@budibase/backend-core 3.34.6 → 3.34.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/package.json +3 -3
- package/package.json +3 -3
package/dist/index.js
CHANGED
|
@@ -34,6 +34,6 @@ attempted value: ${o}
|
|
|
34
34
|
emit(doc.ssoId, doc._id)
|
|
35
35
|
}
|
|
36
36
|
}`,"platform_users_lowercase_2")},"createPlatformUserView"),$s=s(async(t,e)=>{let r={account_by_email:sS,platform_users_lowercase_2:oS};return je(fe.PLATFORM_INFO.name,async n=>{let i=r[t];return Qf(t,e,n,i,{arrayResponse:!0})})},"queryPlatformView"),aS={by_email2:tS,by_api_key:nS,by_app:rS},Kt=s(async(t,e,r,n)=>{r||(r=Y());let i=aS[t];return Qf(t,e,r,i,n)},"queryGlobalView");async function Gs(t,e,r){let n=Y(),i=aS[t];return Ws(t,e,n,i,r)}s(Gs,"queryGlobalViewRaw");var Qx=B(require("pouchdb"));var uS=require("dd-trace");var jf=class{static{s(this,"Replication")}constructor({source:e,target:r}){this.source=nt(e),this.target=nt(r),e.startsWith("app_dev")&&r.startsWith("app")?this.direction="toProduction":e.startsWith("app")&&r.startsWith("app_dev")&&(this.direction="toDev")}async close(){await Promise.all([xs(this.source),xs(this.target)])}replicate(e={}){return new Promise(r=>{this.source.replicate.to(this.target,e).on("denied",function(n){throw new Error(`Denied: Document failed to replicate ${n}`)}).on("complete",function(n){return r(n)}).on("error",function(n){throw n})})}async resolveInconsistencies(e){for(let r of e)try{let[n,i]=await Promise.all([this.source.get(r),this.target.get(r)]),o=this.replicationDelta(n,i);if(o<0||o===0&&n._rev===i._rev)continue;let a=o+1;await uS.tracer.trace("Replication.resolveInconsistencies",async u=>{u.addTags({versionsToJump:a,toFix:!0,id:r,sourceRev:n._rev,targetRev:i._rev});for(let c=0;c<a;c++){let l=await this.source.get(i._id);await this.source.put(l)}})}catch{console.warn("Cannot resolve inconsistencies for document",r)}}replicationDelta(e,r){let n=this.getRevisionNumber(e);return this.getRevisionNumber(r)-n}getRevisionNumber(e){return parseInt(e._rev?.split("-")[0]||"0")}appReplicateOpts(e={}){if(typeof e.filter=="string")return e;let r=e.filter,n=this.direction,i=n==="toDev";delete e.filter;let o=e.isCreation,a=e.tablesToSync;delete e.isCreation,delete e.tablesToSync;let u=!1,c;typeof a=="string"&&a==="all"?u=!0:a&&(c=a);let l=s((f,h)=>f?.startsWith(h+C),"startsWithID"),d=s(f=>l(f,"ro")||l(f,"li"),"isData");return{...e,filter:(f,h)=>!o&&f._id==="_design/migrations"||i&&f._id.startsWith("_design")?!1:f._deleted||l(f._id,Os)?!0:n==="toProduction"&&!o&&l(f._id,"autocolumn_state")?!1:d(f._id)?!!c?.find(p=>f._id.includes(p))||u:l(f._id,"log_au")||l(f._id,"agentlogsession")||f._id==="app_metadata"?!1:r?r(f,h):!0}}async rollback(){await this.target.destroy(),this.target=nt(this.target.name),await this.replicate()}},cS=jf;var dS=B(require("node-fetch"));var Vs=mr.removeKeyNumbering;function cn(t){return t==null||t===""}s(cn,"isEmpty");var Qt=class t{static{s(this,"QueryBuilder")}#l;#d;#e;#r;#n;#i;#s;#o;#t;#f;#a;#u=!1;#c;static{this.maxLimit=200}constructor(e,r,n){this.#l=e,this.#d=r,this.#e={allOr:!1,onEmptyFilter:"all",string:{},fuzzy:{},range:{},equal:{},notEqual:{},empty:{},notEmpty:{},oneOf:{},contains:{},notContains:{},containsAny:{},...n},this.#r=50,this.#s="ascending",this.#o="string",this.#t=!0}disableEscaping(){return this.#u=!0,this}setIndexBuilder(e){return this.#a=e,this}setVersion(e){return e!=null&&(this.#f=e),this}setTable(e){return this.#e.equal.tableId=e,this}setLimit(e){return e!=null&&(this.#r=e),this}setSort(e){return e!=null&&(this.#n=e),this}setSortOrder(e){return e!=null&&(this.#s=e),this}setSortType(e){return e!=null&&(this.#o=e),this}setBookmark(e){return e!=null&&(this.#i=e),this}setSkip(e){return this.#c=e,this}excludeDocs(){return this.#t=!1,this}includeDocs(){return this.#t=!0,this}addString(e,r){return this.#e.string[e]=r,this}addFuzzy(e,r){return this.#e.fuzzy[e]=r,this}addRange(e,r,n){return this.#e.range[e]={low:r,high:n},this}addEqual(e,r){return this.#e.equal[e]=r,this}addNotEqual(e,r){return this.#e.notEqual[e]=r,this}addEmpty(e,r){return this.#e.empty[e]=r,this}addNotEmpty(e,r){return this.#e.notEmpty[e]=r,this}addOneOf(e,r){return this.#e.oneOf[e]=r,this}addContains(e,r){return this.#e.contains[e]=r,this}addNotContains(e,r){return this.#e.notContains[e]=r,this}addContainsAny(e,r){return this.#e.containsAny[e]=r,this}setAllOr(){this.#e.allOr=!0}setOnEmptyFilter(e){this.#e.onEmptyFilter=e}handleSpaces(e){return this.#u?e:e.replace(/ /g,"_")}preprocess(e,{escape:r,lowercase:n,wrap:i,type:o}={}){let a=!!this.#f,u=typeof e;return e&&n&&(e=e.toLowerCase?e.toLowerCase():e),!this.#u&&r&&u==="string"&&(e=`${e}`.replace(/[ /#+\-&|!(){}\]^"~*?:\\]/g,"\\$&")),u==="string"&&!isNaN(e)&&!o?e=`"${e}"`:a&&i&&(e=u==="number"?e:`"${e}"`),e}isMultiCondition(){let e=0;for(let r of Object.values(this.#e))typeof r=="object"&&(e+=Object.keys(r).length);return e>1}compressFilters(e){let r={};for(let o of Object.keys(e)){let a=Vs(o);r[a]?r[a]=r[a].concat(e[o]):r[a]=e[o]}let n={},i=1;for(let[o,a]of Object.entries(r))n[`${i++}:${o}`]=a;return n}buildSearchQuery(){let e=this,r=this.#e&&this.#e.allOr,n=r?"":"*:*",i=!0,o={escape:!0,lowercase:!0,wrap:!0},a="";this.#e.equal.tableId&&(a=this.#e.equal.tableId,delete this.#e.equal.tableId);let u=s((S,m)=>cn(m)?null:`${S}:${e.preprocess(m,o)}`,"equal"),c=s((S,m,E="AND")=>{if(cn(m))return null;if(!Array.isArray(m))return`${S}:${m}`;let y=`${e.preprocess(m[0],{escape:!0})}`;for(let I=1;I<m.length;I++)y+=` ${E} ${e.preprocess(m[I],{escape:!0})}`;return`${S}:(${y})`},"contains"),l=s((S,m)=>cn(m)?null:(m=e.preprocess(m,{escape:!0,lowercase:!0,type:"fuzzy"}),`${S}:/.*${m}.*/`),"fuzzy"),d=s((S,m)=>{let E=r?"*:* AND ":"",y=r?"AND":void 0;return E+"NOT "+c(S,m,y)},"notContains"),f=s((S,m)=>c(S,m,"OR"),"containsAny"),h=s((S,m)=>{if(cn(m))return"*:*";if(!Array.isArray(m))if(typeof m=="string")m=m.split(",");else return"";let E=`${e.preprocess(m[0],o)}`;for(let y=1;y<m.length;y++)E+=` OR ${e.preprocess(m[y],o)}`;return`${S}:(${E})`},"oneOf");function p(S,m,E){let y="";for(let[I,O]of Object.entries(S)){I=Vs(I),I=e.preprocess(e.handleSpaces(I),{escape:!0});let w=m(I,O);if(w!=null){if(y.length>0||n.length>0){let T=E?.mode?E.mode:r?"OR":"AND";y+=` ${T} `}y+=w,(typeof O!="string"&&O!=null||typeof O=="string"&&O!==a&&O!=="")&&(i=!1)}}if(E?.returnBuilt)return y;n+=y}if(s(p,"build"),this.#e.string&&p(this.#e.string,(S,m)=>cn(m)?null:(m=e.preprocess(m,{escape:!0,lowercase:!0,type:"string"}),`${S}:${m}*`)),this.#e.range&&p(this.#e.range,(S,m)=>{if(cn(m)||m.low==null||m.low===""||m.high==null||m.high==="")return null;let E=e.preprocess(m.low,o),y=e.preprocess(m.high,o);return`${S}:[${E} TO ${y}]`}),this.#e.fuzzy&&p(this.#e.fuzzy,l),this.#e.equal&&p(this.#e.equal,u),this.#e.notEqual&&p(this.#e.notEqual,(S,m)=>cn(m)?null:typeof m=="boolean"?`(*:* AND !${S}:${m})`:`!${S}:${e.preprocess(m,o)}`),this.#e.empty&&p(this.#e.empty,S=>(i=!1,`(*:* -${S}:["" TO *])`)),this.#e.notEmpty&&p(this.#e.notEmpty,S=>(i=!1,`${S}:["" TO *]`)),this.#e.oneOf&&p(this.#e.oneOf,h),this.#e.contains&&p(this.#e.contains,c),this.#e.notContains&&p(this.compressFilters(this.#e.notContains),d),this.#e.containsAny&&p(this.#e.containsAny,f),a&&(n=this.isMultiCondition()?`(${n})`:n,r=!1,p({tableId:a},u)),i){if(this.#e.onEmptyFilter==="none")return"";if(this.#e?.allOr)return n.replace("()","(*:*)")}return n}buildSearchBody(){let e={q:this.buildSearchQuery(),limit:Math.min(this.#r,t.maxLimit),include_docs:this.#t};if(this.#i&&(e.bookmark=this.#i),this.#n){let r=this.#s==="descending"?"-":"",n=`<${this.#o}>`;e.sort=`${r}${this.handleSpaces(this.#n)}${n}`}return e}async run(){return this.#c&&await this.#m(this.#c),await this.#p()}async#m(e){let r=this.#t,n=this.#r;this.excludeDocs();let i=e,o=0;do{let a=Math.min(t.maxLimit,i);this.setLimit(a);let{bookmark:u,rows:c}=await this.#p();this.setBookmark(u),o=c.length,i-=c.length}while(i>0&&o>0);this.#t=r,this.#r=n}async#p(){let{url:e,cookie:r}=mt(),n=`${e}/${this.#l}/_design/database/_search/${this.#d}`,i=this.buildSearchBody();try{return await lS(n,i,r)}catch(o){if(o.status===404&&this.#a)return await this.#a(),await lS(n,i,r);throw o}}};async function lS(t,e,r){let n=await(0,dS.default)(t,{body:JSON.stringify(e),method:"POST",headers:{Authorization:r}});if(n.status===404)throw n;let i=await n.json(),o={rows:[],totalRows:0};return i.rows!=null&&i.rows.length>0&&(o.rows=i.rows.map(a=>a.doc)),i.bookmark&&(o.bookmark=i.bookmark),i.total_rows&&(o.totalRows=i.total_rows),o}s(lS,"runQuery");async function fS(t,e,r,n){let i=n.bookmark,o=n.rows||[];if(n.limit&&o.length>=n.limit)return o;let a=Qt.maxLimit;n.limit&&o.length>n.limit-Qt.maxLimit&&(a=n.limit-o.length);let u=new Qt(t,e,r);u.setVersion(n.version).setBookmark(i).setLimit(a).setSort(n.sort).setSortOrder(n.sortOrder).setSortType(n.sortType),n.tableId&&u.setTable(n.tableId);let c=await u.run();if(!c.rows.length)return o;if(c.rows.length<Qt.maxLimit)return[...o,...c.rows];let l={...n,bookmark:c.bookmark,rows:[...o,...c.rows]};return await fS(t,e,r,l)}s(fS,"recursiveSearch");async function jx(t,e,r,n){let i=n.limit;(i==null||isNaN(i)||i<0)&&(i=50),i=Math.min(i,Qt.maxLimit);let o=new Qt(t,e,r);n.version&&o.setVersion(n.version),n.tableId&&o.setTable(n.tableId),n.sort&&o.setSort(n.sort).setSortOrder(n.sortOrder).setSortType(n.sortType),n.indexer&&o.setIndexBuilder(n.indexer),n.disableEscaping&&o.disableEscaping();let a=await o.setBookmark(n.bookmark).setLimit(i).run();o.setBookmark(a.bookmark).setLimit(1),n.tableId&&o.setTable(n.tableId);let u=await o.run();return{...a,hasNextPage:u.rows&&u.rows.length>0}}s(jx,"paginatedSearch");async function Hx(t,e,r,n){let i=n.limit;return(i==null||isNaN(i)||i<0)&&(i=1e3),n.limit=Math.min(i,1e3),{rows:await fS(t,e,r,n)}}s(Hx,"fullSearch");var Hf={};P(Hf,{createUserIndex:()=>Yx});async function Yx(){let t=Y(),e;try{e=await t.get("_design/database")}catch(n){n.status===404&&(e={_id:"_design/database"})}let r=s(function(n){if(n._id&&!n._id.startsWith("us_"))return;let i=["_id","_rev","password","account","license","budibaseAccess","accountPortalAccess","csrfToken"];function o(a,u){for(let c of Object.keys(a)){if(i.includes(c))continue;let l=u!=null?`${u}.${c}`:c;typeof a[c]=="string"?index(l,a[c].toLowerCase(),{facet:!0}):typeof a[c]!="object"?index(l,a[c],{facet:!0}):o(a[c],l)}}s(o,"idx"),o(n)},"fn");e.indexes={user:{index:r.toString(),analyzer:{default:"keyword",name:"perfield"}}},await t.put(e)}s(Yx,"createUserIndex");function pS(t,e){let r=e.toString();if(typeof t=="object")return t.status===e||t.message?.includes(r);if(typeof t=="number")return t===e;if(typeof t=="string")return t.includes(r)}s(pS,"checkErrorCode");function zx(t){return pS(t,409)}s(zx,"isDocumentConflictError");var Ks={};P(Ks,{addTenantToUrl:()=>Jx,getTenantDB:()=>Yf,getTenantIDFromCtx:()=>qs,isUserInWorkspaceTenant:()=>Xx});function Yf(t){return Re(on(t))}s(Yf,"getTenantDB");function Jx(t){let e=$();if(Er()){let r=t.indexOf("?")===-1?"?":"&";t+=`${r}tenantId=${e}`}return t}s(Jx,"addTenantToUrl");var Xx=s((t,e)=>{let r;return e?r=e.tenantId||ae:r=$(),(ei(t)||ae)===r},"isUserInWorkspaceTenant"),Zx=Object.values(Ci),qs=s((t,e)=>{if(!Er())return ae;e.allowNoTenant===void 0&&(e.allowNoTenant=!1),e.includeStrategies||(e.includeStrategies=Zx),e.excludeStrategies||(e.excludeStrategies=[]);let r=s(n=>{if(e.excludeStrategies?.includes(n))return!1;if(e.includeStrategies?.includes(n))return!0},"isAllowed");if(r("user")){let n=t.user?.tenantId;if(n)return n}if(r("header")){let n=t.request.headers["x-budibase-tenant-id"];if(n)return n}if(r("query")){let n=t.request.query.tenantId;if(n)return n}if(r("subdomain")){let n;try{n=new URL(Df()).host.split(":")[0]}catch(o){if(o.code!=="ERR_INVALID_URL")throw o}let i=t.host;if(n&&i.includes(n)){let o=i.substring(0,i.indexOf(`.${n}`));if(o)return o}}if(r("path")){let n=t.matched.find(a=>!!a.paramNames.find(u=>u.name==="tenantId")),i=t.originalUrl,o;if(i.includes("?")?o=i.split("?")[0]:o=i,n){let a=n.params(o,n.captures(o),{});if(a.tenantId)return a.tenantId}}e.allowNoTenant||t.throw(403,"Tenant id not set")},"getTenantIDFromCtx");var zf="app"+C,mS="/app/",hS="/app-chat/";async function ev(t){let r=t.path.split("/")[2];if(!r)return;let n=`/${r.toLowerCase()}`,i=$();!g.isDev()&&g.MULTI_TENANCY&&(i=qs(t,{includeStrategies:["subdomain"]}));let a=(await Ce(i,()=>Bs({dev:!1}))).filter(u=>u.url&&u.url.toLowerCase()===n)[0];return a&&a.appId?a.appId:void 0}s(ev,"resolveAppUrl");function tv(t){return t.path.startsWith(`/${zf}`)?!0:t.path.startsWith(mS)||t.path.startsWith(hS)}s(tv,"isServingApp");function rv(t){return t.path.startsWith("/builder/workspace/")}s(rv,"isServingBuilder");function nv(t){return gS(t.path)}s(nv,"isServingBuilderPreview");function gS(t){return new RegExp(/^\/app\/app_\w+\/preview$/).test(t)}s(gS,"isBuilderPreviewUrl");function iv(t){return t.path.startsWith("/api/public/v")}s(iv,"isPublicApiRequest");async function ln(t){let e;function r(u){u&&u.startsWith(zf)&&(e&&e!==u&&t.throw(403,"App id conflict"),e=u)}s(r,"setWorkspaceIdIfValid");function n(u){if(u){typeof u=="string"&&(u=[u]);for(let c of u)r(c)}}s(n,"checkPossibleValues"),n(t.request.headers["x-budibase-app-id"]),r(t.request.body?.appId);let i=sv(t.path);r(i),n(t.query?.appId);let o=gS(t.path);return(t.path.startsWith(mS)||t.path.startsWith(hS))&&!o&&r(await ev(t)),e}s(ln,"getWorkspaceIdFromCtx");function sv(t){if(t)return t.split("?")[0].split("/").find(e=>e.startsWith(zf))}s(sv,"parseWorkspaceIdFromUrlPath");function Su(t){if(t)try{return Tu.default.verify(t,g.JWT_SECRET)}catch(e){if(g.JWT_SECRET_FALLBACK)return Tu.default.verify(t,g.JWT_SECRET_FALLBACK);throw e}}s(Su,"openJwt");function Qs(t){return g.INTERNAL_API_KEY&&g.INTERNAL_API_KEY===t?!0:!!(g.INTERNAL_API_KEY_FALLBACK&&g.INTERNAL_API_KEY_FALLBACK===t)}s(Qs,"isValidInternalAPIKey");function jt(t,e){let r=t.cookies.get(e);if(r)return Su(r)}s(jt,"getCookie");function ES(t,e,r="builder",n={sign:!0}){e&&n&&n.sign&&(e=Tu.default.sign(e,g.JWT_SECRET));let i={expires:qa,path:"/",httpOnly:!1,overwrite:!0};g.COOKIE_DOMAIN&&(i.domain=g.COOKIE_DOMAIN),t.cookies.set(r,e,i)}s(ES,"setCookie");function Ar(t,e){ES(t,null,e)}s(Ar,"clearCookie");function ov(t){return t.headers["x-budibase-type"]==="client"}s(ov,"isClient");function Jf(t){return new Promise(e=>setTimeout(e,t))}s(Jf,"timeout");function Xf(t){return!!ih[t]}s(Xf,"isAudited");function av(t){if(typeof t!="object")return!1;try{JSON.stringify(t)}catch(e){if(e instanceof Error&&e?.message.includes("circular structure"))return!0}return!1}s(av,"hasCircularStructure");function uv(t){return!!t.match(/^.+:\/\/.+$/)}s(uv,"urlHasProtocol");function Zf(t){return t&&!!t.match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)}s(Zf,"validEmail");var ep=(o=>(o.MILLISECONDS="milliseconds",o.SECONDS="seconds",o.MINUTES="minutes",o.HOURS="hours",o.DAYS="days",o))(ep||{}),Au={milliseconds:1,seconds:1e3,minutes:6e4,hours:36e5,days:864e5},pe=class t{constructor(e){this.ms=e}static{s(this,"Duration")}to(e){return this.ms/Au[e]}toMs(){return this.ms}toSeconds(){return this.to("seconds")}static convert(e,r,n){return n*Au[e]/Au[r]}static from(e,r){return new t(r*Au[e])}static fromSeconds(e){return t.from("seconds",e)}static fromMinutes(e){return t.from("minutes",e)}static fromHours(e){return t.from("hours",e)}static fromDays(e){return t.from("days",e)}static fromMilliseconds(e){return t.from("milliseconds",e)}};async function cv(t){let e=performance.now();return[await t(),pe.fromMilliseconds(performance.now()-e)]}s(cv,"time");var _u=require("undici");function lv(t,e){let r,n=null;try{let o=new URL(t);r=o.hostname,n=o.port||null}catch{return!1}let i=e.split(/[\s,]+/).filter(o=>o.length>0);for(let o of i){let u=o.replace(/^\./,"*").match(/^(.+?)(?::(\d+))?$/);if(!u||!u[1])continue;let c=u[1].toLowerCase(),l=u[2]||null,d=!1;if(c==="*")d=!0;else if(c.startsWith("*")){let h=c.slice(1);d=r===h.slice(1)||r.endsWith(h)}else d=r===c;if(d&&(!l||n===l))return!0}return!1}s(lv,"isUrlMatchingNoProxy");function dv(t){let e=process.env.GLOBAL_AGENT_HTTP_PROXY||process.env.HTTP_PROXY,n=process.env.GLOBAL_AGENT_HTTPS_PROXY||process.env.HTTPS_PROXY||e;if(!n||!n.trim())return!0;try{new URL(n.trim())}catch{return console.log("[fetch] Invalid proxy URL format:",n),!0}if(t){let i=process.env.GLOBAL_AGENT_NO_PROXY||process.env.NO_PROXY||"";if(i&&lv(t,i))return console.log("[fetch] URL matches NO_PROXY pattern, bypassing proxy",{url:t,noProxy:i}),!0}return!1}s(dv,"shouldBypassProxy");function fv(t){return new _u.Agent({connect:{rejectUnauthorized:t}})}s(fv,"createDirectAgent");function pv(t){let e=process.env.GLOBAL_AGENT_HTTP_PROXY||process.env.HTTP_PROXY,n=(process.env.GLOBAL_AGENT_HTTPS_PROXY||process.env.HTTPS_PROXY||e).trim();console.log("[fetch] Creating ProxyAgent",{proxyUrl:n,rejectUnauthorized:t});let i={uri:n,requestTls:{rejectUnauthorized:t}};return n.startsWith("https://")&&(i.proxyTls={rejectUnauthorized:t}),new _u.ProxyAgent(i)}s(pv,"createProxyAgent");function mv(t){let e=t?.rejectUnauthorized??!0;return dv(t?.url)?fv(e):pv(e)}s(mv,"createDispatcher");function hv(t){return mv(t)}s(hv,"getDispatcher");var tp=require("util"),rp=B(require("zlib"));var gv=(0,tp.promisify)(rp.default.gzip),Ev=(0,tp.promisify)(rp.default.gunzip),Ou="gzip:",yv=s(async t=>{let e=await gv(t);return`${Ou}${e.toString("base64")}`},"gzipToBase64"),Tv=s(async t=>{let e=t.startsWith(Ou)?t.slice(Ou.length):t,r=Buffer.from(e,"base64");return(await Ev(new Uint8Array(r))).toString("utf8")},"gunzipFromBase64");function Sv(t){let e=t.get("authorization");if(!e)return null;let r=e.match(/^Bearer\s+(.+)$/i);return r?r[1]:null}s(Sv,"getBearerToken");function Av(t){let e="",r=-1,n,i,o=t.opts?.repeat;return o&&(i=o.endDate?new Date(o.endDate).getTime():Date.now(),n=o.tz,"cron"in o?e=o.cron:r=o.every),{id:t.id.toString(),name:"",key:t.id.toString(),tz:n,endDate:i,cron:e,every:r,next:0}}s(Av,"jobToJobInformation");var Iu=class{static{s(this,"InMemoryQueue")}constructor(e,r){this._name=e,this._opts=r,this._messages=[],this._emitter=new yS.default.EventEmitter,this._runCount=0,this._addCount=0,this._queuedJobIds=new Set,this._attempts=r?.defaultJobOptions?.attempts||1}async process(e,r){r=typeof e=="number"?r:e,this._emitter.on("message",async n=>{if(!n.manualTrigger&&n.opts?.repeat!=null)return;function i(){return r.length===1?r(n):new Promise((c,l)=>{r(n,s((f,h)=>{f?l(f):c(h)},"done"))})}s(i,"execute");let o=this._attempts;async function a(c,l=0){try{return await c}catch(d){if(l++,l<o&&!n._isDiscarded)return await Ue.wait(100*l),await a(i(),l);throw d}}s(a,"retryFunc");try{let c=await a(i());this._emitter.emit("completed",n,c);let l=this._messages.indexOf(n);if(l===-1)throw"Failed deleting a processed message";this._messages.splice(l,1)}catch(c){console.error(c),this._emitter.emit("error",n,c)}this._runCount++;let u=n.opts?.jobId?.toString();u&&n.opts?.removeOnComplete&&this._queuedJobIds.delete(u)})}async isReady(){return this}async add(e,r){if(typeof e=="string")throw new Error("doesn't support named jobs");let n=r,i=n?.jobId?.toString();if(i&&this._queuedJobIds.has(i)){console.log(`Ignoring already queued job ${i}`);return}if(typeof e!="object")throw"Queue only supports carrying JSON.";i&&this._queuedJobIds.add(i);let o=ee(),a=s(()=>{let c={id:o,timestamp:Date.now(),queue:this,data:e,opts:n,discard:async()=>{c._isDiscarded=!0}};this._messages.push(c),this._messages.length>1e3&&this._messages.shift(),this._addCount++,this._emitter.emit("message",c)},"pushMessage"),u=n?.delay;return u?setTimeout(a,u):a(),{id:i,finished:()=>new Promise((c,l)=>{let d=s((h,p)=>{h.id===o&&(this._emitter.off("error",d),this._emitter.off("completed",f),l(p))},"errorHandler"),f=s((h,p)=>{h.id===o&&(this._emitter.off("error",d),this._emitter.off("completed",f),c(p))},"completedHandler");this._emitter.on("error",d),this._emitter.on("completed",f)})}}async close(){}async removeRepeatableByKey(e){for(let[r,n]of this._messages.entries())if(n.id===e){this._messages.splice(r,1),this._emitter.emit("removed",n);return}}async removeJobs(e){}async clean(){return[]}async getJob(e){for(let r of this._messages)if(r.id===e)return r;return null}manualTrigger(e){for(let r of this._messages)if(r.id===e){this._emitter.emit("message",{...r,manualTrigger:!0});return}throw new Error(`Job with id ${e} not found`)}on(e,r){return this._emitter.on(e,r),this}off(e,r){return this._emitter.off(e,r),this}async count(){return this._messages.length}async getCompletedCount(){return this._runCount}async getRepeatableJobs(){return this._messages.filter(e=>e.opts?.repeat!=null).map(e=>Av(e))}async whenCurrentJobsFinished(){do await Jf(50);while(this.hasRunningJobs())}hasRunningJobs(){return this._addCount>this._runCount}},TS=Iu;var sp=B(require("bull"));var ai=(d=>(d.AUTOMATION="automationQueue",d.APP_BACKUP="appBackupQueue",d.AUDIT_LOG="auditLogQueue",d.SYSTEM_EVENT_QUEUE="systemEventQueue",d.APP_MIGRATION="appMigration",d.DOC_WRITETHROUGH_QUEUE="docWritethroughQueue",d.DEV_REVERT_PROCESSOR="devRevertProcessorQueue",d.BATCH_USER_SYNC_PROCESSOR="batchUserSyncProcessorQueue",d.RAG_INGESTION="ragIngestionQueue",d.AGENT_LOG_INDEXING="agentLogIndexingQueue",d))(ai||{});function SS(t,e,r){Iv(t,e),r&&_v(t,r)}s(SS,"addListeners");function _v(t,e){t.on("stalled",async r=>{if(e)await e(r);else if(r.opts.repeat){let n=r.id,i=await t.getRepeatableJobs();for(let o of i)o.id===n&&await t.removeRepeatableByKey(o.key);console.log(`jobId=${n} disabled`)}})}s(_v,"handleStalled");function st(t,e,r={},n={}){let i=`[BULL] ${t}=${e}`,o=r.error,a={_logKey:"bull",eventType:t,event:e,job:r.job,jobId:r.jobId||r.job?.id,...n},u;return r.job?.data?.automation&&(u={_logKey:"automation",trigger:r.job?r.job.data.automation.definition.trigger.event:void 0}),[i,o,a,u]}s(st,"getLogParams");var Ov={automationQueue:"automation-event",appBackupQueue:"app-backup-event",auditLogQueue:"audit-log-event",systemEventQueue:"system-event",appMigration:"app-migration",docWritethroughQueue:"doc-writethrough",devRevertProcessorQueue:"dev-revert-event",batchUserSyncProcessorQueue:"batch-user-sync-processor",ragIngestionQueue:"rag-ingestion-processor",agentLogIndexingQueue:"agent-log-indexing-processor"};function Iv(t,e){let r=Ov[e];function n(i,o){let a=i.data.event?.appId;if(a)return Rf(a,o);o()}s(n,"doInJobContext"),t.on("stalled",async i=>{await n(i,()=>{console.error(...st(r,"stalled",{job:i}))})}).on("error",i=>{console.error(...st(r,"error",{error:i}))}),process.env.NODE_DEBUG?.includes("bull")&&t.on("waiting",i=>{console.info(...st(r,"waiting",{jobId:i}))}).on("active",async i=>{await n(i,()=>{console.info(...st(r,"active",{job:i}))})}).on("progress",async(i,o)=>{await n(i,()=>{console.info(...st(r,"progress",{job:i},{progress:o}))})}).on("completed",async(i,o)=>{await n(i,()=>{console.info(...st(r,"completed",{job:i},{result:o}))})}).on("failed",async(i,o)=>{await n(i,()=>{console.error(...st(r,"failed",{job:i,error:o}))})}).on("paused",()=>{console.info(...st(r,"paused"))}).on("resumed",()=>{console.info(...st(r,"resumed"))}).on("cleaned",(i,o)=>{console.info(...st(r,"cleaned",{},{length:i.length,type:o}))}).on("drained",()=>{console.info(...st(r,"drained"))}).on("removed",i=>{console.info(...st(r,"removed",{job:i}))})}s(Iv,"logging");var wu={};P(wu,{cleanup:()=>wv,clear:()=>ip,set:()=>np});var js=[];function np(t,e){let r=setInterval(t,e);return js.push(r),r}s(np,"set");function ip(t){let e=js.indexOf(t);e!==-1&&js.splice(e,1),clearInterval(t)}s(ip,"clear");function wv(){for(let t of js)clearInterval(t);js=[]}s(wv,"cleanup");var Ht=B(require("dd-trace")),Hs=B(require("object-sizeof"));var Dv=pe.fromMinutes(5).toMs(),Rv=pe.fromSeconds(30).toMs(),op=pe.fromSeconds(60).toMs(),Ys=[],Du;async function AS(){for(let t of Ys)await t.clean(op,"completed"),await t.clean(op,"failed")}s(AS,"cleanup");async function Cv(t,e,r){let n=performance.now();try{let i=await e();return Ht.default.dogstatsd.increment(`${t}.success`,1,r),i}catch(i){throw Ht.default.dogstatsd.increment(`${t}.error`,1,r),i}finally{let i=performance.now()-n;Ht.default.dogstatsd.distribution(`${t}.duration.ms`,i,r),Ht.default.dogstatsd.increment(t,1,r)}}s(Cv,"withMetrics");function _S(t){return{"job.opts.attempts":t.attempts,"job.opts.backoff":t.backoff,"job.opts.delay":t.delay,"job.opts.jobId":t.jobId,"job.opts.lifo":t.lifo,"job.opts.preventParsingData":t.preventParsingData,"job.opts.priority":t.priority,"job.opts.removeOnComplete":t.removeOnComplete,"job.opts.removeOnFail":t.removeOnFail,"job.opts.repeat":t.repeat,"job.opts.stackTraceLimit":t.stackTraceLimit,"job.opts.timeout":t.timeout}}s(_S,"jobOptsTags");function bv(t){return{"job.id":t.id,"job.attemptsMade":t.attemptsMade,"job.timestamp":t.timestamp,"job.data.sizeBytes":(0,Hs.default)(t.data),..._S(t.opts||{})}}s(bv,"jobTags");var Et=class{static{s(this,"BudibaseQueue")}constructor(e,r={}){this.opts=r,this.jobQueue=e,this.queue=this.initQueue()}get name(){return this.queue.name}initQueue(){let r={redis:nn(),settings:{maxStalledCount:this.opts.maxStalledCount?this.opts.maxStalledCount:0,lockDuration:Dv,lockRenewTime:Rv}};this.opts.jobOptions&&(r.defaultJobOptions=this.opts.jobOptions);let n;return g.isTest()?process.env.BULL_TEST_REDIS_PORT&&!isNaN(+process.env.BULL_TEST_REDIS_PORT)?n=new sp.default(this.jobQueue,{...r,redis:{host:"localhost",port:+process.env.BULL_TEST_REDIS_PORT}}):n=new TS(this.jobQueue,r):n=new sp.default(this.jobQueue,r),SS(n,this.jobQueue,this.opts.removeStalledCb),Ys.push(n),!Du&&!g.isTest()&&(Du=np(AS,op),AS().catch(i=>{console.error(`Unable to cleanup ${this.jobQueue} initially - ${i}`)})),n}getBullQueue(){return this.queue}process(...e){let r,n;e.length===2?(r=e[0],n=e[1]):n=e[0];let i=s(async(a,u)=>{await Ht.default.trace("queue.process",async c=>{if(a.data._parentSpanContext){let l=a.data._parentSpanContext,d={traceId:l.traceId,spanId:l.spanId,toTraceId:()=>l.traceId,toSpanId:()=>l.spanId,toTraceparent:()=>""};c.addLink(d)}c.addTags({"queue.name":this.jobQueue,...bv(a)}),this.opts.jobTags&&c.addTags(this.opts.jobTags(a.data)),Ht.default.dogstatsd.distribution("queue.process.sizeBytes",(0,Hs.default)(a.data),this.metricTags()),await this.withMetrics("queue.process",()=>u?n(a,u):n(a))})},"processCallback"),o;return n.length===1?o=s(a=>i(a),"wrappedCb"):o=i,r?this.queue.process(r,o):this.queue.process(o)}async add(e,r){return await Ht.default.trace("queue.add",async n=>(n.addTags({"queue.name":this.jobQueue,"job.data.sizeBytes":(0,Hs.default)(e),..._S(r||{})}),this.opts.jobTags&&n.addTags(this.opts.jobTags(e)),e._parentSpanContext={traceId:n.context().toTraceId(),spanId:n.context().toSpanId()},Ht.default.dogstatsd.distribution("queue.add.sizeBytes",(0,Hs.default)(e),this.metricTags()),await this.withMetrics("queue.add",()=>this.queue.add(e,r))))}withMetrics(e,r){return Cv(e,r,this.metricTags())}metricTags(){return{queueName:this.jobQueue}}close(e){return this.queue.close(e)}whenCurrentJobsFinished(){return this.queue.whenCurrentJobsFinished()}};async function xv(){Du&&ip(Du),console.log("Waiting for current queue jobs to finish...");for(let t of Ys)await t.whenCurrentJobsFinished();console.log("Closing queue Redis connections...");for(let t of Ys)await t.close();Ys=[],console.log("Queues shutdown")}s(xv,"shutdown");var ro={};P(ro,{correlation:()=>zs,logAlert:()=>pn,logAlertWithInfo:()=>mP,logWarn:()=>li,logger:()=>Uu,system:()=>Ap});var zs={};P(zs,{getId:()=>ap,setHeader:()=>vv});var OS=require("correlation-id"),vv=s(t=>{let e=OS.getId();e&&(t["x-budibase-correlation-id"]=e)},"setHeader");function ap(){return OS.getId()}s(ap,"getId");var Nu=B(require("pino")),ZS=B(require("pino-pretty")),_p=B(require("dd-trace")),eA=require("dd-trace/ext");var Ap={};P(Ap,{getLogReadStream:()=>uP,getSingleFileMaxSizeInfo:()=>XS,localFileDestination:()=>Sp});var to=B(require("fs")),Tp=B(require("path")),HS=B(require("rotating-file-stream"));var yp={};P(yp,{ObjectStore:()=>ot,ObjectStoreBuckets:()=>Nv,SIGNED_FILE_PREFIX:()=>mp,bucketTTLConfig:()=>Ru,budibaseTempDir:()=>dn,client3rdPartyLibrary:()=>tP,clientLibraryPath:()=>eP,clientLibraryUrl:()=>rP,createBucketIfNotExists:()=>eo,deleteFile:()=>Kv,deleteFiles:()=>Qv,deleteFolder:()=>kS,downloadTarball:()=>Hv,downloadTarballDirect:()=>jv,enrichPWAImages:()=>nP,enrichPluginURLs:()=>sP,extractBucketAndPath:()=>up,getAllFiles:()=>Gv,getAppFileUrl:()=>WS,getClientCacheKey:()=>BS,getGlobalFileS3Key:()=>$S,getGlobalFileUrl:()=>iP,getObjectMetadata:()=>Yv,getPluginIconKey:()=>qS,getPluginJSKey:()=>VS,getPluginS3Dir:()=>QS,getPresignedUrl:()=>fn,getReadStream:()=>Cu,listAllObjects:()=>hp,objectExists:()=>zv,processAutomationAttachment:()=>Lv,processObjectStoreAttachment:()=>CS,retrieve:()=>LS,retrieveDirectory:()=>qv,retrieveToTmp:()=>Vv,sanitizeBucket:()=>xe,sanitizeKey:()=>ge,streamUpload:()=>US,streamUploadMany:()=>$v,upload:()=>Wv,uploadDirectory:()=>gp});var xu=require("@aws-sdk/client-s3"),cp=require("@aws-sdk/lib-storage"),bS=require("@aws-sdk/s3-request-presigner"),xS=require("@smithy/node-http-handler");var Yt=B(require("dd-trace")),ui=B(require("fs")),Xs=B(require("fs/promises")),vS=B(require("https")),lp=B(require("node-fetch")),Or=require("path"),vu=B(require("stream")),Zs=require("stream/promises"),dp=B(require("tar-fs")),fp=require("uuid"),pp=B(require("zlib"));var IS=B(require("fs")),wS=require("os"),Js=B(require("path")),DS=B(require("stream"));var Nv={BACKUPS:g.BACKUPS_BUCKET_NAME,APPS:g.APPS_BUCKET_NAME,TEMPLATES:g.TEMPLATES_BUCKET_NAME,GLOBAL:g.GLOBAL_BUCKET_NAME,PLUGINS:g.PLUGIN_BUCKET_NAME,TEMP:g.TEMP_BUCKET_NAME},RS=(0,Js.join)((0,wS.tmpdir)(),".budibase");try{IS.default.mkdirSync(RS)}catch(t){if(t.code!=="EEXIST")throw t}function dn(){return RS}s(dn,"budibaseTempDir");var Ru=s((t,e)=>{let n={Rules:[{ID:`${t}-ExpireAfter${e}days`,Prefix:"",Status:"Enabled",Expiration:{Days:e}}]};return{Bucket:t,LifecycleConfiguration:n}},"bucketTTLConfig");async function Uv(t){let e=await fetch(t.url);if(!e.ok||!e.body)throw new Error(`Unexpected response ${e.statusText}`);let r=Js.default.basename(new URL(t.url).pathname);if(!e.body)throw new Error("No response received for attachment");return{filename:t.filename||r,content:DS.default.Readable.fromWeb(e.body)}}s(Uv,"processUrlAttachment");async function CS(t){let e=up(t.url);if(e===null)throw new Error("Invalid signed URL");let{bucket:r,path:n}=e,{stream:i}=await Cu(r,n),o=Js.default.basename(n);return{bucket:r,path:n,filename:t.filename||o,content:i}}s(CS,"processObjectStoreAttachment");async function Lv(t){return t.url?.startsWith("http://")||t.url?.startsWith("https://")?await Uv(t):await CS(t)}s(Lv,"processAutomationAttachment");var kv=require("sanitize-s3-objectkey"),Mv={bucketCreationPromises:{}},mp="/files/signed",_r={txt:"text/plain",html:"text/html",css:"text/css",js:"application/javascript",json:"application/json",gz:"application/gzip",svg:"image/svg+xml",form:"multipart/form-data"},Fv=[_r.html,_r.css,_r.js,_r.json];function ge(t){return kv(xe(t)).replace(/\\/g,"/")}s(ge,"sanitizeKey");function xe(t){return t.replace(new RegExp(rt,"g"),tt)}s(xe,"sanitizeBucket");function ot(t={presigning:!1}){let e={forcePathStyle:!0,credentials:{accessKeyId:g.MINIO_ACCESS_KEY,secretAccessKey:g.MINIO_SECRET_KEY},region:g.AWS_REGION};if(!g.MINIO_ENABLED&&g.AWS_SESSION_TOKEN&&(e.credentials={accessKeyId:g.MINIO_ACCESS_KEY,secretAccessKey:g.MINIO_SECRET_KEY,sessionToken:g.AWS_SESSION_TOKEN}),g.MINIO_URL&&(t.presigning&&g.MINIO_ENABLED?e.endpoint="http://minio-service":e.endpoint=g.MINIO_URL),g.S3_IGNORE_SELF_SIGNED==="true"){let r=new vS.default.Agent({rejectUnauthorized:!1});e.requestHandler=new xS.NodeHttpHandler({httpsAgent:r})}return new xu.S3(e)}s(ot,"ObjectStore");async function eo(t,e){e=xe(e);try{return await t.headBucket({Bucket:e}),{created:!1,exists:!0}}catch(r){let n=r.statusCode||r.$response?.statusCode,i=Mv.bucketCreationPromises,o=n===404,a=n===403;if(i[e])return await i[e],{created:!1,exists:!0};if(o||a){if(o)return i[e]=t.createBucket({Bucket:e}).catch(u=>{if(u.Code!=="BucketAlreadyOwnedByYou")throw u}),await i[e],delete i[e],{created:!0,exists:!1};throw new Error("Access denied to object store bucket."+r)}else throw new Error("Unable to write to object store bucket.")}}s(eo,"createBucketIfNotExists");var Bv=s((t,e)=>{if(e)return e;let r=t.split(".").pop();return r?_r[r.toLowerCase()]:_r.txt},"resolveContentType"),PS=s(async(t,e,r)=>{let n=xe(t),i=ot(),o=await eo(i,n);if(r.addTags({bucketCreated:o.created,bucketExists:o.exists}),e&&o.created){let a=Ru(n,e);await i.putBucketLifecycleConfiguration(a)}return{bucket:n,client:i,bucketCreated:o}},"initialiseBucket"),NS=s(async({client:t,bucket:e,filename:r,stream:n,type:i,extra:o})=>{if(!n)throw new Error("Stream to upload is invalid/undefined");let a=Bv(r,i),u=ge(r),c={Bucket:e,Key:u,Body:n,ContentType:a,...o??{}};return{details:await new cp.Upload({client:t,params:c}).done(),contentType:a}},"streamUploadInternal");async function Wv({bucket:t,filename:e,path:r,type:n,metadata:i,body:o,ttl:a}){let u=e.split(".").pop(),c=r?(await Xs.default.open(r)).createReadStream():o,l=ot(),d=await eo(l,t);if(a&&d.created){let m=Ru(t,a);await l.putBucketLifecycleConfiguration(m)}let f=n,h=f||(u?_r[u.toLowerCase()]:_r.txt),p={Bucket:xe(t),Key:ge(e),Body:c,ContentType:h};if(i&&typeof i=="object"){for(let m of Object.keys(i))(!i[m]||typeof i[m]!="string")&&delete i[m];p.Metadata=i}return new cp.Upload({client:l,params:p}).done()}s(Wv,"upload");async function US({bucket:t,stream:e,filename:r,type:n,extra:i,ttl:o}){return await Yt.default.trace("streamUpload",async a=>{a.addTags({bucketName:t,filename:r,type:n,ttl:o});let u=r.split(".").pop();a.addTags({extension:u});let{bucket:c,client:l}=await PS(t,o,a),{details:d,contentType:f}=await NS({client:l,bucket:c,filename:r,stream:e,type:n,extra:i}),h=await l.headObject({Bucket:c,Key:ge(r)});return a.addTags({contentType:f,contentLength:h.ContentLength}),{...d,ContentLength:h.ContentLength}})}s(US,"streamUpload");async function $v({bucket:t,files:e,ttl:r}){return await Yt.default.trace("streamUploadMany",async i=>{if(i.addTags({bucketName:t,ttl:r,fileCount:e.length}),!e.length)return[];let{bucket:o,client:a}=await PS(t,r,i),u=e.map((l,d)=>({...l,index:d})),c=new Array(e.length);return await Ot.parallelForeach(u,async l=>{let{details:d}=await NS({client:a,bucket:o,filename:l.filename,stream:l.stream,type:l.type,extra:l.extra});c[l.index]=d},10),c})}s($v,"streamUploadMany");async function LS(t,e){return await Yt.default.trace("retrieve",async r=>{r.addTags({bucketName:t,filepath:e});let n=ot(),i={Bucket:xe(t),Key:ge(e)},o=await n.getObject(i);if(!o.Body)throw new Error("Unable to retrieve object");if(r.addTags({contentLength:o.ContentLength,contentType:o.ContentType}),Fv.includes(o.ContentType))return r.addTags({string:!0}),o.Body.transformToString();{r.addTags({string:!1});let a=o.Body.transformToWebStream();return vu.default.Readable.fromWeb(a)}})}s(LS,"retrieve");async function*hp(t,e){let r=ot(),n=s((a={})=>r.listObjectsV2({...a,Bucket:xe(t),Prefix:ge(e)}),"list"),i=!1,o;do{let a={};o&&(a.ContinuationToken=o);let u=await n(a);if(u.Contents)for(let c of u.Contents)yield c;i=!!u.IsTruncated,o=u.NextContinuationToken}while(i&&o)}s(hp,"listAllObjects");async function Gv(t,e){let r={};return await Ot.parallelForeach(hp(t,e),async n=>{if(!n.Key)throw new Error("file.Key must be defined");r[n.Key]=n},5),r}s(Gv,"getAllFiles");async function fn(t,e,r=3600){let n=ot({presigning:!0}),i={Bucket:xe(t),Key:ge(e)},o=await(0,bS.getSignedUrl)(n,new xu.GetObjectCommand(i),{expiresIn:r});if(g.MINIO_ENABLED){let a=new URL(o),u=a.pathname,c=a.search;return`${mp}${u}${c}`}else return o}s(fn,"getPresignedUrl");async function Vv(t,e){return await Yt.default.trace("retrieveToTmp",async r=>{r.addTags({bucketName:t,filepath:e}),t=xe(t),e=ge(e);let n=await LS(t,e),i=(0,Or.join)(dn(),(0,fp.v4)());return r.addTags({outputPath:i}),n instanceof vu.default.Readable?