npm - alepha - Versions diffs - 0.21.1 → 0.21.2 - Mend

alepha 0.21.1 → 0.21.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (96) hide show

package/dist/api/audits/index.d.ts +2 -2
package/dist/api/files/index.d.ts +44 -3
package/dist/api/files/index.d.ts.map +1 -1
package/dist/api/files/index.js +59 -3
package/dist/api/files/index.js.map +1 -1
package/dist/api/users/index.d.ts +35 -35
package/dist/api/users/index.d.ts.map +1 -1
package/dist/api/users/index.js +28 -26
package/dist/api/users/index.js.map +1 -1
package/dist/api/verifications/index.browser.js +1 -0
package/dist/api/verifications/index.browser.js.map +1 -1
package/dist/api/verifications/index.d.ts +17 -0
package/dist/api/verifications/index.d.ts.map +1 -1
package/dist/api/verifications/index.js +5 -1
package/dist/api/verifications/index.js.map +1 -1
package/dist/cli/core/index.d.ts +70 -1
package/dist/cli/core/index.d.ts.map +1 -1
package/dist/cli/core/index.js +105 -7
package/dist/cli/core/index.js.map +1 -1
package/dist/cli/platform/index.d.ts +53 -92
package/dist/cli/platform/index.d.ts.map +1 -1
package/dist/cli/platform/index.js +128 -195
package/dist/cli/platform/index.js.map +1 -1
package/dist/containers/core/index.d.ts +238 -0
package/dist/containers/core/index.d.ts.map +1 -0
package/dist/containers/core/index.js +222 -0
package/dist/containers/core/index.js.map +1 -0
package/dist/containers/core/index.workerd.js +177 -0
package/dist/containers/core/index.workerd.js.map +1 -0
package/dist/email/cloudflare/index.d.ts +90 -0
package/dist/email/cloudflare/index.d.ts.map +1 -0
package/dist/email/cloudflare/index.js +116 -0
package/dist/email/cloudflare/index.js.map +1 -0
package/dist/orm/core/index.bun.js +2 -2
package/dist/orm/core/index.bun.js.map +1 -1
package/dist/orm/core/index.d.ts.map +1 -1
package/dist/orm/core/index.js +2 -2
package/dist/orm/core/index.js.map +1 -1
package/dist/react/form/index.d.ts +36 -1
package/dist/react/form/index.d.ts.map +1 -1
package/dist/react/form/index.js +91 -3
package/dist/react/form/index.js.map +1 -1
package/dist/react/router/index.browser.js +1 -1
package/dist/react/router/index.browser.js.map +1 -1
package/dist/react/router/index.d.ts.map +1 -1
package/dist/react/router/index.js +1 -1
package/dist/react/router/index.js.map +1 -1
package/package.json +23 -1
package/src/api/files/controllers/FileController.ts +41 -1
package/src/api/files/providers/FileAccessProvider.ts +23 -1
package/src/api/files/services/FileService.ts +5 -3
package/src/api/users/services/CredentialService.ts +37 -26
package/src/api/verifications/entities/verifications.ts +8 -0
package/src/api/verifications/services/VerificationService.ts +14 -0
package/src/cli/core/__tests__/BuildDockerTask.spec.ts +24 -0
package/src/cli/core/atoms/buildOptions.ts +15 -0
package/src/cli/core/commands/build.ts +14 -2
package/src/cli/core/tasks/BuildAssetsTask.ts +3 -0
package/src/cli/core/tasks/BuildClientTask.ts +3 -0
package/src/cli/core/tasks/BuildCloudflareTask.ts +136 -2
package/src/cli/core/tasks/BuildCompressTask.ts +3 -0
package/src/cli/core/tasks/BuildDockerTask.ts +12 -1
package/src/cli/core/tasks/BuildPrerenderTask.ts +3 -0
package/src/cli/core/tasks/BuildPwaTask.ts +3 -0
package/src/cli/core/tasks/BuildServerTask.ts +3 -0
package/src/cli/core/tasks/BuildTask.ts +8 -0
package/src/cli/platform/__tests__/NamingService.spec.ts +0 -42
package/src/cli/platform/__tests__/PlatformInspector.spec.ts +4 -48
package/src/cli/platform/adapters/CloudflareAdapter.ts +24 -48
package/src/cli/platform/adapters/PlatformAdapter.ts +8 -0
package/src/cli/platform/adapters/VercelAdapter.ts +5 -15
package/src/cli/platform/atoms/platformOptions.ts +0 -5
package/src/cli/platform/commands/platform.ts +90 -93
package/src/cli/platform/index.ts +16 -4
package/src/cli/platform/services/NamingService.ts +11 -12
package/src/cli/platform/services/PlatformInspector.ts +9 -43
package/src/cli/platform/services/PlatformOrchestrator.ts +40 -98
package/src/containers/core/__tests__/$container.spec.ts +83 -0
package/src/containers/core/index.ts +50 -0
package/src/containers/core/index.workerd.ts +37 -0
package/src/containers/core/interfaces/ContainerOptions.ts +69 -0
package/src/containers/core/primitives/$container.ts +100 -0
package/src/containers/core/providers/CloudflareContainerProvider.ts +72 -0
package/src/containers/core/providers/ContainerProvider.ts +78 -0
package/src/containers/core/providers/MockContainerProvider.ts +62 -0
package/src/containers/core/providers/NodeContainerProvider.ts +53 -0
package/src/email/cloudflare/__tests__/CloudflareEmailProvider.spec.ts +150 -0
package/src/email/cloudflare/index.ts +26 -0
package/src/email/cloudflare/providers/CloudflareEmailProvider.ts +160 -0
package/src/orm/core/services/Repository.ts +11 -2
package/src/react/form/hooks/useFormQuerySync.ts +0 -0
package/src/react/form/index.ts +1 -0
package/src/react/form/services/FormModel.ts +18 -2
package/src/react/router/providers/ReactBrowserProvider.ts +12 -3
package/src/cli/platform/hooks/PlatformHook.ts +0 -51
package/src/orm/REFACTORING.md +0 -330

package/dist/api/audits/index.d.ts CHANGED Viewed

@@ -580,9 +580,9 @@ declare class AdminAuditController {
     }>;
     query: _$typebox.TObject<{
       type: _$typebox.TOptional<_$typebox.TString>;
-      search: _$typebox.TOptional<_$typebox.TString>;
       action: _$typebox.TOptional<_$typebox.TString>;
       severity: _$typebox.TOptional<_$typebox.TUnsafe<"info" | "warning" | "critical">>;
+      search: _$typebox.TOptional<_$typebox.TString>;
       sort: _$typebox.TOptional<_$typebox.TString>;
       userRealm: _$typebox.TOptional<_$typebox.TString>;
       resourceType: _$typebox.TOptional<_$typebox.TString>;
@@ -625,9 +625,9 @@ declare class AdminAuditController {
     }>;
     query: _$typebox.TObject<{
       type: _$typebox.TOptional<_$typebox.TString>;
-      search: _$typebox.TOptional<_$typebox.TString>;
       action: _$typebox.TOptional<_$typebox.TString>;
       severity: _$typebox.TOptional<_$typebox.TUnsafe<"info" | "warning" | "critical">>;
+      search: _$typebox.TOptional<_$typebox.TString>;
       sort: _$typebox.TOptional<_$typebox.TString>;
       userId: _$typebox.TOptional<_$typebox.TString>;
       userRealm: _$typebox.TOptional<_$typebox.TString>;

package/dist/api/files/index.d.ts CHANGED Viewed

@@ -514,14 +514,16 @@ declare class FileService {
     tags?: string[];
   }): Promise<FileEntity>;
   /**
-   * Streams a file from storage by its database ID.
+   * Streams a file from storage by its database ID, or directly from an
+   * already-loaded `FileEntity` to avoid a duplicate DB roundtrip when the
+   * caller has already fetched the row (e.g. after an access check).
    *
-   * @param id - The database ID (UUID) of the file to stream
+   * @param id - The database ID (UUID) of the file, or the entity itself
    * @returns The file object ready for streaming/downloading
    * @throws {NotFoundError} If the file doesn't exist in the database
    * @throws {FileNotFoundError} If the file exists in database but not in storage
    */
-  streamFile(id: string): Promise<FileLike>;
+  streamFile(id: string | FileEntity): Promise<FileLike>;
   /**
    * Updates file metadata (name, tags, expiration date).
    * Does not modify the actual file content in storage.
@@ -642,6 +644,25 @@ declare class FileAccessProvider {
    * implementation is strict: only the uploader passes.
    */
   assertReadable(file: FileEntity, user: UserAccountToken | undefined): Promise<void>;
+  /**
+   * Throws when `file` may not be served through the anonymous
+   * `/public/files/:id` route. The default is deny-all: nothing is public
+   * unless this method is overridden. Throws `NotFoundError` (not 403) so the
+   * endpoint doesn't leak the existence of private file ids.
+   *
+   * Typical override matches on bucket name:
+   *
+   * ```ts
+   * class MyAccess extends FileAccessProvider {
+   *   async assertPublic(file) {
+   *     if (file.bucket === "avatars") return;
+   *     if (file.bucket === "campaign-icons") return;
+   *     return super.assertPublic(file);
+   *   }
+   * }
+   * ```
+   */
+  assertPublic(file: FileEntity): Promise<void>;
 }
 //#endregion
 //#region ../../src/api/files/controllers/FileController.d.ts
@@ -800,6 +821,26 @@ declare class FileController {
     }>;
     response: _$alepha.TFile;
   }>;
+  /**
+   * GET /public/files/:id - Anonymous, edge-cacheable download.
+   *
+   * Authorization is delegated to `FileAccessProvider.assertPublic`. The
+   * default policy is deny-all (throws `NotFoundError`), so consuming apps
+   * must override the provider to opt files in — typically by bucket name
+   * (avatars, campaign icons, etc.).
+   *
+   * Cache-Control is `public, immutable, max-age=1y` so Cloudflare's edge
+   * cache and any intermediary proxy can serve subsequent hits without
+   * touching the Worker. The split URL prefix (vs `/files/:id`) is what
+   * makes this safe: edge cache is URL-keyed, so public and private files
+   * live in separate cache lanes.
+   */
+  readonly streamPublicFile: _$alepha_server0.ActionPrimitiveFn<{
+    params: _$typebox.TObject<{
+      id: _$typebox.TString;
+    }>;
+    response: _$alepha.TFile;
+  }>;
 }
 //#endregion
 //#region ../../src/api/files/jobs/FileJobs.d.ts

package/dist/api/files/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","names":[],"sources":["../../../src/api/files/entities/files.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/orm/core/schemas/insertSchema.ts","../../../src/orm/core/schemas/updateSchema.ts","../../../src/orm/core/primitives/$entity.ts","../../../src/orm/core/constants/PG_SYMBOLS.ts","../../../src/orm/core/helpers/pgAttr.ts","../../../src/orm/core/schemas/databaseEnvSchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/services/FileService.ts","../../../src/api/files/controllers/AdminFileStatsController.ts","../../../src/api/files/providers/FileAccessProvider.ts","../../../src/api/files/controllers/FileController.ts","../../../src/api/files/jobs/FileJobs.ts","../../../src/api/files/index.ts"],"mappings":";;;;;;;;;;;;;;;cAGa,KAAA,EAAK,aAAA,CAAA,eAAA,WAAA,OAAA;gDAuDhB,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;AAvDF;;;;;;;;;;;;;;;;;;;;;;KAyDY,UAAA,GAAa,MAAA,QAAc,KAAA,CAAM,MAAA;;;cCxDhC,eAAA,YAAe,OAAA;4BAQ1B,SAAA,CAAA,QAAA;;;;;;;;;;;KAEU,SAAA,GAAY,MAAA,QAAc,eAAA;;;;;;;;;;;;KCG1B,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA;EAAA,CACjB,UAAA;AAAA;EAAA,CACA,eAAA;AAAA;EACD,WAAA;AAAA,IACF,SAAA,CAAU,CAAA,eAAgB,CAAA,KAC1B,CAAA,eAAgB,CAAA;;;;;;;;;;;;KCTV,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA,UAAW,SAAA,YAC/B,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,MACrB,CAAA,eAAgB,CAAA;;;UCWL,sBAAA,WACL,OAAA,eACG,MAAA,CAAO,CAAA;;;;;EAMpB,IAAA;;;;EAKA,MAAA,EAAQ,CAAA;;;;EAKR,OAAA,IACI,IAAA;;;;IAKE,MAAA,EAAQ,IAAA;;;;IAIR,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;IAMR,OAAA,EAAS,IAAA;;;;IAIT,MAAA;;;;IAIA,IAAA;IJnFU;;;IIuFV,KAAA,GAAQ,GAAA;EAAA;;;;;;;;;;;;;;;;;IAmBR,WAAA,GAAc,IAAA,EAAM,MAAA,CAAO,IAAA,qBAAyB,GAAA;;;;IAIpD,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAOd,WAAA,GAAc,KAAA;;;;