alepha 0.21.0 → 0.21.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (120) hide show
  1. package/dist/api/audits/index.d.ts +2 -2
  2. package/dist/api/files/index.d.ts +44 -3
  3. package/dist/api/files/index.d.ts.map +1 -1
  4. package/dist/api/files/index.js +59 -3
  5. package/dist/api/files/index.js.map +1 -1
  6. package/dist/api/parameters/index.d.ts +2 -2
  7. package/dist/api/users/index.d.ts +9 -9
  8. package/dist/api/users/index.d.ts.map +1 -1
  9. package/dist/api/users/index.js +28 -26
  10. package/dist/api/users/index.js.map +1 -1
  11. package/dist/api/verifications/index.browser.js +1 -0
  12. package/dist/api/verifications/index.browser.js.map +1 -1
  13. package/dist/api/verifications/index.d.ts +17 -0
  14. package/dist/api/verifications/index.d.ts.map +1 -1
  15. package/dist/api/verifications/index.js +5 -1
  16. package/dist/api/verifications/index.js.map +1 -1
  17. package/dist/cli/core/index.d.ts +74 -5
  18. package/dist/cli/core/index.d.ts.map +1 -1
  19. package/dist/cli/core/index.js +152 -34
  20. package/dist/cli/core/index.js.map +1 -1
  21. package/dist/cli/platform/index.d.ts +53 -92
  22. package/dist/cli/platform/index.d.ts.map +1 -1
  23. package/dist/cli/platform/index.js +128 -195
  24. package/dist/cli/platform/index.js.map +1 -1
  25. package/dist/containers/core/index.d.ts +238 -0
  26. package/dist/containers/core/index.d.ts.map +1 -0
  27. package/dist/containers/core/index.js +222 -0
  28. package/dist/containers/core/index.js.map +1 -0
  29. package/dist/containers/core/index.workerd.js +177 -0
  30. package/dist/containers/core/index.workerd.js.map +1 -0
  31. package/dist/core/index.browser.js +6 -0
  32. package/dist/core/index.browser.js.map +1 -1
  33. package/dist/core/index.d.ts.map +1 -1
  34. package/dist/core/index.js +6 -0
  35. package/dist/core/index.js.map +1 -1
  36. package/dist/core/index.native.js +6 -0
  37. package/dist/core/index.native.js.map +1 -1
  38. package/dist/core/index.workerd.js +6 -0
  39. package/dist/core/index.workerd.js.map +1 -1
  40. package/dist/email/cloudflare/index.d.ts +90 -0
  41. package/dist/email/cloudflare/index.d.ts.map +1 -0
  42. package/dist/email/cloudflare/index.js +116 -0
  43. package/dist/email/cloudflare/index.js.map +1 -0
  44. package/dist/orm/core/index.bun.js +2 -2
  45. package/dist/orm/core/index.bun.js.map +1 -1
  46. package/dist/orm/core/index.d.ts.map +1 -1
  47. package/dist/orm/core/index.js +2 -2
  48. package/dist/orm/core/index.js.map +1 -1
  49. package/dist/react/form/index.d.ts +36 -1
  50. package/dist/react/form/index.d.ts.map +1 -1
  51. package/dist/react/form/index.js +91 -3
  52. package/dist/react/form/index.js.map +1 -1
  53. package/dist/react/router/index.browser.js +56 -8
  54. package/dist/react/router/index.browser.js.map +1 -1
  55. package/dist/react/router/index.d.ts +5 -0
  56. package/dist/react/router/index.d.ts.map +1 -1
  57. package/dist/react/router/index.js +55 -7
  58. package/dist/react/router/index.js.map +1 -1
  59. package/dist/server/core/index.d.ts.map +1 -1
  60. package/dist/server/core/index.js +1 -1
  61. package/dist/server/core/index.js.map +1 -1
  62. package/package.json +23 -1
  63. package/src/api/files/controllers/FileController.ts +41 -1
  64. package/src/api/files/providers/FileAccessProvider.ts +23 -1
  65. package/src/api/files/services/FileService.ts +5 -3
  66. package/src/api/users/services/CredentialService.ts +37 -26
  67. package/src/api/verifications/entities/verifications.ts +8 -0
  68. package/src/api/verifications/services/VerificationService.ts +14 -0
  69. package/src/cli/core/__tests__/BuildDockerTask.spec.ts +24 -0
  70. package/src/cli/core/__tests__/init.spec.ts +11 -0
  71. package/src/cli/core/atoms/buildOptions.ts +15 -0
  72. package/src/cli/core/commands/build.ts +14 -2
  73. package/src/cli/core/commands/db.ts +4 -0
  74. package/src/cli/core/services/ProjectScaffolder.ts +14 -6
  75. package/src/cli/core/tasks/BuildAssetsTask.ts +3 -0
  76. package/src/cli/core/tasks/BuildClientTask.ts +3 -0
  77. package/src/cli/core/tasks/BuildCloudflareTask.ts +136 -2
  78. package/src/cli/core/tasks/BuildCompressTask.ts +3 -0
  79. package/src/cli/core/tasks/BuildDockerTask.ts +12 -1
  80. package/src/cli/core/tasks/BuildPrerenderTask.ts +3 -0
  81. package/src/cli/core/tasks/BuildPwaTask.ts +3 -0
  82. package/src/cli/core/tasks/BuildServerTask.ts +3 -0
  83. package/src/cli/core/tasks/BuildTask.ts +8 -0
  84. package/src/cli/core/templates/saasAuthLayoutTsx.ts +9 -7
  85. package/src/cli/core/templates/saasRealmProviderTs.ts +24 -18
  86. package/src/cli/platform/__tests__/NamingService.spec.ts +0 -42
  87. package/src/cli/platform/__tests__/PlatformInspector.spec.ts +4 -48
  88. package/src/cli/platform/adapters/CloudflareAdapter.ts +24 -48
  89. package/src/cli/platform/adapters/PlatformAdapter.ts +8 -0
  90. package/src/cli/platform/adapters/VercelAdapter.ts +5 -15
  91. package/src/cli/platform/atoms/platformOptions.ts +0 -5
  92. package/src/cli/platform/commands/platform.ts +90 -93
  93. package/src/cli/platform/index.ts +16 -4
  94. package/src/cli/platform/services/NamingService.ts +11 -12
  95. package/src/cli/platform/services/PlatformInspector.ts +9 -43
  96. package/src/cli/platform/services/PlatformOrchestrator.ts +40 -98
  97. package/src/containers/core/__tests__/$container.spec.ts +83 -0
  98. package/src/containers/core/index.ts +50 -0
  99. package/src/containers/core/index.workerd.ts +37 -0
  100. package/src/containers/core/interfaces/ContainerOptions.ts +69 -0
  101. package/src/containers/core/primitives/$container.ts +100 -0
  102. package/src/containers/core/providers/CloudflareContainerProvider.ts +72 -0
  103. package/src/containers/core/providers/ContainerProvider.ts +78 -0
  104. package/src/containers/core/providers/MockContainerProvider.ts +62 -0
  105. package/src/containers/core/providers/NodeContainerProvider.ts +53 -0
  106. package/src/core/Alepha.ts +15 -0
  107. package/src/email/cloudflare/__tests__/CloudflareEmailProvider.spec.ts +150 -0
  108. package/src/email/cloudflare/index.ts +26 -0
  109. package/src/email/cloudflare/providers/CloudflareEmailProvider.ts +160 -0
  110. package/src/orm/core/services/Repository.ts +11 -2
  111. package/src/react/form/hooks/useFormQuerySync.ts +0 -0
  112. package/src/react/form/index.ts +1 -0
  113. package/src/react/form/services/FormModel.ts +18 -2
  114. package/src/react/router/__tests__/$page.browser.spec.tsx +123 -1
  115. package/src/react/router/components/ErrorViewer.tsx +29 -7
  116. package/src/react/router/providers/ReactBrowserProvider.ts +21 -5
  117. package/src/react/router/providers/ReactPageProvider.ts +81 -3
  118. package/src/server/core/providers/ServerRouterProvider.ts +7 -1
  119. package/src/cli/platform/hooks/PlatformHook.ts +0 -51
  120. package/src/orm/REFACTORING.md +0 -330
package/dist/api/audits/index.d.ts CHANGED
@@ -580,9 +580,9 @@ declare class AdminAuditController {
580
580
  }>;
581
581
  query: _$typebox.TObject<{
582
582
  type: _$typebox.TOptional<_$typebox.TString>;
583
- search: _$typebox.TOptional<_$typebox.TString>;
584
583
  action: _$typebox.TOptional<_$typebox.TString>;
585
584
  severity: _$typebox.TOptional<_$typebox.TUnsafe<"info" | "warning" | "critical">>;
585
+ search: _$typebox.TOptional<_$typebox.TString>;
586
586
  sort: _$typebox.TOptional<_$typebox.TString>;
587
587
  userRealm: _$typebox.TOptional<_$typebox.TString>;
588
588
  resourceType: _$typebox.TOptional<_$typebox.TString>;
@@ -625,9 +625,9 @@ declare class AdminAuditController {
625
625
  }>;
626
626
  query: _$typebox.TObject<{
627
627
  type: _$typebox.TOptional<_$typebox.TString>;
628
- search: _$typebox.TOptional<_$typebox.TString>;
629
628
  action: _$typebox.TOptional<_$typebox.TString>;
630
629
  severity: _$typebox.TOptional<_$typebox.TUnsafe<"info" | "warning" | "critical">>;
630
+ search: _$typebox.TOptional<_$typebox.TString>;
631
631
  sort: _$typebox.TOptional<_$typebox.TString>;
632
632
  userId: _$typebox.TOptional<_$typebox.TString>;
633
633
  userRealm: _$typebox.TOptional<_$typebox.TString>;
package/dist/api/files/index.d.ts CHANGED
@@ -514,14 +514,16 @@ declare class FileService {
514
514
  tags?: string[];
515
515
  }): Promise<FileEntity>;
516
516
  /**
517
- * Streams a file from storage by its database ID.
517
+ * Streams a file from storage by its database ID, or directly from an
518
+ * already-loaded `FileEntity` to avoid a duplicate DB roundtrip when the
519
+ * caller has already fetched the row (e.g. after an access check).
518
520
  *
519
- * @param id - The database ID (UUID) of the file to stream
521
+ * @param id - The database ID (UUID) of the file, or the entity itself
520
522
  * @returns The file object ready for streaming/downloading
521
523
  * @throws {NotFoundError} If the file doesn't exist in the database
522
524
  * @throws {FileNotFoundError} If the file exists in database but not in storage
523
525
  */
524
- streamFile(id: string): Promise<FileLike>;
526
+ streamFile(id: string | FileEntity): Promise<FileLike>;
525
527
  /**
526
528
  * Updates file metadata (name, tags, expiration date).
527
529
  * Does not modify the actual file content in storage.
@@ -642,6 +644,25 @@ declare class FileAccessProvider {
642
644
  * implementation is strict: only the uploader passes.
643
645
  */
644
646
  assertReadable(file: FileEntity, user: UserAccountToken | undefined): Promise<void>;
647
+ /**
648
+ * Throws when `file` may not be served through the anonymous
649
+ * `/public/files/:id` route. The default is deny-all: nothing is public
650
+ * unless this method is overridden. Throws `NotFoundError` (not 403) so the
651
+ * endpoint doesn't leak the existence of private file ids.
652
+ *
653
+ * Typical override matches on bucket name:
654
+ *
655
+ * ```ts
656
+ * class MyAccess extends FileAccessProvider {
657
+ * async assertPublic(file) {
658
+ * if (file.bucket === "avatars") return;
659
+ * if (file.bucket === "campaign-icons") return;
660
+ * return super.assertPublic(file);
661
+ * }
662
+ * }
663
+ * ```
664
+ */
665
+ assertPublic(file: FileEntity): Promise<void>;
645
666
  }
646
667
  //#endregion
647
668
  //#region ../../src/api/files/controllers/FileController.d.ts
@@ -800,6 +821,26 @@ declare class FileController {
800
821
  }>;
801
822
  response: _$alepha.TFile;
802
823
  }>;
824
+ /**
825
+ * GET /public/files/:id - Anonymous, edge-cacheable download.
826
+ *
827
+ * Authorization is delegated to `FileAccessProvider.assertPublic`. The
828
+ * default policy is deny-all (throws `NotFoundError`), so consuming apps
829
+ * must override the provider to opt files in — typically by bucket name
830
+ * (avatars, campaign icons, etc.).
831
+ *
832
+ * Cache-Control is `public, immutable, max-age=1y` so Cloudflare's edge
833
+ * cache and any intermediary proxy can serve subsequent hits without
834
+ * touching the Worker. The split URL prefix (vs `/files/:id`) is what
835
+ * makes this safe: edge cache is URL-keyed, so public and private files
836
+ * live in separate cache lanes.
