nucleus-core-ts 0.8.86 → 0.8.88
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +2 -2
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -79,7 +79,7 @@ var D2=Object.create;var{getPrototypeOf:H2,defineProperty:oc,getOwnPropertyNames
|
|
|
79
79
|
<p>Your account has been created via ${M} login. You can optionally set a password to also sign in with your email and password.</p>
|
|
80
80
|
<p><a href="${Jn}">Set your password</a></p>
|
|
81
81
|
<p>This link expires in 7 days. If you don't want to set a password, you can always sign in with ${M}.</p>
|
|
82
|
-
`}),b.info("[OAUTH] Invite email sent to new OAuth user",{userId:p,email:z.email,provider:M})}catch(gn){b.warn("[OAUTH] Failed to send invite email",{userId:p,error:gn})}}await d.update(w).set({lastLoginAt:new Date}).where(zr(w.id,p));let K=k.request.headers.get("cf-connecting-ip")?.trim()||k.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||k.request.headers.get("x-real-ip")?.trim()||"127.0.0.1",B=k.request.headers.get("user-agent")||"Unknown Browser",L=mi(B,K),Y=t(p),Q=o(p),V={userId:p,deviceInfo:L,loginMethod:`oauth:${M}`,rememberMe:!0},q=await a(V);if(c)await c(q,V);await b.audit({entityName:"users",entityId:p,operation:"LOGIN",userId:p,summary:`${z.email??z.providerAccountId} logged in via OAuth (${M})`,ipAddress:K,userAgent:B,path:`${h}/${M}/callback`,query:""});let F=_.secure?"; Secure":"",v=`; Path=${_.path}; HttpOnly; SameSite=${_.sameSite}${F}`,dn=[];if(g.accessToken.setHeadersEnabled)dn.push(`${_.accessTokenName}=${Y}${v}; Max-Age=${_.accessTokenMaxAge}`);if(g.refreshToken.setHeadersEnabled)dn.push(`${_.refreshTokenName}=${Q}${v}; Max-Age=${_.refreshTokenMaxAge}`);if(g.sessionToken.setHeadersEnabled)dn.push(`${_.sessionTokenName}=${q}${v}; Max-Age=${_.sessionTokenMaxAge}`);let tn=E.redirectUrl||r.successRedirectUrl,un=new Headers;un.set("Location",tn);for(let sn of dn)un.append("Set-Cookie",sn);return new Response(null,{status:302,headers:un})},{detail:{tags:["Authentication"],summary:"OAuth Callback",description:"Handles the OAuth provider callback, creates session and sets cookies"}}),R.get(`${h}/providers`,()=>{return{success:!0,data:{providers:r.getEnabledProviders()}}},{detail:{tags:["Authentication"],summary:"List OAuth Providers",description:"Returns the list of enabled OAuth providers"}}),R.get(`${h}/link/:provider`,async(k)=>{let M=k.params.provider;if(!r.isProviderEnabled(M))return k.set.status=404,{success:!1,message:`OAuth provider "${M}" is not enabled`};if(!r.allowAccountLinking)return k.set.status=403,{success:!1,message:"Account linking is disabled"};let C=k.request.headers.get("x-user-id");if(!C)return k.set.status=401,{success:!1,message:"Authentication required to link accounts"};let N=k.query.redirect_url,m=r.buildAuthorizationUrl(M,C,N);return k.set.status=302,k.set.headers.Location=m,null},{detail:{tags:["Authentication"],summary:"Link OAuth Account",description:"Redirects to provider to link an OAuth account to the current user"}}),R.delete(`${h}/unlink/:provider`,async(k)=>{let M=k.params.provider,C=k.request.headers.get("x-user-id");if(!C)return k.set.status=401,{success:!1,message:"Authentication required"};if(!d)return k.set.status=500,{success:!1,message:"Database not configured"};let N=n.oauthAccountsTable;if(!N)return k.set.status=500,{success:!1,message:"OAuth accounts table not configured"};if((await d.select().from(N).where(bs(zr(N.userId,C),zr(N.provider,M))).limit(1)).length===0)return{success:!1,message:`No linked ${M} account found`};let D=!!(await d.select().from(w).where(zr(w.id,C)).limit(1))[0]?.password,E=await d.select().from(N).where(zr(N.userId,C));if(!D&&E.length<=1)return k.set.status=400,{success:!1,message:"Cannot unlink the only login method. Set a password first."};return await d.delete(N).where(bs(zr(N.userId,C),zr(N.provider,M))),b.info("[OAUTH] Account unlinked",{userId:C,provider:M}),{success:!0,message:`${M} account unlinked successfully`}},{detail:{tags:["Authentication"],summary:"Unlink OAuth Account",description:"Removes a linked OAuth account from the current user"}}),R.get(`${h}/accounts`,async(k)=>{let M=k.request.headers.get("x-user-id");if(!M)return k.set.status=401,{success:!1,message:"Authentication required"};if(!d)return k.set.status=500,{success:!1,message:"Database not configured"};let C=n.oauthAccountsTable;if(!C)return{success:!0,data:{accounts:[]}};return{success:!0,data:{accounts:(await d.select().from(C).where(zr(C.userId,M))).map((A)=>({id:A.id,provider:A.provider,providerEmail:A.providerEmail,providerName:A.providerName,providerAvatarUrl:A.providerAvatarUrl,isPrimary:A.isPrimary,lastUsedAt:A.lastUsedAt,createdAt:A.createdAt}))}}},{detail:{tags:["Authentication"],summary:"List Linked OAuth Accounts",description:"Returns all OAuth accounts linked to the current user"}}),R}var u2=u(()=>{wi();Yc()});import{t as Jo}from"elysia";var $d,sE;var Ad=u(()=>{$d=Jo.Object({currentPassword:Jo.String({minLength:1}),newPassword:Jo.String({minLength:8}),confirmPassword:Jo.String({minLength:8})}),sE=Jo.Object({success:Jo.Boolean(),message:Jo.Optional(Jo.String())})});function b2(n,r){return n===r}import{eq as g2}from"drizzle-orm";import{Elysia as fE}from"elysia";function gs(n,r){let{db:t,logger:o,usersTable:a}=n,c=r.route||"/auth/password-change",e=new fE;if(!r.enabled)return e;return e.post(c,async(i)=>{if(!t||!a)return i.set.status=500,{success:!1,message:"Database not configured"};let s=i.request.headers.get("x-user-id");if(!s)return i.set.status=401,{success:!1,message:"Authentication required"};let{currentPassword:f,newPassword:l,confirmPassword:d}=i.body;if(!b2(l,d))return i.set.status=422,{success:!1,message:"New passwords do not match"};let w=(await t.select().from(a).where(g2(a.id,s)).limit(1))[0];if(!w)return i.set.status=404,{success:!1,message:"User not found"};let h=await _i(f,w.password),_=new URL(i.request.url),g=i.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||i.request.headers.get("x-real-ip")?.trim()||"unknown",R=i.request.headers.get("user-agent")||"unknown";if(!h)return o.warn("[AUTH] Password change failed - invalid current password",{userId:s}),o.audit({entityName:"users",entityId:s,operation:"PASSWORD_CHANGE_FAILED",userId:s,summary:"Password change failed: invalid current password",ipAddress:g,userAgent:R,path:_.pathname,query:_.search}),i.set.status=400,{success:!1,message:"Current password is incorrect"};let k=await Ao(l);return await t.update(a).set({password:k,updatedAt:new Date}).where(g2(a.id,s)),o.info("[AUTH] Password change successful",{userId:s}),o.audit({entityName:"users",entityId:s,operation:"PASSWORD_CHANGE",userId:s,summary:"Password changed successfully",ipAddress:g,userAgent:R,path:_.pathname,query:_.search}),{success:!0,message:"Password changed successfully"}},{body:$d,detail:{tags:["Authentication"],summary:"Change Password",description:"Change password for authenticated user"}}),e}var Rd=u(()=>{wi();Xa();Ad();Ad()});import{t as Ct}from"elysia";var kd,Ed,lE;var Sd=u(()=>{kd=Ct.Object({email:Ct.String({format:"email"})}),Ed=Ct.Object({token:Ct.String(),newPassword:Ct.String({minLength:8}),confirmPassword:Ct.String({minLength:8})}),lE=Ct.Object({success:Ct.Boolean(),message:Ct.Optional(Ct.String())})});import{randomBytes as dE}from"crypto";function _2(){return dE(32).toString("hex")}function m2(n){return new Date>n}var w2=()=>{};import{Elysia as uE}from"elysia";function _s(n,r,t,o,a,c){let{db:e,logger:i,usersTable:s}=n,f=r.route||"/auth/password-reset",l=new uE;if(!r.enabled)return l;return l.post(`${f}/request`,async(d)=>{if(!e||!s)return{success:!1,message:"Database not configured"};let{email:b}=d.body,{eq:w}=await import("drizzle-orm"),_=(await e.select().from(s).where(w(s.email,b)).limit(1))[0];if(!_)return{success:!0,message:"If email exists, reset link will be sent"};let g=_2(),R=new Date(Date.now()+3600000);if(await t(_.id,g,R),c)try{await c(b,g),i.info("[AUTH] Password reset email sent",{email:b})}catch(M){i.error("[AUTH] Failed to send password reset email",{email:b,error:M})}else i.warn("[AUTH] sendResetEmail not configured - email not sent",{email:b});i.info("[AUTH] Password reset requested",{userId:_.id,email:b});let k=new URL(d.request.url);return i.audit({entityName:"users",entityId:_.id,operation:"PASSWORD_RESET_REQUEST",userId:_.id,summary:`Password reset requested for ${b}`,ipAddress:d.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||d.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:d.request.headers.get("user-agent")||"unknown",path:k.pathname,query:k.search}),{success:!0,message:"If email exists, reset link will be sent"}},{body:kd,detail:{tags:["Authentication"],summary:"Request Password Reset",description:"Request a password reset email"}}),l.post(`${f}/confirm`,async(d)=>{if(!e||!s)return{success:!1,message:"Database not configured"};let{token:b,newPassword:w,confirmPassword:h}=d.body;if(w!==h)return{success:!1,message:"Passwords do not match"};let _=await o(b);if(!_)return{success:!1,message:"Invalid or expired reset token"};if(m2(_.expiresAt))return await a(b),{success:!1,message:"Reset token has expired"};let g=await Ao(w),{eq:R}=await import("drizzle-orm");await e.update(s).set({password:g}).where(R(s.id,_.userId)),await a(b),i.info("[AUTH] Password reset successful",{userId:_.userId});let k=new URL(d.request.url);return i.audit({entityName:"users",entityId:_.userId,operation:"PASSWORD_RESET",userId:_.userId,summary:"Password reset completed successfully",ipAddress:d.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||d.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:d.request.headers.get("user-agent")||"unknown",path:k.pathname,query:k.search}),{success:!0,message:"Password has been reset"}},{body:Ed,detail:{tags:["Authentication"],summary:"Confirm Password Reset",description:"Reset password with token"}}),l}var Md=u(()=>{Xa();Sd();w2();Sd()});import{t as ao}from"elysia";var Dd,bE;var Hd=u(()=>{Dd=ao.Object({newPassword:ao.String({minLength:8}),userId:ao.Optional(ao.String()),token:ao.Optional(ao.String())}),bE=ao.Object({success:ao.Boolean(),message:ao.String()})});import{eq as h2}from"drizzle-orm";import{Elysia as gE}from"elysia";function ms(n,r,t,o){let{db:a,logger:c,usersTable:e}=n,i=r.route||"/auth/password-set",s=new gE;if(!r.enabled)return s;return s.post(i,async(f)=>{if(c.info("[AUTH] Password set request received"),!a||!e)return c.error("[AUTH] Password set failed - database not configured"),{success:!1,message:"Database not configured"};let{newPassword:l,userId:d,token:b}=f.body,w=d;if(b&&t&&o){let k=gt(b),M=await t(k);if(!M)return c.warn("[AUTH] Password set failed - invalid token"),{success:!1,message:"Invalid or expired token"};if(new Date>M.expiresAt)return await o(k),c.warn("[AUTH] Password set failed - expired token",{email:M.email}),{success:!1,message:"Invalid or expired token"};w=M.userId,c.info("[AUTH] Password set - userId resolved from token",{userId:w,email:M.email})}if(!w)return c.warn("[AUTH] Password set failed - no userId in payload or token"),{success:!1,message:"User ID or token required"};let _=(await a.select().from(e).where(h2(e.id,w)).limit(1))[0];if(c.info("[AUTH] Password set - user found",{found:!!_,hasPassword:!!_?.password}),!_)return{success:!1,message:"User not found"};if(_.password)return c.warn("[AUTH] Password set failed - user already has password",{userId:w}),{success:!1,message:"Password already set. Use password change instead."};let g=await Ao(l);c.info("[AUTH] Password set - updating user with verifiedAt",{userId:w});let R=await a.update(e).set({password:g,verifiedAt:new Date,updatedAt:new Date}).where(h2(e.id,w));if(c.info("[AUTH] Password set successful for invited user",{userId:w,updateResult:R}),b&&o){let k=gt(b);await o(k),c.info("[AUTH] Invite token consumed after password set",{userId:w})}return{success:!0,message:"Password set successfully"}},{body:Dd,detail:{tags:["Authentication"],summary:"Set Password",description:"Set password for the first time (for invited users who do not have a password yet)"}}),s}var zd=u(()=>{Yc();Xa();Hd();Hd()});function Ud(n){let r=n.match(/^(\d+)([smhd])$/);if(!r)return 900;let t=r[1],o=r[2];if(!t||!o)return 900;let a=parseInt(t,10);switch(o){case"s":return a;case"m":return a*60;case"h":return a*3600;case"d":return a*86400;default:return 900}}import{t as sa}from"elysia";var _E;var $2=u(()=>{_E=sa.Object({success:sa.Boolean(),message:sa.Optional(sa.String()),data:sa.Optional(sa.Object({accessToken:sa.String()}))})});import{Elysia as mE}from"elysia";function ws(n,r,t,o,a,c,e){let{logger:i,authentication:s}=n,f=r.route||"/auth/refresh",l=new mE;if(!r.enabled)return l;return l.post(f,async(d)=>{let b=s?.refreshToken?.name||"refresh_token",w=s?.accessToken?.name||"access_token",h=d.request.headers.get("x-refresh-token");if(!h){let P=d.request.headers.get("cookie");if(P)h=P.split(";").reduce((K,B)=>{let[L,Y]=B.trim().split("=");if(L&&Y)K[L]=Y;return K},{})[b]||null}if(!h)return d.set.status=401,{success:!1,message:"Refresh token required"};let _=t(h);if(!_.valid||!_.payload)return i.warn("[AUTH] Refresh failed - invalid token"),d.set.status=401,{success:!1,message:"Invalid refresh token"};let g=_.payload.sub,R=o(g),k=a?a(g):null,M=c?.accessToken?.setHeadersEnabled??!0,C=c?.accessToken?.returnJson??!0,N=c?.refreshToken?.setHeadersEnabled??!0,m=c?.refreshToken?.returnJson??!1,A=s?.accessToken?.expiresIn||"15m",H=Math.max(0,Ud(A)-(e??0)),D=s?.refreshToken?.expiresIn||"7d",E=Ud(D),S=new Headers;if(S.set("Content-Type","application/json"),M)S.append("Set-Cookie",`${w}=${R}; Path=/; HttpOnly; SameSite=Strict; Secure; Max-Age=${H}`);if(k&&N)S.append("Set-Cookie",`${b}=${k}; Path=/; HttpOnly; SameSite=Strict; Secure; Max-Age=${E}`);i.info("[AUTH] Token refresh successful",{userId:g,rotatedRefreshToken:!!k});let z={};if(C)z.accessToken=R;if(k&&m)z.refreshToken=k;let U=JSON.stringify({success:!0,data:z});return new Response(U,{status:200,headers:S})},{detail:{tags:["Authentication"],summary:"Refresh Token",description:"Get new access token using refresh token"}}),l}var Bd=u(()=>{$2()});import{t as Vr}from"elysia";var Wd,wE;var Yd=u(()=>{Wd=Vr.Object({email:Vr.String({format:"email"}),password:Vr.String({minLength:8}),confirmPassword:Vr.Optional(Vr.String({minLength:8}))}),wE=Vr.Object({success:Vr.Boolean(),message:Vr.Optional(Vr.String()),data:Vr.Optional(Vr.Object({user:Vr.Object({id:Vr.String(),email:Vr.String()})}))})});import{eq as hE}from"drizzle-orm";import{Elysia as $E}from"elysia";function hs(n,r,t,o,a,c,e,i,s,f){let{db:l,logger:d,usersTable:b}=n,w=r.route||"/auth/register",h={accessTokenName:e?.accessTokenName||"access_token",refreshTokenName:e?.refreshTokenName||"refresh_token",sessionTokenName:e?.sessionTokenName||"session_token",accessTokenMaxAge:e?.accessTokenMaxAge||900,refreshTokenMaxAge:e?.refreshTokenMaxAge||604800,sessionTokenMaxAge:e?.sessionTokenMaxAge||900,secure:e?.secure??!0,httpOnly:e?.httpOnly??!0,sameSite:e?.sameSite||"strict",path:e?.path||"/"},_=new $E;if(!r.enabled)return _;return _.post(w,async(g)=>{if(!l||!b)return g.set.status=500,{success:!1,message:"Database not configured"};let{email:R,password:k,confirmPassword:M}=g.body;if(M&&k!==M)return g.set.status=400,{success:!1,message:"Passwords do not match"};let C=d_(k);if(!C.valid)return g.set.status=400,{success:!1,message:"Password too weak",errors:C.errors};let N=await l.select().from(b).where(hE(b.email,R)).limit(1),m=new URL(g.request.url),A=g.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||g.request.headers.get("x-real-ip")?.trim()||"unknown",H=g.request.headers.get("user-agent")||"unknown";if(N.length>0)return d.warn("[AUTH] Registration failed - email exists",{email:R}),d.audit({entityName:"users",operation:"REGISTER_FAILED",summary:`Registration failed: email already exists (${R})`,ipAddress:A,userAgent:H,path:m.pathname,query:m.search}),g.set.status=409,{success:!1,message:"Email already registered"};let D=await Ao(k),E=r.emailVerification?.enabled&&s?.isAvailable(),S=E?fi():null,z=r.emailVerification?.tokenExpiresIn||"24h",U=E?new Date(Date.now()+Ja(z)):null,P={email:R,password:D};if(E&&S)P.emailVerificationToken=S,P.emailVerificationTokenExpiresAt=U,P.emailVerificationSentAt=new Date,P.emailVerificationAttempts=1;let K=(await l.insert(b).values(P).returning())[0];if(d.info("[AUTH] Registration successful",{userId:K.id,email:R,emailVerificationEnabled:E}),d.audit({entityName:"users",entityId:K.id,operation:"REGISTER",userId:K.id,summary:`New user registered: ${R}`,ipAddress:A,userAgent:H,path:m.pathname,query:m.search}),E&&s&&S){let L=`${(r.emailVerification?.redirectUrl||"http://localhost:3000/login").replace("/login","/verify-email")}?token=${S}`;s.sendVerificationEmail(R,R.split("@")[0]||"User",L,f||"Nucleus").then((q)=>{if(q.success)d.info("[AUTH] Verification email sent",{email:R});else d.error("[AUTH] Failed to send verification email",{email:R,error:q.error})}).catch((q)=>{d.error("[AUTH] Failed to send verification email",{email:R,error:q})});let Y=r.emailVerification?.resendCooldown||"60s",Q=Ja(Y)/1000,V=r.emailVerification?.maxResendAttempts||3;return{success:!0,message:"Registration successful. Please check your email to verify your account.",data:{user:{id:K.id,email:K.email},emailVerificationRequired:!0,verification:{cooldownSeconds:Q,canResendAt:new Date(Date.now()+Q*1000).toISOString(),attemptsRemaining:V-1,maxAttempts:V}}}}if(t)t(R,R.split("@")[0]||"User").catch((B)=>{d.error("[AUTH] Failed to send welcome email",{email:R,error:B})});if(o&&a&&c){let B=g.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||g.request.headers.get("x-real-ip")?.trim()||"unknown",L=g.request.headers.get("user-agent")||"",Y=o(K.id),Q=a(K.id),V=await c({userId:K.id,deviceInfo:{ipAddress:B,userAgent:L},loginMethod:"register"}),q={accessToken:{setHeadersEnabled:i?.accessToken?.setHeadersEnabled??!0,returnJson:i?.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:i?.refreshToken?.setHeadersEnabled??!0,returnJson:i?.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:i?.sessionToken?.setHeadersEnabled??!0,returnJson:i?.sessionToken?.returnJson??!0}},F=h.secure?"; Secure":"",v=`; Path=${h.path}; HttpOnly; SameSite=${h.sameSite}${F}`,dn=[];if(q.accessToken.setHeadersEnabled)dn.push(`${h.accessTokenName}=${Y}${v}; Max-Age=${h.accessTokenMaxAge}`);if(q.refreshToken.setHeadersEnabled)dn.push(`${h.refreshTokenName}=${Q}${v}; Max-Age=${h.refreshTokenMaxAge}`);if(q.sessionToken.setHeadersEnabled)dn.push(`${h.sessionTokenName}=${V}${v}; Max-Age=${h.sessionTokenMaxAge}`);let tn={user:{id:K.id,email:K.email}};if(q.accessToken.returnJson)tn.accessToken=Y;if(q.refreshToken.returnJson)tn.refreshToken=Q;if(q.sessionToken.returnJson)tn.sessionId=V;let un=JSON.stringify({success:!0,data:tn}),sn=new Headers;sn.set("Content-Type","application/json"),sn.set("x-session-id",V);for(let Yn of dn)sn.append("Set-Cookie",Yn);return new Response(un,{status:200,headers:sn})}return{success:!0,data:{user:{id:K.id,email:K.email}}}},{body:Wd,detail:{tags:["Authentication"],summary:"Register",description:"Register a new user account"}}),_}var Jd=u(()=>{Yd();Xa();Yd()});import{t as Z}from"elysia";var A2,AE,Xd,Ld,rF;var Vd=u(()=>{A2=Z.Object({id:Z.String(),deviceName:Z.Optional(Z.String()),deviceType:Z.Optional(Z.String()),browserName:Z.Optional(Z.String()),browserVersion:Z.Optional(Z.String()),osName:Z.Optional(Z.String()),osVersion:Z.Optional(Z.String()),ipAddress:Z.String(),locationCountry:Z.Optional(Z.String()),locationCity:Z.Optional(Z.String()),lastActivityAt:Z.String(),createdAt:Z.String(),isCurrent:Z.Boolean(),loginMethod:Z.Optional(Z.String()),trustScore:Z.Optional(Z.Number())}),AE=Z.Object({success:Z.Boolean(),data:Z.Optional(Z.Object({sessions:Z.Array(A2),currentSessionId:Z.Optional(Z.String()),totalCount:Z.Number()})),message:Z.Optional(Z.String())}),Xd=Z.Object({reason:Z.Optional(Z.String())}),Ld=Z.Object({excludeCurrent:Z.Optional(Z.Boolean()),reason:Z.Optional(Z.String())}),rF=Z.Object({success:Z.Boolean(),data:Z.Optional(Z.Object({recentActivity:Z.Array(Z.Object({sessionId:Z.String(),action:Z.String(),ipAddress:Z.String(),timestamp:Z.String(),deviceInfo:Z.Optional(Z.String())}))})),message:Z.Optional(Z.String())})});function $s(n){let r=(o,a)=>n[o]??n[a],t=(o,a)=>{let c=n[o]??n[a];if(!c)return;return c instanceof Date?c.toISOString():String(c)};return{id:n.id,deviceName:r("device_name","deviceName"),deviceType:r("device_type","deviceType"),deviceFingerprint:r("device_fingerprint","deviceFingerprint"),browserName:r("browser_name","browserName"),browserVersion:r("browser_version","browserVersion"),osName:r("os_name","osName"),osVersion:r("os_version","osVersion"),ipAddress:r("ip_address","ipAddress"),locationCountry:r("location_country","locationCountry"),locationCity:r("location_city","locationCity"),lastActivityAt:t("last_activity_at","lastActivityAt"),createdAt:t("created_at","createdAt"),isCurrent:r("is_current","isCurrent"),loginMethod:r("login_method","loginMethod"),trustScore:r("trust_score","trustScore")}}var R2=()=>{};import{and as Xo,desc as k2,eq as pn,isNull as E2}from"drizzle-orm";import{Elysia as RE}from"elysia";function As(n,r,t){let{db:o,logger:a}=n,c=r.route||"/auth/sessions",e=new RE;if(!r.enabled||!t)return e;let i=t,s=(f)=>{let l=f.replace(/([A-Z])/g,"_$1").toLowerCase();return i[f]||i[l]};return e.get(c,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let l=f.request.headers.get("x-user-id");if(!l)return{success:!1,message:"Authentication required"};let d=f.request.headers.get("x-session-id"),b=await o.select().from(t).where(Xo(pn(s("userId"),l),pn(s("isActive"),!0),E2(s("revokedAt")))).orderBy(k2(s("lastActivityAt"))),w=b.filter((_)=>{let g=_,R=(g.deviceFingerprint||"").toLowerCase(),k=g.ipAddress||"";return!((!R||R==="--"||R==="--unknown"||R.includes("bot/crawler")||R.includes("headless")||R.includes("unknown-unknown"))&&(k==="127.0.0.1"||k==="::1"||k==="localhost"||!k))}),h=w.map((_)=>{let g=_,R=$s(g);return R.isCurrent=g.id===d,R});return a.info("[AUTH] Sessions list retrieved",{userId:l,totalInDb:b.length,filteredCount:w.length,hiddenBotSessions:b.length-w.length}),{success:!0,data:{sessions:h,currentSessionId:d,totalCount:w.length}}},{detail:{tags:["Authentication"],summary:"List active sessions",description:"Get all active sessions for the current user"}}),e.get(`${c}/current`,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let l=f.request.headers.get("x-user-id"),d=f.request.headers.get("x-session-id");if(!l||!d)return{success:!1,message:"Authentication required"};let b=await o.select().from(t).where(pn(s("id"),d)).limit(1);if(b.length===0)return{success:!1,message:"Session not found"};let w=b[0],h=$s(w);return h.isCurrent=!0,{success:!0,data:h}},{detail:{tags:["Authentication"],summary:"Get current session",description:"Get details of the current session"}}),e.delete(`${c}/:sessionId`,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let l=f.request.headers.get("x-user-id");if(!l)return{success:!1,message:"Authentication required"};let{sessionId:d}=f.params,b=f.body,w=f.request.headers.get("x-session-id");if((await o.select().from(t).where(Xo(pn(s("id"),d),pn(s("userId"),l))).limit(1)).length===0)return{success:!1,message:"Session not found"};let _=d===w;await o.update(t).set({isActive:!1,revokedAt:new Date,revokedReason:_?"user_logout":b.reason||"user_revoked"}).where(pn(s("id"),d)),a.info("[AUTH] Session revoked",{userId:l,sessionId:d,isCurrentSession:_,reason:b.reason||"user_revoked"});let g=new URL(f.request.url);return a.audit({entityName:"user_sessions",entityId:d,operation:_?"LOGOUT":"SESSION_REVOKE",userId:l||void 0,summary:_?"User logged out via session revoke":`Session revoked (${d.substring(0,8)}...)`,ipAddress:f.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||f.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:f.request.headers.get("user-agent")||"unknown",path:g.pathname,query:g.search}),{success:!0,message:_?"Logged out successfully":"Session revoked successfully"}},{body:Xd,detail:{tags:["Authentication"],summary:"Revoke session",description:"Revoke a specific session by ID"}}),e.delete(`${c}/all`,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let l=f.request.headers.get("x-user-id");if(!l)return{success:!1,message:"Authentication required"};let d=f.body,b=f.request.headers.get("x-session-id"),w=o.update(t).set({isActive:!1,revokedAt:new Date,revokedReason:d.reason||"user_revoked"}).where(Xo(pn(s("userId"),l),pn(s("isActive"),!0)));if(d.excludeCurrent&&b){let{ne:_}=await import("drizzle-orm");w=o.update(t).set({isActive:!1,revokedAt:new Date,revokedReason:d.reason||"user_revoked"}).where(Xo(pn(s("userId"),l),pn(s("isActive"),!0),_(s("id"),b)))}await w,a.info("[AUTH] All sessions revoked",{userId:l,excludeCurrent:d.excludeCurrent,reason:d.reason||"user_revoked"});let h=new URL(f.request.url);return a.audit({entityName:"user_sessions",operation:"SESSION_REVOKE_ALL",userId:l||void 0,summary:d.excludeCurrent?"All other sessions revoked":"All sessions revoked",ipAddress:f.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||f.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:f.request.headers.get("user-agent")||"unknown",path:h.pathname,query:h.search}),{success:!0,message:d.excludeCurrent?"All other sessions revoked successfully":"All sessions revoked successfully"}},{body:Ld,detail:{tags:["Authentication"],summary:"Revoke all sessions",description:"Revoke all sessions for the current user (optionally exclude current)"}}),e.get(`${c}/stats`,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let l=f.request.headers.get("x-user-id");if(!l)return{success:!1,message:"Authentication required"};let{count:d,countDistinct:b}=await import("drizzle-orm"),w=await o.select({count:d()}).from(t).where(Xo(pn(s("userId"),l),pn(s("isActive"),!0),E2(s("revokedAt")))),h=await o.select({count:b(s("deviceFingerprint"))}).from(t).where(Xo(pn(s("userId"),l),pn(s("isActive"),!0))),_=await o.select({count:b(s("ipAddress"))}).from(t).where(Xo(pn(s("userId"),l),pn(s("isActive"),!0)));return{success:!0,data:{activeSessions:w[0]?.count||0,uniqueDevices:h[0]?.count||0,uniqueIpAddresses:_[0]?.count||0}}},{detail:{tags:["Authentication"],summary:"Session statistics",description:"Get session statistics for the current user"}}),e.post(`${c}/approve`,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let{token:l}=f.body;if(!l)return{success:!1,message:"Token is required"};let d=await o.select().from(t).where(pn(s("approvalToken"),l)).limit(1);if(d.length===0)return{success:!1,message:"Invalid or expired approval token"};let b=d[0];if(b.approvalStatus!=="pending")return{success:!1,message:"Session already processed"};return await o.update(t).set({approvalStatus:"approved",isActive:!0,approvalRespondedAt:new Date,approvalToken:null}).where(pn(s("id"),b.id)),a.info("[AUTH] Device approved",{sessionId:b.id,userId:b.userId}),{success:!0,message:"Device approved successfully"}},{detail:{tags:["Authentication"],summary:"Approve pending device",description:"Approve a pending device login request"}}),e.post(`${c}/reject`,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let{token:l}=f.body;if(!l)return{success:!1,message:"Token is required"};let d=await o.select().from(t).where(pn(s("approvalToken"),l)).limit(1);if(d.length===0)return{success:!1,message:"Invalid or expired approval token"};let b=d[0];if(b.approvalStatus!=="pending")return{success:!1,message:"Session already processed"};return await o.update(t).set({approvalStatus:"rejected",isActive:!1,revokedAt:new Date,revokedReason:"user_rejected",approvalRespondedAt:new Date,approvalToken:null}).where(pn(s("id"),b.id)),a.info("[AUTH] Device rejected",{sessionId:b.id,userId:b.userId}),{success:!0,message:"Device rejected and blocked"}},{detail:{tags:["Authentication"],summary:"Reject pending device",description:"Reject a pending device login request"}}),e.get(`${c}/pending`,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let l=f.request.headers.get("x-user-id");if(!l)return{success:!1,message:"Authentication required"};let d=await o.select().from(t).where(Xo(pn(s("userId"),l),pn(s("approvalStatus"),"pending"))).orderBy(k2(s("createdAt")));return{success:!0,data:{sessions:d.map((w)=>{let h=w;return{...$s(h),approvalStatus:h.approval_status||h.approvalStatus,approvalToken:h.approval_token||h.approvalToken,approvalRequestedAt:h.approval_requested_at?.toISOString()||h.approvalRequestedAt?.toISOString()}}),totalCount:d.length}}},{detail:{tags:["Authentication"],summary:"List pending devices",description:"Get all pending device approval requests for the current user"}}),e}var Cd=u(()=>{Vd();R2();Vd()});var M2={};co(M2,{createSessionsRoute:()=>As,createRegisterRoute:()=>hs,createRefreshRoute:()=>ws,createPasswordSetRoute:()=>ms,createPasswordResetRoute:()=>_s,createPasswordChangeRoute:()=>gs,createMeRoute:()=>us,createMagicLinkRoute:()=>ds,createLogoutRoute:()=>Ai,createLoginRoute:()=>hi,createInviteRoute:()=>gi,createImpersonateRoute:()=>si,createEmailVerificationRoutes:()=>ui,createChangeUserIdRoute:()=>ii,createAuthRoutes:()=>S2});function S2(n,r){let{authConfig:t,features:o,helpers:a}=r;if(r.oauthAccountsTable)t.oauthAccountsTable=r.oauthAccountsTable;if(r.schemaTables)t.schemaTables=r.schemaTables;let c=t.authentication?.cookieMaxAgeBufferSeconds??0,e={accessTokenName:t.authentication?.accessToken?.name||"access_token",refreshTokenName:t.authentication?.refreshToken?.name||"refresh_token",sessionTokenName:t.authentication?.sessionToken?.name||"session_token",accessTokenMaxAge:Math.max(0,st(t.authentication?.accessToken?.expiresIn||"15m")-c),refreshTokenMaxAge:st(t.authentication?.refreshToken?.expiresIn||"7d"),sessionTokenMaxAge:st(t.authentication?.sessionToken?.expiresIn||"30d")};if(t.logger.info("[AUTH] Cookie config created",{accessTokenMaxAge:e.accessTokenMaxAge,refreshTokenMaxAge:e.refreshTokenMaxAge,sessionTokenMaxAge:e.sessionTokenMaxAge,accessTokenExpiresIn:t.authentication?.accessToken?.expiresIn,sessionTokenExpiresIn:t.authentication?.sessionToken?.expiresIn}),o.login?.enabled){let s=hi(t,o.login,a.signAccessToken,a.signRefreshToken,a.createSession,a.saveSessionToDb,e,r.tokenResponseConfig);n.use(s)}if(o.register?.enabled){let s=hs(t,o.register,a.sendWelcomeEmail,a.signAccessToken,a.signRefreshToken,a.createSession,e,r.tokenResponseConfig,r.emailService,r.appName);if(n.use(s),o.register.emailVerification?.enabled){let f=ui({authConfig:t,registerConfig:o.register,emailService:r.emailService,appName:r.appName});n.use(f)}}if(o.logout?.enabled){let s=Ai(t,o.logout,a.destroySession,a.revokeSessionInDb);n.use(s)}if(o.refresh?.enabled){let s=ws(t,o.refresh,a.verifyRefreshToken,a.signAccessToken,a.signRefreshToken,r.tokenResponseConfig,c);n.use(s)}if(o.passwordReset?.enabled&&a.storeResetToken&&a.getResetToken&&a.deleteResetToken){let s=_s(t,o.passwordReset,a.storeResetToken,a.getResetToken,a.deleteResetToken,a.sendResetEmail);n.use(s)}if(o.passwordChange?.enabled){let s=gs(t,o.passwordChange);n.use(s)}if(o.passwordSet?.enabled){let s=ms(t,o.passwordSet,a.getMagicToken,a.deleteMagicToken);n.use(s)}if(o.sessions?.enabled&&r.sessionsTable){let s=As(t,o.sessions,r.sessionsTable);n.use(s)}if(o.magicLink?.enabled&&r.emailService?.isAvailable()&&a.storeMagicToken&&a.getMagicToken&&a.deleteMagicToken){let s=ds(t,o.magicLink,r.emailService,a.signAccessToken,a.signRefreshToken,a.createSession,a.storeMagicToken,a.getMagicToken,a.deleteMagicToken,r.appName);n.use(s)}if(o.me?.enabled){let s=us(t,o.me,r.schemaTables||{},r.schemaRelations||{},r.databaseUrl);n.use(s)}if(o.invite?.enabled&&r.emailService?.isAvailable()&&a.storeMagicToken){let s=gi(t,o.invite,r.emailService,a.storeMagicToken,r.appName,a.getMagicToken);n.use(s)}if(o.captcha?.enabled&&r.captchaService){let s=i_({captchaService:r.captchaService,logger:t.logger,basePath:o.captcha.route||"/auth/captcha"});n.use(s)}if(o.oauth?.enabled&&o.oauth.providers){let s=new Qe(o.oauth),f=d2(t,s,a.signAccessToken,a.signRefreshToken,a.createSession,a.saveSessionToDb,e,r.tokenResponseConfig,r.emailService,a.storeMagicToken,r.appName);n.use(f)}let i=f_(t,{route:"/auth/check",isPublic:!1,enabled:!0});if(n.use(i),r.admin?.impersonate?.enabled!==!1){let s=si(t,a.signAccessToken,a.signRefreshToken,a.createSession,a.saveSessionToDb);n.use(s)}if(r.admin?.changeUserId?.enabled!==!1){let s=ii(t,r.databaseUrl,r.schemaTables);n.use(s)}return n}var Qd=u(()=>{Cf();Ie();zl();Bl();s_();l_();Wl();Yl();Vl();Cl();wd();hd();u2();Rd();Md();zd();Bd();Jd();Cd();Wl();Yl();Vl();Cl();wd();hd();Rd();Md();zd();Bd();Jd();Cd();Bl();zl()});import{batch as Ss,createStore as B2}from"h-state";import{useEffectEvent as W2}from"react";function Y2(n){let r={};for(let t of Object.keys(n))r[t]={isPending:!1,data:null,error:null,code:null};return r}function J2(n,r){let{useStore:t}=B2(Y2(n),{_callEndpoint:(o)=>async(a,c)=>{if(!o[a])return;Ss(()=>{o[a].isPending=!0,o[a].error=null});try{let i=await r(a,c.payload);if(Ss(()=>{if(o[a].isPending=!1,o[a].code=i.code??null,i.isSuccess&&i.data!==void 0)o[a].data=i.data,o[a].error=null;else o[a].error=i.errors??null}),i.isSuccess)c.onAfterHandle?.(i.data??i);else c.onErrorHandle?.(i.errors??{message:"Request failed"},i.code)}catch(i){Ss(()=>{o[a].isPending=!1,o[a].error={message:i instanceof Error?i.message:"Unknown error"}}),c.onErrorHandle?.