@niledatabase/server 5.0.0-alpha.1 → 5.0.0-alpha.10

package/dist/index.mjs

@@ -25,9 +25,16 @@ var LoginUserResponseTokenTypeEnum = {
   IdToken: "ID_TOKEN"
 };
 
+// src/utils/constants.ts
+var TENANT_COOKIE = "nile.tenant-id";
+var USER_COOKIE = "nile.user-id";
+var HEADER_ORIGIN = "nile-origin";
+var HEADER_SECURE_COOKIES = "nile-secure-cookies";
+
 // src/api/utils/routes/index.ts
 var NILEDB_API_URL = process.env.NILEDB_API_URL;
-var appRoutes = (prefix = "/api") => ({
+var DEFAULT_PREFIX = "/api";
+var appRoutes = (prefix = DEFAULT_PREFIX) => ({
   SIGNIN: `${prefix}${"/auth/signin" /* SIGNIN */}`,
   PROVIDERS: `${prefix}${"/auth/providers" /* PROVIDERS */}`,
   SESSION: `${prefix}${"/auth/session" /* SESSION */}`,
@@ -36,7 +43,8 @@ var appRoutes = (prefix = "/api") => ({
   SIGNOUT: `${prefix}${"/auth/signout" /* SIGNOUT */}`,
   ERROR: `${prefix}/auth/error`,
   VERIFY_REQUEST: `${prefix}/auth/verify-request`,
-  PASSWORD_RESET: `${prefix}/auth/reset-password`,
+  VERIFY_EMAIL: `${prefix}${"/auth/verify-email" /* VERIFY_EMAIL */}`,
+  PASSWORD_RESET: `${prefix}${"/auth/reset-password" /* PASSWORD_RESET */}`,
   ME: `${prefix}${"/me" /* ME */}`,
   USERS: `${prefix}${"/users" /* USERS */}`,
   USER_TENANTS: `${prefix}${"/users/{userId}/tenants" /* USER_TENANTS */}`,
@@ -45,6 +53,8 @@ var appRoutes = (prefix = "/api") => ({
   TENANT_USER: `${prefix}${"/tenants/{tenantId}/users/{userId}" /* TENANT_USER */}`,
   TENANT_USERS: `${prefix}${"/tenants/{tenantId}/users" /* TENANT_USERS */}`,
   SIGNUP: `${prefix}${"/signup" /* SIGNUP */}`,
+  INVITES: `${prefix}${"/tenants/{tenantId}/invites" /* INVITES */}`,
+  INVITE: `${prefix}${"/tenants/{tenantId}/invite" /* INVITE */}`,
   LOG: `${prefix}/_log`
 });
 var apiRoutes = (config) => ({
@@ -55,6 +65,8 @@ var apiRoutes = (config) => ({
   TENANT: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}`),
   SIGNUP: makeRestUrl(config, "/signup"),
   TENANT_USERS: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/users`),
+  INVITES: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/invites`),
+  INVITE: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/invite`),
   TENANT_USER: makeRestUrl(
     config,
     `/tenants/${config.tenantId}/users/${config.userId}`
@@ -70,7 +82,8 @@ var proxyRoutes = (config) => ({
   SIGNOUT: makeRestUrl(config, "/auth/signout" /* SIGNOUT */),
   ERROR: makeRestUrl(config, "/auth/error"),
   VERIFY_REQUEST: makeRestUrl(config, "/auth/verify-request"),
-  PASSWORD_RESET: makeRestUrl(config, "/auth/reset-password")
+  PASSWORD_RESET: makeRestUrl(config, "/auth/reset-password" /* PASSWORD_RESET */),
+  VERIFY_EMAIL: makeRestUrl(config, "/auth/verify-email" /* VERIFY_EMAIL */)
 });
 function filterNullUndefined(obj) {
   if (!obj) {
@@ -95,9 +108,9 @@ function makeRestUrl(config, path, qp) {
   const strParams = params.toString();
   return `${[url, path.substring(1, path.length)].join("/")}${strParams ? `?${strParams}` : ""}`;
 }
-function urlMatches(requestUrl, route16) {
+function urlMatches(requestUrl, route20) {
   const url = new URL(requestUrl);
-  return url.pathname.startsWith(route16);
+  return url.pathname.startsWith(route20);
 }
 function isUUID(value) {
   if (!value) {
@@ -107,109 +120,61 @@ function isUUID(value) {
   return regex.test(value);
 }
 
-// src/utils/Logger.ts
-var red = "\x1B[31m";
-var yellow = "\x1B[38;2;255;255;0m";
-var purple = "\x1B[38;2;200;160;255m";
-var orange = "\x1B[38;2;255;165;0m";
-var reset = "\x1B[0m";
-var baseLogger = (config, ...params) => ({
-  info(message, meta) {
-    if (config?.debug) {
-      console.info(
-        `${orange}[niledb]${reset}${purple}[DEBUG]${reset}${params.join(
-          ""
-        )}${reset} ${message}`,
-        meta ? `${JSON.stringify(meta)}` : ""
-      );
-    }
-  },
-  debug(message, meta) {
-    if (config?.debug) {
-      console.debug(
-        `${orange}[niledb]${reset}${purple}[DEBUG]${reset}${params.join(
-          ""
-        )}${reset} ${message}`,
-        meta ? `${JSON.stringify(meta)}` : ""
-      );
-    }
-  },
-  warn(message, meta) {
-    if (config?.debug) {
-      console.warn(
-        `${orange}[niledb]${reset}${yellow}[WARN]${reset}${params.join(
-          ""
-        )}${reset} ${message}`,
-        meta ? JSON.stringify(meta) : ""
-      );
-    }
-  },
-  error(message, meta) {
-    console.error(
-      `${orange}[niledb]${reset}${red}[ERROR]${reset}${params.join(
-        ""
-      )}${red} ${message}`,
-      meta ? meta : "",
-      `${reset}`
-    );
-  }
-});
-function Logger(config, ...params) {
-  const base = baseLogger(config, params);
-  const info = config?.logger?.info ?? base.info;
-  const debug = config?.logger?.debug ?? base.debug;
-  const warn = config?.logger?.warn ?? base.warn;
-  const error = config?.logger?.error ?? base.error;
-  return { info, warn, error, debug };
-}
-function matchesLog(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes.LOG);
-}
-
-// src/utils/constants.ts
-var X_NILE_TENANT = "nile.tenant_id";
-var X_NILE_ORIGIN = "nile.origin";
-var X_NILE_SECURECOOKIES = "nile.secure_cookies";
-
 // src/api/utils/request.ts
 async function request(url, _init, config) {
-  const { debug, info, error } = Logger(config, "[REQUEST]");
+  const { debug, info, error } = config.logger("[REQUEST]");
   const { request: request2, ...init } = _init;
   const requestUrl = new URL(request2.url);
   const updatedHeaders = new Headers({});
   if (request2.headers.get("cookie")) {
     updatedHeaders.set("cookie", String(request2.headers.get("cookie")));
   }
-  if (request2.headers.get(X_NILE_TENANT)) {
+  if (request2.headers.get(TENANT_COOKIE)) {
     updatedHeaders.set(
-      X_NILE_TENANT,
-      String(request2.headers.get(X_NILE_TENANT))
+      TENANT_COOKIE,
+      String(request2.headers.get(TENANT_COOKIE))
     );
   }
   if (config.secureCookies != null) {
-    updatedHeaders.set(X_NILE_SECURECOOKIES, String(config.secureCookies));
+    updatedHeaders.set(HEADER_SECURE_COOKIES, String(config.secureCookies));
+  } else {
+    updatedHeaders.set(
+      HEADER_SECURE_COOKIES,
+      process.env.NODE_ENV === "production" ? "true" : "false"
+    );
   }
   updatedHeaders.set("host", requestUrl.host);
   if (config.callbackUrl) {
     const cbUrl = new URL(config.callbackUrl);
     debug(`Obtained origin from config.callbackUrl ${config.callbackUrl}`);
-    updatedHeaders.set(X_NILE_ORIGIN, cbUrl.origin);
+    updatedHeaders.set(HEADER_ORIGIN, cbUrl.origin);
+  } else if (config.origin) {
+    debug(`Obtained origin from config.origin ${config.origin}`);
+    updatedHeaders.set(HEADER_ORIGIN, config.origin);
   } else {
-    updatedHeaders.set(X_NILE_ORIGIN, requestUrl.origin);
-    debug(`Obtained origin from request ${requestUrl.origin}`);
+    const passedOrigin = request2.headers.get(HEADER_ORIGIN);
+    if (passedOrigin) {
+      updatedHeaders.set(HEADER_ORIGIN, passedOrigin);
+    } else {
+      const reqOrigin = config.routePrefix !== DEFAULT_PREFIX ? `${requestUrl.origin}${config.routePrefix}` : requestUrl.origin;
+      updatedHeaders.set(HEADER_ORIGIN, reqOrigin);
+      debug(`Obtained origin from request ${reqOrigin}`);
+    }
   }
   const params = { ...init };
   if (params.method?.toLowerCase() === "post" || params.method?.toLowerCase() === "put") {
     try {
       updatedHeaders.set("content-type", "application/json");
-      const initBody = await new Response(_init.request.clone().body).json();
-      const requestBody = await new Response(request2.clone().body).json();
-      params.body = JSON.stringify(initBody ?? requestBody);
+      const bodyStream = _init.body ?? _init.request?.body ?? request2.body;
+      const bodyText = await new Response(bodyStream).text();
+      try {
+        params.body = JSON.stringify(JSON.parse(bodyText));
+      } catch {
+        updatedHeaders.set("content-type", "application/x-www-form-urlencoded");
+        params.body = bodyText;
+      }
     } catch (e) {
-      updatedHeaders.set("content-type", "application/x-www-form-urlencoded");
-      const initBody = await new Response(_init.request.clone().body).text();
-      const requestBody = await new Response(request2.clone().body).text();
-      params.body = initBody ?? requestBody;
+      error("Failed to parse request body");
     }
   }
   params.headers = updatedHeaders;
@@ -218,6 +183,7 @@ async function request(url, _init, config) {
     params.headers.set("request-id", crypto.randomUUID());
     params.cache = "no-store";
   }
+  await config.extensionCtx?.handleOnRequest(config, _init, params);
   try {
     const res = await fetch(fullUrl, {
       ...params
@@ -254,7 +220,7 @@ async function request(url, _init, config) {
 
 // src/api/utils/auth.ts
 async function auth(req, config) {
-  const { info, error } = Logger(config, "[nileauth]");
+  const { info, error } = config.logger("[nileauth]");
   info("checking auth");
   const sessionUrl = `${config.apiUrl}/auth/session`;
   info(`using session ${sessionUrl}`);
@@ -300,7 +266,7 @@ function matches(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes[key]);
 }
 async function fetchMe(config, method, body) {
-  const clientUrl = `${config.origin}${config.routePrefix}${"/me" /* ME */}`;
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/me" /* ME */}`;
   const init = {
     headers: config.headers,
     method: method ?? "GET"
@@ -330,47 +296,6 @@ async function GET(url, init, config) {
   return res;
 }
 
-// src/utils/Event/index.ts
-var Eventer = class {
-  events = {};
-  publish(eventName, value) {
-    const callbacks = this.events[eventName];
-    if (callbacks) {
-      for (const callback of callbacks) {
-        callback(value);
-      }
-    }
-  }
-  subscribe(eventName, callback) {
-    if (!this.events[eventName]) {
-      this.events[eventName] = [];
-    }
-    this.events[eventName].push(callback);
-  }
-  unsubscribe(eventName, callback) {
-    const callbacks = this.events[eventName];
-    if (!callbacks) return;
-    const index = callbacks.indexOf(callback);
-    if (index !== -1) {
-      callbacks.splice(index, 1);
-    }
-    if (callbacks.length === 0) {
-      delete this.events[eventName];
-    }
-  }
-};
-var eventer = new Eventer();
-var watchTenantId = (cb) => eventer.subscribe("tenantId" /* Tenant */, cb);
-var watchUserId = (cb) => eventer.subscribe("userId" /* User */, cb);
-var evictPool = (val) => {
-  eventer.publish("EvictPool" /* EvictPool */, val);
-};
-var watchEvictPool = (cb) => eventer.subscribe("EvictPool" /* EvictPool */, cb);
-var updateHeaders = (val) => {
-  eventer.publish("headers" /* Headers */, val);
-};
-var watchHeaders = (cb) => eventer.subscribe("headers" /* Headers */, cb);
-
 // src/utils/fetch.ts
 function getTokenFromCookie(headers, cookieKey) {
   const cookie = headers.get("cookie")?.split("; ");
@@ -396,8 +321,8 @@ function getTokenFromCookie(headers, cookieKey) {
   }
 }
 function getTenantFromHttp(headers, config) {
-  const cookieTenant = getTokenFromCookie(headers, X_NILE_TENANT);
-  return cookieTenant ?? headers?.get(X_NILE_TENANT) ?? config?.tenantId;
+  const cookieTenant = getTokenFromCookie(headers, TENANT_COOKIE);
+  return cookieTenant ? cookieTenant : config?.tenantId;
 }
 
