@budibase/backend-core 3.33.5 → 3.34.1

package/dist/index.js

@@ -34,6 +34,6 @@ attempted value: ${o}
       emit(doc.ssoId, doc._id)
     }
   }`,"platform_users_lowercase_2")},"createPlatformUserView"),$s=s(async(t,e)=>{let r={account_by_email:iS,platform_users_lowercase_2:sS};return je(fe.PLATFORM_INFO.name,async n=>{let i=r[t];return Qf(t,e,n,i,{arrayResponse:!0})})},"queryPlatformView"),oS={by_email2:eS,by_api_key:rS,by_app:tS},Kt=s(async(t,e,r,n)=>{r||(r=Y());let i=oS[t];return Qf(t,e,r,i,n)},"queryGlobalView");async function Gs(t,e,r){let n=Y(),i=oS[t];return Ws(t,e,n,i,r)}s(Gs,"queryGlobalViewRaw");var qx=B(require("pouchdb"));var aS=require("dd-trace");var jf=class{static{s(this,"Replication")}constructor({source:e,target:r}){this.source=rt(e),this.target=rt(r),e.startsWith("app_dev")&&r.startsWith("app")?this.direction="toProduction":e.startsWith("app")&&r.startsWith("app_dev")&&(this.direction="toDev")}async close(){await Promise.all([xs(this.source),xs(this.target)])}replicate(e={}){return new Promise(r=>{this.source.replicate.to(this.target,e).on("denied",function(n){throw new Error(`Denied: Document failed to replicate ${n}`)}).on("complete",function(n){return r(n)}).on("error",function(n){throw n})})}async resolveInconsistencies(e){for(let r of e)try{let[n,i]=await Promise.all([this.source.get(r),this.target.get(r)]),o=this.replicationDelta(n,i);if(o<0||o===0&&n._rev===i._rev)continue;let a=o+1;await aS.tracer.trace("Replication.resolveInconsistencies",async u=>{u.addTags({versionsToJump:a,toFix:!0,id:r,sourceRev:n._rev,targetRev:i._rev});for(let c=0;c<a;c++){let l=await this.source.get(i._id);await this.source.put(l)}})}catch{console.warn("Cannot resolve inconsistencies for document",r)}}replicationDelta(e,r){let n=this.getRevisionNumber(e);return this.getRevisionNumber(r)-n}getRevisionNumber(e){return parseInt(e._rev?.split("-")[0]||"0")}appReplicateOpts(e={}){if(typeof e.filter=="string")return e;let r=e.filter,n=this.direction,i=n==="toDev";delete e.filter;let o=e.isCreation,a=e.tablesToSync;delete e.isCreation,delete e.tablesToSync;let u=!1,c;typeof a=="string"&&a==="all"?u=!0:a&&(c=a);let l=s((f,h)=>f?.startsWith(h+C),"startsWithID"),d=s(f=>l(f,"ro")||l(f,"li"),"isData");return{...e,filter:(f,h)=>!o&&f._id==="_design/migrations"||i&&f._id.startsWith("_design")?!1:f._deleted||l(f._id,Os)?!0:n==="toProduction"&&!o&&l(f._id,"autocolumn_state")?!1:d(f._id)?!!c?.find(p=>f._id.includes(p))||u:l(f._id,"log_au")||l(f._id,"agentlogsession")||f._id==="app_metadata"?!1:r?r(f,h):!0}}async rollback(){await this.target.destroy(),this.target=rt(this.target.name),await this.replicate()}},uS=jf;var lS=B(require("node-fetch"));var Vs=mr.removeKeyNumbering;function un(t){return t==null||t===""}s(un,"isEmpty");var Qt=class t{static{s(this,"QueryBuilder")}#l;#d;#e;#r;#n;#i;#s;#o;#t;#f;#a;#u=!1;#c;static{this.maxLimit=200}constructor(e,r,n){this.#l=e,this.#d=r,this.#e={allOr:!1,onEmptyFilter:"all",string:{},fuzzy:{},range:{},equal:{},notEqual:{},empty:{},notEmpty:{},oneOf:{},contains:{},notContains:{},containsAny:{},...n},this.#r=50,this.#s="ascending",this.#o="string",this.#t=!0}disableEscaping(){return this.#u=!0,this}setIndexBuilder(e){return this.#a=e,this}setVersion(e){return e!=null&&(this.#f=e),this}setTable(e){return this.#e.equal.tableId=e,this}setLimit(e){return e!=null&&(this.#r=e),this}setSort(e){return e!=null&&(this.#n=e),this}setSortOrder(e){return e!=null&&(this.#s=e),this}setSortType(e){return e!=null&&(this.#o=e),this}setBookmark(e){return e!=null&&(this.#i=e),this}setSkip(e){return this.#c=e,this}excludeDocs(){return this.#t=!1,this}includeDocs(){return this.#t=!0,this}addString(e,r){return this.#e.string[e]=r,this}addFuzzy(e,r){return this.#e.fuzzy[e]=r,this}addRange(e,r,n){return this.#e.range[e]={low:r,high:n},this}addEqual(e,r){return this.#e.equal[e]=r,this}addNotEqual(e,r){return this.#e.notEqual[e]=r,this}addEmpty(e,r){return this.#e.empty[e]=r,this}addNotEmpty(e,r){return this.#e.notEmpty[e]=r,this}addOneOf(e,r){return this.#e.oneOf[e]=r,this}addContains(e,r){return this.#e.contains[e]=r,this}addNotContains(e,r){return this.#e.notContains[e]=r,this}addContainsAny(e,r){return this.#e.containsAny[e]=r,this}setAllOr(){this.#e.allOr=!0}setOnEmptyFilter(e){this.#e.onEmptyFilter=e}handleSpaces(e){return this.#u?e:e.replace(/ /g,"_")}preprocess(e,{escape:r,lowercase:n,wrap:i,type:o}={}){let a=!!this.#f,u=typeof e;return e&&n&&(e=e.toLowerCase?e.toLowerCase():e),!this.#u&&r&&u==="string"&&(e=`${e}`.replace(/[ /#+\-&|!(){}\]^"~*?:\\]/g,"\\$&")),u==="string"&&!isNaN(e)&&!o?e=`"${e}"`:a&&i&&(e=u==="number"?e:`"${e}"`),e}isMultiCondition(){let e=0;for(let r of Object.values(this.#e))typeof r=="object"&&(e+=Object.keys(r).length);return e>1}compressFilters(e){let r={};for(let o of Object.keys(e)){let a=Vs(o);r[a]?r[a]=r[a].concat(e[o]):r[a]=e[o]}let n={},i=1;for(let[o,a]of Object.entries(r))n[`${i++}:${o}`]=a;return n}buildSearchQuery(){let e=this,r=this.#e&&this.#e.allOr,n=r?"":"*:*",i=!0,o={escape:!0,lowercase:!0,wrap:!0},a="";this.#e.equal.tableId&&(a=this.#e.equal.tableId,delete this.#e.equal.tableId);let u=s((S,m)=>un(m)?null:`${S}:${e.preprocess(m,o)}`,"equal"),c=s((S,m,E="AND")=>{if(un(m))return null;if(!Array.isArray(m))return`${S}:${m}`;let y=`${e.preprocess(m[0],{escape:!0})}`;for(let I=1;I<m.length;I++)y+=` ${E} ${e.preprocess(m[I],{escape:!0})}`;return`${S}:(${y})`},"contains"),l=s((S,m)=>un(m)?null:(m=e.preprocess(m,{escape:!0,lowercase:!0,type:"fuzzy"}),`${S}:/.*${m}.*/`),"fuzzy"),d=s((S,m)=>{let E=r?"*:* AND ":"",y=r?"AND":void 0;return E+"NOT "+c(S,m,y)},"notContains"),f=s((S,m)=>c(S,m,"OR"),"containsAny"),h=s((S,m)=>{if(un(m))return"*:*";if(!Array.isArray(m))if(typeof m=="string")m=m.split(",");else return"";let E=`${e.preprocess(m[0],o)}`;for(let y=1;y<m.length;y++)E+=` OR ${e.preprocess(m[y],o)}`;return`${S}:(${E})`},"oneOf");function p(S,m,E){let y="";for(let[I,O]of Object.entries(S)){I=Vs(I),I=e.preprocess(e.handleSpaces(I),{escape:!0});let w=m(I,O);if(w!=null){if(y.length>0||n.length>0){let T=E?.mode?E.mode:r?"OR":"AND";y+=` ${T} `}y+=w,(typeof O!="string"&&O!=null||typeof O=="string"&&O!==a&&O!=="")&&(i=!1)}}if(E?.returnBuilt)return y;n+=y}if(s(p,"build"),this.#e.string&&p(this.#e.string,(S,m)=>un(m)?null:(m=e.preprocess(m,{escape:!0,lowercase:!0,type:"string"}),`${S}:${m}*`)),this.#e.range&&p(this.#e.range,(S,m)=>{if(un(m)||m.low==null||m.low===""||m.high==null||m.high==="")return null;let E=e.preprocess(m.low,o),y=e.preprocess(m.high,o);return`${S}:[${E} TO ${y}]`}),this.#e.fuzzy&&p(this.#e.fuzzy,l),this.#e.equal&&p(this.#e.equal,u),this.#e.notEqual&&p(this.#e.notEqual,(S,m)=>un(m)?null:typeof m=="boolean"?`(*:* AND !${S}:${m})`:`!${S}:${e.preprocess(m,o)}`),this.#e.empty&&p(this.#e.empty,S=>(i=!1,`(*:* -${S}:["" TO *])`)),this.#e.notEmpty&&p(this.#e.notEmpty,S=>(i=!1,`${S}:["" TO *]`)),this.#e.oneOf&&p(this.#e.oneOf,h),this.#e.contains&&p(this.#e.contains,c),this.#e.notContains&&p(this.compressFilters(this.#e.notContains),d),this.#e.containsAny&&p(this.#e.containsAny,f),a&&(n=this.isMultiCondition()?`(${n})`:n,r=!1,p({tableId:a},u)),i){if(this.#e.onEmptyFilter==="none")return"";if(this.#e?.allOr)return n.replace("()","(*:*)")}return n}buildSearchBody(){let e={q:this.buildSearchQuery(),limit:Math.min(this.#r,t.maxLimit),include_docs:this.#t};if(this.#i&&(e.bookmark=this.#i),this.#n){let r=this.#s==="descending"?"-":"",n=`<${this.#o}>`;e.sort=`${r}${this.handleSpaces(this.#n)}${n}`}return e}async run(){return this.#c&&await this.#m(this.#c),await this.#p()}async#m(e){let r=this.#t,n=this.#r;this.excludeDocs();let i=e,o=0;do{let a=Math.min(t.maxLimit,i);this.setLimit(a);let{bookmark:u,rows:c}=await this.#p();this.setBookmark(u),o=c.length,i-=c.length}while(i>0&&o>0);this.#t=r,this.#r=n}async#p(){let{url:e,cookie:r}=mt(),n=`${e}/${this.#l}/_design/database/_search/${this.#d}`,i=this.buildSearchBody();try{return await cS(n,i,r)}catch(o){if(o.status===404&&this.#a)return await this.#a(),await cS(n,i,r);throw o}}};async function cS(t,e,r){let n=await(0,lS.default)(t,{body:JSON.stringify(e),method:"POST",headers:{Authorization:r}});if(n.status===404)throw n;let i=await n.json(),o={rows:[],totalRows:0};return i.rows!=null&&i.rows.length>0&&(o.rows=i.rows.map(a=>a.doc)),i.bookmark&&(o.bookmark=i.bookmark),i.total_rows&&(o.totalRows=i.total_rows),o}s(cS,"runQuery");async function dS(t,e,r,n){let i=n.bookmark,o=n.rows||[];if(n.limit&&o.length>=n.limit)return o;let a=Qt.maxLimit;n.limit&&o.length>n.limit-Qt.maxLimit&&(a=n.limit-o.length);let u=new Qt(t,e,r);u.setVersion(n.version).setBookmark(i).setLimit(a).setSort(n.sort).setSortOrder(n.sortOrder).setSortType(n.sortType),n.tableId&&u.setTable(n.tableId);let c=await u.run();if(!c.rows.length)return o;if(c.rows.length<Qt.maxLimit)return[...o,...c.rows];let l={...n,bookmark:c.bookmark,rows:[...o,...c.rows]};return await dS(t,e,r,l)}s(dS,"recursiveSearch");async function Kx(t,e,r,n){let i=n.limit;(i==null||isNaN(i)||i<0)&&(i=50),i=Math.min(i,Qt.maxLimit);let o=new Qt(t,e,r);n.version&&o.setVersion(n.version),n.tableId&&o.setTable(n.tableId),n.sort&&o.setSort(n.sort).setSortOrder(n.sortOrder).setSortType(n.sortType),n.indexer&&o.setIndexBuilder(n.indexer),n.disableEscaping&&o.disableEscaping();let a=await o.setBookmark(n.bookmark).setLimit(i).run();o.setBookmark(a.bookmark).setLimit(1),n.tableId&&o.setTable(n.tableId);let u=await o.run();return{...a,hasNextPage:u.rows&&u.rows.length>0}}s(Kx,"paginatedSearch");async function Qx(t,e,r,n){let i=n.limit;return(i==null||isNaN(i)||i<0)&&(i=1e3),n.limit=Math.min(i,1e3),{rows:await dS(t,e,r,n)}}s(Qx,"fullSearch");var Hf={};P(Hf,{createUserIndex:()=>jx});async function jx(){let t=Y(),e;try{e=await t.get("_design/database")}catch(n){n.status===404&&(e={_id:"_design/database"})}let r=s(function(n){if(n._id&&!n._id.startsWith("us_"))return;let i=["_id","_rev","password","account","license","budibaseAccess","accountPortalAccess","csrfToken"];function o(a,u){for(let c of Object.keys(a)){if(i.includes(c))continue;let l=u!=null?`${u}.${c}`:c;typeof a[c]=="string"?index(l,a[c].toLowerCase(),{facet:!0}):typeof a[c]!="object"?index(l,a[c],{facet:!0}):o(a[c],l)}}s(o,"idx"),o(n)},"fn");e.indexes={user:{index:r.toString(),analyzer:{default:"keyword",name:"perfield"}}},await t.put(e)}s(jx,"createUserIndex");function fS(t,e){let r=e.toString();if(typeof t=="object")return t.status===e||t.message?.includes(r);if(typeof t=="number")return t===e;if(typeof t=="string")return t.includes(r)}s(fS,"checkErrorCode");function Hx(t){return fS(t,409)}s(Hx,"isDocumentConflictError");var Ks={};P(Ks,{addTenantToUrl:()=>Yx,getTenantDB:()=>Yf,getTenantIDFromCtx:()=>qs,isUserInWorkspaceTenant:()=>zx});function Yf(t){return Re(sn(t))}s(Yf,"getTenantDB");function Yx(t){let e=$();if(Er()){let r=t.indexOf("?")===-1?"?":"&";t+=`${r}tenantId=${e}`}return t}s(Yx,"addTenantToUrl");var zx=s((t,e)=>{let r;return e?r=e.tenantId||ae:r=$(),(ei(t)||ae)===r},"isUserInWorkspaceTenant"),Jx=Object.values(Ci),qs=s((t,e)=>{if(!Er())return ae;e.allowNoTenant===void 0&&(e.allowNoTenant=!1),e.includeStrategies||(e.includeStrategies=Jx),e.excludeStrategies||(e.excludeStrategies=[]);let r=s(n=>{if(e.excludeStrategies?.includes(n))return!1;if(e.includeStrategies?.includes(n))return!0},"isAllowed");if(r("user")){let n=t.user?.tenantId;if(n)return n}if(r("header")){let n=t.request.headers["x-budibase-tenant-id"];if(n)return n}if(r("query")){let n=t.request.query.tenantId;if(n)return n}if(r("subdomain")){let n;try{n=new URL(Df()).host.split(":")[0]}catch(o){if(o.code!=="ERR_INVALID_URL")throw o}let i=t.host;if(n&&i.includes(n)){let o=i.substring(0,i.indexOf(`.${n}`));if(o)return o}}if(r("path")){let n=t.matched.find(a=>!!a.paramNames.find(u=>u.name==="tenantId")),i=t.originalUrl,o;if(i.includes("?")?o=i.split("?")[0]:o=i,n){let a=n.params(o,n.captures(o),{});if(a.tenantId)return a.tenantId}}e.allowNoTenant||t.throw(403,"Tenant id not set")},"getTenantIDFromCtx");var zf="app"+C,pS="/app/",mS="/app-chat/";async function Xx(t){let r=t.path.split("/")[2];if(!r)return;let n=`/${r.toLowerCase()}`,i=$();!g.isDev()&&g.MULTI_TENANCY&&(i=qs(t,{includeStrategies:["subdomain"]}));let a=(await Ce(i,()=>Bs({dev:!1}))).filter(u=>u.url&&u.url.toLowerCase()===n)[0];return a&&a.appId?a.appId:void 0}s(Xx,"resolveAppUrl");function Zx(t){return t.path.startsWith(`/${zf}`)?!0:t.path.startsWith(pS)||t.path.startsWith(mS)}s(Zx,"isServingApp");function ev(t){return t.path.startsWith("/builder/workspace/")}s(ev,"isServingBuilder");function tv(t){return hS(t.path)}s(tv,"isServingBuilderPreview");function hS(t){return new RegExp(/^\/app\/app_\w+\/preview$/).test(t)}s(hS,"isBuilderPreviewUrl");function rv(t){return t.path.startsWith("/api/public/v")}s(rv,"isPublicApiRequest");async function cn(t){let e;function r(u){u&&u.startsWith(zf)&&(e&&e!==u&&t.throw("App id conflict",403),e=u)}s(r,"setWorkspaceIdIfValid");function n(u){if(u){typeof u=="string"&&(u=[u]);for(let c of u)r(c)}}s(n,"checkPossibleValues"),n(t.request.headers["x-budibase-app-id"]),r(t.request.body?.appId);let i=nv(t.path);r(i),n(t.query?.appId);let o=hS(t.path);return(t.path.startsWith(pS)||t.path.startsWith(mS))&&!o&&r(await Xx(t)),e}s(cn,"getWorkspaceIdFromCtx");function nv(t){if(t)return t.split("?")[0].split("/").find(e=>e.startsWith(zf))}s(nv,"parseWorkspaceIdFromUrlPath");function Su(t){if(t)try{return Tu.default.verify(t,g.JWT_SECRET)}catch(e){if(g.JWT_SECRET_FALLBACK)return Tu.default.verify(t,g.JWT_SECRET_FALLBACK);throw e}}s(Su,"openJwt");function Qs(t){return g.INTERNAL_API_KEY&&g.INTERNAL_API_KEY===t?!0:!!(g.INTERNAL_API_KEY_FALLBACK&&g.INTERNAL_API_KEY_FALLBACK===t)}s(Qs,"isValidInternalAPIKey");function jt(t,e){let r=t.cookies.get(e);if(r)return Su(r)}s(jt,"getCookie");function gS(t,e,r="builder",n={sign:!0}){e&&n&&n.sign&&(e=Tu.default.sign(e,g.JWT_SECRET));let i={expires:qa,path:"/",httpOnly:!1,overwrite:!0};g.COOKIE_DOMAIN&&(i.domain=g.COOKIE_DOMAIN),t.cookies.set(r,e,i)}s(gS,"setCookie");function Ar(t,e){gS(t,null,e)}s(Ar,"clearCookie");function iv(t){return t.headers["x-budibase-type"]==="client"}s(iv,"isClient");function Jf(t){return new Promise(e=>setTimeout(e,t))}s(Jf,"timeout");function Xf(t){return!!ih[t]}s(Xf,"isAudited");function sv(t){if(typeof t!="object")return!1;try{JSON.stringify(t)}catch(e){if(e instanceof Error&&e?.message.includes("circular structure"))return!0}return!1}s(sv,"hasCircularStructure");function ov(t){return!!t.match(/^.+:\/\/.+$/)}s(ov,"urlHasProtocol");function Zf(t){return t&&!!t.match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)}s(Zf,"validEmail");var ep=(o=>(o.MILLISECONDS="milliseconds",o.SECONDS="seconds",o.MINUTES="minutes",o.HOURS="hours",o.DAYS="days",o))(ep||{}),Au={milliseconds:1,seconds:1e3,minutes:6e4,hours:36e5,days:864e5},pe=class t{constructor(e){this.ms=e}static{s(this,"Duration")}to(e){return this.ms/Au[e]}toMs(){return this.ms}toSeconds(){return this.to("seconds")}static convert(e,r,n){return n*Au[e]/Au[r]}static from(e,r){return new t(r*Au[e])}static fromSeconds(e){return t.from("seconds",e)}static fromMinutes(e){return t.from("minutes",e)}static fromHours(e){return t.from("hours",e)}static fromDays(e){return t.from("days",e)}static fromMilliseconds(e){return t.from("milliseconds",e)}};async function av(t){let e=performance.now();return[await t(),pe.fromMilliseconds(performance.now()-e)]}s(av,"time");var _u=require("undici");function uv(t,e){let r,n=null;try{let o=new URL(t);r=o.hostname,n=o.port||null}catch{return!1}let i=e.split(/[\s,]+/).filter(o=>o.length>0);for(let o of i){let u=o.replace(/^\./,"*").match(/^(.+?)(?::(\d+))?$/);if(!u||!u[1])continue;let c=u[1].toLowerCase(),l=u[2]||null,d=!1;if(c==="*")d=!0;else if(c.startsWith("*")){let h=c.slice(1);d=r===h.slice(1)||r.endsWith(h)}else d=r===c;if(d&&(!l||n===l))return!0}return!1}s(uv,"isUrlMatchingNoProxy");function cv(t){let e=process.env.GLOBAL_AGENT_HTTP_PROXY||process.env.HTTP_PROXY,n=process.env.GLOBAL_AGENT_HTTPS_PROXY||process.env.HTTPS_PROXY||e;if(!n||!n.trim())return!0;try{new URL(n.trim())}catch{return console.log("[fetch] Invalid proxy URL format:",n),!0}if(t){let i=process.env.GLOBAL_AGENT_NO_PROXY||process.env.NO_PROXY||"";if(i&&uv(t,i))return console.log("[fetch] URL matches NO_PROXY pattern, bypassing proxy",{url:t,noProxy:i}),!0}return!1}s(cv,"shouldBypassProxy");function lv(t){return new _u.Agent({connect:{rejectUnauthorized:t}})}s(lv,"createDirectAgent");function dv(t){let e=process.env.GLOBAL_AGENT_HTTP_PROXY||process.env.HTTP_PROXY,n=(process.env.GLOBAL_AGENT_HTTPS_PROXY||process.env.HTTPS_PROXY||e).trim();console.log("[fetch] Creating ProxyAgent",{proxyUrl:n,rejectUnauthorized:t});let i={uri:n,requestTls:{rejectUnauthorized:t}};return n.startsWith("https://")&&(i.proxyTls={rejectUnauthorized:t}),new _u.ProxyAgent(i)}s(dv,"createProxyAgent");function fv(t){let e=t?.rejectUnauthorized??!0;return cv(t?.url)?lv(e):dv(e)}s(fv,"createDispatcher");function pv(t){return fv(t)}s(pv,"getDispatcher");var tp=require("util"),rp=B(require("zlib"));var mv=(0,tp.promisify)(rp.default.gzip),hv=(0,tp.promisify)(rp.default.gunzip),Ou="gzip:",gv=s(async t=>{let e=await mv(t);return`${Ou}${e.toString("base64")}`},"gzipToBase64"),Ev=s(async t=>{let e=t.startsWith(Ou)?t.slice(Ou.length):t,r=Buffer.from(e,"base64");return(await hv(new Uint8Array(r))).toString("utf8")},"gunzipFromBase64");function yv(t){let e=t.get("authorization");if(!e)return null;let r=e.match(/^Bearer\s+(.+)$/i);return r?r[1]:null}s(yv,"getBearerToken");function Tv(t){let e="",r=-1,n,i,o=t.opts?.repeat;return o&&(i=o.endDate?new Date(o.endDate).getTime():Date.now(),n=o.tz,"cron"in o?e=o.cron:r=o.every),{id:t.id.toString(),name:"",key:t.id.toString(),tz:n,endDate:i,cron:e,every:r,next:0}}s(Tv,"jobToJobInformation");var Iu=class{static{s(this,"InMemoryQueue")}constructor(e,r){this._name=e,this._opts=r,this._messages=[],this._emitter=new ES.default.EventEmitter,this._runCount=0,this._addCount=0,this._queuedJobIds=new Set,this._attempts=r?.defaultJobOptions?.attempts||1}async process(e,r){r=typeof e=="number"?r:e,this._emitter.on("message",async n=>{if(!n.manualTrigger&&n.opts?.repeat!=null)return;function i(){return r.length===1?r(n):new Promise((c,l)=>{r(n,s((f,h)=>{f?l(f):c(h)},"done"))})}s(i,"execute");let o=this._attempts;async function a(c,l=0){try{return await c}catch(d){if(l++,l<o&&!n._isDiscarded)return await Ue.wait(100*l),await a(i(),l);throw d}}s(a,"retryFunc");try{let c=await a(i());this._emitter.emit("completed",n,c);let l=this._messages.indexOf(n);if(l===-1)throw"Failed deleting a processed message";this._messages.splice(l,1)}catch(c){console.error(c),this._emitter.emit("error",n,c)}this._runCount++;let u=n.opts?.jobId?.toString();u&&n.opts?.removeOnComplete&&this._queuedJobIds.delete(u)})}async isReady(){return this}async add(e,r){if(typeof e=="string")throw new Error("doesn't support named jobs");let n=r,i=n?.jobId?.toString();if(i&&this._queuedJobIds.has(i)){console.log(`Ignoring already queued job ${i}`);return}if(typeof e!="object")throw"Queue only supports carrying JSON.";i&&this._queuedJobIds.add(i);let o=ee(),a=s(()=>{let c={id:o,timestamp:Date.now(),queue:this,data:e,opts:n,discard:async()=>{c._isDiscarded=!0}};this._messages.push(c),this._messages.length>1e3&&this._messages.shift(),this._addCount++,this._emitter.emit("message",c)},"pushMessage"),u=n?.delay;return u?setTimeout(a,u):a(),{id:i,finished:()=>new Promise((c,l)=>{let d=s((h,p)=>{h.id===o&&(this._emitter.off("error",d),this._emitter.off("completed",f),l(p))},"errorHandler"),f=s((h,p)=>{h.id===o&&(this._emitter.off("error",d),this._emitter.off("completed",f),c(p))},"completedHandler");this._emitter.on("error",d),this._emitter.on("completed",f)})}}async close(){}async removeRepeatableByKey(e){for(let[r,n]of this._messages.entries())if(n.id===e){this._messages.splice(r,1),this._emitter.emit("removed",n);return}}async removeJobs(e){}async clean(){return[]}async getJob(e){for(let r of this._messages)if(r.id===e)return r;return null}manualTrigger(e){for(let r of this._messages)if(r.id===e){this._emitter.emit("message",{...r,manualTrigger:!0});return}throw new Error(`Job with id ${e} not found`)}on(e,r){return this._emitter.on(e,r),this}off(e,r){return this._emitter.off(e,r),this}async count(){return this._messages.length}async getCompletedCount(){return this._runCount}async getRepeatableJobs(){return this._messages.filter(e=>e.opts?.repeat!=null).map(e=>Tv(e))}async whenCurrentJobsFinished(){do await Jf(50);while(this.hasRunningJobs())}hasRunningJobs(){return this._addCount>this._runCount}},yS=Iu;var sp=B(require("bull"));var ai=(d=>(d.AUTOMATION="automationQueue",d.APP_BACKUP="appBackupQueue",d.AUDIT_LOG="auditLogQueue",d.SYSTEM_EVENT_QUEUE="systemEventQueue",d.APP_MIGRATION="appMigration",d.DOC_WRITETHROUGH_QUEUE="docWritethroughQueue",d.DEV_REVERT_PROCESSOR="devRevertProcessorQueue",d.BATCH_USER_SYNC_PROCESSOR="batchUserSyncProcessorQueue",d.RAG_INGESTION="ragIngestionQueue",d.AGENT_LOG_INDEXING="agentLogIndexingQueue",d))(ai||{});function TS(t,e,r){_v(t,e),r&&Sv(t,r)}s(TS,"addListeners");function Sv(t,e){t.on("stalled",async r=>{if(e)await e(r);else if(r.opts.repeat){let n=r.id,i=await t.getRepeatableJobs();for(let o of i)o.id===n&&await t.removeRepeatableByKey(o.key);console.log(`jobId=${n} disabled`)}})}s(Sv,"handleStalled");function it(t,e,r={},n={}){let i=`[BULL] ${t}=${e}`,o=r.error,a={_logKey:"bull",eventType:t,event:e,job:r.job,jobId:r.jobId||r.job?.id,...n},u;return r.job?.data?.automation&&(u={_logKey:"automation",trigger:r.job?r.job.data.automation.definition.trigger.event:void 0}),[i,o,a,u]}s(it,"getLogParams");var Av={automationQueue:"automation-event",appBackupQueue:"app-backup-event",auditLogQueue:"audit-log-event",systemEventQueue:"system-event",appMigration:"app-migration",docWritethroughQueue:"doc-writethrough",devRevertProcessorQueue:"dev-revert-event",batchUserSyncProcessorQueue:"batch-user-sync-processor",ragIngestionQueue:"rag-ingestion-processor",agentLogIndexingQueue:"agent-log-indexing-processor"};function _v(t,e){let r=Av[e];function n(i,o){let a=i.data.event?.appId;if(a)return Rf(a,o);o()}s(n,"doInJobContext"),t.on("stalled",async i=>{await n(i,()=>{console.error(...it(r,"stalled",{job:i}))})}).on("error",i=>{console.error(...it(r,"error",{error:i}))}),process.env.NODE_DEBUG?.includes("bull")&&t.on("waiting",i=>{console.info(...it(r,"waiting",{jobId:i}))}).on("active",async i=>{await n(i,()=>{console.info(...it(r,"active",{job:i}))})}).on("progress",async(i,o)=>{await n(i,()=>{console.info(...it(r,"progress",{job:i},{progress:o}))})}).on("completed",async(i,o)=>{await n(i,()=>{console.info(...it(r,"completed",{job:i},{result:o}))})}).on("failed",async(i,o)=>{await n(i,()=>{console.error(...it(r,"failed",{job:i,error:o}))})}).on("paused",()=>{console.info(...it(r,"paused"))}).on("resumed",()=>{console.info(...it(r,"resumed"))}).on("cleaned",(i,o)=>{console.info(...it(r,"cleaned",{},{length:i.length,type:o}))}).on("drained",()=>{console.info(...it(r,"drained"))}).on("removed",i=>{console.info(...it(r,"removed",{job:i}))})}s(_v,"logging");var wu={};P(wu,{cleanup:()=>Ov,clear:()=>ip,set:()=>np});var js=[];function np(t,e){let r=setInterval(t,e);return js.push(r),r}s(np,"set");function ip(t){let e=js.indexOf(t);e!==-1&&js.splice(e,1),clearInterval(t)}s(ip,"clear");function Ov(){for(let t of js)clearInterval(t);js=[]}s(Ov,"cleanup");var Ht=B(require("dd-trace")),Hs=B(require("object-sizeof"));var Iv=pe.fromMinutes(5).toMs(),wv=pe.fromSeconds(30).toMs(),op=pe.fromSeconds(60).toMs(),Ys=[],Du;async function SS(){for(let t of Ys)await t.clean(op,"completed"),await t.clean(op,"failed")}s(SS,"cleanup");async function Dv(t,e,r){let n=performance.now();try{let i=await e();return Ht.default.dogstatsd.increment(`${t}.success`,1,r),i}catch(i){throw Ht.default.dogstatsd.increment(`${t}.error`,1,r),i}finally{let i=performance.now()-n;Ht.default.dogstatsd.distribution(`${t}.duration.ms`,i,r),Ht.default.dogstatsd.increment(t,1,r)}}s(Dv,"withMetrics");function AS(t){return{"job.opts.attempts":t.attempts,"job.opts.backoff":t.backoff,"job.opts.delay":t.delay,"job.opts.jobId":t.jobId,"job.opts.lifo":t.lifo,"job.opts.preventParsingData":t.preventParsingData,"job.opts.priority":t.priority,"job.opts.removeOnComplete":t.removeOnComplete,"job.opts.removeOnFail":t.removeOnFail,"job.opts.repeat":t.repeat,"job.opts.stackTraceLimit":t.stackTraceLimit,"job.opts.timeout":t.timeout}}s(AS,"jobOptsTags");function Rv(t){return{"job.id":t.id,"job.attemptsMade":t.attemptsMade,"job.timestamp":t.timestamp,"job.data.sizeBytes":(0,Hs.default)(t.data),...AS(t.opts||{})}}s(Rv,"jobTags");var Et=class{static{s(this,"BudibaseQueue")}constructor(e,r={}){this.opts=r,this.jobQueue=e,this.queue=this.initQueue()}get name(){return this.queue.name}initQueue(){let r={redis:rn(),settings:{maxStalledCount:this.opts.maxStalledCount?this.opts.maxStalledCount:0,lockDuration:Iv,lockRenewTime:wv}};this.opts.jobOptions&&(r.defaultJobOptions=this.opts.jobOptions);let n;return g.isTest()?process.env.BULL_TEST_REDIS_PORT&&!isNaN(+process.env.BULL_TEST_REDIS_PORT)?n=new sp.default(this.jobQueue,{...r,redis:{host:"localhost",port:+process.env.BULL_TEST_REDIS_PORT}}):n=new yS(this.jobQueue,r):n=new sp.default(this.jobQueue,r),TS(n,this.jobQueue,this.opts.removeStalledCb),Ys.push(n),!Du&&!g.isTest()&&(Du=np(SS,op),SS().catch(i=>{console.error(`Unable to cleanup ${this.jobQueue} initially - ${i}`)})),n}getBullQueue(){return this.queue}process(...e){let r,n;e.length===2?(r=e[0],n=e[1]):n=e[0];let i=s(async(a,u)=>{await Ht.default.trace("queue.process",async c=>{if(a.data._parentSpanContext){let l=a.data._parentSpanContext,d={traceId:l.traceId,spanId:l.spanId,toTraceId:()=>l.traceId,toSpanId:()=>l.spanId,toTraceparent:()=>""};c.addLink(d)}c.addTags({"queue.name":this.jobQueue,...Rv(a)}),this.opts.jobTags&&c.addTags(this.opts.jobTags(a.data)),Ht.default.dogstatsd.distribution("queue.process.sizeBytes",(0,Hs.default)(a.data),this.metricTags()),await this.withMetrics("queue.process",()=>u?n(a,u):n(a))})},"processCallback"),o;return n.length===1?o=s(a=>i(a),"wrappedCb"):o=i,r?this.queue.process(r,o):this.queue.process(o)}async add(e,r){return await Ht.default.trace("queue.add",async n=>(n.addTags({"queue.name":this.jobQueue,"job.data.sizeBytes":(0,Hs.default)(e),...AS(r||{})}),this.opts.jobTags&&n.addTags(this.opts.jobTags(e)),e._parentSpanContext={traceId:n.context().toTraceId(),spanId:n.context().toSpanId()},Ht.default.dogstatsd.distribution("queue.add.sizeBytes",(0,Hs.default)(e),this.metricTags()),await this.withMetrics("queue.add",()=>this.queue.add(e,r))))}withMetrics(e,r){return Dv(e,r,this.metricTags())}metricTags(){return{queueName:this.jobQueue}}close(e){return this.queue.close(e)}whenCurrentJobsFinished(){return this.queue.whenCurrentJobsFinished()}};async function Cv(){Du&&ip(Du),console.log("Waiting for current queue jobs to finish...");for(let t of Ys)await t.whenCurrentJobsFinished();console.log("Closing queue Redis connections...");for(let t of Ys)await t.close();Ys=[],console.log("Queues shutdown")}s(Cv,"shutdown");var ro={};P(ro,{correlation:()=>zs,logAlert:()=>fn,logAlertWithInfo:()=>fP,logWarn:()=>li,logger:()=>Uu,system:()=>Ap});var zs={};P(zs,{getId:()=>ap,setHeader:()=>bv});var _S=require("correlation-id"),bv=s(t=>{let e=_S.getId();e&&(t["x-budibase-correlation-id"]=e)},"setHeader");function ap(){return _S.getId()}s(ap,"getId");var Nu=B(require("pino")),XS=B(require("pino-pretty")),_p=B(require("dd-trace")),ZS=require("dd-trace/ext");var Ap={};P(Ap,{getLogReadStream:()=>oP,getSingleFileMaxSizeInfo:()=>JS,localFileDestination:()=>Sp});var to=B(require("fs")),Tp=B(require("path")),jS=B(require("rotating-file-stream"));var yp={};P(yp,{ObjectStore:()=>st,ObjectStoreBuckets:()=>vv,SIGNED_FILE_PREFIX:()=>mp,bucketTTLConfig:()=>Ru,budibaseTempDir:()=>ln,client3rdPartyLibrary:()=>Zv,clientLibraryPath:()=>Xv,clientLibraryUrl:()=>eP,createBucketIfNotExists:()=>eo,deleteFile:()=>Vv,deleteFiles:()=>qv,deleteFolder:()=>LS,downloadTarball:()=>Qv,downloadTarballDirect:()=>Kv,enrichPWAImages:()=>tP,enrichPluginURLs:()=>nP,extractBucketAndPath:()=>up,getAllFiles:()=>Wv,getAppFileUrl:()=>BS,getClientCacheKey:()=>FS,getGlobalFileS3Key:()=>WS,getGlobalFileUrl:()=>rP,getObjectMetadata:()=>jv,getPluginIconKey:()=>VS,getPluginJSKey:()=>GS,getPluginS3Dir:()=>KS,getPresignedUrl:()=>dn,getReadStream:()=>Cu,listAllObjects:()=>hp,objectExists:()=>Hv,processAutomationAttachment:()=>Nv,processObjectStoreAttachment:()=>RS,retrieve:()=>US,retrieveDirectory:()=>Gv,retrieveToTmp:()=>$v,sanitizeBucket:()=>xe,sanitizeKey:()=>ge,streamUpload:()=>NS,streamUploadMany:()=>Bv,upload:()=>Fv,uploadDirectory:()=>gp});var xu=require("@aws-sdk/client-s3"),cp=require("@aws-sdk/lib-storage"),CS=require("@aws-sdk/s3-request-presigner"),bS=require("@smithy/node-http-handler");var Yt=B(require("dd-trace")),ui=B(require("fs")),Xs=B(require("fs/promises")),xS=B(require("https")),lp=B(require("node-fetch")),Or=require("path"),vu=B(require("stream")),Zs=require("stream/promises"),dp=B(require("tar-fs")),fp=require("uuid"),pp=B(require("zlib"));var OS=B(require("fs")),IS=require("os"),Js=B(require("path")),wS=B(require("stream"));var vv={BACKUPS:g.BACKUPS_BUCKET_NAME,APPS:g.APPS_BUCKET_NAME,TEMPLATES:g.TEMPLATES_BUCKET_NAME,GLOBAL:g.GLOBAL_BUCKET_NAME,PLUGINS:g.PLUGIN_BUCKET_NAME,TEMP:g.TEMP_BUCKET_NAME},DS=(0,Js.join)((0,IS.tmpdir)(),".budibase");try{OS.default.mkdirSync(DS)}catch(t){if(t.code!=="EEXIST")throw t}function ln(){return DS}s(ln,"budibaseTempDir");var Ru=s((t,e)=>{let n={Rules:[{ID:`${t}-ExpireAfter${e}days`,Prefix:"",Status:"Enabled",Expiration:{Days:e}}]};return{Bucket:t,LifecycleConfiguration:n}},"bucketTTLConfig");async function Pv(t){let e=await fetch(t.url);if(!e.ok||!e.body)throw new Error(`Unexpected response ${e.statusText}`);let r=Js.default.basename(new URL(t.url).pathname);if(!e.body)throw new Error("No response received for attachment");return{filename:t.filename||r,content:wS.default.Readable.fromWeb(e.body)}}s(Pv,"processUrlAttachment");async function RS(t){let e=up(t.url);if(e===null)throw new Error("Invalid signed URL");let{bucket:r,path:n}=e,{stream:i}=await Cu(r,n),o=Js.default.basename(n);return{bucket:r,path:n,filename:t.filename||o,content:i}}s(RS,"processObjectStoreAttachment");async function Nv(t){return t.url?.startsWith("http://")||t.url?.startsWith("https://")?await Pv(t):await RS(t)}s(Nv,"processAutomationAttachment");var Uv=require("sanitize-s3-objectkey"),Lv={bucketCreationPromises:{}},mp="/files/signed",_r={txt:"text/plain",html:"text/html",css:"text/css",js:"application/javascript",json:"application/json",gz:"application/gzip",svg:"image/svg+xml",form:"multipart/form-data"},Mv=[_r.html,_r.css,_r.js,_r.json];function ge(t){return Uv(xe(t)).replace(/\\/g,"/")}s(ge,"sanitizeKey");function xe(t){return t.replace(new RegExp(tt,"g"),et)}s(xe,"sanitizeBucket");function st(t={presigning:!1}){let e={forcePathStyle:!0,credentials:{accessKeyId:g.MINIO_ACCESS_KEY,secretAccessKey:g.MINIO_SECRET_KEY},region:g.AWS_REGION};if(!g.MINIO_ENABLED&&g.AWS_SESSION_TOKEN&&(e.credentials={accessKeyId:g.MINIO_ACCESS_KEY,secretAccessKey:g.MINIO_SECRET_KEY,sessionToken:g.AWS_SESSION_TOKEN}),g.MINIO_URL&&(t.presigning&&g.MINIO_ENABLED?e.endpoint="http://minio-service":e.endpoint=g.MINIO_URL),g.S3_IGNORE_SELF_SIGNED==="true"){let r=new xS.default.Agent({rejectUnauthorized:!1});e.requestHandler=new bS.NodeHttpHandler({httpsAgent:r})}return new xu.S3(e)}s(st,"ObjectStore");async function eo(t,e){e=xe(e);try{return await t.headBucket({Bucket:e}),{created:!1,exists:!0}}catch(r){let n=r.statusCode||r.$response?.statusCode,i=Lv.bucketCreationPromises,o=n===404,a=n===403;if(i[e])return await i[e],{created:!1,exists:!0};if(o||a){if(o)return i[e]=t.createBucket({Bucket:e}).catch(u=>{if(u.Code!=="BucketAlreadyOwnedByYou")throw u}),await i[e],delete i[e],{created:!0,exists:!1};throw new Error("Access denied to object store bucket."+r)}else throw new Error("Unable to write to object store bucket.")}}s(eo,"createBucketIfNotExists");var kv=s((t,e)=>{if(e)return e;let r=t.split(".").pop();return r?_r[r.toLowerCase()]:_r.txt},"resolveContentType"),vS=s(async(t,e,r)=>{let n=xe(t),i=st(),o=await eo(i,n);if(r.addTags({bucketCreated:o.created,bucketExists:o.exists}),e&&o.created){let a=Ru(n,e);await i.putBucketLifecycleConfiguration(a)}return{bucket:n,client:i,bucketCreated:o}},"initialiseBucket"),PS=s(async({client:t,bucket:e,filename:r,stream:n,type:i,extra:o})=>{if(!n)throw new Error("Stream to upload is invalid/undefined");let a=kv(r,i),u=ge(r),c={Bucket:e,Key:u,Body:n,ContentType:a,...o??{}};return{details:await new cp.Upload({client:t,params:c}).done(),contentType:a}},"streamUploadInternal");async function Fv({bucket:t,filename:e,path:r,type:n,metadata:i,body:o,ttl:a}){let u=e.split(".").pop(),c=r?(await Xs.default.open(r)).createReadStream():o,l=st(),d=await eo(l,t);if(a&&d.created){let m=Ru(t,a);await l.putBucketLifecycleConfiguration(m)}let f=n,h=f||(u?_r[u.toLowerCase()]:_r.txt),p={Bucket:xe(t),Key:ge(e),Body:c,ContentType:h};if(i&&typeof i=="object"){for(let m of Object.keys(i))(!i[m]||typeof i[m]!="string")&&delete i[m];p.Metadata=i}return new cp.Upload({client:l,params:p}).done()}s(Fv,"upload");async function NS({bucket:t,stream:e,filename:r,type:n,extra:i,ttl:o}){return await Yt.default.trace("streamUpload",async a=>{a.addTags({bucketName:t,filename:r,type:n,ttl:o});let u=r.split(".").pop();a.addTags({extension:u});let{bucket:c,client:l}=await vS(t,o,a),{details:d,contentType:f}=await PS({client:l,bucket:c,filename:r,stream:e,type:n,extra:i}),h=await l.headObject({Bucket:c,Key:ge(r)});return a.addTags({contentType:f,contentLength:h.ContentLength}),{...d,ContentLength:h.ContentLength}})}s(NS,"streamUpload");async function Bv({bucket:t,files:e,ttl:r}){return await Yt.default.trace("streamUploadMany",async i=>{if(i.addTags({bucketName:t,ttl:r,fileCount:e.length}),!e.length)return[];let{bucket:o,client:a}=await vS(t,r,i),u=e.map((l,d)=>({...l,index:d})),c=new Array(e.length);return await _t.parallelForeach(u,async l=>{let{details:d}=await PS({client:a,bucket:o,filename:l.filename,stream:l.stream,type:l.type,extra:l.extra});c[l.index]=d},10),c})}s(Bv,"streamUploadMany");async function US(t,e){return await Yt.default.trace("retrieve",async r=>{r.addTags({bucketName:t,filepath:e});let n=st(),i={Bucket:xe(t),Key:ge(e)},o=await n.getObject(i);if(!o.Body)throw new Error("Unable to retrieve object");if(r.addTags({contentLength:o.ContentLength,contentType:o.ContentType}),Mv.includes(o.ContentType))return r.addTags({string:!0}),o.Body.transformToString();{r.addTags({string:!1});let a=o.Body.transformToWebStream();return vu.default.Readable.fromWeb(a)}})}s(US,"retrieve");async function*hp(t,e){let r=st(),n=s((a={})=>r.listObjectsV2({...a,Bucket:xe(t),Prefix:ge(e)}),"list"),i=!1,o;do{let a={};o&&(a.ContinuationToken=o);let u=await n(a);if(u.Contents)for(let c of u.Contents)yield c;i=!!u.IsTruncated,o=u.NextContinuationToken}while(i&&o)}s(hp,"listAllObjects");async function Wv(t,e){let r={};return await _t.parallelForeach(hp(t,e),async n=>{if(!n.Key)throw new Error("file.Key must be defined");r[n.Key]=n},5),r}s(Wv,"getAllFiles");async function dn(t,e,r=3600){let n=st({presigning:!0}),i={Bucket:xe(t),Key:ge(e)},o=await(0,CS.getSignedUrl)(n,new xu.GetObjectCommand(i),{expiresIn:r});if(g.MINIO_ENABLED){let a=new URL(o),u=a.pathname,c=a.search;return`${mp}${u}${c}`}else return o}s(dn,"getPresignedUrl");async function $v(t,e){return await Yt.default.trace("retrieveToTmp",async r=>{r.addTags({bucketName:t,filepath:e}),t=xe(t),e=ge(e);let n=await US(t,e),i=(0,Or.join)(ln(),(0,fp.v4)());return r.addTags({outputPath:i}),n instanceof vu.default.Readable?