nextjs-cms 0.9.22 → 0.9.23

package/dist/api/trpc/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/api/trpc/server.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,CAAA;AAEpB,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAA;AAI9D,OAAO,EAAgB,KAAK,SAAS,EAAE,MAAM,YAAY,CAAA;AA8DzD,eAAO,MAAM,GAAG,EAAc,UAAU,CAAC,OAAO,sBAAsB,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;AAC1F,eAAO,MAAM,aAAa;;uBAAmB,CAAA"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/api/trpc/server.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,CAAA;AAEpB,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAA;AAC9D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAC7C,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAUjE,OAAO,KAAK,EAAE,0BAA0B,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAA;AAEvF,MAAM,WAAW,uBAAuB,CAAC,KAAK,SAAS,YAAY;IAC/D,OAAO,CAAC,EAAE,0BAA0B,CAAC,KAAK,CAAC,CAAA;IAC3C,OAAO,CAAC,EAAE,UAAU,CAAC,OAAO,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;CACjE;AAED,wBAAgB,gBAAgB,CAAC,KAAK,CAAC,KAAK,SAAS,YAAY,GAAG,EAAE,EAAE,IAAI,GAAE,uBAAuB,CAAC,KAAK,CAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2BAyGk1U,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAAonsB,CAAC;;;;;+BAA0E,CAAC;;;;;;+BAAgH,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAAt4/B,CAAC;;;;;+BAAuE,CAAC;;;;;;+BAA6G,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mBAxBtgC,OAAO;oBAAP,OAAO;;SAkBV,UAAU,CAAC,OAAO,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2BAM83U,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAAonsB,CAAC;;;;;+BAA0E,CAAC;;;;;;+BAAgH,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAAt4/B,CAAC;;;;;+BAAuE,CAAC;;;;;;+BAA6G,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gBAN/8B,CAAC,CAAC,MAAM,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2BAMm2U,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAAonsB,CAAC;;;;;+BAA0E,CAAC;;;;;;+BAAgH,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAAt4/B,CAAC;;;;;+BAAuE,CAAC;;;;;;+BAA6G,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qBAtFhgC,OAAO,CAAC,SAAS,CAAC;EAqFvD"}

