npm - @kyro-cms/core - Versions diffs - 0.9.5 → 0.9.6 - Mend

@kyro-cms/core 0.9.5 → 0.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

package/dist/api-handler-graphql.cjs +10 -10
package/dist/api-handler-graphql.js +6 -6
package/dist/api-handler-trpc.cjs +8 -8
package/dist/api-handler-trpc.js +6 -6
package/dist/api-handler.cjs +9 -9
package/dist/api-handler.js +6 -6
package/dist/{chunk-YFAVQQTU.js → chunk-AX2TZRQJ.js} +3 -3
package/dist/{chunk-YFAVQQTU.js.map → chunk-AX2TZRQJ.js.map} +1 -1
package/dist/{chunk-5H3MWQJS.js → chunk-CMXVTUYV.js} +12 -12
package/dist/chunk-CMXVTUYV.js.map +1 -0
package/dist/{chunk-E2763JUP.cjs → chunk-DRVOUQMT.cjs} +27 -27
package/dist/chunk-DRVOUQMT.cjs.map +1 -0
package/dist/{chunk-4M7X5HAB.cjs → chunk-FKKQUMXR.cjs} +109 -3
package/dist/chunk-FKKQUMXR.cjs.map +1 -0
package/dist/{chunk-PV2I2KMI.cjs → chunk-HVCUIII2.cjs} +21 -75
package/dist/chunk-HVCUIII2.cjs.map +1 -0
package/dist/{chunk-CJONKRHJ.js → chunk-NZEUU7QB.js} +108 -3
package/dist/chunk-NZEUU7QB.js.map +1 -0
package/dist/{chunk-NWUEVLQT.cjs → chunk-OZ3CCTTA.cjs} +5 -5
package/dist/{chunk-NWUEVLQT.cjs.map → chunk-OZ3CCTTA.cjs.map} +1 -1
package/dist/chunk-PONTBXR5.js +842 -0
package/dist/chunk-PONTBXR5.js.map +1 -0
package/dist/{chunk-CNKT4PME.cjs → chunk-QVJNSAQL.cjs} +71 -149
package/dist/chunk-QVJNSAQL.cjs.map +1 -0
package/dist/{chunk-OHC6UHFY.js → chunk-QX3WNQ7V.js} +18 -72
package/dist/chunk-QX3WNQ7V.js.map +1 -0
package/dist/chunk-RRKCIAPU.cjs +848 -0
package/dist/chunk-RRKCIAPU.cjs.map +1 -0
package/dist/{chunk-IPTZM3VE.js → chunk-VLK5SJRI.js} +56 -134
package/dist/chunk-VLK5SJRI.js.map +1 -0
package/dist/graphql/index.cjs +8 -4
package/dist/graphql/index.d.cts +4 -1
package/dist/graphql/index.d.ts +4 -1
package/dist/graphql/index.js +2 -2
package/dist/index.cjs +57 -57
package/dist/index.js +6 -6
package/dist/rest/index.cjs +4 -4
package/dist/rest/index.js +2 -2
package/dist/trpc/index.cjs +11 -11
package/dist/trpc/index.js +2 -2
package/package.json +2 -2
package/dist/chunk-3HR772HI.cjs +0 -555
package/dist/chunk-3HR772HI.cjs.map +0 -1
package/dist/chunk-4M7X5HAB.cjs.map +0 -1
package/dist/chunk-5H3MWQJS.js.map +0 -1
package/dist/chunk-CJONKRHJ.js.map +0 -1
package/dist/chunk-CNKT4PME.cjs.map +0 -1
package/dist/chunk-E2763JUP.cjs.map +0 -1
package/dist/chunk-IPTZM3VE.js.map +0 -1
package/dist/chunk-L5UKKZQN.js +0 -552
package/dist/chunk-L5UKKZQN.js.map +0 -1
package/dist/chunk-OHC6UHFY.js.map +0 -1
package/dist/chunk-PV2I2KMI.cjs.map +0 -1

package/dist/chunk-3HR772HI.cjs DELETED Viewed

@@ -1,555 +0,0 @@
-'use strict';
-var chunk4M7X5HAB_cjs = require('./chunk-4M7X5HAB.cjs');
-var chunkNKPKR5BW_cjs = require('./chunk-NKPKR5BW.cjs');
-var graphql = require('graphql');
-async function checkGraphQLAccess(collection, operation, context) {
-  const accessRule = collection.access?.[operation];
-  if (context.apiKey?.permissions?.length > 0) {
-    const resource = collection.slug;
-    const action = operation === "read" ? "read" : operation === "create" ? "create" : "update";
-    const permission = `${resource}:${action}`;
-    if (!chunk4M7X5HAB_cjs.hasApiKeyPermission(context.apiKey.permissions, permission) && !chunk4M7X5HAB_cjs.hasApiKeyPermission(context.apiKey.permissions, `${resource}:admin`)) {
-      return { allowed: false };
-    }
-  }
-  if (context.user) {
-    const resource = collection.slug;
-    const action = operation === "read" ? "read" : operation === "create" ? "create" : operation === "update" ? "update" : "delete";
-    const permission = `${resource}:${action}`;
-    const userHasPermission = chunkNKPKR5BW_cjs.hasPermission(
-      { id: context.user.id, email: context.user.email, role: context.user.role },
-      permission
-    );
-    if (!userHasPermission && !chunkNKPKR5BW_cjs.hasPermission(
-      { id: context.user.id, email: context.user.email, role: context.user.role },
-      `${resource}:admin`
-    )) {
-      if (!accessRule) {
-        return { allowed: false };
-      }
-    }
-  }
-  if (!accessRule) {
-    if (!context.user && !context.apiKey) {
-      return { allowed: false };
-    }
-    return { allowed: true };
-  }
-  const result = await chunk4M7X5HAB_cjs.evaluateAccess(accessRule, {
-    req: context.req,
-    user: context.user,
-    tenantID: context.tenantID
-  });
-  if (typeof result === "boolean") {
-    return { allowed: result };
-  }
-  return { allowed: true, extraWhere: result };
-}
-async function checkGlobalAccess(global, operation, context) {
-  const accessRule = global.access?.[operation];
-  if (!accessRule) {
-    if (!context.user) {
-      return { allowed: false };
-    }
-    const userRole = context.user.role;
-    if (userRole === "super_admin" || userRole === "admin") {
-      return { allowed: true };
-    }
-    return { allowed: false };
-  }
-  const result = await chunk4M7X5HAB_cjs.evaluateAccess(accessRule, {
-    req: context.req,
-    user: context.user,
-    tenantID: context.tenantID
-  });
-  if (typeof result === "boolean") {
-    return { allowed: result };
-  }
-  return { allowed: true };
-}
-function fieldToGraphQLType(field, registry, collectionTypes, isInputType = false) {
-  switch (field.type) {
-    case "text":
-    case "email":
-    case "password":
-    case "textarea":
-    case "color":
-    case "code":
-    case "markdown":
-    case "date":
-    case "select":
-    case "radio":
-    case "upload":
-      return graphql.GraphQLString;
-    case "number":
-      return field.integer ? graphql.GraphQLInt : graphql.GraphQLFloat;
-    case "checkbox":
-      return graphql.GraphQLBoolean;
-    case "json":
-    case "richtext":
-      return graphql.GraphQLString;
-    // JSON as string
-    case "relationship":
-      if (typeof field.relationTo === "string") {
-        if (isInputType) {
-          return graphql.GraphQLString;
-        }
-        if (collectionTypes?.[field.relationTo]) {
-          return collectionTypes[field.relationTo];
-        }
-        const relatedCollection = registry.getCollection(field.relationTo);
-        if (relatedCollection) {
-          return new graphql.GraphQLObjectType({
-            name: `${field.relationTo}_ref`,
-            fields: () => ({
-              id: { type: graphql.GraphQLString },
-              ...buildFieldsFromCollection(relatedCollection, registry, collectionTypes)
-            })
-          });
-        }
-      }
-      return graphql.GraphQLString;
-    case "array":
-      return new graphql.GraphQLList(graphql.GraphQLString);
-    // Simplified
-    case "group":
-      return graphql.GraphQLString;
-    // Simplified - JSON string
-    case "blocks":
-      return new graphql.GraphQLList(graphql.GraphQLString);
-    // Simplified
-    case "row":
-    case "collapsible":
-    case "tabs":
-      return graphql.GraphQLString;
-    default:
-      return graphql.GraphQLString;
-  }
-}
-function buildFieldsFromCollection(config, registry, collectionTypes) {
-  const fields = {};
-  for (const field of config.fields) {
-    if (field.name && field.admin?.hidden !== true) {
-      fields[field.name] = {
-        type: field.required ? new graphql.GraphQLNonNull(fieldToGraphQLType(field, registry, collectionTypes)) : fieldToGraphQLType(field, registry, collectionTypes),
-        description: field.admin?.description || field.label
-      };
-    }
-  }
-  return fields;
-}
-function buildGraphQLSchema(options) {
-  const { registry, db, user, req, tenantID, apiKey, settings } = options;
-  const apiAccess = settings?.access?.apiAccess;
-  if (apiAccess?.graphqlEnabled === false) {
-    throw new Error("GraphQL API is disabled");
-  }
-  const collections = registry.getCollections();
-  const globals = registry.getGlobals();
-  const collectionTypes = {};
-  const collectionInputTypes = {};
-  for (const collection of collections) {
-    collectionTypes[collection.slug] = new graphql.GraphQLObjectType({
-      name: `${collection.slug.replace(/-/g, "_")}_type`,
-      fields: () => ({
-        id: { type: graphql.GraphQLString },
-        ...buildFieldsFromCollection(collection, registry, collectionTypes),
-        ...collection.timestamps ? {
-          createdAt: { type: graphql.GraphQLString },
-          updatedAt: { type: graphql.GraphQLString }
-        } : {},
-        ...collection.tenantScoped ? {
-          tenantID: { type: graphql.GraphQLString }
-        } : {}
-      })
-    });
-    const inputFields = {};
-    for (const field of collection.fields) {
-      if (field.name && field.name !== "id") {
-        inputFields[field.name] = {
-          type: fieldToGraphQLType(field, registry, collectionTypes, true)
-        };
-      }
-    }
