npm - @anarchitects/auth-angular - Versions diffs - 0.5.1 → 0.6.0 - Mend

@anarchitects/auth-angular 0.5.1 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/README.md +40 -16
package/data-access/README.md +6 -8
package/data-access/jwt/README.md +23 -0
package/feature/README.md +7 -5
package/feature/jwt/README.md +27 -0
package/fesm2022/anarchitects-auth-angular-config.mjs +20 -2
package/fesm2022/anarchitects-auth-angular-config.mjs.map +1 -1
package/fesm2022/anarchitects-auth-angular-data-access-jwt.mjs +201 -0
package/fesm2022/anarchitects-auth-angular-data-access-jwt.mjs.map +1 -0
package/fesm2022/anarchitects-auth-angular-data-access.mjs +5 -174
package/fesm2022/anarchitects-auth-angular-data-access.mjs.map +1 -1
package/fesm2022/anarchitects-auth-angular-feature-jwt.mjs +26 -0
package/fesm2022/anarchitects-auth-angular-feature-jwt.mjs.map +1 -0
package/fesm2022/anarchitects-auth-angular-feature.mjs +4 -75
package/fesm2022/anarchitects-auth-angular-feature.mjs.map +1 -1
package/fesm2022/anarchitects-auth-angular-state-jwt.mjs +66 -0
package/fesm2022/anarchitects-auth-angular-state-jwt.mjs.map +1 -0
package/fesm2022/anarchitects-auth-angular-state.mjs +6 -74
package/fesm2022/anarchitects-auth-angular-state.mjs.map +1 -1
package/fesm2022/anarchitects-auth-angular-ui-jwt.mjs +58 -0
package/fesm2022/anarchitects-auth-angular-ui-jwt.mjs.map +1 -0
package/fesm2022/anarchitects-auth-angular-ui.mjs +6 -77
package/fesm2022/anarchitects-auth-angular-ui.mjs.map +1 -1
package/package.json +18 -2
package/state/README.md +3 -2
package/state/jwt/README.md +22 -0
package/types/anarchitects-auth-angular-config.d.ts +8 -1
package/types/anarchitects-auth-angular-data-access-jwt.d.ts +45 -0
package/types/anarchitects-auth-angular-data-access.d.ts +15 -31
package/types/anarchitects-auth-angular-feature-jwt.d.ts +13 -0
package/types/anarchitects-auth-angular-feature.d.ts +2 -13
package/types/anarchitects-auth-angular-state-jwt.d.ts +19 -0
package/types/anarchitects-auth-angular-state.d.ts +3 -10
package/types/anarchitects-auth-angular-ui-jwt.d.ts +17 -0
package/types/anarchitects-auth-angular-ui.d.ts +3 -18
package/ui/README.md +2 -1
package/ui/jwt/README.md +11 -0

package/README.md CHANGED Viewed

@@ -2,19 +2,21 @@
 Angular domain libraries for the Anarchitecture auth domain. The package is organized into standalone slices (config, data-access, feature, state, util, ui) that compose implementation-aligned authentication flows for Angular applications.
+Migration guidance for the Better Auth realignment lives in the [auth migration guide](../../../docs/guides/auth-migration.md).
 ## Developer + AI Agent Start Here
 - Read this README before generating integration code for `@anarchitects/auth-angular`.
-- Use public entry points only (`config`, `data-access`, `feature`, `state`, `util`, `ui`); do not import internal files.
-- Register providers and state explicitly via `provideAuthConfig`, `provideAuthDataAccess`, and `provideAuthState`.
+- Use public entry points only (`config`, `data-access`, `feature`, `state`, `util`, `ui`, plus layer-scoped plugin subpaths like `data-access/jwt`); do not import internal files.
+- Register providers and state explicitly via `provideAuthConfig`, Angular `provideHttpClient(...)`, and `provideAuthState`.
 - Keep policy and ability behavior aligned with contracts from `@anarchitects/auth-ts`.
 - Preserve Angular layering and keep orchestration out of UI components.
 ## Features
-- `config`: DI tokens and provider helpers (API base URL, defaults)
+- `config`: DI tokens and provider helpers (API resource path, defaults)
 - `data-access`: generated OpenAPI clients plus adapters over the Nest API
-- `state`: signal-based store plus explicit provider helper for login/logout, token refresh, eager session restore, and ability hydration
+- `state`: signal-based store plus explicit provider helper for core session login/logout, eager session restore, and ability hydration
 - `feature`: coarse route guard, resource-aware route guard, and orchestration components that delegate rendering to auth UI components
 - `util`: CASL ability helpers (`createAppAbility`, `canAccessResource`, `canAccessResourceField`, `AppAbility`)
 - `ui`: presentational auth domain form components built on `AnarchitectsUiForm`
@@ -50,18 +52,17 @@ The internal `@anarchitects/auth-ts`, `@anarchitects/forms-angular`, `@anarchite
 ### Quick start
 ```ts
-// app.config.ts
 import { ApplicationConfig } from '@angular/core';
+import { provideHttpClient, withFetch } from '@angular/common/http';
 import { provideAuthConfig } from '@anarchitects/auth-angular/config';
-import { provideAuthDataAccess } from '@anarchitects/auth-angular/data-access';
 import { provideAuthState } from '@anarchitects/auth-angular/state';
 export const appConfig: ApplicationConfig = {
   providers: [
-    provideAuthConfig({
-      apiBaseUrl: 'https://api.anarchitects.dev',
+    provideHttpClient(withFetch()),
+    ...provideAuthConfig({
+      apiResourcePath: 'auth',
     }),
-    provideAuthDataAccess(),
     ...provideAuthState(),
   ],
 };
@@ -122,6 +123,23 @@ export const routes: Routes = [
 `policyGuard` is a coarse route-attempt guard. It answers "may this user attempt work on this subject at all?" by using the shared route matcher from `@anarchitects/auth-ts`. Concrete ownership checks still belong to loaded resources. Use `resourcePolicyGuard` for resolved edit/detail routes and `canAccessResource(...)` / `canAccessResourceField(...)` for UI elements such as edit buttons.
+### Optional JWT plugin wiring
+Keep the root auth surface session-first. Only wire the JWT plugin when the host app explicitly needs token-based flows:
+```ts
+import { provideHttpClient } from '@angular/common/http';
+import { withJwtAuthHttpInterceptors } from '@anarchitects/auth-angular/data-access/jwt';
+import { provideAuthJwtState } from '@anarchitects/auth-angular/state/jwt';
+export const appConfig: ApplicationConfig = {
+  providers: [
+    provideHttpClient(withJwtAuthHttpInterceptors()),
+    ...provideAuthJwtState(),
+  ],
+};
+```
 Blog ownership example:
 ```ts
@@ -172,12 +190,16 @@ export class PostActionsComponent {
 | Import path                              | Description                             |
 | ---------------------------------------- | --------------------------------------- |
-| `@anarchitects/auth-angular/config`      | DI tokens and providers                 |
-| `@anarchitects/auth-angular/data-access` | Generated API clients and HTTP adapters |
-| `@anarchitects/auth-angular/state`       | Signal store, eager restore, CASL ability sync |
-| `@anarchitects/auth-angular/feature`     | Coarse and resource-aware router guards |
-| `@anarchitects/auth-angular/ui`          | Auth domain form UI components          |
-| `@anarchitects/auth-angular/util`        | CASL ability/resource helpers and typings |
+| `@anarchitects/auth-angular/config`           | DI tokens and providers                           |
+| `@anarchitects/auth-angular/data-access`      | Generated API clients and HTTP adapters           |
+| `@anarchitects/auth-angular/data-access/jwt`  | JWT plugin APIs and interceptor helpers           |
+| `@anarchitects/auth-angular/state`            | Signal store, eager restore, CASL ability sync    |
+| `@anarchitects/auth-angular/state/jwt`        | JWT refresh-token state orchestration             |
+| `@anarchitects/auth-angular/feature`          | Coarse and resource-aware router guards           |
+| `@anarchitects/auth-angular/feature/jwt`      | JWT refresh-token orchestration components         |
+| `@anarchitects/auth-angular/ui`               | Auth domain form UI components                    |
+| `@anarchitects/auth-angular/ui/jwt`           | JWT refresh-token form components                 |
+| `@anarchitects/auth-angular/util`             | CASL ability/resource helpers and typings         |
 ## Nx scripts
@@ -189,9 +211,11 @@ export class PostActionsComponent {
 - DTOs live in `@anarchitects/auth-ts`; regenerate OpenAPI docs when route schemas change (`nx run api-specs:generate`).
 - Data-access layer should always use the generated OpenAPI clients—no manual HTTP calls.
-- State layer uses Angular signals via `@ngrx/signals` for reactive updates, hydrates raw RBAC rules plus the derived CASL ability, and restores sessions eagerly when provided.
+- State layer uses Angular signals via `@ngrx/signals` for reactive updates, hydrates raw RBAC rules plus the derived CASL ability, and restores Better Auth-backed sessions eagerly when provided.
 - `AuthStore.initialized()` and `AuthStore.restoring()` let apps avoid auth flicker while bootstrap restore completes.
 - `/auth/me` RBAC payloads are parsed at the frontend trust boundary; malformed authorization data fails closed instead of producing a partially trusted ability.
+- Core root surfaces are session-first. JWT plugin helpers live under layer-scoped subpaths such as `@anarchitects/auth-angular/data-access/jwt`, `@anarchitects/auth-angular/state/jwt`, `@anarchitects/auth-angular/feature/jwt`, and `@anarchitects/auth-angular/ui/jwt`.
+- Feature components must orchestrate through state entrypoints; they should not call data-access entrypoints directly.
 - Ability creation and concrete resource checks are centralised in `@anarchitects/auth-angular/util`; import the helpers instead of instantiating CASL directly.
 - `policyGuard` is coarse by design; use `resourcePolicyGuard` and backend instance checks for ownership-sensitive routes.
 - Keep UI, feature, data-access, state, and config layers decoupled per architecture guidelines.

