npm - @niledatabase/server - Versions diffs - 5.0.0-alpha.2 → 5.0.0-alpha.4 - Mend

@niledatabase/server 5.0.0-alpha.2 → 5.0.0-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/index.js CHANGED Viewed

@@ -53,6 +53,8 @@ var appRoutes = (prefix = DEFAULT_PREFIX) => ({
   TENANT_USER: `${prefix}${"/tenants/{tenantId}/users/{userId}" /* TENANT_USER */}`,
   TENANT_USERS: `${prefix}${"/tenants/{tenantId}/users" /* TENANT_USERS */}`,
   SIGNUP: `${prefix}${"/signup" /* SIGNUP */}`,
+  INVITES: `${prefix}${"/tenants/{tenantId}/invites" /* INVITES */}`,
+  INVITE: `${prefix}${"/tenants/{tenantId}/invite" /* INVITE */}`,
   LOG: `${prefix}/_log`
 });
 var apiRoutes = (config) => ({
@@ -63,6 +65,8 @@ var apiRoutes = (config) => ({
   TENANT: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}`),
   SIGNUP: makeRestUrl(config, "/signup"),
   TENANT_USERS: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/users`),
+  INVITES: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/invites`),
+  INVITE: (tenantId) => makeRestUrl(config, `/tenants/${tenantId}/invite`),
   TENANT_USER: makeRestUrl(
     config,
     `/tenants/${config.tenantId}/users/${config.userId}`
@@ -104,9 +108,9 @@ function makeRestUrl(config, path, qp) {
   const strParams = params.toString();
   return `${[url, path.substring(1, path.length)].join("/")}${strParams ? `?${strParams}` : ""}`;
 }
-function urlMatches(requestUrl, route17) {
+function urlMatches(requestUrl, route20) {
   const url = new URL(requestUrl);
-  return url.pathname.startsWith(route17);
+  return url.pathname.startsWith(route20);
 }
 function isUUID(value) {
   if (!value) {
@@ -176,9 +180,10 @@ function matchesLog(configRoutes, request2) {
 }
 // src/utils/constants.ts
-var X_NILE_TENANT = "nile-tenant-id";
-var X_NILE_ORIGIN = "nile-origin";
-var X_NILE_SECURECOOKIES = "nile-secure-cookies";
+var TENANT_COOKIE = "nile.tenant-id";
+var USER_COOKIE = "nile.user-id";
+var HEADER_ORIGIN = "nile-origin";
+var HEADER_SECURE_COOKIES = "nile-secure-cookies";
 // src/api/utils/request.ts
 async function request(url, _init, config) {
@@ -189,17 +194,17 @@ async function request(url, _init, config) {
   if (request2.headers.get("cookie")) {
     updatedHeaders.set("cookie", String(request2.headers.get("cookie")));
   }
-  if (request2.headers.get(X_NILE_TENANT)) {
+  if (request2.headers.get(TENANT_COOKIE)) {
     updatedHeaders.set(
-      X_NILE_TENANT,
-      String(request2.headers.get(X_NILE_TENANT))
+      TENANT_COOKIE,
+      String(request2.headers.get(TENANT_COOKIE))
     );
   }
   if (config.secureCookies != null) {
-    updatedHeaders.set(X_NILE_SECURECOOKIES, String(config.secureCookies));
+    updatedHeaders.set(HEADER_SECURE_COOKIES, String(config.secureCookies));
   } else {
     updatedHeaders.set(
-      X_NILE_SECURECOOKIES,
+      HEADER_SECURE_COOKIES,
       process.env.NODE_ENV === "production" ? "true" : "false"
     );
   }
@@ -207,17 +212,17 @@ async function request(url, _init, config) {
   if (config.callbackUrl) {
     const cbUrl = new URL(config.callbackUrl);
     debug(`Obtained origin from config.callbackUrl ${config.callbackUrl}`);
-    updatedHeaders.set(X_NILE_ORIGIN, cbUrl.origin);
+    updatedHeaders.set(HEADER_ORIGIN, cbUrl.origin);
   } else if (config.origin) {
     debug(`Obtained origin from config.origin ${config.origin}`);
-    updatedHeaders.set(X_NILE_ORIGIN, config.origin);
+    updatedHeaders.set(HEADER_ORIGIN, config.origin);
   } else {
-    const passedOrigin = request2.headers.get(X_NILE_ORIGIN);
+    const passedOrigin = request2.headers.get(HEADER_ORIGIN);
     if (passedOrigin) {
-      updatedHeaders.set(X_NILE_ORIGIN, passedOrigin);
+      updatedHeaders.set(HEADER_ORIGIN, passedOrigin);
     } else {
       const reqOrigin = config.routePrefix !== DEFAULT_PREFIX ? `${requestUrl.origin}${config.routePrefix}` : requestUrl.origin;
-      updatedHeaders.set(X_NILE_ORIGIN, reqOrigin);
+      updatedHeaders.set(HEADER_ORIGIN, reqOrigin);
       debug(`Obtained origin from request ${reqOrigin}`);
     }
   }
@@ -225,14 +230,16 @@ async function request(url, _init, config) {
   if (params.method?.toLowerCase() === "post" || params.method?.toLowerCase() === "put") {
     try {
       updatedHeaders.set("content-type", "application/json");
-      const initBody = await new Response(_init.request.clone().body).json();
-      const requestBody = await new Response(request2.clone().body).json();
-      params.body = JSON.stringify(initBody ?? requestBody);
+      const bodyStream = _init.body ?? _init.request?.body ?? request2.body;
+      const bodyText = await new Response(bodyStream).text();
+      try {
+        params.body = JSON.stringify(JSON.parse(bodyText));
+      } catch {
+        updatedHeaders.set("content-type", "application/x-www-form-urlencoded");
+        params.body = bodyText;
+      }
     } catch (e) {
-      updatedHeaders.set("content-type", "application/x-www-form-urlencoded");
-      const initBody = await new Response(_init.request.clone().body).text();
-      const requestBody = await new Response(request2.clone().body).text();
-      params.body = initBody ?? requestBody;
+      error("Failed to parse request body");
     }
   }
   params.headers = updatedHeaders;
@@ -241,6 +248,7 @@ async function request(url, _init, config) {
     params.headers.set("request-id", crypto.randomUUID());
     params.cache = "no-store";
   }
+  await config.extensionCtx?.handleOnRequest(config, _init, params);
   try {
     const res = await fetch(fullUrl, {
       ...params
@@ -378,8 +386,8 @@ function getTokenFromCookie(headers, cookieKey) {
   }
 }
 function getTenantFromHttp(headers, config) {
-  const cookieTenant = getTokenFromCookie(headers, X_NILE_TENANT);
-  return cookieTenant ?? headers?.get(X_NILE_TENANT) ?? config?.tenantId;
+  const cookieTenant = getTokenFromCookie(headers, TENANT_COOKIE);
+  return cookieTenant ? cookieTenant : config?.tenantId;
 }
 // src/api/routes/users/POST.ts
@@ -389,7 +397,7 @@ async function POST(config, init) {
   const yurl = new URL(init.request.url);
   const tenantId = yurl.searchParams.get("tenantId");
   const newTenantName = yurl.searchParams.get("newTenantName");
-  const tenant = tenantId ?? getTenantFromHttp(init.request.headers);
+  const tenant = tenantId ?? getTenantFromHttp(init.request.headers, config);
   const url = apiRoutes(config).USERS({ tenantId: tenant, newTenantName });
   return await request(url, init, config);
 }
@@ -398,21 +406,18 @@ async function POST(config, init) {
 async function GET2(config, init, log) {
   const yurl = new URL(init.request.url);
   const tenantId = yurl.searchParams.get("tenantId");
-  const tenant = tenantId ?? getTenantFromHttp(init.request.headers);
+  const tenant = tenantId ?? getTenantFromHttp(init.request.headers, config);
   if (!tenant) {
     log("[GET] No tenant id provided.");
     return new Response(null, { status: 404 });
   }
-  const url = apiRoutes(config).TENANT_USERS(tenant);
   init.method = "GET";
+  const url = apiRoutes(config).TENANT_USERS(tenant);
