npm - @niledatabase/server - Versions diffs - 5.0.0-alpha.2 → 5.0.0-alpha.20 - Mend

@niledatabase/server 5.0.0-alpha.2 → 5.0.0-alpha.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/index.mjs CHANGED Viewed

@@ -2,6 +2,12 @@ import 'dotenv/config';
 import pg from 'pg';
 // src/types.ts
+var ExtensionState = /* @__PURE__ */ ((ExtensionState2) => {
+  ExtensionState2["onHandleRequest"] = "onHandleRequest";
+  ExtensionState2["onRequest"] = "onRequest";
+  ExtensionState2["onResponse"] = "onResponse";
+  return ExtensionState2;
+})(ExtensionState || {});
 var APIErrorErrorCodeEnum = {
   InternalError: "internal_error",
   BadRequest: "bad_request",
@@ -25,6 +31,12 @@ var LoginUserResponseTokenTypeEnum = {
   IdToken: "ID_TOKEN"
 };
+// src/utils/constants.ts
+var TENANT_COOKIE = "nile.tenant-id";
+var USER_COOKIE = "nile.user-id";
+var HEADER_ORIGIN = "nile-origin";
+var HEADER_SECURE_COOKIES = "nile-secure-cookies";
 // src/api/utils/routes/index.ts
 var NILEDB_API_URL = process.env.NILEDB_API_URL;
 var DEFAULT_PREFIX = "/api";
@@ -47,6 +59,8 @@ var appRoutes = (prefix = DEFAULT_PREFIX) => ({
   TENANT_USER: `${prefix}${"/tenants/{tenantId}/users/{userId}" /* TENANT_USER */}`,
   TENANT_USERS: `${prefix}${"/tenants/{tenantId}/users" /* TENANT_USERS */}`,
   SIGNUP: `${prefix}${"/signup" /* SIGNUP */}`,
+  INVITES: `${prefix}${"/tenants/{tenantId}/invites" /* INVITES */}`,
+  INVITE: `${prefix}${"/tenants/{tenantId}/invite" /* INVITE */}`,
   LOG: `${prefix}/_log`
 });
 var apiRoutes = (config) => ({
@@ -57,6 +71,8 @@ var apiRoutes = (config) => ({
   TENANT: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}`),
   SIGNUP: makeRestUrl(config, "/signup"),
   TENANT_USERS: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/users`),
+  INVITES: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/invites`),
+  INVITE: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/invite`),
   TENANT_USER: makeRestUrl(
     config,
     `/tenants/${config.tenantId}/users/${config.userId}`
@@ -98,9 +114,9 @@ function makeRestUrl(config, path, qp) {
   const strParams = params.toString();
   return `${[url, path.substring(1, path.length)].join("/")}${strParams ? `?${strParams}` : ""}`;
 }
-function urlMatches(requestUrl, route17) {
+function urlMatches(requestUrl, route20) {
   const url = new URL(requestUrl);
-  return url.pathname.startsWith(route17);
+  return url.pathname.startsWith(route20);
 }
 function isUUID(value) {
   if (!value) {
@@ -110,90 +126,26 @@ function isUUID(value) {
   return regex.test(value);
 }
-// src/utils/Logger.ts
-var red = "\x1B[31m";
-var yellow = "\x1B[38;2;255;255;0m";
-var purple = "\x1B[38;2;200;160;255m";
-var orange = "\x1B[38;2;255;165;0m";
-var reset = "\x1B[0m";
-var baseLogger = (config, ...params) => ({
-  info(message, meta) {
-    if (config?.debug) {
-      console.info(
-        `${orange}[niledb]${reset}${purple}[DEBUG]${reset}${params.join(
-          ""
-        )}${reset} ${message}`,
-        meta ? `${JSON.stringify(meta)}` : ""
-      );
-    }
-  },
-  debug(message, meta) {
-    if (config?.debug) {
-      console.debug(
-        `${orange}[niledb]${reset}${purple}[DEBUG]${reset}${params.join(
-          ""
-        )}${reset} ${message}`,
-        meta ? `${JSON.stringify(meta)}` : ""
-      );
-    }
-  },
-  warn(message, meta) {
-    if (config?.debug) {
-      console.warn(
-        `${orange}[niledb]${reset}${yellow}[WARN]${reset}${params.join(
-          ""
-        )}${reset} ${message}`,
-        meta ? JSON.stringify(meta) : ""
-      );
-    }
-  },
-  error(message, meta) {
-    console.error(
-      `${orange}[niledb]${reset}${red}[ERROR]${reset}${params.join(
-        ""
-      )}${red} ${message}`,
-      meta ? meta : "",
-      `${reset}`
-    );
-  }
-});
-function Logger(config, ...params) {
-  const base = baseLogger(config, params);
-  const info = config?.logger?.info ?? base.info;
-  const debug = config?.logger?.debug ?? base.debug;
-  const warn = config?.logger?.warn ?? base.warn;
-  const error = config?.logger?.error ?? base.error;
-  return { info, warn, error, debug };
-}
-function matchesLog(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes.LOG);
-}
-// src/utils/constants.ts
-var X_NILE_TENANT = "nile-tenant-id";
-var X_NILE_ORIGIN = "nile-origin";
-var X_NILE_SECURECOOKIES = "nile-secure-cookies";
 // src/api/utils/request.ts
 async function request(url, _init, config) {
-  const { debug, info, error } = Logger(config, "[REQUEST]");
+  const { debug, info, error } = config.logger("[REQUEST]");
   const { request: request2, ...init } = _init;
   const requestUrl = new URL(request2.url);
   const updatedHeaders = new Headers({});
   if (request2.headers.get("cookie")) {
     updatedHeaders.set("cookie", String(request2.headers.get("cookie")));
   }
-  if (request2.headers.get(X_NILE_TENANT)) {
+  if (request2.headers.get(TENANT_COOKIE)) {
     updatedHeaders.set(
-      X_NILE_TENANT,
-      String(request2.headers.get(X_NILE_TENANT))
+      TENANT_COOKIE,
+      String(request2.headers.get(TENANT_COOKIE))
     );
   }
   if (config.secureCookies != null) {
-    updatedHeaders.set(X_NILE_SECURECOOKIES, String(config.secureCookies));
+    updatedHeaders.set(HEADER_SECURE_COOKIES, String(config.secureCookies));
   } else {
     updatedHeaders.set(
-      X_NILE_SECURECOOKIES,
+      HEADER_SECURE_COOKIES,
       process.env.NODE_ENV === "production" ? "true" : "false"
     );
   }
@@ -201,17 +153,17 @@ async function request(url, _init, config) {
   if (config.callbackUrl) {
     const cbUrl = new URL(config.callbackUrl);
     debug(`Obtained origin from config.callbackUrl ${config.callbackUrl}`);
-    updatedHeaders.set(X_NILE_ORIGIN, cbUrl.origin);
+    updatedHeaders.set(HEADER_ORIGIN, cbUrl.origin);
   } else if (config.origin) {
     debug(`Obtained origin from config.origin ${config.origin}`);
-    updatedHeaders.set(X_NILE_ORIGIN, config.origin);
+    updatedHeaders.set(HEADER_ORIGIN, config.origin);
   } else {
-    const passedOrigin = request2.headers.get(X_NILE_ORIGIN);
+    const passedOrigin = request2.headers.get(HEADER_ORIGIN);
     if (passedOrigin) {
-      updatedHeaders.set(X_NILE_ORIGIN, passedOrigin);
+      updatedHeaders.set(HEADER_ORIGIN, passedOrigin);
     } else {
       const reqOrigin = config.routePrefix !== DEFAULT_PREFIX ? `${requestUrl.origin}${config.routePrefix}` : requestUrl.origin;
-      updatedHeaders.set(X_NILE_ORIGIN, reqOrigin);
+      updatedHeaders.set(HEADER_ORIGIN, reqOrigin);
       debug(`Obtained origin from request ${reqOrigin}`);
     }
   }
@@ -219,14 +171,16 @@ async function request(url, _init, config) {
   if (params.method?.toLowerCase() === "post" || params.method?.toLowerCase() === "put") {
     try {
       updatedHeaders.set("content-type", "application/json");
-      const initBody = await new Response(_init.request.clone().body).json();
-      const requestBody = await new Response(request2.clone().body).json();
-      params.body = JSON.stringify(initBody ?? requestBody);
+      const bodyStream = _init.body ?? _init.request?.body ?? request2.body;
+      const bodyText = await new Response(bodyStream).text();
+      try {
+        params.body = JSON.stringify(JSON.parse(bodyText));
+      } catch {
+        updatedHeaders.set("content-type", "application/x-www-form-urlencoded");
+        params.body = bodyText;
+      }
     } catch (e) {
-      updatedHeaders.set("content-type", "application/x-www-form-urlencoded");
-      const initBody = await new Response(_init.request.clone().body).text();
-      const requestBody = await new Response(request2.clone().body).text();
-      params.body = initBody ?? requestBody;
+      error("Failed to parse request body");
     }
   }
   params.headers = updatedHeaders;
@@ -235,6 +189,12 @@ async function request(url, _init, config) {
     params.headers.set("request-id", crypto.randomUUID());
     params.cache = "no-store";
   }
+  await config.extensionCtx?.runExtensions(
+    "onRequest" /* onRequest */,
+    config,
+    params,
+    _init
+  );
   try {
     const res = await fetch(fullUrl, {
       ...params
@@ -254,6 +214,14 @@ async function request(url, _init, config) {
       statusText: res?.statusText,
       text: await loggingRes?.text()
     });
+    const updatedRes = await config.extensionCtx?.runExtensions(
+      "onResponse" /* onResponse */,
+      config,
+      params
+    );
+    if (updatedRes) {
+      return updatedRes;
+    }
     return res;
   } catch (e) {
     if (e instanceof Error) {
@@ -271,22 +239,19 @@ async function request(url, _init, config) {
 // src/api/utils/auth.ts
 async function auth(req, config) {
-  const { info, error } = Logger(config, "[nileauth]");
+  const { info, error } = config.logger("[nileauth]");
   info("checking auth");
   const sessionUrl = `${config.apiUrl}/auth/session`;
   info(`using session ${sessionUrl}`);
   req.headers.delete("content-length");
   const res = await request(sessionUrl, { request: req }, config);
-  if (!res) {
-    info("no session found");
-    return void 0;
-  }
-  info("session active");
   try {
     const session = await new Response(res.body).json();
     if (Object.keys(session).length === 0) {
+      info("no session found");
       return void 0;
     }
+    info("session active");
     return session;
   } catch (e) {
     error(e);
@@ -372,8 +337,8 @@ function getTokenFromCookie(headers, cookieKey) {
   }
 }
 function getTenantFromHttp(headers, config) {
-  const cookieTenant = getTokenFromCookie(headers, X_NILE_TENANT);
-  return cookieTenant ?? headers?.get(X_NILE_TENANT) ?? config?.tenantId;
+  const cookieTenant = getTokenFromCookie(headers, TENANT_COOKIE);
+  return cookieTenant ? cookieTenant : config?.tenantId;
 }
 // src/api/routes/users/POST.ts
@@ -383,7 +348,7 @@ async function POST(config, init) {
   const yurl = new URL(init.request.url);
   const tenantId = yurl.searchParams.get("tenantId");
   const newTenantName = yurl.searchParams.get("newTenantName");
-  const tenant = tenantId ?? getTenantFromHttp(init.request.headers);
+  const tenant = tenantId ?? getTenantFromHttp(init.request.headers, config);
   const url = apiRoutes(config).USERS({ tenantId: tenant, newTenantName });
   return await request(url, init, config);
 }
@@ -392,21 +357,18 @@ async function POST(config, init) {
 async function GET2(config, init, log) {
   const yurl = new URL(init.request.url);
   const tenantId = yurl.searchParams.get("tenantId");
-  const tenant = tenantId ?? getTenantFromHttp(init.request.headers);
+  const tenant = tenantId ?? getTenantFromHttp(init.request.headers, config);
   if (!tenant) {
     log("[GET] No tenant id provided.");
     return new Response(null, { status: 404 });
   }
-  const url = apiRoutes(config).TENANT_USERS(tenant);
   init.method = "GET";
+  const url = apiRoutes(config).TENANT_USERS(tenant);
   return await request(url, init, config);
 }
 // src/api/routes/users/[userId]/PUT.ts
-async function PUT2(config, session, init) {
-  if (!session) {
-    return new Response(null, { status: 401 });
-  }
+async function PUT2(config, init) {
   init.body = init.request.body;
   init.method = "PUT";
   const [userId] = new URL(init.request.url).pathname.split("/").reverse();
@@ -417,18 +379,14 @@ async function PUT2(config, session, init) {
 // src/api/routes/users/index.ts
 var key2 = "USERS";
 async function route2(request2, config) {
