npm - @niledatabase/server - Versions diffs - 5.0.0-alpha.0 → 5.0.0-alpha.2 - Mend

@niledatabase/server 5.0.0-alpha.0 → 5.0.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/index.mjs CHANGED Viewed

@@ -1,6 +1,22 @@
 import 'dotenv/config';
 import pg from 'pg';
-import { decodeJwt } from 'jose';
+// src/types.ts
+var APIErrorErrorCodeEnum = {
+  InternalError: "internal_error",
+  BadRequest: "bad_request",
+  EntityNotFound: "entity_not_found",
+  DuplicateEntity: "duplicate_entity",
+  InvalidCredentials: "invalid_credentials",
+  UnknownOidcProvider: "unknown_oidc_provider",
+  ProviderAlreadyExists: "provider_already_exists",
+  ProviderConfigError: "provider_config_error",
+  ProviderMismatch: "provider_mismatch",
+  ProviderUpdateError: "provider_update_error",
+  SessionStateMissing: "session_state_missing",
+  SessionStateMismatch: "session_state_mismatch",
+  OidcCodeMissing: "oidc_code_missing"
+};
 // src/users/types.ts
 var LoginUserResponseTokenTypeEnum = {
@@ -9,10 +25,89 @@ var LoginUserResponseTokenTypeEnum = {
   IdToken: "ID_TOKEN"
 };
-// src/api/utils/routes/urlMatches.ts
-function urlMatches(requestUrl, route15) {
+// src/api/utils/routes/index.ts
+var NILEDB_API_URL = process.env.NILEDB_API_URL;
+var DEFAULT_PREFIX = "/api";
+var appRoutes = (prefix = DEFAULT_PREFIX) => ({
+  SIGNIN: `${prefix}${"/auth/signin" /* SIGNIN */}`,
+  PROVIDERS: `${prefix}${"/auth/providers" /* PROVIDERS */}`,
+  SESSION: `${prefix}${"/auth/session" /* SESSION */}`,
+  CSRF: `${prefix}${"/auth/csrf" /* CSRF */}`,
+  CALLBACK: `${prefix}${"/auth/callback" /* CALLBACK */}`,
+  SIGNOUT: `${prefix}${"/auth/signout" /* SIGNOUT */}`,
+  ERROR: `${prefix}/auth/error`,
+  VERIFY_REQUEST: `${prefix}/auth/verify-request`,
+  VERIFY_EMAIL: `${prefix}${"/auth/verify-email" /* VERIFY_EMAIL */}`,
+  PASSWORD_RESET: `${prefix}${"/auth/reset-password" /* PASSWORD_RESET */}`,
+  ME: `${prefix}${"/me" /* ME */}`,
+  USERS: `${prefix}${"/users" /* USERS */}`,
+  USER_TENANTS: `${prefix}${"/users/{userId}/tenants" /* USER_TENANTS */}`,
+  TENANTS: `${prefix}${"/tenants" /* TENANTS */}`,
+  TENANT: `${prefix}${"/tenants/{tenantId}" /* TENANT */}`,
+  TENANT_USER: `${prefix}${"/tenants/{tenantId}/users/{userId}" /* TENANT_USER */}`,
+  TENANT_USERS: `${prefix}${"/tenants/{tenantId}/users" /* TENANT_USERS */}`,
+  SIGNUP: `${prefix}${"/signup" /* SIGNUP */}`,
+  LOG: `${prefix}/_log`
+});
+var apiRoutes = (config) => ({
+  ME: makeRestUrl(config, "/me"),
+  USERS: (qp) => makeRestUrl(config, "/users", qp),
+  USER: (userId) => makeRestUrl(config, `/users/${userId}`),
+  TENANTS: makeRestUrl(config, "/tenants"),
+  TENANT: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}`),
+  SIGNUP: makeRestUrl(config, "/signup"),
+  TENANT_USERS: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/users`),
+  TENANT_USER: makeRestUrl(
+    config,
+    `/tenants/${config.tenantId}/users/${config.userId}`
+  ),
+  USER_TENANTS: (userId) => makeRestUrl(config, `/users/${userId}/tenants`)
+});
+var proxyRoutes = (config) => ({
+  SIGNIN: makeRestUrl(config, "/auth/signin" /* SIGNIN */),
+  PROVIDERS: makeRestUrl(config, "/auth/providers" /* PROVIDERS */),
+  SESSION: makeRestUrl(config, "/auth/session" /* SESSION */),
+  CSRF: makeRestUrl(config, "/auth/csrf" /* CSRF */),
+  CALLBACK: makeRestUrl(config, "/auth/callback" /* CALLBACK */),
+  SIGNOUT: makeRestUrl(config, "/auth/signout" /* SIGNOUT */),
+  ERROR: makeRestUrl(config, "/auth/error"),
+  VERIFY_REQUEST: makeRestUrl(config, "/auth/verify-request"),
+  PASSWORD_RESET: makeRestUrl(config, "/auth/reset-password" /* PASSWORD_RESET */),
+  VERIFY_EMAIL: makeRestUrl(config, "/auth/verify-email" /* VERIFY_EMAIL */)
+});
+function filterNullUndefined(obj) {
+  if (!obj) {
+    return void 0;
+  }
+  return Object.fromEntries(
+    Object.entries(obj).filter(
+      ([, value]) => value !== null && value !== void 0
+    )
+  );
+}
+function makeRestUrl(config, path, qp) {
+  const url = config.apiUrl || NILEDB_API_URL;
+  if (!url) {
+    throw new Error(
+      "An API url is required. Set it via NILEDB_API_URL. Was auto configuration run?"
+    );
+  }
+  const params = new URLSearchParams(
+    filterNullUndefined(qp)
+  );
+  const strParams = params.toString();
+  return `${[url, path.substring(1, path.length)].join("/")}${strParams ? `?${strParams}` : ""}`;
+}
+function urlMatches(requestUrl, route17) {
   const url = new URL(requestUrl);
-  return url.pathname.startsWith(route15);
+  return url.pathname.startsWith(route17);
+}
+function isUUID(value) {
+  if (!value) {
+    return false;
+  }
+  const regex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5|7][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/;
+  return regex.test(value);
 }
 // src/utils/Logger.ts
@@ -75,77 +170,9 @@ function matchesLog(configRoutes, request2) {
 }
 // src/utils/constants.ts
-var X_NILE_TENANT = "nile.tenant_id";
-var X_NILE_USER_ID = "nile.user_id";
-var X_NILE_ORIGIN = "nile.origin";
-var X_NILE_SECURECOOKIES = "nile.secure_cookies";
-// src/context/asyncStorage.ts
-var globalContext = null;
-function setContext(headers) {
-  const origin = headers.get(X_NILE_ORIGIN);
-  const host = headers.get("host");
-  const cookie = headers.get("cookie");
-  const tenantId = headers.get(X_NILE_TENANT);
-  const userId = headers.get(X_NILE_USER_ID);
-  const context = {};
-  if (origin) {
-    context.origin = origin;
-  } else if (host) {
-    context.origin = host;
-  }
-  if (cookie) {
-    context.cookie = cookie;
-  }
-  if (tenantId) {
-    context.tenantId = tenantId;
-  }
-  if (userId) {
-    context.userId = userId;
-  }
-  globalContext = context;
-}
-function getOrigin() {
-  return globalContext?.origin;
-}
-function getCookie() {
-  return globalContext?.cookie;
-}
-function setCookie(headers) {
-  const getSet = headers?.getSetCookie?.();
-  if (getSet?.length) {
-    const updatedCookie = [];
-    for (const cook of getSet) {
-      const [c] = cook.split("; ");
-      const [, val] = c.split("=");
-      if (val) {
-        updatedCookie.push(c);
-      }
-    }
-    const cookie = mergeCookies(updatedCookie);
-    globalContext = { ...globalContext, cookie };
-  }
-}
-function mergeCookies(overrideArray) {
-  const cookieString = getCookie();
-  const cookieMap = {};
-  if (!cookieString) {
-    return overrideArray.join("; ");
-  }
-  cookieString.split(";").forEach((cookie) => {
-    const [rawKey, ...rawVal] = cookie.trim().split("=");
-    const key12 = rawKey.trim();
-    const value = rawVal.join("=").trim();
-    if (key12) cookieMap[key12] = value;
-  });
-  overrideArray.forEach((cookie) => {
-    const [rawKey, ...rawVal] = cookie.trim().split("=");
-    const key12 = rawKey.trim();
-    const value = rawVal.join("=").trim();
-    if (key12) cookieMap[key12] = value;
-  });
-  return Object.entries(cookieMap).map(([k, v]) => `${k}=${v}`).join("; ");
-}
+var X_NILE_TENANT = "nile-tenant-id";
+var X_NILE_ORIGIN = "nile-origin";
+var X_NILE_SECURECOOKIES = "nile-secure-cookies";
 // src/api/utils/request.ts
 async function request(url, _init, config) {
@@ -162,24 +189,33 @@ async function request(url, _init, config) {
       String(request2.headers.get(X_NILE_TENANT))
     );
   }
-  if (config.api.secureCookies != null) {
-    updatedHeaders.set(X_NILE_SECURECOOKIES, String(config.api.secureCookies));
+  if (config.secureCookies != null) {
+    updatedHeaders.set(X_NILE_SECURECOOKIES, String(config.secureCookies));
+  } else {
+    updatedHeaders.set(
+      X_NILE_SECURECOOKIES,
+      process.env.NODE_ENV === "production" ? "true" : "false"
+    );
   }
   updatedHeaders.set("host", requestUrl.host);
-  if (config.api.callbackUrl) {
-    const cbUrl = new URL(config.api.callbackUrl);
-    debug(
-      `Obtained origin from config.api.callbackUrl ${config.api.callbackUrl}`
-    );
+  if (config.callbackUrl) {
+    const cbUrl = new URL(config.callbackUrl);
+    debug(`Obtained origin from config.callbackUrl ${config.callbackUrl}`);
     updatedHeaders.set(X_NILE_ORIGIN, cbUrl.origin);
-  } else if (config.api.origin) {
-    debug(`Obtained origin from config.api.origin ${config.api.origin}`);
-    updatedHeaders.set(X_NILE_ORIGIN, config.api.origin);
+  } else if (config.origin) {
+    debug(`Obtained origin from config.origin ${config.origin}`);
+    updatedHeaders.set(X_NILE_ORIGIN, config.origin);
   } else {
-    updatedHeaders.set(X_NILE_ORIGIN, requestUrl.origin);
-    debug(`Obtained origin from request ${requestUrl.origin}`);
+    const passedOrigin = request2.headers.get(X_NILE_ORIGIN);
+    if (passedOrigin) {
+      updatedHeaders.set(X_NILE_ORIGIN, passedOrigin);
+    } else {
+      const reqOrigin = config.routePrefix !== DEFAULT_PREFIX ? `${requestUrl.origin}${config.routePrefix}` : requestUrl.origin;
+      updatedHeaders.set(X_NILE_ORIGIN, reqOrigin);
+      debug(`Obtained origin from request ${reqOrigin}`);
+    }
   }
-  const params = { ...init, headers: updatedHeaders };
+  const params = { ...init };
   if (params.method?.toLowerCase() === "post" || params.method?.toLowerCase() === "put") {
     try {
       updatedHeaders.set("content-type", "application/json");
@@ -193,28 +229,31 @@ async function request(url, _init, config) {
       params.body = initBody ?? requestBody;
     }
   }
+  params.headers = updatedHeaders;
   const fullUrl = `${url}${requestUrl.search}`;
+  if (config.debug) {
+    params.headers.set("request-id", crypto.randomUUID());
+    params.cache = "no-store";
+  }
   try {
-    setContext(updatedHeaders);
-    const res = await fetch(fullUrl, { ...params }).catch(
-      (e) => {
-        error("An error has occurred in the fetch", {
-          message: e.message,
-          stack: e.stack
-        });
-        return new Response(
-          "An unexpected (most likely configuration) problem has occurred",
-          { status: 500 }
-        );
-      }
-    );
+    const res = await fetch(fullUrl, {
+      ...params
+    }).catch((e) => {
+      error("An error has occurred in the fetch", {
+        message: e.message,
+        stack: e.stack
+      });
+      return new Response(
+        "An unexpected (most likely configuration) problem has occurred",
+        { status: 500 }
+      );
+    });
     const loggingRes = typeof res?.clone === "function" ? res?.clone() : null;
     info(`[${params.method ?? "GET"}] ${fullUrl}`, {
       status: res?.status,
       statusText: res?.statusText,
       text: await loggingRes?.text()
     });
-    setCookie(res?.headers);
     return res;
   } catch (e) {
     if (e instanceof Error) {
@@ -234,8 +273,8 @@ async function request(url, _init, config) {
 async function auth(req, config) {
   const { info, error } = Logger(config, "[nileauth]");
   info("checking auth");
-  const sessionUrl = `${config.api.basePath}/auth/session`;
-  info(`using session${sessionUrl}`);
+  const sessionUrl = `${config.apiUrl}/auth/session`;
+  info(`using session ${sessionUrl}`);
   req.headers.delete("content-length");
   const res = await request(sessionUrl, { request: req }, config);
   if (!res) {
@@ -254,962 +293,870 @@ async function auth(req, config) {
     return void 0;
   }
 }
-var getCallbackUrl = (cfg) => {
-  const { config } = cfg;
-  if (stringCheck(config?.api?.callbackUrl)) {
-    return config?.api?.callbackUrl;
-  }
-  return process.env.NILEDB_CALLBACK_URL;
-};
-var getSecureCookies = (cfg) => {
-  const { config } = cfg;
-  if (config?.api?.secureCookies != null) {
-    return config?.api?.secureCookies;
+// src/api/routes/me/index.ts
+var key = "ME";
+async function route(request2, config) {
+  const url = apiRoutes(config)[key];
+  if (request2.method === "GET") {
+    return await GET(url, { request: request2 }, config);
   }
-  if (stringCheck(process.env.NILEDB_SECURECOOKIES)) {
-    return Boolean(process.env.NILEDB_SECURECOOKIES);
+  if (request2.method === "PUT") {
+    return await PUT(url, { request: request2 }, config);
   }
-  return void 0;
-};
-var getDatabaseId = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[databaseId]");
-  if (stringCheck(config?.databaseId)) {
-    logger && info(`${logger}[config] ${config?.databaseId}`);
-    return String(config?.databaseId);
-  }
-  const dbFromEnv = stringCheck(process.env.NILEDB_ID);
-  if (dbFromEnv) {
-    logger && info(`${logger}[NILEDB_ID] ${dbFromEnv}`);
-    return dbFromEnv;
-  }
-  const dbId = stringCheck(process.env.NILEDB_API_URL);
-  if (dbId) {
-    try {
-      const pgUrl = new URL(dbId);
-      return pgUrl.pathname.split("/")[3];
-    } catch (e) {
+  if (request2.method === "DELETE") {
+    const session = await auth(request2, config);
+    if (!session) {
+      return new Response(null, { status: 401 });
     }
+    return await DELETE(url, { request: request2 }, config);
   }
-  return null;
-};
-var getUsername = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[username]");
-  if (config?.user) {
-    logger && info(`${logger}[config] ${config.user}`);
-    return String(config?.user);
-  }
-  const user = stringCheck(process.env.NILEDB_USER);
-  if (user) {
-    logger && info(`${logger}[NILEDB_USER] ${user}`);
-    return user;
-  }
-  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
-  if (pg2) {
-    try {
-      const url = new URL(pg2);
-      if (url.username) {
-        return url.username;
-      }
-    } catch (e) {
-    }
+  return new Response("method not allowed", { status: 405 });
+}
+function matches(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key]);
+}
+async function fetchMe(config, method, body) {
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/me" /* ME */}`;
+  const init = {
+    headers: config.headers,
+    method: method ?? "GET"
+  };
+  if (method === "PUT") {
+    init.body = body;
   }
-  return void 0;
-};
-var getPassword = (cfg) => {
-  const { config, logger } = cfg;
-  const log = logProtector(logger);
-  const { info } = Logger(config, "[password]");
-  if (stringCheck(config?.password)) {
-    log && info(`${logger}[config] ***`);
-    return String(config?.password);
+  const req = new Request(clientUrl, init);
+  if (method === "DELETE") {
+    return await config.handlers.DELETE(req);
   }
-  const pass = stringCheck(process.env.NILEDB_PASSWORD);
-  if (pass) {
-    logger && info(`${logger}[NILEDB_PASSWORD] ***`);
-    return pass;
+  if (method === "PUT") {
+    return await config.handlers.PUT(req);
   }
-  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
-  if (pg2) {
-    try {
-      const url = new URL(pg2);
-      if (url.password) {
-        return url.password;
-      }
-    } catch (e) {
+  return await config.handlers.GET(req);
+}
+async function DELETE(url, init, config) {
+  init.method = "DELETE";
+  return await request(url, init, config);
+}
+async function PUT(url, init, config) {
+  init.method = "PUT";
+  return await request(url, init, config);
+}
+async function GET(url, init, config) {
+  const res = await request(url, init, config);
+  return res;
+}
+// src/utils/fetch.ts
+function getTokenFromCookie(headers, cookieKey) {
+  const cookie = headers.get("cookie")?.split("; ");
+  const _cookies = {};
+  if (cookie) {
+    for (const parts of cookie) {
+      const cookieParts = parts.split("=");
+      const _cookie = cookieParts.slice(1).join("=");
+      const name = cookieParts[0];
+      _cookies[name] = _cookie;
     }
   }
-  return void 0;
-};
-var getToken = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[token]");
-  if (stringCheck(config?.api?.token)) {
-    logger && info(`${logger}[config] ${config?.api?.token}`);
-    return String(config?.api?.token);
-  }
-  const token = stringCheck(process.env.NILEDB_TOKEN);
-  if (token) {
-    logger && info(`${logger}[NILEDB_TOKEN] ${token}`);
-    return token;
-  }
-  return void 0;
-};
-var getDatabaseName = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[databaseName]");
-  if (stringCheck(config?.databaseName)) {
-    logger && info(`${logger}[config] ${config?.databaseName}`);
-    return String(config?.databaseName);
-  }
-  const name = stringCheck(process.env.NILEDB_NAME);
-  if (name) {
-    logger && info(`${logger}[NILEDB_NAME] ${name}`);
-    return name;
-  }
-  if (process.env.NILEDB_POSTGRES_URL) {
-    try {
-      const pgUrl = new URL(process.env.NILEDB_POSTGRES_URL);
-      return pgUrl.pathname.substring(1);
-    } catch (e) {
+  if (cookie) {
+    for (const parts of cookie) {
+      const cookieParts = parts.split("=");
+      const _cookie = cookieParts.slice(1).join("=");
+      const name = cookieParts[0];
+      _cookies[name] = _cookie;
     }
   }
-  return null;
-};
-var getTenantId = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[tenantId]");
-  if (stringCheck(config?.tenantId)) {
-    logger && info(`${logger}[config] ${config?.tenantId}`);
-    return String(config?.tenantId);
-  }
-  if (stringCheck(process.env.NILEDB_TENANT)) {
-    logger && info(`${logger}[NILEDB_TENANT] ${process.env.NILEDB_TENANT}`);
-    return String(process.env.NILEDB_TENANT);
+  {
+    return _cookies[cookieKey];
   }
-  return null;
-};
-var getCookieKey = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[cookieKey]");
-  if (stringCheck(config?.api?.cookieKey)) {
-    logger && info(`${logger}[config] ${config?.api?.cookieKey}`);
-    return String(config?.api?.cookieKey);
+}
+function getTenantFromHttp(headers, config) {
+  const cookieTenant = getTokenFromCookie(headers, X_NILE_TENANT);
+  return cookieTenant ?? headers?.get(X_NILE_TENANT) ?? config?.tenantId;
+}
+// src/api/routes/users/POST.ts
+async function POST(config, init) {
+  init.body = init.request.body;
+  init.method = "POST";
+  const yurl = new URL(init.request.url);
+  const tenantId = yurl.searchParams.get("tenantId");
+  const newTenantName = yurl.searchParams.get("newTenantName");
+  const tenant = tenantId ?? getTenantFromHttp(init.request.headers);
+  const url = apiRoutes(config).USERS({ tenantId: tenant, newTenantName });
+  return await request(url, init, config);
+}
+// src/api/routes/users/GET.ts
+async function GET2(config, init, log) {
+  const yurl = new URL(init.request.url);
+  const tenantId = yurl.searchParams.get("tenantId");
+  const tenant = tenantId ?? getTenantFromHttp(init.request.headers);
+  if (!tenant) {
+    log("[GET] No tenant id provided.");
+    return new Response(null, { status: 404 });
   }
-  if (stringCheck(process.env.NILEDB_COOKIE_KEY)) {
-    logger && info(`${logger}[NILEDB_COOKIE_KEY] ${process.env.NILEDB_COOKIE_KEY}`);
