@rpcbase/server 0.543.0 → 0.544.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/dist/{handler-ClQF4MOn.js → handler-BPtmV7Gp.js} +2 -2
  2. package/dist/{handler-ClQF4MOn.js.map → handler-BPtmV7Gp.js.map} +1 -1
  3. package/dist/{handler--FFBJMl6.js → handler-TcIyb69f.js} +2 -8
  4. package/dist/handler-TcIyb69f.js.map +1 -0
  5. package/dist/{handler-COnCnprN.js → handler-V5AVyt5y.js} +2 -2
  6. package/dist/{handler-COnCnprN.js.map → handler-V5AVyt5y.js.map} +1 -1
  7. package/dist/index.js +1 -1
  8. package/dist/{queryExecutor-CGFVBzI1.js → queryExecutor-DTEFEB5Z.js} +17 -56
  9. package/dist/queryExecutor-DTEFEB5Z.js.map +1 -0
  10. package/dist/rts/api/changes/handler.d.ts.map +1 -1
  11. package/dist/rts/index.d.ts +1 -1
  12. package/dist/rts/index.d.ts.map +1 -1
  13. package/dist/rts/index.js +19 -65
  14. package/dist/rts/index.js.map +1 -1
  15. package/dist/rts/queryExecutor.d.ts +0 -2
  16. package/dist/rts/queryExecutor.d.ts.map +1 -1
  17. package/dist/{shared-nE84Or5W.js → shared-xNnTJqaH.js} +2 -9
  18. package/dist/shared-xNnTJqaH.js.map +1 -0
  19. package/dist/uploads/api/file-uploads/shared.d.ts.map +1 -1
  20. package/dist/uploads.js +1 -1
  21. package/package.json +1 -1
  22. package/dist/handler--FFBJMl6.js.map +0 -1
  23. package/dist/queryExecutor-CGFVBzI1.js.map +0 -1
  24. package/dist/shared-nE84Or5W.js.map +0 -1
package/dist/shared-xNnTJqaH.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"shared-xNnTJqaH.js","sources":["../src/uploads/api/file-uploads/shared.ts"],"sourcesContent":["import { createHash, timingSafeEqual } from \"node:crypto\"\n\nimport { Ctx } from \"@rpcbase/api\"\nimport {\n type IRBUploadChunk,\n type IRBUploadSession,\n type LoadModelCtx,\n} from \"@rpcbase/db\"\nimport { buildAbilityFromSession, getAccessibleByQuery, type AppAbility } from \"@rpcbase/db/acl\"\nimport type { Model } from \"mongoose\"\n\n\nexport type SessionUser = {\n id?: string\n currentTenantId?: string\n}\n\nexport type UploadSessionDoc = IRBUploadSession\nexport type UploadChunkDoc = Omit<IRBUploadChunk, \"data\"> & { data: Buffer }\n\nconst DEFAULT_CHUNK_SIZE_BYTES = 5 * 1024 * 1024\nconst MAX_CHUNK_SIZE_BYTES = 15 * 1024 * 1024\n\nconst DEFAULT_MAX_CLIENT_BYTES_PER_SECOND = 10 * 1024 * 1024\n\nconst DEFAULT_SESSION_TTL_S = 60 * 60 * 24\n\nconst ensuredIndexDbNames = new Set<string>()\n\nconst parseOptionalPositiveInt = (rawValue: unknown): number | null => {\n if (typeof rawValue !== \"string\") return null\n const normalized = rawValue.trim()\n if (!normalized) return null\n const parsed = Number(normalized)\n if (!Number.isFinite(parsed) || parsed <= 0) return null\n return Math.floor(parsed)\n}\n\nexport const getChunkSizeBytes = (): number => {\n const configured = parseOptionalPositiveInt(process.env.RB_UPLOAD_CHUNK_SIZE_BYTES)\n const resolved = configured ?? DEFAULT_CHUNK_SIZE_BYTES\n return Math.min(MAX_CHUNK_SIZE_BYTES, resolved)\n}\n\nexport const getMaxClientUploadBytesPerSecond = (): number | null => {\n const configured = parseOptionalPositiveInt(process.env.RB_UPLOAD_MAX_CLIENT_BYTES_PER_SECOND)\n return configured ?? DEFAULT_MAX_CLIENT_BYTES_PER_SECOND\n}\n\nexport const getSessionTtlMs = (): number => {\n const ttlSeconds = parseOptionalPositiveInt(process.env.RB_UPLOAD_SESSION_TTL_S) ?? DEFAULT_SESSION_TTL_S\n return ttlSeconds * 1000\n}\n\nexport const getRawBodyLimitBytes = (chunkSizeBytes: number): number => chunkSizeBytes + 1024 * 1024\n\nexport const getBucketName = (): string => (process.env.RB_FILESYSTEM_BUCKET_NAME ?? \"\").trim() || \"fs\"\n\nexport const getUserId = (ctx: Ctx<SessionUser>): string | null => {\n const raw = ctx.req.session?.user?.id\n if (typeof raw !== \"string\") return null\n const normalized = raw.trim()\n return normalized ? normalized : null\n}\n\nexport const getTenantId = (ctx: Ctx<SessionUser>): string | null => {\n const rawSession = ctx.req.session?.user?.currentTenantId\n const sessionTenantId = typeof rawSession === \"string\" ? rawSession.trim() : \"\"\n return sessionTenantId || null\n}\n\nexport const computeSha256Hex = (data: Buffer): string => createHash(\"sha256\").update(data).digest(\"hex\")\n\nexport const normalizeSha256Hex = (value: string): string => value.trim().toLowerCase()\n\nexport const getModelCtx = (_ctx: Ctx<SessionUser>, tenantId: string, ability?: AppAbility): LoadModelCtx => ({\n req: {\n session: {\n user: {\n currentTenantId: tenantId,\n },\n },\n },\n ability,\n})\n\nexport const toBufferPayload = (payload: unknown): Buffer | null => {\n if (Buffer.isBuffer(payload)) return payload\n if (payload instanceof Uint8Array) return Buffer.from(payload)\n return null\n}\n\nexport const ensureUploadIndexes = async (\n UploadSession: Model<UploadSessionDoc>,\n UploadChunk: Model<UploadChunkDoc>,\n): Promise<void> => {\n const dbName = String((UploadSession as unknown as { db?: { name?: unknown } })?.db?.name ?? \"\")\n if (dbName && ensuredIndexDbNames.has(dbName)) return\n\n await Promise.all([\n UploadSession.createIndexes(),\n UploadChunk.createIndexes(),\n ])\n\n if (dbName) ensuredIndexDbNames.add(dbName)\n}\n\nconst normalizeUploadKey = (raw: unknown): string | null => {\n if (typeof raw !== \"string\") return null\n const normalized = raw.trim()\n return normalized ? normalized : null\n}\n\nexport const getUploadKeyHash = (ctx: Ctx<SessionUser>): string | null => {\n const uploadKey = normalizeUploadKey(ctx.req.get(\"X-Upload-Key\"))\n if (!uploadKey) return null\n return computeSha256Hex(Buffer.from(uploadKey))\n}\n\nexport const buildUploadsAbility = (ctx: Ctx<SessionUser>, tenantId: string): AppAbility => {\n const uploadKeyHash = getUploadKeyHash(ctx)\n const claims = uploadKeyHash ? { uploadKeyHash } : undefined\n return buildAbilityFromSession({ tenantId, session: ctx.req.session, claims })\n}\n\nexport const getUploadSessionAccessQuery = (\n ability: AppAbility,\n action: \"read\" | \"update\" | \"delete\",\n): Record<string, unknown> => getAccessibleByQuery(ability, action, \"RBUploadSession\")\n\nconst timingSafeEqualHex = (left: string, right: string): boolean => {\n if (left.length !== right.length) return false\n try {\n return timingSafeEqual(Buffer.from(left, \"hex\"), Buffer.from(right, \"hex\"))\n } catch {\n return false\n }\n}\n\nexport const getOwnershipSelector = (\n ctx: Ctx<SessionUser>,\n session: Pick<UploadSessionDoc, \"userId\" | \"ownerKeyHash\">,\n): { userId?: string; ownerKeyHash?: string } | null => {\n if (session.userId) {\n const userId = getUserId(ctx)\n if (!userId || userId !== session.userId) return null\n return { userId: session.userId }\n }\n\n if (session.ownerKeyHash) {\n const uploadKeyHash = getUploadKeyHash(ctx)\n if (!uploadKeyHash) return null\n if (!timingSafeEqualHex(session.ownerKeyHash, uploadKeyHash)) return null\n return { ownerKeyHash: session.ownerKeyHash }\n }\n\n return null\n}\n"],"names":["DEFAULT_CHUNK_SIZE_BYTES","MAX_CHUNK_SIZE_BYTES","DEFAULT_MAX_CLIENT_BYTES_PER_SECOND","DEFAULT_SESSION_TTL_S","ensuredIndexDbNames","Set","parseOptionalPositiveInt","rawValue","normalized","trim","parsed","Number","isFinite","Math","floor","getChunkSizeBytes","configured","process","env","RB_UPLOAD_CHUNK_SIZE_BYTES","resolved","min","getMaxClientUploadBytesPerSecond","RB_UPLOAD_MAX_CLIENT_BYTES_PER_SECOND","getSessionTtlMs","ttlSeconds","RB_UPLOAD_SESSION_TTL_S","getRawBodyLimitBytes","chunkSizeBytes","getBucketName","RB_FILESYSTEM_BUCKET_NAME","getUserId","ctx","raw","req","session","user","id","getTenantId","rawSession","currentTenantId","sessionTenantId","computeSha256Hex","data","createHash","update","digest","normalizeSha256Hex","value","toLowerCase","getModelCtx","_ctx","tenantId","ability","toBufferPayload","payload","Buffer","isBuffer","Uint8Array","from","ensureUploadIndexes","UploadSession","UploadChunk","dbName","String","db","name","has","Promise","all","createIndexes","add","normalizeUploadKey","getUploadKeyHash","uploadKey","get","buildUploadsAbility","uploadKeyHash","claims","undefined","buildAbilityFromSession","getUploadSessionAccessQuery","action","getAccessibleByQuery"],"mappings":";;AAoBA,MAAMA,2BAA2B,IAAI,OAAO;AAC5C,MAAMC,uBAAuB,KAAK,OAAO;AAEzC,MAAMC,sCAAsC,KAAK,OAAO;AAExD,MAAMC,wBAAwB,KAAK,KAAK;AAExC,MAAMC,0CAA0BC,IAAAA;AAEhC,MAAMC,2BAA2BA,CAACC,aAAqC;AACrE,MAAI,OAAOA,aAAa,SAAU,QAAO;AACzC,QAAMC,aAAaD,SAASE,KAAAA;AAC5B,MAAI,CAACD,WAAY,QAAO;AACxB,QAAME,SAASC,OAAOH,UAAU;AAChC,MAAI,CAACG,OAAOC,SAASF,MAAM,KAAKA,UAAU,EAAG,QAAO;AACpD,SAAOG,KAAKC,MAAMJ,MAAM;AAC1B;AAEO,MAAMK,oBAAoBA,MAAc;AAC7C,QAAMC,aAAaV,yBAAyBW,QAAQC,IAAIC,0BAA0B;AAClF,QAAMC,WAAWJ,cAAchB;AAC/B,SAAOa,KAAKQ,IAAIpB,sBAAsBmB,QAAQ;AAChD;AAEO,MAAME,mCAAmCA,MAAqB;AACnE,QAAMN,aAAaV,yBAAyBW,QAAQC,IAAIK,qCAAqC;AAC7F,SAAOP,cAAcd;AACvB;AAEO,MAAMsB,kBAAkBA,MAAc;AAC3C,QAAMC,aAAanB,yBAAyBW,QAAQC,IAAIQ,uBAAuB,KAAKvB;AACpF,SAAOsB,aAAa;AACtB;AAEO,MAAME,uBAAuBA,CAACC,mBAAmCA,iBAAiB,OAAO;AAEzF,MAAMC,gBAAgBA,OAAeZ,QAAQC,IAAIY,6BAA6B,IAAIrB,UAAU;AAE5F,MAAMsB,YAAYA,CAACC,QAAyC;AACjE,QAAMC,MAAMD,IAAIE,IAAIC,SAASC,MAAMC;AACnC,MAAI,OAAOJ,QAAQ,SAAU,QAAO;AACpC,QAAMzB,aAAayB,IAAIxB,KAAAA;AACvB,SAAOD,aAAaA,aAAa;AACnC;AAEO,MAAM8B,cAAcA,CAACN,QAAyC;AACnE,QAAMO,aAAaP,IAAIE,IAAIC,SAASC,MAAMI;AAC1C,QAAMC,kBAAkB,OAAOF,eAAe,WAAWA,WAAW9B,SAAS;AAC7E,SAAOgC,mBAAmB;AAC5B;AAEO,MAAMC,mBAAmBA,CAACC,SAAyBC,WAAW,QAAQ,EAAEC,OAAOF,IAAI,EAAEG,OAAO,KAAK;AAEjG,MAAMC,qBAAqBA,CAACC,UAA0BA,MAAMvC,KAAAA,EAAOwC,YAAAA;AAEnE,MAAMC,cAAcA,CAACC,MAAwBC,UAAkBC,aAAwC;AAAA,EAC5GnB,KAAK;AAAA,IACHC,SAAS;AAAA,MACPC,MAAM;AAAA,QACJI,iBAAiBY;AAAAA,MAAAA;AAAAA,IACnB;AAAA,EACF;AAAA,EAEFC;AACF;AAEO,MAAMC,kBAAkBA,CAACC,YAAoC;AAClE,MAAIC,OAAOC,SAASF,OAAO,EAAG,QAAOA;AACrC,MAAIA,mBAAmBG,WAAY,QAAOF,OAAOG,KAAKJ,OAAO;AAC7D,SAAO;AACT;AAEO,MAAMK,sBAAsB,OACjCC,eACAC,gBACkB;AAClB,QAAMC,SAASC,OAAQH,eAA0DI,IAAIC,QAAQ,EAAE;AAC/F,MAAIH,UAAU3D,oBAAoB+D,IAAIJ,MAAM,EAAG;AAE/C,QAAMK,QAAQC,IAAI,CAChBR,cAAcS,iBACdR,YAAYQ,cAAAA,CAAe,CAC5B;AAED,MAAIP,OAAQ3D,qBAAoBmE,IAAIR,MAAM;AAC5C;AAEA,MAAMS,qBAAqBA,CAACvC,QAAgC;AAC1D,MAAI,OAAOA,QAAQ,SAAU,QAAO;AACpC,QAAMzB,aAAayB,IAAIxB,KAAAA;AACvB,SAAOD,aAAaA,aAAa;AACnC;AAEO,MAAMiE,mBAAmBA,CAACzC,QAAyC;AACxE,QAAM0C,YAAYF,mBAAmBxC,IAAIE,IAAIyC,IAAI,cAAc,CAAC;AAChE,MAAI,CAACD,UAAW,QAAO;AACvB,SAAOhC,iBAAiBc,OAAOG,KAAKe,SAAS,CAAC;AAChD;AAEO,MAAME,sBAAsBA,CAAC5C,KAAuBoB,aAAiC;AAC1F,QAAMyB,gBAAgBJ,iBAAiBzC,GAAG;AAC1C,QAAM8C,SAASD,gBAAgB;AAAA,IAAEA;AAAAA,EAAAA,IAAkBE;AACnD,SAAOC,wBAAwB;AAAA,IAAE5B;AAAAA,IAAUjB,SAASH,IAAIE,IAAIC;AAAAA,IAAS2C;AAAAA,EAAAA,CAAQ;AAC/E;AAEO,MAAMG,8BAA8BA,CACzC5B,SACA6B,WAC4BC,qBAAqB9B,SAAS6B,QAAQ,iBAAiB;"}