(r.addTags({stream:!0}),await(0,Zs.pipeline)(n,ui.default.createWriteStream(i))):(r.addTags({stream:!1}),ui.default.writeFileSync(i,n)),i})}s($v,"retrieveToTmp");async function Gv(t,e,r){return await Yt.default.trace("retrieveDirectory",async n=>{n.addTags({bucketName:t,path:e});let i=(0,Or.join)(ln(),(0,fp.v4)());await Xs.default.mkdir(i,{recursive:!0});let o=0;return await _t.parallelForeach(hp(t,e),async a=>{let{Key:u}=a;!u||r?.some(c=>c.test(u))||(o++,await Yt.default.trace("retrieveDirectory.object",async c=>{let l=a.Key;c.addTags({filename:l});let{stream:d}=await Cu(t,l),f=l.split("/"),h=f.slice(0,f.length-1),p=(0,Or.join)(i,...h);f.length>1&&!ui.default.existsSync(p)&&await Xs.default.mkdir(p,{recursive:!0}),await(0,Zs.pipeline)(d,ui.default.createWriteStream((0,Or.join)(i,...f),{mode:420}))}))},5),n.addTags({numObjects:o}),i})}s(Gv,"retrieveDirectory");async function Vv(t,e){let r=st();await eo(r,t);let n={Bucket:t,Key:ge(e)};return r.deleteObject(n)}s(Vv,"deleteFile");async function qv(t,e){let r=st();await eo(r,t);let n={Bucket:t,Delete:{Objects:e.map(i=>({Key:ge(i)}))}};return r.deleteObjects(n)}s(qv,"deleteFiles");async function LS(t,e){t=xe(t),e=ge(e);let r=st(),n={Bucket:t,Prefix:e},i=await r.listObjects(n);if(i.Contents?.length===0)return;let o={Bucket:t,Delete:{Objects:[]}};if(i.Contents?.forEach(a=>{o.Delete.Objects.push({Key:a.Key})}),o.Delete.Objects.length&&(await r.deleteObjects(o)).Deleted?.length===1e3)return LS(t,e)}s(LS,"deleteFolder");async function gp(t,e,r){return await Yt.default.trace("uploadDirectory",async n=>{n.addTags({bucketName:t,localPath:e,bucketPath:r}),t=xe(t);let i=await Xs.default.readdir(e,{withFileTypes:!0});n.addTags({numFiles:i.length});for(let o of i){let a=ge((0,Or.join)(r,o.name)),u=(0,Or.join)(e,o.name);o.isDirectory()?await gp(t,u,a):await NS({bucket:t,filename:a,stream:ui.default.createReadStream(u)})}return i})}s(gp,"uploadDirectory");async function Kv(t,e,r={}){e=ge(e);let n=await(0,lp.default)(t,{headers:r});if(!n.ok)throw new Error(`unexpected response ${n.statusText}`);await(0,Zs.pipeline)(n.body,pp.default.createUnzip(),dp.default.extract(e))}s(Kv,"downloadTarballDirect");async function Qv(t,e,r){e=xe(e),r=ge(r);let n=await(0,lp.default)(t);if(!n.ok)throw new Error(`unexpected response ${n.statusText}`);let i=(0,Or.join)(ln(),r);return await(0,Zs.pipeline)(n.body,pp.default.createUnzip(),dp.default.extract(i)),!g.isTest()&&g.SELF_HOSTED&&await gp(e,i,r),i}s(Qv,"downloadTarball");async function Cu(t,e){return await Yt.default.trace("getReadStream",async r=>{t=xe(t),e=ge(e),r.addTags({bucketName:t,path:e});let n=st(),i={Bucket:t,Key:e},o=await n.getObject(i);if(!o.Body||!(o.Body instanceof vu.default.Readable))throw new Error("Unable to retrieve stream - invalid response");return r.addTags({contentLength:o.ContentLength,contentType:o.ContentType}),{stream:o.Body,contentLength:o.ContentLength,contentType:o.ContentType}})}s(Cu,"getReadStream");async function jv(t,e){t=xe(t),e=ge(e);let r=st(),n={Bucket:t,Key:e};try{return await r.headObject(n)}catch{throw new Error("Unable to retrieve metadata from object")}}s(jv,"getObjectMetadata");async function Hv(t,e){t=xe(t),e=ge(e);let r=st(),n={Bucket:t,Key:e};try{return await r.headObject(n),!0}catch(i){if((i.statusCode||i.$response?.statusCode)===404)return!1;throw i}}s(Hv,"objectExists");function up(t){let e=t.split("?")[0],r=new RegExp(`^${mp}/(?<bucket>[^/]+)/(?<path>.+)$`),n=e.match(r);if(n&&n.groups){let{bucket:i,path:o}=n.groups;return{bucket:i,path:o}}return null}s(up,"extractBucketAndPath");var kS=B(require("querystring"));var MS=B(require("aws-cloudfront-sign"));var Pu;function Yv(){if(!g.CLOUDFRONT_PRIVATE_KEY_64)throw new Error("CLOUDFRONT_PRIVATE_KEY_64 is not set");return Pu||(Pu=Buffer.from(g.CLOUDFRONT_PRIVATE_KEY_64,"base64").toString("utf-8"),Pu)}s(Yv,"getPrivateKey");var zv=s(()=>({keypairId:g.CLOUDFRONT_PUBLIC_KEY_ID,privateKeyString:Yv(),expireTime:new Date().getTime()+1e3*60*60*24}),"getCloudfrontSignParams"),ci=s(t=>{let e=Jv(t);return MS.getSignedUrl(e,zv())},"getPresignedUrl"),Jv=s(t=>{let e="/";return t.startsWith("/")&&(e=""),`${g.CLOUDFRONT_CDN}${e}${t}`},"getUrl");function Xv(t){return`${ge(t)}/budibase-client.js`}s(Xv,"clientLibraryPath");function Zv(t,e){return`${ge(t)}/${e}`}s(Zv,"client3rdPartyLibrary");async function eP(t,e){return`/api/assets/${t}/client?${await FS(e)}`}s(eP,"clientLibraryUrl");async function FS(t){let e,r;try{e=$()}finally{r={version:t}}return e&&e!==ae&&(r.tenantId=e),kS.default.encode(r)}s(FS,"getClientCacheKey");async function BS(t){return g.CLOUDFRONT_CDN?ci(t):await dn(g.APPS_BUCKET_NAME,t)}s(BS,"getAppFileUrl");async function tP(t){if(t.length===0)return[];try{return await Promise.all(t.map(async e=>({...e,src:await BS(e.src),type:e.type||"image/png"})))}catch(e){return console.error("Error enriching PWA images:",e),t}}s(tP,"enrichPWAImages");var rP=s(async(t,e,r)=>{let n=WS(t,e);return g.CLOUDFRONT_CDN?(r&&(n=`${n}?etag=${r}`),ci(n)):await dn(g.GLOBAL_BUCKET_NAME,n)},"getGlobalFileUrl"),WS=s((t,e)=>{let r=`${t}/${e}`;return g.MULTI_TENANCY&&(r=`${$()}/${r}`),r},"getGlobalFileS3Key");async function nP(t){return!t||!t.length?[]:await Promise.all(t.map(async e=>{let r=await iP(e),n=await sP(e);return{...e,jsUrl:r,iconUrl:n}}))}s(nP,"enrichPluginURLs");async function iP(t){let e=GS(t);return $S(e)}s(iP,"getPluginJSUrl");async function sP(t){let e=VS(t);if(e)return $S(e)}s(sP,"getPluginIconUrl");async function $S(t){return g.CLOUDFRONT_CDN?ci(t):await dn(g.PLUGIN_BUCKET_NAME,t)}s($S,"getPluginUrl");function GS(t){return qS(t,"plugin.min.js")}s(GS,"getPluginJSKey");function VS(t){let e=t.iconUrl?"icon.svg":t.iconFileName;if(e)return qS(t,e)}s(VS,"getPluginIconKey");function qS(t,e){return`${KS(t.name)}/${e}`}s(qS,"getPluginS3Key");function KS(t){let e=`${t}`;return g.MULTI_TENANCY&&(e=`${$()}/${e}`),g.CLOUDFRONT_CDN&&(e=`plugins/${e}`),e}s(KS,"getPluginS3Dir");var HS="budibase.log",YS="budibase-logs-history.txt",zS=Tp.default.join(ln(),"systemlogs");function QS(t){return Tp.default.join(zS,t)}s(QS,"getFullPath");function JS(t){let e=/(\d+)([A-Za-z])/,r=t?.match(e);if(!r){console.warn("totalMaxSize does not have a valid value",{totalMaxSize:t});return}let n=+r[1],i=r[2];if(n===1)switch(i){case"B":return{size:`${n}B`,totalHistoryFiles:1};case"K":return{size:`${n*1e3/2}B`,totalHistoryFiles:1};case"M":return{size:`${n*1e3/2}K`,totalHistoryFiles:1};case"G":return{size:`${n*1e3/2}M`,totalHistoryFiles:1};default:return}return n%2===0?{size:`${n/2}${i}`,totalHistoryFiles:1}:{size:`1${i}`,totalHistoryFiles:n-1}}s(JS,"getSingleFileMaxSizeInfo");function Sp(){let t=JS(g.ROLLING_LOG_MAX_SIZE);return jS.createStream(HS,{size:t?.size,path:zS,maxFiles:t?.totalHistoryFiles||1,immutable:!0,history:YS,initialRotation:!1})}s(Sp,"localFileDestination");function oP(){let t=[],e=QS(YS);if(to.default.existsSync(e)){let i=to.default.readFileSync(e,"utf-8").split(`
-`);for(let o of i.filter(a=>a))t.push(to.default.readFileSync(o))}return t.push(to.default.readFileSync(QS(HS))),Buffer.concat(t.map(n=>new Uint8Array(n)))}s(oP,"getLogReadStream");function aP(t){return typeof t=="object"&&t!==null&&!(t instanceof Error)}s(aP,"isPlainObject");function uP(t){return t instanceof Error}s(uP,"isError");function cP(t){return typeof t=="string"}s(cP,"isMessage");var Ir;if(!g.DISABLE_PINO_LOGGER){let t=g.LOG_LEVEL,e={level:t,formatters:{level:c=>({level:c.toUpperCase()}),bindings:()=>g.SELF_HOSTED?{service:g.SERVICE_NAME}:{}},timestamp:()=>`,"timestamp":"${new Date(Date.now()).toISOString()}"`},r=[];r.push(g.isDev()?{stream:(0,XS.default)({singleLine:!0}),level:t}:{stream:process.stdout,level:t}),g.SELF_HOSTED&&r.push({stream:Sp(),level:t}),Ir=r.length?(0,Nu.default)(e,Nu.default.multistream(r)):(0,Nu.default)(e);let n=s(c=>{let l,d=[],f="";c.forEach(E=>{cP(E)&&(f=`${f} ${E}`.trimStart()),aP(E)&&d.push(E),uP(E)&&(l=E)});let h=u(),p={};p={tenantId:i(),appId:o(),automationId:a(),identityId:h?._id,identityType:h?.type,correlationId:ap()};let S=_p.default.scope().active();S&&_p.default.inject(S.context(),ZS.formats.LOG,p);let m={err:l,pid:process.pid,...p};if(d.length){let E={},y=0;for(let I=0;I<d.length;I++){let O=d[I],w=O._logKey;w?(delete O._logKey,m[w]=O):(E[y]=O,y++)}Object.keys(E).length&&(m.data=E)}return[m,f]},"getLogParams");console.log=(...c)=>{let[l,d]=n(c);Ir?.info(l,d)},console.info=(...c)=>{let[l,d]=n(c);Ir?.info(l,d)},console.warn=(...c)=>{let[l,d]=n(c);Ir?.warn(l,d)},console.error=(...c)=>{let[l,d]=n(c);Ir?.error(l,d)},console.trace=(...c)=>{let[l,d]=n(c);l.err||(l.err=new Error),Ir?.trace(l,d)},console.debug=(...c)=>{let[l,d]=n(c);Ir?.debug(l,d)};let i=s(()=>{let c;try{c=$()}catch{}return c},"getTenantId"),o=s(()=>{let c;try{c=be()}catch{}return c},"getAppId"),a=s(()=>{let c;try{c=Cf()}catch{}return c},"getAutomationId"),u=s(()=>{let c;try{c=Gt()}catch{}return c},"getIdentity")}var Uu=Ir;var lP=["AccountError"];function dP(t){return t&&t.suppressAlert}s(dP,"isSuppressed");function fn(t,e){e&&lP.includes(e.name)&&dP(e)||console.error(`bb-alert: ${t}`,e)}s(fn,"logAlert");function fP(t,e,r,n){t=`${t} - db: ${e} - doc: ${r} - error: `,fn(t,n)}s(fP,"logAlertWithInfo");function li(t,e){console.warn(`bb-warn: ${t}`,e)}s(li,"logWarn");var Lu=class extends Error{static{s(this,"UnretriableError")}constructor(e){super(e),this.name="PermanentError"}},Op=class{static{s(this,"QueuedProcessor")}constructor(e,r={}){let{maxAttempts:n=3,removeOnFail:i=!0,removeOnComplete:o=!0,maxStalledCount:a=3}=r;this.waitForCompletionMs=r.waitForCompletionMs||1e4,this._queue=new Et(e,{maxStalledCount:a,jobOptions:{attempts:n,removeOnFail:i,removeOnComplete:o}}),this._queue.process(async(u,c)=>{try{let l=await this.processFn(u.data);c?.(null,l)}catch(l){l instanceof Lu&&await u.discard(),fn(`Failed to process job in ${this._queue.name}`,l),c?.(l)}})}async close(e){await this._queue.close(e)}async execute(e){try{let r=await this._queue.add(e);return{success:!0,result:await Ue.withTimeout(this.waitForCompletionMs,()=>r.finished())}}catch(r){if(r.errno!=="ETIME")throw r;return{success:!1,reason:"timeout"}}}};var pP=100,Mu,no=class t{static{s(this,"DocWritethroughProcessor")}static get queue(){return t._queue||(t._queue=new Et("docWritethroughQueue",{jobOptions:{attempts:pP}})),t._queue}init(){return t.queue.process(async e=>{try{await this.persistToDb(e.data)}catch(r){throw r.status===409?new Error(`Conflict persisting message ${e.id}. Attempt ${e.attemptsMade}`):r}}),this}async persistToDb({dbName:e,docId:r,data:n}){if(r.startsWith("scimlog"))return;let i=Re(e),o;try{o=await i.get(r)}catch{o={_id:r}}o={...o,...n},await i.put(o)}},wp=class{static{s(this,"DocWritethrough")}constructor(e,r){this.db=e,this._docId=r}get docId(){return this._docId}async patch(e){await no.queue.add({dbName:this.db.name,docId:this.docId,data:e})}};function eA(){return Mu=new no().init(),Mu}s(eA,"init");function mP(){return Mu||eA()}s(mP,"getProcessor");var so={};P(so,{CacheKey:()=>ye,TTL:()=>hn,bustCache:()=>di,destroy:()=>io,get:()=>gn,keys:()=>ku,store:()=>zt,withCache:()=>wr,withCacheWithDynamicTTL:()=>tA});function Ct(t){let e=$();return`${t}:${e}`}s(Ct,"generateTenantKey");var pn=class{static{s(this,"BaseCache")}constructor(e=void 0){this.client=e}async getClient(){return this.client?this.client:await Mf()}async keys(e){return(await this.getClient()).keys(e)}async exists(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).exists(e)}async scan(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).scan(e)}async get(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).get(e)}async bulkGet(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Ct(i)):e,(await this.getClient()).bulkGet(e)}async store(e,r,n=null,i={useTenancy:!0}){e=i.useTenancy?Ct(e):e,await(await this.getClient()).store(e,r,n)}async bulkStore(e,r=null,n={useTenancy:!0}){n.useTenancy&&(e=Object.entries(e).reduce((o,[a,u])=>(o[Ct(a)]=u,o),{})),await(await this.getClient()).bulkStore(e,r)}async delete(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).delete(e)}async bulkDelete(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Ct(i)):e,(await this.getClient()).bulkDelete(e)}async withCache(e,r=null,n,i={useTenancy:!0}){let o=await this.get(e,i);if(o)return o;try{let a=await n();return await this.store(e,a,r,i),a}catch(a){throw console.error("Error fetching before cache - ",a),a}}async withCacheWithDynamicTTL(e,r,n={useTenancy:!0}){let i=await this.get(e,n);if(i)return i;try{let o=await r(),{value:a,ttl:u}=o;return await this.store(e,a,u,{useTenancy:n.useTenancy}),a}catch(o){throw console.error("Error fetching before cache - ",o),o}}async bustCache(e){let r=await this.getClient();try{await r.delete(Ct(e))}catch(n){throw console.error("Error busting cache - ",n),n}}async deleteIfValue(e,r,n={useTenancy:!0}){e=n.useTenancy?Ct(e):e,await(await this.getClient()).deleteIfValue(e,r)}};var mn=new pn,ye={CHECKLIST:"checklist",INSTALLATION:"installation",ANALYTICS_ENABLED:"analyticsEnabled",UNIQUE_TENANT_ID:"uniqueTenantId",EVENTS:"events",BACKFILL_METADATA:"backfillMetadata",EVENTS_RATE_LIMIT:"eventsRateLimit",OAUTH2_TOKEN:t=>`oauth2Token_${t}`},hn=(n=>(n[n.ONE_MINUTE=600]="ONE_MINUTE",n[n.ONE_HOUR=3600]="ONE_HOUR",n[n.ONE_DAY=86400]="ONE_DAY",n))(hn||{}),ku=s((...t)=>mn.keys(...t),"keys"),gn=s((...t)=>mn.get(...t),"get"),zt=s((...t)=>mn.store(...t),"store"),io=s((...t)=>mn.delete(...t),"destroy"),wr=s((...t)=>mn.withCache(...t),"withCache"),tA=s((...t)=>mn.withCacheWithDynamicTTL(...t),"withCacheWithDynamicTTL"),di=s((...t)=>mn.bustCache(...t),"bustCache");var bp={};P(bp,{createCode:()=>_P,deleteCode:()=>IP,getCode:()=>OP,getExistingInvites:()=>Cp,getInviteCodes:()=>uA,updateCode:()=>AP});var yn={};P(yn,{AUTO_EXTEND_POLLING_MS:()=>iA,doWithLock:()=>oo,newRedlock:()=>En});var nA=B(require("redlock"));async function hP(t,e){if(t==="custom")return En(e);switch(t){case"try_once":return En(fi.TRY_ONCE);case"try_twice":return En(fi.TRY_TWICE);case"default":return En(fi.DEFAULT);case"delay_500":return En(fi.DELAY_500);case"auto_extend":return En(fi.AUTO_EXTEND);default:throw _t.unreachable(t)}}s(hP,"getClient");var fi={TRY_ONCE:{retryCount:0},TRY_TWICE:{retryCount:1},DEFAULT:{driftFactor:.01,retryCount:10,retryDelay:200,retryJitter:100},DELAY_500:{retryDelay:500},CUSTOM:{},AUTO_EXTEND:{retryCount:-1}};async function En(t={}){let e={...fi.DEFAULT,...t},n=(await Ff()).client;return new nA.default([n],e)}s(En,"newRedlock");function gP(t){let r=`lock:${t.systemLock?"system":$()}_${t.name}`;return t.resource&&(r=r+`_${t.resource}`),r}s(gP,"getLockName");var iA=pe.fromSeconds(10).toMs();async function oo(t,e){let r=await hP(t.type,t.customOptions),n,i;try{let o=gP(t),a=t.type==="auto_extend"?iA:t.ttl;if(n=await r.lock(o,a),t.type==="auto_extend"){let c=s(()=>{i=setTimeout(async()=>{n=await n.extend(a,()=>t.onExtend&&t.onExtend()),c()},a/2)},"extendInIntervals");c()}return{executed:!0,result:await e()}}catch(o){if(o.name==="LockError"){if(t.type==="try_once")return{executed:!1};throw o}else throw o}finally{clearTimeout(i),await n?.unlock()}}s(oo,"doWithLock");var sA=pe.fromDays(7).toSeconds(),yP=pe.fromSeconds(10).toMs(),Fu="Invitation is not valid or has expired, please request a new one.";function oA(t,e){if(!t)return null;let r=t.tenantId||e;return r?{tenantId:r,invites:t.invites||{}}:null}s(oA,"normaliseInviteList");function TP(t){let e=!1,r=Date.now();for(let[n,i]of Object.entries(t.invites))(!i?.expiresAt||i.expiresAt<=r)&&(delete t.invites[n],e=!0);return{list:t,changed:e}}s(TP,"pruneExpiredInvites");async function Rp(t){let r=await(await Ls()).get(t);return oA(r,t)}s(Rp,"loadInviteList");async function ao(t,e){await(await Ls()).store(t,e)}s(ao,"saveInviteList");async function uo(t,e){let{result:r}=await oo({type:"default",name:"process_user_invite",systemLock:!0,resource:t,ttl:yP},e);return r}s(uo,"withInviteListLock");function SP(t,e){return{code:t,email:e.email,info:e.info}}s(SP,"toInviteWithCode");async function aA(t,e){let r=await Ls(),n=oA(await r.get(e),e);if(!n)throw new Error(Fu);if(!Object.keys(n.invites).includes(t))throw new Error(Fu);return{list:n,invite:n.invites[t]}}s(aA,"findInviteInList");async function AP(t,e){let r={...e.info},n=r.tenantId||$();r.tenantId=n,await uo(n,async()=>{let i=await Rp(n)||{tenantId:n,invites:{}};i.invites[t]={email:e.email,info:r,expiresAt:Date.now()+sA*1e3},await ao(n,i)})}s(AP,"updateCode");async function _P(t,e){let r=ee(),n={...e||{}},i=n.tenantId||$();return n.tenantId=i,await uo(i,async()=>{let o=await Rp(i)||{tenantId:i,invites:{}};o.invites[r]={email:t,info:n,expiresAt:Date.now()+sA*1e3},await ao(i,o)}),r}s(_P,"createCode");async function OP(t,e){let r=e||$();return await uo(r,async()=>{let n=await aA(t,r),{list:i,invite:o}=n;if(o.expiresAt<=Date.now())throw delete i.invites[t],await ao(i.tenantId,i),new Error(Fu);return{email:o.email,info:o.info}})}s(OP,"getCode");async function IP(t,e){let r=e||$();try{await uo(r,async()=>{let n=await aA(t,r);delete n.list.invites[t],await ao(n.list.tenantId,n.list)})}catch(n){if(n instanceof Error&&n.message===Fu)return;throw n}}s(IP,"deleteCode");async function uA(){let t=$(),e=await uo(t,async()=>{let n=await Rp(t)||{tenantId:t,invites:{}},i=TP(n);return n=i.list,i.changed&&await ao(t,n),n}),r=new Map;for(let[n,i]of Object.entries(e.invites))r.set(n,SP(n,i));return Array.from(r.values())}s(uA,"getInviteCodes");async function Cp(t){let e=new Set(t.map(r=>r.toLowerCase()));return(await uA()).filter(r=>e.has(r.email.toLowerCase()))}s(Cp,"getExistingInvites");var xp={};P(xp,{createCode:()=>DP,getCode:()=>RP,invalidateCode:()=>CP});var wP=pe.fromHours(1).toSeconds();async function DP(t,e){let r=ee();return await(await Ms()).store(r,{userId:t,info:e},wP),r}s(DP,"createCode");async function RP(t){let r=await(await Ms()).get(t);if(!r)throw new Error("Provided information is not valid, cannot reset password - please try again.");return r}s(RP,"getCode");async function CP(t){await(await Ms()).delete(t)}s(CP,"invalidateCode");var br={};P(br,{getUser:()=>xo,getUsers:()=>n0,invalidateUser:()=>vo});var co={};P(co,{getPlatformDB:()=>Dr,users:()=>yt});var yt={};P(yt,{addSsoUser:()=>lA,addUser:()=>UP,getUserDoc:()=>cA,lookupTenantId:()=>bP,removeUser:()=>LP,updateUserDoc:()=>xP});function Dr(){return Re(fe.PLATFORM_INFO.name)}s(Dr,"getPlatformDB");async function bP(t){return g.MULTI_TENANCY?(await cA(t)).tenantId:ae}s(bP,"lookupTenantId");async function cA(t){return Dr().get(t)}s(cA,"getUserDoc");async function xP(t){await Dr().put(t)}s(xP,"updateUserDoc");function vP(t,e){return{_id:t,tenantId:e}}s(vP,"newUserIdDoc");function PP(t,e,r){return{_id:e,userId:t,tenantId:r}}s(PP,"newUserEmailDoc");function NP(t,e,r,n){return{_id:t,userId:r,email:e,tenantId:n}}s(NP,"newUserSsoIdDoc");async function vp(t,e){let r=Dr(),n;try{await r.get(t)}catch(i){if(i.status===404)n=e(),await r.put(n);else throw i}}s(vp,"addUserDoc");async function lA(t,e,r,n){return vp(t,()=>NP(t,e,r,n))}s(lA,"addSsoUser");async function UP(t,e,r,n){let i=[vp(e,()=>vP(e,t)),vp(r,()=>PP(e,r,t))];n&&i.push(lA(n,r,e,t)),await Promise.all(i)}s(UP,"addUser");async function LP(t){let e=Dr(),r=[t._id,t.email],n=await e.allDocs({keys:r,include_docs:!0});await e.bulkRemove(n.rows.map(i=>i.doc),{silenceErrors:!0})}s(LP,"removeUser");var Tn={};P(Tn,{getAccount:()=>Rr,getAccountByTenantId:()=>pi,getStatus:()=>MP});var dA=B(require("node-fetch"));var lo=class{static{s(this,"API")}constructor(e){this.host=e}async apiCall(e,r,n){n.headers||(n.headers={}),n.headers["Content-Type"]||(n.headers={"Content-Type":"application/json",Accept:"application/json",...n.headers});let i=n.headers["Content-Type"]==="application/json";zs.setHeader(n.headers);let o={method:e,body:i?JSON.stringify(n.body):n.body,headers:n.headers,credentials:"include"};return await(0,dA.default)(`${this.host}${r}`,o)}async post(e,r){return this.apiCall("POST",e,r)}async get(e,r){return this.apiCall("GET",e,r)}async patch(e,r){return this.apiCall("PATCH",e,r)}async del(e,r){return this.apiCall("DELETE",e,r)}async put(e,r){return this.apiCall("PUT",e,r)}};var Pp=new lo(g.INTERNAL_ACCOUNT_PORTAL_URL),Np=g.SELF_HOSTED||g.DISABLE_ACCOUNT_PORTAL,Rr=s(async t=>{if(Np)return;let e={email:t},r=await Pp.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by email ${t}`);return(await r.json())[0]},"getAccount"),pi=s(async t=>{if(Np)return;let e={tenantId:t},r=await Pp.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by tenantId ${t}`);return(await r.json())[0]},"getAccountByTenantId"),MP=s(async()=>{if(Np)return;let t=await Pp.get("/api/status",{headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}}),e=await t.json();if(t.status!==200)throw new Error("Error getting status");return e},"getStatus");var yi={};P(yi,{UserDB:()=>xt,addAppBuilder:()=>ZL,bulkGetGlobalUsersById:()=>uc,bulkUpdateGlobalUsers:()=>Ro,cleanseUserObject:()=>tm,creatorsInList:()=>_n,doesUserExist:()=>HL,getAccountHolderFromUsers:()=>ac,getAllUserIds:()=>QL,getAllUsers:()=>jL,getById:()=>On,getCreatorCount:()=>JL,getExistingAccounts:()=>Ei,getExistingPlatformUsers:()=>ZA,getExistingTenantUsers:()=>XA,getFirstPlatformUser:()=>wo,getGlobalUserByAppPage:()=>o_,getGlobalUserByEmail:()=>At,getPlatformUsers:()=>nc,getUserCount:()=>zL,hasAdminPermissions:()=>Cr,hasAppBuilderPermissions:()=>r_,hasBuilderPermissions:()=>ke,isAdmin:()=>bt,isAdminOrBuilder:()=>t_,isAdminOrWorkspaceBuilder:()=>ic,isBuilder:()=>Ai,isCreatorAsync:()=>Do,isCreatorSync:()=>sc,isGlobalBuilder:()=>e_,paginatedUsers:()=>u_,removeAppBuilder:()=>e0,removePortalUserPermissions:()=>XL,searchExistingEmails:()=>zp,searchGlobalUsersByApp:()=>s_,searchGlobalUsersByAppAccess:()=>em,searchGlobalUsersByEmail:()=>a_,validateUniqueUser:()=>oc});var ju={};P(ju,{ActiveContentFileError:()=>$u,BadRequestError:()=>po,BudibaseError:()=>fo,EmailUnavailableError:()=>Jt,FeatureDisabledError:()=>qu,ForbiddenError:()=>Gu,HTTPError:()=>Me,NotFoundError:()=>Wu,NotImplementedError:()=>Vu,UnexpectedError:()=>Bu,UsageLimitError:()=>Ku,getErrorMessage:()=>fA,getPublicError:()=>Qu});var fo=class extends Error{constructor(r,n){super(r);this.code=n}static{s(this,"BudibaseError")}};function fA(t){if(t==null)return"No error provided.";if(t instanceof Error)return t.message;if(typeof t=="string")return t;if(typeof t=="object"&&"message"in t)return String(t.message);try{let r=JSON.stringify(t);if(r!=="{}")return r}catch{}let e=String(t);return e!=="[object Object]"?e:"An unknown error occurred"}s(fA,"getErrorMessage");var Qu=s(t=>{let e;return t.code&&(e={code:t.code},t.getPublicError&&(e={...e,...t.getPublicError()})),e},"getPublicError"),Me=class t extends fo{constructor(r,n,i="http"){super(r,i);this.status=n}static{s(this,"HTTPError")}static async fromResponse(r){let n=await r.text(),i=n,o=r.status,a="http";try{let u=JSON.parse(n);i=u.error?.message||u.message,o=u.status??r.status,a=u.error?.code??r.statusText}catch{}return new t(i,o,a)}},Bu=class extends Me{static{s(this,"UnexpectedError")}constructor(e){super(e,500)}},Wu=class extends Me{static{s(this,"NotFoundError")}constructor(e){super(e,404)}},po=class extends Me{static{s(this,"BadRequestError")}constructor(e){super(e,400)}},$u=class extends po{static{s(this,"ActiveContentFileError")}constructor(e){super(`File "${e}" contains active content which is not permitted`)}},Gu=class extends Me{static{s(this,"ForbiddenError")}constructor(e){super(e,403)}},Vu=class extends Me{static{s(this,"NotImplementedError")}constructor(e){super(e,501)}},qu=class extends Error{static{s(this,"FeatureDisabledError")}constructor(e){super(`Feature disabled: '${e}'`)}},Ku=class extends Error{static{s(this,"UsageLimitError")}constructor(e){super(`Usage limit exceeded: '${e}'`)}},Jt=class extends Error{static{s(this,"EmailUnavailableError")}constructor(e){super(`Email already in use: '${e}'`)}};var kp={};P(kp,{PASSWORD_MAX_LENGTH:()=>Lp,PASSWORD_MIN_LENGTH:()=>Up,validatePassword:()=>Mp});var Up=+(g.PASSWORD_MIN_LENGTH||12),Lp=+(g.PASSWORD_MAX_LENGTH||512);function Mp(t){return!t||t.length<Up?{valid:!1,error:`Password invalid. Minimum ${Up} characters.`}:t.length>Lp?{valid:!1,error:`Password invalid. Maximum ${Lp} characters.`}:{valid:!0}}s(Mp,"validatePassword");var Hu={};P(Hu,{createASession:()=>kP,endSession:()=>FP,getSession:()=>Bp,getSessionsForUser:()=>mo,invalidateSessions:()=>Sn,updateSessionTTL:()=>Fp});var mA=require("uuid");var hA=g.SESSION_EXPIRY_SECONDS?parseInt(g.SESSION_EXPIRY_SECONDS):pe.fromDays(7).toSeconds();function mi(t,e){return`${t}/${e}`}s(mi,"makeSessionID");async function mo(t){return t?(await(await yr()).scan(t)).map(n=>n.value):(console.trace("Cannot get sessions for undefined userId"),[])}s(mo,"getSessionsForUser");async function Sn(t,e={}){try{let r=e?.reason||"unknown",n=e.sessionIds||[],i;if(n.length===0?i=(await mo(t)).map(a=>({key:mi(a.userId,a.sessionId)})):(n=Array.isArray(n)?n:[n],i=n.map(o=>({key:mi(t,o)}))),i&&i.length>0){let o=await yr(),a=[];for(let u of i)a.push(o.delete(u.key));g.isTest()||li(`Invalidating sessions for ${t} (reason: ${r}) - ${i.map(u=>u.key).join(", ")}`),await Promise.all(a)}}catch(r){console.error(`Error invalidating sessions: ${r}`)}}s(Sn,"invalidateSessions");async function kP(t,e){let r=await mo(t),n=0;if(r.length>=3){let l=r.sort((h,p)=>new Date(h.createdAt).getTime()-new Date(p.createdAt).getTime()),d=r.length-3+1,f=l.slice(0,d).map(h=>h.sessionId);n=f.length,await Sn(t,{sessionIds:f,reason:"session limit exceeded"})}let i=await yr(),o=e.sessionId,a=e.csrfToken?e.csrfToken:(0,mA.v4)(),u=mi(t,o),c={...e,csrfToken:a,createdAt:new Date().toISOString(),lastAccessedAt:new Date().toISOString(),userId:t};return await i.store(u,c,hA),{session:c,invalidatedSessionCount:n}}s(kP,"createASession");async function Fp(t){let e=await yr(),r=mi(t.userId,t.sessionId);t.lastAccessedAt=new Date().toISOString(),await e.store(r,t,hA)}s(Fp,"updateSessionTTL");async function FP(t,e){await(await yr()).delete(mi(t,e))}s(FP,"endSession");async function Bp(t,e){if(!t||!e)throw new Error(`Invalid session details - ${t} - ${e}`);let n=await(await yr()).get(mi(t,e));if(!n)throw new Error(`Session not found - ${t} - ${e}`);return n}s(Bp,"getSession");var gi={};P(gi,{account:()=>RA,action:()=>CA,ai:()=>bA,analytics:()=>zu,app:()=>xA,asyncEventQueue:()=>Tt,auditLog:()=>vA,auth:()=>rc,automation:()=>PA,backfill:()=>NA,backfillCache:()=>Zu,backup:()=>UA,datasource:()=>LA,email:()=>MA,environmentVariable:()=>kA,group:()=>FA,identification:()=>St,initAsyncEvents:()=>NL,installation:()=>To,layout:()=>BA,license:()=>WA,org:()=>$A,plugin:()=>GA,processors:()=>Kp,publishEvent:()=>A,query:()=>VA,resource:()=>qA,role:()=>Io,rowAction:()=>KA,rows:()=>QA,screen:()=>jA,serve:()=>HA,shutdown:()=>UL,table:()=>YA,user:()=>Fe,view:()=>zA,workspace:()=>JA});var zu={};P(zu,{enabled:()=>Yu});var Yu=s(async()=>Ju(),"enabled");var Tt;function Xu(){Tt=new Et("systemEventQueue",{jobTags:t=>({"event.name":t.event})})}s(Xu,"init");async function gA(){Tt&&await Tt.close()}s(gA,"shutdown");async function EA(t){Tt||Xu();let{event:e,identity:r}=t;nh.indexOf(e)!==-1&&r.tenantId&&await Tt.add(t)}s(EA,"publishAsyncEvent");var Zu={};P(Zu,{end:()=>WP,isAlreadySent:()=>Gp,isBackfillingEvent:()=>$p,recordEvent:()=>Wp,start:()=>BP});var BP=s(async t=>GP({eventWhitelist:t}),"start"),Wp=s(async(t,e)=>{let r=Vp(t,e);await zt(r,e,void 0,{useTenancy:!1})},"recordEvent"),WP=s(async()=>{await VP(),await qP()},"end"),$P=s(async()=>gn(ye.BACKFILL_METADATA),"getBackfillMetadata"),GP=s(async t=>zt(ye.BACKFILL_METADATA,t),"saveBackfillMetadata"),VP=s(async()=>{await io(ye.BACKFILL_METADATA)},"deleteBackfillMetadata"),qP=s(async()=>{let t=Vp(),e=await ku(t);for(let r of e)await io(r,{useTenancy:!1})},"clearEvents"),$p=s(async t=>{let r=(await $P())?.eventWhitelist;return!!(r&&r.includes(t))},"isBackfillingEvent"),Gp=s(async(t,e)=>{let r=Vp(t,e);return!!await gn(r,{useTenancy:!1})},"isAlreadySent"),KP={"automation:created":t=>t.automationId,"automation:step:created":t=>t.stepId,"datasource:created":t=>t.datasourceId,"layout:created":t=>t.layoutId,"query:created":t=>t.queryId,"role:created":t=>t.roleId,"screen:created":t=>t.screenId,"table:created":t=>t.tableId,"view:created":t=>t.tableId,"view:calculation:created":t=>t.tableId,"view:filter:created":t=>t.tableId,"app:created":t=>t.appId,"app:published":t=>t.appId,"auth:sso:created":t=>t.type,"auth:sso:activated":t=>t.type,"user:created":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:builder:assigned":t=>t.userId,"role:assigned":t=>`${t.roleId}-${t.userId}`},Vp=s((t,e)=>{let r,n=$();if(t){r=`${ye.EVENTS}:${n}:${t}`;let i=KP[t],o=i?i(e):void 0;o&&(r=`${r}:${o}`)}else r=`${ye.EVENTS}:${n}:*`;return r},"getEventKey");var Kp={};P(Kp,{analyticsProcessor:()=>IA,init:()=>tN,processors:()=>Zt});var _A=require("posthog-node");var QP=s(t=>t==="served:builder"||t==="served:app:preview"||t==="served:app","isRateLimited"),jP=s(t=>t==="served:app:preview"||t==="served:app","isPerApp");var TA={"served:app":"calendarDay","served:app:preview":"calendarDay","served:builder":"calendarDay"},SA=s(async t=>{if(!QP(t))return!1;let e=await HP(t);if(e){let r=new Date(e.timestamp);switch(TA[t]){case"calendarDay":return r.setDate(r.getDate()+1),r.setHours(0,0,0,0),Date.now()>r.getTime()?(await yA(t,{timestamp:Date.now()}),!1):!0}}else return await yA(t,{timestamp:Date.now()}),!1},"limited"),AA=s(t=>{let e=`${ye.EVENTS_RATE_LIMIT}:${t}`;return jP(t)&&(e=e+":"+be()),e},"eventKey"),HP=s(async t=>{let e=AA(t);return await gn(e)},"readEvent"),yA=s(async(t,e)=>{let r=AA(t),n=TA[t],i;switch(n){case"calendarDay":i=86400}await zt(r,e,i)},"recordEvent");var zP=["user:updated","email:smtp:updated","auth:sso:updated","app:updated","role:updated","datasource:updated","query:updated","view:updated","view:calculation:updated","automation:trigger:updated","user_group:updated"],ho=class{static{s(this,"PosthogProcessor")}constructor(e){if(!e)throw new Error("Posthog token is not defined");this.posthog=new _A.PostHog(e)}async processEvent(e,r,n,i){if(zP.includes(e)||await SA(e))return;n=this.clearPIIProperties(n),n.version=g.VERSION,n.service=g.SERVICE,n.environment=r.environment,n.hosting=r.hosting;let o=be();o&&(n.appId=o);let a={distinctId:r.id,event:e,properties:n};i&&(a.timestamp=new Date(i)),(r.installationId||r.tenantId)&&(a.groups={},r.installationId&&(a.groups.installation=r.installationId,a.properties.installationId=r.installationId),r.tenantId&&(a.groups.tenant=r.tenantId,a.properties.tenantId=r.tenantId)),this.posthog.capture(a)}clearPIIProperties(e){return e.email&&delete e.email,e.audited&&delete e.audited,e}async identify(e,r){let n={distinctId:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.identify(n)}async identifyGroup(e,r){let n={distinctId:e.id,groupType:e.type,groupKey:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.groupIdentify(n)}async shutdown(){await this.posthog.shutdown()}};var OA=ho;var JP=["installation:version:upgraded","installation:version:downgraded"],XP=["installation","tenant"],go=class{static{s(this,"AnalyticsProcessor")}constructor(){g.POSTHOG_TOKEN&&!g.isTest()&&(this.posthog=new OA(g.POSTHOG_TOKEN))}async processEvent(e,r,n,i){!JP.includes(e)&&!await Yu()||this.posthog&&await this.posthog.processEvent(e,r,n,i)}async identify(e,r){!XP.includes(e.type)&&!await Yu()||this.posthog&&await this.posthog.identify(e,r)}async identifyGroup(e,r){this.posthog&&await this.posthog.identifyGroup(e,r)}async shutdown(){this.posthog&&await this.posthog.shutdown()}};var qp=g.SELF_HOSTED&&!g.isDev(),Eo=class{static{s(this,"LoggingProcessor")}async processEvent(e,r,n){qp||console.log(`[audit] [identityType=${r.type}] ${e}`,n)}async identify(e){qp||console.log("[audit] identified",e)}async identifyGroup(e){qp||console.log("[audit] group identified",e)}async shutdown(){}};var hi=class t{static{s(this,"AuditLogsProcessor")}static{this.auditLogsEnabled=!1}static init(e){t.auditLogsEnabled=!0;let r=e;return t.auditLogQueue=new Et("auditLogQueue",{jobTags:n=>({"event.name":n.event})}),t.auditLogQueue.process(async n=>{await Ce(n.data.tenantId,async()=>{let i=n.data.properties;i.audited&&(i={...i,...i.audited},delete i.audited);let o={};g.ENABLE_AUDIT_LOG_IP_ADDR&&(o=n.data.opts.hostInfo),await r(n.data.event,i,{userId:n.data.opts.userId,timestamp:n.data.opts.timestamp,appId:n.data.opts.appId,hostInfo:o})})})}async processEvent(e,r,n,i){if(t.auditLogsEnabled&&Xf(e)){let o=r.type==="user"?r.id:void 0;await t.auditLogQueue.add({event:e,properties:n,opts:{userId:o,timestamp:i,appId:be(),hostInfo:r.hostInfo},tenantId:$()})}}async identify(){}async identifyGroup(){}async shutdown(){await t.auditLogQueue?.close()}};var yo=class{constructor(e){this.initialised=!1;this.processors=[];this.processors=e}static{s(this,"Processor")}async processEvent(e,r,n,i){for(let o of this.processors)await o.processEvent(e,r,n,i)}async identify(e,r){for(let n of this.processors)n.identify&&await n.identify(e,r)}async identifyGroup(e,r){for(let n of this.processors)n.identifyGroup&&await n.identifyGroup(e,r)}async shutdown(){for(let e of this.processors)e.shutdown&&await e.shutdown()}};var IA=new go,ZP=new Eo,eN=new hi;function tN(t){return hi.init(t)}s(tN,"init");var Zt=new yo([IA,ZP,eN]);var ec={};P(ec,{checkInstallVersion:()=>iN,getInstall:()=>So,getInstallFromDB:()=>jp});var Qp=B(require("semver"));var So=s(async()=>wr(ye.INSTALLATION,86400,jp,{useTenancy:!1}),"getInstall");async function rN(t){let e={_id:fe.PLATFORM_INFO.docs.install,installId:ee(),version:g.VERSION};try{let r=await t.put(e);return e._rev=r.rev,e}catch(r){if(r.status===409)return jp();throw r}}s(rN,"createInstallDoc");var jp=s(async()=>je(fe.PLATFORM_INFO.name,async t=>{let e;try{e=await t.get(fe.PLATFORM_INFO.docs.install)}catch(r){if(r.status===404)e=await rN(t);else throw r}return e}),"getInstallFromDB"),nN=s(async t=>{try{await je(fe.PLATFORM_INFO.name,async e=>{let r=await So();r.version=t,await e.put(r),await di(ye.INSTALLATION)})}catch(e){if(e.status===409)return!1;throw e}return!0},"updateVersion"),iN=s(async()=>{let t=await So(),e=t.version,r=g.VERSION;try{if(e!