@arch-cadre/core 0.0.23 → 0.0.26

package/dist/core/auth/password-reset.cjs

@@ -1,118 +1 @@
-"use server";
-
-const require_runtime = require('../../_virtual/_rolldown/runtime.cjs');
-const require_inject = require('../../server/database/inject.cjs');
-const require_schema = require('../../server/database/schema.cjs');
-const require_augment = require('./augment.cjs');
-const require_encode = require('./utils/encode.cjs');
-const require_index = require('../../server/emails/index.cjs');
-const require_logic = require('./logic.cjs');
-let drizzle_orm = require("drizzle-orm");
-let _oslojs_crypto_sha2 = require("@oslojs/crypto/sha2");
-let _oslojs_encoding = require("@oslojs/encoding");
-let date_fns = require("date-fns");
-let next_headers = require("next/headers");
-
-//#region src/core/auth/password-reset.ts
-/**
-* Creates a new password reset session.
-*/
-async function createPasswordResetSession(token, userId, email) {
-	const sessionId = (0, _oslojs_encoding.encodeHexLowerCase)((0, _oslojs_crypto_sha2.sha256)(new TextEncoder().encode(token)));
-	const [session] = await require_inject.db.insert(require_schema.passwordResetSessionTable).values({
-		id: sessionId,
-		email,
-		code: require_encode.generateRandomOTP(),
-		expiresAt: new Date((0, date_fns.addHours)(/* @__PURE__ */ new Date(), 1)),
-		userId
-	}).returning();
-	return session;
-}
-/**
-* Validates the password reset session token and retrieves user data.
-* The user data is augmented by registered modules (e.g. 2FA).
-*/
-async function validatePasswordResetSessionToken(token) {
-	const sessionId = (0, _oslojs_encoding.encodeHexLowerCase)((0, _oslojs_crypto_sha2.sha256)(new TextEncoder().encode(token)));
-	const [row] = await require_inject.db.select({
-		session: require_schema.passwordResetSessionTable,
-		user: require_schema.userTable
-	}).from(require_schema.passwordResetSessionTable).innerJoin(require_schema.userTable, (0, drizzle_orm.eq)(require_schema.passwordResetSessionTable.userId, require_schema.userTable.id)).where((0, drizzle_orm.eq)(require_schema.passwordResetSessionTable.id, sessionId));
-	if (!row || !row.user) return {
-		session: null,
-		user: null
-	};
-	const { session: baseSession, user: baseUser } = row;
-	if (/* @__PURE__ */ new Date() > baseSession.expiresAt) {
-		await require_inject.db.delete(require_schema.passwordResetSessionTable).where((0, drizzle_orm.eq)(require_schema.passwordResetSessionTable.id, baseSession.id));
-		return {
-			session: null,
-			user: null
-		};
-	}
-	const { password, recovery_code, ...safeUser } = baseUser;
-	const user = await require_logic.performFullUserAugmentation(safeUser);
-	return {
-		session: await require_augment.augmentPasswordResetSession(baseSession),
-		user
-	};
-}
-/**
-* Marks the password reset session as email verified.
-*/
-async function setPasswordResetSessionAsEmailVerified(sessionId) {
-	await require_inject.db.update(require_schema.passwordResetSessionTable).set({ emailVerified: true }).where((0, drizzle_orm.eq)(require_schema.passwordResetSessionTable.id, sessionId));
-}
-/**
-* Invalidates all password reset sessions for a user.
-*/
-async function invalidateUserPasswordResetSessions(userId) {
-	await require_inject.db.delete(require_schema.passwordResetSessionTable).where((0, drizzle_orm.eq)(require_schema.passwordResetSessionTable.userId, userId));
-}
-/**
-* Validates the current password reset session from cookies.
-*/
-async function getCurrentPasswordResetSession() {
-	const token = (await (0, next_headers.cookies)()).get("password_reset_session")?.value ?? null;
-	if (token === null) return {
-		session: null,
-		user: null
-	};
-	const result = await validatePasswordResetSessionToken(token);
-	if (result.session === null) await deletePasswordResetSessionTokenCookie();
-	return result;
-}
-/**
-* Sets the password reset session token cookie.
-*/
-async function setPasswordResetSessionTokenCookie(token, expiresAt) {
-	(await (0, next_headers.cookies)()).set("password_reset_session", token, {
-		expires: expiresAt,
-		sameSite: "lax",
-		httpOnly: true,
-		path: "/",
-		secure: process.env.NODE_ENV === "production"
-	});
-}
-/**
-* Deletes the password reset session token cookie.
-*/
-async function deletePasswordResetSessionTokenCookie() {
-	(await (0, next_headers.cookies)()).delete("password_reset_session");
-}
-/**
-* Sends a password reset email with the OTP code.
-*/
-async function sendPasswordResetEmail(email, code) {
-	await /* @__PURE__ */ require_index.sendResetPassword(email, code);
-}
-
-//#endregion
-exports.createPasswordResetSession = createPasswordResetSession;
-exports.deletePasswordResetSessionTokenCookie = deletePasswordResetSessionTokenCookie;
-exports.getCurrentPasswordResetSession = getCurrentPasswordResetSession;
-exports.invalidateUserPasswordResetSessions = invalidateUserPasswordResetSessions;
-exports.sendPasswordResetEmail = sendPasswordResetEmail;
-exports.setPasswordResetSessionAsEmailVerified = setPasswordResetSessionAsEmailVerified;
-exports.setPasswordResetSessionTokenCookie = setPasswordResetSessionTokenCookie;
-exports.validatePasswordResetSessionToken = validatePasswordResetSessionToken;
+"use server";require(`../../_virtual/_rolldown/runtime.cjs`);const e=require(`../../server/database/inject.cjs`),t=require(`../../server/database/schema.cjs`),n=require(`./augment.cjs`),r=require(`./utils/encode.cjs`),i=require(`../../server/emails/index.cjs`),a=require(`./logic.cjs`);let o=require(`drizzle-orm`),s=require(`@oslojs/crypto/sha2`),c=require(`@oslojs/encoding`),l=require(`date-fns`),u=require(`next/headers`);async function d(n,i,a){let o=(0,c.encodeHexLowerCase)((0,s.sha256)(new TextEncoder().encode(n))),[u]=await e.db.insert(t.passwordResetSessionTable).values({id:o,email:a,code:r.generateRandomOTP(),expiresAt:new Date((0,l.addHours)(new Date,1)),userId:i}).returning();return u}async function f(r){let i=(0,c.encodeHexLowerCase)((0,s.sha256)(new TextEncoder().encode(r))),[l]=await e.db.select({session:t.passwordResetSessionTable,user:t.userTable}).from(t.passwordResetSessionTable).innerJoin(t.userTable,(0,o.eq)(t.passwordResetSessionTable.userId,t.userTable.id)).where((0,o.eq)(t.passwordResetSessionTable.id,i));if(!l||!l.user)return{session:null,user:null};let{session:u,user:d}=l;if(new Date>u.expiresAt)return await e.db.delete(t.passwordResetSessionTable).where((0,o.eq)(t.passwordResetSessionTable.id,u.id)),{session:null,user:null};let{password:f,recovery_code:p,...m}=d,h=await a.performFullUserAugmentation(m);return{session:await n.augmentPasswordResetSession(u),user:h}}async function p(n){await e.db.update(t.passwordResetSessionTable).set({emailVerified:!0}).where((0,o.eq)(t.passwordResetSessionTable.id,n))}async function m(n){await e.db.delete(t.passwordResetSessionTable).where((0,o.eq)(t.passwordResetSessionTable.userId,n))}async function h(){let e=(await(0,u.cookies)()).get(`password_reset_session`)?.value??null;if(e===null)return{session:null,user:null};let t=await f(e);return t.session===null&&await _(),t}async function g(e,t){(await(0,u.cookies)()).set(`password_reset_session`,e,{expires:t,sameSite:`lax`,httpOnly:!0,path:`/`,secure:process.env.NODE_ENV===`production`})}async function _(){(await(0,u.cookies)()).delete(`password_reset_session`)}async function v(e,t){await i.sendResetPassword(e,t)}exports.createPasswordResetSession=d,exports.deletePasswordResetSessionTokenCookie=_,exports.getCurrentPasswordResetSession=h,exports.invalidateUserPasswordResetSessions=m,exports.sendPasswordResetEmail=v,exports.setPasswordResetSessionAsEmailVerified=p,exports.setPasswordResetSessionTokenCookie=g,exports.validatePasswordResetSessionToken=f;

package/dist/core/auth/password-reset.mjs

@@ -1,111 +1,2 @@
-"use server";
-
-import { db } from "../../server/database/inject.mjs";
-import { passwordResetSessionTable, userTable } from "../../server/database/schema.mjs";
-import { augmentPasswordResetSession } from "./augment.mjs";
-import { generateRandomOTP } from "./utils/encode.mjs";
-import { sendResetPassword } from "../../server/emails/index.mjs";
-import { performFullUserAugmentation } from "./logic.mjs";
-import { eq } from "drizzle-orm";
-import { sha256 } from "@oslojs/crypto/sha2";
-import { encodeHexLowerCase } from "@oslojs/encoding";
-import { addHours } from "date-fns";
-import { cookies } from "next/headers";
-
-//#region src/core/auth/password-reset.ts
-/**
-* Creates a new password reset session.
