npm - @niledatabase/server - Versions diffs - 4.2.0 → 5.0.0-alpha.1 - Mend

@niledatabase/server 4.2.0 → 5.0.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/index.js CHANGED Viewed

@@ -2,12 +2,28 @@
 require('dotenv/config');
 var pg = require('pg');
-var jose = require('jose');
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 var pg__default = /*#__PURE__*/_interopDefault(pg);
+// src/types.ts
+var APIErrorErrorCodeEnum = {
+  InternalError: "internal_error",
+  BadRequest: "bad_request",
+  EntityNotFound: "entity_not_found",
+  DuplicateEntity: "duplicate_entity",
+  InvalidCredentials: "invalid_credentials",
+  UnknownOidcProvider: "unknown_oidc_provider",
+  ProviderAlreadyExists: "provider_already_exists",
+  ProviderConfigError: "provider_config_error",
+  ProviderMismatch: "provider_mismatch",
+  ProviderUpdateError: "provider_update_error",
+  SessionStateMissing: "session_state_missing",
+  SessionStateMismatch: "session_state_mismatch",
+  OidcCodeMissing: "oidc_code_missing"
+};
 // src/users/types.ts
 var LoginUserResponseTokenTypeEnum = {
   AccessToken: "ACCESS_TOKEN",
@@ -15,10 +31,86 @@ var LoginUserResponseTokenTypeEnum = {
   IdToken: "ID_TOKEN"
 };
-// src/api/utils/routes/urlMatches.ts
-function urlMatches(requestUrl, route15) {
+// src/api/utils/routes/index.ts
+var NILEDB_API_URL = process.env.NILEDB_API_URL;
+var appRoutes = (prefix = "/api") => ({
+  SIGNIN: `${prefix}${"/auth/signin" /* SIGNIN */}`,
+  PROVIDERS: `${prefix}${"/auth/providers" /* PROVIDERS */}`,
+  SESSION: `${prefix}${"/auth/session" /* SESSION */}`,
+  CSRF: `${prefix}${"/auth/csrf" /* CSRF */}`,
+  CALLBACK: `${prefix}${"/auth/callback" /* CALLBACK */}`,
+  SIGNOUT: `${prefix}${"/auth/signout" /* SIGNOUT */}`,
+  ERROR: `${prefix}/auth/error`,
+  VERIFY_REQUEST: `${prefix}/auth/verify-request`,
+  PASSWORD_RESET: `${prefix}/auth/reset-password`,
+  ME: `${prefix}${"/me" /* ME */}`,
+  USERS: `${prefix}${"/users" /* USERS */}`,
+  USER_TENANTS: `${prefix}${"/users/{userId}/tenants" /* USER_TENANTS */}`,
+  TENANTS: `${prefix}${"/tenants" /* TENANTS */}`,
+  TENANT: `${prefix}${"/tenants/{tenantId}" /* TENANT */}`,
+  TENANT_USER: `${prefix}${"/tenants/{tenantId}/users/{userId}" /* TENANT_USER */}`,
+  TENANT_USERS: `${prefix}${"/tenants/{tenantId}/users" /* TENANT_USERS */}`,
+  SIGNUP: `${prefix}${"/signup" /* SIGNUP */}`,
+  LOG: `${prefix}/_log`
+});
+var apiRoutes = (config) => ({
+  ME: makeRestUrl(config, "/me"),
+  USERS: (qp) => makeRestUrl(config, "/users", qp),
+  USER: (userId) => makeRestUrl(config, `/users/${userId}`),
+  TENANTS: makeRestUrl(config, "/tenants"),
+  TENANT: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}`),
+  SIGNUP: makeRestUrl(config, "/signup"),
+  TENANT_USERS: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/users`),
+  TENANT_USER: makeRestUrl(
+    config,
+    `/tenants/${config.tenantId}/users/${config.userId}`
+  ),
+  USER_TENANTS: (userId) => makeRestUrl(config, `/users/${userId}/tenants`)
+});
+var proxyRoutes = (config) => ({
+  SIGNIN: makeRestUrl(config, "/auth/signin" /* SIGNIN */),
+  PROVIDERS: makeRestUrl(config, "/auth/providers" /* PROVIDERS */),
+  SESSION: makeRestUrl(config, "/auth/session" /* SESSION */),
+  CSRF: makeRestUrl(config, "/auth/csrf" /* CSRF */),
+  CALLBACK: makeRestUrl(config, "/auth/callback" /* CALLBACK */),
+  SIGNOUT: makeRestUrl(config, "/auth/signout" /* SIGNOUT */),
+  ERROR: makeRestUrl(config, "/auth/error"),
+  VERIFY_REQUEST: makeRestUrl(config, "/auth/verify-request"),
+  PASSWORD_RESET: makeRestUrl(config, "/auth/reset-password")
+});
+function filterNullUndefined(obj) {
+  if (!obj) {
+    return void 0;
+  }
+  return Object.fromEntries(
+    Object.entries(obj).filter(
+      ([, value]) => value !== null && value !== void 0
+    )
+  );
+}
+function makeRestUrl(config, path, qp) {
+  const url = config.apiUrl || NILEDB_API_URL;
+  if (!url) {
+    throw new Error(
+      "An API url is required. Set it via NILEDB_API_URL. Was auto configuration run?"
+    );
+  }
+  const params = new URLSearchParams(
+    filterNullUndefined(qp)
+  );
+  const strParams = params.toString();
+  return `${[url, path.substring(1, path.length)].join("/")}${strParams ? `?${strParams}` : ""}`;
+}
+function urlMatches(requestUrl, route16) {
   const url = new URL(requestUrl);
-  return url.pathname.startsWith(route15);
+  return url.pathname.startsWith(route16);
+}
+function isUUID(value) {
+  if (!value) {
+    return false;
+  }
+  const regex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5|7][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/;
+  return regex.test(value);
 }
 // src/utils/Logger.ts
@@ -82,7 +174,6 @@ function matchesLog(configRoutes, request2) {
 // src/utils/constants.ts
 var X_NILE_TENANT = "nile.tenant_id";
-var X_NILE_USER_ID = "nile.user_id";
 var X_NILE_ORIGIN = "nile.origin";
 var X_NILE_SECURECOOKIES = "nile.secure_cookies";
@@ -101,19 +192,14 @@ async function request(url, _init, config) {
       String(request2.headers.get(X_NILE_TENANT))
     );
   }
-  if (config.api.secureCookies != null) {
-    updatedHeaders.set(X_NILE_SECURECOOKIES, String(config.api.secureCookies));
+  if (config.secureCookies != null) {
+    updatedHeaders.set(X_NILE_SECURECOOKIES, String(config.secureCookies));
   }
   updatedHeaders.set("host", requestUrl.host);
-  if (config.api.callbackUrl) {
-    const cbUrl = new URL(config.api.callbackUrl);
-    debug(
-      `Obtained origin from config.api.callbackUrl ${config.api.callbackUrl}`
-    );
+  if (config.callbackUrl) {
+    const cbUrl = new URL(config.callbackUrl);
+    debug(`Obtained origin from config.callbackUrl ${config.callbackUrl}`);
     updatedHeaders.set(X_NILE_ORIGIN, cbUrl.origin);
-  } else if (config.api.origin) {
-    debug(`Obtained origin from config.api.origin ${config.api.origin}`);
-    updatedHeaders.set(X_NILE_ORIGIN, config.api.origin);
   } else {
     updatedHeaders.set(X_NILE_ORIGIN, requestUrl.origin);
     debug(`Obtained origin from request ${requestUrl.origin}`);
@@ -134,19 +220,23 @@ async function request(url, _init, config) {
   }
   params.headers = updatedHeaders;
   const fullUrl = `${url}${requestUrl.search}`;
+  if (config.debug) {
+    params.headers.set("request-id", crypto.randomUUID());
+    params.cache = "no-store";
+  }
   try {
-    const res = await fetch(fullUrl, { ...params }).catch(
-      (e) => {
-        error("An error has occurred in the fetch", {
-          message: e.message,
-          stack: e.stack
-        });
-        return new Response(
-          "An unexpected (most likely configuration) problem has occurred",
-          { status: 500 }
-        );
-      }
-    );
+    const res = await fetch(fullUrl, {
+      ...params
+    }).catch((e) => {
+      error("An error has occurred in the fetch", {
+        message: e.message,
+        stack: e.stack
+      });
+      return new Response(
+        "An unexpected (most likely configuration) problem has occurred",
+        { status: 500 }
+      );
+    });
     const loggingRes = typeof res?.clone === "function" ? res?.clone() : null;
     info(`[${params.method ?? "GET"}] ${fullUrl}`, {
       status: res?.status,
@@ -172,8 +262,8 @@ async function request(url, _init, config) {
 async function auth(req, config) {
   const { info, error } = Logger(config, "[nileauth]");
   info("checking auth");
-  const sessionUrl = `${config.api.basePath}/auth/session`;
-  info(`using session${sessionUrl}`);
+  const sessionUrl = `${config.apiUrl}/auth/session`;
+  info(`using session ${sessionUrl}`);
   req.headers.delete("content-length");
   const res = await request(sessionUrl, { request: req }, config);
   if (!res) {
@@ -192,1105 +282,852 @@ async function auth(req, config) {
     return void 0;
   }
 }
-var getCallbackUrl = (cfg) => {
-  const { config } = cfg;
-  if (stringCheck(process.env.NILEDB_CALLBACK_URL)) {
-    return process.env.NILEDB_CALLBACK_URL;
+// src/api/routes/me/index.ts
+var key = "ME";
+async function route(request2, config) {
+  const url = apiRoutes(config)[key];
+  if (request2.method === "GET") {
+    return await GET(url, { request: request2 }, config);
   }
-  return config?.api?.callbackUrl;
-};
-var getSecureCookies = (cfg) => {
-  const { config } = cfg;
-  if (stringCheck(process.env.NILEDB_SECURECOOKIES)) {
-    return Boolean(process.env.NILEDB_SECURECOOKIES);
+  if (request2.method === "PUT") {
+    return await PUT(url, { request: request2 }, config);
   }
-  return config?.api?.secureCookies;
-};
-var getDatabaseId = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[databaseId]");
-  if (stringCheck(config?.databaseId)) {
-    logger && info(`${logger}[config] ${config?.databaseId}`);
-    return String(config?.databaseId);
-  }
-  const dbFromEnv = stringCheck(process.env.NILEDB_ID);
-  if (dbFromEnv) {
-    logger && info(`${logger}[NILEDB_ID] ${dbFromEnv}`);
-    return dbFromEnv;
-  }
-  const dbId = stringCheck(process.env.NILEDB_API_URL);
-  if (dbId) {
-    try {
-      const pgUrl = new URL(dbId);
-      return pgUrl.pathname.split("/")[3];
-    } catch (e) {
+  if (request2.method === "DELETE") {
+    const session = await auth(request2, config);
+    if (!session) {
+      return new Response(null, { status: 401 });
     }
+    return await DELETE(url, { request: request2 }, config);
   }
-  return null;
-};
-var getUsername = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[username]");
-  if (config?.user) {
-    logger && info(`${logger}[config] ${config.user}`);
-    return String(config?.user);
-  }
-  const user = stringCheck(process.env.NILEDB_USER);
-  if (user) {
-    logger && info(`${logger}[NILEDB_USER] ${user}`);
-    return user;
-  }
-  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
-  if (pg2) {
-    try {
-      const url = new URL(pg2);
-      if (url.username) {
-        return url.username;
-      }
-    } catch (e) {
-    }
+  return new Response("method not allowed", { status: 405 });
+}
+function matches(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key]);
+}
+async function fetchMe(config, method, body) {
+  const clientUrl = `${config.origin}${config.routePrefix}${"/me" /* ME */}`;
+  const init = {
+    headers: config.headers,
+    method: method ?? "GET"
+  };
+  if (method === "PUT") {
+    init.body = body;
   }
-  return void 0;
-};
-var getPassword = (cfg) => {
-  const { config, logger } = cfg;
-  const log = logProtector(logger);
-  const { info } = Logger(config, "[password]");
-  if (stringCheck(config?.password)) {
-    log && info(`${logger}[config] ***`);
-    return String(config?.password);
+  const req = new Request(clientUrl, init);
+  if (method === "DELETE") {
+    return await config.handlers.DELETE(req);
   }
-  const pass = stringCheck(process.env.NILEDB_PASSWORD);
-  if (pass) {
-    logger && info(`${logger}[NILEDB_PASSWORD] ***`);
-    return pass;
+  if (method === "PUT") {
+    return await config.handlers.PUT(req);
   }
-  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
-  if (pg2) {
-    try {
-      const url = new URL(pg2);
-      if (url.password) {
-        return url.password;
+  return await config.handlers.GET(req);
+}
+async function DELETE(url, init, config) {
+  init.method = "DELETE";
+  return await request(url, init, config);
+}
+async function PUT(url, init, config) {
+  init.method = "PUT";
+  return await request(url, init, config);
+}
+async function GET(url, init, config) {
+  const res = await request(url, init, config);
+  return res;
+}
+// src/utils/Event/index.ts
+var Eventer = class {
+  events = {};
+  publish(eventName, value) {
+    const callbacks = this.events[eventName];
+    if (callbacks) {
+      for (const callback of callbacks) {
+        callback(value);
       }
-    } catch (e) {
     }
   }
-  return void 0;
-};
-var getInfoBearer = (cfg) => {
-  return `${getUsername(cfg)}:${getPassword(cfg)}`;
-};
-var getToken = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[token]");
-  if (stringCheck(config?.api?.token)) {
-    logger && info(`${logger}[config] ${config?.api?.token}`);
-    return String(config?.api?.token);
-  }
-  const token = stringCheck(process.env.NILEDB_TOKEN);
-  if (token) {
-    logger && info(`${logger}[NILEDB_TOKEN] ${token}`);
-    return token;
-  }
-  return void 0;
-};
-var getDatabaseName = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[databaseName]");
-  if (stringCheck(config?.databaseName)) {
-    logger && info(`${logger}[config] ${config?.databaseName}`);
-    return String(config?.databaseName);
-  }
-  const name = stringCheck(process.env.NILEDB_NAME);
-  if (name) {
-    logger && info(`${logger}[NILEDB_NAME] ${name}`);
-    return name;
+  subscribe(eventName, callback) {
+    if (!this.events[eventName]) {
+      this.events[eventName] = [];
+    }
+    this.events[eventName].push(callback);
   }
-  if (process.env.NILEDB_POSTGRES_URL) {
-    try {
-      const pgUrl = new URL(process.env.NILEDB_POSTGRES_URL);
-      return pgUrl.pathname.substring(1);
-    } catch (e) {
+  unsubscribe(eventName, callback) {
+    const callbacks = this.events[eventName];
+    if (!callbacks) return;
+    const index = callbacks.indexOf(callback);
+    if (index !== -1) {
+      callbacks.splice(index, 1);
+    }
+    if (callbacks.length === 0) {
+      delete this.events[eventName];
     }
   }
-  return null;
 };
-var getTenantId = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[tenantId]");
-  if (stringCheck(config?.tenantId)) {
-    logger && info(`${logger}[config] ${config?.tenantId}`);
-    return String(config?.tenantId);
-  }
-  if (stringCheck(process.env.NILEDB_TENANT)) {
-    logger && info(`${logger}[NILEDB_TENANT] ${process.env.NILEDB_TENANT}`);
-    return String(process.env.NILEDB_TENANT);
-  }
-  return null;
+var eventer = new Eventer();
+var watchTenantId = (cb) => eventer.subscribe("tenantId" /* Tenant */, cb);
+var watchUserId = (cb) => eventer.subscribe("userId" /* User */, cb);
+var evictPool = (val) => {
+  eventer.publish("EvictPool" /* EvictPool */, val);
 };
-var getCookieKey = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[cookieKey]");
-  if (stringCheck(config?.api?.cookieKey)) {
-    logger && info(`${logger}[config] ${config?.api?.cookieKey}`);
-    return String(config?.api?.cookieKey);
-  }
-  if (stringCheck(process.env.NILEDB_COOKIE_KEY)) {
-    logger && info(`${logger}[NILEDB_COOKIE_KEY] ${process.env.NILEDB_COOKIE_KEY}`);
-    return String(process.env.NILEDB_COOKIE_KEY);
-  }
-  return "token";
+var watchEvictPool = (cb) => eventer.subscribe("EvictPool" /* EvictPool */, cb);
+var updateHeaders = (val) => {
+  eventer.publish("headers" /* Headers */, val);
 };
-var getBasePath = (cfg) => {
-  const { config, logger } = cfg;
-  const { warn, info, error } = Logger(config, "[basePath]");
-  const basePath = config?.api?.basePath;
-  if (stringCheck(basePath)) {
-    logger && info(`${logger}[config] ${basePath}`);
-    return basePath;
-  }
-  const envUrl = stringCheck(process.env.NILEDB_API_URL);
-  if (envUrl) {
-    logger && info(`${logger}[NILEDB_API_URL] ${process.env.NILEDB_API_URL}`);
-    try {
-      const apiUrl = new URL(envUrl);
-      return apiUrl.href;
-    } catch (e) {
-      if (e instanceof Error) {
-        error(e.stack);
-      }
+var watchHeaders = (cb) => eventer.subscribe("headers" /* Headers */, cb);
+// src/utils/fetch.ts
+function getTokenFromCookie(headers, cookieKey) {
+  const cookie = headers.get("cookie")?.split("; ");
+  const _cookies = {};
+  if (cookie) {
+    for (const parts of cookie) {
+      const cookieParts = parts.split("=");
+      const _cookie = cookieParts.slice(1).join("=");
+      const name = cookieParts[0];
+      _cookies[name] = _cookie;
     }
   }
-  warn("not set. Must run auto-configuration");
-  return void 0;
-};
-var getControlPlane = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[basePath]");
-  if (stringCheck(config?.configureUrl)) {
-    logger && info(`${logger}[config] ${config?.configureUrl}`);
-    return String(config?.configureUrl);
-  }
-  const autoConfigUrl = stringCheck(process.env.NILEDB_CONFIGURE);
-  if (autoConfigUrl) {
-    logger && info(`${logger}[NILEDB_CONFIGURE] ${process.env.NILEDB_CONFIGURE}`);
-    if (!autoConfigUrl.startsWith("http")) {
-      return `https://${process.env.NILEDB_CONFIGURE}`;
+  if (cookie) {
+    for (const parts of cookie) {
+      const cookieParts = parts.split("=");
+      const _cookie = cookieParts.slice(1).join("=");
+      const name = cookieParts[0];
+      _cookies[name] = _cookie;
     }
-    return process.env.NILEDB_CONFIGURE;
-  }
-  logger && info(`${logger}[default] https://global.thenile.dev`);
-  return "https://global.thenile.dev";
-};
-function getDbHost(cfg) {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[db.host]");
-  if (stringCheck(config?.db && config.db.host)) {
-    logger && info(`${logger}[config] ${config?.db?.host}`);
-    return String(config?.db?.host);
-  }
-  if (stringCheck(process.env.NILEDB_HOST)) {
-    logger && info(`${logger}[NILEDB_HOST] ${process.env.NILEDB_HOST}`);
-    return process.env.NILEDB_HOST;
   }
-  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
-  if (pg2) {
-    try {
-      const pgUrl = new URL(pg2);
-      logger && info(`${logger}[NILEDB_POSTGRES_URL] ${pgUrl.hostname}`);
-      return pgUrl.hostname;
-    } catch (e) {
-    }
+  {
+    return _cookies[cookieKey];
   }
-  logger && info(`${logger}[default] db.thenile.dev`);
-  return "db.thenile.dev";
 }
-function getDbPort(cfg) {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[db.port]");
-  if (config?.db?.port && config.db.port != null) {
-    logger && info(`${logger}[config] ${config?.db.port}`);
-    return Number(config.db?.port);
-  }
-  if (stringCheck(process.env.NILEDB_PORT)) {
-    logger && info(`${logger}[NILEDB_PORT] ${process.env.NILEDB_PORT}`);
-    return Number(process.env.NILEDB_PORT);
+function getTenantFromHttp(headers, config) {
+  const cookieTenant = getTokenFromCookie(headers, X_NILE_TENANT);
+  return cookieTenant ?? headers?.get(X_NILE_TENANT) ?? config?.tenantId;
+}
+// src/api/routes/users/POST.ts
+async function POST(config, init) {
+  init.body = init.request.body;
+  init.method = "POST";
+  const yurl = new URL(init.request.url);
+  const tenantId = yurl.searchParams.get("tenantId");
+  const newTenantName = yurl.searchParams.get("newTenantName");
+  const tenant = tenantId ?? getTenantFromHttp(init.request.headers);
+  const url = apiRoutes(config).USERS({ tenantId: tenant, newTenantName });
+  return await request(url, init, config);
+}
+// src/api/routes/users/GET.ts
+async function GET2(config, init, log) {
+  const yurl = new URL(init.request.url);
+  const tenantId = yurl.searchParams.get("tenantId");
+  const tenant = tenantId ?? getTenantFromHttp(init.request.headers);
+  if (!tenant) {
+    log("[GET] No tenant id provided.");
+    return new Response(null, { status: 404 });
   }
-  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
-  if (pg2) {
-    try {
-      const pgUrl = new URL(pg2);
-      if (pgUrl.port) {
-        return Number(pgUrl.port);
-      }
-    } catch (e) {
-    }
+  const url = apiRoutes(config).TENANT_USERS(tenant);
+  init.method = "GET";
+  return await request(url, init, config);
+}
+// src/api/routes/users/[userId]/PUT.ts
+async function PUT2(config, session, init) {
+  if (!session) {
+    return new Response(null, { status: 401 });
   }
-  logger && info(`${logger}[default] 5432`);
-  return 5432;
+  init.body = init.request.body;
+  init.method = "PUT";
+  const [userId] = new URL(init.request.url).pathname.split("/").reverse();
+  const url = apiRoutes(config).USER(userId);
+  return await request(url, init, config);
 }
-var logProtector = (logger) => {
-  return process.env.NODE_ENV === "development" || process.env.NODE_ENV === "test" ? logger : null;
-};
-var stringCheck = (str) => {
-  if (str && str !== "") {
-    return str;
+// src/api/routes/users/index.ts
+var key2 = "USERS";
+async function route2(request2, config) {
+  const { info } = Logger(
+    { ...config, debug: config.debug },
+    `[ROUTES][${key2}]`
+  );
+  const session = await auth(request2, config);
+  switch (request2.method) {
+    case "GET":
+      return await GET2(config, { request: request2 }, info);
+    case "POST":
+      return await POST(config, { request: request2 });
+    case "PUT":
+      return await PUT2(config, session, { request: request2 });
+    default:
+      return new Response("method not allowed", { status: 405 });
   }
-  return;
-};
+}
+function matches2(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key2]);
+}
-// src/utils/Config/index.ts
-var ApiConfig = class {
-  cookieKey;
-  basePath;
-  routes;
-  routePrefix;
-  secureCookies;
-  origin;
-  headers;
-  /**
-   * The client side callback url. Defaults to nothing (so nile.origin will be it), but in the cases of x-origin, you want to set this explicitly to be sure nile-auth does the right thing
-   * If this is set, any `callbackUrl` from the client will be ignored.
