@lark-apaas/fullstack-nestjs-core 1.1.18-alpha.1 → 1.1.19-beta.0

package/dist/index.cjs

@@ -32,11 +32,13 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
-  AutoTrace: () => import_nestjs_common5.AutoTrace,
+  AutoTrace: () => import_nestjs_common10.AutoTrace,
+  CanRole: () => CanRole,
   CsrfMiddleware: () => CsrfMiddleware,
   CsrfTokenMiddleware: () => CsrfTokenMiddleware,
   DevToolsModule: () => import_nestjs_openapi_devtools2.DevToolsModule,
   DevToolsV2Module: () => import_nestjs_openapi_devtools2.DevToolsV2Module,
+  FileService: () => FileService,
   PlatformModule: () => PlatformModule,
   UserContextMiddleware: () => UserContextMiddleware,
   ViewContextMiddleware: () => ViewContextMiddleware,
@@ -45,9 +47,9 @@ __export(index_exports, {
 module.exports = __toCommonJS(index_exports);
 
 // src/modules/platform/module.ts
-var import_common9 = require("@nestjs/common");
-var import_core2 = require("@nestjs/core");
-var import_nestjs_common3 = require("@lark-apaas/nestjs-common");
+var import_common20 = require("@nestjs/common");
+var import_core10 = require("@nestjs/core");
+var import_nestjs_common8 = require("@lark-apaas/nestjs-common");
 var import_config2 = require("@nestjs/config");
 var import_nestjs_observable = require("@lark-apaas/nestjs-observable");
 var import_axios2 = require("@nestjs/axios");
@@ -55,7 +57,7 @@ var import_nestjs_logger2 = require("@lark-apaas/nestjs-logger");
 var import_nestjs_datapaas = require("@lark-apaas/nestjs-datapaas");
 var import_nestjs_authnpaas = require("@lark-apaas/nestjs-authnpaas");
 var import_nestjs_trigger = require("@lark-apaas/nestjs-trigger");
-var import_nestjs_common4 = require("@lark-apaas/nestjs-common");
+var import_nestjs_common9 = require("@lark-apaas/nestjs-common");
 var import_nestjs_capability = require("@lark-apaas/nestjs-capability");
 
 // src/middlewares/user-context/index.ts
@@ -82,10 +84,10 @@ __name(getWebUserFromHeader, "getWebUserFromHeader");
 
 // src/middlewares/user-context/index.ts
 function _ts_decorate(decorators, target, key, desc) {
-  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-  return c > 3 && r && Object.defineProperty(target, key, r), r;
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
 }
 __name(_ts_decorate, "_ts_decorate");
 var UserContextMiddleware = class {
@@ -104,7 +106,8 @@ var UserContextMiddleware = class {
       userName: webUser?.user_name?.zh_cn ?? "",
       userNameEn: webUser?.user_name?.en_us ?? "",
       userNameI18n: webUser?.user_name ?? {},
-      isSystemAccount: webUser?.is_system_account ?? false
+      isSystemAccount: webUser?.is_system_account ?? false,
+      roles: webUser?.roles ?? []
     };
     next();
   }
@@ -132,10 +135,10 @@ __name(sendForbidden, "sendForbidden");
 
 // src/middlewares/csrf/index.ts
 function _ts_decorate2(decorators, target, key, desc) {
-  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-  return c > 3 && r && Object.defineProperty(target, key, r), r;
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
 }
 __name(_ts_decorate2, "_ts_decorate");
 var CsrfMiddleware = class _CsrfMiddleware {
@@ -174,9 +177,9 @@ var import_common3 = require("@nestjs/common");
 var import_nestjs_common = require("@lark-apaas/nestjs-common");
 
 // src/utils/safe-stringify.ts
-function safeEscape(s) {
-  return s.replace(/[<>&='"\n\r\u2028\u2029]/g, function(c) {
-    switch (c.charCodeAt(0)) {
+function safeEscape(s3) {
+  return s3.replace(/[<>&='"\n\r\u2028\u2029]/g, function(c4) {
+    switch (c4.charCodeAt(0)) {
       case 60:
         return "\\u003c";
       // <
@@ -210,7 +213,7 @@ function safeEscape(s) {
         return "\\u2029";
       // 段落分隔符
       default:
-        return c;
+        return c4;
     }
   });
 }
@@ -218,14 +221,14 @@ __name(safeEscape, "safeEscape");
 
 // src/middlewares/view-context/index.ts
 function _ts_decorate3(decorators, target, key, desc) {
-  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-  return c > 3 && r && Object.defineProperty(target, key, r), r;
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
 }
 __name(_ts_decorate3, "_ts_decorate");
-function _ts_metadata(k, v) {
-  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+function _ts_metadata(k, v4) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
 }
 __name(_ts_metadata, "_ts_metadata");
 function _ts_param(paramIndex, decorator) {
@@ -264,7 +267,7 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
     }
   }
   async use(req, res, next) {
-    const { userId, tenantId, appId } = req.userContext;
+    const { userId, tenantId, appId, loginUrl, userType } = req.userContext;
     const csrfToken = req.csrfToken;
     const appInfo = await this.getAppInfo(appId);
     const environment = mapToWindowEnvironment(process.env.FORCE_FRAMEWORK_ENVIRONMENT);
@@ -275,6 +278,8 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
       appName: safeEscape(appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528"),
       appAvatar: appInfo?.app_avatar ?? "",
       appDescription: safeEscape(appInfo?.app_description ?? ""),
+      loginUrl: loginUrl ?? "",
+      userType: userType ?? "",
       tenantId,
       environment
     };
@@ -283,6 +288,8 @@ var ViewContextMiddleware = class _ViewContextMiddleware {
       csrfToken: csrfToken ?? "",
       userId: userId ?? "",
       tenantId: tenantId ?? "",
+      loginUrl: loginUrl ?? "",
+      userType: userType ?? "",
       appId: appId ?? "",
       appName: safeEscape(appInfo?.app_name ?? "\u5999\u642D\u5E94\u7528"),
       appAvatar: appInfo?.app_avatar ?? "",
@@ -326,19 +333,19 @@ __name(resolveCsrfTokenOptions, "resolveCsrfTokenOptions");
 function genToken() {
   const ts = Math.floor(Date.now() / 1e3);
   const randInt64 = BigInt("0x" + import_crypto.default.randomBytes(8).toString("hex")).toString();
-  const s = `${randInt64}.${ts}`;
+  const s3 = `${randInt64}.${ts}`;
   const sha1 = import_crypto.default.createHash("sha1");
-  sha1.update(s);
+  sha1.update(s3);
   return `${sha1.digest("hex")}-${ts}`;
 }
 __name(genToken, "genToken");
 
 // src/middlewares/csrf_token/index.ts
 function _ts_decorate4(decorators, target, key, desc) {
-  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-  return c > 3 && r && Object.defineProperty(target, key, r), r;
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
 }
 __name(_ts_decorate4, "_ts_decorate");
 var CsrfTokenMiddleware = class _CsrfTokenMiddleware {
@@ -410,14 +417,14 @@ __name(apiResponseInterceptor, "apiResponseInterceptor");
 var import_common5 = require("@nestjs/common");
 var import_nestjs_common2 = require("@lark-apaas/nestjs-common");
 function _ts_decorate5(decorators, target, key, desc) {
-  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-  return c > 3 && r && Object.defineProperty(target, key, r), r;
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
 }
 __name(_ts_decorate5, "_ts_decorate");
-function _ts_metadata2(k, v) {
-  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+function _ts_metadata2(k, v4) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
 }
 __name(_ts_metadata2, "_ts_metadata");
 var RequestContextMiddleware = class {
@@ -431,12 +438,14 @@ var RequestContextMiddleware = class {
   use(req, _res, next) {
     const path = req.originalUrl ?? req.url;
     const userContext = req.userContext ?? {};
+    const ttEnv = req.headers["x-tt-env"];
     this.requestContext.run({
       path,
       method: req.method,
       userId: userContext.userId,
       tenantId: userContext.tenantId,
-      appId: userContext.appId
+      appId: userContext.appId,
+      ttEnv
     }, () => next());
   }
 };
@@ -453,14 +462,14 @@ var import_common6 = require("@nestjs/common");
 var import_axios = require("@nestjs/axios");
 var import_nestjs_logger = require("@lark-apaas/nestjs-logger");
 function _ts_decorate6(decorators, target, key, desc) {
-  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-  return c > 3 && r && Object.defineProperty(target, key, r), r;
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
 }
 __name(_ts_decorate6, "_ts_decorate");
-function _ts_metadata3(k, v) {
-  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+function _ts_metadata3(k, v4) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
 }
 __name(_ts_metadata3, "_ts_metadata");
 var HttpInterceptorService = class {
@@ -548,14 +557,14 @@ var app_config_default = (0, import_config.registerAs)(NAMESPACE, () => {
 var import_common7 = require("@nestjs/common");
 var import_core = require("@nestjs/core");
 function _ts_decorate7(decorators, target, key, desc) {
-  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-  return c > 3 && r && Object.defineProperty(target, key, r), r;
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
 }
 __name(_ts_decorate7, "_ts_decorate");
-function _ts_metadata4(k, v) {
-  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+function _ts_metadata4(k, v4) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
 }
 __name(_ts_metadata4, "_ts_metadata");
 var processStartTimestamp = Date.now();
@@ -616,15 +625,16 @@ FrameworkDebugMiddleware = _ts_decorate7([
 // src/services/platform-http-client.service.ts
 var import_common8 = require("@nestjs/common");
 var import_http_client = require("@lark-apaas/http-client");
+var import_nestjs_common3 = require("@lark-apaas/nestjs-common");
 function _ts_decorate8(decorators, target, key, desc) {
-  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-  return c > 3 && r && Object.defineProperty(target, key, r), r;
