(t,e)&&await Be.permissionBuilderAssigned(t),vL(t,e)&&await Be.permissionAdminAssigned(t),await CL(t,e)},"handleSaveEvents"),bL=s((t,e)=>jA(t,e,Fe),"isAddingBuilder"),xL=s((t,e)=>HA(t,e,Fe),"isRemovingBuilder"),vL=s((t,e)=>jA(t,e,Cr),"isAddingAdmin"),PL=s((t,e)=>HA(t,e,Cr),"isRemovingAdmin"),jA=s((t,e,r)=>!(!r(t)||e&&r(e)),"isAddingPermission"),HA=s((t,e,r)=>!(r(t)||!e||!r(e)),"isRemovingPermission");var UL=s(async t=>{let e=t._id;await yt.removeUser(t),await $p(t),await br.invalidateUser(e),await Tn(e,{reason:"bulk-deletion"})},"bulkDeleteProcessing"),xt=class t{static{s(this,"UserDB")}static init(e,r,n){t.quotas=e,t.groups=r,t.features=n}static async isPreventPasswordActions(e,r){return g.ENABLE_SSO_MAINTENANCE_MODE&&bt(e)?!1:await t.features.isSSOEnforced()||Ko(e)?!0:(r||(r=await fi($())),!!(r&&r.email===e.email&&qo(r)))}static async buildUser(e,r={hashPassword:!0,requirePassword:!0},n,i,o){let{password:a,_id:u}=e;i&&!i.password&&(r.requirePassword=!1);let c;if(a&&a!==i?.password){if(await t.isPreventPasswordActions(e,o))throw new ke("Password change is disabled for this user",400);if(!r.skipPasswordValidation){let f=wp(a);if(!f.valid)throw new ke(f.error,400)}c=r.hashPassword?await zd(a):a}else i&&(c=i.password);let l=r.requirePassword&&!await t.features.isSSOEnforced();if(!c&&l)throw"Password must be specified.";u=u||ri();let d={createdAt:Date.now(),...i,...e,_id:u,password:c,tenantId:n};return d.roles||(d.roles={}),d.status==null&&(d.status="active"),d}static async allUsers(){return(await Y().allDocs(on(null,{include_docs:!0}))).rows.map(n=>n.doc)}static async countUsersByWorkspace(e){if(typeof e!="string"||!e)throw new Error("Must provide a string based workspace ID");return{userCount:(await Bs("by_app",ni(e,{include_docs:!1}))).rows.length}}static async getUsersByAppAccess(e){return await Vp(e.appId,{limit:e.limit||50})}static async getUserByEmail(e){return At(e)}static async getUser(e){let r=await _n(e);return r&&delete r.password,r}static async bulkGet(e){return await ic(e)}static async bulkUpdate(e){return await Io(e)}static async save(e,r={}){r.hashPassword==null&&(r.hashPassword=!0),r.requirePassword==null&&(r.requirePassword=!0);let n=$(),i=Y(),{email:o,_id:a,userGroups:u=[],roles:c}=e;if(!o&&!a)throw new Error("_id or email is required");let l;if(a)try{if(l=await _n(a),o&&l.email!==o&&!r.allowChangingEmail)throw new Error("Email address cannot be changed")}catch(m){if(m.status!==404)throw m}if(!l&&o&&(l=await At(o),l&&l._id!==a))throw new zt(o);let d=1,f=0;if((r.isAccountHolder||l)&&(d=0,f=1),l){let[m,E]=await An([l,e]);f=m!==E?1:0}let h=!l,p=!!l&&!!o&&l.email!==o,S=!r.isAccountHolder&&!!o&&(h||p);return t.quotas.addUsers(d,f,async()=>{S&&await rc(o,n);let m=await t.buildUser(e,r,n,l);r.currentUserId&&r.currentUserId===l?._id&&(m=qp(m,l)),!l&&c?.length&&(m.roles={...c});let E=[];if(!a&&u.length>0)for(let y of u)E.push(t.groups.addUsers(y,[m._id]));try{let y=await i.put(m);return m._rev=y.rev,await Gp(m,l),l&&m.email!==l.email&&await yt.removeUser({email:l.email}),await yt.addUser(n,m._id,m.email,m.ssoId),await br.invalidateUser(y.id),await Promise.all(E),i.get(m._id)}catch(y){throw y.status===409?"User exists already":y}})}static async bulkCreate(e,r){let n=$(),i=[],o=[],a=[],u=e.map(h=>h.email),c=await Bp(u),l=[];for(let h of e){let p=o.find(m=>m.email.toLowerCase()===h.email.toLowerCase()),S=c.includes(h.email.toLowerCase());if(p||S){l.push({email:h.email,reason:"Unavailable"});continue}h.userGroups=r||[],o.push(h),await Oo(h)&&a.push(h)}let d=await fi(n),f=await t.features.isSSOEnforced();return t.quotas.addUsers(o.length,a.length,async()=>{for(let S of o)f&&delete S.password,i.push(t.buildUser(S,{hashPassword:!0,requirePassword:!f},n,void 0,d));let h=await Promise.all(i);await Io(h);for(let S of h)await yt.addUser(n,S._id,S.email),await Gp(S,void 0,d);let p=h.map(S=>({_id:S._id,email:S.email}));if(Array.isArray(p)&&r){let S=[],m=p.map(E=>E._id);for(let E of r)S.push(t.groups.addUsers(E,m));await Promise.all(S)}return{successful:p,unsuccessful:l}})}static async bulkDelete(e){let r=Y(),n={successful:[],unsuccessful:[]},i=await nc(e);i&&(e=e.filter(p=>p.userId!==i.userId),n.unsuccessful.push({_id:i.userId,email:i.email,reason:"Account holder cannot be deleted"}));let a=(await r.allDocs({include_docs:!0,keys:e.map(p=>p.userId)})).rows.map(p=>p.doc),u=a.map(p=>({...p,_deleted:!0})),c=await Io(u),d=(await An(a)).filter(p=>p).length,f=[];for(let p of a){let m=(await _o(p._id)).ssoId;m&&(await Xu(m)).filter(y=>y.ssoId==null).forEach(y=>{f.push({...y,_deleted:!0})}),await UL(p)}await Dr().bulkDocs(f),await t.quotas.removeUsers(u.length,d);let h={};return a.reduce((p,S)=>(p[S._id]=S,p),h),c.forEach(p=>{let S=h[p.id].email;p.ok?n.successful.push({_id:p.id,email:S}):n.unsuccessful.push({_id:p.id,email:S,reason:"Database error"})}),n}static async destroy(e){let r=Y(),n=await r.get(e),i=n._id;if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let a=n.email;if(await Rr(a))throw n.userId===$t()._id?new ke('Please visit "Account" to delete this user',400):new ke("Account holder cannot be deleted",400)}await yt.removeUser(n),await r.remove(i,n._rev);let o=await Oo(n)?1:0;await t.quotas.removeUsers(1,o),await $p(n),await br.invalidateUser(i),await Tn(i,{reason:"deletion"})}static async createAdminUser(e,r,n){let i=n?.password,o={email:e,password:i,createdAt:Date.now(),roles:{},builder:{global:!0},admin:{global:!0},tenantId:r,firstName:n?.firstName,lastName:n?.lastName};return n?.ssoId&&(o.ssoId=n.ssoId),await li(ye.CHECKLIST),await t.save(o,{hashPassword:n?.hashPassword,requirePassword:n?.requirePassword,skipPasswordValidation:n?.skipPasswordValidation,isAccountHolder:!0})}static async getGroups(e){return await this.groups.getBulk(e)}static async getGroupBuilderAppIds(e){return await this.groups.getGroupBuilderAppIds(e)}};function Do(t){return Array.isArray(t)?t.map(e=>{if(e)return delete e.password,e}):t&&(delete t.password,t)}s(Do,"removeUserPassword");async function ic(t,e){let n=(await Y().allDocs({keys:t,include_docs:!0})).rows.map(i=>i.doc);return e?.cleanup&&(n=Do(n)),n}s(ic,"bulkGetGlobalUsersById");async function ML(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${Ne}`})).rows.map(n=>n.id)}s(ML,"getAllUserIds");async function kL(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${Ne}`,include_docs:!0})).rows.map(n=>n.doc)}s(kL,"getAllUsers");async function Io(t){return await Y().bulkDocs(t)}s(Io,"bulkUpdateGlobalUsers");async function _n(t,e){let n=await Y().get(t);return e?.cleanup&&(n=Do(n)),n}s(_n,"getById");async function At(t,e){if(t==null)throw"Must supply an email address to view";let r=await qt("by_email2",{key:t.toLowerCase(),include_docs:!0});if(Array.isArray(r))throw new Error(`Multiple users found with email address: ${t}`);let n=r;return e?.cleanup&&(n=Do(n)),n}s(At,"getGlobalUserByEmail");async function FL(t){try{let e=await At(t);if(Array.isArray(e)||e!=null)return!0}catch{return!1}return!1}s(FL,"doesUserExist");async function YA(t,e,r){if(typeof t!="string")throw new Error("Must provide a string based workspace ID");let n=ni(t,{include_docs:!0});n.startkey=e&&e.startkey?e.startkey:n.startkey;let i=await qt("by_app",n);i||(i=[]);let o=Array.isArray(i)?i:[i];return r?.cleanup&&(o=Do(o)),o}s(YA,"searchGlobalUsersByApp");async function Vp(t,e){let r=`roles.${t}`,n=[{"builder.global":!0},{"admin.global":!0}];if(t){let a={[r]:{$exists:!0}};n.push(a)}return(await Y().find({selector:{$or:n,_id:{$regex:"^us_"}},limit:e?.limit||50})).docs}s(Vp,"searchGlobalUsersByAppAccess");function zA(t,e){if(e)return pu(He(t),e._id)}s(zA,"getGlobalUserByAppPage");async function JA(t,e,r){if(typeof t!="string")throw new Error("Must provide a string to search by");let n=t.toLowerCase(),i=e&&e.startkey?e.startkey:n,o=await qt("by_email2",{...e,startkey:i,endkey:`${n}${Ne}`});o||(o=[]);let a=Array.isArray(o)?o:[o];return r?.cleanup&&(a=Do(a)),a}s(JA,"searchGlobalUsersByEmail");var BL=8;async function ZA({bookmark:t,query:e,appId:r,limit:n}={}){let i=Y(),o=n??BL,u={include_docs:!0,limit:o+1};t&&(u.startkey=t);let c,l="_id",d;return e?.equal?._id?c=[await _n(e.equal._id)]:r?(c=await YA(r,u),d=s(f=>zA(r,f),"getKey")):e?.string?.email?(c=await JA(e?.string?.email,u),l="email"):e?.oneOf?._id?c=await ic(e?.oneOf?._id,{cleanup:!0}):e?(c=(await i.allDocs(on(null,{...u,limit:void 0}))).rows.map(h=>h.doc),c=mr.search(c,{query:e,limit:u.limit}).rows):c=(await i.allDocs(on(null,u))).rows.map(h=>h.doc),Nf(c,o,{paginate:!0,property:l,getKey:d})}s(ZA,"paginatedUsers");async function WL(){return(await Bs("by_email2",{limit:0,include_docs:!1})).total_rows}s(WL,"getUserCount");async function $L(){let t=0;async function e(r){let n=await ZA({bookmark:r}),i=await An(n.data);t+=i.filter(o=>o).length,n.hasNextPage&&await e(n.nextPage)}return s(e,"iterate"),await e(),t}s($L,"getCreatorCount");function GL(t){return delete t.admin,delete t.builder,t}s(GL,"removePortalUserPermissions");function qp(t,e){return delete t.admin,delete t.builder,delete t.roles,e&&(t.admin=e.admin,t.builder=e.builder,t.roles=e.roles),t}s(qp,"cleanseUserObject");async function VL(t,e){let r=He(e);t.builder??={},t.builder.creator=!0,t.builder.apps??=[],t.builder.apps.push(r),await xt.save(t,{hashPassword:!1})}s(VL,"addAppBuilder");async function qL(t,e){let r=He(e);t.builder&&t.builder.apps?.includes(r)&&(t.builder.apps=t.builder.apps.filter(n=>n!==r)),await xt.save(t,{hashPassword:!1})}s(qL,"removeAppBuilder");var XA=3600;async function KL(t,e){let n=await Ff(e).get(t);if(n.budibaseAccess=!0,!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let i=await Rr(n.email);i&&(n.account=i,n.accountPortalAccess=!0)}return n}s(KL,"populateFromDB");async function QL(t){let e=await xt.bulkGet(t),r=t.filter((i,o)=>!e[o]),n=e.filter(i=>i);return await Promise.all(n.map(async i=>{if(i.budibaseAccess=!0,!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let o=await Rr(i.email);o&&(i.account=o,i.accountPortalAccess=!0)}})),r.length?{users:n,notFoundIds:r}:{users:n}}s(QL,"populateUsersFromDB");async function Ro({userId:t,tenantId:e,email:r,populateUser:n}){if(n||(n=KL),!e)try{e=$()}catch{e=await yt.lookupTenantId(t)}let i=await vs(),o=await i.get(t);return o||(o=await n(t,e,r),await i.store(t,o,XA)),o&&!o.tenantId&&e&&(o.tenantId=e),o.userGroups&&!Me.users.isGlobalBuilder(o)&&await Ce(e,async()=>{let a=await xt.getGroupBuilderAppIds(o);if(a.length){let u=o.builder?.apps||[];o.builder={apps:[...new Set(u.concat(a))]}}}),o}s(Ro,"getUser");async function jL(t){let e=await vs(),r=await e.bulkGet(t),n=t.filter(a=>!r[a]),i=Object.values(r).filter(a=>!!a),o;if(n.length){let a=await QL(n);o=a.notFoundIds;for(let u of a.users)await e.store(u._id,u,XA);i.push(...a.users)}return{users:i,notFoundIds:o}}s(jL,"getUsers");async function Co(t){await(await vs()).delete(t)}s(Co,"invalidateUser");var Hp={};P(Hp,{Writethrough:()=>Qp});var e_=1e4,Kp=null;async function sc(){if(!Kp){let t=await Df();Kp=new fn(t)}return Kp}s(sc,"getCache");function bo(t,e){return t.name+e}s(bo,"makeCacheKey");function jp(t,e=null){return{doc:t,lastWrite:e||Date.now()}}s(jp,"makeCacheItem");async function HL(t,e,r=e_){let n=await sc(),i=e._id,o;i&&(o=await n.get(bo(t,i)));let a=!o||o.lastWrite<Date.now()-r,u=e;return a&&((await no({type:"try_once",name:"persist_writethrough",resource:i,ttl:15e3},async()=>{let l=s(async d=>{let f=await t.put(d,{force:!0});u._id=f.id,u._rev=f.rev},"writeDb");try{await l(e)}catch(d){if(d.status!