npm - @tenora/multi-tenant - Versions diffs - 0.1.1 - Mend

@tenora/multi-tenant 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,468 @@
+// src/config.ts
+var defineTenoraConfig = (config) => config;
+var createTenoraConfig = defineTenoraConfig;
+// src/knexFactory.ts
+import knex from "knex";
+import fs2 from "fs";
+import path2 from "path";
+// src/password.ts
+import CryptoJS from "crypto-js";
+var generateTenantPassword = (length = 32) => {
+  const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*";
+  let password = "";
+  for (let i = 0; i < length; i++) {
+    const randomIndex = Math.floor(Math.random() * charset.length);
+    password += charset[randomIndex];
+  }
+  return password;
+};
+var encryptPassword = (password, cipherKey) => {
+  if (typeof cipherKey !== "string" || cipherKey.length === 0) {
+    throw new Error("Tenora: cipherKey must be a non-empty string.");
+  }
+  return CryptoJS.AES.encrypt(password, cipherKey).toString();
+};
+var decryptPassword = (encryptedPassword, cipherKey) => {
+  if (typeof cipherKey !== "string" || cipherKey.length === 0) {
+    throw new Error("Tenora: cipherKey must be a non-empty string.");
+  }
+  const bytes = CryptoJS.AES.decrypt(encryptedPassword, cipherKey);
+  return bytes.toString(CryptoJS.enc.Utf8);
+};
+// src/tenantRegistry.ts
+var DEFAULT_REGISTRY = {
+  table: "tenora_tenants",
+  idColumn: "id",
+  passwordColumn: "password",
+  encryptedPasswordColumn: "encrypted_password",
+  createdAtColumn: "created_at",
+  updatedAtColumn: "updated_at"
+};
+var resolveRegistry = (options) => ({
+  ...DEFAULT_REGISTRY,
+  ...options.registry ?? {}
+});
+var resolveEncrypt = (options) => {
+  if (options.encryptPassword) return options.encryptPassword;
+  const key = process.env.TENORA_KEY;
+  if (key) {
+    return (plain) => encryptPassword(plain, key);
+  }
+  return void 0;
+};
+var ensureRegistryTable = async (base, options) => {
+  const registry = resolveRegistry(options);
+  const exists = await base.schema.hasTable(registry.table);
+  if (!exists) {
+    throw new Error(
+      `Tenora: tenant registry table "${registry.table}" not found. Run 'tenora migrate' to create it.`
+    );
+  }
+};
+var upsertTenantInRegistry = async (base, options, tenantId, password) => {
+  const registry = resolveRegistry(options);
+  await ensureRegistryTable(base, options);
+  const encrypt = resolveEncrypt(options);
+  const encrypted = password && encrypt ? encrypt(password) : void 0;
+  const record = {
+    [registry.idColumn]: tenantId
+  };
+  if (encrypted) {
+    record[registry.encryptedPasswordColumn] = encrypted;
+  } else if (password) {
+    record[registry.passwordColumn] = password;
+  }
+  await base(registry.table).insert(record).onConflict(registry.idColumn).merge(record);
+};
+// src/configLoader.ts
+import fs from "fs";
+import path from "path";
+import { pathToFileURL } from "url";
+import { createRequire } from "module";
+var require2 = createRequire(import.meta.url);
+var DEFAULT_CONFIG_FILES = [
+  "tenora.config.js",
+  "tenora.config.mjs",
+  "tenora.config.ts"
+];
+var resolveConfigPath = (explicitPath) => {
+  const cwd = process.cwd();
+  if (explicitPath) {
+    return path.isAbsolute(explicitPath) ? explicitPath : path.join(cwd, explicitPath);
+  }
+  for (const file of DEFAULT_CONFIG_FILES) {
+    const full = path.join(cwd, file);
+    if (fs.existsSync(full)) return full;
+  }
+  throw new Error(
+    `Tenora: no config found. Looked for ${DEFAULT_CONFIG_FILES.join(", ")} in ${cwd}.`
+  );
+};
+var loadConfigModuleSync = (fullPath) => {
+  const ext = path.extname(fullPath);
+  try {
+    const mod = require2(fullPath);
+    return mod;
+  } catch (err) {
+    if (ext === ".mjs" || err?.code === "ERR_REQUIRE_ESM") {
+      throw new Error(
+        `Tenora: ${path.basename(fullPath)} is ESM. Use createTenoraFactoryAsync() or pass the config directly.`
+      );
+    }
+    if (ext === ".ts" || err?.code === "ERR_UNKNOWN_FILE_EXTENSION") {
+      throw new Error(
+        `Tenora: ${path.basename(fullPath)} is TypeScript. Use createTenoraFactoryAsync() with a TS loader (tsx/ts-node), or pass the config directly.`
+      );
+    }
+    throw err;
+  }
+};
+var loadConfigModuleAsync = async (fullPath) => {
+  const href = pathToFileURL(fullPath).href;
+  return import(href);
+};
+var unwrapConfig = (mod) => mod.default ?? mod.config ?? mod;
+// src/knexFactory.ts
+var resolveClient = (value) => value ?? "pg";
+var isPostgresClient = (client) => client === "pg" || client === "postgres" || client === "postgresql";
+var isMysqlClient = (client) => client === "mysql" || client === "mysql2" || client === "mariadb";
+var isSqliteClient = (client) => client === "sqlite3" || client === "better-sqlite3" || client === "sqlite";
+var isMssqlClient = (client) => client === "mssql" || client === "sqlserver";
+var normalizePassword = (value) => {
+  if (value === void 0 || value === null) return void 0;
+  if (typeof value === "string") return value;
+  return String(value);
+};
+var escapePgIdent = (value) => value.replace(/"/g, '""');
+var escapeMysqlIdent = (value) => value.replace(/`/g, "``");
+var escapeMssqlIdent = (value) => value.replace(/]/g, "]]");
+var escapeSqlString = (value) => value.replace(/'/g, "''");
+var loadDefaultConfig = () => {
+  const explicit = process.env.TENORA_CONFIG;
+  const fullPath = resolveConfigPath(explicit ?? void 0);
+  const module = loadConfigModuleSync(fullPath);
+  const cfg = unwrapConfig(module);
+  if (!cfg) {
+    throw new Error(
+      `Tenora: config file ${path2.basename(fullPath)} did not export a config object.`
+    );
+  }
+  return cfg;
+};
+var loadDefaultConfigAsync = async () => {
+  const explicit = process.env.TENORA_CONFIG;
+  const fullPath = resolveConfigPath(explicit ?? void 0);
+  const module = await loadConfigModuleAsync(fullPath);
+  const cfg = unwrapConfig(module);
+  if (!cfg) {
+    throw new Error(
+      `Tenora: config file ${path2.basename(fullPath)} did not export a config object.`
+    );
+  }
+  return cfg;
+};
+var defaultPool = { min: 2, max: 10, acquireTimeoutMillis: 6e4, idleTimeoutMillis: 6e4 };
+var buildTenoraFactory = (resolved) => {
+  const { base, tenant = {}, knexOptions = {} } = resolved;
+  const cache = /* @__PURE__ */ new Map();
+  const basePassword = normalizePassword(base.password);
+  const client = resolveClient(base.client);
+  const resolveBaseDatabaseName = () => {
+    if (base.connection) {