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
 }
 __name(_ts_decorate8, "_ts_decorate");
-function _ts_metadata5(k, v) {
-  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+function _ts_metadata5(k, v4) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
 }
 __name(_ts_metadata5, "_ts_metadata");
 var ProtectedHttpClient = class ProtectedHttpClient2 {
@@ -658,10 +668,12 @@ var PlatformHttpClientService = class _PlatformHttpClientService {
   static {
     __name(this, "PlatformHttpClientService");
   }
+  requestContext;
   client;
   protectedClient;
   logger = new import_common8.Logger(_PlatformHttpClientService.name);
-  constructor() {
+  constructor(requestContext) {
+    this.requestContext = requestContext;
     const baseConfig = {
       timeout: 5e3
     };
@@ -752,6 +764,13 @@ var PlatformHttpClientService = class _PlatformHttpClientService {
   registerGlobalInterceptors() {
     this.client.interceptors.request.use((config) => {
       this.logger.debug(`Server SDK HTTP Request: ${config.method?.toUpperCase()} ${config.url}`);
+      const ttEnv = this.requestContext.get("ttEnv");
+      if (ttEnv) {
+        config.headers = {
+          ...config.headers,
+          "x-tt-env": ttEnv
+        };
+      }
       return config;
     }, (error) => {
       this.logger.error("Server SDK HTTP Request Error", error, "HttpService");
@@ -774,20 +793,1802 @@ var PlatformHttpClientService = class _PlatformHttpClientService {
 PlatformHttpClientService = _ts_decorate8([
   (0, import_common8.Injectable)(),
   _ts_metadata5("design:type", Function),
-  _ts_metadata5("design:paramtypes", [])
+  _ts_metadata5("design:paramtypes", [
+    typeof import_nestjs_common3.RequestContextService === "undefined" ? Object : import_nestjs_common3.RequestContextService
+  ])
 ], PlatformHttpClientService);
 
 // src/modules/platform/config/feature-switch.ts
 var DISABLE_DATAPASS = process.env.FORCE_FRAMEWORK_DISABLE_DATAPASS === "true";
 
-// src/modules/platform/module.ts
+// src/services/file.service.ts
+var import_common9 = require("@nestjs/common");
+var import_nestjs_common4 = require("@lark-apaas/nestjs-common");
+var import_file_service = require("@lark-apaas/file-service");
 function _ts_decorate9(decorators, target, key, desc) {
-  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-  return c > 3 && r && Object.defineProperty(target, key, r), r;
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
 }
 __name(_ts_decorate9, "_ts_decorate");
+function _ts_metadata6(k, v4) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
+}
+__name(_ts_metadata6, "_ts_metadata");
+function _ts_param2(paramIndex, decorator) {
+  return function(target, key) {
+    decorator(target, key, paramIndex);
+  };
+}
+__name(_ts_param2, "_ts_param");
+var FileService = class {
+  static {
+    __name(this, "FileService");
+  }
+  requestContextService;
+  httpClient;
+  observable;
+  fileServiceCore;
+  nestLogger;
+  constructor(requestContextService, httpClient, observable) {
+    this.requestContextService = requestContextService;
+    this.httpClient = httpClient;
+    this.observable = observable;
+    this.fileServiceCore = new import_file_service.FileService(this.httpClient);
+    this.nestLogger = new import_common9.Logger("file");
+  }
+  /**
+   * 返回一个绑定了指定 bucket 的代理对象
+   * 不会修改 context，避免副作用
+   */
+  from(bucket) {
+    return {
+      upload: /* @__PURE__ */ __name((file, options) => this._upload(bucket, file, options), "upload"),
+      download: /* @__PURE__ */ __name((path) => this._download(bucket, path), "download"),
+      list: /* @__PURE__ */ __name((prefix, searchOptions) => this._list(bucket, prefix, searchOptions), "list"),
+      remove: /* @__PURE__ */ __name((filePaths) => this._remove(bucket, filePaths), "remove"),
+      createSignedUrl: /* @__PURE__ */ __name((path, expiresIn) => this._createSignedUrl(bucket, path, expiresIn), "createSignedUrl"),
+      getFileMetadata: /* @__PURE__ */ __name((filePath) => this._getFileMetadata(bucket, filePath), "getFileMetadata")
+    };
+  }
+  // ============ 公开方法（使用默认 bucket）============
+  async upload(file, options) {
+    return this._upload(await this.getDefaultBucket(), file, options);
+  }
+  download(path) {
+    const capturedBucketPromise = this.getDefaultBucket();
+    return this._download(capturedBucketPromise, path);
+  }
+  async list(prefix, searchOptions) {
+    return this._list(await this.getDefaultBucket(), prefix, searchOptions);
+  }
+  async remove(filePaths) {
+    return this._remove(await this.getDefaultBucket(), filePaths);
+  }
+  async createSignedUrl(path, expiresIn) {
+    return this._createSignedUrl(await this.getDefaultBucket(), path, expiresIn);
+  }
+  async getFileMetadata(filePath) {
+    return this._getFileMetadata(await this.getDefaultBucket(), filePath);
+  }
+  async getDefaultBucket() {
+    const reqContext = this.requestContextService.getContext();
+    const bucketFromContext = reqContext?.bucket;
+    if (bucketFromContext) {
+      return bucketFromContext;
+    }
+    const appId = this.getAppId();
+    const bucket = await this.fileServiceCore.getDefaultBucket(appId);
+    return bucket;
+  }
+  getAppId() {
+    const requestCtx = this.requestContextService.getContext();
+    return requestCtx?.appId ?? "";
+  }
+  // ============ 核心实现方法（接受 bucket 参数）============
+  async _upload(bucket, file, options) {
+    const span = this.observable.startTrace("\u6587\u4EF6: upload", this.requestContextService.getContext()?.requestRootSpan);
+    span.setAttribute("module", "file");
+    span.setAttribute("source_type", "platform");
+    const spanContext = {
+      traceId: span.spanContext().traceId,
+      spanId: span.spanContext().spanId
+    };
+    const logContext = {
+      source_type: "platform",
+      paas_attributes_module: "file",
+      paas_parent_span_context: spanContext
+    };
+    const baseParams = {
+      method: "upload",
+      source_type: "server",
+      request: {
+        options
+      }
+    };
+    const startTime = Date.now();
+    try {
+      const res = await this.fileServiceCore.upload({
+        appId: this.getAppId(),
+        bucketId: await bucket,
+        fileBody: file,
+        options
+      });
+      this.nestLogger.log(JSON.stringify({
+        ...baseParams,
+        response: res,
+        status: "succeed",
+        duration_ms: Date.now() - startTime
+      }), logContext);
+      return res;
+    } catch (e3) {
+      this.nestLogger.error(JSON.stringify({
+        ...baseParams,
+        error_message: e3 instanceof Error ? e3.message : String(e3),
+        status: "failed",
+        duration_ms: Date.now() - startTime
+      }), logContext);
+      throw e3;
+    } finally {
+      span.end();
+    }
+  }
+  _download(bucket, path) {
+    const capturedAppId = this.getAppId();
+    const capturedRootSpan = this.requestContextService.getContext()?.requestRootSpan;
+    const downloadFn = /* @__PURE__ */ __name(async () => {
+      const span = this.observable.startTrace("\u6587\u4EF6: download", capturedRootSpan);
+      span.setAttribute("module", "file");
+      span.setAttribute("source_type", "platform");
+      const spanContext = {
+        traceId: span.spanContext().traceId,
+        spanId: span.spanContext().spanId
+      };
+      const logContext = {
+        source_type: "platform",
+        paas_attributes_module: "file",
+        paas_parent_span_context: spanContext
+      };
+      const baseParams = {
+        method: "download",
+        source_type: "server",
+        request: {
+          path
+        }
+      };
+      const startTime = Date.now();
+      try {
+        const res = await this.fileServiceCore.downloadInner({
+          appId: capturedAppId,
+          bucketId: await bucket,
+          filePath: path
+        });
+        this.nestLogger.log(JSON.stringify({
+          ...baseParams,
+          response: {
+            metadata: res.metadata
+          },
+          status: "succeed",
+          duration_ms: Date.now() - startTime
+        }), logContext);
+        return res;
+      } catch (e3) {
+        this.nestLogger.error(JSON.stringify({
+          ...baseParams,
+          error_message: e3 instanceof Error ? e3.message : String(e3),
+          status: "failed",
+          duration_ms: Date.now() - startTime
+        }), logContext);
+        throw e3;
+      } finally {
+        span.end();
+      }
+    }, "downloadFn");
+    return new import_file_service.FileDownloadBuilder(downloadFn);
+  }
+  async _list(bucket, prefix, searchOptions) {
+    const span = this.observable.startTrace("\u6587\u4EF6: list", this.requestContextService.getContext()?.requestRootSpan);
+    span.setAttribute("module", "file");
+    span.setAttribute("source_type", "platform");
+    const spanContext = {
+      traceId: span.spanContext().traceId,
+      spanId: span.spanContext().spanId
+    };
+    const logContext = {
+      source_type: "platform",
+      paas_attributes_module: "file",
+      paas_parent_span_context: spanContext
+    };
+    const baseParams = {
+      method: "list",
+      source_type: "server",
+      request: {
+        prefix,
+        searchOptions
+      }
+    };
+    const startTime = Date.now();
+    try {
+      const res = await this.fileServiceCore.list({
+        appId: this.getAppId(),
+        bucketId: await bucket,
+        prefix,
+        searchOptions
+      });
+      this.nestLogger.log(JSON.stringify({
+        ...baseParams,
+        response: res,
+        status: "succeed",
+        duration_ms: Date.now() - startTime
