asaihost-nodejs 0.0.6 → 0.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -399,7 +399,7 @@ var LogBuffer = class _LogBuffer {
399
399
  }
400
400
  };
401
401
  function saveLog($asai, src, logstr) {
402
- return new Promise((resolve5, reject) => {
402
+ return new Promise((resolve6, reject) => {
403
403
  try {
404
404
  const bufferKey = `${$asai.id || "default"}_${src}`;
405
405
  let logBuffer = logBuffers.get(bufferKey);
@@ -408,7 +408,7 @@ function saveLog($asai, src, logstr) {
408
408
  logBuffers.set(bufferKey, logBuffer);
409
409
  }
410
410
  logBuffer.add(logstr);
411
- resolve5();
411
+ resolve6();
412
412
  } catch (err) {
413
413
  console.error(err);
414
414
  reject(err);
@@ -815,7 +815,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, checkNtpOffset, "checkNtpOffset");
815
815
  // src/infra/config-integrity.ts
816
816
  var _crypto = require('crypto'); var _crypto2 = _interopRequireDefault(_crypto);
817
817
  var _fs = require('fs'); var fs3 = _interopRequireWildcard(_fs); var fs6 = _interopRequireWildcard(_fs); var fs4 = _interopRequireWildcard(_fs); var fs5 = _interopRequireWildcard(_fs); var fs8 = _interopRequireWildcard(_fs); var fs10 = _interopRequireWildcard(_fs);
818
- var _path = require('path'); var nodePath2 = _interopRequireWildcard(_path); var path2 = _interopRequireWildcard(_path); var nodePath = _interopRequireWildcard(_path); var nodePath3 = _interopRequireWildcard(_path); var path5 = _interopRequireWildcard(_path); var path6 = _interopRequireWildcard(_path);
818
+ var _path = require('path'); var nodePath2 = _interopRequireWildcard(_path); var path2 = _interopRequireWildcard(_path); var nodePath = _interopRequireWildcard(_path); var nodePath3 = _interopRequireWildcard(_path); var path4 = _interopRequireWildcard(_path); var path6 = _interopRequireWildcard(_path); var path7 = _interopRequireWildcard(_path);
819
819
  function computeConfigHash(configPath) {
820
820
  try {
821
821
  const raw = fs3.default.readFileSync(configPath);
@@ -1460,11 +1460,11 @@ function createSkipChecker($asai) {
1460
1460
  }
1461
1461
  if (exact.size === 0 && prefixes.length === 0) return () => false;
1462
1462
  return (url) => {
1463
- const path7 = normalizeRequestPath(url);
1464
- if (!path7) return false;
1465
- if (exact.has(path7)) return true;
1463
+ const path8 = normalizeRequestPath(url);
1464
+ if (!path8) return false;
1465
+ if (exact.has(path8)) return true;
1466
1466
  for (let i = 0; i < prefixes.length; i++) {
1467
- if (path7.startsWith(prefixes[i])) return true;
1467
+ if (path8.startsWith(prefixes[i])) return true;
1468
1468
  }
1469
1469
  return false;
1470
1470
  };
@@ -2382,11 +2382,11 @@ function getSecurityConfig($asai) {
2382
2382
  return _optionalChain([$asai, 'optionalAccess', _269 => _269.hostconfig, 'optionalAccess', _270 => _270.security]) || {};
2383
2383
  }
2384
2384
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getSecurityConfig, "getSecurityConfig");
2385
- function pathMatchesPattern(path7, pattern) {
2385
+ function pathMatchesPattern(path8, pattern) {
2386
2386
  if (pattern.endsWith("*")) {
2387
- return path7.startsWith(pattern.slice(0, -1));
2387
+ return path8.startsWith(pattern.slice(0, -1));
2388
2388
  }
2389
- return path7 === pattern;
2389
+ return path8 === pattern;
2390
2390
  }
2391
2391
  _chunkSMVZ3ZDJcjs.__name.call(void 0, pathMatchesPattern, "pathMatchesPattern");
2392
2392
  function isAuthSkipped($asai, pathname) {
@@ -2535,7 +2535,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, isApiCorsAllowed, "isApiCorsAllowed");
2535
2535
 
2536
2536
  // src/common/server/Api.ts
2537
2537
  function readRequestBody(req, maxBody) {
2538
- return new Promise((resolve5, reject) => {
2538
+ return new Promise((resolve6, reject) => {
2539
2539
  const chunks = [];
2540
2540
  let received = 0;
2541
2541
  let settled = false;
@@ -2543,7 +2543,7 @@ function readRequestBody(req, maxBody) {
2543
2543
  if (settled) return;
2544
2544
  settled = true;
2545
2545
  if (err) reject(err);
2546
- else resolve5(_nullishCoalesce(data, () => ( "")));
2546
+ else resolve6(_nullishCoalesce(data, () => ( "")));
2547
2547
  }, "finish");
2548
2548
  req.on("data", (chunk) => {
2549
2549
  if (settled) return;
@@ -2673,83 +2673,95 @@ var Api_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2673
2673
  const isTextPost = req.method === "POST" && req.url.indexOf("binary") === -1;
2674
2674
  const bodyPromise = isTextPost ? readRequestBody(req, maxBody) : null;
2675
2675
  void (async () => {
2676
- let authResult;
2677
- let rawBody = "";
2678
2676
  try {
2679
- [authResult, rawBody] = await Promise.all([
2680
- validateHttpAuthAsync(req, $asai, pathname),
2681
- _nullishCoalesce(bodyPromise, () => ( Promise.resolve("")))
2682
- ]);
2683
- } catch (err) {
2684
- releaseSlot();
2685
- if (_optionalChain([err, 'optionalAccess', _294 => _294.message]) === "PAYLOAD_TOO_LARGE") {
2686
- return sendError(res, 413, "Payload Too Large");
2687
- }
2688
- return sendError(res, 400, _optionalChain([err, 'optionalAccess', _295 => _295.message]) || "Bad Request");
2689
- }
2690
- if (!authResult.ok) {
2691
- releaseSlot();
2692
- return sendAuthError(res, authResult);
2693
- }
2694
- let apiFn = _optionalChain([$asai, 'access', _296 => _296.hostserverapi, 'access', _297 => _297[apiHandlerKey], 'optionalCall', _298 => _298($asai, query)]);
2695
- if (!apiFn) {
2696
- return sendError(res, 501, "Not Implemented");
2697
- }
2698
- res.setHeader("Content-Type", "application/json; charset=utf-8");
2699
- $asai.$log("API", req.method, urlParse.pathname, query);
2700
- let qrdata;
2701
- let postdata;
2702
- if (req.url.indexOf("binary") === -1) {
2703
- qrdata = query;
2704
- if (req.method === "POST") {
2705
- try {
2706
- const processed = processPostPayload($asai, req, rawBody, pm);
2707
- postdata = processed.postdata;
2708
- pm = processed.pm;
2709
- isAes = processed.isAes;
2710
- } catch (e35) {
2711
- return sendError(res, 400, "AES decrypt failed");
2712
- }
2713
- if (_optionalChain([apiFn, 'optionalAccess', _299 => _299.post]) && typeof _optionalChain([apiFn, 'optionalAccess', _300 => _300.post]) === "function") {
2714
- const optTmp = { qrdata, data: postdata, pm };
2715
- if (isAes || _optionalChain([$asai, 'access', _301 => _301.$lib, 'access', _302 => _302.aesfns, 'optionalAccess', _303 => _303.allaes])) {
2716
- optTmp.resAES = _optionalChain([$asai, 'access', _304 => _304.$lib, 'access', _305 => _305.aesfns, 'optionalAccess', _306 => _306.resAES]);
2717
- }
2718
- apiFn.post(req, res, hostdir, optTmp);
2719
- } else {
2720
- res.end(typeof postdata === "string" ? postdata : JSON.stringify(_nullishCoalesce(postdata, () => ( ""))));
2721
- }
2722
- } else if (req.method === "GET") {
2723
- if (_optionalChain([apiFn, 'optionalAccess', _307 => _307.get]) && typeof _optionalChain([apiFn, 'optionalAccess', _308 => _308.get]) === "function") {
2724
- const optTmp = { qrdata, data: qrdata, pm };
2725
- if (isAes || _optionalChain([$asai, 'access', _309 => _309.$lib, 'access', _310 => _310.aesfns, 'optionalAccess', _311 => _311.allaes])) {
2726
- optTmp.resAES = _optionalChain([$asai, 'access', _312 => _312.$lib, 'access', _313 => _313.aesfns, 'optionalAccess', _314 => _314.resAES]);
2727
- }
2728
- apiFn.get(req, res, hostdir, optTmp);
2729
- } else {
2730
- res.end(JSON.stringify(qrdata));
2677
+ let authResult;
2678
+ let rawBody = "";
2679
+ try {
2680
+ [authResult, rawBody] = await Promise.all([
2681
+ validateHttpAuthAsync(req, $asai, pathname),
2682
+ _nullishCoalesce(bodyPromise, () => ( Promise.resolve("")))
2683
+ ]);
2684
+ } catch (err) {
2685
+ releaseSlot();
2686
+ if (_optionalChain([err, 'optionalAccess', _294 => _294.message]) === "PAYLOAD_TOO_LARGE") {
2687
+ return sendError(res, 413, "Payload Too Large");
2731
2688
  }
2689
+ return sendError(res, 400, _optionalChain([err, 'optionalAccess', _295 => _295.message]) || "Bad Request");
2732
2690
  }
2733
- } else {
2734
- if (_optionalChain([Object, 'access', _315 => _315.keys, 'call', _316 => _316(query), 'optionalAccess', _317 => _317.length])) {
2735
- qrdata = query;
2691
+ if (!authResult.ok) {
2692
+ releaseSlot();
2693
+ return sendAuthError(res, authResult);
2694
+ }
2695
+ let apiFn = _optionalChain([$asai, 'access', _296 => _296.hostserverapi, 'access', _297 => _297[apiHandlerKey], 'optionalCall', _298 => _298($asai, query)]);
2696
+ if (!apiFn) {
2697
+ return sendError(res, 501, "Not Implemented");
2736
2698
  }
2737
- if (req.method === "POST") {
2738
- $asai.$lib.AsNodeTool.upBinary(req).then((postdata2) => {
2739
- if (_optionalChain([apiFn, 'optionalAccess', _318 => _318.post]) && typeof _optionalChain([apiFn, 'optionalAccess', _319 => _319.post]) === "function") {
2740
- apiFn.post(req, res, hostdir, {
2741
- qrdata,
2742
- data: postdata2
2743
- });
2699
+ res.setHeader("Content-Type", "application/json; charset=utf-8");
2700
+ $asai.$log("API", req.method, urlParse.pathname, query);
2701
+ let qrdata;
2702
+ let postdata;
2703
+ if (req.url.indexOf("binary") === -1) {
2704
+ qrdata = query;
2705
+ if (req.method === "POST") {
2706
+ try {
2707
+ const processed = processPostPayload($asai, req, rawBody, pm);
2708
+ postdata = processed.postdata;
2709
+ pm = processed.pm;
2710
+ isAes = processed.isAes;
2711
+ } catch (e35) {
2712
+ return sendError(res, 400, "AES decrypt failed");
2713
+ }
2714
+ if (_optionalChain([apiFn, 'optionalAccess', _299 => _299.post]) && typeof _optionalChain([apiFn, 'optionalAccess', _300 => _300.post]) === "function") {
2715
+ const optTmp = { qrdata, data: postdata, pm };
2716
+ if (isAes || _optionalChain([$asai, 'access', _301 => _301.$lib, 'access', _302 => _302.aesfns, 'optionalAccess', _303 => _303.allaes])) {
2717
+ optTmp.resAES = _optionalChain([$asai, 'access', _304 => _304.$lib, 'access', _305 => _305.aesfns, 'optionalAccess', _306 => _306.resAES]);
2718
+ }
2719
+ apiFn.post(req, res, hostdir, optTmp);
2744
2720
  } else {
2745
- res.end(postdata2);
2721
+ res.end(typeof postdata === "string" ? postdata : JSON.stringify(_nullishCoalesce(postdata, () => ( ""))));
2746
2722
  }
2747
- }).catch((err) => {
2748
- return sendError(res, 400, "Invalid content type");
2749
- });
2723
+ } else if (req.method === "GET") {
2724
+ if (_optionalChain([apiFn, 'optionalAccess', _307 => _307.get]) && typeof _optionalChain([apiFn, 'optionalAccess', _308 => _308.get]) === "function") {
2725
+ const optTmp = { qrdata, data: qrdata, pm };
2726
+ if (isAes || _optionalChain([$asai, 'access', _309 => _309.$lib, 'access', _310 => _310.aesfns, 'optionalAccess', _311 => _311.allaes])) {
2727
+ optTmp.resAES = _optionalChain([$asai, 'access', _312 => _312.$lib, 'access', _313 => _313.aesfns, 'optionalAccess', _314 => _314.resAES]);
2728
+ }
2729
+ apiFn.get(req, res, hostdir, optTmp);
2730
+ } else {
2731
+ res.end(JSON.stringify(qrdata));
2732
+ }
2733
+ }
2734
+ } else {
2735
+ if (_optionalChain([Object, 'access', _315 => _315.keys, 'call', _316 => _316(query), 'optionalAccess', _317 => _317.length])) {
2736
+ qrdata = query;
2737
+ }
2738
+ if (req.method === "POST") {
2739
+ $asai.$lib.AsNodeTool.upBinary(req).then((postdata2) => {
2740
+ if (_optionalChain([apiFn, 'optionalAccess', _318 => _318.post]) && typeof _optionalChain([apiFn, 'optionalAccess', _319 => _319.post]) === "function") {
2741
+ apiFn.post(req, res, hostdir, {
2742
+ qrdata,
2743
+ data: postdata2
2744
+ });
2745
+ } else {
2746
+ res.end(postdata2);
2747
+ }
2748
+ }).catch((err) => {
2749
+ return sendError(res, 400, "Invalid content type");
2750
+ });
2751
+ }
2750
2752
  }
2753
+ } catch (err) {
2754
+ releaseSlot();
2755
+ if (!res.headersSent) {
2756
+ return sendError(res, 500, _optionalChain([err, 'optionalAccess', _320 => _320.message]) || "Internal Server Error");
2757
+ }
2758
+ }
2759
+ })().catch((err) => {
2760
+ releaseSlot();
2761
+ if (!res.headersSent) {
2762
+ sendError(res, 500, _optionalChain([err, 'optionalAccess', _321 => _321.message]) || "Internal Server Error");
2751
2763
  }
2752
- })();
2764
+ });
2753
2765
  } else {
2754
2766
  $asai.$log("API", req.method, req.url);
2755
2767
  }
@@ -2760,12 +2772,12 @@ var Api_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2760
2772
 
2761
2773
  // src/common/server/Ws.ts
2762
2774
  var Ws_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, opt = {}) => {
2763
- _optionalChain([opt, 'optionalAccess', _320 => _320.fn, 'optionalCall', _321 => _321($asai)]);
2775
+ _optionalChain([opt, 'optionalAccess', _322 => _322.fn, 'optionalCall', _323 => _323($asai)]);
2764
2776
  const wsHandlerCache = /* @__PURE__ */ new Map();
2765
2777
  const routeIndex = ensureWsRouteIndex($asai);
2766
2778
  function getWsHandler(handlerKey) {
2767
2779
  if (!wsHandlerCache.has(handlerKey)) {
2768
- wsHandlerCache.set(handlerKey, _optionalChain([$asai, 'access', _322 => _322.hostserverws, 'access', _323 => _323[handlerKey], 'optionalCall', _324 => _324($asai)]));
2780
+ wsHandlerCache.set(handlerKey, _optionalChain([$asai, 'access', _324 => _324.hostserverws, 'access', _325 => _325[handlerKey], 'optionalCall', _326 => _326($asai)]));
2769
2781
  }
2770
2782
  return wsHandlerCache.get(handlerKey);
2771
2783
  }
@@ -2789,21 +2801,21 @@ var Ws_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, o
2789
2801
  let reqdata = parseMessage(msg);
2790
2802
  let handlerKey;
2791
2803
  if (reqdata === "ping") {
2792
- _optionalChain([ws2, 'access', _325 => _325.send, 'optionalCall', _326 => _326("pong")]);
2804
+ _optionalChain([ws2, 'access', _327 => _327.send, 'optionalCall', _328 => _328("pong")]);
2793
2805
  return;
2794
2806
  } else {
2795
2807
  const reqdataisobj = typeof reqdata === "object" && reqdata !== null;
2796
- handlerKey = reqdataisobj ? routeIndex.matchTy(_optionalChain([reqdata, 'optionalAccess', _327 => _327.ty])) : routeIndex.matchString(reqdata);
2797
- if (!handlerKey && _optionalChain([$asai, 'access', _328 => _328.hostserverwss, 'optionalAccess', _329 => _329.length])) {
2808
+ handlerKey = reqdataisobj ? routeIndex.matchTy(_optionalChain([reqdata, 'optionalAccess', _329 => _329.ty])) : routeIndex.matchString(reqdata);
2809
+ if (!handlerKey && _optionalChain([$asai, 'access', _330 => _330.hostserverwss, 'optionalAccess', _331 => _331.length])) {
2798
2810
  handlerKey = $asai.hostserverwss.find((elp) => {
2799
2811
  if (reqdataisobj) {
2800
- return _optionalChain([reqdata, 'optionalAccess', _330 => _330.ty, 'optionalAccess', _331 => _331.startsWith, 'call', _332 => _332(elp)]);
2812
+ return _optionalChain([reqdata, 'optionalAccess', _332 => _332.ty, 'optionalAccess', _333 => _333.startsWith, 'call', _334 => _334(elp)]);
2801
2813
  }
2802
2814
  return typeof reqdata === "string" && reqdata.startsWith(elp);
2803
2815
  });
2804
2816
  }
2805
2817
  if (!handlerKey) {
2806
- _optionalChain([$asai, 'access', _333 => _333.asaimock, 'optionalAccess', _334 => _334.wsWorkMock, 'call', _335 => _335({
2818
+ _optionalChain([$asai, 'access', _335 => _335.asaimock, 'optionalAccess', _336 => _336.wsWorkMock, 'call', _337 => _337({
2807
2819
  msg,
2808
2820
  ws: ws2,
2809
2821
  hostdir,
@@ -2815,14 +2827,14 @@ var Ws_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, o
2815
2827
  }
2816
2828
  }
2817
2829
  if (!handlerKey) return;
2818
- _optionalChain([getWsHandler, 'call', _336 => _336(handlerKey), 'optionalAccess', _337 => _337.work, 'optionalCall', _338 => _338(reqdata, ws2, hostdir, req)]);
2830
+ _optionalChain([getWsHandler, 'call', _338 => _338(handlerKey), 'optionalAccess', _339 => _339.work, 'optionalCall', _340 => _340(reqdata, ws2, hostdir, req)]);
2819
2831
  } catch (err) {
2820
- _optionalChain([($asai.$log || console.error), 'optionalCall', _339 => _339("WS", "handler error", err instanceof Error ? err.message : err)]);
2832
+ _optionalChain([($asai.$log || console.error), 'optionalCall', _341 => _341("WS", "handler error", err instanceof Error ? err.message : err)]);
2821
2833
  }
2822
2834
