modelence 0.19.1 → 0.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/dist/bin/modelence.js +2 -2
  2. package/dist/bin/modelence.js.map +1 -1
  3. package/dist/chunk-FCIMWI4V.js +3 -0
  4. package/dist/chunk-FCIMWI4V.js.map +1 -0
  5. package/dist/chunk-N7XT2ULQ.js +2 -0
  6. package/dist/chunk-N7XT2ULQ.js.map +1 -0
  7. package/dist/chunk-SD3ERG2G.js +3 -0
  8. package/dist/chunk-SD3ERG2G.js.map +1 -0
  9. package/dist/chunk-SNADMLAT.js +2 -0
  10. package/dist/chunk-SNADMLAT.js.map +1 -0
  11. package/dist/chunk-YLLX26A4.js +2 -0
  12. package/dist/chunk-YLLX26A4.js.map +1 -0
  13. package/dist/chunk-YRR32LTF.js +2 -0
  14. package/dist/chunk-YRR32LTF.js.map +1 -0
  15. package/dist/chunk-ZBCGBZPH.js +29 -0
  16. package/dist/chunk-ZBCGBZPH.js.map +1 -0
  17. package/dist/client.d.ts +67 -5
  18. package/dist/client.js +1 -1
  19. package/dist/client.js.map +1 -1
  20. package/dist/collectCss-4YETFI7P.js +2 -0
  21. package/dist/collectCss-4YETFI7P.js.map +1 -0
  22. package/dist/{index-CLpVWWuj.d.ts → index-CgNFVSg6.d.ts} +1 -1
  23. package/dist/index.d.ts +2 -2
  24. package/dist/index.js +1 -1
  25. package/dist/{package-FOVTOR5M.js → package-KMCDUMYP.js} +2 -2
  26. package/dist/{package-FOVTOR5M.js.map → package-KMCDUMYP.js.map} +1 -1
  27. package/dist/render-STDR67WK.js +2 -0
  28. package/dist/render-STDR67WK.js.map +1 -0
  29. package/dist/renderApp-ZDNATNY6.js +2 -0
  30. package/dist/renderApp-ZDNATNY6.js.map +1 -0
  31. package/dist/server-KXQSHJIH.js +2 -0
  32. package/dist/server-KXQSHJIH.js.map +1 -0
  33. package/dist/server.d.ts +30 -8
  34. package/dist/server.js +1 -20
  35. package/dist/server.js.map +1 -1
  36. package/dist/transport-W6JIYZKZ.js +2 -0
  37. package/dist/transport-W6JIYZKZ.js.map +1 -0
  38. package/dist/{types-CzGfkwti.d.ts → types-B_R3eHmq.d.ts} +6 -6
  39. package/dist/{types-JMIT4IDG.d.ts → types-_BTBqn8b.d.ts} +2 -2
  40. package/dist/types.d.ts +3 -3
  41. package/package.json +3 -1
  42. package/dist/chunk-VBRGC3XM.js +0 -3
  43. package/dist/chunk-VBRGC3XM.js.map +0 -1
@@ -0,0 +1,29 @@
1
+ import {s as s$1}from'./chunk-FCIMWI4V.js';import {a,b as b$1,c,o,p,q,r,k as k$1,l,j as j$1,w as w$1,i,m,h,n,s,x,y,z as z$2,A as A$1,d as d$1,B as B$1,u,t,e as e$1,E as E$1,C,D}from'./chunk-SD3ERG2G.js';import {b as b$2,d,a as a$4}from'./chunk-MIRF7FP3.js';import {a as a$2,f,e,g,c as c$1,h as h$1,k as k$2,j as j$2,d as d$2,i as i$1,l as l$1,m as m$1}from'./chunk-7LPSX5A6.js';import {a as a$3,b as b$3}from'./chunk-5M6FUMUK.js';import {a as a$1}from'./chunk-DO5TZLF5.js';import No from'dotenv';import Wr from'fs/promises';import wr from'os';import q$1 from'path';import {Server}from'socket.io';import {createAdapter}from'@socket.io/mongo-adapter';import {MongoClient,MongoError,ObjectId,MongoServerError}from'mongodb';export{ObjectId as m}from'mongodb';import Xo from'bcrypt';import U,{z as z$1}from'zod';import {randomBytes,randomUUID}from'crypto';import {createServer,defineConfig,loadConfigFromFile,mergeConfig}from'vite';import Mr from'@vitejs/plugin-react';import Ee from'fs';import T,{Router}from'express';import Mn from'cookie-parser';import Nn from'http';var re=new a("_system",{configSchema:{mongodbUri:{type:"secret",isPublic:false,default:""},mongodbPoolSize:{type:"number",isPublic:false,default:10},"env.type":{type:"string",isPublic:true,default:""},"site.url":{type:"string",isPublic:true,default:""},multiInstance:{type:"boolean",isPublic:false,default:false}}});var M=null;async function _t(){if(M)return M;let e=j();if(!e)throw new Error("MongoDB URI is not set");let t=re.getConfig("mongodbPoolSize");M=new MongoClient(e,{driverInfo:{name:"Modelence",version:s$1.version},ignoreUndefined:true,maxPoolSize:t});try{return await M.connect(),await M.db("admin").command({ping:1}),console.log("Pinged your deployment. You successfully connected to MongoDB!"),M}catch(o){throw console.error(o),M=null,o}}function j(){return re.getConfig("mongodbUri")||void 0}function fe(){return M}var ne=null,Wo="_modelenceSocketio",Pt=60;async function Jo({httpServer:e,channels:t}){let o=fe(),r=!!a$2("_system.multiInstance");console.log("Initializing Socket.IO server...");let n=null;if(r&&o){n=o.db().collection(Wo);try{await n.createIndex({createdAt:1},{expireAfterSeconds:Pt,background:!0});}catch(i){if(i instanceof Error&&"code"in i&&i.code===85)try{await n.dropIndex("createdAt_1"),await n.createIndex({createdAt:1},{expireAfterSeconds:Pt,background:!0});}catch(s){console.error("Failed to recreate index on MongoDB collection for Socket.IO:",s);}else console.error("Failed to create index on MongoDB collection for Socket.IO:",i);}}ne=new Server(e,{cors:{origin:"*",methods:["GET","POST"]},adapter:n?createAdapter(n):void 0,transports:["websocket"],perMessageDeflate:false}),ne.on("error",i=>{console.error("Socket.IO error:",i);}),ne.use(async(i,s)=>{let a=i.handshake.auth.token;try{i.data=await u(a);}finally{s();}}),ne.on("connection",i=>{i.on("disconnect",()=>{E$1(i);}),i.on("joinChannel",async s=>{let[a]=s.split(":"),c=false;for(let l of t)if(l.category===a){(!l.canAccessChannel||await l.canAccessChannel(i.data))&&(i.join(s),c=true,i.emit("joinedChannel",s));break}c||i.emit("joinError",{channel:s,error:"Access denied"});}),i.on("leaveChannel",s=>{i.leave(s),console.log(`User ${i.id} left channel ${s}`),i.emit("leftChannel",s);}),i.on("subscribeLiveQuery",s=>C(i,s)),i.on("unsubscribeLiveQuery",s=>D(i,s));}),console.log("Socket.IO server initialized");}function Ko({category:e,id:t,data:o}){ne?.to(`${e}:${t}`).emit(e,o);}var Lt={init:Jo,broadcast:Ko};async function Mt(e){let t=e.toLowerCase().trim().split("@");if(t.length!==2)return false;let o=t[1];return !!await p.findOne({domain:o})}var Nt={interval:a$1.days(1),async handler(){let e=await fetch("https://disposable.github.io/disposable-email-domains/domains.txt");if(!e.ok)throw new Error(`HTTP ${e.status}: ${e.statusText}`);let o=(await e.text()).split(`
2
+ `).map(i=>i.trim().toLowerCase()).filter(i=>i.length>0),r=new Date,n=500;for(let i=0;i<o.length;i+=n){let s=o.slice(i,i+n);try{await p.insertMany(s.map(a=>({domain:a,addedAt:r})));}catch(a){a&&typeof a=="object"&&"name"in a&&a.name;}}}};var ge=3,H=50,Ut=8,Tt=128,It=254,$t=e=>z$1.string().trim().min(e.min??1,{message:`must be at least ${e.min??1} characters`}).max(e.max,{message:`must be at most ${e.max} characters`}),Ne=e=>z$1.string().trim().max(e.max,{message:`must be at most ${e.max} characters`}).transform(t=>t===""?void 0:t).optional(),Qo=z$1.object({firstName:Ne({max:50}),lastName:Ne({max:50}),avatarUrl:Ne({max:400}),handle:$t({min:ge,max:H})}).strict();function he(e){let t=Qo.partial().safeParse(e);if(!t.success){let o=t.error.issues[0],r=o.path.join("."),n=r?`${r}: ${o.message}`:o.message;throw new Error(n)}return t.data}function we(e){return z$1.string().min(Ut,{message:`Password must contain at least ${Ut} characters`}).max(Tt,{message:`Password must be at most ${Tt} characters`}).parse(e)}function N(e){return z$1.string().max(It,{message:`Email must be at most ${It} characters`}).email({message:"Invalid email address"}).parse(e).toLowerCase()}function Dt(e){return $t({min:ge,max:H}).parse(e)}function ye(e){return {id:e._id,handle:e.handle,roles:e.roles||[],firstName:e.firstName??void 0,lastName:e.lastName??void 0,avatarUrl:e.avatarUrl??void 0}}async function jt(e){let t=e.slice(0,H);try{if(!await o.findOne({handle:t},{collation:{locale:"en",strength:2}}))return t}catch(n){throw new Error(`Database error while checking handle availability: ${n}`)}let o$1=51;for(let n=2;n<=o$1;n++){let i=`_${n}`,s=`${t.slice(0,H-i.length)}${i}`;try{if(!await o.findOne({handle:s},{collation:{locale:"en",strength:2}}))return s}catch(a){throw new Error(`Database error while checking handle "${s}": ${a}`)}}let r=10;for(let n=0;n<r;n++){let i=`_${randomBytes(3).toString("hex")}`,s=`${t.slice(0,H-i.length)}${i}`;try{if(!await o.findOne({handle:s},{collation:{locale:"en",strength:2}}))return s}catch(a){throw new Error(`Database error while checking handle "${s}": ${a}`)}}throw new Error(`Could not generate a unique handle for base "${e}" after exhausting all attempts.