package/dist/uploads/api/file-uploads/shared.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"shared.d.ts","sourceRoot":"","sources":["../../../../src/uploads/api/file-uploads/shared.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAClC,OAAO,EACL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,YAAY,EAClB,MAAM,aAAa,CAAA;AACpB,OAAO,EAAiD,KAAK,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAChG,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,UAAU,CAAA;AAGrC,MAAM,MAAM,WAAW,GAAG;IACxB,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG,gBAAgB,CAAA;AAC/C,MAAM,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,GAAG;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAAA;AAoB5E,eAAO,MAAM,iBAAiB,QAAO,MAIpC,CAAA;AAED,eAAO,MAAM,gCAAgC,QAAO,MAAM,GAAG,IAG5D,CAAA;AAED,eAAO,MAAM,eAAe,QAAO,MAGlC,CAAA;AAED,eAAO,MAAM,oBAAoB,GAAI,gBAAgB,MAAM,KAAG,MAAsC,CAAA;AAEpG,eAAO,MAAM,aAAa,QAAO,MAAsE,CAAA;AAEvG,eAAO,MAAM,SAAS,GAAI,KAAK,GAAG,CAAC,WAAW,CAAC,KAAG,MAAM,GAAG,IAK1D,CAAA;AAED,eAAO,MAAM,WAAW,GAAI,KAAK,GAAG,CAAC,WAAW,CAAC,KAAG,MAAM,GAAG,IAgB5D,CAAA;AAED,eAAO,MAAM,gBAAgB,GAAI,MAAM,MAAM,KAAG,MAAyD,CAAA;AAEzG,eAAO,MAAM,kBAAkB,GAAI,OAAO,MAAM,KAAG,MAAoC,CAAA;AAEvF,eAAO,MAAM,WAAW,GAAI,MAAM,GAAG,CAAC,WAAW,CAAC,EAAE,UAAU,MAAM,EAAE,UAAU,UAAU,KAAG,YAS3F,CAAA;AAEF,eAAO,MAAM,eAAe,GAAI,SAAS,OAAO,KAAG,MAAM,GAAG,IAI3D,CAAA;AAED,eAAO,MAAM,mBAAmB,GAC9B,eAAe,KAAK,CAAC,gBAAgB,CAAC,EACtC,aAAa,KAAK,CAAC,cAAc,CAAC,KACjC,OAAO,CAAC,IAAI,CAUd,CAAA;AAQD,eAAO,MAAM,gBAAgB,GAAI,KAAK,GAAG,CAAC,WAAW,CAAC,KAAG,MAAM,GAAG,IAIjE,CAAA;AAED,eAAO,MAAM,mBAAmB,GAAI,KAAK,GAAG,CAAC,WAAW,CAAC,EAAE,UAAU,MAAM,KAAG,UAI7E,CAAA;AAED,eAAO,MAAM,2BAA2B,GACtC,SAAS,UAAU,EACnB,QAAQ,MAAM,GAAG,QAAQ,GAAG,QAAQ,KACnC,MAAM,CAAC,MAAM,EAAE,OAAO,CAA6D,CAAA;AAWtF,eAAO,MAAM,oBAAoB,GAC/B,KAAK,GAAG,CAAC,WAAW,CAAC,EACrB,SAAS,IAAI,CAAC,gBAAgB,EAAE,QAAQ,GAAG,cAAc,CAAC,KACzD;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,IAe/C,CAAA"}
1
+ {"version":3,"file":"shared.d.ts","sourceRoot":"","sources":["../../../../src/uploads/api/file-uploads/shared.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAClC,OAAO,EACL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,YAAY,EAClB,MAAM,aAAa,CAAA;AACpB,OAAO,EAAiD,KAAK,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAChG,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,UAAU,CAAA;AAGrC,MAAM,MAAM,WAAW,GAAG;IACxB,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG,gBAAgB,CAAA;AAC/C,MAAM,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,EAAE,MAAM,CAAC,GAAG;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAAA;AAoB5E,eAAO,MAAM,iBAAiB,QAAO,MAIpC,CAAA;AAED,eAAO,MAAM,gCAAgC,QAAO,MAAM,GAAG,IAG5D,CAAA;AAED,eAAO,MAAM,eAAe,QAAO,MAGlC,CAAA;AAED,eAAO,MAAM,oBAAoB,GAAI,gBAAgB,MAAM,KAAG,MAAsC,CAAA;AAEpG,eAAO,MAAM,aAAa,QAAO,MAAsE,CAAA;AAEvG,eAAO,MAAM,SAAS,GAAI,KAAK,GAAG,CAAC,WAAW,CAAC,KAAG,MAAM,GAAG,IAK1D,CAAA;AAED,eAAO,MAAM,WAAW,GAAI,KAAK,GAAG,CAAC,WAAW,CAAC,KAAG,MAAM,GAAG,IAI5D,CAAA;AAED,eAAO,MAAM,gBAAgB,GAAI,MAAM,MAAM,KAAG,MAAyD,CAAA;AAEzG,eAAO,MAAM,kBAAkB,GAAI,OAAO,MAAM,KAAG,MAAoC,CAAA;AAEvF,eAAO,MAAM,WAAW,GAAI,MAAM,GAAG,CAAC,WAAW,CAAC,EAAE,UAAU,MAAM,EAAE,UAAU,UAAU,KAAG,YAS3F,CAAA;AAEF,eAAO,MAAM,eAAe,GAAI,SAAS,OAAO,KAAG,MAAM,GAAG,IAI3D,CAAA;AAED,eAAO,MAAM,mBAAmB,GAC9B,eAAe,KAAK,CAAC,gBAAgB,CAAC,EACtC,aAAa,KAAK,CAAC,cAAc,CAAC,KACjC,OAAO,CAAC,IAAI,CAUd,CAAA;AAQD,eAAO,MAAM,gBAAgB,GAAI,KAAK,GAAG,CAAC,WAAW,CAAC,KAAG,MAAM,GAAG,IAIjE,CAAA;AAED,eAAO,MAAM,mBAAmB,GAAI,KAAK,GAAG,CAAC,WAAW,CAAC,EAAE,UAAU,MAAM,KAAG,UAI7E,CAAA;AAED,eAAO,MAAM,2BAA2B,GACtC,SAAS,UAAU,EACnB,QAAQ,MAAM,GAAG,QAAQ,GAAG,QAAQ,KACnC,MAAM,CAAC,MAAM,EAAE,OAAO,CAA6D,CAAA;AAWtF,eAAO,MAAM,oBAAoB,GAC/B,KAAK,GAAG,CAAC,WAAW,CAAC,EACrB,SAAS,IAAI,CAAC,gBAAgB,EAAE,QAAQ,GAAG,cAAc,CAAC,KACzD;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,IAe/C,CAAA"}
package/dist/uploads.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import { queue } from "@rpcbase/worker";
2
2
  const routes = Object.entries({
3
- .../* @__PURE__ */ Object.assign({ "./api/file-uploads/handler.ts": () => import("./handler-ClQF4MOn.js"), "./api/files/handler.ts": () => import("./handler-COnCnprN.js") })
3
+ .../* @__PURE__ */ Object.assign({ "./api/file-uploads/handler.ts": () => import("./handler-BPtmV7Gp.js"), "./api/files/handler.ts": () => import("./handler-V5AVyt5y.js") })
4
4
  }).reduce((acc, [path, mod]) => {
5
5
  acc[path.replace("./api/", "@rpcbase/server/uploads/api/")] = mod;
6
6
  return acc;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rpcbase/server",
3
- "version": "0.543.0",
3
+ "version": "0.544.0",
4
4
  "type": "module",
5
5
  "files": [
6
6
  "dist"
package/dist/handler--FFBJMl6.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"handler--FFBJMl6.js","sources":["../src/rts/api/changes/index.ts","../src/rts/api/changes/handler.ts"],"sourcesContent":["import { z } from \"zod\"\n\n\nexport const Route = \"/api/rb/rts/changes\"\n\nexport const requestSchema = z.object({\n sinceSeq: z.number().int().min(0).default(0),\n limit: z.number().int().min(1).max(5000).default(2000),\n modelNames: z.array(z.string().min(1)).optional(),\n})\n\nexport type RequestPayload = z.infer<typeof requestSchema>\n\nexport const responseSchema = z.object({\n ok: z.boolean(),\n needsFullResync: z.boolean().optional(),\n earliestSeq: z.number().int().min(0).optional(),\n latestSeq: z.number().int().min(0),\n changes: z.array(z.object({\n seq: z.number().int().min(1),\n modelName: z.string().min(1),\n op: z.enum([\"delete\", \"reset_model\"]),\n docId: z.string().optional(),\n })),\n})\n\nexport type ResponsePayload = z.infer<typeof responseSchema>\n\n","import { Api, ApiHandler, Ctx } from \"@rpcbase/api\"\nimport { models, ZRBRtsChangeOp, type IRBRtsChange, type IRBRtsCounter, type LoadModelCtx } from \"@rpcbase/db\"\nimport { buildAbilityFromSession, type AclSubjectType } from \"@rpcbase/db/acl\"\nimport type { Model } from \"mongoose\"\n\nimport * as Changes from \"./index\"\n\n\ntype SessionUser = {\n id?: string\n currentTenantId?: string\n signedInTenants?: string[]\n}\n\ntype RtsCounterDoc = IRBRtsCounter\ntype RtsChangeDoc = IRBRtsChange\n\nconst getTenantId = (ctx: Ctx<SessionUser>): string | null => {\n const raw = ctx.req.query?.[\"rb-tenant-id\"]\n const queryTenantId = Array.isArray(raw) ? raw[0] : raw\n if (typeof queryTenantId === \"string\" && queryTenantId.trim()) return queryTenantId.trim()\n\n const sessionTenantId = ctx.req.session?.user?.currentTenantId\n if (typeof sessionTenantId === \"string\" && sessionTenantId.trim()) return sessionTenantId.trim()\n\n return null\n}\n\nconst ensureAuthorized = (ctx: Ctx<SessionUser>, tenantId: string): string | null => {\n const userId = ctx.req.session?.user?.id\n if (!userId) return null\n\n const signedInTenants = ctx.req.session?.user?.signedInTenants\n const currentTenantId = ctx.req.session?.user?.currentTenantId\n\n const hasTenantAccessFromList = Array.isArray(signedInTenants) && signedInTenants.includes(tenantId)\n\n const normalizedCurrentTenantId = typeof currentTenantId === \"string\" ? currentTenantId.trim() : \"\"\n const hasTenantAccessFromCurrent = Boolean(normalizedCurrentTenantId) && normalizedCurrentTenantId === tenantId\n\n if (!hasTenantAccessFromList && !hasTenantAccessFromCurrent) return null\n return userId\n}\n\nconst getModelCtx = (_ctx: Ctx<SessionUser>, tenantId: string): LoadModelCtx => ({\n req: {\n session: {\n user: {\n currentTenantId: tenantId,\n },\n },\n },\n})\n\nconst isRtsChangeRecord = (value: unknown): value is RtsChangeDoc => {\n if (!value || typeof value !