@rpcbase/server 0.543.0 → 0.544.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/dist/{handler-ClQF4MOn.js → handler-BPtmV7Gp.js} +2 -2
  2. package/dist/{handler-ClQF4MOn.js.map → handler-BPtmV7Gp.js.map} +1 -1
  3. package/dist/{handler--FFBJMl6.js → handler-TcIyb69f.js} +2 -8
  4. package/dist/handler-TcIyb69f.js.map +1 -0
  5. package/dist/{handler-COnCnprN.js → handler-V5AVyt5y.js} +2 -2
  6. package/dist/{handler-COnCnprN.js.map → handler-V5AVyt5y.js.map} +1 -1
  7. package/dist/index.js +1 -1
  8. package/dist/{queryExecutor-CGFVBzI1.js → queryExecutor-DTEFEB5Z.js} +17 -56
  9. package/dist/queryExecutor-DTEFEB5Z.js.map +1 -0
  10. package/dist/rts/api/changes/handler.d.ts.map +1 -1
  11. package/dist/rts/index.d.ts +1 -1
  12. package/dist/rts/index.d.ts.map +1 -1
  13. package/dist/rts/index.js +19 -65
  14. package/dist/rts/index.js.map +1 -1
  15. package/dist/rts/queryExecutor.d.ts +0 -2
  16. package/dist/rts/queryExecutor.d.ts.map +1 -1
  17. package/dist/{shared-nE84Or5W.js → shared-xNnTJqaH.js} +2 -9
  18. package/dist/shared-xNnTJqaH.js.map +1 -0
  19. package/dist/uploads/api/file-uploads/shared.d.ts.map +1 -1
  20. package/dist/uploads.js +1 -1
  21. package/package.json +1 -1
  22. package/dist/handler--FFBJMl6.js.map +0 -1
  23. package/dist/queryExecutor-CGFVBzI1.js.map +0 -1
  24. package/dist/shared-nE84Or5W.js.map +0 -1
package/dist/{handler-ClQF4MOn.js → handler-BPtmV7Gp.js} RENAMED
@@ -3,7 +3,7 @@ import { GridFSBucket, ObjectId } from "mongodb";
3
3
  import { enqueueUploadPostProcessors } from "./uploads.js";
4
4
  import { JSDOM } from "jsdom";
5
5
  import createDOMPurify from "dompurify";
6
- import { g as getTenantId, b as buildUploadsAbility, a as getUploadSessionAccessQuery, e as ensureUploadIndexes, c as getBucketName, d as getModelCtx, f as getUserId, h as getChunkSizeBytes, i as getSessionTtlMs, j as computeSha256Hex, t as toBufferPayload, n as normalizeSha256Hex, k as getMaxClientUploadBytesPerSecond, l as getRawBodyLimitBytes } from "./shared-nE84Or5W.js";
6
+ import { g as getTenantId, b as buildUploadsAbility, a as getUploadSessionAccessQuery, e as ensureUploadIndexes, c as getBucketName, d as getModelCtx, f as getUserId, h as getChunkSizeBytes, i as getSessionTtlMs, j as computeSha256Hex, t as toBufferPayload, n as normalizeSha256Hex, k as getMaxClientUploadBytesPerSecond, l as getRawBodyLimitBytes } from "./shared-xNnTJqaH.js";
7
7
  import { randomBytes } from "node:crypto";
8
8
  import { o as object, n as number, b as boolean, s as string, a as array, _ as _enum } from "./schemas-Cjdjgehl.js";
9
9
  const MAX_SVG_BYTES = 128 * 1024;
@@ -928,4 +928,4 @@ const handler = (api) => {
928
928
  export {
929
929
  handler as default
930
930
  };
931
- //# sourceMappingURL=handler-ClQF4MOn.js.map
931
+ //# sourceMappingURL=handler-BPtmV7Gp.js.map
package/dist/{handler-ClQF4MOn.js.map → handler-BPtmV7Gp.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"handler-ClQF4MOn.js","sources":["../src/uploads/api/file-uploads/processors/sanitizeSvg.ts","../src/uploads/api/file-uploads/processors/index.ts","../src/uploads/api/file-uploads/handlers/completeUpload.ts","../src/uploads/api/file-uploads/handlers/getStatus.ts","../src/uploads/api/file-uploads/index.ts","../src/uploads/api/file-uploads/handlers/initUpload.ts","../src/uploads/api/file-uploads/handlers/uploadChunk.ts","../src/uploads/api/file-uploads/middleware/rawBodyParser.ts","../src/uploads/api/file-uploads/handler.ts"],"sourcesContent":["import { JSDOM } from \"jsdom\"\nimport createDOMPurify from \"dompurify\"\n\nimport type { UploadFileProcessor } from \"./index\"\n\n\nconst MAX_SVG_BYTES = 128 * 1024\n\nconst window = new JSDOM(\"\").window\nconst DOMPurify = createDOMPurify(window)\n\nconst normalizeForSniff = (raw: string): string => raw.replace(/^\\uFEFF/, \"\").trimStart()\n\nconst looksLikeSvgText = (text: string): boolean => {\n const normalized = normalizeForSniff(text)\n if (!normalized.startsWith(\"<\")) return false\n return /<svg(?:\\s|>)/i.test(normalized)\n}\n\nexport const looksLikeSvg = (sniff: Buffer): boolean => looksLikeSvgText(sniff.toString(\"utf8\"))\n\nexport const sanitizeSvg = (svg: string): string =>\n DOMPurify.sanitize(svg, {\n USE_PROFILES: { svg: true, svgFilters: true },\n })\n\nexport const sanitizeSvgProcessor: UploadFileProcessor = {\n id: \"sanitize-svg\",\n maxBytes: MAX_SVG_BYTES,\n match: ({ sniff }) => looksLikeSvg(sniff),\n process: (data): { data: Buffer; mimeType: string } => {\n if (data.length > MAX_SVG_BYTES) {\n throw new Error(\"svg_too_large\")\n }\n\n const svgText = data.toString(\"utf8\")\n if (!looksLikeSvgText(svgText)) {\n throw new Error(\"svg_invalid\")\n }\n\n const sanitized = sanitizeSvg(svgText)\n if (!sanitized.trim() || !looksLikeSvgText(sanitized)) {\n throw new Error(\"svg_sanitize_failed\")\n }\n\n const sanitizedBuffer = Buffer.from(sanitized, \"utf8\")\n if (sanitizedBuffer.length > MAX_SVG_BYTES) {\n throw new Error(\"svg_too_large\")\n }\n\n return { data: sanitizedBuffer, mimeType: \"image/svg+xml\" }\n },\n}\n\n","import { sanitizeSvgProcessor } from \"./sanitizeSvg\"\n\n\nexport type UploadFileProcessorContext = {\n filename: string\n clientMimeType: string\n totalSize: number\n sniff: Buffer\n}\n\nexport type UploadFileProcessorResult = {\n data: Buffer\n mimeType?: string\n}\n\nexport type UploadFileProcessor = {\n id: string\n maxBytes: number\n match: (ctx: UploadFileProcessorContext) => boolean\n process: (data: Buffer, ctx: UploadFileProcessorContext) => Promise<UploadFileProcessorResult> | UploadFileProcessorResult\n}\n\nexport const uploadProcessors = Object.freeze([sanitizeSvgProcessor] satisfies UploadFileProcessor[])\n\nexport const getMaxUploadProcessorBytes = (): number =>\n uploadProcessors.reduce((max, processor) => Math.max(max, processor.maxBytes), 0)\n\nexport const selectUploadProcessors = (ctx: UploadFileProcessorContext): UploadFileProcessor[] =>\n uploadProcessors.filter((processor) => processor.match(ctx))\n\nexport const applyUploadProcessors = async (\n data: Buffer,\n ctx: Omit<UploadFileProcessorContext, \"sniff\" | \"totalSize\">,\n): Promise<{ data: Buffer; mimeType: string; applied: string[] }> => {\n let currentData = data\n let currentMimeType = ctx.clientMimeType\n const applied: string[] = []\n\n for (const processor of uploadProcessors) {\n const processorCtx: UploadFileProcessorContext = {\n filename: ctx.filename,\n clientMimeType: currentMimeType,\n totalSize: currentData.length,\n sniff: currentData,\n }\n\n if (!processor.match(processorCtx)) continue\n\n if (currentData.length > processor.maxBytes) {\n throw new Error(\"processor_input_too_large\")\n }\n\n const result = await processor.process(currentData, processorCtx)\n currentData = result.data\n if (typeof result.mimeType === \"string\" && result.mimeType.trim()) {\n currentMimeType = result.mimeType.trim()\n }\n applied.push(processor.id)\n }\n\n return {\n data: currentData,\n mimeType: currentMimeType,\n applied,\n }\n}\n","import { ApiHandler } from \"@rpcbase/api\"\nimport { getTenantFilesystemDb, models } from \"@rpcbase/db\"\nimport { GridFSBucket } from \"mongodb\"\nimport type { Model } from \"mongoose\"\n\nimport * as Uploads from \"../index\"\nimport { enqueueUploadPostProcessors } from \"../postProcessors\"\nimport { applyUploadProcessors, getMaxUploadProcessorBytes, selectUploadProcessors } from \"../processors\"\nimport {\n type SessionUser,\n type UploadChunkDoc,\n type UploadSessionDoc,\n buildUploadsAbility,\n ensureUploadIndexes,\n getBucketName,\n getModelCtx,\n getUploadSessionAccessQuery,\n getTenantId,\n} from \"../shared\"\n\n\nconst waitForStreamFinished = async (stream: NodeJS.WritableStream): Promise<void> => new Promise((resolve, reject) => {\n stream.once(\"finish\", resolve)\n stream.once(\"error\", reject)\n})\n\nconst writeToStream = async (stream: NodeJS.WritableStream, chunk: Buffer): Promise<void> => {\n const ok = stream.write(chunk)\n if (ok) return\n await new Promise<void>((resolve, reject) => {\n const onDrain = () => {\n cleanup()\n resolve()\n }\n\n const onError = (error: unknown) => {\n cleanup()\n reject(error)\n }\n\n const cleanup = () => {\n stream.off(\"drain\", onDrain)\n stream.off(\"error\", onError)\n }\n\n stream.on(\"drain\", onDrain)\n stream.on(\"error\", onError)\n })\n}\n\nconst abortUploadStream = async (stream: unknown): Promise<void> => {\n if (!stream) return\n if (typeof (stream as { abort?: unknown }).abort === \"function\") {\n try {\n await (stream as { abort: () => Promise<void> | void }).abort()\n return\n } catch {\n //\n }\n }\n try {\n ;(stream as { destroy?: () => void }).destroy?.()\n } catch {\n //\n }\n}\n\nexport const completeUpload: ApiHandler<Record<string, never>, Uploads.CompleteResponsePayload, SessionUser> = async (\n _payload,\n ctx,\n): Promise<Uploads.CompleteResponsePayload> => {\n const tenantId = getTenantId(ctx)\n if (!tenantId) {\n ctx.res.status(400)\n return { ok: false, error: \"tenant_missing\" }\n }\n\n const uploadId = String(ctx.req.params?.uploadId ?? \"\").trim()\n if (!uploadId) {\n ctx.res.status(400)\n return { ok: false, error: \"invalid_upload_id\" }\n }\n\n const ability = buildUploadsAbility(ctx, tenantId)\n const modelCtx = getModelCtx(ctx, tenantId, ability)\n\n const [UploadSession, UploadChunk] = await Promise.all([\n models.get(\"RBUploadSession\", modelCtx) as Promise<Model<UploadSessionDoc>>,\n models.get(\"RBUploadChunk\", modelCtx) as Promise<Model<UploadChunkDoc>>,\n ])\n\n if (!ability.can(\"update\", \"RBUploadSession\")) {\n ctx.res.status(401)\n return { ok: false, error: \"unauthorized\" }\n }\n\n const existing = await UploadSession.findOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"read\")] }).lean()\n if (!existing) {\n ctx.res.status(404)\n return { ok: false, error: \"not_found\" }\n }\n\n if (existing.status === \"done\" && existing.fileId) {\n return { ok: true, fileId: existing.fileId }\n }\n\n const locked = await UploadSession.findOneAndUpdate(\n { $and: [{ _id: uploadId }, { status: \"uploading\" }, getUploadSessionAccessQuery(ability, \"update\")] },\n { $set: { status: \"assembling\" }, $unset: { error: \"\" } },\n { returnDocument: \"after\" },\n ).lean()\n\n if (!locked) {\n ctx.res.status(409)\n return { ok: false, error: \"not_uploading\" }\n }\n\n await ensureUploadIndexes(UploadSession, UploadChunk)\n\n const fsDb = await getTenantFilesystemDb(tenantId)\n const nativeDb = fsDb.db\n if (!nativeDb) {\n await UploadSession.updateOne(\n { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"update\")] },\n { $set: { status: \"error\", error: \"filesystem_db_unavailable\" } },\n )\n ctx.res.status(500)\n return { ok: false, error: \"assembly_failed\" }\n }\n const bucketName = getBucketName()\n const bucket = new GridFSBucket(nativeDb, { bucketName })\n\n const lockedUserId = typeof locked.userId === \"string\" ? locked.userId : undefined\n const maxProcessorBytes = getMaxUploadProcessorBytes()\n const shouldBufferForProcessing = locked.totalSize <= maxProcessorBytes\n const declaredMimeType = locked.mimeType.trim().toLowerCase()\n const declaredSvg = declaredMimeType === \"image/svg+xml\" || locked.filename.trim().toLowerCase().endsWith(\".svg\")\n\n let uploadStream: NodeJS.WritableStream | null = null\n let finalMimeType = locked.mimeType\n let inlineProcessors: string[] = []\n let finalMetadata: Record<string, unknown> = {\n uploadId,\n tenantId,\n mimeType: locked.mimeType,\n totalSize: locked.totalSize,\n ...(typeof locked.isPublic === \"boolean\" ? { isPublic: locked.isPublic } : {}),\n ...(typeof locked.ownerKeyHash === \"string\" ? { ownerKeyHash: locked.ownerKeyHash } : {}),\n ...(lockedUserId ? { userId: lockedUserId } : {}),\n }\n\n try {\n if (!shouldBufferForProcessing && declaredSvg) {\n throw new Error(\"svg_too_large\")\n }\n\n const cursor = UploadChunk.find({ uploadId }).sort({ index: 1 }).cursor() as unknown as AsyncIterable<UploadChunkDoc> & {\n close: () => Promise<void>\n }\n\n let expectedIndex = 0\n const chunks: Buffer[] = []\n let bufferedBytes = 0\n\n const pendingChunks: Buffer[] = []\n const sniffParts: Buffer[] = []\n let sniffBytes = 0\n\n try {\n for await (const chunkDoc of cursor) {\n if (chunkDoc.index !== expectedIndex) {\n throw new Error(\"missing_chunks\")\n }\n\n const chunk = chunkDoc.data\n\n if (shouldBufferForProcessing) {\n chunks.push(chunk)\n bufferedBytes += chunk.length\n } else if (!uploadStream) {\n pendingChunks.push(chunk)\n\n if (sniffBytes < maxProcessorBytes) {\n const slice = chunk.subarray(0, Math.min(chunk.length, maxProcessorBytes - sniffBytes))\n if (slice.length) {\n sniffParts.push(slice)\n sniffBytes += slice.length\n }\n }\n\n if (sniffBytes >= maxProcessorBytes) {\n const sniff = Buffer.concat(sniffParts, sniffBytes)\n const processors = selectUploadProcessors({\n filename: locked.filename,\n clientMimeType: locked.mimeType,\n totalSize: locked.totalSize,\n sniff,\n })\n\n if (processors.length) {\n throw new Error(\"svg_too_large\")\n }\n\n finalMetadata = {\n uploadId,\n tenantId,\n mimeType: locked.mimeType,\n totalSize: locked.totalSize,\n ...(typeof locked.isPublic === \"boolean\" ? { isPublic: locked.isPublic } : {}),\n ...(typeof locked.ownerKeyHash === \"string\" ? { ownerKeyHash: locked.ownerKeyHash } : {}),\n ...(lockedUserId ? { userId: lockedUserId } : {}),\n }\n uploadStream = bucket.openUploadStream(locked.filename, {\n metadata: finalMetadata,\n })\n\n for (const pending of pendingChunks) {\n await writeToStream(uploadStream, pending)\n }\n pendingChunks.length = 0\n }\n } else {\n await writeToStream(uploadStream, chunk)\n }\n\n expectedIndex += 1\n }\n } finally {\n try {\n await cursor.close()\n } catch {\n //\n }\n }\n\n if (expectedIndex !== locked.chunksTotal) {\n throw new Error(\"missing_chunks\")\n }\n\n if (shouldBufferForProcessing) {\n const assembled = Buffer.concat(chunks, bufferedBytes)\n const { data: processed, mimeType: processedMimeType, applied } = await applyUploadProcessors(assembled, {\n filename: locked.filename,\n clientMimeType: locked.mimeType,\n })\n\n finalMimeType = processedMimeType\n inlineProcessors = applied\n finalMetadata = {\n uploadId,\n tenantId,\n mimeType: processedMimeType,\n totalSize: locked.totalSize,\n ...(applied.length ? { processors: applied, processedSize: processed.length } : {}),\n ...(typeof locked.isPublic === \"boolean\" ? { isPublic: locked.isPublic } : {}),\n ...(typeof locked.ownerKeyHash === \"string\" ? { ownerKeyHash: locked.ownerKeyHash } : {}),\n ...(lockedUserId ? { userId: lockedUserId } : {}),\n }\n uploadStream = bucket.openUploadStream(locked.filename, {\n metadata: finalMetadata,\n })\n\n const finished = waitForStreamFinished(uploadStream)\n uploadStream.end(processed)\n await finished\n } else {\n if (!uploadStream) {\n const sniff = Buffer.concat(sniffParts, sniffBytes)\n const processors = selectUploadProcessors({\n filename: locked.filename,\n clientMimeType: locked.mimeType,\n totalSize: locked.totalSize,\n sniff,\n })\n\n if (processors.length) {\n throw new Error(\"svg_too_large\")\n }\n\n finalMetadata = {\n uploadId,\n tenantId,\n mimeType: locked.mimeType,\n totalSize: locked.totalSize,\n ...(typeof locked.isPublic === \"boolean\" ? { isPublic: locked.isPublic } : {}),\n ...(typeof locked.ownerKeyHash === \"string\" ? { ownerKeyHash: locked.ownerKeyHash } : {}),\n ...(lockedUserId ? { userId: lockedUserId } : {}),\n }\n uploadStream = bucket.openUploadStream(locked.filename, {\n metadata: finalMetadata,\n })\n\n for (const pending of pendingChunks) {\n await writeToStream(uploadStream, pending)\n }\n pendingChunks.length = 0\n }\n\n const finished = waitForStreamFinished(uploadStream)\n uploadStream.end()\n await finished\n }\n\n const fileId = String((uploadStream as unknown as { id?: unknown }).id ?? \"\")\n if (!fileId) {\n throw new Error(\"missing_file_id\")\n }\n\n await UploadSession.updateOne(\n { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"update\")] },\n { $set: { status: \"done\", fileId }, $unset: { error: \"\" } },\n )\n\n await enqueueUploadPostProcessors({\n tenantId,\n uploadId,\n fileId,\n filename: locked.filename,\n mimeType: finalMimeType,\n clientMimeType: locked.mimeType,\n totalSize: locked.totalSize,\n ...(typeof locked.isPublic === \"boolean\" ? { isPublic: locked.isPublic } : {}),\n ...(typeof locked.ownerKeyHash === \"string\" ? { ownerKeyHash: locked.ownerKeyHash } : {}),\n ...(lockedUserId ? { userId: lockedUserId } : {}),\n inlineProcessors,\n metadata: finalMetadata,\n }).catch((error) => {\n console.error(\"Upload post processor enqueue failed\", {\n tenantId,\n uploadId,\n fileId,\n error,\n })\n })\n\n try {\n await UploadChunk.deleteMany({ uploadId })\n } catch {\n //\n }\n\n return { ok: true, fileId }\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error)\n\n await abortUploadStream(uploadStream)\n\n if (message === \"missing_chunks\") {\n await UploadSession.updateOne(\n { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"update\")] },\n { $set: { status: \"uploading\" } },\n )\n ctx.res.status(409)\n return { ok: false, error: \"missing_chunks\" }\n }\n\n if (message === \"svg_too_large\") {\n await UploadSession.updateOne(\n { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"update\")] },\n { $set: { status: \"error\", error: message } },\n )\n ctx.res.status(413)\n return { ok: false, error: message }\n }\n\n if (message === \"svg_invalid\" || message === \"svg_sanitize_failed\") {\n await UploadSession.updateOne(\n { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"update\")] },\n { $set: { status: \"error\", error: message } },\n )\n ctx.res.status(400)\n return { ok: false, error: message }\n }\n\n await UploadSession.updateOne(\n { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"update\")] },\n { $set: { status: \"error\", error: message } },\n )\n\n ctx.res.status(500)\n return { ok: false, error: \"assembly_failed\" }\n }\n}\n","import { ApiHandler } from \"@rpcbase/api\"\nimport { models } from \"@rpcbase/db\"\nimport type { Model } from \"mongoose\"\n\nimport * as Uploads from \"../index\"\nimport {\n type SessionUser,\n type UploadChunkDoc,\n type UploadSessionDoc,\n buildUploadsAbility,\n getModelCtx,\n getUploadSessionAccessQuery,\n getTenantId,\n} from \"../shared\"\n\n\nexport const getStatus: ApiHandler<Record<string, never>, Uploads.StatusResponsePayload, SessionUser> = async (\n _payload,\n ctx,\n): Promise<Uploads.StatusResponsePayload> => {\n const tenantId = getTenantId(ctx)\n if (!tenantId) {\n ctx.res.status(400)\n return { ok: false, error: \"tenant_missing\" }\n }\n\n const uploadId = String(ctx.req.params?.uploadId ?? \"\").trim()\n if (!uploadId) {\n ctx.res.status(400)\n return { ok: false, error: \"invalid_upload_id\" }\n }\n\n const ability = buildUploadsAbility(ctx, tenantId)\n const modelCtx = getModelCtx(ctx, tenantId, ability)\n\n const [UploadSession, UploadChunk] = await Promise.all([\n models.get(\"RBUploadSession\", modelCtx) as Promise<Model<UploadSessionDoc>>,\n models.get(\"RBUploadChunk\", modelCtx) as Promise<Model<UploadChunkDoc>>,\n ])\n\n if (!ability.can(\"read\", \"RBUploadSession\")) {\n ctx.res.status(401)\n return { ok: false, error: \"unauthorized\" }\n }\n\n const session = await UploadSession.findOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"read\")] }).lean()\n if (!session) {\n ctx.res.status(404)\n return { ok: false, error: \"not_found\" }\n }\n\n const receivedDocs = await UploadChunk.find(\n { uploadId },\n { index: 1, _id: 0 },\n ).sort({ index: 1 }).lean()\n\n const received = (receivedDocs as unknown as Array<{ index?: unknown }>)\n .map((doc) => (typeof doc.index === \"number\" ? doc.index : -1))\n .filter((n) => Number.isInteger(n) && n >= 0)\n\n return {\n ok: true,\n status: session.status,\n chunkSize: session.chunkSize,\n chunksTotal: session.chunksTotal,\n received,\n ...