asaihost-nodejs 0.0.6 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -399,7 +399,7 @@ var LogBuffer = class _LogBuffer {
399
399
  }
400
400
  };
401
401
  function saveLog($asai, src, logstr) {
402
- return new Promise((resolve5, reject) => {
402
+ return new Promise((resolve6, reject) => {
403
403
  try {
404
404
  const bufferKey = `${$asai.id || "default"}_${src}`;
405
405
  let logBuffer = logBuffers.get(bufferKey);
@@ -408,7 +408,7 @@ function saveLog($asai, src, logstr) {
408
408
  logBuffers.set(bufferKey, logBuffer);
409
409
  }
410
410
  logBuffer.add(logstr);
411
- resolve5();
411
+ resolve6();
412
412
  } catch (err) {
413
413
  console.error(err);
414
414
  reject(err);
@@ -815,7 +815,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, checkNtpOffset, "checkNtpOffset");
815
815
  // src/infra/config-integrity.ts
816
816
  var _crypto = require('crypto'); var _crypto2 = _interopRequireDefault(_crypto);
817
817
  var _fs = require('fs'); var fs3 = _interopRequireWildcard(_fs); var fs6 = _interopRequireWildcard(_fs); var fs4 = _interopRequireWildcard(_fs); var fs5 = _interopRequireWildcard(_fs); var fs8 = _interopRequireWildcard(_fs); var fs10 = _interopRequireWildcard(_fs);
818
- var _path = require('path'); var nodePath2 = _interopRequireWildcard(_path); var path2 = _interopRequireWildcard(_path); var nodePath = _interopRequireWildcard(_path); var nodePath3 = _interopRequireWildcard(_path); var path5 = _interopRequireWildcard(_path); var path6 = _interopRequireWildcard(_path);
818
+ var _path = require('path'); var nodePath2 = _interopRequireWildcard(_path); var path2 = _interopRequireWildcard(_path); var nodePath = _interopRequireWildcard(_path); var nodePath3 = _interopRequireWildcard(_path); var path4 = _interopRequireWildcard(_path); var path6 = _interopRequireWildcard(_path); var path7 = _interopRequireWildcard(_path);
819
819
  function computeConfigHash(configPath) {
820
820
  try {
821
821
  const raw = fs3.default.readFileSync(configPath);
@@ -940,13 +940,86 @@ function deUserInfoWithAsai(userinfo, $asai) {
940
940
  }
941
941
  _chunkSMVZ3ZDJcjs.__name.call(void 0, deUserInfoWithAsai, "deUserInfoWithAsai");
942
942
 