==r){let n=Qp.default.gt(r,e),i=Qp.default.lt(r,e);await nN(r)&&(await Cs({_id:t.installId,type:"installation"},async()=>{n?await To.upgraded(e,r):i&&await To.downgraded(e,r)}),await St.identifyInstallationGroup(t.installId))}}catch(n){n?.message?.includes("Invalid Version")?fn(`Invalid version "${r}" - is it semver?`):fn("Failed to retrieve version",n)}},"checkInstallVersion");var sN=s(async()=>{let t=lf(),e=Oo(),r;if(t?r=t.type:r="tenant",r==="installation"){let n=await An(),i=Ao();return{id:wA(n,r),hosting:i,type:r,installationId:n,environment:e}}else if(r==="tenant"){let n=await An(),i=await tc($()),o=Ao();return{id:wA(i,r),type:r,hosting:o,installationId:n,tenantId:i,realTenantId:$(),environment:e}}else if(r==="user"){let n=t,i=await tc($()),o=await An(),a=n.account,u;return a?u=a.hosting:u=Ao(),{id:n._id,type:r,hosting:u,installationId:o,tenantId:i,environment:e,realTenantId:$(),hostInfo:n.hostInfo}}else throw new Error("Unknown identity type")},"getCurrentIdentity"),oN=s(async(t,e)=>{let r=t,n="installation",i=Ao(),o=g.VERSION,a=Oo(),u={id:r,type:n,hosting:i,version:o,environment:a};await Hp(u,e),await _o({...u,id:`$${n}_${r}`},e)},"identifyInstallationGroup"),aN=s(async(t,e,r,n=g.VERSION)=>{let i=await tc(t),o="tenant",a=await An(),u=Oo(),c={id:i,type:o,hosting:e,environment:u,installationId:a,createdAt:r,createdVersion:n};await Hp(c,r),await _o({...c,id:`$${o}_${i}`},r)},"identifyTenantGroup"),uN=s(async(t,e,r)=>{let n=t._id,i=await tc(t.tenantId),o="user",a=ke(t),u=Cr(t),c;Ho(t)&&(c=t.providerType);let d=(await Ei([t.email])).length>0,f=!!e&&d&&e.verified,h=await An(),p=e?e.hosting:Ao(),S=Oo();await _o({id:n,type:o,hosting:p,installationId:h,tenantId:i,verified:f,accountHolder:d,providerType:c,builder:a,admin:u,environment:S},r)},"identifyUser"),cN=s(async t=>{let e=t.accountId,r=t.tenantId,n="user",i=jo(t)?t.providerType:void 0,o=t.verified,a=!0,u=t.hosting,c=await An(),l=Oo();if(Qo(t)){let f=await At(t.email);f?._id&&(e=f._id)}await _o({id:e,type:n,hosting:u,installationId:c,tenantId:r,providerType:i,verified:o,accountHolder:a,environment:l})},"identifyAccount"),_o=s(async(t,e)=>{await Zt.identify(t,e)},"identify"),Hp=s(async(t,e)=>{await Zt.identifyGroup(t,e)},"identifyGroup"),Oo=s(()=>g.isDev()?"development":g.DEPLOYMENT_ENVIRONMENT,"getDeploymentEnvironment"),Ao=s(()=>g.SELF_HOSTED?"self":"cloud","getHostingFromEnv"),An=s(async()=>lN()?"account-portal":(await So()).installId,"getInstallationId"),tc=s(async t=>g.SELF_HOSTED?DA(t):t,"getEventTenantId"),DA=s(async t=>Ce(t,()=>wr(ye.UNIQUE_TENANT_ID,86400,async()=>{let e=Y(),r=await Ti(),n;return r.config.uniqueTenantId?r.config.uniqueTenantId:(n=`${ee()}_${t}`,r.config.uniqueTenantId=n,r.config.createdVersion=g.VERSION,await e.put(r),n)})),"getUniqueTenantId"),lN=s(()=>g.SERVICE==="account-portal","isAccountPortal"),wA=s((t,e)=>e==="installation"||e==="tenant"?`$${e}_${t}`:t,"formatDistinctId"),St={getCurrentIdentity:sN,identifyInstallationGroup:oN,identifyTenantGroup:aN,identifyUser:uN,identifyAccount:cN,identify:_o,identifyGroup:Hp,getInstallationId:An,getUniqueTenantId:DA};var A=s(async(t,e,r,n)=>{let i=n||await St.getCurrentIdentity();if(!(n?!1:await $p(t))){await EA({event:t,identity:i,properties:e,timestamp:r}),await Zt.processEvent(t,i,e,r);return}await Gp(t,e)||(await Zt.processEvent(t,i,e,r),await Wp(t,e))},"publishEvent");async function dN(t,e){let r={tenantId:t.tenantId};await A("account:created",r,void 0,e)}s(dN,"created");async function fN(t){let e={tenantId:t.tenantId};await A("account:deleted",e)}s(fN,"deleted");async function pN(t){let e={tenantId:t.tenantId};await A("account:verified",e)}s(pN,"verified");var RA={created:dN,deleted:fN,verified:pN};async function mN(t,e){console.info("action:automation_step:executed",`disabled. Action step ${t.stepId} not published at ${e}`)}s(mN,"automationStepExecuted");async function hN(t,e){console.info("action:automation_step:executed",`disabled. Action type ${t.type} not published at ${e}`)}s(hN,"crudExecuted");async function gN(t,e){console.info("action:automation_step:executed",`disabled. Execution for ai agent ${t.agentId} not published at ${e}`)}s(gN,"aiAgentExecuted");var CA={aiAgentExecuted:gN,automationStepExecuted:mN,crudExecuted:hN};async function EN(t){let e={};await A("ai:config:created",e,t)}s(EN,"AIConfigCreated");async function yN(){let t={};await A("ai:config:updated",t)}s(yN,"AIConfigUpdated");var bA={AIConfigCreated:EN,AIConfigUpdated:yN};var TN=s(async(t,e)=>{let r={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:created",r,e)},"created");async function SN(t){let e={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:updated",e)}s(SN,"updated");async function AN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:deleted",e)}s(AN,"deleted");async function _N(t,e){let r={appId:t.appId,audited:{name:t.name}};await A("app:published",r,e)}s(_N,"published");async function ON(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:unpublished",e)}s(ON,"unpublished");async function IN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:file:imported",e)}s(IN,"fileImported");async function wN(t,e){let r={duplicateAppId:e,appId:t.appId,audited:{name:t.name}};await A("app:duplicated",r)}s(wN,"duplicated");async function DN(t,e){let r={appId:t.appId,templateKey:e,audited:{name:t.name}};await A("app:template:imported",r)}s(DN,"templateImported");async function RN(t,e,r){let n={appId:t.appId,currentVersion:e,updatedToVersion:r,audited:{name:t.name}};await A("app:version:updated",n)}s(RN,"versionUpdated");async function CN(t,e,r){let n={appId:t.appId,currentVersion:e,revertedToVersion:r,audited:{name:t.name}};await A("app:version:reverted",n)}s(CN,"versionReverted");async function bN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:reverted",e)}s(bN,"reverted");async function xN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:exported",e)}s(xN,"exported");var xA={created:TN,updated:SN,deleted:AN,published:_N,unpublished:ON,fileImported:IN,duplicated:wN,templateImported:DN,versionUpdated:RN,versionReverted:CN,reverted:bN,exported:xN};async function vN(t){let e={filters:t};await A("audit_log:filtered",e)}s(vN,"filtered");async function PN(t){let e={filters:t};await A("audit_log:downloaded",e)}s(PN,"downloaded");var vA={filtered:vN,downloaded:PN};async function NN(t,e){let n={userId:(await St.getCurrentIdentity()).id,source:t,audited:{email:e}};await A("auth:login",n)}s(NN,"login");async function UN(t){let r={userId:(await St.getCurrentIdentity()).id,audited:{email:t}};await A("auth:logout",r)}s(UN,"logout");async function LN(t,e){let r={type:t};await A("auth:sso:created",r,e)}s(LN,"SSOCreated");async function MN(t){let e={type:t};await A("auth:sso:updated",e)}s(MN,"SSOUpdated");async function kN(t,e){let r={type:t};await A("auth:sso:activated",r,e)}s(kN,"SSOActivated");async function FN(t){let e={type:t};await A("auth:sso:deactivated",e)}s(FN,"SSODeactivated");var rc={login:NN,logout:UN,SSOCreated:LN,SSOUpdated:MN,SSOActivated:kN,SSODeactivated:FN};async function BN(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:created",r,e)}s(BN,"created");async function WN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:trigger:updated",e)}s(WN,"triggerUpdated");async function $N(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:deleted",e)}s($N,"deleted");async function GN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:tested",e)}s(GN,"tested");var VN=s(async(t,e)=>{let r={count:t};await A("automations:run",r,e)},"run");async function qN(t,e,r){let n={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:created",n,r)}s(qN,"stepCreated");async function KN(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:deleted",r)}s(KN,"stepDeleted");var PA={created:BN,triggerUpdated:WN,deleted:$N,tested:GN,run:VN,stepCreated:qN,stepDeleted:KN};var Si=!g.SELF_HOSTED&&!g.isDev();async function QN(t){Si||await A("app:backfill:succeeded",t)}s(QN,"appSucceeded");async function jN(t){if(Si)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("app:backfill:failed",e)}s(jN,"appFailed");async function HN(t){Si||await A("tenant:backfill:succeeded",t)}s(HN,"tenantSucceeded");async function YN(t){if(Si)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("tenant:backfill:failed",e)}s(YN,"tenantFailed");async function zN(){if(Si)return;let t={};await A("installation:backfill:succeeded",t)}s(zN,"installationSucceeded");async function JN(t){if(Si)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("installation:backfill:failed",e)}s(JN,"installationFailed");var NA={appSucceeded:QN,appFailed:jN,tenantSucceeded:HN,tenantFailed:YN,installationSucceeded:zN,installationFailed:JN};async function XN(t){let e={appId:t.appId,restoreId:t._id,backupCreatedAt:t.timestamp,name:t.name};await A("app:backup:restored",e)}s(XN,"appBackupRestored");async function ZN(t,e,r,n,i){let o={appId:t,backupId:e,type:r,trigger:n,name:i};await A("app:backup:triggered",o)}s(ZN,"appBackupTriggered");var UA={appBackupRestored:XN,appBackupTriggered:ZN};function Yp(t){return!Object.values(Go).includes(t.source)}s(Yp,"isCustom");async function eU(t,e){let r={datasourceId:t._id,source:t.source,custom:Yp(t)};await A("datasource:created",r,e)}s(eU,"created");async function tU(t){let e={datasourceId:t._id,source:t.source,custom:Yp(t)};await A("datasource:updated",e)}s(tU,"updated");async function rU(t){let e={datasourceId:t._id,source:t.source,custom:Yp(t)};await A("datasource:deleted",e)}s(rU,"deleted");var LA={created:eU,updated:tU,deleted:rU};async function nU(t){let e={};await A("email:smtp:created",e,t)}s(nU,"SMTPCreated");async function iU(){let t={};await A("email:smtp:updated",t)}s(iU,"SMTPUpdated");var MA={SMTPCreated:nU,SMTPUpdated:iU};async function sU(t,e){let r={name:t,environments:e};await A("environment_variable:created",r)}s(sU,"created");async function oU(t){let e={name:t};await A("environment_variable:deleted",e)}s(oU,"deleted");async function aU(t){let e={userId:t};await A("environment_variable:upgrade_panel_opened",e)}s(aU,"upgradePanelOpened");var kA={created:sU,deleted:oU,upgradePanelOpened:aU};async function uU(t,e){let r={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:created",r,e)}s(uU,"created");async function cU(t){let e={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:updated",e)}s(cU,"updated");async function lU(t){let e={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:deleted",e)}s(lU,"deleted");async function dU(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:gt(),audited:{name:e.name}};await A("user_group:user_added",n)}s(dU,"usersAdded");async function fU(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:gt(),audited:{name:e.name}};await A("user_group:users_deleted",n)}s(fU,"usersDeleted");async function pU(t){let e={groupId:t,onboarding:!0};await A("user_group:onboarding_added",e)}s(pU,"createdOnboarding");async function mU(t){let e={permissions:t.roles,groupId:t._id,audited:{name:t.name}};await A("user_group:permissions_edited",e)}s(mU,"permissionsEdited");var FA={created:uU,updated:cU,deleted:lU,usersAdded:dU,usersDeleted:fU,createdOnboarding:pU,permissionsEdited:mU};async function hU(t){let e={currentVersion:t};await A("installation:version:checked",e)}s(hU,"versionChecked");async function gU(t,e){let r={from:t,to:e};await A("installation:version:upgraded",r)}s(gU,"upgraded");async function EU(t,e){let r={from:t,to:e};await A("installation:version:downgraded",r)}s(EU,"downgraded");async function yU(){let t={};await A("installation:firstStartup",t)}s(yU,"firstStartup");var To={versionChecked:hU,upgraded:gU,downgraded:EU,firstStartup:yU};async function TU(t,e){let r={layoutId:t._id};await A("layout:created",r,e)}s(TU,"created");async function SU(t){let e={layoutId:t};await A("layout:deleted",e)}s(SU,"deleted");var BA={created:TU,deleted:SU};async function AU(t,e){let r={accountId:t.accountId,...e};await A("license:plan:changed",r)}s(AU,"planChanged");async function _U(t){let e={accountId:t.accountId};await A("license:activated",e)}s(_U,"activated");async function OU(t){let e={accountId:t.accountId};await A("license:checkout:opened",e)}s(OU,"checkoutOpened");async function IU(t){let e={accountId:t.accountId};await A("license:checkout:success",e)}s(IU,"checkoutSuccess");async function wU(t){let e={accountId:t.accountId};await A("license:portal:opened",e)}s(wU,"portalOpened");async function DU(t){let e={accountId:t.accountId};await A("license:payment:failed",e)}s(DU,"paymentFailed");async function RU(t){let e={accountId:t.accountId};await A("license:payment:recovered",e)}s(RU,"paymentRecovered");var WA={planChanged:AU,activated:_U,checkoutOpened:OU,checkoutSuccess:IU,portalOpened:wU,paymentFailed:DU,paymentRecovered:RU};async function CU(t){let e={};await A("org:info:name:updated",e,t)}s(CU,"nameUpdated");async function bU(t){let e={};await A("org:info:logo:updated",e,t)}s(bU,"logoUpdated");async function xU(t){let e={};await A("org:platformurl:updated",e,t)}s(xU,"platformURLUpdated");async function vU(){let t={};await A("analytics:opt:out",t)}s(vU,"analyticsOptOut");async function PU(){let t={};await A("analytics:opt:out",t)}s(PU,"analyticsOptIn");var $A={nameUpdated:CU,logoUpdated:bU,platformURLUpdated:xU,analyticsOptOut:vU,analyticsOptIn:PU};async function NU(t){let e={type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:init",e)}s(NU,"init");async function UU(t){let e={pluginId:t._id,type:t.schema.type,source:t.source,name:t.name,description:t.description,version:t.version};await A("plugin:imported",e)}s(UU,"imported");async function LU(t){let e={pluginId:t._id,type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:deleted",e)}s(LU,"deleted");var GA={init:NU,imported:UU,deleted:LU};var MU=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:created",n,r)},"created"),kU=s(async(t,e)=>{let r={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:updated",r)},"updated"),FU=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb,appId:r};await A("query:deleted",n)},"deleted"),BU=s(async(t,e,r)=>{let n={datasourceId:t._id,source:t.source,count:r,importSource:e};await A("query:import",n)},"imported"),WU=s(async(t,e)=>{let r={count:t};await A("queries:run",r,e)},"run"),$U=s(async(t,e)=>{let r={queryId:e.queryId,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:previewed",r)},"previewed"),VA={created:MU,updated:kU,deleted:FU,imported:BU,run:WU,previewed:$U};async function GU({resource:t,fromWorkspace:e,toWorkspace:r},n){let i={resource:t,fromWorkspace:e,toWorkspace:r};await A("resource:copied_to_workspace",i,n)}s(GU,"duplicatedToWorkspace");var qA={duplicatedToWorkspace:GU};async function VU(t,e){let r={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:created",r,e)}s(VU,"created");async function qU(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:updated",e)}s(qU,"updated");async function KU(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:deleted",e)}s(KU,"deleted");async function QU(t,e,r){let n={userId:t._id,roleId:e};await A("role:assigned",n,r)}s(QU,"assigned");async function jU(t,e){let r={userId:t._id,roleId:e};await A("role:unassigned",r)}s(jU,"unassigned");var Io={created:VU,updated:qU,deleted:KU,assigned:QU,unassigned:jU};async function HU(t,e){await A("row_action:created",t,e)}s(HU,"created");var KA={created:HU};var YU=s(async(t,e)=>{let r={count:t};await A("rows:created",r,e)},"created"),zU=s(async(t,e)=>{let r={tableId:t._id,count:e};await A("rows:imported",r)},"imported"),QA={created:YU,imported:zU};async function JU(t,e){let r={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:created",r,e)}s(JU,"created");async function XU(t){let e={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:deleted",e)}s(XU,"deleted");var jA={created:JU,deleted:XU};async function ZU(t){let e={timezone:t};await A("served:builder",e)}s(ZU,"servedBuilder");async function eL(t,e,r){let n={appVersion:t.version,timezone:e,embed:r===!0};await A("served:app",n)}s(eL,"servedApp");async function tL(t,e){let r={appId:t.appId,appVersion:t.version,timezone:e};await A("served:app:preview",r)}s(tL,"servedAppPreview");var HA={servedBuilder:ZU,servedApp:eL,servedAppPreview:tL};async function rL(t,e){let r={tableId:t._id,audited:{name:t.name}};await A("table:created",r,e)}s(rL,"created");async function nL(t,e){let r,n;for(let o in e.schema)if(!t.schema[o]){let a=e.schema[o];"default"in a&&a.default!=null&&(r=!0),a.type==="ai"&&(n=a.operation)}let i={tableId:e._id,defaultValues:r,aiColumn:n,audited:{name:e.name}};(r||n)&&await A("table:updated",i)}s(nL,"updated");async function iL(t,e){let r={tableId:t._id,audited:{name:t.name},appId:e};await A("table:deleted",r)}s(iL,"deleted");async function sL(t,e){let r={tableId:t._id,format:e,audited:{name:t.name}};await A("table:exported",r)}s(sL,"exported");async function oL(t){let e={tableId:t._id,audited:{name:t.name}};await A("table:imported",e)}s(oL,"imported");var YA={created:rL,updated:nL,deleted:iL,exported:sL,imported:oL};async function aL(t,e){let r={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:created",r,e)}s(aL,"created");async function uL(t){let e={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:updated",e)}s(uL,"updated");async function cL(t){let e={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:deleted",e)}s(cL,"deleted");async function lL(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:admin:assigned",r,e)}s(lL,"permissionAdminAssigned");async function dL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:admin:removed",e)}s(dL,"permissionAdminRemoved");async function fL(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:builder:assigned",r,e)}s(fL,"permissionBuilderAssigned");async function pL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:builder:removed",e)}s(pL,"permissionBuilderRemoved");async function mL(t){let e={audited:{email:t}};await A("user:invited",e)}s(mL,"invited");async function hL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:invite:accepted",e)}s(hL,"inviteAccepted");async function gL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:force:reset",e)}s(gL,"passwordForceReset");async function EL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:updated",e)}s(EL,"passwordUpdated");async function yL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset:requested",e)}s(yL,"passwordResetRequested");async function TL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset",e)}s(TL,"passwordReset");async function SL(t){let e={users:t};await A("user:data:collaboration",e)}s(SL,"dataCollaboration");var Fe={created:aL,updated:uL,deleted:cL,permissionAdminAssigned:lL,permissionAdminRemoved:dL,permissionBuilderAssigned:fL,permissionBuilderRemoved:pL,invited:mL,inviteAccepted:hL,passwordForceReset:gL,passwordUpdated:EL,passwordResetRequested:yL,passwordReset:TL,dataCollaboration:SL};async function AL(t,e){let r={name:t.name,type:t.type,tableId:t.tableId};await A("view:created",r,e)}s(AL,"created");async function _L(t){let e={tableId:t.tableId};await A("view:updated",e)}s(_L,"updated");async function OL(t,e){let r={...Ue.views.isV2(t)?{id:t.id,tableId:t.tableId,appId:e}:{}};await A("view:deleted",r)}s(OL,"deleted");async function IL(t,e){let r={tableId:t._id,format:e};await A("view:exported",r)}s(IL,"exported");async function wL({tableId:t,filterGroups:e},r){let n={tableId:t,filterGroups:e};await A("view:filter:created",n,r)}s(wL,"filterCreated");async function DL({tableId:t,filterGroups:e}){let r={tableId:t,filterGroups:e};await A("view:filter:updated",r)}s(DL,"filterUpdated");async function RL(t){let e={tableId:t.tableId};await A("view:filter:deleted",e)}s(RL,"filterDeleted");async function CL({tableId:t,calculationType:e},r){let n={tableId:t,calculation:e};await A("view:calculation:created",n,r)}s(CL,"calculationCreated");async function bL(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:updated",e)}s(bL,"calculationUpdated");async function xL(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:deleted",e)}s(xL,"calculationDeleted");async function vL(t,e){let r={tableId:t};await A("view:join:created",r,e)}s(vL,"viewJoinCreated");var zA={created:AL,updated:_L,deleted:OL,exported:IL,filterCreated:wL,filterUpdated:DL,filterDeleted:RL,calculationCreated:CL,calculationUpdated:bL,calculationDeleted:xL,viewJoinCreated:vL};async function PL(t,e){let r={workspaceAppId:t._id,audited:{name:t.name},appId:e};await A("workspace_app:deleted",r)}s(PL,"deleted");var JA={deleted:PL};function NL(){}s(NL,"initAsyncEvents");var UL=s(async()=>{await Zt.shutdown(),console.log("Events shutdown")},"shutdown");var Jp={};P(Jp,{creatorsInList:()=>_n,getAccountHolderFromUsers:()=>ac,hasAdminPermissions:()=>Cr,hasAppBuilderPermissions:()=>r_,hasBuilderPermissions:()=>ke,isAdmin:()=>bt,isAdminOrBuilder:()=>t_,isAdminOrWorkspaceBuilder:()=>ic,isBuilder:()=>Ai,isCreatorAsync:()=>Do,isCreatorSync:()=>sc,isGlobalBuilder:()=>e_,validateUniqueUser:()=>oc});async function zp(t){let e=[],r=await XA(t);e.push(...r.map(a=>a.email));let n=await ZA(t);e.push(...n.map(a=>a._id));let i=await Ei(t);e.push(...i.map(a=>a.email));let o=await Cp(t);return e.push(...o.map(a=>a.email)),[...new Set(e.map(a=>a.toLowerCase()))]}s(zp,"searchExistingEmails");async function nc(t){return await $s("platform_users_lowercase_2",{keys:[t.toLowerCase()],include_docs:!0})}s(nc,"getPlatformUsers");async function wo(t){return(await nc(t))[0]??null}s(wo,"getFirstPlatformUser");async function XA(t){let r={keys:t.map(i=>i.toLowerCase()),include_docs:!0},n={arrayResponse:!0};return await Kt("by_email2",r,void 0,n)}s(XA,"getExistingTenantUsers");async function ZA(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await $s("platform_users_lowercase_2",r)}s(ZA,"getExistingPlatformUsers");async function Ei(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await $s("account_by_email",r)}s(Ei,"getExistingAccounts");var Ai=Le.users.isBuilder,bt=Le.users.isAdmin,e_=Le.users.isGlobalBuilder,t_=Le.users.isAdminOrBuilder,Cr=Le.users.hasAdminPermissions,ke=Le.users.hasBuilderPermissions,r_=Le.users.hasAppBuilderPermissions,ic=Le.users.isAdminOrWorkspaceBuilder;async function _n(t,e){let r=[...new Set(t.filter(i=>i.userGroups).flatMap(i=>i.userGroups))];return e=await Y().getMultiple(r,{allowMissing:!0}),t.map(i=>sc(i,e))}s(_n,"creatorsInList");async function Do(t){let e=[];return t.userGroups&&(e=await Y().getMultiple(t.userGroups)),sc(t,e)}s(Do,"isCreatorAsync");function sc(t,e){let r=Le.users.isCreator(t);return!r&&t?LL(t,e):r}s(sc,"isCreatorSync");function LL(t,e){let r=e?.filter(n=>t.userGroups?.indexOf(n._id)!==-1);return r&&r.length>0?r.some(n=>Object.values(n.roles||{}).includes("CREATOR")):!1}s(LL,"isCreatorByGroupMembership");async function oc(t,e){if(g.MULTI_TENANCY){let r=await wo(t);if(r!=null&&r.tenantId!==e)throw new Jt(t)}if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let r=await Rr(t);if(r&&r.verified&&r.tenantId!==e)throw new Jt(t)}}s(oc,"validateUniqueUser");async function ac(t){if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let e=await Ei(t.map(r=>r.email));return t.find(r=>e.map(n=>n.email).includes(r.email))}}s(ac,"getAccountHolderFromUsers");var Xp=s(async t=>{await Fe.deleted(t),ke(t)&&await Fe.permissionBuilderRemoved(t),Cr(t)&&await Fe.permissionAdminRemoved(t)},"handleDeleteEvents"),ML=s(async(t,e,r)=>{for(let[n,i]of Object.entries(e))(!r||r[n]!==i)&&await Io.assigned(t,i)},"assignAppRoleEvents"),kL=s(async(t,e,r)=>{if(r)for(let[n,i]of Object.entries(r))(!e||e[n]!==i)&&await Io.unassigned(t,i)},"unassignAppRoleEvents"),FL=s(async(t,e)=>{let r=t.roles,n=e?.roles;await ML(t,r,n),await kL(t,r,n)},"handleAppRoleEvents"),Zp=s(async(t,e,r)=>{let n=r;!n&&!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL&&(n=await pi($())),await St.identifyUser(t,n),e?(await Fe.updated(t),WL(t,e)&&await Fe.permissionBuilderRemoved(t),GL(t,e)&&await Fe.permissionAdminRemoved(t),!e.forceResetPassword&&t.forceResetPassword&&t.password&&await Fe.passwordForceReset(t),t.password!==e.password&&await Fe.passwordUpdated(t)):await Fe.created(t),BL(t,e)&&await Fe.permissionBuilderAssigned(t),$L(t,e)&&await Fe.permissionAdminAssigned(t),await FL(t,e)},"handleSaveEvents"),BL=s((t,e)=>n_(t,e,ke),"isAddingBuilder"),WL=s((t,e)=>i_(t,e,ke),"isRemovingBuilder"),$L=s((t,e)=>n_(t,e,Cr),"isAddingAdmin"),GL=s((t,e)=>i_(t,e,Cr),"isRemovingAdmin"),n_=s((t,e,r)=>!(!r(t)||e&&r(e)),"isAddingPermission"),i_=s((t,e,r)=>!(r(t)||!e||!r(e)),"isRemovingPermission");var qL=s(async t=>{let e=t._id;await yt.removeUser(t),await Xp(t),await br.invalidateUser(e),await Sn(e,{reason:"bulk-deletion"})},"bulkDeleteProcessing"),xt=class t{static{s(this,"UserDB")}static init(e,r,n){t.quotas=e,t.groups=r,t.features=n}static async isPreventPasswordActions(e,r){return g.ENABLE_SSO_MAINTENANCE_MODE&&bt(e)?!1:await t.features.isSSOEnforced()||Ho(e)?!0:(r||(r=await pi($())),!!(r&&r.email===e.email&&jo(r)))}static async buildUser(e,r={hashPassword:!0,requirePassword:!0},n,i,o){let{password:a,_id:u}=e;i&&!i.password&&(r.requirePassword=!1);let c;if(a&&a!==i?.password){if(await t.isPreventPasswordActions(e,o))throw new Me("Password change is disabled for this user",400);if(!r.skipPasswordValidation){let f=Mp(a);if(!f.valid)throw new Me(f.error,400)}c=r.hashPassword?await uf(a):a}else i&&(c=i.password);let l=r.requirePassword&&!await t.features.isSSOEnforced();if(!c&&l)throw"Password must be specified.";u=u||ni();let d={createdAt:Date.now(),...i,...e,_id:u,password:c,tenantId:n};return d.roles||(d.roles={}),d.status==null&&(d.status="active"),d}static async allUsers(){return(await Y().allDocs(an(null,{include_docs:!0}))).rows.map(n=>n.doc)}static async countUsersByWorkspace(e){if(typeof e!="string"||!e)throw new Error("Must provide a string based workspace ID");return{userCount:(await Gs("by_app",ii(e,{include_docs:!1}))).rows.length}}static async getUsersByAppAccess(e){return await em(e.appId,{limit:e.limit||50})}static async getUserByEmail(e){return At(e)}static async getUser(e){let r=await On(e);return r&&delete r.password,r}static async bulkGet(e){return await uc(e)}static async bulkUpdate(e){return await Ro(e)}static async save(e,r={}){r.hashPassword==null&&(r.hashPassword=!0),r.requirePassword==null&&(r.requirePassword=!0);let n=$(),i=Y(),{email:o,_id:a,userGroups:u=[],roles:c}=e;if(!o&&!a)throw new Error("_id or email is required");let l;if(a)try{if(l=await On(a),o&&l.email!==o&&!r.allowChangingEmail)throw new Error("Email address cannot be changed")}catch(m){if(m.status!==404)throw m}if(!l&&o&&(l=await At(o),l&&l._id!==a))throw new Jt(o);let d=1,f=0;if((r.isAccountHolder||l)&&(d=0,f=1),l){let[m,E]=await _n([l,e]);f=m!==E?1:0}let h=!l,p=!!l&&!!o&&l.email!==o,S=!r.isAccountHolder&&!!o&&(h||p);return t.quotas.addUsers(d,f,async()=>{S&&await oc(o,n);let m=await t.buildUser(e,r,n,l);r.currentUserId&&r.currentUserId===l?._id&&(m=tm(m,l)),!l&&c?.length&&(m.roles={...c});let E=[];if(!a&&u.length>0)for(let y of u)E.push(t.groups.addUsers(y,[m._id]));try{let y=await i.put(m);return m._rev=y.rev,await Zp(m,l),l&&m.email!==l.email&&await yt.removeUser({email:l.email}),await yt.addUser(n,m._id,m.email,m.ssoId),await br.invalidateUser(y.id),await Promise.all(E),i.get(m._id)}catch(y){throw y.status===409?"User exists already":y}})}static async bulkCreate(e,r){let n=$(),i=[],o=[],a=[],u=e.map(h=>h.email),c=await zp(u),l=[];for(let h of e){let p=o.find(m=>m.email.toLowerCase()===h.email.toLowerCase()),S=c.includes(h.email.toLowerCase());if(p||S){l.push({email:h.email,reason:"Unavailable"});continue}h.userGroups=r||[],o.push(h),await Do(h)&&a.push(h)}let d=await pi(n),f=await t.features.isSSOEnforced();return t.quotas.addUsers(o.length,a.length,async()=>{for(let S of o)f&&delete S.password,i.push(t.buildUser(S,{hashPassword:!0,requirePassword:!f},n,void 0,d));let h=await Promise.all(i);await Ro(h);for(let S of h)await yt.addUser(n,S._id,S.email),await Zp(S,void 0,d);let p=h.map(S=>({_id:S._id,email:S.email}));if(Array.isArray(p)&&r){let S=[],m=p.map(E=>E._id);for(let E of r)S.push(t.groups.addUsers(E,m));await Promise.all(S)}return{successful:p,unsuccessful:l}})}static async bulkDelete(e){let r=Y(),n={successful:[],unsuccessful:[]},i=await ac(e);i&&(e=e.filter(p=>p.userId!==i.userId),n.unsuccessful.push({_id:i.userId,email:i.email,reason:"Account holder cannot be deleted"}));let a=(await r.allDocs({include_docs:!0,keys:e.map(p=>p.userId)})).rows.map(p=>p.doc),u=a.map(p=>({...p,_deleted:!0})),c=await Ro(u),d=(await _n(a)).filter(p=>p).length,f=[];for(let p of a){let m=(await wo(p._id)).ssoId;m&&(await nc(m)).filter(y=>y.ssoId==null).forEach(y=>{f.push({...y,_deleted:!0})}),await qL(p)}await Dr().bulkDocs(f),await t.quotas.removeUsers(u.length,d);let h={};return a.reduce((p,S)=>(p[S._id]=S,p),h),c.forEach(p=>{let S=h[p.id].email;p.ok?n.successful.push({_id:p.id,email:S}):n.unsuccessful.push({_id:p.id,email:S,reason:"Database error"})}),n}static async destroy(e){let r=Y(),n=await r.get(e),i=n._id;if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let a=n.email;if(await Rr(a))throw n.userId===Gt()._id?new Me('Please visit "Account" to delete this user',400):new Me("Account holder cannot be deleted",400)}await yt.removeUser(n),await r.remove(i,n._rev);let o=await Do(n)?1:0;await t.quotas.removeUsers(1,o),await Xp(n),await br.invalidateUser(i),await Sn(i,{reason:"deletion"})}static async createAdminUser(e,r,n){let i=n?.password,o={email:e,password:i,createdAt:Date.now(),roles:{},builder:{global:!0},admin:{global:!0},tenantId:r,firstName:n?.firstName,lastName:n?.lastName};return n?.ssoId&&(o.ssoId=n.ssoId),await di(ye.CHECKLIST),await t.save(o,{hashPassword:n?.hashPassword,requirePassword:n?.requirePassword,skipPasswordValidation:n?.skipPasswordValidation,isAccountHolder:!0})}static async getGroups(e){return await this.groups.getBulk(e)}static async getGroupBuilderAppIds(e){return await this.groups.getGroupBuilderAppIds(e)}};function bo(t){return Array.isArray(t)?t.map(e=>{if(e)return delete e.password,e}):t&&(delete t.password,t)}s(bo,"removeUserPassword");async function uc(t,e){let n=(await Y().allDocs({keys:t,include_docs:!0})).rows.map(i=>i.doc);return e?.cleanup&&(n=bo(n)),n}s(uc,"bulkGetGlobalUsersById");async function QL(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${Pe}`})).rows.map(n=>n.id)}s(QL,"getAllUserIds");async function jL(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${Pe}`,include_docs:!0})).rows.map(n=>n.doc)}s(jL,"getAllUsers");async function Ro(t){return await Y().bulkDocs(t)}s(Ro,"bulkUpdateGlobalUsers");async function On(t,e){let n=await Y().get(t);return e?.cleanup&&(n=bo(n)),n}s(On,"getById");async function At(t,e){if(t==null)throw"Must supply an email address to view";let r=await Kt("by_email2",{key:t.toLowerCase(),include_docs:!0});if(Array.isArray(r))throw new Error(`Multiple users found with email address: ${t}`);let n=r;return e?.cleanup&&(n=bo(n)),n}s(At,"getGlobalUserByEmail");async function HL(t){try{let e=await At(t);if(Array.isArray(e)||e!=null)return!0}catch{return!1}return!1}s(HL,"doesUserExist");async function s_(t,e,r){if(typeof t!="string")throw new Error("Must provide a string based workspace ID");let n=ii(t,{include_docs:!0});n.startkey=e&&e.startkey?e.startkey:n.startkey;let i=await Kt("by_app",n);i||(i=[]);let o=Array.isArray(i)?i:[i];return r?.cleanup&&(o=bo(o)),o}s(s_,"searchGlobalUsersByApp");async function em(t,e){let r=`roles.${t}`,n=[{"builder.global":!0},{"admin.global":!0}];if(t){let a={[r]:{$exists:!0}};n.push(a)}return(await Y().find({selector:{$or:n,_id:{$regex:"^us_"}},limit:e?.limit||50})).docs}s(em,"searchGlobalUsersByAppAccess");function o_(t,e){if(e)return Eu(He(t),e._id)}s(o_,"getGlobalUserByAppPage");async function a_(t,e,r){if(typeof t!="string")throw new Error("Must provide a string to search by");let n=t.toLowerCase(),i=e&&e.startkey?e.startkey:n,o=await Kt("by_email2",{...e,startkey:i,endkey:`${n}${Pe}`});o||(o=[]);let a=Array.isArray(o)?o:[o];return r?.cleanup&&(a=bo(a)),a}s(a_,"searchGlobalUsersByEmail");var YL=8;async function u_({bookmark:t,query:e,appId:r,limit:n}={}){let i=Y(),o=n??YL,u={include_docs:!0,limit:o+1};t&&(u.startkey=t);let c,l="_id",d;return e?.equal?._id?c=[await On(e.equal._id)]:r?(c=await s_(r,u),d=s(f=>o_(r,f),"getKey")):e?.string?.email?(c=await a_(e?.string?.email,u),l="email"):e?.oneOf?._id?c=await uc(e?.oneOf?._id,{cleanup:!0}):e?(c=(await i.allDocs(an(null,{...u,limit:void 0}))).rows.map(h=>h.doc),c=mr.search(c,{query:e,limit:u.limit}).rows):c=(await i.allDocs(an(null,u))).rows.map(h=>h.doc),qf(c,o,{paginate:!0,property:l,getKey:d})}s(u_,"paginatedUsers");async function zL(){return(await Gs("by_email2",{limit:0,include_docs:!1})).total_rows}s(zL,"getUserCount");async function JL(){let t=0;async function e(r){let n=await u_({bookmark:r}),i=await _n(n.data);t+=i.filter(o=>o).length,n.hasNextPage&&await e(n.nextPage)}return s(e,"iterate"),await e(),t}s(JL,"getCreatorCount");function XL(t){return delete t.admin,delete t.builder,t}s(XL,"removePortalUserPermissions");function tm(t,e){return delete t.admin,delete t.builder,delete t.roles,e&&(t.admin=e.admin,t.builder=e.builder,t.roles=e.roles),t}s(tm,"cleanseUserObject");async function ZL(t,e){let r=He(e);t.builder??={},t.builder.creator=!0,t.builder.apps??=[],t.builder.apps.push(r),await xt.save(t,{hashPassword:!1})}s(ZL,"addAppBuilder");async function e0(t,e){let r=He(e);t.builder&&t.builder.apps?.includes(r)&&(t.builder.apps=t.builder.apps.filter(n=>n!==r)),await xt.save(t,{hashPassword:!1})}s(e0,"removeAppBuilder");var c_=3600;async function t0(t,e){let n=await Yf(e).get(t);if(n.budibaseAccess=!0,!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let i=await Rr(n.email);i&&(n.account=i,n.accountPortalAccess=!0)}return n}s(t0,"populateFromDB");async function r0(t){let e=await xt.bulkGet(t),r=t.filter((i,o)=>!e[o]),n=e.filter(i=>i);return await Promise.all(n.map(async i=>{if(i.budibaseAccess=!0,!