(session.fileId ? { fileId: session.fileId } : {}),\n }\n}\n","import { z } from \"zod\"\n\n\nexport const InitRoute = \"/api/rb/file-uploads\"\nexport const ChunkRoute = \"/api/rb/file-uploads/:uploadId/chunks/:index\"\nexport const StatusRoute = \"/api/rb/file-uploads/:uploadId/status\"\nexport const CompleteRoute = \"/api/rb/file-uploads/:uploadId/complete\"\n\nexport const initRequestSchema = z.object({\n filename: z.string().min(1),\n mimeType: z.string().min(1),\n isPublic: z.boolean().optional(),\n totalSize: z.number().int().min(1),\n})\n\nexport type InitRequestPayload = z.infer<typeof initRequestSchema>\n\nexport const initResponseSchema = z.object({\n ok: z.boolean(),\n error: z.string().optional(),\n uploadId: z.string().optional(),\n uploadKey: z.string().optional(),\n chunkSize: z.number().int().optional(),\n chunksTotal: z.number().int().optional(),\n})\n\nexport type InitResponsePayload = z.infer<typeof initResponseSchema>\n\nexport const statusResponseSchema = z.object({\n ok: z.boolean(),\n error: z.string().optional(),\n status: z.enum([\"uploading\", \"assembling\", \"done\", \"error\"]).optional(),\n chunkSize: z.number().int().optional(),\n chunksTotal: z.number().int().optional(),\n received: z.array(z.number().int().min(0)).optional(),\n fileId: z.string().optional(),\n})\n\nexport type StatusResponsePayload = z.infer<typeof statusResponseSchema>\n\nexport const completeResponseSchema = z.object({\n ok: z.boolean(),\n error: z.string().optional(),\n fileId: z.string().optional(),\n})\n\nexport type CompleteResponsePayload = z.infer<typeof completeResponseSchema>\n","import { randomBytes } from \"node:crypto\"\n\nimport { ApiHandler } from \"@rpcbase/api\"\nimport { models } from \"@rpcbase/db\"\nimport { ObjectId } from \"mongodb\"\nimport type { Model } from \"mongoose\"\n\nimport * as Uploads from \"../index\"\nimport {\n type SessionUser,\n type UploadChunkDoc,\n type UploadSessionDoc,\n buildUploadsAbility,\n computeSha256Hex,\n ensureUploadIndexes,\n getChunkSizeBytes,\n getModelCtx,\n getSessionTtlMs,\n getTenantId,\n getUserId,\n} from \"../shared\"\n\n\nexport const initUpload: ApiHandler<Uploads.InitRequestPayload, Uploads.InitResponsePayload, SessionUser> = async (\n payload,\n ctx,\n): Promise<Uploads.InitResponsePayload> => {\n const tenantId = getTenantId(ctx)\n if (!tenantId) {\n ctx.res.status(400)\n return { ok: false, error: \"tenant_missing\" }\n }\n\n const userId = getUserId(ctx)\n\n const parsed = Uploads.initRequestSchema.safeParse(payload ?? {})\n if (!parsed.success) {\n ctx.res.status(400)\n return { ok: false, error: \"invalid_payload\" }\n }\n\n const chunkSize = getChunkSizeBytes()\n const { filename, mimeType, totalSize, isPublic } = parsed.data\n const chunksTotal = Math.ceil(totalSize / chunkSize)\n\n const ability = buildUploadsAbility(ctx, tenantId)\n const modelCtx = getModelCtx(ctx, tenantId, ability)\n\n const [UploadSession, UploadChunk] = await Promise.all([\n models.get(\"RBUploadSession\", modelCtx) as Promise<Model<UploadSessionDoc>>,\n models.get(\"RBUploadChunk\", modelCtx) as Promise<Model<UploadChunkDoc>>,\n ])\n\n await ensureUploadIndexes(UploadSession, UploadChunk)\n\n const uploadId = new ObjectId().toString()\n const now = Date.now()\n const expiresAt = new Date(now + getSessionTtlMs())\n\n const uploadKey = userId ? null : randomBytes(32).toString(\"base64url\")\n const ownerKeyHash = uploadKey ? computeSha256Hex(Buffer.from(uploadKey)) : undefined\n\n await UploadSession.create({\n _id: uploadId,\n ...(userId ? { userId } : {}),\n ...(ownerKeyHash ? { ownerKeyHash } : {}),\n filename,\n mimeType,\n ...(typeof isPublic === \"boolean\" ? { isPublic } : {}),\n totalSize,\n chunkSize,\n chunksTotal,\n status: \"uploading\",\n createdAt: new Date(now),\n expiresAt,\n })\n\n return {\n ok: true,\n uploadId,\n chunkSize,\n chunksTotal,\n ...(uploadKey ? { uploadKey } : {}),\n }\n}\n","import { ApiHandler } from \"@rpcbase/api\"\nimport { models } from \"@rpcbase/db\"\nimport type { Model } from \"mongoose\"\n\nimport {\n type SessionUser,\n type UploadChunkDoc,\n type UploadSessionDoc,\n buildUploadsAbility,\n computeSha256Hex,\n ensureUploadIndexes,\n getModelCtx,\n getUploadSessionAccessQuery,\n getTenantId,\n normalizeSha256Hex,\n toBufferPayload,\n} from \"../shared\"\n\n\ntype ChunkResponsePayload = {\n ok: boolean\n error?: string\n}\n\nexport const uploadChunk: ApiHandler<Buffer, ChunkResponsePayload, SessionUser> = async (\n payload,\n ctx,\n): Promise<ChunkResponsePayload> => {\n const tenantId = getTenantId(ctx)\n if (!tenantId) {\n ctx.res.status(400)\n return { ok: false, error: \"tenant_missing\" }\n }\n\n const uploadId = String(ctx.req.params?.uploadId ?? \"\").trim()\n const indexRaw = String(ctx.req.params?.index ?? \"\").trim()\n const index = Number(indexRaw)\n\n if (!uploadId || !Number.isInteger(index) || index < 0) {\n ctx.res.status(400)\n return { ok: false, error: \"invalid_chunk_ref\" }\n }\n\n const ability = buildUploadsAbility(ctx, tenantId)\n const modelCtx = getModelCtx(ctx, tenantId, ability)\n\n const [UploadSession, UploadChunk] = await Promise.all([\n models.get(\"RBUploadSession\", modelCtx) as Promise<Model<UploadSessionDoc>>,\n models.get(\"RBUploadChunk\", modelCtx) as Promise<Model<UploadChunkDoc>>,\n ])\n\n if (!ability.can(\"update\", \"RBUploadSession\")) {\n ctx.res.status(401)\n return { ok: false, error: \"unauthorized\" }\n }\n\n const session = await UploadSession.findOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"update\")] }).lean()\n if (!session) {\n ctx.res.status(404)\n return { ok: false, error: \"not_found\" }\n }\n\n if (session.status !== \"uploading\") {\n ctx.res.status(409)\n return { ok: false, error: \"not_uploading\" }\n }\n\n if (index >= session.chunksTotal) {\n ctx.res.status(400)\n return { ok: false, error: \"index_out_of_range\" }\n }\n\n const data = toBufferPayload(payload)\n if (!data) {\n ctx.res.status(400)\n return { ok: false, error: \"invalid_body\" }\n }\n\n const expectedSize = index === session.chunksTotal - 1\n ? session.totalSize - session.chunkSize * (session.chunksTotal - 1)\n : session.chunkSize\n\n if (data.length > expectedSize) {\n ctx.res.status(413)\n return { ok: false, error: \"chunk_too_large\" }\n }\n\n if (data.length !== expectedSize) {\n ctx.res.status(400)\n return { ok: false, error: \"invalid_chunk_size\" }\n }\n\n const checksumHeader = ctx.req.get(\"X-Chunk-SHA256\")\n const sha256 = checksumHeader ? computeSha256Hex(data) : undefined\n\n if (checksumHeader) {\n const expectedSha256 = normalizeSha256Hex(checksumHeader)\n if (sha256 !== expectedSha256) {\n ctx.res.status(400)\n return { ok: false, error: \"checksum_mismatch\" }\n }\n }\n\n await ensureUploadIndexes(UploadSession, UploadChunk)\n\n await UploadChunk.updateOne(\n { uploadId, index },\n {\n $set: {\n uploadId,\n index,\n data,\n size: data.length,\n sha256,\n expiresAt: session.expiresAt,\n },\n $setOnInsert: {\n createdAt: new Date(),\n },\n },\n { upsert: true },\n )\n\n ctx.res.status(204)\n return { ok: true }\n}\n","export const rawBodyParser = ({\n limitBytes,\n maxClientBytesPerSecond,\n}: {\n limitBytes: number\n maxClientBytesPerSecond?: number | null\n}) => {\n return (req: any, res: any, next: any) => {\n const contentType = typeof req?.headers?.[\"content-type\"] === \"string\"\n ? String(req.headers[\"content-type\"])\n : \"\"\n\n if (!contentType.includes(\"application/octet-stream\")) {\n next()\n return\n }\n\n let total = 0\n const chunks: Buffer[] = []\n let done = false\n let paused = false\n let throttleTimeout: ReturnType<typeof setTimeout> | null = null\n\n const rateBytesPerSecond = typeof maxClientBytesPerSecond === \"number\" && maxClientBytesPerSecond > 0\n ? maxClientBytesPerSecond\n : null\n\n const cleanup = () => {\n req.off(\"data\", onData)\n req.off(\"end\", onEnd)\n req.off(\"error\", onError)\n req.off(\"aborted\", onAborted)\n if (throttleTimeout) {\n clearTimeout(throttleTimeout)\n throttleTimeout = null\n }\n }\n\n const finish = (error?: unknown) => {\n if (done) return\n done = true\n\n cleanup()\n\n if (error) {\n next(error)\n return\n }\n\n req.body = Buffer.concat(chunks, total)\n next()\n }\n\n const onData = (chunk: any) => {\n if (done) return\n const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk)\n total += buffer.length\n\n if (total > limitBytes) {\n done = true\n cleanup()\n req.destroy()\n res.status(413).json({ ok: false, error: \"chunk_too_large\" })\n return\n }\n\n chunks.push(buffer)\n\n if (!rateBytesPerSecond) return\n\n const now = Date.now()\n const clientKey = getClientKey(req)\n const state = getClientRateState(clientKey, rateBytesPerSecond, now)\n const waitMs = consumeRateBudget(state, buffer.length, rateBytesPerSecond, now)\n\n if (waitMs > 0 && !paused) {\n paused = true\n req.pause()\n throttleTimeout = setTimeout(() => {\n throttleTimeout = null\n paused = false\n if (done) return\n try {\n req.resume()\n } catch {\n //\n }\n }, waitMs)\n }\n }\n\n const onEnd = () => finish()\n const onError = (err: unknown) => finish(err)\n const onAborted = () => finish(new Error(\"request_aborted\"))\n\n req.on(\"data\", onData)\n req.on(\"end\", onEnd)\n req.on(\"error\", onError)\n req.on(\"aborted\", onAborted)\n }\n}\n\ntype ClientRateState = {\n tokens: number\n lastRefillMs: number\n lastSeenMs: number\n}\n\nconst MAX_BURST_SECONDS = 1\nconst STALE_CLIENT_MS = 15 * 60 * 1000\n\nconst clientRateStates = new Map<string, ClientRateState>()\nlet lastCleanupMs = 0\n\nconst getClientKey = (req: any): string => {\n const rawClientIp = typeof req?.clientIp === \"string\" ? req.clientIp : \"\"\n if (rawClientIp.trim()) return rawClientIp.trim()\n const rawIp = typeof req?.ip === \"string\" ? req.ip : \"\"\n return rawIp.trim() || \"unknown\"\n}\n\nconst maybeCleanupStates = (now: number) => {\n if (now - lastCleanupMs < 60_000) return\n lastCleanupMs = now\n\n if (clientRateStates.size < 2000) return\n\n for (const [key, state] of clientRateStates) {\n if (now - state.lastSeenMs > STALE_CLIENT_MS) {\n clientRateStates.delete(key)\n }\n }\n}\n\nconst getClientRateState = (key: string, rateBytesPerSecond: number, now: number): ClientRateState => {\n maybeCleanupStates(now)\n\n const capacity = rateBytesPerSecond * MAX_BURST_SECONDS\n const existing = clientRateStates.get(key)\n if (existing) {\n existing.lastSeenMs = now\n existing.tokens = Math.min(capacity, existing.tokens)\n return existing\n }\n\n const next: ClientRateState = {\n tokens: capacity,\n lastRefillMs: now,\n lastSeenMs: now,\n }\n clientRateStates.set(key, next)\n return next\n}\n\nconst consumeRateBudget = (\n state: ClientRateState,\n bytes: number,\n rateBytesPerSecond: number,\n now: number,\n): number => {\n const capacity = rateBytesPerSecond * MAX_BURST_SECONDS\n const elapsedMs = Math.max(0, now - state.lastRefillMs)\n\n if (elapsedMs > 0) {\n state.tokens = Math.min(capacity, state.tokens + (elapsedMs * rateBytesPerSecond) / 1000)\n state.lastRefillMs = now\n }\n\n state.tokens -= bytes\n\n if (state.tokens >= 0) return 0\n return Math.ceil((-state.tokens / rateBytesPerSecond) * 1000)\n}\n","import { Api } from \"@rpcbase/api\"\n\nimport { completeUpload } from \"./handlers/completeUpload\"\nimport { getStatus } from \"./handlers/getStatus\"\nimport { initUpload } from \"./handlers/initUpload\"\nimport { uploadChunk } from \"./handlers/uploadChunk\"\nimport { rawBodyParser } from \"./middleware/rawBodyParser\"\nimport { getChunkSizeBytes, getMaxClientUploadBytesPerSecond, getRawBodyLimitBytes, type SessionUser } from \"./shared\"\n\nimport * as Uploads from \"./index\"\n\n\nexport default (api: Api<SessionUser>) => {\n const chunkSizeBytes = getChunkSizeBytes()\n api.use(\n Uploads.InitRoute,\n rawBodyParser({\n limitBytes: getRawBodyLimitBytes(chunkSizeBytes),\n maxClientBytesPerSecond: getMaxClientUploadBytesPerSecond(),\n }),\n )\n\n api.post(Uploads.InitRoute, initUpload)\n api.put(Uploads.ChunkRoute, uploadChunk)\n api.get(Uploads.StatusRoute, getStatus)\n api.post(Uploads.CompleteRoute, completeUpload)\n}\n"],"names":["MAX_SVG_BYTES","window","JSDOM","DOMPurify","createDOMPurify","normalizeForSniff","raw","replace","trimStart","looksLikeSvgText","text","normalized","startsWith","test","looksLikeSvg","sniff","toString","sanitizeSvg","svg","sanitize","USE_PROFILES","svgFilters","sanitizeSvgProcessor","id","maxBytes","match","process","data","length","Error","svgText","sanitized","trim","sanitizedBuffer","Buffer","from","mimeType","uploadProcessors","Object","freeze","getMaxUploadProcessorBytes","reduce","max","processor","Math","selectUploadProcessors","ctx","filter","applyUploadProcessors","currentData","currentMimeType","clientMimeType","applied","processorCtx","filename","totalSize","result","push","waitForStreamFinished","stream","Promise","resolve","reject","once","writeToStream","chunk","ok","write","onDrain","cleanup","onError","error","off","on","abortUploadStream","abort","destroy","completeUpload","_payload","tenantId","getTenantId","res","status","uploadId","String","req","params","ability","buildUploadsAbility","modelCtx","getModelCtx","UploadSession","UploadChunk","all","models","get","can","existing","findOne","$and","_id","getUploadSessionAccessQuery","lean","fileId","locked","findOneAndUpdate","$set","$unset","returnDocument","ensureUploadIndexes","fsDb","getTenantFilesystemDb","nativeDb","db","updateOne","bucketName","getBucketName","bucket","GridFSBucket","lockedUserId","userId","undefined","maxProcessorBytes","shouldBufferForProcessing","declaredMimeType","toLowerCase","declaredSvg","endsWith","uploadStream","finalMimeType","inlineProcessors","finalMetadata","isPublic","ownerKeyHash","cursor","find","sort","index","expectedIndex","chunks","bufferedBytes","pendingChunks","sniffParts","sniffBytes","chunkDoc","slice","subarray","min","concat","processors","openUploadStream","metadata","pending","close","chunksTotal","assembled","processed","processedMimeType","processedSize","finished","end","enqueueUploadPostProcessors","catch","console","deleteMany","message","getStatus","session","receivedDocs","received","map","doc","n","Number","isInteger","chunkSize","InitRoute","ChunkRoute","StatusRoute","CompleteRoute","initRequestSchema","z","string","boolean","optional","number","int","uploadKey","initUpload","payload","getUserId","parsed","Uploads","safeParse","success","getChunkSizeBytes","ceil","ObjectId","now","Date","expiresAt","getSessionTtlMs","randomBytes","computeSha256Hex","create","createdAt","uploadChunk","indexRaw","toBufferPayload","expectedSize","checksumHeader","sha256","expectedSha256","normalizeSha256Hex","size","$setOnInsert","upsert","rawBodyParser","limitBytes","maxClientBytesPerSecond","next","contentType","headers","includes","total","done","paused","throttleTimeout","rateBytesPerSecond","onData","onEnd","onAborted","clearTimeout","finish","body","buffer","isBuffer","json","clientKey","getClientKey","state","getClientRateState","waitMs","consumeRateBudget","pause","setTimeout","resume","err","MAX_BURST_SECONDS","STALE_CLIENT_MS","clientRateStates","Map","lastCleanupMs","rawClientIp","clientIp","rawIp","ip","maybeCleanupStates","key","lastSeenMs","delete","capacity","tokens","lastRefillMs","set","bytes","elapsedMs","api","chunkSizeBytes","use","getRawBodyLimitBytes","getMaxClientUploadBytesPerSecond","post","put"],"mappings":";;;;;;;;AAMA,MAAMA,gBAAgB,MAAM;AAE5B,MAAMC,SAAS,IAAIC,MAAM,EAAE,EAAED;AAC7B,MAAME,YAAYC,gBAAgBH,MAAM;AAExC,MAAMI,oBAAoBA,CAACC,QAAwBA,IAAIC,QAAQ,WAAW,EAAE,EAAEC,UAAAA;AAE9E,MAAMC,mBAAmBA,CAACC,SAA0B;AAClD,QAAMC,aAAaN,kBAAkBK,IAAI;AACzC,MAAI,CAACC,WAAWC,WAAW,GAAG,EAAG,QAAO;AACxC,SAAO,gBAAgBC,KAAKF,UAAU;AACxC;AAEO,MAAMG,eAAeA,CAACC,UAA2BN,iBAAiBM,MAAMC,SAAS,MAAM,CAAC;AAExF,MAAMC,cAAcA,CAACC,QAC1Bf,UAAUgB,SAASD,KAAK;AAAA,EACtBE,cAAc;AAAA,IAAEF,KAAK;AAAA,IAAMG,YAAY;AAAA,EAAA;AACzC,CAAC;AAEI,MAAMC,uBAA4C;AAAA,EACvDC,IAAI;AAAA,EACJC,UAAUxB;AAAAA,EACVyB,OAAOA,CAAC;AAAA,IAAEV;AAAAA,EAAAA,MAAYD,aAAaC,KAAK;AAAA,EACxCW,SAASA,CAACC,SAA6C;AACrD,QAAIA,KAAKC,SAAS5B,eAAe;AAC/B,YAAM,IAAI6B,MAAM,eAAe;AAAA,IACjC;AAEA,UAAMC,UAAUH,KAAKX,SAAS,MAAM;AACpC,QAAI,CAACP,iBAAiBqB,OAAO,GAAG;AAC9B,YAAM,IAAID,MAAM,aAAa;AAAA,IAC/B;AAEA,UAAME,YAAYd,YAAYa,OAAO;AACrC,QAAI,CAACC,UAAUC,KAAAA,KAAU,CAACvB,iBAAiBsB,SAAS,GAAG;AACrD,YAAM,IAAIF,MAAM,qBAAqB;AAAA,IACvC;AAEA,UAAMI,kBAAkBC,OAAOC,KAAKJ,WAAW,MAAM;AACrD,QAAIE,gBAAgBL,SAAS5B,eAAe;AAC1C,YAAM,IAAI6B,MAAM,eAAe;AAAA,IACjC;AAEA,WAAO;AAAA,MAAEF,MAAMM;AAAAA,MAAiBG,UAAU;AAAA,IAAA;AAAA,EAC5C;AACF;AC9BO,MAAMC,mBAAmBC,OAAOC,OAAO,CAACjB,oBAAoB,CAAiC;AAE7F,MAAMkB,6BAA6BA,MACxCH,iBAAiBI,OAAO,CAACC,KAAKC,cAAcC,KAAKF,IAAIA,KAAKC,UAAUnB,QAAQ,GAAG,CAAC;AAE3E,MAAMqB,yBAAyBA,CAACC,QACrCT,iBAAiBU,OAAQJ,CAAAA,cAAcA,UAAUlB,MAAMqB,GAAG,CAAC;AAEtD,MAAME,wBAAwB,OACnCrB,MACAmB,QACmE;AACnE,MAAIG,cAActB;AAClB,MAAIuB,kBAAkBJ,IAAIK;AAC1B,QAAMC,UAAoB,CAAA;AAE1B,aAAWT,aAAaN,kBAAkB;AACxC,UAAMgB,eAA2C;AAAA,MAC/CC,UAAUR,IAAIQ;AAAAA,MACdH,gBAAgBD;AAAAA,MAChBK,WAAWN,YAAYrB;AAAAA,MACvBb,OAAOkC;AAAAA,IAAAA;AAGT,QAAI,CAACN,UAAUlB,MAAM4B,YAAY,EAAG;AAEpC,QAAIJ,YAAYrB,SAASe,UAAUnB,UAAU;AAC3C,YAAM,IAAIK,MAAM,2BAA2B;AAAA,IAC7C;AAEA,UAAM2B,SAAS,MAAMb,UAAUjB,QAAQuB,aAAaI,YAAY;AAChEJ,kBAAcO,OAAO7B;AACrB,QAAI,OAAO6B,OAAOpB,aAAa,YAAYoB,OAAOpB,SAASJ,QAAQ;AACjEkB,wBAAkBM,OAAOpB,SAASJ,KAAAA;AAAAA,IACpC;AACAoB,YAAQK,KAAKd,UAAUpB,EAAE;AAAA,EAC3B;AAEA,SAAO;AAAA,IACLI,MAAMsB;AAAAA,IACNb,UAAUc;AAAAA,IACVE;AAAAA,EAAAA;AAEJ;AC5CA,MAAMM,wBAAwB,OAAOC,WAAiD,IAAIC,QAAQ,CAACC,SAASC,WAAW;AACrHH,SAAOI,KAAK,UAAUF,OAAO;AAC7BF,SAAOI,KAAK,SAASD,MAAM;AAC7B,CAAC;AAED,MAAME,gBAAgB,OAAOL,QAA+BM,UAAiC;AAC3F,QAAMC,KAAKP,OAAOQ,MAAMF,KAAK;AAC7B,MAAIC,GAAI;AACR,QAAM,IAAIN,QAAc,CAACC,SAASC,WAAW;AAC3C,UAAMM,UAAUA,MAAM;AACpBC,cAAAA;AACAR,cAAAA;AAAAA,IACF;AAEA,UAAMS,UAAUA,CAACC,UAAmB;AAClCF,cAAAA;AACAP,aAAOS,KAAK;AAAA,IACd;AAEA,UAAMF,UAAUA,MAAM;AACpBV,aAAOa,IAAI,SAASJ,OAAO;AAC3BT,aAAOa,IAAI,SAASF,OAAO;AAAA,IAC7B;AAEAX,WAAOc,GAAG,SAASL,OAAO;AAC1BT,WAAOc,GAAG,SAASH,OAAO;AAAA,EAC5B,CAAC;AACH;AAEA,MAAMI,oBAAoB,OAAOf,WAAmC;AAClE,MAAI,CAACA,OAAQ;AACb,MAAI,OAAQA,OAA+BgB,UAAU,YAAY;AAC/D,QAAI;AACF,YAAOhB,OAAiDgB,MAAAA;AACxD;AAAA,IACF,QAAQ;AAAA,IACN;AAAA,EAEJ;AACA,MAAI;AACF;AAAEhB,WAAoCiB,UAAAA;AAAAA,EACxC,QAAQ;AAAA,EACN;AAEJ;AAEO,MAAMC,iBAAkG,OAC7GC,UACAhC,QAC6C;AAC7C,QAAMiC,WAAWC,YAAYlC,GAAG;AAChC,MAAI,CAACiC,UAAU;AACbjC,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMY,WAAWC,OAAOtC,IAAIuC,IAAIC,QAAQH,YAAY,EAAE,EAAEnD,KAAAA;AACxD,MAAI,CAACmD,UAAU;AACbrC,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMgB,UAAUC,oBAAoB1C,KAAKiC,QAAQ;AACjD,QAAMU,WAAWC,YAAY5C,KAAKiC,UAAUQ,OAAO;AAEnD,QAAM,CAACI,eAAeC,WAAW,IAAI,MAAMhC,QAAQiC,IAAI,CACrDC,OAAOC,IAAI,mBAAmBN,QAAQ,GACtCK,OAAOC,IAAI,iBAAiBN,QAAQ,CAAmC,CACxE;AAED,MAAI,CAACF,QAAQS,IAAI,UAAU,iBAAiB,GAAG;AAC7ClD,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAM0B,WAAW,MAAMN,cAAcO,QAAQ;AAAA,IAAEC,MAAM,CAAC;AAAA,MAAEC,KAAKjB;AAAAA,IAAAA,GAAYkB,4BAA4Bd,SAAS,MAAM,CAAC;AAAA,EAAA,CAAG,EAAEe,KAAAA;AAC1H,MAAI,CAACL,UAAU;AACbnD,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,MAAI0B,SAASf,WAAW,UAAUe,SAASM,QAAQ;AACjD,WAAO;AAAA,MAAErC,IAAI;AAAA,MAAMqC,QAAQN,SAASM;AAAAA,IAAAA;AAAAA,EACtC;AAEA,QAAMC,SAAS,MAAMb,cAAcc,iBACjC;AAAA,IAAEN,MAAM,CAAC;AAAA,MAAEC,KAAKjB;AAAAA,IAAAA