({message:i instanceof Error?i.message:"Unknown error"},null)}}});return function(){let a=t(),c=W2((i,s)=>{a._callEndpoint(i,s)}),e={};for(let i of Object.keys(n)){let s=(f)=>{c(i,f)};e[i]={state:a[i],start:s}}return e}}var Nd={$schema:"../schemas/nucleus.tables.schema.json",tables:[{table_name:"users",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"email",type:"varchar",length:255},{name:"password",type:"varchar",length:255},{name:"verified_at",type:"timestamp"},{name:"email_verification_token",type:"varchar",length:255},{name:"email_verification_token_expires_at",type:"timestamp"},{name:"email_verification_sent_at",type:"timestamp"},{name:"email_verification_attempts",type:"integer",default:0},{name:"last_login_at",type:"timestamp"},{name:"login_count",type:"integer",default:0},{name:"is_locked",type:"boolean",default:!1},{name:"locked_until",type:"timestamp"},{name:"failed_login_attempts",type:"integer",default:0},{name:"is_god",type:"boolean",default:!1}],indexes:[{columns:["email"],unique:!0},{columns:["email","is_active"]},{columns:["last_login_at"]},{columns:["is_locked","locked_until"]}]},{table_name:"profiles",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"first_name",type:"varchar",length:100,notNull:!0},{name:"last_name",type:"varchar",length:100,notNull:!0}],indexes:[{columns:["user_id"],unique:!0},{columns:["first_name","last_name"]}]},{table_name:"roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500}],indexes:[{columns:["name"],unique:!0}]},{table_name:"claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"action",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500},{name:"path",type:"varchar",length:200,notNull:!0},{name:"method",type:"varchar",length:10,notNull:!0}],indexes:[{columns:["action"],unique:!0},{columns:["path","method"]}]},{table_name:"user_roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}}],indexes:[{columns:["user_id"]},{columns:["role_id"]}],constraints:{unique:[{name:"unique_user_role",columns:["user_id","role_id"]}]}},{table_name:"role_claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}},{name:"claim_id",type:"uuid",notNull:!0,references:{table:"claims",column:"id",onDelete:"cascade"}},{name:"scope",type:"text"}],indexes:[{columns:["role_id"]},{columns:["claim_id"]},{columns:["role_id","claim_id","scope"]}]},{table_name:"files",feature_set:["storage"],add_base_columns:!0,is_form_data:!0,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"original_name",type:"varchar",length:255,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["image","document","video","audio","profile_picture"]},{name:"path",type:"varchar",length:500,notNull:!0},{name:"size",type:"bigint",mode:"number",notNull:!0},{name:"mime_type",type:"varchar",length:100,notNull:!0},{name:"extension",type:"varchar",length:10,notNull:!0},{name:"uploaded_by",type:"uuid",references:{table:"users",column:"id"}}],indexes:[{columns:["type"]},{columns:["uploaded_by"]},{columns:["size"]}]},{table_name:"addresses",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"street",type:"varchar",length:255},{name:"city",type:"varchar",length:100},{name:"state",type:"varchar",length:50},{name:"zip",type:"varchar",length:20},{name:"country",type:"varchar",length:50,default:"US"},{name:"latitude",type:"decimal",precision:10,scale:8},{name:"longitude",type:"decimal",precision:11,scale:8},{name:"neighborhood",type:"varchar",length:100},{name:"apartment",type:"varchar",length:50},{name:"province",type:"varchar",length:100},{name:"district",type:"varchar",length:100},{name:"type",type:"varchar",length:50}],indexes:[{columns:["city","state"]},{columns:["latitude","longitude"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"phones",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["mobile","office","fax"]},{name:"number",type:"varchar",length:20,notNull:!0},{name:"country_code",type:"varchar",length:10,notNull:!0,default:"+1"},{name:"extension",type:"varchar",length:10}],indexes:[{columns:["number"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"notifications",feature_set:["authentication","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",notNull:!0},{name:"title",type:"varchar",length:255,notNull:!0},{name:"body",type:"varchar",length:1000},{name:"entity_name",type:"varchar",length:100},{name:"entity_id",type:"uuid"},{name:"is_seen",type:"boolean",notNull:!0,default:!1},{name:"seen_at",type:"timestamptz"}],indexes:[{columns:["user_id","created_at"]},{columns:["is_seen"]}]},{table_name:"tenants",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],columns:[{name:"subdomain",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_id",type:"uuid",notNull:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_name",type:"varchar",length:255},{name:"god_admin_email",type:"varchar",length:255}],indexes:[]},{table_name:"verifications",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"requirement_id",type:"uuid",notNull:!0,references:{table:"verificationRequirements",column:"id"}},{name:"verifier_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"signature_id",type:"uuid",references:{table:"files",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"decision",type:"varchar",length:50,notNull:!0,default:"pending",enumValues:["approved","rejected","pending"]},{name:"reason",type:"text"},{name:"diff",type:"jsonb"}],indexes:[{columns:["requirement_id"]},{columns:["verifier_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","step_order"]},{columns:["decision"]}]},{table_name:"verificationRequirements",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"entity_id",type:"uuid"},{name:"entity_name",type:"varchar",length:100},{name:"verifier_type",type:"varchar",length:30,enumValues:["user","role","entity_creator"]},{name:"verifier_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:50},{name:"is_signature_mandatory",type:"boolean",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"is_all_required",type:"boolean",notNull:!0,default:!1},{name:"connected_from_step_order",type:"integer"},{name:"position_x",type:"numeric"},{name:"position_y",type:"numeric"}],indexes:[{columns:["entity_id"]}]},{table_name:"verificationFlows",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"trigger_on",type:"varchar",length:50,notNull:!0,default:"update",enumValues:["create","update","delete","manual"]},{name:"trigger_fields",type:"jsonb"},{name:"is_draft",type:"boolean",notNull:!0,default:!0},{name:"published_at",type:"timestamptz"},{name:"viewport",type:"jsonb"}],indexes:[{columns:["entity_name"]},{columns:["entity_name","trigger_on"]},{columns:["is_draft"]}]},{table_name:"verificationSteps",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"node_type",type:"varchar",length:50,notNull:!0,default:"step",enumValues:["start","step","condition","notification","end"]},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"name",type:"varchar",length:255},{name:"description",type:"text"},{name:"position_x",type:"numeric",notNull:!0,default:0},{name:"position_y",type:"numeric",notNull:!0,default:0},{name:"width",type:"numeric"},{name:"height",type:"numeric"},{name:"style",type:"jsonb"},{name:"data",type:"jsonb"}],indexes:[{columns:["flow_id"]},{columns:["entity_name"]},{columns:["flow_id","node_id"],unique:!0},{columns:["entity_name","step_order"]}]},{table_name:"verificationEdges",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"edge_id",type:"varchar",length:100,notNull:!0},{name:"source_node_id",type:"varchar",length:100,notNull:!0},{name:"target_node_id",type:"varchar",length:100,notNull:!0},{name:"source_handle",type:"varchar",length:50},{name:"target_handle",type:"varchar",length:50},{name:"edge_type",type:"varchar",length:50,default:"default",enumValues:["default","conditional","success","failure"]},{name:"label",type:"varchar",length:255},{name:"condition",type:"jsonb"},{name:"style",type:"jsonb"},{name:"animated",type:"boolean",default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","edge_id"],unique:!0},{columns:["source_node_id"]},{columns:["target_node_id"]}]},{table_name:"verificationNotificationRules",feature_set:["authentication","verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"step_node_id",type:"varchar",length:100},{name:"trigger",type:"varchar",length:50,notNull:!0,enumValues:["on_flow_started","on_step_reached","on_approved","on_rejected","on_flow_completed"]},{name:"channel",type:"varchar",length:20,notNull:!0,default:"portal",enumValues:["portal","email","both"]},{name:"title_template",type:"varchar",length:255},{name:"body_template",type:"text"},{name:"starts_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["flow_id","step_node_id"]},{columns:["trigger"]}]},{table_name:"verificationNotificationRecipients",feature_set:["authentication","verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0},{name:"recipient_type",type:"varchar",length:20,notNull:!0,enumValues:["user","role","all_verifiers","step_verifier"]},{name:"recipient_user_id",type:"uuid"},{name:"recipient_role_id",type:"uuid"},{name:"channel",type:"varchar",length:20,notNull:!0,enumValues:["portal"]}],indexes:[{columns:["rule_id"]},{columns:["recipient_type"]},{columns:["channel"]}]},{table_name:"user_sessions",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"refresh_token_hash",type:"varchar",length:255},{name:"device_fingerprint",type:"varchar",length:255},{name:"device_name",type:"varchar",length:100},{name:"device_type",type:"varchar",length:50,enumValues:["desktop","mobile","tablet","unknown"]},{name:"browser_name",type:"varchar",length:50},{name:"browser_version",type:"varchar",length:20},{name:"os_name",type:"varchar",length:50},{name:"os_version",type:"varchar",length:20},{name:"ip_address",type:"varchar",length:45,notNull:!0},{name:"location_country",type:"varchar",length:100},{name:"location_city",type:"varchar",length:100},{name:"location_coordinates",type:"varchar",length:50},{name:"last_activity_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:100,enumValues:["user_logout","user_revoked","admin_revoked","security_concern","password_changed","expired","replaced"]},{name:"is_current",type:"boolean",notNull:!0,default:!1},{name:"login_method",type:"varchar",length:50,enumValues:["password","oauth_google","oauth_github","oauth_microsoft","magic_link","sso","api_key"]},{name:"remember_me",type:"boolean",notNull:!0,default:!1},{name:"trust_score",type:"integer",default:100},{name:"approval_status",type:"varchar",length:20,default:"approved",enumValues:["approved","pending","rejected"]},{name:"approval_token",type:"varchar",length:64},{name:"approval_requested_at",type:"timestamptz"},{name:"approval_responded_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["token_hash"],unique:!0},{columns:["refresh_token_hash"]},{columns:["user_id","is_active"]},{columns:["expires_at"]},{columns:["device_fingerprint"]},{columns:["ip_address"]},{columns:["last_activity_at"]},{columns:["approval_status"]},{columns:["approval_token"]}]},{table_name:"password_reset_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"magic_link_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"email",type:"varchar",length:255,notNull:!0},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["email"]},{columns:["expires_at"]}]},{table_name:"audit_logs",feature_set:["audit"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"entity_id",type:"uuid"},{name:"entity_name",type:"text",notNull:!0},{name:"operation_type",type:"text",notNull:!0},{name:"user_id",type:"uuid"},{name:"ip_address",type:"text"},{name:"user_agent",type:"text"},{name:"summary",type:"text"},{name:"old_values",type:"jsonb"},{name:"new_values",type:"jsonb"},{name:"created_at",type:"timestamp",notNull:!0,defaultRaw:"now()"},{name:"path",type:"text"},{name:"query",type:"text"}],indexes:[{columns:["entity_id"]},{columns:["entity_name"]},{columns:["user_id"]},{columns:["created_at"]}]},{table_name:"oauth_accounts",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!1,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0,enumValues:["google","github","microsoft","discord","facebook","twitter","apple","custom"]},{name:"provider_account_id",type:"varchar",length:255,notNull:!0},{name:"provider_email",type:"varchar",length:255},{name:"provider_name",type:"varchar",length:255},{name:"provider_avatar_url",type:"text"},{name:"access_token",type:"text"},{name:"refresh_token",type:"text"},{name:"token_expires_at",type:"timestamp"},{name:"scope",type:"text"},{name:"raw_profile",type:"jsonb"},{name:"is_primary",type:"boolean",notNull:!0,default:!1},{name:"last_used_at",type:"timestamp"}],indexes:[{columns:["user_id"]},{columns:["provider","provider_account_id"],unique:!0},{columns:["provider_email"]},{columns:["user_id","provider"]}],constraints:{unique:[{name:"unique_provider_account",columns:["provider","provider_account_id"]}]}}]};var Ms={login:{key:"LOGIN",method:"POST",defaultRoute:"/auth/login",defaultIsPublic:!0,_payload:void 0,_success:void 0,_error:void 0},register:{key:"REGISTER",method:"POST",defaultRoute:"/auth/register",defaultIsPublic:!0,_payload:void 0,_success:void 0,_error:void 0},logout:{key:"LOGOUT",method:"POST",defaultRoute:"/auth/logout",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},refresh:{key:"REFRESH",method:"POST",defaultRoute:"/auth/refresh",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},me:{key:"ME",method:"GET",defaultRoute:"/auth/me",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordChange:{key:"PASSWORD_CHANGE",method:"POST",defaultRoute:"/auth/password-change",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordSet:{key:"PASSWORD_SET",method:"POST",defaultRoute:"/auth/password-set",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordReset:{key:"PASSWORD_RESET_REQUEST",method:"POST",defaultRoute:"/auth/password-reset",defaultIsPublic:!0,subEndpoints:[{key:"PASSWORD_RESET_REQUEST",method:"POST",suffix:"/request",_payload:void 0,_success:void 0,_error:void 0},{key:"PASSWORD_RESET_CONFIRM",method:"POST",suffix:"/confirm",_payload:void 0,_success:void 0,_error:void 0}]},sessions:{key:"SESSIONS",method:"GET",defaultRoute:"/auth/sessions",defaultIsPublic:!1,subEndpoints:[{key:"SESSIONS",method:"GET",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_CURRENT",method:"GET",suffix:"/current",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_STATS",method:"GET",suffix:"/stats",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_PENDING",method:"GET",suffix:"/pending",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REVOKE",method:"DELETE",suffix:"/:sessionId",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REVOKE_ALL",method:"DELETE",suffix:"/all",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_APPROVE",method:"POST",suffix:"/approve",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REJECT",method:"POST",suffix:"/reject",_payload:void 0,_success:void 0,_error:void 0}]},magicLink:{key:"MAGIC_LINK",method:"POST",defaultRoute:"/auth/magic-link",defaultIsPublic:!0,subEndpoints:[{key:"MAGIC_LINK",method:"POST",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"MAGIC_LINK_VERIFY",method:"GET",suffix:"/verify",routeKey:"verifyRoute",_payload:void 0,_success:void 0,_error:void 0}]},invite:{key:"INVITE",method:"POST",defaultRoute:"/auth/invite",defaultIsPublic:!1,subEndpoints:[{key:"INVITE",method:"POST",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"INVITE_VERIFY",method:"POST",suffix:"/verify",_payload:void 0,_success:void 0,_error:void 0}]},emailVerification:{key:"VERIFY_EMAIL",method:"GET",defaultRoute:"/verify-email",defaultIsPublic:!0,subEndpoints:[{key:"VERIFY_EMAIL",method:"GET",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"RESEND_VERIFICATION",method:"POST",suffix:"",routeKey:"resendRoute",defaultRoute:"/resend-verification",_payload:void 0,_success:void 0,_error:void 0}]},captcha:{key:"CAPTCHA",method:"GET",defaultRoute:"/auth/captcha",defaultIsPublic:!0,subEndpoints:[{key:"CAPTCHA_GENERATE",method:"GET",suffix:"/generate",_payload:void 0,_success:void 0,_error:void 0},{key:"CAPTCHA_VALIDATE",method:"POST",suffix:"/validate",_payload:void 0,_success:void 0,_error:void 0}]},oauth:{key:"OAUTH_PROVIDERS",method:"GET",defaultRoute:"/auth/oauth/providers",defaultIsPublic:!0,subEndpoints:[{key:"OAUTH_PROVIDERS",method:"GET",suffix:"/providers",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_REDIRECT",method:"GET",suffix:"/:provider",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_ACCOUNTS",method:"GET",suffix:"/accounts",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_UNLINK",method:"DELETE",suffix:"/unlink/:provider",_payload:void 0,_success:void 0,_error:void 0}]}},xd={healthCheck:{key:"MONITORING_HEALTH_CHECK",method:"GET",suffix:"/health",_payload:void 0,_success:void 0,_error:void 0},getSettings:{key:"MONITORING_GET_SETTINGS",method:"GET",suffix:"/settings",_payload:void 0,_success:void 0,_error:void 0},changeSettings:{key:"MONITORING_CHANGE_SETTINGS",method:"PATCH",suffix:"/settings",_payload:void 0,_success:void 0,_error:void 0},getLogs:{key:"MONITORING_GET_LOGS",method:"GET",suffix:"/logs",_payload:void 0,_success:void 0,_error:void 0}};var L2=["profiles","addresses","phones","files","users","roles","claims","user_roles","role_claims","audit_logs"],V2=Nd.tables.filter((n)=>L2.includes(n.table_name));function la(n){return n.replace(/([a-z])([A-Z])/g,"$1_$2").replace(/[\s-]+/g,"_").toUpperCase()}function C2(n){return n.replace(/_([a-z])/g,(r,t)=>t.toUpperCase())}function Ds(n){if(n.endsWith("ies"))return`${n.slice(0,-3)}y`;if(n.endsWith("ses"))return`${n.slice(0,-2)}`;if(n.endsWith("s"))return n.slice(0,-1);return n}function Dt(n,r){let t=la(n),o=la(Ds(n));switch(r){case"GET":return`GET_${t}`;case"POST":return`ADD_${o}`;case"PUT":return`UPDATE_${o}`;case"PATCH":return`PATCH_${o}`;case"DELETE":return`DELETE_${o}`}}function fa(n,r){let t=la(n);switch(r){case"POST":return`BULK_ADD_${t}`;case"PUT":return`BULK_UPDATE_${t}`;case"DELETE":return`BULK_DELETE_${t}`}}function eo(n,r){if(!n.excluded_methods)return!1;let t={GET:"GET",POST:"POST",PUT:"PUT",PATCH:"PATCH",DELETE:"DELETE"};return n.excluded_methods.includes(t[r])}function qd(n){let r={};for(let t of n.entities){let o=t.table_name,a=`/${o}`;if(!eo(t,"GET")){r[Dt(o,"GET")]={method:"GET",path:a,isPublic:t.is_public?.GET??!1,_payload:void 0,_success:void 0,_error:void 0};let c=la(Ds(o));r[`GET_${c}_BY_ID`]={method:"GET",path:`${a}/:id`,isPublic:t.is_public?.GET??!1,_payload:void 0,_success:void 0,_error:void 0},r[`GET_${la(o)}_DISTINCT`]={method:"GET",path:`${a}/distinct/:field`,isPublic:t.is_public?.GET??!1,_payload:void 0,_success:void 0,_error:void 0}}if(!eo(t,"POST"))r[Dt(o,"POST")]={method:"POST",path:a,isPublic:t.is_public?.POST??!1,isFormData:t.is_form_data,_payload:void 0,_success:void 0,_error:void 0};if(!eo(t,"PUT"))r[Dt(o,"PUT")]={method:"PUT",path:`${a}/:id`,isPublic:t.is_public?.PUT??!1,isFormData:t.is_form_data,_payload:void 0,_success:void 0,_error:void 0};if(!eo(t,"PATCH"))r[Dt(o,"PATCH")]={method:"PATCH",path:`${a}/:id`,isPublic:t.is_public?.PATCH??!1,_payload:void 0,_success:void 0,_error:void 0};if(!eo(t,"DELETE"))r[Dt(o,"DELETE")]={method:"DELETE",path:`${a}/:id`,isPublic:t.is_public?.DELETE??!1,_payload:void 0,_success:void 0,_error:void 0};if(t.bulk_endpoints_enabled){if(!eo(t,"POST"))r[fa(o,"POST")]={method:"POST",path:`${a}/bulk`,isPublic:t.is_public?.POST??!1,_payload:void 0,_success:void 0,_error:void 0};if(!eo(t,"PUT"))r[fa(o,"PUT")]={method:"PUT",path:`${a}/bulk`,isPublic:t.is_public?.PUT??!1,_payload:void 0,_success:void 0,_error:void 0};if(!eo(t,"DELETE"))r[fa(o,"DELETE")]={method:"DELETE",path:`${a}/bulk`,isPublic:t.is_public?.DELETE??!1,_payload:void 0,_success:void 0,_error:void 0}}}return r}function Fd(n){let r={},t=n.authentication;if(!t?.enabled)return r;for(let[o,a]of Object.entries(Ms)){let c=t[o];if(!c?.enabled)continue;let e=c.route||a.defaultRoute,i=c.isPublic??a.defaultIsPublic;if("subEndpoints"in a&&a.subEndpoints)for(let s of a.subEndpoints){let f="routeKey"in s&&s.routeKey&&c[s.routeKey]?String(c[s.routeKey]):("defaultRoute"in s)&&s.defaultRoute?String(s.defaultRoute):`${e}${s.suffix}`;r[s.key]={method:s.method,path:f,isPublic:s.key==="MAGIC_LINK_VERIFY"?!0:i,_payload:s._payload,_success:s._success,_error:s._error}}else if("_payload"in a)r[a.key]={method:a.method,path:e,isPublic:i,_payload:a._payload,_success:a._success,_error:a._error}}return r}function jd(){let n={};for(let r of V2){let t=r.table_name,a=`/${C2(t)}`,c=t==="files";n[Dt(t,"GET")]={method:"GET",path:a,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0};let e=la(Ds(t));if(n[`GET_${e}_BY_ID`]={method:"GET",path:`${a}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[Dt(t,"POST")]={method:"POST",path:a,isPublic:!1,isFormData:c,_payload:void 0,_success:void 0,_error:void 0},n[Dt(t,"PUT")]={method:"PUT",path:`${a}/:id`,isPublic:!1,isFormData:c,_payload:void 0,_success:void 0,_error:void 0},n[Dt(t,"PATCH")]={method:"PATCH",path:`${a}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[Dt(t,"DELETE")]={method:"DELETE",path:`${a}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.bulk_endpoints_enabled)n[fa(t,"POST")]={method:"POST",path:`${a}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[fa(t,"PUT")]={method:"PUT",path:`${a}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[fa(t,"DELETE")]={method:"DELETE",path:`${a}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}}return n}function pd(n){let r={},t=n.liveMonitoring;if(!t?.enabled)return r;let o=t.basePath||"/monitoring";for(let a of Object.values(xd))r[a.key]={method:a.method,path:`${o}${a.suffix}`,isPublic:!1,_payload:a._payload,_success:a._success,_error:a._error};return r}function Kd(n){let r={};if(!n.authentication?.enabled)return r;return r.ADMIN_IMPERSONATE={method:"POST",path:"/auth/admin/impersonate",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.ADMIN_IMPERSONATE_STOP={method:"POST",path:"/auth/admin/impersonate/stop",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.ADMIN_CHANGE_USER_ID={method:"POST",path:"/auth/admin/change-user-id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r}function Q2(n,r){let t=qd(n),o=Fd(n),a=Kd(n),c=jd(),e=pd(n);return{...t,...o,...a,...c,...e,...r??{}}}Vs();import{randomUUID as x2}from"crypto";var q2={timeout:30000,retries:0,retryDelay:1000,debug:!1};class cc{config;logger;constructor(n={}){this.config={...q2,...n},this.logger=new Cr({service:"ServerFetch",prettyPrint:this.config.debug,colorize:this.config.debug,auditEnabled:!1})}buildUrl(n){if(n.startsWith("http://")||n.startsWith("https://"))return n;return this.config.baseUrl?`${this.config.baseUrl}${n}`:n}buildHeaders(n){let r=new Headers;if(this.config.defaultHeaders)for(let[t,o]of Object.entries(this.config.defaultHeaders))r.set(t,o);if(n)if(n instanceof Headers)n.forEach((t,o)=>{r.set(o,t)});else if(Array.isArray(n))for(let[t,o]of n)r.set(t,o);else for(let[t,o]of Object.entries(n))r.set(t,o);return r}parseResponseHeaders(n){let r={};if(n.forEach((t,o)=>{if(o.toLowerCase()==="set-cookie"){let a=r[o];r[o]=a?`${a}, ${t}`:t}else r[o]=t}),typeof n.getSetCookie==="function"){let t=n.getSetCookie();if(t.length>0)r["set-cookie"]=t.join(", ")}return r}async executeWithTimeout(n,r,t){let o=new AbortController,a=setTimeout(()=>o.abort(),r);try{return await Promise.race([n,new Promise((e,i)=>{o.signal.addEventListener("abort",()=>{i(Error(`Request timeout after ${r}ms`))})})])}finally{clearTimeout(a)}}async fetch(n){let r=x2(),t=performance.now(),o=this.buildUrl(n.url),a=this.buildHeaders(n.headers),c=n.timeout??this.config.timeout??30000,e=n.retries??this.config.retries??0,i=n.retryDelay??this.config.retryDelay??1000,s;if(n.body)if(typeof n.body==="object"&&!(n.body instanceof FormData)&&!(n.body instanceof URLSearchParams)&&!(n.body instanceof Blob)&&!(n.body instanceof ArrayBuffer)){if(s=JSON.stringify(n.body),!a.has("content-type"))a.set("content-type","application/json")}else s=n.body;this.logger.debug(`[${r}] ${n.method} ${o}`,{method:n.method,url:o,hasBody:!!s});let f=null,l=0;while(l<=e)try{let b=await this.executeWithTimeout(fetch(o,{method:n.method,headers:a,body:s}),c,r),w=performance.now()-t,h=this.parseResponseHeaders(b.headers),_,g,R=await b.text();if(R)try{let M=JSON.parse(R);if(b.ok)_=M;else g=M}catch{if(!b.ok)g={message:R||b.statusText}}else if(!b.ok)g={message:b.statusText};let k={isSuccess:b.ok,response:_,errors:g,code:b.status,headers:h,durationMs:w,requestId:r,createdAt:new Date};if(b.ok)this.logger.info(`[${r}] ${n.method} ${o} ${b.status}`,{method:n.method,url:o,statusCode:b.status,durationMs:Math.round(w)});else this.logger.warn(`[${r}] ${n.method} ${o} ${b.status}`,{method:n.method,url:o,statusCode:b.status,durationMs:Math.round(w),error:g});return k}catch(b){if(f=b instanceof Error?b:Error(String(b)),l++,l<=e)this.logger.warn(`[${r}] Retry ${l}/${e} after error`,{method:n.method,url:o,error:f.message,attempt:l,retries:e}),await new Promise((w)=>setTimeout(w,i))}let d=performance.now()-t;return this.logger.error(`[${r}] ${n.method} ${o} failed`,f,{method:n.method,url:o,durationMs:Math.round(d),attempts:l}),{isSuccess:!1,response:void 0,errors:{message:f?.message||"Unknown error"},code:null,headers:{},durationMs:d,requestId:r,createdAt:new Date}}async get(n,r){return this.fetch({...r,url:n,method:"GET"})}async post(n,r,t){return this.fetch({...t,url:n,method:"POST",body:r})}async put(n,r,t){return this.fetch({...t,url:n,method:"PUT",body:r})}async patch(n,r,t){return this.fetch({...t,url:n,method:"PATCH",body:r})}async delete(n,r){return this.fetch({...r,url:n,method:"DELETE"})}}var F2=new cc;var j2={accessToken:"access_token",refreshToken:"refresh_token",sessionToken:"session_token"};function p2(n){let r=[],t="";for(let o=0;o<n.length;o++){let a=n[o];if(a===","){let c=n.slice(o+1).trimStart();if(/^[a-zA-Z0-9_-]+=/.test(c)){r.push(t.trim()),t="";continue}}t+=a}if(t.trim())r.push(t.trim());return r}function K2(n,r){let t={},o=["x-forwarded-for","x-real-ip","user-agent","accept-language","x-request-id","x-client-ip","cf-connecting-ip","true-client-ip"];for(let s of o){let f=n.get(s);if(f)t[s]=f}if(!t["user-agent"])t["user-agent"]="Nucleus-ServerAction/1.0";let a=n.get(`x-${r.accessToken}`),c=n.get(`x-${r.refreshToken}`),e=n.get(`x-${r.sessionToken}`);if(a)t[`x-${r.accessToken}`]=a;if(c)t[`x-${r.refreshToken}`]=c;if(e)t[`x-${r.sessionToken}`]=e;let i=n.get("cookie");if(i)t.cookie=i;return t}function v2(n){return n.replace(/_([a-z])/g,(r,t)=>t.toUpperCase())}function Cs(n){let r={};for(let[t,o]of Object.entries(n)){let a=t.startsWith("_")?t:v2(t);if(o instanceof Date)r[a]=o.toISOString();else if(o&&typeof o==="object"&&!Array.isArray(o))r[a]=Cs(o);else r[a]=o}return r}function T2(n,r){let t=new URLSearchParams,o=(c,e)=>{if(e===void 0||e===null)return;if(Array.isArray(e))for(let i of e)o(`${c}[]`,i);else if(e instanceof Date)t.append(c,e.toISOString());else if(typeof e==="object")for(let[i,s]of Object.entries(e))o(`${c}[${i}]`,s);else t.append(c,String(e))};for(let[c,e]of Object.entries(r))o(c,e);let a=t.toString();if(!a)return n;return n.includes("?")?`${n}&${a}`:`${n}?${a}`}function I2(n,r,t,o){let a={...j2,...r.tokenNames},c=new cc({baseUrl:r.baseUrl,debug:r.debug,timeout:30000,retries:0});return async function(i,s){let f=n[i];if(!f)return{isSuccess:!1,errors:{message:`Endpoint "${i}" not found`},code:404};let l=await t(),d=await o(),b={};d.forEach((k,M)=>{b[M]=k});let w=K2(d,a),h=f.path,_;if(s&&typeof s==="object"&&!(s instanceof FormData)){let k=s;for(let[M,C]of Object.entries(k))if(C!=null){if(M.startsWith("_"))h=h.replace(`:${M.substring(1)}`,String(C));else if(M==="id"&&h.includes(":id"))h=h.replace(":id",String(C))}}if(f.method==="GET"&&s&&typeof s==="object")h=T2(h,s);else if(s!==void 0){if(f.isFormData&&s instanceof FormData)_=s;else if(Array.isArray(s)){if(_=s.map((k)=>k&&typeof k==="object"?Cs(k):k),!w["content-type"])w["content-type"]="application/json"}else if(_=Cs(s),!w["content-type"])w["content-type"]="application/json"}let g=await c.fetch({url:h,method:f.method,headers:w,body:_});if(g.headers["set-cookie"])try{let k=g.headers["set-cookie"],M=p2(k);for(let C of M){let[N,...m]=C.split(";");if(!N)continue;let[A,H]=N.split("=");if(A&&H){let D={};for(let E of m){let[S,z]=E.trim().split("=");if(!S)continue;let U=S.toLowerCase();if(U==="path")D.path=z;else if(U==="domain")D.domain=z;else if(U==="max-age")D.maxAge=Number(z);else if(U==="expires"&&z)D.expires=new Date(z);else if(U==="httponly")D.httpOnly=!0;else if(U==="secure")D.secure=!0;else if(U==="samesite")D.sameSite=z}l.set(A.trim(),H.trim(),D)}}}catch(k){console.warn("[ServerFactory] Failed to process Set-Cookie headers:",k instanceof Error?k.message:String(k))}let R=g.response;if(g.isSuccess&&R&&typeof R==="object"&&!Array.isArray(R)){let k=R;if("success"in k&&!("data"in k)){let{success:M,message:C,error:N,...m}=k;R={success:M,...C!==void 0?{message:C}:{},...N!==void 0?{error:N}:{},...Object.keys(m).length>0?{data:m}:{}}}}return{isSuccess:g.isSuccess,data:R,errors:g.errors,code:g.code,message:g.isSuccess?void 0:g.errors?.message}}}import{useEffect as Zd,useEffectEvent as Lo,useRef as ec}from"react";import{batch as Z2,createStore as y2}from"h-state";var nh={connection:{status:"disconnected",clientId:null,subscribedTopics:[],error:null,reconnectAttempt:0},events:[],maxEvents:100},{useStore:Qs}=y2(nh,{setConnectionStatus:(n)=>(r)=>{n.connection.status=r},setClientId:(n)=>(r)=>{n.connection.clientId=r},setSubscribedTopics:(n)=>(r)=>{n.connection.subscribedTopics=r},setError:(n)=>(r)=>{n.connection.error=r},setReconnectAttempt:(n)=>(r)=>{n.connection.reconnectAttempt=r},addEvent:(n)=>(r)=>{let t=[r,...n.events];n.events=t.slice(0,n.maxEvents)},clearEvents:(n)=>()=>{n.events=[]},reset:(n)=>()=>{Z2(()=>{n.connection.status="disconnected",n.connection.clientId=null,n.connection.subscribedTopics=[],n.connection.error=null,n.connection.reconnectAttempt=0,n.events=[]})}});function rh(n){if(n.wsUrl){let c=n.wsUrl.replace(/\/$/,""),e=n.wsPath||"/api/events/subscribe",i=(n.topics||["*"]).join(",");return`${c}${e}?userId=${encodeURIComponent(n.userId)}&topics=${encodeURIComponent(i)}`}if(typeof window>"u")return"";let r=window.location.protocol==="https:"?"wss:":"ws:",t=window.location.host,o=n.wsPath||"/api/events/subscribe",a=(n.topics||["*"]).join(",");return`${r}//${t}${o}?userId=${encodeURIComponent(n.userId)}&topics=${encodeURIComponent(a)}`}var th=0;function oh(n){let r=Qs(),t=ec(null),o=ec(null),a=ec(null),c=ec(!1),e=ec(n);e.current=n;let i=n.autoReconnect??!0,s=n.maxReconnectAttempts??10,f=n.reconnectBaseDelay??1000,l=n.reconnectMaxDelay??30000,d=n.heartbeatInterval??30000,b=n.debug??!1,w=(...H)=>{if(b)console.log("[usePubSub]",...H)},h=()=>{if(o.current)clearInterval(o.current),o.current=null},_=()=>{if(a.current)clearTimeout(a.current),a.current=null},g=(H)=>{h(),o.current=setInterval(()=>{if(H.readyState===WebSocket.OPEN)H.send(JSON.stringify({type:"ping"}))},d)},R=Lo((H)=>{try{let D=JSON.parse(H.data);switch(D.type){case"connected":r.setConnectionStatus("connected"),r.setClientId(D.clientId),r.setSubscribedTopics(D.subscribedTopics),r.setReconnectAttempt(0),r.setError(null),w("Connected, clientId:",D.clientId);break;case"subscribed":r.setSubscribedTopics(D.topics),w("Subscribed to:",D.topics);break;case"event":{let E={id:`evt_${Date.now()}_${th++}`,topic:D.topic,data:D.data,timestamp:D.timestamp,receivedAt:Date.now(),messageId:D.messageId,isRedelivery:D.isRedelivery};if(r.addEvent(E),D.messageId&&t.current?.readyState===WebSocket.OPEN)t.current.send(JSON.stringify({type:"ack",messageId:D.messageId}));break}case"pong":break;case"error":r.setError(Error(D.error)),w("Server error:",D.error);break}}catch{w("Failed to parse message")}}),k=Lo((H)=>{if(c.current)return;if(!i)return;if(H>=s){r.setConnectionStatus("disconnected"),r.setError(Error("Max reconnection attempts reached")),w("Max reconnect attempts reached");return}let D=Math.min(f*2**H,l);w(`Reconnecting in ${D}ms (attempt ${H+1}/${s})`),r.setConnectionStatus("reconnecting"),r.setReconnectAttempt(H+1),_(),a.current=setTimeout(()=>{if(!c.current)M()},D)}),M=Lo(()=>{if(c.current)return;if(t.current?.readyState===WebSocket.OPEN)return;if(!e.current.userId)return;if(t.current){if(t.current.onopen=null,t.current.onmessage=null,t.current.onerror=null,t.current.onclose=null,t.current.readyState===WebSocket.OPEN||t.current.readyState===WebSocket.CONNECTING)t.current.close();t.current=null}let H=rh(e.current);if(!H)return;r.setConnectionStatus("connecting"),r.setError(null),w("Connecting to:",H);let D=new WebSocket(H);t.current=D,D.onopen=()=>{w("WebSocket opened"),g(D)},D.onmessage=R,D.onerror=()=>{w("WebSocket error"),r.setError(Error("WebSocket connection error"))},D.onclose=(E)=>{if(w("WebSocket closed",E.code,E.reason),h(),r.setConnectionStatus("disconnected"),r.setClientId(null),!c.current&&E.code!==4001){let S=r.connection.reconnectAttempt;k(S)}}}),C=Lo(()=>{if(h(),_(),t.current){if(t.current.onopen=null,t.current.onmessage=null,t.current.onerror=null,t.current.onclose=null,t.current.readyState===WebSocket.OPEN||t.current.readyState===WebSocket.CONNECTING)t.current.close();t.current=null}r.setConnectionStatus("disconnected"),r.setClientId(null)}),N=Lo((H)=>{if(t.current?.readyState!==WebSocket.OPEN)return;t.current.send(JSON.stringify({type:"subscribe",topics:H}))}),m=Lo((H)=>{if(t.current?.readyState!==WebSocket.OPEN)return;t.current.send(JSON.stringify({type:"unsubscribe",topics:H}))}),A=Lo((H)=>{return r.events.filter((D)=>D.topic===H)});return Zd(()=>{if(c.current=!1,n.userId)M();return()=>{c.current=!0,C()}},[n.userId]),Zd(()=>{if(r.connection.status==="connected"&&n.topics)N(n.topics)},[n.topics?.join(",")]),{isConnected:r.connection.status==="connected",isConnecting:r.connection.status==="connecting"||r.connection.status==="reconnecting",clientId:r.connection.clientId,subscribedTopics:r.connection.subscribedTopics,events:r.events,error:r.connection.error,reconnectAttempt:r.connection.reconnectAttempt,connect:M,disconnect:C,subscribe:N,unsubscribe:m,clearEvents:r.clearEvents,getEventsByTopic:A}}import{randomUUID as kE}from"crypto";var Fs=Rr(tu(),1);import{Elysia as ge,NotFoundError as ua}from"elysia";var vr,io,Qt=typeof Bun<"u"&&!!Bun.file;function da(){if(vr||(vr=process.getBuiltinModule("fs/promises")),io||(io=process.getBuiltinModule("path")),!io){console.warn("@elysiajs/static require path to be available.");return}return[vr,io]}async function ou(n){if(vr||da(),Qt){let r=new Bun.Glob("**/*.html"),t=[];for await(let o of r.scan(n))t.push(io.join(n,o));return t}return[]}async function Gs(n){if(vr||da(),Qt){let t=new Bun.Glob("**/*"),o=[];for await(let a of t.scan(n))o.push(io.join(n,a));return o}let r=await vr.readdir(n).catch(()=>[]);return(await Promise.all(r.map(async(t)=>{let o=n+io.sep+t,a=await vr.stat(o).catch(()=>null);return a?a.isDirectory()?await Gs(o):[io.resolve(n,o)]:[]}))).flat()}function Os(n){return vr||da(),vr.stat(n).then(()=>!0,()=>!1)}class Ns{constructor(n=250,r=10800){this.max=n,this.ttl=r,this.map=new Map}get(n){let r=this.map.get(n);if(r)return r[1]<=Date.now()?void this.delete(n):(this.map.delete(n),this.map.set(n,r),r[0])}set(n,r){if(this.interval||(this.interval=setInterval(()=>{let t=Date.now();for(let[o,a]of this.map)a[1]<=t&&this.map.delete(o)},this.ttl)),this.map.has(n))this.map.delete(n);else if(this.map.size>=this.max){let t=this.map.keys().next().value;t!==void 0&&this.delete(t)}this.map.set(n,[r,Date.now()+this.ttl*1000])}delete(n){this.map.get(n)&&this.map.delete(n)}clear(){this.map.clear()}size(){return this.map.size}[Symbol.dispose](){this.interval&&clearInterval(this.interval)}}function xs(n,r,t){if(n["cache-control"]&&/no-cache|no-store/.test(n["cache-control"]))return!1;if("if-none-match"in n){let o=n["if-none-match"];return o==="*"?!0:o===null||typeof r!="string"?!1:o===r}if(n["if-modified-since"]){let o=n["if-modified-since"];try{return vr.stat(t).then((a)=>{if(a.mtime!==void 0&&a.mtime.getTime()<=Date.parse(o))return!0})}catch{}}return!1}var be;function ic(n){return Qt?Bun.file(n):(vr||da(),vr.readFile(n))}async function qs(n){return Qt?new Bun.CryptoHasher("md5").update(await n.arrayBuffer()).digest("base64"):(be||(be=process.getBuiltinModule("crypto")),be?be.createHash("md5").update(n).digest("base64"):void console.warn("[@elysiajs/static] crypto is required to generate etag."))