-*/
-async function createPasswordResetSession(token, userId, email) {
-	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
-	const [session] = await db.insert(passwordResetSessionTable).values({
-		id: sessionId,
-		email,
-		code: generateRandomOTP(),
-		expiresAt: new Date(addHours(/* @__PURE__ */ new Date(), 1)),
-		userId
-	}).returning();
-	return session;
-}
-/**
-* Validates the password reset session token and retrieves user data.
-* The user data is augmented by registered modules (e.g. 2FA).
-*/
-async function validatePasswordResetSessionToken(token) {
-	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
-	const [row] = await db.select({
-		session: passwordResetSessionTable,
-		user: userTable
-	}).from(passwordResetSessionTable).innerJoin(userTable, eq(passwordResetSessionTable.userId, userTable.id)).where(eq(passwordResetSessionTable.id, sessionId));
-	if (!row || !row.user) return {
-		session: null,
-		user: null
-	};
-	const { session: baseSession, user: baseUser } = row;
-	if (/* @__PURE__ */ new Date() > baseSession.expiresAt) {
-		await db.delete(passwordResetSessionTable).where(eq(passwordResetSessionTable.id, baseSession.id));
-		return {
-			session: null,
-			user: null
-		};
-	}
-	const { password, recovery_code, ...safeUser } = baseUser;
-	const user = await performFullUserAugmentation(safeUser);
-	return {
-		session: await augmentPasswordResetSession(baseSession),
-		user
-	};
-}
-/**
-* Marks the password reset session as email verified.
-*/
-async function setPasswordResetSessionAsEmailVerified(sessionId) {
-	await db.update(passwordResetSessionTable).set({ emailVerified: true }).where(eq(passwordResetSessionTable.id, sessionId));
-}
-/**
-* Invalidates all password reset sessions for a user.
-*/
-async function invalidateUserPasswordResetSessions(userId) {
-	await db.delete(passwordResetSessionTable).where(eq(passwordResetSessionTable.userId, userId));
-}
-/**
-* Validates the current password reset session from cookies.
-*/
-async function getCurrentPasswordResetSession() {
-	const token = (await cookies()).get("password_reset_session")?.value ?? null;
-	if (token === null) return {
-		session: null,
-		user: null
-	};
-	const result = await validatePasswordResetSessionToken(token);
-	if (result.session === null) await deletePasswordResetSessionTokenCookie();
-	return result;
-}
-/**
-* Sets the password reset session token cookie.
-*/
-async function setPasswordResetSessionTokenCookie(token, expiresAt) {
-	(await cookies()).set("password_reset_session", token, {
-		expires: expiresAt,
-		sameSite: "lax",
-		httpOnly: true,
-		path: "/",
-		secure: process.env.NODE_ENV === "production"
-	});
-}
-/**
-* Deletes the password reset session token cookie.
-*/
-async function deletePasswordResetSessionTokenCookie() {
-	(await cookies()).delete("password_reset_session");
-}
-/**
-* Sends a password reset email with the OTP code.
-*/
-async function sendPasswordResetEmail(email, code) {
-	await /* @__PURE__ */ sendResetPassword(email, code);
-}
-
-//#endregion
-export { createPasswordResetSession, deletePasswordResetSessionTokenCookie, getCurrentPasswordResetSession, invalidateUserPasswordResetSessions, sendPasswordResetEmail, setPasswordResetSessionAsEmailVerified, setPasswordResetSessionTokenCookie, validatePasswordResetSessionToken };
+"use server";import{db as e}from"../../server/database/inject.mjs";import{passwordResetSessionTable as t,userTable as n}from"../../server/database/schema.mjs";import{augmentPasswordResetSession as r}from"./augment.mjs";import{generateRandomOTP as i}from"./utils/encode.mjs";import{sendResetPassword as a}from"../../server/emails/index.mjs";import{performFullUserAugmentation as o}from"./logic.mjs";import{eq as s}from"drizzle-orm";import{sha256 as c}from"@oslojs/crypto/sha2";import{encodeHexLowerCase as l}from"@oslojs/encoding";import{addHours as u}from"date-fns";import{cookies as d}from"next/headers";async function f(n,r,a){let o=l(c(new TextEncoder().encode(n))),[s]=await e.insert(t).values({id:o,email:a,code:i(),expiresAt:new Date(u(new Date,1)),userId:r}).returning();return s}async function p(i){let a=l(c(new TextEncoder().encode(i))),[u]=await e.select({session:t,user:n}).from(t).innerJoin(n,s(t.userId,n.id)).where(s(t.id,a));if(!u||!u.user)return{session:null,user:null};let{session:d,user:f}=u;if(new Date>d.expiresAt)return await e.delete(t).where(s(t.id,d.id)),{session:null,user:null};let{password:p,recovery_code:m,...h}=f,g=await o(h);return{session:await r(d),user:g}}async function m(n){await e.update(t).set({emailVerified:!0}).where(s(t.id,n))}async function h(n){await e.delete(t).where(s(t.userId,n))}async function g(){let e=(await d()).get(`password_reset_session`)?.value??null;if(e===null)return{session:null,user:null};let t=await p(e);return t.session===null&&await v(),t}async function _(e,t){(await d()).set(`password_reset_session`,e,{expires:t,sameSite:`lax`,httpOnly:!0,path:`/`,secure:process.env.NODE_ENV===`production`})}async function v(){(await d()).delete(`password_reset_session`)}async function y(e,t){await a(e,t)}export{f as createPasswordResetSession,v as deletePasswordResetSessionTokenCookie,g as getCurrentPasswordResetSession,h as invalidateUserPasswordResetSessions,y as sendPasswordResetEmail,m as setPasswordResetSessionAsEmailVerified,_ as setPasswordResetSessionTokenCookie,p as validatePasswordResetSessionToken};
 //# sourceMappingURL=password-reset.mjs.map

package/dist/core/auth/password-reset.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"password-reset.mjs","names":[],"sources":["../../../src/core/auth/password-reset.ts"],"sourcesContent":["\"use server\";\n\nimport { sha256 } from \"@oslojs/crypto/sha2\";\nimport { encodeHexLowerCase } from \"@oslojs/encoding\";\nimport { addHours } from \"date-fns\";\nimport { eq } from \"drizzle-orm\";\nimport { cookies } from \"next/headers\";\nimport { db } from \"../../server/database/inject\";\nimport {\n  passwordResetSessionTable,\n  userTable,\n} from \"../../server/database/schema\";\nimport { sendResetPassword } from \"../../server/emails\";\nimport { augmentPasswordResetSession } from \"./augment\";\nimport { performFullUserAugmentation } from \"./logic\";\nimport type { PasswordResetAuthSession, PasswordResetSession } from \"./types\";\nimport { generateRandomOTP } from \"./utils/encode\";\n\n/**\n * Creates a new password reset session.\n */\nexport async function createPasswordResetSession(\n  token: string,\n  userId: string,\n  email: string,\n): Promise<PasswordResetSession> {\n  const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));\n\n  const [session] = await db\n    .insert(passwordResetSessionTable)\n    .values({\n      id: sessionId,\n      email: email,\n      code: generateRandomOTP(),\n      expiresAt: new Date(addHours(new Date(), 1)),\n      userId: userId,\n    })\n    .returning();\n\n  return session;\n}\n\n/**\n * Validates the password reset session token and retrieves user data.\n * The user data is augmented by registered modules (e.g. 2FA).