asaihost-nodejs 0.0.5 → 0.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. package/dist/{InterventionLog-PZT2CCN3.es.js → InterventionLog-OPQ6VOBV.es.js} +3 -3
  2. package/dist/InterventionLog-WNVDQFAH.cjs +30 -0
  3. package/dist/{InterventionLog-CRP6YJVM.cjs.map → InterventionLog-WNVDQFAH.cjs.map} +1 -1
  4. package/dist/LogStore-AP4T2CFD.cjs +54 -0
  5. package/dist/{LogStore-7MTUQA4G.cjs.map → LogStore-AP4T2CFD.cjs.map} +1 -1
  6. package/dist/{LogStore-Q35YFNAY.es.js → LogStore-DWIPPRCA.es.js} +2 -2
  7. package/dist/asaihost-nodejs.cjs +580 -567
  8. package/dist/asaihost-nodejs.cjs.map +1 -1
  9. package/dist/asaihost-nodejs.d.cts +18 -2
  10. package/dist/asaihost-nodejs.d.ts +18 -2
  11. package/dist/asaihost-nodejs.es.js +273 -260
  12. package/dist/asaihost-nodejs.es.js.map +1 -1
  13. package/dist/{chunk-A6VJPLDD.es.js → chunk-5WJQD4RZ.es.js} +3 -3
  14. package/dist/{chunk-RIRKIYET.cjs → chunk-ARHPHWT5.cjs} +12 -12
  15. package/dist/{chunk-RIRKIYET.cjs.map → chunk-ARHPHWT5.cjs.map} +1 -1
  16. package/dist/{chunk-A5CDJGJI.es.js → chunk-BOIRAQXE.es.js} +1 -1
  17. package/dist/chunk-BOIRAQXE.es.js.map +1 -0
  18. package/dist/{chunk-LTEP4XB2.es.js → chunk-EC67M7RR.es.js} +115 -21
  19. package/dist/chunk-EC67M7RR.es.js.map +1 -0
  20. package/dist/{chunk-SB23ESX2.es.js → chunk-GCR56QH7.es.js} +2 -2
  21. package/dist/{chunk-H3K33HBA.cjs → chunk-GXOFLFFW.cjs} +1 -1
  22. package/dist/{chunk-H3K33HBA.cjs.map → chunk-GXOFLFFW.cjs.map} +1 -1
  23. package/dist/{chunk-TKJAHTPO.cjs → chunk-HR5JKN7Y.cjs} +161 -67
  24. package/dist/chunk-HR5JKN7Y.cjs.map +1 -0
  25. package/dist/{chunk-VUZO7DCA.es.js → chunk-N6LBKGML.es.js} +2 -2
  26. package/dist/{chunk-57UQJKSL.es.js → chunk-OTL2B4WS.es.js} +2 -2
  27. package/dist/{chunk-4E7Z5K5U.cjs → chunk-U2YJH2RW.cjs} +4 -4
  28. package/dist/{chunk-4E7Z5K5U.cjs.map → chunk-U2YJH2RW.cjs.map} +1 -1
  29. package/dist/{chunk-K2QPSQEV.cjs → chunk-WXW5DYNU.cjs} +9 -9
  30. package/dist/{chunk-K2QPSQEV.cjs.map → chunk-WXW5DYNU.cjs.map} +1 -1
  31. package/dist/{chunk-LXJMGLKW.cjs → chunk-ZK4O4Z2O.cjs} +20 -20
  32. package/dist/{chunk-LXJMGLKW.cjs.map → chunk-ZK4O4Z2O.cjs.map} +1 -1
  33. package/dist/intervention-hooks-4NAAAZK3.cjs +21 -0
  34. package/dist/{intervention-hooks-KF3SNB5Q.cjs.map → intervention-hooks-4NAAAZK3.cjs.map} +1 -1
  35. package/dist/{intervention-hooks-TCGIC4IV.es.js → intervention-hooks-QNA4IZT7.es.js} +4 -4
  36. package/dist/{password-4BABWAG4.es.js → password-4P7IZUDQ.es.js} +3 -3
  37. package/dist/password-MDYRL6ZD.cjs +20 -0
  38. package/dist/{password-PJHJRGPE.cjs.map → password-MDYRL6ZD.cjs.map} +1 -1
  39. package/dist/user-store-55HOLHEM.cjs +12 -0
  40. package/dist/{user-store-6J2PSEIN.cjs.map → user-store-55HOLHEM.cjs.map} +1 -1
  41. package/dist/{user-store-UC5URX3C.es.js → user-store-FXD2N55G.es.js} +3 -3
  42. package/package.json +1 -1
  43. package/dist/InterventionLog-CRP6YJVM.cjs +0 -30
  44. package/dist/LogStore-7MTUQA4G.cjs +0 -54
  45. package/dist/chunk-A5CDJGJI.es.js.map +0 -1
  46. package/dist/chunk-LTEP4XB2.es.js.map +0 -1
  47. package/dist/chunk-TKJAHTPO.cjs.map +0 -1
  48. package/dist/intervention-hooks-KF3SNB5Q.cjs +0 -21
  49. package/dist/password-PJHJRGPE.cjs +0 -20
  50. package/dist/user-store-6J2PSEIN.cjs +0 -12
  51. /package/dist/{InterventionLog-PZT2CCN3.es.js.map → InterventionLog-OPQ6VOBV.es.js.map} +0 -0
  52. /package/dist/{LogStore-Q35YFNAY.es.js.map → LogStore-DWIPPRCA.es.js.map} +0 -0
  53. /package/dist/{chunk-A6VJPLDD.es.js.map → chunk-5WJQD4RZ.es.js.map} +0 -0
  54. /package/dist/{chunk-SB23ESX2.es.js.map → chunk-GCR56QH7.es.js.map} +0 -0
  55. /package/dist/{chunk-VUZO7DCA.es.js.map → chunk-N6LBKGML.es.js.map} +0 -0
  56. /package/dist/{chunk-57UQJKSL.es.js.map → chunk-OTL2B4WS.es.js.map} +0 -0
  57. /package/dist/{intervention-hooks-TCGIC4IV.es.js.map → intervention-hooks-QNA4IZT7.es.js.map} +0 -0
  58. /package/dist/{password-4BABWAG4.es.js.map → password-4P7IZUDQ.es.js.map} +0 -0
  59. /package/dist/{user-store-UC5URX3C.es.js.map → user-store-FXD2N55G.es.js.map} +0 -0
@@ -4,10 +4,10 @@
4
4
 
5
5
 
6
6
 
7
- var _chunkRIRKIYETcjs = require('./chunk-RIRKIYET.cjs');
7
+ var _chunkARHPHWT5cjs = require('./chunk-ARHPHWT5.cjs');
8
8
 
9
9
 
10
- var _chunk4E7Z5K5Ucjs = require('./chunk-4E7Z5K5U.cjs');
10
+ var _chunkU2YJH2RWcjs = require('./chunk-U2YJH2RW.cjs');
11
11
 
12
12
 
13
13
 
@@ -28,7 +28,9 @@ var _chunk4E7Z5K5Ucjs = require('./chunk-4E7Z5K5U.cjs');
28
28
 
29
29
 
30
30
 
31
- var _chunkTKJAHTPOcjs = require('./chunk-TKJAHTPO.cjs');
31
+
32
+
33
+ var _chunkHR5JKN7Ycjs = require('./chunk-HR5JKN7Y.cjs');
32
34
 
33
35
 
34
36
 
@@ -48,7 +50,7 @@ var _chunkO6LVLSNBcjs = require('./chunk-O6LVLSNB.cjs');
48
50
 
49
51
 
50
52
 
51
- var _chunkK2QPSQEVcjs = require('./chunk-K2QPSQEV.cjs');
53
+ var _chunkWXW5DYNUcjs = require('./chunk-WXW5DYNU.cjs');
52
54
 
53
55
 
54
56
 
@@ -60,7 +62,7 @@ var _chunkK2QPSQEVcjs = require('./chunk-K2QPSQEV.cjs');
60
62
 
61
63
 
62
64
 
63
- var _chunkLXJMGLKWcjs = require('./chunk-LXJMGLKW.cjs');
65
+ var _chunkZK4O4Z2Ocjs = require('./chunk-ZK4O4Z2O.cjs');
64
66
 
65
67
 
66
68
 
@@ -73,7 +75,7 @@ var _chunkLXJMGLKWcjs = require('./chunk-LXJMGLKW.cjs');
73
75
 
74
76
 
75
77
 
76
- var _chunkH3K33HBAcjs = require('./chunk-H3K33HBA.cjs');
78
+ var _chunkGXOFLFFWcjs = require('./chunk-GXOFLFFW.cjs');
77
79
 
78
80
 
79
81
  var _chunk2BCIIKRGcjs = require('./chunk-2BCIIKRG.cjs');
@@ -212,7 +214,7 @@ ${reason.name}: ${reason.message}`;
212
214
  if (restartTimes.length > MAX_RESTARTS) {
213
215
  try {
214
216
  $asai.$log("NO_RESTART", "Process crashed too frequently, gracefully shutdown and wait for daemon restart.");
215
- void Promise.resolve().then(() => _interopRequireWildcard(require("./intervention-hooks-KF3SNB5Q.cjs"))).then(
217
+ void Promise.resolve().then(() => _interopRequireWildcard(require("./intervention-hooks-4NAAAZK3.cjs"))).then(
216
218
  ({ logProcessGuardEvent }) => logProcessGuardEvent($asai, {
217
219
  action: "crash_loop_shutdown",
218
220
  detail: `${restartTimes.length} crashes in ${RESTART_WINDOW}ms window`,
@@ -254,7 +256,7 @@ ${reason.name}: ${reason.message}`;
254
256
  }
255
257
  _chunkSMVZ3ZDJcjs.__name.call(void 0, initProcess, "initProcess");
256
258
  function gracefulShutdown($asai) {
257
- void Promise.resolve().then(() => _interopRequireWildcard(require("./intervention-hooks-KF3SNB5Q.cjs"))).then(
259
+ void Promise.resolve().then(() => _interopRequireWildcard(require("./intervention-hooks-4NAAAZK3.cjs"))).then(
258
260
  ({ logProcessGuardEvent }) => logProcessGuardEvent($asai, {
259
261
  action: "graceful_shutdown",
260
262
  detail: "SIGTERM/SIGINT or crash guard triggered",
@@ -379,7 +381,7 @@ var LogBuffer = class _LogBuffer {
379
381
  await _promises2.default.appendFile(this.filePath, logContent, "utf8");
380
382
  const src = this.filePath.includes("/client/") || this.filePath.includes("\\client\\") ? "client" : "server";
381
383
  const kind = logContent.includes("[SEC-AUDIT]") ? "sec" : src;
382
- void _chunkTKJAHTPOcjs.mirrorWebLog.call(void 0, this.$asai, {
384
+ void _chunkHR5JKN7Ycjs.mirrorWebLog.call(void 0, this.$asai, {
383
385
  source: kind === "sec" ? "sec" : src,
384
386
  rawLine: logContent
385
387
  }).catch(() => void 0);
@@ -480,7 +482,7 @@ async function appendAccessLog($asai, clfLine, w3cLine) {
480
482
  await ensureW3CAccessHeader($asai, w3cPath, dateCur);
481
483
  await _promises2.default.appendFile(w3cPath, w3cLine, "utf8");
482
484
  const clfParsed = _chunkOCEBEEP5cjs.parseCLF.call(void 0, clfLine);
483
- void _chunkTKJAHTPOcjs.mirrorAccessLog.call(void 0, $asai, {
485
+ void _chunkHR5JKN7Ycjs.mirrorAccessLog.call(void 0, $asai, {
484
486
  format: "clf",
485
487
  rawLine: clfLine,
486
488
  host: _optionalChain([clfParsed, 'optionalAccess', _42 => _42.host]),
@@ -488,7 +490,7 @@ async function appendAccessLog($asai, clfLine, w3cLine) {
488
490
  url: _optionalChain([clfParsed, 'optionalAccess', _44 => _44.url]),
489
491
  status: _optionalChain([clfParsed, 'optionalAccess', _45 => _45.status])
490
492
  }).catch(() => void 0);
491
- void _chunkTKJAHTPOcjs.mirrorAccessLog.call(void 0, $asai, {
493
+ void _chunkHR5JKN7Ycjs.mirrorAccessLog.call(void 0, $asai, {
492
494
  format: "w3c",
493
495
  rawLine: w3cLine
494
496
  }).catch(() => void 0);
@@ -812,8 +814,8 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, checkNtpOffset, "checkNtpOffset");
812
814
 
813
815
  // src/infra/config-integrity.ts
814
816
  var _crypto = require('crypto'); var _crypto2 = _interopRequireDefault(_crypto);
815
- var _fs = require('fs'); var fs3 = _interopRequireWildcard(_fs); var fs6 = _interopRequireWildcard(_fs); var fs4 = _interopRequireWildcard(_fs); var fs5 = _interopRequireWildcard(_fs); var fs8 = _interopRequireWildcard(_fs); var fs10 = _interopRequireWildcard(_fs); var fs11 = _interopRequireWildcard(_fs);
816
- var _path = require('path'); var nodePath2 = _interopRequireWildcard(_path); var path2 = _interopRequireWildcard(_path); var nodePath = _interopRequireWildcard(_path); var nodePath3 = _interopRequireWildcard(_path); var nodePath4 = _interopRequireWildcard(_path); var path5 = _interopRequireWildcard(_path); var path6 = _interopRequireWildcard(_path);
817
+ var _fs = require('fs'); var fs3 = _interopRequireWildcard(_fs); var fs6 = _interopRequireWildcard(_fs); var fs4 = _interopRequireWildcard(_fs); var fs5 = _interopRequireWildcard(_fs); var fs8 = _interopRequireWildcard(_fs); var fs10 = _interopRequireWildcard(_fs);
818
+ var _path = require('path'); var nodePath2 = _interopRequireWildcard(_path); var path2 = _interopRequireWildcard(_path); var nodePath = _interopRequireWildcard(_path); var nodePath3 = _interopRequireWildcard(_path); var path4 = _interopRequireWildcard(_path); var path6 = _interopRequireWildcard(_path); var path7 = _interopRequireWildcard(_path);
817
819
  function computeConfigHash(configPath) {
818
820
  try {
819
821
  const raw = fs3.default.readFileSync(configPath);
@@ -867,12 +869,12 @@ function initAsaiHostNodejs($asai, _opt) {
867
869
  resAES
868
870
  };
869
871
  }
870
- if (_chunkLXJMGLKWcjs.isDevDefaultPassword.call(void 0, _optionalChain([$asai, 'access', _102 => _102.hostconfig, 'optionalAccess', _103 => _103.password]) || "")) {
872
+ if (_chunkZK4O4Z2Ocjs.isDevDefaultPassword.call(void 0, _optionalChain([$asai, 'access', _102 => _102.hostconfig, 'optionalAccess', _103 => _103.password]) || "")) {
871
873
  logSecurityEvent($asai, {
872
874
  type: "CONFIG_WARN",
873
875
  detail: "Using dev-only password; set ASAI_HOST_PASSWORD for production (IEC 62443-4-2 CR 1.7)"
874
876
  });
875
- void Promise.resolve().then(() => _interopRequireWildcard(require("./intervention-hooks-KF3SNB5Q.cjs"))).then(
877
+ void Promise.resolve().then(() => _interopRequireWildcard(require("./intervention-hooks-4NAAAZK3.cjs"))).then(
876
878
  ({ logSecurityConfigIntervention: logSecurityConfigIntervention2 }) => logSecurityConfigIntervention2($asai, {
877
879
  section: "password",
878
880
  detail: "dev-default-password detected at startup"
@@ -898,7 +900,7 @@ function scheduleLogComplianceCheck($asai) {
898
900
  if (hours <= 0) return;
899
901
  const ms = hours * 3600 * 1e3;
900
902
  setInterval(() => {
901
- void Promise.resolve().then(() => _interopRequireWildcard(require("./LogStore-7MTUQA4G.cjs"))).then(
903
+ void Promise.resolve().then(() => _interopRequireWildcard(require("./LogStore-AP4T2CFD.cjs"))).then(
902
904
  ({ getComplianceReport: getComplianceReport2 }) => getComplianceReport2($asai, "prod")
903
905
  ).catch(() => void 0);
904
906
  }, ms);
@@ -996,7 +998,7 @@ function kickUserWs($asai, us, hostdir) {
996
998
  _chunkSMVZ3ZDJcjs.__name.call(void 0, kickUserWs, "kickUserWs");
997
999
  async function removeSessionOnWsClose($asai, us, token) {
998
1000
  try {
999
- const store = _chunkLXJMGLKWcjs.createUserStore.call(void 0, $asai);
1001
+ const store = _chunkZK4O4Z2Ocjs.createUserStore.call(void 0, $asai);
1000
1002
  const sessions = await store.getSessions();
1001
1003
  const match = sessions.find((s) => s.us === us && s.pub === token);
1002
1004
  if (match) await store.removeSession(match.id);
@@ -1458,11 +1460,11 @@ function createSkipChecker($asai) {
1458
1460
  }
1459
1461
  if (exact.size === 0 && prefixes.length === 0) return () => false;
1460
1462
  return (url) => {
1461
- const path7 = normalizeRequestPath(url);
1462
- if (!path7) return false;
1463
- if (exact.has(path7)) return true;
1463
+ const path8 = normalizeRequestPath(url);
1464
+ if (!path8) return false;
1465
+ if (exact.has(path8)) return true;
1464
1466
  for (let i = 0; i < prefixes.length; i++) {
1465
- if (path7.startsWith(prefixes[i])) return true;
1467
+ if (path8.startsWith(prefixes[i])) return true;
1466
1468
  }
1467
1469
  return false;
1468
1470
  };
@@ -1582,10 +1584,10 @@ function getStaticBaseDirs($asai) {
1582
1584
  bases.push(abs);
1583
1585
  }
1584
1586
  }, "add");
1587
+ if ($asai.serverRoot) add($asai.serverRoot);
1585
1588
  if (Array.isArray($asai.runtimeBaseDirs)) {
1586
1589
  for (const b of $asai.runtimeBaseDirs) add(b);
1587
1590
  }
1588
- if ($asai.serverRoot) add($asai.serverRoot);
1589
1591
  if ($asai.pkgSnapshotDir) add($asai.pkgSnapshotDir);
1590
1592
  return bases;
1591
1593
  }
@@ -1652,6 +1654,11 @@ function parseUrlPath(requrl) {
1652
1654
  }
1653
1655
  _chunkSMVZ3ZDJcjs.__name.call(void 0, parseUrlPath, "parseUrlPath");
1654
1656
  var STATIC_ASSET_PREFIXES = ["/assets/", "/webmodel/", "/assets/entry/", "/assets/chunk/"];
1657
+ function isMutableWebmodelConfig(urlPath) {
1658
+ const p = parseUrlPath(urlPath);
1659
+ return /^\/webmodel\/sys\/setting\/[^/]+\.json$/i.test(p);
1660
+ }
1661
+ _chunkSMVZ3ZDJcjs.__name.call(void 0, isMutableWebmodelConfig, "isMutableWebmodelConfig");
1655
1662
  function isStaticAssetPath(urlPath, indexFile) {
1656
1663
  const p = parseUrlPath(urlPath);
1657
1664
  const base = p.split("/").pop() || "";
@@ -1660,9 +1667,10 @@ function isStaticAssetPath(urlPath, indexFile) {
1660
1667
  return /\.(css|js|mjs|cjs|json|png|jpe?g|gif|svg|ico|woff2?|ttf|map|wasm|zip)(\?|$)/i.test(p);
1661
1668
  }
1662
1669
  _chunkSMVZ3ZDJcjs.__name.call(void 0, isStaticAssetPath, "isStaticAssetPath");
1663
- function sendStaticBuffer(req, res, data, mimeType, mtimeMs, $asai) {
1670
+ function sendStaticBuffer(req, res, data, mimeType, mtimeMs, $asai, urlPath = "") {
1664
1671
  const etag = `"${data.length}-${mtimeMs}"`;
1665
- if (req.headers["if-none-match"] === etag) {
1672
+ const noCache = isMutableWebmodelConfig(urlPath);
1673
+ if (!noCache && req.headers["if-none-match"] === etag) {
1666
1674
  res.writeHead(304);
1667
1675
  res.end();
1668
1676
  return;
@@ -1671,7 +1679,7 @@ function sendStaticBuffer(req, res, data, mimeType, mtimeMs, $asai) {
1671
1679
  res.writeHead(200, {
1672
1680
  "Content-Type": mimeType,
1673
1681
  "Content-Length": data.length,
1674
- "Cache-Control": "public, max-age=3600",
1682
+ "Cache-Control": noCache ? "no-cache, must-revalidate" : "public, max-age=3600",
1675
1683
  ETag: etag,
1676
1684
  "Last-Modified": new Date(mtimeMs).toUTCString()
1677
1685
  });
@@ -1685,7 +1693,8 @@ function sendStaticBuffer(req, res, data, mimeType, mtimeMs, $asai) {
1685
1693
  }
1686
1694
  }
1687
1695
  _chunkSMVZ3ZDJcjs.__name.call(void 0, sendStaticBuffer, "sendStaticBuffer");
1688
- function serveStaticFile(req, res, foundPath, mimeType, stat, $asai) {
1696
+ function serveStaticFile(req, res, foundPath, mimeType, stat, $asai, urlPath = "") {
1697
+ const noCache = isMutableWebmodelConfig(urlPath);
1689
1698
  if (stat.size <= STATIC_READ_MAX) {
1690
1699
  fs6.readFile(foundPath, (err, data) => {
1691
1700
  if (err) {
@@ -1696,13 +1705,13 @@ function serveStaticFile(req, res, foundPath, mimeType, stat, $asai) {
1696
1705
  }
1697
1706
  return;
1698
1707
  }
1699
- sendStaticBuffer(req, res, data, mimeType, stat.mtimeMs, $asai);
1708
+ sendStaticBuffer(req, res, data, mimeType, stat.mtimeMs, $asai, urlPath);
1700
1709
  });
1701
1710
  return;
1702
1711
  }
1703
1712
  const readStream = fs6.createReadStream(foundPath);
1704
1713
  const etag = `"${stat.size}-${stat.mtimeMs}"`;
1705
- if (req.headers["if-none-match"] === etag) {
1714
+ if (!noCache && req.headers["if-none-match"] === etag) {
1706
1715
  readStream.destroy();
1707
1716
  res.writeHead(304);
1708
1717
  res.end();
@@ -1721,7 +1730,7 @@ function serveStaticFile(req, res, foundPath, mimeType, stat, $asai) {
1721
1730
  try {
1722
1731
  res.writeHead(200, {
1723
1732
  "Content-Type": mimeType,
1724
- "Cache-Control": "public, max-age=3600",
1733
+ "Cache-Control": noCache ? "no-cache, must-revalidate" : "public, max-age=3600",
1725
1734
  ETag: etag,
1726
1735
  "Last-Modified": stat.mtime.toUTCString()
1727
1736
  });
@@ -1779,7 +1788,7 @@ function createStaticHandler(ctx) {
1779
1788
  return;
1780
1789
  }
1781
1790
  const mimeType = _optionalChain([hostcfg, 'access', _192 => _192.mimetypes, 'optionalAccess', _193 => _193[nodePath2.extname(found.filePath)]]) || "application/octet-stream";
1782
- serveStaticFile(req, res, found.filePath, mimeType, found.stat, $asai);
1791
+ serveStaticFile(req, res, found.filePath, mimeType, found.stat, $asai, processedUrl);
1783
1792
  }, "showHostDirs");
1784
1793
  return (req, res, url) => {
1785
1794
  res.setHeader("Cross-Origin-Resource-Policy", "cross-origin");
@@ -2342,7 +2351,7 @@ async function attachServerUserLevel(req, $asai) {
2342
2351
  if (!Array.isArray(userinfo) || !userinfo[0]) return;
2343
2352
  const us = String(userinfo[0]);
2344
2353
  try {
2345
- const { createUserStore: createUserStore2 } = await Promise.resolve().then(() => _interopRequireWildcard(require("./user-store-6J2PSEIN.cjs")));
2354
+ const { createUserStore: createUserStore2 } = await Promise.resolve().then(() => _interopRequireWildcard(require("./user-store-55HOLHEM.cjs")));
2346
2355
  const user = await createUserStore2($asai).findByUsername(us);
2347
2356
  if (user && user.status === "active") {
2348
2357
  req._serverUser = { us: user.us, lv: user.lv, status: user.status };
@@ -2373,11 +2382,11 @@ function getSecurityConfig($asai) {
2373
2382
  return _optionalChain([$asai, 'optionalAccess', _269 => _269.hostconfig, 'optionalAccess', _270 => _270.security]) || {};
2374
2383
  }
2375
2384
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getSecurityConfig, "getSecurityConfig");
2376
- function pathMatchesPattern(path7, pattern) {
2385
+ function pathMatchesPattern(path8, pattern) {
2377
2386
  if (pattern.endsWith("*")) {
2378
- return path7.startsWith(pattern.slice(0, -1));
2387
+ return path8.startsWith(pattern.slice(0, -1));
2379
2388
  }
2380
- return path7 === pattern;
2389
+ return path8 === pattern;
2381
2390
  }
2382
2391
  _chunkSMVZ3ZDJcjs.__name.call(void 0, pathMatchesPattern, "pathMatchesPattern");
2383
2392
  function isAuthSkipped($asai, pathname) {
@@ -2555,6 +2564,10 @@ function isRawUploadPost(url = "") {
2555
2564
  return /\/api\/asaifile\/manage\/up(?:base64|binary)(?:batch)?\//.test(url);
2556
2565
  }
2557
2566
  _chunkSMVZ3ZDJcjs.__name.call(void 0, isRawUploadPost, "isRawUploadPost");
2567
+ function isPlainSourcePost(url = "") {
2568
+ return /\/api\/robotcode\//.test(url);
2569
+ }
2570
+ _chunkSMVZ3ZDJcjs.__name.call(void 0, isPlainSourcePost, "isPlainSourcePost");
2558
2571
  function processPostPayload($asai, req, postdata, pm) {
2559
2572
  let isAes = false;
2560
2573
  let out = postdata;
@@ -2570,7 +2583,7 @@ function processPostPayload($asai, req, postdata, pm) {
2570
2583
  }
2571
2584
  }
2572
2585
  const plainJson = typeof out === "string" && out.trimStart().startsWith("{");
2573
- if (_optionalChain([req, 'optionalAccess', _280 => _280.Userinfo, 'optionalAccess', _281 => _281[2]]) && !plainJson && !isRawUploadPost(_optionalChain([req, 'optionalAccess', _282 => _282.url]))) {
2586
+ if (_optionalChain([req, 'optionalAccess', _280 => _280.Userinfo, 'optionalAccess', _281 => _281[2]]) && !plainJson && !isRawUploadPost(_optionalChain([req, 'optionalAccess', _282 => _282.url])) && !isPlainSourcePost(_optionalChain([req, 'optionalAccess', _283 => _283.url]))) {
2574
2587
  pm = req.Userinfo[2];
2575
2588
  out = $asai.$lib.AsCode.asdecode(out, pm);
2576
2589
  }
@@ -2578,7 +2591,7 @@ function processPostPayload($asai, req, postdata, pm) {
2578
2591
  }
2579
2592
  _chunkSMVZ3ZDJcjs.__name.call(void 0, processPostPayload, "processPostPayload");
2580
2593
  var Api_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, opt = {}) => {
2581
- _optionalChain([opt, 'optionalAccess', _283 => _283.fn, 'optionalCall', _284 => _284($asai)]);
2594
+ _optionalChain([opt, 'optionalAccess', _284 => _284.fn, 'optionalCall', _285 => _285($asai)]);
2582
2595
  function getHeader(req, key) {
2583
2596
  return req.headers[key.toLowerCase()] || "";
2584
2597
  }
@@ -2587,7 +2600,7 @@ var Api_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2587
2600
  let apiRouteCacheLen = -1;
2588
2601
  function findApiHandler($asai2, pathname) {
2589
2602
  const apis = $asai2.hostserverapis;
2590
- if (!_optionalChain([apis, 'optionalAccess', _285 => _285.length])) return void 0;
2603
+ if (!_optionalChain([apis, 'optionalAccess', _286 => _286.length])) return void 0;
2591
2604
  if (!apiRouteCache || apiRouteCacheLen !== apis.length) {
2592
2605
  apiRouteCache = apis.map((elp) => ({ key: elp, path: `/api/${elp}` }));
2593
2606
  apiRouteCacheLen = apis.length;
@@ -2635,9 +2648,9 @@ var Api_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2635
2648
  pm: decodeURIComponent(urlParse.search.substring(4))
2636
2649
  };
2637
2650
  if (req.url.indexOf("binary") === -1) {
2638
- if (_optionalChain([req, 'optionalAccess', _286 => _286.Userinfo]) && _optionalChain([req, 'optionalAccess', _287 => _287.Userinfo, 'access', _288 => _288[2]]) && _optionalChain([query, 'optionalAccess', _289 => _289.pm])) {
2651
+ if (_optionalChain([req, 'optionalAccess', _287 => _287.Userinfo]) && _optionalChain([req, 'optionalAccess', _288 => _288.Userinfo, 'access', _289 => _289[2]]) && _optionalChain([query, 'optionalAccess', _290 => _290.pm])) {
2639
2652
  pm = req.Userinfo[2];
2640
- query = $asai.$lib.AsCode.asdecode(_optionalChain([query, 'optionalAccess', _290 => _290.pm]), pm);
2653
+ query = $asai.$lib.AsCode.asdecode(_optionalChain([query, 'optionalAccess', _291 => _291.pm]), pm);
2641
2654
  query = Object.fromEntries(new URLSearchParams("?" + query).entries());
2642
2655
  }
2643
2656
  }
@@ -2656,87 +2669,99 @@ var Api_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2656
2669
  const releaseSlot = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, () => releaseApiSlot(hostdir, clientIp), "releaseSlot");
2657
2670
  res.once("finish", releaseSlot);
2658
2671
  res.once("close", releaseSlot);
2659
- const maxBody = _optionalChain([$asai, 'access', _291 => _291.hostconfig, 'optionalAccess', _292 => _292.maxbody]) || 100 * 1024 * 1024;
2672
+ const maxBody = _optionalChain([$asai, 'access', _292 => _292.hostconfig, 'optionalAccess', _293 => _293.maxbody]) || 100 * 1024 * 1024;
2660
2673
  const isTextPost = req.method === "POST" && req.url.indexOf("binary") === -1;
2661
2674
  const bodyPromise = isTextPost ? readRequestBody(req, maxBody) : null;
2662
2675
  void (async () => {
2663
- let authResult;
2664
- let rawBody = "";
2665
2676
  try {
2666
- [authResult, rawBody] = await Promise.all([
2667
- validateHttpAuthAsync(req, $asai, pathname),
2668
- _nullishCoalesce(bodyPromise, () => ( Promise.resolve("")))
2669
- ]);
2670
- } catch (err) {
2671
- releaseSlot();
2672
- if (_optionalChain([err, 'optionalAccess', _293 => _293.message]) === "PAYLOAD_TOO_LARGE") {
2673
- return sendError(res, 413, "Payload Too Large");
2674
- }
2675
- return sendError(res, 400, _optionalChain([err, 'optionalAccess', _294 => _294.message]) || "Bad Request");
2676
- }
2677
- if (!authResult.ok) {
2678
- releaseSlot();
2679
- return sendAuthError(res, authResult);
2680
- }
2681
- let apiFn = _optionalChain([$asai, 'access', _295 => _295.hostserverapi, 'access', _296 => _296[apiHandlerKey], 'optionalCall', _297 => _297($asai, query)]);
2682
- if (!apiFn) {
2683
- return sendError(res, 501, "Not Implemented");
2684
- }
2685
- res.setHeader("Content-Type", "application/json; charset=utf-8");
2686
- $asai.$log("API", req.method, urlParse.pathname, query);
2687
- let qrdata;
2688
- let postdata;
2689
- if (req.url.indexOf("binary") === -1) {
2690
- qrdata = query;
2691
- if (req.method === "POST") {
2692
- try {
2693
- const processed = processPostPayload($asai, req, rawBody, pm);
2694
- postdata = processed.postdata;
2695
- pm = processed.pm;
2696
- isAes = processed.isAes;
2697
- } catch (e35) {
2698
- return sendError(res, 400, "AES decrypt failed");
2699
- }
2700
- if (_optionalChain([apiFn, 'optionalAccess', _298 => _298.post]) && typeof _optionalChain([apiFn, 'optionalAccess', _299 => _299.post]) === "function") {
2701
- const optTmp = { qrdata, data: postdata, pm };
2702
- if (isAes || _optionalChain([$asai, 'access', _300 => _300.$lib, 'access', _301 => _301.aesfns, 'optionalAccess', _302 => _302.allaes])) {
2703
- optTmp.resAES = _optionalChain([$asai, 'access', _303 => _303.$lib, 'access', _304 => _304.aesfns, 'optionalAccess', _305 => _305.resAES]);
2704
- }
2705
- apiFn.post(req, res, hostdir, optTmp);
2706
- } else {
2707
- res.end(typeof postdata === "string" ? postdata : JSON.stringify(_nullishCoalesce(postdata, () => ( ""))));
2708
- }
2709
- } else if (req.method === "GET") {
2710
- if (_optionalChain([apiFn, 'optionalAccess', _306 => _306.get]) && typeof _optionalChain([apiFn, 'optionalAccess', _307 => _307.get]) === "function") {
2711
- const optTmp = { qrdata, data: qrdata, pm };
2712
- if (isAes || _optionalChain([$asai, 'access', _308 => _308.$lib, 'access', _309 => _309.aesfns, 'optionalAccess', _310 => _310.allaes])) {
2713
- optTmp.resAES = _optionalChain([$asai, 'access', _311 => _311.$lib, 'access', _312 => _312.aesfns, 'optionalAccess', _313 => _313.resAES]);
2714
- }
2715
- apiFn.get(req, res, hostdir, optTmp);
2716
- } else {
2717
- res.end(JSON.stringify(qrdata));
2677
+ let authResult;
2678
+ let rawBody = "";
2679
+ try {
2680
+ [authResult, rawBody] = await Promise.all([
2681
+ validateHttpAuthAsync(req, $asai, pathname),
2682
+ _nullishCoalesce(bodyPromise, () => ( Promise.resolve("")))
2683
+ ]);
2684
+ } catch (err) {
2685
+ releaseSlot();
2686
+ if (_optionalChain([err, 'optionalAccess', _294 => _294.message]) === "PAYLOAD_TOO_LARGE") {
2687
+ return sendError(res, 413, "Payload Too Large");
2718
2688
  }
2689
+ return sendError(res, 400, _optionalChain([err, 'optionalAccess', _295 => _295.message]) || "Bad Request");
2719
2690
  }
2720
- } else {
2721
- if (_optionalChain([Object, 'access', _314 => _314.keys, 'call', _315 => _315(query), 'optionalAccess', _316 => _316.length])) {
2722
- qrdata = query;
2691
+ if (!authResult.ok) {
2692
+ releaseSlot();
2693
+ return sendAuthError(res, authResult);
2723
2694
  }
2724
- if (req.method === "POST") {
2725
- $asai.$lib.AsNodeTool.upBinary(req).then((postdata2) => {
2726
- if (_optionalChain([apiFn, 'optionalAccess', _317 => _317.post]) && typeof _optionalChain([apiFn, 'optionalAccess', _318 => _318.post]) === "function") {
2727
- apiFn.post(req, res, hostdir, {
2728
- qrdata,
2729
- data: postdata2
2730
- });
2695
+ let apiFn = _optionalChain([$asai, 'access', _296 => _296.hostserverapi, 'access', _297 => _297[apiHandlerKey], 'optionalCall', _298 => _298($asai, query)]);
2696
+ if (!apiFn) {
2697
+ return sendError(res, 501, "Not Implemented");
2698
+ }
2699
+ res.setHeader("Content-Type", "application/json; charset=utf-8");
2700
+ $asai.$log("API", req.method, urlParse.pathname, query);
2701
+ let qrdata;
2702
+ let postdata;
2703
+ if (req.url.indexOf("binary") === -1) {
2704
+ qrdata = query;
2705
+ if (req.method === "POST") {
2706
+ try {
2707
+ const processed = processPostPayload($asai, req, rawBody, pm);
2708
+ postdata = processed.postdata;
2709
+ pm = processed.pm;
2710
+ isAes = processed.isAes;
2711
+ } catch (e35) {
2712
+ return sendError(res, 400, "AES decrypt failed");
2713
+ }
2714
+ if (_optionalChain([apiFn, 'optionalAccess', _299 => _299.post]) && typeof _optionalChain([apiFn, 'optionalAccess', _300 => _300.post]) === "function") {
2715
+ const optTmp = { qrdata, data: postdata, pm };
2716
+ if (isAes || _optionalChain([$asai, 'access', _301 => _301.$lib, 'access', _302 => _302.aesfns, 'optionalAccess', _303 => _303.allaes])) {
2717
+ optTmp.resAES = _optionalChain([$asai, 'access', _304 => _304.$lib, 'access', _305 => _305.aesfns, 'optionalAccess', _306 => _306.resAES]);
2718
+ }
2719
+ apiFn.post(req, res, hostdir, optTmp);
2731
2720
  } else {
2732
- res.end(postdata2);
2721
+ res.end(typeof postdata === "string" ? postdata : JSON.stringify(_nullishCoalesce(postdata, () => ( ""))));
2733
2722
  }
2734
- }).catch((err) => {
2735
- return sendError(res, 400, "Invalid content type");
2736
- });
2723
+ } else if (req.method === "GET") {
2724
+ if (_optionalChain([apiFn, 'optionalAccess', _307 => _307.get]) && typeof _optionalChain([apiFn, 'optionalAccess', _308 => _308.get]) === "function") {
2725
+ const optTmp = { qrdata, data: qrdata, pm };
2726
+ if (isAes || _optionalChain([$asai, 'access', _309 => _309.$lib, 'access', _310 => _310.aesfns, 'optionalAccess', _311 => _311.allaes])) {
2727
+ optTmp.resAES = _optionalChain([$asai, 'access', _312 => _312.$lib, 'access', _313 => _313.aesfns, 'optionalAccess', _314 => _314.resAES]);
2728
+ }
2729
+ apiFn.get(req, res, hostdir, optTmp);
2730
+ } else {
2731
+ res.end(JSON.stringify(qrdata));
2732
+ }
2733
+ }
2734
+ } else {
2735
+ if (_optionalChain([Object, 'access', _315 => _315.keys, 'call', _316 => _316(query), 'optionalAccess', _317 => _317.length])) {
2736
+ qrdata = query;
2737
+ }
2738
+ if (req.method === "POST") {
2739
+ $asai.$lib.AsNodeTool.upBinary(req).then((postdata2) => {
2740
+ if (_optionalChain([apiFn, 'optionalAccess', _318 => _318.post]) && typeof _optionalChain([apiFn, 'optionalAccess', _319 => _319.post]) === "function") {
2741
+ apiFn.post(req, res, hostdir, {
2742
+ qrdata,
2743
+ data: postdata2
2744
+ });
2745
+ } else {
2746
+ res.end(postdata2);
2747
+ }
2748
+ }).catch((err) => {
2749
+ return sendError(res, 400, "Invalid content type");
2750
+ });
2751
+ }
2752
+ }
2753
+ } catch (err) {
2754
+ releaseSlot();
2755
+ if (!res.headersSent) {
2756
+ return sendError(res, 500, _optionalChain([err, 'optionalAccess', _320 => _320.message]) || "Internal Server Error");
2737
2757
  }
2738
2758
  }
2739
- })();
2759
+ })().catch((err) => {
2760
+ releaseSlot();
2761
+ if (!res.headersSent) {
2762
+ sendError(res, 500, _optionalChain([err, 'optionalAccess', _321 => _321.message]) || "Internal Server Error");
2763
+ }
2764
+ });
2740
2765
  } else {
2741
2766
  $asai.$log("API", req.method, req.url);
2742
2767
  }
@@ -2747,12 +2772,12 @@ var Api_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2747
2772
 
