@arikajs/auth 0.0.4 → 0.0.5

package/dist/src/Middleware/EnsureEmailIsVerified.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EnsureEmailIsVerified = void 0;
+/**
+ * Middleware that ensures the authenticated user has verified their email.
+ * Use as: .middleware(['verified'])
+ */
+class EnsureEmailIsVerified {
+    async handle(request, next, response) {
+        const user = request.auth ? await request.auth.user() : null;
+        if (!user) {
+            if (request.expectsJson && request.expectsJson()) {
+                return response.json({ message: 'Unauthenticated.' }, 401);
+            }
+            throw new Error('Unauthenticated.');
+        }
+        if (typeof user.hasVerifiedEmail === 'function' && !user.hasVerifiedEmail()) {
+            if (request.expectsJson && request.expectsJson()) {
+                return response.json({ message: 'Your email address is not verified.' }, 403);
+            }
+            throw new Error('Your email address is not verified.');
+        }
+        return next(request);
+    }
+}
+exports.EnsureEmailIsVerified = EnsureEmailIsVerified;
+//# sourceMappingURL=EnsureEmailIsVerified.js.map

package/dist/src/Middleware/EnsureEmailIsVerified.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EnsureEmailIsVerified.js","sourceRoot":"","sources":["../../../src/Middleware/EnsureEmailIsVerified.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,MAAa,qBAAqB;IACvB,KAAK,CAAC,MAAM,CAAC,OAAY,EAAE,IAAsC,EAAE,QAAc;QACpF,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAE7D,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;gBAC/C,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,GAAG,CAAC,CAAC;YAC/D,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxC,CAAC;QAED,IAAI,OAAO,IAAI,CAAC,gBAAgB,KAAK,UAAU,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,CAAC;YAC1E,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;gBAC/C,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,qCAAqC,EAAE,EAAE,GAAG,CAAC,CAAC;YAClF,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;CACJ;AApBD,sDAoBC"}

package/dist/src/Passwords/PasswordResetBroker.d.ts

@@ -0,0 +1,37 @@
+import { UserProvider } from '../Contracts/UserProvider';
+export interface TokenRepository {
+    create(user: any): Promise<string>;
+    exists(user: any, token: string): Promise<boolean>;
+    delete(user: any): Promise<void>;
+    deleteExpired(): Promise<void>;
+}
+/**
+ * In-memory token repository (production apps should use a database-backed one)
+ */
+export declare class InMemoryTokenRepository implements TokenRepository {
+    private tokens;
+    private expiryMinutes;
+    constructor(expiryMinutes?: number);
+    create(user: any): Promise<string>;
+    exists(user: any, token: string): Promise<boolean>;
+    delete(user: any): Promise<void>;
+    deleteExpired(): Promise<void>;
+}
+export declare class PasswordResetBroker {
+    private provider;
+    private tokens;
+    constructor(provider: UserProvider, tokens?: TokenRepository);
+    /**
+     * Send a password reset link to a user.
+     */
+    sendResetLink(credentials: Record<string, any>): Promise<string>;
+    /**
+     * Reset the password for the given token.
+     */
+    reset(credentials: Record<string, any>, callback: (user: any, password: string) => Promise<void>): Promise<string>;
+    /**
+     * Clean up expired tokens
+     */
+    deleteExpiredTokens(): Promise<void>;
+}
+//# sourceMappingURL=PasswordResetBroker.d.ts.map

package/dist/src/Passwords/PasswordResetBroker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PasswordResetBroker.d.ts","sourceRoot":"","sources":["../../../src/Passwords/PasswordResetBroker.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAGzD,MAAM,WAAW,eAAe;IAC5B,MAAM,CAAC,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,CAAC,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,qBAAa,uBAAwB,YAAW,eAAe;IAC3D,OAAO,CAAC,MAAM,CAA8D;IAC5E,OAAO,CAAC,aAAa,CAAS;gBAElB,aAAa,GAAE,MAAW;IAIzB,MAAM,CAAC,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAYlC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAmBlD,MAAM,CAAC,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAIhC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;CAU9C;AAED,qBAAa,mBAAmB;IAC5B,OAAO,CAAC,QAAQ,CAAe;IAC/B,OAAO,CAAC,MAAM,CAAkB;gBAEpB,QAAQ,EAAE,YAAY,EAAE,MAAM,CAAC,EAAE,eAAe;IAK5D;;OAEG;IACU,aAAa,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;IAe7E;;OAEG;IACU,KAAK,CACd,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAChC,QAAQ,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GACzD,OAAO,CAAC,MAAM,CAAC;IAgBlB;;OAEG;IACU,mBAAmB,IAAI,OAAO,CAAC,IAAI,CAAC;CAGpD"}