}var sc=(n)=>{if(!n)return!1;for(let r in n)return!0;return!1};async function au({assets:n="public",prefix:r="/public",staticLimit:t=1024,alwaysStatic:o=!1,ignorePatterns:a=[".DS_Store",".git",".env"],headers:c,maxAge:e=86400,directive:i="public",etag:s=!0,extension:f=!0,indexHTML:l=!0,decodeURI:d,silent:b}={}){if(typeof process>"u"||typeof process.getBuiltinModule>"u")return b||console.warn("[@elysiajs/static] require process.getBuiltinModule. Static plugin is disabled"),new ge;let w=da();if(!w)return new ge;let[h,_]=w,g=_.sep!=="/"?(m)=>m.replace(/\\/g,"/"):(m)=>m,R=new Ns;r===_.sep&&(r="");let k=_.resolve(n),M=a.length?(m)=>a.find((A)=>typeof A=="string"?A.includes(m):A.test(m)):()=>!1,C=new ge({name:"static",seed:r});if(o){let m=await Gs(_.resolve(n));if(m.length<=t)for(let A of m){let H=function({headers:U}){if(z){let K=xs(U,z,A);if(K===!0)return new Response(null,{status:304,headers:sc(c)?c:void 0});if(K!==!1){let B=R.get(E);return B?B.clone():K.then((L)=>{if(L)return new Response(null,{status:304,headers:c||void 0});let Y=new Response(S,{headers:Object.assign({"Cache-Control":e?`${i}, max-age=${e}`:i},c,z?{Etag:z}:{})});return R.set(r,Y),Y.clone()})}}let P=R.get(E);if(P)return P.clone();let p=new Response(S,{headers:Object.assign({"Cache-Control":e?`${i}, max-age=${e}`:i},c,z?{Etag:z}:{})});return R.set(E,p),p.clone()};var N=H;if(!A||M(A))continue;let D=A.replace(k,"");d&&(D=Fs.default(D)??D);let E=g(_.join(r,D));if(Qt&&A.endsWith(".html")){let U=await import(A);C.get(E,U.default),l&&E.endsWith("/index.html")&&C.get(E.replace("/index.html",""),U.default);continue}f||(E=g(E.slice(0,E.lastIndexOf("."))));let S=Qt?ic(A):await ic(A);if(!S)return b||console.warn(`[@elysiajs/static] Failed to load file: ${A}`),new ge;let z=await qs(S);C.get(E,s?H:new Response(S,sc(c)?{headers:c}:void 0)),l&&E.endsWith("/index.html")&&C.get(E.replace("/index.html",""),s?H:new Response(S,sc(c)?{headers:c}:void 0))}return C}if(!(`GET_${r}/*`in C.routeTree)){if(Qt){let m=await ou(_.resolve(n));for(let A of m){if(!A||M(A))continue;let H=A.replace(k,""),D=g(_.join(r,H)),E=await import(A);C.get(D,E.default),l&&D.endsWith("/index.html")&&C.get(D.replace("/index.html",""),E.default)}}C.onError(()=>{}).get(`${r.endsWith("/")?r.slice(0,-1):r}/*`,async({params:m,headers:A})=>{let H=g(_.join(n,d?Fs.default(m["*"])??m["*"]:m["*"]));if(M(H))throw new ua;let D=R.get(H);if(D)return D.clone();try{let E=await h.stat(H).catch(()=>null);if(!E)throw new ua;if(!l&&E.isDirectory())throw new ua;let S;if(!Qt&&l){let P=_.join(H,"index.html"),p=R.get(P);if(p)return p.clone();await Os(P)&&(S=await ic(P))}if(!S&&!E.isDirectory()&&await Os(H))S=await ic(H);else throw new ua;if(!s)return new Response(S,sc(c)?{headers:c}:void 0);let z=await qs(S);if(z&&await xs(A,z,H))return new Response(null,{status:304});let U=new Response(S,{headers:Object.assign({"Cache-Control":e?`${i}, max-age=${e}`:i},c,z?{Etag:z}:{})});return R.set(H,U),U.clone()}catch(E){throw E instanceof ua?E:(b||console.error("[@elysiajs/static]",E),new ua)}})}return C}Of();Yf();import{pushSchema as EE}from"drizzle-kit/api";import{and as ie,eq as $r}from"drizzle-orm";import{drizzle as SE}from"drizzle-orm/node-postgres";import{pgSchema as ME}from"drizzle-orm/pg-core";import DE from"elysia";var qe=[{table_name:"users",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"email",type:"varchar",length:255},{name:"password",type:"varchar",length:255},{name:"verified_at",type:"timestamp"},{name:"last_login_at",type:"timestamp"},{name:"login_count",type:"integer",default:0},{name:"is_locked",type:"boolean",default:!1},{name:"locked_until",type:"timestamp"},{name:"failed_login_attempts",type:"integer",default:0},{name:"is_god",type:"boolean",default:!1}],indexes:[{columns:["email"],unique:!0},{columns:["email","is_active"]},{columns:["last_login_at"]},{columns:["is_locked","locked_until"]}]},{table_name:"profiles",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"first_name",type:"varchar",length:100,notNull:!0},{name:"last_name",type:"varchar",length:100,notNull:!0}],indexes:[{columns:["user_id"],unique:!0},{columns:["first_name","last_name"]}]},{table_name:"roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500}],indexes:[{columns:["name"],unique:!0}]},{table_name:"claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"action",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500},{name:"path",type:"varchar",length:200,notNull:!0},{name:"method",type:"varchar",length:10,notNull:!0}],indexes:[{columns:["action"],unique:!0},{columns:["path","method"]}]},{table_name:"user_roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}}],indexes:[{columns:["user_id"]},{columns:["role_id"]}],constraints:{unique:[{name:"unique_user_role",columns:["user_id","role_id"]}]}},{table_name:"role_claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}},{name:"claim_id",type:"uuid",notNull:!0,references:{table:"claims",column:"id",onDelete:"cascade"}},{name:"scope",type:"text"}],indexes:[{columns:["role_id"]},{columns:["claim_id"]},{columns:["role_id","claim_id","scope"]}]},{table_name:"files",feature_set:["storage"],add_base_columns:!0,is_form_data:!0,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"original_name",type:"varchar",length:255,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["image","document","video","audio","profile_picture"]},{name:"path",type:"varchar",length:500,notNull:!0},{name:"size",type:"bigint",mode:"number",notNull:!0},{name:"mime_type",type:"varchar",length:100,notNull:!0},{name:"extension",type:"varchar",length:10,notNull:!0},{name:"uploaded_by",type:"uuid",references:{table:"users",column:"id"}}],indexes:[{columns:["type"]},{columns:["uploaded_by"]},{columns:["size"]}]},{table_name:"addresses",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"street",type:"varchar",length:255},{name:"city",type:"varchar",length:100},{name:"state",type:"varchar",length:50},{name:"zip",type:"varchar",length:20},{name:"country",type:"varchar",length:50,default:"US"},{name:"latitude",type:"decimal",precision:10,scale:8},{name:"longitude",type:"decimal",precision:11,scale:8},{name:"neighborhood",type:"varchar",length:100},{name:"apartment",type:"varchar",length:50},{name:"province",type:"varchar",length:100},{name:"district",type:"varchar",length:100},{name:"type",type:"varchar",length:50}],indexes:[{columns:["city","state"]},{columns:["latitude","longitude"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"phones",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["mobile","office","fax"]},{name:"number",type:"varchar",length:20,notNull:!0},{name:"country_code",type:"varchar",length:10,notNull:!0,default:"+1"},{name:"extension",type:"varchar",length:10}],indexes:[{columns:["number"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"notifications",feature_set:["authentication","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0},{name:"title",type:"varchar",length:255,notNull:!0},{name:"body",type:"varchar",length:1000},{name:"entity_name",type:"varchar",length:100},{name:"entity_id",type:"uuid"},{name:"is_seen",type:"boolean",notNull:!0,default:!1},{name:"seen_at",type:"timestamptz"}],indexes:[{columns:["user_id","created_at"]},{columns:["is_seen"]}]},{table_name:"tenants",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"subdomain",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_id",type:"uuid",notNull:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_name",type:"varchar",length:255},{name:"god_admin_email",type:"varchar",length:255}],indexes:[]},{table_name:"verifications",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"requirement_id",type:"uuid",notNull:!0,references:{table:"verificationRequirements",column:"id"}},{name:"verifier_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"signature_id",type:"uuid",references:{table:"files",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"decision",type:"varchar",length:50,notNull:!0,default:"pending",enumValues:["approved","rejected","pending"]},{name:"reason",type:"text"},{name:"diff",type:"jsonb"}],indexes:[{columns:["requirement_id"]},{columns:["verifier_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","step_order"]},{columns:["decision"]}]},{table_name:"verificationRequirements",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"entity_id",type:"uuid"},{name:"entity_name",type:"varchar",length:100},{name:"verifier_type",type:"varchar",length:30,enumValues:["user","role","entity_creator"]},{name:"verifier_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:50},{name:"is_signature_mandatory",type:"boolean",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"is_all_required",type:"boolean",notNull:!0,default:!1},{name:"connected_from_step_order",type:"integer"},{name:"position_x",type:"numeric"},{name:"position_y",type:"numeric"}],indexes:[{columns:["entity_id"]}]},{table_name:"verificationFlows",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"trigger_on",type:"varchar",length:50,notNull:!0,default:"update",enumValues:["create","update","delete","manual"]},{name:"trigger_fields",type:"jsonb"},{name:"is_draft",type:"boolean",notNull:!0,default:!0},{name:"published_at",type:"timestamptz"},{name:"viewport",type:"jsonb"}],indexes:[{columns:["entity_name"]},{columns:["entity_name","trigger_on"]},{columns:["is_draft"]}]},{table_name:"verificationSteps",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"node_type",type:"varchar",length:50,notNull:!0,default:"step",enumValues:["start","step","condition","notification","end"]},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"name",type:"varchar",length:255},{name:"description",type:"text"},{name:"position_x",type:"numeric",notNull:!0,default:0},{name:"position_y",type:"numeric",notNull:!0,default:0},{name:"width",type:"numeric"},{name:"height",type:"numeric"},{name:"style",type:"jsonb"},{name:"data",type:"jsonb"}],indexes:[{columns:["flow_id"]},{columns:["entity_name"]},{columns:["flow_id","node_id"],unique:!0},{columns:["entity_name","step_order"]}]},{table_name:"verificationEdges",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"edge_id",type:"varchar",length:100,notNull:!0},{name:"source_node_id",type:"varchar",length:100,notNull:!0},{name:"target_node_id",type:"varchar",length:100,notNull:!0},{name:"source_handle",type:"varchar",length:50},{name:"target_handle",type:"varchar",length:50},{name:"edge_type",type:"varchar",length:50,default:"default",enumValues:["default","conditional","success","failure"]},{name:"label",type:"varchar",length:255},{name:"condition",type:"jsonb"},{name:"style",type:"jsonb"},{name:"animated",type:"boolean",default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","edge_id"],unique:!0},{columns:["source_node_id"]},{columns:["target_node_id"]}]},{table_name:"verificationNotificationRules",feature_set:["authentication","verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"step_node_id",type:"varchar",length:100},{name:"trigger",type:"varchar",length:50,notNull:!0,enumValues:["on_flow_started","on_step_reached","on_approved","on_rejected","on_flow_completed"]},{name:"channel",type:"varchar",length:20,notNull:!0,default:"portal",enumValues:["portal","email","both"]},{name:"title_template",type:"varchar",length:255},{name:"body_template",type:"text"},{name:"starts_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["flow_id","step_node_id"]},{columns:["trigger"]}]},{table_name:"verificationNotificationRecipients",feature_set:["authentication","verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"rule_id",type:"uuid",notNull:!0},{name:"recipient_type",type:"varchar",length:20,notNull:!0,enumValues:["user","role","all_verifiers","step_verifier"]},{name:"recipient_user_id",type:"uuid"},{name:"recipient_role_id",type:"uuid"},{name:"channel",type:"varchar",length:20,notNull:!0,enumValues:["portal"]}],indexes:[{columns:["rule_id"]},{columns:["recipient_type"]},{columns:["channel"]}]},{table_name:"user_sessions",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"refresh_token_hash",type:"varchar",length:255},{name:"device_fingerprint",type:"varchar",length:255},{name:"device_name",type:"varchar",length:100},{name:"device_type",type:"varchar",length:50,enumValues:["desktop","mobile","tablet","unknown"]},{name:"browser_name",type:"varchar",length:50},{name:"browser_version",type:"varchar",length:20},{name:"os_name",type:"varchar",length:50},{name:"os_version",type:"varchar",length:20},{name:"ip_address",type:"varchar",length:45,notNull:!0},{name:"location_country",type:"varchar",length:100},{name:"location_city",type:"varchar",length:100},{name:"location_coordinates",type:"varchar",length:50},{name:"last_activity_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:100,enumValues:["user_logout","user_revoked","admin_revoked","security_concern","password_changed","expired","replaced"]},{name:"is_current",type:"boolean",notNull:!0,default:!1},{name:"login_method",type:"varchar",length:50,enumValues:["password","oauth_google","oauth_github","oauth_microsoft","magic_link","sso","api_key"]},{name:"trust_score",type:"integer",default:100},{name:"approval_status",type:"varchar",length:20,default:"approved",enumValues:["approved","pending","rejected"]},{name:"approval_token",type:"varchar",length:64},{name:"approval_requested_at",type:"timestamptz"},{name:"approval_responded_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["token_hash"],unique:!0},{columns:["refresh_token_hash"]},{columns:["user_id","is_active"]},{columns:["expires_at"]},{columns:["device_fingerprint"]},{columns:["ip_address"]},{columns:["last_activity_at"]},{columns:["approval_status"]},{columns:["approval_token"]}]},{table_name:"password_reset_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"magic_link_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"email",type:"varchar",length:255,notNull:!0},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["email"]},{columns:["expires_at"]}]},{table_name:"audit_logs",feature_set:["audit"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],bulk_endpoints_enabled:!0,columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"entity_id",type:"uuid"},{name:"entity_name",type:"text",notNull:!0},{name:"operation_type",type:"text",notNull:!0},{name:"user_id",type:"uuid"},{name:"ip_address",type:"text"},{name:"user_agent",type:"text"},{name:"summary",type:"text"},{name:"old_values",type:"jsonb"},{name:"new_values",type:"jsonb"},{name:"created_at",type:"timestamp",notNull:!0,defaultRaw:"now()"},{name:"path",type:"text"},{name:"query",type:"text"}],indexes:[{columns:["entity_id"]},{columns:["entity_name"]},{columns:["user_id"]},{columns:["created_at"]}]}];var Yh={GET:["GET"],POST:["POST"],PUT:["PUT"],DELETE:["DELETE"],PATCH:["PATCH"],TOGGLE:["PATCH"],VERIFICATION:["POST"]};function Jh(n,r){let t=[],o=n.authentication;if(!o)return t;if(o.login?.enabled&&o.login?.isPublic)t.push({path:o.login.route||`${r}/auth/login`,method:"POST",source:"auth"});if(o.register?.enabled&&o.register?.isPublic)t.push({path:o.register.route||`${r}/auth/register`,method:"POST",source:"auth"});if(o.logout?.enabled&&o.logout?.isPublic)t.push({path:o.logout.route||`${r}/auth/logout`,method:"POST",source:"auth"});if(o.refresh?.enabled&&o.refresh?.isPublic)t.push({path:o.refresh.route||`${r}/auth/refresh`,method:"POST",source:"auth"});if(o.passwordReset?.enabled&&o.passwordReset?.isPublic){let a=o.passwordReset.route||`${r}/auth/password-reset`;t.push({path:`${a}/request`,method:"POST",source:"auth"},{path:`${a}/confirm`,method:"POST",source:"auth"})}if(o.passwordChange?.enabled&&o.passwordChange?.isPublic)t.push({path:o.passwordChange.route||`${r}/auth/password-change`,method:"POST",source:"auth"});if(o.magicLink?.enabled&&o.magicLink?.isPublic)t.push({path:o.magicLink.route||`${r}/auth/magic-link`,method:"POST",source:"auth"},{path:o.magicLink.verifyRoute||`${r}/auth/magic-link/verify`,method:"GET",source:"auth"});if(o.register?.enabled&&o.register?.emailVerification?.enabled)t.push({path:`${r}/verify-email`,method:"GET",source:"auth"},{path:`${r}/resend-verification`,method:"POST",source:"auth"});if(o.invite?.enabled&&o.invite?.isPublic)t.push({path:o.invite.route||`${r}/auth/invite`,method:"POST",source:"auth"});if(o.invite?.enabled){let a=o.invite.route||`${r}/auth/invite`;t.push({path:`${a}/verify`,method:"POST",source:"auth"})}if(o.passwordSet?.enabled)t.push({path:o.passwordSet.route||`${r}/auth/password-set`,method:"POST",source:"auth"});if(o.captcha?.enabled&&o.captcha?.isPublic){let a=o.captcha.route||`${r}/auth/captcha`;t.push({path:`${a}/generate`,method:"GET",source:"auth"},{path:`${a}/validate`,method:"POST",source:"auth"})}if(o.oauth?.enabled){let a=o.oauth.basePath||`${r}/auth/oauth`,c=["google","github","microsoft","discord","facebook","twitter","apple","custom"];t.push({path:`${a}/providers`,method:"GET",source:"auth"});for(let e of c)t.push({path:`${a}/${e}`,method:"GET",source:"auth"},{path:`${a}/${e}/callback`,method:"GET",source:"auth"})}return t}function Vb(n,r,t){let o=[];for(let a of n){if(!a.is_public)continue;let c=`${r}/${t}/${a.table_name}`;for(let[e,i]of Object.entries(a.is_public)){if(!i)continue;let s=Yh[e];if(!s)continue;for(let f of s)if(f==="GET")o.push({path:c,method:"GET",source:"entity"}),o.push({path:`${c}/:id`,method:"GET",source:"entity"});else if(f==="POST")o.push({path:c,method:"POST",source:"entity"});else if(f==="PUT"||f==="PATCH")o.push({path:`${c}/:id`,method:f,source:"entity"});else if(f==="DELETE")o.push({path:`${c}/:id`,method:"DELETE",source:"entity"})}}return o}function Xh(n,r,t){return Vb(n,r,t)}function Nf(n,r,t="",o="public"){let a=Jh(n,t),c=Vb(n.entities||[],t,o),e=Xh(r,t,o),i=[];if(n.pubsub?.enabled){let f=n.pubsub.basePath||"/subs",l=n.pubsub.wsPath||"/api/events/subscribe";i.push({path:`${f}/:topic`,method:"POST",source:"system"},{path:l,method:"GET",source:"system"})}let s=[{path:"/nucleus-core",method:"GET",source:"custom"},{path:"/public",method:"GET",source:"custom"},{path:"/docs",method:"GET",source:"custom"},{path:"/docs/json",method:"GET",source:"custom"},{path:"/swagger",method:"GET",source:"custom"},{path:"/swagger/json",method:"GET",source:"custom"}];return[...a,...c,...e,...i,...s]}function xf(n,r,t){let o=r.replace(/\/$/,""),a=t.toUpperCase();for(let c of n){if(c.method!==a)continue;if(Lh(c.path,o))return!0}return!1}function Lh(n,r){if(n===r)return!0;let t=n.split("/").filter(Boolean),o=r.split("/").filter(Boolean);if(t.length!==o.length)return!1;for(let a=0;a<t.length;a++){let c=t[a],e=o[a];if(c?.startsWith(":"))continue;if(c!==e)return!1}return!0}Uf();Ie();ni();import{asc as _5,desc as m5,eq as ur,ilike as $g,inArray as w5,notInArray as h5,or as $5}from"drizzle-orm";import{drizzle as A5}from"drizzle-orm/node-postgres";import{Elysia as R5,t as Xn}from"elysia";import{t as Fn}from"elysia";function g5(n){let r={};if(!n||n.length===0)return Fn.Object({},{additionalProperties:!0});for(let t of n)switch(t.type?.toLowerCase()||"string"){case"integer":case"int":case"serial":case"bigserial":case"numeric":case"decimal":r[t.name]=t.notNull?Fn.Number():Fn.Optional(Fn.Number());break;case"boolean":r[t.name]=t.notNull?Fn.Boolean():Fn.Optional(Fn.Boolean());break;case"timestamp":case"timestamptz":case"date":r[t.name]=t.notNull?Fn.String({format:"date-time"}):Fn.Optional(Fn.String({format:"date-time"}));break;case"json":case"jsonb":r[t.name]=Fn.Optional(Fn.Unknown());break;case"uuid":r[t.name]=t.notNull?Fn.String({format:"uuid"}):Fn.Optional(Fn.String({format:"uuid"}));break;default:r[t.name]=t.notNull?Fn.String():Fn.Optional(Fn.String())}return Fn.Object(r,{additionalProperties:!0})}function hg(n){return Fn.Array(Fn.Object({id:Fn.String(),data:g5(n)}))}function fl(n,r){let{db:t,schemaTables:o,schemaRelations:a,entities:c,logger:e,databaseUrl:i,storage:s,authorization:f}=r,l=hc(s),d=f?.enabled??!1;if(!t)return n;let b=Object.keys(o),w=c.map((m)=>m.table_name),h=b.filter((m)=>!w.includes(m)),_=["userSessions","passwordResetTokens","magicLinkTokens"],g=["passwordResetTokens","magicLinkTokens"],R=["files"];function k(m){return m.replace(/_([a-z])/g,(A,H)=>H.toUpperCase())}let M=new Map(qe.map((m)=>[k(m.table_name),m])),C=h.filter((m)=>{if(g.includes(m)&&!r.emailServiceAvailable)return e.info(`Skipping ${m} routes - email service not available`),!1;return!0}).map((m)=>{let A=M.get(m);return{table_name:m,group_name:_.includes(m)?"Authentication":m,is_form_data:R.includes(m),bulk_endpoints_enabled:A?.bulk_endpoints_enabled??!1,excluded_methods:A?.excluded_methods?[...A.excluded_methods]:[]}}),N=[...c,...C];e.info(`All entities: ${N.map((m)=>m.table_name).join(", ")}`);for(let m of N){let A=m.table_name,H=m.group_name||m.table_name,D=o[A];if(!D)continue;let E=a[`${A}Relations`];e.info(`Creating routes for table: ${A}`);let S=D,z=S.id,U=t,P=hg(m.columns),p=Xn.Array(Xn.String()),K=new R5({prefix:`/${A}`});if(!m.excluded_methods?.includes("GET"))K.get("/",async(B)=>{if(!U)return{success:!1,message:"DB not initialized"};let L=B.request.headers.get("x-user-id"),Y=m.columns?.map((_n)=>_n.name),Q=Object.keys(a).filter((_n)=>_n.startsWith(`${m.table_name}Relations`)).map((_n)=>_n.replace("Relations","")),V=null;if(d&&L){if(V=await _c({userId:L,method:"GET",entity:m.table_name,requestedFields:Y,requestedRelations:Q,db:U,schemaTables:o,logger:e}),!V.authorized)return{success:!1,message:V.reason||"Unauthorized",status:403}}let q=ol(B.query),F=[];if(d&&V?.scopeFilters)for(let[_n,T]of Object.entries(V.scopeFilters)){let Jn=S[_n];if(Jn)F.push(ur(Jn,T))}if(q.search&&q.searchFields){let _n=q.searchFields.map((T)=>{let Jn=S[T.trim()];return Jn?$g(Jn,`%${q.search}%`):null}).filter((T)=>T!==null);if(_n.length>0){let T=$5(..._n);if(T)F.push(T)}}if(q.filters){let{ne:_n,gt:T,gte:Jn,lt:Gn,lte:qn,like:gr,isNull:Ar,isNotNull:Mt}=await import("drizzle-orm");for(let er of q.filters){let lr=S[er.field];if(!lr)continue;switch(er.operator){case"eq":F.push(ur(lr,er.value));break;case"neq":F.push(_n(lr,er.value));break;case"gt":F.push(T(lr,er.value));break;case"gte":F.push(Jn(lr,er.value));break;case"lt":F.push(Gn(lr,er.value));break;case"lte":F.push(qn(lr,er.value));break;case"like":F.push(gr(lr,er.value));break;case"ilike":F.push($g(lr,er.value));break;case"in":F.push(w5(lr,er.value));break;case"notIn":F.push(h5(lr,er.value));break;case"isNull":F.push(Ar(lr));break;case"isNotNull":F.push(Mt(lr));break}}}let v=U.select().from(D);if(F.length>0){let{and:_n}=await import("drizzle-orm"),T=_n(...F);if(T)v=v.where(T)}if(q.sort&&q.sort.length>0){let _n=q.sort.map((T)=>{let Jn=S[T.field];if(!Jn)return null;return T.direction==="desc"?m5(Jn):_5(Jn)}).filter((T)=>T!==null);if(_n.length>0)v=v.orderBy(..._n)}let dn=q.page??1,tn=q.limit??20,un=q.offset??(dn-1)*tn,sn=U.select().from(D);if(F.length>0){let{and:_n}=await import("drizzle-orm"),T=_n(...F);if(T)sn.where(T)}let fr=(await sn).length;v=v.limit(tn).offset(un);let gn=await v,et=lg(dn,tn,un,fr);if(d&&V?.allowedFields)gn=Le(gn,V.allowedFields);return{success:!0,data:{items:gn,meta:et}}},{detail:{tags:[H],summary:`List ${A}`,description:`Get paginated list of ${A} records with filtering, sorting, and search`}}),K.get("/:id",async(B)=>{if(!U||!z)return{success:!1,message:"No id column or DB"};let L=B.params,Y=ol(B.query),Q=B.request.headers.get("x-user-id"),V=m.columns?.map((tn)=>tn.name),q=Y.with?.map((tn)=>tn.name),F=null;if(d&&Q){if(F=await _c({userId:Q,method:"GET",entity:m.table_name,requestedFields:V,requestedRelations:q,db:U,schemaTables:o,logger:e}),!F.authorized)return{success:!1,message:F.reason||"Unauthorized",status:403}}if(Y.with&&Y.with.length>0&&E&&i){let tn=d&&F?.allowedRelations?Y.with.filter((Yn)=>F.allowedRelations?.includes(Yn.name)??!1):Y.with,sn=await A5(i,{schema:{...o,...a}}).query[m.table_name]?.findFirst({where:ur(z,L.id),with:tn.reduce((Yn,fr)=>{return Yn[fr.name]=fr.limit?{limit:fr.limit}:!0,Yn},{})});if(d&&F?.allowedFields&&sn)sn=Le(sn,F.allowedFields);if(d&&F?.allowedRelations&&sn)sn=eb(sn,F.allowedRelations);return{success:!0,data:sn||null}}let dn=(await U.select().from(D).where(ur(z,L.id)))[0]||null;if(d&&F?.allowedFields&&dn)dn=Le(dn,F.allowedFields);return{success:!0,data:dn}},{detail:{tags:[H],summary:`Get ${A} by ID`,description:`Get a single ${A} record by its ID with optional relations`}}),K.get("/distinct/:field",async(B)=>{if(!U)return{success:!1,message:"DB not initialized"};let L=B.params,Y=S[L.field];if(!Y)return{success:!1,message:"Field not found"};return{success:!0,data:await U.selectDistinct({value:Y}).from(D)}},{detail:{tags:[H],summary:`Get distinct ${A} values`,description:`Get distinct values for a specific field in ${A}`}});if(!m.excluded_methods?.includes("POST"))if(m.is_form_data&&l.enabled)K.post("/",async(B)=>{if(!U)return{success:!1,message:"DB not initialized"};let L=B.request.headers.get("x-user-id"),{data:Y,files:Q}=$c(B.body,l),V=Y;if(m.columns){V=ma(V,m.columns);let v=_a(V,m.columns,!1);if(!v.valid)return{success:!1,message:"Validation failed",errors:v.errors}}let q=null;if(Q.length>0){if(q=await Ac(Q,l,m.table_name),q.failed.length>0&&q.success.length===0)return{success:!1,message:"File upload failed",errors:q.failed};if(q.success.length>0){let v=q.success[0];if(v){let dn=v.originalName.split(".").pop()||"";V={...V,id:v.id,name:v.name,originalName:v.originalName,path:v.path,mimeType:v.mimeType,size:v.size,extension:dn,uploadedBy:L}}}}if(L)V.createdBy=L;let F=await U.insert(D).values(V).returning();{let v=new URL(B.request.url);e.audit({entityName:m.table_name,entityId:String(F[0]?.id??""),operation:"CREATE",userId:L||void 0,summary:`Created ${m.table_name}`,newValues:F[0],ipAddress:B.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||B.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:B.request.headers.get("user-agent")||"unknown",path:v.pathname,query:v.search})}return{success:!0,data:F[0]}},{type:"formdata",body:Xn.Object({[l.formData.dataField]:Xn.Optional(Xn.Union([Xn.String(),Xn.Any()])),[l.formData.filesField]:Xn.Optional(Xn.Union([Xn.File(),Xn.Array(Xn.File())]))}),detail:{tags:[H],summary:`Create ${A} with files`,description:`Create a new ${A} record with file upload support`}});else K.post("/",async(B)=>{if(!U)return{success:!1,message:"DB not initialized"};let L=B.body,Y=B.request.headers.get("x-user-id");if(m.columns){L=ma(L,m.columns);let V=_a(L,m.columns,!1);if(!V.valid)return{success:!1,message:"Validation failed",errors:V.errors}}if(Y)L.createdBy=Y;let Q=await U.insert(D).values(L).returning();if(A==="userRoles"&&L.roleId&&L.userId)try{let{roles:V,users:q}=o;if(V&&q){if((await U.select().from(V).where(ur(V.id,L.roleId)).limit(1))[0]?.name==="godmin")await U.update(q).set({isGod:!0}).where(ur(q.id,L.userId))}}catch(V){e.warn("[Entity] Failed to sync is_god flag on userRole create")}{let V=new URL(B.request.url);e.audit({entityName:m.table_name,entityId:String(Q[0]?.id??""),operation:"CREATE",userId:Y||void 0,summary:`Created ${m.table_name}`,newValues:Q[0],ipAddress:B.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||B.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:B.request.headers.get("user-agent")||"unknown",path:V.pathname,query:V.search})}return{success:!0,data:Q[0]}},{body:Xn.Object({},{additionalProperties:!0}),detail:{tags:[H],summary:`Create ${A}`,description:`Create a new ${A} record`}});if(!m.excluded_methods?.includes("PUT"))if(m.is_form_data&&l.enabled)K.put("/:id",async(B)=>{if(!U||!z)return{success:!1,message:"No id column or DB"};let L=B.params,Y=B.request.headers.get("x-user-id"),{data:Q,files:V}=$c(B.body,l),q=Q,F=await U.select().from(D).where(ur(z,L.id)).limit(1);if(m.columns){q=ma(q,m.columns);let tn=_a(q,m.columns,!1);if(!tn.valid)return{success:!1,message:"Validation failed",errors:tn.errors}}let v=null;if(V.length>0)v=await Ac(V,l,m.table_name);let dn=await U.update(D).set(q).where(ur(z,L.id)).returning();{let tn=new URL(B.request.url);e.audit({entityName:m.table_name,entityId:L.id,operation:"UPDATE",userId:Y||void 0,summary:`Updated ${m.table_name} (${L.id})`,oldValues:F[0],newValues:dn[0],ipAddress:B.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||B.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:B.request.headers.get("user-agent")||"unknown",path:tn.pathname,query:tn.search})}return{success:!0,data:{record:dn[0],files:v?.success||[],fileErrors:v?.failed||[]}}},{type:"formdata",body:Xn.Object({[l.formData.dataField]:Xn.Optional(Xn.Union([Xn.String(),Xn.Any()])),[l.formData.filesField]:Xn.Optional(Xn.Union([Xn.File(),Xn.Array(Xn.File())]))}),detail:{tags:[H],summary:`Update ${A} with files`,description:`Full update of ${A} record with file upload support`}});else K.put("/:id",async(B)=>{if(!U||!z)return{success:!1,message:"No id column or DB"};let{params:L,body:Y}=B,Q=B.request.headers.get("x-user-id"),V=await U.select().from(D).where(ur(z,L.id)).limit(1);if(m.columns){Y=ma(Y,m.columns);let F=_a(Y,m.columns,!1);if(!F.valid)return{success:!1,message:"Validation failed",errors:F.errors}}if(Y.updatedAt=new Date,Q)Y.updatedBy=Q;let q=await U.update(D).set(Y).where(ur(z,L.id)).returning();{let F=new URL(B.request.url);e.audit({entityName:m.table_name,entityId:L.id,operation:"UPDATE",userId:Q||void 0,summary:`Updated ${m.table_name} (${L.id})`,oldValues:V[0],newValues:q[0],ipAddress:B.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||B.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:B.request.headers.get("user-agent")||"unknown",path:F.pathname,query:F.search})}return{success:!0,data:q[0]}},{body:Xn.Object({},{additionalProperties:!0}),detail:{tags:[H],summary:`Update ${A}`,description:`Full update of ${A} record`}});if(!m.excluded_methods?.includes("PATCH"))K.patch("/:id",async(B)=>{if(!U||!z)return{success:!1,message:"No id column or DB"};let{params:L,body:Y}=B,Q=B.request.headers.get("x-user-id"),V=await U.select().from(D).where(ur(z,L.id)).limit(1);if(m.columns){Y=ma(Y,m.columns);let F=_a(Y,m.columns,!0);if(!F.valid)return{success:!1,message:"Validation failed",errors:F.errors}}if(Y.updatedAt=new Date,Q)Y.updatedBy=Q;let q=await U.update(D).set(Y).where(ur(z,L.id)).returning();{let F=new URL(B.request.url);e.audit({entityName:m.table_name,entityId:L.id,operation:"PATCH",userId:Q||void 0,summary:`Patched ${m.table_name} (${L.id})`,oldValues:V[0],newValues:q[0],ipAddress:B.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||B.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:B.request.headers.get("user-agent")||"unknown",path:F.pathname,query:F.search})}return{success:!0,data:q[0]}},{body:Xn.Object({},{additionalProperties:!0}),detail:{tags:[H],summary:`Patch ${A}`,description:`Partial update of ${A} record`}});if(!m.excluded_methods?.includes("DELETE"))K.delete("/:id",async(B)=>{if(!U||!z)return{success:!1,message:"No id column or DB"};let L=B.params,Y=B.request.headers.get("x-user-id"),Q=await U.select().from(D).where(ur(z,L.id)).limit(1);if(await U.delete(D).where(ur(z,L.id)),A==="userRoles"&&Q[0])try{let V=Q[0],q=o.roles,F=o.users;if(q&&F&&V.roleId&&V.userId){if((await U.select().from(q).where(ur(q.id,V.roleId)).limit(1))[0]?.name==="godmin")await U.update(F).set({isGod:!1}).where(ur(F.id,V.userId))}}catch(V){e.warn("[Entity] Failed to sync is_god flag on userRole delete")}{let V=new URL(B.request.url);e.audit({entityName:m.table_name,entityId:L.id,operation:"DELETE",userId:Y||void 0,summary:`Deleted ${m.table_name} (${L.id})`,oldValues:Q[0],ipAddress:B.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||B.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:B.request.headers.get("user-agent")||"unknown",path:V.pathname,query:V.search})}return{success:!0,data:null}},{detail:{tags:[H],summary:`Delete ${A}`,description:`Delete a ${A} record`}});if(m.bulk_endpoints_enabled){if(!m.excluded_methods?.includes("POST"))K.post("/bulk",async(B)=>{if(!U)return{success:!1,message:"DB not initialized"};let L=B.body;if(!Array.isArray(L))return{success:!1,message:"Body must be an array"};try{return{success:!0,data:await U.transaction(async(Q)=>{let V=[];for(let q of L){let F=await Q.insert(D).values(q).returning();V.push(F[0])}return V})}}catch(Y){return{success:!1,message:Y instanceof Error?Y.message:"Transaction failed"}}},{body:Xn.Array(Xn.Object({},{additionalProperties:!0})),detail:{tags:[H],summary:`Bulk create ${A}`,description:`Create multiple ${A} records`}});if(!m.excluded_methods?.includes("PUT"))K.put("/bulk",async(B)=>{if(!U||!z)return{success:!1,message:"No id column or DB"};let L=B.body;if(!Array.isArray(L))return{success:!1,message:"Body must be an array"};try{return{success:!0,data:await U.transaction(async(Q)=>{let V=[];for(let q of L){let F=await Q.update(D).set(q.data).where(ur(z,q.id)).returning();V.push(F[0])}return V})}}catch(Y){return{success:!1,message:Y instanceof Error?Y.message:"Transaction failed"}}},{body:P,detail:{tags:[H],summary:`Bulk update ${A}`,description:`Update multiple ${A} records`}});if(!m.excluded_methods?.includes("DELETE"))K.delete("/bulk",async(B)=>{if(!U||!z)return{success:!1,message:"No id column or DB"};let L=B.body;if(!Array.isArray(L))return{success:!1,message:"Body must be an array of ids"};try{return await U.transaction(async(Y)=>{for(let Q of L)await Y.delete(D).where(ur(z,Q))}),{success:!0,data:{deleted:L.length}}}catch(Y){return{success:!1,message:Y instanceof Error?Y.message:"Transaction failed"}}},{body:p,detail:{tags:[H],summary:`Bulk delete ${A}`,description:`Delete multiple ${A} records`}})}n.use(K)}return n}import k5,{t as Rc}from"elysia";function E5(n){let r=n.match(/^(\d+)(ms|s|m|h)$/);if(!r||!r[1]||!r[2])return 5000;let t=parseInt(r[1],10);switch(r[2]){case"ms":return t;case"s":return t*1000;case"m":return t*60*1000;case"h":return t*60*60*1000;default:return 5000}}function ll(n){let{monitoringService:r,logger:t,endpoints:o}=n,a=new k5({prefix:o.basePath});if(!o.enabled)return a;if(o.stream.enabled)a.get(o.stream.path,async function*({request:c}){t.info("[Monitoring] SSE stream connected");let e=E5(o.stream.interval),i=!0;c.signal.addEventListener("abort",()=>{i=!1,t.info("[Monitoring] SSE stream disconnected")});let s=await r.getLatestSnapshot();if(s)yield{event:"snapshot",data:JSON.stringify(s)};while(i){if(await new Promise((d)=>setTimeout(d,e)),!i)break;let f=await r.getLatestSnapshot();if(f)yield{event:"snapshot",data:JSON.stringify(f)};let l=r.getActiveAlerts();if(l.length>0)yield{event:"alerts",data:JSON.stringify(l)}}},{detail:{tags:["Monitoring"],summary:"Stream real-time monitoring data",description:"Server-Sent Events stream for real-time monitoring metrics"}});if(o.snapshot.enabled)a.get(o.snapshot.path,async()=>{let c=await r.getLatestSnapshot();if(!c)return{isSuccess:!1,message:"No monitoring data available",data:null};return{isSuccess:!0,message:"Current monitoring snapshot",data:c}},{detail:{tags:["Monitoring"],summary:"Get current monitoring snapshot",description:"Returns the latest monitoring metrics snapshot"}});if(o.history.enabled)a.get(o.history.path,async({query:c})=>{let e=Math.min(c.minutes?parseInt(String(c.minutes),10):60,o.history.maxMinutes),i=await r.getHistory(e);return{isSuccess:!0,message:`Monitoring history for last ${e} minutes`,data:{minutes:e,count:i.length,snapshots:i}}},{query:Rc.Object({minutes:Rc.Optional(Rc.Numeric())}),detail:{tags:["Monitoring"],summary:"Get monitoring history",description:"Returns historical monitoring data for the specified time range"}});if(o.alerts.enabled)a.get(o.alerts.path,()=>{let c=r.getActiveAlerts();return{isSuccess:!0,message:"Active alerts",data:{count:c.length,alerts:c}}},{detail:{tags:["Monitoring"],summary:"Get active alerts",description:"Returns all currently active monitoring alerts"}}),a.post(`${o.alerts.path}/:alertId/acknowledge`,({params:c})=>{if(!r.acknowledgeAlert(c.alertId))return{isSuccess:!1,message:"Alert not found",data:null};return{isSuccess:!0,message:"Alert acknowledged",data:{alertId:c.alertId}}},{params:Rc.Object({alertId:Rc.String()}),detail:{tags:["Monitoring"],summary:"Acknowledge an alert",description:"Mark an alert as acknowledged"}});return t.info(`[Monitoring] Routes enabled at ${o.basePath} (stream: ${o.stream.enabled}, snapshot: ${o.snapshot.enabled}, history: ${o.history.enabled}, alerts: ${o.alerts.enabled})`),a}import S5,{t as Gr}from"elysia";var M5={"Content-Type":"text/event-stream; charset=utf-8","Cache-Control":"no-cache, no-transform",Connection:"keep-alive"},D5=new TextEncoder,dl=(n,r)=>{let t=typeof r==="string"?r:JSON.stringify(r);return D5.encode(`event: ${n}