-    return String(process.env.NILEDB_COOKIE_KEY);
+  const url = apiRoutes(config).TENANT_USERS(tenant);
+  init.method = "GET";
+  return await request(url, init, config);
+}
+// src/api/routes/users/[userId]/PUT.ts
+async function PUT2(config, session, init) {
+  if (!session) {
+    return new Response(null, { status: 401 });
   }
-  return "token";
-};
-var getBasePath = (cfg) => {
-  const { config, logger } = cfg;
-  const { warn, info, error } = Logger(config, "[basePath]");
-  const basePath = config?.api?.basePath;
-  if (stringCheck(basePath)) {
-    logger && info(`${logger}[config] ${basePath}`);
-    return basePath;
-  }
-  const envUrl = stringCheck(process.env.NILEDB_API_URL);
-  if (envUrl) {
-    logger && info(`${logger}[NILEDB_API_URL] ${process.env.NILEDB_API_URL}`);
-    try {
-      const apiUrl = new URL(envUrl);
-      return apiUrl.href;
-    } catch (e) {
-      if (e instanceof Error) {
-        error(e.stack);
-      }
-    }
+  init.body = init.request.body;
+  init.method = "PUT";
+  const [userId] = new URL(init.request.url).pathname.split("/").reverse();
+  const url = apiRoutes(config).USER(userId);
+  return await request(url, init, config);
+}
+// src/api/routes/users/index.ts
+var key2 = "USERS";
+async function route2(request2, config) {
+  const { info } = Logger(
+    { ...config, debug: config.debug },
+    `[ROUTES][${key2}]`
+  );
+  const session = await auth(request2, config);
+  switch (request2.method) {
+    case "GET":
+      return await GET2(config, { request: request2 }, info);
+    case "POST":
+      return await POST(config, { request: request2 });
+    case "PUT":
+      return await PUT2(config, session, { request: request2 });
+    default:
+      return new Response("method not allowed", { status: 405 });
   }
-  warn("not set. Must run auto-configuration");
-  return void 0;
-};
-function getDbHost(cfg) {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[db.host]");
-  if (stringCheck(config?.db && config.db.host)) {
-    logger && info(`${logger}[config] ${config?.db?.host}`);
-    return String(config?.db?.host);
+}
+function matches2(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key2]);
+}
+// src/api/routes/tenants/[tenantId]/users/GET.ts
+async function GET3(config, init) {
+  const yurl = new URL(init.request.url);
+  const [, tenantId] = yurl.pathname.split("/").reverse();
+  const url = `${apiRoutes(config).TENANT_USERS(tenantId)}`;
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/[tenantId]/users/POST.ts
+async function POST2(config, session, init) {
+  const yurl = new URL(init.request.url);
+  const [, tenantId] = yurl.pathname.split("/").reverse();
+  init.body = JSON.stringify({ email: session.email });
+  init.method = "POST";
+  const url = apiRoutes(config).TENANT_USERS(tenantId);
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/[tenantId]/users/index.ts
+var key3 = "TENANT_USERS";
+async function route3(request2, config) {
+  const { info } = Logger(
+    { ...config, debug: config.debug },
+    `[ROUTES][${key3}]`
+  );
+  const session = await auth(request2, config);
+  if (!session) {
+    info("401");
+    return new Response(null, { status: 401 });
   }
-  if (stringCheck(process.env.NILEDB_HOST)) {
-    logger && info(`${logger}[NILEDB_HOST] ${process.env.NILEDB_HOST}`);
-    return process.env.NILEDB_HOST;
+  const yurl = new URL(request2.url);
+  const [, tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    info("No tenant id found in path");
+    return new Response(null, { status: 404 });
   }
-  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
-  if (pg2) {
-    try {
-      const pgUrl = new URL(pg2);
-      logger && info(`${logger}[NILEDB_POSTGRES_URL] ${pgUrl.hostname}`);
-      return pgUrl.hostname;
-    } catch (e) {
-    }
+  switch (request2.method) {
+    case "GET":
+      return await GET3(config, { request: request2 });
+    case "POST":
+      return await POST2(config, session, { request: request2 });
+    default:
+      return new Response("method not allowed", { status: 405 });
   }
-  logger && info(`${logger}[default] db.thenile.dev`);
-  return "db.thenile.dev";
 }
-function getDbPort(cfg) {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[db.port]");
-  if (config?.db?.port && config.db.port != null) {
-    logger && info(`${logger}[config] ${config?.db.port}`);
-    return Number(config.db?.port);
+function matches3(configRoutes, request2) {
+  const url = new URL(request2.url);
+  const [userId, possibleTenantId, tenantId] = url.pathname.split("/").reverse();
+  let route17 = configRoutes[key3].replace("{tenantId}", tenantId).replace("{userId}", userId);
+  if (userId === "users") {
+    route17 = configRoutes[key3].replace("{tenantId}", possibleTenantId);
   }
-  if (stringCheck(process.env.NILEDB_PORT)) {
-    logger && info(`${logger}[NILEDB_PORT] ${process.env.NILEDB_PORT}`);
-    return Number(process.env.NILEDB_PORT);
+  return urlMatches(request2.url, route17);
+}
+async function fetchTenantUsers(config, method, payload) {
+  const { body, params } = {};
+  if (!config.tenantId) {
+    throw new Error(
+      'Unable to fetch tenant, the tenantId context is missing. Call nile.setContext({ tenantId }), set nile.tenantId = "tenantId", or add it to the function call'
+    );
   }
-  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
-  if (pg2) {
-    try {
-      const pgUrl = new URL(pg2);
-      if (pgUrl.port) {
-        return Number(pgUrl.port);
-      }
-    } catch (e) {
-    }
+  if (!isUUID(config.tenantId) && config.logger?.warn) {
+    config.logger?.warn(
+      "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
+    );
   }
-  logger && info(`${logger}[default] 5432`);
-  return 5432;
+  const q = new URLSearchParams();
+  if (params?.newTenantName) {
+    q.set("newTenantName", params.newTenantName);
+  }
+  if (params?.tenantId) {
+    q.set("tenantId", params.tenantId);
+  }
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/users" /* TENANT_USERS */.replace(
+    "{tenantId}",
+    config.tenantId
+  )}`;
+  const m = method;
+  const init = {
+    method: m,
+    headers: config.headers
+  };
+  const req = new Request(clientUrl, init);
+  return await config.handlers[m](req);
 }
-var logProtector = (logger) => {
-  return process.env.NODE_ENV === "development" || process.env.NODE_ENV === "test" ? logger : null;
-};
-var stringCheck = (str) => {
-  if (str && str !== "") {
-    return str;
+// src/api/routes/tenants/GET.ts
+async function GET4(config, session, init) {
+  let url = `${apiRoutes(config).USER_TENANTS(session.id)}`;
+  if (typeof session === "object" && "user" in session && session.user) {
+    url = `${apiRoutes(config).USER_TENANTS(session.user.id)}`;
   }
-  return;
-};
+  const res = await request(url, init, config);
+  return res;
+}
-// src/utils/Config/index.ts
-var ApiConfig = class {
-  cookieKey;
-  basePath;
-  routes;
-  routePrefix;
-  secureCookies;
-  origin;
-  /**
-   * The client side callback url. Defaults to nothing (so nile.origin will be it), but in the cases of x-origin, you want to set this explicitly to be sure nile-auth does the right thing
-   * If this is set, any `callbackUrl` from the client will be ignored.
-   */
-  callbackUrl;
-  #token;
-  constructor(config, logger) {
-    const envVarConfig = { config, logger };
-    this.cookieKey = getCookieKey(envVarConfig);
-    this.#token = getToken(envVarConfig);
-    this.callbackUrl = getCallbackUrl(envVarConfig);
-    this.secureCookies = getSecureCookies(envVarConfig);
-    this.basePath = getBasePath(envVarConfig);
-    this.routes = config?.api?.routes;
-    this.routePrefix = config?.api?.routePrefix;
-    this.origin = config?.api?.origin;
+// src/api/routes/tenants/[tenantId]/GET.ts
+async function GET5(config, init, log) {
+  const yurl = new URL(init.request.url);
+  const [tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    log("[GET] No tenant id provided.");
+    return new Response(null, { status: 404 });
   }
-  get token() {
-    return this.#token;
+  init.method = "GET";
+  const url = `${apiRoutes(config).TENANT(tenantId)}`;
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/[tenantId]/DELETE.ts
+async function DELETE2(config, init) {
+  const yurl = new URL(init.request.url);
+  const [tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
   }
-  set token(value) {
-    this.#token = value;
+  init.method = "DELETE";
+  const url = `${apiRoutes(config).TENANT(tenantId)}`;
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/[tenantId]/PUT.ts
+async function PUT3(config, init) {
+  const yurl = new URL(init.request.url);
+  const [tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
   }
-};
-var Config = class {
-  user;
-  password;
-  databaseId;
-  databaseName;
-  logger;
-  debug;
-  db;
-  api;
-  #tenantId;
-  #userId;
-  get tenantId() {
-    return this.#tenantId;
+  init.body = init.request.body;
+  init.method = "PUT";
+  const url = `${apiRoutes(config).TENANT(tenantId)}`;
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/POST.ts
+async function POST3(config, init) {
+  init.body = init.request.body;
+  init.method = "POST";
+  const url = `${apiRoutes(config).TENANTS}`;
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/index.ts
+var key4 = "TENANTS";
+async function route4(request2, config) {
+  const { info } = Logger(
+    { ...config, debug: config.debug },
+    `[ROUTES][${key4}]`
+  );
+  const session = await auth(request2, config);
+  if (!session) {
+    info("401");
+    return new Response(null, { status: 401 });
+  }
+  const [possibleTenantId] = request2.url.split("/").reverse();
+  switch (request2.method) {
+    case "GET":
+      if (isUUID(possibleTenantId)) {
+        return await GET5(config, { request: request2 }, info);
+      }
+      return await GET4(config, session, { request: request2 });
+    case "POST":
+      return await POST3(config, { request: request2 });
+    case "DELETE":
+      return await DELETE2(config, { request: request2 });
+    case "PUT":
+      return await PUT3(config, { request: request2 });
+    default:
+      return new Response("method not allowed", { status: 405 });
+  }
+}
+function matches4(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key4]);
+}
+async function fetchTenants(config, method, body) {
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants" /* TENANTS */}`;
+  const init = {
+    method,
+    headers: config.headers
+  };
+  {
+    init.body = body;
   }
-  set tenantId(value) {
-    this.#tenantId = value;
+  const req = new Request(clientUrl, init);
+  return await config.handlers.POST(req);
+}
+async function fetchTenant(config, method, body) {
+  if (!config.tenantId) {
+    throw new Error(
+      'Unable to fetch tenant, the tenantId context is missing. Call nile.setContext({ tenantId }), set nile.tenantId = "tenantId", or add it to the function call'
+    );
   }
-  get userId() {
-    return this.#userId;
+  if (!isUUID(config.tenantId) && config.logger?.warn) {
+    config.logger?.warn(
+      "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
+    );
   }
-  set userId(value) {
-    this.#userId = value;
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}" /* TENANT */.replace("{tenantId}", config.tenantId)}`;
+  const m = method ?? "GET";
+  const init = {
+    method: m,
+    headers: config.headers
+  };
+  if (m === "PUT") {
+    init.body = body;
   }
-  constructor(config, logger) {
-    const envVarConfig = { config, logger };
-    this.user = getUsername(envVarConfig);
-    this.logger = config?.logger;
-    this.password = getPassword(envVarConfig);
-    if (process.env.NODE_ENV !== "TEST") {
-      if (!this.user) {
-        throw new Error(
-          "User is required. Set NILEDB_USER as an environment variable or set `user` in the config options."
-        );
-      }
-      if (!this.password) {
-        throw new Error(
-          "Password is required. Set NILEDB_PASSWORD as an environment variable or set `password` in the config options."
-        );
-      }
-    }
-    this.databaseId = getDatabaseId(envVarConfig);
-    this.databaseName = getDatabaseName(envVarConfig);
-    this.#tenantId = getTenantId(envVarConfig);
-    this.debug = Boolean(config?.debug);
-    this.#userId = config?.userId;
-    const { host, port, ...dbConfig } = config?.db ?? {};
-    const configuredHost = host ?? getDbHost(envVarConfig);
-    const configuredPort = port ?? getDbPort(envVarConfig);
-    this.api = new ApiConfig(config, logger);
-    this.db = {
-      user: this.user,
-      password: this.password,
-      host: configuredHost,
-      port: configuredPort,
-      ...dbConfig
-    };
-    if (this.databaseName) {
-      this.db.database = this.databaseName;
+  const req = new Request(clientUrl, init);
+  return await config.handlers[m](req);
+}
+async function fetchTenantsByUser(config) {
+  if (config.logger?.warn) {
+    if (!config.userId) {
+      config.logger?.warn(
+        "nile.userId is not set. The call will still work for the API, but the database context is not set properly and may lead to unexpected behavior in your application."
+      );
+    } else if (!isUUID(config.userId)) {
+      config.logger?.warn(
+        "nile.userId is not a valid UUID. This may lead to unexpected behavior in your application."
+      );
     }
   }
-};
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/users/{userId}/tenants" /* USER_TENANTS */.replace(
+    "{userId}",
+    config.userId ?? "WARN_NOT_SET"
+  )}`;
+  const req = new Request(clientUrl, { headers: config.headers });
+  return await config.handlers.GET(req);
+}
-// src/utils/Event/index.ts
-var Eventer = class {
-  events = {};
-  // Publish event and notify all subscribers
-  publish(eventName, value) {
-    const callbackList = this.events[eventName];
-    if (callbackList) {
-      for (const callback of callbackList) {
-        callback(value);
-      }
-    }
-  }
-  // Subscribe to events
-  subscribe(eventName, callback) {
-    if (!this.events[eventName]) {
-      this.events[eventName] = [];
-    }
-    this.events[eventName].push(callback);
-  }
-  // Unsubscribe from an event
-  unsubscribe(eventName, callback) {
-    const callbackList = this.events[eventName];
-    if (!callbackList) {
-      return;
-    }
-    const index = callbackList.indexOf(callback);
-    if (index !== -1) {
-      callbackList.splice(index, 1);
-    }
-    if (callbackList.length === 0) {
-      delete this.events[eventName];
-    }
+// src/api/routes/auth/signin.ts
+var key5 = "SIGNIN";
+async function route5(req, config) {
+  let url = proxyRoutes(config)[key5];
+  const init = {
+    method: req.method,
+    headers: req.headers
+  };
+  if (req.method === "POST") {
+    const [provider] = new URL(req.url).pathname.split("/").reverse();
+    url = `${proxyRoutes(config)[key5]}/${provider}`;
   }
-};
-var eventer = new Eventer();
-var updateTenantId = (tenantId) => {
-  eventer.publish("tenantId" /* Tenant */, tenantId);
-};
-var watchTenantId = (cb) => eventer.subscribe("tenantId" /* Tenant */, cb);
-var updateUserId = (userId) => {
-  eventer.publish("userId" /* User */, userId);
-};
-var watchUserId = (cb) => eventer.subscribe("userId" /* User */, cb);
-var watchToken = (cb) => eventer.subscribe("token" /* Token */, cb);
-var watchEvictPool = (cb) => eventer.subscribe("EvictPool" /* EvictPool */, cb);
-var evictPool = (val) => {
-  eventer.publish("EvictPool" /* EvictPool */, val);
-};
+  const passThroughUrl = new URL(req.url);
+  const params = new URLSearchParams(passThroughUrl.search);
+  url = `${url}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
+  const res = await request(url, { ...init, request: req }, config);
+  return res;
+}
+function matches5(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key5]);
+}
+async function fetchSignIn(config, provider, body) {
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/signin" /* SIGNIN */}/${provider}`;
+  const req = new Request(clientUrl, {
+    method: "POST",
+    headers: config.headers,
+    body
+  });
+  return await config.handlers.POST(req);
+}
-// src/db/PoolProxy.ts
-function createProxyForPool(pool, config) {
-  const { info, error } = Logger(config, "[pool]");
-  return new Proxy(pool, {
-    get(target, property) {
-      if (property === "query") {
-        if (!config.db.connectionString) {
-          if (!config.user || !config.password) {
-            error(
-              "Cannot connect to the database. User and/or password are missing. Generate them at https://console.thenile.dev"
-            );
-          } else if (!config.db.database) {
-            error(
-              "Database name is missing from the config. Call `nile.init()` or set NILEDB_ID in your .env"
-            );
-          }
-        }
-        const caller = target[property];
-        return function query(...args) {
-          info("query", ...args);
-          const called = caller.apply(this, args);
-          return called;
-        };
-      }
-      return target[property];
-    }
+// src/api/routes/auth/session.ts
+async function route6(req, config) {
+  return request(
+    proxyRoutes(config).SESSION,
+    {
+      method: req.method,
+      request: req
+    },
+    config
+  );
+}
+function matches6(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes.SESSION);
+}
+async function fetchSession(config) {
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/session" /* SESSION */}`;
+  const req = new Request(clientUrl, {
+    method: "GET",
+    headers: config.headers
   });
+  return await config.handlers.GET(req);
 }
-// src/db/NileInstance.ts
-var NileDatabase = class {
-  pool;
-  tenantId;
-  userId;
-  id;
-  config;
-  timer;
-  constructor(config, id) {
-    const { warn, info, debug } = Logger(config, "[NileInstance]");
-    this.id = id;
-    const poolConfig = {
-      min: 0,
-      max: 10,
-      idleTimeoutMillis: 3e4,
-      ...config.db
-    };
-    const { afterCreate, ...remaining } = poolConfig;
-    config.db = poolConfig;
-    this.config = config;
-    const cloned = { ...this.config.db };
-    cloned.password = "***";
-    debug(`Connection pool config ${JSON.stringify(cloned)}`);
-    this.pool = createProxyForPool(new pg.Pool(remaining), this.config);
-    if (typeof afterCreate === "function") {
-      warn(
-        "Providing an pool configuration will stop automatic tenant context setting."