== \"object\") return false\n const obj = value as Partial<RtsChangeDoc>\n const isOp = ZRBRtsChangeOp.safeParse(obj.op).success\n return typeof obj.seq === \"number\" && typeof obj.modelName === \"string\" && isOp\n}\n\nconst changesHandler: ApiHandler<Changes.RequestPayload, Changes.ResponsePayload, SessionUser> = async(\n payload,\n ctx,\n): Promise<Changes.ResponsePayload> => {\n const parsed = Changes.requestSchema.safeParse(payload ?? {})\n if (!parsed.success) {\n ctx.res.status(400)\n return { ok: false, latestSeq: 0, changes: [] }\n }\n\n const tenantId = getTenantId(ctx)\n if (!tenantId) {\n ctx.res.status(400)\n return { ok: false, latestSeq: 0, changes: [] }\n }\n\n const userId = ensureAuthorized(ctx, tenantId)\n if (!userId) {\n ctx.res.status(401)\n return { ok: false, latestSeq: 0, changes: [] }\n }\n\n const ability = buildAbilityFromSession({ tenantId, session: ctx.req.session })\n\n const modelCtx = getModelCtx(ctx, tenantId)\n\n const [RtsChange, RtsCounter] = await Promise.all([\n models.get(\"RBRtsChange\", modelCtx) as Promise<Model<RtsChangeDoc>>,\n models.get(\"RBRtsCounter\", modelCtx) as Promise<Model<RtsCounterDoc>>,\n ])\n\n const counter = await RtsCounter.findOne({ _id: \"rts\" }, { seq: 1 }).lean()\n const latestSeq = Number(counter?.seq ?? 0) || 0\n\n const { sinceSeq, limit, modelNames } = parsed.data\n\n const requestedModelNames = Array.isArray(modelNames) && modelNames.length\n ? modelNames.map((m) => String(m)).filter(Boolean)\n : null\n\n const allowedModelNames = requestedModelNames\n ? requestedModelNames.filter((m) => ability.can(\"read\", m as AclSubjectType))\n : Array.from(\n new Set(\n (await RtsChange.distinct(\"modelName\"))\n .map((m) => String(m))\n .filter(Boolean)\n .filter((m) => ability.can(\"read\", m as AclSubjectType)),\n ),\n )\n\n let earliestSeq: number | undefined\n if (allowedModelNames.length) {\n const earliest = await RtsChange.findOne({ modelName: { $in: allowedModelNames } }, { seq: 1 }).sort({ seq: 1 }).lean()\n earliestSeq = earliest?.seq ? Number(earliest.seq) : undefined\n }\n\n const needsFullResync = typeof earliestSeq === \"number\" && sinceSeq < earliestSeq - 1\n\n const selector: Record<string, unknown> = { seq: { $gt: sinceSeq }, modelName: { $in: allowedModelNames } }\n\n const changes = await RtsChange\n .find(selector, { _id: 0, seq: 1, modelName: 1, op: 1, docId: 1 })\n .sort({ seq: 1 })\n .limit(limit)\n .lean()\n\n return {\n ok: true,\n needsFullResync: needsFullResync || undefined,\n earliestSeq,\n latestSeq,\n changes: Array.isArray(changes)\n ? changes\n .filter(isRtsChangeRecord)\n .filter((c) => ability.can(\"read\", c.modelName as AclSubjectType))\n .map((c) => ({\n seq: Number(c.seq),\n modelName: String(c.modelName),\n op: c.op,\n docId: c.docId ? String(c.docId) : undefined,\n }))\n : [],\n }\n}\n\nexport default (api: Api<SessionUser>) => {\n api.post(Changes.Route, changesHandler)\n}\n"],"names":["Route","requestSchema","z","sinceSeq","number","int","min","default","limit","max","modelNames","string","optional","ok","boolean","needsFullResync","earliestSeq","latestSeq","changes","seq","modelName","op","docId","getTenantId","ctx","raw","req","query","queryTenantId","Array","isArray","trim","sessionTenantId","session","user","currentTenantId","ensureAuthorized","tenantId","userId","id","signedInTenants","hasTenantAccessFromList","includes","normalizedCurrentTenantId","hasTenantAccessFromCurrent","Boolean","getModelCtx","_ctx","isRtsChangeRecord","value","obj","isOp","ZRBRtsChangeOp","safeParse","success","changesHandler","payload","parsed","Changes","res","status","ability","buildAbilityFromSession","modelCtx","RtsChange","RtsCounter","Promise","all","models","get","counter","findOne","_id","lean","Number","data","requestedModelNames","length","map","m","String","filter","allowedModelNames","can","from","Set","distinct","earliest","$in","sort","undefined","selector","$gt","find","c","api","post"],"mappings":";;;AAGO,MAAMA,QAAQ;AAEd,MAAMC,gBAAgBC,OAAS;AAAA,EACpCC,UAAUD,OAAEE,EAASC,IAAAA,EAAMC,IAAI,CAAC,EAAEC,QAAQ,CAAC;AAAA,EAC3CC,OAAON,OAAEE,EAASC,IAAAA,EAAMC,IAAI,CAAC,EAAEG,IAAI,GAAI,EAAEF,QAAQ,GAAI;AAAA,EACrDG,YAAYR,MAAQA,OAAES,EAASL,IAAI,CAAC,CAAC,EAAEM,SAAAA;AACzC,CAAC;AAI6BV,OAAS;AAAA,EACrCW,IAAIX,QAAEY;AAAAA,EACNC,iBAAiBb,QAAEY,EAAUF,SAAAA;AAAAA,EAC7BI,aAAad,OAAEE,EAASC,MAAMC,IAAI,CAAC,EAAEM,SAAAA;AAAAA,EACrCK,WAAWf,OAAEE,EAASC,IAAAA,EAAMC,IAAI,CAAC;AAAA,EACjCY,SAAShB,MAAQA,OAAS;AAAA,IACxBiB,KAAKjB,OAAEE,EAASC,IAAAA,EAAMC,IAAI,CAAC;AAAA,IAC3Bc,WAAWlB,OAAES,EAASL,IAAI,CAAC;AAAA,IAC3Be,IAAInB,MAAO,CAAC,UAAU,aAAa,CAAC;AAAA,IACpCoB,OAAOpB,OAAES,EAASC,SAAAA;AAAAA,EAAS,CAC5B,CAAC;AACJ,CAAC;ACPD,MAAMW,cAAcA,CAACC,QAAyC;AAC5D,QAAMC,MAAMD,IAAIE,IAAIC,QAAQ,cAAc;AAC1C,QAAMC,gBAAgBC,MAAMC,QAAQL,GAAG,IAAIA,IAAI,CAAC,IAAIA;AACpD,MAAI,OAAOG,kBAAkB,YAAYA,cAAcG,OAAQ,QAAOH,cAAcG,KAAAA;AAEpF,QAAMC,kBAAkBR,IAAIE,IAAIO,SAASC,MAAMC;AAC/C,MAAI,OAAOH,oBAAoB,YAAYA,gBAAgBD,OAAQ,QAAOC,gBAAgBD,KAAAA;AAE1F,SAAO;AACT;AAEA,MAAMK,mBAAmBA,CAACZ,KAAuBa,aAAoC;AACnF,QAAMC,SAASd,IAAIE,IAAIO,SAASC,MAAMK;AACtC,MAAI,CAACD,OAAQ,QAAO;AAEpB,QAAME,kBAAkBhB,IAAIE,IAAIO,SAASC,MAAMM;AAC/C,QAAML,kBAAkBX,IAAIE,IAAIO,SAASC,MAAMC;AAE/C,QAAMM,0BAA0BZ,MAAMC,QAAQU,eAAe,KAAKA,gBAAgBE,SAASL,QAAQ;AAEnG,QAAMM,4BAA4B,OAAOR,oBAAoB,WAAWA,gBAAgBJ,SAAS;AACjG,QAAMa,6BAA6BC,QAAQF,yBAAyB,KAAKA,8BAA8BN;AAEvG,MAAI,CAACI,2BAA2B,CAACG,2BAA4B,QAAO;AACpE,SAAON;AACT;AAEA,MAAMQ,cAAcA,CAACC,MAAwBV,cAAoC;AAAA,EAC/EX,KAAK;AAAA,IACHO,SAAS;AAAA,MACPC,MAAM;AAAA,QACJC,iBAAiBE;AAAAA,MAAAA;AAAAA,IACnB;AAAA,EACF;AAEJ;AAEA,MAAMW,oBAAoBA,CAACC,UAA0C;AACnE,MAAI,CAACA,SAAS,OAAOA,UAAU,SAAU,QAAO;AAChD,QAAMC,MAAMD;AACZ,QAAME,OAAOC,eAAeC,UAAUH,IAAI7B,EAAE,EAAEiC;AAC9C,SAAO,OAAOJ,IAAI/B,QAAQ,YAAY,OAAO+B,IAAI9B,cAAc,YAAY+B;AAC7E;AAEA,MAAMI,iBAA2F,OAC/FC,SACAhC,QACqC;AACrC,QAAMiC,SAASC,cAAsBL,UAAUG,WAAW,CAAA,CAAE;AAC5D,MAAI,CAACC,OAAOH,SAAS;AACnB9B,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAE/C,IAAI;AAAA,MAAOI,WAAW;AAAA,MAAGC,SAAS,CAAA;AAAA,IAAA;AAAA,EAC7C;AAEA,QAAMmB,WAAWd,YAAYC,GAAG;AAChC,MAAI,CAACa,UAAU;AACbb,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAE/C,IAAI;AAAA,MAAOI,WAAW;AAAA,MAAGC,SAAS,CAAA;AAAA,IAAA;AAAA,EAC7C;AAEA,QAAMoB,SAASF,iBAAiBZ,KAAKa,QAAQ;AAC7C,MAAI,CAACC,QAAQ;AACXd,QAAImC,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAE/C,IAAI;AAAA,MAAOI,WAAW;AAAA,MAAGC,SAAS,CAAA;AAAA,IAAA;AAAA,EAC7C;AAEA,QAAM2C,UAAUC,wBAAwB;AAAA,IAAEzB;AAAAA,IAAUJ,SAAST,IAAIE,IAAIO;AAAAA,EAAAA,CAAS;AAE9E,QAAM8B,WAAWjB,YAAYtB,KAAKa,QAAQ;AAE1C,QAAM,CAAC2B,WAAWC,UAAU,IAAI,MAAMC,QAAQC,IAAI,CAChDC,OAAOC,IAAI,eAAeN,QAAQ,GAClCK,OAAOC,IAAI,gBAAgBN,QAAQ,CAAkC,CACtE;AAED,QAAMO,UAAU,MAAML,WAAWM,QAAQ;AAAA,IAAEC,KAAK;AAAA,EAAA,GAAS;AAAA,IAAErD,KAAK;AAAA,EAAA,CAAG,EAAEsD,KAAAA;AACrE,QAAMxD,YAAYyD,OAAOJ,SAASnD,OAAO,CAAC,KAAK;AAE/C,QAAM;AAAA,IAAEhB;AAAAA,IAAUK;AAAAA,IAAOE;AAAAA,EAAAA,IAAe+C,OAAOkB;AAE/C,QAAMC,sBAAsB/C,MAAMC,QAAQpB,UAAU,KAAKA,WAAWmE,SAChEnE,WAAWoE,IAAKC,CAAAA,MAAMC,OAAOD,CAAC,CAAC,EAAEE,OAAOpC,OAAO,IAC/C;AAEJ,QAAMqC,oBAAoBN,sBACtBA,oBAAoBK,OAAQF,CAAAA,MAAMlB,QAAQsB,IAAI,QAAQJ,CAAmB,CAAC,IAC1ElD,MAAMuD,KACN,IAAIC,KACD,MAAMrB,UAAUsB,SAAS,WAAW,GAClCR,IAAKC,CAAAA,MAAMC,OAAOD,CAAC,CAAC,EACpBE,OAAOpC,OAAO,EACdoC,OAAQF,OAAMlB,QAAQsB,IAAI,QAAQJ,CAAmB,CAAC,CAC3D,CACF;AAEF,MAAI/D;AACJ,MAAIkE,kBAAkBL,QAAQ;AAC5B,UAAMU,WAAW,MAAMvB,UAAUO,QAAQ;AAAA,MAAEnD,WAAW;AAAA,QAAEoE,KAAKN;AAAAA,MAAAA;AAAAA,IAAkB,GAAK;AAAA,MAAE/D,KAAK;AAAA,IAAA,CAAG,EAAEsE,KAAK;AAAA,MAAEtE,KAAK;AAAA,IAAA,CAAG,EAAEsD,KAAAA;AACjHzD,kBAAcuE,UAAUpE,MAAMuD,OAAOa,SAASpE,GAAG,IAAIuE;AAAAA,EACvD;AAEA,QAAM3E,kBAAkB,OAAOC,gBAAgB,YAAYb,WAAWa,cAAc;AAEpF,QAAM2E,WAAoC;AAAA,IAAExE,KAAK;AAAA,MAAEyE,KAAKzF;AAAAA,IAAAA;AAAAA,IAAYiB,WAAW;AAAA,MAAEoE,KAAKN;AAAAA,IAAAA;AAAAA,EAAkB;AAExG,QAAMhE,UAAU,MAAM8C,UACnB6B,KAAKF,UAAU;AAAA,IAAEnB,KAAK;AAAA,IAAGrD,KAAK;AAAA,IAAGC,WAAW;AAAA,IAAGC,IAAI;AAAA,IAAGC,OAAO;AAAA,EAAA,CAAG,EAChEmE,KAAK;AAAA,IAAEtE,KAAK;AAAA,EAAA,CAAG,EACfX,MAAMA,KAAK,EACXiE,KAAAA;AAEH,SAAO;AAAA,IACL5D,IAAI;AAAA,IACJE,iBAAiBA,mBAAmB2E;AAAAA,IACpC1E;AAAAA,IACAC;AAAAA,IACAC,SAASW,MAAMC,QAAQZ,OAAO,IAC1BA,QACC+D,OAAOjC,iBAAiB,EACxBiC,OAAQa,CAAAA,MAAMjC,QAAQsB,IAAI,QAAQW,EAAE1E,SAA2B,CAAC,EAChE0D,IAAKgB,CAAAA,OAAO;AAAA,MACX3E,KAAKuD,OAAOoB,EAAE3E,GAAG;AAAA,MACjBC,WAAW4D,OAAOc,EAAE1E,SAAS;AAAA,MAC7BC,IAAIyE,EAAEzE;AAAAA,MACNC,OAAOwE,EAAExE,QAAQ0D,OAAOc,EAAExE,KAAK,IAAIoE;AAAAA,IAAAA,EACnC,IACF,CAAA;AAAA,EAAA;AAER;AAEA,MAAA,UAAe,CAACK,QAA0B;AACxCA,MAAIC,KAAKtC,OAAeH,cAAc;AACxC;"}