 // src/api/routes/users/POST.ts
@@ -407,7 +332,7 @@ async function POST(config, init) {
   const yurl = new URL(init.request.url);
   const tenantId = yurl.searchParams.get("tenantId");
   const newTenantName = yurl.searchParams.get("newTenantName");
-  const tenant = tenantId ?? getTenantFromHttp(init.request.headers);
+  const tenant = tenantId ?? getTenantFromHttp(init.request.headers, config);
   const url = apiRoutes(config).USERS({ tenantId: tenant, newTenantName });
   return await request(url, init, config);
 }
@@ -416,21 +341,18 @@ async function POST(config, init) {
 async function GET2(config, init, log) {
   const yurl = new URL(init.request.url);
   const tenantId = yurl.searchParams.get("tenantId");
-  const tenant = tenantId ?? getTenantFromHttp(init.request.headers);
+  const tenant = tenantId ?? getTenantFromHttp(init.request.headers, config);
   if (!tenant) {
     log("[GET] No tenant id provided.");
     return new Response(null, { status: 404 });
   }
-  const url = apiRoutes(config).TENANT_USERS(tenant);
   init.method = "GET";
+  const url = apiRoutes(config).TENANT_USERS(tenant);
   return await request(url, init, config);
 }
 
 // src/api/routes/users/[userId]/PUT.ts
-async function PUT2(config, session, init) {
-  if (!session) {
-    return new Response(null, { status: 401 });
-  }
+async function PUT2(config, init) {
   init.body = init.request.body;
   init.method = "PUT";
   const [userId] = new URL(init.request.url).pathname.split("/").reverse();
@@ -441,18 +363,14 @@ async function PUT2(config, session, init) {
 // src/api/routes/users/index.ts
 var key2 = "USERS";
 async function route2(request2, config) {
-  const { info } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key2}]`
-  );
-  const session = await auth(request2, config);
+  const { info } = config.logger(`[ROUTES][${key2}]`);
   switch (request2.method) {
     case "GET":
       return await GET2(config, { request: request2 }, info);
     case "POST":
       return await POST(config, { request: request2 });
     case "PUT":
-      return await PUT2(config, session, { request: request2 });
+      return await PUT2(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
@@ -470,7 +388,11 @@ async function GET3(config, init) {
 }
 
 // src/api/routes/tenants/[tenantId]/users/POST.ts
-async function POST2(config, session, init) {
+async function POST2(config, init) {
+  const session = await auth(init.request, config);
+  if (!session) {
+    return new Response(null, { status: 401 });
+  }
   const yurl = new URL(init.request.url);
   const [, tenantId] = yurl.pathname.split("/").reverse();
   init.body = JSON.stringify({ email: session.email });
@@ -482,15 +404,7 @@ async function POST2(config, session, init) {
 // src/api/routes/tenants/[tenantId]/users/index.ts
 var key3 = "TENANT_USERS";
 async function route3(request2, config) {
-  const { info } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key3}]`
-  );
-  const session = await auth(request2, config);
-  if (!session) {
-    info("401");
-    return new Response(null, { status: 401 });
-  }
+  const { info } = config.logger(`[ROUTES][${key3}]`);
   const yurl = new URL(request2.url);
   const [, tenantId] = yurl.pathname.split("/").reverse();
   if (!tenantId) {
@@ -501,7 +415,7 @@ async function route3(request2, config) {
     case "GET":
       return await GET3(config, { request: request2 });
     case "POST":
-      return await POST2(config, session, { request: request2 });
+      return await POST2(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
@@ -509,21 +423,21 @@ async function route3(request2, config) {
 function matches3(configRoutes, request2) {
   const url = new URL(request2.url);
   const [userId, possibleTenantId, tenantId] = url.pathname.split("/").reverse();
-  let route16 = configRoutes[key3].replace("{tenantId}", tenantId).replace("{userId}", userId);
+  let route20 = configRoutes[key3].replace("{tenantId}", tenantId).replace("{userId}", userId);
   if (userId === "users") {
-    route16 = configRoutes[key3].replace("{tenantId}", possibleTenantId);
+    route20 = configRoutes[key3].replace("{tenantId}", possibleTenantId);
   }
-  return urlMatches(request2.url, route16);
+  return urlMatches(request2.url, route20);
 }
 async function fetchTenantUsers(config, method, payload) {
   const { body, params } = {};
   if (!config.tenantId) {
     throw new Error(
-      'Unable to fetch tenant, the tenantId context is missing. Call nile.setContext({ tenantId }), set nile.tenantId = "tenantId", or add it to the function call'
+      "Unable to fetch the user's tenants, the tenantId context is missing. Call nile.setContext({ tenantId })"
     );
   }
-  if (!isUUID(config.tenantId) && config.logger?.warn) {
-    config.logger?.warn(
+  if (!isUUID(config.tenantId)) {
+    config.logger("fetchTenantUsers").warn(
       "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
     );
   }
@@ -534,7 +448,7 @@ async function fetchTenantUsers(config, method, payload) {
   if (params?.tenantId) {
     q.set("tenantId", params.tenantId);
   }
-  const clientUrl = `${config.origin}${config.routePrefix}${"/tenants/{tenantId}/users" /* TENANT_USERS */.replace(
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/users" /* TENANT_USERS */.replace(
     "{tenantId}",
     config.tenantId
   )}`;
@@ -547,8 +461,139 @@ async function fetchTenantUsers(config, method, payload) {
   return await config.handlers[m](req);
 }
 
+// src/api/routes/tenants/[tenantId]/invite/PUT.ts
+async function PUT3(config, init) {
+  const yurl = new URL(init.request.url);
+  const [, tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
+  }
+  if (yurl.searchParams.size > 0) {
+    init.body = new URLSearchParams(yurl.searchParams).toString();
+  }
+  init.method = "PUT";
+  const url = `${apiRoutes(config).INVITE(tenantId)}`;
+  const res = await request(url, init, config);
+  const location = res?.headers.get("location");
+  if (location) {
+    return new Response(res?.body, {
+      status: 302,
+      headers: res?.headers
+    });
+  }
+  return new Response(res?.body, {
+    status: res?.status,
+    headers: res?.headers
+  });
+}
+
+// src/api/routes/tenants/[tenantId]/invite/POST.ts
+async function POST3(config, init) {
+  const yurl = new URL(init.request.url);
+  const [, tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
+  }
+  init.method = "POST";
+  init.body = init.request.body;
+  const url = `${apiRoutes(config).INVITE(tenantId)}`;
+  return await request(url, init, config);
+}
+
+// src/api/routes/tenants/[tenantId]/invite/index.ts
+var key4 = "INVITE";
+async function route4(request2, config) {
+  switch (request2.method) {
+    // the browser is a GET, but we need to PUT it into nile-auth
+    // server side, this is a put
+    case "GET":
+    case "PUT":
+      return await PUT3(config, { request: request2 });
+    case "POST":
+      return await POST3(config, { request: request2 });
+    default:
+      return new Response("method not allowed", { status: 405 });
+  }
+}
+function matches4(configRoutes, request2) {
+  const url = new URL(request2.url);
+  const [, tenantId] = url.pathname.split("/").reverse();
+  const route20 = configRoutes[key4].replace("{tenantId}", tenantId);
+  return urlMatches(request2.url, route20);
+}
+async function fetchInvite(config, method, body) {
+  if (!config.tenantId) {
+    throw new Error(
+      "Unable to fetch the invite for the tenant, the tenantId context is missing. Call nile.setContext({ tenantId })"
+    );
+  }
+  if (!isUUID(config.tenantId)) {
+    config.logger("fetchInvite").warn(
+      "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
+    );
+  }
+  let clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/invite" /* INVITE */.replace("{tenantId}", config.tenantId)}`;
+  const m = method ?? "GET";
+  const init = {
+    method: m,
+    headers: config.headers
+  };
+  if (method === "POST" || method === "PUT") {
+    init.body = body;
+  }
+  if (method === "DELETE") {
+    clientUrl = `${clientUrl}/${body}`;
+  }
+  const req = new Request(clientUrl, init);
+  return await config.handlers[m](req);
+}
+
+// src/api/routes/tenants/[tenantId]/invites/GET.ts
+async function GET4(config, init) {
+  const yurl = new URL(init.request.url);
+  const [, tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
+  }
+  init.method = "GET";
+  const url = `${apiRoutes(config).INVITES(tenantId)}`;
+  return await request(url, init, config);
+}
+
+// src/api/routes/tenants/[tenantId]/invites/index.ts
+var key5 = "INVITES";
+async function route5(request2, config) {
+  switch (request2.method) {
+    case "GET":
+      return await GET4(config, { request: request2 });
+    default:
+      return new Response("method not allowed", { status: 405 });
+  }
+}
+function matches5(configRoutes, request2) {
+  const url = new URL(request2.url);
+  const [, tenantId] = url.pathname.split("/").reverse();
+  const route20 = configRoutes[key5].replace("{tenantId}", tenantId);
+  return url.pathname.endsWith(route20);
+}
+async function fetchInvites(config) {
+  if (!config.tenantId) {
+    throw new Error(
+      "Unable to fetch invites for the tenant, the tenantId context is missing. Call nile.setContext({ tenantId })"
+    );
+  }
+  if (!isUUID(config.tenantId)) {
+    config.logger("fetchInvites").warn(
+      "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
+    );
+  }
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/invites" /* INVITES */.replace("{tenantId}", config.tenantId)}`;
+  const req = new Request(clientUrl, { headers: config.headers });
+  return await config.handlers.GET(req);
+}
+
 // src/api/routes/tenants/GET.ts
-async function GET4(config, session, init) {
+async function GET5(config, session, init) {
   let url = `${apiRoutes(config).USER_TENANTS(session.id)}`;
   if (typeof session === "object" && "user" in session && session.user) {
     url = `${apiRoutes(config).USER_TENANTS(session.user.id)}`;
@@ -558,7 +603,7 @@ async function GET4(config, session, init) {
 }
 
 // src/api/routes/tenants/[tenantId]/GET.ts
-async function GET5(config, init, log) {
+async function GET6(config, init, log) {
   const yurl = new URL(init.request.url);
   const [tenantId] = yurl.pathname.split("/").reverse();
   if (!tenantId) {
@@ -583,7 +628,7 @@ async function DELETE2(config, init) {
 }
 
 // src/api/routes/tenants/[tenantId]/PUT.ts
-async function PUT3(config, init) {
+async function PUT4(config, init) {
   const yurl = new URL(init.request.url);
   const [tenantId] = yurl.pathname.split("/").reverse();
   if (!tenantId) {
@@ -596,7 +641,7 @@ async function PUT3(config, init) {
 }
 
 // src/api/routes/tenants/POST.ts
-async function POST3(config, init) {
+async function POST4(config, init) {
   init.body = init.request.body;
   init.method = "POST";
   const url = `${apiRoutes(config).TENANTS}`;
@@ -604,12 +649,9 @@ async function POST3(config, init) {
 }
 