`)}async function F(e,t,{throwOnConflict:o$1=true}={}){if(e!=null&&String(e).trim()!==""){let n=Dt(String(e).trim());if(o$1){if(await o.findOne({handle:n},{collation:{locale:"en",strength:2}}))throw new Error("Handle already taken.");return n}return jt(n)}let r=t.split("@")[0].padEnd(ge,"_").slice(0,H);return jt(r)}var Ue=Object.freeze({});function Te(e){Ue=Object.freeze(Object.assign({},Ue,e));}function b(){return Ue}var Ie=Object.freeze({});function Ht(e){Ie=Object.freeze(Object.assign({},Ie,e));}function E(){return Ie}function er(){return b()?.provider?!!a$2("_system.user.auth.email.verification"):false}async function Gt(e,{user:t,session:o$1,connectionInfo:r,res:n}){try{if(!o$1)throw new Error("Session is not initialized");let i=r?.ip;i&&await A({bucket:"signin",type:"ip",value:i});let s=N(e.email),a=z$1.string().parse(e.password),c=await o.findOne({"emails.address":s,status:{$nin:["deleted","disabled"]}},{collation:{locale:"en",strength:2}}),l$1=c?.authMethods?.password?.hash;if(!l$1)throw Ft();if(!c.emails?.find(f=>f.address.toLowerCase()===s)?.verified&&er())throw new b$2("Your email address hasn't been verified yet. Please check your inbox for the verification email.","EMAIL_NOT_VERIFIED");if(!await Xo.compare(a,l$1))throw Ft();return await h(o$1.authToken,c._id),n&&l(n,o$1.authToken),E().onAfterLogin?.({provider:"email",user:c,session:o$1,connectionInfo:r}),E().login?.onSuccess?.(c),{user:ye(c),session:{authToken:o$1.authToken}}}catch(i){throw i instanceof Error&&(E().onLoginError?.({provider:"email",error:i,session:o$1,connectionInfo:r}),E().login?.onError?.(i)),i}}async function Vt(e,{session:t,res:o}){if(!t)throw new Error("Session is not initialized");await i(t.authToken),o&&m(o);}function Ft(){return new Error("Incorrect email/password combination")}async function Bt(e,{user:t}){if(!t)throw new Error("Not authenticated");let o$1=await o.requireById(t.id);return {handle:o$1.handle,emails:o$1.emails,authMethods:Object.keys(o$1.authMethods||{}),firstName:o$1.firstName??void 0,lastName:o$1.lastName??void 0,avatarUrl:o$1.avatarUrl??void 0}}async function zt(e,{user:t}){if(!t)throw new Error("Not authenticated");let o$1=await o.requireById(t.id),r=he(e);if(await E().validateProfileUpdate?.(r),"handle"in r&&r.handle!==void 0&&await o.findOne({handle:r.handle,_id:{$ne:o$1._id}},{collation:{locale:"en",strength:2}}))throw new Error("Handle already taken.");if(Object.keys(r).length>0){let n={},i={};for(let[a,c]of Object.entries(r))c===void 0?i[a]="":n[a]=c;let s={};Object.keys(n).length>0&&(s.$set=n),Object.keys(i).length>0&&(s.$unset=i);try{await o.updateOne({_id:o$1._id},s);let a=Object.fromEntries(Object.keys(i).map(c=>[c,void 0]));o$1={...o$1,...n,...a};}catch(a){throw a instanceof Error&&"code"in a&&a.code===11e3?new Error("Handle already taken."):a}}return {user:ye(o$1)}}var $e=["google","github"];async function qt({provider:e},{user:t}){if(!t)throw new Error("You must be signed in to unlink a provider.");if(typeof e!="string"||!$e.includes(e))throw new Error(`Invalid provider. Supported providers are: ${$e.join(", ")}.`);let o$1=await o.requireById(t.id),r=o$1.authMethods??{};if(!r[e])throw new Error(`${e} is not linked to your account.`);if(Object.values(r).filter(Boolean).length<=1)throw new Error("Cannot unlink your only authentication method. Please add another method first.");let s=Object.keys(r).filter(l=>l!==e&&r[l]),a=s.length>0?{$or:s.map(l=>({[`authMethods.${l}`]:{$exists:true}}))}:{};if((await o.updateOne({_id:o$1._id,...a},{$unset:{[`authMethods.${e}`]:""}})).matchedCount===0)throw new Error("Cannot unlink your only authentication method. Please add another method first.")}var se=new b$1("_modelenceRateLimits",{schema:{bucket:c.string(),type:c.enum(["ip","user","email"]),value:c.string(),windowMs:c.number(),windowStart:c.date(),windowCount:c.number(),prevWindowCount:c.number(),expiresAt:c.date()},indexes:[{key:{bucket:1,type:1,value:1,windowMs:1},unique:true},{key:{expiresAt:1},expireAfterSeconds:0}]});var De=[];function Wt(e){if(De.length>0)throw new Error("Duplicate call to initRateLimits - already initialized");De=e;}async function A(e){let{bucket:t,type:o,value:r,message:n}=e,i=De.filter(a=>a.bucket===t&&a.type===o),s=n?()=>new d(n):void 0;for(let a of i)await tr(a,r,s);}async function tr(e,t,o){let r=()=>o?o():new d(`Rate limit exceeded for ${e.bucket}`),n=await se.findOne({bucket:e.bucket,type:e.type,value:t,windowMs:e.window}),i=Date.now(),s=Math.floor(i/e.window)*e.window,{count:a,modifier:c}=n?or(n,s,i):{count:0,modifier:{$setOnInsert:{windowStart:new Date(s),windowCount:1,prevWindowCount:0,expiresAt:new Date(s+e.window+e.window)}}};if(a>=e.limit)throw r();await se.upsertOne({bucket:e.bucket,type:e.type,value:t,windowMs:e.window},c);}function or(e,t,o){let r=t-e.windowMs;if(e.windowStart.getTime()===t){let n=e.windowCount,i=e.prevWindowCount,s=1-(o-t)/e.windowMs;return {count:Math.round(n+i*s),modifier:{$inc:{windowCount:1},$setOnInsert:{windowStart:new Date(t),prevWindowCount:0,expiresAt:new Date(t+e.windowMs+e.windowMs)}}}}if(e.windowStart.getTime()===r){let n=1-(o-t)/e.windowMs;return {count:Math.round(e.windowCount*n),modifier:{$set:{windowStart:new Date(t),windowCount:1,prevWindowCount:e.windowCount,expiresAt:new Date(t+e.windowMs+e.windowMs)}}}}return {count:0,modifier:{$set:{windowStart:new Date(t),windowCount:1,prevWindowCount:0,expiresAt:new Date(t+e.windowMs+e.windowMs)}}}}function Jt({name:e,email:t,verificationUrl:o}){return `
3
+ <p>Hi${e?` ${e}`:""},</p>
4
+ <p>Please verify your email address ${t} by clicking the link below:</p>
5
+ <p><a href="${o}">${o}</a></p>
6
+ <p>If you did not request this, please ignore this email.</p>
7
+ `}async function ir(e){let t=await q.findOne({token:e,expiresAt:{$gt:new Date}});if(!t)throw new Error("Invalid or expired verification token");if(!await o.findOne({_id:t.userId,status:{$nin:["deleted","disabled"]}}))throw new Error("User not found");let r=t.email;if(!r)throw new Error("Email not found in token");let n=await o.findOneAndUpdate({_id:t.userId,status:{$nin:["deleted","disabled"]},"emails.address":r,"emails.verified":{$ne:true}},{$set:{"emails.$.verified":true}},{returnDocument:"after"});if(!n)throw await o.findOne({_id:t.userId,"emails.address":r})?new Error("Email is already verified"):new Error("Email address not found for this user");return await q.deleteOne({_id:t._id}),{userDoc:n,email:r}}async function Kt(e){let t=a$2("_system.site.url"),o=b().verification?.redirectUrl||b().emailVerifiedRedirectUrl||t||"/";try{let r=z$1.string().parse(e.query.token),{userDoc:n}=await ir(r);E().onAfterEmailVerification?.({provider:"email",user:n,session:null,connectionInfo:{baseUrl:t,ip:e.req.ip||e.req.socket.remoteAddress,userAgent:e.headers["user-agent"],acceptLanguage:e.headers["accept-language"],referrer:e.headers.referer}});let{authToken:s}=await k$1(n._id);return l(e.res,s),{status:301,redirect:`${o}?status=verified`}}catch(r){let n=r instanceof Error?r.message:"An unexpected error occurred";return r instanceof Error&&(E().onEmailVerificationError?.