-  const { info } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key2}]`
-  );
-  const session = await auth(request2, config);
+  const { info } = config.logger(`[ROUTES][${key2}]`);
   switch (request2.method) {
     case "GET":
       return await GET2(config, { request: request2 }, info);
     case "POST":
       return await POST(config, { request: request2 });
     case "PUT":
-      return await PUT2(config, session, { request: request2 });
+      return await PUT2(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
@@ -446,7 +404,11 @@ async function GET3(config, init) {
 }
 // src/api/routes/tenants/[tenantId]/users/POST.ts
-async function POST2(config, session, init) {
+async function POST2(config, init) {
+  const session = await auth(init.request, config);
+  if (!session) {
+    return new Response(null, { status: 401 });
+  }
   const yurl = new URL(init.request.url);
   const [, tenantId] = yurl.pathname.split("/").reverse();
   init.body = JSON.stringify({ email: session.email });
@@ -458,15 +420,7 @@ async function POST2(config, session, init) {
 // src/api/routes/tenants/[tenantId]/users/index.ts
 var key3 = "TENANT_USERS";
 async function route3(request2, config) {
-  const { info } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key3}]`
-  );
-  const session = await auth(request2, config);
-  if (!session) {
-    info("401");
-    return new Response(null, { status: 401 });
-  }
+  const { info } = config.logger(`[ROUTES][${key3}]`);
   const yurl = new URL(request2.url);
   const [, tenantId] = yurl.pathname.split("/").reverse();
   if (!tenantId) {
@@ -477,7 +431,7 @@ async function route3(request2, config) {
     case "GET":
       return await GET3(config, { request: request2 });
     case "POST":
-      return await POST2(config, session, { request: request2 });
+      return await POST2(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
@@ -485,21 +439,21 @@ async function route3(request2, config) {
 function matches3(configRoutes, request2) {
   const url = new URL(request2.url);
   const [userId, possibleTenantId, tenantId] = url.pathname.split("/").reverse();
-  let route17 = configRoutes[key3].replace("{tenantId}", tenantId).replace("{userId}", userId);
+  let route20 = configRoutes[key3].replace("{tenantId}", tenantId).replace("{userId}", userId);
   if (userId === "users") {
-    route17 = configRoutes[key3].replace("{tenantId}", possibleTenantId);
+    route20 = configRoutes[key3].replace("{tenantId}", possibleTenantId);
   }
-  return urlMatches(request2.url, route17);
+  return urlMatches(request2.url, route20);
 }
 async function fetchTenantUsers(config, method, payload) {
   const { body, params } = {};
   if (!config.tenantId) {
     throw new Error(
-      'Unable to fetch tenant, the tenantId context is missing. Call nile.setContext({ tenantId }), set nile.tenantId = "tenantId", or add it to the function call'
+      "Unable to fetch the user's tenants, the tenantId context is missing. Call nile.setContext({ tenantId })"
     );
   }
-  if (!isUUID(config.tenantId) && config.logger?.warn) {
-    config.logger?.warn(
+  if (!isUUID(config.tenantId)) {
+    config.logger("fetchTenantUsers").warn(
       "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
     );
   }
@@ -523,8 +477,139 @@ async function fetchTenantUsers(config, method, payload) {
   return await config.handlers[m](req);
 }
+// src/api/routes/tenants/[tenantId]/invite/PUT.ts
+async function PUT3(config, init) {
+  const yurl = new URL(init.request.url);
+  const [, tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
+  }
+  if (yurl.searchParams.size > 0) {
+    init.body = new URLSearchParams(yurl.searchParams).toString();
+  }
+  init.method = "PUT";
+  const url = `${apiRoutes(config).INVITE(tenantId)}`;
+  const res = await request(url, init, config);
+  const location = res?.headers?.get("location");
+  if (location) {
+    return new Response(res?.body, {
+      status: 302,
+      headers: res?.headers
+    });
+  }
+  return new Response(res?.body, {
+    status: res?.status,
+    headers: res?.headers
+  });
+}
+// src/api/routes/tenants/[tenantId]/invite/POST.ts
+async function POST3(config, init) {
+  const yurl = new URL(init.request.url);
+  const [, tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
+  }
+  init.method = "POST";
+  init.body = init.request.body;
+  const url = `${apiRoutes(config).INVITE(tenantId)}`;
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/[tenantId]/invite/index.ts
+var key4 = "INVITE";
+async function route4(request2, config) {
+  switch (request2.method) {
+    // the browser is a GET, but we need to PUT it into nile-auth
+    // server side, this is a put
+    case "GET":
+    case "PUT":
+      return await PUT3(config, { request: request2 });
+    case "POST":
+      return await POST3(config, { request: request2 });
+    default:
+      return new Response("method not allowed", { status: 405 });
+  }
+}
+function matches4(configRoutes, request2) {
+  const url = new URL(request2.url);
+  const [, tenantId] = url.pathname.split("/").reverse();
+  const route20 = configRoutes[key4].replace("{tenantId}", tenantId);
+  return urlMatches(request2.url, route20);
+}
+async function fetchInvite(config, method, body) {
+  if (!config.tenantId) {
+    throw new Error(
+      "Unable to fetch the invite for the tenant, the tenantId context is missing. Call nile.setContext({ tenantId })"
+    );
+  }
+  if (!isUUID(config.tenantId)) {
+    config.logger("fetchInvite").warn(
+      "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
+    );
+  }
+  let clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/invite" /* INVITE */.replace("{tenantId}", config.tenantId)}`;
+  const m = method ?? "GET";
+  const init = {
+    method: m,
+    headers: config.headers
+  };
+  if (method === "POST" || method === "PUT") {
+    init.body = body;
+  }
+  if (method === "DELETE") {
+    clientUrl = `${clientUrl}/${body}`;
+  }
+  const req = new Request(clientUrl, init);
+  return await config.handlers[m](req);
+}
+// src/api/routes/tenants/[tenantId]/invites/GET.ts
+async function GET4(config, init) {
+  const yurl = new URL(init.request.url);
+  const [, tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
+  }
+  init.method = "GET";
+  const url = `${apiRoutes(config).INVITES(tenantId)}`;
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/[tenantId]/invites/index.ts
+var key5 = "INVITES";
+async function route5(request2, config) {
+  switch (request2.method) {
+    case "GET":
+      return await GET4(config, { request: request2 });
+    default:
+      return new Response("method not allowed", { status: 405 });
+  }
+}
+function matches5(configRoutes, request2) {
+  const url = new URL(request2.url);
+  const [, tenantId] = url.pathname.split("/").reverse();
+  const route20 = configRoutes[key5].replace("{tenantId}", tenantId);
+  return url.pathname.endsWith(route20);
+}
+async function fetchInvites(config) {
+  if (!config.tenantId) {
+    throw new Error(
+      "Unable to fetch invites for the tenant, the tenantId context is missing. Call nile.setContext({ tenantId })"
+    );
+  }
+  if (!isUUID(config.tenantId)) {
+    config.logger("fetchInvites").warn(
+      "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
+    );
+  }
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/invites" /* INVITES */.replace("{tenantId}", config.tenantId)}`;
+  const req = new Request(clientUrl, { headers: config.headers });
+  return await config.handlers.GET(req);
+}
 // src/api/routes/tenants/GET.ts
-async function GET4(config, session, init) {
+async function GET5(config, session, init) {
   let url = `${apiRoutes(config).USER_TENANTS(session.id)}`;
   if (typeof session === "object" && "user" in session && session.user) {
     url = `${apiRoutes(config).USER_TENANTS(session.user.id)}`;
@@ -534,7 +619,7 @@ async function GET4(config, session, init) {
 }
 // src/api/routes/tenants/[tenantId]/GET.ts
-async function GET5(config, init, log) {
+async function GET6(config, init, log) {
   const yurl = new URL(init.request.url);
   const [tenantId] = yurl.pathname.split("/").reverse();
   if (!tenantId) {
@@ -559,7 +644,7 @@ async function DELETE2(config, init) {
 }
 // src/api/routes/tenants/[tenantId]/PUT.ts
-async function PUT3(config, init) {
+async function PUT4(config, init) {
   const yurl = new URL(init.request.url);
   const [tenantId] = yurl.pathname.split("/").reverse();
   if (!tenantId) {
@@ -572,7 +657,7 @@ async function PUT3(config, init) {
 }
 // src/api/routes/tenants/POST.ts
-async function POST3(config, init) {
+async function POST4(config, init) {
   init.body = init.request.body;
   init.method = "POST";
   const url = `${apiRoutes(config).TENANTS}`;
@@ -580,12 +665,9 @@ async function POST3(config, init) {
 }
 // src/api/routes/tenants/index.ts
-var key4 = "TENANTS";
-async function route4(request2, config) {
-  const { info } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key4}]`
-  );
+var key6 = "TENANTS";
+async function route6(request2, config) {
+  const { info } = config.logger(`[ROUTES][${key6}]`);
   const session = await auth(request2, config);
   if (!session) {
     info("401");
@@ -595,21 +677,21 @@ async function route4(request2, config) {
   switch (request2.method) {
     case "GET":
       if (isUUID(possibleTenantId)) {
-        return await GET5(config, { request: request2 }, info);
+        return await GET6(config, { request: request2 }, info);
       }
-      return await GET4(config, session, { request: request2 });
+      return await GET5(config, session, { request: request2 });
     case "POST":
-      return await POST3(config, { request: request2 });
+      return await POST4(config, { request: request2 });
     case "DELETE":
       return await DELETE2(config, { request: request2 });
     case "PUT":
-      return await PUT3(config, { request: request2 });
+      return await PUT4(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
 }
-function matches4(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key4]);
+function matches6(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key6]);
 }
 async function fetchTenants(config, method, body) {
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants" /* TENANTS */}`;
@@ -626,11 +708,11 @@ async function fetchTenants(config, method, body) {
 async function fetchTenant(config, method, body) {
   if (!config.tenantId) {
     throw new Error(
-      'Unable to fetch tenant, the tenantId context is missing. Call nile.setContext({ tenantId }), set nile.tenantId = "tenantId", or add it to the function call'
+      "Unable to fetch tenants, the tenantId context is missing. Call nile.setContext({ tenantId })"
     );
   }
-  if (!isUUID(config.tenantId) && config.logger?.warn) {
-    config.logger?.warn(
+  if (!isUUID(config.tenantId)) {
+    config.logger("fetch tenant").warn(
       "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
     );
   }
@@ -647,36 +729,32 @@ async function fetchTenant(config, method, body) {
   return await config.handlers[m](req);
 }
 async function fetchTenantsByUser(config) {
-  if (config.logger?.warn) {
-    if (!config.userId) {
-      config.logger?.warn(
-        "nile.userId is not set. The call will still work for the API, but the database context is not set properly and may lead to unexpected behavior in your application."
