npm - @undefineds.co/xpod - Versions diffs - 0.3.31 → 0.3.33 - Mend

@undefineds.co/xpod 0.3.31 → 0.3.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (218) hide show

package/dist/identity/drizzle/AccountRoleRepository.js CHANGED Viewed

@@ -10,6 +10,8 @@ const drizzle_orm_1 = require("drizzle-orm");
 const global_logger_factory_1 = require("global-logger-factory");
 const db_1 = require("./db");
 const ACCOUNT_DATA_DIR = node_path_1.default.resolve('.internal', 'accounts', 'data');
+const IDENTITY_STORE_TABLE = 'identity_store';
+const INTERNAL_KV_TABLE = 'internal_kv';
 function resolveWebIds(payload) {
     const candidates = new Set();
     const possibleKeys = ['webId', 'webid', 'primaryWebId', 'primary_webid'];
@@ -38,39 +40,87 @@ function resolveWebIds(payload) {
             }
         }
     }
-    return [...candidates];
+    const webIdLink = payload['**webIdLink**'] ?? payload.webIdLink;
+    if (webIdLink && typeof webIdLink === 'object') {
+        for (const entry of Object.values(webIdLink)) {
+            if (!entry || typeof entry !== 'object') {
+                continue;
+            }
+            const webId = entry.webId;
+            if (typeof webId === 'string' && webId.trim().length > 0) {
+                candidates.add(webId.trim());
+            }
+        }
+    }
+    const podMap = payload['**pod**'] ?? payload.pod;
+    if (podMap && typeof podMap === 'object') {
+        for (const pod of Object.values(podMap)) {
+            if (!pod || typeof pod !== 'object') {
+                continue;
+            }
+            const owner = pod['**owner**'] ?? pod.owner;
+            if (!owner || typeof owner !== 'object') {
+                continue;
+            }
+            for (const entry of Object.values(owner)) {
+                if (!entry || typeof entry !== 'object') {
+                    continue;
+                }
+                const webId = entry.webId;
+                if (typeof webId === 'string' && webId.trim().length > 0) {
+                    candidates.add(webId.trim());
+                }
+            }
+        }
+    }
+    return Array.from(candidates);
+}
+function resolveRoles(payload) {
+    const roles = payload.roles;
+    if (!Array.isArray(roles)) {
+        return [];
+    }
+    return Array.from(new Set(roles
+        .map((role) => typeof role === 'string' ? role.trim() : '')
+        .filter((role) => role.length > 0)));
+}
+function parsePayload(value) {
+    if (!value) {
+        return undefined;
+    }
+    if (typeof value === 'string') {
+        try {
+            const parsed = JSON.parse(value);
+            return parsed && typeof parsed === 'object' ? parsed : undefined;
+        }
+        catch {
+            return undefined;
+        }
+    }
+    return typeof value === 'object' ? value : undefined;
 }
 class AccountRoleRepository {
     constructor(db) {
         this.db = db;
         this.logger = (0, global_logger_factory_1.getLoggerFor)(this);
-        this.ready = this.ensureSchema();
     }
     async findByAccountId(accountId) {
-        await this.ready;
-        const payload = await this.getAccountPayloadById(accountId);
-        if (!payload) {
-            const rolesFallback = await this.fetchRoles(accountId);
-            if (rolesFallback.length === 0) {
-                return undefined;
-            }
-            return { accountId, roles: rolesFallback };
+        const record = await this.getAccountById(accountId);
+        if (!record) {
+            return undefined;
         }
-        const [webId] = resolveWebIds(payload);
-        const roles = await this.fetchRoles(accountId);
-        return { accountId, webId, roles };
+        const [webId] = resolveWebIds(record.payload);
+        return { accountId, webId, roles: resolveRoles(record.payload) };
     }
     async findByWebId(webId) {
-        await this.ready;
         const accounts = await this.loadAllAccounts();
-        for (const { id, payload } of accounts) {
+        for (const { id, payload } of accounts.values()) {
             const knownWebIds = resolveWebIds(payload);
             if (knownWebIds.includes(webId)) {
-                const roles = await this.fetchRoles(id);
                 return {
                     accountId: id,
                     webId,
-                    roles,
+                    roles: resolveRoles(payload),
                 };
             }
         }
@@ -80,100 +130,131 @@ class AccountRoleRepository {
         return this.findByWebId(webId);
     }
     async addRoles(accountId, roles) {
-        await this.ready;
         const unique = Array.from(new Set(roles.map((role) => role.trim()).filter((role) => role.length > 0)));
         if (unique.length === 0) {
             return;
         }
-        for (const role of unique) {
-            await (0, db_1.executeStatement)(this.db, (0, drizzle_orm_1.sql) `
-        INSERT INTO identity_account_role (account_id, role)
-        VALUES (${accountId}, ${role})
-        ON CONFLICT (account_id, role) DO NOTHING
-      `);
+        const record = await this.getAccountById(accountId);
+        if (!record) {
+            this.logger.warn(`Cannot add roles for unknown account ${accountId}`);
+            return;
         }
+        const nextRoles = Array.from(new Set([...resolveRoles(record.payload), ...unique]));
+        await this.updateAccountRecord(record, { ...record.payload, roles: nextRoles });
     }
-    async ensureSchema() {
-        try {
-            if ((0, db_1.isDatabaseSqlite)(this.db)) {
-                // SQLite syntax
-                await (0, db_1.executeStatement)(this.db, (0, drizzle_orm_1.sql) `
-          CREATE TABLE IF NOT EXISTS identity_account_role (
-            account_id TEXT NOT NULL,
-            role TEXT NOT NULL,
-            created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),
-            PRIMARY KEY (account_id, role)
-          )
-        `);
-            }
-            else {
-                // PostgreSQL syntax
-                await (0, db_1.executeStatement)(this.db, (0, drizzle_orm_1.sql) `
-          CREATE TABLE IF NOT EXISTS identity_account_role (
-            account_id TEXT NOT NULL,
-            role TEXT NOT NULL,
-            created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
-            PRIMARY KEY (account_id, role)
-          )
-        `);
-            }
-        }
-        catch (error) {
-            if (!this.isDuplicateDefinitionError(error)) {
-                throw error;
+    async getAccountById(accountId) {
+        const accounts = await this.loadAllAccounts();
+        return accounts.get(accountId);
+    }
+    async loadAllAccounts() {
+        const accounts = new Map();
+        await this.loadIdentityStoreAccounts(accounts);
+        await this.loadInternalKvAccounts(accounts);
+        for (const [id, payload] of await this.loadFileAccountMap()) {
+            if (!accounts.has(id)) {
+                accounts.set(id, { id, payload, source: 'file' });
             }
-            this.logger.debug('identity_account_role schema already present, skipping creation.');