943
+ // src/ws/ws-probe.ts
944
+
945
+ function isWsStillActive(ws2) {
946
+ if (!ws2) return false;
947
+ const state = ws2.readyState;
948
+ return state === _ws.WebSocket.CONNECTING || state === _ws.WebSocket.OPEN;
949
+ }
950
+ _chunkSMVZ3ZDJcjs.__name.call(void 0, isWsStillActive, "isWsStillActive");
951
+ function getWsProbeTimeoutMs($asai) {
952
+ return _optionalChain([$asai, 'optionalAccess', _109 => _109.hostconfig, 'optionalAccess', _110 => _110.tm, 'optionalAccess', _111 => _111.d]) || 3e3;
953
+ }
954
+ _chunkSMVZ3ZDJcjs.__name.call(void 0, getWsProbeTimeoutMs, "getWsProbeTimeoutMs");
955
+ function probeWsAlive($asai, wsclient, timeoutMs) {
956
+ const waitMs = _nullishCoalesce(timeoutMs, () => ( getWsProbeTimeoutMs($asai)));
957
+ return new Promise((resolve6) => {
958
+ if (!wsclient || !isWsStillActive(wsclient)) {
959
+ resolve6(false);
960
+ return;
961
+ }
962
+ let settled = false;
963
+ const finish = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (alive) => {
964
+ if (settled) return;
965
+ settled = true;
966
+ clearTimeout(timer);
967
+ try {
968
+ _optionalChain([wsclient, 'access', _112 => _112.off, 'optionalCall', _113 => _113("message", onMessage)]);
969
+ } catch (e16) {
970
+ }
971
+ resolve6(alive);
972
+ }, "finish");
973
+ const onMessage = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, () => finish(true), "onMessage");
974
+ const timer = setTimeout(() => finish(false), waitMs);
975
+ try {
976
+ _optionalChain([wsclient, 'access', _114 => _114.once, 'optionalCall', _115 => _115("message", onMessage)]);
977
+ wsclient.send(JSON.stringify({ ty: "publish/web", db: "pong" }));
978
+ } catch (e17) {
979
+ finish(false);
980
+ }
981
+ });
982
+ }
983
+ _chunkSMVZ3ZDJcjs.__name.call(void 0, probeWsAlive, "probeWsAlive");
984
+ function terminateWs(wsclient) {
985
+ if (!wsclient) return;
986
+ try {
987
+ _optionalChain([wsclient, 'access', _116 => _116.terminate, 'optionalCall', _117 => _117()]);
988
+ } catch (e18) {
989
+ }
990
+ try {
991
+ _optionalChain([wsclient, 'access', _118 => _118.close, 'optionalCall', _119 => _119()]);
992
+ } catch (e19) {
993
+ }
994
+ }
995
+ _chunkSMVZ3ZDJcjs.__name.call(void 0, terminateWs, "terminateWs");
996
+ async function clearStaleWsIfDead($asai, hostdir, us, existingWs) {
997
+ if (!us || us === "asai") return true;
998
+ const map = _optionalChain([$asai, 'access', _120 => _120.connectionsws, 'optionalAccess', _121 => _121[hostdir]]);
999
+ if (!existingWs) {
1000
+ if (_optionalChain([map, 'optionalAccess', _122 => _122[us]])) delete map[us];
1001
+ return true;
1002
+ }
1003
+ if (!isWsStillActive(existingWs)) {
1004
+ terminateWs(existingWs);
1005
+ if (_optionalChain([map, 'optionalAccess', _123 => _123[us]]) === existingWs) delete map[us];
1006
+ return true;
1007
+ }
1008
+ const alive = await probeWsAlive($asai, existingWs);
1009
+ if (alive) return false;
1010
+ terminateWs(existingWs);
1011
+ if (_optionalChain([map, 'optionalAccess', _124 => _124[us]]) === existingWs) delete map[us];
1012
+ return true;
1013
+ }
1014
+ _chunkSMVZ3ZDJcjs.__name.call(void 0, clearStaleWsIfDead, "clearStaleWsIfDead");
1015
+
943
1016
  // src/ws/auth.ts
944
1017
  function getWsUserinfo(req, $asai) {
945
1018
  try {
946
- const raw = _optionalChain([req, 'access', _109 => _109.headers, 'optionalAccess', _110 => _110["sec-websocket-protocol"]]);
1019
+ const raw = _optionalChain([req, 'access', _125 => _125.headers, 'optionalAccess', _126 => _126["sec-websocket-protocol"]]);
947
1020
  if (!raw) return null;
948
1021
  return deUserInfoWithAsai(raw.split("##"), $asai);
949
- } catch (e16) {
1022
+ } catch (e20) {
950
1023
  return null;
951
1024
  }
952
1025
  }
@@ -960,7 +1033,7 @@ function listOnlineWsUsers($asai, hostdir) {
960
1033
  if (!us || us === "asai") continue;
961
1034
  if (isWsStillActive(ws2)) {
962
1035
  users.push(us);
963
- } else if (_optionalChain([map, 'access', _111 => _111[dir], 'optionalAccess', _112 => _112[us]]) === ws2) {
1036
+ } else if (_optionalChain([map, 'access', _127 => _127[dir], 'optionalAccess', _128 => _128[us]]) === ws2) {
964
1037
  delete map[dir][us];
965
1038
  }
966
1039
  }
@@ -973,10 +1046,10 @@ function isUserOnlineOnWs($asai, us, hostdir) {
973
1046
  const map = $asai.connectionsws || {};
974
1047
  const dirs = hostdir ? [hostdir] : Object.keys(map);
975
1048
  for (const dir of dirs) {
976
- const ws2 = _optionalChain([map, 'access', _113 => _113[dir], 'optionalAccess', _114 => _114[us]]);
1049
+ const ws2 = _optionalChain([map, 'access', _129 => _129[dir], 'optionalAccess', _130 => _130[us]]);
977
1050
  if (!ws2) continue;
978
1051
  if (isWsStillActive(ws2)) return true;
979
- if (_optionalChain([map, 'access', _115 => _115[dir], 'optionalAccess', _116 => _116[us]]) === ws2) delete map[dir][us];
1052
+ if (_optionalChain([map, 'access', _131 => _131[dir], 'optionalAccess', _132 => _132[us]]) === ws2) delete map[dir][us];
980
1053
  }
981
1054
  return false;
982
1055
  }
@@ -986,13 +1059,13 @@ function kickUserWs($asai, us, hostdir) {
986
1059
  const map = $asai.connectionsws || {};
987
1060
  const dirs = hostdir ? [hostdir] : Object.keys(map);
988
1061
  for (const dir of dirs) {
989
- const ws2 = _optionalChain([map, 'access', _117 => _117[dir], 'optionalAccess', _118 => _118[us]]);
1062
+ const ws2 = _optionalChain([map, 'access', _133 => _133[dir], 'optionalAccess', _134 => _134[us]]);
990
1063
  if (!ws2) continue;
991
1064
  try {
992
1065
  ws2.close();
993
- } catch (e17) {
1066
+ } catch (e21) {
994
1067
  }
995
- if (_optionalChain([map, 'access', _119 => _119[dir], 'optionalAccess', _120 => _120[us]]) === ws2) delete map[dir][us];
1068
+ if (_optionalChain([map, 'access', _135 => _135[dir], 'optionalAccess', _136 => _136[us]]) === ws2) delete map[dir][us];
996
1069
  }
997
1070
  }
998
1071
  _chunkSMVZ3ZDJcjs.__name.call(void 0, kickUserWs, "kickUserWs");
@@ -1002,42 +1075,36 @@ async function removeSessionOnWsClose($asai, us, token) {
1002
1075
  const sessions = await store.getSessions();
1003
1076
  const match = sessions.find((s) => s.us === us && s.pub === token);
1004
1077
  if (match) await store.removeSession(match.id);
1005
- } catch (e18) {
1078
+ } catch (e22) {
1006
1079
  }
1007
1080
  }
1008
1081
  _chunkSMVZ3ZDJcjs.__name.call(void 0, removeSessionOnWsClose, "removeSessionOnWsClose");
1009
- function isWsStillActive(ws2) {
1010
- if (!ws2) return false;
1011
- const state = ws2.readyState;
1012
- return state === _ws.WebSocket.CONNECTING || state === _ws.WebSocket.OPEN;
1013
- }
1014
- _chunkSMVZ3ZDJcjs.__name.call(void 0, isWsStillActive, "isWsStillActive");
1015
1082
  function rejectIncomingWs(ws2, db) {
1016
1083
  const payload = JSON.stringify({ ty: "publish/web", db: { exit: 1, type: "err", ...db } });
1017
1084
  try {
1018
1085
  ws2.send(payload, () => {
1019
1086
  try {
1020
1087
  ws2.close();
1021
- } catch (e19) {
1088
+ } catch (e23) {
1022
1089
  }
1023
1090
  });
1024
- } catch (e20) {
1091
+ } catch (e24) {
1025
1092
  try {
1026
1093
  ws2.close();
1027
- } catch (e21) {
1094
+ } catch (e25) {
1028
1095
  }
1029
1096
  }
1030
1097
  }
1031
1098
  _chunkSMVZ3ZDJcjs.__name.call(void 0, rejectIncomingWs, "rejectIncomingWs");
1032
- function isOkWs($asai, hostdir, ws2, _req, hostcfg) {
1099
+ async function isOkWs($asai, hostdir, ws2, _req, hostcfg) {
1033
1100
  const [us, , tk] = ws2.Userinfo || [];
1034
1101
  if (!us) {
1035
1102
  ws2.close();
1036
1103
  return false;
1037
1104
  }
1038
- if (us !== "asai" && _optionalChain([$asai, 'access', _121 => _121.connectionsws, 'access', _122 => _122[hostdir], 'optionalAccess', _123 => _123[us]])) {
1105
+ if (us !== "asai" && _optionalChain([$asai, 'access', _137 => _137.connectionsws, 'access', _138 => _138[hostdir], 'optionalAccess', _139 => _139[us]])) {
1039
1106
  const existingWs = $asai.connectionsws[hostdir][us];
1040
- if (_optionalChain([existingWs, 'optionalAccess', _124 => _124.Userinfo, 'optionalAccess', _125 => _125[2]]) === tk) {
1107
+ if (_optionalChain([existingWs, 'optionalAccess', _140 => _140.Userinfo, 'optionalAccess', _141 => _141[2]]) === tk) {
1041
1108
  if (isWsStillActive(existingWs)) {
1042
1109
  rejectIncomingWs(ws2, {
1043
1110
  lang: "pageworking",
@@ -1048,22 +1115,26 @@ function isOkWs($asai, hostdir, ws2, _req, hostcfg) {
1048
1115
  }
1049
1116
  try {
1050
1117
  existingWs.close();
1051
- } catch (e22) {
1118
+ } catch (e26) {
1052
1119
  }
1053
1120
  delete $asai.connectionsws[hostdir][us];
1054
1121
  return true;
1055
1122
  }
1056
- rejectIncomingWs(ws2, {
1057
- lang: "logged",
1058
- langpm: `${us}`,
1059
- con: `${us} logged in!`
1060
- });
1061
- return false;
1123
+ const cleared = await clearStaleWsIfDead($asai, hostdir, us, existingWs);
1124
+ if (!cleared) {
1125
+ rejectIncomingWs(ws2, {
1126
+ lang: "logged",
1127
+ langpm: `${us}`,
1128
+ con: `${us} logged in!`
1129
+ });
1130
+ return false;
1131
+ }
1132
+ return true;
1062
1133
  }
1063
1134
  if (us !== "asai") {
1064
1135
  const connections = $asai.connectionsws[hostdir] || {};
1065
1136
  const sameTkWs = Object.values(connections).find(
1066
- (item) => _optionalChain([item, 'access', _126 => _126.Userinfo, 'optionalAccess', _127 => _127[2]]) === tk && _optionalChain([item, 'access', _128 => _128.Userinfo, 'optionalAccess', _129 => _129[0]]) !== us
1137
+ (item) => _optionalChain([item, 'access', _142 => _142.Userinfo, 'optionalAccess', _143 => _143[2]]) === tk && _optionalChain([item, 'access', _144 => _144.Userinfo, 'optionalAccess', _145 => _145[0]]) !== us
1067
1138
  );
1068
1139
  const maxOnline = hostcfg.maxonline || 100;
1069
1140
  if (sameTkWs) {
@@ -1097,15 +1168,15 @@ function loginWs($asai, hostdir, ws2, req, hostcfg, wsWorkHandler, logWsMessage)
1097
1168
  }
1098
1169
  ws2.on("message", (msg) => {
1099
1170
  if (logWsMessage) $asai.$log("WS", "message", msg.toString());
1100
- _optionalChain([wsWorkHandler, 'optionalCall', _130 => _130(msg, ws2, hostdir, req)]);
1171
+ _optionalChain([wsWorkHandler, 'optionalCall', _146 => _146(msg, ws2, hostdir, req)]);
1101
1172
  });
1102
1173
  ws2.on("close", () => {
1103
- const token = _optionalChain([ws2, 'access', _131 => _131.Userinfo, 'optionalAccess', _132 => _132[2]]);
1174
+ const token = _optionalChain([ws2, 'access', _147 => _147.Userinfo, 'optionalAccess', _148 => _148[2]]);
1104
1175
  if (hostcfg.ckws && ws2.tasksws) {
1105
1176
  Object.values(ws2.tasksws).forEach((el) => el && clearInterval(el));
1106
1177
  ws2.tasksws = void 0;
1107
1178
  }
1108
- if (us && _optionalChain([$asai, 'access', _133 => _133.connectionsws, 'access', _134 => _134[hostdir], 'optionalAccess', _135 => _135[us]]) === ws2) delete $asai.connectionsws[hostdir][us];
1179
+ if (us && _optionalChain([$asai, 'access', _149 => _149.connectionsws, 'access', _150 => _150[hostdir], 'optionalAccess', _151 => _151[us]]) === ws2) delete $asai.connectionsws[hostdir][us];
1109
1180
  if (us && token && !isUserOnlineOnWs($asai, us, hostdir)) {
1110
1181
  void removeSessionOnWsClose($asai, us, String(token));
1111
1182
  }
@@ -1129,7 +1200,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, clearWsServerTasks, "clearWsServerTasks");
1129
1200
  function resWsMsg(msg, $asai) {
1130
1201
  if (msg === "ping" || msg === "pong") return msg;
1131
1202
  if (typeof msg !== "object" || msg === null) return msg;
1132
- if ((_optionalChain([msg, 'optionalAccess', _136 => _136.aes]) || _optionalChain([$asai, 'access', _137 => _137.$lib, 'access', _138 => _138.aesfns, 'optionalAccess', _139 => _139.allaes])) && _optionalChain([msg, 'optionalAccess', _140 => _140.db]) && _optionalChain([$asai, 'access', _141 => _141.$lib, 'optionalAccess', _142 => _142.aesfns, 'optionalAccess', _143 => _143.resAES])) {
1203
+ if ((_optionalChain([msg, 'optionalAccess', _152 => _152.aes]) || _optionalChain([$asai, 'access', _153 => _153.$lib, 'access', _154 => _154.aesfns, 'optionalAccess', _155 => _155.allaes])) && _optionalChain([msg, 'optionalAccess', _156 => _156.db]) && _optionalChain([$asai, 'access', _157 => _157.$lib, 'optionalAccess', _158 => _158.aesfns, 'optionalAccess', _159 => _159.resAES])) {
1133
1204
  msg.db = $asai.$lib.aesfns.resAES(msg.db);
1134
1205
  }
1135
1206
  return JSON.stringify(msg);
@@ -1151,7 +1222,7 @@ function attachWssHelpers(wss, $asai) {
1151
1222
  wss.broadws = (msg) => {
1152
1223
  const data = resWsMsg(msg, $asai);
1153
1224
  wss.clients.forEach((client) => {
1154
- if (_optionalChain([client, 'optionalAccess', _144 => _144.readyState]) === _ws.WebSocket.OPEN) client.send(data);
1225
+ if (_optionalChain([client, 'optionalAccess', _160 => _160.readyState]) === _ws.WebSocket.OPEN) client.send(data);
1155
1226
  });
1156
1227
  };
1157
1228
  }
@@ -1164,7 +1235,7 @@ var apiPerIp = /* @__PURE__ */ new Map();
1164
1235
  var apiRatePerIp = /* @__PURE__ */ new Map();
1165
1236
  var wsPerIp = /* @__PURE__ */ new Map();
1166
1237
  function getQuota($asai) {
1167
- return _optionalChain([$asai, 'optionalAccess', _145 => _145.hostconfig, 'optionalAccess', _146 => _146.security, 'optionalAccess', _147 => _147.quota]) || {};
1238
+ return _optionalChain([$asai, 'optionalAccess', _161 => _161.hostconfig, 'optionalAccess', _162 => _162.security, 'optionalAccess', _163 => _163.quota]) || {};
1168
1239
  }
1169
1240
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getQuota, "getQuota");
1170
1241
  function isEnabled($asai) {
@@ -1254,7 +1325,7 @@ function getMaxWebConnections($asai, hostcfg) {
1254
1325
  const q = getQuota($asai);
1255
1326
  const fromQuota = Number(q.maxWebConnections);
1256
1327
  if (fromQuota > 0) return fromQuota;
1257
- return Number(_optionalChain([hostcfg, 'optionalAccess', _148 => _148.maxws])) > 0 ? Number(hostcfg.maxws) : 100;
1328
+ return Number(_optionalChain([hostcfg, 'optionalAccess', _164 => _164.maxws])) > 0 ? Number(hostcfg.maxws) : 100;
1258
1329
  }
1259
1330
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getMaxWebConnections, "getMaxWebConnections");
1260
1331
  function countActiveWsConnections(wss, incoming, $asai, hostdir, hostcfg, userinfo) {
@@ -1264,12 +1335,12 @@ function countActiveWsConnections(wss, incoming, $asai, hostdir, hostcfg, userin
1264
1335
  if (client === incoming) continue;
1265
1336
  if (client.readyState === _ws.WebSocket.CLOSED || client.readyState === _ws.WebSocket.CLOSING) continue;
1266
1337
  const cInfo = client.Userinfo;
1267
- const cUs = _optionalChain([cInfo, 'optionalAccess', _149 => _149[0]]);
1268
- const cTk = _optionalChain([cInfo, 'optionalAccess', _150 => _150[2]]);
1338
+ const cUs = _optionalChain([cInfo, 'optionalAccess', _165 => _165[0]]);
1339
+ const cTk = _optionalChain([cInfo, 'optionalAccess', _166 => _166[2]]);
1269
1340
  if (us && tk && cUs === us && cTk === tk) continue;
1270
- if (_optionalChain([hostcfg, 'optionalAccess', _151 => _151.ckws]) && us && tk) {
1271
- const existing = _optionalChain([$asai, 'optionalAccess', _152 => _152.connectionsws, 'optionalAccess', _153 => _153[hostdir], 'optionalAccess', _154 => _154[us]]);
1272
- if (existing === client && _optionalChain([existing, 'optionalAccess', _155 => _155.Userinfo, 'optionalAccess', _156 => _156[2]]) === tk) continue;
1341
+ if (_optionalChain([hostcfg, 'optionalAccess', _167 => _167.ckws]) && us && tk) {
1342
+ const existing = _optionalChain([$asai, 'optionalAccess', _168 => _168.connectionsws, 'optionalAccess', _169 => _169[hostdir], 'optionalAccess', _170 => _170[us]]);
1343
+ if (existing === client && _optionalChain([existing, 'optionalAccess', _171 => _171.Userinfo, 'optionalAccess', _172 => _172[2]]) === tk) continue;
1273
1344
  }
1274
1345
  count += 1;
1275
1346
  }
@@ -1281,7 +1352,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, countActiveWsConnections, "countActiveWsCo
1281
1352
  function createWSHost($asai, hostdir) {
1282
1353
  const hostcfg = getHostCFG(hostdir, $asai);
1283
1354
  const wsWorkHandler = getWorkHandler("wsWork");
1284
- const logWsMessage = !!_optionalChain([$asai, 'access', _157 => _157.hostconfig, 'access', _158 => _158.logger, 'optionalAccess', _159 => _159.lv, 'optionalAccess', _160 => _160.view]);
1355
+ const logWsMessage = !!_optionalChain([$asai, 'access', _173 => _173.hostconfig, 'access', _174 => _174.logger, 'optionalAccess', _175 => _175.lv, 'optionalAccess', _176 => _176.view]);
1285
1356
  try {
1286
1357
  if ($asai.serversws[hostdir]) return;
1287
1358
  if (hostcfg.ckws && !$asai.connectionsws[hostdir]) {
@@ -1293,14 +1364,14 @@ function createWSHost($asai, hostdir) {
1293
1364
  wss.on("error", (err) => {
1294
1365
  clearWsServerTasks($asai, hostdir);
1295
1366
  $asai.$log("WS", "WS Server error!", err);
1296
- _optionalChain([wss, 'access', _161 => _161.close, 'optionalCall', _162 => _162(() => {
1367
+ _optionalChain([wss, 'access', _177 => _177.close, 'optionalCall', _178 => _178(() => {
1297
1368
  $asai.$log("WS", "WS Server closed");
1298
1369
  delete $asai.serversws[hostdir];
1299
1370
  })]);
1300
1371
  });
1301
1372
  wss.on("close", (code, reason) => {
1302
1373
  try {
1303
- $asai.$log("WS", `WebSocket closed, server ${hostdir}, code: ${code}, reason: ${_optionalChain([reason, 'optionalAccess', _163 => _163.toString, 'call', _164 => _164()])}`);
1374
+ $asai.$log("WS", `WebSocket closed, server ${hostdir}, code: ${code}, reason: ${_optionalChain([reason, 'optionalAccess', _179 => _179.toString, 'call', _180 => _180()])}`);
1304
1375
  clearWsServerTasks($asai, hostdir);
1305
1376
  } catch (err) {
1306
1377
  $asai.$log("WS", "WS close handler error:", err);
@@ -1331,12 +1402,14 @@ function createWSHost($asai, hostdir) {
1331
1402
  ws2.send(wsmsg, () => ws2.close(1013, "Server busy"));
1332
1403
  return;
1333
1404
  }
1334
- const isOpen = !hostcfg.ckws || isOkWs($asai, hostdir, ws2, req, hostcfg);
1335
- if (isOpen) {
1336
- loginWs($asai, hostdir, ws2, req, hostcfg, wsWorkHandler, logWsMessage);
1337
- } else {
1338
- ws2.close();
1339
- }
1405
+ void (async () => {
1406
+ const isOpen = !hostcfg.ckws || await isOkWs($asai, hostdir, ws2, req, hostcfg);
1407
+ if (isOpen) {
1408
+ loginWs($asai, hostdir, ws2, req, hostcfg, wsWorkHandler, logWsMessage);
1409
+ } else {
1410
+ ws2.close();
1411
+ }
1412
+ })();
1340
1413
  });
1341
1414
  $asai.serversws[hostdir] = wss;
1342
1415
  } catch (err) {
@@ -1388,7 +1461,7 @@ var StaticPathCache = class {
1388
1461
  const stat = fs3.statSync(entry.filePath);
1389
1462
  if (!stat.isFile() || stat.mtimeMs !== entry.mtimeMs) return null;
1390
1463
  return stat;
1391
- } catch (e23) {
1464
+ } catch (e27) {
1392
1465
  return null;
1393
1466
  }
1394
1467
  }
@@ -1407,8 +1480,8 @@ function applySecurityHeaders(res, isHttps = false, hostconfig) {
1407
1480
  if (isHttps) {
1408
1481
  res.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
1409
1482
  }
1410
- const sec = _optionalChain([hostconfig, 'optionalAccess', _165 => _165.security]);
1411
- if (_optionalChain([sec, 'optionalAccess', _166 => _166.csp])) {
1483
+ const sec = _optionalChain([hostconfig, 'optionalAccess', _181 => _181.security]);
1484
+ if (_optionalChain([sec, 'optionalAccess', _182 => _182.csp])) {
1412
1485
  const csp = typeof sec.cspPolicy === "string" && sec.cspPolicy.length > 0 ? sec.cspPolicy : DEFAULT_CSP;
1413
1486
  res.setHeader("Content-Security-Policy", csp);
1414
1487
  }
@@ -1416,9 +1489,9 @@ function applySecurityHeaders(res, isHttps = false, hostconfig) {
1416
1489
  _chunkSMVZ3ZDJcjs.__name.call(void 0, applySecurityHeaders, "applySecurityHeaders");
1417
1490
  function getHttpUserinfo(req, $asai) {
1418
1491
  try {
1419
- const userinfo = _optionalChain([req, 'access', _167 => _167.headers, 'optionalAccess', _168 => _168["userinfo"], 'optionalAccess', _169 => _169.split, 'call', _170 => _170("##")]);
1492
+ const userinfo = _optionalChain([req, 'access', _183 => _183.headers, 'optionalAccess', _184 => _184["userinfo"], 'optionalAccess', _185 => _185.split, 'call', _186 => _186("##")]);
1420
1493
  return deUserInfoWithAsai(userinfo, $asai);
1421
- } catch (e24) {
1494
+ } catch (e28) {
1422
1495
  return "";
1423
1496
  }
1424
1497
  }
@@ -1449,7 +1522,7 @@ function normalizeRequestPath(url) {
1449
1522
  }
1450
1523
  _chunkSMVZ3ZDJcjs.__name.call(void 0, normalizeRequestPath, "normalizeRequestPath");
1451
1524
  function createSkipChecker($asai) {
1452
- const skip = _optionalChain([$asai, 'access', _171 => _171.hostconfig, 'optionalAccess', _172 => _172.logger, 'optionalAccess', _173 => _173.skip]);
1525
+ const skip = _optionalChain([$asai, 'access', _187 => _187.hostconfig, 'optionalAccess', _188 => _188.logger, 'optionalAccess', _189 => _189.skip]);
1453
1526
  if (!Array.isArray(skip) || skip.length === 0) return () => false;
1454
1527
  const exact = /* @__PURE__ */ new Set();
1455
1528
  const prefixes = [];
@@ -1460,11 +1533,11 @@ function createSkipChecker($asai) {
1460
1533
  }
1461
1534
  if (exact.size === 0 && prefixes.length === 0) return () => false;
1462
1535
  return (url) => {
1463
- const path7 = normalizeRequestPath(url);
1464
- if (!path7) return false;
1465
- if (exact.has(path7)) return true;
1536
+ const path8 = normalizeRequestPath(url);
1537
+ if (!path8) return false;
1538
+ if (exact.has(path8)) return true;
1466
1539
  for (let i = 0; i < prefixes.length; i++) {
1467
- if (path7.startsWith(prefixes[i])) return true;
1540
+ if (path8.startsWith(prefixes[i])) return true;
1468
1541
  }
1469
1542
  return false;
1470
1543
  };
@@ -1485,7 +1558,7 @@ function attachAccessLog($asai, req, res, logType) {
1485
1558
  try {
1486
1559
  const entry = _chunkOCEBEEP5cjs.buildAccessEntry.call(void 0, req, res, logType);
1487
1560
  void $asai.appendAccessLog(_chunkOCEBEEP5cjs.formatCLF.call(void 0, entry), _chunkOCEBEEP5cjs.formatW3CAccessRecord.call(void 0, entry));
1488
- } catch (e25) {
1561
+ } catch (e29) {
1489
1562
  }
1490
1563
  }, "onFinish");
1491
1564
  if (res.writableEnded || res.finished) onFinish();
@@ -1544,7 +1617,7 @@ function findExistingFileUnderRoots(requestedPath, allowedRoots) {
1544
1617
  if (stat.isFile()) {
1545
1618
  return { filePath: absTarget, stat };
1546
1619
  }
1547
- } catch (e26) {
1620
+ } catch (e30) {
1548
1621
  }
1549
1622
  }
1550
1623
  return null;
@@ -1557,13 +1630,13 @@ function getHostAllowedRoots(hostconfig) {
1557
1630
  try {
1558
1631
  const abs = path2.resolve("./" + dir.replace(/\\/g, "/"));
1559
1632
  if (fs4.existsSync(abs)) roots.add(abs);
1560
- } catch (e27) {
1633
+ } catch (e31) {
1561
1634
  }
1562
1635
  }, "push");
1563
- for (const dir of _optionalChain([hostconfig, 'optionalAccess', _174 => _174.hostdirs]) || []) push(dir);
1636
+ for (const dir of _optionalChain([hostconfig, 'optionalAccess', _190 => _190.hostdirs]) || []) push(dir);
1564
1637
  push("webdata");
1565
1638
  push("websys");
1566
- if (_optionalChain([hostconfig, 'optionalAccess', _175 => _175.weburls, 'optionalAccess', _176 => _176.webdir])) push(hostconfig.weburls.webdir);
1639
+ if (_optionalChain([hostconfig, 'optionalAccess', _191 => _191.weburls, 'optionalAccess', _192 => _192.webdir])) push(hostconfig.weburls.webdir);
1567
1640
  const result = [];
1568
1641
  roots.forEach((r) => result.push(r));
1569
1642
  return result;
@@ -1594,7 +1667,7 @@ function getStaticBaseDirs($asai) {
1594
1667
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getStaticBaseDirs, "getStaticBaseDirs");
1595
1668
  function shouldForceHostdirs($asai) {
1596
1669
  if ($asai.pkgSnapshotDir) return true;
1597
- return _optionalChain([$asai, 'access', _177 => _177.hostconfig, 'optionalAccess', _178 => _178.pkg, 'optionalAccess', _179 => _179.type]) === 1;
1670
+ return _optionalChain([$asai, 'access', _193 => _193.hostconfig, 'optionalAccess', _194 => _194.pkg, 'optionalAccess', _195 => _195.type]) === 1;
1598
1671
  }
1599
1672
  _chunkSMVZ3ZDJcjs.__name.call(void 0, shouldForceHostdirs, "shouldForceHostdirs");
1600
1673
  function buildStaticSearchDirs(hostcfg, $asai) {
@@ -1615,12 +1688,12 @@ function buildStaticSearchDirs(hostcfg, $asai) {
1615
1688
  ordered.push(dir);
1616
1689
  return;
1617
1690
  }
1618
- } catch (e28) {
1691
+ } catch (e32) {
1619
1692
  }
1620
1693
  }
1621
1694
  }, "pushDir");
1622
1695
  for (const dir of hostcfg.hostdirs || []) pushDir(dir);
1623
- if (_optionalChain([hostcfg, 'access', _180 => _180.weburls, 'optionalAccess', _181 => _181.webdir])) pushDir(hostcfg.weburls.webdir);
1696
+ if (_optionalChain([hostcfg, 'access', _196 => _196.weburls, 'optionalAccess', _197 => _197.webdir])) pushDir(hostcfg.weburls.webdir);
1624
1697
  return ordered;
1625
1698
  }
1626
1699
  _chunkSMVZ3ZDJcjs.__name.call(void 0, buildStaticSearchDirs, "buildStaticSearchDirs");
@@ -1648,7 +1721,7 @@ function parseUrlPath(requrl) {
1648
1721
  if (!requrl) return "/";
1649
1722
  const safeUrl = requrl.startsWith("http") ? requrl : encodeURI(requrl);
1650
1723
  return new URL(safeUrl, "http://localhost").pathname;
1651
- } catch (e29) {
1724
+ } catch (e33) {
1652
1725
  return requrl;
1653
1726
  }
1654
1727
  }
@@ -1747,8 +1820,8 @@ function serveStaticFile(req, res, foundPath, mimeType, stat, $asai, urlPath = "
1747
1820
  _chunkSMVZ3ZDJcjs.__name.call(void 0, serveStaticFile, "serveStaticFile");
1748
1821
  function createStaticHandler(ctx) {
1749
1822
  const { hostcfg, hostdir, indexFile, $asai, staticPathCache } = ctx;
1750
- const hasRewrite = !!(_optionalChain([hostcfg, 'access', _182 => _182.weburls, 'optionalAccess', _183 => _183.rewrite]) && _optionalChain([hostcfg, 'access', _184 => _184.weburls, 'optionalAccess', _185 => _185.webdir]) && _optionalChain([hostcfg, 'access', _186 => _186.weburls, 'optionalAccess', _187 => _187.keys, 'optionalAccess', _188 => _188.length]));
1751
- const rewriteKeys = hasRewrite ? _optionalChain([hostcfg, 'access', _189 => _189.weburls, 'optionalAccess', _190 => _190.keys]) || [] : [];
1823
+ const hasRewrite = !!(_optionalChain([hostcfg, 'access', _198 => _198.weburls, 'optionalAccess', _199 => _199.rewrite]) && _optionalChain([hostcfg, 'access', _200 => _200.weburls, 'optionalAccess', _201 => _201.webdir]) && _optionalChain([hostcfg, 'access', _202 => _202.weburls, 'optionalAccess', _203 => _203.keys, 'optionalAccess', _204 => _204.length]));
1824
+ const rewriteKeys = hasRewrite ? _optionalChain([hostcfg, 'access', _205 => _205.weburls, 'optionalAccess', _206 => _206.keys]) || [] : [];
1752
1825
  const checkWebUrls = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (rurl) => {
1753
1826
  if (!hasRewrite || !rurl) return false;
1754
1827
  for (let i = 0; i < rewriteKeys.length; i++) {
@@ -1763,7 +1836,7 @@ function createStaticHandler(ctx) {
1763
1836
  const roots = rhostdirs.join("|") === primaryDirs.join("|") ? buildStaticRoots(primaryDirs, $asai) : buildStaticRoots(rhostdirs, $asai);
1764
1837
  const findValidFile = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (urlPath) => {
1765
1838
  const hit = staticPathCache.get(cacheKey);
1766
- if (_optionalChain([hit, 'optionalAccess', _191 => _191.is404])) return null;
1839
+ if (_optionalChain([hit, 'optionalAccess', _207 => _207.is404])) return null;
1767
1840
  if (hit && !hit.is404) {
1768
1841
  const verified = staticPathCache.verify(hit);
1769
1842
  if (verified) return { filePath: hit.filePath, stat: verified };
@@ -1787,7 +1860,7 @@ function createStaticHandler(ctx) {
1787
1860
  showHostDirs(req, res, [hostcfg.weburls.webdir], "/" + indexFile, primaryDirs, rtm + 1);
1788
1861
  return;
1789
1862
  }
1790
- const mimeType = _optionalChain([hostcfg, 'access', _192 => _192.mimetypes, 'optionalAccess', _193 => _193[nodePath2.extname(found.filePath)]]) || "application/octet-stream";
1863
+ const mimeType = _optionalChain([hostcfg, 'access', _208 => _208.mimetypes, 'optionalAccess', _209 => _209[nodePath2.extname(found.filePath)]]) || "application/octet-stream";
1791
1864
  serveStaticFile(req, res, found.filePath, mimeType, found.stat, $asai, processedUrl);
1792
1865
  }, "showHostDirs");
1793
1866
  return (req, res, url) => {
@@ -1812,7 +1885,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, createStaticHandler, "createStaticHandler"
1812
1885
  function setupHttpConnectionMonitor($asai, hostdir, server, hostcfg) {
1813
1886
  const maxHttp = hostcfg.maxhttp || 100;
1814
1887
  const monitorInterval = setInterval(() => {
1815
- const connCount = _optionalChain([$asai, 'access', _194 => _194.connectionshttp, 'access', _195 => _195[hostdir], 'optionalAccess', _196 => _196.size]) || 0;
1888
+ const connCount = _optionalChain([$asai, 'access', _210 => _210.connectionshttp, 'access', _211 => _211[hostdir], 'optionalAccess', _212 => _212.size]) || 0;
1816
1889
  if (connCount > maxHttp * 0.8) {
1817
1890
  $asai.$log("HTTP", `HTTP Connection HIGH (${connCount}/${maxHttp})`);
1818
1891
  }
@@ -1883,10 +1956,10 @@ function findListeningPids(port) {
1883
1956
  stdio: ["pipe", "pipe", "ignore"]
1884
1957
  });
1885
1958
  return out.split(/\r?\n/).map((s) => parseInt(s.trim(), 10)).filter((n) => n > 0);
1886
- } catch (e30) {
1959
+ } catch (e34) {
1887
1960
  return [];
1888
1961
  }
1889
- } catch (e31) {
1962
+ } catch (e35) {
1890
1963
  return [];
1891
1964
  }
1892
1965
  }
@@ -1897,10 +1970,10 @@ function formatOccupants(port, exclude) {
1897
1970
  }
1898
1971
  _chunkSMVZ3ZDJcjs.__name.call(void 0, formatOccupants, "formatOccupants");
1899
1972
  function releasePort(port, opts) {
1900
- const exclude = _nullishCoalesce(_optionalChain([opts, 'optionalAccess', _197 => _197.excludePid]), () => ( OWN_PID));
1973
+ const exclude = _nullishCoalesce(_optionalChain([opts, 'optionalAccess', _213 => _213.excludePid]), () => ( OWN_PID));
1901
1974
  const occupants = formatOccupants(port, exclude);
1902
1975
  if (!occupants) return true;
1903
- const label = _optionalChain([opts, 'optionalAccess', _198 => _198.label]) ? `[${opts.label}] ` : "";
1976
+ const label = _optionalChain([opts, 'optionalAccess', _214 => _214.label]) ? `[${opts.label}] ` : "";
1904
1977
  console.warn(
1905
1978
  `[AsaiHostNodejs] ${label}\u7AEF\u53E3 ${port} \u88AB\u5360\u7528\uFF08PID: ${occupants}\uFF09\uFF0C\u8BF7\u624B\u52A8\u7ED3\u675F\u5360\u7528\u8FDB\u7A0B\u540E\u91CD\u8BD5`
1906
1979
  );
@@ -1909,23 +1982,23 @@ function releasePort(port, opts) {
1909
1982
  _chunkSMVZ3ZDJcjs.__name.call(void 0, releasePort, "releasePort");
1910
1983
  function collectStartupPorts($asai) {
1911
1984
  const ports = /* @__PURE__ */ new Set();
1912
- const hosts = _optionalChain([$asai, 'access', _199 => _199.hostconfig, 'optionalAccess', _200 => _200.hosts]);
1985
+ const hosts = _optionalChain([$asai, 'access', _215 => _215.hostconfig, 'optionalAccess', _216 => _216.hosts]);
1913
1986
  if (hosts) {
1914
1987
  for (const el of Object.keys(hosts)) {
1915
1988
  if (el === "default") continue;
1916
1989
  if (el !== "asai" && !validateHostdir(el)) continue;
1917
1990
  const cfg = getHostCFG(el, $asai);
1918
- if (_optionalChain([cfg, 'optionalAccess', _201 => _201.close])) continue;
1919
- if (_optionalChain([cfg, 'optionalAccess', _202 => _202.port])) ports.add(Number(cfg.port));
1991
+ if (_optionalChain([cfg, 'optionalAccess', _217 => _217.close])) continue;
1992
+ if (_optionalChain([cfg, 'optionalAccess', _218 => _218.port])) ports.add(Number(cfg.port));
1920
1993
  }
1921
1994
  }
1922
- const proxyhosts = _optionalChain([$asai, 'access', _203 => _203.hostconfig, 'optionalAccess', _204 => _204.proxyhosts]);
1995
+ const proxyhosts = _optionalChain([$asai, 'access', _219 => _219.hostconfig, 'optionalAccess', _220 => _220.proxyhosts]);
1923
1996
  if (proxyhosts) {
1924
1997
  for (const el of Object.keys(proxyhosts)) {
1925
1998
  if (el === "default") continue;
1926
1999
  if (!validateHostdir(el)) continue;
1927
2000
  const cfg = getProxyHostCFG(el, $asai);
1928
- if (_optionalChain([cfg, 'optionalAccess', _205 => _205.proxyport])) ports.add(Number(cfg.proxyport));
2001
+ if (_optionalChain([cfg, 'optionalAccess', _221 => _221.proxyport])) ports.add(Number(cfg.proxyport));
1929
2002
  }
1930
2003
  }
1931
2004
  return [...ports];
@@ -1950,7 +2023,7 @@ function scheduleHttpRetry($asai, hostdir) {
1950
2023
  clearTimeout($asai.hostconfig.guardtm);
1951
2024
  $asai.hostconfig.guardtm = null;
1952
2025
  }
1953
- }, _optionalChain([$asai, 'access', _206 => _206.hostconfig, 'access', _207 => _207.tm, 'optionalAccess', _208 => _208.d]) || 2e3);
2026
+ }, _optionalChain([$asai, 'access', _222 => _222.hostconfig, 'access', _223 => _223.tm, 'optionalAccess', _224 => _224.d]) || 2e3);
1954
2027
  }
1955
2028
  _chunkSMVZ3ZDJcjs.__name.call(void 0, scheduleHttpRetry, "scheduleHttpRetry");
1956
2029
  function clearFailedHttpHost($asai, hostdir, ws2) {
@@ -1963,7 +2036,7 @@ function getHTTPServer(httptype = "", cfg, $asai) {
1963
2036
  if (httptype.startsWith("https")) {
1964
2037
  return {
1965
2038
  AsCreateServer: /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (callback) => {
1966
- return https.createServer(_optionalChain([cfg, 'optionalAccess', _209 => _209.httpscert]) || $asai.hostconfig.httpscert, callback);
2039
+ return https.createServer(_optionalChain([cfg, 'optionalAccess', _225 => _225.httpscert]) || $asai.hostconfig.httpscert, callback);
1967
2040
  }, "AsCreateServer"),
1968
2041
  Agent: https.Agent,
1969
2042
  request: https.request
@@ -2015,13 +2088,13 @@ function startHTTPServer($asai, hostdir) {
2015
2088
  return;
2016
2089
  }
2017
2090
  applySecurityHeaders(res, isHttps, $asai.hostconfig);
2018
- if (_optionalChain([req, 'access', _210 => _210.url, 'optionalAccess', _211 => _211.startsWith, 'call', _212 => _212("/sys")]) && sysWork) {
2091
+ if (_optionalChain([req, 'access', _226 => _226.url, 'optionalAccess', _227 => _227.startsWith, 'call', _228 => _228("/sys")]) && sysWork) {
2019
2092
  logHttp($asai, "SYS", req.method, req.url, skipChecker, req, res);
2020
2093
  sysWork(req, res, hostdir);
2021
- } else if (_optionalChain([req, 'access', _213 => _213.url, 'optionalAccess', _214 => _214.startsWith, 'call', _215 => _215("/api")]) && apiWork) {
2094
+ } else if (_optionalChain([req, 'access', _229 => _229.url, 'optionalAccess', _230 => _230.startsWith, 'call', _231 => _231("/api")]) && apiWork) {
2022
2095
  logHttp($asai, "API", req.method, req.url, skipChecker, req, res);
2023
2096
  apiWork(req, res, hostdir);
2024
- } else if (_optionalChain([req, 'access', _216 => _216.url, 'optionalAccess', _217 => _217.startsWith, 'call', _218 => _218("/jsonp")]) && jsonpWork) {
2097
+ } else if (_optionalChain([req, 'access', _232 => _232.url, 'optionalAccess', _233 => _233.startsWith, 'call', _234 => _234("/jsonp")]) && jsonpWork) {
2025
2098
  logHttp($asai, "JSONP", req.method, req.url, skipChecker, req, res);
2026
2099
  jsonpWork(req, res, hostdir);
2027
2100
  } else if (handleStatic) {
@@ -2092,7 +2165,7 @@ function findSameProcessPortOwner($asai, port, excludeHostdir) {
2092
2165
  for (const hostdir of Object.keys($asai.servershttp || {})) {
2093
2166
  if (hostdir === excludeHostdir) continue;
2094
2167
  const cfg = getHostCFG(hostdir, $asai);
2095
- if (_optionalChain([cfg, 'optionalAccess', _219 => _219.port]) === port) return hostdir;
2168
+ if (_optionalChain([cfg, 'optionalAccess', _235 => _235.port]) === port) return hostdir;
2096
2169
  }
2097
2170
  return null;
2098
2171
  }
@@ -2100,7 +2173,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, findSameProcessPortOwner, "findSameProcess
2100
2173
  function asaiGuard($asai, failedHostdir = "asai") {
2101
2174
  const conflictPorts = $asai.hostconfig.asaiport || [];
2102
2175
  const hostcfg = getHostCFG(failedHostdir, $asai);
2103
- const port = _optionalChain([hostcfg, 'optionalAccess', _220 => _220.port]);
2176
+ const port = _optionalChain([hostcfg, 'optionalAccess', _236 => _236.port]);
2104
2177
  if (!port || !conflictPorts.includes(port)) {
2105
2178
  scheduleHttpRetry($asai, failedHostdir);
2106
2179
  return;
@@ -2132,7 +2205,7 @@ var PROXY_SKIP_HEADERS = /* @__PURE__ */ new Set([
2132
2205
  function startProxyServer($asai, proxyhostdir) {
2133
2206
  const proxycfg = getProxyHostCFG(proxyhostdir, $asai);
2134
2207
  if (!proxycfg.url) return;
2135
- if (_optionalChain([$asai, 'access', _221 => _221.serversproxy, 'optionalAccess', _222 => _222[proxyhostdir]])) return;
2208
+ if (_optionalChain([$asai, 'access', _237 => _237.serversproxy, 'optionalAccess', _238 => _238[proxyhostdir]])) return;
2136
2209
  try {
2137
2210
  const httpServer = getHTTPServer(proxycfg.proxyhttptype, proxycfg, $asai);
2138
2211
  const targetHttp = getHTTPServer(proxycfg.url, proxycfg, $asai);
@@ -2214,12 +2287,12 @@ function startProxyServer($asai, proxyhostdir) {
2214
2287
  proxyServer.on("error", (err) => {
2215
2288
  if (err.code === "EADDRINUSE") {
2216
2289
  $asai.$log("PROXY", `\x1B[41mPort ${proxycfg.proxyport} is already start!\x1B[0m`);
2217
- _optionalChainDelete([$asai, 'access', _223 => _223.serversproxy, 'optionalAccess', _224 => delete _224[proxyhostdir]]);
2290
+ _optionalChainDelete([$asai, 'access', _239 => _239.serversproxy, 'optionalAccess', _240 => delete _240[proxyhostdir]]);
2218
2291
  releasePort(proxycfg.proxyport, {
2219
2292
  excludePid: process.pid,
2220
2293
  label: proxyhostdir
2221
2294
  });
2222
- setTimeout(() => startProxyServer($asai, proxyhostdir), _optionalChain([$asai, 'access', _225 => _225.hostconfig, 'access', _226 => _226.tm, 'optionalAccess', _227 => _227.d]) || 2e3);
2295
+ setTimeout(() => startProxyServer($asai, proxyhostdir), _optionalChain([$asai, 'access', _241 => _241.hostconfig, 'access', _242 => _242.tm, 'optionalAccess', _243 => _243.d]) || 2e3);
2223
2296
  } else {
2224
2297
  $asai.$log("PROXY", "Proxy server error:", err);
2225
2298
  }
@@ -2259,7 +2332,7 @@ function src_default($asai, opt) {
2259
2332
  initAsaiHostNodejs($asai, opt);
2260
2333
  console.log(`\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B\u203B`);
2261
2334
  releaseConfiguredPorts($asai);
2262
- if (_optionalChain([$asai, 'access', _228 => _228.hostconfig, 'optionalAccess', _229 => _229.hosts])) {
2335
+ if (_optionalChain([$asai, 'access', _244 => _244.hostconfig, 'optionalAccess', _245 => _245.hosts])) {
2263
2336
  $asai.startHTTPServer = (hostdir) => startHTTPServer($asai, hostdir);
2264
2337
  Object.keys($asai.hostconfig.hosts).forEach((el) => {
2265
2338
  if (validateHostdir(el)) {
@@ -2270,7 +2343,7 @@ function src_default($asai, opt) {
2270
2343
  startHTTPServer($asai, "asai");
2271
2344
  }
2272
2345
  }
2273
- if (_optionalChain([$asai, 'access', _230 => _230.hostconfig, 'optionalAccess', _231 => _231.proxyhosts])) {
2346
+ if (_optionalChain([$asai, 'access', _246 => _246.hostconfig, 'optionalAccess', _247 => _247.proxyhosts])) {
2274
2347
  Object.keys($asai.hostconfig.proxyhosts).forEach((el) => {
2275
2348
  if (validateHostdir(el)) {
2276
2349
  startProxyServer($asai, el);
@@ -2293,22 +2366,22 @@ _chunkSMVZ3ZDJcjs.__export.call(void 0, utils_exports, {
2293
2366
  // src/utils/ws-mock.ts
2294
2367
  function wsMock($asai) {
2295
2368
  function getKeyByData(reqdata, hostdir) {
2296
- return "_wstask_" + (hostdir || "") + "_" + (_optionalChain([reqdata, 'optionalAccess', _232 => _232.id]) || _optionalChain([reqdata, 'optionalAccess', _233 => _233.ty]) + "." + _optionalChain([reqdata, 'optionalAccess', _234 => _234.ac]));
2369
+ return "_wstask_" + (hostdir || "") + "_" + (_optionalChain([reqdata, 'optionalAccess', _248 => _248.id]) || _optionalChain([reqdata, 'optionalAccess', _249 => _249.ty]) + "." + _optionalChain([reqdata, 'optionalAccess', _250 => _250.ac]));
2297
2370
  }
2298
2371
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getKeyByData, "getKeyByData");
2299
2372
  function getMockDb(workopt) {
2300
2373
  const { reqdata, mockdata } = workopt;
2301
- const wsfn = _optionalChain([mockdata, 'optionalAccess', _235 => _235.fn]) ? _optionalChain([$asai, 'access', _236 => _236.asaimock, 'access', _237 => _237.fn, 'optionalAccess', _238 => _238[mockdata.fn]]) : null;
2374
+ const wsfn = _optionalChain([mockdata, 'optionalAccess', _251 => _251.fn]) ? _optionalChain([$asai, 'access', _252 => _252.asaimock, 'access', _253 => _253.fn, 'optionalAccess', _254 => _254[mockdata.fn]]) : null;
2302
2375
  if (wsfn) return wsfn({ workopt, $asai, mockName: mockdata.fn });
2303
2376
  return { ...reqdata, ...mockdata || {} };
2304
2377
  }
2305
2378
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getMockDb, "getMockDb");
2306
2379
  function wsWorkApi(workopt) {
2307
- _optionalChain([$asai, 'access', _239 => _239.serversws, 'access', _240 => _240[workopt.hostdir], 'optionalAccess', _241 => _241.sendws, 'optionalCall', _242 => _242(workopt.reqdataisobj ? getMockDb(workopt) : workopt.reqdata, 0, workopt.ws)]);
2380
+ _optionalChain([$asai, 'access', _255 => _255.serversws, 'access', _256 => _256[workopt.hostdir], 'optionalAccess', _257 => _257.sendws, 'optionalCall', _258 => _258(workopt.reqdataisobj ? getMockDb(workopt) : workopt.reqdata, 0, workopt.ws)]);
2308
2381
  }
2309
2382
  _chunkSMVZ3ZDJcjs.__name.call(void 0, wsWorkApi, "wsWorkApi");
2310
2383
  function wsWorkListen(workopt, reqkey) {
2311
- if (_optionalChain([workopt, 'access', _243 => _243.reqdata, 'optionalAccess', _244 => _244.off])) {
2384
+ if (_optionalChain([workopt, 'access', _259 => _259.reqdata, 'optionalAccess', _260 => _260.off])) {
2312
2385
  if ($asai.tasksws[workopt.hostdir][reqkey]) {
2313
2386
  clearInterval($asai.tasksws[workopt.hostdir][reqkey]);
2314
2387
  $asai.tasksws[workopt.hostdir][reqkey] = null;
@@ -2323,9 +2396,9 @@ function wsMock($asai) {
2323
2396
  if (!$asai.tasksws[workopt.hostdir][reqkey]) {
2324
2397
  clearInterval($asai.tasksws[workopt.hostdir][reqkey]);
2325
2398
  }
2326
- }, _optionalChain([newDataMock, 'optionalAccess', _245 => _245.tc]) || 2e3);
2327
- _optionalChain([workopt, 'access', _246 => _246.ws, 'optionalAccess', _247 => _247.once, 'optionalCall', _248 => _248("close", () => {
2328
- if (_optionalChain([$asai, 'access', _249 => _249.tasksws, 'access', _250 => _250[workopt.hostdir], 'optionalAccess', _251 => _251[reqkey]])) {
2399
+ }, _optionalChain([newDataMock, 'optionalAccess', _261 => _261.tc]) || 2e3);
2400
+ _optionalChain([workopt, 'access', _262 => _262.ws, 'optionalAccess', _263 => _263.once, 'optionalCall', _264 => _264("close", () => {
2401
+ if (_optionalChain([$asai, 'access', _265 => _265.tasksws, 'access', _266 => _266[workopt.hostdir], 'optionalAccess', _267 => _267[reqkey]])) {
2329
2402
  clearInterval($asai.tasksws[workopt.hostdir][reqkey]);
2330
2403
  delete $asai.tasksws[workopt.hostdir][reqkey];
2331
2404
  }
@@ -2333,8 +2406,8 @@ function wsMock($asai) {
2333
2406
  }
2334
2407
  _chunkSMVZ3ZDJcjs.__name.call(void 0, wsWorkListen, "wsWorkListen");
2335
2408
  function wsWorkMock(workopt) {
2336
- workopt.mockdata = workopt.reqdataisobj && _optionalChain([$asai, 'access', _252 => _252.asaimock, 'optionalAccess', _253 => _253.db, 'optionalAccess', _254 => _254[workopt.hostdir], 'optionalAccess', _255 => _255[_optionalChain([workopt, 'access', _256 => _256.reqdata, 'optionalAccess', _257 => _257.ty])]]) || {};
2337
- if (_optionalChain([workopt, 'access', _258 => _258.mockdata, 'optionalAccess', _259 => _259.wc])) {
2409
+ workopt.mockdata = workopt.reqdataisobj && _optionalChain([$asai, 'access', _268 => _268.asaimock, 'optionalAccess', _269 => _269.db, 'optionalAccess', _270 => _270[workopt.hostdir], 'optionalAccess', _271 => _271[_optionalChain([workopt, 'access', _272 => _272.reqdata, 'optionalAccess', _273 => _273.ty])]]) || {};
2410
+ if (_optionalChain([workopt, 'access', _274 => _274.mockdata, 'optionalAccess', _275 => _275.wc])) {
2338
2411
  wsWorkListen(workopt, getKeyByData(workopt.reqdata, workopt.hostdir));
2339
2412
  } else {
2340
2413
  wsWorkApi(workopt);
@@ -2347,7 +2420,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, wsMock, "wsMock");
2347
2420
 