2748
2773
  // src/common/server/Ws.ts
2749
2774
  var Ws_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, opt = {}) => {
2750
- _optionalChain([opt, 'optionalAccess', _319 => _319.fn, 'optionalCall', _320 => _320($asai)]);
2775
+ _optionalChain([opt, 'optionalAccess', _322 => _322.fn, 'optionalCall', _323 => _323($asai)]);
2751
2776
  const wsHandlerCache = /* @__PURE__ */ new Map();
2752
2777
  const routeIndex = ensureWsRouteIndex($asai);
2753
2778
  function getWsHandler(handlerKey) {
2754
2779
  if (!wsHandlerCache.has(handlerKey)) {
2755
- wsHandlerCache.set(handlerKey, _optionalChain([$asai, 'access', _321 => _321.hostserverws, 'access', _322 => _322[handlerKey], 'optionalCall', _323 => _323($asai)]));
2780
+ wsHandlerCache.set(handlerKey, _optionalChain([$asai, 'access', _324 => _324.hostserverws, 'access', _325 => _325[handlerKey], 'optionalCall', _326 => _326($asai)]));
2756
2781
  }
2757
2782
  return wsHandlerCache.get(handlerKey);
2758
2783
  }
@@ -2776,21 +2801,21 @@ var Ws_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, o
2776
2801
  let reqdata = parseMessage(msg);
2777
2802
  let handlerKey;
2778
2803
  if (reqdata === "ping") {
2779
- _optionalChain([ws2, 'access', _324 => _324.send, 'optionalCall', _325 => _325("pong")]);
2804
+ _optionalChain([ws2, 'access', _327 => _327.send, 'optionalCall', _328 => _328("pong")]);
2780
2805
  return;
2781
2806
  } else {
2782
2807
  const reqdataisobj = typeof reqdata === "object" && reqdata !== null;
2783
- handlerKey = reqdataisobj ? routeIndex.matchTy(_optionalChain([reqdata, 'optionalAccess', _326 => _326.ty])) : routeIndex.matchString(reqdata);
2784
- if (!handlerKey && _optionalChain([$asai, 'access', _327 => _327.hostserverwss, 'optionalAccess', _328 => _328.length])) {
2808
+ handlerKey = reqdataisobj ? routeIndex.matchTy(_optionalChain([reqdata, 'optionalAccess', _329 => _329.ty])) : routeIndex.matchString(reqdata);
2809
+ if (!handlerKey && _optionalChain([$asai, 'access', _330 => _330.hostserverwss, 'optionalAccess', _331 => _331.length])) {
2785
2810
  handlerKey = $asai.hostserverwss.find((elp) => {
2786
2811
  if (reqdataisobj) {
2787
- return _optionalChain([reqdata, 'optionalAccess', _329 => _329.ty, 'optionalAccess', _330 => _330.startsWith, 'call', _331 => _331(elp)]);
2812
+ return _optionalChain([reqdata, 'optionalAccess', _332 => _332.ty, 'optionalAccess', _333 => _333.startsWith, 'call', _334 => _334(elp)]);
2788
2813
  }
2789
2814
  return typeof reqdata === "string" && reqdata.startsWith(elp);
2790
2815
  });
2791
2816
  }
2792
2817
  if (!handlerKey) {
2793
- _optionalChain([$asai, 'access', _332 => _332.asaimock, 'optionalAccess', _333 => _333.wsWorkMock, 'call', _334 => _334({
2818
+ _optionalChain([$asai, 'access', _335 => _335.asaimock, 'optionalAccess', _336 => _336.wsWorkMock, 'call', _337 => _337({
2794
2819
  msg,
2795
2820
  ws: ws2,
2796
2821
  hostdir,
@@ -2802,14 +2827,14 @@ var Ws_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, o
2802
2827
  }
2803
2828
  }
2804
2829
  if (!handlerKey) return;
2805
- _optionalChain([getWsHandler, 'call', _335 => _335(handlerKey), 'optionalAccess', _336 => _336.work, 'optionalCall', _337 => _337(reqdata, ws2, hostdir, req)]);
2830
+ _optionalChain([getWsHandler, 'call', _338 => _338(handlerKey), 'optionalAccess', _339 => _339.work, 'optionalCall', _340 => _340(reqdata, ws2, hostdir, req)]);
2806
2831
  } catch (err) {
2807
- _optionalChain([($asai.$log || console.error), 'optionalCall', _338 => _338("WS", "handler error", err instanceof Error ? err.message : err)]);
2832
+ _optionalChain([($asai.$log || console.error), 'optionalCall', _341 => _341("WS", "handler error", err instanceof Error ? err.message : err)]);
2808
2833
  }
2809
2834
  }
2810
2835
  _chunkSMVZ3ZDJcjs.__name.call(void 0, wsWork, "wsWork");
2811
2836
  function _getMessage(msg) {
2812
- if (_optionalChain([msg, 'optionalAccess', _339 => _339.db, 'optionalAccess', _340 => _340.aes]) && _optionalChain([$asai, 'access', _341 => _341.$lib, 'optionalAccess', _342 => _342.aesfns, 'optionalAccess', _343 => _343.reqAES])) {
2837
+ if (_optionalChain([msg, 'optionalAccess', _342 => _342.db, 'optionalAccess', _343 => _343.aes]) && _optionalChain([$asai, 'access', _344 => _344.$lib, 'optionalAccess', _345 => _345.aesfns, 'optionalAccess', _346 => _346.reqAES])) {
2813
2838
  msg.db = $asai.$lib.aesfns.reqAES({ data: msg.db });
2814
2839
  }
2815
2840
  return msg;
@@ -2836,12 +2861,12 @@ var Ws_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, o
2836
2861
 
2837
2862
  // src/common/server/Sys.ts
2838
2863
  var Sys_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, opt = {}) => {
2839
- _optionalChain([opt, 'optionalAccess', _344 => _344.fn, 'optionalCall', _345 => _345($asai)]);
2864
+ _optionalChain([opt, 'optionalAccess', _347 => _347.fn, 'optionalCall', _348 => _348($asai)]);
2840
2865
  let sysRouteCache = null;
2841
2866
  let sysRouteCacheLen = -1;
2842
2867
  function findSystemHandler(req) {
2843
2868
  const routes = $asai.hostserversyss;
2844
- if (!_optionalChain([routes, 'optionalAccess', _346 => _346.length])) return void 0;
2869
+ if (!_optionalChain([routes, 'optionalAccess', _349 => _349.length])) return void 0;
2845
2870
  if (!sysRouteCache || sysRouteCacheLen !== routes.length) {
2846
2871
  sysRouteCache = routes.map((elp) => ({ key: elp, route: `/${elp}` }));
2847
2872
  sysRouteCacheLen = routes.length;
@@ -2870,27 +2895,28 @@ var Sys_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2870
2895
  }
2871
2896
  const urlPath = (req.url || "").split("?")[0];
2872
2897
  void (async () => {
2873
- const authResult = await validateHttpAuthAsync(req, $asai, urlPath);
2874
- if (!authResult.ok) {
2875
- return sendAuthError(res, authResult);
2876
- }
2877
- const handler = _optionalChain([$asai, 'access', _347 => _347.hostserversys, 'access', _348 => _348[handlerKey], 'optionalCall', _349 => _349($asai)]);
2878
- if (!handler) {
2879
- return sendError(res, 500, "Handler Initialization Failed");
2880
- }
2881
- if (_optionalChain([handler, 'optionalAccess', _350 => _350.show]) && typeof _optionalChain([handler, 'optionalAccess', _351 => _351.show]) === "function") {
2882
- handler.show(req, res, hostdir);
2883
- } else {
2884
- res.end("postdata");
2898
+ try {
2899
+ const authResult = await validateHttpAuthAsync(req, $asai, urlPath);
2900
+ if (!authResult.ok) {
2901
+ return sendAuthError(res, authResult);
2902
+ }
2903
+ const handler = _optionalChain([$asai, 'access', _350 => _350.hostserversys, 'access', _351 => _351[handlerKey], 'optionalCall', _352 => _352($asai)]);
2904
+ if (!handler) {
2905
+ return sendError(res, 500, "Handler Initialization Failed");
2906
+ }
2907
+ if (_optionalChain([handler, 'optionalAccess', _353 => _353.show]) && typeof _optionalChain([handler, 'optionalAccess', _354 => _354.show]) === "function") {
2908
+ handler.show(req, res, hostdir);
2909
+ } else {
2910
+ res.end("postdata");
2911
+ }
2912
+ } catch (err) {
2913
+ return sendError(res, 500, _optionalChain([err, 'optionalAccess', _355 => _355.message]) || "Internal Server Error");
2885
2914
  }
2886
- if (!handler) {
2887
- res.writeHead(404, {
2888
- "Content-Type": "application/json; charset=utf-8"
2889
- });
2890
- res.end(req.url);
2891
- } else {
2915
+ })().catch((err) => {
2916
+ if (!res.headersSent) {
2917
+ sendError(res, 500, _optionalChain([err, 'optionalAccess', _356 => _356.message]) || "Internal Server Error");
2892
2918
  }
2893
- })();
2919
+ });
2894
2920
  }
2895
2921
  _chunkSMVZ3ZDJcjs.__name.call(void 0, sysWork, "sysWork");
2896
2922
  return { sysWork };
@@ -2898,14 +2924,14 @@ var Sys_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2898
2924
 