+      const conn = base.connection;
+      if (isSqliteClient(client)) {
+        const filename = conn.filename ?? base.database;
+        if (!filename) {
+          throw new Error("Tenora: base.database or base.connection.filename is required for SQLite.");
+        }
+        return filename;
+      }
+      const dbName = conn.database ?? base.database;
+      if (!dbName) {
+        throw new Error("Tenora: base.database is required.");
+      }
+      return dbName;
+    }
+    if (!base.database) {
+      throw new Error("Tenora: base.database is required.");
+    }
+    return base.database;
+  };
+  const applyConnectionDefaults = (conn) => {
+    if (conn.user === void 0 && base.user !== void 0) conn.user = base.user;
+    if (conn.port === void 0 && base.port !== void 0) conn.port = base.port;
+    if (isMssqlClient(client)) {
+      if (conn.server === void 0 && base.host !== void 0) conn.server = base.host;
+    } else if (conn.host === void 0 && base.host !== void 0) {
+      conn.host = base.host;
+    }
+    if (conn.ssl === void 0 && base.ssl !== void 0) conn.ssl = base.ssl;
+    const normalized = normalizePassword(conn.password ?? basePassword);
+    if (normalized !== void 0) {
+      conn.password = normalized;
+    } else {
+      delete conn.password;
+    }
+  };
+  const buildBaseConnection = (databaseOverride) => {
+    if (base.connection) {
+      const conn2 = { ...base.connection };
+      applyConnectionDefaults(conn2);
+      if (databaseOverride !== void 0) {
+        if (isSqliteClient(client)) {
+          conn2.filename = databaseOverride;
+          delete conn2.database;
+        } else {
+          conn2.database = databaseOverride;
+        }
+      } else if (isSqliteClient(client)) {
+        if (conn2.filename === void 0 && base.database) conn2.filename = base.database;
+      } else if (conn2.database === void 0 && base.database) {
+        conn2.database = base.database;
+      }
+      return conn2;
+    }
+    if (isSqliteClient(client)) {
+      const filename = databaseOverride ?? base.database;
+      if (!filename) {
+        throw new Error("Tenora: base.database is required for SQLite.");
+      }
+      return { filename };
+    }
+    if (!base.host || !base.user || !base.database) {
+      throw new Error("Tenora: base connection is incomplete. Provide base.connection or host/user/database.");
+    }
+    const conn = {
+      ...isMssqlClient(client) ? { server: base.host } : { host: base.host },
+      port: base.port,
+      user: base.user,
+      database: databaseOverride ?? base.database,
+      ssl: base.ssl ?? false
+    };
+    if (basePassword !== void 0) conn.password = basePassword;
+    return conn;
+  };
+  const baseKnexConfig = {
+    client,
+    useNullAsDefault: true,
+    connection: buildBaseConnection(resolveBaseDatabaseName()),
+    pool: base.pool ?? defaultPool,
+    migrations: base.migrationsDir ? { directory: base.migrationsDir } : void 0,
+    seeds: base.seedsDir ? { directory: base.seedsDir } : void 0,
+    ...knexOptions
+  };
+  const baseClient = knex(baseKnexConfig);
+  const resolveTenantDatabaseName = (tenantId) => tenant.databaseName ? tenant.databaseName(tenantId) : tenantId;
+  const resolveSqliteTenantFilename = (tenantId) => {
+    const baseDb = resolveBaseDatabaseName();
+    const baseDir = tenant.databaseDir ?? path2.dirname(baseDb ?? process.cwd());
+    const name = tenant.databaseName ? tenant.databaseName(tenantId) : `${tenantId}${tenant.databaseSuffix ?? ".sqlite"}`;
+    return path2.isAbsolute(name) ? name : path2.join(baseDir, name);
+  };
+  const buildTenantConfig = (tenantId, password) => {
+    const tenantPassword = normalizePassword(password ?? basePassword);
+    const hasTenantPassword = password !== void 0 && password !== null;
+    const tenantDb = isSqliteClient(client) ? resolveSqliteTenantFilename(tenantId) : resolveTenantDatabaseName(tenantId);
+    const connection = buildBaseConnection(tenantDb);
+    if (!isSqliteClient(client) && hasTenantPassword) {
+      connection.user = `${tenant.userPrefix ?? "user_"}${tenantId}`;
+      if (tenantPassword !== void 0) {
+        connection.password = tenantPassword;
+      } else {
+        delete connection.password;
+      }
+    }
+    if (tenant.ssl !== void 0) {
+      connection.ssl = tenant.ssl;
+    }
+    return {
+      client,
+      useNullAsDefault: true,
+      connection,
+      pool: tenant.pool ?? base.pool ?? defaultPool,
+      migrations: tenant.migrationsDir ? { directory: tenant.migrationsDir } : void 0,
+      seeds: tenant.seedsDir ? { directory: tenant.seedsDir } : void 0,
+      ...knexOptions
+    };
+  };
+  const getTenant = (tenantId, password) => {
+    const cached = cache.get(tenantId);
+    if (cached) return cached;
+    const client2 = knex(buildTenantConfig(tenantId, password));
+    cache.set(tenantId, client2);
+    return client2;
+  };
+  const destroyTenant = async (tenantId) => {
+    const client2 = cache.get(tenantId);
+    if (client2) {
+      await client2.destroy();
+      cache.delete(tenantId);
+    }
+  };
+  const destroyAll = async () => {
+    await Promise.all([...cache.values()].map((k) => k.destroy()));
+    cache.clear();
+    await baseClient.destroy();
+  };
+  const createTenantDb = async (tenantId, password) => {
+    await ensureRegistryTable(baseClient, resolved);
+    const tenantPassword = normalizePassword(password);
+    const hasTenantPassword = password !== void 0 && password !== null;
+    if (isSqliteClient(client)) {
+      const filename = resolveSqliteTenantFilename(tenantId);
+      if (filename !== ":memory:") {
+        fs2.mkdirSync(path2.dirname(filename), { recursive: true });
+        if (!fs2.existsSync(filename)) {
+          fs2.closeSync(fs2.openSync(filename, "a"));
+        }
+      }
+    } else {
+      const adminDb = base.adminDatabase ?? (isPostgresClient(client) ? "postgres" : isMysqlClient(client) ? "mysql" : isMssqlClient(client) ? "master" : resolveBaseDatabaseName());
+      const admin = knex({
+        ...baseKnexConfig,
+        connection: buildBaseConnection(adminDb)
+      });
+      try {
+        if (isPostgresClient(client)) {
+          const result = await admin.raw(`SELECT 1 FROM pg_database WHERE datname = ?`, [tenantId]);
+          if (result?.rows?.length) {
+            throw new Error(`Database "${tenantId}" already exists`);
+          }
+          const safeDb = escapePgIdent(tenantId);