-      );
-    }
-    this.startTimeout();
-    this.pool.on("connect", async (client) => {
-      debug(`pool connected ${this.id}`);
-      this.startTimeout();
-      const afterCreate2 = makeAfterCreate(
-        config,
-        `${this.id}-${this.timer}`
-      );
-      afterCreate2(client, (err) => {
-        const { error } = Logger(config, "[after create callback]");
-        if (err) {
-          clearTimeout(this.timer);
-          error("after create failed", {
-            message: err.message,
-            stack: err.stack
-          });
-          evictPool(this.id);
-        }
-      });
+// src/api/routes/auth/providers.ts
+async function route7(req, config) {
+  return request(
+    proxyRoutes(config).PROVIDERS,
+    {
+      method: req.method,
+      request: req
+    },
+    config
+  );
+}
+function matches7(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes.PROVIDERS);
+}
+async function fetchProviders(config) {
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/providers" /* PROVIDERS */}`;
+  const req = new Request(clientUrl, {
+    method: "GET",
+    headers: config.headers
+  });
+  return await config.handlers.GET(req);
+}
+// src/api/routes/auth/csrf.ts
+async function route8(req, config) {
+  return request(
+    proxyRoutes(config).CSRF,
+    {
+      method: req.method,
+      request: req
+    },
+    config
+  );
+}
+function matches8(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes.CSRF);
+}
+async function fetchCsrf(config) {
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/csrf" /* CSRF */}`;
+  const req = new Request(clientUrl, {
+    method: "GET",
+    headers: config.headers
+  });
+  return await config.handlers.GET(req);
+}
+// src/api/routes/auth/callback.ts
+var key6 = "CALLBACK";
+async function route9(req, config) {
+  const { error } = Logger(
+    { ...config, debug: config.debug },
+    `[ROUTES][${key6}]`
+  );
+  const [provider] = new URL(req.url).pathname.split("/").reverse();
+  try {
+    const passThroughUrl = new URL(req.url);
+    const params = new URLSearchParams(passThroughUrl.search);
+    const url = `${proxyRoutes(config)[key6]}/${provider}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
+    const res = await request(
+      url,
+      {
+        request: req,
+        method: req.method
+      },
+      config
+    ).catch((e) => {
+      error("an error as occurred", e);
     });
-    this.pool.on("error", (err) => {
-      clearTimeout(this.timer);
-      info(`pool ${this.id} failed`, {
-        message: err.message,
-        stack: err.stack
+    const location = res?.headers.get("location");
+    if (location) {
+      return new Response(res?.body, {
+        status: 302,
+        headers: res?.headers
       });
-      evictPool(this.id);
-    });
-    this.pool.on("release", (destroy) => {
-      if (destroy) {
-        clearTimeout(this.timer);
-        evictPool(this.id);
-        debug(`destroying pool ${this.id}`);
-      }
-    });
-  }
-  startTimeout() {
-    const { debug } = Logger(this.config, "[NileInstance]");
-    if (this.timer) {
-      clearTimeout(this.timer);
     }
-    this.timer = setTimeout(() => {
-      debug(
-        `Pool reached idleTimeoutMillis. ${this.id} evicted after ${Number(this.config.db.idleTimeoutMillis) ?? 3e4}ms`
-      );
-      this.pool.end(() => {
-        clearTimeout(this.timer);
-        evictPool(this.id);
-      });
-    }, Number(this.config.db.idleTimeoutMillis) ?? 3e4);
-  }
-  shutdown() {
-    const { debug } = Logger(this.config, "[NileInstance]");
-    debug(`attempting to shut down ${this.id}`);
-    clearTimeout(this.timer);
-    this.pool.end(() => {
-      debug(`${this.id} has been shut down`);
+    return new Response(res?.body, {
+      status: res?.status,
+      headers: res?.headers
     });
+  } catch (e) {
+    error(e);
   }
-};
-var NileInstance_default = NileDatabase;
-function makeAfterCreate(config, id) {
-  const { error, warn, debug } = Logger(config, "[afterCreate]");
-  return (conn, done) => {
-    conn.on("error", function errorHandler(e) {
-      error(`Connection ${id} was terminated by server`, {
-        message: e.message,
-        stack: e.stack
-      });
-      done(e, conn);
-    });
-    if (config.tenantId) {
-      const query = [`SET nile.tenant_id = '${config.tenantId}'`];
-      if (config.userId) {
-        if (!config.tenantId) {
-          warn("A user id cannot be set in context without a tenant id");
-        }
-        query.push(`SET nile.user_id = '${config.userId}'`);
-      }
-      conn.query(query.join(";"), function(err) {
-        if (err) {
-          error("query connection failed", {
-            cause: err.cause,
-            stack: err.stack,
-            message: err.message,
-            name: err.name,
-            id
-          });
-        } else {
-          if (query.length === 1) {
-            debug(`connection context set: tenantId=${config.tenantId}`);
-          }
-          if (query.length === 2) {
-            debug(
-              `connection context set: tenantId=${config.tenantId} userId=${config.userId}`
-            );
-          }
-        }
-        done(err, conn);
-      });
-    }
-    done(null, conn);
-  };
+  return new Response("An unexpected error has occurred.", { status: 400 });
+}
+function matches9(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes.CALLBACK);
+}
+async function fetchCallback(config, provider, body, request2, method = "POST") {
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/callback" /* CALLBACK */}/${provider}${request2 ? `?${new URL(request2.url).searchParams}` : ""}`;
+  const req = new Request(clientUrl, {
+    method,
+    headers: config.headers,
+    body
+  });
+  return await config.handlers.POST(req);
 }
-// src/db/DBManager.ts
-var DBManager = class {
-  connections;
-  cleared;
-  poolWatcherFn;
-  makeId(tenantId, userId) {
-    if (tenantId && userId) {
-      return `${tenantId}:${userId}`;
-    }
-    if (tenantId) {
-      return `${tenantId}`;
-    }
-    return "base";
-  }
-  constructor(config) {
-    this.cleared = false;
-    this.connections = /* @__PURE__ */ new Map();
-    this.poolWatcherFn = this.poolWatcher(config);
-    watchEvictPool(this.poolWatcherFn);
-  }
-  poolWatcher = (config) => (id) => {
-    const { info, warn } = Logger(config, "[DBManager]");
-    if (id && this.connections.has(id)) {
-      info(`Removing ${id} from db connection pool.`);
-      const connection = this.connections.get(id);
-      connection?.shutdown();
-      this.connections.delete(id);
-    } else {
-      warn(`missed eviction of ${id}`);
-    }
-  };
-  getConnection = (config) => {
-    const { info } = Logger(config, "[DBManager]");
-    const id = this.makeId(config.tenantId, config.userId);
-    const existing = this.connections.get(id);
-    info(`# of instances: ${this.connections.size}`);
-    if (existing) {
-      info(`returning existing ${id}`);
-      existing.startTimeout();
-      return existing.pool;
-    }
-    const newOne = new NileInstance_default(new Config(config), id);
-    this.connections.set(id, newOne);
-    info(`created new ${id}`);
-    info(`# of instances: ${this.connections.size}`);
-    if (this.cleared) {
-      this.cleared = false;
-    }
-    return newOne.pool;
-  };
-  clear = (config) => {
-    const { info } = Logger(config, "[DBManager]");
-    info(`Clearing all connections ${this.connections.size}`);
-    this.cleared = true;
-    this.connections.forEach((connection) => {
-      connection.shutdown();
-    });
-    this.connections.clear();
+// src/api/routes/auth/signout.ts
+var key7 = "SIGNOUT";
+async function route10(request2, config) {
+  let url = proxyRoutes(config)[key7];
+  const init = {
+    method: request2.method
   };
-};
-// src/api/utils/routes/makeRestUrl.ts
-var NILEDB_API_URL = process.env.NILEDB_API_URL;
-function filterNullUndefined(obj) {
-  if (!obj) {
-    return void 0;
+  if (request2.method === "POST") {
+    init.body = request2.body;
+    const [provider] = new URL(request2.url).pathname.split("/").reverse();
+    url = `${proxyRoutes(config)[key7]}${provider !== "signout" ? `/${provider}` : ""}`;
   }
-  return Object.fromEntries(
-    Object.entries(obj).filter(
-      ([, value]) => value !== null && value !== void 0
-    )
-  );
+  const res = await request(url, { ...init, request: request2 }, config);
+  return res;
 }
-function makeRestUrl(config, path, qp) {
-  const url = config.api.basePath || NILEDB_API_URL;
-  if (!url) {
-    throw new Error(
-      "An API url is required. Set it via NILEDB_API_URL. Was auto configuration run?"
-    );
-  }
-  const params = new URLSearchParams(
-    filterNullUndefined(qp)
-  );
-  const strParams = params.toString();
-  return `${[url, path.substring(1, path.length)].join("/")}${strParams ? `?${strParams}` : ""}`;
+function matches10(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key7]);
 }
-// src/api/utils/routes/apiRoutes.ts
-var apiRoutes = (config) => ({
-  ME: makeRestUrl(config, "/me"),
-  USERS: (qp) => makeRestUrl(config, "/users", qp),
-  USER: (userId) => makeRestUrl(config, `/users/${userId}`),
-  TENANTS: makeRestUrl(config, "/tenants"),
-  TENANT: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}`),
-  SIGNUP: makeRestUrl(config, "/signup"),
-  TENANT_USERS: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/users`),
-  TENANT_USER: (tenantId, userId) => makeRestUrl(config, `/tenants/${tenantId}/users/${userId}`),
-  USER_TENANTS: (userId) => makeRestUrl(config, `/users/${userId}/tenants`)
-});
-// src/api/routes/me/index.ts
-var key = "ME";
-async function GET(url, init, config) {
-  const res = await request(url, init, config);
-  return res;
+async function fetchSignOut(config, body) {
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/signout" /* SIGNOUT */}`;
+  const req = new Request(clientUrl, {
+    method: "POST",
+    body,
+    headers: config.headers
+  });
+  return await config.handlers.POST(req);
 }
-async function route(request2, config) {
-  const url = apiRoutes(config)[key];
-  switch (request2.method) {
-    case "GET":
-      return await GET(url, { request: request2 }, config);
-    default:
-      return new Response("method not allowed", { status: 405 });
-  }
+// src/api/routes/auth/error.ts
+var key8 = "ERROR";
+async function route11(req, config) {
+  return request(
+    proxyRoutes(config)[key8],
+    {
+      method: req.method,
+      request: req
+    },
+    config
+  );
 }
-function matches(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key]);
+function matches11(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key8]);
 }
-// src/utils/ResponseError.ts
-var ResponseError = class {
-  response;
-  constructor(body, init) {
-    this.response = new Response(body, init);
-  }
-};
+// src/api/routes/auth/verify-request.ts
+var key9 = "VERIFY_REQUEST";
+async function route12(req, config) {
+  return request(
+    proxyRoutes(config)[key9],
+    {
+      method: req.method,
+      request: req
+    },
+    config
+  );
+}
+function matches12(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key9]);
+}
-// src/utils/fetch.ts
-function getTokenFromCookie(headers, cookieKey) {
-  const cookie = headers.get("cookie")?.split("; ") ?? getCookie()?.split("; ");
-  const _cookies = {};
-  if (cookie) {
-    for (const parts of cookie) {
-      const cookieParts = parts.split("=");
-      const _cookie = cookieParts.slice(1).join("=");
-      const name = cookieParts[0];
-      _cookies[name] = _cookie;
-    }
-  }
-  if (cookie) {
-    for (const parts of cookie) {
-      const cookieParts = parts.split("=");
-      const _cookie = cookieParts.slice(1).join("=");
-      const name = cookieParts[0];
-      _cookies[name] = _cookie;
-    }
-  }
-  if (cookieKey) {
-    return _cookies[cookieKey];
+// src/api/routes/auth/password-reset.ts
+var key10 = "PASSWORD_RESET";
+async function route13(req, config) {
+  const url = proxyRoutes(config)[key10];
+  const res = await request(
+    url,
+    {
+      method: req.method,
+      request: req
+    },
+    config
+  );
+  const location = res?.headers.get("location");
+  if (location) {
+    return new Response(res?.body, {
+      status: 302,
+      headers: res?.headers
+    });
   }
-  return null;
+  return new Response(res?.body, {
+    status: res?.status,
+    headers: res?.headers
+  });
 }
-function getTenantFromHttp(headers, config) {
-  const cookieTenant = getTokenFromCookie(headers, X_NILE_TENANT);
-  return cookieTenant ?? headers?.get(X_NILE_TENANT) ?? config?.tenantId;
+function matches13(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes.PASSWORD_RESET);
 }
-function getUserFromHttp(headers, config) {
-  const token = getTokenFromCookie(headers, config.api.cookieKey);
-  if (token) {
-    const jwt = decodeJwt(token);
-    return jwt.sub;
-  }
-  return headers?.get(X_NILE_USER_ID) ?? config.userId;
-}
-function makeBasicHeaders(config, url, opts) {
-  const { warn, error } = Logger(config, "[headers]");
-  const headers = new Headers(opts?.headers);
-  headers.set("content-type", "application/json; charset=utf-8");
-  const cookieKey = config.api?.cookieKey;
-  const authHeader = headers.get("Authorization");
-  if (!authHeader) {
-    const token = getTokenFromCookie(headers, cookieKey);
-    if (token) {
-      headers.set("Authorization", `Bearer ${token}`);
-    } else if (getToken({ config })) {
-      headers.set("Authorization", `Bearer ${getToken({ config })}`);
-    }
-  }
-  const cookie = headers.get("cookie");
-  if (!cookie) {
-    const contextCookie = getCookie();
-    if (contextCookie) {
-      headers.set("cookie", contextCookie);
-    } else {
-      if (!url.endsWith("/users")) {
-        error(
-          "Missing cookie header from request. Call nile.api.setContext(request) before making additional calls."
-        );
-      }
-    }
-  }
-  if (config && config.api.secureCookies != null) {
-    headers.set(X_NILE_SECURECOOKIES, String(config.api.secureCookies));
+async function fetchResetPassword(config, method, body, params) {
+  const authParams = new URLSearchParams(params ?? {});
+  authParams?.set("json", "true");
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/reset-password" /* PASSWORD_RESET */}?${authParams?.toString()}`;
+  const init = {
+    method,
+    headers: config.headers
+  };
+  if (body && method !== "GET") {
+    init.body = body;
   }
-  const savedOrigin = getOrigin();
-  if (config && config.api.origin) {
-    headers.set(X_NILE_ORIGIN, config.api.origin);
-  } else if (savedOrigin) {
-    headers.set(X_NILE_ORIGIN, savedOrigin);
-  } else {
-    warn(
-      "nile.origin missing from header, which defaults to secure cookies only."
-    );
-  }
-  return headers;
-}
-async function _fetch(config, path, opts) {
-  const { debug, error } = Logger(config, "[server]");
-  const url = `${config.api?.basePath}${path}`;
-  const headers = new Headers(opts?.headers);
-  const tenantId = getTenantFromHttp(headers, config);
-  const basicHeaders = makeBasicHeaders(config, url, opts);
-  updateTenantId(tenantId);
-  const userId = getUserFromHttp(headers, config);
-  updateUserId(userId);
-  if (url.includes("{tenantId}") && !tenantId) {
-    return new ResponseError("tenantId is not set for request", {
-      status: 400
+  const req = new Request(clientUrl, init);
+  return await config.handlers[method](req);
+}
+// src/api/routes/auth/verify-email.ts
+var key11 = "VERIFY_EMAIL";
+async function route14(req, config) {
+  const url = proxyRoutes(config)[key11];
+  const res = await request(
+    url,
+    {
+      method: req.method,
+      request: req
+    },
+    config
+  );
+  const location = res?.headers.get("location");
+  if (location) {
+    return new Response(res?.body, {
+      status: 302,
+      headers: res?.headers
     });
   }
-  const useableUrl = url.replace("{tenantId}", encodeURIComponent(String(tenantId))).replace("{userId}", encodeURIComponent(String(userId)));
-  debug(`[fetch] ${useableUrl}`);
-  try {
-    const response = await fetch(useableUrl, {
-      ...opts,
-      headers: basicHeaders
-    }).catch((e) => {
-      error("[fetch][response]", {
-        message: e.message,
-        stack: e.stack,
-        debug: "Is nile-auth running?"
