sumba 2.30.0 → 2.32.0

package/extend/bajo/hook.js

@@ -1,4 +1,3 @@
-import { checkUserId, checkTeam, checkXSite, checkTheme, checkIconset } from '../../lib/util.js'
 import { removeRefs } from '../../lib/remove-site.js'
 import { getAllFixtures, createRefs } from '../../lib/create-new-site.js'
 import path from 'path'
@@ -22,8 +21,9 @@ async function clearCacheUser (id, result) {
 }
 
 async function applyModelGuard ({ model, q, teamIds, options }) {
-  const { get, set, orderBy, without } = this.app.lib._
+  const { set, orderBy } = this.app.lib._
   const { includes } = this.app.lib.aneka
+  const { sanitizeByType } = this.app.dobo
   const { req } = options
   const results = []
 
@@ -32,24 +32,29 @@ async function applyModelGuard ({ model, q, teamIds, options }) {
   const filterFn = item => {
     const bySiteId = item.siteId === req.site.id + ''
     const byModel = item.models.includes(model.name)
-    const byTeamId = includes(item.teamIds, teamIds)
     const byFields = fields.includes(item.field)
-    return bySiteId && byModel && byTeamId && byFields
+    return bySiteId && byModel && byFields
   }
 
   const rules = orderBy(guards.filter(filterFn), ['field'])
   for (const field of fields) {
-    let values = []
+    if (!model.getNonVirtualProperties(true).includes(field)) continue // or, should it throws exception instead?
+    const prop = model.getProperty(field)
     const items = rules.filter(item => item.field === field)
     for (const item of items) {
-      if (item.behavior === 'NIN') values = without(values, ...item.value)
-      else if (item.behavior === 'IN') values.push(...item.value)
+      const values = item.value.map(val => {
+        return sanitizeByType(val, prop.type, { strict: true, inputFormat: 'string', model: model.name })
+      })
+      const op = item.condition.toLowerCase()
+      let value
+      if (['in', 'nin'].includes(op)) value = set({}, '$' + op, values)
+      else if (op === 'between') value = { $gte: values[0], $lte: values[1] }
+      else value = set({}, '$' + op, values[0])
+      const teamOk = item.allTeams ? true : (item.teamIds.length === 0 ? false : includes(item.teamIds, teamIds))
+      if (!teamOk) throw this.error('_abortAction')
+      results.push(set({}, field, value))
     }
-    if (values.length) results.push(set({}, field, { $in: values }))
   }
-
-  const allowEmpty = get(this, `config.dobo.model.${model.name}.allowEmptyQuery`, true)
-  if (results.length === 0 && !allowEmpty) throw this.error('_emptyColumnQuery') // signal driver to about with no result immediately
   q.$and.push(...results)
 }
 
@@ -63,20 +68,19 @@ export async function applyAttribGuard ({ model, teamIds, options }) {
   const filterFn = item => {
     const bySiteId = item.siteId === req.site.id + ''
     const byModel = item.models.includes(model.name)
-    const byTeamId = includes(item.teamIds, teamIds)
+    const byTeamId = item.allTeams ? true : includes(item.teamIds, teamIds)
     return bySiteId && byModel && byTeamId
   }
-
-  const item = guards.filter(filterFn)[0]
-  if (item) results.push(...item.hiddenFields)
+  guards.filter(filterFn).forEach(item => results.push(...item.hiddenFields))
   options.hidden = options.hidden ?? []
-  if (results.length > 0) options.hidden.push(...results)
+  options.hidden.push(...results)
   options.hidden = uniq(options.hidden)
 }
 
 async function rebuildFilter (model, filter = {}, options = {}) {
   const { isEmpty, get } = this.app.lib._
   const { req } = options
+  const allowEmpty = !get(this, `app.${model.ns}.config.sumba.allowEmptyQuery`, []).includes(model.name)
   const hasSiteId = model.hasProperty('siteId')
   const hasUserId = model.hasProperty('userId')
   const hasTeamId = model.hasProperty('teamId')
@@ -90,13 +94,17 @@ async function rebuildFilter (model, filter = {}, options = {}) {
     if (filter.query.$and) q.$and.push(...filter.query.$and)
     else q.$and.push(filter.query)
   }
-  if (req.routeOptions.config.xSite) return
+  if (req.routeOptions.config.xSite) {
+    filter.query = q
+    return
+  }
   if (hasSiteId) q.$and.push({ siteId: req.site.id + '' })
   if (aliases.includes('administrator')) {
     filter.query = q
     return
   }
-  if (!req.user) {
+  if (isEmpty(req.user)) {
+    if (q.$and.length === 0 && !allowEmpty) throw this.error('_emptyColumnQuery')
     filter.query = q
     return
   }
@@ -120,8 +128,9 @@ async function rebuildFilter (model, filter = {}, options = {}) {
     else q.$and.push(condTeamId)
   } else if (hasUserId) q.$and.push(condUserId)
 
