@rpcbase/server 0.475.0 → 0.477.0

package/dist/{handler-xi0XKR-Y.js → handler-BOTZftAB.js}

@@ -1,8 +1,8 @@
 import { loadModel, getTenantFilesystemDb } from "@rpcbase/db";
 import { GridFSBucket, ObjectId } from "mongodb";
-import { g as getTenantId, a as getModelCtx, b as getOwnershipSelector, e as ensureUploadIndexes, c as getBucketName, d as getUserId, f as getChunkSizeBytes, h as getSessionTtlMs, i as computeSha256Hex, t as toBufferPayload, n as normalizeSha256Hex, j as getMaxClientUploadBytesPerSecond, k as getRawBodyLimitBytes } from "./shared-Chfrv8o6.js";
+import { g as getTenantId, a as getModelCtx, b as buildUploadsAbility, c as getUploadSessionAccessQuery, e as ensureUploadIndexes, d as getBucketName, f as getUserId, h as getChunkSizeBytes, i as getSessionTtlMs, j as computeSha256Hex, t as toBufferPayload, n as normalizeSha256Hex, k as getMaxClientUploadBytesPerSecond, l as getRawBodyLimitBytes } from "./shared-UGuDRAKK.js";
 import { randomBytes } from "node:crypto";
-import { o as object, n as number, s as string, b as boolean, a as array, _ as _enum } from "./schemas-CyxqObur.js";
+import { o as object, n as number, s as string, b as boolean, a as array, _ as _enum } from "./schemas-D5T9tDtI.js";
 const waitForStreamFinished = async (stream) => new Promise((resolve, reject) => {
   stream.once("finish", resolve);
   stream.once("error", reject);
@@ -37,7 +37,8 @@ const abortUploadStream = async (stream) => {
     }
   }
   try {
-    stream.destroy();
+    ;
+    stream.destroy?.();
   } catch {
   }
 };
@@ -57,21 +58,21 @@ const completeUpload = async (_payload, ctx) => {
     loadModel("RBUploadSession", modelCtx),
     loadModel("RBUploadChunk", modelCtx)
   ]);
-  const existing = await UploadSession.findOne({ _id: uploadId }).lean();
+  const ability = buildUploadsAbility(ctx, tenantId);
+  if (!ability.can("update", "RBUploadSession")) {
+    ctx.res.status(401);
+    return { ok: false, error: "unauthorized" };
+  }
+  const existing = await UploadSession.findOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "read")] }).lean();
   if (!existing) {
     ctx.res.status(404);
     return { ok: false, error: "not_found" };
   }
-  const ownershipSelector = getOwnershipSelector(ctx, existing);
-  if (!ownershipSelector) {
-    ctx.res.status(401);
-    return { ok: false, error: "unauthorized" };
-  }
   if (existing.status === "done" && existing.fileId) {
     return { ok: true, fileId: existing.fileId };
   }
   const locked = await UploadSession.findOneAndUpdate(
-    { _id: uploadId, ...ownershipSelector, status: "uploading" },
+    { $and: [{ _id: uploadId }, { status: "uploading" }, getUploadSessionAccessQuery(ability, "update")] },
     { $set: { status: "assembling" }, $unset: { error: "" } },
     { new: true }
   ).lean();
@@ -84,7 +85,7 @@ const completeUpload = async (_payload, ctx) => {
   const nativeDb = fsDb.db;
   if (!nativeDb) {
     await UploadSession.updateOne(
-      { _id: uploadId, ...ownershipSelector },
+      { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] },
       { $set: { status: "error", error: "filesystem_db_unavailable" } }
     );
     ctx.res.status(500);
@@ -106,8 +107,7 @@ const completeUpload = async (_payload, ctx) => {
     const cursor = UploadChunk.find({ uploadId }).sort({ index: 1 }).cursor();
     let expectedIndex = 0;
     try {
-      for await (const doc of cursor) {
-        const chunkDoc = doc;
+      for await (const chunkDoc of cursor) {
         if (chunkDoc.index !== expectedIndex) {
           throw new Error("missing_chunks");
         }
@@ -131,7 +131,7 @@ const completeUpload = async (_payload, ctx) => {
       throw new Error("missing_file_id");
     }
     await UploadSession.updateOne(
-      { _id: uploadId, ...ownershipSelector },
+      { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] },
       { $set: { status: "done", fileId }, $unset: { error: "" } }
     );
     try {