\n */\nexport async function validatePasswordResetSessionToken(\n  token: string,\n): Promise<PasswordResetAuthSession> {\n  const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));\n\n  const [row] = await db\n    .select({\n      session: passwordResetSessionTable,\n      user: userTable,\n    })\n    .from(passwordResetSessionTable)\n    .innerJoin(userTable, eq(passwordResetSessionTable.userId, userTable.id))\n    .where(eq(passwordResetSessionTable.id, sessionId));\n\n  if (!row || !row.user) {\n    return { session: null, user: null };\n  }\n\n  const { session: baseSession, user: baseUser } = row;\n\n  // Check for expiration\n  if (new Date() > baseSession.expiresAt) {\n    await db\n      .delete(passwordResetSessionTable)\n      .where(eq(passwordResetSessionTable.id, baseSession.id));\n    return { session: null, user: null };\n  }\n\n  // STRICTLY remove non-serializable and sensitive fields\n  const { password, recovery_code, ...safeUser } = baseUser;\n\n  // AUGMENT (EXTENSIBILITY POINTS)\n  const user = await performFullUserAugmentation(safeUser as any);\n  const session = await augmentPasswordResetSession(\n    baseSession as PasswordResetSession,\n  );\n\n  return { session, user };\n}\n\n/**\n * Marks the password reset session as email verified.\n */\nexport async function setPasswordResetSessionAsEmailVerified(\n  sessionId: string,\n): Promise<void> {\n  await db\n    .update(passwordResetSessionTable)\n    .set({\n      emailVerified: true,\n    })\n    .where(eq(passwordResetSessionTable.id, sessionId));\n}\n\n/**\n * Invalidates all password reset sessions for a user.\n */\nexport async function invalidateUserPasswordResetSessions(\n  userId: string,\n): Promise<void> {\n  await db\n    .delete(passwordResetSessionTable)\n    .where(eq(passwordResetSessionTable.userId, userId));\n}\n\n/**\n * Validates the current password reset session from cookies.\n */\nexport async function getCurrentPasswordResetSession(): Promise<PasswordResetAuthSession> {\n  const cookieStore = await cookies();\n  const token = cookieStore.get(\"password_reset_session\")?.value ?? null;\n\n  if (token === null) {\n    return { session: null, user: null };\n  }\n\n  const result = await validatePasswordResetSessionToken(token);\n\n  if (result.session === null) {\n    await deletePasswordResetSessionTokenCookie();\n  }\n\n  return result;\n}\n\n/**\n * Sets the password reset session token cookie.\n */\nexport async function setPasswordResetSessionTokenCookie(\n  token: string,\n  expiresAt: Date,\n): Promise<void> {\n  const cookieStore = await cookies();\n\n  cookieStore.set(\"password_reset_session\", token, {\n    expires: expiresAt,\n    sameSite: \"lax\",\n    httpOnly: true,\n    path: \"/\",\n    secure: process.env.NODE_ENV === \"production\",\n  });\n}\n\n/**\n * Deletes the password reset session token cookie.\n */\nexport async function deletePasswordResetSessionTokenCookie(): Promise<void> {\n  const cookieStore = await cookies();\n  cookieStore.delete(\"password_reset_session\");\n}\n\n/**\n * Sends a password reset email with the OTP code.\n */\nexport async function sendPasswordResetEmail(\n  email: string,\n  code: string,\n): Promise<void> {\n  await sendResetPassword(email, code);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAqBA,eAAsB,2BACpB,OACA,QACA,OAC+B;CAC/B,MAAM,YAAY,mBAAmB,OAAO,IAAI,aAAa,CAAC,OAAO,MAAM,CAAC,CAAC;CAE7E,MAAM,CAAC,WAAW,MAAM,GACrB,OAAO,0BAA0B,CACjC,OAAO;EACN,IAAI;EACG;EACP,MAAM,mBAAmB;EACzB,WAAW,IAAI,KAAK,yBAAS,IAAI,MAAM,EAAE,EAAE,CAAC;EACpC;EACT,CAAC,CACD,WAAW;AAEd,QAAO;;;;;;AAOT,eAAsB,kCACpB,OACmC;CACnC,MAAM,YAAY,mBAAmB,OAAO,IAAI,aAAa,CAAC,OAAO,MAAM,CAAC,CAAC;CAE7E,MAAM,CAAC,OAAO,MAAM,GACjB,OAAO;EACN,SAAS;EACT,MAAM;EACP,CAAC,CACD,KAAK,0BAA0B,CAC/B,UAAU,WAAW,GAAG,0BAA0B,QAAQ,UAAU,GAAG,CAAC,CACxE,MAAM,GAAG,0BAA0B,IAAI,UAAU,CAAC;AAErD,KAAI,CAAC,OAAO,CAAC,IAAI,KACf,QAAO;EAAE,SAAS;EAAM,MAAM;EAAM;CAGtC,MAAM,EAAE,SAAS,aAAa,MAAM,aAAa;AAGjD,qBAAI,IAAI,MAAM,GAAG,YAAY,WAAW;AACtC,QAAM,GACH,OAAO,0BAA0B,CACjC,MAAM,GAAG,0BAA0B,IAAI,YAAY,GAAG,CAAC;AAC1D,SAAO;GAAE,SAAS;GAAM,MAAM;GAAM;;CAItC,MAAM,EAAE,UAAU,eAAe,GAAG,aAAa;CAGjD,MAAM,OAAO,MAAM,4BAA4B,SAAgB;AAK/D,QAAO;EAAE,SAJO,MAAM,4BACpB,YACD;EAEiB;EAAM;;;;;AAM1B,eAAsB,uCACpB,WACe;AACf,OAAM,GACH,OAAO,0BAA0B,CACjC,IAAI,EACH,eAAe,MAChB,CAAC,CACD,MAAM,GAAG,0BAA0B,IAAI,UAAU,CAAC;;;;;AAMvD,eAAsB,oCACpB,QACe;AACf,OAAM,GACH,OAAO,0BAA0B,CACjC,MAAM,GAAG,0BAA0B,QAAQ,OAAO,CAAC;;;;;AAMxD,eAAsB,iCAAoE;CAExF,MAAM,SADc,MAAM,SAAS,EACT,IAAI,yBAAyB,EAAE,SAAS;AAElE,KAAI,UAAU,KACZ,QAAO;EAAE,SAAS;EAAM,MAAM;EAAM;CAGtC,MAAM,SAAS,MAAM,kCAAkC,MAAM;AAE7D,KAAI,OAAO,YAAY,KACrB,OAAM,uCAAuC;AAG/C,QAAO;;;;;AAMT,eAAsB,mCACpB,OACA,WACe;AAGf,EAFoB,MAAM,SAAS,EAEvB,IAAI,0BAA0B,OAAO;EAC/C,SAAS;EACT,UAAU;EACV,UAAU;EACV,MAAM;EACN,QAAQ,QAAQ,IAAI,aAAa;EAClC,CAAC;;;;;AAMJ,eAAsB,wCAAuD;AAE3E,EADoB,MAAM,SAAS,EACvB,OAAO,yBAAyB;;;;;AAM9C,eAAsB,uBACpB,OACA,MACe;AACf,OAAM,kCAAkB,OAAO,KAAK"}
+{"version":3,"file":"password-reset.mjs","names":[],"sources":["../../../src/core/auth/password-reset.ts"],"sourcesContent":["\"use server\";\n\nimport { sha256 } from \"@oslojs/crypto/sha2\";\nimport { encodeHexLowerCase } from \"@oslojs/encoding\";\nimport { addHours } from \"date-fns\";\nimport { eq } from \"drizzle-orm\";\nimport { cookies } from \"next/headers\";\nimport { db } from \"../../server/database/inject.js\";\nimport {\n  passwordResetSessionTable,\n  userTable,\n} from \"../../server/database/schema.js\";\nimport { sendResetPassword } from \"../../server/emails/index.js\";\nimport { augmentPasswordResetSession } from \"./augment.js\";\nimport { performFullUserAugmentation } from \"./logic.js\";\nimport type { PasswordResetAuthSession, PasswordResetSession } from \"./types.js\";\nimport { generateRandomOTP } from \"./utils/encode.js\";\n\n/**\n * Creates a new password reset session.\n */\nexport async function createPasswordResetSession(\n  token: string,\n  userId: string,\n  email: string,\n): Promise<PasswordResetSession> {\n  const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));\n\n  const [session] = await db\n    .insert(passwordResetSessionTable)\n    .values({\n      id: sessionId,\n      email: email,\n      code: generateRandomOTP(),\n      expiresAt: new Date(addHours(new Date(), 1)),\n      userId: userId,\n    })\n    .returning();\n\n  return session;\n}\n\n/**\n * Validates the password reset session token and retrieves user data.\n * The user data is augmented by registered modules (e.g. 2FA).\n */\nexport async function validatePasswordResetSessionToken(\n  token: string,\n): Promise<PasswordResetAuthSession> {\n  const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));\n\n  const [row] = await db\n    .select({\n      session: passwordResetSessionTable,\n      user: userTable,\n    })\n    .from(passwordResetSessionTable)\n    .innerJoin(userTable, eq(passwordResetSessionTable.userId, userTable.id))\n    .where(eq(passwordResetSessionTable.id, sessionId));\n\n  if (!row || !row.user) {\n    return { session: null, user: null };\n  }\n\n  const { session: baseSession, user: baseUser } = row;\n\n  // Check for expiration\n  if (new Date() > baseSession.expiresAt) {\n    await db\n      .delete(passwordResetSessionTable)\n      .where(eq(passwordResetSessionTable.id, baseSession.id));\n    return { session: null, user: null };\n  }\n\n  // STRICTLY remove non-serializable and sensitive fields\n  const { password, recovery_code, ...safeUser } = baseUser;\n\n  // AUGMENT (EXTENSIBILITY POINTS)\n  const user = await performFullUserAugmentation(safeUser as any);\n  const session = await augmentPasswordResetSession(\n    baseSession as PasswordResetSession,\n  );\n\n  return { session, user };\n}\n\n/**\n * Marks the password reset session as email verified.\n */\nexport async function setPasswordResetSessionAsEmailVerified(\n  sessionId: string,\n): Promise<void> {\n  await db\n    .update(passwordResetSessionTable)\n    .set({\n      emailVerified: true,\n    })\n    .where(eq(passwordResetSessionTable.id, sessionId));\n}\n\n/**\n * Invalidates all password reset sessions for a user.