({provider:"email",error:r,session:null,connectionInfo:{baseUrl:t,ip:e.req.ip||e.req.socket.remoteAddress,userAgent:e.headers["user-agent"],acceptLanguage:e.headers["accept-language"],referrer:e.headers.referer}}),console.error("Error verifying email:",r)),{status:301,redirect:`${o}?status=error&message=${encodeURIComponent(n)}`}}}async function He({userId:e,email:t,baseUrl:o}){let r=a$2("_system.site.url")||o;if(b().provider){let n=b().provider,i=randomBytes(32).toString("hex"),s=new Date(Date.now()+a$1.hours(24));await q.insertOne({userId:e,email:t,token:i,createdAt:new Date,expiresAt:s});let a=`${r}/api/_internal/auth/verify-email?token=${i}`,l=(b()?.verification?.template||Jt)({name:"",email:t,verificationUrl:a}),d=w$1(l);await n?.sendEmail({to:t,from:b()?.from||"noreply@modelence.com",subject:b()?.verification?.subject||"Verify your email address",text:d,html:l});}}var je={success:true,message:"If that email is registered and not yet verified, a verification email has been sent"};async function Qt(e,{connectionInfo:t}){let o$1=N(e.email),r=await o.findOne({"emails.address":o$1,status:{$nin:["deleted","disabled"]}},{collation:{locale:"en",strength:2}});if(!r)return je;let n=r.emails?.find(i=>i.address.toLowerCase()===o$1);if(!n||n.verified)return je;if(!b().provider)throw new Error("Email provider is not configured");return await A({bucket:"verification",type:"user",value:r._id.toString(),message:"Please wait at least 60 seconds before requesting another verification email"}),await He({userId:r._id,email:o$1,baseUrl:t?.baseUrl}),je}async function Yt(e,{user:t,session:o$1,connectionInfo:r}){let n=E();try{let i=e,{firstName:s,lastName:a,avatarUrl:c,handle:l}=i,d=N(i.email),m=we(i.password),f=r?.ip;if(f&&await A({bucket:"signupAttempt",type:"ip",value:f}),!n.allowDisposableEmails&&await Mt(d))throw new Error("Please use a permanent email address");let v=await o.findOne({"emails.address":d},{collation:{locale:"en",strength:2}});if(v){let de=v.emails?.find(_=>_.address.toLowerCase()===d);throw v.status==="disabled"?new Error("User is marked for deletion, please contact support if you want to restore the account."):new Error(`User with email already exists: ${de?.address}`)}await n.onBeforeSignup?.({email:d,firstName:s,lastName:a,handle:l,provider:"email",connectionInfo:r}),f&&await A({bucket:"signup",type:"ip",value:f});let y=he({firstName:s,lastName:a,avatarUrl:c,handle:l});await n.validateSignup?.({email:d,password:m,...y});let S;if(y.handle)S=await F(y.handle,d);else if(n.generateHandle){let de=await n.generateHandle({email:d,firstName:y.firstName,lastName:y.lastName});S=await F(de,d,{throwOnConflict:!1});}else S=await F(void 0,d);let X=await Xo.hash(m,10),Z=await o.insertOne({handle:S,status:"active",emails:[{address:d,verified:!1}],createdAt:new Date,authMethods:{password:{hash:X}},...y.firstName!==void 0&&{firstName:y.firstName},...y.lastName!==void 0&&{lastName:y.lastName},...y.avatarUrl!==void 0&&{avatarUrl:y.avatarUrl}}),I=await o.findOne({_id:Z.insertedId},{readPreference:"primary"});if(!I)throw new Error("User not found");return await He({userId:Z?.insertedId,email:d,baseUrl:r?.baseUrl}),n.onAfterSignup?.({provider:"email",user:I,session:o$1,connectionInfo:r}),n.signup?.onSuccess?.(I),Z.insertedId}catch(i){throw i instanceof Error&&(n.onSignupError?.({provider:"email",error:i,session:o$1,connectionInfo:r}),n.signup?.onError?.(i)),i}}function dr(e,t){return t?t.startsWith("http://")||t.startsWith("https://")?t:`${e}${t.startsWith("/")?"":"/"}${t}`:e}function ur({email:e,resetUrl:t}){return `
8
+ <p>Hi,</p>
9
+ <p>We received a request to reset your password for ${e}.</p>
10
+ <p>Click the link below to reset your password:</p>
11
+ <p><a href="${t}">${t}</a></p>
12
+ <p>This link will expire in 1 hour.</p>
13
+ <p>If you did not request this password reset, please ignore this email.</p>
14
+ `}var Fe={success:true,message:"If an account with that email exists, a password reset link has been sent"};async function Xt(e,{connectionInfo:t}){let o$1=N(e.email),r$1=t?.ip;r$1&&await A({bucket:"passwordReset",type:"ip",value:r$1}),await A({bucket:"passwordReset",type:"email",value:o$1});let n=await o.findOne({"emails.address":o$1,status:{$nin:["deleted","disabled"]}},{collation:{locale:"en",strength:2}});if(!n||!n.authMethods?.password)return Fe;let i=b().provider;if(!i)throw new Error("Email provider is not configured");let s=randomBytes(32).toString("hex"),a=Date.now(),c=new Date(a),l=new Date(a+a$1.hours(1));await r.insertOne({userId:n._id,email:o$1,token:s,createdAt:c,expiresAt:l});let d=a$2("_system.site.url")||t?.baseUrl,f=`${dr(d,b().passwordReset?.redirectUrl)}?token=${s}`,y=(b()?.passwordReset?.template||ur)({email:o$1,resetUrl:f,name:""}),S=w$1(y);return await i.sendEmail({to:o$1,from:b()?.from||"noreply@modelence.com",subject:b()?.passwordReset?.subject||"Reset your password",text:S,html:y}),Fe}async function Zt(e,{}){let t=z$1.string().parse(e.token),o$1=we(e.password),r$1=await r.findOne({token:t});if(!r$1)throw new Error("Invalid or expired reset token");if(r$1.expiresAt<new Date)throw await r.deleteOne({token:t}),new Error("Reset token has expired");let n=await o.findOne({_id:r$1.userId});if(!n)throw new Error("User not found");let i=await Xo.hash(o$1,10);return await o.updateOne({_id:n._id},{$set:{"authMethods.password.hash":i}}),r$1.email&&await o.updateOne({_id:n._id,"emails.address":r$1.email},{$set:{"emails.$.verified":true}}),await j$1(n._id),await r.deleteOne({token:t}),{success:true,message:"Password has been reset successfully"}}function eo(e){return `${e.bucket}
15
+ ${e.type}
16
+ ${e.window}`}function mr(){return [{bucket:"signup",type:"ip",window:a$1.minutes(15),limit:20},{bucket:"signup",type:"ip",window:a$1.days(1),limit:200},{bucket:"signupAttempt",type:"ip",window:a$1.minutes(15),limit:50},{bucket:"signupAttempt",type:"ip",window:a$1.days(1),limit:500},{bucket:"signin",type:"ip",window:a$1.minutes(15),limit:50},{bucket:"signin",type:"ip",window:a$1.days(1),limit:500},{bucket:"verification",type:"user",window:a$1.seconds(60),limit:1},{bucket:"verification",type:"user",window:a$1.days(1),limit:10},{bucket:"passwordReset",type:"ip",window:a$1.minutes(15),limit:10},{bucket:"passwordReset",type:"ip",window:a$1.days(1),limit:100},{bucket:"passwordReset",type:"email",window:a$1.hours(1),limit:5},{bucket:"passwordReset",type:"email",window:a$1.days(1),limit:10}]}function pr(e){let t=[],o=["signup","signupAttempt","signin","verification","passwordReset"];for(let r of o){let n=e[r];if(n!==void 0)for(let i of n)t.push({bucket:r,...i});}return t}function Ge(e={}){let t=mr(),o=pr(e),r=new Map;for(let s of o)r.set(eo(s),s);let n=[],i=new Set;for(let s of t){let a=eo(s),c=r.get(a);c!==void 0?(n.push(c),i.add(a)):n.push(s);}for(let[s,a]of r)i.has(s)||n.push(a);return n}var Ve=new a("_system.user",{stores:[o,p,q,r],queries:{getOwnProfile:Bt},mutations:{signupWithPassword:Yt,loginWithPassword:Gt,logout:Vt,resendEmailVerification:Qt,sendResetPasswordToken:Xt,resetPassword:Zt,updateProfile:zt,unlinkOAuthProvider:qt},cronJobs:{updateDisposableEmailList:Nt},rateLimits:Ge(),configSchema:{"auth.email.enabled":{type:"boolean",isPublic:true,default:true},"auth.email.from":{type:"string",isPublic:false,default:""},"auth.email.verification":{type:"boolean",isPublic:true,default:true},"auth.google.enabled":{type:"boolean",isPublic:true,default:false},"auth.google.clientId":{type:"string",isPublic:false,default:""},"auth.google.clientSecret":{type:"secret",isPublic:false,default:""},"auth.github.enabled":{type:"boolean",isPublic:true,default:false},"auth.github.clientId":{type:"string",isPublic:false,default:""},"auth.github.clientSecret":{type:"secret",isPublic:false,default:""}},routes:[{path:"/api/_internal/auth/verify-email",handlers:{get:Kt}}]});var fr={withoutRemoteServer:{MONGODB_URI:"_system.mongodbUri",MONGODB_POOL_SIZE:"_system.mongodbPoolSize",MODELENCE_AUTH_GOOGLE_ENABLED:"_system.user.auth.google.enabled",MODELENCE_AUTH_GOOGLE_CLIENT_ID:"_system.user.auth.google.clientId",MODELENCE_AUTH_GOOGLE_CLIENT_SECRET:"_system.user.auth.google.clientSecret",MODELENCE_AUTH_GITHUB_ENABLED:"_system.user.auth.github.enabled",MODELENCE_AUTH_GITHUB_CLIENT_ID:"_system.user.auth.github.clientId",MODELENCE_AUTH_GITHUB_CLIENT_SECRET:"_system.user.auth.github.clientSecret",MODELENCE_AUTH_GITHUB_CLIENT_SCOPES:"_system.user.auth.github.scopes",MODELENCE_EMAIL_RESEND_API_KEY:"_system.email.resend.apiKey",MODELENCE_EMAIL_AWS_SES_REGION:"_system.email.awsSes.region",MODELENCE_EMAIL_AWS_SES_ACCESS_KEY_ID:"_system.email.awsSes.accessKeyId",MODELENCE_EMAIL_AWS_SES_SECRET_ACCESS_KEY:"_system.email.awsSes.secretAccessKey",MODELENCE_EMAIL_SMTP_HOST:"_system.email.smtp.host",MODELENCE_EMAIL_SMTP_PORT:"_system.email.smtp.port",MODELENCE_EMAIL_SMTP_USER:"_system.email.smtp.user",MODELENCE_EMAIL_SMTP_PASS:"_system.email.smtp.pass",MODELENCE_SITE_URL:"_system.site.url",MODELENCE_ENV_TYPE:"_system.env.type",MODELENCE_MULTI_INSTANCE:"_system.multiInstance",MODELENCE_ENV:"_system.env",GOOGLE_AUTH_ENABLED:"_system.user.auth.google.enabled",GOOGLE_AUTH_CLIENT_ID:"_system.user.auth.google.clientId",GOOGLE_AUTH_CLIENT_SECRET:"_system.user.auth.google.clientSecret"},withRemoteServer:{MODELENCE_SITE_URL:"_system.site.url"}};function gr(e,t){if(t==="number"){let o=Number(e);if(isNaN(o))throw new Error(`Invalid number value for config: ${e}`);return o}if(t==="boolean"){if(e.toLowerCase()==="true")return true;if(e.toLowerCase()==="false")return false;throw new Error(`Invalid boolean value for config: ${e}`)}return e}function hr(e,t){let o=[];for(let[r,n]of Object.entries(e)){let i=process.env[r],s=t[n];if(i){let a=s?.type??"string";o.push({key:n,type:a,value:gr(i,a)});}}return o}function be(e,t="withoutRemoteServer"){let o=fr[t];return hr(o,e)}async function to({configSchema:e,cronJobsMetadata:t,stores:o,roles:r}){let n=process.env.MODELENCE_CONTAINER_ID;if(!n)throw new Error("Unable to connect to Modelence Cloud: MODELENCE_CONTAINER_ID is not set");try{let i=(o??