@open-mercato/core 0.6.3-develop.3876.1.d40fe4ec2d → 0.6.3-develop.3894.1.352abf4240
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build.log +1 -1
- package/dist/modules/attachments/api/file/[id]/route.js +7 -2
- package/dist/modules/attachments/api/file/[id]/route.js.map +2 -2
- package/dist/modules/attachments/api/image/[id]/[[...slug]]/route.js +7 -4
- package/dist/modules/attachments/api/image/[id]/[[...slug]]/route.js.map +2 -2
- package/dist/modules/audit_logs/services/accessLogService.js +127 -8
- package/dist/modules/audit_logs/services/accessLogService.js.map +2 -2
- package/dist/modules/auth/backend/auth/profile/page.js +1 -1
- package/dist/modules/auth/backend/auth/profile/page.js.map +2 -2
- package/dist/modules/auth/backend/profile/change-password/page.js +1 -1
- package/dist/modules/auth/backend/profile/change-password/page.js.map +2 -2
- package/dist/modules/auth/backend/users/[id]/edit/page.js +1 -1
- package/dist/modules/auth/backend/users/[id]/edit/page.js.map +2 -2
- package/dist/modules/auth/backend/users/create/page.js +6 -1
- package/dist/modules/auth/backend/users/create/page.js.map +2 -2
- package/dist/modules/auth/di.js +17 -3
- package/dist/modules/auth/di.js.map +2 -2
- package/dist/modules/auth/services/rbacDefaultCache.js +110 -0
- package/dist/modules/auth/services/rbacDefaultCache.js.map +7 -0
- package/dist/modules/catalog/backend/catalog/products/[id]/page.js +8 -1
- package/dist/modules/catalog/backend/catalog/products/[id]/page.js.map +2 -2
- package/dist/modules/catalog/backend/catalog/products/[productId]/variants/[variantId]/page.js +3 -2
- package/dist/modules/catalog/backend/catalog/products/[productId]/variants/[variantId]/page.js.map +2 -2
- package/dist/modules/catalog/backend/catalog/products/[productId]/variants/create/page.js +3 -2
- package/dist/modules/catalog/backend/catalog/products/[productId]/variants/create/page.js.map +2 -2
- package/dist/modules/configs/cli.js +27 -14
- package/dist/modules/configs/cli.js.map +2 -2
- package/dist/modules/currencies/api/currencies/route.js +3 -4
- package/dist/modules/currencies/api/currencies/route.js.map +2 -2
- package/dist/modules/currencies/api/exchange-rates/route.js +3 -4
- package/dist/modules/currencies/api/exchange-rates/route.js.map +2 -2
- package/dist/modules/customers/api/people/route.js +26 -24
- package/dist/modules/customers/api/people/route.js.map +2 -2
- package/dist/modules/directory/subscribers/invalidateOrgScopeCache.js +26 -0
- package/dist/modules/directory/subscribers/invalidateOrgScopeCache.js.map +7 -0
- package/dist/modules/directory/utils/organizationScope.js +85 -0
- package/dist/modules/directory/utils/organizationScope.js.map +2 -2
- package/dist/modules/resources/backend/resources/resource-types/[id]/edit/page.js +1 -1
- package/dist/modules/resources/backend/resources/resource-types/[id]/edit/page.js.map +2 -2
- package/dist/modules/sales/backend/sales/channels/[channelId]/edit/page.js +1 -1
- package/dist/modules/sales/backend/sales/channels/[channelId]/edit/page.js.map +2 -2
- package/dist/modules/sales/components/channels/ChannelOfferForm.js +1 -1
- package/dist/modules/sales/components/channels/ChannelOfferForm.js.map +2 -2
- package/dist/modules/workflows/backend/definitions/[id]/page.js +2 -1
- package/dist/modules/workflows/backend/definitions/[id]/page.js.map +2 -2
- package/dist/modules/workflows/backend/definitions/create/page.js +4 -2
- package/dist/modules/workflows/backend/definitions/create/page.js.map +2 -2
- package/dist/modules/workflows/backend/definitions/visual-editor/page.js +20 -3
- package/dist/modules/workflows/backend/definitions/visual-editor/page.js.map +2 -2
- package/dist/modules/workflows/components/ActivitiesEditor.js +34 -1
- package/dist/modules/workflows/components/ActivitiesEditor.js.map +2 -2
- package/dist/modules/workflows/components/NodeEditDialog.js +153 -17
- package/dist/modules/workflows/components/NodeEditDialog.js.map +2 -2
- package/dist/modules/workflows/components/StepsEditor.js +31 -0
- package/dist/modules/workflows/components/StepsEditor.js.map +2 -2
- package/dist/modules/workflows/components/WorkflowGraph.js +3 -2
- package/dist/modules/workflows/components/WorkflowGraph.js.map +2 -2
- package/dist/modules/workflows/components/nodes/WaitForTimerNode.js +54 -0
- package/dist/modules/workflows/components/nodes/WaitForTimerNode.js.map +7 -0
- package/dist/modules/workflows/components/nodes/index.js +3 -1
- package/dist/modules/workflows/components/nodes/index.js.map +2 -2
- package/dist/modules/workflows/data/validators.js +117 -0
- package/dist/modules/workflows/data/validators.js.map +2 -2
- package/dist/modules/workflows/di.js +5 -1
- package/dist/modules/workflows/di.js.map +2 -2
- package/dist/modules/workflows/lib/activity-executor.js +42 -1
- package/dist/modules/workflows/lib/activity-executor.js.map +2 -2
- package/dist/modules/workflows/lib/activity-queue-types.js.map +2 -2
- package/dist/modules/workflows/lib/activity-worker-handler.js +24 -0
- package/dist/modules/workflows/lib/activity-worker-handler.js.map +2 -2
- package/dist/modules/workflows/lib/duration.js +32 -0
- package/dist/modules/workflows/lib/duration.js.map +7 -0
- package/dist/modules/workflows/lib/event-logger.js +1 -0
- package/dist/modules/workflows/lib/event-logger.js.map +2 -2
- package/dist/modules/workflows/lib/format-validation-error.js +12 -0
- package/dist/modules/workflows/lib/format-validation-error.js.map +7 -0
- package/dist/modules/workflows/lib/graph-utils.js +6 -3
- package/dist/modules/workflows/lib/graph-utils.js.map +2 -2
- package/dist/modules/workflows/lib/node-type-icons.js +9 -5
- package/dist/modules/workflows/lib/node-type-icons.js.map +2 -2
- package/dist/modules/workflows/lib/signal-handler.js +55 -23
- package/dist/modules/workflows/lib/signal-handler.js.map +2 -2
- package/dist/modules/workflows/lib/step-handler.js +79 -29
- package/dist/modules/workflows/lib/step-handler.js.map +2 -2
- package/dist/modules/workflows/lib/timer-handler.js +159 -0
- package/dist/modules/workflows/lib/timer-handler.js.map +7 -0
- package/dist/modules/workflows/lib/workflow-executor.js +1 -1
- package/dist/modules/workflows/lib/workflow-executor.js.map +2 -2
- package/dist/modules/workflows/workers/workflow-activities.worker.js +20 -4
- package/dist/modules/workflows/workers/workflow-activities.worker.js.map +2 -2
- package/package.json +7 -7
- package/src/modules/attachments/api/file/[id]/route.ts +7 -2
- package/src/modules/attachments/api/image/[id]/[[...slug]]/route.ts +7 -4
- package/src/modules/audit_logs/services/accessLogService.ts +179 -15
- package/src/modules/auth/backend/auth/profile/page.tsx +1 -1
- package/src/modules/auth/backend/profile/change-password/page.tsx +1 -1
- package/src/modules/auth/backend/users/[id]/edit/page.tsx +1 -1
- package/src/modules/auth/backend/users/create/page.tsx +6 -1
- package/src/modules/auth/di.ts +26 -3
- package/src/modules/auth/services/rbacDefaultCache.ts +145 -0
- package/src/modules/catalog/backend/catalog/products/[id]/page.tsx +8 -1
- package/src/modules/catalog/backend/catalog/products/[productId]/variants/[variantId]/page.tsx +3 -2
- package/src/modules/catalog/backend/catalog/products/[productId]/variants/create/page.tsx +3 -2
- package/src/modules/configs/cli.ts +34 -13
- package/src/modules/currencies/api/currencies/route.ts +3 -4
- package/src/modules/currencies/api/exchange-rates/route.ts +3 -4
- package/src/modules/customers/api/people/route.ts +27 -25
- package/src/modules/directory/subscribers/invalidateOrgScopeCache.ts +39 -0
- package/src/modules/directory/utils/organizationScope.ts +121 -0
- package/src/modules/resources/backend/resources/resource-types/[id]/edit/page.tsx +1 -1
- package/src/modules/sales/backend/sales/channels/[channelId]/edit/page.tsx +1 -1
- package/src/modules/sales/components/channels/ChannelOfferForm.tsx +1 -1
- package/src/modules/workflows/backend/definitions/[id]/page.tsx +3 -2
- package/src/modules/workflows/backend/definitions/create/page.tsx +4 -2
- package/src/modules/workflows/backend/definitions/visual-editor/page.tsx +18 -1
- package/src/modules/workflows/components/ActivitiesEditor.tsx +40 -0
- package/src/modules/workflows/components/NodeEditDialog.tsx +218 -30
- package/src/modules/workflows/components/StepsEditor.tsx +36 -0
- package/src/modules/workflows/components/WorkflowGraph.tsx +2 -1
- package/src/modules/workflows/components/nodes/WaitForTimerNode.tsx +70 -0
- package/src/modules/workflows/components/nodes/index.ts +3 -0
- package/src/modules/workflows/data/validators.ts +121 -0
- package/src/modules/workflows/di.ts +4 -0
- package/src/modules/workflows/i18n/de.json +10 -1
- package/src/modules/workflows/i18n/en.json +10 -1
- package/src/modules/workflows/i18n/es.json +10 -1
- package/src/modules/workflows/i18n/pl.json +10 -1
- package/src/modules/workflows/lib/activity-executor.ts +86 -2
- package/src/modules/workflows/lib/activity-queue-types.ts +18 -11
- package/src/modules/workflows/lib/activity-worker-handler.ts +29 -0
- package/src/modules/workflows/lib/duration.ts +51 -0
- package/src/modules/workflows/lib/event-logger.ts +1 -0
- package/src/modules/workflows/lib/format-validation-error.ts +30 -0
- package/src/modules/workflows/lib/graph-utils.ts +3 -0
- package/src/modules/workflows/lib/node-type-icons.ts +6 -2
- package/src/modules/workflows/lib/signal-handler.ts +62 -24
- package/src/modules/workflows/lib/step-handler.ts +107 -50
- package/src/modules/workflows/lib/timer-handler.ts +213 -0
- package/src/modules/workflows/lib/workflow-executor.ts +1 -1
- package/src/modules/workflows/workers/workflow-activities.worker.ts +33 -7
package/.turbo/turbo-build.log
CHANGED
|
@@ -5,7 +5,7 @@ import {
|
|
|
5
5
|
Attachment,
|
|
6
6
|
AttachmentPartition
|
|
7
7
|
} from "@open-mercato/core/modules/attachments/data/entities";
|
|
8
|
-
import { checkAttachmentAccess } from "@open-mercato/core/modules/attachments/lib/access";
|
|
8
|
+
import { checkAttachmentAccess, isSuperAdminAuth } from "@open-mercato/core/modules/attachments/lib/access";
|
|
9
9
|
import { z } from "zod";
|
|
10
10
|
import { attachmentsTag, attachmentErrorSchema } from "../../openapi.js";
|
|
11
11
|
import {
|
|
@@ -28,7 +28,12 @@ async function GET(req, context) {
|
|
|
28
28
|
const { resolve } = await createRequestContainer();
|
|
29
29
|
const em = resolve("em");
|
|
30
30
|
const storageDriverFactory = resolve("storageDriverFactory") ?? new StorageDriverFactory(em);
|
|
31
|
-
const
|
|
31
|
+
const findFilter = { id };
|
|
32
|
+
if (auth && !isSuperAdminAuth(auth)) {
|
|
33
|
+
if (auth.tenantId) findFilter.tenantId = auth.tenantId;
|
|
34
|
+
if (auth.orgId) findFilter.organizationId = auth.orgId;
|
|
35
|
+
}
|
|
36
|
+
const attachment = await em.findOne(Attachment, findFilter);
|
|
32
37
|
if (!attachment) {
|
|
33
38
|
return NextResponse.json(
|
|
34
39
|
{ error: "Attachment not found" },
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../../../src/modules/attachments/api/file/%5Bid%5D/route.ts"],
|
|
4
|
-
"sourcesContent": ["import { NextRequest, NextResponse } from \"next/server\";\nimport type { OpenApiRouteDoc } from \"@open-mercato/shared/lib/openapi\";\nimport { getAuthFromRequest } from \"@open-mercato/shared/lib/auth/server\";\nimport { createRequestContainer } from \"@open-mercato/shared/lib/di/container\";\nimport {\n Attachment,\n AttachmentPartition,\n} from \"@open-mercato/core/modules/attachments/data/entities\";\nimport type { EntityManager } from \"@mikro-orm/postgresql\";\nimport { checkAttachmentAccess } from \"@open-mercato/core/modules/attachments/lib/access\";\nimport { z } from \"zod\";\nimport { attachmentsTag, attachmentErrorSchema } from \"../../openapi\";\nimport {\n buildAttachmentContentDisposition,\n canRenderInlineAttachment,\n} from \"@open-mercato/core/modules/attachments/lib/security\";\nimport { StorageDriverFactory } from '../../../lib/drivers';\n\nexport const metadata = {\n GET: { requireAuth: false },\n};\n\nexport async function GET(\n req: NextRequest,\n context: { params: Promise<{ id: string }> },\n) {\n const { id } = await context.params;\n if (!id) {\n return NextResponse.json(\n { error: \"Attachment id is required\" },\n { status: 400 },\n );\n }\n const auth = await getAuthFromRequest(req);\n const { resolve } = await createRequestContainer();\n const em = resolve(\"em\") as EntityManager;\n const storageDriverFactory =\n (resolve(\"storageDriverFactory\") as StorageDriverFactory | null) ??\n new StorageDriverFactory(em);\n\n const attachment = await em.findOne(Attachment,
|
|
5
|
-
"mappings": "AAAA,SAAsB,oBAAoB;AAE1C,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AACvC;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAEP,SAAS,
|
|
4
|
+