(r.addTags({stream:!0}),await(0,Zs.pipeline)(n,ui.default.createWriteStream(i))):(r.addTags({stream:!1}),ui.default.writeFileSync(i,n)),i})}s(Vv,"retrieveToTmp");async function qv(t,e,r){return await Yt.default.trace("retrieveDirectory",async n=>{n.addTags({bucketName:t,path:e});let i=(0,Or.join)(dn(),(0,fp.v4)());await Xs.default.mkdir(i,{recursive:!0});let o=0;return await Ot.parallelForeach(hp(t,e),async a=>{let{Key:u}=a;!u||r?.some(c=>c.test(u))||(o++,await Yt.default.trace("retrieveDirectory.object",async c=>{let l=a.Key;c.addTags({filename:l});let{stream:d}=await Cu(t,l),f=l.split("/"),h=f.slice(0,f.length-1),p=(0,Or.join)(i,...h);f.length>1&&!ui.default.existsSync(p)&&await Xs.default.mkdir(p,{recursive:!0}),await(0,Zs.pipeline)(d,ui.default.createWriteStream((0,Or.join)(i,...f),{mode:420}))}))},5),n.addTags({numObjects:o}),i})}s(qv,"retrieveDirectory");async function Kv(t,e){let r=ot();await eo(r,t);let n={Bucket:t,Key:ge(e)};return r.deleteObject(n)}s(Kv,"deleteFile");async function Qv(t,e){let r=ot();await eo(r,t);let n={Bucket:t,Delete:{Objects:e.map(i=>({Key:ge(i)}))}};return r.deleteObjects(n)}s(Qv,"deleteFiles");async function kS(t,e){t=xe(t),e=ge(e);let r=ot(),n={Bucket:t,Prefix:e},i=await r.listObjects(n);if(i.Contents?.length===0)return;let o={Bucket:t,Delete:{Objects:[]}};if(i.Contents?.forEach(a=>{o.Delete.Objects.push({Key:a.Key})}),o.Delete.Objects.length&&(await r.deleteObjects(o)).Deleted?.length===1e3)return kS(t,e)}s(kS,"deleteFolder");async function gp(t,e,r){return await Yt.default.trace("uploadDirectory",async n=>{n.addTags({bucketName:t,localPath:e,bucketPath:r}),t=xe(t);let i=await Xs.default.readdir(e,{withFileTypes:!0});n.addTags({numFiles:i.length});for(let o of i){let a=ge((0,Or.join)(r,o.name)),u=(0,Or.join)(e,o.name);o.isDirectory()?await gp(t,u,a):await US({bucket:t,filename:a,stream:ui.default.createReadStream(u)})}return i})}s(gp,"uploadDirectory");async function jv(t,e,r={}){e=ge(e);let n=await(0,lp.default)(t,{headers:r});if(!n.ok)throw new Error(`unexpected response ${n.statusText}`);await(0,Zs.pipeline)(n.body,pp.default.createUnzip(),dp.default.extract(e))}s(jv,"downloadTarballDirect");async function Hv(t,e,r){e=xe(e),r=ge(r);let n=await(0,lp.default)(t);if(!n.ok)throw new Error(`unexpected response ${n.statusText}`);let i=(0,Or.join)(dn(),r);return await(0,Zs.pipeline)(n.body,pp.default.createUnzip(),dp.default.extract(i)),!g.isTest()&&g.SELF_HOSTED&&await gp(e,i,r),i}s(Hv,"downloadTarball");async function Cu(t,e){return await Yt.default.trace("getReadStream",async r=>{t=xe(t),e=ge(e),r.addTags({bucketName:t,path:e});let n=ot(),i={Bucket:t,Key:e},o=await n.getObject(i);if(!o.Body||!(o.Body instanceof vu.default.Readable))throw new Error("Unable to retrieve stream - invalid response");return r.addTags({contentLength:o.ContentLength,contentType:o.ContentType}),{stream:o.Body,contentLength:o.ContentLength,contentType:o.ContentType}})}s(Cu,"getReadStream");async function Yv(t,e){t=xe(t),e=ge(e);let r=ot(),n={Bucket:t,Key:e};try{return await r.headObject(n)}catch{throw new Error("Unable to retrieve metadata from object")}}s(Yv,"getObjectMetadata");async function zv(t,e){t=xe(t),e=ge(e);let r=ot(),n={Bucket:t,Key:e};try{return await r.headObject(n),!0}catch(i){if((i.statusCode||i.$response?.statusCode)===404)return!1;throw i}}s(zv,"objectExists");function up(t){let e=t.split("?")[0],r=new RegExp(`^${mp}/(?<bucket>[^/]+)/(?<path>.+)$`),n=e.match(r);if(n&&n.groups){let{bucket:i,path:o}=n.groups;return{bucket:i,path:o}}return null}s(up,"extractBucketAndPath");var FS=B(require("querystring"));var MS=B(require("aws-cloudfront-sign"));var Pu;function Jv(){if(!g.CLOUDFRONT_PRIVATE_KEY_64)throw new Error("CLOUDFRONT_PRIVATE_KEY_64 is not set");return Pu||(Pu=Buffer.from(g.CLOUDFRONT_PRIVATE_KEY_64,"base64").toString("utf-8"),Pu)}s(Jv,"getPrivateKey");var Xv=s(()=>({keypairId:g.CLOUDFRONT_PUBLIC_KEY_ID,privateKeyString:Jv(),expireTime:new Date().getTime()+1e3*60*60*24}),"getCloudfrontSignParams"),ci=s(t=>{let e=Zv(t);return MS.getSignedUrl(e,Xv())},"getPresignedUrl"),Zv=s(t=>{let e="/";return t.startsWith("/")&&(e=""),`${g.CLOUDFRONT_CDN}${e}${t}`},"getUrl");function eP(t){return`${ge(t)}/budibase-client.js`}s(eP,"clientLibraryPath");function tP(t,e){return`${ge(t)}/${e}`}s(tP,"client3rdPartyLibrary");async function rP(t,e){return`/api/assets/${t}/client?${await BS(e)}`}s(rP,"clientLibraryUrl");async function BS(t){let e,r;try{e=$()}finally{r={version:t}}return e&&e!==ae&&(r.tenantId=e),FS.default.encode(r)}s(BS,"getClientCacheKey");async function WS(t){return g.CLOUDFRONT_CDN?ci(t):await fn(g.APPS_BUCKET_NAME,t)}s(WS,"getAppFileUrl");async function nP(t){if(t.length===0)return[];try{return await Promise.all(t.map(async e=>({...e,src:await WS(e.src),type:e.type||"image/png"})))}catch(e){return console.error("Error enriching PWA images:",e),t}}s(nP,"enrichPWAImages");var iP=s(async(t,e,r)=>{let n=$S(t,e);return g.CLOUDFRONT_CDN?(r&&(n=`${n}?etag=${r}`),ci(n)):await fn(g.GLOBAL_BUCKET_NAME,n)},"getGlobalFileUrl"),$S=s((t,e)=>{let r=`${t}/${e}`;return g.MULTI_TENANCY&&(r=`${$()}/${r}`),r},"getGlobalFileS3Key");async function sP(t){return!t||!t.length?[]:await Promise.all(t.map(async e=>{let r=await oP(e),n=await aP(e);return{...e,jsUrl:r,iconUrl:n}}))}s(sP,"enrichPluginURLs");async function oP(t){let e=VS(t);return GS(e)}s(oP,"getPluginJSUrl");async function aP(t){let e=qS(t);if(e)return GS(e)}s(aP,"getPluginIconUrl");async function GS(t){return g.CLOUDFRONT_CDN?ci(t):await fn(g.PLUGIN_BUCKET_NAME,t)}s(GS,"getPluginUrl");function VS(t){return KS(t,"plugin.min.js")}s(VS,"getPluginJSKey");function qS(t){let e=t.iconUrl?"icon.svg":t.iconFileName;if(e)return KS(t,e)}s(qS,"getPluginIconKey");function KS(t,e){return`${QS(t.name)}/${e}`}s(KS,"getPluginS3Key");function QS(t){let e=`${t}`;return g.MULTI_TENANCY&&(e=`${$()}/${e}`),g.CLOUDFRONT_CDN&&(e=`plugins/${e}`),e}s(QS,"getPluginS3Dir");var YS="budibase.log",zS="budibase-logs-history.txt",JS=Tp.default.join(dn(),"systemlogs");function jS(t){return Tp.default.join(JS,t)}s(jS,"getFullPath");function XS(t){let e=/(\d+)([A-Za-z])/,r=t?.match(e);if(!r){console.warn("totalMaxSize does not have a valid value",{totalMaxSize:t});return}let n=+r[1],i=r[2];if(n===1)switch(i){case"B":return{size:`${n}B`,totalHistoryFiles:1};case"K":return{size:`${n*1e3/2}B`,totalHistoryFiles:1};case"M":return{size:`${n*1e3/2}K`,totalHistoryFiles:1};case"G":return{size:`${n*1e3/2}M`,totalHistoryFiles:1};default:return}return n%2===0?{size:`${n/2}${i}`,totalHistoryFiles:1}:{size:`1${i}`,totalHistoryFiles:n-1}}s(XS,"getSingleFileMaxSizeInfo");function Sp(){let t=XS(g.ROLLING_LOG_MAX_SIZE);return HS.createStream(YS,{size:t?.size,path:JS,maxFiles:t?.totalHistoryFiles||1,immutable:!0,history:zS,initialRotation:!1})}s(Sp,"localFileDestination");function uP(){let t=[],e=jS(zS);if(to.default.existsSync(e)){let i=to.default.readFileSync(e,"utf-8").split(`
|
|
37
|
-
`);for(let o of i.filter(a=>a))t.push(to.default.readFileSync(o))}return t.push(to.default.readFileSync(jS(YS))),Buffer.concat(t.map(n=>new Uint8Array(n)))}s(uP,"getLogReadStream");function cP(t){return typeof t=="object"&&t!==null&&!(t instanceof Error)}s(cP,"isPlainObject");function lP(t){return t instanceof Error}s(lP,"isError");function dP(t){return typeof t=="string"}s(dP,"isMessage");var Ir;if(!g.DISABLE_PINO_LOGGER){let t=g.LOG_LEVEL,e={level:t,formatters:{level:c=>({level:c.toUpperCase()}),bindings:()=>g.SELF_HOSTED?{service:g.SERVICE_NAME}:{}},timestamp:()=>`,"timestamp":"${new Date(Date.now()).toISOString()}"`},r=[];r.push(g.isDev()?{stream:(0,ZS.default)({singleLine:!0}),level:t}:{stream:process.stdout,level:t}),g.SELF_HOSTED&&r.push({stream:Sp(),level:t}),Ir=r.length?(0,Nu.default)(e,Nu.default.multistream(r)):(0,Nu.default)(e);let n=s(c=>{let l,d=[],f="";c.forEach(E=>{dP(E)&&(f=`${f} ${E}`.trimStart()),cP(E)&&d.push(E),lP(E)&&(l=E)});let h=u(),p={};p={tenantId:i(),appId:o(),automationId:a(),identityId:h?._id,identityType:h?.type,correlationId:ap()};let S=_p.default.scope().active();S&&_p.default.inject(S.context(),eA.formats.LOG,p);let m={err:l,pid:process.pid,...p};if(d.length){let E={},y=0;for(let I=0;I<d.length;I++){let O=d[I],w=O._logKey;w?(delete O._logKey,m[w]=O):(E[y]=O,y++)}Object.keys(E).length&&(m.data=E)}return[m,f]},"getLogParams");console.log=(...c)=>{let[l,d]=n(c);Ir?.info(l,d)},console.info=(...c)=>{let[l,d]=n(c);Ir?.info(l,d)},console.warn=(...c)=>{let[l,d]=n(c);Ir?.warn(l,d)},console.error=(...c)=>{let[l,d]=n(c);Ir?.error(l,d)},console.trace=(...c)=>{let[l,d]=n(c);l.err||(l.err=new Error),Ir?.trace(l,d)},console.debug=(...c)=>{let[l,d]=n(c);Ir?.debug(l,d)};let i=s(()=>{let c;try{c=$()}catch{}return c},"getTenantId"),o=s(()=>{let c;try{c=be()}catch{}return c},"getAppId"),a=s(()=>{let c;try{c=Cf()}catch{}return c},"getAutomationId"),u=s(()=>{let c;try{c=Gt()}catch{}return c},"getIdentity")}var Uu=Ir;var fP=["AccountError"];function pP(t){return t&&t.suppressAlert}s(pP,"isSuppressed");function pn(t,e){e&&fP.includes(e.name)&&pP(e)||console.error(`bb-alert: ${t}`,e)}s(pn,"logAlert");function mP(t,e,r,n){t=`${t} - db: ${e} - doc: ${r} - error: `,pn(t,n)}s(mP,"logAlertWithInfo");function li(t,e){console.warn(`bb-warn: ${t}`,e)}s(li,"logWarn");var Lu=class extends Error{static{s(this,"UnretriableError")}constructor(e){super(e),this.name="PermanentError"}},Op=class{static{s(this,"QueuedProcessor")}constructor(e,r={}){let{maxAttempts:n=3,removeOnFail:i=!0,removeOnComplete:o=!0,maxStalledCount:a=3}=r;this.waitForCompletionMs=r.waitForCompletionMs||1e4,this._queue=new Et(e,{maxStalledCount:a,jobOptions:{attempts:n,removeOnFail:i,removeOnComplete:o}}),this._queue.process(async(u,c)=>{try{let l=await this.processFn(u.data);c?.(null,l)}catch(l){l instanceof Lu&&await u.discard(),pn(`Failed to process job in ${this._queue.name}`,l),c?.(l)}})}async close(e){await this._queue.close(e)}async execute(e){try{let r=await this._queue.add(e);return{success:!0,result:await Ue.withTimeout(this.waitForCompletionMs,()=>r.finished())}}catch(r){if(r.errno!=="ETIME")throw r;return{success:!1,reason:"timeout"}}}};var hP=100,ku,no=class t{static{s(this,"DocWritethroughProcessor")}static get queue(){return t._queue||(t._queue=new Et("docWritethroughQueue",{jobOptions:{attempts:hP}})),t._queue}init(){return t.queue.process(async e=>{try{await this.persistToDb(e.data)}catch(r){throw r.status===409?new Error(`Conflict persisting message ${e.id}. Attempt ${e.attemptsMade}`):r}}),this}async persistToDb({dbName:e,docId:r,data:n}){if(r.startsWith("scimlog"))return;let i=Re(e),o;try{o=await i.get(r)}catch{o={_id:r}}o={...o,...n},await i.put(o)}},wp=class{static{s(this,"DocWritethrough")}constructor(e,r){this.db=e,this._docId=r}get docId(){return this._docId}async patch(e){await no.queue.add({dbName:this.db.name,docId:this.docId,data:e})}};function tA(){return ku=new no().init(),ku}s(tA,"init");function gP(){return ku||tA()}s(gP,"getProcessor");var so={};P(so,{CacheKey:()=>ye,TTL:()=>gn,bustCache:()=>di,destroy:()=>io,get:()=>En,keys:()=>Mu,store:()=>zt,withCache:()=>wr,withCacheWithDynamicTTL:()=>rA});function bt(t){let e=$();return`${t}:${e}`}s(bt,"generateTenantKey");var mn=class{static{s(this,"BaseCache")}constructor(e=void 0){this.client=e}async getClient(){return this.client?this.client:await kf()}async keys(e){return(await this.getClient()).keys(e)}async exists(e,r={useTenancy:!0}){return e=r.useTenancy?bt(e):e,(await this.getClient()).exists(e)}async scan(e,r={useTenancy:!0}){return e=r.useTenancy?bt(e):e,(await this.getClient()).scan(e)}async get(e,r={useTenancy:!0}){return e=r.useTenancy?bt(e):e,(await this.getClient()).get(e)}async bulkGet(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>bt(i)):e,(await this.getClient()).bulkGet(e)}async store(e,r,n=null,i={useTenancy:!0}){e=i.useTenancy?bt(e):e,await(await this.getClient()).store(e,r,n)}async bulkStore(e,r=null,n={useTenancy:!0}){n.useTenancy&&(e=Object.entries(e).reduce((o,[a,u])=>(o[bt(a)]=u,o),{})),await(await this.getClient()).bulkStore(e,r)}async delete(e,r={useTenancy:!0}){return e=r.useTenancy?bt(e):e,(await this.getClient()).delete(e)}async bulkDelete(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>bt(i)):e,(await this.getClient()).bulkDelete(e)}async withCache(e,r=null,n,i={useTenancy:!0}){let o=await this.get(e,i);if(o)return o;try{let a=await n();return await this.store(e,a,r,i),a}catch(a){throw console.error("Error fetching before cache - ",a),a}}async withCacheWithDynamicTTL(e,r,n={useTenancy:!0}){let i=await this.get(e,n);if(i)return i;try{let o=await r(),{value:a,ttl:u}=o;return await this.store(e,a,u,{useTenancy:n.useTenancy}),a}catch(o){throw console.error("Error fetching before cache - ",o),o}}async bustCache(e){let r=await this.getClient();try{await r.delete(bt(e))}catch(n){throw console.error("Error busting cache - ",n),n}}async deleteIfValue(e,r,n={useTenancy:!0}){e=n.useTenancy?bt(e):e,await(await this.getClient()).deleteIfValue(e,r)}};var hn=new mn,ye={CHECKLIST:"checklist",INSTALLATION:"installation",ANALYTICS_ENABLED:"analyticsEnabled",UNIQUE_TENANT_ID:"uniqueTenantId",EVENTS:"events",BACKFILL_METADATA:"backfillMetadata",EVENTS_RATE_LIMIT:"eventsRateLimit",OAUTH2_TOKEN:t=>`oauth2Token_${t}`},gn=(n=>(n[n.ONE_MINUTE=600]="ONE_MINUTE",n[n.ONE_HOUR=3600]="ONE_HOUR",n[n.ONE_DAY=86400]="ONE_DAY",n))(gn||{}),Mu=s((...t)=>hn.keys(...t),"keys"),En=s((...t)=>hn.get(...t),"get"),zt=s((...t)=>hn.store(...t),"store"),io=s((...t)=>hn.delete(...t),"destroy"),wr=s((...t)=>hn.withCache(...t),"withCache"),rA=s((...t)=>hn.withCacheWithDynamicTTL(...t),"withCacheWithDynamicTTL"),di=s((...t)=>hn.bustCache(...t),"bustCache");var bp={};P(bp,{createCode:()=>IP,deleteCode:()=>DP,getCode:()=>wP,getExistingInvites:()=>Cp,getInviteCodes:()=>cA,updateCode:()=>OP});var Tn={};P(Tn,{AUTO_EXTEND_POLLING_MS:()=>sA,doWithLock:()=>oo,newRedlock:()=>yn});var iA=B(require("redlock"));async function EP(t,e){if(t==="custom")return yn(e);switch(t){case"try_once":return yn(fi.TRY_ONCE);case"try_twice":return yn(fi.TRY_TWICE);case"default":return yn(fi.DEFAULT);case"delay_500":return yn(fi.DELAY_500);case"auto_extend":return yn(fi.AUTO_EXTEND);default:throw Ot.unreachable(t)}}s(EP,"getClient");var fi={TRY_ONCE:{retryCount:0},TRY_TWICE:{retryCount:1},DEFAULT:{driftFactor:.01,retryCount:10,retryDelay:200,retryJitter:100},DELAY_500:{retryDelay:500},CUSTOM:{},AUTO_EXTEND:{retryCount:-1}};async function yn(t={}){let e={...fi.DEFAULT,...t},n=(await Ff()).client;return new iA.default([n],e)}s(yn,"newRedlock");function yP(t){let r=`lock:${t.systemLock?"system":$()}_${t.name}`;return t.resource&&(r=r+`_${t.resource}`),r}s(yP,"getLockName");var sA=pe.fromSeconds(10).toMs();async function oo(t,e){let r=await EP(t.type,t.customOptions),n,i;try{let o=yP(t),a=t.type==="auto_extend"?sA:t.ttl;if(n=await r.lock(o,a),t.type==="auto_extend"){let c=s(()=>{i=setTimeout(async()=>{n=await n.extend(a,()=>t.onExtend&&t.onExtend()),c()},a/2)},"extendInIntervals");c()}return{executed:!0,result:await e()}}catch(o){if(o.name==="LockError"){if(t.type==="try_once")return{executed:!1};throw o}else throw o}finally{clearTimeout(i),await n?.unlock()}}s(oo,"doWithLock");var oA=pe.fromDays(7).toSeconds(),SP=pe.fromSeconds(10).toMs(),Fu="Invitation is not valid or has expired, please request a new one.";function aA(t,e){if(!t)return null;let r=t.tenantId||e;return r?{tenantId:r,invites:t.invites||{}}:null}s(aA,"normaliseInviteList");function AP(t){let e=!1,r=Date.now();for(let[n,i]of Object.entries(t.invites))(!i?.expiresAt||i.expiresAt<=r)&&(delete t.invites[n],e=!0);return{list:t,changed:e}}s(AP,"pruneExpiredInvites");async function Rp(t){let r=await(await Ls()).get(t);return aA(r,t)}s(Rp,"loadInviteList");async function ao(t,e){await(await Ls()).store(t,e)}s(ao,"saveInviteList");async function uo(t,e){let{result:r}=await oo({type:"default",name:"process_user_invite",systemLock:!0,resource:t,ttl:SP},e);return r}s(uo,"withInviteListLock");function _P(t,e){return{code:t,email:e.email,info:e.info}}s(_P,"toInviteWithCode");async function uA(t,e){let r=await Ls(),n=aA(await r.get(e),e);if(!n)throw new Error(Fu);if(!Object.keys(n.invites).includes(t))throw new Error(Fu);return{list:n,invite:n.invites[t]}}s(uA,"findInviteInList");async function OP(t,e){let r={...e.info},n=r.tenantId||$();r.tenantId=n,await uo(n,async()=>{let i=await Rp(n)||{tenantId:n,invites:{}};i.invites[t]={email:e.email,info:r,expiresAt:Date.now()+oA*1e3},await ao(n,i)})}s(OP,"updateCode");async function IP(t,e){let r=ee(),n={...e||{}},i=n.tenantId||$();return n.tenantId=i,await uo(i,async()=>{let o=await Rp(i)||{tenantId:i,invites:{}};o.invites[r]={email:t,info:n,expiresAt:Date.now()+oA*1e3},await ao(i,o)}),r}s(IP,"createCode");async function wP(t,e){let r=e||$();return await uo(r,async()=>{let n=await uA(t,r),{list:i,invite:o}=n;if(o.expiresAt<=Date.now())throw delete i.invites[t],await ao(i.tenantId,i),new Error(Fu);return{email:o.email,info:o.info}})}s(wP,"getCode");async function DP(t,e){let r=e||$();try{await uo(r,async()=>{let n=await uA(t,r);delete n.list.invites[t],await ao(n.list.tenantId,n.list)})}catch(n){if(n instanceof Error&&n.message===Fu)return;throw n}}s(DP,"deleteCode");async function cA(){let t=$(),e=await uo(t,async()=>{let n=await Rp(t)||{tenantId:t,invites:{}},i=AP(n);return n=i.list,i.changed&&await ao(t,n),n}),r=new Map;for(let[n,i]of Object.entries(e.invites))r.set(n,_P(n,i));return Array.from(r.values())}s(cA,"getInviteCodes");async function Cp(t){let e=new Set(t.map(r=>r.toLowerCase()));return(await cA()).filter(r=>e.has(r.email.toLowerCase()))}s(Cp,"getExistingInvites");var xp={};P(xp,{createCode:()=>CP,getCode:()=>bP,invalidateCode:()=>xP});var RP=pe.fromHours(1).toSeconds();async function CP(t,e){let r=ee();return await(await ks()).store(r,{userId:t,info:e},RP),r}s(CP,"createCode");async function bP(t){let r=await(await ks()).get(t);if(!r)throw new Error("Provided information is not valid, cannot reset password - please try again.");return r}s(bP,"getCode");async function xP(t){await(await ks()).delete(t)}s(xP,"invalidateCode");var br={};P(br,{getUser:()=>xo,getUsers:()=>s0,invalidateUser:()=>vo});var co={};P(co,{getPlatformDB:()=>Dr,users:()=>yt});var yt={};P(yt,{addSsoUser:()=>dA,addUser:()=>kP,getUserDoc:()=>lA,lookupTenantId:()=>vP,removeUser:()=>MP,updateUserDoc:()=>PP});function Dr(){return Re(fe.PLATFORM_INFO.name)}s(Dr,"getPlatformDB");async function vP(t){return g.MULTI_TENANCY?(await lA(t)).tenantId:ae}s(vP,"lookupTenantId");async function lA(t){return Dr().get(t)}s(lA,"getUserDoc");async function PP(t){await Dr().put(t)}s(PP,"updateUserDoc");function NP(t,e){return{_id:t,tenantId:e}}s(NP,"newUserIdDoc");function UP(t,e,r){return{_id:e,userId:t,tenantId:r}}s(UP,"newUserEmailDoc");function LP(t,e,r,n){return{_id:t,userId:r,email:e,tenantId:n}}s(LP,"newUserSsoIdDoc");async function vp(t,e){let r=Dr(),n;try{await r.get(t)}catch(i){if(i.status===404)n=e(),await r.put(n);else throw i}}s(vp,"addUserDoc");async function dA(t,e,r,n){return vp(t,()=>LP(t,e,r,n))}s(dA,"addSsoUser");async function kP(t,e,r,n){let i=[vp(e,()=>NP(e,t)),vp(r,()=>UP(e,r,t))];n&&i.push(dA(n,r,e,t)),await Promise.all(i)}s(kP,"addUser");async function MP(t){let e=Dr(),r=[t._id,t.email],n=await e.allDocs({keys:r,include_docs:!0});await e.bulkRemove(n.rows.map(i=>i.doc),{silenceErrors:!0})}s(MP,"removeUser");var Sn={};P(Sn,{getAccount:()=>Rr,getAccountByTenantId:()=>pi,getStatus:()=>FP});var fA=B(require("node-fetch"));var lo=class{static{s(this,"API")}constructor(e){this.host=e}async apiCall(e,r,n){n.headers||(n.headers={}),n.headers["Content-Type"]||(n.headers={"Content-Type":"application/json",Accept:"application/json",...n.headers});let i=n.headers["Content-Type"]==="application/json";zs.setHeader(n.headers);let o={method:e,body:i?JSON.stringify(n.body):n.body,headers:n.headers,credentials:"include"};return await(0,fA.default)(`${this.host}${r}`,o)}async post(e,r){return this.apiCall("POST",e,r)}async get(e,r){return this.apiCall("GET",e,r)}async patch(e,r){return this.apiCall("PATCH",e,r)}async del(e,r){return this.apiCall("DELETE",e,r)}async put(e,r){return this.apiCall("PUT",e,r)}};var Pp=new lo(g.INTERNAL_ACCOUNT_PORTAL_URL),Np=g.SELF_HOSTED||g.DISABLE_ACCOUNT_PORTAL,Rr=s(async t=>{if(Np)return;let e={email:t},r=await Pp.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by email ${t}`);return(await r.json())[0]},"getAccount"),pi=s(async t=>{if(Np)return;let e={tenantId:t},r=await Pp.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by tenantId ${t}`);return(await r.json())[0]},"getAccountByTenantId"),FP=s(async()=>{if(Np)return;let t=await Pp.get("/api/status",{headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}}),e=await t.json();if(t.status!==200)throw new Error("Error getting status");return e},"getStatus");var yi={};P(yi,{UserDB:()=>vt,addAppBuilder:()=>t0,bulkGetGlobalUsersById:()=>uc,bulkUpdateGlobalUsers:()=>Ro,cleanseUserObject:()=>tm,creatorsInList:()=>On,doesUserExist:()=>zL,getAccountHolderFromUsers:()=>ac,getAllUserIds:()=>HL,getAllUsers:()=>YL,getById:()=>In,getCreatorCount:()=>ZL,getExistingAccounts:()=>Ei,getExistingPlatformUsers:()=>e_,getExistingTenantUsers:()=>ZA,getFirstPlatformUser:()=>wo,getGlobalUserByAppPage:()=>a_,getGlobalUserByEmail:()=>At,getPlatformUsers:()=>nc,getUserCount:()=>XL,hasAdminPermissions:()=>Cr,hasAppBuilderPermissions:()=>n_,hasBuilderPermissions:()=>Me,isAdmin:()=>xt,isAdminOrBuilder:()=>r_,isAdminOrWorkspaceBuilder:()=>ic,isBuilder:()=>Ai,isCreatorAsync:()=>Do,isCreatorSync:()=>sc,isGlobalBuilder:()=>t_,paginatedUsers:()=>c_,removeAppBuilder:()=>r0,removePortalUserPermissions:()=>e0,searchExistingEmails:()=>zp,searchGlobalUsersByApp:()=>o_,searchGlobalUsersByAppAccess:()=>em,searchGlobalUsersByEmail:()=>u_,validateUniqueUser:()=>oc});var ju={};P(ju,{ActiveContentFileError:()=>$u,BadRequestError:()=>po,BudibaseError:()=>fo,EmailUnavailableError:()=>Jt,FeatureDisabledError:()=>qu,ForbiddenError:()=>Gu,HTTPError:()=>ke,NotFoundError:()=>Wu,NotImplementedError:()=>Vu,UnexpectedError:()=>Bu,UsageLimitError:()=>Ku,getErrorMessage:()=>pA,getPublicError:()=>Qu});var fo=class extends Error{constructor(r,n){super(r);this.code=n}static{s(this,"BudibaseError")}};function pA(t){if(t==null)return"No error provided.";if(t instanceof Error)return t.message;if(typeof t=="string")return t;if(typeof t=="object"&&"message"in t)return String(t.message);try{let r=JSON.stringify(t);if(r!=="{}")return r}catch{}let e=String(t);return e!=="[object Object]"?e:"An unknown error occurred"}s(pA,"getErrorMessage");var Qu=s(t=>{let e;return t.code&&(e={code:t.code},t.getPublicError&&(e={...e,...t.getPublicError()})),e},"getPublicError"),ke=class t extends fo{constructor(r,n,i="http"){super(r,i);this.status=n}static{s(this,"HTTPError")}static async fromResponse(r){let n=await r.text(),i=n,o=r.status,a="http";try{let u=JSON.parse(n);i=u.error?.message||u.message,o=u.status??r.status,a=u.error?.code??r.statusText}catch{}return new t(i,o,a)}},Bu=class extends ke{static{s(this,"UnexpectedError")}constructor(e){super(e,500)}},Wu=class extends ke{static{s(this,"NotFoundError")}constructor(e){super(e,404)}},po=class extends ke{static{s(this,"BadRequestError")}constructor(e){super(e,400)}},$u=class extends po{static{s(this,"ActiveContentFileError")}constructor(e){super(`File "${e}" contains active content which is not permitted`)}},Gu=class extends ke{static{s(this,"ForbiddenError")}constructor(e){super(e,403)}},Vu=class extends ke{static{s(this,"NotImplementedError")}constructor(e){super(e,501)}},qu=class extends Error{static{s(this,"FeatureDisabledError")}constructor(e){super(`Feature disabled: '${e}'`)}},Ku=class extends Error{static{s(this,"UsageLimitError")}constructor(e){super(`Usage limit exceeded: '${e}'`)}},Jt=class extends Error{static{s(this,"EmailUnavailableError")}constructor(e){super(`Email already in use: '${e}'`)}};var Mp={};P(Mp,{PASSWORD_MAX_LENGTH:()=>Lp,PASSWORD_MIN_LENGTH:()=>Up,validatePassword:()=>kp});var Up=+(g.PASSWORD_MIN_LENGTH||12),Lp=+(g.PASSWORD_MAX_LENGTH||512);function kp(t){return!t||t.length<Up?{valid:!1,error:`Password invalid. Minimum ${Up} characters.`}:t.length>Lp?{valid:!1,error:`Password invalid. Maximum ${Lp} characters.`}:{valid:!0}}s(kp,"validatePassword");var Hu={};P(Hu,{createASession:()=>BP,endSession:()=>WP,getSession:()=>Bp,getSessionsForUser:()=>mo,invalidateSessions:()=>An,updateSessionTTL:()=>Fp});var hA=require("uuid");var gA=g.SESSION_EXPIRY_SECONDS?parseInt(g.SESSION_EXPIRY_SECONDS):pe.fromDays(7).toSeconds();function mi(t,e){return`${t}/${e}`}s(mi,"makeSessionID");async function mo(t){return t?(await(await yr()).scan(t)).map(n=>n.value):(console.trace("Cannot get sessions for undefined userId"),[])}s(mo,"getSessionsForUser");async function An(t,e={}){try{let r=e?.reason||"unknown",n=e.sessionIds||[],i;if(n.length===0?i=(await mo(t)).map(a=>({key:mi(a.userId,a.sessionId)})):(n=Array.isArray(n)?n:[n],i=n.map(o=>({key:mi(t,o)}))),i&&i.length>0){let o=await yr(),a=[];for(let u of i)a.push(o.delete(u.key));g.isTest()||li(`Invalidating sessions for ${t} (reason: ${r}) - ${i.map(u=>u.key).join(", ")}`),await Promise.all(a)}}catch(r){console.error(`Error invalidating sessions: ${r}`)}}s(An,"invalidateSessions");async function BP(t,e){let r=await mo(t),n=0;if(r.length>=3){let l=r.sort((h,p)=>new Date(h.createdAt).getTime()-new Date(p.createdAt).getTime()),d=r.length-3+1,f=l.slice(0,d).map(h=>h.sessionId);n=f.length,await An(t,{sessionIds:f,reason:"session limit exceeded"})}let i=await yr(),o=e.sessionId,a=e.csrfToken?e.csrfToken:(0,hA.v4)(),u=mi(t,o),c={...e,csrfToken:a,createdAt:new Date().toISOString(),lastAccessedAt:new Date().toISOString(),userId:t};return await i.store(u,c,gA),{session:c,invalidatedSessionCount:n}}s(BP,"createASession");async function Fp(t){let e=await yr(),r=mi(t.userId,t.sessionId);t.lastAccessedAt=new Date().toISOString(),await e.store(r,t,gA)}s(Fp,"updateSessionTTL");async function WP(t,e){await(await yr()).delete(mi(t,e))}s(WP,"endSession");async function Bp(t,e){if(!t||!e)throw new Error(`Invalid session details - ${t} - ${e}`);let n=await(await yr()).get(mi(t,e));if(!n)throw new Error(`Session not found - ${t} - ${e}`);return n}s(Bp,"getSession");var gi={};P(gi,{account:()=>CA,action:()=>bA,ai:()=>xA,analytics:()=>zu,app:()=>vA,asyncEventQueue:()=>Tt,auditLog:()=>PA,auth:()=>rc,automation:()=>NA,backfill:()=>UA,backfillCache:()=>Zu,backup:()=>LA,datasource:()=>kA,email:()=>MA,environmentVariable:()=>FA,group:()=>BA,identification:()=>St,initAsyncEvents:()=>LL,installation:()=>To,layout:()=>WA,license:()=>$A,org:()=>GA,plugin:()=>VA,processors:()=>Kp,publishEvent:()=>A,query:()=>qA,resource:()=>KA,role:()=>Io,rowAction:()=>QA,rows:()=>jA,screen:()=>HA,serve:()=>YA,shutdown:()=>kL,table:()=>zA,user:()=>Fe,view:()=>JA,workspace:()=>XA});var zu={};P(zu,{enabled:()=>Yu});var Yu=s(async()=>Ju(),"enabled");var Tt;function Xu(){Tt=new Et("systemEventQueue",{jobTags:t=>({"event.name":t.event})})}s(Xu,"init");async function EA(){Tt&&await Tt.close()}s(EA,"shutdown");async function yA(t){Tt||Xu();let{event:e,identity:r}=t;nh.indexOf(e)!==-1&&r.tenantId&&await Tt.add(t)}s(yA,"publishAsyncEvent");var Zu={};P(Zu,{end:()=>GP,isAlreadySent:()=>Gp,isBackfillingEvent:()=>$p,recordEvent:()=>Wp,start:()=>$P});var $P=s(async t=>qP({eventWhitelist:t}),"start"),Wp=s(async(t,e)=>{let r=Vp(t,e);await zt(r,e,void 0,{useTenancy:!1})},"recordEvent"),GP=s(async()=>{await KP(),await QP()},"end"),VP=s(async()=>En(ye.BACKFILL_METADATA),"getBackfillMetadata"),qP=s(async t=>zt(ye.BACKFILL_METADATA,t),"saveBackfillMetadata"),KP=s(async()=>{await io(ye.BACKFILL_METADATA)},"deleteBackfillMetadata"),QP=s(async()=>{let t=Vp(),e=await Mu(t);for(let r of e)await io(r,{useTenancy:!1})},"clearEvents"),$p=s(async t=>{let r=(await VP())?.eventWhitelist;return!!(r&&r.includes(t))},"isBackfillingEvent"),Gp=s(async(t,e)=>{let r=Vp(t,e);return!!await En(r,{useTenancy:!1})},"isAlreadySent"),jP={"automation:created":t=>t.automationId,"automation:step:created":t=>t.stepId,"datasource:created":t=>t.datasourceId,"layout:created":t=>t.layoutId,"query:created":t=>t.queryId,"role:created":t=>t.roleId,"screen:created":t=>t.screenId,"table:created":t=>t.tableId,"view:created":t=>t.tableId,"view:calculation:created":t=>t.tableId,"view:filter:created":t=>t.tableId,"app:created":t=>t.appId,"app:published":t=>t.appId,"auth:sso:created":t=>t.type,"auth:sso:activated":t=>t.type,"user:created":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:builder:assigned":t=>t.userId,"role:assigned":t=>`${t.roleId}-${t.userId}`},Vp=s((t,e)=>{let r,n=$();if(t){r=`${ye.EVENTS}:${n}:${t}`;let i=jP[t],o=i?i(e):void 0;o&&(r=`${r}:${o}`)}else r=`${ye.EVENTS}:${n}:*`;return r},"getEventKey");var Kp={};P(Kp,{analyticsProcessor:()=>wA,init:()=>nN,processors:()=>Zt});var OA=require("posthog-node");var HP=s(t=>t==="served:builder"||t==="served:app:preview"||t==="served:app","isRateLimited"),YP=s(t=>t==="served:app:preview"||t==="served:app","isPerApp");var SA={"served:app":"calendarDay","served:app:preview":"calendarDay","served:builder":"calendarDay"},AA=s(async t=>{if(!HP(t))return!1;let e=await zP(t);if(e){let r=new Date(e.timestamp);switch(SA[t]){case"calendarDay":return r.setDate(r.getDate()+1),r.setHours(0,0,0,0),Date.now()>r.getTime()?(await TA(t,{timestamp:Date.now()}),!1):!0}}else return await TA(t,{timestamp:Date.now()}),!1},"limited"),_A=s(t=>{let e=`${ye.EVENTS_RATE_LIMIT}:${t}`;return YP(t)&&(e=e+":"+be()),e},"eventKey"),zP=s(async t=>{let e=_A(t);return await En(e)},"readEvent"),TA=s(async(t,e)=>{let r=_A(t),n=SA[t],i;switch(n){case"calendarDay":i=86400}await zt(r,e,i)},"recordEvent");var XP=["user:updated","email:smtp:updated","auth:sso:updated","app:updated","role:updated","datasource:updated","query:updated","view:updated","view:calculation:updated","automation:trigger:updated","user_group:updated"],ho=class{static{s(this,"PosthogProcessor")}constructor(e){if(!e)throw new Error("Posthog token is not defined");this.posthog=new OA.PostHog(e)}async processEvent(e,r,n,i){if(XP.includes(e)||await AA(e))return;n=this.clearPIIProperties(n),n.version=g.VERSION,n.service=g.SERVICE,n.environment=r.environment,n.hosting=r.hosting;let o=be();o&&(n.appId=o);let a={distinctId:r.id,event:e,properties:n};i&&(a.timestamp=new Date(i)),(r.installationId||r.tenantId)&&(a.groups={},r.installationId&&(a.groups.installation=r.installationId,a.properties.installationId=r.installationId),r.tenantId&&(a.groups.tenant=r.tenantId,a.properties.tenantId=r.tenantId)),this.posthog.capture(a)}clearPIIProperties(e){return e.email&&delete e.email,e.audited&&delete e.audited,e}async identify(e,r){let n={distinctId:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.identify(n)}async identifyGroup(e,r){let n={distinctId:e.id,groupType:e.type,groupKey:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.groupIdentify(n)}async shutdown(){await this.posthog.shutdown()}};var IA=ho;var ZP=["installation:version:upgraded","installation:version:downgraded"],eN=["installation","tenant"],go=class{static{s(this,"AnalyticsProcessor")}constructor(){g.POSTHOG_TOKEN&&!g.isTest()&&(this.posthog=new IA(g.POSTHOG_TOKEN))}async processEvent(e,r,n,i){!ZP.includes(e)&&!await Yu()||this.posthog&&await this.posthog.processEvent(e,r,n,i)}async identify(e,r){!eN.includes(e.type)&&!await Yu()||this.posthog&&await this.posthog.identify(e,r)}async identifyGroup(e,r){this.posthog&&await this.posthog.identifyGroup(e,r)}async shutdown(){this.posthog&&await this.posthog.shutdown()}};var qp=g.SELF_HOSTED&&!g.isDev(),Eo=class{static{s(this,"LoggingProcessor")}async processEvent(e,r,n){qp||console.log(`[audit] [identityType=${r.type}] ${e}`,n)}async identify(e){qp||console.log("[audit] identified",e)}async identifyGroup(e){qp||console.log("[audit] group identified",e)}async shutdown(){}};var hi=class t{static{s(this,"AuditLogsProcessor")}static{this.auditLogsEnabled=!1}static init(e){t.auditLogsEnabled=!0;let r=e;return t.auditLogQueue=new Et("auditLogQueue",{jobTags:n=>({"event.name":n.event})}),t.auditLogQueue.process(async n=>{await Ce(n.data.tenantId,async()=>{let i=n.data.properties;i.audited&&(i={...i,...i.audited},delete i.audited);let o={};g.ENABLE_AUDIT_LOG_IP_ADDR&&(o=n.data.opts.hostInfo),await r(n.data.event,i,{userId:n.data.opts.userId,timestamp:n.data.opts.timestamp,appId:n.data.opts.appId,hostInfo:o})})})}async processEvent(e,r,n,i){if(t.auditLogsEnabled&&Xf(e)){let o=r.type==="user"?r.id:void 0;await t.auditLogQueue.add({event:e,properties:n,opts:{userId:o,timestamp:i,appId:be(),hostInfo:r.hostInfo},tenantId:$()})}}async identify(){}async identifyGroup(){}async shutdown(){await t.auditLogQueue?.close()}};var yo=class{constructor(e){this.initialised=!1;this.processors=[];this.processors=e}static{s(this,"Processor")}async processEvent(e,r,n,i){for(let o of this.processors)await o.processEvent(e,r,n,i)}async identify(e,r){for(let n of this.processors)n.identify&&await n.identify(e,r)}async identifyGroup(e,r){for(let n of this.processors)n.identifyGroup&&await n.identifyGroup(e,r)}async shutdown(){for(let e of this.processors)e.shutdown&&await e.shutdown()}};var wA=new go,tN=new Eo,rN=new hi;function nN(t){return hi.init(t)}s(nN,"init");var Zt=new yo([wA,tN,rN]);var ec={};P(ec,{checkInstallVersion:()=>oN,getInstall:()=>So,getInstallFromDB:()=>jp});var Qp=B(require("semver"));var So=s(async()=>wr(ye.INSTALLATION,86400,jp,{useTenancy:!1}),"getInstall");async function iN(t){let e={_id:fe.PLATFORM_INFO.docs.install,installId:ee(),version:g.VERSION};try{let r=await t.put(e);return e._rev=r.rev,e}catch(r){if(r.status===409)return jp();throw r}}s(iN,"createInstallDoc");var jp=s(async()=>je(fe.PLATFORM_INFO.name,async t=>{let e;try{e=await t.get(fe.PLATFORM_INFO.docs.install)}catch(r){if(r.status===404)e=await iN(t);else throw r}return e}),"getInstallFromDB"),sN=s(async t=>{try{await je(fe.PLATFORM_INFO.name,async e=>{let r=await So();r.version=t,await e.put(r),await di(ye.INSTALLATION)})}catch(e){if(e.status===409)return!1;throw e}return!0},"updateVersion"),oN=s(async()=>{let t=await So(),e=t.version,r=g.VERSION;try{if(e!