2899
2925
  // src/common/server/WsClient.ts
2900
2926
  var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, wsname) => {
2901
- if (!_optionalChain([$asai, 'optionalAccess', _352 => _352.clientws])) {
2927
+ if (!_optionalChain([$asai, 'optionalAccess', _357 => _357.clientws])) {
2902
2928
  $asai.clientws = {};
2903
2929
  }
2904
2930
  if (!$asai.clientws[wsname]) {
2905
2931
  $asai.clientws[wsname] = { tasks: /* @__PURE__ */ new Map() };
2906
2932
  }
2907
2933
  function getKeyByData(msgdata) {
2908
- return _optionalChain([msgdata, 'optionalAccess', _353 => _353.id]) || _optionalChain([msgdata, 'optionalAccess', _354 => _354.ty]);
2934
+ return _optionalChain([msgdata, 'optionalAccess', _358 => _358.id]) || _optionalChain([msgdata, 'optionalAccess', _359 => _359.ty]);
2909
2935
  }
2910
2936
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getKeyByData, "getKeyByData");
2911
2937
  function clientwsInit() {
@@ -2918,7 +2944,7 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
2918
2944
  };
2919
2945
  $asai.clientws[wsname].socket.on("error", (err) => {
2920
2946
  $asai.clientws[wsname].open = 0;
2921
- _optionalChain([$asai, 'access', _355 => _355.hostconfig, 'access', _356 => _356.logger, 'optionalAccess', _357 => _357.lv, 'optionalAccess', _358 => _358.view]) && console.error(
2947
+ _optionalChain([$asai, 'access', _360 => _360.hostconfig, 'access', _361 => _361.logger, 'optionalAccess', _362 => _362.lv, 'optionalAccess', _363 => _363.view]) && console.error(
2922
2948
  666.2203,
2923
2949
  `${wsname}=${$asai.command.commandconfig.clientws[wsname]} is error.`,
2924
2950
  err
@@ -2927,14 +2953,14 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
2927
2953
  });
2928
2954
  $asai.clientws[wsname].socket.on("close", () => {
2929
2955
  $asai.clientws[wsname].open = 0;
2930
- _optionalChain([$asai, 'access', _359 => _359.hostconfig, 'access', _360 => _360.logger, 'optionalAccess', _361 => _361.lv, 'optionalAccess', _362 => _362.view]) && console.error(
2956
+ _optionalChain([$asai, 'access', _364 => _364.hostconfig, 'access', _365 => _365.logger, 'optionalAccess', _366 => _366.lv, 'optionalAccess', _367 => _367.view]) && console.error(
2931
2957
  666.2205,
2932
2958
  `${wsname}=${$asai.command.commandconfig.clientws[wsname]} is close.`
2933
2959
  );
2934
2960
  reject();
2935
2961
  });
2936
2962
  $asai.clientws[wsname].socket.onopen = () => {
2937
- _optionalChain([$asai, 'access', _363 => _363.hostconfig, 'access', _364 => _364.logger, 'optionalAccess', _365 => _365.lv, 'optionalAccess', _366 => _366.view]) && console.log(
2963
+ _optionalChain([$asai, 'access', _368 => _368.hostconfig, 'access', _369 => _369.logger, 'optionalAccess', _370 => _370.lv, 'optionalAccess', _371 => _371.view]) && console.log(
2938
2964
  666.2201,
2939
2965
  `${wsname}=${$asai.command.commandconfig.clientws[wsname]} is open.`
2940
2966
  );
@@ -2957,7 +2983,7 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
2957
2983
  const key = getKeyByData(messageData);
2958
2984
  const task = $asai.clientws[wsname].tasks.get(key);
2959
2985
  if (task) {
2960
- _optionalChain([task, 'optionalAccess', _367 => _367.callback, 'call', _368 => _368(messageData)]);
2986
+ _optionalChain([task, 'optionalAccess', _372 => _372.callback, 'call', _373 => _373(messageData)]);
2961
2987
  if (messageData.ty && !messageData.id) {
2962
2988
  } else {
2963
2989
  $asai.clientws[wsname].tasks.delete(key);
@@ -3011,7 +3037,7 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
3011
3037
  }
3012
3038
  _chunkSMVZ3ZDJcjs.__name.call(void 0, clientwsWatch, "clientwsWatch");
3013
3039
  function clientwsWatchOff(messageData) {
3014
- if (_optionalChain([messageData, 'optionalAccess', _369 => _369.ty]) === "clear") {
3040
+ if (_optionalChain([messageData, 'optionalAccess', _374 => _374.ty]) === "clear") {
3015
3041
  $asai.clientws[wsname].tasks = /* @__PURE__ */ new Map();
3016
3042
  } else {
3017
3043
  const key = getKeyByData(messageData);
@@ -3052,7 +3078,7 @@ var ping_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai)
3052
3078
  var web_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3053
3079
  function chatBoard(msgdata, ws2, hostdir, req) {
3054
3080
  let room;
3055
- if (_optionalChain([msgdata, 'access', _370 => _370.db, 'optionalAccess', _371 => _371.room]) && typeof msgdata.db.room === "string") {
3081
+ if (_optionalChain([msgdata, 'access', _375 => _375.db, 'optionalAccess', _376 => _376.room]) && typeof msgdata.db.room === "string") {
3056
3082
  room = msgdata.db.room;
3057
3083
  delete msgdata.db.room;
3058
3084
  } else {
@@ -3109,26 +3135,26 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3109
3135
  removeFile: removeFile2,
3110
3136
  resolvePathUnderBase: resolvePathUnderBase2
3111
3137
  } = $asai.$lib.AsFs;
3112
- const { sendSuccess, sendFail, mnLog } = _optionalChain([$asai, 'access', _372 => _372.$lib, 'optionalAccess', _373 => _373.reqWork, 'optionalCall', _374 => _374($asai)]);
3138
+ const { sendSuccess, sendFail, mnLog } = _optionalChain([$asai, 'access', _377 => _377.$lib, 'optionalAccess', _378 => _378.reqWork, 'optionalCall', _379 => _379($asai)]);
3113
3139
  function mgLog(...arg) {
3114
3140
  mnLog("LOG", ...arg);
3115
3141
  }
3116
3142
  _chunkSMVZ3ZDJcjs.__name.call(void 0, mgLog, "mgLog");
3117
3143
  function getDir(opt) {
3118
- let tmpDir = _optionalChain([opt, 'access', _375 => _375.qrdata, 'optionalAccess', _376 => _376.dir]) || _optionalChain([opt, 'access', _377 => _377.data, 'optionalAccess', _378 => _378.dir]);
3144
+ let tmpDir = _optionalChain([opt, 'access', _380 => _380.qrdata, 'optionalAccess', _381 => _381.dir]) || _optionalChain([opt, 'access', _382 => _382.data, 'optionalAccess', _383 => _383.dir]);
3119
3145
  if (tmpDir) {
3120
3146
  tmpDir = decodeURIComponent(tmpDir);
3121
3147
  } else {
3122
- tmpDir = _optionalChain([opt, 'access', _379 => _379.qrdata, 'optionalAccess', _380 => _380.ty]) || _optionalChain([opt, 'access', _381 => _381.data, 'optionalAccess', _382 => _382.ty]);
3148
+ tmpDir = _optionalChain([opt, 'access', _384 => _384.qrdata, 'optionalAccess', _385 => _385.ty]) || _optionalChain([opt, 'access', _386 => _386.data, 'optionalAccess', _387 => _387.ty]);
3123
3149
  if (tmpDir) {
3124
3150
  tmpDir = decodeURIComponent(tmpDir);
3125
3151
  if (tmpDir === "access-clf" || tmpDir === "access-w3c") {
3126
- tmpDir = _optionalChain([$asai, 'access', _383 => _383.hostconfig, 'access', _384 => _384.logger, 'optionalAccess', _385 => _385.path, 'optionalAccess', _386 => _386.access]) || "";
3152
+ tmpDir = _optionalChain([$asai, 'access', _388 => _388.hostconfig, 'access', _389 => _389.logger, 'optionalAccess', _390 => _390.path, 'optionalAccess', _391 => _391.access]) || "";
3127
3153
  } else {
3128
- tmpDir = _optionalChain([$asai, 'access', _387 => _387.hostconfig, 'access', _388 => _388.logger, 'optionalAccess', _389 => _389.path, 'optionalAccess', _390 => _390[tmpDir]]) || "";
3154
+ tmpDir = _optionalChain([$asai, 'access', _392 => _392.hostconfig, 'access', _393 => _393.logger, 'optionalAccess', _394 => _394.path, 'optionalAccess', _395 => _395[tmpDir]]) || "";
3129
3155
  }
3130
3156
  } else {
3131
- tmpDir = _optionalChain([$asai, 'access', _391 => _391.hostconfig, 'access', _392 => _392.logger, 'optionalAccess', _393 => _393.path, 'optionalAccess', _394 => _394.client]) || "";
3157
+ tmpDir = _optionalChain([$asai, 'access', _396 => _396.hostconfig, 'access', _397 => _397.logger, 'optionalAccess', _398 => _398.path, 'optionalAccess', _399 => _399.client]) || "";
3132
3158
  }
3133
3159
  }
3134
3160
  return tmpDir;
@@ -3146,7 +3172,7 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3146
3172
  return;
3147
3173
  }
3148
3174
  if (url.startsWith("/api/asailog/manage/add/")) {
3149
- if (!await ensureLv(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3175
+ if (!await ensureLv(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3150
3176
  try {
3151
3177
  mgLog("add", "server:", opt.data);
3152
3178
  await $asai.$log("LOG", "ADD", opt.data);
@@ -3160,7 +3186,7 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3160
3186
  if (!await ensureLv(req, $asai, 3)) return sendFail(res, "Forbidden", opt);
3161
3187
  try {
3162
3188
  const baseDir = getDir(opt);
3163
- const relPath = decodeURIComponent(_optionalChain([opt, 'access', _395 => _395.qrdata, 'optionalAccess', _396 => _396.path]) || _optionalChain([opt, 'access', _397 => _397.data, 'optionalAccess', _398 => _398.path]));
3189
+ const relPath = decodeURIComponent(_optionalChain([opt, 'access', _400 => _400.qrdata, 'optionalAccess', _401 => _401.path]) || _optionalChain([opt, 'access', _402 => _402.data, 'optionalAccess', _403 => _403.path]));
3164
3190
  const jsonpath = resolvePathUnderBase2(baseDir, relPath);
3165
3191
  await ensureFile2(jsonpath);
3166
3192
  mgLog("ENSURE", jsonpath);
@@ -3179,13 +3205,13 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3179
3205
  async function get(req, res, hostdir, opt) {
3180
3206
  const url = req.url;
3181
3207
  if (url.startsWith("/api/asailog/manage/selectlist/")) {
3182
- if (!await ensureLv(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3208
+ if (!await ensureLv(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3183
3209
  try {
3184
- const ty = decodeURIComponent(_optionalChain([opt, 'access', _399 => _399.qrdata, 'optionalAccess', _400 => _400.ty]) || _optionalChain([opt, 'access', _401 => _401.data, 'optionalAccess', _402 => _402.ty]) || "client");
3185
- if (!_chunkTKJAHTPOcjs.prefersDiskLogAccess.call(void 0, $asai) && _chunkTKJAHTPOcjs.isLogStoreEnabled.call(void 0, $asai) && (ty === "client" || ty === "server" || ty === "sec")) {
3210
+ const ty = decodeURIComponent(_optionalChain([opt, 'access', _404 => _404.qrdata, 'optionalAccess', _405 => _405.ty]) || _optionalChain([opt, 'access', _406 => _406.data, 'optionalAccess', _407 => _407.ty]) || "client");
3211
+ if (!_chunkHR5JKN7Ycjs.prefersDiskLogAccess.call(void 0, $asai) && _chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai) && (ty === "client" || ty === "server" || ty === "sec")) {
3186
3212
  const kind = ty === "sec" ? "sec" : "web";
3187
- const groups = await _chunkTKJAHTPOcjs.listUnifiedGroups.call(void 0, $asai, { kind, source: ty === "sec" ? "sec" : ty });
3188
- const children = _chunkTKJAHTPOcjs.groupsToManageChildren.call(void 0, groups);
3213
+ const groups = await _chunkHR5JKN7Ycjs.listUnifiedGroups.call(void 0, $asai, { kind, source: ty === "sec" ? "sec" : ty });
3214
+ const children = _chunkHR5JKN7Ycjs.groupsToManageChildren.call(void 0, groups);
3189
3215
  if (children.length) {
3190
3216
  mgLog("LIST", `store:${ty}`, children.length);
3191
3217
  return sendSuccess(res, { children, fromStore: true }, opt);
@@ -3207,12 +3233,12 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3207
3233
  return;
3208
3234
  }
3209
3235
  if (url.startsWith("/api/asailog/manage/select/")) {
3210
- if (!await ensureLv(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3236
+ if (!await ensureLv(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3211
3237
  try {
3212
- const ty = decodeURIComponent(_optionalChain([opt, 'access', _403 => _403.qrdata, 'optionalAccess', _404 => _404.ty]) || _optionalChain([opt, 'access', _405 => _405.data, 'optionalAccess', _406 => _406.ty]) || "client");
3213
- const relPath = decodeURIComponent(_optionalChain([opt, 'access', _407 => _407.qrdata, 'optionalAccess', _408 => _408.path]) || _optionalChain([opt, 'access', _409 => _409.data, 'optionalAccess', _410 => _410.path]));
3214
- if (!_chunkTKJAHTPOcjs.prefersDiskLogAccess.call(void 0, $asai) && _chunkTKJAHTPOcjs.isLogStoreEnabled.call(void 0, $asai) && (ty === "client" || ty === "server" || ty === "sec")) {
3215
- const data2 = await _chunkTKJAHTPOcjs.readWebLogFromStore.call(void 0, $asai, ty, relPath);
3238
+ const ty = decodeURIComponent(_optionalChain([opt, 'access', _408 => _408.qrdata, 'optionalAccess', _409 => _409.ty]) || _optionalChain([opt, 'access', _410 => _410.data, 'optionalAccess', _411 => _411.ty]) || "client");
3239
+ const relPath = decodeURIComponent(_optionalChain([opt, 'access', _412 => _412.qrdata, 'optionalAccess', _413 => _413.path]) || _optionalChain([opt, 'access', _414 => _414.data, 'optionalAccess', _415 => _415.path]));
3240
+ if (!_chunkHR5JKN7Ycjs.prefersDiskLogAccess.call(void 0, $asai) && _chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai) && (ty === "client" || ty === "server" || ty === "sec")) {
3241
+ const data2 = await _chunkHR5JKN7Ycjs.readWebLogFromStore.call(void 0, $asai, ty, relPath);
3216
3242
  if (data2) {
3217
3243
  mgLog("READ", `store:${ty}/${relPath}`);
3218
3244
  return sendSuccess(res, data2, opt);
@@ -3238,10 +3264,10 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3238
3264
  if (!await ensureLv(req, $asai, 3)) return sendFail(res, "Forbidden", opt);
3239
3265
  try {
3240
3266
  const baseDir = getDir(opt);
3241
- const relPath = decodeURIComponent(_optionalChain([opt, 'access', _411 => _411.qrdata, 'optionalAccess', _412 => _412.path]) || _optionalChain([opt, 'access', _413 => _413.data, 'optionalAccess', _414 => _414.path]));
3267
+ const relPath = decodeURIComponent(_optionalChain([opt, 'access', _416 => _416.qrdata, 'optionalAccess', _417 => _417.path]) || _optionalChain([opt, 'access', _418 => _418.data, 'optionalAccess', _419 => _419.path]));
3242
3268
  const fileName = relPath.split(/[/\\]/).pop() || relPath;
3243
- if (_chunkTKJAHTPOcjs.isLogStoreEnabled.call(void 0, $asai)) {
3244
- await _chunkTKJAHTPOcjs.purgeStoreEntriesForFile.call(void 0, $asai, fileName).catch(() => void 0);
3269
+ if (_chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai)) {
3270
+ await _chunkHR5JKN7Ycjs.purgeStoreEntriesForFile.call(void 0, $asai, fileName).catch(() => void 0);
3245
3271
  }
3246
3272
  const filepath = resolvePathUnderBase2(baseDir, relPath);
3247
3273
  mgLog("DELETE", filepath);
@@ -3261,14 +3287,14 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3261
3287
 
3262
3288
  // src/infra/siem-auth.ts
3263
3289
  function isSiemEnabled($asai) {
3264
- const cfg = _optionalChain([$asai, 'optionalAccess', _415 => _415.hostconfig, 'optionalAccess', _416 => _416.logger, 'optionalAccess', _417 => _417.siem]);
3265
- return !!(_optionalChain([cfg, 'optionalAccess', _418 => _418.enabled]) && getSiemToken($asai));
3290
+ const cfg = _optionalChain([$asai, 'optionalAccess', _420 => _420.hostconfig, 'optionalAccess', _421 => _421.logger, 'optionalAccess', _422 => _422.siem]);
3291
+ return !!(_optionalChain([cfg, 'optionalAccess', _423 => _423.enabled]) && getSiemToken($asai));
3266
3292
  }
3267
3293
  _chunkSMVZ3ZDJcjs.__name.call(void 0, isSiemEnabled, "isSiemEnabled");
3268
3294
  function getSiemToken($asai) {
3269
3295
  const fromEnv = process.env.ASAI_SIEM_TOKEN;
3270
3296
  if (typeof fromEnv === "string" && fromEnv.trim()) return fromEnv.trim();
3271
- const fromCfg = _optionalChain([$asai, 'optionalAccess', _419 => _419.hostconfig, 'optionalAccess', _420 => _420.logger, 'optionalAccess', _421 => _421.siem, 'optionalAccess', _422 => _422.token]);
3297
+ const fromCfg = _optionalChain([$asai, 'optionalAccess', _424 => _424.hostconfig, 'optionalAccess', _425 => _425.logger, 'optionalAccess', _426 => _426.siem, 'optionalAccess', _427 => _427.token]);
3272
3298
  return typeof fromCfg === "string" ? fromCfg.trim() : "";
3273
3299
  }
3274
3300
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getSiemToken, "getSiemToken");
@@ -3276,9 +3302,9 @@ function isSiemTokenValid($asai, req) {
3276
3302
  if (!isSiemEnabled($asai)) return false;
3277
3303
  const expected = getSiemToken($asai);
3278
3304
  if (!expected) return false;
3279
- const header = _optionalChain([req, 'optionalAccess', _423 => _423.headers, 'optionalAccess', _424 => _424["x-siem-token"]]) || _optionalChain([req, 'optionalAccess', _425 => _425.headers, 'optionalAccess', _426 => _426["x-api-key"]]);
3305
+ const header = _optionalChain([req, 'optionalAccess', _428 => _428.headers, 'optionalAccess', _429 => _429["x-siem-token"]]) || _optionalChain([req, 'optionalAccess', _430 => _430.headers, 'optionalAccess', _431 => _431["x-api-key"]]);
3280
3306
  if (typeof header === "string" && header === expected) return true;
3281
- const q = _optionalChain([req, 'optionalAccess', _427 => _427.query]) || {};
3307
+ const q = _optionalChain([req, 'optionalAccess', _432 => _432.query]) || {};
3282
3308
  const qToken = q.siem_token || q.token;
3283
3309
  return typeof qToken === "string" && qToken === expected;
3284
3310
  }
@@ -3302,24 +3328,24 @@ function getNs(raw) {
3302
3328
  }
3303
3329
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getNs, "getNs");
3304
3330
  async function ensureServerUser(req, $asai) {
3305
- if (Array.isArray(_optionalChain([req, 'optionalAccess', _428 => _428.Userinfo])) && req.Userinfo[0]) {
3331
+ if (Array.isArray(_optionalChain([req, 'optionalAccess', _433 => _433.Userinfo])) && req.Userinfo[0]) {
3306
3332
  await attachServerUserLevel(req, $asai);
3307
3333
  }
3308
3334
  }
3309
3335
  _chunkSMVZ3ZDJcjs.__name.call(void 0, ensureServerUser, "ensureServerUser");
3310
3336
  var interventionlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3311
- const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _429 => _429.$lib, 'optionalAccess', _430 => _430.reqWork, 'optionalCall', _431 => _431($asai)]) || {};
3337
+ const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _434 => _434.$lib, 'optionalAccess', _435 => _435.reqWork, 'optionalCall', _436 => _436($asai)]) || {};
3312
3338
  const IL = $asai.$lib.InterventionLog;
3313
3339
  async function get(req, res, hostdir, opt) {
3314
3340
  const url = req.url || "";
3315
3341
  if (url.startsWith("/api/asailog/intervention/selectlist/")) {
3316
- if (!await ensureLogReadAccess(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3342
+ if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3317
3343
  try {
3318
- const ns = getNs(_optionalChain([opt, 'access', _432 => _432.qrdata, 'optionalAccess', _433 => _433.ns]) || _optionalChain([opt, 'access', _434 => _434.data, 'optionalAccess', _435 => _435.ns]));
3344
+ const ns = getNs(_optionalChain([opt, 'access', _437 => _437.qrdata, 'optionalAccess', _438 => _438.ns]) || _optionalChain([opt, 'access', _439 => _439.data, 'optionalAccess', _440 => _440.ns]));
3319
3345
  let list = await IL.listInterventionFiles($asai, ns);
3320
- if (_chunkTKJAHTPOcjs.isLogStoreEnabled.call(void 0, $asai) && !_chunkTKJAHTPOcjs.prefersDiskLogAccess.call(void 0, $asai)) {
3321
- const groups = await _chunkTKJAHTPOcjs.listUnifiedGroups.call(void 0, $asai, { kind: "intervention", ns });
3322
- const fromStore = _chunkTKJAHTPOcjs.groupsToInterventionFiles.call(void 0, groups, ns);
3346
+ if (_chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai) && !_chunkHR5JKN7Ycjs.prefersDiskLogAccess.call(void 0, $asai)) {
3347
+ const groups = await _chunkHR5JKN7Ycjs.listUnifiedGroups.call(void 0, $asai, { kind: "intervention", ns });
3348
+ const fromStore = _chunkHR5JKN7Ycjs.groupsToInterventionFiles.call(void 0, groups, ns);
3323
3349
  const names = new Set(list.map((f) => f.name));
3324
3350
  for (const f of fromStore) {
3325
3351
  if (!names.has(f.name)) list.push(f);
@@ -3327,27 +3353,27 @@ var interventionlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void
3327
3353
  }
3328
3354
  return sendSuccess(res, { ns, files: list }, opt);
3329
3355
  } catch (err) {
3330
- return sendFail(res, _optionalChain([err, 'optionalAccess', _436 => _436.message]) || err, opt);
3356
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _441 => _441.message]) || err, opt);
3331
3357
  }
3332
3358
  }
3333
3359
  if (url.startsWith("/api/asailog/intervention/select/")) {
3334
- if (!await ensureLogReadAccess(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3360
+ if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3335
3361
  try {
3336
- const name = decodeURIComponent(_optionalChain([opt, 'access', _437 => _437.qrdata, 'optionalAccess', _438 => _438.name]) || _optionalChain([opt, 'access', _439 => _439.data, 'optionalAccess', _440 => _440.name]) || "");
3337
- const ns = getNs(_optionalChain([opt, 'access', _441 => _441.qrdata, 'optionalAccess', _442 => _442.ns]) || _optionalChain([opt, 'access', _443 => _443.data, 'optionalAccess', _444 => _444.ns]));
3362
+ const name = decodeURIComponent(_optionalChain([opt, 'access', _442 => _442.qrdata, 'optionalAccess', _443 => _443.name]) || _optionalChain([opt, 'access', _444 => _444.data, 'optionalAccess', _445 => _445.name]) || "");
3363
+ const ns = getNs(_optionalChain([opt, 'access', _446 => _446.qrdata, 'optionalAccess', _447 => _447.ns]) || _optionalChain([opt, 'access', _448 => _448.data, 'optionalAccess', _449 => _449.ns]));
3338
3364
  if (!name) return sendFail(res, "name required", opt);
3339
3365
  const content = await IL.readInterventionFile($asai, name, ns);
3340
3366
  return sendSuccess(res, { ns, ...content }, opt);
3341
3367
  } catch (err) {
3342
- return sendFail(res, _optionalChain([err, 'optionalAccess', _445 => _445.message]) || err, opt);
3368
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _450 => _450.message]) || err, opt);
3343
3369
  }
3344
3370
  }
3345
3371
  if (url.startsWith("/api/asailog/intervention/types/")) {
3346
- if (!await ensureLogReadAccess(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3372
+ if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3347
3373
  try {
3348
3374
  return sendSuccess(res, IL.getInterventionTaxonomy($asai), opt);
3349
3375
  } catch (err) {
3350
- return sendFail(res, _optionalChain([err, 'optionalAccess', _446 => _446.message]) || err, opt);
3376
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _451 => _451.message]) || err, opt);
3351
3377
  }
3352
3378
  }
3353
3379
  }
@@ -3355,7 +3381,7 @@ var interventionlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void
3355
3381
  async function post(req, res, hostdir, opt) {
3356
3382
  const url = req.url || "";
3357
3383
  if (url.startsWith("/api/asailog/intervention/delete/")) {
3358
- if (!await ensureLogWriteAccess(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "adminWrite"))) return sendFail(res, "Forbidden", opt);
3384
+ if (!await ensureLogWriteAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "adminWrite"))) return sendFail(res, "Forbidden", opt);
3359
3385
  await ensureServerUser(req, $asai);
3360
3386
  const lv = getRequestUserLevel(req);
3361
3387
  const us = getRequestUsername(req);
@@ -3377,7 +3403,7 @@ var interventionlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void
3377
3403
  );
3378
3404
  return sendSuccess(res, { ns, ...result }, opt);
3379
3405
  } catch (err) {
3380
- return sendFail(res, _optionalChain([err, 'optionalAccess', _447 => _447.message]) || err, opt);
3406
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _452 => _452.message]) || err, opt);
3381
3407
  }
3382
3408
  }
3383
3409
  }
@@ -3396,7 +3422,7 @@ function parseQuery(opt) {
3396
3422
  }
3397
3423
  _chunkSMVZ3ZDJcjs.__name.call(void 0, parseQuery, "parseQuery");
3398
3424
  function parseBody(opt) {
3399
- if (!_optionalChain([opt, 'optionalAccess', _448 => _448.data])) return {};
3425
+ if (!_optionalChain([opt, 'optionalAccess', _453 => _453.data])) return {};
3400
3426
  if (typeof opt.data === "string") {
3401
3427
  try {
3402
3428
  return JSON.parse(opt.data);
@@ -3408,47 +3434,47 @@ function parseBody(opt) {
3408
3434
  }
3409
3435
  _chunkSMVZ3ZDJcjs.__name.call(void 0, parseBody, "parseBody");
3410
3436
  var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3411
- const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _449 => _449.$lib, 'optionalAccess', _450 => _450.reqWork, 'optionalCall', _451 => _451($asai)]) || {};
3437
+ const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _454 => _454.$lib, 'optionalAccess', _455 => _455.reqWork, 'optionalCall', _456 => _456($asai)]) || {};
3412
3438
  const IL = $asai.$lib.InterventionLog;
3413
3439
  async function get(req, res, hostdir, opt) {
3414
3440
  const url = req.url || "";
3415
3441
  const q = parseQuery(opt);
3416
3442
  if (url.startsWith("/api/asailog/store/config/")) {
3417
- if (!await ensureLogReadAccess(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3443
+ if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3418
3444
  try {
3419
- return sendSuccess(res, _chunkTKJAHTPOcjs.getLogStoreMeta.call(void 0, $asai), opt);
3445
+ return sendSuccess(res, _chunkHR5JKN7Ycjs.getLogStoreMeta.call(void 0, $asai), opt);
3420
3446
  } catch (err) {
3421
- return sendFail(res, _optionalChain([err, 'optionalAccess', _452 => _452.message]) || err, opt);
3447
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _457 => _457.message]) || err, opt);
3422
3448
  }
3423
3449
  }
3424
3450
  if (url.startsWith("/api/asailog/store/stats/")) {
3425
- if (!await ensureLogReadAccess(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3426
- if (!_chunkTKJAHTPOcjs.isLogStoreEnabled.call(void 0, $asai)) {
3427
- return sendSuccess(res, { store: "disabled", message: "logger.store not configured", config: _chunkTKJAHTPOcjs.getLogStoreMeta.call(void 0, $asai) }, opt);
3451
+ if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3452
+ if (!_chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai)) {
3453
+ return sendSuccess(res, { store: "disabled", message: "logger.store not configured", config: _chunkHR5JKN7Ycjs.getLogStoreMeta.call(void 0, $asai) }, opt);
3428
3454
  }
3429
3455
  try {
3430
- const storeType = _chunkTKJAHTPOcjs.getEffectiveStoreType.call(void 0, $asai);
3431
- const stats = await _chunkTKJAHTPOcjs.getUnifiedStats.call(void 0, $asai);
3432
- return sendSuccess(res, { store: storeType, stats, config: _chunkTKJAHTPOcjs.getLogStoreMeta.call(void 0, $asai) }, opt);
3456
+ const storeType = _chunkHR5JKN7Ycjs.getEffectiveStoreType.call(void 0, $asai);
3457
+ const stats = await _chunkHR5JKN7Ycjs.getUnifiedStats.call(void 0, $asai);
3458
+ return sendSuccess(res, { store: storeType, stats, config: _chunkHR5JKN7Ycjs.getLogStoreMeta.call(void 0, $asai) }, opt);
3433
3459
  } catch (err) {
3434
- return sendFail(res, _optionalChain([err, 'optionalAccess', _453 => _453.message]) || err, opt);
3460
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _458 => _458.message]) || err, opt);
3435
3461
  }
3436
3462
  }
3437
3463
  if (url.startsWith("/api/asailog/store/compliance/")) {
3438
- if (!await ensureLogReadAccess(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3464
+ if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3439
3465
  try {
3440
3466
  const ns = q.ns === "test" ? "test" : "prod";
3441
- const report = await _chunkTKJAHTPOcjs.getComplianceReport.call(void 0, $asai, ns);
3467
+ const report = await _chunkHR5JKN7Ycjs.getComplianceReport.call(void 0, $asai, ns);
3442
3468
  return sendSuccess(res, report, opt);
3443
3469
  } catch (err) {
3444
- return sendFail(res, _optionalChain([err, 'optionalAccess', _454 => _454.message]) || err, opt);
3470
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _459 => _459.message]) || err, opt);
3445
3471
  }
3446
3472
  }
3447
3473
  if (url.startsWith("/api/asailog/store/search/")) {
3448
- if (!await ensureLogReadAccess(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3449
- if (!_chunkTKJAHTPOcjs.isLogStoreEnabled.call(void 0, $asai)) return sendFail(res, "Log store not enabled", opt);
3474
+ if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3475
+ if (!_chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai)) return sendFail(res, "Log store not enabled", opt);
3450
3476
  try {
3451
- const result = await _chunkTKJAHTPOcjs.searchUnifiedLogs.call(void 0, $asai, {
3477
+ const result = await _chunkHR5JKN7Ycjs.searchUnifiedLogs.call(void 0, $asai, {
3452
3478
  kind: q.kind ? q.kind : void 0,
3453
3479
  ns: q.ns ? q.ns : void 0,
3454
3480
  source: q.source || q.ty || void 0,
@@ -3463,11 +3489,11 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3463
3489
  });
3464
3490
  return sendSuccess(res, result, opt);
3465
3491
  } catch (err) {
3466
- return sendFail(res, _optionalChain([err, 'optionalAccess', _455 => _455.message]) || err, opt);
3492
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _460 => _460.message]) || err, opt);
3467
3493
  }
3468
3494
  }
3469
3495
  if (url.startsWith("/api/asailog/store/export/")) {
3470
- if (!await ensureLogReadAccess(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3496
+ if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3471
3497
  try {
3472
3498
  const kind = q.kind || "intervention";
3473
3499
  const format = q.format || "raw";
@@ -3475,7 +3501,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3475
3501
  const ns = q.ns === "test" ? "test" : "prod";
3476
3502
  const source = q.source || q.ty || "server";
3477
3503
  if (!fileName && kind === "intervention") return sendFail(res, "name required", opt);
3478
- const payload = await _chunkTKJAHTPOcjs.exportLogContent.call(void 0, $asai, {
3504
+ const payload = await _chunkHR5JKN7Ycjs.exportLogContent.call(void 0, $asai, {
3479
3505
  kind,
3480
3506
  ns: kind === "intervention" ? ns : void 0,
3481
3507
  fileName: fileName || void 0,
@@ -3484,36 +3510,36 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3484
3510
  });
3485
3511
  return sendSuccess(res, payload, opt);
3486
3512
  } catch (err) {
3487
- return sendFail(res, _optionalChain([err, 'optionalAccess', _456 => _456.message]) || err, opt);
3513
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _461 => _461.message]) || err, opt);
3488
3514
  }
3489
3515
  }
3490
3516
  if (url.startsWith("/api/asailog/store/taxonomy/")) {
3491
- if (!await ensureLogReadAccess(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3517
+ if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3492
3518
  try {
3493
3519
  return sendSuccess(res, IL.getInterventionTaxonomy($asai), opt);
3494
3520
  } catch (err) {
3495
- return sendFail(res, _optionalChain([err, 'optionalAccess', _457 => _457.message]) || err, opt);
3521
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _462 => _462.message]) || err, opt);
3496
3522
  }
3497
3523
  }
3498
3524
  if (url.startsWith("/api/asailog/store/formats/")) {
3499
- if (!await ensureLogReadAccess(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3525
+ if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3500
3526
  try {
3501
3527
  const { getLogFormatTaxonomy } = await Promise.resolve().then(() => _interopRequireWildcard(require("./log-formats-TUXGMCCU.cjs")));
3502
3528
  return sendSuccess(res, getLogFormatTaxonomy($asai), opt);
3503
3529
  } catch (err) {
3504
- return sendFail(res, _optionalChain([err, 'optionalAccess', _458 => _458.message]) || err, opt);
3530
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _463 => _463.message]) || err, opt);
3505
3531
  }
3506
3532
  }
3507
3533
  if (url.startsWith("/api/asailog/store/selectlist/")) {
3508
- if (!await ensureLogReadAccess(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3509
- if (!_chunkTKJAHTPOcjs.isLogStoreEnabled.call(void 0, $asai)) return sendFail(res, "Log store not enabled", opt);
3534
+ if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3535
+ if (!_chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai)) return sendFail(res, "Log store not enabled", opt);
3510
3536
  try {
3511
3537
  const kind = q.kind ? String(q.kind) : void 0;
3512
3538
  const ns = q.ns ? String(q.ns) : void 0;
3513
3539
  const source = q.source || q.ty ? String(q.source || q.ty) : void 0;
3514
- const groups = await _chunkTKJAHTPOcjs.listUnifiedGroups.call(void 0, $asai, { kind, ns, source });
3540
+ const groups = await _chunkHR5JKN7Ycjs.listUnifiedGroups.call(void 0, $asai, { kind, ns, source });
3515
3541
  if (kind === "intervention" || ns) {
3516
- return sendSuccess(res, { files: _chunkTKJAHTPOcjs.groupsToInterventionFiles.call(void 0, groups, ns || "prod"), ns: ns || "prod" }, opt);
3542
+ return sendSuccess(res, { files: _chunkHR5JKN7Ycjs.groupsToInterventionFiles.call(void 0, groups, ns || "prod"), ns: ns || "prod" }, opt);
3517
3543
  }
3518
3544
  if (kind === "web" || kind === "sec" || kind === "access" || source) {
3519
3545
  const children = kind === "access" ? groups.filter((g) => g.kind === "access").map((g) => ({
@@ -3523,21 +3549,21 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3523
3549
  entryCount: g.entryCount,
3524
3550
  source: g.source,
3525
3551
  fromStore: true
3526
- })) : _chunkTKJAHTPOcjs.groupsToManageChildren.call(void 0, groups);
3552
+ })) : _chunkHR5JKN7Ycjs.groupsToManageChildren.call(void 0, groups);
3527
3553
  return sendSuccess(res, { children, source }, opt);
3528
3554
  }
3529
3555
  return sendSuccess(res, { groups }, opt);
3530
3556
  } catch (err) {
3531
- return sendFail(res, _optionalChain([err, 'optionalAccess', _459 => _459.message]) || err, opt);
3557
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _464 => _464.message]) || err, opt);
3532
3558
  }
3533
3559
  }
3534
3560
  if (url.startsWith("/api/asailog/store/select/")) {
3535
- if (!await ensureLogReadAccess(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3536
- if (!_chunkTKJAHTPOcjs.isLogStoreEnabled.call(void 0, $asai)) return sendFail(res, "Log store not enabled", opt);
3561
+ if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3562
+ if (!_chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai)) return sendFail(res, "Log store not enabled", opt);
3537
3563
  try {
3538
3564
  const id = q.id;
3539
3565
  if (id != null) {
3540
- const row = await _chunkTKJAHTPOcjs.getUnifiedEntry.call(void 0, $asai, id);
3566
+ const row = await _chunkHR5JKN7Ycjs.getUnifiedEntry.call(void 0, $asai, id);
3541
3567
  if (!row) return sendFail(res, "not found", opt);
3542
3568
  return sendSuccess(res, { entry: row }, opt);
3543
3569
  }
@@ -3546,14 +3572,14 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3546
3572
  const ns = q.ns ? String(q.ns) : "";
3547
3573
  const source = q.source || q.ty ? String(q.source || q.ty) : "server";
3548
3574
  if (kind === "web" || kind === "sec" || !kind && fileName.startsWith("log-")) {
3549
- const content = await _chunkTKJAHTPOcjs.readWebLogFromStore.call(void 0, $asai, source, fileName);
3575
+ const content = await _chunkHR5JKN7Ycjs.readWebLogFromStore.call(void 0, $asai, source, fileName);
3550
3576
  return sendSuccess(res, content, opt);
3551
3577
  }
3552
3578
  if (kind === "intervention" || fileName.includes(".cef.log")) {
3553
3579
  const content = await IL.readInterventionFile($asai, fileName, ns === "test" ? "test" : "prod");
3554
3580
  return sendSuccess(res, { ns: ns || "prod", ...content, fromStore: true }, opt);
3555
3581
  }
3556
- const rows = await _chunkTKJAHTPOcjs.queryUnifiedLogs.call(void 0, $asai, {
3582
+ const rows = await _chunkHR5JKN7Ycjs.queryUnifiedLogs.call(void 0, $asai, {
3557
3583
  kind,
3558
3584
  ns,
3559
3585
  source,
@@ -3562,7 +3588,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3562
3588
  });
3563
3589
  return sendSuccess(res, { entries: rows }, opt);
3564
3590
  } catch (err) {
3565
- return sendFail(res, _optionalChain([err, 'optionalAccess', _460 => _460.message]) || err, opt);
3591
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _465 => _465.message]) || err, opt);
3566
3592
  }
3567
3593
  }
3568
3594
  }
@@ -3570,13 +3596,13 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3570
3596
  async function post(req, res, hostdir, opt) {
3571
3597
  const url = req.url || "";
3572
3598
  if (!url.startsWith("/api/asailog/store/archive/")) return;
3573
- if (!await ensureLogWriteAccess(req, $asai, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "adminWrite"))) return sendFail(res, "Forbidden", opt);
3599
+ if (!await ensureLogWriteAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "adminWrite"))) return sendFail(res, "Forbidden", opt);
3574
3600
  try {
3575
3601
  const body = parseBody(opt);
3576
3602
  const year = Number(body.year);
3577
3603
  if (!year || year < 2e3 || year > 2100) return sendFail(res, "invalid year", opt);
3578
3604
  const ns = body.ns === "test" ? "test" : "prod";
3579
- const result = await _chunkTKJAHTPOcjs.archiveInterventionYear.call(void 0, $asai, {
3605
+ const result = await _chunkHR5JKN7Ycjs.archiveInterventionYear.call(void 0, $asai, {
3580
3606
  year,
3581
3607
  ns,
3582
3608
  dryRun: !!body.dryRun,
@@ -3584,7 +3610,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3584
3610
  });
3585
3611
  return sendSuccess(res, result, opt);
3586
3612
  } catch (err) {
3587
- return sendFail(res, _optionalChain([err, 'optionalAccess', _461 => _461.message]) || err, opt);
3613
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _466 => _466.message]) || err, opt);
3588
3614
  }
3589
3615
  }
3590
3616
  _chunkSMVZ3ZDJcjs.__name.call(void 0, post, "post");
@@ -3596,7 +3622,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3596
3622
 