[]).map(a=>({name:a.getName(),schema:a.getSerializedSchema(),collections:[a.getName()],version:2,indexes:a.getIndexes(),searchIndexes:a.getSearchIndexes(),indexCreationMode:a.getIndexCreationMode()})),s=await R("/api/connect","POST",{hostname:wr.hostname(),containerId:n,dataModels:i,configSchema:e,cronJobsMetadata:t,roles:r});if(s.status==="error")throw new Error(s.error);return console.log("Successfully connected to Modelence Cloud"),s}catch(i){throw console.error("Unable to connect to Modelence Cloud:",i),i}}async function oo(){return R("/api/configs","GET")}async function ro(){return await R("/api/sync","POST",{containerId:process.env.MODELENCE_CONTAINER_ID})}async function R(e,t,o){let{MODELENCE_SERVICE_ENDPOINT:r,MODELENCE_SERVICE_TOKEN:n}=process.env;if(!r)throw new Error("Unable to connect to Modelence Cloud: MODELENCE_SERVICE_ENDPOINT is not set");let i=await fetch(`${r}${e}`,{method:t,headers:{Authorization:`Bearer ${n}`,...o?{"Content-Type":"application/json"}:{}},body:o?JSON.stringify(o):void 0});if(!i.ok){let s=await i.text(),a,c=s;try{a=JSON.parse(s);let d=a.error;if(typeof d=="string")c=d;else if(d&&typeof d=="object"){let m=d.message;typeof m=="string"&&(c=m);}}catch{}let l=new Error(`Unable to connect to Modelence Cloud: HTTP status: ${i.status}, ${c}`);throw a!==void 0&&(l.responseBody=a),l.status=i.status,l}if(!(i.status===204||i.headers?.get("content-length")==="0"))return await i.json()}var Be=false,yr=a$1.seconds(10);function no(){setInterval(async()=>{if(!Be){Be=true;try{await ro();}catch(e){console.error("Error syncing status",e);}try{await br();}catch(e){console.error("Error syncing config",e);}Be=false;}},yr);}function ze(e){c$1(e),c$1(be(d$2(),"withRemoteServer"));}async function br(){let{configs:e}=await oo();ze(e);}var G=new b$1("_modelenceLocks",{schema:{_id:c.string(),instanceId:c.string(),acquiredAt:c.date(),resource:c.string()},indexes:[{key:{resource:1},unique:true},{key:{resource:1,instanceId:1}},{key:{resource:1,acquiredAt:1}}],indexCreationMode:"blocking"});var V={},io=a$1.seconds(10),lo=randomBytes(32).toString("base64url"),Cr=a$1.seconds(30),J=new Map,qe=e=>e instanceof MongoError&&e.code===11e3,so=(e,t)=>typeof e.keyPattern=="object"&&e.keyPattern!==null&&Object.prototype.hasOwnProperty.call(e.keyPattern,t),Sr=async({error:e,resource:t})=>{if(so(e,"resource"))return true;if(so(e,"_id"))return false;let o=await G.findOne({resource:t});return !!o&&o._id!==t},ao=async({resource:e,staleThresholdDate:t,instanceId:o})=>{let r=await G.upsertOne({_id:e,$or:[{instanceId:o},{acquiredAt:{$lt:t}}]},{$set:{resource:e,instanceId:o,acquiredAt:new Date},$setOnInsert:{_id:e}});return r.upsertedCount>0||r.modifiedCount>0},uo=async({resource:e,instanceId:t,staleThresholdDate:o})=>{let r=o?{resource:e,_id:{$ne:e},$or:[{instanceId:t},{acquiredAt:{$lt:o}}]}:{resource:e,instanceId:t};return (await G.deleteOne(r)).deletedCount>0},kr=e=>{let t=e,o=J.get(t);o&&(o.stopRequested=true,o.timer&&(clearTimeout(o.timer),o.timer=null),J.delete(t));},co=({resource:e,lockDuration:t,instanceId:o})=>{let r=Math.floor(t/3),n=e,i=J.get(n);if(i&&!i.stopRequested&&i.heartbeatInterval===r&&i.lockDuration===t)return;i&&(i.stopRequested=true,i.timer&&(clearTimeout(i.timer),i.timer=null),J.delete(n));let s={timer:null,stopRequested:false,lockDuration:t,heartbeatInterval:r},a=()=>{s.timer=setTimeout(()=>{B(e,{lockDuration:t,bypassCache:true,instanceId:o}).then(c=>{c||(s.stopRequested=true,i$1(`Lost lock while refreshing heartbeat: ${e}`,{source:"lock",resource:e,instanceId:o}));}).finally(()=>{if(s.stopRequested){J.delete(n);return}a();});},r);};J.set(n,s),a();};async function B(e,{lockDuration:t=Cr,successfulLockCacheDuration:o=io,failedLockCacheDuration:r=io,heartbeat:n,bypassCache:i,instanceId:s=lo}={}){let a=Date.now();if(!i&&V[e]&&a<V[e].expiresAt)return V[e].value&&n&&co({resource:e,lockDuration:t,instanceId:s}),V[e].value;let c=new Date(a-t);i$1(`Attempting to acquire lock: ${e}`,{source:"lock",resource:e,instanceId:s});try{let l=await Ar({resource:e,staleThresholdDate:c,instanceId:s});return V[e]={value:l,expiresAt:a+(l?o:r)},l?(n&&co({resource:e,lockDuration:t,instanceId:s}),i$1(`Lock acquired: ${e}`,{source:"lock",resource:e,instanceId:s})):i$1(`Failed to acquire lock (already held): ${e}`,{source:"lock",resource:e,instanceId:s}),l}catch{return V[e]={value:false,expiresAt:a+r},i$1(`Failed to acquire lock (already held): ${e}`,{source:"lock",resource:e,instanceId:s}),false}}var Ar=async({resource:e,staleThresholdDate:t,instanceId:o})=>{try{return await ao({resource:e,staleThresholdDate:t,instanceId:o})}catch(r){if(qe(r)&&await Sr({error:r,resource:e})){if(!await uo({resource:e,staleThresholdDate:t,instanceId:o}))return false;try{return await ao({resource:e,staleThresholdDate:t,instanceId:o})}catch(i){if(qe(i))return false;throw i}}if(qe(r))return false;throw r}};async function ae(e,{instanceId:t=lo}={}){kr(e);try{let o=await G.deleteOne({_id:e,instanceId:t});return o.deletedCount===0?await uo({resource:e,instanceId:t}):o.deletedCount>0}catch{return false}finally{delete V[e];}}var z={},We=null,Je=new b$1("_modelenceCronJobs",{schema:{alias:c.string(),lastStartDate:c.date().optional()},indexes:[{key:{alias:1},unique:true,background:true}]});function po(e,{description:t="",interval:o,timeout:r=Math.min(Math.max(o,a$1.minutes(1)),a$1.days(1)),handler:n}){if(z[e])throw new Error(`Duplicate cron job declaration: '${e}' already exists`);if(We)throw new Error(`Unable to add a cron job - cron jobs have already been initialized: [${e}]`);if(o<a$1.seconds(5))throw new Error(`Cron job interval should not be less than 5 second [${e}]`);if(r>a$1.days(1))throw new Error(`Cron job timeout should not be longer than 1 day [${e}]`);z[e]={alias:e,params:{description:t,interval:o,timeout:r},handler:n,state:{isRunning:false}};}async function fo(){if(We)throw new Error("Cron jobs already started");let e=Object.keys(z);if(e.length>0){let t={alias:{$in:e}},o=await Je.fetch(t),r=Date.now();o.forEach(n=>{let i=z[n.alias];i&&(i.state.scheduledRunTs=n.lastStartDate?n.lastStartDate.getTime()+i.params.interval:r);}),Object.values(z).forEach(n=>{n.state.scheduledRunTs||(n.state.scheduledRunTs=r);}),We=setInterval(Rr,a$1.seconds(1));}}async function Rr(){let e=Date.now();await B("cron",{successfulLockCacheDuration:a$1.seconds(10),failedLockCacheDuration:a$1.seconds(30)})&&Object.values(z).forEach(async o=>{let{params:r,state:n}=o;if(n.isRunning){n.startTs&&n.startTs+r.timeout<e&&(n.isRunning=false);return}n.scheduledRunTs&&n.scheduledRunTs<=e&&await xr(o);});}async function xr(e){let{alias:t,params:o,handler:r,state:n}=e;n.isRunning=true,n.startTs=Date.now(),await Je.updateOne({alias:t},{$set:{lastStartDate:new Date(n.startTs)}});let i=l$1("cron",`cron:${t}`);try{await r(),mo(n,o),i.end("success");}catch(s){mo(n,o);let a=s instanceof Error?s:new Error(String(s));m$1(a),i.end("error"),console.error(`Error in cron job '${t}':`,s);}}function mo(e,t){e.scheduledRunTs=e.startTs?e.startTs+t.interval:Date.now(),e.startTs=void 0,e.isRunning=false;}function go(){return Object.values(z).map(({alias:e,params:t})=>({alias:e,description:t.description,interval:t.interval,timeout:t.timeout}))}var ho=new a("_system.cron",{stores:[Je]});function wo(e){let t=[...new Set(e)],o=new Map;for(let i of t){let s=i.getChainRoot();o.set(s,s.getChainTail());}let r=[...new Set(o.values())],n=new Map;for(let[i,s]of o){let a=s.getName(),c=n.get(a);if(c!