==r){let n=Qp.default.gt(r,e),i=Qp.default.lt(r,e);await sN(r)&&(await Cs({_id:t.installId,type:"installation"},async()=>{n?await To.upgraded(e,r):i&&await To.downgraded(e,r)}),await St.identifyInstallationGroup(t.installId))}}catch(n){n?.message?.includes("Invalid Version")?pn(`Invalid version "${r}" - is it semver?`):pn("Failed to retrieve version",n)}},"checkInstallVersion");var aN=s(async()=>{let t=lf(),e=Oo(),r;if(t?r=t.type:r="tenant",r==="installation"){let n=await _n(),i=Ao();return{id:DA(n,r),hosting:i,type:r,installationId:n,environment:e}}else if(r==="tenant"){let n=await _n(),i=await tc($()),o=Ao();return{id:DA(i,r),type:r,hosting:o,installationId:n,tenantId:i,realTenantId:$(),environment:e}}else if(r==="user"){let n=t,i=await tc($()),o=await _n(),a=n.account,u;return a?u=a.hosting:u=Ao(),{id:n._id,type:r,hosting:u,installationId:o,tenantId:i,environment:e,realTenantId:$(),hostInfo:n.hostInfo}}else throw new Error("Unknown identity type")},"getCurrentIdentity"),uN=s(async(t,e)=>{let r=t,n="installation",i=Ao(),o=g.VERSION,a=Oo(),u={id:r,type:n,hosting:i,version:o,environment:a};await Hp(u,e),await _o({...u,id:`$${n}_${r}`},e)},"identifyInstallationGroup"),cN=s(async(t,e,r,n=g.VERSION)=>{let i=await tc(t),o="tenant",a=await _n(),u=Oo(),c={id:i,type:o,hosting:e,environment:u,installationId:a,createdAt:r,createdVersion:n};await Hp(c,r),await _o({...c,id:`$${o}_${i}`},r)},"identifyTenantGroup"),lN=s(async(t,e,r)=>{let n=t._id,i=await tc(t.tenantId),o="user",a=Me(t),u=Cr(t),c;Ho(t)&&(c=t.providerType);let d=(await Ei([t.email])).length>0,f=!!e&&d&&e.verified,h=await _n(),p=e?e.hosting:Ao(),S=Oo();await _o({id:n,type:o,hosting:p,installationId:h,tenantId:i,verified:f,accountHolder:d,providerType:c,builder:a,admin:u,environment:S},r)},"identifyUser"),dN=s(async t=>{let e=t.accountId,r=t.tenantId,n="user",i=jo(t)?t.providerType:void 0,o=t.verified,a=!0,u=t.hosting,c=await _n(),l=Oo();if(Qo(t)){let f=await At(t.email);f?._id&&(e=f._id)}await _o({id:e,type:n,hosting:u,installationId:c,tenantId:r,providerType:i,verified:o,accountHolder:a,environment:l})},"identifyAccount"),_o=s(async(t,e)=>{await Zt.identify(t,e)},"identify"),Hp=s(async(t,e)=>{await Zt.identifyGroup(t,e)},"identifyGroup"),Oo=s(()=>g.isDev()?"development":g.DEPLOYMENT_ENVIRONMENT,"getDeploymentEnvironment"),Ao=s(()=>g.SELF_HOSTED?"self":"cloud","getHostingFromEnv"),_n=s(async()=>fN()?"account-portal":(await So()).installId,"getInstallationId"),tc=s(async t=>g.SELF_HOSTED?RA(t):t,"getEventTenantId"),RA=s(async t=>Ce(t,()=>wr(ye.UNIQUE_TENANT_ID,86400,async()=>{let e=Y(),r=await Ti(),n;return r.config.uniqueTenantId?r.config.uniqueTenantId:(n=`${ee()}_${t}`,r.config.uniqueTenantId=n,r.config.createdVersion=g.VERSION,await e.put(r),n)})),"getUniqueTenantId"),fN=s(()=>g.SERVICE==="account-portal","isAccountPortal"),DA=s((t,e)=>e==="installation"||e==="tenant"?`$${e}_${t}`:t,"formatDistinctId"),St={getCurrentIdentity:aN,identifyInstallationGroup:uN,identifyTenantGroup:cN,identifyUser:lN,identifyAccount:dN,identify:_o,identifyGroup:Hp,getInstallationId:_n,getUniqueTenantId:RA};var A=s(async(t,e,r,n)=>{let i=n||await St.getCurrentIdentity();if(!(n?!1:await $p(t))){await yA({event:t,identity:i,properties:e,timestamp:r}),await Zt.processEvent(t,i,e,r);return}await Gp(t,e)||(await Zt.processEvent(t,i,e,r),await Wp(t,e))},"publishEvent");async function pN(t,e){let r={tenantId:t.tenantId};await A("account:created",r,void 0,e)}s(pN,"created");async function mN(t){let e={tenantId:t.tenantId};await A("account:deleted",e)}s(mN,"deleted");async function hN(t){let e={tenantId:t.tenantId};await A("account:verified",e)}s(hN,"verified");var CA={created:pN,deleted:mN,verified:hN};async function gN(t,e){console.info("action:automation_step:executed",`disabled. Action step ${t.stepId} not published at ${e}`)}s(gN,"automationStepExecuted");async function EN(t,e){console.info("action:automation_step:executed",`disabled. Action type ${t.type} not published at ${e}`)}s(EN,"crudExecuted");async function yN(t,e){console.info("action:automation_step:executed",`disabled. Execution for ai agent ${t.agentId} not published at ${e}`)}s(yN,"aiAgentExecuted");var bA={aiAgentExecuted:yN,automationStepExecuted:gN,crudExecuted:EN};async function TN(t){let e={};await A("ai:config:created",e,t)}s(TN,"AIConfigCreated");async function SN(){let t={};await A("ai:config:updated",t)}s(SN,"AIConfigUpdated");var xA={AIConfigCreated:TN,AIConfigUpdated:SN};var AN=s(async(t,e)=>{let r={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:created",r,e)},"created");async function _N(t){let e={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:updated",e)}s(_N,"updated");async function ON(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:deleted",e)}s(ON,"deleted");async function IN(t,e){let r={appId:t.appId,audited:{name:t.name}};await A("app:published",r,e)}s(IN,"published");async function wN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:unpublished",e)}s(wN,"unpublished");async function DN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:file:imported",e)}s(DN,"fileImported");async function RN(t,e){let r={duplicateAppId:e,appId:t.appId,audited:{name:t.name}};await A("app:duplicated",r)}s(RN,"duplicated");async function CN(t,e){let r={appId:t.appId,templateKey:e,audited:{name:t.name}};await A("app:template:imported",r)}s(CN,"templateImported");async function bN(t,e,r){let n={appId:t.appId,currentVersion:e,updatedToVersion:r,audited:{name:t.name}};await A("app:version:updated",n)}s(bN,"versionUpdated");async function xN(t,e,r){let n={appId:t.appId,currentVersion:e,revertedToVersion:r,audited:{name:t.name}};await A("app:version:reverted",n)}s(xN,"versionReverted");async function vN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:reverted",e)}s(vN,"reverted");async function PN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:exported",e)}s(PN,"exported");var vA={created:AN,updated:_N,deleted:ON,published:IN,unpublished:wN,fileImported:DN,duplicated:RN,templateImported:CN,versionUpdated:bN,versionReverted:xN,reverted:vN,exported:PN};async function NN(t){let e={filters:t};await A("audit_log:filtered",e)}s(NN,"filtered");async function UN(t){let e={filters:t};await A("audit_log:downloaded",e)}s(UN,"downloaded");var PA={filtered:NN,downloaded:UN};async function LN(t,e){let n={userId:(await St.getCurrentIdentity()).id,source:t,audited:{email:e}};await A("auth:login",n)}s(LN,"login");async function kN(t){let r={userId:(await St.getCurrentIdentity()).id,audited:{email:t}};await A("auth:logout",r)}s(kN,"logout");async function MN(t,e){let r={type:t};await A("auth:sso:created",r,e)}s(MN,"SSOCreated");async function FN(t){let e={type:t};await A("auth:sso:updated",e)}s(FN,"SSOUpdated");async function BN(t,e){let r={type:t};await A("auth:sso:activated",r,e)}s(BN,"SSOActivated");async function WN(t){let e={type:t};await A("auth:sso:deactivated",e)}s(WN,"SSODeactivated");var rc={login:LN,logout:kN,SSOCreated:MN,SSOUpdated:FN,SSOActivated:BN,SSODeactivated:WN};async function $N(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:created",r,e)}s($N,"created");async function GN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:trigger:updated",e)}s(GN,"triggerUpdated");async function VN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:deleted",e)}s(VN,"deleted");async function qN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:tested",e)}s(qN,"tested");var KN=s(async(t,e)=>{let r={count:t};await A("automations:run",r,e)},"run");async function QN(t,e,r){let n={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:created",n,r)}s(QN,"stepCreated");async function jN(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:deleted",r)}s(jN,"stepDeleted");var NA={created:$N,triggerUpdated:GN,deleted:VN,tested:qN,run:KN,stepCreated:QN,stepDeleted:jN};var Si=!g.SELF_HOSTED&&!g.isDev();async function HN(t){Si||await A("app:backfill:succeeded",t)}s(HN,"appSucceeded");async function YN(t){if(Si)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("app:backfill:failed",e)}s(YN,"appFailed");async function zN(t){Si||await A("tenant:backfill:succeeded",t)}s(zN,"tenantSucceeded");async function JN(t){if(Si)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("tenant:backfill:failed",e)}s(JN,"tenantFailed");async function XN(){if(Si)return;let t={};await A("installation:backfill:succeeded",t)}s(XN,"installationSucceeded");async function ZN(t){if(Si)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("installation:backfill:failed",e)}s(ZN,"installationFailed");var UA={appSucceeded:HN,appFailed:YN,tenantSucceeded:zN,tenantFailed:JN,installationSucceeded:XN,installationFailed:ZN};async function eU(t){let e={appId:t.appId,restoreId:t._id,backupCreatedAt:t.timestamp,name:t.name};await A("app:backup:restored",e)}s(eU,"workspaceBackupRestored");async function tU(t,e,r,n,i){let o={appId:t,backupId:e,type:r,trigger:n,name:i};await A("app:backup:triggered",o)}s(tU,"workspaceBackupTriggered");var LA={workspaceBackupRestored:eU,workspaceBackupTriggered:tU};function Yp(t){return!Object.values(Go).includes(t.source)}s(Yp,"isCustom");async function rU(t,e){let r={datasourceId:t._id,source:t.source,custom:Yp(t)};await A("datasource:created",r,e)}s(rU,"created");async function nU(t){let e={datasourceId:t._id,source:t.source,custom:Yp(t)};await A("datasource:updated",e)}s(nU,"updated");async function iU(t){let e={datasourceId:t._id,source:t.source,custom:Yp(t)};await A("datasource:deleted",e)}s(iU,"deleted");var kA={created:rU,updated:nU,deleted:iU};async function sU(t){let e={};await A("email:smtp:created",e,t)}s(sU,"SMTPCreated");async function oU(){let t={};await A("email:smtp:updated",t)}s(oU,"SMTPUpdated");var MA={SMTPCreated:sU,SMTPUpdated:oU};async function aU(t,e){let r={name:t,environments:e};await A("environment_variable:created",r)}s(aU,"created");async function uU(t){let e={name:t};await A("environment_variable:deleted",e)}s(uU,"deleted");async function cU(t){let e={userId:t};await A("environment_variable:upgrade_panel_opened",e)}s(cU,"upgradePanelOpened");var FA={created:aU,deleted:uU,upgradePanelOpened:cU};async function lU(t,e){let r={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:created",r,e)}s(lU,"created");async function dU(t){let e={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:updated",e)}s(dU,"updated");async function fU(t){let e={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:deleted",e)}s(fU,"deleted");async function pU(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:gt(),audited:{name:e.name}};await A("user_group:user_added",n)}s(pU,"usersAdded");async function mU(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:gt(),audited:{name:e.name}};await A("user_group:users_deleted",n)}s(mU,"usersDeleted");async function hU(t){let e={groupId:t,onboarding:!0};await A("user_group:onboarding_added",e)}s(hU,"createdOnboarding");async function gU(t){let e={permissions:t.roles,groupId:t._id,audited:{name:t.name}};await A("user_group:permissions_edited",e)}s(gU,"permissionsEdited");var BA={created:lU,updated:dU,deleted:fU,usersAdded:pU,usersDeleted:mU,createdOnboarding:hU,permissionsEdited:gU};async function EU(t){let e={currentVersion:t};await A("installation:version:checked",e)}s(EU,"versionChecked");async function yU(t,e){let r={from:t,to:e};await A("installation:version:upgraded",r)}s(yU,"upgraded");async function TU(t,e){let r={from:t,to:e};await A("installation:version:downgraded",r)}s(TU,"downgraded");async function SU(){let t={};await A("installation:firstStartup",t)}s(SU,"firstStartup");var To={versionChecked:EU,upgraded:yU,downgraded:TU,firstStartup:SU};async function AU(t,e){let r={layoutId:t._id};await A("layout:created",r,e)}s(AU,"created");async function _U(t){let e={layoutId:t};await A("layout:deleted",e)}s(_U,"deleted");var WA={created:AU,deleted:_U};async function OU(t,e){let r={accountId:t.accountId,...e};await A("license:plan:changed",r)}s(OU,"planChanged");async function IU(t){let e={accountId:t.accountId};await A("license:activated",e)}s(IU,"activated");async function wU(t){let e={accountId:t.accountId};await A("license:checkout:opened",e)}s(wU,"checkoutOpened");async function DU(t){let e={accountId:t.accountId};await A("license:checkout:success",e)}s(DU,"checkoutSuccess");async function RU(t){let e={accountId:t.accountId};await A("license:portal:opened",e)}s(RU,"portalOpened");async function CU(t){let e={accountId:t.accountId};await A("license:payment:failed",e)}s(CU,"paymentFailed");async function bU(t){let e={accountId:t.accountId};await A("license:payment:recovered",e)}s(bU,"paymentRecovered");var $A={planChanged:OU,activated:IU,checkoutOpened:wU,checkoutSuccess:DU,portalOpened:RU,paymentFailed:CU,paymentRecovered:bU};async function xU(t){let e={};await A("org:info:name:updated",e,t)}s(xU,"nameUpdated");async function vU(t){let e={};await A("org:info:logo:updated",e,t)}s(vU,"logoUpdated");async function PU(t){let e={};await A("org:platformurl:updated",e,t)}s(PU,"platformURLUpdated");async function NU(){let t={};await A("analytics:opt:out",t)}s(NU,"analyticsOptOut");async function UU(){let t={};await A("analytics:opt:out",t)}s(UU,"analyticsOptIn");var GA={nameUpdated:xU,logoUpdated:vU,platformURLUpdated:PU,analyticsOptOut:NU,analyticsOptIn:UU};async function LU(t){let e={type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:init",e)}s(LU,"init");async function kU(t){let e={pluginId:t._id,type:t.schema.type,source:t.source,name:t.name,description:t.description,version:t.version};await A("plugin:imported",e)}s(kU,"imported");async function MU(t){let e={pluginId:t._id,type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:deleted",e)}s(MU,"deleted");var VA={init:LU,imported:kU,deleted:MU};var FU=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:created",n,r)},"created"),BU=s(async(t,e)=>{let r={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:updated",r)},"updated"),WU=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb,appId:r};await A("query:deleted",n)},"deleted"),$U=s(async(t,e,r)=>{let n={datasourceId:t._id,source:t.source,count:r,importSource:e};await A("query:import",n)},"imported"),GU=s(async(t,e)=>{let r={count:t};await A("queries:run",r,e)},"run"),VU=s(async(t,e)=>{let r={queryId:e.queryId,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:previewed",r)},"previewed"),qA={created:FU,updated:BU,deleted:WU,imported:$U,run:GU,previewed:VU};async function qU({resource:t,fromWorkspace:e,toWorkspace:r},n){let i={resource:t,fromWorkspace:e,toWorkspace:r};await A("resource:copied_to_workspace",i,n)}s(qU,"duplicatedToWorkspace");var KA={duplicatedToWorkspace:qU};async function KU(t,e){let r={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:created",r,e)}s(KU,"created");async function QU(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:updated",e)}s(QU,"updated");async function jU(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:deleted",e)}s(jU,"deleted");async function HU(t,e,r){let n={userId:t._id,roleId:e};await A("role:assigned",n,r)}s(HU,"assigned");async function YU(t,e){let r={userId:t._id,roleId:e};await A("role:unassigned",r)}s(YU,"unassigned");var Io={created:KU,updated:QU,deleted:jU,assigned:HU,unassigned:YU};async function zU(t,e){await A("row_action:created",t,e)}s(zU,"created");var QA={created:zU};var JU=s(async(t,e)=>{let r={count:t};await A("rows:created",r,e)},"created"),XU=s(async(t,e)=>{let r={tableId:t._id,count:e};await A("rows:imported",r)},"imported"),jA={created:JU,imported:XU};async function ZU(t,e){let r={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:created",r,e)}s(ZU,"created");async function eL(t){let e={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:deleted",e)}s(eL,"deleted");var HA={created:ZU,deleted:eL};async function tL(t){let e={timezone:t};await A("served:builder",e)}s(tL,"servedBuilder");async function rL(t,e,r){let n={appVersion:t.version,timezone:e,embed:r===!0};await A("served:app",n)}s(rL,"servedApp");async function nL(t,e){let r={appId:t.appId,appVersion:t.version,timezone:e};await A("served:app:preview",r)}s(nL,"servedAppPreview");var YA={servedBuilder:tL,servedApp:rL,servedAppPreview:nL};async function iL(t,e){let r={tableId:t._id,audited:{name:t.name}};await A("table:created",r,e)}s(iL,"created");async function sL(t,e){let r,n;for(let o in e.schema)if(!t.schema[o]){let a=e.schema[o];"default"in a&&a.default!=null&&(r=!0),a.type==="ai"&&(n=a.operation)}let i={tableId:e._id,defaultValues:r,aiColumn:n,audited:{name:e.name}};(r||n)&&await A("table:updated",i)}s(sL,"updated");async function oL(t,e){let r={tableId:t._id,audited:{name:t.name},appId:e};await A("table:deleted",r)}s(oL,"deleted");async function aL(t,e){let r={tableId:t._id,format:e,audited:{name:t.name}};await A("table:exported",r)}s(aL,"exported");async function uL(t){let e={tableId:t._id,audited:{name:t.name}};await A("table:imported",e)}s(uL,"imported");var zA={created:iL,updated:sL,deleted:oL,exported:aL,imported:uL};async function cL(t,e){let r={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:created",r,e)}s(cL,"created");async function lL(t){let e={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:updated",e)}s(lL,"updated");async function dL(t){let e={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:deleted",e)}s(dL,"deleted");async function fL(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:admin:assigned",r,e)}s(fL,"permissionAdminAssigned");async function pL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:admin:removed",e)}s(pL,"permissionAdminRemoved");async function mL(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:builder:assigned",r,e)}s(mL,"permissionBuilderAssigned");async function hL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:builder:removed",e)}s(hL,"permissionBuilderRemoved");async function gL(t){let e={audited:{email:t}};await A("user:invited",e)}s(gL,"invited");async function EL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:invite:accepted",e)}s(EL,"inviteAccepted");async function yL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:force:reset",e)}s(yL,"passwordForceReset");async function TL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:updated",e)}s(TL,"passwordUpdated");async function SL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset:requested",e)}s(SL,"passwordResetRequested");async function AL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset",e)}s(AL,"passwordReset");async function _L(t){let e={users:t};await A("user:data:collaboration",e)}s(_L,"dataCollaboration");var Fe={created:cL,updated:lL,deleted:dL,permissionAdminAssigned:fL,permissionAdminRemoved:pL,permissionBuilderAssigned:mL,permissionBuilderRemoved:hL,invited:gL,inviteAccepted:EL,passwordForceReset:yL,passwordUpdated:TL,passwordResetRequested:SL,passwordReset:AL,dataCollaboration:_L};async function OL(t,e){let r={name:t.name,type:t.type,tableId:t.tableId};await A("view:created",r,e)}s(OL,"created");async function IL(t){let e={tableId:t.tableId};await A("view:updated",e)}s(IL,"updated");async function wL(t,e){let r={...Ue.views.isV2(t)?{id:t.id,tableId:t.tableId,appId:e}:{}};await A("view:deleted",r)}s(wL,"deleted");async function DL(t,e){let r={tableId:t._id,format:e};await A("view:exported",r)}s(DL,"exported");async function RL({tableId:t,filterGroups:e},r){let n={tableId:t,filterGroups:e};await A("view:filter:created",n,r)}s(RL,"filterCreated");async function CL({tableId:t,filterGroups:e}){let r={tableId:t,filterGroups:e};await A("view:filter:updated",r)}s(CL,"filterUpdated");async function bL(t){let e={tableId:t.tableId};await A("view:filter:deleted",e)}s(bL,"filterDeleted");async function xL({tableId:t,calculationType:e},r){let n={tableId:t,calculation:e};await A("view:calculation:created",n,r)}s(xL,"calculationCreated");async function vL(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:updated",e)}s(vL,"calculationUpdated");async function PL(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:deleted",e)}s(PL,"calculationDeleted");async function NL(t,e){let r={tableId:t};await A("view:join:created",r,e)}s(NL,"viewJoinCreated");var JA={created:OL,updated:IL,deleted:wL,exported:DL,filterCreated:RL,filterUpdated:CL,filterDeleted:bL,calculationCreated:xL,calculationUpdated:vL,calculationDeleted:PL,viewJoinCreated:NL};async function UL(t,e){let r={workspaceAppId:t._id,audited:{name:t.name},appId:e};await A("workspace_app:deleted",r)}s(UL,"deleted");var XA={deleted:UL};function LL(){}s(LL,"initAsyncEvents");var kL=s(async()=>{await Zt.shutdown(),console.log("Events shutdown")},"shutdown");var Jp={};P(Jp,{creatorsInList:()=>On,getAccountHolderFromUsers:()=>ac,hasAdminPermissions:()=>Cr,hasAppBuilderPermissions:()=>n_,hasBuilderPermissions:()=>Me,isAdmin:()=>xt,isAdminOrBuilder:()=>r_,isAdminOrWorkspaceBuilder:()=>ic,isBuilder:()=>Ai,isCreatorAsync:()=>Do,isCreatorSync:()=>sc,isGlobalBuilder:()=>t_,validateUniqueUser:()=>oc});async function zp(t){let e=[],r=await ZA(t);e.push(...r.map(a=>a.email));let n=await e_(t);e.push(...n.map(a=>a._id));let i=await Ei(t);e.push(...i.map(a=>a.email));let o=await Cp(t);return e.push(...o.map(a=>a.email)),[...new Set(e.map(a=>a.toLowerCase()))]}s(zp,"searchExistingEmails");async function nc(t){return await $s("platform_users_lowercase_2",{keys:[t.toLowerCase()],include_docs:!0})}s(nc,"getPlatformUsers");async function wo(t){return(await nc(t))[0]??null}s(wo,"getFirstPlatformUser");async function ZA(t){let r={keys:t.map(i=>i.toLowerCase()),include_docs:!0},n={arrayResponse:!0};return await Kt("by_email2",r,void 0,n)}s(ZA,"getExistingTenantUsers");async function e_(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await $s("platform_users_lowercase_2",r)}s(e_,"getExistingPlatformUsers");async function Ei(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await $s("account_by_email",r)}s(Ei,"getExistingAccounts");var Ai=Le.users.isBuilder,xt=Le.users.isAdmin,t_=Le.users.isGlobalBuilder,r_=Le.users.isAdminOrBuilder,Cr=Le.users.hasAdminPermissions,Me=Le.users.hasBuilderPermissions,n_=Le.users.hasAppBuilderPermissions,ic=Le.users.isAdminOrWorkspaceBuilder;async function On(t,e){let r=[...new Set(t.filter(i=>i.userGroups).flatMap(i=>i.userGroups))];return e=await Y().getMultiple(r,{allowMissing:!0}),t.map(i=>sc(i,e))}s(On,"creatorsInList");async function Do(t){let e=[];return t.userGroups&&(e=await Y().getMultiple(t.userGroups)),sc(t,e)}s(Do,"isCreatorAsync");function sc(t,e){let r=Le.users.isCreator(t);return!r&&t?ML(t,e):r}s(sc,"isCreatorSync");function ML(t,e){let r=e?.filter(n=>t.userGroups?.indexOf(n._id)!==-1);return r&&r.length>0?r.some(n=>Object.values(n.roles||{}).includes("CREATOR")):!1}s(ML,"isCreatorByGroupMembership");async function oc(t,e){if(g.MULTI_TENANCY){let r=await wo(t);if(r!=null&&r.tenantId!==e)throw new Jt(t)}if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let r=await Rr(t);if(r&&r.verified&&r.tenantId!==e)throw new Jt(t)}}s(oc,"validateUniqueUser");async function ac(t){if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let e=await Ei(t.map(r=>r.email));return t.find(r=>e.map(n=>n.email).includes(r.email))}}s(ac,"getAccountHolderFromUsers");var Xp=s(async t=>{await Fe.deleted(t),Me(t)&&await Fe.permissionBuilderRemoved(t),Cr(t)&&await Fe.permissionAdminRemoved(t)},"handleDeleteEvents"),FL=s(async(t,e,r)=>{for(let[n,i]of Object.entries(e))(!r||r[n]!==i)&&await Io.assigned(t,i)},"assignAppRoleEvents"),BL=s(async(t,e,r)=>{if(r)for(let[n,i]of Object.entries(r))(!e||e[n]!==i)&&await Io.unassigned(t,i)},"unassignAppRoleEvents"),WL=s(async(t,e)=>{let r=t.roles,n=e?.roles;await FL(t,r,n),await BL(t,r,n)},"handleAppRoleEvents"),Zp=s(async(t,e,r)=>{let n=r;!n&&!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL&&(n=await pi($())),await St.identifyUser(t,n),e?(await Fe.updated(t),GL(t,e)&&await Fe.permissionBuilderRemoved(t),qL(t,e)&&await Fe.permissionAdminRemoved(t),!e.forceResetPassword&&t.forceResetPassword&&t.password&&await Fe.passwordForceReset(t),t.password!==e.password&&await Fe.passwordUpdated(t)):await Fe.created(t),$L(t,e)&&await Fe.permissionBuilderAssigned(t),VL(t,e)&&await Fe.permissionAdminAssigned(t),await WL(t,e)},"handleSaveEvents"),$L=s((t,e)=>i_(t,e,Me),"isAddingBuilder"),GL=s((t,e)=>s_(t,e,Me),"isRemovingBuilder"),VL=s((t,e)=>i_(t,e,Cr),"isAddingAdmin"),qL=s((t,e)=>s_(t,e,Cr),"isRemovingAdmin"),i_=s((t,e,r)=>!(!r(t)||e&&r(e)),"isAddingPermission"),s_=s((t,e,r)=>!(r(t)||!e||!r(e)),"isRemovingPermission");var QL=s(async t=>{let e=t._id;await yt.removeUser(t),await Xp(t),await br.invalidateUser(e),await An(e,{reason:"bulk-deletion"})},"bulkDeleteProcessing"),vt=class t{static{s(this,"UserDB")}static init(e,r,n){t.quotas=e,t.groups=r,t.features=n}static async isPreventPasswordActions(e,r){return g.ENABLE_SSO_MAINTENANCE_MODE&&xt(e)?!1:await t.features.isSSOEnforced()||Ho(e)?!0:(r||(r=await pi($())),!!(r&&r.email===e.email&&jo(r)))}static async buildUser(e,r={hashPassword:!0,requirePassword:!0},n,i,o){let{password:a,_id:u}=e;i&&!i.password&&(r.requirePassword=!1);let c;if(a&&a!==i?.password){if(await t.isPreventPasswordActions(e,o))throw new ke("Password change is disabled for this user",400);if(!r.skipPasswordValidation){let f=kp(a);if(!f.valid)throw new ke(f.error,400)}c=r.hashPassword?await uf(a):a}else i&&(c=i.password);let l=r.requirePassword&&!await t.features.isSSOEnforced();if(!c&&l)throw"Password must be specified.";u=u||ni();let d={createdAt:Date.now(),...i,...e,_id:u,password:c,tenantId:n};return d.roles||(d.roles={}),d.status==null&&(d.status="active"),d}static async allUsers(){return(await Y().allDocs(un(null,{include_docs:!0}))).rows.map(n=>n.doc)}static async countUsersByWorkspace(e){if(typeof e!="string"||!e)throw new Error("Must provide a string based workspace ID");return{userCount:(await Gs("by_app",ii(e,{include_docs:!1}))).rows.length}}static async getUsersByAppAccess(e){return await em(e.appId,{limit:e.limit||50})}static async getUserByEmail(e){return At(e)}static async getUser(e){let r=await In(e);return r&&delete r.password,r}static async bulkGet(e){return await uc(e)}static async bulkUpdate(e){return await Ro(e)}static async save(e,r={}){r.hashPassword==null&&(r.hashPassword=!0),r.requirePassword==null&&(r.requirePassword=!0);let n=$(),i=Y(),{email:o,_id:a,userGroups:u=[],roles:c}=e;if(!o&&!a)throw new Error("_id or email is required");let l;if(a)try{if(l=await In(a),o&&l.email!==o&&!r.allowChangingEmail)throw new Error("Email address cannot be changed")}catch(m){if(m.status!==404)throw m}if(!l&&o&&(l=await At(o),l&&l._id!==a))throw new Jt(o);let d=1,f=0;if((r.isAccountHolder||l)&&(d=0,f=1),l){let[m,E]=await On([l,e]);f=m!==E?1:0}let h=!l,p=!!l&&!!o&&l.email!==o,S=!r.isAccountHolder&&!!o&&(h||p);return t.quotas.addUsers(d,f,async()=>{S&&await oc(o,n);let m=await t.buildUser(e,r,n,l);r.currentUserId&&r.currentUserId===l?._id&&(m=tm(m,l)),!l&&c?.length&&(m.roles={...c});let E=[];if(!a&&u.length>0)for(let y of u)E.push(t.groups.addUsers(y,[m._id]));try{let y=await i.put(m);return m._rev=y.rev,await Zp(m,l),l&&m.email!==l.email&&await yt.removeUser({email:l.email}),await yt.addUser(n,m._id,m.email,m.ssoId),await br.invalidateUser(y.id),await Promise.all(E),i.get(m._id)}catch(y){throw y.status===409?"User exists already":y}})}static async bulkCreate(e,r){let n=$(),i=[],o=[],a=[],u=e.map(h=>h.email),c=await zp(u),l=[];for(let h of e){let p=o.find(m=>m.email.toLowerCase()===h.email.toLowerCase()),S=c.includes(h.email.toLowerCase());if(p||S){l.push({email:h.email,reason:"Unavailable"});continue}h.userGroups=r||[],o.push(h),await Do(h)&&a.push(h)}let d=await pi(n),f=await t.features.isSSOEnforced();return t.quotas.addUsers(o.length,a.length,async()=>{for(let S of o)f&&delete S.password,i.push(t.buildUser(S,{hashPassword:!0,requirePassword:!f},n,void 0,d));let h=await Promise.all(i);await Ro(h);for(let S of h)await yt.addUser(n,S._id,S.email),await Zp(S,void 0,d);let p=h.map(S=>({_id:S._id,email:S.email}));if(Array.isArray(p)&&r){let S=[],m=p.map(E=>E._id);for(let E of r)S.push(t.groups.addUsers(E,m));await Promise.all(S)}return{successful:p,unsuccessful:l}})}static async bulkDelete(e){let r=Y(),n={successful:[],unsuccessful:[]},i=await ac(e);i&&(e=e.filter(p=>p.userId!==i.userId),n.unsuccessful.push({_id:i.userId,email:i.email,reason:"Account holder cannot be deleted"}));let a=(await r.allDocs({include_docs:!0,keys:e.map(p=>p.userId)})).rows.map(p=>p.doc),u=a.map(p=>({...p,_deleted:!0})),c=await Ro(u),d=(await On(a)).filter(p=>p).length,f=[];for(let p of a){let m=(await wo(p._id)).ssoId;m&&(await nc(m)).filter(y=>y.ssoId==null).forEach(y=>{f.push({...y,_deleted:!0})}),await QL(p)}await Dr().bulkDocs(f),await t.quotas.removeUsers(u.length,d);let h={};return a.reduce((p,S)=>(p[S._id]=S,p),h),c.forEach(p=>{let S=h[p.id].email;p.ok?n.successful.push({_id:p.id,email:S}):n.unsuccessful.push({_id:p.id,email:S,reason:"Database error"})}),n}static async destroy(e){let r=Y(),n=await r.get(e),i=n._id;if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let a=n.email;if(await Rr(a))throw n.userId===Gt()._id?new ke('Please visit "Account" to delete this user',400):new ke("Account holder cannot be deleted",400)}await yt.removeUser(n),await r.remove(i,n._rev);let o=await Do(n)?1:0;await t.quotas.removeUsers(1,o),await Xp(n),await br.invalidateUser(i),await An(i,{reason:"deletion"})}static async createAdminUser(e,r,n){let i=n?.password,o={email:e,password:i,createdAt:Date.now(),roles:{},builder:{global:!0},admin:{global:!0},tenantId:r,firstName:n?.firstName,lastName:n?.lastName};return n?.ssoId&&(o.ssoId=n.ssoId),await di(ye.CHECKLIST),await t.save(o,{hashPassword:n?.hashPassword,requirePassword:n?.requirePassword,skipPasswordValidation:n?.skipPasswordValidation,isAccountHolder:!0})}static async getGroups(e){return await this.groups.getBulk(e)}static async getGroupBuilderAppIds(e){return await this.groups.getGroupBuilderAppIds(e)}};function bo(t){return Array.isArray(t)?t.map(e=>{if(e)return delete e.password,e}):t&&(delete t.password,t)}s(bo,"removeUserPassword");async function uc(t,e){let n=(await Y().allDocs({keys:t,include_docs:!0})).rows.map(i=>i.doc);return e?.cleanup&&(n=bo(n)),n}s(uc,"bulkGetGlobalUsersById");async function HL(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${Pe}`})).rows.map(n=>n.id)}s(HL,"getAllUserIds");async function YL(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${Pe}`,include_docs:!0})).rows.map(n=>n.doc)}s(YL,"getAllUsers");async function Ro(t){return await Y().bulkDocs(t)}s(Ro,"bulkUpdateGlobalUsers");async function In(t,e){let n=await Y().get(t);return e?.cleanup&&(n=bo(n)),n}s(In,"getById");async function At(t,e){if(t==null)throw"Must supply an email address to view";let r=await Kt("by_email2",{key:t.toLowerCase(),include_docs:!0});if(Array.isArray(r))throw new Error(`Multiple users found with email address: ${t}`);let n=r;return e?.cleanup&&(n=bo(n)),n}s(At,"getGlobalUserByEmail");async function zL(t){try{let e=await At(t);if(Array.isArray(e)||e!=null)return!0}catch{return!1}return!1}s(zL,"doesUserExist");async function o_(t,e,r){if(typeof t!="string")throw new Error("Must provide a string based workspace ID");let n=ii(t,{include_docs:!0});n.startkey=e&&e.startkey?e.startkey:n.startkey;let i=await Kt("by_app",n);i||(i=[]);let o=Array.isArray(i)?i:[i];return r?.cleanup&&(o=bo(o)),o}s(o_,"searchGlobalUsersByApp");async function em(t,e){let r=`roles.${t}`,n=[{"builder.global":!0},{"admin.global":!0}];if(t){let a={[r]:{$exists:!0}};n.push(a)}return(await Y().find({selector:{$or:n,_id:{$regex:"^us_"}},limit:e?.limit||50})).docs}s(em,"searchGlobalUsersByAppAccess");function a_(t,e){if(e)return Eu(He(t),e._id)}s(a_,"getGlobalUserByAppPage");async function u_(t,e,r){if(typeof t!="string")throw new Error("Must provide a string to search by");let n=t.toLowerCase(),i=e&&e.startkey?e.startkey:n,o=await Kt("by_email2",{...e,startkey:i,endkey:`${n}${Pe}`});o||(o=[]);let a=Array.isArray(o)?o:[o];return r?.cleanup&&(a=bo(a)),a}s(u_,"searchGlobalUsersByEmail");var JL=8;async function c_({bookmark:t,query:e,appId:r,limit:n}={}){let i=Y(),o=n??JL,u={include_docs:!0,limit:o+1};t&&(u.startkey=t);let c,l="_id",d;return e?.equal?._id?c=[await In(e.equal._id)]:r?(c=await o_(r,u),d=s(f=>a_(r,f),"getKey")):e?.string?.email?(c=await u_(e?.string?.email,u),l="email"):e?.oneOf?._id?c=await uc(e?.oneOf?._id,{cleanup:!0}):e?(c=(await i.allDocs(un(null,{...u,limit:void 0}))).rows.map(h=>h.doc),c=mr.search(c,{query:e,limit:u.limit}).rows):c=(await i.allDocs(un(null,u))).rows.map(h=>h.doc),qf(c,o,{paginate:!0,property:l,getKey:d})}s(c_,"paginatedUsers");async function XL(){return(await Gs("by_email2",{limit:0,include_docs:!1})).total_rows}s(XL,"getUserCount");async function ZL(){let t=0;async function e(r){let n=await c_({bookmark:r}),i=await On(n.data);t+=i.filter(o=>o).length,n.hasNextPage&&await e(n.nextPage)}return s(e,"iterate"),await e(),t}s(ZL,"getCreatorCount");function e0(t){return delete t.admin,delete t.builder,t}s(e0,"removePortalUserPermissions");function tm(t,e){return delete t.admin,delete t.builder,delete t.roles,e&&(t.admin=e.admin,t.builder=e.builder,t.roles=e.roles),t}s(tm,"cleanseUserObject");async function t0(t,e){let r=He(e);t.builder??={},t.builder.creator=!0,t.builder.apps??=[],t.builder.apps.push(r),await vt.save(t,{hashPassword:!1})}s(t0,"addAppBuilder");async function r0(t,e){let r=He(e);t.builder&&t.builder.apps?.includes(r)&&(t.builder.apps=t.builder.apps.filter(n=>n!==r)),await vt.save(t,{hashPassword:!1})}s(r0,"removeAppBuilder");var l_=3600;async function n0(t,e){let n=await Yf(e).get(t);if(n.budibaseAccess=!0,!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let i=await Rr(n.email);i&&(n.account=i,n.accountPortalAccess=!0)}return n}s(n0,"populateFromDB");async function i0(t){let e=await vt.bulkGet(t),r=t.filter((i,o)=>!e[o]),n=e.filter(i=>i);return await Promise.all(n.map(async i=>{if(i.budibaseAccess=!0,!