package/data-access/README.md CHANGED Viewed

@@ -1,15 +1,13 @@
 # @anarchitects/auth-angular/data-access
-HTTP adapters that bridge Angular apps to the auth Nest API using the OpenAPI-generated DTOs. Import from `@anarchitects/auth-angular/data-access` when you need to call auth endpoints directly or wire them into feature/state layers.
+HTTP adapters that bridge Angular apps to the auth Nest API using the OpenAPI-generated DTOs. Import from `@anarchitects/auth-angular/data-access` for the session-first core auth surface.
 ## Exports
 - `AuthApi`: injectable service backed by Angular `HttpClient`
-- `authBearerTokenInterceptor`: adds `Authorization: Bearer <accessToken>` when an access token is stored
-- `authErrorInterceptor`: handles `401/403`, attempts token refresh, retries request, and redirects to login on terminal auth failure
-- `withAuthHttpInterceptors()`: convenience helper for `provideHttpClient(...)`
 - Uses configuration from `@anarchitects/auth-angular/config` to resolve the `/api/{resource}` path
-- Methods map 1:1 to contract operations (`registerUser`, `login`, `logout`, `refreshTokens`, etc.)
+- Methods map to the core session-oriented auth surface (`registerUser`, `login`, `logout`, `getLoggedInUserInfo`, etc.)
+- JWT plugin helpers live under `@anarchitects/auth-angular/data-access/jwt`
 ## Usage
@@ -30,15 +28,15 @@ export class AuthFacade {
 Prefer consuming `AuthApi` from orchestrating feature services or signal stores so UI components remain presentation-only.
-## Interceptor usage
+## JWT plugin usage
 ```ts
 import { ApplicationConfig } from '@angular/core';
 import { provideHttpClient } from '@angular/common/http';
-import { withAuthHttpInterceptors } from '@anarchitects/auth-angular/data-access';
+import { withJwtAuthHttpInterceptors } from '@anarchitects/auth-angular/data-access/jwt';
 export const appConfig: ApplicationConfig = {
-  providers: [provideHttpClient(withAuthHttpInterceptors())],
+  providers: [provideHttpClient(withJwtAuthHttpInterceptors())],
 };
 ```

package/data-access/jwt/README.md ADDED Viewed

@@ -0,0 +1,23 @@
+# @anarchitects/auth-angular/data-access/jwt
+JWT plugin-specific data-access helpers for `@anarchitects/auth-angular`.
+Use this entrypoint only when the JWT plugin is enabled on the Nest side. The root `@anarchitects/auth-angular/data-access` surface remains session-first and should be the default for core auth flows.
+## Exports
+- `JwtAuthApi`: HTTP adapter for `/auth/jwt/login`, `/auth/jwt/logout`, and `/auth/jwt/refresh`
+- `withJwtAuthHttpInterceptors()`: interceptor helpers for JWT token injection and refresh behavior
+## Usage
+```ts
+import { provideHttpClient } from '@angular/common/http';
+import { withJwtAuthHttpInterceptors } from '@anarchitects/auth-angular/data-access/jwt';
+export const appConfig = {
+  providers: [provideHttpClient(withJwtAuthHttpInterceptors())],
+};
+```
+Keep JWT orchestration in the JWT state layer. Feature code should depend on `@anarchitects/auth-angular/state/jwt`, not call `JwtAuthApi` directly.

