alepha 0.13.0 → 0.13.1

package/dist/api-files/index.cjs

@@ -1,1293 +0,0 @@
-//#region rolldown:runtime
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __copyProps = (to, from, except, desc) => {
-	if (from && typeof from === "object" || typeof from === "function") {
-		for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
-			key = keys[i];
-			if (!__hasOwnProp.call(to, key) && key !== except) {
-				__defProp(to, key, {
-					get: ((k) => from[k]).bind(null, key),
-					enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
-				});
-			}
-		}
-	}
-	return to;
-};
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", {
-	value: mod,
-	enumerable: true
-}) : target, mod));
-
-//#endregion
-let alepha = require("alepha");
-let alepha_bucket = require("alepha/bucket");
-let alepha_cache = require("alepha/cache");
-let node_crypto = require("node:crypto");
-let alepha_datetime = require("alepha/datetime");
-let alepha_logger = require("alepha/logger");
-let alepha_server = require("alepha/server");
-let node_fs = require("node:fs");
-let node_fs_promises = require("node:fs/promises");
-let node_os = require("node:os");
-node_os = __toESM(node_os);
-let node_stream_web = require("node:stream/web");
-let alepha_orm = require("alepha/orm");
-let alepha_security = require("alepha/security");
-let alepha_scheduler = require("alepha/scheduler");
-
-//#region src/server-cache/providers/ServerCacheProvider.ts
-alepha_server.ActionDescriptor.prototype.invalidate = async function() {
-	await this.alepha.inject(ServerCacheProvider).invalidate(this.route);
-};
-var ServerCacheProvider = class {
-	log = (0, alepha_logger.$logger)();
-	alepha = (0, alepha.$inject)(alepha.Alepha);
-	time = (0, alepha.$inject)(alepha_datetime.DateTimeProvider);
-	cache = (0, alepha_cache.$cache)({ provider: "memory" });
-	generateETag(content) {
-		return `"${(0, node_crypto.createHash)("md5").update(content).digest("hex")}"`;
-	}
-	async invalidate(route) {
-		if (!route.cache) return;
-		await this.cache.invalidate(this.createCacheKey(route));
-	}
-	onActionRequest = (0, alepha.$hook)({
-		on: "action:onRequest",
-		handler: async ({ action, request }) => {
-			const cache = action.route.cache;
-			if (this.shouldStore(cache)) {
-				const key = this.createCacheKey(action.route, request);
-				const cached = await this.cache.get(key);
-				if (cached) {
-					const body = cached.contentType === "application/json" ? JSON.parse(cached.body) : cached.body;
-					this.log.trace("Cache hit for action", {
-						key,
-						action: action.name
-					});
-					request.reply.body = body;
-				} else this.log.trace("Cache miss for action", {
-					key,
-					action: action.name
-				});
-			}
-		}
-	});
-	onActionResponse = (0, alepha.$hook)({
-		on: "action:onResponse",
-		handler: async ({ action, request, response }) => {
-			const cache = action.route.cache;
-			if (!this.shouldStore(cache) || !response) return;
-			if (request.reply.status && request.reply.status >= 400) return;
-			const contentType = typeof response === "string" ? "text/plain" : "application/json";
-			const body = contentType === "text/plain" ? response : JSON.stringify(response);
-			const generatedEtag = this.generateETag(body);
-			const lastModified = this.time.toISOString();
-			const key = this.createCacheKey(action.route, request);
-			this.log.trace("Storing response", {
-				key,
-				action: action.name
-			});
-			await this.cache.set(key, {
-				body,
-				lastModified,
-				contentType,
-				hash: generatedEtag
-			});
-			const cacheControl = this.buildCacheControlHeader(cache);
-			if (cacheControl) request.reply.setHeader("cache-control", cacheControl);
-		}
-	});
-	onRequest = (0, alepha.$hook)({
-		on: "server:onRequest",
-		handler: async ({ route, request }) => {
-			const cache = route.cache;
-			const shouldStore = this.shouldStore(cache);
-			const shouldUseEtag = this.shouldUseEtag(cache);
-			if (!shouldStore && !shouldUseEtag) return;
-			const key = this.createCacheKey(route, request);
-			const cached = await this.cache.get(key);
-			if (cached) {
-				if (request.headers["if-none-match"] === cached.hash || request.headers["if-modified-since"] === cached.lastModified) {
-					request.reply.status = 304;
-					request.reply.setHeader("etag", cached.hash);
-					request.reply.setHeader("last-modified", cached.lastModified);
-					this.log.trace("ETag match, returning 304", {
-						route: route.path,
-						etag: cached.hash
-					});
-					return;
-				}
-				if (shouldStore) {
-					this.log.trace("Cache hit for route", {
-						key,
-						route: route.path
-					});
-					request.reply.body = cached.body;
-					request.reply.status = cached.status ?? 200;
-					if (cached.contentType) request.reply.setHeader("Content-Type", cached.contentType);
-					request.reply.setHeader("etag", cached.hash);
-					request.reply.setHeader("last-modified", cached.lastModified);
-				}
-			} else if (shouldStore) this.log.trace("Cache miss for route", {
-				key,
-				route: route.path
-			});
-		}
-	});
-	onSend = (0, alepha.$hook)({
-		on: "server:onSend",
-		handler: async ({ route, request }) => {
-			const cache = route.cache;
-			const shouldStore = this.shouldStore(cache);
-			const shouldUseEtag = this.shouldUseEtag(cache);