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let o=await Rr(i.email);o&&(i.account=o,i.accountPortalAccess=!0)}})),r.length?{users:n,notFoundIds:r}:{users:n}}s(i0,"populateUsersFromDB");async function xo({userId:t,tenantId:e,email:r,populateUser:n}){if(n||(n=n0),!e)try{e=$()}catch{e=await yt.lookupTenantId(t)}let i=await Us(),o=await i.get(t);return o||(o=await n(t,e,r),await i.store(t,o,l_)),o&&!o.tenantId&&e&&(o.tenantId=e),o.userGroups&&!Le.users.isGlobalBuilder(o)&&await Ce(e,async()=>{let a=await vt.getGroupBuilderAppIds(o);if(a.length){let u=o.builder?.apps||[];o.builder={apps:[...new Set(u.concat(a))]}}}),o}s(xo,"getUser");async function s0(t){let e=await Us(),r=await e.bulkGet(t),n=t.filter(a=>!r[a]),i=Object.values(r).filter(a=>!!a),o;if(n.length){let a=await i0(n);o=a.notFoundIds;for(let u of a.users)await e.store(u._id,u,l_);i.push(...a.users)}return{users:i,notFoundIds:o}}s(s0,"getUsers");async function vo(t){await(await Us()).delete(t)}s(vo,"invalidateUser");var sm={};P(sm,{Writethrough:()=>nm});var d_=1e4,rm=null;async function cc(){if(!rm){let t=await Mf();rm=new mn(t)}return rm}s(cc,"getCache");function Po(t,e){return t.name+e}s(Po,"makeCacheKey");function im(t,e=null){return{doc:t,lastWrite:e||Date.now()}}s(im,"makeCacheItem");async function o0(t,e,r=d_){let n=await cc(),i=e._id,o;i&&(o=await n.get(Po(t,i)));let a=!o||o.lastWrite<Date.now()-r,u=e;return a&&((await oo({type:"try_once",name:"persist_writethrough",resource:i,ttl:15e3},async()=>{let l=s(async d=>{let f=await t.put(d,{force:!0});u._id=f.id,u._rev=f.rev},"writeDb");try{await l(e)}catch(d){if(d.status!==409)throw d;li("Ignoring conflict in write-through cache")}})).executed||li("Ignoring redlock conflict in write-through cache")),o=im(u,a?null:o?.lastWrite),u._id&&await n.store(Po(t,u._id),o),{ok:!0,id:u._id,rev:u._rev}}s(o0,"put");async function a0(t,e){let r=await cc(),n=Po(t,e),i=await r.get(n);if(!i){let o=await t.get(e);i=im(o),await r.store(n,i)}return i.doc}s(a0,"get");async function u0(t,e){let r=await cc(),n=Po(t,e),i=await r.get(n);if(!i){let o=await t.tryGet(e);if(!o)return null;i=im(o),await r.store(n,i)}return i.doc}s(u0,"tryGet");async function c0(t,e,r){let n=await cc();if(!e)throw new Error("No ID/Rev provided.");let i=typeof e=="string"?e:e._id;r=typeof e=="string"?r:e._rev;try{await n.delete(Po(t,i))}finally{await t.remove(i,r)}}s(c0,"remove");var nm=class{static{s(this,"Writethrough")}constructor(e,r=d_){this.db=e,this.writeRateMs=r}async put(e,r=this.writeRateMs){return o0(this.db,e,r)}async get(e){return a0(this.db,e)}async tryGet(e){return u0(this.db,e)}async remove(e,r){return c0(this.db,e,r)}};function No(t){return`config${C}${t}`}s(No,"generateConfigID");var lc="en";function l0(){return{_id:No("translations"),type:"translations",config:{defaultLocale:lc,locales:{[lc]:{label:"English",overrides:{}}}}}}s(l0,"createDefaultTranslationsConfig");function d0(t){let e=t?.defaultLocale||lc,r={...t?.locales??{}};r[e]||(r[e]={label:e===lc?"English":e,overrides:{}});for(let n of Object.keys(r))r[n].overrides||(r[n]={...r[n],overrides:{}});return{defaultLocale:e,locales:r}}s(d0,"prepareTranslationsConfig");async function Be(t){let e=Y();try{return await e.get(No(t))}catch(r){if(r.status===404)return;throw r}}s(Be,"getConfig");async function f0(t){return t._id||(t._id=No(t.type)),Y().put(t)}s(f0,"save");async function f_(){let t=await Be("translations");return t?(t.config=d0(t.config),t):l0()}s(f_,"getTranslationsConfigDoc");async function p0(){return(await f_()).config}s(p0,"getTranslationsConfig");async function Ti(){let t=await Be("settings");return t||(t={_id:No("settings"),type:"settings",config:{}}),t.config.platformUrl=await Uo({tenantAware:!0,config:t.config}),t.config.analyticsEnabled=await Ju({config:t.config}),t}s(Ti,"getSettingsConfigDoc");async function am(){return(await Ti()).config}s(am,"getSettingsConfig");async function Uo(t={tenantAware:!0}){let e=g.PLATFORM_URL||"http://localhost:10000";if(!g.SELF_HOSTED&&g.MULTI_TENANCY&&t.tenantAware){let r=$();e.includes("localhost:")||(e=e.replace("://",`://${r}.`))}else if(g.SELF_HOSTED){let r=t?.config?t.config:(await Be("settings"))?.config;r?.platformUrl&&(e=r.platformUrl)}return e}s(Uo,"getPlatformUrl");var Ju=s(async t=>{if(!g.SELF_HOSTED)return!!g.ENABLE_ANALYTICS;let e=await wr(ye.ANALYTICS_ENABLED,86400,async()=>{let n=t?.config?t.config:(await Be("settings"))?.config;if(n?.analyticsEnabled===!1)return!1;if(n?.analyticsEnabled===!0)return!0});if(e!==void 0)return e;let r=g.ENABLE_ANALYTICS;return!(r===0||r===!1)},"analyticsEnabled");async function m0(){return await Be("google")}s(m0,"getGoogleConfigDoc");async function fc(){return(await m0())?.config}s(fc,"getGoogleConfig");async function um(){if(!g.SELF_HOSTED)return om();let t=await fc();return(!t||!t.activated)&&(t=om()),t}s(um,"getGoogleDatasourceConfig");function om(){if(g.GOOGLE_CLIENT_ID&&g.GOOGLE_CLIENT_SECRET)return{clientID:g.GOOGLE_CLIENT_ID,clientSecret:g.GOOGLE_CLIENT_SECRET,activated:!0}}s(om,"getDefaultGoogleConfig");async function h0(){return Be("logos_oidc")}s(h0,"getOIDCLogosDoc");async function g0(){return Be("oidc")}s(g0,"getOIDCConfigDoc");async function E0(){let t=(await g0())?.config;return t?.configs&&t.configs[0]}s(E0,"getOIDCConfig");async function cm(t){let e=(await Be("oidc"))?.config;return e&&e.configs.filter(r=>r.uuid===t)[0]}s(cm,"getOIDCConfigById");async function p_(){return Be("smtp")}s(p_,"getSMTPConfigDoc");async function y0(t){let e=await p_();if(e)return e.config;let r=g.SELF_HOSTED||!t;if(g.SMTP_FALLBACK_ENABLED&&r)return{port:g.SMTP_PORT,host:g.SMTP_HOST,secure:!1,from:g.SMTP_FROM_ADDRESS,auth:{user:g.SMTP_USER,pass:g.SMTP_PASSWORD},fallback:!0}}s(y0,"getSMTPConfig");async function T0(){return(await Be("scim"))?.config}s(T0,"getSCIMConfig");async function S0(){return Be("recaptcha")}s(S0,"getRecaptchaConfig");var Tm={};P(Tm,{AccessController:()=>fm,BUILTIN_ROLE_IDS:()=>pm,Role:()=>xr,RoleHierarchyTraversal:()=>pc,RoleIDVersion:()=>mm,builtinRoleToNumber:()=>Lo,checkForRoleResourceArray:()=>E_,externalRole:()=>D0,findRole:()=>ko,getAllRoleIds:()=>x0,getAllRoles:()=>ym,getBuiltinRole:()=>h_,getBuiltinRoles:()=>gm,getDBRoleID:()=>y_,getExternalRoleID:()=>vr,getExternalRoleIDs:()=>T_,getRole:()=>R0,getUserRoleHierarchy:()=>Em,getUserRoleIdHierarchy:()=>g_,isBuiltin:()=>Pr,lowerBuiltinRoleID:()=>w0,prefixRoleIDNoBuiltin:()=>dm,roleIDsAreEqual:()=>Ye,roleToNumber:()=>I0,saveRoles:()=>C0,validInherits:()=>O0});var m_=require("lodash"),mc=B(require("lodash/fp/cloneDeep")),lm=B(require("semver"));var pm={ADMIN:"ADMIN",POWER:"POWER",BASIC:"BASIC",PUBLIC:"PUBLIC"},re={...pm,BUILDER:"BUILDER"},mm={UUID:void 0,NAME:"name"};function _0(t,e){return Array.isArray(e)?e.filter(r=>t.includes(r)).length===e.length:t.includes(e)}s(_0,"rolesInList");var xr=class{constructor(e,r,n,i){this.permissions={};this._id=e,this.name=r,this.uiMetadata=i,this.permissionId=n,this.version=mm.NAME}static{s(this,"Role")}addInheritance(e){return e&&typeof e=="string"?e=dm(e):e&&Array.isArray(e)&&(e=e.map(dm)),this.inherits=e,this}},pc=class{static{s(this,"RoleHierarchyTraversal")}constructor(e,r){this.allRoles=e,this.opts=r}walk(e){let r=this.opts,n=this.allRoles,i=[];if(!e||!e._id)return i;if(i.push(e),Array.isArray(e.inherits))for(let o of e.inherits){let a=ko(o,n,r);a&&(i=i.concat(this.walk(a)))}else{let o=[],a=e;for(;a&&a.inherits&&!_0(o,a.inherits);){if(Array.isArray(a.inherits))return i.concat(this.walk(a));if(o.push(a.inherits),a=ko(a.inherits,n,r),a&&i.push(a),Ue.roles.checkForRoleInheritanceLoops(i))break}}return(0,m_.uniqBy)(i,o=>o._id)}},hm={ADMIN:new xr(re.ADMIN,re.ADMIN,"admin",{displayName:"Admin user",description:"Can do everything",color:"var(--spectrum-global-color-static-red-400)"}).addInheritance(re.POWER),POWER:new xr(re.POWER,re.POWER,"power",{displayName:"App power user",description:"An app user with more access",color:"var(--spectrum-global-color-static-orange-400)"}).addInheritance(re.BASIC),BASIC:new xr(re.BASIC,re.BASIC,"write",{displayName:"Basic user",description:"Any logged in user",color:"var(--spectrum-global-color-static-green-400)"}).addInheritance(re.PUBLIC),PUBLIC:new xr(re.PUBLIC,re.PUBLIC,"public",{displayName:"Public user",description:"Accessible to anyone",color:"var(--spectrum-global-color-static-blue-400)"}),BUILDER:new xr(re.BUILDER,re.BUILDER,"admin",{displayName:"Builder user",description:"Users that can edit this app",color:"var(--spectrum-global-color-static-magenta-600)"})};function gm(){return(0,mc.default)(hm)}s(gm,"getBuiltinRoles");function Pr(t){return Object.values(pm).includes(t)}s(Pr,"isBuiltin");function dm(t){return Pr(t)?t:Vt(t)}s(dm,"prefixRoleIDNoBuiltin");function h_(t){let e=Object.values(hm).find(r=>t.includes(r._id));if(e)return(0,mc.default)(e)}s(h_,"getBuiltinRole");function O0(t,e){if(!e)return!1;let r=s(n=>t.find(i=>Ye(i._id,n)),"find");if(Array.isArray(e)){let n=e.filter(i=>r(i));return e.length!==0&&n.length===e.length}else return!!r(e)}s(O0,"validInherits");function Lo(t){let e=gm(),r=Object.values(e).length+1;if(Ye(t,re.ADMIN)||Ye(t,re.BUILDER))return r;let n=e[t],i=0;do{if(!n)break;if(Array.isArray(n.inherits))throw new Error("Built-in roles don't support multi-inheritance");n=e[n.inherits],i++}while(n!==null);return i}s(Lo,"builtinRoleToNumber");async function I0(t){if(Pr(t))return Lo(t);let e=await Em(t,{defaultPublic:!0}),r=s(n=>{if(!n.inherits)return 0;if(Array.isArray(n.inherits)){let i=n.inherits.map(o=>{let a=e.find(u=>Ye(u._id,o));if(a)return r(a)+1}).filter(o=>o).sort().pop();if(i!=null)return i}else if(Pr(n.inherits))return Lo(n.inherits)+1;return 0},"findNumber");return Math.max(...e.map(r))}s(I0,"roleToNumber");function w0(t,e){return t?e&&Lo(t)>Lo(e)?e:t:e}s(w0,"lowerBuiltinRoleID");function Ye(t,e){return Vt(t)===Vt(e)}s(Ye,"roleIDsAreEqual");function D0(t){let e;return t._id&&(e=vr(t._id)),{...t,_id:e,inherits:T_(t.inherits,t.version)}}s(D0,"externalRole");function ko(t,e,r){let n=h_(t);n||(t=Vt(t));let i=e.find(o=>o._id&&Ye(o._id,t));return!i&&!Pr(t)&&r?.defaultPublic?(0,mc.default)(hm.PUBLIC):(n=Object.assign(n||{},i),n?._id&&(n._id=vr(n._id,n.version)),Object.keys(n).length===0?void 0:n)}s(ko,"findRole");async function R0(t,e){let r=ti(),n=[];if(!Pr(t)){let i=await r.tryGet(y_(t));i&&n.push(i)}return ko(t,n,e)}s(R0,"getRole");async function C0(t){await ti().bulkDocs(t.filter(r=>r._id).map(r=>({...r,_id:Vt(r._id)})))}s(C0,"saveRoles");async function b0(t,e){let r=await ym();if(Ye(t,re.ADMIN))return r;let n=ko(t,r,e),i=[];return n&&(i=new pc(r,e).walk(n)),i}s(b0,"getAllUserRoles");async function g_(t){return(await Em(t)).map(r=>r._id)}s(g_,"getUserRoleIdHierarchy");async function Em(t,e){return b0(t,e)}s(Em,"getUserRoleHierarchy");function E_(t,e){if(t&&!Array.isArray(t[e])){let r=t[e];t[e]=[r],r==="write"&&t[e].push("read")}return t}s(E_,"checkForRoleResourceArray");async function x0(t){return(await ym(t)).map(r=>r._id)}s(x0,"getAllRoleIds");async function ym(t){if(t)return je(t,e);{let r;try{r=ti()}catch{}return e(r)}async function e(r){let n=[];r&&(n=(await r.allDocs(yu(null,{include_docs:!0}))).rows.map(u=>u.doc),n.forEach(u=>u._id=vr(u._id,u.version)));let i=gm(),o=[];!r||await v0(r)?o=[re.ADMIN,re.POWER,re.BASIC,re.PUBLIC]:o=[re.ADMIN,re.BASIC,re.PUBLIC];for(let a of o){let u=i[a],c=n.filter(l=>Ye(l._id,a))[0];c==null?n.push(u||i.BASIC):(n=n.filter(l=>l._id!==c._id),c._id=vr(u._id,c.version),n.push({...u,...c,name:u.name,_id:vr(u._id,u.version),uiMetadata:{...c.uiMetadata,...u.uiMetadata}}))}for(let a of n)if(a.permissions)for(let u of Object.keys(a.permissions))a.permissions=E_(a.permissions,u);return n}s(e,"internal")}s(ym,"getAllRoles");async function v0(t){if(await P0(t))return!0;let r=(await t.tryGet("app_metadata"))?.creationVersion;return!r||!lm.default.valid(r)?!0:!lm.default.gte(r,g.MIN_VERSION_WITHOUT_POWER_ROLE)}s(v0,"shouldIncludePowerRole");async function P0(t){let r=(await t.tryGet("ta_users"))?.schema?.roleId?.constraints?.inclusion;return!Array.isArray(r)||!r.some(i=>Ye(i,re.POWER))?!1:r.some(i=>!Pr(i))}s(P0,"hasLegacyPowerRole");var fm=class{static{s(this,"AccessController")}constructor(){this.userHierarchies={}}async hasAccess(e,r){if(e==null||e===""||Ye(e,re.BUILDER)||Ye(r,e)||Ye(r,re.BUILDER))return!0;let n=r?this.userHierarchies[r]:null;return!n&&r&&(n=await g_(r),this.userHierarchies[r]=n),n?.find(i=>Ye(i,e))!==void 0}async checkScreensAccess(e,r){let n=[];for(let i of e){let o=await this.checkScreenAccess(i,r);o&&n.push(o)}return n}async checkScreenAccess(e,r){let n=e&&e.routing?e.routing.roleId:void 0;return await this.hasAccess(n,r)?e:null}};function y_(t){return t?.startsWith("role")?t:Vt(t)}s(y_,"getDBRoleID");function vr(t,e){if(t.startsWith(`role${C}`)&&(Pr(t)||e===mm.NAME)){let r=t.split(C);return r.shift(),r.join(C)}return t}s(vr,"getExternalRoleID");function T_(t,e){return t&&(typeof t=="string"?vr(t,e):t.map(r=>vr(r,e)))}s(T_,"getExternalRoleIDs");var Sm={};P(Sm,{BUILDER:()=>M0,BUILTIN_PERMISSIONS:()=>hc,CREATOR:()=>F0,GLOBAL_BUILDER:()=>B0,PermissionImpl:()=>se,PermissionLevel:()=>bi,PermissionType:()=>Ko,doesHaveBasePermission:()=>L0,getAllowedLevels:()=>O_,getBuiltinPermissionByID:()=>U0,getBuiltinPermissions:()=>N0,isPermissionLevelHigherThanRead:()=>k0,levelToNumber:()=>__});var S_=B(require("lodash/flatten")),A_=B(require("lodash/fp/cloneDeep"));var se=class{static{s(this,"PermissionImpl")}constructor(e,r){this.type=e,this.level=r}};function __(t){switch(t){case"execute":return 0;case"read":return 1;case"write":return 2;case"admin":return 3;default:return-1}}s(__,"levelToNumber");function O_(t){switch(t){case"execute":return["execute"];case"read":return["execute","read"];case"write":case"admin":return["execute","read","write"];default:return[]}}s(O_,"getAllowedLevels");var hc={PUBLIC:{_id:"public",name:"Public",permissions:[new se("webhook","execute")]},READ_ONLY:{_id:"read_only",name:"Read only",permissions:[new se("query","read"),new se("table","read"),new se("app","read")]},WRITE:{_id:"write",name:"Read/Write",permissions:[new se("query","write"),new se("table","write"),new se("automation","execute"),new se("legacy_view","read"),new se("app","read")]},POWER:{_id:"power",name:"Power",permissions:[new se("table","write"),new se("user","read"),new se("automation","execute"),new se("webhook","read"),new se("legacy_view","read"),new se("app","read")]},ADMIN:{_id:"admin",name:"Admin",permissions:[new se("table","admin"),new se("user","admin"),new se("automation","admin"),new se("webhook","read"),new se("query","admin"),new se("legacy_view","read"),new se("app","read")]}};function N0(){return(0,A_.default)(hc)}s(N0,"getBuiltinPermissions");function U0(t){return Object.values(hc).find(r=>r._id===t)}s(U0,"getBuiltinPermissionByID");function L0(t,e,r){let n=[...new Set(r.map(a=>a.permissionId))],i=Object.values(hc),o=(0,S_.default)(i.filter(a=>n.indexOf(a._id)!==-1).map(a=>a.permissions));for(let a of o)if(a.type===t&&O_(a.level).indexOf(e)!==-1)return!0;return!1}s(L0,"doesHaveBasePermission");function k0(t){return __(t)>1}s(k0,"isPermissionLevelHigherThanRead");var M0="builder",F0="creator",B0="globalBuilder";var Om={};P(Om,{FlagSet:()=>Ec,all:()=>q0,flags:()=>Am,getEnvFlags:()=>R_,init:()=>W0,isEnabled:()=>V0,parseEnvFlags:()=>Tc,shutdown:()=>$0,testutils:()=>_m});var yc=B(require("crypto")),I_=B(require("dd-trace")),w_=require("lodash"),D_=require("posthog-node");var gc;function W0(t){g.POSTHOG_TOKEN&&g.POSTHOG_API_HOST&&!g.SELF_HOSTED&&g.POSTHOG_FEATURE_FLAGS_ENABLED?(console.log("initializing posthog client..."),gc=new D_.PostHog(g.POSTHOG_TOKEN,{host:g.POSTHOG_API_HOST,personalApiKey:g.POSTHOG_PERSONAL_TOKEN,featureFlagsPollingInterval:pe.fromMinutes(3).toMs(),...t})):console.log("posthog disabled")}s(W0,"init");function $0(){gc?.shutdown()}s($0,"shutdown");function Tc(t){let e=t.split(",").map(n=>n.split(":")),r=[];for(let[n,...i]of e)for(let o of i){let a=!0;o.startsWith("!")&&(o=o.slice(1),a=!1),r.push({tenantId:n,key:o,value:a})}return r}s(Tc,"parseEnvFlags");function R_(){return Tc(g.TENANT_FEATURE_FLAGS||"")}s(R_,"getEnvFlags");var Ec=class{constructor(e){this.flagSchema=e;this.setId=yc.randomUUID()}static{s(this,"FlagSet")}defaults(){return(0,w_.cloneDeep)(this.flagSchema)}isFlagName(e){return this.flagSchema[e]!==void 0}async isEnabled(e){return(await this.fetch())[e]}async fetch(){return await I_.default.trace("features.fetch",async e=>{let r=vf(this.setId);if(r)return e?.addTags({fromCache:!0}),r;let n={},i=this.defaults(),o=$(),a=new Set;if(nu())return i;for(let{tenantId:f,key:h,value:p}of R_())if(!(!f||f!=="*"&&f!==o)&&(n.readFromEnvironmentVars=!0,p===!1&&a.add(h),!!this.isFlagName(h))){if(typeof i[h]!="boolean")throw new Error(`Feature: ${h} is not a boolean`);i[h]=p,n[`flags.${h}.source`]="environment"}let u=Gt(),c=u?._id;if(!c){let f=bf();f&&(c=yc.createHash("sha512").update(f).digest("hex"))}let l=u?.tenantId;if(l||(l=o),n["identity.type"]=u?.type,n["identity._id"]=u?._id,n.tenantId=l,n.userId=c,gc&&c){n.readFromPostHog=!0;let f=await Ti(),h={tenantId:l},p={tenant:{id:l}};f.config.createdVersion&&(p.tenant.createdVersion=f.config.createdVersion),f.createdAt&&(p.tenant.createdAt=`${f.createdAt}`);let S=await gc.getAllFlags(c,{personProperties:h,onlyEvaluateLocally:!0,groups:{tenant:l},groupProperties:p});for(let[m,E]of Object.entries(S))if(this.isFlagName(m)){if(typeof E!="boolean"){console.warn(`Invalid value for posthog flag "${m}": ${E}`);continue}if(!(i[m]===!0||a.has(m)))try{i[m]=E,n[`flags.${m}.source`]="posthog"}catch(y){console.warn(`Error parsing posthog flag "${m}": ${E}`,y)}}}let d=Nf();for(let[f,h]of Object.entries(d))this.isFlagName(f)&&typeof h=="boolean"&&(i[f]=h,n[`flags.${f}.source`]="override");Pf(this.setId,i);for(let[f,h]of Object.entries(i))n[`flags.${f}.value`]=h;return e?.addTags(n),i})}},G0={USE_ZOD_VALIDATOR:!1,AI_AGENTS:!0,AI_RAG:!1,DEBUG_UI:g.isDev(),DEV_USE_CLIENT_FROM_STORAGE:!1},Am=new Ec(G0);async function V0(t){return await Am.isEnabled(t)}s(V0,"isEnabled");async function q0(){return await Am.fetch()}s(q0,"all");var _m={};P(_m,{setFeatureFlags:()=>C_,withFeatureFlags:()=>j0});function K0(){let t={};for(let{tenantId:e,key:r,value:n}of Tc(process.env.TENANT_FEATURE_FLAGS||"")){let i=t[e]||{};i[r]!==!1&&(i[r]=n,t[e]=i)}return t}s(K0,"getCurrentFlags");function Q0(t){let e=[];for(let[r,n]of Object.entries(t))for(let[i,o]of Object.entries(n))o===!1?e.push(`${r}:!${i}`):e.push(`${r}:${i}`);return e.join(",")}s(Q0,"buildFlagString");function C_(t,e){let r=K0();for(let[i,o]of Object.entries(e)){let a=r[t]||{};a[i]=o,r[t]=a}let n=Q0(r);return Ds({TENANT_FEATURE_FLAGS:n})}s(C_,"setFeatureFlags");function j0(t,e,r){let n=C_(t,e),i=r();return i instanceof Promise?i.finally(n):(n(),i)}s(j0,"withFeatureFlags");var Lm={};P(Lm,{adminOnly:()=>Sc,auditLog:()=>Ac,authError:()=>Oe,buildAuthMiddleware:()=>Pk,buildCsrfMiddleware:()=>Uk,buildTenancyMiddleware:()=>Nk,builderOnly:()=>xc,builderOrAdmin:()=>vc,google:()=>rr,internalApi:()=>Nc,joiValidator:()=>Mo,oidc:()=>nr,passport:()=>Lk,platformLogout:()=>Wk,refreshOAuthToken:()=>Fk,ssoCallbackUrl:()=>Ur,updateUserOAuth:()=>Bk,workspaceBuilderOrAdmin:()=>kc});var Um={};P(Um,{activeTenant:()=>Z_,adminOnly:()=>Sc,auditLog:()=>Ac,authError:()=>Oe,authenticated:()=>bc,builderOnly:()=>xc,builderOrAdmin:()=>vc,correlation:()=>x_,csp:()=>W_,csrf:()=>Pc,datasource:()=>xk,errorHandling:()=>G_,featureFlagCookie:()=>V_,google:()=>rr,internalApi:()=>Nc,ip:()=>q_,joiValidator:()=>Mo,local:()=>Oi,oidc:()=>nr,pino:()=>v_,querystringToBody:()=>X_,ssoCallbackUrl:()=>Ur,tenancy:()=>Lc,workspaceBuilderOrAdmin:()=>kc});var b_=require("uuid");var H0=require("correlation-id"),x_=s((t,e)=>{let r=t.headers["x-budibase-correlation-id"];return r||(r=(0,b_.v4)()),H0.withId(r,()=>e())},"correlationMiddleware");var Y0=require("koa-pino-logger"),z0=require("correlation-id");function J0(){return{logger:Uu,genReqId:z0.getId,autoLogging:{ignore:t=>!!t.url?.includes("/health")},serializers:{req:t=>({method:t.method,url:t.url,correlationId:t.id}),res:t=>({status:t.statusCode})}}}s(J0,"pinoSettings");function X0(){return g.HTTP_LOGGING?Y0(J0()):(t,e)=>e()}s(X0,"getMiddleware");var v_=X0();var Sc=s(async(t,e)=>(!t.internal&&!xt(t.user)&&t.throw(403,"Admin user only endpoint."),e()),"adminOnly");var Ac=s(async(t,e)=>e(),"auditLog");var Z0=/\/:(.*?)(\/.*)?$/g,er=s(t=>t?t.map(e=>{let r=e.route,n=e.method,i=r.match(Z0);if(i)for(let o of i){let u="/.*"+(o.endsWith("/")?"/":"");r=r.replace(o,u)}return{regex:new RegExp(r),method:n,route:r}}):[],"buildMatcherRegex"),tr=s((t,e)=>e.find(({regex:r,method:n})=>{let i=r.test(t.request.url),o=n==="ALL"?!0:t.request.method.toLowerCase()===n.toLowerCase();return i&&o}),"matches");var Cm={};P(Cm,{SecretOption:()=>U_,compare:()=>nk,decrypt:()=>wc,decryptFile:()=>ok,encrypt:()=>rk,encryptFile:()=>ik,getSecret:()=>Rm});var Pt=B(require("crypto")),Nr=B(require("fs")),Im=require("path"),wm=B(require("zlib"));var _c="aes-256-ctr",N_="-",ek=1e4,tk=32,Oc=16,Dm=16,U_=(r=>(r.API="api",r.ENCRYPTION="encryption",r))(U_||{});function Rm(t){let e,r;switch(t){case"encryption":e=g.ENCRYPTION_KEY,r="ENCRYPTION_KEY";break;case"api":default:e=g.API_ENCRYPTION_KEY,r="API_ENCRYPTION_KEY";break}if(!e)throw new Error(`Secret "${r}" has not been set in environment.`);return e}s(Rm,"getSecret");function Ic(t,e){return Pt.default.pbkdf2Sync(t,new Uint8Array(e),ek,tk,"sha512")}s(Ic,"stretchString");function rk(t,e="api"){let r=Pt.default.randomBytes(Oc),n=Ic(Rm(e),r),i=Pt.default.createCipheriv(_c,new Uint8Array(n),new Uint8Array(r)),o=i.update(t,"utf8"),a=i.final(),u=Buffer.concat([new Uint8Array(o),new Uint8Array(a)]).toString("hex");return`${r.toString("hex")}${N_}${u}`}s(rk,"encrypt");function wc(t,e="api"){let[r,n]=t.split(N_),i=Buffer.from(r,"hex"),o=Ic(Rm(e),i),a=Pt.default.createDecipheriv(_c,new Uint8Array(o),new Uint8Array(i)),u=a.update(n,"hex"),c=a.final();return Buffer.concat([new Uint8Array(u),new Uint8Array(c)]).toString()}s(wc,"decrypt");function nk(t,e,r="api"){try{let n=new TextEncoder,i=n.encode(wc(e,r)),o=n.encode(t);return i.length!==o.length?!1:Pt.default.timingSafeEqual(i,o)}catch{return!1}}s(nk,"compare");async function ik({dir:t,filename:e},r){let n=`${e}.enc`,i=(0,Im.join)(t,e);if(Nr.default.lstatSync(i).isDirectory())throw new Error("Unable to encrypt directory");let o=Nr.default.createReadStream(i),a=Nr.default.createWriteStream((0,Im.join)(t,n)),u=Pt.default.randomBytes(Oc),c=Pt.default.randomBytes(Dm),l=Ic(r,u),d=Pt.default.createCipheriv(_c,new Uint8Array(l),new Uint8Array(c));return a.write(u),a.write(c),o.pipe(wm.default.createGzip()).pipe(d).pipe(a),new Promise(f=>{a.on("finish",()=>{f({filename:n,dir:t})})})}s(ik,"encryptFile");async function sk(t){let e=Nr.default.createReadStream(t),r=await P_(e,Oc),n=await P_(e,Dm);return e.close(),{salt:r,iv:n}}s(sk,"getSaltAndIV");async function ok(t,e,r){if(Nr.default.lstatSync(t).isDirectory())throw new Error("Unable to decrypt directory");let{salt:n,iv:i}=await sk(t),o=Nr.default.createReadStream(t,{start:Oc+Dm}),a=Nr.default.createWriteStream(e),u=Ic(r,n),c=Pt.default.createDecipheriv(_c,new Uint8Array(u),new Uint8Array(i)),l=wm.default.createGunzip();return o.pipe(c).pipe(l).pipe(a),new Promise((d,f)=>{a.on("finish",()=>{a.close(),d()}),o.on("error",h=>{a.close(),f(h)}),c.on("error",h=>{a.close(),f(h)}),l.on("error",h=>{a.close(),f(h)}),a.on("error",h=>{a.close(),f(h)})})}s(ok,"decryptFile");function P_(t,e){return new Promise((r,n)=>{let i=0,o=[];t.on("readable",()=>{let a;for(;(a=t.read(e-i))!==null;)o.push(a),i+=a.length;r(Buffer.concat(o.map(u=>new Uint8Array(u))))}),t.on("end",()=>{n(new Error("Insufficient data in the stream."))}),t.on("error",a=>{n(a)})})}s(P_,"readBytes");var bm={};P(bm,{APIWarning:()=>wn,FeatureDisabledWarning:()=>Rc,InvalidAPIKeyWarning:()=>_i,UsageLimitWarning:()=>Dc});var wn=class extends Error{constructor(r,n){super(r);this.code=n}static{s(this,"APIWarning")}},_i=class extends wn{static{s(this,"InvalidAPIKeyWarning")}constructor(){super("Invalid API key","invalid_api_key")}},Dc=class extends wn{constructor(r){super(`Usage limit exceeded: '${r}'`,"usage_limit_exceeded");this.limitName=r}static{s(this,"UsageLimitWarning")}getPublicWarning(){return{limitName:this.limitName}}},Rc=class extends wn{constructor(r){super(`Feature disabled: '${r}'`,"feature_disabled");this.featureName=r,this.status=400}static{s(this,"FeatureDisabledWarning")}getPublicWarning(){return{featureName:this.featureName}}getPublicError(){return{featureName:this.featureName}}};var k_=B(require("dd-trace"));var uk=g.SESSION_UPDATE_PERIOD?parseInt(g.SESSION_UPDATE_PERIOD):60*1e3;function ck(){return new Date(Date.now()-uk).toISOString()}s(ck,"timeMinusOneMinute");function L_(t,e={}){t.publicEndpoint=e.publicEndpoint||!1,t.isAuthenticated=e.authenticated||!1,t.loginMethod=e.loginMethod,t.user=e.user,t.internal=e.internal||!1,t.version=e.version}s(L_,"finalise");async function lk(t,e){if(Qs(t))return{valid:!0,user:void 0};let n=wc(t).split(C)[0];return Ce(n,async()=>{let i;try{let o=Y();i=await Kt("by_api_key",{key:t},o)}catch{i=void 0}if(i)return{valid:!0,user:await xo({userId:i,tenantId:n,populateUser:e})};throw new _i})}s(lk,"checkApiKey");function Cc(t,e){let r=t.request.headers[e];if(Array.isArray(r))throw new Error("Unexpected header format");return r}s(Cc,"getHeader");function bc(t=[],e={publicAllowed:!1}){let r=t?er(t):[];return async(n,i)=>{let o=!1,a=Cc(n,"x-budibase-api-version");tr(n,r)&&(o=!0);try{let c=Cc(n,"x-budibase-token"),l=jt(n,"budibase:auth")||Su(c),d=Cc(n,"x-budibase-api-key");!d&&n.request.headers.authorization&&(d=n.request.headers.authorization.split(" ")[1]);let f=Cc(n,"x-budibase-tenant-id"),h=!1,p,S=!1,m;if(l&&!d){let y=l.sessionId,I=l.userId,O;try{O=await Bp(I,y),e&&e.populateUser?p=await xo({userId:I,tenantId:O.tenantId,email:O.email,populateUser:e.populateUser(n)}):p=await xo({userId:I,tenantId:O.tenantId,email:O.email}),p.csrfToken=O.csrfToken,m="cookie",O?.lastAccessedAt<ck()&&await Fp(O),h=!0}catch(w){h=!1,console.warn(`Auth Error: ${w.message}`),Ar(n,"budibase:auth")}}if(!h&&d){let y=e.populateUser?e.populateUser(n):null,{valid:I,user:O}=await lk(d,y);I&&(h=!0,m="api_key",p=O,S=!O)}!p&&f?p={tenantId:f}:p&&"password"in p&&delete p.password,h||(h=!1);let E=s(y=>y&&y.email,"isUser");return E(p)&&k_.default.setUser({id:p._id,tenantId:p.tenantId,budibaseAccess:p.budibaseAccess,status:p.status}),L_(n,{authenticated:h,user:p,internal:S,version:a,publicEndpoint:o,loginMethod:m}),E(p)?ff(p,n,i):i()}catch(c){if(console.warn(`Auth Error: ${c.message}`),c?.name==="JsonWebTokenError"?Ar(n,"budibase:auth"):c?.code==="invalid_api_key"&&n.throw(403,c.message),e&&e.publicAllowed||o)return L_(n,{authenticated:!1,version:a,publicEndpoint:o}),i();n.throw(c.status||403,c.message||"Authentication failed")}}}s(bc,"authenticated");async function xc(t,e){if(t.internal)return e();let r=await ln(t);return!r&&!g.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!Me(t.user)?t.throw(403,"Builder user only endpoint."):r&&!Ai(t.user,r)&&t.throw(403,"Workspace builder user only endpoint."),e()}s(xc,"builderOnly");async function vc(t,e){if(t.internal||xt(t.user))return e();let r=await ln(t);return!r&&!g.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!Me(t.user)?t.throw(403,"Admin/Builder user only endpoint."):r&&!Ai(t.user,r)&&t.throw(403,"Workspace Admin/Builder user only endpoint."),e()}s(vc,"builderOrAdmin");var B_=B(require("crypto"));var M_={"default-src":["'self'"],"script-src":["'self'","'unsafe-eval'","https://*.budibase.net","https://cdn.budi.live","https://js.intercomcdn.com","https://widget.intercom.io","https://d2l5prqdbvm3op.cloudfront.net","https://us-assets.i.posthog.com","https://www.google.com/recaptcha/api.js"],"style-src":["'self'","'unsafe-inline'","https://cdn.jsdelivr.net","https://fonts.googleapis.com","https://rsms.me","https://maxcdn.bootstrapcdn.com"],"object-src":["'none'"],"base-uri":["'self'"],"connect-src":["'self'","https://*.budibase.app","https://*.budibaseqa.app","https://*.budibase.net","https://api-iam.intercom.io","https://api-ping.intercom.io","https://app.posthog.com","https://us.i.posthog.com","wss://nexus-websocket-a.intercom.io","wss://nexus-websocket-b.intercom.io","https://nexus-websocket-a.intercom.io","https://nexus-websocket-b.intercom.io","https://uploads.intercomcdn.com","https://uploads.intercomusercontent.com","https://*.amazonaws.com","https://*.s3.amazonaws.com","https://*.s3.us-east-2.amazonaws.com","https://*.s3.us-east-1.amazonaws.com","https://*.s3.us-west-1.amazonaws.com","https://*.s3.us-west-2.amazonaws.com","https://*.s3.af-south-1.amazonaws.com","https://*.s3.ap-east-1.amazonaws.com","https://*.s3.ap-south-1.amazonaws.com","https://*.s3.ap-northeast-2.amazonaws.com","https://*.s3.ap-southeast-1.amazonaws.com","https://*.s3.ap-southeast-2.amazonaws.com","https://*.s3.ap-northeast-1.amazonaws.com","https://*.s3.ca-central-1.amazonaws.com","https://*.s3.cn-north-1.amazonaws.com","https://*.s3.cn-northwest-1.amazonaws.com","https://*.s3.eu-central-1.amazonaws.com","https://*.s3.eu-west-1.amazonaws.com","https://*.s3.eu-west-2.amazonaws.com","https://*.s3.eu-south-1.amazonaws.com","https://*.s3.eu-west-3.amazonaws.com","https://*.s3.eu-north-1.amazonaws.com","https://*.s3.sa-east-1.amazonaws.com","https://*.s3.me-south-1.amazonaws.com","https://*.s3.us-gov-east-1.amazonaws.com","https://*.s3.us-gov-west-1.amazonaws.com","https://api.github.com","https://d2l5prqdbvm3op.cloudfront.net"],"font-src":["'self'","data:","https://cdn.jsdelivr.net","https://fonts.gstatic.com","https://rsms.me","https://maxcdn.bootstrapcdn.com","https://js.intercomcdn.com","https://fonts.intercomcdn.com"],"frame-src":["'self'","https:"],"img-src":["http:","https:","data:","blob:"],"manifest-src":["'self'"],"media-src":["'self'","https://js.intercomcdn.com","https://cdn.budi.live"],"worker-src":["blob:","'self'"]},F_=/^[A-Za-z0-9-*:/.]+$/,W_=s(async(t,e)=>{let r=B_.default.randomBytes(16).toString("base64");t.state.nonce=r;let n={...M_};n["script-src"]=[...M_["script-src"],`'nonce-${r}'`];let i={"media-src":g.CUSTOM_CSP_MEDIA_SRC,"script-src":g.CUSTOM_CSP_SCRIPT_SRC,"connect-src":g.CUSTOM_CSP_CONNECT_SRC,"img-src":g.CUSTOM_CSP_IMG_SRC,"font-src":g.CUSTOM_CSP_FONT_SRC,"frame-src":g.CUSTOM_CSP_FRAME_SRC};for(let[u,c]of Object.entries(i))if(c){let l=c.split(",").map(d=>d.trim()).filter(d=>F_.test(d));n[u]=[...n[u]||[],...l]}if(t.user?.license?.features.includes("customAppScripts")&&t.appId)try{let u=await Ms.getWorkspaceMetadata(t.appId);if("name"in u)for(let c of u.scripts||[]){let l=(c.cspWhitelist||"").split(`
|
|
37
|
+