-    collectionInputTypes[collection.slug] = new graphql.GraphQLInputObjectType({
-      name: `${collection.slug.replace(/-/g, "_")}_input`,
-      fields: () => inputFields
-    });
-  }
-  const globalTypes = {};
-  const globalInputTypes = {};
-  for (const global of globals) {
-    globalTypes[global.slug] = new graphql.GraphQLObjectType({
-      name: `${global.slug.replace(/-/g, "_")}_global_type`,
-      fields: () => ({
-        id: { type: graphql.GraphQLString },
-        ...buildFieldsFromCollection(
-          { slug: global.slug, fields: global.fields },
-          registry,
-          collectionTypes
-        )
-      })
-    });
-    globalInputTypes[global.slug] = new graphql.GraphQLInputObjectType({
-      name: `${global.slug.replace(/-/g, "_")}_global_input`,
-      fields: () => {
-        const inputFields = {};
-        for (const field of global.fields) {
-          if (field.name && field.name !== "id") {
-            inputFields[field.name] = {
-              type: fieldToGraphQLType(field, registry, collectionTypes, true)
-            };
-          }
-        }
-        return inputFields;
-      }
-    });
-  }
-  const queryFields = {};
-  for (const collection of collections) {
-    const type = collectionTypes[collection.slug];
-    if (!type) continue;
-    queryFields[`${collection.slug.replace(/-/g, "_")}Find`] = {
-      type: new graphql.GraphQLObjectType({
-        name: `${collection.slug.replace(/-/g, "_")}_find_result`,
-        fields: {
-          docs: { type: new graphql.GraphQLList(type) },
-          totalDocs: { type: graphql.GraphQLInt },
-          page: { type: graphql.GraphQLInt },
-          totalPages: { type: graphql.GraphQLInt },
-          hasNextPage: { type: graphql.GraphQLBoolean },
-          hasPrevPage: { type: graphql.GraphQLBoolean }
-        }
-      }),
-      args: {
-        where: { type: graphql.GraphQLString },
-        sort: { type: graphql.GraphQLString },
-        limit: { type: graphql.GraphQLInt },
-        page: { type: graphql.GraphQLInt },
-        draft: { type: graphql.GraphQLBoolean }
-      },
-      resolve: async (_, args, context) => {
-        const access = await checkGraphQLAccess(collection, "read", {
-          user,
-          req,
-          tenantID,
-          apiKey
-        });
-        if (!access.allowed) {
-          throw new Error("Access denied");
-        }
-        if (tenantID) {
-          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? "", role: user?.role, isSuperAdmin: user?.role === "super_admin" });
-        }
-        let where = {};
-        if (args.where) {
-          try {
-            where = JSON.parse(args.where);
-          } catch {
-          }
-        }
-        if (access.extraWhere) {
-          where = { ...where, ...access.extraWhere };
-        }
-        const isDraft = args.draft ?? !!user;
-        return db.find({
-          collection: collection.slug,
-          where,
-          sort: args.sort,
-          limit: args.limit || 10,
-          page: args.page || 1,
-          tenantID,
-          draft: isDraft
-        });
-      }
-    };
-    queryFields[`${collection.slug.replace(/-/g, "_")}FindByID`] = {
-      type,
-      args: {
-        id: { type: new graphql.GraphQLNonNull(graphql.GraphQLString) },
-        draft: { type: graphql.GraphQLBoolean }
-      },
-      resolve: async (_, args, context) => {
-        const access = await checkGraphQLAccess(collection, "read", {
-          user,
-          req,
-          tenantID,
-          apiKey
-        });
-        if (!access.allowed) {
-          throw new Error("Access denied");
-        }
-        if (tenantID) {
-          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? "", role: user?.role, isSuperAdmin: user?.role === "super_admin" });
-        }
-        const isDraft = args.draft ?? !!user;
-        const doc = await db.findByID({
-          collection: collection.slug,
-          id: args.id,
-          tenantID,
-          draft: isDraft
-        });
-        return doc;
-      }
-    };
-    queryFields[`${collection.slug.replace(/-/g, "_")}Count`] = {
-      type: new graphql.GraphQLObjectType({
-        name: `${collection.slug.replace(/-/g, "_")}_count`,
-        fields: {
-          totalDocs: { type: graphql.GraphQLInt }
-        }
-      }),
-      args: {
-        where: { type: graphql.GraphQLString }
-      },
-      resolve: async (_, args, context) => {
-        const access = await checkGraphQLAccess(collection, "read", {
-          user,
-          req,
-          tenantID,
-          apiKey
-        });
-        if (!access.allowed) {
-          return { totalDocs: 0 };
-        }
-        let where = {};
-        if (args.where) {
-          try {
-            where = JSON.parse(args.where);
-          } catch {
-          }
-        }
-        const count = await db.count({
-          collection: collection.slug,
-          where,
-          tenantID
-        });
-        return { totalDocs: count };
-      }
-    };
-  }
-  for (const global of globals) {
-    const type = globalTypes[global.slug];
-    if (!type) continue;
-    queryFields[`${global.slug.replace(/-/g, "_")}Get`] = {
-      type,
-      resolve: async () => {
-        const access = await checkGlobalAccess(global, "read", {
-          user,
-          req,
-          tenantID
-        });
-        if (!access.allowed) {
-          throw new Error("Access denied: cannot read global");
-        }
-        if (tenantID) {
-          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? "", role: user?.role, isSuperAdmin: user?.role === "super_admin" });
-        }
-        return db.findOne({
-          collection: `_globals_${global.slug}`,
-          where: {},
-          tenantID
-        });
-      }
-    };
-  }
-  const Query = new graphql.GraphQLObjectType({
-    name: "Query",
-    fields: queryFields
-  });
-  const mutationFields = {};
-  for (const collection of collections) {
-    const type = collectionTypes[collection.slug];
-    const inputType = collectionInputTypes[collection.slug];
-    if (!type || !inputType) continue;
-    mutationFields[`${collection.slug.replace(/-/g, "_")}Create`] = {
-      type: new graphql.GraphQLObjectType({
-        name: `${collection.slug.replace(/-/g, "_")}_create_result`,
-        fields: {
-          doc: { type },
-          message: { type: graphql.GraphQLString }
-        }
-      }),
-      args: {
-        data: { type: new graphql.GraphQLNonNull(inputType) }
-      },
-      resolve: async (_, args, context) => {
-        const access = await checkGraphQLAccess(collection, "create", {
-          user,
-          req,
-          tenantID,
-          apiKey
-        });
-        if (!access.allowed) {
-          throw new Error("Access denied: cannot create");
-        }
-        if (tenantID) {
-          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? "", role: user?.role, isSuperAdmin: user?.role === "super_admin" });
-        }
-        const schema = registry.getCreateZodSchema(collection.slug);
-        const validated = schema.parse(args.data);
-        const doc = await db.create({
-          collection: collection.slug,
-          data: validated,
-          tenantID
-        });
-        return { doc, message: "Created successfully" };
-      }
-    };
-    mutationFields[`${collection.slug.replace(/-/g, "_")}Update`] = {
-      type: new graphql.GraphQLObjectType({
-        name: `${collection.slug.replace(/-/g, "_")}_update_result`,
-        fields: {
-          doc: { type },
-          message: { type: graphql.GraphQLString }
-        }
-      }),
-      args: {
-        id: { type: new graphql.GraphQLNonNull(graphql.GraphQLString) },
-        data: { type: new graphql.GraphQLNonNull(inputType) },
-        baseUpdatedAt: { type: graphql.GraphQLString }
-      },
-      resolve: async (_, args, context) => {
-        const access = await checkGraphQLAccess(collection, "update", {
-          user,
-          req,
-          tenantID,
-          apiKey
-        });
-        if (!access.allowed) {
-          throw new Error("Access denied: cannot update");
-        }
-        if (tenantID) {
-          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? "", role: user?.role, isSuperAdmin: user?.role === "super_admin" });
-        }
-        if (args.baseUpdatedAt) {
-          const originalDoc = await db.findByID({
-            collection: collection.slug,
-            id: args.id,
-            tenantID,
-            draft: true
-          });
-          if (originalDoc && originalDoc.updatedAt && args.baseUpdatedAt !== originalDoc.updatedAt) {