   return await request(url, init, config);
 }
 // src/api/routes/users/[userId]/PUT.ts
-async function PUT2(config, session, init) {
-  if (!session) {
-    return new Response(null, { status: 401 });
-  }
+async function PUT2(config, init) {
   init.body = init.request.body;
   init.method = "PUT";
   const [userId] = new URL(init.request.url).pathname.split("/").reverse();
@@ -427,14 +432,13 @@ async function route2(request2, config) {
     { ...config, debug: config.debug },
     `[ROUTES][${key2}]`
   );
-  const session = await auth(request2, config);
   switch (request2.method) {
     case "GET":
       return await GET2(config, { request: request2 }, info);
     case "POST":
       return await POST(config, { request: request2 });
     case "PUT":
-      return await PUT2(config, session, { request: request2 });
+      return await PUT2(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
@@ -452,7 +456,11 @@ async function GET3(config, init) {
 }
 // src/api/routes/tenants/[tenantId]/users/POST.ts
-async function POST2(config, session, init) {
+async function POST2(config, init) {
+  const session = await auth(init.request, config);
+  if (!session) {
+    return new Response(null, { status: 401 });
+  }
   const yurl = new URL(init.request.url);
   const [, tenantId] = yurl.pathname.split("/").reverse();
   init.body = JSON.stringify({ email: session.email });
@@ -468,11 +476,6 @@ async function route3(request2, config) {
     { ...config, debug: config.debug },
     `[ROUTES][${key3}]`
   );
-  const session = await auth(request2, config);
-  if (!session) {
-    info("401");
-    return new Response(null, { status: 401 });
-  }
   const yurl = new URL(request2.url);
   const [, tenantId] = yurl.pathname.split("/").reverse();
   if (!tenantId) {
@@ -483,7 +486,7 @@ async function route3(request2, config) {
     case "GET":
       return await GET3(config, { request: request2 });
     case "POST":
-      return await POST2(config, session, { request: request2 });
+      return await POST2(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
@@ -491,11 +494,11 @@ async function route3(request2, config) {
 function matches3(configRoutes, request2) {
   const url = new URL(request2.url);
   const [userId, possibleTenantId, tenantId] = url.pathname.split("/").reverse();
-  let route17 = configRoutes[key3].replace("{tenantId}", tenantId).replace("{userId}", userId);
+  let route20 = configRoutes[key3].replace("{tenantId}", tenantId).replace("{userId}", userId);
   if (userId === "users") {
-    route17 = configRoutes[key3].replace("{tenantId}", possibleTenantId);
+    route20 = configRoutes[key3].replace("{tenantId}", possibleTenantId);
   }
-  return urlMatches(request2.url, route17);
+  return urlMatches(request2.url, route20);
 }
 async function fetchTenantUsers(config, method, payload) {
   const { body, params } = {};
@@ -529,8 +532,139 @@ async function fetchTenantUsers(config, method, payload) {
   return await config.handlers[m](req);
 }
+// src/api/routes/tenants/[tenantId]/invite/PUT.ts
+async function PUT3(config, init) {
+  const yurl = new URL(init.request.url);
+  const [, tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
+  }
+  if (yurl.searchParams.size > 0) {
+    init.body = new URLSearchParams(yurl.searchParams).toString();
+  }
+  init.method = "PUT";
+  const url = `${apiRoutes(config).INVITE(tenantId)}`;
+  const res = await request(url, init, config);
+  const location = res?.headers.get("location");
+  if (location) {
+    return new Response(res?.body, {
+      status: 302,
+      headers: res?.headers
+    });
+  }
+  return new Response(res?.body, {
+    status: res?.status,
+    headers: res?.headers
+  });
+}
+// src/api/routes/tenants/[tenantId]/invite/POST.ts
+async function POST3(config, init) {
+  const yurl = new URL(init.request.url);
+  const [, tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
+  }
+  init.method = "POST";
+  init.body = init.request.body;
+  const url = `${apiRoutes(config).INVITE(tenantId)}`;
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/[tenantId]/invite/index.ts
+var key4 = "INVITE";
+async function route4(request2, config) {
+  switch (request2.method) {
+    // the browser is a GET, but we need to PUT it into nile-auth
+    // server side, this is a put
+    case "GET":
+    case "PUT":
+      return await PUT3(config, { request: request2 });
+    case "POST":
+      return await POST3(config, { request: request2 });
+    default:
+      return new Response("method not allowed", { status: 405 });
+  }
+}
+function matches4(configRoutes, request2) {
+  const url = new URL(request2.url);
+  const [, tenantId] = url.pathname.split("/").reverse();
+  const route20 = configRoutes[key4].replace("{tenantId}", tenantId);
+  return urlMatches(request2.url, route20);
+}
+async function fetchInvite(config, method, body) {
+  if (!config.tenantId) {
+    throw new Error(
+      'Unable to fetch tenant, the tenantId context is missing. Call nile.setContext({ tenantId }), set nile.tenantId = "tenantId", or add it to the function call'
+    );
+  }
+  if (!isUUID(config.tenantId) && config.logger?.warn) {
+    config.logger?.warn(
+      "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
+    );
+  }
+  let clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/invite" /* INVITE */.replace("{tenantId}", config.tenantId)}`;
+  const m = method ?? "GET";
+  const init = {
+    method: m,
+    headers: config.headers
+  };
+  if (method === "POST" || method === "PUT") {
+    init.body = body;
+  }
+  if (method === "DELETE") {
+    clientUrl = `${clientUrl}/${body}`;
+  }
+  const req = new Request(clientUrl, init);
+  return await config.handlers[m](req);
+}
+// src/api/routes/tenants/[tenantId]/invites/GET.ts
+async function GET4(config, init) {
+  const yurl = new URL(init.request.url);
+  const [, tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
+  }
+  init.method = "GET";
+  const url = `${apiRoutes(config).INVITES(tenantId)}`;
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/[tenantId]/invites/index.ts
+var key5 = "INVITES";
+async function route5(request2, config) {
+  switch (request2.method) {
+    case "GET":
+      return await GET4(config, { request: request2 });
+    default:
+      return new Response("method not allowed", { status: 405 });
+  }
+}
+function matches5(configRoutes, request2) {
+  const url = new URL(request2.url);
+  const [, tenantId] = url.pathname.split("/").reverse();
+  const route20 = configRoutes[key5].replace("{tenantId}", tenantId);
+  return url.pathname.endsWith(route20);
+}
+async function fetchInvites(config) {
+  if (!config.tenantId) {
+    throw new Error(
+      'Unable to fetch tenant, the tenantId context is missing. Call nile.setContext({ tenantId }), set nile.tenantId = "tenantId", or add it to the function call'
+    );
+  }
+  if (!isUUID(config.tenantId) && config.logger?.warn) {
+    config.logger?.warn(
+      "nile.tenantId is not a valid UUID. This may lead to unexpected behavior in your application."