,GAAY;AAAA,MAAED,QAAQ;AAAA,IAAA,GAAemB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,EAAA,GACnG;AAAA,IAAEmB,MAAM;AAAA,MAAExB,QAAQ;AAAA,IAAA;AAAA,IAAgByB,QAAQ;AAAA,MAAEpC,OAAO;AAAA,IAAA;AAAA,EAAG,GACtD;AAAA,IAAEqC,gBAAgB;AAAA,EAAA,CACpB,EAAEN,KAAAA;AAEF,MAAI,CAACE,QAAQ;AACX1D,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMsC,oBAAoBlB,eAAeC,WAAW;AAEpD,QAAMkB,OAAO,MAAMC,sBAAsBhC,QAAQ;AACjD,QAAMiC,WAAWF,KAAKG;AACtB,MAAI,CAACD,UAAU;AACb,UAAMrB,cAAcuB,UAClB;AAAA,MAAEf,MAAM,CAAC;AAAA,QAAEC,KAAKjB;AAAAA,MAAAA,GAAYkB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,IAAA,GAC1E;AAAA,MAAEmB,MAAM;AAAA,QAAExB,QAAQ;AAAA,QAASX,OAAO;AAAA,MAAA;AAAA,IAA4B,CAChE;AACAzB,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AACA,QAAM4C,aAAaC,cAAAA;AACnB,QAAMC,SAAS,IAAIC,aAAaN,UAAU;AAAA,IAAEG;AAAAA,EAAAA,CAAY;AAExD,QAAMI,eAAe,OAAOf,OAAOgB,WAAW,WAAWhB,OAAOgB,SAASC;AACzE,QAAMC,oBAAoBlF,2BAAAA;AAC1B,QAAMmF,4BAA4BnB,OAAOjD,aAAamE;AACtD,QAAME,mBAAmBpB,OAAOpE,SAASJ,KAAAA,EAAO6F,YAAAA;AAChD,QAAMC,cAAcF,qBAAqB,mBAAmBpB,OAAOlD,SAAStB,OAAO6F,YAAAA,EAAcE,SAAS,MAAM;AAEhH,MAAIC,eAA6C;AACjD,MAAIC,gBAAgBzB,OAAOpE;AAC3B,MAAI8F,mBAA6B,CAAA;AACjC,MAAIC,gBAAyC;AAAA,IAC3ChD;AAAAA,IACAJ;AAAAA,IACA3C,UAAUoE,OAAOpE;AAAAA,IACjBmB,WAAWiD,OAAOjD;AAAAA,IAClB,GAAI,OAAOiD,OAAO4B,aAAa,YAAY;AAAA,MAAEA,UAAU5B,OAAO4B;AAAAA,IAAAA,IAAa,CAAA;AAAA,IAC3E,GAAI,OAAO5B,OAAO6B,iBAAiB,WAAW;AAAA,MAAEA,cAAc7B,OAAO6B;AAAAA,IAAAA,IAAiB,CAAA;AAAA,IACtF,GAAId,eAAe;AAAA,MAAEC,QAAQD;AAAAA,IAAAA,IAAiB,CAAA;AAAA,EAAC;AAGjD,MAAI;AACF,QAAI,CAACI,6BAA6BG,aAAa;AAC7C,YAAM,IAAIjG,MAAM,eAAe;AAAA,IACjC;AAEA,UAAMyG,SAAS1C,YAAY2C,KAAK;AAAA,MAAEpD;AAAAA,IAAAA,CAAU,EAAEqD,KAAK;AAAA,MAAEC,OAAO;AAAA,IAAA,CAAG,EAAEH,OAAAA;AAIjE,QAAII,gBAAgB;AACpB,UAAMC,SAAmB,CAAA;AACzB,QAAIC,gBAAgB;AAEpB,UAAMC,gBAA0B,CAAA;AAChC,UAAMC,aAAuB,CAAA;AAC7B,QAAIC,aAAa;AAEjB,QAAI;AACF,uBAAiBC,YAAYV,QAAQ;AACnC,YAAIU,SAASP,UAAUC,eAAe;AACpC,gBAAM,IAAI7G,MAAM,gBAAgB;AAAA,QAClC;AAEA,cAAMoC,QAAQ+E,SAASrH;AAEvB,YAAIgG,2BAA2B;AAC7BgB,iBAAOlF,KAAKQ,KAAK;AACjB2E,2BAAiB3E,MAAMrC;AAAAA,QACzB,WAAW,CAACoG,cAAc;AACxBa,wBAAcpF,KAAKQ,KAAK;AAExB,cAAI8E,aAAarB,mBAAmB;AAClC,kBAAMuB,QAAQhF,MAAMiF,SAAS,GAAGtG,KAAKuG,IAAIlF,MAAMrC,QAAQ8F,oBAAoBqB,UAAU,CAAC;AACtF,gBAAIE,MAAMrH,QAAQ;AAChBkH,yBAAWrF,KAAKwF,KAAK;AACrBF,4BAAcE,MAAMrH;AAAAA,YACtB;AAAA,UACF;AAEA,cAAImH,cAAcrB,mBAAmB;AACnC,kBAAM3G,QAAQmB,OAAOkH,OAAON,YAAYC,UAAU;AAClD,kBAAMM,aAAaxG,uBAAuB;AAAA,cACxCS,UAAUkD,OAAOlD;AAAAA,cACjBH,gBAAgBqD,OAAOpE;AAAAA,cACvBmB,WAAWiD,OAAOjD;AAAAA,cAClBxC;AAAAA,YAAAA,CACD;AAED,gBAAIsI,WAAWzH,QAAQ;AACrB,oBAAM,IAAIC,MAAM,eAAe;AAAA,YACjC;AAEAsG,4BAAgB;AAAA,cACdhD;AAAAA,cACAJ;AAAAA,cACA3C,UAAUoE,OAAOpE;AAAAA,cACjBmB,WAAWiD,OAAOjD;AAAAA,cAClB,GAAI,OAAOiD,OAAO4B,aAAa,YAAY;AAAA,gBAAEA,UAAU5B,OAAO4B;AAAAA,cAAAA,IAAa,CAAA;AAAA,cAC3E,GAAI,OAAO5B,OAAO6B,iBAAiB,WAAW;AAAA,gBAAEA,cAAc7B,OAAO6B;AAAAA,cAAAA,IAAiB,CAAA;AAAA,cACtF,GAAId,eAAe;AAAA,gBAAEC,QAAQD;AAAAA,cAAAA,IAAiB,CAAA;AAAA,YAAC;AAEjDS,2BAAeX,OAAOiC,iBAAiB9C,OAAOlD,UAAU;AAAA,cACtDiG,UAAUpB;AAAAA,YAAAA,CACX;AAED,uBAAWqB,WAAWX,eAAe;AACnC,oBAAM7E,cAAcgE,cAAcwB,OAAO;AAAA,YAC3C;AACAX,0BAAcjH,SAAS;AAAA,UACzB;AAAA,QACF,OAAO;AACL,gBAAMoC,cAAcgE,cAAc/D,KAAK;AAAA,QACzC;AAEAyE,yBAAiB;AAAA,MACnB;AAAA,IACF,UAAA;AACE,UAAI;AACF,cAAMJ,OAAOmB,MAAAA;AAAAA,MACf,QAAQ;AAAA,MACN;AAAA,IAEJ;AAEA,QAAIf,kBAAkBlC,OAAOkD,aAAa;AACxC,YAAM,IAAI7H,MAAM,gBAAgB;AAAA,IAClC;AAEA,QAAI8F,2BAA2B;AAC7B,YAAMgC,YAAYzH,OAAOkH,OAAOT,QAAQC,aAAa;AACrD,YAAM;AAAA,QAAEjH,MAAMiI;AAAAA,QAAWxH,UAAUyH;AAAAA,QAAmBzG;AAAAA,MAAAA,IAAY,MAAMJ,sBAAsB2G,WAAW;AAAA,QACvGrG,UAAUkD,OAAOlD;AAAAA,QACjBH,gBAAgBqD,OAAOpE;AAAAA,MAAAA,CACxB;AAED6F,sBAAgB4B;AAChB3B,yBAAmB9E;AACnB+E,sBAAgB;AAAA,QACdhD;AAAAA,QACAJ;AAAAA,QACA3C,UAAUyH;AAAAA,QACVtG,WAAWiD,OAAOjD;AAAAA,QAClB,GAAIH,QAAQxB,SAAS;AAAA,UAAEyH,YAAYjG;AAAAA,UAAS0G,eAAeF,UAAUhI;AAAAA,QAAAA,IAAW,CAAA;AAAA,QAChF,GAAI,OAAO4E,OAAO4B,aAAa,YAAY;AAAA,UAAEA,UAAU5B,OAAO4B;AAAAA,QAAAA,IAAa,CAAA;AAAA,QAC3E,GAAI,OAAO5B,OAAO6B,iBAAiB,WAAW;AAAA,UAAEA,cAAc7B,OAAO6B;AAAAA,QAAAA,IAAiB,CAAA;AAAA,QACtF,GAAId,eAAe;AAAA,UAAEC,QAAQD;AAAAA,QAAAA,IAAiB,CAAA;AAAA,MAAC;AAEjDS,qBAAeX,OAAOiC,iBAAiB9C,OAAOlD,UAAU;AAAA,QACtDiG,UAAUpB;AAAAA,MAAAA,CACX;AAED,YAAM4B,WAAWrG,sBAAsBsE,YAAY;AACnDA,mBAAagC,IAAIJ,SAAS;AAC1B,YAAMG;AAAAA,IACR,OAAO;AACL,UAAI,CAAC/B,cAAc;AACjB,cAAMjH,QAAQmB,OAAOkH,OAAON,YAAYC,UAAU;AAClD,cAAMM,aAAaxG,uBAAuB;AAAA,UACxCS,UAAUkD,OAAOlD;AAAAA,UACjBH,gBAAgBqD,OAAOpE;AAAAA,UACvBmB,WAAWiD,OAAOjD;AAAAA,UAClBxC;AAAAA,QAAAA,CACD;AAED,YAAIsI,WAAWzH,QAAQ;AACrB,gBAAM,IAAIC,MAAM,eAAe;AAAA,QACjC;AAEAsG,wBAAgB;AAAA,UACdhD;AAAAA,UACAJ;AAAAA,UACA3C,UAAUoE,OAAOpE;AAAAA,UACjBmB,WAAWiD,OAAOjD;AAAAA,UAClB,GAAI,OAAOiD,OAAO4B,aAAa,YAAY;AAAA,YAAEA,UAAU5B,OAAO4B;AAAAA,UAAAA,IAAa,CAAA;AAAA,UAC3E,GAAI,OAAO5B,OAAO6B,iBAAiB,WAAW;AAAA,YAAEA,cAAc7B,OAAO6B;AAAAA,UAAAA,IAAiB,CAAA;AAAA,UACtF,GAAId,eAAe;AAAA,YAAEC,QAAQD;AAAAA,UAAAA,IAAiB,CAAA;AAAA,QAAC;AAEjDS,uBAAeX,OAAOiC,iBAAiB9C,OAAOlD,UAAU;AAAA,UACtDiG,UAAUpB;AAAAA,QAAAA,CACX;AAED,mBAAWqB,WAAWX,eAAe;AACnC,gBAAM7E,cAAcgE,cAAcwB,OAAO;AAAA,QAC3C;AACAX,sBAAcjH,SAAS;AAAA,MACzB;AAEA,YAAMmI,WAAWrG,sBAAsBsE,YAAY;AACnDA,mBAAagC,IAAAA;AACb,YAAMD;AAAAA,IACR;AAEA,UAAMxD,SAASnB,OAAQ4C,aAA6CzG,MAAM,EAAE;AAC5E,QAAI,CAACgF,QAAQ;AACX,YAAM,IAAI1E,MAAM,iBAAiB;AAAA,IACnC;AAEA,UAAM8D,cAAcuB,UAClB;AAAA,MAAEf,MAAM,CAAC;AAAA,QAAEC,KAAKjB;AAAAA,MAAAA,GAAYkB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,IAAA,GAC1E;AAAA,MAAEmB,MAAM;AAAA,QAAExB,QAAQ;AAAA,QAAQqB;AAAAA,MAAAA;AAAAA,MAAUI,QAAQ;AAAA,QAAEpC,OAAO;AAAA,MAAA;AAAA,IAAG,CAC1D;AAEA,UAAM0F,4BAA4B;AAAA,MAChClF;AAAAA,MACAI;AAAAA,MACAoB;AAAAA,MACAjD,UAAUkD,OAAOlD;AAAAA,MACjBlB,UAAU6F;AAAAA,MACV9E,gBAAgBqD,OAAOpE;AAAAA,MACvBmB,WAAWiD,OAAOjD;AAAAA,MAClB,GAAI,OAAOiD,OAAO4B,aAAa,YAAY;AAAA,QAAEA,UAAU5B,OAAO4B;AAAAA,MAAAA,IAAa,CAAA;AAAA,MAC3E,GAAI,OAAO5B,OAAO6B,iBAAiB,WAAW;AAAA,QAAEA,cAAc7B,OAAO6B;AAAAA,MAAAA,IAAiB,CAAA;AAAA,MACtF,GAAId,eAAe;AAAA,QAAEC,QAAQD;AAAAA,MAAAA,IAAiB,CAAA;AAAA,MAC9CW;AAAAA,MACAqB,UAAUpB;AAAAA,IAAAA,CACX,EAAE+B,MAAO3F,CAAAA,UAAU;AAClB4F,cAAQ5F,MAAM,wCAAwC;AAAA,QACpDQ;AAAAA,QACAI;AAAAA,QACAoB;AAAAA,QACAhC;AAAAA,MAAAA,CACD;AAAA,IACH,CAAC;AAED,QAAI;AACF,YAAMqB,YAAYwE,WAAW;AAAA,QAAEjF;AAAAA,MAAAA,CAAU;AAAA,IAC3C,QAAQ;AAAA,IACN;AAGF,WAAO;AAAA,MAAEjB,IAAI;AAAA,MAAMqC;AAAAA,IAAAA;AAAAA,EACrB,SAAShC,OAAO;AACd,UAAM8F,UAAU9F,iBAAiB1C,QAAQ0C,MAAM8F,UAAUjF,OAAOb,KAAK;AAErE,UAAMG,kBAAkBsD,YAAY;AAEpC,QAAIqC,YAAY,kBAAkB;AAChC,YAAM1E,cAAcuB,UAClB;AAAA,QAAEf,MAAM,CAAC;AAAA,UAAEC,KAAKjB;AAAAA,QAAAA,GAAYkB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,MAAA,GAC1E;AAAA,QAAEmB,MAAM;AAAA,UAAExB,QAAQ;AAAA,QAAA;AAAA,MAAY,CAChC;AACApC,UAAImC,IAAIC,OAAO,GAAG;AAClB,aAAO;AAAA,QAAEhB,IAAI;AAAA,QAAOK,OAAO;AAAA,MAAA;AAAA,IAC7B;AAEA,QAAI8F,YAAY,iBAAiB;AAC/B,YAAM1E,cAAcuB,UAClB;AAAA,QAAEf,MAAM,CAAC;AAAA,UAAEC,KAAKjB;AAAAA,QAAAA,GAAYkB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,MAAA,GAC1E;AAAA,QAAEmB,MAAM;AAAA,UAAExB,QAAQ;AAAA,UAASX,OAAO8F;AAAAA,QAAAA;AAAAA,MAAQ,CAC5C;AACAvH,UAAImC,IAAIC,OAAO,GAAG;AAClB,aAAO;AAAA,QAAEhB,IAAI;AAAA,QAAOK,OAAO8F;AAAAA,MAAAA;AAAAA,IAC7B;AAEA,QAAIA,YAAY,iBAAiBA,YAAY,uBAAuB;AAClE,YAAM1E,cAAcuB,UAClB;AAAA,QAAEf,MAAM,CAAC;AAAA,UAAEC,KAAKjB;AAAAA,QAAAA,GAAYkB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,MAAA,GAC1E;AAAA,QAAEmB,MAAM;AAAA,UAAExB,QAAQ;AAAA,UAASX,OAAO8F;AAAAA,QAAAA;AAAAA,MAAQ,CAC5C;AACAvH,UAAImC,IAAIC,OAAO,GAAG;AAClB,aAAO;AAAA,QAAEhB,IAAI;AAAA,QAAOK,OAAO8F;AAAAA,MAAAA;AAAAA,IAC7B;AAEA,UAAM1E,cAAcuB,UAClB;AAAA,MAAEf,MAAM,CAAC;AAAA,QAAEC,KAAKjB;AAAAA,MAAAA,GAAYkB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,IAAA,GAC1E;AAAA,MAAEmB,MAAM;AAAA,QAAExB,QAAQ;AAAA,QAASX,OAAO8F;AAAAA,MAAAA;AAAAA,IAAQ,CAC5C;AAEAvH,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AACF;AC9WO,MAAM+F,YAA2F,OACtGxF,UACAhC,QAC2C;AAC3C,QAAMiC,WAAWC,YAAYlC,GAAG;AAChC,MAAI,CAACiC,UAAU;AACbjC,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMY,WAAWC,OAAOtC,IAAIuC,IAAIC,QAAQH,YAAY,EAAE,EAAEnD,KAAAA;AACxD,MAAI,CAACmD,UAAU;AACbrC,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMgB,UAAUC,oBAAoB1C,KAAKiC,QAAQ;AACjD,QAAMU,WAAWC,YAAY5C,KAAKiC,UAAUQ,OAAO;AAEnD,QAAM,CAACI,eAAeC,WAAW,IAAI,MAAMhC,QAAQiC,IAAI,CACrDC,OAAOC,IAAI,mBAAmBN,QAAQ,GACtCK,OAAOC,IAAI,iBAAiBN,QAAQ,CAAmC,CACxE;AAED,MAAI,CAACF,QAAQS,IAAI,QAAQ,iBAAiB,GAAG;AAC3ClD,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMgG,UAAU,MAAM5E,cAAcO,QAAQ;AAAA,IAAEC,MAAM,CAAC;AAAA,MAAEC,KAAKjB;AAAAA,IAAAA,GAAYkB,4BAA4Bd,SAAS,MAAM,CAAC;AAAA,EAAA,CAAG,EAAEe,KAAAA;AACzH,MAAI,CAACiE,SAAS;AACZzH,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMiG,eAAe,MAAM5E,YAAY2C,KACrC;AAAA,IAAEpD;AAAAA,EAAAA,GACF;AAAA,IAAEsD,OAAO;AAAA,IAAGrC,KAAK;AAAA,EAAA,CACnB,EAAEoC,KAAK;AAAA,IAAEC,OAAO;AAAA,EAAA,CAAG,EAAEnC,KAAAA;AAErB,QAAMmE,WAAYD,aACfE,IAAKC,SAAS,OAAOA,IAAIlC,UAAU,WAAWkC,IAAIlC,QAAQ,EAAG,EAC7D1F,OAAQ6H,CAAAA,MAAMC,OAAOC,UAAUF,CAAC,KAAKA,KAAK,CAAC;AAE9C,SAAO;AAAA,IACL1G,IAAI;AAAA,IACJgB,QAAQqF,QAAQrF;AAAAA,IAChB6F,WAAWR,QAAQQ;AAAAA,IACnBrB,aAAaa,QAAQb;AAAAA,IACrBe;AAAAA,IACA,GAAIF,QAAQhE,SAAS;AAAA,MAAEA,QAAQgE,QAAQhE;AAAAA,IAAAA,IAAW,CAAA;AAAA,EAAC;AAEvD;ACjEO,MAAMyE,YAAY;AAClB,MAAMC,aAAa;AACnB,MAAMC,cAAc;AACpB,MAAMC,gBAAgB;AAEtB,MAAMC,oBAAoBC,OAAS;AAAA,EACxC/H,UAAU+H,OAAEC,EAASnC,IAAI,CAAC;AAAA,EAC1B/G,UAAUiJ,OAAEC,EAASnC,IAAI,CAAC;AAAA,EAC1Bf,UAAUiD,QAAEE,EAAUC,SAAAA;AAAAA,EACtBjI,WAAW8H,OAAEI,EAASC,IAAAA,EAAMvC,IAAI,CAAC;AACnC,CAAC;AAIiCkC,OAAS;AAAA,EACzCnH,IAAImH,QAAEE;AAAAA,EACNhH,OAAO8G,OAAEC,EAASE,SAAAA;AAAAA,EAClBrG,UAAUkG,OAAEC,EAASE,SAAAA;AAAAA,EACrBG,WAAWN,OAAEC,EAASE,SAAAA;AAAAA,EACtBT,WAAWM,OAAEI,EAASC,IAAAA,EAAMF,SAAAA;AAAAA,EAC5B9B,aAAa2B,OAAEI,EAASC,IAAAA,EAAMF,SAAAA;AAChC,CAAC;AAImCH,OAAS;AAAA,EAC3CnH,IAAImH,QAAEE;AAAAA,EACNhH,OAAO8G,OAAEC,EAASE,SAAAA;AAAAA,EAClBtG,QAAQmG,MAAO,CAAC,aAAa,cAAc,QAAQ,OAAO,CAAC,EAAEG,SAAAA;AAAAA,EAC7DT,WAAWM,OAAEI,EAASC,IAAAA,EAAMF,SAAAA;AAAAA,EAC5B9B,aAAa2B,OAAEI,EAASC,IAAAA,EAAMF,SAAAA;AAAAA,EAC9Bf,UAAUY,MAAQA,SAAWK,IAAAA,EAAMvC,IAAI,CAAC,CAAC,EAAEqC,SAAAA;AAAAA,EAC3CjF,QAAQ8E,OAAEC,EAASE,SAAAA;AACrB,CAAC;AAIqCH,OAAS;AAAA,EAC7CnH,IAAImH,QAAEE;AAAAA,EACNhH,OAAO8G,OAAEC,EAASE,SAAAA;AAAAA,EAClBjF,QAAQ8E,OAAEC,EAASE,SAAAA;AACrB,CAAC;ACrBM,MAAMI,aAA+F,OAC1GC,SACA/I,QACyC;AACzC,QAAMiC,WAAWC,YAAYlC,GAAG;AAChC,MAAI,CAACiC,UAAU;AACbjC,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMiD,SAASsE,UAAUhJ,GAAG;AAE5B,QAAMiJ,SAASC,kBAA0BC,UAAUJ,WAAW,CAAA,CAAE;AAChE,MAAI,CAACE,OAAOG,SAAS;AACnBpJ,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMwG,YAAYoB,kBAAAA;AAClB,QAAM;AAAA,IAAE7I;AAAAA,IAAUlB;AAAAA,IAAUmB;AAAAA,IAAW6E;AAAAA,EAAAA,IAAa2D,OAAOpK;AAC3D,QAAM+H,cAAc9G,KAAKwJ,KAAK7I,YAAYwH,SAAS;AAEnD,QAAMxF,UAAUC,oBAAoB1C,KAAKiC,QAAQ;AACjD,QAAMU,WAAWC,YAAY5C,KAAKiC,UAAUQ,OAAO;AAEnD,QAAM,CAACI,eAAeC,WAAW,IAAI,MAAMhC,QAAQiC,IAAI,CACrDC,OAAOC,IAAI,mBAAmBN,QAAQ,GACtCK,OAAOC,IAAI,iBAAiBN,QAAQ,CAAmC,CACxE;AAED,QAAMoB,oBAAoBlB,eAAeC,WAAW;AAEpD,QAAMT,WAAW,IAAIkH,SAAAA,EAAWrL,SAAAA;AAChC,QAAMsL,MAAMC,KAAKD,IAAAA;AACjB,QAAME,YAAY,IAAID,KAAKD,MAAMG,iBAAiB;AAElD,QAAMd,YAAYnE,SAAS,OAAOkF,YAAY,EAAE,EAAE1L,SAAS,WAAW;AACtE,QAAMqH,eAAesD,YAAYgB,iBAAiBzK,OAAOC,KAAKwJ,SAAS,CAAC,IAAIlE;AAE5E,QAAM9B,cAAciH,OAAO;AAAA,IACzBxG,KAAKjB;AAAAA,IACL,GAAIqC,SAAS;AAAA,MAAEA;AAAAA,IAAAA,IAAW,CAAA;AAAA,IAC1B,GAAIa,eAAe;AAAA,MAAEA;AAAAA,IAAAA,IAAiB,CAAA;AAAA,IACtC/E;AAAAA,IACAlB;AAAAA,IACA,GAAI,OAAOgG,aAAa,YAAY;AAAA,MAAEA;AAAAA,IAAAA,IAAa,CAAA;AAAA,IACnD7E;AAAAA,IACAwH;AAAAA,IACArB;AAAAA,IACAxE,QAAQ;AAAA,IACR2H,WAAW,IAAIN,KAAKD,GAAG;AAAA,IACvBE;AAAAA,EAAAA,CACD;AAED,SAAO;AAAA,IACLtI,IAAI;AAAA,IACJiB;AAAAA,IACA4F;AAAAA,IACArB;AAAAA,IACA,GAAIiC,YAAY;AAAA,MAAEA;AAAAA,IAAAA,IAAc,CAAA;AAAA,EAAC;AAErC;AC5DO,MAAMmB,cAAqE,OAChFjB,SACA/I,QACkC;AAClC,QAAMiC,WAAWC,YAAYlC,GAAG;AAChC,MAAI,CAACiC,UAAU;AACbjC,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMY,WAAWC,OAAOtC,IAAIuC,IAAIC,QAAQH,YAAY,EAAE,EAAEnD,KAAAA;AACxD,QAAM+K,WAAW3H,OAAOtC,IAAIuC,IAAIC,QAAQmD,SAAS,EAAE,EAAEzG,KAAAA;AACrD,QAAMyG,QAAQoC,OAAOkC,QAAQ;AAE7B,MAAI,CAAC5H,YAAY,CAAC0F,OAAOC,UAAUrC,KAAK,KAAKA,QAAQ,GAAG;AACtD3F,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMgB,UAAUC,oBAAoB1C,KAAKiC,QAAQ;AACjD,QAAMU,WAAWC,YAAY5C,KAAKiC,UAAUQ,OAAO;AAEnD,QAAM,CAACI,eAAeC,WAAW,IAAI,MAAMhC,QAAQiC,IAAI,CACrDC,OAAOC,IAAI,mBAAmBN,QAAQ,GACtCK,OAAOC,IAAI,iBAAiBN,QAAQ,CAAmC,CACxE;AAED,MAAI,CAACF,QAAQS,IAAI,UAAU,iBAAiB,GAAG;AAC7ClD,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMgG,UAAU,MAAM5E,cAAcO,QAAQ;AAAA,IAAEC,MAAM,CAAC;AAAA,MAAEC,KAAKjB;AAAAA,IAAAA,GAAYkB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,EAAA,CAAG,EAAEe,KAAAA;AAC3H,MAAI,CAACiE,SAAS;AACZzH,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,MAAIgG,QAAQrF,WAAW,aAAa;AAClCpC,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,MAAIkE,SAAS8B,QAAQb,aAAa;AAChC5G,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAM5C,OAAOqL,gBAAgBnB,OAAO;AACpC,MAAI,CAAClK,MAAM;AACTmB,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAM0I,eAAexE,UAAU8B,QAAQb,cAAc,IACjDa,QAAQhH,YAAYgH,QAAQQ,aAAaR,QAAQb,cAAc,KAC/Da,QAAQQ;AAEZ,MAAIpJ,KAAKC,SAASqL,cAAc;AAC9BnK,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,MAAI5C,KAAKC,WAAWqL,cAAc;AAChCnK,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAM2I,iBAAiBpK,IAAIuC,IAAIU,IAAI,gBAAgB;AACnD,QAAMoH,SAASD,iBAAiBP,iBAAiBhL,IAAI,IAAI8F;AAEzD,MAAIyF,gBAAgB;AAClB,UAAME,iBAAiBC,mBAAmBH,cAAc;AACxD,QAAIC,WAAWC,gBAAgB;AAC7BtK,UAAImC,IAAIC,OAAO,GAAG;AAClB,aAAO;AAAA,QAAEhB,IAAI;AAAA,QAAOK,OAAO;AAAA,MAAA;AAAA,IAC7B;AAAA,EACF;AAEA,QAAMsC,oBAAoBlB,eAAeC,WAAW;AAEpD,QAAMA,YAAYsB,UAChB;AAAA,IAAE/B;AAAAA,IAAUsD;AAAAA,EAAAA,GACZ;AAAA,IACE/B,MAAM;AAAA,MACJvB;AAAAA,MACAsD;AAAAA,MACA9G;AAAAA,MACA2L,MAAM3L,KAAKC;AAAAA,MACXuL;AAAAA,MACAX,WAAWjC,QAAQiC;AAAAA,IAAAA;AAAAA,IAErBe,cAAc;AAAA,MACZV,+BAAeN,KAAAA;AAAAA,IAAK;AAAA,EACtB,GAEF;AAAA,IAAEiB,QAAQ;AAAA,EAAA,CACZ;AAEA1K,MAAImC,IAAIC,OAAO,GAAG;AAClB,SAAO;AAAA,IAAEhB,IAAI;AAAA,EAAA;AACf;AC7HO,MAAMuJ,gBAAgBA,CAAC;AAAA,EAC5BC;AAAAA,EACAC;AAIF,MAAM;AACJ,SAAO,CAACtI,KAAUJ,KAAU2I,SAAc;AACxC,UAAMC,cAAc,OAAOxI,KAAKyI,UAAU,cAAc,MAAM,WAC1D1I,OAAOC,IAAIyI,QAAQ,cAAc,CAAC,IAClC;AAEJ,QAAI,CAACD,YAAYE,SAAS,0BAA0B,GAAG;AACrDH,WAAAA;AACA;AAAA,IACF;AAEA,QAAII,QAAQ;AACZ,UAAMrF,SAAmB,CAAA;AACzB,QAAIsF,OAAO;AACX,QAAIC,SAAS;AACb,QAAIC,kBAAwD;AAE5D,UAAMC,qBAAqB,OAAOT,4BAA4B,YAAYA,0BAA0B,IAChGA,0BACA;AAEJ,UAAMtJ,UAAUA,MAAM;AACpBgB,UAAIb,IAAI,QAAQ6J,MAAM;AACtBhJ,UAAIb,IAAI,OAAO8J,KAAK;AACpBjJ,UAAIb,IAAI,SAASF,OAAO;AACxBe,UAAIb,IAAI,WAAW+J,SAAS;AAC5B,UAAIJ,iBAAiB;AACnBK,qBAAaL,eAAe;AAC5BA,0BAAkB;AAAA,MACpB;AAAA,IACF;AAEA,UAAMM,SAASA,CAAClK,UAAoB;AAClC,UAAI0J,KAAM;AACVA,aAAO;AAEP5J,cAAAA;AAEA,UAAIE,OAAO;AACTqJ,aAAKrJ,KAAK;AACV;AAAA,MACF;AAEAc,UAAIqJ,OAAOxM,OAAOkH,OAAOT,QAAQqF,KAAK;AACtCJ,WAAAA;AAAAA,IACF;AAEA,UAAMS,SAASA,CAACpK,UAAe;AAC7B,UAAIgK,KAAM;AACV,YAAMU,SAASzM,OAAO0M,SAAS3K,KAAK,IAAIA,QAAQ/B,OAAOC,KAAK8B,KAAK;AACjE+J,eAASW,OAAO/M;AAEhB,UAAIoM,QAAQN,YAAY;AACtBO,eAAO;AACP5J,gBAAAA;AACAgB,YAAIT,QAAAA;AACJK,YAAIC,OAAO,GAAG,EAAE2J,KAAK;AAAA,UAAE3K,IAAI;AAAA,UAAOK,OAAO;AAAA,QAAA,CAAmB;AAC5D;AAAA,MACF;AAEAoE,aAAOlF,KAAKkL,MAAM;AAElB,UAAI,CAACP,mBAAoB;AAEzB,YAAM9B,MAAMC,KAAKD,IAAAA;AACjB,YAAMwC,YAAYC,aAAa1J,GAAG;AAClC,YAAM2J,QAAQC,mBAAmBH,WAAWV,oBAAoB9B,GAAG;AACnE,YAAM4C,SAASC,kBAAkBH,OAAOL,OAAO/M,QAAQwM,oBAAoB9B,GAAG;AAE9E,UAAI4C,SAAS,KAAK,CAAChB,QAAQ;AACzBA,iBAAS;AACT7I,YAAI+J,MAAAA;AACJjB,0BAAkBkB,WAAW,MAAM;AACjClB,4BAAkB;AAClBD,mBAAS;AACT,cAAID,KAAM;AACV,cAAI;AACF5I,gBAAIiK,OAAAA;AAAAA,UACN,QAAQ;AAAA,UACN;AAAA,QAEJ,GAAGJ,MAAM;AAAA,MACX;AAAA,IACF;AAEA,UAAMZ,QAAQA,MAAMG,OAAAA;AACpB,UAAMnK,UAAUA,CAACiL,QAAiBd,OAAOc,GAAG;AAC5C,UAAMhB,YAAYA,MAAME,OAAO,IAAI5M,MAAM,iBAAiB,CAAC;AAE3DwD,QAAIZ,GAAG,QAAQ4J,MAAM;AACrBhJ,QAAIZ,GAAG,OAAO6J,KAAK;AACnBjJ,QAAIZ,GAAG,SAASH,OAAO;AACvBe,QAAIZ,GAAG,WAAW8J,SAAS;AAAA,EAC7B;AACF;AAQA,MAAMiB,oBAAoB;AAC1B,MAAMC,kBAAkB,KAAK,KAAK;AAElC,MAAMC,uCAAuBC,IAAAA;AAC7B,IAAIC,gBAAgB;AAEpB,MAAMb,eAAeA,CAAC1J,QAAqB;AACzC,QAAMwK,cAAc,OAAOxK,KAAKyK,aAAa,WAAWzK,IAAIyK,WAAW;AACvE,MAAID,YAAY7N,KAAAA,EAAQ,QAAO6N,YAAY7N,KAAAA;AAC3C,QAAM+N,QAAQ,OAAO1K,KAAK2K,OAAO,WAAW3K,IAAI2K,KAAK;AACrD,SAAOD,MAAM/N,UAAU;AACzB;AAEA,MAAMiO,qBAAqBA,CAAC3D,QAAgB;AAC1C,MAAIA,MAAMsD,gBAAgB,IAAQ;AAClCA,kBAAgBtD;AAEhB,MAAIoD,iBAAiBpC,OAAO,IAAM;AAElC,aAAW,CAAC4C,KAAKlB,KAAK,KAAKU,kBAAkB;AAC3C,QAAIpD,MAAM0C,MAAMmB,aAAaV,iBAAiB;AAC5CC,uBAAiBU,OAAOF,GAAG;AAAA,IAC7B;AAAA,EACF;AACF;AAEA,MAAMjB,qBAAqBA,CAACiB,KAAa9B,oBAA4B9B,QAAiC;AACpG2D,qBAAmB3D,GAAG;AAEtB,QAAM+D,WAAWjC,qBAAqBoB;AACtC,QAAMvJ,WAAWyJ,iBAAiB3J,IAAImK,GAAG;AACzC,MAAIjK,UAAU;AACZA,aAASkK,aAAa7D;AACtBrG,aAASqK,SAAS1N,KAAKuG,IAAIkH,UAAUpK,SAASqK,MAAM;AACpD,WAAOrK;AAAAA,EACT;AAEA,QAAM2H,OAAwB;AAAA,IAC5B0C,QAAQD;AAAAA,IACRE,cAAcjE;AAAAA,IACd6D,YAAY7D;AAAAA,EAAAA;AAEdoD,mBAAiBc,IAAIN,KAAKtC,IAAI;AAC9B,SAAOA;AACT;AAEA,MAAMuB,oBAAoBA,CACxBH,OACAyB,OACArC,oBACA9B,QACW;AACX,QAAM+D,WAAWjC,qBAAqBoB;AACtC,QAAMkB,YAAY9N,KAAKF,IAAI,GAAG4J,MAAM0C,MAAMuB,YAAY;AAEtD,MAAIG,YAAY,GAAG;AACjB1B,UAAMsB,SAAS1N,KAAKuG,IAAIkH,UAAUrB,MAAMsB,SAAUI,YAAYtC,qBAAsB,GAAI;AACxFY,UAAMuB,eAAejE;AAAAA,EACvB;AAEA0C,QAAMsB,UAAUG;AAEhB,MAAIzB,MAAMsB,UAAU,EAAG,QAAO;AAC9B,SAAO1N,KAAKwJ,KAAM,CAAC4C,MAAMsB,SAASlC,qBAAsB,GAAI;AAC9D;AChKA,MAAA,UAAe,CAACuC,QAA0B;AACxC,QAAMC,iBAAiBzE,kBAAAA;AACvBwE,MAAIE,IACF7E,WACAyB,cAAc;AAAA,IACZC,YAAYoD,qBAAqBF,cAAc;AAAA,IAC/CjD,yBAAyBoD,iCAAAA;AAAAA,EAAiC,CAC3D,CACH;AAEAJ,MAAIK,KAAKhF,WAAmBJ,UAAU;AACtC+E,MAAIM,IAAIjF,YAAoBc,WAAW;AACvC6D,MAAI5K,IAAIiG,aAAqB1B,SAAS;AACtCqG,MAAIK,KAAKhF,eAAuBnH,cAAc;AAChD;"}
1