package/dist/queryExecutor-CGFVBzI1.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"queryExecutor-CGFVBzI1.js","sources":["../src/getDerivedKey.ts","../src/rts/queryExecutor.ts"],"sourcesContent":["import assert from \"assert\"\nimport { hkdfSync } from \"crypto\"\n\n\nexport const getDerivedKey = (\n masterKey: string,\n info: string,\n length: number = 32, // Default to 256-bit keys\n salt: string = \"\",\n): string => {\n assert(masterKey?.length >= 32, \"MASTER_KEY must be 32 chars or longer.\")\n\n return Buffer.from(hkdfSync(\n \"sha256\",\n masterKey,\n Buffer.from(salt),\n Buffer.from(info),\n length,\n )).toString(\"hex\")\n}\n","import type { Request } from \"express\"\nimport type { PaginationPageInfo, PaginationSpec } from \"@rpcbase/api\"\nimport { models, type LoadModelCtx } from \"@rpcbase/db\"\nimport { buildAbility, buildAbilityFromSession, getAccessibleByQuery, getTenantRolesFromSessionUser, type AclSubjectType, type AppAbility } from \"@rpcbase/db/acl\"\nimport type { Model } from \"mongoose\"\n\nimport { getDerivedKey } from \"../getDerivedKey\"\n\n\ntype JsonObject = Record<string, unknown>\n\ntype SessionUser = {\n id?: unknown\n currentTenantId?: unknown\n signedInTenants?: unknown\n}\n\ntype HeaderUserDoc = {\n tenants?: unknown\n tenantRoles?: unknown\n}\n\nexport type RtsPopulateObject = {\n path: string\n model?: string\n select?: string | JsonObject\n match?: JsonObject\n options?: {\n sort?: Record<string, 1 | -1>\n limit?: number\n }\n populate?: RtsPopulateOption\n}\n\nexport type RtsPopulateOption =\n | string\n | RtsPopulateObject\n | Array<string | RtsPopulateObject>\n\nexport type RtsQueryOptions = {\n projection?: JsonObject\n sort?: Record<string, 1 | -1>\n limit?: number\n populate?: RtsPopulateOption\n pagination?: PaginationSpec\n}\n\nexport type RtsQueryResult = {\n data: unknown[]\n pageInfo?: PaginationPageInfo\n totalCount?: number\n}\n\ntype PreparedRtsExecution = {\n model: Model<any>\n finalQuery: JsonObject\n}\n\nexport const RTS_TENANT_ID_QUERY_PARAM = \"rb-tenant-id\"\nexport const RTS_USER_ID_HEADER = \"rb-user-id\"\n\nconst QUERY_MAX_LIMIT = 4096\nconst INTERNAL_MODEL_NAMES = new Set([\"RBRtsChange\", \"RBRtsCounter\"])\nconst DEFAULT_APPROX_COUNT_SAMPLE_SIZE = 1000\nconst MAX_APPROX_COUNT_SAMPLE_SIZE = 10_000\nconst UNSUPPORTED_APPROX_COUNT_OPERATORS = new Set([\"$text\", \"$near\", \"$nearSphere\", \"$where\"])\nlet paginationCursorSigningSecret: string | null = null\n\nconst getPaginationCursorSigningSecret = (): string => {\n if (paginationCursorSigningSecret) return paginationCursorSigningSecret\n const masterKey = process.env.MASTER_KEY?.trim()\n if (!masterKey) {\n throw new Error(\"MASTER_KEY must be defined to derive pagination cursor signing secret\")\n }\n paginationCursorSigningSecret = getDerivedKey(masterKey, \"pagination_cursor_signing\")\n return paginationCursorSigningSecret\n}\n\nconst normalizeTenantId = (value: unknown): string | null => {\n if (typeof value !== \"string\") return null\n const normalized = value.trim()\n return normalized ? normalized : null\n}\n\nconst normalizeSignedInTenants = (value: unknown): string[] => {\n if (!Array.isArray(value)) return []\n return value\n .map((tenantId) => normalizeTenantId(String(tenantId)))\n .filter((tenantId): tenantId is string => Boolean(tenantId))\n}\n\nconst getTenantIdFromRequest = (req: Request): string | null => {\n const rawQuery = req.query?.[RTS_TENANT_ID_QUERY_PARAM]\n const queryTenantId = Array.isArray(rawQuery) ? rawQuery[0] : rawQuery\n const normalizedFromQuery = normalizeTenantId(queryTenantId)\n if (normalizedFromQuery) return normalizedFromQuery\n\n return normalizeTenantId((req.session?.user as SessionUser | undefined)?.currentTenantId)\n}\n\nexport const resolveRtsRequestTenantId = (req: Request): string | null => {\n return getTenantIdFromRequest(req)\n}\n\nexport const resolveRtsRequestUserId = (req: Request): string | null => {\n const sessionUserId = normalizeTenantId((req.session?.user as SessionUser | undefined)?.id)\n if (sessionUserId) return sessionUserId\n\n const headerValue = req.headers[RTS_USER_ID_HEADER]\n const headerUserId = Array.isArray(headerValue) ? headerValue[0] : headerValue\n return normalizeTenantId(headerUserId)\n}\n\nexport const isRtsRequestAuthorized = (req: Request, tenantId: string): boolean => {\n const sessionUser = req.session?.user as SessionUser | undefined\n if (!sessionUser) return false\n\n const signedInTenants = normalizeSignedInTenants(sessionUser.signedInTenants)\n if (signedInTenants.length > 0) {\n return signedInTenants.includes(tenantId)\n }\n\n const currentTenantId = normalizeTenantId(sessionUser.currentTenantId)\n if (!currentTenantId) return false\n return currentTenantId === tenantId\n}\n\nexport const buildRtsAbilityFromRequest = async (\n req: Request,\n tenantId: string,\n): Promise<{ ability: AppAbility; userId: string | null }> => {\n const sessionUserId = normalizeTenantId((req.session?.user as SessionUser | undefined)?.id)\n if (sessionUserId) {\n const ability = buildAbilityFromSession({ tenantId, session: req.session })\n return { ability, userId: sessionUserId }\n }\n\n const headerValue = req.headers[RTS_USER_ID_HEADER]\n const headerUserIdRaw = Array.isArray(headerValue) ? headerValue[0] : headerValue\n const headerUserId = normalizeTenantId(headerUserIdRaw)\n if (!headerUserId) {\n const ability = buildAbilityFromSession({ tenantId, session: req.session })\n return { ability, userId: null }\n }\n\n const rbCtx: LoadModelCtx = { req: { session: null } }\n const User = await models.getGlobal(\"RBUser\", rbCtx)\n const user = await User.findById(headerUserId, { tenants: 1, tenantRoles: 1 }).lean() as HeaderUserDoc | null\n\n const tenantsRaw = user?.tenants\n const tenants = Array.isArray(tenantsRaw) ? tenantsRaw.map((tenant) => String(tenant)) : []\n if (!tenants.includes(tenantId)) {\n throw new Error(\"Tenant not authorized for this session\")\n }\n\n const roles = getTenantRolesFromSessionUser(user, tenantId)\n return {\n ability: buildAbility({ tenantId, userId: headerUserId, roles: roles.length ? roles : [\"owner\"] }),\n userId: headerUserId,\n }\n}\n\nconst getTenantModel = async (tenantId: string, modelName: string, ability: AppAbility): Promise<Model<any>> => {\n const ctx: LoadModelCtx = {\n req: {\n session: {\n user: {\n currentTenantId: tenantId,\n },\n },\n },\n ability,\n }\n\n return models.get(modelName, ctx)\n}\n\nconst normalizeLimit = (limit?: number): number => {\n if (typeof limit !== \"number\") return QUERY_MAX_LIMIT\n if (!Number.isFinite(limit)) return QUERY_MAX_LIMIT\n return Math.min(QUERY_MAX_LIMIT, Math.abs(limit))\n}\n\nconst normalizeNonNegativeInteger = (value: unknown): number => {\n if (typeof value !== \"number\") return 0\n if (!Number.isFinite(value) || value < 0) return 0\n return Math.floor(value)\n}\n\nconst getApproxCountSampleSize = (): number => {\n const raw = process.env.RB_RTS_APPROX_COUNT_SAMPLE_SIZE?.trim() ?? \"\"\n if (!raw) return DEFAULT_APPROX_COUNT_SAMPLE_SIZE\n\n const parsed = Number(raw)\n if (!Number.isFinite(parsed) || parsed <= 0) return DEFAULT_APPROX_COUNT_SAMPLE_SIZE\n return Math.min(MAX_APPROX_COUNT_SAMPLE_SIZE, Math.floor(parsed))\n}\n\nconst findUnsupportedApproxCountOperator = (value: unknown): string | null => {\n if (!value || typeof value !== \"object\") return null\n\n if (Array.isArray(value)) {\n for (const entry of value) {\n const unsupportedOperator = findUnsupportedApproxCountOperator(entry)\n if (unsupportedOperator) return unsupportedOperator\n }\n return null\n }\n\n for (const [key, nestedValue] of Object.entries(value as Record<string, unknown>)) {\n if (UNSUPPORTED_APPROX_COUNT_OPERATORS.has(key)) {\n return key\n }\n\n const unsupportedOperator = findUnsupportedApproxCountOperator(nestedValue)\n if (unsupportedOperator) return unsupportedOperator\n }\n\n return null\n}\n\nconst castApproxCountQuery = (model: Model<any>, query: JsonObject): JsonObject => {\n const castedQuery = model.find(query).cast(model)\n if (!castedQuery || typeof castedQuery !== \"object\" || Array.isArray(castedQuery)) {\n return query\n }\n\n return castedQuery as JsonObject\n}\n\nconst normalizeString = (value: unknown): string => {\n return typeof value === \"string\" ? value.trim() : \"\"\n}\n\nconst normalizeObject = (value: unknown): JsonObject | undefined => {\n if (!value || typeof value !== \"object\" || Array.isArray(value)) return undefined\n return value as JsonObject\n}\n\nconst normalizePagination = (value: unknown): PaginationSpec | undefined => {\n if (!value || typeof value !== \"object\" || Array.isArray(value)) return undefined\n return value as PaginationSpec\n}\n\nconst normalizePopulateSelect = (value: unknown): string | JsonObject | undefined => {\n if (typeof value === \"string\") {\n const normalized = value.trim()\n return normalized || undefined\n }\n return normalizeObject(value)\n}\n\nconst normalizePopulateOptions = (value: unknown): RtsPopulateObject[\"options\"] | undefined => {\n if (!value || typeof value !== \"object\" || Array.isArray(value)) return undefined\n const raw = value as { sort?: unknown; limit?: unknown }\n const normalized: RtsPopulateObject[\"options\"] = {}\n\n if (raw.sort && typeof raw.sort === \"object\" && !Array.isArray(raw.sort)) {\n normalized.sort = raw.sort as Record<string, 1 | -1>\n }\n\n if (typeof raw.limit === \"number\" && Number.isFinite(raw.limit)) {\n normalized.limit = Math.max(0, Math.floor(Math.abs(raw.limit)))\n }\n\n if (!normalized.sort && normalized.limit === undefined) return undefined\n return normalized\n}\n\nconst normalizePopulateObject = (value: unknown): RtsPopulateObject | undefined => {\n if (!value || typeof value !== \"object\" || Array.isArray(value)) return undefined\n const raw = value as Record<string, unknown>\n const path = normalizeString(raw.path)\n if (!path) return undefined\n\n const normalized: RtsPopulateObject = { path }\n\n const model = normalizeString(raw.model)\n if (model) normalized.model = model\n\n const select = normalizePopulateSelect(raw.select)\n if (select !== undefined) normalized.select = select\n\n const match = normalizeObject(raw.match)\n if (match) normalized.match = match\n\n const nestedPopulate = normalizeRtsPopulateOption(raw.populate)\n if (nestedPopulate !