+          await admin.raw(`CREATE DATABASE "${safeDb}"`);
+          if (tenantPassword && hasTenantPassword) {
+            const userName = `${tenant.userPrefix ?? "user_"}${tenantId}`;
+            const safeUser = escapePgIdent(userName);
+            const safePwd = escapeSqlString(tenantPassword);
+            await admin.raw(`CREATE USER "${safeUser}" WITH PASSWORD '${safePwd}'`);
+            await admin.raw(`GRANT ALL PRIVILEGES ON DATABASE "${safeDb}" TO "${safeUser}"`);
+          }
+        } else if (isMysqlClient(client)) {
+          const result = await admin.raw(
+            `SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = ?`,
+            [tenantId]
+          );
+          if (result?.[0]?.length) {
+            throw new Error(`Database "${tenantId}" already exists`);
+          }
+          const safeDb = escapeMysqlIdent(tenantId);
+          await admin.raw(`CREATE DATABASE \`${safeDb}\``);
+          if (tenantPassword && hasTenantPassword) {
+            const userName = `${tenant.userPrefix ?? "user_"}${tenantId}`;
+            const safeUser = escapeSqlString(userName);
+            const safePwd = escapeSqlString(tenantPassword);
+            await admin.raw(`CREATE USER IF NOT EXISTS '${safeUser}'@'%' IDENTIFIED BY '${safePwd}'`);
+            await admin.raw(`GRANT ALL PRIVILEGES ON \`${safeDb}\`.* TO '${safeUser}'@'%'`);
+          }
+        } else if (isMssqlClient(client)) {
+          const safeDb = escapeMssqlIdent(tenantId);
+          await admin.raw(
+            `IF DB_ID(N'${escapeSqlString(tenantId)}') IS NULL CREATE DATABASE [${safeDb}]`
+          );
+          if (tenantPassword && hasTenantPassword) {
+            const userName = `${tenant.userPrefix ?? "user_"}${tenantId}`;
+            const safeUser = escapeMssqlIdent(userName);
+            const safePwd = escapeSqlString(tenantPassword);
+            await admin.raw(
+              `IF NOT EXISTS (SELECT name FROM sys.server_principals WHERE name = N'${escapeSqlString(userName)}') CREATE LOGIN [${safeUser}] WITH PASSWORD = '${safePwd}'`
+            );
+            const tenantAdmin = knex({
+              ...baseKnexConfig,
+              connection: buildBaseConnection(tenantId)
+            });
+            try {
+              await tenantAdmin.raw(
+                `IF NOT EXISTS (SELECT name FROM sys.database_principals WHERE name = N'${escapeSqlString(userName)}') CREATE USER [${safeUser}] FOR LOGIN [${safeUser}]`
+              );
+              await tenantAdmin.raw(`EXEC sp_addrolemember 'db_owner', '${safeUser}'`);
+            } finally {
+              await tenantAdmin.destroy();
+            }
+          }
+        } else {
+          throw new Error(
+            `Tenora: createTenantDb is only supported for Postgres, MySQL/MariaDB, SQLite, and SQL Server clients (got "${client}").`
+          );
+        }
+      } finally {
+        await admin.destroy();
+      }
+    }
+    const tenantKnex = knex(buildTenantConfig(tenantId, tenantPassword));
+    try {
+      if (tenant.migrationsDir) {
+        await tenantKnex.migrate.latest();
+      }
+      if (tenant.seedsDir) {
+        await tenantKnex.seed.run();
+      }
+    } finally {
+      await tenantKnex.destroy();
+      cache.delete(tenantId);
+    }
+    await upsertTenantInRegistry(baseClient, resolved, tenantId, password);
+  };
+  return {
+    getBase: () => baseClient,
+    getTenant,
+    createTenantDb,
+    destroyTenant,
+    destroyAll
+  };
+};
+var createTenoraFactory = (options) => {
+  const resolved = options ?? loadDefaultConfig();
+  return buildTenoraFactory(resolved);
+};
+var createTenoraFactoryAsync = async (options) => {
+  const resolved = options ?? await loadDefaultConfigAsync();
+  return buildTenoraFactory(resolved);
+};
+var createKnexFactory = createTenoraFactory;
+// src/tenantResolver.ts
+var createTenantResolver = (opts) => {
+  const {
+    manager,
+    tenantId: tenantIdResolver,
+    passwordProvider,
+    authorizer,
+    attach
+  } = opts;
+  return async (req) => {
+    const tenantId = await tenantIdResolver(req);
+    if (!tenantId) return {};
+    let password;
+    if (passwordProvider) {
+      password = await passwordProvider(tenantId);
+    }
+    const knex2 = manager.getTenant(tenantId, password);
+    if (authorizer) {
+      await authorizer(tenantId, req);
+    }
+    if (attach) {
+      attach(req, tenantId, knex2);
+    } else {
+      req.tenantId = tenantId;
+      req.knex = knex2;
+    }
+    return { tenantId, knex: knex2 };
+  };
+};
+export {
+  createKnexFactory,
+  createTenantResolver,
+  createTenoraConfig,
+  createTenoraFactory,
+  createTenoraFactoryAsync,
+  decryptPassword,
+  defineTenoraConfig,
+  encryptPassword,
+  generateTenantPassword
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/config.ts","../src/knexFactory.ts","../src/password.ts","../src/tenantRegistry.ts","../src/configLoader.ts","../src/tenantResolver.ts"],"sourcesContent":["import type { MultiTenantOptions } from \"./types\";\n\n/**\n * Helper to get full config type hints in JS/TS config files.\n */\nexport const defineTenoraConfig = <T extends MultiTenantOptions>(config: T): T => config;\n\n// Backwards-friendly alias\nexport const createTenoraConfig = defineTenoraConfig;\n","import knex, { Knex } from \"knex\";\nimport fs from \"fs\";\nimport path from \"path\";\nimport type { MultiTenantOptions, TenantManager, TenoraClient } from \"./types\";\nimport { ensureRegistryTable, upsertTenantInRegistry } from \"./tenantRegistry\";\nimport { loadConfigModuleAsync, loadConfigModuleSync, resolveConfigPath, unwrapConfig } from \"./configLoader\";\n\nconst resolveClient = (value?: TenoraClient): TenoraClient => value ?? \"pg\";\n\nconst isPostgresClient = (client: TenoraClient): boolean =>\n client === \"pg\" || client === \"postgres\" || client === \"postgresql\";\n\nconst isMysqlClient = (client: TenoraClient): boolean =>\n client === \"mysql\" || client === \"mysql2\" || client === \"mariadb\";\n\nconst isSqliteClient = (client: TenoraClient): boolean =>\n client === \"sqlite3\" || client === \"better-sqlite3\" || client === \"sqlite\";\n\nconst isMssqlClient = (client: TenoraClient): boolean =>\n client === \"mssql\" || client === \"sqlserver\";\n\nconst normalizePassword = (value: unknown): string | undefined => {\n if (value === undefined || value === null) return undefined;\n if (typeof value === \"string\") return value;\n return String(value);\n};\n\nconst escapePgIdent = (value: string) => value.replace(/\"/g, \"\\\"\\\"\");\nconst escapeMysqlIdent = (value: string) => value.replace(/`/g, \"``\");\nconst escapeMssqlIdent = (value: string) => value.replace(/]/g, \"]]\");\nconst escapeSqlString = (value: string) => value.replace(/'/g, \"''\");\n\nconst loadDefaultConfig = (): MultiTenantOptions => {\n const explicit = process.env.TENORA_CONFIG;\n const fullPath = resolveConfigPath(explicit ?? undefined);\n const module = loadConfigModuleSync(fullPath);\n const cfg = unwrapConfig(module);\n if (!cfg) {\n throw new Error(\n `Tenora: config file ${path.basename(fullPath)} did not export a config object.