|
|
82
|
+
`}),b.info("[OAUTH] Invite email sent to new OAuth user",{userId:p,email:z.email,provider:M})}catch(gn){b.warn("[OAUTH] Failed to send invite email",{userId:p,error:gn})}}await d.update(w).set({lastLoginAt:new Date}).where(zr(w.id,p));let K=k.request.headers.get("cf-connecting-ip")?.trim()||k.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||k.request.headers.get("x-real-ip")?.trim()||"127.0.0.1",B=k.request.headers.get("user-agent")||"Unknown Browser",L=mi(B,K),Y=t(p),Q=o(p),V={userId:p,deviceInfo:L,loginMethod:`oauth:${M}`,rememberMe:!0},q=await a(V);if(c)await c(q,V);await b.audit({entityName:"users",entityId:p,operation:"LOGIN",userId:p,summary:`${z.email??z.providerAccountId} logged in via OAuth (${M})`,ipAddress:K,userAgent:B,path:`${h}/${M}/callback`,query:""});let F=_.secure?"; Secure":"",v=`; Path=${_.path}; HttpOnly; SameSite=${_.sameSite}${F}`,dn=[];if(g.accessToken.setHeadersEnabled)dn.push(`${_.accessTokenName}=${Y}${v}; Max-Age=${_.accessTokenMaxAge}`);if(g.refreshToken.setHeadersEnabled)dn.push(`${_.refreshTokenName}=${Q}${v}; Max-Age=${_.refreshTokenMaxAge}`);if(g.sessionToken.setHeadersEnabled)dn.push(`${_.sessionTokenName}=${q}${v}; Max-Age=${_.sessionTokenMaxAge}`);let tn=E.redirectUrl||r.successRedirectUrl,un=new Headers;un.set("Location",tn);for(let sn of dn)un.append("Set-Cookie",sn);return new Response(null,{status:302,headers:un})},{detail:{tags:["Authentication"],summary:"OAuth Callback",description:"Handles the OAuth provider callback, creates session and sets cookies"}}),R.get(`${h}/providers`,()=>{return{success:!0,data:{providers:r.getEnabledProviders()}}},{detail:{tags:["Authentication"],summary:"List OAuth Providers",description:"Returns the list of enabled OAuth providers"}}),R.get(`${h}/link/:provider`,async(k)=>{let M=k.params.provider;if(!r.isProviderEnabled(M))return k.set.status=404,{success:!1,message:`OAuth provider "${M}" is not enabled`};if(!r.allowAccountLinking)return k.set.status=403,{success:!1,message:"Account linking is disabled"};let C=k.request.headers.get("x-user-id");if(!C)return k.set.status=401,{success:!1,message:"Authentication required to link accounts"};let N=k.query.redirect_url,m=r.buildAuthorizationUrl(M,C,N);return k.set.status=302,k.set.headers.Location=m,null},{detail:{tags:["Authentication"],summary:"Link OAuth Account",description:"Redirects to provider to link an OAuth account to the current user"}}),R.delete(`${h}/unlink/:provider`,async(k)=>{let M=k.params.provider,C=k.request.headers.get("x-user-id");if(!C)return k.set.status=401,{success:!1,message:"Authentication required"};if(!d)return k.set.status=500,{success:!1,message:"Database not configured"};let N=n.oauthAccountsTable;if(!N)return k.set.status=500,{success:!1,message:"OAuth accounts table not configured"};if((await d.select().from(N).where(bs(zr(N.userId,C),zr(N.provider,M))).limit(1)).length===0)return{success:!1,message:`No linked ${M} account found`};let D=!!(await d.select().from(w).where(zr(w.id,C)).limit(1))[0]?.password,E=await d.select().from(N).where(zr(N.userId,C));if(!D&&E.length<=1)return k.set.status=400,{success:!1,message:"Cannot unlink the only login method. Set a password first."};return await d.delete(N).where(bs(zr(N.userId,C),zr(N.provider,M))),b.info("[OAUTH] Account unlinked",{userId:C,provider:M}),{success:!0,message:`${M} account unlinked successfully`}},{detail:{tags:["Authentication"],summary:"Unlink OAuth Account",description:"Removes a linked OAuth account from the current user"}}),R.get(`${h}/accounts`,async(k)=>{let M=k.request.headers.get("x-user-id");if(!M)return k.set.status=401,{success:!1,message:"Authentication required"};if(!d)return k.set.status=500,{success:!1,message:"Database not configured"};let C=n.oauthAccountsTable;if(!C)return{success:!0,data:{accounts:[]}};return{success:!0,data:{accounts:(await d.select().from(C).where(zr(C.userId,M))).map((A)=>({id:A.id,provider:A.provider,providerEmail:A.providerEmail,providerName:A.providerName,providerAvatarUrl:A.providerAvatarUrl,isPrimary:A.isPrimary,lastUsedAt:A.lastUsedAt,createdAt:A.createdAt}))}}},{detail:{tags:["Authentication"],summary:"List Linked OAuth Accounts",description:"Returns all OAuth accounts linked to the current user"}}),R}var u2=u(()=>{wi();Yc()});import{t as Jo}from"elysia";var $d,sE;var Ad=u(()=>{$d=Jo.Object({currentPassword:Jo.String({minLength:1}),newPassword:Jo.String({minLength:8}),confirmPassword:Jo.String({minLength:8})}),sE=Jo.Object({success:Jo.Boolean(),message:Jo.Optional(Jo.String())})});function b2(n,r){return n===r}import{eq as g2}from"drizzle-orm";import{Elysia as fE}from"elysia";function gs(n,r){let{db:t,logger:o,usersTable:a}=n,c=r.route||"/auth/password-change",e=new fE;if(!r.enabled)return e;return e.post(c,async(i)=>{if(!t||!a)return i.set.status=500,{success:!1,message:"Database not configured"};let s=i.request.headers.get("x-user-id");if(!s)return i.set.status=401,{success:!1,message:"Authentication required"};let{currentPassword:f,newPassword:l,confirmPassword:d}=i.body;if(!b2(l,d))return i.set.status=422,{success:!1,message:"New passwords do not match"};let w=(await t.select().from(a).where(g2(a.id,s)).limit(1))[0];if(!w)return i.set.status=404,{success:!1,message:"User not found"};let h=await _i(f,w.password),_=new URL(i.request.url),g=i.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||i.request.headers.get("x-real-ip")?.trim()||"unknown",R=i.request.headers.get("user-agent")||"unknown";if(!h)return o.warn("[AUTH] Password change failed - invalid current password",{userId:s}),o.audit({entityName:"users",entityId:s,operation:"PASSWORD_CHANGE_FAILED",userId:s,summary:"Password change failed: invalid current password",ipAddress:g,userAgent:R,path:_.pathname,query:_.search}),i.set.status=400,{success:!1,message:"Current password is incorrect"};let k=await Ao(l);return await t.update(a).set({password:k,updatedAt:new Date}).where(g2(a.id,s)),o.info("[AUTH] Password change successful",{userId:s}),o.audit({entityName:"users",entityId:s,operation:"PASSWORD_CHANGE",userId:s,summary:"Password changed successfully",ipAddress:g,userAgent:R,path:_.pathname,query:_.search}),{success:!0,message:"Password changed successfully"}},{body:$d,detail:{tags:["Authentication"],summary:"Change Password",description:"Change password for authenticated user"}}),e}var Rd=u(()=>{wi();Xa();Ad();Ad()});import{t as Ct}from"elysia";var kd,Ed,lE;var Sd=u(()=>{kd=Ct.Object({email:Ct.String({format:"email"})}),Ed=Ct.Object({token:Ct.String(),newPassword:Ct.String({minLength:8}),confirmPassword:Ct.String({minLength:8})}),lE=Ct.Object({success:Ct.Boolean(),message:Ct.Optional(Ct.String())})});import{randomBytes as dE}from"crypto";function _2(){return dE(32).toString("hex")}function m2(n){return new Date>n}var w2=()=>{};import{Elysia as uE}from"elysia";function _s(n,r,t,o,a,c){let{db:e,logger:i,usersTable:s}=n,f=r.route||"/auth/password-reset",l=new uE;if(!r.enabled)return l;return l.post(`${f}/request`,async(d)=>{if(!e||!s)return{success:!1,message:"Database not configured"};let{email:b}=d.body,{eq:w}=await import("drizzle-orm"),_=(await e.select().from(s).where(w(s.email,b)).limit(1))[0];if(!_)return{success:!0,message:"If email exists, reset link will be sent"};let g=_2(),R=new Date(Date.now()+3600000);if(await t(_.id,g,R),c)try{await c(b,g),i.info("[AUTH] Password reset email sent",{email:b})}catch(M){i.error("[AUTH] Failed to send password reset email",{email:b,error:M})}else i.warn("[AUTH] sendResetEmail not configured - email not sent",{email:b});i.info("[AUTH] Password reset requested",{userId:_.id,email:b});let k=new URL(d.request.url);return i.audit({entityName:"users",entityId:_.id,operation:"PASSWORD_RESET_REQUEST",userId:_.id,summary:`Password reset requested for ${b}`,ipAddress:d.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||d.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:d.request.headers.get("user-agent")||"unknown",path:k.pathname,query:k.search}),{success:!0,message:"If email exists, reset link will be sent"}},{body:kd,detail:{tags:["Authentication"],summary:"Request Password Reset",description:"Request a password reset email"}}),l.post(`${f}/confirm`,async(d)=>{if(!e||!s)return{success:!1,message:"Database not configured"};let{token:b,newPassword:w,confirmPassword:h}=d.body;if(w!==h)return{success:!1,message:"Passwords do not match"};let _=await o(b);if(!_)return{success:!1,message:"Invalid or expired reset token"};if(m2(_.expiresAt))return await a(b),{success:!1,message:"Reset token has expired"};let g=await Ao(w),{eq:R}=await import("drizzle-orm");await e.update(s).set({password:g}).where(R(s.id,_.userId)),await a(b),i.info("[AUTH] Password reset successful",{userId:_.userId});let k=new URL(d.request.url);return i.audit({entityName:"users",entityId:_.userId,operation:"PASSWORD_RESET",userId:_.userId,summary:"Password reset completed successfully",ipAddress:d.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||d.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:d.request.headers.get("user-agent")||"unknown",path:k.pathname,query:k.search}),{success:!0,message:"Password has been reset"}},{body:Ed,detail:{tags:["Authentication"],summary:"Confirm Password Reset",description:"Reset password with token"}}),l}var Md=u(()=>{Xa();Sd();w2();Sd()});import{t as ao}from"elysia";var Dd,bE;var Hd=u(()=>{Dd=ao.Object({newPassword:ao.String({minLength:8}),userId:ao.Optional(ao.String()),token:ao.Optional(ao.String())}),bE=ao.Object({success:ao.Boolean(),message:ao.String()})});import{eq as h2}from"drizzle-orm";import{Elysia as gE}from"elysia";function ms(n,r,t,o){let{db:a,logger:c,usersTable:e}=n,i=r.route||"/auth/password-set",s=new gE;if(!r.enabled)return s;return s.post(i,async(f)=>{if(c.info("[AUTH] Password set request received"),!a||!e)return c.error("[AUTH] Password set failed - database not configured"),{success:!1,message:"Database not configured"};let{newPassword:l,userId:d,token:b}=f.body,w=d;if(b&&t&&o){let k=gt(b),M=await t(k);if(!M)return c.warn("[AUTH] Password set failed - invalid token"),{success:!1,message:"Invalid or expired token"};if(new Date>M.expiresAt)return await o(k),c.warn("[AUTH] Password set failed - expired token",{email:M.email}),{success:!1,message:"Invalid or expired token"};w=M.userId,c.info("[AUTH] Password set - userId resolved from token",{userId:w,email:M.email})}if(!w)return c.warn("[AUTH] Password set failed - no userId in payload or token"),{success:!1,message:"User ID or token required"};let _=(await a.select().from(e).where(h2(e.id,w)).limit(1))[0];if(c.info("[AUTH] Password set - user found",{found:!!_,hasPassword:!!_?.password}),!_)return{success:!1,message:"User not found"};if(_.password)return c.warn("[AUTH] Password set failed - user already has password",{userId:w}),{success:!1,message:"Password already set. Use password change instead."};let g=await Ao(l);c.info("[AUTH] Password set - updating user with verifiedAt",{userId:w});let R=await a.update(e).set({password:g,verifiedAt:new Date,updatedAt:new Date}).where(h2(e.id,w));if(c.info("[AUTH] Password set successful for invited user",{userId:w,updateResult:R}),b&&o){let k=gt(b);await o(k),c.info("[AUTH] Invite token consumed after password set",{userId:w})}return{success:!0,message:"Password set successfully"}},{body:Dd,detail:{tags:["Authentication"],summary:"Set Password",description:"Set password for the first time (for invited users who do not have a password yet)"}}),s}var zd=u(()=>{Yc();Xa();Hd();Hd()});function Ud(n){let r=n.match(/^(\d+)([smhd])$/);if(!r)return 900;let t=r[1],o=r[2];if(!t||!o)return 900;let a=parseInt(t,10);switch(o){case"s":return a;case"m":return a*60;case"h":return a*3600;case"d":return a*86400;default:return 900}}import{t as sa}from"elysia";var _E;var $2=u(()=>{_E=sa.Object({success:sa.Boolean(),message:sa.Optional(sa.String()),data:sa.Optional(sa.Object({accessToken:sa.String()}))})});import{Elysia as mE}from"elysia";function ws(n,r,t,o,a,c,e){let{logger:i,authentication:s}=n,f=r.route||"/auth/refresh",l=new mE;if(!r.enabled)return l;return l.post(f,async(d)=>{let b=s?.refreshToken?.name||"refresh_token",w=s?.accessToken?.name||"access_token",h=d.request.headers.get("x-refresh-token");if(!h){let P=d.request.headers.get("cookie");if(P)h=P.split(";").reduce((K,B)=>{let[L,Y]=B.trim().split("=");if(L&&Y)K[L]=Y;return K},{})[b]||null}if(!h)return d.set.status=401,{success:!1,message:"Refresh token required"};let _=t(h);if(!_.valid||!_.payload)return i.warn("[AUTH] Refresh failed - invalid token"),d.set.status=401,{success:!1,message:"Invalid refresh token"};let g=_.payload.sub,R=o(g),k=a?a(g):null,M=c?.accessToken?.setHeadersEnabled??!0,C=c?.accessToken?.returnJson??!0,N=c?.refreshToken?.setHeadersEnabled??!0,m=c?.refreshToken?.returnJson??!1,A=s?.accessToken?.expiresIn||"15m",H=Math.max(0,Ud(A)-(e??0)),D=s?.refreshToken?.expiresIn||"7d",E=Ud(D),S=new Headers;if(S.set("Content-Type","application/json"),M)S.append("Set-Cookie",`${w}=${R}; Path=/; HttpOnly; SameSite=Strict; Secure; Max-Age=${H}`);if(k&&N)S.append("Set-Cookie",`${b}=${k}; Path=/; HttpOnly; SameSite=Strict; Secure; Max-Age=${E}`);i.info("[AUTH] Token refresh successful",{userId:g,rotatedRefreshToken:!!k});let z={};if(C)z.accessToken=R;if(k&&m)z.refreshToken=k;let U=JSON.stringify({success:!0,data:z});return new Response(U,{status:200,headers:S})},{detail:{tags:["Authentication"],summary:"Refresh Token",description:"Get new access token using refresh token"}}),l}var Bd=u(()=>{$2()});import{t as Vr}from"elysia";var Wd,wE;var Yd=u(()=>{Wd=Vr.Object({email:Vr.String({format:"email"}),password:Vr.String({minLength:8}),confirmPassword:Vr.Optional(Vr.String({minLength:8}))}),wE=Vr.Object({success:Vr.Boolean(),message:Vr.Optional(Vr.String()),data:Vr.Optional(Vr.Object({user:Vr.Object({id:Vr.String(),email:Vr.String()})}))})});import{eq as hE}from"drizzle-orm";import{Elysia as $E}from"elysia";function hs(n,r,t,o,a,c,e,i,s,f){let{db:l,logger:d,usersTable:b}=n,w=r.route||"/auth/register",h={accessTokenName:e?.accessTokenName||"access_token",refreshTokenName:e?.refreshTokenName||"refresh_token",sessionTokenName:e?.sessionTokenName||"session_token",accessTokenMaxAge:e?.accessTokenMaxAge||900,refreshTokenMaxAge:e?.refreshTokenMaxAge||604800,sessionTokenMaxAge:e?.sessionTokenMaxAge||900,secure:e?.secure??!0,httpOnly:e?.httpOnly??!0,sameSite:e?.sameSite||"strict",path:e?.path||"/"},_=new $E;if(!r.enabled)return _;return _.post(w,async(g)=>{if(!l||!b)return g.set.status=500,{success:!1,message:"Database not configured"};let{email:R,password:k,confirmPassword:M}=g.body;if(M&&k!==M)return g.set.status=400,{success:!1,message:"Passwords do not match"};let C=d_(k);if(!C.valid)return g.set.status=400,{success:!1,message:"Password too weak",errors:C.errors};let N=await l.select().from(b).where(hE(b.email,R)).limit(1),m=new URL(g.request.url),A=g.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||g.request.headers.get("x-real-ip")?.trim()||"unknown",H=g.request.headers.get("user-agent")||"unknown";if(N.length>0)return d.warn("[AUTH] Registration failed - email exists",{email:R}),d.audit({entityName:"users",operation:"REGISTER_FAILED",summary:`Registration failed: email already exists (${R})`,ipAddress:A,userAgent:H,path:m.pathname,query:m.search}),g.set.status=409,{success:!1,message:"Email already registered"};let D=await Ao(k),E=r.emailVerification?.enabled&&s?.isAvailable(),S=E?fi():null,z=r.emailVerification?.tokenExpiresIn||"24h",U=E?new Date(Date.now()+Ja(z)):null,P={email:R,password:D};if(E&&S)P.emailVerificationToken=S,P.emailVerificationTokenExpiresAt=U,P.emailVerificationSentAt=new Date,P.emailVerificationAttempts=1;let K=(await l.insert(b).values(P).returning())[0];if(d.info("[AUTH] Registration successful",{userId:K.id,email:R,emailVerificationEnabled:E}),d.audit({entityName:"users",entityId:K.id,operation:"REGISTER",userId:K.id,summary:`New user registered: ${R}`,ipAddress:A,userAgent:H,path:m.pathname,query:m.search}),E&&s&&S){let L=`${(r.emailVerification?.redirectUrl||"http://localhost:3000/login").replace("/login","/verify-email")}?token=${S}`;s.sendVerificationEmail(R,R.split("@")[0]||"User",L,f||"Nucleus").then((q)=>{if(q.success)d.info("[AUTH] Verification email sent",{email:R});else d.error("[AUTH] Failed to send verification email",{email:R,error:q.error})}).catch((q)=>{d.error("[AUTH] Failed to send verification email",{email:R,error:q})});let Y=r.emailVerification?.resendCooldown||"60s",Q=Ja(Y)/1000,V=r.emailVerification?.maxResendAttempts||3;return{success:!0,message:"Registration successful. Please check your email to verify your account.",data:{user:{id:K.id,email:K.email},emailVerificationRequired:!0,verification:{cooldownSeconds:Q,canResendAt:new Date(Date.now()+Q*1000).toISOString(),attemptsRemaining:V-1,maxAttempts:V}}}}if(t)t(R,R.split("@")[0]||"User").catch((B)=>{d.error("[AUTH] Failed to send welcome email",{email:R,error:B})});if(o&&a&&c){let B=g.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||g.request.headers.get("x-real-ip")?.trim()||"unknown",L=g.request.headers.get("user-agent")||"",Y=o(K.id),Q=a(K.id),V=await c({userId:K.id,deviceInfo:{ipAddress:B,userAgent:L},loginMethod:"register"}),q={accessToken:{setHeadersEnabled:i?.accessToken?.setHeadersEnabled??!0,returnJson:i?.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:i?.refreshToken?.setHeadersEnabled??!0,returnJson:i?.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:i?.sessionToken?.setHeadersEnabled??!0,returnJson:i?.sessionToken?.returnJson??!0}},F=h.secure?"; Secure":"",v=`; Path=${h.path}; HttpOnly; SameSite=${h.sameSite}${F}`,dn=[];if(q.accessToken.setHeadersEnabled)dn.push(`${h.accessTokenName}=${Y}${v}; Max-Age=${h.accessTokenMaxAge}`);if(q.refreshToken.setHeadersEnabled)dn.push(`${h.refreshTokenName}=${Q}${v}; Max-Age=${h.refreshTokenMaxAge}`);if(q.sessionToken.setHeadersEnabled)dn.push(`${h.sessionTokenName}=${V}${v}; Max-Age=${h.sessionTokenMaxAge}`);let tn={user:{id:K.id,email:K.email}};if(q.accessToken.returnJson)tn.accessToken=Y;if(q.refreshToken.returnJson)tn.refreshToken=Q;if(q.sessionToken.returnJson)tn.sessionId=V;let un=JSON.stringify({success:!0,data:tn}),sn=new Headers;sn.set("Content-Type","application/json"),sn.set("x-session-id",V);for(let Yn of dn)sn.append("Set-Cookie",Yn);return new Response(un,{status:200,headers:sn})}return{success:!0,data:{user:{id:K.id,email:K.email}}}},{body:Wd,detail:{tags:["Authentication"],summary:"Register",description:"Register a new user account"}}),_}var Jd=u(()=>{Yd();Xa();Yd()});import{t as Z}from"elysia";var A2,AE,Xd,Ld,rF;var Vd=u(()=>{A2=Z.Object({id:Z.String(),deviceName:Z.Optional(Z.String()),deviceType:Z.Optional(Z.String()),browserName:Z.Optional(Z.String()),browserVersion:Z.Optional(Z.String()),osName:Z.Optional(Z.String()),osVersion:Z.Optional(Z.String()),ipAddress:Z.String(),locationCountry:Z.Optional(Z.String()),locationCity:Z.Optional(Z.String()),lastActivityAt:Z.String(),createdAt:Z.String(),isCurrent:Z.Boolean(),loginMethod:Z.Optional(Z.String()),trustScore:Z.Optional(Z.Number())}),AE=Z.Object({success:Z.Boolean(),data:Z.Optional(Z.Object({sessions:Z.Array(A2),currentSessionId:Z.Optional(Z.String()),totalCount:Z.Number()})),message:Z.Optional(Z.String())}),Xd=Z.Object({reason:Z.Optional(Z.String())}),Ld=Z.Object({excludeCurrent:Z.Optional(Z.Boolean()),reason:Z.Optional(Z.String())}),rF=Z.Object({success:Z.Boolean(),data:Z.Optional(Z.Object({recentActivity:Z.Array(Z.Object({sessionId:Z.String(),action:Z.String(),ipAddress:Z.String(),timestamp:Z.String(),deviceInfo:Z.Optional(Z.String())}))})),message:Z.Optional(Z.String())})});function $s(n){let r=(o,a)=>n[o]??n[a],t=(o,a)=>{let c=n[o]??n[a];if(!c)return;return c instanceof Date?c.toISOString():String(c)};return{id:n.id,deviceName:r("device_name","deviceName"),deviceType:r("device_type","deviceType"),deviceFingerprint:r("device_fingerprint","deviceFingerprint"),browserName:r("browser_name","browserName"),browserVersion:r("browser_version","browserVersion"),osName:r("os_name","osName"),osVersion:r("os_version","osVersion"),ipAddress:r("ip_address","ipAddress"),locationCountry:r("location_country","locationCountry"),locationCity:r("location_city","locationCity"),lastActivityAt:t("last_activity_at","lastActivityAt"),createdAt:t("created_at","createdAt"),isCurrent:r("is_current","isCurrent"),loginMethod:r("login_method","loginMethod"),trustScore:r("trust_score","trustScore")}}var R2=()=>{};import{and as Xo,desc as k2,eq as pn,isNull as E2}from"drizzle-orm";import{Elysia as RE}from"elysia";function As(n,r,t){let{db:o,logger:a}=n,c=r.route||"/auth/sessions",e=new RE;if(!r.enabled||!t)return e;let i=t,s=(f)=>{let l=f.replace(/([A-Z])/g,"_$1").toLowerCase();return i[f]||i[l]};return e.get(c,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let l=f.request.headers.get("x-user-id");if(!l)return{success:!1,message:"Authentication required"};let d=f.request.headers.get("x-session-id"),b=await o.select().from(t).where(Xo(pn(s("userId"),l),pn(s("isActive"),!0),E2(s("revokedAt")))).orderBy(k2(s("lastActivityAt"))),w=b.filter((_)=>{let g=_,R=(g.deviceFingerprint||"").toLowerCase(),k=g.ipAddress||"";return!((!R||R==="--"||R==="--unknown"||R.includes("bot/crawler")||R.includes("headless")||R.includes("unknown-unknown"))&&(k==="127.0.0.1"||k==="::1"||k==="localhost"||!k))}),h=w.map((_)=>{let g=_,R=$s(g);return R.isCurrent=g.id===d,R});return a.info("[AUTH] Sessions list retrieved",{userId:l,totalInDb:b.length,filteredCount:w.length,hiddenBotSessions:b.length-w.length}),{success:!0,data:{sessions:h,currentSessionId:d,totalCount:w.length}}},{detail:{tags:["Authentication"],summary:"List active sessions",description:"Get all active sessions for the current user"}}),e.get(`${c}/current`,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let l=f.request.headers.get("x-user-id"),d=f.request.headers.get("x-session-id");if(!l||!d)return{success:!1,message:"Authentication required"};let b=await o.select().from(t).where(pn(s("id"),d)).limit(1);if(b.length===0)return{success:!1,message:"Session not found"};let w=b[0],h=$s(w);return h.isCurrent=!0,{success:!0,data:h}},{detail:{tags:["Authentication"],summary:"Get current session",description:"Get details of the current session"}}),e.delete(`${c}/:sessionId`,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let l=f.request.headers.get("x-user-id");if(!l)return{success:!1,message:"Authentication required"};let{sessionId:d}=f.params,b=f.body,w=f.request.headers.get("x-session-id");if((await o.select().from(t).where(Xo(pn(s("id"),d),pn(s("userId"),l))).limit(1)).length===0)return{success:!1,message:"Session not found"};let _=d===w;await o.update(t).set({isActive:!1,revokedAt:new Date,revokedReason:_?"user_logout":b.reason||"user_revoked"}).where(pn(s("id"),d)),a.info("[AUTH] Session revoked",{userId:l,sessionId:d,isCurrentSession:_,reason:b.reason||"user_revoked"});let g=new URL(f.request.url);return a.audit({entityName:"user_sessions",entityId:d,operation:_?"LOGOUT":"SESSION_REVOKE",userId:l||void 0,summary:_?"User logged out via session revoke":`Session revoked (${d.substring(0,8)}...)`,ipAddress:f.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||f.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:f.request.headers.get("user-agent")||"unknown",path:g.pathname,query:g.search}),{success:!0,message:_?"Logged out successfully":"Session revoked successfully"}},{body:Xd,detail:{tags:["Authentication"],summary:"Revoke session",description:"Revoke a specific session by ID"}}),e.delete(`${c}/all`,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let l=f.request.headers.get("x-user-id");if(!l)return{success:!1,message:"Authentication required"};let d=f.body,b=f.request.headers.get("x-session-id"),w=o.update(t).set({isActive:!1,revokedAt:new Date,revokedReason:d.reason||"user_revoked"}).where(Xo(pn(s("userId"),l),pn(s("isActive"),!0)));if(d.excludeCurrent&&b){let{ne:_}=await import("drizzle-orm");w=o.update(t).set({isActive:!1,revokedAt:new Date,revokedReason:d.reason||"user_revoked"}).where(Xo(pn(s("userId"),l),pn(s("isActive"),!0),_(s("id"),b)))}await w,a.info("[AUTH] All sessions revoked",{userId:l,excludeCurrent:d.excludeCurrent,reason:d.reason||"user_revoked"});let h=new URL(f.request.url);return a.audit({entityName:"user_sessions",operation:"SESSION_REVOKE_ALL",userId:l||void 0,summary:d.excludeCurrent?"All other sessions revoked":"All sessions revoked",ipAddress:f.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||f.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:f.request.headers.get("user-agent")||"unknown",path:h.pathname,query:h.search}),{success:!0,message:d.excludeCurrent?"All other sessions revoked successfully":"All sessions revoked successfully"}},{body:Ld,detail:{tags:["Authentication"],summary:"Revoke all sessions",description:"Revoke all sessions for the current user (optionally exclude current)"}}),e.get(`${c}/stats`,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let l=f.request.headers.get("x-user-id");if(!l)return{success:!1,message:"Authentication required"};let{count:d,countDistinct:b}=await import("drizzle-orm"),w=await o.select({count:d()}).from(t).where(Xo(pn(s("userId"),l),pn(s("isActive"),!0),E2(s("revokedAt")))),h=await o.select({count:b(s("deviceFingerprint"))}).from(t).where(Xo(pn(s("userId"),l),pn(s("isActive"),!0))),_=await o.select({count:b(s("ipAddress"))}).from(t).where(Xo(pn(s("userId"),l),pn(s("isActive"),!0)));return{success:!0,data:{activeSessions:w[0]?.count||0,uniqueDevices:h[0]?.count||0,uniqueIpAddresses:_[0]?.count||0}}},{detail:{tags:["Authentication"],summary:"Session statistics",description:"Get session statistics for the current user"}}),e.post(`${c}/approve`,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let{token:l}=f.body;if(!l)return{success:!1,message:"Token is required"};let d=await o.select().from(t).where(pn(s("approvalToken"),l)).limit(1);if(d.length===0)return{success:!1,message:"Invalid or expired approval token"};let b=d[0];if(b.approvalStatus!=="pending")return{success:!1,message:"Session already processed"};return await o.update(t).set({approvalStatus:"approved",isActive:!0,approvalRespondedAt:new Date,approvalToken:null}).where(pn(s("id"),b.id)),a.info("[AUTH] Device approved",{sessionId:b.id,userId:b.userId}),{success:!0,message:"Device approved successfully"}},{detail:{tags:["Authentication"],summary:"Approve pending device",description:"Approve a pending device login request"}}),e.post(`${c}/reject`,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let{token:l}=f.body;if(!l)return{success:!1,message:"Token is required"};let d=await o.select().from(t).where(pn(s("approvalToken"),l)).limit(1);if(d.length===0)return{success:!1,message:"Invalid or expired approval token"};let b=d[0];if(b.approvalStatus!=="pending")return{success:!1,message:"Session already processed"};return await o.update(t).set({approvalStatus:"rejected",isActive:!1,revokedAt:new Date,revokedReason:"user_rejected",approvalRespondedAt:new Date,approvalToken:null}).where(pn(s("id"),b.id)),a.info("[AUTH] Device rejected",{sessionId:b.id,userId:b.userId}),{success:!0,message:"Device rejected and blocked"}},{detail:{tags:["Authentication"],summary:"Reject pending device",description:"Reject a pending device login request"}}),e.get(`${c}/pending`,async(f)=>{if(!o)return{success:!1,message:"Database not configured"};let l=f.request.headers.get("x-user-id");if(!l)return{success:!1,message:"Authentication required"};let d=await o.select().from(t).where(Xo(pn(s("userId"),l),pn(s("approvalStatus"),"pending"))).orderBy(k2(s("createdAt")));return{success:!0,data:{sessions:d.map((w)=>{let h=w;return{...$s(h),approvalStatus:h.approval_status||h.approvalStatus,approvalToken:h.approval_token||h.approvalToken,approvalRequestedAt:h.approval_requested_at?.toISOString()||h.approvalRequestedAt?.toISOString()}}),totalCount:d.length}}},{detail:{tags:["Authentication"],summary:"List pending devices",description:"Get all pending device approval requests for the current user"}}),e}var Cd=u(()=>{Vd();R2();Vd()});var M2={};co(M2,{createSessionsRoute:()=>As,createRegisterRoute:()=>hs,createRefreshRoute:()=>ws,createPasswordSetRoute:()=>ms,createPasswordResetRoute:()=>_s,createPasswordChangeRoute:()=>gs,createMeRoute:()=>us,createMagicLinkRoute:()=>ds,createLogoutRoute:()=>Ai,createLoginRoute:()=>hi,createInviteRoute:()=>gi,createImpersonateRoute:()=>si,createEmailVerificationRoutes:()=>ui,createChangeUserIdRoute:()=>ii,createAuthRoutes:()=>S2});function S2(n,r){let{authConfig:t,features:o,helpers:a}=r;if(r.oauthAccountsTable)t.oauthAccountsTable=r.oauthAccountsTable;if(r.schemaTables)t.schemaTables=r.schemaTables;let c=t.authentication?.cookieMaxAgeBufferSeconds??0,e={accessTokenName:t.authentication?.accessToken?.name||"access_token",refreshTokenName:t.authentication?.refreshToken?.name||"refresh_token",sessionTokenName:t.authentication?.sessionToken?.name||"session_token",accessTokenMaxAge:Math.max(0,st(t.authentication?.accessToken?.expiresIn||"15m")-c),refreshTokenMaxAge:st(t.authentication?.refreshToken?.expiresIn||"7d"),sessionTokenMaxAge:st(t.authentication?.sessionToken?.expiresIn||"30d")};if(t.logger.info("[AUTH] Cookie config created",{accessTokenMaxAge:e.accessTokenMaxAge,refreshTokenMaxAge:e.refreshTokenMaxAge,sessionTokenMaxAge:e.sessionTokenMaxAge,accessTokenExpiresIn:t.authentication?.accessToken?.expiresIn,sessionTokenExpiresIn:t.authentication?.sessionToken?.expiresIn}),o.login?.enabled){let s=hi(t,o.login,a.signAccessToken,a.signRefreshToken,a.createSession,a.saveSessionToDb,e,r.tokenResponseConfig);n.use(s)}if(o.register?.enabled){let s=hs(t,o.register,a.sendWelcomeEmail,a.signAccessToken,a.signRefreshToken,a.createSession,e,r.tokenResponseConfig,r.emailService,r.appName);if(n.use(s),o.register.emailVerification?.enabled){let f=ui({authConfig:t,registerConfig:o.register,emailService:r.emailService,appName:r.appName});n.use(f)}}if(o.logout?.enabled){let s=Ai(t,o.logout,a.destroySession,a.revokeSessionInDb);n.use(s)}if(o.refresh?.enabled){let s=ws(t,o.refresh,a.verifyRefreshToken,a.signAccessToken,a.signRefreshToken,r.tokenResponseConfig,c);n.use(s)}if(o.passwordReset?.enabled&&a.storeResetToken&&a.getResetToken&&a.deleteResetToken){let s=_s(t,o.passwordReset,a.storeResetToken,a.getResetToken,a.deleteResetToken,a.sendResetEmail);n.use(s)}if(o.passwordChange?.enabled){let s=gs(t,o.passwordChange);n.use(s)}if(o.passwordSet?.enabled){let s=ms(t,o.passwordSet,a.getMagicToken,a.deleteMagicToken);n.use(s)}if(o.sessions?.enabled&&r.sessionsTable){let s=As(t,o.sessions,r.sessionsTable);n.use(s)}if(o.magicLink?.enabled&&r.emailService?.isAvailable()&&a.storeMagicToken&&a.getMagicToken&&a.deleteMagicToken){let s=ds(t,o.magicLink,r.emailService,a.signAccessToken,a.signRefreshToken,a.createSession,a.storeMagicToken,a.getMagicToken,a.deleteMagicToken,r.appName);n.use(s)}if(o.me?.enabled){let s=us(t,o.me,r.schemaTables||{},r.schemaRelations||{},r.databaseUrl);n.use(s)}if(o.invite?.enabled&&r.emailService?.isAvailable()&&a.storeMagicToken){let s=gi(t,o.invite,r.emailService,a.storeMagicToken,r.appName,a.getMagicToken);n.use(s)}if(o.captcha?.enabled&&r.captchaService){let s=i_({captchaService:r.captchaService,logger:t.logger,basePath:o.captcha.route||"/auth/captcha"});n.use(s)}if(o.oauth?.enabled&&o.oauth.providers){let s=new Qe(o.oauth),f=d2(t,s,a.signAccessToken,a.signRefreshToken,a.createSession,a.saveSessionToDb,e,r.tokenResponseConfig,r.emailService,a.storeMagicToken,r.appName);n.use(f)}let i=f_(t,{route:"/auth/check",isPublic:!1,enabled:!0});if(n.use(i),r.admin?.impersonate?.enabled!==!1){let s=si(t,a.signAccessToken,a.signRefreshToken,a.createSession,a.saveSessionToDb,e);n.use(s)}if(r.admin?.changeUserId?.enabled!==!1){let s=ii(t,r.databaseUrl,r.schemaTables);n.use(s)}return n}var Qd=u(()=>{Cf();Ie();zl();Bl();s_();l_();Wl();Yl();Vl();Cl();wd();hd();u2();Rd();Md();zd();Bd();Jd();Cd();Wl();Yl();Vl();Cl();wd();hd();Rd();Md();zd();Bd();Jd();Cd();Bl();zl()});import{batch as Ss,createStore as B2}from"h-state";import{useEffectEvent as W2}from"react";function Y2(n){let r={};for(let t of Object.keys(n))r[t]={isPending:!1,data:null,error:null,code:null};return r}function J2(n,r){let{useStore:t}=B2(Y2(n),{_callEndpoint:(o)=>async(a,c)=>{if(!o[a])return;Ss(()=>{o[a].isPending=!0,o[a].error=null});try{let i=await r(a,c.payload);if(Ss(()=>{if(o[a].isPending=!1,o[a].code=i.code??null,i.isSuccess&&i.data!==void 0)o[a].data=i.data,o[a].error=null;else o[a].error=i.errors??null}),i.isSuccess)c.onAfterHandle?.(i.data??i);else c.onErrorHandle?.(i.errors??{message:"Request failed"},i.code)}catch(i){Ss(()=>{o[a].isPending=!1,o[a].error={message:i instanceof Error?i.message:"Unknown error"}}),c.onErrorHandle?.