package/dist/api/trpc/server.js

@@ -1,61 +1,100 @@
 import 'server-only';
 import { createHydrationHelpers } from '@trpc/react-query/rsc';
+import { fetchRequestHandler } from '@trpc/server/adapters/fetch';
 import { headers } from 'next/headers';
 import { cache } from 'react';
-import { getAppRouter } from '../root.js';
-import { createTRPCContext } from '../trpc.js';
+import { getConfigImportVersion } from '../../core/config/index.js';
+import { loadPlugins } from '../../plugins/loader.js';
+import { coreRouters } from './root.js';
+import { createCallerFactory, createTRPCContext, router } from './trpc.js';
 import { createQueryClient } from './query-client.js';
-/**
- * This wraps the `createTRPCContext` helper and provides the required context for the tRPC API when
- * handling a tRPC call from a React Server Component.
- */
-const createContext = cache(async () => {
-    const heads = new Headers(await headers());
-    heads.set('x-trpc-source', 'rsc');
-    return createTRPCContext({
-        headers: heads,
-    });
-});
-const getQueryClient = cache(createQueryClient);
-const getCaller = cache(async () => {
-    const routerWithPlugins = await getAppRouter();
-    return routerWithPlugins.createCaller(await createContext());
-});
-const resolveCallerPath = (root, path) => {
-    let current = root;
-    for (const key of path) {
-        if (!current || (typeof current !== 'object' && typeof current !== 'function')) {
-            return undefined;
+import { createAsyncCallerProxy } from './utils/async-caller-proxy.js';
+export function createTRPCRouter(opts = {}) {
+    const userRouters = (opts.routers ?? {});
+    for (const key of Object.keys(userRouters)) {
+        if (key in coreRouters) {
+            throw new Error(`[trpc] Router key "${key}" conflicts with a core router.`);
         }
-        current = current[key];
     }
-    return current;
-};
-const callProcedure = async (path, args) => {
-    const caller = await getCaller();
-    const proc = resolveCallerPath(caller, path);
-    if (typeof proc !== 'function') {
-        throw new Error(`tRPC procedure not found: ${path.join('.')}`);
+    const appRouter = router({
+        ...coreRouters,
+        ...userRouters,
+    });
+    let cachedRouter = null;
+    let pendingRouter = null;
+    let cachedVersion = -1;
+    let pendingVersion = -1;
+    async function getMergedRouter() {
+        const currentVersion = getConfigImportVersion();
+        if (cachedRouter && cachedVersion === currentVersion) {
+            return cachedRouter;
+        }
+        if (pendingRouter && pendingVersion === currentVersion) {
+            return pendingRouter;
+        }
+        cachedRouter = null;
+        pendingVersion = currentVersion;
+        pendingRouter = (async () => {
+            const loadedPlugins = await loadPlugins();
+            const pluginRouters = {};
+            const seen = new Set([...Object.keys(coreRouters), ...Object.keys(userRouters)]);
+            for (const plugin of loadedPlugins) {
+                if (!plugin.plugin.router)
+                    continue;
+                if (seen.has(plugin.routerKey)) {
+                    const message = `[plugins] Router key "${plugin.routerKey}" conflicts with core/user router. Skipping.`;
+                    throw new Error(message);
+                }
+                pluginRouters[plugin.routerKey] = plugin.plugin.router;
+                seen.add(plugin.routerKey);
+            }
+            const mergedRouter = router({
+                ...coreRouters,
+                ...pluginRouters,
+                ...userRouters,
+            });
+            cachedRouter = mergedRouter;
+            cachedVersion = currentVersion;
+            return mergedRouter;
+        })();
+        try {
+            return await pendingRouter;
+        }
+        finally {
+            if (pendingVersion === currentVersion) {
+                pendingRouter = null;
+            }
+        }
     }
-    return proc(...args);
-};
-const createCallerProxy = (path = []) => {
-    const proxyTarget = (...args) => callProcedure(path, args);
-    return new Proxy(proxyTarget, {
-        get(_target, prop) {
-            if (prop === 'then')
-                return undefined;
-            if (typeof prop !== 'string')
-                return undefined;
-            return createCallerProxy([...path, prop]);
-        },
-        apply(_target, _thisArg, args) {
-            return callProcedure(path, args);
-        },
+    const createContext = cache(async () => {
+        const heads = new Headers(await headers());
+        heads.set('x-trpc-source', 'rsc');
+        return createTRPCContext({
+            headers: heads,
+        });
+    });
+    const getQueryClient = cache(createQueryClient);
+    const getCaller = cache(async () => (await getMergedRouter()).createCaller(await createContext()));
+    const callerProxy = createAsyncCallerProxy(getCaller);
+    const helpers = createHydrationHelpers(callerProxy, getQueryClient);
+    const handler = async (req) => fetchRequestHandler({
+        endpoint: '/api/trpc',
+        req,
+        router: await getMergedRouter(),
+        createContext: () => createTRPCContext({ headers: req.headers }),
+        onError: opts.onError ??
+            (process.env.NODE_ENV === 'development'
+                ? ({ path, error }) => {
+                    console.error(`tRPC failed on ${path ?? '<no-path>'}: ${error.message}`);
+                }
+                : undefined),
     });
-};
-// Lazily resolves the caller so plugin routers are available without top-level await.
-const callerProxy = createCallerProxy();
-const _t = createHydrationHelpers(callerProxy, getQueryClient);
-export const api = _t.trpc;
-export const HydrateClient = _t.HydrateClient;
+    return {
+        appRouter,
+        handler: { GET: handler, POST: handler },
+        api: helpers.trpc,
+        HydrateClient: helpers.HydrateClient,
+        createCaller: createCallerFactory(appRouter),
+        getRouter: getMergedRouter,
+    };
+}