@@ -144,14 +144,14 @@ const completeUpload = async (_payload, ctx) => {
     await abortUploadStream(uploadStream);
     if (message === "missing_chunks") {
       await UploadSession.updateOne(
-        { _id: uploadId, ...ownershipSelector },
+        { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] },
         { $set: { status: "uploading" } }
       );
       ctx.res.status(409);
       return { ok: false, error: "missing_chunks" };
     }
     await UploadSession.updateOne(
-      { _id: uploadId, ...ownershipSelector },
+      { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] },
       { $set: { status: "error", error: message } }
     );
     ctx.res.status(500);
@@ -174,21 +174,21 @@ const getStatus = async (_payload, ctx) => {
     loadModel("RBUploadSession", modelCtx),
     loadModel("RBUploadChunk", modelCtx)
   ]);
-  const session = await UploadSession.findOne({ _id: uploadId }).lean();
+  const ability = buildUploadsAbility(ctx, tenantId);
+  if (!ability.can("read", "RBUploadSession")) {
+    ctx.res.status(401);
+    return { ok: false, error: "unauthorized" };
+  }
+  const session = await UploadSession.findOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "read")] }).lean();
   if (!session) {
     ctx.res.status(404);
     return { ok: false, error: "not_found" };
   }
-  const ownershipSelector = getOwnershipSelector(ctx, session);
-  if (!ownershipSelector) {
-    ctx.res.status(401);
-    return { ok: false, error: "unauthorized" };
-  }
   const receivedDocs = await UploadChunk.find(
     { uploadId },
     { index: 1, _id: 0 }
   ).sort({ index: 1 }).lean();
-  const received = receivedDocs.map((d) => Number(d?.index ?? -1)).filter((n) => Number.isInteger(n) && n >= 0);
+  const received = receivedDocs.map((doc) => typeof doc.index === "number" ? doc.index : -1).filter((n) => Number.isInteger(n) && n >= 0);
   return {
     ok: true,
     status: session.status,
@@ -294,16 +294,16 @@ const uploadChunk = async (payload, ctx) => {
     loadModel("RBUploadSession", modelCtx),
     loadModel("RBUploadChunk", modelCtx)
   ]);
-  const session = await UploadSession.findOne({ _id: uploadId }).lean();
+  const ability = buildUploadsAbility(ctx, tenantId);
+  if (!ability.can("update", "RBUploadSession")) {
+    ctx.res.status(401);
+    return { ok: false, error: "unauthorized" };
+  }
+  const session = await UploadSession.findOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, "update")] }).lean();
   if (!session) {
     ctx.res.status(404);
     return { ok: false, error: "not_found" };
   }
-  const ownershipSelector = getOwnershipSelector(ctx, session);
-  if (!ownershipSelector) {
-    ctx.res.status(401);
-    return { ok: false, error: "unauthorized" };
-  }
   if (session.status !== "uploading") {
     ctx.res.status(409);
     return { ok: false, error: "not_uploading" };

package/dist/handler-B_mMDLBO.js

@@ -0,0 +1,437 @@
+import { loadModel } from "@rpcbase/db";
+import { buildAbilityFromSession, getAccessibleByQuery } from "@rpcbase/db/acl";
+import { createNotification, sendNotificationsDigestForUser } from "./notifications.js";
+import { o as object, b as boolean, n as number, a as array, s as string, r as record, u as unknown, _ as _enum } from "./schemas-D5T9tDtI.js";
+const getSessionUser = (ctx) => {
+  const rawSessionUser = ctx.req.session?.user;
+  const userId = typeof rawSessionUser?.id === "string" ? rawSessionUser.id.trim() : "";
+  const tenantId = typeof rawSessionUser?.currentTenantId === "string" ? rawSessionUser.currentTenantId.trim() : "";
+  if (!userId) {
+    ctx.res.status(401);
+    return null;
+  }
+  if (!tenantId) {
+    ctx.res.status(400);
+    return null;
+  }
+  return { userId, tenantId };
+};
+const ListRoute = "/api/rb/notifications";
+const CreateRoute = "/api/rb/notifications/create";
+const MarkReadRoute = "/api/rb/notifications/:notificationId/read";
+const ArchiveRoute = "/api/rb/notifications/:notificationId/archive";
+const MarkAllReadRoute = "/api/rb/notifications/mark-all-read";