\n */\nexport async function invalidateUserPasswordResetSessions(\n  userId: string,\n): Promise<void> {\n  await db\n    .delete(passwordResetSessionTable)\n    .where(eq(passwordResetSessionTable.userId, userId));\n}\n\n/**\n * Validates the current password reset session from cookies.\n */\nexport async function getCurrentPasswordResetSession(): Promise<PasswordResetAuthSession> {\n  const cookieStore = await cookies();\n  const token = cookieStore.get(\"password_reset_session\")?.value ?? null;\n\n  if (token === null) {\n    return { session: null, user: null };\n  }\n\n  const result = await validatePasswordResetSessionToken(token);\n\n  if (result.session === null) {\n    await deletePasswordResetSessionTokenCookie();\n  }\n\n  return result;\n}\n\n/**\n * Sets the password reset session token cookie.\n */\nexport async function setPasswordResetSessionTokenCookie(\n  token: string,\n  expiresAt: Date,\n): Promise<void> {\n  const cookieStore = await cookies();\n\n  cookieStore.set(\"password_reset_session\", token, {\n    expires: expiresAt,\n    sameSite: \"lax\",\n    httpOnly: true,\n    path: \"/\",\n    secure: process.env.NODE_ENV === \"production\",\n  });\n}\n\n/**\n * Deletes the password reset session token cookie.\n */\nexport async function deletePasswordResetSessionTokenCookie(): Promise<void> {\n  const cookieStore = await cookies();\n  cookieStore.delete(\"password_reset_session\");\n}\n\n/**\n * Sends a password reset email with the OTP code.\n */\nexport async function sendPasswordResetEmail(\n  email: string,\n  code: string,\n): Promise<void> {\n  await sendResetPassword(email, code);\n}\n"],"mappings":"6lBAqBA,eAAsB,EACpB,EACA,EACA,EAC+B,CAC/B,IAAM,EAAY,EAAmB,EAAO,IAAI,aAAa,CAAC,OAAO,EAAM,CAAC,CAAC,CAEvE,CAAC,GAAW,MAAM,EACrB,OAAO,EAA0B,CACjC,OAAO,CACN,GAAI,EACG,QACP,KAAM,GAAmB,CACzB,UAAW,IAAI,KAAK,EAAS,IAAI,KAAQ,EAAE,CAAC,CACpC,SACT,CAAC,CACD,WAAW,CAEd,OAAO,EAOT,eAAsB,EACpB,EACmC,CACnC,IAAM,EAAY,EAAmB,EAAO,IAAI,aAAa,CAAC,OAAO,EAAM,CAAC,CAAC,CAEvE,CAAC,GAAO,MAAM,EACjB,OAAO,CACN,QAAS,EACT,KAAM,EACP,CAAC,CACD,KAAK,EAA0B,CAC/B,UAAU,EAAW,EAAG,EAA0B,OAAQ,EAAU,GAAG,CAAC,CACxE,MAAM,EAAG,EAA0B,GAAI,EAAU,CAAC,CAErD,GAAI,CAAC,GAAO,CAAC,EAAI,KACf,MAAO,CAAE,QAAS,KAAM,KAAM,KAAM,CAGtC,GAAM,CAAE,QAAS,EAAa,KAAM,GAAa,EAGjD,GAAI,IAAI,KAAS,EAAY,UAI3B,OAHA,MAAM,EACH,OAAO,EAA0B,CACjC,MAAM,EAAG,EAA0B,GAAI,EAAY,GAAG,CAAC,CACnD,CAAE,QAAS,KAAM,KAAM,KAAM,CAItC,GAAM,CAAE,WAAU,gBAAe,GAAG,GAAa,EAG3C,EAAO,MAAM,EAA4B,EAAgB,CAK/D,MAAO,CAAE,QAJO,MAAM,EACpB,EACD,CAEiB,OAAM,CAM1B,eAAsB,EACpB,EACe,CACf,MAAM,EACH,OAAO,EAA0B,CACjC,IAAI,CACH,cAAe,GAChB,CAAC,CACD,MAAM,EAAG,EAA0B,GAAI,EAAU,CAAC,CAMvD,eAAsB,EACpB,EACe,CACf,MAAM,EACH,OAAO,EAA0B,CACjC,MAAM,EAAG,EAA0B,OAAQ,EAAO,CAAC,CAMxD,eAAsB,GAAoE,CAExF,IAAM,GADc,MAAM,GAAS,EACT,IAAI,yBAAyB,EAAE,OAAS,KAElE,GAAI,IAAU,KACZ,MAAO,CAAE,QAAS,KAAM,KAAM,KAAM,CAGtC,IAAM,EAAS,MAAM,EAAkC,EAAM,CAM7D,OAJI,EAAO,UAAY,MACrB,MAAM,GAAuC,CAGxC,EAMT,eAAsB,EACpB,EACA,EACe,EACK,MAAM,GAAS,EAEvB,IAAI,yBAA0B,EAAO,CAC/C,QAAS,EACT,SAAU,MACV,SAAU,GACV,KAAM,IACN,OAAQ,QAAQ,IAAI,WAAa,aAClC,CAAC,CAMJ,eAAsB,GAAuD,EACvD,MAAM,GAAS,EACvB,OAAO,yBAAyB,CAM9C,eAAsB,EACpB,EACA,EACe,CACf,MAAM,EAAkB,EAAO,EAAK"}

package/dist/core/auth/rbac.cjs

@@ -1,118 +1 @@
-"use server";
-
-const require_runtime = require('../../_virtual/_rolldown/runtime.cjs');
-const require_inject = require('../../server/database/inject.cjs');
-const require_schema = require('../../server/database/schema.cjs');
-const require_service = require('../notifications/service.cjs');
-require('../notifications/index.cjs');
-let drizzle_orm = require("drizzle-orm");
-
-//#region src/core/auth/rbac.ts
-if (typeof window === "undefined") require_service.notificationService.init();
-/**
-* CORE RBAC LOGIC
-* This file handles all database operations for Roles and Permissions.
-*/
-async function getRoles() {
-	return await require_inject.db.select().from(require_schema.rolesTable).orderBy(require_schema.rolesTable.name);
-}
-async function getRoleById(roleId) {
-	const [role] = await require_inject.db.select().from(require_schema.rolesTable).where((0, drizzle_orm.eq)(require_schema.rolesTable.id, roleId));
-	return role;
-}
-async function createRole(name, description) {
-	return await require_inject.db.insert(require_schema.rolesTable).values({
-		name,
-		description
-	}).returning();
-}
-async function deleteRole(roleId) {
-	return await require_inject.db.delete(require_schema.rolesTable).where((0, drizzle_orm.eq)(require_schema.rolesTable.id, roleId));
-}
-async function getPermissions() {
-	return await require_inject.db.select().from(require_schema.permissionsTable).orderBy(require_schema.permissionsTable.name);
-}
-async function createPermission(name, description) {
-	return await require_inject.db.insert(require_schema.permissionsTable).values({
-		name,
-		description
-	}).returning();
-}
-async function deletePermission(permissionId) {
-	return await require_inject.db.delete(require_schema.permissionsTable).where((0, drizzle_orm.eq)(require_schema.permissionsTable.id, permissionId));
-}
-async function getRolePermissions(roleId) {
-	return await require_inject.db.select({
-		id: require_schema.permissionsTable.id,
-		name: require_schema.permissionsTable.name
-	}).from(require_schema.rolesToPermissionsTable).innerJoin(require_schema.permissionsTable, (0, drizzle_orm.eq)(require_schema.rolesToPermissionsTable.permissionId, require_schema.permissionsTable.id)).where((0, drizzle_orm.eq)(require_schema.rolesToPermissionsTable.roleId, roleId));
-}
-async function assignPermissionToRole(roleId, permissionId) {
-	return await require_inject.db.insert(require_schema.rolesToPermissionsTable).values({
-		roleId,
-		permissionId
-	}).onConflictDoNothing();
-}
-async function revokePermissionFromRole(roleId, permissionId) {
-	return await require_inject.db.delete(require_schema.rolesToPermissionsTable).where((0, drizzle_orm.and)((0, drizzle_orm.eq)(require_schema.rolesToPermissionsTable.roleId, roleId), (0, drizzle_orm.eq)(require_schema.rolesToPermissionsTable.permissionId, permissionId)));
-}
-async function assignRoleToUser(userId, roleId) {
-	return await require_inject.db.insert(require_schema.usersToRolesTable).values({
-		userId,
-		roleId
-	}).onConflictDoNothing();
-}
-async function revokeRoleFromUser(userId, roleId) {
-	return await require_inject.db.delete(require_schema.usersToRolesTable).where((0, drizzle_orm.and)((0, drizzle_orm.eq)(require_schema.usersToRolesTable.userId, userId), (0, drizzle_orm.eq)(require_schema.usersToRolesTable.roleId, roleId)));
-}
-async function assignPermissionToUser(userId, permissionId) {
-	return await require_inject.db.insert(require_schema.usersToPermissionsTable).values({
-		userId,
-		permissionId
-	}).onConflictDoNothing();
-}
-async function revokePermissionFromUser(userId, permissionId) {
-	return await require_inject.db.delete(require_schema.usersToPermissionsTable).where((0, drizzle_orm.and)((0, drizzle_orm.eq)(require_schema.usersToPermissionsTable.userId, userId), (0, drizzle_orm.eq)(require_schema.usersToPermissionsTable.permissionId, permissionId)));
-}
-async function getUserRbacData(userId) {
-	const roles = await require_inject.db.select({
-		id: require_schema.rolesTable.id,
-		name: require_schema.rolesTable.name
-	}).from(require_schema.usersToRolesTable).innerJoin(require_schema.rolesTable, (0, drizzle_orm.eq)(require_schema.usersToRolesTable.roleId, require_schema.rolesTable.id)).where((0, drizzle_orm.eq)(require_schema.usersToRolesTable.userId, userId));
-	const directPermissions = await require_inject.db.select({