+      }), logContext);
+      return res;
+    } catch (e3) {
+      this.nestLogger.error(JSON.stringify({
+        ...baseParams,
+        error_message: e3 instanceof Error ? e3.message : String(e3),
+        status: "failed",
+        duration_ms: Date.now() - startTime
+      }), logContext);
+      throw e3;
+    } finally {
+      span.end();
+    }
+  }
+  async _remove(bucket, filePaths) {
+    const span = this.observable.startTrace("\u6587\u4EF6: remove", this.requestContextService.getContext()?.requestRootSpan);
+    span.setAttribute("module", "file");
+    span.setAttribute("source_type", "platform");
+    const spanContext = {
+      traceId: span.spanContext().traceId,
+      spanId: span.spanContext().spanId
+    };
+    const logContext = {
+      source_type: "platform",
+      paas_attributes_module: "file",
+      paas_parent_span_context: spanContext
+    };
+    const baseParams = {
+      method: "remove",
+      source_type: "server",
+      request: {
+        filePaths
+      }
+    };
+    const startTime = Date.now();
+    try {
+      const res = await this.fileServiceCore.remove({
+        appId: this.getAppId(),
+        bucketId: await bucket,
+        filePaths
+      });
+      this.nestLogger.log(JSON.stringify({
+        ...baseParams,
+        response: res,
+        status: "succeed",
+        duration_ms: Date.now() - startTime
+      }), logContext);
+      return res;
+    } catch (e3) {
+      this.nestLogger.error(JSON.stringify({
+        ...baseParams,
+        error_message: e3 instanceof Error ? e3.message : String(e3),
+        status: "failed",
+        duration_ms: Date.now() - startTime
+      }), logContext);
+      throw e3;
+    } finally {
+      span.end();
+    }
+  }
+  async _createSignedUrl(bucket, path, expiresIn) {
+    const span = this.observable.startTrace("\u6587\u4EF6: createSignedUrl", this.requestContextService.getContext()?.requestRootSpan);
+    span.setAttribute("module", "file");
+    span.setAttribute("source_type", "platform");
+    const spanContext = {
+      traceId: span.spanContext().traceId,
+      spanId: span.spanContext().spanId
+    };
+    const logContext = {
+      source_type: "platform",
+      paas_attributes_module: "file",
+      paas_parent_span_context: spanContext
+    };
+    const baseParams = {
+      method: "createSignedUrl",
+      source_type: "server",
+      request: {
+        path,
+        expiresIn
+      }
+    };
+    const startTime = Date.now();
+    try {
+      const res = await this.fileServiceCore.createSignedUrl({
+        appId: this.getAppId(),
+        bucketId: await bucket,
+        filePath: path,
+        expiresIn
+      });
+      this.nestLogger.log(JSON.stringify({
+        ...baseParams,
+        response: res,
+        status: "succeed",
+        duration_ms: Date.now() - startTime
+      }), logContext);
+      return res;
+    } catch (e3) {
+      this.nestLogger.error(JSON.stringify({
+        ...baseParams,
+        error_message: e3 instanceof Error ? e3.message : String(e3),
+        status: "failed",
+        duration_ms: Date.now() - startTime
+      }), logContext);
+      throw e3;
+    } finally {
+      span.end();
+    }
+  }
+  async _getFileMetadata(bucket, filePath) {
+    const span = this.observable.startTrace("\u6587\u4EF6: getFileMetadata", this.requestContextService.getContext()?.requestRootSpan);
+    span.setAttribute("module", "file");
+    span.setAttribute("source_type", "platform");
+    const spanContext = {
+      traceId: span.spanContext().traceId,
+      spanId: span.spanContext().spanId
+    };
+    const logContext = {
+      source_type: "platform",
+      paas_attributes_module: "file",
+      paas_parent_span_context: spanContext
+    };
+    const baseParams = {
+      method: "getFileMetadata",
+      source_type: "server",
+      request: {
+        filePath
+      }
+    };
+    const startTime = Date.now();
+    try {
+      const res = await this.fileServiceCore.getFileMetadata({
+        appId: this.getAppId(),
+        bucketId: await bucket,
+        filePath
+      });
+      this.nestLogger.log(JSON.stringify({
+        ...baseParams,
+        response: res,
+        status: "succeed",
+        duration_ms: Date.now() - startTime
+      }), logContext);
+      return res;
+    } catch (e3) {
+      this.nestLogger.error(JSON.stringify({
+        ...baseParams,
+        error_message: e3 instanceof Error ? e3.message : String(e3),
+        status: "failed",
+        duration_ms: Date.now() - startTime
+      }), logContext);
+      throw e3;
+    } finally {
+      span.end();
+    }
+  }
+};
+FileService = _ts_decorate9([
+  (0, import_common9.Injectable)(),
+  _ts_param2(1, (0, import_common9.Inject)(import_nestjs_common4.PLATFORM_HTTP_CLIENT)),
+  _ts_param2(2, (0, import_common9.Inject)(import_nestjs_common4.OBSERVABLE_SERVICE)),
+  _ts_metadata6("design:type", Function),
+  _ts_metadata6("design:paramtypes", [
+    typeof import_nestjs_common4.RequestContextService === "undefined" ? Object : import_nestjs_common4.RequestContextService,
+    typeof PlatformHttpClient === "undefined" ? Object : PlatformHttpClient,
+    typeof import_nestjs_common4.ObservableService === "undefined" ? Object : import_nestjs_common4.ObservableService
+  ])
+], FileService);
+
+// ../nestjs-authzpaas/dist/index.js
+var import_common10 = require("@nestjs/common");
+var import_core6 = require("@nestjs/core");
+var import_common11 = require("@nestjs/common");
+var import_common12 = require("@nestjs/common");
+var import_core7 = require("@nestjs/core");
+var import_common13 = require("@nestjs/common");
+var import_core8 = require("@nestjs/core");
+var import_common14 = require("@nestjs/common");
+var import_common15 = require("@nestjs/common");
+var import_common16 = require("@nestjs/common");
+
+// ../../../node_modules/@ucast/core/dist/es6m/index.mjs
+var t = class {
+  static {
+    __name(this, "t");
+  }
+  constructor(t3, e3) {
+    this.operator = t3, this.value = e3, Object.defineProperty(this, "t", { writable: true });
+  }
+  get notes() {
+    return this.t;
+  }
+  addNote(t3) {
+    this.t = this.t || [], this.t.push(t3);
+  }
+};
+var e = class extends t {
+  static {
+    __name(this, "e");
+  }
+};
+var r = class extends e {
+  static {
+    __name(this, "r");
+  }
+  constructor(t3, e3) {
+    if (!Array.isArray(e3)) throw new Error(`"${t3}" operator expects to receive an array of conditions`);
+    super(t3, e3);
+  }
+};
+var n = "__itself__";
+var o = class extends t {
+  static {
+    __name(this, "o");
+  }
+  constructor(t3, e3, r2) {
+    super(t3, r2), this.field = e3;
+  }
+};
+var s = new e("__null__", null);
+var i = Object.prototype.hasOwnProperty.call.bind(Object.prototype.hasOwnProperty);
+function c(t3, e3) {
+  return e3 instanceof r && e3.operator === t3;
+}
+__name(c, "c");
+function u(t3, e3) {
+  return 1 === e3.length ? e3[0] : new r(t3, (/* @__PURE__ */ __name(function t4(e4, r2, n3) {
+    const o3 = n3 || [];
+    for (let n4 = 0, s3 = r2.length; n4 < s3; n4++) {
+      const s4 = r2[n4];
+      c(e4, s4) ? t4(e4, s4.value, o3) : o3.push(s4);
+    }
+    return o3;
+  }, "t"))(t3, e3));
+}
+__name(u, "u");
+var a = /* @__PURE__ */ __name((t3) => t3, "a");
+var h = /* @__PURE__ */ __name(() => /* @__PURE__ */ Object.create(null), "h");
+var f = Object.defineProperty(h(), "__@type@__", { value: "ignore value" });
+function l(t3, e3, r2 = false) {
+  if (!t3 || t3 && t3.constructor !== Object) return false;
+  for (const n3 in t3) {
+    if (i(t3, n3) && i(e3, n3) && (!r2 || t3[n3] !== f)) return true;
+  }
+  return false;
+}
+__name(l, "l");
+function d(t3) {
+  const e3 = [];
+  for (const r2 in t3) i(t3, r2) && t3[r2] !== f && e3.push(r2);
+  return e3;
+}
+__name(d, "d");
+function p(t3, e3) {
+  e3 !== s && t3.push(e3);
+}
+__name(p, "p");
+var w = /* @__PURE__ */ __name((t3) => u("and", t3), "w");
+var O = { compound(t3, e3, n3) {
+  const o3 = (Array.isArray(e3) ? e3 : [e3]).map((t4) => n3.parse(t4));
+  return new r(t3.name, o3);
+}, field: /* @__PURE__ */ __name((t3, e3, r2) => new o(t3.name, r2.field, e3), "field"), document: /* @__PURE__ */ __name((t3, r2) => new e(t3.name, r2), "document") };
+var j = class {
+  static {
+    __name(this, "j");
+  }
+  constructor(t3, e3 = h()) {
+    this.o = void 0, this.s = void 0, this.i = void 0, this.u = void 0, this.h = void 0, this.parse = this.parse.bind(this), this.u = { operatorToConditionName: e3.operatorToConditionName || a, defaultOperatorName: e3.defaultOperatorName || "eq", mergeFinalConditions: e3.mergeFinalConditions || w }, this.o = Object.keys(t3).reduce((e4, r2) => (e4[r2] = Object.assign({ name: this.u.operatorToConditionName(r2) }, t3[r2]), e4), {}), this.s = Object.assign({}, e3.fieldContext, { field: "", query: {}, parse: this.parse, hasOperators: /* @__PURE__ */ __name((t4) => l(t4, this.o, e3.useIgnoreValue), "hasOperators") }), this.i = Object.assign({}, e3.documentContext, { parse: this.parse, query: {} }), this.h = e3.useIgnoreValue ? d : Object.keys;
+  }
+  setParse(t3) {
+    this.parse = t3, this.s.parse = t3, this.i.parse = t3;
+  }
+  parseField(t3, e3, r2, n3) {
+    const o3 = this.o[e3];
+    if (!o3) throw new Error(`Unsupported operator "${e3}"`);
+    if ("field" !== o3.type) throw new Error(`Unexpected ${o3.type} operator "${e3}" at field level`);
+    return this.s.field = t3, this.s.query = n3, this.parseInstruction(o3, r2, this.s);
+  }
+  parseInstruction(t3, e3, r2) {
+    "function" == typeof t3.validate && t3.validate(t3, e3);