-			if (request.reply.headers.etag) return;
-			if (!shouldStore && shouldUseEtag && request.reply.body != null && (typeof request.reply.body === "string" || Buffer.isBuffer(request.reply.body))) {
-				const generatedEtag = this.generateETag(request.reply.body);
-				if (request.headers["if-none-match"] === generatedEtag) {
-					request.reply.status = 304;
-					request.reply.body = void 0;
-					request.reply.setHeader("etag", generatedEtag);
-					this.log.trace("ETag match on send, returning 304", {
-						route: route.path,
-						etag: generatedEtag
-					});
-					return;
-				}
-			}
-		}
-	});
-	onResponse = (0, alepha.$hook)({
-		on: "server:onResponse",
-		priority: "first",
-		handler: async ({ route, request, response }) => {
-			const cache = route.cache;
-			const cacheControl = this.buildCacheControlHeader(cache);
-			if (cacheControl) response.headers["cache-control"] = cacheControl;
-			const shouldStore = this.shouldStore(cache);
-			const shouldUseEtag = this.shouldUseEtag(cache);
-			if (!shouldStore && !shouldUseEtag) return;
-			if (typeof response.body !== "string") return;
-			if (response.status && response.status >= 400) return;
-			const key = this.createCacheKey(route, request);
-			const generatedEtag = this.generateETag(response.body);
-			const lastModified = this.time.toISOString();
-			response.headers ??= {};
-			if (shouldStore) {
-				this.log.trace("Storing response", {
-					key,
-					route: route.path,
-					cache: !!cache,
-					etag: shouldUseEtag
-				});
-				await this.cache.set(key, {
-					body: response.body,
-					status: response.status,
-					contentType: response.headers?.["content-type"],
-					lastModified,
-					hash: generatedEtag
-				});
-			}
-			if (shouldUseEtag) {
-				response.headers.etag = generatedEtag;
-				response.headers["last-modified"] = lastModified;
-			}
-		}
-	});
-	buildCacheControlHeader(cache) {
-		if (!cache) return;
-		if (cache === true || typeof cache === "string" || typeof cache === "number") return;
-		const control = cache.control;
-		if (!control) return;
-		if (typeof control === "string") return control;
-		if (control === true) return "public, max-age=300";
-		const directives = [];
-		if (control.public) directives.push("public");
-		if (control.private) directives.push("private");
-		if (control.noCache) directives.push("no-cache");
-		if (control.noStore) directives.push("no-store");
-		if (control.maxAge !== void 0) {
-			const maxAgeSeconds = this.durationToSeconds(control.maxAge);
-			directives.push(`max-age=${maxAgeSeconds}`);
-		}
-		if (control.sMaxAge !== void 0) {
-			const sMaxAgeSeconds = this.durationToSeconds(control.sMaxAge);
-			directives.push(`s-maxage=${sMaxAgeSeconds}`);
-		}
-		if (control.mustRevalidate) directives.push("must-revalidate");
-		if (control.proxyRevalidate) directives.push("proxy-revalidate");
-		if (control.immutable) directives.push("immutable");
-		return directives.length > 0 ? directives.join(", ") : void 0;
-	}
-	durationToSeconds(duration) {
-		if (typeof duration === "number") return duration;
-		return this.time.duration(duration).asSeconds();
-	}
-	shouldStore(cache) {
-		if (!cache) return false;
-		if (cache === true) return true;
-		if (typeof cache === "object" && cache.store) return true;
-		return false;
-	}
-	shouldUseEtag(cache) {
-		if (cache === true) return true;
-		if (typeof cache === "object" && cache.etag) return true;
-		return false;
-	}
-	createCacheKey(route, config) {
-		const params = [];
-		for (const [key, value] of Object.entries(config?.params ?? {})) params.push(`${key}=${value}`);
-		for (const [key, value] of Object.entries(config?.query ?? {})) params.push(`${key}=${value}`);
-		return `${route.method}:${route.path.replaceAll(":", "")}:${params.join(",").replaceAll(":", "")}`;
-	}
-};
-
-//#endregion
-//#region src/server-cache/index.ts
-/**
-* Plugin for Alepha Server that provides server-side caching capabilities.
-* It uses the Alepha Cache module to cache responses from server actions ($action).
-* It also provides a ETag-based cache invalidation mechanism.
-*
-* @example
-* ```ts
-* import { Alepha } from "alepha";
-* import { $action } from "alepha/server";
-* import { AlephaServerCache } from "alepha/server/cache";
-*
-* class ApiServer {
-*   hello = $action({
-*     cache: true,
-*     handler: () => "Hello, World!",
-*   });
-* }
-*
-* const alepha = Alepha.create()
-*   .with(AlephaServerCache)
-*   .with(ApiServer);
-*
-* run(alepha);
-* ```
-*
-* @see {@link ServerCacheProvider}
-* @module alepha.server.cache
-*/
-const AlephaServerCache = (0, alepha.$module)({
-	name: "alepha.server.cache",
-	services: [alepha_cache.AlephaCache, ServerCacheProvider]
-});
-
-//#endregion
-//#region src/server-multipart/providers/ServerMultipartProvider.ts
-const envSchema = alepha.t.object({
-	SERVER_MULTIPART_LIMIT: alepha.t.integer({
-		default: 1e7,
-		min: 0,
-		description: "Maximum total size of multipart request body in bytes."
-	}),
-	SERVER_MULTIPART_FILE_LIMIT: alepha.t.integer({
-		default: 5e6,
-		min: 0,
-		description: "Maximum size of a single file in bytes."
-	}),
-	SERVER_MULTIPART_FILE_COUNT: alepha.t.integer({
-		default: 10,
-		min: 1,
-		description: "Maximum number of files allowed in a single request."