`\n );\n }\n return cfg as MultiTenantOptions;\n};\n\nexport const loadDefaultConfigAsync = async (): Promise<MultiTenantOptions> => {\n const explicit = process.env.TENORA_CONFIG;\n const fullPath = resolveConfigPath(explicit ?? undefined);\n const module = await loadConfigModuleAsync(fullPath);\n const cfg = unwrapConfig(module);\n if (!cfg) {\n throw new Error(\n `Tenora: config file ${path.basename(fullPath)} did not export a config object.`\n );\n }\n return cfg as MultiTenantOptions;\n};\n\nconst defaultPool: Knex.PoolConfig = { min: 2, max: 10, acquireTimeoutMillis: 60_000, idleTimeoutMillis: 60_000 };\n\nconst buildTenoraFactory = (resolved: MultiTenantOptions): TenantManager => {\n const { base, tenant = {}, knexOptions = {} } = resolved;\n const cache = new Map<string, Knex>();\n const basePassword = normalizePassword(base.password);\n const client = resolveClient(base.client);\n\n const resolveBaseDatabaseName = (): string => {\n if (base.connection) {\n const conn = base.connection as unknown as Record<string, unknown>;\n if (isSqliteClient(client)) {\n const filename = (conn.filename as string | undefined) ?? base.database;\n if (!filename) {\n throw new Error(\"Tenora: base.database or base.connection.filename is required for SQLite.\");\n }\n return filename;\n }\n const dbName = (conn.database as string | undefined) ?? base.database;\n if (!dbName) {\n throw new Error(\"Tenora: base.database is required.\");\n }\n return dbName;\n }\n\n if (!base.database) {\n throw new Error(\"Tenora: base.database is required.\");\n }\n return base.database;\n };\n\n const applyConnectionDefaults = (conn: Record<string, unknown>) => {\n if (conn.user === undefined && base.user !== undefined) conn.user = base.user;\n if (conn.port === undefined && base.port !== undefined) conn.port = base.port;\n if (isMssqlClient(client)) {\n if (conn.server === undefined && base.host !== undefined) conn.server = base.host;\n } else if (conn.host === undefined && base.host !== undefined) {\n conn.host = base.host;\n }\n if (conn.ssl === undefined && base.ssl !== undefined) conn.ssl = base.ssl;\n const normalized = normalizePassword(conn.password ?? basePassword);\n if (normalized !== undefined) {\n conn.password = normalized;\n } else {\n delete conn.password;\n }\n };\n\n const buildBaseConnection = (databaseOverride?: string): Knex.StaticConnectionConfig => {\n if (base.connection) {\n const conn = { ...(base.connection as unknown as Record<string, unknown>) };\n applyConnectionDefaults(conn);\n if (databaseOverride !== undefined) {\n if (isSqliteClient(client)) {\n conn.filename = databaseOverride;\n delete conn.database;\n } else {\n conn.database = databaseOverride;\n }\n } else if (isSqliteClient(client)) {\n if (conn.filename === undefined && base.database) conn.filename = base.database;\n } else if (conn.database === undefined && base.database) {\n conn.database = base.database;\n }\n return conn as Knex.StaticConnectionConfig;\n }\n\n if (isSqliteClient(client)) {\n const filename = databaseOverride ?? base.database;\n if (!filename) {\n throw new Error(\"Tenora: base.database is required for SQLite.\");\n }\n return { filename } as Knex.StaticConnectionConfig;\n }\n\n if (!base.host || !base.user || !base.database) {\n throw new Error(\"Tenora: base connection is incomplete. Provide base.connection or host/user/database.\");\n }\n\n const conn: Record<string, unknown> = {\n ...(isMssqlClient(client) ? { server: base.host } : { host: base.host }),\n port: base.port,\n user: base.user,\n database: databaseOverride ?? base.database,\n ssl: base.ssl ?? false,\n };\n if (basePassword !== undefined) conn.password = basePassword;\n return conn as Knex.StaticConnectionConfig;\n };\n\n const baseKnexConfig: Knex.Config = {\n client,\n useNullAsDefault: true,\n connection: buildBaseConnection(resolveBaseDatabaseName()),\n pool: base.pool ?? defaultPool,\n migrations: base.migrationsDir ? { directory: base.migrationsDir } : undefined,\n seeds: base.seedsDir ? { directory: base.seedsDir } : undefined,\n ...knexOptions,\n } as Knex.Config;\n\n const baseClient = knex(baseKnexConfig);\n\n const resolveTenantDatabaseName = (tenantId: string): string =>\n tenant.databaseName ? tenant.databaseName(tenantId) : tenantId;\n\n const resolveSqliteTenantFilename = (tenantId: string): string => {\n const baseDb = resolveBaseDatabaseName();\n const baseDir = tenant.databaseDir ?? path.dirname(baseDb ?? process.cwd());\n const name = tenant.databaseName\n ? tenant.databaseName(tenantId)\n : `${tenantId}${tenant.databaseSuffix ?? \".sqlite\"}`;\n return path.isAbsolute(name) ? name : path.join(baseDir, name);\n };\n\n const buildTenantConfig = (tenantId: string, password?: string): Knex.Config => {\n const tenantPassword = normalizePassword(password ?? basePassword);\n const hasTenantPassword = password !== undefined && password !== null;\n const tenantDb = isSqliteClient(client)\n ? resolveSqliteTenantFilename(tenantId)\n : resolveTenantDatabaseName(tenantId);\n const connection = buildBaseConnection(tenantDb) as Record<string, unknown>;\n\n if (!isSqliteClient(client) && hasTenantPassword) {\n connection.user = `${tenant.userPrefix ?? \"user_\"}${tenantId}`;\n if (tenantPassword !== undefined) {\n connection.password = tenantPassword;\n } else {\n delete connection.password;\n }\n }\n\n if (tenant.ssl !== undefined) {\n connection.ssl = tenant.ssl;\n }\n\n return ({\n client,\n useNullAsDefault: true,\n connection,\n pool: tenant.pool ?? base.pool ?? defaultPool,\n migrations: tenant.migrationsDir ? { directory: tenant.migrationsDir } : undefined,\n seeds: tenant.seedsDir ? { directory: tenant.seedsDir } : undefined,\n ...knexOptions,\n });\n };\n\n /**\n * Get (or create+cache) a Knex client for the tenant.