+    return (t3.parse || O[t3.type])(t3, e3, r2);
+  }
+  parseFieldOperators(t3, e3) {
+    const r2 = [], n3 = this.h(e3);
+    for (let o3 = 0, s3 = n3.length; o3 < s3; o3++) {
+      const s4 = n3[o3];
+      if (!this.o[s4]) throw new Error(`Field query for "${t3}" may contain only operators or a plain object as a value`);
+      p(r2, this.parseField(t3, s4, e3[s4], e3));
+    }
+    return r2;
+  }
+  parse(t3) {
+    const e3 = [], r2 = this.h(t3);
+    this.i.query = t3;
+    for (let n3 = 0, o3 = r2.length; n3 < o3; n3++) {
+      const o4 = r2[n3], s3 = t3[o4], i4 = this.o[o4];
+      if (i4) {
+        if ("document" !== i4.type && "compound" !== i4.type) throw new Error(`Cannot use parsing instruction for operator "${o4}" in "document" context as it is supposed to be used in  "${i4.type}" context`);
+        p(e3, this.parseInstruction(i4, s3, this.i));
+      } else this.s.hasOperators(s3) ? e3.push(...this.parseFieldOperators(o4, s3)) : p(e3, this.parseField(o4, this.u.defaultOperatorName, s3, t3));
+    }
+    return this.u.mergeFinalConditions(e3);
+  }
+};
+function _(t3, e3) {
+  const r2 = t3[e3];
+  if ("function" != typeof r2) throw new Error(`Unable to interpret "${e3}" condition. Did you forget to register interpreter for it?`);
+  return r2;
+}
+__name(_, "_");
+function y(t3) {
+  return t3.operator;
+}
+__name(y, "y");
+function m(t3, e3) {
+  const r2 = e3, n3 = r2 && r2.getInterpreterName || y;
+  let o3;
+  switch (r2 ? r2.numberOfArguments : 0) {
+    case 1:
+      o3 = /* @__PURE__ */ __name((e4) => {
+        const o4 = n3(e4, r2);
+        return _(t3, o4)(e4, s3);
+      }, "o");
+      break;
+    case 3:
+      o3 = /* @__PURE__ */ __name((e4, o4, i4) => {
+        const c4 = n3(e4, r2);
+        return _(t3, c4)(e4, o4, i4, s3);
+      }, "o");
+      break;
+    default:
+      o3 = /* @__PURE__ */ __name((e4, o4) => {
+        const i4 = n3(e4, r2);
+        return _(t3, i4)(e4, o4, s3);
+      }, "o");
+  }
+  const s3 = Object.assign({}, r2, { interpret: o3 });
+  return s3.interpret;
+}
+__name(m, "m");
+function v(t3, e3) {
+  return (r2, ...n3) => {
+    const o3 = t3(r2, ...n3), s3 = e3.bind(null, o3);
+    return s3.ast = o3, s3;
+  };
+}
+__name(v, "v");
+var x = j.prototype.parseInstruction;
+
+// ../../../node_modules/@ucast/mongo/dist/es6m/index.mjs
+function s2(e3, t3) {
+  if (!Array.isArray(t3)) throw new Error(`"${e3.name}" expects value to be an array`);
+}
+__name(s2, "s");
+function p2(e3, t3) {
+  if (s2(e3, t3), !t3.length) throw new Error(`"${e3.name}" expects to have at least one element in array`);
+}
+__name(p2, "p");
+var l2 = /* @__PURE__ */ __name((e3) => (t3, r2) => {
+  if (typeof r2 !== e3) throw new Error(`"${t3.name}" expects value to be a "${e3}"`);
+}, "l");
+var c2 = { type: "compound", validate: p2, parse(t3, r2, { parse: o3 }) {
+  const a4 = r2.map((e3) => o3(e3));
+  return u(t3.name, a4);
+} };
+var f2 = c2;
+var d2 = { type: "compound", validate: p2 };
+var u2 = { type: "field", validate(e3, t3) {
+  if (!(t3 && (t3 instanceof RegExp || t3.constructor === Object))) throw new Error(`"${e3.name}" expects to receive either regular expression or object of field operators`);
+}, parse(e3, o3, a4) {
+  const n3 = o3 instanceof RegExp ? new o("regex", a4.field, o3) : a4.parse(o3, a4);
+  return new r(e3.name, [n3]);
+} };
+var $ = { type: "field", validate(e3, t3) {
+  if (!t3 || t3.constructor !== Object) throw new Error(`"${e3.name}" expects to receive an object with nested query or field level operators`);
+}, parse(e3, r2, { parse: a4, field: n3, hasOperators: i4 }) {
+  const s3 = i4(r2) ? a4(r2, { field: n }) : a4(r2);
+  return new o(e3.name, n3, s3);
+} };
+var w2 = { type: "field", validate: l2("number") };
+var y2 = { type: "field", validate: s2 };
+var x2 = y2;
+var v2 = y2;
+var h2 = { type: "field", validate(e3, t3) {
+  if (!Array.isArray(t3) || 2 !== t3.length) throw new Error(`"${e3.name}" expects an array with 2 numeric elements`);
+} };
+var m2 = { type: "field", validate: l2("boolean") };
+var g = { type: "field", validate: /* @__PURE__ */ __name(function(e3, t3) {
+  if (!("string" == typeof t3 || "number" == typeof t3 || t3 instanceof Date)) throw new Error(`"${e3.name}" expects value to be comparable (i.e., string, number or date)`);
+}, "validate") };
+var b = g;
+var E = b;
+var j2 = b;
+var O2 = { type: "field" };
+var R = O2;
+var _2 = { type: "field", validate(e3, t3) {
+  if (!(t3 instanceof RegExp) && "string" != typeof t3) throw new Error(`"${e3.name}" expects value to be a regular expression or a string that represents regular expression`);
+}, parse(e3, r2, o3) {
+  const a4 = "string" == typeof r2 ? new RegExp(r2, o3.query.$options || "") : r2;
+  return new o(e3.name, o3.field, a4);
+} };
+var q = { type: "field", parse: /* @__PURE__ */ __name(() => s, "parse") };
+var A = { type: "document", validate: l2("function") };
+var N = Object.freeze({ __proto__: null, $and: c2, $or: f2, $nor: d2, $not: u2, $elemMatch: $, $size: w2, $in: y2, $nin: x2, $all: v2, $mod: h2, $exists: m2, $gte: g, $gt: b, $lt: E, $lte: j2, $eq: O2, $ne: R, $regex: _2, $options: q, $where: A });
+var P = class extends j {
+  static {
+    __name(this, "P");
+  }
+  constructor(e3) {
+    super(e3, { defaultOperatorName: "$eq", operatorToConditionName: /* @__PURE__ */ __name((e4) => e4.slice(1), "operatorToConditionName") });
+  }
+  parse(e3, t3) {
+    return t3 && t3.field ? w(this.parseFieldOperators(t3.field, e3)) : super.parse(e3);
+  }
+};
+var z = N;
+
+// ../../../node_modules/@ucast/js/dist/es6m/index.mjs
+function n2(r2, t3, n3) {
+  for (let e3 = 0, o3 = r2.length; e3 < o3; e3++) if (0 === n3(r2[e3], t3)) return true;
+  return false;
+}
+__name(n2, "n");
+function e2(r2, t3) {
+  return Array.isArray(r2) && Number.isNaN(Number(t3));
+}
+__name(e2, "e");
+function o2(r2, t3, n3) {
+  if (!e2(r2, t3)) return n3(r2, t3);
+  let o3 = [];
+  for (let e3 = 0; e3 < r2.length; e3++) {
+    const u5 = n3(r2[e3], t3);
+    void 0 !== u5 && (o3 = o3.concat(u5));
+  }
+  return o3;
+}
+__name(o2, "o");
+function u3(r2) {
+  return (t3, n3, e3) => {
+    const o3 = e3.get(n3, t3.field);
+    return Array.isArray(o3) ? o3.some((n4) => r2(t3, n4, e3)) : r2(t3, o3, e3);
+  };
+}
+__name(u3, "u");
+var c3 = /* @__PURE__ */ __name((r2, t3) => r2[t3], "c");
+function i2(r2, t3, n3) {
+  const e3 = t3.lastIndexOf(".");
+  return -1 === e3 ? [r2, t3] : [n3(r2, t3.slice(0, e3)), t3.slice(e3 + 1)];
+}
+__name(i2, "i");
+function f3(t3, n3, e3 = c3) {
+  if (n3 === n) return t3;
+  if (!t3) throw new Error(`Unable to get field "${n3}" out of ${String(t3)}.`);
+  return (function(r2, t4, n4) {
+    if (-1 === t4.indexOf(".")) return o2(r2, t4, n4);
+    const e4 = t4.split(".");
+    let u5 = r2;
+    for (let r3 = 0, t5 = e4.length; r3 < t5; r3++) if (u5 = o2(u5, e4[r3], n4), !u5 || "object" != typeof u5) return u5;
+    return u5;
+  })(t3, n3, e3);
+}
+__name(f3, "f");
+function a2(r2, t3) {
+  return r2 === t3 ? 0 : r2 > t3 ? 1 : -1;
+}
+__name(a2, "a");
+function l3(r2, n3 = {}) {
+  return m(r2, Object.assign({ get: f3, compare: a2 }, n3));
+}
+__name(l3, "l");
+var p3 = /* @__PURE__ */ __name((r2, t3, { interpret: n3 }) => r2.value.some((r3) => n3(r3, t3)), "p");
+var g2 = /* @__PURE__ */ __name((r2, t3, n3) => !p3(r2, t3, n3), "g");
+var m3 = /* @__PURE__ */ __name((r2, t3, { interpret: n3 }) => r2.value.every((r3) => n3(r3, t3)), "m");
+var y3 = /* @__PURE__ */ __name((r2, t3, { interpret: n3 }) => !n3(r2.value[0], t3), "y");
+var b2 = /* @__PURE__ */ __name((r2, t3, { compare: e3, get: o3 }) => {
+  const u5 = o3(t3, r2.field);
+  return Array.isArray(u5) && !Array.isArray(r2.value) ? n2(u5, r2.value, e3) : 0 === e3(u5, r2.value);
+}, "b");
+var A2 = /* @__PURE__ */ __name((r2, t3, n3) => !b2(r2, t3, n3), "A");
+var d3 = u3((r2, t3, n3) => {
+  const e3 = n3.compare(t3, r2.value);
+  return 0 === e3 || -1 === e3;
+});
+var h3 = u3((r2, t3, n3) => -1 === n3.compare(t3, r2.value));
+var j3 = u3((r2, t3, n3) => 1 === n3.compare(t3, r2.value));
+var w3 = u3((r2, t3, n3) => {
+  const e3 = n3.compare(t3, r2.value);
+  return 0 === e3 || 1 === e3;
+});
+var _3 = /* @__PURE__ */ __name((t3, n3, { get: o3 }) => {
+  if (t3.field === n) return void 0 !== n3;
+  const [u5, c4] = i2(n3, t3.field, o3), f4 = /* @__PURE__ */ __name((r2) => null == r2 ? Boolean(r2) === t3.value : r2.hasOwnProperty(c4) === t3.value, "f");
+  return e2(u5, c4) ? u5.some(f4) : f4(u5);
+}, "_");
+var v3 = u3((r2, t3) => "number" == typeof t3 && t3 % r2.value[0] === r2.value[1]);
+var x3 = /* @__PURE__ */ __name((t3, n3, { get: o3 }) => {
+  const [u5, c4] = i2(n3, t3.field, o3), f4 = /* @__PURE__ */ __name((r2) => {
+    const n4 = o3(r2, c4);
+    return Array.isArray(n4) && n4.length === t3.value;
+  }, "f");
+  return t3.field !== n && e2(u5, c4) ? u5.some(f4) : f4(u5);
+}, "x");
+var O3 = u3((r2, t3) => "string" == typeof t3 && r2.value.test(t3));
+var N2 = u3((r2, t3, { compare: e3 }) => n2(r2.value, t3, e3));
+var $2 = /* @__PURE__ */ __name((r2, t3, n3) => !N2(r2, t3, n3), "$");
+var q2 = /* @__PURE__ */ __name((r2, t3, { compare: e3, get: o3 }) => {
+  const u5 = o3(t3, r2.field);
+  return Array.isArray(u5) && r2.value.every((r3) => n2(u5, r3, e3));
+}, "q");
+var z2 = /* @__PURE__ */ __name((r2, t3, { interpret: n3, get: e3 }) => {
+  const o3 = e3(t3, r2.field);
+  return Array.isArray(o3) && o3.some((t4) => n3(r2.value, t4));
+}, "z");
+var B = /* @__PURE__ */ __name((r2, t3) => r2.value.call(t3), "B");