-      });
-      return new Error(e);
-    });
-    if (response instanceof Error) {
-      return new ResponseError("Failed to connect to database", {
-        status: 400
-      });
+  return new Response(res?.body, {
+    status: res?.status,
+    headers: res?.headers
+  });
+}
+function matches14(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key11]);
+}
+async function fetchVerifyEmail(config, method, body) {
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/verify-email" /* VERIFY_EMAIL */}`;
+  const init = {
+    method,
+    headers: config.headers
+  };
+  if (body) {
+    init.body = body;
+  }
+  const req = new Request(clientUrl, init);
+  return await config.handlers[method](req);
+}
+// src/api/handlers/GET.ts
+function GETTER(configRoutes, config) {
+  const { info, warn } = Logger(config, "[GET MATCHER]");
+  return async function GET6(req) {
+    if (matches(configRoutes, req)) {
+      info("matches me");
+      return route(req, config);
     }
-    if (response && response.status >= 200 && response.status < 300) {
-      if (typeof response.clone === "function") {
-        try {
-          debug(
-            `[fetch][response][${opts?.method ?? "GET"}] ${response.status} ${useableUrl}`,
-            {
-              body: await response.clone().json()
-            }
-          );
-        } catch (e) {
-          debug(
-            `[fetch][response][${opts?.method ?? "GET"}] ${response.status} ${useableUrl}`,
-            {
-              body: await response.clone().text()
-            }
-          );
-        }
-      }
-      return response;
+    if (matches3(configRoutes, req)) {
+      info("matches tenant users");
+      return route3(req, config);
     }
-    if (response?.status === 404) {
-      return new ResponseError("Not found", { status: 404 });
+    if (matches2(configRoutes, req)) {
+      info("matches users");
+      return route2(req, config);
     }
-    if (response?.status === 401) {
-      return new ResponseError("Unauthorized", { status: 401 });
+    if (matches4(configRoutes, req)) {
+      info("matches tenants");
+      return route4(req, config);
     }
-    if (response?.status === 405) {
-      return new ResponseError("Method not allowed", { status: 405 });
+    if (matches6(configRoutes, req)) {
+      info("matches session");
+      return route6(req, config);
     }
-    const errorHandler = typeof response?.clone === "function" ? response.clone() : null;
-    let msg = "";
-    const res = await response?.json().catch(async (e) => {
-      if (errorHandler) {
-        msg = await errorHandler.text();
-        if (msg) {
-          error(`[fetch][response][status: ${errorHandler.status}]`, {
-            message: msg
-          });
-        }
-        return e;
-      }
-      if (!msg) {
-        error("[fetch][response]", { e });
-      }
-      return e;
-    });
-    if (msg) {
-      return new ResponseError(msg, { status: errorHandler?.status });
-    }
-    if (res && "message" in res) {
-      const { message } = res;
-      error(`[fetch][response][status: ${errorHandler?.status}] ${message}`);
-      return new ResponseError(message, { status: 400 });
-    }
-    if (res && "errors" in res) {
-      const {
-        errors: [message]
-      } = res;
-      error(`[fetch][response] [status: ${errorHandler?.status}] ${message}`);
-      return new ResponseError(message, { status: 400 });
-    }
-    error(
-      `[fetch][response][status: ${errorHandler?.status}] UNHANDLED ERROR`,
-      {
-        response,
-        message: await response.text()
-      }
-    );
-    return new ResponseError(null, {
-      status: response?.status ?? 500
-    });
-  } catch (e) {
-    return new ResponseError("an unexpected error has occurred", {
-      status: 500
-    });
-  }
-}
-// src/api/routes/users/POST.ts
-async function POST(config, init) {
-  init.body = init.request.body;
-  init.method = "POST";
-  const yurl = new URL(init.request.url);
-  const tenantId = yurl.searchParams.get("tenantId");
-  const newTenantName = yurl.searchParams.get("newTenantName");
-  const tenant = tenantId ?? getTenantFromHttp(init.request.headers);
-  const url = apiRoutes(config).USERS({ tenantId: tenant, newTenantName });
-  return await request(url, init, config);
-}
-// src/api/routes/users/GET.ts
-async function GET2(config, init, log) {
-  const yurl = new URL(init.request.url);
-  const tenantId = yurl.searchParams.get("tenantId");
-  const tenant = tenantId ?? getTenantFromHttp(init.request.headers);
-  if (!tenant) {
-    log("[GET] No tenant id provided.");
+    if (matches5(configRoutes, req)) {
+      info("matches signin");
+      return route5(req, config);
+    }
+    if (matches7(configRoutes, req)) {
+      info("matches providers");
+      return route7(req, config);
+    }
+    if (matches8(configRoutes, req)) {
+      info("matches csrf");
+      return route8(req, config);
+    }
+    if (matches13(configRoutes, req)) {
+      info("matches password reset");
+      return route13(req, config);
+    }
+    if (matches9(configRoutes, req)) {
+      info("matches callback");
+      return route9(req, config);
+    }
+    if (matches10(configRoutes, req)) {
+      info("matches signout");
+      return route10(req, config);
+    }
+    if (matches12(configRoutes, req)) {
+      info("matches verify-request");
+      return route12(req, config);
+    }
+    if (matches14(configRoutes, req)) {
+      info("matches verify-email");
+      return route14(req, config);
+    }
+    if (matches11(configRoutes, req)) {
+      info("matches error");
+      return route11(req, config);
+    }
+    warn(`No GET routes matched ${req.url}`);
     return new Response(null, { status: 404 });
-  }
-  const url = apiRoutes(config).TENANT_USERS(tenant);
-  init.method = "GET";
-  return await request(url, init, config);
+  };
 }
-// src/api/routes/users/[userId]/PUT.ts
-async function PUT(config, session, init) {
-  if (!session) {
-    return new Response(null, { status: 401 });
-  }
+// src/api/routes/signup/POST.ts
+async function POST4(config, init) {
   init.body = init.request.body;
-  init.method = "PUT";
-  const [userId] = new URL(init.request.url).pathname.split("/").reverse();
-  const url = apiRoutes(config).USER(userId);
+  init.method = "POST";
+  const url = `${apiRoutes(config).SIGNUP}`;
   return await request(url, init, config);
 }
-// src/api/routes/users/index.ts
-var key2 = "USERS";
-async function route2(request2, config) {
-  const { info } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key2}]`
-  );
-  const session = await auth(request2, config);
+// src/api/routes/signup/index.tsx
+var key12 = "SIGNUP";
+async function route15(request2, config) {
   switch (request2.method) {
-    case "GET":
-      return await GET2(config, { request: request2 }, info);
     case "POST":
-      return await POST(config, { request: request2 });
-    case "PUT":
-      return await PUT(config, session, { request: request2 });
+      return await POST4(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
 }
-function matches2(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key2]);
+function matches15(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key12]);
 }
-// src/api/routes/tenants/[tenantId]/users/GET.ts
-async function GET3(config, init) {
-  const yurl = new URL(init.request.url);
-  const [, tenantId] = yurl.pathname.split("/").reverse();
-  const url = `${apiRoutes(config).TENANT_USERS(tenantId)}`;
-  return await request(url, init, config);
+async function fetchSignUp(config, payload) {
+  const { body, params } = payload ?? {};
+  const q = new URLSearchParams();
+  if (params?.newTenantName) {
+    q.set("newTenantName", params.newTenantName);
+  }
+  if (params?.tenantId) {
+    q.set("tenantId", params.tenantId);
+  }
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/signup" /* SIGNUP */}${q.size > 0 ? `?${q}` : ""}`;
+  const req = new Request(clientUrl, {
+    method: "POST",
+    headers: config.headers,
+    body
+  });
+  return await config.handlers.POST(req);
 }
-// src/api/routes/tenants/[tenantId]/users/POST.ts
-async function POST2(config, session, init) {
-  const yurl = new URL(init.request.url);
-  const [, tenantId] = yurl.pathname.split("/").reverse();
-  init.body = JSON.stringify({ email: session.email });
-  init.method = "PUT";
-  const url = apiRoutes(config).TENANT_USERS(tenantId);
-  return await request(url, init, config);
+// src/api/handlers/POST.ts
+function POSTER(configRoutes, config) {
+  const { info, warn, error } = Logger(config, "[POST MATCHER]");
+  return async function POST5(req) {
+    if (matchesLog(configRoutes, req)) {
+      try {
+        const json = await req.clone().json();
+        error(req.body && json);
+      } catch {
+        error(await req.text());
+      }
+      return new Response(null, { status: 200 });
+    }
+    if (matches3(configRoutes, req)) {
+      info("matches tenant users");
+      return route3(req, config);
+    }
+    if (matches15(configRoutes, req)) {
+      info("matches signup");
+      return route15(req, config);
+    }
+    if (matches2(configRoutes, req)) {
+      info("matches users");
+      return route2(req, config);
+    }
+    if (matches4(configRoutes, req)) {
+      info("matches tenants");
+      return route4(req, config);
+    }
+    if (matches6(configRoutes, req)) {
+      info("matches session");
+      return route6(req, config);
+    }
+    if (matches5(configRoutes, req)) {
+      info("matches signin");
+      return route5(req, config);
+    }
+    if (matches13(configRoutes, req)) {
+      info("matches password reset");
+      return route13(req, config);
+    }
+    if (matches7(configRoutes, req)) {
+      info("matches providers");
+      return route7(req, config);
+    }
+    if (matches8(configRoutes, req)) {
+      info("matches csrf");
+      return route8(req, config);
+    }
+    if (matches9(configRoutes, req)) {
+      info("matches callback");
+      return route9(req, config);
+    }
+    if (matches10(configRoutes, req)) {
+      info("matches signout");
+      return route10(req, config);
+    }
+    if (matches14(configRoutes, req)) {
+      info("matches verify-email");
+      return route14(req, config);
+    }
+    warn(`No POST routes matched ${req.url}`);
+    return new Response(null, { status: 404 });
+  };
 }
 // src/api/routes/tenants/[tenantId]/users/[userId]/DELETE.ts
-async function DELETE(config, init) {
+async function DELETE3(config, init) {
   const yurl = new URL(init.request.url);
-  const [userId, _, tenantId] = yurl.pathname.split("/").reverse();
+  const [, userId, , tenantId] = yurl.pathname.split("/").reverse();
+  config.tenantId = tenantId;
+  config.userId = userId;
   init.method = "DELETE";
-  init.body = JSON.stringify({ email: userId });
-  const url = `${apiRoutes(config).TENANT_USER(tenantId, userId)}`;
+  const url = `${apiRoutes(config).TENANT_USER}/link`;
   return await request(url, init, config);
 }
-// src/api/routes/tenants/[tenantId]/users/PUT.ts
-async function PUT2(config, init) {
+// src/api/routes/tenants/[tenantId]/users/[userId]/PUT.ts
+async function PUT4(config, init) {
   const yurl = new URL(init.request.url);
-  const [, tenantId] = yurl.pathname.split("/").reverse();
+  const [, userId, , tenantId] = yurl.pathname.split("/").reverse();
+  config.tenantId = tenantId;
+  config.userId = userId;
   init.method = "PUT";
-  const url = `${apiRoutes(config).TENANT_USERS(tenantId)}`;
+  const url = `${apiRoutes(config).TENANT_USER}/link`;
   return await request(url, init, config);
 }
-// src/api/routes/tenants/[tenantId]/users/index.ts
-var key3 = "TENANT_USERS";
-async function route3(request2, config) {
+// src/api/routes/tenants/[tenantId]/users/[userId]/index.ts
+var key13 = "TENANT_USER";
+async function route16(request2, config) {
   const { info } = Logger(
     { ...config, debug: config.debug },
-    `[ROUTES][${key3}]`
+    `[ROUTES][${key13}]`
   );
   const session = await auth(request2, config);
   if (!session) {
@@ -1217,760 +1164,1019 @@ async function route3(request2, config) {
     return new Response(null, { status: 401 });
   }
   const yurl = new URL(request2.url);
-  const [, tenantId] = yurl.pathname.split("/").reverse();
-  if (!tenantId) {
+  const [, userId] = yurl.pathname.split("/").reverse();
+  if (!userId) {
     info("No tenant id found in path");
     return new Response(null, { status: 404 });
   }
   switch (request2.method) {
-    case "GET":
-      return await GET3(config, { request: request2 });
-    case "POST":
-      return await POST2(config, session, { request: request2 });
     case "PUT":
-      return await PUT2(config, { request: request2 });
+      return await PUT4(config, { request: request2 });
     case "DELETE":
-      return await DELETE(config, { request: request2 });
+      return await DELETE3(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
 }
-function matches3(configRoutes, request2) {
+function matches16(configRoutes, request2) {
   const url = new URL(request2.url);
-  const [userId, possibleTenantId, tenantId] = url.pathname.split("/").reverse();
-  let route15 = configRoutes[key3].replace("{tenantId}", tenantId).replace("{userId}", userId);
+  const [, userId, possibleTenantId, tenantId] = url.pathname.split("/").reverse();
+  let route17 = configRoutes[key13].replace("{tenantId}", tenantId).replace("{userId}", userId);
   if (userId === "users") {
-    route15 = configRoutes[key3].replace("{tenantId}", possibleTenantId);
+    route17 = configRoutes[key13].replace("{tenantId}", possibleTenantId);
   }
-  return urlMatches(request2.url, route15);
+  return urlMatches(request2.url, route17);
 }
-// src/api/routes/tenants/GET.ts
-async function GET4(config, session, init) {
-  let url = `${apiRoutes(config).USER_TENANTS(session.id)}`;
-  if (typeof session === "object" && "user" in session && session.user) {
-    url = `${apiRoutes(config).USER_TENANTS(session.user.id)}`;
+async function fetchTenantUser(config, method) {
+  if (!config.tenantId) {
+    throw new Error(
+      "The tenantId context is missing. Call nile.setContext({ tenantId })"
+    );
   }
-  const res = await request(url, init, config);
-  return res;
-}
-// src/api/routes/tenants/[tenantId]/GET.ts
-async function GET5(config, init, log) {
-  const yurl = new URL(init.request.url);
-  const [tenantId] = yurl.pathname.split("/").reverse();
-  if (!tenantId) {
-    log("[GET] No tenant id provided.");
-    return new Response(null, { status: 404 });
+  if (!config.userId) {
+    throw new Error(
+      "the userId context is missing. Call nile.setContext({ userId })"
+    );
   }
-  init.method = "GET";
-  const url = `${apiRoutes(config).TENANT(tenantId)}`;
-  return await request(url, init, config);
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/users/{userId}" /* TENANT_USER */.replace(
+    "{tenantId}",
+    config.tenantId
+  ).replace("{userId}", config.userId)}/link`;
+  const req = new Request(clientUrl, {
+    headers: config.headers,
+    method
+  });
+  return await config.handlers[method](req);
 }
-// src/api/routes/tenants/[tenantId]/DELETE.ts
-async function DELETE2(config, init) {
-  const yurl = new URL(init.request.url);
-  const [tenantId] = yurl.pathname.split("/").reverse();
-  if (!tenantId) {
+// src/api/handlers/DELETE.ts
+function DELETER(configRoutes, config) {
+  const { info, warn } = Logger(config, "[DELETE MATCHER]");
+  return async function DELETE4(req) {
+    if (matches16(configRoutes, req)) {
+      info("matches tenant user");
+      return route16(req, config);
+    }
+    if (matches3(configRoutes, req)) {
+      info("matches tenant users");
+      return route3(req, config);
+    }
+    if (matches4(configRoutes, req)) {
+      info("matches tenants");
+      return route4(req, config);
+    }
+    if (matches(configRoutes, req)) {
+      info("matches me");
+      return route(req, config);
+    }
+    warn("No DELETE routes matched");
     return new Response(null, { status: 404 });
-  }
-  init.method = "DELETE";
-  const url = `${apiRoutes(config).TENANT(tenantId)}`;
-  return await request(url, init, config);
+  };
 }
-// src/api/routes/tenants/[tenantId]/PUT.ts
-async function PUT3(config, init) {
-  const yurl = new URL(init.request.url);
-  const [tenantId] = yurl.pathname.split("/").reverse();
-  if (!tenantId) {
+// src/api/handlers/PUT.ts
+function PUTER(configRoutes, config) {
+  const { info, warn } = Logger(config, "[PUT MATCHER]");
+  return async function PUT5(req) {
+    if (matches16(configRoutes, req)) {
+      info("matches tenant user");
+      return route16(req, config);
+    }
+    if (matches3(configRoutes, req)) {
+      info("matches tenant users");
+      return route3(req, config);
+    }
+    if (matches2(configRoutes, req)) {
+      info("matches users");
+      return route2(req, config);
+    }
+    if (matches(configRoutes, req)) {
+      info("matches me");
+      return route(req, config);
+    }
+    if (matches4(configRoutes, req)) {
+      info("matches tenants");
+      return route4(req, config);
+    }
+    if (matches13(configRoutes, req)) {
+      info("matches reset password");
+      return route13(req, config);
+    }
+    warn("No PUT routes matched");
     return new Response(null, { status: 404 });
-  }
-  init.body = init.request.body;
-  init.method = "PUT";
-  const url = `${apiRoutes(config).TENANT(tenantId)}`;
-  return await request(url, init, config);
+  };
 }
-// src/api/routes/tenants/POST.ts
-async function POST3(config, init) {
-  init.body = init.request.body;
-  init.method = "POST";
-  const url = `${apiRoutes(config).TENANTS}`;
-  return await request(url, init, config);
+// src/api/handlers/index.ts
+function Handlers(configRoutes, config) {
+  const GET6 = GETTER(configRoutes, config);
+  const POST5 = POSTER(configRoutes, config);
+  const DELETE4 = DELETER(configRoutes, config);
+  const PUT5 = PUTER(configRoutes, config);
+  return {
+    GET: GET6,
+    POST: POST5,
+    DELETE: DELETE4,
+    PUT: PUT5
+  };
 }
-// src/api/routes/tenants/index.ts
-function isUUID(value) {
-  if (!value) {
-    return false;
+var getApiUrl = (cfg) => {
+  const { config } = cfg;
+  if (config?.apiUrl != null) {
+    return config?.apiUrl;
   }
-  const regex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5|7][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/;
-  return regex.test(value);
-}
-var key4 = "TENANTS";
-async function route4(request2, config) {
-  const { info } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key4}]`
+  if (stringCheck(process.env.NILEDB_API_URL)) {
+    return process.env.NILEDB_API_URL;
+  }
+  throw new Error(
+    "A connection to nile-auth is required. Set NILEDB_API_URL as an environment variable."