837
+ */
838
+ readonly streamPublicFile: _$alepha_server0.ActionPrimitiveFn<{
839
+ params: _$typebox.TObject<{
840
+ id: _$typebox.TString;
841
+ }>;
842
+ response: _$alepha.TFile;
843
+ }>;
803
844
  }
804
845
  //#endregion
805
846
  //#region ../../src/api/files/jobs/FileJobs.d.ts
package/dist/api/files/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","names":[],"sources":["../../../src/api/files/entities/files.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/orm/core/schemas/insertSchema.ts","../../../src/orm/core/schemas/updateSchema.ts","../../../src/orm/core/primitives/$entity.ts","../../../src/orm/core/constants/PG_SYMBOLS.ts","../../../src/orm/core/helpers/pgAttr.ts","../../../src/orm/core/schemas/databaseEnvSchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/services/FileService.ts","../../../src/api/files/controllers/AdminFileStatsController.ts","../../../src/api/files/providers/FileAccessProvider.ts","../../../src/api/files/controllers/FileController.ts","../../../src/api/files/jobs/FileJobs.ts","../../../src/api/files/index.ts"],"mappings":";;;;;;;;;;;;;;;cAGa,KAAA,EAAK,aAAA,CAAA,eAAA,WAAA,OAAA;gDAuDhB,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;AAvDF;;;;;;;;;;;;;;;;;;;;;;KAyDY,UAAA,GAAa,MAAA,QAAc,KAAA,CAAM,MAAA;;;cCxDhC,eAAA,YAAe,OAAA;4BAQ1B,SAAA,CAAA,QAAA;;;;;;;;;;;KAEU,SAAA,GAAY,MAAA,QAAc,eAAA;;;;;;;;;;;;KCG1B,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA;EAAA,CACjB,UAAA;AAAA;EAAA,CACA,eAAA;AAAA;EACD,WAAA;AAAA,IACF,SAAA,CAAU,CAAA,eAAgB,CAAA,KAC1B,CAAA,eAAgB,CAAA;;;;;;;;;;;;KCTV,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA,UAAW,SAAA,YAC/B,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,MACrB,CAAA,eAAgB,CAAA;;;UCWL,sBAAA,WACL,OAAA,eACG,MAAA,CAAO,CAAA;;;;;EAMpB,IAAA;;;;EAKA,MAAA,EAAQ,CAAA;;;;EAKR,OAAA,IACI,IAAA;;;;IAKE,MAAA,EAAQ,IAAA;;;;IAIR,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;IAMR,OAAA,EAAS,IAAA;;;;IAIT,MAAA;;;;IAIA,IAAA;IJnFU;;;IIuFV,KAAA,GAAQ,GAAA;EAAA;;;;;;;;;;;;;;;;;IAmBR,WAAA,GAAc,IAAA,EAAM,MAAA,CAAO,IAAA,qBAAyB,GAAA;;;;IAIpD,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAOd,WAAA,GAAc,KAAA;;;;IAIZ,IAAA;;;;IAIA,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;;IAK5B,cAAA,EAAgB,KAAA,OAAY,YAAA;EAAA;;;;;;;;;;;;;;AJjFhC;;;;;;;;;;;;ACxDA;;;;;;EG2KE,WAAA,GAAc,KAAA;;;;IAIZ,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;IAI5B,IAAA;;;;IAIA,MAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAMV,MAAA,IACE,IAAA,EAAM,uBAAA,SAAgC,UAAA,CAAW,CAAA,aAC9C,uBAAA;AAAA;AAAA,cAKM,eAAA,WAA0B,OAAA,GAAU,OAAA;EAAA,SAC/B,OAAA,EAAS,sBAAA,CAAuB,CAAA;cAEpC,OAAA,EAAS,sBAAA,CAAuB,CAAA;EAI5C,KAAA,CAAM,KAAA;EAAA,IAYF,IAAA,CAAA,GAAQ,aAAA,CAAc,CAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,CAAA;EAAA,IAIV,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;EAAA,IAI9B,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;AAAA;;;;KAYxB,UAAA,WAAqB,OAAA,oBACjB,CAAA,iBAAkB,mBAAA;AAAA,KAYtB,YAAA,WAAuB,OAAA;EACjC,IAAA;EACA,MAAA,EAAQ,eAAA,CAAgB,CAAA;AAAA;AAAA,KAGd,aAAA,WAAwB,OAAA,oBACpB,CAAA,iBAAkB,YAAA,CAAa,CAAA;;;cCjRlC,UAAA;AAAA,cACA,cAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,UAAA;AAAA,cACA,WAAA;AAAA,cACA,OAAA;AAAA,cACA,MAAA;AAAA,cACA,YAAA;AAAA,cACA,eAAA;;;;cAKA,SAAA;AAAA,KAMD,SAAA;EAAA,CACT,UAAA;EAAA,CACA,cAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,UAAA;EAAA,CACA,WAAA,GAAc,iBAAA;EAAA,CACd,MAAA,GAAS,YAAA;EAAA,CACT,OAAA,GAAU,aAAA;EAAA,CACV,YAAA,GAAe,kBAAA;EAAA,CACf,eAAA;;;;GAKA,SAAA;AAAA;AAAA,KAGS,YAAA,SAAqB,SAAA;AAAA,KAErB,iBAAA;EACV,IAAA;AAAA,IACE,iBAAA;EACA,IAAA;AAAA;AAAA,UAGa,aAAA;EACf,IAAA;EACA,WAAA;AAAA;AAAA,UAGe,kBAAA;;;;EAIf,UAAA,EAAY,GAAA;;;;;;EAOZ,IAAA;AAAA;AAAA,UAGe,YAAA;EACf,GAAA;IACE,IAAA;IACA,MAAA,EAAQ,eAAA;EAAA;EAEV,OAAA;IACE,QAAA,GAAW,kBAAA;IACX,QAAA,GAAW,kBAAA;EAAA;AAAA;;;AL9Ef;;;AAAA,KMkDY,MAAA,WAAiB,OAAA,gBAAuB,YAAA,IAAgB,CAAA,WAC5D,KAAA,GAAQ,SAAA,CAAU,CAAA;;;;;;;;;;;;;;;;cCvCb,iBAAA,YAAiB,OAAA;oCAW5B,SAAA,CAAA,OAAA;;;;;;;APvBF;;;;YO0BY,GAAA,SAAY,OAAA,CAAQ,MAAA,QAAc,iBAAA;AAAA;;;cC1BjC,kBAAA,YAAkB,OAAA;oBAO9B,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;KAEW,YAAA,GAAe,MAAA,QAAc,kBAAA;;;cCT5B,iBAAA,YAAiB,OAAA;UAI5B,SAAA,CAAA,OAAA;;;;cAEW,mBAAA,YAAmB,OAAA;YAG9B,SAAA,CAAA,OAAA;;;cAEW,kBAAA,YAAkB,OAAA;aAK7B,SAAA,CAAA,OAAA;;;;;;;;;;;;KAEU,WAAA,GAAc,MAAA,QAAc,iBAAA;AAAA,KAC5B,aAAA,GAAgB,MAAA,QAAc,mBAAA;AAAA,KAC9B,YAAA,GAAe,MAAA,QAAc,kBAAA;;;cCD5B,WAAA;EAAA,mBACQ,MAAA,EAAM,MAAA;EAAA,mBACN,GAAA,EADM,gBAAA,CACH,MAAA;EAAA,mBACH,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,aAAA,EAAa,eAAA;EAAA,SAChB,cAAA,EAAc,aAAA,CAAA,UAAA,WAAA,OAAA;kDADE,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;YAGtB,YAAA,EAFoB,QAAA,CAER,aAAA;EAAA,UAwBZ,kBAAA,EAxBY,QAAA,CAwBM,aAAA;;;;;;;;YAmBZ,iBAAA,CAAkB,IAAA,EAAM,QAAA,GAAW,OAAA;;;;;;;;EAc5C,MAAA,CAAO,UAAA,YAA+C,eAAA;;;;;;;;EAqBhD,SAAA,CAAU,CAAA,GAAG,SAAA,GAAiB,OAAA,CAAQ,IAAA,CAAK,UAAA;;;;;;;EAoD3C,gBAAA,CAAA,GAAoB,OAAA,CAAQ,UAAA;;;;;;;;YAgB/B,iBAAA,CAAkB,GAAA,GAAM,YAAA;;;;;;;;;;;;;;EAsBrB,UAAA,CACX,IAAA,EAAM,QAAA,EACN,OAAA;IACE,cAAA,YAA0B,QAAA;IAC1B,MAAA;IACA,IAAA,GAAO,gBAAA;IACP,IAAA;EAAA,IAED,OAAA,CAAQ,UAAA;;;;;;;;;EAuCE,UAAA,CAAW,EAAA,WAAa,OAAA,CAAQ,QAAA;;;;;;;;;;;;;EAmBhC,UAAA,CACX,EAAA,UACA,IAAA;IACE,IAAA;IACA,IAAA;IACA,cAAA,GAAiB,QAAA;EAAA,IAElB,OAAA,CAAQ,UAAA;;;;;;;;;;EA+BE,UAAA,CAAW,EAAA,WAAa,OAAA,CAAQ,EAAA;;;;;;EAgChC,WAAA,CAAY,GAAA,aAAgB,OAAA;EVjR/B;;;;;;;;EU6TG,WAAA,CAAY,EAAA,WAAa,UAAA,GAAa,OAAA,CAAQ,UAAA;;;;ATrX7D;;ESkYe,eAAA,CAAA,GAAmB,OAAA,CAAQ,YAAA;ET1XxC;;;;;;;ES8aO,gBAAA,CAAiB,MAAA,EAAQ,UAAA,GAAa,YAAA;AAAA;;;;;;;cChblC,wBAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;;;;;;WAOd,YAAA,mBAAY,iBAAA;;iBAPE,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AXVhC;;;cYwBa,kBAAA;;;;;;EAML,cAAA,CACJ,IAAA,EAAM,UAAA,EACN,IAAA,EAAM,gBAAA,eACL,OAAA;AAAA;;;;;;;cCvBQ,cAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;EAAA,mBACX,UAAA,EAAU,kBAAA;;;;;WAMb,SAAA,mBAAS,iBAAA;;gCANI,SAAA,CAAA,QAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAsBb,UAAA,mBAAU,iBAAA;;UAhBD,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;WAmCT,WAAA,mBAAW,iBAAA;;4BAnBD,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;WA4CV,UAAA,mBAAU,iBAAA;;YAzBC,QAAA,CAAA,KAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAmDX,UAAA,mBAAU,iBAAA;;UA1BA,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;EbvBH;;;;;;;;ACxDzB;;;EDwDyB,SagFP,UAAA,mBAAU,iBAAA;;UA/BA,SAAA,CAAA,OAAA;IAAA;;;;;;cCzGf,QAAA;EAAA,mBACQ,WAAA,EAAW,WAAA;EAAA,SAEd,UAAA,EAFc,mBAAA,CAEJ,kBAAA;AAAA;;;;YCiBhB,iBAAA;;;;IAIR,GAAA,GAAM,YAAA;;;;IAKN,IAAA;;;;IAKA,IAAA,GAAO,gBAAA;IfoBT;;;;;IebE,OAAA;EAAA;AAAA;;;;;;;;;;;;cAiBS,cAAA,EAAc,QAAA,CAAA,OAAA,CAUzB,QAAA,CAVyB,MAAA"}
1
+ {"version":3,"file":"index.d.ts","names":[],"sources":["../../../src/api/files/entities/files.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/orm/core/schemas/insertSchema.ts","../../../src/orm/core/schemas/updateSchema.ts","../../../src/orm/core/primitives/$entity.ts","../../../src/orm/core/constants/PG_SYMBOLS.ts","../../../src/orm/core/helpers/pgAttr.ts","../../../src/orm/core/schemas/databaseEnvSchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/services/FileService.ts","../../../src/api/files/controllers/AdminFileStatsController.ts","../../../src/api/files/providers/FileAccessProvider.ts","../../../src/api/files/controllers/FileController.ts","../../../src/api/files/jobs/FileJobs.ts","../../../src/api/files/index.ts"],"mappings":";;;;;;;;;;;;;;;cAGa,KAAA,EAAK,aAAA,CAAA,eAAA,WAAA,OAAA;gDAuDhB,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;AAvDF;;;;;;;;;;;;;;;;;;;;;;KAyDY,UAAA,GAAa,MAAA,QAAc,KAAA,CAAM,MAAA;;;cCxDhC,eAAA,YAAe,OAAA;4BAQ1B,SAAA,CAAA,QAAA;;;;;;;;;;;KAEU,SAAA,GAAY,MAAA,QAAc,eAAA;;;;;;;;;;;;KCG1B,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA;EAAA,CACjB,UAAA;AAAA;EAAA,CACA,eAAA;AAAA;EACD,WAAA;AAAA,IACF,SAAA,CAAU,CAAA,eAAgB,CAAA,KAC1B,CAAA,eAAgB,CAAA;;;;;;;;;;;;KCTV,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA,UAAW,SAAA,YAC/B,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,MACrB,CAAA,eAAgB,CAAA;;;UCWL,sBAAA,WACL,OAAA,eACG,MAAA,CAAO,CAAA;;;;;EAMpB,IAAA;;;;EAKA,MAAA,EAAQ,CAAA;;;;EAKR,OAAA,IACI,IAAA;;;;IAKE,MAAA,EAAQ,IAAA;;;;IAIR,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;IAMR,OAAA,EAAS,IAAA;;;;IAIT,MAAA;;;;IAIA,IAAA;IJnFU;;;IIuFV,KAAA,GAAQ,GAAA;EAAA;;;;;;;;;;;;;;;;;IAmBR,WAAA,GAAc,IAAA,EAAM,MAAA,CAAO,IAAA,qBAAyB,GAAA;;;;IAIpD,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAOd,WAAA,GAAc,KAAA;;;;IAIZ,IAAA;;;;IAIA,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;;IAK5B,cAAA,EAAgB,KAAA,OAAY,YAAA;EAAA;;;;;;;;;;;;;;AJjFhC;;;;;;;;;;;;ACxDA;;;;;;EG2KE,WAAA,GAAc,KAAA;;;;IAIZ,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;IAI5B,IAAA;;;;IAIA,MAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAMV,MAAA,IACE,IAAA,EAAM,uBAAA,SAAgC,UAAA,CAAW,CAAA,aAC9C,uBAAA;AAAA;AAAA,cAKM,eAAA,WAA0B,OAAA,GAAU,OAAA;EAAA,SAC/B,OAAA,EAAS,sBAAA,CAAuB,CAAA;cAEpC,OAAA,EAAS,sBAAA,CAAuB,CAAA;EAI5C,KAAA,CAAM,KAAA;EAAA,IAYF,IAAA,CAAA,GAAQ,aAAA,CAAc,CAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,CAAA;EAAA,IAIV,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;EAAA,IAI9B,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;AAAA;;;;KAYxB,UAAA,WAAqB,OAAA,oBACjB,CAAA,iBAAkB,mBAAA;AAAA,KAYtB,YAAA,WAAuB,OAAA;EACjC,IAAA;EACA,MAAA,EAAQ,eAAA,CAAgB,CAAA;AAAA;AAAA,KAGd,aAAA,WAAwB,OAAA,oBACpB,CAAA,iBAAkB,YAAA,CAAa,CAAA;;;cCjRlC,UAAA;AAAA,cACA,cAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,UAAA;AAAA,cACA,WAAA;AAAA,cACA,OAAA;AAAA,cACA,MAAA;AAAA,cACA,YAAA;AAAA,cACA,eAAA;;;;cAKA,SAAA;AAAA,KAMD,SAAA;EAAA,CACT,UAAA;EAAA,CACA,cAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,UAAA;EAAA,CACA,WAAA,GAAc,iBAAA;EAAA,CACd,MAAA,GAAS,YAAA;EAAA,CACT,OAAA,GAAU,aAAA;EAAA,CACV,YAAA,GAAe,kBAAA;EAAA,CACf,eAAA;;;;GAKA,SAAA;AAAA;AAAA,KAGS,YAAA,SAAqB,SAAA;AAAA,KAErB,iBAAA;EACV,IAAA;AAAA,IACE,iBAAA;EACA,IAAA;AAAA;AAAA,UAGa,aAAA;EACf,IAAA;EACA,WAAA;AAAA;AAAA,UAGe,kBAAA;;;;EAIf,UAAA,EAAY,GAAA;;;;;;EAOZ,IAAA;AAAA;AAAA,UAGe,YAAA;EACf,GAAA;IACE,IAAA;IACA,MAAA,EAAQ,eAAA;EAAA;EAEV,OAAA;IACE,QAAA,GAAW,kBAAA;IACX,QAAA,GAAW,kBAAA;EAAA;AAAA;;;AL9Ef;;;AAAA,KMkDY,MAAA,WAAiB,OAAA,gBAAuB,YAAA,IAAgB,CAAA,WAC5D,KAAA,GAAQ,SAAA,CAAU,CAAA;;;;;;;;;;;;;;;;cCvCb,iBAAA,YAAiB,OAAA;oCAW5B,SAAA,CAAA,OAAA;;;;;;;APvBF;;;;YO0BY,GAAA,SAAY,OAAA,CAAQ,MAAA,QAAc,iBAAA;AAAA;;;cC1BjC,kBAAA,YAAkB,OAAA;oBAO9B,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;KAEW,YAAA,GAAe,MAAA,QAAc,kBAAA;;;cCT5B,iBAAA,YAAiB,OAAA;UAI5B,SAAA,CAAA,OAAA;;;;cAEW,mBAAA,YAAmB,OAAA;YAG9B,SAAA,CAAA,OAAA;;;cAEW,kBAAA,YAAkB,OAAA;aAK7B,SAAA,CAAA,OAAA;;;;;;;;;;;;KAEU,WAAA,GAAc,MAAA,QAAc,iBAAA;AAAA,KAC5B,aAAA,GAAgB,MAAA,QAAc,mBAAA;AAAA,KAC9B,YAAA,GAAe,MAAA,QAAc,kBAAA;;;cCD5B,WAAA;EAAA,mBACQ,MAAA,EAAM,MAAA;EAAA,mBACN,GAAA,EADM,gBAAA,CACH,MAAA;EAAA,mBACH,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,aAAA,EAAa,eAAA;EAAA,SAChB,cAAA,EAAc,aAAA,CAAA,UAAA,WAAA,OAAA;kDADE,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;YAGtB,YAAA,EAFoB,QAAA,CAER,aAAA;EAAA,UAwBZ,kBAAA,EAxBY,QAAA,CAwBM,aAAA;;;;;;;;YAmBZ,iBAAA,CAAkB,IAAA,EAAM,QAAA,GAAW,OAAA;;;;;;;;EAc5C,MAAA,CAAO,UAAA,YAA+C,eAAA;;;;;;;;EAqBhD,SAAA,CAAU,CAAA,GAAG,SAAA,GAAiB,OAAA,CAAQ,IAAA,CAAK,UAAA;;;;;;;EAoD3C,gBAAA,CAAA,GAAoB,OAAA,CAAQ,UAAA;;;;;;;;YAgB/B,iBAAA,CAAkB,GAAA,GAAM,YAAA;;;;;;;;;;;;;;EAsBrB,UAAA,CACX,IAAA,EAAM,QAAA,EACN,OAAA;IACE,cAAA,YAA0B,QAAA;IAC1B,MAAA;IACA,IAAA,GAAO,gBAAA;IACP,IAAA;EAAA,IAED,OAAA,CAAQ,UAAA;;;;;;;;;;;EAyCE,UAAA,CAAW,EAAA,WAAa,UAAA,GAAa,OAAA,CAAQ,QAAA;;;;;;;;;;;;;EAmB7C,UAAA,CACX,EAAA,UACA,IAAA;IACE,IAAA;IACA,IAAA;IACA,cAAA,GAAiB,QAAA;EAAA,IAElB,OAAA,CAAQ,UAAA;;;;;;;;;;EA+BE,UAAA,CAAW,EAAA,WAAa,OAAA,CAAQ,EAAA;;;;;AVnP/C;EUmRe,WAAA,CAAY,GAAA,aAAgB,OAAA;;;;;;;;;EA4C5B,WAAA,CAAY,EAAA,WAAa,UAAA,GAAa,OAAA,CAAQ,UAAA;;ATvX7D;;;;ESoYe,eAAA,CAAA,GAAmB,OAAA,CAAQ,YAAA;;;;;;;;EAoDjC,gBAAA,CAAiB,MAAA,EAAQ,UAAA,GAAa,YAAA;AAAA;;;;;;;cClblC,wBAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;;;;;;WAOd,YAAA,mBAAY,iBAAA;;iBAPE,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AXVhC;;;cYwBa,kBAAA;;;;;;EAML,cAAA,CACJ,IAAA,EAAM,UAAA,EACN,IAAA,EAAM,gBAAA,eACL,OAAA;;;;;;;;;;;;;;;;;;;EAkCG,YAAA,CAAa,IAAA,EAAM,UAAA,GAAa,OAAA;AAAA;;;;;;;cCzD3B,cAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;EAAA,mBACX,UAAA,EAAU,kBAAA;;;;;WAMb,SAAA,mBAAS,iBAAA;;gCANI,SAAA,CAAA,QAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAsBb,UAAA,mBAAU,iBAAA;;UAhBD,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;WAmCT,WAAA,mBAAW,iBAAA;;4BAnBD,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;WA4CV,UAAA,mBAAU,iBAAA;;YAzBC,QAAA,CAAA,KAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAmDX,UAAA,mBAAU,iBAAA;;UA1BA,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;EbvBH;;;;;;;;ACxDzB;;;EDwDyB,SagFP,UAAA,mBAAU,iBAAA;;UA/BA,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;WAwEV,gBAAA,mBAAgB,iBAAA;;UAzCN,SAAA,CAAA,OAAA;IAAA;;;;;;cCxIf,QAAA;EAAA,mBACQ,WAAA,EAAW,WAAA;EAAA,SAEd,UAAA,EAFc,mBAAA,CAEJ,kBAAA;AAAA;;;;YCiBhB,iBAAA;;;;IAIR,GAAA,GAAM,YAAA;;;;IAKN,IAAA;;;;IAKA,IAAA,GAAO,gBAAA;IfoBT;;;;;IebE,OAAA;EAAA;AAAA;;;;;;;;;;;;cAiBS,cAAA,EAAc,QAAA,CAAA,OAAA,CAUzB,QAAA,CAVyB,MAAA"}
package/dist/api/files/index.js CHANGED
@@ -227,9 +227,11 @@ var FileService = class {
227
227
  });
228
228
  }
229
229
  /**
230
- * Streams a file from storage by its database ID.
230
+ * Streams a file from storage by its database ID, or directly from an
231
+ * already-loaded `FileEntity` to avoid a duplicate DB roundtrip when the
232
+ * caller has already fetched the row (e.g. after an access check).