-            throw new Error(`Revision conflict: document has changed since ${args.baseUpdatedAt}. Current updatedAt: ${originalDoc.updatedAt}`);
-          }
-        }
-        const schema = registry.getUpdateZodSchema(collection.slug);
-        const validated = schema.parse(args.data);
-        const doc = await db.update({
-          collection: collection.slug,
-          id: args.id,
-          data: validated,
-          tenantID
-        });
-        return { doc, message: "Updated successfully" };
-      }
-    };
-    mutationFields[`${collection.slug.replace(/-/g, "_")}Delete`] = {
-      type: new graphql.GraphQLObjectType({
-        name: `${collection.slug.replace(/-/g, "_")}_delete_result`,
-        fields: {
-          doc: { type },
-          message: { type: graphql.GraphQLString }
-        }
-      }),
-      args: {
-        id: { type: new graphql.GraphQLNonNull(graphql.GraphQLString) }
-      },
-      resolve: async (_, args, context) => {
-        const access = await checkGraphQLAccess(collection, "delete", {
-          user,
-          req,
-          tenantID,
-          apiKey
-        });
-        if (!access.allowed) {
-          throw new Error("Access denied: cannot delete");
-        }
-        if (tenantID) {
-          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? "", role: user?.role, isSuperAdmin: user?.role === "super_admin" });
-        }
-        const doc = await db.delete({
-          collection: collection.slug,
-          id: args.id,
-          tenantID
-        });
-        return { doc, message: "Deleted successfully" };
-      }
-    };
-  }
-  for (const global of globals) {
-    const inputType = globalInputTypes[global.slug];
-    if (!inputType) continue;
-    mutationFields[`${global.slug.replace(/-/g, "_")}Update`] = {
-      type: new graphql.GraphQLObjectType({
-        name: `${global.slug.replace(/-/g, "_")}_update_result`,
-        fields: {
-          doc: { type: globalTypes[global.slug] || graphql.GraphQLString },
-          message: { type: graphql.GraphQLString }
-        }
-      }),
-      args: {
-        data: { type: new graphql.GraphQLNonNull(inputType) }
-      },
-      resolve: async (_, args, context) => {
-        const access = await checkGlobalAccess(global, "update", {
-          user,
-          req,
-          tenantID
-        });
-        if (!access.allowed) {
-          throw new Error("Access denied: cannot update global");
-        }
-        if (tenantID) {
-          db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? "", role: user?.role, isSuperAdmin: user?.role === "super_admin" });
-        }
-        const doc = await db.findOne({
-          collection: `_globals_${global.slug}`,
-          where: {},
-          tenantID
-        });
-        let result;
-        if (doc) {
-          result = await db.update({
-            collection: `_globals_${global.slug}`,
-            id: doc.id,
-            data: args.data,
-            tenantID
-          });
-        } else {
-          result = await db.create({
-            collection: `_globals_${global.slug}`,
-            data: args.data,
-            tenantID
-          });
-        }
-        return { doc: result, message: "Updated successfully" };
-      }
-    };
-  }
-  const Mutation = new graphql.GraphQLObjectType({
-    name: "Mutation",
-    fields: mutationFields
-  });
-  return new graphql.GraphQLSchema({
-    query: Query,
-    mutation: Mutation
-  });
-}
-function createGraphQLSchema(registry, db, options) {
-  return buildGraphQLSchema({
-    registry,
-    db,
-    user: options?.user,
-    req: options?.req,
-    tenantID: options?.tenantID,
-    apiKey: options?.apiKey
-  });
-}
-exports.buildGraphQLSchema = buildGraphQLSchema;
-exports.createGraphQLSchema = createGraphQLSchema;
-//# sourceMappingURL=chunk-3HR772HI.cjs.map
-//# sourceMappingURL=chunk-3HR772HI.cjs.map

package/dist/chunk-3HR772HI.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../src/api/graphql/schema.ts"],"names":["hasApiKeyPermission","hasPermission","evaluateAccess","GraphQLString","GraphQLInt","GraphQLFloat","GraphQLBoolean","GraphQLObjectType","GraphQLList","GraphQLNonNull","GraphQLInputObjectType","GraphQLSchema"],"mappings":";;;;;;AA8BA,eAAe,kBAAA,CACb,UAAA,EACA,SAAA,EACA,OAAA,EACyD;AACzD,EAAA,MAAM,UAAA,GAAa,UAAA,CAAW,MAAA,GAAS,SAAS,CAAA;AAGhD,EAAA,IAAI,OAAA,CAAQ,MAAA,EAAQ,WAAA,EAAa,MAAA,GAAS,CAAA,EAAG;AAC3C,IAAA,MAAM,WAAW,UAAA,CAAW,IAAA;AAC5B,IAAA,MAAM,SAAS,SAAA,KAAc,MAAA,GAAS,MAAA,GAAS,SAAA,KAAc,WAAW,QAAA,GAAW,QAAA;AACnF,IAAA,MAAM,UAAA,GAAa,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AACxC,IAAA,IACE,CAACA,qCAAA,CAAoB,OAAA,CAAQ,MAAA,CAAO,aAAa,UAAU,CAAA,IAC3D,CAACA,qCAAA,CAAoB,QAAQ,MAAA,CAAO,WAAA,EAAa,CAAA,EAAG,QAAQ,QAAQ,CAAA,EACpE;AACA,MAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,IAC1B;AAAA,EACF;AAGA,EAAA,IAAI,QAAQ,IAAA,EAAM;AAChB,IAAA,MAAM,WAAW,UAAA,CAAW,IAAA;AAC5B,IAAA,MAAM,MAAA,GAAS,cAAc,MAAA,GAAS,MAAA,GAAS,cAAc,QAAA,GAAW,QAAA,GAAW,SAAA,KAAc,QAAA,GAAW,QAAA,GAAW,QAAA;AACvH,IAAA,MAAM,UAAA,GAAa,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AACxC,IAAA,MAAM,iBAAA,GAAoBC,+BAAA;AAAA,MACxB,EAAE,EAAA,EAAI,OAAA,CAAQ,IAAA,CAAK,EAAA,EAAI,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,KAAA,EAAO,IAAA,EAAM,OAAA,CAAQ,IAAA,CAAK,IAAA,EAAK;AAAA,MAC1E;AAAA,KACF;AACA,IAAA,IAAI,CAAC,qBAAqB,CAACA,+BAAA;AAAA,MACzB,EAAE,EAAA,EAAI,OAAA,CAAQ,IAAA,CAAK,EAAA,EAAI,KAAA,EAAO,OAAA,CAAQ,IAAA,CAAK,KAAA,EAAO,IAAA,EAAM,OAAA,CAAQ,IAAA,CAAK,IAAA,EAAK;AAAA,MAC1E,GAAG,QAAQ,CAAA,MAAA;AAAA,KACb,EAAG;AACD,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,MAC1B;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,IAAI,CAAC,OAAA,CAAQ,IAAA,IAAQ,CAAC,QAAQ,MAAA,EAAQ;AACpC,MAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,IAC1B;AACA,IAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AAAA,EACzB;AAEA,EAAA,MAAM,MAAA,GAAS,MAAMC,gCAAA,CAAe,UAAA,EAAY;AAAA,IAC9C,KAAK,OAAA,CAAQ,GAAA;AAAA,IACb,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,UAAU,OAAA,CAAQ;AAAA,GACnB,CAAA;AAED,EAAA,IAAI,OAAO,WAAW,SAAA,EAAW;AAC/B,IAAA,OAAO,EAAE,SAAS,MAAA,EAAO;AAAA,EAC3B;AAEA,EAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,UAAA,EAAY,MAAA,EAAO;AAC7C;AAEA,eAAe,iBAAA,CACb,MAAA,EACA,SAAA,EACA,OAAA,EAC+B;AAC/B,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,MAAA,GAAS,SAAS,CAAA;AAE5C,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,IAAI,CAAC,QAAQ,IAAA,EAAM;AACjB,MAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,IAC1B;AACA,IAAA,MAAM,QAAA,GAAW,QAAQ,IAAA,CAAK,IAAA;AAC9B,IAAA,IAAI,QAAA,KAAa,aAAA,IAAiB,QAAA,KAAa,OAAA,EAAS;AACtD,MAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AAAA,IACzB;AACA,IAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,EAC1B;AAEA,EAAA,MAAM,MAAA,GAAS,MAAMA,gCAAA,CAAe,UAAA,EAAY;AAAA,IAC9C,KAAK,OAAA,CAAQ,GAAA;AAAA,IACb,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,UAAU,OAAA,CAAQ;AAAA,GACnB,CAAA;AAED,EAAA,IAAI,OAAO,WAAW,SAAA,EAAW;AAC/B,IAAA,OAAO,EAAE,SAAS,MAAA,EAAO;AAAA,EAC3B;AAEA,EAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AACzB;AAMA,SAAS,kBAAA,CACP,KAAA,EACA,QAAA,EACA,eAAA,EACA,cAAc,KAAA,EACD;AACb,EAAA,QAAQ,MAAM,IAAA;AAAM,IAClB,KAAK,MAAA;AAAA,IACL,KAAK,OAAA;AAAA,IACL,KAAK,UAAA;AAAA,IACL,KAAK,UAAA;AAAA,IACL,KAAK,OAAA;AAAA,IACL,KAAK,MAAA;AAAA,IACL,KAAK,UAAA;AAAA,IACL,KAAK,MAAA;AAAA,IACL,KAAK,QAAA;AAAA,IACL,KAAK,OAAA;AAAA,IACL,KAAK,QAAA;AACH,MAAA,OAAOC,qBAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAO,KAAA,CAAM,UAAUC,kBAAA,GAAaC,oBAAA;AAAA,IACtC,KAAK,UAAA;AACH,MAAA,OAAOC,sBAAA;AAAA,IACT,KAAK,MAAA;AAAA,IACL,KAAK,UAAA;AACH,MAAA,OAAOH,qBAAA;AAAA;AAAA,IACT,KAAK,cAAA;AACH,MAAA,IAAI,OAAO,KAAA,CAAM,UAAA,KAAe,QAAA,EAAU;AACxC,QAAA,IAAI,WAAA,EAAa;AACf,UAAA,OAAOA,qBAAA;AAAA,QACT;AACA,QAAA,IAAI,eAAA,GAAkB,KAAA,CAAM,UAAU,CAAA,EAAG;AACvC,UAAA,OAAO,eAAA,CAAgB,MAAM,UAAU,CAAA;AAAA,QACzC;AACA,QAAA,MAAM,iBAAA,GAAoB,QAAA,CAAS,aAAA,CAAc,KAAA,CAAM,UAAU,CAAA;AACjE,QAAA,IAAI,iBAAA,EAAmB;AACrB,UAAA,OAAO,IAAII,yBAAA,CAAkB;AAAA,YAC3B,IAAA,EAAM,CAAA,EAAG,KAAA,CAAM,UAAU,CAAA,IAAA,CAAA;AAAA,YACzB,QAAQ,OAAO;AAAA,cACb,EAAA,EAAI,EAAE,IAAA,EAAMJ,qBAAA,EAAc;AAAA,cAC1B,GAAG,yBAAA,CAA0B,iBAAA,EAAmB,QAAA,EAAU,eAAe;AAAA,aAC3E;AAAA,WACD,CAAA;AAAA,QACH;AAAA,MACF;AACA,MAAA,OAAOA,qBAAA;AAAA,IACT,KAAK,OAAA;AACH,MAAA,OAAO,IAAIK,oBAAYL,qBAAa,CAAA;AAAA;AAAA,IACtC,KAAK,OAAA;AACH,MAAA,OAAOA,qBAAA;AAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAO,IAAIK,oBAAYL,qBAAa,CAAA;AAAA;AAAA,IACtC,KAAK,KAAA;AAAA,IACL,KAAK,aAAA;AAAA,IACL,KAAK,MAAA;AACH,MAAA,OAAOA,qBAAA;AAAA,IACT;AACE,MAAA,OAAOA,qBAAA;AAAA;AAEb;AAEA,SAAS,yBAAA,CACP,MAAA,EACA,QAAA,EACA,eAAA,EAC8C;AAC9C,EAAA,MAAM,SAAuD,EAAC;AAE9D,EAAA,KAAA,MAAW,KAAA,IAAS,OAAO,MAAA,EAAQ;AACjC,IAAA,IAAI,KAAA,CAAM,IAAA,IAAQ,KAAA,CAAM,KAAA,EAAO,WAAW,IAAA,EAAM;AAC9C,MAAA,MAAA,CAAO,KAAA,CAAM,IAAI,CAAA,GAAI;AAAA,QACnB,IAAA,EAAM,KAAA,CAAM,QAAA,GACR,IAAIM,uBAAe,kBAAA,CAAmB,KAAA,EAAO,QAAA,EAAU,eAAe,CAAQ,CAAA,GAC7E,kBAAA,CAAmB,KAAA,EAAO,UAAU,eAAe,CAAA;AAAA,QACxD,WAAA,EAAa,KAAA,CAAM,KAAA,EAAO,WAAA,IAAe,KAAA,CAAM;AAAA,OACjD;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAgBO,SAAS,mBACd,OAAA,EACe;AACf,EAAA,MAAM,EAAE,UAAU,EAAA,EAAI,IAAA,EAAM,KAAK,QAAA,EAAU,MAAA,EAAQ,UAAS,GAAI,OAAA;AAGhE,EAAA,MAAM,SAAA,GAAY,UAAU,MAAA,EAAQ,SAAA;AACpC,EAAA,IAAI,SAAA,EAAW,mBAAmB,KAAA,EAAO;AACvC,IAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,EAC3C;AAEA,EAAA,MAAM,WAAA,GAAc,SAAS,cAAA,EAAe;AAC5C,EAAA,MAAM,OAAA,GAAU,SAAS,UAAA,EAAW;AAGpC,EAAA,MAAM,kBAAqD,EAAC;AAC5D,EAAA,MAAM,uBAA+D,EAAC;AAEtE,EAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AAEpC,IAAA,eAAA,CAAgB,UAAA,CAAW,IAAI,CAAA,GAAI,IAAIF,yBAAA,CAAkB;AAAA,MACvD,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,KAAA,CAAA;AAAA,MAC3C,QAAQ,OAAO;AAAA,QACb,EAAA,EAAI,EAAE,IAAA,EAAMJ,qBAAA,EAAc;AAAA,QAC1B,GAAG,yBAAA,CAA0B,UAAA,EAAY,QAAA,EAAU,eAAe,CAAA;AAAA,QAClE,GAAI,WAAW,UAAA,GACX;AAAA,UACE,SAAA,EAAW,EAAE,IAAA,EAAMA,qBAAA,EAAc;AAAA,UACjC,SAAA,EAAW,EAAE,IAAA,EAAMA,qBAAA;AAAc,YAEnC,EAAC;AAAA,QACL,GAAI,WAAW,YAAA,GACX;AAAA,UACE,QAAA,EAAU,EAAE,IAAA,EAAMA,qBAAA;AAAc,YAElC;AAAC,OACP;AAAA,KACD,CAAA;AAGD,IAAA,MAAM,cAAqD,EAAC;AAC5D,IAAA,KAAA,MAAW,KAAA,IAAS,WAAW,MAAA,EAAQ;AACrC,MAAA,IAAI,KAAA,CAAM,IAAA,IAAQ,KAAA,CAAM,IAAA,KAAS,IAAA,EAAM;AACrC,QAAA,WAAA,CAAY,KAAA,CAAM,IAAI,CAAA,GAAI;AAAA,UACxB,IAAA,EAAM,kBAAA,CAAmB,KAAA,EAAO,QAAA,EAAU,iBAAiB,IAAI;AAAA,SACjE;AAAA,MACF;AAAA,IACF;AAEA,IAAA,oBAAA,CAAqB,UAAA,CAAW,IAAI,CAAA,GAAI,IAAIO,8BAAA,CAAuB;AAAA,MACjE,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,MAAA,CAAA;AAAA,MAC3C,QAAQ,MAAM;AAAA,KACf,CAAA;AAAA,EACH;AAGA,EAAA,MAAM,cAAiD,EAAC;AACxD,EAAA,MAAM,mBAA2D,EAAC;AAElE,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,WAAA,CAAY,MAAA,CAAO,IAAI,CAAA,GAAI,IAAIH,yBAAA,CAAkB;AAAA,MAC/C,MAAM,CAAA,EAAG,MAAA,CAAO,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,YAAA,CAAA;AAAA,MACvC,QAAQ,OAAO;AAAA,QACb,EAAA,EAAI,EAAE,IAAA,EAAMJ,qBAAA,EAAc;AAAA,QAC1B,GAAG,yBAAA;AAAA,UACD,EAAE,IAAA,EAAM,MAAA,CAAO,IAAA,EAAM,MAAA,EAAQ,OAAO,MAAA,EAAO;AAAA,UAC3C,QAAA;AAAA,UACA;AAAA;AACF,OACF;AAAA,KACD,CAAA;AAED,IAAA,gBAAA,CAAiB,MAAA,CAAO,IAAI,CAAA,GAAI,IAAIO,8BAAA,CAAuB;AAAA,MACzD,MAAM,CAAA,EAAG,MAAA,CAAO,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,aAAA,CAAA;AAAA,MACvC,QAAQ,MAAM;AACZ,QAAA,MAAM,cAAqD,EAAC;AAC5D,QAAA,KAAA,MAAW,KAAA,IAAS,OAAO,MAAA,EAAQ;AACjC,UAAA,IAAI,KAAA,CAAM,IAAA,IAAQ,KAAA,CAAM,IAAA,KAAS,IAAA,EAAM;AACrC,YAAA,WAAA,CAAY,KAAA,CAAM,IAAI,CAAA,GAAI;AAAA,cACxB,IAAA,EAAM,kBAAA,CAAmB,KAAA,EAAO,QAAA,EAAU,iBAAiB,IAAI;AAAA,aACjE;AAAA,UACF;AAAA,QACF;AACA,QAAA,OAAO,WAAA;AAAA,MACT;AAAA,KACD,CAAA;AAAA,EACH;AAGA,EAAA,MAAM,cAA4D,EAAC;AAGnE,EAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AACpC,IAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,UAAA,CAAW,IAAI,CAAA;AAC5C,IAAA,IAAI,CAAC,IAAA,EAAM;AAGX,IAAA,WAAA,CAAY,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,MAAM,CAAA,GAAI;AAAA,MACzD,IAAA,EAAM,IAAIH,yBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,YAAA,CAAA;AAAA,QAC3C,MAAA,EAAQ;AAAA,UACN,MAAM,EAAE,IAAA,EAAM,IAAIC,mBAAA,CAAY,IAAI,CAAA,EAAE;AAAA,UACpC,SAAA,EAAW,EAAE,IAAA,EAAMJ,kBAAA,EAAW;AAAA,UAC9B,IAAA,EAAM,EAAE,IAAA,EAAMA,kBAAA,EAAW;AAAA,UACzB,UAAA,EAAY,EAAE,IAAA,EAAMA,kBAAA,EAAW;AAAA,UAC/B,WAAA,EAAa,EAAE,IAAA,EAAME,sBAAA,EAAe;AAAA,UACpC,WAAA,EAAa,EAAE,IAAA,EAAMA,sBAAA;AAAe;AACtC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,KAAA,EAAO,EAAE,IAAA,EAAMH,qBAAA,EAAc;AAAA,QAC7B,IAAA,EAAM,EAAE,IAAA,EAAMA,qBAAA,EAAc;AAAA,QAC5B,KAAA,EAAO,EAAE,IAAA,EAAMC,kBAAA,EAAW;AAAA,QAC1B,IAAA,EAAM,EAAE,IAAA,EAAMA,kBAAA,EAAW;AAAA,QACzB,KAAA,EAAO,EAAE,IAAA,EAAME,sBAAA;AAAe,OAChC;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,MAAA,EAAQ;AAAA,UAC1D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,eAAe,CAAA;AAAA,QACjC;AAEA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AAEA,QAAA,IAAI,QAAQ,EAAC;AACb,QAAA,IAAI,KAAK,KAAA,EAAO;AACd,UAAA,IAAI;AACF,YAAA,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,KAAK,CAAA;AAAA,UAC/B,CAAA,CAAA,MAAQ;AAAA,UAAC;AAAA,QACX;AAEA,QAAA,IAAI,OAAO,UAAA,EAAY;AACrB,UAAA,KAAA,GAAQ,EAAE,GAAG,KAAA,EAAO,GAAG,OAAO,UAAA,EAAW;AAAA,QAC3C;AAEA,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,IAAS,CAAC,CAAC,IAAA;AAEhC,QAAA,OAAO,GAAG,IAAA,CAAK;AAAA,UACb,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,KAAA;AAAA,UACA,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,KAAA,EAAO,KAAK,KAAA,IAAS,EAAA;AAAA,UACrB,IAAA,EAAM,KAAK,IAAA,IAAQ,CAAA;AAAA,UACnB,QAAA;AAAA,UACA,KAAA,EAAO;AAAA,SACR,CAAA;AAAA,MACH;AAAA,KACF;AAGA,IAAA,WAAA,CAAY,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,UAAU,CAAA,GAAI;AAAA,MAC7D,IAAA;AAAA,MACA,IAAA,EAAM;AAAA,QACJ,IAAI,EAAE,IAAA,EAAM,IAAIG,sBAAA,CAAeN,qBAAa,CAAA,EAAE;AAAA,QAC9C,KAAA,EAAO,EAAE,IAAA,EAAMG,sBAAA;AAAe,OAChC;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,MAAA,EAAQ;AAAA,UAC1D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,eAAe,CAAA;AAAA,QACjC;AAEA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AAEA,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,IAAS,CAAC,CAAC,IAAA;AAChC,QAAA,MAAM,GAAA,GAAM,MAAM,EAAA,CAAG,QAAA,CAAS;AAAA,UAC5B,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,QAAA;AAAA,UACA,KAAA,EAAO;AAAA,SACR,CAAA;AACD,QAAA,OAAO,GAAA;AAAA,MACT;AAAA,KACF;AAGA,IAAA,WAAA,CAAY,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,OAAO,CAAA,GAAI;AAAA,MAC1D,IAAA,EAAM,IAAIC,yBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,MAAA,CAAA;AAAA,QAC3C,MAAA,EAAQ;AAAA,UACN,SAAA,EAAW,EAAE,IAAA,EAAMH,kBAAA;AAAW;AAChC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,KAAA,EAAO,EAAE,IAAA,EAAMD,qBAAA;AAAc,OAC/B;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,MAAA,EAAQ;AAAA,UAC1D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,OAAO,EAAE,WAAW,CAAA,EAAE;AAAA,QACxB;AACA,QAAA,IAAI,QAAQ,EAAC;AACb,QAAA,IAAI,KAAK,KAAA,EAAO;AACd,UAAA,IAAI;AACF,YAAA,KAAA,GAAQ,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,KAAK,CAAA;AAAA,UAC/B,CAAA,CAAA,MAAQ;AAAA,UAAC;AAAA,QACX;AACA,QAAA,MAAM,KAAA,GAAQ,MAAM,EAAA,CAAG,KAAA,CAAM;AAAA,UAC3B,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,KAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,OAAO,EAAE,WAAW,KAAA,EAAM;AAAA,MAC5B;AAAA,KACF;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,IAAA,GAAO,WAAA,CAAY,MAAA,CAAO,IAAI,CAAA;AACpC,IAAA,IAAI,CAAC,IAAA,EAAM;AAEX,IAAA,WAAA,CAAY,CAAA,EAAG,OAAO,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,KAAK,CAAA,GAAI;AAAA,MACpD,IAAA;AAAA,MACA,SAAS,YAAY;AACnB,QAAA,MAAM,MAAA,GAAS,MAAM,iBAAA,CAAkB,MAAA,EAAQ,MAAA,EAAQ;AAAA,UACrD,IAAA;AAAA,UACA,GAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,mCAAmC,CAAA;AAAA,QACrD;AACA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AACA,QAAA,OAAO,GAAG,OAAA,CAAQ;AAAA,UAChB,UAAA,EAAY,CAAA,SAAA,EAAY,MAAA,CAAO,IAAI,CAAA,CAAA;AAAA,UACnC,OAAO,EAAC;AAAA,UACR;AAAA,SACD,CAAA;AAAA,MACH;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,KAAA,GAAQ,IAAII,yBAAA,CAAkB;AAAA,IAClC,IAAA,EAAM,OAAA;AAAA,IACN,MAAA,EAAQ;AAAA,GACT,CAAA;AAGD,EAAA,MAAM,iBAA+D,EAAC;AAEtE,EAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AACpC,IAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,UAAA,CAAW,IAAI,CAAA;AAC5C,IAAA,MAAM,SAAA,GAAY,oBAAA,CAAqB,UAAA,CAAW,IAAI,CAAA;AACtD,IAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,SAAA,EAAW;AAGzB,IAAA,cAAA,CAAe,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,QAAQ,CAAA,GAAI;AAAA,MAC9D,IAAA,EAAM,IAAIA,yBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,cAAA,CAAA;AAAA,QAC3C,MAAA,EAAQ;AAAA,UACN,GAAA,EAAK,EAAE,IAAA,EAAK;AAAA,UACZ,OAAA,EAAS,EAAE,IAAA,EAAMJ,qBAAA;AAAc;AACjC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,MAAM,EAAE,IAAA,EAAM,IAAIM,sBAAA,CAAe,SAAS,CAAA;AAAE,OAC9C;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,QAAA,EAAU;AAAA,UAC5D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,8BAA8B,CAAA;AAAA,QAChD;AACA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AACA,QAAA,MAAM,MAAA,GAAS,QAAA,CAAS,kBAAA,CAAmB,UAAA,CAAW,IAAI,CAAA;AAE1D,QAAA,MAAM,SAAA,GAAY,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,IAAI,CAAA;AAExC,QAAA,MAAM,GAAA,GAAM,MAAM,EAAA,CAAG,MAAA,CAAO;AAAA,UAC1B,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,IAAA,EAAM,SAAA;AAAA,UACN;AAAA,SACD,CAAA;AAED,QAAA,OAAO,EAAE,GAAA,EAAK,OAAA,EAAS,sBAAA,EAAuB;AAAA,MAChD;AAAA,KACF;AAGA,IAAA,cAAA,CAAe,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,QAAQ,CAAA,GAAI;AAAA,MAC9D,IAAA,EAAM,IAAIF,yBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,cAAA,CAAA;AAAA,QAC3C,MAAA,EAAQ;AAAA,UACN,GAAA,EAAK,EAAE,IAAA,EAAK;AAAA,UACZ,OAAA,EAAS,EAAE,IAAA,EAAMJ,qBAAA;AAAc;AACjC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,IAAI,EAAE,IAAA,EAAM,IAAIM,sBAAA,CAAeN,qBAAa,CAAA,EAAE;AAAA,QAC9C,MAAM,EAAE,IAAA,EAAM,IAAIM,sBAAA,CAAe,SAAS,CAAA,EAAE;AAAA,QAC5C,aAAA,EAAe,EAAE,IAAA,EAAMN,qBAAA;AAAc,OACvC;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,QAAA,EAAU;AAAA,UAC5D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,8BAA8B,CAAA;AAAA,QAChD;AACA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AAGA,QAAA,IAAI,KAAK,aAAA,EAAe;AACtB,UAAA,MAAM,WAAA,GAAc,MAAM,EAAA,CAAG,QAAA,CAA8B;AAAA,YACzD,YAAY,UAAA,CAAW,IAAA;AAAA,YACvB,IAAI,IAAA,CAAK,EAAA;AAAA,YACT,QAAA;AAAA,YACA,KAAA,EAAO;AAAA,WACR,CAAA;AACD,UAAA,IAAI,eAAe,WAAA,CAAY,SAAA,IAAa,IAAA,CAAK,aAAA,KAAkB,YAAY,SAAA,EAAW;AACxF,YAAA,MAAM,IAAI,MAAM,CAAA,8CAAA,EAAiD,IAAA,CAAK,aAAa,CAAA,qBAAA,EAAwB,WAAA,CAAY,SAAS,CAAA,CAAE,CAAA;AAAA,UACpI;AAAA,QACF;AAEA,QAAA,MAAM,MAAA,GAAS,QAAA,CAAS,kBAAA,CAAmB,UAAA,CAAW,IAAI,CAAA;AAE1D,QAAA,MAAM,SAAA,GAAY,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,IAAI,CAAA;AAExC,QAAA,MAAM,GAAA,GAAM,MAAM,EAAA,CAAG,MAAA,CAAO;AAAA,UAC1B,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,IAAA,EAAM,SAAA;AAAA,UACN;AAAA,SACD,CAAA;AAED,QAAA,OAAO,EAAE,GAAA,EAAK,OAAA,EAAS,sBAAA,EAAuB;AAAA,MAChD;AAAA,KACF;AAGA,IAAA,cAAA,CAAe,CAAA,EAAG,WAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,QAAQ,CAAA,GAAI;AAAA,MAC9D,IAAA,EAAM,IAAII,yBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,UAAA,CAAW,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,cAAA,CAAA;AAAA,QAC3C,MAAA,EAAQ;AAAA,UACN,GAAA,EAAK,EAAE,IAAA,EAAK;AAAA,UACZ,OAAA,EAAS,EAAE,IAAA,EAAMJ,qBAAA;AAAc;AACjC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,IAAI,EAAE,IAAA,EAAM,IAAIM,sBAAA,CAAeN,qBAAa,CAAA;AAAE,OAChD;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,kBAAA,CAAmB,UAAA,EAAY,QAAA,EAAU;AAAA,UAC5D,IAAA;AAAA,UACA,GAAA;AAAA,UACA,QAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,8BAA8B,CAAA;AAAA,QAChD;AACA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AACA,QAAA,MAAM,GAAA,GAAM,MAAM,EAAA,CAAG,MAAA,CAAO;AAAA,UAC1B,YAAY,UAAA,CAAW,IAAA;AAAA,UACvB,IAAI,IAAA,CAAK,EAAA;AAAA,UACT;AAAA,SACD,CAAA;AAED,QAAA,OAAO,EAAE,GAAA,EAAK,OAAA,EAAS,sBAAA,EAAuB;AAAA,MAChD;AAAA,KACF;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,MAAA,CAAO,IAAI,CAAA;AAC9C,IAAA,IAAI,CAAC,SAAA,EAAW;AAEhB,IAAA,cAAA,CAAe,CAAA,EAAG,OAAO,IAAA,CAAK,OAAA,CAAQ,MAAM,GAAG,CAAC,QAAQ,CAAA,GAAI;AAAA,MAC1D,IAAA,EAAM,IAAII,yBAAA,CAAkB;AAAA,QAC1B,MAAM,CAAA,EAAG,MAAA,CAAO,KAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA,cAAA,CAAA;AAAA,QACvC,MAAA,EAAQ;AAAA,UACN,KAAK,EAAE,IAAA,EAAM,YAAY,MAAA,CAAO,IAAI,KAAKJ,qBAAA,EAAc;AAAA,UACvD,OAAA,EAAS,EAAE,IAAA,EAAMA,qBAAA;AAAc;AACjC,OACD,CAAA;AAAA,MACD,IAAA,EAAM;AAAA,QACJ,MAAM,EAAE,IAAA,EAAM,IAAIM,sBAAA,CAAe,SAAS,CAAA;AAAE,OAC9C;AAAA,MACA,OAAA,EAAS,OAAO,CAAA,EAAQ,IAAA,EAAW,OAAA,KAAiB;AAClD,QAAA,MAAM,MAAA,GAAS,MAAM,iBAAA,CAAkB,MAAA,EAAQ,QAAA,EAAU;AAAA,UACvD,IAAA;AAAA,UACA,GAAA;AAAA,UACA;AAAA,SACD,CAAA;AACD,QAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,UAAA,MAAM,IAAI,MAAM,qCAAqC,CAAA;AAAA,QACvD;AACA,QAAA,IAAI,QAAA,EAAU;AACZ,UAAA,EAAA,CAAG,gBAAA,CAAiB,EAAE,QAAA,EAAU,QAAA,EAAU,QAAQ,IAAA,EAAM,EAAA,IAAM,EAAA,EAAI,IAAA,EAAM,MAAM,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,IAAA,KAAS,eAAe,CAAA;AAAA,QAClI;AAEA,QAAA,MAAM,GAAA,GAAM,MAAM,EAAA,CAAG,OAAA,CAAQ;AAAA,UAC3B,UAAA,EAAY,CAAA,SAAA,EAAY,MAAA,CAAO,IAAI,CAAA,CAAA;AAAA,UACnC,OAAO,EAAC;AAAA,UACR;AAAA,SACD,CAAA;AAED,QAAA,IAAI,MAAA;AACJ,QAAA,IAAI,GAAA,EAAK;AACP,UAAA,MAAA,GAAS,MAAM,GAAG,MAAA,CAAO;AAAA,YACvB,UAAA,EAAY,CAAA,SAAA,EAAY,MAAA,CAAO,IAAI,CAAA,CAAA;AAAA,YACnC,IAAI,GAAA,CAAI,EAAA;AAAA,YACR,MAAM,IAAA,CAAK,IAAA;AAAA,YACX;AAAA,WACD,CAAA;AAAA,QACH,CAAA,MAAO;AACL,UAAA,MAAA,GAAS,MAAM,GAAG,MAAA,CAAO;AAAA,YACvB,UAAA,EAAY,CAAA,SAAA,EAAY,MAAA,CAAO,IAAI,CAAA,CAAA;AAAA,YACnC,MAAM,IAAA,CAAK,IAAA;AAAA,YACX;AAAA,WACD,CAAA;AAAA,QACH;AAEA,QAAA,OAAO,EAAE,GAAA,EAAK,MAAA,EAAQ,OAAA,EAAS,sBAAA,EAAuB;AAAA,MACxD;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,QAAA,GAAW,IAAIF,yBAAA,CAAkB;AAAA,IACrC,IAAA,EAAM,UAAA;AAAA,IACN,MAAA,EAAQ;AAAA,GACT,CAAA;AAED,EAAA,OAAO,IAAII,qBAAA,CAAc;AAAA,IACvB,KAAA,EAAO,KAAA;AAAA,IACP,QAAA,EAAU;AAAA,GACX,CAAA;AACH;AAMO,SAAS,mBAAA,CACd,QAAA,EACA,EAAA,EACA,OAAA,EAMe;AACf,EAAA,OAAO,kBAAA,CAAmB;AAAA,IACxB,QAAA;AAAA,IACA,EAAA;AAAA,IACA,MAAM,OAAA,EAAS,IAAA;AAAA,IACf,KAAK,OAAA,EAAS,GAAA;AAAA,IACd,UAAU,OAAA,EAAS,QAAA;AAAA,IACnB,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AACH","file":"chunk-3HR772HI.cjs","sourcesContent":["import {\n GraphQLSchema,\n GraphQLObjectType,\n GraphQLString,\n GraphQLInt,\n GraphQLBoolean,\n GraphQLFloat,\n GraphQLList,\n GraphQLNonNull,\n GraphQLInputObjectType,\n type GraphQLFieldConfig,\n type GraphQLType,\n} from \"graphql\";\nimport type {\n CollectionConfig,\n GlobalConfig,\n BaseAdapter,\n} from \"../../registry/types.js\";\nimport { Registry } from \"../../registry/index.js\";\nimport type { Field, SelectField } from \"../../fields/types.js\";\nimport { evaluateAccess, type WhereClause } from \"../../access/types.js\";\nimport type { User, Request } from \"../../hooks/types.js\";\nimport type { TenantContext } from \"../../auth/rls/tenant.js\";\nimport { hasApiKeyPermission } from \"../../auth/api-key.js\";\nimport { hasPermission } from \"../../auth/rbac/checker.js\";\n\n// ============================================================================\n// Access Control Helper\n// ============================================================================\n\nasync function checkGraphQLAccess(\n collection: { access?: any; slug: string },\n operation: \"read\" | \"create\" | \"update\" | \"delete\",\n context: { user?: User; req?: Request; tenantID?: string; apiKey?: any },\n): Promise<{ allowed: boolean; extraWhere?: WhereClause }> {\n const accessRule = collection.access?.[operation];\n\n // API key permission check\n if (context.apiKey?.permissions?.length > 0) {\n const resource = collection.slug;\n const action = operation === \"read\" ? \"read\" : operation === \"create\" ? \"create\" : \"update\";\n const permission = `${resource}:${action}`;\n if (\n !hasApiKeyPermission(context.apiKey.permissions, permission) &&\n !hasApiKeyPermission(context.apiKey.permissions, `${resource}:admin`)\n ) {\n return { allowed: false };\n }\n }\n\n // RBAC check for authenticated users\n if (context.user) {\n const resource = collection.slug;\n const action = operation === \"read\" ? \"read\" : operation === \"create\" ? \"create\" : operation === \"update\" ? \"update\" : \"delete\";\n const permission = `${resource}:${action}`;\n const userHasPermission = hasPermission(\n { id: context.user.id, email: context.user.email, role: context.user.role } as any,\n permission,\n );\n if (!userHasPermission && !hasPermission(\n { id: context.user.id, email: context.user.email, role: context.user.role } as any,\n `${resource}:admin`,\n )) {\n if (!accessRule) {\n return { allowed: false };\n }\n }\n }\n\n if (!accessRule) {\n if (!context.user && !context.apiKey) {\n return { allowed: false };\n }\n return { allowed: true };\n }\n\n const result = await evaluateAccess(accessRule, {\n req: context.req!,\n user: context.user,\n tenantID: context.tenantID,\n });\n\n if (typeof result === \"boolean\") {\n return { allowed: result };\n }\n\n return { allowed: true, extraWhere: result };\n}\n\nasync function checkGlobalAccess(\n global: { access?: any },\n operation: \"read\" | \"update\",\n context: { user?: User; req?: Request; tenantID?: string },\n): Promise<{ allowed: boolean }> {\n const accessRule = global.access?.[operation];\n\n if (!accessRule) {\n if (!context.user) {\n return { allowed: false };\n }\n const userRole = context.user.role;\n if (userRole === \"super_admin\" || userRole === \"admin\") {\n return { allowed: true };\n }\n return { allowed: false };\n }\n\n const result = await evaluateAccess(accessRule, {\n req: context.req!,\n user: context.user,\n tenantID: context.tenantID,\n });\n\n if (typeof result === \"boolean\") {\n return { allowed: result };\n }\n\n return { allowed: true };\n}\n\n// ============================================================================\n// Field → GraphQL Type Mapping\n// ============================================================================\n\nfunction fieldToGraphQLType(\n field: Field,\n registry: Registry,\n collectionTypes?: Record<string, GraphQLObjectType>,\n isInputType = false,\n): GraphQLType {\n switch (field.type) {\n case \"text\":\n case \"email\":\n case \"password\":\n case \"textarea\":\n case \"color\":\n case \"code\":\n case \"markdown\":\n case \"date\":\n case \"select\":\n case \"radio\":\n case \"upload\":\n return GraphQLString;\n case \"number\":\n return field.integer ? GraphQLInt : GraphQLFloat;\n case \"checkbox\":\n return GraphQLBoolean;\n case \"json\":\n case \"richtext\":\n return GraphQLString; // JSON as string\n case \"relationship\":\n if (typeof field.relationTo === \"string\") {\n if (isInputType) {\n return GraphQLString;\n }\n if (collectionTypes?.