"sourcesContent": ["import { NextRequest, NextResponse } from \"next/server\";\nimport type { OpenApiRouteDoc } from \"@open-mercato/shared/lib/openapi\";\nimport { getAuthFromRequest } from \"@open-mercato/shared/lib/auth/server\";\nimport { createRequestContainer } from \"@open-mercato/shared/lib/di/container\";\nimport {\n Attachment,\n AttachmentPartition,\n} from \"@open-mercato/core/modules/attachments/data/entities\";\nimport type { EntityManager } from \"@mikro-orm/postgresql\";\nimport { checkAttachmentAccess, isSuperAdminAuth } from \"@open-mercato/core/modules/attachments/lib/access\";\nimport { z } from \"zod\";\nimport { attachmentsTag, attachmentErrorSchema } from \"../../openapi\";\nimport {\n buildAttachmentContentDisposition,\n canRenderInlineAttachment,\n} from \"@open-mercato/core/modules/attachments/lib/security\";\nimport { StorageDriverFactory } from '../../../lib/drivers';\n\nexport const metadata = {\n GET: { requireAuth: false },\n};\n\nexport async function GET(\n req: NextRequest,\n context: { params: Promise<{ id: string }> },\n) {\n const { id } = await context.params;\n if (!id) {\n return NextResponse.json(\n { error: \"Attachment id is required\" },\n { status: 400 },\n );\n }\n const auth = await getAuthFromRequest(req);\n const { resolve } = await createRequestContainer();\n const em = resolve(\"em\") as EntityManager;\n const storageDriverFactory =\n (resolve(\"storageDriverFactory\") as StorageDriverFactory | null) ??\n new StorageDriverFactory(em);\n\n const findFilter: Record<string, unknown> = { id };\n if (auth && !isSuperAdminAuth(auth)) {\n if (auth.tenantId) findFilter.tenantId = auth.tenantId;\n if (auth.orgId) findFilter.organizationId = auth.orgId;\n }\n const attachment = await em.findOne(Attachment, findFilter);\n if (!attachment) {\n return NextResponse.json(\n { error: \"Attachment not found\" },\n { status: 404 },\n );\n }\n const partition = await em.findOne(AttachmentPartition, {\n code: attachment.partitionCode,\n });\n if (!partition) {\n return NextResponse.json(\n { error: \"Partition misconfigured\" },\n { status: 500 },\n );\n }\n\n const access = checkAttachmentAccess(auth, attachment, partition);\n if (!access.ok) {\n const message = access.status === 401 ? \"Unauthorized\" : \"Forbidden\";\n return NextResponse.json({ error: message }, { status: access.status });\n }\n\n const driver = await storageDriverFactory.resolveForPartition(attachment.partitionCode, {\n tenantId: attachment.tenantId ?? '',\n organizationId: attachment.organizationId ?? '',\n });\n let buffer: Buffer;\n try {\n const result = await driver.read(attachment.partitionCode, attachment.storagePath);\n buffer = result.buffer;\n } catch {\n return NextResponse.json({ error: \"File not available\" }, { status: 404 });\n }\n\n const url = new URL(req.url);\n const forceDownload = url.searchParams.get(\"download\") === \"1\";\n const renderInline = !forceDownload && canRenderInlineAttachment(attachment.mimeType);\n const headers: Record<string, string> = {\n \"Cache-Control\": partition.isPublic\n ? \"public, max-age=86400\"\n : \"private, max-age=60\",\n \"Content-Security-Policy\": \"default-src 'none'; sandbox\",\n \"Content-Type\": renderInline\n ? attachment.mimeType || \"application/octet-stream\"\n : \"application/octet-stream\",\n \"Content-Disposition\": buildAttachmentContentDisposition(\n attachment.fileName,\n renderInline ? \"inline\" : \"attachment\",\n ),\n \"X-Content-Type-Options\": \"nosniff\",\n };\n if (attachment.fileSize > 0) {\n headers[\"Content-Length\"] = String(attachment.fileSize);\n }\n\n const responseBody = new Uint8Array(buffer);\n\n return new NextResponse(responseBody, { status: 200, headers });\n}\n\nexport const openApi: OpenApiRouteDoc = {\n tag: attachmentsTag,\n summary: \"Download attachment file\",\n methods: {\n GET: {\n summary: \"Download or serve attachment file\",\n description:\n \"Returns the raw file content for an attachment. Path parameter: {id} - Attachment UUID. Query parameter: ?download=1 - Force file download with Content-Disposition header. Access control is enforced based on partition settings.\",\n responses: [\n {\n status: 200,\n description: \"File content with appropriate MIME type\",\n schema: z.any().describe(\"Binary file content\"),\n },\n ],\n errors: [\n {\n status: 400,\n description: \"Missing attachment ID\",\n schema: attachmentErrorSchema,\n },\n {\n status: 401,\n description:\n \"Unauthorized - authentication required for private partitions\",\n schema: attachmentErrorSchema,\n },\n {\n status: 403,\n description: \"Forbidden - insufficient permissions\",\n schema: attachmentErrorSchema,\n },\n {\n status: 404,\n description: \"Attachment or file not found\",\n schema: attachmentErrorSchema,\n },\n {\n status: 500,\n description: \"Partition misconfigured\",\n schema: attachmentErrorSchema,\n },\n ],\n },\n },\n};\n"],
|
|
5
|
+
"mappings": "AAAA,SAAsB,oBAAoB;AAE1C,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AACvC;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAEP,SAAS,uBAAuB,wBAAwB;AACxD,SAAS,SAAS;AAClB,SAAS,gBAAgB,6BAA6B;AACtD;AAAA,EACE;AAAA,EACA;AAAA,OACK;AACP,SAAS,4BAA4B;AAE9B,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,MAAM;AAC5B;AAEA,eAAsB,IACpB,KACA,SACA;AACA,QAAM,EAAE,GAAG,IAAI,MAAM,QAAQ;AAC7B,MAAI,CAAC,IAAI;AACP,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,4BAA4B;AAAA,MACrC,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AACA,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,uBACH,QAAQ,sBAAsB,KAC/B,IAAI,qBAAqB,EAAE;AAE7B,QAAM,aAAsC,EAAE,GAAG;AACjD,MAAI,QAAQ,CAAC,iBAAiB,IAAI,GAAG;AACnC,QAAI,KAAK,SAAU,YAAW,WAAW,KAAK;AAC9C,QAAI,KAAK,MAAO,YAAW,iBAAiB,KAAK;AAAA,EACnD;AACA,QAAM,aAAa,MAAM,GAAG,QAAQ,YAAY,UAAU;AAC1D,MAAI,CAAC,YAAY;AACf,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,uBAAuB;AAAA,MAChC,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AACA,QAAM,YAAY,MAAM,GAAG,QAAQ,qBAAqB;AAAA,IACtD,MAAM,WAAW;AAAA,EACnB,CAAC;AACD,MAAI,CAAC,WAAW;AACd,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,0BAA0B;AAAA,MACnC,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAEA,QAAM,SAAS,sBAAsB,MAAM,YAAY,SAAS;AAChE,MAAI,CAAC,OAAO,IAAI;AACd,UAAM,UAAU,OAAO,WAAW,MAAM,iBAAiB;AACzD,WAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,OAAO,OAAO,CAAC;AAAA,EACxE;AAEA,QAAM,SAAS,MAAM,qBAAqB,oBAAoB,WAAW,eAAe;AAAA,IACtF,UAAU,WAAW,YAAY;AAAA,IACjC,gBAAgB,WAAW,kBAAkB;AAAA,EAC/C,CAAC;AACD,MAAI;AACJ,MAAI;AACF,UAAM,SAAS,MAAM,OAAO,KAAK,WAAW,eAAe,WAAW,WAAW;AACjF,aAAS,OAAO;AAAA,EAClB,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,OAAO,qBAAqB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC3E;AAEA,QAAM,MAAM,IAAI,IAAI,IAAI,GAAG;AAC3B,QAAM,gBAAgB,IAAI,aAAa,IAAI,UAAU,MAAM;AAC3D,QAAM,eAAe,CAAC,iBAAiB,0BAA0B,WAAW,QAAQ;AACpF,QAAM,UAAkC;AAAA,IACtC,iBAAiB,UAAU,WACvB,0BACA;AAAA,IACJ,2BAA2B;AAAA,IAC3B,gBAAgB,eACZ,WAAW,YAAY,6BACvB;AAAA,IACJ,uBAAuB;AAAA,MACrB,WAAW;AAAA,MACX,eAAe,WAAW;AAAA,IAC5B;AAAA,IACA,0BAA0B;AAAA,EAC5B;AACA,MAAI,WAAW,WAAW,GAAG;AAC3B,YAAQ,gBAAgB,IAAI,OAAO,WAAW,QAAQ;AAAA,EACxD;AAEA,QAAM,eAAe,IAAI,WAAW,MAAM;AAE1C,SAAO,IAAI,aAAa,cAAc,EAAE,QAAQ,KAAK,QAAQ,CAAC;AAChE;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aACE;AAAA,MACF,WAAW;AAAA,QACT;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ,EAAE,IAAI,EAAE,SAAS,qBAAqB;AAAA,QAChD;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,QACN;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ;AAAA,QACV;AAAA,QACA;AAAA,UACE,QAAQ;AAAA,UACR,aACE;AAAA,UACF,QAAQ;AAAA,QACV;AAAA,QACA;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ;AAAA,QACV;AAAA,QACA;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ;AAAA,QACV;AAAA,QACA;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ;AAAA,QACV;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
|
@@ -10,7 +10,7 @@ import {
|
|
|
10
10
|
writeThumbnailCache
|
|
11
11
|
} from "@open-mercato/core/modules/attachments/lib/thumbnailCache";
|
|
12
12
|
import { canRenderInlineAttachment } from "@open-mercato/core/modules/attachments/lib/security";
|
|
13
|
-
import { checkAttachmentAccess } from "@open-mercato/core/modules/attachments/lib/access";
|
|
13
|
+
import { checkAttachmentAccess, isSuperAdminAuth } from "@open-mercato/core/modules/attachments/lib/access";
|
|
14
14
|
import { attachmentsTag, attachmentErrorSchema } from "../../../openapi.js";
|
|
15
15
|
import {
|
|
16
16
|
MAX_IMAGE_SOURCE_PIXELS,
|
|
@@ -42,9 +42,12 @@ async function GET(req, context) {
|
|
|
42
42
|
const { resolve } = await createRequestContainer();
|
|
43
43
|
const em = resolve("em");
|
|
44
44
|
const storageDriverFactory = resolve("storageDriverFactory") ?? new StorageDriverFactory(em);
|
|
45
|
-
const
|
|
46
|
-
|
|
47
|
-
|
|
45
|
+
const findFilter = { id };
|
|
46
|
+
if (auth && !isSuperAdminAuth(auth)) {
|
|
47
|
+
if (auth.tenantId) findFilter.tenantId = auth.tenantId;
|
|
48
|
+
if (auth.orgId) findFilter.organizationId = auth.orgId;
|
|
49
|
+
}
|
|
50
|
+
const attachment = await em.findOne(Attachment, findFilter);
|
|
48
51
|
if (!attachment) {
|
|
49
52
|
return NextResponse.json({ error: "Not found" }, { status: 404 });
|
|
50
53
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../../../../src/modules/attachments/api/image/%5Bid%5D/%5B%5B...slug%5D%5D/route.ts"],
|
|
4
|
-
"sourcesContent": ["import { NextRequest, NextResponse } from 'next/server'\nimport sharp from 'sharp'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { Attachment, AttachmentPartition } from '@open-mercato/core/modules/attachments/data/entities'\nimport {\n buildThumbnailCacheKey,\n readThumbnailCache,\n writeThumbnailCache,\n} from '@open-mercato/core/modules/attachments/lib/thumbnailCache'\nimport { canRenderInlineAttachment } from '@open-mercato/core/modules/attachments/lib/security'\nimport { checkAttachmentAccess } from '@open-mercato/core/modules/attachments/lib/access'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { attachmentsTag, imageQuerySchema, attachmentErrorSchema } from '../../../openapi'\nimport {\n MAX_IMAGE_SOURCE_PIXELS,\n validateImageDimensions,\n validateImageMagicBytes,\n} from '@open-mercato/core/modules/attachments/lib/imageSafety'\nimport { StorageDriverFactory } from '../../../../lib/drivers'\n\nconst querySchema = z.object({\n width: z.coerce.number().int().min(1).max(4000).optional(),\n height: z.coerce.number().int().min(1).max(4000).optional(),\n cropType: z.enum(['cover', 'contain']).optional(),\n})\n\nexport const metadata = {\n GET: { requireAuth: false },\n}\n\nexport async function GET(\n req: NextRequest,\n context: { params: Promise<{ id: string; slug?: string[] | undefined }> }\n) {\n const auth = await getAuthFromRequest(req)\n const { id } = await context.params\n if (!id) {\n return NextResponse.json({ error: 'Attachment id is required' }, { status: 400 })\n }\n const parsedQuery = querySchema.safeParse(\n Object.fromEntries(new URL(req.url).searchParams.entries())\n )\n if (!parsedQuery.success) {\n return NextResponse.json({ error: 'Invalid size parameters' }, { status: 400 })\n }\n const { width, height, cropType } = parsedQuery.data\n\n const { resolve } = await createRequestContainer()\n const em = resolve('em') as EntityManager\n const storageDriverFactory =\n (resolve('storageDriverFactory') as StorageDriverFactory | null) ?? new StorageDriverFactory(em)\n\n const attachment = await em.findOne(Attachment,
|
|
5
|
-
"mappings": "AAAA,SAAsB,oBAAoB;AAC1C,OAAO,WAAW;AAClB,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AACvC,SAAS,YAAY,2BAA2B;AAChD;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,iCAAiC;AAC1C,SAAS,
|
|
4
|
+
"sourcesContent": ["import { NextRequest, NextResponse } from 'next/server'\nimport sharp from 'sharp'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport { Attachment, AttachmentPartition } from '@open-mercato/core/modules/attachments/data/entities'\nimport {\n buildThumbnailCacheKey,\n readThumbnailCache,\n writeThumbnailCache,\n} from '@open-mercato/core/modules/attachments/lib/thumbnailCache'\nimport { canRenderInlineAttachment } from '@open-mercato/core/modules/attachments/lib/security'\nimport { checkAttachmentAccess, isSuperAdminAuth } from '@open-mercato/core/modules/attachments/lib/access'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport { attachmentsTag, imageQuerySchema, attachmentErrorSchema } from '../../../openapi'\nimport {\n MAX_IMAGE_SOURCE_PIXELS,\n validateImageDimensions,\n validateImageMagicBytes,\n} from '@open-mercato/core/modules/attachments/lib/imageSafety'\nimport { StorageDriverFactory } from '../../../../lib/drivers'\n\nconst querySchema = z.object({\n width: z.coerce.number().int().min(1).max(4000).optional(),\n height: z.coerce.number().int().min(1).max(4000).optional(),\n cropType: z.enum(['cover', 'contain']).optional(),\n})\n\nexport const metadata = {\n GET: { requireAuth: false },\n}\n\nexport async function GET(\n req: NextRequest,\n context: { params: Promise<{ id: string; slug?: string[] | undefined }> }\n) {\n const auth = await getAuthFromRequest(req)\n const { id } = await context.params\n if (!id) {\n return NextResponse.json({ error: 'Attachment id is required' }, { status: 400 })\n }\n const parsedQuery = querySchema.safeParse(\n Object.fromEntries(new URL(req.url).searchParams.entries())\n )\n if (!parsedQuery.success) {\n return NextResponse.json({ error: 'Invalid size parameters' }, { status: 400 })\n }\n const { width, height, cropType } = parsedQuery.data\n\n const { resolve } = await createRequestContainer()\n const em = resolve('em') as EntityManager\n const storageDriverFactory =\n (resolve('storageDriverFactory') as StorageDriverFactory | null) ?? new StorageDriverFactory(em)\n\n const findFilter: Record<string, unknown> = { id }\n if (auth && !isSuperAdminAuth(auth)) {\n if (auth.tenantId) findFilter.tenantId = auth.tenantId\n if (auth.orgId) findFilter.organizationId = auth.orgId\n }\n const attachment = await em.findOne(Attachment, findFilter)\n if (!attachment) {\n return NextResponse.json({ error: 'Not found' }, { status: 404 })\n }\n if (!canRenderInlineAttachment(attachment.mimeType)) {\n return NextResponse.json({ error: 'Unsupported media type' }, { status: 400 })\n }\n const partition = await em.findOne(AttachmentPartition, { code: attachment.partitionCode })\n if (!partition) {\n return NextResponse.json({ error: 'Partition misconfigured' }, { status: 500 })\n }\n const access = checkAttachmentAccess(auth, attachment, partition)\n if (!access.ok) {\n const message = access.status === 401 ? 