-      );
-    } else if (!isUUID(config.userId)) {
-      config.logger?.warn(
-        "nile.userId is not a valid UUID. This may lead to unexpected behavior in your application."
-      );
-    }
+  const { warn } = config.logger("fetchTenantsByUser");
+  if (!config.userId) {
+    warn(
+      "nile.userId is not set. The call will still work for the API, but the database context is not set properly and may lead to unexpected behavior in your application."
+    );
+  } else if (!isUUID(config.userId)) {
+    warn(
+      "nile.userId is not a valid UUID. This may lead to unexpected behavior in your application."
+    );
   }
-  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/users/{userId}/tenants" /* USER_TENANTS */.replace(
-    "{userId}",
-    config.userId ?? "WARN_NOT_SET"
-  )}`;
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants" /* TENANTS */}`;
   const req = new Request(clientUrl, { headers: config.headers });
   return await config.handlers.GET(req);
 }
 // src/api/routes/auth/signin.ts
-var key5 = "SIGNIN";
-async function route5(req, config) {
-  let url = proxyRoutes(config)[key5];
+var key7 = "SIGNIN";
+async function route7(req, config) {
+  let url = proxyRoutes(config)[key7];
   const init = {
     method: req.method,
     headers: req.headers
   };
   if (req.method === "POST") {
     const [provider] = new URL(req.url).pathname.split("/").reverse();
-    url = `${proxyRoutes(config)[key5]}/${provider}`;
+    url = `${proxyRoutes(config)[key7]}/${provider}`;
   }
   const passThroughUrl = new URL(req.url);
   const params = new URLSearchParams(passThroughUrl.search);
@@ -684,8 +762,8 @@ async function route5(req, config) {
   const res = await request(url, { ...init, request: req }, config);
   return res;
 }
-function matches5(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key5]);
+function matches7(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key7]);
 }
 async function fetchSignIn(config, provider, body) {
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/signin" /* SIGNIN */}/${provider}`;
@@ -698,7 +776,7 @@ async function fetchSignIn(config, provider, body) {
 }
 // src/api/routes/auth/session.ts
-async function route6(req, config) {
+async function route8(req, config) {
   return request(
     proxyRoutes(config).SESSION,
     {
@@ -708,7 +786,7 @@ async function route6(req, config) {
     config
   );
 }
-function matches6(configRoutes, request2) {
+function matches8(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.SESSION);
 }
 async function fetchSession(config) {
@@ -721,7 +799,7 @@ async function fetchSession(config) {
 }
 // src/api/routes/auth/providers.ts
-async function route7(req, config) {
+async function route9(req, config) {
   return request(
     proxyRoutes(config).PROVIDERS,
     {
@@ -731,7 +809,7 @@ async function route7(req, config) {
     config
   );
 }
-function matches7(configRoutes, request2) {
+function matches9(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.PROVIDERS);
 }
 async function fetchProviders(config) {
@@ -744,7 +822,7 @@ async function fetchProviders(config) {
 }
 // src/api/routes/auth/csrf.ts
-async function route8(req, config) {
+async function route10(req, config) {
   return request(
     proxyRoutes(config).CSRF,
     {
@@ -754,7 +832,7 @@ async function route8(req, config) {
     config
   );
 }
-function matches8(configRoutes, request2) {
+function matches10(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.CSRF);
 }
 async function fetchCsrf(config) {
@@ -767,17 +845,14 @@ async function fetchCsrf(config) {
 }
 // src/api/routes/auth/callback.ts
-var key6 = "CALLBACK";
-async function route9(req, config) {
-  const { error } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key6}]`
-  );
+var key8 = "CALLBACK";
+async function route11(req, config) {
+  const { error } = config.logger(`[ROUTES][${key8}]`);
   const [provider] = new URL(req.url).pathname.split("/").reverse();
   try {
     const passThroughUrl = new URL(req.url);
     const params = new URLSearchParams(passThroughUrl.search);
-    const url = `${proxyRoutes(config)[key6]}/${provider}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
+    const url = `${proxyRoutes(config)[key8]}/${provider}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
     const res = await request(
       url,
       {
@@ -788,7 +863,7 @@ async function route9(req, config) {
     ).catch((e) => {
       error("an error as occurred", e);
     });
-    const location = res?.headers.get("location");
+    const location = res?.headers?.get("location");
     if (location) {
       return new Response(res?.body, {
         status: 302,
@@ -804,7 +879,7 @@ async function route9(req, config) {
   }
   return new Response("An unexpected error has occurred.", { status: 400 });
 }
-function matches9(configRoutes, request2) {
+function matches11(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.CALLBACK);
 }
 async function fetchCallback(config, provider, body, request2, method = "POST") {
@@ -818,22 +893,22 @@ async function fetchCallback(config, provider, body, request2, method = "POST")
 }
 // src/api/routes/auth/signout.ts
-var key7 = "SIGNOUT";
-async function route10(request2, config) {
-  let url = proxyRoutes(config)[key7];
+var key9 = "SIGNOUT";
+async function route12(request2, config) {
+  let url = proxyRoutes(config)[key9];
   const init = {
     method: request2.method
   };
   if (request2.method === "POST") {
     init.body = request2.body;
     const [provider] = new URL(request2.url).pathname.split("/").reverse();
-    url = `${proxyRoutes(config)[key7]}${provider !== "signout" ? `/${provider}` : ""}`;
+    url = `${proxyRoutes(config)[key9]}${provider !== "signout" ? `/${provider}` : ""}`;
   }
   const res = await request(url, { ...init, request: request2 }, config);
   return res;
 }
-function matches10(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key7]);
+function matches12(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key9]);
 }
 async function fetchSignOut(config, body) {
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/signout" /* SIGNOUT */}`;
@@ -846,10 +921,10 @@ async function fetchSignOut(config, body) {
 }
 // src/api/routes/auth/error.ts
-var key8 = "ERROR";
-async function route11(req, config) {
+var key10 = "ERROR";
+async function route13(req, config) {
   return request(
-    proxyRoutes(config)[key8],
+    proxyRoutes(config)[key10],
     {
       method: req.method,
       request: req
@@ -857,15 +932,15 @@ async function route11(req, config) {
     config
   );
 }
-function matches11(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key8]);
+function matches13(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key10]);
 }
 // src/api/routes/auth/verify-request.ts
-var key9 = "VERIFY_REQUEST";
-async function route12(req, config) {
+var key11 = "VERIFY_REQUEST";
+async function route14(req, config) {
   return request(
-    proxyRoutes(config)[key9],
+    proxyRoutes(config)[key11],
     {
       method: req.method,
       request: req
@@ -873,14 +948,14 @@ async function route12(req, config) {
     config
   );
 }
-function matches12(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key9]);
+function matches14(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key11]);
 }
 // src/api/routes/auth/password-reset.ts
-var key10 = "PASSWORD_RESET";
-async function route13(req, config) {
-  const url = proxyRoutes(config)[key10];
+var key12 = "PASSWORD_RESET";
+async function route15(req, config) {
+  const url = proxyRoutes(config)[key12];
   const res = await request(
     url,
     {
@@ -889,7 +964,7 @@ async function route13(req, config) {
     },
     config
   );
-  const location = res?.headers.get("location");
+  const location = res?.headers?.get("location");
   if (location) {
     return new Response(res?.body, {
       status: 302,
@@ -901,12 +976,14 @@ async function route13(req, config) {
     headers: res?.headers
   });
 }
-function matches13(configRoutes, request2) {
+function matches15(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.PASSWORD_RESET);
 }
-async function fetchResetPassword(config, method, body, params) {
+async function fetchResetPassword(config, method, body, params, useJson = true) {
   const authParams = new URLSearchParams(params ?? {});
-  authParams?.set("json", "true");
+  if (useJson) {
+    authParams?.set("json", "true");
+  }
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/reset-password" /* PASSWORD_RESET */}?${authParams?.toString()}`;
   const init = {
     method,
@@ -920,9 +997,9 @@ async function fetchResetPassword(config, method, body, params) {
 }
 // src/api/routes/auth/verify-email.ts
-var key11 = "VERIFY_EMAIL";
-async function route14(req, config) {
-  const url = proxyRoutes(config)[key11];
+var key13 = "VERIFY_EMAIL";
+async function route16(req, config) {
+  const url = proxyRoutes(config)[key13];
   const res = await request(
     url,
     {
@@ -931,7 +1008,7 @@ async function route14(req, config) {
     },
     config
   );
-  const location = res?.headers.get("location");
+  const location = res?.headers?.get("location");
   if (location) {
     return new Response(res?.body, {
       status: 302,
@@ -943,8 +1020,8 @@ async function route14(req, config) {
     headers: res?.headers
   });
 }
-function matches14(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key11]);
+function matches16(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key13]);
 }
 async function fetchVerifyEmail(config, method, body) {
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/verify-email" /* VERIFY_EMAIL */}`;
@@ -961,71 +1038,154 @@ async function fetchVerifyEmail(config, method, body) {
 // src/api/handlers/GET.ts
 function GETTER(configRoutes, config) {
-  const { info, warn } = Logger(config, "[GET MATCHER]");
-  return async function GET6(req) {
+  const { error, info, warn } = config.logger("[GET MATCHER]");
+  return async function GET7(...params) {
+    const handledRequest = await config.extensionCtx?.runExtensions(
+      "onHandleRequest" /* onHandleRequest */,
+      config,
+      params
+    );
+    if (handledRequest) {
+      return handledRequest;
+    }
+    const req = params[0] instanceof Request ? params[0] : null;
+    if (!req) {
+      error("Proxy requests failed, a Request object was not passed.");
+      return;
+    }
     if (matches(configRoutes, req)) {
       info("matches me");
       return route(req, config);
     }
+    if (matches5(configRoutes, req)) {
+      info("matches tenant invites");
+      return route5(req, config);
+    }
+    if (matches4(configRoutes, req)) {
+      info("matches invite");
+      return route4(req, config);
+    }
     if (matches3(configRoutes, req)) {
       info("matches tenant users");
       return route3(req, config);
     }
+    if (matches6(configRoutes, req)) {
+      info("matches tenants");
+      return route6(req, config);
+    }
     if (matches2(configRoutes, req)) {
       info("matches users");
       return route2(req, config);
     }
-    if (matches4(configRoutes, req)) {
-      info("matches tenants");
-      return route4(req, config);
-    }
-    if (matches6(configRoutes, req)) {
+    if (matches8(configRoutes, req)) {
       info("matches session");
-      return route6(req, config);
+      return route8(req, config);
     }
-    if (matches5(configRoutes, req)) {
+    if (matches7(configRoutes, req)) {
       info("matches signin");
-      return route5(req, config);
+      return route7(req, config);
     }
-    if (matches7(configRoutes, req)) {
+    if (matches9(configRoutes, req)) {
       info("matches providers");
-      return route7(req, config);
+      return route9(req, config);
     }
-    if (matches8(configRoutes, req)) {