== undefined) normalized.populate = nestedPopulate\n\n const options = normalizePopulateOptions(raw.options)\n if (options) normalized.options = options\n\n return normalized\n}\n\nconst normalizeRtsPopulateOption = (value: unknown): RtsPopulateOption | undefined => {\n if (typeof value === \"string\") {\n const normalized = value.trim()\n return normalized || undefined\n }\n\n if (Array.isArray(value)) {\n const normalized = value\n .map((entry) => {\n if (typeof entry === \"string\") {\n const path = entry.trim()\n return path || null\n }\n return normalizePopulateObject(entry) ?? null\n })\n .filter((entry): entry is string | RtsPopulateObject => entry !== null)\n\n return normalized.length > 0 ? normalized : undefined\n }\n\n return normalizePopulateObject(value)\n}\n\nconst normalizeModelName = (value: unknown): string | null => {\n if (typeof value !== \"string\") return null\n const normalized = value.trim()\n return normalized || null\n}\n\nconst resolvePopulateRefModelName = (\n model: Model<any>,\n path: string,\n explicitModelName: string | null,\n): string | null => {\n if (explicitModelName) return explicitModelName\n\n const schema = model.schema as any\n const schemaPath = typeof schema.path === \"function\" ? schema.path(path) : null\n const directRef = normalizeModelName(schemaPath?.options?.ref)\n if (directRef) return directRef\n\n const arrayRef = normalizeModelName(schemaPath?.caster?.options?.ref)\n if (arrayRef) return arrayRef\n\n const virtualPath = typeof schema.virtualpath === \"function\" ? schema.virtualpath(path) : null\n const virtualRef = normalizeModelName(virtualPath?.options?.ref)\n if (virtualRef) return virtualRef\n\n return null\n}\n\nconst mergePopulateMatchWithAcl = (\n populateMatch: JsonObject | undefined,\n aclMatch: JsonObject,\n): JsonObject => {\n if (!populateMatch || Object.keys(populateMatch).length === 0) return aclMatch\n return { $and: [populateMatch, aclMatch] }\n}\n\ntype PreparedPopulateObject = {\n path: string\n model?: string\n select?: string | JsonObject\n match?: JsonObject\n options?: {\n sort?: Record<string, 1 | -1>\n limit?: number\n }\n populate?: PreparedPopulateOption\n}\n\ntype PreparedPopulateOption =\n | string\n | PreparedPopulateObject\n | Array<string | PreparedPopulateObject>\n\nconst resolvePopulateSpecForModel = async ({\n tenantId,\n model,\n ability,\n populate,\n allowInternalModels,\n modelCache,\n dependencyModelNames,\n}: {\n tenantId: string\n model: Model<any>\n ability: AppAbility\n populate: RtsPopulateOption | undefined\n allowInternalModels: boolean\n modelCache: Map<string, Model<any>>\n dependencyModelNames: Set<string>\n}): Promise<PreparedPopulateOption | undefined> => {\n if (!populate) return undefined\n\n const getModelCached = async (targetModelName: string): Promise<Model<any>> => {\n const cached = modelCache.get(targetModelName)\n if (cached) return cached\n const loaded = await getTenantModel(tenantId, targetModelName, ability)\n modelCache.set(targetModelName, loaded)\n return loaded\n }\n\n const resolveOne = async (\n entry: string | RtsPopulateObject,\n parentModel: Model<any>,\n ): Promise<string | PreparedPopulateObject | null> => {\n if (typeof entry === \"string\") {\n const path = entry.trim()\n if (!path) return null\n\n const refModelName = resolvePopulateRefModelName(parentModel, path, null)\n if (!refModelName) return path\n if (!allowInternalModels && INTERNAL_MODEL_NAMES.has(refModelName)) {\n throw new Error(\"Model not allowed\")\n }\n if (!ability.can(\"read\", refModelName as AclSubjectType)) {\n throw new Error(\"forbidden\")\n }\n\n dependencyModelNames.add(refModelName)\n\n const aclMatch = getAccessibleByQuery(\n ability,\n \"read\",\n refModelName as Exclude<AclSubjectType, \"all\">,\n )\n return {\n path,\n match: aclMatch as JsonObject,\n }\n }\n\n const path = entry.path.trim()\n if (!path) return null\n\n const explicitModelName = normalizeModelName(entry.model)\n const refModelName = resolvePopulateRefModelName(parentModel, path, explicitModelName)\n let nestedModel = parentModel\n\n const normalizedEntry: PreparedPopulateObject = {\n path,\n }\n\n if (entry.select !== undefined) normalizedEntry.select = entry.select\n if (entry.options !== undefined) normalizedEntry.options = entry.options\n if (explicitModelName) normalizedEntry.model = explicitModelName\n if (entry.match !== undefined) normalizedEntry.match = entry.match\n\n if (refModelName) {\n if (!allowInternalModels && INTERNAL_MODEL_NAMES.has(refModelName)) {\n throw new Error(\"Model not allowed\")\n }\n if (!ability.can(\"read\", refModelName as AclSubjectType)) {\n throw new Error(\"forbidden\")\n }\n\n dependencyModelNames.add(refModelName)\n nestedModel = await getModelCached(refModelName)\n\n const aclMatch = getAccessibleByQuery(\n ability,\n \"read\",\n refModelName as Exclude<AclSubjectType, \"all\">,\n ) as JsonObject\n normalizedEntry.match = mergePopulateMatchWithAcl(\n normalizedEntry.match,\n aclMatch,\n )\n } else if (entry.populate !== undefined) {\n throw new Error(\"Populate path must reference a model when nested populate is used\")\n }\n\n const nestedPopulate = await resolvePopulateSpecForModel({\n tenantId,\n model: nestedModel,\n ability,\n populate: entry.populate,\n allowInternalModels,\n modelCache,\n dependencyModelNames,\n })\n if (nestedPopulate !== undefined) normalizedEntry.populate = nestedPopulate\n\n return normalizedEntry\n }\n\n if (Array.isArray(populate)) {\n const resolved = await Promise.all(populate.map((entry) => resolveOne(entry, model)))\n const filtered = resolved.filter((entry): entry is string | PreparedPopulateObject => entry !== null)\n return filtered.length > 0 ? filtered : undefined\n }\n\n const resolved = await resolveOne(populate, model)\n return resolved ?? undefined\n}\n\nexport const normalizeRtsQueryOptions = (options: RtsQueryOptions | undefined): RtsQueryOptions => {\n if (!options || typeof options !== \"object\") return {}\n const normalized: RtsQueryOptions = {}\n\n if (options.projection && typeof options.projection === \"object\" && !Array.isArray(options.projection)) {\n normalized.projection = options.projection\n }\n\n if (options.sort && typeof options.sort === \"object\" && !Array.isArray(options.sort)) {\n normalized.sort = options.sort\n }\n\n normalized.limit = normalizeLimit(options.limit)\n normalized.populate = normalizeRtsPopulateOption(options.populate)\n normalized.pagination = normalizePagination(options.pagination)\n\n return normalized\n}\n\nexport const resolveRtsQueryDependencyModelNames = async ({\n tenantId,\n ability,\n modelName,\n options,\n allowInternalModels = false,\n}: {\n tenantId: string\n ability: AppAbility\n modelName: string\n options: RtsQueryOptions\n allowInternalModels?: boolean\n}): Promise<string[]> => {\n const model = await getTenantModel(tenantId, modelName, ability)\n const modelCache = new Map<string, Model<any>>()\n modelCache.set(modelName, model)\n\n const dependencyModelNames = new Set<string>()\n await resolvePopulateSpecForModel({\n tenantId,\n model,\n ability,\n populate: options.populate,\n allowInternalModels,\n modelCache,\n dependencyModelNames,\n })\n\n return Array.from(dependencyModelNames)\n}\n\nexport const runRtsQuery = async ({\n tenantId,\n ability,\n modelName,\n query,\n options,\n allowInternalModels = false,\n}: {\n tenantId: string\n ability: AppAbility\n modelName: string\n query: JsonObject\n options: RtsQueryOptions\n allowInternalModels?: boolean\n}): Promise<RtsQueryResult> => {\n const { model, finalQuery } = await prepareRtsExecution({\n tenantId,\n ability,\n modelName,\n query,\n allowInternalModels,\n })\n const projection = options.projection ?? undefined\n const sort = options.sort\n const limit = normalizeLimit(options.limit)\n const modelCache = new Map<string, Model<any>>()\n modelCache.set(modelName, model)\n\n const populate = await resolvePopulateSpecForModel({\n tenantId,\n model,\n ability,\n populate: options.populate,\n allowInternalModels,\n modelCache,\n dependencyModelNames: new Set<string>(),\n })\n\n if (options.pagination) {\n const paginatedQuery = model.find(finalQuery, projection)\n if (populate !== undefined) {\n paginatedQuery.populate(populate as any)\n }\n\n const paginatedResult = await paginatedQuery.paginate(options.pagination, {\n cursor: {\n signingSecret: getPaginationCursorSigningSecret(),\n },\n })\n const totalCount = typeof paginatedResult.totalCount === \"number\"\n && Number.isFinite(paginatedResult.totalCount)\n && paginatedResult.totalCount >= 0\n ? Math.floor(paginatedResult.totalCount)\n : undefined\n\n return {\n data: Array.isArray(paginatedResult.nodes) ? paginatedResult.nodes : [],\n pageInfo: paginatedResult.pageInfo,\n ...(totalCount !== undefined ? { totalCount } : {}),\n }\n }\n\n const queryPromise = model.find(finalQuery, projection)\n if (populate !