2348
2421
  // src/infra/user-auth.ts
2349
2422
  async function attachServerUserLevel(req, $asai) {
2350
- const userinfo = _optionalChain([req, 'optionalAccess', _260 => _260.Userinfo]);
2423
+ const userinfo = _optionalChain([req, 'optionalAccess', _276 => _276.Userinfo]);
2351
2424
  if (!Array.isArray(userinfo) || !userinfo[0]) return;
2352
2425
  const us = String(userinfo[0]);
2353
2426
  try {
@@ -2359,34 +2432,34 @@ async function attachServerUserLevel(req, $asai) {
2359
2432
  } else {
2360
2433
  req._serverUser = null;
2361
2434
  }
2362
- } catch (e32) {
2435
+ } catch (e36) {
2363
2436
  req._serverUser = null;
2364
2437
  }
2365
2438
  }
2366
2439
  _chunkSMVZ3ZDJcjs.__name.call(void 0, attachServerUserLevel, "attachServerUserLevel");
2367
2440
  function getRequestUserLevel(req) {
2368
- if (_optionalChain([req, 'optionalAccess', _261 => _261._serverUser, 'optionalAccess', _262 => _262.lv]) != null) return Number(req._serverUser.lv);
2369
- const n = Number(_nullishCoalesce(_optionalChain([req, 'optionalAccess', _263 => _263.Userinfo, 'optionalAccess', _264 => _264[1]]), () => ( -1)));
2441
+ if (_optionalChain([req, 'optionalAccess', _277 => _277._serverUser, 'optionalAccess', _278 => _278.lv]) != null) return Number(req._serverUser.lv);
2442
+ const n = Number(_nullishCoalesce(_optionalChain([req, 'optionalAccess', _279 => _279.Userinfo, 'optionalAccess', _280 => _280[1]]), () => ( -1)));
2370
2443
  return Number.isFinite(n) ? n : -1;
2371
2444
  }
2372
2445
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getRequestUserLevel, "getRequestUserLevel");
2373
2446
  function getRequestUsername(req) {
2374
- if (_optionalChain([req, 'optionalAccess', _265 => _265._serverUser, 'optionalAccess', _266 => _266.us])) return String(req._serverUser.us);
2375
- const us = _optionalChain([req, 'optionalAccess', _267 => _267.Userinfo, 'optionalAccess', _268 => _268[0]]);
2447
+ if (_optionalChain([req, 'optionalAccess', _281 => _281._serverUser, 'optionalAccess', _282 => _282.us])) return String(req._serverUser.us);
2448
+ const us = _optionalChain([req, 'optionalAccess', _283 => _283.Userinfo, 'optionalAccess', _284 => _284[0]]);
2376
2449
  return us ? String(us) : void 0;
2377
2450
  }
2378
2451
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getRequestUsername, "getRequestUsername");
2379
2452
 
2380
2453
  // src/infra/access-control.ts
2381
2454
  function getSecurityConfig($asai) {
2382
- return _optionalChain([$asai, 'optionalAccess', _269 => _269.hostconfig, 'optionalAccess', _270 => _270.security]) || {};
2455
+ return _optionalChain([$asai, 'optionalAccess', _285 => _285.hostconfig, 'optionalAccess', _286 => _286.security]) || {};
2383
2456
  }
2384
2457
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getSecurityConfig, "getSecurityConfig");
2385
- function pathMatchesPattern(path7, pattern) {
2458
+ function pathMatchesPattern(path8, pattern) {
2386
2459
  if (pattern.endsWith("*")) {
2387
- return path7.startsWith(pattern.slice(0, -1));
2460
+ return path8.startsWith(pattern.slice(0, -1));
2388
2461
  }
2389
- return path7 === pattern;
2462
+ return path8 === pattern;
2390
2463
  }
2391
2464
  _chunkSMVZ3ZDJcjs.__name.call(void 0, pathMatchesPattern, "pathMatchesPattern");
2392
2465
  function isAuthSkipped($asai, pathname) {
@@ -2413,13 +2486,13 @@ function validateHttpAuth(req, $asai, pathname) {
2413
2486
  if (!isAuthRequired($asai, pathname)) {
2414
2487
  return { ok: true };
2415
2488
  }
2416
- const userinfo = _optionalChain([req, 'optionalAccess', _271 => _271.Userinfo]);
2489
+ const userinfo = _optionalChain([req, 'optionalAccess', _287 => _287.Userinfo]);
2417
2490
  const ip = getClientIp(req);
2418
2491
  if (!Array.isArray(userinfo) || userinfo.length < 3 || !userinfo[0]) {
2419
2492
  logSecurityEvent($asai, {
2420
2493
  type: "AUTH_MISSING",
2421
2494
  path: pathname,
2422
- method: _optionalChain([req, 'optionalAccess', _272 => _272.method]),
2495
+ method: _optionalChain([req, 'optionalAccess', _288 => _288.method]),
2423
2496
  ip,
2424
2497
  detail: "Userinfo header missing or invalid"
2425
2498
  });
@@ -2433,7 +2506,7 @@ function validateHttpAuth(req, $asai, pathname) {
2433
2506
  logSecurityEvent($asai, {
2434
2507
  type: "ACCESS_DENIED",
2435
2508
  path: pathname,
2436
- method: _optionalChain([req, 'optionalAccess', _273 => _273.method]),
2509
+ method: _optionalChain([req, 'optionalAccess', _289 => _289.method]),
2437
2510
  user: String(us),
2438
2511
  level: userLevel,
2439
2512
  ip,
@@ -2445,13 +2518,13 @@ function validateHttpAuth(req, $asai, pathname) {
2445
2518
  }
2446
2519
  _chunkSMVZ3ZDJcjs.__name.call(void 0, validateHttpAuth, "validateHttpAuth");
2447
2520
  async function validateHttpAuthAsync(req, $asai, pathname) {
2448
- if (Array.isArray(_optionalChain([req, 'optionalAccess', _274 => _274.Userinfo])) && req.Userinfo[0]) {
2521
+ if (Array.isArray(_optionalChain([req, 'optionalAccess', _290 => _290.Userinfo])) && req.Userinfo[0]) {
2449
2522
  await attachServerUserLevel(req, $asai);
2450
2523
  if (!req._serverUser && isAuthRequired($asai, pathname)) {
2451
2524
  logSecurityEvent($asai, {
2452
2525
  type: "ACCESS_DENIED",
2453
2526
  path: pathname,
2454
- method: _optionalChain([req, 'optionalAccess', _275 => _275.method]),
2527
+ method: _optionalChain([req, 'optionalAccess', _291 => _291.method]),
2455
2528
  user: String(req.Userinfo[0]),
2456
2529
  ip: getClientIp(req),
2457
2530
  detail: "User not found or inactive"
@@ -2513,7 +2586,7 @@ function resolveApiCorsOrigin(req, hostcfg, getHeader) {
2513
2586
  if (referer) {
2514
2587
  try {
2515
2588
  origin = new URL(referer).origin;
2516
- } catch (e33) {
2589
+ } catch (e37) {
2517
2590
  const parts = referer.split("/");
2518
2591
  if (parts.length >= 3) origin = `${parts[0]}//${parts[2]}`;
2519
2592
  }
@@ -2525,7 +2598,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, resolveApiCorsOrigin, "resolveApiCorsOrigi
2525
2598
  function isApiCorsAllowed(origin, hostcfg, hostHeader) {
2526
2599
  if (!origin) return false;
2527
2600
  if (origin === "*") return true;
2528
- const corsList = _optionalChain([hostcfg, 'optionalAccess', _276 => _276.cors]);
2601
+ const corsList = _optionalChain([hostcfg, 'optionalAccess', _292 => _292.cors]);
2529
2602
  if (!Array.isArray(corsList) || !corsList.length) return true;
2530
2603
  if (corsList.includes(origin)) return true;
2531
2604
  if (hostHeader && origin.includes(hostHeader)) return true;
@@ -2535,7 +2608,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, isApiCorsAllowed, "isApiCorsAllowed");
2535
2608
 
2536
2609
  // src/common/server/Api.ts
2537
2610
  function readRequestBody(req, maxBody) {
2538
- return new Promise((resolve5, reject) => {
2611
+ return new Promise((resolve6, reject) => {
2539
2612
  const chunks = [];
2540
2613
  let received = 0;
2541
2614
  let settled = false;
@@ -2543,7 +2616,7 @@ function readRequestBody(req, maxBody) {
2543
2616
  if (settled) return;
2544
2617
  settled = true;
2545
2618
  if (err) reject(err);
2546
- else resolve5(_nullishCoalesce(data, () => ( "")));
2619
+ else resolve6(_nullishCoalesce(data, () => ( "")));
2547
2620
  }, "finish");
2548
2621
  req.on("data", (chunk) => {
2549
2622
  if (settled) return;
@@ -2571,19 +2644,19 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, isPlainSourcePost, "isPlainSourcePost");
2571
2644
  function processPostPayload($asai, req, postdata, pm) {
2572
2645
  let isAes = false;
2573
2646
  let out = postdata;
2574
- if ($asai.$lib.aesfns && _optionalChain([out, 'optionalAccess', _277 => _277.startsWith, 'optionalCall', _278 => _278('{"aes":')])) {
2647
+ if ($asai.$lib.aesfns && _optionalChain([out, 'optionalAccess', _293 => _293.startsWith, 'optionalCall', _294 => _294('{"aes":')])) {
2575
2648
  isAes = true;
2576
2649
  const aesData = JSON.parse(out);
2577
2650
  out = $asai.$lib.aesfns.reqAES({ data: aesData });
2578
- if (_optionalChain([aesData, 'optionalAccess', _279 => _279.aes]) === 2 && typeof out === "string") {
2651
+ if (_optionalChain([aesData, 'optionalAccess', _295 => _295.aes]) === 2 && typeof out === "string") {
2579
2652
  try {
2580
2653
  out = JSON.parse(out);
2581
- } catch (e34) {
2654
+ } catch (e38) {
2582
2655
  }
2583
2656
  }
2584
2657
  }
2585
2658
  const plainJson = typeof out === "string" && out.trimStart().startsWith("{");
2586
- if (_optionalChain([req, 'optionalAccess', _280 => _280.Userinfo, 'optionalAccess', _281 => _281[2]]) && !plainJson && !isRawUploadPost(_optionalChain([req, 'optionalAccess', _282 => _282.url])) && !isPlainSourcePost(_optionalChain([req, 'optionalAccess', _283 => _283.url]))) {
2659
+ if (_optionalChain([req, 'optionalAccess', _296 => _296.Userinfo, 'optionalAccess', _297 => _297[2]]) && !plainJson && !isRawUploadPost(_optionalChain([req, 'optionalAccess', _298 => _298.url])) && !isPlainSourcePost(_optionalChain([req, 'optionalAccess', _299 => _299.url]))) {
2587
2660
  pm = req.Userinfo[2];
2588
2661
  out = $asai.$lib.AsCode.asdecode(out, pm);
2589
2662
  }
@@ -2591,7 +2664,7 @@ function processPostPayload($asai, req, postdata, pm) {
2591
2664
  }
2592
2665
  _chunkSMVZ3ZDJcjs.__name.call(void 0, processPostPayload, "processPostPayload");
2593
2666
  var Api_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, opt = {}) => {
2594
- _optionalChain([opt, 'optionalAccess', _284 => _284.fn, 'optionalCall', _285 => _285($asai)]);
2667
+ _optionalChain([opt, 'optionalAccess', _300 => _300.fn, 'optionalCall', _301 => _301($asai)]);
2595
2668
  function getHeader(req, key) {
2596
2669
  return req.headers[key.toLowerCase()] || "";
2597
2670
  }
@@ -2600,7 +2673,7 @@ var Api_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2600
2673
  let apiRouteCacheLen = -1;
2601
2674
  function findApiHandler($asai2, pathname) {
2602
2675
  const apis = $asai2.hostserverapis;
2603
- if (!_optionalChain([apis, 'optionalAccess', _286 => _286.length])) return void 0;
2676
+ if (!_optionalChain([apis, 'optionalAccess', _302 => _302.length])) return void 0;
2604
2677
  if (!apiRouteCache || apiRouteCacheLen !== apis.length) {
2605
2678
  apiRouteCache = apis.map((elp) => ({ key: elp, path: `/api/${elp}` }));
2606
2679
  apiRouteCacheLen = apis.length;
@@ -2648,9 +2721,9 @@ var Api_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2648
2721
  pm: decodeURIComponent(urlParse.search.substring(4))
2649
2722
  };
2650
2723
  if (req.url.indexOf("binary") === -1) {
2651
- if (_optionalChain([req, 'optionalAccess', _287 => _287.Userinfo]) && _optionalChain([req, 'optionalAccess', _288 => _288.Userinfo, 'access', _289 => _289[2]]) && _optionalChain([query, 'optionalAccess', _290 => _290.pm])) {
2724
+ if (_optionalChain([req, 'optionalAccess', _303 => _303.Userinfo]) && _optionalChain([req, 'optionalAccess', _304 => _304.Userinfo, 'access', _305 => _305[2]]) && _optionalChain([query, 'optionalAccess', _306 => _306.pm])) {
2652
2725
  pm = req.Userinfo[2];
2653
- query = $asai.$lib.AsCode.asdecode(_optionalChain([query, 'optionalAccess', _291 => _291.pm]), pm);
2726
+ query = $asai.$lib.AsCode.asdecode(_optionalChain([query, 'optionalAccess', _307 => _307.pm]), pm);
2654
2727
  query = Object.fromEntries(new URLSearchParams("?" + query).entries());
2655
2728
  }
2656
2729
  }
@@ -2669,87 +2742,99 @@ var Api_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2669
2742
  const releaseSlot = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, () => releaseApiSlot(hostdir, clientIp), "releaseSlot");
2670
2743
  res.once("finish", releaseSlot);
2671
2744
  res.once("close", releaseSlot);
2672
- const maxBody = _optionalChain([$asai, 'access', _292 => _292.hostconfig, 'optionalAccess', _293 => _293.maxbody]) || 100 * 1024 * 1024;
2745
+ const maxBody = _optionalChain([$asai, 'access', _308 => _308.hostconfig, 'optionalAccess', _309 => _309.maxbody]) || 100 * 1024 * 1024;
2673
2746
  const isTextPost = req.method === "POST" && req.url.indexOf("binary") === -1;
2674
2747
  const bodyPromise = isTextPost ? readRequestBody(req, maxBody) : null;
2675
2748
  void (async () => {
2676
- let authResult;
2677
- let rawBody = "";
2678
2749
  try {
2679
- [authResult, rawBody] = await Promise.all([
2680
- validateHttpAuthAsync(req, $asai, pathname),
2681
- _nullishCoalesce(bodyPromise, () => ( Promise.resolve("")))
2682
- ]);
2683
- } catch (err) {
2684
- releaseSlot();
2685
- if (_optionalChain([err, 'optionalAccess', _294 => _294.message]) === "PAYLOAD_TOO_LARGE") {
2686
- return sendError(res, 413, "Payload Too Large");
2687
- }
2688
- return sendError(res, 400, _optionalChain([err, 'optionalAccess', _295 => _295.message]) || "Bad Request");
2689
- }
2690
- if (!authResult.ok) {
2691
- releaseSlot();
2692
- return sendAuthError(res, authResult);
2693
- }
2694
- let apiFn = _optionalChain([$asai, 'access', _296 => _296.hostserverapi, 'access', _297 => _297[apiHandlerKey], 'optionalCall', _298 => _298($asai, query)]);
2695
- if (!apiFn) {
2696
- return sendError(res, 501, "Not Implemented");
2697
- }
2698
- res.setHeader("Content-Type", "application/json; charset=utf-8");
2699
- $asai.$log("API", req.method, urlParse.pathname, query);
2700
- let qrdata;
2701
- let postdata;
2702
- if (req.url.indexOf("binary") === -1) {
2703
- qrdata = query;
2704
- if (req.method === "POST") {
2705
- try {
2706
- const processed = processPostPayload($asai, req, rawBody, pm);
2707
- postdata = processed.postdata;
2708
- pm = processed.pm;
2709
- isAes = processed.isAes;
2710
- } catch (e35) {
2711
- return sendError(res, 400, "AES decrypt failed");
2712
- }
2713
- if (_optionalChain([apiFn, 'optionalAccess', _299 => _299.post]) && typeof _optionalChain([apiFn, 'optionalAccess', _300 => _300.post]) === "function") {
2714
- const optTmp = { qrdata, data: postdata, pm };
2715
- if (isAes || _optionalChain([$asai, 'access', _301 => _301.$lib, 'access', _302 => _302.aesfns, 'optionalAccess', _303 => _303.allaes])) {
2716
- optTmp.resAES = _optionalChain([$asai, 'access', _304 => _304.$lib, 'access', _305 => _305.aesfns, 'optionalAccess', _306 => _306.resAES]);
2717
- }
2718
- apiFn.post(req, res, hostdir, optTmp);
2719
- } else {
2720
- res.end(typeof postdata === "string" ? postdata : JSON.stringify(_nullishCoalesce(postdata, () => ( ""))));
2721
- }
2722
- } else if (req.method === "GET") {
2723
- if (_optionalChain([apiFn, 'optionalAccess', _307 => _307.get]) && typeof _optionalChain([apiFn, 'optionalAccess', _308 => _308.get]) === "function") {
2724
- const optTmp = { qrdata, data: qrdata, pm };
2725
- if (isAes || _optionalChain([$asai, 'access', _309 => _309.$lib, 'access', _310 => _310.aesfns, 'optionalAccess', _311 => _311.allaes])) {
2726
- optTmp.resAES = _optionalChain([$asai, 'access', _312 => _312.$lib, 'access', _313 => _313.aesfns, 'optionalAccess', _314 => _314.resAES]);
2727
- }
2728
- apiFn.get(req, res, hostdir, optTmp);
2729
- } else {
2730
- res.end(JSON.stringify(qrdata));
2750
+ let authResult;
2751
+ let rawBody = "";
2752
+ try {
2753
+ [authResult, rawBody] = await Promise.all([
2754
+ validateHttpAuthAsync(req, $asai, pathname),
2755
+ _nullishCoalesce(bodyPromise, () => ( Promise.resolve("")))
2756
+ ]);
2757
+ } catch (err) {
2758
+ releaseSlot();
2759
+ if (_optionalChain([err, 'optionalAccess', _310 => _310.message]) === "PAYLOAD_TOO_LARGE") {
2760
+ return sendError(res, 413, "Payload Too Large");
2731
2761
  }
2762
+ return sendError(res, 400, _optionalChain([err, 'optionalAccess', _311 => _311.message]) || "Bad Request");
2732
2763
  }
2733
- } else {
2734
- if (_optionalChain([Object, 'access', _315 => _315.keys, 'call', _316 => _316(query), 'optionalAccess', _317 => _317.length])) {
2735
- qrdata = query;
2764
+ if (!authResult.ok) {
2765
+ releaseSlot();
2766
+ return sendAuthError(res, authResult);
2767
+ }
2768
+ let apiFn = _optionalChain([$asai, 'access', _312 => _312.hostserverapi, 'access', _313 => _313[apiHandlerKey], 'optionalCall', _314 => _314($asai, query)]);
2769
+ if (!apiFn) {
2770
+ return sendError(res, 501, "Not Implemented");
2736
2771
  }
2737
- if (req.method === "POST") {
2738
- $asai.$lib.AsNodeTool.upBinary(req).then((postdata2) => {
2739
- if (_optionalChain([apiFn, 'optionalAccess', _318 => _318.post]) && typeof _optionalChain([apiFn, 'optionalAccess', _319 => _319.post]) === "function") {
2740
- apiFn.post(req, res, hostdir, {
2741
- qrdata,
2742
- data: postdata2
2743
- });
2772
+ res.setHeader("Content-Type", "application/json; charset=utf-8");
2773
+ $asai.$log("API", req.method, urlParse.pathname, query);
2774
+ let qrdata;
2775
+ let postdata;
2776
+ if (req.url.indexOf("binary") === -1) {
2777
+ qrdata = query;
2778
+ if (req.method === "POST") {
2779
+ try {
2780
+ const processed = processPostPayload($asai, req, rawBody, pm);
2781
+ postdata = processed.postdata;
2782
+ pm = processed.pm;
2783
+ isAes = processed.isAes;
2784
+ } catch (e39) {
2785
+ return sendError(res, 400, "AES decrypt failed");
2786
+ }
2787
+ if (_optionalChain([apiFn, 'optionalAccess', _315 => _315.post]) && typeof _optionalChain([apiFn, 'optionalAccess', _316 => _316.post]) === "function") {
2788
+ const optTmp = { qrdata, data: postdata, pm };
2789
+ if (isAes || _optionalChain([$asai, 'access', _317 => _317.$lib, 'access', _318 => _318.aesfns, 'optionalAccess', _319 => _319.allaes])) {
2790
+ optTmp.resAES = _optionalChain([$asai, 'access', _320 => _320.$lib, 'access', _321 => _321.aesfns, 'optionalAccess', _322 => _322.resAES]);
2791
+ }
2792
+ apiFn.post(req, res, hostdir, optTmp);
2744
2793
  } else {
2745
- res.end(postdata2);
2794
+ res.end(typeof postdata === "string" ? postdata : JSON.stringify(_nullishCoalesce(postdata, () => ( ""))));
2746
2795
  }
2747
- }).catch((err) => {
2748
- return sendError(res, 400, "Invalid content type");
2749
- });
2796
+ } else if (req.method === "GET") {
2797
+ if (_optionalChain([apiFn, 'optionalAccess', _323 => _323.get]) && typeof _optionalChain([apiFn, 'optionalAccess', _324 => _324.get]) === "function") {
2798
+ const optTmp = { qrdata, data: qrdata, pm };
2799
+ if (isAes || _optionalChain([$asai, 'access', _325 => _325.$lib, 'access', _326 => _326.aesfns, 'optionalAccess', _327 => _327.allaes])) {
2800
+ optTmp.resAES = _optionalChain([$asai, 'access', _328 => _328.$lib, 'access', _329 => _329.aesfns, 'optionalAccess', _330 => _330.resAES]);
2801
+ }
2802
+ apiFn.get(req, res, hostdir, optTmp);
2803
+ } else {
2804
+ res.end(JSON.stringify(qrdata));
2805
+ }
2806
+ }
2807
+ } else {
2808
+ if (_optionalChain([Object, 'access', _331 => _331.keys, 'call', _332 => _332(query), 'optionalAccess', _333 => _333.length])) {
2809
+ qrdata = query;
2810
+ }
2811
+ if (req.method === "POST") {
2812
+ $asai.$lib.AsNodeTool.upBinary(req).then((postdata2) => {
2813
+ if (_optionalChain([apiFn, 'optionalAccess', _334 => _334.post]) && typeof _optionalChain([apiFn, 'optionalAccess', _335 => _335.post]) === "function") {
2814
+ apiFn.post(req, res, hostdir, {
2815
+ qrdata,
2816
+ data: postdata2
2817
+ });
2818
+ } else {
2819
+ res.end(postdata2);
2820
+ }
2821
+ }).catch((err) => {
2822
+ return sendError(res, 400, "Invalid content type");
2823
+ });
2824
+ }
2825
+ }
2826
+ } catch (err) {
2827
+ releaseSlot();
2828
+ if (!res.headersSent) {
2829
+ return sendError(res, 500, _optionalChain([err, 'optionalAccess', _336 => _336.message]) || "Internal Server Error");
2750
2830
  }
2751
2831
  }
2752
- })();
2832
+ })().catch((err) => {
2833
+ releaseSlot();
2834
+ if (!res.headersSent) {
2835
+ sendError(res, 500, _optionalChain([err, 'optionalAccess', _337 => _337.message]) || "Internal Server Error");
2836
+ }
2837
+ });
2753
2838
  } else {
2754
2839
  $asai.$log("API", req.method, req.url);
2755
2840
  }
@@ -2760,12 +2845,12 @@ var Api_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2760
2845
 