-	})
-});
-var ServerMultipartProvider = class {
-	alepha = (0, alepha.$inject)(alepha.Alepha);
-	env = (0, alepha.$env)(envSchema);
-	log = (0, alepha_logger.$logger)();
-	onRequest = (0, alepha.$hook)({
-		on: "server:onRequest",
-		handler: async ({ route, request }) => {
-			if (request.body) return;
-			if (!route.schema?.body) return;
-			let webRequest;
-			if (request.raw.web?.req) webRequest = request.raw.web.req;
-			else if (request.raw.node?.req) webRequest = new Request(request.url, {
-				method: request.method,
-				headers: request.headers,
-				body: node_stream_web.ReadableStream.from(request.raw.node.req),
-				duplex: "half"
-			});
-			if (!webRequest) return;
-			const contentType = request.headers["content-type"];
-			const contentLength = request.headers["content-length"];
-			if (contentLength) {
-				const size = Number.parseInt(contentLength, 10);
-				if (!Number.isNaN(size) && size > this.env.SERVER_MULTIPART_LIMIT) {
-					this.log.error(`Multipart request size limit exceeded: ${size} > ${this.env.SERVER_MULTIPART_LIMIT}`);
-					throw new alepha_server.HttpError({
-						status: 413,
-						message: `Request body size limit exceeded. Maximum allowed: ${this.env.SERVER_MULTIPART_LIMIT} bytes`
-					});
-				}
-			}
-			if (!contentType?.startsWith("multipart/form-data")) {
-				if (!(0, alepha_server.isMultipart)(route)) return;
-				throw new alepha_server.HttpError({
-					status: 415,
-					message: `Invalid content-type: ${contentType} - only "multipart/form-data" is accepted`
-				});
-			}
-			const { body, cleanup } = await this.handleMultipartBodyFromWeb(route, webRequest);
-			request.body = body;
-			request.metadata.multipart = { cleanup };
-		}
-	});
-	onResponse = (0, alepha.$hook)({
-		on: "server:onResponse",
-		handler: async ({ request }) => {
-			const cleanup = request.metadata.multipart?.cleanup;
-			if (typeof cleanup === "function") await cleanup();
-		}
-	});
-	async handleMultipartBodyFromWeb(route, request) {
-		let formData;
-		try {
-			formData = await request.formData();
-		} catch (error) {
-			throw new alepha_server.HttpError({
-				status: 400,
-				message: "Malformed multipart/form-data"
-			}, error);
-		}
-		const body = {};
-		const tempFiles = [];
-		const cleanupOnError = async () => {
-			for (const file of tempFiles) try {
-				await file.cleanup();
-			} catch {}
-		};
-		try {
-			let fileCount = 0;
-			let totalSize = 0;
-			if (route.schema?.body && alepha.t.schema.isObject(route.schema.body)) {
-				for (const [key, value] of Object.entries(route.schema.body.properties)) if (alepha.t.schema.isSchema(value)) if ((0, alepha.isTypeFile)(value)) {
-					const file = formData.get(key);
-					if (file && typeof file === "object" && "arrayBuffer" in file) {
-						const blob = file;
-						fileCount++;
-						if (fileCount > this.env.SERVER_MULTIPART_FILE_COUNT) {
-							this.log.error(`Too many files in multipart request: ${fileCount} > ${this.env.SERVER_MULTIPART_FILE_COUNT}`);
-							throw new alepha_server.HttpError({
-								status: 413,
-								message: `Too many files. Maximum allowed: ${this.env.SERVER_MULTIPART_FILE_COUNT}`
-							});
-						}
-						if (blob.size > this.env.SERVER_MULTIPART_FILE_LIMIT) {
-							this.log.error(`File "${key}" exceeds size limit: ${blob.size} > ${this.env.SERVER_MULTIPART_FILE_LIMIT}`);
-							throw new alepha_server.HttpError({
-								status: 413,
-								message: `File "${key}" exceeds size limit. Maximum allowed: ${this.env.SERVER_MULTIPART_FILE_LIMIT} bytes`
-							});
-						}
-						totalSize += blob.size;
-						if (totalSize > this.env.SERVER_MULTIPART_LIMIT) {
-							this.log.error(`Total multipart size exceeds limit: ${totalSize} > ${this.env.SERVER_MULTIPART_LIMIT}`);
-							throw new alepha_server.HttpError({
-								status: 413,
-								message: `Total request size exceeds limit. Maximum allowed: ${this.env.SERVER_MULTIPART_LIMIT} bytes`
-							});
-						}
-						const hybridFile = await this.createHybridFile(blob, key);
-						body[key] = hybridFile;
-						tempFiles.push(hybridFile);
-					}
-				} else {
-					const fieldValue = formData.get(key);
-					if (fieldValue !== null) {
-						const stringValue = typeof fieldValue === "string" ? fieldValue : "";
-						body[key] = this.alepha.codec.decode(value, stringValue);
-					}
-				}
-			}
-			return {
-				body,
-				cleanup: async () => {
-					for (const file of tempFiles) await file.cleanup();
-				}
-			};
-		} catch (error) {
-			await cleanupOnError();
-			throw error;
-		}
-	}
-	/**
-	* This is a legacy code, previously we used "busboy" to parse multipart in Node.js environment.
-	* Now we rely on Web Request's formData() method, which is supported in modern Node.js versions.
-	* However, we still need to create temporary files for uploaded files to provide a consistent File-like interface.
-	*
-	* TODO: In future, we might want to refactor this to avoid using temporary files if not necessary?
-	*/
-	async createHybridFile(file, fieldName) {
-		const tmpPath = `${node_os.tmpdir()}/${(0, node_crypto.randomUUID)()}`;
-		const arrayBuffer = await file.arrayBuffer();
-		await (0, node_fs_promises.writeFile)(tmpPath, Buffer.from(arrayBuffer));
-		const fileName = file.name || `${fieldName}_${Date.now()}`;
-		return {
-			_state: {
-				cleanup: false,
-				size: file.size,
-				tmpPath
-			},
-			name: fileName,
-			type: file.type || "application/octet-stream",
-			lastModified: file.lastModified || Date.now(),
-			filepath: tmpPath,
-			get size() {
-				return this._state.size;
-			},
-			stream() {
-				return (0, node_fs.createReadStream)(tmpPath);
-			},
-			async arrayBuffer() {
-				const content = await (0, node_fs_promises.readFile)(tmpPath);
-				return content.buffer.slice(content.byteOffset, content.byteOffset + content.byteLength);
-			},
-			text: async () => {
-				return await (0, node_fs_promises.readFile)(tmpPath, "utf-8");
-			},
-			async cleanup() {
-				if (this._state.cleanup) return;
-				await (0, node_fs_promises.unlink)(tmpPath);
-				this._state.cleanup = true;
-			}
-		};
-	}
-};
-
-//#endregion
-//#region src/server-multipart/index.ts
-/**
-* This module provides support for handling multipart/form-data requests.
-* It allows to parse body data containing t.file().