         }
+        return accounts;
     }
-    async fetchRoles(accountId) {
-        const result = await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `
-      SELECT role
-      FROM identity_account_role
-      WHERE account_id = ${accountId}
-    `);
-        return result.rows.map((row) => {
-            const value = typeof row.role === 'string' ? row.role.trim() : '';
-            return value;
-        }).filter((value) => value.length > 0);
-    }
-    async getAccountPayloadById(accountId) {
+    async loadIdentityStoreAccounts(accounts) {
+        const tableId = drizzle_orm_1.sql.identifier([IDENTITY_STORE_TABLE]);
+        let rows = [];
         try {
-            const accountResult = await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `
-        SELECT payload
-        FROM identity_account
-        WHERE id = ${accountId}
-        LIMIT 1
+            const result = await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `
+        SELECT container, id, payload
+        FROM ${tableId}
+        WHERE container IN ('account', 'pod', 'owner', 'webIdLink')
       `);
-            if (accountResult.rows.length > 0) {
-                const payload = accountResult.rows[0]?.payload;
-                if (payload && typeof payload === 'object') {
-                    return payload;
-                }
-            }
+            rows = result.rows;
         }
         catch (error) {
             if (!this.isTableMissing(error)) {
                 throw error;
             }
+            return;
+        }
+        const podAccountIds = new Map();
+        const webIdsByAccount = new Map();
+        for (const row of rows) {
+            if (!row.id || !row.container) {
+                continue;
+            }
+            const payload = parsePayload(row.payload);
+            if (!payload) {
+                continue;
+            }
+            if (row.container === 'account') {
+                accounts.set(row.id, { id: row.id, payload, source: 'identity-store' });
+            }
+            else if (row.container === 'pod') {
+                const accountId = typeof payload.accountId === 'string' ? payload.accountId : undefined;
+                if (accountId) {
+                    podAccountIds.set(row.id, accountId);
+                }
+            }
+        }
+        for (const row of rows) {
+            const payload = parsePayload(row.payload);
+            if (!row.container || !payload) {
+                continue;
+            }
+            if (row.container === 'webIdLink') {
+                const accountId = typeof payload.accountId === 'string' ? payload.accountId : undefined;
+                const webId = typeof payload.webId === 'string' ? payload.webId : undefined;
+                if (accountId && webId) {
+                    appendWebId(webIdsByAccount, accountId, webId);
+                }
+            }
+            else if (row.container === 'owner') {
+                const podId = typeof payload.podId === 'string' ? payload.podId : undefined;
+                const webId = typeof payload.webId === 'string' ? payload.webId : undefined;
+                const accountId = podId ? podAccountIds.get(podId) : undefined;
+                if (accountId && webId) {
+                    appendWebId(webIdsByAccount, accountId, webId);
+                }
+            }
+        }
+        for (const [accountId, webIds] of webIdsByAccount) {
+            const record = accounts.get(accountId);
+            if (!record) {
+                continue;
+            }
+            record.payload = {
+                ...record.payload,
+                webIdLink: Object.fromEntries(Array.from(webIds).map((webId, index) => [
+                    `webid-${index}`,
+                    { accountId, webId },
+                ])),
+            };
         }
-        const files = await this.loadFileAccountMap();
-        return files.get(accountId);
     }
-    async loadAllAccounts() {
+    async loadInternalKvAccounts(accounts) {
+        const tableId = drizzle_orm_1.sql.identifier([INTERNAL_KV_TABLE]);
         try {
-            const result = await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `SELECT id, payload FROM identity_account`);
-            return result.rows.map((row) => ({
-                id: row.id,
-                payload: (row.payload ?? {}),
-            }));
+            const result = await (0, db_1.executeQuery)(this.db, (0, drizzle_orm_1.sql) `
+        SELECT key, value
+        FROM ${tableId}
+        WHERE key LIKE 'accounts/data/%'
+           OR key LIKE '/.internal/accounts/data/%'
+      `);
+            for (const row of result.rows) {
+                if (!row.key) {
+                    continue;
+                }
+                const accountId = extractAccountIdFromKey(row.key);
+                const payload = parsePayload(row.value);
+                if (!accountId || !payload || accounts.has(accountId)) {
+                    continue;
+                }
+                accounts.set(accountId, { id: accountId, payload, source: 'internal-kv', key: row.key });
+            }
         }
         catch (error) {
             if (!this.isTableMissing(error)) {
                 throw error;
             }
         }
-        const files = await this.loadFileAccountMap();
-        return Array.from(files.entries()).map(([id, payload]) => ({ id, payload }));
     }
     async loadFileAccountMap() {
         const map = new Map();
@@ -206,28 +287,54 @@ class AccountRoleRepository {
         }
         return map;
     }
-    isTableMissing(error) {
-        if (!error || typeof error !== 'object') {
-            return false;
+    async updateAccountRecord(record, payload) {
+        if (record.source === 'identity-store') {
+            const tableId = drizzle_orm_1.sql.identifier([IDENTITY_STORE_TABLE]);
+            await (0, db_1.executeStatement)(this.db, (0, drizzle_orm_1.sql) `
+        UPDATE ${tableId}
+        SET payload = ${this.toJsonSql(payload)}
+        WHERE container = 'account' AND id = ${record.id}
+      `);
+            return;
         }
-        const code = error.code;
-        if (code === '42P01') {
-            return true;
+        if (record.source === 'internal-kv' && record.key) {
+            const tableId = drizzle_orm_1.sql.identifier([INTERNAL_KV_TABLE]);
+            await (0, db_1.executeStatement)(this.db, (0, drizzle_orm_1.sql) `
+        UPDATE ${tableId}
+        SET value = ${JSON.stringify(payload)}
+        WHERE key = ${record.key}
+      `);
         }
-        const message = error.message ?? '';
-        return /does not exist/u.test(message);
     }
-    isDuplicateDefinitionError(error) {
+    toJsonSql(payload) {
+        const serialized = JSON.stringify(payload);
+        return (0, db_1.isDatabaseSqlite)(this.db) ? (0, drizzle_orm_1.sql) `${serialized}` : (0, drizzle_orm_1.sql) `${serialized}::jsonb`;
+    }
+    isTableMissing(error) {
         if (!error || typeof error !== 'object') {
             return false;
         }