 // src/api/routes/tenants/index.ts
-var key4 = "TENANTS";
-async function route4(request2, config) {
-  const { info } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key4}]`
-  );
+var key6 = "TENANTS";
+async function route6(request2, config) {
+  const { info } = config.logger(`[ROUTES][${key6}]`);
   const session = await auth(request2, config);
   if (!session) {
     info("401");
@@ -619,24 +661,24 @@ async function route4(request2, config) {
   switch (request2.method) {
     case "GET":
       if (isUUID(possibleTenantId)) {
-        return await GET5(config, { request: request2 }, info);
+        return await GET6(config, { request: request2 }, info);
       }
-      return await GET4(config, session, { request: request2 });
+      return await GET5(config, session, { request: request2 });
     case "POST":
-      return await POST3(config, { request: request2 });
+      return await POST4(config, { request: request2 });
     case "DELETE":
       return await DELETE2(config, { request: request2 });
     case "PUT":
-      return await PUT3(config, { request: request2 });
+      return await PUT4(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
 }
-function matches4(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key4]);
+function matches6(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key6]);
 }
 async function fetchTenants(config, method, body) {
-  const clientUrl = `${config.origin}${config.routePrefix}${"/tenants" /* TENANTS */}`;
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants" /* TENANTS */}`;
   const init = {
     method,
     headers: config.headers
@@ -650,15 +692,15 @@ async function fetchTenants(config, method, body) {
 async function fetchTenant(config, method, body) {
   if (!config.tenantId) {
     throw new Error(
-      'Unable to fetch tenant, the tenantId context is missing. Call nile.setContext({ tenantId }), set nile.tenantId = "tenantId", or add it to the function call'
+      "Unable to fetch tenants, the tenantId context is missing. Call nile.setContext({ tenantId })"
     );
   }
-  if (!isUUID(config.tenantId) && config.logger?.warn) {
-    config.logger?.warn(
+  if (!isUUID(config.tenantId)) {
+    config.logger("fetch tenant").warn(
       "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
     );
   }
-  const clientUrl = `${config.origin}${config.routePrefix}${"/tenants/{tenantId}" /* TENANT */.replace("{tenantId}", config.tenantId)}`;
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}" /* TENANT */.replace("{tenantId}", config.tenantId)}`;
   const m = method ?? "GET";
   const init = {
     method: m,
@@ -671,36 +713,32 @@ async function fetchTenant(config, method, body) {
   return await config.handlers[m](req);
 }
 async function fetchTenantsByUser(config) {
-  if (config.logger?.warn) {
-    if (!config.userId) {
-      config.logger?.warn(
-        "nile.userId is not set. The call will still work for the API, but the database context is not set properly and may lead to unexpected behavior in your application."
-      );
-    } else if (!isUUID(config.userId)) {
-      config.logger?.warn(
-        "nile.userId is not a valid UUID. This may lead to unexpected behavior in your application."
-      );
-    }
+  const { warn } = config.logger("fetchTenantsByUser");
+  if (!config.userId) {
+    warn(
+      "nile.userId is not set. The call will still work for the API, but the database context is not set properly and may lead to unexpected behavior in your application."
+    );
+  } else if (!isUUID(config.userId)) {
+    warn(
+      "nile.userId is not a valid UUID. This may lead to unexpected behavior in your application."
+    );
   }
-  const clientUrl = `${config.origin}${config.routePrefix}${"/users/{userId}/tenants" /* USER_TENANTS */.replace(
-    "{userId}",
-    config.userId ?? "WARN_NOT_SET"
-  )}`;
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants" /* TENANTS */}`;
   const req = new Request(clientUrl, { headers: config.headers });
   return await config.handlers.GET(req);
 }
 
 // src/api/routes/auth/signin.ts
-var key5 = "SIGNIN";
-async function route5(req, config) {
-  let url = proxyRoutes(config)[key5];
+var key7 = "SIGNIN";
+async function route7(req, config) {
+  let url = proxyRoutes(config)[key7];
   const init = {
     method: req.method,
     headers: req.headers
   };
   if (req.method === "POST") {
     const [provider] = new URL(req.url).pathname.split("/").reverse();
-    url = `${proxyRoutes(config)[key5]}/${provider}`;
+    url = `${proxyRoutes(config)[key7]}/${provider}`;
   }
   const passThroughUrl = new URL(req.url);
   const params = new URLSearchParams(passThroughUrl.search);
@@ -708,11 +746,11 @@ async function route5(req, config) {
   const res = await request(url, { ...init, request: req }, config);
   return res;
 }
-function matches5(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key5]);
+function matches7(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key7]);
 }
 async function fetchSignIn(config, provider, body) {
-  const clientUrl = `${config.origin}${config.routePrefix}${"/auth/signin" /* SIGNIN */}/${provider}`;
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/signin" /* SIGNIN */}/${provider}`;
   const req = new Request(clientUrl, {
     method: "POST",
     headers: config.headers,
@@ -722,7 +760,7 @@ async function fetchSignIn(config, provider, body) {
 }
 
 // src/api/routes/auth/session.ts
-async function route6(req, config) {
+async function route8(req, config) {
   return request(
     proxyRoutes(config).SESSION,
     {
@@ -732,11 +770,11 @@ async function route6(req, config) {
     config
   );
 }
-function matches6(configRoutes, request2) {
+function matches8(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.SESSION);
 }
 async function fetchSession(config) {
-  const clientUrl = `${config.origin}${config.routePrefix}${"/auth/session" /* SESSION */}`;
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/session" /* SESSION */}`;
   const req = new Request(clientUrl, {
     method: "GET",
     headers: config.headers
@@ -745,7 +783,7 @@ async function fetchSession(config) {
 }
 
 // src/api/routes/auth/providers.ts
-async function route7(req, config) {
+async function route9(req, config) {
   return request(
     proxyRoutes(config).PROVIDERS,
     {
@@ -755,11 +793,11 @@ async function route7(req, config) {
     config
   );
 }
-function matches7(configRoutes, request2) {
+function matches9(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.PROVIDERS);
 }
 async function fetchProviders(config) {
-  const clientUrl = `${config.origin}${config.routePrefix}${"/auth/providers" /* PROVIDERS */}`;
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/providers" /* PROVIDERS */}`;
   const req = new Request(clientUrl, {
     method: "GET",
     headers: config.headers
@@ -768,7 +806,7 @@ async function fetchProviders(config) {
 }
 
 // src/api/routes/auth/csrf.ts
-async function route8(req, config) {
+async function route10(req, config) {
   return request(
     proxyRoutes(config).CSRF,
     {
@@ -778,11 +816,11 @@ async function route8(req, config) {
     config
   );
 }
-function matches8(configRoutes, request2) {
+function matches10(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.CSRF);
 }
 async function fetchCsrf(config) {
-  const clientUrl = `${config.origin}${config.routePrefix}${"/auth/csrf" /* CSRF */}`;
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/csrf" /* CSRF */}`;
   const req = new Request(clientUrl, {
     method: "GET",
     headers: config.headers
@@ -791,17 +829,14 @@ async function fetchCsrf(config) {
 }
 
 // src/api/routes/auth/callback.ts
-var key6 = "CALLBACK";
-async function route9(req, config) {
-  const { error } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key6}]`
-  );
+var key8 = "CALLBACK";
+async function route11(req, config) {
+  const { error } = config.logger(`[ROUTES][${key8}]`);
   const [provider] = new URL(req.url).pathname.split("/").reverse();
   try {
     const passThroughUrl = new URL(req.url);
     const params = new URLSearchParams(passThroughUrl.search);
-    const url = `${proxyRoutes(config)[key6]}/${provider}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
+    const url = `${proxyRoutes(config)[key8]}/${provider}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
     const res = await request(
       url,
       {
@@ -828,13 +863,13 @@ async function route9(req, config) {
   }
   return new Response("An unexpected error has occurred.", { status: 400 });
 }
-function matches9(configRoutes, request2) {
+function matches11(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.CALLBACK);
 }
-async function fetchCallback(config, provider, body) {
-  const clientUrl = `${config.origin}${config.routePrefix}${"/auth/callback" /* CALLBACK */}/${provider}`;
+async function fetchCallback(config, provider, body, request2, method = "POST") {
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/callback" /* CALLBACK */}/${provider}${request2 ? `?${new URL(request2.url).searchParams}` : ""}`;
   const req = new Request(clientUrl, {
-    method: "POST",
+    method,
     headers: config.headers,
     body
   });
@@ -842,25 +877,25 @@ async function fetchCallback(config, provider, body) {
 }
 
 // src/api/routes/auth/signout.ts
-var key7 = "SIGNOUT";
-async function route10(request2, config) {
-  let url = proxyRoutes(config)[key7];
+var key9 = "SIGNOUT";
+async function route12(request2, config) {
+  let url = proxyRoutes(config)[key9];
   const init = {
     method: request2.method
   };
   if (request2.method === "POST") {
     init.body = request2.body;
     const [provider] = new URL(request2.url).pathname.split("/").reverse();
-    url = `${proxyRoutes(config)[key7]}${provider !== "signout" ? `/${provider}` : ""}`;
+    url = `${proxyRoutes(config)[key9]}${provider !== "signout" ? `/${provider}` : ""}`;
   }
   const res = await request(url, { ...init, request: request2 }, config);
   return res;
 }
-function matches10(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key7]);
+function matches12(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key9]);
 }
 async function fetchSignOut(config, body) {
-  const clientUrl = `${config.origin}${config.routePrefix}${"/auth/signout" /* SIGNOUT */}`;
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/signout" /* SIGNOUT */}`;
   const req = new Request(clientUrl, {
     method: "POST",
     body,
@@ -870,10 +905,10 @@ async function fetchSignOut(config, body) {
 }
 
 // src/api/routes/auth/error.ts
-var key8 = "ERROR";
-async function route11(req, config) {
+var key10 = "ERROR";
+async function route13(req, config) {
   return request(
-    proxyRoutes(config)[key8],
+    proxyRoutes(config)[key10],
     {
       method: req.method,
       request: req
@@ -881,15 +916,15 @@ async function route11(req, config) {
     config
   );
 }
-function matches11(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key8]);
+function matches13(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key10]);
 }
 
 // src/api/routes/auth/verify-request.ts
-var key9 = "VERIFY_REQUEST";
-async function route12(req, config) {
+var key11 = "VERIFY_REQUEST";
+async function route14(req, config) {
   return request(
-    proxyRoutes(config)[key9],
+    proxyRoutes(config)[key11],
     {
       method: req.method,
       request: req
@@ -897,14 +932,14 @@ async function route12(req, config) {
     config
   );
 }
-function matches12(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key9]);
+function matches14(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key11]);
 }
 
 // src/api/routes/auth/password-reset.ts
-var key10 = "PASSWORD_RESET";
-async function route13(req, config) {
-  const url = proxyRoutes(config)[key10];
+var key12 = "PASSWORD_RESET";
+async function route15(req, config) {
+  const url = proxyRoutes(config)[key12];
   const res = await request(
     url,
     {
@@ -925,73 +960,203 @@ async function route13(req, config) {
     headers: res?.headers
   });
 }
-function matches13(configRoutes, request2) {
+function matches15(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.PASSWORD_RESET);
 }
+async function fetchResetPassword(config, method, body, params, useJson = true) {
+  const authParams = new URLSearchParams(params ?? {});
+  if (useJson) {
+    authParams?.set("json", "true");
+  }
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/reset-password" /* PASSWORD_RESET */}?${authParams?.toString()}`;
+  const init = {
+    method,
+    headers: config.headers
+  };
+  if (body && method !== "GET") {
+    init.body = body;
+  }
+  const req = new Request(clientUrl, init);
+  return await config.handlers[method](req);
+}
+
+// src/api/routes/auth/verify-email.ts
+var key13 = "VERIFY_EMAIL";
+async function route16(req, config) {
+  const url = proxyRoutes(config)[key13];
+  const res = await request(
+    url,
+    {
+      method: req.method,
+      request: req
+    },
+    config
+  );
+  const location = res?.headers.get("location");
+  if (location) {
+    return new Response(res?.body, {
+      status: 302,
+      headers: res?.headers
+    });
+  }
+  return new Response(res?.body, {
+    status: res?.status,
+    headers: res?.headers
+  });
+}
+function matches16(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key13]);
+}
+async function fetchVerifyEmail(config, method, body) {
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/verify-email" /* VERIFY_EMAIL */}`;
+  const init = {
+    method,
+    headers: config.headers
+  };
+  if (body) {
+    init.body = body;
+  }
+  const req = new Request(clientUrl, init);
+  return await config.handlers[method](req);
+}
 