\n * Password is optional; if omitted, the base user is used.\n */\n const getTenant = (tenantId: string, password?: string): Knex => {\n const cached = cache.get(tenantId);\n if (cached) return cached;\n\n const client = knex(buildTenantConfig(tenantId, password));\n cache.set(tenantId, client);\n return client;\n };\n\n const destroyTenant = async (tenantId: string) => {\n const client = cache.get(tenantId);\n if (client) {\n await client.destroy();\n cache.delete(tenantId);\n }\n };\n\n const destroyAll = async () => {\n await Promise.all([...cache.values()].map((k) => k.destroy()));\n cache.clear();\n await baseClient.destroy();\n };\n\n /**\n * Create tenant DB, optional user, then run migrations/seeds.\n * Mirrors createDB.ts from the reference project.\n */\n const createTenantDb = async (tenantId: string, password?: string) => {\n await ensureRegistryTable(baseClient, resolved);\n const tenantPassword = normalizePassword(password);\n const hasTenantPassword = password !== undefined && password !== null;\n\n if (isSqliteClient(client)) {\n const filename = resolveSqliteTenantFilename(tenantId);\n if (filename !== \":memory:\") {\n fs.mkdirSync(path.dirname(filename), { recursive: true });\n if (!fs.existsSync(filename)) {\n fs.closeSync(fs.openSync(filename, \"a\"));\n }\n }\n } else {\n // Reuse a short-lived connection to admin db so we can create the tenant DB/user\n const adminDb =\n base.adminDatabase ??\n (isPostgresClient(client)\n ? \"postgres\"\n : isMysqlClient(client)\n ? \"mysql\"\n : isMssqlClient(client)\n ? \"master\"\n : resolveBaseDatabaseName());\n const admin = knex({\n ...baseKnexConfig,\n connection: buildBaseConnection(adminDb),\n });\n\n try {\n if (isPostgresClient(client)) {\n const result = await admin.raw(`SELECT 1 FROM pg_database WHERE datname = ?`, [tenantId]);\n if (result?.rows?.length) {\n throw new Error(`Database \"${tenantId}\" already exists`);\n }\n\n const safeDb = escapePgIdent(tenantId);\n await admin.raw(`CREATE DATABASE \"${safeDb}\"`);\n\n if (tenantPassword && hasTenantPassword) {\n const userName = `${tenant.userPrefix ?? \"user_\"}${tenantId}`;\n const safeUser = escapePgIdent(userName);\n const safePwd = escapeSqlString(tenantPassword);\n await admin.raw(`CREATE USER \"${safeUser}\" WITH PASSWORD '${safePwd}'`);\n await admin.raw(`GRANT ALL PRIVILEGES ON DATABASE \"${safeDb}\" TO \"${safeUser}\"`);\n }\n } else if (isMysqlClient(client)) {\n const result = await admin.raw(\n `SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = ?`,\n [tenantId]\n );\n if (result?.[0]?.length) {\n throw new Error(`Database \"${tenantId}\" already exists`);\n }\n\n const safeDb = escapeMysqlIdent(tenantId);\n await admin.raw(`CREATE DATABASE \\`${safeDb}\\``);\n\n if (tenantPassword && hasTenantPassword) {\n const userName = `${tenant.userPrefix ?? \"user_\"}${tenantId}`;\n const safeUser = escapeSqlString(userName);\n const safePwd = escapeSqlString(tenantPassword);\n await admin.raw(`CREATE USER IF NOT EXISTS '${safeUser}'@'%' IDENTIFIED BY '${safePwd}'`);\n await admin.raw(`GRANT ALL PRIVILEGES ON \\`${safeDb}\\`.* TO '${safeUser}'@'%'`);\n }\n } else if (isMssqlClient(client)) {\n const safeDb = escapeMssqlIdent(tenantId);\n await admin.raw(\n `IF DB_ID(N'${escapeSqlString(tenantId)}') IS NULL CREATE DATABASE [${safeDb}]`\n );\n\n if (tenantPassword && hasTenantPassword) {\n const userName = `${tenant.userPrefix ?? \"user_\"}${tenantId}`;\n const safeUser = escapeMssqlIdent(userName);\n const safePwd = escapeSqlString(tenantPassword);\n await admin.raw(\n `IF NOT EXISTS (SELECT name FROM sys.server_principals WHERE name = N'${escapeSqlString(userName)}') CREATE LOGIN [${safeUser}] WITH PASSWORD = '${safePwd}'`\n );\n\n const tenantAdmin = knex({\n ...baseKnexConfig,\n connection: buildBaseConnection(tenantId),\n });\n try {\n await tenantAdmin.raw(\n `IF NOT EXISTS (SELECT name FROM sys.database_principals WHERE name = N'${escapeSqlString(userName)}') CREATE USER [${safeUser}] FOR LOGIN [${safeUser}]`\n );\n await tenantAdmin.raw(`EXEC sp_addrolemember 'db_owner', '${safeUser}'`);\n } finally {\n await tenantAdmin.destroy();\n }\n }\n } else {\n throw new Error(\n `Tenora: createTenantDb is only supported for Postgres, MySQL/MariaDB, SQLite, and SQL Server clients (got \"${client}\").`\n );\n }\n } finally {\n await admin.destroy();\n }\n }\n\n // Run tenant migrations if configured\n const tenantKnex = knex(buildTenantConfig(tenantId, tenantPassword));\n try {\n if (tenant.migrationsDir) {\n await tenantKnex.migrate.latest();\n }\n if (tenant.seedsDir) {\n await tenantKnex.seed.run();\n }\n } finally {\n await tenantKnex.destroy();\n cache.delete(tenantId);\n }\n\n await upsertTenantInRegistry(baseClient, resolved, tenantId, password);\n };\n\n return {\n getBase: () => baseClient,\n getTenant,\n createTenantDb,\n destroyTenant,\n destroyAll,\n };\n};\n\nexport const createTenoraFactory = (\n options?: MultiTenantOptions\n): TenantManager => {\n const resolved = options ?? loadDefaultConfig();\n return buildTenoraFactory(resolved);\n};\n\nexport const createTenoraFactoryAsync = async (\n options?: MultiTenantOptions\n): Promise<TenantManager> => {\n const resolved = options ?? await loadDefaultConfigAsync();\n return buildTenoraFactory(resolved);\n};\n\n// Backwards-compatible alias\nexport const createKnexFactory = createTenoraFactory;\n","import CryptoJS from \"crypto-js\";\n\n/**\n * Generate a random password suitable for per-tenant DB users.\n */\nexport const generateTenantPassword = (length = 32): string => {\n const charset = \"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*\";\n let password = \"\";\n\n for (let i = 0; i < length; i++) {\n const randomIndex = Math.floor(Math.random() * charset.length);\n password += charset[randomIndex];\n }\n\n return password;\n};\n\nexport const encryptPassword = (password: string, cipherKey: string): string => {\n if (typeof cipherKey !== \"string\" || cipherKey.length === 0) {\n throw new Error(\"Tenora: cipherKey must be a non-empty string.\");\n }\n return CryptoJS.AES.encrypt(password, cipherKey).toString();\n};\n\nexport const decryptPassword = (encryptedPassword: string, cipherKey: string): string => {\n if (typeof cipherKey !== \"string\" || cipherKey.length === 0) {\n throw new Error(\"Tenora: cipherKey must be a non-empty string.