package/dist/api/trpc/trpc.d.ts

@@ -0,0 +1,111 @@
+import superjson from 'superjson';
+/**
+ * Creates context for an incoming request
+ * @link https://trpc.io/docs/v11/context
+ */
+export declare const createTRPCContext: (opts: {
+    headers: Headers;
+}) => Promise<{
+    headers: Headers;
+    db: import("drizzle-orm/mysql2").MySql2Database<typeof import("../../db/schema.js")> & {
+        $client: import("mysql2/promise").Pool;
+    };
+    session: import("../../index.js").Session | null;
+}>;
+type Context = Awaited<ReturnType<typeof createTRPCContext>>;
+export type TRPCContext = Context;
+export declare const transformer: {
+    input: typeof superjson;
+    output: typeof superjson;
+};
+/**
+ * Create a server-side caller
+ * @see https://trpc.io/docs/server/server-side-calls
+ */
+export declare const createCallerFactory: import("@trpc/server").TRPCRouterCallerFactory<{
+    ctx: {
+        headers: Headers;
+        db: import("drizzle-orm/mysql2").MySql2Database<typeof import("../../db/schema.js")> & {
+            $client: import("mysql2/promise").Pool;
+        };
+        session: import("../../index.js").Session | null;
+    };
+    meta: object;
+    errorShape: {
+        data: {
+            zodError: import("zod").ZodFlattenedError<unknown, string> | null;
+            code: import("@trpc/server").TRPC_ERROR_CODE_KEY;
+            httpStatus: number;
+            path?: string;
+            stack?: string;
+        };
+        message: string;
+        code: import("@trpc/server").TRPC_ERROR_CODE_NUMBER;
+    };
+    transformer: true;
+}>;
+/**
+ * This is how you create new routers and sub-routers in your tRPC API
+ * @see https://trpc.io/docs/router
+ */
+export declare const router: import("@trpc/server").TRPCRouterBuilder<{
+    ctx: {
+        headers: Headers;
+        db: import("drizzle-orm/mysql2").MySql2Database<typeof import("../../db/schema.js")> & {
+            $client: import("mysql2/promise").Pool;
+        };
+        session: import("../../index.js").Session | null;
+    };
+    meta: object;
+    errorShape: {
+        data: {
+            zodError: import("zod").ZodFlattenedError<unknown, string> | null;
+            code: import("@trpc/server").TRPC_ERROR_CODE_KEY;
+            httpStatus: number;
+            path?: string;
+            stack?: string;
+        };
+        message: string;
+        code: import("@trpc/server").TRPC_ERROR_CODE_NUMBER;
+    };
+    transformer: true;
+}>;
+/**
+ * Public procedure that doesn't require authentication
+ */
+export declare const publicProcedure: import("@trpc/server").TRPCProcedureBuilder<{
+    headers: Headers;
+    db: import("drizzle-orm/mysql2").MySql2Database<typeof import("../../db/schema.js")> & {
+        $client: import("mysql2/promise").Pool;
+    };
+    session: import("../../index.js").Session | null;
+}, object, object, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, false>;
+/**
+ * Private procedure that uses the `isAuthedMiddleware` middleware to require authentication
+ * @see https://trpc.io/docs/procedures
+ */
+export declare const privateProcedure: import("@trpc/server").TRPCProcedureBuilder<{
+    headers: Headers;
+    db: import("drizzle-orm/mysql2").MySql2Database<typeof import("../../db/schema.js")> & {
+        $client: import("mysql2/promise").Pool;
+    };
+    session: import("../../index.js").Session | null;
+}, object, {
+    session: {
+        user: import("../../index.js").User;
+    };
+}, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, false>;
+type PrivilegeOperation = 'C' | 'U' | 'D';
+export declare const pluginProcedure: (sectionName: string, requiredRole?: PrivilegeOperation) => import("@trpc/server").TRPCProcedureBuilder<{
+    headers: Headers;
+    db: import("drizzle-orm/mysql2").MySql2Database<typeof import("../../db/schema.js")> & {
+        $client: import("mysql2/promise").Pool;
+    };
+    session: import("../../index.js").Session | null;
+}, object, {
+    session: {
+        user: import("../../index.js").User;
+    };
+}, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, import("@trpc/server").TRPCUnsetMarker, false>;
+export {};
+//# sourceMappingURL=trpc.d.ts.map