`);for(let o of i.filter(a=>a))t.push(to.default.readFileSync(o))}return t.push(to.default.readFileSync(jS(YS))),Buffer.concat(t.map(n=>new Uint8Array(n)))}s(uP,"getLogReadStream");function cP(t){return typeof t=="object"&&t!==null&&!(t instanceof Error)}s(cP,"isPlainObject");function lP(t){return t instanceof Error}s(lP,"isError");function dP(t){return typeof t=="string"}s(dP,"isMessage");var Ir;if(!g.DISABLE_PINO_LOGGER){let t=g.LOG_LEVEL,e={level:t,formatters:{level:c=>({level:c.toUpperCase()}),bindings:()=>g.SELF_HOSTED?{service:g.SERVICE_NAME}:{}},timestamp:()=>`,"timestamp":"${new Date(Date.now()).toISOString()}"`},r=[];r.push(g.isDev()?{stream:(0,ZS.default)({singleLine:!0}),level:t}:{stream:process.stdout,level:t}),g.SELF_HOSTED&&r.push({stream:Sp(),level:t}),Ir=r.length?(0,Nu.default)(e,Nu.default.multistream(r)):(0,Nu.default)(e);let n=s(c=>{let l,d=[],f="";c.forEach(E=>{dP(E)&&(f=`${f} ${E}`.trimStart()),cP(E)&&d.push(E),lP(E)&&(l=E)});let h=u(),p={};p={tenantId:i(),appId:o(),automationId:a(),identityId:h?._id,identityType:h?.type,correlationId:ap()};let S=_p.default.scope().active();S&&_p.default.inject(S.context(),eA.formats.LOG,p);let m={err:l,pid:process.pid,...p};if(d.length){let E={},y=0;for(let I=0;I<d.length;I++){let O=d[I],w=O._logKey;w?(delete O._logKey,m[w]=O):(E[y]=O,y++)}Object.keys(E).length&&(m.data=E)}return[m,f]},"getLogParams");console.log=(...c)=>{let[l,d]=n(c);Ir?.info(l,d)},console.info=(...c)=>{let[l,d]=n(c);Ir?.info(l,d)},console.warn=(...c)=>{let[l,d]=n(c);Ir?.warn(l,d)},console.error=(...c)=>{let[l,d]=n(c);Ir?.error(l,d)},console.trace=(...c)=>{let[l,d]=n(c);l.err||(l.err=new Error),Ir?.trace(l,d)},console.debug=(...c)=>{let[l,d]=n(c);Ir?.debug(l,d)};let i=s(()=>{let c;try{c=$()}catch{}return c},"getTenantId"),o=s(()=>{let c;try{c=be()}catch{}return c},"getAppId"),a=s(()=>{let c;try{c=Cf()}catch{}return c},"getAutomationId"),u=s(()=>{let c;try{c=Gt()}catch{}return c},"getIdentity")}var Uu=Ir;var fP=["AccountError"];function pP(t){return t&&t.suppressAlert}s(pP,"isSuppressed");function pn(t,e){e&&fP.includes(e.name)&&pP(e)||console.error(`bb-alert: ${t}`,e)}s(pn,"logAlert");function mP(t,e,r,n){t=`${t} - db: ${e} - doc: ${r} - error: `,pn(t,n)}s(mP,"logAlertWithInfo");function li(t,e){console.warn(`bb-warn: ${t}`,e)}s(li,"logWarn");var Lu=class extends Error{static{s(this,"UnretriableError")}constructor(e){super(e),this.name="PermanentError"}},Op=class{static{s(this,"QueuedProcessor")}constructor(e,r={}){let{maxAttempts:n=3,removeOnFail:i=!0,removeOnComplete:o=!0,maxStalledCount:a=3}=r;this.waitForCompletionMs=r.waitForCompletionMs||1e4,this._queue=new Et(e,{maxStalledCount:a,jobOptions:{attempts:n,removeOnFail:i,removeOnComplete:o}}),this._queue.process(async(u,c)=>{try{let l=await this.processFn(u.data);c?.(null,l)}catch(l){l instanceof Lu&&await u.discard(),pn(`Failed to process job in ${this._queue.name}`,l),c?.(l)}})}async close(e){await this._queue.close(e)}async execute(e){try{let r=await this._queue.add(e);return{success:!0,result:await Ue.withTimeout(this.waitForCompletionMs,()=>r.finished())}}catch(r){if(r.errno!=="ETIME")throw r;return{success:!1,reason:"timeout"}}}};var hP=100,ku,no=class t{static{s(this,"DocWritethroughProcessor")}static get queue(){return t._queue||(t._queue=new Et("docWritethroughQueue",{jobOptions:{attempts:hP}})),t._queue}init(){return t.queue.process(async e=>{try{await this.persistToDb(e.data)}catch(r){throw r.status===409?new Error(`Conflict persisting message ${e.id}. Attempt ${e.attemptsMade}`):r}}),this}async persistToDb({dbName:e,docId:r,data:n}){if(r.startsWith("scimlog"))return;let i=Re(e),o;try{o=await i.get(r)}catch{o={_id:r}}o={...o,...n},await i.put(o)}},wp=class{static{s(this,"DocWritethrough")}constructor(e,r){this.db=e,this._docId=r}get docId(){return this._docId}async patch(e){await no.queue.add({dbName:this.db.name,docId:this.docId,data:e})}};function tA(){return ku=new no().init(),ku}s(tA,"init");function gP(){return ku||tA()}s(gP,"getProcessor");var so={};P(so,{CacheKey:()=>ye,TTL:()=>gn,bustCache:()=>di,destroy:()=>io,get:()=>En,keys:()=>Mu,store:()=>zt,withCache:()=>wr,withCacheWithDynamicTTL:()=>rA});function bt(t){let e=$();return`${t}:${e}`}s(bt,"generateTenantKey");var mn=class{static{s(this,"BaseCache")}constructor(e=void 0){this.client=e}async getClient(){return this.client?this.client:await kf()}async keys(e){return(await this.getClient()).keys(e)}async exists(e,r={useTenancy:!0}){return e=r.useTenancy?bt(e):e,(await this.getClient()).exists(e)}async scan(e,r={useTenancy:!0}){return e=r.useTenancy?bt(e):e,(await this.getClient()).scan(e)}async get(e,r={useTenancy:!0}){return e=r.useTenancy?bt(e):e,(await this.getClient()).get(e)}async bulkGet(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>bt(i)):e,(await this.getClient()).bulkGet(e)}async store(e,r,n=null,i={useTenancy:!0}){e=i.useTenancy?bt(e):e,await(await this.getClient()).store(e,r,n)}async bulkStore(e,r=null,n={useTenancy:!0}){n.useTenancy&&(e=Object.entries(e).reduce((o,[a,u])=>(o[bt(a)]=u,o),{})),await(await this.getClient()).bulkStore(e,r)}async delete(e,r={useTenancy:!0}){return e=r.useTenancy?bt(e):e,(await this.getClient()).delete(e)}async bulkDelete(e,r={useTenancy:!0}){return e=r.useTenancy?e.map(i=>bt(i)):e,(await this.getClient()).bulkDelete(e)}async withCache(e,r=null,n,i={useTenancy:!0}){let o=await this.get(e,i);if(o)return o;try{let a=await n();return await this.store(e,a,r,i),a}catch(a){throw console.error("Error fetching before cache - ",a),a}}async withCacheWithDynamicTTL(e,r,n={useTenancy:!0}){let i=await this.get(e,n);if(i)return i;try{let o=await r(),{value:a,ttl:u}=o;return await this.store(e,a,u,{useTenancy:n.useTenancy}),a}catch(o){throw console.error("Error fetching before cache - ",o),o}}async bustCache(e){let r=await this.getClient();try{await r.delete(bt(e))}catch(n){throw console.error("Error busting cache - ",n),n}}async deleteIfValue(e,r,n={useTenancy:!0}){e=n.useTenancy?bt(e):e,await(await this.getClient()).deleteIfValue(e,r)}};var hn=new mn,ye={CHECKLIST:"checklist",INSTALLATION:"installation",ANALYTICS_ENABLED:"analyticsEnabled",UNIQUE_TENANT_ID:"uniqueTenantId",EVENTS:"events",BACKFILL_METADATA:"backfillMetadata",EVENTS_RATE_LIMIT:"eventsRateLimit",OAUTH2_TOKEN:t=>`oauth2Token_${t}`},gn=(n=>(n[n.ONE_MINUTE=600]="ONE_MINUTE",n[n.ONE_HOUR=3600]="ONE_HOUR",n[n.ONE_DAY=86400]="ONE_DAY",n))(gn||{}),Mu=s((...t)=>hn.keys(...t),"keys"),En=s((...t)=>hn.get(...t),"get"),zt=s((...t)=>hn.store(...t),"store"),io=s((...t)=>hn.delete(...t),"destroy"),wr=s((...t)=>hn.withCache(...t),"withCache"),rA=s((...t)=>hn.withCacheWithDynamicTTL(...t),"withCacheWithDynamicTTL"),di=s((...t)=>hn.bustCache(...t),"bustCache");var bp={};P(bp,{createCode:()=>IP,deleteCode:()=>DP,getCode:()=>wP,getExistingInvites:()=>Cp,getInviteCodes:()=>cA,updateCode:()=>OP});var Tn={};P(Tn,{AUTO_EXTEND_POLLING_MS:()=>sA,doWithLock:()=>oo,newRedlock:()=>yn});var iA=B(require("redlock"));async function EP(t,e){if(t==="custom")return yn(e);switch(t){case"try_once":return yn(fi.TRY_ONCE);case"try_twice":return yn(fi.TRY_TWICE);case"default":return yn(fi.DEFAULT);case"delay_500":return yn(fi.DELAY_500);case"auto_extend":return yn(fi.AUTO_EXTEND);default:throw Ot.unreachable(t)}}s(EP,"getClient");var fi={TRY_ONCE:{retryCount:0},TRY_TWICE:{retryCount:1},DEFAULT:{driftFactor:.01,retryCount:10,retryDelay:200,retryJitter:100},DELAY_500:{retryDelay:500},CUSTOM:{},AUTO_EXTEND:{retryCount:-1}};async function yn(t={}){let e={...fi.DEFAULT,...t},n=(await Ff()).client;return new iA.default([n],e)}s(yn,"newRedlock");function yP(t){let r=`lock:${t.systemLock?"system":$()}_${t.name}`;return t.resource&&(r=r+`_${t.resource}`),r}s(yP,"getLockName");var sA=pe.fromSeconds(10).toMs();async function oo(t,e){let r=await EP(t.type,t.customOptions),n,i;try{let o=yP(t),a=t.type==="auto_extend"?sA:t.ttl;if(n=await r.lock(o,a),t.type==="auto_extend"){let c=s(()=>{i=setTimeout(async()=>{n=await n.extend(a,()=>t.onExtend&&t.onExtend()),c()},a/2)},"extendInIntervals");c()}return{executed:!0,result:await e()}}catch(o){if(o.name==="LockError"){if(t.type==="try_once")return{executed:!1};throw o}else throw o}finally{clearTimeout(i),await n?.unlock()}}s(oo,"doWithLock");var oA=pe.fromDays(7).toSeconds(),SP=pe.fromSeconds(10).toMs(),Fu="Invitation is not valid or has expired, please request a new one.";function aA(t,e){if(!t)return null;let r=t.tenantId||e;return r?{tenantId:r,invites:t.invites||{}}:null}s(aA,"normaliseInviteList");function AP(t){let e=!1,r=Date.now();for(let[n,i]of Object.entries(t.invites))(!i?.expiresAt||i.expiresAt<=r)&&(delete t.invites[n],e=!0);return{list:t,changed:e}}s(AP,"pruneExpiredInvites");async function Rp(t){let r=await(await Ls()).get(t);return aA(r,t)}s(Rp,"loadInviteList");async function ao(t,e){await(await Ls()).store(t,e)}s(ao,"saveInviteList");async function uo(t,e){let{result:r}=await oo({type:"default",name:"process_user_invite",systemLock:!0,resource:t,ttl:SP},e);return r}s(uo,"withInviteListLock");function _P(t,e){return{code:t,email:e.email,info:e.info}}s(_P,"toInviteWithCode");async function uA(t,e){let r=await Ls(),n=aA(await r.get(e),e);if(!n)throw new Error(Fu);if(!Object.keys(n.invites).includes(t))throw new Error(Fu);return{list:n,invite:n.invites[t]}}s(uA,"findInviteInList");async function OP(t,e){let r={...e.info},n=r.tenantId||$();r.tenantId=n,await uo(n,async()=>{let i=await Rp(n)||{tenantId:n,invites:{}};i.invites[t]={email:e.email,info:r,expiresAt:Date.now()+oA*1e3},await ao(n,i)})}s(OP,"updateCode");async function IP(t,e){let r=ee(),n={...e||{}},i=n.tenantId||$();return n.tenantId=i,await uo(i,async()=>{let o=await Rp(i)||{tenantId:i,invites:{}};o.invites[r]={email:t,info:n,expiresAt:Date.now()+oA*1e3},await ao(i,o)}),r}s(IP,"createCode");async function wP(t,e){let r=e||$();return await uo(r,async()=>{let n=await uA(t,r),{list:i,invite:o}=n;if(o.expiresAt<=Date.now())throw delete i.invites[t],await ao(i.tenantId,i),new Error(Fu);return{email:o.email,info:o.info}})}s(wP,"getCode");async function DP(t,e){let r=e||$();try{await uo(r,async()=>{let n=await uA(t,r);delete n.list.invites[t],await ao(n.list.tenantId,n.list)})}catch(n){if(n instanceof Error&&n.message===Fu)return;throw n}}s(DP,"deleteCode");async function cA(){let t=$(),e=await uo(t,async()=>{let n=await Rp(t)||{tenantId:t,invites:{}},i=AP(n);return n=i.list,i.changed&&await ao(t,n),n}),r=new Map;for(let[n,i]of Object.entries(e.invites))r.set(n,_P(n,i));return Array.from(r.values())}s(cA,"getInviteCodes");async function Cp(t){let e=new Set(t.map(r=>r.toLowerCase()));return(await cA()).filter(r=>e.has(r.email.toLowerCase()))}s(Cp,"getExistingInvites");var xp={};P(xp,{createCode:()=>CP,getCode:()=>bP,invalidateCode:()=>xP});var RP=pe.fromHours(1).toSeconds();async function CP(t,e){let r=ee();return await(await ks()).store(r,{userId:t,info:e},RP),r}s(CP,"createCode");async function bP(t){let r=await(await ks()).get(t);if(!r)throw new Error("Provided information is not valid, cannot reset password - please try again.");return r}s(bP,"getCode");async function xP(t){await(await ks()).delete(t)}s(xP,"invalidateCode");var br={};P(br,{getUser:()=>xo,getUsers:()=>s0,invalidateUser:()=>vo});var co={};P(co,{getPlatformDB:()=>Dr,users:()=>yt});var yt={};P(yt,{addSsoUser:()=>dA,addUser:()=>kP,getUserDoc:()=>lA,lookupTenantId:()=>vP,removeUser:()=>MP,updateUserDoc:()=>PP});function Dr(){return Re(fe.PLATFORM_INFO.name)}s(Dr,"getPlatformDB");async function vP(t){return g.MULTI_TENANCY?(await lA(t)).tenantId:ae}s(vP,"lookupTenantId");async function lA(t){return Dr().get(t)}s(lA,"getUserDoc");async function PP(t){await Dr().put(t)}s(PP,"updateUserDoc");function NP(t,e){return{_id:t,tenantId:e}}s(NP,"newUserIdDoc");function UP(t,e,r){return{_id:e,userId:t,tenantId:r}}s(UP,"newUserEmailDoc");function LP(t,e,r,n){return{_id:t,userId:r,email:e,tenantId:n}}s(LP,"newUserSsoIdDoc");async function vp(t,e){let r=Dr(),n;try{await r.get(t)}catch(i){if(i.status===404)n=e(),await r.put(n);else throw i}}s(vp,"addUserDoc");async function dA(t,e,r,n){return vp(t,()=>LP(t,e,r,n))}s(dA,"addSsoUser");async function kP(t,e,r,n){let i=[vp(e,()=>NP(e,t)),vp(r,()=>UP(e,r,t))];n&&i.push(dA(n,r,e,t)),await Promise.all(i)}s(kP,"addUser");async function MP(t){let e=Dr(),r=[t._id,t.email],n=await e.allDocs({keys:r,include_docs:!0});await e.bulkRemove(n.rows.map(i=>i.doc),{silenceErrors:!0})}s(MP,"removeUser");var Sn={};P(Sn,{getAccount:()=>Rr,getAccountByTenantId:()=>pi,getStatus:()=>FP});var fA=B(require("node-fetch"));var lo=class{static{s(this,"API")}constructor(e){this.host=e}async apiCall(e,r,n){n.headers||(n.headers={}),n.headers["Content-Type"]||(n.headers={"Content-Type":"application/json",Accept:"application/json",...n.headers});let i=n.headers["Content-Type"]==="application/json";zs.setHeader(n.headers);let o={method:e,body:i?JSON.stringify(n.body):n.body,headers:n.headers,credentials:"include"};return await(0,fA.default)(`${this.host}${r}`,o)}async post(e,r){return this.apiCall("POST",e,r)}async get(e,r){return this.apiCall("GET",e,r)}async patch(e,r){return this.apiCall("PATCH",e,r)}async del(e,r){return this.apiCall("DELETE",e,r)}async put(e,r){return this.apiCall("PUT",e,r)}};var Pp=new lo(g.INTERNAL_ACCOUNT_PORTAL_URL),Np=g.SELF_HOSTED||g.DISABLE_ACCOUNT_PORTAL,Rr=s(async t=>{if(Np)return;let e={email:t},r=await Pp.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by email ${t}`);return(await r.json())[0]},"getAccount"),pi=s(async t=>{if(Np)return;let e={tenantId:t},r=await Pp.post("/api/accounts/search",{body:e,headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}});if(r.status!==200)throw new Error(`Error getting account by tenantId ${t}`);return(await r.json())[0]},"getAccountByTenantId"),FP=s(async()=>{if(Np)return;let t=await Pp.get("/api/status",{headers:{"x-budibase-api-key":g.ACCOUNT_PORTAL_API_KEY}}),e=await t.json();if(t.status!==200)throw new Error("Error getting status");return e},"getStatus");var yi={};P(yi,{UserDB:()=>vt,addAppBuilder:()=>t0,bulkGetGlobalUsersById:()=>uc,bulkUpdateGlobalUsers:()=>Ro,cleanseUserObject:()=>tm,creatorsInList:()=>On,doesUserExist:()=>zL,getAccountHolderFromUsers:()=>ac,getAllUserIds:()=>HL,getAllUsers:()=>YL,getById:()=>In,getCreatorCount:()=>ZL,getExistingAccounts:()=>Ei,getExistingPlatformUsers:()=>e_,getExistingTenantUsers:()=>ZA,getFirstPlatformUser:()=>wo,getGlobalUserByAppPage:()=>a_,getGlobalUserByEmail:()=>At,getPlatformUsers:()=>nc,getUserCount:()=>XL,hasAdminPermissions:()=>Cr,hasAppBuilderPermissions:()=>n_,hasBuilderPermissions:()=>Me,isAdmin:()=>xt,isAdminOrBuilder:()=>r_,isAdminOrWorkspaceBuilder:()=>ic,isBuilder:()=>Ai,isCreatorAsync:()=>Do,isCreatorSync:()=>sc,isGlobalBuilder:()=>t_,paginatedUsers:()=>c_,removeAppBuilder:()=>r0,removePortalUserPermissions:()=>e0,searchExistingEmails:()=>zp,searchGlobalUsersByApp:()=>o_,searchGlobalUsersByAppAccess:()=>em,searchGlobalUsersByEmail:()=>u_,validateUniqueUser:()=>oc});var ju={};P(ju,{ActiveContentFileError:()=>$u,BadRequestError:()=>po,BudibaseError:()=>fo,EmailUnavailableError:()=>Jt,FeatureDisabledError:()=>qu,ForbiddenError:()=>Gu,HTTPError:()=>ke,NotFoundError:()=>Wu,NotImplementedError:()=>Vu,UnexpectedError:()=>Bu,UsageLimitError:()=>Ku,getErrorMessage:()=>pA,getPublicError:()=>Qu});var fo=class extends Error{constructor(r,n){super(r);this.code=n}static{s(this,"BudibaseError")}};function pA(t){if(t==null)return"No error provided.";if(t instanceof Error)return t.message;if(typeof t=="string")return t;if(typeof t=="object"&&"message"in t)return String(t.message);try{let r=JSON.stringify(t);if(r!=="{}")return r}catch{}let e=String(t);return e!=="[object Object]"?e:"An unknown error occurred"}s(pA,"getErrorMessage");var Qu=s(t=>{let e;return t.code&&(e={code:t.code},t.getPublicError&&(e={...e,...t.getPublicError()})),e},"getPublicError"),ke=class t extends fo{constructor(r,n,i="http"){super(r,i);this.status=n}static{s(this,"HTTPError")}static async fromResponse(r){let n=await r.text(),i=n,o=r.status,a="http";try{let u=JSON.parse(n);i=u.error?.message||u.message,o=u.status??r.status,a=u.error?.code??r.statusText}catch{}return new t(i,o,a)}},Bu=class extends ke{static{s(this,"UnexpectedError")}constructor(e){super(e,500)}},Wu=class extends ke{static{s(this,"NotFoundError")}constructor(e){super(e,404)}},po=class extends ke{static{s(this,"BadRequestError")}constructor(e){super(e,400)}},$u=class extends po{static{s(this,"ActiveContentFileError")}constructor(e){super(`File "${e}" contains active content which is not permitted`)}},Gu=class extends ke{static{s(this,"ForbiddenError")}constructor(e){super(e,403)}},Vu=class extends ke{static{s(this,"NotImplementedError")}constructor(e){super(e,501)}},qu=class extends Error{static{s(this,"FeatureDisabledError")}constructor(e){super(`Feature disabled: '${e}'`)}},Ku=class extends Error{static{s(this,"UsageLimitError")}constructor(e){super(`Usage limit exceeded: '${e}'`)}},Jt=class extends Error{static{s(this,"EmailUnavailableError")}constructor(e){super(`Email already in use: '${e}'`)}};var Mp={};P(Mp,{PASSWORD_MAX_LENGTH:()=>Lp,PASSWORD_MIN_LENGTH:()=>Up,validatePassword:()=>kp});var Up=+(g.PASSWORD_MIN_LENGTH||12),Lp=+(g.PASSWORD_MAX_LENGTH||512);function kp(t){return!t||t.length<Up?{valid:!1,error:`Password invalid. Minimum ${Up} characters.`}:t.length>Lp?{valid:!1,error:`Password invalid. Maximum ${Lp} characters.`}:{valid:!0}}s(kp,"validatePassword");var Hu={};P(Hu,{createASession:()=>BP,endSession:()=>WP,getSession:()=>Bp,getSessionsForUser:()=>mo,invalidateSessions:()=>An,updateSessionTTL:()=>Fp});var hA=require("uuid");var gA=g.SESSION_EXPIRY_SECONDS?parseInt(g.SESSION_EXPIRY_SECONDS):pe.fromDays(7).toSeconds();function mi(t,e){return`${t}/${e}`}s(mi,"makeSessionID");async function mo(t){return t?(await(await yr()).scan(t)).map(n=>n.value):(console.trace("Cannot get sessions for undefined userId"),[])}s(mo,"getSessionsForUser");async function An(t,e={}){try{let r=e?.reason||"unknown",n=e.sessionIds||[],i;if(n.length===0?i=(await mo(t)).map(a=>({key:mi(a.userId,a.sessionId)})):(n=Array.isArray(n)?n:[n],i=n.map(o=>({key:mi(t,o)}))),i&&i.length>0){let o=await yr(),a=[];for(let u of i)a.push(o.delete(u.key));g.isTest()||li(`Invalidating sessions for ${t} (reason: ${r}) - ${i.map(u=>u.key).join(", ")}`),await Promise.all(a)}}catch(r){console.error(`Error invalidating sessions: ${r}`)}}s(An,"invalidateSessions");async function BP(t,e){let r=await mo(t),n=0;if(r.length>=3){let l=r.sort((h,p)=>new Date(h.createdAt).getTime()-new Date(p.createdAt).getTime()),d=r.length-3+1,f=l.slice(0,d).map(h=>h.sessionId);n=f.length,await An(t,{sessionIds:f,reason:"session limit exceeded"})}let i=await yr(),o=e.sessionId,a=e.csrfToken?e.csrfToken:(0,hA.v4)(),u=mi(t,o),c={...e,csrfToken:a,createdAt:new Date().toISOString(),lastAccessedAt:new Date().toISOString(),userId:t};return await i.store(u,c,gA),{session:c,invalidatedSessionCount:n}}s(BP,"createASession");async function Fp(t){let e=await yr(),r=mi(t.userId,t.sessionId);t.lastAccessedAt=new Date().toISOString(),await e.store(r,t,gA)}s(Fp,"updateSessionTTL");async function WP(t,e){await(await yr()).delete(mi(t,e))}s(WP,"endSession");async function Bp(t,e){if(!t||!e)throw new Error(`Invalid session details - ${t} - ${e}`);let n=await(await yr()).get(mi(t,e));if(!n)throw new Error(`Session not found - ${t} - ${e}`);return n}s(Bp,"getSession");var gi={};P(gi,{account:()=>CA,action:()=>bA,ai:()=>xA,analytics:()=>zu,app:()=>vA,asyncEventQueue:()=>Tt,auditLog:()=>PA,auth:()=>rc,automation:()=>NA,backfill:()=>UA,backfillCache:()=>Zu,backup:()=>LA,datasource:()=>kA,email:()=>MA,environmentVariable:()=>FA,group:()=>BA,identification:()=>St,initAsyncEvents:()=>LL,installation:()=>To,layout:()=>WA,license:()=>$A,org:()=>GA,plugin:()=>VA,processors:()=>Kp,publishEvent:()=>A,query:()=>qA,resource:()=>KA,role:()=>Io,rowAction:()=>QA,rows:()=>jA,screen:()=>HA,serve:()=>YA,shutdown:()=>kL,table:()=>zA,user:()=>Fe,view:()=>JA,workspace:()=>XA});var zu={};P(zu,{enabled:()=>Yu});var Yu=s(async()=>Ju(),"enabled");var Tt;function Xu(){Tt=new Et("systemEventQueue",{jobTags:t=>({"event.name":t.event})})}s(Xu,"init");async function EA(){Tt&&await Tt.close()}s(EA,"shutdown");async function yA(t){Tt||Xu();let{event:e,identity:r}=t;nh.indexOf(e)!==-1&&r.tenantId&&await Tt.add(t)}s(yA,"publishAsyncEvent");var Zu={};P(Zu,{end:()=>GP,isAlreadySent:()=>Gp,isBackfillingEvent:()=>$p,recordEvent:()=>Wp,start:()=>$P});var $P=s(async t=>qP({eventWhitelist:t}),"start"),Wp=s(async(t,e)=>{let r=Vp(t,e);await zt(r,e,void 0,{useTenancy:!1})},"recordEvent"),GP=s(async()=>{await KP(),await QP()},"end"),VP=s(async()=>En(ye.BACKFILL_METADATA),"getBackfillMetadata"),qP=s(async t=>zt(ye.BACKFILL_METADATA,t),"saveBackfillMetadata"),KP=s(async()=>{await io(ye.BACKFILL_METADATA)},"deleteBackfillMetadata"),QP=s(async()=>{let t=Vp(),e=await Mu(t);for(let r of e)await io(r,{useTenancy:!1})},"clearEvents"),$p=s(async t=>{let r=(await VP())?.eventWhitelist;return!!(r&&r.includes(t))},"isBackfillingEvent"),Gp=s(async(t,e)=>{let r=Vp(t,e);return!!await En(r,{useTenancy:!1})},"isAlreadySent"),jP={"automation:created":t=>t.automationId,"automation:step:created":t=>t.stepId,"datasource:created":t=>t.datasourceId,"layout:created":t=>t.layoutId,"query:created":t=>t.queryId,"role:created":t=>t.roleId,"screen:created":t=>t.screenId,"table:created":t=>t.tableId,"view:created":t=>t.tableId,"view:calculation:created":t=>t.tableId,"view:filter:created":t=>t.tableId,"app:created":t=>t.appId,"app:published":t=>t.appId,"auth:sso:created":t=>t.type,"auth:sso:activated":t=>t.type,"user:created":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:builder:assigned":t=>t.userId,"role:assigned":t=>`${t.roleId}-${t.userId}`},Vp=s((t,e)=>{let r,n=$();if(t){r=`${ye.EVENTS}:${n}:${t}`;let i=jP[t],o=i?i(e):void 0;o&&(r=`${r}:${o}`)}else r=`${ye.EVENTS}:${n}:*`;return r},"getEventKey");var Kp={};P(Kp,{analyticsProcessor:()=>wA,init:()=>nN,processors:()=>Zt});var OA=require("posthog-node");var HP=s(t=>t==="served:builder"||t==="served:app:preview"||t==="served:app","isRateLimited"),YP=s(t=>t==="served:app:preview"||t==="served:app","isPerApp");var SA={"served:app":"calendarDay","served:app:preview":"calendarDay","served:builder":"calendarDay"},AA=s(async t=>{if(!HP(t))return!1;let e=await zP(t);if(e){let r=new Date(e.timestamp);switch(SA[t]){case"calendarDay":return r.setDate(r.getDate()+1),r.setHours(0,0,0,0),Date.now()>r.getTime()?(await TA(t,{timestamp:Date.now()}),!1):!0}}else return await TA(t,{timestamp:Date.now()}),!1},"limited"),_A=s(t=>{let e=`${ye.EVENTS_RATE_LIMIT}:${t}`;return YP(t)&&(e=e+":"+be()),e},"eventKey"),zP=s(async t=>{let e=_A(t);return await En(e)},"readEvent"),TA=s(async(t,e)=>{let r=_A(t),n=SA[t],i;switch(n){case"calendarDay":i=86400}await zt(r,e,i)},"recordEvent");var XP=["user:updated","email:smtp:updated","auth:sso:updated","app:updated","role:updated","datasource:updated","query:updated","view:updated","view:calculation:updated","automation:trigger:updated","user_group:updated"],ho=class{static{s(this,"PosthogProcessor")}constructor(e){if(!e)throw new Error("Posthog token is not defined");this.posthog=new OA.PostHog(e)}async processEvent(e,r,n,i){if(XP.includes(e)||await AA(e))return;n=this.clearPIIProperties(n),n.version=g.VERSION,n.service=g.SERVICE,n.environment=r.environment,n.hosting=r.hosting;let o=be();o&&(n.appId=o);let a={distinctId:r.id,event:e,properties:n};i&&(a.timestamp=new Date(i)),(r.installationId||r.tenantId)&&(a.groups={},r.installationId&&(a.groups.installation=r.installationId,a.properties.installationId=r.installationId),r.tenantId&&(a.groups.tenant=r.tenantId,a.properties.tenantId=r.tenantId)),this.posthog.capture(a)}clearPIIProperties(e){return e.email&&delete e.email,e.audited&&delete e.audited,e}async identify(e,r){let n={distinctId:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.identify(n)}async identifyGroup(e,r){let n={distinctId:e.id,groupType:e.type,groupKey:e.id,properties:e};r&&(n.timestamp=new Date(r)),this.posthog.groupIdentify(n)}async shutdown(){await this.posthog.shutdown()}};var IA=ho;var ZP=["installation:version:upgraded","installation:version:downgraded"],eN=["installation","tenant"],go=class{static{s(this,"AnalyticsProcessor")}constructor(){g.POSTHOG_TOKEN&&!g.isTest()&&(this.posthog=new IA(g.POSTHOG_TOKEN))}async processEvent(e,r,n,i){!ZP.includes(e)&&!await Yu()||this.posthog&&await this.posthog.processEvent(e,r,n,i)}async identify(e,r){!eN.includes(e.type)&&!await Yu()||this.posthog&&await this.posthog.identify(e,r)}async identifyGroup(e,r){this.posthog&&await this.posthog.identifyGroup(e,r)}async shutdown(){this.posthog&&await this.posthog.shutdown()}};var qp=g.SELF_HOSTED&&!g.isDev(),Eo=class{static{s(this,"LoggingProcessor")}async processEvent(e,r,n){qp||console.log(`[audit] [identityType=${r.type}] ${e}`,n)}async identify(e){qp||console.log("[audit] identified",e)}async identifyGroup(e){qp||console.log("[audit] group identified",e)}async shutdown(){}};var hi=class t{static{s(this,"AuditLogsProcessor")}static{this.auditLogsEnabled=!1}static init(e){t.auditLogsEnabled=!0;let r=e;return t.auditLogQueue=new Et("auditLogQueue",{jobTags:n=>({"event.name":n.event})}),t.auditLogQueue.process(async n=>{await Ce(n.data.tenantId,async()=>{let i=n.data.properties;i.audited&&(i={...i,...i.audited},delete i.audited);let o={};g.ENABLE_AUDIT_LOG_IP_ADDR&&(o=n.data.opts.hostInfo),await r(n.data.event,i,{userId:n.data.opts.userId,timestamp:n.data.opts.timestamp,appId:n.data.opts.appId,hostInfo:o})})})}async processEvent(e,r,n,i){if(t.auditLogsEnabled&&Xf(e)){let o=r.type==="user"?r.id:void 0;await t.auditLogQueue.add({event:e,properties:n,opts:{userId:o,timestamp:i,appId:be(),hostInfo:r.hostInfo},tenantId:$()})}}async identify(){}async identifyGroup(){}async shutdown(){await t.auditLogQueue?.close()}};var yo=class{constructor(e){this.initialised=!1;this.processors=[];this.processors=e}static{s(this,"Processor")}async processEvent(e,r,n,i){for(let o of this.processors)await o.processEvent(e,r,n,i)}async identify(e,r){for(let n of this.processors)n.identify&&await n.identify(e,r)}async identifyGroup(e,r){for(let n of this.processors)n.identifyGroup&&await n.identifyGroup(e,r)}async shutdown(){for(let e of this.processors)e.shutdown&&await e.shutdown()}};var wA=new go,tN=new Eo,rN=new hi;function nN(t){return hi.init(t)}s(nN,"init");var Zt=new yo([wA,tN,rN]);var ec={};P(ec,{checkInstallVersion:()=>oN,getInstall:()=>So,getInstallFromDB:()=>jp});var Qp=B(require("semver"));var So=s(async()=>wr(ye.INSTALLATION,86400,jp,{useTenancy:!1}),"getInstall");async function iN(t){let e={_id:fe.PLATFORM_INFO.docs.install,installId:ee(),version:g.VERSION};try{let r=await t.put(e);return e._rev=r.rev,e}catch(r){if(r.status===409)return jp();throw r}}s(iN,"createInstallDoc");var jp=s(async()=>je(fe.PLATFORM_INFO.name,async t=>{let e;try{e=await t.get(fe.PLATFORM_INFO.docs.install)}catch(r){if(r.status===404)e=await iN(t);else throw r}return e}),"getInstallFromDB"),sN=s(async t=>{try{await je(fe.PLATFORM_INFO.name,async e=>{let r=await So();r.version=t,await e.put(r),await di(ye.INSTALLATION)})}catch(e){if(e.status===409)return!1;throw e}return!0},"updateVersion"),oN=s(async()=>{let t=await So(),e=t.version,r=g.VERSION;try{if(e!==r){let n=Qp.default.gt(r,e),i=Qp.default.lt(r,e);await sN(r)&&(await Cs({_id:t.installId,type:"installation"},async()=>{n?await To.upgraded(e,r):i&&await To.downgraded(e,r)}),await St.identifyInstallationGroup(t.installId))}}catch(n){n?.message?.includes("Invalid Version")?pn(`Invalid version "${r}" - is it semver?`):pn("Failed to retrieve version",n)}},"checkInstallVersion");var aN=s(async()=>{let t=lf(),e=Oo(),r;if(t?r=t.type:r="tenant",r==="installation"){let n=await _n(),i=Ao();return{id:DA(n,r),hosting:i,type:r,installationId:n,environment:e}}else if(r==="tenant"){let n=await _n(),i=await tc($()),o=Ao();return{id:DA(i,r),type:r,hosting:o,installationId:n,tenantId:i,realTenantId:$(),environment:e}}else if(r==="user"){let n=t,i=await tc($()),o=await _n(),a=n.account,u;return a?u=a.hosting:u=Ao(),{id:n._id,type:r,hosting:u,installationId:o,tenantId:i,environment:e,realTenantId:$(),hostInfo:n.hostInfo}}else throw new Error("Unknown identity type")},"getCurrentIdentity"),uN=s(async(t,e)=>{let r=t,n="installation",i=Ao(),o=g.VERSION,a=Oo(),u={id:r,type:n,hosting:i,version:o,environment:a};await Hp(u,e),await _o({...u,id:`$${n}_${r}`},e)},"identifyInstallationGroup"),cN=s(async(t,e,r,n=g.VERSION)=>{let i=await tc(t),o="tenant",a=await _n(),u=Oo(),c={id:i,type:o,hosting:e,environment:u,installationId:a,createdAt:r,createdVersion:n};await Hp(c,r),await _o({...c,id:`$${o}_${i}`},r)},"identifyTenantGroup"),lN=s(async(t,e,r)=>{let n=t._id,i=await tc(t.tenantId),o="user",a=Me(t),u=Cr(t),c;Ho(t)&&(c=t.providerType);let d=(await Ei([t.email])).length>0,f=!!e&&d&&e.verified,h=await _n(),p=e?e.hosting:Ao(),S=Oo();await _o({id:n,type:o,hosting:p,installationId:h,tenantId:i,verified:f,accountHolder:d,providerType:c,builder:a,admin:u,environment:S},r)},"identifyUser"),dN=s(async t=>{let e=t.accountId,r=t.tenantId,n="user",i=jo(t)?t.providerType:void 0,o=t.verified,a=!0,u=t.hosting,c=await _n(),l=Oo();if(Qo(t)){let f=await At(t.email);f?._id&&(e=f._id)}await _o({id:e,type:n,hosting:u,installationId:c,tenantId:r,providerType:i,verified:o,accountHolder:a,environment:l})},"identifyAccount"),_o=s(async(t,e)=>{await Zt.identify(t,e)},"identify"),Hp=s(async(t,e)=>{await Zt.identifyGroup(t,e)},"identifyGroup"),Oo=s(()=>g.isDev()?"development":g.DEPLOYMENT_ENVIRONMENT,"getDeploymentEnvironment"),Ao=s(()=>g.SELF_HOSTED?"self":"cloud","getHostingFromEnv"),_n=s(async()=>fN()?"account-portal":(await So()).installId,"getInstallationId"),tc=s(async t=>g.SELF_HOSTED?RA(t):t,"getEventTenantId"),RA=s(async t=>Ce(t,()=>wr(ye.UNIQUE_TENANT_ID,86400,async()=>{let e=Y(),r=await Ti(),n;return r.config.uniqueTenantId?r.config.uniqueTenantId:(n=`${ee()}_${t}`,r.config.uniqueTenantId=n,r.config.createdVersion=g.VERSION,await e.put(r),n)})),"getUniqueTenantId"),fN=s(()=>g.SERVICE==="account-portal","isAccountPortal"),DA=s((t,e)=>e==="installation"||e==="tenant"?`$${e}_${t}`:t,"formatDistinctId"),St={getCurrentIdentity:aN,identifyInstallationGroup:uN,identifyTenantGroup:cN,identifyUser:lN,identifyAccount:dN,identify:_o,identifyGroup:Hp,getInstallationId:_n,getUniqueTenantId:RA};var A=s(async(t,e,r,n)=>{let i=n||await St.getCurrentIdentity();if(!(n?!1:await $p(t))){await yA({event:t,identity:i,properties:e,timestamp:r}),await Zt.processEvent(t,i,e,r);return}await Gp(t,e)||(await Zt.processEvent(t,i,e,r),await Wp(t,e))},"publishEvent");async function pN(t,e){let r={tenantId:t.tenantId};await A("account:created",r,void 0,e)}s(pN,"created");async function mN(t){let e={tenantId:t.tenantId};await A("account:deleted",e)}s(mN,"deleted");async function hN(t){let e={tenantId:t.tenantId};await A("account:verified",e)}s(hN,"verified");var CA={created:pN,deleted:mN,verified:hN};async function gN(t,e){console.info("action:automation_step:executed",`disabled. Action step ${t.stepId} not published at ${e}`)}s(gN,"automationStepExecuted");async function EN(t,e){console.info("action:automation_step:executed",`disabled. Action type ${t.type} not published at ${e}`)}s(EN,"crudExecuted");async function yN(t,e){console.info("action:automation_step:executed",`disabled. Execution for ai agent ${t.agentId} not published at ${e}`)}s(yN,"aiAgentExecuted");var bA={aiAgentExecuted:yN,automationStepExecuted:gN,crudExecuted:EN};async function TN(t){let e={};await A("ai:config:created",e,t)}s(TN,"AIConfigCreated");async function SN(){let t={};await A("ai:config:updated",t)}s(SN,"AIConfigUpdated");var xA={AIConfigCreated:TN,AIConfigUpdated:SN};var AN=s(async(t,e)=>{let r={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:created",r,e)},"created");async function _N(t){let e={appId:t.appId,version:t.version,audited:{name:t.name}};await A("app:updated",e)}s(_N,"updated");async function ON(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:deleted",e)}s(ON,"deleted");async function IN(t,e){let r={appId:t.appId,audited:{name:t.name}};await A("app:published",r,e)}s(IN,"published");async function wN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:unpublished",e)}s(wN,"unpublished");async function DN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:file:imported",e)}s(DN,"fileImported");async function RN(t,e){let r={duplicateAppId:e,appId:t.appId,audited:{name:t.name}};await A("app:duplicated",r)}s(RN,"duplicated");async function CN(t,e){let r={appId:t.appId,templateKey:e,audited:{name:t.name}};await A("app:template:imported",r)}s(CN,"templateImported");async function bN(t,e,r){let n={appId:t.appId,currentVersion:e,updatedToVersion:r,audited:{name:t.name}};await A("app:version:updated",n)}s(bN,"versionUpdated");async function xN(t,e,r){let n={appId:t.appId,currentVersion:e,revertedToVersion:r,audited:{name:t.name}};await A("app:version:reverted",n)}s(xN,"versionReverted");async function vN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:reverted",e)}s(vN,"reverted");async function PN(t){let e={appId:t.appId,audited:{name:t.name}};await A("app:exported",e)}s(PN,"exported");var vA={created:AN,updated:_N,deleted:ON,published:IN,unpublished:wN,fileImported:DN,duplicated:RN,templateImported:CN,versionUpdated:bN,versionReverted:xN,reverted:vN,exported:PN};async function NN(t){let e={filters:t};await A("audit_log:filtered",e)}s(NN,"filtered");async function UN(t){let e={filters:t};await A("audit_log:downloaded",e)}s(UN,"downloaded");var PA={filtered:NN,downloaded:UN};async function LN(t,e){let n={userId:(await St.getCurrentIdentity()).id,source:t,audited:{email:e}};await A("auth:login",n)}s(LN,"login");async function kN(t){let r={userId:(await St.getCurrentIdentity()).id,audited:{email:t}};await A("auth:logout",r)}s(kN,"logout");async function MN(t,e){let r={type:t};await A("auth:sso:created",r,e)}s(MN,"SSOCreated");async function FN(t){let e={type:t};await A("auth:sso:updated",e)}s(FN,"SSOUpdated");async function BN(t,e){let r={type:t};await A("auth:sso:activated",r,e)}s(BN,"SSOActivated");async function WN(t){let e={type:t};await A("auth:sso:deactivated",e)}s(WN,"SSODeactivated");var rc={login:LN,logout:kN,SSOCreated:MN,SSOUpdated:FN,SSOActivated:BN,SSODeactivated:WN};async function $N(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:created",r,e)}s($N,"created");async function GN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:trigger:updated",e)}s(GN,"triggerUpdated");async function VN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,audited:{name:t.name}};await A("automation:deleted",e)}s(VN,"deleted");async function qN(t){let e={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId};await A("automation:tested",e)}s(qN,"tested");var KN=s(async(t,e)=>{let r={count:t};await A("automations:run",r,e)},"run");async function QN(t,e,r){let n={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:created",n,r)}s(QN,"stepCreated");async function jN(t,e){let r={appId:t.appId,automationId:t._id,triggerId:t.definition?.trigger?.id,triggerType:t.definition?.trigger?.stepId,stepId:e.id,stepType:e.stepId,audited:{name:t.name}};await A("automation:step:deleted",r)}s(jN,"stepDeleted");var NA={created:$N,triggerUpdated:GN,deleted:VN,tested:qN,run:KN,stepCreated:QN,stepDeleted:jN};var Si=!g.SELF_HOSTED&&!g.isDev();async function HN(t){Si||await A("app:backfill:succeeded",t)}s(HN,"appSucceeded");async function YN(t){if(Si)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("app:backfill:failed",e)}s(YN,"appFailed");async function zN(t){Si||await A("tenant:backfill:succeeded",t)}s(zN,"tenantSucceeded");async function JN(t){if(Si)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("tenant:backfill:failed",e)}s(JN,"tenantFailed");async function XN(){if(Si)return;let t={};await A("installation:backfill:succeeded",t)}s(XN,"installationSucceeded");async function ZN(t){if(Si)return;let e={error:JSON.stringify(t,Object.getOwnPropertyNames(t))};await A("installation:backfill:failed",e)}s(ZN,"installationFailed");var UA={appSucceeded:HN,appFailed:YN,tenantSucceeded:zN,tenantFailed:JN,installationSucceeded:XN,installationFailed:ZN};async function eU(t){let e={appId:t.appId,restoreId:t._id,backupCreatedAt:t.timestamp,name:t.name};await A("app:backup:restored",e)}s(eU,"workspaceBackupRestored");async function tU(t,e,r,n,i){let o={appId:t,backupId:e,type:r,trigger:n,name:i};await A("app:backup:triggered",o)}s(tU,"workspaceBackupTriggered");var LA={workspaceBackupRestored:eU,workspaceBackupTriggered:tU};function Yp(t){return!Object.values(Go).includes(t.source)}s(Yp,"isCustom");async function rU(t,e){let r={datasourceId:t._id,source:t.source,custom:Yp(t)};await A("datasource:created",r,e)}s(rU,"created");async function nU(t){let e={datasourceId:t._id,source:t.source,custom:Yp(t)};await A("datasource:updated",e)}s(nU,"updated");async function iU(t){let e={datasourceId:t._id,source:t.source,custom:Yp(t)};await A("datasource:deleted",e)}s(iU,"deleted");var kA={created:rU,updated:nU,deleted:iU};async function sU(t){let e={};await A("email:smtp:created",e,t)}s(sU,"SMTPCreated");async function oU(){let t={};await A("email:smtp:updated",t)}s(oU,"SMTPUpdated");var MA={SMTPCreated:sU,SMTPUpdated:oU};async function aU(t,e){let r={name:t,environments:e};await A("environment_variable:created",r)}s(aU,"created");async function uU(t){let e={name:t};await A("environment_variable:deleted",e)}s(uU,"deleted");async function cU(t){let e={userId:t};await A("environment_variable:upgrade_panel_opened",e)}s(cU,"upgradePanelOpened");var FA={created:aU,deleted:uU,upgradePanelOpened:cU};async function lU(t,e){let r={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:created",r,e)}s(lU,"created");async function dU(t){let e={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:updated",e)}s(dU,"updated");async function fU(t){let e={groupId:t._id,viaScim:gt(),audited:{name:t.name}};await A("user_group:deleted",e)}s(fU,"deleted");async function pU(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:gt(),audited:{name:e.name}};await A("user_group:user_added",n)}s(pU,"usersAdded");async function mU(t,e,r){let n={count:t,groupId:e._id,userIds:r,viaScim:gt(),audited:{name:e.name}};await A("user_group:users_deleted",n)}s(mU,"usersDeleted");async function hU(t){let e={groupId:t,onboarding:!0};await A("user_group:onboarding_added",e)}s(hU,"createdOnboarding");async function gU(t){let e={permissions:t.roles,groupId:t._id,audited:{name:t.name}};await A("user_group:permissions_edited",e)}s(gU,"permissionsEdited");var