\");\n }\n const bytes = CryptoJS.AES.decrypt(encryptedPassword, cipherKey);\n return bytes.toString(CryptoJS.enc.Utf8);\n};\n","import fs from \"fs\";\nimport path from \"path\";\nimport type { Knex } from \"knex\";\nimport type { MultiTenantOptions, TenantRecord, TenantRegistryOptions } from \"./types\";\nimport { decryptPassword as defaultDecrypt, encryptPassword as defaultEncrypt } from \"./password\";\n\nconst REGISTRY_MARKER = \"tenora:registry\";\n\nconst DEFAULT_REGISTRY: Required<TenantRegistryOptions> = {\n table: \"tenora_tenants\",\n idColumn: \"id\",\n passwordColumn: \"password\",\n encryptedPasswordColumn: \"encrypted_password\",\n createdAtColumn: \"created_at\",\n updatedAtColumn: \"updated_at\",\n};\n\nexport const resolveRegistry = (\n options: MultiTenantOptions\n): Required<TenantRegistryOptions> => ({\n ...DEFAULT_REGISTRY,\n ...(options.registry ?? {}),\n});\n\nconst resolveEncrypt = (options: MultiTenantOptions) => {\n if (options.encryptPassword) return options.encryptPassword;\n const key = process.env.TENORA_KEY;\n if (key) {\n return (plain: string) => defaultEncrypt(plain, key);\n }\n return undefined;\n};\n\nexport const resolveDecrypt = (options: MultiTenantOptions) => {\n if (options.decryptPassword) return options.decryptPassword;\n const key = process.env.TENORA_KEY;\n if (key) {\n return (encrypted: string) => defaultDecrypt(encrypted, key);\n }\n return undefined;\n};\n\nconst listMigrationFiles = (dir: string): string[] => {\n if (!fs.existsSync(dir)) return [];\n return fs\n .readdirSync(dir)\n .filter((name) => name.endsWith(\".js\") || name.endsWith(\".ts\"))\n .map((name) => path.join(dir, name));\n};\n\nexport const ensureRegistryMigration = (\n options: MultiTenantOptions\n): { created: boolean; filePath?: string } => {\n const configuredDir = options.base.migrationsDir;\n const migrationsDir = configuredDir\n ? (path.isAbsolute(configuredDir)\n ? configuredDir\n : path.join(process.cwd(), configuredDir))\n : undefined;\n if (!migrationsDir) {\n throw new Error(\n \"Tenora: base.migrationsDir is required to create the tenant registry migration.\"\n );\n }\n\n const registry = resolveRegistry(options);\n const files = listMigrationFiles(migrationsDir);\n const hasRegistry = files.some((file) => {\n try {\n return fs.readFileSync(file, \"utf8\").includes(REGISTRY_MARKER);\n } catch {\n return false;\n }\n });\n\n if (hasRegistry) {\n return { created: false };\n }\n\n fs.mkdirSync(migrationsDir, { recursive: true });\n const timestamp = new Date()\n .toISOString()\n .replace(/[-:T.Z]/g, \"\")\n .slice(0, 14);\n const fileName = `${timestamp}_create_tenant_registry.js`;\n const filePath = path.join(migrationsDir, fileName);\n\n const migration = `// ${REGISTRY_MARKER}\nexport const up = (knex) =>\n knex.schema.createTable(\"${registry.table}\", (t) => {\n t.string(\"${registry.idColumn}\").primary();\n t.string(\"${registry.passwordColumn}\");\n t.string(\"${registry.encryptedPasswordColumn}\");\n t.timestamp(\"${registry.createdAtColumn}\", { useTz: true }).defaultTo(knex.fn.now());\n t.timestamp(\"${registry.updatedAtColumn}\", { useTz: true }).defaultTo(knex.fn.now());\n });\n\nexport const down = (knex) => knex.schema.dropTableIfExists(\"${registry.table}\");\n`;\n\n fs.writeFileSync(filePath, migration);\n return { created: true, filePath };\n};\n\nexport const ensureRegistryTable = async (\n base: Knex,\n options: MultiTenantOptions\n) => {\n const registry = resolveRegistry(options);\n const exists = await base.schema.hasTable(registry.table);\n if (!exists) {\n throw new Error(\n `Tenora: tenant registry table \"${registry.table}\" not found. Run 'tenora migrate' to create it.`\n );\n }\n};\n\nexport const listTenantsFromRegistry = async (\n base: Knex,\n options: MultiTenantOptions\n): Promise<TenantRecord[]> => {\n const registry = resolveRegistry(options);\n await ensureRegistryTable(base, options);\n const rows = await base(registry.table).select({\n id: registry.idColumn,\n password: registry.passwordColumn,\n encryptedPassword: registry.encryptedPasswordColumn,\n });\n return rows as TenantRecord[];\n};\n\nexport const upsertTenantInRegistry = async (\n base: Knex,\n options: MultiTenantOptions,\n tenantId: string,\n password?: string\n) => {\n const registry = resolveRegistry(options);\n await ensureRegistryTable(base, options);\n\n const encrypt = resolveEncrypt(options);\n const encrypted = password && encrypt ? encrypt(password) : undefined;\n\n const record: Record<string, string> = {\n [registry.idColumn]: tenantId,\n };\n\n if (encrypted) {\n record[registry.encryptedPasswordColumn] = encrypted;\n } else if (password) {\n record[registry.passwordColumn] = password;\n }\n\n await base(registry.table)\n .insert(record)\n .onConflict(registry.idColumn)\n .merge(record);\n};\n","import fs from \"fs\";\nimport path from \"path\";\nimport { pathToFileURL } from \"url\";\nimport { createRequire } from \"module\";\n\nconst require = createRequire(import.meta.url);\n\nexport const DEFAULT_CONFIG_FILES = [\n \"tenora.config.js\",\n \"tenora.config.mjs\",\n \"tenora.config.ts\",\n];\n\nexport const resolveConfigPath = (explicitPath?: string): string => {\n const cwd = process.cwd();\n if (explicitPath) {\n return path.isAbsolute(explicitPath)\n ? explicitPath\n : path.join(cwd, explicitPath);\n }\n\n for (const file of DEFAULT_CONFIG_FILES) {\n const full = path.join(cwd, file);\n if (fs.existsSync(full)) return full;\n }\n\n throw new Error(\n `Tenora: no config found. Looked for ${DEFAULT_CONFIG_FILES.join(\", \")} in ${cwd}.`\n );\n};\n\nexport const loadConfigModuleSync = (fullPath: string) => {\n const ext = path.extname(fullPath);\n try {\n // eslint-disable-next-line @typescript-eslint/no-var-requires\n const mod = require(fullPath);\n return mod;\n } catch (err: any) {\n if (ext === \".mjs\" || err?.code === \"ERR_REQUIRE_ESM\") {\n throw new Error(\n `Tenora: ${path.basename(fullPath)} is ESM. Use createTenoraFactoryAsync() or pass the config directly.`\n );\n }\n if (ext === \".ts\" || err?.code === \"ERR_UNKNOWN_FILE_EXTENSION\") {\n throw new Error(\n `Tenora: ${path.basename(fullPath)} is TypeScript. Use createTenoraFactoryAsync() with a TS loader (tsx/ts-node), or pass the config directly.`\n );\n }\n throw err;\n }\n};\n\nexport const loadConfigModuleAsync = async (fullPath: string) => {\n const href = pathToFileURL(fullPath).href;\n return import(href);\n};\n\nexport const unwrapConfig = (mod: any) => mod.default ?? mod.config ?? mod;\n","import type { Knex } from \"knex\";\nimport type { TenantResolverOptions, TenantResolver } from \"./types\";\n\n/**\n * Framework-agnostic tenant resolver.