== undefined) {\n queryPromise.populate(populate as any)\n }\n if (sort && Object.keys(sort).length) {\n queryPromise.sort(sort)\n }\n queryPromise.limit(limit)\n\n const data = await queryPromise\n return { data: Array.isArray(data) ? data : [] }\n}\n\nconst prepareRtsExecution = async ({\n tenantId,\n ability,\n modelName,\n query,\n allowInternalModels = false,\n}: {\n tenantId: string\n ability: AppAbility\n modelName: string\n query: JsonObject\n allowInternalModels?: boolean\n}): Promise<PreparedRtsExecution> => {\n if (!allowInternalModels && INTERNAL_MODEL_NAMES.has(modelName)) {\n throw new Error(\"Model not allowed\")\n }\n\n if (!ability.can(\"read\", modelName as AclSubjectType)) {\n throw new Error(\"forbidden\")\n }\n\n const model = await getTenantModel(tenantId, modelName, ability)\n const accessQuery = getAccessibleByQuery(ability, \"read\", modelName as Exclude<AclSubjectType, \"all\">)\n const finalQuery: JsonObject = { $and: [query, accessQuery] }\n\n return { model, finalQuery }\n}\n\nexport const runRtsCount = async ({\n tenantId,\n ability,\n modelName,\n query,\n allowInternalModels = false,\n}: {\n tenantId: string\n ability: AppAbility\n modelName: string\n query: JsonObject\n allowInternalModels?: boolean\n}): Promise<number> => {\n const { model, finalQuery } = await prepareRtsExecution({\n tenantId,\n ability,\n modelName,\n query,\n allowInternalModels,\n })\n\n const unsupportedOperator = findUnsupportedApproxCountOperator(finalQuery)\n if (unsupportedOperator) {\n throw new Error(`Approximate RTS count does not support ${unsupportedOperator} queries`)\n }\n\n const castedQuery = castApproxCountQuery(model, finalQuery)\n const estimatedTotal = normalizeNonNegativeInteger(await model.estimatedDocumentCount())\n if (estimatedTotal === 0) return 0\n\n const sampleSize = Math.min(getApproxCountSampleSize(), estimatedTotal)\n const sampleResult = await model.aggregate([\n { $sample: { size: sampleSize } },\n { $match: castedQuery },\n { $count: \"count\" },\n ]) as Array<{ count?: unknown }>\n const sampleMatches = normalizeNonNegativeInteger(sampleResult[0]?.count)\n\n if (sampleSize >= estimatedTotal) {\n return Math.min(sampleMatches, estimatedTotal)\n }\n\n const estimatedMatches = Math.round((estimatedTotal * sampleMatches) / sampleSize)\n return Math.max(0, Math.min(estimatedTotal, estimatedMatches))\n}\n"],"names":["getDerivedKey","masterKey","info","length","salt","assert","Buffer","from","hkdfSync","toString","RTS_TENANT_ID_QUERY_PARAM","RTS_USER_ID_HEADER","QUERY_MAX_LIMIT","INTERNAL_MODEL_NAMES","Set","DEFAULT_APPROX_COUNT_SAMPLE_SIZE","MAX_APPROX_COUNT_SAMPLE_SIZE","UNSUPPORTED_APPROX_COUNT_OPERATORS","paginationCursorSigningSecret","getPaginationCursorSigningSecret","process","env","MASTER_KEY","trim","Error","normalizeTenantId","value","normalized","normalizeSignedInTenants","Array","isArray","map","tenantId","String","filter","Boolean","getTenantIdFromRequest","req","rawQuery","query","queryTenantId","normalizedFromQuery","session","user","currentTenantId","resolveRtsRequestTenantId","isRtsRequestAuthorized","sessionUser","signedInTenants","includes","buildRtsAbilityFromRequest","sessionUserId","id","ability","buildAbilityFromSession","userId","headerValue","headers","headerUserIdRaw","headerUserId","rbCtx","User","models","getGlobal","findById","tenants","tenantRoles","lean","tenantsRaw","tenant","roles","getTenantRolesFromSessionUser","buildAbility","getTenantModel","modelName","ctx","get","normalizeLimit","limit","Number","isFinite","Math","min","abs","normalizeNonNegativeInteger","floor","getApproxCountSampleSize","raw","RB_RTS_APPROX_COUNT_SAMPLE_SIZE","parsed","findUnsupportedApproxCountOperator","entry","unsupportedOperator","key","nestedValue","Object","entries","has","castApproxCountQuery","model","castedQuery","find","cast","normalizeString","normalizeObject","undefined","normalizePagination","normalizePopulateSelect","normalizePopulateOptions","sort","max","normalizePopulateObject","path","select","match","nestedPopulate","normalizeRtsPopulateOption","populate","options","normalizeModelName","resolvePopulateRefModelName","explicitModelName","schema","schemaPath","directRef","ref","arrayRef","caster","virtualPath","virtualpath","virtualRef","mergePopulateMatchWithAcl","populateMatch","aclMatch","keys","$and","resolvePopulateSpecForModel","allowInternalModels","modelCache","dependencyModelNames","getModelCached","targetModelName","cached","loaded","set","resolveOne","parentModel","refModelName","can","add","getAccessibleByQuery","nestedModel","normalizedEntry","resolved","Promise","all","filtered","normalizeRtsQueryOptions","projection","pagination","resolveRtsQueryDependencyModelNames","Map","runRtsQuery","finalQuery","prepareRtsExecution","paginatedQuery","paginatedResult","paginate","cursor","signingSecret","totalCount","data","nodes","pageInfo","queryPromise","accessQuery","runRtsCount","estimatedTotal","estimatedDocumentCount","sampleSize","sampleResult","aggregate","$sample","size","$match","$count","sampleMatches","count","estimatedMatches","round"],"mappings":";;;;AAIO,MAAMA,gBAAgBA,CAC3BC,WACAC,MACAC,SAAiB,IACjBC,OAAe,OACJ;AACXC,SAAOJ,WAAWE,UAAU,IAAI,wCAAwC;AAExE,SAAOG,OAAOC,KAAKC,SACjB,UACAP,WACAK,OAAOC,KAAKH,IAAI,GAChBE,OAAOC,KAAKL,IAAI,GAChBC,MACF,CAAC,EAAEM,SAAS,KAAK;AACnB;ACuCO,MAAMC,4BAA4B;AAClC,MAAMC,qBAAqB;AAElC,MAAMC,kBAAkB;AACxB,MAAMC,uBAAuB,oBAAIC,IAAI,CAAC,eAAe,cAAc,CAAC;AACpE,MAAMC,mCAAmC;AACzC,MAAMC,+BAA+B;AACrC,MAAMC,yDAAyCH,IAAI,CAAC,SAAS,SAAS,eAAe,QAAQ,CAAC;AAC9F,IAAII,gCAA+C;AAEnD,MAAMC,mCAAmCA,MAAc;AACrD,MAAID,8BAA+B,QAAOA;AAC1C,QAAMjB,YAAYmB,QAAQC,IAAIC,YAAYC,KAAAA;AAC1C,MAAI,CAACtB,WAAW;AACd,UAAM,IAAIuB,MAAM,uEAAuE;AAAA,EACzF;AACAN,kCAAgClB,cAAcC,WAAW,2BAA2B;AACpF,SAAOiB;AACT;AAEA,MAAMO,oBAAoBA,CAACC,UAAkC;AAC3D,MAAI,OAAOA,UAAU,SAAU,QAAO;AACtC,QAAMC,aAAaD,MAAMH,KAAAA;AACzB,SAAOI,aAAaA,aAAa;AACnC;AAEA,MAAMC,2BAA2BA,CAACF,UAA6B;AAC7D,MAAI,CAACG,MAAMC,QAAQJ,KAAK,UAAU,CAAA;AAClC,SAAOA,MACJK,IAAKC,CAAAA,aAAaP,kBAAkBQ,OAAOD,QAAQ,CAAC,CAAC,EACrDE,OAAO,CAACF,aAAiCG,QAAQH,QAAQ,CAAC;AAC/D;AAEA,MAAMI,yBAAyBA,CAACC,QAAgC;AAC9D,QAAMC,WAAWD,IAAIE,QAAQ7B,yBAAyB;AACtD,QAAM8B,gBAAgBX,MAAMC,QAAQQ,QAAQ,IAAIA,SAAS,CAAC,IAAIA;AAC9D,QAAMG,sBAAsBhB,kBAAkBe,aAAa;AAC3D,MAAIC,oBAAqB,QAAOA;AAEhC,SAAOhB,kBAAmBY,IAAIK,SAASC,MAAkCC,eAAe;AAC1F;AAEO,MAAMC,4BAA4BA,CAACR,QAAgC;AACxE,SAAOD,uBAAuBC,GAAG;AACnC;AAWO,MAAMS,yBAAyBA,CAACT,KAAcL,aAA8B;AACjF,QAAMe,cAAcV,IAAIK,SAASC;AACjC,MAAI,CAACI,YAAa,QAAO;AAEzB,QAAMC,kBAAkBpB,yBAAyBmB,YAAYC,eAAe;AAC5E,MAAIA,gBAAgB7C,SAAS,GAAG;AAC9B,WAAO6C,gBAAgBC,SAASjB,QAAQ;AAAA,EAC1C;AAEA,QAAMY,kBAAkBnB,kBAAkBsB,YAAYH,eAAe;AACrE,MAAI,CAACA,gBAAiB,QAAO;AAC7B,SAAOA,oBAAoBZ;AAC7B;AAEO,MAAMkB,6BAA6B,OACxCb,KACAL,aAC4D;AAC5D,QAAMmB,gBAAgB1B,kBAAmBY,IAAIK,SAASC,MAAkCS,EAAE;AAC1F,MAAID,eAAe;AACjB,UAAME,UAAUC,wBAAwB;AAAA,MAAEtB;AAAAA,MAAUU,SAASL,IAAIK;AAAAA,IAAAA,CAAS;AAC1E,WAAO;AAAA,MAAEW;AAAAA,MAASE,QAAQJ;AAAAA,IAAAA;AAAAA,EAC5B;AAEA,QAAMK,cAAcnB,IAAIoB,QAAQ9C,kBAAkB;AAClD,QAAM+C,kBAAkB7B,MAAMC,QAAQ0B,WAAW,IAAIA,YAAY,CAAC,IAAIA;AACtE,QAAMG,eAAelC,kBAAkBiC,eAAe;AACtD,MAAI,CAACC,cAAc;AACjB,UAAMN,UAAUC,wBAAwB;AAAA,MAAEtB;AAAAA,MAAUU,SAASL,IAAIK;AAAAA,IAAAA,CAAS;AAC1E,WAAO;AAAA,MAAEW;AAAAA,MAASE,QAAQ;AAAA,IAAA;AAAA,EAC5B;AAEA,QAAMK,QAAsB;AAAA,IAAEvB,KAAK;AAAA,MAAEK,SAAS;AAAA,IAAA;AAAA,EAAK;AACnD,QAAMmB,OAAO,MAAMC,OAAOC,UAAU,UAAUH,KAAK;AACnD,QAAMjB,OAAO,MAAMkB,KAAKG,SAASL,cAAc;AAAA,IAAEM,SAAS;AAAA,IAAGC,aAAa;AAAA,EAAA,CAAG,EAAEC,KAAAA;AAE/E,QAAMC,aAAazB,MAAMsB;AACzB,QAAMA,UAAUpC,MAAMC,QAAQsC,UAAU,IAAIA,WAAWrC,IAAKsC,CAAAA,WAAWpC,OAAOoC,MAAM,CAAC,IAAI,CAAA;AACzF,MAAI,CAACJ,QAAQhB,SAASjB,QAAQ,GAAG;AAC/B,UAAM,IAAIR,MAAM,wCAAwC;AAAA,EAC1D;AAEA,QAAM8C,QAAQC,8BAA8B5B,MAAMX,QAAQ;AAC1D,SAAO;AAAA,IACLqB,SAASmB,aAAa;AAAA,MAAExC;AAAAA,MAAUuB,QAAQI;AAAAA,MAAcW,OAAOA,MAAMnE,SAASmE,QAAQ,CAAC,OAAO;AAAA,IAAA,CAAG;AAAA,IACjGf,QAAQI;AAAAA,EAAAA;AAEZ;AAEA,MAAMc,iBAAiB,OAAOzC,UAAkB0C,WAAmBrB,YAA6C;AAC9G,QAAMsB,MAAoB;AAAA,IACxBtC,KAAK;AAAA,MACHK,SAAS;AAAA,QACPC,MAAM;AAAA,UACJC,iBAAiBZ;AAAAA,QAAAA;AAAAA,MACnB;AAAA,IACF;AAAA,IAEFqB;AAAAA,EAAAA;AAGF,SAAOS,OAAOc,IAAIF,WAAWC,GAAG;AAClC;AAEA,MAAME,iBAAiBA,CAACC,UAA2B;AACjD,MAAI,OAAOA,UAAU,SAAU,QAAOlE;AACtC,MAAI,CAACmE,OAAOC,SAASF,KAAK,EAAG,QAAOlE;AACpC,SAAOqE,KAAKC,IAAItE,iBAAiBqE,KAAKE,IAAIL,KAAK,CAAC;AAClD;AAEA,MAAMM,8BAA8BA,CAAC1D,UAA2B;AAC9D,MAAI,OAAOA,UAAU,SAAU,QAAO;AACtC,MAAI,CAACqD,OAAOC,SAAStD,KAAK,KAAKA,QAAQ,EAAG,QAAO;AACjD,SAAOuD,KAAKI,MAAM3D,KAAK;AACzB;AAEA,MAAM4D,2BAA2BA,MAAc;AAC7C,QAAMC,MAAMnE,QAAQC,IAAImE,iCAAiCjE,UAAU;AACnE,MAAI,CAACgE,IAAK,QAAOxE;AAEjB,QAAM0E,SAASV,OAAOQ,GAAG;AACzB,MAAI,CAACR,OAAOC,SAASS,MAAM,KAAKA,UAAU,EAAG,QAAO1E;AACpD,SAAOkE,KAAKC,IAAIlE,8BAA8BiE,KAAKI,MAAMI,MAAM,CAAC;AAClE;AAEA,MAAMC,qCAAqCA,CAAChE,UAAkC;AAC5E,MAAI,CAACA,SAAS,OAAOA,UAAU,SAAU,QAAO;AAEhD,MAAIG,MAAMC,QAAQJ,KAAK,GAAG;AACxB,eAAWiE,SAASjE,OAAO;AACzB,YAAMkE,sBAAsBF,mCAAmCC,KAAK;AACpE,UAAIC,oBAAqB,QAAOA;AAAAA,IAClC;AACA,WAAO;AAAA,EACT;AAEA,aAAW,CAACC,KAAKC,WAAW,KAAKC,OAAOC,QAAQtE,KAAgC,GAAG;AACjF,QAAIT,mCAAmCgF,IAAIJ,GAAG,GAAG;AAC/C,aAAOA;AAAAA,IACT;AAEA,UAAMD,sBAAsBF,mCAAmCI,WAAW;AAC1E,QAAIF,oBAAqB,QAAOA;AAAAA,EAClC;AAEA,SAAO;AACT;AAEA,MAAMM,uBAAuBA,CAACC,OAAmB5D,UAAkC;AACjF,QAAM6D,cAAcD,MAAME,KAAK9D,KAAK,EAAE+D,KAAKH,KAAK;AAChD,MAAI,CAACC,eAAe,OAAOA,gBAAgB,YAAYvE,MAAMC,QAAQsE,WAAW,GAAG;AACjF,WAAO7D;AAAAA,EACT;AAEA,SAAO6D;AACT;AAEA,MAAMG,kBAAkBA,CAAC7E,UAA2B;AAClD,SAAO,OAAOA,UAAU,WAAWA,MAAMH,SAAS;AACpD;AAEA,MAAMiF,kBAAkBA,CAAC9E,UAA2C;AAClE,MAAI,CAACA,SAAS,OAAOA,UAAU,YAAYG,MAAMC,QAAQJ,KAAK,EAAG,QAAO+E;AACxE,SAAO/E;AACT;AAEA,MAAMgF,sBAAsBA,CAAChF,UAA+C;AAC1E,MAAI,CAACA,SAAS,OAAOA,UAAU,YAAYG,MAAMC,QAAQJ,KAAK,EAAG,QAAO+E;AACxE,SAAO/E