  }
2823
2835
  _chunkSMVZ3ZDJcjs.__name.call(void 0, wsWork, "wsWork");
2824
2836
  function _getMessage(msg) {
2825
- if (_optionalChain([msg, 'optionalAccess', _340 => _340.db, 'optionalAccess', _341 => _341.aes]) && _optionalChain([$asai, 'access', _342 => _342.$lib, 'optionalAccess', _343 => _343.aesfns, 'optionalAccess', _344 => _344.reqAES])) {
2837
+ if (_optionalChain([msg, 'optionalAccess', _342 => _342.db, 'optionalAccess', _343 => _343.aes]) && _optionalChain([$asai, 'access', _344 => _344.$lib, 'optionalAccess', _345 => _345.aesfns, 'optionalAccess', _346 => _346.reqAES])) {
2826
2838
  msg.db = $asai.$lib.aesfns.reqAES({ data: msg.db });
2827
2839
  }
2828
2840
  return msg;
@@ -2849,12 +2861,12 @@ var Ws_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, o
2849
2861
 
2850
2862
  // src/common/server/Sys.ts
2851
2863
  var Sys_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, opt = {}) => {
2852
- _optionalChain([opt, 'optionalAccess', _345 => _345.fn, 'optionalCall', _346 => _346($asai)]);
2864
+ _optionalChain([opt, 'optionalAccess', _347 => _347.fn, 'optionalCall', _348 => _348($asai)]);
2853
2865
  let sysRouteCache = null;
2854
2866
  let sysRouteCacheLen = -1;
2855
2867
  function findSystemHandler(req) {
2856
2868
  const routes = $asai.hostserversyss;
2857
- if (!_optionalChain([routes, 'optionalAccess', _347 => _347.length])) return void 0;
2869
+ if (!_optionalChain([routes, 'optionalAccess', _349 => _349.length])) return void 0;
2858
2870
  if (!sysRouteCache || sysRouteCacheLen !== routes.length) {
2859
2871
  sysRouteCache = routes.map((elp) => ({ key: elp, route: `/${elp}` }));
2860
2872
  sysRouteCacheLen = routes.length;
@@ -2883,27 +2895,28 @@ var Sys_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2883
2895
  }
2884
2896
  const urlPath = (req.url || "").split("?")[0];
2885
2897
  void (async () => {
2886
- const authResult = await validateHttpAuthAsync(req, $asai, urlPath);
2887
- if (!authResult.ok) {
2888
- return sendAuthError(res, authResult);
2889
- }
2890
- const handler = _optionalChain([$asai, 'access', _348 => _348.hostserversys, 'access', _349 => _349[handlerKey], 'optionalCall', _350 => _350($asai)]);
2891
- if (!handler) {
2892
- return sendError(res, 500, "Handler Initialization Failed");
2893
- }
2894
- if (_optionalChain([handler, 'optionalAccess', _351 => _351.show]) && typeof _optionalChain([handler, 'optionalAccess', _352 => _352.show]) === "function") {
2895
- handler.show(req, res, hostdir);
2896
- } else {
2897
- res.end("postdata");
2898
+ try {
2899
+ const authResult = await validateHttpAuthAsync(req, $asai, urlPath);
2900
+ if (!authResult.ok) {
2901
+ return sendAuthError(res, authResult);
2902
+ }
2903
+ const handler = _optionalChain([$asai, 'access', _350 => _350.hostserversys, 'access', _351 => _351[handlerKey], 'optionalCall', _352 => _352($asai)]);
2904
+ if (!handler) {
2905
+ return sendError(res, 500, "Handler Initialization Failed");
2906
+ }
2907
+ if (_optionalChain([handler, 'optionalAccess', _353 => _353.show]) && typeof _optionalChain([handler, 'optionalAccess', _354 => _354.show]) === "function") {
2908
+ handler.show(req, res, hostdir);
2909
+ } else {
2910
+ res.end("postdata");
2911
+ }
2912
+ } catch (err) {
2913
+ return sendError(res, 500, _optionalChain([err, 'optionalAccess', _355 => _355.message]) || "Internal Server Error");
2898
2914
  }
2899
- if (!handler) {
2900
- res.writeHead(404, {
2901
- "Content-Type": "application/json; charset=utf-8"
2902
- });
2903
- res.end(req.url);
2904
- } else {
2915
+ })().catch((err) => {
2916
+ if (!res.headersSent) {
2917
+ sendError(res, 500, _optionalChain([err, 'optionalAccess', _356 => _356.message]) || "Internal Server Error");
2905
2918
  }
2906
- })();
2919
+ });
2907
2920
  }
2908
2921
  _chunkSMVZ3ZDJcjs.__name.call(void 0, sysWork, "sysWork");
2909
2922
  return { sysWork };
@@ -2911,18 +2924,18 @@ var Sys_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2911
2924
 
2912
2925
  // src/common/server/WsClient.ts
2913
2926
  var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, wsname) => {
2914
- if (!_optionalChain([$asai, 'optionalAccess', _353 => _353.clientws])) {
2927
+ if (!_optionalChain([$asai, 'optionalAccess', _357 => _357.clientws])) {
2915
2928
  $asai.clientws = {};
2916
2929
  }
2917
2930
  if (!$asai.clientws[wsname]) {
2918
2931
  $asai.clientws[wsname] = { tasks: /* @__PURE__ */ new Map() };
2919
2932
  }
2920
2933
  function getKeyByData(msgdata) {
2921
- return _optionalChain([msgdata, 'optionalAccess', _354 => _354.id]) || _optionalChain([msgdata, 'optionalAccess', _355 => _355.ty]);
2934
+ return _optionalChain([msgdata, 'optionalAccess', _358 => _358.id]) || _optionalChain([msgdata, 'optionalAccess', _359 => _359.ty]);
2922
2935
  }
2923
2936
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getKeyByData, "getKeyByData");
2924
2937
  function clientwsInit() {
2925
- return new Promise((resolve5, reject) => {
2938
+ return new Promise((resolve6, reject) => {
2926
2939
  $asai.clientws[wsname].socket = new $asai.asaiWs(
2927
2940
  $asai.command.commandconfig.clientws[wsname]
2928
2941
  );
@@ -2931,7 +2944,7 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
2931
2944
  };
2932
2945
  $asai.clientws[wsname].socket.on("error", (err) => {
2933
2946
  $asai.clientws[wsname].open = 0;
2934
- _optionalChain([$asai, 'access', _356 => _356.hostconfig, 'access', _357 => _357.logger, 'optionalAccess', _358 => _358.lv, 'optionalAccess', _359 => _359.view]) && console.error(
2947
+ _optionalChain([$asai, 'access', _360 => _360.hostconfig, 'access', _361 => _361.logger, 'optionalAccess', _362 => _362.lv, 'optionalAccess', _363 => _363.view]) && console.error(
2935
2948
  666.2203,
2936
2949
  `${wsname}=${$asai.command.commandconfig.clientws[wsname]} is error.`,
2937
2950
  err
@@ -2940,19 +2953,19 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
2940
2953
  });
2941
2954
  $asai.clientws[wsname].socket.on("close", () => {
2942
2955
  $asai.clientws[wsname].open = 0;
2943
- _optionalChain([$asai, 'access', _360 => _360.hostconfig, 'access', _361 => _361.logger, 'optionalAccess', _362 => _362.lv, 'optionalAccess', _363 => _363.view]) && console.error(
2956
+ _optionalChain([$asai, 'access', _364 => _364.hostconfig, 'access', _365 => _365.logger, 'optionalAccess', _366 => _366.lv, 'optionalAccess', _367 => _367.view]) && console.error(
2944
2957
  666.2205,
2945
2958
  `${wsname}=${$asai.command.commandconfig.clientws[wsname]} is close.`
2946
2959
  );
2947
2960
  reject();
2948
2961
  });
2949
2962
  $asai.clientws[wsname].socket.onopen = () => {
2950
- _optionalChain([$asai, 'access', _364 => _364.hostconfig, 'access', _365 => _365.logger, 'optionalAccess', _366 => _366.lv, 'optionalAccess', _367 => _367.view]) && console.log(
2963
+ _optionalChain([$asai, 'access', _368 => _368.hostconfig, 'access', _369 => _369.logger, 'optionalAccess', _370 => _370.lv, 'optionalAccess', _371 => _371.view]) && console.log(
2951
2964
  666.2201,
2952
2965
  `${wsname}=${$asai.command.commandconfig.clientws[wsname]} is open.`
2953
2966
  );
2954
2967
  $asai.clientws[wsname].open = 1;
2955
- resolve5();
2968
+ resolve6();
2956
2969
  };
2957
2970
  });
2958
2971
  }
@@ -2970,7 +2983,7 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
2970
2983
  const key = getKeyByData(messageData);
2971
2984
  const task = $asai.clientws[wsname].tasks.get(key);
2972
2985
  if (task) {
2973
- _optionalChain([task, 'optionalAccess', _368 => _368.callback, 'call', _369 => _369(messageData)]);
2986
+ _optionalChain([task, 'optionalAccess', _372 => _372.callback, 'call', _373 => _373(messageData)]);
2974
2987
  if (messageData.ty && !messageData.id) {
2975
2988
  } else {
2976
2989
  $asai.clientws[wsname].tasks.delete(key);
@@ -2982,7 +2995,7 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
2982
2995
  }
2983
2996
  _chunkSMVZ3ZDJcjs.__name.call(void 0, clientwsOnmessage, "clientwsOnmessage");
2984
2997
  function clientwsApi(messageData) {
2985
- return new Promise((resolve5, reject) => {
2998
+ return new Promise((resolve6, reject) => {
2986
2999
  if ($asai.clientws[wsname].open) {
2987
3000
  try {
2988
3001
  const taskOpt = {};
@@ -2994,7 +3007,7 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
2994
3007
  getKeyByData(messageData),
2995
3008
  {
2996
3009
  callback: /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (res) => {
2997
- resolve5(res);
3010
+ resolve6(res);
2998
3011
  }, "callback"),
2999
3012
  ...messageData,
3000
3013
  ...taskOpt
@@ -3024,7 +3037,7 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
3024
3037
  }
3025
3038
  _chunkSMVZ3ZDJcjs.__name.call(void 0, clientwsWatch, "clientwsWatch");
3026
3039
  function clientwsWatchOff(messageData) {
3027
- if (_optionalChain([messageData, 'optionalAccess', _370 => _370.ty]) === "clear") {
3040
+ if (_optionalChain([messageData, 'optionalAccess', _374 => _374.ty]) === "clear") {
3028
3041
  $asai.clientws[wsname].tasks = /* @__PURE__ */ new Map();
3029
3042
  } else {
3030
3043
  const key = getKeyByData(messageData);
@@ -3065,7 +3078,7 @@ var ping_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai)
3065
3078
  var web_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3066
3079
  function chatBoard(msgdata, ws2, hostdir, req) {
3067
3080
  let room;
3068
- if (_optionalChain([msgdata, 'access', _371 => _371.db, 'optionalAccess', _372 => _372.room]) && typeof msgdata.db.room === "string") {
3081
+ if (_optionalChain([msgdata, 'access', _375 => _375.db, 'optionalAccess', _376 => _376.room]) && typeof msgdata.db.room === "string") {
3069
3082
  room = msgdata.db.room;
3070
3083
  delete msgdata.db.room;
3071
3084
  } else {
@@ -3122,26 +3135,26 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3122
3135
  removeFile: removeFile2,
3123
3136
  resolvePathUnderBase: resolvePathUnderBase2
3124
3137
  } = $asai.$lib.AsFs;
3125
- const { sendSuccess, sendFail, mnLog } = _optionalChain([$asai, 'access', _373 => _373.$lib, 'optionalAccess', _374 => _374.reqWork, 'optionalCall', _375 => _375($asai)]);
3138
+ const { sendSuccess, sendFail, mnLog } = _optionalChain([$asai, 'access', _377 => _377.$lib, 'optionalAccess', _378 => _378.reqWork, 'optionalCall', _379 => _379($asai)]);
3126
3139
  function mgLog(...arg) {
3127
3140
  mnLog("LOG", ...arg);
3128
3141
  }
3129
3142
  _chunkSMVZ3ZDJcjs.__name.call(void 0, mgLog, "mgLog");
3130
3143
  function getDir(opt) {
3131
- let tmpDir = _optionalChain([opt, 'access', _376 => _376.qrdata, 'optionalAccess', _377 => _377.dir]) || _optionalChain([opt, 'access', _378 => _378.data, 'optionalAccess', _379 => _379.dir]);
3144
+ let tmpDir = _optionalChain([opt, 'access', _380 => _380.qrdata, 'optionalAccess', _381 => _381.dir]) || _optionalChain([opt, 'access', _382 => _382.data, 'optionalAccess', _383 => _383.dir]);
3132
3145
  if (tmpDir) {
3133
3146
  tmpDir = decodeURIComponent(tmpDir);
3134
3147
  } else {
3135
- tmpDir = _optionalChain([opt, 'access', _380 => _380.qrdata, 'optionalAccess', _381 => _381.ty]) || _optionalChain([opt, 'access', _382 => _382.data, 'optionalAccess', _383 => _383.ty]);
3148
+ tmpDir = _optionalChain([opt, 'access', _384 => _384.qrdata, 'optionalAccess', _385 => _385.ty]) || _optionalChain([opt, 'access', _386 => _386.data, 'optionalAccess', _387 => _387.ty]);
3136
3149
  if (tmpDir) {
3137
3150
  tmpDir = decodeURIComponent(tmpDir);
3138
3151
  if (tmpDir === "access-clf" || tmpDir === "access-w3c") {
3139
- tmpDir = _optionalChain([$asai, 'access', _384 => _384.hostconfig, 'access', _385 => _385.logger, 'optionalAccess', _386 => _386.path, 'optionalAccess', _387 => _387.access]) || "";
3152
+ tmpDir = _optionalChain([$asai, 'access', _388 => _388.hostconfig, 'access', _389 => _389.logger, 'optionalAccess', _390 => _390.path, 'optionalAccess', _391 => _391.access]) || "";
3140
3153
  } else {
3141
- tmpDir = _optionalChain([$asai, 'access', _388 => _388.hostconfig, 'access', _389 => _389.logger, 'optionalAccess', _390 => _390.path, 'optionalAccess', _391 => _391[tmpDir]]) || "";
3154
+ tmpDir = _optionalChain([$asai, 'access', _392 => _392.hostconfig, 'access', _393 => _393.logger, 'optionalAccess', _394 => _394.path, 'optionalAccess', _395 => _395[tmpDir]]) || "";
3142
3155
  }
3143
3156
  } else {
3144
- tmpDir = _optionalChain([$asai, 'access', _392 => _392.hostconfig, 'access', _393 => _393.logger, 'optionalAccess', _394 => _394.path, 'optionalAccess', _395 => _395.client]) || "";
3157
+ tmpDir = _optionalChain([$asai, 'access', _396 => _396.hostconfig, 'access', _397 => _397.logger, 'optionalAccess', _398 => _398.path, 'optionalAccess', _399 => _399.client]) || "";
3145
3158
  }
3146
3159
  }
3147
3160
  return tmpDir;
@@ -3173,7 +3186,7 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3173
3186
  if (!await ensureLv(req, $asai, 3)) return sendFail(res, "Forbidden", opt);
3174
3187
  try {
3175
3188
  const baseDir = getDir(opt);
3176
- const relPath = decodeURIComponent(_optionalChain([opt, 'access', _396 => _396.qrdata, 'optionalAccess', _397 => _397.path]) || _optionalChain([opt, 'access', _398 => _398.data, 'optionalAccess', _399 => _399.path]));
3189
+ const relPath = decodeURIComponent(_optionalChain([opt, 'access', _400 => _400.qrdata, 'optionalAccess', _401 => _401.path]) || _optionalChain([opt, 'access', _402 => _402.data, 'optionalAccess', _403 => _403.path]));
3177
3190
  const jsonpath = resolvePathUnderBase2(baseDir, relPath);
3178
3191
  await ensureFile2(jsonpath);
3179
3192
  mgLog("ENSURE", jsonpath);
@@ -3194,7 +3207,7 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3194
3207
  if (url.startsWith("/api/asailog/manage/selectlist/")) {
3195
3208
  if (!await ensureLv(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3196
3209
  try {
3197
- const ty = decodeURIComponent(_optionalChain([opt, 'access', _400 => _400.qrdata, 'optionalAccess', _401 => _401.ty]) || _optionalChain([opt, 'access', _402 => _402.data, 'optionalAccess', _403 => _403.ty]) || "client");
3210
+ const ty = decodeURIComponent(_optionalChain([opt, 'access', _404 => _404.qrdata, 'optionalAccess', _405 => _405.ty]) || _optionalChain([opt, 'access', _406 => _406.data, 'optionalAccess', _407 => _407.ty]) || "client");
3198
3211
  if (!_chunkHR5JKN7Ycjs.prefersDiskLogAccess.call(void 0, $asai) && _chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai) && (ty === "client" || ty === "server" || ty === "sec")) {
3199
3212
  const kind = ty === "sec" ? "sec" : "web";
3200
3213
  const groups = await _chunkHR5JKN7Ycjs.listUnifiedGroups.call(void 0, $asai, { kind, source: ty === "sec" ? "sec" : ty });
@@ -3222,8 +3235,8 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3222
3235
  if (url.startsWith("/api/asailog/manage/select/")) {
3223
3236
  if (!await ensureLv(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3224
3237
  try {
3225
- const ty = decodeURIComponent(_optionalChain([opt, 'access', _404 => _404.qrdata, 'optionalAccess', _405 => _405.ty]) || _optionalChain([opt, 'access', _406 => _406.data, 'optionalAccess', _407 => _407.ty]) || "client");
3226
- const relPath = decodeURIComponent(_optionalChain([opt, 'access', _408 => _408.qrdata, 'optionalAccess', _409 => _409.path]) || _optionalChain([opt, 'access', _410 => _410.data, 'optionalAccess', _411 => _411.path]));
3238
+ const ty = decodeURIComponent(_optionalChain([opt, 'access', _408 => _408.qrdata, 'optionalAccess', _409 => _409.ty]) || _optionalChain([opt, 'access', _410 => _410.data, 'optionalAccess', _411 => _411.ty]) || "client");
3239
+ const relPath = decodeURIComponent(_optionalChain([opt, 'access', _412 => _412.qrdata, 'optionalAccess', _413 => _413.path]) || _optionalChain([opt, 'access', _414 => _414.data, 'optionalAccess', _415 => _415.path]));
3227
3240
  if (!_chunkHR5JKN7Ycjs.prefersDiskLogAccess.call(void 0, $asai) && _chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai) && (ty === "client" || ty === "server" || ty === "sec")) {