+    if (matches10(configRoutes, req)) {
       info("matches csrf");
-      return route8(req, config);
+      return route10(req, config);
     }
-    if (matches13(configRoutes, req)) {
+    if (matches15(configRoutes, req)) {
       info("matches password reset");
-      return route13(req, config);
+      return route15(req, config);
     }
-    if (matches9(configRoutes, req)) {
+    if (matches11(configRoutes, req)) {
       info("matches callback");
-      return route9(req, config);
-    }
-    if (matches10(configRoutes, req)) {
-      info("matches signout");
-      return route10(req, config);
+      return route11(req, config);
     }
     if (matches12(configRoutes, req)) {
-      info("matches verify-request");
+      info("matches signout");
       return route12(req, config);
     }
     if (matches14(configRoutes, req)) {
-      info("matches verify-email");
+      info("matches verify-request");
       return route14(req, config);
     }
-    if (matches11(configRoutes, req)) {
+    if (matches16(configRoutes, req)) {
+      info("matches verify-email");
+      return route16(req, config);
+    }
+    if (matches13(configRoutes, req)) {
       info("matches error");
-      return route11(req, config);
+      return route13(req, config);
     }
     warn(`No GET routes matched ${req.url}`);
     return new Response(null, { status: 404 });
   };
 }
+// src/utils/Logger.ts
+var red = "\x1B[31m";
+var yellow = "\x1B[38;2;255;255;0m";
+var purple = "\x1B[38;2;200;160;255m";
+var orange = "\x1B[38;2;255;165;0m";
+var reset = "\x1B[0m";
+var baseLogger = (config, ...params) => ({
+  info(message, meta) {
+    if (config?.debug) {
+      console.info(
+        `${orange}[niledb]${reset}${purple}[DEBUG]${reset}${params.join(
+          ""
+        )}${reset} ${message}`,
+        meta ? `${JSON.stringify(meta)}` : ""
+      );
+    }
+  },
+  debug(message, meta) {
+    if (config?.debug) {
+      console.debug(
+        `${orange}[niledb]${reset}${purple}[DEBUG]${reset}${params.join(
+          ""
+        )}${reset} ${message}`,
+        meta ? `${JSON.stringify(meta)}` : ""
+      );
+    }
+  },
+  warn(message, meta) {
+    if (config?.debug) {
+      console.warn(
+        `${orange}[niledb]${reset}${yellow}[WARN]${reset}${params.join(
+          ""
+        )}${reset} ${message}`,
+        meta ? JSON.stringify(meta) : ""
+      );
+    }
+  },
+  error(message, meta) {
+    console.error(
+      `${orange}[niledb]${reset}${red}[ERROR]${reset}${params.join(
+        ""
+      )}${red} ${message}`,
+      meta ? meta : "",
+      `${reset}`
+    );
+  }
+});
+function Logger(config) {
+  return (prefixes) => {
+    const { info, debug, warn, error } = config && typeof config?.logger === "function" ? config.logger(prefixes) : baseLogger(config, prefixes);
+    return {
+      info,
+      debug,
+      warn,
+      error
+    };
+  };
+}
+function matchesLog(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes.LOG);
+}
 // src/api/routes/signup/POST.ts
-async function POST4(config, init) {
+async function POST5(config, init) {
   init.body = init.request.body;
   init.method = "POST";
   const url = `${apiRoutes(config).SIGNUP}`;
@@ -1033,17 +1193,17 @@ async function POST4(config, init) {
 }
 // src/api/routes/signup/index.tsx
-var key12 = "SIGNUP";
-async function route15(request2, config) {
+var key14 = "SIGNUP";
+async function route17(request2, config) {
   switch (request2.method) {
     case "POST":
-      return await POST4(config, { request: request2 });
+      return await POST5(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
 }
-function matches15(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key12]);
+function matches17(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key14]);
 }
 async function fetchSignUp(config, payload) {
   const { body, params } = payload ?? {};
@@ -1065,8 +1225,21 @@ async function fetchSignUp(config, payload) {
 // src/api/handlers/POST.ts
 function POSTER(configRoutes, config) {
-  const { info, warn, error } = Logger(config, "[POST MATCHER]");
-  return async function POST5(req) {
+  const { info, warn, error } = config.logger("[POST MATCHER]");
+  return async function POST6(...params) {
+    const handledRequest = await config.extensionCtx?.runExtensions(
+      "onHandleRequest" /* onHandleRequest */,
+      config,
+      params
+    );
+    if (handledRequest) {
+      return handledRequest;
+    }
+    const req = params[0] instanceof Request ? params[0] : null;
+    if (!req) {
+      error("Proxy requests failed, a Request object was not passed.");
+      return;
+    }
     if (matchesLog(configRoutes, req)) {
       try {
         const json = await req.clone().json();
@@ -1080,49 +1253,53 @@ function POSTER(configRoutes, config) {
       info("matches tenant users");
       return route3(req, config);
     }
-    if (matches15(configRoutes, req)) {
+    if (matches4(configRoutes, req)) {
+      info("matches tenant invite");
+      return route4(req, config);
+    }
+    if (matches17(configRoutes, req)) {
       info("matches signup");
-      return route15(req, config);
+      return route17(req, config);
     }
     if (matches2(configRoutes, req)) {
       info("matches users");
       return route2(req, config);
     }
-    if (matches4(configRoutes, req)) {
-      info("matches tenants");
-      return route4(req, config);
-    }
     if (matches6(configRoutes, req)) {
-      info("matches session");
+      info("matches tenants");
       return route6(req, config);
     }
-    if (matches5(configRoutes, req)) {
-      info("matches signin");
-      return route5(req, config);
-    }
-    if (matches13(configRoutes, req)) {
-      info("matches password reset");
-      return route13(req, config);
+    if (matches8(configRoutes, req)) {
+      info("matches session");
+      return route8(req, config);
     }
     if (matches7(configRoutes, req)) {
-      info("matches providers");
+      info("matches signin");
       return route7(req, config);
     }
-    if (matches8(configRoutes, req)) {
-      info("matches csrf");
-      return route8(req, config);
+    if (matches15(configRoutes, req)) {
+      info("matches password reset");
+      return route15(req, config);
     }
     if (matches9(configRoutes, req)) {
-      info("matches callback");
+      info("matches providers");
       return route9(req, config);
     }
     if (matches10(configRoutes, req)) {
-      info("matches signout");
+      info("matches csrf");
       return route10(req, config);
     }
-    if (matches14(configRoutes, req)) {
+    if (matches11(configRoutes, req)) {
+      info("matches callback");
+      return route11(req, config);
+    }
+    if (matches12(configRoutes, req)) {
+      info("matches signout");
+      return route12(req, config);
+    }
+    if (matches16(configRoutes, req)) {
       info("matches verify-email");
-      return route14(req, config);
+      return route16(req, config);
     }
     warn(`No POST routes matched ${req.url}`);
     return new Response(null, { status: 404 });
@@ -1141,7 +1318,7 @@ async function DELETE3(config, init) {
 }
 // src/api/routes/tenants/[tenantId]/users/[userId]/PUT.ts
-async function PUT4(config, init) {
+async function PUT5(config, init) {
   const yurl = new URL(init.request.url);
   const [, userId, , tenantId] = yurl.pathname.split("/").reverse();
   config.tenantId = tenantId;
@@ -1152,12 +1329,9 @@ async function PUT4(config, init) {
 }
 // src/api/routes/tenants/[tenantId]/users/[userId]/index.ts
-var key13 = "TENANT_USER";
-async function route16(request2, config) {
-  const { info } = Logger(
-    { ...config, debug: config.debug },
-    `[ROUTES][${key13}]`
-  );
+var key15 = "TENANT_USER";
+async function route18(request2, config) {
+  const { info } = config.logger(`[ROUTES][${key15}]`);
   const session = await auth(request2, config);
   if (!session) {
     info("401");
@@ -1171,21 +1345,21 @@ async function route16(request2, config) {
   }
   switch (request2.method) {
     case "PUT":
-      return await PUT4(config, { request: request2 });
+      return await PUT5(config, { request: request2 });
     case "DELETE":
       return await DELETE3(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
 }
-function matches16(configRoutes, request2) {
+function matches18(configRoutes, request2) {
   const url = new URL(request2.url);
   const [, userId, possibleTenantId, tenantId] = url.pathname.split("/").reverse();
-  let route17 = configRoutes[key13].replace("{tenantId}", tenantId).replace("{userId}", userId);
+  let route20 = configRoutes[key15].replace("{tenantId}", tenantId).replace("{userId}", userId);
   if (userId === "users") {
-    route17 = configRoutes[key13].replace("{tenantId}", possibleTenantId);
+    route20 = configRoutes[key15].replace("{tenantId}", possibleTenantId);
   }
-  return urlMatches(request2.url, route17);
+  return urlMatches(request2.url, route20);
 }
 async function fetchTenantUser(config, method) {
   if (!config.tenantId) {
@@ -1209,21 +1383,63 @@ async function fetchTenantUser(config, method) {
   return await config.handlers[method](req);
 }
+// src/api/routes/tenants/[tenantId]/invite/[inviteId]/DELETE.ts
+async function DELETE4(config, init) {
+  const yurl = new URL(init.request.url);
+  const [inviteId, , tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
+  }
+  init.method = "DELETE";
+  const url = `${apiRoutes(config).INVITE(tenantId)}/${inviteId}`;
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/[tenantId]/invite/[inviteId]/index.ts
+var key16 = "INVITE";
+async function route19(request2, config) {
+  switch (request2.method) {
+    case "DELETE":
+      return await DELETE4(config, { request: request2 });
+    default:
+      return new Response("method not allowed", { status: 405 });
+  }
+}
+function matches19(configRoutes, request2) {
+  const url = new URL(request2.url);
+  const [inviteId, , tenantId] = url.pathname.split("/").reverse();
+  const route20 = configRoutes[key16].replace("{tenantId}", tenantId).replace("{inviteId}", inviteId);
+  return urlMatches(request2.url, route20);
+}
 // src/api/handlers/DELETE.ts
 function DELETER(configRoutes, config) {
-  const { info, warn } = Logger(config, "[DELETE MATCHER]");
-  return async function DELETE4(req) {
-    if (matches16(configRoutes, req)) {
-      info("matches tenant user");
-      return route16(req, config);
+  const { error, info, warn } = config.logger("[DELETE MATCHER]");
+  return async function DELETE5(...params) {
+    const handledRequest = await config.extensionCtx?.runExtensions(
+      "onHandleRequest" /* onHandleRequest */,
+      config,
+      params
+    );
+    if (handledRequest) {
+      return handledRequest;
     }
-    if (matches3(configRoutes, req)) {
-      info("matches tenant users");
-      return route3(req, config);
+    const req = params[0] instanceof Request ? params[0] : null;
+    if (!req) {
+      error("Proxy requests failed, a Request object was not passed.");
+      return;
     }
-    if (matches4(configRoutes, req)) {
+    if (matches19(configRoutes, req)) {
+      info("matches tenant invite id");
+      return route19(req, config);
+    }
+    if (matches18(configRoutes, req)) {
+      info("matches tenant user");
+      return route18(req, config);
+    }
+    if (matches6(configRoutes, req)) {
       info("matches tenants");
-      return route4(req, config);
+      return route6(req, config);
     }
     if (matches(configRoutes, req)) {
       info("matches me");
@@ -1236,11 +1452,28 @@ function DELETER(configRoutes, config) {
 // src/api/handlers/PUT.ts
 function PUTER(configRoutes, config) {
-  const { info, warn } = Logger(config, "[PUT MATCHER]");
-  return async function PUT5(req) {