         const code = error.code;
-        if (code && ['23505', '42P07', '42710'].includes(code)) {
+        if (code === '42P01') {
             return true;
         }
         const message = error.message ?? '';
-        return /already exists/u.test(message);
+        return /does not exist|no such table/u.test(message);
     }
 }
 exports.AccountRoleRepository = AccountRoleRepository;
+function appendWebId(target, accountId, webId) {
+    const values = target.get(accountId) ?? new Set();
+    values.add(webId);
+    target.set(accountId, values);
+}
+function extractAccountIdFromKey(key) {
+    const marker = 'accounts/data/';
+    const index = key.indexOf(marker);
+    if (index < 0) {
+        return undefined;
+    }
+    const accountId = key.slice(index + marker.length).replace(/\.json$/u, '');
+    return accountId || undefined;
+}
 //# sourceMappingURL=AccountRoleRepository.js.map

package/dist/identity/drizzle/AccountRoleRepository.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"AccountRoleRepository.js","sourceRoot":"","sources":["../../../src/identity/drizzle/AccountRoleRepository.ts"],"names":[],"mappings":";;;;;;AAAA,qCAAyC;AACzC,0DAA6B;AAC7B,6CAAkC;AAClC,iEAAqD;AAErD,6BAAwE;AAExE,MAAM,gBAAgB,GAAG,mBAAI,CAAC,OAAO,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;AAQvE,SAAS,aAAa,CAAC,OAAgC;IACrD,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,MAAM,YAAY,GAAG,CAAE,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,eAAe,CAAE,CAAC;IAC3E,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC3B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzD,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC7C,MAAM,KAAK,GAAI,QAAoC,CAAC,KAAK,CAAC;QAC1D,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzD,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IACD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC1B,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,KAAK,MAAM,KAAK,IAAI,IAAI,EAAE,CAAC;YACzB,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACxC,SAAS;YACX,CAAC;YACD,MAAM,KAAK,GAAI,KAAiC,CAAC,KAAK,CAAC;YACvD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzD,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,CAAE,GAAG,UAAU,CAAE,CAAC;AAC3B,CAAC;AAED,MAAa,qBAAqB;IAIhC,YAAoC,EAAoB;QAApB,OAAE,GAAF,EAAE,CAAkB;QAFvC,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAG3C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;IACnC,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,SAAiB;QAC5C,MAAM,IAAI,CAAC,KAAK,CAAC;QACjB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAC;QAC5D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACvD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC/B,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC;QAC7C,CAAC;QACD,MAAM,CAAE,KAAK,CAAE,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC/C,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IACrC,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,KAAa;QACpC,MAAM,IAAI,CAAC,KAAK,CAAC;QACjB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC9C,KAAK,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,QAAQ,EAAE,CAAC;YACvC,MAAM,WAAW,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;YAC3C,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;gBACxC,OAAO;oBACL,SAAS,EAAE,EAAE;oBACb,KAAK;oBACL,KAAK;iBACN,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,KAAa;QACzC,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,SAAiB,EAAE,KAAe;QACtD,MAAM,IAAI,CAAC,KAAK,CAAC;QACjB,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAC/B,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CACnE,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO;QACT,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;YAC1B,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;kBAEvB,SAAS,KAAK,IAAI;;OAE7B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,IAAI,CAAC;YACH,IAAI,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC9B,gBAAgB;gBAChB,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;;;;;SAOlC,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,oBAAoB;gBACpB,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;;;;;SAOlC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,0BAA0B,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5C,MAAM,KAAK,CAAC;YACd,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kEAAkE,CAAC,CAAC;QACxF,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,SAAiB;QACxC,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAqB,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;2BAG3C,SAAS;KAC/B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7B,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAEO,KAAK,CAAC,qBAAqB,CAAC,SAAiB;QACnD,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,IAAA,iBAAY,EAAwB,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;;qBAG7D,SAAS;;OAEvB,CAAC,CAAC;YACH,IAAI,aAAa,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClC,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC;gBAC/C,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;oBAC3C,OAAO,OAAkC,CAAC;gBAC5C,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC9C,OAAO,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9B,CAAC;IAEO,KAAK,CAAC,eAAe;QAC3B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAmC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA,0CAA0C,CAAC,CAAC;YAC5H,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBAC/B,EAAE,EAAE,GAAG,CAAC,EAAE;gBACV,OAAO,EAAE,CAAC,GAAG,CAAC,OAAO,IAAI,EAAE,CAA4B;aACxD,CAAC,CAAC,CAAC;QACN,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC9C,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAE,EAAE,EAAE,OAAO,CAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IACjF,CAAC;IAEO,KAAK,CAAC,kBAAkB;QAC9B,MAAM,GAAG,GAAG,IAAI,GAAG,EAAmC,CAAC;QACvD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,kBAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;YACjD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC5B,SAAS;gBACX,CAAC;gBACD,MAAM,QAAQ,GAAG,mBAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;gBACnD,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;oBAChD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA0B,CAAC;oBACxD,MAAM,OAAO,GAAG,MAAM,EAAE,OAAO,CAAC;oBAChC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;wBAC5C,SAAS;oBACX,CAAC;oBACD,MAAM,SAAS,GAAI,OAAmC,CAAC,EAAE,CAAC;oBAC1D,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACjE,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,OAAkC,CAAC,CAAC;oBACzD,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAc,EAAE,CAAC;oBACxB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,QAAQ,KAAM,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;gBACtF,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uCAAuC,gBAAgB,MAAO,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7G,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,cAAc,CAAC,KAAc;QACnC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxC,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,IAAI,GAAI,KAA2B,CAAC,IAAI,CAAC;QAC/C,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,OAAO,GAAI,KAA8B,CAAC,OAAO,IAAI,EAAE,CAAC;QAC9D,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IAEO,0BAA0B,CAAC,KAAc;QAC/C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxC,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,IAAI,GAAI,KAA2B,CAAC,IAAI,CAAC;QAC/C,IAAI,IAAI,IAAI,CAAE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACzD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,OAAO,GAAI,KAA8B,CAAC,OAAO,IAAI,EAAE,CAAC;QAC9D,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;CACF;AApMD,sDAoMC","sourcesContent":["import { promises as fs } from 'node:fs';\nimport path from 'node:path';\nimport { sql } from 'drizzle-orm';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { IdentityDatabase } from './db';\nimport { executeQuery, executeStatement, isDatabaseSqlite } from './db';\n\nconst ACCOUNT_DATA_DIR = path.resolve('.internal', 'accounts', 'data');\n\nexport interface AccountRoleContext {\n accountId: string;\n webId?: string;\n roles: string[];\n}\n\nfunction resolveWebIds(payload: Record<string, unknown>): string[] {\n const candidates = new Set<string>();\n const possibleKeys = [ 'webId', 'webid', 'primaryWebId', 'primary_webid' ];\n for (const key of possibleKeys) {\n const value = payload[key];\n if (typeof value === 'string' && value.trim().length > 0) {\n candidates.add(value.trim());\n }\n }\n const settings = payload.settings;\n if (settings && typeof settings === 'object') {\n const webId = (settings as Record<string, unknown>).webId;\n if (typeof webId === 'string' && webId.trim().length > 0) {\n candidates.add(webId.trim());\n }\n }\n const pods = payload.pods;\n if (Array.isArray(pods)) {\n for (const entry of pods) {\n if (!entry \|\| typeof entry !== 'object') {\n continue;\n }\n const webId = (entry as Record<string, unknown>).webId;\n if (typeof webId === 'string' && webId.trim().length > 0) {\n candidates.add(webId.trim());\n }\n }\n }\n return [ ...candidates ];\n}\n\nexport class AccountRoleRepository {\n private readonly ready: Promise<void>;\n private readonly logger = getLoggerFor(this);\n\n public constructor(private readonly db: IdentityDatabase) {\n this.ready = this.ensureSchema();\n }\n\n public async findByAccountId(accountId: string): Promise<AccountRoleContext \| undefined> {\n await this.ready;\n const payload = await this.getAccountPayloadById(accountId);\n if (!payload) {\n const rolesFallback = await this.fetchRoles(accountId);\n if (rolesFallback.length === 0) {\n return undefined;\n }\n return { accountId, roles: rolesFallback };\n }\n const [ webId ] = resolveWebIds(payload);\n const roles = await this.fetchRoles(accountId);\n return { accountId, webId, roles };\n }\n\n public async findByWebId(webId: string): Promise<AccountRoleContext \| undefined> {\n await this.ready;\n const accounts = await this.loadAllAccounts();\n for (const { id, payload } of accounts) {\n const knownWebIds = resolveWebIds(payload);\n if (knownWebIds.includes(webId)) {\n const roles = await this.fetchRoles(id);\n return {\n accountId: id,\n webId,\n roles,\n };\n }\n }\n return undefined;\n }\n\n public async findByWebIdLoose(webId: string): Promise<AccountRoleContext \| undefined> {\n return this.findByWebId(webId);\n }\n\n public async addRoles(accountId: string, roles: string[]): Promise<void> {\n await this.ready;\n const unique = Array.from(new Set(\n roles.map((role) => role.trim()).filter((role) => role.length > 0),\n ));\n if (unique.length === 0) {\n return;\n }\n for (const role of unique) {\n await executeStatement(this.db, sql`\n INSERT INTO identity_account_role (account_id, role)\n VALUES (${accountId}, ${role})\n ON CONFLICT (account_id, role) DO NOTHING\n `);\n }\n }\n\n private async ensureSchema(): Promise<void> {\n try {\n if (isDatabaseSqlite(this.db)) {\n // SQLite syntax\n await executeStatement(this.db, sql`\n CREATE TABLE IF NOT EXISTS identity_account_role (\n account_id TEXT NOT NULL,\n role TEXT NOT NULL,\n created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),\n PRIMARY KEY (account_id, role)\n )\n `);\n } else {\n // PostgreSQL syntax\n await executeStatement(this.db, sql`\n CREATE TABLE IF NOT EXISTS identity_account_role (\n account_id TEXT NOT NULL,\n role TEXT NOT NULL,\n created_at TIMESTAMPTZ NOT NULL DEFAULT now(),\n PRIMARY KEY (account_id, role)\n )\n `);\n }\n } catch (error: unknown) {\n if (!this.isDuplicateDefinitionError(error)) {\n throw error;\n }\n this.logger.debug('identity_account_role schema already present, skipping creation.');\n }\n }\n\n private async fetchRoles(accountId: string): Promise<string[]> {\n const result = await executeQuery<{ role?: unknown }>(this.db, sql`\n SELECT role\n FROM identity_account_role\n WHERE account_id = ${accountId}\n `);\n return result.rows.map((row) => {\n const value = typeof row.role === 'string' ? row.role.trim() : '';\n return value;\n }).filter((value) => value.length > 0);\n }\n\n private async getAccountPayloadById(accountId: string): Promise<Record<string, unknown> \| undefined> {\n try {\n const accountResult = await executeQuery<{ payload?: unknown }>(this.db, sql`\n SELECT payload\n FROM identity_account\n WHERE id = ${accountId}\n LIMIT 1\n `);\n if (accountResult.rows.length > 0) {\n const payload = accountResult.rows[0]?.payload;\n if (payload && typeof payload === 'object') {\n return payload as Record<string, unknown>;\n }\n }\n } catch (error: unknown) {\n if (!this.isTableMissing(error)) {\n throw error;\n }\n }\n const files = await this.loadFileAccountMap();\n return files.get(accountId);\n }\n\n private async loadAllAccounts(): Promise<Array<{ id: string; payload: Record<string, unknown> }>> {\n try {\n const result = await executeQuery<{ id: string; payload: unknown }>(this.db, sql`SELECT id, payload FROM identity_account`);\n return result.rows.map((row) => ({\n id: row.id,\n payload: (row.payload ?? {}) as Record<string, unknown>,\n }));\n } catch (error: unknown) {\n if (!this.isTableMissing(error)) {\n throw error;\n }\n }\n const files = await this.loadFileAccountMap();\n return Array.from(files.entries()).map(([ id, payload ]) => ({ id, payload }));\n }\n\n private async loadFileAccountMap(): Promise<Map<string, Record<string, unknown>>> {\n const map = new Map<string, Record<string, unknown>>();\n try {\n const files = await fs.readdir(ACCOUNT_DATA_DIR);\n for (const file of files) {\n if (!file.endsWith('.json')) {\n continue;\n }\n const fullPath = path.join(ACCOUNT_DATA_DIR, file);\n try {\n const raw = await fs.readFile(fullPath, 'utf8');\n const parsed = JSON.parse(raw) as { payload?: unknown };\n const payload = parsed?.payload;\n if (!payload \|\| typeof payload !== 'object') {\n continue;\n }\n const accountId = (payload as Record<string, unknown>).id;\n if (typeof accountId === 'string' && accountId.trim().length > 0) {\n map.set(accountId, payload as Record<string, unknown>);\n }\n } catch (error: unknown) {\n this.logger.debug(`Skipping account file ${fullPath}: ${(error as Error).message}`);\n }\n }\n } catch (error: unknown) {\n this.logger.debug(`Account data directory unavailable (${ACCOUNT_DATA_DIR}): ${(error as Error).message}`);\n }\n return map;\n }\n\n private isTableMissing(error: unknown): boolean {\n if (!error \|\| typeof error !== 'object') {\n return false;\n }\n const code = (error as { code?: string }).code;\n if (code === '42P01') {\n return true;\n }\n const message = (error as { message?: string }).message ?? '';\n return /does not exist/u.test(message);\n }\n\n private isDuplicateDefinitionError(error: unknown): boolean {\n if (!error \|\| typeof error !== 'object') {\n return false;\n }\n const code = (error as { code?: string }).code;\n if (code && [ '23505', '42P07', '42710' ].includes(code)) {\n return true;\n }\n const message = (error as { message?: string }).message ?? '';\n return /already exists/u.test(message);\n }\n}\n"]}