package/feature/README.md CHANGED Viewed

@@ -1,6 +1,8 @@
 # @anarchitects/auth-angular/feature
-Feature-level orchestration for Angular auth. It ships route guards plus standalone feature components that orchestrate auth actions via `AuthStore` and delegate rendering to `@anarchitects/auth-angular/ui`.
+Feature-level orchestration for Angular auth. It ships route guards plus standalone feature components that orchestrate auth actions via state-layer entrypoints and delegate rendering to `@anarchitects/auth-angular/ui`.
+JWT-specific feature components live under `@anarchitects/auth-angular/feature/jwt`, not the root feature entry point. They should orchestrate through `@anarchitects/auth-angular/state/jwt`, never `data-access/jwt` directly.
 ## Exports
@@ -15,7 +17,6 @@ Feature-level orchestration for Angular auth. It ships route guards plus standal
 - `AnarchitectsFeatureChangePassword`
 - `AnarchitectsFeatureUpdateEmail`
 - `AnarchitectsFeatureLogout`
-- `AnarchitectsFeatureRefreshTokens`
 ## Usage
@@ -63,6 +64,8 @@ Do not treat `policyGuard` as a full `PolicyRule` mirror. It is intentionally co
 Ensure the state layer is explicitly provided in your app/route providers by wiring `...provideAuthState()` from `@anarchitects/auth-angular/state`.
+JWT plugin feature flows should likewise register `...provideAuthJwtState()` from `@anarchitects/auth-angular/state/jwt` when the route/page mounts JWT-specific components.
 ### Token-driven actions
 ```ts
@@ -99,13 +102,12 @@ export class ChangePasswordPageComponent {
 ```ts
 import { Component } from '@angular/core';
-import { AnarchitectsFeatureRefreshTokens, AnarchitectsFeatureLogout } from '@anarchitects/auth-angular/feature';
+import { AnarchitectsFeatureLogout } from '@anarchitects/auth-angular/feature';
 @Component({
   selector: 'app-session-page',
-  imports: [AnarchitectsFeatureRefreshTokens, AnarchitectsFeatureLogout],
+  imports: [AnarchitectsFeatureLogout],
   template: `
-    <anarchitects-auth-feature-refresh-tokens [userId]="userId" />
     <anarchitects-auth-feature-logout />
   `,
 })

package/feature/jwt/README.md ADDED Viewed

@@ -0,0 +1,27 @@
+# @anarchitects/auth-angular/feature/jwt
+JWT plugin-specific feature orchestration for `@anarchitects/auth-angular`.
+Use this entrypoint only when the JWT plugin is enabled. It sits on top of `@anarchitects/auth-angular/state/jwt` and delegates rendering to `@anarchitects/auth-angular/ui/jwt`.
+## Exports
+- `AnarchitectsAuthJwtRefreshTokens`
+## Usage
+```ts
+import { Component } from '@angular/core';
+import { provideAuthJwtState } from '@anarchitects/auth-angular/state/jwt';
+import { AnarchitectsAuthJwtRefreshTokens } from '@anarchitects/auth-angular/feature/jwt';
+@Component({
+  selector: 'app-refresh-page',
+  imports: [AnarchitectsAuthJwtRefreshTokens],
+  providers: [...provideAuthJwtState()],
+  template: `<anarchitects-auth-jwt-refresh-tokens />`,
+})
+export class RefreshPageComponent {}
+```
+Keep feature orchestration on the state layer. Do not import `data-access/jwt` directly into feature code.

package/fesm2022/anarchitects-auth-angular-config.mjs CHANGED Viewed

@@ -1,10 +1,17 @@
+import { HttpContextToken } from '@angular/common/http';
 import { InjectionToken, inject } from '@angular/core';
 const AUTH_CONFIG = new InjectionToken('AUTH_CONFIG');
 const API_RESOURCE_PATH = new InjectionToken('AUTH_API_RESOURCE_PATH');
+const SUPPRESS_AUTH_FAILURE_REDIRECT = new HttpContextToken(() => false);
 /** Library-level sensible defaults */
 const AUTH_DEFAULTS = {
     apiResourcePath: 'auth',
+    plugins: {
+        jwt: {
+            enabled: false,
+        },
+    },
 };
 /** Safe injectors that fall back to defaults if no providers are registered */
 function injectAuthConfig() {
@@ -16,7 +23,18 @@ function injectApiResourcePath() {
 }
 function provideAuthConfig(cfg) {
-    const merged = { ...AUTH_DEFAULTS, ...cfg };
+    const merged = {
+        ...AUTH_DEFAULTS,
+        ...cfg,
+        plugins: {
+            ...AUTH_DEFAULTS.plugins,
+            ...cfg.plugins,
+            jwt: {
+                ...AUTH_DEFAULTS.plugins.jwt,
+                ...cfg.plugins?.jwt,
+            },
+        },
+    };
     return [
         { provide: AUTH_CONFIG, useValue: merged },
         { provide: API_RESOURCE_PATH, useValue: merged.apiResourcePath },
@@ -30,5 +48,5 @@ function provideAuthDefaults() {
  * Generated bundle index. Do not edit.
  */
-export { API_RESOURCE_PATH, AUTH_CONFIG, AUTH_DEFAULTS, injectApiResourcePath, injectAuthConfig, provideAuthConfig, provideAuthDefaults };
+export { API_RESOURCE_PATH, AUTH_CONFIG, AUTH_DEFAULTS, SUPPRESS_AUTH_FAILURE_REDIRECT, injectApiResourcePath, injectAuthConfig, provideAuthConfig, provideAuthDefaults };
 //# sourceMappingURL=anarchitects-auth-angular-config.mjs.map