-*
-* @see {@link ServerMultipartProvider}
-* @module alepha.server.multipart
-*/
-const AlephaServerMultipart = (0, alepha.$module)({
-	name: "alepha.server.multipart",
-	services: [alepha_server.AlephaServer, ServerMultipartProvider]
-});
-
-//#endregion
-//#region src/api-files/schemas/fileQuerySchema.ts
-const fileQuerySchema = alepha.t.extend(alepha_orm.pageQuerySchema, {
-	bucket: alepha.t.optional(alepha.t.string()),
-	tags: alepha.t.optional(alepha.t.array(alepha.t.string())),
-	name: alepha.t.optional(alepha.t.string()),
-	mimeType: alepha.t.optional(alepha.t.string()),
-	creator: alepha.t.optional(alepha.t.uuid()),
-	createdAfter: alepha.t.optional(alepha.t.datetime()),
-	createdBefore: alepha.t.optional(alepha.t.datetime())
-});
-
-//#endregion
-//#region src/api-files/entities/files.ts
-const files = (0, alepha_orm.$entity)({
-	name: "files",
-	schema: alepha.t.object({
-		id: alepha_orm.pg.primaryKey(alepha.t.uuid()),
-		version: alepha_orm.pg.version(),
-		createdAt: alepha_orm.pg.createdAt(),
-		updatedAt: alepha_orm.pg.updatedAt(),
-		blobId: alepha.t.text(),
-		creator: alepha.t.optional(alepha.t.uuid()),
-		creatorRealm: alepha.t.optional(alepha.t.string()),
-		creatorName: alepha.t.optional(alepha.t.string()),
-		bucket: alepha.t.text(),
-		expirationDate: alepha.t.optional(alepha.t.datetime()),
-		name: alepha.t.text(),
-		size: alepha.t.number(),
-		mimeType: alepha.t.string(),
-		tags: alepha.t.optional(alepha.t.array(alepha.t.text())),
-		checksum: alepha.t.optional(alepha.t.string())
-	}),
-	indexes: [
-		"expirationDate",
-		"bucket",
-		"creator",
-		"createdAt",
-		"mimeType",
-		{ columns: ["bucket", "createdAt"] }
-	]
-});
-
-//#endregion
-//#region src/api-files/schemas/fileResourceSchema.ts
-const fileResourceSchema = alepha.t.extend(files.schema, {}, {
-	title: "FileResource",
-	description: "A file resource representing a file stored in the system."
-});
-
-//#endregion
-//#region src/api-files/services/FileService.ts
-var FileService = class {
-	alepha = (0, alepha.$inject)(alepha.Alepha);
-	log = (0, alepha_logger.$logger)();
-	fileRepository = (0, alepha_orm.$repository)(files);
-	dateTimeProvider = (0, alepha.$inject)(alepha_datetime.DateTimeProvider);
-	defaultBucket = (0, alepha_bucket.$bucket)({ name: "default" });
-	onUploadFile = (0, alepha.$hook)({
-		on: "bucket:file:uploaded",
-		handler: async ({ file, bucket, options, id }) => {
-			if (options.persist === false) return;
-			const checksum = await this.calculateChecksum(file);
-			await this.fileRepository.create({
-				blobId: id,
-				mimeType: file.type,
-				name: file.name,
-				size: file.size,
-				creator: options.user?.id,
-				creatorRealm: options.user?.realm,
-				expirationDate: this.getExpirationDate(options.ttl),
-				bucket: bucket.name,
-				checksum
-			});
-		}
-	});
-	onDeleteBucketFile = (0, alepha.$hook)({
-		on: "bucket:file:deleted",
-		handler: async ({ bucket, id }) => {
-			await this.fileRepository.deleteMany({
-				blobId: { eq: id },
-				bucket: { eq: bucket.name }
-			});
-		}
-	});
-	/**
-	* Calculates SHA-256 checksum of a file.
-	*
-	* @param file - The file to calculate checksum for
-	* @returns Hexadecimal string representation of the SHA-256 hash
-	* @protected
-	*/
-	async calculateChecksum(file) {
-		const buffer = await file.arrayBuffer();
-		const hash = (0, node_crypto.createHash)("sha256");
-		hash.update(Buffer.from(buffer));
-		return hash.digest("hex");
-	}
-	/**
-	* Gets a bucket descriptor by name.
-	*
-	* @param bucketName - The name of the bucket to retrieve (defaults to "default")
-	* @returns The bucket descriptor
-	* @throws {NotFoundError} If the bucket is not found
-	*/
-	bucket(bucketName = this.defaultBucket.name) {
-		const bucket = this.alepha.descriptors(alepha_bucket.$bucket).find((it) => it.name === bucketName);
-		if (!bucket) throw new alepha_server.NotFoundError(`Bucket '${bucketName}' not found.`);
-		return bucket;
-	}
-	/**
-	* Finds files matching the given query criteria with pagination support.
-	* Supports filtering by bucket, tags, name, mimeType, creator, and date range.
-	*
-	* @param q - Query parameters including bucket, tags, name, mimeType, creator, date range, pagination, and sorting
-	* @returns Paginated list of file entities
-	*/
-	async findFiles(q = {}) {
-		q.sort ??= "-createdAt";
-		const where = this.fileRepository.createQueryWhere();
-		if (q.bucket) where.bucket = { eq: q.bucket };
-		if (q.tags) where.tags = { arrayContains: q.tags };
-		if (q.name) where.name = { ilike: `%${q.name}%` };
-		if (q.mimeType) where.mimeType = { eq: q.mimeType };
-		if (q.creator) where.creator = { eq: q.creator };
-		if (q.createdAfter && q.createdBefore) where.createdAt = {
-			gte: q.createdAfter,
-			lte: q.createdBefore
-		};
-		else if (q.createdAfter) where.createdAt = { gte: q.createdAfter };
-		else if (q.createdBefore) where.createdAt = { lte: q.createdBefore };
-		return await this.fileRepository.paginate(q, { where }, { count: true }).then((page) => {
-			return {
-				...page,
-				content: page.content.map((it) => this.entityToResource(it))
-			};
-		});
-	}
-	/**
-	* Finds files that have expired based on their expiration date.
-	* Limited to 1000 files per call to prevent memory issues.
-	*
-	* @returns Array of expired file entities
-	*/
-	async findExpiredFiles() {
-		return await this.fileRepository.findMany({
-			limit: 1e3,
-			where: { expirationDate: { lte: this.dateTimeProvider.nowISOString() } }
-		});
-	}
-	/**
-	* Calculates an expiration date based on a TTL (time to live) duration.
-	*
-	* @param ttl - Duration like "1 day", "2 hours", etc.