2761
2846
  // src/common/server/Ws.ts
2762
2847
  var Ws_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, opt = {}) => {
2763
- _optionalChain([opt, 'optionalAccess', _320 => _320.fn, 'optionalCall', _321 => _321($asai)]);
2848
+ _optionalChain([opt, 'optionalAccess', _338 => _338.fn, 'optionalCall', _339 => _339($asai)]);
2764
2849
  const wsHandlerCache = /* @__PURE__ */ new Map();
2765
2850
  const routeIndex = ensureWsRouteIndex($asai);
2766
2851
  function getWsHandler(handlerKey) {
2767
2852
  if (!wsHandlerCache.has(handlerKey)) {
2768
- wsHandlerCache.set(handlerKey, _optionalChain([$asai, 'access', _322 => _322.hostserverws, 'access', _323 => _323[handlerKey], 'optionalCall', _324 => _324($asai)]));
2853
+ wsHandlerCache.set(handlerKey, _optionalChain([$asai, 'access', _340 => _340.hostserverws, 'access', _341 => _341[handlerKey], 'optionalCall', _342 => _342($asai)]));
2769
2854
  }
2770
2855
  return wsHandlerCache.get(handlerKey);
2771
2856
  }
@@ -2789,21 +2874,21 @@ var Ws_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, o
2789
2874
  let reqdata = parseMessage(msg);
2790
2875
  let handlerKey;
2791
2876
  if (reqdata === "ping") {
2792
- _optionalChain([ws2, 'access', _325 => _325.send, 'optionalCall', _326 => _326("pong")]);
2877
+ _optionalChain([ws2, 'access', _343 => _343.send, 'optionalCall', _344 => _344("pong")]);
2793
2878
  return;
2794
2879
  } else {
2795
2880
  const reqdataisobj = typeof reqdata === "object" && reqdata !== null;
2796
- handlerKey = reqdataisobj ? routeIndex.matchTy(_optionalChain([reqdata, 'optionalAccess', _327 => _327.ty])) : routeIndex.matchString(reqdata);
2797
- if (!handlerKey && _optionalChain([$asai, 'access', _328 => _328.hostserverwss, 'optionalAccess', _329 => _329.length])) {
2881
+ handlerKey = reqdataisobj ? routeIndex.matchTy(_optionalChain([reqdata, 'optionalAccess', _345 => _345.ty])) : routeIndex.matchString(reqdata);
2882
+ if (!handlerKey && _optionalChain([$asai, 'access', _346 => _346.hostserverwss, 'optionalAccess', _347 => _347.length])) {
2798
2883
  handlerKey = $asai.hostserverwss.find((elp) => {
2799
2884
  if (reqdataisobj) {
2800
- return _optionalChain([reqdata, 'optionalAccess', _330 => _330.ty, 'optionalAccess', _331 => _331.startsWith, 'call', _332 => _332(elp)]);
2885
+ return _optionalChain([reqdata, 'optionalAccess', _348 => _348.ty, 'optionalAccess', _349 => _349.startsWith, 'call', _350 => _350(elp)]);
2801
2886
  }
2802
2887
  return typeof reqdata === "string" && reqdata.startsWith(elp);
2803
2888
  });
2804
2889
  }
2805
2890
  if (!handlerKey) {
2806
- _optionalChain([$asai, 'access', _333 => _333.asaimock, 'optionalAccess', _334 => _334.wsWorkMock, 'call', _335 => _335({
2891
+ _optionalChain([$asai, 'access', _351 => _351.asaimock, 'optionalAccess', _352 => _352.wsWorkMock, 'call', _353 => _353({
2807
2892
  msg,
2808
2893
  ws: ws2,
2809
2894
  hostdir,
@@ -2815,14 +2900,14 @@ var Ws_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, o
2815
2900
  }
2816
2901
  }
2817
2902
  if (!handlerKey) return;
2818
- _optionalChain([getWsHandler, 'call', _336 => _336(handlerKey), 'optionalAccess', _337 => _337.work, 'optionalCall', _338 => _338(reqdata, ws2, hostdir, req)]);
2903
+ _optionalChain([getWsHandler, 'call', _354 => _354(handlerKey), 'optionalAccess', _355 => _355.work, 'optionalCall', _356 => _356(reqdata, ws2, hostdir, req)]);
2819
2904
  } catch (err) {
2820
- _optionalChain([($asai.$log || console.error), 'optionalCall', _339 => _339("WS", "handler error", err instanceof Error ? err.message : err)]);
2905
+ _optionalChain([($asai.$log || console.error), 'optionalCall', _357 => _357("WS", "handler error", err instanceof Error ? err.message : err)]);
2821
2906
  }
2822
2907
  }
2823
2908
  _chunkSMVZ3ZDJcjs.__name.call(void 0, wsWork, "wsWork");
2824
2909
  function _getMessage(msg) {
2825
- if (_optionalChain([msg, 'optionalAccess', _340 => _340.db, 'optionalAccess', _341 => _341.aes]) && _optionalChain([$asai, 'access', _342 => _342.$lib, 'optionalAccess', _343 => _343.aesfns, 'optionalAccess', _344 => _344.reqAES])) {
2910
+ if (_optionalChain([msg, 'optionalAccess', _358 => _358.db, 'optionalAccess', _359 => _359.aes]) && _optionalChain([$asai, 'access', _360 => _360.$lib, 'optionalAccess', _361 => _361.aesfns, 'optionalAccess', _362 => _362.reqAES])) {
2826
2911
  msg.db = $asai.$lib.aesfns.reqAES({ data: msg.db });
2827
2912
  }
2828
2913
  return msg;
@@ -2849,12 +2934,12 @@ var Ws_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, o
2849
2934
 
2850
2935
  // src/common/server/Sys.ts
2851
2936
  var Sys_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, opt = {}) => {
2852
- _optionalChain([opt, 'optionalAccess', _345 => _345.fn, 'optionalCall', _346 => _346($asai)]);
2937
+ _optionalChain([opt, 'optionalAccess', _363 => _363.fn, 'optionalCall', _364 => _364($asai)]);
2853
2938
  let sysRouteCache = null;
2854
2939
  let sysRouteCacheLen = -1;
2855
2940
  function findSystemHandler(req) {
2856
2941
  const routes = $asai.hostserversyss;
2857
- if (!_optionalChain([routes, 'optionalAccess', _347 => _347.length])) return void 0;
2942
+ if (!_optionalChain([routes, 'optionalAccess', _365 => _365.length])) return void 0;
2858
2943
  if (!sysRouteCache || sysRouteCacheLen !== routes.length) {
2859
2944
  sysRouteCache = routes.map((elp) => ({ key: elp, route: `/${elp}` }));
2860
2945
  sysRouteCacheLen = routes.length;
@@ -2883,27 +2968,28 @@ var Sys_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2883
2968
  }
2884
2969
  const urlPath = (req.url || "").split("?")[0];
2885
2970
  void (async () => {
2886
- const authResult = await validateHttpAuthAsync(req, $asai, urlPath);
2887
- if (!authResult.ok) {
2888
- return sendAuthError(res, authResult);
2889
- }
2890
- const handler = _optionalChain([$asai, 'access', _348 => _348.hostserversys, 'access', _349 => _349[handlerKey], 'optionalCall', _350 => _350($asai)]);
2891
- if (!handler) {
2892
- return sendError(res, 500, "Handler Initialization Failed");
2893
- }
2894
- if (_optionalChain([handler, 'optionalAccess', _351 => _351.show]) && typeof _optionalChain([handler, 'optionalAccess', _352 => _352.show]) === "function") {
2895
- handler.show(req, res, hostdir);
2896
- } else {
2897
- res.end("postdata");
2971
+ try {
2972
+ const authResult = await validateHttpAuthAsync(req, $asai, urlPath);
2973
+ if (!authResult.ok) {
2974
+ return sendAuthError(res, authResult);
2975
+ }
2976
+ const handler = _optionalChain([$asai, 'access', _366 => _366.hostserversys, 'access', _367 => _367[handlerKey], 'optionalCall', _368 => _368($asai)]);
2977
+ if (!handler) {
2978
+ return sendError(res, 500, "Handler Initialization Failed");
2979
+ }
2980
+ if (_optionalChain([handler, 'optionalAccess', _369 => _369.show]) && typeof _optionalChain([handler, 'optionalAccess', _370 => _370.show]) === "function") {
2981
+ handler.show(req, res, hostdir);
2982
+ } else {
2983
+ res.end("postdata");
2984
+ }
2985
+ } catch (err) {
2986
+ return sendError(res, 500, _optionalChain([err, 'optionalAccess', _371 => _371.message]) || "Internal Server Error");
2898
2987
  }
2899
- if (!handler) {
2900
- res.writeHead(404, {
2901
- "Content-Type": "application/json; charset=utf-8"
2902
- });
2903
- res.end(req.url);
2904
- } else {
2988
+ })().catch((err) => {
2989
+ if (!res.headersSent) {
2990
+ sendError(res, 500, _optionalChain([err, 'optionalAccess', _372 => _372.message]) || "Internal Server Error");
2905
2991
  }
2906
- })();
2992
+ });
2907
2993
  }
2908
2994
  _chunkSMVZ3ZDJcjs.__name.call(void 0, sysWork, "sysWork");
2909
2995
  return { sysWork };
@@ -2911,18 +2997,18 @@ var Sys_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
2911
2997
 
2912
2998
  // src/common/server/WsClient.ts
2913
2999
  var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, wsname) => {
2914
- if (!_optionalChain([$asai, 'optionalAccess', _353 => _353.clientws])) {
3000
+ if (!_optionalChain([$asai, 'optionalAccess', _373 => _373.clientws])) {
2915
3001
  $asai.clientws = {};
2916
3002
  }
2917
3003
  if (!$asai.clientws[wsname]) {
2918
3004
  $asai.clientws[wsname] = { tasks: /* @__PURE__ */ new Map() };
2919
3005
  }
2920
3006
  function getKeyByData(msgdata) {
2921
- return _optionalChain([msgdata, 'optionalAccess', _354 => _354.id]) || _optionalChain([msgdata, 'optionalAccess', _355 => _355.ty]);
3007
+ return _optionalChain([msgdata, 'optionalAccess', _374 => _374.id]) || _optionalChain([msgdata, 'optionalAccess', _375 => _375.ty]);
2922
3008
  }
2923
3009
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getKeyByData, "getKeyByData");
2924
3010
  function clientwsInit() {
2925
- return new Promise((resolve5, reject) => {
3011
+ return new Promise((resolve6, reject) => {
2926
3012
  $asai.clientws[wsname].socket = new $asai.asaiWs(
2927
3013
  $asai.command.commandconfig.clientws[wsname]
2928
3014
  );
@@ -2931,7 +3017,7 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
2931
3017
  };
2932
3018
  $asai.clientws[wsname].socket.on("error", (err) => {
2933
3019
  $asai.clientws[wsname].open = 0;
2934
- _optionalChain([$asai, 'access', _356 => _356.hostconfig, 'access', _357 => _357.logger, 'optionalAccess', _358 => _358.lv, 'optionalAccess', _359 => _359.view]) && console.error(
3020
+ _optionalChain([$asai, 'access', _376 => _376.hostconfig, 'access', _377 => _377.logger, 'optionalAccess', _378 => _378.lv, 'optionalAccess', _379 => _379.view]) && console.error(
2935
3021
  666.2203,
2936
3022
  `${wsname}=${$asai.command.commandconfig.clientws[wsname]} is error.`,
2937
3023
  err
@@ -2940,19 +3026,19 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
2940
3026
  });
2941
3027
  $asai.clientws[wsname].socket.on("close", () => {
2942
3028
  $asai.clientws[wsname].open = 0;
2943
- _optionalChain([$asai, 'access', _360 => _360.hostconfig, 'access', _361 => _361.logger, 'optionalAccess', _362 => _362.lv, 'optionalAccess', _363 => _363.view]) && console.error(
3029
+ _optionalChain([$asai, 'access', _380 => _380.hostconfig, 'access', _381 => _381.logger, 'optionalAccess', _382 => _382.lv, 'optionalAccess', _383 => _383.view]) && console.error(
2944
3030
  666.2205,
2945
3031
  `${wsname}=${$asai.command.commandconfig.clientws[wsname]} is close.`
2946
3032
  );
2947
3033
  reject();
2948
3034
  });
2949
3035
  $asai.clientws[wsname].socket.onopen = () => {
2950
- _optionalChain([$asai, 'access', _364 => _364.hostconfig, 'access', _365 => _365.logger, 'optionalAccess', _366 => _366.lv, 'optionalAccess', _367 => _367.view]) && console.log(
3036
+ _optionalChain([$asai, 'access', _384 => _384.hostconfig, 'access', _385 => _385.logger, 'optionalAccess', _386 => _386.lv, 'optionalAccess', _387 => _387.view]) && console.log(
2951
3037
  666.2201,
2952
3038
  `${wsname}=${$asai.command.commandconfig.clientws[wsname]} is open.`
2953
3039
  );
2954
3040
  $asai.clientws[wsname].open = 1;
2955
- resolve5();
3041
+ resolve6();
2956
3042
  };
2957
3043
  });
2958
3044
  }
@@ -2970,7 +3056,7 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
2970
3056
  const key = getKeyByData(messageData);
2971
3057
  const task = $asai.clientws[wsname].tasks.get(key);
2972
3058
  if (task) {
2973
- _optionalChain([task, 'optionalAccess', _368 => _368.callback, 'call', _369 => _369(messageData)]);
3059
+ _optionalChain([task, 'optionalAccess', _388 => _388.callback, 'call', _389 => _389(messageData)]);
2974
3060
  if (messageData.ty && !messageData.id) {
2975
3061
  } else {
2976
3062
  $asai.clientws[wsname].tasks.delete(key);
@@ -2982,7 +3068,7 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
2982
3068
  }
2983
3069
  _chunkSMVZ3ZDJcjs.__name.call(void 0, clientwsOnmessage, "clientwsOnmessage");
2984
3070
  function clientwsApi(messageData) {
2985
- return new Promise((resolve5, reject) => {
3071
+ return new Promise((resolve6, reject) => {
2986
3072
  if ($asai.clientws[wsname].open) {
2987
3073
  try {
2988
3074
  const taskOpt = {};
@@ -2994,7 +3080,7 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
2994
3080
  getKeyByData(messageData),
2995
3081
  {
2996
3082
  callback: /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (res) => {
2997
- resolve5(res);
3083
+ resolve6(res);
2998
3084
  }, "callback"),
2999
3085
  ...messageData,
3000
3086
  ...taskOpt
@@ -3024,7 +3110,7 @@ var WsClient_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($a
3024
3110
  }
3025
3111
  _chunkSMVZ3ZDJcjs.__name.call(void 0, clientwsWatch, "clientwsWatch");
3026
3112
  function clientwsWatchOff(messageData) {
3027
- if (_optionalChain([messageData, 'optionalAccess', _370 => _370.ty]) === "clear") {
3113
+ if (_optionalChain([messageData, 'optionalAccess', _390 => _390.ty]) === "clear") {
3028
3114
  $asai.clientws[wsname].tasks = /* @__PURE__ */ new Map();
3029
3115
  } else {
3030
3116
  const key = getKeyByData(messageData);
@@ -3065,7 +3151,7 @@ var ping_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai)
3065
3151
  var web_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3066
3152
  function chatBoard(msgdata, ws2, hostdir, req) {
3067
3153
  let room;
3068
- if (_optionalChain([msgdata, 'access', _371 => _371.db, 'optionalAccess', _372 => _372.room]) && typeof msgdata.db.room === "string") {
3154
+ if (_optionalChain([msgdata, 'access', _391 => _391.db, 'optionalAccess', _392 => _392.room]) && typeof msgdata.db.room === "string") {
3069
3155
  room = msgdata.db.room;
3070
3156
  delete msgdata.db.room;
3071
3157
  } else {
@@ -3122,26 +3208,26 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3122
3208
  removeFile: removeFile2,
3123
3209
  resolvePathUnderBase: resolvePathUnderBase2
3124
3210
  } = $asai.$lib.AsFs;
3125
- const { sendSuccess, sendFail, mnLog } = _optionalChain([$asai, 'access', _373 => _373.$lib, 'optionalAccess', _374 => _374.reqWork, 'optionalCall', _375 => _375($asai)]);
3211
+ const { sendSuccess, sendFail, mnLog } = _optionalChain([$asai, 'access', _393 => _393.$lib, 'optionalAccess', _394 => _394.reqWork, 'optionalCall', _395 => _395($asai)]);
3126
3212
  function mgLog(...arg) {
3127
3213
  mnLog("LOG", ...arg);
3128
3214
  }
3129
3215
  _chunkSMVZ3ZDJcjs.__name.call(void 0, mgLog, "mgLog");
3130
3216
  function getDir(opt) {
3131
- let tmpDir = _optionalChain([opt, 'access', _376 => _376.qrdata, 'optionalAccess', _377 => _377.dir]) || _optionalChain([opt, 'access', _378 => _378.data, 'optionalAccess', _379 => _379.dir]);
3217
+ let tmpDir = _optionalChain([opt, 'access', _396 => _396.qrdata, 'optionalAccess', _397 => _397.dir]) || _optionalChain([opt, 'access', _398 => _398.data, 'optionalAccess', _399 => _399.dir]);
3132
3218
  if (tmpDir) {
3133
3219
  tmpDir = decodeURIComponent(tmpDir);
3134
3220
  } else {
3135
- tmpDir = _optionalChain([opt, 'access', _380 => _380.qrdata, 'optionalAccess', _381 => _381.ty]) || _optionalChain([opt, 'access', _382 => _382.data, 'optionalAccess', _383 => _383.ty]);
3221
+ tmpDir = _optionalChain([opt, 'access', _400 => _400.qrdata, 'optionalAccess', _401 => _401.ty]) || _optionalChain([opt, 'access', _402 => _402.data, 'optionalAccess', _403 => _403.ty]);
3136
3222
  if (tmpDir) {
3137
3223
  tmpDir = decodeURIComponent(tmpDir);
3138
3224
  if (tmpDir === "access-clf" || tmpDir === "access-w3c") {
3139
- tmpDir = _optionalChain([$asai, 'access', _384 => _384.hostconfig, 'access', _385 => _385.logger, 'optionalAccess', _386 => _386.path, 'optionalAccess', _387 => _387.access]) || "";
3225
+ tmpDir = _optionalChain([$asai, 'access', _404 => _404.hostconfig, 'access', _405 => _405.logger, 'optionalAccess', _406 => _406.path, 'optionalAccess', _407 => _407.access]) || "";
3140
3226
  } else {
3141
- tmpDir = _optionalChain([$asai, 'access', _388 => _388.hostconfig, 'access', _389 => _389.logger, 'optionalAccess', _390 => _390.path, 'optionalAccess', _391 => _391[tmpDir]]) || "";
3227
+ tmpDir = _optionalChain([$asai, 'access', _408 => _408.hostconfig, 'access', _409 => _409.logger, 'optionalAccess', _410 => _410.path, 'optionalAccess', _411 => _411[tmpDir]]) || "";
3142
3228
  }
3143
3229
  } else {
3144
- tmpDir = _optionalChain([$asai, 'access', _392 => _392.hostconfig, 'access', _393 => _393.logger, 'optionalAccess', _394 => _394.path, 'optionalAccess', _395 => _395.client]) || "";
3230
+ tmpDir = _optionalChain([$asai, 'access', _412 => _412.hostconfig, 'access', _413 => _413.logger, 'optionalAccess', _414 => _414.path, 'optionalAccess', _415 => _415.client]) || "";
3145
3231
  }
3146
3232
  }
3147
3233
  return tmpDir;
@@ -3173,7 +3259,7 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3173
3259
  if (!await ensureLv(req, $asai, 3)) return sendFail(res, "Forbidden", opt);
3174
3260
  try {
3175
3261
  const baseDir = getDir(opt);
3176
- const relPath = decodeURIComponent(_optionalChain([opt, 'access', _396 => _396.qrdata, 'optionalAccess', _397 => _397.path]) || _optionalChain([opt, 'access', _398 => _398.data, 'optionalAccess', _399 => _399.path]));
3262
+ const relPath = decodeURIComponent(_optionalChain([opt, 'access', _416 => _416.qrdata, 'optionalAccess', _417 => _417.path]) || _optionalChain([opt, 'access', _418 => _418.data, 'optionalAccess', _419 => _419.path]));
3177
3263
  const jsonpath = resolvePathUnderBase2(baseDir, relPath);
3178
3264
  await ensureFile2(jsonpath);
3179
3265
  mgLog("ENSURE", jsonpath);
@@ -3194,7 +3280,7 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3194
3280
  if (url.startsWith("/api/asailog/manage/selectlist/")) {
3195
3281
  if (!await ensureLv(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3196
3282
  try {
3197
- const ty = decodeURIComponent(_optionalChain([opt, 'access', _400 => _400.qrdata, 'optionalAccess', _401 => _401.ty]) || _optionalChain([opt, 'access', _402 => _402.data, 'optionalAccess', _403 => _403.ty]) || "client");
3283
+ const ty = decodeURIComponent(_optionalChain([opt, 'access', _420 => _420.qrdata, 'optionalAccess', _421 => _421.ty]) || _optionalChain([opt, 'access', _422 => _422.data, 'optionalAccess', _423 => _423.ty]) || "client");
3198
3284
  if (!_chunkHR5JKN7Ycjs.prefersDiskLogAccess.call(void 0, $asai) && _chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai) && (ty === "client" || ty === "server" || ty === "sec")) {
3199
3285
  const kind = ty === "sec" ? "sec" : "web";
3200
3286
  const groups = await _chunkHR5JKN7Ycjs.listUnifiedGroups.call(void 0, $asai, { kind, source: ty === "sec" ? "sec" : ty });
@@ -3222,8 +3308,8 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3222
3308
  if (url.startsWith("/api/asailog/manage/select/")) {
3223
3309
  if (!await ensureLv(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3224
3310
  try {
3225
- const ty = decodeURIComponent(_optionalChain([opt, 'access', _404 => _404.qrdata, 'optionalAccess', _405 => _405.ty]) || _optionalChain([opt, 'access', _406 => _406.data, 'optionalAccess', _407 => _407.ty]) || "client");
3226
- const relPath = decodeURIComponent(_optionalChain([opt, 'access', _408 => _408.qrdata, 'optionalAccess', _409 => _409.path]) || _optionalChain([opt, 'access', _410 => _410.data, 'optionalAccess', _411 => _411.path]));
3311
+ const ty = decodeURIComponent(_optionalChain([opt, 'access', _424 => _424.qrdata, 'optionalAccess', _425 => _425.ty]) || _optionalChain([opt, 'access', _426 => _426.data, 'optionalAccess', _427 => _427.ty]) || "client");
3312
+ const relPath = decodeURIComponent(_optionalChain([opt, 'access', _428 => _428.qrdata, 'optionalAccess', _429 => _429.path]) || _optionalChain([opt, 'access', _430 => _430.data, 'optionalAccess', _431 => _431.path]));
3227
3313
  if (!_chunkHR5JKN7Ycjs.prefersDiskLogAccess.call(void 0, $asai) && _chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai) && (ty === "client" || ty === "server" || ty === "sec")) {
3228
3314
  const data2 = await _chunkHR5JKN7Ycjs.readWebLogFromStore.call(void 0, $asai, ty, relPath);
3229
3315
  if (data2) {
@@ -3251,7 +3337,7 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3251
3337
  if (!await ensureLv(req, $asai, 3)) return sendFail(res, "Forbidden", opt);
3252
3338
  try {
3253
3339
  const baseDir = getDir(opt);
3254
- const relPath = decodeURIComponent(_optionalChain([opt, 'access', _412 => _412.qrdata, 'optionalAccess', _413 => _413.path]) || _optionalChain([opt, 'access', _414 => _414.data, 'optionalAccess', _415 => _415.path]));
3340
+ const relPath = decodeURIComponent(_optionalChain([opt, 'access', _432 => _432.qrdata, 'optionalAccess', _433 => _433.path]) || _optionalChain([opt, 'access', _434 => _434.data, 'optionalAccess', _435 => _435.path]));
3255
3341
  const fileName = relPath.split(/[/\\]/).pop() || relPath;
3256
3342
  if (_chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai)) {
3257
3343
  await _chunkHR5JKN7Ycjs.purgeStoreEntriesForFile.call(void 0, $asai, fileName).catch(() => void 0);
@@ -3274,14 +3360,14 @@ var logmanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($
3274
3360
 