-    if (matches16(configRoutes, req)) {
+  const { error, info, warn } = config.logger("[PUT MATCHER]");
+  return async function PUT6(...params) {
+    const handledRequest = await config.extensionCtx?.runExtensions(
+      "onHandleRequest" /* onHandleRequest */,
+      config,
+      params
+    );
+    if (handledRequest) {
+      return handledRequest;
+    }
+    const req = params[0] instanceof Request ? params[0] : null;
+    if (!req) {
+      error("Proxy requests failed, a Request object was not passed.");
+      return;
+    }
+    if (matches4(configRoutes, req)) {
+      info("matches tenant invite");
+      return route4(req, config);
+    }
+    if (matches18(configRoutes, req)) {
       info("matches tenant user");
-      return route16(req, config);
+      return route18(req, config);
     }
     if (matches3(configRoutes, req)) {
       info("matches tenant users");
@@ -1254,13 +1487,13 @@ function PUTER(configRoutes, config) {
       info("matches me");
       return route(req, config);
     }
-    if (matches4(configRoutes, req)) {
+    if (matches6(configRoutes, req)) {
       info("matches tenants");
-      return route4(req, config);
+      return route6(req, config);
     }
-    if (matches13(configRoutes, req)) {
+    if (matches15(configRoutes, req)) {
       info("matches reset password");
-      return route13(req, config);
+      return route15(req, config);
     }
     warn("No PUT routes matched");
     return new Response(null, { status: 404 });
@@ -1269,15 +1502,15 @@ function PUTER(configRoutes, config) {
 // src/api/handlers/index.ts
 function Handlers(configRoutes, config) {
-  const GET6 = GETTER(configRoutes, config);
-  const POST5 = POSTER(configRoutes, config);
-  const DELETE4 = DELETER(configRoutes, config);
-  const PUT5 = PUTER(configRoutes, config);
+  const GET7 = GETTER(configRoutes, config);
+  const POST6 = POSTER(configRoutes, config);
+  const DELETE5 = DELETER(configRoutes, config);
+  const PUT6 = PUTER(configRoutes, config);
   return {
-    GET: GET6,
-    POST: POST5,
-    DELETE: DELETE4,
-    PUT: PUT5
+    GET: GET7,
+    POST: POST6,
+    DELETE: DELETE5,
+    PUT: PUT6
   };
 }
 var getApiUrl = (cfg) => {
@@ -1310,15 +1543,16 @@ var getSecureCookies = (cfg) => {
   return void 0;
 };
 var getUsername = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[username]");
+  const { config } = cfg;
+  const logger = config.logger;
+  const { info } = logger();
   if (config?.user) {
-    logger && info(`${logger}[config] ${config.user}`);
+    info(`[config] ${config.user}`);
     return String(config?.user);
   }
   const user = stringCheck(process.env.NILEDB_USER);
   if (user) {
-    logger && info(`${logger}[NILEDB_USER] ${user}`);
+    info(`[NILEDB_USER] ${user}`);
     return user;
   }
   const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
@@ -1336,16 +1570,16 @@ var getUsername = (cfg) => {
   );
 };
 var getPassword = (cfg) => {
-  const { config, logger } = cfg;
+  const { config } = cfg;
+  const logger = config.logger;
   const log = logProtector(logger);
-  const { info } = Logger(config, "[password]");
   if (stringCheck(config?.password)) {
-    log && info(`${logger}[config] ***`);
+    log && log("[config]").info("***");
     return String(config?.password);
   }
   const pass = stringCheck(process.env.NILEDB_PASSWORD);
   if (pass) {
-    logger && info(`${logger}[NILEDB_PASSWORD] ***`);
+    logger("[NILEDB_PASSWORD]").info("***");
     return pass;
   }
   const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
@@ -1363,15 +1597,15 @@ var getPassword = (cfg) => {
   );
 };
 var getDatabaseName = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[databaseName]");
+  const { config } = cfg;
+  const { info } = config.logger("[databaseName]");
   if (stringCheck(config?.databaseName)) {
-    logger && info(`${logger}[config] ${config?.databaseName}`);
+    info(`[config] ${config?.databaseName}`);
     return String(config?.databaseName);
   }
   const name = stringCheck(process.env.NILEDB_NAME);
   if (name) {
-    logger && info(`${logger}[NILEDB_NAME] ${name}`);
+    info(`[NILEDB_NAME] ${name}`);
     return name;
   }
   if (process.env.NILEDB_POSTGRES_URL) {
@@ -1386,50 +1620,52 @@ var getDatabaseName = (cfg) => {
   );
 };
 var getTenantId = (cfg) => {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[tenantId]");
+  const { config } = cfg;
+  const { info } = config.logger("[tenantId]");
   if (stringCheck(config?.tenantId)) {
-    logger && info(`${logger}[config] ${config?.tenantId}`);
+    info(`[config] ${config?.tenantId}`);
     return String(config?.tenantId);
   }
   if (stringCheck(process.env.NILEDB_TENANT)) {
-    logger && info(`${logger}[NILEDB_TENANT] ${process.env.NILEDB_TENANT}`);
+    info(`[NILEDB_TENANT] ${process.env.NILEDB_TENANT}`);
     return String(process.env.NILEDB_TENANT);
   }
   return null;
 };
 function getDbHost(cfg) {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[db.host]");
+  const { config } = cfg;
+  const logger = config.logger;
+  const { info } = logger("[db.host]");
   if (stringCheck(config?.db && config.db.host)) {
-    logger && info(`${logger}[config] ${config?.db?.host}`);
+    info(`[config] ${config?.db?.host}`);
     return String(config?.db?.host);
   }
   if (stringCheck(process.env.NILEDB_HOST)) {
-    logger && info(`${logger}[NILEDB_HOST] ${process.env.NILEDB_HOST}`);
+    info(`[NILEDB_HOST] ${process.env.NILEDB_HOST}`);
     return process.env.NILEDB_HOST;
   }
   const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
   if (pg2) {
     try {
       const pgUrl = new URL(pg2);
-      logger && info(`${logger}[NILEDB_POSTGRES_URL] ${pgUrl.hostname}`);
+      info(`[NILEDB_POSTGRES_URL] ${pgUrl.hostname}`);
       return pgUrl.hostname;
     } catch (e) {
     }
   }
-  logger && info(`${logger}[default] db.thenile.dev`);
+  info("[default] db.thenile.dev");
   return "db.thenile.dev";
 }
 function getDbPort(cfg) {
-  const { config, logger } = cfg;
-  const { info } = Logger(config, "[db.port]");
+  const { config } = cfg;
+  const logger = config.logger;
+  const { info } = logger("[db.port]");
   if (config?.db?.port && config.db.port != null) {
-    logger && info(`${logger}[config] ${config?.db.port}`);
+    info(`[config] ${config?.db.port}`);
     return Number(config.db?.port);
   }
   if (stringCheck(process.env.NILEDB_PORT)) {
-    logger && info(`${logger}[NILEDB_PORT] ${process.env.NILEDB_PORT}`);
+    info(`[NILEDB_PORT] ${process.env.NILEDB_PORT}`);
     return Number(process.env.NILEDB_PORT);
   }
   const pg2 = stringCheck(process.env.NILEDB_POSTGRES_URL);
@@ -1442,7 +1678,7 @@ function getDbPort(cfg) {
     } catch (e) {
     }
   }
-  logger && info(`${logger}[default] 5432`);
+  info("[default] 5432");
   return 5432;
 }
 var logProtector = (logger) => {
@@ -1460,6 +1696,8 @@ var Config = class {
   routes;
   handlers;
   paths;
+  extensionCtx;
+  extensions;
   logger;
   /**
    * Stores the set tenant id from Server for use in sub classes
@@ -1493,15 +1731,19 @@ var Config = class {
    */
   routePrefix;
   db;
-  // api: ApiConfig;
-  constructor(config, logger) {
-    const envVarConfig = { config, logger };
+  constructor(config) {
     this.routePrefix = config?.routePrefix ?? "/api";
-    this.secureCookies = getSecureCookies(envVarConfig);
-    this.callbackUrl = getCallbackUrl(envVarConfig);
     this.debug = config?.debug;
     this.origin = config?.origin;
+    this.extensions = config?.extensions;
+    this.extensionCtx = config?.extensionCtx;
     this.serverOrigin = config?.origin ?? "http://localhost:3000";
+    this.logger = Logger(config);
+    const envVarConfig = {
+      config: { ...config, logger: this.logger }
+    };
+    this.secureCookies = getSecureCookies(envVarConfig);
+    this.callbackUrl = getCallbackUrl(envVarConfig);
     this.apiUrl = getApiUrl(envVarConfig);
     const user = getUsername(envVarConfig);
     const password = getPassword(envVarConfig);
@@ -1568,7 +1810,6 @@ var Config = class {
     };
     this.tenantId = config?.tenantId;
     this.userId = config?.userId;
-    this.logger = config?.logger;
   }
 };
@@ -1602,6 +1843,9 @@ var Eventer = class {
   }
 };
 var eventer = new Eventer();
+var updateTenantId = (tenantId) => {
+  eventer.publish("tenantId" /* Tenant */, tenantId);
+};
 var watchTenantId = (cb) => eventer.subscribe("tenantId" /* Tenant */, cb);
 var watchUserId = (cb) => eventer.subscribe("userId" /* User */, cb);
 var evictPool = (val) => {
@@ -1615,7 +1859,7 @@ var watchHeaders = (cb) => eventer.subscribe("headers" /* Headers */, cb);
 // src/db/PoolProxy.ts
 function createProxyForPool(pool, config) {
-  const { info, error } = Logger(config, "[pool]");
+  const { info, error } = config.logger("[pool]");
   return new Proxy(pool, {
     get(target, property) {
       if (property === "query") {
@@ -1651,7 +1895,7 @@ var NileDatabase = class {
   config;
   timer;
   constructor(config, id) {
-    const { warn, info, debug } = Logger(config, "[NileInstance]");
+    const { warn, info, debug } = config.logger("[NileInstance]");
     this.id = id;
     const poolConfig = {
       min: 0,
@@ -1680,7 +1924,7 @@ var NileDatabase = class {
         `${this.id}-${this.timer}`
       );
       afterCreate2(client, (err) => {
-        const { error } = Logger(config, "[after create callback]");
+        const { error } = config.logger("[after create callback]");
         if (err) {
           clearTimeout(this.timer);
           error("after create failed", {
@@ -1708,7 +1952,7 @@ var NileDatabase = class {
     });
   }
   startTimeout() {
-    const { debug } = Logger(this.config, "[NileInstance]");
+    const { debug } = this.config.logger("[NileInstance]");
     if (this.timer) {
       clearTimeout(this.timer);
     }
@@ -1723,7 +1967,7 @@ var NileDatabase = class {
     }, Number(this.config.db.idleTimeoutMillis) ?? 3e4);
   }
   shutdown() {
-    const { debug } = Logger(this.config, "[NileInstance]");
+    const { debug } = this.config.logger("[NileInstance]");
     debug(`attempting to shut down ${this.id}`);
     clearTimeout(this.timer);
     this.pool.end(() => {
@@ -1733,7 +1977,7 @@ var NileDatabase = class {
 };
 var NileInstance_default = NileDatabase;
 function makeAfterCreate(config, id) {
-  const { error, warn, debug } = Logger(config, "[afterCreate]");
+  const { error, warn, debug } = config.logger("[afterCreate]");
   return (conn, done) => {
     conn.on("error", function errorHandler(e) {
       error(`Connection ${id} was terminated by server`, {
@@ -1797,7 +2041,7 @@ var DBManager = class {
     watchEvictPool(this.poolWatcherFn);
   }
   poolWatcher = (config) => (id) => {
-    const { info, warn } = Logger(config, "[DBManager]");
+    const { info, warn } = Logger(config)("[DBManager]");
     if (id && this.connections.has(id)) {
       info(`Removing ${id} from db connection pool.`);
       const connection = this.connections.get(id);
@@ -1808,7 +2052,7 @@ var DBManager = class {
     }
   };
   getConnection = (config) => {
-    const { info } = Logger(config, "[DBManager]");
+    const { info } = Logger(config)("[DBManager]");
     const id = this.makeId(config.tenantId, config.userId);
     const existing = this.connections.get(id);
     info(`# of instances: ${this.connections.size}`);
@@ -1827,7 +2071,7 @@ var DBManager = class {
     return newOne.pool;
   };
   clear = (config) => {
-    const { info } = Logger(config, "[DBManager]");
+    const { info } = Logger(config)("[DBManager]");
     info(`Clearing all connections ${this.connections.size}`);
     this.cleared = true;
     this.connections.forEach((connection) => {
@@ -1841,9 +2085,15 @@ var DBManager = class {
 var Auth = class {
   #logger;
   #config;
+  /**
+   * Create an Auth helper.