   );
-  const session = await auth(request2, config);
-  if (!session) {
-    info("401");
-    return new Response(null, { status: 401 });
+};
+var getCallbackUrl = (cfg) => {
+  const { config } = cfg;
+  if (stringCheck(config?.callbackUrl)) {
+    return config?.callbackUrl;
   }
-  const [possibleTenantId] = request2.url.split("/").reverse();
-  switch (request2.method) {
-    case "GET":
-      if (isUUID(possibleTenantId)) {
-        return await GET5(config, { request: request2 }, info);
+  return process.env.NILEDB_CALLBACK_URL;
+};
+var getSecureCookies = (cfg) => {
+  const { config } = cfg;
+  if (config?.secureCookies != null) {
+    return config?.secureCookies;
+  }
+  if (stringCheck(process.env.NILEDB_SECURECOOKIES)) {
+    return Boolean(process.env.NILEDB_SECURECOOKIES);
+  }
+  return void 0;
+};
+var getUsername = (cfg) => {
+  const { config, logger } = cfg;
+  const { info } = Logger(config, "[username]");
+  if (config?.user) {
+    logger && info(`${logger}[config] ${config.user}`);
+    return String(config?.user);
+  }
+  const user = stringCheck(process.env.NILEDB_USER);
+  if (user) {
+    logger && info(`${logger}[NILEDB_USER] ${user}`);
+    return user;
+  }
+  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
+  if (pg2) {
+    try {
+      const url = new URL(pg2);
+      if (url.username) {
+        return url.username;
       }
-      return await GET4(config, session, { request: request2 });
-    case "POST":
-      return await POST3(config, { request: request2 });
-    case "DELETE":
-      return await DELETE2(config, { request: request2 });
-    case "PUT":
-      return await PUT3(config, { request: request2 });
-    default:
-      return new Response("method not allowed", { status: 405 });
+    } catch (e) {
+    }
   }
-}
-function matches4(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key4]);
-}
-// src/api/utils/routes/proxyRoutes.ts
-var proxyRoutes = (config) => ({
-  SIGNIN: makeRestUrl(config, "/auth/signin"),
-  PROVIDERS: makeRestUrl(config, "/auth/providers"),
-  SESSION: makeRestUrl(config, "/auth/session"),
-  CSRF: makeRestUrl(config, "/auth/csrf"),
-  CALLBACK: makeRestUrl(config, "/auth/callback"),
-  SIGNOUT: makeRestUrl(config, "/auth/signout"),
-  ERROR: makeRestUrl(config, "/auth/error"),
-  VERIFY_REQUEST: makeRestUrl(config, "/auth/verify-request"),
-  PASSWORD_RESET: makeRestUrl(config, "/auth/reset-password")
-});
-// src/api/routes/auth/signin.ts
-var key5 = "SIGNIN";
-async function route5(req, config) {
-  let url = proxyRoutes(config)[key5];
-  const init = {
-    method: req.method,
-    headers: req.headers
-  };
-  if (req.method === "POST") {
-    const [provider] = new URL(req.url).pathname.split("/").reverse();
-    url = `${proxyRoutes(config)[key5]}/${provider}`;
+  throw new Error(
+    "A database user is required. Set NILEDB_USER as an environment variable."
+  );
+};
+var getPassword = (cfg) => {
+  const { config, logger } = cfg;
+  const log = logProtector(logger);
+  const { info } = Logger(config, "[password]");
+  if (stringCheck(config?.password)) {
+    log && info(`${logger}[config] ***`);
+    return String(config?.password);
   }
-  const passThroughUrl = new URL(req.url);
-  const params = new URLSearchParams(passThroughUrl.search);
-  url = `${url}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
-  const res = await request(url, { ...init, request: req }, config);
-  return res;
-}
-function matches5(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key5]);
-}
-// src/api/routes/auth/session.ts
-async function route6(req, config) {
-  return request(
-    proxyRoutes(config).SESSION,
-    {
-      method: req.method,
-      request: req
-    },
-    config
+  const pass = stringCheck(process.env.NILEDB_PASSWORD);
+  if (pass) {
+    logger && info(`${logger}[NILEDB_PASSWORD] ***`);
+    return pass;
+  }
+  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
+  if (pg2) {
+    try {
+      const url = new URL(pg2);
+      if (url.password) {
+        return url.password;
+      }
+    } catch (e) {
+    }
+  }
+  throw new Error(
+    "A database password is required. Set NILEDB_PASSWORD as an environment variable."
   );
-}
-function matches6(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes.SESSION);
-}
-// src/api/routes/auth/providers.ts
-async function route7(req, config) {
-  return request(
-    proxyRoutes(config).PROVIDERS,
-    {
-      method: req.method,
-      request: req
-    },
-    config
+};
+var getDatabaseName = (cfg) => {
+  const { config, logger } = cfg;
+  const { info } = Logger(config, "[databaseName]");
+  if (stringCheck(config?.databaseName)) {
+    logger && info(`${logger}[config] ${config?.databaseName}`);
+    return String(config?.databaseName);
+  }
+  const name = stringCheck(process.env.NILEDB_NAME);
+  if (name) {
+    logger && info(`${logger}[NILEDB_NAME] ${name}`);
+    return name;
+  }
+  if (process.env.NILEDB_POSTGRES_URL) {
+    try {
+      const pgUrl = new URL(process.env.NILEDB_POSTGRES_URL);
+      return pgUrl.pathname.substring(1);
+    } catch (e) {
+    }
+  }
+  throw new Error(
+    "A database name is required. Set NILEDB_PASSWORD as an environment variable."
   );
-}
-function matches7(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes.PROVIDERS);
-}
-// src/api/routes/auth/csrf.ts
-async function route8(req, config) {
-  return request(
-    proxyRoutes(config).CSRF,
-    {
-      method: req.method,
-      request: req
-    },
-    config
-  );
-}
-function matches8(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes.CSRF);
-}
-// src/api/routes/auth/callback.ts
-var key6 = "CALLBACK";
-async function route9(req, config) {
-  const { error } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key6}]`
-  );
-  const [provider] = new URL(req.url).pathname.split("/").reverse();
-  try {
-    const passThroughUrl = new URL(req.url);
-    const params = new URLSearchParams(passThroughUrl.search);
-    const url = `${proxyRoutes(config)[key6]}/${provider}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
-    const res = await request(
-      url,
-      {
-        request: req,
-        method: req.method
-      },
-      config
-    ).catch((e) => {
-      error("an error as occurred", e);
-    });
-    const location = res?.headers.get("location");
-    if (location) {
-      return new Response(res?.body, {
-        status: 302,
-        headers: res?.headers
-      });
+};
+var getTenantId = (cfg) => {
+  const { config, logger } = cfg;
+  const { info } = Logger(config, "[tenantId]");
+  if (stringCheck(config?.tenantId)) {
+    logger && info(`${logger}[config] ${config?.tenantId}`);
+    return String(config?.tenantId);
+  }
+  if (stringCheck(process.env.NILEDB_TENANT)) {
+    logger && info(`${logger}[NILEDB_TENANT] ${process.env.NILEDB_TENANT}`);
+    return String(process.env.NILEDB_TENANT);
+  }
+  return null;
+};
+function getDbHost(cfg) {
+  const { config, logger } = cfg;
+  const { info } = Logger(config, "[db.host]");
+  if (stringCheck(config?.db && config.db.host)) {
+    logger && info(`${logger}[config] ${config?.db?.host}`);
+    return String(config?.db?.host);
+  }
+  if (stringCheck(process.env.NILEDB_HOST)) {
+    logger && info(`${logger}[NILEDB_HOST] ${process.env.NILEDB_HOST}`);
+    return process.env.NILEDB_HOST;
+  }
+  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
+  if (pg2) {
+    try {
+      const pgUrl = new URL(pg2);
+      logger && info(`${logger}[NILEDB_POSTGRES_URL] ${pgUrl.hostname}`);
+      return pgUrl.hostname;
+    } catch (e) {
     }
-    return new Response(res?.body, {
-      status: res?.status,
-      headers: res?.headers
-    });
-  } catch (e) {
-    error(e);
   }
-  return new Response("An unexpected error has occurred.", { status: 400 });
-}
-function matches9(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes.CALLBACK);
+  logger && info(`${logger}[default] db.thenile.dev`);
+  return "db.thenile.dev";
 }
-// src/api/routes/auth/signout.ts
-var key7 = "SIGNOUT";
-async function route10(request2, config) {
-  let url = proxyRoutes(config)[key7];
-  const init = {
-    method: request2.method
-  };
-  if (request2.method === "POST") {
-    init.body = request2.body;
-    const [provider] = new URL(request2.url).pathname.split("/").reverse();
-    url = `${proxyRoutes(config)[key7]}${provider !== "signout" ? `/${provider}` : ""}`;
+function getDbPort(cfg) {
+  const { config, logger } = cfg;
+  const { info } = Logger(config, "[db.port]");
+  if (config?.db?.port && config.db.port != null) {
+    logger && info(`${logger}[config] ${config?.db.port}`);
+    return Number(config.db?.port);
   }
-  const res = await request(url, { ...init, request: request2 }, config);
-  return res;
-}
-function matches10(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key7]);
-}
-// src/api/routes/auth/error.ts
-var key8 = "ERROR";
-async function route11(req, config) {
-  return request(
-    proxyRoutes(config)[key8],
-    {
-      method: req.method,
-      request: req
-    },
-    config
-  );
-}
-function matches11(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key8]);
-}
-// src/api/routes/auth/verify-request.ts
-var key9 = "VERIFY_REQUEST";
-async function route12(req, config) {
-  return request(
-    proxyRoutes(config)[key9],
-    {
-      method: req.method,
-      request: req
-    },
-    config
-  );
-}
-function matches12(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key9]);
-}
-// src/api/routes/auth/password-reset.ts
-var key10 = "PASSWORD_RESET";
-async function route13(req, config) {
-  const url = proxyRoutes(config)[key10];
-  const res = await request(
-    url,
-    {
-      method: req.method,
-      request: req
-    },
-    config
-  );
-  const location = res?.headers.get("location");
-  if (location) {
-    return new Response(res?.body, {
-      status: 302,
-      headers: res?.headers
-    });
+  if (stringCheck(process.env.NILEDB_PORT)) {
+    logger && info(`${logger}[NILEDB_PORT] ${process.env.NILEDB_PORT}`);
+    return Number(process.env.NILEDB_PORT);
   }
-  return new Response(res?.body, {
-    status: res?.status,
-    headers: res?.headers
-  });
-}
-function matches13(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes.PASSWORD_RESET);
+  const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
+  if (pg2) {
+    try {
+      const pgUrl = new URL(pg2);
+      if (pgUrl.port) {
+        return Number(pgUrl.port);
+      }
+    } catch (e) {
+    }
+  }
+  logger && info(`${logger}[default] 5432`);
+  return 5432;
 }
+var logProtector = (logger) => {
+  return process.env.NODE_ENV === "development" || process.env.NODE_ENV === "test" ? logger : null;
+};
+var stringCheck = (str) => {
+  if (str && str !== "") {
+    return str;
+  }
+  return;
+};
-// src/api/handlers/GET.ts
-function GETTER(configRoutes, config) {
-  const { info, warn } = Logger(config, "[GET MATCHER]");
-  return async function GET6(req) {
-    if (matches(configRoutes, req)) {
-      info("matches me");
-      return route(req, config);
-    }
-    if (matches3(configRoutes, req)) {
-      info("matches tenant users");
-      return route3(req, config);
-    }
-    if (matches2(configRoutes, req)) {
-      info("matches users");
-      return route2(req, config);
-    }
-    if (matches4(configRoutes, req)) {
-      info("matches tenants");
-      return route4(req, config);
-    }
-    if (matches6(configRoutes, req)) {
-      info("matches session");
-      return route6(req, config);
-    }
-    if (matches5(configRoutes, req)) {
-      info("matches signin");
-      return route5(req, config);
-    }
-    if (matches7(configRoutes, req)) {
-      info("matches providers");
-      return route7(req, config);
-    }
-    if (matches8(configRoutes, req)) {
-      info("matches csrf");
-      return route8(req, config);
+// src/utils/Config/index.ts
+var Config = class {
+  routes;
+  handlers;
+  paths;
+  logger;
+  /**
+   * Stores the set tenant id from Server for use in sub classes
+   */
+  tenantId;
+  /**
+   * Stores the set user id from Server for use in sub classes
+   */
+  userId;
+  /**
+   * Stores the headers to be used in `fetch` calls
+   */
+  headers;
+  /**
+   * The nile-auth url
+   */
+  apiUrl;
+  origin;
+  /**
+   * important for separating the `origin` config value from a default in order to make requests
+   */
+  serverOrigin;
+  debug;
+  /**
+   * To use secure cookies or not in the fetch
+   */
+  secureCookies;
+  callbackUrl;
+  /**
+   * change the starting route
+   */
+  routePrefix;
+  db;
+  // api: ApiConfig;
+  constructor(config, logger) {
+    const envVarConfig = { config, logger };
+    this.routePrefix = config?.routePrefix ?? "/api";
+    this.secureCookies = getSecureCookies(envVarConfig);
+    this.callbackUrl = getCallbackUrl(envVarConfig);
+    this.debug = config?.debug;
+    this.origin = config?.origin;
+    this.serverOrigin = config?.origin ?? "http://localhost:3000";
+    this.apiUrl = getApiUrl(envVarConfig);
+    const user = getUsername(envVarConfig);
+    const password = getPassword(envVarConfig);
+    const databaseName = getDatabaseName(envVarConfig);
+    const { host, port, ...dbConfig } = config?.db ?? {};
+    const configuredHost = host ?? getDbHost(envVarConfig);
+    const configuredPort = port ?? getDbPort(envVarConfig);
+    this.db = {
+      user,
+      password,
+      host: configuredHost,
+      port: configuredPort,
+      ...dbConfig
+    };
+    if (databaseName) {
+      this.db.database = databaseName;
     }
-    if (matches13(configRoutes, req)) {
-      info("matches password reset");
-      return route13(req, config);
+    if (config?.headers) {
+      this.headers = config?.headers;
+    } else {
+      this.headers = new Headers();
     }
-    if (matches9(configRoutes, req)) {
-      info("matches callback");
-      return route9(req, config);
+    this.routes = {
+      ...appRoutes(config?.routePrefix),
+      ...config?.routes
+    };
+    this.handlers = Handlers(this.routes, this);
+    this.paths = {
+      get: [
+        this.routes.ME,
+        this.routes.TENANT_USERS,
+        this.routes.TENANTS,
+        this.routes.TENANT,
+        this.routes.SESSION,
+        this.routes.SIGNIN,
+        this.routes.PROVIDERS,
+        this.routes.CSRF,
+        this.routes.PASSWORD_RESET,
+        this.routes.CALLBACK,
+        this.routes.SIGNOUT,
+        this.routes.VERIFY_REQUEST,
+        this.routes.ERROR
+      ],
+      post: [
+        this.routes.TENANT_USERS,
+        this.routes.SIGNUP,
+        this.routes.USERS,
+        this.routes.TENANTS,
+        this.routes.SESSION,
+        `${this.routes.SIGNIN}/{provider}`,
+        this.routes.PASSWORD_RESET,
+        this.routes.PROVIDERS,
+        this.routes.CSRF,
+        `${this.routes.CALLBACK}/{provider}`,
+        this.routes.SIGNOUT
+      ],
+      put: [
+        this.routes.TENANT_USERS,
+        this.routes.USERS,
+        this.routes.TENANT,
+        this.routes.PASSWORD_RESET
+      ],
+      delete: [this.routes.TENANT_USER, this.routes.TENANT]
+    };
+    this.tenantId = config?.tenantId;
+    this.userId = config?.userId;
+    this.logger = config?.logger;
+  }
+};
+// src/utils/Event/index.ts
+var Eventer = class {
+  events = {};
+  publish(eventName, value) {
+    const callbacks = this.events[eventName];
+    if (callbacks) {
+      for (const callback of callbacks) {
+        callback(value);
+      }
     }
-    if (matches10(configRoutes, req)) {
-      info("matches signout");
-      return route10(req, config);
+  }
+  subscribe(eventName, callback) {
+    if (!this.events[eventName]) {
+      this.events[eventName] = [];
     }
-    if (matches12(configRoutes, req)) {
-      info("matches verify-request");
-      return route12(req, config);
+    this.events[eventName].push(callback);
+  }
+  unsubscribe(eventName, callback) {
+    const callbacks = this.events[eventName];
+    if (!callbacks) return;
+    const index = callbacks.indexOf(callback);
+    if (index !== -1) {
+      callbacks.splice(index, 1);
     }
-    if (matches11(configRoutes, req)) {
-      info("matches error");
-      return route11(req, config);
+    if (callbacks.length === 0) {
+      delete this.events[eventName];
     }
-    warn("No GET routes matched");
-    return new Response(null, { status: 404 });
-  };
-}
-// src/api/routes/signup/POST.ts
-async function POST4(config, init) {
-  init.body = init.request.body;
-  init.method = "POST";
-  const url = `${apiRoutes(config).SIGNUP}`;
-  return await request(url, init, config);
-}
-// src/api/routes/signup/index.tsx
-var key11 = "SIGNUP";
-async function route14(request2, config) {
-  switch (request2.method) {
-    case "POST":
-      return await POST4(config, { request: request2 });
-    default:
-      return new Response("method not allowed", { status: 405 });
   }
-}
-function matches14(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key11]);
-}
+};
+var eventer = new Eventer();
+var watchTenantId = (cb) => eventer.subscribe("tenantId" /* Tenant */, cb);
+var watchUserId = (cb) => eventer.subscribe("userId" /* User */, cb);
+var evictPool = (val) => {
+  eventer.publish("EvictPool" /* EvictPool */, val);
+};
+var watchEvictPool = (cb) => eventer.subscribe("EvictPool" /* EvictPool */, cb);
+var updateHeaders = (val) => {
+  eventer.publish("headers" /* Headers */, val);
+};
+var watchHeaders = (cb) => eventer.subscribe("headers" /* Headers */, cb);
-// src/api/handlers/POST.ts
-function POSTER(configRoutes, config) {
-  const { info, warn, error } = Logger(config, "[POST MATCHER]");
-  return async function POST5(req) {
-    if (matchesLog(configRoutes, req)) {
-      if (req.body) {
-        try {
-          const text = await req.text();
-          error(text);
-          return new Response(null, {
-            status: 200
-          });
-        } catch (e) {
+// src/db/PoolProxy.ts
+function createProxyForPool(pool, config) {
+  const { info, error } = Logger(config, "[pool]");
+  return new Proxy(pool, {
+    get(target, property) {
+      if (property === "query") {
+        if (!config.db.connectionString) {
+          if (!config.db.user || !config.db.password) {
+            error(
+              "Cannot connect to the database. User and/or password are missing. Generate them at https://console.thenile.dev"
+            );
+          } else if (!config.db.database) {
+            error(
+              "Unable to obtain database name. Is process.env.NILEDB_POSTGRES_URL set?"