package/dist/api/trpc/trpc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"trpc.d.ts","sourceRoot":"","sources":["../../../src/api/trpc/trpc.ts"],"names":[],"mappings":"AACA,OAAO,SAAS,MAAM,WAAW,CAAA;AASjC;;;GAGG;AACH,eAAO,MAAM,iBAAiB,GAAU,MAAM;IAAE,OAAO,EAAE,OAAO,CAAA;CAAE;aAAT,OAAO;;;;;EAQ/D,CAAA;AAED,KAAK,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,iBAAiB,CAAC,CAAC,CAAA;AAC5D,MAAM,MAAM,WAAW,GAAG,OAAO,CAAA;AAEjC,eAAO,MAAM,WAAW;;;CAGvB,CAAA;AAkBD;;;GAGG;AACH,eAAO,MAAM,mBAAmB;;iBAtCyB,OAAO;;;;;;;;;;;;;;;;;;;EAsCR,CAAA;AAiBxD;;;GAGG;AACH,eAAO,MAAM,MAAM;;iBA3DsC,OAAO;;;;;;;;;;;;;;;;;;;EA2DlC,CAAA;AAE9B;;GAEG;AACH,eAAO,MAAM,eAAe;aAhE6B,OAAO;;;;;yLAgEtB,CAAA;AAE1C;;;GAGG;AACH,eAAO,MAAM,gBAAgB;aAtE4B,OAAO;;;;;;;;;yKAsEG,CAAA;AAEnE,KAAK,kBAAkB,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAA;AAoCzC,eAAO,MAAM,eAAe,GAAI,aAAa,MAAM,EAAE,eAAe,kBAAkB;aA5G7B,OAAO;;;;;;;;;yKA6GO,CAAA"}

package/dist/api/trpc/trpc.js

@@ -0,0 +1,99 @@
+import { initTRPC, TRPCError } from '@trpc/server';
+import superjson from 'superjson';
+import { ZodError } from 'zod';
+import auth from '../../auth/index.js';
+import { db } from '../../db/client.js';
+import { and, eq } from 'drizzle-orm';
+import { AdminPrivilegesTable } from '../../db/schema.js';
+import getString from '../../translations/index.js';
+import { isDashboardOverridePlugin } from '../../plugins/loader.js';
+/**
+ * Creates context for an incoming request
+ * @link https://trpc.io/docs/v11/context
+ */
+export const createTRPCContext = async (opts) => {
+    const session = await auth();
+    return {
+        db,
+        session,
+        ...opts,
+    };
+};
+export const transformer = {
+    input: superjson,
+    output: superjson,
+};
+const t = initTRPC.context().create({
+    transformer: transformer,
+    errorFormatter({ shape, error }) {
+        return {
+            ...shape,
+            data: {
+                ...shape.data,
+                zodError: error.cause instanceof ZodError ? error.cause.flatten() : null,
+            },
+        };
+    },
+    /*errorFormatter({ shape }) {
+        return shape
+    },*/
+});
+/**
+ * Create a server-side caller
+ * @see https://trpc.io/docs/server/server-side-calls
+ */
+export const createCallerFactory = t.createCallerFactory;
+const isAuthedMiddleware = t.middleware(async ({ ctx, next }) => {
+    if (!ctx.session || !ctx.session.user)
+        throw new TRPCError({ code: 'UNAUTHORIZED', message: getString('noTokenProvided', 'en') });
+    return next({
+        /*ctx: {
+            user: user,
+            headers: ctx.opts.headers,
+        },*/
+        ctx: {
+            // infers the `session` as non-nullable
+            session: { ...ctx.session, user: ctx.session.user },
+        },
+    });
+});
+/**
+ * This is how you create new routers and sub-routers in your tRPC API
+ * @see https://trpc.io/docs/router
+ */
+export const router = t.router;
+/**
+ * Public procedure that doesn't require authentication
+ */
+export const publicProcedure = t.procedure;
+/**
+ * Private procedure that uses the `isAuthedMiddleware` middleware to require authentication
+ * @see https://trpc.io/docs/procedures
+ */
+export const privateProcedure = t.procedure.use(isAuthedMiddleware);
+const accessControlMiddleware = (sectionName, requiredRole) => isAuthedMiddleware.unstable_pipe(async ({ ctx, next }) => {
+    // Bypass privilege check for dashboard override plugin
+    if (await isDashboardOverridePlugin(sectionName)) {
+        return next();
+    }
+    const privilege = await db
+        .select()
+        .from(AdminPrivilegesTable)
+        .where(and(eq(AdminPrivilegesTable.adminId, ctx.session.user.id), eq(AdminPrivilegesTable.sectionName, sectionName)))
+        .limit(1);
+    const allowed = privilege[0];
+    if (!allowed) {
+        throw new TRPCError({
+            code: 'NOT_FOUND',
+            message: getString('sectionNotFound', ctx.session.user.language),
+        });
+    }
+    if (requiredRole && !allowed.operations.includes(requiredRole)) {
+        throw new TRPCError({
+            code: 'NOT_FOUND',
+            message: getString('noAccessToThisOperation', ctx.session.user.language),
+        });
+    }
+    return next();
+});
+export const pluginProcedure = (sectionName, requiredRole) => t.procedure.use(accessControlMiddleware(sectionName, requiredRole));