+   *
+   * @param config - runtime configuration used by the underlying fetch helpers
+   *   such as `serverOrigin`, `routePrefix` and default headers.
+   */
   constructor(config) {
     this.#config = config;
-    this.#logger = Logger(config, "[auth]");
+    this.#logger = config.logger("[auth]");
   }
   async getSession(rawResponse = false) {
     const res = await fetchSession(this.#config);
@@ -1861,7 +2111,7 @@ var Auth = class {
     }
   }
   async getCsrf(rawResponse = false) {
-    return await getCsrf(this.#config, rawResponse);
+    return await obtainCsrf(this.#config, rawResponse);
   }
   async listProviders(rawResponse = false) {
     const res = await fetchProviders(this.#config);
@@ -1874,6 +2124,12 @@ var Auth = class {
       return res;
     }
   }
+  /**
+   * Sign the current user out by calling `/api/auth/signout`.
+   *
+   * The CSRF token is fetched automatically and the stored cookies are cleared
+   * from the internal configuration once the request completes.
+   */
   async signOut() {
     const csrfRes = await this.getCsrf();
     if (!("csrfToken" in csrfRes)) {
@@ -1931,16 +2187,71 @@ var Auth = class {
       return res;
     }
     try {
-      return await res.clone().json();
+      const json = await res.clone().json();
+      if (json && typeof json === "object" && "tenants" in json) {
+        const tenantId = json.tenants[0];
+        if (tenantId) {
+          updateTenantId(tenantId);
+        }
+      }
+      return json;
     } catch {
       return res;
     }
   }
+  /**
+   * Request a password reset email.
+   *
+   * Sends a `POST` to `/api/auth/password-reset` with the provided email and
+   * optional callback information. The endpoint responds with a redirect URL
+   * which is returned as a {@link Response} object.
+   */
+  async forgotPassword(req) {
+    let email = "";
+    const defaults = defaultCallbackUrl({
+      config: this.#config
+    });
+    let callbackUrl = defaults.callbackUrl;
+    let redirectUrl = defaults.redirectUrl;
+    if ("email" in req) {
+      email = req.email;
+    }
+    if ("callbackUrl" in req) {
+      callbackUrl = req.callbackUrl ? req.callbackUrl : null;
+    }
+    if ("redirectUrl" in req) {
+      redirectUrl = req.redirectUrl ? req.redirectUrl : null;
+    }
+    const body = JSON.stringify({
+      email,
+      redirectUrl,
+      callbackUrl
+    });
+    const data = await fetchResetPassword(
+      this.#config,
+      "POST",
+      body,
+      new URLSearchParams(),
+      false
+    );
+    return data;
+  }
+  /**
+   * Complete a password reset.
+   *
+   * This workflow expects a token obtained from {@link forgotPassword}. The
+   * function performs a POST/GET/PUT sequence against
+   * `/api/auth/password-reset` as described in the OpenAPI specification.
+   *
+   * @param req - either a {@link Request} with a JSON body or an object
+   *   containing the necessary fields.
+   */
   async resetPassword(req) {
     let email = "";
     let password = "";
-    let callbackUrl = null;
-    let redirectUrl = null;
+    const defaults = defaultCallbackUrl({ config: this.#config });
+    let callbackUrl = defaults.callbackUrl;
+    let redirectUrl = defaults.redirectUrl;
     if (req instanceof Request) {
       const body2 = await req.json();
       email = body2.email;
@@ -1969,19 +2280,6 @@ var Auth = class {
         redirectUrl = req.redirectUrl ? req.redirectUrl : null;
       }
     }
-    const fallbackCb = parseCallback(this.#config.headers);
-    if (fallbackCb) {
-      const [, value] = fallbackCb.split("=");
-      if (value) {
-        const parsedUrl = decodeURIComponent(value);
-        if (!redirectUrl) {
-          redirectUrl = `${new URL(parsedUrl).origin}${"/auth/reset-password" /* PASSWORD_RESET */}`;
-        }
-      }
-      if (!callbackUrl) {
-        callbackUrl = value;
-      }
-    }
     await this.getCsrf();
     const body = JSON.stringify({
       email,
@@ -2037,6 +2335,12 @@ var Auth = class {
     updateHeaders(updatedHeaders);
     return res;
   }
+  /**
+   * Low level helper used by {@link signIn} to complete provider flows.
+   *
+   * Depending on the provider this issues either a GET or POST request to
+   * `/api/auth/callback/{provider}` via {@link fetchCallback}.
+   */
   async callback(provider, body) {
     if (body instanceof Request) {
       this.#config.headers = body.headers;
@@ -2101,6 +2405,9 @@ var Auth = class {
     }
     info(`Obtaining providers for ${email}`);
     info(`Attempting sign in with email ${email}`);
+    if (!email) {
+      throw new Error("Email missing from payload, unable to sign in");
+    }
     const body = JSON.stringify({
       email,
       password,
@@ -2122,7 +2429,7 @@ var Auth = class {
       }
       if (urlError) {
         error("Unable to log user in", { error: urlError });
-        return void 0;
+        return new Response(urlError, { status: signInRes.status });
       }
     }
     if (!token) {
@@ -2200,11 +2507,25 @@ function parseResetToken(headers) {
   const [, token] = /((__Secure-)?nile\.reset=[^;]+)/.exec(authCookie) ?? [];
   return token;
 }
+function defaultCallbackUrl({ config }) {
+  let cb = null;
+  let redirect = null;
+  const fallbackCb = parseCallback(config.headers);
+  if (fallbackCb) {
+    const [, value] = fallbackCb.split("=");
+    cb = decodeURIComponent(value);
+    if (value) {
+      redirect = `${new URL(cb).origin}${"/auth/reset-password" /* PASSWORD_RESET */}`;
+    }
+  }
+  return { callbackUrl: cb, redirectUrl: redirect };
+}
-// src/auth/getCsrf.ts
-async function getCsrf(config, rawResponse = false) {
+// src/auth/obtainCsrf.ts
+async function obtainCsrf(config, rawResponse = false) {
   const res = await fetchCsrf(config);
   const csrfCook = parseCSRF(res.headers);
+  const h = new Headers();
   if (csrfCook) {
     const [, value] = csrfCook.split("=");
     const [token] = decodeURIComponent(value).split("|");
@@ -2216,7 +2537,8 @@ async function getCsrf(config, rawResponse = false) {
         parseToken(res.headers)
       ].filter(Boolean).join("; ");
       config.headers.set("cookie", cookie);
-      updateHeaders(new Headers({ cookie }));
+      h.set("cookie", cookie);
+      updateHeaders(h);
     }
     if (!rawResponse) {
       return { csrfToken: token };
@@ -2253,10 +2575,23 @@ async function getCsrf(config, rawResponse = false) {
 var Users = class {
   #config;
   #logger;
+  /**
+   * Create a new Users helper.
+   * @param config - The configuration used for requests.
+   */
   constructor(config) {
     this.#config = config;
-    this.#logger = Logger(config, "[me]");
+    this.#logger = config.logger("[me]");
   }
+  /**
+   * Update the current user via `PUT /api/me`.
+   *
+   * The OpenAPI description for this endpoint can be found in
+   * `packages/server/src/api/routes/me/index.ts` under `updateSelf`.
+   *
+   * @param req - Partial user fields to send.
+   * @param [rawResponse] - When `true`, return the raw {@link Response}.
+   */
   async updateSelf(req, rawResponse) {
     const res = await fetchMe(this.#config, "PUT", JSON.stringify(req));
     if (rawResponse) {
@@ -2268,6 +2603,13 @@ var Users = class {
       return res;
     }
   }
+  /**
+   * Remove the current user using `DELETE /api/me`.
+   *
+   * After the request the authentication headers are cleared with
+   * {@link updateHeaders}. The OpenAPI docs for this route are in
+   * `packages/server/src/api/routes/me/index.ts` under `removeSelf`.