3275
3361
  // src/infra/siem-auth.ts
3276
3362
  function isSiemEnabled($asai) {
3277
- const cfg = _optionalChain([$asai, 'optionalAccess', _416 => _416.hostconfig, 'optionalAccess', _417 => _417.logger, 'optionalAccess', _418 => _418.siem]);
3278
- return !!(_optionalChain([cfg, 'optionalAccess', _419 => _419.enabled]) && getSiemToken($asai));
3363
+ const cfg = _optionalChain([$asai, 'optionalAccess', _436 => _436.hostconfig, 'optionalAccess', _437 => _437.logger, 'optionalAccess', _438 => _438.siem]);
3364
+ return !!(_optionalChain([cfg, 'optionalAccess', _439 => _439.enabled]) && getSiemToken($asai));
3279
3365
  }
3280
3366
  _chunkSMVZ3ZDJcjs.__name.call(void 0, isSiemEnabled, "isSiemEnabled");
3281
3367
  function getSiemToken($asai) {
3282
3368
  const fromEnv = process.env.ASAI_SIEM_TOKEN;
3283
3369
  if (typeof fromEnv === "string" && fromEnv.trim()) return fromEnv.trim();
3284
- const fromCfg = _optionalChain([$asai, 'optionalAccess', _420 => _420.hostconfig, 'optionalAccess', _421 => _421.logger, 'optionalAccess', _422 => _422.siem, 'optionalAccess', _423 => _423.token]);
3370
+ const fromCfg = _optionalChain([$asai, 'optionalAccess', _440 => _440.hostconfig, 'optionalAccess', _441 => _441.logger, 'optionalAccess', _442 => _442.siem, 'optionalAccess', _443 => _443.token]);
3285
3371
  return typeof fromCfg === "string" ? fromCfg.trim() : "";
3286
3372
  }
3287
3373
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getSiemToken, "getSiemToken");
@@ -3289,9 +3375,9 @@ function isSiemTokenValid($asai, req) {
3289
3375
  if (!isSiemEnabled($asai)) return false;
3290
3376
  const expected = getSiemToken($asai);
3291
3377
  if (!expected) return false;
3292
- const header = _optionalChain([req, 'optionalAccess', _424 => _424.headers, 'optionalAccess', _425 => _425["x-siem-token"]]) || _optionalChain([req, 'optionalAccess', _426 => _426.headers, 'optionalAccess', _427 => _427["x-api-key"]]);
3378
+ const header = _optionalChain([req, 'optionalAccess', _444 => _444.headers, 'optionalAccess', _445 => _445["x-siem-token"]]) || _optionalChain([req, 'optionalAccess', _446 => _446.headers, 'optionalAccess', _447 => _447["x-api-key"]]);
3293
3379
  if (typeof header === "string" && header === expected) return true;
3294
- const q = _optionalChain([req, 'optionalAccess', _428 => _428.query]) || {};
3380
+ const q = _optionalChain([req, 'optionalAccess', _448 => _448.query]) || {};
3295
3381
  const qToken = q.siem_token || q.token;
3296
3382
  return typeof qToken === "string" && qToken === expected;
3297
3383
  }
@@ -3315,20 +3401,20 @@ function getNs(raw) {
3315
3401
  }
3316
3402
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getNs, "getNs");
3317
3403
  async function ensureServerUser(req, $asai) {
3318
- if (Array.isArray(_optionalChain([req, 'optionalAccess', _429 => _429.Userinfo])) && req.Userinfo[0]) {
3404
+ if (Array.isArray(_optionalChain([req, 'optionalAccess', _449 => _449.Userinfo])) && req.Userinfo[0]) {
3319
3405
  await attachServerUserLevel(req, $asai);
3320
3406
  }
3321
3407
  }
3322
3408
  _chunkSMVZ3ZDJcjs.__name.call(void 0, ensureServerUser, "ensureServerUser");
3323
3409
  var interventionlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3324
- const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _430 => _430.$lib, 'optionalAccess', _431 => _431.reqWork, 'optionalCall', _432 => _432($asai)]) || {};
3410
+ const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _450 => _450.$lib, 'optionalAccess', _451 => _451.reqWork, 'optionalCall', _452 => _452($asai)]) || {};
3325
3411
  const IL = $asai.$lib.InterventionLog;
3326
3412
  async function get(req, res, hostdir, opt) {
3327
3413
  const url = req.url || "";
3328
3414
  if (url.startsWith("/api/asailog/intervention/selectlist/")) {
3329
3415
  if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3330
3416
  try {
3331
- const ns = getNs(_optionalChain([opt, 'access', _433 => _433.qrdata, 'optionalAccess', _434 => _434.ns]) || _optionalChain([opt, 'access', _435 => _435.data, 'optionalAccess', _436 => _436.ns]));
3417
+ const ns = getNs(_optionalChain([opt, 'access', _453 => _453.qrdata, 'optionalAccess', _454 => _454.ns]) || _optionalChain([opt, 'access', _455 => _455.data, 'optionalAccess', _456 => _456.ns]));
3332
3418
  let list = await IL.listInterventionFiles($asai, ns);
3333
3419
  if (_chunkHR5JKN7Ycjs.isLogStoreEnabled.call(void 0, $asai) && !_chunkHR5JKN7Ycjs.prefersDiskLogAccess.call(void 0, $asai)) {
3334
3420
  const groups = await _chunkHR5JKN7Ycjs.listUnifiedGroups.call(void 0, $asai, { kind: "intervention", ns });
@@ -3340,19 +3426,19 @@ var interventionlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void
3340
3426
  }
3341
3427
  return sendSuccess(res, { ns, files: list }, opt);
3342
3428
  } catch (err) {
3343
- return sendFail(res, _optionalChain([err, 'optionalAccess', _437 => _437.message]) || err, opt);
3429
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _457 => _457.message]) || err, opt);
3344
3430
  }
3345
3431
  }
3346
3432
  if (url.startsWith("/api/asailog/intervention/select/")) {
3347
3433
  if (!await ensureLogReadAccess(req, $asai, _chunkGXOFLFFWcjs.getPermissionThreshold.call(void 0, $asai, "logRead"))) return sendFail(res, "Forbidden", opt);
3348
3434
  try {
3349
- const name = decodeURIComponent(_optionalChain([opt, 'access', _438 => _438.qrdata, 'optionalAccess', _439 => _439.name]) || _optionalChain([opt, 'access', _440 => _440.data, 'optionalAccess', _441 => _441.name]) || "");
3350
- const ns = getNs(_optionalChain([opt, 'access', _442 => _442.qrdata, 'optionalAccess', _443 => _443.ns]) || _optionalChain([opt, 'access', _444 => _444.data, 'optionalAccess', _445 => _445.ns]));
3435
+ const name = decodeURIComponent(_optionalChain([opt, 'access', _458 => _458.qrdata, 'optionalAccess', _459 => _459.name]) || _optionalChain([opt, 'access', _460 => _460.data, 'optionalAccess', _461 => _461.name]) || "");
3436
+ const ns = getNs(_optionalChain([opt, 'access', _462 => _462.qrdata, 'optionalAccess', _463 => _463.ns]) || _optionalChain([opt, 'access', _464 => _464.data, 'optionalAccess', _465 => _465.ns]));
3351
3437
  if (!name) return sendFail(res, "name required", opt);
3352
3438
  const content = await IL.readInterventionFile($asai, name, ns);
3353
3439
  return sendSuccess(res, { ns, ...content }, opt);
3354
3440
  } catch (err) {
3355
- return sendFail(res, _optionalChain([err, 'optionalAccess', _446 => _446.message]) || err, opt);
3441
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _466 => _466.message]) || err, opt);
3356
3442
  }
3357
3443
  }
3358
3444
  if (url.startsWith("/api/asailog/intervention/types/")) {
@@ -3360,7 +3446,7 @@ var interventionlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void
3360
3446
  try {
3361
3447
  return sendSuccess(res, IL.getInterventionTaxonomy($asai), opt);
3362
3448
  } catch (err) {
3363
- return sendFail(res, _optionalChain([err, 'optionalAccess', _447 => _447.message]) || err, opt);
3449
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _467 => _467.message]) || err, opt);
3364
3450
  }
3365
3451
  }
3366
3452
  }
@@ -3390,7 +3476,7 @@ var interventionlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void
3390
3476
  );
3391
3477
  return sendSuccess(res, { ns, ...result }, opt);
3392
3478
  } catch (err) {
3393
- return sendFail(res, _optionalChain([err, 'optionalAccess', _448 => _448.message]) || err, opt);
3479
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _468 => _468.message]) || err, opt);
3394
3480
  }
3395
3481
  }
3396
3482
  }
@@ -3409,11 +3495,11 @@ function parseQuery(opt) {
3409
3495
  }
3410
3496
  _chunkSMVZ3ZDJcjs.__name.call(void 0, parseQuery, "parseQuery");
3411
3497
  function parseBody(opt) {
3412
- if (!_optionalChain([opt, 'optionalAccess', _449 => _449.data])) return {};
3498
+ if (!_optionalChain([opt, 'optionalAccess', _469 => _469.data])) return {};
3413
3499
  if (typeof opt.data === "string") {
3414
3500
  try {
3415
3501
  return JSON.parse(opt.data);
3416
- } catch (e36) {
3502
+ } catch (e40) {
3417
3503
  return {};
3418
3504
  }
3419
3505
  }
@@ -3421,7 +3507,7 @@ function parseBody(opt) {
3421
3507
  }
3422
3508
  _chunkSMVZ3ZDJcjs.__name.call(void 0, parseBody, "parseBody");
3423
3509
  var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3424
- const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _450 => _450.$lib, 'optionalAccess', _451 => _451.reqWork, 'optionalCall', _452 => _452($asai)]) || {};
3510
+ const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _470 => _470.$lib, 'optionalAccess', _471 => _471.reqWork, 'optionalCall', _472 => _472($asai)]) || {};
3425
3511
  const IL = $asai.$lib.InterventionLog;
3426
3512
  async function get(req, res, hostdir, opt) {
3427
3513
  const url = req.url || "";
@@ -3431,7 +3517,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3431
3517
  try {
3432
3518
  return sendSuccess(res, _chunkHR5JKN7Ycjs.getLogStoreMeta.call(void 0, $asai), opt);
3433
3519
  } catch (err) {
3434
- return sendFail(res, _optionalChain([err, 'optionalAccess', _453 => _453.message]) || err, opt);
3520
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _473 => _473.message]) || err, opt);
3435
3521
  }
3436
3522
  }
3437
3523
  if (url.startsWith("/api/asailog/store/stats/")) {
@@ -3444,7 +3530,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3444
3530
  const stats = await _chunkHR5JKN7Ycjs.getUnifiedStats.call(void 0, $asai);
3445
3531
  return sendSuccess(res, { store: storeType, stats, config: _chunkHR5JKN7Ycjs.getLogStoreMeta.call(void 0, $asai) }, opt);
3446
3532
  } catch (err) {
3447
- return sendFail(res, _optionalChain([err, 'optionalAccess', _454 => _454.message]) || err, opt);
3533
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _474 => _474.message]) || err, opt);
3448
3534
  }
3449
3535
  }
3450
3536
  if (url.startsWith("/api/asailog/store/compliance/")) {
@@ -3454,7 +3540,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3454
3540
  const report = await _chunkHR5JKN7Ycjs.getComplianceReport.call(void 0, $asai, ns);
3455
3541
  return sendSuccess(res, report, opt);
3456
3542
  } catch (err) {
3457
- return sendFail(res, _optionalChain([err, 'optionalAccess', _455 => _455.message]) || err, opt);
3543
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _475 => _475.message]) || err, opt);
3458
3544
  }
3459
3545
  }
3460
3546
  if (url.startsWith("/api/asailog/store/search/")) {
@@ -3476,7 +3562,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3476
3562
  });
3477
3563
  return sendSuccess(res, result, opt);
3478
3564
  } catch (err) {
3479
- return sendFail(res, _optionalChain([err, 'optionalAccess', _456 => _456.message]) || err, opt);
3565
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _476 => _476.message]) || err, opt);
3480
3566
  }
3481
3567
  }
3482
3568
  if (url.startsWith("/api/asailog/store/export/")) {
@@ -3497,7 +3583,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3497
3583
  });
3498
3584
  return sendSuccess(res, payload, opt);
3499
3585
  } catch (err) {
3500
- return sendFail(res, _optionalChain([err, 'optionalAccess', _457 => _457.message]) || err, opt);
3586
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _477 => _477.message]) || err, opt);
3501
3587
  }
3502
3588
  }
3503
3589
  if (url.startsWith("/api/asailog/store/taxonomy/")) {
@@ -3505,7 +3591,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3505
3591
  try {
3506
3592
  return sendSuccess(res, IL.getInterventionTaxonomy($asai), opt);
3507
3593
  } catch (err) {
3508
- return sendFail(res, _optionalChain([err, 'optionalAccess', _458 => _458.message]) || err, opt);
3594
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _478 => _478.message]) || err, opt);
3509
3595
  }
3510
3596
  }
3511
3597
  if (url.startsWith("/api/asailog/store/formats/")) {
@@ -3514,7 +3600,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3514
3600
  const { getLogFormatTaxonomy } = await Promise.resolve().then(() => _interopRequireWildcard(require("./log-formats-TUXGMCCU.cjs")));
3515
3601
  return sendSuccess(res, getLogFormatTaxonomy($asai), opt);
3516
3602
  } catch (err) {
3517
- return sendFail(res, _optionalChain([err, 'optionalAccess', _459 => _459.message]) || err, opt);
3603
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _479 => _479.message]) || err, opt);
3518
3604
  }
3519
3605
  }
3520
3606
  if (url.startsWith("/api/asailog/store/selectlist/")) {
@@ -3541,7 +3627,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3541
3627
  }
3542
3628
  return sendSuccess(res, { groups }, opt);
3543
3629
  } catch (err) {
3544
- return sendFail(res, _optionalChain([err, 'optionalAccess', _460 => _460.message]) || err, opt);
3630
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _480 => _480.message]) || err, opt);
3545
3631
  }
3546
3632
  }
3547
3633
  if (url.startsWith("/api/asailog/store/select/")) {
@@ -3575,7 +3661,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3575
3661
  });
3576
3662
  return sendSuccess(res, { entries: rows }, opt);
3577
3663
  } catch (err) {
3578
- return sendFail(res, _optionalChain([err, 'optionalAccess', _461 => _461.message]) || err, opt);
3664
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _481 => _481.message]) || err, opt);
3579
3665
  }
3580
3666
  }
3581
3667
  }
@@ -3597,7 +3683,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3597
3683
  });
3598
3684
  return sendSuccess(res, result, opt);
3599
3685
  } catch (err) {
3600
- return sendFail(res, _optionalChain([err, 'optionalAccess', _462 => _462.message]) || err, opt);
3686
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _482 => _482.message]) || err, opt);
3601
3687
  }
3602
3688
  }
3603
3689
  _chunkSMVZ3ZDJcjs.__name.call(void 0, post, "post");
@@ -3609,7 +3695,7 @@ var unifiedlog_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3609
3695
 
3610
3696
  var registry = null;
3611
3697
  function resolveFilePath($asai) {
3612
- const root = _optionalChain([$asai, 'optionalAccess', _463 => _463.serverRoot]) || process.cwd();
3698
+ const root = _optionalChain([$asai, 'optionalAccess', _483 => _483.serverRoot]) || process.cwd();
3613
3699
  return nodePath3.join(root, "websys/sys/errorcodes.json");
3614
3700
  }
3615
3701
  _chunkSMVZ3ZDJcjs.__name.call(void 0, resolveFilePath, "resolveFilePath");
@@ -3619,7 +3705,7 @@ function loadErrorCodes($asai) {
3619
3705
  try {
3620
3706
  const raw = fs8.readFileSync(filePath, "utf8");
3621
3707
  registry = JSON.parse(raw);
3622
- } catch (e37) {
3708
+ } catch (e41) {
3623
3709
  registry = { version: "0", errors: {} };
3624
3710
  }
3625
3711
  if ($asai) $asai.errorcodes = registry;
@@ -3627,7 +3713,7 @@ function loadErrorCodes($asai) {
3627
3713
  }
3628
3714
  _chunkSMVZ3ZDJcjs.__name.call(void 0, loadErrorCodes, "loadErrorCodes");
3629
3715
  function getError(ec) {
3630
- return _optionalChain([registry, 'optionalAccess', _464 => _464.errors, 'optionalAccess', _465 => _465[ec]]) || null;
3716
+ return _optionalChain([registry, 'optionalAccess', _484 => _484.errors, 'optionalAccess', _485 => _485[ec]]) || null;
3631
3717
  }
3632
3718
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getError, "getError");
3633
3719
  function hasError(ec) {
@@ -3636,11 +3722,11 @@ function hasError(ec) {
3636
3722
  _chunkSMVZ3ZDJcjs.__name.call(void 0, hasError, "hasError");
3637
3723
  function logError($asai, ec, params) {
3638
3724
  const entry = getError(ec);
3639
- const logFn = _optionalChain([$asai, 'optionalAccess', _466 => _466.$log]) || console.warn;
3725
+ const logFn = _optionalChain([$asai, 'optionalAccess', _486 => _486.$log]) || console.warn;
3640
3726
  if (entry) {
3641
- logFn(`[EC:${ec}]`, entry.id || "", entry.detail || "", _optionalChain([params, 'optionalAccess', _467 => _467.length]) ? params : "");
3727
+ logFn(`[EC:${ec}]`, entry.id || "", entry.detail || "", _optionalChain([params, 'optionalAccess', _487 => _487.length]) ? params : "");
3642
3728
  } else {
3643
- logFn(`[EC:${ec}]`, "(unregistered)", _optionalChain([params, 'optionalAccess', _468 => _468.length]) ? params : "");
3729
+ logFn(`[EC:${ec}]`, "(unregistered)", _optionalChain([params, 'optionalAccess', _488 => _488.length]) ? params : "");
3644
3730
  }
3645
3731
  }
3646
3732
  _chunkSMVZ3ZDJcjs.__name.call(void 0, logError, "logError");
@@ -3668,14 +3754,14 @@ var ErrorCode_default = {
3668
3754
 
3669
3755
  // src/sysserver/api/common/errorcodes.ts
3670
3756
  var errorcodes_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3671
- const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _469 => _469.$lib, 'optionalAccess', _470 => _470.reqWork, 'optionalCall', _471 => _471($asai)]) || {};
3757
+ const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _489 => _489.$lib, 'optionalAccess', _490 => _490.reqWork, 'optionalCall', _491 => _491($asai)]) || {};
3672
3758
  function get(req, res, _hostdir, opt) {
3673
3759
  const url = req.url || "";
3674
3760
  if (url.startsWith("/api/sys/errorcodes/")) {
3675
3761
  try {
3676
3762
  return sendSuccess(res, loadErrorCodes($asai), opt);
3677
3763
  } catch (err) {
3678
- return sendFail(res, _optionalChain([err, 'optionalAccess', _472 => _472.message]) || err, opt);
3764
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _492 => _492.message]) || err, opt);
3679
3765
  }
3680
3766
  }
3681
3767
  }
@@ -3685,9 +3771,9 @@ var errorcodes_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (
3685
3771
 
3686
3772
  // src/sysserver/api/common/sqlitemanage.ts
3687
3773
  var sqlitemanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3688
- const { sendSuccess, sendFail, mnLog } = _optionalChain([$asai, 'optionalAccess', _473 => _473.$lib, 'optionalAccess', _474 => _474.reqWork, 'optionalCall', _475 => _475($asai)]) || {};
3774
+ const { sendSuccess, sendFail, mnLog } = _optionalChain([$asai, 'optionalAccess', _493 => _493.$lib, 'optionalAccess', _494 => _494.reqWork, 'optionalCall', _495 => _495($asai)]) || {};
3689
3775
  function mgLog(...arg) {
3690
- _optionalChain([mnLog, 'optionalCall', _476 => _476("SQLite", ...arg)]);
3776
+ _optionalChain([mnLog, 'optionalCall', _496 => _496("SQLite", ...arg)]);
3691
3777
  }
3692
3778
  _chunkSMVZ3ZDJcjs.__name.call(void 0, mgLog, "mgLog");
3693
3779
  return $asai.$lib.AsDb($asai, {
@@ -3705,7 +3791,7 @@ var sqlitemanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0,
3705
3791
  if (req.url.startsWith("/api/asaisqlite/manage/post")) {
3706
3792
  try {
3707
3793
  mgLog("POST", "custom handler triggered");
3708
- _optionalChain([sendSuccess, 'optionalCall', _477 => _477(res, { data: "post" }, opt)]);
3794
+ _optionalChain([sendSuccess, 'optionalCall', _497 => _497(res, { data: "post" }, opt)]);
3709
3795
  } catch (err) {
3710
3796
  mgLog("ERROR", "post handler", err);
3711
3797
  }
@@ -3722,10 +3808,10 @@ var sqlitemanage_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0,
3722
3808
  table: dataObj.table
3723
3809
  });
3724
3810
  mgLog("SELECT", "completed");
3725
- _optionalChain([sendSuccess, 'optionalCall', _478 => _478(res, resdb, opt)]);
3811
+ _optionalChain([sendSuccess, 'optionalCall', _498 => _498(res, resdb, opt)]);
3726
3812
  } catch (errdb) {
3727
3813
  mgLog("ERROR", "select", errdb);
3728
- _optionalChain([sendFail, 'optionalCall', _479 => _479(res, errdb, opt)]);
3814
+ _optionalChain([sendFail, 'optionalCall', _499 => _499(res, errdb, opt)]);
3729
3815
  }
3730
3816
  return "ok";
3731
3817
  }
@@ -3741,7 +3827,7 @@ function promLine(name, value, labels) {
3741
3827
  }
3742
3828
  _chunkSMVZ3ZDJcjs.__name.call(void 0, promLine, "promLine");
3743
3829
  var health_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
3744
- const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _480 => _480.$lib, 'optionalAccess', _481 => _481.reqWork, 'optionalCall', _482 => _482($asai)]) || {};
3830
+ const { sendSuccess, sendFail } = _optionalChain([$asai, 'access', _500 => _500.$lib, 'optionalAccess', _501 => _501.reqWork, 'optionalCall', _502 => _502($asai)]) || {};
3745
3831
  async function get(req, res, _hostdir, opt) {
3746
3832
  const url = req.url || "";
3747
3833
  if (url.startsWith("/api/sys/health/metrics/")) {
@@ -3750,10 +3836,10 @@ var health_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asa
3750
3836
  let httpTotal = 0;
3751
3837
  let wsTotal = 0;
3752
3838
  for (const set of Object.values($asai.connectionshttp || {})) {
3753
- httpTotal += _optionalChain([set, 'optionalAccess', _483 => _483.size]) || 0;
3839
+ httpTotal += _optionalChain([set, 'optionalAccess', _503 => _503.size]) || 0;
3754
3840
  }
3755
3841
  for (const set of Object.values($asai.connectionsws || {})) {
3756
- wsTotal += _optionalChain([set, 'optionalAccess', _484 => _484.size]) || 0;
3842
+ wsTotal += _optionalChain([set, 'optionalAccess', _504 => _504.size]) || 0;
3757
3843
  }
3758
3844
  const lines = [
3759
3845
  "# HELP asai_uptime_seconds Process uptime",
@@ -3775,7 +3861,7 @@ var health_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asa
3775
3861
  res.writeHead(200, { "Content-Type": "text/plain; charset=utf-8" });
3776
3862
  return res.end(lines.join("\n") + "\n");
3777
3863
  } catch (err) {
3778
- return sendFail(res, _optionalChain([err, 'optionalAccess', _485 => _485.message]) || err, opt);
3864
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _505 => _505.message]) || err, opt);
3779
3865
  }
3780
3866
  }
3781
3867
  if (url.startsWith("/api/sys/health/status/")) {
@@ -3788,10 +3874,10 @@ var health_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asa
3788
3874
  memory: process.memoryUsage(),
3789
3875
  quota: {
3790
3876
  http: Object.fromEntries(
3791
- Object.entries($asai.connectionshttp || {}).map(([k, v]) => [k, _optionalChain([v, 'optionalAccess', _486 => _486.size]) || 0])
3877
+ Object.entries($asai.connectionshttp || {}).map(([k, v]) => [k, _optionalChain([v, 'optionalAccess', _506 => _506.size]) || 0])
3792
3878
  ),
3793
3879
  ws: Object.fromEntries(
3794
- Object.entries($asai.connectionsws || {}).map(([k, v]) => [k, _optionalChain([v, 'optionalAccess', _487 => _487.size]) || 0])
3880
+ Object.entries($asai.connectionsws || {}).map(([k, v]) => [k, _optionalChain([v, 'optionalAccess', _507 => _507.size]) || 0])
3795
3881
  )
3796
3882
  }
3797
3883
  },
@@ -3832,7 +3918,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, sanitizeString, "sanitizeString");
3832
3918
  // src/sysserver/api/login/service/session.ts
3833
3919
 
3834
3920
  function getSessionTtlMs($asai) {
3835
- const hours = _nullishCoalesce(_optionalChain([$asai, 'optionalAccess', _488 => _488.hostconfig, 'optionalAccess', _489 => _489.security, 'optionalAccess', _490 => _490.sessionTtlHours]), () => ( 24));
3921
+ const hours = _nullishCoalesce(_optionalChain([$asai, 'optionalAccess', _508 => _508.hostconfig, 'optionalAccess', _509 => _509.security, 'optionalAccess', _510 => _510.sessionTtlHours]), () => ( 24));
3836
3922
  return Number(hours) * 3600 * 1e3;
3837
3923
  }
3838
3924
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getSessionTtlMs, "getSessionTtlMs");
@@ -3849,7 +3935,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, generatePriKey, "generatePriKey");
3849
3935
  function createSessionKeys($asai) {
3850
3936
  const sessionId = _crypto.randomUUID.call(void 0, );
3851
3937
  const pri = generatePriKey();
3852
- const sn = _optionalChain([$asai, 'optionalAccess', _491 => _491.hostconfig, 'optionalAccess', _492 => _492.asaisn]);
3938
+ const sn = _optionalChain([$asai, 'optionalAccess', _511 => _511.hostconfig, 'optionalAccess', _512 => _512.asaisn]);
3853
3939
  if (!sn) throw new Error("[session] ASAI_ASAISN \u672A\u914D\u7F6E");
3854
3940
  const pub = $asai.$lib.AsCode.asencode(pri, sn);
3855
3941
  return { pri, pub, sessionId };
@@ -3899,20 +3985,20 @@ function unwrapJsonString(value) {
3899
3985
  if (!text.startsWith("{") && !text.startsWith("[")) return value;
3900
3986
  try {
3901
3987
  return JSON.parse(text);
3902
- } catch (e38) {
3988
+ } catch (e42) {
3903
3989
  return value;
3904
3990
  }
3905
3991
  }
3906
3992
  _chunkSMVZ3ZDJcjs.__name.call(void 0, unwrapJsonString, "unwrapJsonString");
3907
3993
  function parseAuthBody(opt) {
3908
- let raw = _optionalChain([opt, 'optionalAccess', _493 => _493.data]);
3994
+ let raw = _optionalChain([opt, 'optionalAccess', _513 => _513.data]);
3909
3995
  if (raw == null || raw === "") return {};
3910
3996
  if (typeof raw === "string") {
3911
3997
  const text = raw.trim();
3912
3998
  if (!text) return {};
3913
3999
  try {
3914
4000
  raw = JSON.parse(text);
3915
- } catch (e39) {
4001
+ } catch (e43) {
3916
4002
  if (text.includes("=") && !text.startsWith("{") && !text.startsWith("[")) {
3917
4003
  raw = Object.fromEntries(new URLSearchParams(text));
3918
4004
  } else {
@@ -3981,7 +4067,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, purgeOfflineSessions, "purgeOfflineSession
3981
4067
 