 // src/api/handlers/GET.ts
 function GETTER(configRoutes, config) {
-  const { info, warn } = Logger(config, "[GET MATCHER]");
-  return async function GET6(req) {
+  const { info, warn } = config.logger("[GET MATCHER]");
+  return async function GET7(req) {
     if (matches(configRoutes, req)) {
       info("matches me");
       return route(req, config);
     }
+    if (matches5(configRoutes, req)) {
+      info("matches tenant invites");
+      return route5(req, config);
+    }
+    if (matches4(configRoutes, req)) {
+      info("matches invite");
+      return route4(req, config);
+    }
     if (matches3(configRoutes, req)) {
       info("matches tenant users");
       return route3(req, config);
     }
+    if (matches6(configRoutes, req)) {
+      info("matches tenants");
+      return route6(req, config);
+    }
     if (matches2(configRoutes, req)) {
       info("matches users");
       return route2(req, config);
     }
-    if (matches4(configRoutes, req)) {
-      info("matches tenants");
-      return route4(req, config);
-    }
-    if (matches6(configRoutes, req)) {
+    if (matches8(configRoutes, req)) {
       info("matches session");
-      return route6(req, config);
+      return route8(req, config);
     }
-    if (matches5(configRoutes, req)) {
+    if (matches7(configRoutes, req)) {
       info("matches signin");
-      return route5(req, config);
+      return route7(req, config);
     }
-    if (matches7(configRoutes, req)) {
+    if (matches9(configRoutes, req)) {
       info("matches providers");
-      return route7(req, config);
+      return route9(req, config);
     }
-    if (matches8(configRoutes, req)) {
+    if (matches10(configRoutes, req)) {
       info("matches csrf");
-      return route8(req, config);
+      return route10(req, config);
     }
-    if (matches13(configRoutes, req)) {
+    if (matches15(configRoutes, req)) {
       info("matches password reset");
-      return route13(req, config);
+      return route15(req, config);
     }
-    if (matches9(configRoutes, req)) {
+    if (matches11(configRoutes, req)) {
       info("matches callback");
-      return route9(req, config);
+      return route11(req, config);
     }
-    if (matches10(configRoutes, req)) {
+    if (matches12(configRoutes, req)) {
       info("matches signout");
-      return route10(req, config);
+      return route12(req, config);
     }
-    if (matches12(configRoutes, req)) {
+    if (matches14(configRoutes, req)) {
       info("matches verify-request");
-      return route12(req, config);
+      return route14(req, config);
     }
-    if (matches11(configRoutes, req)) {
+    if (matches16(configRoutes, req)) {
+      info("matches verify-email");
+      return route16(req, config);
+    }
+    if (matches13(configRoutes, req)) {
       info("matches error");
-      return route11(req, config);
+      return route13(req, config);
     }
     warn(`No GET routes matched ${req.url}`);
     return new Response(null, { status: 404 });
   };
 }
 
+// src/utils/Logger.ts
+var red = "\x1B[31m";
+var yellow = "\x1B[38;2;255;255;0m";
+var purple = "\x1B[38;2;200;160;255m";
+var orange = "\x1B[38;2;255;165;0m";
+var reset = "\x1B[0m";
+var baseLogger = (config, ...params) => ({
+  info(message, meta) {
+    if (config?.debug) {
+      console.info(
+        `${orange}[niledb]${reset}${purple}[DEBUG]${reset}${params.join(
+          ""
+        )}${reset} ${message}`,
+        meta ? `${JSON.stringify(meta)}` : ""
+      );
+    }
+  },
+  debug(message, meta) {
+    if (config?.debug) {
+      console.debug(
+        `${orange}[niledb]${reset}${purple}[DEBUG]${reset}${params.join(
+          ""
+        )}${reset} ${message}`,
+        meta ? `${JSON.stringify(meta)}` : ""
+      );
+    }
+  },
+  warn(message, meta) {
+    if (config?.debug) {
+      console.warn(
+        `${orange}[niledb]${reset}${yellow}[WARN]${reset}${params.join(
+          ""
+        )}${reset} ${message}`,
+        meta ? JSON.stringify(meta) : ""
+      );
+    }
+  },
+  error(message, meta) {
+    console.error(
+      `${orange}[niledb]${reset}${red}[ERROR]${reset}${params.join(
+        ""
+      )}${red} ${message}`,
+      meta ? meta : "",
+      `${reset}`
+    );
+  }
+});
+function Logger(config) {
+  return (prefixes) => {
+    const { info, debug, warn, error } = config && typeof config?.logger === "function" ? config.logger(prefixes) : baseLogger(config, prefixes);
+    return {
+      info,
+      debug,
+      warn,
+      error
+    };
+  };
+}
+function matchesLog(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes.LOG);
+}
+
 // src/api/routes/signup/POST.ts
-async function POST4(config, init) {
+async function POST5(config, init) {
   init.body = init.request.body;
   init.method = "POST";
   const url = `${apiRoutes(config).SIGNUP}`;
@@ -999,17 +1164,17 @@ async function POST4(config, init) {
 }
 
 // src/api/routes/signup/index.tsx
-var key11 = "SIGNUP";
-async function route14(request2, config) {
+var key14 = "SIGNUP";
+async function route17(request2, config) {
   switch (request2.method) {
     case "POST":
-      return await POST4(config, { request: request2 });
+      return await POST5(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
 }
-function matches14(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key11]);
+function matches17(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key14]);
 }
 async function fetchSignUp(config, payload) {
   const { body, params } = payload ?? {};
@@ -1020,7 +1185,7 @@ async function fetchSignUp(config, payload) {
   if (params?.tenantId) {
     q.set("tenantId", params.tenantId);
   }
-  const clientUrl = `${config.origin}${config.routePrefix}${"/signup" /* SIGNUP */}${q.size > 0 ? `?${q}` : ""}`;
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/signup" /* SIGNUP */}${q.size > 0 ? `?${q}` : ""}`;
   const req = new Request(clientUrl, {
     method: "POST",
     headers: config.headers,
@@ -1031,63 +1196,68 @@ async function fetchSignUp(config, payload) {
 
 // src/api/handlers/POST.ts
 function POSTER(configRoutes, config) {
-  const { info, warn, error } = Logger(config, "[POST MATCHER]");
-  return async function POST5(req) {
+  const { info, warn, error } = config.logger("[POST MATCHER]");
+  return async function POST6(req) {
     if (matchesLog(configRoutes, req)) {
-      if (req.body) {
-        try {
-          const text = await req.text();
-          error(text);
-          return new Response(null, {
-            status: 200
-          });
-        } catch (e) {
-        }
+      try {
+        const json = await req.clone().json();
+        error(req.body && json);
+      } catch {
+        error(await req.text());
       }
+      return new Response(null, { status: 200 });
     }
     if (matches3(configRoutes, req)) {
       info("matches tenant users");
       return route3(req, config);
     }
-    if (matches14(configRoutes, req)) {
+    if (matches4(configRoutes, req)) {
+      info("matches tenant invite");
+      return route4(req, config);
+    }
+    if (matches17(configRoutes, req)) {
       info("matches signup");
-      return route14(req, config);
+      return route17(req, config);
     }
     if (matches2(configRoutes, req)) {
       info("matches users");
       return route2(req, config);
     }
-    if (matches4(configRoutes, req)) {
+    if (matches6(configRoutes, req)) {
       info("matches tenants");
-      return route4(req, config);
+      return route6(req, config);
     }
-    if (matches6(configRoutes, req)) {
+    if (matches8(configRoutes, req)) {
       info("matches session");
-      return route6(req, config);
+      return route8(req, config);
     }
-    if (matches5(configRoutes, req)) {
+    if (matches7(configRoutes, req)) {
       info("matches signin");
-      return route5(req, config);
+      return route7(req, config);
     }
-    if (matches13(configRoutes, req)) {
+    if (matches15(configRoutes, req)) {
       info("matches password reset");
-      return route13(req, config);
+      return route15(req, config);
     }
-    if (matches7(configRoutes, req)) {
+    if (matches9(configRoutes, req)) {
       info("matches providers");
-      return route7(req, config);
+      return route9(req, config);
     }
-    if (matches8(configRoutes, req)) {
+    if (matches10(configRoutes, req)) {
       info("matches csrf");
-      return route8(req, config);
+      return route10(req, config);
     }
-    if (matches9(configRoutes, req)) {
+    if (matches11(configRoutes, req)) {
       info("matches callback");
-      return route9(req, config);
+      return route11(req, config);
     }
-    if (matches10(configRoutes, req)) {
+    if (matches12(configRoutes, req)) {
       info("matches signout");
-      return route10(req, config);
+      return route12(req, config);
+    }
+    if (matches16(configRoutes, req)) {
+      info("matches verify-email");
+      return route16(req, config);
     }
     warn(`No POST routes matched ${req.url}`);
     return new Response(null, { status: 404 });
@@ -1106,7 +1276,7 @@ async function DELETE3(config, init) {
 }
 
 // src/api/routes/tenants/[tenantId]/users/[userId]/PUT.ts
-async function PUT4(config, init) {
+async function PUT5(config, init) {
   const yurl = new URL(init.request.url);
   const [, userId, , tenantId] = yurl.pathname.split("/").reverse();
   config.tenantId = tenantId;
@@ -1117,12 +1287,9 @@ async function PUT4(config, init) {
 }
 
 // src/api/routes/tenants/[tenantId]/users/[userId]/index.ts
-var key12 = "TENANT_USER";
-async function route15(request2, config) {
-  const { info } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key12}]`
-  );
+var key15 = "TENANT_USER";
+async function route18(request2, config) {
+  const { info } = config.logger(`[ROUTES][${key15}]`);
   const session = await auth(request2, config);
   if (!session) {
     info("401");
@@ -1136,21 +1303,21 @@ async function route15(request2, config) {
   }
   switch (request2.method) {
     case "PUT":
-      return await PUT4(config, { request: request2 });
+      return await PUT5(config, { request: request2 });
     case "DELETE":
       return await DELETE3(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
 }
-function matches15(configRoutes, request2) {
+function matches18(configRoutes, request2) {
   const url = new URL(request2.url);
   const [, userId, possibleTenantId, tenantId] = url.pathname.split("/").reverse();
-  let route16 = configRoutes[key12].replace("{tenantId}", tenantId).replace("{userId}", userId);
+  let route20 = configRoutes[key15].replace("{tenantId}", tenantId).replace("{userId}", userId);
   if (userId === "users") {
-    route16 = configRoutes[key12].replace("{tenantId}", possibleTenantId);
+    route20 = configRoutes[key15].replace("{tenantId}", possibleTenantId);
   }
-  return urlMatches(request2.url, route16);
+  return urlMatches(request2.url, route20);
 }
 async function fetchTenantUser(config, method) {
   if (!config.tenantId) {
@@ -1163,7 +1330,7 @@ async function fetchTenantUser(config, method) {
       "the userId context is missing. Call nile.setContext({ userId })"
     );
   }
-  const clientUrl = `${config.origin}${config.routePrefix}${"/tenants/{tenantId}/users/{userId}" /* TENANT_USER */.replace(
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/users/{userId}" /* TENANT_USER */.replace(
     "{tenantId}",
     config.tenantId
   ).replace("{userId}", config.userId)}/link`;
@@ -1174,21 +1341,54 @@ async function fetchTenantUser(config, method) {
   return await config.handlers[method](req);
 }
 