'Unauthorized' : 'Forbidden'\n return NextResponse.json({ error: message }, { status: access.status })\n }\n\n const driver = await storageDriverFactory.resolveForPartition(attachment.partitionCode, {\n tenantId: attachment.tenantId ?? '',\n organizationId: attachment.organizationId ?? '',\n })\n const cacheKey = buildThumbnailCacheKey(width, height, cropType)\n try {\n let buffer: Buffer | null = null\n if (cacheKey) {\n buffer = await readThumbnailCache(attachment.partitionCode, attachment.id, cacheKey)\n }\n if (!buffer) {\n const { buffer: input } = await driver.read(attachment.partitionCode, attachment.storagePath)\n const magicBytesValidation = validateImageMagicBytes(input, attachment.mimeType)\n if (!magicBytesValidation.ok) {\n return NextResponse.json({ error: magicBytesValidation.error }, { status: magicBytesValidation.status })\n }\n\n const dimensionsValidation = await validateImageDimensions(input)\n if (!dimensionsValidation.ok) {\n return NextResponse.json({ error: dimensionsValidation.error }, { status: dimensionsValidation.status })\n }\n\n let transformer = sharp(input, {\n failOn: 'error',\n limitInputPixels: MAX_IMAGE_SOURCE_PIXELS,\n })\n if (width || height) {\n const resizeOptions: sharp.ResizeOptions = {\n width: width || undefined,\n height: height || undefined,\n fit: cropType === 'contain' ? 'contain' : 'cover',\n }\n if (cropType === 'contain') {\n resizeOptions.background = { r: 0, g: 0, b: 0, alpha: 0 }\n }\n transformer = transformer.resize(resizeOptions)\n }\n buffer = await transformer.toBuffer()\n if (cacheKey) {\n void writeThumbnailCache(attachment.partitionCode, attachment.id, cacheKey, buffer).catch((cacheError) => {\n console.error('attachments.image.cache.write failed', cacheError)\n })\n }\n }\n if (!buffer) {\n return NextResponse.json({ error: 'Failed to render image' }, { status: 500 })\n }\n const responseBody = new Uint8Array(buffer)\n\n return new NextResponse(responseBody, {\n headers: {\n 'Content-Type': attachment.mimeType || 'image/jpeg',\n 'Cache-Control': partition.isPublic ? 'public, max-age=3600' : 'private, max-age=60',\n 'X-Content-Type-Options': 'nosniff',\n },\n })\n } catch (error) {\n console.error('attachments.image.read failed', error)\n return NextResponse.json({ error: 'Failed to render image' }, { status: 500 })\n }\n}\n\nexport const openApi: OpenApiRouteDoc = {\n tag: attachmentsTag,\n summary: 'Serve resized images',\n methods: {\n GET: {\n summary: 'Serve image with optional resizing',\n description: 'Returns an image attachment with optional on-the-fly resizing and cropping. Resized images are cached for performance. Only works with image MIME types. Path parameter: {id} - Attachment UUID. Query parameters: ?width=N (1-4000 pixels), ?height=N (1-4000 pixels), ?cropType=cover|contain (resize behavior).',\n responses: [\n {\n status: 200,\n description: 'Binary image content (Content-Type: image/jpeg, image/png, etc.)',\n schema: z.any().describe('Binary image content - actual Content-Type header set to image MIME type, not application/json'),\n },\n ],\n errors: [\n { status: 400, description: 'Invalid parameters, missing ID, or non-image attachment', schema: attachmentErrorSchema },\n { status: 401, description: 'Unauthorized - authentication required for private partitions', schema: attachmentErrorSchema },\n { status: 403, description: 'Forbidden - insufficient permissions', schema: attachmentErrorSchema },\n { status: 404, description: 'Image not found', schema: attachmentErrorSchema },\n { status: 500, description: 'Partition misconfigured or image rendering failed', schema: attachmentErrorSchema },\n ],\n },\n },\n}\n"],
|
|
5
|
+
"mappings": "AAAA,SAAsB,oBAAoB;AAC1C,OAAO,WAAW;AAClB,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AACvC,SAAS,YAAY,2BAA2B;AAChD;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,iCAAiC;AAC1C,SAAS,uBAAuB,wBAAwB;AAExD,SAAS,gBAAkC,6BAA6B;AACxE;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,4BAA4B;AAErC,MAAM,cAAc,EAAE,OAAO;AAAA,EAC3B,OAAO,EAAE,OAAO,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAI,EAAE,SAAS;AAAA,EACzD,QAAQ,EAAE,OAAO,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,GAAI,EAAE,SAAS;AAAA,EAC1D,UAAU,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAE,SAAS;AAClD,CAAC;AAEM,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,MAAM;AAC5B;AAEA,eAAsB,IACpB,KACA,SACA;AACA,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,QAAM,EAAE,GAAG,IAAI,MAAM,QAAQ;AAC7B,MAAI,CAAC,IAAI;AACP,WAAO,aAAa,KAAK,EAAE,OAAO,4BAA4B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClF;AACA,QAAM,cAAc,YAAY;AAAA,IAC9B,OAAO,YAAY,IAAI,IAAI,IAAI,GAAG,EAAE,aAAa,QAAQ,CAAC;AAAA,EAC5D;AACA,MAAI,CAAC,YAAY,SAAS;AACxB,WAAO,aAAa,KAAK,EAAE,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAChF;AACA,QAAM,EAAE,OAAO,QAAQ,SAAS,IAAI,YAAY;AAEhD,QAAM,EAAE,QAAQ,IAAI,MAAM,uBAAuB;AACjD,QAAM,KAAK,QAAQ,IAAI;AACvB,QAAM,uBACH,QAAQ,sBAAsB,KAAqC,IAAI,qBAAqB,EAAE;AAEjG,QAAM,aAAsC,EAAE,GAAG;AACjD,MAAI,QAAQ,CAAC,iBAAiB,IAAI,GAAG;AACnC,QAAI,KAAK,SAAU,YAAW,WAAW,KAAK;AAC9C,QAAI,KAAK,MAAO,YAAW,iBAAiB,KAAK;AAAA,EACnD;AACA,QAAM,aAAa,MAAM,GAAG,QAAQ,YAAY,UAAU;AAC1D,MAAI,CAAC,YAAY;AACf,WAAO,aAAa,KAAK,EAAE,OAAO,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAClE;AACA,MAAI,CAAC,0BAA0B,WAAW,QAAQ,GAAG;AACnD,WAAO,aAAa,KAAK,EAAE,OAAO,yBAAyB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC/E;AACA,QAAM,YAAY,MAAM,GAAG,QAAQ,qBAAqB,EAAE,MAAM,WAAW,cAAc,CAAC;AAC1F,MAAI,CAAC,WAAW;AACd,WAAO,aAAa,KAAK,EAAE,OAAO,0BAA0B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAChF;AACA,QAAM,SAAS,sBAAsB,MAAM,YAAY,SAAS;AAChE,MAAI,CAAC,OAAO,IAAI;AACd,UAAM,UAAU,OAAO,WAAW,MAAM,iBAAiB;AACzD,WAAO,aAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,QAAQ,OAAO,OAAO,CAAC;AAAA,EACxE;AAEA,QAAM,SAAS,MAAM,qBAAqB,oBAAoB,WAAW,eAAe;AAAA,IACtF,UAAU,WAAW,YAAY;AAAA,IACjC,gBAAgB,WAAW,kBAAkB;AAAA,EAC/C,CAAC;AACD,QAAM,WAAW,uBAAuB,OAAO,QAAQ,QAAQ;AAC/D,MAAI;AACF,QAAI,SAAwB;AAC5B,QAAI,UAAU;AACZ,eAAS,MAAM,mBAAmB,WAAW,eAAe,WAAW,IAAI,QAAQ;AAAA,IACrF;AACA,QAAI,CAAC,QAAQ;AACX,YAAM,EAAE,QAAQ,MAAM,IAAI,MAAM,OAAO,KAAK,WAAW,eAAe,WAAW,WAAW;AAC5F,YAAM,uBAAuB,wBAAwB,OAAO,WAAW,QAAQ;AAC/E,UAAI,CAAC,qBAAqB,IAAI;AAC5B,eAAO,aAAa,KAAK,EAAE,OAAO,qBAAqB,MAAM,GAAG,EAAE,QAAQ,qBAAqB,OAAO,CAAC;AAAA,MACzG;AAEA,YAAM,uBAAuB,MAAM,wBAAwB,KAAK;AAChE,UAAI,CAAC,qBAAqB,IAAI;AAC5B,eAAO,aAAa,KAAK,EAAE,OAAO,qBAAqB,MAAM,GAAG,EAAE,QAAQ,qBAAqB,OAAO,CAAC;AAAA,MACzG;AAEA,UAAI,cAAc,MAAM,OAAO;AAAA,QAC7B,QAAQ;AAAA,QACR,kBAAkB;AAAA,MACpB,CAAC;AACD,UAAI,SAAS,QAAQ;AACnB,cAAM,gBAAqC;AAAA,UACzC,OAAO,SAAS;AAAA,UAChB,QAAQ,UAAU;AAAA,UAClB,KAAK,aAAa,YAAY,YAAY;AAAA,QAC5C;AACA,YAAI,aAAa,WAAW;AAC1B,wBAAc,aAAa,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,OAAO,EAAE;AAAA,QAC1D;AACA,sBAAc,YAAY,OAAO,aAAa;AAAA,MAChD;AACA,eAAS,MAAM,YAAY,SAAS;AACpC,UAAI,UAAU;AACZ,aAAK,oBAAoB,WAAW,eAAe,WAAW,IAAI,UAAU,MAAM,EAAE,MAAM,CAAC,eAAe;AACxG,kBAAQ,MAAM,wCAAwC,UAAU;AAAA,QAClE,CAAC;AAAA,MACH;AAAA,IACF;AACA,QAAI,CAAC,QAAQ;AACX,aAAO,aAAa,KAAK,EAAE,OAAO,yBAAyB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC/E;AACA,UAAM,eAAe,IAAI,WAAW,MAAM;AAE1C,WAAO,IAAI,aAAa,cAAc;AAAA,MACpC,SAAS;AAAA,QACP,gBAAgB,WAAW,YAAY;AAAA,QACvC,iBAAiB,UAAU,WAAW,yBAAyB;AAAA,QAC/D,0BAA0B;AAAA,MAC5B;AAAA,IACF,CAAC;AAAA,EACH,SAAS,OAAO;AACd,YAAQ,MAAM,iCAAiC,KAAK;AACpD,WAAO,aAAa,KAAK,EAAE,OAAO,yBAAyB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC/E;AACF;AAEO,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aAAa;AAAA,MACb,WAAW;AAAA,QACT;AAAA,UACE,QAAQ;AAAA,UACR,aAAa;AAAA,UACb,QAAQ,EAAE,IAAI,EAAE,SAAS,gGAAgG;AAAA,QAC3H;AAAA,MACF;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,2DAA2D,QAAQ,sBAAsB;AAAA,QACrH,EAAE,QAAQ,KAAK,aAAa,iEAAiE,QAAQ,sBAAsB;AAAA,QAC3H,EAAE,QAAQ,KAAK,aAAa,wCAAwC,QAAQ,sBAAsB;AAAA,QAClG,EAAE,QAAQ,KAAK,aAAa,mBAAmB,QAAQ,sBAAsB;AAAA,QAC7E,EAAE,QAAQ,KAAK,aAAa,qDAAqD,QAAQ,sBAAsB;AAAA,MACjH;AAAA,IACF;AAAA,EACF;AACF;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
|
@@ -18,33 +18,151 @@ const NON_CORE_RETENTION_HOURS = toPositiveNumber(process.env.AUDIT_LOGS_NON_COR
|
|
|
18
18
|
const CORE_RETENTION_MS = CORE_RETENTION_DAYS * 24 * 60 * 60 * 1e3;
|
|
19
19
|
const NON_CORE_RETENTION_MS = NON_CORE_RETENTION_HOURS * 60 * 60 * 1e3;
|
|
20
20
|
const UUID_REGEX = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/;
|
|
21
|
+
const MAX_BATCH_ROWS = 500;
|
|
21
22
|
let validationWarningLogged = false;
|
|
22
23
|
let runtimeValidationAvailable = null;
|
|
24
|
+
const pendingAccessLogWrites = /* @__PURE__ */ new Set();
|
|
25
|
+
function trackPendingAccessLogWrite(promise) {
|
|
26
|
+
pendingAccessLogWrites.add(promise);
|
|
27
|
+
promise.catch(() => void 0).finally(() => {
|
|
28
|
+
pendingAccessLogWrites.delete(promise);
|
|
29
|
+
});
|
|
30
|
+
return promise;
|
|
31
|
+
}
|
|
32
|
+
async function flushAccessLog() {
|
|
33
|
+
while (pendingAccessLogWrites.size > 0) {
|
|
34
|
+
const snapshot = Array.from(pendingAccessLogWrites);
|
|
35
|
+
await Promise.allSettled(snapshot);
|
|
36
|
+
}
|
|
37
|
+
}
|
|
23
38
|
const isZodRuntimeMissing = (err) => err instanceof TypeError && typeof err.message === "string" && err.message.includes("_zod");
|
|
39
|
+
function serializeJsonColumn(value) {
|
|
40
|
+
if (value === null || value === void 0) return null;
|
|
41
|
+
if (typeof value === "string") {
|
|
42
|
+
try {
|
|
43
|
+
JSON.parse(value);
|
|
44
|
+
return value;
|
|
45
|
+
} catch {
|
|
46
|
+
return JSON.stringify(value);
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
try {
|
|
50
|
+
return JSON.stringify(value);
|
|
51
|
+
} catch {
|
|
52
|
+
return null;
|
|
53
|
+
}
|
|
54
|
+
}
|
|
24
55
|
class AccessLogService {
|
|
25
56
|
constructor(em) {
|
|
26
57
|
this.em = em;
|
|
27
58
|
}
|
|
28
59
|
async log(input) {
|
|
29
|
-
|
|
60
|
+
const promise = this.logInternal(input);
|
|
61
|
+
return trackPendingAccessLogWrite(promise);
|
|
62
|
+
}
|
|
63
|
+
async logMany(inputs) {
|
|
64
|
+
if (!Array.isArray(inputs) || inputs.length === 0) return 0;
|
|
65
|
+
const promise = this.logManyInternal(inputs);
|
|
66
|
+
return trackPendingAccessLogWrite(promise);
|
|
67
|
+
}
|
|
68
|
+
flush() {
|
|
69
|
+
return flushAccessLog();
|
|
70
|
+
}
|
|
71
|
+
async logManyInternal(inputs) {
|
|
72
|
+
const parsedResults = await Promise.all(inputs.map((input) => this.parseInput(input)));
|
|
73
|
+
const normalized = [];
|
|
74
|
+
for (const parsed of parsedResults) {
|
|
75
|
+
if (parsed) normalized.push(parsed);
|
|
76
|
+
}
|
|
77
|
+
if (!normalized.length) return 0;
|
|
78
|
+
let written = 0;
|
|
79
|
+
for (let offset = 0; offset < normalized.length; offset += MAX_BATCH_ROWS) {
|
|
80
|
+
const chunk = normalized.slice(offset, offset + MAX_BATCH_ROWS);
|
|
81
|
+
written += await this.writeChunk(chunk);
|
|
82
|
+
}
|
|
83
|
+
if (written > 0) {
|
|
84
|
+
const fork = this.em.fork({ useContext: true });
|
|
85
|
+
await this.rotate(fork);
|
|
86
|
+
}
|
|
87
|
+
return written;
|
|
88
|
+
}
|
|
89
|
+
async writeChunk(chunk) {
|
|
90
|
+
if (!chunk.length) return 0;
|
|
91
|
+
const fork = this.em.fork({ useContext: true });
|
|
92
|
+
const encryption = resolveTenantEncryptionService(fork);
|
|
93
|
+
const createdAt = /* @__PURE__ */ new Date();
|
|
94
|
+
const prepared = await Promise.all(
|
|
95
|
+
chunk.map(async (data) => {
|
|
96
|
+
const fields = Array.isArray(data.fields) && data.fields.length ? data.fields : null;
|
|
97
|
+
const context = data.context && Object.keys(data.context).length ? data.context : null;
|
|
98
|
+
const tenantId = data.tenantId ?? null;
|
|
99
|
+
const organizationId = data.organizationId ?? null;
|
|
100
|
+
const encrypted = encryption ? await encryption.encryptEntityPayload(
|
|
101
|
+
E.audit_logs.access_log,
|
|
102
|
+
{
|
|
103
|
+
resourceKind: data.resourceKind,
|
|
104
|
+
resourceId: data.resourceId,
|
|
105
|
+
accessType: data.accessType,
|
|
106
|
+
fieldsJson: fields,
|
|
107
|
+
contextJson: context
|
|
108
|
+
},
|
|
109
|
+
tenantId,
|
|
110
|
+
organizationId
|
|
111
|
+
) : null;
|
|
112
|
+
return { tenantId, organizationId, data, fields, context, encrypted };
|
|
113
|
+
})
|
|
114
|
+
);
|
|
115
|
+
const placeholders = [];
|
|
116
|
+
const params = [];
|
|
117
|
+
for (const row of prepared) {
|
|
118
|
+
const { tenantId, organizationId, data, fields, context, encrypted } = row;
|
|
119
|
+
const resourceKindOut = encrypted?.resourceKind ?? data.resourceKind;
|
|
120
|
+
const resourceIdOut = encrypted?.resourceId ?? data.resourceId;
|
|
121
|
+
const accessTypeOut = encrypted?.accessType ?? data.accessType;
|
|
122
|
+