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let o=await Rr(i.email);o&&(i.account=o,i.accountPortalAccess=!0)}})),r.length?{users:n,notFoundIds:r}:{users:n}}s(r0,"populateUsersFromDB");async function xo({userId:t,tenantId:e,email:r,populateUser:n}){if(n||(n=t0),!e)try{e=$()}catch{e=await yt.lookupTenantId(t)}let i=await Us(),o=await i.get(t);return o||(o=await n(t,e,r),await i.store(t,o,c_)),o&&!o.tenantId&&e&&(o.tenantId=e),o.userGroups&&!Le.users.isGlobalBuilder(o)&&await Ce(e,async()=>{let a=await xt.getGroupBuilderAppIds(o);if(a.length){let u=o.builder?.apps||[];o.builder={apps:[...new Set(u.concat(a))]}}}),o}s(xo,"getUser");async function n0(t){let e=await Us(),r=await e.bulkGet(t),n=t.filter(a=>!r[a]),i=Object.values(r).filter(a=>!!a),o;if(n.length){let a=await r0(n);o=a.notFoundIds;for(let u of a.users)await e.store(u._id,u,c_);i.push(...a.users)}return{users:i,notFoundIds:o}}s(n0,"getUsers");async function vo(t){await(await Us()).delete(t)}s(vo,"invalidateUser");var sm={};P(sm,{Writethrough:()=>nm});var l_=1e4,rm=null;async function cc(){if(!rm){let t=await kf();rm=new pn(t)}return rm}s(cc,"getCache");function Po(t,e){return t.name+e}s(Po,"makeCacheKey");function im(t,e=null){return{doc:t,lastWrite:e||Date.now()}}s(im,"makeCacheItem");async function i0(t,e,r=l_){let n=await cc(),i=e._id,o;i&&(o=await n.get(Po(t,i)));let a=!o||o.lastWrite<Date.now()-r,u=e;return a&&((await oo({type:"try_once",name:"persist_writethrough",resource:i,ttl:15e3},async()=>{let l=s(async d=>{let f=await t.put(d,{force:!0});u._id=f.id,u._rev=f.rev},"writeDb");try{await l(e)}catch(d){if(d.status!==409)throw d;li("Ignoring conflict in write-through cache")}})).executed||li("Ignoring redlock conflict in write-through cache")),o=im(u,a?null:o?.lastWrite),u._id&&await n.store(Po(t,u._id),o),{ok:!0,id:u._id,rev:u._rev}}s(i0,"put");async function s0(t,e){let r=await cc(),n=Po(t,e),i=await r.get(n);if(!i){let o=await t.get(e);i=im(o),await r.store(n,i)}return i.doc}s(s0,"get");async function o0(t,e){let r=await cc(),n=Po(t,e),i=await r.get(n);if(!i){let o=await t.tryGet(e);if(!o)return null;i=im(o),await r.store(n,i)}return i.doc}s(o0,"tryGet");async function a0(t,e,r){let n=await cc();if(!e)throw new Error("No ID/Rev provided.");let i=typeof e=="string"?e:e._id;r=typeof e=="string"?r:e._rev;try{await n.delete(Po(t,i))}finally{await t.remove(i,r)}}s(a0,"remove");var nm=class{static{s(this,"Writethrough")}constructor(e,r=l_){this.db=e,this.writeRateMs=r}async put(e,r=this.writeRateMs){return i0(this.db,e,r)}async get(e){return s0(this.db,e)}async tryGet(e){return o0(this.db,e)}async remove(e,r){return a0(this.db,e,r)}};function No(t){return`config${C}${t}`}s(No,"generateConfigID");var lc="en";function u0(){return{_id:No("translations"),type:"translations",config:{defaultLocale:lc,locales:{[lc]:{label:"English",overrides:{}}}}}}s(u0,"createDefaultTranslationsConfig");function c0(t){let e=t?.defaultLocale||lc,r={...t?.locales??{}};r[e]||(r[e]={label:e===lc?"English":e,overrides:{}});for(let n of Object.keys(r))r[n].overrides||(r[n]={...r[n],overrides:{}});return{defaultLocale:e,locales:r}}s(c0,"prepareTranslationsConfig");async function Be(t){let e=Y();try{return await e.get(No(t))}catch(r){if(r.status===404)return;throw r}}s(Be,"getConfig");async function l0(t){return t._id||(t._id=No(t.type)),Y().put(t)}s(l0,"save");async function d_(){let t=await Be("translations");return t?(t.config=c0(t.config),t):u0()}s(d_,"getTranslationsConfigDoc");async function d0(){return(await d_()).config}s(d0,"getTranslationsConfig");async function Ti(){let t=await Be("settings");return t||(t={_id:No("settings"),type:"settings",config:{}}),t.config.platformUrl=await Uo({tenantAware:!0,config:t.config}),t.config.analyticsEnabled=await Ju({config:t.config}),t}s(Ti,"getSettingsConfigDoc");async function am(){return(await Ti()).config}s(am,"getSettingsConfig");async function Uo(t={tenantAware:!0}){let e=g.PLATFORM_URL||"http://localhost:10000";if(!g.SELF_HOSTED&&g.MULTI_TENANCY&&t.tenantAware){let r=$();e.includes("localhost:")||(e=e.replace("://",`://${r}.`))}else if(g.SELF_HOSTED){let r=t?.config?t.config:(await Be("settings"))?.config;r?.platformUrl&&(e=r.platformUrl)}return e}s(Uo,"getPlatformUrl");var Ju=s(async t=>{if(!g.SELF_HOSTED)return!!g.ENABLE_ANALYTICS;let e=await wr(ye.ANALYTICS_ENABLED,86400,async()=>{let n=t?.config?t.config:(await Be("settings"))?.config;if(n?.analyticsEnabled===!1)return!1;if(n?.analyticsEnabled===!0)return!0});if(e!==void 0)return e;let r=g.ENABLE_ANALYTICS;return!(r===0||r===!1)},"analyticsEnabled");async function f0(){return await Be("google")}s(f0,"getGoogleConfigDoc");async function fc(){return(await f0())?.config}s(fc,"getGoogleConfig");async function um(){if(!g.SELF_HOSTED)return om();let t=await fc();return(!t||!t.activated)&&(t=om()),t}s(um,"getGoogleDatasourceConfig");function om(){if(g.GOOGLE_CLIENT_ID&&g.GOOGLE_CLIENT_SECRET)return{clientID:g.GOOGLE_CLIENT_ID,clientSecret:g.GOOGLE_CLIENT_SECRET,activated:!0}}s(om,"getDefaultGoogleConfig");async function p0(){return Be("logos_oidc")}s(p0,"getOIDCLogosDoc");async function m0(){return Be("oidc")}s(m0,"getOIDCConfigDoc");async function h0(){let t=(await m0())?.config;return t?.configs&&t.configs[0]}s(h0,"getOIDCConfig");async function cm(t){let e=(await Be("oidc"))?.config;return e&&e.configs.filter(r=>r.uuid===t)[0]}s(cm,"getOIDCConfigById");async function f_(){return Be("smtp")}s(f_,"getSMTPConfigDoc");async function g0(t){let e=await f_();if(e)return e.config;let r=g.SELF_HOSTED||!t;if(g.SMTP_FALLBACK_ENABLED&&r)return{port:g.SMTP_PORT,host:g.SMTP_HOST,secure:!1,from:g.SMTP_FROM_ADDRESS,auth:{user:g.SMTP_USER,pass:g.SMTP_PASSWORD},fallback:!0}}s(g0,"getSMTPConfig");async function E0(){return(await Be("scim"))?.config}s(E0,"getSCIMConfig");async function y0(){return Be("recaptcha")}s(y0,"getRecaptchaConfig");var Tm={};P(Tm,{AccessController:()=>fm,BUILTIN_ROLE_IDS:()=>pm,Role:()=>xr,RoleHierarchyTraversal:()=>pc,RoleIDVersion:()=>mm,builtinRoleToNumber:()=>Lo,checkForRoleResourceArray:()=>g_,externalRole:()=>I0,findRole:()=>Mo,getAllRoleIds:()=>C0,getAllRoles:()=>ym,getBuiltinRole:()=>m_,getBuiltinRoles:()=>gm,getDBRoleID:()=>E_,getExternalRoleID:()=>vr,getExternalRoleIDs:()=>y_,getRole:()=>w0,getUserRoleHierarchy:()=>Em,getUserRoleIdHierarchy:()=>h_,isBuiltin:()=>In,lowerBuiltinRoleID:()=>O0,prefixRoleIDNoBuiltin:()=>dm,roleIDsAreEqual:()=>ot,roleToNumber:()=>_0,saveRoles:()=>D0,validInherits:()=>A0});var p_=require("lodash"),mc=B(require("lodash/fp/cloneDeep")),lm=B(require("semver"));var pm={ADMIN:"ADMIN",POWER:"POWER",BASIC:"BASIC",PUBLIC:"PUBLIC"},ie={...pm,BUILDER:"BUILDER"},mm={UUID:void 0,NAME:"name"};function S0(t,e){return Array.isArray(e)?e.filter(r=>t.includes(r)).length===e.length:t.includes(e)}s(S0,"rolesInList");var xr=class{constructor(e,r,n,i){this.permissions={};this._id=e,this.name=r,this.uiMetadata=i,this.permissionId=n,this.version=mm.NAME}static{s(this,"Role")}addInheritance(e){return e&&typeof e=="string"?e=dm(e):e&&Array.isArray(e)&&(e=e.map(dm)),this.inherits=e,this}},pc=class{static{s(this,"RoleHierarchyTraversal")}constructor(e,r){this.allRoles=e,this.opts=r}walk(e){let r=this.opts,n=this.allRoles,i=[];if(!e||!e._id)return i;if(i.push(e),Array.isArray(e.inherits))for(let o of e.inherits){let a=Mo(o,n,r);a&&(i=i.concat(this.walk(a)))}else{let o=[],a=e;for(;a&&a.inherits&&!S0(o,a.inherits);){if(Array.isArray(a.inherits))return i.concat(this.walk(a));if(o.push(a.inherits),a=Mo(a.inherits,n,r),a&&i.push(a),Ue.roles.checkForRoleInheritanceLoops(i))break}}return(0,p_.uniqBy)(i,o=>o._id)}},hm={ADMIN:new xr(ie.ADMIN,ie.ADMIN,"admin",{displayName:"Admin user",description:"Can do everything",color:"var(--spectrum-global-color-static-red-400)"}).addInheritance(ie.POWER),POWER:new xr(ie.POWER,ie.POWER,"power",{displayName:"App power user",description:"An app user with more access",color:"var(--spectrum-global-color-static-orange-400)"}).addInheritance(ie.BASIC),BASIC:new xr(ie.BASIC,ie.BASIC,"write",{displayName:"Basic user",description:"Any logged in user",color:"var(--spectrum-global-color-static-green-400)"}).addInheritance(ie.PUBLIC),PUBLIC:new xr(ie.PUBLIC,ie.PUBLIC,"public",{displayName:"Public user",description:"Accessible to anyone",color:"var(--spectrum-global-color-static-blue-400)"}),BUILDER:new xr(ie.BUILDER,ie.BUILDER,"admin",{displayName:"Builder user",description:"Users that can edit this app",color:"var(--spectrum-global-color-static-magenta-600)"})};function gm(){return(0,mc.default)(hm)}s(gm,"getBuiltinRoles");function In(t){return Object.values(pm).includes(t)}s(In,"isBuiltin");function dm(t){return In(t)?t:Vt(t)}s(dm,"prefixRoleIDNoBuiltin");function m_(t){let e=Object.values(hm).find(r=>t.includes(r._id));if(e)return(0,mc.default)(e)}s(m_,"getBuiltinRole");function A0(t,e){if(!e)return!1;let r=s(n=>t.find(i=>ot(i._id,n)),"find");if(Array.isArray(e)){let n=e.filter(i=>r(i));return e.length!==0&&n.length===e.length}else return!!r(e)}s(A0,"validInherits");function Lo(t){let e=gm(),r=Object.values(e).length+1;if(ot(t,ie.ADMIN)||ot(t,ie.BUILDER))return r;let n=e[t],i=0;do{if(!n)break;if(Array.isArray(n.inherits))throw new Error("Built-in roles don't support multi-inheritance");n=e[n.inherits],i++}while(n!==null);return i}s(Lo,"builtinRoleToNumber");async function _0(t){if(In(t))return Lo(t);let e=await Em(t,{defaultPublic:!0}),r=s(n=>{if(!n.inherits)return 0;if(Array.isArray(n.inherits)){let i=n.inherits.map(o=>{let a=e.find(u=>ot(u._id,o));if(a)return r(a)+1}).filter(o=>o).sort().pop();if(i!=null)return i}else if(In(n.inherits))return Lo(n.inherits)+1;return 0},"findNumber");return Math.max(...e.map(r))}s(_0,"roleToNumber");function O0(t,e){return t?e&&Lo(t)>Lo(e)?e:t:e}s(O0,"lowerBuiltinRoleID");function ot(t,e){return Vt(t)===Vt(e)}s(ot,"roleIDsAreEqual");function I0(t){let e;return t._id&&(e=vr(t._id)),{...t,_id:e,inherits:y_(t.inherits,t.version)}}s(I0,"externalRole");function Mo(t,e,r){let n=m_(t);n||(t=Vt(t));let i=e.find(o=>o._id&&ot(o._id,t));return!i&&!In(t)&&r?.defaultPublic?(0,mc.default)(hm.PUBLIC):(n=Object.assign(n||{},i),n?._id&&(n._id=vr(n._id,n.version)),Object.keys(n).length===0?void 0:n)}s(Mo,"findRole");async function w0(t,e){let r=ti(),n=[];if(!In(t)){let i=await r.tryGet(E_(t));i&&n.push(i)}return Mo(t,n,e)}s(w0,"getRole");async function D0(t){await ti().bulkDocs(t.filter(r=>r._id).map(r=>({...r,_id:Vt(r._id)})))}s(D0,"saveRoles");async function R0(t,e){let r=await ym();if(ot(t,ie.ADMIN))return r;let n=Mo(t,r,e),i=[];return n&&(i=new pc(r,e).walk(n)),i}s(R0,"getAllUserRoles");async function h_(t){return(await Em(t)).map(r=>r._id)}s(h_,"getUserRoleIdHierarchy");async function Em(t,e){return R0(t,e)}s(Em,"getUserRoleHierarchy");function g_(t,e){if(t&&!Array.isArray(t[e])){let r=t[e];t[e]=[r],r==="write"&&t[e].push("read")}return t}s(g_,"checkForRoleResourceArray");async function C0(t){return(await ym(t)).map(r=>r._id)}s(C0,"getAllRoleIds");async function ym(t){if(t)return je(t,e);{let r;try{r=ti()}catch{}return e(r)}async function e(r){let n=[];r&&(n=(await r.allDocs(yu(null,{include_docs:!0}))).rows.map(u=>u.doc),n.forEach(u=>u._id=vr(u._id,u.version)));let i=gm(),o=[];!r||await b0(r)?o=[ie.ADMIN,ie.POWER,ie.BASIC,ie.PUBLIC]:o=[ie.ADMIN,ie.BASIC,ie.PUBLIC];for(let a of o){let u=i[a],c=n.filter(l=>ot(l._id,a))[0];c==null?n.push(u||i.BASIC):(n=n.filter(l=>l._id!==c._id),c._id=vr(u._id,c.version),n.push({...u,...c,name:u.name,_id:vr(u._id,u.version),uiMetadata:{...c.uiMetadata,...u.uiMetadata}}))}for(let a of n)if(a.permissions)for(let u of Object.keys(a.permissions))a.permissions=g_(a.permissions,u);return n}s(e,"internal")}s(ym,"getAllRoles");async function b0(t){let r=(await t.tryGet("app_metadata"))?.creationVersion;return!r||!lm.default.valid(r)?!0:!lm.default.gte(r,g.MIN_VERSION_WITHOUT_POWER_ROLE)}s(b0,"shouldIncludePowerRole");var fm=class{static{s(this,"AccessController")}constructor(){this.userHierarchies={}}async hasAccess(e,r){if(e==null||e===""||ot(e,ie.BUILDER)||ot(r,e)||ot(r,ie.BUILDER))return!0;let n=r?this.userHierarchies[r]:null;return!n&&r&&(n=await h_(r),this.userHierarchies[r]=n),n?.find(i=>ot(i,e))!==void 0}async checkScreensAccess(e,r){let n=[];for(let i of e){let o=await this.checkScreenAccess(i,r);o&&n.push(o)}return n}async checkScreenAccess(e,r){let n=e&&e.routing?e.routing.roleId:void 0;return await this.hasAccess(n,r)?e:null}};function E_(t){return t?.startsWith("role")?t:Vt(t)}s(E_,"getDBRoleID");function vr(t,e){if(t.startsWith(`role${C}`)&&(In(t)||e===mm.NAME)){let r=t.split(C);return r.shift(),r.join(C)}return t}s(vr,"getExternalRoleID");function y_(t,e){return t&&(typeof t=="string"?vr(t,e):t.map(r=>vr(r,e)))}s(y_,"getExternalRoleIDs");var Sm={};P(Sm,{BUILDER:()=>U0,BUILTIN_PERMISSIONS:()=>hc,CREATOR:()=>L0,GLOBAL_BUILDER:()=>M0,PermissionImpl:()=>se,PermissionLevel:()=>bi,PermissionType:()=>Ko,doesHaveBasePermission:()=>P0,getAllowedLevels:()=>__,getBuiltinPermissionByID:()=>v0,getBuiltinPermissions:()=>x0,isPermissionLevelHigherThanRead:()=>N0,levelToNumber:()=>A_});var T_=B(require("lodash/flatten")),S_=B(require("lodash/fp/cloneDeep"));var se=class{static{s(this,"PermissionImpl")}constructor(e,r){this.type=e,this.level=r}};function A_(t){switch(t){case"execute":return 0;case"read":return 1;case"write":return 2;case"admin":return 3;default:return-1}}s(A_,"levelToNumber");function __(t){switch(t){case"execute":return["execute"];case"read":return["execute","read"];case"write":case"admin":return["execute","read","write"];default:return[]}}s(__,"getAllowedLevels");var hc={PUBLIC:{_id:"public",name:"Public",permissions:[new se("webhook","execute")]},READ_ONLY:{_id:"read_only",name:"Read only",permissions:[new se("query","read"),new se("table","read"),new se("app","read")]},WRITE:{_id:"write",name:"Read/Write",permissions:[new se("query","write"),new se("table","write"),new se("automation","execute"),new se("legacy_view","read"),new se("app","read")]},POWER:{_id:"power",name:"Power",permissions:[new se("table","write"),new se("user","read"),new se("automation","execute"),new se("webhook","read"),new se("legacy_view","read"),new se("app","read")]},ADMIN:{_id:"admin",name:"Admin",permissions:[new se("table","admin"),new se("user","admin"),new se("automation","admin"),new se("webhook","read"),new se("query","admin"),new se("legacy_view","read"),new se("app","read")]}};function x0(){return(0,S_.default)(hc)}s(x0,"getBuiltinPermissions");function v0(t){return Object.values(hc).find(r=>r._id===t)}s(v0,"getBuiltinPermissionByID");function P0(t,e,r){let n=[...new Set(r.map(a=>a.permissionId))],i=Object.values(hc),o=(0,T_.default)(i.filter(a=>n.indexOf(a._id)!==-1).map(a=>a.permissions));for(let a of o)if(a.type===t&&__(a.level).indexOf(e)!==-1)return!0;return!1}s(P0,"doesHaveBasePermission");function N0(t){return A_(t)>1}s(N0,"isPermissionLevelHigherThanRead");var U0="builder",L0="creator",M0="globalBuilder";var Om={};P(Om,{FlagSet:()=>Ec,all:()=>$0,flags:()=>Am,getEnvFlags:()=>D_,init:()=>k0,isEnabled:()=>W0,parseEnvFlags:()=>Tc,shutdown:()=>F0,testutils:()=>_m});var yc=B(require("crypto")),O_=B(require("dd-trace")),I_=require("lodash"),w_=require("posthog-node");var gc;function k0(t){g.POSTHOG_TOKEN&&g.POSTHOG_API_HOST&&!g.SELF_HOSTED&&g.POSTHOG_FEATURE_FLAGS_ENABLED?(console.log("initializing posthog client..."),gc=new w_.PostHog(g.POSTHOG_TOKEN,{host:g.POSTHOG_API_HOST,personalApiKey:g.POSTHOG_PERSONAL_TOKEN,featureFlagsPollingInterval:pe.fromMinutes(3).toMs(),...t})):console.log("posthog disabled")}s(k0,"init");function F0(){gc?.shutdown()}s(F0,"shutdown");function Tc(t){let e=t.split(",").map(n=>n.split(":")),r=[];for(let[n,...i]of e)for(let o of i){let a=!0;o.startsWith("!")&&(o=o.slice(1),a=!1),r.push({tenantId:n,key:o,value:a})}return r}s(Tc,"parseEnvFlags");function D_(){return Tc(g.TENANT_FEATURE_FLAGS||"")}s(D_,"getEnvFlags");var Ec=class{constructor(e){this.flagSchema=e;this.setId=yc.randomUUID()}static{s(this,"FlagSet")}defaults(){return(0,I_.cloneDeep)(this.flagSchema)}isFlagName(e){return this.flagSchema[e]!==void 0}async isEnabled(e){return(await this.fetch())[e]}async fetch(){return await O_.default.trace("features.fetch",async e=>{let r=vf(this.setId);if(r)return e?.addTags({fromCache:!0}),r;let n={},i=this.defaults(),o=$(),a=new Set;if(nu())return i;for(let{tenantId:f,key:h,value:p}of D_())if(!(!f||f!=="*"&&f!==o)&&(n.readFromEnvironmentVars=!0,p===!1&&a.add(h),!!this.isFlagName(h))){if(typeof i[h]!="boolean")throw new Error(`Feature: ${h} is not a boolean`);i[h]=p,n[`flags.${h}.source`]="environment"}let u=Gt(),c=u?._id;if(!c){let f=bf();f&&(c=yc.createHash("sha512").update(f).digest("hex"))}let l=u?.tenantId;if(l||(l=o),n["identity.type"]=u?.type,n["identity._id"]=u?._id,n.tenantId=l,n.userId=c,gc&&c){n.readFromPostHog=!0;let f=await Ti(),h={tenantId:l},p={tenant:{id:l}};f.config.createdVersion&&(p.tenant.createdVersion=f.config.createdVersion),f.createdAt&&(p.tenant.createdAt=`${f.createdAt}`);let S=await gc.getAllFlags(c,{personProperties:h,onlyEvaluateLocally:!0,groups:{tenant:l},groupProperties:p});for(let[m,E]of Object.entries(S))if(this.isFlagName(m)){if(typeof E!="boolean"){console.warn(`Invalid value for posthog flag "${m}": ${E}`);continue}if(!(i[m]===!0||a.has(m)))try{i[m]=E,n[`flags.${m}.source`]="posthog"}catch(y){console.warn(`Error parsing posthog flag "${m}": ${E}`,y)}}}let d=Nf();for(let[f,h]of Object.entries(d))this.isFlagName(f)&&typeof h=="boolean"&&(i[f]=h,n[`flags.${f}.source`]="override");Pf(this.setId,i);for(let[f,h]of Object.entries(i))n[`flags.${f}.value`]=h;return e?.addTags(n),i})}},B0={USE_ZOD_VALIDATOR:!1,AI_AGENTS:!1,AI_RAG:!1,DEBUG_UI:g.isDev(),DEV_USE_CLIENT_FROM_STORAGE:!1},Am=new Ec(B0);async function W0(t){return await Am.isEnabled(t)}s(W0,"isEnabled");async function $0(){return await Am.fetch()}s($0,"all");var _m={};P(_m,{setFeatureFlags:()=>R_,withFeatureFlags:()=>q0});function G0(){let t={};for(let{tenantId:e,key:r,value:n}of Tc(process.env.TENANT_FEATURE_FLAGS||"")){let i=t[e]||{};i[r]!==!1&&(i[r]=n,t[e]=i)}return t}s(G0,"getCurrentFlags");function V0(t){let e=[];for(let[r,n]of Object.entries(t))for(let[i,o]of Object.entries(n))o===!1?e.push(`${r}:!${i}`):e.push(`${r}:${i}`);return e.join(",")}s(V0,"buildFlagString");function R_(t,e){let r=G0();for(let[i,o]of Object.entries(e)){let a=r[t]||{};a[i]=o,r[t]=a}let n=V0(r);return Ds({TENANT_FEATURE_FLAGS:n})}s(R_,"setFeatureFlags");function q0(t,e,r){let n=R_(t,e),i=r();return i instanceof Promise?i.finally(n):(n(),i)}s(q0,"withFeatureFlags");var Lm={};P(Lm,{adminOnly:()=>Sc,auditLog:()=>Ac,authError:()=>Oe,buildAuthMiddleware:()=>bM,buildCsrfMiddleware:()=>vM,buildTenancyMiddleware:()=>xM,builderOnly:()=>xc,builderOrAdmin:()=>vc,google:()=>rr,internalApi:()=>Nc,joiValidator:()=>ko,oidc:()=>nr,passport:()=>PM,platformLogout:()=>kM,refreshOAuthToken:()=>LM,ssoCallbackUrl:()=>Nr,updateUserOAuth:()=>MM,workspaceBuilderOrAdmin:()=>Mc});var Um={};P(Um,{activeTenant:()=>X_,adminOnly:()=>Sc,auditLog:()=>Ac,authError:()=>Oe,authenticated:()=>bc,builderOnly:()=>xc,builderOrAdmin:()=>vc,correlation:()=>b_,csp:()=>B_,csrf:()=>Pc,datasource:()=>RM,errorHandling:()=>$_,featureFlagCookie:()=>G_,google:()=>rr,internalApi:()=>Nc,ip:()=>V_,joiValidator:()=>ko,local:()=>Oi,oidc:()=>nr,pino:()=>x_,querystringToBody:()=>J_,ssoCallbackUrl:()=>Nr,tenancy:()=>Lc,workspaceBuilderOrAdmin:()=>Mc});var C_=require("uuid");var K0=require("correlation-id"),b_=s((t,e)=>{let r=t.headers["x-budibase-correlation-id"];return r||(r=(0,C_.v4)()),K0.withId(r,()=>e())},"correlationMiddleware");var Q0=require("koa-pino-logger"),j0=require("correlation-id");function H0(){return{logger:Uu,genReqId:j0.getId,autoLogging:{ignore:t=>!!t.url?.includes("/health")},serializers:{req:t=>({method:t.method,url:t.url,correlationId:t.id}),res:t=>({status:t.statusCode})}}}s(H0,"pinoSettings");function Y0(){return g.HTTP_LOGGING?Q0(H0()):(t,e)=>e()}s(Y0,"getMiddleware");var x_=Y0();var Sc=s(async(t,e)=>(!t.internal&&!bt(t.user)&&t.throw(403,"Admin user only endpoint."),e()),"adminOnly");var Ac=s(async(t,e)=>e(),"auditLog");var z0=/\/:(.*?)(\/.*)?$/g,er=s(t=>t?t.map(e=>{let r=e.route,n=e.method,i=r.match(z0);if(i)for(let o of i){let u="/.*"+(o.endsWith("/")?"/":"");r=r.replace(o,u)}return{regex:new RegExp(r),method:n,route:r}}):[],"buildMatcherRegex"),tr=s((t,e)=>e.find(({regex:r,method:n})=>{let i=r.test(t.request.url),o=n==="ALL"?!0:t.request.method.toLowerCase()===n.toLowerCase();return i&&o}),"matches");var Cm={};P(Cm,{SecretOption:()=>N_,compare:()=>eM,decrypt:()=>wc,decryptFile:()=>nM,encrypt:()=>Z0,encryptFile:()=>tM,getSecret:()=>Rm});var vt=B(require("crypto")),Pr=B(require("fs")),Im=require("path"),wm=B(require("zlib"));var _c="aes-256-ctr",P_="-",J0=1e4,X0=32,Oc=16,Dm=16,N_=(r=>(r.API="api",r.ENCRYPTION="encryption",r))(N_||{});function Rm(t){let e,r;switch(t){case"encryption":e=g.ENCRYPTION_KEY,r="ENCRYPTION_KEY";break;case"api":default:e=g.API_ENCRYPTION_KEY,r="API_ENCRYPTION_KEY";break}if(!e)throw new Error(`Secret "${r}" has not been set in environment.`);return e}s(Rm,"getSecret");function Ic(t,e){return vt.default.pbkdf2Sync(t,new Uint8Array(e),J0,X0,"sha512")}s(Ic,"stretchString");function Z0(t,e="api"){let r=vt.default.randomBytes(Oc),n=Ic(Rm(e),r),i=vt.default.createCipheriv(_c,new Uint8Array(n),new Uint8Array(r)),o=i.update(t,"utf8"),a=i.final(),u=Buffer.concat([new Uint8Array(o),new Uint8Array(a)]).toString("hex");return`${r.toString("hex")}${P_}${u}`}s(Z0,"encrypt");function wc(t,e="api"){let[r,n]=t.split(P_),i=Buffer.from(r,"hex"),o=Ic(Rm(e),i),a=vt.default.createDecipheriv(_c,new Uint8Array(o),new Uint8Array(i)),u=a.update(n,"hex"),c=a.final();return Buffer.concat([new Uint8Array(u),new Uint8Array(c)]).toString()}s(wc,"decrypt");function eM(t,e,r="api"){try{let n=new TextEncoder,i=n.encode(wc(e,r)),o=n.encode(t);return i.length!==o.length?!1:vt.default.timingSafeEqual(i,o)}catch{return!1}}s(eM,"compare");async function tM({dir:t,filename:e},r){let n=`${e}.enc`,i=(0,Im.join)(t,e);if(Pr.default.lstatSync(i).isDirectory())throw new Error("Unable to encrypt directory");let o=Pr.default.createReadStream(i),a=Pr.default.createWriteStream((0,Im.join)(t,n)),u=vt.default.randomBytes(Oc),c=vt.default.randomBytes(Dm),l=Ic(r,u),d=vt.default.createCipheriv(_c,new Uint8Array(l),new Uint8Array(c));return a.write(u),a.write(c),o.pipe(wm.default.createGzip()).pipe(d).pipe(a),new Promise(f=>{a.on("finish",()=>{f({filename:n,dir:t})})})}s(tM,"encryptFile");async function rM(t){let e=Pr.default.createReadStream(t),r=await v_(e,Oc),n=await v_(e,Dm);return e.close(),{salt:r,iv:n}}s(rM,"getSaltAndIV");async function nM(t,e,r){if(Pr.default.lstatSync(t).isDirectory())throw new Error("Unable to decrypt directory");let{salt:n,iv:i}=await rM(t),o=Pr.default.createReadStream(t,{start:Oc+Dm}),a=Pr.default.createWriteStream(e),u=Ic(r,n),c=vt.default.createDecipheriv(_c,new Uint8Array(u),new Uint8Array(i)),l=wm.default.createGunzip();return o.pipe(c).pipe(l).pipe(a),new Promise((d,f)=>{a.on("finish",()=>{a.close(),d()}),o.on("error",h=>{a.close(),f(h)}),c.on("error",h=>{a.close(),f(h)}),l.on("error",h=>{a.close(),f(h)}),a.on("error",h=>{a.close(),f(h)})})}s(nM,"decryptFile");function v_(t,e){return new Promise((r,n)=>{let i=0,o=[];t.on("readable",()=>{let a;for(;(a=t.read(e-i))!==null;)o.push(a),i+=a.length;r(Buffer.concat(o.map(u=>new Uint8Array(u))))}),t.on("end",()=>{n(new Error("Insufficient data in the stream."))}),t.on("error",a=>{n(a)})})}s(v_,"readBytes");var bm={};P(bm,{APIWarning:()=>wn,FeatureDisabledWarning:()=>Rc,InvalidAPIKeyWarning:()=>_i,UsageLimitWarning:()=>Dc});var wn=class extends Error{constructor(r,n){super(r);this.code=n}static{s(this,"APIWarning")}},_i=class extends wn{static{s(this,"InvalidAPIKeyWarning")}constructor(){super("Invalid API key","invalid_api_key")}},Dc=class extends wn{constructor(r){super(`Usage limit exceeded: '${r}'`,"usage_limit_exceeded");this.limitName=r}static{s(this,"UsageLimitWarning")}getPublicWarning(){return{limitName:this.limitName}}},Rc=class extends wn{constructor(r){super(`Feature disabled: '${r}'`,"feature_disabled");this.featureName=r,this.status=400}static{s(this,"FeatureDisabledWarning")}getPublicWarning(){return{featureName:this.featureName}}getPublicError(){return{featureName:this.featureName}}};var L_=B(require("dd-trace"));var sM=g.SESSION_UPDATE_PERIOD?parseInt(g.SESSION_UPDATE_PERIOD):60*1e3;function oM(){return new Date(Date.now()-sM).toISOString()}s(oM,"timeMinusOneMinute");function U_(t,e={}){t.publicEndpoint=e.publicEndpoint||!1,t.isAuthenticated=e.authenticated||!1,t.loginMethod=e.loginMethod,t.user=e.user,t.internal=e.internal||!1,t.version=e.version}s(U_,"finalise");async function aM(t,e){if(Qs(t))return{valid:!0,user:void 0};let n=wc(t).split(C)[0];return Ce(n,async()=>{let i;try{let o=Y();i=await Kt("by_api_key",{key:t},o)}catch{i=void 0}if(i)return{valid:!0,user:await xo({userId:i,tenantId:n,populateUser:e})};throw new _i})}s(aM,"checkApiKey");function Cc(t,e){let r=t.request.headers[e];if(Array.isArray(r))throw new Error("Unexpected header format");return r}s(Cc,"getHeader");function bc(t=[],e={publicAllowed:!1}){let r=t?er(t):[];return async(n,i)=>{let o=!1,a=Cc(n,"x-budibase-api-version");tr(n,r)&&(o=!0);try{let c=Cc(n,"x-budibase-token"),l=jt(n,"budibase:auth")||Su(c),d=Cc(n,"x-budibase-api-key");!d&&n.request.headers.authorization&&(d=n.request.headers.authorization.split(" ")[1]);let f=Cc(n,"x-budibase-tenant-id"),h=!1,p,S=!1,m;if(l&&!d){let y=l.sessionId,I=l.userId,O;try{O=await Bp(I,y),e&&e.populateUser?p=await xo({userId:I,tenantId:O.tenantId,email:O.email,populateUser:e.populateUser(n)}):p=await xo({userId:I,tenantId:O.tenantId,email:O.email}),p.csrfToken=O.csrfToken,m="cookie",O?.lastAccessedAt<oM()&&await Fp(O),h=!0}catch(w){h=!1,console.warn(`Auth Error: ${w.message}`),Ar(n,"budibase:auth")}}if(!h&&d){let y=e.populateUser?e.populateUser(n):null,{valid:I,user:O}=await aM(d,y);I&&(h=!0,m="api_key",p=O,S=!O)}!p&&f?p={tenantId:f}:p&&"password"in p&&delete p.password,h||(h=!1);let E=s(y=>y&&y.email,"isUser");return E(p)&&L_.default.setUser({id:p._id,tenantId:p.tenantId,budibaseAccess:p.budibaseAccess,status:p.status}),U_(n,{authenticated:h,user:p,internal:S,version:a,publicEndpoint:o,loginMethod:m}),E(p)?ff(p,n,i):i()}catch(c){if(console.warn(`Auth Error: ${c.message}`),c?.name==="JsonWebTokenError"?Ar(n,"budibase:auth"):c?.code==="invalid_api_key"&&n.throw(403,c.message),e&&e.publicAllowed||o)return U_(n,{authenticated:!1,version:a,publicEndpoint:o}),i();n.throw(c.status||403,c)}}}s(bc,"authenticated");async function xc(t,e){if(t.internal)return e();let r=await cn(t);return!r&&!g.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!ke(t.user)?t.throw(403,"Builder user only endpoint."):r&&!Ai(t.user,r)&&t.throw(403,"Workspace builder user only endpoint."),e()}s(xc,"builderOnly");async function vc(t,e){if(t.internal||bt(t.user))return e();let r=await cn(t);return!r&&!g.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!ke(t.user)?t.throw(403,"Admin/Builder user only endpoint."):r&&!Ai(t.user,r)&&t.throw(403,"Workspace Admin/Builder user only endpoint."),e()}s(vc,"builderOrAdmin");var F_=B(require("crypto"));var M_={"default-src":["'self'"],"script-src":["'self'","'unsafe-eval'","https://*.budibase.net","https://cdn.budi.live","https://js.intercomcdn.com","https://widget.intercom.io","https://d2l5prqdbvm3op.cloudfront.net","https://us-assets.i.posthog.com","https://www.google.com/recaptcha/api.js"],"style-src":["'self'","'unsafe-inline'","https://cdn.jsdelivr.net","https://fonts.googleapis.com","https://rsms.me","https://maxcdn.bootstrapcdn.com"],"object-src":["'none'"],"base-uri":["'self'"],"connect-src":["'self'","https://*.budibase.app","https://*.budibaseqa.app","https://*.budibase.net","https://api-iam.intercom.io","https://api-ping.intercom.io","https://app.posthog.com","https://us.i.posthog.com","wss://nexus-websocket-a.intercom.io","wss://nexus-websocket-b.intercom.io","https://nexus-websocket-a.intercom.io","https://nexus-websocket-b.intercom.io","https://uploads.intercomcdn.com","https://uploads.intercomusercontent.com","https://*.amazonaws.com","https://*.s3.amazonaws.com","https://*.s3.us-east-2.amazonaws.com","https://*.s3.us-east-1.amazonaws.com","https://*.s3.us-west-1.amazonaws.com","https://*.s3.us-west-2.amazonaws.com","https://*.s3.af-south-1.amazonaws.com","https://*.s3.ap-east-1.amazonaws.com","https://*.s3.ap-south-1.amazonaws.com","https://*.s3.ap-northeast-2.amazonaws.com","https://*.s3.ap-southeast-1.amazonaws.com","https://*.s3.ap-southeast-2.amazonaws.com","https://*.s3.ap-northeast-1.amazonaws.com","https://*.s3.ca-central-1.amazonaws.com","https://*.s3.cn-north-1.amazonaws.com","https://*.s3.cn-northwest-1.amazonaws.com","https://*.s3.eu-central-1.amazonaws.com","https://*.s3.eu-west-1.amazonaws.com","https://*.s3.eu-west-2.amazonaws.com","https://*.s3.eu-south-1.amazonaws.com","https://*.s3.eu-west-3.amazonaws.com","https://*.s3.eu-north-1.amazonaws.com","https://*.s3.sa-east-1.amazonaws.com","https://*.s3.me-south-1.amazonaws.com","https://*.s3.us-gov-east-1.amazonaws.com","https://*.s3.us-gov-west-1.amazonaws.com","https://api.github.com","https://d2l5prqdbvm3op.cloudfront.net"],"font-src":["'self'","data:","https://cdn.jsdelivr.net","https://fonts.gstatic.com","https://rsms.me","https://maxcdn.bootstrapcdn.com","https://js.intercomcdn.com","https://fonts.intercomcdn.com"],"frame-src":["'self'","https:"],"img-src":["http:","https:","data:","blob:"],"manifest-src":["'self'"],"media-src":["'self'","https://js.intercomcdn.com","https://cdn.budi.live"],"worker-src":["blob:","'self'"]},k_=/^[A-Za-z0-9-*:/.]+$/,B_=s(async(t,e)=>{let r=F_.default.randomBytes(16).toString("base64");t.state.nonce=r;let n={...M_};n["script-src"]=[...M_["script-src"],`'nonce-${r}'`];let i={"media-src":g.CUSTOM_CSP_MEDIA_SRC,"script-src":g.CUSTOM_CSP_SCRIPT_SRC,"connect-src":g.CUSTOM_CSP_CONNECT_SRC,"img-src":g.CUSTOM_CSP_IMG_SRC,"font-src":g.CUSTOM_CSP_FONT_SRC,"frame-src":g.CUSTOM_CSP_FRAME_SRC};for(let[u,c]of Object.entries(i))if(c){let l=c.split(",").map(d=>d.trim()).filter(d=>k_.test(d));n[u]=[...n[u]||[],...l]}if(t.user?.license?.features.includes("customAppScripts")&&t.appId)try{let u=await ks.getWorkspaceMetadata(t.appId);if("name"in u)for(let c of u.scripts||[]){let l=(c.cspWhitelist||"").split(`