==409)throw d;ci("Ignoring conflict in write-through cache")}})).executed||ci("Ignoring redlock conflict in write-through cache")),o=jp(u,a?null:o?.lastWrite),u._id&&await n.store(bo(t,u._id),o),{ok:!0,id:u._id,rev:u._rev}}s(HL,"put");async function YL(t,e){let r=await sc(),n=bo(t,e),i=await r.get(n);if(!i){let o=await t.get(e);i=jp(o),await r.store(n,i)}return i.doc}s(YL,"get");async function zL(t,e){let r=await sc(),n=bo(t,e),i=await r.get(n);if(!i){let o=await t.tryGet(e);if(!o)return null;i=jp(o),await r.store(n,i)}return i.doc}s(zL,"tryGet");async function JL(t,e,r){let n=await sc();if(!e)throw new Error("No ID/Rev provided.");let i=typeof e=="string"?e:e._id;r=typeof e=="string"?r:e._rev;try{await n.delete(bo(t,i))}finally{await t.remove(i,r)}}s(JL,"remove");var Qp=class{static{s(this,"Writethrough")}constructor(e,r=e_){this.db=e,this.writeRateMs=r}async put(e,r=this.writeRateMs){return HL(this.db,e,r)}async get(e){return YL(this.db,e)}async tryGet(e){return zL(this.db,e)}async remove(e,r){return JL(this.db,e,r)}};function xo(t){return`config${C}${t}`}s(xo,"generateConfigID");var oc="en";function ZL(){return{_id:xo("translations"),type:"translations",config:{defaultLocale:oc,locales:{[oc]:{label:"English",overrides:{}}}}}}s(ZL,"createDefaultTranslationsConfig");function XL(t){let e=t?.defaultLocale||oc,r={...t?.locales??{}};r[e]||(r[e]={label:e===oc?"English":e,overrides:{}});for(let n of Object.keys(r))r[n].overrides||(r[n]={...r[n],overrides:{}});return{defaultLocale:e,locales:r}}s(XL,"prepareTranslationsConfig");async function ve(t){let e=Y();try{return await e.get(xo(t))}catch(r){if(r.status===404)return;throw r}}s(ve,"getConfig");async function e0(t){return t._id||(t._id=xo(t.type)),Y().put(t)}s(e0,"save");async function t_(){let t=await ve("translations");return t?(t.config=XL(t.config),t):ZL()}s(t_,"getTranslationsConfigDoc");async function t0(){return(await t_()).config}s(t0,"getTranslationsConfig");async function yi(){let t=await ve("settings");return t||(t={_id:xo("settings"),type:"settings",config:{}}),t.config.platformUrl=await vo({tenantAware:!0,config:t.config}),t.config.analyticsEnabled=await ju({config:t.config}),t}s(yi,"getSettingsConfigDoc");async function zp(){return(await yi()).config}s(zp,"getSettingsConfig");async function vo(t={tenantAware:!0}){let e=g.PLATFORM_URL||"http://localhost:10000";if(!g.SELF_HOSTED&&g.MULTI_TENANCY&&t.tenantAware){let r=$();e.includes("localhost:")||(e=e.replace("://",`://${r}.`))}else if(g.SELF_HOSTED){let r=t?.config?t.config:(await ve("settings"))?.config;r?.platformUrl&&(e=r.platformUrl)}return e}s(vo,"getPlatformUrl");var ju=s(async t=>{if(!g.SELF_HOSTED)return!!g.ENABLE_ANALYTICS;let e=await wr(ye.ANALYTICS_ENABLED,86400,async()=>{let n=t?.config?t.config:(await ve("settings"))?.config;if(n?.analyticsEnabled===!1)return!1;if(n?.analyticsEnabled===!0)return!0});if(e!==void 0)return e;let r=g.ENABLE_ANALYTICS;return!(r===0||r===!1)},"analyticsEnabled");async function r0(){return await ve("google")}s(r0,"getGoogleConfigDoc");async function uc(){return(await r0())?.config}s(uc,"getGoogleConfig");async function Jp(){if(!g.SELF_HOSTED)return Yp();let t=await uc();return(!t||!t.activated)&&(t=Yp()),t}s(Jp,"getGoogleDatasourceConfig");function Yp(){if(g.GOOGLE_CLIENT_ID&&g.GOOGLE_CLIENT_SECRET)return{clientID:g.GOOGLE_CLIENT_ID,clientSecret:g.GOOGLE_CLIENT_SECRET,activated:!0}}s(Yp,"getDefaultGoogleConfig");async function n0(){return ve("logos_oidc")}s(n0,"getOIDCLogosDoc");async function i0(){return ve("oidc")}s(i0,"getOIDCConfigDoc");async function s0(){let t=(await i0())?.config;return t?.configs&&t.configs[0]}s(s0,"getOIDCConfig");async function Zp(t){let e=(await ve("oidc"))?.config;return e&&e.configs.filter(r=>r.uuid===t)[0]}s(Zp,"getOIDCConfigById");async function r_(){return ve("smtp")}s(r_,"getSMTPConfigDoc");async function o0(t){let e=await r_();if(e)return e.config;let r=g.SELF_HOSTED||!t;if(g.SMTP_FALLBACK_ENABLED&&r)return{port:g.SMTP_PORT,host:g.SMTP_HOST,secure:!1,from:g.SMTP_FROM_ADDRESS,auth:{user:g.SMTP_USER,pass:g.SMTP_PASSWORD},fallback:!0}}s(o0,"getSMTPConfig");async function a0(){return(await ve("scim"))?.config}s(a0,"getSCIMConfig");async function u0(){return ve("ai")}s(u0,"getAIConfig");async function c0(){return ve("recaptcha")}s(c0,"getRecaptchaConfig");var um={};P(um,{AccessController:()=>tm,BUILTIN_ROLE_IDS:()=>rm,Role:()=>xr,RoleHierarchyTraversal:()=>cc,RoleIDVersion:()=>nm,builtinRoleToNumber:()=>Po,checkForRoleResourceArray:()=>o_,externalRole:()=>h0,findRole:()=>No,getAllRoleIds:()=>T0,getAllRoles:()=>am,getBuiltinRole:()=>i_,getBuiltinRoles:()=>sm,getDBRoleID:()=>a_,getExternalRoleID:()=>vr,getExternalRoleIDs:()=>u_,getRole:()=>g0,getUserRoleHierarchy:()=>om,getUserRoleIdHierarchy:()=>s_,isBuiltin:()=>On,lowerBuiltinRoleID:()=>m0,prefixRoleIDNoBuiltin:()=>em,roleIDsAreEqual:()=>ot,roleToNumber:()=>p0,saveRoles:()=>E0,validInherits:()=>f0});var n_=require("lodash"),lc=B(require("lodash/fp/cloneDeep")),Xp=B(require("semver"));var rm={ADMIN:"ADMIN",POWER:"POWER",BASIC:"BASIC",PUBLIC:"PUBLIC"},ie={...rm,BUILDER:"BUILDER"},nm={UUID:void 0,NAME:"name"};function d0(t,e){return Array.isArray(e)?e.filter(r=>t.includes(r)).length===e.length:t.includes(e)}s(d0,"rolesInList");var xr=class{constructor(e,r,n,i){this.permissions={};this._id=e,this.name=r,this.uiMetadata=i,this.permissionId=n,this.version=nm.NAME}static{s(this,"Role")}addInheritance(e){return e&&typeof e=="string"?e=em(e):e&&Array.isArray(e)&&(e=e.map(em)),this.inherits=e,this}},cc=class{static{s(this,"RoleHierarchyTraversal")}constructor(e,r){this.allRoles=e,this.opts=r}walk(e){let r=this.opts,n=this.allRoles,i=[];if(!e||!e._id)return i;if(i.push(e),Array.isArray(e.inherits))for(let o of e.inherits){let a=No(o,n,r);a&&(i=i.concat(this.walk(a)))}else{let o=[],a=e;for(;a&&a.inherits&&!d0(o,a.inherits);){if(Array.isArray(a.inherits))return i.concat(this.walk(a));if(o.push(a.inherits),a=No(a.inherits,n,r),a&&i.push(a),Le.roles.checkForRoleInheritanceLoops(i))break}}return(0,n_.uniqBy)(i,o=>o._id)}},im={ADMIN:new xr(ie.ADMIN,ie.ADMIN,"admin",{displayName:"Admin user",description:"Can do everything",color:"var(--spectrum-global-color-static-red-400)"}).addInheritance(ie.POWER),POWER:new xr(ie.POWER,ie.POWER,"power",{displayName:"App power user",description:"An app user with more access",color:"var(--spectrum-global-color-static-orange-400)"}).addInheritance(ie.BASIC),BASIC:new xr(ie.BASIC,ie.BASIC,"write",{displayName:"Basic user",description:"Any logged in user",color:"var(--spectrum-global-color-static-green-400)"}).addInheritance(ie.PUBLIC),PUBLIC:new xr(ie.PUBLIC,ie.PUBLIC,"public",{displayName:"Public user",description:"Accessible to anyone",color:"var(--spectrum-global-color-static-blue-400)"}),BUILDER:new xr(ie.BUILDER,ie.BUILDER,"admin",{displayName:"Builder user",description:"Users that can edit this app",color:"var(--spectrum-global-color-static-magenta-600)"})};function sm(){return(0,lc.default)(im)}s(sm,"getBuiltinRoles");function On(t){return Object.values(rm).includes(t)}s(On,"isBuiltin");function em(t){return On(t)?t:Gt(t)}s(em,"prefixRoleIDNoBuiltin");function i_(t){let e=Object.values(im).find(r=>t.includes(r._id));if(e)return(0,lc.default)(e)}s(i_,"getBuiltinRole");function f0(t,e){if(!e)return!1;let r=s(n=>t.find(i=>ot(i._id,n)),"find");if(Array.isArray(e)){let n=e.filter(i=>r(i));return e.length!==0&&n.length===e.length}else return!!r(e)}s(f0,"validInherits");function Po(t){let e=sm(),r=Object.values(e).length+1;if(ot(t,ie.ADMIN)||ot(t,ie.BUILDER))return r;let n=e[t],i=0;do{if(!n)break;if(Array.isArray(n.inherits))throw new Error("Built-in roles don't support multi-inheritance");n=e[n.inherits],i++}while(n!==null);return i}s(Po,"builtinRoleToNumber");async function p0(t){if(On(t))return Po(t);let e=await om(t,{defaultPublic:!0}),r=s(n=>{if(!n.inherits)return 0;if(Array.isArray(n.inherits)){let i=n.inherits.map(o=>{let a=e.find(u=>ot(u._id,o));if(a)return r(a)+1}).filter(o=>o).sort().pop();if(i!=null)return i}else if(On(n.inherits))return Po(n.inherits)+1;return 0},"findNumber");return Math.max(...e.map(r))}s(p0,"roleToNumber");function m0(t,e){return t?e&&Po(t)>Po(e)?e:t:e}s(m0,"lowerBuiltinRoleID");function ot(t,e){return Gt(t)===Gt(e)}s(ot,"roleIDsAreEqual");function h0(t){let e;return t._id&&(e=vr(t._id)),{...t,_id:e,inherits:u_(t.inherits,t.version)}}s(h0,"externalRole");function No(t,e,r){let n=i_(t);n||(t=Gt(t));let i=e.find(o=>o._id&&ot(o._id,t));return!i&&!On(t)&&r?.defaultPublic?(0,lc.default)(im.PUBLIC):(n=Object.assign(n||{},i),n?._id&&(n._id=vr(n._id,n.version)),Object.keys(n).length===0?void 0:n)}s(No,"findRole");async function g0(t,e){let r=ei(),n=[];if(!On(t)){let i=await r.tryGet(a_(t));i&&n.push(i)}return No(t,n,e)}s(g0,"getRole");async function E0(t){await ei().bulkDocs(t.filter(r=>r._id).map(r=>({...r,_id:Gt(r._id)})))}s(E0,"saveRoles");async function y0(t,e){let r=await am();if(ot(t,ie.ADMIN))return r;let n=No(t,r,e),i=[];return n&&(i=new cc(r,e).walk(n)),i}s(y0,"getAllUserRoles");async function s_(t){return(await om(t)).map(r=>r._id)}s(s_,"getUserRoleIdHierarchy");async function om(t,e){return y0(t,e)}s(om,"getUserRoleHierarchy");function o_(t,e){if(t&&!Array.isArray(t[e])){let r=t[e];t[e]=[r],r==="write"&&t[e].push("read")}return t}s(o_,"checkForRoleResourceArray");async function T0(t){return(await am(t)).map(r=>r._id)}s(T0,"getAllRoleIds");async function am(t){if(t)return je(t,e);{let r;try{r=ei()}catch{}return e(r)}async function e(r){let n=[];r&&(n=(await r.allDocs(mu(null,{include_docs:!0}))).rows.map(u=>u.doc),n.forEach(u=>u._id=vr(u._id,u.version)));let i=sm(),o=[];!r||await S0(r)?o=[ie.ADMIN,ie.POWER,ie.BASIC,ie.PUBLIC]:o=[ie.ADMIN,ie.BASIC,ie.PUBLIC];for(let a of o){let u=i[a],c=n.filter(l=>ot(l._id,a))[0];c==null?n.push(u||i.BASIC):(n=n.filter(l=>l._id!==c._id),c._id=vr(u._id,c.version),n.push({...u,...c,name:u.name,_id:vr(u._id,u.version),uiMetadata:{...c.uiMetadata,...u.uiMetadata}}))}for(let a of n)if(a.permissions)for(let u of Object.keys(a.permissions))a.permissions=o_(a.permissions,u);return n}s(e,"internal")}s(am,"getAllRoles");async function S0(t){let r=(await t.tryGet("app_metadata"))?.creationVersion;return!r||!Xp.default.valid(r)?!0:!Xp.default.gte(r,g.MIN_VERSION_WITHOUT_POWER_ROLE)}s(S0,"shouldIncludePowerRole");var tm=class{static{s(this,"AccessController")}constructor(){this.userHierarchies={}}async hasAccess(e,r){if(e==null||e===""||ot(e,ie.BUILDER)||ot(r,e)||ot(r,ie.BUILDER))return!0;let n=r?this.userHierarchies[r]:null;return!n&&r&&(n=await s_(r),this.userHierarchies[r]=n),n?.find(i=>ot(i,e))!