IAIZ,IAAA;;;;IAIA,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;;IAK5B,cAAA,EAAgB,KAAA,OAAY,YAAA;EAAA;;;;;;;;;;;;;;AJjFhC;;;;;;;;;;;;ACxDA;;;;;;EG2KE,WAAA,GAAc,KAAA;;;;IAIZ,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;IAI5B,IAAA;;;;IAIA,MAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAMV,MAAA,IACE,IAAA,EAAM,uBAAA,SAAgC,UAAA,CAAW,CAAA,aAC9C,uBAAA;AAAA;AAAA,cAKM,eAAA,WAA0B,OAAA,GAAU,OAAA;EAAA,SAC/B,OAAA,EAAS,sBAAA,CAAuB,CAAA;cAEpC,OAAA,EAAS,sBAAA,CAAuB,CAAA;EAI5C,KAAA,CAAM,KAAA;EAAA,IAYF,IAAA,CAAA,GAAQ,aAAA,CAAc,CAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,CAAA;EAAA,IAIV,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;EAAA,IAI9B,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;AAAA;;;;KAYxB,UAAA,WAAqB,OAAA,oBACjB,CAAA,iBAAkB,mBAAA;AAAA,KAYtB,YAAA,WAAuB,OAAA;EACjC,IAAA;EACA,MAAA,EAAQ,eAAA,CAAgB,CAAA;AAAA;AAAA,KAGd,aAAA,WAAwB,OAAA,oBACpB,CAAA,iBAAkB,YAAA,CAAa,CAAA;;;cCjRlC,UAAA;AAAA,cACA,cAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,UAAA;AAAA,cACA,WAAA;AAAA,cACA,OAAA;AAAA,cACA,MAAA;AAAA,cACA,YAAA;AAAA,cACA,eAAA;;;;cAKA,SAAA;AAAA,KAMD,SAAA;EAAA,CACT,UAAA;EAAA,CACA,cAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,UAAA;EAAA,CACA,WAAA,GAAc,iBAAA;EAAA,CACd,MAAA,GAAS,YAAA;EAAA,CACT,OAAA,GAAU,aAAA;EAAA,CACV,YAAA,GAAe,kBAAA;EAAA,CACf,eAAA;;;;GAKA,SAAA;AAAA;AAAA,KAGS,YAAA,SAAqB,SAAA;AAAA,KAErB,iBAAA;EACV,IAAA;AAAA,IACE,iBAAA;EACA,IAAA;AAAA;AAAA,UAGa,aAAA;EACf,IAAA;EACA,WAAA;AAAA;AAAA,UAGe,kBAAA;;;;EAIf,UAAA,EAAY,GAAA;;;;;;EAOZ,IAAA;AAAA;AAAA,UAGe,YAAA;EACf,GAAA;IACE,IAAA;IACA,MAAA,EAAQ,eAAA;EAAA;EAEV,OAAA;IACE,QAAA,GAAW,kBAAA;IACX,QAAA,GAAW,kBAAA;EAAA;AAAA;;;AL9Ef;;;AAAA,KMkDY,MAAA,WAAiB,OAAA,gBAAuB,YAAA,IAAgB,CAAA,WAC5D,KAAA,GAAQ,SAAA,CAAU,CAAA;;;;;;;;;;;;;;;;cCvCb,iBAAA,YAAiB,OAAA;oCAW5B,SAAA,CAAA,OAAA;;;;;;;APvBF;;;;YO0BY,GAAA,SAAY,OAAA,CAAQ,MAAA,QAAc,iBAAA;AAAA;;;cC1BjC,kBAAA,YAAkB,OAAA;oBAO9B,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;KAEW,YAAA,GAAe,MAAA,QAAc,kBAAA;;;cCT5B,iBAAA,YAAiB,OAAA;UAI5B,SAAA,CAAA,OAAA;;;;cAEW,mBAAA,YAAmB,OAAA;YAG9B,SAAA,CAAA,OAAA;;;cAEW,kBAAA,YAAkB,OAAA;aAK7B,SAAA,CAAA,OAAA;;;;;;;;;;;;KAEU,WAAA,GAAc,MAAA,QAAc,iBAAA;AAAA,KAC5B,aAAA,GAAgB,MAAA,QAAc,mBAAA;AAAA,KAC9B,YAAA,GAAe,MAAA,QAAc,kBAAA;;;cCD5B,WAAA;EAAA,mBACQ,MAAA,EAAM,MAAA;EAAA,mBACN,GAAA,EADM,gBAAA,CACH,MAAA;EAAA,mBACH,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,aAAA,EAAa,eAAA;EAAA,SAChB,cAAA,EAAc,aAAA,CAAA,UAAA,WAAA,OAAA;kDADE,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;YAGtB,YAAA,EAFoB,QAAA,CAER,aAAA;EAAA,UAwBZ,kBAAA,EAxBY,QAAA,CAwBM,aAAA;;;;;;;;YAmBZ,iBAAA,CAAkB,IAAA,EAAM,QAAA,GAAW,OAAA;;;;;;;;EAc5C,MAAA,CAAO,UAAA,YAA+C,eAAA;;;;;;;;EAqBhD,SAAA,CAAU,CAAA,GAAG,SAAA,GAAiB,OAAA,CAAQ,IAAA,CAAK,UAAA;;;;;;;EAoD3C,gBAAA,CAAA,GAAoB,OAAA,CAAQ,UAAA;;;;;;;;YAgB/B,iBAAA,CAAkB,GAAA,GAAM,YAAA;;;;;;;;;;;;;;EAsBrB,UAAA,CACX,IAAA,EAAM,QAAA,EACN,OAAA;IACE,cAAA,YAA0B,QAAA;IAC1B,MAAA;IACA,IAAA,GAAO,gBAAA;IACP,IAAA;EAAA,IAED,OAAA,CAAQ,UAAA~~;;;;;;;;;EAuCE~~,UAAA,CAAW,EAAA,WAAa,OAAA,CAAQ,QAAA;;;;;;;;;;;;;~~EAmBhC~~,UAAA,CACX,EAAA,UACA,IAAA;IACE,IAAA;IACA,IAAA;IACA,cAAA,GAAiB,QAAA;EAAA,IAElB,OAAA,CAAQ,UAAA;;;;;;;;;;EA+BE,UAAA,CAAW,EAAA,WAAa,OAAA,CAAQ,EAAA~~;;;;;;EAgChC~~,WAAA,CAAY,GAAA,aAAgB,OAAA~~;EVjR/B;;;;;;;;EU6TG~~,WAAA,CAAY,EAAA,WAAa,UAAA,GAAa,OAAA,CAAQ,UAAA;;;;~~ATrX7D;;ESkYe~~,eAAA,CAAA,GAAmB,OAAA,CAAQ,YAAA~~;ET1XxC;;;;;;;ES8aO~~,gBAAA,CAAiB,MAAA,EAAQ,UAAA,GAAa,YAAA;AAAA;;;;;;;~~cChblC~~,wBAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;;;;;;WAOd,YAAA,mBAAY,iBAAA;;iBAPE,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AXVhC;;;cYwBa,kBAAA;;;;;;EAML,cAAA,CACJ,IAAA,EAAM,UAAA,EACN,IAAA,EAAM,gBAAA,eACL,OAAA;AAAA;;;;;;;~~cCvBQ~~,cAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;EAAA,mBACX,UAAA,EAAU,kBAAA;;;;;WAMb,SAAA,mBAAS,iBAAA;;gCANI,SAAA,CAAA,QAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAsBb,UAAA,mBAAU,iBAAA;;UAhBD,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;WAmCT,WAAA,mBAAW,iBAAA;;4BAnBD,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;WA4CV,UAAA,mBAAU,iBAAA;;YAzBC,QAAA,CAAA,KAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAmDX,UAAA,mBAAU,iBAAA;;UA1BA,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;EbvBH;;;;;;;;ACxDzB;;;EDwDyB,SagFP,UAAA,mBAAU,iBAAA;;UA/BA,SAAA,CAAA,OAAA;IAAA;;;;;;~~cCzGf~~,QAAA;EAAA,mBACQ,WAAA,EAAW,WAAA;EAAA,SAEd,UAAA,EAFc,mBAAA,CAEJ,kBAAA;AAAA;;;;YCiBhB,iBAAA;;;;IAIR,GAAA,GAAM,YAAA;;;;IAKN,IAAA;;;;IAKA,IAAA,GAAO,gBAAA;IfoBT;;;;;IebE,OAAA;EAAA;AAAA;;;;;;;;;;;;cAiBS,cAAA,EAAc,QAAA,CAAA,OAAA,CAUzB,QAAA,CAVyB,MAAA"}
1	+ {"version":3,"file":"index.d.ts","names":[],"sources":["../../../src/api/files/entities/files.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/orm/core/schemas/insertSchema.ts","../../../src/orm/core/schemas/updateSchema.ts","../../../src/orm/core/primitives/$entity.ts","../../../src/orm/core/constants/PG_SYMBOLS.ts","../../../src/orm/core/helpers/pgAttr.ts","../../../src/orm/core/schemas/databaseEnvSchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/services/FileService.ts","../../../src/api/files/controllers/AdminFileStatsController.ts","../../../src/api/files/providers/FileAccessProvider.ts","../../../src/api/files/controllers/FileController.ts","../../../src/api/files/jobs/FileJobs.ts","../../../src/api/files/index.ts"],"mappings":";;;;;;;;;;;;;;;cAGa,KAAA,EAAK,aAAA,CAAA,eAAA,WAAA,OAAA;gDAuDhB,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;AAvDF;;;;;;;;;;;;;;;;;;;;;;KAyDY,UAAA,GAAa,MAAA,QAAc,KAAA,CAAM,MAAA;;;cCxDhC,eAAA,YAAe,OAAA;4BAQ1B,SAAA,CAAA,QAAA;;;;;;;;;;;KAEU,SAAA,GAAY,MAAA,QAAc,eAAA;;;;;;;;;;;;KCG1B,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA;EAAA,CACjB,UAAA;AAAA;EAAA,CACA,eAAA;AAAA;EACD,WAAA;AAAA,IACF,SAAA,CAAU,CAAA,eAAgB,CAAA,KAC1B,CAAA,eAAgB,CAAA;;;;;;;;;;;;KCTV,aAAA,WAAwB,OAAA,IAAW,OAAA,eACjC,CAAA,kBAAmB,CAAA,eAAgB,CAAA;EAAA,CAC5C,YAAA;AAAA,YAGC,CAAA,GAAI,CAAA,eAAgB,CAAA,UAAW,SAAA,YAC/B,SAAA,CAAU,MAAA,EAAQ,CAAA,EAAG,KAAA,MACrB,CAAA,eAAgB,CAAA;;;UCWL,sBAAA,WACL,OAAA,eACG,MAAA,CAAO,CAAA;;;;;EAMpB,IAAA;;;;EAKA,MAAA,EAAQ,CAAA;;;;EAKR,OAAA,IACI,IAAA;;;;IAKE,MAAA,EAAQ,IAAA;;;;IAIR,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;IAMR,OAAA,EAAS,IAAA;;;;IAIT,MAAA;;;;IAIA,IAAA;IJnFU;;;IIuFV,KAAA,GAAQ,GAAA;EAAA;;;;;;;;;;;;;;;;;IAmBR,WAAA,GAAc,IAAA,EAAM,MAAA,CAAO,IAAA,qBAAyB,GAAA;;;;IAIpD,MAAA;;;;IAIA,IAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAOd,WAAA,GAAc,KAAA;;;;IAIZ,IAAA;;;;IAIA,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;;IAK5B,cAAA,EAAgB,KAAA,OAAY,YAAA;EAAA;;;;;;;;;;;;;;AJjFhC;;;;;;;;;;;;ACxDA;;;;;;EG2KE,WAAA,GAAc,KAAA;;;;IAIZ,OAAA,EAAS,KAAA,OAAY,MAAA,CAAO,CAAA;;;;IAI5B,IAAA;;;;IAIA,MAAA;;;;IAIA,KAAA,GAAQ,GAAA;EAAA;;;;EAMV,MAAA,IACE,IAAA,EAAM,uBAAA,SAAgC,UAAA,CAAW,CAAA,aAC9C,uBAAA;AAAA;AAAA,cAKM,eAAA,WAA0B,OAAA,GAAU,OAAA;EAAA,SAC/B,OAAA,EAAS,sBAAA,CAAuB,CAAA;cAEpC,OAAA,EAAS,sBAAA,CAAuB,CAAA;EAI5C,KAAA,CAAM,KAAA;EAAA,IAYF,IAAA,CAAA,GAAQ,aAAA,CAAc,CAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,CAAA;EAAA,IAIV,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;EAAA,IAI9B,YAAA,CAAA,GAAgB,aAAA,CAAc,CAAA;AAAA;;;;KAYxB,UAAA,WAAqB,OAAA,oBACjB,CAAA,iBAAkB,mBAAA;AAAA,KAYtB,YAAA,WAAuB,OAAA;EACjC,IAAA;EACA,MAAA,EAAQ,eAAA,CAAgB,CAAA;AAAA;AAAA,KAGd,aAAA,WAAwB,OAAA,oBACpB,CAAA,iBAAkB,YAAA,CAAa,CAAA;;;cCjRlC,UAAA;AAAA,cACA,cAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,aAAA;AAAA,cACA,UAAA;AAAA,cACA,WAAA;AAAA,cACA,OAAA;AAAA,cACA,MAAA;AAAA,cACA,YAAA;AAAA,cACA,eAAA;;;;cAKA,SAAA;AAAA,KAMD,SAAA;EAAA,CACT,UAAA;EAAA,CACA,cAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,aAAA;EAAA,CACA,UAAA;EAAA,CACA,WAAA,GAAc,iBAAA;EAAA,CACd,MAAA,GAAS,YAAA;EAAA,CACT,OAAA,GAAU,aAAA;EAAA,CACV,YAAA,GAAe,kBAAA;EAAA,CACf,eAAA;;;;GAKA,SAAA;AAAA;AAAA,KAGS,YAAA,SAAqB,SAAA;AAAA,KAErB,iBAAA;EACV,IAAA;AAAA,IACE,iBAAA;EACA,IAAA;AAAA;AAAA,UAGa,aAAA;EACf,IAAA;EACA,WAAA;AAAA;AAAA,UAGe,kBAAA;;;;EAIf,UAAA,EAAY,GAAA;;;;;;EAOZ,IAAA;AAAA;AAAA,UAGe,YAAA;EACf,GAAA;IACE,IAAA;IACA,MAAA,EAAQ,eAAA;EAAA;EAEV,OAAA;IACE,QAAA,GAAW,kBAAA;IACX,QAAA,GAAW,kBAAA;EAAA;AAAA;;;AL9Ef;;;AAAA,KMkDY,MAAA,WAAiB,OAAA,gBAAuB,YAAA,IAAgB,CAAA,WAC5D,KAAA,GAAQ,SAAA,CAAU,CAAA;;;;;;;;;;;;;;;;cCvCb,iBAAA,YAAiB,OAAA;oCAW5B,SAAA,CAAA,OAAA;;;;;;;APvBF;;;;YO0BY,GAAA,SAAY,OAAA,CAAQ,MAAA,QAAc,iBAAA;AAAA;;;cC1BjC,kBAAA,YAAkB,OAAA;oBAO9B,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;KAEW,YAAA,GAAe,MAAA,QAAc,kBAAA;;;cCT5B,iBAAA,YAAiB,OAAA;UAI5B,SAAA,CAAA,OAAA;;;;cAEW,mBAAA,YAAmB,OAAA;YAG9B,SAAA,CAAA,OAAA;;;cAEW,kBAAA,YAAkB,OAAA;aAK7B,SAAA,CAAA,OAAA;;;;;;;;;;;;KAEU,WAAA,GAAc,MAAA,QAAc,iBAAA;AAAA,KAC5B,aAAA,GAAgB,MAAA,QAAc,mBAAA;AAAA,KAC9B,YAAA,GAAe,MAAA,QAAc,kBAAA;;;cCD5B,WAAA;EAAA,mBACQ,MAAA,EAAM,MAAA;EAAA,mBACN,GAAA,EADM,gBAAA,CACH,MAAA;EAAA,mBACH,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,aAAA,EAAa,eAAA;EAAA,SAChB,cAAA,EAAc,aAAA,CAAA,UAAA,WAAA,OAAA;kDADE,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;YAGtB,YAAA,EAFoB,QAAA,CAER,aAAA;EAAA,UAwBZ,kBAAA,EAxBY,QAAA,CAwBM,aAAA;;;;;;;;YAmBZ,iBAAA,CAAkB,IAAA,EAAM,QAAA,GAAW,OAAA;;;;;;;;EAc5C,MAAA,CAAO,UAAA,YAA+C,eAAA;;;;;;;;EAqBhD,SAAA,CAAU,CAAA,GAAG,SAAA,GAAiB,OAAA,CAAQ,IAAA,CAAK,UAAA;;;;;;;EAoD3C,gBAAA,CAAA,GAAoB,OAAA,CAAQ,UAAA;;;;;;;;YAgB/B,iBAAA,CAAkB,GAAA,GAAM,YAAA;;;;;;;;;;;;;;EAsBrB,UAAA,CACX,IAAA,EAAM,QAAA,EACN,OAAA;IACE,cAAA,YAA0B,QAAA;IAC1B,MAAA;IACA,IAAA,GAAO,gBAAA;IACP,IAAA;EAAA,IAED,OAAA,CAAQ,UAAA;;;;;;;;;;;EAyCE,UAAA,CAAW,EAAA,WAAa,UAAA,GAAa,OAAA,CAAQ,QAAA;;;;;;;;;;;;;EAmB7C,UAAA,CACX,EAAA,UACA,IAAA;IACE,IAAA;IACA,IAAA;IACA,cAAA,GAAiB,QAAA;EAAA,IAElB,OAAA,CAAQ,UAAA;;;;;;;;;;EA+BE,UAAA,CAAW,EAAA,WAAa,OAAA,CAAQ,EAAA;;;;;AVnP/C;EUmRe,WAAA,CAAY,GAAA,aAAgB,OAAA;;;;;;;;;EA4C5B,WAAA,CAAY,EAAA,WAAa,UAAA,GAAa,OAAA,CAAQ,UAAA;;ATvX7D;;;;ESoYe,eAAA,CAAA,GAAmB,OAAA,CAAQ,YAAA;;;;;;;;EAoDjC,gBAAA,CAAiB,MAAA,EAAQ,UAAA,GAAa,YAAA;AAAA;;;;;;;cClblC,wBAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;;;;;;WAOd,YAAA,mBAAY,iBAAA;;iBAPE,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AXVhC;;;cYwBa,kBAAA;;;;;;EAML,cAAA,CACJ,IAAA,EAAM,UAAA,EACN,IAAA,EAAM,gBAAA,eACL,OAAA;;;;;;;;;;;;;;;;;;;EAkCG,YAAA,CAAa,IAAA,EAAM,UAAA,GAAa,OAAA;AAAA;;;;;;;cCzD3B,cAAA;EAAA,mBACQ,GAAA;EAAA,mBACA,KAAA;EAAA,mBACA,WAAA,EAAW,WAAA;EAAA,mBACX,UAAA,EAAU,kBAAA;;;;;WAMb,SAAA,mBAAS,iBAAA;;gCANI,SAAA,CAAA,QAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAsBb,UAAA,mBAAU,iBAAA;;UAhBD,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;WAmCT,WAAA,mBAAW,iBAAA;;4BAnBD,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;WA4CV,UAAA,mBAAU,iBAAA;;YAzBC,QAAA,CAAA,KAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAmDX,UAAA,mBAAU,iBAAA;;UA1BA,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;;;;;;;EbvBH;;;;;;;;ACxDzB;;;EDwDyB,SagFP,UAAA,mBAAU,iBAAA;;UA/BA,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;WAwEV,gBAAA,mBAAgB,iBAAA;;UAzCN,SAAA,CAAA,OAAA;IAAA;;;;;;cCxIf,QAAA;EAAA,mBACQ,WAAA,EAAW,WAAA;EAAA,SAEd,UAAA,EAFc,mBAAA,CAEJ,kBAAA;AAAA;;;;YCiBhB,iBAAA;;;;IAIR,GAAA,GAAM,YAAA;;;;IAKN,IAAA;;;;IAKA,IAAA,GAAO,gBAAA;IfoBT;;;;;IebE,OAAA;EAAA;AAAA;;;;;;;;;;;;cAiBS,cAAA,EAAc,QAAA,CAAA,OAAA,CAUzB,QAAA,CAVyB,MAAA"}

package/dist/api/files/index.js CHANGED Viewed

@@ -227,9 +227,11 @@ var FileService = class {
 		});
 	}
 	/**
-	* Streams a file from storage by its database ID.