({message:i instanceof Error?i.message:"Unknown error"},null)}}});return function(){let a=t(),c=W2((i,s)=>{a._callEndpoint(i,s)}),e={};for(let i of Object.keys(n)){let s=(f)=>{c(i,f)};e[i]={state:a[i],start:s}}return e}}var Nd={$schema:"../schemas/nucleus.tables.schema.json",tables:[{table_name:"users",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"email",type:"varchar",length:255},{name:"password",type:"varchar",length:255},{name:"verified_at",type:"timestamp"},{name:"email_verification_token",type:"varchar",length:255},{name:"email_verification_token_expires_at",type:"timestamp"},{name:"email_verification_sent_at",type:"timestamp"},{name:"email_verification_attempts",type:"integer",default:0},{name:"last_login_at",type:"timestamp"},{name:"login_count",type:"integer",default:0},{name:"is_locked",type:"boolean",default:!1},{name:"locked_until",type:"timestamp"},{name:"failed_login_attempts",type:"integer",default:0},{name:"is_god",type:"boolean",default:!1}],indexes:[{columns:["email"],unique:!0},{columns:["email","is_active"]},{columns:["last_login_at"]},{columns:["is_locked","locked_until"]}]},{table_name:"profiles",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"first_name",type:"varchar",length:100,notNull:!0},{name:"last_name",type:"varchar",length:100,notNull:!0}],indexes:[{columns:["user_id"],unique:!0},{columns:["first_name","last_name"]}]},{table_name:"roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500}],indexes:[{columns:["name"],unique:!0}]},{table_name:"claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"action",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500},{name:"path",type:"varchar",length:200,notNull:!0},{name:"method",type:"varchar",length:10,notNull:!0}],indexes:[{columns:["action"],unique:!0},{columns:["path","method"]}]},{table_name:"user_roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}}],indexes:[{columns:["user_id"]},{columns:["role_id"]}],constraints:{unique:[{name:"unique_user_role",columns:["user_id","role_id"]}]}},{table_name:"role_claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}},{name:"claim_id",type:"uuid",notNull:!0,references:{table:"claims",column:"id",onDelete:"cascade"}},{name:"scope",type:"text"}],indexes:[{columns:["role_id"]},{columns:["claim_id"]},{columns:["role_id","claim_id","scope"]}]},{table_name:"files",feature_set:["storage"],add_base_columns:!0,is_form_data:!0,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"original_name",type:"varchar",length:255,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["image","document","video","audio","profile_picture"]},{name:"path",type:"varchar",length:500,notNull:!0},{name:"size",type:"bigint",mode:"number",notNull:!0},{name:"mime_type",type:"varchar",length:100,notNull:!0},{name:"extension",type:"varchar",length:10,notNull:!0},{name:"uploaded_by",type:"uuid",references:{table:"users",column:"id"}}],indexes:[{columns:["type"]},{columns:["uploaded_by"]},{columns:["size"]}]},{table_name:"addresses",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"street",type:"varchar",length:255},{name:"city",type:"varchar",length:100},{name:"state",type:"varchar",length:50},{name:"zip",type:"varchar",length:20},{name:"country",type:"varchar",length:50,default:"US"},{name:"latitude",type:"decimal",precision:10,scale:8},{name:"longitude",type:"decimal",precision:11,scale:8},{name:"neighborhood",type:"varchar",length:100},{name:"apartment",type:"varchar",length:50},{name:"province",type:"varchar",length:100},{name:"district",type:"varchar",length:100},{name:"type",type:"varchar",length:50}],indexes:[{columns:["city","state"]},{columns:["latitude","longitude"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"phones",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["mobile","office","fax"]},{name:"number",type:"varchar",length:20,notNull:!0},{name:"country_code",type:"varchar",length:10,notNull:!0,default:"+1"},{name:"extension",type:"varchar",length:10}],indexes:[{columns:["number"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"notifications",feature_set:["authentication","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",notNull:!0},{name:"title",type:"varchar",length:255,notNull:!0},{name:"body",type:"varchar",length:1000},{name:"entity_name",type:"varchar",length:100},{name:"entity_id",type:"uuid"},{name:"is_seen",type:"boolean",notNull:!0,default:!1},{name:"seen_at",type:"timestamptz"}],indexes:[{columns:["user_id","created_at"]},{columns:["is_seen"]}]},{table_name:"tenants",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],columns:[{name:"subdomain",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_id",type:"uuid",notNull:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_name",type:"varchar",length:255},{name:"god_admin_email",type:"varchar",length:255}],indexes:[]},{table_name:"verifications",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"requirement_id",type:"uuid",notNull:!0,references:{table:"verificationRequirements",column:"id"}},{name:"verifier_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"signature_id",type:"uuid",references:{table:"files",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"decision",type:"varchar",length:50,notNull:!0,default:"pending",enumValues:["approved","rejected","pending"]},{name:"reason",type:"text"},{name:"diff",type:"jsonb"}],indexes:[{columns:["requirement_id"]},{columns:["verifier_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","step_order"]},{columns:["decision"]}]},{table_name:"verificationRequirements",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"entity_id",type:"uuid"},{name:"entity_name",type:"varchar",length:100},{name:"verifier_type",type:"varchar",length:30,enumValues:["user","role","entity_creator"]},{name:"verifier_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:50},{name:"is_signature_mandatory",type:"boolean",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"is_all_required",type:"boolean",notNull:!0,default:!1},{name:"connected_from_step_order",type:"integer"},{name:"position_x",type:"numeric"},{name:"position_y",type:"numeric"}],indexes:[{columns:["entity_id"]}]},{table_name:"verificationFlows",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"trigger_on",type:"varchar",length:50,notNull:!0,default:"update",enumValues:["create","update","delete","manual"]},{name:"trigger_fields",type:"jsonb"},{name:"is_draft",type:"boolean",notNull:!0,default:!0},{name:"published_at",type:"timestamptz"},{name:"viewport",type:"jsonb"}],indexes:[{columns:["entity_name"]},{columns:["entity_name","trigger_on"]},{columns:["is_draft"]}]},{table_name:"verificationSteps",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"node_type",type:"varchar",length:50,notNull:!0,default:"step",enumValues:["start","step","condition","notification","end"]},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"name",type:"varchar",length:255},{name:"description",type:"text"},{name:"position_x",type:"numeric",notNull:!0,default:0},{name:"position_y",type:"numeric",notNull:!0,default:0},{name:"width",type:"numeric"},{name:"height",type:"numeric"},{name:"style",type:"jsonb"},{name:"data",type:"jsonb"}],indexes:[{columns:["flow_id"]},{columns:["entity_name"]},{columns:["flow_id","node_id"],unique:!0},{columns:["entity_name","step_order"]}]},{table_name:"verificationEdges",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"edge_id",type:"varchar",length:100,notNull:!0},{name:"source_node_id",type:"varchar",length:100,notNull:!0},{name:"target_node_id",type:"varchar",length:100,notNull:!0},{name:"source_handle",type:"varchar",length:50},{name:"target_handle",type:"varchar",length:50},{name:"edge_type",type:"varchar",length:50,default:"default",enumValues:["default","conditional","success","failure"]},{name:"label",type:"varchar",length:255},{name:"condition",type:"jsonb"},{name:"style",type:"jsonb"},{name:"animated",type:"boolean",default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","edge_id"],unique:!0},{columns:["source_node_id"]},{columns:["target_node_id"]}]},{table_name:"verificationNotificationRules",feature_set:["authentication","verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"step_node_id",type:"varchar",length:100},{name:"trigger",type:"varchar",length:50,notNull:!0,enumValues:["on_flow_started","on_step_reached","on_approved","on_rejected","on_flow_completed"]},{name:"channel",type:"varchar",length:20,notNull:!0,default:"portal",enumValues:["portal","email","both"]},{name:"title_template",type:"varchar",length:255},{name:"body_template",type:"text"},{name:"starts_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["flow_id","step_node_id"]},{columns:["trigger"]}]},{table_name:"verificationNotificationRecipients",feature_set:["authentication","verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0},{name:"recipient_type",type:"varchar",length:20,notNull:!0,enumValues:["user","role","all_verifiers","step_verifier"]},{name:"recipient_user_id",type:"uuid"},{name:"recipient_role_id",type:"uuid"},{name:"channel",type:"varchar",length:20,notNull:!0,enumValues:["portal"]}],indexes:[{columns:["rule_id"]},{columns:["recipient_type"]},{columns:["channel"]}]},{table_name:"user_sessions",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"refresh_token_hash",type:"varchar",length:255},{name:"device_fingerprint",type:"varchar",length:255},{name:"device_name",type:"varchar",length:100},{name:"device_type",type:"varchar",length:50,enumValues:["desktop","mobile","tablet","unknown"]},{name:"browser_name",type:"varchar",length:50},{name:"browser_version",type:"varchar",length:20},{name:"os_name",type:"varchar",length:50},{name:"os_version",type:"varchar",length:20},{name:"ip_address",type:"varchar",length:45,notNull:!0},{name:"location_country",type:"varchar",length:100},{name:"location_city",type:"varchar",length:100},{name:"location_coordinates",type:"varchar",length:50},{name:"last_activity_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:100,enumValues:["user_logout","user_revoked","admin_revoked","security_concern","password_changed","expired","replaced"]},{name:"is_current",type:"boolean",notNull:!0,default:!1},{name:"login_method",type:"varchar",length:50,enumValues:["password","oauth_google","oauth_github","oauth_microsoft","magic_link","sso","api_key"]},{name:"remember_me",type:"boolean",notNull:!0,default:!1},{name:"trust_score",type:"integer",default:100},{name:"approval_status",type:"varchar",length:20,default:"approved",enumValues:["approved","pending","rejected"]},{name:"approval_token",type:"varchar",length:64},{name:"approval_requested_at",type:"timestamptz"},{name:"approval_responded_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["token_hash"],unique:!0},{columns:["refresh_token_hash"]},{columns:["user_id","is_active"]},{columns:["expires_at"]},{columns:["device_fingerprint"]},{columns:["ip_address"]},{columns:["last_activity_at"]},{columns:["approval_status"]},{columns:["approval_token"]}]},{table_name:"password_reset_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"magic_link_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"email",type:"varchar",length:255,notNull:!0},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["email"]},{columns:["expires_at"]}]},{table_name:"audit_logs",feature_set:["audit"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"entity_id",type:"uuid"},{name:"entity_name",type:"text",notNull:!0},{name:"operation_type",type:"text",notNull:!0},{name:"user_id",type:"uuid"},{name:"ip_address",type:"text"},{name:"user_agent",type:"text"},{name:"summary",type:"text"},{name:"old_values",type:"jsonb"},{name:"new_values",type:"jsonb"},{name:"created_at",type:"timestamp",notNull:!0,defaultRaw:"now()"},{name:"path",type:"text"},{name:"query",type:"text"}],indexes:[{columns:["entity_id"]},{columns:["entity_name"]},{columns:["user_id"]},{columns:["created_at"]}]},{table_name:"oauth_accounts",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!1,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0,enumValues:["google","github","microsoft","discord","facebook","twitter","apple","custom"]},{name:"provider_account_id",type:"varchar",length:255,notNull:!0},{name:"provider_email",type:"varchar",length:255},{name:"provider_name",type:"varchar",length:255},{name:"provider_avatar_url",type:"text"},{name:"access_token",type:"text"},{name:"refresh_token",type:"text"},{name:"token_expires_at",type:"timestamp"},{name:"scope",type:"text"},{name:"raw_profile",type:"jsonb"},{name:"is_primary",type:"boolean",notNull:!0,default:!1},{name:"last_used_at",type:"timestamp"}],indexes:[{columns:["user_id"]},{columns:["provider","provider_account_id"],unique:!0},{columns:["provider_email"]},{columns:["user_id","provider"]}],constraints:{unique:[{name:"unique_provider_account",columns:["provider","provider_account_id"]}]}}]};var Ms={login:{key:"LOGIN",method:"POST",defaultRoute:"/auth/login",defaultIsPublic:!0,_payload:void 0,_success:void 0,_error:void 0},register:{key:"REGISTER",method:"POST",defaultRoute:"/auth/register",defaultIsPublic:!0,_payload:void 0,_success:void 0,_error:void 0},logout:{key:"LOGOUT",method:"POST",defaultRoute:"/auth/logout",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},refresh:{key:"REFRESH",method:"POST",defaultRoute:"/auth/refresh",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},me:{key:"ME",method:"GET",defaultRoute:"/auth/me",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordChange:{key:"PASSWORD_CHANGE",method:"POST",defaultRoute:"/auth/password-change",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordSet:{key:"PASSWORD_SET",method:"POST",defaultRoute:"/auth/password-set",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordReset:{key:"PASSWORD_RESET_REQUEST",method:"POST",defaultRoute:"/auth/password-reset",defaultIsPublic:!0,subEndpoints:[{key:"PASSWORD_RESET_REQUEST",method:"POST",suffix:"/request",_payload:void 0,_success:void 0,_error:void 0},{key:"PASSWORD_RESET_CONFIRM",method:"POST",suffix:"/confirm",_payload:void 0,_success:void 0,_error:void 0}]},sessions:{key:"SESSIONS",method:"GET",defaultRoute:"/auth/sessions",defaultIsPublic:!1,subEndpoints:[{key:"SESSIONS",method:"GET",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_CURRENT",method:"GET",suffix:"/current",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_STATS",method:"GET",suffix:"/stats",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_PENDING",method:"GET",suffix:"/pending",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REVOKE",method:"DELETE",suffix:"/:sessionId",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REVOKE_ALL",method:"DELETE",suffix:"/all",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_APPROVE",method:"POST",suffix:"/approve",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REJECT",method:"POST",suffix:"/reject",_payload:void 0,_success:void 0,_error:void 0}]},magicLink:{key:"MAGIC_LINK",method:"POST",defaultRoute:"/auth/magic-link",defaultIsPublic:!0,subEndpoints:[{key:"MAGIC_LINK",method:"POST",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"MAGIC_LINK_VERIFY",method:"GET",suffix:"/verify",routeKey:"verifyRoute",_payload:void 0,_success:void 0,_error:void 0}]},invite:{key:"INVITE",method:"POST",defaultRoute:"/auth/invite",defaultIsPublic:!1,subEndpoints:[{key:"INVITE",method:"POST",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"INVITE_VERIFY",method:"POST",suffix:"/verify",_payload:void 0,_success:void 0,_error:void 0}]},emailVerification:{key:"VERIFY_EMAIL",method:"GET",defaultRoute:"/verify-email",defaultIsPublic:!0,subEndpoints:[{key:"VERIFY_EMAIL",method:"GET",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"RESEND_VERIFICATION",method:"POST",suffix:"",routeKey:"resendRoute",defaultRoute:"/resend-verification",_payload:void 0,_success:void 0,_error:void 0}]},captcha:{key:"CAPTCHA",method:"GET",defaultRoute:"/auth/captcha",defaultIsPublic:!0,subEndpoints:[{key:"CAPTCHA_GENERATE",method:"GET",suffix:"/generate",_payload:void 0,_success:void 0,_error:void 0},{key:"CAPTCHA_VALIDATE",method:"POST",suffix:"/validate",_payload:void 0,_success:void 0,_error:void 0}]},oauth:{key:"OAUTH_PROVIDERS",method:"GET",defaultRoute:"/auth/oauth/providers",defaultIsPublic:!0,subEndpoints:[{key:"OAUTH_PROVIDERS",method:"GET",suffix:"/providers",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_REDIRECT",method:"GET",suffix:"/:provider",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_ACCOUNTS",method:"GET",suffix:"/accounts",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_UNLINK",method:"DELETE",suffix:"/unlink/:provider",_payload:void 0,_success:void 0,_error:void 0}]}},xd={healthCheck:{key:"MONITORING_HEALTH_CHECK",method:"GET",suffix:"/health",_payload:void 0,_success:void 0,_error:void 0},getSettings:{key:"MONITORING_GET_SETTINGS",method:"GET",suffix:"/settings",_payload:void 0,_success:void 0,_error:void 0},changeSettings:{key:"MONITORING_CHANGE_SETTINGS",method:"PATCH",suffix:"/settings",_payload:void 0,_success:void 0,_error:void 0},getLogs:{key:"MONITORING_GET_LOGS",method:"GET",suffix:"/logs",_payload:void 0,_success:void 0,_error:void 0}};var L2=["profiles","addresses","phones","files","users","roles","claims","user_roles","role_claims","audit_logs"],V2=Nd.tables.filter((n)=>L2.includes(n.table_name));function la(n){return n.replace(/([a-z])([A-Z])/g,"$1_$2").replace(/[\s-]+/g,"_").toUpperCase()}function C2(n){return n.replace(/_([a-z])/g,(r,t)=>t.toUpperCase())}function Ds(n){if(n.endsWith("ies"))return`${n.slice(0,-3)}y`;if(n.endsWith("ses"))return`${n.slice(0,-2)}`;if(n.endsWith("s"))return n.slice(0,-1);return n}function Dt(n,r){let t=la(n),o=la(Ds(n));switch(r){case"GET":return`GET_${t}`;case"POST":return`ADD_${o}`;case"PUT":return`UPDATE_${o}`;case"PATCH":return`PATCH_${o}`;case"DELETE":return`DELETE_${o}`}}function fa(n,r){let t=la(n);switch(r){case"POST":return`BULK_ADD_${t}`;case"PUT":return`BULK_UPDATE_${t}`;case"DELETE":return`BULK_DELETE_${t}`}}function eo(n,r){if(!n.excluded_methods)return!1;let t={GET:"GET",POST:"POST",PUT:"PUT",PATCH:"PATCH",DELETE:"DELETE"};return n.excluded_methods.includes(t[r])}function qd(n){let r={};for(let t of n.entities){let o=t.table_name,a=`/${o}`;if(!eo(t,"GET")){r[Dt(o,"GET")]={method:"GET",path:a,isPublic:t.is_public?.GET??!1,_payload:void 0,_success:void 0,_error:void 0};let c=la(Ds(o));r[`GET_${c}_BY_ID`]={method:"GET",path:`${a}/:id`,isPublic:t.is_public?.GET??!1,_payload:void 0,_success:void 0,_error:void 0},r[`GET_${la(o)}_DISTINCT`]={method:"GET",path:`${a}/distinct/:field`,isPublic:t.is_public?.GET??!1,_payload:void 0,_success:void 0,_error:void 0}}if(!eo(t,"POST"))r[Dt(o,"POST")]={method:"POST",path:a,isPublic:t.is_public?.POST??!1,isFormData:t.is_form_data,_payload:void 0,_success:void 0,_error:void 0};if(!eo(t,"PUT"))r[Dt(o,"PUT")]={method:"PUT",path:`${a}/:id`,isPublic:t.is_public?.PUT??!1,isFormData:t.is_form_data,_payload:void 0,_success:void 0,_error:void 0};if(!eo(t,"PATCH"))r[Dt(o,"PATCH")]={method:"PATCH",path:`${a}/:id`,isPublic:t.is_public?.PATCH??!1,_payload:void 0,_success:void 0,_error:void 0};if(!eo(t,"DELETE"))r[Dt(o,"DELETE")]={method:"DELETE",path:`${a}/:id`,isPublic:t.is_public?.DELETE??!1,_payload:void 0,_success:void 0,_error:void 0};if(t.bulk_endpoints_enabled){if(!eo(t,"POST"))r[fa(o,"POST")]={method:"POST",path:`${a}/bulk`,isPublic:t.is_public?.POST??!1,_payload:void 0,_success:void 0,_error:void 0};if(!eo(t,"PUT"))r[fa(o,"PUT")]={method:"PUT",path:`${a}/bulk`,isPublic:t.is_public?.PUT??!1,_payload:void 0,_success:void 0,_error:void 0};if(!eo(t,"DELETE"))r[fa(o,"DELETE")]={method:"DELETE",path:`${a}/bulk`,isPublic:t.is_public?.DELETE??!1,_payload:void 0,_success:void 0,_error:void 0}}}return r}function Fd(n){let r={},t=n.authentication;if(!t?.enabled)return r;for(let[o,a]of Object.entries(Ms)){let c=t[o];if(!c?.enabled)continue;let e=c.route||a.defaultRoute,i=c.isPublic??a.defaultIsPublic;if("subEndpoints"in a&&a.subEndpoints)for(let s of a.subEndpoints){let f="routeKey"in s&&s.routeKey&&c[s.routeKey]?String(c[s.routeKey]):("defaultRoute"in s)&&s.defaultRoute?String(s.defaultRoute):`${e}${s.suffix}`;r[s.key]={method:s.method,path:f,isPublic:s.key==="MAGIC_LINK_VERIFY"?!0:i,_payload:s._payload,_success:s._success,_error:s._error}}else if("_payload"in a)r[a.key]={method:a.method,path:e,isPublic:i,_payload:a._payload,_success:a._success,_error:a._error}}return r}function jd(){let n={};for(let r of V2){let t=r.table_name,a=`/${C2(t)}`,c=t==="files";n[Dt(t,"GET")]={method:"GET",path:a,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0};let e=la(Ds(t));if(n[`GET_${e}_BY_ID`]={method:"GET",path:`${a}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[Dt(t,"POST")]={method:"POST",path:a,isPublic:!1,isFormData:c,_payload:void 0,_success:void 0,_error:void 0},n[Dt(t,"PUT")]={method:"PUT",path:`${a}/:id`,isPublic:!1,isFormData:c,_payload:void 0,_success:void 0,_error:void 0},n[Dt(t,"PATCH")]={method:"PATCH",path:`${a}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[Dt(t,"DELETE")]={method:"DELETE",path:`${a}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.bulk_endpoints_enabled)n[fa(t,"POST")]={method:"POST",path:`${a}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[fa(t,"PUT")]={method:"PUT",path:`${a}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[fa(t,"DELETE")]={method:"DELETE",path:`${a}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}}return n}function pd(n){let r={},t=n.liveMonitoring;if(!t?.enabled)return r;let o=t.basePath||"/monitoring";for(let a of Object.values(xd))r[a.key]={method:a.method,path:`${o}${a.suffix}`,isPublic:!1,_payload:a._payload,_success:a._success,_error:a._error};return r}function Kd(n){let r={};if(!n.authentication?.enabled)return r;return r.ADMIN_IMPERSONATE={method:"POST",path:"/auth/admin/impersonate",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.ADMIN_IMPERSONATE_STOP={method:"POST",path:"/auth/admin/impersonate/stop",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.ADMIN_CHANGE_USER_ID={method:"POST",path:"/auth/admin/change-user-id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r}function Q2(n,r){let t=qd(n),o=Fd(n),a=Kd(n),c=jd(),e=pd(n);return{...t,...o,...a,...c,...e,...r??{}}}Vs();import{randomUUID as x2}from"crypto";var q2={timeout:30000,retries:0,retryDelay:1000,debug:!1};class cc{config;logger;constructor(n={}){this.config={...q2,...n},this.logger=new Cr({service:"ServerFetch",prettyPrint:this.config.debug,colorize:this.config.debug,auditEnabled:!1})}buildUrl(n){if(n.startsWith("http://")||n.startsWith("https://"))return n;return this.config.baseUrl?`${this.config.baseUrl}${n}`:n}buildHeaders(n){let r=new Headers;if(this.config.defaultHeaders)for(let[t,o]of Object.entries(this.config.defaultHeaders))r.set(t,o);if(n)if(n instanceof Headers)n.forEach((t,o)=>{r.set(o,t)});else if(Array.isArray(n))for(let[t,o]of n)r.set(t,o);else for(let[t,o]of Object.entries(n))r.set(t,o);return r}parseResponseHeaders(n){let r={};if(n.forEach((t,o)=>{if(o.toLowerCase()==="set-cookie"){let a=r[o];r[o]=a?`${a}, ${t}`:t}else r[o]=t}),typeof n.getSetCookie==="function"){let t=n.getSetCookie();if(t.length>0)r["set-cookie"]=t.join(", ")}return r}async executeWithTimeout(n,r,t){let o=new AbortController,a=setTimeout(()=>o.abort(),r);try{return await Promise.race([n,new Promise((e,i)=>{o.signal.addEventListener("abort",()=>{i(Error(`Request timeout after ${r}ms`))})})])}finally{clearTimeout(a)}}async fetch(n){let r=x2(),t=performance.now(),o=this.buildUrl(n.url),a=this.buildHeaders(n.headers),c=n.timeout??this.config.timeout??30000,e=n.retries??this.config.retries??0,i=n.retryDelay??this.config.retryDelay??1000,s;if(n.body)if(typeof n.body==="object"&&!(n.body instanceof FormData)&&!(n.body instanceof URLSearchParams)&&!(n.body instanceof Blob)&&!(n.body instanceof ArrayBuffer)){if(s=JSON.stringify(n.body),!a.has("content-type"))a.set("content-type","application/json")}else s=n.body;this.logger.debug(`[${r}] ${n.method} ${o}`,{method:n.method,url:o,hasBody:!!s});let f=null,l=0;while(l<=e)try{let b=await this.executeWithTimeout(fetch(o,{method:n.method,headers:a,body:s}),c,r),w=performance.now()-t,h=this.parseResponseHeaders(b.headers),_,g,R=await b.text();if(R)try{let M=JSON.parse(R);if(b.ok)_=M;else g=M}catch{if(!b.ok)g={message:R||b.statusText}}else if(!b.ok)g={message:b.statusText};let k={isSuccess:b.ok,response:_,errors:g,code:b.status,headers:h,durationMs:w,requestId:r,createdAt:new Date};if(b.ok)this.logger.info(`[${r}] ${n.method} ${o} ${b.status}`,{method:n.method,url:o,statusCode:b.status,durationMs:Math.round(w)});else this.logger.warn(`[${r}] ${n.method} ${o} ${b.status}`,{method:n.method,url:o,statusCode:b.status,durationMs:Math.round(w),error:g});return k}catch(b){if(f=b instanceof Error?b:Error(String(b)),l++,l<=e)this.logger.warn(`[${r}] Retry ${l}/${e} after error`,{method:n.method,url:o,error:f.message,attempt:l,retries:e}),await new Promise((w)=>setTimeout(w,i))}let d=performance.now()-t;return this.logger.error(`[${r}] ${n.method} ${o} failed`,f,{method:n.method,url:o,durationMs:Math.round(d),attempts:l}),{isSuccess:!1,response:void 0,errors:{message:f?.message||"Unknown error"},code:null,headers:{},durationMs:d,requestId:r,createdAt:new Date}}async get(n,r){return this.fetch({...r,url:n,method:"GET"})}async post(n,r,t){return this.fetch({...t,url:n,method:"POST",body:r})}async put(n,r,t){return this.fetch({...t,url:n,method:"PUT",body:r})}async patch(n,r,t){return this.fetch({...t,url:n,method:"PATCH",body:r})}async delete(n,r){return this.fetch({...r,url:n,method:"DELETE"})}}var F2=new cc;var j2={accessToken:"access_token",refreshToken:"refresh_token",sessionToken:"session_token"};function p2(n){let r=[],t="";for(let o=0;o<n.length;o++){let a=n[o];if(a===","){let c=n.slice(o+1).trimStart();if(/^[a-zA-Z0-9_-]+=/.test(c)){r.push(t.trim()),t="";continue}}t+=a}if(t.trim())r.push(t.trim());return r}function K2(n,r){let t={},o=["x-forwarded-for","x-real-ip","user-agent","accept-language","x-request-id","x-client-ip","cf-connecting-ip","true-client-ip"];for(let s of o){let f=n.get(s);if(f)t[s]=f}if(!t["user-agent"])t["user-agent"]="Nucleus-ServerAction/1.0";let a=n.get(`x-${r.accessToken}`),c=n.get(`x-${r.refreshToken}`),e=n.get(`x-${r.sessionToken}`);if(a)t[`x-${r.accessToken}`]=a;if(c)t[`x-${r.refreshToken}`]=c;if(e)t[`x-${r.sessionToken}`]=e;let i=n.get("cookie");if(i)t.cookie=i;return t}function v2(n){return n.replace(/_([a-z])/g,(r,t)=>t.toUpperCase())}function Cs(n){let r={};for(let[t,o]of Object.entries(n)){let a=t.startsWith("_")?t:v2(t);if(o instanceof Date)r[a]=o.toISOString();else if(o&&typeof o==="object"&&!Array.isArray(o))r[a]=Cs(o);else r[a]=o}return r}function T2(n,r){let t=new URLSearchParams,o=(c,e)=>{if(e===void 0||e===null)return;if(Array.isArray(e))for(let i of e)o(`${c}[]`,i);else if(e instanceof Date)t.append(c,e.toISOString());else if(typeof e==="object")for(let[i,s]of Object.entries(e))o(`${c}[${i}]`,s);else t.append(c,String(e))};for(let[c,e]of Object.entries(r))o(c,e);let a=t.toString();if(!a)return n;return n.includes("?")?`${n}&${a}`:`${n}?${a}`}function I2(n,r,t,o){let a={...j2,...r.tokenNames},c=new cc({baseUrl:r.baseUrl,debug:r.debug,timeout:30000,retries:0});return async function(i,s){let f=n[i];if(!f)return{isSuccess:!1,errors:{message:`Endpoint "${i}" not found`},code:404};let l=await t(),d=await o(),b={};d.forEach((k,M)=>{b[M]=k});let w=K2(d,a),h=f.path,_;if(s&&typeof s==="object"&&!(s instanceof FormData)){let k=s;for(let[M,C]of Object.entries(k))if(C!=null){if(M.startsWith("_"))h=h.replace(`:${M.substring(1)}`,String(C));else if(M==="id"&&h.includes(":id"))h=h.replace(":id",String(C))}}if(f.method==="GET"&&s&&typeof s==="object")h=T2(h,s);else if(s!==void 0){if(f.isFormData&&s instanceof FormData)_=s;else if(Array.isArray(s)){if(_=s.map((k)=>k&&typeof k==="object"?Cs(k):k),!w["content-type"])w["content-type"]="application/json"}else if(_=Cs(s),!w["content-type"])w["content-type"]="application/json"}let g=await c.fetch({url:h,method:f.method,headers:w,body:_});if(g.headers["set-cookie"])try{let k=g.headers["set-cookie"],M=p2(k);for(let C of M){let[N,...m]=C.split(";");if(!N)continue;let[A,H]=N.split("=");if(A&&H){let D={};for(let E of m){let[S,z]=E.trim().split("=");if(!S)continue;let U=S.toLowerCase();if(U==="path")D.path=z;else if(U==="domain")D.domain=z;else if(U==="max-age")D.maxAge=Number(z);else if(U==="expires"&&z)D.expires=new Date(z);else if(U==="httponly")D.httpOnly=!0;else if(U==="secure")D.secure=!0;else if(U==="samesite")D.sameSite=z}l.set(A.trim(),H.trim(),D)}}}catch(k){console.warn("[ServerFactory] Failed to process Set-Cookie headers:",k instanceof Error?k.message:String(k))}let R=g.response;if(g.isSuccess&&R&&typeof R==="object"&&!Array.isArray(R)){let k=R;if("success"in k&&!("data"in k)){let{success:M,message:C,error:N,...m}=k;R={success:M,...C!==void 0?{message:C}:{},...N!==void 0?{error:N}:{},...Object.keys(m).length>0?{data:m}:{}}}}return{isSuccess:g.isSuccess,data:R,errors:g.errors,code:g.code,message:g.isSuccess?void 0:g.errors?.message}}}import{useEffect as Zd,useEffectEvent as Lo,useRef as ec}from"react";import{batch as Z2,createStore as y2}from"h-state";var nh={connection:{status:"disconnected",clientId:null,subscribedTopics:[],error:null,reconnectAttempt:0},events:[],maxEvents:100},{useStore:Qs}=y2(nh,{setConnectionStatus:(n)=>(r)=>{n.connection.status=r},setClientId:(n)=>(r)=>{n.connection.clientId=r},setSubscribedTopics:(n)=>(r)=>{n.connection.subscribedTopics=r},setError:(n)=>(r)=>{n.connection.error=r},setReconnectAttempt:(n)=>(r)=>{n.connection.reconnectAttempt=r},addEvent:(n)=>(r)=>{let t=[r,...n.events];n.events=t.slice(0,n.maxEvents)},clearEvents:(n)=>()=>{n.events=[]},reset:(n)=>()=>{Z2(()=>{n.connection.status="disconnected",n.connection.clientId=null,n.connection.subscribedTopics=[],n.connection.error=null,n.connection.reconnectAttempt=0,n.events=[]})}});function rh(n){if(n.wsUrl){let c=n.wsUrl.replace(/\/$/,""),e=n.wsPath||"/api/events/subscribe",i=(n.topics||["*"]).join(",");return`${c}${e}?userId=${encodeURIComponent(n.userId)}&topics=${encodeURIComponent(i)}`}if(typeof window>"u")return"";let r=window.location.protocol==="https:"?"wss:":"ws:",t=window.location.host,o=n.wsPath||"/api/events/subscribe",a=(n.topics||["*"]).join(",");return`${r}//${t}${o}?userId=${encodeURIComponent(n.userId)}&topics=${encodeURIComponent(a)}`}var th=0;function oh(n){let r=Qs(),t=ec(null),o=ec(null),a=ec(null),c=ec(!1),e=ec(n);e.current=n;let i=n.autoReconnect??!0,s=n.maxReconnectAttempts??10,f=n.reconnectBaseDelay??1000,l=n.reconnectMaxDelay??30000,d=n.heartbeatInterval??30000,b=n.debug??!1,w=(...H)=>{if(b)console.log("[usePubSub]",...H)},h=()=>{if(o.current)clearInterval(o.current),o.current=null},_=()=>{if(a.current)clearTimeout(a.current),a.current=null},g=(H)=>{h(),o.current=setInterval(()=>{if(H.readyState===WebSocket.OPEN)H.send(JSON.stringify({type:"ping"}))},d)},R=Lo((H)=>{try{let D=JSON.parse(H.data);switch(D.type){case"connected":r.setConnectionStatus("connected"),r.setClientId(D.clientId),r.setSubscribedTopics(D.subscribedTopics),r.setReconnectAttempt(0),r.setError(null),w("Connected, clientId:",D.clientId);break;case"subscribed":r.setSubscribedTopics(D.topics),w("Subscribed to:",D.topics);break;case"event":{let E={id:`evt_${Date.now()}_${th++}`,topic:D.topic,data:D.data,timestamp:D.timestamp,receivedAt:Date.now(),messageId:D.messageId,isRedelivery:D.isRedelivery};if(r.addEvent(E),D.messageId&&t.current?.readyState===WebSocket.OPEN)t.current.send(JSON.stringify({type:"ack",messageId:D.messageId}));break}case"pong":break;case"error":r.setError(Error(D.error)),w("Server error:",D.error);break}}catch{w("Failed to parse message")}}),k=Lo((H)=>{if(c.current)return;if(!i)return;if(H>=s){r.setConnectionStatus("disconnected"),r.setError(Error("Max reconnection attempts reached")),w("Max reconnect attempts reached");return}let D=Math.min(f*2**H,l);w(`Reconnecting in ${D}ms (attempt ${H+1}/${s})`),r.setConnectionStatus("reconnecting"),r.setReconnectAttempt(H+1),_(),a.current=setTimeout(()=>{if(!c.current)M()},D)}),M=Lo(()=>{if(c.current)return;if(t.current?.readyState===WebSocket.OPEN)return;if(!e.current.userId)return;if(t.current){if(t.current.onopen=null,t.current.onmessage=null,t.current.onerror=null,t.current.onclose=null,t.current.readyState===WebSocket.OPEN||t.current.readyState===WebSocket.CONNECTING)t.current.close();t.current=null}let H=rh(e.current);if(!H)return;r.setConnectionStatus("connecting"),r.setError(null),w("Connecting to:",H);let D=new WebSocket(H);t.current=D,D.onopen=()=>{w("WebSocket opened"),g(D)},D.onmessage=R,D.onerror=()=>{w("WebSocket error"),r.setError(Error("WebSocket connection error"))},D.onclose=(E)=>{if(w("WebSocket closed",E.code,E.reason),h(),r.setConnectionStatus("disconnected"),r.setClientId(null),!c.current&&E.code!==4001){let S=r.connection.reconnectAttempt;k(S)}}}),C=Lo(()=>{if(h(),_(),t.current){if(t.current.onopen=null,t.current.onmessage=null,t.current.onerror=null,t.current.onclose=null,t.current.readyState===WebSocket.OPEN||t.current.readyState===WebSocket.CONNECTING)t.current.close();t.current=null}r.setConnectionStatus("disconnected"),r.setClientId(null)}),N=Lo((H)=>{if(t.current?.readyState!==WebSocket.OPEN)return;t.current.send(JSON.stringify({type:"subscribe",topics:H}))}),m=Lo((H)=>{if(t.current?.readyState!==WebSocket.OPEN)return;t.current.send(JSON.stringify({type:"unsubscribe",topics:H}))}),A=Lo((H)=>{return r.events.filter((D)=>D.topic===H)});return Zd(()=>{if(c.current=!1,n.userId)M();return()=>{c.current=!0,C()}},[n.userId]),Zd(()=>{if(r.connection.status==="connected"&&n.topics)N(n.topics)},[n.topics?.join(",")]),{isConnected:r.connection.status==="connected",isConnecting:r.connection.status==="connecting"||r.connection.status==="reconnecting",clientId:r.connection.clientId,subscribedTopics:r.connection.subscribedTopics,events:r.events,error:r.connection.error,reconnectAttempt:r.connection.reconnectAttempt,connect:M,disconnect:C,subscribe:N,unsubscribe:m,clearEvents:r.clearEvents,getEventsByTopic:A}}import{randomUUID as kE}from"crypto";var Fs=Rr(tu(),1);import{Elysia as ge,NotFoundError as ua}from"elysia";var vr,io,Qt=typeof Bun<"u"&&!!Bun.file;function da(){if(vr||(vr=process.getBuiltinModule("fs/promises")),io||(io=process.getBuiltinModule("path")),!io){console.warn("@elysiajs/static require path to be available.");return}return[vr,io]}async function ou(n){if(vr||da(),Qt){let r=new Bun.Glob("**/*.html"),t=[];for await(let o of r.scan(n))t.push(io.join(n,o));return t}return[]}async function Gs(n){if(vr||da(),Qt){let t=new Bun.Glob("**/*"),o=[];for await(let a of t.scan(n))o.push(io.join(n,a));return o}let r=await vr.readdir(n).catch(()=>[]);return(await Promise.all(r.map(async(t)=>{let o=n+io.sep+t,a=await vr.stat(o).catch(()=>null);return a?a.isDirectory()?await Gs(o):[io.resolve(n,o)]:[]}))).flat()}function Os(n){return vr||da(),vr.stat(n).then(()=>!0,()=>!1)}class Ns{constructor(n=250,r=10800){this.max=n,this.ttl=r,this.map=new Map}get(n){let r=this.map.get(n);if(r)return r[1]<=Date.now()?void this.delete(n):(this.map.delete(n),this.map.set(n,r),r[0])}set(n,r){if(this.interval||(this.interval=setInterval(()=>{let t=Date.now();for(let[o,a]of this.map)a[1]<=t&&this.map.delete(o)},this.ttl)),this.map.has(n))this.map.delete(n);else if(this.map.size>=this.max){let t=this.map.keys().next().value;t!==void 0&&this.delete(t)}this.map.set(n,[r,Date.now()+this.ttl*1000])}delete(n){this.map.get(n)&&this.map.delete(n)}clear(){this.map.clear()}size(){return this.map.size}[Symbol.dispose](){this.interval&&clearInterval(this.interval)}}function xs(n,r,t){if(n["cache-control"]&&/no-cache|no-store/.test(n["cache-control"]))return!1;if("if-none-match"in n){let o=n["if-none-match"];return o==="*"?!0:o===null||typeof r!