1	+ {"version":3,"file":"AccountRoleRepository.js","sourceRoot":"","sources":["../../../src/identity/drizzle/AccountRoleRepository.ts"],"names":[],"mappings":";;;;;;AAAA,qCAAyC;AACzC,0DAA6B;AAC7B,6CAAkC;AAClC,iEAAqD;AAErD,6BAAwE;AAExE,MAAM,gBAAgB,GAAG,mBAAI,CAAC,OAAO,CAAC,WAAW,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;AACvE,MAAM,oBAAoB,GAAG,gBAAgB,CAAC;AAC9C,MAAM,iBAAiB,GAAG,aAAa,CAAC;AAexC,SAAS,aAAa,CAAC,OAAgC;IACrD,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,MAAM,YAAY,GAAG,CAAE,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,eAAe,CAAE,CAAC;IAC3E,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC3B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzD,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC7C,MAAM,KAAK,GAAI,QAAoC,CAAC,KAAK,CAAC;QAC1D,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzD,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IACD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC1B,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,KAAK,MAAM,KAAK,IAAI,IAAI,EAAE,CAAC;YACzB,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACxC,SAAS;YACX,CAAC;YACD,MAAM,KAAK,GAAI,KAAiC,CAAC,KAAK,CAAC;YACvD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzD,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC,SAAS,CAAC;IAChE,IAAI,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC/C,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,SAAoC,CAAC,EAAE,CAAC;YACxE,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACxC,SAAS;YACX,CAAC;YACD,MAAM,KAAK,GAAI,KAAiC,CAAC,KAAK,CAAC;YACvD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzD,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC;IACjD,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QACzC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,MAAiC,CAAC,EAAE,CAAC;YACnE,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACpC,SAAS;YACX,CAAC;YACD,MAAM,KAAK,GAAI,GAA+B,CAAC,WAAW,CAAC,IAAK,GAA+B,CAAC,KAAK,CAAC;YACtG,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACxC,SAAS;YACX,CAAC;YACD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,KAAgC,CAAC,EAAE,CAAC;gBACpE,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACxC,SAAS;gBACX,CAAC;gBACD,MAAM,KAAK,GAAI,KAAiC,CAAC,KAAK,CAAC;gBACvD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACzD,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC/B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,YAAY,CAAC,OAAgC;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CACvB,KAAK;SACF,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1D,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CACrC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAY,CAAC;YAC5C,OAAO,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAiC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC9F,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAgC,CAAC,CAAC,CAAC,SAAS,CAAC;AAClF,CAAC;AAED,MAAa,qBAAqB;IAGhC,YAAoC,EAAoB;QAApB,OAAE,GAAF,EAAE,CAAkB;QAFvC,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;IAEc,CAAC;IAErD,KAAK,CAAC,eAAe,CAAC,SAAiB;QAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QACpD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,CAAE,KAAK,CAAE,GAAG,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAChD,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;IACnE,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,KAAa;QACpC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC9C,KAAK,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YAChD,MAAM,WAAW,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;YAC3C,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,OAAO;oBACL,SAAS,EAAE,EAAE;oBACb,KAAK;oBACL,KAAK,EAAE,YAAY,CAAC,OAAO,CAAC;iBAC7B,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,KAAa;QACzC,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,SAAiB,EAAE,KAAe;QACtD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAC/B,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CACnE,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QACpD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wCAAwC,SAAS,EAAE,CAAC,CAAC;YACtE,OAAO;QACT,CAAC;QACD,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAE,GAAG,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,MAAM,CAAE,CAAC,CAAC,CAAC;QACtF,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;IAClF,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,SAAiB;QAC5C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC9C,OAAO,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;IAEO,KAAK,CAAC,eAAe;QAC3B,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAgC,CAAC;QACzD,MAAM,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;QAC5C,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,MAAM,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;YAC5D,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;gBACtB,QAAQ,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,yBAAyB,CAAC,QAA2C;QACjF,MAAM,OAAO,GAAG,iBAAG,CAAC,UAAU,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC;QACvD,IAAI,IAAI,GAAkE,EAAE,CAAC;QAC7E,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAyD,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;eAE7F,OAAO;;OAEf,CAAC,CAAC;YACH,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACrB,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,MAAM,KAAK,CAAC;YACd,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,GAAG,EAAkB,CAAC;QAChD,MAAM,eAAe,GAAG,IAAI,GAAG,EAAuB,CAAC;QAEvD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC;gBAC9B,SAAS;YACX,CAAC;YACD,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC1C,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,SAAS;YACX,CAAC;YACD,IAAI,GAAG,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBAChC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC;YAC1E,CAAC;iBAAM,IAAI,GAAG,CAAC,SAAS,KAAK,KAAK,EAAE,CAAC;gBACnC,MAAM,SAAS,GAAG,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;gBACxF,IAAI,SAAS,EAAE,CAAC;oBACd,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gBACvC,CAAC;YACH,CAAC;QACH,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC1C,IAAI,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC/B,SAAS;YACX,CAAC;YACD,IAAI,GAAG,CAAC,SAAS,KAAK,WAAW,EAAE,CAAC;gBAClC,MAAM,SAAS,GAAG,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;gBACxF,MAAM,KAAK,GAAG,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;gBAC5E,IAAI,SAAS,IAAI,KAAK,EAAE,CAAC;oBACvB,WAAW,CAAC,eAAe,