3228
3241
  const data2 = await _chunkHR5JKN7Ycjs.readWebLogFromStore.call(void 0, $asai, ty, relPath);
3229
3242
  if (data2) {
@@ -3251,7 +3264,7 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3251
3264
  if (!await ensureLv(req, $asai, 3)) return sendFail(res, "Forbidden", opt);
3252
3265
  try {
3253
3266
  const baseDir = getDir(opt);
3254
- const relPath = decodeURIComponent(_optionalChain([opt, 'access', _412 => _412.qrdata, 'optionalAccess', _413 => _413.path]) || _optionalChain([opt, 'access', _414 => _414.data, 'optionalAccess', _415 => _415.path]));
3267
+ const relPath = decodeURIComponent(_optionalChain([opt, 'access', _416 => _416.qrdata, 'optionalAccess', _417 => _417.path]) || _optionalChain([opt, 'access', _418 => _418.data, 'optionalAccess', _419 => _419.path]));
3255
3268
  const fileName = relPath.split(/[/\\]/).pop() || relPath;
3256
3269
  if (_chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai)) {
3257
3270
  await _chunkHR5JKN7Ycjs.purgeStoreEntriesForFile.call(void 0, $asai, fileName).catch(() => void 0);
@@ -3274,14 +3287,14 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3274
3287
 
3275
3288
  // src/infra/siem-auth.ts
3276
3289
  function isSiemEnabled($asai) {
3277
- const cfg = _optionalChain([$asai, 'optionalAccess', _416 => _416.hostconfig, 'optionalAccess', _417 => _417.logger, 'optionalAccess', _418 => _418.siem]);
3278
- return !!(_optionalChain([cfg, 'optionalAccess', _419 => _419.enabled]) && getSiemToken($asai));
3290
+ const cfg = _optionalChain([$asai, 'optionalAccess', _420 => _420.hostconfig, 'optionalAccess', _421 => _421.logger, 'optionalAccess', _422 => _422.siem]);
3291
+ return !!(_optionalChain([cfg, 'optionalAccess', _423 => _423.enabled]) && getSiemToken($asai));
3279
3292
  }
3280
3293
  _chunkSMVZ3ZDJcjs.__name.call(void 0, isSiemEnabled, "isSiemEnabled");
3281
3294
  function getSiemToken($asai) {
3282
3295
  const fromEnv = process.env.ASAI_SIEM_TOKEN;
3283
3296
  if (typeof fromEnv === "string" && fromEnv.trim()) return fromEnv.trim();
3284
- const fromCfg = _optionalChain([$asai, 'optionalAccess', _420 => _420.hostconfig, 'optionalAccess', _421 => _421.logger, 'optionalAccess', _422 => _422.siem, 'optionalAccess', _423 => _423.token]);
3297
+ const fromCfg = _optionalChain([$asai, 'optionalAccess', _424 => _424.hostconfig, 'optionalAccess', _425 => _425.logger, 'optionalAccess', _426 => _426.siem, 'optionalAccess', _427 => _427.token]);
3285
3298
  return typeof fromCfg === "string" ? fromCfg.trim() : "";
3286
3299
  }
3287
3300
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getSiemToken, "getSiemToken");
@@ -3289,9 +3302,9 @@ function isSiemTokenValid($asai, req) {
3289
3302
  if (!isSiemEnabled($asai)) return false;
3290
3303
  const expected = getSiemToken($asai);
3291
3304
  if (!expected) return false;
3292
- const header = _optionalChain([req, 'optionalAccess', _424 => _424.headers, 'optionalAccess', _425 => _425["x-siem-token"]]) || _optionalChain([req, 'optionalAccess', _426 => _426.headers, 'optionalAccess', _427 => _427["x-api-key"]]);
3305
+ const header = _optionalChain([req, 'optionalAccess', _428 => _428.headers, 'optionalAccess', _429 => _429["x-siem-token"]]) || _optionalChain([req, 'optionalAccess', _430 => _430.headers, 'optionalAccess', _431 => _431["x-api-key"]]);
3293
3306
  if (typeof header === "string" && header === expected) return true;
3294
- const q = _optionalChain([req, 'optionalAccess', _428 => _428.query]) || {};
3307
+ const q = _optionalChain([req, 'optionalAccess', _432 => _432.query]) || {};
3295
3308
  const qToken = q.siem_token || q.token;
3296
3309
  return typeof qToken === "string" && qToken === expected;
3297
3310
  }
@@ -3315,20 +3328,20 @@ function getNs(raw) {
3315
3328
  }
3316
3329
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getNs, "getNs");
3317
3330
  async function ensureServerUser(req, $asai) {
3318
- if (Array.isArray(_optionalChain([req, 'optionalAccess', _429 => _429.Userinfo])) && req.Userinfo[0]) {
3331
+ if (Array.isArray(_optionalChain([req, 'optionalAccess', _433 => _433.Userinfo])) && req.Userinfo[0]) {
3319
3332
  await attachServerUserLevel(req, $asai);
3320
3333
  }
3321
3334
  }
3322
3335
  _chunkSMVZ3ZDJcjs.__name.call(void 0, ensureServerUser, "ensureServerUser");
3323
3336
  var interventionlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3324
- const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _430 => _430.$lib, 'optionalAccess', _431 => _431.reqWork, 'optionalCall', _432 => _432($asai)]) || {};
3337
+ const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _434 => _434.$lib, 'optionalAccess', _435 => _435.reqWork, 'optionalCall', _436 => _436($asai)]) || {};
3325
3338
  const IL = $asai.$lib.InterventionLog;
3326
3339
  async function get(req, res, hostdir, opt) {
3327
3340
  const url = req.url || "";
3328
3341
  if (url.startsWith("/api/asailog/intervention/selectlist/")) {
3329
3342
  if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3330
3343
  try {
3331
- const ns = getNs(_optionalChain([opt, 'access', _433 => _433.qrdata, 'optionalAccess', _434 => _434.ns]) || _optionalChain([opt, 'access', _435 => _435.data, 'optionalAccess', _436 => _436.ns]));
3344
+ const ns = getNs(_optionalChain([opt, 'access', _437 => _437.qrdata, 'optionalAccess', _438 => _438.ns]) || _optionalChain([opt, 'access', _439 => _439.data, 'optionalAccess', _440 => _440.ns]));
3332
3345
  let list = await IL.listInterventionFiles($asai, ns);
3333
3346
  if (_chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai) && !_chunkHR5JKN7Ycjs.prefersDiskLogAccess.call(void 0, $asai)) {
3334
3347
  const groups = await _chunkHR5JKN7Ycjs.listUnifiedGroups.call(void 0, $asai, { kind: "intervention", ns });
@@ -3340,19 +3353,19 @@ var interventionlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void
3340
3353
  }
3341
3354
  return sendSuccess(res, { ns, files: list }, opt);
3342
3355
  } catch (err) {
3343
- return sendFail(res, _optionalChain([err, 'optionalAccess', _437 => _437.message]) || err, opt);
3356
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _441 => _441.message]) || err, opt);
3344
3357
  }
3345
3358
  }
3346
3359
  if (url.startsWith("/api/asailog/intervention/select/")) {
3347
3360
  if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3348
3361
  try {
3349
- const name = decodeURIComponent(_optionalChain([opt, 'access', _438 => _438.qrdata, 'optionalAccess', _439 => _439.name]) || _optionalChain([opt, 'access', _440 => _440.data, 'optionalAccess', _441 => _441.name]) || "");
3350
- const ns = getNs(_optionalChain([opt, 'access', _442 => _442.qrdata, 'optionalAccess', _443 => _443.ns]) || _optionalChain([opt, 'access', _444 => _444.data, 'optionalAccess', _445 => _445.ns]));
3362
+ const name = decodeURIComponent(_optionalChain([opt, 'access', _442 => _442.qrdata, 'optionalAccess', _443 => _443.name]) || _optionalChain([opt, 'access', _444 => _444.data, 'optionalAccess', _445 => _445.name]) || "");
3363
+ const ns = getNs(_optionalChain([opt, 'access', _446 => _446.qrdata, 'optionalAccess', _447 => _447.ns]) || _optionalChain([opt, 'access', _448 => _448.data, 'optionalAccess', _449 => _449.ns]));
3351
3364
  if (!name) return sendFail(res, "name required", opt);
3352
3365
  const content = await IL.readInterventionFile($asai, name, ns);
3353
3366
  return sendSuccess(res, { ns, ...content }, opt);
3354
3367
  } catch (err) {
3355
- return sendFail(res, _optionalChain([err, 'optionalAccess', _446 => _446.message]) || err, opt);
3368
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _450 => _450.message]) || err, opt);
3356
3369
  }
3357
3370
  }
3358
3371
  if (url.startsWith("/api/asailog/intervention/types/")) {
@@ -3360,7 +3373,7 @@ var interventionlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void
3360
3373
  try {
3361
3374
  return sendSuccess(res, IL.getInterventionTaxonomy($asai), opt);
3362
3375
  } catch (err) {
3363
- return sendFail(res, _optionalChain([err, 'optionalAccess', _447 => _447.message]) || err, opt);
3376
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _451 => _451.message]) || err, opt);
3364
3377
  }
3365
3378
  }
3366
3379
  }
@@ -3390,7 +3403,7 @@ var interventionlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void
3390
3403
  );
3391
3404
  return sendSuccess(res, { ns, ...result }, opt);
3392
3405
  } catch (err) {
3393
- return sendFail(res, _optionalChain([err, 'optionalAccess', _448 => _448.message]) || err, opt);
3406
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _452 => _452.message]) || err, opt);
3394
3407
  }
3395
3408
  }
3396
3409
  }
@@ -3409,7 +3422,7 @@ function parseQuery(opt) {
3409
3422
  }
3410
3423
  _chunkSMVZ3ZDJcjs.__name.call(void 0, parseQuery, "parseQuery");
3411
3424
  function parseBody(opt) {
3412
- if (!_optionalChain([opt, 'optionalAccess', _449 => _449.data])) return {};
3425
+ if (!_optionalChain([opt, 'optionalAccess', _453 => _453.data])) return {};
3413
3426
  if (typeof opt.data === "string") {
3414
3427
  try {
3415
3428
  return JSON.parse(opt.data);
@@ -3421,7 +3434,7 @@ function parseBody(opt) {
3421
3434
  }
3422
3435
  _chunkSMVZ3ZDJcjs.__name.call(void 0, parseBody, "parseBody");
3423
3436
  var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3424
- const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _450 => _450.$lib, 'optionalAccess', _451 => _451.reqWork, 'optionalCall', _452 => _452($asai)]) || {};
3437
+ const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _454 => _454.$lib, 'optionalAccess', _455 => _455.reqWork, 'optionalCall', _456 => _456($asai)]) || {};
3425
3438
  const IL = $asai.$lib.InterventionLog;
3426
3439
  async function get(req, res, hostdir, opt) {
3427
3440
  const url = req.url || "";
@@ -3431,7 +3444,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3431
3444
  try {
3432
3445
  return sendSuccess(res, _chunkHR5JKN7Ycjs.getLogStoreMeta.call(void 0, $asai), opt);
3433
3446
  } catch (err) {
3434
- return sendFail(res, _optionalChain([err, 'optionalAccess', _453 => _453.message]) || err, opt);
3447
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _457 => _457.message]) || err, opt);
3435
3448
  }
3436
3449
  }
3437
3450
  if (url.startsWith("/api/asailog/store/stats/")) {
@@ -3444,7 +3457,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3444
3457
  const stats = await _chunkHR5JKN7Ycjs.getUnifiedStats.call(void 0, $asai);
3445
3458
  return sendSuccess(res, { store: storeType, stats, config: _chunkHR5JKN7Ycjs.getLogStoreMeta.call(void 0, $asai) }, opt);
3446
3459
  } catch (err) {
3447
- return sendFail(res, _optionalChain([err, 'optionalAccess', _454 => _454.message]) || err, opt);
3460
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _458 => _458.message]) || err, opt);
3448
3461
  }
3449
3462
  }
3450
3463
  if (url.startsWith("/api/asailog/store/compliance/")) {
@@ -3454,7 +3467,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3454
3467
  const report = await _chunkHR5JKN7Ycjs.getComplianceReport.call(void 0, $asai, ns);
3455
3468
  return sendSuccess(res, report, opt);
3456
3469
  } catch (err) {
3457
- return sendFail(res, _optionalChain([err, 'optionalAccess', _455 => _455.message]) || err, opt);
3470
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _459 => _459.message]) || err, opt);
3458
3471
  }
3459
3472
  }
3460
3473
  if (url.startsWith("/api/asailog/store/search/")) {
@@ -3476,7 +3489,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3476
3489
  });
3477
3490
  return sendSuccess(res, result, opt);
3478
3491
  } catch (err) {
3479
- return sendFail(res, _optionalChain([err, 'optionalAccess', _456 => _456.message]) || err, opt);
3492
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _460 => _460.message]) || err, opt);
3480
3493
  }
3481
3494
  }
3482
3495
  if (url.startsWith("/api/asailog/store/export/")) {
@@ -3497,7 +3510,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3497
3510
  });
3498
3511
  return sendSuccess(res, payload, opt);
3499
3512
  } catch (err) {
3500
- return sendFail(res, _optionalChain([err, 'optionalAccess', _457 => _457.message]) || err, opt);
3513
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _461 => _461.message]) || err, opt);
3501
3514
  }
3502
3515
  }
3503
3516
  if (url.startsWith("/api/asailog/store/taxonomy/")) {
@@ -3505,7 +3518,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3505
3518
  try {
3506
3519
  return sendSuccess(res, IL.getInterventionTaxonomy($asai), opt);
3507
3520
  } catch (err) {
3508
- return sendFail(res, _optionalChain([err, 'optionalAccess', _458 => _458.message]) || err, opt);
3521
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _462 => _462.message]) || err, opt);
3509
3522
  }
3510
3523
  }
3511
3524
  if (url.startsWith("/api/asailog/store/formats/")) {
@@ -3514,7 +3527,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3514
3527
  const { getLogFormatTaxonomy } = await Promise.resolve().then(() => _interopRequireWildcard(require("./log-formats-TUXGMCCU.cjs")));
3515
3528
  return sendSuccess(res, getLogFormatTaxonomy($asai), opt);
3516
3529
  } catch (err) {
3517
- return sendFail(res, _optionalChain([err, 'optionalAccess', _459 => _459.message]) || err, opt);
3530
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _463 => _463.message]) || err, opt);
3518
3531
  }
3519
3532
  }
3520
3533
  if (url.startsWith("/api/asailog/store/selectlist/")) {
@@ -3541,7 +3554,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3541
3554
  }
3542
3555
  return sendSuccess(res, { groups }, opt);
3543
3556
  } catch (err) {
3544
- return sendFail(res, _optionalChain([err, 'optionalAccess', _460 => _460.message]) || err, opt);
3557
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _464 => _464.message]) || err, opt);
3545
3558
  }
3546
3559
  }
3547
3560
  if (url.startsWith("/api/asailog/store/select/")) {
@@ -3575,7 +3588,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3575
3588
  });
3576
3589
  return sendSuccess(res, { entries: rows }, opt);
3577
3590
  } catch (err) {
3578
- return sendFail(res, _optionalChain([err, 'optionalAccess', _461 => _461.message]) || err, opt);
3591
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _465 => _465.message]) || err, opt);
3579
3592
  }
3580
3593
  }
3581
3594
  }
@@ -3597,7 +3610,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3597
3610
  });
3598
3611
  return sendSuccess(res, result, opt);
3599
3612
  } catch (err) {
3600
- return sendFail(res, _optionalChain([err, 'optionalAccess', _462 => _462.message]) || err, opt);
3613
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _466 => _466.message]) || err, opt);
3601
3614
  }
3602
3615
  }
3603
3616
  _chunkSMVZ3ZDJcjs.__name.call(void 0, post, "post");
@@ -3609,7 +3622,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3609
3622
 
3610
3623
  var registry = null;
3611
3624
  function resolveFilePath($asai) {
3612
- const root = _optionalChain([$asai, 'optionalAccess', _463 => _463.serverRoot]) || process.cwd();
3625
+ const root = _optionalChain([$asai, 'optionalAccess', _467 => _467.serverRoot]) || process.cwd();
3613
3626
  return nodePath3.join(root, "websys/sys/errorcodes.json");
3614
3627
  }
3615
3628
  _chunkSMVZ3ZDJcjs.__name.call(void 0, resolveFilePath, "resolveFilePath");
@@ -3627,7 +3640,7 @@ function loadErrorCodes($asai) {
3627
3640
  }
3628
3641
  _chunkSMVZ3ZDJcjs.__name.call(void 0, loadErrorCodes, "loadErrorCodes");
3629
3642
  function getError(ec) {
3630
- return _optionalChain([registry, 'optionalAccess', _464 => _464.errors, 'optionalAccess', _465 => _465[ec]]) || null;
3643
+ return _optionalChain([registry, 'optionalAccess', _468 => _468.errors, 'optionalAccess', _469 => _469[ec]]) || null;
3631
3644
  }
3632
3645
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getError, "getError");
3633
3646
  function hasError(ec) {
@@ -3636,11 +3649,11 @@ function hasError(ec) {
3636
3649
  _chunkSMVZ3ZDJcjs.__name.call(void 0, hasError, "hasError");
3637