-		id: require_schema.permissionsTable.id,
-		name: require_schema.permissionsTable.name
-	}).from(require_schema.usersToPermissionsTable).innerJoin(require_schema.permissionsTable, (0, drizzle_orm.eq)(require_schema.usersToPermissionsTable.permissionId, require_schema.permissionsTable.id)).where((0, drizzle_orm.eq)(require_schema.usersToPermissionsTable.userId, userId));
-	let rolePermissions = [];
-	if (roles.length > 0) {
-		const roleIds = roles.map((r) => r.id);
-		rolePermissions = await require_inject.db.select({
-			id: require_schema.permissionsTable.id,
-			name: require_schema.permissionsTable.name
-		}).from(require_schema.rolesToPermissionsTable).innerJoin(require_schema.permissionsTable, (0, drizzle_orm.eq)(require_schema.rolesToPermissionsTable.permissionId, require_schema.permissionsTable.id)).where((0, drizzle_orm.inArray)(require_schema.rolesToPermissionsTable.roleId, roleIds));
-	}
-	const effectiveMap = /* @__PURE__ */ new Map();
-	for (const p of [...directPermissions, ...rolePermissions]) effectiveMap.set(p.id, p);
-	return {
-		roles,
-		directPermissions,
-		effectivePermissions: Array.from(effectiveMap.values())
-	};
-}
-
-//#endregion
-exports.assignPermissionToRole = assignPermissionToRole;
-exports.assignPermissionToUser = assignPermissionToUser;
-exports.assignRoleToUser = assignRoleToUser;
-exports.createPermission = createPermission;
-exports.createRole = createRole;
-exports.deletePermission = deletePermission;
-exports.deleteRole = deleteRole;
-exports.getPermissions = getPermissions;
-exports.getRoleById = getRoleById;
-exports.getRolePermissions = getRolePermissions;
-exports.getRoles = getRoles;
-exports.getUserRbacData = getUserRbacData;
-exports.revokePermissionFromRole = revokePermissionFromRole;
-exports.revokePermissionFromUser = revokePermissionFromUser;
-exports.revokeRoleFromUser = revokeRoleFromUser;
+"use server";require(`../../_virtual/_rolldown/runtime.cjs`);const e=require(`../../server/database/inject.cjs`),t=require(`../../server/database/schema.cjs`),n=require(`../notifications/service.cjs`);require(`../notifications/index.cjs`);let r=require(`drizzle-orm`);typeof window>`u`&&n.notificationService.init();async function i(){return await e.db.select().from(t.rolesTable).orderBy(t.rolesTable.name)}async function a(n){let[i]=await e.db.select().from(t.rolesTable).where((0,r.eq)(t.rolesTable.id,n));return i}async function o(n,r){return await e.db.insert(t.rolesTable).values({name:n,description:r}).returning()}async function s(n){return await e.db.delete(t.rolesTable).where((0,r.eq)(t.rolesTable.id,n))}async function c(){return await e.db.select().from(t.permissionsTable).orderBy(t.permissionsTable.name)}async function l(n,r){return await e.db.insert(t.permissionsTable).values({name:n,description:r}).returning()}async function u(n){return await e.db.delete(t.permissionsTable).where((0,r.eq)(t.permissionsTable.id,n))}async function d(n){return await e.db.select({id:t.permissionsTable.id,name:t.permissionsTable.name}).from(t.rolesToPermissionsTable).innerJoin(t.permissionsTable,(0,r.eq)(t.rolesToPermissionsTable.permissionId,t.permissionsTable.id)).where((0,r.eq)(t.rolesToPermissionsTable.roleId,n))}async function f(n,r){return await e.db.insert(t.rolesToPermissionsTable).values({roleId:n,permissionId:r}).onConflictDoNothing()}async function p(n,i){return await e.db.delete(t.rolesToPermissionsTable).where((0,r.and)((0,r.eq)(t.rolesToPermissionsTable.roleId,n),(0,r.eq)(t.rolesToPermissionsTable.permissionId,i)))}async function m(n,r){return await e.db.insert(t.usersToRolesTable).values({userId:n,roleId:r}).onConflictDoNothing()}async function h(n,i){return await e.db.delete(t.usersToRolesTable).where((0,r.and)((0,r.eq)(t.usersToRolesTable.userId,n),(0,r.eq)(t.usersToRolesTable.roleId,i)))}async function g(n,r){return await e.db.insert(t.usersToPermissionsTable).values({userId:n,permissionId:r}).onConflictDoNothing()}async function _(n,i){return await e.db.delete(t.usersToPermissionsTable).where((0,r.and)((0,r.eq)(t.usersToPermissionsTable.userId,n),(0,r.eq)(t.usersToPermissionsTable.permissionId,i)))}async function v(n){let i=await e.db.select({id:t.rolesTable.id,name:t.rolesTable.name}).from(t.usersToRolesTable).innerJoin(t.rolesTable,(0,r.eq)(t.usersToRolesTable.roleId,t.rolesTable.id)).where((0,r.eq)(t.usersToRolesTable.userId,n)),a=await e.db.select({id:t.permissionsTable.id,name:t.permissionsTable.name}).from(t.usersToPermissionsTable).innerJoin(t.permissionsTable,(0,r.eq)(t.usersToPermissionsTable.permissionId,t.permissionsTable.id)).where((0,r.eq)(t.usersToPermissionsTable.userId,n)),o=[];if(i.length>0){let n=i.map(e=>e.id);o=await e.db.select({id:t.permissionsTable.id,name:t.permissionsTable.name}).from(t.rolesToPermissionsTable).innerJoin(t.permissionsTable,(0,r.eq)(t.rolesToPermissionsTable.permissionId,t.permissionsTable.id)).where((0,r.inArray)(t.rolesToPermissionsTable.roleId,n))}let s=new Map;for(let e of[...a,...o])s.set(e.id,e);return{roles:i,directPermissions:a,effectivePermissions:Array.from(s.values())}}exports.assignPermissionToRole=f,exports.assignPermissionToUser=g,exports.assignRoleToUser=m,exports.createPermission=l,exports.createRole=o,exports.deletePermission=u,exports.deleteRole=s,exports.getPermissions=c,exports.getRoleById=a,exports.getRolePermissions=d,exports.getRoles=i,exports.getUserRbacData=v,exports.revokePermissionFromRole=p,exports.revokePermissionFromUser=_,exports.revokeRoleFromUser=h;

package/dist/core/auth/rbac.d.cts

@@ -16,8 +16,8 @@ declare function getRoleById(roleId: string): Promise<{
   description: string | null;
 }>;
 declare function createRole(name: string, description?: string): Promise<{
-  id: string;
   name: string;
+  id: string;
   description: string | null;
 }[]>;
 declare function deleteRole(roleId: string): Promise<pg.QueryResult<never>>;
@@ -27,8 +27,8 @@ declare function getPermissions(): Promise<{
   description: string | null;
 }[]>;
 declare function createPermission(name: string, description?: string): Promise<{
-  id: string;
   name: string;
+  id: string;
   description: string | null;
 }[]>;
 declare function deletePermission(permissionId: string): Promise<pg.QueryResult<never>>;

package/dist/core/auth/rbac.d.mts

@@ -16,8 +16,8 @@ declare function getRoleById(roleId: string): Promise<{
   description: string | null;
 }>;
 declare function createRole(name: string, description?: string): Promise<{
-  id: string;
   name: string;
+  id: string;
   description: string | null;
 }[]>;
 declare function deleteRole(roleId: string): Promise<pg.QueryResult<never>>;
@@ -27,8 +27,8 @@ declare function getPermissions(): Promise<{
   description: string | null;
 }[]>;
 declare function createPermission(name: string, description?: string): Promise<{
-  id: string;
   name: string;
+  id: string;
   description: string | null;
 }[]>;
 declare function deletePermission(permissionId: string): Promise<pg.QueryResult<never>>;

package/dist/core/auth/rbac.mjs

@@ -1,104 +1,2 @@
-"use server";
-
-import { db } from "../../server/database/inject.mjs";
-import { permissionsTable, rolesTable, rolesToPermissionsTable, usersToPermissionsTable, usersToRolesTable } from "../../server/database/schema.mjs";
-import { notificationService } from "../notifications/service.mjs";
-import "../notifications/index.mjs";
-import { and, eq, inArray } from "drizzle-orm";
-
-//#region src/core/auth/rbac.ts
-if (typeof window === "undefined") notificationService.init();
-/**
-* CORE RBAC LOGIC
-* This file handles all database operations for Roles and Permissions.