-	* @returns DateTime representation of the expiration date, or undefined if no TTL provided
-	* @protected
-	*/
-	getExpirationDate(ttl) {
-		return ttl ? this.dateTimeProvider.now().add(this.dateTimeProvider.duration(ttl)).toISOString() : void 0;
-	}
-	/**
-	* Uploads a file to a bucket and creates a database record with metadata.
-	* Automatically calculates and stores the file checksum (SHA-256).
-	*
-	* @param file - The file to upload
-	* @param options - Upload options including bucket, expiration, user, and tags
-	* @param options.bucket - Target bucket name (defaults to "default")
-	* @param options.expirationDate - When the file should expire
-	* @param options.user - User performing the upload (for audit trail)
-	* @param options.tags - Tags to associate with the file
-	* @returns The created file entity with all metadata
-	* @throws {NotFoundError} If the specified bucket doesn't exist
-	*/
-	async uploadFile(file, options = {}) {
-		const bucket = this.bucket(options.bucket);
-		const checksum = await this.calculateChecksum(file);
-		const blobId = await bucket.upload(file, { persist: false });
-		let expirationDate;
-		if (options.expirationDate) expirationDate = this.dateTimeProvider.of(options.expirationDate).toISOString();
-		else if (bucket.options.ttl) expirationDate = this.getExpirationDate(bucket.options.ttl);
-		return await this.fileRepository.create({
-			blobId,
-			mimeType: file.type,
-			name: file.name,
-			size: file.size,
-			creator: options.user?.id,
-			creatorRealm: options.user?.realm,
-			creatorName: options.user?.name,
-			expirationDate,
-			bucket: bucket.name,
-			tags: options.tags,
-			checksum
-		});
-	}
-	/**
-	* Streams a file from storage by its database ID.
-	*
-	* @param id - The database ID (UUID) of the file to stream
-	* @returns The file object ready for streaming/downloading
-	* @throws {NotFoundError} If the file doesn't exist in the database
-	* @throws {FileNotFoundError} If the file exists in database but not in storage
-	*/
-	async streamFile(id) {
-		const entity = await this.getFileById(id);
-		return await this.bucket(entity.bucket).download(entity.blobId);
-	}
-	/**
-	* Updates file metadata (name, tags, expiration date).
-	* Does not modify the actual file content in storage.
-	*
-	* @param id - The database ID (UUID) of the file to update
-	* @param data - Partial file data to update
-	* @param data.name - New file name
-	* @param data.tags - New tags array
-	* @param data.expirationDate - New expiration date
-	* @returns The updated file entity
-	* @throws {NotFoundError} If the file doesn't exist in the database
-	*/
-	async updateFile(id, data) {
-		const file = await this.getFileById(id);
-		const updateData = {};
-		if (data.name !== void 0) updateData.name = data.name;
-		if (data.tags !== void 0) updateData.tags = data.tags;
-		if (data.expirationDate !== void 0) updateData.expirationDate = this.dateTimeProvider.of(data.expirationDate).toISOString();
-		return await this.fileRepository.updateById(file.id, updateData);
-	}
-	/**
-	* Deletes a file from both storage and database.
-	* Handles cases where file is already deleted from storage gracefully.
-	* Always ensures database record is removed even if storage deletion fails.
-	*
-	* @param id - The database ID (UUID) of the file to delete
-	* @returns Success response with the deleted file ID
-	* @throws {NotFoundError} If the file doesn't exist in the database
-	*/
-	async deleteFile(id) {
-		const file = await this.getFileById(id);
-		const bucket = this.bucket(file.bucket);
-		await this.fileRepository.deleteById(file.id);
-		try {
-			await bucket.delete(file.blobId, true);
-		} catch (e) {
-			if (e instanceof alepha_bucket.FileNotFoundError) this.log.debug(`File ${file.blobId} not found in bucket ${bucket.name}, cleaning up database record`);
-			else this.log.warn(`Failed to delete file ${file.blobId} from bucket ${bucket.name}`, e);
-		}
-		return {
-			ok: true,
-			id: String(file.id)
-		};
-	}
-	/**
-	* Retrieves a file entity by its ID.
-	* If already an entity object, returns it as-is (convenience method).
-	*
-	* @param id - Either a UUID string or an existing FileEntity object
-	* @returns The file entity
-	* @throws {NotFoundError} If the file doesn't exist in the database
-	*/
-	async getFileById(id) {
-		if (typeof id === "object") return id;
-		return await this.fileRepository.findById(id);
-	}
-	/**
-	* Gets storage statistics including total size, file count, and breakdowns by bucket and MIME type.
-	*
-	* @returns Storage statistics with aggregated data
-	*/
-	async getStorageStats() {
-		const allFiles = await this.fileRepository.findMany({});
-		const totalSize = allFiles.reduce((sum, file) => sum + file.size, 0);
-		const totalFiles = allFiles.length;
-		const bucketMap = /* @__PURE__ */ new Map();
-		for (const file of allFiles) {
-			const existing = bucketMap.get(file.bucket) || {
-				totalSize: 0,
-				fileCount: 0
-			};
-			existing.totalSize += file.size;
-			existing.fileCount += 1;
-			bucketMap.set(file.bucket, existing);
-		}
-		const mimeTypeMap = /* @__PURE__ */ new Map();
-		for (const file of allFiles) {
-			const existing = mimeTypeMap.get(file.mimeType) || 0;
-			mimeTypeMap.set(file.mimeType, existing + 1);
-		}
-		return {
-			totalSize,
-			totalFiles,
-			byBucket: Array.from(bucketMap.entries()).map(([bucket, stats]) => ({
-				bucket,
-				totalSize: stats.totalSize,
-				fileCount: stats.fileCount
-			})),
-			byMimeType: Array.from(mimeTypeMap.entries()).map(([mimeType, fileCount]) => ({
-				mimeType,
-				fileCount
-			}))
-		};
-	}
-	/**
-	* Converts a file entity to a file resource (API response format).
-	* Currently a pass-through, but allows for future transformation logic.
-	*
-	* @param entity - The file entity to convert
-	* @returns The file resource for API responses
-	*/
-	entityToResource(entity) {
-		return entity;
-	}
-};
-
-//#endregion
-//#region src/api-files/controllers/FileController.ts
-/**
-* REST API controller for file management operations.
-* Provides endpoints for uploading, downloading, listing, and deleting files.
