@archbase/security 3.0.0

package/dist/index.js

@@ -0,0 +1,2056 @@
+import "reflect-metadata";
+import * as I from "inversify";
+import { decorate as vt, injectable as bt } from "inversify";
+import { compressString as At, decompressString as Et, IOCContainer as xt, ARCHBASE_IOC_API_TYPE as H, processErrorMessage as ee, IsNotEmpty as G, IsOptional as te, IsBoolean as K, IsEmail as St, getKeyByEnumValue as je, useArchbasePasswordRemember as kt, getI18nextInstance as x, useArchbaseTheme as It, isEmailValidate as Pt, useArchbaseAppContext as Tt } from "@archbase/core";
+import F from "crypto-js";
+import { jwtDecode as Ct } from "jwt-decode";
+import { jsx as u, jsxs as L, Fragment as re } from "react/jsx-runtime";
+import He, { useState as m, useEffect as z, createContext as De, useMemo as Ut, useRef as Dt, useCallback as pe, useContext as _e } from "react";
+import { BehaviorSubject as Fe } from "rxjs";
+import { ArchbaseRemoteApiService as ce, useArchbaseStore as Ge } from "@archbase/data";
+import { v4 as J } from "uuid";
+import { Card as Je, Text as ne, Divider as ge, Group as Ve, Select as _t, Tooltip as Rt, Button as ie, TextInput as Pe, Loader as Nt, PasswordInput as Te, Checkbox as Mt, Anchor as Bt, useMantineColorScheme as Ot } from "@mantine/core";
+import { useFocusTrap as Ke } from "@mantine/hooks";
+import { IconCopy as Lt } from "@tabler/icons-react";
+import { ArchbaseDialog as ze } from "@archbase/components";
+import { useContainer as ye } from "inversify-react";
+class qe {
+  id;
+  displayName;
+  email;
+  photo;
+  isAdmin;
+  constructor(e) {
+    this.id = e.id, this.displayName = e.displayName, this.email = e.email, this.photo = e.photo, this.isAdmin = e.isAdmin;
+  }
+  static newInstance() {
+    return new qe({});
+  }
+}
+class Ye {
+  username;
+  password;
+  remember;
+  constructor(e) {
+    this.username = e.username, this.password = e.password, this.remember = e.remember;
+  }
+  static newInstance() {
+    return new Ye({});
+  }
+}
+const Q = "YngzI1guK3dGaElFcFY9MywqK3xgPzg/Ojg7eD8xRmg=", xe = "c1ab58e7-c113-4225-a190-a9e59d1207fc", Se = "6faf6932-a0b5-457b-83b1-8d89ddbd91fd", ke = "602b05c5-ec46-451e-aba6-187e463bc245", Ie = "8b4a7c2d-9e5f-4163-b8a7-3f2c9d8e5a1b";
+class $t {
+  getUsernameAndPassword() {
+    try {
+      const e = localStorage.getItem(Se);
+      if (e) {
+        const t = F.AES.decrypt(e, Q).toString(F.enc.Utf8), o = atob(t).split(":");
+        return { username: o[0], password: o[1], remember: !0 };
+      } else
+        return null;
+    } catch {
+      return null;
+    }
+  }
+  saveUsernameAndPassword(e, t) {
+    const s = btoa(`${e}:${t}`), o = F.AES.encrypt(s, Q).toString();
+    localStorage.setItem(Se, o);
+  }
+  getUsername() {
+    try {
+      const e = localStorage.getItem(ke);
+      if (e) {
+        const t = F.AES.decrypt(e, Q).toString(F.enc.Utf8);
+        return atob(t);
+      } else
+        return null;
+    } catch {
+      return null;
+    }
+  }
+  saveUsername(e) {
+    const t = btoa(e), s = F.AES.encrypt(t, Q).toString();
+    localStorage.setItem(ke, s);
+  }
+  isTokenExpired(e, t = 300) {
+    let s = e;
+    if (!s && !this.getToken())
+      return !0;
+    try {
+      const o = Ct(s.access_token);
+      if (!o)
+        return !0;
+      const a = Math.floor(Date.now() / 1e3), d = o.exp;
+      return a > d - t;
+    } catch {
+      return !0;
+    }
+  }
+  saveToken(e) {
+    if (e) {
+      const t = JSON.stringify(e), s = F.AES.encrypt(t, Q).toString(), o = At(s);
+      localStorage.setItem(xe, o);
+    } else
+      this.clearToken();
+  }
+  clearUsernameAndPassword() {
+    localStorage.removeItem(Se), localStorage.removeItem(ke);
+  }
+  clearToken() {
+    localStorage.removeItem(xe);
+  }
+  getToken() {
+    try {
+      const e = localStorage.getItem(xe);
+      if (!e)
+        return null;
+      const t = Et(e), s = F.AES.decrypt(t, Q).toString(F.enc.Utf8);
+      return JSON.parse(s);
+    } catch {
+      return null;
+    }
+  }
+  saveContext(e) {
+    try {
+      const t = F.AES.encrypt(e, Q).toString();
+      localStorage.setItem(Ie, t);
+    } catch (t) {
+      console.warn("Erro ao salvar contexto:", t);
+    }
+  }
+  getContext() {
+    try {
+      const e = localStorage.getItem(Ie);
+      return e ? F.AES.decrypt(e, Q).toString(F.enc.Utf8) : null;
+    } catch {
+      return null;
+    }
+  }
+  clearContext() {
+    localStorage.removeItem(Ie);
+  }
+}
+vt(bt(), $t);
+function Xe(r) {
+  const t = new Uint8Array(1);
+  return window.crypto.getRandomValues(t), t[0] >= Math.floor(256 / r) * r ? Xe(r) : t[0] % r;
+}
+function jt(r) {
+  let e = "";
+  const t = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+  for (let s = 0; s < r; s++)
+    e += t.charAt(Xe(t.length - 1));
+  return e;
+}
+async function Ft(r) {
+  if (!window.crypto.subtle?.digest)
+    throw new Error(
+      "The context/environment is not secure, and does not support the 'crypto.subtle' module. See: https://developer.mozilla.org/en-US/docs/Web/API/Crypto/subtle for details"
+    );
+  const t = new TextEncoder().encode(r), s = await window.crypto.subtle.digest("SHA-256", t), o = String.fromCharCode(...new Uint8Array(s));
+  return btoa(o).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+class Qe extends Error {
+  status;
+  statusText;
+  constructor(e, t, s) {
+    super(s), this.name = "FetchError", this.status = e, this.statusText = t;
+  }
+}
+function Vt(r) {
+  let e = "";
+  return Object.entries(r).forEach(([t, s]) => {
+    e += (e ? "&" : "") + t + "=" + encodeURIComponent(s);
+  }), e;
+}
+async function zt(r, e) {
+  return fetch(r, {
+    method: "POST",
+    body: Vt(e),
+    headers: { "Content-Type": "application/x-www-form-urlencoded" }
+  }).then(async (t) => {
+    if (!t.ok) {
+      const s = await t.text();
+      throw new Qe(t.status, t.statusText, s);
+    }
+    return t;
+  });
+}
+const Ze = "PKCE_code_verifier", Ce = "ROCP_auth_state";
+async function Wt(r, e) {
+  const t = jt(96);
+  return sessionStorage.setItem(Ze, t), Ft(t).then((s) => {
+    const o = new URLSearchParams({
+      response_type: "code",
+      client_id: r.clientId,
+      redirect_uri: r.redirectUri,
+      code_challenge: s,
+      code_challenge_method: "S256",
+      ...r.extraAuthParameters
+    });
+    r.scope !== void 0 && o.append("scope", r.scope), sessionStorage.removeItem(Ce);
+    const a = e ?? r.state;
+    a && (sessionStorage.setItem(Ce, a), o.append("state", a)), r?.preLogin && r.preLogin(), window.location.replace(`${r.authorizationEndpoint}?${o.toString()}`);
+  });
+}
+function Ht(r) {
+  return r.access_token !== void 0;
+}
+function et(r, e) {
+  return zt(r, e).then((t) => t.json().then((s) => {
+    if (Ht(s))
+      return s;
+    throw Error(s);
+  }));
+}
+const Gt = (r) => {
+  const t = new URLSearchParams(window.location.search).get("code"), s = window.sessionStorage.getItem(Ze);
+  if (!t)
+    throw Error(`Parâmetro 'código' não encontrado na URL. 
+A autenticação ocorreu?`);
+  if (!s)
+    throw Error(`Não é possível obter tokens sem o CodeVerifier. 