==void 0&&c!==i)throw new Error(`Store collision: multiple unrelated stores use collection name '${a}'. Use .extend() to create a single extension chain instead of independent stores.`);n.set(a,i);}return {storesToInit:t,effectiveStores:r}}var Ke=new a("_system.lock",{stores:[G]});var ce=new b$1("_modelenceMigrations",{schema:{version:c.number(),status:c.enum(["completed","failed"]),description:c.string().optional(),output:c.string().optional(),appliedAt:c.date()},indexes:[{key:{version:1},unique:true},{key:{version:1,status:1}}]});async function Qe(e,{lockMode:t="acquire"}={}){if(e.length!==0){if(t==="acquire"&&!await B("migrations")){j$2("Another instance is running migrations. Skipping migration run.",{source:"migrations"});return}try{let o=e.map(({version:s})=>s),r=await ce.fetch({version:{$in:o}}),n=new Set(r.map(({version:s})=>s)),i=e.filter(({version:s})=>!n.has(s));if(i.length===0)return;j$2(`Running migrations (${i.length})...`,{source:"migrations"});for(let{version:s,description:a,handler:c}of i){j$2(`Running migration v${s}: ${a}`,{source:"migrations"});try{let d=(await c()||"").toString().trim(),m=15*1024*1024,f=d.length>m?d.slice(0,m)+`
17
+ [Output truncated - exceeded size limit]`:d;await ce.upsertOne({version:s},{$set:{version:s,status:"completed",description:a,output:f,appliedAt:new Date}}),j$2(`Migration v${s} complete`,{source:"migrations"});}catch(l){l instanceof Error&&(await ce.upsertOne({version:s},{$set:{version:s,status:"failed",description:a,output:l.message||"",appliedAt:new Date}}),j$2(`Migration v${s} is failed: ${l.message}`,{source:"migrations"}));}}}finally{t==="acquire"&&await ae("migrations");}}}function yo(e){setTimeout(()=>{Qe(e).catch(t=>{console.error("Error running migrations:",t);});},0);}var bo=new a("_system.migration",{stores:[ce]});var Eo=new a("_system.rateLimit",{stores:[se]});async function vo({filePath:e,contentType:t,visibility:o}){return await R("/api/files/upload","POST",{filePath:e,contentType:t,visibility:o})}async function Co(e){await R("/api/files/delete","POST",{filePath:e});}async function So(e){return await R("/api/files/download","POST",{filePath:e})}async function ko(e){return await R("/api/files/url","POST",{filePath:e})}var Ao=new a("_system.files",{queries:{async downloadFile({filePath:e}){return So(e)},async getFileUrl({filePath:e}){return ko(e)}},mutations:{async getUploadUrl({filePath:e,contentType:t,visibility:o}){return vo({filePath:e,contentType:t,visibility:o})},async deleteFile({filePath:e}){return Co(e)}}});function Ye(e){return e.replace(/[<>&\u2028\u2029]/g,t=>`\\u${t.charCodeAt(0).toString(16).padStart(4,"0")}`)}var le="./.modelence/build/client".replace(/\\/g,"/"),xo="./.modelence/build/ssr".replace(/\\/g,"/"),Oo="/index.tsx",Nr=/(<div\b[^>]*\bid\s*=\s*["']root["'][^>]*>)\s*<\/div>/i,Ur="</head>",Xe=class{constructor(){this.ssrEnabled=false;this.ssrTransportInstalled=false;this.prodEntryLoaded=false;}enableSsr(){this.ssrEnabled=true;}async init({httpServer:t}){if(this.config=await Fr(this.isDev()?t:void 0,{ssr:this.ssrEnabled}),this.isDev())console.log("Starting Vite dev server..."),this.viteServer=await createServer(this.config);else if(this.ssrEnabled){let o=q$1.resolve(process.cwd(),xo,"index.mjs");if(!Ee.existsSync(o))throw new Error(`Modelence: SSR is enabled (startApp({ ssr: true })) but the SSR bundle is missing at ${o}.
18
+
19
+ This usually means \`postBuildCommand\` is set in modelence.config.ts, which replaces the default Vite client build (and the SSR build along with it). Either:
20
+ \u2022 remove \`postBuildCommand\` so Modelence builds the SSR bundle, or
21
+ \u2022 remove \`ssr: true\` from startApp() if your custom toolchain handles SSR itself.`)}if(this.ssrEnabled&&!this.ssrTransportInstalled){let{installSsrCallMethodTransport:o}=await import('./transport-W6JIYZKZ.js');o(),this.ssrTransportInstalled=true;}}middlewares(){if(this.isDev())return this.viteServer?.middlewares??[];let t=this.ssrEnabled?{index:false}:void 0,o=[T.static(le,t)];return this.config?.publicDir&&o.push(T.static(this.config.publicDir,t)),o}async handler(t,o){if(this.ssrEnabled&&Tr(t)){if(t.method==="HEAD"){o.setHeader("Content-Type","text/html; charset=utf-8"),o.setHeader("Cache-Control","no-store"),o.status(200).end();return}try{await this.handleSsr(t,o);}catch(r){if(this.isDev()&&this.viteServer&&r instanceof Error&&this.viteServer.ssrFixStacktrace(r),console.error("SSR render error:",{url:t.originalUrl,method:t.method,userAgent:t.get("user-agent"),error:r}),o.headersSent){o.end();return}this.serveStaticShell(o);}return}if(this.ssrEnabled){o.status(404).end();return}this.serveStaticShell(o);}async handleSsr(t,o){let r=await this.getTemplate(t.originalUrl),n=await this.captureSsrSnapshot();if(!n)throw new Error("Modelence SSR is enabled but no SSR snapshot was captured. Make sure 'src/client/index.tsx' calls renderApp(...) from 'modelence/client'.");let[{renderSsrTreeStream:i},{getCallContext:s},a]=await Promise.all([import('./render-STDR67WK.js'),import('./server-KXQSHJIH.js'),import('./collectCss-4YETFI7P.js')]),c=await s(t,o),l=this.collectCssAssets(a);Dr(o,a.buildEarlyHintsLink(l));let{sessionState:d,pipe:m,getQueryState:f}=await i({callContext:c,loadingElement:n.loadingElement,routesElement:n.routesElement,router:n.router,location:t.originalUrl}),{prelude:v,rootOpenTag:y,epilogue:S}=Ir(r),X=$r(v,a.renderStylesheetLinks(l));o.setHeader("Content-Type","text/html; charset=utf-8"),o.setHeader("Cache-Control","no-store"),o.status(200),o.write(X),o.write(`<script id="__MODELENCE_STATE__" type="application/json">${Ye(d)}</script>`),o.write(y),await m(o),o.write("</div>"),o.write(`<script id="__MODELENCE_QUERY_STATE__" type="application/json">${Ye(f())}</script>`),o.end(S);}collectCssAssets(t){return this.isDev()?this.viteServer?t.collectDevCssAssets(this.viteServer,Oo):{hrefs:[],source:"dev"}:(this.prodCssAssetsCache||(this.prodCssAssetsCache=t.loadProdCssAssets(le)),this.prodCssAssetsCache)}async getTemplate(t){if(this.isDev()){let o=q$1.resolve(process.cwd(),"src/client/index.html"),r=Ee.readFileSync(o,"utf-8");return this.viteServer&&(r=await this.viteServer.transformIndexHtml(t,r)),r}if(!this.prodTemplateCache){let o=q$1.resolve(process.cwd(),le,"index.html");this.prodTemplateCache=Ee.readFileSync(o,"utf-8");}return this.prodTemplateCache}async captureSsrSnapshot(){let{_getSsrSnapshot:t}=await import('./renderApp-ZDNATNY6.js');if(this.isDev()){if(!this.viteServer)throw new Error("Vite dev server not initialized");return await this.viteServer.ssrLoadModule(Oo),t()}return this.prodEntryLoaded||(await import(q$1.resolve(process.cwd(),xo,"index.mjs")),this.prodEntryLoaded=true),t()}serveStaticShell(t){if(this.isDev())try{t.setHeader("Cache-Control","no-store"),t.sendFile("index.html",{root:"./src/client"});}catch(o){console.error("Error serving index.html:",o),t.status(500).send("Internal Server Error");}else t.sendFile("index.html",{root:le});}isDev(){return process.env.NODE_ENV!=="production"}};function Tr(e){if(e.method!=="GET"&&e.method!=="HEAD")return false;let t=e.get("accept")??"";if(t&&!t.includes("text/html")&&!t.includes("*/*"))return false;let o=(e.path??e.url??"").split("?")[0];if(o.startsWith("/api/"))return false;let r=o.split("/").pop()??"",n=r.lastIndexOf(".");if(n>0){let i=r.slice(n).toLowerCase();if(i!==".html"&&i!==".htm")return false}return true}function Ir(e){let t=e.match(Nr);if(!t||t.index===void 0)throw new Error('SSR template is missing the expected `<div id="root"></div>` placeholder.');let o=e.slice(0,t.index),r=e.slice(t.index+t[0].length);return {prelude:o,rootOpenTag:t[1],epilogue:r}}function $r(e,t){if(!t)return e;let o=e.lastIndexOf(Ur);return o===-1?t+e:e.slice(0,o)+t+e.slice(o)}function Dr(e,t){if(t.length===0)return;let o=e;if(typeof o.writeEarlyHints=="function")try{o.writeEarlyHints({link:t});}catch(r){process.env.NODE_ENV!