-   */
-  callbackUrl;
-  #token;
-  constructor(config, logger) {
-    const envVarConfig = { config, logger };
-    this.cookieKey = getCookieKey(envVarConfig);
-    this.#token = getToken(envVarConfig);
-    this.callbackUrl = getCallbackUrl(envVarConfig);
-    this.secureCookies = getSecureCookies(envVarConfig);
-    this.basePath = getBasePath(envVarConfig);
-    if (config?.api?.headers instanceof Headers) {
-      this.headers = config?.api?.headers;
-    } else if (config?.api?.headers) {
-      this.headers = new Headers(config.api.headers);
-    }
-    this.routes = config?.api?.routes;
-    this.routePrefix = config?.api?.routePrefix;
-    this.origin = config?.api?.origin;
+// src/api/routes/tenants/[tenantId]/users/GET.ts
+async function GET3(config, init) {
+  const yurl = new URL(init.request.url);
+  const [, tenantId] = yurl.pathname.split("/").reverse();
+  const url = `${apiRoutes(config).TENANT_USERS(tenantId)}`;
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/[tenantId]/users/POST.ts
+async function POST2(config, session, init) {
+  const yurl = new URL(init.request.url);
+  const [, tenantId] = yurl.pathname.split("/").reverse();
+  init.body = JSON.stringify({ email: session.email });
+  init.method = "POST";
+  const url = apiRoutes(config).TENANT_USERS(tenantId);
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/[tenantId]/users/index.ts
+var key3 = "TENANT_USERS";
+async function route3(request2, config) {
+  const { info } = Logger(
+    { ...config, debug: config.debug },
+    `[ROUTES][${key3}]`
+  );
+  const session = await auth(request2, config);
+  if (!session) {
+    info("401");
+    return new Response(null, { status: 401 });
   }
-  get token() {
-    return this.#token;
+  const yurl = new URL(request2.url);
+  const [, tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    info("No tenant id found in path");
+    return new Response(null, { status: 404 });
   }
-  set token(value) {
-    this.#token = value;
+  switch (request2.method) {
+    case "GET":
+      return await GET3(config, { request: request2 });
+    case "POST":
+      return await POST2(config, session, { request: request2 });
+    default:
+      return new Response("method not allowed", { status: 405 });
   }
-};
-var Config = class {
-  user;
-  password;
-  databaseId;
-  databaseName;
-  logger;
-  debug;
-  db;
-  api;
-  #tenantId;
-  #userId;
-  get tenantId() {
-    return this.#tenantId;
+}
+function matches3(configRoutes, request2) {
+  const url = new URL(request2.url);
+  const [userId, possibleTenantId, tenantId] = url.pathname.split("/").reverse();
+  let route16 = configRoutes[key3].replace("{tenantId}", tenantId).replace("{userId}", userId);
+  if (userId === "users") {
+    route16 = configRoutes[key3].replace("{tenantId}", possibleTenantId);
   }
-  set tenantId(value) {
-    this.#tenantId = value;
+  return urlMatches(request2.url, route16);
+}
+async function fetchTenantUsers(config, method, payload) {
+  const { body, params } = {};
+  if (!config.tenantId) {
+    throw new Error(
+      'Unable to fetch tenant, the tenantId context is missing. Call nile.setContext({ tenantId }), set nile.tenantId = "tenantId", or add it to the function call'
+    );
   }
-  get userId() {
-    return this.#userId;
+  if (!isUUID(config.tenantId) && config.logger?.warn) {
+    config.logger?.warn(
+      "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
+    );
   }
-  set userId(value) {
-    this.#userId = value;
+  const q = new URLSearchParams();
+  if (params?.newTenantName) {
+    q.set("newTenantName", params.newTenantName);
   }
-  constructor(config, logger) {
-    const envVarConfig = { config, logger };
-    this.user = getUsername(envVarConfig);
-    this.logger = config?.logger;
-    this.password = getPassword(envVarConfig);
-    if (process.env.NODE_ENV !== "TEST") {
-      if (!this.user) {
-        throw new Error(
-          "User is required. Set NILEDB_USER as an environment variable or set `user` in the config options."
-        );
-      }
-      if (!this.password) {
-        throw new Error(
-          "Password is required. Set NILEDB_PASSWORD as an environment variable or set `password` in the config options."
-        );
-      }
-    }
-    this.databaseId = getDatabaseId(envVarConfig);
-    this.databaseName = getDatabaseName(envVarConfig);
-    this.#tenantId = getTenantId(envVarConfig);
-    this.debug = Boolean(config?.debug);
-    this.#userId = config?.userId;
-    const { host, port, ...dbConfig } = config?.db ?? {};
-    const configuredHost = host ?? getDbHost(envVarConfig);
-    const configuredPort = port ?? getDbPort(envVarConfig);
-    this.api = new ApiConfig(config, logger);
-    this.db = {
-      user: this.user,
-      password: this.password,
-      host: configuredHost,
-      port: configuredPort,
-      ...dbConfig
-    };
-    if (this.databaseName) {
-      this.db.database = this.databaseName;
-    }
+  if (params?.tenantId) {
+    q.set("tenantId", params.tenantId);
   }
-  configure = async (config) => {
-    const { info, error, debug } = Logger(config, "[init]");
-    const envVarConfig = {
-      config
-    };
-    const { host, port, ...dbConfig } = config.db ?? {};
-    let configuredHost = host ?? getDbHost(envVarConfig);
-    const configuredPort = port ?? getDbPort(envVarConfig);
-    let basePath = getBasePath(envVarConfig);
-    if (configuredHost && this.databaseName && this.databaseId && basePath) {
-      info("Already configured, aborting fetch");
-      this.api = new ApiConfig(config);
-      this.db = {
-        user: this.user,
-        password: this.password,
-        host: configuredHost,
-        port: configuredPort,
-        database: this.databaseName,
-        ...dbConfig
-      };
-      const cloned = { ...this.db };
-      cloned.password = "***";
-      info("[config set]", { db: cloned, api: this.api });
-      return this;
-    } else {
-      const msg = [];
-      if (!configuredHost) {
-        msg.push("Database host");
-      }
-      if (!this.databaseName) {
-        msg.push("Database name");
-      }
-      if (!this.databaseId) {
-        msg.push("Database id");
-      }
-      if (!basePath) {
-        msg.push("API URL");
-      }
-      info(
-        `[autoconfigure] ${msg.join(", ")} ${msg.length > 1 ? "are" : "is"} missing from the config. Autoconfiguration will run.`
-      );
-    }
-    const cp = getControlPlane(envVarConfig);
-    const databaseName = getDatabaseName({ config, logger: "getInfo" });
-    const url = new URL(`${cp}/databases/configure`);
-    if (databaseName) {
-      url.searchParams.set("databaseName", databaseName);
-    }
-    info(`configuring from ${url.href}`);
-    const res = await fetch(url, {
-      headers: {
-        Authorization: `Bearer ${getInfoBearer({ config })}`
-      }
-    }).catch(() => {
-      error(`Unable to auto-configure. is ${url} available?`);
-    });
-    if (!res) {
-      return this;
-    }
-    let database;
-    const possibleError = res.clone();
-    try {
-      const json = await res.json();
-      if (res.status === 404) {
-        info("is the configured databaseName correct?");
-      }
-      if (json.status && json.status !== "READY") {
-        database = { message: "Database is not ready yet" };
-      } else {
-        database = json;
-      }
-    } catch (e) {
-      const message = await possibleError.text();
-      debug("Unable to auto-configure");
-      error(message);
-      database = { message };
-    }
-    info("[fetched database]", database);
-    if (process.env.NODE_ENV !== "TEST") {
-      if ("message" in database) {
-        if ("statusCode" in database) {
-          error(database);
-          throw new Error("HTTP error has occurred");
-        } else {
-          throw new Error(
-            "Unable to auto-configure. Please remove NILEDB_NAME, NILEDB_API_URL, NILEDB_POSTGRES_URL, and/or NILEDB_HOST from your environment variables."
-          );
-        }
-      }
-      if (typeof database === "object") {
-        const { apiHost, dbHost, name, id } = database;
-        basePath = basePath || apiHost;
-        this.databaseId = id;
-        this.databaseName = name;
-        const dburl = new URL(dbHost);
-        configuredHost = dburl.hostname;
-      }
-    }
-    this.api = new ApiConfig(config);
-    this.db = {
-      user: this.user,
-      password: this.password,
-      host: configuredHost,
-      port: configuredPort,
-      database: this.databaseName,
-      ...dbConfig
-    };
-    info("[config set]", { db: this.db, api: this.api });
-    return this;
+  const clientUrl = `${config.origin}${config.routePrefix}${"/tenants/{tenantId}/users" /* TENANT_USERS */.replace(
+    "{tenantId}",
+    config.tenantId
+  )}`;
+  const m = method;
+  const init = {
+    method: m,
+    headers: config.headers
   };
-};
+  const req = new Request(clientUrl, init);
+  return await config.handlers[m](req);
+}
-// src/utils/Event/index.ts
-var Eventer = class {
-  events = {};
-  // Publish event and notify all subscribers
-  publish(eventName, value) {
-    const callbackList = this.events[eventName];
-    if (callbackList) {
-      for (const callback of callbackList) {
-        callback(value);
-      }
-    }
-  }
-  // Subscribe to events
-  subscribe(eventName, callback) {
-    if (!this.events[eventName]) {
-      this.events[eventName] = [];
-    }
-    this.events[eventName].push(callback);
+// src/api/routes/tenants/GET.ts
+async function GET4(config, session, init) {
+  let url = `${apiRoutes(config).USER_TENANTS(session.id)}`;
+  if (typeof session === "object" && "user" in session && session.user) {
+    url = `${apiRoutes(config).USER_TENANTS(session.user.id)}`;
   }
-  // Unsubscribe from an event
-  unsubscribe(eventName, callback) {
-    const callbackList = this.events[eventName];
-    if (!callbackList) {
-      return;
-    }
-    const index = callbackList.indexOf(callback);
-    if (index !== -1) {
-      callbackList.splice(index, 1);
-    }
-    if (callbackList.length === 0) {
-      delete this.events[eventName];
-    }
+  const res = await request(url, init, config);
+  return res;
+}
+// src/api/routes/tenants/[tenantId]/GET.ts
+async function GET5(config, init, log) {
+  const yurl = new URL(init.request.url);
+  const [tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    log("[GET] No tenant id provided.");
+    return new Response(null, { status: 404 });
   }
-};
-var eventer = new Eventer();
-var updateTenantId = (tenantId) => {
-  eventer.publish("tenantId" /* Tenant */, tenantId);
-};
-var watchTenantId = (cb) => eventer.subscribe("tenantId" /* Tenant */, cb);
-var updateUserId = (userId) => {
-  eventer.publish("userId" /* User */, userId);
-};
-var watchUserId = (cb) => eventer.subscribe("userId" /* User */, cb);
-var watchToken = (cb) => eventer.subscribe("token" /* Token */, cb);
-var watchEvictPool = (cb) => eventer.subscribe("EvictPool" /* EvictPool */, cb);
-var evictPool = (val) => {
-  eventer.publish("EvictPool" /* EvictPool */, val);
-};
+  init.method = "GET";
+  const url = `${apiRoutes(config).TENANT(tenantId)}`;
+  return await request(url, init, config);
+}
-// src/db/PoolProxy.ts
-function createProxyForPool(pool, config) {
-  const { info, error } = Logger(config, "[pool]");
-  return new Proxy(pool, {
-    get(target, property) {
-      if (property === "query") {
-        if (!config.db.connectionString) {
-          if (!config.user || !config.password) {
-            error(
-              "Cannot connect to the database. User and/or password are missing. Generate them at https://console.thenile.dev"
-            );
-          } else if (!config.db.database) {
-            error(
-              "Database name is missing from the config. Call `nile.init()` or set NILEDB_ID in your .env"
-            );
-          }
-        }
-        const caller = target[property];
-        return function query(...args) {
-          info("query", ...args);
-          const called = caller.apply(this, args);
-          return called;
-        };
-      }
-      return target[property];
-    }
-  });
+// src/api/routes/tenants/[tenantId]/DELETE.ts
+async function DELETE2(config, init) {
+  const yurl = new URL(init.request.url);
+  const [tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
+  }
+  init.method = "DELETE";
+  const url = `${apiRoutes(config).TENANT(tenantId)}`;
+  return await request(url, init, config);
 }
-// src/db/NileInstance.ts
-var NileDatabase = class {
-  pool;
-  tenantId;
-  userId;
-  id;
-  config;
-  timer;
-  constructor(config, id) {
-    const { warn, info, debug } = Logger(config, "[NileInstance]");
-    this.id = id;
-    const poolConfig = {
-      min: 0,
-      max: 10,
-      idleTimeoutMillis: 3e4,
-      ...config.db
-    };
-    const { afterCreate, ...remaining } = poolConfig;
-    config.db = poolConfig;
-    this.config = config;
-    const cloned = { ...this.config.db };
-    cloned.password = "***";
-    debug(`Connection pool config ${JSON.stringify(cloned)}`);
-    this.pool = createProxyForPool(new pg__default.default.Pool(remaining), this.config);
-    if (typeof afterCreate === "function") {
-      warn(
-        "Providing an pool configuration will stop automatic tenant context setting."