+A autenticação ocorreu?`);
+  const o = {
+    grant_type: "authorization_code",
+    code: t,
+    scope: r.scope,
+    client_id: r.clientId,
+    redirect_uri: r.redirectUri,
+    code_verifier: s,
+    ...r.extraTokenParameters,
+    ...r.extraAuthParams
+  };
+  return et(r.tokenEndpoint, o);
+}, Jt = (r) => {
+  const { config: e, refreshToken: t } = r, s = {
+    grant_type: "refresh_token",
+    refresh_token: t,
+    scope: e.scope,
+    client_id: e.clientId,
+    redirect_uri: e.redirectUri,
+    ...e.extraTokenParameters
+  };
+  return et(e.tokenEndpoint, s);
+};
+function Kt(r, e, t, s, o, a) {
+  const d = new URLSearchParams({
+    token: t || e,
+    token_type_hint: t ? "refresh_token" : "access_token",
+    client_id: r.clientId,
+    post_logout_redirect_uri: r.logoutRedirect ?? r.redirectUri,
+    ui_locales: window.navigator.languages.reduce((i, l) => i + " " + l),
+    ...r.extraLogoutParameters
+  });
+  s && d.append("id_token_hint", s), o && d.append("state", o), a && d.append("logout_hint", a), window.location.replace(`${r.logoutEndpoint}?${d.toString()}`);
+}
+function qt(r) {
+  const e = r.get("state"), t = sessionStorage.getItem(Ce);
+  if (e !== t)
+    throw new Error(
+      '"state" valor recebido do servidor de autenticação não corresponde à solicitação do cliente. Possível falsificação de solicitação entre sites'
+    );
+}
+function Z(r, e, t) {
+  const s = t === "session" ? sessionStorage : localStorage, [o, a] = m(() => {
+    const i = s.getItem(r);
+    try {
+      return i ? JSON.parse(i) : e;
+    } catch (l) {
+      return console.warn(
+        `Falha ao analisar o valor armazenado para '${r}'.
+Continuando com o valor padrão.
+Error: ${l.message}`
+      ), e;
+    }
+  }), d = (i) => {
+    if (i === void 0) {
+      a(i), s.removeItem(r);
+      return;
+    }
+    try {
+      const l = i instanceof Function ? i(o) : i;
+      a(l), s.setItem(r, JSON.stringify(l));
+    } catch {
+      console.log(`Falha ao armazenar valor '${i}' para chave '${r}'`);
+    }
+  };
+  return z(() => {
+    const i = (l) => {
+      l.storageArea === s && l.key === r && a(JSON.parse(l.newValue ?? ""));
+    };
+    return window.addEventListener("storage", i, !1), () => window.removeEventListener("storage", i, !1);
+  }), [o, d];
+}
+const kr = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
+  __proto__: null,
+  default: Z
+}, Symbol.toStringTag, { value: "Module" }));
+function fe(r) {
+  return ["", void 0, null].includes(r);
+}
+function Yt(r) {
+  const {
+    autoLogin: e = !0,
+    clearURL: t = !0,
+    decodeToken: s = !0,
+    scope: o = void 0,
+    preLogin: a = () => null,
+    postLogin: d = () => null,
+    onRefreshTokenExpire: i = void 0,
+    storage: l = "local"
+  } = r, w = {
+    ...r,
+    autoLogin: e,
+    clearURL: t,
+    decodeToken: s,
+    scope: o,
+    preLogin: a,
+    postLogin: d,
+    onRefreshTokenExpire: i,
+    storage: l
+  };
+  return Xt(w), w;
+}
+function Xt(r) {
+  if (fe(r?.clientId))
+    throw Error(
+      "'clientId' deve ser definido no objeto 'ArchbaseAuthConfig' passado para ArchbaseAuthProvider"
+    );
+  if (fe(r?.authorizationEndpoint))
+    throw Error(
+      "'authorizationEndpoint' deve ser definido no objeto 'ArchbaseAuthConfig' passado para ArchbaseAuthProvider"
+    );
+  if (fe(r?.tokenEndpoint))
+    throw Error(
+      "'tokenEndpoint' deve ser definido no objeto 'ArchbaseAuthConfig' passado para ArchbaseAuthProvider"
+    );
+  if (fe(r?.redirectUri))
+    throw Error(
+      "'redirectUri' deve ser definido no objeto 'ArchbaseAuthConfig' passado para ArchbaseAuthProvider"
+    );
+  if (!["session", "local"].includes(r.storage))
+    throw Error("'storage' deve ser um dos ('session', 'local')");
+  r?.extraAuthParams && console.warn(
+    "O parâmetro de configuração 'extraAuthParams' é obsoleto. Você deveria usar 'extraTokenParameters' em vez de 'extraAuthParams'."
+  ), r?.extraAuthParams && r?.extraTokenParameters && console.warn(
+    "Usar 'extraAuthParams' e 'extraTokenParameters' não é recomendado. Eles fazem a mesma coisa e você deve usar apenas 'extraTokenParameters'"
+  );
+}
+const oe = 600, se = (r) => Math.round(Date.now() / 1e3 + r);
+function We(r) {
+  return Math.round(Date.now()) / 1e3 + 30 >= r;
+}
+const Qt = [
+  "refresh_expires_in",
+  // KeyCloak
+  "refresh_token_expires_in"
+  // Azure AD
+];
+function Zt(r, e) {
+  for (const t of Qt)
+    if (t in e)
+      return e[t];
+  return e.refresh_token ? r + oe : r;
+}
+const me = (r) => {
+  try {
+    const t = r.split(".")[1].replace(/-/g, "+").replace(/_/g, "/"), s = decodeURIComponent(
+      atob(t).split("").map(function(o) {
+        return "%" + ("00" + o.charCodeAt(0).toString(16)).slice(-2);
+      }).join("")
+    );
+    return JSON.parse(s);
+  } catch (e) {
+    throw console.error(e), Error(
+      `Falha ao decodificar o token de acesso.
+	É um JSON Web Token adequado?
+	Você pode desativar a decodificação JWT definindo o valor 'decodeToken' como 'falso' na configuração.`
+    );
+  }
+}, er = De({
+  token: "",
+  login: () => null,
+  logOut: () => null,
+  error: null,
+  loginInProgress: !1
+}), Ir = ({ authConfig: r, children: e }) => {
+  const t = Ut(() => Yt(r), [r]), [s, o] = Z(
+    "ROCP_refreshToken",
+    void 0,
+    t.storage
+  ), [a, d] = Z(
+    "ROCP_refreshTokenExpire",
+    se(2 * oe),
+    t.storage
+  ), [i, l] = Z("ROCP_token", "", t.storage), [w, A] = Z(
+    "ROCP_tokenExpire",
+    se(oe),
+    t.storage
+  ), [p, P] = Z(
+    "ROCP_idToken",
+    void 0,
+    t.storage
+  ), [E, y] = Z(
+    "ROCP_loginInProgress",
+    !1,
+    t.storage
+  ), [S, _] = Z(
+    "ROCP_refreshInProgress",
+    !1,
+    t.storage
+  ), [C, B] = m(), [U, D] = m(), [f, k] = m(null);
+  let N;
+  function O() {
+    o(void 0), l(""), A(se(oe)), d(se(oe)), P(void 0), B(void 0), D(void 0), y(!1);
+  }
+  function q(h, n) {
+    O(), k(null), t?.logoutEndpoint && Kt(t, i, s, p, h, n);
+  }
+  function R(h) {
+    O(), y(!0);
+    let n = h;
+    h && typeof h != "string" && (console.warn(
+      `O estado de login aprovado deve ser do tipo 'string'. Recebido'${h}'. Ignorando o valor...`
+    ), n = void 0), Wt(t, n).catch((v) => {
+      console.error(v), k(v.message), y(!1);
+    });
+  }
+  function W(h) {
+    l(h.access_token), o(h.refresh_token);
+    const n = t.tokenExpiresIn ?? h.expires_in ?? oe;
+    A(se(n));
+    const v = t.refreshTokenExpiresIn ?? Zt(n, h);
+    d(se(v)), P(h.id_token);
+    try {
+      h.id_token && D(me(h.id_token));
+    } catch (c) {
+      console.warn(`Falha ao decodificar idToken: ${c.message}`);
+    }
+    try {
+      t.decodeToken && B(me(h.access_token));
+    } catch (c) {
+      console.warn(`Falha ao decodificar o token de acesso: ${c.message}`);
+    }
+  }
+  function Y(h = !1) {
+    return h || !t.onRefreshTokenExpire ? R() : t.onRefreshTokenExpire({ login: R });
+  }
+  function $(h = !1) {
+    if (i && We(w) && !(S && !h)) {
+      if (We(a))
+        return Y(h);
+      if (s) {
+        _(!0), Jt({ config: t, refreshToken: s }).then((n) => W(n)).catch((n) => {
+          if (n instanceof Qe) {
+            if (n.status === 400)
+              return Y(h);
+            console.error(n), k(n.message), h && R();
+          } else
+            n instanceof Error && (console.error(n), k(n.message), h && R());
+        }).finally(() => {
+          _(!1);
+        });
+        return;
+      }
+      console.warn(
+        "Falha ao atualizar access_token. Muito provavelmente não há refresh_token ou o servidor de autenticação não respondeu com um tempo de expiração explícito e os tempos de expiração padrão são maiores do que o tempo de expiração real dos tokens"
+      );
+    }
+  }
+  z(() => (N = setInterval(() => $(), 1e4), () => clearInterval(N)), [i, s, a, w]);
+  const X = Dt(!1);
+  return z(() => {
+    if (E) {
+      const h = new URLSearchParams(window.location.search);