const fieldsOut = encrypted?.fieldsJson ?? fields;
|
|
123
|
+
const contextOut = encrypted?.contextJson ?? context;
|
|
124
|
+
placeholders.push("(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
125
|
+
params.push(
|
|
126
|
+
tenantId,
|
|
127
|
+
organizationId,
|
|
128
|
+
data.actorUserId ?? null,
|
|
129
|
+
resourceKindOut,
|
|
130
|
+
resourceIdOut,
|
|
131
|
+
accessTypeOut,
|
|
132
|
+
serializeJsonColumn(fieldsOut),
|
|
133
|
+
serializeJsonColumn(contextOut),
|
|
134
|
+
createdAt,
|
|
135
|
+
null
|
|
136
|
+
);
|
|
137
|
+
}
|
|
138
|
+
if (!placeholders.length) return 0;
|
|
139
|
+
const sql = `insert into "access_logs" ("tenant_id", "organization_id", "actor_user_id", "resource_kind", "resource_id", "access_type", "fields_json", "context_json", "created_at", "deleted_at") values ${placeholders.join(", ")}`;
|
|
140
|
+
await fork.getConnection().execute(sql, params);
|
|
141
|
+
return chunk.length;
|
|
142
|
+
}
|
|
143
|
+
async parseInput(input) {
|
|
30
144
|
const schema = accessLogCreateSchema;
|
|
31
145
|
const canValidate = Boolean(schema && typeof schema.parse === "function");
|
|
32
146
|
const shouldValidate = canValidate && runtimeValidationAvailable !== false;
|
|
33
147
|
if (shouldValidate) {
|
|
34
148
|
try {
|
|
35
|
-
data = schema.parse(input);
|
|
149
|
+
const data = schema.parse(input);
|
|
36
150
|
runtimeValidationAvailable = true;
|
|
151
|
+
return data;
|
|
37
152
|
} catch (err) {
|
|
38
153
|
if (!isZodRuntimeMissing(err) && !validationWarningLogged) {
|
|
39
154
|
validationWarningLogged = true;
|
|
40
155
|
console.warn("[audit_logs] falling back to permissive access log payload parser", err);
|
|
41
156
|
}
|
|
42
157
|
if (isZodRuntimeMissing(err)) runtimeValidationAvailable = false;
|
|
43
|
-
|
|
158
|
+
return this.normalizeInput(input);
|
|
44
159
|
}
|
|
45
|
-
} else {
|
|
46
|
-
data = this.normalizeInput(input);
|
|
47
160
|
}
|
|
161
|
+
return this.normalizeInput(input);
|
|
162
|
+
}
|
|
163
|
+
async logInternal(input) {
|
|
164
|
+
const data = await this.parseInput(input);
|
|
165
|
+
if (!data) return null;
|
|
48
166
|
const fork = this.em.fork({ useContext: true });
|
|
49
167
|
const fields = Array.isArray(data.fields) && data.fields.length ? data.fields : null;
|
|
50
168
|
const context = data.context && Object.keys(data.context).length ? data.context : null;
|
|
@@ -80,8 +198,8 @@ class AccessLogService {
|
|
|
80
198
|
payload.resourceKind,
|
|
81
199
|
payload.resourceId,
|
|
82
200
|
payload.accessType,
|
|
83
|
-
|
|
84
|
-
|
|
201
|
+
serializeJsonColumn(payload.fieldsJson),
|
|
202
|
+
serializeJsonColumn(payload.contextJson),
|
|
85
203
|
createdAt,
|
|
86
204
|
null
|
|
87
205
|
]
|
|
@@ -195,6 +313,7 @@ class AccessLogService {
|
|
|
195
313
|
}
|
|
196
314
|
}
|
|
197
315
|
export {
|
|
198
|
-
AccessLogService
|
|
316
|
+
AccessLogService,
|
|
317
|
+
flushAccessLog
|
|
199
318
|
};
|
|
200
319
|
//# sourceMappingURL=accessLogService.js.map
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/modules/audit_logs/services/accessLogService.ts"],
|
|
4
|
-
"sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport type { FilterQuery } from '@mikro-orm/core'\nimport { AccessLog } from '@open-mercato/core/modules/audit_logs/data/entities'\nimport {\n accessLogCreateSchema,\n accessLogListSchema,\n type AccessLogCreateInput,\n type AccessLogListQuery,\n} from '@open-mercato/core/modules/audit_logs/data/validators'\nimport { resolveTenantEncryptionService } from '@open-mercato/shared/lib/encryption/customFieldValues'\nimport { parseDecryptedFieldValue } from '@open-mercato/shared/lib/encryption/tenantDataEncryptionService'\nimport { E } from '#generated/entities.ids.generated'\n\nconst CORE_RESOURCE_KINDS = new Set<string>(['auth.user', 'auth.role'])\n\nfunction toPositiveNumber(value: string | undefined, fallback: number): number {\n if (!value) return fallback\n const parsed = Number(value)\n if (!Number.isFinite(parsed) || parsed <= 0) return fallback\n return parsed\n}\n\nconst CORE_RETENTION_DAYS = toPositiveNumber(process.env.AUDIT_LOGS_CORE_RETENTION_DAYS, 7)\nconst NON_CORE_RETENTION_HOURS = toPositiveNumber(process.env.AUDIT_LOGS_NON_CORE_RETENTION_HOURS, 8)\nconst CORE_RETENTION_MS = CORE_RETENTION_DAYS * 24 * 60 * 60 * 1000\nconst NON_CORE_RETENTION_MS = NON_CORE_RETENTION_HOURS * 60 * 60 * 1000\nconst UUID_REGEX = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/\n\nlet validationWarningLogged = false\nlet runtimeValidationAvailable: boolean | null = null\n\nconst isZodRuntimeMissing = (err: unknown) => err instanceof TypeError && typeof err.message === 'string' && err.message.includes('_zod')\n\nexport class AccessLogService {\n constructor(private readonly em: EntityManager) {}\n\n async log(input: AccessLogCreateInput): Promise<AccessLog | null> {\n let data: AccessLogCreateInput\n const schema = accessLogCreateSchema as typeof accessLogCreateSchema & { _zod?: unknown }\n const canValidate = Boolean(schema && typeof schema.parse === 'function')\n const shouldValidate = canValidate && runtimeValidationAvailable !== false\n if (shouldValidate) {\n try {\n data = schema.parse(input)\n runtimeValidationAvailable = true\n } catch (err) {\n if (!isZodRuntimeMissing(err) && !validationWarningLogged) {\n validationWarningLogged = true\n // eslint-disable-next-line no-console\n console.warn('[audit_logs] falling back to permissive access log payload parser', err)\n }\n if (isZodRuntimeMissing(err)) runtimeValidationAvailable = false\n data = this.normalizeInput(input)\n }\n } else {\n data = this.normalizeInput(input)\n }\n const fork = this.em.fork({ useContext: true })\n const fields = Array.isArray(data.fields) && data.fields.length ? data.fields : null\n const context = data.context && Object.keys(data.context).length ? data.context : null\n const createdAt = new Date()\n const tenantId = data.tenantId ?? null\n const organizationId = data.organizationId ?? null\n\n type AccessLogEncryptedFields = {\n resourceKind?: unknown\n resourceId?: unknown\n accessType?: unknown\n fieldsJson?: unknown\n contextJson?: unknown\n }\n const encryption = resolveTenantEncryptionService(fork as any)\n const encrypted = encryption\n ? ((await encryption.encryptEntityPayload(\n E.audit_logs.access_log,\n {\n resourceKind: data.resourceKind,\n resourceId: data.resourceId,\n accessType: data.accessType,\n fieldsJson: fields,\n contextJson: context,\n },\n tenantId,\n organizationId,\n )) as AccessLogEncryptedFields)\n : null\n\n const payload = {\n resourceKind: encrypted?.resourceKind ?? data.resourceKind,\n resourceId: encrypted?.resourceId ?? data.resourceId,\n accessType: encrypted?.accessType ?? data.accessType,\n fieldsJson: encrypted?.fieldsJson ?? fields,\n contextJson: encrypted?.contextJson ?? context,\n }\n\n const rows = await fork.getConnection().execute(\n `insert into \"access_logs\" (\"tenant_id\", \"organization_id\", \"actor_user_id\", \"resource_kind\", \"resource_id\", \"access_type\", \"fields_json\", \"context_json\", \"created_at\", \"deleted_at\") values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?) returning \"id\"`,\n [\n tenantId,\n organizationId,\n data.actorUserId ?? null,\n payload.resourceKind,\n payload.resourceId,\n payload.accessType,\n payload.fieldsJson !== null && payload.fieldsJson !== undefined ? JSON.stringify(payload.fieldsJson) : null,\n payload.contextJson !== null && payload.contextJson !== undefined ? JSON.stringify(payload.contextJson) : null,\n createdAt,\n null,\n ],\n )\n await this.rotate(fork)\n const id = Array.isArray(rows) && rows.length > 0 ? rows[0]?.id ?? null : null\n if (!id) return null\n const entry = fork.create(AccessLog, {\n id,\n tenantId: data.tenantId ?? null,\n organizationId: data.organizationId ?? null,\n actorUserId: data.actorUserId ?? null,\n resourceKind: data.resourceKind,\n resourceId: data.resourceId,\n accessType: data.accessType,\n fieldsJson: fields,\n contextJson: context,\n createdAt,\n })\n return entry\n }\n\n private normalizeInput(input: Partial<AccessLogCreateInput> | null | undefined): AccessLogCreateInput {\n if (!input) {\n return {\n tenantId: null,\n organizationId: null,\n actorUserId: null,\n resourceKind: 'unknown',\n resourceId: 'unknown',\n accessType: 'unknown',\n fields: undefined,\n context: undefined,\n }\n }\n const UUID_REGEX = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/\n const toNullableUuid = (value: unknown) => {\n if (typeof value !== 'string' || value.length === 0) return null\n const candidate = value.startsWith('api_key:') ? value.slice('api_key:'.length) : value\n return UUID_REGEX.test(candidate) ? candidate : null\n }\n const fields = Array.isArray(input.fields)\n ? input.fields.filter((f): f is string => typeof f === 'string' && f.length > 0)\n : undefined\n const context = typeof input.context === 'object' && input.context !== null\n ? input.context as Record<string, unknown>\n : undefined\n return {\n tenantId: toNullableUuid(input.tenantId),\n organizationId: toNullableUuid(input.organizationId),\n actorUserId: toNullableUuid(input.actorUserId),\n resourceKind: String(input.resourceKind || 'unknown'),\n resourceId: String(input.resourceId || 'unknown'),\n accessType: String(input.accessType || 'unknown'),\n fields,\n context,\n }\n }\n\n async list(query: Partial<AccessLogListQuery>) {\n const parsed = accessLogListSchema.parse({\n ...query,\n })\n\n const where: FilterQuery<AccessLog> = { deletedAt: null }\n if (parsed.tenantId) where.tenantId = parsed.tenantId\n if (parsed.organizationId) where.organizationId = parsed.organizationId\n if (parsed.actorUserId) where.actorUserId = parsed.actorUserId\n if (parsed.resourceKind) where.resourceKind = parsed.resourceKind\n if (parsed.accessType) where.accessType = parsed.accessType\n if (parsed.before) where.createdAt = { ...(where.createdAt as Record<string, any> | undefined), $lt: parsed.before } as any\n if (parsed.after) where.createdAt = { ...(where.createdAt as Record<string, any> | undefined), $gt: parsed.after } as any\n\n const pageSize = parsed.pageSize ?? parsed.limit ?? 50\n const page = parsed.page ?? 1\n const offset = (page - 1) * pageSize\n\n const [items, total] = await this.em.findAndCount(\n AccessLog,\n where,\n {\n orderBy: { createdAt: 'desc' },\n limit: pageSize,\n offset,\n },\n )\n\n // Encrypted jsonb columns (`fields_json`, `context_json`) come back as raw\n // JSON strings from the encryption subscriber after issue #1810 follow-up\n // (entity-field decryption no longer auto-parses). Restore the structured\n // shape on read so API consumers see typed objects/arrays.\n for (const item of items) {\n const rawFieldsJson = (item as { fieldsJson?: unknown }).fieldsJson\n if (typeof rawFieldsJson === 'string') {\n const parsed = parseDecryptedFieldValue(rawFieldsJson)\n item.fieldsJson = Array.isArray(parsed) ? (parsed as string[]) : null\n }\n const rawContextJson = (item as { contextJson?: unknown }).contextJson\n if (typeof rawContextJson === 'string') {\n const parsed = parseDecryptedFieldValue(rawContextJson)\n item.contextJson = parsed && typeof parsed === 'object' && !Array.isArray(parsed)\n ? (parsed as Record<string, unknown>)\n : null\n }\n }\n\n const totalPages = Math.max(1, Math.ceil((total || 0) / (pageSize || 1)))\n return { items, total, page, pageSize, totalPages }\n }\n\n private async rotate(fork: EntityManager) {\n const now = Date.now()\n const coreCutoff = new Date(now - CORE_RETENTION_MS)\n const nonCoreCutoff = new Date(now - NON_CORE_RETENTION_MS)\n try {\n if (CORE_RESOURCE_KINDS.size > 0) {\n await fork.nativeDelete(AccessLog, {\n resourceKind: { $in: Array.from(CORE_RESOURCE_KINDS) },\n createdAt: { $lt: coreCutoff },\n })\n }\n await fork.nativeDelete(AccessLog, {\n resourceKind: { $nin: Array.from(CORE_RESOURCE_KINDS) },\n createdAt: { $lt: nonCoreCutoff },\n })\n } catch (err) {\n // eslint-disable-next-line no-console\n console.warn('[audit_logs] failed to rotate access logs', err)\n }\n }\n}\n"],
|
|
5
|
-
"mappings": "AAEA,SAAS,iBAAiB;AAC1B;AAAA,EACE;AAAA,EACA;AAAA,OAGK;AACP,SAAS,sCAAsC;AAC/C,SAAS,gCAAgC;AACzC,SAAS,SAAS;AAElB,MAAM,sBAAsB,oBAAI,IAAY,CAAC,aAAa,WAAW,CAAC;AAEtE,SAAS,iBAAiB,OAA2B,UAA0B;AAC7E,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,SAAS,OAAO,KAAK;AAC3B,MAAI,CAAC,OAAO,SAAS,MAAM,KAAK,UAAU,EAAG,QAAO;AACpD,SAAO;AACT;AAEA,MAAM,sBAAsB,iBAAiB,QAAQ,IAAI,gCAAgC,CAAC;AAC1F,MAAM,2BAA2B,iBAAiB,QAAQ,IAAI,qCAAqC,CAAC;AACpG,MAAM,oBAAoB,sBAAsB,KAAK,KAAK,KAAK;AAC/D,MAAM,wBAAwB,2BAA2B,KAAK,KAAK;AACnE,MAAM,aAAa;
|
|
4
|
+