+    );
+  }
+  const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants/{tenantId}/invites" /* INVITES */.replace("{tenantId}", config.tenantId)}`;
+  const req = new Request(clientUrl, { headers: config.headers });
+  return await config.handlers.GET(req);
+}
 // src/api/routes/tenants/GET.ts
-async function GET4(config, session, init) {
+async function GET5(config, session, init) {
   let url = `${apiRoutes(config).USER_TENANTS(session.id)}`;
   if (typeof session === "object" && "user" in session && session.user) {
     url = `${apiRoutes(config).USER_TENANTS(session.user.id)}`;
@@ -540,7 +674,7 @@ async function GET4(config, session, init) {
 }
 // src/api/routes/tenants/[tenantId]/GET.ts
-async function GET5(config, init, log) {
+async function GET6(config, init, log) {
   const yurl = new URL(init.request.url);
   const [tenantId] = yurl.pathname.split("/").reverse();
   if (!tenantId) {
@@ -565,7 +699,7 @@ async function DELETE2(config, init) {
 }
 // src/api/routes/tenants/[tenantId]/PUT.ts
-async function PUT3(config, init) {
+async function PUT4(config, init) {
   const yurl = new URL(init.request.url);
   const [tenantId] = yurl.pathname.split("/").reverse();
   if (!tenantId) {
@@ -578,7 +712,7 @@ async function PUT3(config, init) {
 }
 // src/api/routes/tenants/POST.ts
-async function POST3(config, init) {
+async function POST4(config, init) {
   init.body = init.request.body;
   init.method = "POST";
   const url = `${apiRoutes(config).TENANTS}`;
@@ -586,11 +720,11 @@ async function POST3(config, init) {
 }
 // src/api/routes/tenants/index.ts
-var key4 = "TENANTS";
-async function route4(request2, config) {
+var key6 = "TENANTS";
+async function route6(request2, config) {
   const { info } = Logger(
     { ...config, debug: config.debug },
-    `[ROUTES][${key4}]`
+    `[ROUTES][${key6}]`
   );
   const session = await auth(request2, config);
   if (!session) {
@@ -601,21 +735,21 @@ async function route4(request2, config) {
   switch (request2.method) {
     case "GET":
       if (isUUID(possibleTenantId)) {
-        return await GET5(config, { request: request2 }, info);
+        return await GET6(config, { request: request2 }, info);
       }
-      return await GET4(config, session, { request: request2 });
+      return await GET5(config, session, { request: request2 });
     case "POST":
-      return await POST3(config, { request: request2 });
+      return await POST4(config, { request: request2 });
     case "DELETE":
       return await DELETE2(config, { request: request2 });
     case "PUT":
-      return await PUT3(config, { request: request2 });
+      return await PUT4(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
 }
-function matches4(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key4]);
+function matches6(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key6]);
 }
 async function fetchTenants(config, method, body) {
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/tenants" /* TENANTS */}`;
@@ -673,16 +807,16 @@ async function fetchTenantsByUser(config) {
 }
 // src/api/routes/auth/signin.ts
-var key5 = "SIGNIN";
-async function route5(req, config) {
-  let url = proxyRoutes(config)[key5];
+var key7 = "SIGNIN";
+async function route7(req, config) {
+  let url = proxyRoutes(config)[key7];
   const init = {
     method: req.method,
     headers: req.headers
   };
   if (req.method === "POST") {
     const [provider] = new URL(req.url).pathname.split("/").reverse();
-    url = `${proxyRoutes(config)[key5]}/${provider}`;
+    url = `${proxyRoutes(config)[key7]}/${provider}`;
   }
   const passThroughUrl = new URL(req.url);
   const params = new URLSearchParams(passThroughUrl.search);
@@ -690,8 +824,8 @@ async function route5(req, config) {
   const res = await request(url, { ...init, request: req }, config);
   return res;
 }
-function matches5(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key5]);
+function matches7(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key7]);
 }
 async function fetchSignIn(config, provider, body) {
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/signin" /* SIGNIN */}/${provider}`;
@@ -704,7 +838,7 @@ async function fetchSignIn(config, provider, body) {
 }
 // src/api/routes/auth/session.ts
-async function route6(req, config) {
+async function route8(req, config) {
   return request(
     proxyRoutes(config).SESSION,
     {
@@ -714,7 +848,7 @@ async function route6(req, config) {
     config
   );
 }
-function matches6(configRoutes, request2) {
+function matches8(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.SESSION);
 }
 async function fetchSession(config) {
@@ -727,7 +861,7 @@ async function fetchSession(config) {
 }
 // src/api/routes/auth/providers.ts
-async function route7(req, config) {
+async function route9(req, config) {
   return request(
     proxyRoutes(config).PROVIDERS,
     {
@@ -737,7 +871,7 @@ async function route7(req, config) {
     config
   );
 }
-function matches7(configRoutes, request2) {
+function matches9(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.PROVIDERS);
 }
 async function fetchProviders(config) {
@@ -750,7 +884,7 @@ async function fetchProviders(config) {
 }
 // src/api/routes/auth/csrf.ts
-async function route8(req, config) {
+async function route10(req, config) {
   return request(
     proxyRoutes(config).CSRF,
     {
@@ -760,7 +894,7 @@ async function route8(req, config) {
     config
   );
 }
-function matches8(configRoutes, request2) {
+function matches10(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.CSRF);
 }
 async function fetchCsrf(config) {
@@ -773,17 +907,17 @@ async function fetchCsrf(config) {
 }
 // src/api/routes/auth/callback.ts
-var key6 = "CALLBACK";
-async function route9(req, config) {
+var key8 = "CALLBACK";
+async function route11(req, config) {
   const { error } = Logger(
     { ...config, debug: config.debug },
-    `[ROUTES][${key6}]`
+    `[ROUTES][${key8}]`
   );
   const [provider] = new URL(req.url).pathname.split("/").reverse();
   try {
     const passThroughUrl = new URL(req.url);
     const params = new URLSearchParams(passThroughUrl.search);
-    const url = `${proxyRoutes(config)[key6]}/${provider}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
+    const url = `${proxyRoutes(config)[key8]}/${provider}${params.toString() !== "" ? `?${params.toString()}` : ""}`;
     const res = await request(
       url,
       {
@@ -810,7 +944,7 @@ async function route9(req, config) {
   }
   return new Response("An unexpected error has occurred.", { status: 400 });
 }
-function matches9(configRoutes, request2) {
+function matches11(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.CALLBACK);
 }
 async function fetchCallback(config, provider, body, request2, method = "POST") {
@@ -824,22 +958,22 @@ async function fetchCallback(config, provider, body, request2, method = "POST")
 }
 // src/api/routes/auth/signout.ts
-var key7 = "SIGNOUT";
-async function route10(request2, config) {