+      if (!h.get("code")) {
+        const n = h.get("error_description") || "Estado de autorização inválido. Atualizar a página pode resolver o problema.";
+        console.error(n), k(n), q();
+        return;
+      }
+      if (!X.current) {
+        X.current = !0;
+        try {
+          qt(h);
+        } catch (n) {
+          console.error(n), k(n.message);
+        }
+        Gt(t).then((n) => {
+          W(n), t?.postLogin && t.postLogin();
+        }).catch((n) => {
+          console.error(n), k(n.message);
+        }).finally(() => {
+          t.clearURL && window.history.replaceState(null, "", window.location.pathname), y(!1);
+        });
+      }
+      return;
+    }
+    if (!i && t.autoLogin)
+      return R();
+    try {
+      p && D(me(p));
+    } catch (h) {
+      console.warn(`Falha ao decodificar idToken: ${h.message}`);
+    }
+    try {
+      t.decodeToken && B(me(i));
+    } catch (h) {
+      console.warn(`Falha ao decodificar o token de acesso: ${h.message}`);
+    }
+    $(!0);
+  }, []), /* @__PURE__ */ u(
+    er.Provider,
+    {
+      value: { token: i, tokenData: C, idToken: p, idTokenData: U, login: R, logOut: q, error: f, loginInProgress: E },
+      children: e
+    }
+  );
+};
+class tt {
+  resourceService;
+  resource;
+  actions;
+  permissions;
+  alreadyApplied;
+  error;
+  isAdmin;
+  constructor(e, t, s) {
+    this.resourceService = xt.getContainer().get(H.Resource), this.resource = { resourceName: e, resourceDescription: t }, this.alreadyApplied = !1, this.actions = [], this.permissions = [], this.error = "", this.isAdmin = s;
+  }
+  registerAction(e, t) {
+    !this.alreadyApplied && this.actions.findIndex((s) => s.actionName === e) < 0 && this.actions.push({ actionName: e, actionDescription: t });
+  }
+  async apply(e) {
+    this.alreadyApplied || (this.alreadyApplied = !0, this.resourceService.registerResource({ resource: this.resource, actions: this.actions }).then((t) => {
+      this.permissions = t.permissions, this.error = "", e && e();
+    }).catch((t) => {
+      this.alreadyApplied = !1, this.error = ee(t);
+    }));
+  }
+  hasPermission(e) {
+    return this.permissions.includes(e) || this.isAdmin;
+  }
+  isError() {
+    return !!this.error;
+  }
+  getError() {
+    return this.error;
+  }
+  /**
+   * Retorna todas as permissões atuais
+   */
+  getPermissions() {
+    return [...this.permissions];
+  }
+  /**
+   * Retorna o status de carregamento
+   */
+  isLoading() {
+    return !this.alreadyApplied;
+  }
+  /**
+   * Verifica múltiplas permissões
+   */
+  hasAnyPermission(e) {
+    return e.some((t) => this.hasPermission(t));
+  }
+  /**
+   * Verifica se tem todas as permissões
+   */
+  hasAllPermissions(e) {
+    return e.every((t) => this.hasPermission(t));
+  }
+  /**
+   * Retorna informações detalhadas sobre uma permissão
+   */
+  getPermissionInfo(e) {
+    const t = this.hasPermission(e);
+    return {
+      hasPermission: t,
+      isAdmin: this.isAdmin,
+      reason: t ? this.isAdmin ? "Usuário é administrador" : "Usuário tem permissão específica" : "Usuário não tem permissão"
+    };
+  }
+  /**
+   * Registra múltiplas ações de uma vez
+   */
+  registerActions(e) {
+    e.forEach(({ actionName: t, actionDescription: s }) => {
+      this.registerAction(t, s);
+    });
+  }
+  /**
+   * Retorna todas as ações registradas
+   */
+  getRegisteredActions() {
+    return [...this.actions];
+  }
+}
+class V {
+  static instance;
+  _currentTenant = new Fe(null);
+  _availableTenants = new Fe([]);
+  constructor() {
+    const e = localStorage.getItem("tenant_info");
+    if (e)
+      try {
+        this._currentTenant.next(JSON.parse(e));
+      } catch (t) {
+        console.error("Erro ao carregar tenant armazenado:", t);
+      }
+  }
+  static getInstance() {
+    return V.instance || (V.instance = new V()), V.instance;
+  }
+  get currentTenant$() {
+    return this._currentTenant.asObservable();
+  }
+  get currentTenant() {
+    return this._currentTenant.getValue();
+  }
+  get availableTenants$() {
+    return this._availableTenants.asObservable();
+  }
+  get availableTenants() {
+    return this._availableTenants.getValue();
+  }
+  setCurrentTenant(e) {
+    this._currentTenant.next(e), e ? (localStorage.setItem("tenant_id", e.id), localStorage.setItem("tenant_info", JSON.stringify(e))) : (localStorage.removeItem("tenant_id"), localStorage.removeItem("tenant_info"));
+  }
+  setAvailableTenants(e) {
+    this._availableTenants.next(e);
+  }
+  clear() {
+    this._currentTenant.next(null), this._availableTenants.next([]), localStorage.removeItem("tenant_id"), localStorage.removeItem("tenant_info");
+  }
+  // Helper para headers de API
+  getHeaders() {
+    const e = {}, t = this.currentTenant;
+    return t && (e["X-TENANT-ID"] = t.id), e;
+  }
+}
+function Pr() {
+  return V.getInstance();
+}
+var ae = /* @__PURE__ */ ((r) => (r.USER = "user", r.PROFILE = "profile", r.GROUP = "group", r))(ae || {}), tr = Object.defineProperty, b = (r, e, t, s) => {
+  for (var o = void 0, a = r.length - 1, d; a >= 0; a--)
+    (d = r[a]) && (o = d(e, t, o) || o);
+  return o && tr(e, t, o), o;
+}, rr = /* @__PURE__ */ ((r) => (r.VIEW = "VIEW", r.API = "API", r))(rr || {});
+const rt = class st {
+  id;
+  code;
+  version;
+  createEntityDate;
+  updateEntityDate;
+  createdByUser;
+  lastModifiedByUser;
+  description;
+  intervals;
+  constructor(e) {
+    this.id = e.id || "", this.code = e.code || "", this.version = e.version || 0, this.createEntityDate = e.createEntityDate || "", this.updateEntityDate = e.updateEntityDate || "", this.createdByUser = e.createdByUser || "", this.lastModifiedByUser = e.lastModifiedByUser || "", this.description = e.description || "", this.intervals = e.intervals ? e.intervals.map((t) => new sr(t)) : [];
+  }
+  static newInstance = () => new st({
+    id: J(),
+    intervals: []
+  });
+};
+b([
+  G({
+    message: "archbase:Informe a descrição do cronograma de acesso"
+  })
+], rt.prototype, "description");
+let ot = rt;
+const we = class nt {
+  id;
+  code;
+  version;
+  createEntityDate;
+  updateEntityDate;
+  createdByUser;
+  lastModifiedByUser;
+  accessSchedule;
+  dayOfWeek;
+  startTime;
+  endTime;
+  constructor(e) {
+    this.id = e.id || "", this.code = e.code || "", this.version = e.version || 0, this.createEntityDate = e.createEntityDate || (/* @__PURE__ */ new Date()).toISOString(), this.updateEntityDate = e.updateEntityDate || (/* @__PURE__ */ new Date()).toISOString(), this.createdByUser = e.createdByUser || "", this.lastModifiedByUser = e.lastModifiedByUser || "", this.accessSchedule = e.accessSchedule ? new ot(e.accessSchedule) : void 0, this.dayOfWeek = e.dayOfWeek || 0, this.startTime = e.startTime || "", this.endTime = e.endTime || "";
+  }
+  static newInstance = () => new nt({
+    id: J(),
+    dayOfWeek: (/* @__PURE__ */ new Date()).getDay(),
+    startTime: "08:00",
+    endTime: "17:00"
+  });
+};
+b([
+  te()
+], we.prototype, "accessSchedule");
+b([
+  G({
+    message: "archbase:Informe a hora de início"
+  })
+], we.prototype, "startTime");
+b([
+  G({
+    message: "archbase:Informe a hora de término"
+  })
+], we.prototype, "endTime");
+let sr = we;
+class le {
+  id;
+  code;
+  version;
+  createEntityDate;
+  updateEntityDate;
+  createdByUser;
+  lastModifiedByUser;
+  name;
+  description;
+  actions;
+  constructor(e) {
+    this.id = e.id || "", this.code = e.code || "", this.version = e.version || 0, this.createEntityDate = e.createEntityDate || "", this.updateEntityDate = e.updateEntityDate || "", this.createdByUser = e.createdByUser || "", this.lastModifiedByUser = e.lastModifiedByUser || "", this.name = e.name || "", this.description = e.description || "", this.actions = e.actions || [];
+  }
+}
+b([
+  G({
+    message: "archbase:Informe o nome"
+  })
+], le.prototype, "name");
+b([
+  G({
+    message: "archbase:Informe a descrição"
+  })