==void 0}async checkScreensAccess(e,r){let n=[];for(let i of e){let o=await this.checkScreenAccess(i,r);o&&n.push(o)}return n}async checkScreenAccess(e,r){let n=e&&e.routing?e.routing.roleId:void 0;return await this.hasAccess(n,r)?e:null}};function a_(t){return t?.startsWith("role")?t:Gt(t)}s(a_,"getDBRoleID");function vr(t,e){if(t.startsWith(`role${C}`)&&(On(t)||e===nm.NAME)){let r=t.split(C);return r.shift(),r.join(C)}return t}s(vr,"getExternalRoleID");function u_(t,e){return t&&(typeof t=="string"?vr(t,e):t.map(r=>vr(r,e)))}s(u_,"getExternalRoleIDs");var cm={};P(cm,{BUILDER:()=>w0,BUILTIN_PERMISSIONS:()=>dc,CREATOR:()=>D0,GLOBAL_BUILDER:()=>R0,PermissionImpl:()=>se,PermissionLevel:()=>Ri,PermissionType:()=>Go,doesHaveBasePermission:()=>O0,getAllowedLevels:()=>f_,getBuiltinPermissionByID:()=>_0,getBuiltinPermissions:()=>A0,isPermissionLevelHigherThanRead:()=>I0,levelToNumber:()=>d_});var c_=B(require("lodash/flatten")),l_=B(require("lodash/fp/cloneDeep"));var se=class{static{s(this,"PermissionImpl")}constructor(e,r){this.type=e,this.level=r}};function d_(t){switch(t){case"execute":return 0;case"read":return 1;case"write":return 2;case"admin":return 3;default:return-1}}s(d_,"levelToNumber");function f_(t){switch(t){case"execute":return["execute"];case"read":return["execute","read"];case"write":case"admin":return["execute","read","write"];default:return[]}}s(f_,"getAllowedLevels");var dc={PUBLIC:{_id:"public",name:"Public",permissions:[new se("webhook","execute")]},READ_ONLY:{_id:"read_only",name:"Read only",permissions:[new se("query","read"),new se("table","read"),new se("app","read")]},WRITE:{_id:"write",name:"Read/Write",permissions:[new se("query","write"),new se("table","write"),new se("automation","execute"),new se("legacy_view","read"),new se("app","read")]},POWER:{_id:"power",name:"Power",permissions:[new se("table","write"),new se("user","read"),new se("automation","execute"),new se("webhook","read"),new se("legacy_view","read"),new se("app","read")]},ADMIN:{_id:"admin",name:"Admin",permissions:[new se("table","admin"),new se("user","admin"),new se("automation","admin"),new se("webhook","read"),new se("query","admin"),new se("legacy_view","read"),new se("app","read")]}};function A0(){return(0,l_.default)(dc)}s(A0,"getBuiltinPermissions");function _0(t){return Object.values(dc).find(r=>r._id===t)}s(_0,"getBuiltinPermissionByID");function O0(t,e,r){let n=[...new Set(r.map(a=>a.permissionId))],i=Object.values(dc),o=(0,c_.default)(i.filter(a=>n.indexOf(a._id)!==-1).map(a=>a.permissions));for(let a of o)if(a.type===t&&f_(a.level).indexOf(e)!==-1)return!0;return!1}s(O0,"doesHaveBasePermission");function I0(t){return d_(t)>1}s(I0,"isPermissionLevelHigherThanRead");var w0="builder",D0="creator",R0="globalBuilder";var fm={};P(fm,{FlagSet:()=>pc,all:()=>P0,flags:()=>lm,getEnvFlags:()=>g_,init:()=>C0,isEnabled:()=>v0,parseEnvFlags:()=>hc,shutdown:()=>b0,testutils:()=>dm});var mc=B(require("crypto")),p_=B(require("dd-trace")),m_=require("lodash"),h_=require("posthog-node");var fc;function C0(t){g.POSTHOG_TOKEN&&g.POSTHOG_API_HOST&&!g.SELF_HOSTED&&g.POSTHOG_FEATURE_FLAGS_ENABLED?(console.log("initializing posthog client..."),fc=new h_.PostHog(g.POSTHOG_TOKEN,{host:g.POSTHOG_API_HOST,personalApiKey:g.POSTHOG_PERSONAL_TOKEN,featureFlagsPollingInterval:pe.fromMinutes(3).toMs(),...t})):console.log("posthog disabled")}s(C0,"init");function b0(){fc?.shutdown()}s(b0,"shutdown");function hc(t){let e=t.split(",").map(n=>n.split(":")),r=[];for(let[n,...i]of e)for(let o of i){let a=!0;o.startsWith("!")&&(o=o.slice(1),a=!1),r.push({tenantId:n,key:o,value:a})}return r}s(hc,"parseEnvFlags");function g_(){return hc(g.TENANT_FEATURE_FLAGS||"")}s(g_,"getEnvFlags");var pc=class{constructor(e){this.flagSchema=e;this.setId=mc.randomUUID()}static{s(this,"FlagSet")}defaults(){return(0,m_.cloneDeep)(this.flagSchema)}isFlagName(e){return this.flagSchema[e]!==void 0}async isEnabled(e){return(await this.fetch())[e]}async fetch(){return await p_.default.trace("features.fetch",async e=>{let r=Sf(this.setId);if(r)return e?.addTags({fromCache:!0}),r;let n={},i=this.defaults(),o=$(),a=new Set;if(Xa())return i;for(let{tenantId:f,key:h,value:p}of g_())if(!(!f||f!=="*"&&f!==o)&&(n.readFromEnvironmentVars=!0,p===!1&&a.add(h),!!this.isFlagName(h))){if(typeof i[h]!="boolean")throw new Error(`Feature: ${h} is not a boolean`);i[h]=p,n[`flags.${h}.source`]="environment"}let u=$t(),c=u?._id;if(!c){let f=yf();f&&(c=mc.createHash("sha512").update(f).digest("hex"))}let l=u?.tenantId;if(l||(l=o),n["identity.type"]=u?.type,n["identity._id"]=u?._id,n.tenantId=l,n.userId=c,fc&&c){n.readFromPostHog=!0;let f=await yi(),h={tenantId:l},p={tenant:{id:l}};f.config.createdVersion&&(p.tenant.createdVersion=f.config.createdVersion),f.createdAt&&(p.tenant.createdAt=`${f.createdAt}`);let S=await fc.getAllFlags(c,{personProperties:h,onlyEvaluateLocally:!0,groups:{tenant:l},groupProperties:p});for(let[m,E]of Object.entries(S))if(this.isFlagName(m)){if(typeof E!="boolean"){console.warn(`Invalid value for posthog flag "${m}": ${E}`);continue}if(!(i[m]===!0||a.has(m)))try{i[m]=E,n[`flags.${m}.source`]="posthog"}catch(y){console.warn(`Error parsing posthog flag "${m}": ${E}`,y)}}}let d=_f();for(let[f,h]of Object.entries(d))this.isFlagName(f)&&typeof h=="boolean"&&(i[f]=h,n[`flags.${f}.source`]="override");Af(this.setId,i);for(let[f,h]of Object.entries(i))n[`flags.${f}.value`]=h;return e?.addTags(n),i})}},x0={USE_ZOD_VALIDATOR:!1,AI_AGENTS:!1,AI_CHAT:!1,AI_RAG:!1,WORKSPACE_HOME:!1,DEBUG_UI:g.isDev(),DEV_USE_CLIENT_FROM_STORAGE:!1,USE_NEW_AICONFIGS:!1},lm=new pc(x0);async function v0(t){return await lm.isEnabled(t)}s(v0,"isEnabled");async function P0(){return await lm.fetch()}s(P0,"all");var dm={};P(dm,{setFeatureFlags:()=>E_,withFeatureFlags:()=>L0});function N0(){let t={};for(let{tenantId:e,key:r,value:n}of hc(process.env.TENANT_FEATURE_FLAGS||"")){let i=t[e]||{};i[r]!==!1&&(i[r]=n,t[e]=i)}return t}s(N0,"getCurrentFlags");function U0(t){let e=[];for(let[r,n]of Object.entries(t))for(let[i,o]of Object.entries(n))o===!1?e.push(`${r}:!${i}`):e.push(`${r}:${i}`);return e.join(",")}s(U0,"buildFlagString");function E_(t,e){let r=N0();for(let[i,o]of Object.entries(e)){let a=r[t]||{};a[i]=o,r[t]=a}let n=U0(r);return Os({TENANT_FEATURE_FLAGS:n})}s(E_,"setFeatureFlags");function L0(t,e,r){let n=E_(t,e),i=r();return i instanceof Promise?i.finally(n):(n(),i)}s(L0,"withFeatureFlags");var Im={};P(Im,{adminOnly:()=>gc,auditLog:()=>Ec,authError:()=>Oe,buildAuthMiddleware:()=>SM,buildCsrfMiddleware:()=>_M,buildTenancyMiddleware:()=>AM,builderOnly:()=>Dc,builderOrAdmin:()=>Rc,google:()=>tr,internalApi:()=>bc,joiValidator:()=>Uo,oidc:()=>rr,passport:()=>OM,platformLogout:()=>CM,refreshOAuthToken:()=>DM,ssoCallbackUrl:()=>Nr,updateUserOAuth:()=>RM,workspaceBuilderOrAdmin:()=>Pc});var Om={};P(Om,{activeTenant:()=>G_,adminOnly:()=>gc,auditLog:()=>Ec,authError:()=>Oe,authenticated:()=>wc,builderOnly:()=>Dc,builderOrAdmin:()=>Rc,correlation:()=>T_,csp:()=>b_,csrf:()=>Cc,datasource:()=>yM,errorHandling:()=>v_,featureFlagCookie:()=>P_,google:()=>tr,internalApi:()=>bc,ip:()=>N_,joiValidator:()=>Uo,local:()=>_i,oidc:()=>rr,pino:()=>S_,querystringToBody:()=>$_,ssoCallbackUrl:()=>Nr,tenancy:()=>vc,workspaceBuilderOrAdmin:()=>Pc});var y_=require("uuid");var M0=require("correlation-id"),T_=s((t,e)=>{let r=t.headers["x-budibase-correlation-id"];return r||(r=(0,y_.v4)()),M0.withId(r,()=>e())},"correlationMiddleware");var k0=require("koa-pino-logger"),F0=require("correlation-id");function B0(){return{logger:xu,genReqId:F0.getId,autoLogging:{ignore:t=>!!t.url?.includes("/health")},serializers:{req:t=>({method:t.method,url:t.url,correlationId:t.id}),res:t=>({status:t.statusCode})}}}s(B0,"pinoSettings");function W0(){return g.HTTP_LOGGING?k0(B0()):(t,e)=>e()}s(W0,"getMiddleware");var S_=W0();var gc=s(async(t,e)=>(!t.internal&&!bt(t.user)&&t.throw(403,"Admin user only endpoint."),e()),"adminOnly");var Ec=s(async(t,e)=>e(),"auditLog");var $0=/\/:(.*?)(\/.*)?$/g,Xt=s(t=>t?t.map(e=>{let r=e.route,n=e.method,i=r.match($0);if(i)for(let o of i){let u="/.*"+(o.endsWith("/")?"/":"");r=r.replace(o,u)}return{regex:new RegExp(r),method:n,route:r}}):[],"buildMatcherRegex"),er=s((t,e)=>e.find(({regex:r,method:n})=>{let i=r.test(t.request.url),o=n==="ALL"?!0:t.request.method.toLowerCase()===n.toLowerCase();return i&&o}),"matches");var Em={};P(Em,{SecretOption:()=>O_,compare:()=>K0,decrypt:()=>Ac,decryptFile:()=>H0,encrypt:()=>q0,encryptFile:()=>Q0,getSecret:()=>gm});var vt=B(require("crypto")),Pr=B(require("fs")),pm=require("path"),mm=B(require("zlib"));var yc="aes-256-ctr",__="-",G0=1e4,V0=32,Tc=16,hm=16,O_=(r=>(r.API="api",r.ENCRYPTION="encryption",r))(O_||{});function gm(t){let e,r;switch(t){case"encryption":e=g.ENCRYPTION_KEY,r="ENCRYPTION_KEY";break;case"api":default:e=g.API_ENCRYPTION_KEY,r="API_ENCRYPTION_KEY";break}if(!e)throw new Error(`Secret "${r}" has not been set in environment.`);return e}s(gm,"getSecret");function Sc(t,e){return vt.default.pbkdf2Sync(t,new Uint8Array(e),G0,V0,"sha512")}s(Sc,"stretchString");function q0(t,e="api"){let r=vt.default.randomBytes(Tc),n=Sc(gm(e),r),i=vt.default.createCipheriv(yc,new Uint8Array(n),new Uint8Array(r)),o=i.update(t,"utf8"),a=i.final(),u=Buffer.concat([new Uint8Array(o),new Uint8Array(a)]).toString("hex");return`${r.toString("hex")}${__}${u}`}s(q0,"encrypt");function Ac(t,e="api"){let[r,n]=t.split(__),i=Buffer.from(r,"hex"),o=Sc(gm(e),i),a=vt.default.createDecipheriv(yc,new Uint8Array(o),new Uint8Array(i)),u=a.update(n,"hex"),c=a.final();return Buffer.concat([new Uint8Array(u),new Uint8Array(c)]).toString()}s(Ac,"decrypt");function K0(t,e,r="api"){try{let n=new TextEncoder,i=n.encode(Ac(e,r)),o=n.encode(t);return i.length!==o.length?!1:vt.default.timingSafeEqual(i,o)}catch{return!1}}s(K0,"compare");async function Q0({dir:t,filename:e},r){let n=`${e}.enc`,i=(0,pm.join)(t,e);if(Pr.default.lstatSync(i).isDirectory())throw new Error("Unable to encrypt directory");let o=Pr.default.createReadStream(i),a=Pr.default.createWriteStream((0,pm.join)(t,n)),u=vt.default.randomBytes(Tc),c=vt.default.randomBytes(hm),l=Sc(r,u),d=vt.default.createCipheriv(yc,new Uint8Array(l),new Uint8Array(c));return a.write(u),a.write(c),o.pipe(mm.default.createGzip()).pipe(d).pipe(a),new Promise(f=>{a.on("finish",()=>{f({filename:n,dir:t})})})}s(Q0,"encryptFile");async function j0(t){let e=Pr.default.createReadStream(t),r=await A_(e,Tc),n=await A_(e,hm);return e.close(),{salt:r,iv:n}}s(j0,"getSaltAndIV");async function H0(t,e,r){if(Pr.default.lstatSync(t).isDirectory())throw new Error("Unable to decrypt directory");let{salt:n,iv:i}=await j0(t),o=Pr.default.createReadStream(t,{start:Tc+hm}),a=Pr.default.createWriteStream(e),u=Sc(r,n),c=vt.default.createDecipheriv(yc,new Uint8Array(u),new Uint8Array(i)),l=mm.default.createGunzip();return o.pipe(c).pipe(l).pipe(a),new Promise((d,f)=>{a.on("finish",()=>{a.close(),d()}),o.on("error",h=>{a.close(),f(h)}),c.on("error",h=>{a.close(),f(h)}),l.on("error",h=>{a.close(),f(h)}),a.on("error",h=>{a.close(),f(h)})})}s(H0,"decryptFile");function A_(t,e){return new Promise((r,n)=>{let i=0,o=[];t.on("readable",()=>{let a;for(;(a=t.read(e-i))!==null;)o.push(a),i+=a.length;r(Buffer.concat(o.map(u=>new Uint8Array(u))))}),t.on("end",()=>{n(new Error("Insufficient data in the stream."))