231
233
  *
232
- * @param id - The database ID (UUID) of the file to stream
234
+ * @param id - The database ID (UUID) of the file, or the entity itself
233
235
  * @returns The file object ready for streaming/downloading
234
236
  * @throws {NotFoundError} If the file doesn't exist in the database
235
237
  * @throws {FileNotFoundError} If the file exists in database but not in storage
@@ -434,6 +436,27 @@ var FileAccessProvider = class {
434
436
  if (file.creator && file.creator === user.id) return;
435
437
  throw new ForbiddenError("File access denied");
436
438
  }
439
+ /**
440
+ * Throws when `file` may not be served through the anonymous
441
+ * `/public/files/:id` route. The default is deny-all: nothing is public
442
+ * unless this method is overridden. Throws `NotFoundError` (not 403) so the
443
+ * endpoint doesn't leak the existence of private file ids.
444
+ *
445
+ * Typical override matches on bucket name:
446
+ *
447
+ * ```ts
448
+ * class MyAccess extends FileAccessProvider {
449
+ * async assertPublic(file) {
450
+ * if (file.bucket === "avatars") return;
451
+ * if (file.bucket === "campaign-icons") return;
452
+ * return super.assertPublic(file);
453
+ * }
454
+ * }
455
+ * ```
456
+ */
457
+ async assertPublic(file) {
458
+ throw new NotFoundError(`File '${file.id}' not found`);
459
+ }
437
460
  };
438
461
  //#endregion
439
462
  //#region ../../src/api/files/schemas/fileQuerySchema.ts
@@ -586,7 +609,40 @@ var FileController = class {
586
609
  handler: async ({ params, user }) => {
587
610
  const file = await this.fileService.getFileById(params.id);
588
611
  await this.fileAccess.assertReadable(file, user);
589
- return await this.fileService.streamFile(file.id);
612
+ return await this.fileService.streamFile(file);
613
+ }
614
+ });
615
+ /**
616
+ * GET /public/files/:id - Anonymous, edge-cacheable download.
617
+ *
618
+ * Authorization is delegated to `FileAccessProvider.assertPublic`. The
619
+ * default policy is deny-all (throws `NotFoundError`), so consuming apps
620
+ * must override the provider to opt files in — typically by bucket name
621
+ * (avatars, campaign icons, etc.).
622
+ *
623
+ * Cache-Control is `public, immutable, max-age=1y` so Cloudflare's edge
624
+ * cache and any intermediary proxy can serve subsequent hits without
625
+ * touching the Worker. The split URL prefix (vs `/files/:id`) is what
626
+ * makes this safe: edge cache is URL-keyed, so public and private files
627
+ * live in separate cache lanes.
628
+ */
629
+ streamPublicFile = $action({
630
+ path: "/public/files/:id",
631
+ group: this.group,
632
+ description: "Download a public file (anonymous, edge-cacheable)",
633
+ use: [$etag({ control: {
634
+ public: true,
635
+ maxAge: [1, "year"],
636
+ immutable: true
637
+ } })],
638
+ schema: {
639
+ params: t.object({ id: t.uuid() }),
640
+ response: t.file()
641
+ },
642
+ handler: async ({ params }) => {
643
+ const file = await this.fileService.getFileById(params.id);
644
+ await this.fileAccess.assertPublic(file);
645
+ return await this.fileService.streamFile(file);
590
646
  }
591
647
  });
592
648
  };
package/dist/api/files/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":[],"sources":["../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/entities/files.ts","../../../src/api/files/services/FileService.ts","../../../src/api/files/controllers/AdminFileStatsController.ts","../../../src/api/files/providers/FileAccessProvider.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/controllers/FileController.ts","../../../src/api/files/jobs/FileJobs.ts","../../../src/api/files/index.ts"],"sourcesContent":["import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const bucketStatsSchema = t.object({\n bucket: t.string(),\n totalSize: t.number(),\n fileCount: t.number(),\n});\n\nexport const mimeTypeStatsSchema = t.object({\n mimeType: t.string(),\n fileCount: t.number(),\n});\n\nexport const storageStatsSchema = t.object({\n totalSize: t.number(),\n totalFiles: t.number(),\n byBucket: t.array(bucketStatsSchema),\n byMimeType: t.array(mimeTypeStatsSchema),\n});\n\nexport type BucketStats = Static<typeof bucketStatsSchema>;\nexport type MimeTypeStats = Static<typeof mimeTypeStatsSchema>;\nexport type StorageStats = Static<typeof storageStatsSchema>;\n","import { type Static, t } from \"alepha\";\nimport { $entity, db } from \"alepha/orm\";\n\nexport const files = $entity({\n name: \"files\",\n schema: t.object({\n id: db.primaryKey(t.uuid()),\n version: db.version(),\n createdAt: db.createdAt(),\n updatedAt: db.updatedAt(),\n organizationId: db.organization(),\n blobId: t.text(),\n creator: t.optional(t.uuid()),\n creatorRealm: t.optional(t.string()),\n creatorName: t.optional(t.string()),\n bucket: t.text(),\n expirationDate: t.optional(t.datetime()),\n /**\n * Display name. Mutable via `FileService.updateFile` — can be renamed\n * by callers (e.g. an Archive UI letting users rename uploaded blobs).\n * Initialized to the uploader's filename at upload time. Use\n * `originalName` if you need the as-uploaded filename after a rename.\n */\n name: t.text(),\n /**\n * Immutable record of the uploader's filename at upload time. Set once\n * by `FileService.uploadFile` and the `bucket:file:uploaded` hook;\n * `FileService.updateFile` never touches it. Useful for download\n * headers (Content-Disposition), audit trails, and any UI that wants\n * to show \"originally uploaded as X\" alongside a renamed file.\n */\n originalName: t.optional(t.string()),\n size: t.number(),\n mimeType: t.string(),\n /**\n * Free-form taxonomy. Normalized server-side (trim/lowercase/dedupe is\n * caller's responsibility for now). Use with `FileQuery.tags` to\n * filter via array-contains.\n */\n tags: t.optional(t.array(t.text())),\n /**\n * SHA-256 hex digest of the file content (64 lowercase hex chars).\n * Computed at upload time by `FileService.calculateChecksum`. Stable\n * — never recomputed after upload. Use for integrity verification,\n * content-based dedup, or downstream virus-scan correlation.\n */\n checksum: t.optional(t.string()),\n }),\n indexes: [\n \"expirationDate\",\n \"bucket\",\n \"creator\",\n \"createdAt\",\n \"mimeType\",\n {\n columns: [\"bucket\", \"createdAt\"],\n },\n ],\n});\n\nexport type FileEntity = Static<typeof files.schema>;\n","import { createHash } from \"node:crypto\";\nimport { $hook, $inject, Alepha, type FileLike } from \"alepha\";\nimport {\n $bucket,\n type BucketPrimitive,\n FileNotFoundError,\n} from \"alepha/bucket\";\nimport {\n type DateTime,\n DateTimeProvider,\n type DurationLike,\n} from \"alepha/datetime\";\nimport { $logger } from \"alepha/logger\";\nimport { $repository, type Page } from \"alepha/orm\";\nimport type { UserAccountToken } from \"alepha/security\";\nimport type { Ok } from \"alepha/server\";\nimport { NotFoundError } from \"alepha/server\";\nimport { type FileEntity, files } from \"../entities/files.ts\";\nimport type { FileQuery } from \"../schemas/fileQuerySchema.ts\";\nimport type { FileResource } from \"../schemas/fileResourceSchema.ts\";\nimport type { StorageStats } from \"../schemas/storageStatsSchema.ts\";\n\nexport class FileService {\n protected readonly alepha = $inject(Alepha);\n protected readonly log = $logger();\n protected readonly dateTimeProvider = $inject(DateTimeProvider);\n protected readonly defaultBucket = $bucket({ name: \"default\" });\n public readonly fileRepository = $repository(files);\n\n protected onUploadFile = $hook({\n on: \"bucket:file:uploaded\",\n handler: async ({ file, bucket, options, id }) => {\n if (options.persist === false) {\n return;\n }\n\n const checksum = await this.calculateChecksum(file);\n\n await this.fileRepository.create({\n blobId: id,\n mimeType: file.type,\n name: file.name,\n originalName: file.name,\n size: file.size,\n creator: options.user?.id,\n creatorRealm: options.user?.realm,\n expirationDate: this.getExpirationDate(options.ttl),\n bucket: bucket.name,\n checksum,\n });\n },\n });\n\n protected onDeleteBucketFile = $hook({\n on: \"bucket:file:deleted\",\n handler: async ({ bucket, id }) => {\n await this.fileRepository.deleteMany({\n blobId: { eq: id },\n bucket: { eq: bucket.name },\n });\n },\n });\n\n // -------------------------------------------------------------------------------------------------------------------\n\n /**\n * Calculates SHA-256 checksum of a file.\n *\n * @param file - The file to calculate checksum for\n * @returns Hexadecimal string representation of the SHA-256 hash\n * @protected\n */\n protected async calculateChecksum(file: FileLike): Promise<string> {\n const buffer = await file.arrayBuffer();\n const hash = createHash(\"sha256\");\n hash.update(Buffer.from(buffer));\n return hash.digest(\"hex\");\n }\n\n /**\n * Gets a bucket primitive by name.\n *\n * @param bucketName - The name of the bucket to retrieve (defaults to \"default\")\n * @returns The bucket primitive\n * @throws {NotFoundError} If the bucket is not found\n */\n public bucket(bucketName: string = this.defaultBucket.name): BucketPrimitive {\n const bucket = this.alepha\n .primitives($bucket)\n .find((it) => it.name === bucketName);\n\n if (!bucket) {\n throw new NotFoundError(`Bucket '${bucketName}' not found.`);\n }\n\n return bucket;\n }\n\n // -------------------------------------------------------------------------------------------------------------------\n\n /**\n * Finds files matching the given query criteria with pagination support.\n * Supports filtering by bucket, tags, name, mimeType, creator, and date range.\n *\n * @param q - Query parameters including bucket, tags, name, mimeType, creator, date range, pagination, and sorting\n * @returns Paginated list of file entities\n */\n public async findFiles(q: FileQuery = {}): Promise<Page<FileEntity>> {\n q.sort ??= \"-createdAt\";\n\n const where = this.fileRepository.createQueryWhere();\n\n if (q.bucket) {\n where.bucket = { eq: q.bucket };\n }\n\n if (q.tags) {\n where.tags = { arrayContains: q.tags };\n }\n\n if (q.name) {\n where.name = { ilike: `%${q.name}%` };\n }\n\n if (q.mimeType) {\n where.mimeType = { eq: q.mimeType };\n }\n\n if (q.creator) {\n where.creator = { eq: q.creator };\n }\n\n if (q.createdAfter && q.createdBefore) {\n where.createdAt = {\n gte: q.createdAfter,\n lte: q.createdBefore,\n };\n } else if (q.createdAfter) {\n where.createdAt = { gte: q.createdAfter };\n } else if (q.createdBefore) {\n where.createdAt = { lte: q.createdBefore };\n }\n\n return await this.fileRepository\n .paginate(q, { where }, { count: true })\n .then((page) => {\n return {\n ...page,\n content: page.content.map((it) => this.entityToResource(it)),\n };\n });\n }\n\n /**\n * Finds files that have expired based on their expiration date.\n * Limited to 1000 files per call to prevent memory issues.\n *\n * @returns Array of expired file entities\n */\n public async findExpiredFiles(): Promise<FileEntity[]> {\n return await this.fileRepository.findMany({\n limit: 1000,\n where: {\n expirationDate: { lte: this.dateTimeProvider.nowISOString() },\n },\n });\n }\n\n /**\n * Calculates an expiration date based on a TTL (time to live) duration.\n *\n * @param ttl - Duration like \"1 day\", \"2 hours\", etc.\n * @returns DateTime representation of the expiration date, or undefined if no TTL provided\n * @protected\n */\n protected getExpirationDate(ttl?: DurationLike): string | undefined {\n return ttl\n ? this.dateTimeProvider\n .now()\n .add(this.dateTimeProvider.duration(ttl))\n .toISOString()\n : undefined;\n }\n\n /**\n * Uploads a file to a bucket and creates a database record with metadata.\n * Automatically calculates and stores the file checksum (SHA-256).\n *\n * @param file - The file to upload\n * @param options - Upload options including bucket, expiration, user, and tags\n * @param options.bucket - Target bucket name (defaults to \"default\")\n * @param options.expirationDate - When the file should expire\n * @param options.user - User performing the upload (for audit trail)\n * @param options.tags - Tags to associate with the file\n * @returns The created file entity with all metadata\n * @throws {NotFoundError} If the specified bucket doesn't exist\n */\n public async uploadFile(\n file: FileLike,\n options: {\n expirationDate?: string | DateTime;\n bucket?: string;\n user?: UserAccountToken;\n tags?: string[];\n } = {},\n ): Promise<FileEntity> {\n const bucket = this.bucket(options.bucket);\n\n const checksum = await this.calculateChecksum(file);\n const blobId = await bucket.upload(file, { persist: false });\n\n let expirationDate: string | undefined;\n if (options.expirationDate) {\n expirationDate = this.dateTimeProvider\n .of(options.expirationDate)\n .toISOString();\n } else if (bucket.options.ttl) {\n expirationDate = this.getExpirationDate(bucket.options.ttl);\n }\n\n return await this.fileRepository.create({\n blobId: blobId,\n mimeType: file.type,\n name: file.name,\n originalName: file.name,\n size: file.size,\n creator: options.user?.id,\n creatorRealm: options.user?.realm,\n creatorName: options.user?.name,\n expirationDate,\n bucket: bucket.name,\n tags: options.tags,\n checksum,\n });\n }\n\n /**\n * Streams a file from storage by its database ID.\n *\n * @param id - The database ID (UUID) of the file to stream\n * @returns The file object ready for streaming/downloading\n * @throws {NotFoundError} If the file doesn't exist in the database\n * @throws {FileNotFoundError} If the file exists in database but not in storage\n */\n public async streamFile(id: string): Promise<FileLike> {\n const entity = await this.getFileById(id);\n const bucket = this.bucket(entity.bucket);\n\n return await bucket.download(entity.blobId);\n }\n\n /**\n * Updates file metadata (name, tags, expiration date).\n * Does not modify the actual file content in storage.\n *\n * @param id - The database ID (UUID) of the file to update\n * @param data - Partial file data to update\n * @param data.name - New file name\n * @param data.tags - New tags array\n * @param data.expirationDate - New expiration date\n * @returns The updated file entity\n * @throws {NotFoundError} If the file doesn't exist in the database\n */\n public async updateFile(\n id: string,\n data: {\n name?: string;\n tags?: string[];\n expirationDate?: DateTime | string;\n },\n ): Promise<FileEntity> {\n const file = await this.getFileById(id);\n\n const updateData: Partial<FileEntity> = {};\n\n if (data.name !== undefined) {\n updateData.name = data.name;\n }\n\n if (data.tags !