+], le.prototype, "description");
+b([
+  te()
+], le.prototype, "actions");
+const de = class it {
+  id;
+  code;
+  version;
+  createEntityDate;
+  updateEntityDate;
+  createdByUser;
+  lastModifiedByUser;
+  name;
+  description;
+  resource;
+  category;
+  active;
+  actionVersion;
+  isNewAction;
+  constructor(e) {
+    this.id = e.id || "", this.code = e.code || "", this.version = e.version || 0, this.createEntityDate = e.createEntityDate || (/* @__PURE__ */ new Date()).toISOString(), this.updateEntityDate = e.updateEntityDate || (/* @__PURE__ */ new Date()).toISOString(), this.createdByUser = e.createdByUser || "", this.lastModifiedByUser = e.lastModifiedByUser || "", this.name = e.name || "", this.description = e.description || "", this.resource = e.resource ? new ct(e.resource) : void 0, this.category = e.category || "", this.active = e.active || !1, this.actionVersion = e.actionVersion || "", this.isNewAction = e.isNewAction || !1;
+  }
+  static newInstance = () => new it({
+    id: J(),
+    active: !0,
+    isNewAction: !0
+  });
+};
+b([
+  G({
+    message: "archbase:Informe o nome para a ação"
+  })
+], de.prototype, "name");
+b([
+  G({
+    message: "archbase:Informe a descrição para a ação"
+  })
+], de.prototype, "description");
+b([
+  te()
+], de.prototype, "resource");
+b([
+  G({
+    message: "archbase:Informe a categoria para a ação"
+  })
+], de.prototype, "category");
+b([
+  K()
+], de.prototype, "active");
+let or = de;
+class ue extends le {
+  type;
+  isNewProfile;
+  constructor(e) {
+    super(e), this.type = ae.PROFILE, this.isNewProfile = e.isNewProfile || !1;
+  }
+  static newInstance = () => new ue({
+    id: J(),
+    isNewProfile: !0
+  });
+}
+class Re {
+  id;
+  code;
+  version;
+  createEntityDate;
+  updateEntityDate;
+  createdByUser;
+  lastModifiedByUser;
+  group;
+  constructor(e) {
+    this.id = e.id, this.code = e.code || "", this.version = e.version || 0, this.createEntityDate = e.createEntityDate || (/* @__PURE__ */ new Date()).toISOString(), this.updateEntityDate = e.updateEntityDate || (/* @__PURE__ */ new Date()).toISOString(), this.createdByUser = e.createdByUser || "", this.lastModifiedByUser = e.lastModifiedByUser || "", this.group = e.group ? new he(e.group) : void 0;
+  }
+  static newInstance = (e) => new Re({
+    id: J(),
+    group: e
+  });
+}
+class he extends le {
+  type;
+  isNewGroup;
+  constructor(e) {
+    super(e), this.type = ae.GROUP, this.isNewGroup = e.isNewGroup || !1;
+  }
+  static newInstance = () => new he({
+    id: J(),
+    isNewGroup: !0
+  });
+}
+const ve = class at {
+  id;
+  code;
+  version;
+  createEntityDate;
+  updateEntityDate;
+  createdByUser;
+  lastModifiedByUser;
+  name;
+  description;
+  actions;
+  active;
+  type;
+  isNewResource;
+  constructor(e) {
+    this.id = e.id || "", this.code = e.code || "", this.version = e.version || 0, this.createEntityDate = e.createEntityDate || "", this.updateEntityDate = e.updateEntityDate || "", this.createdByUser = e.createdByUser || "", this.lastModifiedByUser = e.lastModifiedByUser || "", this.name = e.name || "", this.description = e.description || "", this.actions = e.actions || [], this.active = e.active || !1, this.type = e.type || "VIEW", this.isNewResource = e.isNewResource || !1;
+  }
+  static newInstance = () => new at({
+    id: J(),
+    actions: [],
+    active: !0,
+    isNewResource: !0
+  });
+};
+b([
+  G({
+    message: "archbase:Informe o nome para o recurso"
+  })
+], ve.prototype, "name");
+b([
+  G({
+    message: "archbase:Informe a descrição para o recurso"
+  })
+], ve.prototype, "description");
+b([
+  K()
+], ve.prototype, "active");
+let ct = ve;
+const M = class lt extends le {
+  userName;
+  password;
+  changePasswordOnNextLogin;
+  allowPasswordChange;
+  allowMultipleLogins;
+  passwordNeverExpires;
+  accountDeactivated;
+  accountLocked;
+  unlimitedAccessHours;
+  isAdministrator;
+  accessSchedule;
+  groups;
+  profile;
+  avatar;
+  nickname;
+  email;
+  type;
+  isNewUser;
+  constructor(e) {
+    super(e), this.type = ae.USER, this.userName = e.userName || "", this.password = e.password || "", this.changePasswordOnNextLogin = e.changePasswordOnNextLogin || !1, this.allowPasswordChange = e.allowPasswordChange || !1, this.allowMultipleLogins = e.allowMultipleLogins || !1, this.passwordNeverExpires = e.passwordNeverExpires || !1, this.accountDeactivated = e.accountDeactivated || !1, this.accountLocked = e.accountLocked || !1, this.unlimitedAccessHours = e.unlimitedAccessHours || !1, this.isAdministrator = e.isAdministrator || !1, this.accessSchedule = e.accessSchedule ? new ot(e.accessSchedule) : void 0, this.groups = e.groups ? e.groups.map((t) => new Re(t)) : [], this.profile = e.profile ? new ue(e.profile) : void 0, this.email = e.email || "", this.avatar = e.avatar || void 0, this.isNewUser = e.isNewUser || !1, this.nickname = e.nickname;
+  }
+  static newInstance = () => new lt({
+    id: J(),
+    userName: "",
+    password: "",
+    groups: [],
+    avatar: null,
+    isAdministrator: !1,
+    allowPasswordChange: !0,
+    passwordNeverExpires: !0,
+    isNewUser: !0
+  });
+};
+b([
+  G({
+    message: "archbase:Informe o nome de usuário"
+  })
+], M.prototype, "userName");
+b([
+  K()
+], M.prototype, "changePasswordOnNextLogin");
+b([
+  K()
+], M.prototype, "allowPasswordChange");
+b([
+  K()
+], M.prototype, "allowMultipleLogins");
+b([
+  K()
+], M.prototype, "passwordNeverExpires");
+b([
+  K()
+], M.prototype, "accountDeactivated");
+b([
+  K()
+], M.prototype, "accountLocked");
+b([
+  K()
+], M.prototype, "unlimitedAccessHours");
+b([
+  K()
+], M.prototype, "isAdministrator");
+b([
+  te()
+], M.prototype, "accessSchedule");
+b([
+  te()
+], M.prototype, "groups");
+b([
+  te()
+], M.prototype, "profile");
+b([
+  St(
+    {},
+    {
+      message: "archbase:Informe um email válido"
+    }
+  )
+], M.prototype, "email");
+let be = M;
+const Ne = class Ue {
+  id;
+  code;
+  version;
+  createEntityDate;
+  updateEntityDate;
+  createdByUser;
+  lastModifiedByUser;
+  security;
+  action;
+  tenantId;
+  companyId;
+  projectId;
+  constructor(e) {
+    this.id = e.id || "", this.code = e.code || "", this.version = e.version || 0, this.createEntityDate = e.createEntityDate || "", this.updateEntityDate = e.updateEntityDate || "", this.createdByUser = e.createdByUser || "", this.lastModifiedByUser = e.lastModifiedByUser || "", this.security = e.security ? Ue.createDtoFromJson(e.security) : void 0, this.action = e.action ? new or(e.action) : void 0, this.tenantId = e.tenantId || "", this.companyId = e.companyId || "", this.projectId = e.projectId || "";
+  }
+  static createDtoFromJson(e) {
+    switch (e.type) {
+      case "profile":
+        return new ue(e);
+      case "group":
+        return new he(e);
+      case "user":
+        return new be(e);
+      default:
+        throw new Error("Unknown DTO type");
+    }
+  }
+  static newInstance = () => new Ue({
+    id: J(),
+    tenantId: "",
+    companyId: "",
+    projectId: ""
+  });
+};
+b([
+  te()
+], Ne.prototype, "security");
+b([
+  te()
+], Ne.prototype, "action");
+let Tr = Ne;
+class Me {
+  id;
+  code;
+  version;
+  createEntityDate;
+  updateEntityDate;
+  createdByUser;
+  lastModifiedByUser;
+  tenantId;
+  name;
+  description;
+  token;
+  user;
+  expirationDate;
+  revoked;
+  activated;
+  isNovoToken;
+  constructor(e) {
+    this.id = e.id || "", this.code = e.code || "", this.version = e.version || 0, this.createEntityDate = e.createEntityDate || "", this.updateEntityDate = e.updateEntityDate || "", this.createdByUser = e.createdByUser || "", this.lastModifiedByUser = e.lastModifiedByUser || "", this.tenantId = e.tenantId || "", this.user = e.user ? new be(e.user) : void 0, this.name = e.name || "", this.description = e.description || "", this.token = e.token || "", this.expirationDate = e.expirationDate, this.revoked = e.revoked, this.activated = e.activated || !1;