+const SettingsRoute = "/api/rb/notifications/settings";
+const DigestRunRoute = "/api/rb/notifications/digest/run";
+const listRequestSchema = object({
+  includeArchived: boolean().optional(),
+  unreadOnly: boolean().optional(),
+  limit: number().int().min(1).max(200).optional(),
+  markSeen: boolean().optional()
+});
+const createRequestSchema = object({
+  topic: string().trim().min(1).optional(),
+  title: string().trim().min(1),
+  body: string().trim().optional(),
+  url: string().trim().optional(),
+  metadata: record(string(), unknown()).optional()
+});
+const notificationSchema = object({
+  id: string(),
+  topic: string().optional(),
+  title: string(),
+  body: string().optional(),
+  url: string().optional(),
+  createdAt: string(),
+  seenAt: string().optional(),
+  readAt: string().optional(),
+  archivedAt: string().optional(),
+  metadata: record(string(), unknown()).optional()
+});
+const listResponseSchema = object({
+  ok: boolean(),
+  error: string().optional(),
+  notifications: array(notificationSchema).optional(),
+  unreadCount: number().int().min(0).optional(),
+  unseenCount: number().int().min(0).optional()
+});
+const createResponseSchema = object({
+  ok: boolean(),
+  error: string().optional(),
+  id: string().optional()
+});
+object({
+  ok: boolean(),
+  error: string().optional()
+});
+object({
+  ok: boolean(),
+  error: string().optional()
+});
+object({
+  ok: boolean(),
+  error: string().optional()
+});
+const digestFrequencySchema = _enum(["off", "daily", "weekly"]);
+const topicPreferenceSchema = object({
+  topic: string(),
+  inApp: boolean(),
+  emailDigest: boolean(),
+  push: boolean()
+});
+const settingsSchema = object({
+  digestFrequency: digestFrequencySchema,
+  topicPreferences: array(topicPreferenceSchema),
+  lastDigestSentAt: string().optional()
+});
+const settingsResponseSchema = object({
+  ok: boolean(),
+  error: string().optional(),
+  settings: settingsSchema.optional()
+});
+const updateSettingsRequestSchema = object({
+  digestFrequency: digestFrequencySchema.optional(),
+  topicPreferences: array(topicPreferenceSchema).optional()
+});
+const updateSettingsResponseSchema = object({
+  ok: boolean(),
+  error: string().optional(),
+  settings: settingsSchema.optional()
+});
+const digestRunRequestSchema = object({
+  force: boolean().optional()
+});
+object({
+  ok: boolean(),
+  error: string().optional(),
+  sent: boolean().optional(),
+  skippedReason: string().optional()
+});
+const toIso = (value) => value instanceof Date ? value.toISOString() : void 0;
+const buildDisabledTopics = (settings, key) => {
+  const raw = settings?.topicPreferences;
+  if (!Array.isArray(raw) || raw.length === 0) return [];
+  return raw.map((pref) => {
+    if (!pref || typeof pref !== "object") return null;
+    const topic = typeof pref.topic === "string" ? pref.topic.trim() : "";
+    if (!topic) return null;
+    const enabled = pref[key] === true;
+    return enabled ? null : topic;
+  }).filter((topic) => Boolean(topic));
+};
+const listNotifications = async (payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return { ok: false, error: "unauthorized" };
+  }
+  const ability = buildAbilityFromSession({ tenantId: session.tenantId, session: ctx.req.session });
+  if (!ability.can("read", "RBNotification")) {
+    ctx.res.status(403);
+    return { ok: false, error: "forbidden" };
+  }
+  const parsed = listRequestSchema.safeParse(payload);
+  if (!parsed.success) {
+    ctx.res.status(400);
+    return { ok: false, error: "invalid_payload" };
+  }
+  const { userId } = session;
+  const includeArchived = parsed.data.includeArchived === true;
+  const unreadOnly = parsed.data.unreadOnly === true;
+  const limit = parsed.data.limit ?? 50;
+  const markSeen = parsed.data.markSeen === true;
+  const SettingsModel = await loadModel("RBNotificationSettings", ctx);
+  const settings = await SettingsModel.findOne({ userId }).lean();