3982
4068
  // src/sysserver/api/login/index.ts
3983
4069
  function getSecurity($asai) {
3984
- return _optionalChain([$asai, 'optionalAccess', _494 => _494.hostconfig, 'optionalAccess', _495 => _495.security]) || {};
4070
+ return _optionalChain([$asai, 'optionalAccess', _514 => _514.hostconfig, 'optionalAccess', _515 => _515.security]) || {};
3985
4071
  }
3986
4072
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getSecurity, "getSecurity");
3987
4073
  function getQuota2($asai) {
@@ -3994,7 +4080,7 @@ async function canLogin($asai, us, hostdir) {
3994
4080
  if (!quota.enabled) return { ok: true };
3995
4081
  const store = _chunkZK4O4Z2Ocjs.createUserStore.call(void 0, $asai);
3996
4082
  const total = await countOnlineSessions($asai, hostdir, store);
3997
- const maxLogin = _nullishCoalesce(_nullishCoalesce(quota.maxLoginSessions, () => ( _optionalChain([$asai, 'optionalAccess', _496 => _496.hostconfig, 'optionalAccess', _497 => _497.hosts, 'optionalAccess', _498 => _498.default, 'optionalAccess', _499 => _499.maxonline]))), () => ( 100));
4083
+ const maxLogin = _nullishCoalesce(_nullishCoalesce(quota.maxLoginSessions, () => ( _optionalChain([$asai, 'optionalAccess', _516 => _516.hostconfig, 'optionalAccess', _517 => _517.hosts, 'optionalAccess', _518 => _518.default, 'optionalAccess', _519 => _519.maxonline]))), () => ( 100));
3998
4084
  if (total >= maxLogin) {
3999
4085
  return { ok: false, message: "LOGIN_QUOTA_FULL" };
4000
4086
  }
@@ -4027,7 +4113,7 @@ function ensureReady($asai) {
4027
4113
  }
4028
4114
  _chunkSMVZ3ZDJcjs.__name.call(void 0, ensureReady, "ensureReady");
4029
4115
  var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
4030
- const { sendSuccess, sendFail, sendErr } = _optionalChain([$asai, 'access', _500 => _500.$lib, 'optionalAccess', _501 => _501.reqWork, 'optionalCall', _502 => _502($asai)]) || {};
4116
+ const { sendSuccess, sendFail, sendErr } = _optionalChain([$asai, 'access', _520 => _520.$lib, 'optionalAccess', _521 => _521.reqWork, 'optionalCall', _522 => _522($asai)]) || {};
4031
4117
  const store = _chunkZK4O4Z2Ocjs.createUserStore.call(void 0, $asai);
4032
4118
  async function checkAdmin(req, pathname, minOverride) {
4033
4119
  await attachServerUserLevel(req, $asai);
@@ -4068,7 +4154,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4068
4154
  logSecurityEvent($asai, { type: "AUTH_SUCCESS", path: url, method: "POST", user: us, ip, detail: "password_changed" });
4069
4155
  return sendSuccess(res, { ok: true }, opt);
4070
4156
  } catch (err) {
4071
- return sendFail(res, _optionalChain([err, 'optionalAccess', _503 => _503.message]) || err, opt);
4157
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _523 => _523.message]) || err, opt);
4072
4158
  }
4073
4159
  }
4074
4160
  if (url.startsWith("/api/user/login/register/")) {
@@ -4101,11 +4187,11 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4101
4187
  logSecurityEvent($asai, { type: "AUTH_SUCCESS", path: url, method: "POST", user: us, ip, detail: "register_ok" });
4102
4188
  return sendSuccess(res, { user: publicUser($asai, user) }, opt);
4103
4189
  } catch (err) {
4104
- const msg = _optionalChain([err, 'optionalAccess', _504 => _504.message]) || String(err);
4190
+ const msg = _optionalChain([err, 'optionalAccess', _524 => _524.message]) || String(err);
4105
4191
  if (msg.includes("exists") || msg.includes("\u5DF2\u5B58\u5728")) {
4106
4192
  return sendErr(res, "USER_ALREADY_EXISTS", void 0, opt);
4107
4193
  }
4108
- return sendFail(res, _optionalChain([err, 'optionalAccess', _505 => _505.message]) || err, opt);
4194
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _525 => _525.message]) || err, opt);
4109
4195
  }
4110
4196
  }
4111
4197
  if (url.startsWith("/api/user/login/auth/")) {
@@ -4139,9 +4225,15 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4139
4225
  }
4140
4226
  const policy = _chunkGXOFLFFWcjs.getPasswordPolicy.call(void 0, $asai);
4141
4227
  const mustChange = !!user.mustChangePassword || _chunkGXOFLFFWcjs.isPasswordExpired.call(void 0, user.passwordChangedAt, policy.maxAgeDays);
4142
- const hostcfg = _optionalChain([$asai, 'access', _506 => _506.getHost, 'optionalCall', _507 => _507(hostdir)]) || {};
4143
- if (hostcfg.ckws && isUserOnlineOnWs($asai, us, hostdir)) {
4144
- kickUserWs($asai, us, hostdir);
4228
+ const hostcfg = _optionalChain([$asai, 'access', _526 => _526.getHost, 'optionalCall', _527 => _527(hostdir)]) || {};
4229
+ if (hostcfg.ckws) {
4230
+ const existingWs = _optionalChain([$asai, 'access', _528 => _528.connectionsws, 'optionalAccess', _529 => _529[hostdir], 'optionalAccess', _530 => _530[us]]);
4231
+ if (existingWs) {
4232
+ const cleared = await clearStaleWsIfDead($asai, hostdir, us, existingWs);
4233
+ if (!cleared) {
4234
+ kickUserWs($asai, us, hostdir);
4235
+ }
4236
+ }
4145
4237
  }
4146
4238
  const quotaCheck = await canLogin($asai, us, hostdir);
4147
4239
  if (!quotaCheck.ok) {
@@ -4164,13 +4256,13 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4164
4256
  opt
4165
4257
  );
4166
4258
  } catch (err) {
4167
- return sendFail(res, _optionalChain([err, 'optionalAccess', _508 => _508.message]) || err, opt);
4259
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _531 => _531.message]) || err, opt);
4168
4260
  }
4169
4261
  }
4170
4262
  if (url.startsWith("/api/user/login/logout/")) {
4171
4263
  try {
4172
4264
  const bodySid = body.sessionId ? sanitizeString(body.sessionId, 64) : "";
4173
- const us = _optionalChain([req, 'optionalAccess', _509 => _509.Userinfo, 'optionalAccess', _510 => _510[0]]);
4265
+ const us = _optionalChain([req, 'optionalAccess', _532 => _532.Userinfo, 'optionalAccess', _533 => _533[0]]);
4174
4266
  if (bodySid) {
4175
4267
  if (!us) {
4176
4268
  return sendErr(res, "AUTH_MISSING", void 0, opt);
@@ -4184,7 +4276,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4184
4276
  if (us) logSecurityEvent($asai, { type: "AUTH_SUCCESS", path: url, method: "POST", user: String(us), ip, detail: "logout" });
4185
4277
  return sendSuccess(res, "ok", opt);
4186
4278
  } catch (err) {
4187
- return sendFail(res, _optionalChain([err, 'optionalAccess', _511 => _511.message]) || err, opt);
4279
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _534 => _534.message]) || err, opt);
4188
4280
  }
4189
4281
  }
4190
4282
  if (url.startsWith("/api/user/login/admin/kick/")) {
@@ -4202,7 +4294,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4202
4294
  }
4203
4295
  kickUserWs($asai, target.us, hostdir);
4204
4296
  await store.removeSession(sessionId);
4205
- const operator = String(_optionalChain([req, 'optionalAccess', _512 => _512.Userinfo, 'optionalAccess', _513 => _513[0]]) || "");
4297
+ const operator = String(_optionalChain([req, 'optionalAccess', _535 => _535.Userinfo, 'optionalAccess', _536 => _536[0]]) || "");
4206
4298
  await _chunkARHPHWT5cjs.logSessionTerminate.call(void 0, $asai, {
4207
4299
  operator,
4208
4300
  sessionId,
@@ -4211,7 +4303,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4211
4303
  });
4212
4304
  return sendSuccess(res, { ok: true }, opt);
4213
4305
  } catch (err) {
4214
- return sendFail(res, _optionalChain([err, 'optionalAccess', _514 => _514.message]) || err, opt);
4306
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _537 => _537.message]) || err, opt);
4215
4307
  }
4216
4308
  }
4217
4309
  if (url.startsWith("/api/user/login/admin/delete/")) {
@@ -4223,11 +4315,11 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4223
4315
  if (!targetUs || targetUs === "admin") return sendErr(res, "AUTH_FORBIDDEN", void 0, opt);
4224
4316
  const ok = await store.deleteUser(targetUs);
4225
4317
  if (!ok) return sendErr(res, "AUTH_USER_NOT_FOUND", void 0, opt);
4226
- const operator = String(_optionalChain([req, 'optionalAccess', _515 => _515.Userinfo, 'optionalAccess', _516 => _516[0]]) || "");
4318
+ const operator = String(_optionalChain([req, 'optionalAccess', _538 => _538.Userinfo, 'optionalAccess', _539 => _539[0]]) || "");
4227
4319
  await _chunkARHPHWT5cjs.logAccountPurge.call(void 0, $asai, { operator, targetUs, ip });
4228
4320
  return sendSuccess(res, { ok: true }, opt);
4229
4321
  } catch (err) {
4230
- return sendFail(res, _optionalChain([err, 'optionalAccess', _517 => _517.message]) || err, opt);
4322
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _540 => _540.message]) || err, opt);
4231
4323
  }
4232
4324
  }
4233
4325
  if (url.startsWith("/api/user/login/admin/levels/")) {
@@ -4239,7 +4331,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4239
4331
  const thresholds = body.thresholds && typeof body.thresholds === "object" ? body.thresholds : void 0;
4240
4332
  const routeRights = Array.isArray(body.routeRights) ? body.routeRights : void 0;
4241
4333
  const defaultResetPassword = typeof body.defaultResetPassword === "string" ? body.defaultResetPassword : void 0;
4242
- const operator = String(_optionalChain([req, 'optionalAccess', _518 => _518.Userinfo, 'optionalAccess', _519 => _519[0]]) || "");
4334
+ const operator = String(_optionalChain([req, 'optionalAccess', _541 => _541.Userinfo, 'optionalAccess', _542 => _542[0]]) || "");
4243
4335
  const cfg = await _chunkGXOFLFFWcjs.saveUserLevelConfig.call(void 0,
4244
4336
  $asai,
4245
4337
  {
@@ -4252,13 +4344,13 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4252
4344
  );
4253
4345
  await _chunkARHPHWT5cjs.logSecurityConfigIntervention.call(void 0, $asai, {
4254
4346
  section: "user_levels",
4255
- detail: JSON.stringify({ levels: _optionalChain([levels, 'optionalAccess', _520 => _520.length]), thresholds: !!thresholds, routeRights: _optionalChain([routeRights, 'optionalAccess', _521 => _521.length]) }),
4347
+ detail: JSON.stringify({ levels: _optionalChain([levels, 'optionalAccess', _543 => _543.length]), thresholds: !!thresholds, routeRights: _optionalChain([routeRights, 'optionalAccess', _544 => _544.length]) }),
4256
4348
  operator,
4257
4349
  ip
4258
4350
  });
4259
4351
  return sendSuccess(res, cfg, opt);
4260
4352
  } catch (err) {
4261
- return sendFail(res, _optionalChain([err, 'optionalAccess', _522 => _522.message]) || err, opt);
4353
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _545 => _545.message]) || err, opt);
4262
4354
  }
4263
4355
  }
4264
4356
  if (url.startsWith("/api/user/login/admin/resetpass/")) {
@@ -4292,7 +4384,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4292
4384
  passHistory: "[]"
4293
4385
  });
4294
4386
  if (!updated) return sendErr(res, "AUTH_USER_NOT_FOUND", void 0, opt);
4295
- const operator = String(_optionalChain([req, 'optionalAccess', _523 => _523.Userinfo, 'optionalAccess', _524 => _524[0]]) || "");
4387
+ const operator = String(_optionalChain([req, 'optionalAccess', _546 => _546.Userinfo, 'optionalAccess', _547 => _547[0]]) || "");
4296
4388
  await _chunkARHPHWT5cjs.logUserRbacChange.call(void 0, $asai, {
4297
4389
  operator,
4298
4390
  targetUs,
@@ -4309,7 +4401,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4309
4401
  });
4310
4402
  return sendSuccess(res, { user: publicUser($asai, updated) }, opt);
4311
4403
  } catch (err) {
4312
- return sendFail(res, _optionalChain([err, 'optionalAccess', _525 => _525.message]) || err, opt);
4404
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _548 => _548.message]) || err, opt);
4313
4405
  }
4314
4406
  }
4315
4407
  if (url.startsWith("/api/user/login/admin/update/")) {
@@ -4340,7 +4432,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4340
4432
  if (!updated) return sendErr(res, "AUTH_USER_NOT_FOUND", void 0, opt);
4341
4433
  if (Object.keys(patch).length) {
4342
4434
  await _chunkARHPHWT5cjs.logUserRbacChange.call(void 0, $asai, {
4343
- operator: String(_optionalChain([req, 'optionalAccess', _526 => _526.Userinfo, 'optionalAccess', _527 => _527[0]]) || ""),
4435
+ operator: String(_optionalChain([req, 'optionalAccess', _549 => _549.Userinfo, 'optionalAccess', _550 => _550[0]]) || ""),
4344
4436
  targetUs,
4345
4437
  patch,
4346
4438
  ip
@@ -4348,11 +4440,11 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4348
4440
  }
4349
4441
  return sendSuccess(res, { user: publicUser($asai, updated) }, opt);
4350
4442
  } catch (err) {
4351
- return sendFail(res, _optionalChain([err, 'optionalAccess', _528 => _528.message]) || err, opt);
4443
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _551 => _551.message]) || err, opt);
4352
4444
  }
4353
4445
  }
4354
4446
  if (url.startsWith("/api/user/login/profile/")) {
4355
- const us = _optionalChain([req, 'optionalAccess', _529 => _529.Userinfo, 'optionalAccess', _530 => _530[0]]);
4447
+ const us = _optionalChain([req, 'optionalAccess', _552 => _552.Userinfo, 'optionalAccess', _553 => _553[0]]);
4356
4448
  if (!us) return sendErr(res, "AUTH_UNAUTHORIZED", void 0, opt);
4357
4449
  try {
4358
4450
  const user = await store.findByUsername(String(us));
@@ -4386,7 +4478,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4386
4478
  const fresh = await store.findByUsername(String(us));
4387
4479
  return sendSuccess(res, { user: fresh ? publicUser($asai, fresh) : null }, opt);
4388
4480
  } catch (err) {
4389
- return sendFail(res, _optionalChain([err, 'optionalAccess', _531 => _531.message]) || err, opt);
4481
+ return sendFail(res, _optionalChain([err, 'optionalAccess', _554 => _554.message]) || err, opt);
4390
4482
  }
4391
4483
  }
4392
4484
  }
@@ -4395,7 +4487,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4395
4487
  const url = req.url || "";
4396
4488
  const ip = getClientIp(req);
4397
4489
  if (url.startsWith("/api/user/login/config/")) {
4398
- const lang = String(_optionalChain([req, 'optionalAccess', _532 => _532.headers, 'optionalAccess', _533 => _533["accept-language"]]) || _optionalChain([opt, 'optionalAccess', _534 => _534.headers, 'optionalAccess', _535 => _535["accept-language"]]) || "zh-CN").split(",")[0];
4490
+ const lang = String(_optionalChain([req, 'optionalAccess', _555 => _555.headers, 'optionalAccess', _556 => _556["accept-language"]]) || _optionalChain([opt, 'optionalAccess', _557 => _557.headers, 'optionalAccess', _558 => _558["accept-language"]]) || "zh-CN").split(",")[0];
4399
4491
  await _chunkGXOFLFFWcjs.loadUserLevelConfig.call(void 0, $asai);
4400
4492
  return sendSuccess(res, _chunkGXOFLFFWcjs.getPublicSecurityConfig.call(void 0, $asai, lang), opt);
4401
4493
  }
@@ -4456,7 +4548,7 @@ var login_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4456
4548
  );
4457
4549
  }
4458
4550
  if (url.startsWith("/api/user/login/profile/")) {
4459
- const us = _optionalChain([req, 'optionalAccess', _536 => _536.Userinfo, 'optionalAccess', _537 => _537[0]]);
4551
+ const us = _optionalChain([req, 'optionalAccess', _559 => _559.Userinfo, 'optionalAccess', _560 => _560[0]]);
4460
4552
  if (!us) return sendErr(res, "AUTH_UNAUTHORIZED", void 0, opt);
4461
4553
  const user = await store.findByUsername(String(us));
4462
4554
  return sendSuccess(res, { user: user ? publicUser($asai, user) : null }, opt);
@@ -4498,16 +4590,16 @@ var As_default = {
4498
4590
  return { code: 908, data: val };
4499
4591
  },
4500
4592
  ctxSuccess(val, opt = null) {
4501
- if (typeof _optionalChain([opt, 'optionalAccess', _538 => _538.resAES]) === "function") {
4593
+ if (typeof _optionalChain([opt, 'optionalAccess', _561 => _561.resAES]) === "function") {
4502
4594
  val = opt.resAES(val);
4503
4595
  }
4504
4596
  return { code: 909, data: val };
4505
4597
  },
4506
4598
  getPath(str = "-") {
4507
- return _optionalChain([str, 'optionalAccess', _539 => _539.replace, 'call', _540 => _540(/[^a-zA-Z0-9.\-_\\\/]/g, "")]);
4599
+ return _optionalChain([str, 'optionalAccess', _562 => _562.replace, 'call', _563 => _563(/[^a-zA-Z0-9.\-_\\\/]/g, "")]);
4508
4600
  },
4509
4601
  getName(str = "-") {
4510
- return _optionalChain([str, 'optionalAccess', _541 => _541.replace, 'call', _542 => _542(/[^a-zA-Z0-9.\-_]/g, "")]);
4602
+ return _optionalChain([str, 'optionalAccess', _564 => _564.replace, 'call', _565 => _565(/[^a-zA-Z0-9.\-_]/g, "")]);
4511
4603
  },
4512
4604
  toDirPath(relativePath) {
4513
4605
  const pathArr = relativePath.split("/");
@@ -4543,10 +4635,10 @@ var As_default = {
4543
4635
  return absPath;
4544
4636
  },
4545
4637
  makeDir(fs11, filePaths) {
4546
- return new Promise((resolve5, reject) => {
4638
+ return new Promise((resolve6, reject) => {
4547
4639
  try {
4548
4640
  const newPath = this.ensureDir(fs11, filePaths);
4549
- resolve5(newPath);
4641
+ resolve6(newPath);
4550
4642
  } catch (err) {
4551
4643
  reject(err);
4552
4644
  }
@@ -4578,7 +4670,7 @@ var As_default = {
4578
4670
  // immediate: false,
4579
4671
  // });
4580
4672
  dtImmediate(fn, opt) {
4581
- if (_optionalChain([opt, 'optionalAccess', _543 => _543.immediate])) {
4673
+ if (_optionalChain([opt, 'optionalAccess', _566 => _566.immediate])) {
4582
4674
  fn();
4583
4675
  opt.immediate = false;
4584
4676
  }
@@ -4600,7 +4692,7 @@ var As_default = {
4600
4692
  if (opt.endtime - opt.starttime < opt.wait) {
4601
4693
  this.dtClearTimeout(opt);
4602
4694
  }
4603
- if (!_optionalChain([opt, 'optionalAccess', _544 => _544.timeout])) {
4695
+ if (!_optionalChain([opt, 'optionalAccess', _567 => _567.timeout])) {
4604
4696
  opt.starttime = opt.endtime;
4605
4697
  opt.timeout = this.dtSetTimeout(fn, opt);
4606
4698
  }
@@ -4608,7 +4700,7 @@ var As_default = {
4608
4700
  // 节流:指定长度时间内有多次触发,只fn最后一次触发
4609
4701
  throttle(fn, opt) {
4610
4702
  this.dtImmediate(fn, opt);
4611
- if (!_optionalChain([opt, 'optionalAccess', _545 => _545.timeout])) {
4703
+ if (!_optionalChain([opt, 'optionalAccess', _568 => _568.timeout])) {
4612
4704
  opt.timeout = this.dtSetTimeout(fn, opt);
4613
4705
  }
4614
4706
  },
@@ -4644,8 +4736,8 @@ var As_default = {
4644
4736
  var AsCode_default = {
4645
4737
  // 加密
4646
4738
  asencode(str, keys) {
4647
- const strlen = _optionalChain([str, 'optionalAccess', _546 => _546.length]) || 0;
4648
- const keyslen = _optionalChain([keys, 'optionalAccess', _547 => _547.length]) || 0;
4739
+ const strlen = _optionalChain([str, 'optionalAccess', _569 => _569.length]) || 0;
4740
+ const keyslen = _optionalChain([keys, 'optionalAccess', _570 => _570.length]) || 0;
4649
4741
  let newstr = "";
4650
4742
  for (let i = 0; i < strlen; i++) {
4651
4743
  const rnum = Math.round(Math.random() * 1e3) % keyslen;
@@ -4670,7 +4762,7 @@ var AsCode_default = {
4670
4762
  const rnum = keys.indexOf(str[i + 3]);
4671
4763
  const rnumx = Number(rnum.toString().slice(-1)) + 1;
4672
4764
  const ylen = keyslen - rnumx;
4673
- newstr += _optionalChain([String, 'optionalAccess', _548 => _548.fromCodePoint, 'call', _549 => _549(
4765
+ newstr += _optionalChain([String, 'optionalAccess', _571 => _571.fromCodePoint, 'call', _572 => _572(
4674
4766
  (keys.indexOf(str[i++]) - rnumx) * ylen * ylen + (keys.indexOf(str[i++]) - rnumx) * ylen + (keys.indexOf(str[i++]) - rnumx)
4675
4767
  )]);
4676
4768
  }
@@ -4717,7 +4809,7 @@ var AsAES_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4717
4809
  if (typeof value !== "string") return value;
4718
4810
  try {
4719
4811
  return JSON.parse(value);
4720
- } catch (e40) {
4812
+ } catch (e44) {
4721
4813
  return value;
4722
4814
  }
4723
4815
  }
@@ -4753,7 +4845,7 @@ var AsAES_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4753
4845
  }
4754
4846
  _chunkSMVZ3ZDJcjs.__name.call(void 0, decrypt, "decrypt");
4755
4847
  function validateFields(payload, fields) {
4756
- return fields.every((key) => typeof _optionalChain([payload, 'optionalAccess', _550 => _550[key]]) === "string" && payload[key].length > 0);
4848
+ return fields.every((key) => typeof _optionalChain([payload, 'optionalAccess', _573 => _573[key]]) === "string" && payload[key].length > 0);
4757
4849
  }
4758
4850
  _chunkSMVZ3ZDJcjs.__name.call(void 0, validateFields, "validateFields");
4759
4851
  function reqAES(opt, fn = (data) => data) {
@@ -4761,7 +4853,7 @@ var AsAES_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4761
4853
  try {
4762
4854
  if (validateFields(reqData, ["data", "iv", "auth"])) {
4763
4855
  let aesData = decrypt(reqData);
4764
- if (_optionalChain([reqData, 'optionalAccess', _551 => _551.aes]) === 2) {
4856
+ if (_optionalChain([reqData, 'optionalAccess', _574 => _574.aes]) === 2) {
4765
4857
  aesData = JSON.parse(aesData);
4766
4858
  }
4767
4859
  return fn(aesData);
@@ -4795,24 +4887,24 @@ var AsAES_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai
4795
4887
  // src/sysserver/lib/common/AsDb.ts
4796
4888
  var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai, cfg) => {
4797
4889
  const DataServer = _chunk2BCIIKRGcjs.getDataServerForAsDb.call(void 0, $asai, {
4798
- type: _optionalChain([cfg, 'optionalAccess', _552 => _552.type]) || "sqlite",
4890
+ type: _optionalChain([cfg, 'optionalAccess', _575 => _575.type]) || "sqlite",
4799
4891
  opt: {
4800
- ..._optionalChain([cfg, 'optionalAccess', _553 => _553.opt]) || {
4892
+ ..._optionalChain([cfg, 'optionalAccess', _576 => _576.opt]) || {
4801
4893
  database: "./webdata/webdb/sqlite/asaisqlite.db",
4802
4894
  create: 1
4803
4895
  }
4804
4896
  },
4805
- storeKey: _optionalChain([cfg, 'optionalAccess', _554 => _554.storeKey])
4897
+ storeKey: _optionalChain([cfg, 'optionalAccess', _577 => _577.storeKey])
4806
4898
  });
4807
4899
  function reqwherestr(str) {
4808
- if (_optionalChain([cfg, 'optionalAccess', _555 => _555.type]) === "sqlite" || _optionalChain([cfg, 'optionalAccess', _556 => _556.type]) === "mysql") {
4900
+ if (_optionalChain([cfg, 'optionalAccess', _578 => _578.type]) === "sqlite" || _optionalChain([cfg, 'optionalAccess', _579 => _579.type]) === "mysql") {
4809
4901
  return `'${str}'`;
4810
4902
  }
4811
4903
  return str;
4812
4904
  }
4813
4905
  _chunkSMVZ3ZDJcjs.__name.call(void 0, reqwherestr, "reqwherestr");
4814
4906
  function reqfield(queryData) {
4815
- if (_optionalChain([queryData, 'optionalAccess', _557 => _557.fd])) {
4907
+ if (_optionalChain([queryData, 'optionalAccess', _580 => _580.fd])) {
4816
4908
  return queryData.fd.split("-");
4817
4909
  }
4818
4910
  return cfg.field.data;
@@ -4820,14 +4912,14 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4820
4912
  _chunkSMVZ3ZDJcjs.__name.call(void 0, reqfield, "reqfield");
4821
4913
  function reqwhere(queryData) {
4822
4914
  const wheretmp = [];
4823
- if ((_optionalChain([cfg, 'optionalAccess', _558 => _558.type]) === "sqlite" || _optionalChain([cfg, 'optionalAccess', _559 => _559.type]) === "mysql") && _optionalChain([queryData, 'optionalAccess', _560 => _560.wlv])) {
4915
+ if ((_optionalChain([cfg, 'optionalAccess', _581 => _581.type]) === "sqlite" || _optionalChain([cfg, 'optionalAccess', _582 => _582.type]) === "mysql") && _optionalChain([queryData, 'optionalAccess', _583 => _583.wlv])) {
4824
4916
  const wlvarr = queryData.wlv.split("-");
4825
4917
  wheretmp.push([wlvarr[0], ">", Number(wlvarr[1] || 0)]);
4826
4918
  }
4827
- if (_optionalChain([queryData, 'optionalAccess', _561 => _561.fl])) {
4919
+ if (_optionalChain([queryData, 'optionalAccess', _584 => _584.fl])) {
4828
4920
  wheretmp.push([cfg.field.class, "LIKE", reqwherestr(`${queryData.fl}%`)]);
4829
4921
  }
4830
- if (_optionalChain([queryData, 'optionalAccess', _562 => _562.ss]) && _optionalChain([queryData, 'optionalAccess', _563 => _563.ssty])) {
4922
+ if (_optionalChain([queryData, 'optionalAccess', _585 => _585.ss]) && _optionalChain([queryData, 'optionalAccess', _586 => _586.ssty])) {
4831
4923
  wheretmp.push([queryData.ssty, "LIKE", reqwherestr(`%${queryData.ss}%`)]);
4832
4924
  }
4833
4925
  if (wheretmp.length > 1) {
@@ -4838,16 +4930,16 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4838
4930
  _chunkSMVZ3ZDJcjs.__name.call(void 0, reqwhere, "reqwhere");
4839
4931
  function reqorder(queryData) {
4840
4932
  const ordertmp = [];
4841
- if (_optionalChain([queryData, 'optionalAccess', _564 => _564.sx])) {
4842
- ordertmp.push([queryData.sx, _optionalChain([queryData, 'optionalAccess', _565 => _565.sxty]) == 1 ? "DESC" : "ASC"]);
4933
+ if (_optionalChain([queryData, 'optionalAccess', _587 => _587.sx])) {
4934
+ ordertmp.push([queryData.sx, _optionalChain([queryData, 'optionalAccess', _588 => _588.sxty]) == 1 ? "DESC" : "ASC"]);
4843
4935
  }
4844
4936
  return ordertmp;
4845
4937
  }
4846
4938
  _chunkSMVZ3ZDJcjs.__name.call(void 0, reqorder, "reqorder");
4847
4939
  function reqlimit(queryData) {
4848
4940
  let limittmp = "";
4849
- let limitps = _optionalChain([queryData, 'optionalAccess', _566 => _566.ps]);
4850
- if (_optionalChain([queryData, 'optionalAccess', _567 => _567.pg])) {
4941
+ let limitps = _optionalChain([queryData, 'optionalAccess', _589 => _589.ps]);
4942
+ if (_optionalChain([queryData, 'optionalAccess', _590 => _590.pg])) {
4851
4943
  limitps = limitps || 20;
4852
4944
  limittmp = `${(queryData.pg - 1) * limitps},${limitps}`;
4853
4945
  } else if (limitps) {
@@ -4859,7 +4951,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4859
4951
  function decodePathSegment(seg) {
4860
4952
  try {
4861
4953
  return decodeURIComponent(seg);
4862
- } catch (e41) {
4954
+ } catch (e45) {
4863
4955
  return seg;
4864
4956
  }
4865
4957
  }
@@ -4875,7 +4967,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4875
4967
  if (typeof body === "string") {
4876
4968
  try {
4877
4969
  body = JSON.parse(body);
4878
- } catch (e42) {
4970
+ } catch (e46) {
4879
4971
  return { content: body };
4880
4972
  }
4881
4973
  }
@@ -4900,8 +4992,8 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4900
4992
  _chunkSMVZ3ZDJcjs.__name.call(void 0, fileKeyFromSegment, "fileKeyFromSegment");
4901
4993
  function getSqlParamsByUrl(req, opt) {
4902
4994
  let tmpSqlParams;
4903
- const reqArr = _optionalChain([req, 'optionalAccess', _568 => _568.url, 'optionalAccess', _569 => _569.split, 'call', _570 => _570("?"), 'access', _571 => _571[0], 'optionalAccess', _572 => _572.split, 'call', _573 => _573("/")]) || [];
4904
- const table = (_optionalChain([opt, 'optionalAccess', _574 => _574.qrdata, 'optionalAccess', _575 => _575.table]) || _optionalChain([opt, 'optionalAccess', _576 => _576.data, 'optionalAccess', _577 => _577.table]) || reqArr[3]).replaceAll("_", "/");
4995
+ const reqArr = _optionalChain([req, 'optionalAccess', _591 => _591.url, 'optionalAccess', _592 => _592.split, 'call', _593 => _593("?"), 'access', _594 => _594[0], 'optionalAccess', _595 => _595.split, 'call', _596 => _596("/")]) || [];
4996
+ const table = (_optionalChain([opt, 'optionalAccess', _597 => _597.qrdata, 'optionalAccess', _598 => _598.table]) || _optionalChain([opt, 'optionalAccess', _599 => _599.data, 'optionalAccess', _600 => _600.table]) || reqArr[3]).replaceAll("_", "/");
4905
4997
  if (!table) return tmpSqlParams;
4906
4998
  tmpSqlParams = {
4907
4999
  type: "select",
@@ -4910,7 +5002,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4910
5002
  if (reqArr[5]) {
4911
5003
  if (reqArr[4] === "insert") {
4912
5004
  tmpSqlParams.type = reqArr[4];
4913
- if (_optionalChain([cfg, 'optionalAccess', _578 => _578.type]) === "file") {
5005
+ if (_optionalChain([cfg, 'optionalAccess', _601 => _601.type]) === "file") {
4914
5006
  const { name: bodyName, content } = parseFileBody(opt.data);
4915
5007
  const fileKey = fileKeyFromSegment(reqArr[5], bodyName);
4916
5008
  tmpSqlParams.field = cfg.field.data;
@@ -4934,11 +5026,11 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4934
5026
  }
4935
5027
  } else if (reqArr[4] === "update") {
4936
5028
  tmpSqlParams.type = reqArr[4];
4937
- const rowKey = _optionalChain([cfg, 'optionalAccess', _579 => _579.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
5029
+ const rowKey = _optionalChain([cfg, 'optionalAccess', _602 => _602.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
4938
5030
  tmpSqlParams.where = [[cfg.field.key, "=", reqwherestr(rowKey)]];
4939
- if (_optionalChain([cfg, 'optionalAccess', _580 => _580.type]) === "file") {
5031
+ if (_optionalChain([cfg, 'optionalAccess', _603 => _603.type]) === "file") {
4940
5032
  const { content } = parseFileBody(opt.data);
4941
- const contentField = _optionalChain([cfg, 'access', _581 => _581.field, 'access', _582 => _582.data, 'optionalAccess', _583 => _583[1]]) || "content";
5033
+ const contentField = _optionalChain([cfg, 'access', _604 => _604.field, 'access', _605 => _605.data, 'optionalAccess', _606 => _606[1]]) || "content";
4942
5034
  tmpSqlParams.set = [[contentField, fileContentString(content)]];
4943
5035
  } else {
4944
5036
  tmpSqlParams.set = [];
@@ -4955,18 +5047,18 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4955
5047
  }
4956
5048
  } else if (reqArr[4] === "delete") {
4957
5049
  tmpSqlParams.type = reqArr[4];
4958
- const rowKey = _optionalChain([cfg, 'optionalAccess', _584 => _584.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
5050
+ const rowKey = _optionalChain([cfg, 'optionalAccess', _607 => _607.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
4959
5051
  tmpSqlParams.where = [[cfg.field.key, "=", reqwherestr(rowKey)]];
4960
5052
  } else {
4961
- if (_optionalChain([cfg, 'optionalAccess', _585 => _585.as]) > 1) {
5053
+ if (_optionalChain([cfg, 'optionalAccess', _608 => _608.as]) > 1) {
4962
5054
  tmpSqlParams.as = +cfg.as - 1;
4963
5055
  }
4964
5056
  tmpSqlParams.field = cfg.field.data;
4965
- const rowKey = _optionalChain([cfg, 'optionalAccess', _586 => _586.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
5057
+ const rowKey = _optionalChain([cfg, 'optionalAccess', _609 => _609.type]) === "file" ? fileKeyFromSegment(reqArr[5]) : decodePathSegment(reqArr[5]);
4966
5058
  tmpSqlParams.where = [[cfg.field.key, "=", reqwherestr(rowKey)]];
4967
5059
  }
4968
5060
  } else {
4969
- tmpSqlParams.as = _optionalChain([cfg, 'optionalAccess', _587 => _587.as]);
5061
+ tmpSqlParams.as = _optionalChain([cfg, 'optionalAccess', _610 => _610.as]);
4970
5062
  tmpSqlParams.field = reqfield(opt.data);
4971
5063
  tmpSqlParams.where = reqwhere(opt.data);
4972
5064
  tmpSqlParams.order = reqorder(opt.data);
@@ -4976,8 +5068,8 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4976
5068
  }
4977
5069
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getSqlParamsByUrl, "getSqlParamsByUrl");
4978
5070
  function dbFresh(req, resdb) {
4979
- if (_optionalChain([req, 'optionalAccess', _588 => _588.url, 'optionalAccess', _589 => _589.includes, 'call', _590 => _590("/selectlist/")])) {
4980
- const list = Array.isArray(resdb) ? resdb : _optionalChain([resdb, 'optionalAccess', _591 => _591.data]);
5071
+ if (_optionalChain([req, 'optionalAccess', _611 => _611.url, 'optionalAccess', _612 => _612.includes, 'call', _613 => _613("/selectlist/")])) {
5072
+ const list = Array.isArray(resdb) ? resdb : _optionalChain([resdb, 'optionalAccess', _614 => _614.data]);
4981
5073
  if (Array.isArray(list)) {
4982
5074
  const names = list.map((el) => {
4983
5075
  if (typeof el === "string") {
@@ -4999,8 +5091,8 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
4999
5091
  }
5000
5092
  _chunkSMVZ3ZDJcjs.__name.call(void 0, dbFresh, "dbFresh");
5001
5093
  function normalizeFileSelectRow(row) {
5002
- const nameKey = _optionalChain([cfg, 'access', _592 => _592.field, 'optionalAccess', _593 => _593.data, 'optionalAccess', _594 => _594[0]]) || "name";
5003
- const contentKey = _optionalChain([cfg, 'access', _595 => _595.field, 'optionalAccess', _596 => _596.data, 'optionalAccess', _597 => _597[1]]) || "content";
5094
+ const nameKey = _optionalChain([cfg, 'access', _615 => _615.field, 'optionalAccess', _616 => _616.data, 'optionalAccess', _617 => _617[0]]) || "name";
5095
+ const contentKey = _optionalChain([cfg, 'access', _618 => _618.field, 'optionalAccess', _619 => _619.data, 'optionalAccess', _620 => _620[1]]) || "content";
5004
5096
  if (!row || typeof row !== "object") return row;
5005
5097
  const out = { ...row };
5006
5098
  if (out[nameKey] != null) {
@@ -5014,7 +5106,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5014
5106
  }
5015
5107
  _chunkSMVZ3ZDJcjs.__name.call(void 0, normalizeFileSelectRow, "normalizeFileSelectRow");
5016
5108
  function isFileSingleNameSelect(params) {
5017
- return _optionalChain([cfg, 'optionalAccess', _598 => _598.type]) === "file" && _optionalChain([params, 'optionalAccess', _599 => _599.type]) === "select" && !!_optionalChain([params, 'optionalAccess', _600 => _600.where, 'optionalAccess', _601 => _601.length]);
5109
+ return _optionalChain([cfg, 'optionalAccess', _621 => _621.type]) === "file" && _optionalChain([params, 'optionalAccess', _622 => _622.type]) === "select" && !!_optionalChain([params, 'optionalAccess', _623 => _623.where, 'optionalAccess', _624 => _624.length]);
5018
5110
  }
5019
5111
  _chunkSMVZ3ZDJcjs.__name.call(void 0, isFileSingleNameSelect, "isFileSingleNameSelect");
5020
5112
  function normalizeSelectResult(params, resdb) {
@@ -5028,12 +5120,12 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5028
5120
  }
5029
5121
  return data;
5030
5122
  }
5031
- if (_optionalChain([params, 'optionalAccess', _602 => _602.where, 'optionalAccess', _603 => _603.length]) && Array.isArray(data) && data.length === 1) {
5123
+ if (_optionalChain([params, 'optionalAccess', _625 => _625.where, 'optionalAccess', _626 => _626.length]) && Array.isArray(data) && data.length === 1) {
5032
5124
  data = data[0];
5033
5125
  }
5034
- if (_optionalChain([cfg, 'optionalAccess', _604 => _604.type]) === "file" && data && typeof data === "object" && !Array.isArray(data)) {
5035
- const nameKey = _optionalChain([cfg, 'access', _605 => _605.field, 'optionalAccess', _606 => _606.data, 'optionalAccess', _607 => _607[0]]) || "name";
5036
- const contentKey = _optionalChain([cfg, 'access', _608 => _608.field, 'optionalAccess', _609 => _609.data, 'optionalAccess', _610 => _610[1]]) || "content";
5126
+ if (_optionalChain([cfg, 'optionalAccess', _627 => _627.type]) === "file" && data && typeof data === "object" && !Array.isArray(data)) {
5127
+ const nameKey = _optionalChain([cfg, 'access', _628 => _628.field, 'optionalAccess', _629 => _629.data, 'optionalAccess', _630 => _630[0]]) || "name";
5128
+ const contentKey = _optionalChain([cfg, 'access', _631 => _631.field, 'optionalAccess', _632 => _632.data, 'optionalAccess', _633 => _633[1]]) || "content";
5037
5129
  if (data[nameKey] != null) {
5038
5130
  data[nameKey] = bareFileName(String(data[nameKey]));
5039
5131
  }
@@ -5043,7 +5135,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5043
5135
  if (text.startsWith("{") || text.startsWith("[")) {
5044
5136
  try {
5045
5137
  data[contentKey] = JSON.parse(text);
5046
- } catch (e43) {
5138
+ } catch (e47) {
5047
5139
  }
5048
5140
  }
5049
5141
  }
@@ -5052,7 +5144,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5052
5144
  }
5053
5145
  _chunkSMVZ3ZDJcjs.__name.call(void 0, normalizeSelectResult, "normalizeSelectResult");
5054
5146
  function dbCodePm(req, resdb) {
5055
- if (_optionalChain([req, 'optionalAccess', _611 => _611.Userinfo]) && _optionalChain([req, 'optionalAccess', _612 => _612.Userinfo, 'access', _613 => _613[2]])) {
5147
+ if (_optionalChain([req, 'optionalAccess', _634 => _634.Userinfo]) && _optionalChain([req, 'optionalAccess', _635 => _635.Userinfo, 'access', _636 => _636[2]])) {
5056
5148
  if (resdb != null && typeof resdb === "object") {
5057
5149
  resdb.data = $asai.$lib.AsCode.asencode(JSON.stringify(resdb.data), req.Userinfo[2]);
5058
5150
  }
@@ -5066,8 +5158,8 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5066
5158
  DataServer.sqlDb(params).then((resdb) => {
5067
5159
  res.end(JSON.stringify($asai.$lib.As.ctxSuccess(dbCodePm(req, dbFresh(req, resdb)), opt)));
5068
5160
  }).catch((errdb) => {
5069
- const msg = String(_optionalChain([errdb, 'optionalAccess', _614 => _614.message]) || errdb || "");
5070
- if (_optionalChain([params, 'optionalAccess', _615 => _615.type]) === "select" && msg.includes("no such table")) {
5161
+ const msg = String(_optionalChain([errdb, 'optionalAccess', _637 => _637.message]) || errdb || "");
5162
+ if (_optionalChain([params, 'optionalAccess', _638 => _638.type]) === "select" && msg.includes("no such table")) {
5071
5163
  res.end(JSON.stringify($asai.$lib.As.ctxSuccess([], opt)));
5072
5164
  return;
5073
5165
  }
@@ -5084,29 +5176,29 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5084
5176
  try {
5085
5177
  DataServer.sqlDb(params).then((resdb) => {
5086
5178
  let resData = normalizeSelectResult(params, dbFresh(req, resdb));
5087
- if (_optionalChain([params, 'optionalAccess', _616 => _616.as]) === 2 && _optionalChain([params, 'optionalAccess', _617 => _617.field, 'optionalAccess', _618 => _618.length]) > 1) {
5179
+ if (_optionalChain([params, 'optionalAccess', _639 => _639.as]) === 2 && _optionalChain([params, 'optionalAccess', _640 => _640.field, 'optionalAccess', _641 => _641.length]) > 1) {
5088
5180
  let limitArr = [];
5089
- if (_optionalChain([params, 'access', _619 => _619.limit, 'optionalAccess', _620 => _620.split, 'call', _621 => _621(","), 'optionalAccess', _622 => _622.length]) < 2) {
5090
- limitArr = [0, +_optionalChain([params, 'access', _623 => _623.limit, 'optionalAccess', _624 => _624.split, 'call', _625 => _625(","), 'optionalAccess', _626 => _626[0]])];
5181
+ if (_optionalChain([params, 'access', _642 => _642.limit, 'optionalAccess', _643 => _643.split, 'call', _644 => _644(","), 'optionalAccess', _645 => _645.length]) < 2) {
5182
+ limitArr = [0, +_optionalChain([params, 'access', _646 => _646.limit, 'optionalAccess', _647 => _647.split, 'call', _648 => _648(","), 'optionalAccess', _649 => _649[0]])];
5091
5183
  } else {
5092
5184
  limitArr = params.limit.split(",");
5093
5185
  limitArr = [+limitArr[0], +limitArr[0] + +limitArr[1]];
5094
5186
  }
5095
- if (_optionalChain([resData, 'access', _627 => _627.data, 'optionalAccess', _628 => _628.length])) {
5187
+ if (_optionalChain([resData, 'access', _650 => _650.data, 'optionalAccess', _651 => _651.length])) {
5096
5188
  resData.data = resData.data.slice(+limitArr[0], +limitArr[1]);
5097
5189
  }
5098
5190
  }
5099
5191
  resData = dbCodePm(req, resData);
5100
5192
  res.end(JSON.stringify($asai.$lib.As.ctxSuccess(resData, opt)));
5101
5193
  }).catch((errdb) => {
5102
- const msg = String(_optionalChain([errdb, 'optionalAccess', _629 => _629.message]) || errdb || "");
5103
- if (_optionalChain([params, 'optionalAccess', _630 => _630.type]) === "select" && msg.includes("no such table")) {
5194
+ const msg = String(_optionalChain([errdb, 'optionalAccess', _652 => _652.message]) || errdb || "");
5195
+ if (_optionalChain([params, 'optionalAccess', _653 => _653.type]) === "select" && msg.includes("no such table")) {
5104
5196
  res.end(JSON.stringify($asai.$lib.As.ctxSuccess([], opt)));
5105
5197
  return;
5106
5198
  }
5107
5199
  res.end(JSON.stringify($asai.$lib.As.ctxFail(errdb)));
5108
5200
  });
5109
- } catch (e44) {
5201
+ } catch (e48) {
5110
5202
  res.end(JSON.stringify({ code: 901 }));
5111
5203
  }
5112
5204
  } else {
@@ -5115,7 +5207,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5115
5207
  }
5116
5208
  _chunkSMVZ3ZDJcjs.__name.call(void 0, runDefaultGet, "runDefaultGet");
5117
5209
  function post(req, res, hostdir, opt) {
5118
- if (_optionalChain([cfg, 'optionalAccess', _631 => _631.post]) && typeof cfg.post === "function") {
5210
+ if (_optionalChain([cfg, 'optionalAccess', _654 => _654.post]) && typeof cfg.post === "function") {
5119
5211
  Promise.resolve(cfg.post(req, res, hostdir, opt, DataServer)).then((reqstat) => {
5120
5212
  if (!reqstat) runDefaultPost(req, res, opt);
5121
5213
  }).catch((errdb) => {
@@ -5127,7 +5219,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5127
5219
  }
5128
5220
  _chunkSMVZ3ZDJcjs.__name.call(void 0, post, "post");
5129
5221
  function get(req, res, hostdir, opt) {
5130
- if (_optionalChain([cfg, 'optionalAccess', _632 => _632.get]) && typeof cfg.get === "function") {
5222
+ if (_optionalChain([cfg, 'optionalAccess', _655 => _655.get]) && typeof cfg.get === "function") {
5131
5223
  Promise.resolve(cfg.get(req, res, hostdir, opt, DataServer)).then((reqstat) => {
5132
5224
  if (!reqstat) runDefaultGet(req, res, opt);
5133
5225
  }).catch((errdb) => {
@@ -5142,6 +5234,7 @@ var AsDb_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai,
5142
5234
  }, "default");
5143
5235
 