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;gBACjD,CAAC;YACH,CAAC;iBAAM,IAAI,GAAG,CAAC,SAAS,KAAK,OAAO,EAAE,CAAC;gBACrC,MAAM,KAAK,GAAG,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;gBAC5E,MAAM,KAAK,GAAG,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;gBAC5E,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;gBAC/D,IAAI,SAAS,IAAI,KAAK,EAAE,CAAC;oBACvB,WAAW,CAAC,eAAe,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;QAED,KAAK,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,eAAe,EAAE,CAAC;YAClD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACvC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,SAAS;YACX,CAAC;YACD,MAAM,CAAC,OAAO,GAAG;gBACf,GAAG,MAAM,CAAC,OAAO;gBACjB,SAAS,EAAE,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC;oBACrE,SAAS,KAAK,EAAE;oBAChB,EAAE,SAAS,EAAE,KAAK,EAAE;iBACrB,CAAC,CAAC;aACJ,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,sBAAsB,CAAC,QAA2C;QAC9E,MAAM,OAAO,GAAG,iBAAG,CAAC,UAAU,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACpD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAA,iBAAY,EAAoC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;;eAExE,OAAO;;;OAGf,CAAC,CAAC;YACH,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;gBAC9B,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;oBACb,SAAS;gBACX,CAAC;gBACD,MAAM,SAAS,GAAG,uBAAuB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACnD,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;gBACxC,IAAI,CAAC,SAAS,IAAI,CAAC,OAAO,IAAI,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;oBACtD,SAAS;gBACX,CAAC;gBACD,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC;YAC3F,CAAC;QACH,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,kBAAkB;QAC9B,MAAM,GAAG,GAAG,IAAI,GAAG,EAAmC,CAAC;QACvD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,kBAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;YACjD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC5B,SAAS;gBACX,CAAC;gBACD,MAAM,QAAQ,GAAG,mBAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;gBACnD,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;oBAChD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA0B,CAAC;oBACxD,MAAM,OAAO,GAAG,MAAM,EAAE,OAAO,CAAC;oBAChC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;wBAC5C,SAAS;oBACX,CAAC;oBACD,MAAM,SAAS,GAAI,OAAmC,CAAC,EAAE,CAAC;oBAC1D,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACjE,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,OAAkC,CAAC,CAAC;oBACzD,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAc,EAAE,CAAC;oBACxB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,QAAQ,KAAM,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;gBACtF,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uCAAuC,gBAAgB,MAAO,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;QAC7G,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAAC,MAA4B,EAAE,OAAgC;QAC9F,IAAI,MAAM,CAAC,MAAM,KAAK,gBAAgB,EAAE,CAAC;YACvC,MAAM,OAAO,GAAG,iBAAG,CAAC,UAAU,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC;YACvD,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;iBACxB,OAAO;wBACA,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;+CACA,MAAM,CAAC,EAAE;OACjD,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,KAAK,aAAa,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;YAClD,MAAM,OAAO,GAAG,iBAAG,CAAC,UAAU,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC;YACpD,MAAM,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,EAAE,IAAA,iBAAG,EAAA;iBACxB,OAAO;sBACF,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;sBACvB,MAAM,CAAC,GAAG;OACzB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,SAAS,CAAC,OAAgC;QAChD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC3C,OAAO,IAAA,qBAAgB,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAA,iBAAG,EAAA,GAAG,UAAU,EAAE,CAAC,CAAC,CAAC,IAAA,iBAAG,EAAA,GAAG,UAAU,SAAS,CAAC;IACpF,CAAC;IAEO,cAAc,CAAC,KAAc;QACnC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxC,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,IAAI,GAAI,KAA2B,CAAC,IAAI,CAAC;QAC/C,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,OAAO,GAAI,KAA8B,CAAC,OAAO,IAAI,EAAE,CAAC;QAC9D,OAAO,+BAA+B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvD,CAAC;CACF;AAzOD,sDAyOC;AAED,SAAS,WAAW,CAAC,MAAgC,EAAE,SAAiB,EAAE,KAAa;IACrF,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,IAAI,GAAG,EAAU,CAAC;IAC1D,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAClB,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,uBAAuB,CAAC,GAAW;IAC1C,MAAM,MAAM,GAAG,gBAAgB,CAAC;IAChC,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAClC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACd,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAC3E,OAAO,SAAS,IAAI,SAAS,CAAC;AAChC,CAAC","sourcesContent":["import { promises as fs } from 'node:fs';\nimport path from 'node:path';\nimport { sql } from 'drizzle-orm';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { IdentityDatabase } from './db';\nimport { executeQuery, executeStatement, isDatabaseSqlite } from './db';\n\nconst ACCOUNT_DATA_DIR = path.resolve('.internal', 'accounts', 'data');\nconst IDENTITY_STORE_TABLE = 'identity_store';\nconst INTERNAL_KV_TABLE = 'internal_kv';\n\nexport interface AccountRoleContext {\n accountId: string;\n webId?: string;\n roles: string[];\n}\n\ninterface AccountPayloadRecord {\n id: string;\n payload: Record<string, unknown>;\n source: 'identity-store' \| 'internal-kv' \| 'file';\n key?: string;\n}\n\nfunction resolveWebIds(payload: Record<string, unknown>): string[] {\n const candidates = new Set<string>();\n const possibleKeys = [ 'webId', 'webid', 'primaryWebId', 'primary_webid' ];\n for (const key of possibleKeys) {\n const value = payload[key];\n if (typeof value === 'string' && value.trim().length > 0) {\n candidates.add(value.trim());\n }\n }\n const settings = payload.settings;\n if (settings && typeof settings === 'object') {\n const webId = (settings as Record<string, unknown>).webId;\n if (typeof webId === 'string' && webId.trim().length > 0) {\n candidates.add(webId.trim());\n }\n }\n const pods = payload.pods;\n if (Array.isArray(pods)) {\n for (const entry of pods) {\n if (!entry \|\| typeof entry !== 'object') {\n continue;\n }\n const webId = (entry as Record<string, unknown>).webId;\n if (typeof webId === 'string' && webId.trim().length > 0) {\n candidates.add(webId.trim());\n }\n }\n }\n\n const webIdLink = payload['webIdLink'] ?? payload.webIdLink;\n if (webIdLink && typeof webIdLink === 'object') {\n for (const entry of Object.values(webIdLink as Record<string, unknown>)) {\n if (!entry \|\| typeof entry !== 'object') {\n continue;\n }\n const webId = (entry as Record<string, unknown>).webId;\n if (typeof webId === 'string' && webId.trim().length > 0) {\n candidates.add(webId.trim());\n }\n }\n }\n\n const podMap = payload['pod'] ?? payload.pod;\n if (podMap && typeof podMap === 'object') {\n for (const pod of Object.values(podMap as Record<string, unknown>)) {\n if (!pod \|\| typeof pod !== 'object') {\n continue;\n }\n const owner = (pod as Record<string, unknown>)['owner'] ?? (pod as Record<string, unknown>).owner;\n if (!owner \|\| typeof owner !