3650
  function logError($asai, ec, params) {
3638
3651
  const entry = getError(ec);
3639
- const logFn = _optionalChain([$asai, 'optionalAccess', _466 => _466.$log]) || console.warn;
3652
+ const logFn = _optionalChain([$asai, 'optionalAccess', _470 => _470.$log]) || console.warn;
3640
3653
  if (entry) {
3641
- logFn(`[EC:${ec}]`, entry.id || "", entry.detail || "", _optionalChain([params, 'optionalAccess', _467 => _467.length]) ? params : "");
3654
+ logFn(`[EC:${ec}]`, entry.id || "", entry.detail || "", _optionalChain([params, 'optionalAccess', _471 => _471.length]) ? params : "");
3642
3655
  } else {
3643
- logFn(`[EC:${ec}]`, "(unregistered)", _optionalChain([params, 'optionalAccess', _468 => _468.length]) ? params : "");
3656
+ logFn(`[EC:${ec}]`, "(unregistered)", _optionalChain([params, 'optionalAccess', _472 => _472.length]) ? params : "");
3644
3657
  }
3645
3658
  }
3646
3659
  _chunkSMVZ3ZDJcjs.__name.call(void 0, logError, "logError");
@@ -3668,14 +3681,14 @@ var ErrorCode_default = {
3668
3681
 
3669
3682
  // src/sysserver/api/common/errorcodes.ts
3670
3683
  var errorcodes_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3671
- const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _469 => _469.$lib, 'optionalAccess', _470 => _470.reqWork, 'optionalCall', _471 => _471($asai)]) || {};
3684
+ const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _473 => _473.$lib, 'optionalAccess', _474 => _474.reqWork, 'optionalCall', _475 => _475($asai)]) || {};
3672
3685
  function get(req, res, _hostdir, opt) {
3673
3686
  const url = req.url || "";
3674
3687
  if (url.startsWith("/api/sys/errorcodes/")) {
3675
3688
  try {
3676
3689
  return sendSuccess(res, loadErrorCodes($asai), opt);
3677
3690
  } catch (err) {
3678
- return sendFail(res, _optionalChain([err, 'optionalAccess', _472 => _472.message]) || err, opt);
3691
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _476 => _476.message]) || err, opt);
3679
3692
  }
3680
3693
  }
3681
3694
  }
@@ -3685,9 +3698,9 @@ var errorcodes_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3685
3698
 
3686
3699
  // src/sysserver/api/common/sqlitemanage.ts
3687
3700
  var sqlitemanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3688
- const { sendSuccess, sendFail, mnLog } = _optionalChain([$asai, 'optionalAccess', _473 => _473.$lib, 'optionalAccess', _474 => _474.reqWork, 'optionalCall', _475 => _475($asai)]) || {};
3701
+ const { sendSuccess, sendFail, mnLog } = _optionalChain([$asai, 'optionalAccess', _477 => _477.$lib, 'optionalAccess', _478 => _478.reqWork, 'optionalCall', _479 => _479($asai)]) || {};
3689
3702
  function mgLog(...arg) {
3690
- _optionalChain([mnLog, 'optionalCall', _476 => _476("SQLite", ...arg)]);
3703
+ _optionalChain([mnLog, 'optionalCall', _480 => _480("SQLite", ...arg)]);
3691
3704
  }
3692
3705
  _chunkSMVZ3ZDJcjs.__name.call(void 0, mgLog, "mgLog");
3693
3706
  return $asai.$lib.AsDb($asai, {
@@ -3705,7 +3718,7 @@ var sqlitemanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0,
3705
3718
  if (req.url.startsWith("/api/asaisqlite/manage/post")) {
3706
3719
  try {
3707
3720
  mgLog("POST", "custom handler triggered");
3708
- _optionalChain([sendSuccess, 'optionalCall', _477 => _477(res, { data: "post" }, opt)]);
3721
+ _optionalChain([sendSuccess, 'optionalCall', _481 => _481(res, { data: "post" }, opt)]);
3709
3722
  } catch (err) {
3710
3723
  mgLog("ERROR", "post handler", err);
3711
3724
  }
@@ -3722,10 +3735,10 @@ var sqlitemanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0,
3722
3735
  table: dataObj.table
3723
3736
  });
3724
3737
  mgLog("SELECT", "completed");
3725
- _optionalChain([sendSuccess, 'optionalCall', _478 => _478(res, resdb, opt)]);
3738
+ _optionalChain([sendSuccess, 'optionalCall', _482 => _482(res, resdb, opt)]);
3726
3739
  } catch (errdb) {
3727
3740
  mgLog("ERROR", "select", errdb);
3728
- _optionalChain([sendFail, 'optionalCall', _479 => _479(res, errdb, opt)]);
3741
+ _optionalChain([sendFail, 'optionalCall', _483 => _483(res, errdb, opt)]);
3729
3742
  }
3730
3743
  return "ok";
3731
3744
  }
@@ -3741,7 +3754,7 @@ function promLine(name, value, labels) {
3741
3754
  }
3742
3755
  _chunkSMVZ3ZDJcjs.__name.call(void 0, promLine, "promLine");
3743
3756
  var health_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3744
- const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _480 => _480.$lib, 'optionalAccess', _481 => _481.reqWork, 'optionalCall', _482 => _482($asai)]) || {};
3757
+ const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _484 => _484.$lib, 'optionalAccess', _485 => _485.reqWork, 'optionalCall', _486 => _486($asai)]) || {};
3745
3758
  async function get(req, res, _hostdir, opt) {
3746
3759
  const url = req.url || "";
3747
3760
  if (url.startsWith("/api/sys/health/metrics/")) {
@@ -3750,10 +3763,10 @@ var health_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asa
3750
3763
  let httpTotal = 0;
3751
3764
  let wsTotal = 0;
3752
3765
  for (const set of Object.values($asai.connectionshttp || {})) {
3753
- httpTotal += _optionalChain([set, 'optionalAccess', _483 => _483.size]) || 0;
3766
+ httpTotal += _optionalChain([set, 'optionalAccess', _487 => _487.size]) || 0;
3754
3767
  }
3755
3768
  for (const set of Object.values($asai.connectionsws || {})) {
3756
- wsTotal += _optionalChain([set, 'optionalAccess', _484 => _484.size]) || 0;
3769
+ wsTotal += _optionalChain([set, 'optionalAccess', _488 => _488.size]) || 0;
3757
3770
  }
3758
3771
  const lines = [
3759
3772
  "# HELP asai_uptime_seconds Process uptime",
@@ -3775,7 +3788,7 @@ var health_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asa
3775
3788
  res.writeHead(200, { "Content-Type": "text/plain; charset=utf-8" });
3776
3789
  return res.end(lines.join("\n") + "\n");
3777
3790
  } catch (err) {
3778
- return sendFail(res, _optionalChain([err, 'optionalAccess', _485 => _485.message]) || err, opt);
3791
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _489 => _489.message]) || err, opt);
3779
3792
  }
3780
3793
  }
3781
3794
  if (url.startsWith("/api/sys/health/status/")) {
@@ -3788,10 +3801,10 @@ var health_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asa
3788
3801
  memory: process.memoryUsage(),
3789
3802
  quota: {
3790
3803
  http: Object.fromEntries(
3791
- Object.entries($asai.connectionshttp || {}).map(([k, v]) => [k, _optionalChain([v, 'optionalAccess', _486 => _486.size]) || 0])
3804
+ Object.entries($asai.connectionshttp || {}).map(([k, v]) => [k, _optionalChain([v, 'optionalAccess', _490 => _490.size]) || 0])
3792
3805
  ),
3793
3806
  ws: Object.fromEntries(
3794
- Object.entries($asai.connectionsws || {}).map(([k, v]) => [k, _optionalChain([v, 'optionalAccess', _487 => _487.size]) || 0])
3807
+ Object.entries($asai.connectionsws || {}).map(([k, v]) => [k, _optionalChain([v, 'optionalAccess', _491 => _491.size]) || 0])
3795
3808
  )
3796
3809
  }
3797
3810
  },
@@ -3832,7 +3845,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, sanitizeString, "sanitizeString");
3832
3845
  // src/sysserver/api/login/service/session.ts
3833
3846
 
3834
3847
  function getSessionTtlMs($asai) {
3835
- const hours = _nullishCoalesce(_optionalChain([$asai, 'optionalAccess', _488 => _488.hostconfig, 'optionalAccess', _489 => _489.security, 'optionalAccess', _490 => _490.sessionTtlHours]), () => ( 24));
3848
+ const hours = _nullishCoalesce(_optionalChain([$asai, 'optionalAccess', _492 => _492.hostconfig, 'optionalAccess', _493 => _493.security, 'optionalAccess', _494 => _494.sessionTtlHours]), () => ( 24));
3836
3849
  return Number(hours) * 3600 * 1e3;
3837
3850
  }
3838
3851
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getSessionTtlMs, "getSessionTtlMs");
@@ -3849,7 +3862,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, generatePriKey, "generatePriKey");
3849
3862
  function createSessionKeys($asai) {
3850
3863
  const sessionId = _crypto.randomUUID.call(void 0, );
3851
3864
  const pri = generatePriKey();
3852
- const sn = _optionalChain([$asai, 'optionalAccess', _491 => _491.hostconfig, 'optionalAccess', _492 => _492.asaisn]);
3865
+ const sn = _optionalChain([$asai, 'optionalAccess', _495 => _495.hostconfig, 'optionalAccess', _496 => _496.asaisn]);
3853
3866
  if (!sn) throw new Error("[session] ASAI_ASAISN \u672A\u914D\u7F6E");
3854
3867
  const pub = $asai.$lib.AsCode.asencode(pri, sn);
3855
3868
  return { pri, pub, sessionId };
@@ -3905,7 +3918,7 @@ function unwrapJsonString(value) {
3905
3918
  }
3906
3919
  _chunkSMVZ3ZDJcjs.__name.call(void 0, unwrapJsonString, "unwrapJsonString");
3907
3920
  function parseAuthBody(opt) {
3908
- let raw = _optionalChain([opt, 'optionalAccess', _493 => _493.data]);
3921
+ let raw = _optionalChain([opt, 'optionalAccess', _497 => _497.data]);
3909
3922
  if (raw == null || raw === "") return {};
3910
3923
  if (typeof raw === "string") {
3911
3924
  const text = raw.trim();
@@ -3981,7 +3994,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, purgeOfflineSessions, "purgeOfflineSession
3981
3994
 
3982
3995
  // src/sysserver/api/login/index.ts
3983
3996
  function getSecurity($asai) {
3984
- return _optionalChain([$asai, 'optionalAccess', _494 => _494.hostconfig, 'optionalAccess', _495 => _495.security]) || {};
3997
+ return _optionalChain([$asai, 'optionalAccess', _498 => _498.hostconfig, 'optionalAccess', _499 => _499.security]) || {};
3985
3998
  }
3986
3999
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getSecurity, "getSecurity");
3987
4000
  function getQuota2($asai) {
@@ -3994,7 +4007,7 @@ async function canLogin($asai, us, hostdir) {
3994
4007
  if (!quota.enabled) return { ok: true };
3995
4008
  const store = _chunkZK4O4Z2Ocjs.createUserStore.call(void 0, $asai);
3996
4009
  const total = await countOnlineSessions($asai, hostdir, store);
3997
- const maxLogin = _nullishCoalesce(_nullishCoalesce(quota.maxLoginSessions, () => ( _optionalChain([$asai, 'optionalAccess', _496 => _496.hostconfig, 'optionalAccess', _497 => _497.hosts, 'optionalAccess', _498 => _498.default, 'optionalAccess', _499 => _499.maxonline]))), () => ( 100));
4010
+ const maxLogin = _nullishCoalesce(_nullishCoalesce(quota.maxLoginSessions, () => ( _optionalChain([$asai, 'optionalAccess', _500 => _500.hostconfig, 'optionalAccess', _501 => _501.hosts, 'optionalAccess', _502 => _502.default, 'optionalAccess', _503 => _503.maxonline]))), () => ( 100));
3998
4011
  if (total >= maxLogin) {
3999
4012
  return { ok: false, message: "LOGIN_QUOTA_FULL" };
4000
4013
  }
@@ -4027,7 +4040,7 @@ function ensureReady($asai) {
4027
4040
  }
4028
4041
  _chunkSMVZ3ZDJcjs.__name.call(void 0, ensureReady, "ensureReady");
4029
4042
  var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
4030
- const { sendSuccess, sendFail, sendErr } = _optionalChain([$asai, 'access', _500 => _500.$lib, 'optionalAccess', _501 => _501.reqWork, 'optionalCall', _502 => _502($asai)]) || {};
4043
+ const { sendSuccess, sendFail, sendErr } = _optionalChain([$asai, 'access', _504 => _504.$lib, 'optionalAccess', _505 => _505.reqWork, 'optionalCall', _506 => _506($asai)]) || {};
4031
4044
  const store = _chunkZK4O4Z2Ocjs.createUserStore.call(void 0, $asai);
4032
4045
  async function checkAdmin(req, pathname, minOverride) {
4033
4046
  await attachServerUserLevel(req, $asai);
@@ -4068,7 +4081,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4068
4081
  logSecurityEvent($asai, { type: "AUTH_SUCCESS", path: url, method: "POST", user: us, ip, detail: "password_changed" });
4069
4082
  return sendSuccess(res, { ok: true }, opt);
4070
4083
  } catch (err) {
4071
- return sendFail(res, _optionalChain([err, 'optionalAccess', _503 => _503.message]) || err, opt);
4084
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _507 => _507.message]) || err, opt);
4072
4085
  }
4073
4086
  }
4074
4087
  if (url.startsWith("/api/user/login/register/")) {
@@ -4101,11 +4114,11 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4101
4114
  logSecurityEvent($asai, { type: "AUTH_SUCCESS", path: url, method: "POST", user: us, ip, detail: "register_ok" });
4102
4115
  return sendSuccess(res, { user: publicUser($asai, user) }, opt);
4103
4116
  } catch (err) {
4104
- const msg = _optionalChain([err, 'optionalAccess', _504 => _504.message]) || String(err);
4117
+ const msg = _optionalChain([err, 'optionalAccess', _508 => _508.message]) || String(err);
4105
4118
  if (msg.includes("exists") || msg.includes("\u5DF2\u5B58\u5728")) {
4106
4119
  return sendErr(res, "USER_ALREADY_EXISTS", void 0, opt);
4107
4120
  }
4108
- return sendFail(res, _optionalChain([err, 'optionalAccess', _505 => _505.message]) || err, opt);
4121
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _509 => _509.message]) || err, opt);
4109
4122
  }
4110
4123
  }
4111
4124
  if (url.startsWith("/api/user/login/auth/")) {
@@ -4139,7 +4152,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4139
4152
  }
4140
4153
  const policy = _chunkGXOFLFFWcjs.getPasswordPolicy.call(void 0, $asai);
4141
4154
  const mustChange = !!user.mustChangePassword || _chunkGXOFLFFWcjs.isPasswordExpired.call(void 0, user.passwordChangedAt, policy.maxAgeDays);
4142
- const hostcfg = _optionalChain([$asai, 'access', _506 => _506.getHost, 'optionalCall', _507 => _507(hostdir)]) || {};
4155
+ const hostcfg = _optionalChain([$asai, 'access', _510 => _510.getHost, 'optionalCall', _511 => _511(hostdir)]) || {};
4143
4156
  if (hostcfg.ckws && isUserOnlineOnWs($asai, us, hostdir)) {
4144
4157
  kickUserWs($asai, us, hostdir);
4145
4158
  }
@@ -4164,13 +4177,13 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4164
4177
  opt
4165
4178
  );
4166
4179
  } catch (err) {
4167
- return sendFail(res, _optionalChain([err, 'optionalAccess', _508 => _508.message]) || err, opt);
4180
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _512 => _512.message]) || err, opt);
4168
4181
  }
4169
4182
  }
4170
4183
  if (url.startsWith("/api/user/login/logout/")) {
4171
4184
  try {
4172
4185
  const bodySid = body.sessionId ? sanitizeString(body.sessionId, 64) : "";
4173
- const us = _optionalChain([req, 'optionalAccess', _509 => _509.Userinfo, 'optionalAccess', _510 => _510[0]]);
4186
+ const us = _optionalChain([req, 'optionalAccess', _513 => _513.Userinfo, 'optionalAccess', _514 => _514[0]]);
4174
4187
  if (bodySid) {
4175
4188
  if (!us) {
4176
4189
  return sendErr(res, "AUTH_MISSING", void 0, opt);
@@ -4184,7 +4197,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4184
4197
  if (us) logSecurityEvent($asai, { type: "AUTH_SUCCESS", path: url, method: "POST", user: String(us), ip, detail: "logout" });
4185
4198
  return sendSuccess(res, "ok", opt);
4186
4199
  } catch (err) {
4187
- return sendFail(res, _optionalChain([err, 'optionalAccess', _511 => _511.message]) || err, opt);
4200
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _515 => _515.message]) || err, opt);
4188
4201
  }
4189
4202
  }
4190
4203
  if (url.startsWith("/api/user/login/admin/kick/")) {
@@ -4202,7 +4215,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4202
4215
  }
4203
4216
  kickUserWs($asai, target.us, hostdir);
4204
4217
  await store.removeSession(sessionId);
4205
- const operator = String(_optionalChain([req, 'optionalAccess', _512 => _512.Userinfo, 'optionalAccess', _513 => _513[0]]) || "");
4218
+ const operator = String(_optionalChain([req, 'optionalAccess', _516 => _516.Userinfo, 'optionalAccess', _517 => _517[0]]) || "");
4206
4219
  await _chunkARHPHWT5cjs.logSessionTerminate.call(void 0, $asai, {
4207
4220
  operator,
4208
4221
  sessionId,
@@ -4211,7 +4224,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4211
4224
  });
4212
4225
  return sendSuccess(res, { ok: true }, opt);
4213
4226
  } catch (err) {
4214
- return sendFail(res, _optionalChain([err, 'optionalAccess', _514 => _514.message]) || err, opt);
4227
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _518 => _518.message]) || err, opt);
4215
4228
  }
4216
4229
  }
4217
4230