package/fesm2022/anarchitects-auth-angular-config.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"anarchitects-auth-angular-config.mjs","sources":["../../../../../libs/auth/angular/config/src/tokens.ts","../../../../../libs/auth/angular/config/src/providers.ts","../../../../../libs/auth/angular/config/src/anarchitects-auth-angular-config.ts"],"sourcesContent":["import { InjectionToken, inject } from '@angular/core';\n\nexport type AuthConfig = {\n apiResourcePath: string;\n};\n\nexport const AUTH_CONFIG = new InjectionToken<AuthConfig>('AUTH_CONFIG');\nexport const API_RESOURCE_PATH = new InjectionToken<string>(\n 'AUTH_API_RESOURCE_PATH'\n);\n\n/** Library-level sensible defaults /\nexport const AUTH_DEFAULTS: AuthConfig = {\n apiResourcePath: 'auth',\n};\n\n/* Safe injectors that fall back to defaults if no providers are registered /\nexport function injectAuthConfig(): AuthConfig {\n return inject(AUTH_CONFIG, { optional: true }) ?? AUTH_DEFAULTS;\n}\n\nexport function injectApiResourcePath(): string {\n return (\n inject(API_RESOURCE_PATH, { optional: true }) ??\n AUTH_DEFAULTS.apiResourcePath\n );\n}\n","import { Provider } from '@angular/core';\nimport {\n API_RESOURCE_PATH,\n AUTH_CONFIG,\n AUTH_DEFAULTS,\n AuthConfig,\n} from './tokens';\n\nexport function provideAuthConfig(cfg: Partial<AuthConfig>): Provider[] {\n const merged: AuthConfig = { ...AUTH_DEFAULTS, ...cfg };\n return [\n { provide: AUTH_CONFIG, useValue: merged },\n { provide: API_RESOURCE_PATH, useValue: merged.apiResourcePath },\n ];\n}\n\nexport function provideAuthDefaults(): Provider[] {\n return provideAuthConfig({});\n}\n","/\n Generated bundle index. Do not edit.\n /\n\nexport from './index';\n"],"names":[],"mappings":"~~;;MAMa~~,WAAW,GAAG,IAAI,cAAc,CAAa,aAAa;MAC1D,iBAAiB,GAAG,IAAI,cAAc,CACjD,wBAAwB;~~AAG1B~~;AACO,MAAM,aAAa,GAAe;AACvC,IAAA,eAAe,EAAE,MAAM;;~~AAGzB~~;SACgB,gBAAgB,GAAA;AAC9B,IAAA,OAAO,MAAM,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,IAAI,aAAa;AACjE;SAEgB,qBAAqB,GAAA;IACnC,QACE,MAAM,CAAC,iBAAiB,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC7C,aAAa,CAAC,eAAe;AAEjC;;~~AClBM~~,SAAU,iBAAiB,CAAC,GAAwB,EAAA;~~IACxD~~,MAAM,MAAM,GAAe,EAAE,GAAG,aAAa,EAAE,GAAG,GAAG,EAAE;~~IACvD~~,OAAO;AACL,QAAA,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE;QAC1C,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,CAAC,eAAe,EAAE;KACjE;AACH;SAEgB,mBAAmB,GAAA;AACjC,IAAA,OAAO,iBAAiB,CAAC,EAAE,CAAC;AAC9B;;~~AClBA~~;;AAEG;;;;"}
1	+ {"version":3,"file":"anarchitects-auth-angular-config.mjs","sources":["../../../../../libs/auth/angular/config/src/tokens.ts","../../../../../libs/auth/angular/config/src/providers.ts","../../../../../libs/auth/angular/config/src/anarchitects-auth-angular-config.ts"],"sourcesContent":["import { HttpContextToken } from '@angular/common/http';\nimport { InjectionToken, inject } from '@angular/core';\n\nexport type AuthConfig = {\n apiResourcePath: string;\n plugins: {\n jwt: {\n enabled: boolean;\n };\n };\n};\n\nexport const AUTH_CONFIG = new InjectionToken<AuthConfig>('AUTH_CONFIG');\nexport const API_RESOURCE_PATH = new InjectionToken<string>(\n 'AUTH_API_RESOURCE_PATH'\n);\nexport const SUPPRESS_AUTH_FAILURE_REDIRECT = new HttpContextToken<boolean>(\n () => false,\n);\n\n/** Library-level sensible defaults /\nexport const AUTH_DEFAULTS: AuthConfig = {\n apiResourcePath: 'auth',\n plugins: {\n jwt: {\n enabled: false,\n },\n },\n};\n\n/* Safe injectors that fall back to defaults if no providers are registered /\nexport function injectAuthConfig(): AuthConfig {\n return inject(AUTH_CONFIG, { optional: true }) ?? AUTH_DEFAULTS;\n}\n\nexport function injectApiResourcePath(): string {\n return (\n inject(API_RESOURCE_PATH, { optional: true }) ??\n AUTH_DEFAULTS.apiResourcePath\n );\n}\n","import { Provider } from '@angular/core';\nimport {\n API_RESOURCE_PATH,\n AUTH_CONFIG,\n AUTH_DEFAULTS,\n AuthConfig,\n} from './tokens';\n\nexport function provideAuthConfig(cfg: Partial<AuthConfig>): Provider[] {\n const merged: AuthConfig = {\n ...AUTH_DEFAULTS,\n ...cfg,\n plugins: {\n ...AUTH_DEFAULTS.plugins,\n ...cfg.plugins,\n jwt: {\n ...AUTH_DEFAULTS.plugins.jwt,\n ...cfg.plugins?.jwt,\n },\n },\n };\n return [\n { provide: AUTH_CONFIG, useValue: merged },\n { provide: API_RESOURCE_PATH, useValue: merged.apiResourcePath },\n ];\n}\n\nexport function provideAuthDefaults(): Provider[] {\n return provideAuthConfig({});\n}\n","/\n Generated bundle index. Do not edit.\n /\n\nexport from './index';\n"],"names":[],"mappings":";;;MAYa,WAAW,GAAG,IAAI,cAAc,CAAa,aAAa;MAC1D,iBAAiB,GAAG,IAAI,cAAc,CACjD,wBAAwB;AAEnB,MAAM,8BAA8B,GAAG,IAAI,gBAAgB,CAChE,MAAM,KAAK;AAGb;AACO,MAAM,aAAa,GAAe;AACvC,IAAA,eAAe,EAAE,MAAM;AACvB,IAAA,OAAO,EAAE;AACP,QAAA,GAAG,EAAE;AACH,YAAA,OAAO,EAAE,KAAK;AACf,SAAA;AACF,KAAA;;AAGH;SACgB,gBAAgB,GAAA;AAC9B,IAAA,OAAO,MAAM,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,IAAI,aAAa;AACjE;SAEgB,qBAAqB,GAAA;IACnC,QACE,MAAM,CAAC,iBAAiB,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC7C,aAAa,CAAC,eAAe;AAEjC;;AChCM,SAAU,iBAAiB,CAAC,GAAwB,EAAA;AACxD,IAAA,MAAM,MAAM,GAAe;AACzB,QAAA,GAAG,aAAa;AAChB,QAAA,GAAG,GAAG;AACN,QAAA,OAAO,EAAE;YACP,GAAG,aAAa,CAAC,OAAO;YACxB,GAAG,GAAG,CAAC,OAAO;AACd,YAAA,GAAG,EAAE;AACH,gBAAA,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG;AAC5B,gBAAA,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG;AACpB,aAAA;AACF,SAAA;KACF;IACD,OAAO;AACL,QAAA,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE;QAC1C,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,MAAM,CAAC,eAAe,EAAE;KACjE;AACH;SAEgB,mBAAmB,GAAA;AACjC,IAAA,OAAO,iBAAiB,CAAC,EAAE,CAAC;AAC9B;;AC7BA;;AAEG;;;;"}