3597
3623
  var registry = null;
3598
3624
  function resolveFilePath($asai) {
3599
- const root = _optionalChain([$asai, 'optionalAccess', _462 => _462.serverRoot]) || process.cwd();
3625
+ const root = _optionalChain([$asai, 'optionalAccess', _467 => _467.serverRoot]) || process.cwd();
3600
3626
  return nodePath3.join(root, "websys/sys/errorcodes.json");
3601
3627
  }
3602
3628
  _chunkSMVZ3ZDJcjs.__name.call(void 0, resolveFilePath, "resolveFilePath");
@@ -3614,7 +3640,7 @@ function loadErrorCodes($asai) {
3614
3640
  }
3615
3641
  _chunkSMVZ3ZDJcjs.__name.call(void 0, loadErrorCodes, "loadErrorCodes");
3616
3642
  function getError(ec) {
3617
- return _optionalChain([registry, 'optionalAccess', _463 => _463.errors, 'optionalAccess', _464 => _464[ec]]) || null;
3643
+ return _optionalChain([registry, 'optionalAccess', _468 => _468.errors, 'optionalAccess', _469 => _469[ec]]) || null;
3618
3644
  }
3619
3645
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getError, "getError");
3620
3646
  function hasError(ec) {
@@ -3623,11 +3649,11 @@ function hasError(ec) {
3623
3649
  _chunkSMVZ3ZDJcjs.__name.call(void 0, hasError, "hasError");
3624
3650
  function logError($asai, ec, params) {
3625
3651
  const entry = getError(ec);
3626
- const logFn = _optionalChain([$asai, 'optionalAccess', _465 => _465.$log]) || console.warn;
3652
+ const logFn = _optionalChain([$asai, 'optionalAccess', _470 => _470.$log]) || console.warn;
3627
3653
  if (entry) {
3628
- logFn(`[EC:${ec}]`, entry.id || "", entry.detail || "", _optionalChain([params, 'optionalAccess', _466 => _466.length]) ? params : "");
3654
+ logFn(`[EC:${ec}]`, entry.id || "", entry.detail || "", _optionalChain([params, 'optionalAccess', _471 => _471.length]) ? params : "");
3629
3655
  } else {
3630
- logFn(`[EC:${ec}]`, "(unregistered)", _optionalChain([params, 'optionalAccess', _467 => _467.length]) ? params : "");
3656
+ logFn(`[EC:${ec}]`, "(unregistered)", _optionalChain([params, 'optionalAccess', _472 => _472.length]) ? params : "");
3631
3657
  }
3632
3658
  }
3633
3659
  _chunkSMVZ3ZDJcjs.__name.call(void 0, logError, "logError");
@@ -3655,14 +3681,14 @@ var ErrorCode_default = {
3655
3681
 
3656
3682
  // src/sysserver/api/common/errorcodes.ts
3657
3683
  var errorcodes_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3658
- const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _468 => _468.$lib, 'optionalAccess', _469 => _469.reqWork, 'optionalCall', _470 => _470($asai)]) || {};
3684
+ const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _473 => _473.$lib, 'optionalAccess', _474 => _474.reqWork, 'optionalCall', _475 => _475($asai)]) || {};
3659
3685
  function get(req, res, _hostdir, opt) {
3660
3686
  const url = req.url || "";
3661
3687
  if (url.startsWith("/api/sys/errorcodes/")) {
3662
3688
  try {
3663
3689
  return sendSuccess(res, loadErrorCodes($asai), opt);
3664
3690
  } catch (err) {
3665
- return sendFail(res, _optionalChain([err, 'optionalAccess', _471 => _471.message]) || err, opt);
3691
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _476 => _476.message]) || err, opt);
3666
3692
  }
3667
3693
  }
3668
3694
  }
@@ -3672,9 +3698,9 @@ var errorcodes_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3672
3698
 
3673
3699
  // src/sysserver/api/common/sqlitemanage.ts
3674
3700
  var sqlitemanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3675
- const { sendSuccess, sendFail, mnLog } = _optionalChain([$asai, 'optionalAccess', _472 => _472.$lib, 'optionalAccess', _473 => _473.reqWork, 'optionalCall', _474 => _474($asai)]) || {};
3701
+ const { sendSuccess, sendFail, mnLog } = _optionalChain([$asai, 'optionalAccess', _477 => _477.$lib, 'optionalAccess', _478 => _478.reqWork, 'optionalCall', _479 => _479($asai)]) || {};
3676
3702
  function mgLog(...arg) {
3677
- _optionalChain([mnLog, 'optionalCall', _475 => _475("SQLite", ...arg)]);
3703
+ _optionalChain([mnLog, 'optionalCall', _480 => _480("SQLite", ...arg)]);
3678
3704
  }
3679
3705
  _chunkSMVZ3ZDJcjs.__name.call(void 0, mgLog, "mgLog");
3680
3706
  return $asai.$lib.AsDb($asai, {
@@ -3692,7 +3718,7 @@ var sqlitemanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0,
3692
3718
  if (req.url.startsWith("/api/asaisqlite/manage/post")) {
3693
3719
  try {
3694
3720
  mgLog("POST", "custom handler triggered");
3695
- _optionalChain([sendSuccess, 'optionalCall', _476 => _476(res, { data: "post" }, opt)]);
3721
+ _optionalChain([sendSuccess, 'optionalCall', _481 => _481(res, { data: "post" }, opt)]);
3696
3722
  } catch (err) {
3697
3723
  mgLog("ERROR", "post handler", err);
3698
3724
  }
@@ -3709,10 +3735,10 @@ var sqlitemanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0,
3709
3735
  table: dataObj.table
3710
3736
  });
3711
3737
  mgLog("SELECT", "completed");
3712
- _optionalChain([sendSuccess, 'optionalCall', _477 => _477(res, resdb, opt)]);
3738
+ _optionalChain([sendSuccess, 'optionalCall', _482 => _482(res, resdb, opt)]);
3713
3739
  } catch (errdb) {
3714
3740
  mgLog("ERROR", "select", errdb);
3715
- _optionalChain([sendFail, 'optionalCall', _478 => _478(res, errdb, opt)]);
3741
+ _optionalChain([sendFail, 'optionalCall', _483 => _483(res, errdb, opt)]);
3716
3742
  }
3717
3743
  return "ok";
3718
3744
  }
@@ -3728,7 +3754,7 @@ function promLine(name, value, labels) {
3728
3754
  }
3729
3755
  _chunkSMVZ3ZDJcjs.__name.call(void 0, promLine, "promLine");
3730
3756
  var health_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3731
- const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _479 => _479.$lib, 'optionalAccess', _480 => _480.reqWork, 'optionalCall', _481 => _481($asai)]) || {};
3757
+ const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _484 => _484.$lib, 'optionalAccess', _485 => _485.reqWork, 'optionalCall', _486 => _486($asai)]) || {};
3732
3758
  async function get(req, res, _hostdir, opt) {
3733
3759
  const url = req.url || "";
3734
3760
  if (url.startsWith("/api/sys/health/metrics/")) {
@@ -3737,10 +3763,10 @@ var health_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asa
3737
3763
  let httpTotal = 0;
3738
3764
  let wsTotal = 0;
3739
3765
  for (const set of Object.values($asai.connectionshttp || {})) {
3740
- httpTotal += _optionalChain([set, 'optionalAccess', _482 => _482.size]) || 0;
3766
+ httpTotal += _optionalChain([set, 'optionalAccess', _487 => _487.size]) || 0;
3741
3767
  }
3742
3768
  for (const set of Object.values($asai.connectionsws || {})) {
3743
- wsTotal += _optionalChain([set, 'optionalAccess', _483 => _483.size]) || 0;
3769
+ wsTotal += _optionalChain([set, 'optionalAccess', _488 => _488.size]) || 0;
3744
3770
  }
3745
3771
  const lines = [
3746
3772
  "# HELP asai_uptime_seconds Process uptime",
@@ -3762,7 +3788,7 @@ var health_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asa
3762
3788
  res.writeHead(200, { "Content-Type": "text/plain; charset=utf-8" });
3763
3789
  return res.end(lines.join("\n") + "\n");
3764
3790
  } catch (err) {
3765
- return sendFail(res, _optionalChain([err, 'optionalAccess', _484 => _484.message]) || err, opt);
3791
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _489 => _489.message]) || err, opt);
3766
3792
  }
3767
3793
  }
3768
3794
  if (url.startsWith("/api/sys/health/status/")) {
@@ -3775,10 +3801,10 @@ var health_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asa
3775
3801
  memory: process.memoryUsage(),
3776
3802
  quota: {
3777
3803
  http: Object.fromEntries(
3778
- Object.entries($asai.connectionshttp || {}).map(([k, v]) => [k, _optionalChain([v, 'optionalAccess', _485 => _485.size]) || 0])
3804
+ Object.entries($asai.connectionshttp || {}).map(([k, v]) => [k, _optionalChain([v, 'optionalAccess', _490 => _490.size]) || 0])
3779
3805
  ),
3780
3806
  ws: Object.fromEntries(
3781
- Object.entries($asai.connectionsws || {}).map(([k, v]) => [k, _optionalChain([v, 'optionalAccess', _486 => _486.size]) || 0])
3807
+ Object.entries($asai.connectionsws || {}).map(([k, v]) => [k, _optionalChain([v, 'optionalAccess', _491 => _491.size]) || 0])
3782
3808
  )
3783
3809
  }
3784
3810
  },
@@ -3819,7 +3845,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, sanitizeString, "sanitizeString");
3819
3845
  // src/sysserver/api/login/service/session.ts
3820
3846
 
3821
3847
  function getSessionTtlMs($asai) {
3822
- const hours = _nullishCoalesce(_optionalChain([$asai, 'optionalAccess', _487 => _487.hostconfig, 'optionalAccess', _488 => _488.security, 'optionalAccess', _489 => _489.sessionTtlHours]), () => ( 24));
3848
+ const hours = _nullishCoalesce(_optionalChain([$asai, 'optionalAccess', _492 => _492.hostconfig, 'optionalAccess', _493 => _493.security, 'optionalAccess', _494 => _494.sessionTtlHours]), () => ( 24));
3823
3849
  return Number(hours) * 3600 * 1e3;
3824
3850
  }
3825
3851
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getSessionTtlMs, "getSessionTtlMs");
@@ -3836,7 +3862,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, generatePriKey, "generatePriKey");
3836
3862
  function createSessionKeys($asai) {
3837
3863
  const sessionId = _crypto.randomUUID.call(void 0, );
3838
3864
  const pri = generatePriKey();
3839
- const sn = _optionalChain([$asai, 'optionalAccess', _490 => _490.hostconfig, 'optionalAccess', _491 => _491.asaisn]);
3865
+ const sn = _optionalChain([$asai, 'optionalAccess', _495 => _495.hostconfig, 'optionalAccess', _496 => _496.asaisn]);
3840
3866
  if (!sn) throw new Error("[session] ASAI_ASAISN \u672A\u914D\u7F6E");
3841
3867
  const pub = $asai.$lib.AsCode.asencode(pri, sn);
3842
3868
  return { pri, pub, sessionId };
@@ -3863,9 +3889,9 @@ var API_ADMIN_PREFIXES = ["/api/user/login/admin/"];
3863
3889
  function getMinLevelForApiPath(pathname, $asai) {
3864
3890
  if (API_ADMIN_PREFIXES.some((p) => pathname.startsWith(p))) {
3865
3891
  if (pathname.includes("/admin/update") || pathname.includes("/admin/kick") || pathname.includes("/admin/delete") || pathname.includes("/admin/resetpass")) {
3866
- return $asai ? _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "adminWrite") : _chunkLXJMGLKWcjs.USER_LV.DEVELOPER;
3892
+ return $asai ? _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "adminWrite") : _chunkZK4O4Z2Ocjs.USER_LV.DEVELOPER;
3867
3893
  }
3868
- return $asai ? _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "adminRead") : _chunkLXJMGLKWcjs.USER_LV.ADMIN;
3894
+ return $asai ? _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "adminRead") : _chunkZK4O4Z2Ocjs.USER_LV.ADMIN;
3869
3895
  }
3870
3896
  return 0;
3871
3897
  }
@@ -3892,7 +3918,7 @@ function unwrapJsonString(value) {
3892
3918
  }
3893
3919
  _chunkSMVZ3ZDJcjs.__name.call(void 0, unwrapJsonString, "unwrapJsonString");
3894
3920
  function parseAuthBody(opt) {
3895
- let raw = _optionalChain([opt, 'optionalAccess', _492 => _492.data]);
3921
+ let raw = _optionalChain([opt, 'optionalAccess', _497 => _497.data]);
3896
3922
  if (raw == null || raw === "") return {};
3897
3923
  if (typeof raw === "string") {
3898
3924
  const text = raw.trim();
@@ -3968,7 +3994,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, purgeOfflineSessions, "purgeOfflineSession
3968
3994
 