;AACT;AAEA,MAAMiF,0BAA0BA,CAACjF,UAAoD;AACnF,MAAI,OAAOA,UAAU,UAAU;AAC7B,UAAMC,aAAaD,MAAMH,KAAAA;AACzB,WAAOI,cAAc8E;AAAAA,EACvB;AACA,SAAOD,gBAAgB9E,KAAK;AAC9B;AAEA,MAAMkF,2BAA2BA,CAAClF,UAA6D;AAC7F,MAAI,CAACA,SAAS,OAAOA,UAAU,YAAYG,MAAMC,QAAQJ,KAAK,EAAG,QAAO+E;AACxE,QAAMlB,MAAM7D;AACZ,QAAMC,aAA2C,CAAA;AAEjD,MAAI4D,IAAIsB,QAAQ,OAAOtB,IAAIsB,SAAS,YAAY,CAAChF,MAAMC,QAAQyD,IAAIsB,IAAI,GAAG;AACxElF,eAAWkF,OAAOtB,IAAIsB;AAAAA,EACxB;AAEA,MAAI,OAAOtB,IAAIT,UAAU,YAAYC,OAAOC,SAASO,IAAIT,KAAK,GAAG;AAC/DnD,eAAWmD,QAAQG,KAAK6B,IAAI,GAAG7B,KAAKI,MAAMJ,KAAKE,IAAII,IAAIT,KAAK,CAAC,CAAC;AAAA,EAChE;AAEA,MAAI,CAACnD,WAAWkF,QAAQlF,WAAWmD,UAAU2B,OAAW,QAAOA;AAC/D,SAAO9E;AACT;AAEA,MAAMoF,0BAA0BA,CAACrF,UAAkD;AACjF,MAAI,CAACA,SAAS,OAAOA,UAAU,YAAYG,MAAMC,QAAQJ,KAAK,EAAG,QAAO+E;AACxE,QAAMlB,MAAM7D;AACZ,QAAMsF,OAAOT,gBAAgBhB,IAAIyB,IAAI;AACrC,MAAI,CAACA,KAAM,QAAOP;AAElB,QAAM9E,aAAgC;AAAA,IAAEqF;AAAAA,EAAAA;AAExC,QAAMb,QAAQI,gBAAgBhB,IAAIY,KAAK;AACvC,MAAIA,kBAAkBA,QAAQA;AAE9B,QAAMc,SAASN,wBAAwBpB,IAAI0B,MAAM;AACjD,MAAIA,WAAWR,OAAW9E,YAAWsF,SAASA;AAE9C,QAAMC,QAAQV,gBAAgBjB,IAAI2B,KAAK;AACvC,MAAIA,kBAAkBA,QAAQA;AAE9B,QAAMC,iBAAiBC,2BAA2B7B,IAAI8B,QAAQ;AAC9D,MAAIF,mBAAmBV,OAAW9E,YAAW0F,WAAWF;AAExD,QAAMG,UAAUV,yBAAyBrB,IAAI+B,OAAO;AACpD,MAAIA,oBAAoBA,UAAUA;AAElC,SAAO3F;AACT;AAEA,MAAMyF,6BAA6BA,CAAC1F,UAAkD;AACpF,MAAI,OAAOA,UAAU,UAAU;AAC7B,UAAMC,aAAaD,MAAMH,KAAAA;AACzB,WAAOI,cAAc8E;AAAAA,EACvB;AAEA,MAAI5E,MAAMC,QAAQJ,KAAK,GAAG;AACxB,UAAMC,aAAaD,MAChBK,IAAK4D,CAAAA,UAAU;AACd,UAAI,OAAOA,UAAU,UAAU;AAC7B,cAAMqB,OAAOrB,MAAMpE,KAAAA;AACnB,eAAOyF,QAAQ;AAAA,MACjB;AACA,aAAOD,wBAAwBpB,KAAK,KAAK;AAAA,IAC3C,CAAC,EACAzD,OAAO,CAACyD,UAA+CA,UAAU,IAAI;AAExE,WAAOhE,WAAWxB,SAAS,IAAIwB,aAAa8E;AAAAA,EAC9C;AAEA,SAAOM,wBAAwBrF,KAAK;AACtC;AAEA,MAAM6F,qBAAqBA,CAAC7F,UAAkC;AAC5D,MAAI,OAAOA,UAAU,SAAU,QAAO;AACtC,QAAMC,aAAaD,MAAMH,KAAAA;AACzB,SAAOI,cAAc;AACvB;AAEA,MAAM6F,8BAA8BA,CAClCrB,OACAa,MACAS,sBACkB;AAClB,MAAIA,kBAAmB,QAAOA;AAE9B,QAAMC,SAASvB,MAAMuB;AACrB,QAAMC,aAAa,OAAOD,OAAOV,SAAS,aAAaU,OAAOV,KAAKA,IAAI,IAAI;AAC3E,QAAMY,YAAYL,mBAAmBI,YAAYL,SAASO,GAAG;AAC7D,MAAID,UAAW,QAAOA;AAEtB,QAAME,WAAWP,mBAAmBI,YAAYI,QAAQT,SAASO,GAAG;AACpE,MAAIC,SAAU,QAAOA;AAErB,QAAME,cAAc,OAAON,OAAOO,gBAAgB,aAAaP,OAAOO,YAAYjB,IAAI,IAAI;AAC1F,QAAMkB,aAAaX,mBAAmBS,aAAaV,SAASO,GAAG;AAC/D,MAAIK,WAAY,QAAOA;AAEvB,SAAO;AACT;AAEA,MAAMC,4BAA4BA,CAChCC,eACAC,aACe;AACf,MAAI,CAACD,iBAAiBrC,OAAOuC,KAAKF,aAAa,EAAEjI,WAAW,EAAG,QAAOkI;AACtE,SAAO;AAAA,IAAEE,MAAM,CAACH,eAAeC,QAAQ;AAAA,EAAA;AACzC;AAmBA,MAAMG,8BAA8B,OAAO;AAAA,EACzCxG;AAAAA,EACAmE;AAAAA,EACA9C;AAAAA,EACAgE;AAAAA,EACAoB;AAAAA,EACAC;AAAAA,EACAC;AASF,MAAmD;AACjD,MAAI,CAACtB,SAAU,QAAOZ;AAEtB,QAAMmC,iBAAiB,OAAOC,oBAAiD;AAC7E,UAAMC,SAASJ,WAAW9D,IAAIiE,eAAe;AAC7C,QAAIC,OAAQ,QAAOA;AACnB,UAAMC,SAAS,MAAMtE,eAAezC,UAAU6G,iBAAiBxF,OAAO;AACtEqF,eAAWM,IAAIH,iBAAiBE,MAAM;AACtC,WAAOA;AAAAA,EACT;AAEA,QAAME,aAAa,OACjBtD,OACAuD,gBACoD;AACpD,QAAI,OAAOvD,UAAU,UAAU;AAC7B,YAAMqB,QAAOrB,MAAMpE,KAAAA;AACnB,UAAI,CAACyF,MAAM,QAAO;AAElB,YAAMmC,gBAAe3B,4BAA4B0B,aAAalC,OAAM,IAAI;AACxE,UAAI,CAACmC,cAAc,QAAOnC;AAC1B,UAAI,CAACyB,uBAAuB5H,qBAAqBoF,IAAIkD,aAAY,GAAG;AAClE,cAAM,IAAI3H,MAAM,mBAAmB;AAAA,MACrC;AACA,UAAI,CAAC6B,QAAQ+F,IAAI,QAAQD,aAA8B,GAAG;AACxD,cAAM,IAAI3H,MAAM,WAAW;AAAA,MAC7B;AAEAmH,2BAAqBU,IAAIF,aAAY;AAErC,YAAMd,WAAWiB,qBACfjG,SACA,QACA8F,aACF;AACA,aAAO;AAAA,QACLnC,MAAAA;AAAAA,QACAE,OAAOmB;AAAAA,MAAAA;AAAAA,IAEX;AAEA,UAAMrB,OAAOrB,MAAMqB,KAAKzF,KAAAA;AACxB,QAAI,CAACyF,KAAM,QAAO;AAElB,UAAMS,oBAAoBF,mBAAmB5B,MAAMQ,KAAK;AACxD,UAAMgD,eAAe3B,4BAA4B0B,aAAalC,MAAMS,iBAAiB;AACrF,QAAI8B,cAAcL;AAElB,UAAMM,kBAA0C;AAAA,MAC9CxC;AAAAA,IAAAA;AAGF,QAAIrB,MAAMsB,WAAWR,OAAW+C,iBAAgBvC,SAAStB,MAAMsB;AAC/D,QAAItB,MAAM2B,YAAYb,OAAW+C,iBAAgBlC,UAAU3B,MAAM2B;AACjE,QAAIG,mCAAmCtB,QAAQsB;AAC/C,QAAI9B,MAAMuB,UAAUT,OAAW+C,iBAAgBtC,QAAQvB,MAAMuB;AAE7D,QAAIiC,cAAc;AAChB,UAAI,CAACV,uBAAuB5H,qBAAqBoF,IAAIkD,YAAY,GAAG;AAClE,cAAM,IAAI3H,MAAM,mBAAmB;AAAA,MACrC;AACA,UAAI,CAAC6B,QAAQ+F,IAAI,QAAQD,YAA8B,GAAG;AACxD,cAAM,IAAI3H,MAAM,WAAW;AAAA,MAC7B;AAEAmH,2BAAqBU,IAAIF,YAAY;AACrCI,oBAAc,MAAMX,eAAeO,YAAY;AAE/C,YAAMd,WAAWiB,qBACfjG,SACA,QACA8F,YACF;AACAK,sBAAgBtC,QAAQiB,0BACtBqB,gBAAgBtC,OAChBmB,QACF;AAAA,IACF,WAAW1C,MAAM0B,aAAaZ,QAAW;AACvC,YAAM,IAAIjF,MAAM,mEAAmE;AAAA,IACrF;AAEA,UAAM2F,iBAAiB,MAAMqB,4BAA4B;AAAA,MACvDxG;AAAAA,MACAmE,OAAOoD;AAAAA,MACPlG;AAAAA,MACAgE,UAAU1B,MAAM0B;AAAAA,MAChBoB;AAAAA,MACAC;AAAAA,MACAC;AAAAA,IAAAA,CACD;AACD,QAAIxB,mBAAmBV,OAAW+C,iBAAgBnC,WAAWF;AAE7D,WAAOqC;AAAAA,EACT;AAEA,MAAI3H,MAAMC,QAAQuF,QAAQ,GAAG;AAC3B,UAAMoC,YAAW,MAAMC,QAAQC,IAAItC,SAAStF,IAAK4D,CAAAA,UAAUsD,WAAWtD,OAAOQ,KAAK,CAAC,CAAC;AACpF,UAAMyD,WAAWH,UAASvH,OAAO,CAACyD,UAAoDA,UAAU,IAAI;AACpG,WAAOiE,SAASzJ,SAAS,IAAIyJ,WAAWnD;AAAAA,EAC1C;AAEA,QAAMgD,WAAW,MAAMR,WAAW5B,UAAUlB,KAAK;AACjD,SAAOsD,YAAYhD;AACrB;AAEO,MAAMoD,2BAA2BA,CAACvC,YAA0D;AACjG,MAAI,CAACA,WAAW,OAAOA,YAAY,iBAAiB,CAAA;AACpD,QAAM3F,aAA8B,CAAA;AAEpC,MAAI2F,QAAQwC,cAAc,OAAOxC,QAAQwC,eAAe,YAAY,CAACjI,MAAMC,QAAQwF,QAAQwC,UAAU,GAAG;AACtGnI,eAAWmI,aAAaxC,QAAQwC;AAAAA,EAClC;AAEA,MAAIxC,QAAQT,QAAQ,OAAOS,QAAQT,SAAS,YAAY,CAAChF,MAAMC,QAAQwF,QAAQT,IAAI,GAAG;AACpFlF,eAAWkF,OAAOS,QAAQT;AAAAA,EAC5B;AAEAlF,aAAWmD,QAAQD,eAAeyC,QAAQxC,KAAK;AAC/CnD,aAAW0F,WAAWD,2BAA2BE,QAAQD,QAAQ;AACjE1F,aAAWoI,aAAarD,oBAAoBY,QAAQyC,UAAU;AAE9D,SAAOpI;AACT;AAEO,MAAMqI,sCAAsC,OAAO;AAAA,EACxDhI;AAAAA,EACAqB;AAAAA,EACAqB;AAAAA,EACA4C;AAAAA,EACAmB,sBAAsB;AAOxB,MAAyB;AACvB,QAAMtC,QAAQ,MAAM1B,eAAezC,UAAU0C,WAAWrB,OAAO;AAC/D,QAAMqF,iCAAiBuB,IAAAA;AACvBvB,aAAWM,IAAItE,WAAWyB,KAAK;AAE/B,QAAMwC,2CAA2B7H,IAAAA;AACjC,QAAM0H,4BAA4B;AAAA,IAChCxG;AAAAA,IACAmE;AAAAA,IACA9C;AAAAA,IACAgE,UAAUC,QAAQD;AAAAA,IAClBoB;AAAAA,IACAC;AAAAA,IACAC;AAAAA,EAAAA,CACD;AAED,SAAO9G,MAAMtB,KAAKoI,oBAAoB;AACxC;AAEO,MAAMuB,cAAc,OAAO;AAAA,EAChClI;AAAAA,EACAqB;AAAAA,EACAqB;AAAAA,EACAnC;AAAAA,EACA+E;AAAAA,EACAmB,sBAAsB;AAQxB,MAA+B;AAC7B,QAAM;AAAA,IAAEtC;AAAAA,IAAOgE;AAAAA,EAAAA,IAAe,MAAMC,oBAAoB;AAAA,IACtDpI;AAAAA,IACAqB;AAAAA,IACAqB;AAAAA,IACAnC;AAAAA,IACAkG;AAAAA,EAAAA,CACD;AACD,QAAMqB,aAAaxC,QAAQwC,cAAcrD;AACzC,QAAMI,OAAOS,QAAQT;AACrB,QAAM/B,QAAQD,eAAeyC,QAAQxC,KAAK;AAC1C,QAAM4D,iCAAiBuB,IAAAA;AACvBvB,aAAWM,IAAItE,WAAWyB,KAAK;AAE/B,QAAMkB,WAAW,MAAMmB,4BAA4B;AAAA,IACjDxG;AAAAA,IACAmE;AAAAA,IACA9C;AAAAA,IACAgE,UAAUC,QAAQD;AAAAA,IAClBoB;AAAAA,IACAC;AAAAA,IACAC,0CAA0B7H,IAAAA;AAAAA,EAAY,CACvC;AAED,MAAIwG,QAAQyC,YAAY;AACtB,UAAMM,iBAAiBlE,MAAME,KAAK8D,YAAYL,UAAU;AACxD,QAAIzC,aAAaZ,QAAW;AAC1B4D,qBAAehD,SAASA,QAAe;AAAA,IACzC;AAEA,UAAMiD,kBAAkB,MAAMD,eAAeE,SAASjD,QAAQyC,YAAY;AAAA,MACxES,QAAQ;AAAA,QACNC,eAAetJ,iCAAAA;AAAAA,MAAiC;AAAA,IAClD,CACD;AACD,UAAMuJ,aAAa,OAAOJ,gBAAgBI,eAAe,YACpD3F,OAAOC,SAASsF,gBAAgBI,UAAU,KAC1CJ,gBAAgBI,cAAc,IAC/BzF,KAAKI,MAAMiF,gBAAgBI,UAAU,IACrCjE;AAEJ,WAAO;AAAA,MACLkE,MAAM9I,MAAMC,QAAQwI,gBAAgBM,KAAK,IAAIN,gBAAgBM,QAAQ,CAAA;AAAA,MACrEC,UAAUP,gBAAgBO;AAAAA,MAC1B,GAAIH,eAAejE,SAAY;AAAA,QAAEiE;AAAAA,MAAAA,IAAe,CAAA;AAAA,IAAC;AAAA,EAErD;AAEA,QAAMI,eAAe3E,MAAME,KAAK8D,YAAYL,UAAU;AACtD,MAAIzC,aAAaZ,QAAW;AAC1BqE,iBAAazD,SAASA,QAAe;AAAA,EACvC;AACA,MAAIR,QAAQd,OAAOuC,KAAKzB,IAAI,EAAE1G,QAAQ;AACpC2K,iBAAajE,KAAKA,IAAI;AAAA,EACxB;AACAiE,eAAahG,MAAMA,KAAK;AAExB,QAAM6F,OAAO,MAAMG;AACnB,SAAO;AAAA,IAAEH,MAAM9I,MAAMC,QAAQ6I,IAAI,IAAIA,OAAO,CAAA;AAAA,EAAA;AAC9C;AAEA,MAAMP,sBAAsB,OAAO;AAAA,EACjCpI;AAAAA,EACAqB;AAAAA,EACAqB;AAAAA,EACAnC;AAAAA,EACAkG,sBAAsB;AAOxB,MAAqC;AACnC,MAAI,CAACA,uBAAuB5H,qBAAqBoF,IAAIvB,SAAS,GAAG;AAC/D,UAAM,IAAIlD,MAAM,mBAAmB;AAAA,EACrC;AAEA,MAAI,CAAC6B,QAAQ+F,IAAI,QAAQ1E,SAA2B,GAAG;AACrD,UAAM,IAAIlD,MAAM,WAAW;AAAA,EAC7B;AAEA,QAAM2E,QAAQ,MAAM1B,eAAezC,UAAU0C,WAAWrB,OAAO;AAC/D,QAAM0H,cAAczB,qBAAqBjG,SAAS,QAAQqB,SAA2C;AACrG,QAAMyF,aAAyB;AAAA,IAAE5B,MAAM,CAAChG,OAAOwI,WAAW;AAAA,EAAA;AAE1D,SAAO;AAAA,IAAE5E;AAAAA,IAAOgE;AAAAA,EAAAA;AAClB;AAEO,MAAMa,cAAc,OAAO;AAAA,EAChChJ;AAAAA,EACAqB;AAAAA,EACAqB;AAAAA,EACAnC;AAAAA,EACAkG,sBAAsB;AAOxB,MAAuB;AACrB,QAAM;AAAA,IAAEtC;AAAAA,IAAOgE;AAAAA,EAAAA,IAAe,MAAMC,oBAAoB;AAAA,IACtDpI;AAAAA,IACAqB;AAAAA,IACAqB;AAAAA,IACAnC;AAAAA,IACAkG;AAAAA,EAAAA,CACD;AAED,QAAM7C,sBAAsBF,mCAAmCyE,UAAU;AACzE,MAAIvE,qBAAqB;AACvB,UAAM,IAAIpE,MAAM,0CAA0CoE,mBAAmB,UAAU;AAAA,EACzF;AAEA,QAAMQ,cAAcF,qBAAqBC,OAAOgE,UAAU;AAC1D,QAAMc,iBAAiB7F,4BAA4B,MAAMe,MAAM+E,wBAAwB;AACvF,MAAID,mBAAmB,EAAG,QAAO;AAEjC,QAAME,aAAalG,KAAKC,IAAII,yBAAAA,GAA4B2F,cAAc;AACtE,QAAMG,eAAe,MAAMjF,MAAMkF,UAAU,CACzC;AAAA,IAAEC,SAAS;AAAA,MAAEC,MAAMJ;AAAAA,IAAAA;AAAAA,EAAW,GAC9B;AAAA,IAAEK,QAAQpF;AAAAA,EAAAA,GACV;AAAA,IAAEqF,QAAQ;AAAA,EAAA,CAAS,CACpB;AACD,QAAMC,gBAAgBtG,4BAA4BgG,aAAa,CAAC,GAAGO,KAAK;AAExE,MAAIR,cAAcF,gBAAgB;AAChC,WAAOhG,KAAKC,IAAIwG,eAAeT,cAAc;AAAA,EAC/C;AAEA,QAAMW,mBAAmB3G,KAAK4G,MAAOZ,iBAAiBS,gBAAiBP,UAAU;AACjF,SAAOlG,KAAK6B,IAAI,GAAG7B,KAAKC,IAAI+F,gBAAgBW,gBAAgB,CAAC;AAC/D;"}