+var E2 = Object.freeze({ __proto__: null, or: p3, nor: g2, and: m3, not: y3, eq: b2, ne: A2, lte: d3, lt: h3, gt: j3, gte: w3, exists: _3, mod: v3, size: x3, regex: O3, within: N2, nin: $2, all: q2, elemMatch: z2, where: B });
+var M = Object.assign({}, E2, { in: N2 });
+var S = l3(M);
+
+// ../../../node_modules/@ucast/mongo2js/dist/es6m/index.mjs
+function i3(o3) {
+  return null === o3 || "object" != typeof o3 ? o3 : o3 instanceof Date ? o3.getTime() : o3 && "function" == typeof o3.toJSON ? o3.toJSON() : o3;
+}
+__name(i3, "i");
+var m4 = /* @__PURE__ */ __name((o3, t3) => a2(i3(o3), i3(t3)), "m");
+function p4(r2, c4, f4) {
+  const s3 = new P(r2), i4 = l3(c4, Object.assign({ compare: m4 }, f4));
+  if (f4 && f4.forPrimitives) {
+    const o3 = { field: n }, e3 = s3.parse;
+    s3.setParse((t3) => e3(t3, o3));
+  }
+  return v(s3.parse, i4);
+}
+__name(p4, "p");
+var u4 = p4(z, M);
+var a3 = p4(["$and", "$or"].reduce((o3, t3) => (o3[t3] = Object.assign({}, o3[t3], { type: "field" }), o3), Object.assign({}, z, { $nor: Object.assign({}, z.$nor, { type: "field", parse: O.compound }) })), M, { forPrimitives: true });
+
+// ../../../node_modules/@casl/ability/dist/es6m/index.mjs
+var O4 = Object.hasOwn || ((t3, i4) => Object.prototype.hasOwnProperty.call(t3, i4));
+function C(t3) {
+  return Array.isArray(t3) ? t3 : [t3];
+}
+__name(C, "C");
+var R2 = "__caslSubjectType__";
+var S2 = /* @__PURE__ */ __name((t3) => {
+  const i4 = typeof t3;
+  return i4 === "string" || i4 === "function";
+}, "S");
+var T = /* @__PURE__ */ __name((t3) => t3.modelName || t3.name, "T");
+function z3(t3) {
+  return typeof t3 === "string" ? t3 : T(t3);
+}
+__name(z3, "z");
+function B2(t3) {
+  if (O4(t3, R2)) return t3[R2];
+  return T(t3.constructor);
+}
+__name(B2, "B");
+var q3 = { function: /* @__PURE__ */ __name((t3) => t3.constructor, "function"), string: B2 };
+function G(t3, i4, e3) {
+  for (let s3 = e3; s3 < i4.length; s3++) t3.push(i4[s3]);
+}
+__name(G, "G");
+function H(t3, i4) {
+  if (!t3 || !t3.length) return i4 || [];
+  if (!i4 || !i4.length) return t3 || [];
+  let e3 = 0;
+  let s3 = 0;
+  const n3 = [];
+  while (e3 < t3.length && s3 < i4.length) if (t3[e3].priority < i4[s3].priority) {
+    n3.push(t3[e3]);
+    e3++;
+  } else {
+    n3.push(i4[s3]);
+    s3++;
+  }
+  G(n3, t3, e3);
+  G(n3, i4, s3);
+  return n3;
+}
+__name(H, "H");
+function I(t3, i4, e3) {
+  let s3 = t3.get(i4);
+  if (!s3) {
+    s3 = e3();
+    t3.set(i4, s3);
+  }
+  return s3;
+}
+__name(I, "I");
+var J = /* @__PURE__ */ __name((t3) => t3, "J");
+function K(t3, i4) {
+  if (Array.isArray(t3.fields) && !t3.fields.length) throw new Error("`rawRule.fields` cannot be an empty array. https://bit.ly/390miLa");
+  if (t3.fields && !i4.fieldMatcher) throw new Error('You need to pass "fieldMatcher" option in order to restrict access by fields');
+  if (t3.conditions && !i4.conditionsMatcher) throw new Error('You need to pass "conditionsMatcher" option in order to restrict access by conditions');
+}
+__name(K, "K");
+var N3 = class {
+  static {
+    __name(this, "N");
+  }
+  constructor(t3, i4, e3 = 0) {
+    K(t3, i4);
+    this.action = i4.resolveAction(t3.action);
+    this.subject = t3.subject;
+    this.inverted = !!t3.inverted;
+    this.conditions = t3.conditions;
+    this.reason = t3.reason;
+    this.origin = t3;
+    this.fields = t3.fields ? C(t3.fields) : void 0;
+    this.priority = e3;
+    this.t = i4;
+  }
+  i() {
+    if (this.conditions && !this.o) this.o = this.t.conditionsMatcher(this.conditions);
+    return this.o;
+  }
+  get ast() {
+    const t3 = this.i();
+    return t3 ? t3.ast : void 0;
+  }
+  matchesConditions(t3) {
+    if (!this.conditions) return true;
+    if (!t3 || S2(t3)) return !this.inverted;
+    const i4 = this.i();
+    return i4(t3);
+  }
+  matchesField(t3) {
+    if (!this.fields) return true;
+    if (!t3) return !this.inverted;
+    if (!this.u) this.u = this.t.fieldMatcher(this.fields);
+    return this.u(t3);
+  }
+};
+function Q(t3, i4) {
+  const e3 = { value: t3, prev: i4, next: null };
+  if (i4) i4.next = e3;
+  return e3;
+}
+__name(Q, "Q");
+function V(t3) {
+  if (t3.next) t3.next.prev = t3.prev;
+  if (t3.prev) t3.prev.next = t3.next;
+  t3.next = t3.prev = null;
+}
+__name(V, "V");
+var W = /* @__PURE__ */ __name((t3) => ({ value: t3.value, prev: t3.prev, next: t3.next }), "W");
+var X = /* @__PURE__ */ __name(() => ({ rules: [], merged: false }), "X");
+var Z = /* @__PURE__ */ __name(() => /* @__PURE__ */ new Map(), "Z");
+var tt = class {
+  static {
+    __name(this, "tt");
+  }
+  constructor(t3 = [], i4 = {}) {
+    this.h = false;
+    this.l = /* @__PURE__ */ new Map();
+    this.p = { conditionsMatcher: i4.conditionsMatcher, fieldMatcher: i4.fieldMatcher, resolveAction: i4.resolveAction || J };
+    this.$ = i4.anyAction || "manage";
+    this.A = i4.anySubjectType || "all";
+    this.m = t3;
+    this.M = !!i4.detectSubjectType;
+    this.j = i4.detectSubjectType || B2;
+    this.v(t3);
+  }
+  get rules() {
+    return this.m;
+  }
+  detectSubjectType(t3) {
+    if (S2(t3)) return t3;
+    if (!t3) return this.A;
+    return this.j(t3);
+  }
+  update(t3) {
+    const i4 = { rules: t3, ability: this, target: this };
+    this._("update", i4);
+    this.m = t3;
+    this.v(t3);
+    this._("updated", i4);
+    return this;
+  }
+  v(t3) {
+    const i4 = /* @__PURE__ */ new Map();
+    let e3;
+    for (let s3 = t3.length - 1; s3 >= 0; s3--) {
+      const n3 = t3.length - s3 - 1;
+      const r2 = new N3(t3[s3], this.p, n3);
+      const o3 = C(r2.action);
+      const c4 = C(r2.subject || this.A);
+      if (!this.h && r2.fields) this.h = true;
+      for (let t4 = 0; t4 < c4.length; t4++) {
+        const s4 = I(i4, c4[t4], Z);
+        if (e3 === void 0) e3 = typeof c4[t4];
+        if (typeof c4[t4] !== e3 && e3 !== "mixed") e3 = "mixed";
+        for (let t5 = 0; t5 < o3.length; t5++) I(s4, o3[t5], X).rules.push(r2);
+      }
+    }
+    this.l = i4;
+    if (e3 !== "mixed" && !this.M) {
+      const t4 = q3[e3] || q3.string;
+      this.j = t4;
+    }
+  }
+  possibleRulesFor(t3, i4 = this.A) {
+    if (!S2(i4)) throw new Error('"possibleRulesFor" accepts only subject types (i.e., string or class) as the 2nd parameter');
+    const e3 = I(this.l, i4, Z);
+    const s3 = I(e3, t3, X);
+    if (s3.merged) return s3.rules;
+    const n3 = t3 !== this.$ && e3.has(this.$) ? e3.get(this.$).rules : void 0;
+    let r2 = H(s3.rules, n3);
+    if (i4 !== this.A) r2 = H(r2, this.possibleRulesFor(t3, this.A));
+    s3.rules = r2;
+    s3.merged = true;
+    return r2;
+  }
+  rulesFor(t3, i4, e3) {
+    const s3 = this.possibleRulesFor(t3, i4);
+    if (e3 && typeof e3 !== "string") throw new Error("The 3rd, `field` parameter is expected to be a string. See https://stalniy.github.io/casl/en/api/casl-ability#can-of-pure-ability for details");
+    if (!this.h) return s3;
+    return s3.filter((t4) => t4.matchesField(e3));
+  }
+  actionsFor(t3) {
+    if (!S2(t3)) throw new Error('"actionsFor" accepts only subject types (i.e., string or class) as a parameter');
+    const i4 = /* @__PURE__ */ new Set();
+    const e3 = this.l.get(t3);
+    if (e3) Array.from(e3.keys()).forEach((t4) => i4.add(t4));
+    const s3 = t3 !== this.A ? this.l.get(this.A) : void 0;
+    if (s3) Array.from(s3.keys()).forEach((t4) => i4.add(t4));
+    return Array.from(i4);
+  }
+  on(t3, i4) {
+    this.F = this.F || /* @__PURE__ */ new Map();
+    const e3 = this.F;
+    const s3 = e3.get(t3) || null;
+    const n3 = Q(i4, s3);
+    e3.set(t3, n3);
+    return () => {
+      const i5 = e3.get(t3);
+      if (!n3.next && !n3.prev && i5 === n3) e3.delete(t3);
+      else if (n3 === i5) e3.set(t3, n3.prev);
+      V(n3);
+    };
+  }
+  _(t3, i4) {
+    if (!this.F) return;
+    let e3 = this.F.get(t3) || null;
+    while (e3 !== null) {
+      const t4 = e3.prev ? W(e3.prev) : null;
+      e3.value(i4);
+      e3 = t4;
+    }
+  }
+};
+var PureAbility = class extends tt {
+  static {
+    __name(this, "PureAbility");
+  }
+  can(t3, i4, e3) {
+    const s3 = this.relevantRuleFor(t3, i4, e3);
+    return !!s3 && !s3.inverted;
+  }
+  relevantRuleFor(t3, i4, e3) {
+    const s3 = this.detectSubjectType(i4);
+    const n3 = this.rulesFor(t3, s3, e3);
+    for (let t4 = 0, e4 = n3.length; t4 < e4; t4++) if (n3[t4].matchesConditions(i4)) return n3[t4];
+    return null;
+  }
+  cannot(t3, i4, e3) {
+    return !this.can(t3, i4, e3);
+  }
+};
+var it = { $eq: O2, $ne: R, $lt: E, $lte: j2, $gt: b, $gte: g, $in: y2, $nin: x2, $all: v2, $size: w2, $regex: _2, $options: q, $elemMatch: $, $exists: m2 };
+var et = { eq: b2, ne: A2, lt: h3, lte: d3, gt: j3, gte: w3, in: N2, nin: $2, all: q2, size: x3, regex: O3, elemMatch: z2, exists: _3, and: m3 };
+var nt = p4(it, et);
+function isAbilityClass(t3) {
+  return t3.prototype !== void 0 && typeof t3.prototype.possibleRulesFor === "function";
+}
+__name(isAbilityClass, "isAbilityClass");
+var dt = class {
+  static {
+    __name(this, "dt");
+  }
+  constructor(t3) {
+    this.O = t3;
+  }
+  because(t3) {
+    this.O.reason = t3;
+    return this;
+  }
+};
+var AbilityBuilder = class {
+  static {
+    __name(this, "AbilityBuilder");
+  }
+  constructor(t3) {
+    this.rules = [];
+    this.C = t3;
+    this.can = (t4, i4, e3, s3) => this.R(t4, i4, e3, s3, false);
+    this.cannot = (t4, i4, e3, s3) => this.R(t4, i4, e3, s3, true);
+    this.build = (t4) => isAbilityClass(this.C) ? new this.C(this.rules, t4) : this.C(this.rules, t4);
+  }
+  R(t3, i4, e3, s3, n3) {
+    const r2 = { action: t3 };