== 'object') {\n continue;\n }\n for (const entry of Object.values(owner as Record<string, unknown>)) {\n if (!entry \|\| typeof entry !== 'object') {\n continue;\n }\n const webId = (entry as Record<string, unknown>).webId;\n if (typeof webId === 'string' && webId.trim().length > 0) {\n candidates.add(webId.trim());\n }\n }\n }\n }\n\n return Array.from(candidates);\n}\n\nfunction resolveRoles(payload: Record<string, unknown>): string[] {\n const roles = payload.roles;\n if (!Array.isArray(roles)) {\n return [];\n }\n return Array.from(new Set(\n roles\n .map((role) => typeof role === 'string' ? role.trim() : '')\n .filter((role) => role.length > 0),\n ));\n}\n\nfunction parsePayload(value: unknown): Record<string, unknown> \| undefined {\n if (!value) {\n return undefined;\n }\n if (typeof value === 'string') {\n try {\n const parsed = JSON.parse(value) as unknown;\n return parsed && typeof parsed === 'object' ? parsed as Record<string, unknown> : undefined;\n } catch {\n return undefined;\n }\n }\n return typeof value === 'object' ? value as Record<string, unknown> : undefined;\n}\n\nexport class AccountRoleRepository {\n private readonly logger = getLoggerFor(this);\n\n public constructor(private readonly db: IdentityDatabase) {}\n\n public async findByAccountId(accountId: string): Promise<AccountRoleContext \| undefined> {\n const record = await this.getAccountById(accountId);\n if (!record) {\n return undefined;\n }\n const [ webId ] = resolveWebIds(record.payload);\n return { accountId, webId, roles: resolveRoles(record.payload) };\n }\n\n public async findByWebId(webId: string): Promise<AccountRoleContext \| undefined> {\n const accounts = await this.loadAllAccounts();\n for (const { id, payload } of accounts.values()) {\n const knownWebIds = resolveWebIds(payload);\n if (knownWebIds.includes(webId)) {\n return {\n accountId: id,\n webId,\n roles: resolveRoles(payload),\n };\n }\n }\n return undefined;\n }\n\n public async findByWebIdLoose(webId: string): Promise<AccountRoleContext \| undefined> {\n return this.findByWebId(webId);\n }\n\n public async addRoles(accountId: string, roles: string[]): Promise<void> {\n const unique = Array.from(new Set(\n roles.map((role) => role.trim()).filter((role) => role.length > 0),\n ));\n if (unique.length === 0) {\n return;\n }\n const record = await this.getAccountById(accountId);\n if (!record) {\n this.logger.warn(`Cannot add roles for unknown account ${accountId}`);\n return;\n }\n const nextRoles = Array.from(new Set([ ...resolveRoles(record.payload), ...unique ]));\n await this.updateAccountRecord(record, { ...record.payload, roles: nextRoles });\n }\n\n private async getAccountById(accountId: string): Promise<AccountPayloadRecord \| undefined> {\n const accounts = await this.loadAllAccounts();\n return accounts.get(accountId);\n }\n\n private async loadAllAccounts(): Promise<Map<string, AccountPayloadRecord>> {\n const accounts = new Map<string, AccountPayloadRecord>();\n await this.loadIdentityStoreAccounts(accounts);\n await this.loadInternalKvAccounts(accounts);\n for (const [id, payload] of await this.loadFileAccountMap()) {\n if (!accounts.has(id)) {\n accounts.set(id, { id, payload, source: 'file' });\n }\n }\n return accounts;\n }\n\n private async loadIdentityStoreAccounts(accounts: Map<string, AccountPayloadRecord>): Promise<void> {\n const tableId = sql.identifier([IDENTITY_STORE_TABLE]);\n let rows: Array<{ container?: string; id?: string; payload?: unknown }> = [];\n try {\n const result = await executeQuery<{ container?: string; id?: string; payload?: unknown }>(this.db, sql`\n SELECT container, id, payload\n FROM ${tableId}\n WHERE container IN ('account', 'pod', 'owner', 'webIdLink')\n `);\n rows = result.rows;\n } catch (error: unknown) {\n if (!this.isTableMissing(error)) {\n throw error;\n }\n return;\n }\n\n const podAccountIds = new Map<string, string>();\n const webIdsByAccount = new Map<string, Set<string>>();\n\n for (const row of rows) {\n if (!row.id \|\| !row.container) {\n continue;\n }\n const payload = parsePayload(row.payload);\n if (!payload) {\n continue;\n }\n if (row.container === 'account') {\n accounts.set(row.id, { id: row.id, payload, source: 'identity-store' });\n } else if (row.container === 'pod') {\n const accountId = typeof payload.accountId === 'string' ? payload.accountId : undefined;\n if (accountId) {\n podAccountIds.set(row.id, accountId);\n }\n }\n }\n\n for (const row of rows) {\n const payload = parsePayload(row.payload);\n if (!row.container \|\| !payload) {\n continue;\n }\n if (row.container === 'webIdLink') {\n const accountId = typeof payload.accountId === 'string' ? payload.accountId : undefined;\n const webId = typeof payload.webId === 'string' ? payload.webId : undefined;\n if (accountId && webId) {\n appendWebId(webIdsByAccount, accountId, webId);\n }\n } else if (row.container === 'owner') {\n const podId = typeof payload.podId === 'string' ? payload.podId : undefined;\n const webId = typeof payload.webId === 'string' ? payload.webId : undefined;\n const accountId = podId ? podAccountIds.get(podId) : undefined;\n if (accountId && webId) {\n appendWebId(webIdsByAccount, accountId, webId);\n }\n }\n }\n\n for (const [accountId, webIds] of webIdsByAccount) {\n const record = accounts.get(accountId);\n if (!record) {\n continue;\n }\n record.payload = {\n ...record.payload,\n webIdLink: Object.fromEntries(Array.from(webIds).map((webId, index) => [\n `webid-${index}`,\n { accountId, webId },\n ])),\n };\n }\n }\n\n private async loadInternalKvAccounts(accounts: Map<string, AccountPayloadRecord>): Promise<void> {\n const tableId = sql.identifier([INTERNAL_KV_TABLE]);\n try {\n const result = await executeQuery<{ key?: string; value?: unknown }>(this.db, sql`\n SELECT key, value\n FROM ${tableId}\n WHERE key LIKE 'accounts/data/%'\n OR key LIKE '/.internal/accounts/data/%'\n `);\n for (const row of result.rows) {\n if (!row.key) {\n continue;\n }\n const accountId = extractAccountIdFromKey(row.key);\n const payload = parsePayload(row.value);\n if (!accountId \|\| !payload \|\| accounts.has(accountId)) {\n continue;\n }\n accounts.set(accountId, { id: accountId, payload, source: 'internal-kv', key: row.key });\n }\n } catch (error: unknown) {\n if (!this.isTableMissing(error)) {\n throw error;\n }\n }\n }\n\n private async loadFileAccountMap(): Promise<Map<string, Record<string, unknown>>> {\n const map = new Map<string, Record<string, unknown>>();\n try {\n const files = await fs.readdir(ACCOUNT_DATA_DIR);\n for (const file of files) {\n if (!file.endsWith('.json')) {\n continue;\n }\n const fullPath = path.join(ACCOUNT_DATA_DIR, file);\n try {\n const raw = await fs.readFile(fullPath, 'utf8');\n const parsed = JSON.parse(raw) as { payload?: unknown };\n const payload = parsed?.payload;\n if (!payload \|\| typeof payload !