-*/
-var FileController = class {
-	url = "/files";
-	group = "files";
-	fileService = (0, alepha.$inject)(FileService);
-	/**
-	* GET /files - Lists files with optional filtering and pagination.
-	* Supports filtering by bucket and tags.
-	*/
-	findFiles = (0, alepha_server.$action)({
-		path: this.url,
-		group: this.group,
-		description: "List files with filtering and pagination",
-		schema: {
-			query: fileQuerySchema,
-			response: alepha_orm.pg.page(fileResourceSchema)
-		},
-		handler: ({ query }) => this.fileService.findFiles(query)
-	});
-	/**
-	* DELETE /files/:id - Deletes a file from both storage and database.
-	* Removes the file from the bucket and cleans up the database record.
-	*/
-	deleteFile = (0, alepha_server.$action)({
-		method: "DELETE",
-		path: `${this.url}/:id`,
-		group: this.group,
-		description: "Delete a file",
-		schema: {
-			params: alepha.t.object({ id: alepha.t.uuid() }),
-			response: alepha_server.okSchema
-		},
-		handler: ({ params }) => this.fileService.deleteFile(params.id)
-	});
-	/**
-	* POST /files - Uploads a new file to storage.
-	* Creates a database record with metadata and calculates checksum.
-	* Optionally specify bucket and expiration date.
-	*/
-	uploadFile = (0, alepha_server.$action)({
-		path: this.url,
-		group: this.group,
-		description: "Upload a new file",
-		schema: {
-			body: alepha.t.object({ file: alepha.t.file() }),
-			query: alepha.t.object({
-				expirationDate: alepha.t.optional(alepha.t.datetime()),
-				bucket: alepha.t.optional(alepha.t.string())
-			}),
-			response: fileResourceSchema
-		},
-		handler: async ({ body, user, query }) => this.fileService.uploadFile(body.file, {
-			user,
-			...query
-		})
-	});
-	/**
-	* PATCH /files/:id - Updates file metadata.
-	* Allows updating name, tags, and expiration date without modifying file content.
-	*/
-	updateFile = (0, alepha_server.$action)({
-		method: "PATCH",
-		path: `${this.url}/:id`,
-		group: this.group,
-		description: "Update file metadata",
-		schema: {
-			params: alepha.t.object({ id: alepha.t.uuid() }),
-			body: alepha.t.object({
-				name: alepha.t.optional(alepha.t.string()),
-				tags: alepha.t.optional(alepha.t.array(alepha.t.string())),
-				expirationDate: alepha.t.optional(alepha.t.datetime())
-			}),
-			response: fileResourceSchema
-		},
-		handler: ({ params, body }) => this.fileService.updateFile(params.id, body)
-	});
-	/**
-	* GET /files/:id - Streams/downloads a file by its ID.
-	* Returns the file content with appropriate Content-Type header.
-	* Cached with ETag support for 1 year (immutable).
-	*/
-	streamFile = (0, alepha_server.$action)({
-		path: `${this.url}/:id`,
-		group: this.group,
-		description: "Download a file",
-		cache: {
-			etag: true,
-			control: {
-				public: true,
-				maxAge: [1, "year"],
-				immutable: true
-			}
-		},
-		schema: {
-			params: alepha.t.object({ id: alepha.t.uuid() }),
-			response: alepha.t.file()
-		},
-		handler: async ({ params }) => {
-			return await this.fileService.streamFile(params.id);
-		}
-	});
-};
-
-//#endregion
-//#region src/server-security/providers/ServerBasicAuthProvider.ts
-var ServerBasicAuthProvider = class {
-	alepha = (0, alepha.$inject)(alepha.Alepha);
-	log = (0, alepha_logger.$logger)();
-	routerProvider = (0, alepha.$inject)(alepha_server.ServerRouterProvider);
-	realm = "Secure Area";
-	/**
-	* Registered basic auth descriptors with their configurations
-	*/
-	registeredAuths = [];
-	/**
-	* Register a basic auth configuration (called by descriptors)
-	*/
-	registerAuth(config) {
-		this.registeredAuths.push(config);
-	}
-	onStart = (0, alepha.$hook)({
-		on: "start",
-		handler: async () => {
-			for (const auth of this.registeredAuths) if (auth.paths) for (const pattern of auth.paths) {
-				const matchedRoutes = this.routerProvider.getRoutes(pattern);
-				for (const route of matchedRoutes) route.secure = { basic: {
-					username: auth.username,
-					password: auth.password
-				} };
-			}
-			if (this.registeredAuths.length > 0) this.log.info(`Initialized with ${this.registeredAuths.length} registered basic-auth configurations.`);
-		}
-	});
-	/**
-	* Hook into server:onRequest to check basic auth
-	*/
-	onRequest = (0, alepha.$hook)({
-		on: "server:onRequest",
-		handler: async ({ route, request }) => {
-			const routeAuth = route.secure;
-			if (typeof routeAuth === "object" && "basic" in routeAuth && routeAuth.basic) this.checkAuth(request, routeAuth.basic);
-		}
-	});
-	/**
-	* Hook into action:onRequest to check basic auth for actions
-	*/
-	onActionRequest = (0, alepha.$hook)({
-		on: "action:onRequest",
-		handler: async ({ action, request }) => {
-			const routeAuth = action.route.secure;
-			if (isBasicAuth(routeAuth)) this.checkAuth(request, routeAuth.basic);
-		}
-	});
-	/**
-	* Check basic authentication
-	*/
-	checkAuth(request, options) {
-		const authHeader = request.headers?.authorization;
-		if (!authHeader || !authHeader.startsWith("Basic ")) {
-			this.sendAuthRequired(request);
-			throw new alepha_server.HttpError({
-				status: 401,
-				message: "Authentication required"
-			});
-		}
-		const base64Credentials = authHeader.slice(6);
-		const credentials = Buffer.from(base64Credentials, "base64").toString("utf-8");
-		const colonIndex = credentials.indexOf(":");
-		const username = colonIndex !== -1 ? credentials.slice(0, colonIndex) : credentials;
-		const password = colonIndex !== -1 ? credentials.slice(colonIndex + 1) : "";
-		if (!this.timingSafeCredentialCheck(username, password, options.username, options.password)) {
-			this.sendAuthRequired(request);
-			this.log.warn(`Failed basic auth attempt for user`, { username });
-			throw new alepha_server.HttpError({
-				status: 401,
-				message: "Invalid credentials"
-			});
-		}
-	}
-	/**
-	* Performs a timing-safe comparison of credentials to prevent timing attacks.