-      );
-    }
-    this.startTimeout();
-    this.pool.on("connect", async (client) => {
-      debug(`pool connected ${this.id}`);
-      this.startTimeout();
-      const afterCreate2 = makeAfterCreate(
-        config,
-        `${this.id}-${this.timer}`
-      );
-      afterCreate2(client, (err) => {
-        const { error } = Logger(config, "[after create callback]");
-        if (err) {
-          clearTimeout(this.timer);
-          error("after create failed", {
-            message: err.message,
-            stack: err.stack
-          });
-          evictPool(this.id);
-        }
-      });
-    });
-    this.pool.on("error", (err) => {
-      clearTimeout(this.timer);
-      info(`pool ${this.id} failed`, {
-        message: err.message,
-        stack: err.stack
-      });
-      evictPool(this.id);
-    });
-    this.pool.on("release", (destroy) => {
-      if (destroy) {
-        clearTimeout(this.timer);
-        evictPool(this.id);
-        debug(`destroying pool ${this.id}`);
-      }
-    });
-  }
-  startTimeout() {
-    const { debug } = Logger(this.config, "[NileInstance]");
-    if (this.timer) {
-      clearTimeout(this.timer);
-    }
-    this.timer = setTimeout(() => {
-      debug(
-        `Pool reached idleTimeoutMillis. ${this.id} evicted after ${Number(this.config.db.idleTimeoutMillis) ?? 3e4}ms`
-      );
-      this.pool.end(() => {
-        clearTimeout(this.timer);
-        evictPool(this.id);
-      });
-    }, Number(this.config.db.idleTimeoutMillis) ?? 3e4);
+// src/api/routes/tenants/[tenantId]/PUT.ts
+async function PUT3(config, init) {
+  const yurl = new URL(init.request.url);
+  const [tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
   }
-  shutdown() {
-    const { debug } = Logger(this.config, "[NileInstance]");
-    debug(`attempting to shut down ${this.id}`);
-    clearTimeout(this.timer);
-    this.pool.end(() => {
-      debug(`${this.id} has been shut down`);
-    });
+  init.body = init.request.body;
+  init.method = "PUT";
+  const url = `${apiRoutes(config).TENANT(tenantId)}`;
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/POST.ts
+async function POST3(config, init) {
+  init.body = init.request.body;
+  init.method = "POST";
+  const url = `${apiRoutes(config).TENANTS}`;
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/index.ts
+var key4 = "TENANTS";
+async function route4(request2, config) {
+  const { info } = Logger(
+    { ...config, debug: config.debug },
+    `[ROUTES][${key4}]`
+  );
+  const session = await auth(request2, config);
+  if (!session) {
+    info("401");
+    return new Response(null, { status: 401 });
   }
-};
-var NileInstance_default = NileDatabase;
-function makeAfterCreate(config, id) {
-  const { error, warn, debug } = Logger(config, "[afterCreate]");
-  return (conn, done) => {
-    conn.on("error", function errorHandler(e) {
-      error(`Connection ${id} was terminated by server`, {
-        message: e.message,
-        stack: e.stack
-      });
-      done(e, conn);
-    });
-    if (config.tenantId) {
-      const query = [`SET nile.tenant_id = '${config.tenantId}'`];
-      if (config.userId) {
-        if (!config.tenantId) {
-          warn("A user id cannot be set in context without a tenant id");
-        }
-        query.push(`SET nile.user_id = '${config.userId}'`);
+  const [possibleTenantId] = request2.url.split("/").reverse();
+  switch (request2.method) {
+    case "GET":
+      if (isUUID(possibleTenantId)) {
+        return await GET5(config, { request: request2 }, info);
       }
-      conn.query(query.join(";"), function(err) {
-        if (err) {
-          error("query connection failed", {
-            cause: err.cause,
-            stack: err.stack,
-            message: err.message,
-            name: err.name,
-            id
-          });
-        } else {
-          if (query.length === 1) {
-            debug(`connection context set: tenantId=${config.tenantId}`);
-          }
-          if (query.length === 2) {
-            debug(
-              `connection context set: tenantId=${config.tenantId} userId=${config.userId}`
-            );
-          }
-        }
-        done(err, conn);
-      });
-    }
-    done(null, conn);
+      return await GET4(config, session, { request: request2 });
+    case "POST":
+      return await POST3(config, { request: request2 });
+    case "DELETE":
+      return await DELETE2(config, { request: request2 });
+    case "PUT":
+      return await PUT3(config, { request: request2 });
+    default:
+      return new Response("method not allowed", { status: 405 });
+  }
+}
+function matches4(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key4]);
+}
+async function fetchTenants(config, method, body) {
+  const clientUrl = `${config.origin}${config.routePrefix}${"/tenants" /* TENANTS */}`;
+  const init = {
+    method,
+    headers: config.headers
   };
+  {
+    init.body = body;
+  }
+  const req = new Request(clientUrl, init);
+  return await config.handlers.POST(req);
 }
-// src/db/DBManager.ts
-var DBManager = class {
-  connections;
-  cleared;
-  poolWatcherFn;
-  makeId(tenantId, userId) {
-    if (tenantId && userId) {
-      return `${tenantId}:${userId}`;
-    }
-    if (tenantId) {
-      return `${tenantId}`;
-    }
-    return "base";
+async function fetchTenant(config, method, body) {
+  if (!config.tenantId) {
+    throw new Error(
+      'Unable to fetch tenant, the tenantId context is missing. Call nile.setContext({ tenantId }), set nile.tenantId = "tenantId", or add it to the function call'
+    );
   }
-  constructor(config) {
-    this.cleared = false;
-    this.connections = /* @__PURE__ */ new Map();
-    this.poolWatcherFn = this.poolWatcher(config);
-    watchEvictPool(this.poolWatcherFn);
+  if (!isUUID(config.tenantId) && config.logger?.warn) {
+    config.logger?.warn(
+      "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
+    );
   }
-  poolWatcher = (config) => (id) => {
-    const { info, warn } = Logger(config, "[DBManager]");
-    if (id && this.connections.has(id)) {
-      info(`Removing ${id} from db connection pool.`);
-      const connection = this.connections.get(id);
-      connection?.shutdown();
-      this.connections.delete(id);
-    } else {
-      warn(`missed eviction of ${id}`);
-    }
+  const clientUrl = `${config.origin}${config.routePrefix}${"/tenants/{tenantId}" /* TENANT */.replace("{tenantId}", config.tenantId)}`;
+  const m = method ?? "GET";
+  const init = {
+    method: m,
+    headers: config.headers
   };
-  getConnection = (config) => {
-    const { info } = Logger(config, "[DBManager]");
-    const id = this.makeId(config.tenantId, config.userId);
-    const existing = this.connections.get(id);
-    info(`# of instances: ${this.connections.size}`);
-    if (existing) {
-      info(`returning existing ${id}`);
-      existing.startTimeout();
-      return existing.pool;
+  if (m === "PUT") {
+    init.body = body;
+  }
+  const req = new Request(clientUrl, init);
+  return await config.handlers[m](req);
+}
+async function fetchTenantsByUser(config) {
+  if (config.logger?.warn) {
+    if (!config.userId) {
+      config.logger?.warn(
+        "nile.userId is not set. The call will still work for the API, but the database context is not set properly and may lead to unexpected behavior in your application."
+      );
+    } else if (!isUUID(config.userId)) {
+      config.logger?.warn(
+        "nile.userId is not a valid UUID. This may lead to unexpected behavior in your application."
+      );
     }
-    const newOne = new NileInstance_default(new Config(config), id);
-    this.connections.set(id, newOne);
-    info(`created new ${id}`);
-    info(`# of instances: ${this.connections.size}`);
-    if (this.cleared) {
-      this.cleared = false;
-    }
-    return newOne.pool;
-  };
-  clear = (config) => {
-    const { info } = Logger(config, "[DBManager]");
-    info(`Clearing all connections ${this.connections.size}`);
-    this.cleared = true;
-    this.connections.forEach((connection) => {
-      connection.shutdown();
-    });
-    this.connections.clear();
-  };
-};
-// src/api/utils/routes/makeRestUrl.ts
-var NILEDB_API_URL = process.env.NILEDB_API_URL;
-function filterNullUndefined(obj) {
-  if (!obj) {
-    return void 0;
   }
-  return Object.fromEntries(
-    Object.entries(obj).filter(
-      ([, value]) => value !== null && value !== void 0
-    )
-  );
+  const clientUrl = `${config.origin}${config.routePrefix}${"/users/{userId}/tenants" /* USER_TENANTS */.replace(
+    "{userId}",
+    config.userId ?? "WARN_NOT_SET"
+  )}`;
+  const req = new Request(clientUrl, { headers: config.headers });
+  return await config.handlers.GET(req);
 }
-function makeRestUrl(config, path, qp) {
-  const url = config.api.basePath || NILEDB_API_URL;
-  if (!url) {
-    throw new Error(
-      "An API url is required. Set it via NILEDB_API_URL. Was auto configuration run?"
-    );
+// src/api/routes/auth/signin.ts
+var key5 = "SIGNIN";
+async function route5(req, config) {
+  let url = proxyRoutes(config)[key5];
+  const init = {
+    method: req.method,
+    headers: req.headers
+  };
+  if (req.method === "POST") {
+    const [provider] = new URL(req.url).pathname.split("/").reverse();
+    url = `${proxyRoutes(config)[key5]}/${provider}`;
   }
-  const params = new URLSearchParams(
-    filterNullUndefined(qp)
-  );
-  const strParams = params.toString();
-  return `${[url, path.substring(1, path.length)].join("/")}${strParams ? `?${strParams}` : ""}`;
+  const passThroughUrl = new URL(req.url);
+  const params = new URLSearchParams(passThroughUrl.search);
+  url = `${url}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
+  const res = await request(url, { ...init, request: req }, config);
+  return res;
+}
+function matches5(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key5]);
+}
+async function fetchSignIn(config, provider, body) {
+  const clientUrl = `${config.origin}${config.routePrefix}${"/auth/signin" /* SIGNIN */}/${provider}`;
+  const req = new Request(clientUrl, {
+    method: "POST",
+    headers: config.headers,
+    body
+  });
+  return await config.handlers.POST(req);
 }
-// src/api/utils/routes/apiRoutes.ts
-var apiRoutes = (config) => ({
-  ME: makeRestUrl(config, "/me"),
-  USERS: (qp) => makeRestUrl(config, "/users", qp),
-  USER: (userId) => makeRestUrl(config, `/users/${userId}`),
-  TENANTS: makeRestUrl(config, "/tenants"),
-  TENANT: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}`),
-  SIGNUP: makeRestUrl(config, "/signup"),
-  TENANT_USERS: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/users`),
-  TENANT_USER: (tenantId, userId) => makeRestUrl(config, `/tenants/${tenantId}/users/${userId}`),
-  USER_TENANTS: (userId) => makeRestUrl(config, `/users/${userId}/tenants`)
-});
-// src/api/routes/me/index.ts
-var key = "ME";
-async function GET(url, init, config) {
-  const res = await request(url, init, config);
-  return res;
+// src/api/routes/auth/session.ts
+async function route6(req, config) {
+  return request(
+    proxyRoutes(config).SESSION,
+    {
+      method: req.method,
+      request: req
+    },
+    config
+  );
 }
-async function route(request2, config) {
-  const url = apiRoutes(config)[key];
-  switch (request2.method) {
-    case "GET":
-      return await GET(url, { request: request2 }, config);
-    default:
-      return new Response("method not allowed", { status: 405 });
-  }
+function matches6(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes.SESSION);
 }
-function matches(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key]);
+async function fetchSession(config) {
+  const clientUrl = `${config.origin}${config.routePrefix}${"/auth/session" /* SESSION */}`;
+  const req = new Request(clientUrl, {
+    method: "GET",
+    headers: config.headers
+  });
+  return await config.handlers.GET(req);
 }
-// src/utils/ResponseError.ts
-var ResponseError = class {
-  response;
-  constructor(body, init) {
-    this.response = new Response(body, init);
-  }
-};
+// src/api/routes/auth/providers.ts
+async function route7(req, config) {
+  return request(
+    proxyRoutes(config).PROVIDERS,
+    {
+      method: req.method,
+      request: req
+    },
+    config
+  );
+}
+function matches7(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes.PROVIDERS);
+}
+async function fetchProviders(config) {
+  const clientUrl = `${config.origin}${config.routePrefix}${"/auth/providers" /* PROVIDERS */}`;
+  const req = new Request(clientUrl, {
+    method: "GET",
+    headers: config.headers
+  });
+  return await config.handlers.GET(req);
+}
-// src/utils/fetch.ts
-function getTokenFromCookie(headers, cookieKey) {
-  const cookie = headers.get("cookie")?.split("; ");
-  const _cookies = {};
-  if (cookie) {
-    for (const parts of cookie) {
-      const cookieParts = parts.split("=");
-      const _cookie = cookieParts.slice(1).join("=");
-      const name = cookieParts[0];
-      _cookies[name] = _cookie;
-    }
-  }
-  if (cookie) {
-    for (const parts of cookie) {
-      const cookieParts = parts.split("=");
-      const _cookie = cookieParts.slice(1).join("=");
-      const name = cookieParts[0];
-      _cookies[name] = _cookie;
-    }
-  }
-  if (cookieKey) {
-    return _cookies[cookieKey];
-  }
-  return null;
+// src/api/routes/auth/csrf.ts
+async function route8(req, config) {
+  return request(
+    proxyRoutes(config).CSRF,
+    {
+      method: req.method,
+      request: req
+    },
+    config
+  );
 }
-function getTenantFromHttp(headers, config) {
-  const cookieTenant = getTokenFromCookie(headers, X_NILE_TENANT);
-  return cookieTenant ?? headers?.get(X_NILE_TENANT) ?? config?.tenantId;
+function matches8(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes.CSRF);
 }
-function getUserFromHttp(headers, config) {
-  const token = getTokenFromCookie(headers, config.api.cookieKey);
-  if (token) {
-    const jwt = jose.decodeJwt(token);
-    return jwt.sub;
-  }
-  return headers?.get(X_NILE_USER_ID) ?? config.userId;
-}
-function makeBasicHeaders(config, url, opts) {
-  const { warn, error } = Logger(config, "[headers]");
-  const headers = new Headers(opts?.headers);
-  const cookieKey = config.api?.cookieKey;
-  headers.set("content-type", "application/json; charset=utf-8");
-  const origin = headers.get(X_NILE_ORIGIN);
-  if (!origin) {
-    if (config.api.headers) {
-      const localOrigin = config.api.headers.get(X_NILE_ORIGIN);
-      if (localOrigin) {
-        headers.set(X_NILE_ORIGIN, localOrigin);
-      }
-    }
-  }
-  const cookie = headers.get("cookie");
-  if (!cookie) {
-    if (config.api.headers) {
-      const configCookie = config.api.headers.get("cookie");
-      if (configCookie) {
-        headers.set("cookie", configCookie);
-      }
-    } else {
-      if (!url.endsWith("/users")) {
-        error(
-          "Missing cookie header from request. Call nile.api.setContext(request) before making additional calls."
-        );
-      }
-    }
-  }
-  const authHeader = headers.get("Authorization");
-  if (!authHeader) {
-    const token = getTokenFromCookie(headers, cookieKey);
-    if (token) {
-      headers.set("Authorization", `Bearer ${token}`);
-    } else if (getToken({ config })) {
-      headers.set("Authorization", `Bearer ${getToken({ config })}`);
-    }
-  }
-  if (config && config.api.secureCookies != null) {
-    headers.set(X_NILE_SECURECOOKIES, String(config.api.secureCookies));
-  }
-  if (config && config.api.origin) {
-    headers.set(X_NILE_ORIGIN, config.api.origin);
-  } else {
-    warn(
-      "nile.origin missing from header, which defaults to secure cookies only."