+	* Streams a file from storage by its database ID, or directly from an
+	* already-loaded `FileEntity` to avoid a duplicate DB roundtrip when the
+	* caller has already fetched the row (e.g. after an access check).
 	*
-	* @param id - The database ID (UUID) of the file to stream
+	* @param id - The database ID (UUID) of the file, or the entity itself
 	* @returns The file object ready for streaming/downloading
 	* @throws {NotFoundError} If the file doesn't exist in the database
 	* @throws {FileNotFoundError} If the file exists in database but not in storage
@@ -434,6 +436,27 @@ var FileAccessProvider = class {
 		if (file.creator && file.creator === user.id) return;
 		throw new ForbiddenError("File access denied");
 	}
+	/**
+	* Throws when `file` may not be served through the anonymous
+	* `/public/files/:id` route. The default is deny-all: nothing is public
+	* unless this method is overridden. Throws `NotFoundError` (not 403) so the
+	* endpoint doesn't leak the existence of private file ids.
+	*
+	* Typical override matches on bucket name:
+	*
+	* ```ts
+	* class MyAccess extends FileAccessProvider {
+	*   async assertPublic(file) {
+	*     if (file.bucket === "avatars") return;
+	*     if (file.bucket === "campaign-icons") return;
+	*     return super.assertPublic(file);
+	*   }
+	* }
+	* ```
+	*/
+	async assertPublic(file) {
+		throw new NotFoundError(`File '${file.id}' not found`);
+	}
 };
 //#endregion
 //#region ../../src/api/files/schemas/fileQuerySchema.ts
@@ -586,7 +609,40 @@ var FileController = class {
 		handler: async ({ params, user }) => {
 			const file = await this.fileService.getFileById(params.id);
 			await this.fileAccess.assertReadable(file, user);
-			return await this.fileService.streamFile(file.id);
+			return await this.fileService.streamFile(file);
+		}
+	});
+	/**
+	* GET /public/files/:id - Anonymous, edge-cacheable download.
+	*
+	* Authorization is delegated to `FileAccessProvider.assertPublic`. The
+	* default policy is deny-all (throws `NotFoundError`), so consuming apps
+	* must override the provider to opt files in — typically by bucket name
+	* (avatars, campaign icons, etc.).
+	*
+	* Cache-Control is `public, immutable, max-age=1y` so Cloudflare's edge
+	* cache and any intermediary proxy can serve subsequent hits without
+	* touching the Worker. The split URL prefix (vs `/files/:id`) is what
+	* makes this safe: edge cache is URL-keyed, so public and private files
+	* live in separate cache lanes.
+	*/
+	streamPublicFile = $action({
+		path: "/public/files/:id",
+		group: this.group,
+		description: "Download a public file (anonymous, edge-cacheable)",
+		use: [$etag({ control: {
+			public: true,
+			maxAge: [1, "year"],
+			immutable: true
+		} })],
+		schema: {
+			params: t.object({ id: t.uuid() }),
+			response: t.file()
+		},
+		handler: async ({ params }) => {
+			const file = await this.fileService.getFileById(params.id);
+			await this.fileAccess.assertPublic(file);
+			return await this.fileService.streamFile(file);
 		}
 	});
 };

package/dist/api/files/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","names":[],"sources":["../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/entities/files.ts","../../../src/api/files/services/FileService.ts","../../../src/api/files/controllers/AdminFileStatsController.ts","../../../src/api/files/providers/FileAccessProvider.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/controllers/FileController.ts","../../../src/api/files/jobs/FileJobs.ts","../../../src/api/files/index.ts"],"sourcesContent":["import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const bucketStatsSchema = t.object({\n bucket: t.string(),\n totalSize: t.number(),\n fileCount: t.number(),\n});\n\nexport const mimeTypeStatsSchema = t.object({\n mimeType: t.string(),\n fileCount: t.number(),\n});\n\nexport const storageStatsSchema = t.object({\n totalSize: t.number(),\n totalFiles: t.number(),\n byBucket: t.array(bucketStatsSchema),\n byMimeType: t.array(mimeTypeStatsSchema),\n});\n\nexport type BucketStats = Static<typeof bucketStatsSchema>;\nexport type MimeTypeStats = Static<typeof mimeTypeStatsSchema>;\nexport type StorageStats = Static<typeof storageStatsSchema>;\n","import { type Static, t } from \"alepha\";\nimport { $entity, db } from \"alepha/orm\";\n\nexport const files = $entity({\n name: \"files\",\n schema: t.object({\n id: db.primaryKey(t.uuid()),\n version: db.version(),\n createdAt: db.createdAt(),\n updatedAt: db.updatedAt(),\n organizationId: db.organization(),\n blobId: t.text(),\n creator: t.optional(t.uuid()),\n creatorRealm: t.optional(t.string()),\n creatorName: t.optional(t.string()),\n bucket: t.text(),\n expirationDate: t.optional(t.datetime()),\n /*\n Display name. Mutable via `FileService.updateFile` — can be renamed\n * by callers (e.g. an Archive UI letting users rename uploaded blobs).\n * Initialized to the uploader's filename at upload time. Use\n * `originalName` if you need the as-uploaded filename after a rename.\n /\n name: t.text(),\n /\n Immutable record of the uploader's filename at upload time. Set once\n * by `FileService.uploadFile` and the `bucket:file:uploaded` hook;\n * `FileService.updateFile` never touches it. Useful for download\n * headers (Content-Disposition), audit trails, and any UI that wants\n * to show \"originally uploaded as X\" alongside a renamed file.\n /\n originalName: t.optional(t.string()),\n size: t.number(),\n mimeType: t.string(),\n /\n Free-form taxonomy. Normalized server-side (trim/lowercase/dedupe is\n * caller's responsibility for now). Use with `FileQuery.tags` to\n * filter via array-contains.\n /\n tags: t.optional(t.array(t.text())),\n /\n SHA-256 hex digest of the file content (64 lowercase hex chars).\n * Computed at upload time by `FileService.calculateChecksum`. Stable\n * — never recomputed after upload. Use for integrity verification,\n * content-based dedup, or downstream virus-scan correlation.\n /\n checksum: t.optional(t.string()),\n }),\n indexes: [\n \"expirationDate\",\n \"bucket\",\n \"creator\",\n \"createdAt\",\n \"mimeType\",\n {\n columns: [\"bucket\", \"createdAt\"],\n },\n ],\n});\n\nexport type FileEntity = Static<typeof files.schema>;\n","import { createHash } from \"node:crypto\";\nimport { $hook, $inject, Alepha, type FileLike } from \"alepha\";\nimport {\n $bucket,\n type BucketPrimitive,\n FileNotFoundError,\n} from \"alepha/bucket\";\nimport {\n type DateTime,\n DateTimeProvider,\n type DurationLike,\n} from \"alepha/datetime\";\nimport { $logger } from \"alepha/logger\";\nimport { $repository, type Page } from \"alepha/orm\";\nimport type { UserAccountToken } from \"alepha/security\";\nimport type { Ok } from \"alepha/server\";\nimport { NotFoundError } from \"alepha/server\";\nimport { type FileEntity, files } from \"../entities/files.ts\";\nimport type { FileQuery } from \"../schemas/fileQuerySchema.ts\";\nimport type { FileResource } from \"../schemas/fileResourceSchema.ts\";\nimport type { StorageStats } from \"../schemas/storageStatsSchema.ts\";\n\nexport class FileService {\n protected readonly alepha = $inject(Alepha);\n protected readonly log = $logger();\n protected readonly dateTimeProvider = $inject(DateTimeProvider);\n protected readonly defaultBucket = $bucket({ name: \"default\" });\n public readonly fileRepository = $repository(files);\n\n protected onUploadFile = $hook({\n on: \"bucket:file:uploaded\",\n handler: async ({ file, bucket, options, id }) => {\n if (options.persist === false) {\n return;\n }\n\n const checksum = await this.calculateChecksum(file);\n\n await this.fileRepository.create({\n blobId: id,\n mimeType: file.type,\n name: file.name,\n originalName: file.name,\n size: file.size,\n creator: options.user?.id,\n creatorRealm: options.user?.realm,\n expirationDate: this.getExpirationDate(options.ttl),\n bucket: bucket.name,\n checksum,\n });\n },\n });\n\n protected onDeleteBucketFile = $hook({\n on: \"bucket:file:deleted\",\n handler: async ({ bucket, id }) => {\n await this.fileRepository.deleteMany({\n blobId: { eq: id },\n bucket: { eq: bucket.name },\n });\n },\n });\n\n // -------------------------------------------------------------------------------------------------------------------\n\n /\n Calculates SHA-256 checksum of a file.\n \n @param file - The file to calculate checksum for\n * @returns Hexadecimal string representation of the SHA-256 hash\n * @protected\n /\n protected async calculateChecksum(file: FileLike): Promise<string> {\n const buffer = await file.arrayBuffer();\n const hash = createHash(\"sha256\");\n hash.update(Buffer.from(buffer));\n return hash.digest(\"hex\");\n }\n\n /\n Gets a bucket primitive by name.\n \n @param bucketName - The name of the bucket to retrieve (defaults to \"default\")\n * @returns The bucket primitive\n * @throws {NotFoundError} If the bucket is not found\n /\n public bucket(bucketName: string = this.defaultBucket.name): BucketPrimitive {\n const bucket = this.alepha\n .primitives($bucket)\n .find((it) => it.name === bucketName);\n\n if (!bucket) {\n throw new NotFoundError(`Bucket '${bucketName}' not found.`);\n }\n\n return bucket;\n }\n\n // -------------------------------------------------------------------------------------------------------------------\n\n /\n Finds files matching the given query criteria with pagination support.\n * Supports filtering by bucket, tags, name, mimeType, creator, and date range.\n \n @param q - Query parameters including bucket, tags, name, mimeType, creator, date range, pagination, and sorting\n * @returns Paginated list of file entities\n /\n public async findFiles(q: FileQuery = {}): Promise<Page<FileEntity>> {\n q.sort ??= \"-createdAt\";\n\n const where = this.fileRepository.createQueryWhere();\n\n if (q.bucket) {\n where.bucket = { eq: q.bucket };\n }\n\n if (q.tags) {\n where.tags = { arrayContains: q.tags };\n }\n\n if (q.name) {\n where.name = { ilike: `%${q.name}%` };\n }\n\n if (q.mimeType) {\n where.mimeType = { eq: q.mimeType };\n }\n\n if (q.creator) {\n where.creator = { eq: q.creator };\n }\n\n if (q.createdAfter && q.createdBefore) {\n where.createdAt = {\n gte: q.createdAfter,\n lte: q.createdBefore,\n };\n } else if (q.createdAfter) {\n where.createdAt = { gte: q.createdAfter };\n } else if (q.createdBefore) {\n where.createdAt = { lte: q.createdBefore };\n }\n\n return await this.fileRepository\n .paginate(q, { where }, { count: true })\n .then((page) => {\n return {\n ...page,\n content: page.content.map((it) => this.entityToResource(it)),\n };\n });\n }\n\n /\n Finds files that have expired based on their expiration date.\n * Limited to 1000 files per call to prevent memory issues.\n \n @returns Array of expired file entities\n /\n public async findExpiredFiles(): Promise<FileEntity[]> {\n return await this.fileRepository.findMany({\n limit: 1000,\n where: {\n expirationDate: { lte: this.dateTimeProvider.nowISOString() },\n },\n });\n }\n\n /\n Calculates an expiration date based on a TTL (time to live) duration.\n \n @param ttl - Duration like \"1 day\", \"2 hours\", etc.\n * @returns DateTime representation of the expiration date, or undefined if no TTL provided\n * @protected\n /\n protected getExpirationDate(ttl?: DurationLike): string \| undefined {\n return ttl\n ? this.dateTimeProvider\n .now()\n .add(this.dateTimeProvider.duration(ttl))\n .toISOString()\n : undefined;\n }\n\n /\n Uploads a file to a bucket and creates a database record with metadata.\n * Automatically calculates and stores the file checksum (SHA-256).\n \n @param file - The file to upload\n * @param options - Upload options including bucket, expiration, user, and tags\n * @param options.bucket - Target bucket name (defaults to \"default\")\n * @param options.expirationDate - When the file should expire\n * @param options.user - User performing the upload (for audit trail)\n * @param options.tags - Tags to associate with the file\n * @returns The created file entity with all metadata\n * @throws {NotFoundError} If the specified bucket doesn't exist\n /\n public async uploadFile(\n file: FileLike,\n options: {\n expirationDate?: string \| DateTime;\n bucket?: string;\n user?: UserAccountToken;\n tags?: string[];\n } = {},\n ): Promise<FileEntity> {\n const bucket = this.bucket(options.bucket);\n\n const checksum = await this.calculateChecksum(file);\n const blobId = await bucket.upload(file, { persist: false });\n\n let expirationDate: string \| undefined;\n if (options.expirationDate) {\n expirationDate = this.dateTimeProvider\n .of(options.expirationDate)\n .toISOString();\n } else if (bucket.options.ttl) {\n expirationDate = this.getExpirationDate(bucket.options.ttl);\n }\n\n return await this.fileRepository.create({\n blobId: blobId,\n mimeType: file.type,\n name: file.name,\n originalName: file.name,\n size: file.size,\n creator: options.user?.id,\n creatorRealm: options.user?.realm,\n creatorName: options.user?.name,\n expirationDate,\n bucket: bucket.name,\n tags: options.tags,\n checksum,\n });\n }\n\n /\n Streams a file from storage by its database ID.