5144
5236
  // src/sysserver/lib/common/reqWork.ts
5237
+
5145
5238
  var reqWork_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($asai) => {
5146
5239
  function hostDefault2(mod) {
5147
5240
  if (mod && typeof mod === "object" && "default" in mod) {
@@ -5152,17 +5245,30 @@ var reqWork_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($as
5152
5245
  }
5153
5246
  _chunkSMVZ3ZDJcjs.__name.call(void 0, hostDefault2, "hostDefault");
5154
5247
  function getPathFromOpt(opt) {
5155
- const rawPath = _optionalChain([opt, 'access', _633 => _633.qrdata, 'optionalAccess', _634 => _634.path]) || _optionalChain([opt, 'access', _635 => _635.data, 'optionalAccess', _636 => _636.path]);
5248
+ const rawPath = _optionalChain([opt, 'access', _656 => _656.qrdata, 'optionalAccess', _657 => _657.path]) || _optionalChain([opt, 'access', _658 => _658.data, 'optionalAccess', _659 => _659.path]);
5156
5249
  if (!rawPath) {
5157
5250
  throw new Error("Missing path");
5158
5251
  }
5159
5252
  const decoded = decodeURIComponent(String(rawPath));
5160
- const roots = _optionalChain([$asai, 'optionalAccess', _637 => _637.asaihost, 'optionalAccess', _638 => _638.getHostAllowedRoots, 'optionalCall', _639 => _639(_optionalChain([$asai, 'optionalAccess', _640 => _640.hostconfig]))]) || [];
5253
+ if (path4.isAbsolute(decoded)) {
5254
+ return path4.normalize(decoded);
5255
+ }
5256
+ const rel = decoded.replace(/^\.(\/)?/, "");
5257
+ const serverRoot = _optionalChain([$asai, 'optionalAccess', _660 => _660.serverRoot]);
5258
+ if (serverRoot && rel) {
5259
+ const absRoot = path4.resolve(serverRoot);
5260
+ const abs = path4.resolve(absRoot, rel);
5261
+ const relCheck = path4.relative(absRoot, abs);
5262
+ if (relCheck === "" || !relCheck.startsWith("..") && !path4.isAbsolute(relCheck)) {
5263
+ return abs;
5264
+ }
5265
+ }
5266
+ const roots = _optionalChain([$asai, 'optionalAccess', _661 => _661.asaihost, 'optionalAccess', _662 => _662.getHostAllowedRoots, 'optionalCall', _663 => _663(_optionalChain([$asai, 'optionalAccess', _664 => _664.hostconfig]))]) || [];
5161
5267
  if (!roots.length) {
5162
- const fallback = _optionalChain([$asai, 'optionalAccess', _641 => _641.serverRoot]) || process.cwd();
5268
+ const fallback = _optionalChain([$asai, 'optionalAccess', _665 => _665.serverRoot]) || process.cwd();
5163
5269
  if (fallback) roots.push(fallback);
5164
5270
  }
5165
- if (!_optionalChain([$asai, 'optionalAccess', _642 => _642.asaihost, 'optionalAccess', _643 => _643.resolvePathUnderRoots])) {
5271
+ if (!_optionalChain([$asai, 'optionalAccess', _666 => _666.asaihost, 'optionalAccess', _667 => _667.resolvePathUnderRoots])) {
5166
5272
  throw new Error("Path resolver unavailable");
5167
5273
  }
5168
5274
  return $asai.asaihost.resolvePathUnderRoots(decoded, roots);
@@ -5174,18 +5280,18 @@ var reqWork_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($as
5174
5280
  }
5175
5281
  _chunkSMVZ3ZDJcjs.__name.call(void 0, sendSuccess, "sendSuccess");
5176
5282
  function sendErr(res, ec, params, opt) {
5177
- const ErrorCode = _optionalChain([$asai, 'access', _644 => _644.$lib, 'optionalAccess', _645 => _645.ErrorCode]);
5178
- _optionalChain([ErrorCode, 'optionalAccess', _646 => _646.loadErrorCodes, 'optionalCall', _647 => _647($asai)]);
5179
- _optionalChain([ErrorCode, 'optionalAccess', _648 => _648.logError, 'optionalCall', _649 => _649($asai, ec, Array.isArray(params) ? params.map(String) : params != null ? [String(params)] : void 0)]);
5283
+ const ErrorCode = _optionalChain([$asai, 'access', _668 => _668.$lib, 'optionalAccess', _669 => _669.ErrorCode]);
5284
+ _optionalChain([ErrorCode, 'optionalAccess', _670 => _670.loadErrorCodes, 'optionalCall', _671 => _671($asai)]);
5285
+ _optionalChain([ErrorCode, 'optionalAccess', _672 => _672.logError, 'optionalCall', _673 => _673($asai, ec, Array.isArray(params) ? params.map(String) : params != null ? [String(params)] : void 0)]);
5180
5286
  const response = $asai.$lib.As.ctxErr(ec, params, opt);
5181
5287
  res.end(JSON.stringify(response));
5182
5288
  }
5183
5289
  _chunkSMVZ3ZDJcjs.__name.call(void 0, sendErr, "sendErr");
5184
5290
  function sendFail(res, err, opt) {
5185
- const ErrorCode = _optionalChain([$asai, 'access', _650 => _650.$lib, 'optionalAccess', _651 => _651.ErrorCode]);
5186
- _optionalChain([ErrorCode, 'optionalAccess', _652 => _652.loadErrorCodes, 'optionalCall', _653 => _653($asai)]);
5187
- const normalized = _optionalChain([ErrorCode, 'optionalAccess', _654 => _654.normalizeErrPayload, 'optionalCall', _655 => _655(err)]);
5188
- if (_optionalChain([normalized, 'optionalAccess', _656 => _656.ec])) {
5291
+ const ErrorCode = _optionalChain([$asai, 'access', _674 => _674.$lib, 'optionalAccess', _675 => _675.ErrorCode]);
5292
+ _optionalChain([ErrorCode, 'optionalAccess', _676 => _676.loadErrorCodes, 'optionalCall', _677 => _677($asai)]);
5293
+ const normalized = _optionalChain([ErrorCode, 'optionalAccess', _678 => _678.normalizeErrPayload, 'optionalCall', _679 => _679(err)]);
5294
+ if (_optionalChain([normalized, 'optionalAccess', _680 => _680.ec])) {
5189
5295
  return sendErr(res, normalized.ec, normalized.pm, opt);
5190
5296
  }
5191
5297
  const response = $asai.$lib.As.ctxFail(err);
@@ -5193,7 +5299,7 @@ var reqWork_default = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, ($as
5193
5299
  }
5194
5300
  _chunkSMVZ3ZDJcjs.__name.call(void 0, sendFail, "sendFail");
5195
5301
  function mnLog(...arg) {
5196
- (_optionalChain([$asai, 'optionalAccess', _657 => _657.$log]) || console.log)(...arg);
5302
+ (_optionalChain([$asai, 'optionalAccess', _681 => _681.$log]) || console.log)(...arg);
5197
5303
  }
5198
5304
  _chunkSMVZ3ZDJcjs.__name.call(void 0, mnLog, "mnLog");
5199
5305
  return { hostDefault: hostDefault2, getPathFromOpt, sendSuccess, sendFail, sendErr, mnLog };
@@ -5226,7 +5332,7 @@ async function pathExists(filePath) {
5226
5332
  try {
5227
5333
  await _promises2.default.access(nodePath2.default.normalize(filePath));
5228
5334
  return true;
5229
- } catch (e45) {
5335
+ } catch (e49) {
5230
5336
  return false;
5231
5337
  }
5232
5338
  }
@@ -5293,7 +5399,7 @@ async function removeFile(filePath) {
5293
5399
  try {
5294
5400
  await _promises2.default.unlink(nodePath2.default.normalize(filePath));
5295
5401
  } catch (err) {
5296
- if (_optionalChain([err, 'optionalAccess', _658 => _658.code]) !== "ENOENT") throw err;
5402
+ if (_optionalChain([err, 'optionalAccess', _682 => _682.code]) !== "ENOENT") throw err;
5297
5403
  }
5298
5404
  }
5299
5405
  _chunkSMVZ3ZDJcjs.__name.call(void 0, removeFile, "removeFile");
@@ -5343,17 +5449,17 @@ _chunkSMVZ3ZDJcjs.__export.call(void 0, common_exports, {
5343
5449
  });
5344
5450
 