package/dist/src/Passwords/PasswordResetBroker.js

@@ -0,0 +1,128 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PasswordResetBroker = exports.InMemoryTokenRepository = void 0;
+const crypto = __importStar(require("crypto"));
+const PasswordBroker_1 = require("../Contracts/PasswordBroker");
+/**
+ * In-memory token repository (production apps should use a database-backed one)
+ */
+class InMemoryTokenRepository {
+    constructor(expiryMinutes = 60) {
+        this.tokens = new Map();
+        this.expiryMinutes = expiryMinutes;
+    }
+    async create(user) {
+        const rawToken = crypto.randomBytes(32).toString('hex');
+        const hashedToken = crypto.createHash('sha256').update(rawToken).digest('hex');
+        this.tokens.set(String(user.id), {
+            token: hashedToken,
+            createdAt: new Date(),
+        });
+        return rawToken; // Return un-hashed version to be sent via email
+    }
+    async exists(user, token) {
+        const record = this.tokens.get(String(user.id));
+        if (!record)
+            return false;
+        const hashedToken = crypto.createHash('sha256').update(token).digest('hex');
+        // Check expiry
+        const now = new Date();
+        const diffMs = now.getTime() - record.createdAt.getTime();
+        const diffMins = diffMs / (1000 * 60);
+        if (diffMins > this.expiryMinutes) {
+            this.tokens.delete(String(user.id));
+            return false;
+        }
+        return record.token === hashedToken;
+    }
+    async delete(user) {
+        this.tokens.delete(String(user.id));
+    }
+    async deleteExpired() {
+        const now = new Date();
+        for (const [key, record] of this.tokens.entries()) {
+            const diffMs = now.getTime() - record.createdAt.getTime();
+            const diffMins = diffMs / (1000 * 60);
+            if (diffMins > this.expiryMinutes) {
+                this.tokens.delete(key);
+            }
+        }
+    }
+}
+exports.InMemoryTokenRepository = InMemoryTokenRepository;
+class PasswordResetBroker {
+    constructor(provider, tokens) {
+        this.provider = provider;
+        this.tokens = tokens || new InMemoryTokenRepository(60);
+    }
+    /**
+     * Send a password reset link to a user.
+     */
+    async sendResetLink(credentials) {
+        const user = await this.provider.retrieveByCredentials(credentials);
+        if (!user) {
+            return PasswordBroker_1.PasswordResetStatus.INVALID_USER;
+        }
+        const token = await this.tokens.create(user);
+        if (typeof user.sendPasswordResetNotification === 'function') {
+            await user.sendPasswordResetNotification(token);
+        }
+        return PasswordBroker_1.PasswordResetStatus.RESET_LINK_SENT;
+    }
+    /**
+     * Reset the password for the given token.
+     */
+    async reset(credentials, callback) {
+        const user = await this.provider.retrieveByCredentials(credentials);
+        if (!user) {
+            return PasswordBroker_1.PasswordResetStatus.INVALID_USER;
+        }
+        if (!credentials.token || !(await this.tokens.exists(user, credentials.token))) {
+            return PasswordBroker_1.PasswordResetStatus.INVALID_TOKEN;
+        }
+        await callback(user, credentials.password);
+        await this.tokens.delete(user);
+        return PasswordBroker_1.PasswordResetStatus.PASSWORD_RESET;
+    }
+    /**
+     * Clean up expired tokens
+     */
+    async deleteExpiredTokens() {
+        await this.tokens.deleteExpired();
+    }
+}
+exports.PasswordResetBroker = PasswordResetBroker;
+//# sourceMappingURL=PasswordResetBroker.js.map