package/fesm2022/anarchitects-auth-angular-data-access-jwt.mjs ADDED Viewed

@@ -0,0 +1,201 @@
+import { injectApiResourcePath, injectAuthConfig, SUPPRESS_AUTH_FAILURE_REDIRECT } from '@anarchitects/auth-angular/config';
+import { HttpClient, HttpContextToken, HttpErrorResponse, HttpStatusCode, HttpBackend, withInterceptors } from '@angular/common/http';
+import * as i0 from '@angular/core';
+import { inject, Injectable } from '@angular/core';
+import { jwtDecode } from 'jwt-decode';
+import { Router } from '@angular/router';
+import { tap, finalize, shareReplay, catchError, throwError, switchMap } from 'rxjs';
+class JwtAuthApi {
+    http = inject(HttpClient);
+    resourceUrl = `/api/${injectApiResourcePath()}`;
+    login(dto) {
+        return this.http.post(`${this.resourceUrl}/jwt/login`, dto);
+    }
+    logout(dto) {
+        return this.http.post(`${this.resourceUrl}/jwt/logout`, dto);
+    }
+    refreshTokens(dto) {
+        return this.http.post(`${this.resourceUrl}/jwt/refresh`, dto);
+    }
+    static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "21.1.6", ngImport: i0, type: JwtAuthApi, deps: [], target: i0.ɵɵFactoryTarget.Injectable });
+    static ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "21.1.6", ngImport: i0, type: JwtAuthApi, providedIn: 'root' });
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "21.1.6", ngImport: i0, type: JwtAuthApi, decorators: [{
+            type: Injectable,
+            args: [{
+                    providedIn: 'root',
+                }]
+        }] });
+const ACCESS_TOKEN_STORAGE_KEY = 'accessToken';
+const REFRESH_TOKEN_STORAGE_KEY = 'refreshToken';
+function getStoredToken(key) {
+    try {
+        if (typeof localStorage === 'undefined') {
+            return undefined;
+        }
+        return localStorage.getItem(key) ?? undefined;
+    }
+    catch {
+        return undefined;
+    }
+}
+function storeTokens(tokens) {
+    try {
+        if (typeof localStorage === 'undefined') {
+            return;
+        }
+        localStorage.setItem(ACCESS_TOKEN_STORAGE_KEY, tokens.accessToken);
+        localStorage.setItem(REFRESH_TOKEN_STORAGE_KEY, tokens.refreshToken);
+    }
+    catch {
+        // noop: storage can be unavailable in non-browser environments
+    }
+}
+function clearStoredTokens() {
+    try {
+        if (typeof localStorage === 'undefined') {
+            return;
+        }
+        localStorage.removeItem(ACCESS_TOKEN_STORAGE_KEY);
+        localStorage.removeItem(REFRESH_TOKEN_STORAGE_KEY);
+    }
+    catch {
+        // noop: storage can be unavailable in non-browser environments
+    }
+}
+function resolveUserIdFromAccessToken(accessToken) {
+    if (!accessToken) {
+        return undefined;
+    }
+    try {
+        const decoded = jwtDecode(accessToken);
+        return decoded.sub;
+    }
+    catch {
+        return undefined;
+    }
+}
+const authBearerTokenInterceptor = (req, next) => {
+    const authConfig = injectAuthConfig();
+    if (!authConfig.plugins.jwt.enabled) {
+        return next(req);
+    }
+    const accessToken = getStoredToken(ACCESS_TOKEN_STORAGE_KEY);
+    if (!accessToken || req.headers.has('Authorization')) {
+        return next(req);
+    }
+    return next(req.clone({
+        setHeaders: {
+            Authorization: `Bearer ${accessToken}`,
+        },
+    }));
+};
+const AUTH_RETRY_ATTEMPTED = new HttpContextToken(() => false);
+const LOGIN_REDIRECT_PATH = '/login';
+let refreshTokensRequest$ = null;
+function isUnauthorizedError(error) {
+    return (error instanceof HttpErrorResponse &&
+        (error.status === HttpStatusCode.Unauthorized ||
+            error.status === HttpStatusCode.Forbidden));
+}
+function isAuthPublicEndpoint(url, authBaseUrl) {
+    const publicEndpoints = [
+        '/login',
+        '/register',
+        '/activate',
+        '/forgot-password',
+        '/reset-password',
+        '/verify-email',
+    ];
+    return publicEndpoints.some((endpoint) => url.includes(`${authBaseUrl}${endpoint}`));
+}
+function isRefreshEndpoint(url, authBaseUrl) {
+    return url.includes(`${authBaseUrl}/jwt/refresh`);
+}
+function redirectToLogin(router) {
+    if (router) {
+        void router.navigateByUrl(LOGIN_REDIRECT_PATH);
+        return;
+    }
+    if (typeof window !== 'undefined') {
+        window.location.assign(LOGIN_REDIRECT_PATH);
+    }
+}
+function shouldRedirectToLogin(req) {
+    return !req.context.get(SUPPRESS_AUTH_FAILURE_REDIRECT);
+}
+function getRefreshTokensRequest(http, refreshUrl, refreshToken) {
+    if (!refreshTokensRequest$) {
+        refreshTokensRequest$ = http
+            .post(refreshUrl, { refreshToken })
+            .pipe(tap((tokens) => storeTokens(tokens)), finalize(() => {
+            refreshTokensRequest$ = null;
+        }), shareReplay(1));
+    }
+    return refreshTokensRequest$;
+}
+const authErrorInterceptor = (req, next) => {
+    const authBaseUrl = `/api/${injectApiResourcePath()}`;
+    const backend = inject(HttpBackend);
+    const router = inject(Router, { optional: true });
+    const rawHttp = new HttpClient(backend);
+    return next(req).pipe(catchError((error) => {
+        if (!isUnauthorizedError(error)) {
+            return throwError(() => error);
+        }
+        if (req.context.get(AUTH_RETRY_ATTEMPTED) ||
+            isRefreshEndpoint(req.url, authBaseUrl) ||
+            isAuthPublicEndpoint(req.url, authBaseUrl)) {
+            if (req.context.get(AUTH_RETRY_ATTEMPTED)) {
+                clearStoredTokens();
+                if (shouldRedirectToLogin(req)) {
+                    redirectToLogin(router ?? null);
+                }
+            }
+            return throwError(() => error);
+        }
+        const refreshToken = getStoredToken(REFRESH_TOKEN_STORAGE_KEY);
+        if (!refreshToken) {
+            clearStoredTokens();
+            if (shouldRedirectToLogin(req)) {
+                redirectToLogin(router ?? null);
+            }
+            return throwError(() => error);
+        }
+        const refreshUrl = `${authBaseUrl}/jwt/refresh`;
+        return getRefreshTokensRequest(rawHttp, refreshUrl, refreshToken).pipe(switchMap(({ accessToken: nextAccessToken }) => {
+            const retryRequest = req.clone({
+                context: req.context.set(AUTH_RETRY_ATTEMPTED, true),
+                setHeaders: {
+                    Authorization: `Bearer ${nextAccessToken}`,
+                },
+            });
+            return next(retryRequest);
+        }), catchError((refreshError) => {
+            clearStoredTokens();
+            if (shouldRedirectToLogin(req)) {
+                redirectToLogin(router ?? null);
+            }
+            return throwError(() => refreshError);
+        }));
+    }));
+};
+const JWT_AUTH_HTTP_INTERCEPTORS = [
+    authBearerTokenInterceptor,
+    authErrorInterceptor,
+];
+function withJwtAuthHttpInterceptors() {
+    return withInterceptors(JWT_AUTH_HTTP_INTERCEPTORS);
+}
+/**
+ * Generated bundle index. Do not edit.
+ */
+export { ACCESS_TOKEN_STORAGE_KEY, JWT_AUTH_HTTP_INTERCEPTORS, JwtAuthApi, REFRESH_TOKEN_STORAGE_KEY, authBearerTokenInterceptor, authErrorInterceptor, clearStoredTokens, getStoredToken, resolveUserIdFromAccessToken, storeTokens, withJwtAuthHttpInterceptors };
+//# sourceMappingURL=anarchitects-auth-angular-data-access-jwt.mjs.map