+// src/api/routes/tenants/[tenantId]/invite/[inviteId]/DELETE.ts
+async function DELETE4(config, init) {
+  const yurl = new URL(init.request.url);
+  const [inviteId, , tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
+  }
+  init.method = "DELETE";
+  const url = `${apiRoutes(config).INVITE(tenantId)}/${inviteId}`;
+  return await request(url, init, config);
+}
+
+// src/api/routes/tenants/[tenantId]/invite/[inviteId]/index.ts
+var key16 = "INVITE";
+async function route19(request2, config) {
+  switch (request2.method) {
+    case "DELETE":
+      return await DELETE4(config, { request: request2 });
+    default:
+      return new Response("method not allowed", { status: 405 });
+  }
+}
+function matches19(configRoutes, request2) {
+  const url = new URL(request2.url);
+  const [inviteId, , tenantId] = url.pathname.split("/").reverse();
+  const route20 = configRoutes[key16].replace("{tenantId}", tenantId).replace("{inviteId}", inviteId);
+  return urlMatches(request2.url, route20);
+}
+
 // src/api/handlers/DELETE.ts
 function DELETER(configRoutes, config) {
-  const { info, warn } = Logger(config, "[DELETE MATCHER]");
-  return async function DELETE4(req) {
-    if (matches15(configRoutes, req)) {
+  const { info, warn } = config.logger("[DELETE MATCHER]");
+  return async function DELETE5(req) {
+    if (matches19(configRoutes, req)) {
+      info("matches tenant invite id");
+      return route19(req, config);
+    }
+    if (matches18(configRoutes, req)) {
       info("matches tenant user");
-      return route15(req, config);
+      return route18(req, config);
     }
     if (matches3(configRoutes, req)) {
       info("matches tenant users");
       return route3(req, config);
     }
-    if (matches4(configRoutes, req)) {
+    if (matches6(configRoutes, req)) {
       info("matches tenants");
-      return route4(req, config);
+      return route6(req, config);
     }
     if (matches(configRoutes, req)) {
       info("matches me");
@@ -1201,11 +1401,15 @@ function DELETER(configRoutes, config) {
 
 // src/api/handlers/PUT.ts
 function PUTER(configRoutes, config) {
-  const { info, warn } = Logger(config, "[PUT MATCHER]");
-  return async function PUT5(req) {
-    if (matches15(configRoutes, req)) {
+  const { info, warn } = config.logger("[PUT MATCHER]");
+  return async function PUT6(req) {
+    if (matches4(configRoutes, req)) {
+      info("matches tenant invite");
+      return route4(req, config);
+    }
+    if (matches18(configRoutes, req)) {
       info("matches tenant user");
-      return route15(req, config);
+      return route18(req, config);
     }
     if (matches3(configRoutes, req)) {
       info("matches tenant users");
@@ -1219,13 +1423,13 @@ function PUTER(configRoutes, config) {
       info("matches me");
       return route(req, config);
     }
-    if (matches4(configRoutes, req)) {
+    if (matches6(configRoutes, req)) {
       info("matches tenants");
-      return route4(req, config);
+      return route6(req, config);
     }
-    if (matches13(configRoutes, req)) {
+    if (matches15(configRoutes, req)) {
       info("matches reset password");
-      return route13(req, config);
+      return route15(req, config);
     }
     warn("No PUT routes matched");
     return new Response(null, { status: 404 });
@@ -1234,15 +1438,15 @@ function PUTER(configRoutes, config) {
 
 // src/api/handlers/index.ts
 function Handlers(configRoutes, config) {
-  const GET6 = GETTER(configRoutes, config);
-  const POST5 = POSTER(configRoutes, config);
-  const DELETE4 = DELETER(configRoutes, config);
-  const PUT5 = PUTER(configRoutes, config);
+  const GET7 = GETTER(configRoutes, config);
+  const POST6 = POSTER(configRoutes, config);
+  const DELETE5 = DELETER(configRoutes, config);
+  const PUT6 = PUTER(configRoutes, config);
   return {
-    GET: GET6,
-    POST: POST5,
-    DELETE: DELETE4,
-    PUT: PUT5
+    GET: GET7,
+    POST: POST6,
+    DELETE: DELETE5,
+    PUT: PUT6
   };
 }
 var getApiUrl = (cfg) => {
@@ -1275,15 +1479,16 @@ var getSecureCookies = (cfg) => {
   return void 0;
 };
 var getUsername = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[username]");
+  const { config } = cfg;
+  const logger = config.logger;
+  const { info } = logger();
   if (config?.user) {
-    logger && info(`${logger}[config] ${config.user}`);
+    info(`[config] ${config.user}`);
     return String(config?.user);
   }
   const user = stringCheck(process.env.NILEDB_USER);
   if (user) {
-    logger && info(`${logger}[NILEDB_USER] ${user}`);
+    info(`[NILEDB_USER] ${user}`);
     return user;
   }
   const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
@@ -1301,16 +1506,16 @@ var getUsername = (cfg) => {
   );
 };
 var getPassword = (cfg) => {
-  const { config, logger } = cfg;
+  const { config } = cfg;
+  const logger = config.logger;
   const log = logProtector(logger);
-  const { info } = Logger(config, "[password]");
   if (stringCheck(config?.password)) {
-    log && info(`${logger}[config] ***`);
+    log && log("[config]").info("***");
     return String(config?.password);
   }
   const pass = stringCheck(process.env.NILEDB_PASSWORD);
   if (pass) {
-    logger && info(`${logger}[NILEDB_PASSWORD] ***`);
+    logger("[NILEDB_PASSWORD]").info("***");
     return pass;
   }
   const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
@@ -1328,15 +1533,15 @@ var getPassword = (cfg) => {
   );
 };
 var getDatabaseName = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[databaseName]");
+  const { config } = cfg;
+  const { info } = config.logger("[databaseName]");
   if (stringCheck(config?.databaseName)) {
-    logger && info(`${logger}[config] ${config?.databaseName}`);
+    info(`[config] ${config?.databaseName}`);
     return String(config?.databaseName);
   }
   const name = stringCheck(process.env.NILEDB_NAME);
   if (name) {
-    logger && info(`${logger}[NILEDB_NAME] ${name}`);
+    info(`[NILEDB_NAME] ${name}`);
     return name;
   }
   if (process.env.NILEDB_POSTGRES_URL) {
@@ -1351,50 +1556,52 @@ var getDatabaseName = (cfg) => {
   );
 };
 var getTenantId = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[tenantId]");
+  const { config } = cfg;
+  const { info } = config.logger("[tenantId]");
   if (stringCheck(config?.tenantId)) {
-    logger && info(`${logger}[config] ${config?.tenantId}`);
+    info(`[config] ${config?.tenantId}`);
     return String(config?.tenantId);
   }
   if (stringCheck(process.env.NILEDB_TENANT)) {
-    logger && info(`${logger}[NILEDB_TENANT] ${process.env.NILEDB_TENANT}`);
+    info(`[NILEDB_TENANT] ${process.env.NILEDB_TENANT}`);
     return String(process.env.NILEDB_TENANT);
   }
   return null;
 };
 function getDbHost(cfg) {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[db.host]");
+  const { config } = cfg;
+  const logger = config.logger;
+  const { info } = logger("[db.host]");
   if (stringCheck(config?.db && config.db.host)) {
-    logger && info(`${logger}[config] ${config?.db?.host}`);
+    info(`[config] ${config?.db?.host}`);
     return String(config?.db?.host);
   }
   if (stringCheck(process.env.NILEDB_HOST)) {
-    logger && info(`${logger}[NILEDB_HOST] ${process.env.NILEDB_HOST}`);
+    info(`[NILEDB_HOST] ${process.env.NILEDB_HOST}`);
     return process.env.NILEDB_HOST;
   }
   const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
   if (pg2) {
     try {
       const pgUrl = new URL(pg2);
-      logger && info(`${logger}[NILEDB_POSTGRES_URL] ${pgUrl.hostname}`);
+      info(`[NILEDB_POSTGRES_URL] ${pgUrl.hostname}`);
       return pgUrl.hostname;
     } catch (e) {
     }
   }
-  logger && info(`${logger}[default] db.thenile.dev`);
+  info("[default] db.thenile.dev");
   return "db.thenile.dev";
 }
 function getDbPort(cfg) {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[db.port]");
+  const { config } = cfg;
+  const logger = config.logger;
+  const { info } = logger("[db.port]");
   if (config?.db?.port && config.db.port != null) {
-    logger && info(`${logger}[config] ${config?.db.port}`);
+    info(`[config] ${config?.db.port}`);
     return Number(config.db?.port);
   }
   if (stringCheck(process.env.NILEDB_PORT)) {
-    logger && info(`${logger}[NILEDB_PORT] ${process.env.NILEDB_PORT}`);
+    info(`[NILEDB_PORT] ${process.env.NILEDB_PORT}`);
     return Number(process.env.NILEDB_PORT);
   }
   const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
@@ -1407,7 +1614,7 @@ function getDbPort(cfg) {
     } catch (e) {
     }
   }
-  logger && info(`${logger}[default] 5432`);
+  info("[default] 5432");
   return 5432;
 }
 var logProtector = (logger) => {
@@ -1423,9 +1630,10 @@ var stringCheck = (str) => {
 // src/utils/Config/index.ts
 var Config = class {
   routes;
-  // handlersWithContext;
   handlers;
   paths;
+  extensionCtx;
+  extensions;
   logger;
   /**
    * Stores the set tenant id from Server for use in sub classes
@@ -1444,6 +1652,10 @@ var Config = class {
    */
   apiUrl;
   origin;
+  /**
+   * important for separating the `origin` config value from a default in order to make requests
+   */
+  serverOrigin;
   debug;
   /**
    * To use secure cookies or not in the fetch
@@ -1455,14 +1667,19 @@ var Config = class {
    */
   routePrefix;
   db;
-  // api: ApiConfig;
-  constructor(config, logger) {
-    const envVarConfig = { config, logger };
+  constructor(config) {
     this.routePrefix = config?.routePrefix ?? "/api";
+    this.debug = config?.debug;
+    this.origin = config?.origin;
+    this.extensions = config?.extensions;
+    this.extensionCtx = config?.extensionCtx;
+    this.serverOrigin = config?.origin ?? "http://localhost:3000";
+    this.logger = Logger(config);
+    const envVarConfig = {
+      config: { ...config, logger: this.logger }
+    };
     this.secureCookies = getSecureCookies(envVarConfig);
     this.callbackUrl = getCallbackUrl(envVarConfig);
-    this.debug = config?.debug;
-    this.origin = config?.origin ?? "http://localhost:3000";
     this.apiUrl = getApiUrl(envVarConfig);
     const user = getUsername(envVarConfig);
     const password = getPassword(envVarConfig);
@@ -1529,13 +1746,56 @@ var Config = class {
     };
     this.tenantId = config?.tenantId;
     this.userId = config?.userId;
-    this.logger = config?.logger;
   }
 };
 