== 'object') {\n continue;\n }\n const accountId = (payload as Record<string, unknown>).id;\n if (typeof accountId === 'string' && accountId.trim().length > 0) {\n map.set(accountId, payload as Record<string, unknown>);\n }\n } catch (error: unknown) {\n this.logger.debug(`Skipping account file ${fullPath}: ${(error as Error).message}`);\n }\n }\n } catch (error: unknown) {\n this.logger.debug(`Account data directory unavailable (${ACCOUNT_DATA_DIR}): ${(error as Error).message}`);\n }\n return map;\n }\n\n private async updateAccountRecord(record: AccountPayloadRecord, payload: Record<string, unknown>): Promise<void> {\n if (record.source === 'identity-store') {\n const tableId = sql.identifier([IDENTITY_STORE_TABLE]);\n await executeStatement(this.db, sql`\n UPDATE ${tableId}\n SET payload = ${this.toJsonSql(payload)}\n WHERE container = 'account' AND id = ${record.id}\n `);\n return;\n }\n if (record.source === 'internal-kv' && record.key) {\n const tableId = sql.identifier([INTERNAL_KV_TABLE]);\n await executeStatement(this.db, sql`\n UPDATE ${tableId}\n SET value = ${JSON.stringify(payload)}\n WHERE key = ${record.key}\n `);\n }\n }\n\n private toJsonSql(payload: Record<string, unknown>): unknown {\n const serialized = JSON.stringify(payload);\n return isDatabaseSqlite(this.db) ? sql`${serialized}` : sql`${serialized}::jsonb`;\n }\n\n private isTableMissing(error: unknown): boolean {\n if (!error \|\| typeof error !== 'object') {\n return false;\n }\n const code = (error as { code?: string }).code;\n if (code === '42P01') {\n return true;\n }\n const message = (error as { message?: string }).message ?? '';\n return /does not exist\|no such table/u.test(message);\n }\n}\n\nfunction appendWebId(target: Map<string, Set<string>>, accountId: string, webId: string): void {\n const values = target.get(accountId) ?? new Set<string>();\n values.add(webId);\n target.set(accountId, values);\n}\n\nfunction extractAccountIdFromKey(key: string): string \| undefined {\n const marker = 'accounts/data/';\n const index = key.indexOf(marker);\n if (index < 0) {\n return undefined;\n }\n const accountId = key.slice(index + marker.length).replace(/\\.json$/u, '');\n return accountId \|\| undefined;\n}\n"]}

package/dist/identity/drizzle/DdnsRepository.d.ts CHANGED Viewed

@@ -1,16 +1,12 @@
 /**
  * DDNS Repository
  *
- * 管理 DDNS 域名池和记录
+ * 管理 Cloud 已分配的 DDNS 记录。
+ *
+ * 根域名、DNS provider 和 zone 等属于 Cloud 部署配置，不在控制面表中
+ * 再维护一份域名池，避免配置事实和数据库事实分叉。
  */
 import type { IdentityDatabase } from './db';
-export interface DdnsDomain {
-    domain: string;
-    status: 'active' | 'suspended';
-    provider?: string;
-    zoneId?: string;
-    createdAt: Date;
-}
 export interface DdnsRecord {
     subdomain: string;
     domain: string;
@@ -42,19 +38,8 @@ export interface UpdateDdnsRecordInput {
 export declare class DdnsRepository {
     private readonly db;
     private readonly schema;
+    private readonly ready;
     constructor(db: IdentityDatabase);
-    /**
-     * 添加域名到池中
-     */
-    addDomain(domain: string, provider?: string, zoneId?: string): Promise<DdnsDomain>;
-    /**
-     * 获取所有活跃的域名
-     */
-    getActiveDomains(): Promise<DdnsDomain[]>;
-    /**
-     * 暂停域名
-     */
-    suspendDomain(domain: string): Promise<void>;
     /**
      * 分配子域名
      */

package/dist/identity/drizzle/DdnsRepository.js CHANGED Viewed

@@ -2,7 +2,10 @@
 /**
  * DDNS Repository
  *
- * 管理 DDNS 域名池和记录
+ * 管理 Cloud 已分配的 DDNS 记录。
+ *
+ * 根域名、DNS provider 和 zone 等属于 Cloud 部署配置，不在控制面表中
+ * 再维护一份域名池，避免配置事实和数据库事实分叉。
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.DdnsRepository = void 0;
@@ -14,60 +17,14 @@ class DdnsRepository {
     constructor(db) {
         this.db = db;
         this.schema = (0, db_1.getSchema)(db);
-    }
-    // ==================== Domain Pool ====================
-    /**
-     * 添加域名到池中
-     */
-    async addDomain(domain, provider, zoneId) {
-        const now = new Date();
-        await this.db.insert(this.schema.ddnsDomains).values({
-            domain,
-            status: 'active',
-            provider,
-            zoneId,
-            createdAt: (0, db_1.toDbTimestamp)(this.db, now),
-        });
-        logger.info(`Added domain to pool: ${domain}`);
-        return {
-            domain,
-            status: 'active',
-            provider,
-            zoneId,
-            createdAt: now,
-        };
-    }
-    /**
-     * 获取所有活跃的域名
-     */
-    async getActiveDomains() {
-        const results = await this.db
-            .select()
-            .from(this.schema.ddnsDomains)
-            .where((0, drizzle_orm_1.eq)(this.schema.ddnsDomains.status, 'active'));
-        return results.map((row) => ({
-            domain: row.domain,
-            status: row.status,
-            provider: row.provider ?? undefined,
-            zoneId: row.zoneId ?? undefined,
-            createdAt: (0, db_1.fromDbTimestamp)(row.createdAt) ?? new Date(0),
-        }));
-    }
-    /**
-     * 暂停域名
-     */
-    async suspendDomain(domain) {
-        await this.db
-            .update(this.schema.ddnsDomains)
-            .set({ status: 'suspended' })
-            .where((0, drizzle_orm_1.eq)(this.schema.ddnsDomains.domain, domain));
-        logger.info(`Suspended domain: ${domain}`);
+        this.ready = (0, db_1.ensureCloudClusterTables)(db);
     }
     // ==================== DDNS Records ====================
     /**
      * 分配子域名
      */
     async allocateSubdomain(input) {
+        await this.ready;
         const { subdomain, domain, ipAddress, ipv6Address, nodeId, username } = input;
         // 检查是否已存在
         const existing = await this.getRecord(subdomain);
@@ -108,6 +65,7 @@ class DdnsRepository {
      * 获取 DDNS 记录
      */
     async getRecord(subdomain) {
+        await this.ready;
         const results = await this.db
             .select()
             .from(this.schema.ddnsRecords)
@@ -136,6 +94,7 @@ class DdnsRepository {
      * 更新 DDNS 记录的 IP 地址
      */
     async updateRecordIp(subdomain, input) {
+        await this.ready;
         const existing = await this.getRecord(subdomain);
         if (!existing) {
             return null;
@@ -177,6 +136,7 @@ class DdnsRepository {
      * 封禁子域名
      */
     async banSubdomain(subdomain, reason) {
+        await this.ready;
         await this.db
             .update(this.schema.ddnsRecords)
             .set({
@@ -191,6 +151,7 @@ class DdnsRepository {
      * 解封子域名
      */
     async unbanSubdomain(subdomain) {
+        await this.ready;
         await this.db
             .update(this.schema.ddnsRecords)
             .set({
@@ -205,6 +166,7 @@ class DdnsRepository {
      * 释放子域名
      */
     async releaseSubdomain(subdomain) {
+        await this.ready;
         await this.db
             .delete(this.schema.ddnsRecords)
             .where((0, drizzle_orm_1.eq)(this.schema.ddnsRecords.subdomain, subdomain));
@@ -215,6 +177,7 @@ class DdnsRepository {
      * 获取用户的所有子域名
      */
     async getRecordsByUsername(username) {
+        await this.ready;
         const results = await this.db
             .select()
             .from(this.schema.ddnsRecords)
@@ -238,6 +201,7 @@ class DdnsRepository {
      * 获取节点的子域名
      */
     async getRecordByNodeId(nodeId) {
+        await this.ready;
         const results = await this.db
             .select()
             .from(this.schema.ddnsRecords)