+ {"version":3,"file":"handler-BPtmV7Gp.js","sources":["../src/uploads/api/file-uploads/processors/sanitizeSvg.ts","../src/uploads/api/file-uploads/processors/index.ts","../src/uploads/api/file-uploads/handlers/completeUpload.ts","../src/uploads/api/file-uploads/handlers/getStatus.ts","../src/uploads/api/file-uploads/index.ts","../src/uploads/api/file-uploads/handlers/initUpload.ts","../src/uploads/api/file-uploads/handlers/uploadChunk.ts","../src/uploads/api/file-uploads/middleware/rawBodyParser.ts","../src/uploads/api/file-uploads/handler.ts"],"sourcesContent":["import { JSDOM } from \"jsdom\"\nimport createDOMPurify from \"dompurify\"\n\nimport type { UploadFileProcessor } from \"./index\"\n\n\nconst MAX_SVG_BYTES = 128 * 1024\n\nconst window = new JSDOM(\"\").window\nconst DOMPurify = createDOMPurify(window)\n\nconst normalizeForSniff = (raw: string): string => raw.replace(/^\\uFEFF/, \"\").trimStart()\n\nconst looksLikeSvgText = (text: string): boolean => {\n const normalized = normalizeForSniff(text)\n if (!normalized.startsWith(\"<\")) return false\n return /<svg(?:\\s|>)/i.test(normalized)\n}\n\nexport const looksLikeSvg = (sniff: Buffer): boolean => looksLikeSvgText(sniff.toString(\"utf8\"))\n\nexport const sanitizeSvg = (svg: string): string =>\n DOMPurify.sanitize(svg, {\n USE_PROFILES: { svg: true, svgFilters: true },\n })\n\nexport const sanitizeSvgProcessor: UploadFileProcessor = {\n id: \"sanitize-svg\",\n maxBytes: MAX_SVG_BYTES,\n match: ({ sniff }) => looksLikeSvg(sniff),\n process: (data): { data: Buffer; mimeType: string } => {\n if (data.length > MAX_SVG_BYTES) {\n throw new Error(\"svg_too_large\")\n }\n\n const svgText = data.toString(\"utf8\")\n if (!looksLikeSvgText(svgText)) {\n throw new Error(\"svg_invalid\")\n }\n\n const sanitized = sanitizeSvg(svgText)\n if (!sanitized.trim() || !looksLikeSvgText(sanitized)) {\n throw new Error(\"svg_sanitize_failed\")\n }\n\n const sanitizedBuffer = Buffer.from(sanitized, \"utf8\")\n if (sanitizedBuffer.length > MAX_SVG_BYTES) {\n throw new Error(\"svg_too_large\")\n }\n\n return { data: sanitizedBuffer, mimeType: \"image/svg+xml\" }\n },\n}\n\n","import { sanitizeSvgProcessor } from \"./sanitizeSvg\"\n\n\nexport type UploadFileProcessorContext = {\n filename: string\n clientMimeType: string\n totalSize: number\n sniff: Buffer\n}\n\nexport type UploadFileProcessorResult = {\n data: Buffer\n mimeType?: string\n}\n\nexport type UploadFileProcessor = {\n id: string\n maxBytes: number\n match: (ctx: UploadFileProcessorContext) => boolean\n process: (data: Buffer, ctx: UploadFileProcessorContext) => Promise<UploadFileProcessorResult> | UploadFileProcessorResult\n}\n\nexport const uploadProcessors = Object.freeze([sanitizeSvgProcessor] satisfies UploadFileProcessor[])\n\nexport const getMaxUploadProcessorBytes = (): number =>\n uploadProcessors.reduce((max, processor) => Math.max(max, processor.maxBytes), 0)\n\nexport const selectUploadProcessors = (ctx: UploadFileProcessorContext): UploadFileProcessor[] =>\n uploadProcessors.filter((processor) => processor.match(ctx))\n\nexport const applyUploadProcessors = async (\n data: Buffer,\n ctx: Omit<UploadFileProcessorContext, \"sniff\" | \"totalSize\">,\n): Promise<{ data: Buffer; mimeType: string; applied: string[] }> => {\n let currentData = data\n let currentMimeType = ctx.clientMimeType\n const applied: string[] = []\n\n for (const processor of uploadProcessors) {\n const processorCtx: UploadFileProcessorContext = {\n filename: ctx.filename,\n clientMimeType: currentMimeType,\n totalSize: currentData.length,\n sniff: currentData,\n }\n\n if (!processor.match(processorCtx)) continue\n\n if (currentData.length > processor.maxBytes) {\n throw new Error(\"processor_input_too_large\")\n }\n\n const result = await processor.process(currentData, processorCtx)\n currentData = result.data\n if (typeof result.mimeType === \"string\" && result.mimeType.trim()) {\n currentMimeType = result.mimeType.trim()\n }\n applied.push(processor.id)\n }\n\n return {\n data: currentData,\n mimeType: currentMimeType,\n applied,\n }\n}\n","import { ApiHandler } from \"@rpcbase/api\"\nimport { getTenantFilesystemDb, models } from \"@rpcbase/db\"\nimport { GridFSBucket } from \"mongodb\"\nimport type { Model } from \"mongoose\"\n\nimport * as Uploads from \"../index\"\nimport { enqueueUploadPostProcessors } from \"../postProcessors\"\nimport { applyUploadProcessors, getMaxUploadProcessorBytes, selectUploadProcessors } from \"../processors\"\nimport {\n type SessionUser,\n type UploadChunkDoc,\n type UploadSessionDoc,\n buildUploadsAbility,\n ensureUploadIndexes,\n getBucketName,\n getModelCtx,\n getUploadSessionAccessQuery,\n getTenantId,\n} from \"../shared\"\n\n\nconst waitForStreamFinished = async (stream: NodeJS.WritableStream): Promise<void> => new Promise((resolve, reject) => {\n stream.once(\"finish\", resolve)\n stream.once(\"error\", reject)\n})\n\nconst writeToStream = async (stream: NodeJS.WritableStream, chunk: Buffer): Promise<void> => {\n const ok = stream.write(chunk)\n if (ok) return\n await new Promise<void>((resolve, reject) => {\n const onDrain = () => {\n cleanup()\n resolve()\n }\n\n const onError = (error: unknown) => {\n cleanup()\n reject(error)\n }\n\n const cleanup = () => {\n stream.off(\"drain\", onDrain)\n stream.off(\"error\", onError)\n }\n\n stream.on(\"drain\", onDrain)\n stream.on(\"error\", onError)\n })\n}\n\nconst abortUploadStream = async (stream: unknown): Promise<void> => {\n if (!stream) return\n if (typeof (stream as { abort?: unknown }).abort === \"function\") {\n try {\n await (stream as { abort: () => Promise<void> | void }).abort()\n return\n } catch {\n //\n }\n }\n try {\n ;(stream as { destroy?: () => void }).destroy?.()\n } catch {\n //\n }\n}\n\nexport const completeUpload: ApiHandler<Record<string, never>, Uploads.CompleteResponsePayload, SessionUser> = async (\n _payload,\n ctx,\n): Promise<Uploads.CompleteResponsePayload> => {\n const tenantId = getTenantId(ctx)\n if (!tenantId) {\n ctx.res.status(400)\n return { ok: false, error: \"tenant_missing\" }\n }\n\n const uploadId = String(ctx.req.params?.uploadId ?? \"\").trim()\n if (!uploadId) {\n ctx.res.status(400)\n return { ok: false, error: \"invalid_upload_id\" }\n }\n\n const ability = buildUploadsAbility(ctx, tenantId)\n const modelCtx = getModelCtx(ctx, tenantId, ability)\n\n const [UploadSession, UploadChunk] = await Promise.all([\n models.get(\"RBUploadSession\", modelCtx) as Promise<Model<UploadSessionDoc>>,\n models.get(\"RBUploadChunk\", modelCtx) as Promise<Model<UploadChunkDoc>>,\n ])\n\n if (!ability.can(\"update\", \"RBUploadSession\")) {\n ctx.res.status(401)\n return { ok: false, error: \"unauthorized\" }\n }\n\n const existing = await UploadSession.findOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"read\")] }).lean()\n if (!existing) {\n ctx.res.status(404)\n return { ok: false, error: \"not_found\" }\n }\n\n if (existing.status === \"done\" && existing.fileId) {\n return { ok: true, fileId: existing.fileId }\n }\n\n const locked = await UploadSession.findOneAndUpdate(\n { $and: [{ _id: uploadId }, { status: \"uploading\" }, getUploadSessionAccessQuery(ability, \"update\")] },\n { $set: { status: \"assembling\" }, $unset: { error: \"\" } },\n { returnDocument: \"after\" },\n ).lean()\n\n if (!locked) {\n ctx.res.status(409)\n return { ok: false, error: \"not_uploading\" }\n }\n\n await ensureUploadIndexes(UploadSession, UploadChunk)\n\n const fsDb = await getTenantFilesystemDb(tenantId)\n const nativeDb = fsDb.db\n if (!nativeDb) {\n await UploadSession.updateOne(\n { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"update\")] },\n { $set: { status: \"error\", error: \"filesystem_db_unavailable\" } },\n )\n ctx.res.status(500)\n return { ok: false, error: \"assembly_failed\" }\n }\n const bucketName = getBucketName()\n const bucket = new GridFSBucket(nativeDb, { bucketName })\n\n const lockedUserId = typeof locked.userId === \"string\" ? locked.userId : undefined\n const maxProcessorBytes = getMaxUploadProcessorBytes()\n const shouldBufferForProcessing = locked.totalSize <= maxProcessorBytes\n const declaredMimeType = locked.mimeType.trim().toLowerCase()\n const declaredSvg = declaredMimeType === \"image/svg+xml\" || locked.filename.trim().toLowerCase().endsWith(\".svg\")\n\n let uploadStream: NodeJS.WritableStream | null = null\n let finalMimeType = locked.mimeType\n let inlineProcessors: string[] = []\n let finalMetadata: Record<string, unknown> = {\n uploadId,\n tenantId,\n mimeType: locked.mimeType,\n totalSize: locked.totalSize,\n ...(typeof locked.isPublic === \"boolean\" ? { isPublic: locked.isPublic } : {}),\n ...(typeof locked.ownerKeyHash === \"string\" ? { ownerKeyHash: locked.ownerKeyHash } : {}),\n ...(lockedUserId ? { userId: lockedUserId } : {}),\n }\n\n try {\n if (!shouldBufferForProcessing && declaredSvg) {\n throw new Error(\"svg_too_large\")\n }\n\n const cursor = UploadChunk.find({ uploadId }).sort({ index: 1 }).cursor() as unknown as AsyncIterable<UploadChunkDoc> & {\n close: () => Promise<void>\n }\n\n let expectedIndex = 0\n const chunks: Buffer[] = []\n let bufferedBytes = 0\n\n const pendingChunks: Buffer[] = []\n const sniffParts: Buffer[] = []\n let sniffBytes = 0\n\n try {\n for await (const chunkDoc of cursor) {\n if (chunkDoc.index !== expectedIndex) {\n throw new Error(\"missing_chunks\")\n }\n\n const chunk = chunkDoc.data\n\n if (shouldBufferForProcessing) {\n chunks.push(chunk)\n bufferedBytes += chunk.length\n } else if (!uploadStream) {\n pendingChunks.push(chunk)\n\n if (sniffBytes < maxProcessorBytes) {\n const slice = chunk.subarray(0, Math.min(chunk.length, maxProcessorBytes - sniffBytes))\n if (slice.length) {\n sniffParts.push(slice)\n sniffBytes += slice.length\n }\n }\n\n if (sniffBytes >= maxProcessorBytes) {\n const sniff = Buffer.concat(sniffParts, sniffBytes)\n const processors = selectUploadProcessors({\n filename: locked.filename,\n clientMimeType: locked.mimeType,\n totalSize: locked.totalSize,\n sniff,\n })\n\n if (processors.length) {\n throw new Error(\"svg_too_large\")\n }\n\n finalMetadata = {\n uploadId,\n tenantId,\n mimeType: locked.mimeType,\n totalSize: locked.totalSize,\n ...(typeof locked.isPublic === \"boolean\" ? { isPublic: locked.isPublic } : {}),\n ...(typeof locked.ownerKeyHash === \"string\" ? { ownerKeyHash: locked.ownerKeyHash } : {}),\n ...(lockedUserId ? { userId: lockedUserId } : {}),\n }\n uploadStream = bucket.openUploadStream(locked.filename, {\n metadata: finalMetadata,\n })\n\n for (const pending of pendingChunks) {\n await writeToStream(uploadStream, pending)\n }\n pendingChunks.length = 0\n }\n } else {\n await writeToStream(uploadStream, chunk)\n }\n\n expectedIndex += 1\n }\n } finally {\n try {\n await cursor.close()\n } catch {\n //\n }\n }\n\n if (expectedIndex !== locked.chunksTotal) {\n throw new Error(\"missing_chunks\")\n }\n\n if (shouldBufferForProcessing) {\n const assembled = Buffer.concat(chunks, bufferedBytes)\n const { data: processed, mimeType: processedMimeType, applied } = await applyUploadProcessors(assembled, {\n filename: locked.filename,\n clientMimeType: locked.mimeType,\n })\n\n finalMimeType = processedMimeType\n inlineProcessors = applied\n finalMetadata = {\n uploadId,\n tenantId,\n mimeType: processedMimeType,\n totalSize: locked.totalSize,\n ...(applied.length ? { processors: applied, processedSize: processed.length } : {}),\n ...(typeof locked.isPublic === \"boolean\" ? { isPublic: locked.isPublic } : {}),\n ...(typeof locked.ownerKeyHash === \"string\" ? { ownerKeyHash: locked.ownerKeyHash } : {}),\n ...(lockedUserId ? { userId: lockedUserId } : {}),\n }\n uploadStream = bucket.openUploadStream(locked.filename, {\n metadata: finalMetadata,\n })\n\n const finished = waitForStreamFinished(uploadStream)\n uploadStream.end(processed)\n await finished\n } else {\n if (!uploadStream) {\n const sniff = Buffer.concat(sniffParts, sniffBytes)\n const processors = selectUploadProcessors({\n filename: locked.filename,\n clientMimeType: locked.mimeType,\n totalSize: locked.totalSize,\n sniff,\n })\n\n if (processors.length) {\n throw new Error(\"svg_too_large\")\n }\n\n finalMetadata = {\n uploadId,\n tenantId,\n mimeType: locked.mimeType,\n totalSize: locked.totalSize,\n ...(typeof locked.isPublic === \"boolean\" ? { isPublic: locked.isPublic } : {}),\n ...(typeof locked.ownerKeyHash === \"string\" ? { ownerKeyHash: locked.ownerKeyHash } : {}),\n ...(lockedUserId ? { userId: lockedUserId } : {}),\n }\n uploadStream = bucket.openUploadStream(locked.filename, {\n metadata: finalMetadata,\n })\n\n for (const pending of pendingChunks) {\n await writeToStream(uploadStream, pending)\n }\n pendingChunks.length = 0\n }\n\n const finished = waitForStreamFinished(uploadStream)\n uploadStream.end()\n await finished\n }\n\n const fileId = String((uploadStream as unknown as { id?: unknown }).id ?? \"\")\n if (!fileId) {\n throw new Error(\"missing_file_id\")\n }\n\n await UploadSession.updateOne(\n { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"update\")] },\n { $set: { status: \"done\", fileId }, $unset: { error: \"\" } },\n )\n\n await enqueueUploadPostProcessors({\n tenantId,\n uploadId,\n fileId,\n filename: locked.filename,\n mimeType: finalMimeType,\n clientMimeType: locked.mimeType,\n totalSize: locked.totalSize,\n ...(typeof locked.isPublic === \"boolean\" ? { isPublic: locked.isPublic } : {}),\n ...(typeof locked.ownerKeyHash === \"string\" ? { ownerKeyHash: locked.ownerKeyHash } : {}),\n ...(lockedUserId ? { userId: lockedUserId } : {}),\n inlineProcessors,\n metadata: finalMetadata,\n }).catch((error) => {\n console.error(\"Upload post processor enqueue failed\", {\n tenantId,\n uploadId,\n fileId,\n error,\n })\n })\n\n try {\n await UploadChunk.deleteMany({ uploadId })\n } catch {\n //\n }\n\n return { ok: true, fileId }\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error)\n\n await abortUploadStream(uploadStream)\n\n if (message === \"missing_chunks\") {\n await UploadSession.updateOne(\n { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"update\")] },\n { $set: { status: \"uploading\" } },\n )\n ctx.res.status(409)\n return { ok: false, error: \"missing_chunks\" }\n }\n\n if (message === \"svg_too_large\") {\n await UploadSession.updateOne(\n { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"update\")] },\n { $set: { status: \"error\", error: message } },\n )\n ctx.res.status(413)\n return { ok: false, error: message }\n }\n\n if (message === \"svg_invalid\" || message === \"svg_sanitize_failed\") {\n await UploadSession.updateOne(\n { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"update\")] },\n { $set: { status: \"error\", error: message } },\n )\n ctx.res.status(400)\n return { ok: false, error: message }\n }\n\n await UploadSession.updateOne(\n { $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"update\")] },\n { $set: { status: \"error\", error: message } },\n )\n\n ctx.res.status(500)\n return { ok: false, error: \"assembly_failed\" }\n }\n}\n","import { ApiHandler } from \"@rpcbase/api\"\nimport { models } from \"@rpcbase/db\"\nimport type { Model } from \"mongoose\"\n\nimport * as Uploads from \"../index\"\nimport {\n type SessionUser,\n type UploadChunkDoc,\n type UploadSessionDoc,\n buildUploadsAbility,\n getModelCtx,\n getUploadSessionAccessQuery,\n getTenantId,\n} from \"../shared\"\n\n\nexport const getStatus: ApiHandler<Record<string, never>, Uploads.StatusResponsePayload, SessionUser> = async (\n _payload,\n ctx,\n): Promise<Uploads.StatusResponsePayload> => {\n const tenantId = getTenantId(ctx)\n if (!tenantId) {\n ctx.res.status(400)\n return { ok: false, error: \"tenant_missing\" }\n }\n\n const uploadId = String(ctx.req.params?.uploadId ?? \"\").trim()\n if (!uploadId) {\n ctx.res.status(400)\n return { ok: false, error: \"invalid_upload_id\" }\n }\n\n const ability = buildUploadsAbility(ctx, tenantId)\n const modelCtx = getModelCtx(ctx, tenantId, ability)\n\n const [UploadSession, UploadChunk] = await Promise.all([\n models.get(\"RBUploadSession\", modelCtx) as Promise<Model<UploadSessionDoc>>,\n models.get(\"RBUploadChunk\", modelCtx) as Promise<Model<UploadChunkDoc>>,\n ])\n\n if (!ability.can(\"read\", \"RBUploadSession\")) {\n ctx.res.status(401)\n return { ok: false, error: \"unauthorized\" }\n }\n\n const session = await UploadSession.findOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"read\")] }).lean()\n if (!session) {\n ctx.res.status(404)\n return { ok: false, error: \"not_found\" }\n }\n\n const receivedDocs = await UploadChunk.find(\n { uploadId },\n { index: 1, _id: 0 },\n ).sort({ index: 1 }).lean()\n\n const received = (receivedDocs as unknown as Array<{ index?: unknown }>)\n .map((doc) => (typeof doc.index === \"number\" ? doc.index : -1))\n .filter((n) => Number.isInteger(n) && n >= 0)\n\n return {\n ok: true,\n status: session.status,\n chunkSize: session.chunkSize,\n chunksTotal: session.chunksTotal,\n received,\n ...(session.fileId ? { fileId: session.fileId } : {}),\n }\n}\n","import { z } from \"zod\"\n\n\nexport const InitRoute = \"/api/rb/file-uploads\"\nexport const ChunkRoute = \"/api/rb/file-uploads/:uploadId/chunks/:index\"\nexport const StatusRoute = \"/api/rb/file-uploads/:uploadId/status\"\nexport const CompleteRoute = \"/api/rb/file-uploads/:uploadId/complete\"\n\nexport const initRequestSchema = z.object({\n filename: z.string().min(1),\n mimeType: z.string().min(1),\n isPublic: z.boolean().optional(),\n totalSize: z.number().int().min(1),\n})\n\nexport type InitRequestPayload = z.infer<typeof initRequestSchema>\n\nexport const initResponseSchema = z.object({\n ok: z.boolean(),\n error: z.string().optional(),\n uploadId: z.string().optional(),\n uploadKey: z.string().optional(),\n chunkSize: z.number().int().optional(),\n chunksTotal: z.number().int().optional(),\n})\n\nexport type InitResponsePayload = z.infer<typeof initResponseSchema>\n\nexport const statusResponseSchema = z.object({\n ok: z.boolean(),\n error: z.string().optional(),\n status: z.enum([\"uploading\", \"assembling\", \"done\", \"error\"]).optional(),\n chunkSize: z.number().int().optional(),\n chunksTotal: z.number().int().optional(),\n received: z.array(z.number().int().min(0)).optional(),\n fileId: z.string().optional(),\n})\n\nexport type StatusResponsePayload = z.infer<typeof statusResponseSchema>\n\nexport const completeResponseSchema = z.object({\n ok: z.boolean(),\n error: z.string().optional(),\n fileId: z.string().optional(),\n})\n\nexport type CompleteResponsePayload = z.infer<typeof completeResponseSchema>\n","import { randomBytes } from \"node:crypto\"\n\nimport { ApiHandler } from \"@rpcbase/api\"\nimport { models } from \"@rpcbase/db\"\nimport { ObjectId } from \"mongodb\"\nimport type { Model } from \"mongoose\"\n\nimport * as Uploads from \"../index\"\nimport {\n type SessionUser,\n type UploadChunkDoc,\n type UploadSessionDoc,\n buildUploadsAbility,\n computeSha256Hex,\n ensureUploadIndexes,\n getChunkSizeBytes,\n getModelCtx,\n getSessionTtlMs,\n getTenantId,\n getUserId,\n} from \"../shared\"\n\n\nexport const initUpload: ApiHandler<Uploads.InitRequestPayload, Uploads.InitResponsePayload, SessionUser> = async (\n payload,\n ctx,\n): Promise<Uploads.InitResponsePayload> => {\n const tenantId = getTenantId(ctx)\n if (!tenantId) {\n ctx.res.status(400)\n return { ok: false, error: \"tenant_missing\" }\n }\n\n const userId = getUserId(ctx)\n\n const parsed = Uploads.initRequestSchema.safeParse(payload ?? {})\n if (!parsed.success) {\n ctx.res.status(400)\n return { ok: false, error: \"invalid_payload\" }\n }\n\n const chunkSize = getChunkSizeBytes()\n const { filename, mimeType, totalSize, isPublic } = parsed.data\n const chunksTotal = Math.ceil(totalSize / chunkSize)\n\n const ability = buildUploadsAbility(ctx, tenantId)\n const modelCtx = getModelCtx(ctx, tenantId, ability)\n\n const [UploadSession, UploadChunk] = await Promise.all([\n models.get(\"RBUploadSession\", modelCtx) as Promise<Model<UploadSessionDoc>>,\n models.get(\"RBUploadChunk\", modelCtx) as Promise<Model<UploadChunkDoc>>,\n ])\n\n await ensureUploadIndexes(UploadSession, UploadChunk)\n\n const uploadId = new ObjectId().toString()\n const now = Date.now()\n const expiresAt = new Date(now + getSessionTtlMs())\n\n const uploadKey = userId ? null : randomBytes(32).toString(\"base64url\")\n const ownerKeyHash = uploadKey ? computeSha256Hex(Buffer.from(uploadKey)) : undefined\n\n await UploadSession.create({\n _id: uploadId,\n ...(userId ? { userId } : {}),\n ...(ownerKeyHash ? { ownerKeyHash } : {}),\n filename,\n mimeType,\n ...(typeof isPublic === \"boolean\" ? { isPublic } : {}),\n totalSize,\n chunkSize,\n chunksTotal,\n status: \"uploading\",\n createdAt: new Date(now),\n expiresAt,\n })\n\n return {\n ok: true,\n uploadId,\n chunkSize,\n chunksTotal,\n ...(uploadKey ? { uploadKey } : {}),\n }\n}\n","import { ApiHandler } from \"@rpcbase/api\"\nimport { models } from \"@rpcbase/db\"\nimport type { Model } from \"mongoose\"\n\nimport {\n type SessionUser,\n type UploadChunkDoc,\n type UploadSessionDoc,\n buildUploadsAbility,\n computeSha256Hex,\n ensureUploadIndexes,\n getModelCtx,\n getUploadSessionAccessQuery,\n getTenantId,\n normalizeSha256Hex,\n toBufferPayload,\n} from \"../shared\"\n\n\ntype ChunkResponsePayload = {\n ok: boolean\n error?: string\n}\n\nexport const uploadChunk: ApiHandler<Buffer, ChunkResponsePayload, SessionUser> = async (\n payload,\n ctx,\n): Promise<ChunkResponsePayload> => {\n const tenantId = getTenantId(ctx)\n if (!tenantId) {\n ctx.res.status(400)\n return { ok: false, error: \"tenant_missing\" }\n }\n\n const uploadId = String(ctx.req.params?.uploadId ?? \"\").trim()\n const indexRaw = String(ctx.req.params?.index ?? \"\").trim()\n const index = Number(indexRaw)\n\n if (!uploadId || !Number.isInteger(index) || index < 0) {\n ctx.res.status(400)\n return { ok: false, error: \"invalid_chunk_ref\" }\n }\n\n const ability = buildUploadsAbility(ctx, tenantId)\n const modelCtx = getModelCtx(ctx, tenantId, ability)\n\n const [UploadSession, UploadChunk] = await Promise.all([\n models.get(\"RBUploadSession\", modelCtx) as Promise<Model<UploadSessionDoc>>,\n models.get(\"RBUploadChunk\", modelCtx) as Promise<Model<UploadChunkDoc>>,\n ])\n\n if (!ability.can(\"update\", \"RBUploadSession\")) {\n ctx.res.status(401)\n return { ok: false, error: \"unauthorized\" }\n }\n\n const session = await UploadSession.findOne({ $and: [{ _id: uploadId }, getUploadSessionAccessQuery(ability, \"update\")] }).lean()\n if (!session) {\n ctx.res.status(404)\n return { ok: false, error: \"not_found\" }\n }\n\n if (session.status !