+`);for(let o of i.filter(a=>a))t.push(to.default.readFileSync(o))}return t.push(to.default.readFileSync(QS(HS))),Buffer.concat(t.map(n=>new Uint8Array(n)))}s(oP,"getLogReadStream");function aP(t){return typeof t=="object"&&t!==null&&!(t instanceof Error)}s(aP,"isPlainObject");function uP(t){return t instanceof Error}s(uP,"isError");function cP(t){return typeof t=="string"}s(cP,"isMessage");var Ir;if(!g.DISABLE_PINO_LOGGER){let t=g.LOG_LEVEL,e={level:t,formatters:{level:c=>({level:c.toUpperCase()}),bindings:()=>g.SELF_HOSTED?{service:g.SERVICE_NAME}:{}},timestamp:()=>`,"timestamp":"${new Date(Date.now()).toISOString()}"`},r=[];r.push(g.isDev()?{stream:(0,XS.default)({singleLine:!0}),level:t}:{stream:process.stdout,level:t}),g.SELF_HOSTED&&r.push({stream:Sp(),level:t}),Ir=r.length?(0,Nu.default)(e,Nu.default.multistream(r)):(0,Nu.default)(e);let n=s(c=>{let l,d=[],f="";c.forEach(E=>{cP(E)&&(f=`${f} ${E}`.trimStart()),aP(E)&&d.push(E),uP(E)&&(l=E)});let h=u(),p={};p={tenantId:i(),appId:o(),automationId:a(),identityId:h?._id,identityType:h?.type,correlationId:ap()};let S=_p.default.scope().active();S&&_p.default.inject(S.context(),ZS.formats.LOG,p);let m={err:l,pid:process.pid,...p};if(d.length){let E={},y=0;for(let I=0;I<d.length;I++){let O=d[I],w=O._logKey;w?(delete O._logKey,m[w]=O):(E[y]=O,y++)}Object.keys(E).length&&(m.data=E)}return[m,f]},"getLogParams");console.log=(...c)=>{let[l,d]=n(c);Ir?.info(l,d)},console.info=(...c)=>{let[l,d]=n(c);Ir?.info(l,d)},console.warn=(...c)=>{let[l,d]=n(c);Ir?.warn(l,d)},console.error=(...c)=>{let[l,d]=n(c);Ir?.error(l,d)},console.trace=(...c)=>{let[l,d]=n(c);l.err||(l.err=new Error),Ir?.trace(l,d)},console.debug=(...c)=>{let[l,d]=n(c);Ir?.debug(l,d)};let i=s(()=>{let c;try{c=$()}catch{}return c},"getTenantId"),o=s(()=>{let c;try{c=be()}catch{}return c},"getAppId"),a=s(()=>{let c;try{c=Cf()}catch{}return c},"getAutomationId"),u=s(()=>{let c;try{c=Gt()}catch{}return c},"getIdentity")}var Uu=Ir;var lP=["AccountError"];function dP(t){return t&&t.suppressAlert}s(dP,"isSuppressed");function fn(t,e){e&&lP.includes(e.name)&&dP(e)||console.error(`bb-alert: ${t}`,e)}s(fn,"logAlert");function fP(t,e,r,n){t=`${t} - db: ${e} - doc: ${r} - error: `,fn(t,n)}s(fP,"logAlertWithInfo");function li(t,e){console.warn(`bb-warn: ${t}`,e)}s(li,"logWarn");var Lu=class extends Error{static{s(this,"UnretriableError")}constructor(e){super(e),this.name="PermanentError"}},Op=class{static{s(this,"QueuedProcessor")}constructor(e,r={}){let{maxAttempts:n=3,removeOnFail:i=!0,removeOnComplete:o=!0,maxStalledCount:a=3}=r;this.waitForCompletionMs=r.waitForCompletionMs||1e4,this._queue=new Et(e,{maxStalledCount:a,jobOptions:{attempts:n,removeOnFail:i,removeOnComplete:o}}),this._queue.process(async(u,c)=>{try{let l=await this.processFn(u.data);c?.(null,l)}catch(l){l instanceof Lu&&await u.discard(),fn(`Failed to process job in ${this._queue.name}`,l),c?.(l)}})}async close(e){await this._queue.close(e)}async execute(e){try{let r=await this._queue.add(e);return{success:!0,result:await Ue.withTimeout(this.waitForCompletionMs,()=>r.finished())}}catch(r){if(r.errno!=="ETIME")throw r;return{success:!1,reason:"timeout"}}}};var pP=100,Mu,no=class t{static{s(this,"DocWritethroughProcessor")}static get queue(){return t._queue||(t._queue=new Et("docWritethroughQueue",{jobOptions:{attempts:pP}})),t._queue}init(){return t.queue.process(async e=>{try{await this.persistToDb(e.data)}catch(r){throw r.status===409?new Error(`Conflict persisting message ${e.id}. Attempt ${e.attemptsMade}`):r}}),this}async persistToDb({dbName:e,docId:r,data:n}){if(r.startsWith("scimlog"))return;let i=Re(e),o;try{o=await i.get(r)}catch{o={_id:r}}o={...o,...n},await i.put(o)}},wp=class{static{s(this,"DocWritethrough")}constructor(e,r){this.db=e,this._docId=r}get docId(){return this._docId}async patch(e){await no.queue.add({dbName:this.db.name,docId:this.docId,data:e})}};function eA(){return Mu=new no().init(),Mu}s(eA,"init");function mP(){return Mu||eA()}s(mP,"getProcessor");var so={};P(so,{CacheKey:()=>ye,TTL:()=>hn,bustCache:()=>di,destroy:()=>io,get:()=>gn,keys:()=>ku,store:()=>zt,withCache:()=>wr,withCacheWithDynamicTTL:()=>tA});function Ct(t){let e=$();return`${t}:${e}`}s(Ct,"generateTenantKey");var pn=class{static{s(this,"BaseCache")}constructor(e=void 0){this.client=e}async getClient(){return this.client?this.client:await Mf()}async keys(e){return(await this.getClient()).keys(e)}async exists(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).exists(e)}async scan(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).scan(e)}async get(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).get(e)}async bulkGet(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Ct(i)):e,(await this.getClient()).bulkGet(e)}async store(e,r,n=null,i={useTenancy:!0}){e=i.useTenancy?Ct(e):e,await(await this.getClient()).store(e,r,n)}async bulkStore(e,r=null,n={useTenancy:!0}){n.useTenancy&&(e=Object.entries(e).reduce((o,[a,u])=>(o[Ct(a)]=u,o),{})),await(await this.getClient()).bulkStore(e,r)}async delete(e,r={useTenancy:!0}){return e=r.useTenancy?Ct(e):e,(await this.getClient()).delete(e)}async bulkDelete(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>Ct(i)):e,(await this.getClient()).bulkDelete(e)}async withCache(e,r=null,n,i={useTenancy:!0}){let o=await this.get(e,i);if(o)return o;try{let a=await n();return await this.store(e,a,r,i),a}catch(a){throw console.error("Error fetching before cache - ",a),a}}async withCacheWithDynamicTTL(e,r,n={useTenancy:!0}){let i=await this.get(e,n);if(i)return i;try{let o=await r(),{value:a,ttl:u}=o;return await this.store(e,a,u,{useTenancy:n.useTenancy}),a}catch(o){throw console.error("Error fetching before cache - ",o),o}}async bustCache(e){let r=await this.getClient();try{await r.delete(Ct(e))}catch(n){throw console.error("Error busting cache - ",n),n}}async deleteIfValue(e,r,n={useTenancy:!0}){e=n.useTenancy?Ct(e):e,await(await this.getClient()).deleteIfValue(e,r)}};var mn=new pn,ye={CHECKLIST:"checklist",INSTALLATION:"installation",ANALYTICS_ENABLED:"analyticsEnabled",UNIQUE_TENANT_ID:"uniqueTenantId",EVENTS:"events",BACKFILL_METADATA:"backfillMetadata",EVENTS_RATE_LIMIT:"eventsRateLimit",OAUTH2_TOKEN:t=>`oauth2Token_${t}`},hn=(n=>(n[n.ONE_MINUTE=600]="ONE_MINUTE",n[n.ONE_HOUR=3600]="ONE_HOUR",n[n.ONE_DAY=86400]="ONE_DAY",n))(hn||{}),ku=s((...t)=>mn.keys(...t),"keys"),gn=s((...t)=>mn.get(...t),"get"),zt=s((...t)=>mn.store(...t),"store"),io=s((...t)=>mn.delete(...t),"destroy"),wr=s((...t)=>mn.withCache(...t),"withCache"),tA=s((...t)=>mn.withCacheWithDynamicTTL(...t),"withCacheWithDynamicTTL"),di=s((...t)=>mn.bustCache(...t),"bustCache");var bp={};P(bp,{createCode:()=>_P,deleteCode:()=>IP,getCode:()=>OP,getExistingInvites:()=>Cp,getInviteCodes:()=>uA,updateCode:()=>AP});var yn={};P(yn,{AUTO_EXTEND_POLLING_MS:()=>iA,doWithLock:()=>oo,newRedlock:()=>En});var nA=B(require("redlock"));async function hP(t,e){if(t==="custom")return En(e);switch(t){case"try_once":return En(fi.TRY_ONCE);case"try_twice":return En(fi.TRY_TWICE);case"default":return En(fi.DEFAULT);case"delay_500":return En(fi.DELAY_500);case"auto_extend":return En(fi.AUTO_EXTEND);default:throw _t.unreachable(t)}}s(hP,"getClient");var fi={TRY_ONCE:{retryCount:0},TRY_TWICE:{retryCount:1},DEFAULT:{driftFactor:.01,retryCount:10,retryDelay:200,retryJitter:100},DELAY_500:{retryDelay:500},CUSTOM:{},AUTO_EXTEND:{retryCount:-1}};async function En(t={}){let e={...fi.DEFAULT,...t},n=(await Ff()).client;return new nA.default([n],e)}s(En,"newRedlock");function gP(t){let r=`lock:${t.systemLock?"system":$()}_${t.name}`;return t.resource&&(r=r+`_${t.resource}`),r}s(gP,"getLockName");var iA=pe.fromSeconds(10).toMs();async function oo(t,e){let r=await hP(t.type,t.customOptions),n,i;try{let o=gP(t),a=t.type==="auto_extend"?iA:t.ttl;if(n=await r.lock(o,a),t.type==="auto_extend"){let c=s(()=>{i=setTimeout(async()=>{n=await n.extend(a,()=>t.onExtend&&t.onExtend()),c()},a/2)},"extendInIntervals");c()}return{executed:!0,result:await e()}}catch(o){if(o.name==="LockError"){if(t.type==="try_once")return{executed:!1};throw o}else throw o}finally{clearTimeout(i),await n?.unlock()}}s(oo,"doWithLock");var sA=pe.fromDays(7).toSeconds(),yP=pe.fromSeconds(10).toMs(),Fu="Invitation is not valid or has expired, please request a new one.";function oA(t,e){if(!t)return null;let r=t.tenantId||e;return r?{tenantId:r,invites:t.invites||{}}:null}s(oA,"normaliseInviteList");function TP(t){let e=!1,r=Date.now();for(let[n,i]of Object.entries(t.invites))(!i?.expiresAt||i.expiresAt<=r)&&(delete t.invites[n],e=!0);return{list:t,changed:e}}s(TP,"pruneExpiredInvites");async function Rp(t){let r=await(await Ls()).get(t);return oA(r,t)}s(Rp,"loadInviteList");async function ao(t,e){await(await Ls()).store(t,e)}s(ao,"saveInviteList");async function uo(t,e){let{result:r}=await oo({type:"default",name:"process_user_invite",systemLock:!0,resource:t,ttl:yP},e);return r}s(uo,"withInviteListLock");function SP(t,e){return{code:t,email:e.email,info:e.info}}s(SP,"toInviteWithCode");async function aA(t,e){let r=await Ls(),n=oA(await r.get(e),e);if(!n)throw new Error(Fu);if(!Object.keys(n.invites).includes(t))throw new Error(Fu);return{list:n,invite:n.invites[t]}}s(aA,"findInviteInList");async function AP(t,e){let r={...e.info},n=r.tenantId||$();r.tenantId=n,await uo(n,async()=>{let i=await Rp(n)||{tenantId:n,invites:{}};i.invites[t]={email:e.email,info:r,expiresAt:Date.now()+sA*1e3},await ao(n,i)})}s(AP,"updateCode");async function _P(t,e){let r=ee(),n={...e||{}},i=n.tenantId||$();return n.tenantId=i,await uo(i,async()=>{let o=await Rp(i)||{tenantId:i,invites:{}};o.invites[r]={email:t,info:n,expiresAt:Date.now()+sA*1e3},await ao(i,o)}),r}s(_P,"createCode");async function OP(t,e){let r=e||$();return await uo(r,async()=>{let n=await aA(t,r),{list:i,invite:o}=n;if(o.expiresAt<=Date.now())throw delete i.invites[t],await ao(i.tenantId,i),new Error(Fu);return{email:o.email,info:o.info}})}s(OP,"getCode");async function IP(t,e){let r=e||$();try{await uo(r,async()=>{let n=await aA(t,r);delete n.list.invites[t],await ao(n.list.tenantId,n.list)})}catch(n){if(n instanceof Error&&n.message===Fu)return;throw n}}s(IP,"deleteCode");async function uA(){let t=$(),e=await uo(t,async()=>{let n=await Rp(t)||{tenantId:t,invites:{}},i=TP(n);return n=i.list,i.changed&&await ao(t,n),n}),r=new Map;for(let[n,i]of Object.entries(e.invites))r.set(n,SP(n,i));return Array.from(r.values())}s(uA,"getInviteCodes");async function Cp(t){let e=new Set(t.map(r=>r.toLowerCase()));return(await uA()).filter(r=>e.has(r.email.toLowerCase()))}s(Cp,"getExistingInvites");var xp={};P(xp,{createCode:()=>DP,getCode:()=>RP,invalidateCode:()=>CP});var wP=pe.fromHours(1).toSeconds();async function DP(t,e){let r=ee();return await(await Ms()).store(r,{userId:t,info:e},wP),r}s(DP,"createCode");async function RP(t){let r=await(await Ms()).get(t);if(!r)throw new Error("Provided information is not valid, cannot reset password - please try again.");return r}s(RP,"getCode");async function CP(t){await(await Ms()).delete(t)}s(CP,"invalidateCode");var br={};P(br,{getUser:()=>xo,getUsers:()=>n0,invalidateUser:()=>vo});var co={};P(co,{getPlatformDB:()=>Dr,users:()=>yt});var yt={};P(yt,{addSsoUser:()=>lA,addUser:()=>UP,getUserDoc:()=>cA,lookupTenantId:()=>bP,removeUser:()=>LP,updateUserDoc:()=>xP});function Dr(){return Re(fe.PLATFORM_INFO.name)}s(Dr,"getPlatformDB");async function bP(t){return g.MULTI_TENANCY?(await cA(t)).tenantId:ae}s(bP,"lookupTenantId");async function cA(t){return Dr().get(t)}s(cA,"getUserDoc");async function xP(t){await Dr().put(t)}s(xP,"updateUserDoc");function vP(t,e){return{_id:t,tenantId:e}}s(vP,"newUserIdDoc");function PP(t,e,r){return{_id:e,userId:t,tenantId:r}}s(PP,"newUserEmailDoc");function NP(t,e,r,n){return{_id:t,userId:r,email:e,tenantId:n}}s(NP,"newUserSsoIdDoc");async function vp(t,e){let r=Dr(),n;try{await r.get(t)}catch(i){if(i.status===404)n=e(),await r.put(n);else throw i}}s(vp,"addUserDoc");async function lA(t,e,r,n){return vp(t,()=>NP(t,e,r,n))}s(lA,"addSsoUser");async function UP(t,e,r,n){let i=[vp(e,()=>vP(e,t)),vp(r,()=>PP(e,r,t))];n&&i.push(lA(n,r,e,t)),await Promise.all(i)}s(UP,"addUser");async function LP(t){let e=Dr(),r=[t._id,t.email],n=await e.allDocs({keys:r,include_docs:!0});await e.bulkRemove(n.rows.map(i=>i.doc),{silenceErrors:!0})}s(LP,"removeUser");var Tn={};P(Tn,{getAccount:()=>Rr,getAccountByTenantId:()=>pi,getStatus:()=>MP});var dA=B(require("node-fetch"));var lo=class{static{s(this,"API")}constructor(e){this.host=e}async apiCall(e,r,n){n.headers||(n.headers={}),n.headers["Content-Type"]||(n.headers={"Content-Type":"application/json",Accept:"application/json",...n.headers});let i=n.headers["Content-Type"]==="application/json";zs.setHeader(n.headers);let o={method:e,body:i?JSON.stringify(n.body):n.body,headers:n.headers,credentials:"include"};return await(0,dA.default)(`${this.host}${r}`,o)}async post(e,r){return this.apiCall("POST",e,r)}async get(e,r){return this.apiCall("GET",e,r)}async patch(e,r){return this.apiCall("PATCH",e,r)}async del(e,r){return this.apiCall("DELETE",e,r)}async put(e,r){return this.apiCall("PUT",e,r)}};var Pp=new lo(g.INTERNAL_ACCOUNT_PORTAL_URL),Np=g.SELF_HOSTED||g.DISABLE_ACCOUNT_PORTAL,Rr=s(async t=>{if(Np)return;let e={email:t},r=await Pp.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by email ${t}`);return(await r.json())[0]},"getAccount"),pi=s(async t=>{if(Np)return;let e={tenantId:t},r=await Pp.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by tenantId ${t}`);return(await r.json())[0]},"getAccountByTenantId"),MP=s(async()=>{if(Np)return;let t=await Pp.get("/api/status",{headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}}),e=await t.json();if(t.status!==200)throw new Error("Error getting status");return e},"getStatus");var yi={};P(yi,{UserDB:()=>xt,addAppBuilder:()=>ZL,bulkGetGlobalUsersById:()=>uc,bulkUpdateGlobalUsers:()=>Ro,cleanseUserObject:()=>tm,creatorsInList:()=>_n,doesUserExist:()=>HL,getAccountHolderFromUsers:()=>ac,getAllUserIds:()=>QL,getAllUsers:()=>jL,getById:()=>On,getCreatorCount:()=>JL,getExistingAccounts:()=>Ei,getExistingPlatformUsers:()=>ZA,getExistingTenantUsers:()=>XA,getFirstPlatformUser:()=>wo,getGlobalUserByAppPage:()=>o_,getGlobalUserByEmail:()=>At,getPlatformUsers:()=>nc,getUserCount:()=>zL,hasAdminPermissions:()=>Cr,hasAppBuilderPermissions:()=>r_,hasBuilderPermissions:()=>ke,isAdmin:()=>bt,isAdminOrBuilder:()=>t_,isAdminOrWorkspaceBuilder:()=>ic,isBuilder:()=>Ai,isCreatorAsync:()=>Do,isCreatorSync:()=>sc,isGlobalBuilder:()=>e_,paginatedUsers:()=>u_,removeAppBuilder:()=>e0,removePortalUserPermissions:()=>XL,searchExistingEmails:()=>zp,searchGlobalUsersByApp:()=>s_,searchGlobalUsersByAppAccess:()=>em,searchGlobalUsersByEmail:()=>a_,validateUniqueUser:()=>oc});var ju={};P(ju,{ActiveContentFileError:()=>$u,BadRequestError:()=>po,BudibaseError:()=>fo,EmailUnavailableError:()=>Jt,FeatureDisabledError:()=>qu,ForbiddenError:()=>Gu,HTTPError:()=>Me,NotFoundError:()=>Wu,NotImplementedError:()=>Vu,UnexpectedError:()=>Bu,UsageLimitError:()=>Ku,getErrorMessage:()=>fA,getPublicError:()=>Qu});var fo=class extends Error{constructor(r,n){super(r);this.code=n}static{s(this,"BudibaseError")}};function fA(t){if(t==null)return"No error provided.";if(t instanceof Error)return t.message;if(typeof t=="string")return t;if(typeof t=="object"&&"message"in t)return String(t.message);try{let r=JSON.stringify(t);if(r!=="{}")return r}catch{}let e=String(t);return e!=="[object Object]"?e:"An unknown error occurred"}s(fA,"getErrorMessage");var Qu=s(t=>{let e;return t.code&&(e={code:t.code},t.getPublicError&&(e={...e,...t.getPublicError()})),e},"getPublicError"),Me=class t extends fo{constructor(r,n,i="http"){super(r,i);this.status=n}static{s(this,"HTTPError")}static async fromResponse(r){let n=await r.text(),i=n,o=r.status,a="http";try{let u=JSON.parse(n);i=u.error?.message||u.message,o=u.status??r.status,a=u.error?.code??r.statusText}catch{}return new t(i,o,a)}},Bu=class extends Me{static{s(this,"UnexpectedError")}constructor(e){super(e,500)}},Wu=class extends Me{static{s(this,"NotFoundError")}constructor(e){super(e,404)}},po=class extends Me{static{s(this,"BadRequestError")}constructor(e){super(e,400)}},$u=class extends po{static{s(this,"ActiveContentFileError")}constructor(e){super(`File "${e}" contains active content which is not permitted`)}},Gu=class extends Me{static{s(this,"ForbiddenError")}constructor(e){super(e,403)}},Vu=class extends Me{static{s(this,"NotImplementedError")}constructor(e){super(e,501)}},qu=class extends Error{static{s(this,"FeatureDisabledError")}constructor(e){super(`Feature disabled: '${e}'`)}},Ku=class extends Error{static{s(this,"UsageLimitError")}constructor(e){super(`Usage limit exceeded: '${e}'`)}},Jt=class extends Error{static{s(this,"EmailUnavailableError")}constructor(e){super(`Email already in use: '${e}'`)}};var kp={};P(kp,{PASSWORD_MAX_LENGTH:()=>Lp,PASSWORD_MIN_LENGTH:()=>Up,validatePassword:()=>Mp});var Up=+(g.PASSWORD_MIN_LENGTH||12),Lp=+(g.PASSWORD_MAX_LENGTH||512);function Mp(t){return!t||t.length<Up?{valid:!1,error:`Password invalid. Minimum ${Up} characters.`}:t.length>Lp?{valid:!1,error:`Password invalid. Maximum ${Lp} characters.`}:{valid:!0}}s(Mp,"validatePassword");var Hu={};P(Hu,{createASession:()=>kP,endSession:()=>FP,getSession:()=>Bp,getSessionsForUser:()=>mo,invalidateSessions:()=>Sn,updateSessionTTL:()=>Fp});var mA=require("uuid");var hA=g.SESSION_EXPIRY_SECONDS?parseInt(g.SESSION_EXPIRY_SECONDS):pe.fromDays(7).toSeconds();function mi(t,e){return`${t}/${e}`}s(mi,"makeSessionID");async function mo(t){return t?(await(await yr()).scan(t)).map(n=>n.value):(console.trace("Cannot get sessions for undefined userId"),[])}s(mo,"getSessionsForUser");async function Sn(t,e={}){try{let r=e?.reason||"unknown",n=e.sessionIds||[],i;if(n.length===0?i=(await mo(t)).map(a=>({key:mi(a.userId,a.sessionId)})):(n=Array.isArray(n)?n:[n],i=n.map(o=>({key:mi(t,o)}))),i&&i.length>0){let o=await yr(),a=[];for(let u of i)a.push(o.delete(u.key));g.isTest()||li(`Invalidating sessions for ${t} (reason: ${r}) - ${i.map(u=>u.key).join(", ")}`),await Promise.all(a)}}catch(r){console.error(`Error invalidating sessions: ${r}`)}}s(Sn,"invalidateSessions");async function kP(t,e){let r=await mo(t),n=0;if(r.length>=3){let l=r.sort((h,p)=>new Date(h.createdAt).getTime()-new Date(p.createdAt).getTime()),d=r.length-3+1,f=l.slice(0,d).map(h=>h.sessionId);n=f.length,await Sn(t,{sessionIds:f,reason:"session limit exceeded"})}let i=await yr(),o=e.sessionId,a=e.csrfToken?e.csrfToken:(0,mA.v4)(),u=mi(t,o),c={...e,csrfToken:a,createdAt:new Date().toISOString(),lastAccessedAt:new Date().toISOString(),userId:t};return await i.store(u,c,hA),{session:c,invalidatedSessionCount:n}}s(kP,"createASession");async function Fp(t){let e=await yr(),r=mi(t.userId,t.sessionId);t.lastAccessedAt=new Date().toISOString(),await e.store(r,t,hA)}s(Fp,"updateSessionTTL");async function FP(t,e){await(await yr()).delete(mi(t,e))}s(FP,"endSession");async function Bp(t,e){if(!t||!e)throw new Error(`Invalid session details - ${t} - ${e}`);let n=await(await yr()).get(mi(t,e));if(!n)throw new Error(`Session not found - ${t} - ${e}`);return n}s(Bp,"getSession");var gi={};P(gi,{account:()=>RA,action:()=>CA,ai:()=>bA,analytics:()=>zu,app:()=>xA,asyncEventQueue:()=>Tt,auditLog:()=>vA,auth:()=>rc,automation:()=>PA,backfill:()=>NA,backfillCache:()=>Zu,backup:()=>UA,datasource:()=>LA,email:()=>MA,environmentVariable:()=>kA,group:()=>FA,identification:()=>St,initAsyncEvents:()=>NL,installation:()=>To,layout:()=>BA,license:()=>WA,org:()=>$A,plugin:()=>GA,processors:()=>Kp,publishEvent:()=>A,query:()=>VA,resource:()=>qA,role:()=>Io,rowAction:()=>KA,rows:()=>QA,screen:()=>jA,serve:()=>HA,shutdown:()=>UL,table:()=>YA,user:()=>Fe,view:()=>zA,workspace:()=>JA});var zu={};P(zu,{enabled:()=>Yu});var Yu=s(async()=>Ju(),"enabled");var Tt;function Xu(){Tt=new Et("systemEventQueue",{jobTags:t=>({"event.name":t.event})})}s(Xu,"init");async function gA(){Tt&&await Tt.close()}s(gA,"shutdown");async function EA(t){Tt||Xu();let{event:e,identity:r}=t;nh.indexOf(e)!==-1&&r.tenantId&&await Tt.add(t)}s(EA,"publishAsyncEvent");var Zu={};P(Zu,{end:()=>WP,isAlreadySent:()=>Gp,isBackfillingEvent:()=>$p,recordEvent:()=>Wp,start:()=>BP});var BP=s(async t=>GP({eventWhitelist:t}),"start"),Wp=s(async(t,e)=>{let r=Vp(t,e);await zt(r,e,void 0,{useTenancy:!1})},"recordEvent"),WP=s(async()=>{await VP(),await qP()},"end"),$P=s(async()=>gn(ye.BACKFILL_METADATA),"getBackfillMetadata"),GP=s(async t=>zt(ye.BACKFILL_METADATA,t),"saveBackfillMetadata"),VP=s(async()=>{await io(ye.BACKFILL_METADATA)},"deleteBackfillMetadata"),qP=s(async()=>{let t=Vp(),e=await ku(t);for(let r of e)await io(r,{useTenancy:!1})},"clearEvents"),$p=s(async t=>{let r=(await $P())?.eventWhitelist;return!!(r&&r.includes(t))},"isBackfillingEvent"),Gp=s(async(t,e)=>{let r=Vp(t,e);return!!await gn(r,{useTenancy:!1})},"isAlreadySent"),KP={"automation:created":t=>t.automationId,"automation:step:created":t=>t.stepId,"datasource:created":t=>t.datasourceId,"layout:created":t=>t.layoutId,"query:created":t=>t.queryId,"role:created":t=>t.roleId,"screen:created":t=>t.screenId,"table:created":t=>t.tableId,"view:created":t=>t.tableId,"view:calculation:created":t=>t.tableId,"view:filter:created":t=>t.tableId,"app:created":t=>t.appId,"app:published":t=>t.appId,"auth:sso:created":t=>t.type,"auth:sso:activated":t=>t.type,"user:created":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:builder:assigned":t=>t.userId,"role:assigned":t=>`${t.roleId}-${t.userId}`},Vp=s((t,e)=>{let r,n=$();if(t){r=`${ye.EVENTS}:${n}:${t}`;let i=KP[t],o=i?i(e):void 0;o&&(r=`${r}:${o}`)}else r=`${ye.EVENTS}:${n}:*`;return r},"getEventKey");var Kp={};P(Kp,{analyticsProcessor:()=>IA,init:()=>tN,processors:()=>Zt});var _A=require("posthog-node");var QP=s(t=>t==="served:builder"||t==="served:app:preview"||t==="served:app","isRateLimited"),jP=s(t=>t==="served:app:preview"||t==="served:app","isPerApp");var TA={"served:app":"calendarDay","served:app:preview":"calendarDay","served:builder":"calendarDay"},SA=s(async t=>{if(!QP(t))return!1;let e=await HP(t);if(e){let r=new Date(e.timestamp);switch(TA[t]){case"calendarDay":return r.setDate(r.getDate()+1),r.setHours(0,0,0,0),Date.now()>r.getTime()?(await yA(t,{timestamp:Date.now()}),!1):!0}}else return await yA(t,{timestamp:Date.now()}),!1},"limited"),AA=s(t=>{let e=`${ye.EVENTS_RATE_LIMIT}:${t}`;return jP(t)&&(e=e+":"+be()),e},"eventKey"),HP=s(async t=>{let e=AA(t);return await gn(e)},"readEvent"),yA=s(async(t,e)=>{let r=AA(t),n=TA[t],i;switch(n){case"calendarDay":i=86400}await zt(r,e,i)},"recordEvent");var zP=["user:updated","email:smtp:updated","auth:sso:updated","app:updated","role:updated","datasource:updated","query:updated","view:updated","view:calculation:updated","automation:trigger:updated","user_group:updated"],ho=class{static{s(this,"PosthogProcessor")}constructor(e){if(!e)throw new Error("Posthog token is not defined");this.posthog=new _A.PostHog(e)}async processEvent(e,r,n,i){if(zP.includes(e)||await SA(e))return;n=this.clearPIIProperties(n),n.version=g.VERSION,n.service=g.SERVICE,n.environment=r.environment,n.hosting=r.hosting;let o=be();o&&(n.appId=o);let a={distinctId:r.id,event:e,properties:n};i&&(a.timestamp=new Date(i)),(r.installationId||r.tenantId)&&(a.groups={},r.installationId&&(a.groups.installation=r.installationId,a.properties.installationId=r.installationId),r.tenantId&&(a.groups.tenant=r.tenantId,a.properties.tenantId=r.tenantId)),this.posthog.capture(a)}clearPIIProperties(e){return e.email&&delete e.email,e.audited&&delete e.audited,e}async identify(e,r){let n={distinctId:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.identify(n)}async identifyGroup(e,r){let n={distinctId:e.id,groupType:e.type,groupKey:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.groupIdentify(n)}async shutdown(){await this.posthog.shutdown()}};var OA=ho;var JP=["installation:version:upgraded","installation:version:downgraded"],XP=["installation","tenant"],go=class{static{s(this,"AnalyticsProcessor")}constructor(){g.POSTHOG_TOKEN&&!g.isTest()&&(this.posthog=new OA(g.POSTHOG_TOKEN))}async processEvent(e,r,n,i){!JP.includes(e)&&!await Yu()||this.posthog&&await this.posthog.processEvent(e,r,n,i)}async identify(e,r){!XP.includes(e.type)&&!await Yu()||this.posthog&&await this.posthog.identify(e,r)}async identifyGroup(e,r){this.posthog&&await this.posthog.identifyGroup(e,r)}async shutdown(){this.posthog&&await this.posthog.shutdown()}};var qp=g.SELF_HOSTED&&!g.isDev(),Eo=class{static{s(this,"LoggingProcessor")}async processEvent(e,r,n){qp||console.log(`[audit] [identityType=${r.type}] ${e}`,n)}async identify(e){qp||console.log("[audit] identified",e)}async identifyGroup(e){qp||console.log("[audit] group identified",e)}async shutdown(){}};var hi=class t{static{s(this,"AuditLogsProcessor")}static{this.auditLogsEnabled=!1}static init(e){t.auditLogsEnabled=!0;let r=e;return t.auditLogQueue=new Et("auditLogQueue",{jobTags:n=>({"event.name":n.event})}),t.auditLogQueue.process(async n=>{await Ce(n.data.tenantId,async()=>{let i=n.data.properties;i.audited&&(i={...i,...i.audited},delete i.audited);let o={};g.ENABLE_AUDIT_LOG_IP_ADDR&&(o=n.data.opts.hostInfo),await r(n.data.event,i,{userId:n.data.opts.userId,timestamp:n.data.opts.timestamp,appId:n.data.opts.appId,hostInfo:o})})})}async processEvent(e,r,n,i){if(t.auditLogsEnabled&&Xf(e)){let o=r.type==="user"?r.id:void 0;await t.auditLogQueue.add({event:e,properties:n,opts:{userId:o,timestamp:i,appId:be(),hostInfo:r.hostInfo},tenantId:$()})}}async identify(){}async identifyGroup(){}async shutdown(){await t.auditLogQueue?.close()}};var yo=class{constructor(e){this.initialised=!1;this.processors=[];this.processors=e}static{s(this,"Processor")}async processEvent(e,r,n,i){for(let o of this.processors)await o.processEvent(e,r,n,i)}async identify(e,r){for(let n of this.processors)n.identify&&await n.identify(e,r)}async identifyGroup(e,r){for(let n of this.processors)n.identifyGroup&&await n.identifyGroup(e,r)}async shutdown(){for(let e of this.processors)e.shutdown&&await e.shutdown()}};var IA=new go,ZP=new Eo,eN=new hi;function tN(t){return hi.init(t)}s(tN,"init");var Zt=new yo([IA,ZP,eN]);var ec={};P(ec,{checkInstallVersion:()=>iN,getInstall:()=>So,getInstallFromDB:()=>jp});var Qp=B(require("semver"));var So=s(async()=>wr(ye.INSTALLATION,86400,jp,{useTenancy:!1}),"getInstall");async function rN(t){let e={_id:fe.PLATFORM_INFO.docs.install,installId:ee(),version:g.VERSION};try{let r=await t.put(e);return e._rev=r.rev,e}catch(r){if(r.status===409)return jp();throw r}}s(rN,"createInstallDoc");var jp=s(async()=>je(fe.PLATFORM_INFO.name,async t=>{let e;try{e=await t.get(fe.PLATFORM_INFO.docs.install)}catch(r){if(r.status===404)e=await rN(t);else throw r}return e}),"getInstallFromDB"),nN=s(async t=>{try{await je(fe.PLATFORM_INFO.name,async e=>{let r=await So();r.version=t,await e.put(r),await di(ye.INSTALLATION)})}catch(e){if(e.status===409)return!1;throw e}return!0},"updateVersion"),iN=s(async()=>{let t=await So(),e=t.version,r=g.VERSION;try{if(e!==r){let n=Qp.default.gt(r,e),i=Qp.default.lt(r,e);await nN(r)&&(await Cs({_id:t.installId,type:"installation"},async()=>{n?await To.upgraded(e,r):i&&await To.downgraded(e,r)}),await St.identifyInstallationGroup(t.installId))}}catch(n){n?.message?.includes("Invalid Version")?fn(`Invalid version "${r}" - is it semver?`):fn("Failed to retrieve version",n)}},"checkInstallVersion");var sN=s(async()=>{let t=lf(),e=Oo(),r;if(t?r=t.type:r="tenant",r==="installation"){let n=await An(),i=Ao();return{id:wA(n,r),hosting:i,type:r,installationId:n,environment:e}}else if(r==="tenant"){let n=await An(),i=await tc($()),o=Ao();return{id:wA(i,r),type:r,hosting:o,installationId:n,tenantId:i,realTenantId:$(),environment:e}}else if(r==="user"){let n=t,i=await tc($()),o=await An(),a=n.account,u;return a?u=a.hosting:u=Ao(),{id:n._id,type:r,hosting:u,installationId:o,tenantId:i,environment:e,realTenantId:$(),hostInfo:n.hostInfo}}else throw new Error("Unknown identity type")},"getCurrentIdentity"),oN=s(async(t,e)=>{let r=t,n="installation",i=Ao(),o=g.VERSION,a=Oo(),u={id:r,type:n,hosting:i,version:o,environment:a};await Hp(u,e),await _o({...u,id:`$${n}_${r}`},e)},"identifyInstallationGroup"),aN=s(async(t,e,r,n=g.VERSION)=>{let i=await tc(t),o="tenant",a=await An(),u=Oo(),c={id:i,type:o,hosting:e,environment:u,installationId:a,createdAt:r,createdVersion:n};await Hp(c,r),await _o({...c,id:`$${o}_${i}`},r)},"identifyTenantGroup"),uN=s(async(t,e,r)=>{let n=t._id,i=await tc(t.tenantId),o="user",a=ke(t),u=Cr(t),c;Ho(t)&&(c=t.providerType);let d=(await Ei([t.email])).length>0,f=!!e&&d&&e.verified,h=await An(),p=e?e.hosting:Ao(),S=Oo();await _o({id:n,type:o,hosting:p,installationId:h,tenantId:i,verified:f,accountHolder:d,providerType:c,builder:a,admin:u,environment:S},r)},"identifyUser"),cN=s(async t=>{let e=t.accountId,r=t.tenantId,n="user",i=jo(t)?t.providerType:void 0,o=t.verified,a=!0,u=t.hosting,c=await An(),l=Oo();if(Qo(t)){let f=await At(t.email);f?._id&&(e=f._id)}await _o({id:e,type:n,hosting:u,installationId:c,tenantId:r,providerType:i,verified:o,accountHolder:a,environment:l})},"identifyAccount"),_o=s(async(t,e)=>{await Zt.identify(t,e)},"identify"),Hp=s(async(t,e)=>{await Zt.identifyGroup(t,e)},"identifyGroup"),Oo=s(()=>g.isDev()?"development":g.DEPLOYMENT_ENVIRONMENT,"getDeploymentEnvironment"),Ao=s(()=>g.SELF_HOSTED?"self":"cloud","getHostingFromEnv"),An=s(async()=>lN()?"account-portal":(await So()).installId,"getInstallationId"),tc=s(async t=>g.SELF_HOSTED?DA(t):t,"getEventTenantId"),DA=s(async t=>Ce(t,()=>wr(ye.UNIQUE_TENANT_ID,86400,async()=>{let e=Y(),r=await Ti(),n;return r.config.uniqueTenantId?r.config.uniqueTenantId:(n=`${ee()}_${t}`,r.config.uniqueTenantId=n,r.config.createdVersion=g.VERSION,await e.put(r),n)})),"getUniqueTenantId"),lN=s(()=>g.SERVICE==="account-portal","isAccountPortal"),wA=s((t,e)=>e==="installation"||e==="tenant"?`$${e}_${t}`:t,"formatDistinctId"),St={getCurrentIdentity:sN,identifyInstallationGroup:oN,identifyTenantGroup:aN,identifyUser:uN,identifyAccount:cN,identify:_o,identifyGroup:Hp,getInstallationId:An,getUniqueTenantId:DA};var A=s(async(t,e,r,n)=>{let i=n||await St.getCurrentIdentity();if(!(n?!1:await $p(t))){await EA({event:t,identity:i,properties:e,timestamp:r}),await Zt.processEvent(t,i,e,r);return}await Gp(t,e)||(await Zt.processEvent(t,i,e,r),await Wp(t,e))},"publishEvent");async function dN(t,e){let r={tenantId:t.tenantId};await A("account:created",r,void 0,e)}s(dN,"created");async function fN(t){let e={tenantId:t.tenantId};await A("account:deleted",e)}s(fN,"deleted");async function pN(t){let e={tenantId:t.tenantId};await A("account:verified",e)}s(pN,"verified");var RA={created:dN,deleted:fN,verified:pN};async function mN(t,e){console.info("action:automation_step:executed",`disabled. Action step ${t.stepId} not published at ${e}`)}s(mN,"automationStepExecuted");async function hN(t,e){console.info("action:automation_step:executed",`disabled. Action type ${t.type} not published at ${e}`)}s(hN,"crudExecuted");async function gN(t,e){console.info("action:automation_step:executed",`disabled. Execution for ai agent ${t.agentId} not published at ${e}`)}s(gN,"aiAgentExecuted");var CA={aiAgentExecuted:gN,automationStepExecuted:mN,crudExecuted:hN};async function EN(t){let e={};await A("ai:config:created",e,t)}s(EN,"AIConfigCreated");async function yN(){let t={};await A("ai:config:updated",t)}s(yN,"AIConfigUpdated");var bA={AIConfigCreated:EN,AIConfigUpdated:yN};var TN=s(async(t,e)=>{let r={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:created",r,e)},"created");async function SN(t){let e={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:updated",e)}s(SN,"updated");async function AN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:deleted",e)}s(AN,"deleted");async function _N(t,e){let r={appId:t.appId,audited:{name:t.name}};await A("app:published",r,e)}s(_N,"published");async function ON(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:unpublished",e)}s(ON,"unpublished");async function IN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:file:imported",e)}s(IN,"fileImported");async function wN(t,e){let r={duplicateAppId:e,appId:t.appId,audited:{name:t.name}};await A("app:duplicated",r)}s(wN,"duplicated");async function DN(t,e){let r={appId:t.appId,templateKey:e,audited:{name:t.name}};await A("app:template:imported",r)}s(DN,"templateImported");async function RN(t,e,r){let n={appId:t.appId,currentVersion:e,updatedToVersion:r,audited:{name:t.name}};await A("app:version:updated",n)}s(RN,"versionUpdated");async function CN(t,e,r){let n={appId:t.appId,currentVersion:e,revertedToVersion:r,audited:{name:t.name}};await A("app:version:reverted",n)}s(CN,"versionReverted");async function bN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:reverted",e)}s(bN,"reverted");async function xN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:exported",e)}s(xN,"exported");var xA={created:TN,updated:SN,deleted:AN,published:_N,unpublished:ON,fileImported:IN,duplicated:wN,templateImported:DN,versionUpdated:RN,versionReverted:CN,reverted:bN,exported:xN};async function vN(t){let e={filters:t};await A("audit_log:filtered",e)}s(vN,"filtered");async function PN(t){let e={filters:t};await A("audit_log:downloaded",e)}s(PN,"downloaded");var vA={filtered:vN,downloaded:PN};async function NN(t,e){let n={userId:(await St.getCurrentIdentity()).id,source:t,audited:{email:e}};await A("auth:login",n)}s(NN,"login");async function UN(t){let r={userId:(await St.getCurrentIdentity()).id,audited:{email:t}};await A("auth:logout",r)}s(UN,"logout");async function LN(t,e){let r={type:t};await A("auth:sso:created",r,e)}s(LN,"SSOCreated");async function MN(t){let e={type:t};await A("auth:sso:updated",e)}s(MN,"SSOUpdated");async function kN(t,e){let r={type:t};await A("auth:sso:activated",r,e)}s(kN,"SSOActivated");async function FN(t){let e={type:t};await A("auth:sso:deactivated",e)}s(FN,"SSODeactivated");var rc={login:NN,logout:UN,SSOCreated:LN,SSOUpdated:MN,SSOActivated:kN,SSODeactivated:FN};async function BN(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:created",r,e)}s(BN,"created");async function WN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:trigger:updated",e)}s(WN,"triggerUpdated");async function $N(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:deleted",e)}s($N,"deleted");async function GN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:tested",e)}s(GN,"tested");var VN=s(async(t,e)=>{let r={count:t};await A("automations:run",r,e)},"run");async function qN(t,e,r){let n={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:created",n,r)}s(qN,"stepCreated");async function KN(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:deleted",r)}s(KN,"stepDeleted");var PA={created:BN,triggerUpdated:WN,deleted:$N,tested:GN,run:VN,stepCreated:qN,stepDeleted:KN};var Si=!g.SELF_HOSTED&&!g.isDev();async function QN(t){Si||await A("app:backfill:succeeded",t)}s(QN,"appSucceeded");async function jN(t){if(Si)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("app:backfill:failed",e)}s(jN,"appFailed");async function HN(t){Si||await A("tenant:backfill:succeeded",t)}s(HN,"tenantSucceeded");async function YN(t){if(Si)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("tenant:backfill:failed",e)}s(YN,"tenantFailed");async function zN(){if(Si)return;let t={};await A("installation:backfill:succeeded",t)}s(zN,"installationSucceeded");async function JN(t){if(Si)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("installation:backfill:failed",e)}s(JN,"installationFailed");var NA={appSucceeded:QN,appFailed:jN,tenantSucceeded:HN,tenantFailed:YN,installationSucceeded:zN,installationFailed:JN};async function XN(t){let e={appId:t.appId,restoreId:t._id,backupCreatedAt:t.timestamp,name:t.name};await A("app:backup:restored",e)}s(XN,"appBackupRestored");async function ZN(t,e,r,n,i){let o={appId:t,backupId:e,type:r,trigger:n,name:i};await A("app:backup:triggered",o)}s(ZN,"appBackupTriggered");var UA={appBackupRestored:XN,appBackupTriggered:ZN};function Yp(t){return!Object.values(Go).includes(t.source)}s(Yp,"isCustom");async function eU(t,e){let r={datasourceId:t._id,source:t.source,custom:Yp(t)};await A("datasource:created",r,e)}s(eU,"created");async function tU(t){let e={datasourceId:t._id,source:t.source,custom:Yp(t)};await A("datasource:updated",e)}s(tU,"updated");async function rU(t){let e={datasourceId:t._id,source:t.source,custom:Yp(t)};await A("datasource:deleted",e)}s(rU,"deleted");var LA={created:eU,updated:tU,deleted:rU};async function nU(t){let e={};await A("email:smtp:created",e,t)}s(nU,"SMTPCreated");async function iU(){let t={};await A("email:smtp:updated",t)}s(iU,"SMTPUpdated");var MA={SMTPCreated:nU,SMTPUpdated:iU};async function sU(t,e){let r={name:t,environments:e};await A("environment_variable:created",r)}s(sU,"created");async function oU(t){let e={name:t};await A("environment_variable:deleted",e)}s(oU,"deleted");async function aU(t){let e={userId:t};await A("environment_variable:upgrade_panel_opened",e)}s(aU,"upgradePanelOpened");var kA={created:sU,deleted:oU,upgradePanelOpened:aU};async function uU(t,e){let r={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:created",r,e)}s(uU,"created");async function cU(t){let e={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:updated",e)}s(cU,"updated");async function lU(t){let e={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:deleted",e)}s(lU,"deleted");async function dU(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:gt(),audited:{name:e.name}};await A("user_group:user_added",n)}s(dU,"usersAdded");async function fU(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:gt(),audited:{name:e.name}};await A("user_group:users_deleted",n)}s(fU,"usersDeleted");async function pU(t){let e={groupId:t,onboarding:!0};await A("user_group:onboarding_added",e)}s(pU,"createdOnboarding");async function mU(t){let e={permissions:t.roles,groupId:t._id,audited:{name:t.name}};await A("user_group:permissions_edited",e)}s(mU,"permissionsEdited");var FA={created:uU,updated:cU,deleted:lU,usersAdded:dU,usersDeleted:fU,createdOnboarding:pU,permissionsEdited:mU};async function hU(t){let e={currentVersion:t};await A("installation:version:checked",e)}s(hU,"versionChecked");async function gU(t,e){let r={from:t,to:e};await A("installation:version:upgraded",r)}s(gU,"upgraded");async function EU(t,e){let r={from:t,to:e};await A("installation:version:downgraded",r)}s(EU,"downgraded");async function yU(){let t={};await A("installation:firstStartup",t)}s(yU,"firstStartup");var To={versionChecked:hU,upgraded:gU,downgraded:EU,firstStartup:yU};async function TU(t,e){let r={layoutId:t._id};await A("layout:created",r,e)}s(TU,"created");async function SU(t){let e={layoutId:t};await A("layout:deleted",e)}s(SU,"deleted");var BA={created:TU,deleted:SU};async function AU(t,e){let r={accountId:t.accountId,...e};await A("license:plan:changed",r)}s(AU,"planChanged");async function _U(t){let e={accountId:t.accountId};await A("license:activated",e)}s(_U,"activated");async function OU(t){let e={accountId:t.accountId};await A("license:checkout:opened",e)}s(OU,"checkoutOpened");async function IU(t){let e={accountId:t.accountId};await A("license:checkout:success",e)}s(IU,"checkoutSuccess");async function wU(t){let e={accountId:t.accountId};await A("license:portal:opened",e)}s(wU,"portalOpened");async function DU(t){let e={accountId:t.accountId};await A("license:payment:failed",e)}s(DU,"paymentFailed");async function RU(t){let e={accountId:t.accountId};await A("license:payment:recovered",e)}s(RU,"paymentRecovered");var WA={planChanged:AU,activated:_U,checkoutOpened:OU,checkoutSuccess:IU,portalOpened:wU,paymentFailed:DU,paymentRecovered:RU};async function CU(t){let e={};await A("org:info:name:updated",e,t)}s(CU,"nameUpdated");async function bU(t){let e={};await A("org:info:logo:updated",e,t)}s(bU,"logoUpdated");async function xU(t){let e={};await A("org:platformurl:updated",e,t)}s(xU,"platformURLUpdated");async function vU(){let t={};await A("analytics:opt:out",t)}s(vU,"analyticsOptOut");async function PU(){let t={};await A("analytics:opt:out",t)}s(PU,"analyticsOptIn");var $A={nameUpdated:CU,logoUpdated:bU,platformURLUpdated:xU,analyticsOptOut:vU,analyticsOptIn:PU};async function NU(t){let e={type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:init",e)}s(NU,"init");async function UU(t){let e={pluginId:t._id,type:t.schema.type,source:t.source,name:t.name,description:t.description,version:t.version};await A("plugin:imported",e)}s(UU,"imported");async function LU(t){let e={pluginId:t._id,type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:deleted",e)}s(LU,"deleted");var GA={init:NU,imported:UU,deleted:LU};var MU=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:created",n,r)},"created"),kU=s(async(t,e)=>{let r={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:updated",r)},"updated"),FU=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb,appId:r};await A("query:deleted",n)},"deleted"),BU=s(async(t,e,r)=>{let n={datasourceId:t._id,source:t.source,count:r,importSource:e};await A("query:import",n)},"imported"),WU=s(async(t,e)=>{let r={count:t};await A("queries:run",r,e)},"run"),$U=s(async(t,e)=>{let r={queryId:e.queryId,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:previewed",r)},"previewed"),VA={created:MU,updated:kU,deleted:FU,imported:BU,run:WU,previewed:$U};async function GU({resource:t,fromWorkspace:e,toWorkspace:r},n){let i={resource:t,fromWorkspace:e,toWorkspace:r};await A("resource:copied_to_workspace",i,n)}s(GU,"duplicatedToWorkspace");var qA={duplicatedToWorkspace:GU};async function VU(t,e){let r={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:created",r,e)}s(VU,"created");async function qU(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:updated",e)}s(qU,"updated");async function KU(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:deleted",e)}s(KU,"deleted");async function QU(t,e,r){let n={userId:t._id,roleId:e};await A("role:assigned",n,r)}s(QU,"assigned");async function jU(t,e){let r={userId:t._id,roleId:e};await A("role:unassigned",r)}s(jU,"unassigned");var Io={created:VU,updated:qU,deleted:KU,assigned:QU,unassigned:jU};async function HU(t,e){await A("row_action:created",t,e)}s(HU,"created");var KA={created:HU};var YU=s(async(t,e)=>{let r={count:t};await A("rows:created",r,e)},"created"),zU=s(async(t,e)=>{let r={tableId:t._id,count:e};await A("rows:imported",r)},"imported"),QA={created:YU,imported:zU};async function JU(t,e){let r={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:created",r,e)}s(JU,"created");async function XU(t){let e={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:deleted",e)}s(XU,"deleted");var jA={created:JU,deleted:XU};async function ZU(t){let e={timezone:t};await A("served:builder",e)}s(ZU,"servedBuilder");async function eL(t,e,r){let n={appVersion:t.version,timezone:e,embed:r===!0};await A("served:app",n)}s(eL,"servedApp");async function tL(t,e){let r={appId:t.appId,appVersion:t.version,timezone:e};await A("served:app:preview",r)}s(tL,"servedAppPreview");var HA={servedBuilder:ZU,servedApp:eL,servedAppPreview:tL};async function rL(t,e){let r={tableId:t._id,audited:{name:t.name}};await A("table:created",r,e)}s(rL,"created");async function nL(t,e){let r,n;for(let o in e.schema)if(!t.schema[o]){let a=e.schema[o];"default"in a&&a.default!