="string"?!1:o===r}if(n["if-modified-since"]){let o=n["if-modified-since"];try{return vr.stat(t).then((a)=>{if(a.mtime!==void 0&&a.mtime.getTime()<=Date.parse(o))return!0})}catch{}}return!1}var be;function ic(n){return Qt?Bun.file(n):(vr||da(),vr.readFile(n))}async function qs(n){return Qt?new Bun.CryptoHasher("md5").update(await n.arrayBuffer()).digest("base64"):(be||(be=process.getBuiltinModule("crypto")),be?be.createHash("md5").update(n).digest("base64"):void console.warn("[@elysiajs/static] crypto is required to generate etag."))}var sc=(n)=>{if(!n)return!1;for(let r in n)return!0;return!1};async function au({assets:n="public",prefix:r="/public",staticLimit:t=1024,alwaysStatic:o=!1,ignorePatterns:a=[".DS_Store",".git",".env"],headers:c,maxAge:e=86400,directive:i="public",etag:s=!0,extension:f=!0,indexHTML:l=!0,decodeURI:d,silent:b}={}){if(typeof process>"u"||typeof process.getBuiltinModule>"u")return b||console.warn("[@elysiajs/static] require process.getBuiltinModule. Static plugin is disabled"),new ge;let w=da();if(!w)return new ge;let[h,_]=w,g=_.sep!=="/"?(m)=>m.replace(/\\/g,"/"):(m)=>m,R=new Ns;r===_.sep&&(r="");let k=_.resolve(n),M=a.length?(m)=>a.find((A)=>typeof A=="string"?A.includes(m):A.test(m)):()=>!1,C=new ge({name:"static",seed:r});if(o){let m=await Gs(_.resolve(n));if(m.length<=t)for(let A of m){let H=function({headers:U}){if(z){let K=xs(U,z,A);if(K===!0)return new Response(null,{status:304,headers:sc(c)?c:void 0});if(K!==!1){let B=R.get(E);return B?B.clone():K.then((L)=>{if(L)return new Response(null,{status:304,headers:c||void 0});let Y=new Response(S,{headers:Object.assign({"Cache-Control":e?`${i}, max-age=${e}`:i},c,z?{Etag:z}:{})});return R.set(r,Y),Y.clone()})}}let P=R.get(E);if(P)return P.clone();let p=new Response(S,{headers:Object.assign({"Cache-Control":e?`${i}, max-age=${e}`:i},c,z?{Etag:z}:{})});return R.set(E,p),p.clone()};var N=H;if(!A||M(A))continue;let D=A.replace(k,"");d&&(D=Fs.default(D)??D);let E=g(_.join(r,D));if(Qt&&A.endsWith(".html")){let U=await import(A);C.get(E,U.default),l&&E.endsWith("/index.html")&&C.get(E.replace("/index.html",""),U.default);continue}f||(E=g(E.slice(0,E.lastIndexOf("."))));let S=Qt?ic(A):await ic(A);if(!S)return b||console.warn(`[@elysiajs/static] Failed to load file: ${A}`),new ge;let z=await qs(S);C.get(E,s?H:new Response(S,sc(c)?{headers:c}:void 0)),l&&E.endsWith("/index.html")&&C.get(E.replace("/index.html",""),s?H:new Response(S,sc(c)?{headers:c}:void 0))}return C}if(!(`GET_${r}/*`in C.routeTree)){if(Qt){let m=await ou(_.resolve(n));for(let A of m){if(!A||M(A))continue;let H=A.replace(k,""),D=g(_.join(r,H)),E=await import(A);C.get(D,E.default),l&&D.endsWith("/index.html")&&C.get(D.replace("/index.html",""),E.default)}}C.onError(()=>{}).get(`${r.endsWith("/")?r.slice(0,-1):r}/*`,async({params:m,headers:A})=>{let H=g(_.join(n,d?Fs.default(m["*"])??m["*"]:m["*"]));if(M(H))throw new ua;let D=R.get(H);if(D)return D.clone();try{let E=await h.stat(H).catch(()=>null);if(!E)throw new ua;if(!l&&E.isDirectory())throw new ua;let S;if(!Qt&&l){let P=_.join(H,"index.html"),p=R.get(P);if(p)return p.clone();await Os(P)&&(S=await ic(P))}if(!S&&!E.isDirectory()&&await Os(H))S=await ic(H);else throw new ua;if(!s)return new Response(S,sc(c)?{headers:c}:void 0);let z=await qs(S);if(z&&await xs(A,z,H))return new Response(null,{status:304});let U=new Response(S,{headers:Object.assign({"Cache-Control":e?`${i}, max-age=${e}`:i},c,z?{Etag:z}:{})});return R.set(H,U),U.clone()}catch(E){throw E instanceof ua?E:(b||console.error("[@elysiajs/static]",E),new ua)}})}return C}Of();Yf();import{pushSchema as EE}from"drizzle-kit/api";import{and as ie,eq as $r}from"drizzle-orm";import{drizzle as SE}from"drizzle-orm/node-postgres";import{pgSchema as ME}from"drizzle-orm/pg-core";import DE from"elysia";var qe=[{table_name:"users",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"email",type:"varchar",length:255},{name:"password",type:"varchar",length:255},{name:"verified_at",type:"timestamp"},{name:"last_login_at",type:"timestamp"},{name:"login_count",type:"integer",default:0},{name:"is_locked",type:"boolean",default:!1},{name:"locked_until",type:"timestamp"},{name:"failed_login_attempts",type:"integer",default:0},{name:"is_god",type:"boolean",default:!1}],indexes:[{columns:["email"],unique:!0},{columns:["email","is_active"]},{columns:["last_login_at"]},{columns:["is_locked","locked_until"]}]},{table_name:"profiles",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"first_name",type:"varchar",length:100,notNull:!0},{name:"last_name",type:"varchar",length:100,notNull:!0}],indexes:[{columns:["user_id"],unique:!0},{columns:["first_name","last_name"]}]},{table_name:"roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500}],indexes:[{columns:["name"],unique:!0}]},{table_name:"claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"action",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500},{name:"path",type:"varchar",length:200,notNull:!0},{name:"method",type:"varchar",length:10,notNull:!0}],indexes:[{columns:["action"],unique:!0},{columns:["path","method"]}]},{table_name:"user_roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}}],indexes:[{columns:["user_id"]},{columns:["role_id"]}],constraints:{unique:[{name:"unique_user_role",columns:["user_id","role_id"]}]}},{table_name:"role_claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}},{name:"claim_id",type:"uuid",notNull:!0,references:{table:"claims",column:"id",onDelete:"cascade"}},{name:"scope",type:"text"}],indexes:[{columns:["role_id"]},{columns:["claim_id"]},{columns:["role_id","claim_id","scope"]}]},{table_name:"files",feature_set:["storage"],add_base_columns:!0,is_form_data:!0,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"original_name",type:"varchar",length:255,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["image","document","video","audio","profile_picture"]},{name:"path",type:"varchar",length:500,notNull:!0},{name:"size",type:"bigint",mode:"number",notNull:!0},{name:"mime_type",type:"varchar",length:100,notNull:!0},{name:"extension",type:"varchar",length:10,notNull:!0},{name:"uploaded_by",type:"uuid",references:{table:"users",column:"id"}}],indexes:[{columns:["type"]},{columns:["uploaded_by"]},{columns:["size"]}]},{table_name:"addresses",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"street",type:"varchar",length:255},{name:"city",type:"varchar",length:100},{name:"state",type:"varchar",length:50},{name:"zip",type:"varchar",length:20},{name:"country",type:"varchar",length:50,default:"US"},{name:"latitude",type:"decimal",precision:10,scale:8},{name:"longitude",type:"decimal",precision:11,scale:8},{name:"neighborhood",type:"varchar",length:100},{name:"apartment",type:"varchar",length:50},{name:"province",type:"varchar",length:100},{name:"district",type:"varchar",length:100},{name:"type",type:"varchar",length:50}],indexes:[{columns:["city","state"]},{columns:["latitude","longitude"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"phones",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["mobile","office","fax"]},{name:"number",type:"varchar",length:20,notNull:!0},{name:"country_code",type:"varchar",length:10,notNull:!0,default:"+1"},{name:"extension",type:"varchar",length:10}],indexes:[{columns:["number"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"notifications",feature_set:["authentication","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0},{name:"title",type:"varchar",length:255,notNull:!0},{name:"body",type:"varchar",length:1000},{name:"entity_name",type:"varchar",length:100},{name:"entity_id",type:"uuid"},{name:"is_seen",type:"boolean",notNull:!0,default:!1},{name:"seen_at",type:"timestamptz"}],indexes:[{columns:["user_id","created_at"]},{columns:["is_seen"]}]},{table_name:"tenants",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"subdomain",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_id",type:"uuid",notNull:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_name",type:"varchar",length:255},{name:"god_admin_email",type:"varchar",length:255}],indexes:[]},{table_name:"verifications",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"requirement_id",type:"uuid",notNull:!0,references:{table:"verificationRequirements",column:"id"}},{name:"verifier_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"signature_id",type:"uuid",references:{table:"files",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"decision",type:"varchar",length:50,notNull:!0,default:"pending",enumValues:["approved","rejected","pending"]},{name:"reason",type:"text"},{name:"diff",type:"jsonb"}],indexes:[{columns:["requirement_id"]},{columns:["verifier_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","step_order"]},{columns:["decision"]}]},{table_name:"verificationRequirements",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"entity_id",type:"uuid"},{name:"entity_name",type:"varchar",length:100},{name:"verifier_type",type:"varchar",length:30,enumValues:["user","role","entity_creator"]},{name:"verifier_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:50},{name:"is_signature_mandatory",type:"boolean",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"is_all_required",type:"boolean",notNull:!0,default:!1},{name:"connected_from_step_order",type:"integer"},{name:"position_x",type:"numeric"},{name:"position_y",type:"numeric"}],indexes:[{columns:["entity_id"]}]},{table_name:"verificationFlows",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"trigger_on",type:"varchar",length:50,notNull:!0,default:"update",enumValues:["create","update","delete","manual"]},{name:"trigger_fields",type:"jsonb"},{name:"is_draft",type:"boolean",notNull:!0,default:!0},{name:"published_at",type:"timestamptz"},{name:"viewport",type:"jsonb"}],indexes:[{columns:["entity_name"]},{columns:["entity_name","trigger_on"]},{columns:["is_draft"]}]},{table_name:"verificationSteps",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"node_type",type:"varchar",length:50,notNull:!0,default:"step",enumValues:["start","step","condition","notification","end"]},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"name",type:"varchar",length:255},{name:"description",type:"text"},{name:"position_x",type:"numeric",notNull:!0,default:0},{name:"position_y",type:"numeric",notNull:!0,default:0},{name:"width",type:"numeric"},{name:"height",type:"numeric"},{name:"style",type:"jsonb"},{name:"data",type:"jsonb"}],indexes:[{columns:["flow_id"]},{columns:["entity_name"]},{columns:["flow_id","node_id"],unique:!0},{columns:["entity_name","step_order"]}]},{table_name:"verificationEdges",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"edge_id",type:"varchar",length:100,notNull:!0},{name:"source_node_id",type:"varchar",length:100,notNull:!0},{name:"target_node_id",type:"varchar",length:100,notNull:!0},{name:"source_handle",type:"varchar",length:50},{name:"target_handle",type:"varchar",length:50},{name:"edge_type",type:"varchar",length:50,default:"default",enumValues:["default","conditional","success","failure"]},{name:"label",type:"varchar",length:255},{name:"condition",type:"jsonb"},{name:"style",type:"jsonb"},{name:"animated",type:"boolean",default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","edge_id"],unique:!0},{columns:["source_node_id"]},{columns:["target_node_id"]}]},{table_name:"verificationNotificationRules",feature_set:["authentication","verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"step_node_id",type:"varchar",length:100},{name:"trigger",type:"varchar",length:50,notNull:!0,enumValues:["on_flow_started","on_step_reached","on_approved","on_rejected","on_flow_completed"]},{name:"channel",type:"varchar",length:20,notNull:!0,default:"portal",enumValues:["portal","email","both"]},{name:"title_template",type:"varchar",length:255},{name:"body_template",type:"text"},{name:"starts_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["flow_id","step_node_id"]},{columns:["trigger"]}]},{table_name:"verificationNotificationRecipients",feature_set:["authentication","verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"rule_id",type:"uuid",notNull:!0},{name:"recipient_type",type:"varchar",length:20,notNull:!0,enumValues:["user","role","all_verifiers","step_verifier"]},{name:"recipient_user_id",type:"uuid"},{name:"recipient_role_id",type:"uuid"},{name:"channel",type:"varchar",length:20,notNull:!0,enumValues:["portal"]}],indexes:[{columns:["rule_id"]},{columns:["recipient_type"]},{columns:["channel"]}]},{table_name:"user_sessions",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"refresh_token_hash",type:"varchar",length:255},{name:"device_fingerprint",type:"varchar",length:255},{name:"device_name",type:"varchar",length:100},{name:"device_type",type:"varchar",length:50,enumValues:["desktop","mobile","tablet","unknown"]},{name:"browser_name",type:"varchar",length:50},{name:"browser_version",type:"varchar",length:20},{name:"os_name",type:"varchar",length:50},{name:"os_version",type:"varchar",length:20},{name:"ip_address",type:"varchar",length:45,notNull:!0},{name:"location_country",type:"varchar",length:100},{name:"location_city",type:"varchar",length:100},{name:"location_coordinates",type:"varchar",length:50},{name:"last_activity_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:100,enumValues:["user_logout","user_revoked","admin_revoked","security_concern","password_changed","expired","replaced"]},{name:"is_current",type:"boolean",notNull:!0,default:!1},{name:"login_method",type:"varchar",length:50,enumValues:["password","oauth_google","oauth_github","oauth_microsoft","magic_link","sso","api_key"]},{name:"trust_score",type:"integer",default:100},{name:"approval_status",type:"varchar",length:20,default:"approved",enumValues:["approved","pending","rejected"]},{name:"approval_token",type:"varchar",length:64},{name:"approval_requested_at",type:"timestamptz"},{name:"approval_responded_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["token_hash"],unique:!0},{columns:["refresh_token_hash"]},{columns:["user_id","is_active"]},{columns:["expires_at"]},{columns:["device_fingerprint"]},{columns:["ip_address"]},{columns:["last_activity_at"]},{columns:["approval_status"]},{columns:["approval_token"]}]},{table_name:"password_reset_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"magic_link_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"email",type:"varchar",length:255,notNull:!0},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["email"]},{columns:["expires_at"]}]},{table_name:"audit_logs",feature_set:["audit"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],bulk_endpoints_enabled:!0,columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"entity_id",type:"uuid"},{name:"entity_name",type:"text",notNull:!0},{name:"operation_type",type:"text",notNull:!0},{name:"user_id",type:"uuid"},{name:"ip_address",type:"text"},{name:"user_agent",type:"text"},{name:"summary",type:"text"},{name:"old_values",type:"jsonb"},{name:"new_values",type:"jsonb"},{name:"created_at",type:"timestamp",notNull:!0,defaultRaw:"now()"},{name:"path",type:"text"},{name:"query",type:"text"}],indexes:[{columns:["entity_id"]},{columns:["entity_name"]},{columns:["user_id"]},{columns:["created_at"]}]}];var Yh={GET:["GET"],POST:["POST"],PUT:["PUT"],DELETE:["DELETE"],PATCH:["PATCH"],TOGGLE:["PATCH"],VERIFICATION:["POST"]};function Jh(n,r){let t=[],o=n.authentication;if(!o)return t;if(o.login?.enabled&&o.login?.isPublic)t.push({path:o.login.route||`${r}/auth/login`,method:"POST",source:"auth"});if(o.register?.enabled&&o.register?.isPublic)t.push({path:o.register.route||`${r}/auth/register`,method:"POST",source:"auth"});if(o.logout?.enabled&&o.logout?.isPublic)t.push({path:o.logout.route||`${r}/auth/logout`,method:"POST",source:"auth"});if(o.refresh?.enabled&&o.refresh?.isPublic)t.push({path:o.refresh.route||`${r}/auth/refresh`,method:"POST",source:"auth"});if(o.passwordReset?.enabled&&o.passwordReset?.isPublic){let a=o.passwordReset.route||`${r}/auth/password-reset`;t.push({path:`${a}/request`,method:"POST",source:"auth"},{path:`${a}/confirm`,method:"POST",source:"auth"})}if(o.passwordChange?.enabled&&o.passwordChange?.isPublic)t.push({path:o.passwordChange.route||`${r}/auth/password-change`,method:"POST",source:"auth"});if(o.magicLink?.enabled&&o.magicLink?.isPublic)t.push({path:o.magicLink.route||`${r}/auth/magic-link`,method:"POST",source:"auth"},{path:o.magicLink.verifyRoute||`${r}/auth/magic-link/verify`,method:"GET",source:"auth"});if(o.register?.enabled&&o.register?.emailVerification?.enabled)t.push({path:`${r}/verify-email`,method:"GET",source:"auth"},{path:`${r}/resend-verification`,method:"POST",source:"auth"});if(o.invite?.enabled&&o.invite?.isPublic)t.push({path:o.invite.route||`${r}/auth/invite`,method:"POST",source:"auth"});if(o.invite?.enabled){let a=o.invite.route||`${r}/auth/invite`;t.push({path:`${a}/verify`,method:"POST",source:"auth"})}if(o.passwordSet?.enabled)t.push({path:o.passwordSet.route||`${r}/auth/password-set`,method:"POST",source:"auth"});if(o.captcha?.enabled&&o.captcha?.isPublic){let a=o.captcha.route||`${r}/auth/captcha`;t.push({path:`${a}/generate`,method:"GET",source:"auth"},{path:`${a}/validate`,method:"POST",source:"auth"})}if(o.oauth?.enabled){let a=o.oauth.basePath||`${r}/auth/oauth`,c=["google","github","microsoft","discord","facebook","twitter","apple","custom"];t.push({path:`${a}/providers`,method:"GET",source:"auth"});for(let e of c)t.push({path:`${a}/${e}`,method:"GET",source:"auth"},{path:`${a}/${e}/callback`,method:"GET",source:"auth"})}return t}function Vb(n,r,t){let o=[];for(let a of n){if(!a.is_public)continue;let c=`${r}/${t}/${a.table_name}`;for(let[e,i]of Object.entries(a.is_public)){if(!i)continue;let s=Yh[e];if(!s)continue;for(let f of s)if(f==="GET")o.push({path:c,method:"GET",source:"entity"}),o.push({path:`${c}/:id`,method:"GET",source:"entity"});else if(f==="POST")o.push({path:c,method:"POST",source:"entity"});else if(f==="PUT"||f==="PATCH")o.push({path:`${c}/:id`,method:f,source:"entity"});else if(f==="DELETE")o.push({path:`${c}/:id`,method:"DELETE",source:"entity"})}}return o}function Xh(n,r,t){return Vb(n,r,t)}function Nf(n,r,t="",o="public"){let a=Jh(n,t),c=Vb(n.entities||[],t,o),e=Xh(r,t,o),i=[];if(n.pubsub?.enabled){let f=n.pubsub.basePath||"/subs",l=n.pubsub.wsPath||"/api/events/subscribe";i.push({path:`${f}/:topic`,method:"POST",source:"system"},{path:l,method:"GET",source:"system"})}let s=[{path:"/nucleus-core",method:"GET",source:"custom"},{path:"/public",method:"GET",source:"custom"},{path:"/docs",method:"GET",source:"custom"},{path:"/docs/json",method:"GET",source:"custom"},{path:"/swagger",method:"GET",source:"custom"},{path:"/swagger/json",method:"GET",source:"custom"}];return[...a,...c,...e,...i,...s]}function xf(n,r,t){let o=r.replace(/\/$/,""),a=t.toUpperCase();for(let c of n){if(c.method!==a)continue;if(Lh(c.path,o))return!0}return!1}function Lh(n,r){if(n===r)return!0;let t=n.split("/").filter(Boolean),o=r.split("/").filter(Boolean);if(t.length!==o.length)return!1;for(let a=0;a<t.length;a++){let c=t[a],e=o[a];if(c?.startsWith(":"))continue;if(c!==e)return!1}return!0}Uf();Ie();ni();import{asc as _5,desc as m5,eq as ur,ilike as $g,inArray as w5,notInArray as h5,or as $5}from"drizzle-orm";import{drizzle as A5}from"drizzle-orm/node-postgres";import{Elysia as R5,t as Xn}from"elysia";import{t as Fn}from"elysia";function g5(n){let r={};if(!n||n.length===0)return Fn.Object({},{additionalProperties:!0});for(let t of n)switch(t.type?.toLowerCase()||"string"){case"integer":case"int":case"serial":case"bigserial":case"numeric":case"decimal":r[t.name]=t.notNull?Fn.Number():Fn.Optional(Fn.Number());break;case"boolean":r[t.name]=t.notNull?Fn.Boolean():Fn.Optional(Fn.Boolean());break;case"timestamp":case"timestamptz":case"date":r[t.name]=t.notNull?Fn.String({format:"date-time"}):Fn.Optional(Fn.String({format:"date-time"}));break;case"json":case"jsonb":r[t.name]=Fn.Optional(Fn.Unknown());break;case"uuid":r[t.name]=t.notNull?Fn.String({format:"uuid"}):Fn.Optional(Fn.String({format:"uuid"}));break;default:r[t.name]=t.notNull?Fn.String():Fn.Optional(Fn.String())}return Fn.Object(r,{additionalProperties:!0})}function hg(n){return Fn.Array(Fn.Object({id:Fn.String(),data:g5(n)}))}function fl(n,r){let{db:t,schemaTables:o,schemaRelations:a,entities:c,logger:e,databaseUrl:i,storage:s,authorization:f}=r,l=hc(s),d=f?.enabled??!1;if(!t)return n;let b=Object.keys(o),w=c.map((m)=>m.table_name),h=b.filter((m)=>!w.includes(m)),_=["userSessions","passwordResetTokens","magicLinkTokens"],g=["passwordResetTokens","magicLinkTokens"],R=["files"];function k(m){return m.replace(/_([a-z])/g,(A,H)=>H.toUpperCase())}let M=new Map(qe.map((m)=>[k(m.table_name),m])),C=h.filter((m)=>{if(g.includes(m)&&!r.emailServiceAvailable)return e.info(`Skipping ${m} routes - email service not available`),!1;return!0}).map((m)=>{let A=M.get(m);return{table_name:m,group_name:_.includes(m)?"Authentication":m,is_form_data:R.includes(m),bulk_endpoints_enabled:A?.bulk_endpoints_enabled??!1,excluded_methods:A?.excluded_methods?[...A.excluded_methods]:[]}}),N=[...c,...C];e.info(`All entities: ${N.map((m)=>m.table_name).join(", ")}`);for(let m of N){let A=m.table_name,H=m.group_name||m.table_name,D=o[A];if(!D)continue;let E=a[`${A}Relations`];e.info(`Creating routes for table: ${A}`);let S=D,z=S.id,U=t,P=hg(m.columns),p=Xn.Array(Xn.String()),K=new R5({prefix:`/${A}`});if(!m.excluded_methods?.includes("GET"))K.get("/",async(B)=>{if(!U)return{success:!1,message:"DB not initialized"};let L=B.request.headers.get("x-user-id"),Y=m.columns?.map((_n)=>_n.name),Q=Object.keys(a).filter((_n)=>_n.startsWith(`${m.table_name}Relations`)).map((_n)=>_n.replace("Relations","")),V=null;if(d&&L){if(V=await _c({userId:L,method:"GET",entity:m.table_name,requestedFields:Y,requestedRelations:Q,db:U,schemaTables:o,logger:e}),!V.authorized)return{success:!1,message:V.reason||"Unauthorized",status:403}}let q=ol(B.query),F=[];if(d&&V?.scopeFilters)for(let[_n,T]of Object.entries(V.scopeFilters)){let Jn=S[_n];if(Jn)F.push(ur(Jn,T))}if(q.search&&q.searchFields){let _n=q.searchFields.map((T)=>{let Jn=S[T.trim()];return Jn?$g(Jn,`%${q.search}%`):null}).filter((T)=>T!==null);if(_n.length>0){let T=$5(..._n);if(T)F.push(T)}}if(q.filters){let{ne:_n,gt:T,gte:Jn,lt:Gn,lte:qn,like:gr,isNull:Ar,isNotNull:Mt}=await import("drizzle-orm");for(let er of q.filters){let lr=S[er.field];if(!lr)continue;switch(er.operator){case"eq":F.push(ur(lr,er.value));break;case"neq":F.push(_n(lr,er.value));break;case"gt":F.push(T(lr,er.value));break;case"gte":F.push(Jn(lr,er.value));break;case"lt":F.push(Gn(lr,er.value));break;case"lte":F.push(qn(lr,er.value));break;case"like":F.push(gr(lr,er.value));break;case"ilike":F.push($g(lr,er.value));break;case"in":F.push(w5(lr,er.value));break;case"notIn":F.push(h5(lr,er.value));break;case"isNull":F.push(Ar(lr));break;case"isNotNull":F.push(Mt(lr));break}}}let v=U.select().from(D);if(F.length>0){let{and:_n}=await import("drizzle-orm"),T=_n(...F);if(T)v=v.where(T)}if(q.sort&&q.sort.length>0){let _n=q.sort.map((T)=>{let Jn=S[T.field];if(!Jn)return null;return T.direction==="desc"?m5(Jn):_5(Jn)}).filter((T)=>T!==null);if(_n.length>0)v=v.orderBy(..._n)}let dn=q.page??1,tn=q.limit??20,un=q.offset??(dn-1)*tn,sn=U.select().from(D);if(F.length>0){let{and:_n}=await import("drizzle-orm"),T=_n(...F);if(T)sn.where(T)}let fr=(await sn).length;v=v.limit(tn).offset(un);let gn=await v,et=lg(dn,tn,un,fr);if(d&&V?.allowedFields)gn=Le(gn,V.allowedFields);return{success:!0,data:{items:gn,meta:et}}},{detail:{tags:[H],summary:`List ${A}`,description:`Get paginated list of ${A} records with filtering, sorting, and search`}}),K.get("/:id",async(B)=>{if(!U||!z)return{success:!1,message:"No id column or DB"};let L=B.params,Y=ol(B.query),Q=B.request.headers.get("x-user-id"),V=m.columns?.map((tn)=>tn.name),q=Y.with?.map((tn)=>tn.name),F=null;if(d&&Q){if(F=await _c({userId:Q,method:"GET",entity:m.table_name,requestedFields:V,requestedRelations:q,db:U,schemaTables:o,logger:e}),!F.authorized)return{success:!1,message:F.reason||"Unauthorized",status:403}}if(Y.with&&Y.with.length>0&&E&&i){let tn=d&&F?.allowedRelations?Y.with.filter((Yn)=>F.allowedRelations?.includes(Yn.name)??!1):Y.with,sn=await A5(i,{schema:{...o,...a}}).query[m.table_name]?.findFirst({where:ur(z,L.id),with:tn.reduce((Yn,fr)=>{return Yn[fr.name]=fr.limit?{limit:fr.limit}:!0,Yn},{})});if(d&&F?.allowedFields&&sn)sn=Le(sn,F.allowedFields);if(d&&F?.allowedRelations&&sn)sn=eb(sn,F.allowedRelations);return{success:!0,data:sn||null}}let dn=(await U.select().from(D).where(ur(z,L.id)))[0]||null;if(d&&F?.allowedFields&&dn)dn=Le(dn,F.allowedFields);return{success:!0,data:dn}},{detail:{tags:[H],summary:`Get ${A} by ID`,description:`Get a single ${A} record by its ID with optional relations`}}),K.get("/distinct/:field",async(B)=>{if(!U)return{success:!1,message:"DB not initialized"};let L=B.params,Y=S[L.field];if(!Y)return{success:!1,message:"Field not found"};return{success:!0,data:await U.selectDistinct({value:Y}).from(D)}},{detail:{tags:[H],summary:`Get distinct ${A} values`,description:`Get distinct values for a specific field in ${A}`}});if(!m.excluded_methods?.includes("POST"))if(m.is_form_data&&l.enabled)K.post("/",async(B)=>{if(!U)return{success:!1,message:"DB not initialized"};let L=B.request.headers.get("x-user-id"),{data:Y,files:Q}=$c(B.body,l),V=Y;if(m.columns){V=ma(V,m.columns);let v=_a(V,m.columns,!1);if(!v.valid)return{success:!1,message:"Validation failed",errors:v.errors}}let q=null;if(Q.length>0){if(q=await Ac(Q,l,m.table_name),q.failed.length>0&&q.success.length===0)return{success:!1,message:"File upload failed",errors:q.failed};if(q.success.length>0){let v=q.success[0];if(v){let dn=v.originalName.split(".").pop()||"";V={...V,id:v.id,name:v.name,originalName:v.originalName,path:v.path,mimeType:v.mimeType,size:v.size,extension:dn,uploadedBy:L}}}}if(L)V.createdBy=L;let F=await U.insert(D).values(V).returning();{let v=new URL(B.request.url);e.audit({entityName:m.table_name,entityId:String(F[0]?.id??""),operation:"CREATE",userId:L||void 0,summary:`Created ${m.table_name}`,newValues:F[0],ipAddress:B.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||B.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:B.request.headers.get("user-agent")||"unknown",path:v.pathname,query:v.search})}return{success:!0,data:F[0]}},{type:"formdata",body:Xn.Object({[l.formData.dataField]:Xn.Optional(Xn.Union([Xn.String(),Xn.Any()])),[l.formData.filesField]:Xn.Optional(Xn.Union([Xn.File(),Xn.Array(Xn.File())]))}),detail:{tags:[H],summary:`Create ${A} with files`,description:`Create a new ${A} record with file upload support`}});else K.post("/",async(B)=>{if(!U)return{success:!1,message:"DB not initialized"};let L=B.body,Y=B.request.headers.get("x-user-id");if(m.columns){L=ma(L,m.columns);let V=_a(L,m.columns,!1);if(!V.valid)return{success:!1,message:"Validation failed",errors:V.errors}}if(Y)L.createdBy=Y;let Q=await U.insert(D).values(L).returning();if(A==="userRoles"&&L.roleId&&L.userId)try{let{roles:V,users:q}=o;if(V&&q){if((await U.select().from(V).where(ur(V.id,L.roleId)).limit(1))[0]?.name==="godmin")await U.update(q).set({isGod:!0}).where(ur(q.id,L.userId))}}catch(V){e.warn("[Entity] Failed to sync is_god flag on userRole create")}{let V=new URL(B.request.url);e.audit({entityName:m.table_name,entityId:String(Q[0]?.id??""),operation:"CREATE",userId:Y||void 0,summary:`Created ${m.table_name}`,newValues:Q[0],ipAddress:B.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||B.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:B.request.headers.get("user-agent")||"unknown",path:V.pathname,query:V.search})}return{success:!0,data:Q[0]}},{body:Xn.Object({},{additionalProperties:!0}),detail:{tags:[H],summary:`Create ${A}`,description:`Create a new ${A} record`}});if(!m.excluded_methods?.includes("PUT"))if(m.is_form_data&&l.enabled)K.put("/:id",async(B)=>{if(!U||!z)return{success:!1,message:"No id column or DB"};let L=B.params,Y=B.request.headers.get("x-user-id"),{data:Q,files:V}=$c(B.body,l),q=Q,F=await U.select().from(D).where(ur(z,L.id)).limit(1);if(m.columns){q=ma(q,m.columns);let tn=_a(q,m.columns,!1);if(!tn.valid)return{success:!1,message:"Validation failed",errors:tn.errors}}let v=null;if(V.length>0)v=await Ac(V,l,m.table_name);let dn=await U.update(D).set(q).where(ur(z,L.id)).returning();{let tn=new URL(B.request.url);e.audit({entityName:m.table_name,entityId:L.id,operation:"UPDATE",userId:Y||void 0,summary:`Updated ${m.table_name} (${L.id})`,oldValues:F[0],newValues:dn[0],ipAddress:B.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||B.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:B.request.headers.get("user-agent")||"unknown",path:tn.pathname,query:tn.search})}return{success:!0,data:{record:dn[0],files:v?.success||[],fileErrors:v?.failed||[]}}},{type:"formdata",body:Xn.Object({[l.formData.dataField]:Xn.Optional(Xn.Union([Xn.String(),Xn.Any()])),[l.formData.filesField]:Xn.Optional(Xn.Union([Xn.File(),Xn.Array(Xn.File())]))}),detail:{tags:[H],summary:`Update ${A} with files`,description:`Full update of ${A} record with file upload support`}});else K.put("/:id",async(B)=>{if(!U||!z)return{success:!1,message:"No id column or DB"};let{params:L,body:Y}=B,Q=B.request.headers.get("x-user-id"),V=await U.select().from(D).where(ur(z,L.id)).limit(1);if(m.columns){Y=ma(Y,m.columns);let F=_a(Y,m.columns,!1);if(!F.valid)return{success:!1,message:"Validation failed",errors:F.errors}}if(Y.updatedAt=new Date,Q)Y.updatedBy=Q;let q=await U.update(D).set(Y).where(ur(z,L.id)).returning();{let F=new URL(B.request.url);e.audit({entityName:m.table_name,entityId:L.id,operation:"UPDATE",userId:Q||void 0,summary:`Updated ${m.table_name} (${L.id})`,oldValues:V[0],newValues:q[0],ipAddress:B.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||B.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:B.request.headers.get("user-agent")||"unknown",path:F.pathname,query:F.search})}return{success:!0,data:q[0]}},{body:Xn.Object({},{additionalProperties:!0}),detail:{tags:[H],summary:`Update ${A}`,description:`Full update of ${A} record`}});if(!m.excluded_methods?.includes("PATCH"))K.patch("/:id",async(B)=>{if(!U||!z)return{success:!1,message:"No id column or DB"};let{params:L,body:Y}=B,Q=B.request.headers.get("x-user-id"),V=await U.select().from(D).where(ur(z,L.id)).limit(1);if(m.columns){Y=ma(Y,m.columns);let F=_a(Y,m.columns,!0);if(!F.valid)return{success:!1,message:"Validation failed",errors:F.errors}}if(Y.updatedAt=new Date,Q)Y.updatedBy=Q;let q=await U.update(D).set(Y).where(ur(z,L.id)).returning();{let F=new URL(B.request.url);e.audit({entityName:m.table_name,entityId:L.id,operation:"PATCH",userId:Q||void 0,summary:`Patched ${m.table_name} (${L.id})`,oldValues:V[0],newValues:q[0],ipAddress:B.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||B.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:B.request.headers.get("user-agent")||"unknown",path:F.pathname,query:F.search})}return{success:!0,data:q[0]}},{body:Xn.Object({},{additionalProperties:!0}),detail:{tags:[H],summary:`Patch ${A}`,description:`Partial update of ${A} record`}});if(!m.excluded_methods?.includes("DELETE"))K.delete("/:id",async(B)=>{if(!U||!z)return{success:!1,message:"No id column or DB"};let L=B.params,Y=B.request.headers.get("x-user-id"),Q=await U.select().from(D).where(ur(z,L.id)).limit(1);if(await U.delete(D).where(ur(z,L.id)),A==="userRoles"&&Q[0])try{let V=Q[0],q=o.roles,F=o.users;if(q&&F&&V.roleId&&V.userId){if((await U.select().from(q).where(ur(q.id,V.roleId)).limit(1))[0]?.name==="godmin")await U.update(F).set({isGod:!1}).where(ur(F.id,V.userId))}}catch(V){e.warn("[Entity] Failed to sync is_god flag on userRole delete")}{let V=new URL(B.request.url);e.audit({entityName:m.table_name,entityId:L.id,operation:"DELETE",userId:Y||void 0,summary:`Deleted ${m.table_name} (${L.id})`,oldValues:Q[0],ipAddress:B.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||B.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:B.request.headers.get("user-agent")||"unknown",path:V.pathname,query:V.search})}return{success:!0,data:null}},{detail:{tags:[H],summary:`Delete ${A}`,description:`Delete a ${A} record`}});if(m.bulk_endpoints_enabled){if(!m.excluded_methods?.includes("POST"))K.post("/bulk",async(B)=>{if(!U)return{success:!1,message:"DB not initialized"};let L=B.body;if(!Array.isArray(L))return{success:!1,message:"Body must be an array"};try{return{success:!0,data:await U.transaction(async(Q)=>{let V=[];for(let q of L){let F=await Q.insert(D).values(q).returning();V.push(F[0])}return V})}}catch(Y){return{success:!1,message:Y instanceof Error?Y.message:"Transaction failed"}}},{body:Xn.Array(Xn.Object({},{additionalProperties:!0})),detail:{tags:[H],summary:`Bulk create ${A}`,description:`Create multiple ${A} records`}});if(!m.excluded_methods?.includes("PUT"))K.put("/bulk",async(B)=>{if(!U||!z)return{success:!1,message:"No id column or DB"};let L=B.body;if(!Array.isArray(L))return{success:!1,message:"Body must be an array"};try{return{success:!0,data:await U.transaction(async(Q)=>{let V=[];for(let q of L){let F=await Q.update(D).set(q.data).where(ur(z,q.id)).returning();V.push(F[0])}return V})}}catch(Y){return{success:!1,message:Y instanceof Error?Y.message:"Transaction failed"}}},{body:P,detail:{tags:[H],summary:`Bulk update ${A}`,description:`Update multiple ${A} records`}});if(!m.excluded_methods?.includes("DELETE"))K.delete("/bulk",async(B)=>{if(!U||!z)return{success:!1,message:"No id column or DB"};let L=B.body;if(!Array.isArray(L))return{success:!1,message:"Body must be an array of ids"};try{return await U.transaction(async(Y)=>{for(let Q of L)await Y.delete(D).where(ur(z,Q))}),{success:!0,data:{deleted:L.length}}}catch(Y){return{success:!1,message:Y instanceof Error?Y.message:"Transaction failed"}}},{body:p,detail:{tags:[H],summary:`Bulk delete ${A}`,description:`Delete multiple ${A} records`}})}n.use(K)}return n}import k5,{t as Rc}from"elysia";function E5(n){let r=n.match(/^(\d+)(ms|s|m|h)$/);if(!r||!r[1]||!r[2])return 5000;let t=parseInt(r[1],10);switch(r[2]){case"ms":return t;case"s":return t*1000;case"m":return t*60*1000;case"h":return t*60*60*1000;default:return 5000}}function ll(n){let{monitoringService:r,logger:t,endpoints:o}=n,a=new k5({prefix:o.basePath});if(!o.enabled)return a;if(o.stream.enabled)a.get(o.stream.path,async function*({request:c}){t.info("[Monitoring] SSE stream connected");let e=E5(o.stream.interval),i=!0;c.signal.addEventListener("abort",()=>{i=!1,t.info("[Monitoring] SSE stream disconnected")});let s=await r.getLatestSnapshot();if(s)yield{event:"snapshot",data:JSON.stringify(s)};while(i){if(await new Promise((d)=>setTimeout(d,e)),!i)break;let f=await r.getLatestSnapshot();if(f)yield{event:"snapshot",data:JSON.stringify(f)};let l=r.getActiveAlerts();if(l.length>0)yield{event:"alerts",data:JSON.stringify(l)}}},{detail:{tags:["Monitoring"],summary:"Stream real-time monitoring data",description:"Server-Sent Events stream for real-time monitoring metrics"}});if(o.snapshot.enabled)a.get(o.snapshot.path,async()=>{let c=await r.getLatestSnapshot();if(!c)return{isSuccess:!1,message:"No monitoring data available",data:null};return{isSuccess:!0,message:"Current monitoring snapshot",data:c}},{detail:{tags:["Monitoring"],summary:"Get current monitoring snapshot",description:"Returns the latest monitoring metrics snapshot"}});if(o.history.enabled)a.get(o.history.path,async({query:c})=>{let e=Math.min(c.minutes?parseInt(String(c.minutes),10):60,o.history.maxMinutes),i=await r.getHistory(e);return{isSuccess:!0,message:`Monitoring history for last ${e} minutes`,data:{minutes:e,count:i.length,snapshots:i}}},{query:Rc.Object({minutes:Rc.Optional(Rc.Numeric())}),detail:{tags:["Monitoring"],summary:"Get monitoring history",description:"Returns historical monitoring data for the specified time range"}});if(o.alerts.enabled)a.get(o.alerts.path,()=>{let c=r.getActiveAlerts();return{isSuccess:!0,message:"Active alerts",data:{count:c.length,alerts:c}}},{detail:{tags:["Monitoring"],summary:"Get active alerts",description:"Returns all currently active monitoring alerts"}}),a.post(`${o.alerts.path}/:alertId/acknowledge`,({params:c})=>{if(!r.acknowledgeAlert(c.alertId))return{isSuccess:!1,message:"Alert not found",data:null};return{isSuccess:!0,message:"Alert acknowledged",data:{alertId:c.alertId}}},{params:Rc.Object({alertId:Rc.String()}),detail:{tags:["Monitoring"],summary:"Acknowledge an alert",description:"Mark an alert as acknowledged"}});return t.info(`[Monitoring] Routes enabled at ${o.basePath} (stream: ${o.stream.enabled}, snapshot: ${o.snapshot.enabled}, history: ${o.history.enabled}, alerts: ${o.alerts.enabled})`),a}import S5,{t as Gr}from"elysia";var M5={"Content-Type":"text/event-stream; charset=utf-8","Cache-Control":"no-cache, no-transform",Connection:"keep-alive"},D5=new TextEncoder,dl=(n,r)=>{let t=typeof r==="string"?r:JSON.stringify(r);return D5.encode(`event: ${n}