-  await applyModelGuard.call(this, { model, q, teamIds, options })
+  await applyModelGuard.call(this, { model, q, teamIds, options, allowEmpty })
   await applyAttribGuard.call(this, { model, teamIds, options })
+  if (q.$and.length === 0 && !allowEmpty) throw this.error('_emptyColumnQuery')
   filter.query = q
 }
 
@@ -338,30 +347,30 @@ async function hook () {
     level: 10,
     name: 'waibuMpa:preParsing',
     handler: async function (req, reply) {
-      await checkTheme.call(this, req, reply)
-      await checkIconset.call(this, req, reply)
-      const secure = await checkUserId.call(this, req, reply, 'waibuMpa')
+      await this.checkTheme(req, reply)
+      await this.checkIconset(req, reply)
+      const secure = await this.checkUser(req, reply, 'waibuMpa')
       if (!secure) return
-      await checkTeam.call(this, req, reply)
-      await checkXSite.call(this, req, reply)
+      await this.checkTeam(req, reply)
+      await this.checkXSite(req, reply)
     }
   }, {
     level: 10,
     name: 'waibuRestApi:preParsing',
     handler: async function (req, reply) {
-      const secure = await checkUserId.call(this, req, reply, 'waibuRestApi')
+      const secure = await this.checkUser(req, reply, 'waibuRestApi')
       if (!secure) return
-      await checkTeam.call(this, req, reply)
-      await checkXSite.call(this, req, reply)
+      await this.checkTeam(req, reply)
+      await this.checkXSite(req, reply)
     }
   }, {
     level: 10,
     name: 'waibuStatic:preParsing',
     handler: async function (req, reply) {
-      const secure = await checkUserId.call(this, req, reply, 'waibuStatic')
+      const secure = await this.checkUser(req, reply, 'waibuStatic')
       if (!secure) return
-      await checkTeam.call(this, req, reply)
-      await checkXSite.call(this, req, reply)
+      await this.checkTeam(req, reply)
+      await this.checkXSite(req, reply)
     }
   }, {
     name: 'waibu:afterAppBoot',

package/extend/bajo/intl/en-US.json

@@ -173,7 +173,9 @@
     "hiddenCols": "Hidden Columns",
     "models": "Models",
     "siteIds": "Sites",
-    "allTeams": "All Teams?"
+    "allTeams": "All Teams?",
+    "condition": "Condition",
+    "hiddenFields": "Hide Fields"
   },
   "validation": {
     "password": {

package/extend/bajo/intl/id.json

@@ -179,7 +179,9 @@
     "hiddenCols": "Kolom Tersembunyi",
     "models": "Model",
     "siteIds": "Situs",
-    "allTeams": "Semua Tim?"
+    "allTeams": "Semua Tim?",
+    "condition": "Kondisi",
+    "hiddenFields": "Sembunyikan Kolom"
   },
   "validation": {
     "password": {

package/extend/dobo/feature/lat-lng.js

@@ -1,4 +1,9 @@
-import { latLngHook } from '../../../lib/util.js'
+export async function latLngHook (body, options) {
+  const { isSet } = this.app.lib.aneka
+  const { round } = this.app.lib.aneka
+  if (!isSet(body[options.field])) return
+  body[options.field] = round(body[options.field], options.scale)
+}
 
 async function latLng (opts = {}) {
   const { merge } = this.app.lib._

package/extend/dobo/feature/lat.js

@@ -1,4 +1,4 @@
-import { latLngHook } from '../../../lib/util.js'
+import { latLngHook } from './lat-lng.js'
 
 async function lat (opts = {}) {
   opts.field = opts.field ?? 'lat'