-*/
-async function getRoles() {
-	return await db.select().from(rolesTable).orderBy(rolesTable.name);
-}
-async function getRoleById(roleId) {
-	const [role] = await db.select().from(rolesTable).where(eq(rolesTable.id, roleId));
-	return role;
-}
-async function createRole(name, description) {
-	return await db.insert(rolesTable).values({
-		name,
-		description
-	}).returning();
-}
-async function deleteRole(roleId) {
-	return await db.delete(rolesTable).where(eq(rolesTable.id, roleId));
-}
-async function getPermissions() {
-	return await db.select().from(permissionsTable).orderBy(permissionsTable.name);
-}
-async function createPermission(name, description) {
-	return await db.insert(permissionsTable).values({
-		name,
-		description
-	}).returning();
-}
-async function deletePermission(permissionId) {
-	return await db.delete(permissionsTable).where(eq(permissionsTable.id, permissionId));
-}
-async function getRolePermissions(roleId) {
-	return await db.select({
-		id: permissionsTable.id,
-		name: permissionsTable.name
-	}).from(rolesToPermissionsTable).innerJoin(permissionsTable, eq(rolesToPermissionsTable.permissionId, permissionsTable.id)).where(eq(rolesToPermissionsTable.roleId, roleId));
-}
-async function assignPermissionToRole(roleId, permissionId) {
-	return await db.insert(rolesToPermissionsTable).values({
-		roleId,
-		permissionId
-	}).onConflictDoNothing();
-}
-async function revokePermissionFromRole(roleId, permissionId) {
-	return await db.delete(rolesToPermissionsTable).where(and(eq(rolesToPermissionsTable.roleId, roleId), eq(rolesToPermissionsTable.permissionId, permissionId)));
-}
-async function assignRoleToUser(userId, roleId) {
-	return await db.insert(usersToRolesTable).values({
-		userId,
-		roleId
-	}).onConflictDoNothing();
-}
-async function revokeRoleFromUser(userId, roleId) {
-	return await db.delete(usersToRolesTable).where(and(eq(usersToRolesTable.userId, userId), eq(usersToRolesTable.roleId, roleId)));
-}
-async function assignPermissionToUser(userId, permissionId) {
-	return await db.insert(usersToPermissionsTable).values({
-		userId,
-		permissionId
-	}).onConflictDoNothing();
-}
-async function revokePermissionFromUser(userId, permissionId) {
-	return await db.delete(usersToPermissionsTable).where(and(eq(usersToPermissionsTable.userId, userId), eq(usersToPermissionsTable.permissionId, permissionId)));
-}
-async function getUserRbacData(userId) {
-	const roles = await db.select({
-		id: rolesTable.id,
-		name: rolesTable.name
-	}).from(usersToRolesTable).innerJoin(rolesTable, eq(usersToRolesTable.roleId, rolesTable.id)).where(eq(usersToRolesTable.userId, userId));
-	const directPermissions = await db.select({
-		id: permissionsTable.id,
-		name: permissionsTable.name
-	}).from(usersToPermissionsTable).innerJoin(permissionsTable, eq(usersToPermissionsTable.permissionId, permissionsTable.id)).where(eq(usersToPermissionsTable.userId, userId));
-	let rolePermissions = [];
-	if (roles.length > 0) {
-		const roleIds = roles.map((r) => r.id);
-		rolePermissions = await db.select({
-			id: permissionsTable.id,
-			name: permissionsTable.name
-		}).from(rolesToPermissionsTable).innerJoin(permissionsTable, eq(rolesToPermissionsTable.permissionId, permissionsTable.id)).where(inArray(rolesToPermissionsTable.roleId, roleIds));
-	}
-	const effectiveMap = /* @__PURE__ */ new Map();
-	for (const p of [...directPermissions, ...rolePermissions]) effectiveMap.set(p.id, p);
-	return {
-		roles,
-		directPermissions,
-		effectivePermissions: Array.from(effectiveMap.values())
-	};
-}
-
-//#endregion
-export { assignPermissionToRole, assignPermissionToUser, assignRoleToUser, createPermission, createRole, deletePermission, deleteRole, getPermissions, getRoleById, getRolePermissions, getRoles, getUserRbacData, revokePermissionFromRole, revokePermissionFromUser, revokeRoleFromUser };
+"use server";import{db as e}from"../../server/database/inject.mjs";import{permissionsTable as t,rolesTable as n,rolesToPermissionsTable as r,usersToPermissionsTable as i,usersToRolesTable as a}from"../../server/database/schema.mjs";import{notificationService as o}from"../notifications/service.mjs";import"../notifications/index.mjs";import{and as s,eq as c,inArray as l}from"drizzle-orm";typeof window>`u`&&o.init();async function u(){return await e.select().from(n).orderBy(n.name)}async function d(t){let[r]=await e.select().from(n).where(c(n.id,t));return r}async function f(t,r){return await e.insert(n).values({name:t,description:r}).returning()}async function p(t){return await e.delete(n).where(c(n.id,t))}async function m(){return await e.select().from(t).orderBy(t.name)}async function h(n,r){return await e.insert(t).values({name:n,description:r}).returning()}async function g(n){return await e.delete(t).where(c(t.id,n))}async function _(n){return await e.select({id:t.id,name:t.name}).from(r).innerJoin(t,c(r.permissionId,t.id)).where(c(r.roleId,n))}async function v(t,n){return await e.insert(r).values({roleId:t,permissionId:n}).onConflictDoNothing()}async function y(t,n){return await e.delete(r).where(s(c(r.roleId,t),c(r.permissionId,n)))}async function b(t,n){return await e.insert(a).values({userId:t,roleId:n}).onConflictDoNothing()}async function x(t,n){return await e.delete(a).where(s(c(a.userId,t),c(a.roleId,n)))}async function S(t,n){return await e.insert(i).values({userId:t,permissionId:n}).onConflictDoNothing()}async function C(t,n){return await e.delete(i).where(s(c(i.userId,t),c(i.permissionId,n)))}async function w(o){let s=await e.select({id:n.id,name:n.name}).from(a).innerJoin(n,c(a.roleId,n.id)).where(c(a.userId,o)),u=await e.select({id:t.id,name:t.name}).from(i).innerJoin(t,c(i.permissionId,t.id)).where(c(i.userId,o)),d=[];if(s.length>0){let n=s.map(e=>e.id);d=await e.select({id:t.id,name:t.name}).from(r).innerJoin(t,c(r.permissionId,t.id)).where(l(r.roleId,n))}let f=new Map;for(let e of[...u,...d])f.set(e.id,e);return{roles:s,directPermissions:u,effectivePermissions:Array.from(f.values())}}export{v as assignPermissionToRole,S as assignPermissionToUser,b as assignRoleToUser,h as createPermission,f as createRole,g as deletePermission,p as deleteRole,m as getPermissions,d as getRoleById,_ as getRolePermissions,u as getRoles,w as getUserRbacData,y as revokePermissionFromRole,C as revokePermissionFromUser,x as revokeRoleFromUser};
 //# sourceMappingURL=rbac.mjs.map