BA={created:lU,updated:dU,deleted:fU,usersAdded:pU,usersDeleted:mU,createdOnboarding:hU,permissionsEdited:gU};async function EU(t){let e={currentVersion:t};await A("installation:version:checked",e)}s(EU,"versionChecked");async function yU(t,e){let r={from:t,to:e};await A("installation:version:upgraded",r)}s(yU,"upgraded");async function TU(t,e){let r={from:t,to:e};await A("installation:version:downgraded",r)}s(TU,"downgraded");async function SU(){let t={};await A("installation:firstStartup",t)}s(SU,"firstStartup");var To={versionChecked:EU,upgraded:yU,downgraded:TU,firstStartup:SU};async function AU(t,e){let r={layoutId:t._id};await A("layout:created",r,e)}s(AU,"created");async function _U(t){let e={layoutId:t};await A("layout:deleted",e)}s(_U,"deleted");var WA={created:AU,deleted:_U};async function OU(t,e){let r={accountId:t.accountId,...e};await A("license:plan:changed",r)}s(OU,"planChanged");async function IU(t){let e={accountId:t.accountId};await A("license:activated",e)}s(IU,"activated");async function wU(t){let e={accountId:t.accountId};await A("license:checkout:opened",e)}s(wU,"checkoutOpened");async function DU(t){let e={accountId:t.accountId};await A("license:checkout:success",e)}s(DU,"checkoutSuccess");async function RU(t){let e={accountId:t.accountId};await A("license:portal:opened",e)}s(RU,"portalOpened");async function CU(t){let e={accountId:t.accountId};await A("license:payment:failed",e)}s(CU,"paymentFailed");async function bU(t){let e={accountId:t.accountId};await A("license:payment:recovered",e)}s(bU,"paymentRecovered");var $A={planChanged:OU,activated:IU,checkoutOpened:wU,checkoutSuccess:DU,portalOpened:RU,paymentFailed:CU,paymentRecovered:bU};async function xU(t){let e={};await A("org:info:name:updated",e,t)}s(xU,"nameUpdated");async function vU(t){let e={};await A("org:info:logo:updated",e,t)}s(vU,"logoUpdated");async function PU(t){let e={};await A("org:platformurl:updated",e,t)}s(PU,"platformURLUpdated");async function NU(){let t={};await A("analytics:opt:out",t)}s(NU,"analyticsOptOut");async function UU(){let t={};await A("analytics:opt:out",t)}s(UU,"analyticsOptIn");var GA={nameUpdated:xU,logoUpdated:vU,platformURLUpdated:PU,analyticsOptOut:NU,analyticsOptIn:UU};async function LU(t){let e={type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:init",e)}s(LU,"init");async function kU(t){let e={pluginId:t._id,type:t.schema.type,source:t.source,name:t.name,description:t.description,version:t.version};await A("plugin:imported",e)}s(kU,"imported");async function MU(t){let e={pluginId:t._id,type:t.schema.type,name:t.name,description:t.description,version:t.version};await A("plugin:deleted",e)}s(MU,"deleted");var VA={init:LU,imported:kU,deleted:MU};var FU=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:created",n,r)},"created"),BU=s(async(t,e)=>{let r={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:updated",r)},"updated"),WU=s(async(t,e,r)=>{let n={queryId:e._id,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb,appId:r};await A("query:deleted",n)},"deleted"),$U=s(async(t,e,r)=>{let n={datasourceId:t._id,source:t.source,count:r,importSource:e};await A("query:import",n)},"imported"),GU=s(async(t,e)=>{let r={count:t};await A("queries:run",r,e)},"run"),VU=s(async(t,e)=>{let r={queryId:e.queryId,datasourceId:t._id,source:t.source,queryVerb:e.queryVerb};await A("query:previewed",r)},"previewed"),qA={created:FU,updated:BU,deleted:WU,imported:$U,run:GU,previewed:VU};async function qU({resource:t,fromWorkspace:e,toWorkspace:r},n){let i={resource:t,fromWorkspace:e,toWorkspace:r};await A("resource:copied_to_workspace",i,n)}s(qU,"duplicatedToWorkspace");var KA={duplicatedToWorkspace:qU};async function KU(t,e){let r={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:created",r,e)}s(KU,"created");async function QU(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:updated",e)}s(QU,"updated");async function jU(t){let e={roleId:t._id,permissionId:t.permissionId,inherits:t.inherits};await A("role:deleted",e)}s(jU,"deleted");async function HU(t,e,r){let n={userId:t._id,roleId:e};await A("role:assigned",n,r)}s(HU,"assigned");async function YU(t,e){let r={userId:t._id,roleId:e};await A("role:unassigned",r)}s(YU,"unassigned");var Io={created:KU,updated:QU,deleted:jU,assigned:HU,unassigned:YU};async function zU(t,e){await A("row_action:created",t,e)}s(zU,"created");var QA={created:zU};var JU=s(async(t,e)=>{let r={count:t};await A("rows:created",r,e)},"created"),XU=s(async(t,e)=>{let r={tableId:t._id,count:e};await A("rows:imported",r)},"imported"),jA={created:JU,imported:XU};async function ZU(t,e){let r={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:created",r,e)}s(ZU,"created");async function eL(t){let e={layoutId:t.layoutId,screenId:t._id,roleId:t.routing.roleId,audited:{name:t.routing?.route}};await A("screen:deleted",e)}s(eL,"deleted");var HA={created:ZU,deleted:eL};async function tL(t){let e={timezone:t};await A("served:builder",e)}s(tL,"servedBuilder");async function rL(t,e,r){let n={appVersion:t.version,timezone:e,embed:r===!0};await A("served:app",n)}s(rL,"servedApp");async function nL(t,e){let r={appId:t.appId,appVersion:t.version,timezone:e};await A("served:app:preview",r)}s(nL,"servedAppPreview");var YA={servedBuilder:tL,servedApp:rL,servedAppPreview:nL};async function iL(t,e){let r={tableId:t._id,audited:{name:t.name}};await A("table:created",r,e)}s(iL,"created");async function sL(t,e){let r,n;for(let o in e.schema)if(!t.schema[o]){let a=e.schema[o];"default"in a&&a.default!=null&&(r=!0),a.type==="ai"&&(n=a.operation)}let i={tableId:e._id,defaultValues:r,aiColumn:n,audited:{name:e.name}};(r||n)&&await A("table:updated",i)}s(sL,"updated");async function oL(t,e){let r={tableId:t._id,audited:{name:t.name},appId:e};await A("table:deleted",r)}s(oL,"deleted");async function aL(t,e){let r={tableId:t._id,format:e,audited:{name:t.name}};await A("table:exported",r)}s(aL,"exported");async function uL(t){let e={tableId:t._id,audited:{name:t.name}};await A("table:imported",e)}s(uL,"imported");var zA={created:iL,updated:sL,deleted:oL,exported:aL,imported:uL};async function cL(t,e){let r={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:created",r,e)}s(cL,"created");async function lL(t){let e={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:updated",e)}s(lL,"updated");async function dL(t){let e={userId:t._id,viaScim:gt(),audited:{email:t.email}};await A("user:deleted",e)}s(dL,"deleted");async function fL(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:admin:assigned",r,e)}s(fL,"permissionAdminAssigned");async function pL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:admin:removed",e)}s(pL,"permissionAdminRemoved");async function mL(t,e){let r={userId:t._id,audited:{email:t.email}};await A("user:builder:assigned",r,e)}s(mL,"permissionBuilderAssigned");async function hL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:builder:removed",e)}s(hL,"permissionBuilderRemoved");async function gL(t){let e={audited:{email:t}};await A("user:invited",e)}s(gL,"invited");async function EL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:invite:accepted",e)}s(EL,"inviteAccepted");async function yL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:force:reset",e)}s(yL,"passwordForceReset");async function TL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:updated",e)}s(TL,"passwordUpdated");async function SL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset:requested",e)}s(SL,"passwordResetRequested");async function AL(t){let e={userId:t._id,audited:{email:t.email}};await A("user:password:reset",e)}s(AL,"passwordReset");async function _L(t){let e={users:t};await A("user:data:collaboration",e)}s(_L,"dataCollaboration");var Fe={created:cL,updated:lL,deleted:dL,permissionAdminAssigned:fL,permissionAdminRemoved:pL,permissionBuilderAssigned:mL,permissionBuilderRemoved:hL,invited:gL,inviteAccepted:EL,passwordForceReset:yL,passwordUpdated:TL,passwordResetRequested:SL,passwordReset:AL,dataCollaboration:_L};async function OL(t,e){let r={name:t.name,type:t.type,tableId:t.tableId};await A("view:created",r,e)}s(OL,"created");async function IL(t){let e={tableId:t.tableId};await A("view:updated",e)}s(IL,"updated");async function wL(t,e){let r={...Ue.views.isV2(t)?{id:t.id,tableId:t.tableId,appId:e}:{}};await A("view:deleted",r)}s(wL,"deleted");async function DL(t,e){let r={tableId:t._id,format:e};await A("view:exported",r)}s(DL,"exported");async function RL({tableId:t,filterGroups:e},r){let n={tableId:t,filterGroups:e};await A("view:filter:created",n,r)}s(RL,"filterCreated");async function CL({tableId:t,filterGroups:e}){let r={tableId:t,filterGroups:e};await A("view:filter:updated",r)}s(CL,"filterUpdated");async function bL(t){let e={tableId:t.tableId};await A("view:filter:deleted",e)}s(bL,"filterDeleted");async function xL({tableId:t,calculationType:e},r){let n={tableId:t,calculation:e};await A("view:calculation:created",n,r)}s(xL,"calculationCreated");async function vL(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:updated",e)}s(vL,"calculationUpdated");async function PL(t){let e={tableId:t.tableId,calculation:t.calculation};await A("view:calculation:deleted",e)}s(PL,"calculationDeleted");async function NL(t,e){let r={tableId:t};await A("view:join:created",r,e)}s(NL,"viewJoinCreated");var JA={created:OL,updated:IL,deleted:wL,exported:DL,filterCreated:RL,filterUpdated:CL,filterDeleted:bL,calculationCreated:xL,calculationUpdated:vL,calculationDeleted:PL,viewJoinCreated:NL};async function UL(t,e){let r={workspaceAppId:t._id,audited:{name:t.name},appId:e};await A("workspace_app:deleted",r)}s(UL,"deleted");var XA={deleted:UL};function LL(){}s(LL,"initAsyncEvents");var kL=s(async()=>{await Zt.shutdown(),console.log("Events shutdown")},"shutdown");var Jp={};P(Jp,{creatorsInList:()=>On,getAccountHolderFromUsers:()=>ac,hasAdminPermissions:()=>Cr,hasAppBuilderPermissions:()=>n_,hasBuilderPermissions:()=>Me,isAdmin:()=>xt,isAdminOrBuilder:()=>r_,isAdminOrWorkspaceBuilder:()=>ic,isBuilder:()=>Ai,isCreatorAsync:()=>Do,isCreatorSync:()=>sc,isGlobalBuilder:()=>t_,validateUniqueUser:()=>oc});async function zp(t){let e=[],r=await ZA(t);e.push(...r.map(a=>a.email));let n=await e_(t);e.push(...n.map(a=>a._id));let i=await Ei(t);e.push(...i.map(a=>a.email));let o=await Cp(t);return e.push(...o.map(a=>a.email)),[...new Set(e.map(a=>a.toLowerCase()))]}s(zp,"searchExistingEmails");async function nc(t){return await $s("platform_users_lowercase_2",{keys:[t.toLowerCase()],include_docs:!0})}s(nc,"getPlatformUsers");async function wo(t){return(await nc(t))[0]??null}s(wo,"getFirstPlatformUser");async function ZA(t){let r={keys:t.map(i=>i.toLowerCase()),include_docs:!0},n={arrayResponse:!0};return await Kt("by_email2",r,void 0,n)}s(ZA,"getExistingTenantUsers");async function e_(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await $s("platform_users_lowercase_2",r)}s(e_,"getExistingPlatformUsers");async function Ei(t){let r={keys:t.map(n=>n.toLowerCase()),include_docs:!0};return await $s("account_by_email",r)}s(Ei,"getExistingAccounts");var Ai=Le.users.isBuilder,xt=Le.users.isAdmin,t_=Le.users.isGlobalBuilder,r_=Le.users.isAdminOrBuilder,Cr=Le.users.hasAdminPermissions,Me=Le.users.hasBuilderPermissions,n_=Le.users.hasAppBuilderPermissions,ic=Le.users.isAdminOrWorkspaceBuilder;async function On(t,e){let r=[...new Set(t.filter(i=>i.userGroups).flatMap(i=>i.userGroups))];return e=await Y().getMultiple(r,{allowMissing:!0}),t.map(i=>sc(i,e))}s(On,"creatorsInList");async function Do(t){let e=[];return t.userGroups&&(e=await Y().getMultiple(t.userGroups)),sc(t,e)}s(Do,"isCreatorAsync");function sc(t,e){let r=Le.users.isCreator(t);return!r&&t?ML(t,e):r}s(sc,"isCreatorSync");function ML(t,e){let r=e?.filter(n=>t.userGroups?.indexOf(n._id)!==-1);return r&&r.length>0?r.some(n=>Object.values(n.roles||{}).includes("CREATOR")):!1}s(ML,"isCreatorByGroupMembership");async function oc(t,e){if(g.MULTI_TENANCY){let r=await wo(t);if(r!=null&&r.tenantId!==e)throw new Jt(t)}if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let r=await Rr(t);if(r&&r.verified&&r.tenantId!==e)throw new Jt(t)}}s(oc,"validateUniqueUser");async function ac(t){if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let e=await Ei(t.map(r=>r.email));return t.find(r=>e.map(n=>n.email).includes(r.email))}}s(ac,"getAccountHolderFromUsers");var Xp=s(async t=>{await Fe.deleted(t),Me(t)&&await Fe.permissionBuilderRemoved(t),Cr(t)&&await Fe.permissionAdminRemoved(t)},"handleDeleteEvents"),FL=s(async(t,e,r)=>{for(let[n,i]of Object.entries(e))(!r||r[n]!==i)&&await Io.assigned(t,i)},"assignAppRoleEvents"),BL=s(async(t,e,r)=>{if(r)for(let[n,i]of Object.entries(r))(!e||e[n]!==i)&&await Io.unassigned(t,i)},"unassignAppRoleEvents"),WL=s(async(t,e)=>{let r=t.roles,n=e?.roles;await FL(t,r,n),await BL(t,r,n)},"handleAppRoleEvents"),Zp=s(async(t,e,r)=>{let n=r;!n&&!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL&&(n=await pi($())),await St.identifyUser(t,n),e?(await Fe.updated(t),GL(t,e)&&await Fe.permissionBuilderRemoved(t),qL(t,e)&&await Fe.permissionAdminRemoved(t),!e.forceResetPassword&&t.forceResetPassword&&t.password&&await Fe.passwordForceReset(t),t.password!==e.password&&await Fe.passwordUpdated(t)):await Fe.created(t),$L(t,e)&&await Fe.permissionBuilderAssigned(t),VL(t,e)&&await Fe.permissionAdminAssigned(t),await WL(t,e)},"handleSaveEvents"),$L=s((t,e)=>i_(t,e,Me),"isAddingBuilder"),GL=s((t,e)=>s_(t,e,Me),"isRemovingBuilder"),VL=s((t,e)=>i_(t,e,Cr),"isAddingAdmin"),qL=s((t,e)=>s_(t,e,Cr),"isRemovingAdmin"),i_=s((t,e,r)=>!(!r(t)||e&&r(e)),"isAddingPermission"),s_=s((t,e,r)=>!(r(t)||!e||!r(e)),"isRemovingPermission");var QL=s(async t=>{let e=t._id;await yt.removeUser(t),await Xp(t),await br.invalidateUser(e),await An(e,{reason:"bulk-deletion"})},"bulkDeleteProcessing"),vt=class t{static{s(this,"UserDB")}static init(e,r,n){t.quotas=e,t.groups=r,t.features=n}static async isPreventPasswordActions(e,r){return g.ENABLE_SSO_MAINTENANCE_MODE&&xt(e)?!1:await t.features.isSSOEnforced()||Ho(e)?!0:(r||(r=await pi($())),!!(r&&r.email===e.email&&jo(r)))}static async buildUser(e,r={hashPassword:!0,requirePassword:!0},n,i,o){let{password:a,_id:u}=e;i&&!i.password&&(r.requirePassword=!1);let c;if(a&&a!==i?.password){if(await t.isPreventPasswordActions(e,o))throw new ke("Password change is disabled for this user",400);if(!r.skipPasswordValidation){let f=kp(a);if(!f.valid)throw new ke(f.error,400)}c=r.hashPassword?await uf(a):a}else i&&(c=i.password);let l=r.requirePassword&&!await t.features.isSSOEnforced();if(!c&&l)throw"Password must be specified.";u=u||ni();let d={createdAt:Date.now(),...i,...e,_id:u,password:c,tenantId:n};return d.roles||(d.roles={}),d.status==null&&(d.status="active"),d}static async allUsers(){return(await Y().allDocs(un(null,{include_docs:!0}))).rows.map(n=>n.doc)}static async countUsersByWorkspace(e){if(typeof e!="string"||!e)throw new Error("Must provide a string based workspace ID");return{userCount:(await Gs("by_app",ii(e,{include_docs:!1}))).rows.length}}static async getUsersByAppAccess(e){return await em(e.appId,{limit:e.limit||50})}static async getUserByEmail(e){return At(e)}static async getUser(e){let r=await In(e);return r&&delete r.password,r}static async bulkGet(e){return await uc(e)}static async bulkUpdate(e){return await Ro(e)}static async save(e,r={}){r.hashPassword==null&&(r.hashPassword=!0),r.requirePassword==null&&(r.requirePassword=!0);let n=$(),i=Y(),{email:o,_id:a,userGroups:u=[],roles:c}=e;if(!o&&!a)throw new Error("_id or email is required");let l;if(a)try{if(l=await In(a),o&&l.email!==o&&!r.allowChangingEmail)throw new Error("Email address cannot be changed")}catch(m){if(m.status!==404)throw m}if(!l&&o&&(l=await At(o),l&&l._id!==a))throw new Jt(o);let d=1,f=0;if((r.isAccountHolder||l)&&(d=0,f=1),l){let[m,E]=await On([l,e]);f=m!==E?1:0}let h=!l,p=!!l&&!!o&&l.email!==o,S=!r.isAccountHolder&&!!o&&(h||p);return t.quotas.addUsers(d,f,async()=>{S&&await oc(o,n);let m=await t.buildUser(e,r,n,l);r.currentUserId&&r.currentUserId===l?._id&&(m=tm(m,l)),!l&&c?.length&&(m.roles={...c});let E=[];if(!a&&u.length>0)for(let y of u)E.push(t.groups.addUsers(y,[m._id]));try{let y=await i.put(m);return m._rev=y.rev,await Zp(m,l),l&&m.email!==l.email&&await yt.removeUser({email:l.email}),await yt.addUser(n,m._id,m.email,m.ssoId),await br.invalidateUser(y.id),await Promise.all(E),i.get(m._id)}catch(y){throw y.status===409?"User exists already":y}})}static async bulkCreate(e,r){let n=$(),i=[],o=[],a=[],u=e.map(h=>h.email),c=await zp(u),l=[];for(let h of e){let p=o.find(m=>m.email.toLowerCase()===h.email.toLowerCase()),S=c.includes(h.email.toLowerCase());if(p||S){l.push({email:h.email,reason:"Unavailable"});continue}h.userGroups=r||[],o.push(h),await Do(h)&&a.push(h)}let d=await pi(n),f=await t.features.isSSOEnforced();return t.quotas.addUsers(o.length,a.length,async()=>{for(let S of o)f&&delete S.password,i.push(t.buildUser(S,{hashPassword:!0,requirePassword:!f},n,void 0,d));let h=await Promise.all(i);await Ro(h);for(let S of h)await yt.addUser(n,S._id,S.email),await Zp(S,void 0,d);let p=h.map(S=>({_id:S._id,email:S.email}));if(Array.isArray(p)&&r){let S=[],m=p.map(E=>E._id);for(let E of r)S.push(t.groups.addUsers(E,m));await Promise.all(S)}return{successful:p,unsuccessful:l}})}static async bulkDelete(e){let r=Y(),n={successful:[],unsuccessful:[]},i=await ac(e);i&&(e=e.filter(p=>p.userId!==i.userId),n.unsuccessful.push({_id:i.userId,email:i.email,reason:"Account holder cannot be deleted"}));let a=(await r.allDocs({include_docs:!0,keys:e.map(p=>p.userId)})).rows.map(p=>p.doc),u=a.map(p=>({...p,_deleted:!0})),c=await Ro(u),d=(await On(a)).filter(p=>p).length,f=[];for(let p of a){let m=(await wo(p._id)).ssoId;m&&(await nc(m)).filter(y=>y.ssoId==null).forEach(y=>{f.push({...y,_deleted:!0})}),await QL(p)}await Dr().bulkDocs(f),await t.quotas.removeUsers(u.length,d);let h={};return a.reduce((p,S)=>(p[S._id]=S,p),h),c.forEach(p=>{let S=h[p.id].email;p.ok?n.successful.push({_id:p.id,email:S}):n.unsuccessful.push({_id:p.id,email:S,reason:"Database error"})}),n}static async destroy(e){let r=Y(),n=await r.get(e),i=n._id;if(!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let a=n.email;if(await Rr(a))throw n.userId===Gt()._id?new ke('Please visit "Account" to delete this user',400):new ke("Account holder cannot be deleted",400)}await yt.removeUser(n),await r.remove(i,n._rev);let o=await Do(n)?1:0;await t.quotas.removeUsers(1,o),await Xp(n),await br.invalidateUser(i),await An(i,{reason:"deletion"})}static async createAdminUser(e,r,n){let i=n?.password,o={email:e,password:i,createdAt:Date.now(),roles:{},builder:{global:!0},admin:{global:!0},tenantId:r,firstName:n?.firstName,lastName:n?.lastName};return n?.ssoId&&(o.ssoId=n.ssoId),await di(ye.CHECKLIST),await t.save(o,{hashPassword:n?.hashPassword,requirePassword:n?.requirePassword,skipPasswordValidation:n?.skipPasswordValidation,isAccountHolder:!0})}static async getGroups(e){return await this.groups.getBulk(e)}static async getGroupBuilderAppIds(e){return await this.groups.getGroupBuilderAppIds(e)}};function bo(t){return Array.isArray(t)?t.map(e=>{if(e)return delete e.password,e}):t&&(delete t.password,t)}s(bo,"removeUserPassword");async function uc(t,e){let n=(await Y().allDocs({keys:t,include_docs:!0})).rows.map(i=>i.doc);return e?.cleanup&&(n=bo(n)),n}s(uc,"bulkGetGlobalUsersById");async function HL(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${Pe}`})).rows.map(n=>n.id)}s(HL,"getAllUserIds");async function YL(){let t=Y(),e=`us${C}`;return(await t.allDocs({startkey:e,endkey:`${e}${Pe}`,include_docs:!0})).rows.map(n=>n.doc)}s(YL,"getAllUsers");async function Ro(t){return await Y().bulkDocs(t)}s(Ro,"bulkUpdateGlobalUsers");async function In(t,e){let n=await Y().get(t);return e?.cleanup&&(n=bo(n)),n}s(In,"getById");async function At(t,e){if(t==null)throw"Must supply an email address to view";let r=await Kt("by_email2",{key:t.toLowerCase(),include_docs:!0});if(Array.isArray(r))throw new Error(`Multiple users found with email address: ${t}`);let n=r;return e?.cleanup&&(n=bo(n)),n}s(At,"getGlobalUserByEmail");async function zL(t){try{let e=await At(t);if(Array.isArray(e)||e!=null)return!0}catch{return!1}return!1}s(zL,"doesUserExist");async function o_(t,e,r){if(typeof t!="string")throw new Error("Must provide a string based workspace ID");let n=ii(t,{include_docs:!0});n.startkey=e&&e.startkey?e.startkey:n.startkey;let i=await Kt("by_app",n);i||(i=[]);let o=Array.isArray(i)?i:[i];return r?.cleanup&&(o=bo(o)),o}s(o_,"searchGlobalUsersByApp");async function em(t,e){let r=`roles.${t}`,n=[{"builder.global":!0},{"admin.global":!0}];if(t){let a={[r]:{$exists:!0}};n.push(a)}return(await Y().find({selector:{$or:n,_id:{$regex:"^us_"}},limit:e?.limit||50})).docs}s(em,"searchGlobalUsersByAppAccess");function a_(t,e){if(e)return Eu(He(t),e._id)}s(a_,"getGlobalUserByAppPage");async function u_(t,e,r){if(typeof t!="string")throw new Error("Must provide a string to search by");let n=t.toLowerCase(),i=e&&e.startkey?e.startkey:n,o=await Kt("by_email2",{...e,startkey:i,endkey:`${n}${Pe}`});o||(o=[]);let a=Array.isArray(o)?o:[o];return r?.cleanup&&(a=bo(a)),a}s(u_,"searchGlobalUsersByEmail");var JL=8;async function c_({bookmark:t,query:e,appId:r,limit:n}={}){let i=Y(),o=n??JL,u={include_docs:!0,limit:o+1};t&&(u.startkey=t);let c,l="_id",d;return e?.equal?._id?c=[await In(e.equal._id)]:r?(c=await o_(r,u),d=s(f=>a_(r,f),"getKey")):e?.string?.email?(c=await u_(e?.string?.email,u),l="email"):e?.oneOf?._id?c=await uc(e?.oneOf?._id,{cleanup:!0}):e?(c=(await i.allDocs(un(null,{...u,limit:void 0}))).rows.map(h=>h.doc),c=mr.search(c,{query:e,limit:u.limit}).rows):c=(await i.allDocs(un(null,u))).rows.map(h=>h.doc),qf(c,o,{paginate:!0,property:l,getKey:d})}s(c_,"paginatedUsers");async function XL(){return(await Gs("by_email2",{limit:0,include_docs:!1})).total_rows}s(XL,"getUserCount");async function ZL(){let t=0;async function e(r){let n=await c_({bookmark:r}),i=await On(n.data);t+=i.filter(o=>o).length,n.hasNextPage&&await e(n.nextPage)}return s(e,"iterate"),await e(),t}s(ZL,"getCreatorCount");function e0(t){return delete t.admin,delete t.builder,t}s(e0,"removePortalUserPermissions");function tm(t,e){return delete t.admin,delete t.builder,delete t.roles,e&&(t.admin=e.admin,t.builder=e.builder,t.roles=e.roles),t}s(tm,"cleanseUserObject");async function t0(t,e){let r=He(e);t.builder??={},t.builder.creator=!0,t.builder.apps??=[],t.builder.apps.push(r),await vt.save(t,{hashPassword:!1})}s(t0,"addAppBuilder");async function r0(t,e){let r=He(e);t.builder&&t.builder.apps?.includes(r)&&(t.builder.apps=t.builder.apps.filter(n=>n!==r)),await vt.save(t,{hashPassword:!1})}s(r0,"removeAppBuilder");var l_=3600;async function n0(t,e){let n=await Yf(e).get(t);if(n.budibaseAccess=!0,!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let i=await Rr(n.email);i&&(n.account=i,n.accountPortalAccess=!0)}return n}s(n0,"populateFromDB");async function i0(t){let e=await vt.bulkGet(t),r=t.filter((i,o)=>!e[o]),n=e.filter(i=>i);return await Promise.all(n.map(async i=>{if(i.budibaseAccess=!0,!g.SELF_HOSTED&&!g.DISABLE_ACCOUNT_PORTAL){let o=await Rr(i.email);o&&(i.account=o,i.accountPortalAccess=!0)}})),r.length?{users:n,notFoundIds:r}:{users:n}}s(i0,"populateUsersFromDB");async function xo({userId:t,tenantId:e,email:r,populateUser:n}){if(n||(n=n0),!e)try{e=$()}catch{e=await yt.lookupTenantId(t)}let i=await Us(),o=await i.get(t);return o||(o=await n(t,e,r),await i.store(t,o,l_)),o&&!o.tenantId&&e&&(o.tenantId=e),o.userGroups&&!Le.users.isGlobalBuilder(o)&&await Ce(e,async()=>{let a=await vt.getGroupBuilderAppIds(o);if(a.length){let u=o.builder?.apps||[];o.builder={apps:[...new Set(u.concat(a))]}}}),o}s(xo,"getUser");async function s0(t){let e=await Us(),r=await e.bulkGet(t),n=t.filter(a=>!r[a]),i=Object.values(r).filter(a=>!!a),o;if(n.length){let a=await i0(n);o=a.notFoundIds;for(let u of a.users)await e.store(u._id,u,l_);i.push(...a.users)}return{users:i,notFoundIds:o}}s(s0,"getUsers");async function vo(t){await(await Us()).delete(t)}s(vo,"invalidateUser");var sm={};P(sm,{Writethrough:()=>nm});var d_=1e4,rm=null;async function cc(){if(!rm){let t=await Mf();rm=new mn(t)}return rm}s(cc,"getCache");function Po(t,e){return t.name+e}s(Po,"makeCacheKey");function im(t,e=null){return{doc:t,lastWrite:e||Date.now()}}s(im,"makeCacheItem");async function o0(t,e,r=d_){let n=await cc(),i=e._id,o;i&&(o=await n.get(Po(t,i)));let a=!o||o.lastWrite<Date.now()-r,u=e;return a&&((await oo({type:"try_once",name:"persist_writethrough",resource:i,ttl:15e3},async()=>{let l=s(async d=>{let f=await t.put(d,{force:!0});u._id=f.id,u._rev=f.rev},"writeDb");try{await l(e)}catch(d){if(d.status!==409)throw d;li("Ignoring conflict in write-through cache")}})).executed||li("Ignoring redlock conflict in write-through cache")),o=im(u,a?null:o?.lastWrite),u._id&&await n.store(Po(t,u._id),o),{ok:!0,id:u._id,rev:u._rev}}s(o0,"put");async function a0(t,e){let r=await cc(),n=Po(t,e),i=await r.get(n);if(!i){let o=await t.get(e);i=im(o),await r.store(n,i)}return i.doc}s(a0,"get");async function u0(t,e){let r=await cc(),n=Po(t,e),i=await r.get(n);if(!i){let o=await t.tryGet(e);if(!o)return null;i=im(o),await r.store(n,i)}return i.doc}s(u0,"tryGet");async function c0(t,e,r){let n=await cc();if(!e)throw new Error("No ID/Rev provided.");let i=typeof e=="string"?e:e._id;r=typeof e=="string"?r:e._rev;try{await n.delete(Po(t,i))}finally{await t.remove(i,r)}}s(c0,"remove");var nm=class{static{s(this,"Writethrough")}constructor(e,r=d_){this.db=e,this.writeRateMs=r}async put(e,r=this.writeRateMs){return o0(this.db,e,r)}async get(e){return a0(this.db,e)}async tryGet(e){return u0(this.db,e)}async remove(e,r){return c0(this.db,e,r)}};function No(t){return`config${C}${t}`}s(No,"generateConfigID");var lc="en";function l0(){return{_id:No("translations"),type:"translations",config:{defaultLocale:lc,locales:{[lc]:{label:"English",overrides:{}}}}}}s(l0,"createDefaultTranslationsConfig");function d0(t){let e=t?.defaultLocale||lc,r={...t?.locales??{}};r[e]||(r[e]={label:e===lc?"English":e,overrides:{}});for(let n of Object.keys(r))r[n].overrides||(r[n]={...r[n],overrides:{}});return{defaultLocale:e,locales:r}}s(d0,"prepareTranslationsConfig");async function Be(t){let e=Y();try{return await e.get(No(t))}catch(r){if(r.status===404)return;throw r}}s(Be,"getConfig");async function f0(t){return t._id||(t._id=No(t.type)),Y().put(t)}s(f0,"save");async function f_(){let t=await Be("translations");return t?(t.config=d0(t.config),t):l0()}s(f_,"getTranslationsConfigDoc");async function p0(){return(await f_()).config}s(p0,"getTranslationsConfig");async function Ti(){let t=await Be("settings");return t||(t={_id:No("settings"),type:"settings",config:{}}),t.config.platformUrl=await Uo({tenantAware:!0,config:t.config}),t.config.analyticsEnabled=await Ju({config:t.config}),t}s(Ti,"getSettingsConfigDoc");async function am(){return(await Ti()).config}s(am,"getSettingsConfig");async function Uo(t={tenantAware:!0}){let e=g.PLATFORM_URL||"http://localhost:10000";if(!g.SELF_HOSTED&&g.MULTI_TENANCY&&t.tenantAware){let r=$();e.includes("localhost:")||(e=e.replace("://",`://${r}.`))}else if(g.SELF_HOSTED){let r=t?.config?t.config:(await Be("settings"))?.config;r?.platformUrl&&(e=r.platformUrl)}return e}s(Uo,"getPlatformUrl");var Ju=s(async t=>{if(!g.SELF_HOSTED)return!!g.ENABLE_ANALYTICS;let e=await wr(ye.ANALYTICS_ENABLED,86400,async()=>{let n=t?.config?t.config:(await Be("settings"))?.config;if(n?.analyticsEnabled===!1)return!1;if(n?.analyticsEnabled===!0)return!0});if(e!==void 0)return e;let r=g.ENABLE_ANALYTICS;return!(r===0||r===!1)},"analyticsEnabled");async function m0(){return await Be("google")}s(m0,"getGoogleConfigDoc");async function fc(){return(await m0())?.config}s(fc,"getGoogleConfig");async function um(){if(!g.SELF_HOSTED)return om();let t=await fc();return(!t||!t.activated)&&(t=om()),t}s(um,"getGoogleDatasourceConfig");function om(){if(g.GOOGLE_CLIENT_ID&&g.GOOGLE_CLIENT_SECRET)return{clientID:g.GOOGLE_CLIENT_ID,clientSecret:g.GOOGLE_CLIENT_SECRET,activated:!0}}s(om,"getDefaultGoogleConfig");async function h0(){return Be("logos_oidc")}s(h0,"getOIDCLogosDoc");async function g0(){return Be("oidc")}s(g0,"getOIDCConfigDoc");async function E0(){let t=(await g0())?.config;return t?.configs&&t.configs[0]}s(E0,"getOIDCConfig");async function cm(t){let e=(await Be("oidc"))?.config;return e&&e.configs.filter(r=>r.uuid===t)[0]}s(cm,"getOIDCConfigById");async function p_(){return Be("smtp")}s(p_,"getSMTPConfigDoc");async function y0(t){let e=await p_();if(e)return e.config;let r=g.SELF_HOSTED||!t;if(g.SMTP_FALLBACK_ENABLED&&r)return{port:g.SMTP_PORT,host:g.SMTP_HOST,secure:!1,from:g.SMTP_FROM_ADDRESS,auth:{user:g.SMTP_USER,pass:g.SMTP_PASSWORD},fallback:!0}}s(y0,"getSMTPConfig");async function T0(){return(await Be("scim"))?.config}s(T0,"getSCIMConfig");async function S0(){return Be("recaptcha")}s(S0,"getRecaptchaConfig");var Tm={};P(Tm,{AccessController:()=>fm,BUILTIN_ROLE_IDS:()=>pm,Role:()=>xr,RoleHierarchyTraversal:()=>pc,RoleIDVersion:()=>mm,builtinRoleToNumber:()=>Lo,checkForRoleResourceArray:()=>E_,externalRole:()=>D0,findRole:()=>ko,getAllRoleIds:()=>x0,getAllRoles:()=>ym,getBuiltinRole:()=>h_,getBuiltinRoles:()=>gm,getDBRoleID:()=>y_,getExternalRoleID:()=>vr,getExternalRoleIDs:()=>T_,getRole:()=>R0,getUserRoleHierarchy:()=>Em,getUserRoleIdHierarchy:()=>g_,isBuiltin:()=>Pr,lowerBuiltinRoleID:()=>w0,prefixRoleIDNoBuiltin:()=>dm,roleIDsAreEqual:()=>Ye,roleToNumber:()=>I0,saveRoles:()=>C0,validInherits:()=>O0});var m_=require("lodash"),mc=B(require("lodash/fp/cloneDeep")),lm=B(require("semver"));var pm={ADMIN:"ADMIN",POWER:"POWER",BASIC:"BASIC",PUBLIC:"PUBLIC"},re={...pm,BUILDER:"BUILDER"},mm={UUID:void 0,NAME:"name"};function _0(t,e){return Array.isArray(e)?e.filter(r=>t.includes(r)).length===e.length:t.includes(e)}s(_0,"rolesInList");var xr=class{constructor(e,r,n,i){this.permissions={};this._id=e,this.name=r,this.uiMetadata=i,this.permissionId=n,this.version=mm.NAME}static{s(this,"Role")}addInheritance(e){return e&&typeof e=="string"?e=dm(e):e&&Array.isArray(e)&&(e=e.map(dm)),this.inherits=e,this}},pc=class{static{s(this,"RoleHierarchyTraversal")}constructor(e,r){this.allRoles=e,this.opts=r}walk(e){let r=this.opts,n=this.allRoles,i=[];if(!e||!e._id)return i;if(i.push(e),Array.isArray(e.inherits))for(let o of e.inherits){let a=ko(o,n,r);a&&(i=i.concat(this.walk(a)))}else{let o=[],a=e;for(;a&&a.inherits&&!_0(o,a.inherits);){if(Array.isArray(a.inherits))return i.concat(this.walk(a));if(o.push(a.inherits),a=ko(a.inherits,n,r),a&&i.push(a),Ue.roles.checkForRoleInheritanceLoops(i))break}}return(0,m_.uniqBy)(i,o=>o._id)}},hm={ADMIN:new xr(re.ADMIN,re.ADMIN,"admin",{displayName:"Admin user",description:"Can do everything",color:"var(--spectrum-global-color-static-red-400)"}).addInheritance(re.POWER),POWER:new xr(re.POWER,re.POWER,"power",{displayName:"App power user",description:"An app user with more access",color:"var(--spectrum-global-color-static-orange-400)"}).addInheritance(re.BASIC),BASIC:new xr(re.BASIC,re.BASIC,"write",{displayName:"Basic user",description:"Any logged in user",color:"var(--spectrum-global-color-static-green-400)"}).addInheritance(re.PUBLIC),PUBLIC:new xr(re.PUBLIC,re.PUBLIC,"public",{displayName:"Public user",description:"Accessible to anyone",color:"var(--spectrum-global-color-static-blue-400)"}),BUILDER:new xr(re.BUILDER,re.BUILDER,"admin",{displayName:"Builder user",description:"Users that can edit this app",color:"var(--spectrum-global-color-static-magenta-600)"})};function gm(){return(0,mc.default)(hm)}s(gm,"getBuiltinRoles");function Pr(t){return Object.values(pm).includes(t)}s(Pr,"isBuiltin");function dm(t){return Pr(t)?t:Vt(t)}s(dm,"prefixRoleIDNoBuiltin");function h_(t){let e=Object.values(hm).find(r=>t.includes(r._id));if(e)return(0,mc.default)(e)}s(h_,"getBuiltinRole");function O0(t,e){if(!e)return!1;let r=s(n=>t.find(i=>Ye(i._id,n)),"find");if(Array.isArray(e)){let n=e.filter(i=>r(i));return e.length!==0&&n.length===e.length}else return!!r(e)}s(O0,"validInherits");function Lo(t){let e=gm(),r=Object.values(e).length+1;if(Ye(t,re.ADMIN)||Ye(t,re.BUILDER))return r;let n=e[t],i=0;do{if(!n)break;if(Array.isArray(n.inherits))throw new Error("Built-in roles don't support multi-inheritance");n=e[n.inherits],i++}while(n!==null);return i}s(Lo,"builtinRoleToNumber");async function I0(t){if(Pr(t))return Lo(t);let e=await Em(t,{defaultPublic:!0}),r=s(n=>{if(!n.inherits)return 0;if(Array.isArray(n.inherits)){let i=n.inherits.map(o=>{let a=e.find(u=>Ye(u._id,o));if(a)return r(a)+1}).filter(o=>o).sort().pop();if(i!=null)return i}else if(Pr(n.inherits))return Lo(n.inherits)+1;return 0},"findNumber");return Math.max(...e.map(r))}s(I0,"roleToNumber");function w0(t,e){return t?e&&Lo(t)>Lo(e)?e:t:e}s(w0,"lowerBuiltinRoleID");function Ye(t,e){return Vt(t)===Vt(e)}s(Ye,"roleIDsAreEqual");function D0(t){let e;return t._id&&(e=vr(t._id)),{...t,_id:e,inherits:T_(t.inherits,t.version)}}s(D0,"externalRole");function ko(t,e,r){let n=h_(t);n||(t=Vt(t));let i=e.find(o=>o._id&&Ye(o._id,t));return!i&&!Pr(t)&&r?.defaultPublic?(0,mc.default)(hm.PUBLIC):(n=Object.assign(n||{},i),n?._id&&(n._id=vr(n._id,n.version)),Object.keys(n).length===0?void 0:n)}s(ko,"findRole");async function R0(t,e){let r=ti(),n=[];if(!Pr(t)){let i=await r.tryGet(y_(t));i&&n.push(i)}return ko(t,n,e)}s(R0,"getRole");async function C0(t){await ti().bulkDocs(t.filter(r=>r._id).map(r=>({...r,_id:Vt(r._id)})))}s(C0,"saveRoles");async function b0(t,e){let r=await ym();if(Ye(t,re.ADMIN))return r;let n=ko(t,r,e),i=[];return n&&(i=new pc(r,e).walk(n)),i}s(b0,"getAllUserRoles");async function g_(t){return(await Em(t)).map(r=>r._id)}s(g_,"getUserRoleIdHierarchy");async function Em(t,e){return b0(t,e)}s(Em,"getUserRoleHierarchy");function E_(t,e){if(t&&!Array.isArray(t[e])){let r=t[e];t[e]=[r],r==="write"&&t[e].push("read")}return t}s(E_,"checkForRoleResourceArray");async function x0(t){return(await ym(t)).map(r=>r._id)}s(x0,"getAllRoleIds");async function ym(t){if(t)return je(t,e);{let r;try{r=ti()}catch{}return e(r)}async function e(r){let n=[];r&&(n=(await r.allDocs(yu(null,{include_docs:!0}))).rows.map(u=>u.doc),n.forEach(u=>u._id=vr(u._id,u.version)));let i=gm(),o=[];!r||await v0(r)?o=[re.ADMIN,re.POWER,re.BASIC,re.PUBLIC]:o=[re.ADMIN,re.BASIC,re.PUBLIC];for(let a of o){let u=i[a],c=n.filter(l=>Ye(l._id,a))[0];c==null?n.push(u||i.BASIC):(n=n.filter(l=>l._id!