package/extend/dobo/feature/lng.js

@@ -1,4 +1,4 @@
-import { latLngHook } from '../../../lib/util.js'
+import { latLngHook } from './lat-lng.js'
 
 async function lng (opts = {}) {
   opts.field = opts.field ?? 'lng'

package/extend/dobo/model.js

@@ -76,11 +76,11 @@ async function model () {
       },
       'field,,50,true,true',
       {
-        name: 'behavior',
+        name: 'condition',
         type: 'string',
         maxLength: 20,
         required: true,
-        values: ['IN', 'NIN'],
+        values: ['IN', 'NIN', 'EQ', 'NE', 'GT', 'GTE', 'LT', 'LTE', 'BETWEEN'],
         default: 'IN'
       },
       'value,array,,,true',

package/extend/dobo/model.json

@@ -125,6 +125,7 @@
     "sumba:siteId",
     "sumba:userId",
     "sumba:teamId",
+    "sumba:status",
     "dobo:immutable"
   ]
 }, {

package/extend/waibuDb/schema/team-user.js

@@ -2,7 +2,7 @@ async function teamUser () {
   return {
     common: {
       layout: [
-        { name: 'meta', fields: ['id', 'createdAt', 'updatedAt'] },
+        { name: 'meta', fields: ['id:3-md', 'createdAt:3-md', 'updatedAt:3-md', 'status:3-md'] },
         { name: 'general', fields: ['userId:6-md', 'teamId:6-md'] }
       ],
       widget: {
@@ -20,7 +20,7 @@ async function teamUser () {
     },
     view: {
       list: {
-        fields: ['userId', 'teamId', 'createdAt', 'updatedAt'],
+        fields: ['userId', 'teamId', 'status', 'createdAt', 'updatedAt'],
         stat: {
           aggregate: [
             { fields: ['userId'], group: 'userId', aggregate: ['count'] },

package/index.js

@@ -174,8 +174,7 @@ async function factory (pkgName) {
     }
 
     init = async () => {
-      const { getPluginDataDir } = this.app.bajo
-      this.downloadDir = `${getPluginDataDir(this.ns)}/download`
+      this.downloadDir = `${this.app.getPluginDataDir(this.ns)}/download`
       this.app.lib.fs.ensureDirSync(this.downloadDir)
       if (this.config.multiSite === true) {
         this.config.multiSite = cloneDeep(defMultiSite)
@@ -526,9 +525,8 @@ async function factory (pkgName) {
     }
 
     pushDownload = async ({ description, worker, data, source, req, file, type }) => {
-      const { getPlugin } = this.app.bajo
-      const { createRecord } = getPlugin('waibuDb')
-      const { push } = getPlugin('bajoQueue')
+      const { createRecord } = this.app.getPlugin('waibuDb')
+      const { push } = this.app.getPlugin('bajoQueue')
       description = description ?? file
       const jobQueue = {
         worker,
@@ -638,13 +636,21 @@ async function factory (pkgName) {
     _getGuards = (inputs = []) => {
       const { routePath } = this.app.waibu
       const { orderBy } = this.app.lib._
-      const normal = orderBy(inputs.filter(input => input.path[0] !== '!').map(result => {
-        result.path = routePath(result.path)
-        return result
+      const normal = orderBy(inputs.filter(input => {
+        try {
+          input.path = routePath(input.path)
+        } catch (err) {
+          return false
+        }
+        return input.path[0] !== '!'
       }), ['weight', 'path'], ['desc', 'asc'])
-      const inverse = orderBy(inputs.filter(input => input.path[0] === '!').map(result => {
-        result.path = routePath(result.path)
-        return result
+      const inverse = orderBy(inputs.filter(input => {
+        try {
+          input.path = routePath(input.path)
+        } catch (err) {
+          return false
+        }
+        return input.path[0] === '!'
       }), ['weight', 'path'], ['desc', 'asc'])
       return [...normal, ...inverse]
     }
@@ -673,7 +679,7 @@ async function factory (pkgName) {
     getAttribGuards = async (reread) => {
       if (!reread) return this.attribGuards
 
-      this.attribGuards = await this._fetchGuards('Model')
+      this.attribGuards = await this._fetchGuards('Attrib')
       return this.attribGuards
     }
 