3969
3995
  // src/sysserver/api/login/index.ts
3970
3996
  function getSecurity($asai) {
3971
- return _optionalChain([$asai, 'optionalAccess', _493 => _493.hostconfig, 'optionalAccess', _494 => _494.security]) || {};
3997
+ return _optionalChain([$asai, 'optionalAccess', _498 => _498.hostconfig, 'optionalAccess', _499 => _499.security]) || {};
3972
3998
  }
3973
3999
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getSecurity, "getSecurity");
3974
4000
  function getQuota2($asai) {
@@ -3979,9 +4005,9 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, getQuota2, "getQuota");
3979
4005
  async function canLogin($asai, us, hostdir) {
3980
4006
  const quota = getQuota2($asai);
3981
4007
  if (!quota.enabled) return { ok: true };
3982
- const store = _chunkLXJMGLKWcjs.createUserStore.call(void 0, $asai);
4008
+ const store = _chunkZK4O4Z2Ocjs.createUserStore.call(void 0, $asai);
3983
4009
  const total = await countOnlineSessions($asai, hostdir, store);
3984
- const maxLogin = _nullishCoalesce(_nullishCoalesce(quota.maxLoginSessions, () => ( _optionalChain([$asai, 'optionalAccess', _495 => _495.hostconfig, 'optionalAccess', _496 => _496.hosts, 'optionalAccess', _497 => _497.default, 'optionalAccess', _498 => _498.maxonline]))), () => ( 100));
4010
+ const maxLogin = _nullishCoalesce(_nullishCoalesce(quota.maxLoginSessions, () => ( _optionalChain([$asai, 'optionalAccess', _500 => _500.hostconfig, 'optionalAccess', _501 => _501.hosts, 'optionalAccess', _502 => _502.default, 'optionalAccess', _503 => _503.maxonline]))), () => ( 100));
3985
4011
  if (total >= maxLogin) {
3986
4012
  return { ok: false, message: "LOGIN_QUOTA_FULL" };
3987
4013
  }
@@ -3994,7 +4020,7 @@ async function canLogin($asai, us, hostdir) {
3994
4020
  }
3995
4021
  _chunkSMVZ3ZDJcjs.__name.call(void 0, canLogin, "canLogin");
3996
4022
  function publicUser($asai, user) {
3997
- const role = user.role || _chunkH3K33HBAcjs.resolveRoleForLevel.call(void 0, $asai, user.lv).name;
4023
+ const role = user.role || _chunkGXOFLFFWcjs.resolveRoleForLevel.call(void 0, $asai, user.lv).name;
3998
4024
  return {
3999
4025
  us: user.us,
4000
4026
  lv: user.lv,
@@ -4008,14 +4034,14 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, publicUser, "publicUser");
4008
4034
  var bootstrapPromise = null;
4009
4035
  function ensureReady($asai) {
4010
4036
  if (!bootstrapPromise) {
4011
- bootstrapPromise = Promise.all([_chunkLXJMGLKWcjs.ensureBootstrapAdmin.call(void 0, $asai), _chunkH3K33HBAcjs.loadUserLevelConfig.call(void 0, $asai)]).then(() => void 0);
4037
+ bootstrapPromise = Promise.all([_chunkZK4O4Z2Ocjs.ensureBootstrapAdmin.call(void 0, $asai), _chunkGXOFLFFWcjs.loadUserLevelConfig.call(void 0, $asai)]).then(() => void 0);
4012
4038
  }
4013
4039
  return bootstrapPromise;
4014
4040
  }
4015
4041
  _chunkSMVZ3ZDJcjs.__name.call(void 0, ensureReady, "ensureReady");
4016
4042
  var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
4017
- const { sendSuccess, sendFail, sendErr } = _optionalChain([$asai, 'access', _499 => _499.$lib, 'optionalAccess', _500 => _500.reqWork, 'optionalCall', _501 => _501($asai)]) || {};
4018
- const store = _chunkLXJMGLKWcjs.createUserStore.call(void 0, $asai);
4043
+ const { sendSuccess, sendFail, sendErr } = _optionalChain([$asai, 'access', _504 => _504.$lib, 'optionalAccess', _505 => _505.reqWork, 'optionalCall', _506 => _506($asai)]) || {};
4044
+ const store = _chunkZK4O4Z2Ocjs.createUserStore.call(void 0, $asai);
4019
4045
  async function checkAdmin(req, pathname, minOverride) {
4020
4046
  await attachServerUserLevel(req, $asai);
4021
4047
  const minLv = _nullishCoalesce(minOverride, () => ( getMinLevelForApiPath(pathname, $asai)));
@@ -4034,17 +4060,17 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4034
4060
  const newPass = sanitizeString(pickAuthField(body, "newPass", "newPassword", "newpass"), 128);
4035
4061
  if (!us || !pass || !newPass) return sendErr(res, "AUTH_CREDENTIALS_REQUIRED", void 0, opt);
4036
4062
  const user = await store.findByUsername(us);
4037
- if (!user || !_chunkK2QPSQEVcjs.verifyPassword.call(void 0, pass, user.passHash, user.passSalt)) {
4063
+ if (!user || !_chunkWXW5DYNUcjs.verifyPassword.call(void 0, pass, user.passHash, user.passSalt)) {
4038
4064
  return sendErr(res, "AUTH_INVALID_CREDENTIALS", void 0, opt);
4039
4065
  }
4040
- const policy = _chunkH3K33HBAcjs.getPasswordPolicy.call(void 0, $asai);
4041
- const policyErr = _chunkK2QPSQEVcjs.validatePasswordChange.call(void 0, newPass, $asai, user.passHistory);
4066
+ const policy = _chunkGXOFLFFWcjs.getPasswordPolicy.call(void 0, $asai);
4067
+ const policyErr = _chunkWXW5DYNUcjs.validatePasswordChange.call(void 0, newPass, $asai, user.passHistory);
4042
4068
  if (policyErr === "PASSWORD_TOO_SHORT") {
4043
4069
  return sendErr(res, policyErr, [String(policy.minLength)], opt);
4044
4070
  }
4045
4071
  if (policyErr) return sendErr(res, policyErr, void 0, opt);
4046
- const { passHash, passSalt } = _chunkK2QPSQEVcjs.hashPassword.call(void 0, newPass);
4047
- const passHistory = _chunkK2QPSQEVcjs.nextPassHistory.call(void 0, pass, user.passHistory, policy.historyCount);
4072
+ const { passHash, passSalt } = _chunkWXW5DYNUcjs.hashPassword.call(void 0, newPass);
4073
+ const passHistory = _chunkWXW5DYNUcjs.nextPassHistory.call(void 0, pass, user.passHistory, policy.historyCount);
4048
4074
  await store.updateUser(us, {
4049
4075
  passHash,
4050
4076
  passSalt,
@@ -4052,10 +4078,10 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4052
4078
  passwordChangedAt: Date.now(),
4053
4079
  passHistory
4054
4080
  });
4055
- logSecurityEvent($asai, { type: "AUTH_FAIL", path: url, method: "POST", user: us, ip, detail: "password_changed" });
4081
+ logSecurityEvent($asai, { type: "AUTH_SUCCESS", path: url, method: "POST", user: us, ip, detail: "password_changed" });
4056
4082
  return sendSuccess(res, { ok: true }, opt);
4057
4083
  } catch (err) {
4058
- return sendFail(res, _optionalChain([err, 'optionalAccess', _502 => _502.message]) || err, opt);
4084
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _507 => _507.message]) || err, opt);
4059
4085
  }
4060
4086
  }
4061
4087
  if (url.startsWith("/api/user/login/register/")) {
@@ -4070,12 +4096,12 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4070
4096
  const emailRaw = pickAuthField(body, "email");
4071
4097
  const email = emailRaw ? sanitizeString(emailRaw, 128) : void 0;
4072
4098
  if (!us || !pass) return sendErr(res, "AUTH_CREDENTIALS_REQUIRED", void 0, opt);
4073
- const policyErr = _chunkK2QPSQEVcjs.validatePasswordChange.call(void 0, pass, $asai);
4099
+ const policyErr = _chunkWXW5DYNUcjs.validatePasswordChange.call(void 0, pass, $asai);
4074
4100
  if (policyErr === "PASSWORD_TOO_SHORT") {
4075
- return sendErr(res, policyErr, [String(_chunkH3K33HBAcjs.getPasswordPolicy.call(void 0, $asai).minLength)], opt);
4101
+ return sendErr(res, policyErr, [String(_chunkGXOFLFFWcjs.getPasswordPolicy.call(void 0, $asai).minLength)], opt);
4076
4102
  }
4077
4103
  if (policyErr) return sendErr(res, policyErr, void 0, opt);
4078
- const { passHash, passSalt } = _chunkK2QPSQEVcjs.hashPassword.call(void 0, pass);
4104
+ const { passHash, passSalt } = _chunkWXW5DYNUcjs.hashPassword.call(void 0, pass);
4079
4105
  const user = await store.createUser({
4080
4106
  us,
4081
4107
  email,
@@ -4085,14 +4111,14 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4085
4111
  passwordChangedAt: Date.now(),
4086
4112
  passHistory: "[]"
4087
4113
  });
4088
- logSecurityEvent($asai, { type: "AUTH_FAIL", path: url, method: "POST", user: us, ip, detail: "register_ok" });
4114
+ logSecurityEvent($asai, { type: "AUTH_SUCCESS", path: url, method: "POST", user: us, ip, detail: "register_ok" });
4089
4115
  return sendSuccess(res, { user: publicUser($asai, user) }, opt);
4090
4116
  } catch (err) {
4091
- const msg = _optionalChain([err, 'optionalAccess', _503 => _503.message]) || String(err);
4117
+ const msg = _optionalChain([err, 'optionalAccess', _508 => _508.message]) || String(err);
4092
4118
  if (msg.includes("exists") || msg.includes("\u5DF2\u5B58\u5728")) {
4093
4119
  return sendErr(res, "USER_ALREADY_EXISTS", void 0, opt);
4094
4120
  }
4095
- return sendFail(res, _optionalChain([err, 'optionalAccess', _504 => _504.message]) || err, opt);
4121
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _509 => _509.message]) || err, opt);
4096
4122
  }
4097
4123
  }
4098
4124
  if (url.startsWith("/api/user/login/auth/")) {
@@ -4102,7 +4128,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4102
4128
  const pass = sanitizeString(pickAuthField(body, "pass", "password", "pwd"), 128);
4103
4129
  if (!us || !pass) return sendErr(res, "AUTH_CREDENTIALS_REQUIRED", void 0, opt);
4104
4130
  const user = await store.findByUsername(us);
4105
- if (!user || !_chunkK2QPSQEVcjs.verifyPassword.call(void 0, pass, user.passHash, user.passSalt)) {
4131
+ if (!user || !_chunkWXW5DYNUcjs.verifyPassword.call(void 0, pass, user.passHash, user.passSalt)) {
4106
4132
  if (user) {
4107
4133
  const sec = getSecurity($asai);
4108
4134
  const lockoutMax = _nullishCoalesce(sec.lockoutMaxFails, () => ( 5));
@@ -4124,9 +4150,9 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4124
4150
  if (user.status === "locked" && user.lockedUntil && user.lockedUntil > Date.now()) {
4125
4151
  return sendErr(res, "AUTH_ACCOUNT_LOCKED", void 0, opt);
4126
4152
  }
4127
- const policy = _chunkH3K33HBAcjs.getPasswordPolicy.call(void 0, $asai);
4128
- const mustChange = !!user.mustChangePassword || _chunkH3K33HBAcjs.isPasswordExpired.call(void 0, user.passwordChangedAt, policy.maxAgeDays);
4129
- const hostcfg = _optionalChain([$asai, 'access', _505 => _505.getHost, 'optionalCall', _506 => _506(hostdir)]) || {};
4153
+ const policy = _chunkGXOFLFFWcjs.getPasswordPolicy.call(void 0, $asai);
4154
+ const mustChange = !!user.mustChangePassword || _chunkGXOFLFFWcjs.isPasswordExpired.call(void 0, user.passwordChangedAt, policy.maxAgeDays);
4155
+ const hostcfg = _optionalChain([$asai, 'access', _510 => _510.getHost, 'optionalCall', _511 => _511(hostdir)]) || {};
4130
4156
  if (hostcfg.ckws && isUserOnlineOnWs($asai, us, hostdir)) {
4131
4157
  kickUserWs($asai, us, hostdir);
4132
4158
  }
@@ -4139,7 +4165,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4139
4165
  const session = buildSessionRecord($asai, us, ip);
4140
4166
  session.lastActivityAt = Date.now();
4141
4167
  await store.addSession(session);
4142
- logSecurityEvent($asai, { type: "AUTH_FAIL", path: url, method: "POST", user: us, ip, detail: "login_ok" });
4168
+ logSecurityEvent($asai, { type: "AUTH_SUCCESS", path: url, method: "POST", user: us, ip, detail: "login_ok" });
4143
4169
  return sendSuccess(
4144
4170
  res,
4145
4171
  {
@@ -4151,22 +4177,31 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4151
4177
  opt
4152
4178
  );
4153
4179
  } catch (err) {
4154
- return sendFail(res, _optionalChain([err, 'optionalAccess', _507 => _507.message]) || err, opt);
4180
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _512 => _512.message]) || err, opt);
4155
4181
  }
4156
4182
  }
4157
4183
  if (url.startsWith("/api/user/login/logout/")) {
4158
4184
  try {
4159
4185
  const bodySid = body.sessionId ? sanitizeString(body.sessionId, 64) : "";
4160
- if (bodySid) await store.removeSession(bodySid);
4161
- const us = _optionalChain([req, 'optionalAccess', _508 => _508.Userinfo, 'optionalAccess', _509 => _509[0]]);
4162
- if (us) logSecurityEvent($asai, { type: "AUTH_FAIL", path: url, method: "POST", user: String(us), ip, detail: "logout" });
4186
+ const us = _optionalChain([req, 'optionalAccess', _513 => _513.Userinfo, 'optionalAccess', _514 => _514[0]]);
4187
+ if (bodySid) {
4188
+ if (!us) {
4189
+ return sendErr(res, "AUTH_MISSING", void 0, opt);
4190
+ }
4191
+ const sessions = await store.getSessions();
4192
+ const target = sessions.find((s) => s.id === bodySid);
4193
+ if (target && target.us === us) {
4194
+ await store.removeSession(bodySid);
4195
+ }
4196
+ }
4197
+ if (us) logSecurityEvent($asai, { type: "AUTH_SUCCESS", path: url, method: "POST", user: String(us), ip, detail: "logout" });
4163
4198
  return sendSuccess(res, "ok", opt);
4164
4199
  } catch (err) {
4165
- return sendFail(res, _optionalChain([err, 'optionalAccess', _510 => _510.message]) || err, opt);
4200
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _515 => _515.message]) || err, opt);
4166
4201
  }
4167
4202
  }
4168
4203
  if (url.startsWith("/api/user/login/admin/kick/")) {
4169
- if (!await checkAdmin(req, url, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "adminWrite"))) {
4204
+ if (!await checkAdmin(req, url, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "adminWrite"))) {
4170
4205
  return sendErr(res, "AUTH_FORBIDDEN", void 0, opt);
4171
4206
  }
4172
4207
  try {
@@ -4180,8 +4215,8 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4180
4215
  }
4181
4216
  kickUserWs($asai, target.us, hostdir);
4182
4217
  await store.removeSession(sessionId);
4183
- const operator = String(_optionalChain([req, 'optionalAccess', _511 => _511.Userinfo, 'optionalAccess', _512 => _512[0]]) || "");
4184
- await _chunkRIRKIYETcjs.logSessionTerminate.call(void 0, $asai, {
4218
+ const operator = String(_optionalChain([req, 'optionalAccess', _516 => _516.Userinfo, 'optionalAccess', _517 => _517[0]]) || "");
4219
+ await _chunkARHPHWT5cjs.logSessionTerminate.call(void 0, $asai, {
4185
4220
  operator,
4186
4221
  sessionId,
4187
4222
  targetUs: target.us,
@@ -4189,11 +4224,11 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4189
4224
  });
4190
4225
  return sendSuccess(res, { ok: true }, opt);
4191
4226
  } catch (err) {
4192
- return sendFail(res, _optionalChain([err, 'optionalAccess', _513 => _513.message]) || err, opt);
4227
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _518 => _518.message]) || err, opt);
4193
4228
  }
4194
4229
  }
4195
4230
  if (url.startsWith("/api/user/login/admin/delete/")) {
4196
- if (!await checkAdmin(req, url, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "adminWrite"))) {
4231
+ if (!await checkAdmin(req, url, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "adminWrite"))) {
4197
4232
  return sendErr(res, "AUTH_FORBIDDEN", void 0, opt);
4198
4233
  }
4199
4234
  try {
@@ -4201,15 +4236,15 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4201
4236
  if (!targetUs || targetUs === "admin") return sendErr(res, "AUTH_FORBIDDEN", void 0, opt);
4202
4237
  const ok = await store.deleteUser(targetUs);
4203
4238
  if (!ok) return sendErr(res, "AUTH_USER_NOT_FOUND", void 0, opt);
4204
- const operator = String(_optionalChain([req, 'optionalAccess', _514 => _514.Userinfo, 'optionalAccess', _515 => _515[0]]) || "");
4205
- await _chunkRIRKIYETcjs.logAccountPurge.call(void 0, $asai, { operator, targetUs, ip });
4239
+ const operator = String(_optionalChain([req, 'optionalAccess', _519 => _519.Userinfo, 'optionalAccess', _520 => _520[0]]) || "");
4240
+ await _chunkARHPHWT5cjs.logAccountPurge.call(void 0, $asai, { operator, targetUs, ip });
4206
4241
  return sendSuccess(res, { ok: true }, opt);
4207
4242
  } catch (err) {
4208
- return sendFail(res, _optionalChain([err, 'optionalAccess', _516 => _516.message]) || err, opt);
4243
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _521 => _521.message]) || err, opt);
4209
4244
  }
4210
4245
  }
4211
4246
  if (url.startsWith("/api/user/login/admin/levels/")) {
4212
- if (!await checkAdmin(req, url, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "adminWrite"))) {
4247
+ if (!await checkAdmin(req, url, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "adminWrite"))) {
4213
4248
  return sendErr(res, "AUTH_FORBIDDEN", void 0, opt);
4214
4249
  }
4215
4250
  try {
@@ -4217,8 +4252,8 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4217
4252
  const thresholds = body.thresholds && typeof body.thresholds === "object" ? body.thresholds : void 0;
4218
4253
  const routeRights = Array.isArray(body.routeRights) ? body.routeRights : void 0;
4219
4254
  const defaultResetPassword = typeof body.defaultResetPassword === "string" ? body.defaultResetPassword : void 0;
4220
- const operator = String(_optionalChain([req, 'optionalAccess', _517 => _517.Userinfo, 'optionalAccess', _518 => _518[0]]) || "");
4221
- const cfg = await _chunkH3K33HBAcjs.saveUserLevelConfig.call(void 0,
4255
+ const operator = String(_optionalChain([req, 'optionalAccess', _522 => _522.Userinfo, 'optionalAccess', _523 => _523[0]]) || "");
4256
+ const cfg = await _chunkGXOFLFFWcjs.saveUserLevelConfig.call(void 0,
4222
4257
  $asai,
4223
4258
  {
4224
4259
  levels,
@@ -4228,20 +4263,20 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4228
4263
  },
4229
4264
  operator
4230
4265
  );
4231
- await _chunkRIRKIYETcjs.logSecurityConfigIntervention.call(void 0, $asai, {
4266
+ await _chunkARHPHWT5cjs.logSecurityConfigIntervention.call(void 0, $asai, {
4232
4267
  section: "user_levels",
4233
- detail: JSON.stringify({ levels: _optionalChain([levels, 'optionalAccess', _519 => _519.length]), thresholds: !!thresholds, routeRights: _optionalChain([routeRights, 'optionalAccess', _520 => _520.length]) }),
4268
+ detail: JSON.stringify({ levels: _optionalChain([levels, 'optionalAccess', _524 => _524.length]), thresholds: !!thresholds, routeRights: _optionalChain([routeRights, 'optionalAccess', _525 => _525.length]) }),
4234
4269
  operator,
4235
4270
  ip
4236
4271
  });
4237
4272
  return sendSuccess(res, cfg, opt);
4238
4273
  } catch (err) {
4239
- return sendFail(res, _optionalChain([err, 'optionalAccess', _521 => _521.message]) || err, opt);
4274
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _526 => _526.message]) || err, opt);
4240
4275
  }
4241
4276
  }
4242
4277
  if (url.startsWith("/api/user/login/admin/resetpass/")) {
4243
4278
  await ensureReady($asai);
4244
- if (!await checkAdmin(req, url, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "adminWrite"))) {
4279
+ if (!await checkAdmin(req, url, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "adminWrite"))) {
4245
4280
  logSecurityEvent($asai, { type: "ACCESS_DENIED", path: url, method: "POST", ip });
4246
4281
  return sendErr(res, "AUTH_FORBIDDEN", void 0, opt);
4247
4282
  }
@@ -4249,16 +4284,16 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4249
4284
  const targetUs = sanitizeString(body.us, 64);
4250
4285
  if (!targetUs) return sendErr(res, "AUTH_USER_NOT_FOUND", void 0, opt);
4251
4286
  let newPass = sanitizeString(pickAuthField(body, "newPass", "newPassword", "newpass"), 128);
4252
- if (!newPass) newPass = _chunkH3K33HBAcjs.getDefaultResetPassword.call(void 0, $asai);
4253
- const policy = _chunkH3K33HBAcjs.getPasswordPolicy.call(void 0, $asai);
4254
- const policyErr = _chunkH3K33HBAcjs.validatePasswordWithPolicy.call(void 0, newPass, policy);
4287
+ if (!newPass) newPass = _chunkGXOFLFFWcjs.getDefaultResetPassword.call(void 0, $asai);
4288
+ const policy = _chunkGXOFLFFWcjs.getPasswordPolicy.call(void 0, $asai);
4289
+ const policyErr = _chunkGXOFLFFWcjs.validatePasswordWithPolicy.call(void 0, newPass, policy);
4255
4290
  if (policyErr === "PASSWORD_TOO_SHORT") {
4256
4291
  return sendErr(res, policyErr, [String(policy.minLength)], opt);
4257
4292
  }
4258
4293
  if (policyErr) return sendErr(res, policyErr, void 0, opt);
4259
4294
  const user = await store.findByUsername(targetUs);
4260
4295
  if (!user) return sendErr(res, "AUTH_USER_NOT_FOUND", void 0, opt);
4261
- const { passHash, passSalt } = _chunkK2QPSQEVcjs.hashPassword.call(void 0, newPass);
4296
+ const { passHash, passSalt } = _chunkWXW5DYNUcjs.hashPassword.call(void 0, newPass);
4262
4297
  const updated = await store.updateUser(targetUs, {
4263
4298
  passHash,
4264
4299
  passSalt,
@@ -4270,8 +4305,8 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4270
4305
  passHistory: "[]"
4271
4306
  });
4272
4307
  if (!updated) return sendErr(res, "AUTH_USER_NOT_FOUND", void 0, opt);
4273
- const operator = String(_optionalChain([req, 'optionalAccess', _522 => _522.Userinfo, 'optionalAccess', _523 => _523[0]]) || "");
4274
- await _chunkRIRKIYETcjs.logUserRbacChange.call(void 0, $asai, {
4308
+ const operator = String(_optionalChain([req, 'optionalAccess', _527 => _527.Userinfo, 'optionalAccess', _528 => _528[0]]) || "");
4309
+ await _chunkARHPHWT5cjs.logUserRbacChange.call(void 0, $asai, {
4275
4310
  operator,
4276
4311
  targetUs,
4277
4312
  patch: { resetPassword: true, mustChangePassword: 1 },
@@ -4287,7 +4322,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4287
4322
  });
4288
4323
  return sendSuccess(res, { user: publicUser($asai, updated) }, opt);
4289
4324
  } catch (err) {
4290
- return sendFail(res, _optionalChain([err, 'optionalAccess', _524 => _524.message]) || err, opt);
4325
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _529 => _529.message]) || err, opt);
4291
4326
  }
4292
4327
  }
4293
4328
  if (url.startsWith("/api/user/login/admin/update/")) {
@@ -4301,11 +4336,11 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4301
4336
  const patch = {};
4302
4337
  if (body.lv != null) {
4303
4338
  const newLv = Number(body.lv);
4304
- if (!Number.isFinite(newLv) || !_chunkH3K33HBAcjs.isValidUserLv.call(void 0, $asai, newLv)) {
4339
+ if (!Number.isFinite(newLv) || !_chunkGXOFLFFWcjs.isValidUserLv.call(void 0, $asai, newLv)) {
4305
4340
  return sendErr(res, "AUTH_FORBIDDEN", void 0, opt);
4306
4341
  }
4307
4342
  patch.lv = newLv;
4308
- patch.role = _chunkH3K33HBAcjs.resolveRoleForLevel.call(void 0, $asai, newLv).name;
4343
+ patch.role = _chunkGXOFLFFWcjs.resolveRoleForLevel.call(void 0, $asai, newLv).name;
4309
4344
  }
4310
4345
  if (body.status) patch.status = sanitizeString(body.status, 16);
4311
4346
  if (body.resetLock) {
@@ -4317,8 +4352,8 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4317
4352
  const updated = await store.updateUser(targetUs, patch);
4318
4353
  if (!updated) return sendErr(res, "AUTH_USER_NOT_FOUND", void 0, opt);
4319
4354
  if (Object.keys(patch).length) {
4320
- await _chunkRIRKIYETcjs.logUserRbacChange.call(void 0, $asai, {
4321
- operator: String(_optionalChain([req, 'optionalAccess', _525 => _525.Userinfo, 'optionalAccess', _526 => _526[0]]) || ""),
4355
+ await _chunkARHPHWT5cjs.logUserRbacChange.call(void 0, $asai, {
4356
+ operator: String(_optionalChain([req, 'optionalAccess', _530 => _530.Userinfo, 'optionalAccess', _531 => _531[0]]) || ""),
4322
4357
  targetUs,
4323
4358
  patch,
4324
4359
  ip
@@ -4326,33 +4361,33 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4326
4361
  }
4327
4362
  return sendSuccess(res, { user: publicUser($asai, updated) }, opt);
4328
4363
  } catch (err) {
4329
- return sendFail(res, _optionalChain([err, 'optionalAccess', _527 => _527.message]) || err, opt);
4364
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _532 => _532.message]) || err, opt);
4330
4365
  }
4331
4366
  }
4332
4367
  if (url.startsWith("/api/user/login/profile/")) {
4333
- const us = _optionalChain([req, 'optionalAccess', _528 => _528.Userinfo, 'optionalAccess', _529 => _529[0]]);
4368
+ const us = _optionalChain([req, 'optionalAccess', _533 => _533.Userinfo, 'optionalAccess', _534 => _534[0]]);
4334
4369
  if (!us) return sendErr(res, "AUTH_UNAUTHORIZED", void 0, opt);
4335
4370
  try {
4336
4371
  const user = await store.findByUsername(String(us));
4337
4372
  if (!user) return sendErr(res, "AUTH_USER_NOT_FOUND", void 0, opt);
4338
4373
  if (pickAuthField(body, "newPass", "newPassword", "newpass")) {
4339
4374
  const newPass = sanitizeString(pickAuthField(body, "newPass", "newPassword", "newpass"), 128);
4340
- const policy = _chunkH3K33HBAcjs.getPasswordPolicy.call(void 0, $asai);
4375
+ const policy = _chunkGXOFLFFWcjs.getPasswordPolicy.call(void 0, $asai);
4341
4376
  const oldPass = pickAuthField(body, "pass", "password", "pwd");
4342
4377
  if (oldPass) {
4343
- if (!_chunkK2QPSQEVcjs.verifyPassword.call(void 0, oldPass, user.passHash, user.passSalt)) {
4378
+ if (!_chunkWXW5DYNUcjs.verifyPassword.call(void 0, oldPass, user.passHash, user.passSalt)) {
4344
4379
  return sendErr(res, "AUTH_INVALID_PASSWORD", void 0, opt);
4345
4380
  }
4346
4381
  } else if (!user.mustChangePassword) {
4347
4382
  return sendErr(res, "AUTH_INVALID_PASSWORD", void 0, opt);
4348
4383
  }
4349
- const policyErr = _chunkK2QPSQEVcjs.validatePasswordChange.call(void 0, newPass, $asai, user.passHistory);
4384
+ const policyErr = _chunkWXW5DYNUcjs.validatePasswordChange.call(void 0, newPass, $asai, user.passHistory);
4350
4385
  if (policyErr === "PASSWORD_TOO_SHORT") {
4351
4386
  return sendErr(res, policyErr, [String(policy.minLength)], opt);
4352
4387
  }
4353
4388
  if (policyErr) return sendErr(res, policyErr, void 0, opt);
4354
- const { passHash, passSalt } = _chunkK2QPSQEVcjs.hashPassword.call(void 0, newPass);
4355
- const passHistory = _chunkK2QPSQEVcjs.nextPassHistory.call(void 0, oldPass || newPass, user.passHistory, policy.historyCount);
4389
+ const { passHash, passSalt } = _chunkWXW5DYNUcjs.hashPassword.call(void 0, newPass);
4390
+ const passHistory = _chunkWXW5DYNUcjs.nextPassHistory.call(void 0, oldPass || newPass, user.passHistory, policy.historyCount);
4356
4391
  await store.updateUser(String(us), {
4357
4392
  passHash,
4358
4393
  passSalt,
@@ -4364,7 +4399,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4364
4399
  const fresh = await store.findByUsername(String(us));
4365
4400
  return sendSuccess(res, { user: fresh ? publicUser($asai, fresh) : null }, opt);
4366
4401
  } catch (err) {
4367
- return sendFail(res, _optionalChain([err, 'optionalAccess', _530 => _530.message]) || err, opt);
4402
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _535 => _535.message]) || err, opt);
4368
4403
  }
4369
4404
  }
4370
4405
  }
@@ -4373,16 +4408,16 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4373
4408
  const url = req.url || "";
4374
4409
  const ip = getClientIp(req);
4375
4410
  if (url.startsWith("/api/user/login/config/")) {
4376
- const lang = String(_optionalChain([req, 'optionalAccess', _531 => _531.headers, 'optionalAccess', _532 => _532["accept-language"]]) || _optionalChain([opt, 'optionalAccess', _533 => _533.headers, 'optionalAccess', _534 => _534["accept-language"]]) || "zh-CN").split(",")[0];
4377
- await _chunkH3K33HBAcjs.loadUserLevelConfig.call(void 0, $asai);
4378
- return sendSuccess(res, _chunkH3K33HBAcjs.getPublicSecurityConfig.call(void 0, $asai, lang), opt);
4411
+ const lang = String(_optionalChain([req, 'optionalAccess', _536 => _536.headers, 'optionalAccess', _537 => _537["accept-language"]]) || _optionalChain([opt, 'optionalAccess', _538 => _538.headers, 'optionalAccess', _539 => _539["accept-language"]]) || "zh-CN").split(",")[0];
4412
+ await _chunkGXOFLFFWcjs.loadUserLevelConfig.call(void 0, $asai);
4413
+ return sendSuccess(res, _chunkGXOFLFFWcjs.getPublicSecurityConfig.call(void 0, $asai, lang), opt);
4379
4414
  }
4380
4415
  if (url.startsWith("/api/user/login/admin/levels/")) {
4381
- if (!await checkAdmin(req, url, _chunkH3K33HBAcjs.getPermissionThreshold.call(void 0, $asai, "adminRead"))) {
4416
+ if (!await checkAdmin(req, url, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "adminRead"))) {
4382
4417
  return sendErr(res, "AUTH_FORBIDDEN", void 0, opt);
4383
4418
  }
4384
- await _chunkH3K33HBAcjs.loadUserLevelConfig.call(void 0, $asai);
4385
- return sendSuccess(res, _chunkH3K33HBAcjs.getUserLevelConfigSync.call(void 0, $asai), opt);
4419
+ await _chunkGXOFLFFWcjs.loadUserLevelConfig.call(void 0, $asai);
4420
+ return sendSuccess(res, _chunkGXOFLFFWcjs.getUserLevelConfigSync.call(void 0, $asai), opt);
4386
4421
  }
4387
4422
  if (url.startsWith("/api/user/login/admin/sessions/")) {
4388
4423
  if (!await checkAdmin(req, url)) {
@@ -4434,7 +4469,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4434
4469
  );
4435
4470
  }
4436
4471
  if (url.startsWith("/api/user/login/profile/")) {
4437
- const us = _optionalChain([req, 'optionalAccess', _535 => _535.Userinfo, 'optionalAccess', _536 => _536[0]]);
4472
+ const us = _optionalChain([req, 'optionalAccess', _540 => _540.Userinfo, 'optionalAccess', _541 => _541[0]]);
4438
4473
  if (!us) return sendErr(res, "AUTH_UNAUTHORIZED", void 0, opt);
4439
4474
  const user = await store.findByUsername(String(us));
4440
4475
  return sendSuccess(res, { user: user ? publicUser($asai, user) : null }, opt);
@@ -4476,16 +4511,16 @@ var As_default = {
4476
4511
  return { code: 908, data: val };
4477
4512
  },
4478
4513
  ctxSuccess(val, opt = null) {
4479
- if (typeof _optionalChain([opt, 'optionalAccess', _537 => _537.resAES]) === "function") {
4514
+ if (typeof _optionalChain([opt, 'optionalAccess', _542 => _542.resAES]) === "function") {
4480
4515
  val = opt.resAES(val);
4481
4516
  }
4482
4517
  return { code: 909, data: val };
4483
4518
  },
4484
4519
  getPath(str = "-") {
4485
- return _optionalChain([str, 'optionalAccess', _538 => _538.replace, 'call', _539 => _539(/[^a-zA-Z0-9.\-_\\\/]/g, "")]);
4520
+ return _optionalChain([str, 'optionalAccess', _543 => _543.replace, 'call', _544 => _544(/[^a-zA-Z0-9.\-_\\\/]/g, "")]);
4486
4521
  },
4487
4522
  getName(str = "-") {
4488
- return _optionalChain([str, 'optionalAccess', _540 => _540.replace, 'call', _541 => _541(/[^a-zA-Z0-9.\-_]/g, "")]);
4523
+ return _optionalChain([str, 'optionalAccess', _545 => _545.replace, 'call', _546 => _546(/[^a-zA-Z0-9.\-_]/g, "")]);
4489
4524
  },
4490
4525
  toDirPath(relativePath) {
4491
4526
  const pathArr = relativePath.split("/");
@@ -4499,10 +4534,10 @@ var As_default = {
4499
4534
  return relativePath;
4500
4535
  },
4501
4536
  //创建多层文件夹 同步
4502
- ensureDir(fs12, relativePath) {
4537
+ ensureDir(fs11, relativePath) {
4503
4538
  const absPathDir = this.toDirPath(relativePath);
4504
4539
  const absPath = this.toAbsolutePath(relativePath);
4505
- if (!fs12.existsSync(absPath)) {
4540
+ if (!fs11.existsSync(absPath)) {
4506
4541
  let pathTmp = "";
4507
4542
  absPathDir.split("/").forEach((el) => {
4508
4543
  if (el) {
@@ -4510,8 +4545,8 @@ var As_default = {
4510
4545
  pathTmp += "/";
4511
4546
  }
4512
4547
  pathTmp += el;
4513
- if (!fs12.existsSync(pathTmp)) {
4514
- if (!fs12.mkdirSync(pathTmp, { recursive: true })) {
4548
+ if (!fs11.existsSync(pathTmp)) {
4549
+ if (!fs11.mkdirSync(pathTmp, { recursive: true })) {
4515
4550
  return absPath;
4516
4551
  }
4517
4552
  }
@@ -4520,10 +4555,10 @@ var As_default = {
4520
4555
  }
4521
4556
  return absPath;
4522
4557
  },
4523
- makeDir(fs12, filePaths) {
4558
+ makeDir(fs11, filePaths) {
4524
4559
  return new Promise((resolve6, reject) => {
4525
4560
  try {
4526
- const newPath = this.ensureDir(fs12, filePaths);
4561
+ const newPath = this.ensureDir(fs11, filePaths);
4527
4562
  resolve6(newPath);
4528
4563
  } catch (err) {
4529
4564
  reject(err);
@@ -4556,7 +4591,7 @@ var As_default = {
4556
4591
  // immediate: false,
4557
4592
  // });
4558
4593
  dtImmediate(fn, opt) {
4559
- if (_optionalChain([opt, 'optionalAccess', _542 => _542.immediate])) {
4594
+ if (_optionalChain([opt, 'optionalAccess', _547 => _547.immediate])) {
4560
4595
  fn();
4561
4596
  opt.immediate = false;
4562
4597
  }
@@ -4578,7 +4613,7 @@ var As_default = {
4578
4613
  if (opt.endtime - opt.starttime < opt.wait) {
4579
4614
  this.dtClearTimeout(opt);
4580
4615
  }
4581
- if (!_optionalChain([opt, 'optionalAccess', _543 => _543.timeout])) {
4616
+ if (!_optionalChain([opt, 'optionalAccess', _548 => _548.timeout])) {
4582
4617
  opt.starttime = opt.endtime;
4583
4618
  opt.timeout = this.dtSetTimeout(fn, opt);
4584
4619
  }
@@ -4586,7 +4621,7 @@ var As_default = {
4586
4621
  // 节流:指定长度时间内有多次触发,只fn最后一次触发
4587
4622
  throttle(fn, opt) {
4588
4623
  this.dtImmediate(fn, opt);
4589
- if (!_optionalChain([opt, 'optionalAccess', _544 => _544.timeout])) {
4624
+ if (!_optionalChain([opt, 'optionalAccess', _549 => _549.timeout])) {
4590
4625
  opt.timeout = this.dtSetTimeout(fn, opt);
4591
4626
  }
4592
4627
  },
@@ -4622,8 +4657,8 @@ var As_default = {
4622
4657
  var AsCode_default = {
4623
4658
  // 加密
4624
4659
  asencode(str, keys) {
4625
- const strlen = _optionalChain([str, 'optionalAccess', _545 => _545.length]) || 0;
4626
- const keyslen = _optionalChain([keys, 'optionalAccess', _546 => _546.length]) || 0;
4660
+ const strlen = _optionalChain([str, 'optionalAccess', _550 => _550.length]) || 0;
4661
+ const keyslen = _optionalChain([keys, 'optionalAccess', _551 => _551.length]) || 0;
4627
4662
  let newstr = "";
4628
4663
  for (let i = 0; i < strlen; i++) {
4629
4664
  const rnum = Math.round(Math.random() * 1e3) % keyslen;
@@ -4648,7 +4683,7 @@ var AsCode_default = {
4648
4683
  const rnum = keys.indexOf(str[i + 3]);
4649
4684
  const rnumx = Number(rnum.toString().slice(-1)) + 1;
4650
4685
  const ylen = keyslen - rnumx;
4651
- newstr += _optionalChain([String, 'optionalAccess', _547 => _547.fromCodePoint, 'call', _548 => _548(
4686
+ newstr += _optionalChain([String, 'optionalAccess', _552 => _552.fromCodePoint, 'call', _553 => _553(
4652
4687
  (keys.indexOf(str[i++]) - rnumx) * ylen * ylen + (keys.indexOf(str[i++]) - rnumx) * ylen + (keys.indexOf(str[i++]) - rnumx)
4653
4688
  )]);
4654
4689
  }
@@ -4731,7 +4766,7 @@ var AsAES_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4731
4766
  }
4732
4767
  _chunkSMVZ3ZDJcjs.__name.call(void 0, decrypt, "decrypt");
4733
4768
  function validateFields(payload, fields) {
4734
- return fields.every((key) => typeof _optionalChain([payload, 'optionalAccess', _549 => _549[key]]) === "string" && payload[key].length > 0);
4769
+ return fields.every((key) => typeof _optionalChain([payload, 'optionalAccess', _554 => _554[key]]) === "string" && payload[key].length > 0);
4735
4770
  }
4736
4771
  _chunkSMVZ3ZDJcjs.__name.call(void 0, validateFields, "validateFields");
4737
4772
  function reqAES(opt, fn = (data) => data) {
@@ -4739,7 +4774,7 @@ var AsAES_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4739
4774
  try {
4740
4775
  if (validateFields(reqData, ["data", "iv", "auth"])) {
4741
4776
  let aesData = decrypt(reqData);
4742
- if (_optionalChain([reqData, 'optionalAccess', _550 => _550.aes]) === 2) {
4777
+ if (_optionalChain([reqData, 'optionalAccess', _555 => _555.aes]) === 2) {
4743
4778
  aesData = JSON.parse(aesData);
4744
4779
  }
4745
4780
  return fn(aesData);
@@ -4773,24 +4808,24 @@ var AsAES_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4773
4808
  // src/sysserver/lib/common/AsDb.ts
4774
4809
  var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, cfg) => {
4775
4810
  const DataServer = _chunk2BCIIKRGcjs.getDataServerForAsDb.call(void 0, $asai, {
4776
- type: _optionalChain([cfg, 'optionalAccess', _551 => _551.type]) || "sqlite",
4811
+ type: _optionalChain([cfg, 'optionalAccess', _556 => _556.type]) || "sqlite",
4777
4812
  opt: {
4778
- ..._optionalChain([cfg, 'optionalAccess', _552 => _552.opt]) || {
4813
+ ..._optionalChain([cfg, 'optionalAccess', _557 => _557.opt]) || {
4779
4814
  database: "./webdata/webdb/sqlite/asaisqlite.db",
4780
4815
  create: 1
4781
4816
  }
4782
4817
  },
4783
- storeKey: _optionalChain([cfg, 'optionalAccess', _553 => _553.storeKey])
4818
+ storeKey: _optionalChain([cfg, 'optionalAccess', _558 => _558.storeKey])
4784
4819
  });
4785
4820
  function reqwherestr(str) {
4786
- if (_optionalChain([cfg, 'optionalAccess', _554 => _554.type]) === "sqlite" || _optionalChain([cfg, 'optionalAccess', _555 => _555.type]) === "mysql") {
4821
+ if (_optionalChain([cfg, 'optionalAccess', _559 => _559.type]) === "sqlite" || _optionalChain([cfg, 'optionalAccess', _560 => _560.type]) === "mysql") {
4787
4822
  return `'${str}'`;
4788
4823
  }
4789
4824
  return str;
4790
4825
  }
4791
4826
  _chunkSMVZ3ZDJcjs.__name.call(void 0, reqwherestr, "reqwherestr");
4792
4827
  function reqfield(queryData) {
4793
- if (_optionalChain([queryData, 'optionalAccess', _556 => _556.fd])) {
4828
+ if (_optionalChain([queryData, 'optionalAccess', _561 => _561.fd])) {
4794
4829
  return queryData.fd.split("-");
4795
4830
  }
4796
4831
  return cfg.field.data;
@@ -4798,14 +4833,14 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4798
4833
  _chunkSMVZ3ZDJcjs.__name.call(void 0, reqfield, "reqfield");
4799
4834
  function reqwhere(queryData) {
4800
4835
  const wheretmp = [];
4801
- if ((_optionalChain([cfg, 'optionalAccess', _557 => _557.type]) === "sqlite" || _optionalChain([cfg, 'optionalAccess', _558 => _558.type]) === "mysql") && _optionalChain([queryData, 'optionalAccess', _559 => _559.wlv])) {
4836
+ if ((_optionalChain([cfg, 'optionalAccess', _562 => _562.type]) === "sqlite" || _optionalChain([cfg, 'optionalAccess', _563 => _563.type]) === "mysql") && _optionalChain([queryData, 'optionalAccess', _564 => _564.wlv])) {
4802
4837
  const wlvarr = queryData.wlv.split("-");
4803
4838
  wheretmp.push([wlvarr[0], ">", Number(wlvarr[1] || 0)]);
4804
4839
  }
4805
- if (_optionalChain([queryData, 'optionalAccess', _560 => _560.fl])) {
4840
+ if (_optionalChain([queryData, 'optionalAccess', _565 => _565.fl])) {
4806
4841
  wheretmp.push([cfg.field.class, "LIKE", reqwherestr(`${queryData.fl}%`)]);
4807
4842
  }
4808
- if (_optionalChain([queryData, 'optionalAccess', _561 => _561.ss]) && _optionalChain([queryData, 'optionalAccess', _562 => _562.ssty])) {
4843
+ if (_optionalChain([queryData, 'optionalAccess', _566 => _566.ss]) && _optionalChain([queryData, 'optionalAccess', _567 => _567.ssty])) {
4809
4844
  wheretmp.push([queryData.ssty, "LIKE", reqwherestr(`%${queryData.ss}%`)]);
4810
4845
  }
4811
4846
  if (wheretmp.length > 1) {
@@ -4816,16 +4851,16 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4816
4851
  _chunkSMVZ3ZDJcjs.__name.call(void 0, reqwhere, "reqwhere");
4817
4852
  function reqorder(queryData) {
4818
4853
  const ordertmp = [];
4819
- if (_optionalChain([queryData, 'optionalAccess', _563 => _563.sx])) {
4820
- ordertmp.push([queryData.sx, _optionalChain([queryData, 'optionalAccess', _564 => _564.sxty]) == 1 ? "DESC" : "ASC"]);
4854
+ if (_optionalChain([queryData, 'optionalAccess', _568 => _568.sx])) {
4855
+ ordertmp.push([queryData.sx, _optionalChain([queryData, 'optionalAccess', _569 => _569.sxty]) == 1 ? "DESC" : "ASC"]);
4821
4856
  }
4822
4857
  return ordertmp;
4823
4858
  }
4824
4859
  _chunkSMVZ3ZDJcjs.__name.call(void 0, reqorder, "reqorder");
4825
4860
  function reqlimit(queryData) {
4826
4861
  let limittmp = "";
4827
- let limitps = _optionalChain([queryData, 'optionalAccess', _565 => _565.ps]);
4828
- if (_optionalChain([queryData, 'optionalAccess', _566 => _566.pg])) {
4862
+ let limitps = _optionalChain([queryData, 'optionalAccess', _570 => _570.ps]);
4863
+ if (_optionalChain([queryData, 'optionalAccess', _571 => _571.pg])) {
4829
4864
  limitps = limitps || 20;
4830
4865
  limittmp = `${(queryData.pg - 1) * limitps},${limitps}`;
4831
4866
  } else if (limitps) {
@@ -4878,8 +4913,8 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4878
4913
  _chunkSMVZ3ZDJcjs.__name.call(void 0, fileKeyFromSegment, "fileKeyFromSegment");
4879
4914
  function getSqlParamsByUrl(req, opt) {
4880
4915
  let tmpSqlParams;
4881
- const reqArr = _optionalChain([req, 'optionalAccess', _567 => _567.url, 'optionalAccess', _568 => _568.split, 'call', _569 => _569("?"), 'access', _570 => _570[0], 'optionalAccess', _571 => _571.split, 'call', _572 => _572("/")]) || [];
4882
- const table = (_optionalChain([opt, 'optionalAccess', _573 => _573.qrdata, 'optionalAccess', _574 => _574.table]) || _optionalChain([opt, 'optionalAccess', _575 => _575.data, 'optionalAccess', _576 => _576.table]) || reqArr[3]).replaceAll("_", "/");
4916
+ const reqArr = _optionalChain([req, 'optionalAccess', _572 => _572.url, 'optionalAccess', _573 => _573.split, 'call', _574 => _574("?"), 'access', _575 => _575[0], 'optionalAccess', _576 => _576.split, 'call', _577 => _577("/")]) || [];
4917
+ const table = (_optionalChain([opt, 'optionalAccess', _578 => _578.qrdata, 'optionalAccess', _579 => _579.table]) || _optionalChain([opt, 'optionalAccess', _580 => _580.data, 'optionalAccess', _581 => _581.table]) || reqArr[3]).replaceAll("_", "/");
4883
4918
  if (!table) return tmpSqlParams;
4884
4919
  tmpSqlParams = {
4885
4920
  type: "select",
@@ -4888,7 +4923,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4888
4923
  if (reqArr[5]) {
4889
4924
  if (reqArr[4] === "insert") {
4890
4925
  tmpSqlParams.type = reqArr[4];
4891
- if (_optionalChain([cfg, 'optionalAccess', _577 => _577.type]) === "file") {
4926
+ if (_optionalChain([cfg, 'optionalAccess', _582 => _582.type]) === "file") {
4892
4927
  const { name: bodyName, content } = parseFileBody(opt.data);
4893
4928
  const fileKey = fileKeyFromSegment(reqArr[5], bodyName);
4894
4929
  tmpSqlParams.field = cfg.field.data;
@@ -4912,11 +4947,11 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4912
4947
  }
4913
4948
  } else if (reqArr[4] === "update") {
4914
4949
  tmpSqlParams.type = reqArr[4];
4915
- const rowKey = _optionalChain([cfg, 'optionalAccess', _578 => _578.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
4950
+ const rowKey = _optionalChain([cfg, 'optionalAccess', _583 => _583.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
4916
4951
  tmpSqlParams.where = [[cfg.field.key, "=", reqwherestr(rowKey)]];
4917
- if (_optionalChain([cfg, 'optionalAccess', _579 => _579.type]) === "file") {
4952
+ if (_optionalChain([cfg, 'optionalAccess', _584 => _584.type]) === "file") {
4918
4953
  const { content } = parseFileBody(opt.data);
4919
- const contentField = _optionalChain([cfg, 'access', _580 => _580.field, 'access', _581 => _581.data, 'optionalAccess', _582 => _582[1]]) || "content";
4954
+ const contentField = _optionalChain([cfg, 'access', _585 => _585.field, 'access', _586 => _586.data, 'optionalAccess', _587 => _587[1]]) || "content";
4920
4955
  tmpSqlParams.set = [[contentField, fileContentString(content)]];
4921
4956
  } else {
4922
4957
  tmpSqlParams.set = [];
@@ -4933,18 +4968,18 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4933
4968
  }
4934
4969
  } else if (reqArr[4] === "delete") {
4935
4970
  tmpSqlParams.type = reqArr[4];
4936
- const rowKey = _optionalChain([cfg, 'optionalAccess', _583 => _583.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
4971
+ const rowKey = _optionalChain([cfg, 'optionalAccess', _588 => _588.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
4937
4972
  tmpSqlParams.where = [[cfg.field.key, "=", reqwherestr(rowKey)]];
4938
4973
  } else {
4939
- if (_optionalChain([cfg, 'optionalAccess', _584 => _584.as]) > 1) {
4974
+ if (_optionalChain([cfg, 'optionalAccess', _589 => _589.as]) > 1) {
4940
4975
  tmpSqlParams.as = +cfg.as - 1;
4941
4976
  }
4942
4977
  tmpSqlParams.field = cfg.field.data;
4943
- const rowKey = _optionalChain([cfg, 'optionalAccess', _585 => _585.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
4978
+ const rowKey = _optionalChain([cfg, 'optionalAccess', _590 => _590.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
4944
4979
  tmpSqlParams.where = [[cfg.field.key, "=", reqwherestr(rowKey)]];
4945
4980
  }
4946
4981
  } else {
4947
- tmpSqlParams.as = _optionalChain([cfg, 'optionalAccess', _586 => _586.as]);
4982
+ tmpSqlParams.as = _optionalChain([cfg, 'optionalAccess', _591 => _591.as]);
4948
4983
  tmpSqlParams.field = reqfield(opt.data);
4949
4984
  tmpSqlParams.where = reqwhere(opt.data);
4950
4985
  tmpSqlParams.order = reqorder(opt.data);
@@ -4954,8 +4989,8 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4954
4989
  }
4955
4990
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getSqlParamsByUrl, "getSqlParamsByUrl");
4956
4991
  function dbFresh(req, resdb) {
4957
- if (_optionalChain([req, 'optionalAccess', _587 => _587.url, 'optionalAccess', _588 => _588.includes, 'call', _589 => _589("/selectlist/")])) {
4958
- const list = Array.isArray(resdb) ? resdb : _optionalChain([resdb, 'optionalAccess', _590 => _590.data]);
4992
+ if (_optionalChain([req, 'optionalAccess', _592 => _592.url, 'optionalAccess', _593 => _593.includes, 'call', _594 => _594("/selectlist/")])) {
4993
+ const list = Array.isArray(resdb) ? resdb : _optionalChain([resdb, 'optionalAccess', _595 => _595.data]);
4959
4994
  if (Array.isArray(list)) {
4960
4995
  const names = list.map((el) => {
4961
4996
  if (typeof el === "string") {
@@ -4976,14 +5011,42 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4976
5011
  return resdb;
4977
5012
  }
4978
5013
  _chunkSMVZ3ZDJcjs.__name.call(void 0, dbFresh, "dbFresh");
5014
+ function normalizeFileSelectRow(row) {
5015
+ const nameKey = _optionalChain([cfg, 'access', _596 => _596.field, 'optionalAccess', _597 => _597.data, 'optionalAccess', _598 => _598[0]]) || "name";
5016
+ const contentKey = _optionalChain([cfg, 'access', _599 => _599.field, 'optionalAccess', _600 => _600.data, 'optionalAccess', _601 => _601[1]]) || "content";
5017
+ if (!row || typeof row !== "object") return row;
5018
+ const out = { ...row };
5019
+ if (out[nameKey] != null) {
5020
+ out[nameKey] = bareFileName(String(out[nameKey]));
5021
+ }
5022
+ const raw = out[contentKey];
5023
+ if (raw != null && typeof raw !== "string") {
5024
+ out[contentKey] = JSON.stringify(raw);
5025
+ }
5026
+ return out;
5027
+ }
5028
+ _chunkSMVZ3ZDJcjs.__name.call(void 0, normalizeFileSelectRow, "normalizeFileSelectRow");
5029
+ function isFileSingleNameSelect(params) {
5030
+ return _optionalChain([cfg, 'optionalAccess', _602 => _602.type]) === "file" && _optionalChain([params, 'optionalAccess', _603 => _603.type]) === "select" && !!_optionalChain([params, 'optionalAccess', _604 => _604.where, 'optionalAccess', _605 => _605.length]);
5031
+ }
5032
+ _chunkSMVZ3ZDJcjs.__name.call(void 0, isFileSingleNameSelect, "isFileSingleNameSelect");
4979
5033
  function normalizeSelectResult(params, resdb) {
4980
5034
  let data = resdb;
4981
- if (_optionalChain([params, 'optionalAccess', _591 => _591.where, 'optionalAccess', _592 => _592.length]) && Array.isArray(data) && data.length === 1) {
5035
+ if (isFileSingleNameSelect(params)) {
5036
+ if (Array.isArray(data)) {
5037
+ return data.map(normalizeFileSelectRow);
5038
+ }
5039
+ if (data && typeof data === "object") {
5040
+ return [normalizeFileSelectRow(data)];
5041
+ }
5042
+ return data;
5043
+ }
5044
+ if (_optionalChain([params, 'optionalAccess', _606 => _606.where, 'optionalAccess', _607 => _607.length]) && Array.isArray(data) && data.length === 1) {
4982
5045
  data = data[0];
4983
5046
  }
4984
- if (_optionalChain([cfg, 'optionalAccess', _593 => _593.type]) === "file" && data && typeof data === "object" && !Array.isArray(data)) {
4985
- const nameKey = _optionalChain([cfg, 'access', _594 => _594.field, 'optionalAccess', _595 => _595.data, 'optionalAccess', _596 => _596[0]]) || "name";
4986
- const contentKey = _optionalChain([cfg, 'access', _597 => _597.field, 'optionalAccess', _598 => _598.data, 'optionalAccess', _599 => _599[1]]) || "content";
5047
+ if (_optionalChain([cfg, 'optionalAccess', _608 => _608.type]) === "file" && data && typeof data === "object" && !Array.isArray(data)) {
5048
+ const nameKey = _optionalChain([cfg, 'access', _609 => _609.field, 'optionalAccess', _610 => _610.data, 'optionalAccess', _611 => _611[0]]) || "name";
5049
+ const contentKey = _optionalChain([cfg, 'access', _612 => _612.field, 'optionalAccess', _613 => _613.data, 'optionalAccess', _614 => _614[1]]) || "content";
4987
5050
  if (data[nameKey] != null) {
4988
5051
  data[nameKey] = bareFileName(String(data[nameKey]));
4989
5052
  }
@@ -5002,7 +5065,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5002
5065
  }
5003
5066
  _chunkSMVZ3ZDJcjs.__name.call(void 0, normalizeSelectResult, "normalizeSelectResult");
5004
5067
  function dbCodePm(req, resdb) {
5005
- if (_optionalChain([req, 'optionalAccess', _600 => _600.Userinfo]) && _optionalChain([req, 'optionalAccess', _601 => _601.Userinfo, 'access', _602 => _602[2]])) {
5068
+ if (_optionalChain([req, 'optionalAccess', _615 => _615.Userinfo]) && _optionalChain([req, 'optionalAccess', _616 => _616.Userinfo, 'access', _617 => _617[2]])) {
5006
5069
  if (resdb != null && typeof resdb === "object") {
5007
5070
  resdb.data = $asai.$lib.AsCode.asencode(JSON.stringify(resdb.data), req.Userinfo[2]);
5008
5071
  }
@@ -5016,8 +5079,8 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5016
5079
  DataServer.sqlDb(params).then((resdb) => {
5017
5080
  res.end(JSON.stringify($asai.$lib.As.ctxSuccess(dbCodePm(req, dbFresh(req, resdb)), opt)));
5018
5081
  }).catch((errdb) => {
5019
- const msg = String(_optionalChain([errdb, 'optionalAccess', _603 => _603.message]) || errdb || "");
5020
- if (_optionalChain([params, 'optionalAccess', _604 => _604.type]) === "select" && msg.includes("no such table")) {
5082
+ const msg = String(_optionalChain([errdb, 'optionalAccess', _618 => _618.message]) || errdb || "");
5083
+ if (_optionalChain([params, 'optionalAccess', _619 => _619.type]) === "select" && msg.includes("no such table")) {
5021
5084
  res.end(JSON.stringify($asai.$lib.As.ctxSuccess([], opt)));
5022
5085
  return;
5023
5086
  }
@@ -5034,23 +5097,23 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5034
5097
  try {
5035
5098
  DataServer.sqlDb(params).then((resdb) => {
5036
5099
  let resData = normalizeSelectResult(params, dbFresh(req, resdb));
5037
- if (_optionalChain([params, 'optionalAccess', _605 => _605.as]) === 2 && _optionalChain([params, 'optionalAccess', _606 => _606.field, 'optionalAccess', _607 => _607.length]) > 1) {
5100
+ if (_optionalChain([params, 'optionalAccess', _620 => _620.as]) === 2 && _optionalChain([params, 'optionalAccess', _621 => _621.field, 'optionalAccess', _622 => _622.length]) > 1) {
5038
5101
  let limitArr = [];
5039
- if (_optionalChain([params, 'access', _608 => _608.limit, 'optionalAccess', _609 => _609.split, 'call', _610 => _610(","), 'optionalAccess', _611 => _611.length]) < 2) {
5040
- limitArr = [0, +_optionalChain([params, 'access', _612 => _612.limit, 'optionalAccess', _613 => _613.split, 'call', _614 => _614(","), 'optionalAccess', _615 => _615[0]])];
5102
+ if (_optionalChain([params, 'access', _623 => _623.limit, 'optionalAccess', _624 => _624.split, 'call', _625 => _625(","), 'optionalAccess', _626 => _626.length]) < 2) {
5103
+ limitArr = [0, +_optionalChain([params, 'access', _627 => _627.limit, 'optionalAccess', _628 => _628.split, 'call', _629 => _629(","), 'optionalAccess', _630 => _630[0]])];
5041
5104
  } else {
5042
5105
  limitArr = params.limit.split(",");
5043
5106
  limitArr = [+limitArr[0], +limitArr[0] + +limitArr[1]];
5044
5107
  }
5045
- if (_optionalChain([resData, 'access', _616 => _616.data, 'optionalAccess', _617 => _617.length])) {
5108
+ if (_optionalChain([resData, 'access', _631 => _631.data, 'optionalAccess', _632 => _632.length])) {
5046
5109
  resData.data = resData.data.slice(+limitArr[0], +limitArr[1]);
5047
5110
  }
5048
5111
  }
5049
5112
  resData = dbCodePm(req, resData);
5050
5113
  res.end(JSON.stringify($asai.$lib.As.ctxSuccess(resData, opt)));
5051
5114
  }).catch((errdb) => {
5052
- const msg = String(_optionalChain([errdb, 'optionalAccess', _618 => _618.message]) || errdb || "");
5053
- if (_optionalChain([params, 'optionalAccess', _619 => _619.type]) === "select" && msg.includes("no such table")) {
5115
+ const msg = String(_optionalChain([errdb, 'optionalAccess', _633 => _633.message]) || errdb || "");
5116
+ if (_optionalChain([params, 'optionalAccess', _634 => _634.type]) === "select" && msg.includes("no such table")) {
5054
5117
  res.end(JSON.stringify($asai.$lib.As.ctxSuccess([], opt)));
5055
5118
  return;
5056
5119
  }
@@ -5065,7 +5128,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5065
5128
  }
5066
5129
  _chunkSMVZ3ZDJcjs.__name.call(void 0, runDefaultGet, "runDefaultGet");
5067
5130
  function post(req, res, hostdir, opt) {
5068
- if (_optionalChain([cfg, 'optionalAccess', _620 => _620.post]) && typeof cfg.post === "function") {
5131
+ if (_optionalChain([cfg, 'optionalAccess', _635 => _635.post]) && typeof cfg.post === "function") {
5069
5132
  Promise.resolve(cfg.post(req, res, hostdir, opt, DataServer)).then((reqstat) => {
5070
5133
  if (!reqstat) runDefaultPost(req, res, opt);
5071
5134
  }).catch((errdb) => {
@@ -5077,7 +5140,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5077
5140
  }
5078
5141
  _chunkSMVZ3ZDJcjs.__name.call(void 0, post, "post");
5079
5142
  function get(req, res, hostdir, opt) {
5080
- if (_optionalChain([cfg, 'optionalAccess', _621 => _621.get]) && typeof cfg.get === "function") {
5143
+ if (_optionalChain([cfg, 'optionalAccess', _636 => _636.get]) && typeof cfg.get === "function") {
5081
5144
  Promise.resolve(cfg.get(req, res, hostdir, opt, DataServer)).then((reqstat) => {
5082
5145
  if (!reqstat) runDefaultGet(req, res, opt);
5083
5146
  }).catch((errdb) => {
@@ -5092,6 +5155,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5092
5155
  }, "default");
5093
5156
 