+   */
   async removeSelf() {
     const me = await this.getSelf();
     if ("id" in me) {
@@ -2288,50 +2630,71 @@ var Users = class {
       return res;
     }
   }
-  async verifySelf(bypassEmail = process.env.NODE_ENV !== "production", rawResponse = false) {
+  async verifySelf(options, rawResponse = false) {
+    const bypassEmail = typeof options === "object" ? options.bypassEmail ?? process.env.NODE_ENV !== "production" : process.env.NODE_ENV !== "production";
+    const callbackUrl = typeof options === "object" ? options.callbackUrl : defaultCallbackUrl2(this.#config).callbackUrl;
+    let res;
     try {
       const me = await this.getSelf();
       if (me instanceof Response) {
         return me;
       }
-      const res = await verifyEmailAddress(this.#config, me);
+      res = await verifyEmailAddress(this.#config, me, String(callbackUrl));
       return res;
     } catch {
-      this.#logger?.warn(
-        "Unable to verify email. The current user's email will be set to verified any way. Be sure to configure emails for production."
-      );
+      const message = "Unable to verify email.";
+      this.#logger?.warn(message);
+      res = new Response(message, { status: 400 });
     }
     if (bypassEmail) {
-      return await this.updateSelf({ emailVerified: true }, rawResponse);
+      res = this.updateSelf({ emailVerified: true }, rawResponse);
     }
     this.#logger.error(
       "Unable to verify email address. Configure your SMTP server in the console."
     );
-    return void 0;
+    return res;
   }
 };
-async function verifyEmailAddress(config, user) {
+async function verifyEmailAddress(config, user, callback) {
   config.headers.set("content-type", "application/x-www-form-urlencoded");
-  const { csrfToken } = await getCsrf(config);
+  const { csrfToken } = await obtainCsrf(config);
+  const defaults = defaultCallbackUrl2(config);
+  const callbackUrl = callback ?? String(defaults.callbackUrl);
   const res = await fetchVerifyEmail(
     config,
     "POST",
-    new URLSearchParams({ csrfToken, email: user.email }).toString()
+    new URLSearchParams({
+      csrfToken,
+      email: user.email,
+      callbackUrl
+    }).toString()
   );
   if (res.status > 299) {
     throw new Error(await res.text());
   }
   return res;
 }
+function defaultCallbackUrl2(config) {
+  let cb = null;
+  const fallbackCb = parseCallback(config.headers);
+  if (fallbackCb) {
+    const [, value] = fallbackCb.split("=");
+    cb = decodeURIComponent(value);
+  }
+  return { callbackUrl: cb };
+}
 // src/tenants/index.ts
 var Tenants = class {
-  #logger;
   #config;
   constructor(config) {
-    this.#logger = Logger(config, "[tenants]");
     this.#config = config;
   }
+  /**
+   * Create a new tenant using `POST /api/tenants`.
+   * See `packages/server/src/api/routes/tenants/POST.ts` for the
+   * `createTenant` operation definition.
+   */
   async create(req, rawResponse) {
     let res;
     if (typeof req === "string") {
@@ -2352,6 +2715,11 @@ var Tenants = class {
       return res;
     }
   }
+  /**
+   * Remove a tenant via `DELETE /api/tenants/{tenantId}`.
+   *
+   * @param req - The tenant to remove or context containing the id.
+   */
   async delete(req) {
     if (typeof req === "string") {
       this.#config.tenantId = req;
@@ -2362,6 +2730,12 @@ var Tenants = class {
     const res = await fetchTenant(this.#config, "DELETE");
     return res;
   }
+  /**
+   * Fetch details for a tenant using `GET /api/tenants/{tenantId}`.
+   *
+   * @param req - Tenant identifier or context.
+   * @param [rawResponse] - When true, return the raw {@link Response}.
+   */
   async get(req, rawResponse) {
     if (typeof req === "string") {
       this.#config.tenantId = req;
@@ -2396,6 +2770,10 @@ var Tenants = class {
       return res;
     }
   }
+  /**
+   * List tenants for the current user via `GET /api/tenants`.
+   * See `packages/server/src/api/routes/tenants/GET.ts` for details.
+   */
   async list(req) {
     const res = await fetchTenantsByUser(this.#config);
     if (req === true) {
@@ -2407,6 +2785,11 @@ var Tenants = class {
       return res;
     }
   }
+  /**
+   * Leave the current tenant using `DELETE /api/tenants/{tenantId}/users/{userId}`.
+   *
+   * @param [req] - Optionally specify the tenant id to leave.
+   */
   async leaveTenant(req) {
     const me = await fetchMe(this.#config);
     try {
@@ -2432,6 +2815,12 @@ var Tenants = class {
     const res = await fetchTenantUser(this.#config, "PUT");
     return responseHandler(res, rawResponse);
   }
+  /**
+   * Remove a user from a tenant with `DELETE /api/tenants/{tenantId}/users/{userId}`.
+   *
+   * @param req - User and tenant identifiers or context.
+   * @param [rawResponse] - When true, return the raw {@link Response}.
+   */
   async removeMember(req, rawResponse) {
     this.#handleContext(req);
     const res = await fetchTenantUser(this.#config, "DELETE");
@@ -2445,6 +2834,88 @@ var Tenants = class {
       rawResponse || typeof req === "boolean" && req
     );
   }
+  /**
+   * List invites for the current tenant via `GET /api/tenants/{tenantId}/invites`.
+   */
+  async invites() {
+    const res = await fetchInvites(this.#config);
+    return responseHandler(res);
+  }
+  async invite(req, rawResponse) {
+    const { csrfToken } = await obtainCsrf(this.#config);
+    const defaults = defaultCallbackUrl3(this.#config);
+    let identifier = req;
+    let callbackUrl = defaults.callbackUrl;
+    let redirectUrl = defaults.redirectUrl;
+    if (typeof req === "object") {
+      if ("email" in req) {
+        identifier = req.email;
+      }
+      if ("callbackUrl" in req) {
+        callbackUrl = req.callbackUrl ? req.callbackUrl : "";
+      }
+      if ("redirectUrl" in req) {
+        redirectUrl = req.redirectUrl ? req.redirectUrl : "";
+      }
+    }
+    this.#config.headers.set(
+      "Content-Type",
+      "application/x-www-form-urlencoded"
+    );
+    const res = await fetchInvite(
+      this.#config,
+      "POST",
+      new URLSearchParams({
+        identifier,
+        csrfToken,
+        callbackUrl,
+        redirectUrl
+      }).toString()
+    );
+    return responseHandler(res, rawResponse);
+  }
+  /**
+   * Accept an invite using `PUT /api/tenants/{tenantId}/invite`.
+   *
+   * @param req - Identifier and token from the invite email.
+   * @param [rawResponse] - When true, return the raw {@link Response}.
+   */
+  async acceptInvite(req, rawResponse) {
+    if (!req) {
+      throw new Error("The identifier and token are required.");
+    }
+    const { identifier, token } = req;
+    const defaults = defaultCallbackUrl3(this.#config);
+    const callbackUrl = String(defaults.callbackUrl);
+    const res = await fetchInvite(
+      this.#config,
+      "PUT",
+      new URLSearchParams({
+        identifier,
+        token,
+        callbackUrl
+      }).toString()
+    );
+    return responseHandler(res, rawResponse);
+  }
+  /**
+   * Delete a pending invite using `DELETE /api/tenants/{tenantId}/invite/{inviteId}`.
+   *
+   * @param req - Identifier of the invite to remove.
+   */
+  async deleteInvite(req) {
+    let id = "";
+    if (typeof req === "object") {
+      id = req.id;
+    } else {
+      id = req;
+    }
+    if (!id) {
+      throw new Error("An invite id is required.");
+    }
+    const res = await fetchInvite(this.#config, "DELETE", id);
+    return responseHandler(res, true);
+  }
   #handleContext(req) {
     if (typeof req === "object") {
       if ("tenantId" in req) {
@@ -2466,31 +2937,47 @@ async function responseHandler(res, rawResponse) {
     return res;
   }
 }
+function defaultCallbackUrl3(config) {
+  let cb = null;
+  let redirect = null;
+  const fallbackCb = parseCallback(config.headers);
+  if (fallbackCb) {
+    const [, value] = fallbackCb.split("=");
+    cb = decodeURIComponent(value);
+    if (value) {
+      redirect = `${new URL(cb).origin}${config.routePrefix}${"/tenants/{tenantId}/invite" /* INVITE */.replace(
+        "{tenantId}",
+        String(config.tenantId)
+      )}`;
+    }
+  }
+  return { callbackUrl: cb, redirectUrl: redirect };
+}
 // src/api/handlers/withContext/index.ts
 function handlersWithContext(config) {
-  const GET6 = GETTER(config.routes, config);
-  const POST5 = POSTER(config.routes, config);
-  const DELETE4 = DELETER(config.routes, config);
-  const PUT5 = PUTER(config.routes, config);
+  const GET7 = GETTER(config.routes, config);
+  const POST6 = POSTER(config.routes, config);
+  const DELETE5 = DELETER(config.routes, config);
+  const PUT6 = PUTER(config.routes, config);
   return {
     GET: async (req) => {
-      const response = await GET6(req);
+      const response = await GET7(req);
       const updatedConfig = updateConfig(response, config);
       return { response, nile: new Server(updatedConfig) };
     },
     POST: async (req) => {
-      const response = await POST5(req);
+      const response = await POST6(req);
       const updatedConfig = updateConfig(response, config);
       return { response, nile: new Server(updatedConfig) };
     },
     DELETE: async (req) => {
-      const response = await DELETE4(req);
+      const response = await DELETE5(req);
       const updatedConfig = updateConfig(response, config);
       return { response, nile: new Server(updatedConfig) };
     },
     PUT: async (req) => {
-      const response = await PUT5(req);
+      const response = await PUT6(req);
       const updatedConfig = updateConfig(response, config);
       return { response, nile: new Server(updatedConfig) };
     }
@@ -2499,31 +2986,126 @@ function handlersWithContext(config) {
 function updateConfig(response, config) {
   let origin = "http://localhost:3000";
   let headers = null;
-  if (response?.status === 302) {
-    const location = response.headers.get("location");
-    if (location) {
-      const urlLocation = new URL(location);
-      origin = urlLocation.origin;
+  if (response instanceof Response) {
+    if (response?.status === 302) {
+      const location = response.headers.get("location");
+      if (location) {
+        const urlLocation = new URL(location);
+        origin = urlLocation.origin;
+      }
     }
-  }
-  const setCookies = [];
-  if (response?.headers) {
-    for (const [key14, value] of response.headers) {
-      if (key14.toLowerCase() === "set-cookie") {
-        setCookies.push(value);
+    const setCookies = [];
+    if (response?.headers) {
+      for (const [key17, value] of response.headers) {
+        if (key17.toLowerCase() === "set-cookie") {
+          setCookies.push(value);
+        }
       }
     }
-  }
-  if (setCookies.length > 0) {
-    const cookieHeader = setCookies.map((cookieStr) => cookieStr.split(";")[0]).join("; ");
-    headers = new Headers({ cookie: cookieHeader });
+    if (setCookies.length > 0) {
+      const cookieHeader = setCookies.map((cookieStr) => cookieStr.split(";")[0]).join("; ");
+      headers = new Headers({ cookie: cookieHeader });
+    }
   }
   return {
     ...config,
     origin,
-    headers: headers ?? void 0
+    headers: headers ?? void 0,
+    preserveHeaders: true
+  };
+}
+// src/api/utils/extensions.ts
+function getRequestConfig(params) {
+  if (typeof params[1] === "object") {