@@ -682,6 +688,155 @@ async function factory (pkgName) {
       return asValue ? values.map(item => ({ value: item, text: item })) : values
     }
 
+    pathsToCheck = (req) => {
+      const { uniq, without } = this.app.lib._
+      const items = [req.routeOptions.url, req.url].map(url => url.split('?')[0].split('#')[0])
+      return uniq(without(items, undefined, null))
+    }
+
+    checkIconset = async (req, reply) => {
+      const { get, isString } = this.app.lib._
+      const mpa = this.app.waibuMpa
+
+      if (!req.site) return
+      const siteIconset = get(req, 'site.setting.waibuMpa.iconset')
+      req.iconset = siteIconset ?? get(mpa, 'config.iconset.set', 'default')
+      const hiconset = req.headers['x-iconset']
+      if (isString(hiconset) && mpa.getIconset(hiconset)) req.iconset = hiconset
+      req.iconset = req.iconset ?? 'default'
+    }
+
+    checkTheme = async (req, reply) => {
+      const { get, isString } = this.app.lib._
+      const mpa = this.app.waibuMpa
+
+      if (!req.site) return
+      const siteTheme = get(req, 'site.setting.waibuMpa.theme')
+      req.theme = siteTheme ?? get(mpa, 'config.theme.set', 'default')
+      const htheme = req.headers['x-theme']
+      if (isString(htheme) && mpa.getTheme(htheme)) req.theme = htheme
+      req.theme = req.theme ?? 'default'
+    }
+
+    checkTeam = async (req, reply) => {
+      const { includes } = this.app.lib.aneka
+      const { outmatch } = this.app.lib
+
+      if (req.user.isAdmin) return
+      if (req.routeOptions.config.xSite && req.user.isXSiteAdmin) return
+
+      const teamIds = req.user.teams.map(item => item.id + '')
+      if (req.user.teams.map(item => item.alias).length === 0) throw this.error('accessDenied', { statusCode: 403 })
+
+      const paths = this.pathsToCheck(req)
+      const results = (await this.getSecureGuards()).filter(item => {
+        if (item.siteId !== req.site.id + '' || item.path[0] === '!') return false
+        return paths.some(outmatch([item.path]))
+      })
+      for (const result of results) {
+        if (result.allTeams) continue
+        if (!includes(teamIds, result.teamIds)) throw this.error('accessDenied', { statusCode: 403 })
+      }
+      // passed
+    }
+
+    checkUser = async (req, reply, source) => {
+      const { merge, isEmpty, camelCase, get } = this.app.lib._
+      const { routePath } = this.app.waibu
+      const userId = get(req, 'session.userId')
+
+      const setUser = async () => {
+        if (!userId) return
+        try {
+          const user = await this.getUserById(userId, req)
+          if (user) req.user = user
+          else req.session.userId = null
+        } catch (err) {
+          console.log(err)
+          req.session.userId = null
+        }
+      }
+
+      if (req.session) req.session.siteId = req.site.id
+
+      const webApp = get(req, 'routeOptions.config.webApp', 'waibu')
+      if (!req.routeOptions.url) {
+        if (!req.session) return
+        await setUser()
+        return
+      }
+
+      const paths = this.pathsToCheck(req)
+      let guards = (await this.getAnonymousGuards()).filter(item => item.siteId === req.site.id + '')
+      const anonymous = this.checkRouteGuard(guards, paths)
+      if (anonymous) {
+        if (!userId) return false
+        req.session.ref = req.url
+        return reply.redirectTo(routePath(this.config.redirect.signout))
+      }
+      guards = (await this.getSecureGuards()).filter(item => item.siteId === req.site.id + '')
+      const secure = this.checkRouteGuard(guards, paths)
+      if (!secure) {
+        if (userId) await setUser()
+        return false // regular, unguarded path. Not secure & not anonymous path
+      }
+      if (userId) {
+        await setUser()
+        return secure
+      }
+      const silentOnError = this.config.auth[webApp].silentOnError ?? this.config.auth.common.silentOnError
+      const payload = silentOnError ? { noContent: true } : undefined
+      const authMethods = this.config.auth[webApp].methods ?? []
+      if (isEmpty(authMethods)) throw this.error('noAuthMethod', merge({ statusCode: 500 }, payload))
+      let success
+      for (const m of authMethods) {
+        const handler = this[camelCase(`verify ${m}`)]
+        if (!handler) throw this.error('invalidAuthMethod%s', m, merge({ statusCode: 500 }, payload))
+        const check = await handler(req, reply, source, payload)
+        if (check) {
+          success = check
+          break
+        }
+      }
+      if (!success) throw this.error('accessDeniedNoAuth', merge({ statusCode: 403 }, payload))
+      return secure
+    }
+
+    checkXSite = async (req, reply) => {
+      const { get } = this.app.lib._
+      if (!this.config.multiSite.enabled) return
+      if (!get(req, 'routeOptions.config.xSite')) return
+      if (!get(req, 'user.isXSiteAdmin')) throw this.error('accessDenied', { statusCode: 403 })
+    }
+
+    parseNsSettings = (ns, setting, items) => {
+      const { trim, set, isPlainObject, isArray, isEmpty, find } = this.app.lib._
+      const { parseObject, dayjs } = this.app.lib
+
+      for (const item of items) {
+        if (item.ns === '_var' || ns === '_var') continue
+        let value = trim([item.value] ?? '')
+        if (value[0] === '#' && value[value.length - 1] === '#') {
+          const val = value.slice(1, -1)
+          const newValue = find(items, { ns: '_var', key: val })
+          if (newValue) value = newValue.value
+        }
+        if (['[', '{'].includes(value[0]) && [']', '}'].includes(value[value.length - 1])) {
+          try {
+            value = parseObject(JSON.parse(value))
+          } catch (err) {}
+        } else if (Number(value)) value = Number(value)
+        else if (['true', 'false'].includes(value)) value = value === 'true'
+        else if (item.key.endsWith('$in')) value = value.split('\n').map(v => v.trim())
+        else {
+          const dt = dayjs(value)
+          if (dt.isValid()) value = dt.toDate()
+        }
+        if ((isPlainObject(value) || isArray(value)) && isEmpty(value)) continue
+        set(setting, `${ns}.${item.key}`, value)
+      }
+    }
+
     createNewSite = createNewSite
     removeSite = removeSite
     getSite = getSite