== \"uploading\") {\n ctx.res.status(409)\n return { ok: false, error: \"not_uploading\" }\n }\n\n if (index >= session.chunksTotal) {\n ctx.res.status(400)\n return { ok: false, error: \"index_out_of_range\" }\n }\n\n const data = toBufferPayload(payload)\n if (!data) {\n ctx.res.status(400)\n return { ok: false, error: \"invalid_body\" }\n }\n\n const expectedSize = index === session.chunksTotal - 1\n ? session.totalSize - session.chunkSize * (session.chunksTotal - 1)\n : session.chunkSize\n\n if (data.length > expectedSize) {\n ctx.res.status(413)\n return { ok: false, error: \"chunk_too_large\" }\n }\n\n if (data.length !== expectedSize) {\n ctx.res.status(400)\n return { ok: false, error: \"invalid_chunk_size\" }\n }\n\n const checksumHeader = ctx.req.get(\"X-Chunk-SHA256\")\n const sha256 = checksumHeader ? computeSha256Hex(data) : undefined\n\n if (checksumHeader) {\n const expectedSha256 = normalizeSha256Hex(checksumHeader)\n if (sha256 !== expectedSha256) {\n ctx.res.status(400)\n return { ok: false, error: \"checksum_mismatch\" }\n }\n }\n\n await ensureUploadIndexes(UploadSession, UploadChunk)\n\n await UploadChunk.updateOne(\n { uploadId, index },\n {\n $set: {\n uploadId,\n index,\n data,\n size: data.length,\n sha256,\n expiresAt: session.expiresAt,\n },\n $setOnInsert: {\n createdAt: new Date(),\n },\n },\n { upsert: true },\n )\n\n ctx.res.status(204)\n return { ok: true }\n}\n","export const rawBodyParser = ({\n limitBytes,\n maxClientBytesPerSecond,\n}: {\n limitBytes: number\n maxClientBytesPerSecond?: number | null\n}) => {\n return (req: any, res: any, next: any) => {\n const contentType = typeof req?.headers?.[\"content-type\"] === \"string\"\n ? String(req.headers[\"content-type\"])\n : \"\"\n\n if (!contentType.includes(\"application/octet-stream\")) {\n next()\n return\n }\n\n let total = 0\n const chunks: Buffer[] = []\n let done = false\n let paused = false\n let throttleTimeout: ReturnType<typeof setTimeout> | null = null\n\n const rateBytesPerSecond = typeof maxClientBytesPerSecond === \"number\" && maxClientBytesPerSecond > 0\n ? maxClientBytesPerSecond\n : null\n\n const cleanup = () => {\n req.off(\"data\", onData)\n req.off(\"end\", onEnd)\n req.off(\"error\", onError)\n req.off(\"aborted\", onAborted)\n if (throttleTimeout) {\n clearTimeout(throttleTimeout)\n throttleTimeout = null\n }\n }\n\n const finish = (error?: unknown) => {\n if (done) return\n done = true\n\n cleanup()\n\n if (error) {\n next(error)\n return\n }\n\n req.body = Buffer.concat(chunks, total)\n next()\n }\n\n const onData = (chunk: any) => {\n if (done) return\n const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk)\n total += buffer.length\n\n if (total > limitBytes) {\n done = true\n cleanup()\n req.destroy()\n res.status(413).json({ ok: false, error: \"chunk_too_large\" })\n return\n }\n\n chunks.push(buffer)\n\n if (!rateBytesPerSecond) return\n\n const now = Date.now()\n const clientKey = getClientKey(req)\n const state = getClientRateState(clientKey, rateBytesPerSecond, now)\n const waitMs = consumeRateBudget(state, buffer.length, rateBytesPerSecond, now)\n\n if (waitMs > 0 && !paused) {\n paused = true\n req.pause()\n throttleTimeout = setTimeout(() => {\n throttleTimeout = null\n paused = false\n if (done) return\n try {\n req.resume()\n } catch {\n //\n }\n }, waitMs)\n }\n }\n\n const onEnd = () => finish()\n const onError = (err: unknown) => finish(err)\n const onAborted = () => finish(new Error(\"request_aborted\"))\n\n req.on(\"data\", onData)\n req.on(\"end\", onEnd)\n req.on(\"error\", onError)\n req.on(\"aborted\", onAborted)\n }\n}\n\ntype ClientRateState = {\n tokens: number\n lastRefillMs: number\n lastSeenMs: number\n}\n\nconst MAX_BURST_SECONDS = 1\nconst STALE_CLIENT_MS = 15 * 60 * 1000\n\nconst clientRateStates = new Map<string, ClientRateState>()\nlet lastCleanupMs = 0\n\nconst getClientKey = (req: any): string => {\n const rawClientIp = typeof req?.clientIp === \"string\" ? req.clientIp : \"\"\n if (rawClientIp.trim()) return rawClientIp.trim()\n const rawIp = typeof req?.ip === \"string\" ? req.ip : \"\"\n return rawIp.trim() || \"unknown\"\n}\n\nconst maybeCleanupStates = (now: number) => {\n if (now - lastCleanupMs < 60_000) return\n lastCleanupMs = now\n\n if (clientRateStates.size < 2000) return\n\n for (const [key, state] of clientRateStates) {\n if (now - state.lastSeenMs > STALE_CLIENT_MS) {\n clientRateStates.delete(key)\n }\n }\n}\n\nconst getClientRateState = (key: string, rateBytesPerSecond: number, now: number): ClientRateState => {\n maybeCleanupStates(now)\n\n const capacity = rateBytesPerSecond * MAX_BURST_SECONDS\n const existing = clientRateStates.get(key)\n if (existing) {\n existing.lastSeenMs = now\n existing.tokens = Math.min(capacity, existing.tokens)\n return existing\n }\n\n const next: ClientRateState = {\n tokens: capacity,\n lastRefillMs: now,\n lastSeenMs: now,\n }\n clientRateStates.set(key, next)\n return next\n}\n\nconst consumeRateBudget = (\n state: ClientRateState,\n bytes: number,\n rateBytesPerSecond: number,\n now: number,\n): number => {\n const capacity = rateBytesPerSecond * MAX_BURST_SECONDS\n const elapsedMs = Math.max(0, now - state.lastRefillMs)\n\n if (elapsedMs > 0) {\n state.tokens = Math.min(capacity, state.tokens + (elapsedMs * rateBytesPerSecond) / 1000)\n state.lastRefillMs = now\n }\n\n state.tokens -= bytes\n\n if (state.tokens >= 0) return 0\n return Math.ceil((-state.tokens / rateBytesPerSecond) * 1000)\n}\n","import { Api } from \"@rpcbase/api\"\n\nimport { completeUpload } from \"./handlers/completeUpload\"\nimport { getStatus } from \"./handlers/getStatus\"\nimport { initUpload } from \"./handlers/initUpload\"\nimport { uploadChunk } from \"./handlers/uploadChunk\"\nimport { rawBodyParser } from \"./middleware/rawBodyParser\"\nimport { getChunkSizeBytes, getMaxClientUploadBytesPerSecond, getRawBodyLimitBytes, type SessionUser } from \"./shared\"\n\nimport * as Uploads from \"./index\"\n\n\nexport default (api: Api<SessionUser>) => {\n const chunkSizeBytes = getChunkSizeBytes()\n api.use(\n Uploads.InitRoute,\n rawBodyParser({\n limitBytes: getRawBodyLimitBytes(chunkSizeBytes),\n maxClientBytesPerSecond: getMaxClientUploadBytesPerSecond(),\n }),\n )\n\n api.post(Uploads.InitRoute, initUpload)\n api.put(Uploads.ChunkRoute, uploadChunk)\n api.get(Uploads.StatusRoute, getStatus)\n api.post(Uploads.CompleteRoute, completeUpload)\n}\n"],"names":["MAX_SVG_BYTES","window","JSDOM","DOMPurify","createDOMPurify","normalizeForSniff","raw","replace","trimStart","looksLikeSvgText","text","normalized","startsWith","test","looksLikeSvg","sniff","toString","sanitizeSvg","svg","sanitize","USE_PROFILES","svgFilters","sanitizeSvgProcessor","id","maxBytes","match","process","data","length","Error","svgText","sanitized","trim","sanitizedBuffer","Buffer","from","mimeType","uploadProcessors","Object","freeze","getMaxUploadProcessorBytes","reduce","max","processor","Math","selectUploadProcessors","ctx","filter","applyUploadProcessors","currentData","currentMimeType","clientMimeType","applied","processorCtx","filename","totalSize","result","push","waitForStreamFinished","stream","Promise","resolve","reject","once","writeToStream","chunk","ok","write","onDrain","cleanup","onError","error","off","on","abortUploadStream","abort","destroy","completeUpload","_payload","tenantId","getTenantId","res","status","uploadId","String","req","params","ability","buildUploadsAbility","modelCtx","getModelCtx","UploadSession","UploadChunk","all","models","get","can","existing","findOne","$and","_id","getUploadSessionAccessQuery","lean","fileId","locked","findOneAndUpdate","$set","$unset","returnDocument","ensureUploadIndexes","fsDb","getTenantFilesystemDb","nativeDb","db","updateOne","bucketName","getBucketName","bucket","GridFSBucket","lockedUserId","userId","undefined","maxProcessorBytes","shouldBufferForProcessing","declaredMimeType","toLowerCase","declaredSvg","endsWith","uploadStream","finalMimeType","inlineProcessors","finalMetadata","isPublic","ownerKeyHash","cursor","find","sort","index","expectedIndex","chunks","bufferedBytes","pendingChunks","sniffParts","sniffBytes","chunkDoc","slice","subarray","min","concat","processors","openUploadStream","metadata","pending","close","chunksTotal","assembled","processed","processedMimeType","processedSize","finished","end","enqueueUploadPostProcessors","catch","console","deleteMany","message","getStatus","session","receivedDocs","received","map","doc","n","Number","isInteger","chunkSize","InitRoute","ChunkRoute","StatusRoute","CompleteRoute","initRequestSchema","z","string","boolean","optional","number","int","uploadKey","initUpload","payload","getUserId","parsed","Uploads","safeParse","success","getChunkSizeBytes","ceil","ObjectId","now","Date","expiresAt","getSessionTtlMs","randomBytes","computeSha256Hex","create","createdAt","uploadChunk","indexRaw","toBufferPayload","expectedSize","checksumHeader","sha256","expectedSha256","normalizeSha256Hex","size","$setOnInsert","upsert","rawBodyParser","limitBytes","maxClientBytesPerSecond","next","contentType","headers","includes","total","done","paused","throttleTimeout","rateBytesPerSecond","onData","onEnd","onAborted","clearTimeout","finish","body","buffer","isBuffer","json","clientKey","getClientKey","state","getClientRateState","waitMs","consumeRateBudget","pause","setTimeout","resume","err","MAX_BURST_SECONDS","STALE_CLIENT_MS","clientRateStates","Map","lastCleanupMs","rawClientIp","clientIp","rawIp","ip","maybeCleanupStates","key","lastSeenMs","delete","capacity","tokens","lastRefillMs","set","bytes","elapsedMs","api","chunkSizeBytes","use","getRawBodyLimitBytes","getMaxClientUploadBytesPerSecond","post","put"],"mappings":";;;;;;;;AAMA,MAAMA,gBAAgB,MAAM;AAE5B,MAAMC,SAAS,IAAIC,MAAM,EAAE,EAAED;AAC7B,MAAME,YAAYC,gBAAgBH,MAAM;AAExC,MAAMI,oBAAoBA,CAACC,QAAwBA,IAAIC,QAAQ,WAAW,EAAE,EAAEC,UAAAA;AAE9E,MAAMC,mBAAmBA,CAACC,SAA0B;AAClD,QAAMC,aAAaN,kBAAkBK,IAAI;AACzC,MAAI,CAACC,WAAWC,WAAW,GAAG,EAAG,QAAO;AACxC,SAAO,gBAAgBC,KAAKF,UAAU;AACxC;AAEO,MAAMG,eAAeA,CAACC,UAA2BN,iBAAiBM,MAAMC,SAAS,MAAM,CAAC;AAExF,MAAMC,cAAcA,CAACC,QAC1Bf,UAAUgB,SAASD,KAAK;AAAA,EACtBE,cAAc;AAAA,IAAEF,KAAK;AAAA,IAAMG,YAAY;AAAA,EAAA;AACzC,CAAC;AAEI,MAAMC,uBAA4C;AAAA,EACvDC,IAAI;AAAA,EACJC,UAAUxB;AAAAA,EACVyB,OAAOA,CAAC;AAAA,IAAEV;AAAAA,EAAAA,MAAYD,aAAaC,KAAK;AAAA,EACxCW,SAASA,CAACC,SAA6C;AACrD,QAAIA,KAAKC,SAAS5B,eAAe;AAC/B,YAAM,IAAI6B,MAAM,eAAe;AAAA,IACjC;AAEA,UAAMC,UAAUH,KAAKX,SAAS,MAAM;AACpC,QAAI,CAACP,iBAAiBqB,OAAO,GAAG;AAC9B,YAAM,IAAID,MAAM,aAAa;AAAA,IAC/B;AAEA,UAAME,YAAYd,YAAYa,OAAO;AACrC,QAAI,CAACC,UAAUC,KAAAA,KAAU,CAACvB,iBAAiBsB,SAAS,GAAG;AACrD,YAAM,IAAIF,MAAM,qBAAqB;AAAA,IACvC;AAEA,UAAMI,kBAAkBC,OAAOC,KAAKJ,WAAW,MAAM;AACrD,QAAIE,gBAAgBL,SAAS5B,eAAe;AAC1C,YAAM,IAAI6B,MAAM,eAAe;AAAA,IACjC;AAEA,WAAO;AAAA,MAAEF,MAAMM;AAAAA,MAAiBG,UAAU;AAAA,IAAA;AAAA,EAC5C;AACF;AC9BO,MAAMC,mBAAmBC,OAAOC,OAAO,CAACjB,oBAAoB,CAAiC;AAE7F,MAAMkB,6BAA6BA,MACxCH,iBAAiBI,OAAO,CAACC,KAAKC,cAAcC,KAAKF,IAAIA,KAAKC,UAAUnB,QAAQ,GAAG,CAAC;AAE3E,MAAMqB,yBAAyBA,CAACC,QACrCT,iBAAiBU,OAAQJ,CAAAA,cAAcA,UAAUlB,MAAMqB,GAAG,CAAC;AAEtD,MAAME,wBAAwB,OACnCrB,MACAmB,QACmE;AACnE,MAAIG,cAActB;AAClB,MAAIuB,kBAAkBJ,IAAIK;AAC1B,QAAMC,UAAoB,CAAA;AAE1B,aAAWT,aAAaN,kBAAkB;AACxC,UAAMgB,eAA2C;AAAA,MAC/CC,UAAUR,IAAIQ;AAAAA,MACdH,gBAAgBD;AAAAA,MAChBK,WAAWN,YAAYrB;AAAAA,MACvBb,OAAOkC;AAAAA,IAAAA;AAGT,QAAI,CAACN,UAAUlB,MAAM4B,YAAY,EAAG;AAEpC,QAAIJ,YAAYrB,SAASe,UAAUnB,UAAU;AAC3C,YAAM,IAAIK,MAAM,2BAA2B;AAAA,IAC7C;AAEA,UAAM2B,SAAS,MAAMb,UAAUjB,QAAQuB,aAAaI,YAAY;AAChEJ,kBAAcO,OAAO7B;AACrB,QAAI,OAAO6B,OAAOpB,aAAa,YAAYoB,OAAOpB,SAASJ,QAAQ;AACjEkB,wBAAkBM,OAAOpB,SAASJ,KAAAA;AAAAA,IACpC;AACAoB,YAAQK,KAAKd,UAAUpB,EAAE;AAAA,EAC3B;AAEA,SAAO;AAAA,IACLI,MAAMsB;AAAAA,IACNb,UAAUc;AAAAA,IACVE;AAAAA,EAAAA;AAEJ;AC5CA,MAAMM,wBAAwB,OAAOC,WAAiD,IAAIC,QAAQ,CAACC,SAASC,WAAW;AACrHH,SAAOI,KAAK,UAAUF,OAAO;AAC7BF,SAAOI,KAAK,SAASD,MAAM;AAC7B,CAAC;AAED,MAAME,gBAAgB,OAAOL,QAA+BM,UAAiC;AAC3F,QAAMC,KAAKP,OAAOQ,MAAMF,KAAK;AAC7B,MAAIC,GAAI;AACR,QAAM,IAAIN,QAAc,CAACC,SAASC,WAAW;AAC3C,UAAMM,UAAUA,MAAM;AACpBC,cAAAA;AACAR,cAAAA;AAAAA,IACF;AAEA,UAAMS,UAAUA,CAACC,UAAmB;AAClCF,cAAAA;AACAP,aAAOS,KAAK;AAAA,IACd;AAEA,UAAMF,UAAUA,MAAM;AACpBV,aAAOa,IAAI,SAASJ,OAAO;AAC3BT,aAAOa,IAAI,SAASF,OAAO;AAAA,IAC7B;AAEAX,WAAOc,GAAG,SAASL,OAAO;AAC1BT,WAAOc,GAAG,SAASH,OAAO;AAAA,EAC5B,CAAC;AACH;AAEA,MAAMI,oBAAoB,OAAOf,WAAmC;AAClE,MAAI,CAACA,OAAQ;AACb,MAAI,OAAQA,OAA+BgB,UAAU,YAAY;AAC/D,QAAI;AACF,YAAOhB,OAAiDgB,MAAAA;AACxD;AAAA,IACF,QAAQ;AAAA,IACN;AAAA,EAEJ;AACA,MAAI;AACF;AAAEhB,WAAoCiB,UAAAA;AAAAA,EACxC,QAAQ;AAAA,EACN;AAEJ;AAEO,MAAMC,iBAAkG,OAC7GC,UACAhC,QAC6C;AAC7C,QAAMiC,WAAWC,YAAYlC,GAAG;AAChC,MAAI,CAACiC,UAAU;AACbjC,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMY,WAAWC,OAAOtC,IAAIuC,IAAIC,QAAQH,YAAY,EAAE,EAAEnD,KAAAA;AACxD,MAAI,CAACmD,UAAU;AACbrC,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMgB,UAAUC,oBAAoB1C,KAAKiC,QAAQ;AACjD,QAAMU,WAAWC,YAAY5C,KAAKiC,UAAUQ,OAAO;AAEnD,QAAM,CAACI,eAAeC,WAAW,IAAI,MAAMhC,QAAQiC,IAAI,CACrDC,OAAOC,IAAI,mBAAmBN,QAAQ,GACtCK,OAAOC,IAAI,iBAAiBN,QAAQ,CAAmC,CACxE;AAED,MAAI,CAACF,QAAQS,IAAI,UAAU,iBAAiB,GAAG;AAC7ClD,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAM0B,WAAW,MAAMN,cAAcO,QAAQ;AAAA,IAAEC,MAAM,CAAC;AAAA,MAAEC,KAAKjB;AAAAA,IAAAA,GAAYkB,4BAA4Bd,SAAS,MAAM,CAAC;AAAA,EAAA,CAAG,EAAEe,KAAAA;AAC1H,MAAI,CAACL,UAAU;AACbnD,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,MAAI0B,SAASf,WAAW,UAAUe,SAASM,QAAQ;AACjD,WAAO;AAAA,MAAErC,IAAI;AAAA,MAAMqC,QAAQN,SAASM;AAAAA,IAAAA;AAAAA,EACtC;AAEA,QAAMC,SAAS,MAAMb,cAAcc,iBACjC;AAAA,IAAEN,MAAM,CAAC;AAAA,MAAEC,KAAKjB;AAAAA,IAAAA,GAAY;AAAA,MAAED,QAAQ;AAAA,IAAA,GAAemB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,EAAA,GACnG;AAAA,IAAEmB,MAAM;AAAA,MAAExB,QAAQ;AAAA,IAAA;AAAA,IAAgByB,QAAQ;AAAA,MAAEpC,OAAO;AAAA,IAAA;AAAA,EAAG,GACtD;AAAA,IAAEqC,gBAAgB;AAAA,EAAA,CACpB,EAAEN,KAAAA;AAEF,MAAI,CAACE,QAAQ;AACX1D,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMsC,oBAAoBlB,eAAeC,WAAW;AAEpD,QAAMkB,OAAO,MAAMC,sBAAsBhC,QAAQ;AACjD,QAAMiC,WAAWF,KAAKG;AACtB,MAAI,CAACD,UAAU;AACb,UAAMrB,cAAcuB,UAClB;AAAA,MAAEf,MAAM,CAAC;AAAA,QAAEC,KAAKjB;AAAAA,MAAAA,GAAYkB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,IAAA,GAC1E;AAAA,MAAEmB,MAAM;AAAA,QAAExB,QAAQ;AAAA,QAASX,OAAO;AAAA,MAAA;AAAA,IAA4B,CAChE;AACAzB,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AACA,QAAM4C,aAAaC,cAAAA;AACnB,QAAMC,SAAS,IAAIC,aAAaN,UAAU;AAAA,IAAEG;AAAAA,EAAAA,CAAY;AAExD,QAAMI,eAAe,OAAOf,OAAOgB,WAAW,WAAWhB,OAAOgB,SAASC;AACzE,QAAMC,oBAAoBlF,2BAAAA;AAC1B,QAAMmF,4BAA4BnB,OAAOjD,aAAamE;AACtD,QAAME,mBAAmBpB,OAAOpE,SAASJ,KAAAA,EAAO6F,YAAAA;AAChD,QAAMC,cAAcF,qBAAqB,mBAAmBpB,OAAOlD,SAAStB,OAAO6F,YAAAA,EAAcE,SAAS,MAAM;AAEhH,MAAIC,eAA6C;AACjD,MAAIC,gBAAgBzB,OAAOpE;AAC3B,MAAI8F,mBAA6B,CAAA;AACjC,MAAIC,gBAAyC;AAAA,IAC3ChD;AAAAA,IACAJ;AAAAA,IACA3C,UAAUoE,OAAOpE;AAAAA,IACjBmB,WAAWiD,OAAOjD;AAAAA,IAClB,GAAI,OAAOiD,OAAO4B,aAAa,YAAY;AAAA,MAAEA,UAAU5B,OAAO4B;AAAAA,IAAAA,IAAa,CAAA;AAAA,IAC3E,GAAI,OAAO5B,OAAO6B,iBAAiB,WAAW;AAAA,MAAEA,cAAc7B,OAAO6B;AAAAA,IAAAA,IAAiB,CAAA;AAAA,IACtF,GAAId,eAAe;AAAA,MAAEC,QAAQD;AAAAA,IAAAA,IAAiB,CAAA;AAAA,EAAC;AAGjD,MAAI;AACF,QAAI,CAACI,6BAA6BG,aAAa;AAC7C,YAAM,IAAIjG,MAAM,eAAe;AAAA,IACjC;AAEA,UAAMyG,SAAS1C,YAAY2C,KAAK;AAAA,MAAEpD;AAAAA,IAAAA,CAAU,EAAEqD,KAAK;AAAA,MAAEC,OAAO;AAAA,IAAA,CAAG,EAAEH,OAAAA;AAIjE,QAAII,gBAAgB;AACpB,UAAMC,SAAmB,CAAA;AACzB,QAAIC,gBAAgB;AAEpB,UAAMC,gBAA0B,CAAA;AAChC,UAAMC,aAAuB,CAAA;AAC7B,QAAIC,aAAa;AAEjB,QAAI;AACF,uBAAiBC,YAAYV,QAAQ;AACnC,YAAIU,SAASP,UAAUC,eAAe;AACpC,gBAAM,IAAI7G,MAAM,gBAAgB;AAAA,QAClC;AAEA,cAAMoC,QAAQ+E,SAASrH;AAEvB,YAAIgG,2BAA2B;AAC7BgB,iBAAOlF,KAAKQ,KAAK;AACjB2E,2BAAiB3E,MAAMrC;AAAAA,QACzB,WAAW,CAACoG,cAAc;AACxBa,wBAAcpF,KAAKQ,KAAK;AAExB,cAAI8E,aAAarB,mBAAmB;AAClC,kBAAMuB,QAAQhF,MAAMiF,SAAS,GAAGtG,KAAKuG,IAAIlF,MAAMrC,QAAQ8F,oBAAoBqB,UAAU,CAAC;AACtF,gBAAIE,MAAMrH,QAAQ;AAChBkH,yBAAWrF,KAAKwF,KAAK;AACrBF,4BAAcE,MAAMrH;AAAAA,YACtB;AAAA,UACF;AAEA,cAAImH,cAAcrB,mBAAmB;AACnC,kBAAM3G,QAAQmB,OAAOkH,OAAON,YAAYC,UAAU;AAClD,kBAAMM,aAAaxG,uBAAuB;AAAA,cACxCS,UAAUkD,OAAOlD;AAAAA,cACjBH,gBAAgBqD,OAAOpE;AAAAA,cACvBmB,WAAWiD,OAAOjD;AAAAA,cAClBxC;AAAAA,YAAAA,CACD;AAED,gBAAIsI,WAAWzH,QAAQ;AACrB,oBAAM,IAAIC,MAAM,eAAe;AAAA,YACjC;AAEAsG,4BAAgB;AAAA,cACdhD;AAAAA,cACAJ;AAAAA,cACA3C,UAAUoE,OAAOpE;AAAAA,cACjBmB,WAAWiD,OAAOjD;AAAAA,cAClB,GAAI,OAAOiD,OAAO4B,aAAa,YAAY;AAAA,gBAAEA,UAAU5B,OAAO4B;AAAAA,cAAAA,IAAa,CAAA;AAAA,cAC3E,GAAI,OAAO5B,OAAO6B,iBAAiB,WAAW;AAAA,gBAAEA,cAAc7B,OAAO6B;AAAAA,cAAAA,IAAiB,CAAA;AAAA,cACtF,GAAId,eAAe;AAAA,gBAAEC,QAAQD;AAAAA,cAAAA,IAAiB,CAAA;AAAA,YAAC;AAEjDS,2BAAeX,OAAOiC,iBAAiB9C,OAAOlD,UAAU;AAAA,cACtDiG,UAAUpB;AAAAA,YAAAA,CACX;AAED,uBAAWqB,WAAWX,eAAe;AACnC,oBAAM7E,cAAcgE,cAAcwB,OAAO;AAAA,YAC3C;AACAX,0BAAcjH,SAAS;AAAA,UACzB;AAAA,QACF,OAAO;AACL,gBAAMoC,cAAcgE,cAAc/D,KAAK;AAAA,QACzC;AAEAyE,yBAAiB;AAAA,MACnB;AAAA,IACF,UAAA;AACE,UAAI;AACF,cAAMJ,OAAOmB,MAAAA;AAAAA,MACf,QAAQ;AAAA,MACN;AAAA,IAEJ;AAEA,QAAIf,kBAAkBlC,OAAOkD,aAAa;AACxC,YAAM,IAAI7H,MAAM,gBAAgB;AAAA,IAClC;AAEA,QAAI8F,2BAA2B;AAC7B,YAAMgC,YAAYzH,OAAOkH,OAAOT,QAAQC,aAAa;AACrD,YAAM;AAAA,QAAEjH,MAAMiI;AAAAA,QAAWxH,UAAUyH;AAAAA,QAAmBzG;AAAAA,MAAAA,IAAY,MAAMJ,sBAAsB2G,WAAW;AAAA,QACvGrG,UAAUkD,OAAOlD;AAAAA,QACjBH,gBAAgBqD,OAAOpE;AAAAA,MAAAA,CACxB;AAED6F,sBAAgB4B;AAChB3B,yBAAmB9E;AACnB+E,sBAAgB;AAAA,QACdhD;AAAAA,QACAJ;AAAAA,QACA3C,UAAUyH;AAAAA,QACVtG,WAAWiD,OAAOjD;AAAAA,QAClB,GAAIH,QAAQxB,SAAS;AAAA,UAAEyH,YAAYjG;AAAAA,UAAS0G,eAAeF,UAAUhI;AAAAA,QAAAA,IAAW,CAAA;AAAA,QAChF,GAAI,OAAO4E,OAAO4B,aAAa,YAAY;AAAA,UAAEA,UAAU5B,OAAO4B;AAAAA,QAAAA,IAAa,CAAA;AAAA,QAC3E,GAAI,OAAO5B,OAAO6B,iBAAiB,WAAW;AAAA,UAAEA,cAAc7B,OAAO6B;AAAAA,QAAAA,IAAiB,CAAA;AAAA,QACtF,GAAId,eAAe;AAAA,UAAEC,QAAQD;AAAAA,QAAAA,IAAiB,CAAA;AAAA,MAAC;AAEjDS,qBAAeX,OAAOiC,iBAAiB9C,OAAOlD,UAAU;AAAA,QACtDiG,UAAUpB;AAAAA,MAAAA,CACX;AAED,YAAM4B,WAAWrG,sBAAsBsE,YAAY;AACnDA,mBAAagC,IAAIJ,SAAS;AAC1B,YAAMG;AAAAA,IACR,OAAO;AACL,UAAI,CAAC/B,cAAc;AACjB,cAAMjH,QAAQmB,OAAOkH,OAAON,YAAYC,UAAU;AAClD,cAAMM,aAAaxG,uBAAuB;AAAA,UACxCS,UAAUkD,OAAOlD;AAAAA,UACjBH,gBAAgBqD,OAAOpE;AAAAA,UACvBmB,WAAWiD,OAAOjD;AAAAA,UAClBxC;AAAAA,QAAAA,CACD;AAED,YAAIsI,WAAWzH,QAAQ;AACrB,gBAAM,IAAIC,MAAM,eAAe;AAAA,QACjC;AAEAsG,wBAAgB;AAAA,UACdhD;AAAAA,UACAJ;AAAAA,UACA3C,UAAUoE,OAAOpE;AAAAA,UACjBmB,WAAWiD,OAAOjD;AAAAA,UAClB,GAAI,OAAOiD,OAAO4B,aAAa,YAAY;AAAA,YAAEA,UAAU5B,OAAO4B;AAAAA,UAAAA,IAAa,CAAA;AAAA,UAC3E,GAAI,OAAO5B,OAAO6B,iBAAiB,WAAW;AAAA,YAAEA,cAAc7B,OAAO6B;AAAAA,UAAAA,IAAiB,CAAA;AAAA,UACtF,GAAId,eAAe;AAAA,YAAEC,QAAQD;AAAAA,UAAAA,IAAiB,CAAA;AAAA,QAAC;AAEjDS,uBAAeX,OAAOiC,iBAAiB9C,OAAOlD,UAAU;AAAA,UACtDiG,UAAUpB;AAAAA,QAAAA,CACX;AAED,mBAAWqB,WAAWX,eAAe;AACnC,gBAAM7E,cAAcgE,cAAcwB,OAAO;AAAA,QAC3C;AACAX,sBAAcjH,SAAS;AAAA,MACzB;AAEA,YAAMmI,WAAWrG,sBAAsBsE,YAAY;AACnDA,mBAAagC,IAAAA;AACb,YAAMD;AAAAA,IACR;AAEA,UAAMxD,SAASnB,OAAQ4C,aAA6CzG,MAAM,EAAE;AAC5E,QAAI,CAACgF,QAAQ;AACX,YAAM,IAAI1E,MAAM,iBAAiB;AAAA,IACnC;AAEA,UAAM8D,cAAcuB,UAClB;AAAA,MAAEf,MAAM,CAAC;AAAA,QAAEC,KAAKjB;AAAAA,MAAAA,GAAYkB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,IAAA,GAC1E;AAAA,MAAEmB,MAAM;AAAA,QAAExB,QAAQ;AAAA,QAAQqB;AAAAA,MAAAA;AAAAA,MAAUI,QAAQ;AAAA,QAAEpC,OAAO;AAAA,MAAA;AAAA,IAAG,CAC1D;AAEA,UAAM0F,4BAA4B;AAAA,MAChClF;AAAAA,MACAI;AAAAA,MACAoB;AAAAA,MACAjD,UAAUkD,OAAOlD;AAAAA,MACjBlB,UAAU6F;AAAAA,MACV9E,gBAAgBqD,OAAOpE;AAAAA,MACvBmB,WAAWiD,OAAOjD;AAAAA,MAClB,GAAI,OAAOiD,OAAO4B,aAAa,YAAY;AAAA,QAAEA,UAAU5B,OAAO4B;AAAAA,MAAAA,IAAa,CAAA;AAAA,MAC3E,GAAI,OAAO5B,OAAO6B,iBAAiB,WAAW;AAAA,QAAEA,cAAc7B,OAAO6B;AAAAA,MAAAA,IAAiB,CAAA;AAAA,MACtF,GAAId,eAAe;AAAA,QAAEC,QAAQD;AAAAA,MAAAA,IAAiB,CAAA;AAAA,MAC9CW;AAAAA,MACAqB,UAAUpB;AAAAA,IAAAA,CACX,EAAE+B,MAAO3F,CAAAA,UAAU;AAClB4F,cAAQ5F,MAAM,wCAAwC;AAAA,QACpDQ;AAAAA,QACAI;AAAAA,QACAoB;AAAAA,QACAhC;AAAAA,MAAAA,CACD;AAAA,IACH,CAAC;AAED,QAAI;AACF,YAAMqB,YAAYwE,WAAW;AAAA,QAAEjF;AAAAA,MAAAA,CAAU;AAAA,IAC3C,QAAQ;AAAA,IACN;AAGF,WAAO;AAAA,MAAEjB,IAAI;AAAA,MAAMqC;AAAAA,IAAAA;AAAAA,EACrB,SAAShC,OAAO;AACd,UAAM8F,UAAU9F,iBAAiB1C,QAAQ0C,MAAM8F,UAAUjF,OAAOb,KAAK;AAErE,UAAMG,kBAAkBsD,YAAY;AAEpC,QAAIqC,YAAY,kBAAkB;AAChC,YAAM1E,cAAcuB,UAClB;AAAA,QAAEf,MAAM,CAAC;AAAA,UAAEC,KAAKjB;AAAAA,QAAAA,GAAYkB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,MAAA,GAC1E;AAAA,QAAEmB,MAAM;AAAA,UAAExB,QAAQ;AAAA,QAAA;AAAA,MAAY,CAChC;AACApC,UAAImC,IAAIC,OAAO,GAAG;AAClB,aAAO;AAAA,QAAEhB,IAAI;AAAA,QAAOK,OAAO;AAAA,MAAA;AAAA,IAC7B;AAEA,QAAI8F,YAAY,iBAAiB;AAC/B,YAAM1E,cAAcuB,UAClB;AAAA,QAAEf,MAAM,CAAC;AAAA,UAAEC,KAAKjB;AAAAA,QAAAA,GAAYkB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,MAAA,GAC1E;AAAA,QAAEmB,MAAM;AAAA,UAAExB,QAAQ;AAAA,UAASX,OAAO8F;AAAAA,QAAAA;AAAAA,MAAQ,CAC5C;AACAvH,UAAImC,IAAIC,OAAO,GAAG;AAClB,aAAO;AAAA,QAAEhB,IAAI;AAAA,QAAOK,OAAO8F;AAAAA,MAAAA;AAAAA,IAC7B;AAEA,QAAIA,YAAY,iBAAiBA,YAAY,uBAAuB;AAClE,YAAM1E,cAAcuB,UAClB;AAAA,QAAEf,MAAM,CAAC;AAAA,UAAEC,KAAKjB;AAAAA,QAAAA,GAAYkB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,MAAA,GAC1E;AAAA,QAAEmB,MAAM;AAAA,UAAExB,QAAQ;AAAA,UAASX,OAAO8F;AAAAA,QAAAA;AAAAA,MAAQ,CAC5C;AACAvH,UAAImC,IAAIC,OAAO,GAAG;AAClB,aAAO;AAAA,QAAEhB,IAAI;AAAA,QAAOK,OAAO8F;AAAAA,MAAAA;AAAAA,IAC7B;AAEA,UAAM1E,cAAcuB,UAClB;AAAA,MAAEf,MAAM,CAAC;AAAA,QAAEC,KAAKjB;AAAAA,MAAAA,GAAYkB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,IAAA,GAC1E;AAAA,MAAEmB,MAAM;AAAA,QAAExB,QAAQ;AAAA,QAASX,OAAO8F;AAAAA,MAAAA;AAAAA,IAAQ,CAC5C;AAEAvH,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AACF;AC9WO,MAAM+F,YAA2F,OACtGxF,UACAhC,QAC2C;AAC3C,QAAMiC,WAAWC,YAAYlC,GAAG;AAChC,MAAI,CAACiC,UAAU;AACbjC,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMY,WAAWC,OAAOtC,IAAIuC,IAAIC,QAAQH,YAAY,EAAE,EAAEnD,KAAAA;AACxD,MAAI,CAACmD,UAAU;AACbrC,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMgB,UAAUC,oBAAoB1C,KAAKiC,QAAQ;AACjD,QAAMU,WAAWC,YAAY5C,KAAKiC,UAAUQ,OAAO;AAEnD,QAAM,CAACI,eAAeC,WAAW,IAAI,MAAMhC,QAAQiC,IAAI,CACrDC,OAAOC,IAAI,mBAAmBN,QAAQ,GACtCK,OAAOC,IAAI,iBAAiBN,QAAQ,CAAmC,CACxE;AAED,MAAI,CAACF,QAAQS,IAAI,QAAQ,iBAAiB,GAAG;AAC3ClD,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMgG,UAAU,MAAM5E,cAAcO,QAAQ;AAAA,IAAEC,MAAM,CAAC;AAAA,MAAEC,KAAKjB;AAAAA,IAAAA,GAAYkB,4BAA4Bd,SAAS,MAAM,CAAC;AAAA,EAAA,CAAG,EAAEe,KAAAA;AACzH,MAAI,CAACiE,SAAS;AACZzH,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMiG,eAAe,MAAM5E,YAAY2C,KACrC;AAAA,IAAEpD;AAAAA,EAAAA,GACF;AAAA,IAAEsD,OAAO;AAAA,IAAGrC,KAAK;AAAA,EAAA,CACnB,EAAEoC,KAAK;AAAA,IAAEC,OAAO;AAAA,EAAA,CAAG,EAAEnC,KAAAA;AAErB,QAAMmE,WAAYD,aACfE,IAAKC,SAAS,OAAOA,IAAIlC,UAAU,WAAWkC,IAAIlC,QAAQ,EAAG,EAC7D1F,OAAQ6H,CAAAA,MAAMC,OAAOC,UAAUF,CAAC,KAAKA,KAAK,CAAC;AAE9C,SAAO;AAAA,IACL1G,IAAI;AAAA,IACJgB,QAAQqF,QAAQrF;AAAAA,IAChB6F,WAAWR,QAAQQ;AAAAA,IACnBrB,aAAaa,QAAQb;AAAAA,IACrBe;AAAAA,IACA,GAAIF,QAAQhE,SAAS;AAAA,MAAEA,QAAQgE,QAAQhE;AAAAA,IAAAA,IAAW,CAAA;AAAA,EAAC;AAEvD;ACjEO,MAAMyE,YAAY;AAClB,MAAMC,aAAa;AACnB,MAAMC,cAAc;AACpB,MAAMC,gBAAgB;AAEtB,MAAMC,oBAAoBC,OAAS;AAAA,EACxC/H,UAAU+H,OAAEC,EAASnC,IAAI,CAAC;AAAA,EAC1B/G,UAAUiJ,OAAEC,EAASnC,IAAI,CAAC;AAAA,EAC1Bf,UAAUiD,QAAEE,EAAUC,SAAAA;AAAAA,EACtBjI,WAAW8H,OAAEI,EAASC,IAAAA,EAAMvC,IAAI,CAAC;AACnC,CAAC;AAIiCkC,OAAS;AAAA,EACzCnH,IAAImH,QAAEE;AAAAA,EACNhH,OAAO8G,OAAEC,EAASE,SAAAA;AAAAA,EAClBrG,UAAUkG,OAAEC,EAASE,SAAAA;AAAAA,EACrBG,WAAWN,OAAEC,EAASE,SAAAA;AAAAA,EACtBT,WAAWM,OAAEI,EAASC,IAAAA,EAAMF,SAAAA;AAAAA,EAC5B9B,aAAa2B,OAAEI,EAASC,IAAAA,EAAMF,SAAAA;AAChC,CAAC;AAImCH,OAAS;AAAA,EAC3CnH,IAAImH,QAAEE;AAAAA,EACNhH,OAAO8G,OAAEC,EAASE,SAAAA;AAAAA,EAClBtG,QAAQmG,MAAO,CAAC,aAAa,cAAc,QAAQ,OAAO,CAAC,EAAEG,SAAAA;AAAAA,EAC7DT,WAAWM,OAAEI,EAASC,IAAAA,EAAMF,SAAAA;AAAAA,EAC5B9B,aAAa2B,OAAEI,EAASC,IAAAA,EAAMF,SAAAA;AAAAA,EAC9Bf,UAAUY,MAAQA,SAAWK,IAAAA,EAAMvC,IAAI,CAAC,CAAC,EAAEqC,SAAAA;AAAAA,EAC3CjF,QAAQ8E,OAAEC,EAASE,SAAAA;AACrB,CAAC;AAIqCH,OAAS;AAAA,EAC7CnH,IAAImH,QAAEE;AAAAA,EACNhH,OAAO8G,OAAEC,EAASE,SAAAA;AAAAA,EAClBjF,QAAQ8E,OAAEC,EAASE,SAAAA;AACrB,CAAC;ACrBM,MAAMI,aAA+F,OAC1GC,SACA/I,QACyC;AACzC,QAAMiC,WAAWC,YAAYlC,GAAG;AAChC,MAAI,CAACiC,UAAU;AACbjC,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMiD,SAASsE,UAAUhJ,GAAG;AAE5B,QAAMiJ,SAASC,kBAA0BC,UAAUJ,WAAW,CAAA,CAAE;AAChE,MAAI,CAACE,OAAOG,SAAS;AACnBpJ,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMwG,YAAYoB,kBAAAA;AAClB,QAAM;AAAA,IAAE7I;AAAAA,IAAUlB;AAAAA,IAAUmB;AAAAA,IAAW6E;AAAAA,EAAAA,IAAa2D,OAAOpK;AAC3D,QAAM+H,cAAc9G,KAAKwJ,KAAK7I,YAAYwH,SAAS;AAEnD,QAAMxF,UAAUC,oBAAoB1C,KAAKiC,QAAQ;AACjD,QAAMU,WAAWC,YAAY5C,KAAKiC,UAAUQ,OAAO;AAEnD,QAAM,CAACI,eAAeC,WAAW,IAAI,MAAMhC,QAAQiC,IAAI,CACrDC,OAAOC,IAAI,mBAAmBN,QAAQ,GACtCK,OAAOC,IAAI,iBAAiBN,QAAQ,CAAmC,CACxE;AAED,QAAMoB,oBAAoBlB,eAAeC,WAAW;AAEpD,QAAMT,WAAW,IAAIkH,SAAAA,EAAWrL,SAAAA;AAChC,QAAMsL,MAAMC,KAAKD,IAAAA;AACjB,QAAME,YAAY,IAAID,KAAKD,MAAMG,iBAAiB;AAElD,QAAMd,YAAYnE,SAAS,OAAOkF,YAAY,EAAE,EAAE1L,SAAS,WAAW;AACtE,QAAMqH,eAAesD,YAAYgB,iBAAiBzK,OAAOC,KAAKwJ,SAAS,CAAC,IAAIlE;AAE5E,QAAM9B,cAAciH,OAAO;AAAA,IACzBxG,KAAKjB;AAAAA,IACL,GAAIqC,SAAS;AAAA,MAAEA;AAAAA,IAAAA,IAAW,CAAA;AAAA,IAC1B,GAAIa,eAAe;AAAA,MAAEA;AAAAA,IAAAA,IAAiB,CAAA;AAAA,IACtC/E;AAAAA,IACAlB;AAAAA,IACA,GAAI,OAAOgG,aAAa,YAAY;AAAA,MAAEA;AAAAA,IAAAA,IAAa,CAAA;AAAA,IACnD7E;AAAAA,IACAwH;AAAAA,IACArB;AAAAA,IACAxE,QAAQ;AAAA,IACR2H,WAAW,IAAIN,KAAKD,GAAG;AAAA,IACvBE;AAAAA,EAAAA,CACD;AAED,SAAO;AAAA,IACLtI,IAAI;AAAA,IACJiB;AAAAA,IACA4F;AAAAA,IACArB;AAAAA,IACA,GAAIiC,YAAY;AAAA,MAAEA;AAAAA,IAAAA,IAAc,CAAA;AAAA,EAAC;AAErC;AC5DO,MAAMmB,cAAqE,OAChFjB,SACA/I,QACkC;AAClC,QAAMiC,WAAWC,YAAYlC,GAAG;AAChC,MAAI,CAACiC,UAAU;AACbjC,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMY,WAAWC,OAAOtC,IAAIuC,IAAIC,QAAQH,YAAY,EAAE,EAAEnD,KAAAA;AACxD,QAAM+K,WAAW3H,OAAOtC,IAAIuC,IAAIC,QAAQmD,SAAS,EAAE,EAAEzG,KAAAA;AACrD,QAAMyG,QAAQoC,OAAOkC,QAAQ;AAE7B,MAAI,CAAC5H,YAAY,CAAC0F,OAAOC,UAAUrC,KAAK,KAAKA,QAAQ,GAAG;AACtD3F,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMgB,UAAUC,oBAAoB1C,KAAKiC,QAAQ;AACjD,QAAMU,WAAWC,YAAY5C,KAAKiC,UAAUQ,OAAO;AAEnD,QAAM,CAACI,eAAeC,WAAW,IAAI,MAAMhC,QAAQiC,IAAI,CACrDC,OAAOC,IAAI,mBAAmBN,QAAQ,GACtCK,OAAOC,IAAI,iBAAiBN,QAAQ,CAAmC,CACxE;AAED,MAAI,CAACF,QAAQS,IAAI,UAAU,iBAAiB,GAAG;AAC7ClD,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMgG,UAAU,MAAM5E,cAAcO,QAAQ;AAAA,IAAEC,MAAM,CAAC;AAAA,MAAEC,KAAKjB;AAAAA,IAAAA,GAAYkB,4BAA4Bd,SAAS,QAAQ,CAAC;AAAA,EAAA,CAAG,EAAEe,KAAAA;AAC3H,MAAI,CAACiE,SAAS;AACZzH,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,MAAIgG,QAAQrF,WAAW,aAAa;AAClCpC,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,MAAIkE,SAAS8B,QAAQb,aAAa;AAChC5G,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAM5C,OAAOqL,gBAAgBnB,OAAO;AACpC,MAAI,CAAClK,MAAM;AACTmB,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAM0I,eAAexE,UAAU8B,QAAQb,cAAc,IACjDa,QAAQhH,YAAYgH,QAAQQ,aAAaR,QAAQb,cAAc,KAC/Da,QAAQQ;AAEZ,MAAIpJ,KAAKC,SAASqL,cAAc;AAC9BnK,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,MAAI5C,KAAKC,WAAWqL,cAAc;AAChCnK,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEhB,IAAI;AAAA,MAAOK,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAM2I,iBAAiBpK,IAAIuC,IAAIU,IAAI,gBAAgB;AACnD,QAAMoH,SAASD,iBAAiBP,iBAAiBhL,IAAI,IAAI8F;AAEzD,MAAIyF,gBAAgB;AAClB,UAAME,iBAAiBC,mBAAmBH,cAAc;AACxD,QAAIC,WAAWC,gBAAgB;AAC7BtK,UAAImC,IAAIC,OAAO,GAAG;AAClB,aAAO;AAAA,QAAEhB,IAAI;AAAA,QAAOK,OAAO;AAAA,MAAA;AAAA,IAC7B;AAAA,EACF;AAEA,QAAMsC,oBAAoBlB,eAAeC,WAAW;AAEpD,QAAMA,YAAYsB,UAChB;AAAA,IAAE/B;AAAAA,IAAUsD;AAAAA,EAAAA,GACZ;AAAA,IACE/B,MAAM;AAAA,MACJvB;AAAAA,MACAsD;AAAAA,MACA9G;AAAAA,MACA2L,MAAM3L,KAAKC;AAAAA,MACXuL;AAAAA,MACAX,WAAWjC,QAAQiC;AAAAA,IAAAA;AAAAA,IAErBe,cAAc;AAAA,MACZV,+BAAeN,KAAAA;AAAAA,IAAK;AAAA,EACtB,GAEF;AAAA,IAAEiB,QAAQ;AAAA,EAAA,CACZ;AAEA1K,MAAImC,IAAIC,OAAO,GAAG;AAClB,SAAO;AAAA,IAAEhB,IAAI;AAAA,EAAA;AACf;AC7HO,MAAMuJ,gBAAgBA,CAAC;AAAA,EAC5BC;AAAAA,EACAC;AAIF,MAAM;AACJ,SAAO,CAACtI,KAAUJ,KAAU2I,SAAc;AACxC,UAAMC,cAAc,OAAOxI,KAAKyI,UAAU,cAAc,MAAM,WAC1D1I,OAAOC,IAAIyI,QAAQ,cAAc,CAAC,IAClC;AAEJ,QAAI,CAACD,YAAYE,SAAS,0BAA0B,GAAG;AACrDH,WAAAA;AACA;AAAA,IACF;AAEA,QAAII,QAAQ;AACZ,UAAMrF,SAAmB,CAAA;AACzB,QAAIsF,OAAO;AACX,QAAIC,SAAS;AACb,QAAIC,kBAAwD;AAE5D,UAAMC,qBAAqB,OAAOT,4BAA4B,YAAYA,0BAA0B,IAChGA,0BACA;AAEJ,UAAMtJ,UAAUA,MAAM;AACpBgB,UAAIb,IAAI,QAAQ6J,MAAM;AACtBhJ,UAAIb,IAAI,OAAO8J,KAAK;AACpBjJ,UAAIb,IAAI,SAASF,OAAO;AACxBe,UAAIb,IAAI,WAAW+J,SAAS;AAC5B,UAAIJ,iBAAiB;AACnBK,qBAAaL,eAAe;AAC5BA,0BAAkB;AAAA,MACpB;AAAA,IACF;AAEA,UAAMM,SAASA,CAAClK,UAAoB;AAClC,UAAI0J,KAAM;AACVA,aAAO;AAEP5J,cAAAA;AAEA,UAAIE,OAAO;AACTqJ,aAAKrJ,KAAK;AACV;AAAA,MACF;AAEAc,UAAIqJ,OAAOxM,OAAOkH,OAAOT,QAAQqF,KAAK;AACtCJ,WAAAA;AAAAA,IACF;AAEA,UAAMS,SAASA,CAACpK,UAAe;AAC7B,UAAIgK,KAAM;AACV,YAAMU,SAASzM,OAAO0M,SAAS3K,KAAK,IAAIA,QAAQ/B,OAAOC,KAAK8B,KAAK;AACjE+J,eAASW,OAAO/M;AAEhB,UAAIoM,QAAQN,YAAY;AACtBO,eAAO;AACP5J,gBAAAA;AACAgB,YAAIT,QAAAA;AACJK,YAAIC,OAAO,GAAG,EAAE2J,KAAK;AAAA,UAAE3K,IAAI;AAAA,UAAOK,OAAO;AAAA,QAAA,CAAmB;AAC5D;AAAA,MACF;AAEAoE,aAAOlF,KAAKkL,MAAM;AAElB,UAAI,CAACP,mBAAoB;AAEzB,YAAM9B,MAAMC,KAAKD,IAAAA;AACjB,YAAMwC,YAAYC,aAAa1J,GAAG;AAClC,YAAM2J,QAAQC,mBAAmBH,WAAWV,oBAAoB9B,GAAG;AACnE,YAAM4C,SAASC,kBAAkBH,OAAOL,OAAO/M,QAAQwM,oBAAoB9B,GAAG;AAE9E,UAAI4C,SAAS,KAAK,CAAChB,QAAQ;AACzBA,iBAAS;AACT7I,YAAI+J,MAAAA;AACJjB,0BAAkBkB,WAAW,MAAM;AACjClB,4BAAkB;AAClBD,mBAAS;AACT,cAAID,KAAM;AACV,cAAI;AACF5I,gBAAIiK,OAAAA;AAAAA,UACN,QAAQ;AAAA,UACN;AAAA,QAEJ,GAAGJ,MAAM;AAAA,MACX;AAAA,IACF;AAEA,UAAMZ,QAAQA,MAAMG,OAAAA;AACpB,UAAMnK,UAAUA,CAACiL,QAAiBd,OAAOc,GAAG;AAC5C,UAAMhB,YAAYA,MAAME,OAAO,IAAI5M,MAAM,iBAAiB,CAAC;AAE3DwD,QAAIZ,GAAG,QAAQ4J,MAAM;AACrBhJ,QAAIZ,GAAG,OAAO6J,KAAK;AACnBjJ,QAAIZ,GAAG,SAASH,OAAO;AACvBe,QAAIZ,GAAG,WAAW8J,SAAS;AAAA,EAC7B;AACF;AAQA,MAAMiB,oBAAoB;AAC1B,MAAMC,kBAAkB,KAAK,KAAK;AAElC,MAAMC,uCAAuBC,IAAAA;AAC7B,IAAIC,gBAAgB;AAEpB,MAAMb,eAAeA,CAAC1J,QAAqB;AACzC,QAAMwK,cAAc,OAAOxK,KAAKyK,aAAa,WAAWzK,IAAIyK,WAAW;AACvE,MAAID,YAAY7N,KAAAA,EAAQ,QAAO6N,YAAY7N,KAAAA;AAC3C,QAAM+N,QAAQ,OAAO1K,KAAK2K,OAAO,WAAW3K,IAAI2K,KAAK;AACrD,SAAOD,MAAM/N,UAAU;AACzB;AAEA,MAAMiO,qBAAqBA,CAAC3D,QAAgB;AAC1C,MAAIA,MAAMsD,gBAAgB,IAAQ;AAClCA,kBAAgBtD;AAEhB,MAAIoD,iBAAiBpC,OAAO,IAAM;AAElC,aAAW,CAAC4C,KAAKlB,KAAK,KAAKU,kBAAkB;AAC3C,QAAIpD,MAAM0C,MAAMmB,aAAaV,iBAAiB;AAC5CC,uBAAiBU,OAAOF,GAAG;AAAA,IAC7B;AAAA,EACF;AACF;AAEA,MAAMjB,qBAAqBA,CAACiB,KAAa9B,oBAA4B9B,QAAiC;AACpG2D,qBAAmB3D,GAAG;AAEtB,QAAM+D,WAAWjC,qBAAqBoB;AACtC,QAAMvJ,WAAWyJ,iBAAiB3J,IAAImK,GAAG;AACzC,MAAIjK,UAAU;AACZA,aAASkK,aAAa7D;AACtBrG,aAASqK,SAAS1N,KAAKuG,IAAIkH,UAAUpK,SAASqK,MAAM;AACpD,WAAOrK;AAAAA,EACT;AAEA,QAAM2H,OAAwB;AAAA,IAC5B0C,QAAQD;AAAAA,IACRE,cAAcjE;AAAAA,IACd6D,YAAY7D;AAAAA,EAAAA;AAEdoD,mBAAiBc,IAAIN,KAAKtC,IAAI;AAC9B,SAAOA;AACT;AAEA,MAAMuB,oBAAoBA,CACxBH,OACAyB,OACArC,oBACA9B,QACW;AACX,QAAM+D,WAAWjC,qBAAqBoB;AACtC,QAAMkB,YAAY9N,KAAKF,IAAI,GAAG4J,MAAM0C,MAAMuB,YAAY;AAEtD,MAAIG,YAAY,GAAG;AACjB1B,UAAMsB,SAAS1N,KAAKuG,IAAIkH,UAAUrB,MAAMsB,SAAUI,YAAYtC,qBAAsB,GAAI;AACxFY,UAAMuB,eAAejE;AAAAA,EACvB;AAEA0C,QAAMsB,UAAUG;AAEhB,MAAIzB,MAAMsB,UAAU,EAAG,QAAO;AAC9B,SAAO1N,KAAKwJ,KAAM,CAAC4C,MAAMsB,SAASlC,qBAAsB,GAAI;AAC9D;AChKA,MAAA,UAAe,CAACuC,QAA0B;AACxC,QAAMC,iBAAiBzE,kBAAAA;AACvBwE,MAAIE,IACF7E,WACAyB,cAAc;AAAA,IACZC,YAAYoD,qBAAqBF,cAAc;AAAA,IAC/CjD,yBAAyBoD,iCAAAA;AAAAA,EAAiC,CAC3D,CACH;AAEAJ,MAAIK,KAAKhF,WAAmBJ,UAAU;AACtC+E,MAAIM,IAAIjF,YAAoBc,WAAW;AACvC6D,MAAI5K,IAAIiG,aAAqB1B,SAAS;AACtCqG,MAAIK,KAAKhF,eAAuBnH,cAAc;AAChD;"}
package/dist/{handler--FFBJMl6.js → handler-TcIyb69f.js} RENAMED
@@ -20,9 +20,6 @@ object({
20
20
  }))
21
21
  });
22
22
  const getTenantId = (ctx) => {
23
- const raw = ctx.req.query?.["rb-tenant-id"];
24
- const queryTenantId = Array.isArray(raw) ? raw[0] : raw;
25
- if (typeof queryTenantId === "string" && queryTenantId.trim()) return queryTenantId.trim();
26
23
  const sessionTenantId = ctx.req.session?.user?.currentTenantId;
27
24
  if (typeof sessionTenantId === "string" && sessionTenantId.trim()) return sessionTenantId.trim();
28
25
  return null;
@@ -30,12 +27,9 @@ const getTenantId = (ctx) => {
30
27
  const ensureAuthorized = (ctx, tenantId) => {
31
28
  const userId = ctx.req.session?.user?.id;
32
29
  if (!userId) return null;
33
- const signedInTenants = ctx.req.session?.user?.signedInTenants;
34
30
  const currentTenantId = ctx.req.session?.user?.currentTenantId;
35
- const hasTenantAccessFromList = Array.isArray(signedInTenants) && signedInTenants.includes(tenantId);
36
31
  const normalizedCurrentTenantId = typeof currentTenantId === "string" ? currentTenantId.trim() : "";
37
- const hasTenantAccessFromCurrent = Boolean(normalizedCurrentTenantId) && normalizedCurrentTenantId === tenantId;
38
- if (!hasTenantAccessFromList && !hasTenantAccessFromCurrent) return null;
32
+ if (!normalizedCurrentTenantId || normalizedCurrentTenantId !== tenantId) return null;
39
33
  return userId;
40
34
  };
41
35
  const getModelCtx = (_ctx, tenantId) => ({
@@ -150,4 +144,4 @@ const handler = (api) => {
150
144
  export {
151
145
  handler as default
152
146
  };
153
- //# sourceMappingURL=handler--FFBJMl6.js.map
147
+ //# sourceMappingURL=handler-TcIyb69f.js.map
package/dist/handler-TcIyb69f.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"handler-TcIyb69f.js","sources":["../src/rts/api/changes/index.ts","../src/rts/api/changes/handler.ts"],"sourcesContent":["import { z } from \"zod\"\n\n\nexport const Route = \"/api/rb/rts/changes\"\n\nexport const requestSchema = z.object({\n sinceSeq: z.number().int().min(0).default(0),\n limit: z.number().int().min(1).max(5000).default(2000),\n modelNames: z.array(z.string().min(1)).optional(),\n})\n\nexport type RequestPayload = z.infer<typeof requestSchema>\n\nexport const responseSchema = z.object({\n ok: z.boolean(),\n needsFullResync: z.boolean().optional(),\n earliestSeq: z.number().int().min(0).optional(),\n latestSeq: z.number().int().min(0),\n changes: z.array(z.object({\n seq: z.number().int().min(1),\n modelName: z.string().min(1),\n op: z.enum([\"delete\", \"reset_model\"]),\n docId: z.string().optional(),\n })),\n})\n\nexport type ResponsePayload = z.infer<typeof responseSchema>\n\n","import { Api, ApiHandler, Ctx } from \"@rpcbase/api\"\nimport { models, ZRBRtsChangeOp, type IRBRtsChange, type IRBRtsCounter, type LoadModelCtx } from \"@rpcbase/db\"\nimport { buildAbilityFromSession, type AclSubjectType } from \"@rpcbase/db/acl\"\nimport type { Model } from \"mongoose\"\n\nimport * as Changes from \"./index\"\n\n\ntype SessionUser = {\n id?: string\n currentTenantId?: string\n signedInTenants?: string[]\n}\n\ntype RtsCounterDoc = IRBRtsCounter\ntype RtsChangeDoc = IRBRtsChange\n\nconst getTenantId = (ctx: Ctx<SessionUser>): string | null => {\n const sessionTenantId = ctx.req.session?.user?.currentTenantId\n if (typeof sessionTenantId === \"string\" && sessionTenantId.trim()) return sessionTenantId.trim()\n\n return null\n}\n\nconst ensureAuthorized = (ctx: Ctx<SessionUser>, tenantId: string): string | null => {\n const userId = ctx.req.session?.user?.id\n if (!userId) return null\n\n const currentTenantId = ctx.req.session?.user?.currentTenantId\n const normalizedCurrentTenantId = typeof currentTenantId === \"string\" ? currentTenantId.trim() : \"\"\n\n if (!normalizedCurrentTenantId || normalizedCurrentTenantId !== tenantId) return null\n return userId\n}\n\nconst getModelCtx = (_ctx: Ctx<SessionUser>, tenantId: string): LoadModelCtx => ({\n req: {\n session: {\n user: {\n currentTenantId: tenantId,\n },\n },\n },\n})\n\nconst isRtsChangeRecord = (value: unknown): value is RtsChangeDoc => {\n if (!value || typeof value !== \"object\") return false\n const obj = value as Partial<RtsChangeDoc>\n const isOp = ZRBRtsChangeOp.safeParse(obj.op).success\n return typeof obj.seq === \"number\" && typeof obj.modelName === \"string\" && isOp\n}\n\nconst changesHandler: ApiHandler<Changes.RequestPayload, Changes.ResponsePayload, SessionUser> = async(\n payload,\n ctx,\n): Promise<Changes.ResponsePayload> => {\n const parsed = Changes.requestSchema.safeParse(payload ?? {})\n if (!parsed.success) {\n ctx.res.status(400)\n return { ok: false, latestSeq: 0, changes: [] }\n }\n\n const tenantId = getTenantId(ctx)\n if (!tenantId) {\n ctx.res.status(400)\n return { ok: false, latestSeq: 0, changes: [] }\n }\n\n const userId = ensureAuthorized(ctx, tenantId)\n if (!userId) {\n ctx.res.status(401)\n return { ok: false, latestSeq: 0, changes: [] }\n }\n\n const ability = buildAbilityFromSession({ tenantId, session: ctx.req.session })\n\n const modelCtx = getModelCtx(ctx, tenantId)\n\n const [RtsChange, RtsCounter] = await Promise.all([\n models.get(\"RBRtsChange\", modelCtx) as Promise<Model<RtsChangeDoc>>,\n models.get(\"RBRtsCounter\", modelCtx) as Promise<Model<RtsCounterDoc>>,\n ])\n\n const counter = await RtsCounter.findOne({ _id: \"rts\" }, { seq: 1 }).lean()\n const latestSeq = Number(counter?.seq ?? 