+  }
+  static newInstance = () => new Me({
+    id: J()
+  });
+}
+class Be {
+  id;
+  code;
+  version;
+  createEntityDate;
+  updateEntityDate;
+  createdByUser;
+  lastModifiedByUser;
+  token;
+  tokenType;
+  revoked;
+  expired;
+  expirationTime;
+  expirationDate;
+  user;
+  isNewAccessToken;
+  constructor(e) {
+    this.id = e.id || "", this.code = e.code || "", this.version = e.version || 0, this.createEntityDate = e.createEntityDate || (/* @__PURE__ */ new Date()).toISOString(), this.updateEntityDate = e.updateEntityDate || (/* @__PURE__ */ new Date()).toISOString(), this.createdByUser = e.createdByUser || "", this.lastModifiedByUser = e.lastModifiedByUser || "", this.token = e.token || "", this.tokenType = e.tokenType || void 0, this.user = e.user ? new be(e.user) : void 0, this.revoked = e.revoked || !1, this.expired = e.expired || !1, this.expirationTime = e.expirationTime || 0, this.expirationDate = e.expirationDate || "", this.isNewAccessToken = e.isNewAccessToken || !1;
+  }
+  static newInstance = () => new Be({
+    id: J(),
+    active: !0,
+    isNewAccessToken: !0
+  });
+}
+class dt extends ce {
+  constructor(e) {
+    super(e);
+  }
+  configureHeaders() {
+    return V.getInstance().getHeaders();
+  }
+  transform(e) {
+    return new be(e);
+  }
+  getEndpoint() {
+    return "/api/v1/user";
+  }
+  getId(e) {
+    return e.id;
+  }
+  isNewRecord(e) {
+    return e.isNewUser;
+  }
+  async getUserByEmail(e) {
+    const t = await this.client.get(
+      `${this.getEndpoint()}/byEmail/${e}`,
+      this.configureHeaders()
+    );
+    return this.transform(t);
+  }
+}
+I.decorate(I.inject(H.ApiClient), dt, 0);
+I.decorate(I.injectable(), dt);
+class ut extends ce {
+  constructor(e) {
+    super(e);
+  }
+  configureHeaders() {
+    return V.getInstance().getHeaders();
+  }
+  transform(e) {
+    return new he(e);
+  }
+  getEndpoint() {
+    return "/api/v1/group";
+  }
+  getId(e) {
+    return e.id;
+  }
+  isNewRecord(e) {
+    return e.isNewGroup;
+  }
+}
+I.decorate(I.inject(H.ApiClient), ut, 0);
+I.decorate(I.injectable(), ut);
+class ht extends ce {
+  constructor(e) {
+    super(e);
+  }
+  configureHeaders() {
+    return V.getInstance().getHeaders();
+  }
+  transform(e) {
+    return new ue(e);
+  }
+  getEndpoint() {
+    return "/api/v1/userProfile";
+  }
+  getId(e) {
+    return e.id;
+  }
+  isNewRecord(e) {
+    return e.isNewProfile;
+  }
+}
+I.decorate(I.inject(H.ApiClient), ht, 0);
+I.decorate(I.injectable(), ht);
+class pt extends ce {
+  constructor(e) {
+    super(e);
+  }
+  configureHeaders() {
+    return V.getInstance().getHeaders();
+  }
+  transform(e) {
+    return new Me(e);
+  }
+  getEndpoint() {
+    return "/api/v1/apiToken";
+  }
+  getId(e) {
+    return e.id;
+  }
+  isNewRecord(e) {
+    return e.isNovoToken;
+  }
+  async create(e, t, s, o) {
+    const a = await this.client.post(
+      `${this.getEndpoint()}/create?email=${e}&expirationDate=${t}&name=${s}&description=${o}`,
+      void 0,
+      this.configureHeaders()
+    );
+    return this.transform(a);
+  }
+  async revoke(e) {
+    await this.client.post(
+      `${this.getEndpoint()}/revoke?token=${e}`,
+      void 0,
+      this.configureHeaders()
+    );
+  }
+}
+I.decorate(I.inject(H.ApiClient), pt, 0);
+I.decorate(I.injectable(), pt);
+class ft extends ce {
+  constructor(e) {
+    super(e);
+  }
+  configureHeaders() {
+    return V.getInstance().getHeaders();
+  }
+  transform(e) {
+    return new Be(e);
+  }
+  getEndpoint() {
+    return "/api/v1/accessToken";
+  }
+  getId(e) {
+    return e.id;
+  }
+  isNewRecord(e) {
+    return e.isNewAccessToken;
+  }
+  async revoke(e) {
+    await this.client.post(
+      `${this.getEndpoint()}/revoke?token=${e}`,
+      void 0,
+      this.configureHeaders()
+    );
+  }
+}
+I.decorate(I.inject(H.ApiClient), ft, 0);
+I.decorate(I.injectable(), ft);
+class mt extends ce {
+  constructor(e) {
+    super(e);
+  }
+  configureHeaders() {
+    return V.getInstance().getHeaders();
+  }
+  transform(e) {
+    return new ct(e);
+  }
+  getEndpoint() {
+    return "/api/v1/resource";
+  }
+  getId(e) {
+    return e.id;
+  }
+  isNewRecord(e) {
+    return e.isNewResource;
+  }
+  getAllPermissionsAvailable() {
+    return this.client.get(
+      `${this.getEndpoint()}/permissions`,
+      this.configureHeaders()
+    );
+  }
+  getPermissionsBySecurityId(e, t) {
+    return this.client.get(
+      `${this.getEndpoint()}/permissions/security/${e}`,
+      this.configureHeaders(),
+      !1,
+      {
+        params: {
+          type: je(ae, t)
+        }
+      }
+    );
+  }
+  createPermission(e, t, s) {
+    return this.client.post(
+      `${this.getEndpoint()}/permissions`,
+      {
+        securityId: e,
+        actionId: t,
+        type: je(ae, s)
+      },
+      this.configureHeaders()
+    );
+  }
+  deletePermission(e) {
+    return this.client.delete(
+      `${this.getEndpoint()}/permissions/${e}`,
+      this.configureHeaders()
+    );
+  }
+  registerResource(e) {
+    return this.client.post(
+      `${this.getEndpoint()}/register`,
+      e,
+      this.configureHeaders()
+    );
+  }
+}
+I.decorate(I.inject(H.ApiClient), mt, 0);
+I.decorate(I.injectable(), mt);
+function Cr({
+  onLogin: r,
+  error: e,
+  onClickForgotPassword: t,
+  loginLabel: s = "Email",
+  loginPlaceholder: o,
+  afterInputs: a,
+  showMockUsersSelector: d = !1,
+  mockUsers: i = [],
+  mockUsersGroupMap: l,
+  options: w = {},
+  onChangeUsername: A,
+  disabledLogin: p = !1,
+  isCheckingUsername: P = !1,
+  showSignIn: E = !0
+}) {
+  const y = Ke(), {
+    username: S,
+    password: _,
+    rememberMe: C,
+    clearRememberMe: B
+  } = kt(), [U, D] = m(S), [f, k] = m(_), [N, O] = m(C), [q, R] = m(!1), [W, Y] = m(null);
+  z(() => {
+    R(!!e);
+  }, [e]), z(() => {
+    S !== U && (D(S), A?.(S)), _ !== f && k(_), C !== N && O(C);
+  }, [S, _, C]);
+  const $ = () => {
+    R(!1);
+  }, X = () => {
+    U && f && r(U, f, N).finally(() => R(!0));
+  }, h = () => {
+    if (!l)
+      return i.map((g) => ({
+        value: g.email,
+        label: g.email
+      }));
+    const c = i.reduce((g, T) => {
+      const j = l[T.type];
+      return j && (g[j] || (g[j] = []), g[j].push({
+        value: T.email,
+        label: T.email
+      })), g;
+    }, {});
+    return Object.entries(c).map(([g, T]) => ({
+      group: g,
+      items: T
+    }));
+  }, n = () => {
+    if (W) {
+      const c = i.find((g) => g.email === W);
+      c && (D(c.email), k(c.password), $());
+    }
+  }, v = {
+    withBorder: !0,
+    shadow: "md",
+    p: 30,
+    mt: 30,
+    radius: "md",
+    w: 400,
+    ...w.cardProps
+  };
+  return /* @__PURE__ */ L(
+    Je,
+    {
+      ...v,
+      pos: "relative",
+      ref: y,
+      children: [
+        E && /* @__PURE__ */ L(re, { children: [
+          /* @__PURE__ */ u(
+            ne,
+            {
+              c: "light-dark(var(--mantine-color-black), var(--mantine-color-white))",
+              fw: 800,
+              fz: { base: "20px", md: "35px" },
+              style: { textAlign: "center", letterSpacing: "-1px" },
+              mt: "xs",
+              children: x().t("archbase:signIn")
+            }
+          ),
+          /* @__PURE__ */ u(ge, { m: "md" })
+        ] }),
+        w?.customContentBefore,
+        d && /* @__PURE__ */ L(re, { children: [
+          /* @__PURE__ */ L(Ve, { gap: "sm", mb: "md", children: [
+            /* @__PURE__ */ u(
+              _t,
+              {
+                placeholder: "Selecione um usuário mock",
+                data: h(),
+                value: W,
+                onChange: Y,
+                searchable: !0,
+                clearable: !0,
+                style: { flexGrow: 1 }
+              }
+            ),
+            /* @__PURE__ */ u(Rt, { label: "Aplicar", children: /* @__PURE__ */ u(
+              ie,