-  let url = proxyRoutes(config)[key7];
+var key9 = "SIGNOUT";
+async function route12(request2, config) {
+  let url = proxyRoutes(config)[key9];
   const init = {
     method: request2.method
   };
   if (request2.method === "POST") {
     init.body = request2.body;
     const [provider] = new URL(request2.url).pathname.split("/").reverse();
-    url = `${proxyRoutes(config)[key7]}${provider !== "signout" ? `/${provider}` : ""}`;
+    url = `${proxyRoutes(config)[key9]}${provider !== "signout" ? `/${provider}` : ""}`;
   }
   const res = await request(url, { ...init, request: request2 }, config);
   return res;
 }
-function matches10(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key7]);
+function matches12(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key9]);
 }
 async function fetchSignOut(config, body) {
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/signout" /* SIGNOUT */}`;
@@ -852,10 +986,10 @@ async function fetchSignOut(config, body) {
 }
 // src/api/routes/auth/error.ts
-var key8 = "ERROR";
-async function route11(req, config) {
+var key10 = "ERROR";
+async function route13(req, config) {
   return request(
-    proxyRoutes(config)[key8],
+    proxyRoutes(config)[key10],
     {
       method: req.method,
       request: req
@@ -863,15 +997,15 @@ async function route11(req, config) {
     config
   );
 }
-function matches11(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key8]);
+function matches13(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key10]);
 }
 // src/api/routes/auth/verify-request.ts
-var key9 = "VERIFY_REQUEST";
-async function route12(req, config) {
+var key11 = "VERIFY_REQUEST";
+async function route14(req, config) {
   return request(
-    proxyRoutes(config)[key9],
+    proxyRoutes(config)[key11],
     {
       method: req.method,
       request: req
@@ -879,14 +1013,14 @@ async function route12(req, config) {
     config
   );
 }
-function matches12(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key9]);
+function matches14(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key11]);
 }
 // src/api/routes/auth/password-reset.ts
-var key10 = "PASSWORD_RESET";
-async function route13(req, config) {
-  const url = proxyRoutes(config)[key10];
+var key12 = "PASSWORD_RESET";
+async function route15(req, config) {
+  const url = proxyRoutes(config)[key12];
   const res = await request(
     url,
     {
@@ -907,12 +1041,14 @@ async function route13(req, config) {
     headers: res?.headers
   });
 }
-function matches13(configRoutes, request2) {
+function matches15(configRoutes, request2) {
   return urlMatches(request2.url, configRoutes.PASSWORD_RESET);
 }
-async function fetchResetPassword(config, method, body, params) {
+async function fetchResetPassword(config, method, body, params, useJson = true) {
   const authParams = new URLSearchParams(params ?? {});
-  authParams?.set("json", "true");
+  if (useJson) {
+    authParams?.set("json", "true");
+  }
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/reset-password" /* PASSWORD_RESET */}?${authParams?.toString()}`;
   const init = {
     method,
@@ -926,9 +1062,9 @@ async function fetchResetPassword(config, method, body, params) {
 }
 // src/api/routes/auth/verify-email.ts
-var key11 = "VERIFY_EMAIL";
-async function route14(req, config) {
-  const url = proxyRoutes(config)[key11];
+var key13 = "VERIFY_EMAIL";
+async function route16(req, config) {
+  const url = proxyRoutes(config)[key13];
   const res = await request(
     url,
     {
@@ -949,8 +1085,8 @@ async function route14(req, config) {
     headers: res?.headers
   });
 }
-function matches14(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key11]);
+function matches16(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key13]);
 }
 async function fetchVerifyEmail(config, method, body) {
   const clientUrl = `${config.serverOrigin}${config.routePrefix}${"/auth/verify-email" /* VERIFY_EMAIL */}`;
@@ -968,62 +1104,70 @@ async function fetchVerifyEmail(config, method, body) {
 // src/api/handlers/GET.ts
 function GETTER(configRoutes, config) {
   const { info, warn } = Logger(config, "[GET MATCHER]");
-  return async function GET6(req) {
+  return async function GET7(req) {
     if (matches(configRoutes, req)) {
       info("matches me");
       return route(req, config);
     }
+    if (matches5(configRoutes, req)) {
+      info("matches tenant invites");
+      return route5(req, config);
+    }
+    if (matches4(configRoutes, req)) {
+      info("matches invite");
+      return route4(req, config);
+    }
     if (matches3(configRoutes, req)) {
       info("matches tenant users");
       return route3(req, config);
     }
+    if (matches6(configRoutes, req)) {
+      info("matches tenants");
+      return route6(req, config);
+    }
     if (matches2(configRoutes, req)) {
       info("matches users");
       return route2(req, config);
     }
-    if (matches4(configRoutes, req)) {
-      info("matches tenants");
-      return route4(req, config);
-    }
-    if (matches6(configRoutes, req)) {
+    if (matches8(configRoutes, req)) {
       info("matches session");
-      return route6(req, config);
+      return route8(req, config);
     }
-    if (matches5(configRoutes, req)) {
+    if (matches7(configRoutes, req)) {
       info("matches signin");
-      return route5(req, config);
+      return route7(req, config);
     }
-    if (matches7(configRoutes, req)) {
+    if (matches9(configRoutes, req)) {
       info("matches providers");
-      return route7(req, config);
+      return route9(req, config);
     }
-    if (matches8(configRoutes, req)) {
+    if (matches10(configRoutes, req)) {
       info("matches csrf");
-      return route8(req, config);
+      return route10(req, config);
     }
-    if (matches13(configRoutes, req)) {
+    if (matches15(configRoutes, req)) {
       info("matches password reset");
-      return route13(req, config);
+      return route15(req, config);
     }
-    if (matches9(configRoutes, req)) {
+    if (matches11(configRoutes, req)) {
       info("matches callback");
-      return route9(req, config);
-    }
-    if (matches10(configRoutes, req)) {
-      info("matches signout");
-      return route10(req, config);
+      return route11(req, config);
     }
     if (matches12(configRoutes, req)) {
-      info("matches verify-request");
+      info("matches signout");
       return route12(req, config);
     }
     if (matches14(configRoutes, req)) {
-      info("matches verify-email");
+      info("matches verify-request");
       return route14(req, config);
     }
-    if (matches11(configRoutes, req)) {
+    if (matches16(configRoutes, req)) {
+      info("matches verify-email");
+      return route16(req, config);
+    }
+    if (matches13(configRoutes, req)) {
       info("matches error");
-      return route11(req, config);
+      return route13(req, config);
     }
     warn(`No GET routes matched ${req.url}`);