+    if (n3) r2.inverted = n3;
+    if (i4) {
+      r2.subject = i4;
+      if (Array.isArray(e3) || typeof e3 === "string") r2.fields = e3;
+      else if (typeof e3 !== "undefined") r2.conditions = e3;
+      if (typeof s3 !== "undefined") r2.conditions = s3;
+    }
+    this.rules.push(r2);
+    return new dt(r2);
+  }
+};
+var yt = /* @__PURE__ */ __name((t3) => `Cannot execute "${t3.action}" on "${t3.subjectType}"`, "yt");
+var pt = /* @__PURE__ */ __name(function t2(i4) {
+  this.message = i4;
+}, "t");
+pt.prototype = Object.create(Error.prototype);
+var ForbiddenError = class extends pt {
+  static {
+    __name(this, "ForbiddenError");
+  }
+  static setDefaultMessage(t3) {
+    this.P = typeof t3 === "string" ? () => t3 : t3;
+  }
+  static from(t3) {
+    return new this(t3);
+  }
+  constructor(t3) {
+    super("");
+    this.ability = t3;
+    if (typeof Error.captureStackTrace === "function") {
+      this.name = "ForbiddenError";
+      Error.captureStackTrace(this, this.constructor);
+    }
+  }
+  setMessage(t3) {
+    this.message = t3;
+    return this;
+  }
+  throwUnlessCan(t3, i4, e3) {
+    const s3 = this.unlessCan(t3, i4, e3);
+    if (s3) throw s3;
+  }
+  unlessCan(t3, i4, e3) {
+    const s3 = this.ability.relevantRuleFor(t3, i4, e3);
+    if (s3 && !s3.inverted) return;
+    this.action = t3;
+    this.subject = i4;
+    this.subjectType = z3(this.ability.detectSubjectType(i4));
+    this.field = e3;
+    const n3 = s3 ? s3.reason : "";
+    this.message = this.message || n3 || this.constructor.P(this);
+    return this;
+  }
+};
+ForbiddenError.P = yt;
+var bt = Object.freeze({ __proto__: null });
+
+// ../nestjs-authzpaas/dist/index.js
+var import_common17 = require("@nestjs/common");
+var import_nestjs_common5 = require("@lark-apaas/nestjs-common");
+var import_nestjs_common6 = require("@lark-apaas/nestjs-common");
+var import_common18 = require("@nestjs/common");
+var import_core9 = require("@nestjs/core");
+var import_nestjs_common7 = require("@lark-apaas/nestjs-common");
+var import_common19 = require("@nestjs/common");
+var __defProp2 = Object.defineProperty;
+var __name2 = /* @__PURE__ */ __name((target, value) => __defProp2(target, "name", {
+  value,
+  configurable: true
+}), "__name");
+var __defProp22 = Object.defineProperty;
+var __name22 = /* @__PURE__ */ __name2((target, value) => __defProp22(target, "name", {
+  value,
+  configurable: true
+}), "__name");
+var AUTHNPAAS_MODULE_OPTIONS = /* @__PURE__ */ Symbol("AUTHNPAAS_MODULE_OPTIONS");
+var NEED_LOGIN_KEY = "authnpaas:needLogin";
+function _ts_decorate10(decorators, target, key, desc) {
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
+}
+__name(_ts_decorate10, "_ts_decorate");
+__name2(_ts_decorate10, "_ts_decorate");
+__name22(_ts_decorate10, "_ts_decorate");
+function _ts_metadata7(k, v4) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
+}
+__name(_ts_metadata7, "_ts_metadata");
+__name2(_ts_metadata7, "_ts_metadata");
+__name22(_ts_metadata7, "_ts_metadata");
+var AuthNPaasGuard = class {
+  static {
+    __name(this, "AuthNPaasGuard");
+  }
+  static {
+    __name2(this, "AuthNPaasGuard");
+  }
+  static {
+    __name22(this, "AuthNPaasGuard");
+  }
+  reflector;
+  constructor(reflector) {
+    this.reflector = reflector;
+  }
+  async canActivate(context) {
+    const http = context.switchToHttp();
+    const request = http.getRequest();
+    const response = http.getResponse();
+    const { userId, loginUrl } = request.userContext || {};
+    const needLoginMeta = this.reflector.getAllAndOverride(NEED_LOGIN_KEY, [
+      context.getHandler(),
+      context.getClass()
+    ]);
+    if (needLoginMeta && !userId && loginUrl) {
+      response.setHeader("x-login-url", loginUrl);
+      throw new import_common13.UnauthorizedException("\u672A\u767B\u5F55");
+    }
+    return true;
+  }
+};
+AuthNPaasGuard = _ts_decorate10([
+  (0, import_common13.Injectable)(),
+  _ts_metadata7("design:type", Function),
+  _ts_metadata7("design:paramtypes", [
+    typeof import_core8.Reflector === "undefined" ? Object : import_core8.Reflector
+  ])
+], AuthNPaasGuard);
+function _ts_decorate22(decorators, target, key, desc) {
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
+}
+__name(_ts_decorate22, "_ts_decorate2");
+__name2(_ts_decorate22, "_ts_decorate2");
+__name22(_ts_decorate22, "_ts_decorate");
+var AuthNPaasModule = class _AuthNPaasModule {
+  static {
+    __name(this, "_AuthNPaasModule");
+  }
+  static {
+    __name2(this, "_AuthNPaasModule");
+  }
+  static {
+    __name22(this, "AuthNPaasModule");
+  }
+  static forRoot(options) {
+    return {
+      module: _AuthNPaasModule,
+      global: true,
+      controllers: [],
+      providers: [
+        // 配置提供者
+        {
+          provide: AUTHNPAAS_MODULE_OPTIONS,
+          useValue: {
+            ...options || {}
+          }
+        },
+        // 核心服务
+        import_core7.Reflector,
+        // 服务提供者
+        AuthNPaasGuard,
+        // 守卫提供者
+        {
+          provide: import_core7.APP_GUARD,
+          useClass: AuthNPaasGuard
+        }
+      ],
+      exports: []
+    };
+  }
+};
+AuthNPaasModule = _ts_decorate22([
+  (0, import_common12.Module)({})
+], AuthNPaasModule);
+var IS_PUBLIC_KEY = "isPublic";
+var Public = /* @__PURE__ */ __name22(() => (0, import_common14.SetMetadata)(IS_PUBLIC_KEY, true), "Public");
+var PERMISSION_API_CONFIG_TOKEN = /* @__PURE__ */ Symbol("PERMISSION_API_CONFIG");
+var AUTHZPAAS_MODULE_OPTIONS = /* @__PURE__ */ Symbol("AUTHZPAAS_MODULE_OPTIONS");
+var ROLES_KEY = "authzpaas:roles";
+function _ts_decorate32(decorators, target, key, desc) {
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
+}
+__name(_ts_decorate32, "_ts_decorate3");
+__name2(_ts_decorate32, "_ts_decorate");
+var ROLE_SUBJECT = "@role";
+var AbilityFactory = class {
+  static {
+    __name(this, "AbilityFactory");
+  }
+  static {
+    __name2(this, "AbilityFactory");
+  }
+  /**
+  * 为用户创建 Ability
+  */
+  createForUser(permissionData) {
+    const { can, build } = new AbilityBuilder(PureAbility);
+    for (const role of permissionData.roles) {
+      can(role, ROLE_SUBJECT);
+    }
+    return build();
+  }
+};
+AbilityFactory = _ts_decorate32([
+  (0, import_common16.Injectable)()
+], AbilityFactory);
+var PermissionDeniedType = /* @__PURE__ */ (function(PermissionDeniedType2) {
+  PermissionDeniedType2["UNAUTHENTICATED"] = "UNAUTHENTICATED";
+  PermissionDeniedType2["ROLE_REQUIRED"] = "ROLE_REQUIRED";
+  PermissionDeniedType2["PERMISSION_REQUIRED"] = "PERMISSION_REQUIRED";
+  PermissionDeniedType2["PERMISSION_CONFIG_QUERY_FAILED"] = "PERMISSION_CONFIG_QUERY_FAILED";
+  return PermissionDeniedType2;
+})({});
+var PermissionDeniedException = class _PermissionDeniedException extends import_common17.HttpException {
+  static {
+    __name(this, "_PermissionDeniedException");
+  }
+  static {
+    __name2(this, "PermissionDeniedException");
+  }
+  type;
+  details;
+  constructor(details, httpStatusCode = 403) {
+    super({
+      statusCode: httpStatusCode,
+      cause: details.cause,
+      type: details.type,
+      message: details.message,
+      ...details.requiredRoles && {
+        requiredRoles: details.requiredRoles
+      },
+      ...details.requiredPermissions && {
+        requiredPermissions: details.requiredPermissions
+      },
+      ...details.environmentRequirement && {
+        environmentRequirement: details.environmentRequirement
+      },
+      ...details.metadata && {
+        metadata: details.metadata
+      }
+    }, httpStatusCode);
+    this.type = details.type;
+    this.details = details;
+    this.name = "PermissionDeniedException";
+  }
+  /**
+  * 创建用户未认证异常
+  */
+  static unauthenticated(message = "\u7528\u6237\u672A\u8BA4\u8BC1") {
+    return new _PermissionDeniedException({
+      type: "UNAUTHENTICATED",
+      message
+    });
+  }
+  /**
+  * 创建角色不足异常
+  */
+  static roleRequired(requiredRoles) {
+    const message = `\u9700\u8981\u4EE5\u4E0B\u4EFB\u4E00\u89D2\u8272: ${requiredRoles.join(", ")}`;
+    return new _PermissionDeniedException({
+      type: "ROLE_REQUIRED",
+      message,
+      requiredRoles
+    });
+  }
+  /**
+  * 创建权限不足异常
+  */
+  static permissionRequired(requiredPermissions, or = false, customMessage) {
+    let message;
+    if (customMessage) {
+      message = customMessage;
+    } else if (requiredPermissions.length === 1) {
+      const perm = requiredPermissions[0];
+      message = or ? `\u7F3A\u5C11\u6743\u9650: \u9700\u8981\u5BF9 ${perm.subject} \u6267\u884C\u4EE5\u4E0B\u4EFB\u4E00\u64CD\u4F5C [${perm.actions.join(", ")}]` : `\u7F3A\u5C11\u6743\u9650: \u9700\u8981\u5BF9 ${perm.subject} \u6267\u884C\u6240\u6709\u64CD\u4F5C [${perm.actions.join(", ")}]`;
+    } else {
+      message = or ? `\u7F3A\u5C11\u6743\u9650: \u9700\u8981\u6EE1\u8DB3\u4EE5\u4E0B\u4EFB\u4E00\u6743\u9650\u8981\u6C42: ${requiredPermissions.map(({ actions, subject }) => `\u5BF9 ${subject} \u6267\u884C\u4EE5\u4E0B\u4EFB\u4E00\u64CD\u4F5C [${actions.join(", ")}]`).join(", ")}` : `\u7F3A\u5C11\u6743\u9650: \u9700\u8981\u6EE1\u8DB3\u4EE5\u4E0B\u6240\u6709\u6743\u9650\u8981\u6C42: ${requiredPermissions.map(({ actions, subject }) => `\u5BF9 ${subject} \u6267\u884C\u6240\u6709\u64CD\u4F5C [${actions.join(", ")}]`).join(", ")}`;
+    }
+    return new _PermissionDeniedException({
+      type: "PERMISSION_REQUIRED",
+      message,
+      requiredPermissions,
+      metadata: {
+        or
+      }
+    });
+  }
+};
+function _ts_decorate42(decorators, target, key, desc) {
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