+  const disabledTopics = buildDisabledTopics(settings, "inApp");
+  const NotificationModel = await loadModel("RBNotification", ctx);
+  const queryFilters = [
+    { userId },
+    getAccessibleByQuery(ability, "read", "RBNotification")
+  ];
+  if (!includeArchived) queryFilters.push({ archivedAt: { $exists: false } });
+  if (unreadOnly) queryFilters.push({ readAt: { $exists: false } });
+  if (disabledTopics.length > 0) queryFilters.push({ topic: { $nin: disabledTopics } });
+  const query = { $and: queryFilters };
+  const notifications = await NotificationModel.find(query).sort({ createdAt: -1 }).limit(limit).lean();
+  const unseenQueryFilters = [
+    { userId },
+    { archivedAt: { $exists: false } },
+    { seenAt: { $exists: false } },
+    getAccessibleByQuery(ability, "read", "RBNotification")
+  ];
+  if (disabledTopics.length > 0) unseenQueryFilters.push({ topic: { $nin: disabledTopics } });
+  const unseenQuery = { $and: unseenQueryFilters };
+  const unreadQueryFilters = [
+    { userId },
+    { archivedAt: { $exists: false } },
+    { readAt: { $exists: false } },
+    getAccessibleByQuery(ability, "read", "RBNotification")
+  ];
+  if (disabledTopics.length > 0) unreadQueryFilters.push({ topic: { $nin: disabledTopics } });
+  const unreadQuery = { $and: unreadQueryFilters };
+  const [unreadCount, unseenCount] = await Promise.all([
+    NotificationModel.countDocuments(unreadQuery),
+    NotificationModel.countDocuments(unseenQuery)
+  ]);
+  const now = markSeen ? /* @__PURE__ */ new Date() : null;
+  if (now && unseenCount > 0) {
+    await NotificationModel.updateMany(unseenQuery, { $set: { seenAt: now } });
+  }
+  return listResponseSchema.parse({
+    ok: true,
+    notifications: notifications.map((n) => ({
+      id: String(n._id),
+      topic: typeof n.topic === "string" ? n.topic : void 0,
+      title: typeof n.title === "string" ? n.title : "",
+      body: typeof n.body === "string" ? n.body : void 0,
+      url: typeof n.url === "string" ? n.url : void 0,
+      createdAt: toIso(n.createdAt) ?? (/* @__PURE__ */ new Date()).toISOString(),
+      seenAt: toIso(n.seenAt) ?? (now && !n.archivedAt && !n.seenAt ? now.toISOString() : void 0),
+      readAt: toIso(n.readAt),
+      archivedAt: toIso(n.archivedAt),
+      metadata: typeof n.metadata === "object" && n.metadata !== null ? n.metadata : void 0
+    })),
+    unreadCount,
+    unseenCount: now ? 0 : unseenCount
+  });
+};
+const createNotificationForCurrentUser = async (payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return { ok: false, error: "unauthorized" };
+  }
+  const ability = buildAbilityFromSession({ tenantId: session.tenantId, session: ctx.req.session });
+  if (!ability.can("create", "RBNotification")) {
+    ctx.res.status(403);
+    return { ok: false, error: "forbidden" };
+  }
+  const parsed = createRequestSchema.safeParse(payload);
+  if (!parsed.success) {
+    ctx.res.status(400);
+    return { ok: false, error: "invalid_payload" };
+  }
+  const created = await createNotification(ctx, {
+    userId: session.userId,
+    topic: parsed.data.topic,
+    title: parsed.data.title,
+    body: parsed.data.body,
+    url: parsed.data.url,
+    metadata: parsed.data.metadata
+  });
+  return createResponseSchema.parse({ ok: true, id: created.id });
+};
+const markRead = async (_payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return { ok: false, error: "unauthorized" };
+  }
+  const ability = buildAbilityFromSession({ tenantId: session.tenantId, session: ctx.req.session });
+  if (!ability.can("update", "RBNotification")) {
+    ctx.res.status(403);
+    return { ok: false, error: "forbidden" };
+  }
+  const notificationId = typeof ctx.req.params.notificationId === "string" ? ctx.req.params.notificationId.trim() : "";
+  if (!notificationId) {
+    ctx.res.status(400);
+    return { ok: false, error: "missing_notification_id" };
+  }
+  const NotificationModel = await loadModel("RBNotification", ctx);