     return new Response(null, { status: 404 });
@@ -1031,7 +1175,7 @@ function GETTER(configRoutes, config) {
 }
 // src/api/routes/signup/POST.ts
-async function POST4(config, init) {
+async function POST5(config, init) {
   init.body = init.request.body;
   init.method = "POST";
   const url = `${apiRoutes(config).SIGNUP}`;
@@ -1039,17 +1183,17 @@ async function POST4(config, init) {
 }
 // src/api/routes/signup/index.tsx
-var key12 = "SIGNUP";
-async function route15(request2, config) {
+var key14 = "SIGNUP";
+async function route17(request2, config) {
   switch (request2.method) {
     case "POST":
-      return await POST4(config, { request: request2 });
+      return await POST5(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
 }
-function matches15(configRoutes, request2) {
-  return urlMatches(request2.url, configRoutes[key12]);
+function matches17(configRoutes, request2) {
+  return urlMatches(request2.url, configRoutes[key14]);
 }
 async function fetchSignUp(config, payload) {
   const { body, params } = payload ?? {};
@@ -1072,7 +1216,7 @@ async function fetchSignUp(config, payload) {
 // src/api/handlers/POST.ts
 function POSTER(configRoutes, config) {
   const { info, warn, error } = Logger(config, "[POST MATCHER]");
-  return async function POST5(req) {
+  return async function POST6(req) {
     if (matchesLog(configRoutes, req)) {
       try {
         const json = await req.clone().json();
@@ -1086,49 +1230,53 @@ function POSTER(configRoutes, config) {
       info("matches tenant users");
       return route3(req, config);
     }
-    if (matches15(configRoutes, req)) {
+    if (matches4(configRoutes, req)) {
+      info("matches tenant invite");
+      return route4(req, config);
+    }
+    if (matches17(configRoutes, req)) {
       info("matches signup");
-      return route15(req, config);
+      return route17(req, config);
     }
     if (matches2(configRoutes, req)) {
       info("matches users");
       return route2(req, config);
     }
-    if (matches4(configRoutes, req)) {
+    if (matches6(configRoutes, req)) {
       info("matches tenants");
-      return route4(req, config);
+      return route6(req, config);
     }
-    if (matches6(configRoutes, req)) {
+    if (matches8(configRoutes, req)) {
       info("matches session");
-      return route6(req, config);
+      return route8(req, config);
     }
-    if (matches5(configRoutes, req)) {
+    if (matches7(configRoutes, req)) {
       info("matches signin");
-      return route5(req, config);
+      return route7(req, config);
     }
-    if (matches13(configRoutes, req)) {
+    if (matches15(configRoutes, req)) {
       info("matches password reset");
-      return route13(req, config);
+      return route15(req, config);
     }
-    if (matches7(configRoutes, req)) {
+    if (matches9(configRoutes, req)) {
       info("matches providers");
-      return route7(req, config);
+      return route9(req, config);
     }
-    if (matches8(configRoutes, req)) {
+    if (matches10(configRoutes, req)) {
       info("matches csrf");
-      return route8(req, config);
+      return route10(req, config);
     }
-    if (matches9(configRoutes, req)) {
+    if (matches11(configRoutes, req)) {
       info("matches callback");
-      return route9(req, config);
+      return route11(req, config);
     }
-    if (matches10(configRoutes, req)) {
+    if (matches12(configRoutes, req)) {
       info("matches signout");
-      return route10(req, config);
+      return route12(req, config);
     }
-    if (matches14(configRoutes, req)) {
+    if (matches16(configRoutes, req)) {
       info("matches verify-email");
-      return route14(req, config);
+      return route16(req, config);
     }
     warn(`No POST routes matched ${req.url}`);
     return new Response(null, { status: 404 });
@@ -1147,7 +1295,7 @@ async function DELETE3(config, init) {
 }
 // src/api/routes/tenants/[tenantId]/users/[userId]/PUT.ts
-async function PUT4(config, init) {
+async function PUT5(config, init) {
   const yurl = new URL(init.request.url);
   const [, userId, , tenantId] = yurl.pathname.split("/").reverse();
   config.tenantId = tenantId;
@@ -1158,11 +1306,11 @@ async function PUT4(config, init) {
 }
 // src/api/routes/tenants/[tenantId]/users/[userId]/index.ts
-var key13 = "TENANT_USER";
-async function route16(request2, config) {
+var key15 = "TENANT_USER";
+async function route18(request2, config) {
   const { info } = Logger(
     { ...config, debug: config.debug },
-    `[ROUTES][${key13}]`
+    `[ROUTES][${key15}]`
   );
   const session = await auth(request2, config);
   if (!session) {
@@ -1177,21 +1325,21 @@ async function route16(request2, config) {
   }
   switch (request2.method) {
     case "PUT":
-      return await PUT4(config, { request: request2 });
+      return await PUT5(config, { request: request2 });
     case "DELETE":
       return await DELETE3(config, { request: request2 });
     default:
       return new Response("method not allowed", { status: 405 });
   }
 }
-function matches16(configRoutes, request2) {
+function matches18(configRoutes, request2) {
   const url = new URL(request2.url);
   const [, userId, possibleTenantId, tenantId] = url.pathname.split("/").reverse();
-  let route17 = configRoutes[key13].replace("{tenantId}", tenantId).replace("{userId}", userId);
+  let route20 = configRoutes[key15].replace("{tenantId}", tenantId).replace("{userId}", userId);
   if (userId === "users") {
-    route17 = configRoutes[key13].replace("{tenantId}", possibleTenantId);
+    route20 = configRoutes[key15].replace("{tenantId}", possibleTenantId);
   }
-  return urlMatches(request2.url, route17);
+  return urlMatches(request2.url, route20);
 }
 async function fetchTenantUser(config, method) {
   if (!config.tenantId) {
@@ -1215,21 +1363,54 @@ async function fetchTenantUser(config, method) {
   return await config.handlers[method](req);
 }
+// src/api/routes/tenants/[tenantId]/invite/[inviteId]/DELETE.ts
+async function DELETE4(config, init) {
+  const yurl = new URL(init.request.url);
+  const [inviteId, , tenantId] = yurl.pathname.split("/").reverse();
+  if (!tenantId) {
+    return new Response(null, { status: 404 });
+  }
+  init.method = "DELETE";
+  const url = `${apiRoutes(config).INVITE(tenantId)}/${inviteId}`;
+  return await request(url, init, config);
+}
+// src/api/routes/tenants/[tenantId]/invite/[inviteId]/index.ts
+var key16 = "INVITE";
+async function route19(request2, config) {
+  switch (request2.method) {
+    case "DELETE":
+      return await DELETE4(config, { request: request2 });
+    default:
+      return new Response("method not allowed", { status: 405 });
+  }
+}
+function matches19(configRoutes, request2) {
+  const url = new URL(request2.url);
+  const [inviteId, , tenantId] = url.pathname.split("/").reverse();
+  const route20 = configRoutes[key16].replace("{tenantId}", tenantId).replace("{inviteId}", inviteId);
+  return urlMatches(request2.url, route20);