package/lib/create-new-site.js

@@ -1,7 +1,7 @@
 import path from 'path'
 
 export async function getAllFixtures (alias) {
-  const { getPluginDataDir, readConfig } = this.app.bajo
+  const { readConfig } = this.app.bajo
   const { isEmpty, omit, kebabCase, isString } = this.app.lib._
   const { getModel } = this.app.dobo
   const { fastGlob } = this.app.lib
@@ -17,7 +17,7 @@ export async function getAllFixtures (alias) {
   }
 
   const formats = this.app.configHandlers.map(item => item.ext.slice(1))
-  const overrideBase = `${getPluginDataDir('sumba')}/create-new-site-fixtures/${alias}`
+  const overrideBase = `${this.app.getPluginDataDir('sumba')}/create-new-site-fixtures/${alias}`
   const models = this.app.dobo.models.filter(m => {
     const prop = m.properties.find(p => p.name === 'siteId')
     return !!prop

package/lib/get-site.js

@@ -1,5 +1,3 @@
-import { parseNsSettings } from './util.js'
-
 async function getSite (input, byId = false) {
   const { omit } = this.app.lib._
   const { set: setCache, get: getCache } = this.app.bajoCache ?? {}
@@ -21,7 +19,7 @@ async function getSite (input, byId = false) {
       const item = get(this, `app.${ns}.config.siteSetting`)
       if (isSet(item)) defSetting[ns] = item
       const items = filter(all, { ns })
-      parseNsSettings.call(this, ns, nsSetting, items)
+      this.parseNsSettings(ns, nsSetting, items)
     }
     site.setting = defaultsDeep({}, nsSetting, defSetting)
     // additional fields