+// src/utils/Event/index.ts
+var Eventer = class {
+  events = {};
+  publish(eventName, value) {
+    const callbacks = this.events[eventName];
+    if (callbacks) {
+      for (const callback of callbacks) {
+        callback(value);
+      }
+    }
+  }
+  subscribe(eventName, callback) {
+    if (!this.events[eventName]) {
+      this.events[eventName] = [];
+    }
+    this.events[eventName].push(callback);
+  }
+  unsubscribe(eventName, callback) {
+    const callbacks = this.events[eventName];
+    if (!callbacks) return;
+    const index = callbacks.indexOf(callback);
+    if (index !== -1) {
+      callbacks.splice(index, 1);
+    }
+    if (callbacks.length === 0) {
+      delete this.events[eventName];
+    }
+  }
+};
+var eventer = new Eventer();
+var updateTenantId = (tenantId) => {
+  eventer.publish("tenantId" /* Tenant */, tenantId);
+};
+var watchTenantId = (cb) => eventer.subscribe("tenantId" /* Tenant */, cb);
+var watchUserId = (cb) => eventer.subscribe("userId" /* User */, cb);
+var evictPool = (val) => {
+  eventer.publish("EvictPool" /* EvictPool */, val);
+};
+var watchEvictPool = (cb) => eventer.subscribe("EvictPool" /* EvictPool */, cb);
+var updateHeaders = (val) => {
+  eventer.publish("headers" /* Headers */, val);
+};
+var watchHeaders = (cb) => eventer.subscribe("headers" /* Headers */, cb);
+
 // src/db/PoolProxy.ts
 function createProxyForPool(pool, config) {
-  const { info, error } = Logger(config, "[pool]");
+  const { info, error } = config.logger("[pool]");
   return new Proxy(pool, {
     get(target, property) {
       if (property === "query") {
@@ -1571,7 +1831,7 @@ var NileDatabase = class {
   config;
   timer;
   constructor(config, id) {
-    const { warn, info, debug } = Logger(config, "[NileInstance]");
+    const { warn, info, debug } = config.logger("[NileInstance]");
     this.id = id;
     const poolConfig = {
       min: 0,
@@ -1600,7 +1860,7 @@ var NileDatabase = class {
         `${this.id}-${this.timer}`
       );
       afterCreate2(client, (err) => {
-        const { error } = Logger(config, "[after create callback]");
+        const { error } = config.logger("[after create callback]");
         if (err) {
           clearTimeout(this.timer);
           error("after create failed", {
@@ -1628,7 +1888,7 @@ var NileDatabase = class {
     });
   }
   startTimeout() {
-    const { debug } = Logger(this.config, "[NileInstance]");
+    const { debug } = this.config.logger("[NileInstance]");
     if (this.timer) {
       clearTimeout(this.timer);
     }
@@ -1643,7 +1903,7 @@ var NileDatabase = class {
     }, Number(this.config.db.idleTimeoutMillis) ?? 3e4);
   }
   shutdown() {
-    const { debug } = Logger(this.config, "[NileInstance]");
+    const { debug } = this.config.logger("[NileInstance]");
     debug(`attempting to shut down ${this.id}`);
     clearTimeout(this.timer);
     this.pool.end(() => {
@@ -1653,7 +1913,7 @@ var NileDatabase = class {
 };
 var NileInstance_default = NileDatabase;
 function makeAfterCreate(config, id) {
-  const { error, warn, debug } = Logger(config, "[afterCreate]");
+  const { error, warn, debug } = config.logger("[afterCreate]");
   return (conn, done) => {
     conn.on("error", function errorHandler(e) {
       error(`Connection ${id} was terminated by server`, {
@@ -1717,7 +1977,7 @@ var DBManager = class {
     watchEvictPool(this.poolWatcherFn);
   }
   poolWatcher = (config) => (id) => {
-    const { info, warn } = Logger(config, "[DBManager]");
+    const { info, warn } = Logger(config)("[DBManager]");
     if (id && this.connections.has(id)) {
       info(`Removing ${id} from db connection pool.`);
       const connection = this.connections.get(id);
@@ -1728,7 +1988,7 @@ var DBManager = class {
     }
   };
   getConnection = (config) => {
-    const { info } = Logger(config, "[DBManager]");
+    const { info } = Logger(config)("[DBManager]");
     const id = this.makeId(config.tenantId, config.userId);
     const existing = this.connections.get(id);
     info(`# of instances: ${this.connections.size}`);
@@ -1747,7 +2007,7 @@ var DBManager = class {
     return newOne.pool;
   };
   clear = (config) => {
-    const { info } = Logger(config, "[DBManager]");
+    const { info } = Logger(config)("[DBManager]");
     info(`Clearing all connections ${this.connections.size}`);
     this.cleared = true;
     this.connections.forEach((connection) => {
@@ -1757,195 +2017,13 @@ var DBManager = class {
   };
 };
 