==c._id),c._id=vr(u._id,c.version),n.push({...u,...c,name:u.name,_id:vr(u._id,u.version),uiMetadata:{...c.uiMetadata,...u.uiMetadata}}))}for(let a of n)if(a.permissions)for(let u of Object.keys(a.permissions))a.permissions=E_(a.permissions,u);return n}s(e,"internal")}s(ym,"getAllRoles");async function v0(t){if(await P0(t))return!0;let r=(await t.tryGet("app_metadata"))?.creationVersion;return!r||!lm.default.valid(r)?!0:!lm.default.gte(r,g.MIN_VERSION_WITHOUT_POWER_ROLE)}s(v0,"shouldIncludePowerRole");async function P0(t){let r=(await t.tryGet("ta_users"))?.schema?.roleId?.constraints?.inclusion;return!Array.isArray(r)||!r.some(i=>Ye(i,re.POWER))?!1:r.some(i=>!Pr(i))}s(P0,"hasLegacyPowerRole");var fm=class{static{s(this,"AccessController")}constructor(){this.userHierarchies={}}async hasAccess(e,r){if(e==null||e===""||Ye(e,re.BUILDER)||Ye(r,e)||Ye(r,re.BUILDER))return!0;let n=r?this.userHierarchies[r]:null;return!n&&r&&(n=await g_(r),this.userHierarchies[r]=n),n?.find(i=>Ye(i,e))!==void 0}async checkScreensAccess(e,r){let n=[];for(let i of e){let o=await this.checkScreenAccess(i,r);o&&n.push(o)}return n}async checkScreenAccess(e,r){let n=e&&e.routing?e.routing.roleId:void 0;return await this.hasAccess(n,r)?e:null}};function y_(t){return t?.startsWith("role")?t:Vt(t)}s(y_,"getDBRoleID");function vr(t,e){if(t.startsWith(`role${C}`)&&(Pr(t)||e===mm.NAME)){let r=t.split(C);return r.shift(),r.join(C)}return t}s(vr,"getExternalRoleID");function T_(t,e){return t&&(typeof t=="string"?vr(t,e):t.map(r=>vr(r,e)))}s(T_,"getExternalRoleIDs");var Sm={};P(Sm,{BUILDER:()=>M0,BUILTIN_PERMISSIONS:()=>hc,CREATOR:()=>F0,GLOBAL_BUILDER:()=>B0,PermissionImpl:()=>se,PermissionLevel:()=>bi,PermissionType:()=>Ko,doesHaveBasePermission:()=>L0,getAllowedLevels:()=>O_,getBuiltinPermissionByID:()=>U0,getBuiltinPermissions:()=>N0,isPermissionLevelHigherThanRead:()=>k0,levelToNumber:()=>__});var S_=B(require("lodash/flatten")),A_=B(require("lodash/fp/cloneDeep"));var se=class{static{s(this,"PermissionImpl")}constructor(e,r){this.type=e,this.level=r}};function __(t){switch(t){case"execute":return 0;case"read":return 1;case"write":return 2;case"admin":return 3;default:return-1}}s(__,"levelToNumber");function O_(t){switch(t){case"execute":return["execute"];case"read":return["execute","read"];case"write":case"admin":return["execute","read","write"];default:return[]}}s(O_,"getAllowedLevels");var hc={PUBLIC:{_id:"public",name:"Public",permissions:[new se("webhook","execute")]},READ_ONLY:{_id:"read_only",name:"Read only",permissions:[new se("query","read"),new se("table","read"),new se("app","read")]},WRITE:{_id:"write",name:"Read/Write",permissions:[new se("query","write"),new se("table","write"),new se("automation","execute"),new se("legacy_view","read"),new se("app","read")]},POWER:{_id:"power",name:"Power",permissions:[new se("table","write"),new se("user","read"),new se("automation","execute"),new se("webhook","read"),new se("legacy_view","read"),new se("app","read")]},ADMIN:{_id:"admin",name:"Admin",permissions:[new se("table","admin"),new se("user","admin"),new se("automation","admin"),new se("webhook","read"),new se("query","admin"),new se("legacy_view","read"),new se("app","read")]}};function N0(){return(0,A_.default)(hc)}s(N0,"getBuiltinPermissions");function U0(t){return Object.values(hc).find(r=>r._id===t)}s(U0,"getBuiltinPermissionByID");function L0(t,e,r){let n=[...new Set(r.map(a=>a.permissionId))],i=Object.values(hc),o=(0,S_.default)(i.filter(a=>n.indexOf(a._id)!==-1).map(a=>a.permissions));for(let a of o)if(a.type===t&&O_(a.level).indexOf(e)!==-1)return!0;return!1}s(L0,"doesHaveBasePermission");function k0(t){return __(t)>1}s(k0,"isPermissionLevelHigherThanRead");var M0="builder",F0="creator",B0="globalBuilder";var Om={};P(Om,{FlagSet:()=>Ec,all:()=>q0,flags:()=>Am,getEnvFlags:()=>R_,init:()=>W0,isEnabled:()=>V0,parseEnvFlags:()=>Tc,shutdown:()=>$0,testutils:()=>_m});var yc=B(require("crypto")),I_=B(require("dd-trace")),w_=require("lodash"),D_=require("posthog-node");var gc;function W0(t){g.POSTHOG_TOKEN&&g.POSTHOG_API_HOST&&!g.SELF_HOSTED&&g.POSTHOG_FEATURE_FLAGS_ENABLED?(console.log("initializing posthog client..."),gc=new D_.PostHog(g.POSTHOG_TOKEN,{host:g.POSTHOG_API_HOST,personalApiKey:g.POSTHOG_PERSONAL_TOKEN,featureFlagsPollingInterval:pe.fromMinutes(3).toMs(),...t})):console.log("posthog disabled")}s(W0,"init");function $0(){gc?.shutdown()}s($0,"shutdown");function Tc(t){let e=t.split(",").map(n=>n.split(":")),r=[];for(let[n,...i]of e)for(let o of i){let a=!0;o.startsWith("!")&&(o=o.slice(1),a=!1),r.push({tenantId:n,key:o,value:a})}return r}s(Tc,"parseEnvFlags");function R_(){return Tc(g.TENANT_FEATURE_FLAGS||"")}s(R_,"getEnvFlags");var Ec=class{constructor(e){this.flagSchema=e;this.setId=yc.randomUUID()}static{s(this,"FlagSet")}defaults(){return(0,w_.cloneDeep)(this.flagSchema)}isFlagName(e){return this.flagSchema[e]!==void 0}async isEnabled(e){return(await this.fetch())[e]}async fetch(){return await I_.default.trace("features.fetch",async e=>{let r=vf(this.setId);if(r)return e?.addTags({fromCache:!0}),r;let n={},i=this.defaults(),o=$(),a=new Set;if(nu())return i;for(let{tenantId:f,key:h,value:p}of R_())if(!(!f||f!=="*"&&f!==o)&&(n.readFromEnvironmentVars=!0,p===!1&&a.add(h),!!this.isFlagName(h))){if(typeof i[h]!="boolean")throw new Error(`Feature: ${h} is not a boolean`);i[h]=p,n[`flags.${h}.source`]="environment"}let u=Gt(),c=u?._id;if(!c){let f=bf();f&&(c=yc.createHash("sha512").update(f).digest("hex"))}let l=u?.tenantId;if(l||(l=o),n["identity.type"]=u?.type,n["identity._id"]=u?._id,n.tenantId=l,n.userId=c,gc&&c){n.readFromPostHog=!0;let f=await Ti(),h={tenantId:l},p={tenant:{id:l}};f.config.createdVersion&&(p.tenant.createdVersion=f.config.createdVersion),f.createdAt&&(p.tenant.createdAt=`${f.createdAt}`);let S=await gc.getAllFlags(c,{personProperties:h,onlyEvaluateLocally:!0,groups:{tenant:l},groupProperties:p});for(let[m,E]of Object.entries(S))if(this.isFlagName(m)){if(typeof E!="boolean"){console.warn(`Invalid value for posthog flag "${m}": ${E}`);continue}if(!(i[m]===!0||a.has(m)))try{i[m]=E,n[`flags.${m}.source`]="posthog"}catch(y){console.warn(`Error parsing posthog flag "${m}": ${E}`,y)}}}let d=Nf();for(let[f,h]of Object.entries(d))this.isFlagName(f)&&typeof h=="boolean"&&(i[f]=h,n[`flags.${f}.source`]="override");Pf(this.setId,i);for(let[f,h]of Object.entries(i))n[`flags.${f}.value`]=h;return e?.addTags(n),i})}},G0={USE_ZOD_VALIDATOR:!1,AI_AGENTS:!0,AI_RAG:!1,AI_AGENT_INSTRUCTIONS:!1,DEBUG_UI:g.isDev(),DEV_USE_CLIENT_FROM_STORAGE:!1},Am=new Ec(G0);async function V0(t){return await Am.isEnabled(t)}s(V0,"isEnabled");async function q0(){return await Am.fetch()}s(q0,"all");var _m={};P(_m,{setFeatureFlags:()=>C_,withFeatureFlags:()=>j0});function K0(){let t={};for(let{tenantId:e,key:r,value:n}of Tc(process.env.TENANT_FEATURE_FLAGS||"")){let i=t[e]||{};i[r]!==!1&&(i[r]=n,t[e]=i)}return t}s(K0,"getCurrentFlags");function Q0(t){let e=[];for(let[r,n]of Object.entries(t))for(let[i,o]of Object.entries(n))o===!1?e.push(`${r}:!${i}`):e.push(`${r}:${i}`);return e.join(",")}s(Q0,"buildFlagString");function C_(t,e){let r=K0();for(let[i,o]of Object.entries(e)){let a=r[t]||{};a[i]=o,r[t]=a}let n=Q0(r);return Ds({TENANT_FEATURE_FLAGS:n})}s(C_,"setFeatureFlags");function j0(t,e,r){let n=C_(t,e),i=r();return i instanceof Promise?i.finally(n):(n(),i)}s(j0,"withFeatureFlags");var Lm={};P(Lm,{adminOnly:()=>Sc,auditLog:()=>Ac,authError:()=>Oe,buildAuthMiddleware:()=>Pk,buildCsrfMiddleware:()=>Uk,buildTenancyMiddleware:()=>Nk,builderOnly:()=>xc,builderOrAdmin:()=>vc,google:()=>rr,internalApi:()=>Nc,joiValidator:()=>Mo,oidc:()=>nr,passport:()=>Lk,platformLogout:()=>Wk,refreshOAuthToken:()=>Fk,ssoCallbackUrl:()=>Ur,updateUserOAuth:()=>Bk,workspaceBuilderOrAdmin:()=>kc});var Um={};P(Um,{activeTenant:()=>Z_,adminOnly:()=>Sc,auditLog:()=>Ac,authError:()=>Oe,authenticated:()=>bc,builderOnly:()=>xc,builderOrAdmin:()=>vc,correlation:()=>x_,csp:()=>W_,csrf:()=>Pc,datasource:()=>xk,errorHandling:()=>G_,featureFlagCookie:()=>V_,google:()=>rr,internalApi:()=>Nc,ip:()=>q_,joiValidator:()=>Mo,local:()=>Oi,oidc:()=>nr,pino:()=>v_,querystringToBody:()=>X_,ssoCallbackUrl:()=>Ur,tenancy:()=>Lc,workspaceBuilderOrAdmin:()=>kc});var b_=require("uuid");var H0=require("correlation-id"),x_=s((t,e)=>{let r=t.headers["x-budibase-correlation-id"];return r||(r=(0,b_.v4)()),H0.withId(r,()=>e())},"correlationMiddleware");var Y0=require("koa-pino-logger"),z0=require("correlation-id");function J0(){return{logger:Uu,genReqId:z0.getId,autoLogging:{ignore:t=>!!t.url?.includes("/health")},serializers:{req:t=>({method:t.method,url:t.url,correlationId:t.id}),res:t=>({status:t.statusCode})}}}s(J0,"pinoSettings");function X0(){return g.HTTP_LOGGING?Y0(J0()):(t,e)=>e()}s(X0,"getMiddleware");var v_=X0();var Sc=s(async(t,e)=>(!t.internal&&!xt(t.user)&&t.throw(403,"Admin user only endpoint."),e()),"adminOnly");var Ac=s(async(t,e)=>e(),"auditLog");var Z0=/\/:(.*?)(\/.*)?$/g,er=s(t=>t?t.map(e=>{let r=e.route,n=e.method,i=r.match(Z0);if(i)for(let o of i){let u="/.*"+(o.endsWith("/")?"/":"");r=r.replace(o,u)}return{regex:new RegExp(r),method:n,route:r}}):[],"buildMatcherRegex"),tr=s((t,e)=>e.find(({regex:r,method:n})=>{let i=r.test(t.request.url),o=n==="ALL"?!0:t.request.method.toLowerCase()===n.toLowerCase();return i&&o}),"matches");var Cm={};P(Cm,{SecretOption:()=>U_,compare:()=>nk,decrypt:()=>wc,decryptFile:()=>ok,encrypt:()=>rk,encryptFile:()=>ik,getSecret:()=>Rm});var Pt=B(require("crypto")),Nr=B(require("fs")),Im=require("path"),wm=B(require("zlib"));var _c="aes-256-ctr",N_="-",ek=1e4,tk=32,Oc=16,Dm=16,U_=(r=>(r.API="api",r.ENCRYPTION="encryption",r))(U_||{});function Rm(t){let e,r;switch(t){case"encryption":e=g.ENCRYPTION_KEY,r="ENCRYPTION_KEY";break;case"api":default:e=g.API_ENCRYPTION_KEY,r="API_ENCRYPTION_KEY";break}if(!e)throw new Error(`Secret "${r}" has not been set in environment.`);return e}s(Rm,"getSecret");function Ic(t,e){return Pt.default.pbkdf2Sync(t,new Uint8Array(e),ek,tk,"sha512")}s(Ic,"stretchString");function rk(t,e="api"){let r=Pt.default.randomBytes(Oc),n=Ic(Rm(e),r),i=Pt.default.createCipheriv(_c,new Uint8Array(n),new Uint8Array(r)),o=i.update(t,"utf8"),a=i.final(),u=Buffer.concat([new Uint8Array(o),new Uint8Array(a)]).toString("hex");return`${r.toString("hex")}${N_}${u}`}s(rk,"encrypt");function wc(t,e="api"){let[r,n]=t.split(N_),i=Buffer.from(r,"hex"),o=Ic(Rm(e),i),a=Pt.default.createDecipheriv(_c,new Uint8Array(o),new Uint8Array(i)),u=a.update(n,"hex"),c=a.final();return Buffer.concat([new Uint8Array(u),new Uint8Array(c)]).toString()}s(wc,"decrypt");function nk(t,e,r="api"){try{let n=new TextEncoder,i=n.encode(wc(e,r)),o=n.encode(t);return i.length!==o.length?!1:Pt.default.timingSafeEqual(i,o)}catch{return!1}}s(nk,"compare");async function ik({dir:t,filename:e},r){let n=`${e}.enc`,i=(0,Im.join)(t,e);if(Nr.default.lstatSync(i).isDirectory())throw new Error("Unable to encrypt directory");let o=Nr.default.createReadStream(i),a=Nr.default.createWriteStream((0,Im.join)(t,n)),u=Pt.default.randomBytes(Oc),c=Pt.default.randomBytes(Dm),l=Ic(r,u),d=Pt.default.createCipheriv(_c,new Uint8Array(l),new Uint8Array(c));return a.write(u),a.write(c),o.pipe(wm.default.createGzip()).pipe(d).pipe(a),new Promise(f=>{a.on("finish",()=>{f({filename:n,dir:t})})})}s(ik,"encryptFile");async function sk(t){let e=Nr.default.createReadStream(t),r=await P_(e,Oc),n=await P_(e,Dm);return e.close(),{salt:r,iv:n}}s(sk,"getSaltAndIV");async function ok(t,e,r){if(Nr.default.lstatSync(t).isDirectory())throw new Error("Unable to decrypt directory");let{salt:n,iv:i}=await sk(t),o=Nr.default.createReadStream(t,{start:Oc+Dm}),a=Nr.default.createWriteStream(e),u=Ic(r,n),c=Pt.default.createDecipheriv(_c,new Uint8Array(u),new Uint8Array(i)),l=wm.default.createGunzip();return o.pipe(c).pipe(l).pipe(a),new Promise((d,f)=>{a.on("finish",()=>{a.close(),d()}),o.on("error",h=>{a.close(),f(h)}),c.on("error",h=>{a.close(),f(h)}),l.on("error",h=>{a.close(),f(h)}),a.on("error",h=>{a.close(),f(h)})})}s(ok,"decryptFile");function P_(t,e){return new Promise((r,n)=>{let i=0,o=[];t.on("readable",()=>{let a;for(;(a=t.read(e-i))!==null;)o.push(a),i+=a.length;r(Buffer.concat(o.map(u=>new Uint8Array(u))))}),t.on("end",()=>{n(new Error("Insufficient data in the stream."))}),t.on("error",a=>{n(a)})})}s(P_,"readBytes");var bm={};P(bm,{APIWarning:()=>wn,FeatureDisabledWarning:()=>Rc,InvalidAPIKeyWarning:()=>_i,UsageLimitWarning:()=>Dc});var wn=class extends Error{constructor(r,n){super(r);this.code=n}static{s(this,"APIWarning")}},_i=class extends wn{static{s(this,"InvalidAPIKeyWarning")}constructor(){super("Invalid API key","invalid_api_key")}},Dc=class extends wn{constructor(r){super(`Usage limit exceeded: '${r}'`,"usage_limit_exceeded");this.limitName=r}static{s(this,"UsageLimitWarning")}getPublicWarning(){return{limitName:this.limitName}}},Rc=class extends wn{constructor(r){super(`Feature disabled: '${r}'`,"feature_disabled");this.featureName=r,this.status=400}static{s(this,"FeatureDisabledWarning")}getPublicWarning(){return{featureName:this.featureName}}getPublicError(){return{featureName:this.featureName}}};var k_=B(require("dd-trace"));var uk=g.SESSION_UPDATE_PERIOD?parseInt(g.SESSION_UPDATE_PERIOD):60*1e3;function ck(){return new Date(Date.now()-uk).toISOString()}s(ck,"timeMinusOneMinute");function L_(t,e={}){t.publicEndpoint=e.publicEndpoint||!1,t.isAuthenticated=e.authenticated||!1,t.loginMethod=e.loginMethod,t.user=e.user,t.internal=e.internal||!1,t.version=e.version}s(L_,"finalise");async function lk(t,e){if(Qs(t))return{valid:!0,user:void 0};let n=wc(t).split(C)[0];return Ce(n,async()=>{let i;try{let o=Y();i=await Kt("by_api_key",{key:t},o)}catch{i=void 0}if(i)return{valid:!0,user:await xo({userId:i,tenantId:n,populateUser:e})};throw new _i})}s(lk,"checkApiKey");function Cc(t,e){let r=t.request.headers[e];if(Array.isArray(r))throw new Error("Unexpected header format");return r}s(Cc,"getHeader");function bc(t=[],e={publicAllowed:!1}){let r=t?er(t):[];return async(n,i)=>{let o=!1,a=Cc(n,"x-budibase-api-version");tr(n,r)&&(o=!0);try{let c=Cc(n,"x-budibase-token"),l=jt(n,"budibase:auth")||Su(c),d=Cc(n,"x-budibase-api-key");!d&&n.request.headers.authorization&&(d=n.request.headers.authorization.split(" ")[1]);let f=Cc(n,"x-budibase-tenant-id"),h=!1,p,S=!1,m;if(l&&!d){let y=l.sessionId,I=l.userId,O;try{O=await Bp(I,y),e&&e.populateUser?p=await xo({userId:I,tenantId:O.tenantId,email:O.email,populateUser:e.populateUser(n)}):p=await xo({userId:I,tenantId:O.tenantId,email:O.email}),p.csrfToken=O.csrfToken,m="cookie",O?.lastAccessedAt<ck()&&await Fp(O),h=!0}catch(w){h=!1,console.warn(`Auth Error: ${w.message}`),Ar(n,"budibase:auth")}}if(!h&&d){let y=e.populateUser?e.populateUser(n):null,{valid:I,user:O}=await lk(d,y);I&&(h=!0,m="api_key",p=O,S=!O)}!p&&f?p={tenantId:f}:p&&"password"in p&&delete p.password,h||(h=!1);let E=s(y=>y&&y.email,"isUser");return E(p)&&k_.default.setUser({id:p._id,tenantId:p.tenantId,budibaseAccess:p.budibaseAccess,status:p.status}),L_(n,{authenticated:h,user:p,internal:S,version:a,publicEndpoint:o,loginMethod:m}),E(p)?ff(p,n,i):i()}catch(c){if(console.warn(`Auth Error: ${c.message}`),c?.name==="JsonWebTokenError"?Ar(n,"budibase:auth"):c?.code==="invalid_api_key"&&n.throw(403,c.message),e&&e.publicAllowed||o)return L_(n,{authenticated:!1,version:a,publicEndpoint:o}),i();n.throw(c.status||403,c.message||"Authentication failed")}}}s(bc,"authenticated");async function xc(t,e){if(t.internal)return e();let r=await ln(t);return!r&&!g.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!Me(t.user)?t.throw(403,"Builder user only endpoint."):r&&!Ai(t.user,r)&&t.throw(403,"Workspace builder user only endpoint."),e()}s(xc,"builderOnly");async function vc(t,e){if(t.internal||xt(t.user))return e();let r=await ln(t);return!r&&!g.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!Me(t.user)?t.throw(403,"Admin/Builder user only endpoint."):r&&!Ai(t.user,r)&&t.throw(403,"Workspace Admin/Builder user only endpoint."),e()}s(vc,"builderOrAdmin");var B_=B(require("crypto"));var M_={"default-src":["'self'"],"script-src":["'self'","'unsafe-eval'","https://*.budibase.net","https://cdn.budi.live","https://js.intercomcdn.com","https://widget.intercom.io","https://d2l5prqdbvm3op.cloudfront.net","https://us-assets.i.posthog.com","https://www.google.com/recaptcha/api.js"],"style-src":["'self'","'unsafe-inline'","https://cdn.jsdelivr.net","https://fonts.googleapis.com","https://rsms.me","https://maxcdn.bootstrapcdn.com"],"object-src":["'none'"],"base-uri":["'self'"],"connect-src":["'self'","https://*.budibase.app","https://*.budibaseqa.app","https://*.budibase.net","https://api-iam.intercom.io","https://api-ping.intercom.io","https://app.posthog.com","https://us.i.posthog.com","wss://nexus-websocket-a.intercom.io","wss://nexus-websocket-b.intercom.io","https://nexus-websocket-a.intercom.io","https://nexus-websocket-b.intercom.io","https://uploads.intercomcdn.com","https://uploads.intercomusercontent.com","https://*.amazonaws.com","https://*.s3.amazonaws.com","https://*.s3.us-east-2.amazonaws.com","https://*.s3.us-east-1.amazonaws.com","https://*.s3.us-west-1.amazonaws.com","https://*.s3.us-west-2.amazonaws.com","https://*.s3.af-south-1.amazonaws.com","https://*.s3.ap-east-1.amazonaws.com","https://*.s3.ap-south-1.amazonaws.com","https://*.s3.ap-northeast-2.amazonaws.com","https://*.s3.ap-southeast-1.amazonaws.com","https://*.s3.ap-southeast-2.amazonaws.com","https://*.s3.ap-northeast-1.amazonaws.com","https://*.s3.ca-central-1.amazonaws.com","https://*.s3.cn-north-1.amazonaws.com","https://*.s3.cn-northwest-1.amazonaws.com","https://*.s3.eu-central-1.amazonaws.com","https://*.s3.eu-west-1.amazonaws.com","https://*.s3.eu-west-2.amazonaws.com","https://*.s3.eu-south-1.amazonaws.com","https://*.s3.eu-west-3.amazonaws.com","https://*.s3.eu-north-1.amazonaws.com","https://*.s3.sa-east-1.amazonaws.com","https://*.s3.me-south-1.amazonaws.com","https://*.s3.us-gov-east-1.amazonaws.com","https://*.s3.us-gov-west-1.amazonaws.com","https://api.github.com","https://d2l5prqdbvm3op.cloudfront.net"],"font-src":["'self'","data:","https://cdn.jsdelivr.net","https://fonts.gstatic.com","https://rsms.me","https://maxcdn.bootstrapcdn.com","https://js.intercomcdn.com","https://fonts.intercomcdn.com"],"frame-src":["'self'","https:"],"img-src":["http:","https:","data:","blob:"],"manifest-src":["'self'"],"media-src":["'self'","https://js.intercomcdn.com","https://cdn.budi.live"],"worker-src":["blob:","'self'"]},F_=/^[A-Za-z0-9-*:/.]+$/,W_=s(async(t,e)=>{let r=B_.default.randomBytes(16).toString("base64");t.state.nonce=r;let n={...M_};n["script-src"]=[...M_["script-src"],`'nonce-${r}'`];let i={"media-src":g.CUSTOM_CSP_MEDIA_SRC,"script-src":g.CUSTOM_CSP_SCRIPT_SRC,"connect-src":g.CUSTOM_CSP_CONNECT_SRC,"img-src":g.CUSTOM_CSP_IMG_SRC,"font-src":g.CUSTOM_CSP_FONT_SRC,"frame-src":g.CUSTOM_CSP_FRAME_SRC};for(let[u,c]of Object.entries(i))if(c){let l=c.split(",").map(d=>d.trim()).filter(d=>F_.test(d));n[u]=[...n[u]||[],...l]}if(t.user?.license?.features.includes("customAppScripts")&&t.appId)try{let u=await Ms.getWorkspaceMetadata(t.appId);if("name"in u)for(let c of u.scripts||[]){let l=(c.cspWhitelist||"").split(`
|
|
38
38
|
`).filter(f=>F_.test(f)),d=["default-src","script-src","connect-src","media-src","img-src","font-src","frame-src"];for(let f of d)n[f]=[...n[f]||[],...l]}}catch(u){console.error(`Error occurred in Content-Security-Policy middleware: ${u}`)}let a=Object.entries(n).map(([u,c])=>`${u} ${c.join(" ")}`).join("; ");t.set("Content-Security-Policy",a),await e()},"contentSecurityPolicy");var dk=["GET","HEAD","OPTIONS"],fk=["application/x-www-form-urlencoded","multipart/form-data","text/plain"];function Pc(t={noCsrfPatterns:[]}){let e=er(t.noCsrfPatterns);return async(r,n)=>{if(tr(r,e)||dk.indexOf(r.method)!==-1)return n();let o=r.get("content-type")?r.get("content-type").toLowerCase():"";if(!fk.filter(c=>o.includes(c)).length||r.internal)return n();let a=r.user?.csrfToken;if(!a)return n();let u=r.get("x-csrf-token");return(!u||u!==a)&&r.throw(403,"Invalid CSRF token"),n()}}s(Pc,"csrf");function $_(t){if(t.includes("-----BEGIN PRIVATE KEY-----"))return!0;for(let e of nT){let r=g[e];if(!(typeof r!="string"||r==="")&&t.includes(r))return!0}return!1}s($_,"stringContainsSecret");async function G_(t,e){try{await e()}catch(r){let n=r.status||r.statusCode||500;t.status=n,n>=400&&n<500?console.warn(r):console.error("Got 400 response code",r);let i={message:r.message,status:n,validationErrors:r.validation,error:Qu(r)};if($_(JSON.stringify(i))&&(i={message:"Unexpected error",status:n,error:"Unexpected error"}),g.isTest()&&t.headers["x-budibase-include-stacktrace"]){let o=r;for(;o.cause;)o=o.cause;i.stack=o.stack}t.body=i}}s(G_,"errorHandling");var V_=s(async(t,e)=>{let n=jt(t,"budibase:featureflags")?.flags||{};await Uf(n,async()=>{await e()})},"featureFlagCookie");async function Nc(t,e){let r=t.request.headers["x-budibase-api-key"];return r||t.throw(403,"Unauthorized"),Array.isArray(r)&&t.throw(403,"Unauthorized"),Qs(r)||t.throw(403,"Unauthorized"),e()}s(Nc,"internalApi");async function q_(t,e){return t.ip?await xf(t.ip,()=>e()):e()}s(q_,"ip");var Mo={};P(Mo,{body:()=>pk,params:()=>mk});var xm=B(require("joi"));function K_(t,e,r){let n=r?.errorPrefix??`Invalid ${e}`;return(i,o)=>{if(!t)return o();let a=null,u=i.request?.[e];i[e]!=null?a=i[e]:u!=null&&(a=u),t.append&&(t=t.append({createdAt:xm.default.any().optional(),updatedAt:xm.default.any().optional()}));let{error:c}=t.validate(a,{allowUnknown:r?.allowUnknown});if(c){let l=c.message;n&&(l=`Invalid ${e} - ${l}`),i.throw(400,l)}return o()}}s(K_,"validate");function pk(t,e){return K_(t,"body",e)}s(pk,"body");function mk(t,e){return K_(t,"params",e)}s(mk,"params");var Oi={};P(Oi,{authenticate:()=>Ek,options:()=>gk});function Oe(t,e,r){return t(r,null,{message:e})}s(Oe,"authError");async function Ur(t,e){if(e&&e.callbackURL)return e.callbackURL;let r=await am(),n="/api/global/auth";return Er()&&(n+=`/${$()}`),n+=`/${t}/callback`,`${r.platformUrl}${n}`}s(Ur,"ssoCallbackUrl");var vm="Invalid credentials",hk="This account has expired. Please reset your password",gk={passReqToCallback:!0};async function Ek(t,e,r,n){if(!e)return Oe(n,"Email Required");if(!r)return Oe(n,"Password Required");let i=await At(e);return i==null?(console.info(`user=${e} could not be found`),Oe(n,vm)):i.status==="inactive"?(console.info(`user=${e} is inactive`,i),Oe(n,vm)):i.password?await cf(r,i.password)?(delete i.password,n(null,i)):Oe(n,vm):(console.info(`user=${e} has no password set`,i),Oe(n,hk))}s(Ek,"authenticate");var rr={};P(rr,{buildVerifyFn:()=>H_,getCallbackUrl:()=>Sk,strategyFactory:()=>Pm});var Fo=s(t=>Promise.resolve(t),"ssoSaveUserNoOp");async function Uc(t,e=!0,r,n){if(!n)throw new Error("Save user function must be provided");if(!t.userId)return Oe(r,"sso user id required");if(!t.email)return Oe(r,"sso user email required");let i=ni(t.userId),o;try{o=await In(i)}catch(u){if(!u.status||u.status!==404)return Oe(r,"Unexpected error when retrieving existing user",u)}if(o||(o=await At(t.email)),!o&&e)return Oe(r,"Email does not yet exist. You must set up your local budibase account first.");o||(o={_id:i,email:t.email,roles:{},tenantId:$()});let a=await yk(o,t);a.forceResetPassword=!1;try{delete a.password,a=await n(a,{hashPassword:!1,requirePassword:!1})}catch(u){return Oe(r,"Error saving user",u)}return r(null,a)}s(Uc,"authenticate");async function yk(t,e){let r,n,i;if(e.profile){let o=e.profile;if(o.name){let a=o.name;a.givenName&&(r=a.givenName),a.familyName&&(n=a.familyName)}}return e.oauth2&&(i={...e.oauth2}),{...t,provider:e.provider,providerType:e.providerType,firstName:r,lastName:n,oauth2:i}}s(yk,"syncUser");var Tk=require("passport-google-oauth").OAuth2Strategy;function H_(t){return(e,r,n,i)=>{let o={provider:"google",providerType:"google",userId:n.id,profile:n,email:n._json.email,oauth2:{accessToken:e,refreshToken:r}};return Uc(o,!0,i,t)}}s(H_,"buildVerifyFn");async function Pm(t,e,r){try{let{clientID:n,clientSecret:i}=t;if(!n||!i)throw new Error("Configuration invalid. Must contain google clientID and clientSecret");let o=H_(r);return new Tk({clientID:t.clientID,clientSecret:t.clientSecret,callbackURL:e},o)}catch(n){throw new Error(`Error constructing google authentication strategy: ${n}`)}}s(Pm,"strategyFactory");async function Sk(t){return Ur("google",t)}s(Sk,"getCallbackUrl");var nr={};P(nr,{buildVerifyFn:()=>J_,fetchStrategyConfig:()=>wk,getCallbackUrl:()=>Dk,strategyFactory:()=>Ik});var Y_=B(require("node-fetch"));var z_=require("@govtechsg/passport-openidconnect");function J_(t){return async(e,r,n,i,o,a,u,c,l)=>{let d=Ak(r,n),f=_k(r,n),h={provider:e,providerType:"oidc",userId:d.id,profile:d,email:Ok(d,f),oauth2:{accessToken:a,refreshToken:u}};return Uc(h,!1,l,t)}}s(J_,"buildVerifyFn");function Ak(t,e){let r={...t?._json||{}};!r.email&&e.emails?.length&&(r.email=e.emails[0].value);let n=t?.displayName||e.displayName;return{id:t?.id||e.id,name:t?.name||e.name||!!n&&{givenName:n,familyName:""}||void 0,_json:r,provider:t?.provider}}s(Ak,"normalizeProfile");function _k(t,e){return{email:t?._json?.email||e.emails?.[0]?.value,preferred_username:e.username}}s(_k,"buildJwtClaims");function Ok(t,e){if(t._json.email)return t._json.email.toLowerCase();if(e.email)return e.email.toLowerCase();let r=e.preferred_username;if(r&&Zf(r))return r.toLowerCase();throw new Error(`Could not determine user email from profile ${JSON.stringify(t)} and claims ${JSON.stringify(e)}`)}s(Ok,"getEmail");async function Ik(t,e){try{let r=J_(e),n=new z_.Strategy(t,r);return n.name="oidc",n}catch(r){throw new Error(`Error constructing OIDC authentication strategy - ${r}`)}}s(Ik,"strategyFactory");async function wk(t,e){try{let{clientID:r,clientSecret:n,configUrl:i,pkce:o}=t;if(!r||!n||!e||!i)throw new Error("Configuration invalid. Must contain clientID, clientSecret, callbackUrl and configUrl");let a=await(0,Y_.default)(i);if(!a.ok)throw new Error(`Unexpected response when fetching openid-configuration: ${a.statusText}`);let u=await a.json();return{issuer:u.issuer,authorizationURL:u.authorization_endpoint,tokenURL:u.token_endpoint,userInfoURL:u.userinfo_endpoint,clientID:r,clientSecret:n,callbackURL:e,pkce:o}}catch(r){throw new Error(`Error constructing OIDC authentication configuration - ${r}`)}}s(wk,"fetchStrategyConfig");async function Dk(){return Ur("oidc")}s(Dk,"getCallbackUrl");function X_(t,e){let r=t.request.query?.query;if(t.request.method.toLowerCase()!=="get"&&t.throw(500,"Query to download middleware can only be used for get requests."),!r)return e();let n=decodeURIComponent(r),i;try{i=JSON.parse(n)}catch{return e()}return t.request.body=i,e()}s(X_,"querystringToBody");function Lc(t,e,r={noTenancyRequired:!1}){let n=er(t),i=er(e);return async function(o,a){let c={allowNoTenant:r.noTenancyRequired||!!tr(o,i)};!!tr(o,n)||(c.excludeStrategies=["query"]);let d=qs(o,c);return d&&o.set("x-budibase-tenant-id",d),Ce(d,a)}}s(Lc,"tenancy");function Z_(t=[]){let e=er(t);return async function(r,n){if(tr(r,e))return n();try{if((await Be("settings"))?.config?.active===!1){r.status=404,r.body={message:"Tenant not found"};return}}catch(i){if(i.message==="Global DB not found")return n();throw i}return n()}}s(Z_,"activeTenant");async function kc(t,e){if(t.internal||xt(t.user))return e();let r=await ln(t);return r&&!ic(t.user,r)?t.throw(403,"Workspace Admin/Builder user only endpoint."):!r&&!g.isWorker()?t.throw(403,"This request required a workspace id."):!r&&!Me(t.user)&&t.throw(403,"Admin/Builder user only endpoint."),e()}s(kc,"workspaceBuilderOrAdmin");var Nm={};P(Nm,{postAuth:()=>bk,preAuth:()=>Ck});var Rk=require("passport-google-oauth").OAuth2Strategy;async function eO(){let t=await um();if(!t)throw new Error("No google configuration found");return t}s(eO,"fetchGoogleCreds");async function Ck(t,e,r){let n=await eO(),o=`${await Uo({tenantAware:!1})}/api/global/auth/datasource/google/callback`,a=await Pm(n,o,Fo);return e.query.appId||e.throw(400,"appId query param not present."),t.authenticate(a,{scope:["profile","email","https://www.googleapis.com/auth/spreadsheets"],accessType:"offline",prompt:"consent"})(e,r)}s(Ck,"preAuth");async function bk(t,e,r){let n=await eO(),o=`${await Uo({tenantAware:!1})}/api/global/auth/datasource/google/callback`,a=jt(e,"budibase:datasourceauth");if(!a)throw new Error("Unable to fetch datasource auth cookie");return t.authenticate(new Rk({clientID:n.clientID,clientSecret:n.clientSecret,callbackURL:o},(u,c,l,d)=>{Ar(e,"budibase:datasourceauth"),d(null,{accessToken:u,refreshToken:c})}),{successRedirect:"/",failureRedirect:"/error"},async(u,c)=>{let l=`/builder/workspace/${a.appId}/data`,d=ee();await zt(`datasource:creation:${a.appId}:google:${d}`,{tokens:c}),e.redirect(`${l}/new?continue_google_setup=${d}`)})(e,r)}s(bk,"postAuth");var xk={google:Nm};var tO=require("koa-passport"),vk=require("passport-local").Strategy,Mc=require("passport-oauth2-refresh"),Pk=bc,Nk=Lc,Uk=Pc,Lk=tO;tO.use(new vk(Oi.options,Oi.authenticate));async function kk(t,e){let r=await nr.getCallbackUrl(),n,i;try{if(n=await nr.fetchStrategyConfig(t,r),!n)throw new Error("OIDC Config contents invalid");i=await nr.strategyFactory(n,Fo)}catch{throw new Error("Could not refresh OAuth Token")}return Mc.use(i),new Promise(o=>{Mc.requestNewAccessToken("oidc",e,(a,u,c,l)=>{o({err:a,accessToken:u,refreshToken:c,params:l})})})}s(kk,"refreshOIDCAccessToken");async function Mk(t,e){let r=await rr.getCallbackUrl(t),n;try{n=await rr.strategyFactory(t,r,Fo)}catch(i){throw new Error(`Error constructing OIDC refresh strategy: message=${i.message}`)}return Mc.use(n),new Promise(i=>{Mc.requestNewAccessToken("google",e,(o,a,u,c)=>{i({err:o,accessToken:a,refreshToken:u,params:c})})})}s(Mk,"refreshGoogleAccessToken");async function Fk(t,e,r){switch(e){case"oidc":{if(!r)return{err:{data:"OIDC config id not provided"}};let n=await cm(r);return n?kk(n,t):{err:{data:"OIDC configuration not found"}}}case"google":{let n=await fc();return n?Mk(n,t):{err:{data:"Google configuration not found"}}}}}s(Fk,"refreshOAuthToken");async function Bk(t,e){let r={accessToken:e.accessToken,refreshToken:e.refreshToken};try{let n=Y(),i=await n.get(t);typeof r.refreshToken!="string"&&delete r.refreshToken,i.oauth2={...i.oauth2,...r},await n.put(i),await vo(t)}catch(n){console.error("Could not update OAuth details for current user",n)}}s(Bk,"updateUserOAuth");async function Wk(t){let e=t.ctx,r=t.userId,n=t.keepActiveSession;if(!e)throw new Error("Koa context must be supplied to logout.");let i=jt(e,"budibase:auth"),o=await mo(r);i&&n?o=o.filter(u=>u.sessionId!==i.sessionId):Ar(e,"budibase:auth");let a=o.map(({sessionId:u})=>u);await An(r,{sessionIds:a,reason:"logout"}),await rc.logout(e.user?.email),await vo(r)}s(Wk,"platformLogout");var Mm={};P(Mm,{validate:()=>Kk});var x=B(require("joi"));var $k=["Relational","Non-relational","Spreadsheet","Object store","Graph","API"];function km(t,e){let{error:r}=t.validate(e);if(r)throw r}s(km,"runJoi");function Gk(t){let e=x.default.object({type:x.default.string().allow("component").required(),metadata:x.default.object().unknown(!0).required(),hash:x.default.string().optional(),version:x.default.string().optional(),schema:x.default.object({name:x.default.string().required(),settings:x.default.array().items(x.default.object().unknown(!0)).required()}).unknown(!0)});km(e,t)}s(Gk,"validateComponent");function Vk(t){let e=x.default.object({type:x.default.string().allow(...Object.values($c)).required(),required:x.default.boolean().required(),default:x.default.any(),display:x.default.string()}),r=x.default.object({type:x.default.string().allow(...Object.values(Wc)),readable:x.default.boolean(),displayName:x.default.string(),fields:x.default.object().pattern(x.default.string(),e)}).required(),n=x.default.object({type:x.default.string().allow("datasource").required(),metadata:x.default.object().unknown(!0).required(),hash:x.default.string().optional(),version:x.default.string().optional(),schema:x.default.object({docs:x.default.string(),plus:x.default.boolean().optional(),isSQL:x.default.boolean().optional(),auth:x.default.object({type:x.default.string().required()}).optional(),features:x.default.object(Object.fromEntries(Object.values(Gc).map(i=>[i,x.default.boolean().optional()]))).optional(),relationships:x.default.boolean().optional(),description:x.default.string().required(),friendlyName:x.default.string().required(),type:x.default.string().allow(...$k),datasource:x.default.object().pattern(x.default.string(),e).required(),query:x.default.object().pattern(x.default.string(),r).unknown(!0).required(),extra:x.default.object().pattern(x.default.string(),x.default.object({type:x.default.string().required(),displayName:x.default.string().required(),required:x.default.boolean(),data:x.default.object()}))})});km(n,t)}s(Vk,"validateDatasource");function qk(t){let e=x.default.object().pattern(x.default.string(),{type:x.default.string().allow(...Object.values(Vc)).required(),customType:x.default.string().allow(...Object.values(qc)),title:x.default.string(),description:x.default.string(),enum:x.default.array().items(x.default.string()),pretty:x.default.array().items(x.default.string())}),r=x.default.object({properties:e,required:x.default.array().items(x.default.string())}).concat(e).required(),n=x.default.object({type:x.default.string().allow("automation").required(),metadata:x.default.object().unknown(!0).required(),hash:x.default.string().optional(),version:x.default.string().optional(),schema:x.default.object({name:x.default.string().required(),tagline:x.default.string().required(),icon:x.default.string().required(),description:x.default.string().required(),type:x.default.string().allow("ACTION","LOGIC").required(),stepId:x.default.string().disallow(...uh).required(),inputs:x.default.object().optional(),schema:x.default.object({inputs:r,outputs:r}).required()})});km(n,t)}s(qk,"validateAutomation");function Kk(t){switch(t?.type){case"component":Gk(t);break;case"datasource":Vk(t);break;case"automation":qk(t);break;default:throw new Error(`Unknown plugin type - check schema.json: ${t.type}`)}}s(Kk,"validate");var Fm={};P(Fm,{Client:()=>De,clients:()=>Tr,locks:()=>Tn,utils:()=>Ya});var Gm={};P(Gm,{isBlacklisted:()=>Jk,refreshBlacklist:()=>oO});var rO=B(require("dns")),Lr=B(require("net"));var nO=require("util");var Qk=["127.0.0.0/8","10.0.0.0/8","172.16.0.0/12","192.168.0.0/16","169.254.0.0/16","0.0.0.0/8","::1/128","fc00::/7","fe80::/10"],Wm,jk=(0,nO.promisify)(rO.default.lookup);function iO(){return!(g.SELF_HOSTED&&g.BLACKLIST_IPS!==void 0)}s(iO,"shouldApplyDefaultBlacklist");function $m(t){return Lr.default.isIP(t)===6?"ipv6":"ipv4"}s($m,"getIpVersion");function Hk(t){let e=Lr.default.isIP(t);return e===4?32:e===6?128:null}s(Hk,"getMaxPrefixLength");function Yk(t,e){if(!