+            );
+          }
         }
+        const caller = target[property];
+        return function query(...args) {
+          info("query", ...args);
+          const called = caller.apply(this, args);
+          return called;
+        };
       }
+      return target[property];
     }
-    if (matches3(configRoutes, req)) {
-      info("matches tenant users");
-      return route3(req, config);
-    }
-    if (matches14(configRoutes, req)) {
-      info("matches signup");
-      return route14(req, config);
-    }
-    if (matches2(configRoutes, req)) {
-      info("matches users");
-      return route2(req, config);
-    }
-    if (matches4(configRoutes, req)) {
-      info("matches tenants");
-      return route4(req, config);
-    }
-    if (matches6(configRoutes, req)) {
-      info("matches session");
-      return route6(req, config);
-    }
-    if (matches5(configRoutes, req)) {
-      info("matches signin");
-      return route5(req, config);
-    }
-    if (matches13(configRoutes, req)) {
-      info("matches password reset");
-      return route13(req, config);
-    }
-    if (matches7(configRoutes, req)) {
-      info("matches providers");
-      return route7(req, config);
-    }
-    if (matches8(configRoutes, req)) {
-      info("matches csrf");
-      return route8(req, config);
+  });
+}
+// src/db/NileInstance.ts
+var NileDatabase = class {
+  pool;
+  tenantId;
+  userId;
+  id;
+  config;
+  timer;
+  constructor(config, id) {
+    const { warn, info, debug } = Logger(config, "[NileInstance]");
+    this.id = id;
+    const poolConfig = {
+      min: 0,
+      max: 10,
+      idleTimeoutMillis: 3e4,
+      ...config.db
+    };
+    const { afterCreate, ...remaining } = poolConfig;
+    config.db = poolConfig;
+    this.config = config;
+    const cloned = { ...this.config.db };
+    cloned.password = "***";
+    debug(`Connection pool config ${JSON.stringify(cloned)}`);
+    this.pool = createProxyForPool(new pg.Pool(remaining), this.config);
+    if (typeof afterCreate === "function") {
+      warn(
+        "Providing an pool configuration will stop automatic tenant context setting."
+      );
     }
-    if (matches9(configRoutes, req)) {
-      info("matches callback");
-      return route9(req, config);
+    this.startTimeout();
+    this.pool.on("connect", async (client) => {
+      debug(`pool connected ${this.id}`);
+      this.startTimeout();
+      const afterCreate2 = makeAfterCreate(
+        config,
+        `${this.id}-${this.timer}`
+      );
+      afterCreate2(client, (err) => {
+        const { error } = Logger(config, "[after create callback]");
+        if (err) {
+          clearTimeout(this.timer);
+          error("after create failed", {
+            message: err.message,
+            stack: err.stack
+          });
+          evictPool(this.id);
+        }
+      });
+    });
+    this.pool.on("error", (err) => {
+      clearTimeout(this.timer);
+      info(`pool ${this.id} failed`, {
+        message: err.message,
+        stack: err.stack
+      });
+      evictPool(this.id);
+    });
+    this.pool.on("release", (destroy) => {
+      if (destroy) {
+        clearTimeout(this.timer);
+        evictPool(this.id);
+        debug(`destroying pool ${this.id}`);
+      }
+    });
+  }
+  startTimeout() {
+    const { debug } = Logger(this.config, "[NileInstance]");
+    if (this.timer) {
+      clearTimeout(this.timer);
     }
-    if (matches10(configRoutes, req)) {
-      info("matches signout");
-      return route10(req, config);
+    this.timer = setTimeout(() => {
+      debug(
+        `Pool reached idleTimeoutMillis. ${this.id} evicted after ${Number(this.config.db.idleTimeoutMillis) ?? 3e4}ms`
+      );
+      this.pool.end(() => {
+        clearTimeout(this.timer);
+        evictPool(this.id);
+      });
+    }, Number(this.config.db.idleTimeoutMillis) ?? 3e4);
+  }
+  shutdown() {
+    const { debug } = Logger(this.config, "[NileInstance]");
+    debug(`attempting to shut down ${this.id}`);
+    clearTimeout(this.timer);
+    this.pool.end(() => {
+      debug(`${this.id} has been shut down`);
+    });
+  }
+};
+var NileInstance_default = NileDatabase;
+function makeAfterCreate(config, id) {
+  const { error, warn, debug } = Logger(config, "[afterCreate]");
+  return (conn, done) => {
+    conn.on("error", function errorHandler(e) {
+      error(`Connection ${id} was terminated by server`, {
+        message: e.message,
+        stack: e.stack
+      });
+      done(e, conn);
+    });
+    if (config.tenantId) {
+      const query = [`SET nile.tenant_id = '${config.tenantId}'`];
+      if (config.userId) {
+        if (!config.tenantId) {
+          warn("A user id cannot be set in context without a tenant id");
+        }
+        query.push(`SET nile.user_id = '${config.userId}'`);
+      }
+      conn.query(query.join(";"), function(err) {
+        if (err) {
+          error("query connection failed", {
+            cause: err.cause,
+            stack: err.stack,
+            message: err.message,
+            name: err.name,
+            id
+          });
+        } else {
+          if (query.length === 1) {
+            debug(`connection context set: tenantId=${config.tenantId}`);
+          }
+          if (query.length === 2) {
+            debug(
+              `connection context set: tenantId=${config.tenantId} userId=${config.userId}`
+            );
+          }
+        }
+        done(err, conn);
+      });
     }
-    warn("No POST routes matched");
-    return new Response(null, { status: 404 });
+    done(null, conn);
   };
 }
-// src/api/handlers/DELETE.ts
-function DELETER(configRoutes, config) {
-  const { info, warn } = Logger(config, "[DELETE MATCHER]");
-  return async function DELETE3(req) {
-    if (matches3(configRoutes, req)) {
-      info("matches tenant users");
-      return route3(req, config);
-    }
-    if (matches4(configRoutes, req)) {
-      info("matches tenants");
-      return route4(req, config);
+// src/db/DBManager.ts
+var DBManager = class {
+  connections;
+  cleared;
+  poolWatcherFn;
+  makeId(tenantId, userId) {
+    if (tenantId && userId) {
+      return `${tenantId}:${userId}`;
     }
-    warn("No DELETE routes matched");
-    return new Response(null, { status: 404 });
-  };
-}
-// src/api/handlers/PUT.ts
-function PUTER(configRoutes, config) {
-  const { info, warn } = Logger(config, "[PUT MATCHER]");
-  return async function PUT4(req) {
-    if (matches3(configRoutes, req)) {
-      info("matches tenant users");
-      return route3(req, config);
+    if (tenantId) {
+      return `${tenantId}`;
     }
-    if (matches2(configRoutes, req)) {
-      info("matches users");
-      return route2(req, config);
+    return "base";
+  }
+  constructor(config) {
+    this.cleared = false;
+    this.connections = /* @__PURE__ */ new Map();
+    this.poolWatcherFn = this.poolWatcher(config);
+    watchEvictPool(this.poolWatcherFn);
+  }
+  poolWatcher = (config) => (id) => {
+    const { info, warn } = Logger(config, "[DBManager]");
+    if (id && this.connections.has(id)) {
+      info(`Removing ${id} from db connection pool.`);
+      const connection = this.connections.get(id);
+      connection?.shutdown();
+      this.connections.delete(id);
+    } else {
+      warn(`missed eviction of ${id}`);
     }
-    if (matches4(configRoutes, req)) {
-      info("matches tenants");
-      return route4(req, config);
+  };
+  getConnection = (config) => {
+    const { info } = Logger(config, "[DBManager]");
+    const id = this.makeId(config.tenantId, config.userId);
+    const existing = this.connections.get(id);
+    info(`# of instances: ${this.connections.size}`);
+    if (existing) {
+      info(`returning existing ${id}`);
+      existing.startTimeout();
+      return existing.pool;
     }
-    if (matches13(configRoutes, req)) {
-      info("matches reset password");
-      return route13(req, config);
+    const newOne = new NileInstance_default(new Config(config), id);
+    this.connections.set(id, newOne);
+    info(`created new ${id}`);
+    info(`# of instances: ${this.connections.size}`);
+    if (this.cleared) {
+      this.cleared = false;
     }
-    warn("No PUT routes matched");
-    return new Response(null, { status: 404 });
+    return newOne.pool;
   };
-}
-// src/api/handlers/index.ts
-function Handlers(configRoutes, config) {
-  const GET6 = GETTER(configRoutes, config);
-  const POST5 = POSTER(configRoutes, config);
-  const DELETE3 = DELETER(configRoutes, config);
-  const PUT4 = PUTER(configRoutes, config);
-  return {
-    GET: GET6,
-    POST: POST5,
-    DELETE: DELETE3,
-    PUT: PUT4
+  clear = (config) => {
+    const { info } = Logger(config, "[DBManager]");
+    info(`Clearing all connections ${this.connections.size}`);
+    this.cleared = true;
+    this.connections.forEach((connection) => {
+      connection.shutdown();
+    });
+    this.connections.clear();
   };
-}
-// src/api/utils/routes/defaultRoutes.ts
-var appRoutes = (prefix = "/api") => ({
-  SIGNIN: `${prefix}/auth/signin`,
-  PROVIDERS: `${prefix}/auth/providers`,
-  SESSION: `${prefix}/auth/session`,
-  CSRF: `${prefix}/auth/csrf`,
-  CALLBACK: `${prefix}/auth/callback`,
-  SIGNOUT: `${prefix}/auth/signout`,
-  ERROR: `${prefix}/auth/error`,
-  VERIFY_REQUEST: `${prefix}/auth/verify-request`,
-  PASSWORD_RESET: `${prefix}/auth/reset-password`,
-  ME: `${prefix}/me`,
-  USERS: `${prefix}/users`,
-  TENANTS: `${prefix}/tenants`,
-  TENANT: `${prefix}/tenants/{tenantId}`,
-  TENANT_USER: `${prefix}/tenants/{tenantId}/users/{userId}`,
-  TENANT_USERS: `${prefix}/tenants/{tenantId}/users`,
-  SIGNUP: `${prefix}/signup`,
-  LOG: `${prefix}/_log`
-});
+};
-// src/utils/Requester/index.ts
-var Requester = class extends Config {
+// src/auth/index.ts
+var Auth = class {
+  #logger;
+  #config;
   constructor(config) {
-    super(config);
+    this.#config = config;
+    this.#logger = Logger(config, "[auth]");
   }
-  async rawRequest(method, url, init, body) {
-    const _init = {
-      body,
-      method,
-      ...init
-    };
-    const res = await _fetch(this, url, _init);
-    if (res instanceof ResponseError) {
-      return res.response;
+  async getSession(rawResponse = false) {
+    const res = await fetchSession(this.#config);
+    if (rawResponse) {
+      return res;
+    }
+    try {
+      const session = await res.clone().json();
+      if (Object.keys(session).length === 0) {
+        return void 0;
+      }
+      return session;
+    } catch {
+      return res;
+    }
+  }
+  async getCsrf(rawResponse = false) {
+    return await getCsrf(this.#config, rawResponse);
+  }
+  async listProviders(rawResponse = false) {
+    const res = await fetchProviders(this.#config);
+    if (rawResponse) {
+      return res;
     }
+    try {
+      return await res.clone().json();
+    } catch {
+      return res;
+    }
+  }
+  async signOut() {
+    const csrfRes = await this.getCsrf();
+    if (!("csrfToken" in csrfRes)) {
+      throw new Error("Unable to obtain CSRF token. Sign out failed.");
+    }
+    const body = JSON.stringify({
+      csrfToken: csrfRes.csrfToken,
+      json: true
+    });
+    const res = await fetchSignOut(this.#config, body);
+    updateHeaders(new Headers({}));
+    this.#config.headers = new Headers();
     return res;
   }
-  /**
-   * three options here
-   * 1) pass in headers for a server side request
-   * 2) pass in the payload that matches the api
-   * 3) pass in the request object sent by a browser
-   * @param method
-   * @param url
-   * @param req
-   * @param init
-   * @returns
-   */
-  async request(method, url, req, init) {
-    const headers = new Headers(init ? init?.headers : {});
-    if (req instanceof Headers) {
-      const tenantId = req.get(X_NILE_TENANT);
-      const cookie = req.get("cookie");
-      if (tenantId) {
-        headers.set(X_NILE_TENANT, tenantId);
+  async signUp(payload, rawResponse) {
+    this.#config.headers = new Headers();
+    const { email, password, ...params } = payload;
+    if (!email || !password) {
+      throw new Error(
+        "Server side sign up requires a user email and password."
+      );
+    }
+    const providers = await this.listProviders();
+    const { credentials } = providers ?? {};
+    if (!credentials) {
+      throw new Error(
+        "Unable to obtain credential provider. Aborting server side sign up."
+      );
+    }
+    const csrf = await this.getCsrf();
+    let csrfToken;
+    if ("csrfToken" in csrf) {
+      csrfToken = csrf.csrfToken;
+    } else {
+      throw new Error("Unable to obtain parse CSRF. Request blocked.");
+    }
+    const body = JSON.stringify({
+      email,
+      password,
+      csrfToken,
+      callbackUrl: credentials.callbackUrl
+    });
+    const res = await fetchSignUp(this.#config, { body, params });
+    if (res.status > 299) {
+      this.#logger.error(await res.clone().text());
+      return void 0;
+    }
+    const token = parseToken(res.headers);
+    if (!token) {
+      throw new Error("Server side sign up failed. Session token not found");
+    }
+    this.#config.headers?.append("cookie", token);
+    updateHeaders(this.#config.headers);
+    if (rawResponse) {
+      return res;
+    }
+    try {
+      return await res.clone().json();
+    } catch {
+      return res;
+    }
+  }
+  async resetPassword(req) {
+    let email = "";
+    let password = "";
+    let callbackUrl = null;
+    let redirectUrl = null;
+    if (req instanceof Request) {
+      const body2 = await req.json();
+      email = body2.email;
+      password = body2.password;
+      const cbFromHeaders = parseCallback(req.headers);
+      if (cbFromHeaders) {
+        callbackUrl = cbFromHeaders;
       }
-      if (cookie) {
-        headers.set("cookie", cookie);
+      if (body2.callbackUrl) {
+        callbackUrl = body2.callbackUrl;
       }
-    } else if (req instanceof Request) {
-      const _headers = new Headers(req?.headers);
-      const tenantId = _headers.get(X_NILE_TENANT);
-      const cookie = _headers.get("cookie");
-      if (tenantId) {
-        headers.set(X_NILE_TENANT, tenantId);
+      if (body2.redirectUrl) {
+        redirectUrl = body2.redirectUrl;
       }
-      if (cookie) {
-        headers.set("cookie", cookie);
+    } else {
+      if ("email" in req) {
+        email = req.email;
       }
-    }
-    let body = JSON.stringify(req);
-    if (method === "GET") {
-      body = void 0;
-    } else if (req instanceof Request) {
-      body = await new Response(req.body).text();
-    } else if (
-      // is just headers for a GET request
-      req instanceof Headers || JSON.stringify(req) === "{}" || req && typeof req === "object" && Object.values(req).length === 0
-    ) {
-      body = void 0;
-    }
-    const _init = {
-      ...init,
-      headers
-    };
-    return await this.rawRequest(method, url, _init, body);
-  }
-  async post(req, url, init) {
-    const response = await this.request("POST", url, req, init);
-    if (response && response.status >= 200 && response.status < 300) {
-      const cloned = response.clone();
-      try {
-        return await cloned.json();
-      } catch (e) {
+      if ("password" in req) {
+        password = req.password;
+      }
+      if ("callbackUrl" in req) {
+        callbackUrl = req.callbackUrl ? req.callbackUrl : null;
+      }
+      if ("redirectUrl" in req) {
+        redirectUrl = req.redirectUrl ? req.redirectUrl : null;
       }
     }
-    return response;
-  }
-  async get(req, url, init, raw = false) {
-    const response = await this.request("GET", url, req, init);
-    if (raw) {
-      return response;
-    }
-    if (response && response.status >= 200 && response.status < 300) {
-      const cloned = response.clone();
-      try {
-        return await cloned.json();
-      } catch (e) {
+    const fallbackCb = parseCallback(this.#config.headers);
+    if (fallbackCb) {
+      const [, value] = fallbackCb.split("=");
+      if (value) {
+        const parsedUrl = decodeURIComponent(value);
+        if (!redirectUrl) {
+          redirectUrl = `${new URL(parsedUrl).origin}${"/auth/reset-password" /* PASSWORD_RESET */}`;
+        }
+      }
+      if (!callbackUrl) {
+        callbackUrl = value;
       }
     }
-    return response;
-  }
-  async put(req, url, init) {
-    const response = await this.request("PUT", url, req, init);
-    if (response && response.status >= 200 && response.status < 300) {
-      const cloned = response.clone();
-      try {
-        return await cloned.json();
-      } catch (e) {
+    await this.getCsrf();
+    const body = JSON.stringify({
+      email,
+      password,
+      redirectUrl,
+      callbackUrl
+    });
+    let urlWithParams;
+    try {
+      const data = await fetchResetPassword(this.#config, "POST", body);
+      const cloned = data.clone();
+      if (data.status === 400) {
+        const text = await cloned.text();
+        this.#logger.error(text);
+        return data;
       }
+      const { url } = await data.json();
+      urlWithParams = url;
+    } catch {
     }
-    return response;
-  }
-  async delete(req, url, init) {
-    const response = await this.request("DELETE", url, req, init);
-    return response;
-  }
-};
-// src/auth/index.ts
-function serverLogin(config, handlers) {
-  const ORIGIN = config.api.origin ?? "http://localhost:3000";
-  const { info, error, debug } = Logger(config, "[server side login]");
-  const routes = appRoutes(config.api.routePrefix);
-  return async function login({
-    email,
-    password
-  }) {
-    if (!email || !password) {
-      throw new Error("Server side login requires a user email and password.");
+    let token;
+    try {
+      const worthyParams = new URL(urlWithParams).searchParams;
+      const answer = await fetchResetPassword(
+        this.#config,
+        "GET",
+        null,
+        worthyParams
+      );
+      token = parseResetToken(answer.headers);
+    } catch {
+      this.#logger.warn(
+        "Unable to parse reset password url. Password not reset."