+  const now = /* @__PURE__ */ new Date();
+  try {
+    await NotificationModel.updateOne(
+      { $and: [{ _id: notificationId }, { archivedAt: { $exists: false } }, getAccessibleByQuery(ability, "update", "RBNotification")] },
+      { $set: { readAt: now, seenAt: now } }
+    );
+  } catch {
+    ctx.res.status(400);
+    return { ok: false, error: "invalid_notification_id" };
+  }
+  return { ok: true };
+};
+const markAllRead = async (_payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return { ok: false, error: "unauthorized" };
+  }
+  const ability = buildAbilityFromSession({ tenantId: session.tenantId, session: ctx.req.session });
+  if (!ability.can("update", "RBNotification")) {
+    ctx.res.status(403);
+    return { ok: false, error: "forbidden" };
+  }
+  const SettingsModel = await loadModel("RBNotificationSettings", ctx);
+  const settings = await SettingsModel.findOne({ userId: session.userId }).lean();
+  const disabledTopics = buildDisabledTopics(settings, "inApp");
+  const NotificationModel = await loadModel("RBNotification", ctx);
+  const queryFilters = [
+    { userId: session.userId },
+    { archivedAt: { $exists: false } },
+    { readAt: { $exists: false } },
+    getAccessibleByQuery(ability, "update", "RBNotification")
+  ];
+  if (disabledTopics.length > 0) queryFilters.push({ topic: { $nin: disabledTopics } });
+  const query = { $and: queryFilters };
+  const now = /* @__PURE__ */ new Date();
+  await NotificationModel.updateMany(query, { $set: { readAt: now, seenAt: now } });
+  return { ok: true };
+};
+const archiveNotification = async (_payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return { ok: false, error: "unauthorized" };
+  }
+  const ability = buildAbilityFromSession({ tenantId: session.tenantId, session: ctx.req.session });
+  if (!ability.can("update", "RBNotification")) {
+    ctx.res.status(403);
+    return { ok: false, error: "forbidden" };
+  }
+  const notificationId = typeof ctx.req.params.notificationId === "string" ? ctx.req.params.notificationId.trim() : "";
+  if (!notificationId) {
+    ctx.res.status(400);
+    return { ok: false, error: "missing_notification_id" };
+  }
+  const NotificationModel = await loadModel("RBNotification", ctx);
+  try {
+    await NotificationModel.updateOne(
+      { $and: [{ _id: notificationId }, { archivedAt: { $exists: false } }, getAccessibleByQuery(ability, "update", "RBNotification")] },
+      { $set: { archivedAt: /* @__PURE__ */ new Date() } }
+    );
+  } catch {
+    ctx.res.status(400);
+    return { ok: false, error: "invalid_notification_id" };
+  }
+  return { ok: true };
+};
+const getSettings = async (_payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return { ok: false, error: "unauthorized" };
+  }
+  const ability = buildAbilityFromSession({ tenantId: session.tenantId, session: ctx.req.session });
+  if (!ability.can("read", "RBNotificationSettings")) {
+    ctx.res.status(403);
+    return { ok: false, error: "forbidden" };
+  }
+  const SettingsModel = await loadModel("RBNotificationSettings", ctx);
+  const settings = await SettingsModel.findOne(
+    { $and: [{ userId: session.userId }, getAccessibleByQuery(ability, "read", "RBNotificationSettings")] }
+  ).lean();
+  const digestFrequencyRaw = typeof settings?.digestFrequency === "string" ? settings.digestFrequency : "weekly";
+  const digestFrequency = digestFrequencyRaw === "off" || digestFrequencyRaw === "daily" || digestFrequencyRaw === "weekly" ? digestFrequencyRaw : "weekly";
+  const topicPreferences = Array.isArray(settings?.topicPreferences) ? settings.topicPreferences.map((pref) => ({
+    topic: typeof pref.topic === "string" ? pref.topic : "",
+    inApp: pref.inApp === true,
+    emailDigest: pref.emailDigest === true,
+    push: pref.push === true
+  })).filter((pref) => pref.topic.length > 0) : [];
+  return settingsResponseSchema.parse({
+    ok: true,
+    settings: {
+      digestFrequency,