== undefined) {\n updateData.tags = data.tags;\n }\n\n if (data.expirationDate !== undefined) {\n updateData.expirationDate = this.dateTimeProvider\n .of(data.expirationDate)\n .toISOString();\n }\n\n return await this.fileRepository.updateById(file.id, updateData);\n }\n\n /**\n * Deletes a file from both storage and database.\n * Handles cases where file is already deleted from storage gracefully.\n * Always ensures database record is removed even if storage deletion fails.\n *\n * @param id - The database ID (UUID) of the file to delete\n * @returns Success response with the deleted file ID\n * @throws {NotFoundError} If the file doesn't exist in the database\n */\n public async deleteFile(id: string): Promise<Ok> {\n const file = await this.getFileById(id);\n const bucket = this.bucket(file.bucket);\n\n // Always delete the database record\n await this.fileRepository.deleteById(file.id);\n\n try {\n await bucket.delete(file.blobId, true);\n } catch (e) {\n if (e instanceof FileNotFoundError) {\n // File is already deleted in the bucket, this is okay\n this.log.debug(\n `File ${file.blobId} not found in bucket ${bucket.name}, cleaning up database record`,\n );\n } else {\n // Other errors (permission, network, etc.) - log but continue to clean up database\n this.log.warn(\n `Failed to delete file ${file.blobId} from bucket ${bucket.name}`,\n e,\n );\n }\n }\n\n return { ok: true, id: String(file.id) };\n }\n\n /**\n * Delete many files in one round-trip per bucket. The database rows are\n * removed in a single `deleteMany`, and each affected bucket gets a single\n * `bucket.deleteMany` call (R2/S3 batch where supported).\n */\n public async deleteFiles(ids: string[]): Promise<string[]> {\n if (ids.length === 0) return [];\n\n const files = await this.fileRepository.findMany({\n where: { id: { inArray: ids } },\n columns: [\"id\", \"bucket\", \"blobId\"],\n });\n if (files.length === 0) return [];\n\n const dbDeleted = await this.fileRepository.deleteMany({\n id: { inArray: files.map((f) => f.id) },\n });\n\n const blobsByBucket = new Map<string, string[]>();\n for (const f of files) {\n const list = blobsByBucket.get(f.bucket) ?? [];\n list.push(f.blobId);\n blobsByBucket.set(f.bucket, list);\n }\n\n for (const [bucketName, blobIds] of blobsByBucket) {\n try {\n await this.bucket(bucketName).deleteMany(blobIds, true);\n } catch (e) {\n // DB rows already gone — log and continue. Orphaned blobs are\n // recoverable; orphaned DB rows would be worse.\n this.log.warn(\n `Failed to bulk-delete ${blobIds.length} files from bucket ${bucketName}`,\n e,\n );\n }\n }\n\n return dbDeleted.map(String);\n }\n\n /**\n * Retrieves a file entity by its ID.\n * If already an entity object, returns it as-is (convenience method).\n *\n * @param id - Either a UUID string or an existing FileEntity object\n * @returns The file entity\n * @throws {NotFoundError} If the file doesn't exist in the database\n */\n public async getFileById(id: string | FileEntity): Promise<FileEntity> {\n if (typeof id === \"object\") {\n return id;\n }\n\n return await this.fileRepository.getById(id);\n }\n\n /**\n * Gets storage statistics including total size, file count, and breakdowns by bucket and MIME type.\n *\n * @returns Storage statistics with aggregated data\n */\n public async getStorageStats(): Promise<StorageStats> {\n const allFiles = await this.fileRepository.findMany({});\n\n const totalSize = allFiles.reduce((sum, file) => sum + file.size, 0);\n const totalFiles = allFiles.length;\n\n // Group by bucket\n const bucketMap = new Map<\n string,\n { totalSize: number; fileCount: number }\n >();\n for (const file of allFiles) {\n const existing = bucketMap.get(file.bucket) || {\n totalSize: 0,\n fileCount: 0,\n };\n existing.totalSize += file.size;\n existing.fileCount += 1;\n bucketMap.set(file.bucket, existing);\n }\n\n // Group by MIME type\n const mimeTypeMap = new Map<string, number>();\n for (const file of allFiles) {\n const existing = mimeTypeMap.get(file.mimeType) || 0;\n mimeTypeMap.set(file.mimeType, existing + 1);\n }\n\n return {\n totalSize,\n totalFiles,\n byBucket: Array.from(bucketMap.entries()).map(([bucket, stats]) => ({\n bucket,\n totalSize: stats.totalSize,\n fileCount: stats.fileCount,\n })),\n byMimeType: Array.from(mimeTypeMap.entries()).map(\n ([mimeType, fileCount]) => ({\n mimeType,\n fileCount,\n }),\n ),\n };\n }\n\n /**\n * Converts a file entity to a file resource (API response format).\n * Currently a pass-through, but allows for future transformation logic.\n *\n * @param entity - The file entity to convert\n * @returns The file resource for API responses\n */\n public entityToResource(entity: FileEntity): FileResource {\n return entity;\n }\n}\n","import { $inject } from \"alepha\";\nimport { $secure } from \"alepha/security\";\nimport { $action } from \"alepha/server\";\nimport { storageStatsSchema } from \"../schemas/storageStatsSchema.ts\";\nimport { FileService } from \"../services/FileService.ts\";\n\n/**\n * REST API controller for storage analytics and statistics.\n * Provides endpoints for viewing storage usage metrics.\n */\nexport class AdminFileStatsController {\n protected readonly url = \"/files/stats\";\n protected readonly group = \"admin:files\";\n protected readonly fileService = $inject(FileService);\n\n /**\n * GET /files/stats - Gets storage statistics.\n * Returns aggregated data including total size, file count,\n * and breakdowns by bucket and MIME type.\n */\n public readonly getFileStats = $action({\n path: this.url,\n group: this.group,\n use: [$secure({ permissions: [\"admin:file:read\"] })],\n description: \"Get storage statistics\",\n schema: {\n response: storageStatsSchema,\n },\n handler: () => this.fileService.getStorageStats(),\n });\n}\n","import type { UserAccountToken } from \"alepha/security\";\nimport { ForbiddenError } from \"alepha/server\";\nimport type { FileEntity } from \"../entities/files.ts\";\n\n/**\n * Authorization policy for file reads served through `FileController.streamFile`.\n *\n * Default: the caller must be the uploader (`file.creator === user.id`). Any\n * other access path — public buckets, shared attachments, avatars — must be\n * opted in by overriding this provider in the consuming app:\n *\n * ```ts\n * class MyAccess extends FileAccessProvider {\n * async assertReadable(file, user) {\n * if (file.bucket === \"avatars\") return; // public\n * if (file.bucket === \"campaign-icons\") return this.checkCampaignVisible(file, user);\n * return super.assertReadable(file, user);\n * }\n * }\n * Alepha.create().with({ provide: FileAccessProvider, use: MyAccess });\n * ```\n *\n * Why this exists: prior to introducing this gate, `streamFile` only required\n * the framework-wide `file:read` permission. The default `user` role grants\n * `*`, so every authenticated user could download any file by UUID — turning\n * the 128-bit id into the sole security boundary across tenants.\n */\nexport class FileAccessProvider {\n /**\n * Throws `ForbiddenError` when `user` may not read `file`. Override to\n * implement bucket-aware or relationship-aware policies. The default\n * implementation is strict: only the uploader passes.\n */\n async assertReadable(\n file: FileEntity,\n user: UserAccountToken | undefined,\n ): Promise<void> {\n if (!user) {\n throw new ForbiddenError(\"File access requires authentication\");\n }\n // Privileged identities (admin without narrow ownership scope) bypass\n // the per-file check — they need to be able to read any file via the\n // admin UI/inspector regardless of who uploaded it.\n if (user.ownership === false) {\n return;\n }\n if (file.creator && file.creator === user.id) {\n return;\n }\n throw new ForbiddenError(\"File access denied\");\n }\n}\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\nimport { pageQuerySchema } from \"alepha/orm\";\n\nexport const fileQuerySchema = t.extend(pageQuerySchema, {\n bucket: t.optional(t.string()),\n tags: t.optional(t.array(t.string())),\n name: t.optional(t.string()),\n mimeType: t.optional(t.string()),\n creator: t.optional(t.uuid()),\n createdAfter: t.optional(t.datetime()),\n createdBefore: t.optional(t.datetime()),\n});\n\nexport type FileQuery = Static<typeof fileQuerySchema>;\n","import { type Static, t } from \"alepha\";\nimport { files } from \"../entities/files.ts\";\n\nexport const fileResourceSchema = t.extend(\n files.schema,\n {},\n {\n title: \"FileResource\",\n description: \"A file resource representing a file stored in the system.\",\n },\n);\n\nexport type FileResource = Static<typeof fileResourceSchema>;\n","import { $inject, t } from \"alepha\";\nimport { $secure } from \"alepha/security\";\nimport { $action, okSchema } from \"alepha/server\";\nimport { $etag } from \"alepha/server/etag\";\nimport { FileAccessProvider } from \"../providers/FileAccessProvider.ts\";\nimport { fileQuerySchema } from \"../schemas/fileQuerySchema.ts\";\nimport { fileResourceSchema } from \"../schemas/fileResourceSchema.ts\";\nimport { FileService } from \"../services/FileService.ts\";\n\n/**\n * REST API controller for file management operations.\n * Provides endpoints for uploading, downloading, listing, and deleting files.\n */\nexport class FileController {\n protected readonly url = \"/files\";\n protected readonly group = \"files\";\n protected readonly fileService = $inject(FileService);\n protected readonly fileAccess = $inject(FileAccessProvider);\n\n /**\n * GET /files - Lists files with optional filtering and pagination.\n * Supports filtering by bucket and tags.\n */\n public readonly findFiles = $action({\n path: this.url,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:read\"] })],\n description: \"List files with filtering and pagination\",\n schema: {\n query: fileQuerySchema,\n response: t.page(fileResourceSchema),\n },\n handler: ({ query }) => this.fileService.findFiles(query),\n });\n\n /**\n * DELETE /files/:id - Deletes a file from both storage and database.\n * Removes the file from the bucket and cleans up the database record.\n */\n public readonly deleteFile = $action({\n method: \"DELETE\",\n path: `${this.url}/:id`,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:delete\"] })],\n description: \"Delete a file\",\n schema: {\n params: t.object({\n id: t.uuid(),\n }),\n response: okSchema,\n },\n handler: ({ params }) => this.fileService.deleteFile(params.id),\n });\n\n /**\n * POST /files/delete - Delete many files in one request, batching the\n * underlying bucket calls per bucket (R2/S3 batch where supported).\n */\n public readonly deleteFiles = $action({\n method: \"POST\",\n path: `${this.url}/delete`,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:delete\"] })],\n description: \"Delete many files\",\n schema: {\n body: t.object({\n ids: t.array(t.uuid(), { minItems: 1, maxItems: 1000 }),\n }),\n response: t.object({\n deleted: t.array(t.string()),\n }),\n },\n handler: async ({ body }) => {\n const deleted = await this.fileService.deleteFiles(body.ids);\n return { deleted };\n },\n });\n\n /**\n * POST /files - Uploads a new file to storage.\n * Creates a database record with metadata and calculates checksum.\n * Optionally specify bucket and expiration date.\n */\n public readonly uploadFile = $action({\n path: this.url,\n group: this.group,\n use: [$secure({ permissions: [\"file:create\"] })],\n description: \"Upload a new file\",\n schema: {\n body: t.object({\n file: t.file(),\n }),\n query: t.object({\n expirationDate: t.optional(t.datetime()),\n bucket: t.optional(t.string()),\n }),\n response: fileResourceSchema,\n },\n handler: async ({ body, user, query }) =>\n this.fileService.uploadFile(body.file, {\n user,\n ...query,\n }),\n });\n\n /**\n * PATCH /files/:id - Updates file metadata.\n * Allows updating name, tags, and expiration date without modifying file content.\n */\n public readonly updateFile = $action({\n method: \"PATCH\",\n path: `${this.url}/:id`,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:update\"] })],\n description: \"Update file metadata\",\n schema: {\n params: t.object({\n id: t.uuid(),\n }),\n body: t.object({\n name: t.optional(t.string()),\n tags: t.optional(t.array(t.string())),\n expirationDate: t.optional(t.datetime()),\n }),\n response: fileResourceSchema,\n },\n handler: ({ params, body }) => this.fileService.updateFile(params.id, body),\n });\n\n /**\n * GET /files/:id - Streams/downloads a file by its ID.\n * Returns the file content with appropriate Content-Type header.\n *\n * Authorization is delegated to `FileAccessProvider.assertReadable`. The\n * default policy is creator-only — override the provider via DI to widen\n * access (e.g. avatars, shared attachments). See `FileAccessProvider`.\n *\n * Cache-Control is `private` because the per-user authorization decision\n * cannot be cached by shared proxies/CDNs. Client-side ETag still works.\n */\n public readonly streamFile = $action({\n path: `${this.url}/:id`,\n group: this.group,\n description: \"Download a file\",\n use: [\n $secure({ permissions: [\"file:read\"] }),\n $etag({\n control: {\n private: true,\n maxAge: [1, \"year\"],\n immutable: true,\n },\n }),\n ],\n schema: {\n params: t.object({\n id: t.uuid(),\n }),\n response: t.file(),\n },\n handler: async ({ params, user }) => {\n const file = await this.fileService.getFileById(params.id);\n await this.fileAccess.assertReadable(file, user);\n return await this.fileService.streamFile(file.id);\n },\n });\n}\n","import { $inject } from \"alepha\";\nimport { $scheduler } from \"alepha/scheduler\";\nimport { FileService } from \"../services/FileService.ts\";\n\nexport class FileJobs {\n protected readonly fileService = $inject(FileService);\n\n public readonly purgeFiles = $scheduler({\n name: \"api:files:purgeFiles\",\n description: \"Purge files that are marked for deletion\",\n cron: \"0 * * * *\", // Hourly at minute 0\n handler: async () => {\n const files = await this.fileService.findExpiredFiles();\n\n await Promise.all(\n files.map((file) => this.fileService.deleteFile(file.id)),\n );\n },\n });\n}\n","import { $module } from \"alepha\";\nimport { AlephaBucket } from \"alepha/bucket\";\nimport type { DurationLike } from \"alepha/datetime\";\nimport type { UserAccountToken } from \"alepha/security\";\nimport { AlephaServerEtag } from \"alepha/server/etag\";\nimport { AdminFileStatsController } from \"./controllers/AdminFileStatsController.ts\";\nimport { FileController } from \"./controllers/FileController.ts\";\nimport { FileJobs } from \"./jobs/FileJobs.ts\";\nimport { FileAccessProvider } from \"./providers/FileAccessProvider.ts\";\nimport { FileService } from \"./services/FileService.