+}
 // src/api/handlers/DELETE.ts
 function DELETER(configRoutes, config) {
   const { info, warn } = Logger(config, "[DELETE MATCHER]");
-  return async function DELETE4(req) {
-    if (matches16(configRoutes, req)) {
+  return async function DELETE5(req) {
+    if (matches19(configRoutes, req)) {
+      info("matches tenant invite id");
+      return route19(req, config);
+    }
+    if (matches18(configRoutes, req)) {
       info("matches tenant user");
-      return route16(req, config);
+      return route18(req, config);
     }
     if (matches3(configRoutes, req)) {
       info("matches tenant users");
       return route3(req, config);
     }
-    if (matches4(configRoutes, req)) {
+    if (matches6(configRoutes, req)) {
       info("matches tenants");
-      return route4(req, config);
+      return route6(req, config);
     }
     if (matches(configRoutes, req)) {
       info("matches me");
@@ -1243,10 +1424,14 @@ function DELETER(configRoutes, config) {
 // src/api/handlers/PUT.ts
 function PUTER(configRoutes, config) {
   const { info, warn } = Logger(config, "[PUT MATCHER]");
-  return async function PUT5(req) {
-    if (matches16(configRoutes, req)) {
+  return async function PUT6(req) {
+    if (matches4(configRoutes, req)) {
+      info("matches tenant invite");
+      return route4(req, config);
+    }
+    if (matches18(configRoutes, req)) {
       info("matches tenant user");
-      return route16(req, config);
+      return route18(req, config);
     }
     if (matches3(configRoutes, req)) {
       info("matches tenant users");
@@ -1260,13 +1445,13 @@ function PUTER(configRoutes, config) {
       info("matches me");
       return route(req, config);
     }
-    if (matches4(configRoutes, req)) {
+    if (matches6(configRoutes, req)) {
       info("matches tenants");
-      return route4(req, config);
+      return route6(req, config);
     }
-    if (matches13(configRoutes, req)) {
+    if (matches15(configRoutes, req)) {
       info("matches reset password");
-      return route13(req, config);
+      return route15(req, config);
     }
     warn("No PUT routes matched");
     return new Response(null, { status: 404 });
@@ -1275,15 +1460,15 @@ function PUTER(configRoutes, config) {
 // src/api/handlers/index.ts
 function Handlers(configRoutes, config) {
-  const GET6 = GETTER(configRoutes, config);
-  const POST5 = POSTER(configRoutes, config);
-  const DELETE4 = DELETER(configRoutes, config);
-  const PUT5 = PUTER(configRoutes, config);
+  const GET7 = GETTER(configRoutes, config);
+  const POST6 = POSTER(configRoutes, config);
+  const DELETE5 = DELETER(configRoutes, config);
+  const PUT6 = PUTER(configRoutes, config);
   return {
-    GET: GET6,
-    POST: POST5,
-    DELETE: DELETE4,
-    PUT: PUT5
+    GET: GET7,
+    POST: POST6,
+    DELETE: DELETE5,
+    PUT: PUT6
   };
 }
 var getApiUrl = (cfg) => {
@@ -1316,7 +1501,8 @@ var getSecureCookies = (cfg) => {
   return void 0;
 };
 var getUsername = (cfg) => {
-  const { config, logger } = cfg;
+  const { config } = cfg;
+  const logger = config.logger;
   const { info } = Logger(config, "[username]");
   if (config?.user) {
     logger && info(`${logger}[config] ${config.user}`);
@@ -1342,7 +1528,8 @@ var getUsername = (cfg) => {
   );
 };
 var getPassword = (cfg) => {
-  const { config, logger } = cfg;
+  const { config } = cfg;
+  const logger = config.logger;
   const log = logProtector(logger);
   const { info } = Logger(config, "[password]");
   if (stringCheck(config?.password)) {
@@ -1369,7 +1556,8 @@ var getPassword = (cfg) => {
   );
 };
 var getDatabaseName = (cfg) => {
-  const { config, logger } = cfg;
+  const { config } = cfg;
+  const logger = config.logger;
   const { info } = Logger(config, "[databaseName]");
   if (stringCheck(config?.databaseName)) {
     logger && info(`${logger}[config] ${config?.databaseName}`);
@@ -1392,7 +1580,8 @@ var getDatabaseName = (cfg) => {
   );
 };
 var getTenantId = (cfg) => {
-  const { config, logger } = cfg;
+  const { config } = cfg;
+  const logger = config.logger;
   const { info } = Logger(config, "[tenantId]");
   if (stringCheck(config?.tenantId)) {
     logger && info(`${logger}[config] ${config?.tenantId}`);
@@ -1405,7 +1594,8 @@ var getTenantId = (cfg) => {
   return null;
 };
 function getDbHost(cfg) {
-  const { config, logger } = cfg;
+  const { config } = cfg;
+  const logger = config.logger;
   const { info } = Logger(config, "[db.host]");
   if (stringCheck(config?.db && config.db.host)) {
     logger && info(`${logger}[config] ${config?.db?.host}`);
@@ -1428,7 +1618,8 @@ function getDbHost(cfg) {
   return "db.thenile.dev";
 }
 function getDbPort(cfg) {
-  const { config, logger } = cfg;
+  const { config } = cfg;
+  const logger = config.logger;
   const { info } = Logger(config, "[db.port]");
   if (config?.db?.port && config.db.port != null) {
     logger && info(`${logger}[config] ${config?.db.port}`);
@@ -1466,6 +1657,8 @@ var Config = class {
   routes;
   handlers;
   paths;
+  extensionCtx;
+  extensions;
   logger;
   /**
    * Stores the set tenant id from Server for use in sub classes
@@ -1500,14 +1693,19 @@ var Config = class {
   routePrefix;
   db;
   // api: ApiConfig;
-  constructor(config, logger) {
-    const envVarConfig = { config, logger };
+  constructor(config) {
     this.routePrefix = config?.routePrefix ?? "/api";
-    this.secureCookies = getSecureCookies(envVarConfig);
-    this.callbackUrl = getCallbackUrl(envVarConfig);
     this.debug = config?.debug;
     this.origin = config?.origin;
+    this.extensions = config?.extensions;
+    this.extensionCtx = config?.extensionCtx;
     this.serverOrigin = config?.origin ?? "http://localhost:3000";
+    this.logger = config?.logger ?? Logger(this);
+    const envVarConfig = {
+      config: { ...config, logger: this.logger }
+    };
+    this.secureCookies = getSecureCookies(envVarConfig);
+    this.callbackUrl = getCallbackUrl(envVarConfig);
     this.apiUrl = getApiUrl(envVarConfig);
     const user = getUsername(envVarConfig);
     const password = getPassword(envVarConfig);
@@ -1574,7 +1772,6 @@ var Config = class {
     };
     this.tenantId = config?.tenantId;
     this.userId = config?.userId;
-    this.logger = config?.logger;
   }
 };
@@ -1608,6 +1805,9 @@ var Eventer = class {
   }
 };
 var eventer = new Eventer();
+var updateTenantId = (tenantId) => {
+  eventer.publish("tenantId" /* Tenant */, tenantId);
+};
 var watchTenantId = (cb) => eventer.subscribe("tenantId" /* Tenant */, cb);
 var watchUserId = (cb) => eventer.subscribe("userId" /* User */, cb);
 var evictPool = (val) => {
@@ -1867,7 +2067,7 @@ var Auth = class {
     }
   }
   async getCsrf(rawResponse = false) {
-    return await getCsrf(this.#config, rawResponse);
+    return await obtainCsrf(this.#config, rawResponse);
   }
   async listProviders(rawResponse = false) {
     const res = await fetchProviders(this.#config);
@@ -1937,16 +2137,54 @@ var Auth = class {