+      topicPreferences,
+      lastDigestSentAt: toIso(settings?.lastDigestSentAt)
+    }
+  });
+};
+const updateSettings = async (payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return { ok: false, error: "unauthorized" };
+  }
+  const ability = buildAbilityFromSession({ tenantId: session.tenantId, session: ctx.req.session });
+  if (!ability.can("update", "RBNotificationSettings")) {
+    ctx.res.status(403);
+    return { ok: false, error: "forbidden" };
+  }
+  const parsed = updateSettingsRequestSchema.safeParse(payload);
+  if (!parsed.success) {
+    ctx.res.status(400);
+    return { ok: false, error: "invalid_payload" };
+  }
+  const SettingsModel = await loadModel("RBNotificationSettings", ctx);
+  const nextValues = {};
+  if (parsed.data.digestFrequency) {
+    nextValues.digestFrequency = parsed.data.digestFrequency;
+  }
+  if (parsed.data.topicPreferences) {
+    const seen = /* @__PURE__ */ new Set();
+    const next = parsed.data.topicPreferences.map((pref) => ({
+      topic: pref.topic.trim(),
+      inApp: pref.inApp,
+      emailDigest: pref.emailDigest,
+      push: pref.push
+    })).filter((pref) => pref.topic.length > 0).filter((pref) => {
+      if (seen.has(pref.topic)) return false;
+      seen.add(pref.topic);
+      return true;
+    });
+    nextValues.topicPreferences = next;
+  }
+  const ops = {
+    $setOnInsert: { userId: session.userId }
+  };
+  if (Object.keys(nextValues).length > 0) {
+    ops.$set = nextValues;
+  }
+  const settings = await SettingsModel.findOneAndUpdate(
+    { $and: [{ userId: session.userId }, getAccessibleByQuery(ability, "update", "RBNotificationSettings")] },
+    ops,
+    { upsert: true, new: true, setDefaultsOnInsert: true }
+  ).lean();
+  const digestFrequencyRaw = typeof settings?.digestFrequency === "string" ? settings.digestFrequency : "weekly";
+  const digestFrequency = digestFrequencyRaw === "off" || digestFrequencyRaw === "daily" || digestFrequencyRaw === "weekly" ? digestFrequencyRaw : "weekly";
+  const topicPreferences = Array.isArray(settings?.topicPreferences) ? settings.topicPreferences.map((pref) => ({
+    topic: typeof pref.topic === "string" ? pref.topic : "",
+    inApp: pref.inApp === true,
+    emailDigest: pref.emailDigest === true,
+    push: pref.push === true
+  })).filter((pref) => pref.topic.length > 0) : [];
+  return updateSettingsResponseSchema.parse({
+    ok: true,
+    settings: {
+      digestFrequency,
+      topicPreferences,
+      lastDigestSentAt: toIso(settings?.lastDigestSentAt)
+    }
+  });
+};
+const runDigest = async (payload, ctx) => {
+  const session = getSessionUser(ctx);
+  if (!session) {
+    return { ok: false, error: "unauthorized" };
+  }
+  const ability = buildAbilityFromSession({ tenantId: session.tenantId, session: ctx.req.session });
+  if (!ability.can("read", "RBNotification")) {
+    ctx.res.status(403);
+    return { ok: false, error: "forbidden" };
+  }
+  const parsed = digestRunRequestSchema.safeParse(payload);
+  if (!parsed.success) {
+    ctx.res.status(400);
+    return { ok: false, error: "invalid_payload" };
+  }
+  const result = await sendNotificationsDigestForUser(ctx, {
+    userId: session.userId,
+    force: parsed.data.force === true
+  });
+  if (!result.ok) {
+    ctx.res.status(500);
+    return { ok: false, error: result.error };
+  }
+  return {
+    ok: true,
+    sent: result.sent,
+    ...result.skippedReason ? { skippedReason: result.skippedReason } : {}
+  };
+};
+const handler = (api) => {
+  api.post(ListRoute, listNotifications);
+  api.post(CreateRoute, createNotificationForCurrentUser);
+  api.post(MarkReadRoute, markRead);
+  api.post(MarkAllReadRoute, markAllRead);
+  api.post(ArchiveRoute, archiveNotification);
+  api.get(SettingsRoute, getSettings);
+  api.put(SettingsRoute, updateSettings);
+  api.post(DigestRunRoute, runDigest);
+};
+export {
+  handler as default
+};

package/dist/{handler-BYVnU9H-.js → handler-Cl-0-832.js}