  if (url.startsWith("/api/user/login/admin/delete/")) {
@@ -4223,11 +4236,11 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4223
4236
  if (!targetUs || targetUs === "admin") return sendErr(res, "AUTH_FORBIDDEN", void 0, opt);
4224
4237
  const ok = await store.deleteUser(targetUs);
4225
4238
  if (!ok) return sendErr(res, "AUTH_USER_NOT_FOUND", void 0, opt);
4226
- const operator = String(_optionalChain([req, 'optionalAccess', _515 => _515.Userinfo, 'optionalAccess', _516 => _516[0]]) || "");
4239
+ const operator = String(_optionalChain([req, 'optionalAccess', _519 => _519.Userinfo, 'optionalAccess', _520 => _520[0]]) || "");
4227
4240
  await _chunkARHPHWT5cjs.logAccountPurge.call(void 0, $asai, { operator, targetUs, ip });
4228
4241
  return sendSuccess(res, { ok: true }, opt);
4229
4242
  } catch (err) {
4230
- return sendFail(res, _optionalChain([err, 'optionalAccess', _517 => _517.message]) || err, opt);
4243
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _521 => _521.message]) || err, opt);
4231
4244
  }
4232
4245
  }
4233
4246
  if (url.startsWith("/api/user/login/admin/levels/")) {
@@ -4239,7 +4252,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4239
4252
  const thresholds = body.thresholds && typeof body.thresholds === "object" ? body.thresholds : void 0;
4240
4253
  const routeRights = Array.isArray(body.routeRights) ? body.routeRights : void 0;
4241
4254
  const defaultResetPassword = typeof body.defaultResetPassword === "string" ? body.defaultResetPassword : void 0;
4242
- const operator = String(_optionalChain([req, 'optionalAccess', _518 => _518.Userinfo, 'optionalAccess', _519 => _519[0]]) || "");
4255
+ const operator = String(_optionalChain([req, 'optionalAccess', _522 => _522.Userinfo, 'optionalAccess', _523 => _523[0]]) || "");
4243
4256
  const cfg = await _chunkGXOFLFFWcjs.saveUserLevelConfig.call(void 0,
4244
4257
  $asai,
4245
4258
  {
@@ -4252,13 +4265,13 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4252
4265
  );
4253
4266
  await _chunkARHPHWT5cjs.logSecurityConfigIntervention.call(void 0, $asai, {
4254
4267
  section: "user_levels",
4255
- detail: JSON.stringify({ levels: _optionalChain([levels, 'optionalAccess', _520 => _520.length]), thresholds: !!thresholds, routeRights: _optionalChain([routeRights, 'optionalAccess', _521 => _521.length]) }),
4268
+ detail: JSON.stringify({ levels: _optionalChain([levels, 'optionalAccess', _524 => _524.length]), thresholds: !!thresholds, routeRights: _optionalChain([routeRights, 'optionalAccess', _525 => _525.length]) }),
4256
4269
  operator,
4257
4270
  ip
4258
4271
  });
4259
4272
  return sendSuccess(res, cfg, opt);
4260
4273
  } catch (err) {
4261
- return sendFail(res, _optionalChain([err, 'optionalAccess', _522 => _522.message]) || err, opt);
4274
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _526 => _526.message]) || err, opt);
4262
4275
  }
4263
4276
  }
4264
4277
  if (url.startsWith("/api/user/login/admin/resetpass/")) {
@@ -4292,7 +4305,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4292
4305
  passHistory: "[]"
4293
4306
  });
4294
4307
  if (!updated) return sendErr(res, "AUTH_USER_NOT_FOUND", void 0, opt);
4295
- const operator = String(_optionalChain([req, 'optionalAccess', _523 => _523.Userinfo, 'optionalAccess', _524 => _524[0]]) || "");
4308
+ const operator = String(_optionalChain([req, 'optionalAccess', _527 => _527.Userinfo, 'optionalAccess', _528 => _528[0]]) || "");
4296
4309
  await _chunkARHPHWT5cjs.logUserRbacChange.call(void 0, $asai, {
4297
4310
  operator,
4298
4311
  targetUs,
@@ -4309,7 +4322,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4309
4322
  });
4310
4323
  return sendSuccess(res, { user: publicUser($asai, updated) }, opt);
4311
4324
  } catch (err) {
4312
- return sendFail(res, _optionalChain([err, 'optionalAccess', _525 => _525.message]) || err, opt);
4325
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _529 => _529.message]) || err, opt);
4313
4326
  }
4314
4327
  }
4315
4328
  if (url.startsWith("/api/user/login/admin/update/")) {
@@ -4340,7 +4353,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4340
4353
  if (!updated) return sendErr(res, "AUTH_USER_NOT_FOUND", void 0, opt);
4341
4354
  if (Object.keys(patch).length) {
4342
4355
  await _chunkARHPHWT5cjs.logUserRbacChange.call(void 0, $asai, {
4343
- operator: String(_optionalChain([req, 'optionalAccess', _526 => _526.Userinfo, 'optionalAccess', _527 => _527[0]]) || ""),
4356
+ operator: String(_optionalChain([req, 'optionalAccess', _530 => _530.Userinfo, 'optionalAccess', _531 => _531[0]]) || ""),
4344
4357
  targetUs,
4345
4358
  patch,
4346
4359
  ip
@@ -4348,11 +4361,11 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4348
4361
  }
4349
4362
  return sendSuccess(res, { user: publicUser($asai, updated) }, opt);
4350
4363
  } catch (err) {
4351
- return sendFail(res, _optionalChain([err, 'optionalAccess', _528 => _528.message]) || err, opt);
4364
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _532 => _532.message]) || err, opt);
4352
4365
  }
4353
4366
  }
4354
4367
  if (url.startsWith("/api/user/login/profile/")) {
4355
- const us = _optionalChain([req, 'optionalAccess', _529 => _529.Userinfo, 'optionalAccess', _530 => _530[0]]);
4368
+ const us = _optionalChain([req, 'optionalAccess', _533 => _533.Userinfo, 'optionalAccess', _534 => _534[0]]);
4356
4369
  if (!us) return sendErr(res, "AUTH_UNAUTHORIZED", void 0, opt);
4357
4370
  try {
4358
4371
  const user = await store.findByUsername(String(us));
@@ -4386,7 +4399,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4386
4399
  const fresh = await store.findByUsername(String(us));
4387
4400
  return sendSuccess(res, { user: fresh ? publicUser($asai, fresh) : null }, opt);
4388
4401
  } catch (err) {
4389
- return sendFail(res, _optionalChain([err, 'optionalAccess', _531 => _531.message]) || err, opt);
4402
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _535 => _535.message]) || err, opt);
4390
4403
  }
4391
4404
  }
4392
4405
  }
@@ -4395,7 +4408,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4395
4408
  const url = req.url || "";
4396
4409
  const ip = getClientIp(req);
4397
4410
  if (url.startsWith("/api/user/login/config/")) {
4398
- const lang = String(_optionalChain([req, 'optionalAccess', _532 => _532.headers, 'optionalAccess', _533 => _533["accept-language"]]) || _optionalChain([opt, 'optionalAccess', _534 => _534.headers, 'optionalAccess', _535 => _535["accept-language"]]) || "zh-CN").split(",")[0];
4411
+ const lang = String(_optionalChain([req, 'optionalAccess', _536 => _536.headers, 'optionalAccess', _537 => _537["accept-language"]]) || _optionalChain([opt, 'optionalAccess', _538 => _538.headers, 'optionalAccess', _539 => _539["accept-language"]]) || "zh-CN").split(",")[0];
4399
4412
  await _chunkGXOFLFFWcjs.loadUserLevelConfig.call(void 0, $asai);
4400
4413
  return sendSuccess(res, _chunkGXOFLFFWcjs.getPublicSecurityConfig.call(void 0, $asai, lang), opt);
4401
4414
  }
@@ -4456,7 +4469,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4456
4469
  );
4457
4470
  }
4458
4471
  if (url.startsWith("/api/user/login/profile/")) {
4459
- const us = _optionalChain([req, 'optionalAccess', _536 => _536.Userinfo, 'optionalAccess', _537 => _537[0]]);
4472
+ const us = _optionalChain([req, 'optionalAccess', _540 => _540.Userinfo, 'optionalAccess', _541 => _541[0]]);
4460
4473
  if (!us) return sendErr(res, "AUTH_UNAUTHORIZED", void 0, opt);
4461
4474
  const user = await store.findByUsername(String(us));
4462
4475
  return sendSuccess(res, { user: user ? publicUser($asai, user) : null }, opt);
@@ -4498,16 +4511,16 @@ var As_default = {
4498
4511
  return { code: 908, data: val };
4499
4512
  },
4500
4513
  ctxSuccess(val, opt = null) {
4501
- if (typeof _optionalChain([opt, 'optionalAccess', _538 => _538.resAES]) === "function") {
4514
+ if (typeof _optionalChain([opt, 'optionalAccess', _542 => _542.resAES]) === "function") {
4502
4515
  val = opt.resAES(val);
4503
4516
  }
4504
4517
  return { code: 909, data: val };
4505
4518
  },
4506
4519
  getPath(str = "-") {
4507
- return _optionalChain([str, 'optionalAccess', _539 => _539.replace, 'call', _540 => _540(/[^a-zA-Z0-9.\-_\\\/]/g, "")]);
4520
+ return _optionalChain([str, 'optionalAccess', _543 => _543.replace, 'call', _544 => _544(/[^a-zA-Z0-9.\-_\\\/]/g, "")]);
4508
4521
  },
4509
4522
  getName(str = "-") {
4510
- return _optionalChain([str, 'optionalAccess', _541 => _541.replace, 'call', _542 => _542(/[^a-zA-Z0-9.\-_]/g, "")]);
4523
+ return _optionalChain([str, 'optionalAccess', _545 => _545.replace, 'call', _546 => _546(/[^a-zA-Z0-9.\-_]/g, "")]);
4511
4524
  },
4512
4525
  toDirPath(relativePath) {
4513
4526
  const pathArr = relativePath.split("/");
@@ -4543,10 +4556,10 @@ var As_default = {
4543
4556
  return absPath;
4544
4557
  },
4545
4558
  makeDir(fs11, filePaths) {
4546
- return new Promise((resolve5, reject) => {
4559
+ return new Promise((resolve6, reject) => {
4547
4560
  try {
4548
4561
  const newPath = this.ensureDir(fs11, filePaths);
4549
- resolve5(newPath);
4562
+ resolve6(newPath);
4550
4563
  } catch (err) {
4551
4564
  reject(err);
4552
4565
  }
@@ -4578,7 +4591,7 @@ var As_default = {
4578
4591
  // immediate: false,
4579
4592
  // });
4580
4593
  dtImmediate(fn, opt) {
4581
- if (_optionalChain([opt, 'optionalAccess', _543 => _543.immediate])) {
4594
+ if (_optionalChain([opt, 'optionalAccess', _547 => _547.immediate])) {
4582
4595
  fn();
4583
4596
  opt.immediate = false;
4584
4597
  }
@@ -4600,7 +4613,7 @@ var As_default = {
4600
4613
  if (opt.endtime - opt.starttime < opt.wait) {
4601
4614
  this.dtClearTimeout(opt);
4602
4615
  }
4603
- if (!_optionalChain([opt, 'optionalAccess', _544 => _544.timeout])) {
4616
+ if (!_optionalChain([opt, 'optionalAccess', _548 => _548.timeout])) {
4604
4617
  opt.starttime = opt.endtime;
4605
4618
  opt.timeout = this.dtSetTimeout(fn, opt);
4606
4619
  }
@@ -4608,7 +4621,7 @@ var As_default = {
4608
4621
  // 节流:指定长度时间内有多次触发,只fn最后一次触发
4609
4622
  throttle(fn, opt) {
4610
4623
  this.dtImmediate(fn, opt);
4611
- if (!_optionalChain([opt, 'optionalAccess', _545 => _545.timeout])) {
4624
+ if (!_optionalChain([opt, 'optionalAccess', _549 => _549.timeout])) {
4612
4625
  opt.timeout = this.dtSetTimeout(fn, opt);
4613
4626
  }
4614
4627
  },
@@ -4644,8 +4657,8 @@ var As_default = {
4644
4657
  var AsCode_default = {
4645
4658
  // 加密
4646
4659
  asencode(str, keys) {
4647
- const strlen = _optionalChain([str, 'optionalAccess', _546 => _546.length]) || 0;
4648
- const keyslen = _optionalChain([keys, 'optionalAccess', _547 => _547.length]) || 0;
4660
+ const strlen = _optionalChain([str, 'optionalAccess', _550 => _550.length]) || 0;
4661
+ const keyslen = _optionalChain([keys, 'optionalAccess', _551 => _551.length]) || 0;
4649
4662
  let newstr = "";
4650
4663
  for (let i = 0; i < strlen; i++) {
4651
4664
  const rnum = Math.round(Math.random() * 1e3) % keyslen;
@@ -4670,7 +4683,7 @@ var AsCode_default = {
4670
4683
  const rnum = keys.indexOf(str[i + 3]);
4671
4684
  const rnumx = Number(rnum.toString().slice(-1)) + 1;
4672
4685
  const ylen = keyslen - rnumx;
4673
- newstr += _optionalChain([String, 'optionalAccess', _548 => _548.fromCodePoint, 'call', _549 => _549(
4686
+ newstr += _optionalChain([String, 'optionalAccess', _552 => _552.fromCodePoint, 'call', _553 => _553(
4674
4687
  (keys.indexOf(str[i++]) - rnumx) * ylen * ylen + (keys.indexOf(str[i++]) - rnumx) * ylen + (keys.indexOf(str[i++]) - rnumx)
4675
4688
  )]);
4676
4689
  }
@@ -4753,7 +4766,7 @@ var AsAES_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4753
4766
  }
4754
4767
  _chunkSMVZ3ZDJcjs.__name.call(void 0, decrypt, "decrypt");
4755
4768
  function validateFields(payload, fields) {
4756
- return fields.every((key) => typeof _optionalChain([payload, 'optionalAccess', _550 => _550[key]]) === "string" && payload[key].length > 0);
4769
+ return fields.every((key) => typeof _optionalChain([payload, 'optionalAccess', _554 => _554[key]]) === "string" && payload[key].length > 0);
4757
4770
  }
4758
4771
  _chunkSMVZ3ZDJcjs.__name.call(void 0, validateFields, "validateFields");
4759
4772
  function reqAES(opt, fn = (data) => data) {
@@ -4761,7 +4774,7 @@ var AsAES_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4761
4774
  try {
4762
4775
  if (validateFields(reqData, ["data", "iv", "auth"])) {
4763
4776
  let aesData = decrypt(reqData);
4764
- if (_optionalChain([reqData, 'optionalAccess', _551 => _551.aes]) === 2) {
4777
+ if (_optionalChain([reqData, 'optionalAccess', _555 => _555.aes]) === 2) {
4765
4778
  aesData = JSON.parse(aesData);
4766
4779
  }
4767
4780
  return fn(aesData);
@@ -4795,24 +4808,24 @@ var AsAES_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4795
4808
  // src/sysserver/lib/common/AsDb.ts
4796
4809
  var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, cfg) => {
4797
4810
  const DataServer = _chunk2BCIIKRGcjs.getDataServerForAsDb.call(void 0, $asai, {
4798
- type: _optionalChain([cfg, 'optionalAccess', _552 => _552.type]) || "sqlite",
4811
+ type: _optionalChain([cfg, 'optionalAccess', _556 => _556.type]) || "sqlite",
4799
4812
  opt: {
4800
- ..._optionalChain([cfg, 'optionalAccess', _553 => _553.opt]) || {
4813
+ ..._optionalChain([cfg, 'optionalAccess', _557 => _557.opt]) || {
4801
4814
  database: "./webdata/webdb/sqlite/asaisqlite.db",
4802
4815
  create: 1
4803
4816
  }
4804
4817
  },
4805
- storeKey: _optionalChain([cfg, 'optionalAccess', _554 => _554.storeKey])
4818
+ storeKey: _optionalChain([cfg, 'optionalAccess', _558 => _558.storeKey])
4806
4819
  });
4807
4820
  function reqwherestr(str) {
4808
- if (_optionalChain([cfg, 'optionalAccess', _555 => _555.type]) === "sqlite" || _optionalChain([cfg, 'optionalAccess', _556 => _556.type]) === "mysql") {
4821
+ if (_optionalChain([cfg, 'optionalAccess', _559 => _559.type]) === "sqlite" || _optionalChain([cfg, 'optionalAccess', _560 => _560.type]) === "mysql") {
4809
4822
  return `'${str}'`;
4810
4823
  }
4811
4824
  return str;
4812
4825
  }
4813
4826
  _chunkSMVZ3ZDJcjs.__name.call(void 0, reqwherestr, "reqwherestr");
4814
4827
  function reqfield(queryData) {
4815
- if (_optionalChain([queryData, 'optionalAccess', _557 => _557.fd])) {
4828
+ if (_optionalChain([queryData, 'optionalAccess', _561 => _561.fd])) {
4816
4829
  return queryData.fd.split("-");
4817
4830
  }
4818
4831
  return cfg.field.data;
@@ -4820,14 +4833,14 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4820
4833
  _chunkSMVZ3ZDJcjs.__name.call(void 0, reqfield, "reqfield");
4821
4834
  function reqwhere(queryData) {
4822
4835
  const wheretmp = [];
4823
- if ((_optionalChain([cfg, 'optionalAccess', _558 => _558.type]) === "sqlite" || _optionalChain([cfg, 'optionalAccess', _559 => _559.type]) === "mysql") && _optionalChain([queryData, 'optionalAccess', _560 => _560.wlv])) {
4836
+ if ((_optionalChain([cfg, 'optionalAccess', _562 => _562.type]) === "sqlite" || _optionalChain([cfg, 'optionalAccess', _563 => _563.type]) === "mysql") && _optionalChain([queryData, 'optionalAccess', _564 => _564.wlv])) {
4824
4837
  const wlvarr = queryData.wlv.split("-");
4825
4838
  wheretmp.push([wlvarr[0], ">", Number(wlvarr[1] || 0)]);
4826
4839
  }
4827
- if (_optionalChain([queryData, 'optionalAccess', _561 => _561.fl])) {
4840
+ if (_optionalChain([queryData, 'optionalAccess', _565 => _565.fl])) {
4828
4841
  wheretmp.push([cfg.field.class, "LIKE", reqwherestr(`${queryData.fl}%`)]);
4829
4842
  }
4830
- if (_optionalChain([queryData, 'optionalAccess', _562 => _562.ss]) && _optionalChain([queryData, 'optionalAccess', _563 => _563.ssty])) {
4843
+ if (_optionalChain([queryData, 'optionalAccess', _566 => _566.ss]) && _optionalChain([queryData, 'optionalAccess', _567 => _567.ssty])) {
4831
4844
  wheretmp.push([queryData.ssty, "LIKE", reqwherestr(`%${queryData.ss}%`)]);
4832
4845
  }
4833
4846
  if (wheretmp.length > 1) {
@@ -4838,16 +4851,16 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4838