}),t.on("error",a=>{n(a)})})}s(A_,"readBytes");var ym={};P(ym,{APIWarning:()=>In,FeatureDisabledWarning:()=>Oc,InvalidAPIKeyWarning:()=>Ai,UsageLimitWarning:()=>_c});var In=class extends Error{constructor(r,n){super(r);this.code=n}static{s(this,"APIWarning")}},Ai=class extends In{static{s(this,"InvalidAPIKeyWarning")}constructor(){super("Invalid API key","invalid_api_key")}},_c=class extends In{constructor(r){super(`Usage limit exceeded: '${r}'`,"usage_limit_exceeded");this.limitName=r}static{s(this,"UsageLimitWarning")}getPublicWarning(){return{limitName:this.limitName}}},Oc=class extends In{constructor(r){super(`Feature disabled: '${r}'`,"feature_disabled");this.featureName=r,this.status=400}static{s(this,"FeatureDisabledWarning")}getPublicWarning(){return{featureName:this.featureName}}getPublicError(){return{featureName:this.featureName}}};var w_=B(require("dd-trace"));var z0=g.SESSION_UPDATE_PERIOD?parseInt(g.SESSION_UPDATE_PERIOD):60*1e3;function J0(){return new Date(Date.now()-z0).toISOString()}s(J0,"timeMinusOneMinute");function I_(t,e={}){t.publicEndpoint=e.publicEndpoint||!1,t.isAuthenticated=e.authenticated||!1,t.loginMethod=e.loginMethod,t.user=e.user,t.internal=e.internal||!1,t.version=e.version}s(I_,"finalise");async function Z0(t,e){if(Vs(t))return{valid:!0,user:void 0};let n=Ac(t).split(C)[0];return Ce(n,async()=>{let i;try{let o=Y();i=await qt("by_api_key",{key:t},o)}catch{i=void 0}if(i)return{valid:!0,user:await Ro({userId:i,tenantId:n,populateUser:e})};throw new Ai})}s(Z0,"checkApiKey");function Ic(t,e){let r=t.request.headers[e];if(Array.isArray(r))throw new Error("Unexpected header format");return r}s(Ic,"getHeader");function wc(t=[],e={publicAllowed:!1}){let r=t?Xt(t):[];return async(n,i)=>{let o=!1,a=Ic(n,"x-budibase-api-version");er(n,r)&&(o=!0);try{let c=Ic(n,"x-budibase-token"),l=Qt(n,"budibase:auth")||gu(c),d=Ic(n,"x-budibase-api-key");!d&&n.request.headers.authorization&&(d=n.request.headers.authorization.split(" ")[1]);let f=Ic(n,"x-budibase-tenant-id"),h=!1,p,S=!1,m;if(l&&!d){let y=l.sessionId,I=l.userId,_;try{_=await Cp(I,y),e&&e.populateUser?p=await Ro({userId:I,tenantId:_.tenantId,email:_.email,populateUser:e.populateUser(n)}):p=await Ro({userId:I,tenantId:_.tenantId,email:_.email}),p.csrfToken=_.csrfToken,m="cookie",_?.lastAccessedAt<J0()&&await Rp(_),h=!0}catch(D){h=!1,console.warn(`Auth Error: ${D.message}`),Ar(n,"budibase:auth")}}if(!h&&d){let y=e.populateUser?e.populateUser(n):null,{valid:I,user:_}=await Z0(d,y);I&&(h=!0,m="api_key",p=_,S=!_)}!p&&f?p={tenantId:f}:p&&"password"in p&&delete p.password,h||(h=!1);let E=s(y=>y&&y.email,"isUser");return E(p)&&w_.default.setUser({id:p._id,tenantId:p.tenantId,budibaseAccess:p.budibaseAccess,status:p.status}),I_(n,{authenticated:h,user:p,internal:S,version:a,publicEndpoint:o,loginMethod:m}),E(p)?ef(p,n,i):i()}catch(c){if(console.warn(`Auth Error: ${c.message}`),c?.name==="JsonWebTokenError"?Ar(n,"budibase:auth"):c?.code==="invalid_api_key"&&n.throw(403,c.message),e&&e.publicAllowed||o)return I_(n,{authenticated:!1,version:a,publicEndpoint:o}),i();n.throw(c.status||403,c)}}}s(wc,"authenticated");async function Dc(t,e){if(t.internal)return e();let r=await un(t);return!r&&!g.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!Fe(t.user)?t.throw(403,"Builder user only endpoint."):r&&!Si(t.user,r)&&t.throw(403,"Workspace builder user only endpoint."),e()}s(Dc,"builderOnly");async function Rc(t,e){if(t.internal||bt(t.user))return e();let r=await un(t);return!r&&!g.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!Fe(t.user)?t.throw(403,"Admin/Builder user only endpoint."):r&&!Si(t.user,r)&&t.throw(403,"Workspace Admin/Builder user only endpoint."),e()}s(Rc,"builderOrAdmin");var C_=B(require("crypto"));var D_={"default-src":["'self'"],"script-src":["'self'","'unsafe-eval'","https://*.budibase.net","https://cdn.budi.live","https://js.intercomcdn.com","https://widget.intercom.io","https://d2l5prqdbvm3op.cloudfront.net","https://us-assets.i.posthog.com","https://www.google.com/recaptcha/api.js"],"style-src":["'self'","'unsafe-inline'","https://cdn.jsdelivr.net","https://fonts.googleapis.com","https://rsms.me","https://maxcdn.bootstrapcdn.com"],"object-src":["'none'"],"base-uri":["'self'"],"connect-src":["'self'","https://*.budibase.app","https://*.budibaseqa.app","https://*.budibase.net","https://api-iam.intercom.io","https://api-ping.intercom.io","https://app.posthog.com","https://us.i.posthog.com","wss://nexus-websocket-a.intercom.io","wss://nexus-websocket-b.intercom.io","https://nexus-websocket-a.intercom.io","https://nexus-websocket-b.intercom.io","https://uploads.intercomcdn.com","https://uploads.intercomusercontent.com","https://*.amazonaws.com","https://*.s3.amazonaws.com","https://*.s3.us-east-2.amazonaws.com","https://*.s3.us-east-1.amazonaws.com","https://*.s3.us-west-1.amazonaws.com","https://*.s3.us-west-2.amazonaws.com","https://*.s3.af-south-1.amazonaws.com","https://*.s3.ap-east-1.amazonaws.com","https://*.s3.ap-south-1.amazonaws.com","https://*.s3.ap-northeast-2.amazonaws.com","https://*.s3.ap-southeast-1.amazonaws.com","https://*.s3.ap-southeast-2.amazonaws.com","https://*.s3.ap-northeast-1.amazonaws.com","https://*.s3.ca-central-1.amazonaws.com","https://*.s3.cn-north-1.amazonaws.com","https://*.s3.cn-northwest-1.amazonaws.com","https://*.s3.eu-central-1.amazonaws.com","https://*.s3.eu-west-1.amazonaws.com","https://*.s3.eu-west-2.amazonaws.com","https://*.s3.eu-south-1.amazonaws.com","https://*.s3.eu-west-3.amazonaws.com","https://*.s3.eu-north-1.amazonaws.com","https://*.s3.sa-east-1.amazonaws.com","https://*.s3.me-south-1.amazonaws.com","https://*.s3.us-gov-east-1.amazonaws.com","https://*.s3.us-gov-west-1.amazonaws.com","https://api.github.com","https://d2l5prqdbvm3op.cloudfront.net"],"font-src":["'self'","data:","https://cdn.jsdelivr.net","https://fonts.gstatic.com","https://rsms.me","https://maxcdn.bootstrapcdn.com","https://js.intercomcdn.com","https://fonts.intercomcdn.com"],"frame-src":["'self'","https:"],"img-src":["http:","https:","data:","blob:"],"manifest-src":["'self'"],"media-src":["'self'","https://js.intercomcdn.com","https://cdn.budi.live"],"worker-src":["blob:","'self'"]},R_=/^[A-Za-z0-9-*:/.]+$/,b_=s(async(t,e)=>{let r=C_.default.randomBytes(16).toString("base64");t.state.nonce=r;let n={...D_};n["script-src"]=[...D_["script-src"],`'nonce-${r}'`];let i={"media-src":g.CUSTOM_CSP_MEDIA_SRC,"script-src":g.CUSTOM_CSP_SCRIPT_SRC,"connect-src":g.CUSTOM_CSP_CONNECT_SRC,"img-src":g.CUSTOM_CSP_IMG_SRC,"font-src":g.CUSTOM_CSP_FONT_SRC,"frame-src":g.CUSTOM_CSP_FRAME_SRC};for(let[u,c]of Object.entries(i))if(c){let l=c.split(",").map(d=>d.trim()).filter(d=>R_.test(d));n[u]=[...n[u]||[],...l]}if(t.user?.license?.features.includes("customAppScripts")&&t.appId)try{let u=await Us.getWorkspaceMetadata(t.appId);if("name"in u)for(let c of u.scripts||[]){let l=(c.cspWhitelist||"").split(`
 `).filter(f=>R_.test(f)),d=["default-src","script-src","connect-src","media-src","img-src","font-src","frame-src"];for(let f of d)n[f]=[...n[f]||[],...l]}}catch(u){console.error(`Error occurred in Content-Security-Policy middleware: ${u}`)}let a=Object.entries(n).map(([u,c])=>`${u} ${c.join(" ")}`).join("; ");t.set("Content-Security-Policy",a),await e()},"contentSecurityPolicy");var X0=["GET","HEAD","OPTIONS"],eM=["application/x-www-form-urlencoded","multipart/form-data","text/plain"];function Cc(t={noCsrfPatterns:[]}){let e=Xt(t.noCsrfPatterns);return async(r,n)=>{if(er(r,e)||X0.indexOf(r.method)!==-1)return n();let o=r.get("content-type")?r.get("content-type").toLowerCase():"";if(!eM.filter(c=>o.includes(c)).length||r.internal)return n();let a=r.user?.csrfToken;if(!a)return n();let u=r.get("x-csrf-token");return(!u||u!==a)&&r.throw(403,"Invalid CSRF token"),n()}}s(Cc,"csrf");function x_(t){if(t.includes("-----BEGIN PRIVATE KEY-----"))return!0;for(let e of jy){let r=g[e];if(!(typeof r!="string"||r==="")&&t.includes(r))return!0}return!1}s(x_,"stringContainsSecret");async function v_(t,e){try{await e()}catch(r){let n=r.status||r.statusCode||500;t.status=n,n>=400&&n<500?console.warn(r):console.error("Got 400 response code",r);let i={message:r.message,status:n,validationErrors:r.validation,error:Gu(r)};if(x_(JSON.stringify(i))&&(i={message:"Unexpected error",status:n,error:"Unexpected error"}),g.isTest()&&t.headers["x-budibase-include-stacktrace"]){let o=r;for(;o.cause;)o=o.cause;i.stack=o.stack}t.body=i}}s(v_,"errorHandling");var P_=s(async(t,e)=>{let n=Qt(t,"budibase:featureflags")?.flags||{};await Of(n,async()=>{await e()})},"featureFlagCookie");async function bc(t,e){let r=t.request.headers["x-budibase-api-key"];return r||t.throw(403,"Unauthorized"),Array.isArray(r)&&t.throw(403,"Unauthorized"),Vs(r)||t.throw(403,"Unauthorized"),e()}s(bc,"internalApi");async function N_(t,e){return t.ip?await Tf(t.ip,()=>e()):e()}s(N_,"ip");var Uo={};P(Uo,{body:()=>tM,params:()=>rM});var Tm=B(require("joi"));function U_(t,e,r){let n=r?.errorPrefix??`Invalid ${e}`;return(i,o)=>{if(!t)return o();let a=null,u=i.request?.[e];i[e]!=null?a=i[e]:u!=null&&(a=u),t.append&&(t=t.append({createdAt:Tm.default.any().optional(),updatedAt:Tm.default.any().optional()}));let{error:c}=t.validate(a,{allowUnknown:r?.allowUnknown});if(c){let l=c.message;n&&(l=`Invalid ${e} - ${l}`),i.throw(400,l)}return o()}}s(U_,"validate");function tM(t,e){return U_(t,"body",e)}s(tM,"body");function rM(t,e){return U_(t,"params",e)}s(rM,"params");var _i={};P(_i,{authenticate:()=>sM,options:()=>iM});function Oe(t,e,r){return t(r,null,{message:e})}s(Oe,"authError");async function Nr(t,e){if(e&&e.callbackURL)return e.callbackURL;let r=await zp(),n="/api/global/auth";return Er()&&(n+=`/${$()}`),n+=`/${t}/callback`,`${r.platformUrl}${n}`}s(Nr,"ssoCallbackUrl");var Sm="Invalid credentials",nM="This account has expired. Please reset your password",iM={passReqToCallback:!0};async function sM(t,e,r,n){if(!e)return Oe(n,"Email Required");if(!r)return Oe(n,"Password Required");let i=await At(e);return i==null?(console.info(`user=${e} could not be found`),Oe(n,Sm)):i.status==="inactive"?(console.info(`user=${e} is inactive`,i),Oe(n,Sm)):i.password?await Jd(r,i.password)?(delete i.password,n(null,i)):Oe(n,Sm):(console.info(`user=${e} has no password set`,i),Oe(n,nM))}s(sM,"authenticate");var tr={};P(tr,{buildVerifyFn:()=>k_,getCallbackUrl:()=>uM,strategyFactory:()=>Am});var Lo=s(t=>Promise.resolve(t),"ssoSaveUserNoOp");async function xc(t,e=!0,r,n){if(!n)throw new Error("Save user function must be provided");if(!t.userId)return Oe(r,"sso user id required");if(!t.email)return Oe(r,"sso user email required");let i=ri(t.userId),o;try{o=await _n(i)}catch(u){if(!u.status||u.status!