=null&&(r=!0),a.type==="ai"&&(n=a.operation)}let i={tableId:e._id,defaultValues:r,aiColumn:n,audited:{name:e.name}};(r||n)&&await A("table:updated",i)}s(nL,"updated");async function iL(t,e){let r={tableId:t._id,audited:{name:t.name},appId:e};await A("table:deleted",r)}s(iL,"deleted");async function sL(t,e){let r={tableId:t._id,format:e,audited:{name:t.name}};await A("table:exported",r)}s(sL,"exported");async function oL(t){let e={tableId:t._id,audited:{name:t.name}};await A("table:imported",e)}s(oL,"imported");var YA={created:rL,updated:nL,deleted:iL,exported:sL,imported:oL};async function aL(t,e){let r={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:created",r,e)}s(aL,"created");async function uL(t){let e={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:updated",e)}s(uL,"updated");async function cL(t){let e={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:deleted",e)}s(cL,"deleted");async function lL(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:admin:assigned",r,e)}s(lL,"permissionAdminAssigned");async function dL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:admin:removed",e)}s(dL,"permissionAdminRemoved");async function fL(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:builder:assigned",r,e)}s(fL,"permissionBuilderAssigned");async function pL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:builder:removed",e)}s(pL,"permissionBuilderRemoved");async function mL(t){let e={audited:{email:t}};await A("user:invited",e)}s(mL,"invited");async function hL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:invite:accepted",e)}s(hL,"inviteAccepted");async function gL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:force:reset",e)}s(gL,"passwordForceReset");async function EL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:updated",e)}s(EL,"passwordUpdated");async function yL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset:requested",e)}s(yL,"passwordResetRequested");async function TL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset",e)}s(TL,"passwordReset");async function SL(t){let e={users:t};await A("user:data:collaboration",e)}s(SL,"dataCollaboration");var Fe={created:aL,updated:uL,deleted:cL,permissionAdminAssigned:lL,permissionAdminRemoved:dL,permissionBuilderAssigned:fL,permissionBuilderRemoved:pL,invited:mL,inviteAccepted:hL,passwordForceReset:gL,passwordUpdated:EL,passwordResetRequested:yL,passwordReset:TL,dataCollaboration:SL};async function AL(t,e){let r={name:t.name,type:t.type,tableId:t.tableId};await A("view:created",r,e)}s(AL,"created");async function _L(t){let e={tableId:t.tableId};await A("view:updated",e)}s(_L,"updated");async function OL(t,e){let r={...Ue.views.isV2(t)?{id:t.id,tableId:t.tableId,appId:e}:{}};await A("view:deleted",r)}s(OL,"deleted");async function IL(t,e){let r={tableId:t._id,format:e};await A("view:exported",r)}s(IL,"exported");async function wL({tableId:t,filterGroups:e},r){let n={tableId:t,filterGroups:e};await A("view:filter:created",n,r)}s(wL,"filterCreated");async function DL({tableId:t,filterGroups:e}){let r={tableId:t,filterGroups:e};await A("view:filter:updated",r)}s(DL,"filterUpdated");async function RL(t){let e={tableId:t.tableId};await A("view:filter:deleted",e)}s(RL,"filterDeleted");async function CL({tableId:t,calculationType:e},r){let n={tableId:t,calculation:e};await A("view:calculation:created",n,r)}s(CL,"calculationCreated");async function bL(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:updated",e)}s(bL,"calculationUpdated");async function xL(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:deleted",e)}s(xL,"calculationDeleted");async function vL(t,e){let r={tableId:t};await A("view:join:created",r,e)}s(vL,"viewJoinCreated");var zA={created:AL,updated:_L,deleted:OL,exported:IL,filterCreated:wL,filterUpdated:DL,filterDeleted:RL,calculationCreated:CL,calculationUpdated:bL,calculationDeleted:xL,viewJoinCreated:vL};async function PL(t,e){let r={workspaceAppId:t._id,audited:{name:t.name},appId:e};await A("workspace_app:deleted",r)}s(PL,"deleted");var JA={deleted:PL};function NL(){}s(NL,"initAsyncEvents");var UL=s(async()=>{await Zt.shutdown(),console.log("Events shutdown")},"shutdown");var Jp={};P(Jp,{creatorsInList:()=>_n,getAccountHolderFromUsers:()=>ac,hasAdminPermissions:()=>Cr,hasAppBuilderPermissions:()=>r_,hasBuilderPermissions:()=>ke,isAdmin:()=>bt,isAdminOrBuilder:()=>t_,isAdminOrWorkspaceBuilder:()=>ic,isBuilder:()=>Ai,isCreatorAsync:()=>Do,isCreatorSync:()=>sc,isGlobalBuilder:()=>e_,validateUniqueUser:()=>oc});async function zp(t){let e=[],r=await XA(t);e.push(...r.map(a=>a.email));let n=await ZA(t);e.push(...n.map(a=>a._id));let i=await Ei(t);e.push(...i.map(a=>a.email));let o=await Cp(t);return e.push(...o.map(a=>a.email)),[...new Set(e.map(a=>a.toLowerCase()))]}s(zp,"searchExistingEmails");async function nc(t){return await $s("platform_users_lowercase_2",{keys:[t.toLowerCase()],include_docs:!0})}s(nc,"getPlatformUsers");async function wo(t){return(await nc(t))[0]??null}s(wo,"getFirstPlatformUser");async function XA(t){let r={keys:t.map(i=>i.toLowerCase()),include_docs:!0},n={arrayResponse:!0};return await Kt("by_email2",r,void 0,n)}s(XA,"getExistingTenantUsers");async function ZA(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await $s("platform_users_lowercase_2",r)}s(ZA,"getExistingPlatformUsers");async function Ei(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await $s("account_by_email",r)}s(Ei,"getExistingAccounts");var Ai=Le.users.isBuilder,bt=Le.users.isAdmin,e_=Le.users.isGlobalBuilder,t_=Le.users.isAdminOrBuilder,Cr=Le.users.hasAdminPermissions,ke=Le.users.hasBuilderPermissions,r_=Le.users.hasAppBuilderPermissions,ic=Le.users.isAdminOrWorkspaceBuilder;async function _n(t,e){let r=[...new Set(t.filter(i=>i.userGroups).flatMap(i=>i.userGroups))];return e=await Y().getMultiple(r,{allowMissing:!0}),t.map(i=>sc(i,e))}s(_n,"creatorsInList");async function Do(t){let e=[];return t.userGroups&&(e=await Y().getMultiple(t.userGroups)),sc(t,e)}s(Do,"isCreatorAsync");function sc(t,e){let r=Le.users.isCreator(t);return!r&&t?LL(t,e):r}s(sc,"isCreatorSync");function LL(t,e){let r=e?.filter(n=>t.userGroups?.indexOf(n._id)!==-1);return r&&r.length>0?r.some(n=>Object.values(n.roles||{}).includes("CREATOR")):!1}s(LL,"isCreatorByGroupMembership");async function oc(t,e){if(g.MULTI_TENANCY){let r=await wo(t);if(r!=null&&r.tenantId!==e)throw new Jt(t)}if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let r=await Rr(t);if(r&&r.verified&&r.tenantId!==e)throw new Jt(t)}}s(oc,"validateUniqueUser");async function ac(t){if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let e=await Ei(t.map(r=>r.email));return t.find(r=>e.map(n=>n.email).includes(r.email))}}s(ac,"getAccountHolderFromUsers");var Xp=s(async t=>{await Fe.deleted(t),ke(t)&&await Fe.permissionBuilderRemoved(t),Cr(t)&&await Fe.permissionAdminRemoved(t)},"handleDeleteEvents"),ML=s(async(t,e,r)=>{for(let[n,i]of Object.entries(e))(!r||r[n]!==i)&&await Io.assigned(t,i)},"assignAppRoleEvents"),kL=s(async(t,e,r)=>{if(r)for(let[n,i]of Object.entries(r))(!e||e[n]!==i)&&await Io.unassigned(t,i)},"unassignAppRoleEvents"),FL=s(async(t,e)=>{let r=t.roles,n=e?.roles;await ML(t,r,n),await kL(t,r,n)},"handleAppRoleEvents"),Zp=s(async(t,e,r)=>{let n=r;!n&&!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL&&(n=await pi($())),await St.identifyUser(t,n),e?(await Fe.updated(t),WL(t,e)&&await Fe.permissionBuilderRemoved(t),GL(t,e)&&await Fe.permissionAdminRemoved(t),!e.forceResetPassword&&t.forceResetPassword&&t.password&&await Fe.passwordForceReset(t),t.password!==e.password&&await Fe.passwordUpdated(t)):await Fe.created(t),BL(t,e)&&await Fe.permissionBuilderAssigned(t),$L(t,e)&&await Fe.permissionAdminAssigned(t),await FL(t,e)},"handleSaveEvents"),BL=s((t,e)=>n_(t,e,ke),"isAddingBuilder"),WL=s((t,e)=>i_(t,e,ke),"isRemovingBuilder"),$L=s((t,e)=>n_(t,e,Cr),"isAddingAdmin"),GL=s((t,e)=>i_(t,e,Cr),"isRemovingAdmin"),n_=s((t,e,r)=>!(!r(t)||e&&r(e)),"isAddingPermission"),i_=s((t,e,r)=>!(r(t)||!e||!r(e)),"isRemovingPermission");var qL=s(async t=>{let e=t._id;await yt.removeUser(t),await Xp(t),await br.invalidateUser(e),await Sn(e,{reason:"bulk-deletion"})},"bulkDeleteProcessing"),xt=class t{static{s(this,"UserDB")}static init(e,r,n){t.quotas=e,t.groups=r,t.features=n}static async isPreventPasswordActions(e,r){return g.ENABLE_SSO_MAINTENANCE_MODE&&bt(e)?!1:await t.features.isSSOEnforced()||Ho(e)?!0:(r||(r=await pi($())),!!(r&&r.email===e.email&&jo(r)))}static async buildUser(e,r={hashPassword:!0,requirePassword:!0},n,i,o){let{password:a,_id:u}=e;i&&!i.password&&(r.requirePassword=!1);let c;if(a&&a!==i?.password){if(await t.isPreventPasswordActions(e,o))throw new Me("Password change is disabled for this user",400);if(!r.skipPasswordValidation){let f=Mp(a);if(!f.valid)throw new Me(f.error,400)}c=r.hashPassword?await uf(a):a}else i&&(c=i.password);let l=r.requirePassword&&!await t.features.isSSOEnforced();if(!c&&l)throw"Password must be specified.";u=u||ni();let d={createdAt:Date.now(),...i,...e,_id:u,password:c,tenantId:n};return d.roles||(d.roles={}),d.status==null&&(d.status="active"),d}static async allUsers(){return(await Y().allDocs(an(null,{include_docs:!0}))).rows.map(n=>n.doc)}static async countUsersByWorkspace(e){if(typeof e!="string"||!e)throw new Error("Must provide a string based workspace ID");return{userCount:(await Gs("by_app",ii(e,{include_docs:!1}))).rows.length}}static async getUsersByAppAccess(e){return await em(e.appId,{limit:e.limit||50})}static async getUserByEmail(e){return At(e)}static async getUser(e){let r=await On(e);return r&&delete r.password,r}static async bulkGet(e){return await uc(e)}static async bulkUpdate(e){return await Ro(e)}static async save(e,r={}){r.hashPassword==null&&(r.hashPassword=!0),r.requirePassword==null&&(r.requirePassword=!0);let n=$(),i=Y(),{email:o,_id:a,userGroups:u=[],roles:c}=e;if(!o&&!a)throw new Error("_id or email is required");let l;if(a)try{if(l=await On(a),o&&l.email!==o&&!r.allowChangingEmail)throw new Error("Email address cannot be changed")}catch(m){if(m.status!==404)throw m}if(!l&&o&&(l=await At(o),l&&l._id!==a))throw new Jt(o);let d=1,f=0;if((r.isAccountHolder||l)&&(d=0,f=1),l){let[m,E]=await _n([l,e]);f=m!==E?1:0}let h=!l,p=!!l&&!!o&&l.email!==o,S=!r.isAccountHolder&&!!o&&(h||p);return t.quotas.addUsers(d,f,async()=>{S&&await oc(o,n);let m=await t.buildUser(e,r,n,l);r.currentUserId&&r.currentUserId===l?._id&&(m=tm(m,l)),!l&&c?.length&&(m.roles={...c});let E=[];if(!a&&u.length>0)for(let y of u)E.push(t.groups.addUsers(y,[m._id]));try{let y=await i.put(m);return m._rev=y.rev,await Zp(m,l),l&&m.email!==l.email&&await yt.removeUser({email:l.email}),await yt.addUser(n,m._id,m.email,m.ssoId),await br.invalidateUser(y.id),await Promise.all(E),i.get(m._id)}catch(y){throw y.status===409?"User exists already":y}})}static async bulkCreate(e,r){let n=$(),i=[],o=[],a=[],u=e.map(h=>h.email),c=await zp(u),l=[];for(let h of e){let p=o.find(m=>m.email.toLowerCase()===h.email.toLowerCase()),S=c.includes(h.email.toLowerCase());if(p||S){l.push({email:h.email,reason:"Unavailable"});continue}h.userGroups=r||[],o.push(h),await Do(h)&&a.push(h)}let d=await pi(n),f=await t.features.isSSOEnforced();return t.quotas.addUsers(o.length,a.length,async()=>{for(let S of o)f&&delete S.password,i.push(t.buildUser(S,{hashPassword:!0,requirePassword:!f},n,void 0,d));let h=await Promise.all(i);await Ro(h);for(let S of h)await yt.addUser(n,S._id,S.email),await Zp(S,void 0,d);let p=h.map(S=>({_id:S._id,email:S.email}));if(Array.isArray(p)&&r){let S=[],m=p.map(E=>E._id);for(let E of r)S.push(t.groups.addUsers(E,m));await Promise.all(S)}return{successful:p,unsuccessful:l}})}static async bulkDelete(e){let r=Y(),n={successful:[],unsuccessful:[]},i=await ac(e);i&&(e=e.filter(p=>p.userId!==i.userId),n.unsuccessful.push({_id:i.userId,email:i.email,reason:"Account holder cannot be deleted"}));let a=(await r.allDocs({include_docs:!0,keys:e.map(p=>p.userId)})).rows.map(p=>p.doc),u=a.map(p=>({...p,_deleted:!0})),c=await Ro(u),d=(await _n(a)).filter(p=>p).length,f=[];for(let p of a){let m=(await wo(p._id)).ssoId;m&&(await nc(m)).filter(y=>y.ssoId==null).forEach(y=>{f.push({...y,_deleted:!0})}),await qL(p)}await Dr().bulkDocs(f),await t.quotas.removeUsers(u.length,d);let h={};return a.reduce((p,S)=>(p[S._id]=S,p),h),c.forEach(p=>{let S=h[p.id].email;p.ok?n.successful.push({_id:p.id,email:S}):n.unsuccessful.push({_id:p.id,email:S,reason:"Database error"})}),n}static async destroy(e){let r=Y(),n=await r.get(e),i=n._id;if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let a=n.email;if(await Rr(a))throw n.userId===Gt()._id?new Me('Please visit "Account" to delete this user',400):new Me("Account holder cannot be deleted",400)}await yt.removeUser(n),await r.remove(i,n._rev);let o=await Do(n)?1:0;await t.quotas.removeUsers(1,o),await Xp(n),await br.invalidateUser(i),await Sn(i,{reason:"deletion"})}static async createAdminUser(e,r,n){let i=n?.password,o={email:e,password:i,createdAt:Date.now(),roles:{},builder:{global:!0},admin:{global:!0},tenantId:r,firstName:n?.firstName,lastName:n?.lastName};return n?.ssoId&&(o.ssoId=n.ssoId),await di(ye.CHECKLIST),await t.save(o,{hashPassword:n?.hashPassword,requirePassword:n?.requirePassword,skipPasswordValidation:n?.skipPasswordValidation,isAccountHolder:!0})}static async getGroups(e){return await this.groups.getBulk(e)}static async getGroupBuilderAppIds(e){return await this.groups.getGroupBuilderAppIds(e)}};function bo(t){return Array.isArray(t)?t.map(e=>{if(e)return delete e.password,e}):t&&(delete t.password,t)}s(bo,"removeUserPassword");async function uc(t,e){let n=(await Y().allDocs({keys:t,include_docs:!0})).rows.map(i=>i.doc);return e?.cleanup&&(n=bo(n)),n}s(uc,"bulkGetGlobalUsersById");async function QL(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${Pe}`})).rows.map(n=>n.id)}s(QL,"getAllUserIds");async function jL(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${Pe}`,include_docs:!0})).rows.map(n=>n.doc)}s(jL,"getAllUsers");async function Ro(t){return await Y().bulkDocs(t)}s(Ro,"bulkUpdateGlobalUsers");async function On(t,e){let n=await Y().get(t);return e?.cleanup&&(n=bo(n)),n}s(On,"getById");async function At(t,e){if(t==null)throw"Must supply an email address to view";let r=await Kt("by_email2",{key:t.toLowerCase(),include_docs:!0});if(Array.isArray(r))throw new Error(`Multiple users found with email address: ${t}`);let n=r;return e?.cleanup&&(n=bo(n)),n}s(At,"getGlobalUserByEmail");async function HL(t){try{let e=await At(t);if(Array.isArray(e)||e!=null)return!0}catch{return!1}return!1}s(HL,"doesUserExist");async function s_(t,e,r){if(typeof t!="string")throw new Error("Must provide a string based workspace ID");let n=ii(t,{include_docs:!0});n.startkey=e&&e.startkey?e.startkey:n.startkey;let i=await Kt("by_app",n);i||(i=[]);let o=Array.isArray(i)?i:[i];return r?.cleanup&&(o=bo(o)),o}s(s_,"searchGlobalUsersByApp");async function em(t,e){let r=`roles.${t}`,n=[{"builder.global":!0},{"admin.global":!0}];if(t){let a={[r]:{$exists:!0}};n.push(a)}return(await Y().find({selector:{$or:n,_id:{$regex:"^us_"}},limit:e?.limit||50})).docs}s(em,"searchGlobalUsersByAppAccess");function o_(t,e){if(e)return Eu(He(t),e._id)}s(o_,"getGlobalUserByAppPage");async function a_(t,e,r){if(typeof t!="string")throw new Error("Must provide a string to search by");let n=t.toLowerCase(),i=e&&e.startkey?e.startkey:n,o=await Kt("by_email2",{...e,startkey:i,endkey:`${n}${Pe}`});o||(o=[]);let a=Array.isArray(o)?o:[o];return r?.cleanup&&(a=bo(a)),a}s(a_,"searchGlobalUsersByEmail");var YL=8;async function u_({bookmark:t,query:e,appId:r,limit:n}={}){let i=Y(),o=n??YL,u={include_docs:!0,limit:o+1};t&&(u.startkey=t);let c,l="_id",d;return e?.equal?._id?c=[await On(e.equal._id)]:r?(c=await s_(r,u),d=s(f=>o_(r,f),"getKey")):e?.string?.email?(c=await a_(e?.string?.email,u),l="email"):e?.oneOf?._id?c=await uc(e?.oneOf?._id,{cleanup:!0}):e?(c=(await i.allDocs(an(null,{...u,limit:void 0}))).rows.map(h=>h.doc),c=mr.search(c,{query:e,limit:u.limit}).rows):c=(await i.allDocs(an(null,u))).rows.map(h=>h.doc),qf(c,o,{paginate:!0,property:l,getKey:d})}s(u_,"paginatedUsers");async function zL(){return(await Gs("by_email2",{limit:0,include_docs:!1})).total_rows}s(zL,"getUserCount");async function JL(){let t=0;async function e(r){let n=await u_({bookmark:r}),i=await _n(n.data);t+=i.filter(o=>o).length,n.hasNextPage&&await e(n.nextPage)}return s(e,"iterate"),await e(),t}s(JL,"getCreatorCount");function XL(t){return delete t.admin,delete t.builder,t}s(XL,"removePortalUserPermissions");function tm(t,e){return delete t.admin,delete t.builder,delete t.roles,e&&(t.admin=e.admin,t.builder=e.builder,t.roles=e.roles),t}s(tm,"cleanseUserObject");async function ZL(t,e){let r=He(e);t.builder??={},t.builder.creator=!0,t.builder.apps??=[],t.builder.apps.push(r),await xt.save(t,{hashPassword:!1})}s(ZL,"addAppBuilder");async function e0(t,e){let r=He(e);t.builder&&t.builder.apps?.includes(r)&&(t.builder.apps=t.builder.apps.filter(n=>n!==r)),await xt.save(t,{hashPassword:!1})}s(e0,"removeAppBuilder");var c_=3600;async function t0(t,e){let n=await Yf(e).get(t);if(n.budibaseAccess=!0,!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let i=await Rr(n.email);i&&(n.account=i,n.accountPortalAccess=!0)}return n}s(t0,"populateFromDB");async function r0(t){let e=await xt.bulkGet(t),r=t.filter((i,o)=>!e[o]),n=e.filter(i=>i);return await Promise.all(n.map(async i=>{if(i.budibaseAccess=!0,!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let o=await Rr(i.email);o&&(i.account=o,i.accountPortalAccess=!0)}})),r.length?{users:n,notFoundIds:r}:{users:n}}s(r0,"populateUsersFromDB");async function xo({userId:t,tenantId:e,email:r,populateUser:n}){if(n||(n=t0),!e)try{e=$()}catch{e=await yt.lookupTenantId(t)}let i=await Us(),o=await i.get(t);return o||(o=await n(t,e,r),await i.store(t,o,c_)),o&&!o.tenantId&&e&&(o.tenantId=e),o.userGroups&&!Le.users.isGlobalBuilder(o)&&await Ce(e,async()=>{let a=await xt.getGroupBuilderAppIds(o);if(a.length){let u=o.builder?.apps||[];o.builder={apps:[...new Set(u.concat(a))]}}}),o}s(xo,"getUser");async function n0(t){let e=await Us(),r=await e.bulkGet(t),n=t.filter(a=>!r[a]),i=Object.values(r).filter(a=>!!a),o;if(n.length){let a=await r0(n);o=a.notFoundIds;for(let u of a.users)await e.store(u._id,u,c_);i.push(...a.users)}return{users:i,notFoundIds:o}}s(n0,"getUsers");async function vo(t){await(await Us()).delete(t)}s(vo,"invalidateUser");var sm={};P(sm,{Writethrough:()=>nm});var l_=1e4,rm=null;async function cc(){if(!rm){let t=await kf();rm=new pn(t)}return rm}s(cc,"getCache");function Po(t,e){return t.name+e}s(Po,"makeCacheKey");function im(t,e=null){return{doc:t,lastWrite:e||Date.now()}}s(im,"makeCacheItem");async function i0(t,e,r=l_){let n=await cc(),i=e._id,o;i&&(o=await n.get(Po(t,i)));let a=!o||o.lastWrite<Date.now()-r,u=e;return a&&((await oo({type:"try_once",name:"persist_writethrough",resource:i,ttl:15e3},async()=>{let l=s(async d=>{let f=await t.put(d,{force:!0});u._id=f.id,u._rev=f.rev},"writeDb");try{await l(e)}catch(d){if(d.status!==409)throw d;li("Ignoring conflict in write-through cache")}})).executed||li("Ignoring redlock conflict in write-through cache")),o=im(u,a?null:o?.lastWrite),u._id&&await n.store(Po(t,u._id),o),{ok:!0,id:u._id,rev:u._rev}}s(i0,"put");async function s0(t,e){let r=await cc(),n=Po(t,e),i=await r.get(n);if(!i){let o=await t.get(e);i=im(o),await r.store(n,i)}return i.doc}s(s0,"get");async function o0(t,e){let r=await cc(),n=Po(t,e),i=await r.get(n);if(!i){let o=await t.tryGet(e);if(!o)return null;i=im(o),await r.store(n,i)}return i.doc}s(o0,"tryGet");async function a0(t,e,r){let n=await cc();if(!e)throw new Error("No ID/Rev provided.");let i=typeof e=="string"?e:e._id;r=typeof e=="string"?r:e._rev;try{await n.delete(Po(t,i))}finally{await t.remove(i,r)}}s(a0,"remove");var nm=class{static{s(this,"Writethrough")}constructor(e,r=l_){this.db=e,this.writeRateMs=r}async put(e,r=this.writeRateMs){return i0(this.db,e,r)}async get(e){return s0(this.db,e)}async tryGet(e){return o0(this.db,e)}async remove(e,r){return a0(this.db,e,r)}};function No(t){return`config${C}${t}`}s(No,"generateConfigID");var lc="en";function u0(){return{_id:No("translations"),type:"translations",config:{defaultLocale:lc,locales:{[lc]:{label:"English",overrides:{}}}}}}s(u0,"createDefaultTranslationsConfig");function c0(t){let e=t?.defaultLocale||lc,r={...t?.locales??{}};r[e]||(r[e]={label:e===lc?"English":e,overrides:{}});for(let n of Object.keys(r))r[n].overrides||(r[n]={...r[n],overrides:{}});return{defaultLocale:e,locales:r}}s(c0,"prepareTranslationsConfig");async function Be(t){let e=Y();try{return await e.get(No(t))}catch(r){if(r.status===404)return;throw r}}s(Be,"getConfig");async function l0(t){return t._id||(t._id=No(t.type)),Y().put(t)}s(l0,"save");async function d_(){let t=await Be("translations");return t?(t.config=c0(t.config),t):u0()}s(d_,"getTranslationsConfigDoc");async function d0(){return(await d_()).config}s(d0,"getTranslationsConfig");async function Ti(){let t=await Be("settings");return t||(t={_id:No("settings"),type:"settings",config:{}}),t.config.platformUrl=await Uo({tenantAware:!0,config:t.config}),t.config.analyticsEnabled=await Ju({config:t.config}),t}s(Ti,"getSettingsConfigDoc");async function am(){return(await Ti()).config}s(am,"getSettingsConfig");async function Uo(t={tenantAware:!0}){let e=g.PLATFORM_URL||"http://localhost:10000";if(!g.SELF_HOSTED&&g.MULTI_TENANCY&&t.tenantAware){let r=$();e.includes("localhost:")||(e=e.replace("://",`://${r}.`))}else if(g.SELF_HOSTED){let r=t?.config?t.config:(await Be("settings"))?.config;r?.platformUrl&&(e=r.platformUrl)}return e}s(Uo,"getPlatformUrl");var Ju=s(async t=>{if(!g.SELF_HOSTED)return!!g.ENABLE_ANALYTICS;let e=await wr(ye.ANALYTICS_ENABLED,86400,async()=>{let n=t?.config?t.config:(await Be("settings"))?.config;if(n?.analyticsEnabled===!1)return!1;if(n?.analyticsEnabled===!0)return!0});if(e!==void 0)return e;let r=g.ENABLE_ANALYTICS;return!(r===0||r===!1)},"analyticsEnabled");async function f0(){return await Be("google")}s(f0,"getGoogleConfigDoc");async function fc(){return(await f0())?.config}s(fc,"getGoogleConfig");async function um(){if(!g.SELF_HOSTED)return om();let t=await fc();return(!t||!t.activated)&&(t=om()),t}s(um,"getGoogleDatasourceConfig");function om(){if(g.GOOGLE_CLIENT_ID&&g.GOOGLE_CLIENT_SECRET)return{clientID:g.GOOGLE_CLIENT_ID,clientSecret:g.GOOGLE_CLIENT_SECRET,activated:!0}}s(om,"getDefaultGoogleConfig");async function p0(){return Be("logos_oidc")}s(p0,"getOIDCLogosDoc");async function m0(){return Be("oidc")}s(m0,"getOIDCConfigDoc");async function h0(){let t=(await m0())?.config;return t?.configs&&t.configs[0]}s(h0,"getOIDCConfig");async function cm(t){let e=(await Be("oidc"))?.config;return e&&e.configs.filter(r=>r.uuid===t)[0]}s(cm,"getOIDCConfigById");async function f_(){return Be("smtp")}s(f_,"getSMTPConfigDoc");async function g0(t){let e=await f_();if(e)return e.config;let r=g.SELF_HOSTED||!t;if(g.SMTP_FALLBACK_ENABLED&&r)return{port:g.SMTP_PORT,host:g.SMTP_HOST,secure:!1,from:g.SMTP_FROM_ADDRESS,auth:{user:g.SMTP_USER,pass:g.SMTP_PASSWORD},fallback:!0}}s(g0,"getSMTPConfig");async function E0(){return(await Be("scim"))?.config}s(E0,"getSCIMConfig");async function y0(){return Be("recaptcha")}s(y0,"getRecaptchaConfig");var Tm={};P(Tm,{AccessController:()=>fm,BUILTIN_ROLE_IDS:()=>pm,Role:()=>xr,RoleHierarchyTraversal:()=>pc,RoleIDVersion:()=>mm,builtinRoleToNumber:()=>Lo,checkForRoleResourceArray:()=>g_,externalRole:()=>I0,findRole:()=>Mo,getAllRoleIds:()=>C0,getAllRoles:()=>ym,getBuiltinRole:()=>m_,getBuiltinRoles:()=>gm,getDBRoleID:()=>E_,getExternalRoleID:()=>vr,getExternalRoleIDs:()=>y_,getRole:()=>w0,getUserRoleHierarchy:()=>Em,getUserRoleIdHierarchy:()=>h_,isBuiltin:()=>In,lowerBuiltinRoleID:()=>O0,prefixRoleIDNoBuiltin:()=>dm,roleIDsAreEqual:()=>ot,roleToNumber:()=>_0,saveRoles:()=>D0,validInherits:()=>A0});var p_=require("lodash"),mc=B(require("lodash/fp/cloneDeep")),lm=B(require("semver"));var pm={ADMIN:"ADMIN",POWER:"POWER",BASIC:"BASIC",PUBLIC:"PUBLIC"},ie={...pm,BUILDER:"BUILDER"},mm={UUID:void 0,NAME:"name"};function S0(t,e){return Array.isArray(e)?e.filter(r=>t.includes(r)).length===e.length:t.includes(e)}s(S0,"rolesInList");var xr=class{constructor(e,r,n,i){this.permissions={};this._id=e,this.name=r,this.uiMetadata=i,this.permissionId=n,this.version=mm.NAME}static{s(this,"Role")}addInheritance(e){return e&&typeof e=="string"?e=dm(e):e&&Array.isArray(e)&&(e=e.map(dm)),this.inherits=e,this}},pc=class{static{s(this,"RoleHierarchyTraversal")}constructor(e,r){this.allRoles=e,this.opts=r}walk(e){let r=this.opts,n=this.allRoles,i=[];if(!e||!e._id)return i;if(i.push(e),Array.isArray(e.inherits))for(let o of e.inherits){let a=Mo(o,n,r);a&&(i=i.concat(this.walk(a)))}else{let o=[],a=e;for(;a&&a.inherits&&!S0(o,a.inherits);){if(Array.isArray(a.inherits))return i.concat(this.walk(a));if(o.push(a.inherits),a=Mo(a.inherits,n,r),a&&i.push(a),Ue.roles.checkForRoleInheritanceLoops(i))break}}return(0,p_.uniqBy)(i,o=>o._id)}},hm={ADMIN:new xr(ie.ADMIN,ie.ADMIN,"admin",{displayName:"Admin user",description:"Can do everything",color:"var(--spectrum-global-color-static-red-400)"}).addInheritance(ie.POWER),POWER:new xr(ie.POWER,ie.POWER,"power",{displayName:"App power user",description:"An app user with more access",color:"var(--spectrum-global-color-static-orange-400)"}).addInheritance(ie.BASIC),BASIC:new xr(ie.BASIC,ie.BASIC,"write",{displayName:"Basic user",description:"Any logged in user",color:"var(--spectrum-global-color-static-green-400)"}).addInheritance(ie.PUBLIC),PUBLIC:new xr(ie.PUBLIC,ie.PUBLIC,"public",{displayName:"Public user",description:"Accessible to anyone",color:"var(--spectrum-global-color-static-blue-400)"}),BUILDER:new xr(ie.BUILDER,ie.BUILDER,"admin",{displayName:"Builder user",description:"Users that can edit this app",color:"var(--spectrum-global-color-static-magenta-600)"})};function gm(){return(0,mc.default)(hm)}s(gm,"getBuiltinRoles");function In(t){return Object.values(pm).includes(t)}s(In,"isBuiltin");function dm(t){return In(t)?t:Vt(t)}s(dm,"prefixRoleIDNoBuiltin");function m_(t){let e=Object.values(hm).find(r=>t.includes(r._id));if(e)return(0,mc.default)(e)}s(m_,"getBuiltinRole");function A0(t,e){if(!e)return!1;let r=s(n=>t.find(i=>ot(i._id,n)),"find");if(Array.isArray(e)){let n=e.filter(i=>r(i));return e.length!==0&&n.length===e.length}else return!!r(e)}s(A0,"validInherits");function Lo(t){let e=gm(),r=Object.values(e).length+1;if(ot(t,ie.ADMIN)||ot(t,ie.BUILDER))return r;let n=e[t],i=0;do{if(!n)break;if(Array.isArray(n.inherits))throw new Error("Built-in roles don't support multi-inheritance");n=e[n.inherits],i++}while(n!==null);return i}s(Lo,"builtinRoleToNumber");async function _0(t){if(In(t))return Lo(t);let e=await Em(t,{defaultPublic:!0}),r=s(n=>{if(!n.inherits)return 0;if(Array.isArray(n.inherits)){let i=n.inherits.map(o=>{let a=e.find(u=>ot(u._id,o));if(a)return r(a)+1}).filter(o=>o).sort().pop();if(i!=null)return i}else if(In(n.inherits))return Lo(n.inherits)+1;return 0},"findNumber");return Math.max(...e.map(r))}s(_0,"roleToNumber");function O0(t,e){return t?e&&Lo(t)>Lo(e)?e:t:e}s(O0,"lowerBuiltinRoleID");function ot(t,e){return Vt(t)===Vt(e)}s(ot,"roleIDsAreEqual");function I0(t){let e;return t._id&&(e=vr(t._id)),{...t,_id:e,inherits:y_(t.inherits,t.version)}}s(I0,"externalRole");function Mo(t,e,r){let n=m_(t);n||(t=Vt(t));let i=e.find(o=>o._id&&ot(o._id,t));return!i&&!In(t)&&r?.defaultPublic?(0,mc.default)(hm.PUBLIC):(n=Object.assign(n||{},i),n?._id&&(n._id=vr(n._id,n.version)),Object.keys(n).length===0?void 0:n)}s(Mo,"findRole");async function w0(t,e){let r=ti(),n=[];if(!In(t)){let i=await r.tryGet(E_(t));i&&n.push(i)}return Mo(t,n,e)}s(w0,"getRole");async function D0(t){await ti().bulkDocs(t.filter(r=>r._id).map(r=>({...r,_id:Vt(r._id)})))}s(D0,"saveRoles");async function R0(t,e){let r=await ym();if(ot(t,ie.ADMIN))return r;let n=Mo(t,r,e),i=[];return n&&(i=new pc(r,e).walk(n)),i}s(R0,"getAllUserRoles");async function h_(t){return(await Em(t)).map(r=>r._id)}s(h_,"getUserRoleIdHierarchy");async function Em(t,e){return R0(t,e)}s(Em,"getUserRoleHierarchy");function g_(t,e){if(t&&!Array.isArray(t[e])){let r=t[e];t[e]=[r],r==="write"&&t[e].push("read")}return t}s(g_,"checkForRoleResourceArray");async function C0(t){return(await ym(t)).map(r=>r._id)}s(C0,"getAllRoleIds");async function ym(t){if(t)return je(t,e);{let r;try{r=ti()}catch{}return e(r)}async function e(r){let n=[];r&&(n=(await r.allDocs(yu(null,{include_docs:!0}))).rows.map(u=>u.doc),n.forEach(u=>u._id=vr(u._id,u.version)));let i=gm(),o=[];!r||await b0(r)?o=[ie.ADMIN,ie.POWER,ie.BASIC,ie.PUBLIC]:o=[ie.ADMIN,ie.BASIC,ie.PUBLIC];for(let a of o){let u=i[a],c=n.filter(l=>ot(l._id,a))[0];c==null?n.push(u||i.BASIC):(n=n.filter(l=>l._id!==c._id),c._id=vr(u._id,c.version),n.push({...u,...c,name:u.name,_id:vr(u._id,u.version),uiMetadata:{...c.uiMetadata,...u.uiMetadata}}))}for(let a of n)if(a.permissions)for(let u of Object.keys(a.permissions))a.permissions=g_(a.permissions,u);return n}s(e,"internal")}s(ym,"getAllRoles");async function b0(t){let r=(await t.tryGet("app_metadata"))?.creationVersion;return!r||!lm.default.valid(r)?!0:!lm.default.gte(r,g.MIN_VERSION_WITHOUT_POWER_ROLE)}s(b0,"shouldIncludePowerRole");var fm=class{static{s(this,"AccessController")}constructor(){this.userHierarchies={}}async hasAccess(e,r){if(e==null||e===""||ot(e,ie.BUILDER)||ot(r,e)||ot(r,ie.BUILDER))return!0;let n=r?this.userHierarchies[r]:null;return!n&&r&&(n=await h_(r),this.userHierarchies[r]=n),n?.find(i=>ot(i,e))!