package/dist/core/auth/rbac.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"rbac.mjs","names":[],"sources":["../../../src/core/auth/rbac.ts"],"sourcesContent":["\"use server\";\n\nimport { and, eq, inArray } from \"drizzle-orm\";\nimport { db } from \"../../server/database/inject\";\nimport {\n  permissionsTable,\n  rolesTable,\n  rolesToPermissionsTable,\n  usersToPermissionsTable,\n  usersToRolesTable,\n} from \"../../server/database/schema\";\nimport { notificationService } from \"../notifications\";\n\n// Ensure notification service is loaded\nif (typeof window === \"undefined\") {\n  notificationService.init();\n}\n\n/**\n * CORE RBAC LOGIC\n * This file handles all database operations for Roles and Permissions.\n */\n\n// --- Roles ---\n\nexport async function getRoles() {\n  return await db.select().from(rolesTable).orderBy(rolesTable.name);\n}\n\nexport async function getRoleById(roleId: string) {\n  const [role] = await db\n    .select()\n    .from(rolesTable)\n    .where(eq(rolesTable.id, roleId));\n  return role;\n}\n\nexport async function createRole(name: string, description?: string) {\n  return await db.insert(rolesTable).values({ name, description }).returning();\n}\n\nexport async function deleteRole(roleId: string) {\n  return await db.delete(rolesTable).where(eq(rolesTable.id, roleId));\n}\n\n// --- Permissions ---\n\nexport async function getPermissions() {\n  return await db\n    .select()\n    .from(permissionsTable)\n    .orderBy(permissionsTable.name);\n}\n\nexport async function createPermission(name: string, description?: string) {\n  return await db\n    .insert(permissionsTable)\n    .values({ name, description })\n    .returning();\n}\n\nexport async function deletePermission(permissionId: string) {\n  return await db\n    .delete(permissionsTable)\n    .where(eq(permissionsTable.id, permissionId));\n}\n\n// --- Mappings ---\n\nexport async function getRolePermissions(roleId: string) {\n  return await db\n    .select({\n      id: permissionsTable.id,\n      name: permissionsTable.name,\n    })\n    .from(rolesToPermissionsTable)\n    .innerJoin(\n      permissionsTable,\n      eq(rolesToPermissionsTable.permissionId, permissionsTable.id),\n    )\n    .where(eq(rolesToPermissionsTable.roleId, roleId));\n}\n\nexport async function assignPermissionToRole(\n  roleId: string,\n  permissionId: string,\n) {\n  return await db\n    .insert(rolesToPermissionsTable)\n    .values({ roleId, permissionId })\n    .onConflictDoNothing();\n}\n\nexport async function revokePermissionFromRole(\n  roleId: string,\n  permissionId: string,\n) {\n  return await db\n    .delete(rolesToPermissionsTable)\n    .where(\n      and(\n        eq(rolesToPermissionsTable.roleId, roleId),\n        eq(rolesToPermissionsTable.permissionId, permissionId),\n      ),\n    );\n}\n\n// --- User Assignment ---\n\nexport async function assignRoleToUser(userId: string, roleId: string) {\n  return await db\n    .insert(usersToRolesTable)\n    .values({ userId, roleId })\n    .onConflictDoNothing();\n}\n\nexport async function revokeRoleFromUser(userId: string, roleId: string) {\n  return await db\n    .delete(usersToRolesTable)\n    .where(\n      and(\n        eq(usersToRolesTable.userId, userId),\n        eq(usersToRolesTable.roleId, roleId),\n      ),\n    );\n}\n\nexport async function assignPermissionToUser(\n  userId: string,\n  permissionId: string,\n) {\n  return await db\n    .insert(usersToPermissionsTable)\n    .values({ userId, permissionId })\n    .onConflictDoNothing();\n}\n\nexport async function revokePermissionFromUser(\n  userId: string,\n  permissionId: string,\n) {\n  return await db\n    .delete(usersToPermissionsTable)\n    .where(\n      and(\n        eq(usersToPermissionsTable.userId, userId),\n        eq(usersToPermissionsTable.permissionId, permissionId),\n      ),\n    );\n}\n\nexport async function getUserRbacData(userId: string) {\n  const roles = await db\n    .select({\n      id: rolesTable.id,\n      name: rolesTable.name,\n    })\n    .from(usersToRolesTable)\n    .innerJoin(rolesTable, eq(usersToRolesTable.roleId, rolesTable.id))\n    .where(eq(usersToRolesTable.userId, userId));\n\n  const directPermissions = await db\n    .select({\n      id: permissionsTable.id,\n      name: permissionsTable.name,\n    })\n    .from(usersToPermissionsTable)\n    .innerJoin(\n      permissionsTable,\n      eq(usersToPermissionsTable.permissionId, permissionsTable.id),\n    )\n    .where(eq(usersToPermissionsTable.userId, userId));\n\n  // Fetch inherited permissions from roles\n  let rolePermissions: { id: string; name: string }[] = [];\n  if (roles.length > 0) {\n    const roleIds = roles.map((r) => r.id);\n    rolePermissions = await db\n      .select({\n        id: permissionsTable.id,\n        name: permissionsTable.name,\n      })\n      .from(rolesToPermissionsTable)\n      .innerJoin(\n        permissionsTable,\n        eq(rolesToPermissionsTable.permissionId, permissionsTable.id),\n      )\n      .where(inArray(rolesToPermissionsTable.roleId, roleIds));\n  }\n\n  // Combine for effective permissions\n  const effectiveMap = new Map<string, { id: string; name: string }>();\n  for (const p of [...directPermissions, ...rolePermissions]) {\n    effectiveMap.set(p.id, p);\n  }\n\n  return {\n    roles,\n    directPermissions,\n    effectivePermissions: Array.from(effectiveMap.values()),\n  };\n}\n"],"mappings":";;;;;;;;;AAcA,IAAI,OAAO,WAAW,YACpB,qBAAoB,MAAM;;;;;AAU5B,eAAsB,WAAW;AAC/B,QAAO,MAAM,GAAG,QAAQ,CAAC,KAAK,WAAW,CAAC,QAAQ,WAAW,KAAK;;AAGpE,eAAsB,YAAY,QAAgB;CAChD,MAAM,CAAC,QAAQ,MAAM,GAClB,QAAQ,CACR,KAAK,WAAW,CAChB,MAAM,GAAG,WAAW,IAAI,OAAO,CAAC;AACnC,QAAO;;AAGT,eAAsB,WAAW,MAAc,aAAsB;AACnE,QAAO,MAAM,GAAG,OAAO,WAAW,CAAC,OAAO;EAAE;EAAM;EAAa,CAAC,CAAC,WAAW;;AAG9E,eAAsB,WAAW,QAAgB;AAC/C,QAAO,MAAM,GAAG,OAAO,WAAW,CAAC,MAAM,GAAG,WAAW,IAAI,OAAO,CAAC;;AAKrE,eAAsB,iBAAiB;AACrC,QAAO,MAAM,GACV,QAAQ,CACR,KAAK,iBAAiB,CACtB,QAAQ,iBAAiB,KAAK;;AAGnC,eAAsB,iBAAiB,MAAc,aAAsB;AACzE,QAAO,MAAM,GACV,OAAO,iBAAiB,CACxB,OAAO;EAAE;EAAM;EAAa,CAAC,CAC7B,WAAW;;AAGhB,eAAsB,iBAAiB,cAAsB;AAC3D,QAAO,MAAM,GACV,OAAO,iBAAiB,CACxB,MAAM,GAAG,iBAAiB,IAAI,aAAa,CAAC;;AAKjD,eAAsB,mBAAmB,QAAgB;AACvD,QAAO,MAAM,GACV,OAAO;EACN,IAAI,iBAAiB;EACrB,MAAM,iBAAiB;EACxB,CAAC,CACD,KAAK,wBAAwB,CAC7B,UACC,kBACA,GAAG,wBAAwB,cAAc,iBAAiB,GAAG,CAC9D,CACA,MAAM,GAAG,wBAAwB,QAAQ,OAAO,CAAC;;AAGtD,eAAsB,uBACpB,QACA,cACA;AACA,QAAO,MAAM,GACV,OAAO,wBAAwB,CAC/B,OAAO;EAAE;EAAQ;EAAc,CAAC,CAChC,qBAAqB;;AAG1B,eAAsB,yBACpB,QACA,cACA;AACA,QAAO,MAAM,GACV,OAAO,wBAAwB,CAC/B,MACC,IACE,GAAG,wBAAwB,QAAQ,OAAO,EAC1C,GAAG,wBAAwB,cAAc,aAAa,CACvD,CACF;;AAKL,eAAsB,iBAAiB,QAAgB,QAAgB;AACrE,QAAO,MAAM,GACV,OAAO,kBAAkB,CACzB,OAAO;EAAE;EAAQ;EAAQ,CAAC,CAC1B,qBAAqB;;AAG1B,eAAsB,mBAAmB,QAAgB,QAAgB;AACvE,QAAO,MAAM,GACV,OAAO,kBAAkB,CACzB,MACC,IACE,GAAG,kBAAkB,QAAQ,OAAO,EACpC,GAAG,kBAAkB,QAAQ,OAAO,CACrC,CACF;;AAGL,eAAsB,uBACpB,QACA,cACA;AACA,QAAO,MAAM,GACV,OAAO,wBAAwB,CAC/B,OAAO;EAAE;EAAQ;EAAc,CAAC,CAChC,qBAAqB;;AAG1B,eAAsB,yBACpB,QACA,cACA;AACA,QAAO,MAAM,GACV,OAAO,wBAAwB,CAC/B,MACC,IACE,GAAG,wBAAwB,QAAQ,OAAO,EAC1C,GAAG,wBAAwB,cAAc,aAAa,CACvD,CACF;;AAGL,eAAsB,gBAAgB,QAAgB;CACpD,MAAM,QAAQ,MAAM,GACjB,OAAO;EACN,IAAI,WAAW;EACf,MAAM,WAAW;EAClB,CAAC,CACD,KAAK,kBAAkB,CACvB,UAAU,YAAY,GAAG,kBAAkB,QAAQ,WAAW,GAAG,CAAC,CAClE,MAAM,GAAG,kBAAkB,QAAQ,OAAO,CAAC;CAE9C,MAAM,oBAAoB,MAAM,GAC7B,OAAO;EACN,IAAI,iBAAiB;EACrB,MAAM,iBAAiB;EACxB,CAAC,CACD,KAAK,wBAAwB,CAC7B,UACC,kBACA,GAAG,wBAAwB,cAAc,iBAAiB,GAAG,CAC9D,CACA,MAAM,GAAG,wBAAwB,QAAQ,OAAO,CAAC;CAGpD,IAAI,kBAAkD,EAAE;AACxD,KAAI,MAAM,SAAS,GAAG;EACpB,MAAM,UAAU,MAAM,KAAK,MAAM,EAAE,GAAG;AACtC,oBAAkB,MAAM,GACrB,OAAO;GACN,IAAI,iBAAiB;GACrB,MAAM,iBAAiB;GACxB,CAAC,CACD,KAAK,wBAAwB,CAC7B,UACC,kBACA,GAAG,wBAAwB,cAAc,iBAAiB,GAAG,CAC9D,CACA,MAAM,QAAQ,wBAAwB,QAAQ,QAAQ,CAAC;;CAI5D,MAAM,+BAAe,IAAI,KAA2C;AACpE,MAAK,MAAM,KAAK,CAAC,GAAG,mBAAmB,GAAG,gBAAgB,CACxD,cAAa,IAAI,EAAE,IAAI,EAAE;AAG3B,QAAO;EACL;EACA;EACA,sBAAsB,MAAM,KAAK,aAAa,QAAQ,CAAC;EACxD"}