==404)return Oe(r,"Unexpected error when retrieving existing user",u)}if(o||(o=await At(t.email)),!o&&e)return Oe(r,"Email does not yet exist. You must set up your local budibase account first.");o||(o={_id:i,email:t.email,roles:{},tenantId:$()});let a=await oM(o,t);a.forceResetPassword=!1;try{delete a.password,a=await n(a,{hashPassword:!1,requirePassword:!1})}catch(u){return Oe(r,"Error saving user",u)}return r(null,a)}s(xc,"authenticate");async function oM(t,e){let r,n,i;if(e.profile){let o=e.profile;if(o.name){let a=o.name;a.givenName&&(r=a.givenName),a.familyName&&(n=a.familyName)}}return e.oauth2&&(i={...e.oauth2}),{...t,provider:e.provider,providerType:e.providerType,firstName:r,lastName:n,oauth2:i}}s(oM,"syncUser");var aM=require("passport-google-oauth").OAuth2Strategy;function k_(t){return(e,r,n,i)=>{let o={provider:"google",providerType:"google",userId:n.id,profile:n,email:n._json.email,oauth2:{accessToken:e,refreshToken:r}};return xc(o,!0,i,t)}}s(k_,"buildVerifyFn");async function Am(t,e,r){try{let{clientID:n,clientSecret:i}=t;if(!n||!i)throw new Error("Configuration invalid. Must contain google clientID and clientSecret");let o=k_(r);return new aM({clientID:t.clientID,clientSecret:t.clientSecret,callbackURL:e},o)}catch(n){throw new Error(`Error constructing google authentication strategy: ${n}`)}}s(Am,"strategyFactory");async function uM(t){return Nr("google",t)}s(uM,"getCallbackUrl");var rr={};P(rr,{buildVerifyFn:()=>W_,fetchStrategyConfig:()=>pM,getCallbackUrl:()=>mM,strategyFactory:()=>fM});var F_=B(require("node-fetch"));var B_=require("@govtechsg/passport-openidconnect");function W_(t){return async(e,r,n,i,o,a,u,c,l)=>{let d=cM(r,n),f=lM(r,n),h={provider:e,providerType:"oidc",userId:d.id,profile:d,email:dM(d,f),oauth2:{accessToken:a,refreshToken:u}};return xc(h,!1,l,t)}}s(W_,"buildVerifyFn");function cM(t,e){let r={...t?._json||{}};!r.email&&e.emails?.length&&(r.email=e.emails[0].value);let n=t?.displayName||e.displayName;return{id:t?.id||e.id,name:t?.name||e.name||!!n&&{givenName:n,familyName:""}||void 0,_json:r,provider:t?.provider}}s(cM,"normalizeProfile");function lM(t,e){return{email:t?._json?.email||e.emails?.[0]?.value,preferred_username:e.username}}s(lM,"buildJwtClaims");function dM(t,e){if(t._json.email)return t._json.email.toLowerCase();if(e.email)return e.email.toLowerCase();let r=e.preferred_username;if(r&&Gf(r))return r.toLowerCase();throw new Error(`Could not determine user email from profile ${JSON.stringify(t)} and claims ${JSON.stringify(e)}`)}s(dM,"getEmail");async function fM(t,e){try{let r=W_(e),n=new B_.Strategy(t,r);return n.name="oidc",n}catch(r){throw new Error(`Error constructing OIDC authentication strategy - ${r}`)}}s(fM,"strategyFactory");async function pM(t,e){try{let{clientID:r,clientSecret:n,configUrl:i,pkce:o}=t;if(!r||!n||!e||!i)throw new Error("Configuration invalid. Must contain clientID, clientSecret, callbackUrl and configUrl");let a=await(0,F_.default)(i);if(!a.ok)throw new Error(`Unexpected response when fetching openid-configuration: ${a.statusText}`);let u=await a.json();return{issuer:u.issuer,authorizationURL:u.authorization_endpoint,tokenURL:u.token_endpoint,userInfoURL:u.userinfo_endpoint,clientID:r,clientSecret:n,callbackURL:e,pkce:o}}catch(r){throw new Error(`Error constructing OIDC authentication configuration - ${r}`)}}s(pM,"fetchStrategyConfig");async function mM(){return Nr("oidc")}s(mM,"getCallbackUrl");function $_(t,e){let r=t.request.query?.query;if(t.request.method.toLowerCase()!=="get"&&t.throw(500,"Query to download middleware can only be used for get requests."),!r)return e();let n=decodeURIComponent(r),i;try{i=JSON.parse(n)}catch{return e()}return t.request.body=i,e()}s($_,"querystringToBody");function vc(t,e,r={noTenancyRequired:!1}){let n=Xt(t),i=Xt(e);return async function(o,a){let c={allowNoTenant:r.noTenancyRequired||!!er(o,i)};!!er(o,n)||(c.excludeStrategies=["query"]);let d=$s(o,c);return o.set("x-budibase-tenant-id",d),Ce(d,a)}}s(vc,"tenancy");function G_(t=[]){let e=Xt(t);return async function(r,n){if(er(r,e))return n();try{if((await ve("settings"))?.config?.active===!1){r.status=404,r.body={message:"Tenant not found"};return}}catch(i){if(i.message==="Global DB not found")return n();throw i}return n()}}s(G_,"activeTenant");async function Pc(t,e){if(t.internal||bt(t.user))return e();let r=await un(t);return r&&!ec(t.user,r)?t.throw(403,"Workspace Admin/Builder user only endpoint."):!r&&!g.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!Fe(t.user)&&t.throw(403,"Admin/Builder user only endpoint."),e()}s(Pc,"workspaceBuilderOrAdmin");var _m={};P(_m,{postAuth:()=>EM,preAuth:()=>gM});var hM=require("passport-google-oauth").OAuth2Strategy;async function V_(){let t=await Jp();if(!t)throw new Error("No google configuration found");return t}s(V_,"fetchGoogleCreds");async function gM(t,e,r){let n=await V_(),o=`${await vo({tenantAware:!1})}/api/global/auth/datasource/google/callback`,a=await Am(n,o,Lo);return e.query.appId||e.throw(400,"appId query param not present."),t.authenticate(a,{scope:["profile","email","https://www.googleapis.com/auth/spreadsheets"],accessType:"offline",prompt:"consent"})(e,r)}s(gM,"preAuth");async function EM(t,e,r){let n=await V_(),o=`${await vo({tenantAware:!1})}/api/global/auth/datasource/google/callback`,a=Qt(e,"budibase:datasourceauth");if(!a)throw new Error("Unable to fetch datasource auth cookie");return t.authenticate(new hM({clientID:n.clientID,clientSecret:n.clientSecret,callbackURL:o},(u,c,l,d)=>{Ar(e,"budibase:datasourceauth"),d(null,{accessToken:u,refreshToken:c})}),{successRedirect:"/",failureRedirect:"/error"},async(u,c)=>{let l=`/builder/workspace/${a.appId}/data`,d=ee();await Yt(`datasource:creation:${a.appId}:google:${d}`,{tokens:c}),e.redirect(`${l}/new?continue_google_setup=${d}`)})(e,r)}s(EM,"postAuth");var yM={google:_m};var q_=require("koa-passport"),TM=require("passport-local").Strategy,Nc=require("passport-oauth2-refresh"),SM=wc,AM=vc,_M=Cc,OM=q_;q_.use(new TM(_i.options,_i.authenticate));async function IM(t,e){let r=await rr.getCallbackUrl(),n,i;try{if(n=await rr.fetchStrategyConfig(t,r),!n)throw new Error("OIDC Config contents invalid");i=await rr.strategyFactory(n,Lo)}catch{throw new Error("Could not refresh OAuth Token")}return Nc.use(i,{setRefreshOAuth2(){return i._getOAuth2Client(n)}}),new Promise(o=>{Nc.requestNewAccessToken("oidc",e,(a,u,c,l)=>{o({err:a,accessToken:u,refreshToken:c,params:l})})})}s(IM,"refreshOIDCAccessToken");async function wM(t,e){let r=await tr.getCallbackUrl(t),n;try{n=await tr.strategyFactory(t,r,Lo)}catch(i){throw new Error(`Error constructing OIDC refresh strategy: message=${i.message}`)}return Nc.use(n),new Promise(i=>{Nc.requestNewAccessToken("google",e,(o,a,u,c)=>{i({err:o,accessToken:a,refreshToken:u,params:c})})})}s(wM,"refreshGoogleAccessToken");async function DM(t,e,r){switch(e){case"oidc":{if(!r)return{err:{data:"OIDC config id not provided"}};let n=await Zp(r);return n?IM(n,t):{err:{data:"OIDC configuration not found"}}}case"google":{let n=await uc();return n?wM(n,t):{err:{data:"Google configuration not found"}}}}}s(DM,"refreshOAuthToken");async function RM(t,e){let r={accessToken:e.accessToken,refreshToken:e.refreshToken};try{let n=Y(),i=await n.get(t);typeof r.refreshToken!="string"&&delete r.refreshToken,i.oauth2={...i.oauth2,...r},await n.put(i),await Co(t)}catch(n){console.error("Could not update OAuth details for current user",n)}}s(RM,"updateUserOAuth");async function CM(t){let e=t.ctx,r=t.userId,n=t.keepActiveSession;if(!e)throw new Error("Koa context must be supplied to logout.");let i=Qt(e,"budibase:auth"),o=await lo(r);i&&n?o=o.filter(u=>u.sessionId!==i.sessionId):Ar(e,"budibase:auth");let a=o.map(({sessionId:u})=>u);await Tn(r,{sessionIds:a,reason:"logout"}),await Zu.logout(e.user?.email),await Co(r)}s(CM,"platformLogout");var Dm={};P(Dm,{validate:()=>NM});var x=B(require("joi"));var bM=["Relational","Non-relational","Spreadsheet","Object store","Graph","API"];function wm(t,e){let{error:r}=t.validate(e);if(r)throw r}s(wm,"runJoi");function xM(t){let e=x.default.object({type:x.default.string().allow("component").required(),metadata:x.default.object().unknown(!0).required(),hash:x.default.string().optional(),version:x.default.string().optional(),schema:x.default.object({name:x.default.string().required(),settings:x.default.array().items(x.default.object().unknown(!0)).required()}).unknown(!0)});wm(e,t)}s(xM,"validateComponent");function vM(t){let e=x.default.object({type:x.default.string().allow(...Object.values(Bc)).required(),required:x.default.boolean().required(),default:x.default.any(),display:x.default.string()}),r=x.default.object({type:x.default.string().allow(...Object.values(Fc)),readable:x.default.boolean(),displayName:x.default.string(),fields:x.default.object().pattern(x.default.string(),e)}).required(),n=x.default.object({type:x.default.string().allow("datasource").required(),metadata:x.default.object().unknown(!0).required(),hash:x.default.string().optional(),version:x.default.string().optional(),schema:x.default.object({docs:x.default.string(),plus:x.default.boolean().optional(),isSQL:x.default.boolean().optional(),auth:x.default.object({type:x.default.string().required()}).optional(),features:x.default.object(Object.fromEntries(Object.values(Wc).map(i=>[i,x.default.boolean().optional()]))).optional(),relationships:x.default.boolean().optional(),description:x.default.string().required(),friendlyName:x.default.string().required(),type:x.default.string().allow(...bM),datasource:x.default.object().pattern(x.default.string(),e).required(),query:x.default.object().pattern(x.default.string(),r).unknown(!0).required(),extra:x.default.object().pattern(x.default.string(),x.default.object({type:x.default.string().required(),displayName:x.default.string().required(),required:x.default.boolean(),data:x.default.object()}))})});wm(n,t)}s(vM,"validateDatasource");function PM(t){let e=x.default.object().pattern(x.default.string(),{type:x.default.string().allow(...Object.values($c)).required(),customType:x.default.string().allow(...Object.values(Gc)),title:x.default.string(),description:x.default.string(),enum:x.default.array().items(x.default.string()),pretty:x.default.array().items(x.default.string())}),r=x.default.object({properties:e,required:x.default.array().items(x.default.string())}).concat(e).required(),n=x.default.object({type:x.default.string().allow("automation").required(),metadata:x.default.object().unknown(!0).required(),hash:x.default.string().optional(),version:x.default.string().optional(),schema:x.default.object({name:x.default.string().required(),tagline:x.default.string().required(),icon:x.default.string().required(),description:x.default.string().required(),type:x.default.string().allow("ACTION","LOGIC").required(),stepId:x.default.string().disallow(...Hm).required(),inputs:x.default.object().optional(),schema:x.default.object({inputs:r,outputs:r}).required()})});wm(n,t)}s(PM,"validateAutomation");function NM(t){switch(t?.type){case"component":xM(t);break;case"datasource":vM(t);break;case"automation":PM(t);break;default:throw new Error(`Unknown plugin type - check schema.json: ${t.type}`)}}s(NM,"validate");var Rm={};P(Rm,{Client:()=>De,clients:()=>Tr,locks:()=>En,utils:()=>Ka});var Cm={};P(Cm,{isBlacklisted:()=>LM,refreshBlacklist:()=>H_});var K_=B(require("dns")),Lc=B(require("net"));var Q_=require("util");var Uc,UM=(0,Q_.promisify)(K_.default.lookup);async function j_(t){return Lc.default.isIP(t)||(t.startsWith("http")||(t=`https://${t}`),t=new URL(t).hostname),(await UM(t,{all:!0})).map(r=>r.address)}s(j_,"lookup");async function H_(){let e=g.BLACKLIST_IPS?.split(",")||[],r=[];for(let n of e){let i=n.trim();if(Lc.default.isIP(i))r.push(i);else{let o=await j_(i);r=r.concat(o)}}Uc=r}s(H_,"refreshBlacklist");async function LM(t){if(Uc||await H_(),Uc?.length===0)return!1;let e;return Lc.default.isIP(t)?e=[t]:e=await j_(t),!!Uc?.find(r=>e.includes(r))}s(LM,"isBlacklisted");var xm={};P(xm,{init:()=>kM});var MM={"user:created":t=>t.userId,"user:updated":t=>t.userId,"user:deleted":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:admin:removed":t=>t.userId,"user:builder:assigned":t=>t.userId,"user:builder:removed":t=>t.userId,"user_group:created":t=>t.groupId,"user_group:updated":t=>t.groupId,"user_group:deleted":t=>t.groupId,"user_group:user_added":t=>t.groupId,"user_group:users_deleted":t=>t.groupId,"user_group:permissions_edited":t=>t.groupId,"automation:deleted":t=>t.automationId,"datasource:deleted":t=>t.datasourceId,"table:deleted":t=>t.tableId,"query:deleted":t=>t.queryId,"workspace_app:deleted":t=>t.workspaceAppId,"view:deleted":t=>t.id};function Y_(t,e){let r=MM[t];if(!r)throw new Error("Event does not have a method of document ID extraction");return r(e)}s(Y_,"getDocumentId");var Mo=class{constructor(e){this.processors=[];this.processors=e}static{s(this,"DocumentUpdateProcessor")}async processEvent(e,r,n){let i=r.realTenantId,o=Y_(e,n);if(!