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./controllers/AdminFileStatsController.ts\";\nexport * from \"./controllers/FileController.ts\";\nexport * from \"./entities/files.ts\";\nexport * from \"./jobs/FileJobs.ts\";\nexport * from \"./providers/FileAccessProvider.ts\";\nexport * from \"./schemas/storageStatsSchema.ts\";\nexport * from \"./services/FileService.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\ndeclare module \"alepha/bucket\" {\n interface BucketFileOptions {\n /**\n * Time to live for the files in the bucket.\n */\n ttl?: DurationLike;\n\n /**\n * Tags for the bucket.\n */\n tags?: string[];\n\n /**\n * User performing the operation.\n */\n user?: UserAccountToken;\n\n /**\n * Whether to persist the file metadata in the database.\n *\n * @default true\n */\n persist?: boolean;\n }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\n/**\n * File management endpoints.\n *\n * **Features:**\n * - Upload/download endpoints\n * - File metadata storage\n * - TTL-based expiration\n * - Storage statistics\n *\n * @module alepha.api.files\n */\nexport const AlephaApiFiles = $module({\n name: \"alepha.api.files\",\n services: [\n FileController,\n AdminFileStatsController,\n FileJobs,\n FileService,\n FileAccessProvider,\n ],\n imports: [AlephaBucket, AlephaServerEtag],\n});\n"],"mappings":";;;;;;;;;;;AAGA,MAAa,oBAAoB,EAAE,OAAO;CACxC,QAAQ,EAAE,QAAQ;CAClB,WAAW,EAAE,QAAQ;CACrB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,sBAAsB,EAAE,OAAO;CAC1C,UAAU,EAAE,QAAQ;CACpB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,qBAAqB,EAAE,OAAO;CACzC,WAAW,EAAE,QAAQ;CACrB,YAAY,EAAE,QAAQ;CACtB,UAAU,EAAE,MAAM,kBAAkB;CACpC,YAAY,EAAE,MAAM,oBAAoB;CACzC,CAAC;;;AChBF,MAAa,QAAQ,QAAQ;CAC3B,MAAM;CACN,QAAQ,EAAE,OAAO;EACf,IAAI,GAAG,WAAW,EAAE,MAAM,CAAC;EAC3B,SAAS,GAAG,SAAS;EACrB,WAAW,GAAG,WAAW;EACzB,WAAW,GAAG,WAAW;EACzB,gBAAgB,GAAG,cAAc;EACjC,QAAQ,EAAE,MAAM;EAChB,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;EAC7B,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;EACpC,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;EACnC,QAAQ,EAAE,MAAM;EAChB,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;;;;;;;EAOxC,MAAM,EAAE,MAAM;;;;;;;;EAQd,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;EACpC,MAAM,EAAE,QAAQ;EAChB,UAAU,EAAE,QAAQ;;;;;;EAMpB,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;;;;;;;EAOnC,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;EACjC,CAAC;CACF,SAAS;EACP;EACA;EACA;EACA;EACA;EACA,EACE,SAAS,CAAC,UAAU,YAAY,EACjC;EACF;CACF,CAAC;;;ACpCF,IAAa,cAAb,MAAyB;CACvB,SAA4B,QAAQ,OAAO;CAC3C,MAAyB,SAAS;CAClC,mBAAsC,QAAQ,iBAAiB;CAC/D,gBAAmC,QAAQ,EAAE,MAAM,WAAW,CAAC;CAC/D,iBAAiC,YAAY,MAAM;CAEnD,eAAyB,MAAM;EAC7B,IAAI;EACJ,SAAS,OAAO,EAAE,MAAM,QAAQ,SAAS,SAAS;GAChD,IAAI,QAAQ,YAAY,OACtB;GAGF,MAAM,WAAW,MAAM,KAAK,kBAAkB,KAAK;GAEnD,MAAM,KAAK,eAAe,OAAO;IAC/B,QAAQ;IACR,UAAU,KAAK;IACf,MAAM,KAAK;IACX,cAAc,KAAK;IACnB,MAAM,KAAK;IACX,SAAS,QAAQ,MAAM;IACvB,cAAc,QAAQ,MAAM;IAC5B,gBAAgB,KAAK,kBAAkB,QAAQ,IAAI;IACnD,QAAQ,OAAO;IACf;IACD,CAAC;;EAEL,CAAC;CAEF,qBAA+B,MAAM;EACnC,IAAI;EACJ,SAAS,OAAO,EAAE,QAAQ,SAAS;GACjC,MAAM,KAAK,eAAe,WAAW;IACnC,QAAQ,EAAE,IAAI,IAAI;IAClB,QAAQ,EAAE,IAAI,OAAO,MAAM;IAC5B,CAAC;;EAEL,CAAC;;;;;;;;CAWF,MAAgB,kBAAkB,MAAiC;EACjE,MAAM,SAAS,MAAM,KAAK,aAAa;EACvC,MAAM,OAAO,WAAW,SAAS;EACjC,KAAK,OAAO,OAAO,KAAK,OAAO,CAAC;EAChC,OAAO,KAAK,OAAO,MAAM;;;;;;;;;CAU3B,OAAc,aAAqB,KAAK,cAAc,MAAuB;EAC3E,MAAM,SAAS,KAAK,OACjB,WAAW,QAAQ,CACnB,MAAM,OAAO,GAAG,SAAS,WAAW;EAEvC,IAAI,CAAC,QACH,MAAM,IAAI,cAAc,WAAW,WAAW,cAAc;EAG9D,OAAO;;;;;;;;;CAYT,MAAa,UAAU,IAAe,EAAE,EAA6B;EACnE,EAAE,SAAS;EAEX,MAAM,QAAQ,KAAK,eAAe,kBAAkB;EAEpD,IAAI,EAAE,QACJ,MAAM,SAAS,EAAE,IAAI,EAAE,QAAQ;EAGjC,IAAI,EAAE,MACJ,MAAM,OAAO,EAAE,eAAe,EAAE,MAAM;EAGxC,IAAI,EAAE,MACJ,MAAM,OAAO,EAAE,OAAO,IAAI,EAAE,KAAK,IAAI;EAGvC,IAAI,EAAE,UACJ,MAAM,WAAW,EAAE,IAAI,EAAE,UAAU;EAGrC,IAAI,EAAE,SACJ,MAAM,UAAU,EAAE,IAAI,EAAE,SAAS;EAGnC,IAAI,EAAE,gBAAgB,EAAE,eACtB,MAAM,YAAY;GAChB,KAAK,EAAE;GACP,KAAK,EAAE;GACR;OACI,IAAI,EAAE,cACX,MAAM,YAAY,EAAE,KAAK,EAAE,cAAc;OACpC,IAAI,EAAE,eACX,MAAM,YAAY,EAAE,KAAK,EAAE,eAAe;EAG5C,OAAO,MAAM,KAAK,eACf,SAAS,GAAG,EAAE,OAAO,EAAE,EAAE,OAAO,MAAM,CAAC,CACvC,MAAM,SAAS;GACd,OAAO;IACL,GAAG;IACH,SAAS,KAAK,QAAQ,KAAK,OAAO,KAAK,iBAAiB,GAAG,CAAC;IAC7D;IACD;;;;;;;;CASN,MAAa,mBAA0C;EACrD,OAAO,MAAM,KAAK,eAAe,SAAS;GACxC,OAAO;GACP,OAAO,EACL,gBAAgB,EAAE,KAAK,KAAK,iBAAiB,cAAc,EAAE,EAC9D;GACF,CAAC;;;;;;;;;CAUJ,kBAA4B,KAAwC;EAClE,OAAO,MACH,KAAK,iBACF,KAAK,CACL,IAAI,KAAK,iBAAiB,SAAS,IAAI,CAAC,CACxC,aAAa,GAChB,KAAA;;;;;;;;;;;;;;;CAgBN,MAAa,WACX,MACA,UAKI,EAAE,EACe;EACrB,MAAM,SAAS,KAAK,OAAO,QAAQ,OAAO;EAE1C,MAAM,WAAW,MAAM,KAAK,kBAAkB,KAAK;EACnD,MAAM,SAAS,MAAM,OAAO,OAAO,MAAM,EAAE,SAAS,OAAO,CAAC;EAE5D,IAAI;EACJ,IAAI,QAAQ,gBACV,iBAAiB,KAAK,iBACnB,GAAG,QAAQ,eAAe,CAC1B,aAAa;OACX,IAAI,OAAO,QAAQ,KACxB,iBAAiB,KAAK,kBAAkB,OAAO,QAAQ,IAAI;EAG7D,OAAO,MAAM,KAAK,eAAe,OAAO;GAC9B;GACR,UAAU,KAAK;GACf,MAAM,KAAK;GACX,cAAc,KAAK;GACnB,MAAM,KAAK;GACX,SAAS,QAAQ,MAAM;GACvB,cAAc,QAAQ,MAAM;GAC5B,aAAa,QAAQ,MAAM;GAC3B;GACA,QAAQ,OAAO;GACf,MAAM,QAAQ;GACd;GACD,CAAC;;;;;;;;;;CAWJ,MAAa,WAAW,IAA+B;EACrD,MAAM,SAAS,MAAM,KAAK,YAAY,GAAG;EAGzC,OAAO,MAFQ,KAAK,OAAO,OAAO,OAEf,CAAC,SAAS,OAAO,OAAO;;;;;;;;;;;;;;CAe7C,MAAa,WACX,IACA,MAKqB;EACrB,MAAM,OAAO,MAAM,KAAK,YAAY,GAAG;EAEvC,MAAM,aAAkC,EAAE;EAE1C,IAAI,KAAK,SAAS,KAAA,GAChB,WAAW,OAAO,KAAK;EAGzB,IAAI,KAAK,SAAS,KAAA,GAChB,WAAW,OAAO,KAAK;EAGzB,IAAI,KAAK,mBAAmB,KAAA,GAC1B,WAAW,iBAAiB,KAAK,iBAC9B,GAAG,KAAK,eAAe,CACvB,aAAa;EAGlB,OAAO,MAAM,KAAK,eAAe,WAAW,KAAK,IAAI,WAAW;;;;;;;;;;;CAYlE,MAAa,WAAW,IAAyB;EAC/C,MAAM,OAAO,MAAM,KAAK,YAAY,GAAG;EACvC,MAAM,SAAS,KAAK,OAAO,KAAK,OAAO;EAGvC,MAAM,KAAK,eAAe,WAAW,KAAK,GAAG;EAE7C,IAAI;GACF,MAAM,OAAO,OAAO,KAAK,QAAQ,KAAK;WAC/B,GAAG;GACV,IAAI,aAAa,mBAEf,KAAK,IAAI,MACP,QAAQ,KAAK,OAAO,uBAAuB,OAAO,KAAK,+BACxD;QAGD,KAAK,IAAI,KACP,yBAAyB,KAAK,OAAO,eAAe,OAAO,QAC3D,EACD;;EAIL,OAAO;GAAE,IAAI;GAAM,IAAI,OAAO,KAAK,GAAG;GAAE;;;;;;;CAQ1C,MAAa,YAAY,KAAkC;EACzD,IAAI,IAAI,WAAW,GAAG,OAAO,EAAE;EAE/B,MAAM,QAAQ,MAAM,KAAK,eAAe,SAAS;GAC/C,OAAO,EAAE,IAAI,EAAE,SAAS,KAAK,EAAE;GAC/B,SAAS;IAAC;IAAM;IAAU;IAAS;GACpC,CAAC;EACF,IAAI,MAAM,WAAW,GAAG,OAAO,EAAE;EAEjC,MAAM,YAAY,MAAM,KAAK,eAAe,WAAW,EACrD,IAAI,EAAE,SAAS,MAAM,KAAK,MAAM,EAAE,GAAG,EAAE,EACxC,CAAC;EAEF,MAAM,gCAAgB,IAAI,KAAuB;EACjD,KAAK,MAAM,KAAK,OAAO;GACrB,MAAM,OAAO,cAAc,IAAI,EAAE,OAAO,IAAI,EAAE;GAC9C,KAAK,KAAK,EAAE,OAAO;GACnB,cAAc,IAAI,EAAE,QAAQ,KAAK;;EAGnC,KAAK,MAAM,CAAC,YAAY,YAAY,eAClC,IAAI;GACF,MAAM,KAAK,OAAO,WAAW,CAAC,WAAW,SAAS,KAAK;WAChD,GAAG;GAGV,KAAK,IAAI,KACP,yBAAyB,QAAQ,OAAO,qBAAqB,cAC7D,EACD;;EAIL,OAAO,UAAU,IAAI,OAAO;;;;;;;;;;CAW9B,MAAa,YAAY,IAA8C;EACrE,IAAI,OAAO,OAAO,UAChB,OAAO;EAGT,OAAO,MAAM,KAAK,eAAe,QAAQ,GAAG;;;;;;;CAQ9C,MAAa,kBAAyC;EACpD,MAAM,WAAW,MAAM,KAAK,eAAe,SAAS,EAAE,CAAC;EAEvD,MAAM,YAAY,SAAS,QAAQ,KAAK,SAAS,MAAM,KAAK,MAAM,EAAE;EACpE,MAAM,aAAa,SAAS;EAG5B,MAAM,4BAAY,IAAI,KAGnB;EACH,KAAK,MAAM,QAAQ,UAAU;GAC3B,MAAM,WAAW,UAAU,IAAI,KAAK,OAAO,IAAI;IAC7C,WAAW;IACX,WAAW;IACZ;GACD,SAAS,aAAa,KAAK;GAC3B,SAAS,aAAa;GACtB,UAAU,IAAI,KAAK,QAAQ,SAAS;;EAItC,MAAM,8BAAc,IAAI,KAAqB;EAC7C,KAAK,MAAM,QAAQ,UAAU;GAC3B,MAAM,WAAW,YAAY,IAAI,KAAK,SAAS,IAAI;GACnD,YAAY,IAAI,KAAK,UAAU,WAAW,EAAE;;EAG9C,OAAO;GACL;GACA;GACA,UAAU,MAAM,KAAK,UAAU,SAAS,CAAC,CAAC,KAAK,CAAC,QAAQ,YAAY;IAClE;IACA,WAAW,MAAM;IACjB,WAAW,MAAM;IAClB,EAAE;GACH,YAAY,MAAM,KAAK,YAAY,SAAS,CAAC,CAAC,KAC3C,CAAC,UAAU,gBAAgB;IAC1B;IACA;IACD,EACF;GACF;;;;;;;;;CAUH,iBAAwB,QAAkC;EACxD,OAAO;;;;;;;;;ACjbX,IAAa,2BAAb,MAAsC;CACpC,MAAyB;CACzB,QAA2B;CAC3B,cAAiC,QAAQ,YAAY;;;;;;CAOrD,eAA+B,QAAQ;EACrC,MAAM,KAAK;EACX,OAAO,KAAK;EACZ,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,kBAAkB,EAAE,CAAC,CAAC;EACpD,aAAa;EACb,QAAQ,EACN,UAAU,oBACX;EACD,eAAe,KAAK,YAAY,iBAAiB;EAClD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;ACFJ,IAAa,qBAAb,MAAgC;;;;;;CAM9B,MAAM,eACJ,MACA,MACe;EACf,IAAI,CAAC,MACH,MAAM,IAAI,eAAe,sCAAsC;EAKjE,IAAI,KAAK,cAAc,OACrB;EAEF,IAAI,KAAK,WAAW,KAAK,YAAY,KAAK,IACxC;EAEF,MAAM,IAAI,eAAe,qBAAqB;;;;;AC7ClD,MAAa,kBAAkB,EAAE,OAAO,iBAAiB;CACvD,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC9B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrC,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;CAChC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;CAC7B,cAAc,EAAE,SAAS,EAAE,UAAU,CAAC;CACtC,eAAe,EAAE,SAAS,EAAE,UAAU,CAAC;CACxC,CAAC;;;ACTF,MAAa,qBAAqB,EAAE,OAClC,MAAM,QACN,EAAE,EACF;CACE,OAAO;CACP,aAAa;CACd,CACF;;;;;;;ACGD,IAAa,iBAAb,MAA4B;CAC1B,MAAyB;CACzB,QAA2B;CAC3B,cAAiC,QAAQ,YAAY;CACrD,aAAgC,QAAQ,mBAAmB;;;;;CAM3D,YAA4B,QAAQ;EAClC,MAAM,KAAK;EACX,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,kBAAkB,EAAE,CAAC,CAAC;EACpD,aAAa;EACb,QAAQ;GACN,OAAO;GACP,UAAU,EAAE,KAAK,mBAAmB;GACrC;EACD,UAAU,EAAE,YAAY,KAAK,YAAY,UAAU,MAAM;EAC1D,CAAC;;;;;CAMF,aAA6B,QAAQ;EACnC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,EAAE,CAAC,CAAC;EACtD,aAAa;EACb,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,UAAU;GACX;EACD,UAAU,EAAE,aAAa,KAAK,YAAY,WAAW,OAAO,GAAG;EAChE,CAAC;;;;;CAMF,cAA8B,QAAQ;EACpC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,EAAE,CAAC,CAAC;EACtD,aAAa;EACb,QAAQ;GACN,MAAM,EAAE,OAAO,EACb,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE;IAAE,UAAU;IAAG,UAAU;IAAM,CAAC,EACxD,CAAC;GACF,UAAU,EAAE,OAAO,EACjB,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,EAC7B,CAAC;GACH;EACD,SAAS,OAAO,EAAE,WAAW;GAE3B,OAAO,EAAE,SAAA,MADa,KAAK,YAAY,YAAY,KAAK,IAAI,EAC1C;;EAErB,CAAC;;;;;;CAOF,aAA6B,QAAQ;EACnC,MAAM,KAAK;EACX,OAAO,KAAK;EACZ,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,cAAc,EAAE,CAAC,CAAC;EAChD,aAAa;EACb,QAAQ;GACN,MAAM,EAAE,OAAO,EACb,MAAM,EAAE,MAAM,EACf,CAAC;GACF,OAAO,EAAE,OAAO;IACd,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;IACxC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;IAC/B,CAAC;GACF,UAAU;GACX;EACD,SAAS,OAAO,EAAE,MAAM,MAAM,YAC5B,KAAK,YAAY,WAAW,KAAK,MAAM;GACrC;GACA,GAAG;GACJ,CAAC;EACL,CAAC;;;;;CAMF,aAA6B,QAAQ;EACnC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,EAAE,CAAC,CAAC;EACtD,aAAa;EACb,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,MAAM,EAAE,OAAO;IACb,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;IAC5B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IACrC,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;IACzC,CAAC;GACF,UAAU;GACX;EACD,UAAU,EAAE,QAAQ,WAAW,KAAK,YAAY,WAAW,OAAO,IAAI,KAAK;EAC5E,CAAC;;;;;;;;;;;;CAaF,aAA6B,QAAQ;EACnC,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,KAAK;EACZ,aAAa;EACb,KAAK,CACH,QAAQ,EAAE,aAAa,CAAC,YAAY,EAAE,CAAC,EACvC,MAAM,EACJ,SAAS;GACP,SAAS;GACT,QAAQ,CAAC,GAAG,OAAO;GACnB,WAAW;GACZ,EACF,CAAC,CACH;EACD,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,UAAU,EAAE,MAAM;GACnB;EACD,SAAS,OAAO,EAAE,QAAQ,WAAW;GACnC,MAAM,OAAO,MAAM,KAAK,YAAY,YAAY,OAAO,GAAG;GAC1D,MAAM,KAAK,WAAW,eAAe,MAAM,KAAK;GAChD,OAAO,MAAM,KAAK,YAAY,WAAW,KAAK,GAAG;;EAEpD,CAAC;;;;ACjKJ,IAAa,WAAb,MAAsB;CACpB,cAAiC,QAAQ,YAAY;CAErD,aAA6B,WAAW;EACtC,MAAM;EACN,aAAa;EACb,MAAM;EACN,SAAS,YAAY;GACnB,MAAM,QAAQ,MAAM,KAAK,YAAY,kBAAkB;GAEvD,MAAM,QAAQ,IACZ,MAAM,KAAK,SAAS,KAAK,YAAY,WAAW,KAAK,GAAG,CAAC,CAC1D;;EAEJ,CAAC;;;;;;;;;;;;;;;AC4CJ,MAAa,iBAAiB,QAAQ;CACpC,MAAM;CACN,UAAU;EACR;EACA;EACA;EACA;EACA;EACD;CACD,SAAS,CAAC,cAAc,iBAAiB;CAC1C,CAAC"}
1
+ {"version":3,"file":"index.js","names":[],"sources":["../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/entities/files.ts","../../../src/api/files/services/FileService.ts","../../../src/api/files/controllers/AdminFileStatsController.ts","../../../src/api/files/providers/FileAccessProvider.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/controllers/FileController.ts","../../../src/api/files/jobs/FileJobs.ts","../../../src/api/files/index.ts"],"sourcesContent":["import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const bucketStatsSchema = t.object({\n bucket: t.string(),\n totalSize: t.number(),\n fileCount: t.number(),\n});\n\nexport const mimeTypeStatsSchema = t.object({\n mimeType: t.string(),\n fileCount: t.number(),\n});\n\nexport const storageStatsSchema = t.object({\n totalSize: t.number(),\n totalFiles: t.number(),\n byBucket: t.array(bucketStatsSchema),\n byMimeType: t.array(mimeTypeStatsSchema),\n});\n\nexport type BucketStats = Static<typeof bucketStatsSchema>;\nexport type MimeTypeStats = Static<typeof mimeTypeStatsSchema>;\nexport type StorageStats = Static<typeof storageStatsSchema>;\n","import { type Static, t } from \"alepha\";\nimport { $entity, db } from \"alepha/orm\";\n\nexport const files = $entity({\n name: \"files\",\n schema: t.object({\n id: db.primaryKey(t.uuid()),\n version: db.version(),\n createdAt: db.createdAt(),\n updatedAt: db.updatedAt(),\n organizationId: db.organization(),\n blobId: t.text(),\n creator: t.optional(t.uuid()),\n creatorRealm: t.optional(t.string()),\n creatorName: t.optional(t.string()),\n bucket: t.text(),\n expirationDate: t.optional(t.datetime()),\n /**\n * Display name. Mutable via `FileService.updateFile` — can be renamed\n * by callers (e.g. an Archive UI letting users rename uploaded blobs).\n * Initialized to the uploader's filename at upload time. Use\n * `originalName` if you need the as-uploaded filename after a rename.\n */\n name: t.text(),\n /**\n * Immutable record of the uploader's filename at upload time. Set once\n * by `FileService.uploadFile` and the `bucket:file:uploaded` hook;\n * `FileService.updateFile` never touches it. Useful for download\n * headers (Content-Disposition), audit trails, and any UI that wants\n * to show \"originally uploaded as X\" alongside a renamed file.\n */\n originalName: t.optional(t.string()),\n size: t.number(),\n mimeType: t.string(),\n /**\n * Free-form taxonomy. Normalized server-side (trim/lowercase/dedupe is\n * caller's responsibility for now). Use with `FileQuery.tags` to\n * filter via array-contains.\n */\n tags: t.optional(t.array(t.text())),\n /**\n * SHA-256 hex digest of the file content (64 lowercase hex chars).\n * Computed at upload time by `FileService.calculateChecksum`. Stable\n * — never recomputed after upload. Use for integrity verification,\n * content-based dedup, or downstream virus-scan correlation.