[field.relationTo]) {\n return collectionTypes[field.relationTo];\n }\n const relatedCollection = registry.getCollection(field.relationTo);\n if (relatedCollection) {\n return new GraphQLObjectType({\n name: `${field.relationTo}_ref`,\n fields: () => ({\n id: { type: GraphQLString },\n ...buildFieldsFromCollection(relatedCollection, registry, collectionTypes),\n }),\n });\n }\n }\n return GraphQLString;\n case \"array\":\n return new GraphQLList(GraphQLString); // Simplified\n case \"group\":\n return GraphQLString; // Simplified - JSON string\n case \"blocks\":\n return new GraphQLList(GraphQLString); // Simplified\n case \"row\":\n case \"collapsible\":\n case \"tabs\":\n return GraphQLString;\n default:\n return GraphQLString;\n }\n}\n\nfunction buildFieldsFromCollection(\n config: CollectionConfig,\n registry: Registry,\n collectionTypes?: Record<string, GraphQLObjectType>,\n): Record<string, GraphQLFieldConfig<any, any>> {\n const fields: Record<string, GraphQLFieldConfig<any, any>> = {};\n\n for (const field of config.fields) {\n if (field.name && field.admin?.hidden !== true) {\n fields[field.name] = {\n type: field.required\n ? new GraphQLNonNull(fieldToGraphQLType(field, registry, collectionTypes) as any)\n : (fieldToGraphQLType(field, registry, collectionTypes) as any),\n description: field.admin?.description || field.label,\n };\n }\n }\n\n return fields;\n}\n\n// ============================================================================\n// GraphQL Schema Builder\n// ============================================================================\n\nexport interface GraphQLSchemaOptions {\n registry: Registry;\n db: BaseAdapter;\n user?: User;\n req?: Request;\n tenantID?: string;\n apiKey?: any;\n settings?: Record<string, any>;\n}\n\nexport function buildGraphQLSchema(\n options: GraphQLSchemaOptions,\n): GraphQLSchema {\n const { registry, db, user, req, tenantID, apiKey, settings } = options;\n\n // Check if GraphQL is disabled in settings\n const apiAccess = settings?.access?.apiAccess;\n if (apiAccess?.graphqlEnabled === false) {\n throw new Error(\"GraphQL API is disabled\");\n }\n\n const collections = registry.getCollections();\n const globals = registry.getGlobals();\n\n // Build collection types\n const collectionTypes: Record<string, GraphQLObjectType> = {};\n const collectionInputTypes: Record<string, GraphQLInputObjectType> = {};\n\n for (const collection of collections) {\n // Output type\n collectionTypes[collection.slug] = new GraphQLObjectType({\n name: `${collection.slug.replace(/-/g, \"_\")}_type`,\n fields: () => ({\n id: { type: GraphQLString },\n ...buildFieldsFromCollection(collection, registry, collectionTypes),\n ...(collection.timestamps\n ? {\n createdAt: { type: GraphQLString },\n updatedAt: { type: GraphQLString },\n }\n : {}),\n ...(collection.tenantScoped\n ? {\n tenantID: { type: GraphQLString },\n }\n : {}),\n }),\n });\n\n // Input type for create/update\n const inputFields: Record<string, { type: GraphQLType }> = {};\n for (const field of collection.fields) {\n if (field.name && field.name !== \"id\") {\n inputFields[field.name] = {\n type: fieldToGraphQLType(field, registry, collectionTypes, true) as any,\n };\n }\n }\n\n collectionInputTypes[collection.slug] = new GraphQLInputObjectType({\n name: `${collection.slug.replace(/-/g, \"_\")}_input`,\n fields: () => inputFields as any,\n });\n }\n\n // Build global types and input types\n const globalTypes: Record<string, GraphQLObjectType> = {};\n const globalInputTypes: Record<string, GraphQLInputObjectType> = {};\n\n for (const global of globals) {\n globalTypes[global.slug] = new GraphQLObjectType({\n name: `${global.slug.replace(/-/g, \"_\")}_global_type`,\n fields: () => ({\n id: { type: GraphQLString },\n ...buildFieldsFromCollection(\n { slug: global.slug, fields: global.fields } as CollectionConfig,\n registry,\n collectionTypes,\n ),\n }),\n });\n\n globalInputTypes[global.slug] = new GraphQLInputObjectType({\n name: `${global.slug.replace(/-/g, \"_\")}_global_input`,\n fields: () => {\n const inputFields: Record<string, { type: GraphQLType }> = {};\n for (const field of global.fields) {\n if (field.name && field.name !== \"id\") {\n inputFields[field.name] = {\n type: fieldToGraphQLType(field, registry, collectionTypes, true) as any,\n };\n }\n }\n return inputFields as any;\n },\n });\n }\n\n // Build query type\n const queryFields: Record<string, GraphQLFieldConfig<any, any>> = {};\n\n // List queries for each collection\n for (const collection of collections) {\n const type = collectionTypes[collection.slug];\n if (!type) continue;\n\n // FindMany query\n queryFields[`${collection.slug.replace(/-/g, \"_\")}Find`] = {\n type: new GraphQLObjectType({\n name: `${collection.slug.replace(/-/g, \"_\")}_find_result`,\n fields: {\n docs: { type: new GraphQLList(type) },\n totalDocs: { type: GraphQLInt },\n page: { type: GraphQLInt },\n totalPages: { type: GraphQLInt },\n hasNextPage: { type: GraphQLBoolean },\n hasPrevPage: { type: GraphQLBoolean },\n },\n }),\n args: {\n where: { type: GraphQLString },\n sort: { type: GraphQLString },\n limit: { type: GraphQLInt },\n page: { type: GraphQLInt },\n draft: { type: GraphQLBoolean },\n },\n resolve: async (_: any, args: any, context: any) => {\n const access = await checkGraphQLAccess(collection, \"read\", {\n user,\n req,\n tenantID,\n apiKey,\n });\n if (!access.allowed) {\n throw new Error(\"Access denied\");\n }\n\n if (tenantID) {\n db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n }\n\n let where = {};\n if (args.where) {\n try {\n where = JSON.parse(args.where);\n } catch {}\n }\n\n if (access.extraWhere) {\n where = { ...where, ...access.extraWhere };\n }\n\n const isDraft = args.draft ?? !!user;\n\n return db.find({\n collection: collection.slug,\n where,\n sort: args.sort,\n limit: args.limit || 10,\n page: args.page || 1,\n tenantID,\n draft: isDraft,\n });\n },\n };\n\n // FindByID query\n queryFields[`${collection.slug.replace(/-/g, \"_\")}FindByID`] = {\n type,\n args: {\n id: { type: new GraphQLNonNull(GraphQLString) },\n draft: { type: GraphQLBoolean },\n },\n resolve: async (_: any, args: any, context: any) => {\n const access = await checkGraphQLAccess(collection, \"read\", {\n user,\n req,\n tenantID,\n apiKey,\n });\n if (!access.allowed) {\n throw new Error(\"Access denied\");\n }\n\n if (tenantID) {\n db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n }\n\n const isDraft = args.draft ?? !!user;\n const doc = await db.findByID({\n collection: collection.slug,\n id: args.id,\n tenantID,\n draft: isDraft,\n });\n return doc;\n },\n };\n\n // Count query\n queryFields[`${collection.slug.replace(/-/g, \"_\")}Count`] = {\n type: new GraphQLObjectType({\n name: `${collection.slug.replace(/-/g, \"_\")}_count`,\n fields: {\n totalDocs: { type: GraphQLInt },\n },\n }),\n args: {\n where: { type: GraphQLString },\n },\n resolve: async (_: any, args: any, context: any) => {\n const access = await checkGraphQLAccess(collection, \"read\", {\n user,\n req,\n tenantID,\n apiKey,\n });\n if (!access.allowed) {\n return { totalDocs: 0 };\n }\n let where = {};\n if (args.where) {\n try {\n where = JSON.parse(args.where);\n } catch {}\n }\n const count = await db.count({\n collection: collection.slug,\n where,\n tenantID,\n });\n return { totalDocs: count };\n },\n };\n }\n\n // Global queries\n for (const global of globals) {\n const type = globalTypes[global.slug];\n if (!type) continue;\n\n queryFields[`${global.slug.replace(/-/g, \"_\")}Get`] = {\n type,\n resolve: async () => {\n const access = await checkGlobalAccess(global, \"read\", {\n user,\n req,\n tenantID,\n });\n if (!access.allowed) {\n throw new Error(\"Access denied: cannot read global\");\n }\n if (tenantID) {\n db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n }\n return db.findOne({\n collection: `_globals_${global.slug}`,\n where: {},\n tenantID,\n });\n },\n };\n }\n\n const Query = new GraphQLObjectType({\n name: \"Query\",\n fields: queryFields,\n });\n\n // Build mutation type\n const mutationFields: Record<string, GraphQLFieldConfig<any, any>> = {};\n\n for (const collection of collections) {\n const type = collectionTypes[collection.slug];\n const inputType = collectionInputTypes[collection.slug];\n if (!type || !inputType) continue;\n\n // Create mutation\n