0) || 0\n\n const { sinceSeq, limit, modelNames } = parsed.data\n\n const requestedModelNames = Array.isArray(modelNames) && modelNames.length\n ? modelNames.map((m) => String(m)).filter(Boolean)\n : null\n\n const allowedModelNames = requestedModelNames\n ? requestedModelNames.filter((m) => ability.can(\"read\", m as AclSubjectType))\n : Array.from(\n new Set(\n (await RtsChange.distinct(\"modelName\"))\n .map((m) => String(m))\n .filter(Boolean)\n .filter((m) => ability.can(\"read\", m as AclSubjectType)),\n ),\n )\n\n let earliestSeq: number | undefined\n if (allowedModelNames.length) {\n const earliest = await RtsChange.findOne({ modelName: { $in: allowedModelNames } }, { seq: 1 }).sort({ seq: 1 }).lean()\n earliestSeq = earliest?.seq ? Number(earliest.seq) : undefined\n }\n\n const needsFullResync = typeof earliestSeq === \"number\" && sinceSeq < earliestSeq - 1\n\n const selector: Record<string, unknown> = { seq: { $gt: sinceSeq }, modelName: { $in: allowedModelNames } }\n\n const changes = await RtsChange\n .find(selector, { _id: 0, seq: 1, modelName: 1, op: 1, docId: 1 })\n .sort({ seq: 1 })\n .limit(limit)\n .lean()\n\n return {\n ok: true,\n needsFullResync: needsFullResync || undefined,\n earliestSeq,\n latestSeq,\n changes: Array.isArray(changes)\n ? changes\n .filter(isRtsChangeRecord)\n .filter((c) => ability.can(\"read\", c.modelName as AclSubjectType))\n .map((c) => ({\n seq: Number(c.seq),\n modelName: String(c.modelName),\n op: c.op,\n docId: c.docId ? String(c.docId) : undefined,\n }))\n : [],\n }\n}\n\nexport default (api: Api<SessionUser>) => {\n api.post(Changes.Route, changesHandler)\n}\n"],"names":["Route","requestSchema","z","sinceSeq","number","int","min","default","limit","max","modelNames","string","optional","ok","boolean","needsFullResync","earliestSeq","latestSeq","changes","seq","modelName","op","docId","getTenantId","ctx","sessionTenantId","req","session","user","currentTenantId","trim","ensureAuthorized","tenantId","userId","id","normalizedCurrentTenantId","getModelCtx","_ctx","isRtsChangeRecord","value","obj","isOp","ZRBRtsChangeOp","safeParse","success","changesHandler","payload","parsed","Changes","res","status","ability","buildAbilityFromSession","modelCtx","RtsChange","RtsCounter","Promise","all","models","get","counter","findOne","_id","lean","Number","data","requestedModelNames","Array","isArray","length","map","m","String","filter","Boolean","allowedModelNames","can","from","Set","distinct","earliest","$in","sort","undefined","selector","$gt","find","c","api","post"],"mappings":";;;AAGO,MAAMA,QAAQ;AAEd,MAAMC,gBAAgBC,OAAS;AAAA,EACpCC,UAAUD,OAAEE,EAASC,IAAAA,EAAMC,IAAI,CAAC,EAAEC,QAAQ,CAAC;AAAA,EAC3CC,OAAON,OAAEE,EAASC,IAAAA,EAAMC,IAAI,CAAC,EAAEG,IAAI,GAAI,EAAEF,QAAQ,GAAI;AAAA,EACrDG,YAAYR,MAAQA,OAAES,EAASL,IAAI,CAAC,CAAC,EAAEM,SAAAA;AACzC,CAAC;AAI6BV,OAAS;AAAA,EACrCW,IAAIX,QAAEY;AAAAA,EACNC,iBAAiBb,QAAEY,EAAUF,SAAAA;AAAAA,EAC7BI,aAAad,OAAEE,EAASC,MAAMC,IAAI,CAAC,EAAEM,SAAAA;AAAAA,EACrCK,WAAWf,OAAEE,EAASC,IAAAA,EAAMC,IAAI,CAAC;AAAA,EACjCY,SAAShB,MAAQA,OAAS;AAAA,IACxBiB,KAAKjB,OAAEE,EAASC,IAAAA,EAAMC,IAAI,CAAC;AAAA,IAC3Bc,WAAWlB,OAAES,EAASL,IAAI,CAAC;AAAA,IAC3Be,IAAInB,MAAO,CAAC,UAAU,aAAa,CAAC;AAAA,IACpCoB,OAAOpB,OAAES,EAASC,SAAAA;AAAAA,EAAS,CAC5B,CAAC;AACJ,CAAC;ACPD,MAAMW,cAAcA,CAACC,QAAyC;AAC5D,QAAMC,kBAAkBD,IAAIE,IAAIC,SAASC,MAAMC;AAC/C,MAAI,OAAOJ,oBAAoB,YAAYA,gBAAgBK,OAAQ,QAAOL,gBAAgBK,KAAAA;AAE1F,SAAO;AACT;AAEA,MAAMC,mBAAmBA,CAACP,KAAuBQ,aAAoC;AACnF,QAAMC,SAAST,IAAIE,IAAIC,SAASC,MAAMM;AACtC,MAAI,CAACD,OAAQ,QAAO;AAEpB,QAAMJ,kBAAkBL,IAAIE,IAAIC,SAASC,MAAMC;AAC/C,QAAMM,4BAA4B,OAAON,oBAAoB,WAAWA,gBAAgBC,SAAS;AAEjG,MAAI,CAACK,6BAA6BA,8BAA8BH,SAAU,QAAO;AACjF,SAAOC;AACT;AAEA,MAAMG,cAAcA,CAACC,MAAwBL,cAAoC;AAAA,EAC/EN,KAAK;AAAA,IACHC,SAAS;AAAA,MACPC,MAAM;AAAA,QACJC,iBAAiBG;AAAAA,MAAAA;AAAAA,IACnB;AAAA,EACF;AAEJ;AAEA,MAAMM,oBAAoBA,CAACC,UAA0C;AACnE,MAAI,CAACA,SAAS,OAAOA,UAAU,SAAU,QAAO;AAChD,QAAMC,MAAMD;AACZ,QAAME,OAAOC,eAAeC,UAAUH,IAAInB,EAAE,EAAEuB;AAC9C,SAAO,OAAOJ,IAAIrB,QAAQ,YAAY,OAAOqB,IAAIpB,cAAc,YAAYqB;AAC7E;AAEA,MAAMI,iBAA2F,OAC/FC,SACAtB,QACqC;AACrC,QAAMuB,SAASC,cAAsBL,UAAUG,WAAW,CAAA,CAAE;AAC5D,MAAI,CAACC,OAAOH,SAAS;AACnBpB,QAAIyB,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAErC,IAAI;AAAA,MAAOI,WAAW;AAAA,MAAGC,SAAS,CAAA;AAAA,IAAA;AAAA,EAC7C;AAEA,QAAMc,WAAWT,YAAYC,GAAG;AAChC,MAAI,CAACQ,UAAU;AACbR,QAAIyB,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAErC,IAAI;AAAA,MAAOI,WAAW;AAAA,MAAGC,SAAS,CAAA;AAAA,IAAA;AAAA,EAC7C;AAEA,QAAMe,SAASF,iBAAiBP,KAAKQ,QAAQ;AAC7C,MAAI,CAACC,QAAQ;AACXT,QAAIyB,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAErC,IAAI;AAAA,MAAOI,WAAW;AAAA,MAAGC,SAAS,CAAA;AAAA,IAAA;AAAA,EAC7C;AAEA,QAAMiC,UAAUC,wBAAwB;AAAA,IAAEpB;AAAAA,IAAUL,SAASH,IAAIE,IAAIC;AAAAA,EAAAA,CAAS;AAE9E,QAAM0B,WAAWjB,YAAYZ,KAAKQ,QAAQ;AAE1C,QAAM,CAACsB,WAAWC,UAAU,IAAI,MAAMC,QAAQC,IAAI,CAChDC,OAAOC,IAAI,eAAeN,QAAQ,GAClCK,OAAOC,IAAI,gBAAgBN,QAAQ,CAAkC,CACtE;AAED,QAAMO,UAAU,MAAML,WAAWM,QAAQ;AAAA,IAAEC,KAAK;AAAA,EAAA,GAAS;AAAA,IAAE3C,KAAK;AAAA,EAAA,CAAG,EAAE4C,KAAAA;AACrE,QAAM9C,YAAY+C,OAAOJ,SAASzC,OAAO,CAAC,KAAK;AAE/C,QAAM;AAAA,IAAEhB;AAAAA,IAAUK;AAAAA,IAAOE;AAAAA,EAAAA,IAAeqC,OAAOkB;AAE/C,QAAMC,sBAAsBC,MAAMC,QAAQ1D,UAAU,KAAKA,WAAW2D,SAChE3D,WAAW4D,IAAKC,CAAAA,MAAMC,OAAOD,CAAC,CAAC,EAAEE,OAAOC,OAAO,IAC/C;AAEJ,QAAMC,oBAAoBT,sBACtBA,oBAAoBO,OAAQF,CAAAA,MAAMpB,QAAQyB,IAAI,QAAQL,CAAmB,CAAC,IAC1EJ,MAAMU,KACN,IAAIC,KACD,MAAMxB,UAAUyB,SAAS,WAAW,GAClCT,IAAKC,CAAAA,MAAMC,OAAOD,CAAC,CAAC,EACpBE,OAAOC,OAAO,EACdD,OAAQF,OAAMpB,QAAQyB,IAAI,QAAQL,CAAmB,CAAC,CAC3D,CACF;AAEF,MAAIvD;AACJ,MAAI2D,kBAAkBN,QAAQ;AAC5B,UAAMW,WAAW,MAAM1B,UAAUO,QAAQ;AAAA,MAAEzC,WAAW;AAAA,QAAE6D,KAAKN;AAAAA,MAAAA;AAAAA,IAAkB,GAAK;AAAA,MAAExD,KAAK;AAAA,IAAA,CAAG,EAAE+D,KAAK;AAAA,MAAE/D,KAAK;AAAA,IAAA,CAAG,EAAE4C,KAAAA;AACjH/C,kBAAcgE,UAAU7D,MAAM6C,OAAOgB,SAAS7D,GAAG,IAAIgE;AAAAA,EACvD;AAEA,QAAMpE,kBAAkB,OAAOC,gBAAgB,YAAYb,WAAWa,cAAc;AAEpF,QAAMoE,WAAoC;AAAA,IAAEjE,KAAK;AAAA,MAAEkE,KAAKlF;AAAAA,IAAAA;AAAAA,IAAYiB,WAAW;AAAA,MAAE6D,KAAKN;AAAAA,IAAAA;AAAAA,EAAkB;AAExG,QAAMzD,UAAU,MAAMoC,UACnBgC,KAAKF,UAAU;AAAA,IAAEtB,KAAK;AAAA,IAAG3C,KAAK;AAAA,IAAGC,WAAW;AAAA,IAAGC,IAAI;AAAA,IAAGC,OAAO;AAAA,EAAA,CAAG,EAChE4D,KAAK;AAAA,IAAE/D,KAAK;AAAA,EAAA,CAAG,EACfX,MAAMA,KAAK,EACXuD,KAAAA;AAEH,SAAO;AAAA,IACLlD,IAAI;AAAA,IACJE,iBAAiBA,mBAAmBoE;AAAAA,IACpCnE;AAAAA,IACAC;AAAAA,IACAC,SAASiD,MAAMC,QAAQlD,OAAO,IAC1BA,QACCuD,OAAOnC,iBAAiB,EACxBmC,OAAQc,CAAAA,MAAMpC,QAAQyB,IAAI,QAAQW,EAAEnE,SAA2B,CAAC,EAChEkD,IAAKiB,CAAAA,OAAO;AAAA,MACXpE,KAAK6C,OAAOuB,EAAEpE,GAAG;AAAA,MACjBC,WAAWoD,OAAOe,EAAEnE,SAAS;AAAA,MAC7BC,IAAIkE,EAAElE;AAAAA,MACNC,OAAOiE,EAAEjE,QAAQkD,OAAOe,EAAEjE,KAAK,IAAI6D;AAAAA,IAAAA,EACnC,IACF,CAAA;AAAA,EAAA;AAER;AAEA,MAAA,UAAe,CAACK,QAA0B;AACxCA,MAAIC,KAAKzC,OAAeH,cAAc;AACxC;"}
package/dist/{handler-COnCnprN.js → handler-V5AVyt5y.js} RENAMED
@@ -1,6 +1,6 @@
1
1
  import { getTenantFilesystemDb } from "@rpcbase/db";
2
2
  import { ObjectId, GridFSBucket } from "mongodb";
3
- import { g as getTenantId, c as getBucketName, f as getUserId, m as getUploadKeyHash } from "./shared-nE84Or5W.js";
3
+ import { g as getTenantId, c as getBucketName, f as getUserId, m as getUploadKeyHash } from "./shared-xNnTJqaH.js";
4
4
  const resolveHeaderString$1 = (value) => {
5
5
  if (typeof value !== "string") return null;
6
6
  const normalized = value.trim();
@@ -200,4 +200,4 @@ const handler = (api) => {
200
200
  export {
201
201
  handler as default
202
202
  };
203
- //# sourceMappingURL=handler-COnCnprN.js.map
203
+ //# sourceMappingURL=handler-V5AVyt5y.js.map
package/dist/{handler-COnCnprN.js.map → handler-V5AVyt5y.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"handler-COnCnprN.js","sources":["../src/uploads/api/files/handlers/deleteFile.ts","../src/uploads/api/files/handlers/getFile.ts","../src/uploads/api/files/index.ts","../src/uploads/api/files/handler.ts"],"sourcesContent":["import { ApiHandler } from \"@rpcbase/api\"\nimport { getTenantFilesystemDb } from \"@rpcbase/db\"\nimport { GridFSBucket, ObjectId } from \"mongodb\"\n\nimport { getBucketName, getTenantId, getUploadKeyHash, getUserId, type SessionUser } from \"../../file-uploads/shared\"\n\n\ntype DeleteResponsePayload = {\n ok: boolean\n error?: string\n}\n\nconst resolveHeaderString = (value: unknown): string | null => {\n if (typeof value !== \"string\") return null\n const normalized = value.trim()\n return normalized ? normalized : null\n}\n\nexport const deleteFile: ApiHandler<Record<string, never>, DeleteResponsePayload, SessionUser> = async (\n _payload,\n ctx,\n): Promise<DeleteResponsePayload> => {\n const tenantId = getTenantId(ctx)\n if (!tenantId) {\n ctx.res.status(400)\n return { ok: false, error: \"tenant_missing\" }\n }\n\n const fileIdRaw = String(ctx.req.params?.fileId ?? \"\").trim()\n let fileObjectId: ObjectId\n try {\n fileObjectId = new ObjectId(fileIdRaw)\n } catch {\n ctx.res.status(400)\n return { ok: false, error: \"invalid_file_id\" }\n }\n\n const fsDb = await getTenantFilesystemDb(tenantId)\n const nativeDb = fsDb.db\n if (!nativeDb) {\n ctx.res.status(500)\n return { ok: false, error: \"filesystem_db_unavailable\" }\n }\n\n const bucketName = getBucketName()\n const bucket = new GridFSBucket(nativeDb, { bucketName })\n\n const userId = getUserId(ctx)\n const uploadKeyHash = getUploadKeyHash(ctx)\n if (!userId && !uploadKeyHash) {\n ctx.res.status(401)\n return { ok: false, error: \"unauthorized\" }\n }\n\n const [file] = await bucket.find({ _id: fileObjectId }).limit(1).toArray()\n if (!file) {\n ctx.res.status(204)\n return { ok: true }\n }\n\n const metadataUserId = resolveHeaderString((file as any)?.metadata?.userId)\n const ownerKeyHash = resolveHeaderString((file as any)?.metadata?.ownerKeyHash)\n\n const authorizedByUser = Boolean(userId && metadataUserId && userId === metadataUserId)\n const authorizedByKey = Boolean(uploadKeyHash && ownerKeyHash && uploadKeyHash === ownerKeyHash)\n\n if (!authorizedByUser && !authorizedByKey) {\n ctx.res.status(401)\n return { ok: false, error: \"unauthorized\" }\n }\n\n try {\n await bucket.delete(fileObjectId)\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error)\n if (!message.includes(\"FileNotFound\")) {\n ctx.res.status(500)\n return { ok: false, error: \"delete_failed\" }\n }\n }\n\n ctx.res.status(204)\n return { ok: true }\n}\n","import { ApiHandler } from \"@rpcbase/api\"\nimport { getTenantFilesystemDb } from \"@rpcbase/db\"\nimport { GridFSBucket, ObjectId } from \"mongodb\"\n\nimport { getBucketName, getTenantId, getUploadKeyHash, getUserId, type SessionUser } from \"../../file-uploads/shared\"\n\n\nconst resolveHeaderString = (value: unknown): string | null => {\n if (typeof value !== \"string\") return null\n const normalized = value.trim()\n return normalized ? normalized : null\n}\n\nconst resolveHeaderBoolean = (value: unknown): boolean | null => {\n if (typeof value === \"boolean\") return value\n if (typeof value !== \"string\") return null\n const normalized = value.trim().toLowerCase()\n if (!normalized) return null\n if (normalized === \"true\") return true\n if (normalized === \"false\") return false\n return null\n}\n\nconst escapeHeaderFilename = (filename: string): string => filename.replace(/[\\\\\"]/g, \"_\")\n\nexport const getFile: ApiHandler<Record<string, never>, Record<string, never>, SessionUser> = async (\n _payload,\n ctx,\n): Promise<Record<string, never>> => {\n const tenantId = getTenantId(ctx)\n if (!tenantId) {\n ctx.res.status(400).end()\n return {}\n }\n\n const fileIdRaw = String(ctx.req.params?.fileId ?? \"\").trim()\n let fileObjectId: ObjectId\n try {\n fileObjectId = new ObjectId(fileIdRaw)\n } catch {\n ctx.res.status(400).end()\n return {}\n }\n\n const fsDb = await getTenantFilesystemDb(tenantId)\n const nativeDb = fsDb.db\n if (!nativeDb) {\n ctx.res.status(500).end()\n return {}\n }\n\n const bucketName = getBucketName()\n const bucket = new GridFSBucket(nativeDb, { bucketName })\n\n const [file] = await bucket.find({ _id: fileObjectId }).limit(1).toArray()\n if (!file) {\n ctx.res.status(404).end()\n return {}\n }\n\n const isPublic = resolveHeaderBoolean((file as any)?.metadata?.isPublic) ?? false\n if (!isPublic) {\n const userId = getUserId(ctx)\n const uploadKeyHash = getUploadKeyHash(ctx)\n const metadataUserId = resolveHeaderString((file as any)?.metadata?.userId)\n const ownerKeyHash = resolveHeaderString((file as any)?.metadata?.ownerKeyHash)\n\n const authorizedByUser = Boolean(userId && metadataUserId && userId === metadataUserId)\n const authorizedByKey = Boolean(uploadKeyHash && ownerKeyHash && uploadKeyHash === ownerKeyHash)\n\n if (!authorizedByUser && !authorizedByKey) {\n ctx.res.status(401).end()\n return {}\n }\n }\n\n const mimeTypeFromMetadata = resolveHeaderString((file as any)?.metadata?.mimeType)\n const mimeType = mimeTypeFromMetadata ?? \"application/octet-stream\"\n const filenameFromDb = resolveHeaderString((file as any)?.filename)\n const filename = filenameFromDb ?? fileIdRaw\n const filenameSafe = escapeHeaderFilename(filename)\n\n const cacheControl = \"private, max-age=0, must-revalidate\"\n const md5 = resolveHeaderString((file as any)?.md5)\n const uploadDate = (file as any)?.uploadDate instanceof Date ? (file as any).uploadDate : null\n const etagValue = md5 ?? `${fileObjectId.toHexString()}-${String((file as any)?.length ?? 0)}-${String(uploadDate?.getTime() ?? 0)}`\n const etag = md5 ? `\"${etagValue}\"` : `W/\"${etagValue}\"`\n const ifNoneMatch = resolveHeaderString((ctx.req.headers as any)?.[\"if-none-match\"])\n if (ifNoneMatch) {\n const candidates = ifNoneMatch.split(\",\").map((value) => value.trim()).filter(Boolean)\n if (candidates.includes(\"*\") || candidates.includes(etag)) {\n ctx.res.status(304)\n ctx.res.setHeader(\"Cache-Control\", cacheControl)\n ctx.res.setHeader(\"ETag\", etag)\n ctx.res.end()\n return {}\n }\n }\n\n ctx.res.status(200)\n ctx.res.setHeader(\"Content-Type\", mimeType)\n ctx.res.setHeader(\"Content-Length\", String((file as any)?.length ?? 0))\n ctx.res.setHeader(\"Content-Disposition\", `inline; filename=\"${filenameSafe}\"`)\n ctx.res.setHeader(\"Cache-Control\", cacheControl)\n ctx.res.setHeader(\"ETag\", etag)\n ctx.res.setHeader(\"X-Content-Type-Options\", \"nosniff\")\n if (mimeType === \"image/svg+xml\") {\n ctx.res.setHeader(\n \"Content-Security-Policy\",\n \"default-src 'none'; style-src 'unsafe-inline'; sandbox; base-uri 'none'; form-action 'none'\",\n )\n }\n ctx.res.flushHeaders()\n\n if (ctx.req.method === \"HEAD\") {\n ctx.res.end()\n return {}\n }\n\n const stream = bucket.openDownloadStream(fileObjectId)\n\n stream.on(\"error\", () => {\n try {\n ctx.res.destroy()\n } catch {\n //\n }\n })\n\n stream.pipe(ctx.res)\n return {}\n}\n","export const Route = \"/api/rb/files/:fileId\"\n\nexport const GetRoute = Route\nexport const DeleteRoute = Route\n","import { Api } from \"@rpcbase/api\"\n\nimport { deleteFile } from \"./handlers/deleteFile\"\nimport { getFile } from \"./handlers/getFile\"\n\nimport * as Files from \"./index\"\n\n\nexport default (api: Api) => {\n api.get(Files.GetRoute, getFile)\n api.delete(Files.DeleteRoute, deleteFile)\n}\n"],"names":["resolveHeaderString","value","normalized","trim","deleteFile","_payload","ctx","tenantId","getTenantId","res","status","ok","error","fileIdRaw","String","req","params","fileId","fileObjectId","ObjectId","fsDb","getTenantFilesystemDb","nativeDb","db","bucketName","getBucketName","bucket","GridFSBucket","userId","getUserId","uploadKeyHash","getUploadKeyHash","file","find","_id","limit","toArray","metadataUserId","metadata","ownerKeyHash","authorizedByUser","Boolean","authorizedByKey","delete","message","Error","includes","resolveHeaderBoolean","toLowerCase","escapeHeaderFilename","filename","replace","getFile","end","isPublic","mimeTypeFromMetadata","mimeType","filenameFromDb","filenameSafe","cacheControl","md5","uploadDate","Date","etagValue","toHexString","length","getTime","etag","ifNoneMatch","headers","candidates","split","map","filter","setHeader","flushHeaders","method","stream","openDownloadStream","on","destroy","pipe","Route","GetRoute","DeleteRoute","api","get","Files"],"mappings":";;;AAYA,MAAMA,wBAAsBA,CAACC,UAAkC;AAC7D,MAAI,OAAOA,UAAU,SAAU,QAAO;AACtC,QAAMC,aAAaD,MAAME,KAAAA;AACzB,SAAOD,aAAaA,aAAa;AACnC;AAEO,MAAME,aAAoF,OAC/FC,UACAC,QACmC;AACnC,QAAMC,WAAWC,YAAYF,GAAG;AAChC,MAAI,CAACC,UAAU;AACbD,QAAIG,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEC,IAAI;AAAA,MAAOC,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMC,YAAYC,OAAOR,IAAIS,IAAIC,QAAQC,UAAU,EAAE,EAAEd,KAAAA;AACvD,MAAIe;AACJ,MAAI;AACFA,mBAAe,IAAIC,SAASN,SAAS;AAAA,EACvC,QAAQ;AACNP,QAAIG,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEC,IAAI;AAAA,MAAOC,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMQ,OAAO,MAAMC,sBAAsBd,QAAQ;AACjD,QAAMe,WAAWF,KAAKG;AACtB,MAAI,CAACD,UAAU;AACbhB,QAAIG,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEC,IAAI;AAAA,MAAOC,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMY,aAAaC,cAAAA;AACnB,QAAMC,SAAS,IAAIC,aAAaL,UAAU;AAAA,IAAEE;AAAAA,EAAAA,CAAY;AAExD,QAAMI,SAASC,UAAUvB,GAAG;AAC5B,QAAMwB,gBAAgBC,iBAAiBzB,GAAG;AAC1C,MAAI,CAACsB,UAAU,CAACE,eAAe;AAC7BxB,QAAIG,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEC,IAAI;AAAA,MAAOC,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAM,CAACoB,IAAI,IAAI,MAAMN,OAAOO,KAAK;AAAA,IAAEC,KAAKhB;AAAAA,EAAAA,CAAc,EAAEiB,MAAM,CAAC,EAAEC,QAAAA;AACjE,MAAI,CAACJ,MAAM;AACT1B,QAAIG,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEC,IAAI;AAAA,IAAA;AAAA,EACf;AAEA,QAAM0B,iBAAiBrC,sBAAqBgC,MAAcM,UAAUV,MAAM;AAC1E,QAAMW,eAAevC,sBAAqBgC,MAAcM,UAAUC,YAAY;AAE9E,QAAMC,mBAAmBC,QAAQb,UAAUS,kBAAkBT,WAAWS,cAAc;AACtF,QAAMK,kBAAkBD,QAAQX,iBAAiBS,gBAAgBT,kBAAkBS,YAAY;AAE/F,MAAI,CAACC,oBAAoB,CAACE,iBAAiB;AACzCpC,QAAIG,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEC,IAAI;AAAA,MAAOC,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,MAAI;AACF,UAAMc,OAAOiB,OAAOzB,YAAY;AAAA,EAClC,SAASN,OAAO;AACd,UAAMgC,UAAUhC,iBAAiBiC,QAAQjC,MAAMgC,UAAU9B,OAAOF,KAAK;AACrE,QAAI,CAACgC,QAAQE,SAAS,cAAc,GAAG;AACrCxC,UAAIG,IAAIC,OAAO,GAAG;AAClB,aAAO;AAAA,QAAEC,IAAI;AAAA,QAAOC,OAAO;AAAA,MAAA;AAAA,IAC7B;AAAA,EACF;AAEAN,MAAIG,IAAIC,OAAO,GAAG;AAClB,SAAO;AAAA,IAAEC,IAAI;AAAA,EAAA;AACf;AC5EA,MAAMX,sBAAsBA,CAACC,UAAkC;AAC7D,MAAI,OAAOA,UAAU,SAAU,QAAO;AACtC,QAAMC,aAAaD,MAAME,KAAAA;AACzB,SAAOD,aAAaA,aAAa;AACnC;AAEA,MAAM6C,uBAAuBA,CAAC9C,UAAmC;AAC/D,MAAI,OAAOA,UAAU,UAAW,QAAOA;AACvC,MAAI,OAAOA,UAAU,SAAU,QAAO;AACtC,QAAMC,aAAaD,MAAME,KAAAA,EAAO6C,YAAAA;AAChC,MAAI,CAAC9C,WAAY,QAAO;AACxB,MAAIA,eAAe,OAAQ,QAAO;AAClC,MAAIA,eAAe,QAAS,QAAO;AACnC,SAAO;AACT;AAEA,MAAM+C,uBAAuBA,CAACC,aAA6BA,SAASC,QAAQ,UAAU,GAAG;AAElF,MAAMC,UAAiF,OAC5F/C,UACAC,QACmC;AACnC,QAAMC,WAAWC,YAAYF,GAAG;AAChC,MAAI,CAACC,UAAU;AACbD,QAAIG,IAAIC,OAAO,GAAG,EAAE2C,IAAAA;AACpB,WAAO,CAAA;AAAA,EACT;AAEA,QAAMxC,YAAYC,OAAOR,IAAIS,IAAIC,QAAQC,UAAU,EAAE,EAAEd,KAAAA;AACvD,MAAIe;AACJ,MAAI;AACFA,mBAAe,IAAIC,SAASN,SAAS;AAAA,EACvC,QAAQ;AACNP,QAAIG,IAAIC,OAAO,GAAG,EAAE2C,IAAAA;AACpB,WAAO,CAAA;AAAA,EACT;AAEA,QAAMjC,OAAO,MAAMC,sBAAsBd,QAAQ;AACjD,QAAMe,WAAWF,KAAKG;AACtB,MAAI,CAACD,UAAU;AACbhB,QAAIG,IAAIC,OAAO,GAAG,EAAE2C,IAAAA;AACpB,WAAO,CAAA;AAAA,EACT;AAEA,QAAM7B,aAAaC,cAAAA;AACnB,QAAMC,SAAS,IAAIC,aAAaL,UAAU;AAAA,IAAEE;AAAAA,EAAAA,CAAY;AAExD,QAAM,CAACQ,IAAI,IAAI,MAAMN,OAAOO,KAAK;AAAA,IAAEC,KAAKhB;AAAAA,EAAAA,CAAc,EAAEiB,MAAM,CAAC,EAAEC,QAAAA;AACjE,MAAI,CAACJ,MAAM;AACT1B,QAAIG,IAAIC,OAAO,GAAG,EAAE2C,IAAAA;AACpB,WAAO,CAAA;AAAA,EACT;AAEA,QAAMC,WAAWP,qBAAsBf,MAAcM,UAAUgB,QAAQ,KAAK;AAC5E,MAAI,CAACA,UAAU;AACb,UAAM1B,SAASC,UAAUvB,GAAG;AAC5B,UAAMwB,gBAAgBC,iBAAiBzB,GAAG;AAC1C,UAAM+B,iBAAiBrC,oBAAqBgC,MAAcM,UAAUV,MAAM;AAC1E,UAAMW,eAAevC,oBAAqBgC,MAAcM,UAAUC,YAAY;AAE9E,UAAMC,mBAAmBC,QAAQb,UAAUS,kBAAkBT,WAAWS,cAAc;AACtF,UAAMK,kBAAkBD,QAAQX,iBAAiBS,gBAAgBT,kBAAkBS,YAAY;AAE/F,QAAI,CAACC,oBAAoB,CAACE,iBAAiB;AACzCpC,UAAIG,IAAIC,OAAO,GAAG,EAAE2C,IAAAA;AACpB,aAAO,CAAA;AAAA,IACT;AAAA,EACF;AAEA,QAAME,uBAAuBvD,oBAAqBgC,MAAcM,UAAUkB,QAAQ;AAClF,QAAMA,WAAWD,wBAAwB;AACzC,QAAME,iBAAiBzD,oBAAqBgC,MAAckB,QAAQ;AAClE,QAAMA,WAAWO,kBAAkB5C;AACnC,QAAM6C,eAAeT,qBAAqBC,QAAQ;AAElD,QAAMS,eAAe;AACrB,QAAMC,MAAM5D,oBAAqBgC,MAAc4B,GAAG;AAClD,QAAMC,aAAc7B,MAAc6B,sBAAsBC,OAAQ9B,KAAa6B,aAAa;AAC1F,QAAME,YAAYH,OAAO,GAAG1C,aAAa8C,YAAAA,CAAa,IAAIlD,OAAQkB,MAAciC,UAAU,CAAC,CAAC,IAAInD,OAAO+C,YAAYK,QAAAA,KAAa,CAAC,CAAC;AAClI,QAAMC,OAAOP,MAAM,IAAIG,SAAS,MAAM,MAAMA,SAAS;AACrD,QAAMK,cAAcpE,oBAAqBM,IAAIS,IAAIsD,UAAkB,eAAe,CAAC;AACnF,MAAID,aAAa;AACf,UAAME,aAAaF,YAAYG,MAAM,GAAG,EAAEC,IAAKvE,CAAAA,UAAUA,MAAME,KAAAA,CAAM,EAAEsE,OAAOhC,OAAO;AACrF,QAAI6B,WAAWxB,SAAS,GAAG,KAAKwB,WAAWxB,SAASqB,IAAI,GAAG;AACzD7D,UAAIG,IAAIC,OAAO,GAAG;AAClBJ,UAAIG,IAAIiE,UAAU,iBAAiBf,YAAY;AAC/CrD,UAAIG,IAAIiE,UAAU,QAAQP,IAAI;AAC9B7D,UAAIG,IAAI4C,IAAAA;AACR,aAAO,CAAA;AAAA,IACT;AAAA,EACF;AAEA/C,MAAIG,IAAIC,OAAO,GAAG;AAClBJ,MAAIG,IAAIiE,UAAU,gBAAgBlB,QAAQ;AAC1ClD,MAAIG,IAAIiE,UAAU,kBAAkB5D,OAAQkB,MAAciC,UAAU,CAAC,CAAC;AACtE3D,MAAIG,IAAIiE,UAAU,uBAAuB,qBAAqBhB,YAAY,GAAG;AAC7EpD,MAAIG,IAAIiE,UAAU,iBAAiBf,YAAY;AAC/CrD,MAAIG,IAAIiE,UAAU,QAAQP,IAAI;AAC9B7D,MAAIG,IAAIiE,UAAU,0BAA0B,SAAS;AACrD,MAAIlB,aAAa,iBAAiB;AAChClD,QAAIG,IAAIiE,UACN,2BACA,6FACF;AAAA,EACF;AACApE,MAAIG,IAAIkE,aAAAA;AAER,MAAIrE,IAAIS,IAAI6D,WAAW,QAAQ;AAC7BtE,QAAIG,IAAI4C,IAAAA;AACR,WAAO,CAAA;AAAA,EACT;AAEA,QAAMwB,SAASnD,OAAOoD,mBAAmB5D,YAAY;AAErD2D,SAAOE,GAAG,SAAS,MAAM;AACvB,QAAI;AACFzE,UAAIG,IAAIuE,QAAAA;AAAAA,IACV,QAAQ;AAAA,IACN;AAAA,EAEJ,CAAC;AAEDH,SAAOI,KAAK3E,IAAIG,GAAG;AACnB,SAAO,CAAA;AACT;ACnIO,MAAMyE,QAAQ;AAEd,MAAMC,WAAWD;AACjB,MAAME,cAAcF;ACK3B,MAAA,UAAe,CAACG,QAAa;AAC3BA,MAAIC,IAAIC,UAAgBnC,OAAO;AAC/BiC,MAAI1C,OAAO4C,aAAmBnF,UAAU;AAC1C;"}
1