package/dist/src/Passwords/PasswordResetBroker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PasswordResetBroker.js","sourceRoot":"","sources":["../../../src/Passwords/PasswordResetBroker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,+CAAiC;AAGjC,gEAAkE;AASlE;;GAEG;AACH,MAAa,uBAAuB;IAIhC,YAAY,gBAAwB,EAAE;QAH9B,WAAM,GAAoD,IAAI,GAAG,EAAE,CAAC;QAIxE,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IACvC,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,IAAS;QACzB,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE/E,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;YAC7B,KAAK,EAAE,WAAW;YAClB,SAAS,EAAE,IAAI,IAAI,EAAE;SACxB,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC,CAAC,gDAAgD;IACrE,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,IAAS,EAAE,KAAa;QACxC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAE1B,MAAM,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE5E,eAAe;QACf,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;QAC1D,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC;QAEtC,IAAI,QAAQ,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YAChC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YACpC,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,OAAO,MAAM,CAAC,KAAK,KAAK,WAAW,CAAC;IACxC,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,IAAS;QACzB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IACxC,CAAC;IAEM,KAAK,CAAC,aAAa;QACtB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YAC1D,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC;YACtC,IAAI,QAAQ,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;gBAChC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC5B,CAAC;QACL,CAAC;IACL,CAAC;CACJ;AArDD,0DAqDC;AAED,MAAa,mBAAmB;IAI5B,YAAY,QAAsB,EAAE,MAAwB;QACxD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,IAAI,uBAAuB,CAAC,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,aAAa,CAAC,WAAgC;QACvD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,OAAO,oCAAmB,CAAC,YAAY,CAAC;QAC5C,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAE7C,IAAI,OAAO,IAAI,CAAC,6BAA6B,KAAK,UAAU,EAAE,CAAC;YAC3D,MAAM,IAAI,CAAC,6BAA6B,CAAC,KAAK,CAAC,CAAC;QACpD,CAAC;QAED,OAAO,oCAAmB,CAAC,eAAe,CAAC;IAC/C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,KAAK,CACd,WAAgC,EAChC,QAAwD;QAExD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,OAAO,oCAAmB,CAAC,YAAY,CAAC;QAC5C,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC7E,OAAO,oCAAmB,CAAC,aAAa,CAAC;QAC7C,CAAC;QAED,MAAM,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAE/B,OAAO,oCAAmB,CAAC,cAAc,CAAC;IAC9C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB;QAC5B,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;IACtC,CAAC;CACJ;AAvDD,kDAuDC"}

package/dist/src/Providers/EloquentUserProvider.d.ts

@@ -0,0 +1,30 @@
+import { UserProvider } from '../Contracts/UserProvider';
+export declare class EloquentUserProvider implements UserProvider {
+    private model;
+    constructor(model: any);
+    /**
+     * Retrieve a user by their unique identifier.
+     */
+    retrieveById(identifier: string | number): Promise<any | null>;
+    /**
+     * Retrieve a user by their unique identifier and "remember me" token.
+     */
+    retrieveByToken(identifier: string | number, token: string): Promise<any | null>;
+    /**
+     * Update the "remember me" token for the given user in storage.
+     */
+    updateRememberToken(user: any, token: string): Promise<void>;
+    /**
+     * Retrieve a user by the given credentials.
+     */
+    retrieveByCredentials(credentials: Record<string, any>): Promise<any | null>;
+    /**
+     * Validate a user against the given credentials.
+     */
+    validateCredentials(user: any, credentials: Record<string, any>): Promise<boolean>;
+    /**
+     * Rehash the user's password if required.
+     */
+    rehashPasswordIfRequired(user: any, credentials: Record<string, any>, force?: boolean): Promise<void>;
+}
+//# sourceMappingURL=EloquentUserProvider.d.ts.map

package/dist/src/Providers/EloquentUserProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"EloquentUserProvider.d.ts","sourceRoot":"","sources":["../../../src/Providers/EloquentUserProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAGzD,qBAAa,oBAAqB,YAAW,YAAY;IACzC,OAAO,CAAC,KAAK;gBAAL,KAAK,EAAE,GAAG;IAE9B;;OAEG;IACU,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;IAI3E;;OAEG;IACU,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;IAK7F;;OAEG;IACU,mBAAmB,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIzE;;OAEG;IACU,qBAAqB,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;IAkBzF;;OAEG;IACU,mBAAmB,CAAC,IAAI,EAAE,GAAG,EAAE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAK/F;;OAEG;IACU,wBAAwB,CAAC,IAAI,EAAE,GAAG,EAAE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,KAAK,GAAE,OAAe,GAAG,OAAO,CAAC,IAAI,CAAC;CAM5H"}