|
|
83
83
|
data: ${t}
|
|
84
84
|
|
|
85
85
|
`)};function Ag(n){let{getService:r,logger:t,basePath:o,streamInterval:a}=n,c=new S5({prefix:o}),e=()=>{let i=r();if(!i)throw Error("Live monitoring service not initialized");return i};return c.get("/health",()=>{let i=r();return{status:i?"ok":"initializing",timestamp:Date.now(),monitoring:i?.isEnabled()??!1}},{detail:{tags:["Live Monitoring"],summary:"Health check for live monitoring"}}),c.get("/settings",()=>{return e().getSettings()},{detail:{tags:["Live Monitoring"],summary:"Get live monitoring settings"}}),c.patch("/settings",({body:i})=>{return e().changeSettings(i)},{body:Gr.Partial(Gr.Object({logMemory:Gr.Boolean(),logCpu:Gr.Boolean(),logDapr:Gr.Boolean(),logWebSocket:Gr.Boolean(),memoryLogInterval:Gr.Number(),cpuLogInterval:Gr.Number(),memoryLogLimit:Gr.Number(),cpuLogLimit:Gr.Number(),daprLogLimit:Gr.Number(),wsLogLimit:Gr.Number(),requestLogLimit:Gr.Number()})),detail:{tags:["Live Monitoring"],summary:"Change live monitoring settings"}}),c.get("/logs",()=>{return e().getLogs()},{detail:{tags:["Live Monitoring"],summary:"Get all live monitoring logs"}}),c.get("/logs/stream",({request:i})=>{let s=i.signal,f,l=e(),d=l.getSnapshot(),b={memory:d.memory.length?d.memory[d.memory.length-1]?.timestamp??0:0,cpu:d.cpu.length?d.cpu[d.cpu.length-1]?.timestamp??0:0,request:d.requests.length?d.requests[d.requests.length-1]?.timestamp??0:0,dapr:d.dapr.length?d.dapr[d.dapr.length-1]?.timestamp??0:0,ws:d.ws.length?d.ws[d.ws.length-1]?.timestamp??0:0},w=new ReadableStream({start(h){let _=!1;h.enqueue(dl("snapshot",d));let R=setInterval(()=>{if(_)return;let M=l.getUpdatesSince(b);if(!M){h.enqueue(dl("heartbeat",{timestamp:Date.now()}));return}if(M.memory.length)b.memory=M.memory[M.memory.length-1]?.timestamp??b.memory;if(M.cpu.length)b.cpu=M.cpu[M.cpu.length-1]?.timestamp??b.cpu;if(M.requests.length)b.request=M.requests[M.requests.length-1]?.timestamp??b.request;if(M.dapr.length)b.dapr=M.dapr[M.dapr.length-1]?.timestamp??b.dapr;if(M.ws.length)b.ws=M.ws[M.ws.length-1]?.timestamp??b.ws;h.enqueue(dl("update",M))},a),k=()=>{if(_)return;_=!0,clearInterval(R),s?.removeEventListener("abort",k);try{h.close()}catch{}};f=k,s?.addEventListener("abort",k)},cancel(){f?.()}});return new Response(w,{headers:M5})},{detail:{tags:["Live Monitoring"],summary:"Stream real-time live monitoring data via SSE"}}),t.info(`[LiveMonitoring] Routes enabled at ${o} (stream interval: ${a}ms)`),c}import W5 from"elysia";var kc=new Map;var Rg=null;function H5(){let n=Date.now();for(let[r,t]of kc)if(n-t>1e4)kc.delete(r)}var No={totalSent:0,totalAcked:0,totalFailed:0,averageLatencyMs:0};function kg(){if(Rg)return;Rg=setInterval(H5,30000)}function ul(){return`msg_${Date.now()}_${Math.random().toString(36).substring(2,11)}`}async function bl(n,r,t){if(!r.userId)return;let o=`pubsub:pending:user:${r.userId}:${r.messageId}`,a=`pubsub:user:pending-set:${r.userId}`;await n.create(o,r,t);let c=await n.read(a),e=c.success&&c.data?c.data:[];if(!e.includes(r.messageId))e.push(r.messageId),await n.create(a,e,t)}async function Eg(n,r,t,o){let a=`${r}:${t}`;if(kc.has(a))return!1;let c=`pubsub:pending:user:${r}:${t}`,e=`pubsub:user:pending-set:${r}`,i=`pubsub:ack:${r}:${t}`,s=await n.read(c);if(!s.success||!s.data)return kc.set(a,Date.now()),!1;kc.set(a,Date.now());let f=s.data,l={messageId:t,clientId:f.clientId,ackedAt:Date.now()};await n.create(i,l,60),await n.remove(c);let d=await n.read(e),w=(d.success&&d.data?d.data:[]).filter((_)=>_!==t);if(w.length>0)await n.create(e,w,o);else await n.remove(e);let h=Date.now()-f.sentAt;return U5(h),!0}async function Sg(n,r){if(!r)return[];let t=`pubsub:user:pending-set:${r}`,o=await n.read(t),a=o.success&&o.data?o.data:[],c=[];for(let e of a){let i=`pubsub:pending:user:${r}:${e}`,s=await n.read(i);if(s.success&&s.data)c.push(s.data)}return c.sort((e,i)=>e.sentAt-i.sentAt),c}async function Mg(n,r){if(!r)return 0;let t=`pubsub:user:pending-set:${r}`,o=await n.read(t);return(o.success&&o.data?o.data:[]).length}async function Dg(n,r,t,o,a){let c=`pubsub:pending:user:${r}:${t}`,e=await n.read(c);if(!e.success||!e.data)return!1;let i={...e.data,retryCount:e.data.retryCount+1};if(i.retryCount>=a)return await z5(n,r,t),B5(),!1;return await n.create(c,i,o),!0}async function z5(n,r,t){let o=`pubsub:pending:user:${r}:${t}`,a=`pubsub:user:pending-set:${r}`;await n.remove(o);let c=await n.read(a),i=(c.success&&c.data?c.data:[]).filter((s)=>s!==t);if(i.length>0)await n.create(a,i,300);else await n.remove(a)}function gl(){No.totalSent++}function U5(n){No.totalAcked++,No.averageLatencyMs=(No.averageLatencyMs*(No.totalAcked-1)+n)/No.totalAcked}function B5(){No.totalFailed++}var ir=new Map,Ec=new Map;function Hg(n){let{redis:r,logger:t}=n,o=n.ack.ttlSeconds,a=n.ack.enabled,c=n.ack.maxRetries,e=n.presence.enabled,i=n.presence.debounceMs,s=n.maxClientsPerUser;function f(){return`client_${Date.now()}_${Math.random().toString(36).substring(2,9)}`}function l(A,H,D,E){let S=w(D);if(S.length>=s){let z=S[0];if(z)t.info("[PubSub] Max clients reached, closing oldest",{userId:D,oldestClientId:z}),d(z)}ir.set(A,{ws:H,userId:D,subscribedTopics:new Set(E),connectedAt:Date.now(),pendingAcks:new Map}),t.info("[PubSub] Client registered",{clientId:A,userId:D,topics:E,totalClients:ir.size})}function d(A){let H=ir.get(A);if(!H)return;let D=H.userId;if(ir.delete(A),t.info("[PubSub] Client unregistered",{clientId:A,userId:D,totalClients:ir.size}),e&&D){if(w(D).length===0)C(D,"offline")}}function b(A,H){let D=ir.get(A);if(D)D.subscribedTopics=new Set(H)}function w(A){let H=[];for(let[D,E]of ir)if(E.userId===A)H.push(D);return H}function h(){let A=new Set;for(let[,H]of ir)if(H.userId)A.add(H.userId);return A}function _(){return ir.size}function g(A,H){let D=ir.get(A);if(!D)return!1;try{return D.ws.send(JSON.stringify(H)),!0}catch{return ir.delete(A),!1}}function R(A,H){let D=ul(),E=Date.now(),S=JSON.stringify({type:"event",messageId:a?D:void 0,topic:A,data:H,timestamp:E}),z=0;for(let[U,P]of ir)if(P.subscribedTopics.has("*")||P.subscribedTopics.has(A))try{if(P.ws.send(S),z++,a){if(P.pendingAcks.set(D,{sentAt:E,retryCount:0}),gl(),P.userId)bl(r,{messageId:D,topic:A,clientId:U,userId:P.userId,data:H,sentAt:E,retryCount:0,maxRetries:c},o).catch(()=>{})}}catch{ir.delete(U)}t.info("[PubSub] Broadcasted event",{topic:A,messageId:D,sentCount:z})}function k(A,H,D){let E=ul(),S=Date.now(),z=JSON.stringify({type:"event",messageId:a?E:void 0,topic:H,data:D,timestamp:S}),U=0,P=!1;for(let[p,K]of ir){if(K.userId!==A)continue;if(!K.subscribedTopics.has("*")&&!K.subscribedTopics.has(H))continue;try{if(K.ws.send(z),U++,P=!0,a)K.pendingAcks.set(E,{sentAt:S,retryCount:0}),gl()}catch{ir.delete(p)}}if(a)bl(r,{messageId:E,topic:H,clientId:P?"delivered":"pending",userId:A,data:D,sentAt:S,retryCount:0,maxRetries:c},o).catch(()=>{});t.info("[PubSub] Broadcasted to user",{userId:A,topic:H,messageId:E,sentCount:U,storedForOffline:!P})}function M(A,H,D){let E=Date.now(),S=JSON.stringify({type:"event",topic:H,data:D,timestamp:E});for(let[z,U]of ir){if(U.userId!==A)continue;if(!U.subscribedTopics.has("*")&&!U.subscribedTopics.has(H))continue;try{U.ws.send(S)}catch{ir.delete(z)}}}function C(A,H){let D=`${A}:${H}`,E=Date.now(),S=Ec.get(D);if(S&&E-S<i)return;if(Ec.set(D,E),Ec.size>1000){let U=E-i*2;for(let[P,p]of Ec)if(p<U)Ec.delete(P)}let z=h();for(let U of z)if(U!==A)M(U,"user-presence",{type:"user-presence",data:{userId:A,status:H}})}async function N(A,H){if(!a)return!0;let D=ir.get(A);if(!D)return!1;if(D.pendingAcks.get(H))D.pendingAcks.delete(H);if(D.userId)return Eg(r,D.userId,H,o);return!0}async function m(A,H){if(!a)return 0;let D=ir.get(H);if(!D||D.userId!==A)return 0;let E=await Sg(r,A);if(E.length===0)return 0;t.info("[PubSub] Delivering pending messages",{userId:A,count:E.length});let S=0;for(let z of E){if(!D.subscribedTopics.has("*")&&!D.subscribedTopics.has(z.topic))continue;let U=JSON.stringify({type:"event",messageId:z.messageId,topic:z.topic,data:z.data,timestamp:z.sentAt,isRedelivery:!0});try{D.ws.send(U),D.pendingAcks.set(z.messageId,{sentAt:Date.now(),retryCount:z.retryCount+1}),await Dg(r,A,z.messageId,o,c),S++}catch{break}}return S}return{generateClientId:f,registerClient:l,unregisterClient:d,updateClientTopics:b,getClientsByUser:w,getConnectedUserIds:h,getClientCount:_,sendToClient:g,broadcastEvent:R,broadcastToUser:k,broadcastToUserNoAck:M,broadcastPresenceToOthers:C,handleClientAck:N,deliverPendingMessages:m,getPendingMessageCount:(A)=>Mg(r,A)}}function _l(n){let{logger:r,getLiveMonitoringService:t}=n,o=Hg(n);if(n.ack.enabled)kg();let a=null,c=new W5;return c.onStart(()=>{if(n.cleanupIntervalMs>0)a=setInterval(()=>{r.info("[PubSub] Periodic cleanup running",{totalClients:o.getClientCount()})},n.cleanupIntervalMs);r.info("[PubSub] Routes initialized",{basePath:n.basePath,wsPath:n.wsPath,ackEnabled:n.ack.enabled,presenceEnabled:n.presence.enabled})}),c.onStop(()=>{if(a)clearInterval(a),a=null}),c.post(`${n.basePath}/:topic`,async({params:e,body:i,request:s,set:f})=>{let l=e.topic,d;try{if(!i){let w=await s.text();d=JSON.parse(w)}else d=i}catch{return f.status=200,{status:"DROP"}}r.info("[PubSub] Dapr event received",{topic:l,eventId:d.id,source:d.source});let b=d.data?.user_id;if(b)o.broadcastToUser(b,l,d);else o.broadcastEvent(l,d);return t?.()?.recordDaprEvent("pubsub_subscribe",{topic:l,success:!0,metadata:{eventId:d.id,source:d.source,userId:b||null}}),f.status=200,{status:"SUCCESS"}}),c.ws(n.wsPath,{idleTimeout:n.wsIdleTimeout,open(e){let i=e.data?.query||{};if(!i.userId){e.send(JSON.stringify({type:"error",error:"userId is required for WebSocket connection",timestamp:Date.now()})),e.close(4001,"userId is required"),t?.()?.recordWsEvent("error",{success:!1,error:"userId is required"});return}let s=o.generateClientId(),f=i.topics?.split(",").map((d)=>d.trim())||["*"];if(e.data.clientId=s,o.registerClient(s,e,i.userId,f),e.send(JSON.stringify({type:"connected",clientId:s,subscribedTopics:f,timestamp:Date.now()})),t?.()?.recordWsEvent("connection",{clientId:s,userId:i.userId,topic:f.join(","),success:!0}),n.presence.enabled)o.broadcastPresenceToOthers(i.userId,"online");let l=i.userId;if(n.ack.enabled&&l)o.getPendingMessageCount(l).then((d)=>{if(d>0)r.info("[PubSub] Delivering pending messages",{userId:l,count:d}),o.deliverPendingMessages(l,s).catch(()=>{})}).catch(()=>{})},message(e,i){let s=e.data.clientId;try{let f=null;if(typeof i==="string")f=JSON.parse(i);else if(i&&typeof i==="object"){if(f="type"in i?i:null,typeof f==="string")f=JSON.parse(f)}if(!f?.type)return;switch(t?.()?.recordWsEvent("message",{clientId:s,messageType:f.type,success:!0,dataSize:typeof i==="string"?i.length:0}),f.type){case"subscribe":if(Array.isArray(f.topics))o.updateClientTopics(s,f.topics),o.sendToClient(s,{type:"subscribed",topics:f.topics,timestamp:Date.now()});break;case"unsubscribe":r.info("[PubSub] Unsubscribe request",{clientId:s,topics:f.topics});break;case"ping":o.sendToClient(s,{type:"pong",timestamp:Date.now()});break;case"ack":if(f.messageId)o.handleClientAck(s,f.messageId).catch(()=>{});break}}catch{r.warn("[PubSub] Failed to parse client message",{clientId:s})}},close(e,i,s){let f=e.data.clientId;if(f)o.unregisterClient(f);t?.()?.recordWsEvent("close",{clientId:f,success:!0,metadata:{code:i,reason:s||""}}),r.info("[PubSub] Client disconnected",{clientId:f,code:i,reason:s})}}),{plugin:c,clientManager:o}}Gf();import{Elysia as Y5,t as Tn}from"elysia";function zg(n){let{db:r,schemaTables:t,config:o,logger:a}=n,c=new Pf({db:r,schemaTables:t,config:o,logger:a}),e=o.endpoints?.basePath||"/verifications",i=new Y5({prefix:e});return i.get("/status/:entity_name/:entity_id",async({params:s})=>{return{success:!0,data:await c.getStatus(s.entity_name,s.entity_id)}},{params:Tn.Object({entity_name:Tn.String(),entity_id:Tn.String()})}),i.post("/:entity_name/:entity_id/decide",async({params:s,body:f,request:l})=>{let d=l.headers.get("x-user-id");if(!d)return{success:!1,message:"User ID required",status:401};return await c.decide({entity_name:s.entity_name,entity_id:s.entity_id,user_id:d,decision:f.decision,reason:f.reason,signature_id:f.signature_id,diff:f.diff})},{params:Tn.Object({entity_name:Tn.String(),entity_id:Tn.String()}),body:Tn.Object({decision:Tn.Union([Tn.Literal("approved"),Tn.Literal("rejected")]),reason:Tn.Optional(Tn.String()),signature_id:Tn.Optional(Tn.String()),diff:Tn.Optional(Tn.Record(Tn.String(),Tn.Unknown()))})}),i.get("/pending",async({request:s})=>{let f=s.headers.get("x-user-id");if(!f)return{success:!1,message:"User ID required",status:401};return{success:!0,data:await c.getPending(f)}}),i.get("/history/:entity_name/:entity_id",async({params:s})=>{let f=await c.getStatus(s.entity_name,s.entity_id);return{success:!0,data:{verifications:f.verifications,current_step:f.current_step,total_steps:f.total_steps,is_completed:f.is_completed,is_rejected:f.is_rejected}}},{params:Tn.Object({entity_name:Tn.String(),entity_id:Tn.String()})}),a.info(`[Verification] Routes registered at ${e}`),i}import{Elysia as nA}from"elysia";var Ug=`/* basic theme */
|
|
@@ -1523,7 +1523,7 @@ data: ${t}
|
|
|
1523
1523
|
</script>
|
|
1524
1524
|
<script src="${o?o:`https://cdn.jsdelivr.net/npm/@scalar/api-reference@${r}/dist/browser/standalone.min.js`}" crossorigin></script>
|
|
1525
1525
|
</body>
|
|
1526
|
-
</html>`;var El=Symbol.for("TypeBox.Kind"),cA=(n)=>n.split("/").map((r)=>{if(r.startsWith(":")){if(r=r.slice(1,r.length),r.endsWith("?"))r=r.slice(0,-1);r=`{${r}}`}return r}).join("/"),kl=(n,r,t)=>{if(r===void 0)return[];if(typeof r==="string")if(r in t)r=t[r];else throw Error(`Can't find model ${r}`);return Object.entries(r?.properties??[]).map(([o,a])=>{let{type:c=void 0,description:e,examples:i,...s}=a;return{description:e,examples:i,schema:{type:c,...s},in:n,name:o,required:r.required?.includes(o)??!1}})},Wc=(n,r)=>{if(typeof r==="object"&&["void","undefined","null"].includes(r.type))return;let t={};for(let o of n)t[o]={schema:typeof r==="string"?{$ref:`#/components/schemas/${r}`}:("$ref"in r)&&(El in r)&&r[El]==="Ref"?{...r,$ref:`#/components/schemas/${r.$ref}`}:aA({...r},{from:Rl.Ref(""),to:({$ref:a,...c})=>{if(!a.startsWith("#/components/schemas/"))return Rl.Ref(`#/components/schemas/${a}`,c);return Rl.Ref(a,c)}})};return t},t_=(n)=>n.charAt(0).toUpperCase()+n.slice(1),eA=(n,r)=>{let t=n.toLowerCase();if(r==="/")return t+"Index";for(let o of r.split("/"))if(o.charCodeAt(0)===123)t+="By"+t_(o.slice(1,-1));else t+=t_(o);return t},Ya=(n)=>{if(!n)return;if(typeof n==="string")return n;if(Array.isArray(n))return[...n];return{...n}},o_=({schema:n,path:r,method:t,hook:o,models:a})=>{if(o=Ya(o),o.parse&&!Array.isArray(o.parse))o.parse=[o.parse];let c=o.parse?.map((w)=>{switch(typeof w){case"string":return w;case"object":if(w&&typeof w?.fn!=="string")return;switch(w?.fn){case"json":case"application/json":return"application/json";case"text":case"text/plain":return"text/plain";case"urlencoded":case"application/x-www-form-urlencoded":return"application/x-www-form-urlencoded";case"arrayBuffer":case"application/octet-stream":return"application/octet-stream";case"formdata":case"multipart/form-data":return"multipart/form-data"}}}).filter((w)=>w!==void 0);if(!c||c.length===0)c=["application/json","multipart/form-data","text/plain"];r=cA(r);let e=typeof c==="string"?[c]:c??["application/json"],i=Ya(o?.body),s=Ya(o?.params),f=Ya(o?.headers),l=Ya(o?.query),d=Ya(o?.response);if(typeof d==="object")if(El in d){let{type:w,properties:h,required:_,additionalProperties:g,patternProperties:R,$ref:k,...M}=d;d={"200":{...M,description:M.description,content:Wc(e,w==="object"||w==="array"?{type:w,properties:h,patternProperties:R,items:d.items,required:_}:d)}}}else Object.entries(d).forEach(([w,h])=>{if(typeof h==="string"){if(!a[h])return;let{type:_,properties:g,required:R,additionalProperties:k,patternProperties:M,...C}=a[h];d[w]={...C,description:C.description,content:Wc(e,h)}}else{let{type:_,properties:g,required:R,additionalProperties:k,patternProperties:M,...C}=h;d[w]={...C,description:C.description,content:Wc(e,_==="object"||_==="array"?{type:_,properties:g,patternProperties:M,items:h.items,required:R}:h)}}});else if(typeof d==="string"){if(!(d in a))return;let{type:w,properties:h,required:_,$ref:g,additionalProperties:R,patternProperties:k,...M}=a[d];d={"200":{...M,content:Wc(e,d)}}}let b=[...kl("header",f,a),...kl("path",s,a),...kl("query",l,a)];n[r]={...n[r]?n[r]:{},[t.toLowerCase()]:{...f||s||l||i?{parameters:b}:{},...d?{responses:d}:{},operationId:o?.detail?.operationId??eA(t,r),...o?.detail,...i?{requestBody:{required:!0,content:Wc(e,typeof i==="string"?{$ref:`#/components/schemas/${i}`}:i)}}:null}}},iA=(n,{excludeStaticFile:r=!0,exclude:t=[]})=>{let o={};for(let[a,c]of Object.entries(n))if(!t.some((e)=>{if(typeof e==="string")return a===e;return e.test(a)})&&!a.includes("*")&&(r?!a.includes("."):!0))Object.keys(c).forEach((e)=>{let i=c[e];if(a.includes("{")){if(!i.parameters)i.parameters=[];i.parameters=[...a.split("/").filter((s)=>s.startsWith("{")&&!i.parameters.find((f)=>f.in==="path"&&f.name===s.slice(1,s.length-1))).map((s)=>({schema:{type:"string"},in:"path",name:s.slice(1,s.length-1),required:!0})),...i.parameters]}if(!i.responses)i.responses={200:{}}}),o[a]=c;return o},c_=({provider:n="scalar",scalarVersion:r="latest",scalarCDN:t="",scalarConfig:o={},documentation:a={},version:c="5.9.0",excludeStaticFile:e=!0,path:i="/swagger",specPath:s=`${i}/json`,exclude:f=[],swaggerOptions:l={},theme:d=`https://unpkg.com/swagger-ui-dist@${c}/swagger-ui.css`,autoDarkMode:b=!0,excludeMethods:w=["OPTIONS"],excludeTags:h=[]}={})=>{let _={},g=0;if(!c)c=`https://unpkg.com/swagger-ui-dist@${c}/swagger-ui.css`;let R={title:"Elysia Documentation",description:"Development documentation",version:"0.0.0",...a.info},k=s.startsWith("/")?s.slice(1):s,M=new nA({name:"@elysiajs/swagger"}),C=new Response(n==="swagger-ui"?tA(R,c,d,JSON.stringify({url:k,dom_id:"#swagger-ui",...l},(N,m)=>typeof m==="function"?void 0:m),b):oA(R,r,{spec:{url:k,...o.spec},...o,_integration:"elysiajs"},t),{headers:{"content-type":"text/html; charset=utf8"}});return M.get(i,C,{detail:{hide:!0}}).get(s,function(){let m=M.getGlobalRoutes();if(m.length!==g){let A=["GET","PUT","POST","DELETE","OPTIONS","HEAD","PATCH","TRACE"];g=m.length,m.forEach((H)=>{if(H.hooks?.detail?.hide===!0)return;if(w.includes(H.method))return;if(A.includes(H.method)===!1&&H.method!=="ALL")return;if(H.method==="ALL")A.forEach((D)=>{o_({schema:_,hook:H.hooks,method:D,path:H.path,models:M.getGlobalDefinitions?.().type,contentType:H.hooks.type})});else o_({schema:_,hook:H.hooks,method:H.method,path:H.path,models:M.getGlobalDefinitions?.().type,contentType:H.hooks.type})})}return{openapi:"3.0.3",...{...a,tags:a.tags?.filter((A)=>!h?.includes(A?.name)),info:{title:"Elysia Documentation",description:"Development documentation",version:"0.0.0",...a.info}},paths:{...iA(_,{excludeStaticFile:e,exclude:Array.isArray(f)?f:[f]}),...a.paths},components:{...a.components,schemas:{...M.getGlobalDefinitions?.().type,...a.components?.schemas}}}},{detail:{hide:!0}}),M};function Sl(n){if(n?.enabled===!1)return null;let r={path:n?.path??"/swagger",provider:n?.provider??"scalar",excludeStaticFile:n?.excludeStaticFile??!0,exclude:n?.exclude??[],documentation:{info:{title:n?.documentation?.info?.title??"Nucleus API",description:n?.documentation?.info?.description??"Auto-generated API documentation",version:n?.documentation?.info?.version??"1.0.0",contact:n?.documentation?.info?.contact,license:n?.documentation?.info?.license},tags:n?.documentation?.tags??[],servers:n?.documentation?.servers},scalarConfig:n?.scalarConfig};return c_(r)}Ie();Qd();ni();var HE=(n)=>{let r=new Map;for(let t of n){let o=r.get(t.table_name),a=t.columns??o?.columns;r.set(t.table_name,{...o||{},...t,columns:a})}return Array.from(r.values())},zE=(n)=>({table_name:n.table_name,excluded_methods:n.excluded_methods?[...n.excluded_methods]:void 0,columns:n.columns?n.columns.map((r)=>({name:r.name,type:r.type})):void 0}),UE=(n)=>{let r=[];for(let[t,o]of Object.entries(n)){if(!o||typeof o!=="object")continue;let a=o,c=a._;if(c?.name){r.push({table_name:c.name});continue}let e=Object.getOwnPropertySymbols(a);for(let i of e){let s=a[i];if(s&&typeof s==="object"){let f=s;if(f.name&&typeof f.name==="string"){r.push({table_name:f.name});break}}}}return r};async function BE(n){let r=new DE;if(r.get("/health",()=>({status:"ok",timestamp:Date.now()})),n.staticAssets!==!1){let E=Sn("path"),S=Sn("fs"),z;if(typeof n.staticAssets==="string")z=n.staticAssets;else{let U=E.join(process.cwd(),"public"),P="";for(let p of["nucleus-core-ts","nucleus-core"])try{let K=Sn.resolve(`${p}/package.json`),B=E.join(E.dirname(K),"public");if(S.existsSync(B)){P=B;break}}catch{}if(P)z=P;else if(S.existsSync(U))z=U;else z=U}try{r.use(await au({prefix:"/nucleus-core",assets:z}))}catch{}}let t=[],o,a=process.cwd();if(typeof n.options==="string"){let E=Sn("fs"),S=Sn("path"),z=S.isAbsolute(n.options)?n.options:S.resolve(process.cwd(),n.options);a=S.dirname(z);let U=E.readFileSync(z,"utf-8");o=JSON.parse(U)}else o=n.options;if(o.email?.gmail?.json_file_path){let E=Sn("path"),S=o.email.gmail.json_file_path;if(!E.isAbsolute(S))o.email.gmail.json_file_path=E.resolve(a,S)}let{authentication:c,audit:e,entities:i,database:s}=o,f=o.mode==="development",l=new Cr({service:o.appId||"nucleus",prettyPrint:f,colorize:f,auditEnabled:e?.enabled??!1}),d=ug(o);if(!d.valid){for(let E of d.errors)l.error(`[CONFIG] ${E.message}`,{field:E.field,envName:E.envName});throw Error("Nucleus configuration error: Missing required environment variables. Check logs for details.")}let{resolved:b}=d,w={access_token:c?.accessToken?.name||"access_token",refresh_token:c?.refreshToken?.name||"refresh_token",session_token:c?.sessionToken?.name||"session_token"},h=s?.schemas?.[0]||"main",_=ME(h);if(b.databaseUrl)await bg(b.databaseUrl,l);let g=b.databaseUrl?SE(b.databaseUrl):null,R={},k={};if(n.schema){let S=Sn("path").resolve(process.cwd(),n.schema),z=Sn(S);R=z.createAllTablesForSchema?z.createAllTablesForSchema(_):{}}if(n.relations){let S=Sn("path").resolve(process.cwd(),n.relations);k=Sn(S)}let M=Sl(n.swagger);if(M)r.use(M);let C=n.systemTables||[];t=Nf(o,C,"",h),l.info(`[AUTH] Built ${t.length} public routes`);let N=null,m=null,A=null,H=null;if(o.email?.gmail?.enabled&&o.email.gmail.json_file_path)l.info("[GmailService] Initializing...",{jsonFilePath:o.email.gmail.json_file_path,fromEmail:o.email.gmail.from_email}),H=new Jf({enabled:!0,jsonFilePath:o.email.gmail.json_file_path,fromEmail:o.email.gmail.from_email||"",fromName:o.email.gmail.from_name},l),l.info("[GmailService] isAvailable:",{available:H.isAvailable()});if(o.liveMonitoring?.enabled){let E=o.liveMonitoring.basePath||"/monitoring",S=o.liveMonitoring.streamInterval||150;r.use(Ag({getService:()=>A,logger:l,basePath:E,streamInterval:S}))}r.onStart(async()=>{tl(o);let E=Te();if(E&&o.rateLimit?.enabled!==!1)N=new Qf({redis:E,logger:l,config:o.rateLimit||{}}),l.info(`[RateLimit] Enabled with strategy: ${o.rateLimit?.strategy||"sliding-window"}`);if(E&&o.monitoring?.enabled){if(m=new Vf({redis:E,logger:l,gmail:H||void 0,config:o.monitoring,appId:o.appId}),m.start(),l.info("[Monitoring] Service started"),o.monitoring.endpoints?.enabled){let z={enabled:!0,basePath:o.monitoring.endpoints.basePath||"/monitoring",stream:{enabled:o.monitoring.endpoints.stream?.enabled!==!1,path:o.monitoring.endpoints.stream?.path||"/stream",interval:o.monitoring.endpoints.stream?.interval||"5s"},snapshot:{enabled:o.monitoring.endpoints.snapshot?.enabled!==!1,path:o.monitoring.endpoints.snapshot?.path||"/snapshot"},history:{enabled:o.monitoring.endpoints.history?.enabled!==!1,path:o.monitoring.endpoints.history?.path||"/history",maxMinutes:o.monitoring.endpoints.history?.maxMinutes||60},alerts:{enabled:o.monitoring.endpoints.alerts?.enabled!==!1,path:o.monitoring.endpoints.alerts?.path||"/alerts"}};r.use(ll({monitoringService:m,logger:l,endpoints:z}))}}if(o.liveMonitoring?.enabled)A=new Ce(o.liveMonitoring),A.start(),l.info("[LiveMonitoring] Service started");let S=c?.mode==="consumer";if(g&&n.schema&&!S){let P=await import(Sn("path").resolve(process.cwd(),n.schema)),p=R.auditLogs||P.auditLogs;if(e?.enabled&&p)l.addAuditTransport(new de({db:g,table:p,enabled:!0}));try{l.info(`Syncing schema to database (target: ${h})...`);let{sql:B}=await import("drizzle-orm");await g.execute(B.raw(`CREATE SCHEMA IF NOT EXISTS "${h}"`));try{let L=Object.fromEntries(Object.entries(R).filter(([q,F])=>{if(F===void 0||F===null)return!1;if(typeof F==="object"&&F!==null)return Object.getOwnPropertySymbols(F).length>0||F._!==void 0;return!1})),Y=Object.keys(L);l.info("[Schema] Tables to sync:",{tables:Y,count:Y.length});let Q=L.users;if(Q){let q=Object.getOwnPropertyNames(Q).filter((F)=>!F.startsWith("_"));l.info("[Schema] Users table columns:",{columns:q})}await(await EE({schema:_,...L},g,[h])).apply(),l.info("[Schema] pushSchema completed successfully")}catch(L){let Y=L instanceof Error?L.message:String(L);l.warn(`[Schema] pushSchema warning: ${Y}`)}console.log("Schema sync completed")}catch(B){let L=B instanceof Error?B.message:String(B);console.error("Schema sync failed:",L)}if(console.log("Database connection established"),o.authorization?.enabled){let B={...ib,...o.authorization};if(B.autoSeedClaims){let L=UE(R),Y=qe.map((q)=>zE(q)),Q=o.entities||[],V=HE([...L,...Q,...Y,...n.systemTables||[]]);l.info("[Authorization] Seeding claims...",{schemaEntities:L.length,systemEntities:Y.length,configEntities:Q.length,totalEntities:V.length}),await yu(g,R,k,V,B,l)}if(B.godminEmail&&B.godminPassword)l.info("[Authorization] Setting up godmin..."),await rb(g,R,B,l);l.info("[Authorization] Enabled")}let K=R.userSessions;if(K&&o.authentication?.sessions?.enabled){let{lt:B}=await import("drizzle-orm"),L=await g.update(K).set({isActive:!1,revokedAt:new Date,revokedReason:"expired"}).where(ie($r(K.isActive,!0),B(K.expiresAt,new Date)));l.info("[AUTH] Expired sessions cleanup completed",{expiredCount:L}),setInterval(async()=>{try{await g.update(K).set({isActive:!1,revokedAt:new Date,revokedReason:"expired"}).where(ie($r(K.isActive,!0),B(K.expiresAt,new Date)))}catch(Y){l.warn("[AUTH] Session cleanup failed",{error:Y})}},3600000)}}}).onRequest(async({request:E,set:S})=>{let z=Date.now();E.headers.set("x-request-start-time",String(z));let U=new URL(E.url),P=U.pathname,p=E.method,K=U.search,B=E.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||E.headers.get("x-real-ip")?.trim()||"unknown",L=E.headers.get("user-agent")||"unknown",Y,Q={};if(E.method!=="GET"&&E.method!=="HEAD")try{let v=await E.clone().text();Q=v?JSON.parse(v):{}}catch{Q={}}let V=e?.enabled?{id:kE(),user_id:"unknown",entity_name:P.split("/").filter(Boolean)[0]||"root",entity_id:null,operation_type:p,summary:"",old_values:{},new_values:Q,ip_address:B,user_agent:L,timestamp:new Date().toISOString(),path:P,query:K}:null,q=xf(t,P,p);if(N){let F=q?"public":"private",v;if(P.includes("/auth/login"))v="login";else if(P.includes("/auth/register"))v="register";else if(P.includes("/auth/password-reset"))v="passwordReset";else if(P.includes("/auth/magic-link"))v="magicLink";let dn=v?"auth":F,tn=await N.check({ip:B,endpoint:P,category:dn,authType:v}),un=N.getHeaders(tn);for(let[sn,Yn]of Object.entries(un))S.headers[sn]=Yn;if(!tn.allowed){if(S.status=429,tn.retryAfter)S.headers["Retry-After"]=String(tn.retryAfter);if(l.warn(`[RateLimit] Blocked request from ${B} to ${P}`),m)m.recordRateLimitBlock();return new Response(JSON.stringify({error:"Too Many Requests",retryAfter:tn.retryAfter}),{status:429,headers:{"Content-Type":"application/json"}})}}if(P==="/health")return;if(c?.enabled&&!q){if(!c.accessToken?.secret)return S.status=500,l.traceSync({message:"Authentication secrets not defined",level:"error",context:{path:P,method:p},audit:xt(V,"Authentication secrets not defined")}),Error("One or more authentication secrets are not defined");if(c.mode==="consumer"){Y=rl(E.headers,w);let v=so(Y.access_token||"",b.accessTokenSecret||"");if(!v.valid)return S.status=401,l.traceSync({message:"Invalid or missing access token",level:"warn",context:{path:P,method:p},audit:xt(V,"Invalid or missing access token")}),Error("Unauthenticated");let dn=v.payload.sub,tn=v.payload.roles,un=v.payload.claims;if(E.headers.set("x-access-token",Y.access_token||""),E.headers.set("x-user-id",dn||""),tn&&tn.length>0)E.headers.set("x-user-roles",tn.join(","));if(un&&un.length>0)E.headers.set("x-user-claims",un.join(","))}else{if(!c.refreshToken?.secret||!c.sessionToken?.secret)return S.status=500,l.traceSync({message:"Authentication secrets not defined",level:"error",context:{path:P,method:p},audit:xt(V,"Authentication secrets not defined")}),Error("One or more authentication secrets are not defined");if(Y=rl(E.headers,w),!Y.session_token)return S.status=401,l.traceSync({message:"No session token",level:"warn",context:{path:P,method:p},audit:xt(V,"No session token")}),Error("Unauthenticated");let v=await Qo({sessionId:Y.session_token});if(!v)return S.status=401,l.traceSync({message:"Invalid session",level:"warn",context:{path:P,method:p,sessionId:Y.session_token},audit:xt(V,"Invalid session")}),Error("Unauthenticated");let dn=R.userSessions;if(dn&&g){let T=(await g.select().from(dn).where($r(dn.id,Y.session_token)).limit(1))[0],Jn=T?.revokedAt!==null&&T?.revokedAt!==void 0&&!(typeof T?.revokedAt==="object"&&Object.keys(T.revokedAt).length===0);if(!T||T.isActive===!1||Jn)return S.status=401,l.traceSync({message:"Session revoked or inactive",level:"warn",context:{path:P,method:p,sessionId:Y.session_token,isActive:T?.isActive,revokedAt:T?.revokedAt},audit:xt(V,"Session revoked")}),Error("Session has been revoked");if(T.expiresAt&&new Date(T.expiresAt)<new Date)return S.status=401,l.traceSync({message:"Session expired",level:"warn",context:{path:P,method:p,sessionId:Y.session_token,expiresAt:T.expiresAt},audit:xt(V,"Session expired")}),Error("Session has expired")}if(v.lastActiveAt&&c.sessions?.inactivityTimeout){let _n=new Date(v.lastActiveAt).getTime(),T=st(c.sessions.inactivityTimeout)*1000;if(Date.now()-_n>T)return S.status=401,l.traceSync({message:"Session inactive timeout",level:"warn",context:{path:P,method:p,sessionId:Y.session_token,lastActiveAt:v.lastActiveAt},audit:xt(V,"Session inactive timeout")}),Error("Session expired due to inactivity")}Af(Y.session_token).catch(()=>{});let tn=R.userSessions;if(tn&&g)g.update(tn).set({lastActivityAt:new Date}).where($r(tn.id,Y.session_token)).catch(()=>{});let un=so(Y.access_token||"",b.accessTokenSecret||""),sn=Y.access_token?un.valid:!1,Yn=Y.refresh_token?so(Y.refresh_token,b.refreshTokenSecret||"").valid:!1;if(!sn&&Yn&&Y.refresh_token&&v.rememberMe===!0){let _n=await dg(v.userId,v.id,()=>fg({refreshTokenId:Y.refresh_token,options:o,sessionData:v}));if(_n.success&&_n.accessToken){Y.access_token=_n.accessToken;let T=`${w.access_token}=${_n.accessToken}; Path=/; HttpOnly; SameSite=Strict;Secure; Max-Age=${st(c.accessToken.expiresIn??"15m")}`;S.headers["Set-Cookie"]=T}}let fr=un.valid?un.payload.sub:v.userId,gn=un.valid?un.payload.roles:void 0,et=un.valid?un.payload.claims:void 0;if(E.headers.set("x-access-token",Y.access_token||""),E.headers.set("x-refresh-token",Y.refresh_token||""),E.headers.set("x-session-id",Y.session_token||""),E.headers.set("x-user-id",fr||""),gn&&gn.length>0)E.headers.set("x-user-roles",gn.join(","));if(et&&et.length>0)E.headers.set("x-user-claims",et.join(","))}}}).onAfterHandle(({request:E,set:S})=>{if(m){let z=E.headers.get("x-request-start-time"),U=z?parseInt(z,10):Date.now(),P=Date.now()-U,p=new URL(E.url),K=typeof S.status==="number"?S.status:200;m.recordRequest({endpoint:p.pathname,method:E.method,status:K,responseTimeMs:P,isError:K>=400,errorType:K>=500?"server_error":K>=400?"client_error":void 0})}if(A){let z=new URL(E.url),U={};E.headers.forEach((P,p)=>{U[p]=P}),A.recordRequest({path:z.pathname,method:E.method,timestamp:Date.now(),headers:U})}}).onError((E)=>{let{set:S,code:z,error:U}=E,P=typeof z==="number"?z:500,p=U instanceof Error?U.message:"Internal Server Error";return S.status=P,Response.json({isSuccess:!1,message:p,status:P,errors:[U],data:null})}),l.info("Creating routes for entities"),fl(r,{db:g,schemaTables:R,schemaRelations:k,entities:i,logger:l,databaseUrl:b.databaseUrl,storage:o.storage,authorization:o.authorization,emailServiceAvailable:!