\n \n @param id - The database ID (UUID) of the file to stream\n * @returns The file object ready for streaming/downloading\n * @throws {NotFoundError} If the file doesn't exist in the database\n * @throws {FileNotFoundError} If the file exists in database but not in storage\n /\n public async streamFile(id: string): Promise<FileLike> {\n const entity = await this.getFileById(id);\n const bucket = this.bucket(entity.bucket);\n\n return await bucket.download(entity.blobId);\n }\n\n /\n Updates file metadata (name, tags, expiration date).\n * Does not modify the actual file content in storage.\n \n @param id - The database ID (UUID) of the file to update\n * @param data - Partial file data to update\n * @param data.name - New file name\n * @param data.tags - New tags array\n * @param data.expirationDate - New expiration date\n * @returns The updated file entity\n * @throws {NotFoundError} If the file doesn't exist in the database\n /\n public async updateFile(\n id: string,\n data: {\n name?: string;\n tags?: string[];\n expirationDate?: DateTime \| string;\n },\n ): Promise<FileEntity> {\n const file = await this.getFileById(id);\n\n const updateData: Partial<FileEntity> = {};\n\n if (data.name !== undefined) {\n updateData.name = data.name;\n }\n\n if (data.tags !== undefined) {\n updateData.tags = data.tags;\n }\n\n if (data.expirationDate !== undefined) {\n updateData.expirationDate = this.dateTimeProvider\n .of(data.expirationDate)\n .toISOString();\n }\n\n return await this.fileRepository.updateById(file.id, updateData);\n }\n\n /\n Deletes a file from both storage and database.\n * Handles cases where file is already deleted from storage gracefully.\n * Always ensures database record is removed even if storage deletion fails.\n \n @param id - The database ID (UUID) of the file to delete\n * @returns Success response with the deleted file ID\n * @throws {NotFoundError} If the file doesn't exist in the database\n /\n public async deleteFile(id: string): Promise<Ok> {\n const file = await this.getFileById(id);\n const bucket = this.bucket(file.bucket);\n\n // Always delete the database record\n await this.fileRepository.deleteById(file.id);\n\n try {\n await bucket.delete(file.blobId, true);\n } catch (e) {\n if (e instanceof FileNotFoundError) {\n // File is already deleted in the bucket, this is okay\n this.log.debug(\n `File ${file.blobId} not found in bucket ${bucket.name}, cleaning up database record`,\n );\n } else {\n // Other errors (permission, network, etc.) - log but continue to clean up database\n this.log.warn(\n `Failed to delete file ${file.blobId} from bucket ${bucket.name}`,\n e,\n );\n }\n }\n\n return { ok: true, id: String(file.id) };\n }\n\n /\n Delete many files in one round-trip per bucket. The database rows are\n * removed in a single `deleteMany`, and each affected bucket gets a single\n * `bucket.deleteMany` call (R2/S3 batch where supported).\n /\n public async deleteFiles(ids: string[]): Promise<string[]> {\n if (ids.length === 0) return [];\n\n const files = await this.fileRepository.findMany({\n where: { id: { inArray: ids } },\n columns: [\"id\", \"bucket\", \"blobId\"],\n });\n if (files.length === 0) return [];\n\n const dbDeleted = await this.fileRepository.deleteMany({\n id: { inArray: files.map((f) => f.id) },\n });\n\n const blobsByBucket = new Map<string, string[]>();\n for (const f of files) {\n const list = blobsByBucket.get(f.bucket) ?? [];\n list.push(f.blobId);\n blobsByBucket.set(f.bucket, list);\n }\n\n for (const [bucketName, blobIds] of blobsByBucket) {\n try {\n await this.bucket(bucketName).deleteMany(blobIds, true);\n } catch (e) {\n // DB rows already gone — log and continue. Orphaned blobs are\n // recoverable; orphaned DB rows would be worse.\n this.log.warn(\n `Failed to bulk-delete ${blobIds.length} files from bucket ${bucketName}`,\n e,\n );\n }\n }\n\n return dbDeleted.map(String);\n }\n\n /\n Retrieves a file entity by its ID.\n * If already an entity object, returns it as-is (convenience method).\n \n @param id - Either a UUID string or an existing FileEntity object\n * @returns The file entity\n * @throws {NotFoundError} If the file doesn't exist in the database\n /\n public async getFileById(id: string \| FileEntity): Promise<FileEntity> {\n if (typeof id === \"object\") {\n return id;\n }\n\n return await this.fileRepository.getById(id);\n }\n\n /\n Gets storage statistics including total size, file count, and breakdowns by bucket and MIME type.\n \n @returns Storage statistics with aggregated data\n /\n public async getStorageStats(): Promise<StorageStats> {\n const allFiles = await this.fileRepository.findMany({});\n\n const totalSize = allFiles.reduce((sum, file) => sum + file.size, 0);\n const totalFiles = allFiles.length;\n\n // Group by bucket\n const bucketMap = new Map<\n string,\n { totalSize: number; fileCount: number }\n >();\n for (const file of allFiles) {\n const existing = bucketMap.get(file.bucket) \|\| {\n totalSize: 0,\n fileCount: 0,\n };\n existing.totalSize += file.size;\n existing.fileCount += 1;\n bucketMap.set(file.bucket, existing);\n }\n\n // Group by MIME type\n const mimeTypeMap = new Map<string, number>();\n for (const file of allFiles) {\n const existing = mimeTypeMap.get(file.mimeType) \|\| 0;\n mimeTypeMap.set(file.mimeType, existing + 1);\n }\n\n return {\n totalSize,\n totalFiles,\n byBucket: Array.from(bucketMap.entries()).map(([bucket, stats]) => ({\n bucket,\n totalSize: stats.totalSize,\n fileCount: stats.fileCount,\n })),\n byMimeType: Array.from(mimeTypeMap.entries()).map(\n ([mimeType, fileCount]) => ({\n mimeType,\n fileCount,\n }),\n ),\n };\n }\n\n /\n Converts a file entity to a file resource (API response format).\n * Currently a pass-through, but allows for future transformation logic.\n \n @param entity - The file entity to convert\n * @returns The file resource for API responses\n /\n public entityToResource(entity: FileEntity): FileResource {\n return entity;\n }\n}\n","import { $inject } from \"alepha\";\nimport { $secure } from \"alepha/security\";\nimport { $action } from \"alepha/server\";\nimport { storageStatsSchema } from \"../schemas/storageStatsSchema.ts\";\nimport { FileService } from \"../services/FileService.ts\";\n\n/\n REST API controller for storage analytics and statistics.\n * Provides endpoints for viewing storage usage metrics.\n /\nexport class AdminFileStatsController {\n protected readonly url = \"/files/stats\";\n protected readonly group = \"admin:files\";\n protected readonly fileService = $inject(FileService);\n\n /\n GET /files/stats - Gets storage statistics.\n * Returns aggregated data including total size, file count,\n * and breakdowns by bucket and MIME type.\n /\n public readonly getFileStats = $action({\n path: this.url,\n group: this.group,\n use: [$secure({ permissions: [\"admin:file:read\"] })],\n description: \"Get storage statistics\",\n schema: {\n response: storageStatsSchema,\n },\n handler: () => this.fileService.getStorageStats(),\n });\n}\n","import type { UserAccountToken } from \"alepha/security\";\nimport { ForbiddenError } from \"alepha/server\";\nimport type { FileEntity } from \"../entities/files.ts\";\n\n/\n Authorization policy for file reads served through `FileController.streamFile`.\n \n Default: the caller must be the uploader (`file.creator === user.id`). Any\n * other access path — public buckets, shared attachments, avatars — must be\n * opted in by overriding this provider in the consuming app:\n \n ```ts\n * class MyAccess extends FileAccessProvider {\n * async assertReadable(file, user) {\n * if (file.bucket === \"avatars\") return; // public\n * if (file.bucket === \"campaign-icons\") return this.checkCampaignVisible(file, user);\n * return super.assertReadable(file, user);\n * }\n * }\n * Alepha.create().with({ provide: FileAccessProvider, use: MyAccess });\n * ```\n \n Why this exists: prior to introducing this gate, `streamFile` only required\n * the framework-wide `file:read` permission. The default `user` role grants\n * ``, so every authenticated user could download any file by UUID — turning\n the 128-bit id into the sole security boundary across tenants.\n /\nexport class FileAccessProvider {\n /\n Throws `ForbiddenError` when `user` may not read `file`. Override to\n * implement bucket-aware or relationship-aware policies. The default\n * implementation is strict: only the uploader passes.\n /\n async assertReadable(\n file: FileEntity,\n user: UserAccountToken \| undefined,\n ): Promise<void> {\n if (!user) {\n throw new ForbiddenError(\"File access requires authentication\");\n }\n // Privileged identities (admin without narrow ownership scope) bypass\n // the per-file check — they need to be able to read any file via the\n // admin UI/inspector regardless of who uploaded it.\n if (user.ownership === false) {\n return;\n }\n if (file.creator && file.creator === user.id) {\n return;\n }\n throw new ForbiddenError(\"File access denied\");\n }\n}\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\nimport { pageQuerySchema } from \"alepha/orm\";\n\nexport const fileQuerySchema = t.extend(pageQuerySchema, {\n bucket: t.optional(t.string()),\n tags: t.optional(t.array(t.string())),\n name: t.optional(t.string()),\n mimeType: t.optional(t.string()),\n creator: t.optional(t.uuid()),\n createdAfter: t.optional(t.datetime()),\n createdBefore: t.optional(t.datetime()),\n});\n\nexport type FileQuery = Static<typeof fileQuerySchema>;\n","import { type Static, t } from \"alepha\";\nimport { files } from \"../entities/files.ts\";\n\nexport const fileResourceSchema = t.extend(\n files.schema,\n {},\n {\n title: \"FileResource\",\n description: \"A file resource representing a file stored in the system.\",\n },\n);\n\nexport type FileResource = Static<typeof fileResourceSchema>;\n","import { $inject, t } from \"alepha\";\nimport { $secure } from \"alepha/security\";\nimport { $action, okSchema } from \"alepha/server\";\nimport { $etag } from \"alepha/server/etag\";\nimport { FileAccessProvider } from \"../providers/FileAccessProvider.ts\";\nimport { fileQuerySchema } from \"../schemas/fileQuerySchema.ts\";\nimport { fileResourceSchema } from \"../schemas/fileResourceSchema.ts\";\nimport { FileService } from \"../services/FileService.ts\";\n\n/\n REST API controller for file management operations.\n * Provides endpoints for uploading, downloading, listing, and deleting files.\n /\nexport class FileController {\n protected readonly url = \"/files\";\n protected readonly group = \"files\";\n protected readonly fileService = $inject(FileService);\n protected readonly fileAccess = $inject(FileAccessProvider);\n\n /\n GET /files - Lists files with optional filtering and pagination.\n * Supports filtering by bucket and tags.\n /\n public readonly findFiles = $action({\n path: this.url,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:read\"] })],\n description: \"List files with filtering and pagination\",\n schema: {\n query: fileQuerySchema,\n response: t.page(fileResourceSchema),\n },\n handler: ({ query }) => this.fileService.findFiles(query),\n });\n\n /\n DELETE /files/:id - Deletes a file from both storage and database.\n * Removes the file from the bucket and cleans up the database record.\n /\n public readonly deleteFile = $action({\n method: \"DELETE\",\n path: `${this.url}/:id`,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:delete\"] })],\n description: \"Delete a file\",\n schema: {\n params: t.object({\n id: t.uuid(),\n }),\n response: okSchema,\n },\n handler: ({ params }) => this.fileService.deleteFile(params.id),\n });\n\n /\n POST /files/delete - Delete many files in one request, batching the\n * underlying bucket calls per bucket (R2/S3 batch where supported).\n /\n public readonly deleteFiles = $action({\n method: \"POST\",\n path: `${this.url}/delete`,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:delete\"] })],\n description: \"Delete many files\",\n schema: {\n body: t.object({\n ids: t.array(t.uuid(), { minItems: 1, maxItems: 1000 }),\n }),\n response: t.object({\n deleted: t.array(t.string()),\n }),\n },\n handler: async ({ body }) => {\n const deleted = await this.fileService.deleteFiles(body.ids);\n return { deleted };\n },\n });\n\n /\n POST /files - Uploads a new file to storage.\n * Creates a database record with metadata and calculates checksum.\n * Optionally specify bucket and expiration date.\n /\n public readonly uploadFile = $action({\n path: this.url,\n group: this.group,\n use: [$secure({ permissions: [\"file:create\"] })],\n description: \"Upload a new file\",\n schema: {\n body: t.object({\n file: t.file(),\n }),\n query: t.object({\n expirationDate: t.optional(t.datetime()),\n bucket: t.optional(t.string()),\n }),\n response: fileResourceSchema,\n },\n handler: async ({ body, user, query }) =>\n this.fileService.uploadFile(body.file, {\n user,\n ...query,\n }),\n });\n\n /\n PATCH /files/:id - Updates file metadata.\n * Allows updating name, tags, and expiration date without modifying file content.\n /\n public readonly updateFile = $action({\n method: \"PATCH\",\n path: `${this.url}/:id`,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:update\"] })],\n description: \"Update file metadata\",\n schema: {\n params: t.object({\n id: t.uuid(),\n }),\n body: t.object({\n name: t.optional(t.string()),\n tags: t.optional(t.array(t.string())),\n expirationDate: t.optional(t.datetime()),\n }),\n response: fileResourceSchema,\n },\n handler: ({ params, body }) => this.fileService.updateFile(params.id, body),\n });\n\n /\n GET /files/:id - Streams/downloads a file by its ID.