4851
  _chunkSMVZ3ZDJcjs.__name.call(void 0, reqwhere, "reqwhere");
4839
4852
  function reqorder(queryData) {
4840
4853
  const ordertmp = [];
4841
- if (_optionalChain([queryData, 'optionalAccess', _564 => _564.sx])) {
4842
- ordertmp.push([queryData.sx, _optionalChain([queryData, 'optionalAccess', _565 => _565.sxty]) == 1 ? "DESC" : "ASC"]);
4854
+ if (_optionalChain([queryData, 'optionalAccess', _568 => _568.sx])) {
4855
+ ordertmp.push([queryData.sx, _optionalChain([queryData, 'optionalAccess', _569 => _569.sxty]) == 1 ? "DESC" : "ASC"]);
4843
4856
  }
4844
4857
  return ordertmp;
4845
4858
  }
4846
4859
  _chunkSMVZ3ZDJcjs.__name.call(void 0, reqorder, "reqorder");
4847
4860
  function reqlimit(queryData) {
4848
4861
  let limittmp = "";
4849
- let limitps = _optionalChain([queryData, 'optionalAccess', _566 => _566.ps]);
4850
- if (_optionalChain([queryData, 'optionalAccess', _567 => _567.pg])) {
4862
+ let limitps = _optionalChain([queryData, 'optionalAccess', _570 => _570.ps]);
4863
+ if (_optionalChain([queryData, 'optionalAccess', _571 => _571.pg])) {
4851
4864
  limitps = limitps || 20;
4852
4865
  limittmp = `${(queryData.pg - 1) * limitps},${limitps}`;
4853
4866
  } else if (limitps) {
@@ -4900,8 +4913,8 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4900
4913
  _chunkSMVZ3ZDJcjs.__name.call(void 0, fileKeyFromSegment, "fileKeyFromSegment");
4901
4914
  function getSqlParamsByUrl(req, opt) {
4902
4915
  let tmpSqlParams;
4903
- const reqArr = _optionalChain([req, 'optionalAccess', _568 => _568.url, 'optionalAccess', _569 => _569.split, 'call', _570 => _570("?"), 'access', _571 => _571[0], 'optionalAccess', _572 => _572.split, 'call', _573 => _573("/")]) || [];
4904
- const table = (_optionalChain([opt, 'optionalAccess', _574 => _574.qrdata, 'optionalAccess', _575 => _575.table]) || _optionalChain([opt, 'optionalAccess', _576 => _576.data, 'optionalAccess', _577 => _577.table]) || reqArr[3]).replaceAll("_", "/");
4916
+ const reqArr = _optionalChain([req, 'optionalAccess', _572 => _572.url, 'optionalAccess', _573 => _573.split, 'call', _574 => _574("?"), 'access', _575 => _575[0], 'optionalAccess', _576 => _576.split, 'call', _577 => _577("/")]) || [];
4917
+ const table = (_optionalChain([opt, 'optionalAccess', _578 => _578.qrdata, 'optionalAccess', _579 => _579.table]) || _optionalChain([opt, 'optionalAccess', _580 => _580.data, 'optionalAccess', _581 => _581.table]) || reqArr[3]).replaceAll("_", "/");
4905
4918
  if (!table) return tmpSqlParams;
4906
4919
  tmpSqlParams = {
4907
4920
  type: "select",
@@ -4910,7 +4923,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4910
4923
  if (reqArr[5]) {
4911
4924
  if (reqArr[4] === "insert") {
4912
4925
  tmpSqlParams.type = reqArr[4];
4913
- if (_optionalChain([cfg, 'optionalAccess', _578 => _578.type]) === "file") {
4926
+ if (_optionalChain([cfg, 'optionalAccess', _582 => _582.type]) === "file") {
4914
4927
  const { name: bodyName, content } = parseFileBody(opt.data);
4915
4928
  const fileKey = fileKeyFromSegment(reqArr[5], bodyName);
4916
4929
  tmpSqlParams.field = cfg.field.data;
@@ -4934,11 +4947,11 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4934
4947
  }
4935
4948
  } else if (reqArr[4] === "update") {
4936
4949
  tmpSqlParams.type = reqArr[4];
4937
- const rowKey = _optionalChain([cfg, 'optionalAccess', _579 => _579.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
4950
+ const rowKey = _optionalChain([cfg, 'optionalAccess', _583 => _583.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
4938
4951
  tmpSqlParams.where = [[cfg.field.key, "=", reqwherestr(rowKey)]];
4939
- if (_optionalChain([cfg, 'optionalAccess', _580 => _580.type]) === "file") {
4952
+ if (_optionalChain([cfg, 'optionalAccess', _584 => _584.type]) === "file") {
4940
4953
  const { content } = parseFileBody(opt.data);
4941
- const contentField = _optionalChain([cfg, 'access', _581 => _581.field, 'access', _582 => _582.data, 'optionalAccess', _583 => _583[1]]) || "content";
4954
+ const contentField = _optionalChain([cfg, 'access', _585 => _585.field, 'access', _586 => _586.data, 'optionalAccess', _587 => _587[1]]) || "content";
4942
4955
  tmpSqlParams.set = [[contentField, fileContentString(content)]];
4943
4956
  } else {
4944
4957
  tmpSqlParams.set = [];
@@ -4955,18 +4968,18 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4955
4968
  }
4956
4969
  } else if (reqArr[4] === "delete") {
4957
4970
  tmpSqlParams.type = reqArr[4];
4958
- const rowKey = _optionalChain([cfg, 'optionalAccess', _584 => _584.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
4971
+ const rowKey = _optionalChain([cfg, 'optionalAccess', _588 => _588.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
4959
4972
  tmpSqlParams.where = [[cfg.field.key, "=", reqwherestr(rowKey)]];
4960
4973
  } else {
4961
- if (_optionalChain([cfg, 'optionalAccess', _585 => _585.as]) > 1) {
4974
+ if (_optionalChain([cfg, 'optionalAccess', _589 => _589.as]) > 1) {
4962
4975
  tmpSqlParams.as = +cfg.as - 1;
4963
4976
  }
4964
4977
  tmpSqlParams.field = cfg.field.data;
4965
- const rowKey = _optionalChain([cfg, 'optionalAccess', _586 => _586.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
4978
+ const rowKey = _optionalChain([cfg, 'optionalAccess', _590 => _590.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
4966
4979
  tmpSqlParams.where = [[cfg.field.key, "=", reqwherestr(rowKey)]];
4967
4980
  }
4968
4981
  } else {
4969
- tmpSqlParams.as = _optionalChain([cfg, 'optionalAccess', _587 => _587.as]);
4982
+ tmpSqlParams.as = _optionalChain([cfg, 'optionalAccess', _591 => _591.as]);
4970
4983
  tmpSqlParams.field = reqfield(opt.data);
4971
4984
  tmpSqlParams.where = reqwhere(opt.data);
4972
4985
  tmpSqlParams.order = reqorder(opt.data);
@@ -4976,8 +4989,8 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4976
4989
  }
4977
4990
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getSqlParamsByUrl, "getSqlParamsByUrl");
4978
4991
  function dbFresh(req, resdb) {
4979
- if (_optionalChain([req, 'optionalAccess', _588 => _588.url, 'optionalAccess', _589 => _589.includes, 'call', _590 => _590("/selectlist/")])) {
4980
- const list = Array.isArray(resdb) ? resdb : _optionalChain([resdb, 'optionalAccess', _591 => _591.data]);
4992
+ if (_optionalChain([req, 'optionalAccess', _592 => _592.url, 'optionalAccess', _593 => _593.includes, 'call', _594 => _594("/selectlist/")])) {
4993
+ const list = Array.isArray(resdb) ? resdb : _optionalChain([resdb, 'optionalAccess', _595 => _595.data]);
4981
4994
  if (Array.isArray(list)) {
4982
4995
  const names = list.map((el) => {
4983
4996
  if (typeof el === "string") {
@@ -4999,8 +5012,8 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4999
5012
  }
5000
5013
  _chunkSMVZ3ZDJcjs.__name.call(void 0, dbFresh, "dbFresh");
5001
5014
  function normalizeFileSelectRow(row) {
5002
- const nameKey = _optionalChain([cfg, 'access', _592 => _592.field, 'optionalAccess', _593 => _593.data, 'optionalAccess', _594 => _594[0]]) || "name";
5003
- const contentKey = _optionalChain([cfg, 'access', _595 => _595.field, 'optionalAccess', _596 => _596.data, 'optionalAccess', _597 => _597[1]]) || "content";
5015
+ const nameKey = _optionalChain([cfg, 'access', _596 => _596.field, 'optionalAccess', _597 => _597.data, 'optionalAccess', _598 => _598[0]]) || "name";
5016
+ const contentKey = _optionalChain([cfg, 'access', _599 => _599.field, 'optionalAccess', _600 => _600.data, 'optionalAccess', _601 => _601[1]]) || "content";
5004
5017
  if (!row || typeof row !== "object") return row;
5005
5018
  const out = { ...row };
5006
5019
  if (out[nameKey] != null) {
@@ -5014,7 +5027,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5014
5027
  }
5015
5028
  _chunkSMVZ3ZDJcjs.__name.call(void 0, normalizeFileSelectRow, "normalizeFileSelectRow");
5016
5029
  function isFileSingleNameSelect(params) {
5017
- return _optionalChain([cfg, 'optionalAccess', _598 => _598.type]) === "file" && _optionalChain([params, 'optionalAccess', _599 => _599.type]) === "select" && !!_optionalChain([params, 'optionalAccess', _600 => _600.where, 'optionalAccess', _601 => _601.length]);
5030
+ return _optionalChain([cfg, 'optionalAccess', _602 => _602.type]) === "file" && _optionalChain([params, 'optionalAccess', _603 => _603.type]) === "select" && !!_optionalChain([params, 'optionalAccess', _604 => _604.where, 'optionalAccess', _605 => _605.length]);
5018
5031
  }
5019
5032
  _chunkSMVZ3ZDJcjs.__name.call(void 0, isFileSingleNameSelect, "isFileSingleNameSelect");
5020
5033
  function normalizeSelectResult(params, resdb) {
@@ -5028,12 +5041,12 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5028
5041
  }
5029
5042
  return data;
5030
5043
  }
5031
- if (_optionalChain([params, 'optionalAccess', _602 => _602.where, 'optionalAccess', _603 => _603.length]) && Array.isArray(data) && data.length === 1) {
5044
+ if (_optionalChain([params, 'optionalAccess', _606 => _606.where, 'optionalAccess', _607 => _607.length]) && Array.isArray(data) && data.length === 1) {
5032
5045
  data = data[0];
5033
5046
  }
5034
- if (_optionalChain([cfg, 'optionalAccess', _604 => _604.type]) === "file" && data && typeof data === "object" && !Array.isArray(data)) {
5035
- const nameKey = _optionalChain([cfg, 'access', _605 => _605.field, 'optionalAccess', _606 => _606.data, 'optionalAccess', _607 => _607[0]]) || "name";
5036
- const contentKey = _optionalChain([cfg, 'access', _608 => _608.field, 'optionalAccess', _609 => _609.data, 'optionalAccess', _610 => _610[1]]) || "content";
5047
+ if (_optionalChain([cfg, 'optionalAccess', _608 => _608.type]) === "file" && data && typeof data === "object" && !Array.isArray(data)) {
5048
+ const nameKey = _optionalChain([cfg, 'access', _609 => _609.field, 'optionalAccess', _610 => _610.data, 'optionalAccess', _611 => _611[0]]) || "name";
5049
+ const contentKey = _optionalChain([cfg, 'access', _612 => _612.field, 'optionalAccess', _613 => _613.data, 'optionalAccess', _614 => _614[1]]) || "content";
5037
5050
  if (data[nameKey] != null) {
5038
5051
  data[nameKey] = bareFileName(String(data[nameKey]));
5039
5052
  }
@@ -5052,7 +5065,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5052
5065
  }
5053
5066
  _chunkSMVZ3ZDJcjs.__name.call(void 0, normalizeSelectResult, "normalizeSelectResult");
5054
5067
  function dbCodePm(req, resdb) {
5055
- if (_optionalChain([req, 'optionalAccess', _611 => _611.Userinfo]) && _optionalChain([req, 'optionalAccess', _612 => _612.Userinfo, 'access', _613 => _613[2]])) {
5068
+ if (_optionalChain([req, 'optionalAccess', _615 => _615.Userinfo]) && _optionalChain([req, 'optionalAccess', _616 => _616.Userinfo, 'access', _617 => _617[2]])) {
5056
5069
  if (resdb != null && typeof resdb === "object") {
5057
5070
  resdb.data = $asai.$lib.AsCode.asencode(JSON.stringify(resdb.data), req.Userinfo[2]);
5058
5071
  }
@@ -5066,8 +5079,8 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5066
5079
  DataServer.sqlDb(params).then((resdb) => {
5067
5080
  res.end(JSON.stringify($asai.$lib.As.ctxSuccess(dbCodePm(req, dbFresh(req, resdb)), opt)));
5068
5081
  }).catch((errdb) => {
5069
- const msg = String(_optionalChain([errdb, 'optionalAccess', _614 => _614.message]) || errdb || "");
5070
- if (_optionalChain([params, 'optionalAccess', _615 => _615.type]) === "select" && msg.includes("no such table")) {
5082
+ const msg = String(_optionalChain([errdb, 'optionalAccess', _618 => _618.message]) || errdb || "");
5083
+ if (_optionalChain([params, 'optionalAccess', _619 => _619.type]) === "select" && msg.includes("no such table")) {
5071
5084
  res.end(JSON.stringify($asai.$lib.As.ctxSuccess([], opt)));
5072
5085
  return;
5073
5086
  }
@@ -5084,23 +5097,23 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5084
5097
  try {
5085
5098
  DataServer.sqlDb(params).then((resdb) => {
5086
5099
  let resData = normalizeSelectResult(params, dbFresh(req, resdb));
5087
- if (_optionalChain([params, 'optionalAccess', _616 => _616.as]) === 2 && _optionalChain([params, 'optionalAccess', _617 => _617.field, 'optionalAccess', _618 => _618.length]) > 1) {
5100
+ if (_optionalChain([params, 'optionalAccess', _620 => _620.as]) === 2 && _optionalChain([params, 'optionalAccess', _621 => _621.field, 'optionalAccess', _622 => _622.length]) > 1) {
5088
5101
  let limitArr = [];
5089
- if (_optionalChain([params, 'access', _619 => _619.limit, 'optionalAccess', _620 => _620.split, 'call', _621 => _621(","), 'optionalAccess', _622 => _622.length]) < 2) {
5090
- limitArr = [0, +_optionalChain([params, 'access', _623 => _623.limit, 'optionalAccess', _624 => _624.split, 'call', _625 => _625(","), 'optionalAccess', _626 => _626[0]])];
5102
+ if (_optionalChain([params, 'access', _623 => _623.limit, 'optionalAccess', _624 => _624.split, 'call', _625 => _625(","), 'optionalAccess', _626 => _626.length]) < 2) {
5103
+ limitArr = [0, +_optionalChain([params, 'access', _627 => _627.limit, 'optionalAccess', _628 => _628.split, 'call', _629 => _629(","), 'optionalAccess', _630 => _630[0]])];
5091
5104
  } else {
5092
5105
  limitArr = params.limit.split(",");
5093
5106
  limitArr = [+limitArr[0], +limitArr[0] + +limitArr[1]];
5094
5107
  }
5095
- if (_optionalChain([resData, 'access', _627 => _627.data, 'optionalAccess', _628 => _628.length])) {
5108
+ if (_optionalChain([resData, 'access', _631 => _631.data, 'optionalAccess', _632 => _632.length])) {
5096
5109
  resData.data = resData.data.slice(+limitArr[0], +limitArr[1]);
5097
5110
  }
5098
5111
  }
5099
5112
  resData = dbCodePm(req, resData);
5100
5113
  res.end(JSON.stringify($asai.$lib.As.ctxSuccess(resData, opt)));
5101
5114
  }).catch((errdb) => {
5102
- const msg = String(_optionalChain([errdb, 'optionalAccess', _629 => _629.message]) || errdb || "");
5103
- if (_optionalChain([params, 'optionalAccess', _630 => _630.type]) === "select" && msg.includes("no such table")) {
5115
+ const msg = String(_optionalChain([errdb, 'optionalAccess', _633 => _633.message]) || errdb || "");
5116
+ if (_optionalChain([params, 'optionalAccess', _634 => _634.type]) === "select" && msg.includes("no such table")) {
5104
5117
  res.end(JSON.stringify($asai.$lib.As.ctxSuccess([], opt)));
5105
5118
  return;
5106
5119
  }
@@ -5115,7 +5128,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5115
5128
  }
5116
5129
  _chunkSMVZ3ZDJcjs.__name.call(void 0, runDefaultGet, "runDefaultGet");
5117
5130
  function post(req, res, hostdir, opt) {
5118
- if (_optionalChain([cfg, 'optionalAccess', _631 => _631.post]) && typeof cfg.post === "function") {
5131
+ if (_optionalChain([cfg, 'optionalAccess', _635 => _635.post]) && typeof cfg.post === "function") {
5119
5132
  Promise.resolve(cfg.post(req, res, hostdir, opt, DataServer)).then((reqstat) => {
5120
5133
  if (!reqstat) runDefaultPost(req, res, opt);
5121
5134
  }).catch((errdb) => {
@@ -5127,7 +5140,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5127
5140
  }
5128
5141
  _chunkSMVZ3ZDJcjs.__name.call(void 0, post, "post");
5129
5142
  function get(req, res, hostdir, opt) {
5130
- if (_optionalChain([cfg, 'optionalAccess', _632 => _632.get]) && typeof cfg.get === "function") {
5143
+ if (_optionalChain([cfg, 'optionalAccess', _636 => _636.get]) && typeof cfg.get === "function") {
5131
5144
  Promise.resolve(cfg.get(req, res, hostdir, opt, DataServer)).then((reqstat) => {
5132
5145
  if (!reqstat) runDefaultGet(req, res, opt);
5133
5146
  }).catch((errdb) => {
@@ -5142,6 +5155,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5142
5155
  }, "default");
5143
5156
 
5144
5157
  // src/sysserver/lib/common/reqWork.ts
5158
+
5145
5159
  var reqWork_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
5146
5160
  function hostDefault2(mod) {
5147
5161
  if (mod && typeof mod === "object" && "default" in mod) {
@@ -5152,17 +5166,30 @@ var reqWork_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($as
5152
5166
  }
5153
5167
  _chunkSMVZ3ZDJcjs.__name.call(void 0, hostDefault2, "hostDefault");