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path)});let D=c?.mode==="consumer";if(c?.enabled&&!D&&g){let E=R.users,S=R.userSessions||R.user_sessions||R.sessions;if(!S&&c.sessions?.enabled)l.warn("[AUTH] sessions is enabled but user_sessions table not found in schema. Disabling sessions.");if(E){tl(o);let{createAuthRoutes:z}=(Qd(),se(M2)),{signJWT:U,verifyJWT:P}=(Vo(),se(wu)),{generateSession:p,deleteSession:K}=(Rf(),se(Iu));z(r,{authConfig:{db:g,logger:l,usersTable:E,sessionsTable:S,userRolesTable:R.userRoles,rolesTable:R.roles,roleClaimsTable:R.roleClaims,claimsTable:R.claims,authentication:{enabled:c.enabled,accessToken:c.accessToken,refreshToken:c.refreshToken,sessionToken:c.sessionToken}},features:{login:c.login,register:c.register,logout:c.logout,refresh:c.refresh,passwordReset:(()=>{let B=!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path);if(c.passwordReset?.enabled&&!B)return l.warn("[AUTH] passwordReset is enabled but no email provider is configured. Disabling passwordReset."),{...c.passwordReset,enabled:!1};return c.passwordReset})(),passwordChange:c.passwordChange,passwordSet:c.passwordSet,sessions:c.sessions,magicLink:(()=>{let B=!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path);if(c.magicLink?.enabled&&!B)return l.warn("[AUTH] magicLink is enabled but no email provider is configured. Disabling magicLink."),{...c.magicLink,enabled:!1};return c.magicLink})(),me:c.me||{enabled:!0,route:"/auth/me"},invite:(()=>{let B=!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path);if(c.invite?.enabled&&!B)return l.warn("[AUTH] invite is enabled but no email provider is configured. Disabling invite."),{...c.invite,enabled:!1};return c.invite})(),captcha:c.captcha,oauth:c.oauth?.enabled&&b.oauthProviders?{...c.oauth,providers:b.oauthProviders}:void 0},sessionsTable:S,oauthAccountsTable:R.oauthAccounts,schemaTables:R,schemaRelations:k,databaseUrl:b.databaseUrl,admin:o.authorization?{impersonate:{enabled:!0},changeUserId:{enabled:!0}}:void 0,emailService:H,appName:o.appId,captchaService:(()=>{let B=Te();if(!c.captcha?.enabled||!B)return null;return new Wf({redis:{get:async(Y)=>{let Q=await B.read(Y);return Q.success?Q.data:null},set:async(Y,Q,V)=>{await B.create(Y,Q,V?.ex)},del:async(Y)=>{await B.remove(Y)}},logger:l,config:{enabled:!0,type:c.captcha.type||"math",difficulty:c.captcha.difficulty||"medium",expiresIn:c.captcha.expiresIn||"5m",maxAttempts:c.captcha.maxAttempts||3,caseSensitive:c.captcha.caseSensitive??!1}})})(),tokenResponseConfig:{accessToken:{setHeadersEnabled:c.accessToken?.setHeadersEnabled??!0,returnJson:c.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:c.refreshToken?.setHeadersEnabled??!0,returnJson:c.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:c.sessionToken?.setHeadersEnabled??!0,returnJson:c.sessionToken?.returnJson??!0}},helpers:{signAccessToken:(B,L,Y)=>U({subject:B,expiresInSeconds:st(c.accessToken?.expiresIn||"15m"),issuer:c.accessToken?.issuer,audience:c.accessToken?.audience,customClaims:{...L&&L.length>0?{roles:L}:{},...Y&&Y.length>0?{claims:Y}:{}}},b.accessTokenSecret||"",c.accessToken?.algorithm||"HS256"),signRefreshToken:(B)=>U({subject:B,expiresInSeconds:st(c.refreshToken?.expiresIn||"7d"),issuer:c.refreshToken?.issuer,audience:c.refreshToken?.audience},b.refreshTokenSecret||"",c.refreshToken?.algorithm||"HS256"),verifyRefreshToken:(B)=>P(B,b.refreshTokenSecret||""),createSession:async(B)=>{let L=await p({userId:B.userId,deviceInfo:B.deviceInfo});return L.success?L.session.id:""},destroySession:async(B)=>K({sessionId:B}),saveSessionToDb:async(B,L)=>{if(!S||!g)return;let Y=c.sessions,Q=L.deviceInfo||{},V=`${Q.browserName||""}-${Q.osName||""}-${Q.deviceType||""}`,q=await g.select().from(S).where(ie($r(S.userId,L.userId),$r(S.isActive,!0))),F=V&&!V.includes("--unknown")&&!V.includes("Bot/Crawler")&&!V.includes("Headless")&&V!=="--"&&V!=="--unknown",v=F?!q.some((Gn)=>Gn.deviceFingerprint===V):!1,dn=q.some((Gn)=>Gn.approvalStatus==="approved"),tn=Y?.trustNewDevices===!1&&v&&F&&dn;l.info("[AUTH] Device fingerprint analysis",{userId:L.userId,deviceFingerprint:V,hasValidFingerprint:F,isNewDevice:v,existingSessionCount:q.length,hasAnyApprovedSession:dn,requiresApproval:tn});let un=null,sn="approved";if(tn){let{randomBytes:Gn}=await import("crypto");un=Gn(32).toString("hex"),sn="pending",l.info("[AUTH] New device requires approval",{userId:L.userId,deviceFingerprint:V,ipAddress:Q.ipAddress})}let Yn=q.filter((Gn)=>{let qn=Gn,gr=qn.deviceFingerprint||"",Ar=qn.ipAddress||"";return(!gr||gr==="--"||gr==="--unknown"||gr.includes("Bot/Crawler")||gr.includes("Headless")||gr.includes("unknown-unknown"))&&(Ar==="127.0.0.1"||Ar==="::1"||Ar==="localhost"||!Ar)});if(Yn.length>0){for(let Gn of Yn)await g.update(S).set({isActive:!1,revokedAt:new Date,revokedReason:"bot_session_cleanup"}).where($r(S.id,Gn.id));l.info("[AUTH] Cleaned up stale bot/crawler sessions",{userId:L.userId,cleanedCount:Yn.length})}let fr=L.loginMethod==="impersonation"||L.loginMethod==="impersonation_stop";if(F&&!v&&!fr){let Gn=q.filter((qn)=>qn.deviceFingerprint===V);for(let qn of Gn)await g.update(S).set({isActive:!1,revokedAt:new Date,revokedReason:"relogin_same_device"}).where($r(S.id,qn.id));l.info("[AUTH] Revoked old sessions from same device",{userId:L.userId,deviceFingerprint:V,revokedCount:Gn.length})}if(!Y?.allowMultipleDevices&&q.length>0){if(q.filter((qn)=>qn.deviceFingerprint===V).length===0&&v)for(let qn of q)await g.update(S).set({isActive:!1,revokedAt:new Date,revokedReason:"new_device_login"}).where($r(S.id,qn.id))}if(Y?.maxActiveSessions){let{count:Gn}=await import("drizzle-orm"),gr=(await g.select({count:Gn()}).from(S).where(ie($r(S.userId,L.userId),$r(S.isActive,!0))))[0]?.count||0;if(gr>=Y.maxActiveSessions){let{asc:Ar}=await import("drizzle-orm"),Mt=await g.select().from(S).where(ie($r(S.userId,L.userId),$r(S.isActive,!0))).orderBy(Ar(S.createdAt)).limit(gr-Y.maxActiveSessions+1);for(let er of Mt)await g.update(S).set({isActive:!1,revokedAt:new Date,revokedReason:"max_sessions_exceeded"}).where($r(S.id,er.id))}}let gn=100;if(Q.isHeadless)gn-=50;if(Q.isBot)gn-=40;if(Q.isSuspicious)l.warn("[AUTH] Suspicious login detected",{userId:L.userId,suspiciousPatterns:Q.suspiciousPatterns,userAgent:Q.userAgent,ipAddress:Q.ipAddress});if(v)gn-=25;if(!Q.ipAddress||Q.ipAddress==="unknown")gn-=20;if(!Q.browserName)gn-=15;if(!Q.osName)gn-=15;if(!Q.deviceType||Q.deviceType==="unknown")gn-=10;if(!Q.deviceName||Q.deviceName==="Unknown Device")gn-=5;let et=V&&!V.includes("--unknown")&&V!=="--",_n=Q.ipAddress&&Q.ipAddress!=="unknown";if(et){if(q.filter((qn)=>qn.deviceFingerprint===V).length>0)gn+=20}if(_n){if(q.filter((qn)=>qn.ipAddress===Q.ipAddress).length>0)gn+=15}gn=Math.max(0,Math.min(100,gn));let T=50;if(await g.insert(S).values({id:B,userId:L.userId,tokenHash:B,deviceFingerprint:V,deviceName:Q.deviceName,deviceType:Q.deviceType,browserName:Q.browserName,browserVersion:Q.browserVersion,osName:Q.osName,osVersion:Q.osVersion,ipAddress:Q.ipAddress,locationCountry:Q.locationCountry,locationCity:Q.locationCity,loginMethod:L.loginMethod||"password",rememberMe:L.rememberMe??!1,trustScore:gn,lastActivityAt:new Date,createdAt:new Date,expiresAt:new Date(Date.now()+st(c.sessionToken?.expiresIn||"30d")*1000),isActive:sn==="approved",approvalStatus:sn,approvalToken:un,approvalRequestedAt:tn?new Date:null}),H&&(Y?.notifyOnNewDevice&&v||gn<T||tn)){let Gn=R.users;if(Gn){let gr=(await g.select().from(Gn).where($r(Gn.id,L.userId)).limit(1))[0];if(gr?.email){let Ar=gn<T,Mt=c.sessions?.approvalRedirectUrl||"http://localhost:3000/devices",er=un?`${Mt}?action=approve&token=${un}`:"",lr=un?`${Mt}?action=reject&token=${un}`:"",Rs,ks;if(tn)Rs="\uD83D\uDD10 New Device Login Requires Approval",ks=`
|
|
1526
|
+
</html>`;var El=Symbol.for("TypeBox.Kind"),cA=(n)=>n.split("/").map((r)=>{if(r.startsWith(":")){if(r=r.slice(1,r.length),r.endsWith("?"))r=r.slice(0,-1);r=`{${r}}`}return r}).join("/"),kl=(n,r,t)=>{if(r===void 0)return[];if(typeof r==="string")if(r in t)r=t[r];else throw Error(`Can't find model ${r}`);return Object.entries(r?.properties??[]).map(([o,a])=>{let{type:c=void 0,description:e,examples:i,...s}=a;return{description:e,examples:i,schema:{type:c,...s},in:n,name:o,required:r.required?.includes(o)??!1}})},Wc=(n,r)=>{if(typeof r==="object"&&["void","undefined","null"].includes(r.type))return;let t={};for(let o of n)t[o]={schema:typeof r==="string"?{$ref:`#/components/schemas/${r}`}:("$ref"in r)&&(El in r)&&r[El]==="Ref"?{...r,$ref:`#/components/schemas/${r.$ref}`}:aA({...r},{from:Rl.Ref(""),to:({$ref:a,...c})=>{if(!a.startsWith("#/components/schemas/"))return Rl.Ref(`#/components/schemas/${a}`,c);return Rl.Ref(a,c)}})};return t},t_=(n)=>n.charAt(0).toUpperCase()+n.slice(1),eA=(n,r)=>{let t=n.toLowerCase();if(r==="/")return t+"Index";for(let o of r.split("/"))if(o.charCodeAt(0)===123)t+="By"+t_(o.slice(1,-1));else t+=t_(o);return t},Ya=(n)=>{if(!n)return;if(typeof n==="string")return n;if(Array.isArray(n))return[...n];return{...n}},o_=({schema:n,path:r,method:t,hook:o,models:a})=>{if(o=Ya(o),o.parse&&!Array.isArray(o.parse))o.parse=[o.parse];let c=o.parse?.map((w)=>{switch(typeof w){case"string":return w;case"object":if(w&&typeof w?.fn!=="string")return;switch(w?.fn){case"json":case"application/json":return"application/json";case"text":case"text/plain":return"text/plain";case"urlencoded":case"application/x-www-form-urlencoded":return"application/x-www-form-urlencoded";case"arrayBuffer":case"application/octet-stream":return"application/octet-stream";case"formdata":case"multipart/form-data":return"multipart/form-data"}}}).filter((w)=>w!==void 0);if(!c||c.length===0)c=["application/json","multipart/form-data","text/plain"];r=cA(r);let e=typeof c==="string"?[c]:c??["application/json"],i=Ya(o?.body),s=Ya(o?.params),f=Ya(o?.headers),l=Ya(o?.query),d=Ya(o?.response);if(typeof d==="object")if(El in d){let{type:w,properties:h,required:_,additionalProperties:g,patternProperties:R,$ref:k,...M}=d;d={"200":{...M,description:M.description,content:Wc(e,w==="object"||w==="array"?{type:w,properties:h,patternProperties:R,items:d.items,required:_}:d)}}}else Object.entries(d).forEach(([w,h])=>{if(typeof h==="string"){if(!a[h])return;let{type:_,properties:g,required:R,additionalProperties:k,patternProperties:M,...C}=a[h];d[w]={...C,description:C.description,content:Wc(e,h)}}else{let{type:_,properties:g,required:R,additionalProperties:k,patternProperties:M,...C}=h;d[w]={...C,description:C.description,content:Wc(e,_==="object"||_==="array"?{type:_,properties:g,patternProperties:M,items:h.items,required:R}:h)}}});else if(typeof d==="string"){if(!(d in a))return;let{type:w,properties:h,required:_,$ref:g,additionalProperties:R,patternProperties:k,...M}=a[d];d={"200":{...M,content:Wc(e,d)}}}let b=[...kl("header",f,a),...kl("path",s,a),...kl("query",l,a)];n[r]={...n[r]?n[r]:{},[t.toLowerCase()]:{...f||s||l||i?{parameters:b}:{},...d?{responses:d}:{},operationId:o?.detail?.operationId??eA(t,r),...o?.detail,...i?{requestBody:{required:!0,content:Wc(e,typeof i==="string"?{$ref:`#/components/schemas/${i}`}:i)}}:null}}},iA=(n,{excludeStaticFile:r=!0,exclude:t=[]})=>{let o={};for(let[a,c]of Object.entries(n))if(!t.some((e)=>{if(typeof e==="string")return a===e;return e.test(a)})&&!a.includes("*")&&(r?!a.includes("."):!0))Object.keys(c).forEach((e)=>{let i=c[e];if(a.includes("{")){if(!i.parameters)i.parameters=[];i.parameters=[...a.split("/").filter((s)=>s.startsWith("{")&&!i.parameters.find((f)=>f.in==="path"&&f.name===s.slice(1,s.length-1))).map((s)=>({schema:{type:"string"},in:"path",name:s.slice(1,s.length-1),required:!0})),...i.parameters]}if(!i.responses)i.responses={200:{}}}),o[a]=c;return o},c_=({provider:n="scalar",scalarVersion:r="latest",scalarCDN:t="",scalarConfig:o={},documentation:a={},version:c="5.9.0",excludeStaticFile:e=!0,path:i="/swagger",specPath:s=`${i}/json`,exclude:f=[],swaggerOptions:l={},theme:d=`https://unpkg.com/swagger-ui-dist@${c}/swagger-ui.css`,autoDarkMode:b=!0,excludeMethods:w=["OPTIONS"],excludeTags:h=[]}={})=>{let _={},g=0;if(!c)c=`https://unpkg.com/swagger-ui-dist@${c}/swagger-ui.css`;let R={title:"Elysia Documentation",description:"Development documentation",version:"0.0.0",...a.info},k=s.startsWith("/")?s.slice(1):s,M=new nA({name:"@elysiajs/swagger"}),C=new Response(n==="swagger-ui"?tA(R,c,d,JSON.stringify({url:k,dom_id:"#swagger-ui",...l},(N,m)=>typeof m==="function"?void 0:m),b):oA(R,r,{spec:{url:k,...o.spec},...o,_integration:"elysiajs"},t),{headers:{"content-type":"text/html; charset=utf8"}});return M.get(i,C,{detail:{hide:!0}}).get(s,function(){let m=M.getGlobalRoutes();if(m.length!==g){let A=["GET","PUT","POST","DELETE","OPTIONS","HEAD","PATCH","TRACE"];g=m.length,m.forEach((H)=>{if(H.hooks?.detail?.hide===!0)return;if(w.includes(H.method))return;if(A.includes(H.method)===!1&&H.method!=="ALL")return;if(H.method==="ALL")A.forEach((D)=>{o_({schema:_,hook:H.hooks,method:D,path:H.path,models:M.getGlobalDefinitions?.().type,contentType:H.hooks.type})});else o_({schema:_,hook:H.hooks,method:H.method,path:H.path,models:M.getGlobalDefinitions?.().type,contentType:H.hooks.type})})}return{openapi:"3.0.3",...{...a,tags:a.tags?.filter((A)=>!h?.includes(A?.name)),info:{title:"Elysia Documentation",description:"Development documentation",version:"0.0.0",...a.info}},paths:{...iA(_,{excludeStaticFile:e,exclude:Array.isArray(f)?f:[f]}),...a.paths},components:{...a.components,schemas:{...M.getGlobalDefinitions?.().type,...a.components?.schemas}}}},{detail:{hide:!0}}),M};function Sl(n){if(n?.enabled===!1)return null;let r={path:n?.path??"/swagger",provider:n?.provider??"scalar",excludeStaticFile:n?.excludeStaticFile??!0,exclude:n?.exclude??[],documentation:{info:{title:n?.documentation?.info?.title??"Nucleus API",description:n?.documentation?.info?.description??"Auto-generated API documentation",version:n?.documentation?.info?.version??"1.0.0",contact:n?.documentation?.info?.contact,license:n?.documentation?.info?.license},tags:n?.documentation?.tags??[],servers:n?.documentation?.servers},scalarConfig:n?.scalarConfig};return c_(r)}Ie();Qd();ni();var HE=(n)=>{let r=new Map;for(let t of n){let o=r.get(t.table_name),a=t.columns??o?.columns;r.set(t.table_name,{...o||{},...t,columns:a})}return Array.from(r.values())},zE=(n)=>({table_name:n.table_name,excluded_methods:n.excluded_methods?[...n.excluded_methods]:void 0,columns:n.columns?n.columns.map((r)=>({name:r.name,type:r.type})):void 0}),UE=(n)=>{let r=[];for(let[t,o]of Object.entries(n)){if(!o||typeof o!=="object")continue;let a=o,c=a._;if(c?.name){r.push({table_name:c.name});continue}let e=Object.getOwnPropertySymbols(a);for(let i of e){let s=a[i];if(s&&typeof s==="object"){let f=s;if(f.name&&typeof f.name==="string"){r.push({table_name:f.name});break}}}}return r};async function BE(n){let r=new DE;if(r.get("/health",()=>({status:"ok",timestamp:Date.now()})),n.staticAssets!==!1){let E=Sn("path"),S=Sn("fs"),z;if(typeof n.staticAssets==="string")z=n.staticAssets;else{let U=E.join(process.cwd(),"public"),P="";for(let p of["nucleus-core-ts","nucleus-core"])try{let K=Sn.resolve(`${p}/package.json`),B=E.join(E.dirname(K),"public");if(S.existsSync(B)){P=B;break}}catch{}if(P)z=P;else if(S.existsSync(U))z=U;else z=U}try{r.use(await au({prefix:"/nucleus-core",assets:z}))}catch{}}let t=[],o,a=process.cwd();if(typeof n.options==="string"){let E=Sn("fs"),S=Sn("path"),z=S.isAbsolute(n.options)?n.options:S.resolve(process.cwd(),n.options);a=S.dirname(z);let U=E.readFileSync(z,"utf-8");o=JSON.parse(U)}else o=n.options;if(o.email?.gmail?.json_file_path){let E=Sn("path"),S=o.email.gmail.json_file_path;if(!E.isAbsolute(S))o.email.gmail.json_file_path=E.resolve(a,S)}let{authentication:c,audit:e,entities:i,database:s}=o,f=o.mode==="development",l=new Cr({service:o.appId||"nucleus",prettyPrint:f,colorize:f,auditEnabled:e?.enabled??!1}),d=ug(o);if(!d.valid){for(let E of d.errors)l.error(`[CONFIG] ${E.message}`,{field:E.field,envName:E.envName});throw Error("Nucleus configuration error: Missing required environment variables. Check logs for details.")}let{resolved:b}=d,w={access_token:c?.accessToken?.name||"access_token",refresh_token:c?.refreshToken?.name||"refresh_token",session_token:c?.sessionToken?.name||"session_token"},h=s?.schemas?.[0]||"main",_=ME(h);if(b.databaseUrl)await bg(b.databaseUrl,l);let g=b.databaseUrl?SE(b.databaseUrl):null,R={},k={};if(n.schema){let S=Sn("path").resolve(process.cwd(),n.schema),z=Sn(S);R=z.createAllTablesForSchema?z.createAllTablesForSchema(_):{}}if(n.relations){let S=Sn("path").resolve(process.cwd(),n.relations);k=Sn(S)}let M=Sl(n.swagger);if(M)r.use(M);let C=n.systemTables||[];t=Nf(o,C,"",h),l.info(`[AUTH] Built ${t.length} public routes`);let N=null,m=null,A=null,H=null;if(o.email?.gmail?.enabled&&o.email.gmail.json_file_path)l.info("[GmailService] Initializing...",{jsonFilePath:o.email.gmail.json_file_path,fromEmail:o.email.gmail.from_email}),H=new Jf({enabled:!0,jsonFilePath:o.email.gmail.json_file_path,fromEmail:o.email.gmail.from_email||"",fromName:o.email.gmail.from_name},l),l.info("[GmailService] isAvailable:",{available:H.isAvailable()});if(o.liveMonitoring?.enabled){let E=o.liveMonitoring.basePath||"/monitoring",S=o.liveMonitoring.streamInterval||150;r.use(Ag({getService:()=>A,logger:l,basePath:E,streamInterval:S}))}r.onStart(async()=>{tl(o);let E=Te();if(E&&o.rateLimit?.enabled!==!1)N=new Qf({redis:E,logger:l,config:o.rateLimit||{}}),l.info(`[RateLimit] Enabled with strategy: ${o.rateLimit?.strategy||"sliding-window"}`);if(E&&o.monitoring?.enabled){if(m=new Vf({redis:E,logger:l,gmail:H||void 0,config:o.monitoring,appId:o.appId}),m.start(),l.info("[Monitoring] Service started"),o.monitoring.endpoints?.enabled){let z={enabled:!0,basePath:o.monitoring.endpoints.basePath||"/monitoring",stream:{enabled:o.monitoring.endpoints.stream?.enabled!==!1,path:o.monitoring.endpoints.stream?.path||"/stream",interval:o.monitoring.endpoints.stream?.interval||"5s"},snapshot:{enabled:o.monitoring.endpoints.snapshot?.enabled!==!1,path:o.monitoring.endpoints.snapshot?.path||"/snapshot"},history:{enabled:o.monitoring.endpoints.history?.enabled!==!1,path:o.monitoring.endpoints.history?.path||"/history",maxMinutes:o.monitoring.endpoints.history?.maxMinutes||60},alerts:{enabled:o.monitoring.endpoints.alerts?.enabled!==!1,path:o.monitoring.endpoints.alerts?.path||"/alerts"}};r.use(ll({monitoringService:m,logger:l,endpoints:z}))}}if(o.liveMonitoring?.enabled)A=new Ce(o.liveMonitoring),A.start(),l.info("[LiveMonitoring] Service started");let S=c?.mode==="consumer";if(g&&n.schema&&!S){let P=await import(Sn("path").resolve(process.cwd(),n.schema)),p=R.auditLogs||P.auditLogs;if(e?.enabled&&p)l.addAuditTransport(new de({db:g,table:p,enabled:!0}));try{l.info(`Syncing schema to database (target: ${h})...`);let{sql:B}=await import("drizzle-orm");await g.execute(B.raw(`CREATE SCHEMA IF NOT EXISTS "${h}"`));try{let L=Object.fromEntries(Object.entries(R).filter(([q,F])=>{if(F===void 0||F===null)return!1;if(typeof F==="object"&&F!==null)return Object.getOwnPropertySymbols(F).length>0||F._!==void 0;return!1})),Y=Object.keys(L);l.info("[Schema] Tables to sync:",{tables:Y,count:Y.length});let Q=L.users;if(Q){let q=Object.getOwnPropertyNames(Q).filter((F)=>!F.startsWith("_"));l.info("[Schema] Users table columns:",{columns:q})}await(await EE({schema:_,...L},g,[h])).apply(),l.info("[Schema] pushSchema completed successfully")}catch(L){let Y=L instanceof Error?L.message:String(L);l.warn(`[Schema] pushSchema warning: ${Y}`)}console.log("Schema sync completed")}catch(B){let L=B instanceof Error?B.message:String(B);console.error("Schema sync failed:",L)}if(console.log("Database connection established"),o.authorization?.enabled){let B={...ib,...o.authorization};if(B.autoSeedClaims){let L=UE(R),Y=qe.map((q)=>zE(q)),Q=o.entities||[],V=HE([...L,...Q,...Y,...n.systemTables||[]]);l.info("[Authorization] Seeding claims...",{schemaEntities:L.length,systemEntities:Y.length,configEntities:Q.length,totalEntities:V.length}),await yu(g,R,k,V,B,l)}if(B.godminEmail&&B.godminPassword)l.info("[Authorization] Setting up godmin..."),await rb(g,R,B,l);l.info("[Authorization] Enabled")}let K=R.userSessions;if(K&&o.authentication?.sessions?.enabled){let{lt:B}=await import("drizzle-orm"),L=await g.update(K).set({isActive:!1,revokedAt:new Date,revokedReason:"expired"}).where(ie($r(K.isActive,!0),B(K.expiresAt,new Date)));l.info("[AUTH] Expired sessions cleanup completed",{expiredCount:L}),setInterval(async()=>{try{await g.update(K).set({isActive:!1,revokedAt:new Date,revokedReason:"expired"}).where(ie($r(K.isActive,!0),B(K.expiresAt,new Date)))}catch(Y){l.warn("[AUTH] Session cleanup failed",{error:Y})}},3600000)}}}).onRequest(async({request:E,set:S})=>{let z=Date.now();E.headers.set("x-request-start-time",String(z));let U=new URL(E.url),P=U.pathname,p=E.method,K=U.search,B=E.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||E.headers.get("x-real-ip")?.trim()||"unknown",L=E.headers.get("user-agent")||"unknown",Y,Q={};if(E.method!=="GET"&&E.method!=="HEAD")try{let v=await E.clone().text();Q=v?JSON.parse(v):{}}catch{Q={}}let V=e?.enabled?{id:kE(),user_id:"unknown",entity_name:P.split("/").filter(Boolean)[0]||"root",entity_id:null,operation_type:p,summary:"",old_values:{},new_values:Q,ip_address:B,user_agent:L,timestamp:new Date().toISOString(),path:P,query:K}:null,q=xf(t,P,p);if(N){let F=q?"public":"private",v;if(P.includes("/auth/login"))v="login";else if(P.includes("/auth/register"))v="register";else if(P.includes("/auth/password-reset"))v="passwordReset";else if(P.includes("/auth/magic-link"))v="magicLink";let dn=v?"auth":F,tn=await N.check({ip:B,endpoint:P,category:dn,authType:v}),un=N.getHeaders(tn);for(let[sn,Yn]of Object.entries(un))S.headers[sn]=Yn;if(!tn.allowed){if(S.status=429,tn.retryAfter)S.headers["Retry-After"]=String(tn.retryAfter);if(l.warn(`[RateLimit] Blocked request from ${B} to ${P}`),m)m.recordRateLimitBlock();return new Response(JSON.stringify({error:"Too Many Requests",retryAfter:tn.retryAfter}),{status:429,headers:{"Content-Type":"application/json"}})}}if(P==="/health")return;if(c?.enabled&&!q){if(!c.accessToken?.secret)return S.status=500,l.traceSync({message:"Authentication secrets not defined",level:"error",context:{path:P,method:p},audit:xt(V,"Authentication secrets not defined")}),Error("One or more authentication secrets are not defined");if(c.mode==="consumer"){Y=rl(E.headers,w);let v=so(Y.access_token||"",b.accessTokenSecret||"");if(!v.valid)return S.status=401,l.traceSync({message:"Invalid or missing access token",level:"warn",context:{path:P,method:p},audit:xt(V,"Invalid or missing access token")}),Error("Unauthenticated");let dn=v.payload.sub,tn=v.payload.roles,un=v.payload.claims;if(E.headers.set("x-access-token",Y.access_token||""),E.headers.set("x-user-id",dn||""),tn&&tn.length>0)E.headers.set("x-user-roles",tn.join(","));if(un&&un.length>0)E.headers.set("x-user-claims",un.join(","))}else{if(!c.refreshToken?.secret||!c.sessionToken?.secret)return S.status=500,l.traceSync({message:"Authentication secrets not defined",level:"error",context:{path:P,method:p},audit:xt(V,"Authentication secrets not defined")}),Error("One or more authentication secrets are not defined");if(Y=rl(E.headers,w),!Y.session_token)return S.status=401,l.traceSync({message:"No session token",level:"warn",context:{path:P,method:p},audit:xt(V,"No session token")}),Error("Unauthenticated");let v=await Qo({sessionId:Y.session_token});if(!v)return S.status=401,l.traceSync({message:"Invalid session",level:"warn",context:{path:P,method:p,sessionId:Y.session_token},audit:xt(V,"Invalid session")}),Error("Unauthenticated");let dn=R.userSessions;if(dn&&g){let T=(await g.select().from(dn).where($r(dn.id,Y.session_token)).limit(1))[0],Jn=T?.revokedAt!==null&&T?.revokedAt!==void 0&&!(typeof T?.revokedAt==="object"&&Object.keys(T.revokedAt).length===0);if(!T||T.isActive===!1||Jn)return S.status=401,l.traceSync({message:"Session revoked or inactive",level:"warn",context:{path:P,method:p,sessionId:Y.session_token,isActive:T?.isActive,revokedAt:T?.revokedAt},audit:xt(V,"Session revoked")}),Error("Session has been revoked");if(T.expiresAt&&new Date(T.expiresAt)<new Date)return S.status=401,l.traceSync({message:"Session expired",level:"warn",context:{path:P,method:p,sessionId:Y.session_token,expiresAt:T.expiresAt},audit:xt(V,"Session expired")}),Error("Session has expired")}if(v.lastActiveAt&&c.sessions?.inactivityTimeout){let _n=new Date(v.lastActiveAt).getTime(),T=st(c.sessions.inactivityTimeout)*1000;if(Date.now()-_n>T)return S.status=401,l.traceSync({message:"Session inactive timeout",level:"warn",context:{path:P,method:p,sessionId:Y.session_token,lastActiveAt:v.lastActiveAt},audit:xt(V,"Session inactive timeout")}),Error("Session expired due to inactivity")}Af(Y.session_token).catch(()=>{});let tn=R.userSessions;if(tn&&g)g.update(tn).set({lastActivityAt:new Date}).where($r(tn.id,Y.session_token)).catch(()=>{});let un=so(Y.access_token||"",b.accessTokenSecret||""),sn=Y.access_token?un.valid:!1,Yn=Y.refresh_token?so(Y.refresh_token,b.refreshTokenSecret||"").valid:!1;if(!sn&&Yn&&Y.refresh_token&&v.rememberMe===!0){let _n=await dg(v.userId,v.id,()=>fg({refreshTokenId:Y.refresh_token,options:o,sessionData:v}));if(_n.success&&_n.accessToken){Y.access_token=_n.accessToken;let T=`${w.access_token}=${_n.accessToken}; Path=/; HttpOnly; SameSite=Strict;Secure; Max-Age=${st(c.accessToken.expiresIn??"15m")}`;S.headers["Set-Cookie"]=T}}let fr=un.valid?un.payload.sub:v.userId,gn=un.valid?un.payload.roles:void 0,et=un.valid?un.payload.claims:void 0;if(E.headers.set("x-access-token",Y.access_token||""),E.headers.set("x-refresh-token",Y.refresh_token||""),E.headers.set("x-session-id",Y.session_token||""),E.headers.set("x-user-id",fr||""),gn&&gn.length>0)E.headers.set("x-user-roles",gn.join(","));if(et&&et.length>0)E.headers.set("x-user-claims",et.join(","))}}}).onAfterHandle(({request:E,set:S})=>{if(m){let z=E.headers.get("x-request-start-time"),U=z?parseInt(z,10):Date.now(),P=Date.now()-U,p=new URL(E.url),K=typeof S.status==="number"?S.status:200;m.recordRequest({endpoint:p.pathname,method:E.method,status:K,responseTimeMs:P,isError:K>=400,errorType:K>=500?"server_error":K>=400?"client_error":void 0})}if(A){let z=new URL(E.url),U={};E.headers.forEach((P,p)=>{U[p]=P}),A.recordRequest({path:z.pathname,method:E.method,timestamp:Date.now(),headers:U})}}).onError((E)=>{let{set:S,code:z,error:U}=E,P=typeof z==="number"?z:500,p=U instanceof Error?U.message:"Internal Server Error";return S.status=P,Response.json({isSuccess:!1,message:p,status:P,errors:[U],data:null})}),l.info("Creating routes for entities"),fl(r,{db:g,schemaTables:R,schemaRelations:k,entities:i,logger:l,databaseUrl:b.databaseUrl,storage:o.storage,authorization:o.authorization,emailServiceAvailable:!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path)});let D=c?.mode==="consumer";if(c?.enabled&&!D&&g){let E=R.users,S=R.userSessions||R.user_sessions||R.sessions;if(!S&&c.sessions?.enabled)l.warn("[AUTH] sessions is enabled but user_sessions table not found in schema. Disabling sessions.");if(E){tl(o);let{createAuthRoutes:z}=(Qd(),se(M2)),{signJWT:U,verifyJWT:P}=(Vo(),se(wu)),{generateSession:p,deleteSession:K}=(Rf(),se(Iu));z(r,{authConfig:{db:g,logger:l,usersTable:E,sessionsTable:S,userRolesTable:R.userRoles,rolesTable:R.roles,roleClaimsTable:R.roleClaims,claimsTable:R.claims,authentication:{enabled:c.enabled,accessToken:c.accessToken,refreshToken:c.refreshToken,sessionToken:c.sessionToken}},features:{login:c.login,register:c.register,logout:c.logout,refresh:c.refresh,passwordReset:(()=>{let B=!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path);if(c.passwordReset?.enabled&&!B)return l.warn("[AUTH] passwordReset is enabled but no email provider is configured. Disabling passwordReset."),{...c.passwordReset,enabled:!1};return c.passwordReset})(),passwordChange:c.passwordChange,passwordSet:c.passwordSet,sessions:c.sessions,magicLink:(()=>{let B=!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path);if(c.magicLink?.enabled&&!B)return l.warn("[AUTH] magicLink is enabled but no email provider is configured. Disabling magicLink."),{...c.magicLink,enabled:!1};return c.magicLink})(),me:c.me||{enabled:!0,route:"/auth/me"},invite:(()=>{let B=!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path);if(c.invite?.enabled&&!B)return l.warn("[AUTH] invite is enabled but no email provider is configured. Disabling invite."),{...c.invite,enabled:!1};return c.invite})(),captcha:c.captcha,oauth:c.oauth?.enabled&&b.oauthProviders?{...c.oauth,providers:b.oauthProviders}:void 0},sessionsTable:S,oauthAccountsTable:R.oauthAccounts,schemaTables:R,schemaRelations:k,databaseUrl:b.databaseUrl,admin:{impersonate:{enabled:!0},changeUserId:{enabled:!0}},emailService:H,appName:o.appId,captchaService:(()=>{let B=Te();if(!c.captcha?.enabled||!B)return null;return new Wf({redis:{get:async(Y)=>{let Q=await B.read(Y);return Q.success?Q.data:null},set:async(Y,Q,V)=>{await B.create(Y,Q,V?.ex)},del:async(Y)=>{await B.remove(Y)}},logger:l,config:{enabled:!0,type:c.captcha.type||"math",difficulty:c.captcha.difficulty||"medium",expiresIn:c.captcha.expiresIn||"5m",maxAttempts:c.captcha.maxAttempts||3,caseSensitive:c.captcha.caseSensitive??!1}})})(),tokenResponseConfig:{accessToken:{setHeadersEnabled:c.accessToken?.setHeadersEnabled??!0,returnJson:c.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:c.refreshToken?.setHeadersEnabled??!0,returnJson:c.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:c.sessionToken?.setHeadersEnabled??!0,returnJson:c.sessionToken?.returnJson??!0}},helpers:{signAccessToken:(B,L,Y)=>U({subject:B,expiresInSeconds:st(c.accessToken?.expiresIn||"15m"),issuer:c.accessToken?.issuer,audience:c.accessToken?.audience,customClaims:{...L&&L.length>0?{roles:L}:{},...Y&&Y.length>0?{claims:Y}:{}}},b.accessTokenSecret||"",c.accessToken?.algorithm||"HS256"),signRefreshToken:(B)=>U({subject:B,expiresInSeconds:st(c.refreshToken?.expiresIn||"7d"),issuer:c.refreshToken?.issuer,audience:c.refreshToken?.audience},b.refreshTokenSecret||"",c.refreshToken?.algorithm||"HS256"),verifyRefreshToken:(B)=>P(B,b.refreshTokenSecret||""),createSession:async(B)=>{let L=await p({userId:B.userId,deviceInfo:B.deviceInfo});return L.success?L.session.id:""},destroySession:async(B)=>K({sessionId:B}),saveSessionToDb:async(B,L)=>{if(!S||!g)return;let Y=c.sessions,Q=L.deviceInfo||{},V=`${Q.browserName||""}-${Q.osName||""}-${Q.deviceType||""}`,q=await g.select().from(S).where(ie($r(S.userId,L.userId),$r(S.isActive,!0))),F=V&&!V.includes("--unknown")&&!V.includes("Bot/Crawler")&&!V.includes("Headless")&&V!=="--"&&V!=="--unknown",v=F?!q.some((Gn)=>Gn.deviceFingerprint===V):!1,dn=q.some((Gn)=>Gn.approvalStatus==="approved"),tn=Y?.trustNewDevices===!1&&v&&F&&dn;l.info("[AUTH] Device fingerprint analysis",{userId:L.userId,deviceFingerprint:V,hasValidFingerprint:F,isNewDevice:v,existingSessionCount:q.length,hasAnyApprovedSession:dn,requiresApproval:tn});let un=null,sn="approved";if(tn){let{randomBytes:Gn}=await import("crypto");un=Gn(32).toString("hex"),sn="pending",l.info("[AUTH] New device requires approval",{userId:L.userId,deviceFingerprint:V,ipAddress:Q.ipAddress})}let Yn=q.filter((Gn)=>{let qn=Gn,gr=qn.deviceFingerprint||"",Ar=qn.ipAddress||"";return(!gr||gr==="--"||gr==="--unknown"||gr.includes("Bot/Crawler")||gr.includes("Headless")||gr.includes("unknown-unknown"))&&(Ar==="127.0.0.1"||Ar==="::1"||Ar==="localhost"||!Ar)});if(Yn.length>0){for(let Gn of Yn)await g.update(S).set({isActive:!1,revokedAt:new Date,revokedReason:"bot_session_cleanup"}).where($r(S.id,Gn.id));l.info("[AUTH] Cleaned up stale bot/crawler sessions",{userId:L.userId,cleanedCount:Yn.length})}let fr=L.loginMethod==="impersonation"||L.loginMethod==="impersonation_stop";if(F&&!v&&!fr){let Gn=q.filter((qn)=>qn.deviceFingerprint===V);for(let qn of Gn)await g.update(S).set({isActive:!1,revokedAt:new Date,revokedReason:"relogin_same_device"}).where($r(S.id,qn.id));l.info("[AUTH] Revoked old sessions from same device",{userId:L.userId,deviceFingerprint:V,revokedCount:Gn.length})}if(!Y?.allowMultipleDevices&&q.length>0){if(q.filter((qn)=>qn.deviceFingerprint===V).length===0&&v)for(let qn of q)await g.update(S).set({isActive:!1,revokedAt:new Date,revokedReason:"new_device_login"}).where($r(S.id,qn.id))}if(Y?.maxActiveSessions){let{count:Gn}=await import("drizzle-orm"),gr=(await g.select({count:Gn()}).from(S).where(ie($r(S.userId,L.userId),$r(S.isActive,!0))))[0]?.count||0;if(gr>=Y.maxActiveSessions){let{asc:Ar}=await import("drizzle-orm"),Mt=await g.select().from(S).where(ie($r(S.userId,L.userId),$r(S.isActive,!0))).orderBy(Ar(S.createdAt)).limit(gr-Y.maxActiveSessions+1);for(let er of Mt)await g.update(S).set({isActive:!1,revokedAt:new Date,revokedReason:"max_sessions_exceeded"}).where($r(S.id,er.id))}}let gn=100;if(Q.isHeadless)gn-=50;if(Q.isBot)gn-=40;if(Q.isSuspicious)l.warn("[AUTH] Suspicious login detected",{userId:L.userId,suspiciousPatterns:Q.suspiciousPatterns,userAgent:Q.userAgent,ipAddress:Q.ipAddress});if(v)gn-=25;if(!Q.ipAddress||Q.ipAddress==="unknown")gn-=20;if(!Q.browserName)gn-=15;if(!Q.osName)gn-=15;if(!Q.deviceType||Q.deviceType==="unknown")gn-=10;if(!Q.deviceName||Q.deviceName==="Unknown Device")gn-=5;let et=V&&!V.includes("--unknown")&&V!=="--",_n=Q.ipAddress&&Q.ipAddress!=="unknown";if(et){if(q.filter((qn)=>qn.deviceFingerprint===V).length>0)gn+=20}if(_n){if(q.filter((qn)=>qn.ipAddress===Q.ipAddress).length>0)gn+=15}gn=Math.max(0,Math.min(100,gn));let T=50;if(await g.insert(S).values({id:B,userId:L.userId,tokenHash:B,deviceFingerprint:V,deviceName:Q.deviceName,deviceType:Q.deviceType,browserName:Q.browserName,browserVersion:Q.browserVersion,osName:Q.osName,osVersion:Q.osVersion,ipAddress:Q.ipAddress,locationCountry:Q.locationCountry,locationCity:Q.locationCity,loginMethod:L.loginMethod||"password",rememberMe:L.rememberMe??!1,trustScore:gn,lastActivityAt:new Date,createdAt:new Date,expiresAt:new Date(Date.now()+st(c.sessionToken?.expiresIn||"30d")*1000),isActive:sn==="approved",approvalStatus:sn,approvalToken:un,approvalRequestedAt:tn?new Date:null}),H&&(Y?.notifyOnNewDevice&&v||gn<T||tn)){let Gn=R.users;if(Gn){let gr=(await g.select().from(Gn).where($r(Gn.id,L.userId)).limit(1))[0];if(gr?.email){let Ar=gn<T,Mt=c.sessions?.approvalRedirectUrl||"http://localhost:3000/devices",er=un?`${Mt}?action=approve&token=${un}`:"",lr=un?`${Mt}?action=reject&token=${un}`:"",Rs,ks;if(tn)Rs="\uD83D\uDD10 New Device Login Requires Approval",ks=`
|
|
1527
1527
|
<h2>\uD83D\uDD10 New Device Login Requires Your Approval</h2>
|
|
1528
1528
|
<p>Someone is trying to log into your account from a new device:</p>
|
|
1529
1529
|
<ul>
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "nucleus-core-ts",
|
|
3
|
-
"version": "0.8.
|
|
3
|
+
"version": "0.8.88",
|
|
4
4
|
"description": "Production-ready, enterprise-grade TypeScript framework for building multi-tenant APIs",
|
|
5
5
|
"author": "Hidayet Can Özcan <hidayetcan@gmail.com>",
|
|
6
6
|
"license": "SEE LICENSE IN LICENSE",
|