5345
5451
  function promisifySqlDb(query, sql) {
5346
- return new Promise((resolve5, reject) => {
5452
+ return new Promise((resolve6, reject) => {
5347
5453
  query(sql, (err, result) => {
5348
5454
  if (err) {
5349
5455
  reject(err);
5350
5456
  return;
5351
5457
  }
5352
5458
  if (!result || Array.isArray(result) && result.length === 0) {
5353
- resolve5("");
5459
+ resolve6("");
5354
5460
  return;
5355
5461
  }
5356
- resolve5(result);
5462
+ resolve6(result);
5357
5463
  });
5358
5464
  });
5359
5465
  }
@@ -5406,11 +5512,11 @@ function toInsertRows(sql) {
5406
5512
  }
5407
5513
  _chunkSMVZ3ZDJcjs.__name.call(void 0, toInsertRows, "toInsertRows");
5408
5514
  function isPathInside(baseDir, targetPath) {
5409
- const base = path5.resolve(baseDir);
5410
- const target = path5.resolve(targetPath);
5411
- const relative4 = path5.relative(base, target);
5412
- if (!relative4) return true;
5413
- return !relative4.startsWith("..") && !path5.isAbsolute(relative4);
5515
+ const base = path6.resolve(baseDir);
5516
+ const target = path6.resolve(targetPath);
5517
+ const relative5 = path6.relative(base, target);
5518
+ if (!relative5) return true;
5519
+ return !relative5.startsWith("..") && !path6.isAbsolute(relative5);
5414
5520
  }
5415
5521
  _chunkSMVZ3ZDJcjs.__name.call(void 0, isPathInside, "isPathInside");
5416
5522
  function joinTablePath(table, ...segments) {
@@ -5605,11 +5711,11 @@ function dbDriver(opt = {}) {
5605
5711
  this.fileExt = config.ext === ".*" ? "" : config.ext || "";
5606
5712
  this.fileDel = (config.del || 0) !== 0;
5607
5713
  this.createDir = config.create || false;
5608
- const root = _optionalChain([config, 'access', _659 => _659.$asai, 'optionalAccess', _660 => _660.serverRoot]) || _chunkHR5JKN7Ycjs.getPrimaryServerRoot.call(void 0, );
5609
- this.baseDirAbs = path6.resolve(root, config.dir);
5714
+ const root = _optionalChain([config, 'access', _683 => _683.$asai, 'optionalAccess', _684 => _684.serverRoot]) || _chunkHR5JKN7Ycjs.getPrimaryServerRoot.call(void 0, );
5715
+ this.baseDirAbs = path7.resolve(root, config.dir);
5610
5716
  }
5611
5717
  dbLog(...args) {
5612
- (_optionalChain([this, 'access', _661 => _661.config, 'optionalAccess', _662 => _662.$asai, 'optionalAccess', _663 => _663.$log]) || console.log)("FILE", ...args);
5718
+ (_optionalChain([this, 'access', _685 => _685.config, 'optionalAccess', _686 => _686.$asai, 'optionalAccess', _687 => _687.$log]) || console.log)("FILE", ...args);
5613
5719
  }
5614
5720
  checkFile(file) {
5615
5721
  return fs10.existsSync(this.getAbsPath(file, false));
@@ -5619,9 +5725,9 @@ function dbDriver(opt = {}) {
5619
5725
  if (!relPath) {
5620
5726
  return this.baseDirAbs;
5621
5727
  }
5622
- const abs = path6.isAbsolute(relPath) ? path6.normalize(relPath) : path6.resolve(this.baseDirAbs, relPath);
5728
+ const abs = path7.isAbsolute(relPath) ? path7.normalize(relPath) : path7.resolve(this.baseDirAbs, relPath);
5623
5729
  if (!isPathInside2(this.baseDirAbs, abs)) {
5624
- return this.baseDirAbs;
5730
+ throw new Error("Path not allowed");
5625
5731
  }
5626
5732
  return abs;
5627
5733
  }
@@ -5633,11 +5739,11 @@ function dbDriver(opt = {}) {
5633
5739
  if (!relPath) {
5634
5740
  return "";
5635
5741
  }
5636
- return path6.isAbsolute(relPath) ? path6.relative(this.baseDirAbs, relPath) : relPath;
5742
+ return path7.isAbsolute(relPath) ? path7.relative(this.baseDirAbs, relPath) : relPath;
5637
5743
  }
5638
5744
  ensureDir(relPath) {
5639
- const relative4 = this.normalizeRelPath(relPath);
5640
- const dirPath = path6.dirname(relative4);
5745
+ const relative5 = this.normalizeRelPath(relPath);
5746
+ const dirPath = path7.dirname(relative5);
5641
5747
  const absDir = this.resolvePath(dirPath === "." ? "" : dirPath);
5642
5748
  if (this.createDir && !fs10.existsSync(absDir)) {
5643
5749
  this.dbLog("mkdir", "[MKDIR]", absDir);
@@ -5663,9 +5769,9 @@ function dbDriver(opt = {}) {
5663
5769
  this.dbLog("delete", "[RMDIR]", absPath);
5664
5770
  const entries = fs10.readdirSync(absPath, { withFileTypes: true });
5665
5771
  for (const entry of entries) {
5666
- const current = path6.join(absPath, entry.name);
5772
+ const current = path7.join(absPath, entry.name);
5667
5773
  if (entry.isDirectory()) {
5668
- this.deldir(path6.join(relativePath, entry.name));
5774
+ this.deldir(path7.join(relativePath, entry.name));
5669
5775
  } else {
5670
5776
  this.dbLog("delete", "[UNLINK]", current);
5671
5777
  fs10.unlinkSync(current);
@@ -5675,9 +5781,9 @@ function dbDriver(opt = {}) {
5675
5781
  }
5676
5782
  getReadPath(file, sql) {
5677
5783
  const candidates = [];
5678
- if (_optionalChain([sql, 'optionalAccess', _664 => _664.filename])) {
5679
- candidates.push({ dir: path6.join(file, sql.filename) });
5680
- candidates.push({ dir: path6.join(file + ".delete" + this.fileExt, sql.filename) });
5784
+ if (_optionalChain([sql, 'optionalAccess', _688 => _688.filename])) {
5785
+ candidates.push({ dir: path7.join(file, sql.filename) });
5786
+ candidates.push({ dir: path7.join(file + ".delete" + this.fileExt, sql.filename) });
5681
5787
  } else {
5682
5788
  candidates.push({ dir: file });
5683
5789
  candidates.push({ dir: file + this.fileExt + ".delete" });
@@ -5695,20 +5801,20 @@ function dbDriver(opt = {}) {
5695
5801
  if (!read2.path) {
5696
5802
  return { path: "", dir: read2.dir };
5697
5803
  }
5698
- if (_optionalChain([sql, 'optionalAccess', _665 => _665.filename])) {
5699
- return { path: path6.dirname(read2.path), dir: path6.dirname(read2.dir) };
5804
+ if (_optionalChain([sql, 'optionalAccess', _689 => _689.filename])) {
5805
+ return { path: path7.dirname(read2.path), dir: path7.dirname(read2.dir) };
5700
5806
  }
5701
5807
  return { path: read2.path, dir: read2.dir };
5702
5808
  }
5703
5809
  getNewPath(file, sql) {
5704
- if (_optionalChain([sql, 'optionalAccess', _666 => _666.filename])) {
5705
- return this.getAbsPath(path6.join(file, sql.filename), true);
5810
+ if (_optionalChain([sql, 'optionalAccess', _690 => _690.filename])) {
5811
+ return this.getAbsPath(path7.join(file, sql.filename), true);
5706
5812
  }
5707
5813
  return this.getAbsPath(file, true);
5708
5814
  }
5709
5815
  write(file, data, sql) {
5710
5816
  try {
5711
- const filePath = _optionalChain([sql, 'optionalAccess', _667 => _667.type]) === "insert" ? this.getNewPath(file, sql) : this.getReadPath(file, sql).path || this.getNewPath(file, sql);
5817
+ const filePath = _optionalChain([sql, 'optionalAccess', _691 => _691.type]) === "insert" ? this.getNewPath(file, sql) : this.getReadPath(file, sql).path || this.getNewPath(file, sql);
5712
5818
  this.dbLog("write", "[WRITE]", filePath);
5713
5819
  fs10.writeFileSync(filePath, data, "utf8");
5714
5820
  return "ok";
@@ -5738,11 +5844,11 @@ function dbDriver(opt = {}) {
5738
5844
  if (!del.path) {
5739
5845
  return "";
5740
5846
  }
5741
- if (this.fileDel && _optionalChain([sql, 'optionalAccess', _668 => _668.deltrue])) {
5847
+ if (this.fileDel && _optionalChain([sql, 'optionalAccess', _692 => _692.deltrue])) {
5742
5848
  const target = del.path + ".delete" + this.fileExt;
5743
5849
  this.dbLog("soft delete", "[SOFT DELETE]", `${del.path} -> ${target}`);
5744
5850
  fs10.renameSync(del.path, target);
5745
- } else if (_optionalChain([sql, 'optionalAccess', _669 => _669.filename])) {
5851
+ } else if (_optionalChain([sql, 'optionalAccess', _693 => _693.filename])) {
5746
5852
  this.deldir(del.dir);
5747
5853
  } else {
5748
5854
  this.dbLog("delete", "[DELETE]", del.path);
@@ -5784,8 +5890,8 @@ function dbDriver(opt = {}) {
5784
5890
  let entries;
5785
5891
  try {
5786
5892
  entries = fs10.readdirSync(absDir, { withFileTypes: true });
5787
- } catch (e46) {
5788
- return _optionalChain([sql, 'optionalAccess', _670 => _670.list]) ? { open: [], delete: [] } : [];
5893
+ } catch (e50) {
5894
+ return _optionalChain([sql, 'optionalAccess', _694 => _694.list]) ? { open: [], delete: [] } : [];
5789
5895
  }
5790
5896
  const result = { open: [], delete: [] };
5791
5897
  const deleteSuffix = ".delete" + this.fileExt;
@@ -5795,19 +5901,19 @@ function dbDriver(opt = {}) {
5795
5901
  const isDelete = fileName.endsWith(deleteSuffix);
5796
5902
  const baseName = isDelete ? fileName.slice(0, -deleteSuffix.length) : fileName;
5797
5903
  if (this.fileExt && !baseName.endsWith(this.fileExt)) continue;
5798
- const fullPath = path6.join(absDir, fileName);
5904
+ const fullPath = path7.join(absDir, fileName);
5799
5905
  try {
5800
5906
  const data = fs10.readFileSync(fullPath, "utf8");
5801
5907
  const entryData = { data, file: baseName };
5802
5908
  if (isDelete) {
5803
- if (_optionalChain([sql, 'optionalAccess', _671 => _671.list])) result.delete.push(entryData);
5909
+ if (_optionalChain([sql, 'optionalAccess', _695 => _695.list])) result.delete.push(entryData);
5804
5910
  } else {
5805
5911
  result.open.push(entryData);
5806
5912
  }
5807
- } catch (e47) {
5913
+ } catch (e51) {
5808
5914
  }
5809
5915
  }
5810
- return _optionalChain([sql, 'optionalAccess', _672 => _672.list]) ? result : result.open;
5916
+ return _optionalChain([sql, 'optionalAccess', _696 => _696.list]) ? result : result.open;
5811
5917
  } catch (e) {
5812
5918
  this.dbLog("list failed", "[LIST ERROR]", e);
5813
5919
  return e;
@@ -5817,14 +5923,14 @@ function dbDriver(opt = {}) {
5817
5923
  getFileNameFromWhere(where) {
5818
5924
  if (!where || !Array.isArray(where)) return "";
5819
5925
  const first = where.find((item) => Array.isArray(item));
5820
- const raw = _optionalChain([first, 'optionalAccess', _673 => _673[2]]);
5926
+ const raw = _optionalChain([first, 'optionalAccess', _697 => _697[2]]);
5821
5927
  if (typeof raw === "string") {
5822
5928
  return raw.replace(/^'+|'+$/g, "");
5823
5929
  }
5824
5930
  return String(_nullishCoalesce(raw, () => ( "")));
5825
5931
  }
5826
5932
  sqlDb(sql) {
5827
- return new Promise((resolve5, reject) => {
5933
+ return new Promise((resolve6, reject) => {
5828
5934
  try {
5829
5935
  let result;
5830
5936
  const tableDir = this.tableFilePath(sql.table);
@@ -5842,22 +5948,22 @@ function dbDriver(opt = {}) {
5842
5948
  const data = sql.set[0][1];
5843
5949
  result = this.write(this.tableFilePath(sql.table, file), data, sql);
5844
5950
  } else if (sql.type === "select") {
5845
- if (_optionalChain([sql, 'optionalAccess', _674 => _674.where, 'optionalAccess', _675 => _675.length]) && _optionalChain([sql, 'optionalAccess', _676 => _676.as]) !== 2) {
5951
+ if (_optionalChain([sql, 'optionalAccess', _698 => _698.where, 'optionalAccess', _699 => _699.length]) && _optionalChain([sql, 'optionalAccess', _700 => _700.as]) !== 2) {
5846
5952
  const file = this.getFileNameFromWhere(sql.where);
5847
5953
  const readRes = this.read(this.tableFilePath(sql.table, file), sql);
5848
5954
  const resObj = {};
5849
- if (_optionalChain([readRes, 'optionalAccess', _677 => _677[0], 'optionalAccess', _678 => _678.file]) && !readRes.error) {
5955
+ if (_optionalChain([readRes, 'optionalAccess', _701 => _701[0], 'optionalAccess', _702 => _702.file]) && !readRes.error) {
5850
5956
  if (sql.as === 1) {
5851
5957
  try {
5852
5958
  const parsed = JSON.parse(readRes[0].data);
5853
- if (_optionalChain([sql, 'access', _679 => _679.field, 'optionalAccess', _680 => _680.length])) {
5959
+ if (_optionalChain([sql, 'access', _703 => _703.field, 'optionalAccess', _704 => _704.length])) {
5854
5960
  sql.field.forEach((f) => {
5855
5961
  resObj[f] = _nullishCoalesce(parsed[f], () => ( ""));
5856
5962
  });
5857
5963
  } else {
5858
5964
  Object.assign(resObj, parsed);
5859
5965
  }
5860
- } catch (e48) {
5966
+ } catch (e52) {
5861
5967
  }
5862
5968
  } else {
5863
5969
  const fields = sql.field;
@@ -5871,7 +5977,7 @@ function dbDriver(opt = {}) {
5871
5977
  } else {
5872
5978
  const listRes = this.list(tableDir, sql);
5873
5979
  if (listRes && !listRes.error) {
5874
- if (_optionalChain([sql, 'optionalAccess', _681 => _681.list])) {
5980
+ if (_optionalChain([sql, 'optionalAccess', _705 => _705.list])) {
5875
5981
  const mapEntry = /* @__PURE__ */ _chunkSMVZ3ZDJcjs.__name.call(void 0, (el) => {
5876
5982
  const fields = sql.field;
5877
5983
  const item = { [fields[0]]: el.file };
@@ -5882,9 +5988,9 @@ function dbDriver(opt = {}) {
5882
5988
  if (listRes.delete) listRes.delete = listRes.delete.map(mapEntry);
5883
5989
  result = listRes;
5884
5990
  } else {
5885
- if (_optionalChain([sql, 'optionalAccess', _682 => _682.as]) === 2) {
5991
+ if (_optionalChain([sql, 'optionalAccess', _706 => _706.as]) === 2) {
5886
5992
  let items = listRes;
5887
- if (_optionalChain([sql, 'access', _683 => _683.where, 'optionalAccess', _684 => _684.length])) {
5993
+ if (_optionalChain([sql, 'access', _707 => _707.where, 'optionalAccess', _708 => _708.length])) {
5888
5994
  const where = sql.where;
5889
5995
  const whereType = typeof where[0] === "string" ? where[0] : "and";
5890
5996
  items = items.filter((el) => {
@@ -5898,7 +6004,7 @@ function dbDriver(opt = {}) {
5898
6004
  let fieldVal = "";
5899
6005
  try {
5900
6006
  fieldVal = _nullishCoalesce(JSON.parse(el.data)[field], () => ( ""));
5901
- } catch (e49) {
6007
+ } catch (e53) {
5902
6008
  }
5903
6009
  const condMatch = String(fieldVal).includes(searchVal);
5904
6010
  if (whereType === "and") {
@@ -5916,18 +6022,18 @@ function dbDriver(opt = {}) {
5916
6022
  const obj = {};
5917
6023
  try {
5918
6024
  const parsed = JSON.parse(el.data);
5919
- if (_optionalChain([sql, 'access', _685 => _685.field, 'optionalAccess', _686 => _686.length])) {
6025
+ if (_optionalChain([sql, 'access', _709 => _709.field, 'optionalAccess', _710 => _710.length])) {
5920
6026
  sql.field.forEach((f) => {
5921
6027
  obj[f] = _nullishCoalesce(parsed[f], () => ( ""));
5922
6028
  });
5923
6029
  } else {
5924
6030
  Object.assign(obj, parsed);
5925
6031
  }
5926
- } catch (e50) {
6032
+ } catch (e54) {
5927
6033
  }
5928
6034
  return obj;
5929
6035
  });
5930
- if (_optionalChain([sql, 'access', _687 => _687.order, 'optionalAccess', _688 => _688.length])) {
6036
+ if (_optionalChain([sql, 'access', _711 => _711.order, 'optionalAccess', _712 => _712.length])) {
5931
6037
  const orderField = sql.order[0];
5932
6038
  const orderFieldName = typeof orderField === "string" ? orderField : orderField[0];
5933
6039
  const direction = typeof orderField === "string" ? "ASC" : String(orderField[1]).toUpperCase();
@@ -5948,12 +6054,12 @@ function dbDriver(opt = {}) {
5948
6054
  }
5949
6055
  }
5950
6056
  } else {
5951
- result = _optionalChain([sql, 'optionalAccess', _689 => _689.list]) ? { open: [], delete: [] } : [];
6057
+ result = _optionalChain([sql, 'optionalAccess', _713 => _713.list]) ? { open: [], delete: [] } : [];
5952
6058
  }
5953
6059
  }
5954
6060
  }
5955
6061
  if (result !== void 0) {
5956
- resolve5(result);
6062
+ resolve6(result);
5957
6063
  } else {
5958
6064
  reject("");
5959
6065
  }
@@ -6004,7 +6110,7 @@ function sysserver($asai, opt = {}) {
6004
6110
  if (!$asai.$lib) $asai.$lib = {};
6005
6111
  $asai.$lib = { ...lib_default, ...$asai.$lib, ...opt || {} };
6006
6112
  $asai.dataserver = db_default;
6007
- _optionalChain([$asai, 'access', _690 => _690.$lib, 'access', _691 => _691.ErrorCode, 'optionalAccess', _692 => _692.loadErrorCodes, 'optionalCall', _693 => _693($asai)]);
6113
+ _optionalChain([$asai, 'access', _714 => _714.$lib, 'access', _715 => _715.ErrorCode, 'optionalAccess', _716 => _716.loadErrorCodes, 'optionalCall', _717 => _717($asai)]);
6008
6114
  if (!$asai.$lib.api) $asai.$lib.api = {};
6009
6115
  $asai.$lib.api = { ...api_default, ...$asai.$lib.api };
6010
6116
  if (!$asai.$lib.ws) $asai.$lib.ws = {};
@@ -6197,7 +6303,7 @@ function normalizeDataStoresConfig(cfg) {
6197
6303
  }
6198
6304
  if (userStore.opt.create == null) userStore.opt.create = 1;
6199
6305
  }
6200
- if (!stores.log && _optionalChain([cfg, 'access', _694 => _694.logger, 'optionalAccess', _695 => _695.store])) {
6306
+ if (!stores.log && _optionalChain([cfg, 'access', _718 => _718.logger, 'optionalAccess', _719 => _719.store])) {
6201
6307
  const s = cfg.logger.store;
6202
6308
  stores.log = {
6203
6309
  type: s.type || "file",
@@ -6261,13 +6367,13 @@ function validateHostConfig(cfg) {
6261
6367
  if (cfg.asaisn != null) {
6262
6368
  errors.push("asaisn \u7981\u6B62\u5199\u5165 asaihost.json\uFF0C\u8BF7\u4F7F\u7528 ASAI_ASAISN");
6263
6369
  }
6264
- if (_optionalChain([cfg, 'access', _696 => _696.aes, 'optionalAccess', _697 => _697.keybase64]) != null) {
6370
+ if (_optionalChain([cfg, 'access', _720 => _720.aes, 'optionalAccess', _721 => _721.keybase64]) != null) {
6265
6371
  errors.push("aes.keybase64 \u7981\u6B62\u5199\u5165 asaihost.json\uFF0C\u8BF7\u4F7F\u7528 ASAI_AES_KEYBASE64");
6266
6372
  }
6267
- if (_optionalChain([cfg, 'access', _698 => _698.httpscert, 'optionalAccess', _699 => _699.key]) != null || _optionalChain([cfg, 'access', _700 => _700.httpscert, 'optionalAccess', _701 => _701.cert]) != null) {
6373
+ if (_optionalChain([cfg, 'access', _722 => _722.httpscert, 'optionalAccess', _723 => _723.key]) != null || _optionalChain([cfg, 'access', _724 => _724.httpscert, 'optionalAccess', _725 => _725.cert]) != null) {
6268
6374
  errors.push("httpscert.key/cert \u7981\u6B62\u5185\u8054\u4E8E asaihost.json\uFF0C\u8BF7\u4F7F\u7528 keyPath/certPath \u6216\u73AF\u5883\u53D8\u91CF");
6269
6375
  }
6270
- if (_optionalChain([cfg, 'access', _702 => _702.security, 'optionalAccess', _703 => _703.sessionSecret]) != null) {
6376
+ if (_optionalChain([cfg, 'access', _726 => _726.security, 'optionalAccess', _727 => _727.sessionSecret]) != null) {
6271
6377
  errors.push("security.sessionSecret \u7981\u6B62\u5199\u5165 asaihost.json\uFF0C\u8BF7\u4F7F\u7528 ASAI_SESSION_SECRET");
6272
6378
  }
6273
6379
  if (Array.isArray(cfg.wssec) && typeof cfg.wssec[0] === "string" && cfg.wssec[0].length > 0) {
@@ -6322,10 +6428,10 @@ function validateHostConfig(cfg) {
6322
6428
  validateHostSiteLimits(name, h, errors);
6323
6429
  }
6324
6430
  }
6325
- if (_optionalChain([cfg, 'access', _704 => _704.logger, 'optionalAccess', _705 => _705.sample]) && typeof cfg.logger.sample !== "object") {
6431
+ if (_optionalChain([cfg, 'access', _728 => _728.logger, 'optionalAccess', _729 => _729.sample]) && typeof cfg.logger.sample !== "object") {
6326
6432
  errors.push('logger.sample \u5FC5\u987B\u4E3A\u5BF9\u8C61\uFF08\u5982 { "REQ_OTHER": 0.1 }\uFF09');
6327
6433
  }
6328
- if (_optionalChain([cfg, 'access', _706 => _706.logger, 'optionalAccess', _707 => _707.skip]) != null && !Array.isArray(cfg.logger.skip)) {
6434
+ if (_optionalChain([cfg, 'access', _730 => _730.logger, 'optionalAccess', _731 => _731.skip]) != null && !Array.isArray(cfg.logger.skip)) {
6329
6435
  errors.push('logger.skip \u5FC5\u987B\u4E3A\u5B57\u7B26\u4E32\u6570\u7EC4\uFF08\u5982 ["/sys/info/metrics"]\uFF09');
6330
6436
  }
6331
6437
  if (cfg.proxyhosts && typeof cfg.proxyhosts === "object") {
@@ -6359,7 +6465,7 @@ _chunkSMVZ3ZDJcjs.__name.call(void 0, validateHostSiteLimits, "validateHostSiteL
6359
6465
  function validateProductionSecurity(cfg) {
6360
6466
  const errors = [];
6361
6467
  if (process.env.NODE_ENV !== "production") return errors;
6362
- const sec = _optionalChain([cfg, 'optionalAccess', _708 => _708.security]);
6468
+ const sec = _optionalChain([cfg, 'optionalAccess', _732 => _732.security]);
6363
6469
  if (!sec || typeof sec !== "object") {
6364
6470
  errors.push("\u751F\u4EA7\u73AF\u5883\u5FC5\u987B\u914D\u7F6E security \u5BF9\u8C61");
6365
6471
  return errors;
@@ -6370,7 +6476,7 @@ function validateProductionSecurity(cfg) {
6370
6476
  if (sec.allowRegister === 1) {
6371
6477
  errors.push("\u751F\u4EA7\u73AF\u5883 security.allowRegister \u5E94\u4E3A 0\uFF08CR 1.3 \u7981\u6B62\u5F00\u653E\u6CE8\u518C\uFF09");
6372
6478
  }
6373
- if (!_optionalChain([sec, 'access', _709 => _709.quota, 'optionalAccess', _710 => _710.enabled])) {
6479
+ if (!_optionalChain([sec, 'access', _733 => _733.quota, 'optionalAccess', _734 => _734.enabled])) {
6374
6480
  errors.push("\u751F\u4EA7\u73AF\u5883 security.quota.enabled \u5E94\u4E3A 1\uFF08CR 7.1 \u8D44\u6E90\u9650\u5236\uFF09");
6375
6481
  }
6376
6482
  if (sec.csp !== 1) {
@@ -6379,7 +6485,7 @@ function validateProductionSecurity(cfg) {
6379
6485
  if (typeof sec.minUserLevel !== "number" || sec.minUserLevel < 0) {
6380
6486
  errors.push("\u751F\u4EA7\u73AF\u5883 security.minUserLevel \u5E94\u663E\u5F0F\u914D\u7F6E");
6381
6487
  }
6382
- if (sec.forceWss === 1 && !_optionalChain([cfg, 'optionalAccess', _711 => _711.httpscert, 'optionalAccess', _712 => _712.keyPath]) && !_optionalChain([cfg, 'optionalAccess', _713 => _713.httpscert, 'optionalAccess', _714 => _714.key])) {
6488
+ if (sec.forceWss === 1 && !_optionalChain([cfg, 'optionalAccess', _735 => _735.httpscert, 'optionalAccess', _736 => _736.keyPath]) && !_optionalChain([cfg, 'optionalAccess', _737 => _737.httpscert, 'optionalAccess', _738 => _738.key])) {
6383
6489
  errors.push("\u751F\u4EA7\u73AF\u5883 security.forceWss=1 \u65F6\u9700\u914D\u7F6E HTTPS \u8BC1\u4E66");
6384
6490
  }
6385
6491
  return errors;
@@ -6398,12 +6504,12 @@ var DEFAULT_RECONNECT = {
6398
6504
  rs485: { enabled: true, maxRetries: 60, initialDelay: 3e3, maxDelay: 3e4, factor: 2 }
6399
6505
  };
6400
6506
  function getTransportBlock(cfg, kind) {
6401
- const block = _optionalChain([cfg, 'optionalAccess', _715 => _715[kind]]);
6507
+ const block = _optionalChain([cfg, 'optionalAccess', _739 => _739[kind]]);
6402
6508
  return block && typeof block === "object" ? block : null;
6403
6509
  }
6404
6510
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getTransportBlock, "getTransportBlock");
6405
6511
  function getTransportDefault(cfg, kind) {
6406
- const def = _optionalChain([getTransportBlock, 'call', _716 => _716(cfg, kind), 'optionalAccess', _717 => _717.default]);
6512
+ const def = _optionalChain([getTransportBlock, 'call', _740 => _740(cfg, kind), 'optionalAccess', _741 => _741.default]);
6407
6513
  return def && typeof def === "object" ? def : null;
6408
6514
  }
6409
6515
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getTransportDefault, "getTransportDefault");
@@ -6413,7 +6519,7 @@ function hasTransportDefault(cfg, kind) {
6413
6519
  _chunkSMVZ3ZDJcjs.__name.call(void 0, hasTransportDefault, "hasTransportDefault");
6414
6520
  function getDefaultConnId(cfg, kind) {
6415
6521
  const def = getTransportDefault(cfg, kind);
6416
- const id = _optionalChain([def, 'optionalAccess', _718 => _718.id]);
6522
+ const id = _optionalChain([def, 'optionalAccess', _742 => _742.id]);
6417
6523
  return typeof id === "string" && id.length > 0 ? id : DEFAULT_CONN_ID[kind];
6418
6524
  }
6419
6525
  _chunkSMVZ3ZDJcjs.__name.call(void 0, getDefaultConnId, "getDefaultConnId");
@@ -6424,14 +6530,14 @@ function shouldAutoConnect(def) {
6424
6530
  _chunkSMVZ3ZDJcjs.__name.call(void 0, shouldAutoConnect, "shouldAutoConnect");
6425
6531
  function resolveReconnectOptions(def, kind, cfg) {
6426
6532
  const base = DEFAULT_RECONNECT[kind];
6427
- const rc = _optionalChain([def, 'optionalAccess', _719 => _719.reconnect]);
6428
- const tmMaxTry = _optionalChain([cfg, 'optionalAccess', _720 => _720.tm, 'optionalAccess', _721 => _721.maxtry]);
6533
+ const rc = _optionalChain([def, 'optionalAccess', _743 => _743.reconnect]);
6534
+ const tmMaxTry = _optionalChain([cfg, 'optionalAccess', _744 => _744.tm, 'optionalAccess', _745 => _745.maxtry]);
6429
6535
  return {
6430
- enabled: _optionalChain([rc, 'optionalAccess', _722 => _722.enabled]) !== false && base.enabled !== false,
6431
- maxRetries: _nullishCoalesce(_nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _723 => _723.maxRetries]), () => ( tmMaxTry)), () => ( base.maxRetries)), () => ( 60)),
6432
- initialDelay: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _724 => _724.initialDelay]), () => ( base.initialDelay)), () => ( 1e3)),
6433
- maxDelay: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _725 => _725.maxDelay]), () => ( base.maxDelay)), () => ( 3e4)),
6434
- factor: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _726 => _726.factor]), () => ( base.factor)), () => ( 2))
6536
+ enabled: _optionalChain([rc, 'optionalAccess', _746 => _746.enabled]) !== false && base.enabled !== false,
6537
+ maxRetries: _nullishCoalesce(_nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _747 => _747.maxRetries]), () => ( tmMaxTry)), () => ( base.maxRetries)), () => ( 60)),
6538
+ initialDelay: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _748 => _748.initialDelay]), () => ( base.initialDelay)), () => ( 1e3)),
6539
+ maxDelay: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _749 => _749.maxDelay]), () => ( base.maxDelay)), () => ( 3e4)),
6540
+ factor: _nullishCoalesce(_nullishCoalesce(_optionalChain([rc, 'optionalAccess', _750 => _750.factor]), () => ( base.factor)), () => ( 2))
6435
6541
  };
6436
6542
  }
6437
6543
  _chunkSMVZ3ZDJcjs.__name.call(void 0, resolveReconnectOptions, "resolveReconnectOptions");
@@ -6481,17 +6587,17 @@ function createTransportDataHandler($asai, manager) {
6481
6587
  if (typeof event.data === "string") {
6482
6588
  try {
6483
6589
  event.data = JSON.parse(event.data);
6484
- } catch (e51) {
6590
+ } catch (e55) {
6485
6591
  }
6486
6592
  }
6487
- if (_optionalChain([event, 'access', _727 => _727.data, 'optionalAccess', _728 => _728.id])) {
6593
+ if (_optionalChain([event, 'access', _751 => _751.data, 'optionalAccess', _752 => _752.id])) {
6488
6594
  manager.watch(event.id, event.data);
6489
6595
  return;
6490
6596
  }
6491
6597
  try {
6492
- const wsKey = _optionalChain([$asai, 'optionalAccess', _729 => _729.command, 'optionalAccess', _730 => _730.commandconfig, 'optionalAccess', _731 => _731.config, 'optionalAccess', _732 => _732.commandclient]);
6493
- _optionalChain([$asai, 'access', _733 => _733.serversws, 'optionalAccess', _734 => _734[wsKey], 'optionalAccess', _735 => _735.broadws, 'optionalCall', _736 => _736(event.data)]);
6494
- } catch (e52) {
6598
+ const wsKey = _optionalChain([$asai, 'optionalAccess', _753 => _753.command, 'optionalAccess', _754 => _754.commandconfig, 'optionalAccess', _755 => _755.config, 'optionalAccess', _756 => _756.commandclient]);
6599
+ _optionalChain([$asai, 'access', _757 => _757.serversws, 'optionalAccess', _758 => _758[wsKey], 'optionalAccess', _759 => _759.broadws, 'optionalCall', _760 => _760(event.data)]);
6600
+ } catch (e56) {
6495
6601
  }
6496
6602
  };
6497
6603
  }
@@ -6563,7 +6669,7 @@ var initAsaiHostNodejs2 = {
6563
6669
  createTransportDataHandler,
6564
6670
  wireTransportConnectionLogs
6565
6671
  };
6566
- var PLUGIN_VERSION = true ? "0.0.6" : "0.0.1";
6672
+ var PLUGIN_VERSION = true ? "0.0.9" : "0.0.1";
6567
6673
  var index_default = initAsaiHostNodejs2;
6568
6674
 
6569
6675