(!i||!o))for(let{events:a,processor:u}of this.processors)a.includes(e)&&await Ce(i,async()=>{await u({id:o,tenantId:i,appId:n.appId,properties:n})})}shutdown(){return oA()}};var z_,bm;function kM(t){Tt||Hu(),bm||(bm=new Mo(t)),z_||(z_=Tt.process(async e=>{let{event:r,identity:n,properties:i}=e.data;await bm.processEvent(r,n,i)}))}s(kM,"init");var Bm={};P(Bm,{COUNT_FIELD_NAME:()=>km,Sql:()=>iO,SqlTable:()=>Mc,designDoc:()=>Fm,utils:()=>ff});var eO=require("knex");var FM=require("knex");function vm(t){return["link","formula","ai"].indexOf(t)!==-1}s(vm,"isIgnoredType");function J_(t,e,r,n,i){let o=e&&e.primary?e.primary:[],a=Object.values(e.schema),u=a.filter(h=>h.meta),c=u.length===a.length,l=[];n||(c?t.primary(u.map(h=>h.name)):o.length===1?(t.increments(o[0]).primary(),l.push(o[0])):t.primary(o));let d=Object.values(e.schema).map(h=>h.foreignKey);for(let[h,p]of Object.entries(e.schema)){let S=n?.schema[h];if(S&&S.type||l.includes(h)||i?.updated===h)continue;let m=p.type;switch(m){case"string":case"options":case"longform":case"barcodeqr":case"bb_reference_single":o.includes(h)?t.string(h,255):t.text(h);break;case"number":if(p.meta&&p.meta.toKey&&p.meta.toTable){let{toKey:E,toTable:y}=p.meta;t.integer(h).unsigned(),t.foreign(h).references(`${y}.${E}`)}else d.indexOf(h)===-1&&t.float(h);break;case"bigint":t.bigint(h);break;case"boolean":t.boolean(h);break;case"datetime":p.timeOnly?t.time(h):t.datetime(h,{useTz:!p.ignoreTimezones});break;case"array":case"bb_reference":Le.schema.isDeprecatedSingleUserColumn(p)?t.text(h):t.json(h);break;case"link":if(p.relationshipType!=="many-to-one"&&p.relationshipType!=="many-to-many"){if(!p.foreignKey||!p.tableId)throw new Error("Invalid relationship schema");let{tableName:E}=af(p.tableId),y=r[E];if(!y||!y.primary)throw new Error("Referenced table doesn't exist or has no primary keys");let I=y.primary[0],_=y.schema[I].externalType;_?t.specificType(p.foreignKey,_):t.integer(p.foreignKey).unsigned(),t.foreign(p.foreignKey).references(`${E}.${I}`)}break;case"signature_single":case"attachment":case"attachment_single":t.json(h);break;case"formula":break;case"ai":break;case"auto":case"json":case"internal":throw new Error(`${p.type} is not a valid SQL type`);default:_t.unreachable(m)}}let f=i?n?.schema[i.old].type:void 0;return i&&f&&!vm(f)&&t.renameColumn(i.old,i.updated),n&&Object.entries(n.schema).filter(([p,S])=>!vm(S.type)&&e.schema[p]==null).forEach(([p,S])=>{i?.old===p||vm(S.type)||(n.constrained&&n.constrained.indexOf(p)!==-1&&t.dropForeign(p),t.dropColumn(p))}),t}s(J_,"generateSchema");function WM(t,e,r){return t.createTable(e.name,n=>{J_(n,e,r)})}s(WM,"buildCreateTable");function $M(t,e,r,n,i){return t.alterTable(e.name,o=>{J_(o,e,r,n,i)})}s($M,"buildUpdateTable");function GM(t,e){return t.dropTable(e.name)}s(GM,"buildDeleteTable");var Pm=class{static{s(this,"SqlTableQueryBuilder")}constructor(e){this.sqlClient=e}getBaseSqlClient(){return this.sqlClient}getSqlClient(){return this.extendedSqlClient||this.sqlClient}setExtendedSqlClient(e){this.extendedSqlClient=e}_operation(e){return e.operation}_tableQuery(e){let r=(0,FM.knex)({client:this.sqlClient}).schema;e?.schema&&(r=r.withSchema(e.schema));let n;if(!e.table||!e.tables)throw new Error("Cannot execute without table being specified");if(e.table.sourceType==="internal")throw new Error("Cannot perform table actions for SQS.");switch(this._operation(e)){case"CREATE_TABLE":n=WM(r,e.table,e.tables);break;case"UPDATE_TABLE":if(!e.table)throw new Error("Must specify old table for update");if(this.sqlClient==="mysql2"&&e.meta?.renamed){let i=e.meta.renamed.updated;return{sql:`alter table ${e?.schema?`\`${e.schema}\`.\`${e.table.name}\``:`\`${e.table.name}\``} rename column \`${e.meta.renamed.old}\` to \`${i}\`;`,bindings:[]}}if(n=$M(r,e.table,e.tables,e.meta?.oldTable,e.meta?.renamed),this.sqlClient==="mssql"&&e.meta?.renamed){let i=e.meta.renamed.old,o=e.meta.renamed.updated,a=e?.schema?`${e.schema}.${e.table.name}`:`${e.table.name}`,u=Jn(n);if(Array.isArray(u))for(let c of u)c.sql.startsWith("exec sp_rename")&&(c.sql=`exec sp_rename '${a}.${i}', '${o}', 'COLUMN'`,c.bindings=[]);return u}break;case"DELETE_TABLE":n=GM(r,e.table);break;default:throw new Error("Table operation is of unknown type")}return Jn(n)}},Mc=Pm;var tO=require("lodash");var km="__bb_total";function Z_(){return(g.SQL_MAX_ROWS?parseInt(g.SQL_MAX_ROWS):null)||5e3}s(Z_,"getBaseLimit");function Nm(){return(g.SQL_MAX_RELATED_ROWS?parseInt(g.SQL_MAX_RELATED_ROWS):null)||500}s(Nm,"getRelationshipLimit");function VM(t,e){return t.sort((r,n)=>{let i=e.find(a=>a&&r.endsWith(a)),o=e.find(a=>a&&n.endsWith(a));return i&&!o?-1:!i&&o?1:r.localeCompare(n)})}s(VM,"prioritisedArraySort");function rO(t){return Array.isArray(t)?t.map(e=>rO(e)):(t.bindings&&(t.bindings=t.bindings.map(e=>typeof e=="boolean"?e?1:0:e)),t)}s(rO,"convertBooleans");function X_(t){return t.sourceType==="internal"||t.sourceId===Kc}s(X_,"isSqs");function qM(t,e='"'){return t.replace(new RegExp(e,"g"),`${e}${e}`)}s(qM,"escapeQuotes");function KM(t,e='"'){return`${e}${qM(t,e)}${e}`}s(KM,"wrap");function QM(t,e='"'){for(let r in t)typeof t[r]=="string"&&(t[r]=KM(t[r],e));return`[${t.join(",")}]`}s(QM,"stringifyArray");function Um(t){return`{${(Array.isArray(t)?t:t==null?[]:[t]).map(n=>{if(typeof n=="string"&&n.length>1){let i=n[0],o=n[n.length-1];if(i==='"'&&o==='"'||i==="'"&&o==="'")return n.substring(1,n.length-1)}return`${n}`}).join(",")}}`}s(Um,"toPgArrayLiteral");function nO(t){return zm.includes(t.type)&&!Le.schema.isDeprecatedSingleUserColumn(t)}s(nO,"isJsonColumn");var jM={equal:!1,notEqual:!0,empty:!1,notEmpty:!0,fuzzy:!1,string:!1,range:!1,contains:!1,notContains:!0,containsAny:!1,oneOf:!1,$and:!1,$or:!1},Lm=class{constructor(e,r,n){this.SPECIAL_SELECT_CASES={POSTGRES_ARRAY:e=>this.client==="pg"&&e?.externalType?.toLowerCase()==="array",POSTGRES_MONEY:e=>this.client==="pg"&&e?.externalType?.includes("money"),POSTGRES_ENUM:e=>this.client==="pg"&&e?.externalType?.toLowerCase()==="user-defined"&&e?.type==="options",MSSQL_DATES:e=>this.client==="mssql"&&e?.type==="datetime"&&e.timeOnly};this.client=e,this.query=n,this.knex=r,this.splitter=new mr.ColumnSplitter([this.table],{aliases:this.query.tableAliases,columnPrefix:this.query.meta?.columnPrefix})}static{s(this,"InternalBuilder")}get table(){return this.query.table}get knexClient(){return this.knex.client}getFieldSchema(e){let{column:r}=this.splitter.run(e);return this.table.schema[r]}requiresJsonAsStringClient(){return["mssql","mysql2","mariadb","oracledb"].includes(this.client)}quoteChars(){let e=this.knexClient.wrapIdentifier("foo",{});return[e[0],e[e.length-1]]}quote(e){return this.knexClient.wrapIdentifier(e,{})}isQuoted(e){let[r,n]=this.quoteChars();return e.startsWith(r)&&e.endsWith(n)}quotedIdentifier(e){return Array.isArray(e)||(e=this.splitIdentifier(e)),e.map(r=>this.quote(r)).join(".")}castIntToString(e){switch(this.client){case"oracledb":return this.knex.raw("to_char(??)",[e]);case"pg":return this.knex.raw("??::TEXT",[e]);case"mysql2":case"mariadb":return this.knex.raw("CAST(?? AS CHAR)",[e]);case"sqlite3":return this.knex.raw("printf('%d', ??)",[e]);case"mssql":return this.knex.raw("CONVERT(NVARCHAR, ??)",[e])}}rawQuotedIdentifier(e){return this.knex.raw(this.quotedIdentifier(e))}splitIdentifier(e){let[r,n]=this.quoteChars();return this.isQuoted(e)?e.slice(1,-1).split(`${n}.${r}`):e.split(".")}qualifyIdentifier(e){let r=this.getTableName(),n=this.splitIdentifier(e);return n[0]!==r&&n.unshift(r),this.isQuoted(e)?this.quotedIdentifier(n):n.join(".")}generateSelectStatement(){let{table:e,resource:r}=this.query;if(!r||!r.fields||r.fields.length===0)return"*";let n=this.getTableName(e),i=this.table.schema;return r.fields.map(a=>{let u=a.split(/\./g),c,l=u[0];return u.length>1&&(c=u[0],l=u.slice(1).join(".")),{table:c,column:l,field:a}}).filter(({table:a})=>!a||a===n).map(({table:a,column:u,field:c})=>{let l=i[u];return this.SPECIAL_SELECT_CASES.POSTGRES_MONEY(l)?this.knex.raw("??::money::numeric as ??",[this.rawQuotedIdentifier([a,u].join(".")),this.knex.raw(this.quote(c))]):this.SPECIAL_SELECT_CASES.MSSQL_DATES(l)?this.knex.raw("CONVERT(varchar, ??, 108) as ??",[this.rawQuotedIdentifier(c),this.knex.raw(this.quote(c))]):a?this.rawQuotedIdentifier(`${a}.${u}`):this.rawQuotedIdentifier(c)})}convertClobs(e,r){if(this.client!=="oracledb")throw new Error("you've called convertClobs on a DB that's not Oracle, this is a mistake");let i=this.splitIdentifier(e).pop(),o=this.table.schema[i],a=this.rawQuotedIdentifier(e);return(o.type==="string"||o.type==="longform"||o.type==="bb_reference_single"||o.type==="bb_reference"||o.type==="options"||o.type==="barcodeqr")&&(r?.forSelect?a=this.knex.raw("to_char(??) as ??",[a,this.rawQuotedIdentifier(i)]):a=this.knex.raw("to_char(??)",[a])),a}parse(e,r){if(Array.isArray(e))return JSON.stringify(e);if(e==null)return null;if(this.requiresJsonAsStringClient()&&nO(r)&&typeof e=="object")return JSON.stringify(e);if(this.SPECIAL_SELECT_CASES.POSTGRES_ARRAY(r))return`{${e}}`;if(this.client==="oracledb"&&r.type==="datetime"&&r.timeOnly){if(e instanceof Date){let n=e.getHours().toString().padStart(2,"0"),i=e.getMinutes().toString().padStart(2,"0"),o=e.getSeconds().toString().padStart(2,"0");return`${n}:${i}:${o}`}if(typeof e=="string")return new Date(`1970-01-01T${e}Z`)}if(typeof e=="string"&&r.type==="datetime")if(r.timeOnly){if(!lf(e))return null}else if(r.dateOnly){let n=cf(e);return n?new Date(n):null}else return r.ignoreTimezones?za(e)?new Date(e):uf(e)?new Date(e+"Z"):null:za(e)?new Date(e.trim()):null;return e}parseBody(e){for(let[r,n]of Object.entries(e)){let{column:i}=this.splitter.run(r),o=this.table.schema[i];o&&(e[r]=this.parse(n,o))}return e}parseFilters(e){e=(0,tO.cloneDeep)(e);for(let r of Object.values(Mr)){let n=e[r];if(n)for(let i of Object.keys(n)){if(Array.isArray(n[i])){n[i]=JSON.stringify(n[i]);continue}let{column:o}=this.splitter.run(i),a=this.table.schema[o];a&&(n[i]=this.parse(n[i],a))}}for(let r of Object.values(ir)){let n=e[r];if(n)for(let i of Object.keys(n)){let{column:o}=this.splitter.run(i),a=this.table.schema[o];a&&(n[i]=n[i].map(u=>this.parse(u,a)))}}for(let r of Object.values(Rn)){let n=e[r];if(n)for(let i of Object.keys(n)){let{column:o}=this.splitter.run(i),a=this.table.schema[o];if(!a)continue;let u=n[i];"low"in u&&(u.low=this.parse(u.low,a)),"high"in u&&(u.high=this.parse(u.high,a))}}return e}addJoinFieldCheck(e,r){let n=r.from?.split(".")