\n * Returns the file content with appropriate Content-Type header.\n \n Authorization is delegated to `FileAccessProvider.assertReadable`. The\n * default policy is creator-only — override the provider via DI to widen\n * access (e.g. avatars, shared attachments). See `FileAccessProvider`.\n \n Cache-Control is `private` because the per-user authorization decision\n * cannot be cached by shared proxies/CDNs. Client-side ETag still works.\n /\n public readonly streamFile = $action({\n path: `${this.url}/:id`,\n group: this.group,\n description: \"Download a file\",\n use: [\n $secure({ permissions: [\"file:read\"] }),\n $etag({\n control: {\n private: true,\n maxAge: [1, \"year\"],\n immutable: true,\n },\n }),\n ],\n schema: {\n params: t.object({\n id: t.uuid(),\n }),\n response: t.file(),\n },\n handler: async ({ params, user }) => {\n const file = await this.fileService.getFileById(params.id);\n await this.fileAccess.assertReadable(file, user);\n return await this.fileService.streamFile(file.id);\n },\n });\n}\n","import { $inject } from \"alepha\";\nimport { $scheduler } from \"alepha/scheduler\";\nimport { FileService } from \"../services/FileService.ts\";\n\nexport class FileJobs {\n protected readonly fileService = $inject(FileService);\n\n public readonly purgeFiles = $scheduler({\n name: \"api:files:purgeFiles\",\n description: \"Purge files that are marked for deletion\",\n cron: \"0 * * \", // Hourly at minute 0\n handler: async () => {\n const files = await this.fileService.findExpiredFiles();\n\n await Promise.all(\n files.map((file) => this.fileService.deleteFile(file.id)),\n );\n },\n });\n}\n","import { $module } from \"alepha\";\nimport { AlephaBucket } from \"alepha/bucket\";\nimport type { DurationLike } from \"alepha/datetime\";\nimport type { UserAccountToken } from \"alepha/security\";\nimport { AlephaServerEtag } from \"alepha/server/etag\";\nimport { AdminFileStatsController } from \"./controllers/AdminFileStatsController.ts\";\nimport { FileController } from \"./controllers/FileController.ts\";\nimport { FileJobs } from \"./jobs/FileJobs.ts\";\nimport { FileAccessProvider } from \"./providers/FileAccessProvider.ts\";\nimport { FileService } from \"./services/FileService.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport from \"./controllers/AdminFileStatsController.ts\";\nexport * from \"./controllers/FileController.ts\";\nexport * from \"./entities/files.ts\";\nexport * from \"./jobs/FileJobs.ts\";\nexport * from \"./providers/FileAccessProvider.ts\";\nexport * from \"./schemas/storageStatsSchema.ts\";\nexport * from \"./services/FileService.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\ndeclare module \"alepha/bucket\" {\n interface BucketFileOptions {\n /*\n Time to live for the files in the bucket.\n /\n ttl?: DurationLike;\n\n /\n Tags for the bucket.\n /\n tags?: string[];\n\n /\n User performing the operation.\n /\n user?: UserAccountToken;\n\n /\n Whether to persist the file metadata in the database.\n \n @default true\n /\n persist?: boolean;\n }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\n/\n File management endpoints.\n \n Features:\n * - Upload/download endpoints\n * - File metadata storage\n * - TTL-based expiration\n * - Storage statistics\n \n @module alepha.api.files\n */\nexport const AlephaApiFiles = $module({\n name: \"alepha.api.files\",\n services: [\n FileController,\n AdminFileStatsController,\n FileJobs,\n FileService,\n FileAccessProvider,\n ],\n imports: [AlephaBucket, AlephaServerEtag],\n});\n"],"mappings":";;;;;;;;;;;AAGA,MAAa,oBAAoB,EAAE,OAAO;CACxC,QAAQ,EAAE,QAAQ;CAClB,WAAW,EAAE,QAAQ;CACrB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,sBAAsB,EAAE,OAAO;CAC1C,UAAU,EAAE,QAAQ;CACpB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,qBAAqB,EAAE,OAAO;CACzC,WAAW,EAAE,QAAQ;CACrB,YAAY,EAAE,QAAQ;CACtB,UAAU,EAAE,MAAM,kBAAkB;CACpC,YAAY,EAAE,MAAM,oBAAoB;CACzC,CAAC;;;AChBF,MAAa,QAAQ,QAAQ;CAC3B,MAAM;CACN,QAAQ,EAAE,OAAO;EACf,IAAI,GAAG,WAAW,EAAE,MAAM,CAAC;EAC3B,SAAS,GAAG,SAAS;EACrB,WAAW,GAAG,WAAW;EACzB,WAAW,GAAG,WAAW;EACzB,gBAAgB,GAAG,cAAc;EACjC,QAAQ,EAAE,MAAM;EAChB,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;EAC7B,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;EACpC,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;EACnC,QAAQ,EAAE,MAAM;EAChB,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;;;;;;;EAOxC,MAAM,EAAE,MAAM;;;;;;;;EAQd,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;EACpC,MAAM,EAAE,QAAQ;EAChB,UAAU,EAAE,QAAQ;;;;;;EAMpB,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;;;;;;;EAOnC,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;EACjC,CAAC;CACF,SAAS;EACP;EACA;EACA;EACA;EACA;EACA,EACE,SAAS,CAAC,UAAU,YAAY,EACjC;EACF;CACF,CAAC;;;ACpCF,IAAa,cAAb,MAAyB;CACvB,SAA4B,QAAQ,OAAO;CAC3C,MAAyB,SAAS;CAClC,mBAAsC,QAAQ,iBAAiB;CAC/D,gBAAmC,QAAQ,EAAE,MAAM,WAAW,CAAC;CAC/D,iBAAiC,YAAY,MAAM;CAEnD,eAAyB,MAAM;EAC7B,IAAI;EACJ,SAAS,OAAO,EAAE,MAAM,QAAQ,SAAS,SAAS;GAChD,IAAI,QAAQ,YAAY,OACtB;GAGF,MAAM,WAAW,MAAM,KAAK,kBAAkB,KAAK;GAEnD,MAAM,KAAK,eAAe,OAAO;IAC/B,QAAQ;IACR,UAAU,KAAK;IACf,MAAM,KAAK;IACX,cAAc,KAAK;IACnB,MAAM,KAAK;IACX,SAAS,QAAQ,MAAM;IACvB,cAAc,QAAQ,MAAM;IAC5B,gBAAgB,KAAK,kBAAkB,QAAQ,IAAI;IACnD,QAAQ,OAAO;IACf;IACD,CAAC;;EAEL,CAAC;CAEF,qBAA+B,MAAM;EACnC,IAAI;EACJ,SAAS,OAAO,EAAE,QAAQ,SAAS;GACjC,MAAM,KAAK,eAAe,WAAW;IACnC,QAAQ,EAAE,IAAI,IAAI;IAClB,QAAQ,EAAE,IAAI,OAAO,MAAM;IAC5B,CAAC;;EAEL,CAAC;;;;;;;;CAWF,MAAgB,kBAAkB,MAAiC;EACjE,MAAM,SAAS,MAAM,KAAK,aAAa;EACvC,MAAM,OAAO,WAAW,SAAS;EACjC,KAAK,OAAO,OAAO,KAAK,OAAO,CAAC;EAChC,OAAO,KAAK,OAAO,MAAM;;;;;;;;;CAU3B,OAAc,aAAqB,KAAK,cAAc,MAAuB;EAC3E,MAAM,SAAS,KAAK,OACjB,WAAW,QAAQ,CACnB,MAAM,OAAO,GAAG,SAAS,WAAW;EAEvC,IAAI,CAAC,QACH,MAAM,IAAI,cAAc,WAAW,WAAW,cAAc;EAG9D,OAAO;;;;;;;;;CAYT,MAAa,UAAU,IAAe,EAAE,EAA6B;EACnE,EAAE,SAAS;EAEX,MAAM,QAAQ,KAAK,eAAe,kBAAkB;EAEpD,IAAI,EAAE,QACJ,MAAM,SAAS,EAAE,IAAI,EAAE,QAAQ;EAGjC,IAAI,EAAE,MACJ,MAAM,OAAO,EAAE,eAAe,EAAE,MAAM;EAGxC,IAAI,EAAE,MACJ,MAAM,OAAO,EAAE,OAAO,IAAI,EAAE,KAAK,IAAI;EAGvC,IAAI,EAAE,UACJ,MAAM,WAAW,EAAE,IAAI,EAAE,UAAU;EAGrC,IAAI,EAAE,SACJ,MAAM,UAAU,EAAE,IAAI,EAAE,SAAS;EAGnC,IAAI,EAAE,gBAAgB,EAAE,eACtB,MAAM,YAAY;GAChB,KAAK,EAAE;GACP,KAAK,EAAE;GACR;OACI,IAAI,EAAE,cACX,MAAM,YAAY,EAAE,KAAK,EAAE,cAAc;OACpC,IAAI,EAAE,eACX,MAAM,YAAY,EAAE,KAAK,EAAE,eAAe;EAG5C,OAAO,MAAM,KAAK,eACf,SAAS,GAAG,EAAE,OAAO,EAAE,EAAE,OAAO,MAAM,CAAC,CACvC,MAAM,SAAS;GACd,OAAO;IACL,GAAG;IACH,SAAS,KAAK,QAAQ,KAAK,OAAO,KAAK,iBAAiB,GAAG,CAAC;IAC7D;IACD;;;;;;;;CASN,MAAa,mBAA0C;EACrD,OAAO,MAAM,KAAK,eAAe,SAAS;GACxC,OAAO;GACP,OAAO,EACL,gBAAgB,EAAE,KAAK,KAAK,iBAAiB,cAAc,EAAE,EAC9D;GACF,CAAC;;;;;;;;;CAUJ,kBAA4B,KAAwC;EAClE,OAAO,MACH,KAAK,iBACF,KAAK,CACL,IAAI,KAAK,iBAAiB,SAAS,IAAI,CAAC,CACxC,aAAa,GAChB,KAAA;;;;;;;;;;;;;;;CAgBN,MAAa,WACX,MACA,UAKI,EAAE,EACe;EACrB,MAAM,SAAS,KAAK,OAAO,QAAQ,OAAO;EAE1C,MAAM,WAAW,MAAM,KAAK,kBAAkB,KAAK;EACnD,MAAM,SAAS,MAAM,OAAO,OAAO,MAAM,EAAE,SAAS,OAAO,CAAC;EAE5D,IAAI;EACJ,IAAI,QAAQ,gBACV,iBAAiB,KAAK,iBACnB,GAAG,QAAQ,eAAe,CAC1B,aAAa;OACX,IAAI,OAAO,QAAQ,KACxB,iBAAiB,KAAK,kBAAkB,OAAO,QAAQ,IAAI;EAG7D,OAAO,MAAM,KAAK,eAAe,OAAO;GAC9B;GACR,UAAU,KAAK;GACf,MAAM,KAAK;GACX,cAAc,KAAK;GACnB,MAAM,KAAK;GACX,SAAS,QAAQ,MAAM;GACvB,cAAc,QAAQ,MAAM;GAC5B,aAAa,QAAQ,MAAM;GAC3B;GACA,QAAQ,OAAO;GACf,MAAM,QAAQ;GACd;GACD,CAAC;;;;;;;;;;CAWJ,MAAa,WAAW,IAA+B;EACrD,MAAM,SAAS,MAAM,KAAK,YAAY,GAAG;EAGzC,OAAO,MAFQ,KAAK,OAAO,OAAO,OAEf,CAAC,SAAS,OAAO,OAAO;;;;;;;;;;;;;;CAe7C,MAAa,WACX,IACA,MAKqB;EACrB,MAAM,OAAO,MAAM,KAAK,YAAY,GAAG;EAEvC,MAAM,aAAkC,EAAE;EAE1C,IAAI,KAAK,SAAS,KAAA,GAChB,WAAW,OAAO,KAAK;EAGzB,IAAI,KAAK,SAAS,KAAA,GAChB,WAAW,OAAO,KAAK;EAGzB,IAAI,KAAK,mBAAmB,KAAA,GAC1B,WAAW,iBAAiB,KAAK,iBAC9B,GAAG,KAAK,eAAe,CACvB,aAAa;EAGlB,OAAO,MAAM,KAAK,eAAe,WAAW,KAAK,IAAI,WAAW;;;;;;;;;;;CAYlE,MAAa,WAAW,IAAyB;EAC/C,MAAM,OAAO,MAAM,KAAK,YAAY,GAAG;EACvC,MAAM,SAAS,KAAK,OAAO,KAAK,OAAO;EAGvC,MAAM,KAAK,eAAe,WAAW,KAAK,GAAG;EAE7C,IAAI;GACF,MAAM,OAAO,OAAO,KAAK,QAAQ,KAAK;WAC/B,GAAG;GACV,IAAI,aAAa,mBAEf,KAAK,IAAI,MACP,QAAQ,KAAK,OAAO,uBAAuB,OAAO,KAAK,+BACxD;QAGD,KAAK,IAAI,KACP,yBAAyB,KAAK,OAAO,eAAe,OAAO,QAC3D,EACD;;EAIL,OAAO;GAAE,IAAI;GAAM,IAAI,OAAO,KAAK,GAAG;GAAE;;;;;;;CAQ1C,MAAa,YAAY,KAAkC;EACzD,IAAI,IAAI,WAAW,GAAG,OAAO,EAAE;EAE/B,MAAM,QAAQ,MAAM,KAAK,eAAe,SAAS;GAC/C,OAAO,EAAE,IAAI,EAAE,SAAS,KAAK,EAAE;GAC/B,SAAS;IAAC;IAAM;IAAU;IAAS;GACpC,CAAC;EACF,IAAI,MAAM,WAAW,GAAG,OAAO,EAAE;EAEjC,MAAM,YAAY,MAAM,KAAK,eAAe,WAAW,EACrD,IAAI,EAAE,SAAS,MAAM,KAAK,MAAM,EAAE,GAAG,EAAE,EACxC,CAAC;EAEF,MAAM,gCAAgB,IAAI,KAAuB;EACjD,KAAK,MAAM,KAAK,OAAO;GACrB,MAAM,OAAO,cAAc,IAAI,EAAE,OAAO,IAAI,EAAE;GAC9C,KAAK,KAAK,EAAE,OAAO;GACnB,cAAc,IAAI,EAAE,QAAQ,KAAK;;EAGnC,KAAK,MAAM,CAAC,YAAY,YAAY,eAClC,IAAI;GACF,MAAM,KAAK,OAAO,WAAW,CAAC,WAAW,SAAS,KAAK;WAChD,GAAG;GAGV,KAAK,IAAI,KACP,yBAAyB,QAAQ,OAAO,qBAAqB,cAC7D,EACD;;EAIL,OAAO,UAAU,IAAI,OAAO;;;;;;;;;;CAW9B,MAAa,YAAY,IAA8C;EACrE,IAAI,OAAO,OAAO,UAChB,OAAO;EAGT,OAAO,MAAM,KAAK,eAAe,QAAQ,GAAG;;;;;;;CAQ9C,MAAa,kBAAyC;EACpD,MAAM,WAAW,MAAM,KAAK,eAAe,SAAS,EAAE,CAAC;EAEvD,MAAM,YAAY,SAAS,QAAQ,KAAK,SAAS,MAAM,KAAK,MAAM,EAAE;EACpE,MAAM,aAAa,SAAS;EAG5B,MAAM,4BAAY,IAAI,KAGnB;EACH,KAAK,MAAM,QAAQ,UAAU;GAC3B,MAAM,WAAW,UAAU,IAAI,KAAK,OAAO,IAAI;IAC7C,WAAW;IACX,WAAW;IACZ;GACD,SAAS,aAAa,KAAK;GAC3B,SAAS,aAAa;GACtB,UAAU,IAAI,KAAK,QAAQ,SAAS;;EAItC,MAAM,8BAAc,IAAI,KAAqB;EAC7C,KAAK,MAAM,QAAQ,UAAU;GAC3B,MAAM,WAAW,YAAY,IAAI,KAAK,SAAS,IAAI;GACnD,YAAY,IAAI,KAAK,UAAU,WAAW,EAAE;;EAG9C,OAAO;GACL;GACA;GACA,UAAU,MAAM,KAAK,UAAU,SAAS,CAAC,CAAC,KAAK,CAAC,QAAQ,YAAY;IAClE;IACA,WAAW,MAAM;IACjB,WAAW,MAAM;IAClB,EAAE;GACH,YAAY,MAAM,KAAK,YAAY,SAAS,CAAC,CAAC,KAC3C,CAAC,UAAU,gBAAgB;IAC1B;IACA;IACD,EACF;GACF;;;;;;;;;CAUH,iBAAwB,QAAkC;EACxD,OAAO;;;;;;;;;ACjbX,IAAa,2BAAb,MAAsC;CACpC,MAAyB;CACzB,QAA2B;CAC3B,cAAiC,QAAQ,YAAY;;;;;;CAOrD,eAA+B,QAAQ;EACrC,MAAM,KAAK;EACX,OAAO,KAAK;EACZ,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,kBAAkB,EAAE,CAAC,CAAC;EACpD,aAAa;EACb,QAAQ,EACN,UAAU,oBACX;EACD,eAAe,KAAK,YAAY,iBAAiB;EAClD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;ACFJ,IAAa,qBAAb,MAAgC;;;;;;CAM9B,MAAM,eACJ,MACA,MACe;EACf,IAAI,CAAC,MACH,MAAM,IAAI,eAAe,sCAAsC;EAKjE,IAAI,KAAK,cAAc,OACrB;EAEF,IAAI,KAAK,WAAW,KAAK,YAAY,KAAK,IACxC;EAEF,MAAM,IAAI,eAAe,qBAAqB;;;;;AC7ClD,MAAa,kBAAkB,EAAE,OAAO,iBAAiB;CACvD,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC9B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrC,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;CAChC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;CAC7B,cAAc,EAAE,SAAS,EAAE,UAAU,CAAC;CACtC,eAAe,EAAE,SAAS,EAAE,UAAU,CAAC;CACxC,CAAC;;;ACTF,MAAa,qBAAqB,EAAE,OAClC,MAAM,QACN,EAAE,EACF;CACE,OAAO;CACP,aAAa;CACd,CACF;;;;;;;ACGD,IAAa,iBAAb,MAA4B;CAC1B,MAAyB;CACzB,QAA2B;CAC3B,cAAiC,QAAQ,YAAY;CACrD,aAAgC,QAAQ,mBAAmB;;;;;CAM3D,YAA4B,QAAQ;EAClC,MAAM,KAAK;EACX,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,kBAAkB,EAAE,CAAC,CAAC;EACpD,aAAa;EACb,QAAQ;GACN,OAAO;GACP,UAAU,EAAE,KAAK,mBAAmB;GACrC;EACD,UAAU,EAAE,YAAY,KAAK,YAAY,UAAU,MAAM;EAC1D,CAAC;;;;;CAMF,aAA6B,QAAQ;EACnC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,EAAE,CAAC,CAAC;EACtD,aAAa;EACb,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,UAAU;GACX;EACD,UAAU,EAAE,aAAa,KAAK,YAAY,WAAW,OAAO,GAAG;EAChE,CAAC;;;;;CAMF,cAA8B,QAAQ;EACpC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,EAAE,CAAC,CAAC;EACtD,aAAa;EACb,QAAQ;GACN,MAAM,EAAE,OAAO,EACb,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE;IAAE,UAAU;IAAG,UAAU;IAAM,CAAC,EACxD,CAAC;GACF,UAAU,EAAE,OAAO,EACjB,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,EAC7B,CAAC;GACH;EACD,SAAS,OAAO,EAAE,WAAW;GAE3B,OAAO,EAAE,SAAA,MADa,KAAK,YAAY,YAAY,KAAK,IAAI,EAC1C;;EAErB,CAAC;;;;;;CAOF,aAA6B,QAAQ;EACnC,MAAM,KAAK;EACX,OAAO,KAAK;EACZ,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,cAAc,EAAE,CAAC,CAAC;EAChD,aAAa;EACb,QAAQ;GACN,MAAM,EAAE,OAAO,EACb,MAAM,EAAE,MAAM,EACf,CAAC;GACF,OAAO,EAAE,OAAO;IACd,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;IACxC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;IAC/B,CAAC;GACF,UAAU;GACX;EACD,SAAS,OAAO,EAAE,MAAM,MAAM,YAC5B,KAAK,YAAY,WAAW,KAAK,MAAM;GACrC;GACA,GAAG;GACJ,CAAC;EACL,CAAC;;;;;CAMF,aAA6B,QAAQ;EACnC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,EAAE,CAAC,CAAC;EACtD,aAAa;EACb,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,MAAM,EAAE,OAAO;IACb,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;IAC5B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IACrC,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;IACzC,CAAC;GACF,UAAU;GACX;EACD,UAAU,EAAE,QAAQ,WAAW,KAAK,YAAY,WAAW,OAAO,IAAI,KAAK;EAC5E,CAAC;;;;;;;;;;;;CAaF,aAA6B,QAAQ;EACnC,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,KAAK;EACZ,aAAa;EACb,KAAK,CACH,QAAQ,EAAE,aAAa,CAAC,YAAY,EAAE,CAAC,EACvC,MAAM,EACJ,SAAS;GACP,SAAS;GACT,QAAQ,CAAC,GAAG,OAAO;GACnB,WAAW;GACZ,EACF,CAAC,CACH;EACD,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,UAAU,EAAE,MAAM;GACnB;EACD,SAAS,OAAO,EAAE,QAAQ,WAAW;GACnC,MAAM,OAAO,MAAM,KAAK,YAAY,YAAY,OAAO,GAAG;GAC1D,MAAM,KAAK,WAAW,eAAe,MAAM,KAAK;GAChD,OAAO,MAAM,KAAK,YAAY,WAAW,KAAK,GAAG;;EAEpD,CAAC;;;;ACjKJ,IAAa,WAAb,MAAsB;CACpB,cAAiC,QAAQ,YAAY;CAErD,aAA6B,WAAW;EACtC,MAAM;EACN,aAAa;EACb,MAAM;EACN,SAAS,YAAY;GACnB,MAAM,QAAQ,MAAM,KAAK,YAAY,kBAAkB;GAEvD,MAAM,QAAQ,IACZ,MAAM,KAAK,SAAS,KAAK,YAAY,WAAW,KAAK,GAAG,CAAC,CAC1D;;EAEJ,CAAC;;;;;;;;;;;;;;;AC4CJ,MAAa,iBAAiB,QAAQ;CACpC,MAAM;CACN,UAAU;EACR;EACA;EACA;EACA;EACA;EACD;CACD,SAAS,CAAC,cAAc,iBAAiB;CAC1C,CAAC"}