package/fesm2022/anarchitects-auth-angular-data-access-jwt.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"anarchitects-auth-angular-data-access-jwt.mjs","sources":["../../../../../libs/auth/angular/data-access/jwt/src/jwt-auth-api.ts","../../../../../libs/auth/angular/data-access/jwt/src/interceptors/auth-token.utils.ts","../../../../../libs/auth/angular/data-access/jwt/src/interceptors/bearer-token.interceptor.ts","../../../../../libs/auth/angular/data-access/jwt/src/interceptors/auth-error.interceptor.ts","../../../../../libs/auth/angular/data-access/jwt/src/interceptors/index.ts","../../../../../libs/auth/angular/data-access/jwt/src/anarchitects-auth-angular-data-access-jwt.ts"],"sourcesContent":["import { injectApiResourcePath } from '@anarchitects/auth-angular/config';\nimport { LoginRequestDTO } from '@anarchitects/auth-ts/dtos';\nimport {\n JwtLogoutRequestDTO,\n LoginResponseDTO,\n RefreshTokenRequestDTO,\n RefreshTokenResponseDTO,\n} from '@anarchitects/auth-ts/dtos/jwt';\nimport { HttpClient } from '@angular/common/http';\nimport { inject, Injectable } from '@angular/core';\n\n@Injectable({\n providedIn: 'root',\n})\nexport class JwtAuthApi {\n private readonly http = inject(HttpClient);\n private readonly resourceUrl = `/api/${injectApiResourcePath()}`;\n\n login(dto: LoginRequestDTO) {\n return this.http.post<LoginResponseDTO>(`${this.resourceUrl}/jwt/login`, dto);\n }\n\n logout(dto: JwtLogoutRequestDTO) {\n return this.http.post<{ success: boolean }>(\n `${this.resourceUrl}/jwt/logout`,\n dto,\n );\n }\n\n refreshTokens(dto: RefreshTokenRequestDTO) {\n return this.http.post<RefreshTokenResponseDTO>(\n `${this.resourceUrl}/jwt/refresh`,\n dto,\n );\n }\n}\n","import { jwtDecode } from 'jwt-decode';\n\nexport const ACCESS_TOKEN_STORAGE_KEY = 'accessToken';\nexport const REFRESH_TOKEN_STORAGE_KEY = 'refreshToken';\n\nexport type LoginTokens = {\n accessToken: string;\n refreshToken: string;\n};\n\nexport function getStoredToken(key: string): string | undefined {\n try {\n if (typeof localStorage === 'undefined') {\n return undefined;\n }\n\n return localStorage.getItem(key) ?? undefined;\n } catch {\n return undefined;\n }\n}\n\nexport function storeTokens(tokens: LoginTokens): void {\n try {\n if (typeof localStorage === 'undefined') {\n return;\n }\n\n localStorage.setItem(ACCESS_TOKEN_STORAGE_KEY, tokens.accessToken);\n localStorage.setItem(REFRESH_TOKEN_STORAGE_KEY, tokens.refreshToken);\n } catch {\n // noop: storage can be unavailable in non-browser environments\n }\n}\n\nexport function clearStoredTokens(): void {\n try {\n if (typeof localStorage === 'undefined') {\n return;\n }\n\n localStorage.removeItem(ACCESS_TOKEN_STORAGE_KEY);\n localStorage.removeItem(REFRESH_TOKEN_STORAGE_KEY);\n } catch {\n // noop: storage can be unavailable in non-browser environments\n }\n}\n\nexport function resolveUserIdFromAccessToken(\n accessToken: string | undefined\n): string | undefined {\n if (!accessToken) {\n return undefined;\n }\n\n try {\n const decoded = jwtDecode<{ sub?: string }>(accessToken);\n return decoded.sub;\n } catch {\n return undefined;\n }\n}\n","import { injectAuthConfig } from '@anarchitects/auth-angular/config';\nimport { HttpInterceptorFn } from '@angular/common/http';\nimport { ACCESS_TOKEN_STORAGE_KEY, getStoredToken } from './auth-token.utils';\n\nexport const authBearerTokenInterceptor: HttpInterceptorFn = (req, next) => {\n const authConfig = injectAuthConfig();\n if (!authConfig.plugins.jwt.enabled) {\n return next(req);\n }\n\n const accessToken = getStoredToken(ACCESS_TOKEN_STORAGE_KEY);\n\n if (!accessToken || req.headers.has('Authorization')) {\n return next(req);\n }\n\n return next(\n req.clone({\n setHeaders: {\n Authorization: `Bearer ${accessToken}`,\n },\n })\n );\n};\n","import {\n HttpBackend,\n HttpClient,\n HttpContextToken,\n HttpErrorResponse,\n HttpInterceptorFn,\n HttpStatusCode,\n} from '@angular/common/http';\nimport { inject } from '@angular/core';\nimport {\n injectApiResourcePath,\n SUPPRESS_AUTH_FAILURE_REDIRECT,\n} from '@anarchitects/auth-angular/config';\nimport { LoginResponseDTO } from '@anarchitects/auth-ts/dtos/jwt';\nimport { Router } from '@angular/router';\nimport {\n catchError,\n finalize,\n Observable,\n shareReplay,\n switchMap,\n tap,\n throwError,\n} from 'rxjs';\nimport {\n REFRESH_TOKEN_STORAGE_KEY,\n clearStoredTokens,\n getStoredToken,\n storeTokens,\n} from './auth-token.utils';\n\nconst AUTH_RETRY_ATTEMPTED = new HttpContextToken<boolean>(() => false);\nconst LOGIN_REDIRECT_PATH = '/login';\n\nlet refreshTokensRequest$: Observable<LoginResponseDTO> | null = null;\n\nfunction isUnauthorizedError(error: unknown): error is HttpErrorResponse {\n return (\n error instanceof HttpErrorResponse &&\n (error.status === HttpStatusCode.Unauthorized ||\n error.status === HttpStatusCode.Forbidden)\n );\n}\n\nfunction isAuthPublicEndpoint(url: string, authBaseUrl: string): boolean {\n const publicEndpoints = [\n '/login',\n '/register',\n '/activate',\n '/forgot-password',\n '/reset-password',\n '/verify-email',\n ];\n\n return publicEndpoints.some((endpoint) =>\n url.includes(`${authBaseUrl}${endpoint}`)\n );\n}\n\nfunction isRefreshEndpoint(url: string, authBaseUrl: string): boolean {\n return url.includes(`${authBaseUrl}/jwt/refresh`);\n}\n\nfunction redirectToLogin(router: Router | null): void {\n if (router) {\n void router.navigateByUrl(LOGIN_REDIRECT_PATH);\n return;\n }\n\n if (typeof window !