mutationFields[`${collection.slug.replace(/-/g, \"_\")}Create`] = {\n type: new GraphQLObjectType({\n name: `${collection.slug.replace(/-/g, \"_\")}_create_result`,\n fields: {\n doc: { type },\n message: { type: GraphQLString },\n },\n }),\n args: {\n data: { type: new GraphQLNonNull(inputType) },\n },\n resolve: async (_: any, args: any, context: any) => {\n const access = await checkGraphQLAccess(collection, \"create\", {\n user,\n req,\n tenantID,\n apiKey,\n });\n if (!access.allowed) {\n throw new Error(\"Access denied: cannot create\");\n }\n if (tenantID) {\n db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n }\n const schema = registry.getCreateZodSchema(collection.slug);\n\n const validated = schema.parse(args.data);\n\n const doc = await db.create({\n collection: collection.slug,\n data: validated,\n tenantID,\n });\n\n return { doc, message: \"Created successfully\" };\n },\n };\n\n // Update mutation\n mutationFields[`${collection.slug.replace(/-/g, \"_\")}Update`] = {\n type: new GraphQLObjectType({\n name: `${collection.slug.replace(/-/g, \"_\")}_update_result`,\n fields: {\n doc: { type },\n message: { type: GraphQLString },\n },\n }),\n args: {\n id: { type: new GraphQLNonNull(GraphQLString) },\n data: { type: new GraphQLNonNull(inputType) },\n baseUpdatedAt: { type: GraphQLString },\n },\n resolve: async (_: any, args: any, context: any) => {\n const access = await checkGraphQLAccess(collection, \"update\", {\n user,\n req,\n tenantID,\n apiKey,\n });\n if (!access.allowed) {\n throw new Error(\"Access denied: cannot update\");\n }\n if (tenantID) {\n db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n }\n\n // Revision conflict detection\n if (args.baseUpdatedAt) {\n const originalDoc = await db.findByID<Record<string, any>>({\n collection: collection.slug,\n id: args.id,\n tenantID,\n draft: true,\n });\n if (originalDoc && originalDoc.updatedAt && args.baseUpdatedAt !== originalDoc.updatedAt) {\n throw new Error(`Revision conflict: document has changed since ${args.baseUpdatedAt}. Current updatedAt: ${originalDoc.updatedAt}`);\n }\n }\n\n const schema = registry.getUpdateZodSchema(collection.slug);\n\n const validated = schema.parse(args.data);\n\n const doc = await db.update({\n collection: collection.slug,\n id: args.id,\n data: validated,\n tenantID,\n });\n\n return { doc, message: \"Updated successfully\" };\n },\n };\n\n // Delete mutation\n mutationFields[`${collection.slug.replace(/-/g, \"_\")}Delete`] = {\n type: new GraphQLObjectType({\n name: `${collection.slug.replace(/-/g, \"_\")}_delete_result`,\n fields: {\n doc: { type },\n message: { type: GraphQLString },\n },\n }),\n args: {\n id: { type: new GraphQLNonNull(GraphQLString) },\n },\n resolve: async (_: any, args: any, context: any) => {\n const access = await checkGraphQLAccess(collection, \"delete\", {\n user,\n req,\n tenantID,\n apiKey,\n });\n if (!access.allowed) {\n throw new Error(\"Access denied: cannot delete\");\n }\n if (tenantID) {\n db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n }\n const doc = await db.delete({\n collection: collection.slug,\n id: args.id,\n tenantID,\n });\n\n return { doc, message: \"Deleted successfully\" };\n },\n };\n }\n\n // Global mutations\n for (const global of globals) {\n const inputType = globalInputTypes[global.slug];\n if (!inputType) continue;\n\n mutationFields[`${global.slug.replace(/-/g, \"_\")}Update`] = {\n type: new GraphQLObjectType({\n name: `${global.slug.replace(/-/g, \"_\")}_update_result`,\n fields: {\n doc: { type: globalTypes[global.slug] || GraphQLString },\n message: { type: GraphQLString },\n },\n }),\n args: {\n data: { type: new GraphQLNonNull(inputType) },\n },\n resolve: async (_: any, args: any, context: any) => {\n const access = await checkGlobalAccess(global, \"update\", {\n user,\n req,\n tenantID,\n });\n if (!access.allowed) {\n throw new Error(\"Access denied: cannot update global\");\n }\n if (tenantID) {\n db.setTenantContext({ tenantId: tenantID, userId: user?.id ?? '', role: user?.role, isSuperAdmin: user?.role === 'super_admin' });\n }\n\n const doc = await db.findOne({\n collection: `_globals_${global.slug}`,\n where: {},\n tenantID,\n });\n\n let result;\n if (doc) {\n result = await db.update({\n collection: `_globals_${global.slug}`,\n id: doc.id,\n data: args.data,\n tenantID,\n });\n } else {\n result = await db.create({\n collection: `_globals_${global.slug}`,\n data: args.data,\n tenantID,\n });\n }\n\n return { doc: result, message: \"Updated successfully\" };\n },\n };\n }\n\n const Mutation = new GraphQLObjectType({\n name: \"Mutation\",\n fields: mutationFields,\n });\n\n return new GraphQLSchema({\n query: Query,\n mutation: Mutation,\n });\n}\n\n// ============================================================================\n// Factory\n// ============================================================================\n\nexport function createGraphQLSchema(\n registry: Registry,\n db: BaseAdapter,\n options?: {\n user?: User;\n req?: Request;\n tenantID?: string;\n apiKey?: any;\n },\n): GraphQLSchema {\n return buildGraphQLSchema({\n registry,\n db,\n user: options?.user,\n req: options?.req,\n tenantID: options?.tenantID,\n apiKey: options?.apiKey,\n });\n}\n"]}

package/dist/chunk-4M7X5HAB.cjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../src/access/types.ts","../src/auth/api-key.ts"],"names":["timingSafeEqual"],"mappings":";;;;;AA+CA,eAAsB,cAAA,CACpB,QACA,IAAA,EACgC;AAChC,EAAA,IAAI,OAAO,WAAW,SAAA,EAAW;AAC/B,IAAA,OAAO,MAAA;AAAA,EACT;AACA,EAAA,IAAI,OAAO,WAAW,UAAA,EAAY;AAChC,IAAA,OAAO,MAAM,OAAO,IAAI,CAAA;AAAA,EAC1B;AACA,EAAA,OAAO,IAAA;AACT;AAEO,SAAS,qBACX,YAAA,EACU;AACb,EAAA,MAAM,SAAsB,EAAC;AAC7B,EAAA,KAAA,MAAW,UAAU,YAAA,EAAc;AACjC,IAAA,IAAI,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AACxC,MAAA,MAAA,CAAO,MAAA,CAAO,QAAQ,MAAM,CAAA;AAAA,IAC9B;AAAA,EACF;AACA,EAAA,OAAO,MAAA;AACT;AAEO,SAAS,cAAA,CACd,QACA,IAAA,EACkC;AAClC,EAAA,OAAO,cAAA,CAAe,MAAA,EAAQ,IAAI,CAAA,CAAE,KAAK,CAAA,MAAA,KAAU;AACjD,IAAA,IAAI,MAAA,KAAW,MAAM,OAAO,MAAA;AAC5B,IAAA,IAAI,MAAA,KAAW,OAAO,OAAO,EAAE,KAAK,EAAE,GAAA,EAAK,MAAK,EAAE;AAClD,IAAA,OAAO,MAAA;AAAA,EACT,CAAC,CAAA;AACH;AC7CO,IAAM,kBAAA,GAAqB;AAElC,SAAS,kBAAkB,GAAA,EAAqB;AAC9C,EAAA,OAAO,GAAA,CAAI,SAAA,CAAU,CAAA,EAAG,CAAC,CAAA;AAC3B;AAEA,SAAS,mBAAA,CAAoB,GAAW,CAAA,EAAoB;AAC1D,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ;AACzB,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI;AACF,IAAA,OAAOA,sBAAA,CAAgB,OAAO,IAAA,CAAK,CAAC,GAAG,MAAA,CAAO,IAAA,CAAK,CAAC,CAAC,CAAA;AAAA,EACvD,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAEA,eAAsB,cAAA,CACpB,MAAA,EACA,EAAA,EACA,UAAA,EACiC;AACjC,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AACzC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,qBAAA,EAAsB;AAAA,EACtD;AAEA,EAAA,IAAI,CAAC,MAAA,CAAO,UAAA,CAAW,OAAO,CAAA,EAAG;AAC/B,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,wBAAA,EAAyB;AAAA,EACzD;AAEA,EAAA,MAAM,SAAA,GAAY,kBAAkB,MAAM,CAAA;AAE1C,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,MAAM,EAAA,CAAG,IAAA,CAAK;AAAA,MAC3B,UAAA,EAAY,kBAAA;AAAA,MACZ,OAAO,EAAE,SAAA,EAAW,EAAE,MAAA,EAAQ,WAAU,EAAE;AAAA,MAC1C,KAAA,EAAO,GAAA;AAAA,MACP,IAAA,EAAM;AAAA,KACP,CAAA;AAED,IAAA,IAAI,CAAC,MAAA,CAAO,IAAA,IAAQ,MAAA,CAAO,IAAA,CAAK,WAAW,CAAA,EAAG;AAC5C,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,iBAAA,EAAkB;AAAA,IAClD;AAEA,IAAA,IAAI,UAAA,GAAkC,IAAA;AACtC,IAAA,KAAA,MAAW,GAAA,IAAO,OAAO,IAAA,EAAM;AAC7B,MAAA,MAAM,MAAA,GAAS,GAAA;AACf,MAAA,IAAI,mBAAA,CAAoB,MAAA,CAAO,GAAA,EAAK,MAAM,CAAA,EAAG;AAC3C,QAAA,UAAA,GAAa,MAAA;AACb,QAAA;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,iBAAA,EAAkB;AAAA,IAClD;AAEA,IAAA,IAAI,WAAW,SAAA,EAAW;AACxB,MAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,UAAA,CAAW,SAAS,CAAA;AAC/C,MAAA,IAAI,SAAA,mBAAY,IAAI,IAAA,EAAK,EAAG;AAC1B,QAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,qBAAA,EAAsB;AAAA,MACtD;AAAA,IACF;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,GAAG,MAAA,CAAO;AAAA,QACd,UAAA,EAAY,kBAAA;AAAA,QACZ,IAAI,UAAA,CAAW,EAAA;AAAA,QACf,MAAM,EAAE,UAAA,EAAA,qBAAgB,IAAA,EAAK,EAAE,aAAY;AAAE,OAC9C,CAAA;AAAA,IACH,CAAA,CAAA,MAAQ;AAAA,IAER;AAEA,IAAA,MAAM,IAAA,GAA0B;AAAA,MAC9B,IAAI,UAAA,CAAW,MAAA;AAAA,MACf,IAAA,EAAO,WAAmB,IAAA,IAAQ,QAAA;AAAA,MAClC,UAAW,UAAA,CAAmB;AAAA,KAChC;AAEA,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,MAAM,MAAA,GAAS,MAAM,UAAA,CAAW,UAAA,CAAW,MAAM,CAAA;AACjD,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,MAAA,CAAO,MAAA,CAAO,MAAM,MAAM,CAAA;AAAA,MAC5B;AAAA,IACF;AAEA,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,IAAA;AAAA,MACP,QAAQ,UAAA,CAAW,MAAA;AAAA,MACnB,IAAA;AAAA,MACA,WAAA,EAAa,UAAA,CAAW,WAAA,IAAe,EAAC;AAAA,MACxC,UAAU,UAAA,CAAW,EAAA;AAAA,MACrB,