package/dist/api/trpc/utils/async-caller-proxy.d.ts

@@ -0,0 +1,2 @@
+export declare function createAsyncCallerProxy<TCaller>(getCaller: () => Promise<TCaller>): TCaller;
+//# sourceMappingURL=async-caller-proxy.d.ts.map

package/dist/api/trpc/utils/async-caller-proxy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"async-caller-proxy.d.ts","sourceRoot":"","sources":["../../../../src/api/trpc/utils/async-caller-proxy.ts"],"names":[],"mappings":"AAWA,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CA2B1F"}

package/dist/api/trpc/utils/async-caller-proxy.js

@@ -0,0 +1,38 @@
+const resolveCallerPath = (root, path) => {
+    let current = root;
+    for (const key of path) {
+        if (!current || (typeof current !== 'object' && typeof current !== 'function')) {
+            return undefined;
+        }
+        current = current[key];
+    }
+    return current;
+};
+export function createAsyncCallerProxy(getCaller) {
+    const callProcedure = async (path, args) => {
+        const caller = await getCaller();
+        const proc = resolveCallerPath(caller, path);
+        if (typeof proc !== 'function') {
+            throw new Error(`tRPC procedure not found: ${path.join('.')}`);
+        }
+        return proc(...args);
+    };
+    const createCallerProxy = (path = []) => {
+        const proxyTarget = (...args) => callProcedure(path, args);
+        return new Proxy(proxyTarget, {
+            get(_target, prop) {
+                // PromiseLike short-circuit: prevents `Promise.resolve(proxy)` from treating
+                // the proxy as a thenable. Procedure paths cannot be named "then".
+                if (prop === 'then')
+                    return undefined;
+                if (typeof prop !== 'string')
+                    return undefined;
+                return createCallerProxy([...path, prop]);
+            },
+            apply(_target, _thisArg, args) {
+                return callProcedure(path, args);
+            },
+        });
+    };
+    return createCallerProxy();
+}

package/dist/api/trpc/utils/refresh-token-link.d.ts

@@ -0,0 +1,6 @@
+import type { TRPCLink } from '@trpc/client';
+/**
+ * tRPC link that refreshes the token if it's expired
+ */
+export declare const refreshTokenLink: () => TRPCLink<any>;
+//# sourceMappingURL=refresh-token-link.d.ts.map

package/dist/api/trpc/utils/refresh-token-link.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"refresh-token-link.d.ts","sourceRoot":"","sources":["../../../../src/api/trpc/utils/refresh-token-link.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAK5C;;GAEG;AACH,eAAO,MAAM,gBAAgB,QAAO,QAAQ,CAAC,GAAG,CA6E/C,CAAA"}