\n */\n checksum: t.optional(t.string()),\n }),\n indexes: [\n \"expirationDate\",\n \"bucket\",\n \"creator\",\n \"createdAt\",\n \"mimeType\",\n {\n columns: [\"bucket\", \"createdAt\"],\n },\n ],\n});\n\nexport type FileEntity = Static<typeof files.schema>;\n","import { createHash } from \"node:crypto\";\nimport { $hook, $inject, Alepha, type FileLike } from \"alepha\";\nimport {\n $bucket,\n type BucketPrimitive,\n FileNotFoundError,\n} from \"alepha/bucket\";\nimport {\n type DateTime,\n DateTimeProvider,\n type DurationLike,\n} from \"alepha/datetime\";\nimport { $logger } from \"alepha/logger\";\nimport { $repository, type Page } from \"alepha/orm\";\nimport type { UserAccountToken } from \"alepha/security\";\nimport type { Ok } from \"alepha/server\";\nimport { NotFoundError } from \"alepha/server\";\nimport { type FileEntity, files } from \"../entities/files.ts\";\nimport type { FileQuery } from \"../schemas/fileQuerySchema.ts\";\nimport type { FileResource } from \"../schemas/fileResourceSchema.ts\";\nimport type { StorageStats } from \"../schemas/storageStatsSchema.ts\";\n\nexport class FileService {\n protected readonly alepha = $inject(Alepha);\n protected readonly log = $logger();\n protected readonly dateTimeProvider = $inject(DateTimeProvider);\n protected readonly defaultBucket = $bucket({ name: \"default\" });\n public readonly fileRepository = $repository(files);\n\n protected onUploadFile = $hook({\n on: \"bucket:file:uploaded\",\n handler: async ({ file, bucket, options, id }) => {\n if (options.persist === false) {\n return;\n }\n\n const checksum = await this.calculateChecksum(file);\n\n await this.fileRepository.create({\n blobId: id,\n mimeType: file.type,\n name: file.name,\n originalName: file.name,\n size: file.size,\n creator: options.user?.id,\n creatorRealm: options.user?.realm,\n expirationDate: this.getExpirationDate(options.ttl),\n bucket: bucket.name,\n checksum,\n });\n },\n });\n\n protected onDeleteBucketFile = $hook({\n on: \"bucket:file:deleted\",\n handler: async ({ bucket, id }) => {\n await this.fileRepository.deleteMany({\n blobId: { eq: id },\n bucket: { eq: bucket.name },\n });\n },\n });\n\n // -------------------------------------------------------------------------------------------------------------------\n\n /**\n * Calculates SHA-256 checksum of a file.\n *\n * @param file - The file to calculate checksum for\n * @returns Hexadecimal string representation of the SHA-256 hash\n * @protected\n */\n protected async calculateChecksum(file: FileLike): Promise<string> {\n const buffer = await file.arrayBuffer();\n const hash = createHash(\"sha256\");\n hash.update(Buffer.from(buffer));\n return hash.digest(\"hex\");\n }\n\n /**\n * Gets a bucket primitive by name.\n *\n * @param bucketName - The name of the bucket to retrieve (defaults to \"default\")\n * @returns The bucket primitive\n * @throws {NotFoundError} If the bucket is not found\n */\n public bucket(bucketName: string = this.defaultBucket.name): BucketPrimitive {\n const bucket = this.alepha\n .primitives($bucket)\n .find((it) => it.name === bucketName);\n\n if (!bucket) {\n throw new NotFoundError(`Bucket '${bucketName}' not found.`);\n }\n\n return bucket;\n }\n\n // -------------------------------------------------------------------------------------------------------------------\n\n /**\n * Finds files matching the given query criteria with pagination support.\n * Supports filtering by bucket, tags, name, mimeType, creator, and date range.\n *\n * @param q - Query parameters including bucket, tags, name, mimeType, creator, date range, pagination, and sorting\n * @returns Paginated list of file entities\n */\n public async findFiles(q: FileQuery = {}): Promise<Page<FileEntity>> {\n q.sort ??= \"-createdAt\";\n\n const where = this.fileRepository.createQueryWhere();\n\n if (q.bucket) {\n where.bucket = { eq: q.bucket };\n }\n\n if (q.tags) {\n where.tags = { arrayContains: q.tags };\n }\n\n if (q.name) {\n where.name = { ilike: `%${q.name}%` };\n }\n\n if (q.mimeType) {\n where.mimeType = { eq: q.mimeType };\n }\n\n if (q.creator) {\n where.creator = { eq: q.creator };\n }\n\n if (q.createdAfter && q.createdBefore) {\n where.createdAt = {\n gte: q.createdAfter,\n lte: q.createdBefore,\n };\n } else if (q.createdAfter) {\n where.createdAt = { gte: q.createdAfter };\n } else if (q.createdBefore) {\n where.createdAt = { lte: q.createdBefore };\n }\n\n return await this.fileRepository\n .paginate(q, { where }, { count: true })\n .then((page) => {\n return {\n ...page,\n content: page.content.map((it) => this.entityToResource(it)),\n };\n });\n }\n\n /**\n * Finds files that have expired based on their expiration date.\n * Limited to 1000 files per call to prevent memory issues.\n *\n * @returns Array of expired file entities\n */\n public async findExpiredFiles(): Promise<FileEntity[]> {\n return await this.fileRepository.findMany({\n limit: 1000,\n where: {\n expirationDate: { lte: this.dateTimeProvider.nowISOString() },\n },\n });\n }\n\n /**\n * Calculates an expiration date based on a TTL (time to live) duration.\n *\n * @param ttl - Duration like \"1 day\", \"2 hours\", etc.\n * @returns DateTime representation of the expiration date, or undefined if no TTL provided\n * @protected\n */\n protected getExpirationDate(ttl?: DurationLike): string | undefined {\n return ttl\n ? this.dateTimeProvider\n .now()\n .add(this.dateTimeProvider.duration(ttl))\n .toISOString()\n : undefined;\n }\n\n /**\n * Uploads a file to a bucket and creates a database record with metadata.\n * Automatically calculates and stores the file checksum (SHA-256).\n *\n * @param file - The file to upload\n * @param options - Upload options including bucket, expiration, user, and tags\n * @param options.bucket - Target bucket name (defaults to \"default\")\n * @param options.expirationDate - When the file should expire\n * @param options.user - User performing the upload (for audit trail)\n * @param options.tags - Tags to associate with the file\n * @returns The created file entity with all metadata\n * @throws {NotFoundError} If the specified bucket doesn't exist\n */\n public async uploadFile(\n file: FileLike,\n options: {\n expirationDate?: string | DateTime;\n bucket?: string;\n user?: UserAccountToken;\n tags?: string[];\n } = {},\n ): Promise<FileEntity> {\n const bucket = this.bucket(options.bucket);\n\n const checksum = await this.calculateChecksum(file);\n const blobId = await bucket.upload(file, { persist: false });\n\n let expirationDate: string | undefined;\n if (options.expirationDate) {\n expirationDate = this.dateTimeProvider\n .of(options.expirationDate)\n .toISOString();\n } else if (bucket.options.ttl) {\n expirationDate = this.getExpirationDate(bucket.options.ttl);\n }\n\n return await this.fileRepository.create({\n blobId: blobId,\n mimeType: file.type,\n name: file.name,\n originalName: file.name,\n size: file.size,\n creator: options.user?.id,\n creatorRealm: options.user?.realm,\n creatorName: options.user?.name,\n expirationDate,\n bucket: bucket.name,\n tags: options.tags,\n checksum,\n });\n }\n\n /**\n * Streams a file from storage by its database ID, or directly from an\n * already-loaded `FileEntity` to avoid a duplicate DB roundtrip when the\n * caller has already fetched the row (e.g. after an access check).\n *\n * @param id - The database ID (UUID) of the file, or the entity itself\n * @returns The file object ready for streaming/downloading\n * @throws {NotFoundError} If the file doesn't exist in the database\n * @throws {FileNotFoundError} If the file exists in database but not in storage\n */\n public async streamFile(id: string | FileEntity): Promise<FileLike> {\n const entity = await this.getFileById(id);\n const bucket = this.bucket(entity.bucket);\n\n return await bucket.download(entity.blobId);\n }\n\n /**\n * Updates file metadata (name, tags, expiration date).\n * Does not modify the actual file content in storage.\n *\n * @param id - The database ID (UUID) of the file to update\n * @param data - Partial file data to update\n * @param data.name - New file name\n * @param data.tags - New tags array\n * @param data.expirationDate - New expiration date\n * @returns The updated file entity\n * @throws {NotFoundError} If the file doesn't exist in the database\n */\n public async updateFile(\n id: string,\n data: {\n name?: string;\n tags?: string[];\n expirationDate?: DateTime | string;\n },\n ): Promise<FileEntity> {\n const file = await this.getFileById(id);\n\n const updateData: Partial<FileEntity> = {};\n\n if (data.name !== undefined) {\n updateData.name = data.name;\n }\n\n if (data.tags !== undefined) {\n updateData.tags = data.tags;\n }\n\n if (data.expirationDate !== undefined) {\n updateData.expirationDate = this.dateTimeProvider\n .of(data.expirationDate)\n .toISOString();\n }\n\n return await this.fileRepository.updateById(file.id, updateData);\n }\n\n /**\n * Deletes a file from both storage and database.\n * Handles cases where file is already deleted from storage gracefully.\n * Always ensures database record is removed even if storage deletion fails.\n *\n * @param id - The database ID (UUID) of the file to delete\n * @returns Success response with the deleted file ID\n * @throws {NotFoundError} If the file doesn't exist in the database\n */\n public async deleteFile(id: string): Promise<Ok> {\n const file = await this.getFileById(id);\n const bucket = this.bucket(file.bucket);\n\n // Always delete the database record\n await this.fileRepository.deleteById(file.id);\n\n try {\n await bucket.delete(file.blobId, true);\n } catch (e) {\n if (e instanceof FileNotFoundError) {\n // File is already deleted in the bucket, this is okay\n this.log.debug(\n `File ${file.blobId} not found in bucket ${bucket.name}, cleaning up database record`,\n );\n } else {\n // Other errors (permission, network, etc.) - log but continue to clean up database\n this.log.warn(\n `Failed to delete file ${file.blobId} from bucket ${bucket.name}`,\n e,\n );\n }\n }\n\n return { ok: true, id: String(file.id) };\n }\n\n /**\n * Delete many files in one round-trip per bucket. The database rows are\n * removed in a single `deleteMany`, and each affected bucket gets a single\n * `bucket.deleteMany` call (R2/S3 batch where supported).\n */\n public async deleteFiles(ids: string[]): Promise<string[]> {\n if (ids.length === 0) return [];\n\n const files = await this.fileRepository.findMany({\n where: { id: { inArray: ids } },\n columns: [\"id\", \"bucket\", \"blobId\"],\n });\n if (files.length === 0) return [];\n\n const dbDeleted = await this.fileRepository.deleteMany({\n id: { inArray: files.map((f) => f.id) },\n });\n\n const blobsByBucket = new Map<string, string[]>();\n for (const f of files) {\n const list = blobsByBucket.get(f.bucket) ?? [];\n list.push(f.blobId);\n blobsByBucket.set(f.bucket, list);\n }\n\n for (const [bucketName, blobIds] of blobsByBucket) {\n try {\n await this.bucket(bucketName).deleteMany(blobIds, true);\n } catch (e) {\n // DB rows already gone — log and continue. Orphaned blobs are\n // recoverable; orphaned DB rows would be worse.\n this.log.warn(\n `Failed to bulk-delete ${blobIds.length} files from bucket ${bucketName}`,\n e,\n );\n }\n }\n\n return dbDeleted.map(String);\n }\n\n /**\n * Retrieves a file entity by its ID.\n * If already an entity object, returns it as-is (convenience method).\n *\n * @param id - Either a UUID string or an existing FileEntity object\n * @returns The file entity\n * @throws {NotFoundError} If the file doesn't exist in the database\n */\n public async getFileById(id: string | FileEntity): Promise<FileEntity> {\n if (typeof id === \"object\") {\n return id;\n }\n\n return await this.fileRepository.getById(id);\n }\n\n /**\n * Gets storage statistics including total size, file count, and breakdowns by bucket and MIME type.\n *\n * @returns Storage statistics with aggregated data\n */\n public async getStorageStats(): Promise<StorageStats> {\n const allFiles = await this.fileRepository.findMany({});\n\n const totalSize = allFiles.reduce((sum, file) => sum + file.size, 0);\n const totalFiles = allFiles.length;\n\n // Group by bucket\n const bucketMap = new Map<\n string,\n { totalSize: number; fileCount: number }\n >();\n for (const file of allFiles) {\n const existing = bucketMap.get(file.bucket) || {\n totalSize: 0,\n fileCount: 0,\n };\n existing.totalSize += file.size;\n existing.fileCount += 1;\n bucketMap.set(file.bucket, existing);\n }\n\n // Group by MIME type\n const mimeTypeMap = new Map<string, number>();\n for (const file of allFiles) {\n const existing = mimeTypeMap.get(file.mimeType) || 0;\n mimeTypeMap.set(file.mimeType, existing + 1);\n }\n\n return {\n totalSize,\n totalFiles,\n byBucket: Array.from(bucketMap.entries()).map(([bucket, stats]) => ({\n bucket,\n totalSize: stats.totalSize,\n fileCount: stats.fileCount,\n })),\n byMimeType: Array.from(mimeTypeMap.entries()).map(\n ([mimeType, fileCount]) => ({\n mimeType,\n fileCount,\n }),\n ),\n };\n }\n\n /**\n * Converts a file entity to a file resource (API response format).\n * Currently a pass-through, but allows for future transformation logic.\n *\n * @param entity - The file entity to convert\n * @returns The file resource for API responses\n */\n public entityToResource(entity: FileEntity): FileResource {\n return entity;\n }\n}\n","import { $inject } from \"alepha\";\nimport { $secure } from \"alepha/security\";\nimport { $action } from \"alepha/server\";\nimport { storageStatsSchema } from \"../schemas/storageStatsSchema.ts\";\nimport { FileService } from \"../services/FileService.ts\";\n\n/**\n * REST API controller for storage analytics and statistics.\n * Provides endpoints for viewing storage usage metrics.\n */\nexport class AdminFileStatsController {\n protected readonly url = \"/files/stats\";\n protected readonly group = \"admin:files\";\n protected readonly fileService = $inject(FileService);\n\n /**\n * GET /files/stats - Gets storage statistics.\n * Returns aggregated data including total size, file count,\n * and breakdowns by bucket and MIME type.\n */\n public readonly getFileStats = $action({\n path: this.url,\n group: this.group,\n use: [$secure({ permissions: [\"admin:file:read\"] })],\n description: \"Get storage statistics\",\n schema: {\n response: storageStatsSchema,\n },\n handler: () => this.fileService.getStorageStats(),\n });\n}\n","import type { UserAccountToken } from \"alepha/security\";\nimport { ForbiddenError, NotFoundError } from \"alepha/server\";\nimport type { FileEntity } from \"../entities/files.ts\";\n\n/**\n * Authorization policy for file reads served through `FileController.streamFile`.