==void 0}async checkScreensAccess(e,r){let n=[];for(let i of e){let o=await this.checkScreenAccess(i,r);o&&n.push(o)}return n}async checkScreenAccess(e,r){let n=e&&e.routing?e.routing.roleId:void 0;return await this.hasAccess(n,r)?e:null}};function E_(t){return t?.startsWith("role")?t:Vt(t)}s(E_,"getDBRoleID");function vr(t,e){if(t.startsWith(`role${C}`)&&(In(t)||e===mm.NAME)){let r=t.split(C);return r.shift(),r.join(C)}return t}s(vr,"getExternalRoleID");function y_(t,e){return t&&(typeof t=="string"?vr(t,e):t.map(r=>vr(r,e)))}s(y_,"getExternalRoleIDs");var Sm={};P(Sm,{BUILDER:()=>U0,BUILTIN_PERMISSIONS:()=>hc,CREATOR:()=>L0,GLOBAL_BUILDER:()=>M0,PermissionImpl:()=>se,PermissionLevel:()=>bi,PermissionType:()=>Ko,doesHaveBasePermission:()=>P0,getAllowedLevels:()=>__,getBuiltinPermissionByID:()=>v0,getBuiltinPermissions:()=>x0,isPermissionLevelHigherThanRead:()=>N0,levelToNumber:()=>A_});var T_=B(require("lodash/flatten")),S_=B(require("lodash/fp/cloneDeep"));var se=class{static{s(this,"PermissionImpl")}constructor(e,r){this.type=e,this.level=r}};function A_(t){switch(t){case"execute":return 0;case"read":return 1;case"write":return 2;case"admin":return 3;default:return-1}}s(A_,"levelToNumber");function __(t){switch(t){case"execute":return["execute"];case"read":return["execute","read"];case"write":case"admin":return["execute","read","write"];default:return[]}}s(__,"getAllowedLevels");var hc={PUBLIC:{_id:"public",name:"Public",permissions:[new se("webhook","execute")]},READ_ONLY:{_id:"read_only",name:"Read only",permissions:[new se("query","read"),new se("table","read"),new se("app","read")]},WRITE:{_id:"write",name:"Read/Write",permissions:[new se("query","write"),new se("table","write"),new se("automation","execute"),new se("legacy_view","read"),new se("app","read")]},POWER:{_id:"power",name:"Power",permissions:[new se("table","write"),new se("user","read"),new se("automation","execute"),new se("webhook","read"),new se("legacy_view","read"),new se("app","read")]},ADMIN:{_id:"admin",name:"Admin",permissions:[new se("table","admin"),new se("user","admin"),new se("automation","admin"),new se("webhook","read"),new se("query","admin"),new se("legacy_view","read"),new se("app","read")]}};function x0(){return(0,S_.default)(hc)}s(x0,"getBuiltinPermissions");function v0(t){return Object.values(hc).find(r=>r._id===t)}s(v0,"getBuiltinPermissionByID");function P0(t,e,r){let n=[...new Set(r.map(a=>a.permissionId))],i=Object.values(hc),o=(0,T_.default)(i.filter(a=>n.indexOf(a._id)!==-1).map(a=>a.permissions));for(let a of o)if(a.type===t&&__(a.level).indexOf(e)!==-1)return!0;return!1}s(P0,"doesHaveBasePermission");function N0(t){return A_(t)>1}s(N0,"isPermissionLevelHigherThanRead");var U0="builder",L0="creator",M0="globalBuilder";var Om={};P(Om,{FlagSet:()=>Ec,all:()=>$0,flags:()=>Am,getEnvFlags:()=>D_,init:()=>k0,isEnabled:()=>W0,parseEnvFlags:()=>Tc,shutdown:()=>F0,testutils:()=>_m});var yc=B(require("crypto")),O_=B(require("dd-trace")),I_=require("lodash"),w_=require("posthog-node");var gc;function k0(t){g.POSTHOG_TOKEN&&g.POSTHOG_API_HOST&&!g.SELF_HOSTED&&g.POSTHOG_FEATURE_FLAGS_ENABLED?(console.log("initializing posthog client..."),gc=new w_.PostHog(g.POSTHOG_TOKEN,{host:g.POSTHOG_API_HOST,personalApiKey:g.POSTHOG_PERSONAL_TOKEN,featureFlagsPollingInterval:pe.fromMinutes(3).toMs(),...t})):console.log("posthog disabled")}s(k0,"init");function F0(){gc?.shutdown()}s(F0,"shutdown");function Tc(t){let e=t.split(",").map(n=>n.split(":")),r=[];for(let[n,...i]of e)for(let o of i){let a=!0;o.startsWith("!")&&(o=o.slice(1),a=!1),r.push({tenantId:n,key:o,value:a})}return r}s(Tc,"parseEnvFlags");function D_(){return Tc(g.TENANT_FEATURE_FLAGS||"")}s(D_,"getEnvFlags");var Ec=class{constructor(e){this.flagSchema=e;this.setId=yc.randomUUID()}static{s(this,"FlagSet")}defaults(){return(0,I_.cloneDeep)(this.flagSchema)}isFlagName(e){return this.flagSchema[e]!==void 0}async isEnabled(e){return(await this.fetch())[e]}async fetch(){return await O_.default.trace("features.fetch",async e=>{let r=vf(this.setId);if(r)return e?.addTags({fromCache:!0}),r;let n={},i=this.defaults(),o=$(),a=new Set;if(nu())return i;for(let{tenantId:f,key:h,value:p}of D_())if(!(!f||f!=="*"&&f!==o)&&(n.readFromEnvironmentVars=!0,p===!1&&a.add(h),!!this.isFlagName(h))){if(typeof i[h]!="boolean")throw new Error(`Feature: ${h} is not a boolean`);i[h]=p,n[`flags.${h}.source`]="environment"}let u=Gt(),c=u?._id;if(!c){let f=bf();f&&(c=yc.createHash("sha512").update(f).digest("hex"))}let l=u?.tenantId;if(l||(l=o),n["identity.type"]=u?.type,n["identity._id"]=u?._id,n.tenantId=l,n.userId=c,gc&&c){n.readFromPostHog=!0;let f=await Ti(),h={tenantId:l},p={tenant:{id:l}};f.config.createdVersion&&(p.tenant.createdVersion=f.config.createdVersion),f.createdAt&&(p.tenant.createdAt=`${f.createdAt}`);let S=await gc.getAllFlags(c,{personProperties:h,onlyEvaluateLocally:!0,groups:{tenant:l},groupProperties:p});for(let[m,E]of Object.entries(S))if(this.isFlagName(m)){if(typeof E!="boolean"){console.warn(`Invalid value for posthog flag "${m}": ${E}`);continue}if(!(i[m]===!0||a.has(m)))try{i[m]=E,n[`flags.${m}.source`]="posthog"}catch(y){console.warn(`Error parsing posthog flag "${m}": ${E}`,y)}}}let d=Nf();for(let[f,h]of Object.entries(d))this.isFlagName(f)&&typeof h=="boolean"&&(i[f]=h,n[`flags.${f}.source`]="override");Pf(this.setId,i);for(let[f,h]of Object.entries(i))n[`flags.${f}.value`]=h;return e?.addTags(n),i})}},B0={USE_ZOD_VALIDATOR:!1,AI_AGENTS:!0,AI_RAG:!1,DEBUG_UI:g.isDev(),DEV_USE_CLIENT_FROM_STORAGE:!1},Am=new Ec(B0);async function W0(t){return await Am.isEnabled(t)}s(W0,"isEnabled");async function $0(){return await Am.fetch()}s($0,"all");var _m={};P(_m,{setFeatureFlags:()=>R_,withFeatureFlags:()=>q0});function G0(){let t={};for(let{tenantId:e,key:r,value:n}of Tc(process.env.TENANT_FEATURE_FLAGS||"")){let i=t[e]||{};i[r]!==!1&&(i[r]=n,t[e]=i)}return t}s(G0,"getCurrentFlags");function V0(t){let e=[];for(let[r,n]of Object.entries(t))for(let[i,o]of Object.entries(n))o===!1?e.push(`${r}:!${i}`):e.push(`${r}:${i}`);return e.join(",")}s(V0,"buildFlagString");function R_(t,e){let r=G0();for(let[i,o]of Object.entries(e)){let a=r[t]||{};a[i]=o,r[t]=a}let n=V0(r);return Ds({TENANT_FEATURE_FLAGS:n})}s(R_,"setFeatureFlags");function q0(t,e,r){let n=R_(t,e),i=r();return i instanceof Promise?i.finally(n):(n(),i)}s(q0,"withFeatureFlags");var Lm={};P(Lm,{adminOnly:()=>Sc,auditLog:()=>Ac,authError:()=>Oe,buildAuthMiddleware:()=>bM,buildCsrfMiddleware:()=>vM,buildTenancyMiddleware:()=>xM,builderOnly:()=>xc,builderOrAdmin:()=>vc,google:()=>rr,internalApi:()=>Nc,joiValidator:()=>ko,oidc:()=>nr,passport:()=>PM,platformLogout:()=>kM,refreshOAuthToken:()=>LM,ssoCallbackUrl:()=>Nr,updateUserOAuth:()=>MM,workspaceBuilderOrAdmin:()=>Mc});var Um={};P(Um,{activeTenant:()=>X_,adminOnly:()=>Sc,auditLog:()=>Ac,authError:()=>Oe,authenticated:()=>bc,builderOnly:()=>xc,builderOrAdmin:()=>vc,correlation:()=>b_,csp:()=>B_,csrf:()=>Pc,datasource:()=>RM,errorHandling:()=>$_,featureFlagCookie:()=>G_,google:()=>rr,internalApi:()=>Nc,ip:()=>V_,joiValidator:()=>ko,local:()=>Oi,oidc:()=>nr,pino:()=>x_,querystringToBody:()=>J_,ssoCallbackUrl:()=>Nr,tenancy:()=>Lc,workspaceBuilderOrAdmin:()=>Mc});var C_=require("uuid");var K0=require("correlation-id"),b_=s((t,e)=>{let r=t.headers["x-budibase-correlation-id"];return r||(r=(0,C_.v4)()),K0.withId(r,()=>e())},"correlationMiddleware");var Q0=require("koa-pino-logger"),j0=require("correlation-id");function H0(){return{logger:Uu,genReqId:j0.getId,autoLogging:{ignore:t=>!!t.url?.includes("/health")},serializers:{req:t=>({method:t.method,url:t.url,correlationId:t.id}),res:t=>({status:t.statusCode})}}}s(H0,"pinoSettings");function Y0(){return g.HTTP_LOGGING?Q0(H0()):(t,e)=>e()}s(Y0,"getMiddleware");var x_=Y0();var Sc=s(async(t,e)=>(!t.internal&&!bt(t.user)&&t.throw(403,"Admin user only endpoint."),e()),"adminOnly");var Ac=s(async(t,e)=>e(),"auditLog");var z0=/\/:(.*?)(\/.*)?$/g,er=s(t=>t?t.map(e=>{let r=e.route,n=e.method,i=r.match(z0);if(i)for(let o of i){let u="/.*"+(o.endsWith("/")?"/":"");r=r.replace(o,u)}return{regex:new RegExp(r),method:n,route:r}}):[],"buildMatcherRegex"),tr=s((t,e)=>e.find(({regex:r,method:n})=>{let i=r.test(t.request.url),o=n==="ALL"?!0:t.request.method.toLowerCase()===n.toLowerCase();return i&&o}),"matches");var Cm={};P(Cm,{SecretOption:()=>N_,compare:()=>eM,decrypt:()=>wc,decryptFile:()=>nM,encrypt:()=>Z0,encryptFile:()=>tM,getSecret:()=>Rm});var vt=B(require("crypto")),Pr=B(require("fs")),Im=require("path"),wm=B(require("zlib"));var _c="aes-256-ctr",P_="-",J0=1e4,X0=32,Oc=16,Dm=16,N_=(r=>(r.API="api",r.ENCRYPTION="encryption",r))(N_||{});function Rm(t){let e,r;switch(t){case"encryption":e=g.ENCRYPTION_KEY,r="ENCRYPTION_KEY";break;case"api":default:e=g.API_ENCRYPTION_KEY,r="API_ENCRYPTION_KEY";break}if(!e)throw new Error(`Secret "${r}" has not been set in environment.`);return e}s(Rm,"getSecret");function Ic(t,e){return vt.default.pbkdf2Sync(t,new Uint8Array(e),J0,X0,"sha512")}s(Ic,"stretchString");function Z0(t,e="api"){let r=vt.default.randomBytes(Oc),n=Ic(Rm(e),r),i=vt.default.createCipheriv(_c,new Uint8Array(n),new Uint8Array(r)),o=i.update(t,"utf8"),a=i.final(),u=Buffer.concat([new Uint8Array(o),new Uint8Array(a)]).toString("hex");return`${r.toString("hex")}${P_}${u}`}s(Z0,"encrypt");function wc(t,e="api"){let[r,n]=t.split(P_),i=Buffer.from(r,"hex"),o=Ic(Rm(e),i),a=vt.default.createDecipheriv(_c,new Uint8Array(o),new Uint8Array(i)),u=a.update(n,"hex"),c=a.final();return Buffer.concat([new Uint8Array(u),new Uint8Array(c)]).toString()}s(wc,"decrypt");function eM(t,e,r="api"){try{let n=new TextEncoder,i=n.encode(wc(e,r)),o=n.encode(t);return i.length!==o.length?!1:vt.default.timingSafeEqual(i,o)}catch{return!1}}s(eM,"compare");async function tM({dir:t,filename:e},r){let n=`${e}.enc`,i=(0,Im.join)(t,e);if(Pr.default.lstatSync(i).isDirectory())throw new Error("Unable to encrypt directory");let o=Pr.default.createReadStream(i),a=Pr.default.createWriteStream((0,Im.join)(t,n)),u=vt.default.randomBytes(Oc),c=vt.default.randomBytes(Dm),l=Ic(r,u),d=vt.default.createCipheriv(_c,new Uint8Array(l),new Uint8Array(c));return a.write(u),a.write(c),o.pipe(wm.default.createGzip()).pipe(d).pipe(a),new Promise(f=>{a.on("finish",()=>{f({filename:n,dir:t})})})}s(tM,"encryptFile");async function rM(t){let e=Pr.default.createReadStream(t),r=await v_(e,Oc),n=await v_(e,Dm);return e.close(),{salt:r,iv:n}}s(rM,"getSaltAndIV");async function nM(t,e,r){if(Pr.default.lstatSync(t).isDirectory())throw new Error("Unable to decrypt directory");let{salt:n,iv:i}=await rM(t),o=Pr.default.createReadStream(t,{start:Oc+Dm}),a=Pr.default.createWriteStream(e),u=Ic(r,n),c=vt.default.createDecipheriv(_c,new Uint8Array(u),new Uint8Array(i)),l=wm.default.createGunzip();return o.pipe(c).pipe(l).pipe(a),new Promise((d,f)=>{a.on("finish",()=>{a.close(),d()}),o.on("error",h=>{a.close(),f(h)}),c.on("error",h=>{a.close(),f(h)}),l.on("error",h=>{a.close(),f(h)}),a.on("error",h=>{a.close(),f(h)})})}s(nM,"decryptFile");function v_(t,e){return new Promise((r,n)=>{let i=0,o=[];t.on("readable",()=>{let a;for(;(a=t.read(e-i))!==null;)o.push(a),i+=a.length;r(Buffer.concat(o.map(u=>new Uint8Array(u))))}),t.on("end",()=>{n(new Error("Insufficient data in the stream."))}),t.on("error",a=>{n(a)})})}s(v_,"readBytes");var bm={};P(bm,{APIWarning:()=>wn,FeatureDisabledWarning:()=>Rc,InvalidAPIKeyWarning:()=>_i,UsageLimitWarning:()=>Dc});var wn=class extends Error{constructor(r,n){super(r);this.code=n}static{s(this,"APIWarning")}},_i=class extends wn{static{s(this,"InvalidAPIKeyWarning")}constructor(){super("Invalid API key","invalid_api_key")}},Dc=class extends wn{constructor(r){super(`Usage limit exceeded: '${r}'`,"usage_limit_exceeded");this.limitName=r}static{s(this,"UsageLimitWarning")}getPublicWarning(){return{limitName:this.limitName}}},Rc=class extends wn{constructor(r){super(`Feature disabled: '${r}'`,"feature_disabled");this.featureName=r,this.status=400}static{s(this,"FeatureDisabledWarning")}getPublicWarning(){return{featureName:this.featureName}}getPublicError(){return{featureName:this.featureName}}};var L_=B(require("dd-trace"));var sM=g.SESSION_UPDATE_PERIOD?parseInt(g.SESSION_UPDATE_PERIOD):60*1e3;function oM(){return new Date(Date.now()-sM).toISOString()}s(oM,"timeMinusOneMinute");function U_(t,e={}){t.publicEndpoint=e.publicEndpoint||!1,t.isAuthenticated=e.authenticated||!1,t.loginMethod=e.loginMethod,t.user=e.user,t.internal=e.internal||!1,t.version=e.version}s(U_,"finalise");async function aM(t,e){if(Qs(t))return{valid:!0,user:void 0};let n=wc(t).split(C)[0];return Ce(n,async()=>{let i;try{let o=Y();i=await Kt("by_api_key",{key:t},o)}catch{i=void 0}if(i)return{valid:!0,user:await xo({userId:i,tenantId:n,populateUser:e})};throw new _i})}s(aM,"checkApiKey");function Cc(t,e){let r=t.request.headers[e];if(Array.isArray(r))throw new Error("Unexpected header format");return r}s(Cc,"getHeader");function bc(t=[],e={publicAllowed:!1}){let r=t?er(t):[];return async(n,i)=>{let o=!1,a=Cc(n,"x-budibase-api-version");tr(n,r)&&(o=!0);try{let c=Cc(n,"x-budibase-token"),l=jt(n,"budibase:auth")||Su(c),d=Cc(n,"x-budibase-api-key");!d&&n.request.headers.authorization&&(d=n.request.headers.authorization.split(" ")[1]);let f=Cc(n,"x-budibase-tenant-id"),h=!1,p,S=!1,m;if(l&&!d){let y=l.sessionId,I=l.userId,O;try{O=await Bp(I,y),e&&e.populateUser?p=await xo({userId:I,tenantId:O.tenantId,email:O.email,populateUser:e.populateUser(n)}):p=await xo({userId:I,tenantId:O.tenantId,email:O.email}),p.csrfToken=O.csrfToken,m="cookie",O?.lastAccessedAt<oM()&&await Fp(O),h=!0}catch(w){h=!1,console.warn(`Auth Error: ${w.message}`),Ar(n,"budibase:auth")}}if(!h&&d){let y=e.populateUser?e.populateUser(n):null,{valid:I,user:O}=await aM(d,y);I&&(h=!0,m="api_key",p=O,S=!O)}!p&&f?p={tenantId:f}:p&&"password"in p&&delete p.password,h||(h=!1);let E=s(y=>y&&y.email,"isUser");return E(p)&&L_.default.setUser({id:p._id,tenantId:p.tenantId,budibaseAccess:p.budibaseAccess,status:p.status}),U_(n,{authenticated:h,user:p,internal:S,version:a,publicEndpoint:o,loginMethod:m}),E(p)?ff(p,n,i):i()}catch(c){if(console.warn(`Auth Error: ${c.message}`),c?.name==="JsonWebTokenError"?Ar(n,"budibase:auth"):c?.code==="invalid_api_key"&&n.throw(403,c.message),e&&e.publicAllowed||o)return U_(n,{authenticated:!1,version:a,publicEndpoint:o}),i();n.throw(c.status||403,c)}}}s(bc,"authenticated");async function xc(t,e){if(t.internal)return e();let r=await cn(t);return!r&&!g.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!ke(t.user)?t.throw(403,"Builder user only endpoint."):r&&!Ai(t.user,r)&&t.throw(403,"Workspace builder user only endpoint."),e()}s(xc,"builderOnly");async function vc(t,e){if(t.internal||bt(t.user))return e();let r=await cn(t);return!r&&!g.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!ke(t.user)?t.throw(403,"Admin/Builder user only endpoint."):r&&!Ai(t.user,r)&&t.throw(403,"Workspace Admin/Builder user only endpoint."),e()}s(vc,"builderOrAdmin");var F_=B(require("crypto"));var M_={"default-src":["'self'"],"script-src":["'self'","'unsafe-eval'","https://*.budibase.net","https://cdn.budi.live","https://js.intercomcdn.com","https://widget.intercom.io","https://d2l5prqdbvm3op.cloudfront.net","https://us-assets.i.posthog.com","https://www.google.com/recaptcha/api.js"],"style-src":["'self'","'unsafe-inline'","https://cdn.jsdelivr.net","https://fonts.googleapis.com","https://rsms.me","https://maxcdn.bootstrapcdn.com"],"object-src":["'none'"],"base-uri":["'self'"],"connect-src":["'self'","https://*.budibase.app","https://*.budibaseqa.app","https://*.budibase.net","https://api-iam.intercom.io","https://api-ping.intercom.io","https://app.posthog.com","https://us.i.posthog.com","wss://nexus-websocket-a.intercom.io","wss://nexus-websocket-b.intercom.io","https://nexus-websocket-a.intercom.io","https://nexus-websocket-b.intercom.io","https://uploads.intercomcdn.com","https://uploads.intercomusercontent.com","https://*.amazonaws.com","https://*.s3.amazonaws.com","https://*.s3.us-east-2.amazonaws.com","https://*.s3.us-east-1.amazonaws.com","https://*.s3.us-west-1.amazonaws.com","https://*.s3.us-west-2.amazonaws.com","https://*.s3.af-south-1.amazonaws.com","https://*.s3.ap-east-1.amazonaws.com","https://*.s3.ap-south-1.amazonaws.com","https://*.s3.ap-northeast-2.amazonaws.com","https://*.s3.ap-southeast-1.amazonaws.com","https://*.s3.ap-southeast-2.amazonaws.com","https://*.s3.ap-northeast-1.amazonaws.com","https://*.s3.ca-central-1.amazonaws.com","https://*.s3.cn-north-1.amazonaws.com","https://*.s3.cn-northwest-1.amazonaws.com","https://*.s3.eu-central-1.amazonaws.com","https://*.s3.eu-west-1.amazonaws.com","https://*.s3.eu-west-2.amazonaws.com","https://*.s3.eu-south-1.amazonaws.com","https://*.s3.eu-west-3.amazonaws.com","https://*.s3.eu-north-1.amazonaws.com","https://*.s3.sa-east-1.amazonaws.com","https://*.s3.me-south-1.amazonaws.com","https://*.s3.us-gov-east-1.amazonaws.com","https://*.s3.us-gov-west-1.amazonaws.com","https://api.github.com","https://d2l5prqdbvm3op.cloudfront.net"],"font-src":["'self'","data:","https://cdn.jsdelivr.net","https://fonts.gstatic.com","https://rsms.me","https://maxcdn.bootstrapcdn.com","https://js.intercomcdn.com","https://fonts.intercomcdn.com"],"frame-src":["'self'","https:"],"img-src":["http:","https:","data:","blob:"],"manifest-src":["'self'"],"media-src":["'self'","https://js.intercomcdn.com","https://cdn.budi.live"],"worker-src":["blob:","'self'"]},k_=/^[A-Za-z0-9-*:/.]+$/,B_=s(async(t,e)=>{let r=F_.default.randomBytes(16).toString("base64");t.state.nonce=r;let n={...M_};n["script-src"]=[...M_["script-src"],`'nonce-${r}'`];let i={"media-src":g.CUSTOM_CSP_MEDIA_SRC,"script-src":g.CUSTOM_CSP_SCRIPT_SRC,"connect-src":g.CUSTOM_CSP_CONNECT_SRC,"img-src":g.CUSTOM_CSP_IMG_SRC,"font-src":g.CUSTOM_CSP_FONT_SRC,"frame-src":g.CUSTOM_CSP_FRAME_SRC};for(let[u,c]of Object.entries(i))if(c){let l=c.split(",").map(d=>d.trim()).filter(d=>k_.test(d));n[u]=[...n[u]||[],...l]}if(t.user?.license?.features.includes("customAppScripts")&&t.appId)try{let u=await ks.getWorkspaceMetadata(t.appId);if("name"in u)for(let c of u.scripts||[]){let l=(c.cspWhitelist||"").split(`
 `).filter(f=>k_.test(f)),d=["default-src","script-src","connect-src","media-src","img-src","font-src","frame-src"];for(let f of d)n[f]=[...n[f]||[],...l]}}catch(u){console.error(`Error occurred in Content-Security-Policy middleware: ${u}`)}let a=Object.entries(n).map(([u,c])=>`${u} ${c.join(" ")}`).join("; ");t.set("Content-Security-Policy",a),await e()},"contentSecurityPolicy");var uM=["GET","HEAD","OPTIONS"],cM=["application/x-www-form-urlencoded","multipart/form-data","text/plain"];function Pc(t={noCsrfPatterns:[]}){let e=er(t.noCsrfPatterns);return async(r,n)=>{if(tr(r,e)||uM.indexOf(r.method)!==-1)return n();let o=r.get("content-type")?r.get("content-type").toLowerCase():"";if(!cM.filter(c=>o.includes(c)).length||r.internal)return n();let a=r.user?.csrfToken;if(!a)return n();let u=r.get("x-csrf-token");return(!u||u!==a)&&r.throw(403,"Invalid CSRF token"),n()}}s(Pc,"csrf");function W_(t){if(t.includes("-----BEGIN PRIVATE KEY-----"))return!0;for(let e of rT){let r=g[e];if(!(typeof r!="string"||r==="")&&t.includes(r))return!0}return!1}s(W_,"stringContainsSecret");async function $_(t,e){try{await e()}catch(r){let n=r.status||r.statusCode||500;t.status=n,n>=400&&n<500?console.warn(r):console.error("Got 400 response code",r);let i={message:r.message,status:n,validationErrors:r.validation,error:Qu(r)};if(W_(JSON.stringify(i))&&(i={message:"Unexpected error",status:n,error:"Unexpected error"}),g.isTest()&&t.headers["x-budibase-include-stacktrace"]){let o=r;for(;o.cause;)o=o.cause;i.stack=o.stack}t.body=i}}s($_,"errorHandling");var G_=s(async(t,e)=>{let n=jt(t,"budibase:featureflags")?.flags||{};await Uf(n,async()=>{await e()})},"featureFlagCookie");async function Nc(t,e){let r=t.request.headers["x-budibase-api-key"];return r||t.throw(403,"Unauthorized"),Array.isArray(r)&&t.throw(403,"Unauthorized"),Qs(r)||t.throw(403,"Unauthorized"),e()}s(Nc,"internalApi");async function V_(t,e){return t.ip?await xf(t.ip,()=>e()):e()}s(V_,"ip");var ko={};P(ko,{body:()=>lM,params:()=>dM});var xm=B(require("joi"));function q_(t,e,r){let n=r?.errorPrefix??`Invalid ${e}`;return(i,o)=>{if(!t)return o();let a=null,u=i.request?.[e];i[e]!=null?a=i[e]:u!=null&&(a=u),t.append&&(t=t.append({createdAt:xm.default.any().optional(),updatedAt:xm.default.any().optional()}));let{error:c}=t.validate(a,{allowUnknown:r?.allowUnknown});if(c){let l=c.message;n&&(l=`Invalid ${e} - ${l}`),i.throw(400,l)}return o()}}s(q_,"validate");function lM(t,e){return q_(t,"body",e)}s(lM,"body");function dM(t,e){return q_(t,"params",e)}s(dM,"params");var Oi={};P(Oi,{authenticate:()=>mM,options:()=>pM});function Oe(t,e,r){return t(r,null,{message:e})}s(Oe,"authError");async function Nr(t,e){if(e&&e.callbackURL)return e.callbackURL;let r=await am(),n="/api/global/auth";return Er()&&(n+=`/${$()}`),n+=`/${t}/callback`,`${r.platformUrl}${n}`}s(Nr,"ssoCallbackUrl");var vm="Invalid credentials",fM="This account has expired. Please reset your password",pM={passReqToCallback:!0};async function mM(t,e,r,n){if(!e)return Oe(n,"Email Required");if(!r)return Oe(n,"Password Required");let i=await At(e);return i==null?(console.info(`user=${e} could not be found`),Oe(n,vm)):i.status==="inactive"?(console.info(`user=${e} is inactive`,i),Oe(n,vm)):i.password?await cf(r,i.password)?(delete i.password,n(null,i)):Oe(n,vm):(console.info(`user=${e} has no password set`,i),Oe(n,fM))}s(mM,"authenticate");var rr={};P(rr,{buildVerifyFn:()=>j_,getCallbackUrl:()=>EM,strategyFactory:()=>Pm});var Fo=s(t=>Promise.resolve(t),"ssoSaveUserNoOp");async function Uc(t,e=!0,r,n){if(!n)throw new Error("Save user function must be provided");if(!t.userId)return Oe(r,"sso user id required");if(!t.email)return Oe(r,"sso user email required");let i=ni(t.userId),o;try{o=await On(i)}catch(u){if(!u.status||u.status!==404)return Oe(r,"Unexpected error when retrieving existing user",u)}if(o||(o=await At(t.email)),!o&&e)return Oe(r,"Email does not yet exist. You must set up your local budibase account first.");o||(o={_id:i,email:t.email,roles:{},tenantId:$()});let a=await hM(o,t);a.forceResetPassword=!1;try{delete a.password,a=await n(a,{hashPassword:!1,requirePassword:!1})}catch(u){return Oe(r,"Error saving user",u)}return r(null,a)}s(Uc,"authenticate");async function hM(t,e){let r,n,i;if(e.profile){let o=e.profile;if(o.name){let a=o.name;a.givenName&&(r=a.givenName),a.familyName&&(n=a.familyName)}}return e.oauth2&&(i={...e.oauth2}),{...t,provider:e.provider,providerType:e.providerType,firstName:r,lastName:n,oauth2:i}}s(hM,"syncUser");var gM=require("passport-google-oauth").OAuth2Strategy;function j_(t){return(e,r,n,i)=>{let o={provider:"google",providerType:"google",userId:n.id,profile:n,email:n._json.email,oauth2:{accessToken:e,refreshToken:r}};return Uc(o,!0,i,t)}}s(j_,"buildVerifyFn");async function Pm(t,e,r){try{let{clientID:n,clientSecret:i}=t;if(!n||!i)throw new Error("Configuration invalid. Must contain google clientID and clientSecret");let o=j_(r);return new gM({clientID:t.clientID,clientSecret:t.clientSecret,callbackURL:e},o)}catch(n){throw new Error(`Error constructing google authentication strategy: ${n}`)}}s(Pm,"strategyFactory");async function EM(t){return Nr("google",t)}s(EM,"getCallbackUrl");var nr={};P(nr,{buildVerifyFn:()=>z_,fetchStrategyConfig:()=>_M,getCallbackUrl:()=>OM,strategyFactory:()=>AM});var H_=B(require("node-fetch"));var Y_=require("@govtechsg/passport-openidconnect");function z_(t){return async(e,r,n,i,o,a,u,c,l)=>{let d=yM(r,n),f=TM(r,n),h={provider:e,providerType:"oidc",userId:d.id,profile:d,email:SM(d,f),oauth2:{accessToken:a,refreshToken:u}};return Uc(h,!1,l,t)}}s(z_,"buildVerifyFn");function yM(t,e){let r={...t?._json||{}};!r.email&&e.emails?.length&&(r.email=e.emails[0].value);let n=t?.displayName||e.displayName;return{id:t?.id||e.id,name:t?.name||e.name||!!n&&{givenName:n,familyName:""}||void 0,_json:r,provider:t?.provider}}s(yM,"normalizeProfile");function TM(t,e){return{email:t?._json?.email||e.emails?.[0]?.value,preferred_username:e.username}}s(TM,"buildJwtClaims");function SM(t,e){if(t._json.email)return t._json.email.toLowerCase();if(e.email)return e.email.toLowerCase();let r=e.preferred_username;if(r&&Zf(r))return r.toLowerCase();throw new Error(`Could not determine user email from profile ${JSON.stringify(t)} and claims ${JSON.stringify(e)}`)}s(SM,"getEmail");async function AM(t,e){try{let r=z_(e),n=new Y_.Strategy(t,r);return n.name="oidc",n}catch(r){throw new Error(`Error constructing OIDC authentication strategy - ${r}`)}}s(AM,"strategyFactory");async function _M(t,e){try{let{clientID:r,clientSecret:n,configUrl:i,pkce:o}=t;if(!r||!n||!e||!i)throw new Error("Configuration invalid. Must contain clientID, clientSecret, callbackUrl and configUrl");let a=await(0,H_.default)(i);if(!a.ok)throw new Error(`Unexpected response when fetching openid-configuration: ${a.statusText}`);let u=await a.json();return{issuer:u.issuer,authorizationURL:u.authorization_endpoint,tokenURL:u.token_endpoint,userInfoURL:u.userinfo_endpoint,clientID:r,clientSecret:n,callbackURL:e,pkce:o}}catch(r){throw new Error(`Error constructing OIDC authentication configuration - ${r}`)}}s(_M,"fetchStrategyConfig");async function OM(){return Nr("oidc")}s(OM,"getCallbackUrl");function J_(t,e){let r=t.request.query?.query;if(t.request.method.toLowerCase()!=="get"&&t.throw(500,"Query to download middleware can only be used for get requests."),!r)return e();let n=decodeURIComponent(r),i;try{i=JSON.parse(n)}catch{return e()}return t.request.body=i,e()}s(J_,"querystringToBody");function Lc(t,e,r={noTenancyRequired:!1}){let n=er(t),i=er(e);return async function(o,a){let c={allowNoTenant:r.noTenancyRequired||!!tr(o,i)};!!tr(o,n)||(c.excludeStrategies=["query"]);let d=qs(o,c);return o.set("x-budibase-tenant-id",d),Ce(d,a)}}s(Lc,"tenancy");function X_(t=[]){let e=er(t);return async function(r,n){if(tr(r,e))return n();try{if((await Be("settings"))?.config?.active===!1){r.status=404,r.body={message:"Tenant not found"};return}}catch(i){if(i.message==="Global DB not found")return n();throw i}return n()}}s(X_,"activeTenant");async function Mc(t,e){if(t.internal||bt(t.user))return e();let r=await cn(t);return r&&!ic(t.user,r)?t.throw(403,"Workspace Admin/Builder user only endpoint."):!r&&!g.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!ke(t.user)&&t.throw(403,"Admin/Builder user only endpoint."),e()}s(Mc,"workspaceBuilderOrAdmin");var Nm={};P(Nm,{postAuth:()=>DM,preAuth:()=>wM});var IM=require("passport-google-oauth").OAuth2Strategy;async function Z_(){let t=await um();if(!t)throw new Error("No google configuration found");return t}s(Z_,"fetchGoogleCreds");async function wM(t,e,r){let n=await Z_(),o=`${await Uo({tenantAware:!1})}/api/global/auth/datasource/google/callback`,a=await Pm(n,o,Fo);return e.query.appId||e.throw(400,"appId query param not present."),t.authenticate(a,{scope:["profile","email","https://www.googleapis.com/auth/spreadsheets"],accessType:"offline",prompt:"consent"})(e,r)}s(wM,"preAuth");async function DM(t,e,r){let n=await Z_(),o=`${await Uo({tenantAware:!1})}/api/global/auth/datasource/google/callback`,a=jt(e,"budibase:datasourceauth");if(!a)throw new Error("Unable to fetch datasource auth cookie");return t.authenticate(new IM({clientID:n.clientID,clientSecret:n.clientSecret,callbackURL:o},(u,c,l,d)=>{Ar(e,"budibase:datasourceauth"),d(null,{accessToken:u,refreshToken:c})}),{successRedirect:"/",failureRedirect:"/error"},async(u,c)=>{let l=`/builder/workspace/${a.appId}/data`,d=ee();await zt(`datasource:creation:${a.appId}:google:${d}`,{tokens:c}),e.redirect(`${l}/new?continue_google_setup=${d}`)})(e,r)}s(DM,"postAuth");var RM={google:Nm};var eO=require("koa-passport"),CM=require("passport-local").Strategy,kc=require("passport-oauth2-refresh"),bM=bc,xM=Lc,vM=Pc,PM=eO;eO.use(new CM(Oi.options,Oi.authenticate));async function NM(t,e){let r=await nr.getCallbackUrl(),n,i;try{if(n=await nr.fetchStrategyConfig(t,r),!n)throw new Error("OIDC Config contents invalid");i=await nr.strategyFactory(n,Fo)}catch{throw new Error("Could not refresh OAuth Token")}return kc.use(i),new Promise(o=>{kc.requestNewAccessToken("oidc",e,(a,u,c,l)=>{o({err:a,accessToken:u,refreshToken:c,params:l})})})}s(NM,"refreshOIDCAccessToken");async function UM(t,e){let r=await rr.getCallbackUrl(t),n;try{n=await rr.strategyFactory(t,r,Fo)}catch(i){throw new Error(`Error constructing OIDC refresh strategy: message=${i.message}`)}return kc.use(n),new Promise(i=>{kc.requestNewAccessToken("google",e,(o,a,u,c)=>{i({err:o,accessToken:a,refreshToken:u,params:c})})})}s(UM,"refreshGoogleAccessToken");async function LM(t,e,r){switch(e){case"oidc":{if(!r)return{err:{data:"OIDC config id not provided"}};let n=await cm(r);return n?NM(n,t):{err:{data:"OIDC configuration not found"}}}case"google":{let n=await fc();return n?UM(n,t):{err:{data:"Google configuration not found"}}}}}s(LM,"refreshOAuthToken");async function MM(t,e){let r={accessToken:e.accessToken,refreshToken:e.refreshToken};try{let n=Y(),i=await n.get(t);typeof r.refreshToken!="string"&&delete r.refreshToken,i.oauth2={...i.oauth2,...r},await n.put(i),await vo(t)}catch(n){console.error("Could not update OAuth details for current user",n)}}s(MM,"updateUserOAuth");async function kM(t){let e=t.ctx,r=t.userId,n=t.keepActiveSession;if(!e)throw new Error("Koa context must be supplied to logout.");let i=jt(e,"budibase:auth"),o=await mo(r);i&&n?o=o.filter(u=>u.sessionId!==i.sessionId):Ar(e,"budibase:auth");let a=o.map(({sessionId:u})=>u);await Sn(r,{sessionIds:a,reason:"logout"}),await rc.logout(e.user?.email),await vo(r)}s(kM,"platformLogout");var km={};P(km,{validate:()=>GM});var x=B(require("joi"));var FM=["Relational","Non-relational","Spreadsheet","Object store","Graph","API"];function Mm(t,e){let{error:r}=t.validate(e);if(r)throw r}s(Mm,"runJoi");function BM(t){let e=x.default.object({type:x.default.string().allow("component").required(),metadata:x.default.object().unknown(!0).required(),hash:x.default.string().optional(),version:x.default.string().optional(),schema:x.default.object({name:x.default.string().required(),settings:x.default.array().items(x.default.object().unknown(!0)).required()}).unknown(!0)});Mm(e,t)}s(BM,"validateComponent");function WM(t){let e=x.default.object({type:x.default.string().allow(...Object.values($c)).required(),required:x.default.boolean().required(),default:x.default.any(),display:x.default.string()}),r=x.default.object({type:x.default.string().allow(...Object.values(Wc)),readable:x.default.boolean(),displayName:x.default.string(),fields:x.default.object().pattern(x.default.string(),e)}).required(),n=x.default.object({type:x.default.string().allow("datasource").required(),metadata:x.default.object().unknown(!0).required(),hash:x.default.string().optional(),version:x.default.string().optional(),schema:x.default.object({docs:x.default.string(),plus:x.default.boolean().optional(),isSQL:x.default.boolean().optional(),auth:x.default.object({type:x.default.string().required()}).optional(),features:x.default.object(Object.fromEntries(Object.values(Gc).map(i=>[i,x.default.boolean().optional()]))).optional(),relationships:x.default.boolean().optional(),description:x.default.string().required(),friendlyName:x.default.string().required(),type:x.default.string().allow(...FM),datasource:x.default.object().pattern(x.default.string(),e).required(),query:x.default.object().pattern(x.default.string(),r).unknown(!0).required(),extra:x.default.object().pattern(x.default.string(),x.default.object({type:x.default.string().required(),displayName:x.default.string().required(),required:x.default.boolean(),data:x.default.object()}))})});Mm(n,t)}s(WM,"validateDatasource");function $M(t){let e=x.default.object().pattern(x.default.string(),{type:x.default.string().allow(...Object.values(Vc)).required(),customType:x.default.string().allow(...Object.values(qc)),title:x.default.string(),description:x.default.string(),enum:x.default.array().items(x.default.string()),pretty:x.default.array().items(x.default.string())}),r=x.default.object({properties:e,required:x.default.array().items(x.default.string())}).concat(e).required(),n=x.default.object({type:x.default.string().allow("automation").required(),metadata:x.default.object().unknown(!0).required(),hash:x.default.string().optional(),version:x.default.string().optional(),schema:x.default.object({name:x.default.string().required(),tagline:x.default.string().required(),icon:x.default.string().required(),description:x.default.string().required(),type:x.default.string().allow("ACTION","LOGIC").required(),stepId:x.default.string().disallow(...uh).required(),inputs:x.default.object().optional(),schema:x.default.object({inputs:r,outputs:r}).required()})});Mm(n,t)}s($M,"validateAutomation");function GM(t){switch(t?.type){case"component":BM(t);break;case"datasource":WM(t);break;case"automation":$M(t);break;default:throw new Error(`Unknown plugin type - check schema.json: ${t.type}`)}}s(GM,"validate");var Fm={};P(Fm,{Client:()=>De,clients:()=>Tr,locks:()=>yn,utils:()=>Ya});var Gm={};P(Gm,{isBlacklisted:()=>HM,refreshBlacklist:()=>sO});var tO=B(require("dns")),Ur=B(require("net"));var rO=require("util");var VM=["127.0.0.0/8","10.0.0.0/8","172.16.0.0/12","192.168.0.0/16","169.254.0.0/16","0.0.0.0/8","::1/128","fc00::/7","fe80::/10"],Wm,qM=(0,rO.promisify)(tO.default.lookup);function nO(){return!(g.SELF_HOSTED&&g.BLACKLIST_IPS!==void 0)}s(nO,"shouldApplyDefaultBlacklist");function $m(t){return Ur.default.isIP(t)===6?"ipv6":"ipv4"}s($m,"getIpVersion");function KM(t){let e=Ur.default.isIP(t);return e===4?32:e===6?128:null}s(KM,"getMaxPrefixLength");function QM(t,e){if(!/^\d+$/.test(e))return null;let r=Number.parseInt(e,10),n=KM(t);return n==null||r>n?null:r}s(QM,"getValidSubnetPrefix");function jM(t){return Ur.default.isIP(t)?t:(t.startsWith("http")||(t=`https://${t}`),new URL(t).hostname.replace(/^\[|\]$/g,""))}s(jM,"parseAddress");async function iO(t){return t=jM(t),(await qM(t,{all:!0})).map(r=>r.address)}s(iO,"lookup");function Bm(t,e){let r=e.trim();if(!r)return;let n=r.split("/");if(n.length>2){console.log(`Ignoring invalid blacklist entry: ${r}`);return}let[i,o]=n,a=Ur.default.isIP(i);if(n.length===2){let u=QM(i,o);if(a&&u!