+              {
+                variant: "light",
+                size: "sm",
+                onClick: n,
+                disabled: !W,
+                "aria-label": "Aplicar usuário mock selecionado",
+                children: /* @__PURE__ */ u(Lt, { size: 16 })
+              }
+            ) })
+          ] }),
+          /* @__PURE__ */ u(ge, { mb: "md" })
+        ] }),
+        /* @__PURE__ */ u(
+          Pe,
+          {
+            label: s,
+            placeholder: o ?? x().t("archbase:usuario@email.com"),
+            rightSection: P ? /* @__PURE__ */ u(Nt, { size: "xs" }) : null,
+            value: U || "",
+            required: !0,
+            onChange: (c) => {
+              D(c.currentTarget.value), A?.(c.currentTarget.value), $();
+            }
+          }
+        ),
+        /* @__PURE__ */ u(
+          Te,
+          {
+            label: x().t("archbase:Password"),
+            placeholder: x().t("archbase:Sua senha"),
+            onChange: (c) => {
+              k(c.currentTarget.value), $();
+            },
+            value: f || "",
+            required: !0,
+            mt: "md"
+          }
+        ),
+        /* @__PURE__ */ L(Ve, { justify: "space-between", mt: "md", children: [
+          /* @__PURE__ */ u(
+            Mt,
+            {
+              label: x().t("archbase:Lembre-me"),
+              checked: N,
+              onChange: (c) => {
+                const g = c.currentTarget.checked;
+                O(g), g || B();
+              }
+            }
+          ),
+          t && /* @__PURE__ */ u(
+            Bt,
+            {
+              component: "button",
+              c: "var(--mantine-text-color)",
+              fz: 14,
+              lh: "20px",
+              styles: { root: { cursor: "pointer" } },
+              onClick: t,
+              children: x().t("archbase:Esqueci minha senha")
+            }
+          )
+        ] }),
+        w?.afterInputs || a,
+        /* @__PURE__ */ u(
+          ie,
+          {
+            disabled: !f || !U || p,
+            fullWidth: !0,
+            mt: "xl",
+            onClick: X,
+            children: x().t("archbase:signIn")
+          }
+        ),
+        w?.customContentAfter,
+        q && e && /* @__PURE__ */ u(ne, { c: "red", mt: "sm", children: e })
+      ]
+    }
+  );
+}
+const nr = {
+  position: "relative",
+  width: "90%",
+  maxWidth: 400,
+  padding: 30,
+  marginTop: 30
+};
+function Ur({ error: r, onSendResetPasswordEmail: e, onResetPassword: t, onClickBackToLogin: s, validatePassword: o, validateToken: a, initialEmail: d = "", description: i, style: l }) {
+  const w = Ke(), A = It(), { colorScheme: p } = Ot(), [P, E] = m(r ?? ""), [y, S] = m(d), [_, C] = m(""), [B, U] = m(""), [D, f] = m(""), [k, N] = m(!1), [O, q] = m(""), [R, W] = m(""), [Y, $] = m(""), [X, h] = m("");
+  async function n(c) {
+    c && (Pt(c) ? await e(c).then(() => {
+      ze.showSuccess(`${x().t("archbase:Um e-mail com instruções para redefinir sua senha foi enviado. Verifique sua caixa de entrada.")}`), N(!0);
+    }).catch(() => {
+    }) : q(`${x().t("archbase:Email inválido")}`));
+  }
+  async function v(c, g, T, j) {
+    if (c && g && T) {
+      let Ae = "", Ee = "", $e = "";
+      a && (Ae = a(), $(Ae)), o && (Ee = o(), $(Ee)), T !== j && ($e = `${x().t("archbase:A nova senha e a confirmação devem ser iguais.")}`, h($e)), !Ee && !Ae && await t(c, g, T).then(() => {
+        ze.showSuccess(`${x().t("archbase:Senha redefinida com sucesso.")}`), s(), N(!1);
+      }).catch(() => {
+        E(r || `${x().t("archbase:Erro ao redefinir senha.")}`);
+      });
+    }
+  }
+  return z(() => {
+    r && E(r);
+  }, [r]), z(() => {
+    E("");
+  }, [y, _, B, D]), /* @__PURE__ */ L(
+    Je,
+    {
+      withBorder: !0,
+      shadow: "md",
+      radius: "md",
+      ref: w,
+      style: {
+        ...nr,
+        ...l
+      },
+      children: [
+        k ? /* @__PURE__ */ L(re, { children: [
+          /* @__PURE__ */ u(
+            ne,
+            {
+              c: "light-dark(var(--mantine-color-black), var(--mantine-color-white))",
+              fw: 800,
+              fz: { base: "20px", md: "35px" },
+              style: { textAlign: "center", letterSpacing: "-1px" },
+              mt: "xs",
+              children: x().t("archbase:Redefinir senha")
+            }
+          ),
+          /* @__PURE__ */ u(ge, { m: "xs" }),
+          /* @__PURE__ */ u(
+            Pe,
+            {
+              label: x().t("archbase:Código de segurança"),
+              placeholder: `${x().t("archbase:Código enviado no seu e-mail")}`,
+              value: _ || "",
+              required: !0,
+              onChange: (c) => {
+                C(c.currentTarget.value), W("");
+              },
+              error: R
+            }
+          ),
+          /* @__PURE__ */ u(
+            Te,
+            {
+              label: x().t("archbase:Nova senha"),
+              placeholder: x().t("archbase:Nova senha"),
+              onChange: (c) => {
+                U(c.currentTarget.value), $(""), h("");
+              },
+              value: B,
+              required: !0,
+              error: Y
+            }
+          ),
+          /* @__PURE__ */ u(
+            Te,
+            {
+              label: x().t("archbase:Confirmar senha"),
+              placeholder: x().t("archbase:Confirmar senha"),
+              onChange: (c) => {
+                f(c.currentTarget.value), h("");
+              },
+              value: D || "",
+              required: !0,
+              error: X
+            }
+          ),
+          /* @__PURE__ */ u(
+            ie,
+            {
+              disabled: !y || !_ || !B || !D,
+              mt: "md",
+              fullWidth: !0,
+              onClick: () => v(y, _, B, D),
+              children: `${x().t("archbase:Redefinir senha")}`
+            }
+          ),
+          /* @__PURE__ */ u(
+            ie,
+            {
+              mt: "6px",
+              fullWidth: !0,
+              color: p === "dark" ? A.colors.dark[4] : A.colors.gray[7],
+              onClick: () => {
+                O || N(!1);
+              },
+              children: `${x().t("archbase:Voltar")}`
+            }
+          )
+        ] }) : /* @__PURE__ */ L(re, { children: [
+          /* @__PURE__ */ u(
+            ne,
+            {
+              c: "light-dark(var(--mantine-color-black), var(--mantine-color-white))",
+              fw: 800,
+              fz: { base: "20px", md: "35px" },
+              style: { textAlign: "center", letterSpacing: "-1px" },
+              mt: "xs",
+              children: x().t("archbase:Redefinir senha")
+            }
+          ),
+          /* @__PURE__ */ u(ne, { c: "dimmed", fz: 14, style: { textAlign: "justify" }, children: i }),
+          /* @__PURE__ */ u(ge, { m: "md" }),
+          /* @__PURE__ */ u(
+            Pe,
+            {
+              label: "Email",
+              placeholder: `${x().t("archbase:usuario@email.com")}`,
+              value: y || "",
+              required: !0,
+              onChange: (c) => {
+                S(c.currentTarget.value), q("");
+              },
+              error: O
+            }
+          ),
+          /* @__PURE__ */ u(
+            ie,
+            {
+              disabled: !y,
+              mt: "md",
+              fullWidth: !0,
+              onClick: () => n(y),
+              children: `${x().t("archbase:Enviar")}`
+            }
+          ),
+          /* @__PURE__ */ u(
+            ie,
+            {
+              mt: "6px",
+              fullWidth: !0,
+              color: p === "dark" ? A.colors.dark[4] : A.colors.gray[7],
+              onClick: () => s && s(),
+              children: `${x().t("archbase:Voltar")}`
+            }
+          )
+        ] }),
+        P ? /* @__PURE__ */ u(ne, { c: "red", style: { textAlign: "justify" }, children: P }) : null