\n * Call the returned function inside your middleware/pre-handler to attach a tenant-bound knex to the request.\n */\nexport const createTenantResolver = <Req extends { [k: string]: any }>(\n opts: TenantResolverOptions<Req>\n): TenantResolver<Req> => {\n const {\n manager,\n tenantId: tenantIdResolver,\n passwordProvider,\n authorizer,\n attach,\n } = opts;\n\n return async (req: Req): Promise<{ tenantId?: string; knex?: Knex }> => {\n const tenantId = await tenantIdResolver(req);\n if (!tenantId) return {};\n\n let password: string | undefined;\n if (passwordProvider) {\n password = await passwordProvider(tenantId);\n }\n\n const knex = manager.getTenant(tenantId, password);\n\n if (authorizer) {\n await authorizer(tenantId, req);\n }\n\n // default attach shape: req.tenantId + req.knex\n if (attach) {\n attach(req, tenantId, knex);\n } else {\n (req as any).tenantId = tenantId;\n (req as any).knex = knex;\n }\n\n return { tenantId, knex };\n };\n};\n"],"mappings":";AAKO,IAAM,qBAAqB,CAA+B,WAAiB;AAG3E,IAAM,qBAAqB;;;ACRlC,OAAO,UAAoB;AAC3B,OAAOA,SAAQ;AACf,OAAOC,WAAU;;;ACFjB,OAAO,cAAc;AAKd,IAAM,yBAAyB,CAAC,SAAS,OAAe;AAC7D,QAAM,UAAU;AAChB,MAAI,WAAW;AAEf,WAAS,IAAI,GAAG,IAAI,QAAQ,KAAK;AAC/B,UAAM,cAAc,KAAK,MAAM,KAAK,OAAO,IAAI,QAAQ,MAAM;AAC7D,gBAAY,QAAQ,WAAW;AAAA,EACjC;AAEA,SAAO;AACT;AAEO,IAAM,kBAAkB,CAAC,UAAkB,cAA8B;AAC9E,MAAI,OAAO,cAAc,YAAY,UAAU,WAAW,GAAG;AAC3D,UAAM,IAAI,MAAM,+CAA+C;AAAA,EACjE;AACA,SAAO,SAAS,IAAI,QAAQ,UAAU,SAAS,EAAE,SAAS;AAC5D;AAEO,IAAM,kBAAkB,CAAC,mBAA2B,cAA8B;AACvF,MAAI,OAAO,cAAc,YAAY,UAAU,WAAW,GAAG;AAC3D,UAAM,IAAI,MAAM,+CAA+C;AAAA,EACjE;AACA,QAAM,QAAQ,SAAS,IAAI,QAAQ,mBAAmB,SAAS;AAC/D,SAAO,MAAM,SAAS,SAAS,IAAI,IAAI;AACzC;;;ACtBA,IAAM,mBAAoD;AAAA,EACxD,OAAO;AAAA,EACP,UAAU;AAAA,EACV,gBAAgB;AAAA,EAChB,yBAAyB;AAAA,EACzB,iBAAiB;AAAA,EACjB,iBAAiB;AACnB;AAEO,IAAM,kBAAkB,CAC7B,aACqC;AAAA,EACrC,GAAG;AAAA,EACH,GAAI,QAAQ,YAAY,CAAC;AAC3B;AAEA,IAAM,iBAAiB,CAAC,YAAgC;AACtD,MAAI,QAAQ,gBAAiB,QAAO,QAAQ;AAC5C,QAAM,MAAM,QAAQ,IAAI;AACxB,MAAI,KAAK;AACP,WAAO,CAAC,UAAkB,gBAAe,OAAO,GAAG;AAAA,EACrD;AACA,SAAO;AACT;AAyEO,IAAM,sBAAsB,OACjC,MACA,YACG;AACH,QAAM,WAAW,gBAAgB,OAAO;AACxC,QAAM,SAAS,MAAM,KAAK,OAAO,SAAS,SAAS,KAAK;AACxD,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI;AAAA,MACR,kCAAkC,SAAS,KAAK;AAAA,IAClD;AAAA,EACF;AACF;AAgBO,IAAM,yBAAyB,OACpC,MACA,SACA,UACA,aACG;AACH,QAAM,WAAW,gBAAgB,OAAO;AACxC,QAAM,oBAAoB,MAAM,OAAO;AAEvC,QAAM,UAAU,eAAe,OAAO;AACtC,QAAM,YAAY,YAAY,UAAU,QAAQ,QAAQ,IAAI;AAE5D,QAAM,SAAiC;AAAA,IACrC,CAAC,SAAS,QAAQ,GAAG;AAAA,EACvB;AAEA,MAAI,WAAW;AACb,WAAO,SAAS,uBAAuB,IAAI;AAAA,EAC7C,WAAW,UAAU;AACnB,WAAO,SAAS,cAAc,IAAI;AAAA,EACpC;AAEA,QAAM,KAAK,SAAS,KAAK,EACtB,OAAO,MAAM,EACb,WAAW,SAAS,QAAQ,EAC5B,MAAM,MAAM;AACjB;;;AC7JA,OAAO,QAAQ;AACf,OAAO,UAAU;AACjB,SAAS,qBAAqB;AAC9B,SAAS,qBAAqB;AAE9B,IAAMC,WAAU,cAAc,YAAY,GAAG;AAEtC,IAAM,uBAAuB;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AACF;AAEO,IAAM,oBAAoB,CAAC,iBAAkC;AAClE,QAAM,MAAM,QAAQ,IAAI;AACxB,MAAI,cAAc;AAChB,WAAO,KAAK,WAAW,YAAY,IAC/B,eACA,KAAK,KAAK,KAAK,YAAY;AAAA,EACjC;AAEA,aAAW,QAAQ,sBAAsB;AACvC,UAAM,OAAO,KAAK,KAAK,KAAK,IAAI;AAChC,QAAI,GAAG,WAAW,IAAI,EAAG,QAAO;AAAA,EAClC;AAEA,QAAM,IAAI;AAAA,IACR,uCAAuC,qBAAqB,KAAK,IAAI,CAAC,OAAO,GAAG;AAAA,EAClF;AACF;AAEO,IAAM,uBAAuB,CAAC,aAAqB;AACxD,QAAM,MAAM,KAAK,QAAQ,QAAQ;AACjC,MAAI;AAEF,UAAM,MAAMA,SAAQ,QAAQ;AAC5B,WAAO;AAAA,EACT,SAAS,KAAU;AACjB,QAAI,QAAQ,UAAU,KAAK,SAAS,mBAAmB;AACrD,YAAM,IAAI;AAAA,QACR,WAAW,KAAK,SAAS,QAAQ,CAAC;AAAA,MACpC;AAAA,IACF;AACA,QAAI,QAAQ,SAAS,KAAK,SAAS,8BAA8B;AAC/D,YAAM,IAAI;AAAA,QACR,WAAW,KAAK,SAAS,QAAQ,CAAC;AAAA,MACpC;AAAA,IACF;AACA,UAAM;AAAA,EACR;AACF;AAEO,IAAM,wBAAwB,OAAO,aAAqB;AAC/D,QAAM,OAAO,cAAc,QAAQ,EAAE;AACrC,SAAO,OAAO;AAChB;AAEO,IAAM,eAAe,CAAC,QAAa,IAAI,WAAW,IAAI,UAAU;;;AHlDvE,IAAM,gBAAgB,CAAC,UAAuC,SAAS;AAEvE,IAAM,mBAAmB,CAAC,WACxB,WAAW,QAAQ,WAAW,cAAc,WAAW;AAEzD,IAAM,gBAAgB,CAAC,WACrB,WAAW,WAAW,WAAW,YAAY,WAAW;AAE1D,IAAM,iBAAiB,CAAC,WACtB,WAAW,aAAa,WAAW,oBAAoB,WAAW;AAEpE,IAAM,gBAAgB,CAAC,WACrB,WAAW,WAAW,WAAW;AAEnC,IAAM,oBAAoB,CAAC,UAAuC;AAChE,MAAI,UAAU,UAAa,UAAU,KAAM,QAAO;AAClD,MAAI,OAAO,UAAU,SAAU,QAAO;AACtC,SAAO,OAAO,KAAK;AACrB;AAEA,IAAM,gBAAgB,CAAC,UAAkB,MAAM,QAAQ,MAAM,IAAM;AACnE,IAAM,mBAAmB,CAAC,UAAkB,MAAM,QAAQ,MAAM,IAAI;AACpE,IAAM,mBAAmB,CAAC,UAAkB,MAAM,QAAQ,MAAM,IAAI;AACpE,IAAM,kBAAkB,CAAC,UAAkB,MAAM,QAAQ,MAAM,IAAI;AAEnE,IAAM,oBAAoB,MAA0B;AAClD,QAAM,WAAW,QAAQ,IAAI;AAC7B,QAAM,WAAW,kBAAkB,YAAY,MAAS;AACxD,QAAM,SAAS,qBAAqB,QAAQ;AAC5C,QAAM,MAAM,aAAa,MAAM;AAC/B,MAAI,CAAC,KAAK;AACR,UAAM,IAAI;AAAA,MACR,uBAAuBC,MAAK,SAAS,QAAQ,CAAC;AAAA,IAChD;AAAA,EACF;AACA,SAAO;AACT;AAEO,IAAM,yBAAyB,YAAyC;AAC7E,QAAM,WAAW,QAAQ,IAAI;AAC7B,QAAM,WAAW,kBAAkB,YAAY,MAAS;AACxD,QAAM,SAAS,MAAM,sBAAsB,QAAQ;AACnD,QAAM,MAAM,aAAa,MAAM;AAC/B,MAAI,CAAC,KAAK;AACR,UAAM,IAAI;AAAA,MACR,uBAAuBA,MAAK,SAAS,QAAQ,CAAC;AAAA,IAChD;AAAA,EACF;AACA,SAAO;AACT;AAEA,IAAM,cAA+B,EAAE,KAAK,GAAG,KAAK,IAAI,sBAAsB,KAAQ,mBAAmB,IAAO;AAEhH,IAAM,qBAAqB,CAAC,aAAgD;AAC1E,QAAM,EAAE,MAAM,SAAS,CAAC,GAAG,cAAc,CAAC,EAAE,IAAI;AAChD,QAAM,QAAQ,oBAAI,IAAkB;AACpC,QAAM,eAAe,kBAAkB,KAAK,QAAQ;AACpD,QAAM,SAAS,cAAc,KAAK,MAAM;AAExC,QAAM,0BAA0B,MAAc;AAC5C,QAAI,KAAK,YAAY;AACnB,YAAM,OAAO,KAAK;AAClB,UAAI,eAAe,MAAM,GAAG;AAC1B,cAAM,WAAY,KAAK,YAAmC,KAAK;AAC/D,YAAI,CAAC,UAAU;AACb,gBAAM,IAAI,MAAM,2EAA2E;AAAA,QAC7F;AACA,eAAO;AAAA,MACT;AACA,YAAM,SAAU,KAAK,YAAmC,KAAK;AAC7D,UAAI,CAAC,QAAQ;AACX,cAAM,IAAI,MAAM,oCAAoC;AAAA,MACtD;AACA,aAAO;AAAA,IACT;AAEA,QAAI,CAAC,KAAK,UAAU;AAClB,YAAM,IAAI,MAAM,oCAAoC;AAAA,IACtD;AACA,WAAO,KAAK;AAAA,EACd;AAEA,QAAM,0BAA0B,CAAC,SAAkC;AACjE,QAAI,KAAK,SAAS,UAAa,KAAK,SAAS,OAAW,MAAK,OAAO,KAAK;AACzE,QAAI,KAAK,SAAS,UAAa,KAAK,SAAS,OAAW,MAAK,OAAO,KAAK;AACzE,QAAI,cAAc,MAAM,GAAG;AACzB,UAAI,KAAK,WAAW,UAAa,KAAK,SAAS,OAAW,MAAK,SAAS,KAAK;AAAA,IAC/E,WAAW,KAAK,SAAS,UAAa,KAAK,SAAS,QAAW;AAC7D,WAAK,OAAO,KAAK;AAAA,IACnB;AACA,QAAI,KAAK,QAAQ,UAAa,KAAK,QAAQ,OAAW,MAAK,MAAM,KAAK;AACtE,UAAM,aAAa,kBAAkB,KAAK,YAAY,YAAY;AAClE,QAAI,eAAe,QAAW;AAC5B,WAAK,WAAW;AAAA,IAClB,OAAO;AACL,aAAO,KAAK;AAAA,IACd;AAAA,EACF;AAEA,QAAM,sBAAsB,CAAC,qBAA2D;AACtF,QAAI,KAAK,YAAY;AACnB,YAAMC,QAAO,EAAE,GAAI,KAAK,WAAkD;AAC1E,8BAAwBA,KAAI;AAC5B,UAAI,qBAAqB,QAAW;AAClC,YAAI,eAAe,MAAM,GAAG;AAC1B,UAAAA,MAAK,WAAW;AAChB,iBAAOA,MAAK;AAAA,QACd,OAAO;AACL,UAAAA,MAAK,WAAW;AAAA,QAClB;AAAA,MACF,WAAW,eAAe,MAAM,GAAG;AACjC,YAAIA,MAAK,aAAa,UAAa,KAAK,SAAU,CAAAA,MAAK,WAAW,KAAK;AAAA,MACzE,WAAWA,MAAK,aAAa,UAAa,KAAK,UAAU;AACvD,QAAAA,MAAK,WAAW,KAAK;AAAA,MACvB;AACA,aAAOA;AAAA,IACT;AAEA,QAAI,eAAe,MAAM,GAAG;AAC1B,YAAM,WAAW,oBAAoB,KAAK;AAC1C,UAAI,CAAC,UAAU;AACb,cAAM,IAAI,MAAM,+CAA+C;AAAA,MACjE;AACA,aAAO,EAAE,SAAS;