       return res;
     }
     try {
-      return await res.clone().json();
+      const json = await res.clone().json();
+      if (json && typeof json === "object" && "tenants" in json) {
+        const tenantId = json.tenants[0];
+        if (tenantId) {
+          updateTenantId(tenantId);
+        }
+      }
+      return json;
     } catch {
       return res;
     }
   }
+  async forgotPassword(req) {
+    let email = "";
+    const defaults = defaultCallbackUrl({
+      config: this.#config
+    });
+    let callbackUrl = defaults.callbackUrl;
+    let redirectUrl = defaults.redirectUrl;
+    if ("email" in req) {
+      email = req.email;
+    }
+    if ("callbackUrl" in req) {
+      callbackUrl = req.callbackUrl ? req.callbackUrl : null;
+    }
+    if ("redirectUrl" in req) {
+      redirectUrl = req.redirectUrl ? req.redirectUrl : null;
+    }
+    const body = JSON.stringify({
+      email,
+      redirectUrl,
+      callbackUrl
+    });
+    const data = await fetchResetPassword(
+      this.#config,
+      "POST",
+      body,
+      new URLSearchParams(),
+      false
+    );
+    return data;
+  }
   async resetPassword(req) {
     let email = "";
     let password = "";
-    let callbackUrl = null;
-    let redirectUrl = null;
+    const defaults = defaultCallbackUrl({ config: this.#config });
+    let callbackUrl = defaults.callbackUrl;
+    let redirectUrl = defaults.redirectUrl;
     if (req instanceof Request) {
       const body2 = await req.json();
       email = body2.email;
@@ -1975,19 +2213,6 @@ var Auth = class {
         redirectUrl = req.redirectUrl ? req.redirectUrl : null;
       }
     }
-    const fallbackCb = parseCallback(this.#config.headers);
-    if (fallbackCb) {
-      const [, value] = fallbackCb.split("=");
-      if (value) {
-        const parsedUrl = decodeURIComponent(value);
-        if (!redirectUrl) {
-          redirectUrl = `${new URL(parsedUrl).origin}${"/auth/reset-password" /* PASSWORD_RESET */}`;
-        }
-      }
-      if (!callbackUrl) {
-        callbackUrl = value;
-      }
-    }
     await this.getCsrf();
     const body = JSON.stringify({
       email,
@@ -2206,9 +2431,22 @@ function parseResetToken(headers) {
   const [, token] = /((__Secure-)?nile\.reset=[^;]+)/.exec(authCookie) ?? [];
   return token;
 }
+function defaultCallbackUrl({ config }) {
+  let cb = null;
+  let redirect = null;
+  const fallbackCb = parseCallback(config.headers);
+  if (fallbackCb) {
+    const [, value] = fallbackCb.split("=");
+    cb = decodeURIComponent(value);
+    if (value) {
+      redirect = `${new URL(cb).origin}${"/auth/reset-password" /* PASSWORD_RESET */}`;
+    }
+  }
+  return { callbackUrl: cb, redirectUrl: redirect };
+}
-// src/auth/getCsrf.ts
-async function getCsrf(config, rawResponse = false) {
+// src/auth/obtainCsrf.ts
+async function obtainCsrf(config, rawResponse = false) {
   const res = await fetchCsrf(config);
   const csrfCook = parseCSRF(res.headers);
   if (csrfCook) {
@@ -2294,21 +2532,27 @@ var Users = class {
       return res;
     }
   }
-  async verifySelf(bypassEmail = process.env.NODE_ENV !== "production", rawResponse = false) {
+  async verifySelf(options, rawResponse = false) {
+    const bypassEmail = typeof options === "object" ? options.bypassEmail ?? process.env.NODE_ENV !== "production" : process.env.NODE_ENV !== "production";
+    const callbackUrl = typeof options === "object" ? options.callbackUrl : defaultCallbackUrl2(this.#config).callbackUrl;
     try {
       const me = await this.getSelf();
       if (me instanceof Response) {
         return me;
       }
-      const res = await verifyEmailAddress(this.#config, me);
+      const res = await verifyEmailAddress(
+        this.#config,
+        me,
+        String(callbackUrl)
+      );
       return res;
     } catch {
       this.#logger?.warn(
-        "Unable to verify email. The current user's email will be set to verified any way. Be sure to configure emails for production."
+        "Unable to verify email. The current user's email will be set to verified anyway. Be sure to configure emails for production."
       );
     }
     if (bypassEmail) {
-      return await this.updateSelf({ emailVerified: true }, rawResponse);
+      return this.updateSelf({ emailVerified: true }, rawResponse);
     }
     this.#logger.error(
       "Unable to verify email address. Configure your SMTP server in the console."
@@ -2316,19 +2560,34 @@ var Users = class {
     return void 0;
   }
 };
-async function verifyEmailAddress(config, user) {
+async function verifyEmailAddress(config, user, callback) {
   config.headers.set("content-type", "application/x-www-form-urlencoded");
-  const { csrfToken } = await getCsrf(config);
+  const { csrfToken } = await obtainCsrf(config);
+  const defaults = defaultCallbackUrl2(config);
+  const callbackUrl = callback ?? String(defaults.callbackUrl);
   const res = await fetchVerifyEmail(
     config,
     "POST",
-    new URLSearchParams({ csrfToken, email: user.email }).toString()
+    new URLSearchParams({
+      csrfToken,
+      email: user.email,
+      callbackUrl
+    }).toString()
   );
   if (res.status > 299) {
     throw new Error(await res.text());
   }
   return res;
 }
+function defaultCallbackUrl2(config) {
+  let cb = null;
+  const fallbackCb = parseCallback(config.headers);
+  if (fallbackCb) {
+    const [, value] = fallbackCb.split("=");
+    cb = decodeURIComponent(value);
+  }
+  return { callbackUrl: cb };
+}
 // src/tenants/index.ts
 var Tenants = class {
@@ -2451,6 +2710,74 @@ var Tenants = class {
       rawResponse || typeof req === "boolean" && req
     );
   }
+  async invites() {
+    const res = await fetchInvites(this.#config);
+    return responseHandler(res);
+  }
+  async invite(req, rawResponse) {
+    const { csrfToken } = await obtainCsrf(this.#config);
+    const defaults = defaultCallbackUrl3(this.#config);
+    let identifier = req;
+    let callbackUrl = defaults.callbackUrl;
+    let redirectUrl = defaults.redirectUrl;
+    if (typeof req === "object") {
+      if ("email" in req) {
+        identifier = req.email;
+      }
+      if ("callbackUrl" in req) {
+        callbackUrl = req.callbackUrl ? req.callbackUrl : "";
+      }
+      if ("redirectUrl" in req) {
+        redirectUrl = req.redirectUrl ? req.redirectUrl : "";
+      }
+    }
+    this.#config.headers.set(
+      "Content-Type",
+      "application/x-www-form-urlencoded"
+    );
+    const res = await fetchInvite(
+      this.#config,
+      "POST",
+      new URLSearchParams({
+        identifier,
+        csrfToken,
+        callbackUrl,
+        redirectUrl
+      }).toString()
+    );
+    return responseHandler(res, rawResponse);
+  }
+  async acceptInvite(req, rawResponse) {
+    if (!req) {
+      throw new Error("The identifier and token are required.");
+    }
+    const { identifier, token } = req;
+    const defaults = defaultCallbackUrl3(this.#config);