+      );
     }
-    const sessionUrl = new URL(`${ORIGIN}${routes.PROVIDERS}`);
-    const baseHeaders = {
-      host: sessionUrl.host,
-      [X_NILE_ORIGIN]: ORIGIN
-    };
-    info(`Obtaining providers for ${email}`);
-    const sessionReq = new Request(sessionUrl, {
-      method: "GET",
-      ...baseHeaders
+    const cookie = this.#config.headers.get("cookie")?.split("; ");
+    if (token) {
+      cookie?.push(token);
+    } else {
+      throw new Error(
+        "Unable to reset password, reset token is missing from response"
+      );
+    }
+    this.#config.headers = new Headers({
+      ...this.#config.headers,
+      cookie: cookie?.join("; ")
     });
-    const sessionRes = await handlers.POST(sessionReq);
-    if (sessionRes?.status === 404) {
-      throw new Error("Unable to login, cannot find region api.");
+    const res = await fetchResetPassword(this.#config, "PUT", body);
+    cookie?.pop();
+    const cleaned = cookie?.filter((c) => !c.includes("nile.session")) ?? [];
+    cleaned.push(String(parseToken(res.headers)));
+    const updatedHeaders = new Headers({ cookie: cleaned.join("; ") });
+    updateHeaders(updatedHeaders);
+    return res;
+  }
+  async callback(provider, body) {
+    if (body instanceof Request) {
+      this.#config.headers = body.headers;
+      return await fetchCallback(
+        this.#config,
+        provider,
+        void 0,
+        body,
+        "GET"
+      );
     }
-    let providers;
-    try {
-      providers = await sessionRes?.json();
-    } catch (e) {
-      info(sessionUrl, { sessionRes });
-      error(e);
+    return await fetchCallback(this.#config, provider, body);
+  }
+  async signIn(provider, payload, rawResponse) {
+    if (payload instanceof Request) {
+      const body2 = new URLSearchParams(await payload.text());
+      const origin = new URL(payload.url).origin;
+      const payloadUrl = body2?.get("callbackUrl");
+      const csrfToken2 = body2?.get("csrfToken");
+      const callbackUrl = `${!payloadUrl?.startsWith("http") ? origin : ""}${payloadUrl}`;
+      if (!csrfToken2) {
+        throw new Error(
+          "CSRF token in missing from request. Request it by the client before calling sign in"
+        );
+      }
+      this.#config.headers = new Headers(payload.headers);
+      this.#config.headers.set(
+        "Content-Type",
+        "application/x-www-form-urlencoded"
+      );
+      const params = new URLSearchParams({
+        csrfToken: csrfToken2,
+        json: String(true)
+      });
+      if (payloadUrl) {
+        params.set("callbackUrl", callbackUrl);
+      }
+      return await fetchSignIn(this.#config, provider, params);
     }
+    this.#config.headers = new Headers();
+    const { info, error } = this.#logger;
+    const providers = await this.listProviders();
     info("Obtaining csrf");
-    const csrf = new URL(`${ORIGIN}${routes.CSRF}`);
-    const csrfReq = new Request(csrf, {
-      method: "GET",
-      headers: new Headers({
-        ...baseHeaders
-      })
-    });
-    const csrfRes = await handlers.POST(csrfReq);
+    const csrf = await this.getCsrf();
     let csrfToken;
-    try {
-      const json = await csrfRes?.json() ?? {};
-      csrfToken = json?.csrfToken;
-    } catch (e) {
-      info(sessionUrl, { csrfRes });
-      error(e, { csrfRes });
+    if ("csrfToken" in csrf) {
+      csrfToken = csrf.csrfToken;
+    } else {
+      throw new Error("Unable to obtain parse CSRF. Request blocked.");
     }
     const { credentials } = providers ?? {};
-    const csrfCookie = csrfRes?.headers.get("set-cookie");
     if (!credentials) {
       throw new Error(
-        "Unable to obtain credential provider. Aborting server side login."
+        "Unable to obtain credential provider. Aborting server side sign in."
       );
     }
-    const signInUrl = new URL(credentials.callbackUrl);
-    if (!csrfCookie) {
-      debug("CSRF failed", { headers: csrfRes?.headers });
-      throw new Error("Unable to authenticate REST, CSRF missing.");
+    const { email, password } = payload ?? {};
+    if (provider === "email" && (!email || !password)) {
+      throw new Error(
+        "Server side sign in requires a user email and password."
+      );
     }
-    info(`Attempting sign in with email ${email} ${signInUrl.href}`);
+    info(`Obtaining providers for ${email}`);
+    info(`Attempting sign in with email ${email}`);
     const body = JSON.stringify({
       email,
       password,
       csrfToken,
       callbackUrl: credentials.callbackUrl
     });
-    const postReq = new Request(signInUrl, {
-      method: "POST",
-      headers: new Headers({
-        ...baseHeaders,
-        "content-type": "application/json",
-        cookie: csrfCookie.split(",").join("; ")
-      }),
-      body
-    });
-    const loginRes = await handlers.POST(postReq);
-    const authCookie = loginRes?.headers.get("set-cookie");
+    const signInRes = await this.callback(provider, body);
+    const authCookie = signInRes?.headers.get("set-cookie");
     if (!authCookie) {
       throw new Error("authentication failed");
     }
-    const token = parseToken(loginRes?.headers);
+    const token = parseToken(signInRes?.headers);
+    const possibleError = signInRes?.headers.get("location");
+    if (possibleError) {
+      let urlError;
+      try {
+        urlError = new URL(possibleError).searchParams.get("error");
+      } catch {
+      }
+      if (urlError) {
+        error("Unable to log user in", { error: urlError });
+        return void 0;
+      }
+    }
     if (!token) {
-      error("Unable to obtain auth token", { authCookie });
+      error("Unable to obtain auth token", {
+        authCookie,
+        signInRes
+      });
       throw new Error("Server login failed");
     }
-    info("Server login successful", { authCookie, csrfCookie });
-    const headers = new Headers({
-      ...baseHeaders,
-      cookie: [token, csrfCookie].join("; ")
-    });
-    return [headers, loginRes];
-  };
+    info("Server sign in successful", { authCookie });
+    const setCookie = signInRes.headers.get("set-cookie");
+    if (setCookie) {
+      const cookie = [
+        parseCSRF(this.#config.headers),
+        parseCallback(signInRes.headers),
+        parseToken(signInRes.headers)
+      ].filter(Boolean).join("; ");
+      updateHeaders(new Headers({ cookie }));
+    } else {
+      error("Unable to set context after sign in", {
+        headers: signInRes.headers
+      });
+    }
+    if (rawResponse) {
+      return signInRes;
+    }
+    try {
+      return await signInRes.clone().json();
+    } catch {
+      return signInRes;
+    }
+  }
+};
+function parseCSRF(headers) {
+  let cookie = headers?.get("set-cookie");
+  if (!cookie) {
+    cookie = headers?.get("cookie");
+  }
+  if (!cookie) {
+    return void 0;
+  }
+  const [, token] = /((__Secure-)?nile\.csrf-token=[^;]+)/.exec(cookie) ?? [];
+  return token;
+}
+function parseCallback(headers) {
+  let cookie = headers?.get("set-cookie");
+  if (!cookie) {
+    cookie = headers?.get("cookie");
+  }
+  if (!cookie) {
+    return void 0;
+  }
+  const [, token] = /((__Secure-)?nile\.callback-url=[^;]+)/.exec(cookie) ?? [];
+  return token;
 }
 function parseToken(headers) {
   let authCookie = headers?.get("set-cookie");
@@ -1983,604 +2189,516 @@ function parseToken(headers) {
   const [, token] = /((__Secure-)?nile\.session-token=[^;]+)/.exec(authCookie) ?? [];
   return token;
 }
-var Auth = class extends Config {
-  headers;
-  resetHeaders;
-  constructor(config, headers, params) {
-    super(config);
-    this.logger = Logger(config, "[auth]");
-    this.headers = headers;
-    this.logger = Logger(config, "[auth]");
-    this.resetHeaders = params?.resetHeaders;
-  }
-  handleHeaders(init) {
-    if (this.headers) {
-      const cburl = getCallbackUrl2(this.headers);
-      if (cburl) {
-        try {
-          this.headers.set(X_NILE_ORIGIN, new URL(cburl).origin);
-        } catch (e) {
-          if (this.logger?.debug) {
-            this.logger.debug("Invalid URL supplied by cookie header");
-          }
-        }
-      }
-      if (init) {
-        init.headers = new Headers({ ...this.headers, ...init?.headers });
-        return init;
-      } else {
-        init = {
-          headers: this.headers
-        };
-        return init;
-      }
+function parseResetToken(headers) {
+  let authCookie = headers?.get("set-cookie");
+  if (!authCookie) {
+    authCookie = headers?.get("cookie");
+  }
+  if (!authCookie) {
+    return void 0;
+  }
+  const [, token] = /((__Secure-)?nile\.reset=[^;]+)/.exec(authCookie) ?? [];
+  return token;
+}
+// src/auth/getCsrf.ts
+async function getCsrf(config, rawResponse = false) {
+  const res = await fetchCsrf(config);
+  const csrfCook = parseCSRF(res.headers);
+  if (csrfCook) {
+    const [, value] = csrfCook.split("=");
+    const [token] = decodeURIComponent(value).split("|");
+    const setCookie = res.headers.get("set-cookie");
+    if (setCookie) {
+      const cookie = [
+        csrfCook,
+        parseCallback(res.headers),
+        parseToken(res.headers)
+      ].filter(Boolean).join("; ");
+      config.headers.set("cookie", cookie);
+      updateHeaders(new Headers({ cookie }));
+    }
+    if (!rawResponse) {
+      return { csrfToken: token };
+    }
+  } else {
+    const existingCookie = config.headers.get("cookie");
+    const cookieParts = [];
+    if (existingCookie) {
+      cookieParts.push(
+        parseToken(config.headers),
+        parseCallback(config.headers)
+      );
     }
-    return void 0;
-  }
-  get sessionUrl() {
-    return "/auth/session";
-  }
-  getSession = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    const session = await _requester.get(req, this.sessionUrl, _init);
-    if (Object.keys(session).length === 0) {
-      return void 0;
+    if (csrfCook) {
+      cookieParts.push(csrfCook);
+    } else {
+      cookieParts.push(parseCSRF(config.headers));
     }
-    return session;
-  };
-  get getCsrfUrl() {
-    return "/auth/csrf";
+    const cookie = cookieParts.filter(Boolean).join("; ");
+    config.headers.set("cookie", cookie);
+    updateHeaders(new Headers({ cookie }));
   }
-  async getCsrf(req, init, raw = false) {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.get(req, this.getCsrfUrl, _init, raw);
-  }
-  get listProvidersUrl() {
-    return "/auth/providers";
+  if (rawResponse) {
+    return res;
   }
-  listProviders = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.get(req, this.listProvidersUrl, _init);
-  };
-  get signOutUrl() {
-    return "/auth/signout";
-  }
-  signOut = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    const csrf = await this.getCsrf(
-      req,
-      void 0,
-      true
-    );
-    const csrfHeader = getCsrfToken(csrf.headers, this.headers);
-    const callbackUrl = req && "callbackUrl" in req ? String(req.callbackUrl) : "/";
-    if (!csrfHeader) {
-      this.logger?.debug && this.logger.debug("Request blocked from invalid csrf header");
-      return new Response("Request blocked", { status: 400 });
-    }
-    const headers = new Headers(_init?.headers);
-    const { csrfToken } = await csrf.json() ?? {};
-    const cooks = getCookies(headers);
-    if (csrfHeader) {
-      if (cooks["__Secure-nile.csrf-token"]) {
-        cooks["__Secure-nile.csrf-token"] = encodeURIComponent(csrfHeader);
-      }
-      if (cooks["nile.csrf-token"]) {
-        cooks["nile.csrf-token"] = encodeURIComponent(csrfHeader);
-      }
-    }
-    headers.set(
-      "cookie",
-      Object.keys(cooks).map((key12) => `${key12}=${cooks[key12]}`).join("; ")
-    );
-    const res = await _requester.post(req, this.signOutUrl, {
-      method: "post",
-      body: JSON.stringify({
-        csrfToken,
-        callbackUrl,
-        json: String(true)
-      }),
-      ..._init,
-      headers
-    });
-    this.resetHeaders && this.resetHeaders();
+  try {
+    return await res.clone().json();
+  } catch {
     return res;
-  };
-};
-function getCallbackUrl2(headers) {
-  if (headers) {
-    const cookies = getCookies(headers);
-    if (cookies) {
-      return cookies["__Secure-nile.callback-url"] || cookies["nile.callback-url"];
-    }
   }
 }
-function getCsrfToken(headers, initHeaders) {
-  if (headers) {
-    const cookies = getCookies(headers);
-    let validCookie = "";
-    if (cookies) {
-      validCookie = cookies["__Secure-nile.csrf-token"] || cookies["nile.csrf-token"];
+// src/users/index.ts
+var Users = class {
+  #config;
+  #logger;
+  constructor(config) {
+    this.#config = config;
+    this.#logger = Logger(config, "[me]");
+  }
+  async updateSelf(req, rawResponse) {
+    const res = await fetchMe(this.#config, "PUT", JSON.stringify(req));
+    if (rawResponse) {
+      return res;
     }
-    if (validCookie) {
-      return validCookie;
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
     }
   }
-  if (initHeaders) {
-    const cookies = getCookies(initHeaders);
-    if (cookies) {
-      return cookies["__Secure-nile.csrf-token"] || cookies["nile.csrf-token"];
+  async removeSelf() {
+    const me = await this.getSelf();
+    if ("id" in me) {
+      this.#config.userId = me.id;
     }
+    const res = await fetchMe(this.#config, "DELETE");
+    updateHeaders(new Headers());
+    return res;
   }
-}
-var getCookies = (headers) => {
-  if (!headers) return {};
-  const cookieHeader = headers.get("cookie") || "";
-  const setCookieHeaders = headers.get("set-cookie") || "";
-  const allCookies = [
-    ...cookieHeader.split("; "),
-    // Regular 'cookie' header (semicolon-separated)
-    ...setCookieHeaders.split(/,\s*(?=[^;, ]+=)/)
-    // Smart split for 'set-cookie'
-  ].filter(Boolean);
-  return Object.fromEntries(
-    allCookies.map((cookie) => {
-      const [key12, ...val] = cookie.split("=");
-      return [
-        decodeURIComponent(key12.trim()),
-        decodeURIComponent(val.join("=").trim())
-      ];
-    })
-  );
-};
-// src/tenants/index.ts
-var Tenants = class extends Config {
-  headers;
-  constructor(config, headers) {
-    super(config);
-    this.headers = headers;
-  }
-  handleHeaders(init) {
-    if (this.headers) {
-      if (init) {
-        init.headers = new Headers({ ...this.headers, ...init?.headers });
-        return init;
-      } else {
-        init = {
-          headers: this.headers
-        };
-        return init;
+  async getSelf(rawResponse) {
+    const res = await fetchMe(this.#config);
+    if (rawResponse) {
+      return res;
+    }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
+    }
+  }
+  async verifySelf(bypassEmail = process.env.NODE_ENV !== "production", rawResponse = false) {
+    try {
+      const me = await this.getSelf();
+      if (me instanceof Response) {
+        return me;
       }
+      const res = await verifyEmailAddress(this.#config, me);
+      return res;
+    } catch {
+      this.#logger?.warn(
+        "Unable to verify email. The current user's email will be set to verified any way. Be sure to configure emails for production."
+      );
     }
+    if (bypassEmail) {
+      return await this.updateSelf({ emailVerified: true }, rawResponse);
+    }
+    this.#logger.error(
+      "Unable to verify email address. Configure your SMTP server in the console."