-    );
-  }
-  return headers;
-}
-async function _fetch(config, path, opts) {
-  const { debug, error } = Logger(config, "[server]");
-  const url = `${config.api?.basePath}${path}`;
-  const headers = new Headers(opts?.headers);
-  const tenantId = getTenantFromHttp(headers, config);
-  const basicHeaders = makeBasicHeaders(config, url, opts);
-  updateTenantId(tenantId);
-  const userId = getUserFromHttp(headers, config);
-  updateUserId(userId);
-  if (url.includes("{tenantId}") && !tenantId) {
-    return new ResponseError("tenantId is not set for request", {
-      status: 400
-    });
-  }
-  const useableUrl = url.replace("{tenantId}", encodeURIComponent(String(tenantId))).replace("{userId}", encodeURIComponent(String(userId)));
-  debug(`[fetch] ${useableUrl}`);
+async function fetchCsrf(config) {
+  const clientUrl = `${config.origin}${config.routePrefix}${"/auth/csrf" /* CSRF */}`;
+  const req = new Request(clientUrl, {
+    method: "GET",
+    headers: config.headers
+  });
+  return await config.handlers.GET(req);
+}
+// src/api/routes/auth/callback.ts
+var key6 = "CALLBACK";
+async function route9(req, config) {
+  const { error } = Logger(
+    { ...config, debug: config.debug },
+    `[ROUTES][${key6}]`
+  );
+  const [provider] = new URL(req.url).pathname.split("/").reverse();
   try {
-    const response = await fetch(useableUrl, {
-      ...opts,
-      headers: basicHeaders
-    }).catch((e) => {
-      error("[fetch][response]", {
-        message: e.message,
-        stack: e.stack,
-        debug: "Is nile-auth running?",
-        cause: e.cause
-      });
-      return new Error(e);
+    const passThroughUrl = new URL(req.url);
+    const params = new URLSearchParams(passThroughUrl.search);
+    const url = `${proxyRoutes(config)[key6]}/${provider}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
+    const res = await request(
+      url,
+      {
+        request: req,
+        method: req.method
+      },
+      config
+    ).catch((e) => {
+      error("an error as occurred", e);
     });
-    if (response instanceof Error) {
-      return new ResponseError("Failed to connect to database", {
-        status: 400
+    const location = res?.headers.get("location");
+    if (location) {
+      return new Response(res?.body, {
+        status: 302,
+        headers: res?.headers
       });
     }
-    if (response && response.status >= 200 && response.status < 300) {
-      if (typeof response.clone === "function") {
-        try {
-          debug(
-            `[fetch][response][${opts?.method ?? "GET"}] ${response.status} ${useableUrl}`,
-            {
-              body: await response.clone().json()
-            }
-          );
-        } catch (e) {
-          debug(
-            `[fetch][response][${opts?.method ?? "GET"}] ${response.status} ${useableUrl}`,
-            {
-              body: await response.clone().text()
-            }
-          );
-        }
-      }
-      return response;
-    }
-    if (response?.status === 404) {
-      return new ResponseError("Not found", { status: 404 });
-    }
-    if (response?.status === 401) {
-      return new ResponseError("Unauthorized", { status: 401 });
-    }
-    if (response?.status === 405) {
-      return new ResponseError("Method not allowed", { status: 405 });
-    }
-    const errorHandler = typeof response?.clone === "function" ? response.clone() : null;
-    let msg = "";
-    const res = await response?.json().catch(async (e) => {
-      if (errorHandler) {
-        msg = await errorHandler.text();
-        if (msg) {
-          error(`[fetch][response][status: ${errorHandler.status}]`, {
-            message: msg
-          });
-        }
-        return e;
-      }
-      if (!msg) {
-        error("[fetch][response]", { e });
-      }
-      return e;
-    });
-    if (msg) {
-      return new ResponseError(msg, { status: errorHandler?.status });
-    }
-    if (res && "message" in res) {
-      const { message } = res;
-      error(`[fetch][response][status: ${errorHandler?.status}] ${message}`);
-      return new ResponseError(message, { status: 400 });
-    }
-    if (res && "errors" in res) {
-      const {
-        errors: [message]
-      } = res;
-      error(`[fetch][response] [status: ${errorHandler?.status}] ${message}`);
-      return new ResponseError(message, { status: 400 });
-    }
-    error(
-      `[fetch][response][status: ${errorHandler?.status}] UNHANDLED ERROR`,
-      {
-        response,
-        message: await response.text()
-      }
-    );
-    return new ResponseError(null, {
-      status: response?.status ?? 500
+    return new Response(res?.body, {
+      status: res?.status,
+      headers: res?.headers
     });
   } catch (e) {
-    return new ResponseError("an unexpected error has occurred", {
-      status: 500
-    });
+    error(e);
   }
+  return new Response("An unexpected error has occurred.", { status: 400 });
 }
-// src/api/routes/users/POST.ts
-async function POST(config, init) {
-  init.body = init.request.body;
-  init.method = "POST";
-  const yurl = new URL(init.request.url);
-  const tenantId = yurl.searchParams.get("tenantId");
-  const newTenantName = yurl.searchParams.get("newTenantName");
-  const tenant = tenantId ?? getTenantFromHttp(init.request.headers);
-  const url = apiRoutes(config).USERS({ tenantId: tenant, newTenantName });
-  return await request(url, init, config);
+function matches9(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes.CALLBACK);
 }
-// src/api/routes/users/GET.ts
-async function GET2(config, init, log) {
-  const yurl = new URL(init.request.url);
-  const tenantId = yurl.searchParams.get("tenantId");
-  const tenant = tenantId ?? getTenantFromHttp(init.request.headers);
-  if (!tenant) {
-    log("[GET] No tenant id provided.");
-    return new Response(null, { status: 404 });
-  }
-  const url = apiRoutes(config).TENANT_USERS(tenant);
-  init.method = "GET";
-  return await request(url, init, config);
+async function fetchCallback(config, provider, body) {
+  const clientUrl = `${config.origin}${config.routePrefix}${"/auth/callback" /* CALLBACK */}/${provider}`;
+  const req = new Request(clientUrl, {
+    method: "POST",
+    headers: config.headers,
+    body
+  });
+  return await config.handlers.POST(req);
 }
-// src/api/routes/users/[userId]/PUT.ts
-async function PUT(config, session, init) {
-  if (!session) {
-    return new Response(null, { status: 401 });
+// src/api/routes/auth/signout.ts
+var key7 = "SIGNOUT";
+async function route10(request2, config) {
+  let url = proxyRoutes(config)[key7];
+  const init = {
+    method: request2.method
+  };
+  if (request2.method === "POST") {
+    init.body = request2.body;
+    const [provider] = new URL(request2.url).pathname.split("/").reverse();
+    url = `${proxyRoutes(config)[key7]}${provider !== "signout" ? `/${provider}` : ""}`;
+  }
+  const res = await request(url, { ...init, request: request2 }, config);
+  return res;
+}
+function matches10(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key7]);
+}
+async function fetchSignOut(config, body) {
+  const clientUrl = `${config.origin}${config.routePrefix}${"/auth/signout" /* SIGNOUT */}`;
+  const req = new Request(clientUrl, {
+    method: "POST",
+    body,
+    headers: config.headers
+  });
+  return await config.handlers.POST(req);
+}
+// src/api/routes/auth/error.ts
+var key8 = "ERROR";
+async function route11(req, config) {
+  return request(
+    proxyRoutes(config)[key8],
+    {
+      method: req.method,
+      request: req
+    },
+    config
+  );
+}
+function matches11(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key8]);
+}
+// src/api/routes/auth/verify-request.ts
+var key9 = "VERIFY_REQUEST";
+async function route12(req, config) {
+  return request(
+    proxyRoutes(config)[key9],
+    {
+      method: req.method,
+      request: req
+    },
+    config
+  );
+}
+function matches12(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key9]);
+}
+// src/api/routes/auth/password-reset.ts
+var key10 = "PASSWORD_RESET";
+async function route13(req, config) {
+  const url = proxyRoutes(config)[key10];
+  const res = await request(
+    url,
+    {
+      method: req.method,
+      request: req
+    },
+    config
+  );
+  const location = res?.headers.get("location");
+  if (location) {
+    return new Response(res?.body, {
+      status: 302,
+      headers: res?.headers
+    });
   }
+  return new Response(res?.body, {
+    status: res?.status,
+    headers: res?.headers
+  });
+}
+function matches13(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes.PASSWORD_RESET);
+}
+// src/api/handlers/GET.ts
+function GETTER(configRoutes, config) {
+  const { info, warn } = Logger(config, "[GET MATCHER]");
+  return async function GET6(req) {
+    if (matches(configRoutes, req)) {
+      info("matches me");
+      return route(req, config);
+    }
+    if (matches3(configRoutes, req)) {
+      info("matches tenant users");
+      return route3(req, config);
+    }
+    if (matches2(configRoutes, req)) {
+      info("matches users");
+      return route2(req, config);
+    }
+    if (matches4(configRoutes, req)) {
+      info("matches tenants");
+      return route4(req, config);
+    }
+    if (matches6(configRoutes, req)) {
+      info("matches session");
+      return route6(req, config);
+    }
+    if (matches5(configRoutes, req)) {
+      info("matches signin");
+      return route5(req, config);
+    }
+    if (matches7(configRoutes, req)) {
+      info("matches providers");
+      return route7(req, config);
+    }
+    if (matches8(configRoutes, req)) {
+      info("matches csrf");
+      return route8(req, config);
+    }
+    if (matches13(configRoutes, req)) {
+      info("matches password reset");
+      return route13(req, config);
+    }
+    if (matches9(configRoutes, req)) {
+      info("matches callback");
+      return route9(req, config);
+    }
+    if (matches10(configRoutes, req)) {
+      info("matches signout");
+      return route10(req, config);
+    }
+    if (matches12(configRoutes, req)) {
+      info("matches verify-request");
+      return route12(req, config);
+    }
+    if (matches11(configRoutes, req)) {
+      info("matches error");
+      return route11(req, config);
+    }
+    warn(`No GET routes matched ${req.url}`);
+    return new Response(null, { status: 404 });
+  };
+}
+// src/api/routes/signup/POST.ts
+async function POST4(config, init) {
   init.body = init.request.body;
-  init.method = "PUT";
-  const [userId] = new URL(init.request.url).pathname.split("/").reverse();
-  const url = apiRoutes(config).USER(userId);
+  init.method = "POST";
+  const url = `${apiRoutes(config).SIGNUP}`;
   return await request(url, init, config);
 }
-// src/api/routes/users/index.ts
-var key2 = "USERS";
-async function route2(request2, config) {
-  const { info } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key2}]`
-  );
-  const session = await auth(request2, config);
+// src/api/routes/signup/index.tsx
+var key11 = "SIGNUP";
+async function route14(request2, config) {
   switch (request2.method) {
-    case "GET":
-      return await GET2(config, { request: request2 }, info);
     case "POST":
-      return await POST(config, { request: request2 });
-    case "PUT":
-      return await PUT(config, session, { request: request2 });
+      return await POST4(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
 }
-function matches2(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key2]);
+function matches14(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key11]);
 }
-// src/api/routes/tenants/[tenantId]/users/GET.ts
-async function GET3(config, init) {
-  const yurl = new URL(init.request.url);
-  const [, tenantId] = yurl.pathname.split("/").reverse();
-  const url = `${apiRoutes(config).TENANT_USERS(tenantId)}`;
-  return await request(url, init, config);
+async function fetchSignUp(config, payload) {
+  const { body, params } = payload ?? {};
+  const q = new URLSearchParams();
+  if (params?.newTenantName) {
+    q.set("newTenantName", params.newTenantName);
+  }
+  if (params?.tenantId) {
+    q.set("tenantId", params.tenantId);
+  }
+  const clientUrl = `${config.origin}${config.routePrefix}${"/signup" /* SIGNUP */}${q.size > 0 ? `?${q}` : ""}`;
+  const req = new Request(clientUrl, {
+    method: "POST",
+    headers: config.headers,
+    body
+  });
+  return await config.handlers.POST(req);
 }
-// src/api/routes/tenants/[tenantId]/users/POST.ts
-async function POST2(config, session, init) {
-  const yurl = new URL(init.request.url);
-  const [, tenantId] = yurl.pathname.split("/").reverse();
-  init.body = JSON.stringify({ email: session.email });
-  init.method = "PUT";
-  const url = apiRoutes(config).TENANT_USERS(tenantId);
-  return await request(url, init, config);
+// src/api/handlers/POST.ts
+function POSTER(configRoutes, config) {
+  const { info, warn, error } = Logger(config, "[POST MATCHER]");
+  return async function POST5(req) {
+    if (matchesLog(configRoutes, req)) {
+      if (req.body) {
+        try {
+          const text = await req.text();
+          error(text);
+          return new Response(null, {
+            status: 200
+          });
+        } catch (e) {
+        }
+      }
+    }
+    if (matches3(configRoutes, req)) {
+      info("matches tenant users");
+      return route3(req, config);
+    }
+    if (matches14(configRoutes, req)) {
+      info("matches signup");
+      return route14(req, config);
+    }
+    if (matches2(configRoutes, req)) {
+      info("matches users");
+      return route2(req, config);
+    }
+    if (matches4(configRoutes, req)) {
+      info("matches tenants");
+      return route4(req, config);
+    }
+    if (matches6(configRoutes, req)) {
+      info("matches session");
+      return route6(req, config);
+    }
+    if (matches5(configRoutes, req)) {
+      info("matches signin");
+      return route5(req, config);
+    }
+    if (matches13(configRoutes, req)) {
+      info("matches password reset");
+      return route13(req, config);
+    }
+    if (matches7(configRoutes, req)) {
+      info("matches providers");
+      return route7(req, config);
+    }
+    if (matches8(configRoutes, req)) {
+      info("matches csrf");
+      return route8(req, config);
+    }
+    if (matches9(configRoutes, req)) {
+      info("matches callback");
+      return route9(req, config);
+    }
+    if (matches10(configRoutes, req)) {
+      info("matches signout");
+      return route10(req, config);
+    }
+    warn(`No POST routes matched ${req.url}`);
+    return new Response(null, { status: 404 });
+  };
 }
 // src/api/routes/tenants/[tenantId]/users/[userId]/DELETE.ts
-async function DELETE(config, init) {
+async function DELETE3(config, init) {
   const yurl = new URL(init.request.url);
-  const [userId, _, tenantId] = yurl.pathname.split("/").reverse();
+  const [, userId, , tenantId] = yurl.pathname.split("/").reverse();
+  config.tenantId = tenantId;
+  config.userId = userId;
   init.method = "DELETE";
-  init.body = JSON.stringify({ email: userId });
-  const url = `${apiRoutes(config).TENANT_USER(tenantId, userId)}`;
+  const url = `${apiRoutes(config).TENANT_USER}/link`;
   return await request(url, init, config);
 }
-// src/api/routes/tenants/[tenantId]/users/PUT.ts
-async function PUT2(config, init) {
+// src/api/routes/tenants/[tenantId]/users/[userId]/PUT.ts
+async function PUT4(config, init) {
   const yurl = new URL(init.request.url);
-  const [, tenantId] = yurl.pathname.split("/").reverse();
+  const [, userId, , tenantId] = yurl.pathname.split("/").reverse();
+  config.tenantId = tenantId;
+  config.userId = userId;
   init.method = "PUT";
-  const url = `${apiRoutes(config).TENANT_USERS(tenantId)}`;
+  const url = `${apiRoutes(config).TENANT_USER}/link`;
   return await request(url, init, config);
 }
-// src/api/routes/tenants/[tenantId]/users/index.ts
-var key3 = "TENANT_USERS";
-async function route3(request2, config) {
+// src/api/routes/tenants/[tenantId]/users/[userId]/index.ts
+var key12 = "TENANT_USER";
+async function route15(request2, config) {
   const { info } = Logger(
     { ...config, debug: config.debug },
-    `[ROUTES][${key3}]`
+    `[ROUTES][${key12}]`
   );
   const session = await auth(request2, config);
   if (!session) {
@@ -1298,1140 +1135,1082 @@ async function route3(request2, config) {
     return new Response(null, { status: 401 });
   }
   const yurl = new URL(request2.url);
-  const [, tenantId] = yurl.pathname.split("/").reverse();
-  if (!tenantId) {
+  const [, userId] = yurl.pathname.split("/").reverse();
+  if (!userId) {
     info("No tenant id found in path");
     return new Response(null, { status: 404 });
   }
   switch (request2.method) {
-    case "GET":
-      return await GET3(config, { request: request2 });
-    case "POST":
-      return await POST2(config, session, { request: request2 });
     case "PUT":
-      return await PUT2(config, { request: request2 });
+      return await PUT4(config, { request: request2 });
     case "DELETE":
-      return await DELETE(config, { request: request2 });
+      return await DELETE3(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
 }
-function matches3(configRoutes, request2) {
+function matches15(configRoutes, request2) {
   const url = new URL(request2.url);
-  const [userId, possibleTenantId, tenantId] = url.pathname.split("/").reverse();
-  let route15 = configRoutes[key3].replace("{tenantId}", tenantId).replace("{userId}", userId);
+  const [, userId, possibleTenantId, tenantId] = url.pathname.split("/").reverse();
+  let route16 = configRoutes[key12].replace("{tenantId}", tenantId).replace("{userId}", userId);
   if (userId === "users") {
-    route15 = configRoutes[key3].replace("{tenantId}", possibleTenantId);
+    route16 = configRoutes[key12].replace("{tenantId}", possibleTenantId);
   }
-  return urlMatches(request2.url, route15);
+  return urlMatches(request2.url, route16);
 }
-// src/api/routes/tenants/GET.ts
-async function GET4(config, session, init) {
-  let url = `${apiRoutes(config).USER_TENANTS(session.id)}`;
-  if (typeof session === "object" && "user" in session && session.user) {
-    url = `${apiRoutes(config).USER_TENANTS(session.user.id)}`;
+async function fetchTenantUser(config, method) {
+  if (!config.tenantId) {
+    throw new Error(
+      "The tenantId context is missing. Call nile.setContext({ tenantId })"
+    );
   }
-  const res = await request(url, init, config);
-  return res;
-}
-// src/api/routes/tenants/[tenantId]/GET.ts
-async function GET5(config, init, log) {
-  const yurl = new URL(init.request.url);
-  const [tenantId] = yurl.pathname.split("/").reverse();
-  if (!tenantId) {
-    log("[GET] No tenant id provided.");
-    return new Response(null, { status: 404 });
+  if (!config.userId) {
+    throw new Error(
+      "the userId context is missing. Call nile.setContext({ userId })"
+    );
   }
-  init.method = "GET";
-  const url = `${apiRoutes(config).TENANT(tenantId)}`;
-  return await request(url, init, config);
+  const clientUrl = `${config.origin}${config.routePrefix}${"/tenants/{tenantId}/users/{userId}" /* TENANT_USER */.replace(
+    "{tenantId}",
+    config.tenantId
+  ).replace("{userId}", config.userId)}/link`;
+  const req = new Request(clientUrl, {
+    headers: config.headers,
+    method
+  });
+  return await config.handlers[method](req);
 }
-// src/api/routes/tenants/[tenantId]/DELETE.ts
-async function DELETE2(config, init) {
-  const yurl = new URL(init.request.url);
-  const [tenantId] = yurl.pathname.split("/").reverse();
-  if (!tenantId) {
+// src/api/handlers/DELETE.ts
+function DELETER(configRoutes, config) {
+  const { info, warn } = Logger(config, "[DELETE MATCHER]");
+  return async function DELETE4(req) {
+    if (matches15(configRoutes, req)) {
+      info("matches tenant user");
+      return route15(req, config);
+    }
+    if (matches3(configRoutes, req)) {
+      info("matches tenant users");
+      return route3(req, config);
+    }
+    if (matches4(configRoutes, req)) {
+      info("matches tenants");
+      return route4(req, config);
+    }
+    if (matches(configRoutes, req)) {
+      info("matches me");
+      return route(req, config);
+    }
+    warn("No DELETE routes matched");
     return new Response(null, { status: 404 });
-  }
-  init.method = "DELETE";
-  const url = `${apiRoutes(config).TENANT(tenantId)}`;
-  return await request(url, init, config);
+  };
 }
-// src/api/routes/tenants/[tenantId]/PUT.ts
-async function PUT3(config, init) {
-  const yurl = new URL(init.request.url);
-  const [tenantId] = yurl.pathname.split("/").reverse();
-  if (!tenantId) {
+// src/api/handlers/PUT.ts
+function PUTER(configRoutes, config) {
+  const { info, warn } = Logger(config, "[PUT MATCHER]");
+  return async function PUT5(req) {
+    if (matches15(configRoutes, req)) {
+      info("matches tenant user");
+      return route15(req, config);
+    }
+    if (matches3(configRoutes, req)) {
+      info("matches tenant users");
+      return route3(req, config);
+    }
+    if (matches2(configRoutes, req)) {
+      info("matches users");
+      return route2(req, config);
+    }
+    if (matches(configRoutes, req)) {
+      info("matches me");
+      return route(req, config);
+    }
+    if (matches4(configRoutes, req)) {
+      info("matches tenants");
+      return route4(req, config);
+    }
+    if (matches13(configRoutes, req)) {
+      info("matches reset password");
+      return route13(req, config);
+    }
+    warn("No PUT routes matched");
     return new Response(null, { status: 404 });
-  }
-  init.body = init.request.body;
-  init.method = "PUT";
-  const url = `${apiRoutes(config).TENANT(tenantId)}`;
-  return await request(url, init, config);
+  };
 }
-// src/api/routes/tenants/POST.ts
-async function POST3(config, init) {
-  init.body = init.request.body;
-  init.method = "POST";
-  const url = `${apiRoutes(config).TENANTS}`;
-  return await request(url, init, config);
+// src/api/handlers/index.ts
+function Handlers(configRoutes, config) {
+  const GET6 = GETTER(configRoutes, config);
+  const POST5 = POSTER(configRoutes, config);
+  const DELETE4 = DELETER(configRoutes, config);
+  const PUT5 = PUTER(configRoutes, config);
+  return {
+    GET: GET6,
+    POST: POST5,
+    DELETE: DELETE4,
+    PUT: PUT5
+  };
 }
-// src/api/routes/tenants/index.ts
-function isUUID(value) {
-  if (!value) {
-    return false;
+var getApiUrl = (cfg) => {
+  const { config } = cfg;
+  if (config?.apiUrl != null) {
+    return config?.apiUrl;
   }
-  const regex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5|7][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/;
-  return regex.test(value);
-}
-var key4 = "TENANTS";
-async function route4(request2, config) {
-  const { info } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key4}]`
+  if (stringCheck(process.env.NILEDB_API_URL)) {
+    return process.env.NILEDB_API_URL;
+  }
+  throw new Error(
+    "A connection to nile-auth is required. Set NILEDB_API_URL as an environment variable."