1	+ {"version":3,"file":"index.js","names":[],"sources":["../../../src/api/files/schemas/storageStatsSchema.ts","../../../src/api/files/entities/files.ts","../../../src/api/files/services/FileService.ts","../../../src/api/files/controllers/AdminFileStatsController.ts","../../../src/api/files/providers/FileAccessProvider.ts","../../../src/api/files/schemas/fileQuerySchema.ts","../../../src/api/files/schemas/fileResourceSchema.ts","../../../src/api/files/controllers/FileController.ts","../../../src/api/files/jobs/FileJobs.ts","../../../src/api/files/index.ts"],"sourcesContent":["import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const bucketStatsSchema = t.object({\n bucket: t.string(),\n totalSize: t.number(),\n fileCount: t.number(),\n});\n\nexport const mimeTypeStatsSchema = t.object({\n mimeType: t.string(),\n fileCount: t.number(),\n});\n\nexport const storageStatsSchema = t.object({\n totalSize: t.number(),\n totalFiles: t.number(),\n byBucket: t.array(bucketStatsSchema),\n byMimeType: t.array(mimeTypeStatsSchema),\n});\n\nexport type BucketStats = Static<typeof bucketStatsSchema>;\nexport type MimeTypeStats = Static<typeof mimeTypeStatsSchema>;\nexport type StorageStats = Static<typeof storageStatsSchema>;\n","import { type Static, t } from \"alepha\";\nimport { $entity, db } from \"alepha/orm\";\n\nexport const files = $entity({\n name: \"files\",\n schema: t.object({\n id: db.primaryKey(t.uuid()),\n version: db.version(),\n createdAt: db.createdAt(),\n updatedAt: db.updatedAt(),\n organizationId: db.organization(),\n blobId: t.text(),\n creator: t.optional(t.uuid()),\n creatorRealm: t.optional(t.string()),\n creatorName: t.optional(t.string()),\n bucket: t.text(),\n expirationDate: t.optional(t.datetime()),\n /*\n Display name. Mutable via `FileService.updateFile` — can be renamed\n * by callers (e.g. an Archive UI letting users rename uploaded blobs).\n * Initialized to the uploader's filename at upload time. Use\n * `originalName` if you need the as-uploaded filename after a rename.\n /\n name: t.text(),\n /\n Immutable record of the uploader's filename at upload time. Set once\n * by `FileService.uploadFile` and the `bucket:file:uploaded` hook;\n * `FileService.updateFile` never touches it. Useful for download\n * headers (Content-Disposition), audit trails, and any UI that wants\n * to show \"originally uploaded as X\" alongside a renamed file.\n /\n originalName: t.optional(t.string()),\n size: t.number(),\n mimeType: t.string(),\n /\n Free-form taxonomy. Normalized server-side (trim/lowercase/dedupe is\n * caller's responsibility for now). Use with `FileQuery.tags` to\n * filter via array-contains.\n /\n tags: t.optional(t.array(t.text())),\n /\n SHA-256 hex digest of the file content (64 lowercase hex chars).\n * Computed at upload time by `FileService.calculateChecksum`. Stable\n * — never recomputed after upload. Use for integrity verification,\n * content-based dedup, or downstream virus-scan correlation.\n /\n checksum: t.optional(t.string()),\n }),\n indexes: [\n \"expirationDate\",\n \"bucket\",\n \"creator\",\n \"createdAt\",\n \"mimeType\",\n {\n columns: [\"bucket\", \"createdAt\"],\n },\n ],\n});\n\nexport type FileEntity = Static<typeof files.schema>;\n","import { createHash } from \"node:crypto\";\nimport { $hook, $inject, Alepha, type FileLike } from \"alepha\";\nimport {\n $bucket,\n type BucketPrimitive,\n FileNotFoundError,\n} from \"alepha/bucket\";\nimport {\n type DateTime,\n DateTimeProvider,\n type DurationLike,\n} from \"alepha/datetime\";\nimport { $logger } from \"alepha/logger\";\nimport { $repository, type Page } from \"alepha/orm\";\nimport type { UserAccountToken } from \"alepha/security\";\nimport type { Ok } from \"alepha/server\";\nimport { NotFoundError } from \"alepha/server\";\nimport { type FileEntity, files } from \"../entities/files.ts\";\nimport type { FileQuery } from \"../schemas/fileQuerySchema.ts\";\nimport type { FileResource } from \"../schemas/fileResourceSchema.ts\";\nimport type { StorageStats } from \"../schemas/storageStatsSchema.ts\";\n\nexport class FileService {\n protected readonly alepha = $inject(Alepha);\n protected readonly log = $logger();\n protected readonly dateTimeProvider = $inject(DateTimeProvider);\n protected readonly defaultBucket = $bucket({ name: \"default\" });\n public readonly fileRepository = $repository(files);\n\n protected onUploadFile = $hook({\n on: \"bucket:file:uploaded\",\n handler: async ({ file, bucket, options, id }) => {\n if (options.persist === false) {\n return;\n }\n\n const checksum = await this.calculateChecksum(file);\n\n await this.fileRepository.create({\n blobId: id,\n mimeType: file.type,\n name: file.name,\n originalName: file.name,\n size: file.size,\n creator: options.user?.id,\n creatorRealm: options.user?.realm,\n expirationDate: this.getExpirationDate(options.ttl),\n bucket: bucket.name,\n checksum,\n });\n },\n });\n\n protected onDeleteBucketFile = $hook({\n on: \"bucket:file:deleted\",\n handler: async ({ bucket, id }) => {\n await this.fileRepository.deleteMany({\n blobId: { eq: id },\n bucket: { eq: bucket.name },\n });\n },\n });\n\n // -------------------------------------------------------------------------------------------------------------------\n\n /\n Calculates SHA-256 checksum of a file.\n \n @param file - The file to calculate checksum for\n * @returns Hexadecimal string representation of the SHA-256 hash\n * @protected\n /\n protected async calculateChecksum(file: FileLike): Promise<string> {\n const buffer = await file.arrayBuffer();\n const hash = createHash(\"sha256\");\n hash.update(Buffer.from(buffer));\n return hash.digest(\"hex\");\n }\n\n /\n Gets a bucket primitive by name.\n \n @param bucketName - The name of the bucket to retrieve (defaults to \"default\")\n * @returns The bucket primitive\n * @throws {NotFoundError} If the bucket is not found\n /\n public bucket(bucketName: string = this.defaultBucket.name): BucketPrimitive {\n const bucket = this.alepha\n .primitives($bucket)\n .find((it) => it.name === bucketName);\n\n if (!bucket) {\n throw new NotFoundError(`Bucket '${bucketName}' not found.`);\n }\n\n return bucket;\n }\n\n // -------------------------------------------------------------------------------------------------------------------\n\n /\n Finds files matching the given query criteria with pagination support.\n * Supports filtering by bucket, tags, name, mimeType, creator, and date range.\n \n @param q - Query parameters including bucket, tags, name, mimeType, creator, date range, pagination, and sorting\n * @returns Paginated list of file entities\n /\n public async findFiles(q: FileQuery = {}): Promise<Page<FileEntity>> {\n q.sort ??= \"-createdAt\";\n\n const where = this.fileRepository.createQueryWhere();\n\n if (q.bucket) {\n where.bucket = { eq: q.bucket };\n }\n\n if (q.tags) {\n where.tags = { arrayContains: q.tags };\n }\n\n if (q.name) {\n where.name = { ilike: `%${q.name}%` };\n }\n\n if (q.mimeType) {\n where.mimeType = { eq: q.mimeType };\n }\n\n if (q.creator) {\n where.creator = { eq: q.creator };\n }\n\n if (q.createdAfter && q.createdBefore) {\n where.createdAt = {\n gte: q.createdAfter,\n lte: q.createdBefore,\n };\n } else if (q.createdAfter) {\n where.createdAt = { gte: q.createdAfter };\n } else if (q.createdBefore) {\n where.createdAt = { lte: q.createdBefore };\n }\n\n return await this.fileRepository\n .paginate(q, { where }, { count: true })\n .then((page) => {\n return {\n ...page,\n content: page.content.map((it) => this.entityToResource(it)),\n };\n });\n }\n\n /\n Finds files that have expired based on their expiration date.\n * Limited to 1000 files per call to prevent memory issues.\n \n @returns Array of expired file entities\n /\n public async findExpiredFiles(): Promise<FileEntity[]> {\n return await this.fileRepository.findMany({\n limit: 1000,\n where: {\n expirationDate: { lte: this.dateTimeProvider.nowISOString() },\n },\n });\n }\n\n /\n Calculates an expiration date based on a TTL (time to live) duration.\n \n @param ttl - Duration like \"1 day\", \"2 hours\", etc.\n * @returns DateTime representation of the expiration date, or undefined if no TTL provided\n * @protected\n /\n protected getExpirationDate(ttl?: DurationLike): string \| undefined {\n return ttl\n ? this.dateTimeProvider\n .now()\n .add(this.dateTimeProvider.duration(ttl))\n .toISOString()\n : undefined;\n }\n\n /\n Uploads a file to a bucket and creates a database record with metadata.\n * Automatically calculates and stores the file checksum (SHA-256).\n \n @param file - The file to upload\n * @param options - Upload options including bucket, expiration, user, and tags\n * @param options.bucket - Target bucket name (defaults to \"default\")\n * @param options.expirationDate - When the file should expire\n * @param options.user - User performing the upload (for audit trail)\n * @param options.tags - Tags to associate with the file\n * @returns The created file entity with all metadata\n * @throws {NotFoundError} If the specified bucket doesn't exist\n /\n public async uploadFile(\n file: FileLike,\n options: {\n expirationDate?: string \| DateTime;\n bucket?: string;\n user?: UserAccountToken;\n tags?: string[];\n } = {},\n ): Promise<FileEntity> {\n const bucket = this.bucket(options.bucket);\n\n const checksum = await this.calculateChecksum(file);\n const blobId = await bucket.upload(file, { persist: false });\n\n let expirationDate: string \| undefined;\n if (options.expirationDate) {\n expirationDate = this.dateTimeProvider\n .of(options.expirationDate)\n .toISOString();\n } else if (bucket.options.ttl) {\n expirationDate = this.getExpirationDate(bucket.options.ttl);\n }\n\n return await this.fileRepository.create({\n blobId: blobId,\n mimeType: file.type,\n name: file.name,\n originalName: file.name,\n size: file.size,\n creator: options.user?.id,\n creatorRealm: options.user?.realm,\n creatorName: options.user?.name,\n expirationDate,\n bucket: bucket.name,\n tags: options.tags,\n checksum,\n });\n }\n\n /\n Streams a file from storage by its database ID, or directly from an\n * already-loaded `FileEntity` to avoid a duplicate DB roundtrip when the\n * caller has already fetched the row (e.g. after an access check).\n \n @param id - The database ID (UUID) of the file, or the entity itself\n * @returns The file object ready for streaming/downloading\n * @throws {NotFoundError} If the file doesn't exist in the database\n * @throws {FileNotFoundError} If the file exists in database but not in storage\n /\n public async streamFile(id: string \| FileEntity): Promise<FileLike> {\n const entity = await this.getFileById(id);\n const bucket = this.bucket(entity.bucket);\n\n return await bucket.download(entity.blobId);\n }\n\n /\n Updates file metadata (name, tags, expiration date).\n * Does not modify the actual file content in storage.\n \n @param id - The database ID (UUID) of the file to update\n * @param data - Partial file data to update\n * @param data.name - New file name\n * @param data.tags - New tags array\n * @param data.expirationDate - New expiration date\n * @returns The updated file entity\n * @throws {NotFoundError} If the file doesn't exist in the database\n /\n public async updateFile(\n id: string,\n data: {\n name?: string;\n tags?: string[];\n expirationDate?: DateTime \| string;\n },\n ): Promise<FileEntity> {\n const file = await this.getFileById(id);\n\n const updateData: Partial<FileEntity> = {};\n\n if (data.name !== undefined) {\n updateData.name = data.name;\n }\n\n if (data.tags !== undefined) {\n updateData.tags = data.tags;\n }\n\n if (data.expirationDate !== undefined) {\n updateData.expirationDate = this.dateTimeProvider\n .of(data.expirationDate)\n .toISOString();\n }\n\n return await this.fileRepository.updateById(file.id, updateData);\n }\n\n /\n Deletes a file from both storage and database.\n * Handles cases where file is already deleted from storage gracefully.\n * Always ensures database record is removed even if storage deletion fails.\n \n @param id - The database ID (UUID) of the file to delete\n * @returns Success response with the deleted file ID\n * @throws {NotFoundError} If the file doesn't exist in the database\n /\n public async deleteFile(id: string): Promise<Ok> {\n const file = await this.getFileById(id);\n const bucket = this.bucket(file.bucket);\n\n // Always delete the database record\n await this.fileRepository.deleteById(file.id);\n\n try {\n await bucket.delete(file.blobId, true);\n } catch (e) {\n if (e instanceof FileNotFoundError) {\n // File is already deleted in the bucket, this is okay\n this.log.debug(\n `File ${file.blobId} not found in bucket ${bucket.name}, cleaning up database record`,\n );\n } else {\n // Other errors (permission, network, etc.) - log but continue to clean up database\n this.log.warn(\n `Failed to delete file ${file.blobId} from bucket ${bucket.name}`,\n e,\n );\n }\n }\n\n return { ok: true, id: String(file.id) };\n }\n\n /\n Delete many files in one round-trip per bucket. The database rows are\n * removed in a single `deleteMany`, and each affected bucket gets a single\n * `bucket.deleteMany` call (R2/S3 batch where supported).