@@ -1,6 +1,6 @@
 import { getTenantFilesystemDb } from "@rpcbase/db";
 import { ObjectId, GridFSBucket } from "mongodb";
-import { g as getTenantId, c as getBucketName } from "./shared-Chfrv8o6.js";
+import { g as getTenantId, d as getBucketName } from "./shared-UGuDRAKK.js";
 const deleteFile = async (_payload, ctx) => {
   const tenantId = getTenantId(ctx);
   if (!tenantId) {

package/dist/{handler-CTL2iQCj.js → handler-Dd20DHyz.js}

@@ -1,5 +1,6 @@
 import { loadModel, ZRBRtsChangeOp } from "@rpcbase/db";
-import { o as object, a as array, s as string, n as number, b as boolean, _ as _enum } from "./schemas-CyxqObur.js";
+import { buildAbilityFromSession } from "@rpcbase/db/acl";
+import { o as object, a as array, s as string, n as number, b as boolean, _ as _enum } from "./schemas-D5T9tDtI.js";
 const Route = "/api/rb/rts/changes";
 const requestSchema = object({
   sinceSeq: number().int().min(0).default(0),
@@ -68,6 +69,7 @@ const changesHandler = async (payload, ctx) => {
     ctx.res.status(401);
     return { ok: false, latestSeq: 0, changes: [] };
   }
+  const ability = buildAbilityFromSession({ tenantId, session: ctx.req.session });
   const modelCtx = getModelCtx(ctx, tenantId);
   const [RtsChange, RtsCounter] = await Promise.all([
     loadModel("RBRtsChange", modelCtx),
@@ -76,24 +78,26 @@ const changesHandler = async (payload, ctx) => {
   const counter = await RtsCounter.findOne({ _id: "rts" }, { seq: 1 }).lean();
   const latestSeq = Number(counter?.seq ?? 0) || 0;
   const { sinceSeq, limit, modelNames } = parsed.data;
-  const earliestSelector = {};
-  if (Array.isArray(modelNames) && modelNames.length) {
-    earliestSelector.modelName = { $in: modelNames };
+  const requestedModelNames = Array.isArray(modelNames) && modelNames.length ? modelNames.map((m) => String(m)).filter(Boolean) : null;
+  const allowedModelNames = requestedModelNames ? requestedModelNames.filter((m) => ability.can("read", m)) : Array.from(
+    new Set(
+      (await RtsChange.distinct("modelName")).map((m) => String(m)).filter(Boolean).filter((m) => ability.can("read", m))
+    )
+  );
+  let earliestSeq;
+  if (allowedModelNames.length) {
+    const earliest = await RtsChange.findOne({ modelName: { $in: allowedModelNames } }, { seq: 1 }).sort({ seq: 1 }).lean();
+    earliestSeq = earliest?.seq ? Number(earliest.seq) : void 0;
   }
-  const earliest = await RtsChange.findOne(earliestSelector, { seq: 1 }).sort({ seq: 1 }).lean();
-  const earliestSeq = earliest?.seq ? Number(earliest.seq) : void 0;
   const needsFullResync = typeof earliestSeq === "number" && sinceSeq < earliestSeq - 1;
-  const selector = { seq: { $gt: sinceSeq } };
-  if (Array.isArray(modelNames) && modelNames.length) {
-    selector.modelName = { $in: modelNames };
-  }
+  const selector = { seq: { $gt: sinceSeq }, modelName: { $in: allowedModelNames } };
   const changes = await RtsChange.find(selector, { _id: 0, seq: 1, modelName: 1, op: 1, docId: 1 }).sort({ seq: 1 }).limit(limit).lean();
   return {
     ok: true,
     needsFullResync: needsFullResync || void 0,
     earliestSeq,
     latestSeq,
-    changes: Array.isArray(changes) ? changes.filter(isRtsChangeRecord).map((c) => ({
+    changes: Array.isArray(changes) ? changes.filter(isRtsChangeRecord).filter((c) => ability.can("read", c.modelName)).map((c) => ({
       seq: Number(c.seq),
       modelName: String(c.modelName),
       op: c.op,

package/dist/index.d.ts

@@ -4,5 +4,4 @@ export * from './hashPassword';
 export * from './passwordHashStorage';
 export * from './ssrMiddleware';
 export * from './email';
-export * from './rts/index';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAA;AAC5B,cAAc,iBAAiB,CAAA;AAC/B,cAAc,gBAAgB,CAAA;AAC9B,cAAc,uBAAuB,CAAA;AACrC,cAAc,iBAAiB,CAAA;AAC/B,cAAc,SAAS,CAAA;AACvB,cAAc,aAAa,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAA;AAC5B,cAAc,iBAAiB,CAAA;AAC/B,cAAc,gBAAgB,CAAA;AAC9B,cAAc,uBAAuB,CAAA;AACrC,cAAc,iBAAiB,CAAA;AAC/B,cAAc,SAAS,CAAA"}