+      ]
+    }
+  );
+}
+const ir = () => Tt().user, gt = "archbaseSecurityManagerStore", ar = (r, e, t, s) => r && r.existsValue(e) ? r.getValue(e) : new tt(e, t, s), Dr = ({ resourceName: r, resourceDescription: e, enableSecurity: t = !0 }) => {
+  const s = Ge(gt), o = ir(), [a, d] = m({
+    securityManager: t && ar(s, r, e, o.isAdmin)
+  });
+  return z(() => {
+    t && s.setValue(r, a.securityManager);
+  }, [r]), { securityManager: a.securityManager };
+}, _r = ({
+  checkIntervalTokenHasExpired: r = 3e4,
+  // Verificar a 30 segundos
+  expirationThresholdOfToken: e = 300
+  // Antecipar em 5 minutos
+}) => {
+  const t = ye(
+    (n) => n.get(H.TokenManager)
+  ), s = ye(
+    (n) => n.get(H.Authenticator)
+  ), [o, a] = m(null), [d, i] = m(!1), [l, w] = m(!0), [A, p] = m(!1), [P, E] = m(!1), [y, S] = m(""), [_, C] = m(""), [B, U] = m(null), D = Ge(gt), f = {
+    hasContextualLogin: typeof s.loginWithContext == "function",
+    hasFlexibleLogin: typeof s.loginFlexible == "function",
+    hasSocialLogin: typeof s.loginSocial == "function",
+    hasRegistration: typeof s.register == "function",
+    hasContextSupport: typeof t.saveContext == "function"
+  };
+  z(() => {
+    const n = t.getUsername();
+    if (n && n != "" && C(n), f.hasContextSupport && t.getContext) {
+      const c = t.getContext();
+      if (c)
+        try {
+          const g = typeof c == "string" ? JSON.parse(c) : c;
+          U(g);
+        } catch (g) {
+          console.warn("Erro ao carregar contexto salvo:", g);
+        }
+    }
+    const v = t.getToken();
+    v && (p(!0), S(""), E(!1), a(v)), w(!1);
+  }, []);
+  const k = () => {
+    E(!1), S("");
+  }, N = (n) => {
+    i(!1), p(!1), t.clearToken(), n && t.clearUsernameAndPassword(), f.hasContextSupport && t.clearContext && t.clearContext(), C(""), U(null), S(""), E(!1), D.clearAllValues();
+  }, O = async (n, v, c) => {
+    try {
+      i(!0), p(!1);
+      const g = await s.login(n, v);
+      t.saveToken(g), c && t.saveUsernameAndPassword(n, v), t.saveUsername(n), C(n), a(g), i(!1), p(!0);
+    } catch (g) {
+      i(!1), p(!1), S(ee(g)), E(!0);
+    }
+  }, q = async (n, v = !1) => {
+    if (!f.hasContextualLogin || !s.loginWithContext)
+      throw new Error("Login contextual não suportado por esta implementação do ArchbaseAuthenticator");
+    try {
+      i(!0), p(!1);
+      const { context: c, user: g, ...T } = await s.loginWithContext(n), j = {
+        scope: "",
+        ext_expires_in: T.expires_in,
+        ...T
+      };
+      t.saveToken(j), v ? t.saveUsernameAndPassword(n.email, n.password) : t.clearUsernameAndPassword(), t.saveUsername(n.email), f.hasContextSupport && t.saveContext && c && (t.saveContext(JSON.stringify(c)), U(c)), C(n.email), a(j), i(!1), p(!0);
+    } catch (c) {
+      throw i(!1), p(!1), S(ee(c)), E(!0), c;
+    }
+  }, R = async (n, v = !1) => {
+    if (!f.hasFlexibleLogin || !s.loginFlexible)
+      throw new Error("Login flexível não suportado por esta implementação do ArchbaseAuthenticator");
+    try {
+      i(!0), p(!1);
+      const { context: c, user: g, ...T } = await s.loginFlexible(n), j = {
+        scope: "",
+        ext_expires_in: T.expires_in,
+        ...T
+      };
+      t.saveToken(j), v && t.saveUsernameAndPassword(n.identifier, n.password), t.saveUsername(g.email || n.identifier), f.hasContextSupport && t.saveContext && c && (t.saveContext(JSON.stringify(c)), U(c)), C(g.email || n.identifier), a(j), i(!1), p(!0);
+    } catch (c) {
+      throw i(!1), p(!1), S(ee(c)), E(!0), c;
+    }
+  }, W = async (n) => {
+    if (!f.hasSocialLogin || !s.loginSocial)
+      throw new Error("Login social não suportado por esta implementação do ArchbaseAuthenticator");
+    try {
+      i(!0), p(!1);
+      const { context: v, user: c, ...g } = await s.loginSocial(n), T = {
+        scope: "",
+        ext_expires_in: g.expires_in,
+        ...g
+      };
+      t.saveToken(T), t.saveUsername(c.email), f.hasContextSupport && t.saveContext && v && (t.saveContext(JSON.stringify(v)), U(v)), C(c.email), a(T), i(!1), p(!0);
+    } catch (v) {
+      throw i(!1), p(!1), S(ee(v)), E(!0), v;
+    }
+  }, Y = async (n) => {
+    if (!f.hasRegistration || !s.register)
+      throw new Error("Registro não suportado por esta implementação do ArchbaseAuthenticator");
+    try {
+      i(!0);
+      const v = await s.register(n);
+      return i(!1), v;
+    } catch (v) {
+      throw i(!1), S(ee(v)), E(!0), v;
+    }
+  }, $ = async () => s.getSupportedContexts ? await s.getSupportedContexts() : { supportedContexts: ["DEFAULT"], defaultContext: "DEFAULT" }, X = async (n) => s.validateContext ? await s.validateContext(n) : { context: n, supported: n === "DEFAULT" };
+  z(() => {
+    const n = setInterval(() => {
+      o && o.access_token && t.isTokenExpired(o, e) && h();
+    }, r);
+    return () => {
+      clearInterval(n);
+    };
+  }, [o]);
+  const h = async () => {
+    if (o)
+      try {
+        const n = await s.refreshToken(o?.refresh_token);
+        t.saveToken(n), a(n);
+      } catch (n) {
+        console.error("Erro ao renovar o token:", n), N();
+      }
+  };
+  return {
+    // Métodos básicos (compatibilidade)
+    login: O,
+    logout: N,
+    username: _,
+    isAuthenticated: A,
+    isAuthenticating: d,
+    isInitializing: l,
+    isError: P,
+    error: y,
+    clearError: k,
+    accessToken: o ? o.access_token : null,
+    // Métodos opcionais para autenticação avançada
+    loginWithContext: f.hasContextualLogin ? q : void 0,
+    loginFlexible: f.hasFlexibleLogin ? R : void 0,
+    loginSocial: f.hasSocialLogin ? W : void 0,
+    register: f.hasRegistration ? Y : void 0,
+    getSupportedContexts: $,
+    validateContext: X,
+    // Informações de contexto
+    context: B,
+    // Detecção de capacidades
+    capabilities: f
+  };
+}, Rr = () => {
+  const r = ye(
+    (s) => s.get(H.TokenManager)
+  ), [e, t] = m(null);
+  return z(() => {
+    const s = r.getToken();
+    s && t(s.access_token);
+  }, []), {
+    token: e
+  };
+}, Nr = () => {
+  const r = ye(
+    (l) => l.get(H.Authenticator)
+  ), [e, t] = m(!1), [s, o] = m("");
+  return {
+    sendResetPasswordEmail: async (l) => {
+      try {
+        return await r.sendResetPasswordEmail(l);
+      } catch (w) {
+        throw o(ee(w)), t(!0), w;
+      }
+    },
+    resetPassword: async (l, w, A) => {
+      try {
+        return await r.resetPassword(l, w, A);
+      } catch (p) {
+        throw o(ee(p)), t(!0), p;
+      }
+    },
+    isError: e,
+    error: s,
+    clearError: () => {
+      t(!1), o("");
+    }
+  };
+}, Oe = De(null), Mr = ({
+  children: r,
+  user: e,
+  onError: t
+}) => {
+  const [s, o] = m(!1), [a, d] = m(null), [i] = m([]), l = e?.isAdministrator || !1, w = pe((y) => l ? !0 : i.includes(y), [i, l]), A = pe((y) => l ? !0 : y.some((S) => i.includes(S)), [i, l]), p = pe((y) => l ? !0 : y.every((S) => i.includes(S)), [i, l]), P = pe((y) => {
+    d(y), y && t && t(y);
+  }, [t]), E = {
+    user: e,
+    isLoading: s,
+    hasGlobalPermission: w,
+    hasAnyGlobalPermission: A,
+    hasAllGlobalPermissions: p,
+    isAdmin: l,
+    error: a,
+    setError: P
+  };
+  return /* @__PURE__ */ u(Oe.Provider, { value: E, children: r });
+}, yt = De(null), cr = ({
+  children: r,
+  resourceName: e,
+  resourceDescription: t,
+  requiredPermissions: s = [],
+  fallbackComponent: o,
+  onSecurityReady: a,
+  onError: d
+}) => {
+  const i = _e(Oe);
+  if (!i)
+    throw new Error("ArchbaseViewSecurityProvider deve ser usado dentro de um ArchbaseSecurityProvider");
+  const { user: l, isAdmin: w } = i, [A, p] = m(null), [P, E] = m(!0), [y, S] = m(null);
+  if (He.useEffect(() => {
+    if (!l) {
+      E(!1);
+      return;
+    }
+    const f = new tt(e, t, w);
+    (async () => {
+      E(!0);
+      try {
+        await f.apply(() => {
+          p(f), E(!1), a && a(f);
+        });
+      } catch {