package/dist/api/trpc/utils/refresh-token-link.js

@@ -0,0 +1,81 @@
+import { observable } from '@trpc/server/observable';
+import { logout, refreshSession } from '../../../auth/react.js';
+/**
+ * tRPC link that refreshes the token if it's expired
+ */
+export const refreshTokenLink = () => {
+    /**
+     * Add a lock state to prevent multiple refreshes at the same time
+     */
+    let isRefreshing = false;
+    let refreshPromise = null;
+    return () => {
+        return ({ next, op }) => {
+            return observable((observer) => {
+                let next$ = null;
+                let shouldRetry = true; // Flag to control the retry
+                function attempt() {
+                    next$?.unsubscribe();
+                    next$ = next(op).subscribe({
+                        async error(err) {
+                            if (err.data?.code === 'UNAUTHORIZED' && shouldRetry) {
+                                if (!isRefreshing) {
+                                    isRefreshing = true;
+                                    refreshPromise = (async () => {
+                                        try {
+                                            const response = await fetch('/api/auth/refresh');
+                                            const data = await response.json();
+                                            if (response.status !== 200) {
+                                                await logout({
+                                                    /**
+                                                     * No need to delete the cookies, because they are both invalid.
+                                                     */
+                                                    deleteCookies: false,
+                                                });
+                                                return;
+                                            }
+                                            await refreshSession(data.session);
+                                        }
+                                        catch (e) {
+                                            await logout({
+                                                /**
+                                                 * No need to delete the cookies, because they are both invalid.
+                                                 */
+                                                deleteCookies: false,
+                                            });
+                                            throw e;
+                                        }
+                                        finally {
+                                            isRefreshing = false;
+                                            refreshPromise = null;
+                                        }
+                                    })();
+                                }
+                                try {
+                                    await refreshPromise;
+                                    shouldRetry = false;
+                                    attempt();
+                                    return;
+                                }
+                                catch (e) {
+                                    // Don't throw under-the-hood refresh flow's errors
+                                }
+                            }
+                            observer.error(err);
+                        },
+                        next(value) {
+                            observer.next(value);
+                        },
+                        complete() {
+                            observer.complete();
+                        },
+                    });
+                }
+                attempt();
+                return () => {
+                    next$?.unsubscribe();
+                };
+            });
+        };
+    };
+};

package/dist/api/trpc/utils/router-types.d.ts

@@ -0,0 +1,7 @@
+import type { AnyRouter } from '@trpc/server';
+import type { CoreRouters } from '../root.js';
+export type RouterRecord = Record<string, AnyRouter>;
+export type NonConflictingRouterRecord<TUser extends RouterRecord> = Extract<keyof TUser, keyof CoreRouters> extends never ? TUser : {
+    [K in keyof TUser]: K extends keyof CoreRouters ? never : TUser[K];
+};
+//# sourceMappingURL=router-types.d.ts.map

package/dist/api/trpc/utils/router-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"router-types.d.ts","sourceRoot":"","sources":["../../../../src/api/trpc/utils/router-types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAE7C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAE7C,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAA;AAEpD,MAAM,MAAM,0BAA0B,CAAC,KAAK,SAAS,YAAY,IAC7D,OAAO,CAAC,MAAM,KAAK,EAAE,MAAM,WAAW,CAAC,SAAS,KAAK,GAC/C,KAAK,GACL;KACK,CAAC,IAAI,MAAM,KAAK,GAAG,CAAC,SAAS,MAAM,WAAW,GAAG,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC;CACrE,CAAA"}

package/dist/api/use-axios-private.d.ts

@@ -0,0 +1,6 @@
+import type { AxiosInstance } from 'axios';
+declare const useAxiosPrivate: (options?: {
+    refreshTokenOn?: 401 | 404;
+}) => AxiosInstance;
+export default useAxiosPrivate;
+//# sourceMappingURL=use-axios-private.d.ts.map

package/dist/api/use-axios-private.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"use-axios-private.d.ts","sourceRoot":"","sources":["../../src/api/use-axios-private.tsx"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,OAAO,CAAA;AAkB1C,QAAA,MAAM,eAAe,GAAI,UAAU;IAAE,cAAc,CAAC,EAAE,GAAG,GAAG,GAAG,CAAA;CAAE,kBAqDhE,CAAA;AAED,eAAe,eAAe,CAAA"}