-	* Always compares both username and password to avoid leaking which one is wrong.
-	*/
-	timingSafeCredentialCheck(inputUsername, inputPassword, expectedUsername, expectedPassword) {
-		const inputUserBuf = Buffer.from(inputUsername, "utf-8");
-		const expectedUserBuf = Buffer.from(expectedUsername, "utf-8");
-		const inputPassBuf = Buffer.from(inputPassword, "utf-8");
-		const expectedPassBuf = Buffer.from(expectedPassword, "utf-8");
-		return (this.safeCompare(inputUserBuf, expectedUserBuf) & this.safeCompare(inputPassBuf, expectedPassBuf)) === 1;
-	}
-	/**
-	* Compares two buffers in constant time, handling different lengths safely.
-	* Returns 1 if equal, 0 if not equal.
-	*/
-	safeCompare(input, expected) {
-		if (input.length !== expected.length) {
-			(0, node_crypto.timingSafeEqual)(input, input);
-			return 0;
-		}
-		return (0, node_crypto.timingSafeEqual)(input, expected) ? 1 : 0;
-	}
-	/**
-	* Send WWW-Authenticate header
-	*/
-	sendAuthRequired(request) {
-		request.reply.setHeader("WWW-Authenticate", `Basic realm="${this.realm}"`);
-	}
-};
-const isBasicAuth = (value) => {
-	return typeof value === "object" && !!value && "basic" in value && !!value.basic;
-};
-
-//#endregion
-//#region src/server-security/descriptors/$basicAuth.ts
-/**
-* Declares HTTP Basic Authentication for server routes.
-* This descriptor provides methods to protect routes with username/password authentication.
-*/
-const $basicAuth = (options) => {
-	return (0, alepha.createDescriptor)(BasicAuthDescriptor, options);
-};
-var BasicAuthDescriptor = class extends alepha.Descriptor {
-	serverBasicAuthProvider = (0, alepha.$inject)(ServerBasicAuthProvider);
-	get name() {
-		return this.options.name ?? `${this.config.propertyKey}`;
-	}
-	onInit() {
-		this.serverBasicAuthProvider.registerAuth(this.options);
-	}
-	/**
-	* Checks basic auth for the given request using this descriptor's configuration.
-	*/
-	check(request, options) {
-		const mergedOptions = {
-			...this.options,
-			...options
-		};
-		this.serverBasicAuthProvider.checkAuth(request, mergedOptions);
-	}
-};
-$basicAuth[alepha.KIND] = BasicAuthDescriptor;
-
-//#endregion
-//#region src/server-security/providers/ServerSecurityProvider.ts
-var ServerSecurityProvider = class {
-	log = (0, alepha_logger.$logger)();
-	securityProvider = (0, alepha.$inject)(alepha_security.SecurityProvider);
-	jwtProvider = (0, alepha.$inject)(alepha_security.JwtProvider);
-	alepha = (0, alepha.$inject)(alepha.Alepha);
-	onConfigure = (0, alepha.$hook)({
-		on: "configure",
-		handler: async () => {
-			for (const action of this.alepha.descriptors(alepha_server.$action)) {
-				if (action.options.disabled || action.options.secure === false || this.securityProvider.getRealms().length === 0) continue;
-				if (typeof action.options.secure !== "object") this.securityProvider.createPermission({
-					name: action.name,
-					group: action.group,
-					method: action.route.method,
-					path: action.route.path
-				});
-			}
-		}
-	});
-	onActionRequest = (0, alepha.$hook)({
-		on: "action:onRequest",
-		handler: async ({ action, request, options }) => {
-			if (action.options.secure === false && !options.user) {
-				this.log.trace("Skipping security check for route");
-				return;
-			}
-			if (isBasicAuth(action.route.secure)) return;
-			const permission = this.securityProvider.getPermissions().find((it) => it.path === action.route.path && it.method === action.route.method);
-			try {
-				request.user = this.createUserFromLocalFunctionContext(options, permission);
-				const route = action.route;
-				if (typeof route.secure === "object") this.check(request.user, route.secure);
-				this.alepha.state.set("alepha.server.request.user", this.alepha.codec.decode(alepha_security.userAccountInfoSchema, request.user));
-			} catch (error) {
-				if (action.options.secure || permission) throw error;
-				this.log.trace("Skipping security check for action");
-			}
-		}
-	});
-	onRequest = (0, alepha.$hook)({
-		on: "server:onRequest",
-		priority: "last",
-		handler: async ({ request, route }) => {
-			if (route.secure === false) {
-				this.log.trace("Skipping security check for route - explicitly disabled");
-				return;
-			}
-			if (isBasicAuth(route.secure)) return;
-			const permission = this.securityProvider.getPermissions().find((it) => it.path === route.path && it.method === route.method);
-			if (!request.headers.authorization && !route.secure && !permission) {
-				this.log.trace("Skipping security check for route - no authorization header and not secure");
-				return;
-			}
-			try {
-				request.user = await this.securityProvider.createUserFromToken(request.headers.authorization, { permission });
-				if (typeof route.secure === "object") this.check(request.user, route.secure);
-				this.alepha.state.set("alepha.server.request.user", this.alepha.codec.decode(alepha_security.userAccountInfoSchema, request.user));
-				this.log.trace("User set from request token", {
-					user: request.user,
-					permission
-				});
-			} catch (error) {
-				if (route.secure || permission) throw error;
-				this.log.trace("Skipping security check for route - error occurred", error);
-			}
-		}
-	});
-	check(user, secure) {
-		if (secure.realm) {
-			if (user.realm !== secure.realm) throw new alepha_server.ForbiddenError(`User must belong to realm '${secure.realm}' to access this route`);
-		}
-	}
-	/**
-	* Get the user account token for a local action call.
-	* There are three possible sources for the user:
-	* - `options.user`: the user passed in the options
-	* - `"system"`: the system user from the state (you MUST set state `server.security.system.user`)
-	* - `"context"`: the user from the request context (you MUST be in an HTTP request context)
-	*
-	* Priority order: `options.user` > `"system"` > `"context"`.