   );
-  const session = await auth(request2, config);
-  if (!session) {
-    info("401");
-    return new Response(null, { status: 401 });
+};
+var getCallbackUrl = (cfg) => {
+  const { config } = cfg;
+  if (stringCheck(config?.callbackUrl)) {
+    return config?.callbackUrl;
   }
-  const [possibleTenantId] = request2.url.split("/").reverse();
-  switch (request2.method) {
-    case "GET":
-      if (isUUID(possibleTenantId)) {
-        return await GET5(config, { request: request2 }, info);
-      }
-      return await GET4(config, session, { request: request2 });
-    case "POST":
-      return await POST3(config, { request: request2 });
-    case "DELETE":
-      return await DELETE2(config, { request: request2 });
-    case "PUT":
-      return await PUT3(config, { request: request2 });
-    default:
-      return new Response("method not allowed", { status: 405 });
+  return process.env.NILEDB_CALLBACK_URL;
+};
+var getSecureCookies = (cfg) => {
+  const { config } = cfg;
+  if (config?.secureCookies != null) {
+    return config?.secureCookies;
   }
-}
-function matches4(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key4]);
-}
-// src/api/utils/routes/proxyRoutes.ts
-var proxyRoutes = (config) => ({
-  SIGNIN: makeRestUrl(config, "/auth/signin"),
-  PROVIDERS: makeRestUrl(config, "/auth/providers"),
-  SESSION: makeRestUrl(config, "/auth/session"),
-  CSRF: makeRestUrl(config, "/auth/csrf"),
-  CALLBACK: makeRestUrl(config, "/auth/callback"),
-  SIGNOUT: makeRestUrl(config, "/auth/signout"),
-  ERROR: makeRestUrl(config, "/auth/error"),
-  VERIFY_REQUEST: makeRestUrl(config, "/auth/verify-request"),
-  PASSWORD_RESET: makeRestUrl(config, "/auth/reset-password")
-});
-// src/api/routes/auth/signin.ts
-var key5 = "SIGNIN";
-async function route5(req, config) {
-  let url = proxyRoutes(config)[key5];
-  const init = {
-    method: req.method,
-    headers: req.headers
-  };
-  if (req.method === "POST") {
-    const [provider] = new URL(req.url).pathname.split("/").reverse();
-    url = `${proxyRoutes(config)[key5]}/${provider}`;
+  if (stringCheck(process.env.NILEDB_SECURECOOKIES)) {
+    return Boolean(process.env.NILEDB_SECURECOOKIES);
   }
-  const passThroughUrl = new URL(req.url);
-  const params = new URLSearchParams(passThroughUrl.search);
-  url = `${url}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
-  const res = await request(url, { ...init, request: req }, config);
-  return res;
-}
-function matches5(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key5]);
-}
-// src/api/routes/auth/session.ts
-async function route6(req, config) {
-  return request(
-    proxyRoutes(config).SESSION,
-    {
-      method: req.method,
-      request: req
-    },
-    config
+  return void 0;
+};
+var getUsername = (cfg) => {
+  const { config, logger } = cfg;
+  const { info } = Logger(config, "[username]");
+  if (config?.user) {
+    logger && info(`${logger}[config] ${config.user}`);
+    return String(config?.user);
+  }
+  const user = stringCheck(process.env.NILEDB_USER);
+  if (user) {
+    logger && info(`${logger}[NILEDB_USER] ${user}`);
+    return user;
+  }
+  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
+  if (pg2) {
+    try {
+      const url = new URL(pg2);
+      if (url.username) {
+        return url.username;
+      }
+    } catch (e) {
+    }
+  }
+  throw new Error(
+    "A database user is required. Set NILEDB_USER as an environment variable."
   );
-}
-function matches6(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes.SESSION);
-}
-// src/api/routes/auth/providers.ts
-async function route7(req, config) {
-  return request(
-    proxyRoutes(config).PROVIDERS,
-    {
-      method: req.method,
-      request: req
-    },
-    config
+};
+var getPassword = (cfg) => {
+  const { config, logger } = cfg;
+  const log = logProtector(logger);
+  const { info } = Logger(config, "[password]");
+  if (stringCheck(config?.password)) {
+    log && info(`${logger}[config] ***`);
+    return String(config?.password);
+  }
+  const pass = stringCheck(process.env.NILEDB_PASSWORD);
+  if (pass) {
+    logger && info(`${logger}[NILEDB_PASSWORD] ***`);
+    return pass;
+  }
+  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
+  if (pg2) {
+    try {
+      const url = new URL(pg2);
+      if (url.password) {
+        return url.password;
+      }
+    } catch (e) {
+    }
+  }
+  throw new Error(
+    "A database password is required. Set NILEDB_PASSWORD as an environment variable."
   );
-}
-function matches7(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes.PROVIDERS);
-}
-// src/api/routes/auth/csrf.ts
-async function route8(req, config) {
-  return request(
-    proxyRoutes(config).CSRF,
-    {
-      method: req.method,
-      request: req
-    },
-    config
-  );
-}
-function matches8(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes.CSRF);
-}
-// src/api/routes/auth/callback.ts
-var key6 = "CALLBACK";
-async function route9(req, config) {
-  const { error } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key6}]`
+};
+var getDatabaseName = (cfg) => {
+  const { config, logger } = cfg;
+  const { info } = Logger(config, "[databaseName]");
+  if (stringCheck(config?.databaseName)) {
+    logger && info(`${logger}[config] ${config?.databaseName}`);
+    return String(config?.databaseName);
+  }
+  const name = stringCheck(process.env.NILEDB_NAME);
+  if (name) {
+    logger && info(`${logger}[NILEDB_NAME] ${name}`);
+    return name;
+  }
+  if (process.env.NILEDB_POSTGRES_URL) {
+    try {
+      const pgUrl = new URL(process.env.NILEDB_POSTGRES_URL);
+      return pgUrl.pathname.substring(1);
+    } catch (e) {
+    }
+  }
+  throw new Error(
+    "A database name is required. Set NILEDB_PASSWORD as an environment variable."
   );
-  const [provider] = new URL(req.url).pathname.split("/").reverse();
-  try {
-    const passThroughUrl = new URL(req.url);
-    const params = new URLSearchParams(passThroughUrl.search);
-    const url = `${proxyRoutes(config)[key6]}/${provider}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
-    const res = await request(
-      url,
-      {
-        request: req,
-        method: req.method
-      },
-      config
-    ).catch((e) => {
-      error("an error as occurred", e);
-    });
-    const location = res?.headers.get("location");
-    if (location) {
-      return new Response(res?.body, {
-        status: 302,
-        headers: res?.headers
-      });
+};
+var getTenantId = (cfg) => {
+  const { config, logger } = cfg;
+  const { info } = Logger(config, "[tenantId]");
+  if (stringCheck(config?.tenantId)) {
+    logger && info(`${logger}[config] ${config?.tenantId}`);
+    return String(config?.tenantId);
+  }
+  if (stringCheck(process.env.NILEDB_TENANT)) {
+    logger && info(`${logger}[NILEDB_TENANT] ${process.env.NILEDB_TENANT}`);
+    return String(process.env.NILEDB_TENANT);
+  }
+  return null;
+};
+function getDbHost(cfg) {
+  const { config, logger } = cfg;
+  const { info } = Logger(config, "[db.host]");
+  if (stringCheck(config?.db && config.db.host)) {
+    logger && info(`${logger}[config] ${config?.db?.host}`);
+    return String(config?.db?.host);
+  }
+  if (stringCheck(process.env.NILEDB_HOST)) {
+    logger && info(`${logger}[NILEDB_HOST] ${process.env.NILEDB_HOST}`);
+    return process.env.NILEDB_HOST;
+  }
+  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
+  if (pg2) {
+    try {
+      const pgUrl = new URL(pg2);
+      logger && info(`${logger}[NILEDB_POSTGRES_URL] ${pgUrl.hostname}`);
+      return pgUrl.hostname;
+    } catch (e) {
     }
-    return new Response(res?.body, {
-      status: res?.status,
-      headers: res?.headers
-    });
-  } catch (e) {
-    error(e);
   }
-  return new Response("An unexpected error has occurred.", { status: 400 });
-}
-function matches9(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes.CALLBACK);
+  logger && info(`${logger}[default] db.thenile.dev`);
+  return "db.thenile.dev";
 }
-// src/api/routes/auth/signout.ts
-var key7 = "SIGNOUT";
-async function route10(request2, config) {
-  let url = proxyRoutes(config)[key7];
-  const init = {
-    method: request2.method
-  };
-  if (request2.method === "POST") {
-    init.body = request2.body;
-    const [provider] = new URL(request2.url).pathname.split("/").reverse();
-    url = `${proxyRoutes(config)[key7]}${provider !== "signout" ? `/${provider}` : ""}`;
+function getDbPort(cfg) {
+  const { config, logger } = cfg;
+  const { info } = Logger(config, "[db.port]");
+  if (config?.db?.port && config.db.port != null) {
+    logger && info(`${logger}[config] ${config?.db.port}`);
+    return Number(config.db?.port);
   }
-  const res = await request(url, { ...init, request: request2 }, config);
-  return res;
-}
-function matches10(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key7]);
-}
-// src/api/routes/auth/error.ts
-var key8 = "ERROR";
-async function route11(req, config) {
-  return request(
-    proxyRoutes(config)[key8],
-    {
-      method: req.method,
-      request: req
-    },
-    config
-  );
-}
-function matches11(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key8]);
-}
-// src/api/routes/auth/verify-request.ts
-var key9 = "VERIFY_REQUEST";
-async function route12(req, config) {
-  return request(
-    proxyRoutes(config)[key9],
-    {
-      method: req.method,
-      request: req
-    },
-    config
-  );
-}
-function matches12(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key9]);
-}
-// src/api/routes/auth/password-reset.ts
-var key10 = "PASSWORD_RESET";
-async function route13(req, config) {
-  const url = proxyRoutes(config)[key10];
-  const res = await request(
-    url,
-    {
-      method: req.method,
-      request: req
-    },
-    config
-  );
-  const location = res?.headers.get("location");
-  if (location) {
-    return new Response(res?.body, {
-      status: 302,
-      headers: res?.headers
-    });
+  if (stringCheck(process.env.NILEDB_PORT)) {
+    logger && info(`${logger}[NILEDB_PORT] ${process.env.NILEDB_PORT}`);
+    return Number(process.env.NILEDB_PORT);
   }
-  return new Response(res?.body, {
-    status: res?.status,
-    headers: res?.headers
-  });
-}
-function matches13(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes.PASSWORD_RESET);
+  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
+  if (pg2) {
+    try {
+      const pgUrl = new URL(pg2);
+      if (pgUrl.port) {
+        return Number(pgUrl.port);
+      }
+    } catch (e) {
+    }
+  }
+  logger && info(`${logger}[default] 5432`);
+  return 5432;
 }
+var logProtector = (logger) => {
+  return process.env.NODE_ENV === "development" || process.env.NODE_ENV === "test" ? logger : null;
+};
+var stringCheck = (str) => {
+  if (str && str !== "") {
+    return str;
+  }
+  return;
+};
-// src/api/handlers/GET.ts
-function GETTER(configRoutes, config) {
-  const { info, warn } = Logger(config, "[GET MATCHER]");
-  return async function GET6(req) {
-    if (matches(configRoutes, req)) {
-      info("matches me");
-      return route(req, config);
-    }
-    if (matches3(configRoutes, req)) {
-      info("matches tenant users");
-      return route3(req, config);
-    }
-    if (matches2(configRoutes, req)) {
-      info("matches users");
-      return route2(req, config);
-    }
-    if (matches4(configRoutes, req)) {
-      info("matches tenants");
-      return route4(req, config);
-    }
-    if (matches6(configRoutes, req)) {
-      info("matches session");
-      return route6(req, config);
-    }
-    if (matches5(configRoutes, req)) {
-      info("matches signin");
-      return route5(req, config);
-    }
-    if (matches7(configRoutes, req)) {
-      info("matches providers");
-      return route7(req, config);
-    }
-    if (matches8(configRoutes, req)) {
-      info("matches csrf");
-      return route8(req, config);
-    }
-    if (matches13(configRoutes, req)) {
-      info("matches password reset");
-      return route13(req, config);
-    }
-    if (matches9(configRoutes, req)) {
-      info("matches callback");
-      return route9(req, config);
-    }
-    if (matches10(configRoutes, req)) {
-      info("matches signout");
-      return route10(req, config);
-    }
-    if (matches12(configRoutes, req)) {
-      info("matches verify-request");
-      return route12(req, config);
+// src/utils/Config/index.ts
+var Config = class {
+  routes;
+  // handlersWithContext;
+  handlers;
+  paths;
+  logger;
+  /**
+   * Stores the set tenant id from Server for use in sub classes
+   */
+  tenantId;
+  /**
+   * Stores the set user id from Server for use in sub classes
+   */
+  userId;
+  /**
+   * Stores the headers to be used in `fetch` calls
+   */
+  headers;
+  /**
+   * The nile-auth url
+   */
+  apiUrl;
+  origin;
+  debug;
+  /**
+   * To use secure cookies or not in the fetch
+   */
+  secureCookies;
+  callbackUrl;
+  /**
+   * change the starting route
+   */
+  routePrefix;
+  db;
+  // api: ApiConfig;
+  constructor(config, logger) {
+    const envVarConfig = { config, logger };
+    this.routePrefix = config?.routePrefix ?? "/api";
+    this.secureCookies = getSecureCookies(envVarConfig);
+    this.callbackUrl = getCallbackUrl(envVarConfig);
+    this.debug = config?.debug;
+    this.origin = config?.origin ?? "http://localhost:3000";
+    this.apiUrl = getApiUrl(envVarConfig);
+    const user = getUsername(envVarConfig);
+    const password = getPassword(envVarConfig);
+    const databaseName = getDatabaseName(envVarConfig);
+    const { host, port, ...dbConfig } = config?.db ?? {};
+    const configuredHost = host ?? getDbHost(envVarConfig);
+    const configuredPort = port ?? getDbPort(envVarConfig);
+    this.db = {
+      user,
+      password,
+      host: configuredHost,
+      port: configuredPort,
+      ...dbConfig
+    };
+    if (databaseName) {
+      this.db.database = databaseName;
     }
-    if (matches11(configRoutes, req)) {
-      info("matches error");
-      return route11(req, config);
+    if (config?.headers) {
+      this.headers = config?.headers;
+    } else {
+      this.headers = new Headers();
     }
-    warn("No GET routes matched");
-    return new Response(null, { status: 404 });
-  };
-}
-// src/api/routes/signup/POST.ts
-async function POST4(config, init) {
-  init.body = init.request.body;
-  init.method = "POST";
-  const url = `${apiRoutes(config).SIGNUP}`;
-  return await request(url, init, config);
-}
-// src/api/routes/signup/index.tsx
-var key11 = "SIGNUP";
-async function route14(request2, config) {
-  switch (request2.method) {
-    case "POST":
-      return await POST4(config, { request: request2 });
-    default:
-      return new Response("method not allowed", { status: 405 });
+    this.routes = {
+      ...appRoutes(config?.routePrefix),
+      ...config?.routes
+    };
+    this.handlers = Handlers(this.routes, this);
+    this.paths = {
+      get: [
+        this.routes.ME,
+        this.routes.TENANT_USERS,
+        this.routes.TENANTS,
+        this.routes.TENANT,
+        this.routes.SESSION,
+        this.routes.SIGNIN,
+        this.routes.PROVIDERS,
+        this.routes.CSRF,
+        this.routes.PASSWORD_RESET,
+        this.routes.CALLBACK,
+        this.routes.SIGNOUT,
+        this.routes.VERIFY_REQUEST,
+        this.routes.ERROR
+      ],
+      post: [
+        this.routes.TENANT_USERS,
+        this.routes.SIGNUP,
+        this.routes.USERS,
+        this.routes.TENANTS,
+        this.routes.SESSION,
+        `${this.routes.SIGNIN}/{provider}`,
+        this.routes.PASSWORD_RESET,
+        this.routes.PROVIDERS,
+        this.routes.CSRF,
+        `${this.routes.CALLBACK}/{provider}`,
+        this.routes.SIGNOUT
+      ],
+      put: [
+        this.routes.TENANT_USERS,
+        this.routes.USERS,
+        this.routes.TENANT,
+        this.routes.PASSWORD_RESET
+      ],
+      delete: [this.routes.TENANT_USER, this.routes.TENANT]
+    };
+    this.tenantId = config?.tenantId;
+    this.userId = config?.userId;
+    this.logger = config?.logger;
   }
-}
-function matches14(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key11]);
-}
+};
-// src/api/handlers/POST.ts
-function POSTER(configRoutes, config) {
-  const { info, warn, error } = Logger(config, "[POST MATCHER]");
-  return async function POST5(req) {
-    if (matchesLog(configRoutes, req)) {
-      if (req.body) {
-        try {
-          const text = await req.text();
-          error(text);
-          return new Response(null, {
-            status: 200
-          });
-        } catch (e) {
+// src/db/PoolProxy.ts
+function createProxyForPool(pool, config) {
+  const { info, error } = Logger(config, "[pool]");
+  return new Proxy(pool, {
+    get(target, property) {
+      if (property === "query") {
+        if (!config.db.connectionString) {
+          if (!config.db.user || !config.db.password) {
+            error(
+              "Cannot connect to the database. User and/or password are missing. Generate them at https://console.thenile.dev"
+            );
+          } else if (!config.db.database) {
+            error(
+              "Unable to obtain database name. Is process.env.NILEDB_POSTGRES_URL set?"