AAAA,IACpB;AAEA,QAAI,CAAC,KAAK,QAAQ,CAAC,KAAK,QAAQ,CAAC,KAAK,UAAU;AAC9C,YAAM,IAAI,MAAM,uFAAuF;AAAA,IACzG;AAEA,UAAM,OAAgC;AAAA,MACpC,GAAI,cAAc,MAAM,IAAI,EAAE,QAAQ,KAAK,KAAK,IAAI,EAAE,MAAM,KAAK,KAAK;AAAA,MACtE,MAAM,KAAK;AAAA,MACX,MAAM,KAAK;AAAA,MACX,UAAU,oBAAoB,KAAK;AAAA,MACnC,KAAK,KAAK,OAAO;AAAA,IACnB;AACA,QAAI,iBAAiB,OAAW,MAAK,WAAW;AAChD,WAAO;AAAA,EACT;AAEA,QAAM,iBAA8B;AAAA,IAClC;AAAA,IACA,kBAAkB;AAAA,IAClB,YAAY,oBAAoB,wBAAwB,CAAC;AAAA,IACzD,MAAM,KAAK,QAAQ;AAAA,IACnB,YAAY,KAAK,gBAAgB,EAAE,WAAW,KAAK,cAAc,IAAI;AAAA,IACrE,OAAO,KAAK,WAAW,EAAE,WAAW,KAAK,SAAS,IAAI;AAAA,IACtD,GAAG;AAAA,EACL;AAEA,QAAM,aAAa,KAAK,cAAc;AAEtC,QAAM,4BAA4B,CAAC,aACjC,OAAO,eAAe,OAAO,aAAa,QAAQ,IAAI;AAExD,QAAM,8BAA8B,CAAC,aAA6B;AAChE,UAAM,SAAS,wBAAwB;AACvC,UAAM,UAAU,OAAO,eAAeD,MAAK,QAAQ,UAAU,QAAQ,IAAI,CAAC;AAC1E,UAAM,OAAO,OAAO,eAChB,OAAO,aAAa,QAAQ,IAC5B,GAAG,QAAQ,GAAG,OAAO,kBAAkB,SAAS;AACpD,WAAOA,MAAK,WAAW,IAAI,IAAI,OAAOA,MAAK,KAAK,SAAS,IAAI;AAAA,EAC/D;AAEA,QAAM,oBAAoB,CAAC,UAAkB,aAAmC;AAC9E,UAAM,iBAAiB,kBAAkB,YAAY,YAAY;AACjE,UAAM,oBAAoB,aAAa,UAAa,aAAa;AACjE,UAAM,WAAW,eAAe,MAAM,IAClC,4BAA4B,QAAQ,IACpC,0BAA0B,QAAQ;AACtC,UAAM,aAAa,oBAAoB,QAAQ;AAE/C,QAAI,CAAC,eAAe,MAAM,KAAK,mBAAmB;AAChD,iBAAW,OAAO,GAAG,OAAO,cAAc,OAAO,GAAG,QAAQ;AAC5D,UAAI,mBAAmB,QAAW;AAChC,mBAAW,WAAW;AAAA,MACxB,OAAO;AACL,eAAO,WAAW;AAAA,MACpB;AAAA,IACF;AAEA,QAAI,OAAO,QAAQ,QAAW;AAC5B,iBAAW,MAAM,OAAO;AAAA,IAC1B;AAEA,WAAQ;AAAA,MACN;AAAA,MACA,kBAAkB;AAAA,MAClB;AAAA,MACA,MAAM,OAAO,QAAQ,KAAK,QAAQ;AAAA,MAClC,YAAY,OAAO,gBAAgB,EAAE,WAAW,OAAO,cAAc,IAAI;AAAA,MACzE,OAAO,OAAO,WAAW,EAAE,WAAW,OAAO,SAAS,IAAI;AAAA,MAC1D,GAAG;AAAA,IACL;AAAA,EACF;AAMA,QAAM,YAAY,CAAC,UAAkB,aAA4B;AAC/D,UAAM,SAAS,MAAM,IAAI,QAAQ;AACjC,QAAI,OAAQ,QAAO;AAEnB,UAAME,UAAS,KAAK,kBAAkB,UAAU,QAAQ,CAAC;AACzD,UAAM,IAAI,UAAUA,OAAM;AAC1B,WAAOA;AAAA,EACT;AAEA,QAAM,gBAAgB,OAAO,aAAqB;AAChD,UAAMA,UAAS,MAAM,IAAI,QAAQ;AACjC,QAAIA,SAAQ;AACV,YAAMA,QAAO,QAAQ;AACrB,YAAM,OAAO,QAAQ;AAAA,IACvB;AAAA,EACF;AAEA,QAAM,aAAa,YAAY;AAC7B,UAAM,QAAQ,IAAI,CAAC,GAAG,MAAM,OAAO,CAAC,EAAE,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAC7D,UAAM,MAAM;AACZ,UAAM,WAAW,QAAQ;AAAA,EAC3B;AAMA,QAAM,iBAAiB,OAAO,UAAkB,aAAsB;AACpE,UAAM,oBAAoB,YAAY,QAAQ;AAC9C,UAAM,iBAAiB,kBAAkB,QAAQ;AACjD,UAAM,oBAAoB,aAAa,UAAa,aAAa;AAEjE,QAAI,eAAe,MAAM,GAAG;AAC1B,YAAM,WAAW,4BAA4B,QAAQ;AACrD,UAAI,aAAa,YAAY;AAC3B,QAAAC,IAAG,UAAUH,MAAK,QAAQ,QAAQ,GAAG,EAAE,WAAW,KAAK,CAAC;AACxD,YAAI,CAACG,IAAG,WAAW,QAAQ,GAAG;AAC5B,UAAAA,IAAG,UAAUA,IAAG,SAAS,UAAU,GAAG,CAAC;AAAA,QACzC;AAAA,MACF;AAAA,IACF,OAAO;AAEL,YAAM,UACJ,KAAK,kBACJ,iBAAiB,MAAM,IACpB,aACA,cAAc,MAAM,IAClB,UACA,cAAc,MAAM,IAClB,WACA,wBAAwB;AAClC,YAAM,QAAQ,KAAK;AAAA,QACjB,GAAG;AAAA,QACH,YAAY,oBAAoB,OAAO;AAAA,MACzC,CAAC;AAED,UAAI;AACF,YAAI,iBAAiB,MAAM,GAAG;AAC5B,gBAAM,SAAS,MAAM,MAAM,IAAI,+CAA+C,CAAC,QAAQ,CAAC;AACxF,cAAI,QAAQ,MAAM,QAAQ;AACxB,kBAAM,IAAI,MAAM,aAAa,QAAQ,kBAAkB;AAAA,UACzD;AAEA,gBAAM,SAAS,cAAc,QAAQ;AACrC,gBAAM,MAAM,IAAI,oBAAoB,MAAM,GAAG;AAE7C,cAAI,kBAAkB,mBAAmB;AACvC,kBAAM,WAAW,GAAG,OAAO,cAAc,OAAO,GAAG,QAAQ;AAC3D,kBAAM,WAAW,cAAc,QAAQ;AACvC,kBAAM,UAAU,gBAAgB,cAAc;AAC9C,kBAAM,MAAM,IAAI,gBAAgB,QAAQ,oBAAoB,OAAO,GAAG;AACtE,kBAAM,MAAM,IAAI,qCAAqC,MAAM,SAAS,QAAQ,GAAG;AAAA,UACjF;AAAA,QACF,WAAW,cAAc,MAAM,GAAG;AAChC,gBAAM,SAAS,MAAM,MAAM;AAAA,YACzB;AAAA,YACA,CAAC,QAAQ;AAAA,UACX;AACA,cAAI,SAAS,CAAC,GAAG,QAAQ;AACvB,kBAAM,IAAI,MAAM,aAAa,QAAQ,kBAAkB;AAAA,UACzD;AAEA,gBAAM,SAAS,iBAAiB,QAAQ;AACxC,gBAAM,MAAM,IAAI,qBAAqB,MAAM,IAAI;AAE/C,cAAI,kBAAkB,mBAAmB;AACvC,kBAAM,WAAW,GAAG,OAAO,cAAc,OAAO,GAAG,QAAQ;AAC3D,kBAAM,WAAW,gBAAgB,QAAQ;AACzC,kBAAM,UAAU,gBAAgB,cAAc;AAC9C,kBAAM,MAAM,IAAI,8BAA8B,QAAQ,wBAAwB,OAAO,GAAG;AACxF,kBAAM,MAAM,IAAI,6BAA6B,MAAM,YAAY,QAAQ,OAAO;AAAA,UAChF;AAAA,QACF,WAAW,cAAc,MAAM,GAAG;AAChC,gBAAM,SAAS,iBAAiB,QAAQ;AACxC,gBAAM,MAAM;AAAA,YACV,cAAc,gBAAgB,QAAQ,CAAC,+BAA+B,MAAM;AAAA,UAC9E;AAEA,cAAI,kBAAkB,mBAAmB;AACvC,kBAAM,WAAW,GAAG,OAAO,cAAc,OAAO,GAAG,QAAQ;AAC3D,kBAAM,WAAW,iBAAiB,QAAQ;AAC1C,kBAAM,UAAU,gBAAgB,cAAc;AAC9C,kBAAM,MAAM;AAAA,cACV,wEAAwE,gBAAgB,QAAQ,CAAC,oBAAoB,QAAQ,sBAAsB,OAAO;AAAA,YAC5J;AAEA,kBAAM,cAAc,KAAK;AAAA,cACvB,GAAG;AAAA,cACH,YAAY,oBAAoB,QAAQ;AAAA,YAC1C,CAAC;AACD,gBAAI;AACF,oBAAM,YAAY;AAAA,gBAChB,0EAA0E,gBAAgB,QAAQ,CAAC,mBAAmB,QAAQ,gBAAgB,QAAQ;AAAA,cACxJ;AACA,oBAAM,YAAY,IAAI,sCAAsC,QAAQ,GAAG;AAAA,YACzE,UAAE;AACA,oBAAM,YAAY,QAAQ;AAAA,YAC5B;AAAA,UACF;AAAA,QACF,OAAO;AACL,gBAAM,IAAI;AAAA,YACR,8GAA8G,MAAM;AAAA,UACtH;AAAA,QACF;AAAA,MACF,UAAE;AACA,cAAM,MAAM,QAAQ;AAAA,MACtB;AAAA,IACF;AAGA,UAAM,aAAa,KAAK,kBAAkB,UAAU,cAAc,CAAC;AACnE,QAAI;AACF,UAAI,OAAO,eAAe;AACxB,cAAM,WAAW,QAAQ,OAAO;AAAA,MAClC;AACA,UAAI,OAAO,UAAU;AACnB,cAAM,WAAW,KAAK,IAAI;AAAA,MAC5B;AAAA,IACF,UAAE;AACA,YAAM,WAAW,QAAQ;AACzB,YAAM,OAAO,QAAQ;AAAA,IACvB;AAEA,UAAM,uBAAuB,YAAY,UAAU,UAAU,QAAQ;AAAA,EACvE;AAEA,SAAO;AAAA,IACL,SAAS,MAAM;AAAA,IACf;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEO,IAAM,sBAAsB,CACjC,YACkB;AAClB,QAAM,WAAW,WAAW,kBAAkB;AAC9C,SAAO,mBAAmB,QAAQ;AACpC;AAEO,IAAM,2BAA2B,OACtC,YAC2B;AAC3B,QAAM,WAAW,WAAW,MAAM,uBAAuB;AACzD,SAAO,mBAAmB,QAAQ;AACpC;AAGO,IAAM,oBAAoB;;;AInX1B,IAAM,uBAAuB,CAClC,SACwB;AACxB,QAAM;AAAA,IACJ;AAAA,IACA,UAAU;AAAA,IACV;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,SAAO,OAAO,QAA0D;AACtE,UAAM,WAAW,MAAM,iBAAiB,GAAG;AAC3C,QAAI,CAAC,SAAU,QAAO,CAAC;AAEvB,QAAI;AACJ,QAAI,kBAAkB;AACpB,iBAAW,MAAM,iBAAiB,QAAQ;AAAA,IAC5C;AAEA,UAAMC,QAAO,QAAQ,UAAU,UAAU,QAAQ;AAEjD,QAAI,YAAY;AACd,YAAM,WAAW,UAAU,GAAG;AAAA,IAChC;AAGA,QAAI,QAAQ;AACV,aAAO,KAAK,UAAUA,KAAI;AAAA,IAC5B,OAAO;AACL,MAAC,IAAY,WAAW;AACxB,MAAC,IAAY,OAAOA;AAAA,IACtB;AAEA,WAAO,EAAE,UAAU,MAAAA,MAAK;AAAA,EAC1B;AACF;","names":["fs","path","require","path","conn","client","fs","knex"]}

package/package.json ADDED Viewed

@@ -0,0 +1,48 @@
+{
+  "name": "@tenora/multi-tenant",
+  "version": "0.1.1",
+  "description": "Reusable multi-tenant helper for Knex + Objection (Fastify friendly)",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "tenora": "dist/cli.js"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "package.json"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "prepack": "npm run build",
+    "lint": "echo 'add your linter'"
+  },
+  "keywords": [
+    "knex",
+    "objection",
+    "multi-tenant",
+    "fastify",
+    "postgres"
+  ],
+  "author": "",
+  "license": "MIT",
+  "dependencies": {
+    "commander": "^13.1.0",
+    "crypto-js": "^4.2.0",
+    "knex": "^3.1.0",
+    "objection": "^3.1.2"
+  },
+  "devDependencies": {
+    "@types/node": "^22.13.0",
+    "tsup": "^8.5.1",
+    "typescript": "^5.6.3"
+  },
+  "peerDependencies": {
+    "fastify": ">=4",
+    "pg": ">=8"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}