[0]||"";return e.andWhere(`${n}.fieldName`,"=",r.column)}addRelationshipForFilter(e,r,n,i,o){let{relationships:a,schema:u,tableAliases:c,table:l}=this.query,d=c?.[l.name]||l.name,f=s(h=>n.match(new RegExp(`^${h}\\.`)),"matches");if(!a)return e;for(let h of a){let p=h.tableName,S=c?.[p]||p,m=f(p)||f(S),E=f(h.column),y=h.column===this.splitter.run(n).column&&!this.splitter.run(n).tableName;if((m||E||y)&&h.to&&h.tableName){let I=this.knex.select(this.knex.raw(1)).from({[S]:p}),_=I.clone(),D=df(h),T;if(m?T=n:T=n.replace(new RegExp(`^${h.column}.`),`${c?.[h.tableName]||h.tableName}.`),D){let O=c?.[D.through]||h.through,U=this.tableNameWithSchema(D.through,{alias:O,schema:u});_=_.innerJoin(U,function(){this.on(`${S}.${D.toPrimary}`,"=",`${O}.${D.to}`)}).where(`${O}.${D.from}`,"=",this.rawQuotedIdentifier(`${d}.${D.fromPrimary}`)),this.client==="sqlite3"&&(_=this.addJoinFieldCheck(_,D)),y&&i==="empty"?e=e.whereNotExists(_):y&&i==="notEmpty"?e=e.whereExists(_):e=e.where(R=>{R.whereExists(o(T,_)),r&&R.orWhereNotExists(I.clone().innerJoin(U,function(){this.on(`${d}.${D.fromPrimary}`,"=",`${O}.${D.from}`)}))})}else{let O=`${S}.${h.to}`,U=`${d}.${h.from}`;_=_.where(O,"=",this.rawQuotedIdentifier(U)),y&&i==="empty"?e=e.whereNotExists(_):y&&i==="notEmpty"?e=e.whereExists(_):e=e.where(R=>{R.whereExists(o(T,_.clone())),r&&R.orWhereNotExists(_)})}}}return e}addFilters(e,r,n){if(!r)return e;let i=this;r=this.parseFilters({...r});let o=this.query.tableAliases,a=r.allOr,c=this.client==="sqlite3"?this.table._id:this.table.name;function l(m){return o?.[m]||m}s(l,"getTableAlias");function d(m,E,y,I){let _=s((D,T,O)=>{let[U,...R]=T.split("."),k=R.join("."),H=l(U);return D.andWhere(Ie=>y(Ie,H?`${H}.${k}`:k,O))},"handleRelationship");for(let D in m){let T=m[D],O=Ws(D),U=O.includes(".")||i.getFieldSchema(O)?.type==="link",R=n?.relationship&&U,k;if(D==="_complexIdOperator"&&(k=m[D])&&I){let H=l(c);e=I(e,k.id.map(Ie=>H?`${H}.${Ie}`:Ie),k.values)}else if(U)R&&(a&&(e=e.or),e=i.addRelationshipForFilter(e,jM[E],O,E,(H,Ie)=>_(Ie,H,T)));else{let H=l(c);e=y(e,H?`${H}.${O}`:O,T)}}}s(d,"iterate");let f=this.client==="sqlite3"&&this.query.meta?.sqliteUseLikeWithoutLower,h=s((m,E,y)=>((r?.fuzzyOr||a)&&(m=m.or),f?m.whereRaw("?? LIKE ?",[this.rawQuotedIdentifier(E),`%${y}%`]):this.client==="oracledb"||this.client==="sqlite3"?m.whereRaw("LOWER(??) LIKE ?",[this.rawQuotedIdentifier(E),`%${y.toLowerCase()}%`]):m.whereILike(this.rawQuotedIdentifier(E),this.knex.raw("?",[`%${y}%`]))),"like"),p=s((m,E=!1)=>{function y(I){return(a||m===r?.containsAny)&&(I=I.or),m===r?.notContains&&(I=I.not),I}s(y,"addModifiers"),this.client==="pg"?d(m,"contains",(I,_,D)=>{I=y(I);let T=this.getFieldSchema(_),O=this.rawQuotedIdentifier(_),U=Array.isArray(D)?[...D]:[D],R=this.SPECIAL_SELECT_CASES.POSTGRES_ARRAY(T);return E?R?I.whereRaw("COALESCE(?? && ?::text[], FALSE)",[O,Um(U)]):I.whereRaw("COALESCE(??::jsonb \\?| ?::text[], FALSE)",[O,Um(U)]):R?I.whereRaw("COALESCE(?? @> ?::text[], FALSE)",[O,Um(U)]):I.whereRaw("COALESCE(??::jsonb @> ?::jsonb, FALSE)",[O,QM(U)])}):this.client==="mysql2"||this.client==="mariadb"?d(m,"contains",(I,_,D)=>{let T=Array.isArray(D)?D:[D];return y(I).whereRaw("COALESCE(?(??, ?), FALSE)",[this.knex.raw(E?"JSON_OVERLAPS":"JSON_CONTAINS"),this.rawQuotedIdentifier(_),JSON.stringify(T)])}):d(m,"contains",(I,_,D)=>(D.length===0||(I=I.where(T=>(m===r?.notContains&&(T=T.not),T=T.where(O=>{for(let U of D){m===r?.containsAny?O=O.or:O=O.and;let R=!f,k=typeof U=="string"?`"${R?U.toLowerCase():U}"`:U,H=R?"COALESCE(LOWER(??), '')":"COALESCE(??, '')";O=O.whereLike(this.knex.raw(H,[this.rawQuotedIdentifier(_)]),`%${k}%`)}}),m===r?.notContains&&(T=T.or.whereNull(this.rawQuotedIdentifier(_))),T))),I))},"contains");if(r.$and){let{$and:m}=r;for(let E of m.conditions)e=e.where(y=>{this.addFilters(y,E,n)})}if(r.$or){let{$or:m}=r;e=e.where(E=>{for(let y of m.conditions)E.orWhere(I=>this.addFilters(I,{...y,allOr:!0},n))})}r.oneOf&&d(r.oneOf,"oneOf",(m,E,y)=>{let I=this.getFieldSchema(E),_=Array.isArray(y)?y:[y];if(a&&(m=m.or),this.client==="oracledb")E=this.convertClobs(E);else if(this.client==="sqlite3"&&I?.type==="datetime"&&I.dateOnly){for(let D of _)D!=null?m=m.or.whereLike(E,`${D.toISOString().slice(0,10)}%`):m=m.or.whereNull(E);return m}return m.whereIn(E,_)},(m,E,y)=>(a&&(m=m.or),this.client==="oracledb"&&(E=E.map(I=>this.convertClobs(I))),m.whereIn(E,Array.isArray(y)?y:[y]))),r.string&&d(r.string,"string",(m,E,y)=>{if(a&&(m=m.or),f)return m.whereRaw("?? LIKE ?",[this.rawQuotedIdentifier(E),`${y}%`]);if(this.client==="oracledb"||this.client==="sqlite3")return m.whereRaw("LOWER(??) LIKE ?",[this.rawQuotedIdentifier(E),`${y.toLowerCase()}%`]);{let I=this.getFieldSchema(E);return this.SPECIAL_SELECT_CASES.POSTGRES_ENUM(I)?m.whereRaw("??::text ilike ?",[this.knex.raw(this.quote(I.name)),`${y}%`]):m.whereILike(E,`${y}%`)}}),r.fuzzy&&d(r.fuzzy,"fuzzy",h),r.range&&d(r.range,"range",(m,E,y)=>{let I=s(k=>k&&Object.keys(k).length===0&&Object.getPrototypeOf(k)===Object.prototype,"isEmptyObject");I(y.low)&&(y.low=""),I(y.high)&&(y.high="");let _=Ja(y.low),D=Ja(y.high),T=this.getFieldSchema(E),O=E,U=y.high,R=y.low;return this.client==="sqlite3"&&T?.type==="datetime"&&T.dateOnly&&(U!=null&&(U=`${U.toISOString().slice(0,10)}T23:59:59.999Z`),R!=null&&(R=R.toISOString().slice(0,10))),this.client==="oracledb"?O=this.convertClobs(E):this.client==="sqlite3"&&T?.type==="bigint"&&(O=this.knex.raw("CAST(?? AS INTEGER)",[this.rawQuotedIdentifier(E)]),U=this.knex.raw("CAST(? AS INTEGER)",[y.high]),R=this.knex.raw("CAST(? AS INTEGER)",[y.low])),a&&(m=m.or),_&&D?m.whereBetween(O,[R,U]):_?m.where(O,">=",R):D?m.where(O,"<=",U):m}),r.equal&&d(r.equal,"equal",(m,E,y)=>{let I=this.getFieldSchema(E);if(a&&(m=m.or),this.client==="mssql")return m.whereRaw("CASE WHEN ?? = ? THEN 1 ELSE 0 END = 1",[this.rawQuotedIdentifier(E),y]);if(this.client==="oracledb"){let _=this.convertClobs(E);return m.where(D=>D.whereNotNull(_).andWhere(_,y))}else return this.client==="sqlite3"&&I?.type==="datetime"&&I.dateOnly?y!=null?m.whereLike(E,`${y.toISOString().slice(0,10)}%`):m.whereNull(E):m.whereRaw("COALESCE(?? = ?, FALSE)",[this.rawQuotedIdentifier(E),y])}),r.notEqual&&d(r.notEqual,"notEqual",(m,E,y)=>{let I=this.getFieldSchema(E);if(a&&(m=m.or),this.client==="mssql")return m.whereRaw("CASE WHEN ?? = ? THEN 1 ELSE 0 END = 0",[this.rawQuotedIdentifier(E),y]);if(this.client==="oracledb"){let _=this.convertClobs(E);return m.where(D=>D.not.whereNull(_).and.where(_,"!=",y)).or.whereNull(_)}else return this.client==="sqlite3"&&I?.type==="datetime"&&I.dateOnly?y!=null?m.not.whereLike(E,`${y.toISOString().slice(0,10)}%`).or.whereNull(E):m.not.whereNull(E):m.whereRaw("COALESCE(?? != ?, TRUE)",[this.rawQuotedIdentifier(E),y])}),r.empty&&d(r.empty,"empty",(m,E)=>(a&&(m=m.or),m.whereNull(E))),r.notEmpty&&d(r.notEmpty,"notEmpty",(m,E)=>(a&&(m=m.or),m.whereNotNull(E))),r.contains&&p(r.contains),r.notContains&&p(r.notContains),r.containsAny&&p(r.containsAny,!0);let S=o?.[this.table._id]||this.table._id;return r.documentType&&!of(this.table)&&S&&e.andWhereLike(`${S}._id`,`${sr(r.documentType)}%`),e}isSqs(){return X_(this.table)}getTableName(e){e||(e=this.table);let r=e.name;X_(e)&&e._id&&(r=e._id);let n=this.query.tableAliases||{};return n[r]?n[r]:r}addDistinctCount(e){if(!this.table.primary)throw new Error("SQL counting requires primary key to be supplied");return e.countDistinct(`${this.getTableName()}.${this.table.primary[0]} as ${km}`)}addAggregations(e,r){let n=this.query.resource?.fields||[],i=this.getTableName();if(n.length>0){let o=n.map(a=>this.qualifyIdentifier(a));if(this.client==="oracledb"){let a=o.map(c=>this.convertClobs(c)),u=o.map(c=>this.convertClobs(c,{forSelect:!0}));e=e.groupBy(a).select(u)}else e=e.groupBy(o).select(o)}for(let o of r){let a=o.calculationType;if(a==="count")if("distinct"in o&&o.distinct)if(this.client==="oracledb"){let u=this.convertClobs(`${i}.${o.field}`);e=e.select(this.knex.raw("COUNT(DISTINCT ??) as ??",[u,o.name]))}else e=e.countDistinct(`${i}.${o.field} as ${o.name}`);else if(this.client==="oracledb"){let u=this.convertClobs(`${i}.${o.field}`);e=e.select(this.knex.raw("COUNT(??) as ??",[u,o.name]))}else e=e.count(`${o.field} as ${o.name}`);else{let u=this.getFieldSchema(o.field);if(!u)throw new Error(`field schema missing for aggregation target: ${o.field}`);let c=this.knex.raw("??(??)",[this.knex.raw(a),this.rawQuotedIdentifier(`${i}.${o.field}`)]);u.type==="bigint"&&(c=this.castIntToString(c)),e=e.select(this.knex.raw("?? as ??",[c,o.name]))}}return e}isAggregateField(e){return!!this.query.resource?.aggregations?.find(n=>n.name===e)}addSorting(e){let{sort:r,resource:n}=this.query,i=this.table.primary,o=this.getTableName();if(!Array.isArray(i))throw new Error("Sorting requires primary key to be specified for table");if(r&&Object.keys(r||{}).length>0)for(let[u,c]of Object.entries(r)){let l=this.getFieldSchema(u);if(this.isUnsortableField(l))continue;let d=c.direction==="ascending"?"asc":"desc",f;(this.client==="pg"||this.client==="oracledb")&&(f=c.direction==="ascending"?"first":"last");let h=`${o}.${u}`,p;this.isAggregateField(u)?p=this.rawQuotedIdentifier(u):this.client==="oracledb"?p=this.convertClobs(h):p=this.rawQuotedIdentifier(h),e=e.orderByRaw(`?? ?? ${f?"nulls ??":""}`,[p,this.knex.raw(d),...f?[this.knex.raw(f)]:[]])}if(!((n?.aggregations?.length??0)>0)){let u=this.findSortablePrimaryKey(i);if(u&&(!r||r[u]===void 0))e=e.orderBy(`${o}.${u}`);else if(!u&&(!r||Object.keys(r).length===0))throw new Error(`Primary key not found for table ${this.table.name}`)}return e}isUnsortableField(e){return e?.type==="json"}findSortablePrimaryKey(e){return e.find(r=>{if(r==null)return!1;let n=this.getFieldSchema(r);return!this.isUnsortableField(n)})}tableNameWithSchema(e,r){let n=r?.schema?`${r.schema}.${e}`:e;return r?.alias&&(n+=` as ${r.alias}`),n}buildJsonField(e,r){let n=r.split("."),i=n[n.length-1],o,a;if(n.length>1){let l=n.shift();o=n.join("."),a=`${l}.${o}`}else o=n.join("."),a=o;this.query.meta?.columnPrefix&&(i=i.replace(this.query.meta.columnPrefix,""));let u=this.rawQuotedIdentifier(a),c=e.schema[i];return c&&c.type==="bigint"&&(u=this.castIntToString(u)),[o,u]}maxFunctionParameters(){switch(this.client){case"sqlite3":return 127;case"pg":return 100;default:return 200}}addJsonRelationships(e,r,n){let i=this.client,o=this.knex,{resource:a,tableAliases:u,schema:c,tables:l}=this.query,d=a?.fields||[];for(let f of n){let{tableName:h,through:p,to:S,from:m,fromPrimary:E,toPrimary:y}=f;if(!h||!r)continue;let I=l[h];if(!I)throw new Error(`related table "${h}" not found in datasource`);let _=u?.[h]||h,D=u?.[r]||r,T=p&&u?.