/^\d+$/.test(e))return null;let r=Number.parseInt(e,10),n=Hk(t);return n==null||r>n?null:r}s(Yk,"getValidSubnetPrefix");function zk(t){return Lr.default.isIP(t)?t:(t.startsWith("http")||(t=`https://${t}`),new URL(t).hostname.replace(/^\[|\]$/g,""))}s(zk,"parseAddress");async function sO(t){return t=zk(t),(await jk(t,{all:!0})).map(r=>r.address)}s(sO,"lookup");function Bm(t,e){let r=e.trim();if(!r)return;let n=r.split("/");if(n.length>2){console.log(`Ignoring invalid blacklist entry: ${r}`);return}let[i,o]=n,a=Lr.default.isIP(i);if(n.length===2){let u=Yk(i,o);if(a&&u!==null){t.addSubnet(i,u,$m(i));return}console.log(`Ignoring invalid blacklist entry: ${r}`);return}a&&t.addAddress(i,$m(i))}s(Bm,"addEntryToBlacklist");async function oO(){let t=new Lr.default.BlockList;if(iO())for(let r of Qk)Bm(t,r);let e=g.BLACKLIST_IPS?.split(",")||[];for(let r of e){let n=r.trim();if(!n)continue;let[i]=n.split("/");if(Lr.default.isIP(i)){Bm(t,n);continue}let o=await sO(n);for(let a of o)Bm(t,a)}Wm=t}s(oO,"refreshBlacklist");async function Jk(t){Wm||await oO();let e;if(Lr.default.isIP(t))e=[t];else try{e=await sO(t)}catch{return iO()}return e.some(r=>Wm.check(r,$m(r)))}s(Jk,"isBlacklisted");var qm={};P(qm,{init:()=>Zk});var Xk={"user:created":t=>t.userId,"user:updated":t=>t.userId,"user:deleted":t=>t.userId,"user:admin:assigned":t=>t.userId,"user:admin:removed":t=>t.userId,"user:builder:assigned":t=>t.userId,"user:builder:removed":t=>t.userId,"user_group:created":t=>t.groupId,"user_group:updated":t=>t.groupId,"user_group:deleted":t=>t.groupId,"user_group:user_added":t=>t.groupId,"user_group:users_deleted":t=>t.groupId,"user_group:permissions_edited":t=>t.groupId,"automation:deleted":t=>t.automationId,"datasource:deleted":t=>t.datasourceId,"table:deleted":t=>t.tableId,"query:deleted":t=>t.queryId,"workspace_app:deleted":t=>t.workspaceAppId,"view:deleted":t=>t.id};function aO(t,e){let r=Xk[t];if(!r)throw new Error("Event does not have a method of document ID extraction");return r(e)}s(aO,"getDocumentId");var Bo=class{constructor(e){this.processors=[];this.processors=e}static{s(this,"DocumentUpdateProcessor")}async processEvent(e,r,n){let i=r.realTenantId,o=aO(e,n);if(!(!i||!o))for(let{events:a,processor:u}of this.processors)a.includes(e)&&await Ce(i,async()=>{await u({id:o,tenantId:i,appId:n.appId,properties:n})})}shutdown(){return EA()}};var uO,Vm;function Zk(t){Tt||Xu(),Vm||(Vm=new Bo(t)),uO||(uO=Tt.process(async e=>{let{event:r,identity:n,properties:i}=e.data;await Vm.processEvent(r,n,i)}))}s(Zk,"init");var Zm={};P(Zm,{COUNT_FIELD_NAME:()=>Jm,Sql:()=>gO,SqlTable:()=>Fc,designDoc:()=>Xm,utils:()=>Of});var fO=require("knex");var eM=require("knex");function Km(t){return["link","formula","ai"].indexOf(t)!==-1}s(Km,"isIgnoredType");function cO(t,e,r,n,i){let o=e&&e.primary?e.primary:[],a=Object.values(e.schema),u=a.filter(h=>h.meta),c=u.length===a.length,l=[];n||(c?t.primary(u.map(h=>h.name)):o.length===1?(t.increments(o[0]).primary(),l.push(o[0])):t.primary(o));let d=Object.values(e.schema).map(h=>h.foreignKey);for(let[h,p]of Object.entries(e.schema)){let S=n?.schema[h];if(S&&S.type||l.includes(h)||i?.updated===h)continue;let m=p.type;switch(m){case"string":case"options":case"longform":case"barcodeqr":case"bb_reference_single":o.includes(h)?t.string(h,255):t.text(h);break;case"number":if(p.meta&&p.meta.toKey&&p.meta.toTable){let{toKey:E,toTable:y}=p.meta;t.integer(h).unsigned(),t.foreign(h).references(`${y}.${E}`)}else d.indexOf(h)===-1&&t.float(h);break;case"bigint":t.bigint(h);break;case"boolean":t.boolean(h);break;case"datetime":p.timeOnly?t.time(h):t.datetime(h,{useTz:!p.ignoreTimezones});break;case"array":case"bb_reference":Ue.schema.isDeprecatedSingleUserColumn(p)?t.text(h):t.json(h);break;case"link":if(p.relationshipType!=="many-to-one"&&p.relationshipType!=="many-to-many"){if(!p.foreignKey||!p.tableId)throw new Error("Invalid relationship schema");let{tableName:E}=yf(p.tableId),y=r[E];if(!y||!y.primary)throw new Error("Referenced table doesn't exist or has no primary keys");let I=y.primary[0],O=y.schema[I].externalType;O?t.specificType(p.foreignKey,O):t.integer(p.foreignKey).unsigned(),t.foreign(p.foreignKey).references(`${E}.${I}`)}break;case"signature_single":case"attachment":case"attachment_single":t.json(h);break;case"formula":break;case"ai":break;case"auto":case"json":case"internal":throw new Error(`${p.type} is not a valid SQL type`);default:Ot.unreachable(m)}}let f=i?n?.schema[i.old].type:void 0;return i&&f&&!Km(f)&&t.renameColumn(i.old,i.updated),n&&Object.entries(n.schema).filter(([p,S])=>!Km(S.type)&&e.schema[p]==null).forEach(([p,S])=>{i?.old===p||Km(S.type)||(n.constrained&&n.constrained.indexOf(p)!==-1&&t.dropForeign(p),t.dropColumn(p))}),t}s(cO,"generateSchema");function rM(t,e,r){return t.createTable(e.name,n=>{cO(n,e,r)})}s(rM,"buildCreateTable");function nM(t,e,r,n,i){return t.alterTable(e.name,o=>{cO(o,e,r,n,i)})}s(nM,"buildUpdateTable");function iM(t,e){return t.dropTable(e.name)}s(iM,"buildDeleteTable");var Qm=class{static{s(this,"SqlTableQueryBuilder")}constructor(e){this.sqlClient=e}getBaseSqlClient(){return this.sqlClient}getSqlClient(){return this.extendedSqlClient||this.sqlClient}setExtendedSqlClient(e){this.extendedSqlClient=e}_operation(e){return e.operation}_tableQuery(e){let r=(0,eM.knex)({client:this.sqlClient}).schema;e?.schema&&(r=r.withSchema(e.schema));let n;if(!e.table||!e.tables)throw new Error("Cannot execute without table being specified");if(e.table.sourceType==="internal")throw new Error("Cannot perform table actions for SQS.");switch(this._operation(e)){case"CREATE_TABLE":n=rM(r,e.table,e.tables);break;case"UPDATE_TABLE":if(!e.table)throw new Error("Must specify old table for update");if(this.sqlClient==="mysql2"&&e.meta?.renamed){let i=e.meta.renamed.updated;return{sql:`alter table ${e?.schema?`\`${e.schema}\`.\`${e.table.name}\``:`\`${e.table.name}\``} rename column \`${e.meta.renamed.old}\` to \`${i}\`;`,bindings:[]}}if(n=nM(r,e.table,e.tables,e.meta?.oldTable,e.meta?.renamed),this.sqlClient==="mssql"&&e.meta?.renamed){let i=e.meta.renamed.old,o=e.meta.renamed.updated,a=e?.schema?`${e.schema}.${e.table.name}`:`${e.table.name}`,u=Xn(n);if(Array.isArray(u))for(let c of u)c.sql.startsWith("exec sp_rename")&&(c.sql=`exec sp_rename '${a}.${i}', '${o}', 'COLUMN'`,c.bindings=[]);return u}break;case"DELETE_TABLE":n=iM(r,e.table);break;default:throw new Error("Table operation is of unknown type")}return Xn(n)}},Fc=Qm;var pO=require("lodash");var Jm="__bb_total";function lO(){return(g.SQL_MAX_ROWS?parseInt(g.SQL_MAX_ROWS):null)||5e3}s(lO,"getBaseLimit");function jm(){return(g.SQL_MAX_RELATED_ROWS?parseInt(g.SQL_MAX_RELATED_ROWS):null)||500}s(jm,"getRelationshipLimit");function sM(t,e){return t.sort((r,n)=>{let i=e.find(a=>a&&r.endsWith(a)),o=e.find(a=>a&&n.endsWith(a));return i&&!o?-1:!i&&o?1:r.localeCompare(n)})}s(sM,"prioritisedArraySort");function mO(t){return Array.isArray(t)?t.map(e=>mO(e)):(t.bindings&&(t.bindings=t.bindings.map(e=>typeof e=="boolean"?e?1:0:e)),t)}s(mO,"convertBooleans");function dO(t){return t.sourceType==="internal"||t.sourceId===jc}s(dO,"isSqs");function oM(t,e='"'){return t.replace(new RegExp(e,"g"),`${e}${e}`)}s(oM,"escapeQuotes");function aM(t,e='"'){return`${e}${oM(t,e)}${e}`}s(aM,"wrap");function uM(t,e='"'){for(let r in t)typeof t[r]=="string"&&(t[r]=aM(t[r],e));return`[${t.join(",")}]`}s(uM,"stringifyArray");function Hm(t){return`{${(Array.isArray(t)?t:t==null?[]:[t]).map(n=>{if(typeof n=="string"&&n.length>1){let i=n[0],o=n[n.length-1];if(i==='"'&&o==='"'||i==="'"&&o==="'")return n.substring(1,n.length-1)}return`${n}`}).join(",")}}`}s(Hm,"toPgArrayLiteral");function hO(t){return lh.includes(t.type)&&!Ue.schema.isDeprecatedSingleUserColumn(t)}s(hO,"isJsonColumn");var cM={equal:!1,notEqual:!0,empty:!1,notEmpty:!0,fuzzy:!1,string:!1,range:!1,contains:!1,notContains:!0,containsAny:!1,oneOf:!1,$and:!1,$or:!1},Ym=class{constructor(e,r,n){this.SPECIAL_SELECT_CASES={POSTGRES_ARRAY:e=>this.client==="pg"&&e?.externalType?.toLowerCase()==="array",POSTGRES_MONEY:e=>this.client==="pg"&&e?.externalType?.includes("money"),POSTGRES_ENUM:e=>this.client==="pg"&&e?.externalType?.toLowerCase()==="user-defined"&&e?.type==="options",MSSQL_DATES:e=>this.client==="mssql"&&e?.type==="datetime"&&e.timeOnly};this.client=e,this.query=n,this.knex=r,this.splitter=new mr.ColumnSplitter([this.table],{aliases:this.query.tableAliases,columnPrefix:this.query.meta?.columnPrefix})}static{s(this,"InternalBuilder")}get table(){return this.query.table}get knexClient(){return this.knex.client}getFieldSchema(e){let{column:r}=this.splitter.run(e);return this.table.schema[r]}requiresJsonAsStringClient(){return["mssql","mysql2","mariadb","oracledb"].includes(this.client)}quoteChars(){let e=this.knexClient.wrapIdentifier("foo",{});return[e[0],e[e.length-1]]}quote(e){return this.knexClient.wrapIdentifier(e,{})}isQuoted(e){let[r,n]=this.quoteChars();return e.startsWith(r)&&e.endsWith(n)}quotedIdentifier(e){return Array.isArray(e)||(e=this.splitIdentifier(e)),e.map(r=>this.quote(r)).join(".")}castIntToString(e){switch(this.client){case"oracledb":return this.knex.raw("to_char(??)",[e]);case"pg":return this.knex.raw("??::TEXT",[e]);case"mysql2":case"mariadb":return this.knex.raw("CAST(?? AS CHAR)",[e]);case"sqlite3":return this.knex.raw("printf('%d', ??)",[e]);case"mssql":return this.knex.raw("CONVERT(NVARCHAR, ??)",[e])}}rawQuotedIdentifier(e){return this.knex.raw(this.quotedIdentifier(e))}splitIdentifier(e){let[r,n]=this.quoteChars();return this.isQuoted(e)?e.slice(1,-1).split(`${n}.${r}`):e.split(".")}qualifyIdentifier(e){let r=this.getTableName(),n=this.splitIdentifier(e);return n[0]!==r&&n.unshift(r),this.isQuoted(e)?this.quotedIdentifier(n):n.join(".")}generateSelectStatement(){let{table:e,resource:r}=this.query;if(!r||!r.fields||r.fields.length===0)return"*";let n=this.getTableName(e),i=this.table.schema;return r.fields.map(a=>{let u=a.split(/\./g),c,l=u[0];return u.length>1&&(c=u[0],l=u.slice(1).join(".")),{table:c,column:l,field:a}}).filter(({table:a})=>!a||a===n).map(({table:a,column:u,field:c})=>{let l=i[u];return this.SPECIAL_SELECT_CASES.POSTGRES_MONEY(l)?this.knex.raw("??::money::numeric as ??",[this.rawQuotedIdentifier([a,u].join(".")),this.knex.raw(this.quote(c))]):this.SPECIAL_SELECT_CASES.MSSQL_DATES(l)?this.knex.raw("CONVERT(varchar, ??, 108) as ??",[this.rawQuotedIdentifier(c),this.knex.raw(this.quote(c))]):a?this.rawQuotedIdentifier(`${a}.${u}`):this.rawQuotedIdentifier(c)})}convertClobs(e,r){if(this.client!=="oracledb")throw new Error("you've called convertClobs on a DB that's not Oracle, this is a mistake");let i=this.splitIdentifier(e).pop(),o=this.table.schema[i],a=this.rawQuotedIdentifier(e);return(o.type==="string"||o.type==="longform"||o.type==="bb_reference_single"||o.type==="bb_reference"||o.type==="options"||o.type==="barcodeqr")&&(r?.forSelect?a=this.knex.raw("to_char(??) as ??",[a,this.rawQuotedIdentifier(i)]):a=this.knex.raw("to_char(??)",[a])),a}parse(e,r){if(Array.isArray(e))return JSON.stringify(e);if(e==null)return null;if(this.requiresJsonAsStringClient()&&hO(r)&&typeof e=="object")return JSON.stringify(e);if(this.SPECIAL_SELECT_CASES.POSTGRES_ARRAY(r))return`{${e}}`;if(this.client==="oracledb"&&r.type==="datetime"&&r.timeOnly){if(e instanceof Date){let n=e.getHours().toString().padStart(2,"0"),i=e.getMinutes().toString().padStart(2,"0"),o=e.getSeconds().toString().padStart(2,"0");return`${n}:${i}:${o}`}if(typeof e=="string")return new Date(`1970-01-01T${e}Z`)}if(typeof e=="string"&&r.type==="datetime")if(r.timeOnly){if(!Af(e))return null}else if(r.dateOnly){let n=Sf(e);return n?new Date(n):null}else return r.ignoreTimezones?eu(e)?new Date(e):Tf(e)?new Date(e+"Z"):null:eu(e)?new Date(e.trim()):null;return e}parseBody(e){for(let[r,n]of Object.entries(e)){let{column:i}=this.splitter.run(r),o=this.table.schema[i];o&&(e[r]=this.parse(n,o))}return e}parseFilters(e){e=(0,pO.cloneDeep)(e);for(let r of Object.values(Fr)){let n=e[r];if(n)for(let i of Object.keys(n)){if(Array.isArray(n[i])){n[i]=JSON.stringify(n[i]);continue}let{column:o}=this.splitter.run(i),a=this.table.schema[o];a&&(n[i]=this.parse(n[i],a))}}for(let r of Object.values(sr)){let n=e[r];if(n)for(let i of Object.keys(n)){let{column:o}=this.splitter.run(i),a=this.table.schema[o];a&&(n[i]=n[i].map(u=>this.parse(u,a)))}}for(let r of Object.values(Cn)){let n=e[r];if(n)for(let i of Object.keys(n)){let{column:o}=this.splitter.run(i),a=this.table.schema[o];if(!a)continue;let u=n[i];"low"in u&&(u.low=this.parse(u.low,a)),"high"in u&&(u.high=this.parse(u.high,a))}}return e}addJoinFieldCheck(e,r){let n=r.from?.split(".")[0]||"";return e.andWhere(`${n}.fieldName`,"=",r.column)}addRelationshipForFilter(e,r,n,i,o){let{relationships:a,schema:u,tableAliases:c,table:l}=this.query,d=c?.[l.name]||l.name,f=s(h=>n.match(new RegExp(`^${h}\\.`)),"matches");if(!a)return e;for(let h of a){let p=h.tableName,S=c?.[p]||p,m=f(p)||f(S),E=f(h.column),y=h.column===this.splitter.run(n).column&&!this.splitter.run(n).tableName;if((m||E||y)&&h.to&&h.tableName){let I=this.knex.select(this.knex.raw(1)).from({[S]:p}),O=I.clone(),w=_f(h),T;if(m?T=n:T=n.replace(new RegExp(`^${h.column}.`),`${c?.[h.tableName]||h.tableName}.`),w){let _=c?.[w.through]||h.through,U=this.tableNameWithSchema(w.through,{alias:_,schema:u});O=O.innerJoin(U,function(){this.on(`${S}.${w.toPrimary}`,"=",`${_}.${w.to}`)}).where(`${_}.${w.from}`,"=",this.rawQuotedIdentifier(`${d}.${w.fromPrimary}`)),this.client==="sqlite3"&&(O=this.addJoinFieldCheck(O,w)),y&&i==="empty"?e=e.whereNotExists(O):y&&i==="notEmpty"?e=e.whereExists(O):e=e.where(R=>{R.whereExists(o(T,O)),r&&R.orWhereNotExists(I.clone().innerJoin(U,function(){this.on(`${d}.${w.fromPrimary}`,"=",`${_}.${w.from}`)}))})}else{let _=`${S}.${h.to}`,U=`${d}.${h.from}`;O=O.where(_,"=",this.rawQuotedIdentifier(U)),y&&i==="empty"?e=e.whereNotExists(O):y&&i==="notEmpty"?e=e.whereExists(O):e=e.where(R=>{R.whereExists(o(T,O.clone())),r&&R.orWhereNotExists(O)})}}}return e}addFilters(e,r,n){if(!r)return e;let i=this;r=this.parseFilters({...r});let o=this.query.tableAliases,a=r.allOr,c=this.client==="sqlite3"?this.table._id:this.table.name;function l(m){return o?.[m]||m}s(l,"getTableAlias");function d(m,E,y,I){let O=s((w,T,_)=>{let[U,...R]=T.split("."),M=R.join("."),H=l(U);return w.andWhere(Ie=>y(Ie,H?`${H}.${M}`:M,_))},"handleRelationship");for(let w in m){let T=m[w],_=Vs(w),U=_.includes(".")||i.getFieldSchema(_)?.type==="link",R=n?.relationship&&U,M;if(w==="_complexIdOperator"&&(M=m[w])&&I){let H=l(c);e=I(e,M.id.map(Ie=>H?`${H}.${Ie}`:Ie),M.values)}else if(U)R&&(a&&(e=e.or),e=i.addRelationshipForFilter(e,cM[E],_,E,(H,Ie)=>O(Ie,H,T)));else{let H=l(c);e=y(e,H?`${H}.${_}`:_,T)}}}s(d,"iterate");let f=this.client==="sqlite3"&&this.query.meta?.sqliteUseLikeWithoutLower,h=s((m,E,y)=>((r?.fuzzyOr||a)&&(m=m.or),f?m.whereRaw("?? LIKE ?",[this.rawQuotedIdentifier(E),`%${y}%`]):this.client==="oracledb"||this.client==="sqlite3"?m.whereRaw("LOWER(??) LIKE ?",[this.rawQuotedIdentifier(E),`%${y.toLowerCase()}%`]):m.whereILike(this.rawQuotedIdentifier(E),this.knex.raw("?",[`%${y}%`]))),"like"),p=s((m,E=!1)=>{function y(I){return(a||m===r?.containsAny)&&(I=I.or),m===r?.notContains&&(I=I.not),I}s(y,"addModifiers"),this.client==="pg"?d(m,"contains",(I,O,w)=>{I=y(I);let T=this.getFieldSchema(O),_=this.rawQuotedIdentifier(O),U=Array.isArray(w)?[...w]:[w],R=this.SPECIAL_SELECT_CASES.POSTGRES_ARRAY(T);return E?R?I.whereRaw("COALESCE(?? && ?::text[], FALSE)",[_,Hm(U)]):I.whereRaw("COALESCE(??::jsonb \\?| ?::text[], FALSE)",[_,Hm(U)]):R?I.whereRaw("COALESCE(?? @> ?::text[], FALSE)",[_,Hm(U)]):I.whereRaw("COALESCE(??::jsonb @> ?::jsonb, FALSE)",[_,uM(U)])}):this.client==="mysql2"||this.client==="mariadb"?d(m,"contains",(I,O,w)=>{let T=Array.isArray(w)?w:[w];return y(I).whereRaw("COALESCE(?(??, ?), FALSE)",[this.knex.raw(E?"JSON_OVERLAPS":"JSON_CONTAINS"),this.rawQuotedIdentifier(O),JSON.stringify(T)])}):d(m,"contains",(I,O,w)=>(w.length===0||(I=I.where(T=>(m===r?.notContains&&(T=T.not),T=T.where(_=>{for(let U of w){m===r?.containsAny?_=_.or:_=_.and;let R=!f,M=typeof U=="string"?`"${R?U.toLowerCase():U}"`:U,H=R?"COALESCE(LOWER(??), '')":"COALESCE(??, '')";_=_.whereLike(this.knex.raw(H,[this.rawQuotedIdentifier(O)]),`%${M}%`)}}),m===r?.notContains&&(T=T.or.whereNull(this.rawQuotedIdentifier(O))),T))),I))},"contains");if(r.$and){let{$and:m}=r;for(let E of m.conditions)e=e.where(y=>{this.addFilters(y,E,n)})}if(r.$or){let{$or:m}=r;e=e.where(E=>{for(let y of m.conditions)E.orWhere(I=>this.addFilters(I,{...y,allOr:!0},n))})}r.oneOf&&d(r.oneOf,"oneOf",(m,E,y)=>{let I=this.getFieldSchema(E),O=Array.isArray(y)?y:[y];if(a&&(m=m.or),this.client==="oracledb")E=this.convertClobs(E);else if(this.client==="sqlite3"&&I?.type==="datetime"&&I.dateOnly){for(let w of O)w!=null?m=m.or.whereLike(E,`${w.toISOString().slice(0,10)}%`):m=m.or.whereNull(E);return m}return m.whereIn(E,O)},(m,E,y)=>(a&&(m=m.or),this.client==="oracledb"&&(E=E.map(I=>this.convertClobs(I))),m.whereIn(E,Array.isArray(y)?y:[y]))),r.string&&d(r.string,"string",(m,E,y)=>{if(a&&(m=m.or),f)return m.whereRaw("?? LIKE ?",[this.rawQuotedIdentifier(E),`${y}%`]);if(this.client==="oracledb"||this.client==="sqlite3")return m.whereRaw("LOWER(??) LIKE ?",[this.rawQuotedIdentifier(E),`${y.toLowerCase()}%`]);{let I=this.getFieldSchema(E);return this.SPECIAL_SELECT_CASES.POSTGRES_ENUM(I)?m.whereRaw("??::text ilike ?",[this.knex.raw(this.quote(I.name)),`${y}%`]):m.whereILike(E,`${y}%`)}}),r.fuzzy&&d(r.fuzzy,"fuzzy",h),r.range&&d(r.range,"range",(m,E,y)=>{let I=s(M=>M&&Object.keys(M).length===0&&Object.getPrototypeOf(M)===Object.prototype,"isEmptyObject");I(y.low)&&(y.low=""),I(y.high)&&(y.high="");let O=tu(y.low),w=tu(y.high),T=this.getFieldSchema(E),_=E,U=y.high,R=y.low;return this.client==="sqlite3"&&T?.type==="datetime"&&T.dateOnly&&(U!=null&&(U=`${U.toISOString().slice(0,10)}T23:59:59.999Z`),R!=null&&(R=R.toISOString().slice(0,10))),this.client==="oracledb"?_=this.convertClobs(E):this.client==="sqlite3"&&T?.type==="bigint"&&(_=this.knex.raw("CAST(?? AS INTEGER)",[this.rawQuotedIdentifier(E)]),U=this.knex.raw("CAST(? AS INTEGER)",[y.high]),R=this.knex.raw("CAST(? AS INTEGER)",[y.low])),a&&(m=m.or),O&&w?m.whereBetween(_,[R,U]):O?m.where(_,">=",R):w?m.where(_,"<=",U):m}),r.equal&&d(r.equal,"equal",(m,E,y)=>{let I=this.getFieldSchema(E);if(a&&(m=m.or),this.client==="mssql")return m.whereRaw("CASE WHEN ?? = ? THEN 1 ELSE 0 END = 1",[this.rawQuotedIdentifier(E),y]);if(this.client==="oracledb"){let O=this.convertClobs(E);return m.where(w=>w.whereNotNull(O).andWhere(O,y))}else return this.client==="sqlite3"&&I?.type==="datetime"&&I.dateOnly?y!=null?m.whereLike(E,`${y.toISOString().slice(0,10)}%`):m.whereNull(E):m.whereRaw("COALESCE(?? = ?, FALSE)",[this.rawQuotedIdentifier(E),y])}),r.notEqual&&d(r.notEqual,"notEqual",(m,E,y)=>{let I=this.getFieldSchema(E);if(a&&(m=m.or),this.client==="mssql")return m.whereRaw("CASE WHEN ?? = ? THEN 1 ELSE 0 END = 0",[this.rawQuotedIdentifier(E),y]);if(this.client==="oracledb"){let O=this.convertClobs(E);return m.where(w=>w.not.whereNull(O).and.where(O,"!=",y)).or.whereNull(O)}else return this.client==="sqlite3"&&I?.type==="datetime"&&I.dateOnly?y!=null?m.not.whereLike(E,`${y.toISOString().slice(0,10)}%`).or.whereNull(E):m.not.whereNull(E):m.whereRaw("COALESCE(?? != ?, TRUE)",[this.rawQuotedIdentifier(E),y])}),r.empty&&d(r.empty,"empty",(m,E)=>(a&&(m=m.or),m.whereNull(E))),r.notEmpty&&d(r.notEmpty,"notEmpty",(m,E)=>(a&&(m=m.or),m.whereNotNull(E))),r.contains&&p(r.contains),r.notContains&&p(r.notContains),r.containsAny&&p(r.containsAny,!0);let S=o?.[this.table._id]||this.table._id;return r.documentType&&!Ef(this.table)&&S&&e.andWhereLike(`${S}._id`,`${or(r.documentType)}%`),e}isSqs(){return dO(this.table)}getTableName(e){e||(e=this.table);let r=e.name;dO(e)&&e._id&&(r=e._id);let n=this.query.tableAliases||{};return n[r]?n[r]:r}addDistinctCount(e){if(!this.table.primary)throw new Error("SQL counting requires primary key to be supplied");return e.countDistinct(`${this.getTableName()}.${this.table.primary[0]} as ${Jm}`)}addAggregations(e,r){let n=this.query.resource?.fields||[],i=this.getTableName();if(n.length>0){let o=n.map(a=>this.qualifyIdentifier(a));if(this.client==="oracledb"){let a=o.map(c=>this.convertClobs(c)),u=o.map(c=>this.convertClobs(c,{forSelect:!0}));e=e.groupBy(a).select(u)}else e=e.groupBy(o).select(o)}for(let o of r){let a=o.calculationType;if(a==="count")if("distinct"in o&&o.distinct)if(this.client==="oracledb"){let u=this.convertClobs(`${i}.${o.field}`);e=e.select(this.knex.raw("COUNT(DISTINCT ??) as ??",[u,o.name]))}else e=e.countDistinct(`${i}.${o.field} as ${o.name}`);else if(this.client==="oracledb"){let u=this.convertClobs(`${i}.${o.field}`);e=e.select(this.knex.raw("COUNT(??) as ??",[u,o.name]))}else e=e.count(`${o.field} as ${o.name}`);else{let u=this.getFieldSchema(o.field);if(!u)throw new Error(`field schema missing for aggregation target: ${o.field}`);let c=this.knex.raw("??(??)",[this.knex.raw(a),this.rawQuotedIdentifier(`${i}.${o.field}`)]);u.type==="bigint"&&(c=this.castIntToString(c)),e=e.select(this.knex.raw("?? as ??",[c,o.name]))}}return e}isAggregateField(e){return!!this.query.resource?.aggregations?.find(n=>n.name===e)}addSorting(e){let{sort:r,resource:n}=this.query,i=this.table.primary,o=this.getTableName();if(!Array.isArray(i))throw new Error("Sorting requires primary key to be specified for table");if(r&&Object.keys(r||{}).length>0)for(let[u,c]of Object.entries(r)){let l=this.getFieldSchema(u);if(this.isUnsortableField(l))continue;let d=c.direction==="ascending"?"asc":"desc",f;(this.client==="pg"||this.client==="oracledb")&&(f=c.direction==="ascending"?"first":"last");let h=`${o}.${u}`,p;this.isAggregateField(u)?p=this.rawQuotedIdentifier(u):this.client==="oracledb"?p=this.convertClobs(h):p=this.rawQuotedIdentifier(h),e=e.orderByRaw(`?? ?? ${f?"nulls ??":""}`,[p,this.knex.raw(d),...f?[this.knex.raw(f)]:[]])}if(!((n?.aggregations?.length??0)>0)){let u=this.findSortablePrimaryKey(i);if(u&&(!r||r[u]===void 0))e=e.orderBy(`${o}.${u}`);else if(!u&&(!r||Object.keys(r).length===0))throw new Error(`Primary key not found for table ${this.table.name}`)}return e}isUnsortableField(e){return e?.type==="json"}findSortablePrimaryKey(e){return e.find(r=>{if(r==null)return!1;let n=this.getFieldSchema(r);return!this.isUnsortableField(n)})}tableNameWithSchema(e,r){let n=r?.schema?`${r.schema}.${e}`:e;return r?.alias&&(n+=` as ${r.alias}`),n}buildJsonField(e,r){let n=r.split("."),i=n[n.length-1],o,a;if(n.length>1){let l=n.shift();o=n.join("."),a=`${l}.${o}`}else o=n.join("."),a=o;this.query.meta?.columnPrefix&&(i=i.replace(this.query.meta.columnPrefix,""));let u=this.rawQuotedIdentifier(a),c=e.schema[i];return c&&c.type==="bigint"&&(u=this.castIntToString(u)),[o,u]}maxFunctionParameters(){switch(this.client){case"sqlite3":return 127;case"pg":return 100;default:return 200}}addJsonRelationships(e,r,n){let i=this.client,o=this.knex,{resource:a,tableAliases:u,schema:c,tables:l}=this.query,d=a?.fields||[];for(let f of n){let{tableName:h,through:p,to:S,from:m,fromPrimary:E,toPrimary:y}=f;if(!h||!r)continue;let I=l[h];if(!I)throw new Error(`related table "${h}" not found in datasource`);let O=u?.[h]||h,w=u?.[r]||r,T=p&&u?.[p]||p,_=this.tableNameWithSchema(h,{alias:O,schema:c}),U=[...I?.primary||[],I?.primaryDisplay].filter(D=>D),R=sM(d.filter(D=>D.split(".")[0]===O),U);R=R.slice(0,Math.floor(this.maxFunctionParameters()/2));let M=R.map(D=>this.buildJsonField(I,D));if(!M.length)continue;let H=M.map(D=>{let J=this.client==="oracledb"?" VALUE ":",";return this.knex.raw(`?${J}??`,[D[0],D[1]]).toString()}).join(","),Ie=`${O}.${y||S}`,W=o.from(_).orderBy(Ie),F=p&&y&&E,N=F?`${T}.${m}`:`${O}.${S}`,G=F?`${w}.${E}`:`${w}.${m}`;if(F){let D=this.tableNameWithSchema(p,{alias:T,schema:c});W=W.join(D,function(){this.on(`${O}.${y}`,"=",`${T}.${S}`)})}W=W.where(this.rawQuotedIdentifier(N),"=",this.rawQuotedIdentifier(G));let k=s(D=>(W=W.select(R.map(J=>this.rawQuotedIdentifier(J))).limit(jm()),o.select(D).from({[O]:W})),"standardWrap"),K;switch(i){case"sqlite3":W=this.addJoinFieldCheck(W,f),K=k(this.knex.raw(`json_group_array(json_object(${H}))`));break;case"pg":K=k(this.knex.raw(`json_agg(json_build_object(${H}))`));break;case"mariadb":K=W.select(o.raw(`json_arrayagg(json_object(${H}) LIMIT ${jm()})`));break;case"mysql2":case"oracledb":K=k(this.knex.raw(`json_arrayagg(json_object(${H}))`));break;case"mssql":{let D=o.select("*").from({[w]:W.select(M.map(J=>o.ref(J[1]).as(J[0]))).limit(jm())});K=o.raw(`(SELECT ?? = (${D} FOR JSON PATH))`,[this.rawQuotedIdentifier(O)]);break}default:throw new Error(`JSON relationships not implement for ${i}`)}e=e.select({[f.column]:K})}return e}addJoin(e,r,n){let{tableAliases:i,schema:o}=this.query,a=r.to,u=r.from,c=r.through,l=i?.[a]||a,d=c&&i?.[c]||c,f=i?.[u]||u,h=this.tableNameWithSchema(a,{alias:l,schema:o}),p=c?this.tableNameWithSchema(c,{alias:d,schema:o}):void 0;return c?e=e.leftJoin(p,function(){for(let S of n){let m=S.fromPrimary,E=S.from;this.orOn(`${f}.${m}`,"=",`${d}.${E}`)}}).leftJoin(h,function(){for(let S of n){let m=S.toPrimary,E=S.to;this.orOn(`${l}.${m}`,`${d}.${E}`)}}):e=e.leftJoin(h,function(){for(let S of n){let m=S.from,E=S.to;this.orOn(`${f}.${m}`,"=",`${l}.${E}`)}}),e}qualifiedKnex(e){let r=this.query.tableAliases?.[this.query.table.name];return e?.alias===!1?r=void 0:typeof e?.alias=="string"&&(r=e.alias),this.knex(this.tableNameWithSchema(this.query.table.name,{alias:r,schema:this.query.schema}))}create(e){let{body:r}=this.query;if(!r)throw new Error("Cannot create without row body");let n=this.qualifiedKnex({alias:!1}),i=this.parseBody(r);if(this.client==="oracledb")for(let[o,a]of Object.entries(this.query.table.schema)){if(a.constraints?.presence===!0||a.type==="formula"||a.type==="auto"||a.type==="link"||a.type==="ai")continue;i[o]==null&&(i[o]=null)}else for(let[o,a]of Object.entries(i))a==null&&delete i[o];return e.disableReturning?n.insert(i):n.insert(i).returning("*")}bulkCreate(){let{body:e}=this.query,r=this.qualifiedKnex({alias:!1});if(!Array.isArray(e))return r;let n=e.map(i=>this.parseBody(i));return r.insert(n)}bulkUpsert(){let{body:e}=this.query,r=this.qualifiedKnex({alias:!1});if(!Array.isArray(e))return r;let n=e.map(i=>this.parseBody(i));if(this.client==="pg"||this.client==="sqlite3"||this.client==="mysql2"||this.client==="mariadb"){let i=this.table.primary;if(!i)throw new Error("Primary key is required for upsert");return r.insert(n).onConflict(i).merge()}else if(this.client==="mssql"||this.client==="oracledb")return r.insert(n);return r.upsert(n)}read(e={}){let{operation:r,filters:n,paginate:i,relationships:o,table:a}=this.query,{limits:u}=e,c=this.qualifiedKnex(),l=null,d=u?.query||u?.base;if(i&&i.page&&i.limit){let p=(i.page<=1?0:i.page-1)*i.limit;d=i.limit,l=p}else i&&i.offset&&i.limit?(d=i.limit,l=i.offset):i&&i.limit&&(d=i.limit);r!=="COUNT"&&(d!=null&&(c=c.limit(d)),l!=null&&(c=c.offset(l)));let f=this.query.resource?.aggregations||[];if(r==="COUNT"?c=this.addDistinctCount(c):f.length>0?c=this.addAggregations(c,f):c=c.select(this.generateSelectStatement()),r!=="COUNT"&&(c=this.addSorting(c)),c=this.addFilters(c,n,{relationship:!0}),o?.length&&f.length===0){let h=this.query.tableAliases?.[a.name]||a.name,p=this.addSorting(this.knex.with("paginated",c.clone().clearSelect().select("*")).select(this.generateSelectStatement()).from({[h]:"paginated"}));return this.addJsonRelationships(p,a.name,o)}return c}update(e){let{body:r,filters:n}=this.query;if(!r)throw new Error("Cannot update without row body");let i=this.qualifiedKnex(),o=this.parseBody(r);return i=this.addFilters(i,n,{relationship:!0}),e.disableReturning?i.update(o):i.update(o).returning("*")}delete(e){let{filters:r}=this.query,n=this.qualifiedKnex();return n=this.addFilters(n,r,{relationship:!0}),e.disableReturning?n.delete():n.delete().returning(this.generateSelectStatement())}},zm=class extends Fc{constructor(r,n=lO()){super(r);this.limit=n}static{s(this,"SqlQueryBuilder")}convertToNative(r,n={}){let i=this.getSqlClient();if(n?.disableBindings)return{sql:r.toString()};{let o=Xn(r);return i==="sqlite3"&&(o=mO(o)),o}}_query(r,n={}){let i=this.getSqlClient(),o={client:this.getBaseSqlClient()};(i==="sqlite3"||i==="oracledb")&&(o.useNullAsDefault=!0);let a=(0,fO.knex)(o),u,c=new Ym(i,a,r);switch(this._operation(r)){case"CREATE":u=c.create(n);break;case"READ":u=c.read({limits:{query:this.limit,base:lO()}});break;case"COUNT":u=c.read();break;case"UPDATE":u=c.update(n);break;case"DELETE":u=c.delete(n);break;case"BULK_CREATE":u=c.bulkCreate();break;case"BULK_UPSERT":u=c.bulkUpsert();break;case"CREATE_TABLE":case"UPDATE_TABLE":case"DELETE_TABLE":return this._tableQuery(r);default:throw"Operation type is not supported by SQL query builder"}return this.convertToNative(u,n)}async getReturningRow(r,n){if(!n.extra||!n.extra.idFilter)return{};let i=this._query({operation:"READ",datasource:n.datasource,schema:n.schema,table:n.table,tables:n.tables,resource:{fields:[]},filters:n.extra?.idFilter,paginate:{limit:1}});return r(i,"READ")}checkLookupKeys(r,n){if(!r||!n.table.primary)return n;let i=n.table.primary[0];return n.extra={idFilter:{equal:{[i]:r}}},n}async queryWithReturning(r,n,i=o=>o){let o=this.getSqlClient(),a=this._operation(r),u=this._query(r,{disableReturning:!0});if(Array.isArray(u)){let f=[];for(let h of u)f.push(await n(h,a));return f}let c;a==="DELETE"&&(c=i(await this.getReturningRow(n,r)));let l=await n(u,a),d=i(l);if(a==="CREATE"||a==="UPDATE"){let f;o==="mssql"?f=d?.[0].id:(o==="mysql2"||o==="mariadb")&&(f=d?.insertId),c=i(await this.getReturningRow(n,this.checkLookupKeys(f,r)))}return a==="COUNT"?d:a!=="READ"?c:d.length?d:[{[a.toLowerCase()]:!0}]}getTableName(r,n){let i=r.name;if(r.sourceType==="internal"||r.sourceId===jc){if(!r._id)return;i=r._id}return n?.[i]||i}convertJsonStringColumns(r,n,i){let o=this.getTableName(r,i);for(let[a,u]of Object.entries(r.schema)){if(!hO(u))continue;let c=`${o}.${a}`;for(let l of n)typeof l[c]=="string"&&(l[c]=JSON.parse(l[c])),typeof l[a]=="string"&&(l[a]=JSON.parse(l[a]))}return n}log(r,n){vs(this.getSqlClient(),r,n)}},gO=zm;var Xm={};P(Xm,{base:()=>lM});function lM(t){return{_id:Ct,language:"sqlite",sql:{tables:{},options:{table_name:t}}}}s(lM,"base");var eh={};P(eh,{jsonFromCsvString:()=>dM});var EO=B(require("csvtojson"));async function dM(t,e){let{ignoreEmpty:r=!1,allowSingleColumn:n=!1,possibleDelimiters:i=[",",";",":","|","~"," "," "]}=e||{};for(let o of i){let a,u=!1;try{let c=await(0,EO.default)({ignoreEmpty:r,delimiter:o}).fromString(t);for(let[,l]of c.entries()){let d=Object.keys(l);if(a==null&&(a=d),!n&&d.length===1){u=!0;break}if(a.length!==d.length){u=!0;break}for(let f of a)(l[f]===void 0||l[f]==="")&&(l[f]=null)}if(u)continue;return c}catch{continue}}throw new Error("Unable to determine delimiter")}s(dM,"jsonFromCsvString");var th=class{static{s(this,"Endpoint")}constructor(e,r,n){this.method=e,this.url=r,this.controller=n,this.middlewares=[],this.outputMiddlewares=[]}addMiddleware(e,r){return r?.first?this.middlewares.unshift(e):this.middlewares.push(e),this}addOutputMiddleware(e,r){return r?.first?this.outputMiddlewares.unshift(e):this.outputMiddlewares.push(e),this}apply(e){let r=this.method,n=this.url,i=this.middlewares,o=this.controller,a=this.outputMiddlewares,u=s(()=>{},"complete"),c=[n,...i,o,...a,u];e[r](...c)}},Bc=th;var yO=B(require("@koa/router"));var Dn=class{constructor(){this.endpoints=[];this.middlewares=[];this.outputMiddlewares=[];this.applied=!1;this.locked=!1}static{s(this,"EndpointGroup")}addGroupMiddleware(e,r={first:!0}){if(this.locked)throw new Error("Group locked, no more middleware can be added.");return this.middlewares.push({fn:e,first:r.first}),this}addGroupMiddlewareOutput(e,r={first:!1}){if(this.locked)throw new Error("Group locked, no more middleware can be added.");return this.outputMiddlewares.push({fn:e,first:r.first}),this}addEndpoint(e,r,...n){let i=n.pop(),o=new Bc(e,r,i);if(n.length!==0)for(let a of n)o.addMiddleware(a);return this.endpoints.push(o),this}lockMiddleware(){this.locked=!0}post(e,...r){return this.addEndpoint("post",e,...r)}patch(e,...r){return this.addEndpoint("patch",e,...r)}put(e,...r){return this.addEndpoint("put",e,...r)}get(e,...r){return this.addEndpoint("get",e,...r)}delete(e,...r){return this.addEndpoint("delete",e,...r)}head(e,...r){return this.addEndpoint("head",e,...r)}apply(e){let r=this.endpointList();e||(e=new yO.default);for(let n of r)n.apply(e);return e}endpointList(){if(this.applied)throw new Error("Already applied to router");this.applied=!0;for(let e of this.endpoints)this.middlewares.forEach(({fn:r,first:n})=>e.addMiddleware(r,{first:n})),this.outputMiddlewares.forEach(({fn:r,first:n})=>e.addOutputMiddleware(r,{first:n}));return this.endpoints}};var Wo=class{constructor(){this.groups=[]}static{s(this,"EndpointGroupList")}group(...e){let r=new Dn;return e.length&&e.forEach(n=>{"first"in n?r.addGroupMiddleware(n.middleware,{first:n.first}):r.addGroupMiddleware(n)}),this.groups.push(r),r}listAllEndpoints(){let e=this.groups.flatMap(i=>i.endpointList()),r=[],n=[];for(let i of e)i.url.includes(":")?n.push(i):r.push(i);return[...r,...n]}};var fM={...Ks,...ue},pM=s((t={})=>{Xa(t.db)},"init");0&&(module.exports={APIWarning,ActiveContentFileError,AutomationViewMode,BUDIBASE_DATASOURCE_TYPE,BadRequestError,BudibaseError,Config,Cookie,DEFAULT_BB_DATASOURCE_ID,DEFAULT_EMPLOYEE_TABLE_ID,DEFAULT_EXPENSES_TABLE_ID,DEFAULT_INVENTORY_TABLE_ID,DEFAULT_JOBS_TABLE_ID,DEFAULT_TENANT_ID,DeprecatedViews,DesignDocuments,DocumentType,Duration,DurationType,EmailUnavailableError,Endpoint,EndpointGroup,EndpointGroupList,FeatureDisabledError,FeatureDisabledWarning,ForbiddenError,GlobalRole,HTTPError,Header,InternalTable,InvalidAPIKeyWarning,MAX_VALID_DATE,MIN_VALID_DATE,NotFoundError,NotImplementedError,RedisClient,SEPARATOR,SQLITE_DESIGN_DOC_ID,SQS_DATASOURCE_INTERNAL,StaticDatabases,UNICODE_MAX,USER_METADATA_PREFIX,UnexpectedError,UsageLimitError,UsageLimitWarning,UserStatus,ViewName,WORKSPACE_DEV,WORKSPACE_DEV_PREFIX,WORKSPACE_PREFIX,accounts,auth,blacklist,cache,configs,constants,context,csv,db,docIds,docUpdates,encryption,env,errors,events,features,getErrorMessage,getPublicError,init,installation,locks,logging,middleware,objectStore,permissions,platform,plugins,queue,redis,roles,security,sessions,setEnv,sql,tenancy,timers,userUtils,users,utils,warnings,withEnv});
|
|
39
39
|
//# sourceMappingURL=index.js.map
|