== 'undefined') {\n window.location.assign(LOGIN_REDIRECT_PATH);\n }\n}\n\nfunction shouldRedirectToLogin(req: Parameters<HttpInterceptorFn>[0]): boolean {\n return !req.context.get(SUPPRESS_AUTH_FAILURE_REDIRECT);\n}\n\nfunction getRefreshTokensRequest(\n http: HttpClient,\n refreshUrl: string,\n refreshToken: string\n): Observable<LoginResponseDTO> {\n if (!refreshTokensRequest$) {\n refreshTokensRequest$ = http\n .post<LoginResponseDTO>(refreshUrl, { refreshToken })\n .pipe(\n tap((tokens) => storeTokens(tokens)),\n finalize(() => {\n refreshTokensRequest$ = null;\n }),\n shareReplay(1)\n );\n }\n\n return refreshTokensRequest$;\n}\n\nexport const authErrorInterceptor: HttpInterceptorFn = (req, next) => {\n const authBaseUrl = `/api/${injectApiResourcePath()}`;\n const backend = inject(HttpBackend);\n const router = inject(Router, { optional: true });\n const rawHttp = new HttpClient(backend);\n\n return next(req).pipe(\n catchError((error) => {\n if (!isUnauthorizedError(error)) {\n return throwError(() => error);\n }\n\n if (\n req.context.get(AUTH_RETRY_ATTEMPTED) ||\n isRefreshEndpoint(req.url, authBaseUrl) ||\n isAuthPublicEndpoint(req.url, authBaseUrl)\n ) {\n if (req.context.get(AUTH_RETRY_ATTEMPTED)) {\n clearStoredTokens();\n if (shouldRedirectToLogin(req)) {\n redirectToLogin(router ?? null);\n }\n }\n\n return throwError(() => error);\n }\n\n const refreshToken = getStoredToken(REFRESH_TOKEN_STORAGE_KEY);\n if (!refreshToken) {\n clearStoredTokens();\n if (shouldRedirectToLogin(req)) {\n redirectToLogin(router ?? null);\n }\n return throwError(() => error);\n }\n\n const refreshUrl = `${authBaseUrl}/jwt/refresh`;\n\n return getRefreshTokensRequest(rawHttp, refreshUrl, refreshToken).pipe(\n switchMap(({ accessToken: nextAccessToken }) => {\n const retryRequest = req.clone({\n context: req.context.set(AUTH_RETRY_ATTEMPTED, true),\n setHeaders: {\n Authorization: `Bearer ${nextAccessToken}`,\n },\n });\n\n return next(retryRequest);\n }),\n catchError((refreshError) => {\n clearStoredTokens();\n if (shouldRedirectToLogin(req)) {\n redirectToLogin(router ?? null);\n }\n return throwError(() => refreshError);\n })\n );\n })\n );\n};\n","import { HttpInterceptorFn, withInterceptors } from '@angular/common/http';\nimport { authBearerTokenInterceptor } from './bearer-token.interceptor';\nimport { authErrorInterceptor } from './auth-error.interceptor';\n\nexport const JWT_AUTH_HTTP_INTERCEPTORS: HttpInterceptorFn[] = [\n authBearerTokenInterceptor,\n authErrorInterceptor,\n];\n\nexport function withJwtAuthHttpInterceptors() {\n return withInterceptors(JWT_AUTH_HTTP_INTERCEPTORS);\n}\n\nexport * from './bearer-token.interceptor';\nexport * from './auth-error.interceptor';\nexport * from './auth-token.utils';\n","/**\n * Generated bundle index. Do not edit.\n */\n\nexport * from './index';\n"],"names":[],"mappings":";;;;;;;;MAca,UAAU,CAAA;AACJ,IAAA,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC;AACzB,IAAA,WAAW,GAAG,CAAA,KAAA,EAAQ,qBAAqB,EAAE,EAAE;AAEhE,IAAA,KAAK,CAAC,GAAoB,EAAA;AACxB,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAmB,CAAA,EAAG,IAAI,CAAC,WAAW,CAAA,UAAA,CAAY,EAAE,GAAG,CAAC;IAC/E;AAEA,IAAA,MAAM,CAAC,GAAwB,EAAA;AAC7B,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CACnB,CAAA,EAAG,IAAI,CAAC,WAAW,CAAA,WAAA,CAAa,EAChC,GAAG,CACJ;IACH;AAEA,IAAA,aAAa,CAAC,GAA2B,EAAA;AACvC,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CACnB,CAAA,EAAG,IAAI,CAAC,WAAW,CAAA,YAAA,CAAc,EACjC,GAAG,CACJ;IACH;uGApBW,UAAU,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA;AAAV,IAAA,OAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,QAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,UAAU,cAFT,MAAM,EAAA,CAAA;;2FAEP,UAAU,EAAA,UAAA,EAAA,CAAA;kBAHtB,UAAU;AAAC,YAAA,IAAA,EAAA,CAAA;AACV,oBAAA,UAAU,EAAE,MAAM;AACnB,iBAAA;;;ACXM,MAAM,wBAAwB,GAAG;AACjC,MAAM,yBAAyB,GAAG;AAOnC,SAAU,cAAc,CAAC,GAAW,EAAA;AACxC,IAAA,IAAI;AACF,QAAA,IAAI,OAAO,YAAY,KAAK,WAAW,EAAE;AACvC,YAAA,OAAO,SAAS;QAClB;QAEA,OAAO,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,SAAS;IAC/C;AAAE,IAAA,MAAM;AACN,QAAA,OAAO,SAAS;IAClB;AACF;AAEM,SAAU,WAAW,CAAC,MAAmB,EAAA;AAC7C,IAAA,IAAI;AACF,QAAA,IAAI,OAAO,YAAY,KAAK,WAAW,EAAE;YACvC;QACF;QAEA,YAAY,CAAC,OAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,WAAW,CAAC;QAClE,YAAY,CAAC,OAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,YAAY,CAAC;IACtE;AAAE,IAAA,MAAM;;IAER;AACF;SAEgB,iBAAiB,GAAA;AAC/B,IAAA,IAAI;AACF,QAAA,IAAI,OAAO,YAAY,KAAK,WAAW,EAAE;YACvC;QACF;AAEA,QAAA,YAAY,CAAC,UAAU,CAAC,wBAAwB,CAAC;AACjD,QAAA,YAAY,CAAC,UAAU,CAAC,yBAAyB,CAAC;IACpD;AAAE,IAAA,MAAM;;IAER;AACF;AAEM,SAAU,4BAA4B,CAC1C,WAA+B,EAAA;IAE/B,IAAI,CAAC,WAAW,EAAE;AAChB,QAAA,OAAO,SAAS;IAClB;AAEA,IAAA,IAAI;AACF,QAAA,MAAM,OAAO,GAAG,SAAS,CAAmB,WAAW,CAAC;QACxD,OAAO,OAAO,CAAC,GAAG;IACpB;AAAE,IAAA,MAAM;AACN,QAAA,OAAO,SAAS;IAClB;AACF;;MCzDa,0BAA0B,GAAsB,CAAC,GAAG,EAAE,IAAI,KAAI;AACzE,IAAA,MAAM,UAAU,GAAG,gBAAgB,EAAE;IACrC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE;AACnC,QAAA,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB;AAEA,IAAA,MAAM,WAAW,GAAG,cAAc,CAAC,wBAAwB,CAAC;AAE5D,IAAA,IAAI,CAAC,WAAW,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE;AACpD,QAAA,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB;AAEA,IAAA,OAAO,IAAI,CACT,GAAG,CAAC,KAAK,CAAC;AACR,QAAA,UAAU,EAAE;YACV,aAAa,EAAE,CAAA,OAAA,EAAU,WAAW,CAAA,CAAE;AACvC,SAAA;AACF,KAAA,CAAC,CACH;AACH;;ACQA,MAAM,oBAAoB,GAAG,IAAI,gBAAgB,CAAU,MAAM,KAAK,CAAC;AACvE,MAAM,mBAAmB,GAAG,QAAQ;AAEpC,IAAI,qBAAqB,GAAwC,IAAI;AAErE,SAAS,mBAAmB,CAAC,KAAc,EAAA;IACzC,QACE,KAAK,YAAY,iBAAiB;AAClC,SAAC,KAAK,CAAC,MAAM,KAAK,cAAc,CAAC,YAAY;YAC3C,KAAK,CAAC,MAAM,KAAK,cAAc,CAAC,SAAS,CAAC;AAEhD;AAEA,SAAS,oBAAoB,CAAC,GAAW,EAAE,WAAmB,EAAA;AAC5D,IAAA,MAAM,eAAe,GAAG;QACtB,QAAQ;QACR,WAAW;QACX,WAAW;QACX,kBAAkB;QAClB,iBAAiB;QACjB,eAAe;KAChB;IAED,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,QAAQ,KACnC,GAAG,CAAC,QAAQ,CAAC,GAAG,WAAW,CAAA,EAAG,QAAQ,CAAA,CAAE,CAAC,CAC1C;AACH;AAEA,SAAS,iBAAiB,CAAC,GAAW,EAAE,WAAmB,EAAA;IACzD,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,WAAW,CAAA,YAAA,CAAc,CAAC;AACnD;AAEA,SAAS,eAAe,CAAC,MAAqB,EAAA;IAC5C,IAAI,MAAM,EAAE;AACV,QAAA,KAAK,MAAM,CAAC,aAAa,CAAC,mBAAmB,CAAC;QAC9C;IACF;AAEA,IAAA,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;AACjC,QAAA,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,mBAAmB,CAAC;IAC7C;AACF;AAEA,SAAS,qBAAqB,CAAC,GAAqC,EAAA;IAClE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC;AACzD;AAEA,SAAS,uBAAuB,CAC9B,IAAgB,EAChB,UAAkB,EAClB,YAAoB,EAAA;IAEpB,IAAI,CAAC,qBAAqB,EAAE;AAC1B,QAAA,qBAAqB,GAAG;AACrB,aAAA,IAAI,CAAmB,UAAU,EAAE,EAAE,YAAY,EAAE;AACnD,aAAA,IAAI,CACH,GAAG,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,CAAC,CAAC,EACpC,QAAQ,CAAC,MAAK;YACZ,qBAAqB,GAAG,IAAI;AAC9B,QAAA,CAAC,CAAC,EACF,WAAW,CAAC,CAAC,CAAC,CACf;IACL;AAEA,IAAA,OAAO,qBAAqB;AAC9B;MAEa,oBAAoB,GAAsB,CAAC,GAAG,EAAE,IAAI,KAAI;AACnE,IAAA,MAAM,WAAW,GAAG,CAAA,KAAA,EAAQ,qBAAqB,EAAE,EAAE;AACrD,IAAA,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,CAAC;AACnC,IAAA,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AACjD,IAAA,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC;AAEvC,IAAA,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CACnB,UAAU,CAAC,CAAC,KAAK,KAAI;AACnB,QAAA,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,EAAE;AAC/B,YAAA,OAAO,UAAU,CAAC,MAAM,KAAK,CAAC;QAChC;AAEA,QAAA,IACE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;AACrC,YAAA,iBAAiB,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,CAAC;YACvC,oBAAoB,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,CAAC,EAC1C;YACA,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE;AACzC,gBAAA,iBAAiB,EAAE;AACnB,gBAAA,IAAI,qBAAqB,CAAC,GAAG,CAAC,EAAE;AAC9B,oBAAA,eAAe,CAAC,MAAM,IAAI,IAAI,CAAC;gBACjC;YACF;AAEA,YAAA,OAAO,UAAU,CAAC,MAAM,KAAK,CAAC;QAChC;AAEA,QAAA,MAAM,YAAY,GAAG,cAAc,CAAC,yBAAyB,CAAC;QAC9D,IAAI,CAAC,YAAY,EAAE;AACjB,YAAA,iBAAiB,EAAE;AACnB,YAAA,IAAI,qBAAqB,CAAC,GAAG,CAAC,EAAE;AAC9B,gBAAA,eAAe,CAAC,MAAM,IAAI,IAAI,CAAC;YACjC;AACA,YAAA,OAAO,UAAU,CAAC,MAAM,KAAK,CAAC;QAChC;AAEA,QAAA,MAAM,UAAU,GAAG,CAAA,EAAG,WAAW,cAAc;QAE/C,OAAO,uBAAuB,CAAC,OAAO,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC,IAAI,CACpE,SAAS,CAAC,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE,KAAI;AAC7C,YAAA,MAAM,YAAY,GAAG,GAAG,CAAC,KAAK,CAAC;gBAC7B,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,IAAI,CAAC;AACpD,gBAAA,UAAU,EAAE;oBACV,aAAa,EAAE,CAAA,OAAA,EAAU,eAAe,CAAA,CAAE;AAC3C,iBAAA;AACF,aAAA,CAAC;AAEF,YAAA,OAAO,IAAI,CAAC,YAAY,CAAC;AAC3B,QAAA,CAAC,CAAC,EACF,UAAU,CAAC,CAAC,YAAY,KAAI;AAC1B,YAAA,iBAAiB,EAAE;AACnB,YAAA,IAAI,qBAAqB,CAAC,GAAG,CAAC,EAAE;AAC9B,gBAAA,eAAe,CAAC,MAAM,IAAI,IAAI,CAAC;YACjC;AACA,YAAA,OAAO,UAAU,CAAC,MAAM,YAAY,CAAC;QACvC,CAAC,CAAC,CACH;IACH,CAAC,CAAC,CACH;AACH;;ACzJO,MAAM,0BAA0B,GAAwB;IAC7D,0BAA0B;IAC1B,oBAAoB;;SAGN,2BAA2B,GAAA;AACzC,IAAA,OAAO,gBAAgB,CAAC,0BAA0B,CAAC;AACrD;;ACXA;;AAEG;;;;"}