+        const O = f.getError() || "Erro ao carregar permissões";
+        S(O), E(!1), d && d(O);
+      }
+    })();
+  }, [e, t, l, w, a, d]), P)
+    return /* @__PURE__ */ u("div", { className: "archbase-security-loading", children: /* @__PURE__ */ u("div", { children: "Carregando permissões..." }) });
+  if (y)
+    return /* @__PURE__ */ u("div", { className: "archbase-security-error", children: /* @__PURE__ */ L("div", { children: [
+      "Erro ao carregar permissões: ",
+      y
+    ] }) });
+  if (!l)
+    return o || /* @__PURE__ */ u("div", { className: "archbase-security-no-user", children: /* @__PURE__ */ u("div", { children: "É necessário fazer login para acessar esta área" }) });
+  if (s.length > 0 && A && !s.every(
+    (k) => A.hasPermission(k)
+  ))
+    return o || /* @__PURE__ */ L("div", { className: "archbase-security-access-denied", children: [
+      /* @__PURE__ */ u("div", { children: "Você não possui permissão para acessar esta área" }),
+      /* @__PURE__ */ L("small", { children: [
+        "Permissões necessárias: ",
+        s.join(", ")
+      ] })
+    ] });
+  const D = {
+    securityManager: A,
+    hasPermission: (f) => A?.hasPermission(f) || !1,
+    hasAnyPermission: (f) => f.some((k) => A?.hasPermission(k) || !1),
+    hasAllPermissions: (f) => f.every((k) => A?.hasPermission(k) || !1),
+    registerAction: (f, k) => {
+      A?.registerAction(f, k);
+    },
+    isLoading: P,
+    error: y
+  };
+  return /* @__PURE__ */ u(yt.Provider, { value: D, children: r });
+}, lr = () => {
+  const r = _e(Oe);
+  if (!r)
+    throw new Error("useArchbaseSecurity deve ser usado dentro de um ArchbaseSecurityProvider");
+  return r;
+}, Le = () => {
+  const r = _e(yt);
+  if (!r)
+    throw new Error("useArchbaseViewSecurity deve ser usado dentro de um ArchbaseViewSecurityProvider");
+  return r;
+}, Br = (r, e) => {
+  const t = Le(), { hasPermission: s, hasAnyPermission: o, hasAllPermissions: a, registerAction: d, securityManager: i, isLoading: l, error: w } = t;
+  return He.useEffect(() => {
+    r && e && (d("create", `Criar ${e}`), d("edit", `Editar ${e}`), d("delete", `Deletar ${e}`), d("view", `Visualizar ${e}`), d("list", `Listar ${e}`));
+  }, [r, e, d]), {
+    hasPermission: s,
+    hasAnyPermission: o,
+    hasAllPermissions: a,
+    registerAction: d,
+    securityManager: i,
+    canCreate: s("create"),
+    canEdit: s("edit"),
+    canDelete: s("delete"),
+    canView: s("view"),
+    canList: s("list"),
+    isLoading: l,
+    error: w
+  };
+}, Or = () => {
+  const r = Le();
+  return {
+    check: r.hasPermission,
+    checkAny: r.hasAnyPermission,
+    checkAll: r.hasAllPermissions,
+    isAdmin: lr().isAdmin
+  };
+}, wt = ({
+  children: r,
+  actionName: e,
+  requiredPermissions: t = [],
+  requireAll: s = !0,
+  actionDescription: o,
+  fallback: a = null,
+  autoRegister: d = !0
+}) => {
+  const { hasPermission: i, hasAnyPermission: l, hasAllPermissions: w, registerAction: A } = Le();
+  z(() => {
+    d && e && o && A(e, o);
+  }, [e, o, d, A]);
+  let p = !1;
+  return e ? p = i(e) : t.length > 0 ? p = s ? w(t) : l(t) : p = !0, p ? /* @__PURE__ */ u(re, { children: r }) : /* @__PURE__ */ u(re, { children: a });
+}, Lr = ({
+  actionName: r,
+  actionDescription: e,
+  children: t,
+  onClick: s,
+  disabled: o = !1,
+  className: a = "",
+  style: d = {},
+  variant: i = "primary",
+  size: l = "medium",
+  type: w = "button"
+}) => {
+  const A = () => {
+    const P = "archbase-secure-btn", E = `archbase-secure-btn--${i}`, y = `archbase-secure-btn--${l}`;
+    return `${P} ${E} ${y} ${a}`.trim();
+  }, p = () => {
+    const P = {
+      small: { padding: "4px 8px", fontSize: "12px" },
+      medium: { padding: "8px 16px", fontSize: "14px" },
+      large: { padding: "12px 24px", fontSize: "16px" }
+    }, E = {
+      primary: { backgroundColor: "#007bff", color: "white" },
+      secondary: { backgroundColor: "#6c757d", color: "white" },
+      danger: { backgroundColor: "#dc3545", color: "white" },
+      success: { backgroundColor: "#28a745", color: "white" },
+      warning: { backgroundColor: "#ffc107", color: "#212529" }
+    };
+    return {
+      border: "none",
+      borderRadius: "4px",
+      cursor: o ? "not-allowed" : "pointer",
+      fontWeight: "500",
+      opacity: o ? 0.6 : 1,
+      ...P[l],
+      ...E[i],
+      ...d
+    };
+  };
+  return /* @__PURE__ */ u(
+    wt,
+    {
+      actionName: r,
+      actionDescription: e,
+      fallback: null,
+      children: /* @__PURE__ */ u(
+        "button",
+        {
+          type: w,
+          onClick: s,
+          disabled: o,
+          className: A(),
+          style: p(),
+          children: t
+        }
+      )
+    }
+  );
+}, $r = ({
+  children: r,
+  actionName: e,
+  actionDescription: t,
+  showLabel: s = !0,
+  label: o,
+  fallbackText: a = "Campo não disponível",
+  fallbackComponent: d
+}) => e ? /* @__PURE__ */ u(
+  wt,
+  {
+    actionName: e,
+    actionDescription: t,
+    fallback: d || /* @__PURE__ */ L("div", { className: "archbase-secure-field-fallback", style: {
+      padding: "8px",
+      color: "#666",
+      fontStyle: "italic",
+      backgroundColor: "#f8f9fa",
+      border: "1px dashed #dee2e6",
+      borderRadius: "4px"
+    }, children: [
+      s && o && /* @__PURE__ */ L("label", { style: { fontWeight: "bold" }, children: [
+        o,
+        ": "
+      ] }),
+      a
+    ] }),
+    children: r
+  }
+) : /* @__PURE__ */ u(re, { children: r });
+function jr(r, e) {
+  return function(s) {
+    const { resourceName: o, resourceDescription: a, requiredPermissions: d, fallbackComponent: i } = e;
+    return /* @__PURE__ */ u(
+      cr,
+      {
+        resourceName: o,
+        resourceDescription: a,
+        requiredPermissions: d,
+        fallbackComponent: i,
+        children: /* @__PURE__ */ u(r, { ...s })
+      }
+    );
+  };
+}
+export {
+  gt as ARCHBASE_SECURITY_MANAGER_STORE,
+  sr as AccessIntervalDto,
+  ot as AccessScheduleDto,
+  Be as AccessTokenDto,
+  or as ActionDto,
+  Me as ApiTokenDto,
+  ft as ArchbaseAccessTokenService,
+  pt as ArchbaseApiTokenService,
+  er as ArchbaseAuthContext,
+  Ir as ArchbaseAuthProvider,
+  ut as ArchbaseGroupService,
+  Cr as ArchbaseLogin,
+  ht as ArchbaseProfileService,
+  wt as ArchbaseProtectedComponent,
+  Ur as ArchbaseResetPassword,
+  mt as ArchbaseResourceService,
+  Lr as ArchbaseSecureActionButton,
+  $r as ArchbaseSecureFormField,
+  tt as ArchbaseSecurityManager,
+  Mr as ArchbaseSecurityProvider,
+  V as ArchbaseTenantManager,
+  qe as ArchbaseUser,
+  dt as ArchbaseUserService,
+  Ye as ArchbaseUsernameAndPassword,
+  Ye as ArchbaseUsernameAndPasswordImpl,
+  cr as ArchbaseViewSecurityProvider,
+  Ie as CONTEXT_STORAGE_KEY,
+  $t as DefaultArchbaseTokenManager,
+  Q as ENCRYPTION_KEY,
+  Qe as FetchError,
+  he as GroupDto,
+  Tr as PermissionDto,
+  ue as ProfileDto,
+  ct as ResourceDto,
+  le as SecurityDto,
+  ae as SecurityType,
+  xe as TOKEN_COOKIE_NAME,
+  rr as TipoRecurso,
+  ke as USER_NAME,
+  Se as USER_NAME_AND_PASSWORD,
+  be as UserDto,
+  Re as UserGroupDto,
+  Yt as createInternalConfig,
+  me as decodeJWT,
+  se as epochAtSecondsFromNow,
+  We as epochTimeIsPast,
+  Gt as fetchTokens,
+  Jt as fetchWithRefreshToken,
+  Ft as generateCodeChallenge,
+  jt as generateRandomString,
+  Xe as getRandomInteger,
+  Zt as getRefreshExpiresIn,
+  zt as postWithXForm,
+  Wt as redirectToLogin,
+  Kt as redirectToLogout,
+  _r as useArchbaseAuthenticationManager,
+  Rr as useArchbaseGetCurrentToken,
+  ir as useArchbaseGetLoggedUser,
+  Or as useArchbasePermissionCheck,
+  Nr as useArchbaseResetPassword,
+  Br as useArchbaseSecureForm,
+  lr as useArchbaseSecurity,
+  Dr as useArchbaseSecurityManager,
+  Pr as useArchbaseTenantManager,
+  Le as useArchbaseViewSecurity,
+  kr as useBrowserStorage,
+  Xt as validateConfig,
+  qt as validateState,
+  jr as withArchbaseSecurity
+};