=="production"&&console.warn("Modelence SSR: writeEarlyHints failed",r);}}async function jr(){let e=process.cwd();try{return (await loadConfigFromFile({command:"serve",mode:"development"},void 0,e))?.config||{}}catch(t){return console.warn("Could not load vite config:",t),{}}}function Hr(e,t){let o=mergeConfig(e,t);if(o.plugins&&Array.isArray(o.plugins)){let r=new Set;o.plugins=o.plugins.flat().filter(n=>{if(!n||typeof n!="object"||Array.isArray(n))return true;let i=n.name;return !i||r.has(i)?false:(r.add(i),true)}).reverse(),o.plugins.reverse();}return o}async function Fr(e,t={}){let o=process.cwd(),r=await jr(),n=[".eslintrc.js",".eslintrc.json",".eslintrc","eslint.config.js",".eslintrc.yml",".eslintrc.yaml"].find(a=>Ee.existsSync(q$1.join(o,a))),i=[Mr(),Gr()];if(n){let a=(await import('vite-plugin-eslint')).default;i.push(a({failOnError:false,include:["src/**/*.js","src/**/*.jsx","src/**/*.ts","src/**/*.tsx"],cwd:o,overrideConfigFile:q$1.resolve(o,n)}));}let s=defineConfig({plugins:i,build:{outDir:le,emptyOutDir:true},server:{middlewareMode:true,hmr:e?{server:e}:void 0},appType:t.ssr?"custom":"spa",root:"./src/client",resolve:{alias:{"@":q$1.resolve(o,"src").replace(/\\/g,"/")}}});return Hr(s,r)}function Gr(){return {name:"modelence-asset-handler",async transform(e,t){if(/\.(png|jpe?g|gif|svg|mpwebm|ogg|mp3|wav|flac|aac)$/.test(t))return process.env.NODE_ENV==="development",e}}}var ve=new Xe;function Vr(e){return e?e.match(/^\s*"?([^"<]+?)"?\s*<[^>]+>\s*$/)?.[1]?.trim():void 0}function Br(e){if(e)return Array.isArray(e)?e:[e]}function zr(e){return {to:Array.isArray(e.to)?e.to:[e.to],subject:e.subject,html:e.html,text:e.text,fromName:Vr(e.from),replyTo:Br(e.replyTo)}}function qr(e){if(!(e instanceof Error))return new Error("Managed email send failed");let t=e.responseBody,o=t?.error?.code,r=t?.error?.message;return o&&r?new Error(`Managed email rejected (${o}): ${r}`):e}var _o={async sendEmail(e){if(e.cc||e.bcc||e.attachments||e.headers)throw new Error("Modelence managed email does not support cc, bcc, attachments, or custom headers in v1. Configure your own provider (Resend, SES, SMTP) to use these features. See https://docs.modelence.com/email/managed.");try{await R("/api/email/send","POST",zr(e));}catch(t){throw qr(t)}}};var Ze=Object.freeze({});function Po(e){Ze=Object.freeze(Object.assign({},Ze,e));}function Lo(){return Ze}var et=Object.freeze({});function Mo(e){et=Object.freeze(Object.assign({},et,e));}function Ce(){return et}async function Qr({modules:e$1=[],roles:t={},defaultRoles:o={},server:r=ve,migrations:n$1=[],email:i={},auth:s$1={},security:a={},websocket:c={},ssr:l=false}){l&&r===ve&&ve.enableSsr(),No.config(),No.config({path:".modelence.env"});let d=!!process.env.MODELENCE_SERVICE_ENDPOINT;cn().then(()=>{}).catch(()=>{});for(let _ of e$1)if(_.name.toLowerCase().startsWith("_system."))throw new Error(`Invalid module name: '${_.name}'
22
+
23
+ The '_system.' prefix is reserved for internal use and cannot be used in user-defined modules.
24
+
25
+ Rename your module to something that does not start with '_system.'`);let m=[Ve,n,ho,bo,Eo,re,Ke,Ao],f$1=[...m,...e$1];f(),Xr(m),Yr(e$1),s(t,o);let v=nn(f$1);e(v);let y=Zr(f$1),S=en(f$1);sn(f$1),Ve.rateLimits=Ge(s$1.rateLimits);let X=tn(f$1);Wt(X);let{storesToInit:Z,effectiveStores:I}=wo(y);if(d){let{configs:_,environmentId:Ho,appAlias:Fo,environmentAlias:Go,telemetry:Vo}=await to({configSchema:v,cronJobsMetadata:go(),stores:I,roles:t});ze(_),g({environmentId:Ho,appAlias:Fo,environmentAlias:Go,telemetry:Vo});}else c$1(be(v));if(d&&!i.provider?Te({...i,provider:_o}):Te(i),Ht(s$1),Po(a),Mo({...c,provider:c.provider||Lt}),j()){await _t();let _=[...new Set([...Z,...I])];an(_),await rn(I,n$1);}else yo(n$1);d&&(await h$1(),no()),fo().catch(console.error),await Uo(r,{combinedModules:f$1,channels:S});}function Yr(e){for(let t of e){for(let[o,r]of Object.entries(t.queries))x(`${t.name}.${o}`,r);for(let[o,r]of Object.entries(t.mutations))y(`${t.name}.${o}`,r);}}function Xr(e){for(let t of e){for(let[o,r]of Object.entries(t.queries))z$2(`${t.name}.${o}`,r);for(let[o,r]of Object.entries(t.mutations))A$1(`${t.name}.${o}`,r);}}function Zr(e){return e.flatMap(t=>t.stores)}function en(e){return e.flatMap(t=>t.channels)}function tn(e){return e.flatMap(t=>t.rateLimits)}function on(e,t){console.warn(`Failed to create indexes for store '${e}'. Continuing startup.`,t);}var tt="migrations";async function rn(e,t){if(!await B(tt,{lockDuration:a$1.seconds(30),heartbeat:true}))return;let r,n;try{r=e.filter(a=>a.getIndexCreationMode()==="blocking"),n=e.filter(a=>a.getIndexCreationMode()==="background");for(let a of r)await ot(a,"full");for(let a of n)await ot(a,"drop-only");}catch(a){throw await ae(tt),a}let i=(async()=>{for(let a of n)await ot(a,"create-only");})(),s=Qe(t,{lockMode:"skip"});Promise.allSettled([i,s]).then(([a,c])=>{a.status==="rejected"&&console.error("Error creating background indexes:",a.reason),c.status==="rejected"&&console.error("Error running migrations:",c.reason);}).finally(async()=>{await ae(tt);});}async function ot(e,t="full"){let o=e.getName();try{await e.createIndexes(t);}catch(r){on(o,r);}}function nn(e){let t={};for(let o of e)for(let[r,n]of Object.entries(o.configSchema)){let i=`${o.name}.${r}`;if(i in t)throw new Error(`Duplicate config schema key: ${i} (${o.name})`);t[i]=n;}return t}function sn(e){for(let t of e)for(let[o,r]of Object.entries(t.cronJobs))po(`${t.name}.${o}`,r);}function an(e){let t=fe();if(!t)throw new Error("Failed to initialize stores: MongoDB client not initialized");for(let o of e)o.init(t);}async function cn(){if(process.env.MODELENCE_TRACKING_ENABLED!=="false"){let t=process.env.MODELENCE_SERVICE_ENDPOINT??"https://cloud.modelence.com",o=process.env.MODELENCE_ENVIRONMENT_ID,r=await ln(),n=await import('./package-KMCDUMYP.js');await fetch(`${t}/api/track/app-start`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({projectName:r.name,version:n.default.version,localHostname:wr.hostname(),environmentId:o})});}}async function ln(){try{let e=q$1.join(process.cwd(),"package.json"),t=await Wr.readFile(e,"utf-8");return {name:JSON.parse(t).name||"unknown"}}catch{return {name:"unknown"}}}async function To(e){await q.deleteMany({userId:e}),await r.deleteMany({userId:e});}async function un(e){await To(e),await o.updateOne(e,{$set:{status:"disabled",disabledAt:new Date}});}async function mn(e){await To(e),await o.updateOne({_id:e},{$set:{handle:`deleted-${e}-${randomUUID()}`,status:"deleted",deletedAt:new Date,authMethods:{},emails:[]}});}var rt=class{constructor(t,o){this.category=t,this.canAccessChannel=o||null;}broadcast(t,o){let r=Ce().provider;if(!r){k$2("Websockets provider should be added to startApp",{});return}r.broadcast({category:this.category,id:t,data:o});}};function pn(e){if(!b().provider)throw new Error("Email provider is not configured, see https://docs.modelence.com/email for more details.");return b().provider?.sendEmail(e)}async function Se(e){return !e||typeof e!="string"?null:e$1(e)}function w(e,t,o){let r=E(),n=e.status(t);if(r.errorComponent)try{let i=r.errorComponent({error:o,statusCode:t});if(i)return n.send(i)}catch(i){console.error("Unhandled error in authConfig.errorComponent:",i);}return n.json({error:o})}async function nt(e,t){let{authToken:o}=await k$1(t);l(e,o),e.status(302),e.redirect("/");}async function gn(e,t,o$1,r,n){let i=E();try{if(o$1.status==="disabled"||o$1.status==="deleted"){w(e,400,"User account is not active.");return}let s={};o$1.firstName===void 0&&t.firstName&&(s.firstName=t.firstName),o$1.lastName===void 0&&t.lastName&&(s.lastName=t.lastName),o$1.avatarUrl===void 0&&t.avatarUrl&&(s.avatarUrl=t.avatarUrl);let a=o$1;Object.keys(s).length>0&&(await o.updateOne({_id:o$1._id},{$set:s}),a={...o$1,...s}),await nt(e,o$1._id),i.onAfterLogin?.({provider:t.providerName,user:a,session:r,connectionInfo:n}),i.login?.onSuccess?.(a);}catch(s){throw s instanceof Error&&(i.login?.onError?.(s),i.onLoginError?.