"sourcesContent": ["import type { EntityManager } from '@mikro-orm/postgresql'\nimport type { FilterQuery } from '@mikro-orm/core'\nimport { AccessLog } from '@open-mercato/core/modules/audit_logs/data/entities'\nimport {\n accessLogCreateSchema,\n accessLogListSchema,\n type AccessLogCreateInput,\n type AccessLogListQuery,\n} from '@open-mercato/core/modules/audit_logs/data/validators'\nimport { resolveTenantEncryptionService } from '@open-mercato/shared/lib/encryption/customFieldValues'\nimport { parseDecryptedFieldValue } from '@open-mercato/shared/lib/encryption/tenantDataEncryptionService'\nimport { E } from '#generated/entities.ids.generated'\n\nconst CORE_RESOURCE_KINDS = new Set<string>(['auth.user', 'auth.role'])\n\nfunction toPositiveNumber(value: string | undefined, fallback: number): number {\n if (!value) return fallback\n const parsed = Number(value)\n if (!Number.isFinite(parsed) || parsed <= 0) return fallback\n return parsed\n}\n\nconst CORE_RETENTION_DAYS = toPositiveNumber(process.env.AUDIT_LOGS_CORE_RETENTION_DAYS, 7)\nconst NON_CORE_RETENTION_HOURS = toPositiveNumber(process.env.AUDIT_LOGS_NON_CORE_RETENTION_HOURS, 8)\nconst CORE_RETENTION_MS = CORE_RETENTION_DAYS * 24 * 60 * 60 * 1000\nconst NON_CORE_RETENTION_MS = NON_CORE_RETENTION_HOURS * 60 * 60 * 1000\nconst UUID_REGEX = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/\n// Postgres has a hard limit of 65k bind parameters per statement. Each access\n// log row uses 10 bind values (see INSERT below), so 500 rows \u00D7 10 = 5 000\n// parameters \u2014 well below the limit while keeping memory bounded.\nconst MAX_BATCH_ROWS = 500\n\nlet validationWarningLogged = false\nlet runtimeValidationAvailable: boolean | null = null\n\n// Module-level registry of in-flight access-log writes. Both `log` and\n// `logMany` opt every promise they kick off into this set so that\n// `flushAccessLog()` can drain them. This is what makes the new\n// fire-and-forget CRUD path safe for test code that asserts on `access_logs`\n// rows immediately after a response \u2014 the integration harness defaults to\n// blocking via `OM_CRUD_ACCESS_LOG_BLOCKING=1`, and direct callers can opt\n// in to draining explicitly via `flushAccessLog()`.\nconst pendingAccessLogWrites = new Set<Promise<unknown>>()\n\nfunction trackPendingAccessLogWrite<T>(promise: Promise<T>): Promise<T> {\n pendingAccessLogWrites.add(promise as unknown as Promise<unknown>)\n promise\n .catch(() => undefined)\n .finally(() => {\n pendingAccessLogWrites.delete(promise as unknown as Promise<unknown>)\n })\n return promise\n}\n\nexport async function flushAccessLog(): Promise<void> {\n while (pendingAccessLogWrites.size > 0) {\n const snapshot = Array.from(pendingAccessLogWrites)\n await Promise.allSettled(snapshot)\n }\n}\n\nconst isZodRuntimeMissing = (err: unknown) => err instanceof TypeError && typeof err.message === 'string' && err.message.includes('_zod')\n\ntype RawEncryptedFields = {\n resourceKind?: unknown\n resourceId?: unknown\n accessType?: unknown\n fieldsJson?: unknown\n contextJson?: unknown\n}\n\nfunction serializeJsonColumn(value: unknown): string | null {\n if (value === null || value === undefined) return null\n if (typeof value === 'string') {\n try {\n JSON.parse(value)\n return value\n } catch {\n return JSON.stringify(value)\n }\n }\n try {\n return JSON.stringify(value)\n } catch {\n return null\n }\n}\n\nexport class AccessLogService {\n constructor(private readonly em: EntityManager) {}\n\n async log(input: AccessLogCreateInput): Promise<AccessLog | null> {\n const promise = this.logInternal(input)\n return trackPendingAccessLogWrite(promise)\n }\n\n async logMany(inputs: AccessLogCreateInput[]): Promise<number> {\n if (!Array.isArray(inputs) || inputs.length === 0) return 0\n const promise = this.logManyInternal(inputs)\n return trackPendingAccessLogWrite(promise)\n }\n\n flush(): Promise<void> {\n return flushAccessLog()\n }\n\n private async logManyInternal(inputs: AccessLogCreateInput[]): Promise<number> {\n // Parsing in parallel matches the legacy fan-out `Promise.all(map(...service.log()))`\n // path's wall-clock; the previous sequential loop made batched writes slower than\n // un-batched on tenants with encryption enabled and pushed UI integration tests\n // over their dialog-stability budget.\n const parsedResults = await Promise.all(inputs.map((input) => this.parseInput(input)))\n const normalized: AccessLogCreateInput[] = []\n for (const parsed of parsedResults) {\n if (parsed) normalized.push(parsed)\n }\n if (!normalized.length) return 0\n\n let written = 0\n for (let offset = 0; offset < normalized.length; offset += MAX_BATCH_ROWS) {\n const chunk = normalized.slice(offset, offset + MAX_BATCH_ROWS)\n written += await this.writeChunk(chunk)\n }\n if (written > 0) {\n const fork = this.em.fork({ useContext: true })\n await this.rotate(fork)\n }\n return written\n }\n\n private async writeChunk(chunk: AccessLogCreateInput[]): Promise<number> {\n if (!chunk.length) return 0\n const fork = this.em.fork({ useContext: true })\n const encryption = resolveTenantEncryptionService(fork as any)\n const createdAt = new Date()\n\n // Encrypt every row in parallel so encryption-enabled tenants do not pay\n // the N-rows \u00D7 per-row latency penalty that the previous sequential\n // for-of loop introduced. The legacy `service.log()` fan-out resolved\n // its 50 encryption calls concurrently via `Promise.all`; preserve that\n // characteristic here so the batched single-INSERT path is strictly\n // faster than the legacy parallel-INSERTs path.\n type PreparedRow = {\n tenantId: string | null\n organizationId: string | null\n data: AccessLogCreateInput\n fields: unknown[] | null\n context: Record<string, unknown> | null\n encrypted: RawEncryptedFields | null\n }\n const prepared: PreparedRow[] = await Promise.all(\n chunk.map(async (data) => {\n const fields = Array.isArray(data.fields) && data.fields.length ? data.fields : null\n const context = data.context && Object.keys(data.context).length ? data.context : null\n const tenantId = data.tenantId ?? null\n const organizationId = data.organizationId ?? null\n const encrypted = encryption\n ? ((await encryption.encryptEntityPayload(\n E.audit_logs.access_log,\n {\n resourceKind: data.resourceKind,\n resourceId: data.resourceId,\n accessType: data.accessType,\n fieldsJson: fields,\n contextJson: context,\n },\n tenantId,\n organizationId,\n )) as RawEncryptedFields)\n : null\n return { tenantId, organizationId, data, fields, context, encrypted }\n }),\n )\n\n const placeholders: string[] = []\n const params: unknown[] = []\n for (const row of prepared) {\n const { tenantId, organizationId, data, fields, context, encrypted } = row\n const resourceKindOut = encrypted?.resourceKind ?? data.resourceKind\n const resourceIdOut = encrypted?.resourceId ?? data.resourceId\n const accessTypeOut = encrypted?.accessType ?? data.accessType\n const fieldsOut = encrypted?.fieldsJson ?? fields\n const contextOut = encrypted?.contextJson ?? context\n placeholders.push('(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)')\n params.push(\n tenantId,\n organizationId,\n data.actorUserId ?? null,\n resourceKindOut,\n resourceIdOut,\n accessTypeOut,\n serializeJsonColumn(fieldsOut),\n serializeJsonColumn(contextOut),\n createdAt,\n null,\n )\n }\n if (!placeholders.length) return 0\n const sql = `insert into \"access_logs\" (\"tenant_id\", \"organization_id\", \"actor_user_id\", \"resource_kind\", \"resource_id\", \"access_type\", \"fields_json\", \"context_json\", \"created_at\", \"deleted_at\") values ${placeholders.join(', ')}`\n await fork.getConnection().execute(sql, params)\n return chunk.length\n }\n\n private async parseInput(input: AccessLogCreateInput): Promise<AccessLogCreateInput | null> {\n const schema = accessLogCreateSchema as typeof accessLogCreateSchema & { _zod?: unknown }\n const canValidate = Boolean(schema && typeof schema.parse === 'function')\n const shouldValidate = canValidate && runtimeValidationAvailable !== false\n if (shouldValidate) {\n try {\n const data = schema.parse(input)\n runtimeValidationAvailable = true\n return data\n } catch (err) {\n if (!isZodRuntimeMissing(err) && !validationWarningLogged) {\n validationWarningLogged = true\n // eslint-disable-next-line no-console\n console.warn('[audit_logs] falling back to permissive access log payload parser', err)\n }\n if (isZodRuntimeMissing(err)) runtimeValidationAvailable = false\n return this.normalizeInput(input)\n }\n }\n return this.normalizeInput(input)\n }\n\n private async logInternal(input: AccessLogCreateInput): Promise<AccessLog | null> {\n const data = await this.parseInput(input)\n if (!data) return null\n const fork = this.em.fork({ useContext: true })\n const fields = Array.isArray(data.fields) && data.fields.length ? data.fields : null\n const context = data.context && Object.keys(data.context).length ? data.context : null\n const createdAt = new Date()\n const tenantId = data.tenantId ?? null\n const organizationId = data.organizationId ?? null\n\n const encryption = resolveTenantEncryptionService(fork as any)\n const encrypted = encryption\n ? ((await encryption.encryptEntityPayload(\n E.audit_logs.access_log,\n {\n resourceKind: data.resourceKind,\n resourceId: data.resourceId,\n accessType: data.accessType,\n fieldsJson: fields,\n contextJson: context,\n },\n tenantId,\n organizationId,\n )) as RawEncryptedFields)\n : null\n\n const payload = {\n resourceKind: encrypted?.resourceKind ?? data.resourceKind,\n resourceId: encrypted?.resourceId ?? data.resourceId,\n accessType: encrypted?.accessType ?? data.accessType,\n fieldsJson: encrypted?.fieldsJson ?? fields,\n contextJson: encrypted?.contextJson ?? context,\n }\n\n const rows = await fork.getConnection().execute(\n `insert into \"access_logs\" (\"tenant_id\", \"organization_id\", \"actor_user_id\", \"resource_kind\", \"resource_id\", \"access_type\", \"fields_json\", \"context_json\", \"created_at\", \"deleted_at\") values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?) returning \"id\"`,\n [\n tenantId,\n organizationId,\n data.actorUserId ?? null,\n payload.resourceKind,\n payload.resourceId,\n payload.accessType,\n serializeJsonColumn(payload.fieldsJson),\n serializeJsonColumn(payload.contextJson),\n createdAt,\n null,\n ],\n )\n await this.rotate(fork)\n const id = Array.isArray(rows) && rows.length > 0 ? rows[0]?.id ?? null : null\n if (!id) return null\n const entry = fork.create(AccessLog, {\n id,\n tenantId: data.tenantId ?? null,\n organizationId: data.organizationId ?? null,\n actorUserId: data.actorUserId ?? null,\n resourceKind: data.resourceKind,\n resourceId: data.resourceId,\n accessType: data.accessType,\n fieldsJson: fields,\n contextJson: context,\n createdAt,\n })\n return entry\n }\n\n private normalizeInput(input: Partial<AccessLogCreateInput> | null | undefined): AccessLogCreateInput {\n if (!input) {\n return {\n tenantId: null,\n organizationId: null,\n actorUserId: null,\n resourceKind: 'unknown',\n resourceId: 'unknown',\n accessType: 'unknown',\n fields: undefined,\n context: undefined,\n }\n }\n const UUID_REGEX = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/\n const toNullableUuid = (value: unknown) => {\n if (typeof value !== 'string' || value.length === 0) return null\n const candidate = value.startsWith('api_key:') ? value.slice('api_key:'.length) : value\n return UUID_REGEX.test(candidate) ? candidate : null\n }\n const fields = Array.isArray(input.fields)\n ? input.fields.filter((f): f is string => typeof f === 'string' && f.length > 0)\n : undefined\n const context = typeof input.context === 'object' && input.context !== null\n ? input.context as Record<string, unknown>\n : undefined\n return {\n tenantId: toNullableUuid(input.tenantId),\n organizationId: toNullableUuid(input.organizationId),\n actorUserId: toNullableUuid(input.actorUserId),\n resourceKind: String(input.resourceKind || 'unknown'),\n resourceId: String(input.resourceId || 'unknown'),\n accessType: String(input.accessType || 'unknown'),\n fields,\n context,\n }\n }\n\n async list(query: Partial<AccessLogListQuery>) {\n const parsed = accessLogListSchema.parse({\n ...query,\n })\n\n const where: FilterQuery<AccessLog> = { deletedAt: null }\n if (parsed.tenantId) where.tenantId = parsed.tenantId\n if (parsed.organizationId) where.organizationId = parsed.organizationId\n if (parsed.actorUserId) where.actorUserId = parsed.actorUserId\n if (parsed.resourceKind) where.resourceKind = parsed.resourceKind\n if (parsed.accessType) where.accessType = parsed.accessType\n if (parsed.before) where.createdAt = { ...(where.createdAt as Record<string, any> | undefined), $lt: parsed.before } as any\n if (parsed.after) where.createdAt = { ...(where.createdAt as Record<string, any> | undefined), $gt: parsed.after } as any\n\n const pageSize = parsed.pageSize ?? parsed.limit ?? 50\n const page = parsed.page ?? 1\n const offset = (page - 1) * pageSize\n\n const [items, total] = await this.em.findAndCount(\n AccessLog,\n where,\n {\n orderBy: { createdAt: 'desc' },\n limit: pageSize,\n offset,\n },\n )\n\n // Encrypted jsonb columns (`fields_json`, `context_json`) come back as raw\n // JSON strings from the encryption subscriber after issue #1810 follow-up\n // (entity-field decryption no longer auto-parses). Restore the structured\n // shape on read so API consumers see typed objects/arrays.\n for (const item of items) {\n const rawFieldsJson = (item as { fieldsJson?: unknown }).fieldsJson\n if (typeof rawFieldsJson === 'string') {\n const parsed = parseDecryptedFieldValue(rawFieldsJson)\n item.fieldsJson = Array.isArray(parsed) ? (parsed as string[]) : null\n }\n const rawContextJson = (item as { contextJson?: unknown }).contextJson\n if (typeof rawContextJson === 'string') {\n const parsed = parseDecryptedFieldValue(rawContextJson)\n item.contextJson = parsed && typeof parsed === 'object' && !Array.isArray(parsed)\n ? (parsed as Record<string, unknown>)\n : null\n }\n }\n\n const totalPages = Math.max(1, Math.ceil((total || 0) / (pageSize || 1)))\n return { items, total, page, pageSize, totalPages }\n }\n\n private async rotate(fork: EntityManager) {\n const now = Date.now()\n const coreCutoff = new Date(now - CORE_RETENTION_MS)\n const nonCoreCutoff = new Date(now - NON_CORE_RETENTION_MS)\n try {\n if (CORE_RESOURCE_KINDS.size > 0) {\n await fork.nativeDelete(AccessLog, {\n resourceKind: { $in: Array.from(CORE_RESOURCE_KINDS) },\n createdAt: { $lt: coreCutoff },\n })\n }\n await fork.nativeDelete(AccessLog, {\n resourceKind: { $nin: Array.from(CORE_RESOURCE_KINDS) },\n createdAt: { $lt: nonCoreCutoff },\n })\n } catch (err) {\n // eslint-disable-next-line no-console\n console.warn('[audit_logs] failed to rotate access logs', err)\n }\n }\n}\n"],