5094
5157
  // src/sysserver/lib/common/reqWork.ts
5158
+
5095
5159
  var reqWork_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
5096
5160
  function hostDefault2(mod) {
5097
5161
  if (mod && typeof mod === "object" && "default" in mod) {
@@ -5102,8 +5166,33 @@ var reqWork_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($as
5102
5166
  }
5103
5167
  _chunkSMVZ3ZDJcjs.__name.call(void 0, hostDefault2, "hostDefault");
5104
5168
  function getPathFromOpt(opt) {
5105
- const rawPath = _optionalChain([opt, 'access', _622 => _622.qrdata, 'optionalAccess', _623 => _623.path]) || _optionalChain([opt, 'access', _624 => _624.data, 'optionalAccess', _625 => _625.path]);
5106
- return decodeURIComponent(rawPath);
5169
+ const rawPath = _optionalChain([opt, 'access', _637 => _637.qrdata, 'optionalAccess', _638 => _638.path]) || _optionalChain([opt, 'access', _639 => _639.data, 'optionalAccess', _640 => _640.path]);
5170
+ if (!rawPath) {
5171
+ throw new Error("Missing path");
5172
+ }
5173
+ const decoded = decodeURIComponent(String(rawPath));
5174
+ if (path4.isAbsolute(decoded)) {
5175
+ return path4.normalize(decoded);
5176
+ }
5177
+ const rel = decoded.replace(/^\.(\/)?/, "");
5178
+ const serverRoot = _optionalChain([$asai, 'optionalAccess', _641 => _641.serverRoot]);
5179
+ if (serverRoot && rel) {
5180
+ const absRoot = path4.resolve(serverRoot);
5181
+ const abs = path4.resolve(absRoot, rel);
5182
+ const relCheck = path4.relative(absRoot, abs);
5183
+ if (relCheck === "" || !relCheck.startsWith("..") && !path4.isAbsolute(relCheck)) {
5184
+ return abs;
5185
+ }
5186
+ }
5187
+ const roots = _optionalChain([$asai, 'optionalAccess', _642 => _642.asaihost, 'optionalAccess', _643 => _643.getHostAllowedRoots, 'optionalCall', _644 => _644(_optionalChain([$asai, 'optionalAccess', _645 => _645.hostconfig]))]) || [];
5188
+ if (!roots.length) {
5189
+ const fallback = _optionalChain([$asai, 'optionalAccess', _646 => _646.serverRoot]) || process.cwd();
5190
+ if (fallback) roots.push(fallback);
5191
+ }
5192
+ if (!_optionalChain([$asai, 'optionalAccess', _647 => _647.asaihost, 'optionalAccess', _648 => _648.resolvePathUnderRoots])) {
5193
+ throw new Error("Path resolver unavailable");
5194
+ }
5195
+ return $asai.asaihost.resolvePathUnderRoots(decoded, roots);
5107
5196
  }
5108
5197
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getPathFromOpt, "getPathFromOpt");
5109
5198
  function sendSuccess(res, data, opt) {
@@ -5112,18 +5201,18 @@ var reqWork_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($as
5112
5201
  }
5113
5202
  _chunkSMVZ3ZDJcjs.__name.call(void 0, sendSuccess, "sendSuccess");
5114
5203
  function sendErr(res, ec, params, opt) {
5115
- const ErrorCode = _optionalChain([$asai, 'access', _626 => _626.$lib, 'optionalAccess', _627 => _627.ErrorCode]);
5116
- _optionalChain([ErrorCode, 'optionalAccess', _628 => _628.loadErrorCodes, 'optionalCall', _629 => _629($asai)]);
5117
- _optionalChain([ErrorCode, 'optionalAccess', _630 => _630.logError, 'optionalCall', _631 => _631($asai, ec, Array.isArray(params) ? params.map(String) : params != null ? [String(params)] : void 0)]);
5204
+ const ErrorCode = _optionalChain([$asai, 'access', _649 => _649.$lib, 'optionalAccess', _650 => _650.ErrorCode]);
5205
+ _optionalChain([ErrorCode, 'optionalAccess', _651 => _651.loadErrorCodes, 'optionalCall', _652 => _652($asai)]);
5206
+ _optionalChain([ErrorCode, 'optionalAccess', _653 => _653.logError, 'optionalCall', _654 => _654($asai, ec, Array.isArray(params) ? params.map(String) : params != null ? [String(params)] : void 0)]);
5118
5207
  const response = $asai.$lib.As.ctxErr(ec, params, opt);
5119
5208
  res.end(JSON.stringify(response));
5120
5209
  }
5121
5210
  _chunkSMVZ3ZDJcjs.__name.call(void 0, sendErr, "sendErr");
5122
5211
  function sendFail(res, err, opt) {
5123
- const ErrorCode = _optionalChain([$asai, 'access', _632 => _632.$lib, 'optionalAccess', _633 => _633.ErrorCode]);
5124
- _optionalChain([ErrorCode, 'optionalAccess', _634 => _634.loadErrorCodes, 'optionalCall', _635 => _635($asai)]);
5125
- const normalized = _optionalChain([ErrorCode, 'optionalAccess', _636 => _636.normalizeErrPayload, 'optionalCall', _637 => _637(err)]);
5126
- if (_optionalChain([normalized, 'optionalAccess', _638 => _638.ec])) {
5212
+ const ErrorCode = _optionalChain([$asai, 'access', _655 => _655.$lib, 'optionalAccess', _656 => _656.ErrorCode]);
5213
+ _optionalChain([ErrorCode, 'optionalAccess', _657 => _657.loadErrorCodes, 'optionalCall', _658 => _658($asai)]);
5214
+ const normalized = _optionalChain([ErrorCode, 'optionalAccess', _659 => _659.normalizeErrPayload, 'optionalCall', _660 => _660(err)]);
5215
+ if (_optionalChain([normalized, 'optionalAccess', _661 => _661.ec])) {
5127
5216
  return sendErr(res, normalized.ec, normalized.pm, opt);
5128
5217
  }
5129
5218
  const response = $asai.$lib.As.ctxFail(err);
@@ -5131,7 +5220,7 @@ var reqWork_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($as
5131
5220
  }
5132
5221
  _chunkSMVZ3ZDJcjs.__name.call(void 0, sendFail, "sendFail");
5133
5222
  function mnLog(...arg) {
5134
- (_optionalChain([$asai, 'optionalAccess', _639 => _639.$log]) || console.log)(...arg);
5223
+ (_optionalChain([$asai, 'optionalAccess', _662 => _662.$log]) || console.log)(...arg);
5135
5224
  }
5136
5225
  _chunkSMVZ3ZDJcjs.__name.call(void 0, mnLog, "mnLog");
5137
5226
  return { hostDefault: hostDefault2, getPathFromOpt, sendSuccess, sendFail, sendErr, mnLog };
@@ -5231,7 +5320,7 @@ async function removeFile(filePath) {
5231
5320
  try {
5232
5321
  await _promises2.default.unlink(nodePath2.default.normalize(filePath));
5233
5322
  } catch (err) {
5234
- if (_optionalChain([err, 'optionalAccess', _640 => _640.code]) !== "ENOENT") throw err;
5323
+ if (_optionalChain([err, 'optionalAccess', _663 => _663.code]) !== "ENOENT") throw err;
5235
5324
  }
5236
5325
  }
5237
5326
  _chunkSMVZ3ZDJcjs.__name.call(void 0, removeFile, "removeFile");
@@ -5251,83 +5340,6 @@ async function writeJson(filePath, data) {
5251
5340
  }
5252
5341
  _chunkSMVZ3ZDJcjs.__name.call(void 0, writeJson, "writeJson");
5253
5342
 