\n *\n * Default: the caller must be the uploader (`file.creator === user.id`). Any\n * other access path — public buckets, shared attachments, avatars — must be\n * opted in by overriding this provider in the consuming app:\n *\n * ```ts\n * class MyAccess extends FileAccessProvider {\n * async assertReadable(file, user) {\n * if (file.bucket === \"avatars\") return; // public\n * if (file.bucket === \"campaign-icons\") return this.checkCampaignVisible(file, user);\n * return super.assertReadable(file, user);\n * }\n * }\n * Alepha.create().with({ provide: FileAccessProvider, use: MyAccess });\n * ```\n *\n * Why this exists: prior to introducing this gate, `streamFile` only required\n * the framework-wide `file:read` permission. The default `user` role grants\n * `*`, so every authenticated user could download any file by UUID — turning\n * the 128-bit id into the sole security boundary across tenants.\n */\nexport class FileAccessProvider {\n /**\n * Throws `ForbiddenError` when `user` may not read `file`. Override to\n * implement bucket-aware or relationship-aware policies. The default\n * implementation is strict: only the uploader passes.\n */\n async assertReadable(\n file: FileEntity,\n user: UserAccountToken | undefined,\n ): Promise<void> {\n if (!user) {\n throw new ForbiddenError(\"File access requires authentication\");\n }\n // Privileged identities (admin without narrow ownership scope) bypass\n // the per-file check — they need to be able to read any file via the\n // admin UI/inspector regardless of who uploaded it.\n if (user.ownership === false) {\n return;\n }\n if (file.creator && file.creator === user.id) {\n return;\n }\n throw new ForbiddenError(\"File access denied\");\n }\n\n /**\n * Throws when `file` may not be served through the anonymous\n * `/public/files/:id` route. The default is deny-all: nothing is public\n * unless this method is overridden. Throws `NotFoundError` (not 403) so the\n * endpoint doesn't leak the existence of private file ids.\n *\n * Typical override matches on bucket name:\n *\n * ```ts\n * class MyAccess extends FileAccessProvider {\n * async assertPublic(file) {\n * if (file.bucket === \"avatars\") return;\n * if (file.bucket === \"campaign-icons\") return;\n * return super.assertPublic(file);\n * }\n * }\n * ```\n */\n async assertPublic(file: FileEntity): Promise<void> {\n throw new NotFoundError(`File '${file.id}' not found`);\n }\n}\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\nimport { pageQuerySchema } from \"alepha/orm\";\n\nexport const fileQuerySchema = t.extend(pageQuerySchema, {\n bucket: t.optional(t.string()),\n tags: t.optional(t.array(t.string())),\n name: t.optional(t.string()),\n mimeType: t.optional(t.string()),\n creator: t.optional(t.uuid()),\n createdAfter: t.optional(t.datetime()),\n createdBefore: t.optional(t.datetime()),\n});\n\nexport type FileQuery = Static<typeof fileQuerySchema>;\n","import { type Static, t } from \"alepha\";\nimport { files } from \"../entities/files.ts\";\n\nexport const fileResourceSchema = t.extend(\n files.schema,\n {},\n {\n title: \"FileResource\",\n description: \"A file resource representing a file stored in the system.\",\n },\n);\n\nexport type FileResource = Static<typeof fileResourceSchema>;\n","import { $inject, t } from \"alepha\";\nimport { $secure } from \"alepha/security\";\nimport { $action, okSchema } from \"alepha/server\";\nimport { $etag } from \"alepha/server/etag\";\nimport { FileAccessProvider } from \"../providers/FileAccessProvider.ts\";\nimport { fileQuerySchema } from \"../schemas/fileQuerySchema.ts\";\nimport { fileResourceSchema } from \"../schemas/fileResourceSchema.ts\";\nimport { FileService } from \"../services/FileService.ts\";\n\n/**\n * REST API controller for file management operations.\n * Provides endpoints for uploading, downloading, listing, and deleting files.\n */\nexport class FileController {\n protected readonly url = \"/files\";\n protected readonly group = \"files\";\n protected readonly fileService = $inject(FileService);\n protected readonly fileAccess = $inject(FileAccessProvider);\n\n /**\n * GET /files - Lists files with optional filtering and pagination.\n * Supports filtering by bucket and tags.\n */\n public readonly findFiles = $action({\n path: this.url,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:read\"] })],\n description: \"List files with filtering and pagination\",\n schema: {\n query: fileQuerySchema,\n response: t.page(fileResourceSchema),\n },\n handler: ({ query }) => this.fileService.findFiles(query),\n });\n\n /**\n * DELETE /files/:id - Deletes a file from both storage and database.\n * Removes the file from the bucket and cleans up the database record.\n */\n public readonly deleteFile = $action({\n method: \"DELETE\",\n path: `${this.url}/:id`,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:delete\"] })],\n description: \"Delete a file\",\n schema: {\n params: t.object({\n id: t.uuid(),\n }),\n response: okSchema,\n },\n handler: ({ params }) => this.fileService.deleteFile(params.id),\n });\n\n /**\n * POST /files/delete - Delete many files in one request, batching the\n * underlying bucket calls per bucket (R2/S3 batch where supported).\n */\n public readonly deleteFiles = $action({\n method: \"POST\",\n path: `${this.url}/delete`,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:delete\"] })],\n description: \"Delete many files\",\n schema: {\n body: t.object({\n ids: t.array(t.uuid(), { minItems: 1, maxItems: 1000 }),\n }),\n response: t.object({\n deleted: t.array(t.string()),\n }),\n },\n handler: async ({ body }) => {\n const deleted = await this.fileService.deleteFiles(body.ids);\n return { deleted };\n },\n });\n\n /**\n * POST /files - Uploads a new file to storage.\n * Creates a database record with metadata and calculates checksum.\n * Optionally specify bucket and expiration date.\n */\n public readonly uploadFile = $action({\n path: this.url,\n group: this.group,\n use: [$secure({ permissions: [\"file:create\"] })],\n description: \"Upload a new file\",\n schema: {\n body: t.object({\n file: t.file(),\n }),\n query: t.object({\n expirationDate: t.optional(t.datetime()),\n bucket: t.optional(t.string()),\n }),\n response: fileResourceSchema,\n },\n handler: async ({ body, user, query }) =>\n this.fileService.uploadFile(body.file, {\n user,\n ...query,\n }),\n });\n\n /**\n * PATCH /files/:id - Updates file metadata.\n * Allows updating name, tags, and expiration date without modifying file content.\n */\n public readonly updateFile = $action({\n method: \"PATCH\",\n path: `${this.url}/:id`,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:update\"] })],\n description: \"Update file metadata\",\n schema: {\n params: t.object({\n id: t.uuid(),\n }),\n body: t.object({\n name: t.optional(t.string()),\n tags: t.optional(t.array(t.string())),\n expirationDate: t.optional(t.datetime()),\n }),\n response: fileResourceSchema,\n },\n handler: ({ params, body }) => this.fileService.updateFile(params.id, body),\n });\n\n /**\n * GET /files/:id - Streams/downloads a file by its ID.\n * Returns the file content with appropriate Content-Type header.\n *\n * Authorization is delegated to `FileAccessProvider.assertReadable`. The\n * default policy is creator-only — override the provider via DI to widen\n * access (e.g. avatars, shared attachments). See `FileAccessProvider`.\n *\n * Cache-Control is `private` because the per-user authorization decision\n * cannot be cached by shared proxies/CDNs. Client-side ETag still works.\n */\n public readonly streamFile = $action({\n path: `${this.url}/:id`,\n group: this.group,\n description: \"Download a file\",\n use: [\n $secure({ permissions: [\"file:read\"] }),\n $etag({\n control: {\n private: true,\n maxAge: [1, \"year\"],\n immutable: true,\n },\n }),\n ],\n schema: {\n params: t.object({\n id: t.uuid(),\n }),\n response: t.file(),\n },\n handler: async ({ params, user }) => {\n const file = await this.fileService.getFileById(params.id);\n await this.fileAccess.assertReadable(file, user);\n return await this.fileService.streamFile(file);\n },\n });\n\n /**\n * GET /public/files/:id - Anonymous, edge-cacheable download.\n *\n * Authorization is delegated to `FileAccessProvider.assertPublic`. The\n * default policy is deny-all (throws `NotFoundError`), so consuming apps\n * must override the provider to opt files in — typically by bucket name\n * (avatars, campaign icons, etc.).\n *\n * Cache-Control is `public, immutable, max-age=1y` so Cloudflare's edge\n * cache and any intermediary proxy can serve subsequent hits without\n * touching the Worker. The split URL prefix (vs `/files/:id`) is what\n * makes this safe: edge cache is URL-keyed, so public and private files\n * live in separate cache lanes.\n */\n public readonly streamPublicFile = $action({\n path: \"/public/files/:id\",\n group: this.group,\n description: \"Download a public file (anonymous, edge-cacheable)\",\n use: [\n $etag({\n control: {\n public: true,\n maxAge: [1, \"year\"],\n immutable: true,\n },\n }),\n ],\n schema: {\n params: t.object({\n id: t.uuid(),\n }),\n response: t.file(),\n },\n handler: async ({ params }) => {\n const file = await this.fileService.getFileById(params.id);\n await this.fileAccess.assertPublic(file);\n return await this.fileService.streamFile(file);\n },\n });\n}\n","import { $inject } from \"alepha\";\nimport { $scheduler } from \"alepha/scheduler\";\nimport { FileService } from \"../services/FileService.ts\";\n\nexport class FileJobs {\n protected readonly fileService = $inject(FileService);\n\n public readonly purgeFiles = $scheduler({\n name: \"api:files:purgeFiles\",\n description: \"Purge files that are marked for deletion\",\n cron: \"0 * * * *\", // Hourly at minute 0\n handler: async () => {\n const files = await this.fileService.findExpiredFiles();\n\n await Promise.all(\n files.map((file) => this.fileService.deleteFile(file.id)),\n );\n },\n });\n}\n","import { $module } from \"alepha\";\nimport { AlephaBucket } from \"alepha/bucket\";\nimport type { DurationLike } from \"alepha/datetime\";\nimport type { UserAccountToken } from \"alepha/security\";\nimport { AlephaServerEtag } from \"alepha/server/etag\";\nimport { AdminFileStatsController } from \"./controllers/AdminFileStatsController.ts\";\nimport { FileController } from \"./controllers/FileController.ts\";\nimport { FileJobs } from \"./jobs/FileJobs.ts\";\nimport { FileAccessProvider } from \"./providers/FileAccessProvider.ts\";\nimport { FileService } from \"./services/FileService.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./controllers/AdminFileStatsController.ts\";\nexport * from \"./controllers/FileController.ts\";\nexport * from \"./entities/files.ts\";\nexport * from \"./jobs/FileJobs.ts\";\nexport * from \"./providers/FileAccessProvider.ts\";\nexport * from \"./schemas/storageStatsSchema.ts\";\nexport * from \"./services/FileService.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\ndeclare module \"alepha/bucket\" {\n interface BucketFileOptions {\n /**\n * Time to live for the files in the bucket.\n */\n ttl?: DurationLike;\n\n /**\n * Tags for the bucket.\n */\n tags?: string[];\n\n /**\n * User performing the operation.\n */\n user?: UserAccountToken;\n\n /**\n * Whether to persist the file metadata in the database.\n *\n * @default true\n */\n persist?: boolean;\n }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\n/**\n * File management endpoints.\n *\n * **Features:**\n * - Upload/download endpoints\n * - File metadata storage\n * - TTL-based expiration\n * - Storage statistics\n *\n * @module alepha.api.files\n */\nexport const AlephaApiFiles = $module({\n name: \"alepha.api.files\",\n services: [\n FileController,\n AdminFileStatsController,\n FileJobs,\n FileService,\n FileAccessProvider,\n ],\n imports: [AlephaBucket, AlephaServerEtag],\n});\n"],"mappings":";;;;;;;;;;;AAGA,MAAa,oBAAoB,EAAE,OAAO;CACxC,QAAQ,EAAE,QAAQ;CAClB,WAAW,EAAE,QAAQ;CACrB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,sBAAsB,EAAE,OAAO;CAC1C,UAAU,EAAE,QAAQ;CACpB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,qBAAqB,EAAE,OAAO;CACzC,WAAW,EAAE,QAAQ;CACrB,YAAY,EAAE,QAAQ;CACtB,UAAU,EAAE,MAAM,kBAAkB;CACpC,YAAY,EAAE,MAAM,oBAAoB;CACzC,CAAC;;;AChBF,MAAa,QAAQ,QAAQ;CAC3B,MAAM;CACN,QAAQ,EAAE,OAAO;EACf,IAAI,GAAG,WAAW,EAAE,MAAM,CAAC;EAC3B,SAAS,GAAG,SAAS;EACrB,WAAW,GAAG,WAAW;EACzB,WAAW,GAAG,WAAW;EACzB,gBAAgB,GAAG,cAAc;EACjC,QAAQ,EAAE,MAAM;EAChB,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;EAC7B,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;EACpC,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;EACnC,QAAQ,EAAE,MAAM;EAChB,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;;;;;;;EAOxC,MAAM,EAAE,MAAM;;;;;;;;EAQd,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;EACpC,MAAM,EAAE,QAAQ;EAChB,UAAU,EAAE,QAAQ;;;;;;EAMpB,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;;;;;;;EAOnC,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;EACjC,CAAC;CACF,SAAS;EACP;EACA;EACA;EACA;EACA;EACA,EACE,SAAS,CAAC,UAAU,YAAY,EACjC;EACF;CACF,CAAC;;;ACpCF,IAAa,cAAb,MAAyB;CACvB,SAA4B,QAAQ,OAAO;CAC3C,MAAyB,SAAS;CAClC,mBAAsC,QAAQ,iBAAiB;CAC/D,gBAAmC,QAAQ,EAAE,MAAM,WAAW,CAAC;CAC/D,iBAAiC,YAAY,MAAM;CAEnD,eAAyB,MAAM;EAC7B,IAAI;EACJ,SAAS,OAAO,EAAE,MAAM,QAAQ,SAAS,SAAS;GAChD,IAAI,QAAQ,YAAY,OACtB;GAGF,MAAM,WAAW,MAAM,KAAK,kBAAkB,KAAK;GAEnD,MAAM,KAAK,eAAe,OAAO;IAC/B,QAAQ;IACR,UAAU,KAAK;IACf,MAAM,KAAK;IACX,cAAc,KAAK;IACnB,MAAM,KAAK;IACX,SAAS,QAAQ,MAAM;IACvB,cAAc,QAAQ,MAAM;IAC5B,gBAAgB,KAAK,kBAAkB,QAAQ,IAAI;IACnD,QAAQ,OAAO;IACf;IACD,CAAC;;EAEL,CAAC;CAEF,qBAA+B,MAAM;EACnC,IAAI;EACJ,SAAS,OAAO,EAAE,QAAQ,SAAS;GACjC,MAAM,KAAK,eAAe,WAAW;IACnC,QAAQ,EAAE,IAAI,IAAI;IAClB,QAAQ,EAAE,IAAI,OAAO,MAAM;IAC5B,CAAC;;EAEL,CAAC;;;;;;;;CAWF,MAAgB,kBAAkB,MAAiC;EACjE,MAAM,SAAS,MAAM,KAAK,aAAa;EACvC,MAAM,OAAO,WAAW,SAAS;EACjC,KAAK,OAAO,OAAO,KAAK,OAAO,CAAC;EAChC,OAAO,KAAK,OAAO,MAAM;;;;;;;;;CAU3B,OAAc,aAAqB,KAAK,cAAc,MAAuB;EAC3E,MAAM,SAAS,KAAK,OACjB,WAAW,QAAQ,CACnB,MAAM,OAAO,GAAG,SAAS,WAAW;EAEvC,IAAI,CAAC,QACH,MAAM,IAAI,cAAc,WAAW,WAAW,cAAc;EAG9D,OAAO;;;;;;;;;CAYT,MAAa,UAAU,IAAe,EAAE,EAA6B;EACnE,EAAE,SAAS;EAEX,MAAM,QAAQ,KAAK,eAAe,kBAAkB;EAEpD,IAAI,EAAE,QACJ,MAAM,SAAS,EAAE,IAAI,EAAE,QAAQ;EAGjC,IAAI,EAAE,MACJ,MAAM,OAAO,EAAE,eAAe,EAAE,MAAM;EAGxC,IAAI,EAAE,MACJ,MAAM,OAAO,EAAE,OAAO,IAAI,EAAE,KAAK,IAAI;EAGvC,IAAI,EAAE,UACJ,MAAM,WAAW,EAAE,IAAI,EAAE,UAAU;EAGrC,IAAI,EAAE,SACJ,MAAM,UAAU,EAAE,IAAI,EAAE,SAAS;EAGnC,IAAI,EAAE,gBAAgB,EAAE,eACtB,MAAM,YAAY;GAChB,KAAK,EAAE;GACP,KAAK,EAAE;GACR;OACI,IAAI,EAAE,cACX,MAAM,YAAY,EAAE,KAAK,EAAE,cAAc;OACpC,IAAI,EAAE,eACX,MAAM,YAAY,EAAE,KAAK,EAAE,eAAe;EAG5C,OAAO,MAAM,KAAK,eACf,SAAS,GAAG,EAAE,OAAO,EAAE,EAAE,OAAO,MAAM,CAAC,CACvC,MAAM,SAAS;GACd,OAAO;IACL,GAAG;IACH,SAAS,KAAK,QAAQ,KAAK,OAAO,KAAK,iBAAiB,GAAG,CAAC;IAC7D;IACD;;;;;;;;CASN,MAAa,mBAA0C;EACrD,OAAO,MAAM,KAAK,eAAe,SAAS;GACxC,OAAO;GACP,OAAO,EACL,gBAAgB,EAAE,KAAK,KAAK,iBAAiB,cAAc,EAAE,EAC9D;GACF,CAAC