\n /\n public async deleteFiles(ids: string[]): Promise<string[]> {\n if (ids.length === 0) return [];\n\n const files = await this.fileRepository.findMany({\n where: { id: { inArray: ids } },\n columns: [\"id\", \"bucket\", \"blobId\"],\n });\n if (files.length === 0) return [];\n\n const dbDeleted = await this.fileRepository.deleteMany({\n id: { inArray: files.map((f) => f.id) },\n });\n\n const blobsByBucket = new Map<string, string[]>();\n for (const f of files) {\n const list = blobsByBucket.get(f.bucket) ?? [];\n list.push(f.blobId);\n blobsByBucket.set(f.bucket, list);\n }\n\n for (const [bucketName, blobIds] of blobsByBucket) {\n try {\n await this.bucket(bucketName).deleteMany(blobIds, true);\n } catch (e) {\n // DB rows already gone — log and continue. Orphaned blobs are\n // recoverable; orphaned DB rows would be worse.\n this.log.warn(\n `Failed to bulk-delete ${blobIds.length} files from bucket ${bucketName}`,\n e,\n );\n }\n }\n\n return dbDeleted.map(String);\n }\n\n /\n Retrieves a file entity by its ID.\n * If already an entity object, returns it as-is (convenience method).\n \n @param id - Either a UUID string or an existing FileEntity object\n * @returns The file entity\n * @throws {NotFoundError} If the file doesn't exist in the database\n /\n public async getFileById(id: string \| FileEntity): Promise<FileEntity> {\n if (typeof id === \"object\") {\n return id;\n }\n\n return await this.fileRepository.getById(id);\n }\n\n /\n Gets storage statistics including total size, file count, and breakdowns by bucket and MIME type.\n \n @returns Storage statistics with aggregated data\n /\n public async getStorageStats(): Promise<StorageStats> {\n const allFiles = await this.fileRepository.findMany({});\n\n const totalSize = allFiles.reduce((sum, file) => sum + file.size, 0);\n const totalFiles = allFiles.length;\n\n // Group by bucket\n const bucketMap = new Map<\n string,\n { totalSize: number; fileCount: number }\n >();\n for (const file of allFiles) {\n const existing = bucketMap.get(file.bucket) \|\| {\n totalSize: 0,\n fileCount: 0,\n };\n existing.totalSize += file.size;\n existing.fileCount += 1;\n bucketMap.set(file.bucket, existing);\n }\n\n // Group by MIME type\n const mimeTypeMap = new Map<string, number>();\n for (const file of allFiles) {\n const existing = mimeTypeMap.get(file.mimeType) \|\| 0;\n mimeTypeMap.set(file.mimeType, existing + 1);\n }\n\n return {\n totalSize,\n totalFiles,\n byBucket: Array.from(bucketMap.entries()).map(([bucket, stats]) => ({\n bucket,\n totalSize: stats.totalSize,\n fileCount: stats.fileCount,\n })),\n byMimeType: Array.from(mimeTypeMap.entries()).map(\n ([mimeType, fileCount]) => ({\n mimeType,\n fileCount,\n }),\n ),\n };\n }\n\n /\n Converts a file entity to a file resource (API response format).\n * Currently a pass-through, but allows for future transformation logic.\n \n @param entity - The file entity to convert\n * @returns The file resource for API responses\n /\n public entityToResource(entity: FileEntity): FileResource {\n return entity;\n }\n}\n","import { $inject } from \"alepha\";\nimport { $secure } from \"alepha/security\";\nimport { $action } from \"alepha/server\";\nimport { storageStatsSchema } from \"../schemas/storageStatsSchema.ts\";\nimport { FileService } from \"../services/FileService.ts\";\n\n/\n REST API controller for storage analytics and statistics.\n * Provides endpoints for viewing storage usage metrics.\n /\nexport class AdminFileStatsController {\n protected readonly url = \"/files/stats\";\n protected readonly group = \"admin:files\";\n protected readonly fileService = $inject(FileService);\n\n /\n GET /files/stats - Gets storage statistics.\n * Returns aggregated data including total size, file count,\n * and breakdowns by bucket and MIME type.\n /\n public readonly getFileStats = $action({\n path: this.url,\n group: this.group,\n use: [$secure({ permissions: [\"admin:file:read\"] })],\n description: \"Get storage statistics\",\n schema: {\n response: storageStatsSchema,\n },\n handler: () => this.fileService.getStorageStats(),\n });\n}\n","import type { UserAccountToken } from \"alepha/security\";\nimport { ForbiddenError, NotFoundError } from \"alepha/server\";\nimport type { FileEntity } from \"../entities/files.ts\";\n\n/\n Authorization policy for file reads served through `FileController.streamFile`.\n \n Default: the caller must be the uploader (`file.creator === user.id`). Any\n * other access path — public buckets, shared attachments, avatars — must be\n * opted in by overriding this provider in the consuming app:\n \n ```ts\n * class MyAccess extends FileAccessProvider {\n * async assertReadable(file, user) {\n * if (file.bucket === \"avatars\") return; // public\n * if (file.bucket === \"campaign-icons\") return this.checkCampaignVisible(file, user);\n * return super.assertReadable(file, user);\n * }\n * }\n * Alepha.create().with({ provide: FileAccessProvider, use: MyAccess });\n * ```\n \n Why this exists: prior to introducing this gate, `streamFile` only required\n * the framework-wide `file:read` permission. The default `user` role grants\n * ``, so every authenticated user could download any file by UUID — turning\n the 128-bit id into the sole security boundary across tenants.\n /\nexport class FileAccessProvider {\n /\n Throws `ForbiddenError` when `user` may not read `file`. Override to\n * implement bucket-aware or relationship-aware policies. The default\n * implementation is strict: only the uploader passes.\n /\n async assertReadable(\n file: FileEntity,\n user: UserAccountToken \| undefined,\n ): Promise<void> {\n if (!user) {\n throw new ForbiddenError(\"File access requires authentication\");\n }\n // Privileged identities (admin without narrow ownership scope) bypass\n // the per-file check — they need to be able to read any file via the\n // admin UI/inspector regardless of who uploaded it.\n if (user.ownership === false) {\n return;\n }\n if (file.creator && file.creator === user.id) {\n return;\n }\n throw new ForbiddenError(\"File access denied\");\n }\n\n /\n Throws when `file` may not be served through the anonymous\n * `/public/files/:id` route. The default is deny-all: nothing is public\n * unless this method is overridden. Throws `NotFoundError` (not 403) so the\n * endpoint doesn't leak the existence of private file ids.\n \n Typical override matches on bucket name:\n \n ```ts\n * class MyAccess extends FileAccessProvider {\n * async assertPublic(file) {\n * if (file.bucket === \"avatars\") return;\n * if (file.bucket === \"campaign-icons\") return;\n * return super.assertPublic(file);\n * }\n * }\n * ```\n /\n async assertPublic(file: FileEntity): Promise<void> {\n throw new NotFoundError(`File '${file.id}' not found`);\n }\n}\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\nimport { pageQuerySchema } from \"alepha/orm\";\n\nexport const fileQuerySchema = t.extend(pageQuerySchema, {\n bucket: t.optional(t.string()),\n tags: t.optional(t.array(t.string())),\n name: t.optional(t.string()),\n mimeType: t.optional(t.string()),\n creator: t.optional(t.uuid()),\n createdAfter: t.optional(t.datetime()),\n createdBefore: t.optional(t.datetime()),\n});\n\nexport type FileQuery = Static<typeof fileQuerySchema>;\n","import { type Static, t } from \"alepha\";\nimport { files } from \"../entities/files.ts\";\n\nexport const fileResourceSchema = t.extend(\n files.schema,\n {},\n {\n title: \"FileResource\",\n description: \"A file resource representing a file stored in the system.\",\n },\n);\n\nexport type FileResource = Static<typeof fileResourceSchema>;\n","import { $inject, t } from \"alepha\";\nimport { $secure } from \"alepha/security\";\nimport { $action, okSchema } from \"alepha/server\";\nimport { $etag } from \"alepha/server/etag\";\nimport { FileAccessProvider } from \"../providers/FileAccessProvider.ts\";\nimport { fileQuerySchema } from \"../schemas/fileQuerySchema.ts\";\nimport { fileResourceSchema } from \"../schemas/fileResourceSchema.ts\";\nimport { FileService } from \"../services/FileService.ts\";\n\n/\n REST API controller for file management operations.\n * Provides endpoints for uploading, downloading, listing, and deleting files.\n /\nexport class FileController {\n protected readonly url = \"/files\";\n protected readonly group = \"files\";\n protected readonly fileService = $inject(FileService);\n protected readonly fileAccess = $inject(FileAccessProvider);\n\n /\n GET /files - Lists files with optional filtering and pagination.\n * Supports filtering by bucket and tags.\n /\n public readonly findFiles = $action({\n path: this.url,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:read\"] })],\n description: \"List files with filtering and pagination\",\n schema: {\n query: fileQuerySchema,\n response: t.page(fileResourceSchema),\n },\n handler: ({ query }) => this.fileService.findFiles(query),\n });\n\n /\n DELETE /files/:id - Deletes a file from both storage and database.\n * Removes the file from the bucket and cleans up the database record.\n /\n public readonly deleteFile = $action({\n method: \"DELETE\",\n path: `${this.url}/:id`,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:delete\"] })],\n description: \"Delete a file\",\n schema: {\n params: t.object({\n id: t.uuid(),\n }),\n response: okSchema,\n },\n handler: ({ params }) => this.fileService.deleteFile(params.id),\n });\n\n /\n POST /files/delete - Delete many files in one request, batching the\n * underlying bucket calls per bucket (R2/S3 batch where supported).\n /\n public readonly deleteFiles = $action({\n method: \"POST\",\n path: `${this.url}/delete`,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:delete\"] })],\n description: \"Delete many files\",\n schema: {\n body: t.object({\n ids: t.array(t.uuid(), { minItems: 1, maxItems: 1000 }),\n }),\n response: t.object({\n deleted: t.array(t.string()),\n }),\n },\n handler: async ({ body }) => {\n const deleted = await this.fileService.deleteFiles(body.ids);\n return { deleted };\n },\n });\n\n /\n POST /files - Uploads a new file to storage.\n * Creates a database record with metadata and calculates checksum.\n * Optionally specify bucket and expiration date.\n /\n public readonly uploadFile = $action({\n path: this.url,\n group: this.group,\n use: [$secure({ permissions: [\"file:create\"] })],\n description: \"Upload a new file\",\n schema: {\n body: t.object({\n file: t.file(),\n }),\n query: t.object({\n expirationDate: t.optional(t.datetime()),\n bucket: t.optional(t.string()),\n }),\n response: fileResourceSchema,\n },\n handler: async ({ body, user, query }) =>\n this.fileService.uploadFile(body.file, {\n user,\n ...query,\n }),\n });\n\n /\n PATCH /files/:id - Updates file metadata.\n * Allows updating name, tags, and expiration date without modifying file content.\n /\n public readonly updateFile = $action({\n method: \"PATCH\",\n path: `${this.url}/:id`,\n group: `admin:${this.group}`,\n use: [$secure({ permissions: [\"admin:file:update\"] })],\n description: \"Update file metadata\",\n schema: {\n params: t.object({\n id: t.uuid(),\n }),\n body: t.object({\n name: t.optional(t.string()),\n tags: t.optional(t.array(t.string())),\n expirationDate: t.optional(t.datetime()),\n }),\n response: fileResourceSchema,\n },\n handler: ({ params, body }) => this.fileService.updateFile(params.id, body),\n });\n\n /\n GET /files/:id - Streams/downloads a file by its ID.\n * Returns the file content with appropriate Content-Type header.\n \n Authorization is delegated to `FileAccessProvider.assertReadable`. The\n * default policy is creator-only — override the provider via DI to widen\n * access (e.g. avatars, shared attachments). See `FileAccessProvider`.\n \n Cache-Control is `private` because the per-user authorization decision\n * cannot be cached by shared proxies/CDNs. Client-side ETag still works.\n /\n public readonly streamFile = $action({\n path: `${this.url}/:id`,\n group: this.group,\n description: \"Download a file\",\n use: [\n $secure({ permissions: [\"file:read\"] }),\n $etag({\n control: {\n private: true,\n maxAge: [1, \"year\"],\n immutable: true,\n },\n }),\n ],\n schema: {\n params: t.object({\n id: t.uuid(),\n }),\n response: t.file(),\n },\n handler: async ({ params, user }) => {\n const file = await this.fileService.getFileById(params.id);\n await this.fileAccess.assertReadable(file, user);\n return await this.fileService.streamFile(file);\n },\n });\n\n /\n GET /public/files/:id - Anonymous, edge-cacheable download.\n \n Authorization is delegated to `FileAccessProvider.assertPublic`. The\n * default policy is deny-all (throws `NotFoundError`), so consuming apps\n * must override the provider to opt files in — typically by bucket name\n * (avatars, campaign icons, etc.).\n \n Cache-Control is `public, immutable, max-age=1y` so Cloudflare's edge\n * cache and any intermediary proxy can serve subsequent hits without\n * touching the Worker. The split URL prefix (vs `/files/:id`) is what\n * makes this safe: edge cache is URL-keyed, so public and private files\n * live in separate cache lanes.