+    );
     return void 0;
   }
-  get tenantsUrl() {
-    return "/tenants";
+};
+async function verifyEmailAddress(config, user) {
+  config.headers.set("content-type", "application/x-www-form-urlencoded");
+  const { csrfToken } = await getCsrf(config);
+  const res = await fetchVerifyEmail(
+    config,
+    "POST",
+    new URLSearchParams({ csrfToken, email: user.email }).toString()
+  );
+  if (res.status > 299) {
+    throw new Error(await res.text());
   }
-  get tenantUrl() {
-    return `/tenants/${this.tenantId ?? "{tenantId}"}`;
+  return res;
+}
+// src/tenants/index.ts
+var Tenants = class {
+  #logger;
+  #config;
+  constructor(config) {
+    this.#logger = Logger(config, "[tenants]");
+    this.#config = config;
   }
-  createTenant = async (req, init) => {
-    let _req;
+  async create(req, rawResponse) {
+    let res;
     if (typeof req === "string") {
-      _req = new Request(`${this.api.basePath}${this.tenantsUrl}`, {
-        body: JSON.stringify({ name: req }),
-        method: "POST",
-        headers: {
-          "content-type": "application/json"
-        }
-      });
-    } else if ("name" in req || "id" in req) {
-      _req = new Request(`${this.api.basePath}${this.tenantsUrl}`, {
-        body: JSON.stringify(req),
-        method: "POST",
-        headers: {
-          "content-type": "application/json"
-        }
-      });
-    } else {
-      _req = req;
+      res = await fetchTenants(
+        this.#config,
+        "POST",
+        JSON.stringify({ name: req })
+      );
+    } else if (typeof req === "object" && ("name" in req || "id" in req)) {
+      res = await fetchTenants(this.#config, "POST", JSON.stringify(req));
     }
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return _requester.post(_req, this.tenantsUrl, _init);
-  };
-  getTenant = async (req, init) => {
-    if (typeof req === "string") {
-      this.tenantId = req;
+    if (rawResponse) {
+      return res;
+    }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
     }
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return _requester.get(req, this.tenantUrl, _init);
-  };
-  get tenantListUrl() {
-    return `/users/${this.userId ?? "{userId}"}/tenants`;
   }
-  listTenants = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return _requester.get(req, this.tenantListUrl, _init);
-  };
-  deleteTenant = async (req, init) => {
+  async delete(req) {
     if (typeof req === "string") {
-      this.tenantId = req;
+      this.#config.tenantId = req;
     }
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return _requester.delete(req, this.tenantUrl, _init);
-  };
-  updateTenant = async (req, init) => {
-    let _req;
-    if (req && "name" in req) {
-      _req = new Request(`${this.api.basePath}${this.tenantUrl}`, {
-        body: JSON.stringify(req),
-        method: "PUT"
-      });
-    } else {
-      _req = req;
+    if (typeof req === "object" && "id" in req) {
+      this.#config.tenantId = req.id;
     }
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return _requester.put(_req, this.tenantUrl, _init);
-  };
-};
-// src/users/index.ts
-var Users = class extends Config {
-  headers;
-  constructor(config, headers) {
-    super(config);
-    this.headers = headers;
+    const res = await fetchTenant(this.#config, "DELETE");
+    return res;
   }
-  usersUrl(user) {
-    const params = new URLSearchParams();
-    if (user.newTenantName) {
-      params.set("newTenantName", user.newTenantName);
+  async get(req, rawResponse) {
+    if (typeof req === "string") {
+      this.#config.tenantId = req;
+    } else if (typeof req === "object" && "id" in req) {
+      this.#config.tenantId = req.id;
     }
-    if (user.tenantId) {
-      params.set("tenantId", user.tenantId);
+    const res = await fetchTenant(this.#config, "GET");
+    if (rawResponse === true || req === true) {
+      return res;
+    }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
     }
-    return `/users?${params.size > 0 ? params : ""}`;
-  }
-  get tenantUsersUrl() {
-    return `/tenants/${this.tenantId ?? "{tenantId}"}/users`;
-  }
-  get linkUsersUrl() {
-    return `/tenants/${this.tenantId ?? "{tenantId}"}/users/${this.userId ?? "{userId}"}/link`;
-  }
-  get tenantUserUrl() {
-    return `/tenants/${this.tenantId ?? "{tenantId}"}/users/${this.userId ?? "{userId}"}`;
   }
-  handleHeaders(init) {
-    if (this.headers) {
-      if (init) {
-        init.headers = new Headers({ ...this.headers, ...init?.headers });
-        return init;
-      } else {
-        init = {
-          headers: this.headers
-        };
-        return init;
+  async update(req, rawResponse) {
+    let res;
+    if (typeof req === "object" && ("name" in req || "id" in req)) {
+      const { id, ...remaining } = req;
+      if (id) {
+        this.#config.tenantId = id;
       }
+      res = await fetchTenant(this.#config, "PUT", JSON.stringify(remaining));
+    }
+    if (rawResponse) {
+      return res;
+    }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
     }
-    return void 0;
   }
-  createUser = async (user, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.post(user, this.usersUrl(user), _init);
-  };
-  createTenantUser = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.post(req, this.tenantUsersUrl, _init);
-  };
-  updateUser = async (req, init) => {
-    let _req;
-    if (req && "id" in req) {
-      _req = new Request(`${this.api.basePath}${this.tenantUserUrl}`, {
-        body: JSON.stringify(req),
-        method: "PUT"
-      });
-      this.userId = String(req.id);
-    } else {
-      _req = req;
+  async list(req) {
+    const res = await fetchTenantsByUser(this.#config);
+    if (req === true) {
+      return res;
     }
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.put(_req, this.tenantUserUrl, _init);
-  };
-  listUsers = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.get(req, this.tenantUsersUrl, _init);
-  };
-  linkUser = async (req, init) => {
-    const _requester = new Requester(this);
-    if (typeof req === "string") {
-      this.userId = req;
-    } else {
-      if ("id" in req) {
-        this.userId = req.id;
-      }
-      if ("tenantId" in req) {
-        this.tenantId = req.tenantId;
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
+    }
+  }
+  async leaveTenant(req) {
+    const me = await fetchMe(this.#config);
+    try {
+      const json = await me.json();
+      if ("id" in json) {
+        this.#config.userId = json.id;
       }
+    } catch {
     }
-    const _init = this.handleHeaders(init);
-    return await _requester.put(req, this.linkUsersUrl, _init);
-  };
-  unlinkUser = async (req, init) => {
     if (typeof req === "string") {
-      this.userId = req;
+      this.#config.tenantId = req;
     } else {
-      if ("id" in req) {
-        this.userId = req.id;
-      }
-      if ("tenantId" in req) {
-        this.tenantId = req.tenantId;
-      }
+      this.#handleContext(req);
     }
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.delete(req, this.linkUsersUrl, _init);
-  };
-  get meUrl() {
-    return "/me";
-  }
-  me = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.get(req, this.meUrl, _init);
-  };
-  updateMe = async (req, init) => {
-    const _requester = new Requester(this);
-    const _init = this.handleHeaders(init);
-    return await _requester.put(req, this.meUrl, _init);
-  };
-};
-// src/Api.ts
-var Api = class {
-  config;
-  users;
-  auth;
-  tenants;
-  routes;
-  #headers;
-  handlers;
-  paths;
-  constructor(config) {
-    this.config = config;
-    this.auth = new Auth(config, void 0, {
-      resetHeaders: this.resetHeaders
-    });
-    this.users = new Users(config);
-    this.tenants = new Tenants(config);
-    this.routes = {
-      ...appRoutes(config?.api.routePrefix),
-      ...config?.api.routes
-    };
-    this.handlers = Handlers(this.routes, config);
-    this.paths = {
-      get: [
-        this.routes.ME,
-        this.routes.TENANT_USERS,
-        this.routes.TENANTS,
-        this.routes.TENANT,
-        this.routes.SESSION,
-        this.routes.SIGNIN,
-        this.routes.PROVIDERS,
-        this.routes.CSRF,
-        this.routes.PASSWORD_RESET,
-        this.routes.CALLBACK,
-        this.routes.SIGNOUT,
-        this.routes.VERIFY_REQUEST,
-        this.routes.ERROR
-      ],
-      post: [
-        this.routes.TENANT_USERS,
-        this.routes.SIGNUP,
-        this.routes.USERS,
-        this.routes.TENANTS,
-        this.routes.SESSION,
-        `${this.routes.SIGNIN}/{provider}`,
-        this.routes.PASSWORD_RESET,
-        this.routes.PROVIDERS,
-        this.routes.CSRF,
-        `${this.routes.CALLBACK}/{provider}`,
-        this.routes.SIGNOUT
-      ],
-      put: [
-        this.routes.TENANT_USERS,
-        this.routes.USERS,
-        this.routes.TENANT,
-        this.routes.PASSWORD_RESET
-      ],
-      delete: [this.routes.TENANT_USER, this.routes.TENANT]
-    };
+    return await fetchTenantUser(this.#config, "DELETE");
   }
-  reset = () => {
-    this.users = new Users(this.config, this.#headers);
-    this.tenants = new Tenants(this.config, this.#headers);
-    this.auth = new Auth(this.config, this.#headers, {
-      resetHeaders: this.resetHeaders
-    });
-  };
-  updateConfig = (config) => {
-    this.config = config;
-    this.handlers = Handlers(this.routes, config);
-  };
-  resetHeaders = (headers) => {
-    this.#headers = new Headers(headers ?? {});
-    setContext(new Headers());
-    this.reset();
-  };
-  set headers(headers) {
-    const updates = [];
-    if (headers instanceof Headers) {
-      headers.forEach((value, key12) => {
-        updates.push([key12.toLowerCase(), value]);
-      });
+  async addMember(req, rawResponse) {
+    if (typeof req === "string") {
+      this.#config.userId = req;
     } else {
-      for (const [key12, value] of Object.entries(headers)) {
-        updates.push([key12.toLowerCase(), value]);
+      this.#handleContext(req);
+    }
+    const res = await fetchTenantUser(this.#config, "PUT");
+    return responseHandler(res, rawResponse);
+  }
+  async removeMember(req, rawResponse) {
+    this.#handleContext(req);
+    const res = await fetchTenantUser(this.#config, "DELETE");
+    return responseHandler(res, rawResponse);
+  }
+  async users(req, rawResponse) {
+    this.#handleContext(req);
+    const res = await fetchTenantUsers(this.#config, "GET");
+    return responseHandler(
+      res,
+      rawResponse || typeof req === "boolean" && req
+    );
+  }
+  #handleContext(req) {
+    if (typeof req === "object") {
+      if ("tenantId" in req) {
+        this.#config.tenantId = req.tenantId;
+      }
+      if ("userId" in req) {
+        this.#config.tenantId = req.tenantId;
       }
     }
-    const merged = {};
-    this.#headers?.forEach((value, key12) => {
-      merged[key12.toLowerCase()] = value;
-    });
-    for (const [key12, value] of updates) {
-      merged[key12] = value;
-    }
-    this.#headers = new Headers();
-    for (const [key12, value] of Object.entries(merged)) {
-      this.#headers.set(key12, value);
-    }
-    this.reset();
   }
-  get headers() {
-    return this.#headers;
+};
+async function responseHandler(res, rawResponse) {
+  if (rawResponse) {
+    return res;
   }
-  getCookie(req) {
-    if (req instanceof Headers) {
-      return parseToken(req);
-    } else if (req instanceof Request) {
-      return parseToken(req.headers);
-    }
-    return null;
+  try {
+    return await res?.clone().json();
+  } catch {
+    return res;
   }
-  login = async (payload, config) => {
-    const [headers, loginRes] = await serverLogin(
-      this.config,
-      this.handlers
-    )(payload);
-    this.headers = headers;
-    this.setContext(headers);
-    if (config?.returnResponse) {
-      return loginRes;
-    }
-    return void 0;
-  };
-  session = async (req) => {
-    if (req instanceof Headers) {
-      return this.auth.getSession(req);
-    } else if (req instanceof Request) {
-      return auth(req, this.config);
+}
+// src/api/handlers/withContext/index.ts
+function handlersWithContext(config) {
+  const GET6 = GETTER(config.routes, config);
+  const POST5 = POSTER(config.routes, config);
+  const DELETE4 = DELETER(config.routes, config);
+  const PUT5 = PUTER(config.routes, config);
+  return {
+    GET: async (req) => {
+      const response = await GET6(req);
+      const updatedConfig = updateConfig(response, config);
+      return { response, nile: new Server(updatedConfig) };
+    },
+    POST: async (req) => {
+      const response = await POST5(req);
+      const updatedConfig = updateConfig(response, config);
+      return { response, nile: new Server(updatedConfig) };
+    },
+    DELETE: async (req) => {
+      const response = await DELETE4(req);
+      const updatedConfig = updateConfig(response, config);
+      return { response, nile: new Server(updatedConfig) };
+    },
+    PUT: async (req) => {
+      const response = await PUT5(req);
+      const updatedConfig = updateConfig(response, config);
+      return { response, nile: new Server(updatedConfig) };
     }
-    return this.auth.getSession(this.#headers);
   };
-  setContext = (req) => {
-    if (req instanceof Headers) {
-      setContext(req);
-      return;
-    } else if (req instanceof Request) {
-      setContext(req.headers);
-      return;
+}
+function updateConfig(response, config) {
+  let origin = "http://localhost:3000";
+  let headers = null;
+  if (response?.status === 302) {
+    const location = response.headers.get("location");
+    if (location) {
+      const urlLocation = new URL(location);
+      origin = urlLocation.origin;
     }
-    const headers = new Headers(req);
-    if (headers) {
-      setContext(headers);
-    } else {
-      const { warn } = Logger(this.config, "[API]");
-      if (warn) {
-        warn("Set context expects a Request or Header object");
+  }
+  const setCookies = [];
+  if (response?.headers) {
+    for (const [key14, value] of response.headers) {
+      if (key14.toLowerCase() === "set-cookie") {
+        setCookies.push(value);
       }
     }
+  }
+  if (setCookies.length > 0) {
+    const cookieHeader = setCookies.map((cookieStr) => cookieStr.split(";")[0]).join("; ");
+    headers = new Headers({ cookie: cookieHeader });
+  }
+  return {
+    ...config,
+    origin,
+    headers: headers ?? void 0
   };
-};
+}
 // src/Server.ts
 var Server = class {
-  config;
-  api;
-  manager;
+  users;
+  tenants;
+  auth;
+  #config;
+  #handlers;
+  #paths;
+  #manager;
+  #headers;
   constructor(config) {
-    this.config = new Config(config, "[initial config]");
-    this.api = new Api(this.config);
-    this.manager = new DBManager(this.config);
+    this.#config = new Config(config, "[initial config]");
     watchTenantId((tenantId) => {
-      this.tenantId = tenantId;
+      if (tenantId !== this.#config.tenantId) {
+        this.#config.tenantId = tenantId;
+        this.#reset();
+      }
     });
     watchUserId((userId) => {
-      this.userId = userId;
+      if (userId !== this.#config.userId) {
+        this.#config.userId = userId;
+        this.#reset();
+      }
     });
-    watchToken((token) => {
-      this.token = token;
+    watchHeaders((headers) => {
+      this.setContext(headers);
+      this.#reset();
     });
+    this.#handlers = {
+      ...this.#config.handlers,
+      withContext: handlersWithContext(this.#config)
+    };
+    this.#paths = this.#config.paths;
+    this.#config.tenantId = getTenantId({ config: this.#config });
+    this.#manager = new DBManager(this.#config);
+    this.#handleHeaders(config);
+    this.users = new Users(this.#config);
+    this.tenants = new Tenants(this.#config);
+    this.auth = new Auth(this.#config);
   }
-  setConfig(cfg) {
-    this.config = new Config(cfg);
-    this.api.updateConfig(this.config);
+  get db() {
+    const pool = this.#manager.getConnection(this.#config);
+    return Object.assign(pool, {
+      clearConnections: () => {
+        this.#manager.clear(this.#config);
+      }
+    });
   }
-  set databaseId(val) {
-    if (val) {
-      this.config.databaseId = val;
-      this.api.users.databaseId = val;
-      this.api.tenants.databaseId = val;
+  /**
+   * A convenience function that applies a config and ensures whatever was passed is set properly
+   */
+  getInstance(config, req) {
+    const _config = { ...this.#config, ...config };
+    const updatedConfig = new Config(_config);
+    this.#config = new Config(updatedConfig);
+    this.#config.tenantId = config.tenantId;
+    this.#config.userId = config.userId;
+    if (req) {
+      this.setContext(req);
     }
+    this.#reset();
+    return this;
   }
-  get userId() {
-    return this.config.userId;
-  }
-  set userId(userId) {
-    this.databaseId = this.config.databaseId;
-    this.config.userId = userId;
-    if (this.api) {
-      this.api.users.userId = this.config.userId;
-      this.api.tenants.userId = this.config.userId;
-    }
+  getPaths() {
+    return this.#paths;
   }
-  get tenantId() {
-    return this.config.tenantId;
+  get handlers() {
+    return this.#handlers;
   }
-  set tenantId(tenantId) {
-    this.databaseId = this.config.databaseId;
-    this.config.tenantId = tenantId;
-    if (this.api) {
-      this.api.users.tenantId = tenantId;
-      this.api.tenants.tenantId = tenantId;
+  /**
+   * Allow the setting of headers from a req or header object.
+   * Makes it possible to handle REST requests easily
+   * Also makes it easy to set user + tenant in some way
+   * @param req
+   * @returns undefined
+   */
+  setContext(req) {
+    try {
+      if (req instanceof Headers) {
+        this.#handleHeaders(req);
+        this.#reset();
+        return;
+      } else if (req instanceof Request) {
+        this.#handleHeaders(new Headers(req.headers));
+        this.#reset();
+        return;
+      }
+    } catch {
     }
-  }
-  get token() {
-    return this.config?.api?.token;
-  }
-  set token(token) {
-    if (token) {
-      this.config.api.token = token;
-      if (this.api) {
-        this.api.users.api.token = token;
-        this.api.tenants.api.token = token;
+    let ok = false;
+    if (req && typeof req === "object" && "tenantId" in req) {
+      ok = true;
+      this.#config.tenantId = req.tenantId;
+    }
+    if (req && typeof req === "object" && "userId" in req) {
+      ok = true;
+      this.#config.userId = req.userId;
+    }
+    if (ok) {
+      return;
+    }
+    if (typeof req === "object") {
+      const headers = new Headers(req);
+      if (headers) {
+        this.#handleHeaders(headers);
+        this.#reset();
+        return;
       }
     }
+    const { warn } = Logger(this.#config, "[API]");
+    if (warn) {
+      warn(
+        "Set context expects a Request, Header instance or an object of Record<string, string>"
+      );
+    }
   }
-  get db() {
-    return this.manager.getConnection(this.config);
-  }
-  clearConnections() {
-    this.manager.clear(this.config);
+  getContext() {
+    return {
+      headers: this.#headers,
+      userId: this.#config.userId,
+      tenantId: this.#config.tenantId
+    };
   }
   /**
-   * A convenience function that applies a config and ensures whatever was passed is set properly
+   * Merge headers together
+   * Internally, passed a NileConfig, externally, should be using Headers
    */
-  getInstance(config) {
-    const _config = { ...this.config, ...config };
-    const updatedConfig = new Config(_config);
-    this.setConfig(updatedConfig);
-    this.tenantId = updatedConfig.tenantId;
-    this.userId = updatedConfig.userId;
-    if (updatedConfig.api.token) {
-      this.token = updatedConfig.api.token;
+  #handleHeaders(config) {
+    const updates = [];
+    let headers;
+    this.#headers = new Headers();
+    if (config instanceof Headers) {
+      headers = config;
+    } else if (config?.headers) {
+      headers = config?.headers;
+      if (config && config.origin) {
+        this.#headers.set(X_NILE_ORIGIN, config.origin);
+      }
+      if (config && config.secureCookies != null) {
+        this.#headers.set(X_NILE_SECURECOOKIES, String(config.secureCookies));
+      }
     }
-    this.databaseId = updatedConfig.databaseId;
-    return this;
+    if (headers instanceof Headers) {
+      headers.forEach((value, key14) => {
+        updates.push([key14.toLowerCase(), value]);
+      });
+    } else {
+      for (const [key14, value] of Object.entries(headers ?? {})) {
+        updates.push([key14.toLowerCase(), value]);
+      }
+    }
+    const merged = {};
+    this.#headers?.forEach((value, key14) => {
+      if (key14.toLowerCase() !== "cookie") {
+        merged[key14.toLowerCase()] = value;
+      }
+    });
+    for (const [key14, value] of updates) {
+      merged[key14] = value;
+    }
+    for (const [key14, value] of Object.entries(merged)) {
+      this.#headers.set(key14, value);
+    }
+    this.#config.headers = this.#headers;
   }
+  /**
+   * Allow some internal mutations to reset our config + headers
+   */
+  #reset = () => {
+    this.#config.headers = this.#headers ?? new Headers();
+    this.users = new Users(this.#config);
+    this.tenants = new Tenants(this.#config);
+    this.auth = new Auth(this.#config);
+  };
 };
 var server;
 function create(config) {
@@ -2590,6 +2708,6 @@ function create(config) {
   return server;
 }
-export { LoginUserResponseTokenTypeEnum, create as Nile, Server };
+export { APIErrorErrorCodeEnum, LoginUserResponseTokenTypeEnum, create as Nile, Server, parseCSRF, parseCallback, parseToken };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map