({provider:t.providerName,error:s,session:r,connectionInfo:n})),s}}async function hn(e,t,o$1,r,n){let i=E();if((i.oauthAccountLinking??"manual")==="auto"&&t.emailVerified){if(o$1.status==="disabled"||o$1.status==="deleted"){w(e,400,"User account is not active.");return}if(!o$1.emails?.find(c=>c.address.toLowerCase()===t.email.toLowerCase())?.verified){w(e,400,"User with this email already exists. Please log in instead.");return}try{let c={...o$1.firstName===void 0&&t.firstName&&{firstName:t.firstName},...o$1.lastName===void 0&&t.lastName&&{lastName:t.lastName},...o$1.avatarUrl===void 0&&t.avatarUrl&&{avatarUrl:t.avatarUrl}};if(!((await o.updateOne({_id:o$1._id,status:{$nin:["deleted","disabled"]},$or:[{[`authMethods.${t.providerName}.id`]:{$exists:!1}},{[`authMethods.${t.providerName}.id`]:t.id}]},{$set:{[`authMethods.${t.providerName}.id`]:t.id,...c}})).matchedCount>0)){w(e,400,"User with this email already exists. Please log in instead.");return}await nt(e,o$1._id);let m={...o$1,...c,authMethods:{...o$1.authMethods,[t.providerName]:{id:t.id}}};i.onAfterLogin?.({provider:t.providerName,user:m,session:r,connectionInfo:n}),i.login?.onSuccess?.(m);return}catch(c){throw c instanceof Error&&(i.login?.onError?.(c),i.onLoginError?.({provider:t.providerName,error:c,session:r,connectionInfo:n})),c}}w(e,400,"User with this email already exists. Please log in instead.");}async function wn(e,t,o$1,r){let n=E();try{let i;if(n.generateHandle){let l=await n.generateHandle({email:t.email,firstName:t.firstName,lastName:t.lastName});i=await F(l,t.email,{throwOnConflict:!1});}else i=await F(void 0,t.email);let s={handle:i,status:"active",emails:[{address:t.email,verified:t.emailVerified}],createdAt:new Date,authMethods:{[t.providerName]:{id:t.id}},...t.firstName!==void 0&&{firstName:t.firstName},...t.lastName!==void 0&&{lastName:t.lastName},...t.avatarUrl!==void 0&&{avatarUrl:t.avatarUrl}},a=await o.insertOne(s);await nt(e,a.insertedId);let c=await o.findOne({_id:a.insertedId},{readPreference:"primary"});c&&(n.onAfterSignup?.({provider:t.providerName,user:c,session:o$1,connectionInfo:r}),n.signup?.onSuccess?.(c));}catch(i){throw i instanceof Error&&(n.onSignupError?.({provider:t.providerName,error:i,session:o$1,connectionInfo:r}),n.signup?.onError?.(i)),i}}function Q(e){return `${a$2("_system.site.url")}/api/_internal/auth/${e}/callback`}async function ke(e,t,o$1){let r=await o.findOne({[`authMethods.${o$1.providerName}.id`]:o$1.id}),{session:n,connectionInfo:i}=await Y(e,t);if(r)return gn(t,o$1,r,n,i);if(!o$1.email){w(t,400,`Email address is required for ${o$1.providerName} authentication.`);return}let s;try{s=await o.findOne({"emails.address":o$1.email,status:{$ne:"deleted"}},{collation:{locale:"en",strength:2}});}catch(a){if(a instanceof Error){let c=E();c.onSignupError?.({provider:o$1.providerName,error:a,session:n,connectionInfo:i}),c.signup?.onError?.(a);}throw a}return s?hn(t,o$1,s,n,i):wn(t,o$1,n,i)}function k(e){e.cookie("oauthLinkToken","",{httpOnly:true,maxAge:0,path:"/api/_internal/auth/",sameSite:"lax",secure:process.env.NODE_ENV==="production"});}function K(e){if(e)try{e();}catch(t){console.error("Error executing OAuth hook:",t);}}function Ae(e,t,o){let r=e.query.state,n=e.cookies[o],[i,s,a]=(n||"").split(":");return !r||!n||r!==i?(w(t,400,"Invalid OAuth state - possible CSRF attack"),null):(t.clearCookie(o),{mode:s||"login",...a?{linkedUserId:a}:{}})}async function Re(e,t,o$1,r){let n=E(),{session:i,connectionInfo:s}=await Y(e,t),a=null;if(r){if(!ObjectId.isValid(r)){k(t),w(t,400,"Invalid OAuth linking state.");return}a=new ObjectId(r);}else a=i?.userId??null;if(!a){k(t),w(t,401,"You must be signed in to link a provider.");return}let c=a;try{let l=`authMethods.${o$1.providerName}.id`;if((await o.updateOne({_id:c,status:{$nin:["deleted","disabled"]},$or:[{[l]:{$exists:!1}},{[l]:o$1.id}]},{$set:{[l]:o$1.id}})).matchedCount===0){let f=await o.findOne({_id:c});if(!f||f.status==="deleted"||f.status==="disabled"){K(()=>n.onOAuthLinkError?.({provider:o$1.providerName,error:new Error("User account not found or not active"),session:i,connectionInfo:s})),k(t),w(t,400,"User account is not active.");return}let v=f?.authMethods?.[o$1.providerName]?.id;if(v&&v!==o$1.id){K(()=>n.onOAuthLinkError?.({provider:o$1.providerName,error:new Error(`User already has a different ${o$1.providerName} account linked`),session:i,connectionInfo:s})),k(t),w(t,400,`You have already linked a different ${o$1.providerName} account.`);return}K(()=>n.onOAuthLinkError?.({provider:o$1.providerName,error:new Error(`Unexpected OAuth linking state for ${o$1.providerName}`),session:i,connectionInfo:s})),k(t),w(t,400,`Unable to link ${o$1.providerName} account.`);return}let m=await o.findOne({_id:c},{readPreference:"primary"});m&&K(()=>n.onAfterOAuthLink?.({provider:o$1.providerName,user:m,session:i,connectionInfo:s})),k(t),t.status(302).redirect("/");}catch(l){if(l instanceof MongoServerError&&l.code===11e3){K(()=>n.onOAuthLinkError?.({provider:o$1.providerName,error:l,session:i,connectionInfo:s})),k(t),w(t,400,`This ${o$1.providerName} account is already linked to a different user.`);return}if(l instanceof Error&&K(()=>n.onOAuthLinkError?.({provider:o$1.providerName,error:l,session:i,connectionInfo:s})),k(t),!t.headersSent)throw l}}function xe(e){return !e||typeof e!="string"?null:e}async function En(e,t,o,r){let n=await fetch("https://oauth2.googleapis.com/token",{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({code:e,client_id:t,client_secret:o,redirect_uri:r,grant_type:"authorization_code"})});if(!n.ok)throw new Error(`Failed to exchange code for token: ${n.statusText}`);return n.json()}async function vn(e){let t=await fetch("https://www.googleapis.com/oauth2/v2/userinfo",{headers:{Authorization:`Bearer ${e}`}});if(!t.ok)throw new Error(`Failed to fetch user info: ${t.statusText}`);return t.json()}async function Cn(e,t){let o=xe(e.query.code);if(!o){w(t,400,"Missing authorization code");return}let r=Ae(e,t,"authStateGoogle");if(!r)return;let{mode:n,linkedUserId:i}=r,s=String(a$2("_system.user.auth.google.clientId")),a=String(a$2("_system.user.auth.google.clientSecret")),c=Q("google");try{let l=await En(o,s,a,c),d=await vn(l.access_token),m={id:d.id,email:d.email,emailVerified:d.verified_email,providerName:"google",firstName:d.given_name||void 0,lastName:d.family_name||void 0,avatarUrl:d.picture||void 0};n==="link"?await Re(e,t,m,i):await ke(e,t,m);}catch(l){console.error("Google OAuth error:",l),n==="link"&&k(t),w(t,500,"Authentication failed");}}function Sn(){let e=Router(),t=(o,r,n)=>{let i=!!a$2("_system.user.auth.google.enabled"),s=String(a$2("_system.user.auth.google.clientId")),a=String(a$2("_system.user.auth.google.clientSecret"));if(!i||!s||!a){w(r,503,"Google authentication is not configured");return}n();};return e.get("/api/_internal/auth/google",t,async(o,r)=>{let n=String(a$2("_system.user.auth.google.clientId")),i=Q("google"),s=randomBytes(32).toString("hex"),a=o.query.mode==="link"?"link":"login",c=null;if(a==="link"&&o.query.linkNonce&&(c=await Se(o.query.linkNonce),!c)){w(r,401,"Invalid or expired link nonce for OAuth linking.");return}let l=c?