+            );
+          }
         }
+        const caller = target[property];
+        return function query(...args) {
+          info("query", ...args);
+          const called = caller.apply(this, args);
+          return called;
+        };
       }
+      return target[property];
     }
-    if (matches3(configRoutes, req)) {
-      info("matches tenant users");
-      return route3(req, config);
-    }
-    if (matches14(configRoutes, req)) {
-      info("matches signup");
-      return route14(req, config);
-    }
-    if (matches2(configRoutes, req)) {
-      info("matches users");
-      return route2(req, config);
-    }
-    if (matches4(configRoutes, req)) {
-      info("matches tenants");
-      return route4(req, config);
-    }
-    if (matches6(configRoutes, req)) {
-      info("matches session");
-      return route6(req, config);
-    }
-    if (matches5(configRoutes, req)) {
-      info("matches signin");
-      return route5(req, config);
-    }
-    if (matches13(configRoutes, req)) {
-      info("matches password reset");
-      return route13(req, config);
-    }
-    if (matches7(configRoutes, req)) {
-      info("matches providers");
-      return route7(req, config);
-    }
-    if (matches8(configRoutes, req)) {
-      info("matches csrf");
-      return route8(req, config);
-    }
-    if (matches9(configRoutes, req)) {
-      info("matches callback");
-      return route9(req, config);
-    }
-    if (matches10(configRoutes, req)) {
-      info("matches signout");
-      return route10(req, config);
-    }
-    warn("No POST routes matched");
-    return new Response(null, { status: 404 });
-  };
+  });
 }
-// src/api/handlers/DELETE.ts
-function DELETER(configRoutes, config) {
-  const { info, warn } = Logger(config, "[DELETE MATCHER]");
-  return async function DELETE3(req) {
-    if (matches3(configRoutes, req)) {
-      info("matches tenant users");
-      return route3(req, config);
+// src/db/NileInstance.ts
+var NileDatabase = class {
+  pool;
+  tenantId;
+  userId;
+  id;
+  config;
+  timer;
+  constructor(config, id) {
+    const { warn, info, debug } = Logger(config, "[NileInstance]");
+    this.id = id;
+    const poolConfig = {
+      min: 0,
+      max: 10,
+      idleTimeoutMillis: 3e4,
+      ...config.db
+    };
+    const { afterCreate, ...remaining } = poolConfig;
+    config.db = poolConfig;
+    this.config = config;
+    const cloned = { ...this.config.db };
+    cloned.password = "***";
+    debug(`Connection pool config ${JSON.stringify(cloned)}`);
+    this.pool = createProxyForPool(new pg__default.default.Pool(remaining), this.config);
+    if (typeof afterCreate === "function") {
+      warn(
+        "Providing an pool configuration will stop automatic tenant context setting."
+      );
     }
-    if (matches4(configRoutes, req)) {
-      info("matches tenants");
-      return route4(req, config);
+    this.startTimeout();
+    this.pool.on("connect", async (client) => {
+      debug(`pool connected ${this.id}`);
+      this.startTimeout();
+      const afterCreate2 = makeAfterCreate(
+        config,
+        `${this.id}-${this.timer}`
+      );
+      afterCreate2(client, (err) => {
+        const { error } = Logger(config, "[after create callback]");
+        if (err) {
+          clearTimeout(this.timer);
+          error("after create failed", {
+            message: err.message,
+            stack: err.stack
+          });
+          evictPool(this.id);
+        }
+      });
+    });
+    this.pool.on("error", (err) => {
+      clearTimeout(this.timer);
+      info(`pool ${this.id} failed`, {
+        message: err.message,
+        stack: err.stack
+      });
+      evictPool(this.id);
+    });
+    this.pool.on("release", (destroy) => {
+      if (destroy) {
+        clearTimeout(this.timer);
+        evictPool(this.id);
+        debug(`destroying pool ${this.id}`);
+      }
+    });
+  }
+  startTimeout() {
+    const { debug } = Logger(this.config, "[NileInstance]");
+    if (this.timer) {
+      clearTimeout(this.timer);
+    }
+    this.timer = setTimeout(() => {
+      debug(
+        `Pool reached idleTimeoutMillis. ${this.id} evicted after ${Number(this.config.db.idleTimeoutMillis) ?? 3e4}ms`
+      );
+      this.pool.end(() => {
+        clearTimeout(this.timer);
+        evictPool(this.id);
+      });
+    }, Number(this.config.db.idleTimeoutMillis) ?? 3e4);
+  }
+  shutdown() {
+    const { debug } = Logger(this.config, "[NileInstance]");
+    debug(`attempting to shut down ${this.id}`);
+    clearTimeout(this.timer);
+    this.pool.end(() => {
+      debug(`${this.id} has been shut down`);
+    });
+  }
+};
+var NileInstance_default = NileDatabase;
+function makeAfterCreate(config, id) {
+  const { error, warn, debug } = Logger(config, "[afterCreate]");
+  return (conn, done) => {
+    conn.on("error", function errorHandler(e) {
+      error(`Connection ${id} was terminated by server`, {
+        message: e.message,
+        stack: e.stack
+      });
+      done(e, conn);
+    });
+    if (config.tenantId) {
+      const query = [`SET nile.tenant_id = '${config.tenantId}'`];
+      if (config.userId) {
+        if (!config.tenantId) {
+          warn("A user id cannot be set in context without a tenant id");
+        }
+        query.push(`SET nile.user_id = '${config.userId}'`);
+      }
+      conn.query(query.join(";"), function(err) {
+        if (err) {
+          error("query connection failed", {
+            cause: err.cause,
+            stack: err.stack,
+            message: err.message,
+            name: err.name,
+            id
+          });
+        } else {
+          if (query.length === 1) {
+            debug(`connection context set: tenantId=${config.tenantId}`);
+          }
+          if (query.length === 2) {
+            debug(
+              `connection context set: tenantId=${config.tenantId} userId=${config.userId}`
+            );
+          }
+        }
+        done(err, conn);
+      });
     }
-    warn("No DELETE routes matched");
-    return new Response(null, { status: 404 });
+    done(null, conn);
   };
 }
-// src/api/handlers/PUT.ts
-function PUTER(configRoutes, config) {
-  const { info, warn } = Logger(config, "[PUT MATCHER]");
-  return async function PUT4(req) {
-    if (matches3(configRoutes, req)) {
-      info("matches tenant users");
-      return route3(req, config);
+// src/db/DBManager.ts
+var DBManager = class {
+  connections;
+  cleared;
+  poolWatcherFn;
+  makeId(tenantId, userId) {
+    if (tenantId && userId) {
+      return `${tenantId}:${userId}`;
     }
-    if (matches2(configRoutes, req)) {
-      info("matches users");
-      return route2(req, config);
+    if (tenantId) {
+      return `${tenantId}`;
     }
-    if (matches4(configRoutes, req)) {
-      info("matches tenants");
-      return route4(req, config);
+    return "base";
+  }
+  constructor(config) {
+    this.cleared = false;
+    this.connections = /* @__PURE__ */ new Map();
+    this.poolWatcherFn = this.poolWatcher(config);
+    watchEvictPool(this.poolWatcherFn);
+  }
+  poolWatcher = (config) => (id) => {
+    const { info, warn } = Logger(config, "[DBManager]");
+    if (id && this.connections.has(id)) {
+      info(`Removing ${id} from db connection pool.`);
+      const connection = this.connections.get(id);
+      connection?.shutdown();
+      this.connections.delete(id);
+    } else {
+      warn(`missed eviction of ${id}`);
     }
-    if (matches13(configRoutes, req)) {
-      info("matches reset password");
-      return route13(req, config);
+  };
+  getConnection = (config) => {
+    const { info } = Logger(config, "[DBManager]");
+    const id = this.makeId(config.tenantId, config.userId);
+    const existing = this.connections.get(id);
+    info(`# of instances: ${this.connections.size}`);
+    if (existing) {
+      info(`returning existing ${id}`);
+      existing.startTimeout();
+      return existing.pool;
     }
-    warn("No PUT routes matched");
-    return new Response(null, { status: 404 });
+    const newOne = new NileInstance_default(new Config(config), id);
+    this.connections.set(id, newOne);
+    info(`created new ${id}`);
+    info(`# of instances: ${this.connections.size}`);
+    if (this.cleared) {
+      this.cleared = false;
+    }
+    return newOne.pool;
   };
-}
-// src/api/handlers/index.ts
-function Handlers(configRoutes, config) {
-  const GET6 = GETTER(configRoutes, config);
-  const POST5 = POSTER(configRoutes, config);
-  const DELETE3 = DELETER(configRoutes, config);
-  const PUT4 = PUTER(configRoutes, config);
-  return {
-    GET: GET6,
-    POST: POST5,
-    DELETE: DELETE3,
-    PUT: PUT4
+  clear = (config) => {
+    const { info } = Logger(config, "[DBManager]");
+    info(`Clearing all connections ${this.connections.size}`);
+    this.cleared = true;
+    this.connections.forEach((connection) => {
+      connection.shutdown();
+    });
+    this.connections.clear();
   };
-}
+};
-// src/api/utils/routes/defaultRoutes.ts
-var appRoutes = (prefix = "/api") => ({
-  SIGNIN: `${prefix}/auth/signin`,
-  PROVIDERS: `${prefix}/auth/providers`,
-  SESSION: `${prefix}/auth/session`,
-  CSRF: `${prefix}/auth/csrf`,
-  CALLBACK: `${prefix}/auth/callback`,
-  SIGNOUT: `${prefix}/auth/signout`,
-  ERROR: `${prefix}/auth/error`,
-  VERIFY_REQUEST: `${prefix}/auth/verify-request`,
-  PASSWORD_RESET: `${prefix}/auth/reset-password`,
-  ME: `${prefix}/me`,
-  USERS: `${prefix}/users`,
-  TENANTS: `${prefix}/tenants`,
-  TENANT: `${prefix}/tenants/{tenantId}`,
-  TENANT_USER: `${prefix}/tenants/{tenantId}/users/{userId}`,
-  TENANT_USERS: `${prefix}/tenants/{tenantId}/users`,
-  SIGNUP: `${prefix}/signup`,
-  LOG: `${prefix}/_log`
-});
+// src/users/index.ts
+var Users = class {
+  #config;
+  constructor(config) {
+    this.#config = config;
+  }
+  async updateSelf(req, rawResponse) {
+    const res = await fetchMe(this.#config, "PUT", JSON.stringify(req));
+    if (rawResponse) {
+      return res;
+    }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
+    }
+  }
+  async removeSelf() {
+    const me = await this.getSelf();
+    if ("id" in me) {
+      this.#config.userId = me.id;
+    }
+    const res = await fetchMe(this.#config, "DELETE");
+    updateHeaders(new Headers());
+    return res;
+  }
+  async getSelf(rawResponse) {
+    const res = await fetchMe(this.#config);
+    if (rawResponse) {
+      return res;
+    }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
+    }
+  }
+};
-// src/utils/Requester/index.ts
-var Requester = class extends Config {
+// src/tenants/index.ts
+var Tenants = class {
+  #logger;
+  #config;
   constructor(config) {
-    super(config);
+    this.#logger = Logger(config, "[tenants]");
+    this.#config = config;
   }
-  async rawRequest(method, url, init, body) {
-    const _init = {
-      body,
-      method,
-      ...init
-    };
-    const res = await _fetch(this, url, _init);
-    if (res instanceof ResponseError) {
-      return res.response;
+  async create(req, rawResponse) {
+    let res;
+    if (typeof req === "string") {
+      res = await fetchTenants(
+        this.#config,
+        "POST",
+        JSON.stringify({ name: req })
+      );
+    } else if (typeof req === "object" && ("name" in req || "id" in req)) {
+      res = await fetchTenants(this.#config, "POST", JSON.stringify(req));
+    }
+    if (rawResponse) {
+      return res;
+    }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
+    }
+  }
+  async delete(req) {
+    if (typeof req === "string") {
+      this.#config.tenantId = req;
     }
+    if (typeof req === "object" && "id" in req) {
+      this.#config.tenantId = req.id;
+    }
+    const res = await fetchTenant(this.#config, "DELETE");
     return res;
   }
-  /**
-   * three options here
-   * 1) pass in headers for a server side request
-   * 2) pass in the payload that matches the api
-   * 3) pass in the request object sent by a browser
-   * @param method
-   * @param url
-   * @param req
-   * @param init
-   * @returns
-   */
-  async request(method, url, req, init) {
-    const headers = new Headers(init ? init?.headers : {});
-    if (req instanceof Headers) {
-      const tenantId = req.get(X_NILE_TENANT);
-      const cookie = req.get("cookie");
-      if (tenantId) {
-        headers.set(X_NILE_TENANT, tenantId);
-      }
-      if (cookie) {
-        headers.set("cookie", cookie);
-      }
-    } else if (req instanceof Request) {
-      const _headers = new Headers(req?.headers);
-      const tenantId = _headers.get(X_NILE_TENANT);
-      const cookie = _headers.get("cookie");
-      if (tenantId) {
-        headers.set(X_NILE_TENANT, tenantId);
-      }
-      if (cookie) {
-        headers.set("cookie", cookie);
-      }
+  async get(req, rawResponse) {
+    if (typeof req === "string") {
+      this.#config.tenantId = req;
+    } else if (typeof req === "object" && "id" in req) {
+      this.#config.tenantId = req.id;
+    }
+    const res = await fetchTenant(this.#config, "GET");
+    if (rawResponse === true || req === true) {
+      return res;
+    }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
     }
-    let body = JSON.stringify(req);
-    if (method === "GET") {
-      body = void 0;
-    } else if (req instanceof Request) {
-      body = await new Response(req.body).text();
-    } else if (
-      // is just headers for a GET request
-      req instanceof Headers || JSON.stringify(req) === "{}" || req && typeof req === "object" && Object.values(req).length === 0
-    ) {
-      body = void 0;
-    }
-    const _init = {
-      ...init,
-      headers
-    };
-    return await this.rawRequest(method, url, _init, body);
   }
-  async post(req, url, init) {
-    const response = await this.request("POST", url, req, init);
-    if (response && response.status >= 200 && response.status < 300) {
-      const cloned = response.clone();
-      try {
-        return await cloned.json();
-      } catch (e) {
+  async update(req, rawResponse) {
+    let res;
+    if (typeof req === "object" && ("name" in req || "id" in req)) {