5254
- // src/sysserver/lib/common/AsPath.ts
5255
- var AsPath_exports = {};
5256
- _chunkSMVZ3ZDJcjs.__export.call(void 0, AsPath_exports, {
5257
- getEntryDir: () => getEntryDir,
5258
- getExecDir: () => getExecDir,
5259
- getPkgSnapshotDir: () => getPkgSnapshotDir,
5260
- getPrimaryServerRoot: () => getPrimaryServerRoot,
5261
- getRuntimeBaseDirs: () => getRuntimeBaseDirs,
5262
- isPkgRuntime: () => isPkgRuntime
5263
- });
5264
-
5265
-
5266
- function isPkgRuntime() {
5267
- return typeof process.pkg !== "undefined";
5268
- }
5269
- _chunkSMVZ3ZDJcjs.__name.call(void 0, isPkgRuntime, "isPkgRuntime");
5270
- function getPkgSnapshotDir() {
5271
- if (!isPkgRuntime()) return void 0;
5272
- const entry = _nullishCoalesce(_optionalChain([process, 'access', _641 => _641.pkg, 'optionalAccess', _642 => _642.entrypoint]), () => ( _optionalChain([process, 'access', _643 => _643.pkg, 'optionalAccess', _644 => _644.defaultEntrypoint])));
5273
- if (!entry) return void 0;
5274
- return nodePath4.resolve(nodePath4.dirname(entry));
5275
- }
5276
- _chunkSMVZ3ZDJcjs.__name.call(void 0, getPkgSnapshotDir, "getPkgSnapshotDir");
5277
- function getEntryDir() {
5278
- const snapshot = getPkgSnapshotDir();
5279
- if (snapshot) return snapshot;
5280
- const entry = process.argv[1];
5281
- if (!entry) {
5282
- return nodePath4.dirname(process.execPath);
5283
- }
5284
- return nodePath4.resolve(nodePath4.dirname(entry));
5285
- }
5286
- _chunkSMVZ3ZDJcjs.__name.call(void 0, getEntryDir, "getEntryDir");
5287
- function getExecDir() {
5288
- return nodePath4.dirname(process.execPath);
5289
- }
5290
- _chunkSMVZ3ZDJcjs.__name.call(void 0, getExecDir, "getExecDir");
5291
- function getRuntimeBaseDirs() {
5292
- const bases = [];
5293
- const seen = /* @__PURE__ */ new Set();
5294
- const add = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (p) => {
5295
- if (!p) return;
5296
- const abs = nodePath4.resolve(p);
5297
- if (!seen.has(abs)) {
5298
- seen.add(abs);
5299
- bases.push(abs);
5300
- }
5301
- }, "add");
5302
- add(process.cwd());
5303
- add(getExecDir());
5304
- if (isPkgRuntime()) {
5305
- add(getPkgSnapshotDir());
5306
- } else {
5307
- const entryDir = getEntryDir();
5308
- if (entryDir !== getExecDir()) {
5309
- add(entryDir);
5310
- }
5311
- }
5312
- return bases;
5313
- }
5314
- _chunkSMVZ3ZDJcjs.__name.call(void 0, getRuntimeBaseDirs, "getRuntimeBaseDirs");
5315
- function getPrimaryServerRoot() {
5316
- for (const base of getRuntimeBaseDirs()) {
5317
- try {
5318
- if (fs10.statSync(nodePath4.join(base, "websys")).isDirectory()) {
5319
- return base;
5320
- }
5321
- } catch (e46) {
5322
- }
5323
- }
5324
- if (isPkgRuntime()) {
5325
- return getExecDir();
5326
- }
5327
- return getEntryDir();
5328
- }
5329
- _chunkSMVZ3ZDJcjs.__name.call(void 0, getPrimaryServerRoot, "getPrimaryServerRoot");
5330
-
5331
5343
  // src/sysserver/lib/index.ts
5332
5344
  var lib_default = {
5333
5345
  As: As_default,
@@ -5335,12 +5347,12 @@ var lib_default = {
5335
5347
  AsAES: AsAES_default,
5336
5348
  AsDb: AsDb_default,
5337
5349
  AsFs: AsFs_exports,
5338
- AsPath: AsPath_exports,
5350
+ AsPath: _chunkHR5JKN7Ycjs.AsPath_exports,
5339
5351
  reqWork: reqWork_default,
5340
5352
  ErrorCode: ErrorCode_default,
5341
- InterventionLog: _chunk4E7Z5K5Ucjs.InterventionLog_exports,
5342
- LogStore: _chunkTKJAHTPOcjs.LogStore_exports,
5343
- InterventionHooks: _chunkRIRKIYETcjs.intervention_hooks_exports
5353
+ InterventionLog: _chunkU2YJH2RWcjs.InterventionLog_exports,
5354
+ LogStore: _chunkHR5JKN7Ycjs.LogStore_exports,
5355
+ InterventionHooks: _chunkARHPHWT5cjs.intervention_hooks_exports
5344
5356
  };
5345
5357
 