==null){t.addSubnet(i,u,$m(i));return}console.log(`Ignoring invalid blacklist entry: ${r}`);return}a&&t.addAddress(i,$m(i))}s(Bm,"addEntryToBlacklist");async function sO(){let t=new Ur.default.BlockList;if(nO())for(let r of VM)Bm(t,r);let e=g.BLACKLIST_IPS?.split(",")||[];for(let r of e){let n=r.trim();if(!n)continue;let[i]=n.split("/");if(Ur.default.isIP(i)){Bm(t,n);continue}let o=await iO(n);for(let a of o)Bm(t,a)}Wm=t}s(sO,"refreshBlacklist");async function HM(t){Wm||await sO();let e;if(Ur.default.isIP(t))e=[t];else try{e=await iO(t)}catch{return nO()}return e.some(r=>Wm.check(r,$m(r)))}s(HM,"isBlacklisted");var qm={};P(qm,{init:()=>zM});var YM={"user:created":t=>t.userId,"user:updated":t=>t.userId,"user:deleted":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:admin:removed":t=>t.userId,"user:builder:assigned":t=>t.userId,"user:builder:removed":t=>t.userId,"user_group:created":t=>t.groupId,"user_group:updated":t=>t.groupId,"user_group:deleted":t=>t.groupId,"user_group:user_added":t=>t.groupId,"user_group:users_deleted":t=>t.groupId,"user_group:permissions_edited":t=>t.groupId,"automation:deleted":t=>t.automationId,"datasource:deleted":t=>t.datasourceId,"table:deleted":t=>t.tableId,"query:deleted":t=>t.queryId,"workspace_app:deleted":t=>t.workspaceAppId,"view:deleted":t=>t.id};function oO(t,e){let r=YM[t];if(!r)throw new Error("Event does not have a method of document ID extraction");return r(e)}s(oO,"getDocumentId");var Bo=class{constructor(e){this.processors=[];this.processors=e}static{s(this,"DocumentUpdateProcessor")}async processEvent(e,r,n){let i=r.realTenantId,o=oO(e,n);if(!(!i||!o))for(let{events:a,processor:u}of this.processors)a.includes(e)&&await Ce(i,async()=>{await u({id:o,tenantId:i,appId:n.appId,properties:n})})}shutdown(){return gA()}};var aO,Vm;function zM(t){Tt||Xu(),Vm||(Vm=new Bo(t)),aO||(aO=Tt.process(async e=>{let{event:r,identity:n,properties:i}=e.data;await Vm.processEvent(r,n,i)}))}s(zM,"init");var Zm={};P(Zm,{COUNT_FIELD_NAME:()=>Jm,Sql:()=>hO,SqlTable:()=>Fc,designDoc:()=>Xm,utils:()=>Of});var dO=require("knex");var JM=require("knex");function Km(t){return["link","formula","ai"].indexOf(t)!==-1}s(Km,"isIgnoredType");function uO(t,e,r,n,i){let o=e&&e.primary?e.primary:[],a=Object.values(e.schema),u=a.filter(h=>h.meta),c=u.length===a.length,l=[];n||(c?t.primary(u.map(h=>h.name)):o.length===1?(t.increments(o[0]).primary(),l.push(o[0])):t.primary(o));let d=Object.values(e.schema).map(h=>h.foreignKey);for(let[h,p]of Object.entries(e.schema)){let S=n?.schema[h];if(S&&S.type||l.includes(h)||i?.updated===h)continue;let m=p.type;switch(m){case"string":case"options":case"longform":case"barcodeqr":case"bb_reference_single":o.includes(h)?t.string(h,255):t.text(h);break;case"number":if(p.meta&&p.meta.toKey&&p.meta.toTable){let{toKey:E,toTable:y}=p.meta;t.integer(h).unsigned(),t.foreign(h).references(`${y}.${E}`)}else d.indexOf(h)===-1&&t.float(h);break;case"bigint":t.bigint(h);break;case"boolean":t.boolean(h);break;case"datetime":p.timeOnly?t.time(h):t.datetime(h,{useTz:!p.ignoreTimezones});break;case"array":case"bb_reference":Ue.schema.isDeprecatedSingleUserColumn(p)?t.text(h):t.json(h);break;case"link":if(p.relationshipType!=="many-to-one"&&p.relationshipType!=="many-to-many"){if(!p.foreignKey||!p.tableId)throw new Error("Invalid relationship schema");let{tableName:E}=yf(p.tableId),y=r[E];if(!y||!y.primary)throw new Error("Referenced table doesn't exist or has no primary keys");let I=y.primary[0],O=y.schema[I].externalType;O?t.specificType(p.foreignKey,O):t.integer(p.foreignKey).unsigned(),t.foreign(p.foreignKey).references(`${E}.${I}`)}break;case"signature_single":case"attachment":case"attachment_single":t.json(h);break;case"formula":break;case"ai":break;case"auto":case"json":case"internal":throw new Error(`${p.type} is not a valid SQL type`);default:_t.unreachable(m)}}let f=i?n?.schema[i.old].type:void 0;return i&&f&&!Km(f)&&t.renameColumn(i.old,i.updated),n&&Object.entries(n.schema).filter(([p,S])=>!Km(S.type)&&e.schema[p]==null).forEach(([p,S])=>{i?.old===p||Km(S.type)||(n.constrained&&n.constrained.indexOf(p)!==-1&&t.dropForeign(p),t.dropColumn(p))}),t}s(uO,"generateSchema");function ZM(t,e,r){return t.createTable(e.name,n=>{uO(n,e,r)})}s(ZM,"buildCreateTable");function ek(t,e,r,n,i){return t.alterTable(e.name,o=>{uO(o,e,r,n,i)})}s(ek,"buildUpdateTable");function tk(t,e){return t.dropTable(e.name)}s(tk,"buildDeleteTable");var Qm=class{static{s(this,"SqlTableQueryBuilder")}constructor(e){this.sqlClient=e}getBaseSqlClient(){return this.sqlClient}getSqlClient(){return this.extendedSqlClient||this.sqlClient}setExtendedSqlClient(e){this.extendedSqlClient=e}_operation(e){return e.operation}_tableQuery(e){let r=(0,JM.knex)({client:this.sqlClient}).schema;e?.schema&&(r=r.withSchema(e.schema));let n;if(!e.table||!e.tables)throw new Error("Cannot execute without table being specified");if(e.table.sourceType==="internal")throw new Error("Cannot perform table actions for SQS.");switch(this._operation(e)){case"CREATE_TABLE":n=ZM(r,e.table,e.tables);break;case"UPDATE_TABLE":if(!e.table)throw new Error("Must specify old table for update");if(this.sqlClient==="mysql2"&&e.meta?.renamed){let i=e.meta.renamed.updated;return{sql:`alter table ${e?.schema?`\`${e.schema}\`.\`${e.table.name}\``:`\`${e.table.name}\``} rename column \`${e.meta.renamed.old}\` to \`${i}\`;`,bindings:[]}}if(n=ek(r,e.table,e.tables,e.meta?.oldTable,e.meta?.renamed),this.sqlClient==="mssql"&&e.meta?.renamed){let i=e.meta.renamed.old,o=e.meta.renamed.updated,a=e?.schema?`${e.schema}.${e.table.name}`:`${e.table.name}`,u=Xn(n);if(Array.isArray(u))for(let c of u)c.sql.startsWith("exec sp_rename")&&(c.sql=`exec sp_rename '${a}.${i}', '${o}', 'COLUMN'`,c.bindings=[]);return u}break;case"DELETE_TABLE":n=tk(r,e.table);break;default:throw new Error("Table operation is of unknown type")}return Xn(n)}},Fc=Qm;var fO=require("lodash");var Jm="__bb_total";function cO(){return(g.SQL_MAX_ROWS?parseInt(g.SQL_MAX_ROWS):null)||5e3}s(cO,"getBaseLimit");function jm(){return(g.SQL_MAX_RELATED_ROWS?parseInt(g.SQL_MAX_RELATED_ROWS):null)||500}s(jm,"getRelationshipLimit");function rk(t,e){return t.sort((r,n)=>{let i=e.find(a=>a&&r.endsWith(a)),o=e.find(a=>a&&n.endsWith(a));return i&&!o?-1:!i&&o?1:r.localeCompare(n)})}s(rk,"prioritisedArraySort");function pO(t){return Array.isArray(t)?t.map(e=>pO(e)):(t.bindings&&(t.bindings=t.bindings.map(e=>typeof e=="boolean"?e?1:0:e)),t)}s(pO,"convertBooleans");function lO(t){return t.sourceType==="internal"||t.sourceId===jc}s(lO,"isSqs");function nk(t,e='"'){return t.replace(new RegExp(e,"g"),`${e}${e}`)}s(nk,"escapeQuotes");function ik(t,e='"'){return`${e}${nk(t,e)}${e}`}s(ik,"wrap");function sk(t,e='"'){for(let r in t)typeof t[r]=="string"&&(t[r]=ik(t[r],e));return`[${t.join(",")}]`}s(sk,"stringifyArray");function Hm(t){return`{${(Array.isArray(t)?t:t==null?[]:[t]).map(n=>{if(typeof n=="string"&&n.length>1){let i=n[0],o=n[n.length-1];if(i==='"'&&o==='"'||i==="'"&&o==="'")return n.substring(1,n.length-1)}return`${n}`}).join(",")}}`}s(Hm,"toPgArrayLiteral");function mO(t){return lh.includes(t.type)&&!Ue.schema.isDeprecatedSingleUserColumn(t)}s(mO,"isJsonColumn");var ok={equal:!1,notEqual:!0,empty:!1,notEmpty:!0,fuzzy:!1,string:!1,range:!1,contains:!1,notContains:!0,containsAny:!1,oneOf:!1,$and:!1,$or:!1},Ym=class{constructor(e,r,n){this.SPECIAL_SELECT_CASES={POSTGRES_ARRAY:e=>this.client==="pg"&&e?.externalType?.toLowerCase()==="array",POSTGRES_MONEY:e=>this.client==="pg"&&e?.externalType?.includes("money"),POSTGRES_ENUM:e=>this.client==="pg"&&e?.externalType?.toLowerCase()==="user-defined"&&e?.type==="options",MSSQL_DATES:e=>this.client==="mssql"&&e?.type==="datetime"&&e.timeOnly};this.client=e,this.query=n,this.knex=r,this.splitter=new mr.ColumnSplitter([this.table],{aliases:this.query.tableAliases,columnPrefix:this.query.meta?.columnPrefix})}static{s(this,"InternalBuilder")}get table(){return this.query.table}get knexClient(){return this.knex.client}getFieldSchema(e){let{column:r}=this.splitter.run(e);return this.table.schema[r]}requiresJsonAsStringClient(){return["mssql","mysql2","mariadb","oracledb"].includes(this.client)}quoteChars(){let e=this.knexClient.wrapIdentifier("foo",{});return[e[0],e[e.length-1]]}quote(e){return this.knexClient.wrapIdentifier(e,{})}isQuoted(e){let[r,n]=this.quoteChars();return e.startsWith(r)&&e.endsWith(n)}quotedIdentifier(e){return Array.isArray(e)||(e=this.splitIdentifier(e)),e.map(r=>this.quote(r)).join(".")}castIntToString(e){switch(this.client){case"oracledb":return this.knex.raw("to_char(??)",[e]);case"pg":return this.knex.raw("??::TEXT",[e]);case"mysql2":case"mariadb":return this.knex.raw("CAST(?? AS CHAR)",[e]);case"sqlite3":return this.knex.raw("printf('%d', ??)",[e]);case"mssql":return this.knex.raw("CONVERT(NVARCHAR, ??)",[e])}}rawQuotedIdentifier(e){return this.knex.raw(this.quotedIdentifier(e))}splitIdentifier(e){let[r,n]=this.quoteChars();return this.isQuoted(e)?e.slice(1,-1).split(`${n}.${r}`):e.split(".")}qualifyIdentifier(e){let r=this.getTableName(),n=this.splitIdentifier(e);return n[0]!==r&&n.unshift(r),this.isQuoted(e)?this.quotedIdentifier(n):n.join(".")}generateSelectStatement(){let{table:e,resource:r}=this.query;if(!r||!r.fields||r.fields.length===0)return"*";let n=this.getTableName(e),i=this.table.schema;return r.fields.map(a=>{let u=a.split(/\./g),c,l=u[0];return u.length>1&&(c=u[0],l=u.slice(1).join(".")),{table:c,column:l,field:a}}).filter(({table:a})=>!a||a===n).map(({table:a,column:u,field:c})=>{let l=i[u];return this.SPECIAL_SELECT_CASES.POSTGRES_MONEY(l)?this.knex.raw("??::money::numeric as ??",[this.rawQuotedIdentifier([a,u].join(".")),this.knex.raw(this.quote(c))]):this.SPECIAL_SELECT_CASES.MSSQL_DATES(l)?this.knex.raw("CONVERT(varchar, ??, 108) as ??",[this.rawQuotedIdentifier(c),this.knex.raw(this.quote(c))]):a?this.rawQuotedIdentifier(`${a}.${u}`):this.rawQuotedIdentifier(c)})}convertClobs(e,r){if(this.client!=="oracledb")throw new Error("you've called convertClobs on a DB that's not Oracle, this is a mistake");let i=this.splitIdentifier(e).pop(),o=this.table.schema[i],a=this.rawQuotedIdentifier(e);return(o.type==="string"||o.type==="longform"||o.type==="bb_reference_single"||o.type==="bb_reference"||o.type==="options"||o.type==="barcodeqr")&&(r?.forSelect?a=this.knex.raw("to_char(??) as ??",[a,this.rawQuotedIdentifier(i)]):a=this.knex.raw("to_char(??)",[a])),a}parse(e,r){if(Array.isArray(e))return JSON.stringify(e);if(e==null)return null;if(this.requiresJsonAsStringClient()&&mO(r)&&typeof e=="object")return JSON.stringify(e);if(this.SPECIAL_SELECT_CASES.POSTGRES_ARRAY(r))return`{${e}}`;if(this.client==="oracledb"&&r.type==="datetime"&&r.timeOnly){if(e instanceof Date){let n=e.getHours().toString().padStart(2,"0"),i=e.getMinutes().toString().padStart(2,"0"),o=e.getSeconds().toString().padStart(2,"0");return`${n}:${i}:${o}`}if(typeof e=="string")return new Date(`1970-01-01T${e}Z`)}if(typeof e=="string"&&r.type==="datetime")if(r.timeOnly){if(!Af(e))return null}else if(r.dateOnly){let n=Sf(e);return n?new Date(n):null}else return r.ignoreTimezones?eu(e)?new Date(e):Tf(e)?new Date(e+"Z"):null:eu(e)?new Date(e.trim()):null;return e}parseBody(e){for(let[r,n]of Object.entries(e)){let{column:i}=this.splitter.run(r),o=this.table.schema[i];o&&(e[r]=this.parse(n,o))}return e}parseFilters(e){e=(0,fO.cloneDeep)(e);for(let r of Object.values(kr)){let n=e[r];if(n)for(let i of Object.keys(n)){if(Array.isArray(n[i])){n[i]=JSON.stringify(n[i]);continue}let{column:o}=this.splitter.run(i),a=this.table.schema[o];a&&(n[i]=this.parse(n[i],a))}}for(let r of Object.values(sr)){let n=e[r];if(n)for(let i of Object.keys(n)){let{column:o}=this.splitter.run(i),a=this.table.schema[o];a&&(n[i]=n[i].map(u=>this.parse(u,a)))}}for(let r of Object.values(Cn)){let n=e[r];if(n)for(let i of Object.keys(n)){let{column:o}=this.splitter.run(i),a=this.table.schema[o];if(!a)continue;let u=n[i];"low"in u&&(u.low=this.parse(u.low,a)),"high"in u&&(u.high=this.parse(u.high,a))}}return e}addJoinFieldCheck(e,r){let n=r.from?.split(".")[0]||"";return e.andWhere(`${n}.fieldName`,"=",r.column)}addRelationshipForFilter(e,r,n,i,o){let{relationships:a,schema:u,tableAliases:c,table:l}=this.query,d=c?.[l.name]||l.name,f=s(h=>n.match(new RegExp(`^${h}\\.`)),"matches");if(!a)return e;for(let h of a){let p=h.tableName,S=c?.[p]||p,m=f(p)||f(S),E=f(h.column),y=h.column===this.splitter.run(n).column&&!this.splitter.run(n).tableName;if((m||E||y)&&h.to&&h.tableName){let I=this.knex.select(this.knex.raw(1)).from({[S]:p}),O=I.clone(),w=_f(h),T;if(m?T=n:T=n.replace(new RegExp(`^${h.column}.`),`${c?.[h.tableName]||h.tableName}.`),w){let _=c?.[w.through]||h.through,U=this.tableNameWithSchema(w.through,{alias:_,schema:u});O=O.innerJoin(U,function(){this.on(`${S}.${w.toPrimary}`,"=",`${_}.${w.to}`)}).where(`${_}.${w.from}`,"=",this.rawQuotedIdentifier(`${d}.${w.fromPrimary}`)),this.client==="sqlite3"&&(O=this.addJoinFieldCheck(O,w)),y&&i==="empty"?e=e.whereNotExists(O):y&&i==="notEmpty"?e=e.whereExists(O):e=e.where(R=>{R.whereExists(o(T,O)),r&&R.orWhereNotExists(I.clone().innerJoin(U,function(){this.on(`${d}.${w.fromPrimary}`,"=",`${_}.${w.from}`)}))})}else{let _=`${S}.${h.to}`,U=`${d}.${h.from}`;O=O.where(_,"=",this.rawQuotedIdentifier(U)),y&&i==="empty"?e=e.whereNotExists(O):y&&i==="notEmpty"?e=e.whereExists(O):e=e.where(R=>{R.whereExists(o(T,O.clone())),r&&R.orWhereNotExists(O)})}}}return e}addFilters(e,r,n){if(!r)return e;let i=this;r=this.parseFilters({...r});let o=this.query.tableAliases,a=r.allOr,c=this.client==="sqlite3"?this.table._id:this.table.name;function l(m){return o?.[m]||m}s(l,"getTableAlias");function d(m,E,y,I){let O=s((w,T,_)=>{let[U,...R]=T.split("."),k=R.join("."),H=l(U);return w.andWhere(Ie=>y(Ie,H?`${H}.${k}`:k,_))},"handleRelationship");for(let w in m){let T=m[w],_=Vs(w),U=_.includes(".")||i.getFieldSchema(_)?.type==="link",R=n?.relationship&&U,k;if(w==="_complexIdOperator"&&(k=m[w])&&I){let H=l(c);e=I(e,k.id.map(Ie=>H?`${H}.${Ie}`:Ie),k.values)}else if(U)R&&(a&&(e=e.or),e=i.addRelationshipForFilter(e,ok[E],_,E,(H,Ie)=>O(Ie,H,T)));else{let H=l(c);e=y(e,H?`${H}.${_}`:_,T)}}}s(d,"iterate");let f=this.client==="sqlite3"&&this.query.meta?.sqliteUseLikeWithoutLower,h=s((m,E,y)=>((r?.fuzzyOr||a)&&(m=m.or),f?m.whereRaw("?? LIKE ?",[this.rawQuotedIdentifier(E),`%${y}%`]):this.client==="oracledb"||this.client==="sqlite3"?m.whereRaw("LOWER(??) LIKE ?",[this.rawQuotedIdentifier(E),`%${y.toLowerCase()}%`]):m.whereILike(this.rawQuotedIdentifier(E),this.knex.raw("?",[`%${y}%`]))),"like"),p=s((m,E=!1)=>{function y(I){return(a||m===r?.containsAny)&&(I=I.or),m===r?.notContains&&(I=I.not),I}s(y,"addModifiers"),this.client==="pg"?d(m,"contains",(I,O,w)=>{I=y(I);let T=this.getFieldSchema(O),_=this.rawQuotedIdentifier(O),U=Array.isArray(w)?[...w]:[w],R=this.SPECIAL_SELECT_CASES.POSTGRES_ARRAY(T);return E?R?I.whereRaw("COALESCE(?? && ?::text[], FALSE)",[_,Hm(U)]):I.whereRaw("COALESCE(??::jsonb \\?| ?::text[], FALSE)",[_,Hm(U)]):R?I.whereRaw("COALESCE(?? @> ?::text[], FALSE)",[_,Hm(U)]):I.whereRaw("COALESCE(??::jsonb @> ?::jsonb, FALSE)",[_,sk(U)])}):this.client==="mysql2"||this.client==="mariadb"?d(m,"contains",(I,O,w)=>{let T=Array.isArray(w)?w:[w];return y(I).whereRaw("COALESCE(?(??, ?), FALSE)",[this.knex.raw(E?"JSON_OVERLAPS":"JSON_CONTAINS"),this.rawQuotedIdentifier(O),JSON.stringify(T)])}):d(m,"contains",(I,O,w)=>(w.length===0||(I=I.where(T=>(m===r?.notContains&&(T=T.not),T=T.where(_=>{for(let U of w){m===r?.containsAny?_=_.or:_=_.and;let R=!f,k=typeof U=="string"?`"${R?U.toLowerCase():U}"`:U,H=R?"COALESCE(LOWER(??), '')":"COALESCE(??, '')";_=_.whereLike(this.knex.raw(H,[this.rawQuotedIdentifier(O)]),`%${k}%`)}}),m===r?.notContains&&(T=T.or.whereNull(this.rawQuotedIdentifier(O))),T))),I))},"contains");if(r.$and){let{$and:m}=r;for(let E of m.conditions)e=e.where(y=>{this.addFilters(y,E,n)})}if(r.$or){let{$or:m}=r;e=e.where(E=>{for(let y of m.conditions)E.orWhere(I=>this.addFilters(I,{...y,allOr:!0},n))})}r.oneOf&&d(r.oneOf,"oneOf",(m,E,y)=>{let I=this.getFieldSchema(E),O=Array.isArray(y)?y:[y];if(a&&(m=m.or),this.client==="oracledb")E=this.convertClobs(E);else if(this.client==="sqlite3"&&I?.type==="datetime"&&I.dateOnly){for(let w of O)w!=null?m=m.or.whereLike(E,`${w.toISOString().slice(0,10)}%`):m=m.or.whereNull(E);return m}return m.whereIn(E,O)},(m,E,y)=>(a&&(m=m.or),this.client==="oracledb"&&(E=E.map(I=>this.convertClobs(I))),m.whereIn(E,Array.isArray(y)?y:[y]))),r.string&&d(r.string,"string",(m,E,y)=>{if(a&&(m=m.or),f)return m.whereRaw("?? LIKE ?",[this.rawQuotedIdentifier(E),`${y}%`]);if(this.client==="oracledb"||this.client==="sqlite3")return m.whereRaw("LOWER(??) LIKE ?",[this.rawQuotedIdentifier(E),`${y.toLowerCase()}%`]);{let I=this.getFieldSchema(E);return this.SPECIAL_SELECT_CASES.POSTGRES_ENUM(I)?m.whereRaw("??::text ilike ?",[this.knex.raw(this.quote(I.name)),`${y}%`]):m.whereILike(E,`${y}%`)}}),r.fuzzy&&d(r.fuzzy,"fuzzy",h),r.range&&d(r.range,"range",(m,E,y)=>{let I=s(k=>k&&Object.keys(k).length===0&&Object.getPrototypeOf(k)===Object.prototype,"isEmptyObject");I(y.low)&&(y.low=""),I(y.high)&&(y.high="");let O=tu(y.low),w=tu(y.high),T=this.getFieldSchema(E),_=E,U=y.high,R=y.low;return this.client==="sqlite3"&&T?.type==="datetime"&&T.dateOnly&&(U!=null&&(U=`${U.toISOString().slice(0,10)}T23:59:59.999Z`),R!=null&&(R=R.toISOString().slice(0,10))),this.client==="oracledb"?_=this.convertClobs(E):this.client==="sqlite3"&&T?.type==="bigint"&&(_=this.knex.raw("CAST(?? AS INTEGER)",[this.rawQuotedIdentifier(E)]),U=this.knex.raw("CAST(? AS INTEGER)",[y.high]),R=this.knex.raw("CAST(? AS INTEGER)",[y.low])),a&&(m=m.or),O&&w?m.whereBetween(_,[R,U]):O?m.where(_,">=",R):w?m.where(_,"<=",U):m}),r.equal&&d(r.equal,"equal",(m,E,y)=>{let I=this.getFieldSchema(E);if(a&&(m=m.or),this.client==="mssql")return m.whereRaw("CASE WHEN ?? = ? THEN 1 ELSE 0 END = 1",[this.rawQuotedIdentifier(E),y]);if(this.client==="oracledb"){let O=this.convertClobs(E);return m.where(w=>w.whereNotNull(O).andWhere(O,y))}else return this.client==="sqlite3"&&I?.type==="datetime"&&I.dateOnly?y!=null?m.whereLike(E,`${y.toISOString().slice(0,10)}%`):m.whereNull(E):m.whereRaw("COALESCE(?? = ?, FALSE)",[this.rawQuotedIdentifier(E),y])}),r.notEqual&&d(r.notEqual,"notEqual",(m,E,y)=>{let I=this.getFieldSchema(E);if(a&&(m=m.or),this.client==="mssql")return m.whereRaw("CASE WHEN ?? = ? THEN 1 ELSE 0 END = 0",[this.rawQuotedIdentifier(E),y]);if(this.client==="oracledb"){let O=this.convertClobs(E);return m.where(w=>w.not.whereNull(O).and.where(O,"!=",y)).or.whereNull(O)}else return this.client==="sqlite3"&&I?.type==="datetime"&&I.dateOnly?y!=null?m.not.whereLike(E,`${y.toISOString().slice(0,10)}%`).or.whereNull(E):m.not.whereNull(E):m.whereRaw("COALESCE(?? != ?, TRUE)",[this.rawQuotedIdentifier(E),y])}),r.empty&&d(r.empty,"empty",(m,E)=>(a&&(m=m.or),m.whereNull(E))),r.notEmpty&&d(r.notEmpty,"notEmpty",(m,E)=>(a&&(m=m.or),m.whereNotNull(E))),r.contains&&p(r.contains),r.notContains&&p(r.notContains),r.containsAny&&p(r.containsAny,!0);let S=o?.[this.table._id]||this.table._id;return r.documentType&&!Ef(this.table)&&S&&e.andWhereLike(`${S}._id`,`${or(r.documentType)}%`),e}isSqs(){return lO(this.table)}getTableName(e){e||(e=this.table);let r=e.name;lO(e)&&e._id&&(r=e._id);let n=this.query.tableAliases||{};return n[r]?n[r]:r}addDistinctCount(e){if(!this.table.primary)throw new Error("SQL counting requires primary key to be supplied");return e.countDistinct(`${this.getTableName()}.${this.table.primary[0]} as ${Jm}`)}addAggregations(e,r){let n=this.query.resource?.fields||[],i=this.getTableName();if(n.length>0){let o=n.map(a=>this.qualifyIdentifier(a));if(this.client==="oracledb"){let a=o.map(c=>this.convertClobs(c)),u=o.map(c=>this.convertClobs(c,{forSelect:!0}));e=e.groupBy(a).select(u)}else e=e.groupBy(o).select(o)}for(let o of r){let a=o.calculationType;if(a==="count")if("distinct"in o&&o.distinct)if(this.client==="oracledb"){let u=this.convertClobs(`${i}.${o.field}`);e=e.select(this.knex.raw("COUNT(DISTINCT ??) as ??",[u,o.name]))}else e=e.countDistinct(`${i}.${o.field} as ${o.name}`);else if(this.client==="oracledb"){let u=this.convertClobs(`${i}.${o.field}`);e=e.select(this.knex.raw("COUNT(??) as ??",[u,o.name]))}else e=e.count(`${o.field} as ${o.name}`);else{let u=this.getFieldSchema(o.field);if(!u)throw new Error(`field schema missing for aggregation target: ${o.field}`);let c=this.knex.raw("??(??)",[this.knex.raw(a),this.rawQuotedIdentifier(`${i}.${o.field}`)]);u.type==="bigint"&&(c=this.castIntToString(c)),e=e.select(this.knex.raw("?? as ??",[c,o.name]))}}return e}isAggregateField(e){return!!this.query.resource?.aggregations?.find(n=>n.name===e)}addSorting(e){let{sort:r,resource:n}=this.query,i=this.table.primary,o=this.getTableName();if(!Array.isArray(i))throw new Error("Sorting requires primary key to be specified for table");if(r&&Object.keys(r||{}).length>0)for(let[u,c]of Object.entries(r)){let l=this.getFieldSchema(u);if(this.isUnsortableField(l))continue;let d=c.direction==="ascending"?"asc":"desc",f;(this.client==="pg"||this.client==="oracledb")&&(f=c.direction==="ascending"?"first":"last");let h=`${o}.${u}`,p;this.isAggregateField(u)?p=this.rawQuotedIdentifier(u):this.client==="oracledb"?p=this.convertClobs(h):p=this.rawQuotedIdentifier(h),e=e.orderByRaw(`?? ?? ${f?"nulls ??":""}`,[p,this.knex.raw(d),...f?[this.knex.raw(f)]:[]])}if(!((n?.aggregations?.length??0)>0)){let u=this.findSortablePrimaryKey(i);if(u&&(!r||r[u]===void 0))e=e.orderBy(`${o}.${u}`);else if(!u&&(!r||Object.keys(r).length===0))throw new Error(`Primary key not found for table ${this.table.name}`)}return e}isUnsortableField(e){return e?.type==="json"}findSortablePrimaryKey(e){return e.find(r=>{if(r==null)return!1;let n=this.getFieldSchema(r);return!this.isUnsortableField(n)})}tableNameWithSchema(e,r){let n=r?.schema?`${r.schema}.${e}`:e;return r?.alias&&(n+=` as ${r.alias}`),n}buildJsonField(e,r){let n=r.split("."),i=n[n.length-1],o,a;if(n.length>1){let l=n.shift();o=n.join("."),a=`${l}.${o}`}else o=n.join("."),a=o;this.query.meta?.columnPrefix&&(i=i.replace(this.query.meta.columnPrefix,""));let u=this.rawQuotedIdentifier(a),c=e.schema[i];return c&&c.type==="bigint"&&(u=this.castIntToString(u)),[o,u]}maxFunctionParameters(){switch(this.client){case"sqlite3":return 127;case"pg":return 100;default:return 200}}addJsonRelationships(e,r,n){let i=this.client,o=this.knex,{resource:a,tableAliases:u,schema:c,tables:l}=this.query,d=a?.fields||[];for(let f of n){let{tableName:h,through:p,to:S,from:m,fromPrimary:E,toPrimary:y}=f;if(!h||!r)continue;let I=l[h];if(!I)throw new Error(`related table "${h}" not found in datasource`);let O=u?.[h]||h,w=u?.[r]||r,T=p&&u?.[p]||p,_=this.tableNameWithSchema(h,{alias:O,schema:c}),U=[...I?.primary||[],I?.primaryDisplay].filter(D=>D),R=rk(d.filter(D=>D.split(".")[0]===O),U);R=R.slice(0,Math.floor(this.maxFunctionParameters()/2));let k=R.map(D=>this.buildJsonField(I,D));if(!k.length)continue;let H=k.map(D=>{let J=this.client==="oracledb"?" VALUE ":",";return this.knex.raw(`?${J}??`,[D[0],D[1]]).toString()}).join(","),Ie=`${O}.${y||S}`,W=o.from(_).orderBy(Ie),F=p&&y&&E,N=F?`${T}.${m}`:`${O}.${S}`,G=F?`${w}.${E}`:`${w}.${m}`;if(F){let D=this.tableNameWithSchema(p,{alias:T,schema:c});W=W.join(D,function(){this.on(`${O}.${y}`,"=",`${T}.${S}`)})}W=W.where(this.rawQuotedIdentifier(N),"=",this.rawQuotedIdentifier(G));let M=s(D=>(W=W.select(R.map(J=>this.rawQuotedIdentifier(J))).limit(jm()),o.select(D).from({[O]:W})),"standardWrap"),K;switch(i){case"sqlite3":W=this.addJoinFieldCheck(W,f),K=M(this.knex.raw(`json_group_array(json_object(${H}))`));break;case"pg":K=M(this.knex.raw(`json_agg(json_build_object(${H}))`));break;case"mariadb":K=W.select(o.raw(`json_arrayagg(json_object(${H}) LIMIT ${jm()})`));break;case"mysql2":case"oracledb":K=M(this.knex.raw(`json_arrayagg(json_object(${H}))`));break;case"mssql":{let D=o.select("*").from({[w]:W.select(k.map(J=>o.ref(J[1]).as(J[0]))).limit(jm())});K=o.raw(`(SELECT ?? = (${D} FOR JSON PATH))`,[this.rawQuotedIdentifier(O)]);break}default:throw new Error(`JSON relationships not implement for ${i}`)}e=e.select({[f.column]:K})}return e}addJoin(e,r,n){let{tableAliases:i,schema:o}=this.query,a=r.to,u=r.from,c=r.through,l=i?.[a]||a,d=c&&i?.[c]||c,f=i?.[u]||u,h=this.tableNameWithSchema(a,{alias:l,schema:o}),p=c?this.tableNameWithSchema(c,{alias:d,schema:o}):void 0;return c?e=e.leftJoin(p,function(){for(let S of n){let m=S.fromPrimary,E=S.from;this.orOn(`${f}.${m}`,"=",`${d}.${E}`)}}).leftJoin(h,function(){for(let S of n){let m=S.toPrimary,E=S.to;this.orOn(`${l}.${m}`,`${d}.${E}`)}}):e=e.leftJoin(h,function(){for(let S of n){let m=S.from,E=S.to;this.orOn(`${f}.${m}`,"=",`${l}.${E}`)}}),e}qualifiedKnex(e){let r=this.query.tableAliases?.[this.query.table.name];return e?.alias===!1?r=void 0:typeof e?.alias=="string"&&(r=e.alias),this.knex(this.tableNameWithSchema(this.query.table.name,{alias:r,schema:this.query.schema}))}create(e){let{body:r}=this.query;if(!r)throw new Error("Cannot create without row body");let n=this.qualifiedKnex({alias:!1}),i=this.parseBody(r);if(this.client==="oracledb")for(let[o,a]of Object.entries(this.query.table.schema)){if(a.constraints?.presence===!0||a.type==="formula"||a.type==="auto"||a.type==="link"||a.type==="ai")continue;i[o]==null&&(i[o]=null)}else for(let[o,a]of Object.entries(i))a==null&&delete i[o];return e.disableReturning?n.insert(i):n.insert(i).returning("*")}bulkCreate(){let{body:e}=this.query,r=this.qualifiedKnex({alias:!1});if(!Array.isArray(e))return r;let n=e.map(i=>this.parseBody(i));return r.insert(n)}bulkUpsert(){let{body:e}=this.query,r=this.qualifiedKnex({alias:!1});if(!Array.isArray(e))return r;let n=e.map(i=>this.parseBody(i));if(this.client==="pg"||this.client==="sqlite3"||this.client==="mysql2"||this.client==="mariadb"){let i=this.table.primary;if(!i)throw new Error("Primary key is required for upsert");return r.insert(n).onConflict(i).merge()}else if(this.client==="mssql"||this.client==="oracledb")return r.insert(n);return r.upsert(n)}read(e={}){let{operation:r,filters:n,paginate:i,relationships:o,table:a}=this.query,{limits:u}=e,c=this.qualifiedKnex(),l=null,d=u?.query||u?.base;if(i&&i.page&&i.limit){let p=(i.page<=1?0:i.page-1)*i.limit;d=i.limit,l=p}else i&&i.offset&&i.limit?(d=i.limit,l=i.offset):i&&i.limit&&(d=i.limit);r!=="COUNT"&&(d!=null&&(c=c.limit(d)),l!=null&&(c=c.offset(l)));let f=this.query.resource?.aggregations||[];if(r==="COUNT"?c=this.addDistinctCount(c):f.length>0?c=this.addAggregations(c,f):c=c.select(this.generateSelectStatement()),r!=="COUNT"&&(c=this.addSorting(c)),c=this.addFilters(c,n,{relationship:!0}),o?.length&&f.length===0){let h=this.query.tableAliases?.[a.name]||a.name,p=this.addSorting(this.knex.with("paginated",c.clone().clearSelect().select("*")).select(this.generateSelectStatement()).from({[h]:"paginated"}));return this.addJsonRelationships(p,a.name,o)}return c}update(e){let{body:r,filters:n}=this.query;if(!r)throw new Error("Cannot update without row body");let i=this.qualifiedKnex(),o=this.parseBody(r);return i=this.addFilters(i,n,{relationship:!0}),e.disableReturning?i.update(o):i.update(o).returning("*")}delete(e){let{filters:r}=this.query,n=this.qualifiedKnex();return n=this.addFilters(n,r,{relationship:!0}),e.disableReturning?n.delete():n.delete().returning(this.generateSelectStatement())}},zm=class extends Fc{constructor(r,n=cO()){super(r);this.limit=n}static{s(this,"SqlQueryBuilder")}convertToNative(r,n={}){let i=this.getSqlClient();if(n?.disableBindings)return{sql:r.toString()};{let o=Xn(r);return i==="sqlite3"&&(o=pO(o)),o}}_query(r,n={}){let i=this.getSqlClient(),o={client:this.getBaseSqlClient()};(i==="sqlite3"||i==="oracledb")&&(o.useNullAsDefault=!0);let a=(0,dO.knex)(o),u,c=new Ym(i,a,r);switch(this._operation(r)){case"CREATE":u=c.create(n);break;case"READ":u=c.read({limits:{query:this.limit,base:cO()}});break;case"COUNT":u=c.read();break;case"UPDATE":u=c.update(n);break;case"DELETE":u=c.delete(n);break;case"BULK_CREATE":u=c.bulkCreate();break;case"BULK_UPSERT":u=c.bulkUpsert();break;case"CREATE_TABLE":case"UPDATE_TABLE":case"DELETE_TABLE":return this._tableQuery(r);default:throw"Operation type is not supported by SQL query builder"}return this.convertToNative(u,n)}async getReturningRow(r,n){if(!n.extra||!n.extra.idFilter)return{};let i=this._query({operation:"READ",datasource:n.datasource,schema:n.schema,table:n.table,tables:n.tables,resource:{fields:[]},filters:n.extra?.idFilter,paginate:{limit:1}});return r(i,"READ")}checkLookupKeys(r,n){if(!r||!n.table.primary)return n;let i=n.table.primary[0];return n.extra={idFilter:{equal:{[i]:r}}},n}async queryWithReturning(r,n,i=o=>o){let o=this.getSqlClient(),a=this._operation(r),u=this._query(r,{disableReturning:!0});if(Array.isArray(u)){let f=[];for(let h of u)f.push(await n(h,a));return f}let c;a==="DELETE"&&(c=i(await this.getReturningRow(n,r)));let l=await n(u,a),d=i(l);if(a==="CREATE"||a==="UPDATE"){let f;o==="mssql"?f=d?.[0].id:(o==="mysql2"||o==="mariadb")&&(f=d?.insertId),c=i(await this.getReturningRow(n,this.checkLookupKeys(f,r)))}return a==="COUNT"?d:a!=="READ"?c:d.length?d:[{[a.toLowerCase()]:!0}]}getTableName(r,n){let i=r.name;if(r.sourceType==="internal"||r.sourceId===jc){if(!r._id)return;i=r._id}return n?.[i]||i}convertJsonStringColumns(r,n,i){let o=this.getTableName(r,i);for(let[a,u]of Object.entries(r.schema)){if(!mO(u))continue;let c=`${o}.${a}`;for(let l of n)typeof l[c]=="string"&&(l[c]=JSON.parse(l[c])),typeof l[a]=="string"&&(l[a]=JSON.parse(l[a]))}return n}log(r,n){vs(this.getSqlClient(),r,n)}},hO=zm;var Xm={};P(Xm,{base:()=>ak});function ak(t){return{_id:Rt,language:"sqlite",sql:{tables:{},options:{table_name:t}}}}s(ak,"base");var eh={};P(eh,{jsonFromCsvString:()=>uk});var gO=B(require("csvtojson"));async function uk(t,e){let{ignoreEmpty:r=!1,allowSingleColumn:n=!1,possibleDelimiters:i=[",",";",":","|","~","	"," "]}=e||{};for(let o of i){let a,u=!1;try{let c=await(0,gO.default)({ignoreEmpty:r,delimiter:o}).fromString(t);for(let[,l]of c.entries()){let d=Object.keys(l);if(a==null&&(a=d),!n&&d.length===1){u=!0;break}if(a.length!==d.length){u=!0;break}for(let f of a)(l[f]===void 0||l[f]==="")&&(l[f]=null)}if(u)continue;return c}catch{continue}}throw new Error("Unable to determine delimiter")}s(uk,"jsonFromCsvString");var th=class{static{s(this,"Endpoint")}constructor(e,r,n){this.method=e,this.url=r,this.controller=n,this.middlewares=[],this.outputMiddlewares=[]}addMiddleware(e,r){return r?.first?this.middlewares.unshift(e):this.middlewares.push(e),this}addOutputMiddleware(e,r){return r?.first?this.outputMiddlewares.unshift(e):this.outputMiddlewares.push(e),this}apply(e){let r=this.method,n=this.url,i=this.middlewares,o=this.controller,a=this.outputMiddlewares,u=s(()=>{},"complete"),c=[n,...i,o,...a,u];e[r](...c)}},Bc=th;var EO=B(require("@koa/router"));var Dn=class{constructor(){this.endpoints=[];this.middlewares=[];this.outputMiddlewares=[];this.applied=!1;this.locked=!1}static{s(this,"EndpointGroup")}addGroupMiddleware(e,r={first:!0}){if(this.locked)throw new Error("Group locked, no more middleware can be added.");return this.middlewares.push({fn:e,first:r.first}),this}addGroupMiddlewareOutput(e,r={first:!1}){if(this.locked)throw new Error("Group locked, no more middleware can be added.");return this.outputMiddlewares.push({fn:e,first:r.first}),this}addEndpoint(e,r,...n){let i=n.pop(),o=new Bc(e,r,i);if(n.length!==0)for(let a of n)o.addMiddleware(a);return this.endpoints.push(o),this}lockMiddleware(){this.locked=!0}post(e,...r){return this.addEndpoint("post",e,...r)}patch(e,...r){return this.addEndpoint("patch",e,...r)}put(e,...r){return this.addEndpoint("put",e,...r)}get(e,...r){return this.addEndpoint("get",e,...r)}delete(e,...r){return this.addEndpoint("delete",e,...r)}head(e,...r){return this.addEndpoint("head",e,...r)}apply(e){let r=this.endpointList();e||(e=new EO.default);for(let n of r)n.apply(e);return e}endpointList(){if(this.applied)throw new Error("Already applied to router");this.applied=!0;for(let e of this.endpoints)this.middlewares.forEach(({fn:r,first:n})=>e.addMiddleware(r,{first:n})),this.outputMiddlewares.forEach(({fn:r,first:n})=>e.addOutputMiddleware(r,{first:n}));return this.endpoints}};var Wo=class{constructor(){this.groups=[]}static{s(this,"EndpointGroupList")}group(...e){let r=new Dn;return e.length&&e.forEach(n=>{"first"in n?r.addGroupMiddleware(n.middleware,{first:n.first}):r.addGroupMiddleware(n)}),this.groups.push(r),r}listAllEndpoints(){let e=this.groups.flatMap(i=>i.endpointList()),r=[],n=[];for(let i of e)i.url.includes(":")?n.push(i):r.push(i);return[...r,...n]}};var ck={...Ks,...ue},lk=s((t={})=>{Xa(t.db)},"init");0&&(module.exports={APIWarning,ActiveContentFileError,AutomationViewMode,BUDIBASE_DATASOURCE_TYPE,BadRequestError,BudibaseError,Config,Cookie,DEFAULT_BB_DATASOURCE_ID,DEFAULT_EMPLOYEE_TABLE_ID,DEFAULT_EXPENSES_TABLE_ID,DEFAULT_INVENTORY_TABLE_ID,DEFAULT_JOBS_TABLE_ID,DEFAULT_TENANT_ID,DeprecatedViews,DesignDocuments,DocumentType,Duration,DurationType,EmailUnavailableError,Endpoint,EndpointGroup,EndpointGroupList,FeatureDisabledError,FeatureDisabledWarning,ForbiddenError,GlobalRole,HTTPError,Header,InternalTable,InvalidAPIKeyWarning,MAX_VALID_DATE,MIN_VALID_DATE,NotFoundError,NotImplementedError,RedisClient,SEPARATOR,SQLITE_DESIGN_DOC_ID,SQS_DATASOURCE_INTERNAL,StaticDatabases,UNICODE_MAX,USER_METADATA_PREFIX,UnexpectedError,UsageLimitError,UsageLimitWarning,UserStatus,ViewName,WORKSPACE_DEV,WORKSPACE_DEV_PREFIX,WORKSPACE_PREFIX,accounts,auth,blacklist,cache,configs,constants,context,csv,db,docIds,docUpdates,encryption,env,errors,events,features,getErrorMessage,getPublicError,init,installation,locks,logging,middleware,objectStore,permissions,platform,plugins,queue,redis,roles,security,sessions,setEnv,sql,tenancy,timers,userUtils,users,utils,warnings,withEnv});
 //# sourceMappingURL=index.js.map

package/dist/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@budibase/backend-core",
-  "version": "3.33.5",
+  "version": "3.34.1",
   "description": "Budibase backend core libraries used in server and worker",
   "main": "dist/index.js",
   "types": "dist/src/index.d.ts",
@@ -112,5 +112,5 @@
       }
     }
   },
-  "gitHead": "26158d6d86644688158dba007ef84bde7277e488"
+  "gitHead": "a55111838ecb57332a3e62f3d9f08c6084936d66"
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@budibase/backend-core",
-  "version": "3.33.5",
+  "version": "3.34.1",
   "description": "Budibase backend core libraries used in server and worker",
   "main": "dist/index.js",
   "types": "dist/src/index.d.ts",
@@ -112,5 +112,5 @@
       }
     }
   },
-  "gitHead": "26158d6d86644688158dba007ef84bde7277e488"
+  "gitHead": "a55111838ecb57332a3e62f3d9f08c6084936d66"
 }