-// src/users/index.ts
-var Users = class {
-  #config;
-  constructor(config) {
-    this.#config = config;
-  }
-  async updateSelf(req, rawResponse) {
-    const res = await fetchMe(this.#config, "PUT", JSON.stringify(req));
-    if (rawResponse) {
-      return res;
-    }
-    try {
-      return await res?.clone().json();
-    } catch {
-      return res;
-    }
-  }
-  async removeSelf() {
-    const me = await this.getSelf();
-    if ("id" in me) {
-      this.#config.userId = me.id;
-    }
-    const res = await fetchMe(this.#config, "DELETE");
-    updateHeaders(new Headers());
-    return res;
-  }
-  async getSelf(rawResponse) {
-    const res = await fetchMe(this.#config);
-    if (rawResponse) {
-      return res;
-    }
-    try {
-      return await res?.clone().json();
-    } catch {
-      return res;
-    }
-  }
-};
-
-// src/tenants/index.ts
-var Tenants = class {
-  #logger;
-  #config;
-  constructor(config) {
-    this.#logger = Logger(config, "[tenants]");
-    this.#config = config;
-  }
-  async create(req, rawResponse) {
-    let res;
-    if (typeof req === "string") {
-      res = await fetchTenants(
-        this.#config,
-        "POST",
-        JSON.stringify({ name: req })
-      );
-    } else if (typeof req === "object" && ("name" in req || "id" in req)) {
-      res = await fetchTenants(this.#config, "POST", JSON.stringify(req));
-    }
-    if (rawResponse) {
-      return res;
-    }
-    try {
-      return await res?.clone().json();
-    } catch {
-      return res;
-    }
-  }
-  async delete(req) {
-    if (typeof req === "string") {
-      this.#config.tenantId = req;
-    }
-    if (typeof req === "object" && "id" in req) {
-      this.#config.tenantId = req.id;
-    }
-    const res = await fetchTenant(this.#config, "DELETE");
-    return res;
-  }
-  async get(req, rawResponse) {
-    if (typeof req === "string") {
-      this.#config.tenantId = req;
-    } else if (typeof req === "object" && "id" in req) {
-      this.#config.tenantId = req.id;
-    }
-    const res = await fetchTenant(this.#config, "GET");
-    if (rawResponse === true || req === true) {
-      return res;
-    }
-    try {
-      return await res?.clone().json();
-    } catch {
-      return res;
-    }
-  }
-  async update(req, rawResponse) {
-    let res;
-    if (typeof req === "object" && ("name" in req || "id" in req)) {
-      const { id, ...remaining } = req;
-      if (id) {
-        this.#config.tenantId = id;
-      }
-      res = await fetchTenant(this.#config, "PUT", JSON.stringify(remaining));
-    }
-    if (rawResponse) {
-      return res;
-    }
-    try {
-      return await res?.clone().json();
-    } catch {
-      return res;
-    }
-  }
-  async list(req) {
-    const res = await fetchTenantsByUser(this.#config);
-    if (req === true) {
-      return res;
-    }
-    try {
-      return await res?.clone().json();
-    } catch {
-      return res;
-    }
-  }
-  async leaveTenant(req) {
-    const me = await fetchMe(this.#config);
-    try {
-      const json = await me.json();
-      if ("id" in json) {
-        this.#config.userId = json.id;
-      }
-    } catch {
-    }
-    if (typeof req === "string") {
-      this.#config.tenantId = req;
-    } else {
-      this.#handleContext(req);
-    }
-    return await fetchTenantUser(this.#config, "DELETE");
-  }
-  async addMember(req, rawResponse) {
-    if (typeof req === "string") {
-      this.#config.userId = req;
-    } else {
-      this.#handleContext(req);
-    }
-    const res = await fetchTenantUser(this.#config, "PUT");
-    return responseHandler(res, rawResponse);
-  }
-  async removeMember(req, rawResponse) {
-    this.#handleContext(req);
-    const res = await fetchTenantUser(this.#config, "DELETE");
-    return responseHandler(res, rawResponse);
-  }
-  async users(req, rawResponse) {
-    this.#handleContext(req);
-    const res = await fetchTenantUsers(this.#config, "GET");
-    return responseHandler(
-      res,
-      rawResponse || typeof req === "boolean" && req
-    );
-  }
-  #handleContext(req) {
-    if (typeof req === "object") {
-      if ("tenantId" in req) {
-        this.#config.tenantId = req.tenantId;
-      }
-      if ("userId" in req) {
-        this.#config.tenantId = req.tenantId;
-      }
-    }
-  }
-};
-async function responseHandler(res, rawResponse) {
-  if (rawResponse) {
-    return res;
-  }
-  try {
-    return await res?.clone().json();
-  } catch {
-    return res;
-  }
-}
-
 // src/auth/index.ts
 var Auth = class {
   #logger;
   #config;
   constructor(config) {
     this.#config = config;
-    this.#logger = Logger(config, "[auth]");
+    this.#logger = config.logger("[auth]");
   }
   async getSession(rawResponse = false) {
     const res = await fetchSession(this.#config);
@@ -1963,46 +2041,7 @@ var Auth = class {
     }
   }
   async getCsrf(rawResponse = false) {
-    const res = await fetchCsrf(this.#config);
-    const csrfCook = parseCSRF(res.headers);
-    if (csrfCook) {
-      const [, value] = csrfCook.split("=");
-      const [token] = decodeURIComponent(value).split("|");
-      const setCookie = res.headers.get("set-cookie");
-      if (setCookie) {
-        const cookie = [
-          csrfCook,
-          parseCallback(res.headers),
-          parseToken(res.headers)
-        ].filter(Boolean).join("; ");
-        this.#config.headers.set("cookie", cookie);
-        updateHeaders(new Headers({ cookie }));
-      }
-      if (!rawResponse) {
-        return { csrfToken: token };
-      }
-    } else {
-      const existingCookie = this.#config.headers.get("cookie");
-      const cookieParts = [];
-      if (existingCookie) {
-        cookieParts.push(
-          parseToken(this.#config.headers),
-          parseCallback(this.#config.headers)
-        );
-      }
-      cookieParts.push(csrfCook);
-      const cookie = cookieParts.filter(Boolean).join("; ");
-      this.#config.headers.set("cookie", cookie);
-      updateHeaders(new Headers({ cookie }));
-    }
-    if (rawResponse) {
-      return res;
-    }
-    try {
-      return await res.clone().json();
-    } catch {
-      return res;
-    }
+    return await obtainCsrf(this.#config, rawResponse);
   }
   async listProviders(rawResponse = false) {
     const res = await fetchProviders(this.#config);
@@ -2072,21 +2111,178 @@ var Auth = class {
       return res;
     }
     try {
-      return await res.clone().json();
+      const json = await res.clone().json();
+      if (json && typeof json === "object" && "tenants" in json) {
+        const tenantId = json.tenants[0];
+        if (tenantId) {
+          updateTenantId(tenantId);
+        }
+      }
+      return json;
     } catch {
       return res;
     }
   }
-  async signIn(provider, payload, rawResponse) {
-    this.#config.headers = new Headers();
-    const { info, error } = this.#logger;
-    const { email, password } = payload ?? {};
-    if (provider === "email" && (!email || !password)) {
+  async forgotPassword(req) {
+    let email = "";
+    const defaults = defaultCallbackUrl({
+      config: this.#config
+    });
+    let callbackUrl = defaults.callbackUrl;
+    let redirectUrl = defaults.redirectUrl;
+    if ("email" in req) {
+      email = req.email;
+    }
+    if ("callbackUrl" in req) {
+      callbackUrl = req.callbackUrl ? req.callbackUrl : null;
+    }
+    if ("redirectUrl" in req) {
+      redirectUrl = req.redirectUrl ? req.redirectUrl : null;
+    }
+    const body = JSON.stringify({
+      email,
+      redirectUrl,
+      callbackUrl
+    });
+    const data = await fetchResetPassword(
+      this.#config,
+      "POST",
+      body,
+      new URLSearchParams(),
+      false
+    );
+    return data;
+  }
+  async resetPassword(req) {
+    let email = "";
+    let password = "";
+    const defaults = defaultCallbackUrl({ config: this.#config });
+    let callbackUrl = defaults.callbackUrl;
+    let redirectUrl = defaults.redirectUrl;
+    if (req instanceof Request) {
+      const body2 = await req.json();
+      email = body2.email;
+      password = body2.password;
+      const cbFromHeaders = parseCallback(req.headers);
+      if (cbFromHeaders) {
+        callbackUrl = cbFromHeaders;
+      }
+      if (body2.callbackUrl) {
+        callbackUrl = body2.callbackUrl;
+      }
+      if (body2.redirectUrl) {
+        redirectUrl = body2.redirectUrl;
+      }
+    } else {
+      if ("email" in req) {
+        email = req.email;
+      }
+      if ("password" in req) {
+        password = req.password;
+      }
+      if ("callbackUrl" in req) {
+        callbackUrl = req.callbackUrl ? req.callbackUrl : null;
+      }
+      if ("redirectUrl" in req) {
+        redirectUrl = req.redirectUrl ? req.redirectUrl : null;
+      }
+    }
+    await this.getCsrf();
+    const body = JSON.stringify({
+      email,
+      password,
+      redirectUrl,
+      callbackUrl
+    });
+    let urlWithParams;
+    try {
+      const data = await fetchResetPassword(this.#config, "POST", body);
+      const cloned = data.clone();
+      if (data.status === 400) {
+        const text = await cloned.text();
+        this.#logger.error(text);
+        return data;
+      }
+      const { url } = await data.json();
+      urlWithParams = url;
+    } catch {
+    }
+    let token;
+    try {
+      const worthyParams = new URL(urlWithParams).searchParams;
+      const answer = await fetchResetPassword(
+        this.#config,
+        "GET",
+        null,
+        worthyParams
+      );
+      token = parseResetToken(answer.headers);
+    } catch {
+      this.#logger.warn(
+        "Unable to parse reset password url. Password not reset."
+      );
+    }
+    const cookie = this.#config.headers.get("cookie")?.split("; ");
+    if (token) {
+      cookie?.push(token);
+    } else {
       throw new Error(
-        "Server side sign in requires a user email and password."
+        "Unable to reset password, reset token is missing from response"
       );
     }
-    info(`Obtaining providers for ${email}`);
+    this.#config.headers = new Headers({
+      ...this.#config.headers,
+      cookie: cookie?.join("; ")
+    });
+    const res = await fetchResetPassword(this.#config, "PUT", body);
+    cookie?.pop();
+    const cleaned = cookie?.filter((c) => !c.includes("nile.session")) ?? [];
+    cleaned.push(String(parseToken(res.headers)));
+    const updatedHeaders = new Headers({ cookie: cleaned.join("; ") });
+    updateHeaders(updatedHeaders);
+    return res;
+  }
+  async callback(provider, body) {
+    if (body instanceof Request) {
+      this.#config.headers = body.headers;
+      return await fetchCallback(
+        this.#config,
+        provider,
+        void 0,
+        body,
+        "GET"
+      );
+    }
+    return await fetchCallback(this.#config, provider, body);
+  }
+  async signIn(provider, payload, rawResponse) {
+    if (payload instanceof Request) {
+      const body2 = new URLSearchParams(await payload.text());
+      const origin = new URL(payload.url).origin;
+      const payloadUrl = body2?.get("callbackUrl");
+      const csrfToken2 = body2?.get("csrfToken");
+      const callbackUrl = `${!payloadUrl?.startsWith("http") ? origin : ""}${payloadUrl}`;
+      if (!csrfToken2) {
+        throw new Error(
+          "CSRF token in missing from request. Request it by the client before calling sign in"
+        );
+      }
+      this.#config.headers = new Headers(payload.headers);
+      this.#config.headers.set(
+        "Content-Type",
+        "application/x-www-form-urlencoded"
+      );
+      const params = new URLSearchParams({
+        csrfToken: csrfToken2,
+        json: String(true)
+      });
+      if (payloadUrl) {
+        params.set("callbackUrl", callbackUrl);
+      }
+      return await fetchSignIn(this.#config, provider, params);
+    }
+    this.#config.headers = new Headers();
+    const { info, error } = this.#logger;
     const providers = await this.listProviders();
     info("Obtaining csrf");
     const csrf = await this.getCsrf();
@@ -2102,13 +2298,13 @@ var Auth = class {
         "Unable to obtain credential provider. Aborting server side sign in."
       );
     }
-    if (provider !== "credentials") {
-      return await fetchSignIn(
-        this.#config,
-        provider,
-        JSON.stringify({ csrfToken })
+    const { email, password } = payload ?? {};
+    if (provider === "email" && (!email || !password)) {
+      throw new Error(
+        "Server side sign in requires a user email and password."
       );
     }
+    info(`Obtaining providers for ${email}`);
     info(`Attempting sign in with email ${email}`);
     const body = JSON.stringify({
       email,
@@ -2116,7 +2312,7 @@ var Auth = class {
       csrfToken,
       callbackUrl: credentials.callbackUrl
     });
-    const signInRes = await fetchCallback(this.#config, provider, body);
+    const signInRes = await this.callback(provider, body);
     const authCookie = signInRes?.headers.get("set-cookie");
     if (!authCookie) {
       throw new Error("authentication failed");
@@ -2131,7 +2327,7 @@ var Auth = class {
       }
       if (urlError) {
         error("Unable to log user in", { error: urlError });
-        return void 0;
+        return new Response(urlError, { status: signInRes.status });
       }
     }
     if (!token) {
@@ -2198,31 +2394,421 @@ function parseToken(headers) {
   const [, token] = /((__Secure-)?nile\.session-token=[^;]+)/.exec(authCookie) ?? [];
   return token;
 }
+function parseResetToken(headers) {
+  let authCookie = headers?.get("set-cookie");
+  if (!authCookie) {
+    authCookie = headers?.get("cookie");
+  }
+  if (!authCookie) {
+    return void 0;
+  }
+  const [, token] = /((__Secure-)?nile\.reset=[^;]+)/.exec(authCookie) ?? [];
+  return token;
+}
+function defaultCallbackUrl({ config }) {
+  let cb = null;
+  let redirect = null;
+  const fallbackCb = parseCallback(config.headers);
+  if (fallbackCb) {
+    const [, value] = fallbackCb.split("=");
+    cb = decodeURIComponent(value);
+    if (value) {
+      redirect = `${new URL(cb).origin}${"/auth/reset-password" /* PASSWORD_RESET */}`;
+    }
+  }
+  return { callbackUrl: cb, redirectUrl: redirect };
+}
+
+// src/auth/obtainCsrf.ts
+async function obtainCsrf(config, rawResponse = false) {
+  const res = await fetchCsrf(config);
+  const csrfCook = parseCSRF(res.headers);
+  if (csrfCook) {
+    const [, value] = csrfCook.split("=");
+    const [token] = decodeURIComponent(value).split("|");
+    const setCookie = res.headers.get("set-cookie");
+    if (setCookie) {
+      const cookie = [
+        csrfCook,
+        parseCallback(res.headers),
+        parseToken(res.headers)
+      ].filter(Boolean).join("; ");
+      config.headers.set("cookie", cookie);
+      updateHeaders(new Headers({ cookie }));
+    }
+    if (!rawResponse) {
+      return { csrfToken: token };
+    }
+  } else {
+    const existingCookie = config.headers.get("cookie");
+    const cookieParts = [];
+    if (existingCookie) {
+      cookieParts.push(
+        parseToken(config.headers),
+        parseCallback(config.headers)
+      );
+    }
+    if (csrfCook) {
+      cookieParts.push(csrfCook);
+    } else {
+      cookieParts.push(parseCSRF(config.headers));
+    }
+    const cookie = cookieParts.filter(Boolean).join("; ");
+    config.headers.set("cookie", cookie);
+    updateHeaders(new Headers({ cookie }));
+  }
+  if (rawResponse) {
+    return res;
+  }
+  try {
+    return await res.clone().json();
+  } catch {
+    return res;
+  }
+}
+
+// src/users/index.ts
+var Users = class {
+  #config;
+  #logger;
+  constructor(config) {
+    this.#config = config;
+    this.#logger = config.logger("[me]");
+  }
+  async updateSelf(req, rawResponse) {
+    const res = await fetchMe(this.#config, "PUT", JSON.stringify(req));
+    if (rawResponse) {
+      return res;
+    }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
+    }
+  }
+  async removeSelf() {
+    const me = await this.getSelf();
+    if ("id" in me) {
+      this.#config.userId = me.id;
+    }
+    const res = await fetchMe(this.#config, "DELETE");
+    updateHeaders(new Headers());
+    return res;
+  }
+  async getSelf(rawResponse) {
+    const res = await fetchMe(this.#config);
+    if (rawResponse) {
+      return res;
+    }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
+    }
+  }
+  async verifySelf(options, rawResponse = false) {
+    const bypassEmail = typeof options === "object" ? options.bypassEmail ?? process.env.NODE_ENV !== "production" : process.env.NODE_ENV !== "production";
+    const callbackUrl = typeof options === "object" ? options.callbackUrl : defaultCallbackUrl2(this.#config).callbackUrl;
+    let res;
+    try {
+      const me = await this.getSelf();
+      if (me instanceof Response) {
+        return me;
+      }
+      res = await verifyEmailAddress(this.#config, me, String(callbackUrl));
+      return res;
+    } catch {
+      const message = "Unable to verify email.";
+      this.#logger?.warn(message);
+      res = new Response(message, { status: 400 });
+    }
+    if (bypassEmail) {
+      res = this.updateSelf({ emailVerified: true }, rawResponse);
+    }
+    this.#logger.error(
+      "Unable to verify email address. Configure your SMTP server in the console."
+    );
+    return res;
+  }
+};
+async function verifyEmailAddress(config, user, callback) {
+  config.headers.set("content-type", "application/x-www-form-urlencoded");
+  const { csrfToken } = await obtainCsrf(config);
+  const defaults = defaultCallbackUrl2(config);
+  const callbackUrl = callback ?? String(defaults.callbackUrl);
+  const res = await fetchVerifyEmail(
+    config,
+    "POST",
+    new URLSearchParams({
+      csrfToken,
+      email: user.email,
+      callbackUrl
+    }).toString()
+  );
+  if (res.status > 299) {
+    throw new Error(await res.text());
+  }
+  return res;
+}
+function defaultCallbackUrl2(config) {
+  let cb = null;
+  const fallbackCb = parseCallback(config.headers);
+  if (fallbackCb) {
+    const [, value] = fallbackCb.split("=");
+    cb = decodeURIComponent(value);
+  }
+  return { callbackUrl: cb };
+}
+
+// src/tenants/index.ts
+var Tenants = class {
+  #config;
+  constructor(config) {
+    this.#config = config;
+  }
+  async create(req, rawResponse) {
+    let res;
+    if (typeof req === "string") {
+      res = await fetchTenants(
+        this.#config,
+        "POST",
+        JSON.stringify({ name: req })
+      );
+    } else if (typeof req === "object" && ("name" in req || "id" in req)) {
+      res = await fetchTenants(this.#config, "POST", JSON.stringify(req));
+    }
+    if (rawResponse) {
+      return res;
+    }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
+    }
+  }
+  async delete(req) {
+    if (typeof req === "string") {
+      this.#config.tenantId = req;
+    }
+    if (typeof req === "object" && "id" in req) {
+      this.#config.tenantId = req.id;
+    }
+    const res = await fetchTenant(this.#config, "DELETE");
+    return res;
+  }
+  async get(req, rawResponse) {
+    if (typeof req === "string") {
+      this.#config.tenantId = req;
+    } else if (typeof req === "object" && "id" in req) {
+      this.#config.tenantId = req.id;
+    }
+    const res = await fetchTenant(this.#config, "GET");
+    if (rawResponse === true || req === true) {
+      return res;
+    }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
+    }
+  }
+  async update(req, rawResponse) {
+    let res;
+    if (typeof req === "object" && ("name" in req || "id" in req)) {
+      const { id, ...remaining } = req;
+      if (id) {
+        this.#config.tenantId = id;
+      }
+      res = await fetchTenant(this.#config, "PUT", JSON.stringify(remaining));
+    }
+    if (rawResponse) {
+      return res;
+    }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
+    }
+  }
+  async list(req) {
+    const res = await fetchTenantsByUser(this.#config);
+    if (req === true) {
+      return res;
+    }
+    try {
+      return await res?.clone().json();
+    } catch {
+      return res;
+    }
+  }
+  async leaveTenant(req) {
+    const me = await fetchMe(this.#config);
+    try {
+      const json = await me.json();
+      if ("id" in json) {
+        this.#config.userId = json.id;
+      }
+    } catch {
+    }
+    if (typeof req === "string") {
+      this.#config.tenantId = req;
+    } else {
+      this.#handleContext(req);
+    }
+    return await fetchTenantUser(this.#config, "DELETE");
+  }
+  async addMember(req, rawResponse) {
+    if (typeof req === "string") {
+      this.#config.userId = req;
+    } else {
+      this.#handleContext(req);
+    }
+    const res = await fetchTenantUser(this.#config, "PUT");
+    return responseHandler(res, rawResponse);
+  }
+  async removeMember(req, rawResponse) {
+    this.#handleContext(req);
+    const res = await fetchTenantUser(this.#config, "DELETE");
+    return responseHandler(res, rawResponse);
+  }
+  async users(req, rawResponse) {
+    this.#handleContext(req);
+    const res = await fetchTenantUsers(this.#config, "GET");
+    return responseHandler(
+      res,
+      rawResponse || typeof req === "boolean" && req
+    );
+  }
+  async invites() {
+    const res = await fetchInvites(this.#config);
+    return responseHandler(res);
+  }
+  async invite(req, rawResponse) {
+    const { csrfToken } = await obtainCsrf(this.#config);
+    const defaults = defaultCallbackUrl3(this.#config);
+    let identifier = req;
+    let callbackUrl = defaults.callbackUrl;
+    let redirectUrl = defaults.redirectUrl;
+    if (typeof req === "object") {
+      if ("email" in req) {
+        identifier = req.email;
+      }
+      if ("callbackUrl" in req) {
+        callbackUrl = req.callbackUrl ? req.callbackUrl : "";
+      }
+      if ("redirectUrl" in req) {
+        redirectUrl = req.redirectUrl ? req.redirectUrl : "";
+      }
+    }
+    this.#config.headers.set(
+      "Content-Type",
+      "application/x-www-form-urlencoded"
+    );
+    const res = await fetchInvite(
+      this.#config,
+      "POST",
+      new URLSearchParams({
+        identifier,
+        csrfToken,
+        callbackUrl,
+        redirectUrl
+      }).toString()
+    );
+    return responseHandler(res, rawResponse);
+  }
+  async acceptInvite(req, rawResponse) {
+    if (!req) {
+      throw new Error("The identifier and token are required.");
+    }
+    const { identifier, token } = req;
+    const defaults = defaultCallbackUrl3(this.#config);
+    const callbackUrl = String(defaults.callbackUrl);
+    const res = await fetchInvite(
+      this.#config,
+      "PUT",
+      new URLSearchParams({
+        identifier,
+        token,
+        callbackUrl
+      }).toString()
+    );
+    return responseHandler(res, rawResponse);
+  }
+  async deleteInvite(req) {
+    let id = "";
+    if (typeof req === "object") {
+      id = req.id;
+    } else {
+      id = req;
+    }
+    if (!id) {
+      throw new Error("An invite id is required.");
+    }
+    const res = await fetchInvite(this.#config, "DELETE", id);
+    return responseHandler(res, true);
+  }
+  #handleContext(req) {
+    if (typeof req === "object") {
+      if ("tenantId" in req) {
+        this.#config.tenantId = req.tenantId;
+      }
+      if ("userId" in req) {
+        this.#config.tenantId = req.tenantId;
+      }
+    }
+  }
+};
+async function responseHandler(res, rawResponse) {
+  if (rawResponse) {
+    return res;
+  }
+  try {
+    return await res?.clone().json();
+  } catch {
+    return res;
+  }
+}
+function defaultCallbackUrl3(config) {
+  let cb = null;
+  let redirect = null;
+  const fallbackCb = parseCallback(config.headers);
+  if (fallbackCb) {
+    const [, value] = fallbackCb.split("=");
+    cb = decodeURIComponent(value);
+    if (value) {
+      redirect = `${new URL(cb).origin}${config.routePrefix}${"/tenants/{tenantId}/invite" /* INVITE */.replace(
+        "{tenantId}",
+        String(config.tenantId)
+      )}`;
+    }
+  }
+  return { callbackUrl: cb, redirectUrl: redirect };
+}
 