+}
+__name(_ts_decorate42, "_ts_decorate4");
+__name2(_ts_decorate42, "_ts_decorate");
+function _ts_metadata22(k, v4) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
+}
+__name(_ts_metadata22, "_ts_metadata2");
+__name2(_ts_metadata22, "_ts_metadata");
+function _ts_param3(paramIndex, decorator) {
+  return function(target, key) {
+    decorator(target, key, paramIndex);
+  };
+}
+__name(_ts_param3, "_ts_param");
+__name2(_ts_param3, "_ts_param");
+var PermissionService = class {
+  static {
+    __name(this, "PermissionService");
+  }
+  static {
+    __name2(this, "PermissionService");
+  }
+  apiConfig;
+  abilityFactory;
+  client;
+  requestContextService;
+  constructor(apiConfig, abilityFactory, client, requestContextService) {
+    this.apiConfig = apiConfig;
+    this.abilityFactory = abilityFactory;
+    this.client = client;
+    this.requestContextService = requestContextService;
+  }
+  /**
+  * 获取用户权限数据
+  */
+  async getUserPermissions({ laneId }) {
+    const permissionData = await this.fetchFromApi({
+      laneId
+    });
+    const dataWithTimestamp = {
+      ...permissionData,
+      fetchedAt: /* @__PURE__ */ new Date()
+    };
+    return dataWithTimestamp;
+  }
+  /**
+  * 从 API 获取权限数据
+  * 内置实现，用户无需配置
+  */
+  async fetchFromApi({ laneId }) {
+    const { timeout = 5e3 } = this.apiConfig || {};
+    const { appId = "", userId = "" } = this.requestContextService.getContext() || {};
+    if (!appId) {
+      throw new PermissionDeniedException({
+        type: PermissionDeniedType.PERMISSION_CONFIG_QUERY_FAILED,
+        message: "appId is empty"
+      }, import_common11.HttpStatus.BAD_REQUEST);
+    }
+    const url = `/app/${appId}/inner/api/v1/permissions/roles`;
+    const requestHeaders = {
+      "Content-Type": "application/json",
+      // 透传 laneId 到权限服务
+      ...laneId ? {
+        "x-tt-env": laneId || ""
+      } : {}
+    };
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), timeout);
+    try {
+      const response = await this.client.post(url, {
+        userID: userId || ""
+      }, {
+        credentials: "include",
+        headers: requestHeaders,
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        const error = new Error(`Permission API returned ${response.status}: ${response.statusText}`);
+        throw new PermissionDeniedException({
+          cause: error,
+          type: PermissionDeniedType.PERMISSION_CONFIG_QUERY_FAILED,
+          message: error.message
+        }, import_common11.HttpStatus.INTERNAL_SERVER_ERROR);
+      }
+      let data;
+      let responseText = "";
+      try {
+        responseText = await response.text();
+        data = JSON.parse(responseText);
+      } catch (jsonError) {
+        const error = new Error(`Permission API returned invalid JSON: ${responseText}`);
+        throw new PermissionDeniedException({
+          cause: error,
+          type: PermissionDeniedType.PERMISSION_CONFIG_QUERY_FAILED,
+          message: error.message
+        }, import_common11.HttpStatus.INTERNAL_SERVER_ERROR);
+      }
+      return {
+        userId,
+        roles: data.data?.roleList || [],
+        // TODO: 基于权限点位设置能力
+        // permissions: data.permissions || [],
+        fetchedAt: /* @__PURE__ */ new Date()
+      };
+    } catch (error) {
+      clearTimeout(timeoutId);
+      let err = error;
+      if (error.name === "AbortError") {
+        err = new Error(`Permission API request timeout after ${timeout}ms`);
+      }
+      throw new PermissionDeniedException({
+        cause: err,
+        type: PermissionDeniedType.PERMISSION_CONFIG_QUERY_FAILED,
+        message: err.message
+      }, import_common11.HttpStatus.INTERNAL_SERVER_ERROR);
+    }
+  }
+  // /**
+  //  * 获取用户的 Ability 实例（带缓存）
+  //  * @param userId 用户ID
+  //  * @returns CASL Ability 实例
+  //  */
+  // private async getUserAbility(
+  //   userId?: string,
+  //   mockRoles?: string[]
+  // ): Promise<AppAbility> {
+  //   // 计算缓存 key
+  //   const key = this.buildCacheKey(userId, mockRoles);
+  //   // 尝试从缓存获取
+  //   const cached = this.cache.get(key);
+  //   if (cached) {
+  //     return cached.ability;
+  //   }
+  //   // 缓存未命中，调用 getUserPermissions 会创建并缓存
+  //   await this.getUserPermissions(userId, mockRoles);
+  //   // 再次从缓存获取（此时一定存在）
+  //   const newCached = this.cache.get(key);
+  //   return newCached!.ability;
+  // }
+  /**
+  * 检查角色要求
+  * 使用 CASL Ability 统一鉴权方式
+  * @param requirement 角色要求
+  * @param laneId 环境ID
+  * @returns 用户权限检查结果，包含结果和详细信息
+  * @throws PermissionDeniedException 当权限数据获取失败时
+  */
+  async checkRoles(requirement, laneId, userContext) {
+    const { userId = "" } = this.requestContextService.getContext() || {};
+    let permissionData = null;
+    if (!userContext || !("roles" in userContext)) {
+      permissionData = await this.getUserPermissions({
+        laneId
+      });
+    } else {
+      permissionData = {
+        userId,
+        roles: userContext.roles || [],
+        fetchedAt: /* @__PURE__ */ new Date()
+      };
+    }
+    if (!permissionData) {
+      throw new PermissionDeniedException({
+        cause: new Error("Permission data fetch api is not configured"),
+        type: PermissionDeniedType.PERMISSION_CONFIG_QUERY_FAILED,
+        message: "Permission data fetch api is not configured"
+      }, import_common11.HttpStatus.BAD_REQUEST);
+    }
+    const ability = this.abilityFactory.createForUser(permissionData);
+    const { roles } = requirement;
+    if (!roles || roles.length === 0) {
+      return {
+        result: true
+      };
+    }
+    const hasRole = roles.some((role) => ability.can(role, ROLE_SUBJECT));
+    if (!hasRole) {
+      const userRoles = permissionData.roles;
+      return {
+        result: false,
+        details: `\u7528\u6237 ${userId}, \u7528\u6237\u89D2\u8272 [${userRoles.join(", ")}], \u9700\u8981 [${roles.join(", ")}]`
+      };
+    }
+    return {
+      result: true
+    };
+  }
+};
+PermissionService = _ts_decorate42([
+  (0, import_common11.Injectable)(),
+  Public(),
+  _ts_param3(0, (0, import_common11.Inject)(PERMISSION_API_CONFIG_TOKEN)),
+  _ts_param3(2, (0, import_common11.Inject)(import_nestjs_common5.PLATFORM_HTTP_CLIENT)),
+  _ts_metadata22("design:type", Function),
+  _ts_metadata22("design:paramtypes", [
+    typeof PermissionApiConfig === "undefined" ? Object : PermissionApiConfig,
+    typeof AbilityFactory === "undefined" ? Object : AbilityFactory,
+    typeof import_nestjs_common5.PlatformHttpClient === "undefined" ? Object : import_nestjs_common5.PlatformHttpClient,
+    typeof import_nestjs_common6.RequestContextService === "undefined" ? Object : import_nestjs_common6.RequestContextService
+  ])
+], PermissionService);
+function _ts_decorate52(decorators, target, key, desc) {
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
+}
+__name(_ts_decorate52, "_ts_decorate5");
+__name2(_ts_decorate52, "_ts_decorate");
+function _ts_metadata32(k, v4) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v4);
+}
+__name(_ts_metadata32, "_ts_metadata3");
+__name2(_ts_metadata32, "_ts_metadata");
+function _ts_param22(paramIndex, decorator) {
+  return function(target, key) {
+    decorator(target, key, paramIndex);
+  };
+}
+__name(_ts_param22, "_ts_param2");
+__name2(_ts_param22, "_ts_param");
+var AuthZPaasGuard = class _AuthZPaasGuard {
+  static {
+    __name(this, "_AuthZPaasGuard");
+  }
+  static {
+    __name2(this, "AuthZPaasGuard");
+  }
+  reflector;
+  permissionService;
+  obs;
+  constructor(reflector, permissionService, obs) {
+    this.reflector = reflector;
+    this.permissionService = permissionService;
+    this.obs = obs;
+  }
+  logger = new import_common18.Logger(_AuthZPaasGuard.name);
+  /**
+  * 验证角色要求是否有效
+  * @param requirements 角色要求
+  * @returns 是否有效
+  */
+  isValidRoleRequirement(requirements) {
+    return Boolean(requirements && requirements.roles && requirements.roles.length > 0);
+  }
+  async canActivate(context) {
+    const http = context.switchToHttp();
+    const request = http.getRequest();
+    const laneId = request.headers["x-tt-env"];
+    const baseUrl = `${request.protocol}://${request.get("host")}`;
+    const userContext = request.userContext;
+    userContext.baseUrl = baseUrl;
+    const checkRoleRequirement = this.reflector.getAllAndOverride(ROLES_KEY, [
+      context.getHandler(),
+      context.getClass()
+    ]);
+    if (this.isValidRoleRequirement(checkRoleRequirement)) {
+      const spanName = checkRoleRequirement.roles.join(" or ");
+      return this.obs.trace(spanName, async (span) => {
+        span.setAttributes({
+          module: "permission"
+        });
+        const startTime = Date.now();
+        try {
+          const checkResult = await this.permissionService.checkRoles(checkRoleRequirement, laneId, userContext);
+          const endTime = Date.now();
+          if (!checkResult.result) {
+            this.logger.warn(JSON.stringify({
+              role: spanName,
+              duration_ms: endTime - startTime,
+              result: checkResult.result ? "has_auth" : "no_auth",
+              result_detail: checkResult.details
+            }), {
+              source_type: "platform",
+              paas_attributes_module: "permission"
+            });
+          } else {
+            this.logger.log(JSON.stringify({
+              role: spanName,
+              duration_ms: endTime - startTime,
+              result: checkResult.result ? "has_auth" : "no_auth"
+            }), {
+              source_type: "platform",