package/dist/shared-nE84Or5W.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"shared-nE84Or5W.js","sources":["../src/uploads/api/file-uploads/shared.ts"],"sourcesContent":["import { createHash, timingSafeEqual } from \"node:crypto\"\n\nimport { Ctx } from \"@rpcbase/api\"\nimport {\n type IRBUploadChunk,\n type IRBUploadSession,\n type LoadModelCtx,\n} from \"@rpcbase/db\"\nimport { buildAbilityFromSession, getAccessibleByQuery, type AppAbility } from \"@rpcbase/db/acl\"\nimport type { Model } from \"mongoose\"\n\n\nexport type SessionUser = {\n id?: string\n currentTenantId?: string\n}\n\nexport type UploadSessionDoc = IRBUploadSession\nexport type UploadChunkDoc = Omit<IRBUploadChunk, \"data\"> & { data: Buffer }\n\nconst DEFAULT_CHUNK_SIZE_BYTES = 5 * 1024 * 1024\nconst MAX_CHUNK_SIZE_BYTES = 15 * 1024 * 1024\n\nconst DEFAULT_MAX_CLIENT_BYTES_PER_SECOND = 10 * 1024 * 1024\n\nconst DEFAULT_SESSION_TTL_S = 60 * 60 * 24\n\nconst ensuredIndexDbNames = new Set<string>()\n\nconst parseOptionalPositiveInt = (rawValue: unknown): number | null => {\n if (typeof rawValue !== \"string\") return null\n const normalized = rawValue.trim()\n if (!normalized) return null\n const parsed = Number(normalized)\n if (!Number.isFinite(parsed) || parsed <= 0) return null\n return Math.floor(parsed)\n}\n\nexport const getChunkSizeBytes = (): number => {\n const configured = parseOptionalPositiveInt(process.env.RB_UPLOAD_CHUNK_SIZE_BYTES)\n const resolved = configured ?? DEFAULT_CHUNK_SIZE_BYTES\n return Math.min(MAX_CHUNK_SIZE_BYTES, resolved)\n}\n\nexport const getMaxClientUploadBytesPerSecond = (): number | null => {\n const configured = parseOptionalPositiveInt(process.env.RB_UPLOAD_MAX_CLIENT_BYTES_PER_SECOND)\n return configured ?? DEFAULT_MAX_CLIENT_BYTES_PER_SECOND\n}\n\nexport const getSessionTtlMs = (): number => {\n const ttlSeconds = parseOptionalPositiveInt(process.env.RB_UPLOAD_SESSION_TTL_S) ?? DEFAULT_SESSION_TTL_S\n return ttlSeconds * 1000\n}\n\nexport const getRawBodyLimitBytes = (chunkSizeBytes: number): number => chunkSizeBytes + 1024 * 1024\n\nexport const getBucketName = (): string => (process.env.RB_FILESYSTEM_BUCKET_NAME ?? \"\").trim() || \"fs\"\n\nexport const getUserId = (ctx: Ctx<SessionUser>): string | null => {\n const raw = ctx.req.session?.user?.id\n if (typeof raw !== \"string\") return null\n const normalized = raw.trim()\n return normalized ? normalized : null\n}\n\nexport const getTenantId = (ctx: Ctx<SessionUser>): string | null => {\n const rawSession = ctx.req.session?.user?.currentTenantId\n const sessionTenantId = typeof rawSession === \"string\" ? rawSession.trim() : \"\"\n\n const userId = getUserId(ctx)\n const rawQuery = ctx.req.query?.[\"rb-tenant-id\"]\n const queryTenantId = Array.isArray(rawQuery) ? rawQuery[0] : rawQuery\n const queryValue = typeof queryTenantId === \"string\" && queryTenantId.trim() ? queryTenantId.trim() : null\n\n if (!userId && queryValue) return queryValue\n\n if (userId) return sessionTenantId || null\n\n if (sessionTenantId) return sessionTenantId\n\n return queryValue\n}\n\nexport const computeSha256Hex = (data: Buffer): string => createHash(\"sha256\").update(data).digest(\"hex\")\n\nexport const normalizeSha256Hex = (value: string): string => value.trim().toLowerCase()\n\nexport const getModelCtx = (_ctx: Ctx<SessionUser>, tenantId: string, ability?: AppAbility): LoadModelCtx => ({\n req: {\n session: {\n user: {\n currentTenantId: tenantId,\n },\n },\n },\n ability,\n})\n\nexport const toBufferPayload = (payload: unknown): Buffer | null => {\n if (Buffer.isBuffer(payload)) return payload\n if (payload instanceof Uint8Array) return Buffer.from(payload)\n return null\n}\n\nexport const ensureUploadIndexes = async (\n UploadSession: Model<UploadSessionDoc>,\n UploadChunk: Model<UploadChunkDoc>,\n): Promise<void> => {\n const dbName = String((UploadSession as unknown as { db?: { name?: unknown } })?.db?.name ?? \"\")\n if (dbName && ensuredIndexDbNames.has(dbName)) return\n\n await Promise.all([\n UploadSession.createIndexes(),\n UploadChunk.createIndexes(),\n ])\n\n if (dbName) ensuredIndexDbNames.add(dbName)\n}\n\nconst normalizeUploadKey = (raw: unknown): string | null => {\n if (typeof raw !== \"string\") return null\n const normalized = raw.trim()\n return normalized ? normalized : null\n}\n\nexport const getUploadKeyHash = (ctx: Ctx<SessionUser>): string | null => {\n const uploadKey = normalizeUploadKey(ctx.req.get(\"X-Upload-Key\"))\n if (!uploadKey) return null\n return computeSha256Hex(Buffer.from(uploadKey))\n}\n\nexport const buildUploadsAbility = (ctx: Ctx<SessionUser>, tenantId: string): AppAbility => {\n const uploadKeyHash = getUploadKeyHash(ctx)\n const claims = uploadKeyHash ? { uploadKeyHash } : undefined\n return buildAbilityFromSession({ tenantId, session: ctx.req.session, claims })\n}\n\nexport const getUploadSessionAccessQuery = (\n ability: AppAbility,\n action: \"read\" | \"update\" | \"delete\",\n): Record<string, unknown> => getAccessibleByQuery(ability, action, \"RBUploadSession\")\n\nconst timingSafeEqualHex = (left: string, right: string): boolean => {\n if (left.length !== right.length) return false\n try {\n return timingSafeEqual(Buffer.from(left, \"hex\"), Buffer.from(right, \"hex\"))\n } catch {\n return false\n }\n}\n\nexport const getOwnershipSelector = (\n ctx: Ctx<SessionUser>,\n session: Pick<UploadSessionDoc, \"userId\" | \"ownerKeyHash\">,\n): { userId?: string; ownerKeyHash?: string } | null => {\n if (session.userId) {\n const userId = getUserId(ctx)\n if (!userId || userId !== session.userId) return null\n return { userId: session.userId }\n }\n\n if (session.ownerKeyHash) {\n const uploadKeyHash = getUploadKeyHash(ctx)\n if (!uploadKeyHash) return null\n if (!timingSafeEqualHex(session.ownerKeyHash, uploadKeyHash)) return null\n return { ownerKeyHash: session.ownerKeyHash }\n }\n\n return null\n}\n"],"names":["DEFAULT_CHUNK_SIZE_BYTES","MAX_CHUNK_SIZE_BYTES","DEFAULT_MAX_CLIENT_BYTES_PER_SECOND","DEFAULT_SESSION_TTL_S","ensuredIndexDbNames","Set","parseOptionalPositiveInt","rawValue","normalized","trim","parsed","Number","isFinite","Math","floor","getChunkSizeBytes","configured","process","env","RB_UPLOAD_CHUNK_SIZE_BYTES","resolved","min","getMaxClientUploadBytesPerSecond","RB_UPLOAD_MAX_CLIENT_BYTES_PER_SECOND","getSessionTtlMs","ttlSeconds","RB_UPLOAD_SESSION_TTL_S","getRawBodyLimitBytes","chunkSizeBytes","getBucketName","RB_FILESYSTEM_BUCKET_NAME","getUserId","ctx","raw","req","session","user","id","getTenantId","rawSession","currentTenantId","sessionTenantId","userId","rawQuery","query","queryTenantId","Array","isArray","queryValue","computeSha256Hex","data","createHash","update","digest","normalizeSha256Hex","value","toLowerCase","getModelCtx","_ctx","tenantId","ability","toBufferPayload","payload","Buffer","isBuffer","Uint8Array","from","ensureUploadIndexes","UploadSession","UploadChunk","dbName","String","db","name","has","Promise","all","createIndexes","add","normalizeUploadKey","getUploadKeyHash","uploadKey","get","buildUploadsAbility","uploadKeyHash","claims","undefined","buildAbilityFromSession","getUploadSessionAccessQuery","action","getAccessibleByQuery"],"mappings":";;AAoBA,MAAMA,2BAA2B,IAAI,OAAO;AAC5C,MAAMC,uBAAuB,KAAK,OAAO;AAEzC,MAAMC,sCAAsC,KAAK,OAAO;AAExD,MAAMC,wBAAwB,KAAK,KAAK;AAExC,MAAMC,0CAA0BC,IAAAA;AAEhC,MAAMC,2BAA2BA,CAACC,aAAqC;AACrE,MAAI,OAAOA,aAAa,SAAU,QAAO;AACzC,QAAMC,aAAaD,SAASE,KAAAA;AAC5B,MAAI,CAACD,WAAY,QAAO;AACxB,QAAME,SAASC,OAAOH,UAAU;AAChC,MAAI,CAACG,OAAOC,SAASF,MAAM,KAAKA,UAAU,EAAG,QAAO;AACpD,SAAOG,KAAKC,MAAMJ,MAAM;AAC1B;AAEO,MAAMK,oBAAoBA,MAAc;AAC7C,QAAMC,aAAaV,yBAAyBW,QAAQC,IAAIC,0BAA0B;AAClF,QAAMC,WAAWJ,cAAchB;AAC/B,SAAOa,KAAKQ,IAAIpB,sBAAsBmB,QAAQ;AAChD;AAEO,MAAME,mCAAmCA,MAAqB;AACnE,QAAMN,aAAaV,yBAAyBW,QAAQC,IAAIK,qCAAqC;AAC7F,SAAOP,cAAcd;AACvB;AAEO,MAAMsB,kBAAkBA,MAAc;AAC3C,QAAMC,aAAanB,yBAAyBW,QAAQC,IAAIQ,uBAAuB,KAAKvB;AACpF,SAAOsB,aAAa;AACtB;AAEO,MAAME,uBAAuBA,CAACC,mBAAmCA,iBAAiB,OAAO;AAEzF,MAAMC,gBAAgBA,OAAeZ,QAAQC,IAAIY,6BAA6B,IAAIrB,UAAU;AAE5F,MAAMsB,YAAYA,CAACC,QAAyC;AACjE,QAAMC,MAAMD,IAAIE,IAAIC,SAASC,MAAMC;AACnC,MAAI,OAAOJ,QAAQ,SAAU,QAAO;AACpC,QAAMzB,aAAayB,IAAIxB,KAAAA;AACvB,SAAOD,aAAaA,aAAa;AACnC;AAEO,MAAM8B,cAAcA,CAACN,QAAyC;AACnE,QAAMO,aAAaP,IAAIE,IAAIC,SAASC,MAAMI;AAC1C,QAAMC,kBAAkB,OAAOF,eAAe,WAAWA,WAAW9B,SAAS;AAE7E,QAAMiC,SAASX,UAAUC,GAAG;AAC5B,QAAMW,WAAWX,IAAIE,IAAIU,QAAQ,cAAc;AAC/C,QAAMC,gBAAgBC,MAAMC,QAAQJ,QAAQ,IAAIA,SAAS,CAAC,IAAIA;AAC9D,QAAMK,aAAa,OAAOH,kBAAkB,YAAYA,cAAcpC,SAASoC,cAAcpC,KAAAA,IAAS;AAEtG,MAAI,CAACiC,UAAUM,WAAY,QAAOA;AAElC,MAAIN,eAAeD,mBAAmB;AAEtC,MAAIA,gBAAiB,QAAOA;AAE5B,SAAOO;AACT;AAEO,MAAMC,mBAAmBA,CAACC,SAAyBC,WAAW,QAAQ,EAAEC,OAAOF,IAAI,EAAEG,OAAO,KAAK;AAEjG,MAAMC,qBAAqBA,CAACC,UAA0BA,MAAM9C,KAAAA,EAAO+C,YAAAA;AAEnE,MAAMC,cAAcA,CAACC,MAAwBC,UAAkBC,aAAwC;AAAA,EAC5G1B,KAAK;AAAA,IACHC,SAAS;AAAA,MACPC,MAAM;AAAA,QACJI,iBAAiBmB;AAAAA,MAAAA;AAAAA,IACnB;AAAA,EACF;AAAA,EAEFC;AACF;AAEO,MAAMC,kBAAkBA,CAACC,YAAoC;AAClE,MAAIC,OAAOC,SAASF,OAAO,EAAG,QAAOA;AACrC,MAAIA,mBAAmBG,WAAY,QAAOF,OAAOG,KAAKJ,OAAO;AAC7D,SAAO;AACT;AAEO,MAAMK,sBAAsB,OACjCC,eACAC,gBACkB;AAClB,QAAMC,SAASC,OAAQH,eAA0DI,IAAIC,QAAQ,EAAE;AAC/F,MAAIH,UAAUlE,oBAAoBsE,IAAIJ,MAAM,EAAG;AAE/C,QAAMK,QAAQC,IAAI,CAChBR,cAAcS,iBACdR,YAAYQ,cAAAA,CAAe,CAC5B;AAED,MAAIP,OAAQlE,qBAAoB0E,IAAIR,MAAM;AAC5C;AAEA,MAAMS,qBAAqBA,CAAC9C,QAAgC;AAC1D,MAAI,OAAOA,QAAQ,SAAU,QAAO;AACpC,QAAMzB,aAAayB,IAAIxB,KAAAA;AACvB,SAAOD,aAAaA,aAAa;AACnC;AAEO,MAAMwE,mBAAmBA,CAAChD,QAAyC;AACxE,QAAMiD,YAAYF,mBAAmB/C,IAAIE,IAAIgD,IAAI,cAAc,CAAC;AAChE,MAAI,CAACD,UAAW,QAAO;AACvB,SAAOhC,iBAAiBc,OAAOG,KAAKe,SAAS,CAAC;AAChD;AAEO,MAAME,sBAAsBA,CAACnD,KAAuB2B,aAAiC;AAC1F,QAAMyB,gBAAgBJ,iBAAiBhD,GAAG;AAC1C,QAAMqD,SAASD,gBAAgB;AAAA,IAAEA;AAAAA,EAAAA,IAAkBE;AACnD,SAAOC,wBAAwB;AAAA,IAAE5B;AAAAA,IAAUxB,SAASH,IAAIE,IAAIC;AAAAA,IAASkD;AAAAA,EAAAA,CAAQ;AAC/E;AAEO,MAAMG,8BAA8BA,CACzC5B,SACA6B,WAC4BC,qBAAqB9B,SAAS6B,QAAQ,iBAAiB;"}