\n /\n public readonly streamPublicFile = $action({\n path: \"/public/files/:id\",\n group: this.group,\n description: \"Download a public file (anonymous, edge-cacheable)\",\n use: [\n $etag({\n control: {\n public: true,\n maxAge: [1, \"year\"],\n immutable: true,\n },\n }),\n ],\n schema: {\n params: t.object({\n id: t.uuid(),\n }),\n response: t.file(),\n },\n handler: async ({ params }) => {\n const file = await this.fileService.getFileById(params.id);\n await this.fileAccess.assertPublic(file);\n return await this.fileService.streamFile(file);\n },\n });\n}\n","import { $inject } from \"alepha\";\nimport { $scheduler } from \"alepha/scheduler\";\nimport { FileService } from \"../services/FileService.ts\";\n\nexport class FileJobs {\n protected readonly fileService = $inject(FileService);\n\n public readonly purgeFiles = $scheduler({\n name: \"api:files:purgeFiles\",\n description: \"Purge files that are marked for deletion\",\n cron: \"0 * * \", // Hourly at minute 0\n handler: async () => {\n const files = await this.fileService.findExpiredFiles();\n\n await Promise.all(\n files.map((file) => this.fileService.deleteFile(file.id)),\n );\n },\n });\n}\n","import { $module } from \"alepha\";\nimport { AlephaBucket } from \"alepha/bucket\";\nimport type { DurationLike } from \"alepha/datetime\";\nimport type { UserAccountToken } from \"alepha/security\";\nimport { AlephaServerEtag } from \"alepha/server/etag\";\nimport { AdminFileStatsController } from \"./controllers/AdminFileStatsController.ts\";\nimport { FileController } from \"./controllers/FileController.ts\";\nimport { FileJobs } from \"./jobs/FileJobs.ts\";\nimport { FileAccessProvider } from \"./providers/FileAccessProvider.ts\";\nimport { FileService } from \"./services/FileService.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport from \"./controllers/AdminFileStatsController.ts\";\nexport * from \"./controllers/FileController.ts\";\nexport * from \"./entities/files.ts\";\nexport * from \"./jobs/FileJobs.ts\";\nexport * from \"./providers/FileAccessProvider.ts\";\nexport * from \"./schemas/storageStatsSchema.ts\";\nexport * from \"./services/FileService.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\ndeclare module \"alepha/bucket\" {\n interface BucketFileOptions {\n /*\n Time to live for the files in the bucket.\n /\n ttl?: DurationLike;\n\n /\n Tags for the bucket.\n /\n tags?: string[];\n\n /\n User performing the operation.\n /\n user?: UserAccountToken;\n\n /\n Whether to persist the file metadata in the database.\n \n @default true\n /\n persist?: boolean;\n }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\n/\n File management endpoints.\n \n Features:\n * - Upload/download endpoints\n * - File metadata storage\n * - TTL-based expiration\n * - Storage statistics\n \n @module alepha.api.files\n */\nexport const AlephaApiFiles = $module({\n name: \"alepha.api.files\",\n services: [\n FileController,\n AdminFileStatsController,\n FileJobs,\n FileService,\n FileAccessProvider,\n ],\n imports: [AlephaBucket, AlephaServerEtag],\n});\n"],"mappings":";;;;;;;;;;;AAGA,MAAa,oBAAoB,EAAE,OAAO;CACxC,QAAQ,EAAE,QAAQ;CAClB,WAAW,EAAE,QAAQ;CACrB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,sBAAsB,EAAE,OAAO;CAC1C,UAAU,EAAE,QAAQ;CACpB,WAAW,EAAE,QAAQ;CACtB,CAAC;AAEF,MAAa,qBAAqB,EAAE,OAAO;CACzC,WAAW,EAAE,QAAQ;CACrB,YAAY,EAAE,QAAQ;CACtB,UAAU,EAAE,MAAM,kBAAkB;CACpC,YAAY,EAAE,MAAM,oBAAoB;CACzC,CAAC;;;AChBF,MAAa,QAAQ,QAAQ;CAC3B,MAAM;CACN,QAAQ,EAAE,OAAO;EACf,IAAI,GAAG,WAAW,EAAE,MAAM,CAAC;EAC3B,SAAS,GAAG,SAAS;EACrB,WAAW,GAAG,WAAW;EACzB,WAAW,GAAG,WAAW;EACzB,gBAAgB,GAAG,cAAc;EACjC,QAAQ,EAAE,MAAM;EAChB,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;EAC7B,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;EACpC,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC;EACnC,QAAQ,EAAE,MAAM;EAChB,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;;;;;;;EAOxC,MAAM,EAAE,MAAM;;;;;;;;EAQd,cAAc,EAAE,SAAS,EAAE,QAAQ,CAAC;EACpC,MAAM,EAAE,QAAQ;EAChB,UAAU,EAAE,QAAQ;;;;;;EAMpB,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;;;;;;;EAOnC,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;EACjC,CAAC;CACF,SAAS;EACP;EACA;EACA;EACA;EACA;EACA,EACE,SAAS,CAAC,UAAU,YAAY,EACjC;EACF;CACF,CAAC;;;ACpCF,IAAa,cAAb,MAAyB;CACvB,SAA4B,QAAQ,OAAO;CAC3C,MAAyB,SAAS;CAClC,mBAAsC,QAAQ,iBAAiB;CAC/D,gBAAmC,QAAQ,EAAE,MAAM,WAAW,CAAC;CAC/D,iBAAiC,YAAY,MAAM;CAEnD,eAAyB,MAAM;EAC7B,IAAI;EACJ,SAAS,OAAO,EAAE,MAAM,QAAQ,SAAS,SAAS;GAChD,IAAI,QAAQ,YAAY,OACtB;GAGF,MAAM,WAAW,MAAM,KAAK,kBAAkB,KAAK;GAEnD,MAAM,KAAK,eAAe,OAAO;IAC/B,QAAQ;IACR,UAAU,KAAK;IACf,MAAM,KAAK;IACX,cAAc,KAAK;IACnB,MAAM,KAAK;IACX,SAAS,QAAQ,MAAM;IACvB,cAAc,QAAQ,MAAM;IAC5B,gBAAgB,KAAK,kBAAkB,QAAQ,IAAI;IACnD,QAAQ,OAAO;IACf;IACD,CAAC;;EAEL,CAAC;CAEF,qBAA+B,MAAM;EACnC,IAAI;EACJ,SAAS,OAAO,EAAE,QAAQ,SAAS;GACjC,MAAM,KAAK,eAAe,WAAW;IACnC,QAAQ,EAAE,IAAI,IAAI;IAClB,QAAQ,EAAE,IAAI,OAAO,MAAM;IAC5B,CAAC;;EAEL,CAAC;;;;;;;;CAWF,MAAgB,kBAAkB,MAAiC;EACjE,MAAM,SAAS,MAAM,KAAK,aAAa;EACvC,MAAM,OAAO,WAAW,SAAS;EACjC,KAAK,OAAO,OAAO,KAAK,OAAO,CAAC;EAChC,OAAO,KAAK,OAAO,MAAM;;;;;;;;;CAU3B,OAAc,aAAqB,KAAK,cAAc,MAAuB;EAC3E,MAAM,SAAS,KAAK,OACjB,WAAW,QAAQ,CACnB,MAAM,OAAO,GAAG,SAAS,WAAW;EAEvC,IAAI,CAAC,QACH,MAAM,IAAI,cAAc,WAAW,WAAW,cAAc;EAG9D,OAAO;;;;;;;;;CAYT,MAAa,UAAU,IAAe,EAAE,EAA6B;EACnE,EAAE,SAAS;EAEX,MAAM,QAAQ,KAAK,eAAe,kBAAkB;EAEpD,IAAI,EAAE,QACJ,MAAM,SAAS,EAAE,IAAI,EAAE,QAAQ;EAGjC,IAAI,EAAE,MACJ,MAAM,OAAO,EAAE,eAAe,EAAE,MAAM;EAGxC,IAAI,EAAE,MACJ,MAAM,OAAO,EAAE,OAAO,IAAI,EAAE,KAAK,IAAI;EAGvC,IAAI,EAAE,UACJ,MAAM,WAAW,EAAE,IAAI,EAAE,UAAU;EAGrC,IAAI,EAAE,SACJ,MAAM,UAAU,EAAE,IAAI,EAAE,SAAS;EAGnC,IAAI,EAAE,gBAAgB,EAAE,eACtB,MAAM,YAAY;GAChB,KAAK,EAAE;GACP,KAAK,EAAE;GACR;OACI,IAAI,EAAE,cACX,MAAM,YAAY,EAAE,KAAK,EAAE,cAAc;OACpC,IAAI,EAAE,eACX,MAAM,YAAY,EAAE,KAAK,EAAE,eAAe;EAG5C,OAAO,MAAM,KAAK,eACf,SAAS,GAAG,EAAE,OAAO,EAAE,EAAE,OAAO,MAAM,CAAC,CACvC,MAAM,SAAS;GACd,OAAO;IACL,GAAG;IACH,SAAS,KAAK,QAAQ,KAAK,OAAO,KAAK,iBAAiB,GAAG,CAAC;IAC7D;IACD;;;;;;;;CASN,MAAa,mBAA0C;EACrD,OAAO,MAAM,KAAK,eAAe,SAAS;GACxC,OAAO;GACP,OAAO,EACL,gBAAgB,EAAE,KAAK,KAAK,iBAAiB,cAAc,EAAE,EAC9D;GACF,CAAC;;;;;;;;;CAUJ,kBAA4B,KAAwC;EAClE,OAAO,MACH,KAAK,iBACF,KAAK,CACL,IAAI,KAAK,iBAAiB,SAAS,IAAI,CAAC,CACxC,aAAa,GAChB,KAAA;;;;;;;;;;;;;;;CAgBN,MAAa,WACX,MACA,UAKI,EAAE,EACe;EACrB,MAAM,SAAS,KAAK,OAAO,QAAQ,OAAO;EAE1C,MAAM,WAAW,MAAM,KAAK,kBAAkB,KAAK;EACnD,MAAM,SAAS,MAAM,OAAO,OAAO,MAAM,EAAE,SAAS,OAAO,CAAC;EAE5D,IAAI;EACJ,IAAI,QAAQ,gBACV,iBAAiB,KAAK,iBACnB,GAAG,QAAQ,eAAe,CAC1B,aAAa;OACX,IAAI,OAAO,QAAQ,KACxB,iBAAiB,KAAK,kBAAkB,OAAO,QAAQ,IAAI;EAG7D,OAAO,MAAM,KAAK,eAAe,OAAO;GAC9B;GACR,UAAU,KAAK;GACf,MAAM,KAAK;GACX,cAAc,KAAK;GACnB,MAAM,KAAK;GACX,SAAS,QAAQ,MAAM;GACvB,cAAc,QAAQ,MAAM;GAC5B,aAAa,QAAQ,MAAM;GAC3B;GACA,QAAQ,OAAO;GACf,MAAM,QAAQ;GACd;GACD,CAAC;;;;;;;;;;;;CAaJ,MAAa,WAAW,IAA4C;EAClE,MAAM,SAAS,MAAM,KAAK,YAAY,GAAG;EAGzC,OAAO,MAFQ,KAAK,OAAO,OAAO,OAEf,CAAC,SAAS,OAAO,OAAO;;;;;;;;;;;;;;CAe7C,MAAa,WACX,IACA,MAKqB;EACrB,MAAM,OAAO,MAAM,KAAK,YAAY,GAAG;EAEvC,MAAM,aAAkC,EAAE;EAE1C,IAAI,KAAK,SAAS,KAAA,GAChB,WAAW,OAAO,KAAK;EAGzB,IAAI,KAAK,SAAS,KAAA,GAChB,WAAW,OAAO,KAAK;EAGzB,IAAI,KAAK,mBAAmB,KAAA,GAC1B,WAAW,iBAAiB,KAAK,iBAC9B,GAAG,KAAK,eAAe,CACvB,aAAa;EAGlB,OAAO,MAAM,KAAK,eAAe,WAAW,KAAK,IAAI,WAAW;;;;;;;;;;;CAYlE,MAAa,WAAW,IAAyB;EAC/C,MAAM,OAAO,MAAM,KAAK,YAAY,GAAG;EACvC,MAAM,SAAS,KAAK,OAAO,KAAK,OAAO;EAGvC,MAAM,KAAK,eAAe,WAAW,KAAK,GAAG;EAE7C,IAAI;GACF,MAAM,OAAO,OAAO,KAAK,QAAQ,KAAK;WAC/B,GAAG;GACV,IAAI,aAAa,mBAEf,KAAK,IAAI,MACP,QAAQ,KAAK,OAAO,uBAAuB,OAAO,KAAK,+BACxD;QAGD,KAAK,IAAI,KACP,yBAAyB,KAAK,OAAO,eAAe,OAAO,QAC3D,EACD;;EAIL,OAAO;GAAE,IAAI;GAAM,IAAI,OAAO,KAAK,GAAG;GAAE;;;;;;;CAQ1C,MAAa,YAAY,KAAkC;EACzD,IAAI,IAAI,WAAW,GAAG,OAAO,EAAE;EAE/B,MAAM,QAAQ,MAAM,KAAK,eAAe,SAAS;GAC/C,OAAO,EAAE,IAAI,EAAE,SAAS,KAAK,EAAE;GAC/B,SAAS;IAAC;IAAM;IAAU;IAAS;GACpC,CAAC;EACF,IAAI,MAAM,WAAW,GAAG,OAAO,EAAE;EAEjC,MAAM,YAAY,MAAM,KAAK,eAAe,WAAW,EACrD,IAAI,EAAE,SAAS,MAAM,KAAK,MAAM,EAAE,GAAG,EAAE,EACxC,CAAC;EAEF,MAAM,gCAAgB,IAAI,KAAuB;EACjD,KAAK,MAAM,KAAK,OAAO;GACrB,MAAM,OAAO,cAAc,IAAI,EAAE,OAAO,IAAI,EAAE;GAC9C,KAAK,KAAK,EAAE,OAAO;GACnB,cAAc,IAAI,EAAE,QAAQ,KAAK;;EAGnC,KAAK,MAAM,CAAC,YAAY,YAAY,eAClC,IAAI;GACF,MAAM,KAAK,OAAO,WAAW,CAAC,WAAW,SAAS,KAAK;WAChD,GAAG;GAGV,KAAK,IAAI,KACP,yBAAyB,QAAQ,OAAO,qBAAqB,cAC7D,EACD;;EAIL,OAAO,UAAU,IAAI,OAAO;;;;;;;;;;CAW9B,MAAa,YAAY,IAA8C;EACrE,IAAI,OAAO,OAAO,UAChB,OAAO;EAGT,OAAO,MAAM,KAAK,eAAe,QAAQ,GAAG;;;;;;;CAQ9C,MAAa,kBAAyC;EACpD,MAAM,WAAW,MAAM,KAAK,eAAe,SAAS,EAAE,CAAC;EAEvD,MAAM,YAAY,SAAS,QAAQ,KAAK,SAAS,MAAM,KAAK,MAAM,EAAE;EACpE,MAAM,aAAa,SAAS;EAG5B,MAAM,4BAAY,IAAI,KAGnB;EACH,KAAK,MAAM,QAAQ,UAAU;GAC3B,MAAM,WAAW,UAAU,IAAI,KAAK,OAAO,IAAI;IAC7C,WAAW;IACX,WAAW;IACZ;GACD,SAAS,aAAa,KAAK;GAC3B,SAAS,aAAa;GACtB,UAAU,IAAI,KAAK,QAAQ,SAAS;;EAItC,MAAM,8BAAc,IAAI,KAAqB;EAC7C,KAAK,MAAM,QAAQ,UAAU;GAC3B,MAAM,WAAW,YAAY,IAAI,KAAK,SAAS,IAAI;GACnD,YAAY,IAAI,KAAK,UAAU,WAAW,EAAE;;EAG9C,OAAO;GACL;GACA;GACA,UAAU,MAAM,KAAK,UAAU,SAAS,CAAC,CAAC,KAAK,CAAC,QAAQ,YAAY;IAClE;IACA,WAAW,MAAM;IACjB,WAAW,MAAM;IAClB,EAAE;GACH,YAAY,MAAM,KAAK,YAAY,SAAS,CAAC,CAAC,KAC3C,CAAC,UAAU,gBAAgB;IAC1B;IACA;IACD,EACF;GACF;;;;;;;;;CAUH,iBAAwB,QAAkC;EACxD,OAAO;;;;;;;;;ACnbX,IAAa,2BAAb,MAAsC;CACpC,MAAyB;CACzB,QAA2B;CAC3B,cAAiC,QAAQ,YAAY;;;;;;CAOrD,eAA+B,QAAQ;EACrC,MAAM,KAAK;EACX,OAAO,KAAK;EACZ,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,kBAAkB,EAAE,CAAC,CAAC;EACpD,aAAa;EACb,QAAQ,EACN,UAAU,oBACX;EACD,eAAe,KAAK,YAAY,iBAAiB;EAClD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;ACFJ,IAAa,qBAAb,MAAgC;;;;;;CAM9B,MAAM,eACJ,MACA,MACe;EACf,IAAI,CAAC,MACH,MAAM,IAAI,eAAe,sCAAsC;EAKjE,IAAI,KAAK,cAAc,OACrB;EAEF,IAAI,KAAK,WAAW,KAAK,YAAY,KAAK,IACxC;EAEF,MAAM,IAAI,eAAe,qBAAqB;;;;;;;;;;;;;;;;;;;;CAqBhD,MAAM,aAAa,MAAiC;EAClD,MAAM,IAAI,cAAc,SAAS,KAAK,GAAG,aAAa;;;;;ACnE1D,MAAa,kBAAkB,EAAE,OAAO,iBAAiB;CACvD,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC9B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrC,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;CAC5B,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;CAChC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC;CAC7B,cAAc,EAAE,SAAS,EAAE,UAAU,CAAC;CACtC,eAAe,EAAE,SAAS,EAAE,UAAU,CAAC;CACxC,CAAC;;;ACTF,MAAa,qBAAqB,EAAE,OAClC,MAAM,QACN,EAAE,EACF;CACE,OAAO;CACP,aAAa;CACd,CACF;;;;;;;ACGD,IAAa,iBAAb,MAA4B;CAC1B,MAAyB;CACzB,QAA2B;CAC3B,cAAiC,QAAQ,YAAY;CACrD,aAAgC,QAAQ,mBAAmB;;;;;CAM3D,YAA4B,QAAQ;EAClC,MAAM,KAAK;EACX,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,kBAAkB,EAAE,CAAC,CAAC;EACpD,aAAa;EACb,QAAQ;GACN,OAAO;GACP,UAAU,EAAE,KAAK,mBAAmB;GACrC;EACD,UAAU,EAAE,YAAY,KAAK,YAAY,UAAU,MAAM;EAC1D,CAAC;;;;;CAMF,aAA6B,QAAQ;EACnC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,EAAE,CAAC,CAAC;EACtD,aAAa;EACb,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,UAAU;GACX;EACD,UAAU,EAAE,aAAa,KAAK,YAAY,WAAW,OAAO,GAAG;EAChE,CAAC;;;;;CAMF,cAA8B,QAAQ;EACpC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,EAAE,CAAC,CAAC;EACtD,aAAa;EACb,QAAQ;GACN,MAAM,EAAE,OAAO,EACb,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE;IAAE,UAAU;IAAG,UAAU;IAAM,CAAC,EACxD,CAAC;GACF,UAAU,EAAE,OAAO,EACjB,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,EAC7B,CAAC;GACH;EACD,SAAS,OAAO,EAAE,WAAW;GAE3B,OAAO,EAAE,SAAA,MADa,KAAK,YAAY,YAAY,KAAK,IAAI,EAC1C;;EAErB,CAAC;;;;;;CAOF,aAA6B,QAAQ;EACnC,MAAM,KAAK;EACX,OAAO,KAAK;EACZ,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,cAAc,EAAE,CAAC,CAAC;EAChD,aAAa;EACb,QAAQ;GACN,MAAM,EAAE,OAAO,EACb,MAAM,EAAE,MAAM,EACf,CAAC;GACF,OAAO,EAAE,OAAO;IACd,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;IACxC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC;IAC/B,CAAC;GACF,UAAU;GACX;EACD,SAAS,OAAO,EAAE,MAAM,MAAM,YAC5B,KAAK,YAAY,WAAW,KAAK,MAAM;GACrC;GACA,GAAG;GACJ,CAAC;EACL,CAAC;;;;;CAMF,aAA6B,QAAQ;EACnC,QAAQ;EACR,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,SAAS,KAAK;EACrB,KAAK,CAAC,QAAQ,EAAE,aAAa,CAAC,oBAAoB,EAAE,CAAC,CAAC;EACtD,aAAa;EACb,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,MAAM,EAAE,OAAO;IACb,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC;IAC5B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IACrC,gBAAgB,EAAE,SAAS,EAAE,UAAU,CAAC;IACzC,CAAC;GACF,UAAU;GACX;EACD,UAAU,EAAE,QAAQ,WAAW,KAAK,YAAY,WAAW,OAAO,IAAI,KAAK;EAC5E,CAAC;;;;;;;;;;;;CAaF,aAA6B,QAAQ;EACnC,MAAM,GAAG,KAAK,IAAI;EAClB,OAAO,KAAK;EACZ,aAAa;EACb,KAAK,CACH,QAAQ,EAAE,aAAa,CAAC,YAAY,EAAE,CAAC,EACvC,MAAM,EACJ,SAAS;GACP,SAAS;GACT,QAAQ,CAAC,GAAG,OAAO;GACnB,WAAW;GACZ,EACF,CAAC,CACH;EACD,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,UAAU,EAAE,MAAM;GACnB;EACD,SAAS,OAAO,EAAE,QAAQ,WAAW;GACnC,MAAM,OAAO,MAAM,KAAK,YAAY,YAAY,OAAO,GAAG;GAC1D,MAAM,KAAK,WAAW,eAAe,MAAM,KAAK;GAChD,OAAO,MAAM,KAAK,YAAY,WAAW,KAAK;;EAEjD,CAAC;;;;;;;;;;;;;;;CAgBF,mBAAmC,QAAQ;EACzC,MAAM;EACN,OAAO,KAAK;EACZ,aAAa;EACb,KAAK,CACH,MAAM,EACJ,SAAS;GACP,QAAQ;GACR,QAAQ,CAAC,GAAG,OAAO;GACnB,WAAW;GACZ,EACF,CAAC,CACH;EACD,QAAQ;GACN,QAAQ,EAAE,OAAO,EACf,IAAI,EAAE,MAAM,EACb,CAAC;GACF,UAAU,EAAE,MAAM;GACnB;EACD,SAAS,OAAO,EAAE,aAAa;GAC7B,MAAM,OAAO,MAAM,KAAK,YAAY,YAAY,OAAO,GAAG;GAC1D,MAAM,KAAK,WAAW,aAAa,KAAK;GACxC,OAAO,MAAM,KAAK,YAAY,WAAW,KAAK;;EAEjD,CAAC;;;;ACzMJ,IAAa,WAAb,MAAsB;CACpB,cAAiC,QAAQ,YAAY;CAErD,aAA6B,WAAW;EACtC,MAAM;EACN,aAAa;EACb,MAAM;EACN,SAAS,YAAY;GACnB,MAAM,QAAQ,MAAM,KAAK,YAAY,kBAAkB;GAEvD,MAAM,QAAQ,IACZ,MAAM,KAAK,SAAS,KAAK,YAAY,WAAW,KAAK,GAAG,CAAC,CAC1D;;EAEJ,CAAC;;;;;;;;;;;;;;;AC4CJ,MAAa,iBAAiB,QAAQ;CACpC,MAAM;CACN,UAAU;EACR;EACA;EACA;EACA;EACA;EACD;CACD,SAAS,CAAC,cAAc,iBAAiB;CAC1C,CAAC"}