+      const { id, ...remaining } = req;
+      if (id) {
+        this.#config.tenantId = id;
       }
+      res = await fetchTenant(this.#config, "PUT", JSON.stringify(remaining));
+    }
+    if (rawResponse) {
+      return res;
+    }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
     }
-    return response;
   }
-  async get(req, url, init, raw = false) {
-    const response = await this.request("GET", url, req, init);
-    if (raw) {
-      return response;
+  async list(req) {
+    const res = await fetchTenantsByUser(this.#config);
+    if (req === true) {
+      return res;
     }
-    if (response && response.status >= 200 && response.status < 300) {
-      const cloned = response.clone();
-      try {
-        return await cloned.json();
-      } catch (e) {
-      }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
     }
-    return response;
   }
-  async put(req, url, init) {
-    const response = await this.request("PUT", url, req, init);
-    if (response && response.status >= 200 && response.status < 300) {
-      const cloned = response.clone();
-      try {
-        return await cloned.json();
-      } catch (e) {
+  async leaveTenant(req) {
+    const me = await fetchMe(this.#config);
+    try {
+      const json = await me.json();
+      if ("id" in json) {
+        this.#config.userId = json.id;
       }
+    } catch {
+    }
+    if (typeof req === "string") {
+      this.#config.tenantId = req;
+    } else {
+      this.#handleContext(req);
     }
-    return response;
+    return await fetchTenantUser(this.#config, "DELETE");
+  }
+  async addMember(req, rawResponse) {
+    if (typeof req === "string") {
+      this.#config.userId = req;
+    } else {
+      this.#handleContext(req);
+    }
+    const res = await fetchTenantUser(this.#config, "PUT");
+    return responseHandler(res, rawResponse);
+  }
+  async removeMember(req, rawResponse) {
+    this.#handleContext(req);
+    const res = await fetchTenantUser(this.#config, "DELETE");
+    return responseHandler(res, rawResponse);
+  }
+  async users(req, rawResponse) {
+    this.#handleContext(req);
+    const res = await fetchTenantUsers(this.#config, "GET");
+    return responseHandler(
+      res,
+      rawResponse || typeof req === "boolean" && req
+    );
   }
-  async delete(req, url, init) {
-    const response = await this.request("DELETE", url, req, init);
-    return response;
+  #handleContext(req) {
+    if (typeof req === "object") {
+      if ("tenantId" in req) {
+        this.#config.tenantId = req.tenantId;
+      }
+      if ("userId" in req) {
+        this.#config.tenantId = req.tenantId;
+      }
+    }
   }
 };
+async function responseHandler(res, rawResponse) {
+  if (rawResponse) {
+    return res;
+  }
+  try {
+    return await res?.clone().json();
+  } catch {
+    return res;
+  }
+}
 // src/auth/index.ts
-function serverLogin(config, handlers) {
-  const ORIGIN = config.api.origin ?? "http://localhost:3000";
-  const { info, error, debug } = Logger(config, "[server side login]");
-  const routes = appRoutes(config.api.routePrefix);
-  return async function login({
-    email,
-    password
-  }) {
-    if (!email || !password) {
-      throw new Error("Server side login requires a user email and password.");
+var Auth = class {
+  #logger;
+  #config;
+  constructor(config) {
+    this.#config = config;
+    this.#logger = Logger(config, "[auth]");
+  }
+  async getSession(rawResponse = false) {
+    const res = await fetchSession(this.#config);
+    if (rawResponse) {
+      return res;
     }
-    const sessionUrl = new URL(`${ORIGIN}${routes.PROVIDERS}`);
-    const baseHeaders = {
-      host: sessionUrl.host,
-      [X_NILE_ORIGIN]: ORIGIN
-    };
-    info(`Obtaining providers for ${email}`);
-    const sessionReq = new Request(sessionUrl, {
-      method: "GET",
-      ...baseHeaders
-    });
-    const sessionRes = await handlers.POST(sessionReq);
-    if (sessionRes?.status === 404) {
-      throw new Error("Unable to login, cannot find region api.");
+    try {
+      const session = await res.clone().json();
+      if (Object.keys(session).length === 0) {
+        return void 0;
+      }
+      return session;
+    } catch {
+      return res;
+    }
+  }
+  async getCsrf(rawResponse = false) {
+    const res = await fetchCsrf(this.#config);
+    const csrfCook = parseCSRF(res.headers);
+    if (csrfCook) {
+      const [, value] = csrfCook.split("=");
+      const [token] = decodeURIComponent(value).split("|");
+      const setCookie = res.headers.get("set-cookie");
+      if (setCookie) {
+        const cookie = [
+          csrfCook,
+          parseCallback(res.headers),
+          parseToken(res.headers)
+        ].filter(Boolean).join("; ");
+        this.#config.headers.set("cookie", cookie);
+        updateHeaders(new Headers({ cookie }));
+      }
+      if (!rawResponse) {
+        return { csrfToken: token };
+      }
+    } else {
+      const existingCookie = this.#config.headers.get("cookie");
+      const cookieParts = [];
+      if (existingCookie) {
+        cookieParts.push(
+          parseToken(this.#config.headers),
+          parseCallback(this.#config.headers)
+        );
+      }
+      cookieParts.push(csrfCook);
+      const cookie = cookieParts.filter(Boolean).join("; ");
+      this.#config.headers.set("cookie", cookie);
+      updateHeaders(new Headers({ cookie }));
+    }
+    if (rawResponse) {
+      return res;
     }
-    let providers;
     try {
-      providers = await sessionRes?.json();
-    } catch (e) {
-      info(sessionUrl, { sessionRes });
-      error(e);
+      return await res.clone().json();
+    } catch {
+      return res;
+    }
+  }
+  async listProviders(rawResponse = false) {
+    const res = await fetchProviders(this.#config);
+    if (rawResponse) {
+      return res;
     }
-    info("Obtaining csrf");
-    const csrf = new URL(`${ORIGIN}${routes.CSRF}`);
-    const csrfReq = new Request(csrf, {
-      method: "GET",
-      headers: new Headers({
-        ...baseHeaders
-      })
-    });
-    const csrfRes = await handlers.POST(csrfReq);
-    let csrfToken;
     try {
-      const json = await csrfRes?.json() ?? {};
-      csrfToken = json?.csrfToken;
-    } catch (e) {
-      info(sessionUrl, { csrfRes });
-      error(e, { csrfRes });
+      return await res.clone().json();
+    } catch {
+      return res;
+    }
+  }
+  async signOut() {
+    const csrfRes = await this.getCsrf();
+    if (!("csrfToken" in csrfRes)) {
+      throw new Error("Unable to obtain CSRF token. Sign out failed.");
+    }
+    const body = JSON.stringify({
+      csrfToken: csrfRes.csrfToken,
+      json: true
+    });
+    const res = await fetchSignOut(this.#config, body);
+    updateHeaders(new Headers({}));
+    this.#config.headers = new Headers();
+    return res;
+  }
+  async signUp(payload, rawResponse) {
+    this.#config.headers = new Headers();
+    const { email, password, ...params } = payload;
+    if (!email || !password) {
+      throw new Error(
+        "Server side sign up requires a user email and password."
+      );
     }
+    const providers = await this.listProviders();
     const { credentials } = providers ?? {};
-    const csrfCookie = csrfRes?.headers.get("set-cookie");
     if (!credentials) {
       throw new Error(
-        "Unable to obtain credential provider. Aborting server side login."
+        "Unable to obtain credential provider. Aborting server side sign up."
       );
     }
-    const signInUrl = new URL(credentials.callbackUrl);
-    if (!csrfCookie) {
-      debug("CSRF failed", { headers: csrfRes?.headers });
-      throw new Error("Unable to authenticate REST, CSRF missing.");
+    const csrf = await this.getCsrf();
+    let csrfToken;
+    if ("csrfToken" in csrf) {
+      csrfToken = csrf.csrfToken;
+    } else {
+      throw new Error("Unable to obtain parse CSRF. Request blocked.");
     }
-    info(`Attempting sign in with email ${email} ${signInUrl.href}`);
     const body = JSON.stringify({
       email,
       password,
       csrfToken,
       callbackUrl: credentials.callbackUrl
     });
-    const postReq = new Request(signInUrl, {
-      method: "POST",
-      headers: new Headers({
-        ...baseHeaders,
-        "content-type": "application/json",
-        cookie: csrfCookie.split(",").join("; ")
-      }),
-      body
-    });
-    const loginRes = await handlers.POST(postReq);
-    const authCookie = loginRes?.headers.get("set-cookie");
-    if (!authCookie) {
-      throw new Error("authentication failed");
+    const res = await fetchSignUp(this.#config, { body, params });
+    if (res.status > 299) {
+      this.#logger.error(await res.clone().text());
+      return void 0;
     }
-    const token = parseToken(loginRes?.headers);
+    const token = parseToken(res.headers);
     if (!token) {
-      error("Unable to obtain auth token", { authCookie });
-      throw new Error("Server login failed");
+      throw new Error("Server side sign up failed. Session token not found");
     }
-    info("Server login successful", { authCookie, csrfCookie });
-    const headers = new Headers({
-      ...baseHeaders,
-      cookie: [token, csrfCookie].join("; ")
-    });
-    return [headers, loginRes];
-  };
-}
-function parseToken(headers) {
-  let authCookie = headers?.get("set-cookie");
-  if (!authCookie) {
-    authCookie = headers?.get("cookie");
-  }
-  if (!authCookie) {
-    return void 0;
-  }
-  const [, token] = /((__Secure-)?nile\.session-token=[^;]+)/.exec(authCookie) ?? [];
-  return token;
-}
-var Auth = class extends Config {
-  headers;
-  resetHeaders;
-  constructor(config, headers, params) {
-    super(config);
-    this.logger = Logger(config, "[auth]");
-    this.headers = headers;
-    this.logger = Logger(config, "[auth]");
-    this.resetHeaders = params?.resetHeaders;
-  }
-  handleHeaders(init) {
-    if (this.headers) {
-      const cburl = getCallbackUrl2(this.headers);
-      if (cburl) {
-        try {
-          this.headers.set(X_NILE_ORIGIN, new URL(cburl).origin);
-        } catch (e) {
-          if (this.logger?.debug) {
-            this.logger.debug("Invalid URL supplied by cookie header");
-          }
-        }
-      }
-      if (init) {
-        init.headers = new Headers({ ...this.headers, ...init?.headers });
-        return init;
-      } else {
-        init = {
-          headers: this.headers
-        };
-        return init;
-      }
+    this.#config.headers?.append("cookie", token);
+    updateHeaders(this.#config.headers);
+    if (rawResponse) {
+      return res;
     }
-    return void 0;
-  }
-  get sessionUrl() {
-    return "/auth/session";
-  }
-  getSession = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    const session = await _requester.get(req, this.sessionUrl, _init);
-    if (Object.keys(session).length === 0) {
-      return void 0;
+    try {
+      return await res.clone().json();
+    } catch {
+      return res;
     }
-    return session;
-  };
-  get getCsrfUrl() {
-    return "/auth/csrf";
-  }
-  async getCsrf(req, init, raw = false) {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.get(req, this.getCsrfUrl, _init, raw);
   }
-  get listProvidersUrl() {
-    return "/auth/providers";
-  }
-  listProviders = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.get(req, this.listProvidersUrl, _init);
-  };
-  get signOutUrl() {
-    return "/auth/signout";
-  }
-  signOut = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    const csrf = await this.getCsrf(
-      req,
-      void 0,
-      true
-    );
-    const csrfHeader = getCsrfToken(csrf.headers, this.headers);
-    const callbackUrl = req && "callbackUrl" in req ? String(req.callbackUrl) : "/";
-    if (!csrfHeader) {
-      this.logger?.debug && this.logger.debug("Request blocked from invalid csrf header");
-      return new Response("Request blocked", { status: 400 });
-    }
-    const headers = new Headers(_init?.headers);
-    const { csrfToken } = await csrf.json() ?? {};
-    const cooks = getCookies(headers);
-    if (csrfHeader) {
-      if (cooks["__Secure-nile.csrf-token"]) {
-        cooks["__Secure-nile.csrf-token"] = encodeURIComponent(csrfHeader);
-      }
-      if (cooks["nile.csrf-token"]) {
-        cooks["nile.csrf-token"] = encodeURIComponent(csrfHeader);
-      }
+  async signIn(provider, payload, rawResponse) {
+    this.#config.headers = new Headers();
+    const { info, error } = this.#logger;
+    const { email, password } = payload ?? {};
+    if (provider === "email" && (!email || !password)) {
+      throw new Error(
+        "Server side sign in requires a user email and password."
+      );
     }
-    headers.set(
-      "cookie",
-      Object.keys(cooks).map((key12) => `${key12}=${cooks[key12]}`).join("; ")
-    );
-    const res = await _requester.post(req, this.signOutUrl, {
-      method: "post",
-      body: JSON.stringify({
-        csrfToken,
-        callbackUrl,
-        json: String(true)
-      }),
-      ..._init,
-      headers
-    });
-    this.resetHeaders && this.resetHeaders();
-    return res;
-  };
-};
-function getCallbackUrl2(headers) {
-  if (headers) {
-    const cookies = getCookies(headers);
-    if (cookies) {
-      return cookies["__Secure-nile.callback-url"] || cookies["nile.callback-url"];
+    info(`Obtaining providers for ${email}`);
+    const providers = await this.listProviders();
+    info("Obtaining csrf");
+    const csrf = await this.getCsrf();
+    let csrfToken;
+    if ("csrfToken" in csrf) {
+      csrfToken = csrf.csrfToken;
+    } else {
+      throw new Error("Unable to obtain parse CSRF. Request blocked.");
     }
-  }
-}
-function getCsrfToken(headers, initHeaders) {
-  if (headers) {
-    const cookies = getCookies(headers);
-    let validCookie = "";
-    if (cookies) {
-      validCookie = cookies["__Secure-nile.csrf-token"] || cookies["nile.csrf-token"];
+    const { credentials } = providers ?? {};
+    if (!credentials) {
+      throw new Error(
+        "Unable to obtain credential provider. Aborting server side sign in."