package/lib/get-user.js

@@ -1,22 +1,18 @@
-import { parseNsSettings } from './util.js'
-
 export async function mergeTeam (user, req) {
   const { map, pick } = this.app.lib._
   const { getModel } = this.app.dobo
   user.teams = []
-  const query = { userId: user.id, siteId: user.siteId }
+  const query = { userId: user.id, siteId: user.siteId, status: 'ACTIVE' }
   let mdl = getModel('SumbaTeamUser')
   const userTeam = await mdl.findAllRecord({ query })
   if (userTeam.length === 0) return
   delete query.userId
   query.id = { $in: map(userTeam, 'teamId') }
-  query.status = 'ACTIVE'
   mdl = getModel('SumbaTeam')
   const teams = await mdl.findAllRecord({ query })
   if (teams.length > 0) {
     delete query.id
     delete query.status
-    query.siteId = user.siteId
     query.teamId = { $in: teams.map(t => t.id + '') }
     mdl = getModel('SumbaTeamSetting')
     const items = await mdl.findAllRecord({ query })
@@ -25,7 +21,7 @@ export async function mergeTeam (user, req) {
       const item = pick(team, ['id', 'alias'])
       item.setting = {}
       for (const ns of names) {
-        parseNsSettings.call(this, ns, item.setting, items.filter(s => s.teamId === (team.id + '')))
+        this.parseNsSettings(ns, item.setting, items.filter(s => s.teamId === (team.id + '')))
       }
       user.teams.push(item)
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sumba",
-  "version": "2.30.0",
+  "version": "2.32.0",
   "description": "Biz Suite for Bajo Framework",
   "main": "index.js",
   "scripts": {

package/wiki/CHANGES.md

@@ -1,5 +1,18 @@
 # Changes
 
+## 2026-06-12
+
+- [2.32.0] Necessary updates to ```bajo@2.18.0``` specs
+- [2.32.0] Bug fix in ```_getGuards()```
+- [2.32.0] Bug fix in ```getAttribGuards()```
+- [2.32.0] Bug fix in ```hooks.js```
+- [2.32.0] Change ```behavior``` to ```condition``` in ```SumbaModelGuard``` model
+
+## 2026-06-11
+
+- [2.31.0] Add ```status``` field on ```SumbaTeamUser```
+- [2.31.0] Remove ```util.js``` as all functions now moved to base class
+
 ## 2026-06-10
 