|
|
5
|
+
"mappings": "AAEA,SAAS,iBAAiB;AAC1B;AAAA,EACE;AAAA,EACA;AAAA,OAGK;AACP,SAAS,sCAAsC;AAC/C,SAAS,gCAAgC;AACzC,SAAS,SAAS;AAElB,MAAM,sBAAsB,oBAAI,IAAY,CAAC,aAAa,WAAW,CAAC;AAEtE,SAAS,iBAAiB,OAA2B,UAA0B;AAC7E,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,SAAS,OAAO,KAAK;AAC3B,MAAI,CAAC,OAAO,SAAS,MAAM,KAAK,UAAU,EAAG,QAAO;AACpD,SAAO;AACT;AAEA,MAAM,sBAAsB,iBAAiB,QAAQ,IAAI,gCAAgC,CAAC;AAC1F,MAAM,2BAA2B,iBAAiB,QAAQ,IAAI,qCAAqC,CAAC;AACpG,MAAM,oBAAoB,sBAAsB,KAAK,KAAK,KAAK;AAC/D,MAAM,wBAAwB,2BAA2B,KAAK,KAAK;AACnE,MAAM,aAAa;AAInB,MAAM,iBAAiB;AAEvB,IAAI,0BAA0B;AAC9B,IAAI,6BAA6C;AASjD,MAAM,yBAAyB,oBAAI,IAAsB;AAEzD,SAAS,2BAA8B,SAAiC;AACtE,yBAAuB,IAAI,OAAsC;AACjE,UACG,MAAM,MAAM,MAAS,EACrB,QAAQ,MAAM;AACb,2BAAuB,OAAO,OAAsC;AAAA,EACtE,CAAC;AACH,SAAO;AACT;AAEA,eAAsB,iBAAgC;AACpD,SAAO,uBAAuB,OAAO,GAAG;AACtC,UAAM,WAAW,MAAM,KAAK,sBAAsB;AAClD,UAAM,QAAQ,WAAW,QAAQ;AAAA,EACnC;AACF;AAEA,MAAM,sBAAsB,CAAC,QAAiB,eAAe,aAAa,OAAO,IAAI,YAAY,YAAY,IAAI,QAAQ,SAAS,MAAM;AAUxI,SAAS,oBAAoB,OAA+B;AAC1D,MAAI,UAAU,QAAQ,UAAU,OAAW,QAAO;AAClD,MAAI,OAAO,UAAU,UAAU;AAC7B,QAAI;AACF,WAAK,MAAM,KAAK;AAChB,aAAO;AAAA,IACT,QAAQ;AACN,aAAO,KAAK,UAAU,KAAK;AAAA,IAC7B;AAAA,EACF;AACA,MAAI;AACF,WAAO,KAAK,UAAU,KAAK;AAAA,EAC7B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,MAAM,iBAAiB;AAAA,EAC5B,YAA6B,IAAmB;AAAnB;AAAA,EAAoB;AAAA,EAEjD,MAAM,IAAI,OAAwD;AAChE,UAAM,UAAU,KAAK,YAAY,KAAK;AACtC,WAAO,2BAA2B,OAAO;AAAA,EAC3C;AAAA,EAEA,MAAM,QAAQ,QAAiD;AAC7D,QAAI,CAAC,MAAM,QAAQ,MAAM,KAAK,OAAO,WAAW,EAAG,QAAO;AAC1D,UAAM,UAAU,KAAK,gBAAgB,MAAM;AAC3C,WAAO,2BAA2B,OAAO;AAAA,EAC3C;AAAA,EAEA,QAAuB;AACrB,WAAO,eAAe;AAAA,EACxB;AAAA,EAEA,MAAc,gBAAgB,QAAiD;AAK7E,UAAM,gBAAgB,MAAM,QAAQ,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,WAAW,KAAK,CAAC,CAAC;AACrF,UAAM,aAAqC,CAAC;AAC5C,eAAW,UAAU,eAAe;AAClC,UAAI,OAAQ,YAAW,KAAK,MAAM;AAAA,IACpC;AACA,QAAI,CAAC,WAAW,OAAQ,QAAO;AAE/B,QAAI,UAAU;AACd,aAAS,SAAS,GAAG,SAAS,WAAW,QAAQ,UAAU,gBAAgB;AACzE,YAAM,QAAQ,WAAW,MAAM,QAAQ,SAAS,cAAc;AAC9D,iBAAW,MAAM,KAAK,WAAW,KAAK;AAAA,IACxC;AACA,QAAI,UAAU,GAAG;AACf,YAAM,OAAO,KAAK,GAAG,KAAK,EAAE,YAAY,KAAK,CAAC;AAC9C,YAAM,KAAK,OAAO,IAAI;AAAA,IACxB;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,WAAW,OAAgD;AACvE,QAAI,CAAC,MAAM,OAAQ,QAAO;AAC1B,UAAM,OAAO,KAAK,GAAG,KAAK,EAAE,YAAY,KAAK,CAAC;AAC9C,UAAM,aAAa,+BAA+B,IAAW;AAC7D,UAAM,YAAY,oBAAI,KAAK;AAgB3B,UAAM,WAA0B,MAAM,QAAQ;AAAA,MAC5C,MAAM,IAAI,OAAO,SAAS;AACxB,cAAM,SAAS,MAAM,QAAQ,KAAK,MAAM,KAAK,KAAK,OAAO,SAAS,KAAK,SAAS;AAChF,cAAM,UAAU,KAAK,WAAW,OAAO,KAAK,KAAK,OAAO,EAAE,SAAS,KAAK,UAAU;AAClF,cAAM,WAAW,KAAK,YAAY;AAClC,cAAM,iBAAiB,KAAK,kBAAkB;AAC9C,cAAM,YAAY,aACZ,MAAM,WAAW;AAAA,UACjB,EAAE,WAAW;AAAA,UACb;AAAA,YACE,cAAc,KAAK;AAAA,YACnB,YAAY,KAAK;AAAA,YACjB,YAAY,KAAK;AAAA,YACjB,YAAY;AAAA,YACZ,aAAa;AAAA,UACf;AAAA,UACA;AAAA,UACA;AAAA,QACF,IACA;AACJ,eAAO,EAAE,UAAU,gBAAgB,MAAM,QAAQ,SAAS,UAAU;AAAA,MACtE,CAAC;AAAA,IACH;AAEA,UAAM,eAAyB,CAAC;AAChC,UAAM,SAAoB,CAAC;AAC3B,eAAW,OAAO,UAAU;AAC1B,YAAM,EAAE,UAAU,gBAAgB,MAAM,QAAQ,SAAS,UAAU,IAAI;AACvE,YAAM,kBAAkB,WAAW,gBAAgB,KAAK;AACxD,YAAM,gBAAgB,WAAW,cAAc,KAAK;AACpD,YAAM,gBAAgB,WAAW,cAAc,KAAK;AACpD,YAAM,YAAY,WAAW,cAAc;AAC3C,YAAM,aAAa,WAAW,eAAe;AAC7C,mBAAa,KAAK,gCAAgC;AAClD,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA,KAAK,eAAe;AAAA,QACpB;AAAA,QACA;AAAA,QACA;AAAA,QACA,oBAAoB,SAAS;AAAA,QAC7B,oBAAoB,UAAU;AAAA,QAC9B;AAAA,QACA;AAAA,MACF;AAAA,IACF;AACA,QAAI,CAAC,aAAa,OAAQ,QAAO;AACjC,UAAM,MAAM,gMAAgM,aAAa,KAAK,IAAI,CAAC;AACnO,UAAM,KAAK,cAAc,EAAE,QAAQ,KAAK,MAAM;AAC9C,WAAO,MAAM;AAAA,EACf;AAAA,EAEA,MAAc,WAAW,OAAmE;AAC1F,UAAM,SAAS;AACf,UAAM,cAAc,QAAQ,UAAU,OAAO,OAAO,UAAU,UAAU;AACxE,UAAM,iBAAiB,eAAe,+BAA+B;AACrE,QAAI,gBAAgB;AAClB,UAAI;AACF,cAAM,OAAO,OAAO,MAAM,KAAK;AAC/B,qCAA6B;AAC7B,eAAO;AAAA,MACT,SAAS,KAAK;AACZ,YAAI,CAAC,oBAAoB,GAAG,KAAK,CAAC,yBAAyB;AACzD,oCAA0B;AAE1B,kBAAQ,KAAK,qEAAqE,GAAG;AAAA,QACvF;AACA,YAAI,oBAAoB,GAAG,EAAG,8BAA6B;AAC3D,eAAO,KAAK,eAAe,KAAK;AAAA,MAClC;AAAA,IACF;AACA,WAAO,KAAK,eAAe,KAAK;AAAA,EAClC;AAAA,EAEA,MAAc,YAAY,OAAwD;AAChF,UAAM,OAAO,MAAM,KAAK,WAAW,KAAK;AACxC,QAAI,CAAC,KAAM,QAAO;AAClB,UAAM,OAAO,KAAK,GAAG,KAAK,EAAE,YAAY,KAAK,CAAC;AAC9C,UAAM,SAAS,MAAM,QAAQ,KAAK,MAAM,KAAK,KAAK,OAAO,SAAS,KAAK,SAAS;AAChF,UAAM,UAAU,KAAK,WAAW,OAAO,KAAK,KAAK,OAAO,EAAE,SAAS,KAAK,UAAU;AAClF,UAAM,YAAY,oBAAI,KAAK;AAC3B,UAAM,WAAW,KAAK,YAAY;AAClC,UAAM,iBAAiB,KAAK,kBAAkB;AAE9C,UAAM,aAAa,+BAA+B,IAAW;AAC7D,UAAM,YAAY,aACZ,MAAM,WAAW;AAAA,MACjB,EAAE,WAAW;AAAA,MACb;AAAA,QACE,cAAc,KAAK;AAAA,QACnB,YAAY,KAAK;AAAA,QACjB,YAAY,KAAK;AAAA,QACjB,YAAY;AAAA,QACZ,aAAa;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,IACF,IACA;AAEJ,UAAM,UAAU;AAAA,MACd,cAAc,WAAW,gBAAgB,KAAK;AAAA,MAC9C,YAAY,WAAW,cAAc,KAAK;AAAA,MAC1C,YAAY,WAAW,cAAc,KAAK;AAAA,MAC1C,YAAY,WAAW,cAAc;AAAA,MACrC,aAAa,WAAW,eAAe;AAAA,IACzC;AAEA,UAAM,OAAO,MAAM,KAAK,cAAc,EAAE;AAAA,MACtC;AAAA,MACA;AAAA,QACE;AAAA,QACA;AAAA,QACA,KAAK,eAAe;AAAA,QACpB,QAAQ;AAAA,QACR,QAAQ;AAAA,QACR,QAAQ;AAAA,QACR,oBAAoB,QAAQ,UAAU;AAAA,QACtC,oBAAoB,QAAQ,WAAW;AAAA,QACvC;AAAA,QACA;AAAA,MACF;AAAA,IACF;AACA,UAAM,KAAK,OAAO,IAAI;AACtB,UAAM,KAAK,MAAM,QAAQ,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,GAAG,MAAM,OAAO;AAC1E,QAAI,CAAC,GAAI,QAAO;AAChB,UAAM,QAAQ,KAAK,OAAO,WAAW;AAAA,MACnC;AAAA,MACA,UAAU,KAAK,YAAY;AAAA,MAC3B,gBAAgB,KAAK,kBAAkB;AAAA,MACvC,aAAa,KAAK,eAAe;AAAA,MACjC,cAAc,KAAK;AAAA,MACnB,YAAY,KAAK;AAAA,MACjB,YAAY,KAAK;AAAA,MACjB,YAAY;AAAA,MACZ,aAAa;AAAA,MACb;AAAA,IACF,CAAC;AACD,WAAO;AAAA,EACT;AAAA,EAEQ,eAAe,OAA+E;AACpG,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,QACL,UAAU;AAAA,QACV,gBAAgB;AAAA,QAChB,aAAa;AAAA,QACb,cAAc;AAAA,QACd,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,QAAQ;AAAA,QACR,SAAS;AAAA,MACX;AAAA,IACF;AACA,UAAMA,cAAa;AACnB,UAAM,iBAAiB,CAAC,UAAmB;AACzC,UAAI,OAAO,UAAU,YAAY,MAAM,WAAW,EAAG,QAAO;AAC5D,YAAM,YAAY,MAAM,WAAW,UAAU,IAAI,MAAM,MAAM,WAAW,MAAM,IAAI;AAClF,aAAOA,YAAW,KAAK,SAAS,IAAI,YAAY;AAAA,IAClD;AACA,UAAM,SAAS,MAAM,QAAQ,MAAM,MAAM,IACrC,MAAM,OAAO,OAAO,CAAC,MAAmB,OAAO,MAAM,YAAY,EAAE,SAAS,CAAC,IAC7E;AACJ,UAAM,UAAU,OAAO,MAAM,YAAY,YAAY,MAAM,YAAY,OACnE,MAAM,UACN;AACJ,WAAO;AAAA,MACL,UAAU,eAAe,MAAM,QAAQ;AAAA,MACvC,gBAAgB,eAAe,MAAM,cAAc;AAAA,MACnD,aAAa,eAAe,MAAM,WAAW;AAAA,MAC7C,cAAc,OAAO,MAAM,gBAAgB,SAAS;AAAA,MACpD,YAAY,OAAO,MAAM,cAAc,SAAS;AAAA,MAChD,YAAY,OAAO,MAAM,cAAc,SAAS;AAAA,MAChD;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,KAAK,OAAoC;AAC7C,UAAM,SAAS,oBAAoB,MAAM;AAAA,MACvC,GAAG;AAAA,IACL,CAAC;AAED,UAAM,QAAgC,EAAE,WAAW,KAAK;AACxD,QAAI,OAAO,SAAU,OAAM,WAAW,OAAO;AAC7C,QAAI,OAAO,eAAgB,OAAM,iBAAiB,OAAO;AACzD,QAAI,OAAO,YAAa,OAAM,cAAc,OAAO;AACnD,QAAI,OAAO,aAAc,OAAM,eAAe,OAAO;AACrD,QAAI,OAAO,WAAY,OAAM,aAAa,OAAO;AACjD,QAAI,OAAO,OAAQ,OAAM,YAAY,EAAE,GAAI,MAAM,WAA+C,KAAK,OAAO,OAAO;AACnH,QAAI,OAAO,MAAO,OAAM,YAAY,EAAE,GAAI,MAAM,WAA+C,KAAK,OAAO,MAAM;AAEjH,UAAM,WAAW,OAAO,YAAY,OAAO,SAAS;AACpD,UAAM,OAAO,OAAO,QAAQ;AAC5B,UAAM,UAAU,OAAO,KAAK;AAE5B,UAAM,CAAC,OAAO,KAAK,IAAI,MAAM,KAAK,GAAG;AAAA,MACnC;AAAA,MACA;AAAA,MACA;AAAA,QACE,SAAS,EAAE,WAAW,OAAO;AAAA,QAC7B,OAAO;AAAA,QACP;AAAA,MACF;AAAA,IACF;AAMA,eAAW,QAAQ,OAAO;AACxB,YAAM,gBAAiB,KAAkC;AACzD,UAAI,OAAO,kBAAkB,UAAU;AACrC,cAAMC,UAAS,yBAAyB,aAAa;AACrD,aAAK,aAAa,MAAM,QAAQA,OAAM,IAAKA,UAAsB;AAAA,MACnE;AACA,YAAM,iBAAkB,KAAmC;AAC3D,UAAI,OAAO,mBAAmB,UAAU;AACtC,cAAMA,UAAS,yBAAyB,cAAc;AACtD,aAAK,cAAcA,WAAU,OAAOA,YAAW,YAAY,CAAC,MAAM,QAAQA,OAAM,IAC3EA,UACD;AAAA,MACN;AAAA,IACF;AAEA,UAAM,aAAa,KAAK,IAAI,GAAG,KAAK,MAAM,SAAS,MAAM,YAAY,EAAE,CAAC;AACxE,WAAO,EAAE,OAAO,OAAO,MAAM,UAAU,WAAW;AAAA,EACpD;AAAA,EAEA,MAAc,OAAO,MAAqB;AACxC,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,aAAa,IAAI,KAAK,MAAM,iBAAiB;AACnD,UAAM,gBAAgB,IAAI,KAAK,MAAM,qBAAqB;AAC1D,QAAI;AACF,UAAI,oBAAoB,OAAO,GAAG;AAChC,cAAM,KAAK,aAAa,WAAW;AAAA,UACjC,cAAc,EAAE,KAAK,MAAM,KAAK,mBAAmB,EAAE;AAAA,UACrD,WAAW,EAAE,KAAK,WAAW;AAAA,QAC/B,CAAC;AAAA,MACH;AACA,YAAM,KAAK,aAAa,WAAW;AAAA,QACjC,cAAc,EAAE,MAAM,MAAM,KAAK,mBAAmB,EAAE;AAAA,QACtD,WAAW,EAAE,KAAK,cAAc;AAAA,MAClC,CAAC;AAAA,IACH,SAAS,KAAK;AAEZ,cAAQ,KAAK,6CAA6C,GAAG;AAAA,IAC/D;AAAA,EACF;AACF;",
|
|
6
6
|
"names": ["UUID_REGEX", "parsed"]
|
|
7
7
|
}
|
|
@@ -34,7 +34,7 @@ function AuthProfilePage() {
|
|
|
34
34
|
setError(null);
|
|
35
35
|
try {
|
|
36
36
|
const { ok, result } = await apiCall("/api/auth/profile");
|
|
37
|
-
if (!ok) throw new Error("
|
|
37
|
+
if (!ok) throw new Error(t("auth.profile.form.errors.load", "Failed to load profile."));
|
|
38
38
|
const resolvedEmail = typeof result?.email === "string" ? result.email : "";
|
|
39
39
|
if (!cancelled) setEmail(resolvedEmail);
|
|
40
40
|
} catch (err) {
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../../../src/modules/auth/backend/auth/profile/page.tsx"],
|
|
4
|
-
"sourcesContent": ["\"use client\"\nimport * as React from 'react'\nimport { useRouter } from 'next/navigation'\nimport { z } from 'zod'\nimport { Save } from 'lucide-react'\nimport { Page, PageBody } from '@open-mercato/ui/backend/Page'\nimport { CrudForm, type CrudField } from '@open-mercato/ui/backend/CrudForm'\nimport { apiCall, readApiResultOrThrow } from '@open-mercato/ui/backend/utils/apiCall'\nimport { createCrudFormError } from '@open-mercato/ui/backend/utils/serverErrors'\nimport { flash } from '@open-mercato/ui/backend/FlashMessages'\nimport { LoadingMessage, ErrorMessage } from '@open-mercato/ui/backend/detail'\nimport { Button } from '@open-mercato/ui/primitives/button'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\nimport { buildPasswordSchema, formatPasswordRequirements, getPasswordPolicy } from '@open-mercato/shared/lib/auth/passwordPolicy'\n\ntype ProfileResponse = {\n email?: string | null\n}\n\ntype ProfileUpdateResponse = {\n ok?: boolean\n email?: string | null\n}\n\ntype ProfileFormValues = {\n email: string\n currentPassword?: string\n password?: string\n confirmPassword?: string\n}\n\nexport default function AuthProfilePage() {\n const t = useT()\n const router = useRouter()\n const [loading, setLoading] = React.useState(true)\n const [error, setError] = React.useState<string | null>(null)\n const [email, setEmail] = React.useState('')\n const [formKey, setFormKey] = React.useState(0)\n const formId = React.useId()\n const passwordPolicy = React.useMemo(() => getPasswordPolicy(), [])\n const passwordRequirements = React.useMemo(\n () => formatPasswordRequirements(passwordPolicy, t),\n [passwordPolicy, t],\n )\n const passwordDescription = React.useMemo(() => (\n passwordRequirements\n ? t('auth.password.requirements.help', 'Password requirements: {requirements}', { requirements: passwordRequirements })\n : undefined\n ), [passwordRequirements, t])\n\n React.useEffect(() => {\n let cancelled = false\n async function load() {\n setLoading(true)\n setError(null)\n try {\n const { ok, result } = await apiCall<ProfileResponse>('/api/auth/profile')\n if (!ok) throw new Error('
|
|
5
|
-
"mappings": ";AA6KU,cAMI,YANJ;AA5KV,YAAY,WAAW;AACvB,SAAS,iBAAiB;AAC1B,SAAS,SAAS;AAClB,SAAS,YAAY;AACrB,SAAS,MAAM,gBAAgB;AAC/B,SAAS,gBAAgC;AACzC,SAAS,SAAS,4BAA4B;AAC9C,SAAS,2BAA2B;AACpC,SAAS,aAAa;AACtB,SAAS,gBAAgB,oBAAoB;AAC7C,SAAS,cAAc;AACvB,SAAS,YAAY;AACrB,SAAS,qBAAqB,4BAA4B,yBAAyB;AAkBpE,SAAR,kBAAmC;AACxC,QAAM,IAAI,KAAK;AACf,QAAM,SAAS,UAAU;AACzB,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,IAAI;AACjD,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAwB,IAAI;AAC5D,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAS,EAAE;AAC3C,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,CAAC;AAC9C,QAAM,SAAS,MAAM,MAAM;AAC3B,QAAM,iBAAiB,MAAM,QAAQ,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAClE,QAAM,uBAAuB,MAAM;AAAA,IACjC,MAAM,2BAA2B,gBAAgB,CAAC;AAAA,IAClD,CAAC,gBAAgB,CAAC;AAAA,EACpB;AACA,QAAM,sBAAsB,MAAM,QAAQ,MACxC,uBACI,EAAE,mCAAmC,yCAAyC,EAAE,cAAc,qBAAqB,CAAC,IACpH,QACH,CAAC,sBAAsB,CAAC,CAAC;AAE5B,QAAM,UAAU,MAAM;AACpB,QAAI,YAAY;AAChB,mBAAe,OAAO;AACpB,iBAAW,IAAI;AACf,eAAS,IAAI;AACb,UAAI;AACF,cAAM,EAAE,IAAI,OAAO,IAAI,MAAM,QAAyB,mBAAmB;AACzE,YAAI,CAAC,GAAI,OAAM,IAAI,MAAM,
|
|
4
|
+