5154
5168
  function getPathFromOpt(opt) {
5155
- const rawPath = _optionalChain([opt, 'access', _633 => _633.qrdata, 'optionalAccess', _634 => _634.path]) || _optionalChain([opt, 'access', _635 => _635.data, 'optionalAccess', _636 => _636.path]);
5169
+ const rawPath = _optionalChain([opt, 'access', _637 => _637.qrdata, 'optionalAccess', _638 => _638.path]) || _optionalChain([opt, 'access', _639 => _639.data, 'optionalAccess', _640 => _640.path]);
5156
5170
  if (!rawPath) {
5157
5171
  throw new Error("Missing path");
5158
5172
  }
5159
5173
  const decoded = decodeURIComponent(String(rawPath));
5160
- const roots = _optionalChain([$asai, 'optionalAccess', _637 => _637.asaihost, 'optionalAccess', _638 => _638.getHostAllowedRoots, 'optionalCall', _639 => _639(_optionalChain([$asai, 'optionalAccess', _640 => _640.hostconfig]))]) || [];
5174
+ if (path4.isAbsolute(decoded)) {
5175
+ return path4.normalize(decoded);
5176
+ }
5177
+ const rel = decoded.replace(/^\.(\/)?/, "");
5178
+ const serverRoot = _optionalChain([$asai, 'optionalAccess', _641 => _641.serverRoot]);
5179
+ if (serverRoot && rel) {
5180
+ const absRoot = path4.resolve(serverRoot);
5181
+ const abs = path4.resolve(absRoot, rel);
5182
+ const relCheck = path4.relative(absRoot, abs);
5183
+ if (relCheck === "" || !relCheck.startsWith("..") && !path4.isAbsolute(relCheck)) {
5184
+ return abs;
5185
+ }
5186
+ }
5187
+ const roots = _optionalChain([$asai, 'optionalAccess', _642 => _642.asaihost, 'optionalAccess', _643 => _643.getHostAllowedRoots, 'optionalCall', _644 => _644(_optionalChain([$asai, 'optionalAccess', _645 => _645.hostconfig]))]) || [];
5161
5188
  if (!roots.length) {
5162
- const fallback = _optionalChain([$asai, 'optionalAccess', _641 => _641.serverRoot]) || process.cwd();
5189
+ const fallback = _optionalChain([$asai, 'optionalAccess', _646 => _646.serverRoot]) || process.cwd();
5163
5190
  if (fallback) roots.push(fallback);
5164
5191
  }
5165
- if (!_optionalChain([$asai, 'optionalAccess', _642 => _642.asaihost, 'optionalAccess', _643 => _643.resolvePathUnderRoots])) {
5192
+ if (!_optionalChain([$asai, 'optionalAccess', _647 => _647.asaihost, 'optionalAccess', _648 => _648.resolvePathUnderRoots])) {
5166
5193
  throw new Error("Path resolver unavailable");
5167
5194
  }
5168
5195
  return $asai.asaihost.resolvePathUnderRoots(decoded, roots);
@@ -5174,18 +5201,18 @@ var reqWork_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($as
5174
5201
  }
5175
5202
  _chunkSMVZ3ZDJcjs.__name.call(void 0, sendSuccess, "sendSuccess");
5176
5203
  function sendErr(res, ec, params, opt) {
5177
- const ErrorCode = _optionalChain([$asai, 'access', _644 => _644.$lib, 'optionalAccess', _645 => _645.ErrorCode]);
5178
- _optionalChain([ErrorCode, 'optionalAccess', _646 => _646.loadErrorCodes, 'optionalCall', _647 => _647($asai)]);
5179
- _optionalChain([ErrorCode, 'optionalAccess', _648 => _648.logError, 'optionalCall', _649 => _649($asai, ec, Array.isArray(params) ? params.map(String) : params != null ? [String(params)] : void 0)]);
5204
+ const ErrorCode = _optionalChain([$asai, 'access', _649 => _649.$lib, 'optionalAccess', _650 => _650.ErrorCode]);
5205
+ _optionalChain([ErrorCode, 'optionalAccess', _651 => _651.loadErrorCodes, 'optionalCall', _652 => _652($asai)]);
5206
+ _optionalChain([ErrorCode, 'optionalAccess', _653 => _653.logError, 'optionalCall', _654 => _654($asai, ec, Array.isArray(params) ? params.map(String) : params != null ? [String(params)] : void 0)]);
5180
5207
  const response = $asai.$lib.As.ctxErr(ec, params, opt);
5181
5208
  res.end(JSON.stringify(response));
5182
5209
  }
5183
5210
  _chunkSMVZ3ZDJcjs.__name.call(void 0, sendErr, "sendErr");
5184
5211
  function sendFail(res, err, opt) {
5185
- const ErrorCode = _optionalChain([$asai, 'access', _650 => _650.$lib, 'optionalAccess', _651 => _651.ErrorCode]);
5186
- _optionalChain([ErrorCode, 'optionalAccess', _652 => _652.loadErrorCodes, 'optionalCall', _653 => _653($asai)]);
5187
- const normalized = _optionalChain([ErrorCode, 'optionalAccess', _654 => _654.normalizeErrPayload, 'optionalCall', _655 => _655(err)]);
5188
- if (_optionalChain([normalized, 'optionalAccess', _656 => _656.ec])) {
5212
+ const ErrorCode = _optionalChain([$asai, 'access', _655 => _655.$lib, 'optionalAccess', _656 => _656.ErrorCode]);
5213
+ _optionalChain([ErrorCode, 'optionalAccess', _657 => _657.loadErrorCodes, 'optionalCall', _658 => _658($asai)]);
5214
+ const normalized = _optionalChain([ErrorCode, 'optionalAccess', _659 => _659.normalizeErrPayload, 'optionalCall', _660 => _660(err)]);
5215
+ if (_optionalChain([normalized, 'optionalAccess', _661 => _661.ec])) {
5189
5216
  return sendErr(res, normalized.ec, normalized.pm, opt);
5190
5217
  }
5191
5218
  const response = $asai.$lib.As.ctxFail(err);
@@ -5193,7 +5220,7 @@ var reqWork_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($as
5193
5220
  }
5194
5221
  _chunkSMVZ3ZDJcjs.__name.call(void 0, sendFail, "sendFail");
5195
5222
  function mnLog(...arg) {
5196
- (_optionalChain([$asai, 'optionalAccess', _657 => _657.$log]) || console.log)(...arg);
5223
+ (_optionalChain([$asai, 'optionalAccess', _662 => _662.$log]) || console.log)(...arg);
5197
5224
  }
5198
5225
  _chunkSMVZ3ZDJcjs.__name.call(void 0, mnLog, "mnLog");
5199
5226
  return { hostDefault: hostDefault2, getPathFromOpt, sendSuccess, sendFail, sendErr, mnLog };
@@ -5293,7 +5320,7 @@ async function removeFile(filePath) {
5293
5320
  try {
5294
5321
  await _promises2.default.unlink(nodePath2.default.normalize(filePath));
5295
5322
  } catch (err) {
5296
- if (_optionalChain([err, 'optionalAccess', _658 => _658.code]) !== "ENOENT") throw err;
5323
+ if (_optionalChain([err, 'optionalAccess', _663 => _663.code]) !== "ENOENT") throw err;
5297
5324
  }
5298
5325
  }
5299
5326
  _chunkSMVZ3ZDJcjs.__name.call(void 0, removeFile, "removeFile");
@@ -5343,17 +5370,17 @@ _chunkSMVZ3ZDJcjs.__export.call(void 0, common_exports, {
5343
5370
  });
5344
5371
 
5345
5372
  function promisifySqlDb(query, sql) {
5346
- return new Promise((resolve5, reject) => {
5373
+ return new Promise((resolve6, reject) => {
5347
5374
  query(sql, (err, result) => {
5348
5375
  if (err) {
5349
5376
  reject(err);
5350
5377
  return;
5351
5378
  }
5352
5379
  if (!result || Array.isArray(result) && result.length === 0) {
5353
- resolve5("");
5380
+ resolve6("");
5354
5381
  return;
5355
5382
  }
5356
- resolve5(result);
5383
+ resolve6(result);
5357
5384
  });
5358
5385
  });
5359
5386
  }
@@ -5406,11 +5433,11 @@ function toInsertRows(sql) {
5406
5433
  }
5407
5434
  _chunkSMVZ3ZDJcjs.__name.call(void 0, toInsertRows, "toInsertRows");
5408
5435
  function isPathInside(baseDir, targetPath) {
5409
- const base = path5.resolve(baseDir);
5410
- const target = path5.resolve(targetPath);
5411
- const relative4 = path5.relative(base, target);
5412
- if (!relative4) return true;
5413
- return !relative4.startsWith("..") && !path5.isAbsolute(relative4);
5436
+ const base = path6.resolve(baseDir);
5437
+ const target = path6.resolve(targetPath);
5438
+ const relative5 = path6.relative(base, target);
5439
+ if (!relative5) return true;
5440
+ return !relative5.startsWith("..") && !path6.isAbsolute(relative5);
5414
5441
  }
5415
5442
  _chunkSMVZ3ZDJcjs.__name.call(void 0, isPathInside, "isPathInside");
5416
5443
  function joinTablePath(table, ...segments) {
@@ -5605,11 +5632,11 @@ function dbDriver(opt = {}) {
5605
5632
  this.fileExt = config.ext === ".*" ? "" : config.ext || "";
5606
5633
  this.fileDel = (config.del || 0) !== 0;
5607
5634
  this.createDir = config.create || false;
5608
- const root = _optionalChain([config, 'access', _659 => _659.$asai, 'optionalAccess', _660 => _660.serverRoot]) || _chunkHR5JKN7Ycjs.getPrimaryServerRoot.call(void 0, );
5609
- this.baseDirAbs = path6.resolve(root, config.dir);
5635
+ const root = _optionalChain([config, 'access', _664 => _664.$asai, 'optionalAccess', _665 => _665.serverRoot]) || _chunkHR5JKN7Ycjs.getPrimaryServerRoot.call(void 0, );
5636
+ this.baseDirAbs = path7.resolve(root, config.dir);
5610
5637
  }
5611
5638
  dbLog(...args) {
5612
- (_optionalChain([this, 'access', _661 => _661.config, 'optionalAccess', _662 => _662.$asai, 'optionalAccess', _663 => _663.$log]) || console.log)("FILE", ...args);
5639
+ (_optionalChain([this, 'access', _666 => _666.config, 'optionalAccess', _667 => _667.$asai, 'optionalAccess', _668 => _668.$log]) || console.log)("FILE", ...args);
5613
5640
  }
5614
5641
  checkFile(file) {
5615
5642
  return fs10.existsSync(this.getAbsPath(file, false));
@@ -5619,9 +5646,9 @@ function dbDriver(opt = {}) {
5619
5646
  if (!relPath) {
5620
5647
  return this.baseDirAbs;
5621
5648
  }
5622
- const abs = path6.isAbsolute(relPath) ? path6.normalize(relPath) : path6.resolve(this.baseDirAbs, relPath);
5649
+ const abs = path7.isAbsolute(relPath) ? path7.normalize(relPath) : path7.resolve(this.baseDirAbs, relPath);
5623
5650
  if (!isPathInside2(this.baseDirAbs, abs)) {
5624
- return this.baseDirAbs;
5651
+ throw new Error("Path not allowed");
5625
5652
  }
5626
5653
  return abs;
5627
5654
  }
@@ -5633,11 +5660,11 @@ function dbDriver(opt = {}) {
5633
5660
  if (!relPath) {
5634
5661
  return "";
5635
5662
  }
5636
- return path6.isAbsolute(relPath) ? path6.relative(this.baseDirAbs, relPath) : relPath;
5663
+ return path7.isAbsolute(relPath) ? path7.relative(this.baseDirAbs, relPath) : relPath;
5637
5664
  }
5638
5665
  ensureDir(relPath) {
5639
- const relative4 = this.normalizeRelPath(relPath);
5640
- const dirPath = path6.dirname(relative4);
5666
+ const relative5 = this.normalizeRelPath(relPath);
5667
+ const dirPath = path7.dirname(relative5);
5641
5668
  const absDir = this.resolvePath(dirPath === "." ? "" : dirPath);
5642
5669
  if (this.createDir && !fs10.existsSync(absDir)) {
5643
5670
  this.dbLog("mkdir", "[MKDIR]", absDir);
@@ -5663,9 +5690,9 @@ function dbDriver(opt = {}) {
5663
5690
  this.dbLog("delete", "[RMDIR]", absPath);
5664
5691
  const entries = fs10.readdirSync(absPath, { withFileTypes: true });
5665
5692
  for (const entry of entries) {
5666
- const current = path6.join(absPath, entry.name);
5693
+ const current = path7.join(absPath, entry.name);
5667
5694
  if (entry.isDirectory()) {
5668
- this.deldir(path6.join(relativePath, entry.name));
5695
+ this.deldir(path7.join(relativePath, entry.name));
5669
5696
  } else {
5670
5697
  this.dbLog("delete", "[UNLINK]", current);
5671
5698
  fs10.unlinkSync(current);
@@ -5675,9 +5702,9 @@ function dbDriver(opt = {}) {
5675
5702
  }
5676
5703
  getReadPath(file, sql) {
5677
5704
  const candidates = [];
5678
- if (_optionalChain([sql, 'optionalAccess', _664 => _664.filename])) {
5679
- candidates.push({ dir: path6.join(file, sql.filename) });
5680
- candidates.push({ dir: path6.join(file + ".delete" + this.fileExt, sql.filename) });
5705
+ if (_optionalChain([sql, 'optionalAccess', _669 => _669.filename])) {
5706
+ candidates.push({ dir: path7.join(file, sql.filename) });
5707
+ candidates.push({ dir: path7.join(file + ".delete" + this.fileExt, sql.filename) });
5681
5708
  } else {
5682
5709
  candidates.push({ dir: file });
5683
5710
  candidates.push({ dir: file + this.fileExt + ".delete" });
@@ -5695,20 +5722,20 @@ function dbDriver(opt = {}) {
5695
5722
  if (!read2.path) {
5696
5723
  return { path: "", dir: read2.dir };
5697
5724
  }
5698
- if (_optionalChain([sql, 'optionalAccess', _665 => _665.filename])) {
5699
- return { path: path6.dirname(read2.path), dir: path6.dirname(read2.dir) };
5725
+ if (_optionalChain([sql, 'optionalAccess', _670 => _670.filename])) {
5726
+ return { path: path7.dirname(read2.path), dir: path7.dirname(read2.dir) };
5700
5727
  }
5701
5728
  return { path: read2.path, dir: read2.dir };
5702
5729
  }
5703
5730
  getNewPath(file, sql) {
5704
- if (_optionalChain([sql, 'optionalAccess', _666 => _666.filename])) {
5705
- return this.getAbsPath(path6.join(file, sql.filename), true);
5731
+ if (_optionalChain([sql, 'optionalAccess', _671 => _671.filename])) {
5732
+ return this.getAbsPath(path7.join(file, sql.filename), true);
5706
5733
  }
5707
5734
  return this.getAbsPath(file, true);
5708
5735
  }
5709
5736
  write(file, data, sql) {
5710
5737
  try {
5711
- const filePath = _optionalChain([sql, 'optionalAccess', _667 => _667.type]) === "insert" ? this.getNewPath(file, sql) : this.getReadPath(file, sql).path || this.getNewPath(file, sql);
5738
+ const filePath = _optionalChain([sql, 'optionalAccess', _672 => _672.type]) === "insert" ? this.getNewPath(file, sql) : this.getReadPath(file, sql).path || this.getNewPath(file, sql);
5712
5739
  this.dbLog("write", "[WRITE]", filePath);
5713
5740
  fs10.writeFileSync(filePath, data, "utf8");
5714
5741
  return "ok";
@@ -5738,11 +5765,11 @@ function dbDriver(opt = {}) {
5738
5765
  if (!del.path) {
5739
5766
  return "";
5740
5767
  }
5741
- if (this.fileDel && _optionalChain([sql, 'optionalAccess', _668 => _668.deltrue])) {
5768
+ if (this.fileDel && _optionalChain([sql, 'optionalAccess', _673 => _673.deltrue])) {
5742
5769
  const target = del.path + ".delete" + this.fileExt;
5743
5770
  this.dbLog("soft delete", "[SOFT DELETE]", `${del.path} -> ${target}`);
5744
5771
  fs10.renameSync(del.path, target);
5745
- } else if (_optionalChain([sql, 'optionalAccess', _669 => _669.filename])) {
5772
+ } else if (_optionalChain([sql, 'optionalAccess', _674 => _674.filename])) {
5746
5773
  this.deldir(del.dir);
5747
5774
  } else {
5748
5775
  this.dbLog("delete", "[DELETE]", del.path);
@@ -5785,7 +5812,7 @@ function dbDriver(opt = {}) {
5785
5812
  try {
5786
5813
  entries = fs10.readdirSync(absDir, { withFileTypes: true });
5787
5814
  } catch (e46) {
5788
- return _optionalChain([sql, 'optionalAccess', _670 => _670.list]) ? { open: [], delete: [] } : [];
5815
+ return _optionalChain([sql, 'optionalAccess', _675 => _675.list]) ? { open: [], delete: [] } : [];
5789
5816
  }
5790
5817
  const result = { open: [], delete: [] };
5791
5818
  const deleteSuffix = ".delete" + this.fileExt;
@@ -5795,19 +5822,19 @@ function dbDriver(opt = {}) {
5795
5822
  const isDelete = fileName.endsWith(deleteSuffix);
5796
5823
  const baseName = isDelete ? fileName.slice(0, -deleteSuffix.length) : fileName;
5797
5824
  if (this.fileExt && !baseName.endsWith(this.fileExt)) continue;
5798
- const fullPath = path6.join(absDir, fileName);
5825
+ const fullPath = path7.join(absDir, fileName);
5799
5826
  try {
5800
5827
  const data = fs10.readFileSync(fullPath, "utf8");
5801
5828
  const entryData = { data, file: baseName };
5802
5829
  if (isDelete) {
5803
- if (_optionalChain([sql, 'optionalAccess', _671 => _671.list])) result.delete.push(entryData);
5830
+ if (_optionalChain([sql, 'optionalAccess', _676 => _676.list])) result.delete.push(entryData);
5804
5831
  } else {
5805
5832
  result.open.push(entryData);
5806
5833
  }
5807
5834
  } catch (e47) {
5808
5835
  }
5809
5836
  }
5810
- return _optionalChain([sql, 'optionalAccess', _672 => _672.list]) ? result : result.open;
5837
+ return _optionalChain([sql, 'optionalAccess', _677 => _677.list]) ? result : result.open;
5811
5838
  } catch (e) {
5812
5839
  this.dbLog("list failed", "[LIST ERROR]", e);
5813
5840
  return e;
@@ -5817,14 +5844,14 @@ function dbDriver(opt = {}) {
5817
5844
  getFileNameFromWhere(where) {
5818
5845
  if (!where || !Array.isArray(where)) return "";
5819
5846
  const first = where.find((item) => Array.isArray(item));
5820
- const raw = _optionalChain([first, 'optionalAccess', _673 => _673[2]]);
5847
+ const raw = _optionalChain([first, 'optionalAccess', _678 => _678[2]]);
5821
5848
  if (typeof raw === "string") {
5822
5849
  return raw.replace(/^'+|'+$/g, "");
5823
5850
  }
5824
5851
  return String(_nullishCoalesce(raw, () => ( "")));
5825
5852
  }
5826
5853
  sqlDb(sql) {
5827
- return new Promise((resolve5, reject) => {
5854
+ return new Promise((resolve6, reject) => {
5828
5855
  try {
5829
5856
  let result;
5830
5857
  const tableDir = this.tableFilePath(sql.table);