+    const callbackUrl = String(defaults.callbackUrl);
+    const res = await fetchInvite(
+      this.#config,
+      "PUT",
+      new URLSearchParams({
+        identifier,
+        token,
+        callbackUrl
+      }).toString()
+    );
+    return responseHandler(res, rawResponse);
+  }
+  async deleteInvite(req) {
+    let id = "";
+    if (typeof req === "object") {
+      id = req.id;
+    } else {
+      id = req;
+    }
+    if (!id) {
+      throw new Error("An invite id is required.");
+    }
+    const res = await fetchInvite(this.#config, "DELETE", id);
+    return responseHandler(res, true);
+  }
   #handleContext(req) {
     if (typeof req === "object") {
       if ("tenantId" in req) {
@@ -2472,31 +2799,47 @@ async function responseHandler(res, rawResponse) {
     return res;
   }
 }
+function defaultCallbackUrl3(config) {
+  let cb = null;
+  let redirect = null;
+  const fallbackCb = parseCallback(config.headers);
+  if (fallbackCb) {
+    const [, value] = fallbackCb.split("=");
+    cb = decodeURIComponent(value);
+    if (value) {
+      redirect = `${new URL(cb).origin}${config.routePrefix}${"/tenants/{tenantId}/invite" /* INVITE */.replace(
+        "{tenantId}",
+        String(config.tenantId)
+      )}`;
+    }
+  }
+  return { callbackUrl: cb, redirectUrl: redirect };
+}
 // src/api/handlers/withContext/index.ts
 function handlersWithContext(config) {
-  const GET6 = GETTER(config.routes, config);
-  const POST5 = POSTER(config.routes, config);
-  const DELETE4 = DELETER(config.routes, config);
-  const PUT5 = PUTER(config.routes, config);
+  const GET7 = GETTER(config.routes, config);
+  const POST6 = POSTER(config.routes, config);
+  const DELETE5 = DELETER(config.routes, config);
+  const PUT6 = PUTER(config.routes, config);
   return {
     GET: async (req) => {
-      const response = await GET6(req);
+      const response = await GET7(req);
       const updatedConfig = updateConfig(response, config);
       return { response, nile: new Server(updatedConfig) };
     },
     POST: async (req) => {
-      const response = await POST5(req);
+      const response = await POST6(req);
       const updatedConfig = updateConfig(response, config);
       return { response, nile: new Server(updatedConfig) };
     },
     DELETE: async (req) => {
-      const response = await DELETE4(req);
+      const response = await DELETE5(req);
       const updatedConfig = updateConfig(response, config);
       return { response, nile: new Server(updatedConfig) };
     },
     PUT: async (req) => {
-      const response = await PUT5(req);
+      const response = await PUT6(req);
       const updatedConfig = updateConfig(response, config);
       return { response, nile: new Server(updatedConfig) };
     }
@@ -2514,8 +2857,8 @@ function updateConfig(response, config) {
   }
   const setCookies = [];
   if (response?.headers) {
-    for (const [key14, value] of response.headers) {
-      if (key14.toLowerCase() === "set-cookie") {
+    for (const [key17, value] of response.headers) {
+      if (key17.toLowerCase() === "set-cookie") {
         setCookies.push(value);
       }
     }
@@ -2531,6 +2874,36 @@ function updateConfig(response, config) {
   };
 }
+// src/api/utils/extensions.ts
+function bindHandleOnRequest(instance) {
+  return async function handleOnRequest(config, _init, params) {
+    if (config.extensions) {
+      for (const create2 of config.extensions) {
+        const ext = await create2(instance);
+        if (ext.onRequest) {
+          const modified = await ext.onRequest(_init.request);
+          if (modified?.headers) {
+            const modHeaders = new Headers(modified.headers);
+            const cookie = modHeaders.get("cookie");
+            if (cookie) {
+              params.headers.set("cookie", cookie);
+              config.logger.debug(
+                `extension ${ext.id ?? create2.name} modified cookie`
+              );
+            }
+          }
+        }
+        config.logger.debug(`extension ${ext.id ?? create2.name} ran onRequest`);
+      }
+    }
+  };
+}
+function buildExtensionConfig(instance) {
+  return {
+    handleOnRequest: bindHandleOnRequest(instance)
+  };
+}
 // src/Server.ts
 var Server = class {
   users;
@@ -2542,7 +2915,10 @@ var Server = class {
   #manager;
   #headers;
   constructor(config) {
-    this.#config = new Config(config, "[initial config]");
+    this.#config = new Config({
+      ...config,
+      extensionCtx: buildExtensionConfig(this)
+    });
     watchTenantId((tenantId) => {
       if (tenantId !== this.#config.tenantId) {
         this.#config.tenantId = tenantId;
@@ -2667,32 +3043,33 @@ var Server = class {
     } else if (config?.headers) {
       headers = config?.headers;
       if (config && config.origin) {
-        this.#headers.set(X_NILE_ORIGIN, config.origin);
+        this.#headers.set(HEADER_ORIGIN, config.origin);
       }
       if (config && config.secureCookies != null) {
-        this.#headers.set(X_NILE_SECURECOOKIES, String(config.secureCookies));
+        this.#headers.set(HEADER_SECURE_COOKIES, String(config.secureCookies));
       }
     }
     if (headers instanceof Headers) {
-      headers.forEach((value, key14) => {
-        updates.push([key14.toLowerCase(), value]);
+      headers.forEach((value, key17) => {
+        updates.push([key17.toLowerCase(), value]);
       });
     } else {
-      for (const [key14, value] of Object.entries(headers ?? {})) {
-        updates.push([key14.toLowerCase(), value]);
+      for (const [key17, value] of Object.entries(headers ?? {})) {
+        updates.push([key17.toLowerCase(), value]);
       }
     }
     const merged = {};
-    this.#headers?.forEach((value, key14) => {
-      if (key14.toLowerCase() !== "cookie") {
-        merged[key14.toLowerCase()] = value;
+    this.#config.tenantId = getTenantFromHttp(this.#headers, this.#config);
+    this.#headers?.forEach((value, key17) => {
+      if (key17.toLowerCase() !== "cookie") {
+        merged[key17.toLowerCase()] = value;
       }
     });
-    for (const [key14, value] of updates) {
-      merged[key14] = value;
+    for (const [key17, value] of updates) {
+      merged[key17] = value;
     }
-    for (const [key14, value] of Object.entries(merged)) {
-      this.#headers.set(key14, value);
+    for (const [key17, value] of Object.entries(merged)) {
+      this.#headers.set(key17, value);
     }
     this.#config.headers = this.#headers;
   }
@@ -2715,9 +3092,13 @@ function create(config) {
 }
 exports.APIErrorErrorCodeEnum = APIErrorErrorCodeEnum;
+exports.HEADER_ORIGIN = HEADER_ORIGIN;
+exports.HEADER_SECURE_COOKIES = HEADER_SECURE_COOKIES;
 exports.LoginUserResponseTokenTypeEnum = LoginUserResponseTokenTypeEnum;
 exports.Nile = create;
 exports.Server = Server;
+exports.TENANT_COOKIE = TENANT_COOKIE;
+exports.USER_COOKIE = USER_COOKIE;
 exports.parseCSRF = parseCSRF;
 exports.parseCallback = parseCallback;
 exports.parseToken = parseToken;