+{"version":3,"file":"rbac.mjs","names":[],"sources":["../../../src/core/auth/rbac.ts"],"sourcesContent":["\"use server\";\n\nimport { and, eq, inArray } from \"drizzle-orm\";\nimport { db } from \"../../server/database/inject.js\";\nimport {\n  permissionsTable,\n  rolesTable,\n  rolesToPermissionsTable,\n  usersToPermissionsTable,\n  usersToRolesTable,\n} from \"../../server/database/schema.js\";\nimport { notificationService } from \"../notifications/index.js\";\n\n// Ensure notification service is loaded\nif (typeof window === \"undefined\") {\n  notificationService.init();\n}\n\n/**\n * CORE RBAC LOGIC\n * This file handles all database operations for Roles and Permissions.\n */\n\n// --- Roles ---\n\nexport async function getRoles() {\n  return await db.select().from(rolesTable).orderBy(rolesTable.name);\n}\n\nexport async function getRoleById(roleId: string) {\n  const [role] = await db\n    .select()\n    .from(rolesTable)\n    .where(eq(rolesTable.id, roleId));\n  return role;\n}\n\nexport async function createRole(name: string, description?: string) {\n  return await db.insert(rolesTable).values({ name, description }).returning();\n}\n\nexport async function deleteRole(roleId: string) {\n  return await db.delete(rolesTable).where(eq(rolesTable.id, roleId));\n}\n\n// --- Permissions ---\n\nexport async function getPermissions() {\n  return await db\n    .select()\n    .from(permissionsTable)\n    .orderBy(permissionsTable.name);\n}\n\nexport async function createPermission(name: string, description?: string) {\n  return await db\n    .insert(permissionsTable)\n    .values({ name, description })\n    .returning();\n}\n\nexport async function deletePermission(permissionId: string) {\n  return await db\n    .delete(permissionsTable)\n    .where(eq(permissionsTable.id, permissionId));\n}\n\n// --- Mappings ---\n\nexport async function getRolePermissions(roleId: string) {\n  return await db\n    .select({\n      id: permissionsTable.id,\n      name: permissionsTable.name,\n    })\n    .from(rolesToPermissionsTable)\n    .innerJoin(\n      permissionsTable,\n      eq(rolesToPermissionsTable.permissionId, permissionsTable.id),\n    )\n    .where(eq(rolesToPermissionsTable.roleId, roleId));\n}\n\nexport async function assignPermissionToRole(\n  roleId: string,\n  permissionId: string,\n) {\n  return await db\n    .insert(rolesToPermissionsTable)\n    .values({ roleId, permissionId })\n    .onConflictDoNothing();\n}\n\nexport async function revokePermissionFromRole(\n  roleId: string,\n  permissionId: string,\n) {\n  return await db\n    .delete(rolesToPermissionsTable)\n    .where(\n      and(\n        eq(rolesToPermissionsTable.roleId, roleId),\n        eq(rolesToPermissionsTable.permissionId, permissionId),\n      ),\n    );\n}\n\n// --- User Assignment ---\n\nexport async function assignRoleToUser(userId: string, roleId: string) {\n  return await db\n    .insert(usersToRolesTable)\n    .values({ userId, roleId })\n    .onConflictDoNothing();\n}\n\nexport async function revokeRoleFromUser(userId: string, roleId: string) {\n  return await db\n    .delete(usersToRolesTable)\n    .where(\n      and(\n        eq(usersToRolesTable.userId, userId),\n        eq(usersToRolesTable.roleId, roleId),\n      ),\n    );\n}\n\nexport async function assignPermissionToUser(\n  userId: string,\n  permissionId: string,\n) {\n  return await db\n    .insert(usersToPermissionsTable)\n    .values({ userId, permissionId })\n    .onConflictDoNothing();\n}\n\nexport async function revokePermissionFromUser(\n  userId: string,\n  permissionId: string,\n) {\n  return await db\n    .delete(usersToPermissionsTable)\n    .where(\n      and(\n        eq(usersToPermissionsTable.userId, userId),\n        eq(usersToPermissionsTable.permissionId, permissionId),\n      ),\n    );\n}\n\nexport async function getUserRbacData(userId: string) {\n  const roles = await db\n    .select({\n      id: rolesTable.id,\n      name: rolesTable.name,\n    })\n    .from(usersToRolesTable)\n    .innerJoin(rolesTable, eq(usersToRolesTable.roleId, rolesTable.id))\n    .where(eq(usersToRolesTable.userId, userId));\n\n  const directPermissions = await db\n    .select({\n      id: permissionsTable.id,\n      name: permissionsTable.name,\n    })\n    .from(usersToPermissionsTable)\n    .innerJoin(\n      permissionsTable,\n      eq(usersToPermissionsTable.permissionId, permissionsTable.id),\n    )\n    .where(eq(usersToPermissionsTable.userId, userId));\n\n  // Fetch inherited permissions from roles\n  let rolePermissions: { id: string; name: string }[] = [];\n  if (roles.length > 0) {\n    const roleIds = roles.map((r) => r.id);\n    rolePermissions = await db\n      .select({\n        id: permissionsTable.id,\n        name: permissionsTable.name,\n      })\n      .from(rolesToPermissionsTable)\n      .innerJoin(\n        permissionsTable,\n        eq(rolesToPermissionsTable.permissionId, permissionsTable.id),\n      )\n      .where(inArray(rolesToPermissionsTable.roleId, roleIds));\n  }\n\n  // Combine for effective permissions\n  const effectiveMap = new Map<string, { id: string; name: string }>();\n  for (const p of [...directPermissions, ...rolePermissions]) {\n    effectiveMap.set(p.id, p);\n  }\n\n  return {\n    roles,\n    directPermissions,\n    effectivePermissions: Array.from(effectiveMap.values()),\n  };\n}\n"],"mappings":"qYAcI,OAAO,OAAW,KACpB,EAAoB,MAAM,CAU5B,eAAsB,GAAW,CAC/B,OAAO,MAAM,EAAG,QAAQ,CAAC,KAAK,EAAW,CAAC,QAAQ,EAAW,KAAK,CAGpE,eAAsB,EAAY,EAAgB,CAChD,GAAM,CAAC,GAAQ,MAAM,EAClB,QAAQ,CACR,KAAK,EAAW,CAChB,MAAM,EAAG,EAAW,GAAI,EAAO,CAAC,CACnC,OAAO,EAGT,eAAsB,EAAW,EAAc,EAAsB,CACnE,OAAO,MAAM,EAAG,OAAO,EAAW,CAAC,OAAO,CAAE,OAAM,cAAa,CAAC,CAAC,WAAW,CAG9E,eAAsB,EAAW,EAAgB,CAC/C,OAAO,MAAM,EAAG,OAAO,EAAW,CAAC,MAAM,EAAG,EAAW,GAAI,EAAO,CAAC,CAKrE,eAAsB,GAAiB,CACrC,OAAO,MAAM,EACV,QAAQ,CACR,KAAK,EAAiB,CACtB,QAAQ,EAAiB,KAAK,CAGnC,eAAsB,EAAiB,EAAc,EAAsB,CACzE,OAAO,MAAM,EACV,OAAO,EAAiB,CACxB,OAAO,CAAE,OAAM,cAAa,CAAC,CAC7B,WAAW,CAGhB,eAAsB,EAAiB,EAAsB,CAC3D,OAAO,MAAM,EACV,OAAO,EAAiB,CACxB,MAAM,EAAG,EAAiB,GAAI,EAAa,CAAC,CAKjD,eAAsB,EAAmB,EAAgB,CACvD,OAAO,MAAM,EACV,OAAO,CACN,GAAI,EAAiB,GACrB,KAAM,EAAiB,KACxB,CAAC,CACD,KAAK,EAAwB,CAC7B,UACC,EACA,EAAG,EAAwB,aAAc,EAAiB,GAAG,CAC9D,CACA,MAAM,EAAG,EAAwB,OAAQ,EAAO,CAAC,CAGtD,eAAsB,EACpB,EACA,EACA,CACA,OAAO,MAAM,EACV,OAAO,EAAwB,CAC/B,OAAO,CAAE,SAAQ,eAAc,CAAC,CAChC,qBAAqB,CAG1B,eAAsB,EACpB,EACA,EACA,CACA,OAAO,MAAM,EACV,OAAO,EAAwB,CAC/B,MACC,EACE,EAAG,EAAwB,OAAQ,EAAO,CAC1C,EAAG,EAAwB,aAAc,EAAa,CACvD,CACF,CAKL,eAAsB,EAAiB,EAAgB,EAAgB,CACrE,OAAO,MAAM,EACV,OAAO,EAAkB,CACzB,OAAO,CAAE,SAAQ,SAAQ,CAAC,CAC1B,qBAAqB,CAG1B,eAAsB,EAAmB,EAAgB,EAAgB,CACvE,OAAO,MAAM,EACV,OAAO,EAAkB,CACzB,MACC,EACE,EAAG,EAAkB,OAAQ,EAAO,CACpC,EAAG,EAAkB,OAAQ,EAAO,CACrC,CACF,CAGL,eAAsB,EACpB,EACA,EACA,CACA,OAAO,MAAM,EACV,OAAO,EAAwB,CAC/B,OAAO,CAAE,SAAQ,eAAc,CAAC,CAChC,qBAAqB,CAG1B,eAAsB,EACpB,EACA,EACA,CACA,OAAO,MAAM,EACV,OAAO,EAAwB,CAC/B,MACC,EACE,EAAG,EAAwB,OAAQ,EAAO,CAC1C,EAAG,EAAwB,aAAc,EAAa,CACvD,CACF,CAGL,eAAsB,EAAgB,EAAgB,CACpD,IAAM,EAAQ,MAAM,EACjB,OAAO,CACN,GAAI,EAAW,GACf,KAAM,EAAW,KAClB,CAAC,CACD,KAAK,EAAkB,CACvB,UAAU,EAAY,EAAG,EAAkB,OAAQ,EAAW,GAAG,CAAC,CAClE,MAAM,EAAG,EAAkB,OAAQ,EAAO,CAAC,CAExC,EAAoB,MAAM,EAC7B,OAAO,CACN,GAAI,EAAiB,GACrB,KAAM,EAAiB,KACxB,CAAC,CACD,KAAK,EAAwB,CAC7B,UACC,EACA,EAAG,EAAwB,aAAc,EAAiB,GAAG,CAC9D,CACA,MAAM,EAAG,EAAwB,OAAQ,EAAO,CAAC,CAGhD,EAAkD,EAAE,CACxD,GAAI,EAAM,OAAS,EAAG,CACpB,IAAM,EAAU,EAAM,IAAK,GAAM,EAAE,GAAG,CACtC,EAAkB,MAAM,EACrB,OAAO,CACN,GAAI,EAAiB,GACrB,KAAM,EAAiB,KACxB,CAAC,CACD,KAAK,EAAwB,CAC7B,UACC,EACA,EAAG,EAAwB,aAAc,EAAiB,GAAG,CAC9D,CACA,MAAM,EAAQ,EAAwB,OAAQ,EAAQ,CAAC,CAI5D,IAAM,EAAe,IAAI,IACzB,IAAK,IAAM,IAAK,CAAC,GAAG,EAAmB,GAAG,EAAgB,CACxD,EAAa,IAAI,EAAE,GAAI,EAAE,CAG3B,MAAO,CACL,QACA,oBACA,qBAAsB,MAAM,KAAK,EAAa,QAAQ,CAAC,CACxD"}