5346
5358
  // src/sysserver/db/src/common.ts
@@ -5421,11 +5433,11 @@ function toInsertRows(sql) {
5421
5433
  }
5422
5434
  _chunkSMVZ3ZDJcjs.__name.call(void 0, toInsertRows, "toInsertRows");
5423
5435
  function isPathInside(baseDir, targetPath) {
5424
- const base = path5.resolve(baseDir);
5425
- const target = path5.resolve(targetPath);
5426
- const relative4 = path5.relative(base, target);
5427
- if (!relative4) return true;
5428
- return !relative4.startsWith("..") && !path5.isAbsolute(relative4);
5436
+ const base = path6.resolve(baseDir);
5437
+ const target = path6.resolve(targetPath);
5438
+ const relative5 = path6.relative(base, target);
5439
+ if (!relative5) return true;
5440
+ return !relative5.startsWith("..") && !path6.isAbsolute(relative5);
5429
5441
  }
5430
5442
  _chunkSMVZ3ZDJcjs.__name.call(void 0, isPathInside, "isPathInside");
5431
5443
  function joinTablePath(table, ...segments) {
@@ -5620,22 +5632,23 @@ function dbDriver(opt = {}) {
5620
5632
  this.fileExt = config.ext === ".*" ? "" : config.ext || "";
5621
5633
  this.fileDel = (config.del || 0) !== 0;
5622
5634
  this.createDir = config.create || false;
5623
- this.baseDirAbs = path6.resolve(process.cwd(), config.dir);
5635
+ const root = _optionalChain([config, 'access', _664 => _664.$asai, 'optionalAccess', _665 => _665.serverRoot]) || _chunkHR5JKN7Ycjs.getPrimaryServerRoot.call(void 0, );
5636
+ this.baseDirAbs = path7.resolve(root, config.dir);
5624
5637
  }
5625
5638
  dbLog(...args) {
5626
- (_optionalChain([this, 'access', _645 => _645.config, 'optionalAccess', _646 => _646.$asai, 'optionalAccess', _647 => _647.$log]) || console.log)("FILE", ...args);
5639
+ (_optionalChain([this, 'access', _666 => _666.config, 'optionalAccess', _667 => _667.$asai, 'optionalAccess', _668 => _668.$log]) || console.log)("FILE", ...args);
5627
5640
  }
5628
5641
  checkFile(file) {
5629
- return fs11.existsSync(this.getAbsPath(file, false));
5642
+ return fs10.existsSync(this.getAbsPath(file, false));
5630
5643
  }
5631
5644
  /** 解析相对路径并限制在数据根目录内,防止路径穿越(跨平台) */
5632
5645
  resolvePath(relPath) {
5633
5646
  if (!relPath) {
5634
5647
  return this.baseDirAbs;
5635
5648
  }
5636
- const abs = path6.isAbsolute(relPath) ? path6.normalize(relPath) : path6.resolve(this.baseDirAbs, relPath);
5649
+ const abs = path7.isAbsolute(relPath) ? path7.normalize(relPath) : path7.resolve(this.baseDirAbs, relPath);
5637
5650
  if (!isPathInside2(this.baseDirAbs, abs)) {
5638
- return this.baseDirAbs;
5651
+ throw new Error("Path not allowed");
5639
5652
  }
5640
5653
  return abs;
5641
5654
  }
@@ -5647,15 +5660,15 @@ function dbDriver(opt = {}) {
5647
5660
  if (!relPath) {
5648
5661
  return "";
5649
5662
  }
5650
- return path6.isAbsolute(relPath) ? path6.relative(this.baseDirAbs, relPath) : relPath;
5663
+ return path7.isAbsolute(relPath) ? path7.relative(this.baseDirAbs, relPath) : relPath;
5651
5664
  }
5652
5665
  ensureDir(relPath) {
5653
- const relative4 = this.normalizeRelPath(relPath);
5654
- const dirPath = path6.dirname(relative4);
5666
+ const relative5 = this.normalizeRelPath(relPath);
5667
+ const dirPath = path7.dirname(relative5);
5655
5668
  const absDir = this.resolvePath(dirPath === "." ? "" : dirPath);
5656
- if (this.createDir && !fs11.existsSync(absDir)) {
5669
+ if (this.createDir && !fs10.existsSync(absDir)) {
5657
5670
  this.dbLog("mkdir", "[MKDIR]", absDir);
5658
- fs11.mkdirSync(absDir, { recursive: true });
5671
+ fs10.mkdirSync(absDir, { recursive: true });
5659
5672
  }
5660
5673
  return absDir;
5661
5674
  }
@@ -5671,34 +5684,34 @@ function dbDriver(opt = {}) {
5671
5684
  }
5672
5685
  deldir(relativePath) {
5673
5686
  const absPath = this.resolvePath(relativePath);
5674
- if (!fs11.existsSync(absPath)) {
5687
+ if (!fs10.existsSync(absPath)) {
5675
5688
  return;
5676
5689
  }
5677
5690
  this.dbLog("delete", "[RMDIR]", absPath);
5678
- const entries = fs11.readdirSync(absPath, { withFileTypes: true });
5691
+ const entries = fs10.readdirSync(absPath, { withFileTypes: true });
5679
5692
  for (const entry of entries) {
5680
- const current = path6.join(absPath, entry.name);
5693
+ const current = path7.join(absPath, entry.name);
5681
5694
  if (entry.isDirectory()) {
5682
- this.deldir(path6.join(relativePath, entry.name));
5695
+ this.deldir(path7.join(relativePath, entry.name));
5683
5696
  } else {
5684
5697
  this.dbLog("delete", "[UNLINK]", current);
5685
- fs11.unlinkSync(current);
5698
+ fs10.unlinkSync(current);
5686
5699
  }
5687
5700
  }
5688
- fs11.rmdirSync(absPath);
5701
+ fs10.rmdirSync(absPath);
5689
5702
  }
5690
5703
  getReadPath(file, sql) {
5691
5704
  const candidates = [];
5692
- if (_optionalChain([sql, 'optionalAccess', _648 => _648.filename])) {
5693
- candidates.push({ dir: path6.join(file, sql.filename) });
5694
- candidates.push({ dir: path6.join(file + ".delete" + this.fileExt, sql.filename) });
5705
+ if (_optionalChain([sql, 'optionalAccess', _669 => _669.filename])) {
5706
+ candidates.push({ dir: path7.join(file, sql.filename) });
5707
+ candidates.push({ dir: path7.join(file + ".delete" + this.fileExt, sql.filename) });
5695
5708
  } else {
5696
5709
  candidates.push({ dir: file });
5697
5710
  candidates.push({ dir: file + this.fileExt + ".delete" });
5698
5711
  }
5699
5712
  for (const candidate of candidates) {
5700
5713
  const abs = this.getAbsPath(candidate.dir, false);
5701
- if (fs11.existsSync(abs)) {
5714
+ if (fs10.existsSync(abs)) {
5702
5715
  return { path: abs, dir: candidate.dir };
5703
5716
  }
5704
5717
  }
@@ -5709,22 +5722,22 @@ function dbDriver(opt = {}) {
5709
5722
  if (!read2.path) {
5710
5723
  return { path: "", dir: read2.dir };
5711
5724
  }
5712
- if (_optionalChain([sql, 'optionalAccess', _649 => _649.filename])) {
5713
- return { path: path6.dirname(read2.path), dir: path6.dirname(read2.dir) };
5725
+ if (_optionalChain([sql, 'optionalAccess', _670 => _670.filename])) {
5726
+ return { path: path7.dirname(read2.path), dir: path7.dirname(read2.dir) };
5714
5727
  }
5715
5728
  return { path: read2.path, dir: read2.dir };
5716
5729
  }
5717
5730
  getNewPath(file, sql) {
5718
- if (_optionalChain([sql, 'optionalAccess', _650 => _650.filename])) {
5719
- return this.getAbsPath(path6.join(file, sql.filename), true);
5731
+ if (_optionalChain([sql, 'optionalAccess', _671 => _671.filename])) {
5732
+ return this.getAbsPath(path7.join(file, sql.filename), true);
5720
5733
  }
5721
5734
  return this.getAbsPath(file, true);
5722
5735
  }
5723
5736
  write(file, data, sql) {
5724
5737
  try {
5725
- const filePath = _optionalChain([sql, 'optionalAccess', _651 => _651.type]) === "insert" ? this.getNewPath(file, sql) : this.getReadPath(file, sql).path || this.getNewPath(file, sql);
5738
+ const filePath = _optionalChain([sql, 'optionalAccess', _672 => _672.type]) === "insert" ? this.getNewPath(file, sql) : this.getReadPath(file, sql).path || this.getNewPath(file, sql);
5726
5739
  this.dbLog("write", "[WRITE]", filePath);
5727
- fs11.writeFileSync(filePath, data, "utf8");
5740
+ fs10.writeFileSync(filePath, data, "utf8");
5728
5741
  return "ok";
5729
5742
  } catch (e) {
5730
5743
  this.dbLog("write failed", "[WRITE ERROR]", e);
@@ -5738,7 +5751,7 @@ function dbDriver(opt = {}) {
5738
5751
  return { error: "empty" };
5739
5752
  }
5740
5753
  this.dbLog("read", "[READ]", read2.path);
5741
- const data = fs11.readFileSync(read2.path, { encoding }) || "";
5754
+ const data = fs10.readFileSync(read2.path, { encoding }) || "";
5742
5755
  const fileName = this.fileExt && read2.dir.endsWith(this.fileExt) ? read2.dir : read2.dir + this.fileExt;
5743
5756
  return [{ data, file: fileName }];
5744
5757
  } catch (e) {
@@ -5752,15 +5765,15 @@ function dbDriver(opt = {}) {
5752
5765
  if (!del.path) {
5753
5766
  return "";
5754
5767
  }
5755
- if (this.fileDel && _optionalChain([sql, 'optionalAccess', _652 => _652.deltrue])) {
5768
+ if (this.fileDel && _optionalChain([sql, 'optionalAccess', _673 => _673.deltrue])) {
5756
5769
  const target = del.path + ".delete" + this.fileExt;
5757
5770
  this.dbLog("soft delete", "[SOFT DELETE]", `${del.path} -> ${target}`);
5758
- fs11.renameSync(del.path, target);
5759
- } else if (_optionalChain([sql, 'optionalAccess', _653 => _653.filename])) {
5771
+ fs10.renameSync(del.path, target);
5772
+ } else if (_optionalChain([sql, 'optionalAccess', _674 => _674.filename])) {
5760
5773
  this.deldir(del.dir);
5761
5774
  } else {
5762
5775
  this.dbLog("delete", "[DELETE]", del.path);
5763
- fs11.unlinkSync(del.path);
5776
+ fs10.unlinkSync(del.path);
5764
5777
  }
5765
5778
  return "ok";
5766
5779
  } catch (e) {
@@ -5779,11 +5792,11 @@ function dbDriver(opt = {}) {
5779
5792
  const original = del.path.replace(new RegExp(`.delete${extPattern}$`), "");
5780
5793
  if (original !== del.path) {
5781
5794
  this.dbLog("restore", "[RESTORE]", `${del.path} -> ${original}`);
5782
- fs11.renameSync(del.path, original);
5795
+ fs10.renameSync(del.path, original);
5783
5796
  }
5784
5797
  } else {
5785
5798
  this.dbLog("force delete", "[FORCE DELETE]", del.path);
5786
- fs11.unlinkSync(del.path);
5799
+ fs10.unlinkSync(del.path);
5787
5800
  }
5788
5801
  return "ok";
5789
5802
  } catch (e) {
@@ -5797,9 +5810,9 @@ function dbDriver(opt = {}) {
5797
5810
  this.dbLog("list", "[LIST]", absDir);
5798
5811
  let entries;
5799
5812
  try {
5800
- entries = fs11.readdirSync(absDir, { withFileTypes: true });
5801
- } catch (e47) {
5802
- return _optionalChain([sql, 'optionalAccess', _654 => _654.list]) ? { open: [], delete: [] } : [];
5813
+ entries = fs10.readdirSync(absDir, { withFileTypes: true });
5814
+ } catch (e46) {
5815
+ return _optionalChain([sql, 'optionalAccess', _675 => _675.list]) ? { open: [], delete: [] } : [];
5803
5816
  }
5804
5817
  const result = { open: [], delete: [] };
5805
5818
  const deleteSuffix = ".delete" + this.fileExt;
@@ -5809,19 +5822,19 @@ function dbDriver(opt = {}) {
5809
5822
  const isDelete = fileName.endsWith(deleteSuffix);
5810
5823
  const baseName = isDelete ? fileName.slice(0, -deleteSuffix.length) : fileName;
5811
5824
  if (this.fileExt && !baseName.endsWith(this.fileExt)) continue;
5812
- const fullPath = path6.join(absDir, fileName);
5825
+ const fullPath = path7.join(absDir, fileName);
5813
5826
  try {
5814
- const data = fs11.readFileSync(fullPath, "utf8");
5827
+ const data = fs10.readFileSync(fullPath, "utf8");
5815
5828
  const entryData = { data, file: baseName };
5816
5829
  if (isDelete) {
5817
- if (_optionalChain([sql, 'optionalAccess', _655 => _655.list])) result.delete.push(entryData);
5830
+ if (_optionalChain([sql, 'optionalAccess', _676 => _676.list])) result.delete.push(entryData);
5818
5831
  } else {
5819
5832
  result.open.push(entryData);
5820
5833
  }
5821
- } catch (e48) {
5834
+ } catch (e47) {
5822
5835
  }
5823
5836
  }
5824
- return _optionalChain([sql, 'optionalAccess', _656 => _656.list]) ? result : result.open;
5837
+ return _optionalChain([sql, 'optionalAccess', _677 => _677.list]) ? result : result.open;
5825
5838
  } catch (e) {
5826
5839
  this.dbLog("list failed", "[LIST ERROR]", e);
5827
5840
  return e;
@@ -5831,7 +5844,7 @@ function dbDriver(opt = {}) {
5831
5844
  getFileNameFromWhere(where) {
5832
5845
  if (!where || !Array.isArray(where)) return "";
5833
5846
  const first = where.find((item) => Array.isArray(item));
5834
- const raw = _optionalChain([first, 'optionalAccess', _657 => _657[2]]);
5847
+ const raw = _optionalChain([first, 'optionalAccess', _678 => _678[2]]);
5835
5848
  if (typeof raw === "string") {
5836
5849
  return raw.replace(/^'+|'+$/g, "");
5837
5850
  }
@@ -5856,22 +5869,22 @@ function dbDriver(opt = {}) {
5856
5869
  const data = sql.set[0][1];
5857
5870
  result = this.write(this.tableFilePath(sql.table, file), data, sql);
5858
5871
  } else if (sql.type === "select") {
5859
- if (_optionalChain([sql, 'optionalAccess', _658 => _658.where, 'optionalAccess', _659 => _659.length]) && _optionalChain([sql, 'optionalAccess', _660 => _660.as]) !== 2) {
5872
+ if (_optionalChain([sql, 'optionalAccess', _679 => _679.where, 'optionalAccess', _680 => _680.length]) && _optionalChain([sql, 'optionalAccess', _681 => _681.as]) !== 2) {
5860
5873
  const file = this.getFileNameFromWhere(sql.where);
5861
5874
  const readRes = this.read(this.tableFilePath(sql.table, file), sql);
5862
5875
  const resObj = {};
5863
- if (_optionalChain([readRes, 'optionalAccess', _661 => _661[0], 'optionalAccess', _662 => _662.file]) && !readRes.error) {
5876
+ if (_optionalChain([readRes, 'optionalAccess', _682 => _682[0], 'optionalAccess', _683 => _683.file]) && !readRes.error) {
5864
5877
  if (sql.as === 1) {
5865
5878
  try {
5866
5879
  const parsed = JSON.parse(readRes[0].data);
5867
- if (_optionalChain([sql, 'access', _663 => _663.field, 'optionalAccess', _664 => _664.length])) {
5880
+ if (_optionalChain([sql, 'access', _684 => _684.field, 'optionalAccess', _685 => _685.length])) {
5868
5881
  sql.field.forEach((f) => {
5869
5882
  resObj[f] = _nullishCoalesce(parsed[f], () => ( ""));
5870
5883
  });
5871
5884
  } else {
5872
5885
  Object.assign(resObj, parsed);
5873
5886
  }
5874
- } catch (e49) {
5887
+ } catch (e48) {
5875
5888
  }
5876
5889
  } else {
5877
5890
  const fields = sql.field;
@@ -5885,7 +5898,7 @@ function dbDriver(opt = {}) {
5885
5898
  } else {
5886
5899
  const listRes = this.list(tableDir, sql);
5887
5900
  if (listRes && !listRes.error) {
5888
- if (_optionalChain([sql, 'optionalAccess', _665 => _665.list])) {
5901
+ if (_optionalChain([sql, 'optionalAccess', _686 => _686.list])) {
5889
5902
  const mapEntry = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (el) => {
5890
5903
  const fields = sql.field;
5891
5904
  const item = { [fields[0]]: el.file };
@@ -5896,9 +5909,9 @@ function dbDriver(opt = {}) {
5896
5909
  if (listRes.delete) listRes.delete = listRes.delete.map(mapEntry);
5897
5910
  result = listRes;
5898
5911
  } else {
5899
- if (_optionalChain([sql, 'optionalAccess', _666 => _666.as]) === 2) {
5912
+ if (_optionalChain([sql, 'optionalAccess', _687 => _687.as]) === 2) {
5900
5913
  let items = listRes;
5901
- if (_optionalChain([sql, 'access', _667 => _667.where, 'optionalAccess', _668 => _668.length])) {
5914
+ if (_optionalChain([sql, 'access', _688 => _688.where, 'optionalAccess', _689 => _689.length])) {
5902
5915
  const where = sql.where;
5903
5916
  const whereType = typeof where[0] === "string" ? where[0] : "and";
5904
5917
  items = items.filter((el) => {
@@ -5912,7 +5925,7 @@ function dbDriver(opt = {}) {
5912
5925
  let fieldVal = "";
5913
5926
  try {
5914
5927
  fieldVal = _nullishCoalesce(JSON.parse(el.data)[field], () => ( ""));
5915
- } catch (e50) {
5928
+ } catch (e49) {
5916
5929
  }
5917
5930
  const condMatch = String(fieldVal).includes(searchVal);
5918
5931
  if (whereType === "and") {
@@ -5930,18 +5943,18 @@ function dbDriver(opt = {}) {
5930
5943
  const obj = {};
5931
5944
  try {
5932
5945
  const parsed = JSON.parse(el.data);
5933
- if (_optionalChain([sql, 'access', _669 => _669.field, 'optionalAccess', _670 => _670.length])) {
5946
+ if (_optionalChain([sql, 'access', _690 => _690.field, 'optionalAccess', _691 => _691.length])) {
5934
5947
  sql.field.forEach((f) => {
5935
5948
  obj[f] = _nullishCoalesce(parsed[f], () => ( ""));
5936
5949
  });
5937
5950
  } else {
5938
5951
  Object.assign(obj, parsed);
5939
5952
  }
5940
- } catch (e51) {
5953
+ } catch (e50) {
5941
5954
  }
5942
5955
  return obj;
5943
5956
  });
5944
- if (_optionalChain([sql, 'access', _671 => _671.order, 'optionalAccess', _672 => _672.length])) {
5957
+ if (_optionalChain([sql, 'access', _692 => _692.order, 'optionalAccess', _693 => _693.length])) {
5945
5958
  const orderField = sql.order[0];
5946
5959
  const orderFieldName = typeof orderField === "string" ? orderField : orderField[0];
5947
5960
  const direction = typeof orderField === "string" ? "ASC" : String(orderField[1]).toUpperCase();
@@ -5962,7 +5975,7 @@ function dbDriver(opt = {}) {
5962
5975
  }
5963
5976
  }
5964
5977
  } else {
5965
- result = _optionalChain([sql, 'optionalAccess', _673 => _673.list]) ? { open: [], delete: [] } : [];
5978
+ result = _optionalChain([sql, 'optionalAccess', _694 => _694.list]) ? { open: [], delete: [] } : [];
5966
5979
  }
5967
5980
  }
5968
5981
  }
@@ -6018,7 +6031,7 @@ function sysserver($asai, opt = {}) {
6018
6031
  if (!$asai.$lib) $asai.$lib = {};
6019
6032
  $asai.$lib = { ...lib_default, ...$asai.$lib, ...opt || {} };
6020
6033
  $asai.dataserver = db_default;
6021
- _optionalChain([$asai, 'access', _674 => _674.$lib, 'access', _675 => _675.ErrorCode, 'optionalAccess', _676 => _676.loadErrorCodes, 'optionalCall', _677 => _677($asai)]);
6034
+ _optionalChain([$asai, 'access', _695 => _695.$lib, 'access', _696 => _696.ErrorCode, 'optionalAccess', _697 => _697.loadErrorCodes, 'optionalCall', _698 => _698($asai)]);
6022
6035
  if (!$asai.$lib.api) $asai.$lib.api = {};
6023
6036
  $asai.$lib.api = { ...api_default, ...$asai.$lib.api };
6024
6037
  if (!$asai.$lib.ws) $asai.$lib.ws = {};
@@ -6211,7 +6224,7 @@ function normalizeDataStoresConfig(cfg) {
6211
6224
  }
6212
6225
  if (userStore.opt.create == null) userStore.opt.create = 1;
6213
6226
  }
6214
- if (!stores.log && _optionalChain([cfg, 'access', _678 => _678.logger, 'optionalAccess', _679 => _679.store])) {
6227
+ if (!stores.log && _optionalChain([cfg, 'access', _699 => _699.logger, 'optionalAccess', _700 => _700.store])) {
6215
6228
  const s = cfg.logger.store;
6216
6229
  stores.log = {
6217
6230
  type: s.type || "file",
@@ -6275,13 +6288,13 @@ function validateHostConfig(cfg) {
6275
6288
  if (cfg.asaisn != null) {
6276
6289
  errors.push("asaisn \u7981\u6B62\u5199\u5165 asaihost.json\uFF0C\u8BF7\u4F7F\u7528 ASAI_ASAISN");
6277
6290
  }
6278
- if (_optionalChain([cfg, 'access', _680 => _680.aes, 'optionalAccess', _681 => _681.keybase64]) != null) {
6291
+ if (_optionalChain([cfg, 'access', _701 => _701.aes, 'optionalAccess', _702 => _702.keybase64]) != null) {
6279
6292
  errors.push("aes.keybase64 \u7981\u6B62\u5199\u5165 asaihost.json\uFF0C\u8BF7\u4F7F\u7528 ASAI_AES_KEYBASE64");
6280
6293
  }
6281
- if (_optionalChain([cfg, 'access', _682 => _682.httpscert, 'optionalAccess', _683 => _683.key]) != null || _optionalChain([cfg, 'access', _684 => _684.httpscert, 'optionalAccess', _685 => _685.cert]) != null) {
6294
+ if (_optionalChain([cfg, 'access', _703 => _703.httpscert, 'optionalAccess', _704 => _704.key]) != null || _optionalChain([cfg, 'access', _705 => _705.httpscert, 'optionalAccess', _706 => _706.cert]) != null) {
6282
6295
  errors.push("httpscert.key/cert \u7981\u6B62\u5185\u8054\u4E8E asaihost.json\uFF0C\u8BF7\u4F7F\u7528 keyPath/certPath \u6216\u73AF\u5883\u53D8\u91CF");
6283
6296
  }
6284
- if (_optionalChain([cfg, 'access', _686 => _686.security, 'optionalAccess', _687 => _687.sessionSecret]) != null) {
6297
+ if (_optionalChain([cfg, 'access', _707 => _707.security, 'optionalAccess', _708 => _708.sessionSecret]) != null) {
6285
6298
  errors.push("security.sessionSecret \u7981\u6B62\u5199\u5165 asaihost.json\uFF0C\u8BF7\u4F7F\u7528 ASAI_SESSION_SECRET");
6286
6299
  }
6287
6300
  if (Array.isArray(cfg.wssec) && typeof cfg.wssec[0] === "string" && cfg.wssec[0].length > 0) {
@@ -6336,10 +6349,10 @@ function validateHostConfig(cfg) {
6336
6349
  validateHostSiteLimits(name, h, errors);
6337
6350
  }
6338
6351
  }
6339
- if (_optionalChain([cfg, 'access', _688 => _688.logger, 'optionalAccess', _689 => _689.sample]) && typeof cfg.logger.sample !== "object") {
6352
+ if (_optionalChain([cfg, 'access', _709 => _709.logger, 'optionalAccess', _710 => _710.sample]) && typeof cfg.logger.sample !== "object") {
6340
6353
  errors.push('logger.sample \u5FC5\u987B\u4E3A\u5BF9\u8C61\uFF08\u5982 { "REQ_OTHER": 0.1 }\uFF09');
6341
6354
  }
6342
- if (_optionalChain([cfg, 'access', _690 => _690.logger, 'optionalAccess', _691 => _691.skip]) != null && !Array.isArray(cfg.logger.skip)) {
6355
+ if (_optionalChain([cfg, 'access', _711 => _711.logger, 'optionalAccess', _712 => _712.skip]) != null && !Array.isArray(cfg.logger.skip)) {
6343
6356
  errors.push('logger.skip \u5FC5\u987B\u4E3A\u5B57\u7B26\u4E32\u6570\u7EC4\uFF08\u5982 ["/sys/info/metrics"]\uFF09');
6344
6357
  }
6345
6358
  if (cfg.proxyhosts && typeof cfg.proxyhosts === "object") {
@@ -6373,7 +6386,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, validateHostSiteLimits, "validateHostSiteL
6373
6386
  function validateProductionSecurity(cfg) {
6374
6387
  const errors = [];
6375
6388
  if (process.env.NODE_ENV !== "production") return errors;
6376
- const sec = _optionalChain([cfg, 'optionalAccess', _692 => _692.security]);
6389
+ const sec = _optionalChain([cfg, 'optionalAccess', _713 => _713.security]);
6377
6390
  if (!sec || typeof sec !== "object") {
6378
6391
  errors.push("\u751F\u4EA7\u73AF\u5883\u5FC5\u987B\u914D\u7F6E security \u5BF9\u8C61");
6379
6392
  return errors;
@@ -6384,7 +6397,7 @@ function validateProductionSecurity(cfg) {
6384
6397
  if (sec.allowRegister === 1) {
6385
6398
  errors.push("\u751F\u4EA7\u73AF\u5883 security.allowRegister \u5E94\u4E3A 0\uFF08CR 1.3 \u7981\u6B62\u5F00\u653E\u6CE8\u518C\uFF09");
6386
6399
  }
6387
- if (!_optionalChain([sec, 'access', _693 => _693.quota, 'optionalAccess', _694 => _694.enabled])) {
6400
+ if (!_optionalChain([sec, 'access', _714 => _714.quota, 'optionalAccess', _715 => _715.enabled])) {
6388
6401
  errors.push("\u751F\u4EA7\u73AF\u5883 security.quota.enabled \u5E94\u4E3A 1\uFF08CR 7.1 \u8D44\u6E90\u9650\u5236\uFF09");
6389
6402
  }
6390
6403
  if (sec.csp !== 1) {
@@ -6393,7 +6406,7 @@ function validateProductionSecurity(cfg) {
6393
6406
  if (typeof sec.minUserLevel !== "number" || sec.minUserLevel < 0) {
6394
6407
  errors.push("\u751F\u4EA7\u73AF\u5883 security.minUserLevel \u5E94\u663E\u5F0F\u914D\u7F6E");
6395
6408
  }
6396
- if (sec.forceWss === 1 && !_optionalChain([cfg, 'optionalAccess', _695 => _695.httpscert, 'optionalAccess', _696 => _696.keyPath]) && !_optionalChain([cfg, 'optionalAccess', _697 => _697.httpscert, 'optionalAccess', _698 => _698.key])) {
6409
+ if (sec.forceWss === 1 && !_optionalChain([cfg, 'optionalAccess', _716 => _716.httpscert, 'optionalAccess', _717 => _717.keyPath]) && !_optionalChain([cfg, 'optionalAccess', _718 => _718.httpscert, 'optionalAccess', _719 => _719.key])) {
6397
6410
  errors.push("\u751F\u4EA7\u73AF\u5883 security.forceWss=1 \u65F6\u9700\u914D\u7F6E HTTPS \u8BC1\u4E66");
6398
6411
  }
6399
6412
  return errors;
@@ -6412,12 +6425,12 @@ var DEFAULT_RECONNECT = {
6412
6425
  rs485: { enabled: true, maxRetries: 60, initialDelay: 3e3, maxDelay: 3e4, factor: 2 }
6413
6426
  };
6414
6427
  function getTransportBlock(cfg, kind) {
6415
- const block = _optionalChain([cfg, 'optionalAccess', _699 => _699[kind]]);
6428
+ const block = _optionalChain([cfg, 'optionalAccess', _720 => _720[kind]]);
6416
6429
  return block && typeof block === "object" ? block : null;
6417
6430
  }
6418
6431
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getTransportBlock, "getTransportBlock");
6419
6432
  function getTransportDefault(cfg, kind) {
6420
- const def = _optionalChain([getTransportBlock, 'call', _700 => _700(cfg, kind), 'optionalAccess', _701 => _701.default]);
6433
+ const def = _optionalChain([getTransportBlock, 'call', _721 => _721(cfg, kind), 'optionalAccess', _722 => _722.default]);
6421
6434
  return def && typeof def === "object" ? def : null;
6422
6435
  }
6423
6436
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getTransportDefault, "getTransportDefault");
@@ -6427,7 +6440,7 @@ function hasTransportDefault(cfg, kind) {
6427
6440
  _chunkSMVZ3ZDJcjs.__name.call(void 0, hasTransportDefault, "hasTransportDefault");
6428
6441
  function getDefaultConnId(cfg, kind) {
6429
6442
  const def = getTransportDefault(cfg, kind);
6430
- const id = _optionalChain([def, 'optionalAccess', _702 => _702.id]);
6443
+ const id = _optionalChain([def, 'optionalAccess', _723 => _723.id]);
6431
6444
  return typeof id === "string" && id.length > 0 ? id : DEFAULT_CONN_ID[kind];
6432
6445
  }
6433
6446
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getDefaultConnId, "getDefaultConnId");
@@ -6438,14 +6451,14 @@ function shouldAutoConnect(def) {
6438
6451
  _chunkSMVZ3ZDJcjs.__name.call(void 0, shouldAutoConnect, "shouldAutoConnect");
6439
6452
  function resolveReconnectOptions(def, kind, cfg) {
6440
6453
  const base = DEFAULT_RECONNECT[kind];
6441
- const rc = _optionalChain([def, 'optionalAccess', _703 => _703.reconnect]);
6442
- const tmMaxTry = _optionalChain([cfg, 'optionalAccess', _704 => _704.tm, 'optionalAccess', _705 => _705.maxtry]);
6454
+ const rc = _optionalChain([def, 'optionalAccess', _724 => _724.reconnect]);
6455
+ const tmMaxTry = _optionalChain([cfg, 'optionalAccess', _725 => _725.tm, 'optionalAccess', _726 => _726.maxtry]);
6443
6456
  return {
6444
- enabled: _optionalChain([rc, 'optionalAccess', _706 => _706.enabled]) !== false && base.enabled !== false,
6445
- maxRetries: _nullishCoalesce(_nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _707 => _707.maxRetries]), () => ( tmMaxTry)), () => ( base.maxRetries)), () => ( 60)),
6446
- initialDelay: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _708 => _708.initialDelay]), () => ( base.initialDelay)), () => ( 1e3)),
6447
- maxDelay: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _709 => _709.maxDelay]), () => ( base.maxDelay)), () => ( 3e4)),
6448
- factor: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _710 => _710.factor]), () => ( base.factor)), () => ( 2))
6457
+ enabled: _optionalChain([rc, 'optionalAccess', _727 => _727.enabled]) !== false && base.enabled !== false,
6458
+ maxRetries: _nullishCoalesce(_nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _728 => _728.maxRetries]), () => ( tmMaxTry)), () => ( base.maxRetries)), () => ( 60)),
6459
+ initialDelay: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _729 => _729.initialDelay]), () => ( base.initialDelay)), () => ( 1e3)),
6460
+ maxDelay: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _730 => _730.maxDelay]), () => ( base.maxDelay)), () => ( 3e4)),
6461
+ factor: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _731 => _731.factor]), () => ( base.factor)), () => ( 2))
6449
6462
  };
6450
6463
  }
6451
6464
  _chunkSMVZ3ZDJcjs.__name.call(void 0, resolveReconnectOptions, "resolveReconnectOptions");
@@ -6495,17 +6508,17 @@ function createTransportDataHandler($asai, manager) {
6495
6508
  if (typeof event.data === "string") {
6496
6509
  try {
6497
6510
  event.data = JSON.parse(event.data);
6498
- } catch (e52) {
6511
+ } catch (e51) {
6499
6512
  }
6500
6513
  }
6501
- if (_optionalChain([event, 'access', _711 => _711.data, 'optionalAccess', _712 => _712.id])) {
6514
+ if (_optionalChain([event, 'access', _732 => _732.data, 'optionalAccess', _733 => _733.id])) {
6502
6515
  manager.watch(event.id, event.data);
6503
6516
  return;
6504
6517
  }
6505
6518
  try {
6506
- const wsKey = _optionalChain([$asai, 'optionalAccess', _713 => _713.command, 'optionalAccess', _714 => _714.commandconfig, 'optionalAccess', _715 => _715.config, 'optionalAccess', _716 => _716.commandclient]);
6507
- _optionalChain([$asai, 'access', _717 => _717.serversws, 'optionalAccess', _718 => _718[wsKey], 'optionalAccess', _719 => _719.broadws, 'optionalCall', _720 => _720(event.data)]);
6508
- } catch (e53) {
6519
+ const wsKey = _optionalChain([$asai, 'optionalAccess', _734 => _734.command, 'optionalAccess', _735 => _735.commandconfig, 'optionalAccess', _736 => _736.config, 'optionalAccess', _737 => _737.commandclient]);
6520
+ _optionalChain([$asai, 'access', _738 => _738.serversws, 'optionalAccess', _739 => _739[wsKey], 'optionalAccess', _740 => _740.broadws, 'optionalCall', _741 => _741(event.data)]);
6521
+ } catch (e52) {
6509
6522
  }
6510
6523
  };
6511
6524
  }
@@ -6552,20 +6565,20 @@ var initAsaiHostNodejs2 = {
6552
6565
  initHostserverWs,
6553
6566
  syncApiRouteKeys,
6554
6567
  syncWsRouteKeys,
6555
- secureCompare: _chunkK2QPSQEVcjs.secureCompare,
6568
+ secureCompare: _chunkWXW5DYNUcjs.secureCompare,
6556
6569
  resolvePathUnderRoots,
6557
6570
  getHostAllowedRoots,
6558
6571
  logSecurityEvent,
6559
6572
  sanitizeString,
6560
6573
  validateHttpAuth,
6561
6574
  normalizeSecurityConfig,
6562
- stripForbiddenSecretsFromHostConfig: _chunkLXJMGLKWcjs.stripForbiddenSecretsFromHostConfig,
6563
- loadAsaiSecrets: _chunkLXJMGLKWcjs.loadAsaiSecrets,
6564
- loadDotEnvFile: _chunkLXJMGLKWcjs.loadDotEnvFile,
6565
- applySecretsToHostConfig: _chunkLXJMGLKWcjs.applySecretsToHostConfig,
6566
- resolveHttpsCertFromPaths: _chunkLXJMGLKWcjs.resolveHttpsCertFromPaths,
6567
- validateAsaiSecrets: _chunkLXJMGLKWcjs.validateAsaiSecrets,
6568
- isDevDefaultPassword: _chunkLXJMGLKWcjs.isDevDefaultPassword,
6575
+ stripForbiddenSecretsFromHostConfig: _chunkZK4O4Z2Ocjs.stripForbiddenSecretsFromHostConfig,
6576
+ loadAsaiSecrets: _chunkZK4O4Z2Ocjs.loadAsaiSecrets,
6577
+ loadDotEnvFile: _chunkZK4O4Z2Ocjs.loadDotEnvFile,
6578
+ applySecretsToHostConfig: _chunkZK4O4Z2Ocjs.applySecretsToHostConfig,
6579
+ resolveHttpsCertFromPaths: _chunkZK4O4Z2Ocjs.resolveHttpsCertFromPaths,
6580
+ validateAsaiSecrets: _chunkZK4O4Z2Ocjs.validateAsaiSecrets,
6581
+ isDevDefaultPassword: _chunkZK4O4Z2Ocjs.isDevDefaultPassword,
6569
6582
  getTransportBlock,
6570
6583
  getTransportDefault,
6571
6584
  hasTransportDefault,
@@ -6577,7 +6590,7 @@ var initAsaiHostNodejs2 = {
6577
6590
  createTransportDataHandler,
6578
6591
  wireTransportConnectionLogs
6579
6592
  };
6580
- var PLUGIN_VERSION = true ? "0.0.5" : "0.0.1";
6593
+ var PLUGIN_VERSION = true ? "0.0.8" : "0.0.1";
6581
6594
  var index_default = initAsaiHostNodejs2;
6582
6595
 
6583
6596
 
@@ -6620,5 +6633,5 @@ var index_default = initAsaiHostNodejs2;
6620
6633
 
6621
6634
 
6622
6635
 
6623
- exports.AsaiCommon = Index_default; exports.AsaiUtils = utils_exports; exports.PLUGIN_NAME = PLUGIN_NAME; exports.PLUGIN_VERSION = PLUGIN_VERSION; exports.applySecretsToHostConfig = _chunkLXJMGLKWcjs.applySecretsToHostConfig; exports.createTransportDataHandler = createTransportDataHandler; exports.default = index_default; exports.ensureDefaultConnection = ensureDefaultConnection; exports.getDefaultConnId = getDefaultConnId; exports.getHostAllowedRoots = getHostAllowedRoots; exports.getTransportBlock = getTransportBlock; exports.getTransportDefault = getTransportDefault; exports.hasTransportDefault = hasTransportDefault; exports.initAsaiHostNodejs = initAsaiHostNodejs2; exports.initHostserverApi = initHostserverApi; exports.initHostserverWs = initHostserverWs; exports.initTransportBridge = initTransportBridge; exports.isDevDefaultPassword = _chunkLXJMGLKWcjs.isDevDefaultPassword; exports.loadAsaiSecrets = _chunkLXJMGLKWcjs.loadAsaiSecrets; exports.loadDotEnvFile = _chunkLXJMGLKWcjs.loadDotEnvFile; exports.logSecurityEvent = logSecurityEvent; exports.normalizeHostConfig = normalizeHostConfig; exports.normalizeSecurityConfig = normalizeSecurityConfig; exports.registerApi = registerApi; exports.registerWs = registerWs; exports.resolveHttpsCertFromPaths = _chunkLXJMGLKWcjs.resolveHttpsCertFromPaths; exports.resolvePathUnderRoots = resolvePathUnderRoots; exports.resolveReconnectOptions = resolveReconnectOptions; exports.sanitizeString = sanitizeString; exports.secureCompare = _chunkK2QPSQEVcjs.secureCompare; exports.shouldAutoConnect = shouldAutoConnect; exports.stripForbiddenSecretsFromHostConfig = _chunkLXJMGLKWcjs.stripForbiddenSecretsFromHostConfig; exports.syncApiRouteKeys = syncApiRouteKeys; exports.syncWsRouteKeys = syncWsRouteKeys; exports.sysserver = sysserver; exports.validateAsaiSecrets = _chunkLXJMGLKWcjs.validateAsaiSecrets; exports.validateHostConfig = validateHostConfig; exports.validateHttpAuth = validateHttpAuth; exports.validateProductionSecurity = validateProductionSecurity; exports.wireTransportConnectionLogs = wireTransportConnectionLogs;
6636
+ exports.AsaiCommon = Index_default; exports.AsaiUtils = utils_exports; exports.PLUGIN_NAME = PLUGIN_NAME; exports.PLUGIN_VERSION = PLUGIN_VERSION; exports.applySecretsToHostConfig = _chunkZK4O4Z2Ocjs.applySecretsToHostConfig; exports.createTransportDataHandler = createTransportDataHandler; exports.default = index_default; exports.ensureDefaultConnection = ensureDefaultConnection; exports.getDefaultConnId = getDefaultConnId; exports.getHostAllowedRoots = getHostAllowedRoots; exports.getTransportBlock = getTransportBlock; exports.getTransportDefault = getTransportDefault; exports.hasTransportDefault = hasTransportDefault; exports.initAsaiHostNodejs = initAsaiHostNodejs2; exports.initHostserverApi = initHostserverApi; exports.initHostserverWs = initHostserverWs; exports.initTransportBridge = initTransportBridge; exports.isDevDefaultPassword = _chunkZK4O4Z2Ocjs.isDevDefaultPassword; exports.loadAsaiSecrets = _chunkZK4O4Z2Ocjs.loadAsaiSecrets; exports.loadDotEnvFile = _chunkZK4O4Z2Ocjs.loadDotEnvFile; exports.logSecurityEvent = logSecurityEvent; exports.normalizeHostConfig = normalizeHostConfig; exports.normalizeSecurityConfig = normalizeSecurityConfig; exports.registerApi = registerApi; exports.registerWs = registerWs; exports.resolveHttpsCertFromPaths = _chunkZK4O4Z2Ocjs.resolveHttpsCertFromPaths; exports.resolvePathUnderRoots = resolvePathUnderRoots; exports.resolveReconnectOptions = resolveReconnectOptions; exports.sanitizeString = sanitizeString; exports.secureCompare = _chunkWXW5DYNUcjs.secureCompare; exports.shouldAutoConnect = shouldAutoConnect; exports.stripForbiddenSecretsFromHostConfig = _chunkZK4O4Z2Ocjs.stripForbiddenSecretsFromHostConfig; exports.syncApiRouteKeys = syncApiRouteKeys; exports.syncWsRouteKeys = syncWsRouteKeys; exports.sysserver = sysserver; exports.validateAsaiSecrets = _chunkZK4O4Z2Ocjs.validateAsaiSecrets; exports.validateHostConfig = validateHostConfig; exports.validateHttpAuth = validateHttpAuth; exports.validateProductionSecurity = validateProductionSecurity; exports.wireTransportConnectionLogs = wireTransportConnectionLogs;
6624
6637
  //# sourceMappingURL=asaihost-nodejs.cjs.map