package/dist/api/use-axios-private.js

@@ -0,0 +1,57 @@
+'use client';
+import axios from 'axios';
+import { useEffect } from 'react';
+import useRefreshToken from '../auth/hooks/useRefreshToken.js';
+import { getCsrfToken } from '../auth/react.js';
+let _instance;
+function getAxiosPrivate() {
+    if (!_instance) {
+        _instance = axios.create({
+            baseURL: '/api',
+            headers: { 'Content-Type': 'application/json' },
+            withCredentials: true,
+        });
+    }
+    return _instance;
+}
+const useAxiosPrivate = (options) => {
+    const refresh = useRefreshToken();
+    const { refreshTokenOn = 401 } = options || {};
+    const axiosPrivate = getAxiosPrivate();
+    useEffect(() => {
+        const requestIntercept = axiosPrivate.interceptors.request.use(async (config) => {
+            if (config.method && ['post', 'put', 'delete'].includes(config.method.toLowerCase())) {
+                config.headers['x-csrf-token'] = await getCsrfToken();
+            }
+            return config;
+        }, (error) => Promise.reject(error));
+        const responseIntercept = axiosPrivate.interceptors.response.use((response) => response, async (error) => {
+            const prevRequest = error?.config;
+            if (error?.response?.status === refreshTokenOn && !prevRequest?.sent) {
+                prevRequest.sent = true;
+                const refreshStatus = await refresh();
+                if (refreshStatus === false)
+                    return Promise.reject(error);
+                prevRequest.headers['Content-Type'] = 'multipart/form-data';
+                prevRequest.transformRequest = [
+                    (data, headers) => {
+                        if (data instanceof FormData) {
+                            // @ts-ignore
+                            headers['Content-Type'] += `; boundary=${data._boundary}`;
+                        }
+                        return data;
+                    },
+                    ...axios.defaults.transformRequest,
+                ];
+                return axiosPrivate(prevRequest);
+            }
+            return Promise.reject(error);
+        });
+        return () => {
+            axiosPrivate.interceptors.request.eject(requestIntercept);
+            axiosPrivate.interceptors.response.eject(responseIntercept);
+        };
+    }, []);
+    return axiosPrivate;
+};
+export default useAxiosPrivate;

package/dist/api/utils/async-caller-proxy.d.ts

@@ -0,0 +1,2 @@
+export declare function createAsyncCallerProxy<TCaller>(getCaller: () => Promise<TCaller>): TCaller;
+//# sourceMappingURL=async-caller-proxy.d.ts.map

package/dist/api/utils/async-caller-proxy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"async-caller-proxy.d.ts","sourceRoot":"","sources":["../../../src/api/utils/async-caller-proxy.ts"],"names":[],"mappings":"AAWA,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,CAyB1F"}

package/dist/api/utils/async-caller-proxy.js

@@ -0,0 +1,36 @@
+const resolveCallerPath = (root, path) => {
+    let current = root;
+    for (const key of path) {
+        if (!current || (typeof current !== 'object' && typeof current !== 'function')) {
+            return undefined;
+        }
+        current = current[key];
+    }
+    return current;
+};
+export function createAsyncCallerProxy(getCaller) {
+    const callProcedure = async (path, args) => {
+        const caller = await getCaller();
+        const proc = resolveCallerPath(caller, path);
+        if (typeof proc !== 'function') {
+            throw new Error(`tRPC procedure not found: ${path.join('.')}`);
+        }
+        return proc(...args);
+    };
+    const createCallerProxy = (path = []) => {
+        const proxyTarget = (...args) => callProcedure(path, args);
+        return new Proxy(proxyTarget, {
+            get(_target, prop) {
+                if (prop === 'then')
+                    return undefined;
+                if (typeof prop !== 'string')
+                    return undefined;
+                return createCallerProxy([...path, prop]);
+            },
+            apply(_target, _thisArg, args) {
+                return callProcedure(path, args);
+            },
+        });
+    };
+    return createCallerProxy();
+}

package/dist/api/utils/lazy-caller-proxy.d.ts

@@ -0,0 +1,2 @@
+export declare function createLazyCallerProxy<TCaller>(getCaller: () => Promise<TCaller>): TCaller;
+//# sourceMappingURL=lazy-caller-proxy.d.ts.map