+ {"version":3,"file":"handler-V5AVyt5y.js","sources":["../src/uploads/api/files/handlers/deleteFile.ts","../src/uploads/api/files/handlers/getFile.ts","../src/uploads/api/files/index.ts","../src/uploads/api/files/handler.ts"],"sourcesContent":["import { ApiHandler } from \"@rpcbase/api\"\nimport { getTenantFilesystemDb } from \"@rpcbase/db\"\nimport { GridFSBucket, ObjectId } from \"mongodb\"\n\nimport { getBucketName, getTenantId, getUploadKeyHash, getUserId, type SessionUser } from \"../../file-uploads/shared\"\n\n\ntype DeleteResponsePayload = {\n ok: boolean\n error?: string\n}\n\nconst resolveHeaderString = (value: unknown): string | null => {\n if (typeof value !== \"string\") return null\n const normalized = value.trim()\n return normalized ? normalized : null\n}\n\nexport const deleteFile: ApiHandler<Record<string, never>, DeleteResponsePayload, SessionUser> = async (\n _payload,\n ctx,\n): Promise<DeleteResponsePayload> => {\n const tenantId = getTenantId(ctx)\n if (!tenantId) {\n ctx.res.status(400)\n return { ok: false, error: \"tenant_missing\" }\n }\n\n const fileIdRaw = String(ctx.req.params?.fileId ?? \"\").trim()\n let fileObjectId: ObjectId\n try {\n fileObjectId = new ObjectId(fileIdRaw)\n } catch {\n ctx.res.status(400)\n return { ok: false, error: \"invalid_file_id\" }\n }\n\n const fsDb = await getTenantFilesystemDb(tenantId)\n const nativeDb = fsDb.db\n if (!nativeDb) {\n ctx.res.status(500)\n return { ok: false, error: \"filesystem_db_unavailable\" }\n }\n\n const bucketName = getBucketName()\n const bucket = new GridFSBucket(nativeDb, { bucketName })\n\n const userId = getUserId(ctx)\n const uploadKeyHash = getUploadKeyHash(ctx)\n if (!userId && !uploadKeyHash) {\n ctx.res.status(401)\n return { ok: false, error: \"unauthorized\" }\n }\n\n const [file] = await bucket.find({ _id: fileObjectId }).limit(1).toArray()\n if (!file) {\n ctx.res.status(204)\n return { ok: true }\n }\n\n const metadataUserId = resolveHeaderString((file as any)?.metadata?.userId)\n const ownerKeyHash = resolveHeaderString((file as any)?.metadata?.ownerKeyHash)\n\n const authorizedByUser = Boolean(userId && metadataUserId && userId === metadataUserId)\n const authorizedByKey = Boolean(uploadKeyHash && ownerKeyHash && uploadKeyHash === ownerKeyHash)\n\n if (!authorizedByUser && !authorizedByKey) {\n ctx.res.status(401)\n return { ok: false, error: \"unauthorized\" }\n }\n\n try {\n await bucket.delete(fileObjectId)\n } catch (error) {\n const message = error instanceof Error ? error.message : String(error)\n if (!message.includes(\"FileNotFound\")) {\n ctx.res.status(500)\n return { ok: false, error: \"delete_failed\" }\n }\n }\n\n ctx.res.status(204)\n return { ok: true }\n}\n","import { ApiHandler } from \"@rpcbase/api\"\nimport { getTenantFilesystemDb } from \"@rpcbase/db\"\nimport { GridFSBucket, ObjectId } from \"mongodb\"\n\nimport { getBucketName, getTenantId, getUploadKeyHash, getUserId, type SessionUser } from \"../../file-uploads/shared\"\n\n\nconst resolveHeaderString = (value: unknown): string | null => {\n if (typeof value !== \"string\") return null\n const normalized = value.trim()\n return normalized ? normalized : null\n}\n\nconst resolveHeaderBoolean = (value: unknown): boolean | null => {\n if (typeof value === \"boolean\") return value\n if (typeof value !== \"string\") return null\n const normalized = value.trim().toLowerCase()\n if (!normalized) return null\n if (normalized === \"true\") return true\n if (normalized === \"false\") return false\n return null\n}\n\nconst escapeHeaderFilename = (filename: string): string => filename.replace(/[\\\\\"]/g, \"_\")\n\nexport const getFile: ApiHandler<Record<string, never>, Record<string, never>, SessionUser> = async (\n _payload,\n ctx,\n): Promise<Record<string, never>> => {\n const tenantId = getTenantId(ctx)\n if (!tenantId) {\n ctx.res.status(400).end()\n return {}\n }\n\n const fileIdRaw = String(ctx.req.params?.fileId ?? \"\").trim()\n let fileObjectId: ObjectId\n try {\n fileObjectId = new ObjectId(fileIdRaw)\n } catch {\n ctx.res.status(400).end()\n return {}\n }\n\n const fsDb = await getTenantFilesystemDb(tenantId)\n const nativeDb = fsDb.db\n if (!nativeDb) {\n ctx.res.status(500).end()\n return {}\n }\n\n const bucketName = getBucketName()\n const bucket = new GridFSBucket(nativeDb, { bucketName })\n\n const [file] = await bucket.find({ _id: fileObjectId }).limit(1).toArray()\n if (!file) {\n ctx.res.status(404).end()\n return {}\n }\n\n const isPublic = resolveHeaderBoolean((file as any)?.metadata?.isPublic) ?? false\n if (!isPublic) {\n const userId = getUserId(ctx)\n const uploadKeyHash = getUploadKeyHash(ctx)\n const metadataUserId = resolveHeaderString((file as any)?.metadata?.userId)\n const ownerKeyHash = resolveHeaderString((file as any)?.metadata?.ownerKeyHash)\n\n const authorizedByUser = Boolean(userId && metadataUserId && userId === metadataUserId)\n const authorizedByKey = Boolean(uploadKeyHash && ownerKeyHash && uploadKeyHash === ownerKeyHash)\n\n if (!authorizedByUser && !authorizedByKey) {\n ctx.res.status(401).end()\n return {}\n }\n }\n\n const mimeTypeFromMetadata = resolveHeaderString((file as any)?.metadata?.mimeType)\n const mimeType = mimeTypeFromMetadata ?? \"application/octet-stream\"\n const filenameFromDb = resolveHeaderString((file as any)?.filename)\n const filename = filenameFromDb ?? fileIdRaw\n const filenameSafe = escapeHeaderFilename(filename)\n\n const cacheControl = \"private, max-age=0, must-revalidate\"\n const md5 = resolveHeaderString((file as any)?.md5)\n const uploadDate = (file as any)?.uploadDate instanceof Date ? (file as any).uploadDate : null\n const etagValue = md5 ?? `${fileObjectId.toHexString()}-${String((file as any)?.length ?? 0)}-${String(uploadDate?.getTime() ?? 0)}`\n const etag = md5 ? `\"${etagValue}\"` : `W/\"${etagValue}\"`\n const ifNoneMatch = resolveHeaderString((ctx.req.headers as any)?.[\"if-none-match\"])\n if (ifNoneMatch) {\n const candidates = ifNoneMatch.split(\",\").map((value) => value.trim()).filter(Boolean)\n if (candidates.includes(\"*\") || candidates.includes(etag)) {\n ctx.res.status(304)\n ctx.res.setHeader(\"Cache-Control\", cacheControl)\n ctx.res.setHeader(\"ETag\", etag)\n ctx.res.end()\n return {}\n }\n }\n\n ctx.res.status(200)\n ctx.res.setHeader(\"Content-Type\", mimeType)\n ctx.res.setHeader(\"Content-Length\", String((file as any)?.length ?? 0))\n ctx.res.setHeader(\"Content-Disposition\", `inline; filename=\"${filenameSafe}\"`)\n ctx.res.setHeader(\"Cache-Control\", cacheControl)\n ctx.res.setHeader(\"ETag\", etag)\n ctx.res.setHeader(\"X-Content-Type-Options\", \"nosniff\")\n if (mimeType === \"image/svg+xml\") {\n ctx.res.setHeader(\n \"Content-Security-Policy\",\n \"default-src 'none'; style-src 'unsafe-inline'; sandbox; base-uri 'none'; form-action 'none'\",\n )\n }\n ctx.res.flushHeaders()\n\n if (ctx.req.method === \"HEAD\") {\n ctx.res.end()\n return {}\n }\n\n const stream = bucket.openDownloadStream(fileObjectId)\n\n stream.on(\"error\", () => {\n try {\n ctx.res.destroy()\n } catch {\n //\n }\n })\n\n stream.pipe(ctx.res)\n return {}\n}\n","export const Route = \"/api/rb/files/:fileId\"\n\nexport const GetRoute = Route\nexport const DeleteRoute = Route\n","import { Api } from \"@rpcbase/api\"\n\nimport { deleteFile } from \"./handlers/deleteFile\"\nimport { getFile } from \"./handlers/getFile\"\n\nimport * as Files from \"./index\"\n\n\nexport default (api: Api) => {\n api.get(Files.GetRoute, getFile)\n api.delete(Files.DeleteRoute, deleteFile)\n}\n"],"names":["resolveHeaderString","value","normalized","trim","deleteFile","_payload","ctx","tenantId","getTenantId","res","status","ok","error","fileIdRaw","String","req","params","fileId","fileObjectId","ObjectId","fsDb","getTenantFilesystemDb","nativeDb","db","bucketName","getBucketName","bucket","GridFSBucket","userId","getUserId","uploadKeyHash","getUploadKeyHash","file","find","_id","limit","toArray","metadataUserId","metadata","ownerKeyHash","authorizedByUser","Boolean","authorizedByKey","delete","message","Error","includes","resolveHeaderBoolean","toLowerCase","escapeHeaderFilename","filename","replace","getFile","end","isPublic","mimeTypeFromMetadata","mimeType","filenameFromDb","filenameSafe","cacheControl","md5","uploadDate","Date","etagValue","toHexString","length","getTime","etag","ifNoneMatch","headers","candidates","split","map","filter","setHeader","flushHeaders","method","stream","openDownloadStream","on","destroy","pipe","Route","GetRoute","DeleteRoute","api","get","Files"],"mappings":";;;AAYA,MAAMA,wBAAsBA,CAACC,UAAkC;AAC7D,MAAI,OAAOA,UAAU,SAAU,QAAO;AACtC,QAAMC,aAAaD,MAAME,KAAAA;AACzB,SAAOD,aAAaA,aAAa;AACnC;AAEO,MAAME,aAAoF,OAC/FC,UACAC,QACmC;AACnC,QAAMC,WAAWC,YAAYF,GAAG;AAChC,MAAI,CAACC,UAAU;AACbD,QAAIG,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEC,IAAI;AAAA,MAAOC,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMC,YAAYC,OAAOR,IAAIS,IAAIC,QAAQC,UAAU,EAAE,EAAEd,KAAAA;AACvD,MAAIe;AACJ,MAAI;AACFA,mBAAe,IAAIC,SAASN,SAAS;AAAA,EACvC,QAAQ;AACNP,QAAIG,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEC,IAAI;AAAA,MAAOC,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMQ,OAAO,MAAMC,sBAAsBd,QAAQ;AACjD,QAAMe,WAAWF,KAAKG;AACtB,MAAI,CAACD,UAAU;AACbhB,QAAIG,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEC,IAAI;AAAA,MAAOC,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAMY,aAAaC,cAAAA;AACnB,QAAMC,SAAS,IAAIC,aAAaL,UAAU;AAAA,IAAEE;AAAAA,EAAAA,CAAY;AAExD,QAAMI,SAASC,UAAUvB,GAAG;AAC5B,QAAMwB,gBAAgBC,iBAAiBzB,GAAG;AAC1C,MAAI,CAACsB,UAAU,CAACE,eAAe;AAC7BxB,QAAIG,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEC,IAAI;AAAA,MAAOC,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,QAAM,CAACoB,IAAI,IAAI,MAAMN,OAAOO,KAAK;AAAA,IAAEC,KAAKhB;AAAAA,EAAAA,CAAc,EAAEiB,MAAM,CAAC,EAAEC,QAAAA;AACjE,MAAI,CAACJ,MAAM;AACT1B,QAAIG,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEC,IAAI;AAAA,IAAA;AAAA,EACf;AAEA,QAAM0B,iBAAiBrC,sBAAqBgC,MAAcM,UAAUV,MAAM;AAC1E,QAAMW,eAAevC,sBAAqBgC,MAAcM,UAAUC,YAAY;AAE9E,QAAMC,mBAAmBC,QAAQb,UAAUS,kBAAkBT,WAAWS,cAAc;AACtF,QAAMK,kBAAkBD,QAAQX,iBAAiBS,gBAAgBT,kBAAkBS,YAAY;AAE/F,MAAI,CAACC,oBAAoB,CAACE,iBAAiB;AACzCpC,QAAIG,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEC,IAAI;AAAA,MAAOC,OAAO;AAAA,IAAA;AAAA,EAC7B;AAEA,MAAI;AACF,UAAMc,OAAOiB,OAAOzB,YAAY;AAAA,EAClC,SAASN,OAAO;AACd,UAAMgC,UAAUhC,iBAAiBiC,QAAQjC,MAAMgC,UAAU9B,OAAOF,KAAK;AACrE,QAAI,CAACgC,QAAQE,SAAS,cAAc,GAAG;AACrCxC,UAAIG,IAAIC,OAAO,GAAG;AAClB,aAAO;AAAA,QAAEC,IAAI;AAAA,QAAOC,OAAO;AAAA,MAAA;AAAA,IAC7B;AAAA,EACF;AAEAN,MAAIG,IAAIC,OAAO,GAAG;AAClB,SAAO;AAAA,IAAEC,IAAI;AAAA,EAAA;AACf;AC5EA,MAAMX,sBAAsBA,CAACC,UAAkC;AAC7D,MAAI,OAAOA,UAAU,SAAU,QAAO;AACtC,QAAMC,aAAaD,MAAME,KAAAA;AACzB,SAAOD,aAAaA,aAAa;AACnC;AAEA,MAAM6C,uBAAuBA,CAAC9C,UAAmC;AAC/D,MAAI,OAAOA,UAAU,UAAW,QAAOA;AACvC,MAAI,OAAOA,UAAU,SAAU,QAAO;AACtC,QAAMC,aAAaD,MAAME,KAAAA,EAAO6C,YAAAA;AAChC,MAAI,CAAC9C,WAAY,QAAO;AACxB,MAAIA,eAAe,OAAQ,QAAO;AAClC,MAAIA,eAAe,QAAS,QAAO;AACnC,SAAO;AACT;AAEA,MAAM+C,uBAAuBA,CAACC,aAA6BA,SAASC,QAAQ,UAAU,GAAG;AAElF,MAAMC,UAAiF,OAC5F/C,UACAC,QACmC;AACnC,QAAMC,WAAWC,YAAYF,GAAG;AAChC,MAAI,CAACC,UAAU;AACbD,QAAIG,IAAIC,OAAO,GAAG,EAAE2C,IAAAA;AACpB,WAAO,CAAA;AAAA,EACT;AAEA,QAAMxC,YAAYC,OAAOR,IAAIS,IAAIC,QAAQC,UAAU,EAAE,EAAEd,KAAAA;AACvD,MAAIe;AACJ,MAAI;AACFA,mBAAe,IAAIC,SAASN,SAAS;AAAA,EACvC,QAAQ;AACNP,QAAIG,IAAIC,OAAO,GAAG,EAAE2C,IAAAA;AACpB,WAAO,CAAA;AAAA,EACT;AAEA,QAAMjC,OAAO,MAAMC,sBAAsBd,QAAQ;AACjD,QAAMe,WAAWF,KAAKG;AACtB,MAAI,CAACD,UAAU;AACbhB,QAAIG,IAAIC,OAAO,GAAG,EAAE2C,IAAAA;AACpB,WAAO,CAAA;AAAA,EACT;AAEA,QAAM7B,aAAaC,cAAAA;AACnB,QAAMC,SAAS,IAAIC,aAAaL,UAAU;AAAA,IAAEE;AAAAA,EAAAA,CAAY;AAExD,QAAM,CAACQ,IAAI,IAAI,MAAMN,OAAOO,KAAK;AAAA,IAAEC,KAAKhB;AAAAA,EAAAA,CAAc,EAAEiB,MAAM,CAAC,EAAEC,QAAAA;AACjE,MAAI,CAACJ,MAAM;AACT1B,QAAIG,IAAIC,OAAO,GAAG,EAAE2C,IAAAA;AACpB,WAAO,CAAA;AAAA,EACT;AAEA,QAAMC,WAAWP,qBAAsBf,MAAcM,UAAUgB,QAAQ,KAAK;AAC5E,MAAI,CAACA,UAAU;AACb,UAAM1B,SAASC,UAAUvB,GAAG;AAC5B,UAAMwB,gBAAgBC,iBAAiBzB,GAAG;AAC1C,UAAM+B,iBAAiBrC,oBAAqBgC,MAAcM,UAAUV,MAAM;AAC1E,UAAMW,eAAevC,oBAAqBgC,MAAcM,UAAUC,YAAY;AAE9E,UAAMC,mBAAmBC,QAAQb,UAAUS,kBAAkBT,WAAWS,cAAc;AACtF,UAAMK,kBAAkBD,QAAQX,iBAAiBS,gBAAgBT,kBAAkBS,YAAY;AAE/F,QAAI,CAACC,oBAAoB,CAACE,iBAAiB;AACzCpC,UAAIG,IAAIC,OAAO,GAAG,EAAE2C,IAAAA;AACpB,aAAO,CAAA;AAAA,IACT;AAAA,EACF;AAEA,QAAME,uBAAuBvD,oBAAqBgC,MAAcM,UAAUkB,QAAQ;AAClF,QAAMA,WAAWD,wBAAwB;AACzC,QAAME,iBAAiBzD,oBAAqBgC,MAAckB,QAAQ;AAClE,QAAMA,WAAWO,kBAAkB5C;AACnC,QAAM6C,eAAeT,qBAAqBC,QAAQ;AAElD,QAAMS,eAAe;AACrB,QAAMC,MAAM5D,oBAAqBgC,MAAc4B,GAAG;AAClD,QAAMC,aAAc7B,MAAc6B,sBAAsBC,OAAQ9B,KAAa6B,aAAa;AAC1F,QAAME,YAAYH,OAAO,GAAG1C,aAAa8C,YAAAA,CAAa,IAAIlD,OAAQkB,MAAciC,UAAU,CAAC,CAAC,IAAInD,OAAO+C,YAAYK,QAAAA,KAAa,CAAC,CAAC;AAClI,QAAMC,OAAOP,MAAM,IAAIG,SAAS,MAAM,MAAMA,SAAS;AACrD,QAAMK,cAAcpE,oBAAqBM,IAAIS,IAAIsD,UAAkB,eAAe,CAAC;AACnF,MAAID,aAAa;AACf,UAAME,aAAaF,YAAYG,MAAM,GAAG,EAAEC,IAAKvE,CAAAA,UAAUA,MAAME,KAAAA,CAAM,EAAEsE,OAAOhC,OAAO;AACrF,QAAI6B,WAAWxB,SAAS,GAAG,KAAKwB,WAAWxB,SAASqB,IAAI,GAAG;AACzD7D,UAAIG,IAAIC,OAAO,GAAG;AAClBJ,UAAIG,IAAIiE,UAAU,iBAAiBf,YAAY;AAC/CrD,UAAIG,IAAIiE,UAAU,QAAQP,IAAI;AAC9B7D,UAAIG,IAAI4C,IAAAA;AACR,aAAO,CAAA;AAAA,IACT;AAAA,EACF;AAEA/C,MAAIG,IAAIC,OAAO,GAAG;AAClBJ,MAAIG,IAAIiE,UAAU,gBAAgBlB,QAAQ;AAC1ClD,MAAIG,IAAIiE,UAAU,kBAAkB5D,OAAQkB,MAAciC,UAAU,CAAC,CAAC;AACtE3D,MAAIG,IAAIiE,UAAU,uBAAuB,qBAAqBhB,YAAY,GAAG;AAC7EpD,MAAIG,IAAIiE,UAAU,iBAAiBf,YAAY;AAC/CrD,MAAIG,IAAIiE,UAAU,QAAQP,IAAI;AAC9B7D,MAAIG,IAAIiE,UAAU,0BAA0B,SAAS;AACrD,MAAIlB,aAAa,iBAAiB;AAChClD,QAAIG,IAAIiE,UACN,2BACA,6FACF;AAAA,EACF;AACApE,MAAIG,IAAIkE,aAAAA;AAER,MAAIrE,IAAIS,IAAI6D,WAAW,QAAQ;AAC7BtE,QAAIG,IAAI4C,IAAAA;AACR,WAAO,CAAA;AAAA,EACT;AAEA,QAAMwB,SAASnD,OAAOoD,mBAAmB5D,YAAY;AAErD2D,SAAOE,GAAG,SAAS,MAAM;AACvB,QAAI;AACFzE,UAAIG,IAAIuE,QAAAA;AAAAA,IACV,QAAQ;AAAA,IACN;AAAA,EAEJ,CAAC;AAEDH,SAAOI,KAAK3E,IAAIG,GAAG;AACnB,SAAO,CAAA;AACT;ACnIO,MAAMyE,QAAQ;AAEd,MAAMC,WAAWD;AACjB,MAAME,cAAcF;ACK3B,MAAA,UAAe,CAACG,QAAa;AAC3BA,MAAIC,IAAIC,UAAgBnC,OAAO;AAC/BiC,MAAI1C,OAAO4C,aAAmBnF,UAAU;AAC1C;"}
package/dist/index.js CHANGED
@@ -9,7 +9,7 @@ import { posix, dirname, sep } from "path";
9
9
  import fs, { createReadStream, readFileSync } from "node:fs";
10
10
  import { createInterface } from "node:readline";
11
11
  import { AsyncLocalStorage } from "node:async_hooks";
12
- import { g as getDerivedKey, r as resolveRtsRequestTenantId, i as isRtsRequestAuthorized, b as buildRtsAbilityFromRequest, n as normalizeRtsQueryOptions, a as runRtsQuery, c as runRtsCount } from "./queryExecutor-CGFVBzI1.js";
12
+ import { g as getDerivedKey, r as resolveRtsRequestTenantId, i as isRtsRequestAuthorized, b as buildRtsAbilityFromRequest, n as normalizeRtsQueryOptions, a as runRtsQuery, c as runRtsCount } from "./queryExecutor-DTEFEB5Z.js";
13
13
  import httpProxy from "http-proxy-3";
14
14
  import fsPromises from "node:fs/promises";
15
15
  import inspector from "node:inspector";
package/dist/{queryExecutor-CGFVBzI1.js → queryExecutor-DTEFEB5Z.js} RENAMED
@@ -1,13 +1,11 @@
1
1
  import { models } from "@rpcbase/db";
2
- import { getAccessibleByQuery, buildAbilityFromSession, getTenantRolesFromSessionUser, buildAbility } from "@rpcbase/db/acl";
2
+ import { getAccessibleByQuery, buildAbilityFromSession } from "@rpcbase/db/acl";
3
3
  import assert from "assert";
4
4
  import { hkdfSync } from "crypto";
5
5
  const getDerivedKey = (masterKey, info, length = 32, salt = "") => {
6
6
  assert(masterKey?.length >= 32, "MASTER_KEY must be 32 chars or longer.");
7
7
  return Buffer.from(hkdfSync("sha256", masterKey, Buffer.from(salt), Buffer.from(info), length)).toString("hex");
8
8
  };
9
- const RTS_TENANT_ID_QUERY_PARAM = "rb-tenant-id";
10
- const RTS_USER_ID_HEADER = "rb-user-id";
11
9
  const QUERY_MAX_LIMIT = 4096;
12
10
  const INTERNAL_MODEL_NAMES = /* @__PURE__ */ new Set(["RBRtsChange", "RBRtsCounter"]);
13
11
  const DEFAULT_APPROX_COUNT_SAMPLE_SIZE = 1e3;
@@ -28,15 +26,7 @@ const normalizeTenantId = (value) => {
28
26
  const normalized = value.trim();
29
27
  return normalized ? normalized : null;
30
28
  };
31
- const normalizeSignedInTenants = (value) => {
32
- if (!Array.isArray(value)) return [];
33
- return value.map((tenantId) => normalizeTenantId(String(tenantId))).filter((tenantId) => Boolean(tenantId));
34
- };
35
29
  const getTenantIdFromRequest = (req) => {
36
- const rawQuery = req.query?.[RTS_TENANT_ID_QUERY_PARAM];
37
- const queryTenantId = Array.isArray(rawQuery) ? rawQuery[0] : rawQuery;
38
- const normalizedFromQuery = normalizeTenantId(queryTenantId);
39
- if (normalizedFromQuery) return normalizedFromQuery;
40
30
  return normalizeTenantId(req.session?.user?.currentTenantId);
41
31
  };
42
32
  const resolveRtsRequestTenantId = (req) => {
@@ -45,62 +35,35 @@ const resolveRtsRequestTenantId = (req) => {
45
35
  const isRtsRequestAuthorized = (req, tenantId) => {
46
36
  const sessionUser = req.session?.user;
47
37
  if (!sessionUser) return false;
48
- const signedInTenants = normalizeSignedInTenants(sessionUser.signedInTenants);
49
- if (signedInTenants.length > 0) {
50
- return signedInTenants.includes(tenantId);
51
- }
52
38
  const currentTenantId = normalizeTenantId(sessionUser.currentTenantId);
53
39
  if (!currentTenantId) return false;
54
40
  return currentTenantId === tenantId;
55
41
  };
56
42
  const buildRtsAbilityFromRequest = async (req, tenantId) => {
57
43
  const sessionUserId = normalizeTenantId(req.session?.user?.id);
58
- if (sessionUserId) {
59
- const ability = buildAbilityFromSession({
60
- tenantId,
61
- session: req.session
62
- });
63
- return {
64
- ability,
65
- userId: sessionUserId
66
- };
67
- }
68
- const headerValue = req.headers[RTS_USER_ID_HEADER];
69
- const headerUserIdRaw = Array.isArray(headerValue) ? headerValue[0] : headerValue;
70
- const headerUserId = normalizeTenantId(headerUserIdRaw);
71
- if (!headerUserId) {
72
- const ability = buildAbilityFromSession({
73
- tenantId,
74
- session: req.session
75
- });
44
+ if (!sessionUserId) {
45
+ const currentTenantId2 = normalizeTenantId(req.session?.user?.currentTenantId);
46
+ if (!currentTenantId2 || currentTenantId2 !== tenantId) {
47
+ throw new Error("Tenant not authorized for this session");
48
+ }
76
49
  return {
77
- ability,
50
+ ability: buildAbilityFromSession({
51
+ tenantId,
52
+ session: req.session
53
+ }),
78
54
  userId: null
79
55
  };
80
56
  }
81
- const rbCtx = {
82
- req: {
83
- session: null
84
- }
85
- };
86
- const User = await models.getGlobal("RBUser", rbCtx);
87
- const user = await User.findById(headerUserId, {
88
- tenants: 1,
89
- tenantRoles: 1
90
- }).lean();
91
- const tenantsRaw = user?.tenants;
92
- const tenants = Array.isArray(tenantsRaw) ? tenantsRaw.map((tenant) => String(tenant)) : [];
93
- if (!tenants.includes(tenantId)) {
57
+ const currentTenantId = normalizeTenantId(req.session?.user?.currentTenantId);
58
+ if (!currentTenantId || currentTenantId !== tenantId) {
94
59
  throw new Error("Tenant not authorized for this session");
95
60
  }
96
- const roles = getTenantRolesFromSessionUser(user, tenantId);
97
61
  return {
98
- ability: buildAbility({
62
+ ability: buildAbilityFromSession({
99
63
  tenantId,
100
- userId: headerUserId,
101
- roles: roles.length ? roles : ["owner"]
64
+ session: req.session
102
65
  }),
103
- userId: headerUserId
66
+ userId: sessionUserId
104
67
  };
105
68
  };
106
69
  const getTenantModel = async (tenantId, modelName, ability) => {
@@ -497,15 +460,13 @@ const runRtsCount = async ({
497
460
  return Math.max(0, Math.min(estimatedTotal, estimatedMatches));
498
461
  };
499
462
  export {
500
- RTS_TENANT_ID_QUERY_PARAM as R,
501
463
  runRtsQuery as a,
502
464
  buildRtsAbilityFromRequest as b,
503
465
  runRtsCount as c,
504
- RTS_USER_ID_HEADER as d,
505
- resolveRtsQueryDependencyModelNames as e,
466
+ resolveRtsQueryDependencyModelNames as d,
506
467
  getDerivedKey as g,
507
468
  isRtsRequestAuthorized as i,
508
469
  normalizeRtsQueryOptions as n,
509
470
  resolveRtsRequestTenantId as r
510
471
  };
511
- //# sourceMappingURL=queryExecutor-CGFVBzI1.js.map
472
+ //# sourceMappingURL=queryExecutor-DTEFEB5Z.js.map