`${s}:${a}:${c}`:`${s}:${a}`;r.cookie("authStateGoogle",l,{httpOnly:true,secure:process.env.NODE_ENV==="production",sameSite:"lax",maxAge:a$1.minutes(10)});let d=new URL("https://accounts.google.com/o/oauth2/v2/auth");d.searchParams.append("client_id",n),d.searchParams.append("redirect_uri",i),d.searchParams.append("response_type","code"),d.searchParams.append("scope","profile email"),d.searchParams.append("access_type","online"),d.searchParams.append("state",s),r.redirect(d.toString());}),e.get("/api/_internal/auth/google/callback",t,Cn),e}var $o=Sn;async function Rn(e,t,o,r){let n=await fetch("https://github.com/login/oauth/access_token",{method:"POST",headers:{"Content-Type":"application/json",Accept:"application/json"},body:JSON.stringify({client_id:t,client_secret:o,code:e,redirect_uri:r})});if(!n.ok)throw new Error(`Failed to exchange code for token: ${n.statusText}`);return n.json()}async function xn(e){let t=await fetch("https://api.github.com/user",{headers:{Authorization:`Bearer ${e}`,Accept:"application/vnd.github.v3+json"}});if(!t.ok)throw new Error(`Failed to fetch user info: ${t.statusText}`);return t.json()}async function On(e){let t=await fetch("https://api.github.com/user/emails",{headers:{Authorization:`Bearer ${e}`,Accept:"application/vnd.github.v3+json"}});if(!t.ok)throw new Error(`Failed to fetch user emails: ${t.statusText}`);return t.json()}async function _n(e,t){return e.email?e.email:(await On(t)).find(r=>r.primary&&r.verified)?.email??null}async function Pn(e,t){let o=xe(e.query.code);if(!o){w(t,400,"Missing authorization code");return}let r=Ae(e,t,"authStateGithub");if(!r)return;let{mode:n,linkedUserId:i}=r,s=String(a$2("_system.user.auth.github.clientId")),a=String(a$2("_system.user.auth.github.clientSecret")),c=Q("github");try{let l=await Rn(o,s,a,c),d=await xn(l.access_token),m=await _n(d,l.access_token);if(!m){n==="link"&&k(t),w(t,400,"Unable to retrieve a primary verified email from GitHub. Please ensure your GitHub account has a verified email set as primary.");return}let f=d.name?d.name.trim().split(/\s+/):[],v=f[0]||void 0,y=f.length>1?f.slice(1).join(" "):void 0,S={id:String(d.id),email:m,emailVerified:!0,providerName:"github",firstName:v,lastName:y,avatarUrl:d.avatar_url||void 0};n==="link"?await Re(e,t,S,i):await ke(e,t,S);}catch(l){console.error("GitHub OAuth error:",l),n==="link"&&k(t),w(t,500,"Authentication failed");}}function Ln(){let e=Router(),t=(o,r,n)=>{let i=!!a$2("_system.user.auth.github.enabled"),s=String(a$2("_system.user.auth.github.clientId")),a=String(a$2("_system.user.auth.github.clientSecret"));if(!i||!s||!a){w(r,503,"GitHub authentication is not configured");return}n();};return e.get("/api/_internal/auth/github",t,async(o,r)=>{let n=String(a$2("_system.user.auth.github.clientId")),i=Q("github"),s=a$2("_system.user.auth.github.scopes"),a=s?String(s).split(",").map(v=>v.trim()).join(" "):"user:email",c=randomBytes(32).toString("hex"),l=o.query.mode==="link"?"link":"login",d=null;if(l==="link"&&o.query.linkNonce&&(d=await Se(o.query.linkNonce),!d)){w(r,401,"Invalid or expired link nonce for OAuth linking.");return}let m=d?`${c}:${l}:${d}`:`${c}:${l}`;r.cookie("authStateGithub",m,{httpOnly:true,secure:process.env.NODE_ENV==="production",sameSite:"lax",maxAge:a$1.minutes(10)});let f=new URL("https://github.com/login/oauth/authorize");f.searchParams.append("client_id",n),f.searchParams.append("redirect_uri",i),f.searchParams.append("scope",a),f.searchParams.append("state",c),r.redirect(f.toString());}),e.get("/api/_internal/auth/github/callback",t,Pn),e}var Do=Ln;function jo(e,t,o){return async(r,n,i)=>{let s=r.headers["x-modelence-auth-token"],a={session:null,user:null};if(typeof s=="string"&&j())try{let{session:l,user:d}=await u(s);a={session:l,user:d};}catch{}let c=l$1("route",`route:${e.toLowerCase()}:${t}`,{method:e,path:t,query:r.query,body:r.body,params:r.params});try{let l=await o({query:r.query,body:r.body,params:r.params,headers:r.headers,cookies:r.cookies,rawBody:Buffer.isBuffer(r.body)?r.body:void 0,req:r,res:n,next:i},a);c.end(),l&&(n.status(l.status||200),l.redirect&&n.redirect(l.redirect),l.headers&&Object.entries(l.headers).forEach(([d,m])=>{n.setHeader(d,m);}),n.send(l.data));}catch(l){c.end("error"),l instanceof a$4?n.status(l.status).send(l.message):(console.error(`Error in route handler: ${r.path}`),console.error(l),n.status(500).send(String(l)));}}}function Un(e){let t=[];if(!e)return t.push(T.json({limit:"16mb"})),t.push(T.urlencoded({extended:true,limit:"16mb"})),t;if(e.json!==false){let o=typeof e.json=="object"?e.json:{limit:"16mb"};t.push(T.json(o));}if(e.urlencoded!==false){let o=typeof e.urlencoded=="object"?e.urlencoded:{extended:true,limit:"16mb"};t.push(T.urlencoded(o));}if(e.raw){let o=typeof e.raw=="object"?e.raw:{},r={limit:o.limit||"16mb",type:o.type||"*/*"};t.push(T.raw(r));}return t}function Tn(e,t){for(let o of t)for(let r of o.routes){let{path:n,handlers:i,body:s}=r,a=Un(s);Object.entries(i).forEach(([c,l])=>{e[c](n,...a,jo(c,n,l));});}}async function Uo(e,{combinedModules:t,channels:o}){let r=T();r.use(Mn()),r.use(Dn()),Tn(r,t),r.use(T.json({limit:"16mb"})),r.use(T.urlencoded({extended:true,limit:"16mb"})),r.use($o()),r.use(Do()),r.post("/api/_internal/auth/set-link-cookie",async(a,c)=>{let{session:l}=await Y(a,c);if(!l?.userId){c.status(401).json({error:"Not authenticated"});return}c.cookie("oauthLinkToken",l.authToken,{httpOnly:true,secure:process.env.NODE_ENV==="production",sameSite:"lax",path:"/api/_internal/auth/",maxAge:10*60*1e3}),c.json({ok:true});}),r.post("/api/_internal/auth/issue-link-nonce",async(a,c)=>{let{session:l}=await Y(a,c);if(!l?.userId){c.status(401).json({error:"Not authenticated"});return}let d=await d$1(String(l.userId));c.json({nonce:d});}),r.post("/api/_internal/method/:methodName(*)",async(a,c)=>{let l=a.params.methodName,d=await Y(a,c);try{let m=a$3(await B$1(l,a.body.args,d));c.json({data:m,typeMap:b$3(m)});}catch(m){In(c,l,m);}});let n=Nn.createServer(r);await e.init({httpServer:n}),e.middlewares&&r.use(e.middlewares()),r.all("*",(a,c,l)=>{Promise.resolve(e.handler(a,c)).catch(l);}),process.on("unhandledRejection",(a,c)=>{console.error("Unhandled Promise Rejection:"),console.error(a instanceof Error?a.stack:a),console.error("Promise:",c);}),process.on("uncaughtException",a=>{console.error("Uncaught Exception:"),console.error(a.stack),console.trace("Full application stack:");});let i=Ce()?.provider;i&&i.init({httpServer:n,channels:o});let s=process.env.MODELENCE_PORT||process.env.PORT||3e3;n.listen(s,()=>{j$2("Application started",{source:"app"});let a=a$2("_system.site.url")||`http://localhost:${s}`;console.log(`
26
+ Application started on ${a}
27
+ `);});}async function Y(e,t$1=null){let o=(e.path??e.url??"").split("?")[0],r=o.startsWith("/api/_internal/auth/")&&o.endsWith("/callback"),n=e.body??{},i=U.string().nullish().transform(l=>l??null).parse(e.cookies.authToken||(r?e.cookies.oauthLinkToken:null)||n.authToken),s=U.object({screenWidth:U.number(),screenHeight:U.number(),windowWidth:U.number(),windowHeight:U.number(),pixelRatio:U.number(),orientation:U.string().nullable()}).nullish().parse(n.clientInfo)??{screenWidth:0,screenHeight:0,windowWidth:0,windowHeight:0,pixelRatio:1,orientation:null},a={ip:Hn(e),userAgent:e.get("user-agent"),acceptLanguage:e.get("accept-language"),referrer:e.get("referrer"),baseUrl:jn(e)};if(!!j()){let{session:l,user:d,roles:m}=await u(i);return {clientInfo:s,connectionInfo:a,session:l,user:d,roles:m,req:e,res:t$1}}return {clientInfo:s,connectionInfo:a,session:null,user:null,roles:t(),req:e,res:t$1}}function In(e,t,o){if(o instanceof a$4){o.status>=500&&o.status<600&&console.error(`Error calling ${t}:`,o),o.code&&e.setHeader("X-Modelence-Error-Code",o.code),e.status(o.status).send(o.message);return}if(o instanceof Error&&o?.constructor?.name==="ZodError"&&"errors"in o){let r="";try{r=$n(o);}catch(n){console.error(`Error parsing Zod error in ${t}:`,n),r="Validation failed";}e.status(400).send(r);return}console.error(`Error calling ${t}:`,o),e.status(500).send(o instanceof Error?o.message:String(o));}function $n(e){let t=e.flatten(),o=Object.entries(t.fieldErrors).map(([i,s])=>`${i}: ${(s??[]).join(", ")}`),r=t.formErrors;return [...o,...r].filter(Boolean).join("; ")}function Dn(){let{frameAncestors:e}=Lo(),t=e&&e.length>0,o=t?["'self'",...e].join(" "):"'self'";return (r,n,i)=>{n.setHeader("Content-Security-Policy",`frame-ancestors ${o}`),t||n.setHeader("X-Frame-Options","SAMEORIGIN"),i();}}function jn(e){let t=e.headers["x-forwarded-host"],o=(Array.isArray(t)?t[0]:t?.split(",")[0])?.trim()||e.get("host"),r=e.headers["x-forwarded-proto"];return `${(Array.isArray(r)?r[0]:r?.split(",")[0])?.trim()||e.protocol}://${o}`}function Hn(e){let t=e.headers["x-forwarded-for"];if(t)return (Array.isArray(t)?t[0]:t.split(",")[0]).trim();let o=e.ip||e.socket?.remoteAddress;if(o)return o.startsWith("::ffff:")?o.substring(7):o}
28
+ export{A as a,vo as b,Co as c,So as d,ko as e,Uo as f,Y as g,Qr as h,un as i,mn as j,rt as k,pn as l};//# sourceMappingURL=chunk-ZBCGBZPH.js.map
29
+ //# sourceMappingURL=chunk-ZBCGBZPH.js.map