+    return params[1];
+  }
+  return {};
+}
+function bindRunExtensions(instance) {
+  return async function runExtensions(toRun, config, params, _init) {
+    const { debug } = config.logger("[EXTENSIONS]");
+    const extensionConfig = getRequestConfig(
+      Array.isArray(params) ? params : [null, params]
+    );
+    if (config.extensions) {
+      for (const create2 of config.extensions) {
+        if (typeof create2 !== "function") {
+          continue;
+        }
+        const ext = create2(instance);
+        if (extensionConfig.disableExtensions?.includes(ext.id)) {
+          continue;
+        }
+        if (ext.onHandleRequest && toRun === "onHandleRequest" /* onHandleRequest */) {
+          const result = await ext.onHandleRequest(
+            ...Array.isArray(params) ? params : [params]
+          );
+          if (result != null) {
+            return result;
+          }
+          continue;
+        }
+        const [param] = Array.isArray(params) ? params : [params];
+        if (ext.onRequest && toRun === "onRequest" /* onRequest */) {
+          const previousContext = instance.getContext();
+          if (previousContext.preserveHeaders) {
+            instance.setContext({ preserveHeaders: false });
+          }
+          if (!_init) {
+            continue;
+          }
+          await ext.onRequest(_init.request);
+          const updatedContext = instance.getContext();
+          if (updatedContext?.headers) {
+            const cookie = updatedContext.headers.get("cookie");
+            if (cookie && param.headers) {
+              param.headers.set(
+                "cookie",
+                mergeCookies(
+                  previousContext.preserveHeaders ? previousContext.headers?.get("cookie") : null,
+                  updatedContext.headers.get("cookie")
+                )
+              );
+            }
+            if (updatedContext.tenantId && param.headers) {
+              param.headers.set(
+                TENANT_COOKIE,
+                String(updatedContext.headers.get(TENANT_COOKIE))
+              );
+            }
+          }
+          debug(`${ext.id ?? create2.name} ran onRequest`);
+          continue;
+        }
+        if (ext.onResponse && toRun === "onResponse" /* onResponse */) {
+          const result = await ext.onResponse(param);
+          if (result != null) {
+            return result;
+          }
+          continue;
+        }
+      }
+    }
+    return void 0;
   };
 }
+function buildExtensionConfig(instance) {
+  return {
+    runExtensions: bindRunExtensions(instance)
+  };
+}
+function mergeCookies(...cookieStrings) {
+  const cookieMap = /* @__PURE__ */ new Map();
+  for (const str of cookieStrings) {
+    if (!str) continue;
+    for (const part of str.split(";")) {
+      const [key17, value] = part.split("=").map((s) => s.trim());
+      if (key17 && value) cookieMap.set(key17, value);
+    }
+  }
+  return [...cookieMap.entries()].map(([k, v]) => `${k}=${v}`).join("; ");
+}
 // src/Server.ts
 var Server = class {
@@ -2532,11 +3114,14 @@ var Server = class {
   auth;
   #config;
   #handlers;
-  #paths;
   #manager;
   #headers;
+  #preserveHeaders;
   constructor(config) {
-    this.#config = new Config(config, "[initial config]");
+    this.#config = new Config({
+      ...config,
+      extensionCtx: buildExtensionConfig(this)
+    });
     watchTenantId((tenantId) => {
       if (tenantId !== this.#config.tenantId) {
         this.#config.tenantId = tenantId;
@@ -2557,13 +3142,24 @@ var Server = class {
       ...this.#config.handlers,
       withContext: handlersWithContext(this.#config)
     };
-    this.#paths = this.#config.paths;
+    this.#preserveHeaders = config?.preserveHeaders ?? false;
     this.#config.tenantId = getTenantId({ config: this.#config });
     this.#manager = new DBManager(this.#config);
     this.#handleHeaders(config);
     this.users = new Users(this.#config);
     this.tenants = new Tenants(this.#config);
     this.auth = new Auth(this.#config);
+    if (config?.extensions) {
+      for (const create2 of config.extensions) {
+        if (typeof create2 !== "function") {
+          continue;
+        }
+        const ext = create2(this);
+        if (ext.onConfigure) {
+          ext.onConfigure();
+        }
+      }
+    }
   }
   get db() {
     const pool = this.#manager.getConnection(this.#config);
@@ -2573,6 +3169,28 @@ var Server = class {
       }
     });
   }
+  get logger() {
+    return this.#config.logger;
+  }
+  get extensions() {
+    return {
+      remove: async (id) => {
+        if (!this.#config.extensions) return;
+        const resolved = this.#config.extensions.map((ext) => ext(this));
+        const index = resolved.findIndex((ext) => ext.id === id);
+        if (index !== -1) {
+          this.#config.extensions.splice(index, 1);
+        }
+        return resolved;
+      },
+      add: (extension) => {
+        if (!this.#config.extensions) {
+          this.#config.extensions = [];
+        }
+        this.#config.extensions.push(extension);
+      }
+    };
+  }
   /**
    * A convenience function that applies a config and ensures whatever was passed is set properly
    */
@@ -2588,12 +3206,15 @@ var Server = class {
     this.#reset();
     return this;
   }
-  getPaths() {
-    return this.#paths;
-  }
   get handlers() {
     return this.#handlers;
   }
+  get paths() {
+    return this.#config.paths;
+  }
+  set paths(paths) {
+    this.#config.paths = paths;
+  }
   /**
    * Allow the setting of headers from a req or header object.
    * Makes it possible to handle REST requests easily
@@ -2601,7 +3222,40 @@ var Server = class {
    * @param req
    * @returns undefined
    */
-  setContext(req) {
+  setContext = (req, ...remaining) => {
+    let ok = false;
+    if (req && typeof req === "object" && "tenantId" in req) {
+      ok = true;
+      this.#config.tenantId = req.tenantId;
+    }
+    if (req && typeof req === "object" && "userId" in req) {
+      ok = true;
+      this.#config.userId = req.userId;
+    }
+    if (req && typeof req === "object" && "preserveHeaders" in req) {
+      ok = true;
+      this.#preserveHeaders = Boolean(req.preserveHeaders);
+    }
+    let atLeastOne = false;
+    if (this.#config?.extensions) {
+      for (const create2 of this.#config.extensions) {
+        if (typeof create2 !== "function") {
+          continue;
+        }
+        const ext = create2(this);
+        if (typeof ext.onSetContext === "function") {
+          if (req) {
+            ext.onSetContext(req, ...remaining);
+            atLeastOne = true;
+          } else {
+            this.#config.logger("extension").warn("attempted to call onSetContext without a value");
+          }
+        }
+      }
+    }
+    if (atLeastOne) {
+      return;
+    }
     try {
       if (req instanceof Headers) {
         this.#handleHeaders(req);
@@ -2614,38 +3268,44 @@ var Server = class {
       }
     } catch {
     }
-    let ok = false;
-    if (req && typeof req === "object" && "tenantId" in req) {
-      ok = true;
-      this.#config.tenantId = req.tenantId;
-    }
-    if (req && typeof req === "object" && "userId" in req) {
-      ok = true;
-      this.#config.userId = req.userId;
-    }
     if (ok) {
       return;
     }
     if (typeof req === "object") {
-      const headers = new Headers(req);
-      if (headers) {
-        this.#handleHeaders(headers);
-        this.#reset();
-        return;
+      try {
+        const headers = new Headers(req);
+        if (headers) {
+          this.#handleHeaders(headers);
+          this.#reset();
+          return;
+        }
+      } catch {
       }
     }
-    const { warn } = Logger(this.#config, "[API]");
+    const { warn } = Logger(this.#config)("[API]");
     if (warn) {
       warn(
         "Set context expects a Request, Header instance or an object of Record<string, string>"
       );
     }
-  }
+  };
   getContext() {
+    if (this.#config?.extensions) {
+      for (const create2 of this.#config.extensions) {
+        if (typeof create2 !== "function") {
+          continue;
+        }
+        const ext = create2(this);
+        if (typeof ext.onGetContext === "function") {
+          return ext.onGetContext();
+        }
+      }
+    }
     return {
       headers: this.#headers,
-      userId: this.#config.userId,
-      tenantId: this.#config.tenantId
+      userId: this.#config?.userId,
+      tenantId: this.#config?.tenantId,
+      preserveHeaders: this.#preserveHeaders
     };
   }
   /**
@@ -2661,33 +3321,35 @@ var Server = class {
     } else if (config?.headers) {
       headers = config?.headers;
       if (config && config.origin) {
-        this.#headers.set(X_NILE_ORIGIN, config.origin);
+        this.#headers.set(HEADER_ORIGIN, config.origin);
       }
       if (config && config.secureCookies != null) {
-        this.#headers.set(X_NILE_SECURECOOKIES, String(config.secureCookies));
+        this.#headers.set(HEADER_SECURE_COOKIES, String(config.secureCookies));
       }
     }
     if (headers instanceof Headers) {
-      headers.forEach((value, key14) => {
-        updates.push([key14.toLowerCase(), value]);
+      headers.forEach((value, key17) => {
+        updates.push([key17.toLowerCase(), value]);
       });
     } else {
-      for (const [key14, value] of Object.entries(headers ?? {})) {
-        updates.push([key14.toLowerCase(), value]);
+      for (const [key17, value] of Object.entries(headers ?? {})) {
+        updates.push([key17.toLowerCase(), value]);
       }
     }
     const merged = {};
-    this.#headers?.forEach((value, key14) => {
-      if (key14.toLowerCase() !== "cookie") {
-        merged[key14.toLowerCase()] = value;
+    this.#config.tenantId = getTenantFromHttp(this.#headers, this.#config);
+    this.#headers?.forEach((value, key17) => {
+      if (key17.toLowerCase() !== "cookie") {
+        merged[key17.toLowerCase()] = value;
       }
     });
-    for (const [key14, value] of updates) {
-      merged[key14] = value;
+    for (const [key17, value] of updates) {
+      merged[key17] = value;
     }
-    for (const [key14, value] of Object.entries(merged)) {
-      this.#headers.set(key14, value);
+    for (const [key17, value] of Object.entries(merged)) {
+      this.#headers.set(key17, value);
     }
+    this.#config.logger("[handleHeaders]").debug(JSON.stringify(merged));
     this.#config.headers = this.#headers;
   }
   /**
@@ -2695,6 +3357,7 @@ var Server = class {
    */
   #reset = () => {
     this.#config.headers = this.#headers ?? new Headers();
+    this.#config.extensionCtx = buildExtensionConfig(this);
     this.users = new Users(this.#config);
     this.tenants = new Tenants(this.#config);
     this.auth = new Auth(this.#config);
@@ -2708,6 +3371,6 @@ function create(config) {
   return server;
 }
-export { APIErrorErrorCodeEnum, LoginUserResponseTokenTypeEnum, create as Nile, Server, parseCSRF, parseCallback, parseToken };
+export { APIErrorErrorCodeEnum, ExtensionState, HEADER_ORIGIN, HEADER_SECURE_COOKIES, LoginUserResponseTokenTypeEnum, create as Nile, Server, TENANT_COOKIE, USER_COOKIE, parseCSRF, parseCallback, parseResetToken, parseToken };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map