 // src/api/handlers/withContext/index.ts
 function handlersWithContext(config) {
-  const GET6 = GETTER(config.routes, config);
-  const POST5 = POSTER(config.routes, config);
-  const DELETE4 = DELETER(config.routes, config);
-  const PUT5 = PUTER(config.routes, config);
+  const GET7 = GETTER(config.routes, config);
+  const POST6 = POSTER(config.routes, config);
+  const DELETE5 = DELETER(config.routes, config);
+  const PUT6 = PUTER(config.routes, config);
   return {
     GET: async (req) => {
-      const response = await GET6(req);
+      const response = await GET7(req);
       const updatedConfig = updateConfig(response, config);
       return { response, nile: new Server(updatedConfig) };
     },
     POST: async (req) => {
-      const response = await POST5(req);
+      const response = await POST6(req);
       const updatedConfig = updateConfig(response, config);
       return { response, nile: new Server(updatedConfig) };
     },
     DELETE: async (req) => {
-      const response = await DELETE4(req);
+      const response = await DELETE5(req);
       const updatedConfig = updateConfig(response, config);
       return { response, nile: new Server(updatedConfig) };
     },
     PUT: async (req) => {
-      const response = await PUT5(req);
+      const response = await PUT6(req);
       const updatedConfig = updateConfig(response, config);
       return { response, nile: new Server(updatedConfig) };
     }
@@ -2234,14 +2820,14 @@ function updateConfig(response, config) {
   if (response?.status === 302) {
     const location = response.headers.get("location");
     if (location) {
-      const normalized = location.endsWith("/") ? location.slice(0, -1) : location;
-      origin = normalized;
+      const urlLocation = new URL(location);
+      origin = urlLocation.origin;
     }
   }
   const setCookies = [];
   if (response?.headers) {
-    for (const [key13, value] of response.headers) {
-      if (key13.toLowerCase() === "set-cookie") {
+    for (const [key17, value] of response.headers) {
+      if (key17.toLowerCase() === "set-cookie") {
         setCookies.push(value);
       }
     }
@@ -2253,9 +2839,68 @@ function updateConfig(response, config) {
   return {
     ...config,
     origin,
-    headers: headers ?? void 0
+    headers: headers ?? void 0,
+    preserveHeaders: true
+  };
+}
+
+// src/api/utils/extensions.ts
+function bindHandleOnRequest(instance) {
+  return async function handleOnRequest(config, _init, params) {
+    const { debug } = config.logger("[EXTENSIONS]");
+    if (config.extensions) {
+      for (const create2 of config.extensions) {
+        if (typeof create2 !== "function") {
+          return void 0;
+        }
+        const ext = await create2(instance);
+        if (ext.onRequest) {
+          const previousContext = instance.getContext();
+          if (previousContext.preserveHeaders) {
+            instance.setContext({ preserveHeaders: false });
+          }
+          await ext.onRequest(_init.request);
+          const updatedContext = instance.getContext();
+          if (updatedContext?.headers) {
+            const cookie = updatedContext.headers.get("cookie");
+            if (cookie) {
+              params.headers.set(
+                "cookie",
+                mergeCookies(
+                  previousContext.preserveHeaders ? previousContext.headers?.get("cookie") : null,
+                  updatedContext.headers.get("cookie")
+                )
+              );
+            }
+            if (updatedContext.tenantId) {
+              params.headers.set(
+                TENANT_COOKIE,
+                String(updatedContext.headers.get(TENANT_COOKIE))
+              );
+            }
+          }
+          debug(`${ext.id ?? create2.name} ran onRequest`);
+        }
+      }
+    }
   };
 }
+function buildExtensionConfig(instance) {
+  return {
+    handleOnRequest: bindHandleOnRequest(instance)
+  };
+}
+function mergeCookies(...cookieStrings) {
+  const cookieMap = /* @__PURE__ */ new Map();
+  for (const str of cookieStrings) {
+    if (!str) continue;
+    for (const part of str.split(";")) {
+      const [key17, value] = part.split("=").map((s) => s.trim());
+      if (key17 && value) cookieMap.set(key17, value);
+    }
+  }
+  return [...cookieMap.entries()].map(([k, v]) => `${k}=${v}`).join("; ");
+}
 
 // src/Server.ts
 var Server = class {
@@ -2267,8 +2912,12 @@ var Server = class {
   #paths;
   #manager;
   #headers;
+  #preserveHeaders;
   constructor(config) {
-    this.#config = new Config(config, "[initial config]");
+    this.#config = new Config({
+      ...config,
+      extensionCtx: buildExtensionConfig(this)
+    });
     watchTenantId((tenantId) => {
       if (tenantId !== this.#config.tenantId) {
         this.#config.tenantId = tenantId;
@@ -2289,6 +2938,7 @@ var Server = class {
       ...this.#config.handlers,
       withContext: handlersWithContext(this.#config)
     };
+    this.#preserveHeaders = config?.preserveHeaders ?? false;
     this.#paths = this.#config.paths;
     this.#config.tenantId = getTenantId({ config: this.#config });
     this.#manager = new DBManager(this.#config);
@@ -2355,6 +3005,10 @@ var Server = class {
       ok = true;
       this.#config.userId = req.userId;
     }
+    if (req && typeof req === "object" && "preserveHeaders" in req) {
+      ok = true;
+      this.#preserveHeaders = Boolean(req.preserveHeaders);
+    }
     if (ok) {
       return;
     }
@@ -2366,7 +3020,7 @@ var Server = class {
         return;
       }
     }
-    const { warn } = Logger(this.#config, "[API]");
+    const { warn } = Logger(this.#config)("[API]");
     if (warn) {
       warn(
         "Set context expects a Request, Header instance or an object of Record<string, string>"
@@ -2377,7 +3031,8 @@ var Server = class {
     return {
       headers: this.#headers,
       userId: this.#config.userId,
-      tenantId: this.#config.tenantId
+      tenantId: this.#config.tenantId,
+      preserveHeaders: this.#preserveHeaders
     };
   }
   /**
@@ -2393,33 +3048,35 @@ var Server = class {
     } else if (config?.headers) {
       headers = config?.headers;
       if (config && config.origin) {
-        this.#headers.set(X_NILE_ORIGIN, config.origin);
+        this.#headers.set(HEADER_ORIGIN, config.origin);
       }
       if (config && config.secureCookies != null) {
-        this.#headers.set(X_NILE_SECURECOOKIES, String(config.secureCookies));
+        this.#headers.set(HEADER_SECURE_COOKIES, String(config.secureCookies));
       }
     }
     if (headers instanceof Headers) {
-      headers.forEach((value, key13) => {
-        updates.push([key13.toLowerCase(), value]);
+      headers.forEach((value, key17) => {
+        updates.push([key17.toLowerCase(), value]);
       });
     } else {
-      for (const [key13, value] of Object.entries(headers ?? {})) {
-        updates.push([key13.toLowerCase(), value]);
+      for (const [key17, value] of Object.entries(headers ?? {})) {
+        updates.push([key17.toLowerCase(), value]);
       }
     }
     const merged = {};
-    this.#headers?.forEach((value, key13) => {
-      if (key13.toLowerCase() !== "cookie") {
-        merged[key13.toLowerCase()] = value;
+    this.#config.tenantId = getTenantFromHttp(this.#headers, this.#config);
+    this.#headers?.forEach((value, key17) => {
+      if (key17.toLowerCase() !== "cookie") {
+        merged[key17.toLowerCase()] = value;
       }
     });
-    for (const [key13, value] of updates) {
-      merged[key13] = value;
+    for (const [key17, value] of updates) {
+      merged[key17] = value;
     }
-    for (const [key13, value] of Object.entries(merged)) {
-      this.#headers.set(key13, value);
+    for (const [key17, value] of Object.entries(merged)) {
+      this.#headers.set(key17, value);
     }
+    this.#config.logger("[handleHeaders]").debug(JSON.stringify(merged));
     this.#config.headers = this.#headers;
   }
   /**
@@ -2440,6 +3097,6 @@ function create(config) {
   return server;
 }
 
-export { APIErrorErrorCodeEnum, LoginUserResponseTokenTypeEnum, create as Nile, Server, parseCSRF, parseCallback, parseToken };
+export { APIErrorErrorCodeEnum, HEADER_ORIGIN, HEADER_SECURE_COOKIES, LoginUserResponseTokenTypeEnum, create as Nile, Server, TENANT_COOKIE, USER_COOKIE, parseCSRF, parseCallback, parseToken };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map