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,MAAM,IAAA,CAAK;AAAA,KACb;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,8BAA8B,KAAK,CAAA;AACjD,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,4BAAA,EAA6B;AAAA,EAC7D;AACF;AAEO,SAAS,yBAAyB,OAAA,EAAiC;AACxE,EAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,EAAA,IAAI,UAAA,EAAY;AACd,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,SAAS,CAAA,EAAG;AACpC,MAAA,OAAO,UAAA,CAAW,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK;AAAA,IAClC;AACA,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,SAAS,CAAA,EAAG;AACpC,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAA;AAC/C,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,OAAO,QAAQ,IAAA,EAAK;AAAA,EACtB;AAEA,EAAA,OAAO,IAAA;AACT;AAEO,SAAS,oBACd,MAAA,EACsB;AACtB,EAAA,IAAI,CAAC,MAAA,CAAO,KAAA,IAAS,CAAC,OAAO,MAAA,EAAQ;AACnC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,IAAA,EAAM,MAAA,CAAO,IAAA,IAAQ,EAAC;AAAA,IACtB,WAAA,EAAa,MAAA,CAAO,WAAA,IAAe,EAAC;AAAA,IACpC,QAAA,EAAU,OAAO,QAAA,IAAY,EAAA;AAAA,IAC7B,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,MAAM,MAAA,CAAO;AAAA,GACf;AACF;AAEO,SAAS,mBAAA,CACd,aACA,QAAA,EACS;AACT,EAAA,IAAI,WAAA,CAAY,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AACrC,EAAA,IAAI,WAAA,CAAY,QAAA,CAAS,GAAG,CAAA,EAAG,OAAO,IAAA;AACtC,EAAA,IAAI,WAAA,CAAY,QAAA,CAAS,QAAQ,CAAA,EAAG,OAAO,IAAA;AAE3C,EAAA,MAAM,CAAC,QAAA,EAAU,MAAM,CAAA,GAAI,QAAA,CAAS,MAAM,GAAG,CAAA;AAC7C,EAAA,IAAI,YAAY,QAAA,CAAS,CAAA,EAAG,QAAQ,CAAA,EAAA,CAAI,GAAG,OAAO,IAAA;AAElD,EAAA,OAAO,KAAA;AACT;AAEO,SAAS,cAAA,GAAyB;AACvC,EAAA,MAAM,KAAA,GAAQ,sCAAA;AACd,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,IAAA,MAAA,IAAU,KAAA,CAAM,KAAK,KAAA,CAAM,IAAA,CAAK,QAAO,GAAI,KAAA,CAAM,MAAM,CAAC,CAAA;AAAA,EAC1D;AACA,EAAA,OAAO,QAAQ,MAAM,CAAA,CAAA;AACvB;AAEO,SAAS,qBAAqB,GAAA,EAAqB;AACxD,EAAA,OAAO,GAAA,CAAI,SAAA,CAAU,CAAA,EAAG,CAAC,CAAA;AAC3B","file":"chunk-4M7X5HAB.cjs","sourcesContent":["import type { User, Request } from '../hooks/types.js';\n\n// ============================================================================\n// Access Control Types\n// ============================================================================\n\nexport interface WhereClause {\n [field: string]: any;\n}\n\nexport interface AccessArgs {\n req: Request;\n user?: User;\n data?: any;\n doc?: any;\n id?: string;\n tenantID?: string;\n context?: Record<string, any>;\n}\n\nexport type AccessControl = boolean | ((args: AccessArgs) => Promise<boolean | WhereClause> | boolean | WhereClause);\n\nexport interface CollectionAccess {\n create?: AccessControl;\n read?: AccessControl;\n update?: AccessControl;\n delete?: AccessControl;\n admin?: AccessControl;\n unlock?: AccessControl;\n readVersions?: AccessControl;\n}\n\nexport interface GlobalAccess {\n read?: AccessControl;\n update?: AccessControl;\n}\n\nexport interface FieldAccess {\n create?: AccessControl;\n read?: AccessControl;\n update?: AccessControl;\n}\n\n// ============================================================================\n// Access Control Evaluation\n// ============================================================================\n\nexport async function evaluateAccess(\n access: AccessControl,\n args: AccessArgs\n): Promise<boolean | WhereClause> {\n if (typeof access === 'boolean') {\n return access;\n }\n if (typeof access === 'function') {\n return await access(args);\n }\n return true;\n}\n\nexport function mergeWhereClauses(\n ...whereClauses: (WhereClause | boolean | undefined)[]\n): WhereClause {\n const result: WhereClause = {};\n for (const clause of whereClauses) {\n if (clause && typeof clause === 'object') {\n Object.assign(result, clause);\n }\n }\n return result;\n}\n\nexport function getWhereClause(\n access: AccessControl,\n args: AccessArgs\n): Promise<WhereClause | undefined> {\n return evaluateAccess(access, args).then(result => {\n if (result === true) return undefined;\n if (result === false) return { _id: { $eq: null } };\n return result;\n });\n}\n","import { timingSafeEqual } from \"crypto\";\nimport type { BaseAdapter } from \"../registry/types.js\";\nimport type { AuthUser, UserRole } from \"./types.js\";\n\nexport interface ApiKeyRecord {\n id: string;\n userId: string;\n name: string;\n key: string;\n keyPrefix: string;\n permissions: string[];\n lastUsedAt?: string;\n expiresAt?: string;\n createdAt: string;\n}\n\nexport interface ApiKeyValidationResult {\n valid: boolean;\n userId?: string;\n user?: Partial<AuthUser>;\n permissions?: string[];\n apiKeyId?: string;\n error?: string;\n tenantId?: string;\n role?: UserRole;\n}\n\nexport interface ApiKeyContext {\n userId: string;\n user: Partial<AuthUser>;\n permissions: string[];\n apiKeyId: string;\n tenantId?: string;\n role?: UserRole;\n}\n\nexport const API_KEY_COLLECTION = \"_api_keys\";\n\nfunction generateKeyPrefix(key: string): string {\n return key.substring(0, 8);\n}\n\nfunction constantTimeCompare(a: string, b: string): boolean {\n if (a.length !== b.length) {\n return false;\n }\n try {\n return timingSafeEqual(Buffer.from(a), Buffer.from(b));\n } catch {\n return false;\n }\n}\n\nexport async function validateApiKey(\n rawKey: string,\n db: BaseAdapter,\n userLookup?: (userId: string) => Promise<Partial<AuthUser> | null>,\n): Promise<ApiKeyValidationResult> {\n if (!rawKey || typeof rawKey !== \"string\") {\n return { valid: false, error: \"No API key provided\" };\n }\n\n if (!rawKey.startsWith(\"kyro_\")) {\n return { valid: false, error: \"Invalid API key format\" };\n }\n\n const keyPrefix = generateKeyPrefix(rawKey);\n\n try {\n const result = await db.find({\n collection: API_KEY_COLLECTION,\n where: { keyPrefix: { equals: keyPrefix } },\n limit: 100,\n page: 1,\n });\n\n if (!result.docs || result.docs.length === 0) {\n return { valid: false, error: \"Invalid API key\" };\n }\n\n let matchedKey: ApiKeyRecord | null = null;\n for (const doc of result.docs) {\n const record = doc as unknown as ApiKeyRecord;\n if (constantTimeCompare(record.key, rawKey)) {\n matchedKey = record;\n break;\n }\n }\n\n if (!matchedKey) {\n return { valid: false, error: \"Invalid API key\" };\n }\n\n if (matchedKey.expiresAt) {\n const expiresAt = new Date(matchedKey.expiresAt);\n if (expiresAt < new Date()) {\n return { valid: false, error: \"API key has expired\" };\n }\n }\n\n try {\n await db.update({\n collection: API_KEY_COLLECTION,\n id: matchedKey.id,\n data: { lastUsedAt: new Date().toISOString() },\n });\n } catch {\n // Non-critical: don't fail if lastUsedAt update fails\n }\n\n const user: Partial<AuthUser> = {\n id: matchedKey.userId,\n role: (matchedKey as any).role || \"author\",\n tenantId: (matchedKey as any).tenantId,\n };\n\n if (userLookup) {\n const dbUser = await userLookup(matchedKey.userId);\n if (dbUser) {\n Object.assign(user, dbUser);\n }\n }\n\n return {\n valid: true,\n userId: matchedKey.userId,\n user,\n permissions: matchedKey.permissions || [],\n apiKeyId: matchedKey.id,\n tenantId: user.tenantId,\n role: user.role,\n };\n } catch (error) {\n console.error(\"[ApiKey] Validation error:\", error);\n return { valid: false, error: \"Failed to validate API key\" };\n }\n}\n\nexport function extractApiKeyFromRequest(request: Request): string | null {\n const authHeader = request.headers.get(\"Authorization\");\n if (authHeader) {\n if (authHeader.startsWith(\"ApiKey \")) {\n return authHeader.slice(7).trim();\n }\n if (authHeader.startsWith(\"Bearer \")) {\n return null;\n }\n }\n\n const xApiKey = request.headers.get(\"X-API-Key\");\n if (xApiKey) {\n return xApiKey.trim();\n }\n\n return null;\n}\n\nexport function createApiKeyContext(\n result: ApiKeyValidationResult,\n): ApiKeyContext | null {\n if (!result.valid || !result.userId) {\n return null;\n }\n return {\n userId: result.userId,\n user: result.user || {},\n permissions: result.permissions || [],\n apiKeyId: result.apiKeyId || \"\",\n tenantId: result.tenantId,\n role: result.role,\n };\n}\n\nexport function hasApiKeyPermission(\n permissions: string[],\n required: string,\n): boolean {\n if (permissions.length === 0) return false;\n if (permissions.includes(\"*\")) return true;\n if (permissions.includes(required)) return true;\n\n const [resource, action] = required.split(\":\");\n if (permissions.includes(`${resource}:*`)) return true;\n\n return false;\n}\n\nexport function generateApiKey(): string {\n const chars = \"abcdefghijklmnopqrstuvwxyz0123456789\";\n let suffix = \"\";\n for (let i = 0; i < 32; i++) {\n suffix += chars[Math.floor(Math.random() * chars.length)];\n }\n return `kyro_${suffix}`;\n}\n\nexport function generateApiKeyPrefix(key: string): string {\n return key.substring(0, 8);\n}\n"]}