 - [2.30.0] Refactoring all guards

package/lib/util.js

@@ -1,162 +0,0 @@
-export function parseNsSettings (ns, setting, items) {
-  const { trim, set, isPlainObject, isArray, isEmpty, find } = this.app.lib._
-  const { parseObject, dayjs } = this.app.lib
-
-  for (const item of items) {
-    if (item.ns === '_var' || ns === '_var') continue
-    let value = trim([item.value] ?? '')
-    if (value[0] === '#' && value[value.length - 1] === '#') {
-      const val = value.slice(1, -1)
-      const newValue = find(items, { ns: '_var', key: val })
-      if (newValue) value = newValue.value
-    }
-    if (['[', '{'].includes(value[0]) && [']', '}'].includes(value[value.length - 1])) {
-      try {
-        value = parseObject(JSON.parse(value))
-      } catch (err) {}
-    } else if (Number(value)) value = Number(value)
-    else if (['true', 'false'].includes(value)) value = value === 'true'
-    else if (item.key.endsWith('$in')) value = value.split('\n').map(v => v.trim())
-    else {
-      const dt = dayjs(value)
-      if (dt.isValid()) value = dt.toDate()
-    }
-    if ((isPlainObject(value) || isArray(value)) && isEmpty(value)) continue
-    set(setting, `${ns}.${item.key}`, value)
-  }
-}
-
-export function pathsToCheck (req) {
-  const { uniq, without } = this.app.lib._
-  const items = [req.routeOptions.url, req.url].map(url => url.split('?')[0].split('#')[0])
-  return uniq(without(items, undefined, null))
-}
-
-export async function checkIconset (req, reply) {
-  const { get, isString } = this.app.lib._
-  const mpa = this.app.waibuMpa
-
-  if (!req.site) return
-  const siteIconset = get(req, 'site.setting.waibuMpa.iconset')
-  req.iconset = siteIconset ?? get(mpa, 'config.iconset.set', 'default')
-  const hiconset = req.headers['x-iconset']
-  if (isString(hiconset) && mpa.getIconset(hiconset)) req.iconset = hiconset
-  req.iconset = req.iconset ?? 'default'
-}
-
-export async function checkTheme (req, reply) {
-  const { get, isString } = this.app.lib._
-  const mpa = this.app.waibuMpa
-
-  if (!req.site) return
-  const siteTheme = get(req, 'site.setting.waibuMpa.theme')
-  req.theme = siteTheme ?? get(mpa, 'config.theme.set', 'default')
-  const htheme = req.headers['x-theme']
-  if (isString(htheme) && mpa.getTheme(htheme)) req.theme = htheme
-  req.theme = req.theme ?? 'default'
-}
-
-export async function checkTeam (req, reply) {
-  const { includes } = this.app.lib.aneka
-  const { outmatch } = this.app.lib
-
-  if (req.user.isAdmin) return
-  if (req.routeOptions.config.xSite && req.user.isXSiteAdmin) return
-
-  const teamIds = req.user.teams.map(item => item.id + '')
-  if (req.user.teams.map(item => item.alias).length === 0) throw this.error('accessDenied', { statusCode: 403 })
-
-  const paths = pathsToCheck.call(this, req)
-  const results = (await this.getSecureGuards()).filter(item => {
-    if (item.siteId !== req.site.id + '' || item.path[0] === '!') return false
-    return paths.some(outmatch([item.path]))
-  })
-  for (const result of results) {
-    if (result.allTeams) continue
-    if (!includes(teamIds, result.teamIds)) throw this.error('accessDenied', { statusCode: 403 })
-  }
-  // passed
-}
-
-export async function checkUserId (req, reply, source) {
-  const { merge, isEmpty, camelCase, get } = this.app.lib._
-  const { routePath } = this.app.waibu
-  const userId = get(req, 'session.userId')
-
-  const setUser = async () => {
-    if (!userId) return
-    try {
-      const user = await this.getUserById(userId, req)
-      if (user) req.user = user
-      else req.session.userId = null
-    } catch (err) {
-      console.log(err)
-      req.session.userId = null
-    }
-  }
-
-  if (req.session) req.session.siteId = req.site.id
-
-  const webApp = get(req, 'routeOptions.config.webApp', 'waibu')
-  if (!req.routeOptions.url) {
-    if (!req.session) return
-    await setUser()
-    return
-  }
-
-  const paths = pathsToCheck.call(this, req)
-  let guards = (await this.getAnonymousGuards()).filter(item => item.siteId === req.site.id + '')
-  const anonymous = this.checkRouteGuard(guards, paths)
-  if (anonymous) {
-    if (!userId) return false
-    req.session.ref = req.url
-    return reply.redirectTo(routePath(this.config.redirect.signout))
-  }
-  guards = (await this.getSecureGuards()).filter(item => item.siteId === req.site.id + '')
-  const secure = this.checkRouteGuard(guards, paths)
-  if (!secure) {
-    if (userId) await setUser()
-    return false // regular, unguarded path. Not secure & not anonymous path
-  }
-  if (userId) {
-    await setUser()
-    return secure
-  }
-  const silentOnError = this.config.auth[webApp].silentOnError ?? this.config.auth.common.silentOnError
-  const payload = silentOnError ? { noContent: true } : undefined
-  const authMethods = this.config.auth[webApp].methods ?? []
-  if (isEmpty(authMethods)) throw this.error('noAuthMethod', merge({ statusCode: 500 }, payload))
-  let success
-  for (const m of authMethods) {
-    const handler = this[camelCase(`verify ${m}`)]
-    if (!handler) throw this.error('invalidAuthMethod%s', m, merge({ statusCode: 500 }, payload))
-    const check = await handler(req, reply, source, payload)
-    if (check) {
-      success = check
-      break
-    }
-  }
-  if (!success) throw this.error('accessDeniedNoAuth', merge({ statusCode: 403 }, payload))
-  return secure
-}
-
-export async function latLngHook (body, options) {
-  const { isSet } = this.app.lib.aneka
-  const { round } = this.app.lib.aneka
-  if (!isSet(body[options.field])) return
-  body[options.field] = round(body[options.field], options.scale)
-}
-
-/**
- * If current route is an inter site route user is an inter site admin, then let it passed
- *
- * @param {Object} req - Request object
- * @param {Object} reply - Reply object
- * @returns
- */
-export async function checkXSite (req, reply) {
-  const { get } = this.app.lib._
-  if (!this.config.multiSite.enabled) return
-  if (!get(req, 'routeOptions.config.xSite')) return
-  if (!get(req, 'user.isXSiteAdmin')) throw this.error('accessDenied', { statusCode: 403 })
-}