"sourcesContent": ["\"use client\"\nimport * as React from 'react'\nimport { useRouter } from 'next/navigation'\nimport { z } from 'zod'\nimport { Save } from 'lucide-react'\nimport { Page, PageBody } from '@open-mercato/ui/backend/Page'\nimport { CrudForm, type CrudField } from '@open-mercato/ui/backend/CrudForm'\nimport { apiCall, readApiResultOrThrow } from '@open-mercato/ui/backend/utils/apiCall'\nimport { createCrudFormError } from '@open-mercato/ui/backend/utils/serverErrors'\nimport { flash } from '@open-mercato/ui/backend/FlashMessages'\nimport { LoadingMessage, ErrorMessage } from '@open-mercato/ui/backend/detail'\nimport { Button } from '@open-mercato/ui/primitives/button'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\nimport { buildPasswordSchema, formatPasswordRequirements, getPasswordPolicy } from '@open-mercato/shared/lib/auth/passwordPolicy'\n\ntype ProfileResponse = {\n email?: string | null\n}\n\ntype ProfileUpdateResponse = {\n ok?: boolean\n email?: string | null\n}\n\ntype ProfileFormValues = {\n email: string\n currentPassword?: string\n password?: string\n confirmPassword?: string\n}\n\nexport default function AuthProfilePage() {\n const t = useT()\n const router = useRouter()\n const [loading, setLoading] = React.useState(true)\n const [error, setError] = React.useState<string | null>(null)\n const [email, setEmail] = React.useState('')\n const [formKey, setFormKey] = React.useState(0)\n const formId = React.useId()\n const passwordPolicy = React.useMemo(() => getPasswordPolicy(), [])\n const passwordRequirements = React.useMemo(\n () => formatPasswordRequirements(passwordPolicy, t),\n [passwordPolicy, t],\n )\n const passwordDescription = React.useMemo(() => (\n passwordRequirements\n ? t('auth.password.requirements.help', 'Password requirements: {requirements}', { requirements: passwordRequirements })\n : undefined\n ), [passwordRequirements, t])\n\n React.useEffect(() => {\n let cancelled = false\n async function load() {\n setLoading(true)\n setError(null)\n try {\n const { ok, result } = await apiCall<ProfileResponse>('/api/auth/profile')\n if (!ok) throw new Error(t('auth.profile.form.errors.load', 'Failed to load profile.'))\n const resolvedEmail = typeof result?.email === 'string' ? result.email : ''\n if (!cancelled) setEmail(resolvedEmail)\n } catch (err) {\n console.error('Failed to load auth profile', err)\n if (!cancelled) setError(t('auth.profile.form.errors.load', 'Failed to load profile.'))\n } finally {\n if (!cancelled) setLoading(false)\n }\n }\n load()\n return () => { cancelled = true }\n }, [t])\n\n const fields = React.useMemo<CrudField[]>(() => [\n { id: 'email', label: t('auth.profile.form.email', 'Email'), type: 'text', required: true },\n {\n id: 'currentPassword',\n label: t('auth.profile.form.currentPassword', 'Current password'),\n type: 'password',\n },\n {\n id: 'password',\n label: t('auth.profile.form.password', 'New password'),\n type: 'password',\n description: passwordDescription,\n },\n {\n id: 'confirmPassword',\n label: t('auth.profile.form.confirmPassword', 'Confirm new password'),\n type: 'password',\n },\n ], [passwordDescription, t])\n\n const schema = React.useMemo(() => {\n const passwordSchema = buildPasswordSchema({\n policy: passwordPolicy,\n message: t('auth.profile.form.errors.passwordRequirements', 'Password must meet the requirements.'),\n })\n const optionalPasswordSchema = z.union([z.literal(''), passwordSchema]).optional()\n return z.object({\n email: z.string().trim().min(1, t('auth.profile.form.errors.emailRequired', 'Email is required.')),\n currentPassword: z.string().optional(),\n password: optionalPasswordSchema,\n confirmPassword: z.string().optional(),\n }).superRefine((values, ctx) => {\n const currentPassword = values.currentPassword?.trim() ?? ''\n const password = values.password?.trim() ?? ''\n const confirmPassword = values.confirmPassword?.trim() ?? ''\n const hasPasswordIntent = Boolean(currentPassword || password || confirmPassword)\n\n if (hasPasswordIntent && !currentPassword) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: t('auth.profile.form.errors.currentPasswordRequired', 'Current password is required.'),\n path: ['currentPassword'],\n })\n }\n if (hasPasswordIntent && !password) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: t('auth.profile.form.errors.newPasswordRequired', 'New password is required.'),\n path: ['password'],\n })\n }\n if (hasPasswordIntent && !confirmPassword) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: t('auth.profile.form.errors.confirmPasswordRequired', 'Please confirm the new password.'),\n path: ['confirmPassword'],\n })\n }\n if (password && confirmPassword && password !== confirmPassword) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: t('auth.profile.form.errors.passwordMismatch', 'Passwords do not match.'),\n path: ['confirmPassword'],\n })\n }\n })\n }, [passwordPolicy, t])\n\n const handleSubmit = React.useCallback(async (values: ProfileFormValues) => {\n const nextEmail = values.email?.trim() ?? ''\n const currentPassword = values.currentPassword?.trim() ?? ''\n const password = values.password?.trim() ?? ''\n\n if (!password && nextEmail === email) {\n throw createCrudFormError(t('auth.profile.form.errors.noChanges', 'No changes to save.'))\n }\n\n const payload: { email: string; currentPassword?: string; password?: string } = { email: nextEmail }\n if (password) payload.password = password\n if (password) payload.currentPassword = currentPassword\n\n const result = await readApiResultOrThrow<ProfileUpdateResponse>(\n '/api/auth/profile',\n {\n method: 'PUT',\n headers: { 'content-type': 'application/json' },\n body: JSON.stringify(payload),\n },\n { errorMessage: t('auth.profile.form.errors.save', 'Failed to update profile.') },\n )\n\n const resolvedEmail = typeof result?.email === 'string' ? result.email : nextEmail\n setEmail(resolvedEmail)\n setFormKey((prev) => prev + 1)\n flash(t('auth.profile.form.success', 'Profile updated.'), 'success')\n router.refresh()\n }, [email, router, t])\n\n return (\n <Page>\n <PageBody>\n {loading ? (\n <LoadingMessage label={t('auth.profile.form.loading', 'Loading profile...')} />\n ) : error ? (\n <ErrorMessage label={error} />\n ) : (\n <section className=\"space-y-6 rounded-lg border bg-background p-6\">\n <header className=\"flex flex-col gap-4 sm:flex-row sm:items-start sm:justify-between\">\n <div className=\"space-y-1\">\n <h2 className=\"text-lg font-semibold\">{t('auth.profile.title', 'Profile')}</h2>\n <p className=\"text-sm text-muted-foreground\">\n {t('auth.profile.subtitle', 'Change password')}\n </p>\n </div>\n <Button type=\"submit\" form={formId}>\n <Save className=\"size-4 mr-2\" />\n {t('auth.profile.form.save', 'Save changes')}\n </Button>\n </header>\n <CrudForm<ProfileFormValues>\n key={formKey}\n formId={formId}\n schema={schema}\n fields={fields}\n initialValues={{\n email,\n currentPassword: '',\n password: '',\n confirmPassword: '',\n }}\n submitLabel={t('auth.profile.form.save', 'Save changes')}\n onSubmit={handleSubmit}\n embedded\n hideFooterActions\n />\n </section>\n )}\n </PageBody>\n </Page>\n )\n}\n"],
|
|
5
|
+
"mappings": ";AA6KU,cAMI,YANJ;AA5KV,YAAY,WAAW;AACvB,SAAS,iBAAiB;AAC1B,SAAS,SAAS;AAClB,SAAS,YAAY;AACrB,SAAS,MAAM,gBAAgB;AAC/B,SAAS,gBAAgC;AACzC,SAAS,SAAS,4BAA4B;AAC9C,SAAS,2BAA2B;AACpC,SAAS,aAAa;AACtB,SAAS,gBAAgB,oBAAoB;AAC7C,SAAS,cAAc;AACvB,SAAS,YAAY;AACrB,SAAS,qBAAqB,4BAA4B,yBAAyB;AAkBpE,SAAR,kBAAmC;AACxC,QAAM,IAAI,KAAK;AACf,QAAM,SAAS,UAAU;AACzB,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,IAAI;AACjD,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAwB,IAAI;AAC5D,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAS,EAAE;AAC3C,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,CAAC;AAC9C,QAAM,SAAS,MAAM,MAAM;AAC3B,QAAM,iBAAiB,MAAM,QAAQ,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAClE,QAAM,uBAAuB,MAAM;AAAA,IACjC,MAAM,2BAA2B,gBAAgB,CAAC;AAAA,IAClD,CAAC,gBAAgB,CAAC;AAAA,EACpB;AACA,QAAM,sBAAsB,MAAM,QAAQ,MACxC,uBACI,EAAE,mCAAmC,yCAAyC,EAAE,cAAc,qBAAqB,CAAC,IACpH,QACH,CAAC,sBAAsB,CAAC,CAAC;AAE5B,QAAM,UAAU,MAAM;AACpB,QAAI,YAAY;AAChB,mBAAe,OAAO;AACpB,iBAAW,IAAI;AACf,eAAS,IAAI;AACb,UAAI;AACF,cAAM,EAAE,IAAI,OAAO,IAAI,MAAM,QAAyB,mBAAmB;AACzE,YAAI,CAAC,GAAI,OAAM,IAAI,MAAM,EAAE,iCAAiC,yBAAyB,CAAC;AACtF,cAAM,gBAAgB,OAAO,QAAQ,UAAU,WAAW,OAAO,QAAQ;AACzE,YAAI,CAAC,UAAW,UAAS,aAAa;AAAA,MACxC,SAAS,KAAK;AACZ,gBAAQ,MAAM,+BAA+B,GAAG;AAChD,YAAI,CAAC,UAAW,UAAS,EAAE,iCAAiC,yBAAyB,CAAC;AAAA,MACxF,UAAE;AACA,YAAI,CAAC,UAAW,YAAW,KAAK;AAAA,MAClC;AAAA,IACF;AACA,SAAK;AACL,WAAO,MAAM;AAAE,kBAAY;AAAA,IAAK;AAAA,EAClC,GAAG,CAAC,CAAC,CAAC;AAEN,QAAM,SAAS,MAAM,QAAqB,MAAM;AAAA,IAC9C,EAAE,IAAI,SAAS,OAAO,EAAE,2BAA2B,OAAO,GAAG,MAAM,QAAQ,UAAU,KAAK;AAAA,IAC1F;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,qCAAqC,kBAAkB;AAAA,MAChE,MAAM;AAAA,IACR;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,8BAA8B,cAAc;AAAA,MACrD,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,qCAAqC,sBAAsB;AAAA,MACpE,MAAM;AAAA,IACR;AAAA,EACF,GAAG,CAAC,qBAAqB,CAAC,CAAC;AAE3B,QAAM,SAAS,MAAM,QAAQ,MAAM;AACjC,UAAM,iBAAiB,oBAAoB;AAAA,MACzC,QAAQ;AAAA,MACR,SAAS,EAAE,iDAAiD,sCAAsC;AAAA,IACpG,CAAC;AACD,UAAM,yBAAyB,EAAE,MAAM,CAAC,EAAE,QAAQ,EAAE,GAAG,cAAc,CAAC,EAAE,SAAS;AACjF,WAAO,EAAE,OAAO;AAAA,MACd,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,GAAG,EAAE,0CAA0C,oBAAoB,CAAC;AAAA,MACjG,iBAAiB,EAAE,OAAO,EAAE,SAAS;AAAA,MACrC,UAAU;AAAA,MACV,iBAAiB,EAAE,OAAO,EAAE,SAAS;AAAA,IACvC,CAAC,EAAE,YAAY,CAAC,QAAQ,QAAQ;AAC9B,YAAM,kBAAkB,OAAO,iBAAiB,KAAK,KAAK;AAC1D,YAAM,WAAW,OAAO,UAAU,KAAK,KAAK;AAC5C,YAAM,kBAAkB,OAAO,iBAAiB,KAAK,KAAK;AAC1D,YAAM,oBAAoB,QAAQ,mBAAmB,YAAY,eAAe;AAEhF,UAAI,qBAAqB,CAAC,iBAAiB;AACzC,YAAI,SAAS;AAAA,UACX,MAAM,EAAE,aAAa;AAAA,UACrB,SAAS,EAAE,oDAAoD,+BAA+B;AAAA,UAC9F,MAAM,CAAC,iBAAiB;AAAA,QAC1B,CAAC;AAAA,MACH;AACA,UAAI,qBAAqB,CAAC,UAAU;AAClC,YAAI,SAAS;AAAA,UACX,MAAM,EAAE,aAAa;AAAA,UACrB,SAAS,EAAE,gDAAgD,2BAA2B;AAAA,UACtF,MAAM,CAAC,UAAU;AAAA,QACnB,CAAC;AAAA,MACH;AACA,UAAI,qBAAqB,CAAC,iBAAiB;AACzC,YAAI,SAAS;AAAA,UACX,MAAM,EAAE,aAAa;AAAA,UACrB,SAAS,EAAE,oDAAoD,kCAAkC;AAAA,UACjG,MAAM,CAAC,iBAAiB;AAAA,QAC1B,CAAC;AAAA,MACH;AACA,UAAI,YAAY,mBAAmB,aAAa,iBAAiB;AAC/D,YAAI,SAAS;AAAA,UACX,MAAM,EAAE,aAAa;AAAA,UACrB,SAAS,EAAE,6CAA6C,yBAAyB;AAAA,UACjF,MAAM,CAAC,iBAAiB;AAAA,QAC1B,CAAC;AAAA,MACH;AAAA,IACF,CAAC;AAAA,EACH,GAAG,CAAC,gBAAgB,CAAC,CAAC;AAEtB,QAAM,eAAe,MAAM,YAAY,OAAO,WAA8B;AAC1E,UAAM,YAAY,OAAO,OAAO,KAAK,KAAK;AAC1C,UAAM,kBAAkB,OAAO,iBAAiB,KAAK,KAAK;AAC1D,UAAM,WAAW,OAAO,UAAU,KAAK,KAAK;AAE5C,QAAI,CAAC,YAAY,cAAc,OAAO;AACpC,YAAM,oBAAoB,EAAE,sCAAsC,qBAAqB,CAAC;AAAA,IAC1F;AAEA,UAAM,UAA0E,EAAE,OAAO,UAAU;AACnG,QAAI,SAAU,SAAQ,WAAW;AACjC,QAAI,SAAU,SAAQ,kBAAkB;AAExC,UAAM,SAAS,MAAM;AAAA,MACnB;AAAA,MACA;AAAA,QACE,QAAQ;AAAA,QACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C,MAAM,KAAK,UAAU,OAAO;AAAA,MAC9B;AAAA,MACA,EAAE,cAAc,EAAE,iCAAiC,2BAA2B,EAAE;AAAA,IAClF;AAEA,UAAM,gBAAgB,OAAO,QAAQ,UAAU,WAAW,OAAO,QAAQ;AACzE,aAAS,aAAa;AACtB,eAAW,CAAC,SAAS,OAAO,CAAC;AAC7B,UAAM,EAAE,6BAA6B,kBAAkB,GAAG,SAAS;AACnE,WAAO,QAAQ;AAAA,EACjB,GAAG,CAAC,OAAO,QAAQ,CAAC,CAAC;AAErB,SACE,oBAAC,QACC,8BAAC,YACE,oBACC,oBAAC,kBAAe,OAAO,EAAE,6BAA6B,oBAAoB,GAAG,IAC3E,QACF,oBAAC,gBAAa,OAAO,OAAO,IAE5B,qBAAC,aAAQ,WAAU,iDACjB;AAAA,yBAAC,YAAO,WAAU,qEAChB;AAAA,2BAAC,SAAI,WAAU,aACb;AAAA,4BAAC,QAAG,WAAU,yBAAyB,YAAE,sBAAsB,SAAS,GAAE;AAAA,QAC1E,oBAAC,OAAE,WAAU,iCACV,YAAE,yBAAyB,iBAAiB,GAC/C;AAAA,SACF;AAAA,MACA,qBAAC,UAAO,MAAK,UAAS,MAAM,QAC1B;AAAA,4BAAC,QAAK,WAAU,eAAc;AAAA,QAC7B,EAAE,0BAA0B,cAAc;AAAA,SAC7C;AAAA,OACF;AAAA,IACA;AAAA,MAAC;AAAA;AAAA,QAEC;AAAA,QACA;AAAA,QACA;AAAA,QACA,eAAe;AAAA,UACb;AAAA,UACA,iBAAiB;AAAA,UACjB,UAAU;AAAA,UACV,iBAAiB;AAAA,QACnB;AAAA,QACA,aAAa,EAAE,0BAA0B,cAAc;AAAA,QACvD,UAAU;AAAA,QACV,UAAQ;AAAA,QACR,mBAAiB;AAAA;AAAA,MAbZ;AAAA,IAcP;AAAA,KACF,GAEJ,GACF;AAEJ;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
|
@@ -33,7 +33,7 @@ function ProfileChangePasswordPage() {
|
|
|
33
33
|
setError(null);
|
|
34
34
|
try {
|
|
35
35
|
const { ok, result } = await apiCall("/api/auth/profile");
|
|
36
|
-
if (!ok) throw new Error("
|
|
36
|
+
if (!ok) throw new Error(t("auth.profile.form.errors.load", "Failed to load profile."));
|
|
37
37
|
const resolvedEmail = typeof result?.email === "string" ? result.email : "";
|
|
38
38
|
if (!cancelled) setEmail(resolvedEmail);
|
|
39
39
|
} catch (err) {
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../../../src/modules/auth/backend/profile/change-password/page.tsx"],
|
|
4
|
-
"sourcesContent": ["'use client'\nimport * as React from 'react'\nimport { useRouter } from 'next/navigation'\nimport { z } from 'zod'\nimport { Save } from 'lucide-react'\nimport { CrudForm, type CrudField } from '@open-mercato/ui/backend/CrudForm'\nimport { apiCall, readApiResultOrThrow } from '@open-mercato/ui/backend/utils/apiCall'\nimport { createCrudFormError } from '@open-mercato/ui/backend/utils/serverErrors'\nimport { flash } from '@open-mercato/ui/backend/FlashMessages'\nimport { LoadingMessage, ErrorMessage } from '@open-mercato/ui/backend/detail'\nimport { Button } from '@open-mercato/ui/primitives/button'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\nimport { buildPasswordSchema, formatPasswordRequirements, getPasswordPolicy } from '@open-mercato/shared/lib/auth/passwordPolicy'\n\ntype ProfileResponse = {\n email?: string | null\n}\n\ntype ProfileUpdateResponse = {\n ok?: boolean\n email?: string | null\n}\n\ntype ProfileFormValues = {\n email: string\n currentPassword?: string\n password?: string\n confirmPassword?: string\n}\n\nexport default function ProfileChangePasswordPage() {\n const t = useT()\n const router = useRouter()\n const [loading, setLoading] = React.useState(true)\n const [error, setError] = React.useState<string | null>(null)\n const [email, setEmail] = React.useState('')\n const [formKey, setFormKey] = React.useState(0)\n const formId = React.useId()\n const passwordPolicy = React.useMemo(() => getPasswordPolicy(), [])\n const passwordRequirements = React.useMemo(\n () => formatPasswordRequirements(passwordPolicy, t),\n [passwordPolicy, t],\n )\n const passwordDescription = React.useMemo(() => (\n passwordRequirements\n ? t('auth.password.requirements.help', 'Password requirements: {requirements}', { requirements: passwordRequirements })\n : undefined\n ), [passwordRequirements, t])\n\n React.useEffect(() => {\n let cancelled = false\n async function load() {\n setLoading(true)\n setError(null)\n try {\n const { ok, result } = await apiCall<ProfileResponse>('/api/auth/profile')\n if (!ok) throw new Error('