+      );
     }
-    if (validCookie) {
-      return validCookie;
+    if (provider !== "credentials") {
+      return await fetchSignIn(
+        this.#config,
+        provider,
+        JSON.stringify({ csrfToken })
+      );
     }
-  }
-  if (initHeaders) {
-    const cookies = getCookies(initHeaders);
-    if (cookies) {
-      return cookies["__Secure-nile.csrf-token"] || cookies["nile.csrf-token"];
+    info(`Attempting sign in with email ${email}`);
+    const body = JSON.stringify({
+      email,
+      password,
+      csrfToken,
+      callbackUrl: credentials.callbackUrl
+    });
+    const signInRes = await fetchCallback(this.#config, provider, body);
+    const authCookie = signInRes?.headers.get("set-cookie");
+    if (!authCookie) {
+      throw new Error("authentication failed");
     }
-  }
-}
-var getCookies = (headers) => {
-  if (!headers) return {};
-  const cookieHeader = headers.get("cookie") || "";
-  const setCookieHeaders = headers.get("set-cookie") || "";
-  const allCookies = [
-    ...cookieHeader.split("; "),
-    // Regular 'cookie' header (semicolon-separated)
-    ...setCookieHeaders.split(/,\s*(?=[^;, ]+=)/)
-    // Smart split for 'set-cookie'
-  ].filter(Boolean);
-  return Object.fromEntries(
-    allCookies.map((cookie) => {
-      const [key12, ...val] = cookie.split("=");
-      return [
-        decodeURIComponent(key12.trim()),
-        decodeURIComponent(val.join("=").trim())
-      ];
-    })
-  );
-};
-// src/tenants/index.ts
-var Tenants = class extends Config {
-  headers;
-  constructor(config, headers) {
-    super(config);
-    this.headers = headers;
-  }
-  handleHeaders(init) {
-    if (this.headers) {
-      if (init) {
-        init.headers = new Headers({ ...this.headers, ...init?.headers });
-        return init;
-      } else {
-        init = {
-          headers: this.headers
-        };
-        return init;
+    const token = parseToken(signInRes?.headers);
+    const possibleError = signInRes?.headers.get("location");
+    if (possibleError) {
+      let urlError;
+      try {
+        urlError = new URL(possibleError).searchParams.get("error");
+      } catch {
+      }
+      if (urlError) {
+        error("Unable to log user in", { error: urlError });
+        return void 0;
       }
     }
-    return void 0;
-  }
-  get tenantsUrl() {
-    return "/tenants";
-  }
-  get tenantUrl() {
-    return `/tenants/${this.tenantId ?? "{tenantId}"}`;
-  }
-  createTenant = async (req, init) => {
-    let _req;
-    if (typeof req === "string") {
-      _req = new Request(`${this.api.basePath}${this.tenantsUrl}`, {
-        body: JSON.stringify({ name: req }),
-        method: "POST",
-        headers: {
-          "content-type": "application/json"
-        }
-      });
-    } else if ("name" in req || "id" in req) {
-      _req = new Request(`${this.api.basePath}${this.tenantsUrl}`, {
-        body: JSON.stringify(req),
-        method: "POST",
-        headers: {
-          "content-type": "application/json"
-        }
+    if (!token) {
+      error("Unable to obtain auth token", {
+        authCookie,
+        signInRes
       });
-    } else {
-      _req = req;
-    }
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return _requester.post(_req, this.tenantsUrl, _init);
-  };
-  getTenant = async (req, init) => {
-    if (typeof req === "string") {
-      this.tenantId = req;
-    }
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return _requester.get(req, this.tenantUrl, _init);
-  };
-  get tenantListUrl() {
-    return `/users/${this.userId ?? "{userId}"}/tenants`;
-  }
-  listTenants = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return _requester.get(req, this.tenantListUrl, _init);
-  };
-  deleteTenant = async (req, init) => {
-    if (typeof req === "string") {
-      this.tenantId = req;
+      throw new Error("Server login failed");
     }
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return _requester.delete(req, this.tenantUrl, _init);
-  };
-  updateTenant = async (req, init) => {
-    let _req;
-    if (req && "name" in req) {
-      _req = new Request(`${this.api.basePath}${this.tenantUrl}`, {
-        body: JSON.stringify(req),
-        method: "PUT"
-      });
+    info("Server sign in successful", { authCookie });
+    const setCookie = signInRes.headers.get("set-cookie");
+    if (setCookie) {
+      const cookie = [
+        parseCSRF(this.#config.headers),
+        parseCallback(signInRes.headers),
+        parseToken(signInRes.headers)
+      ].filter(Boolean).join("; ");
+      updateHeaders(new Headers({ cookie }));
     } else {
-      _req = req;
+      error("Unable to set context after sign in", {
+        headers: signInRes.headers
+      });
     }
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return _requester.put(_req, this.tenantUrl, _init);
-  };
-};
-// src/users/index.ts
-var Users = class extends Config {
-  headers;
-  constructor(config, headers) {
-    super(config);
-    this.headers = headers;
-  }
-  usersUrl(user) {
-    const params = new URLSearchParams();
-    if (user.newTenantName) {
-      params.set("newTenantName", user.newTenantName);
+    if (rawResponse) {
+      return signInRes;
     }
-    if (user.tenantId) {
-      params.set("tenantId", user.tenantId);
+    try {
+      return await signInRes.clone().json();
+    } catch {
+      return signInRes;
     }
-    return `/users?${params.size > 0 ? params : ""}`;
   }
-  get tenantUsersUrl() {
-    return `/tenants/${this.tenantId ?? "{tenantId}"}/users`;
+};
+function parseCSRF(headers) {
+  let cookie = headers?.get("set-cookie");
+  if (!cookie) {
+    cookie = headers?.get("cookie");
   }
-  get linkUsersUrl() {
-    return `/tenants/${this.tenantId ?? "{tenantId}"}/users/${this.userId ?? "{userId}"}/link`;
+  if (!cookie) {
+    return void 0;
   }
-  get tenantUserUrl() {
-    return `/tenants/${this.tenantId ?? "{tenantId}"}/users/${this.userId ?? "{userId}"}`;
+  const [, token] = /((__Secure-)?nile\.csrf-token=[^;]+)/.exec(cookie) ?? [];
+  return token;
+}
+function parseCallback(headers) {
+  let cookie = headers?.get("set-cookie");
+  if (!cookie) {
+    cookie = headers?.get("cookie");
   }
-  handleHeaders(init) {
-    if (this.headers) {
-      if (init) {
-        init.headers = new Headers({ ...this.headers, ...init?.headers });
-        return init;
-      } else {
-        init = {
-          headers: this.headers
-        };
-        return init;
-      }
-    }
+  if (!cookie) {
     return void 0;
   }
-  createUser = async (user, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.post(user, this.usersUrl(user), _init);
-  };
-  createTenantUser = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.post(req, this.tenantUsersUrl, _init);
-  };
-  updateUser = async (req, init) => {
-    let _req;
-    if (req && "id" in req) {
-      _req = new Request(`${this.api.basePath}${this.tenantUserUrl}`, {
-        body: JSON.stringify(req),
-        method: "PUT"
-      });
-      this.userId = String(req.id);
-    } else {
-      _req = req;
-    }
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.put(_req, this.tenantUserUrl, _init);
-  };
-  listUsers = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.get(req, this.tenantUsersUrl, _init);
-  };
-  linkUser = async (req, init) => {
-    const _requester = new Requester(this);
-    if (typeof req === "string") {
-      this.userId = req;
-    } else {
-      if ("id" in req) {
-        this.userId = req.id;
-      }
-      if ("tenantId" in req) {
-        this.tenantId = req.tenantId;
-      }
-    }
-    const _init = this.handleHeaders(init);
-    return await _requester.put(req, this.linkUsersUrl, _init);
-  };
-  unlinkUser = async (req, init) => {
-    if (typeof req === "string") {
-      this.userId = req;
-    } else {
-      if ("id" in req) {
-        this.userId = req.id;
-      }
-      if ("tenantId" in req) {
-        this.tenantId = req.tenantId;
-      }
-    }
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.delete(req, this.linkUsersUrl, _init);
-  };
-  get meUrl() {
-    return "/me";
+  const [, token] = /((__Secure-)?nile\.callback-url=[^;]+)/.exec(cookie) ?? [];
+  return token;
+}
+function parseToken(headers) {
+  let authCookie = headers?.get("set-cookie");
+  if (!authCookie) {
+    authCookie = headers?.get("cookie");
   }
-  me = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.get(req, this.meUrl, _init);
-  };
-  updateMe = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.put(req, this.meUrl, _init);
-  };
-};
+  if (!authCookie) {
+    return void 0;
+  }
+  const [, token] = /((__Secure-)?nile\.session-token=[^;]+)/.exec(authCookie) ?? [];
+  return token;
+}
 // src/api/handlers/withContext/index.ts
-function handlersWithContext(configRoutes, config) {
-  const GET6 = GETTER(configRoutes, config);
-  const POST5 = POSTER(configRoutes, config);
-  const DELETE3 = DELETER(configRoutes, config);
-  const PUT4 = PUTER(configRoutes, config);
+function handlersWithContext(config) {
+  const GET6 = GETTER(config.routes, config);
+  const POST5 = POSTER(config.routes, config);
+  const DELETE4 = DELETER(config.routes, config);
+  const PUT5 = PUTER(config.routes, config);
   return {
     GET: async (req) => {
       const response = await GET6(req);
@@ -2444,12 +2223,12 @@ function handlersWithContext(configRoutes, config) {
       return { response, nile: new Server(updatedConfig) };
     },
     DELETE: async (req) => {
-      const response = await DELETE3(req);
+      const response = await DELETE4(req);
       const updatedConfig = updateConfig(response, config);
       return { response, nile: new Server(updatedConfig) };
     },
     PUT: async (req) => {
-      const response = await PUT4(req);
+      const response = await PUT5(req);
       const updatedConfig = updateConfig(response, config);
       return { response, nile: new Server(updatedConfig) };
     }
@@ -2461,13 +2240,14 @@ function updateConfig(response, config) {
   if (response?.status === 302) {
     const location = response.headers.get("location");
     if (location) {
-      origin = location;
+      const normalized = location.endsWith("/") ? location.slice(0, -1) : location;
+      origin = normalized;
     }
   }
   const setCookies = [];
   if (response?.headers) {
-    for (const [key12, value] of response.headers) {
-      if (key12.toLowerCase() === "set-cookie") {
+    for (const [key13, value] of response.headers) {
+      if (key13.toLowerCase() === "set-cookie") {
         setCookies.push(value);
       }
     }
@@ -2478,299 +2258,200 @@ function updateConfig(response, config) {
   }
   return {
     ...config,
-    api: {
-      ...config.api,
-      origin,
-      headers: headers ?? void 0
-    }
+    origin,
+    headers: headers ?? void 0
   };
 }
-// src/Api.ts
-var Api = class {
-  config;
+// src/Server.ts
+var Server = class {
   users;
-  auth;
   tenants;
-  routes;
+  auth;
+  #config;
+  #handlers;
+  #paths;
+  #manager;
   #headers;
-  handlers;
-  handlersWithContext;
-  paths;
   constructor(config) {
-    this.config = config;
-    if (config?.api.headers) {
-      this.headers = config?.api.headers;
-    }
-    this.auth = new Auth(config, void 0, {
-      resetHeaders: this.resetHeaders
+    this.#config = new Config(config, "[initial config]");
+    watchTenantId((tenantId) => {
+      if (tenantId !== this.#config.tenantId) {
+        this.#config.tenantId = tenantId;
+        this.#reset();
+      }
     });
-    this.users = new Users(config);
-    this.tenants = new Tenants(config);
-    this.routes = {
-      ...appRoutes(config?.api.routePrefix),
-      ...config?.api.routes
-    };
-    this.handlers = Handlers(this.routes, config);
-    this.handlersWithContext = handlersWithContext(this.routes, config);
-    this.paths = {
-      get: [
-        this.routes.ME,
-        this.routes.TENANT_USERS,
-        this.routes.TENANTS,
-        this.routes.TENANT,
-        this.routes.SESSION,
-        this.routes.SIGNIN,
-        this.routes.PROVIDERS,
-        this.routes.CSRF,
-        this.routes.PASSWORD_RESET,
-        this.routes.CALLBACK,
-        this.routes.SIGNOUT,
-        this.routes.VERIFY_REQUEST,
-        this.routes.ERROR
-      ],
-      post: [
-        this.routes.TENANT_USERS,
-        this.routes.SIGNUP,
-        this.routes.USERS,
-        this.routes.TENANTS,
-        this.routes.SESSION,
-        `${this.routes.SIGNIN}/{provider}`,
-        this.routes.PASSWORD_RESET,
-        this.routes.PROVIDERS,
-        this.routes.CSRF,
-        `${this.routes.CALLBACK}/{provider}`,
-        this.routes.SIGNOUT
-      ],
-      put: [
-        this.routes.TENANT_USERS,
-        this.routes.USERS,
-        this.routes.TENANT,
-        this.routes.PASSWORD_RESET
-      ],
-      delete: [this.routes.TENANT_USER, this.routes.TENANT]
+    watchUserId((userId) => {
+      if (userId !== this.#config.userId) {
+        this.#config.userId = userId;
+        this.#reset();
+      }
+    });
+    watchHeaders((headers) => {
+      this.setContext(headers);
+      this.#reset();
+    });
+    this.#handlers = {
+      ...this.#config.handlers,
+      withContext: handlersWithContext(this.#config)
     };
+    this.#paths = this.#config.paths;
+    this.#config.tenantId = getTenantId({ config: this.#config });
+    this.#manager = new DBManager(this.#config);
+    this.#handleHeaders(config);
+    this.users = new Users(this.#config);
+    this.tenants = new Tenants(this.#config);
+    this.auth = new Auth(this.#config);
   }
-  reset = () => {
-    this.users = new Users(this.config, this.#headers);
-    this.tenants = new Tenants(this.config, this.#headers);
-    this.auth = new Auth(this.config, this.#headers, {
-      resetHeaders: this.resetHeaders
+  get db() {
+    const pool = this.#manager.getConnection(this.#config);
+    return Object.assign(pool, {
+      clearConnections: () => {
+        this.#manager.clear(this.#config);
+      }
     });
-  };
-  updateConfig = (config) => {
-    this.config = config;
-    this.handlers = Handlers(this.routes, config);
-  };
-  resetHeaders = (headers) => {
-    this.#headers = new Headers(headers ?? {});
-    this.reset();
-  };
+  }
   /**
-   * Merge headers together
+   * A convenience function that applies a config and ensures whatever was passed is set properly
    */
-  set headers(headers) {
-    const updates = [];
-    if (headers instanceof Headers) {
-      headers.forEach((value, key12) => {
-        updates.push([key12.toLowerCase(), value]);
-      });
-    } else {
-      for (const [key12, value] of Object.entries(headers)) {
-        updates.push([key12.toLowerCase(), value]);
-      }
-    }
-    const merged = {};
-    this.#headers?.forEach((value, key12) => {
-      if (key12.toLowerCase() !== "cookie") {
-        merged[key12.toLowerCase()] = value;
-      }
-    });
-    for (const [key12, value] of updates) {
-      merged[key12] = value;
-    }
-    this.#headers = new Headers();
-    for (const [key12, value] of Object.entries(merged)) {
-      this.#headers.set(key12, value);
+  getInstance(config, req) {
+    const _config = { ...this.#config, ...config };
+    const updatedConfig = new Config(_config);
+    this.#config = new Config(updatedConfig);
+    this.#config.tenantId = config.tenantId;
+    this.#config.userId = config.userId;
+    if (req) {
+      this.setContext(req);
     }
-    this.reset();
+    this.#reset();
+    return this;
   }
-  get headers() {
-    return this.#headers;
+  getPaths() {
+    return this.#paths;
   }
-  getCookie(req) {
-    if (req instanceof Headers) {
-      return parseToken(req);
-    } else if (req instanceof Request) {
-      return parseToken(req.headers);
-    }
-    return null;
+  get handlers() {
+    return this.#handlers;
   }
-  login = async (payload, config) => {
-    const [headers, loginRes] = await serverLogin(
-      this.config,
-      this.handlers
-    )(payload);
-    this.setContext(headers);
-    try {
-      const res = await loginRes.json();
-      if (res.id) {
-        this.config.userId = res.id;
-      }
-    } catch (e) {
-      const { warn } = Logger(this.config, "[API][login]");
-      if (warn) {
-        warn("Unable to set user id from login attempt.");
-      }
-    }
-    if (config?.returnResponse) {
-      return loginRes;
-    }
-    return void 0;
-  };
-  session = async (req) => {
-    if (req instanceof Headers) {
-      return this.auth.getSession(req);
-    } else if (req instanceof Request) {
-      return auth(req, this.config);
-    }
-    return this.auth.getSession(this.#headers);
-  };
-  setContext = (req) => {
+  /**
+   * Allow the setting of headers from a req or header object.
+   * Makes it possible to handle REST requests easily
+   * Also makes it easy to set user + tenant in some way
+   * @param req
+   * @returns undefined
+   */
+  setContext(req) {
     try {
       if (req instanceof Headers) {
-        this.headers = req;
+        this.#handleHeaders(req);
+        this.#reset();
         return;
       } else if (req instanceof Request) {
-        this.headers = new Headers(req.headers);
+        this.#handleHeaders(new Headers(req.headers));
+        this.#reset();
         return;
       }
+    } catch {
+    }
+    let ok = false;
+    if (req && typeof req === "object" && "tenantId" in req) {
+      ok = true;
+      this.#config.tenantId = req.tenantId;
+    }
+    if (req && typeof req === "object" && "userId" in req) {
+      ok = true;
+      this.#config.userId = req.userId;
+    }
+    if (ok) {
+      return;
+    }
+    if (typeof req === "object") {
       const headers = new Headers(req);
       if (headers) {
-        this.headers = headers;
+        this.#handleHeaders(headers);
+        this.#reset();
         return;
       }
-    } catch {
     }
-    const { warn } = Logger(this.config, "[API]");
+    const { warn } = Logger(this.#config, "[API]");
     if (warn) {
       warn(
         "Set context expects a Request, Header instance or an object of Record<string, string>"
       );
     }
-  };
-};
-// src/Server.ts
-var Server = class {
-  config;
-  api;
-  manager;
-  constructor(config) {
-    this.config = new Config(config, "[initial config]");
-    this.api = new Api(this.config);
-    this.manager = new DBManager(this.config);
-    watchTenantId((tenantId) => {
-      this.tenantId = tenantId;
-    });
-    watchUserId((userId) => {
-      this.userId = userId;
-    });
-    watchToken((token) => {
-      this.token = token;
-    });
-  }
-  setConfig(cfg) {
-    this.config = new Config(cfg);
-    this.api.updateConfig(this.config);
-  }
-  async init(cfg) {
-    const updatedConfig = await this.config.configure({
-      ...this.config,
-      ...cfg
-    });
-    this.setConfig(updatedConfig);
-    return this;
-  }
-  set databaseId(val) {
-    if (val) {
-      this.config.databaseId = val;
-      this.api.users.databaseId = val;
-      this.api.tenants.databaseId = val;
-    }
   }
-  get userId() {
-    return this.config.userId;
+  getContext() {
+    return {
+      headers: this.#headers,
+      userId: this.#config.userId,
+      tenantId: this.#config.tenantId
+    };
   }
-  set userId(userId) {
-    this.databaseId = this.config.databaseId;
-    this.config.userId = userId;
-    if (this.api) {
-      this.api.users.userId = this.config.userId;
-      this.api.tenants.userId = this.config.userId;
+  /**
+   * Merge headers together
+   * Internally, passed a NileConfig, externally, should be using Headers
+   */
+  #handleHeaders(config) {
+    const updates = [];
+    let headers;
+    this.#headers = new Headers();
+    if (config instanceof Headers) {
+      headers = config;
+    } else if (config?.headers) {
+      headers = config?.headers;
+      if (config && config.origin) {
+        this.#headers.set(X_NILE_ORIGIN, config.origin);
+      }
+      if (config && config.secureCookies != null) {
+        this.#headers.set(X_NILE_SECURECOOKIES, String(config.secureCookies));
+      }
     }
-  }
-  get tenantId() {
-    return this.config.tenantId;
-  }
-  set tenantId(tenantId) {
-    this.databaseId = this.config.databaseId;
-    this.config.tenantId = tenantId;
-    if (this.api) {
-      this.api.users.tenantId = tenantId;
-      this.api.tenants.tenantId = tenantId;
+    if (headers instanceof Headers) {
+      headers.forEach((value, key13) => {
+        updates.push([key13.toLowerCase(), value]);
+      });
+    } else {
+      for (const [key13, value] of Object.entries(headers ?? {})) {
+        updates.push([key13.toLowerCase(), value]);
+      }
     }
-  }
-  get token() {
-    return this.config?.api?.token;
-  }
-  set token(token) {
-    if (token) {
-      this.config.api.token = token;
-      if (this.api) {
-        this.api.users.api.token = token;
-        this.api.tenants.api.token = token;
+    const merged = {};
+    this.#headers?.forEach((value, key13) => {
+      if (key13.toLowerCase() !== "cookie") {
+        merged[key13.toLowerCase()] = value;
       }
+    });
+    for (const [key13, value] of updates) {
+      merged[key13] = value;
     }
-  }
-  get db() {
-    return this.manager.getConnection(this.config);
-  }
-  clearConnections() {
-    this.manager.clear(this.config);
+    for (const [key13, value] of Object.entries(merged)) {
+      this.#headers.set(key13, value);
+    }
+    this.#config.headers = this.#headers;
   }
   /**
-   * A convenience function that applies a config and ensures whatever was passed is set properly
+   * Allow some internal mutations to reset our config + headers
    */
-  getInstance(config, req) {
-    const _config = { ...this.config, ...config };
-    const updatedConfig = new Config(_config);
-    this.setConfig(updatedConfig);
-    this.tenantId = updatedConfig.tenantId;
-    this.userId = updatedConfig.userId;
-    if (updatedConfig.api.token) {
-      this.token = updatedConfig.api.token;
-    }
-    this.databaseId = updatedConfig.databaseId;
-    if (req) {
-      this.api.setContext(req);
-    }
-    return this;
-  }
+  #reset = () => {
+    this.#config.headers = this.#headers ?? new Headers();
+    this.users = new Users(this.#config);
+    this.tenants = new Tenants(this.#config);
+    this.auth = new Auth(this.#config);
+  };
 };
 var server;
-async function create(config) {
+function create(config) {
   if (!server) {
     server = new Server(config);
   }
-  if (config) {
-    return await server.init(new Config(config));
-  }
-  return await server.init();
+  return server;
 }
+exports.APIErrorErrorCodeEnum = APIErrorErrorCodeEnum;
 exports.LoginUserResponseTokenTypeEnum = LoginUserResponseTokenTypeEnum;
 exports.Nile = create;
 exports.Server = Server;
+exports.parseCSRF = parseCSRF;
+exports.parseCallback = parseCallback;
+exports.parseToken = parseToken;
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map