+              paas_attributes_module: "permission"
+            });
+          }
+          return checkResult.result;
+        } catch (error) {
+          const endTime = Date.now();
+          this.logger.error(JSON.stringify({
+            role: spanName,
+            duration_ms: endTime - startTime,
+            result: "",
+            error_message: error.message
+          }), {
+            source_type: "platform",
+            paas_attributes_module: "permission"
+          });
+          throw error;
+        }
+      });
+    }
+    return true;
+  }
+};
+AuthZPaasGuard = _ts_decorate52([
+  (0, import_common18.Injectable)(),
+  _ts_param22(2, (0, import_common18.Inject)(import_nestjs_common7.OBSERVABLE_SERVICE)),
+  _ts_metadata32("design:type", Function),
+  _ts_metadata32("design:paramtypes", [
+    typeof import_core9.Reflector === "undefined" ? Object : import_core9.Reflector,
+    typeof PermissionService === "undefined" ? Object : PermissionService,
+    typeof import_nestjs_common7.ObservableService === "undefined" ? Object : import_nestjs_common7.ObservableService
+  ])
+], AuthZPaasGuard);
+function _ts_decorate62(decorators, target, key, desc) {
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
+}
+__name(_ts_decorate62, "_ts_decorate6");
+__name2(_ts_decorate62, "_ts_decorate");
+var AuthZPaasModule = class _AuthZPaasModule {
+  static {
+    __name(this, "_AuthZPaasModule");
+  }
+  static {
+    __name2(this, "AuthZPaasModule");
+  }
+  static forRoot(options) {
+    const { permissionApi = {} } = options || {};
+    return {
+      module: _AuthZPaasModule,
+      global: true,
+      controllers: [],
+      providers: [
+        // 配置提供者
+        {
+          provide: AUTHZPAAS_MODULE_OPTIONS,
+          useValue: {
+            ...options
+          }
+        },
+        {
+          provide: PERMISSION_API_CONFIG_TOKEN,
+          useValue: permissionApi
+        },
+        // 核心服务
+        import_core6.Reflector,
+        // 服务提供者
+        PermissionService,
+        AbilityFactory,
+        AuthZPaasGuard,
+        // 守卫提供者
+        {
+          provide: import_core6.APP_GUARD,
+          useClass: AuthZPaasGuard
+        }
+      ],
+      exports: [
+        PermissionService,
+        AbilityFactory
+      ]
+    };
+  }
+  /**
+  * 异步注册 AuthZPaas 模块（根模块）
+  * 用于需要从配置服务获取设置的场景
+  *
+  * @param options 异步配置选项
+  * @returns 动态模块
+  *
+  * @example
+  * ```typescript
+  * @Module({
+  *   imports: [
+  *     AuthZPaasModule.forRootAsync({
+  *       imports: [ConfigModule],
+  *       inject: [ConfigService],
+  *       useFactory: async (configService: ConfigService) => ({
+  *         permissionApi: {
+  *           baseUrl: configService.get('PERMISSION_API_URL'),
+  *           apiToken: configService.get('PERMISSION_API_TOKEN'),
+  *         },
+  *         cache: {
+  *           ttl: configService.get('CACHE_TTL', 300),
+  *           max: configService.get('CACHE_MAX', 1000),
+  *         },
+  *       }),
+  *     }),
+  *   ],
+  * })
+  * export class AppModule {}
+  * ```
+  */
+  static forRootAsync(options) {
+    const { imports = [], inject = [], useFactory } = options;
+    return {
+      module: _AuthZPaasModule,
+      global: true,
+      imports,
+      controllers: [],
+      providers: [
+        // 异步配置提供者
+        {
+          provide: AUTHZPAAS_MODULE_OPTIONS,
+          useFactory,
+          inject
+        },
+        // 权限 API 配置提供者
+        {
+          provide: PERMISSION_API_CONFIG_TOKEN,
+          useFactory: /* @__PURE__ */ __name2((moduleOptions) => {
+            return moduleOptions.permissionApi;
+          }, "useFactory"),
+          inject: [
+            AUTHZPAAS_MODULE_OPTIONS
+          ]
+        },
+        // 核心服务
+        import_core6.Reflector,
+        // 服务提供者
+        PermissionService,
+        AbilityFactory,
+        AuthZPaasGuard,
+        // 守卫提供者
+        {
+          provide: import_core6.APP_GUARD,
+          useClass: AuthZPaasGuard
+        }
+      ],
+      exports: [
+        PermissionService,
+        AbilityFactory
+      ]
+    };
+  }
+};
+AuthZPaasModule = _ts_decorate62([
+  (0, import_common10.Module)({})
+], AuthZPaasModule);
+var CanRole = /* @__PURE__ */ __name2((role) => {
+  let requirement;
+  if (!Array.isArray(role) && typeof role === "string") {
+    requirement = {
+      roles: [
+        role
+      ]
+    };
+  } else if (Array.isArray(role) && role.every((role2) => typeof role2 === "string")) {
+    requirement = {
+      roles: role
+    };
+  } else {
+    throw new Error("Invalid CanRole parameter: " + JSON.stringify(role));
+  }
+  return (0, import_common19.SetMetadata)(ROLES_KEY, requirement);
+}, "CanRole");
+
+// src/modules/platform/module.ts
+function _ts_decorate11(decorators, target, key, desc) {
+  var c4 = arguments.length, r2 = c4 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d4;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r2 = Reflect.decorate(decorators, target, key, desc);
+  else for (var i4 = decorators.length - 1; i4 >= 0; i4--) if (d4 = decorators[i4]) r2 = (c4 < 3 ? d4(r2) : c4 > 3 ? d4(target, key, r2) : d4(target, key)) || r2;
+  return c4 > 3 && r2 && Object.defineProperty(target, key, r2), r2;
+}
+__name(_ts_decorate11, "_ts_decorate");
 var PLATFORM_MODULE_OPTIONS = /* @__PURE__ */ Symbol("PLATFORM_MODULE_OPTIONS");
 var PlatformModule = class _PlatformModule {
   static {
@@ -809,7 +2610,7 @@ var PlatformModule = class _PlatformModule {
             app_config_default
           ]
         }),
-        import_nestjs_common3.CommonModule,
+        import_nestjs_common8.CommonModule,
         import_nestjs_observable.NestjsObservableModule,
         import_nestjs_logger2.LoggerModule,
         import_axios2.HttpModule.register({
@@ -848,6 +2649,7 @@ var PlatformModule = class _PlatformModule {
           })
         ],
         import_nestjs_authnpaas.AuthNPaasModule.forRoot(),
+        AuthZPaasModule.forRoot(),
         import_nestjs_trigger.AutomationModule.forRoot(),
         import_nestjs_capability.CapabilityModule.forRoot({
           capabilitiesDir: options.capabilitiesDir,
@@ -860,8 +2662,8 @@ var PlatformModule = class _PlatformModule {
           useValue: options
         },
         {
-          provide: import_core2.APP_PIPE,
-          useValue: new import_common9.ValidationPipe({
+          provide: import_core10.APP_PIPE,
+          useValue: new import_common20.ValidationPipe({
             transform: true,
             transformOptions: {
               enableImplicitConversion: true
@@ -869,12 +2671,12 @@ var PlatformModule = class _PlatformModule {
           })
         },
         {
-          provide: import_nestjs_common3.OBSERVABLE_SERVICE,
+          provide: import_nestjs_common8.OBSERVABLE_SERVICE,
           useClass: import_nestjs_observable.Observable
         },
         PlatformHttpClientService,
         {
-          provide: import_nestjs_common4.PLATFORM_HTTP_CLIENT,
+          provide: import_nestjs_common9.PLATFORM_HTTP_CLIENT,
           useFactory: /* @__PURE__ */ __name((svc) => svc.instance, "useFactory"),
           inject: [
             PlatformHttpClientService
@@ -882,17 +2684,19 @@ var PlatformModule = class _PlatformModule {
         },
         HttpInterceptorService,
         {
-          provide: import_core2.APP_INTERCEPTOR,
+          provide: import_core10.APP_INTERCEPTOR,
           useClass: import_nestjs_observable.TraceInterceptor
-        }
+        },
+        FileService
       ],
       exports: [
         import_config2.ConfigModule,
         import_nestjs_logger2.LoggerModule,
-        import_nestjs_common3.CommonModule,
-        import_nestjs_common3.OBSERVABLE_SERVICE,
-        import_nestjs_common4.PLATFORM_HTTP_CLIENT,
-        import_nestjs_capability.CapabilityModule
+        import_nestjs_common8.CommonModule,
+        import_nestjs_common8.OBSERVABLE_SERVICE,
+        import_nestjs_common9.PLATFORM_HTTP_CLIENT,
+        import_nestjs_capability.CapabilityModule,
+        FileService
       ]
     };
   }
@@ -921,9 +2725,9 @@ var PlatformModule = class _PlatformModule {
     }
   }
 };
-PlatformModule = _ts_decorate9([
-  (0, import_common9.Global)(),
-  (0, import_common9.Module)({})
+PlatformModule = _ts_decorate11([
+  (0, import_common20.Global)(),
+  (0, import_common20.Module)({})
 ], PlatformModule);
 
 // src/setup.ts
@@ -962,14 +2766,17 @@ __reExport(index_exports, require("@lark-apaas/nestjs-capability"), module.expor
 __reExport(index_exports, require("@lark-apaas/nestjs-datapaas"), module.exports);
 __reExport(index_exports, require("@lark-apaas/nestjs-observable"), module.exports);
 __reExport(index_exports, require("@lark-apaas/nestjs-trigger"), module.exports);
-var import_nestjs_common5 = require("@lark-apaas/nestjs-common");
+__reExport(index_exports, require("@lark-apaas/file-service"), module.exports);
+var import_nestjs_common10 = require("@lark-apaas/nestjs-common");
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   AutoTrace,
+  CanRole,
   CsrfMiddleware,
   CsrfTokenMiddleware,
   DevToolsModule,
   DevToolsV2Module,
+  FileService,
   PlatformModule,
   UserContextMiddleware,
   ViewContextMiddleware,
@@ -978,5 +2785,6 @@ var import_nestjs_common5 = require("@lark-apaas/nestjs-common");
   ...require("@lark-apaas/nestjs-capability"),
   ...require("@lark-apaas/nestjs-datapaas"),
   ...require("@lark-apaas/nestjs-observable"),
-  ...require("@lark-apaas/nestjs-trigger")
+  ...require("@lark-apaas/nestjs-trigger"),
+  ...require("@lark-apaas/file-service")
 });