-	*
-	* In testing environment, if no user is provided, a test user is created based on the SecurityProvider's roles.
-	*/
-	createUserFromLocalFunctionContext(options, permission) {
-		const fromOptions = typeof options.user === "object" ? options.user : void 0;
-		const type = typeof options.user === "string" ? options.user : void 0;
-		let user;
-		const fromContext = this.alepha.context.get("request")?.user;
-		const fromSystem = this.alepha.state.get("alepha.server.security.system.user");
-		if (type === "system") user = fromSystem;
-		else if (type === "context") user = fromContext;
-		else user = fromOptions ?? fromContext ?? fromSystem;
-		if (!user) {
-			if (this.alepha.isTest() && !("user" in options)) return this.createTestUser();
-			throw new alepha_server.UnauthorizedError("User is required for calling this action");
-		}
-		const roles = user.roles ?? (this.alepha.isTest() ? this.securityProvider.getRoles().map((role) => role.name) : []);
-		let ownership;
-		if (permission) {
-			const result = this.securityProvider.checkPermission(permission, ...roles);
-			if (!result.isAuthorized) throw new alepha_server.ForbiddenError(`Permission '${this.securityProvider.permissionToString(permission)}' is required for this route`);
-			ownership = result.ownership;
-		}
-		return {
-			...user,
-			ownership
-		};
-	}
-	createTestUser() {
-		return {
-			id: (0, node_crypto.randomUUID)(),
-			name: "Test",
-			roles: this.securityProvider.getRoles().map((role) => role.name)
-		};
-	}
-	onClientRequest = (0, alepha.$hook)({
-		on: "client:onRequest",
-		handler: async ({ request, options }) => {
-			if (!this.alepha.isTest()) return;
-			if ("user" in options && options.user === void 0) return;
-			request.headers = new Headers(request.headers);
-			if (!request.headers.has("authorization")) {
-				const test = this.createTestUser();
-				const user = typeof options?.user === "object" ? options.user : void 0;
-				const sub = user?.id ?? test.id;
-				const roles = user?.roles ?? test.roles;
-				const token = await this.jwtProvider.create({
-					sub,
-					roles
-				}, user?.realm ?? this.securityProvider.getRealms()[0]?.name);
-				request.headers.set("authorization", `Bearer ${token}`);
-			}
-		}
-	});
-};
-
-//#endregion
-//#region src/server-security/index.ts
-/**
-* Plugin for Alepha Server that provides security features. Based on the Alepha Security module.
-*
-* By default, all $action will be guarded by a permission check.
-*
-* @see {@link ServerSecurityProvider}
-* @module alepha.server.security
-*/
-const AlephaServerSecurity = (0, alepha.$module)({
-	name: "alepha.server.security",
-	descriptors: [
-		alepha_security.$realm,
-		alepha_security.$role,
-		alepha_security.$permission,
-		$basicAuth
-	],
-	services: [
-		alepha_server.AlephaServer,
-		alepha_security.AlephaSecurity,
-		ServerSecurityProvider,
-		ServerBasicAuthProvider
-	]
-});
-
-//#endregion
-//#region src/api-files/schemas/storageStatsSchema.ts
-const bucketStatsSchema = alepha.t.object({
-	bucket: alepha.t.string(),
-	totalSize: alepha.t.number(),
-	fileCount: alepha.t.number()
-});
-const mimeTypeStatsSchema = alepha.t.object({
-	mimeType: alepha.t.string(),
-	fileCount: alepha.t.number()
-});
-const storageStatsSchema = alepha.t.object({
-	totalSize: alepha.t.number(),
-	totalFiles: alepha.t.number(),
-	byBucket: alepha.t.array(bucketStatsSchema),
-	byMimeType: alepha.t.array(mimeTypeStatsSchema)
-});
-
-//#endregion
-//#region src/api-files/controllers/StorageStatsController.ts
-/**
-* REST API controller for storage analytics and statistics.
-* Provides endpoints for viewing storage usage metrics.
-*/
-var StorageStatsController = class {
-	url = "/files/stats";
-	group = "files";
-	fileService = (0, alepha.$inject)(FileService);
-	/**
-	* GET /files/stats - Gets storage statistics.
-	* Returns aggregated data including total size, file count,
-	* and breakdowns by bucket and MIME type.
-	*/
-	getStats = (0, alepha_server.$action)({
-		path: this.url,
-		group: this.group,
-		description: "Get storage statistics",
-		schema: { response: storageStatsSchema },
-		handler: () => this.fileService.getStorageStats()
-	});
-};
-
-//#endregion
-//#region src/api-files/jobs/FileJobs.ts
-var FileJobs = class {
-	fileService = (0, alepha.$inject)(FileService);
-	purgeFiles = (0, alepha_scheduler.$scheduler)({
-		description: "Purge files that are marked for deletion",
-		cron: "*/15 * * * *",
-		handler: async () => {
-			const files$1 = await this.fileService.findExpiredFiles();
-			await Promise.all(files$1.map((file) => this.fileService.deleteFile(file.id)));
-		}
-	});
-};
-
-//#endregion
-//#region src/api-files/index.ts
-/**
-* Provides file management API endpoints for Alepha applications.
-*
-* This module includes file upload, download, storage management,
-* and file metadata operations.
-*
-* @module alepha.api.files
-*/
-const AlephaApiFiles = (0, alepha.$module)({
-	name: "alepha.api.files",
-	services: [
-		FileController,
-		StorageStatsController,
-		FileJobs,
-		FileService
-	],
-	register: (alepha$1) => {
-		alepha$1.with(alepha_bucket.AlephaBucket).with(AlephaServerCache).with(AlephaServerMultipart).with(FileController).with(StorageStatsController).with(FileJobs);
-	}
-});
-
-//#endregion
-exports.AlephaApiFiles = AlephaApiFiles;
-exports.FileController = FileController;
-exports.FileService = FileService;
-exports.StorageStatsController = StorageStatsController;
-exports.bucketStatsSchema = bucketStatsSchema;
-exports.files = files;
-exports.mimeTypeStatsSchema = mimeTypeStatsSchema;
-exports.storageStatsSchema = storageStatsSchema;
-//# sourceMappingURL=index.cjs.map