[p]||p,O=this.tableNameWithSchema(h,{alias:_,schema:c}),U=[...I?.primary||[],I?.primaryDisplay].filter(w=>w),R=VM(d.filter(w=>w.split(".")[0]===_),U);R=R.slice(0,Math.floor(this.maxFunctionParameters()/2));let k=R.map(w=>this.buildJsonField(I,w));if(!k.length)continue;let H=k.map(w=>{let J=this.client==="oracledb"?" VALUE ":",";return this.knex.raw(`?${J}??`,[w[0],w[1]]).toString()}).join(","),Ie=`${_}.${y||S}`,W=o.from(O).orderBy(Ie),F=p&&y&&E,N=F?`${T}.${m}`:`${_}.${S}`,G=F?`${D}.${E}`:`${D}.${m}`;if(F){let w=this.tableNameWithSchema(p,{alias:T,schema:c});W=W.join(w,function(){this.on(`${_}.${y}`,"=",`${T}.${S}`)})}W=W.where(this.rawQuotedIdentifier(N),"=",this.rawQuotedIdentifier(G));let M=s(w=>(W=W.select(R.map(J=>this.rawQuotedIdentifier(J))).limit(Nm()),o.select(w).from({[_]:W})),"standardWrap"),K;switch(i){case"sqlite3":W=this.addJoinFieldCheck(W,f),K=M(this.knex.raw(`json_group_array(json_object(${H}))`));break;case"pg":K=M(this.knex.raw(`json_agg(json_build_object(${H}))`));break;case"mariadb":K=W.select(o.raw(`json_arrayagg(json_object(${H}) LIMIT ${Nm()})`));break;case"mysql2":case"oracledb":K=M(this.knex.raw(`json_arrayagg(json_object(${H}))`));break;case"mssql":{let w=o.select("*").from({[D]:W.select(k.map(J=>o.ref(J[1]).as(J[0]))).limit(Nm())});K=o.raw(`(SELECT ?? = (${w} FOR JSON PATH))`,[this.rawQuotedIdentifier(_)]);break}default:throw new Error(`JSON relationships not implement for ${i}`)}e=e.select({[f.column]:K})}return e}addJoin(e,r,n){let{tableAliases:i,schema:o}=this.query,a=r.to,u=r.from,c=r.through,l=i?.[a]||a,d=c&&i?.[c]||c,f=i?.[u]||u,h=this.tableNameWithSchema(a,{alias:l,schema:o}),p=c?this.tableNameWithSchema(c,{alias:d,schema:o}):void 0;return c?e=e.leftJoin(p,function(){for(let S of n){let m=S.fromPrimary,E=S.from;this.orOn(`${f}.${m}`,"=",`${d}.${E}`)}}).leftJoin(h,function(){for(let S of n){let m=S.toPrimary,E=S.to;this.orOn(`${l}.${m}`,`${d}.${E}`)}}):e=e.leftJoin(h,function(){for(let S of n){let m=S.from,E=S.to;this.orOn(`${f}.${m}`,"=",`${l}.${E}`)}}),e}qualifiedKnex(e){let r=this.query.tableAliases?.[this.query.table.name];return e?.alias===!1?r=void 0:typeof e?.alias=="string"&&(r=e.alias),this.knex(this.tableNameWithSchema(this.query.table.name,{alias:r,schema:this.query.schema}))}create(e){let{body:r}=this.query;if(!r)throw new Error("Cannot create without row body");let n=this.qualifiedKnex({alias:!1}),i=this.parseBody(r);if(this.client==="oracledb")for(let[o,a]of Object.entries(this.query.table.schema)){if(a.constraints?.presence===!0||a.type==="formula"||a.type==="auto"||a.type==="link"||a.type==="ai")continue;i[o]==null&&(i[o]=null)}else for(let[o,a]of Object.entries(i))a==null&&delete i[o];return e.disableReturning?n.insert(i):n.insert(i).returning("*")}bulkCreate(){let{body:e}=this.query,r=this.qualifiedKnex({alias:!1});if(!Array.isArray(e))return r;let n=e.map(i=>this.parseBody(i));return r.insert(n)}bulkUpsert(){let{body:e}=this.query,r=this.qualifiedKnex({alias:!1});if(!Array.isArray(e))return r;let n=e.map(i=>this.parseBody(i));if(this.client==="pg"||this.client==="sqlite3"||this.client==="mysql2"||this.client==="mariadb"){let i=this.table.primary;if(!i)throw new Error("Primary key is required for upsert");return r.insert(n).onConflict(i).merge()}else if(this.client==="mssql"||this.client==="oracledb")return r.insert(n);return r.upsert(n)}read(e={}){let{operation:r,filters:n,paginate:i,relationships:o,table:a}=this.query,{limits:u}=e,c=this.qualifiedKnex(),l=null,d=u?.query||u?.base;if(i&&i.page&&i.limit){let p=(i.page<=1?0:i.page-1)*i.limit;d=i.limit,l=p}else i&&i.offset&&i.limit?(d=i.limit,l=i.offset):i&&i.limit&&(d=i.limit);r!=="COUNT"&&(d!=null&&(c=c.limit(d)),l!=null&&(c=c.offset(l)));let f=this.query.resource?.aggregations||[];if(r==="COUNT"?c=this.addDistinctCount(c):f.length>0?c=this.addAggregations(c,f):c=c.select(this.generateSelectStatement()),r!=="COUNT"&&(c=this.addSorting(c)),c=this.addFilters(c,n,{relationship:!0}),o?.length&&f.length===0){let h=this.query.tableAliases?.[a.name]||a.name,p=this.addSorting(this.knex.with("paginated",c.clone().clearSelect().select("*")).select(this.generateSelectStatement()).from({[h]:"paginated"}));return this.addJsonRelationships(p,a.name,o)}return c}update(e){let{body:r,filters:n}=this.query;if(!r)throw new Error("Cannot update without row body");let i=this.qualifiedKnex(),o=this.parseBody(r);return i=this.addFilters(i,n,{relationship:!0}),e.disableReturning?i.update(o):i.update(o).returning("*")}delete(e){let{filters:r}=this.query,n=this.qualifiedKnex();return n=this.addFilters(n,r,{relationship:!0}),e.disableReturning?n.delete():n.delete().returning(this.generateSelectStatement())}},Mm=class extends Mc{constructor(r,n=Z_()){super(r);this.limit=n}static{s(this,"SqlQueryBuilder")}convertToNative(r,n={}){let i=this.getSqlClient();if(n?.disableBindings)return{sql:r.toString()};{let o=Jn(r);return i==="sqlite3"&&(o=rO(o)),o}}_query(r,n={}){let i=this.getSqlClient(),o={client:this.getBaseSqlClient()};(i==="sqlite3"||i==="oracledb")&&(o.useNullAsDefault=!0);let a=(0,eO.knex)(o),u,c=new Lm(i,a,r);switch(this._operation(r)){case"CREATE":u=c.create(n);break;case"READ":u=c.read({limits:{query:this.limit,base:Z_()}});break;case"COUNT":u=c.read();break;case"UPDATE":u=c.update(n);break;case"DELETE":u=c.delete(n);break;case"BULK_CREATE":u=c.bulkCreate();break;case"BULK_UPSERT":u=c.bulkUpsert();break;case"CREATE_TABLE":case"UPDATE_TABLE":case"DELETE_TABLE":return this._tableQuery(r);default:throw"Operation type is not supported by SQL query builder"}return this.convertToNative(u,n)}async getReturningRow(r,n){if(!n.extra||!n.extra.idFilter)return{};let i=this._query({operation:"READ",datasource:n.datasource,schema:n.schema,table:n.table,tables:n.tables,resource:{fields:[]},filters:n.extra?.idFilter,paginate:{limit:1}});return r(i,"READ")}checkLookupKeys(r,n){if(!r||!n.table.primary)return n;let i=n.table.primary[0];return n.extra={idFilter:{equal:{[i]:r}}},n}async queryWithReturning(r,n,i=o=>o){let o=this.getSqlClient(),a=this._operation(r),u=this._query(r,{disableReturning:!0});if(Array.isArray(u)){let f=[];for(let h of u)f.push(await n(h,a));return f}let c;a==="DELETE"&&(c=i(await this.getReturningRow(n,r)));let l=await n(u,a),d=i(l);if(a==="CREATE"||a==="UPDATE"){let f;o==="mssql"?f=d?.[0].id:(o==="mysql2"||o==="mariadb")&&(f=d?.insertId),c=i(await this.getReturningRow(n,this.checkLookupKeys(f,r)))}return a==="COUNT"?d:a!=="READ"?c:d.length?d:[{[a.toLowerCase()]:!0}]}getTableName(r,n){let i=r.name;if(r.sourceType==="internal"||r.sourceId===Kc){if(!r._id)return;i=r._id}return n?.[i]||i}convertJsonStringColumns(r,n,i){let o=this.getTableName(r,i);for(let[a,u]of Object.entries(r.schema)){if(!nO(u))continue;let c=`${o}.${a}`;for(let l of n)typeof l[c]=="string"&&(l[c]=JSON.parse(l[c])),typeof l[a]=="string"&&(l[a]=JSON.parse(l[a]))}return n}log(r,n){Cs(this.getSqlClient(),r,n)}},iO=Mm;var Fm={};P(Fm,{base:()=>HM});function HM(t){return{_id:Rt,language:"sqlite",sql:{tables:{},options:{table_name:t}}}}s(HM,"base");var Wm={};P(Wm,{jsonFromCsvString:()=>YM});var sO=B(require("csvtojson"));async function YM(t,e){let{ignoreEmpty:r=!1,allowSingleColumn:n=!1,possibleDelimiters:i=[",",";",":","|","~","	"," "]}=e||{};for(let o of i){let a,u=!1;try{let c=await(0,sO.default)({ignoreEmpty:r,delimiter:o}).fromString(t);for(let[,l]of c.entries()){let d=Object.keys(l);if(a==null&&(a=d),!n&&d.length===1){u=!0;break}if(a.length!==d.length){u=!0;break}for(let f of a)(l[f]===void 0||l[f]==="")&&(l[f]=null)}if(u)continue;return c}catch{continue}}throw new Error("Unable to determine delimiter")}s(YM,"jsonFromCsvString");var $m=class{static{s(this,"Endpoint")}constructor(e,r,n){this.method=e,this.url=r,this.controller=n,this.middlewares=[],this.outputMiddlewares=[]}addMiddleware(e,r){return r?.first?this.middlewares.unshift(e):this.middlewares.push(e),this}addOutputMiddleware(e,r){return r?.first?this.outputMiddlewares.unshift(e):this.outputMiddlewares.push(e),this}apply(e){let r=this.method,n=this.url,i=this.middlewares,o=this.controller,a=this.outputMiddlewares,u=s(()=>{},"complete"),c=[n,...i,o,...a,u];e[r](...c)}},kc=$m;var oO=B(require("@koa/router"));var wn=class{constructor(){this.endpoints=[];this.middlewares=[];this.outputMiddlewares=[];this.applied=!1;this.locked=!1}static{s(this,"EndpointGroup")}addGroupMiddleware(e,r={first:!0}){if(this.locked)throw new Error("Group locked, no more middleware can be added.");return this.middlewares.push({fn:e,first:r.first}),this}addGroupMiddlewareOutput(e,r={first:!1}){if(this.locked)throw new Error("Group locked, no more middleware can be added.");return this.outputMiddlewares.push({fn:e,first:r.first}),this}addEndpoint(e,r,...n){let i=n.pop(),o=new kc(e,r,i);if(n.length!==0)for(let a of n)o.addMiddleware(a);return this.endpoints.push(o),this}lockMiddleware(){this.locked=!0}post(e,...r){return this.addEndpoint("post",e,...r)}patch(e,...r){return this.addEndpoint("patch",e,...r)}put(e,...r){return this.addEndpoint("put",e,...r)}get(e,...r){return this.addEndpoint("get",e,...r)}delete(e,...r){return this.addEndpoint("delete",e,...r)}head(e,...r){return this.addEndpoint("head",e,...r)}apply(e){let r=this.endpointList();e||(e=new oO.default);for(let n of r)n.apply(e);return e}endpointList(){if(this.applied)throw new Error("Already applied to router");this.applied=!0;for(let e of this.endpoints)this.middlewares.forEach(({fn:r,first:n})=>e.addMiddleware(r,{first:n})),this.outputMiddlewares.forEach(({fn:r,first:n})=>e.addOutputMiddleware(r,{first:n}));return this.endpoints}};var ko=class{constructor(){this.groups=[]}static{s(this,"EndpointGroupList")}group(...e){let r=new wn;return e.length&&e.forEach(n=>{"first"in n?r.addGroupMiddleware(n.middleware,{first:n.first}):r.addGroupMiddleware(n)}),this.groups.push(r),r}listAllEndpoints(){let e=this.groups.flatMap(i=>i.endpointList()),r=[],n=[];for(let i of e)i.url.includes(":")?n.push(i):r.push(i);return[...r,...n]}};var zM={...Gs,...ue},JM=s((t={})=>{Ha(t.db)},"init");0&&(module.exports={APIWarning,ActiveContentFileError,AutomationViewMode,BUDIBASE_DATASOURCE_TYPE,BadRequestError,BudibaseError,Config,Cookie,DEFAULT_BB_DATASOURCE_ID,DEFAULT_EMPLOYEE_TABLE_ID,DEFAULT_EXPENSES_TABLE_ID,DEFAULT_INVENTORY_TABLE_ID,DEFAULT_JOBS_TABLE_ID,DEFAULT_TENANT_ID,DeprecatedViews,DesignDocuments,DocumentType,Duration,DurationType,EmailUnavailableError,Endpoint,EndpointGroup,EndpointGroupList,FeatureDisabledError,FeatureDisabledWarning,ForbiddenError,GlobalRole,HTTPError,Header,InternalTable,InvalidAPIKeyWarning,MAX_VALID_DATE,MIN_VALID_DATE,NotFoundError,NotImplementedError,RedisClient,SEPARATOR,SQLITE_DESIGN_DOC_ID,SQS_DATASOURCE_INTERNAL,StaticDatabases,UNICODE_MAX,USER_METADATA_PREFIX,UnexpectedError,UsageLimitError,UsageLimitWarning,UserStatus,ViewName,WORKSPACE_DEV,WORKSPACE_DEV_PREFIX,WORKSPACE_PREFIX,accounts,auth,blacklist,cache,configs,constants,context,csv,db,docIds,docUpdates,encryption,env,errors,events,features,getErrorMessage,getPublicError,init,installation,locks,logging,middleware,objectStore,permissions,platform,plugins,queue,redis,roles,security,sessions,setEnv,sql,tenancy,timers,userUtils,users,utils,warnings,withEnv});
 //# sourceMappingURL=index.js.map