@@ -5842,15 +5869,15 @@ function dbDriver(opt = {}) {
5842
5869
  const data = sql.set[0][1];
5843
5870
  result = this.write(this.tableFilePath(sql.table, file), data, sql);
5844
5871
  } else if (sql.type === "select") {
5845
- if (_optionalChain([sql, 'optionalAccess', _674 => _674.where, 'optionalAccess', _675 => _675.length]) && _optionalChain([sql, 'optionalAccess', _676 => _676.as]) !== 2) {
5872
+ if (_optionalChain([sql, 'optionalAccess', _679 => _679.where, 'optionalAccess', _680 => _680.length]) && _optionalChain([sql, 'optionalAccess', _681 => _681.as]) !== 2) {
5846
5873
  const file = this.getFileNameFromWhere(sql.where);
5847
5874
  const readRes = this.read(this.tableFilePath(sql.table, file), sql);
5848
5875
  const resObj = {};
5849
- if (_optionalChain([readRes, 'optionalAccess', _677 => _677[0], 'optionalAccess', _678 => _678.file]) && !readRes.error) {
5876
+ if (_optionalChain([readRes, 'optionalAccess', _682 => _682[0], 'optionalAccess', _683 => _683.file]) && !readRes.error) {
5850
5877
  if (sql.as === 1) {
5851
5878
  try {
5852
5879
  const parsed = JSON.parse(readRes[0].data);
5853
- if (_optionalChain([sql, 'access', _679 => _679.field, 'optionalAccess', _680 => _680.length])) {
5880
+ if (_optionalChain([sql, 'access', _684 => _684.field, 'optionalAccess', _685 => _685.length])) {
5854
5881
  sql.field.forEach((f) => {
5855
5882
  resObj[f] = _nullishCoalesce(parsed[f], () => ( ""));
5856
5883
  });
@@ -5871,7 +5898,7 @@ function dbDriver(opt = {}) {
5871
5898
  } else {
5872
5899
  const listRes = this.list(tableDir, sql);
5873
5900
  if (listRes && !listRes.error) {
5874
- if (_optionalChain([sql, 'optionalAccess', _681 => _681.list])) {
5901
+ if (_optionalChain([sql, 'optionalAccess', _686 => _686.list])) {
5875
5902
  const mapEntry = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (el) => {
5876
5903
  const fields = sql.field;
5877
5904
  const item = { [fields[0]]: el.file };
@@ -5882,9 +5909,9 @@ function dbDriver(opt = {}) {
5882
5909
  if (listRes.delete) listRes.delete = listRes.delete.map(mapEntry);
5883
5910
  result = listRes;
5884
5911
  } else {
5885
- if (_optionalChain([sql, 'optionalAccess', _682 => _682.as]) === 2) {
5912
+ if (_optionalChain([sql, 'optionalAccess', _687 => _687.as]) === 2) {
5886
5913
  let items = listRes;
5887
- if (_optionalChain([sql, 'access', _683 => _683.where, 'optionalAccess', _684 => _684.length])) {
5914
+ if (_optionalChain([sql, 'access', _688 => _688.where, 'optionalAccess', _689 => _689.length])) {
5888
5915
  const where = sql.where;
5889
5916
  const whereType = typeof where[0] === "string" ? where[0] : "and";
5890
5917
  items = items.filter((el) => {
@@ -5916,7 +5943,7 @@ function dbDriver(opt = {}) {
5916
5943
  const obj = {};
5917
5944
  try {
5918
5945
  const parsed = JSON.parse(el.data);
5919
- if (_optionalChain([sql, 'access', _685 => _685.field, 'optionalAccess', _686 => _686.length])) {
5946
+ if (_optionalChain([sql, 'access', _690 => _690.field, 'optionalAccess', _691 => _691.length])) {
5920
5947
  sql.field.forEach((f) => {
5921
5948
  obj[f] = _nullishCoalesce(parsed[f], () => ( ""));
5922
5949
  });
@@ -5927,7 +5954,7 @@ function dbDriver(opt = {}) {
5927
5954
  }
5928
5955
  return obj;
5929
5956
  });
5930
- if (_optionalChain([sql, 'access', _687 => _687.order, 'optionalAccess', _688 => _688.length])) {
5957
+ if (_optionalChain([sql, 'access', _692 => _692.order, 'optionalAccess', _693 => _693.length])) {
5931
5958
  const orderField = sql.order[0];
5932
5959
  const orderFieldName = typeof orderField === "string" ? orderField : orderField[0];
5933
5960
  const direction = typeof orderField === "string" ? "ASC" : String(orderField[1]).toUpperCase();
@@ -5948,12 +5975,12 @@ function dbDriver(opt = {}) {
5948
5975
  }
5949
5976
  }
5950
5977
  } else {
5951
- result = _optionalChain([sql, 'optionalAccess', _689 => _689.list]) ? { open: [], delete: [] } : [];
5978
+ result = _optionalChain([sql, 'optionalAccess', _694 => _694.list]) ? { open: [], delete: [] } : [];
5952
5979
  }
5953
5980
  }
5954
5981
  }
5955
5982
  if (result !== void 0) {
5956
- resolve5(result);
5983
+ resolve6(result);
5957
5984
  } else {
5958
5985
  reject("");
5959
5986
  }
@@ -6004,7 +6031,7 @@ function sysserver($asai, opt = {}) {
6004
6031
  if (!$asai.$lib) $asai.$lib = {};
6005
6032
  $asai.$lib = { ...lib_default, ...$asai.$lib, ...opt || {} };
6006
6033
  $asai.dataserver = db_default;
6007
- _optionalChain([$asai, 'access', _690 => _690.$lib, 'access', _691 => _691.ErrorCode, 'optionalAccess', _692 => _692.loadErrorCodes, 'optionalCall', _693 => _693($asai)]);
6034
+ _optionalChain([$asai, 'access', _695 => _695.$lib, 'access', _696 => _696.ErrorCode, 'optionalAccess', _697 => _697.loadErrorCodes, 'optionalCall', _698 => _698($asai)]);
6008
6035
  if (!$asai.$lib.api) $asai.$lib.api = {};
6009
6036
  $asai.$lib.api = { ...api_default, ...$asai.$lib.api };
6010
6037
  if (!$asai.$lib.ws) $asai.$lib.ws = {};
@@ -6197,7 +6224,7 @@ function normalizeDataStoresConfig(cfg) {
6197
6224
  }
6198
6225
  if (userStore.opt.create == null) userStore.opt.create = 1;
6199
6226
  }
6200
- if (!stores.log && _optionalChain([cfg, 'access', _694 => _694.logger, 'optionalAccess', _695 => _695.store])) {
6227
+ if (!stores.log && _optionalChain([cfg, 'access', _699 => _699.logger, 'optionalAccess', _700 => _700.store])) {
6201
6228
  const s = cfg.logger.store;
6202
6229
  stores.log = {
6203
6230
  type: s.type || "file",
@@ -6261,13 +6288,13 @@ function validateHostConfig(cfg) {
6261
6288
  if (cfg.asaisn != null) {
6262
6289
  errors.push("asaisn \u7981\u6B62\u5199\u5165 asaihost.json\uFF0C\u8BF7\u4F7F\u7528 ASAI_ASAISN");
6263
6290
  }
6264
- if (_optionalChain([cfg, 'access', _696 => _696.aes, 'optionalAccess', _697 => _697.keybase64]) != null) {
6291
+ if (_optionalChain([cfg, 'access', _701 => _701.aes, 'optionalAccess', _702 => _702.keybase64]) != null) {
6265
6292
  errors.push("aes.keybase64 \u7981\u6B62\u5199\u5165 asaihost.json\uFF0C\u8BF7\u4F7F\u7528 ASAI_AES_KEYBASE64");
6266
6293
  }
6267
- if (_optionalChain([cfg, 'access', _698 => _698.httpscert, 'optionalAccess', _699 => _699.key]) != null || _optionalChain([cfg, 'access', _700 => _700.httpscert, 'optionalAccess', _701 => _701.cert]) != null) {
6294
+ if (_optionalChain([cfg, 'access', _703 => _703.httpscert, 'optionalAccess', _704 => _704.key]) != null || _optionalChain([cfg, 'access', _705 => _705.httpscert, 'optionalAccess', _706 => _706.cert]) != null) {
6268
6295
  errors.push("httpscert.key/cert \u7981\u6B62\u5185\u8054\u4E8E asaihost.json\uFF0C\u8BF7\u4F7F\u7528 keyPath/certPath \u6216\u73AF\u5883\u53D8\u91CF");
6269
6296
  }
6270
- if (_optionalChain([cfg, 'access', _702 => _702.security, 'optionalAccess', _703 => _703.sessionSecret]) != null) {
6297
+ if (_optionalChain([cfg, 'access', _707 => _707.security, 'optionalAccess', _708 => _708.sessionSecret]) != null) {
6271
6298
  errors.push("security.sessionSecret \u7981\u6B62\u5199\u5165 asaihost.json\uFF0C\u8BF7\u4F7F\u7528 ASAI_SESSION_SECRET");
6272
6299
  }
6273
6300
  if (Array.isArray(cfg.wssec) && typeof cfg.wssec[0] === "string" && cfg.wssec[0].length > 0) {
@@ -6322,10 +6349,10 @@ function validateHostConfig(cfg) {
6322
6349
  validateHostSiteLimits(name, h, errors);
6323
6350
  }
6324
6351
  }
6325
- if (_optionalChain([cfg, 'access', _704 => _704.logger, 'optionalAccess', _705 => _705.sample]) && typeof cfg.logger.sample !== "object") {
6352
+ if (_optionalChain([cfg, 'access', _709 => _709.logger, 'optionalAccess', _710 => _710.sample]) && typeof cfg.logger.sample !== "object") {
6326
6353
  errors.push('logger.sample \u5FC5\u987B\u4E3A\u5BF9\u8C61\uFF08\u5982 { "REQ_OTHER": 0.1 }\uFF09');
6327
6354
  }
6328
- if (_optionalChain([cfg, 'access', _706 => _706.logger, 'optionalAccess', _707 => _707.skip]) != null && !Array.isArray(cfg.logger.skip)) {
6355
+ if (_optionalChain([cfg, 'access', _711 => _711.logger, 'optionalAccess', _712 => _712.skip]) != null && !Array.isArray(cfg.logger.skip)) {
6329
6356
  errors.push('logger.skip \u5FC5\u987B\u4E3A\u5B57\u7B26\u4E32\u6570\u7EC4\uFF08\u5982 ["/sys/info/metrics"]\uFF09');
6330
6357
  }
6331
6358
  if (cfg.proxyhosts && typeof cfg.proxyhosts === "object") {
@@ -6359,7 +6386,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, validateHostSiteLimits, "validateHostSiteL
6359
6386
  function validateProductionSecurity(cfg) {
6360
6387
  const errors = [];
6361
6388
  if (process.env.NODE_ENV !== "production") return errors;
6362
- const sec = _optionalChain([cfg, 'optionalAccess', _708 => _708.security]);
6389
+ const sec = _optionalChain([cfg, 'optionalAccess', _713 => _713.security]);
6363
6390
  if (!sec || typeof sec !== "object") {
6364
6391
  errors.push("\u751F\u4EA7\u73AF\u5883\u5FC5\u987B\u914D\u7F6E security \u5BF9\u8C61");
6365
6392
  return errors;
@@ -6370,7 +6397,7 @@ function validateProductionSecurity(cfg) {
6370
6397
  if (sec.allowRegister === 1) {
6371
6398
  errors.push("\u751F\u4EA7\u73AF\u5883 security.allowRegister \u5E94\u4E3A 0\uFF08CR 1.3 \u7981\u6B62\u5F00\u653E\u6CE8\u518C\uFF09");
6372
6399
  }
6373
- if (!_optionalChain([sec, 'access', _709 => _709.quota, 'optionalAccess', _710 => _710.enabled])) {
6400
+ if (!_optionalChain([sec, 'access', _714 => _714.quota, 'optionalAccess', _715 => _715.enabled])) {
6374
6401
  errors.push("\u751F\u4EA7\u73AF\u5883 security.quota.enabled \u5E94\u4E3A 1\uFF08CR 7.1 \u8D44\u6E90\u9650\u5236\uFF09");
6375
6402
  }
6376
6403
  if (sec.csp !== 1) {
@@ -6379,7 +6406,7 @@ function validateProductionSecurity(cfg) {
6379
6406
  if (typeof sec.minUserLevel !== "number" || sec.minUserLevel < 0) {
6380
6407
  errors.push("\u751F\u4EA7\u73AF\u5883 security.minUserLevel \u5E94\u663E\u5F0F\u914D\u7F6E");
6381
6408
  }
6382
- if (sec.forceWss === 1 && !_optionalChain([cfg, 'optionalAccess', _711 => _711.httpscert, 'optionalAccess', _712 => _712.keyPath]) && !_optionalChain([cfg, 'optionalAccess', _713 => _713.httpscert, 'optionalAccess', _714 => _714.key])) {
6409
+ if (sec.forceWss === 1 && !_optionalChain([cfg, 'optionalAccess', _716 => _716.httpscert, 'optionalAccess', _717 => _717.keyPath]) && !_optionalChain([cfg, 'optionalAccess', _718 => _718.httpscert, 'optionalAccess', _719 => _719.key])) {
6383
6410
  errors.push("\u751F\u4EA7\u73AF\u5883 security.forceWss=1 \u65F6\u9700\u914D\u7F6E HTTPS \u8BC1\u4E66");
6384
6411
  }
6385
6412
  return errors;
@@ -6398,12 +6425,12 @@ var DEFAULT_RECONNECT = {
6398
6425
  rs485: { enabled: true, maxRetries: 60, initialDelay: 3e3, maxDelay: 3e4, factor: 2 }
6399
6426
  };
6400
6427
  function getTransportBlock(cfg, kind) {
6401
- const block = _optionalChain([cfg, 'optionalAccess', _715 => _715[kind]]);
6428
+ const block = _optionalChain([cfg, 'optionalAccess', _720 => _720[kind]]);
6402
6429
  return block && typeof block === "object" ? block : null;
6403
6430
  }
6404
6431
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getTransportBlock, "getTransportBlock");
6405
6432
  function getTransportDefault(cfg, kind) {
6406
- const def = _optionalChain([getTransportBlock, 'call', _716 => _716(cfg, kind), 'optionalAccess', _717 => _717.default]);
6433
+ const def = _optionalChain([getTransportBlock, 'call', _721 => _721(cfg, kind), 'optionalAccess', _722 => _722.default]);
6407
6434
  return def && typeof def === "object" ? def : null;
6408
6435
  }
6409
6436
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getTransportDefault, "getTransportDefault");
@@ -6413,7 +6440,7 @@ function hasTransportDefault(cfg, kind) {
6413
6440
  _chunkSMVZ3ZDJcjs.__name.call(void 0, hasTransportDefault, "hasTransportDefault");
6414
6441
  function getDefaultConnId(cfg, kind) {
6415
6442
  const def = getTransportDefault(cfg, kind);
6416
- const id = _optionalChain([def, 'optionalAccess', _718 => _718.id]);
6443
+ const id = _optionalChain([def, 'optionalAccess', _723 => _723.id]);
6417
6444
  return typeof id === "string" && id.length > 0 ? id : DEFAULT_CONN_ID[kind];
6418
6445
  }
6419
6446
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getDefaultConnId, "getDefaultConnId");
@@ -6424,14 +6451,14 @@ function shouldAutoConnect(def) {
6424
6451
  _chunkSMVZ3ZDJcjs.__name.call(void 0, shouldAutoConnect, "shouldAutoConnect");
6425
6452
  function resolveReconnectOptions(def, kind, cfg) {
6426
6453
  const base = DEFAULT_RECONNECT[kind];
6427
- const rc = _optionalChain([def, 'optionalAccess', _719 => _719.reconnect]);
6428
- const tmMaxTry = _optionalChain([cfg, 'optionalAccess', _720 => _720.tm, 'optionalAccess', _721 => _721.maxtry]);
6454
+ const rc = _optionalChain([def, 'optionalAccess', _724 => _724.reconnect]);
6455
+ const tmMaxTry = _optionalChain([cfg, 'optionalAccess', _725 => _725.tm, 'optionalAccess', _726 => _726.maxtry]);
6429
6456
  return {
6430
- enabled: _optionalChain([rc, 'optionalAccess', _722 => _722.enabled]) !== false && base.enabled !== false,
6431
- maxRetries: _nullishCoalesce(_nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _723 => _723.maxRetries]), () => ( tmMaxTry)), () => ( base.maxRetries)), () => ( 60)),
6432
- initialDelay: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _724 => _724.initialDelay]), () => ( base.initialDelay)), () => ( 1e3)),
6433
- maxDelay: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _725 => _725.maxDelay]), () => ( base.maxDelay)), () => ( 3e4)),
6434
- factor: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _726 => _726.factor]), () => ( base.factor)), () => ( 2))
6457
+ enabled: _optionalChain([rc, 'optionalAccess', _727 => _727.enabled]) !== false && base.enabled !== false,
6458
+ maxRetries: _nullishCoalesce(_nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _728 => _728.maxRetries]), () => ( tmMaxTry)), () => ( base.maxRetries)), () => ( 60)),
6459
+ initialDelay: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _729 => _729.initialDelay]), () => ( base.initialDelay)), () => ( 1e3)),
6460
+ maxDelay: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _730 => _730.maxDelay]), () => ( base.maxDelay)), () => ( 3e4)),
6461
+ factor: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _731 => _731.factor]), () => ( base.factor)), () => ( 2))
6435
6462
  };
6436
6463
  }
6437
6464
  _chunkSMVZ3ZDJcjs.__name.call(void 0, resolveReconnectOptions, "resolveReconnectOptions");
@@ -6484,13 +6511,13 @@ function createTransportDataHandler($asai, manager) {
6484
6511
  } catch (e51) {
6485
6512
  }
6486
6513
  }
6487
- if (_optionalChain([event, 'access', _727 => _727.data, 'optionalAccess', _728 => _728.id])) {
6514
+ if (_optionalChain([event, 'access', _732 => _732.data, 'optionalAccess', _733 => _733.id])) {
6488
6515
  manager.watch(event.id, event.data);
6489
6516
  return;
6490
6517
  }
6491
6518
  try {
6492
- const wsKey = _optionalChain([$asai, 'optionalAccess', _729 => _729.command, 'optionalAccess', _730 => _730.commandconfig, 'optionalAccess', _731 => _731.config, 'optionalAccess', _732 => _732.commandclient]);
6493
- _optionalChain([$asai, 'access', _733 => _733.serversws, 'optionalAccess', _734 => _734[wsKey], 'optionalAccess', _735 => _735.broadws, 'optionalCall', _736 => _736(event.data)]);
6519
+ const wsKey = _optionalChain([$asai, 'optionalAccess', _734 => _734.command, 'optionalAccess', _735 => _735.commandconfig, 'optionalAccess', _736 => _736.config, 'optionalAccess', _737 => _737.commandclient]);
6520
+ _optionalChain([$asai, 'access', _738 => _738.serversws, 'optionalAccess', _739 => _739[wsKey], 'optionalAccess', _740 => _740.broadws, 'optionalCall', _741 => _741(event.data)]);
6494
6521
  } catch (e52) {
6495
6522
  }
6496
6523
  };
@@ -6563,7 +6590,7 @@ var initAsaiHostNodejs2 = {
6563
6590
  createTransportDataHandler,
6564
6591
  wireTransportConnectionLogs
6565
6592
  };
6566
- var PLUGIN_VERSION = true ? "0.0.6" : "0.0.1";
6593
+ var PLUGIN_VERSION = true ? "0.0.8" : "0.0.1";
6567
6594
  var index_default = initAsaiHostNodejs2;
6568
6595
 
6569
6596