;;;;;;;;;CAUJ,kBAA4B,KAAwC;EAClE,OAAO,MACH,KAAK,iBACF,KAAK,CACL,IAAI,KAAK,iBAAiB,SAAS,IAAI,CAAC,CACxC,aAAa,GAChB,KAAA;;;;;;;;;;;;;;;CAgBN,MAAa,WACX,MACA,UAKI,EAAE,EACe;EACrB,MAAM,SAAS,KAAK,OAAO,QAAQ,OAAO;EAE1C,MAAM,WAAW,MAAM,KAAK,kBAAkB,KAAK;EACnD,MAAM,SAAS,MAAM,OAAO,OAAO,MAAM,EAAE,SAAS,OAAO,CAAC;EAE5D,IAAI;EACJ,IAAI,QAAQ,gBACV,iBAAiB,KAAK,iBACnB,GAAG,QAAQ,eAAe,CAC1B,aAAa;OACX,IAAI,OAAO,QAAQ,KACxB,iBAAiB,KAAK,kBAAkB,OAAO,QAAQ,IAAI;EAG7D,OAAO,MAAM,KAAK,eAAe,OAAO;GAC9B;GACR,UAAU,KAAK;GACf,MAAM,KAAK;GACX,cAAc,KAAK;GACnB,MAAM,KAAK;GACX,SAAS,QAAQ,MAAM;GACvB,cAAc,QAAQ,MAAM;GAC5B,aAAa,QAAQ,MAAM;GAC3B;GACA,QAAQ,OAAO;GACf,MAAM,QAAQ;GACd;GACD,CAAC;;;;;;;;;;;;CAaJ,MAAa,WAAW,IAA4C;EAClE,MAAM,SAAS,MAAM,KAAK,YAAY,GAAG;EAGzC,OAAO,MAFQ,KAAK,OAAO,OAAO,OAEf,CAAC,SAAS,OAAO,OAAO;;;;;;;;;;;;;;CAe7C,MAAa,WACX,IACA,MAKqB;EACrB,MAAM,OAAO,MAAM,KAAK,YAAY,GAAG;EAEvC,MAAM,aAAkC,EAAE;EAE1C,IAAI,KAAK,SAAS,KAAA,GAChB,WAAW,OAAO,KAAK;EAGzB,IAAI,KAAK,SAAS,KAAA,GAChB,WAAW,OAAO,KAAK;EAGzB,IAAI,KAAK,mBAAmB,KAAA,GAC1B,WAAW,iBAAiB,KAAK,iBAC9B,GAAG,KAAK,eAAe,CACvB,aAAa;EAGlB,OAAO,MAAM,KAAK,eAAe,WAAW,KAAK,IAAI,WAAW;;;;;;;;;;;CAYlE,MAAa,WAAW,IAAyB;EAC/C,MAAM,OAAO,MAAM,KAAK,YAAY,GAAG;EACvC,MAAM,SAAS,KAAK,OAAO,KAAK,OAAO;EAGvC,MAAM,KAAK,eAAe,WAAW,KAAK,GAAG;EAE7C,IAAI;GACF,MAAM,OAAO,OAAO,KAAK,QAAQ,KAAK;WAC/B,GAAG;GACV,IAAI,aAAa,mBAEf,KAAK,IAAI,MACP,QAAQ,KAAK,OAAO,uBAAuB,OAAO,KAAK,+BACxD;QAGD,KAAK,IAAI,KACP,yBAAyB,KAAK,OAAO,eAAe,OAAO,QAC3D,EACD;;EAIL,OAAO;GAAE,IAAI;GAAM,IAAI,OAAO,KAAK,GAAG;GAAE;;;;;;;CAQ1C,MAAa,YAAY,KAAkC;EACzD,IAAI,IAAI,WAAW,GAAG,OAAO,EAAE;EAE/B,MAAM,QAAQ,MAAM,KAAK,eAAe,SAAS;GAC/C,OAAO,EAAE,IAAI,EAAE,SAAS,KAAK,EAAE;GAC/B,SAAS;IAAC;IAAM;IAAU;IAAS;GACpC,CAAC;EACF,IAAI,MAAM,WAAW,GAAG,OAAO,EAAE;EAEjC,MAAM,YAAY,MAAM,KAAK,eAAe,WAAW,EACrD,IAAI,EAAE,SAAS,MAAM,KAAK,MAAM,EAAE,GAAG,EAAE,EACxC,CAAC;EAEF,MAAM,gCAAgB,IAAI,KAAuB;EACjD,KAAK,MAAM,KAAK,OAAO;GACrB,MAAM,OAAO,cAAc,IAAI,EAAE,OAAO,IAAI,EAAE;GAC9C,KAAK,KAAK,EAAE,OAAO;GACnB,cAAc,IAAI,EAAE,QAAQ,KAAK;;EAGnC,KAAK,MAAM,CAAC,YAAY,YAAY,eAClC,IAAI;GACF,MAAM,KAAK,OAAO,WAAW,CAAC,WAAW,SAAS,KAAK;WAChD,GAAG;GAGV,KAAK,IAAI,KACP,yBAAyB,QAAQ,OAAO,qBAAqB,cAC7D,EACD;;EAIL,OAAO,UAAU,IAAI,OAAO;;;;;;;;;;CAW9B,MAAa,YAAY,IAA8C;EACrE,IAAI,OAAO,OAAO,UAChB,OAAO;EAGT,OAAO,MAAM,KAAK,eAAe,QAAQ,GAAG;;;;;;;CAQ9C,MAAa,kBAAyC;EACpD,MAAM,WAAW,MAAM,KAAK,eAAe,SAAS,EAAE,CAAC;EAEvD,MAAM,YAAY,SAAS,QAAQ,KAAK,SAAS,MAAM,KAAK,MAAM,EAAE;EACpE,MAAM,aAAa,SAAS;EAG5B,MAAM,4BAAY,IAAI,KAGnB;EACH,KAAK,MAAM,QAAQ,UAAU;GAC3B,MAAM,WAAW,UAAU,IAAI,KAAK,OAAO,IAAI;IAC7C,WAAW;IACX,WAAW;IACZ;GACD,SAAS,aAAa,KAAK;GAC3B,SAAS,aAAa;GACtB,UAAU,IAAI,KAAK,QAAQ,SAAS;;EAItC,MAAM,8BAAc,IAAI,KAAqB;EAC7C,KAAK,MAAM,QAAQ,UAAU;GAC3B,MAAM,WAAW,YAAY,IAAI,KAAK,SAAS,IAAI;GACnD,YAAY,IAAI,KAAK,UAAU,WAAW,EAAE;;EAG9C,OAAO;GACL;GACA;GACA,UAAU,MAAM,KAAK,UAAU,SAAS,CAAC,CAAC,KAAK,CAAC,QAAQ,YAAY;IAClE;IACA,WAAW,MAAM;IACjB,WAAW,MAAM;IAClB,EAAE;GACH,YAAY,MAAM,KAAK,YAAY,SAAS,CAAC,CAAC,KAC3C,CAAC,UAAU,gBAAgB;IAC1B;IACA;IACD,EACF;GACF;;;;;;;;;CAUH,iBAAwB,QAAkC;EACxD,OAAO;;;;;;;;;ACnbX,IAAa,2BAAb,MAAsC;CACpC,MAAyB;CACzB,QAA2B;CAC3B,cAAiC,QAAQ,YAAY;;;;;;CAOrD,eAA+B,QAAQ;EACrC,MAAM,KAAK;EACX,OAAO,KAAK;EACZ,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,kBAAkB,EAAE,CAAC,CAAC;EACpD,aAAa;EACb,QAAQ,EACN,UAAU,oBACX;EACD,eAAe,KAAK,YAAY,iBAAiB;EAClD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;ACFJ,IAAa,qBAAb,MAAgC;;;;;;CAM9B,MAAM,eACJ,MACA,MACe;EACf,IAAI,CAAC,MACH,MAAM,IAAI,eAAe,sCAAsC;EAKjE,IAAI,KAAK,cAAc,OACrB;EAEF,IAAI,KAAK,WAAW,KAAK,YAAY,KAAK,IACxC;EAEF,MAAM,IAAI,eAAe,qBAAqB;;;;;;;;;;;;;;;;;;;;CAqBhD,MAAM,aAAa,MAAiC;EAClD,MAAM,IAAI,cAAc,SAAS,KAAK,GAAG,aAAa;;;;;ACnE1D,MAAa,kBAAkB,EAAE,OAAO,iBAAiB;CACvD,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC9B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrC,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;CAChC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;CAC7B,cAAc,EAAE,SAAS,EAAE,UAAU,CAAC;CACtC,eAAe,EAAE,SAAS,EAAE,UAAU,CAAC;CACxC,CAAC;;;ACTF,MAAa,qBAAqB,EAAE,OAClC,MAAM,QACN,EAAE,EACF;CACE,OAAO;CACP,aAAa;CACd,CACF;;;;;;;ACGD,IAAa,iBAAb,MAA4B;CAC1B,MAAyB;CACzB,QAA2B;CAC3B,cAAiC,QAAQ,YAAY;CACrD,aAAgC,QAAQ,mBAAmB;;;;;CAM3D,YAA4B,QAAQ;EAClC,MAAM,KAAK;EACX,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,kBAAkB,EAAE,CAAC,CAAC;EACpD,aAAa;EACb,QAAQ;GACN,OAAO;GACP,UAAU,EAAE,KAAK,mBAAmB;GACrC;EACD,UAAU,EAAE,YAAY,KAAK,YAAY,UAAU,MAAM;EAC1D,CAAC;;;;;CAMF,aAA6B,QAAQ;EACnC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,EAAE,CAAC,CAAC;EACtD,aAAa;EACb,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,UAAU;GACX;EACD,UAAU,EAAE,aAAa,KAAK,YAAY,WAAW,OAAO,GAAG;EAChE,CAAC;;;;;CAMF,cAA8B,QAAQ;EACpC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,EAAE,CAAC,CAAC;EACtD,aAAa;EACb,QAAQ;GACN,MAAM,EAAE,OAAO,EACb,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE;IAAE,UAAU;IAAG,UAAU;IAAM,CAAC,EACxD,CAAC;GACF,UAAU,EAAE,OAAO,EACjB,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,EAC7B,CAAC;GACH;EACD,SAAS,OAAO,EAAE,WAAW;GAE3B,OAAO,EAAE,SAAA,MADa,KAAK,YAAY,YAAY,KAAK,IAAI,EAC1C;;EAErB,CAAC;;;;;;CAOF,aAA6B,QAAQ;EACnC,MAAM,KAAK;EACX,OAAO,KAAK;EACZ,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,cAAc,EAAE,CAAC,CAAC;EAChD,aAAa;EACb,QAAQ;GACN,MAAM,EAAE,OAAO,EACb,MAAM,EAAE,MAAM,EACf,CAAC;GACF,OAAO,EAAE,OAAO;IACd,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;IACxC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;IAC/B,CAAC;GACF,UAAU;GACX;EACD,SAAS,OAAO,EAAE,MAAM,MAAM,YAC5B,KAAK,YAAY,WAAW,KAAK,MAAM;GACrC;GACA,GAAG;GACJ,CAAC;EACL,CAAC;;;;;CAMF,aAA6B,QAAQ;EACnC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,EAAE,CAAC,CAAC;EACtD,aAAa;EACb,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,MAAM,EAAE,OAAO;IACb,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;IAC5B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IACrC,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;IACzC,CAAC;GACF,UAAU;GACX;EACD,UAAU,EAAE,QAAQ,WAAW,KAAK,YAAY,WAAW,OAAO,IAAI,KAAK;EAC5E,CAAC;;;;;;;;;;;;CAaF,aAA6B,QAAQ;EACnC,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,KAAK;EACZ,aAAa;EACb,KAAK,CACH,QAAQ,EAAE,aAAa,CAAC,YAAY,EAAE,CAAC,EACvC,MAAM,EACJ,SAAS;GACP,SAAS;GACT,QAAQ,CAAC,GAAG,OAAO;GACnB,WAAW;GACZ,EACF,CAAC,CACH;EACD,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,UAAU,EAAE,MAAM;GACnB;EACD,SAAS,OAAO,EAAE,QAAQ,WAAW;GACnC,MAAM,OAAO,MAAM,KAAK,YAAY,YAAY,OAAO,GAAG;GAC1D,MAAM,KAAK,WAAW,eAAe,MAAM,KAAK;GAChD,OAAO,MAAM,KAAK,YAAY,WAAW,KAAK;;EAEjD,CAAC;;;;;;;;;;;;;;;CAgBF,mBAAmC,QAAQ;EACzC,MAAM;EACN,OAAO,KAAK;EACZ,aAAa;EACb,KAAK,CACH,MAAM,EACJ,SAAS;GACP,QAAQ;GACR,QAAQ,CAAC,GAAG,OAAO;GACnB,WAAW;GACZ,EACF,CAAC,CACH;EACD,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,UAAU,EAAE,MAAM;GACnB;EACD,SAAS,OAAO,EAAE,aAAa;GAC7B,MAAM,OAAO,MAAM,KAAK,YAAY,YAAY,OAAO,GAAG;GAC1D,MAAM,KAAK,WAAW,aAAa,KAAK;GACxC,OAAO,MAAM,KAAK,YAAY,WAAW,KAAK;;EAEjD,CAAC;;;;ACzMJ,IAAa,WAAb,MAAsB;CACpB,cAAiC,QAAQ,YAAY;CAErD,aAA6B,WAAW;EACtC,MAAM;EACN,aAAa;EACb,MAAM;EACN,SAAS,YAAY;GACnB,MAAM,QAAQ,MAAM,KAAK,YAAY,kBAAkB;GAEvD,MAAM,QAAQ,IACZ,MAAM,KAAK,SAAS,KAAK,YAAY,WAAW,KAAK,GAAG,CAAC,CAC1D;;EAEJ,CAAC;;;;;;;;;;;;;;;AC4CJ,MAAa,iBAAiB,QAAQ;CACpC,MAAM;CACN,UAAU;EACR;EACA;EACA;EACA;EACA;EACD;CACD,SAAS,CAAC,cAAc,iBAAiB;CAC1C,CAAC"}
package/dist/api/parameters/index.d.ts CHANGED
@@ -503,10 +503,10 @@ declare class ParameterPrimitive<T extends TObject> extends Primitive<ParameterP
503
503
  creatorName?: string | undefined;
504
504
  previousContent?: Record<string, any> | undefined;
505
505
  migrationLog?: string | undefined;
506
- name: string;
507
506
  id: string;
508
507
  createdAt: string;
509
508
  updatedAt: string;
509
+ name: string;
510
510
  content: Record<string, any>;
511
511
  schemaHash: string;
512
512
  activationDate: string;
@@ -522,10 +522,10 @@ declare class ParameterPrimitive<T extends TObject> extends Primitive<ParameterP
522
522
  creatorName?: string | undefined;
523
523
  previousContent?: Record<string, any> | undefined;
524
524
  migrationLog?: string | undefined;
525
- name: string;
526
525
  id: string;
527
526
  createdAt: string;
528
527
  updatedAt: string;
528
+ name: string;
529
529
  content: Record<string, any>;
530
530
  schemaHash: string;
531
531
  activationDate: string;
package/dist/api/users/index.d.ts CHANGED
@@ -11,13 +11,13 @@ import * as _$alepha_server_links0 from "alepha/server/links";
11
11
  import * as _$alepha_api_notifications0 from "alepha/api/notifications";
12
12
  import { CaptchaProvider } from "alepha/captcha";
13
13
  import { OAuth2Profile, ServerAuthProvider, WithLinkFn, WithLoginFn } from "alepha/server/auth";
14
+ import { VerificationController, VerificationService } from "alepha/api/verifications";
14
15
  import * as _$alepha_cache0 from "alepha/cache";
15
16
  import { CacheProvider } from "alepha/cache";
16
17
  import { DateTime, DateTimeProvider } from "alepha/datetime";
17
18
  import * as _$alepha_api_jobs0 from "alepha/api/jobs";
18
19
  import { FileSystemProvider } from "alepha/system";
19
20
  import { ParameterPrimitive } from "alepha/api/parameters";
20
- import { VerificationController } from "alepha/api/verifications";
21
21
  import * as _$typebox from "typebox";
22
22
  import * as _$drizzle_orm0 from "drizzle-orm";
23
23
  import { BuildExtraConfigColumns, SQL, SQLWrapper } from "drizzle-orm";
@@ -2538,13 +2538,13 @@ declare class UserNotifications {
2538
2538
  //#region ../../src/api/users/schemas/createUserSchema.d.ts
2539
2539
  declare const createUserSchema: _$typebox.TObject<{
2540
2540
  email: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2541
- username: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2542
- phoneNumber: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2543
2541
  id: _$typebox.TOptional<PgAttr<PgAttr<_$typebox.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>>;
2544
2542
  createdAt: _$typebox.TOptional<PgAttr<PgAttr<_$typebox.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>>;
2545
2543
  organizationId: _$typebox.TOptional<PgAttr<_$typebox.TString, typeof PG_ORGANIZATION>>;
2544
+ phoneNumber: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2546
2545
  version: _$typebox.TOptional<PgAttr<PgAttr<_$typebox.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>>;
2547
2546
  updatedAt: _$typebox.TOptional<PgAttr<PgAttr<_$typebox.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>>;
2547
+ username: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2548
2548
  roles: _$typebox.TOptional<PgAttr<_$typebox.TArray<_$typebox.TString>, typeof PG_DEFAULT>>;
2549
2549
  firstName: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2550
2550
  lastName: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
@@ -2557,8 +2557,8 @@ type CreateUser = Static<typeof createUserSchema>;
2557
2557
  //#region ../../src/api/users/schemas/updateUserSchema.d.ts
2558
2558
  declare const updateUserSchema: _$typebox.TObject<{
2559
2559
  email: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2560
- phoneNumber: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2561
2560
  organizationId: _$typebox.TOptional<PgAttr<_$typebox.TString, typeof PG_ORGANIZATION>>;
2561
+ phoneNumber: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2562
2562
  realm: _$typebox.TOptional<PgAttr<_$typebox.TString, typeof PG_DEFAULT>>;
2563
2563
  roles: _$typebox.TOptional<PgAttr<_$typebox.TArray<_$typebox.TString>, typeof PG_DEFAULT>>;
2564
2564
  firstName: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
@@ -2718,13 +2718,13 @@ declare class AdminUserController {
2718
2718
  }>;
2719
2719
  body: _$typebox.TObject<{
2720
2720
  email: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2721
- username: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2722
- phoneNumber: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2723
2721
  id: _$typebox.TOptional<PgAttr<PgAttr<_$typebox.TString, typeof PG_PRIMARY_KEY>, typeof PG_DEFAULT>>;
2724
2722
  createdAt: _$typebox.TOptional<PgAttr<PgAttr<_$typebox.TString, typeof PG_CREATED_AT>, typeof PG_DEFAULT>>;
2725
2723
  organizationId: _$typebox.TOptional<PgAttr<_$typebox.TString, typeof PG_ORGANIZATION>>;
2724
+ phoneNumber: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2726
2725
  version: _$typebox.TOptional<PgAttr<PgAttr<_$typebox.TInteger, typeof PG_VERSION>, typeof PG_DEFAULT>>;
2727
2726
  updatedAt: _$typebox.TOptional<PgAttr<PgAttr<_$typebox.TString, typeof PG_UPDATED_AT>, typeof PG_DEFAULT>>;
2727
+ username: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2728
2728
  roles: _$typebox.TOptional<PgAttr<_$typebox.TArray<_$typebox.TString>, typeof PG_DEFAULT>>;
2729
2729
  firstName: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2730
2730
  lastName: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
@@ -2762,8 +2762,8 @@ declare class AdminUserController {
2762
2762
  }>;
2763
2763
  body: _$typebox.TObject<{
2764
2764
  email: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2765
- phoneNumber: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2766
2765
  organizationId: _$typebox.TOptional<PgAttr<_$typebox.TString, typeof PG_ORGANIZATION>>;
2766
+ phoneNumber: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
2767
2767
  realm: _$typebox.TOptional<PgAttr<_$typebox.TString, typeof PG_DEFAULT>>;
2768
2768
  roles: _$typebox.TOptional<PgAttr<_$typebox.TArray<_$typebox.TString>, typeof PG_DEFAULT>>;
2769
2769
  firstName: _$typebox.TOptional<_$typebox.TOptional<_$typebox.TString>>;
@@ -2943,7 +2943,7 @@ declare class CredentialService {
2943
2943
  protected readonly log: _$alepha_logger0.Logger;
2944
2944
  protected readonly cryptoProvider: CryptoProvider;
2945
2945
  protected readonly dateTimeProvider: DateTimeProvider;
2946
- protected readonly verificationController: _$alepha_server_links0.HttpVirtualClient<VerificationController>;
2946
+ protected readonly verificationService: VerificationService;
2947
2947
  protected readonly realmProvider: RealmProvider;
2948
2948
  protected userAudits(realmName?: string): UserAudits | undefined;
2949
2949
  protected userNotifications(realmName?: string): UserNotifications | undefined;
@@ -3741,8 +3741,8 @@ declare class SessionService {
3741
3741
  deleteSession(refreshToken: string, userRealmName?: string): Promise<void>;
3742
3742
  link(provider: string, profile: OAuth2Profile, userRealmName?: string): Promise<{
3743
3743
  email?: string | undefined;
3744
- username?: string | undefined;
3745
3744
  phoneNumber?: string | undefined;
3745
+ username?: string | undefined;
3746
3746
  firstName?: string | undefined;
3747
3747
  lastName?: string | undefined;
3748
3748
  picture?: string | undefined;