|
|
5
|
-
"mappings": ";AAyKW,cAUH,YAVG;AAxKX,YAAY,WAAW;AACvB,SAAS,iBAAiB;AAC1B,SAAS,SAAS;AAClB,SAAS,YAAY;AACrB,SAAS,gBAAgC;AACzC,SAAS,SAAS,4BAA4B;AAC9C,SAAS,2BAA2B;AACpC,SAAS,aAAa;AACtB,SAAS,gBAAgB,oBAAoB;AAC7C,SAAS,cAAc;AACvB,SAAS,YAAY;AACrB,SAAS,qBAAqB,4BAA4B,yBAAyB;AAkBpE,SAAR,4BAA6C;AAClD,QAAM,IAAI,KAAK;AACf,QAAM,SAAS,UAAU;AACzB,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,IAAI;AACjD,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAwB,IAAI;AAC5D,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAS,EAAE;AAC3C,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,CAAC;AAC9C,QAAM,SAAS,MAAM,MAAM;AAC3B,QAAM,iBAAiB,MAAM,QAAQ,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAClE,QAAM,uBAAuB,MAAM;AAAA,IACjC,MAAM,2BAA2B,gBAAgB,CAAC;AAAA,IAClD,CAAC,gBAAgB,CAAC;AAAA,EACpB;AACA,QAAM,sBAAsB,MAAM,QAAQ,MACxC,uBACI,EAAE,mCAAmC,yCAAyC,EAAE,cAAc,qBAAqB,CAAC,IACpH,QACH,CAAC,sBAAsB,CAAC,CAAC;AAE5B,QAAM,UAAU,MAAM;AACpB,QAAI,YAAY;AAChB,mBAAe,OAAO;AACpB,iBAAW,IAAI;AACf,eAAS,IAAI;AACb,UAAI;AACF,cAAM,EAAE,IAAI,OAAO,IAAI,MAAM,QAAyB,mBAAmB;AACzE,YAAI,CAAC,GAAI,OAAM,IAAI,MAAM,
|
|
4
|
+
"sourcesContent": ["'use client'\nimport * as React from 'react'\nimport { useRouter } from 'next/navigation'\nimport { z } from 'zod'\nimport { Save } from 'lucide-react'\nimport { CrudForm, type CrudField } from '@open-mercato/ui/backend/CrudForm'\nimport { apiCall, readApiResultOrThrow } from '@open-mercato/ui/backend/utils/apiCall'\nimport { createCrudFormError } from '@open-mercato/ui/backend/utils/serverErrors'\nimport { flash } from '@open-mercato/ui/backend/FlashMessages'\nimport { LoadingMessage, ErrorMessage } from '@open-mercato/ui/backend/detail'\nimport { Button } from '@open-mercato/ui/primitives/button'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\nimport { buildPasswordSchema, formatPasswordRequirements, getPasswordPolicy } from '@open-mercato/shared/lib/auth/passwordPolicy'\n\ntype ProfileResponse = {\n email?: string | null\n}\n\ntype ProfileUpdateResponse = {\n ok?: boolean\n email?: string | null\n}\n\ntype ProfileFormValues = {\n email: string\n currentPassword?: string\n password?: string\n confirmPassword?: string\n}\n\nexport default function ProfileChangePasswordPage() {\n const t = useT()\n const router = useRouter()\n const [loading, setLoading] = React.useState(true)\n const [error, setError] = React.useState<string | null>(null)\n const [email, setEmail] = React.useState('')\n const [formKey, setFormKey] = React.useState(0)\n const formId = React.useId()\n const passwordPolicy = React.useMemo(() => getPasswordPolicy(), [])\n const passwordRequirements = React.useMemo(\n () => formatPasswordRequirements(passwordPolicy, t),\n [passwordPolicy, t],\n )\n const passwordDescription = React.useMemo(() => (\n passwordRequirements\n ? t('auth.password.requirements.help', 'Password requirements: {requirements}', { requirements: passwordRequirements })\n : undefined\n ), [passwordRequirements, t])\n\n React.useEffect(() => {\n let cancelled = false\n async function load() {\n setLoading(true)\n setError(null)\n try {\n const { ok, result } = await apiCall<ProfileResponse>('/api/auth/profile')\n if (!ok) throw new Error(t('auth.profile.form.errors.load', 'Failed to load profile.'))\n const resolvedEmail = typeof result?.email === 'string' ? result.email : ''\n if (!cancelled) setEmail(resolvedEmail)\n } catch (err) {\n console.error('Failed to load auth profile', err)\n if (!cancelled) setError(t('auth.profile.form.errors.load', 'Failed to load profile.'))\n } finally {\n if (!cancelled) setLoading(false)\n }\n }\n load()\n return () => { cancelled = true }\n }, [t])\n\n const fields = React.useMemo<CrudField[]>(() => [\n { id: 'email', label: t('auth.profile.form.email', 'Email'), type: 'text', required: true },\n {\n id: 'currentPassword',\n label: t('auth.profile.form.currentPassword', 'Current password'),\n type: 'password',\n },\n {\n id: 'password',\n label: t('auth.profile.form.password', 'New password'),\n type: 'password',\n description: passwordDescription,\n },\n {\n id: 'confirmPassword',\n label: t('auth.profile.form.confirmPassword', 'Confirm new password'),\n type: 'password',\n },\n ], [passwordDescription, t])\n\n const schema = React.useMemo(() => {\n const passwordSchema = buildPasswordSchema({\n policy: passwordPolicy,\n message: t('auth.profile.form.errors.passwordRequirements', 'Password must meet the requirements.'),\n })\n const optionalPasswordSchema = z.union([z.literal(''), passwordSchema]).optional()\n return z.object({\n email: z.string().trim().min(1, t('auth.profile.form.errors.emailRequired', 'Email is required.')),\n currentPassword: z.string().optional(),\n password: optionalPasswordSchema,\n confirmPassword: z.string().optional(),\n }).superRefine((values, ctx) => {\n const currentPassword = values.currentPassword?.trim() ?? ''\n const password = values.password?.trim() ?? ''\n const confirmPassword = values.confirmPassword?.trim() ?? ''\n const hasPasswordIntent = Boolean(currentPassword || password || confirmPassword)\n\n if (hasPasswordIntent && !currentPassword) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: t('auth.profile.form.errors.currentPasswordRequired', 'Current password is required.'),\n path: ['currentPassword'],\n })\n }\n if (hasPasswordIntent && !password) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: t('auth.profile.form.errors.newPasswordRequired', 'New password is required.'),\n path: ['password'],\n })\n }\n if (hasPasswordIntent && !confirmPassword) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: t('auth.profile.form.errors.confirmPasswordRequired', 'Please confirm the new password.'),\n path: ['confirmPassword'],\n })\n }\n if (password && confirmPassword && password !== confirmPassword) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: t('auth.profile.form.errors.passwordMismatch', 'Passwords do not match.'),\n path: ['confirmPassword'],\n })\n }\n })\n }, [passwordPolicy, t])\n\n const handleSubmit = React.useCallback(async (values: ProfileFormValues) => {\n const nextEmail = values.email?.trim() ?? ''\n const currentPassword = values.currentPassword?.trim() ?? ''\n const password = values.password?.trim() ?? ''\n\n if (!password && nextEmail === email) {\n throw createCrudFormError(t('auth.profile.form.errors.noChanges', 'No changes to save.'))\n }\n\n const payload: { email: string; currentPassword?: string; password?: string } = { email: nextEmail }\n if (password) payload.password = password\n if (password) payload.currentPassword = currentPassword\n\n const result = await readApiResultOrThrow<ProfileUpdateResponse>(\n '/api/auth/profile',\n {\n method: 'PUT',\n headers: { 'content-type': 'application/json' },\n body: JSON.stringify(payload),\n },\n { errorMessage: t('auth.profile.form.errors.save', 'Failed to update profile.') },\n )\n\n const resolvedEmail = typeof result?.email === 'string' ? result.email : nextEmail\n setEmail(resolvedEmail)\n setFormKey((prev) => prev + 1)\n flash(t('auth.profile.form.success', 'Profile updated.'), 'success')\n router.refresh()\n }, [email, router, t])\n\n if (loading) {\n return <LoadingMessage label={t('auth.profile.form.loading', 'Loading profile...')} />\n }\n\n if (error) {\n return <ErrorMessage label={error} />\n }\n\n return (\n <section className=\"space-y-6 rounded-lg border bg-background p-6 max-w-2xl\">\n <header className=\"flex flex-col gap-4 sm:flex-row sm:items-start sm:justify-between\">\n <div className=\"space-y-1\">\n <h2 className=\"text-lg font-semibold\">{t('auth.changePassword.title', 'Change Password')}</h2>\n <p className=\"text-sm text-muted-foreground\">\n {t('auth.profile.subtitle', 'Change password')}\n </p>\n </div>\n <Button type=\"submit\" form={formId}>\n <Save className=\"size-4 mr-2\" />\n {t('auth.profile.form.save', 'Save changes')}\n </Button>\n </header>\n <CrudForm<ProfileFormValues>\n key={formKey}\n formId={formId}\n schema={schema}\n fields={fields}\n initialValues={{\n email,\n currentPassword: '',\n password: '',\n confirmPassword: '',\n }}\n submitLabel={t('auth.profile.form.save', 'Save changes')}\n onSubmit={handleSubmit}\n embedded\n hideFooterActions\n />\n </section>\n )\n}\n"],
|
|
5
|
+
"mappings": ";AAyKW,cAUH,YAVG;AAxKX,YAAY,WAAW;AACvB,SAAS,iBAAiB;AAC1B,SAAS,SAAS;AAClB,SAAS,YAAY;AACrB,SAAS,gBAAgC;AACzC,SAAS,SAAS,4BAA4B;AAC9C,SAAS,2BAA2B;AACpC,SAAS,aAAa;AACtB,SAAS,gBAAgB,oBAAoB;AAC7C,SAAS,cAAc;AACvB,SAAS,YAAY;AACrB,SAAS,qBAAqB,4BAA4B,yBAAyB;AAkBpE,SAAR,4BAA6C;AAClD,QAAM,IAAI,KAAK;AACf,QAAM,SAAS,UAAU;AACzB,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,IAAI;AACjD,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAwB,IAAI;AAC5D,QAAM,CAAC,OAAO,QAAQ,IAAI,MAAM,SAAS,EAAE;AAC3C,QAAM,CAAC,SAAS,UAAU,IAAI,MAAM,SAAS,CAAC;AAC9C,QAAM,SAAS,MAAM,MAAM;AAC3B,QAAM,iBAAiB,MAAM,QAAQ,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAClE,QAAM,uBAAuB,MAAM;AAAA,IACjC,MAAM,2BAA2B,gBAAgB,CAAC;AAAA,IAClD,CAAC,gBAAgB,CAAC;AAAA,EACpB;AACA,QAAM,sBAAsB,MAAM,QAAQ,MACxC,uBACI,EAAE,mCAAmC,yCAAyC,EAAE,cAAc,qBAAqB,CAAC,IACpH,QACH,CAAC,sBAAsB,CAAC,CAAC;AAE5B,QAAM,UAAU,MAAM;AACpB,QAAI,YAAY;AAChB,mBAAe,OAAO;AACpB,iBAAW,IAAI;AACf,eAAS,IAAI;AACb,UAAI;AACF,cAAM,EAAE,IAAI,OAAO,IAAI,MAAM,QAAyB,mBAAmB;AACzE,YAAI,CAAC,GAAI,OAAM,IAAI,MAAM,EAAE,iCAAiC,yBAAyB,CAAC;AACtF,cAAM,gBAAgB,OAAO,QAAQ,UAAU,WAAW,OAAO,QAAQ;AACzE,YAAI,CAAC,UAAW,UAAS,aAAa;AAAA,MACxC,SAAS,KAAK;AACZ,gBAAQ,MAAM,+BAA+B,GAAG;AAChD,YAAI,CAAC,UAAW,UAAS,EAAE,iCAAiC,yBAAyB,CAAC;AAAA,MACxF,UAAE;AACA,YAAI,CAAC,UAAW,YAAW,KAAK;AAAA,MAClC;AAAA,IACF;AACA,SAAK;AACL,WAAO,MAAM;AAAE,kBAAY;AAAA,IAAK;AAAA,EAClC,GAAG,CAAC,CAAC,CAAC;AAEN,QAAM,SAAS,MAAM,QAAqB,MAAM;AAAA,IAC9C,EAAE,IAAI,SAAS,OAAO,EAAE,2BAA2B,OAAO,GAAG,MAAM,QAAQ,UAAU,KAAK;AAAA,IAC1F;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,qCAAqC,kBAAkB;AAAA,MAChE,MAAM;AAAA,IACR;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,8BAA8B,cAAc;AAAA,MACrD,MAAM;AAAA,MACN,aAAa;AAAA,IACf;AAAA,IACA;AAAA,MACE,IAAI;AAAA,MACJ,OAAO,EAAE,qCAAqC,sBAAsB;AAAA,MACpE,MAAM;AAAA,IACR;AAAA,EACF,GAAG,CAAC,qBAAqB,CAAC,CAAC;AAE3B,QAAM,SAAS,MAAM,QAAQ,MAAM;AACjC,UAAM,iBAAiB,oBAAoB;AAAA,MACzC,QAAQ;AAAA,MACR,SAAS,EAAE,iDAAiD,sCAAsC;AAAA,IACpG,CAAC;AACD,UAAM,yBAAyB,EAAE,MAAM,CAAC,EAAE,QAAQ,EAAE,GAAG,cAAc,CAAC,EAAE,SAAS;AACjF,WAAO,EAAE,OAAO;AAAA,MACd,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,GAAG,EAAE,0CAA0C,oBAAoB,CAAC;AAAA,MACjG,iBAAiB,EAAE,OAAO,EAAE,SAAS;AAAA,MACrC,UAAU;AAAA,MACV,iBAAiB,EAAE,OAAO,EAAE,SAAS;AAAA,IACvC,CAAC,EAAE,YAAY,CAAC,QAAQ,QAAQ;AAC9B,YAAM,kBAAkB,OAAO,iBAAiB,KAAK,KAAK;AAC1D,YAAM,WAAW,OAAO,UAAU,KAAK,KAAK;AAC5C,YAAM,kBAAkB,OAAO,iBAAiB,KAAK,KAAK;AAC1D,YAAM,oBAAoB,QAAQ,mBAAmB,YAAY,eAAe;AAEhF,UAAI,qBAAqB,CAAC,iBAAiB;AACzC,YAAI,SAAS;AAAA,UACX,MAAM,EAAE,aAAa;AAAA,UACrB,SAAS,EAAE,oDAAoD,+BAA+B;AAAA,UAC9F,MAAM,CAAC,iBAAiB;AAAA,QAC1B,CAAC;AAAA,MACH;AACA,UAAI,qBAAqB,CAAC,UAAU;AAClC,YAAI,SAAS;AAAA,UACX,MAAM,EAAE,aAAa;AAAA,UACrB,SAAS,EAAE,gDAAgD,2BAA2B;AAAA,UACtF,MAAM,CAAC,UAAU;AAAA,QACnB,CAAC;AAAA,MACH;AACA,UAAI,qBAAqB,CAAC,iBAAiB;AACzC,YAAI,SAAS;AAAA,UACX,MAAM,EAAE,aAAa;AAAA,UACrB,SAAS,EAAE,oDAAoD,kCAAkC;AAAA,UACjG,MAAM,CAAC,iBAAiB;AAAA,QAC1B,CAAC;AAAA,MACH;AACA,UAAI,YAAY,mBAAmB,aAAa,iBAAiB;AAC/D,YAAI,SAAS;AAAA,UACX,MAAM,EAAE,aAAa;AAAA,UACrB,SAAS,EAAE,6CAA6C,yBAAyB;AAAA,UACjF,MAAM,CAAC,iBAAiB;AAAA,QAC1B,CAAC;AAAA,MACH;AAAA,IACF,CAAC;AAAA,EACH,GAAG,CAAC,gBAAgB,CAAC,CAAC;AAEtB,QAAM,eAAe,MAAM,YAAY,OAAO,WAA8B;AAC1E,UAAM,YAAY,OAAO,OAAO,KAAK,KAAK;AAC1C,UAAM,kBAAkB,OAAO,iBAAiB,KAAK,KAAK;AAC1D,UAAM,WAAW,OAAO,UAAU,KAAK,KAAK;AAE5C,QAAI,CAAC,YAAY,cAAc,OAAO;AACpC,YAAM,oBAAoB,EAAE,sCAAsC,qBAAqB,CAAC;AAAA,IAC1F;AAEA,UAAM,UAA0E,EAAE,OAAO,UAAU;AACnG,QAAI,SAAU,SAAQ,WAAW;AACjC,QAAI,SAAU,SAAQ,kBAAkB;AAExC,UAAM,SAAS,MAAM;AAAA,MACnB;AAAA,MACA;AAAA,QACE,QAAQ;AAAA,QACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C,MAAM,KAAK,UAAU,OAAO;AAAA,MAC9B;AAAA,MACA,EAAE,cAAc,EAAE,iCAAiC,2BAA2B,EAAE;AAAA,IAClF;AAEA,UAAM,gBAAgB,OAAO,QAAQ,UAAU,WAAW,OAAO,QAAQ;AACzE,aAAS,aAAa;AACtB,eAAW,CAAC,SAAS,OAAO,CAAC;AAC7B,UAAM,EAAE,6BAA6B,kBAAkB,GAAG,SAAS;AACnE,WAAO,QAAQ;AAAA,EACjB,GAAG,CAAC,OAAO,QAAQ,CAAC,CAAC;AAErB,MAAI,SAAS;AACX,WAAO,oBAAC,kBAAe,OAAO,EAAE,6BAA6B,oBAAoB,GAAG;AAAA,EACtF;AAEA,MAAI,OAAO;AACT,WAAO,oBAAC,gBAAa,OAAO,OAAO;AAAA,EACrC;AAEA,SACE,qBAAC,aAAQ,WAAU,2DACjB;AAAA,yBAAC,YAAO,WAAU,qEAChB;AAAA,2BAAC,SAAI,WAAU,aACb;AAAA,4BAAC,QAAG,WAAU,yBAAyB,YAAE,6BAA6B,iBAAiB,GAAE;AAAA,QACzF,oBAAC,OAAE,WAAU,iCACV,YAAE,yBAAyB,iBAAiB,GAC/C;AAAA,SACF;AAAA,MACA,qBAAC,UAAO,MAAK,UAAS,MAAM,QAC1B;AAAA,4BAAC,QAAK,WAAU,eAAc;AAAA,QAC7B,EAAE,0BAA0B,cAAc;AAAA,SAC7C;AAAA,OACF;AAAA,IACA;AAAA,MAAC;AAAA;AAAA,QAEC;AAAA,QACA;AAAA,QACA;AAAA,QACA,eAAe;AAAA,UACb;AAAA,UACA,iBAAiB;AAAA,UACjB,UAAU;AAAA,UACV,iBAAiB;AAAA,QACnB;AAAA,QACA,aAAa,EAAE,0BAA0B,cAAc;AAAA,QACvD,UAAU;AAAA,QACV,UAAQ;AAAA,QACR,mBAAiB;AAAA;AAAA,MAbZ;AAAA,IAcP;AAAA,KACF;AAEJ;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|