package/dist/src/Providers/EloquentUserProvider.js

@@ -0,0 +1,63 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EloquentUserProvider = void 0;
+const Hasher_1 = require("../Hasher");
+class EloquentUserProvider {
+    constructor(model) {
+        this.model = model;
+    }
+    /**
+     * Retrieve a user by their unique identifier.
+     */
+    async retrieveById(identifier) {
+        return await this.model.where('id', identifier).first();
+    }
+    /**
+     * Retrieve a user by their unique identifier and "remember me" token.
+     */
+    async retrieveByToken(identifier, token) {
+        // Implement remember token logic if needed
+        return null;
+    }
+    /**
+     * Update the "remember me" token for the given user in storage.
+     */
+    async updateRememberToken(user, token) {
+        // Implement remember token logic if needed
+    }
+    /**
+     * Retrieve a user by the given credentials.
+     */
+    async retrieveByCredentials(credentials) {
+        if (Object.keys(credentials).length === 0 ||
+            (Object.keys(credentials).length === 1 && 'password' in credentials)) {
+            return null;
+        }
+        let query = this.model;
+        for (const key in credentials) {
+            if (key === 'password') {
+                continue;
+            }
+            query = query.where(key, credentials[key]);
+        }
+        return await query.first();
+    }
+    /**
+     * Validate a user against the given credentials.
+     */
+    async validateCredentials(user, credentials) {
+        const plain = credentials.password;
+        return await Hasher_1.Hasher.check(plain, user.password);
+    }
+    /**
+     * Rehash the user's password if required.
+     */
+    async rehashPasswordIfRequired(user, credentials, force = false) {
+        if (Hasher_1.Hasher.needsRehash(user.password) || force) {
+            user.password = await Hasher_1.Hasher.make(credentials.password);
+            await user.save();
+        }
+    }
+}
+exports.EloquentUserProvider = EloquentUserProvider;
+//# sourceMappingURL=EloquentUserProvider.js.map

package/dist/src/Providers/EloquentUserProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EloquentUserProvider.js","sourceRoot":"","sources":["../../../src/Providers/EloquentUserProvider.ts"],"names":[],"mappings":";;;AACA,sCAAmC;AAEnC,MAAa,oBAAoB;IAC7B,YAAoB,KAAU;QAAV,UAAK,GAAL,KAAK,CAAK;IAAI,CAAC;IAEnC;;OAEG;IACI,KAAK,CAAC,YAAY,CAAC,UAA2B;QACjD,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,KAAK,EAAE,CAAC;IAC5D,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,eAAe,CAAC,UAA2B,EAAE,KAAa;QACnE,2CAA2C;QAC3C,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB,CAAC,IAAS,EAAE,KAAa;QACrD,2CAA2C;IAC/C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,qBAAqB,CAAC,WAAgC;QAC/D,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,KAAK,CAAC;YACrC,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,UAAU,IAAI,WAAW,CAAC,EAAE,CAAC;YACvE,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,IAAI,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QAEvB,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;YAC5B,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;gBACrB,SAAS;YACb,CAAC;YACD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/C,CAAC;QAED,OAAO,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;IAC/B,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB,CAAC,IAAS,EAAE,WAAgC;QACxE,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC;QACnC,OAAO,MAAM,eAAM,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,wBAAwB,CAAC,IAAS,EAAE,WAAgC,EAAE,QAAiB,KAAK;QACrG,IAAI,eAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,EAAE,CAAC;YAC7C,IAAI,CAAC,QAAQ,GAAG,MAAM,eAAM,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;YACxD,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;IACL,CAAC;CACJ;AA/DD,oDA+DC"}

package/dist/src/index.d.ts

@@ -0,0 +1,19 @@
+export * from './Guard';
+export * from './AuthManager';
+export * from './AuthContext';
+export * from './Hasher';
+export * from './Contracts/UserProvider';
+export * from './Contracts/EventDispatcher';
+export * from './Contracts/RateLimiter';
+export * from './Contracts/CanVerifyEmail';
+export * from './Contracts/CanResetPassword';
+export * from './Contracts/PasswordBroker';
+export * from './Guards/SessionGuard';
+export * from './Guards/TokenGuard';
+export * from './Guards/JwtGuard';
+export * from './Guards/BasicGuard';
+export * from './Passwords/PasswordResetBroker';
+export * from './Middleware/Authenticate';
+export * from './Middleware/EnsureEmailIsVerified';
+export * from './Providers/EloquentUserProvider';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,eAAe,CAAC;AAC9B,cAAc,eAAe,CAAC;AAC9B,cAAc,UAAU,CAAC;AACzB,cAAc,0BAA0B,CAAC;AACzC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,yBAAyB,CAAC;AACxC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,8BAA8B,CAAC;AAC7C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,uBAAuB,CAAC;AACtC,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,qBAAqB,CAAC;AACpC,cAAc,iCAAiC,CAAC;AAChD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,oCAAoC,CAAC;AACnD,cAAc,kCAAkC,CAAC"}

package/dist/src/index.js

@@ -0,0 +1,35 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./Guard"), exports);
+__exportStar(require("./AuthManager"), exports);
+__exportStar(require("./AuthContext"), exports);
+__exportStar(require("./Hasher"), exports);
+__exportStar(require("./Contracts/UserProvider"), exports);
+__exportStar(require("./Contracts/EventDispatcher"), exports);
+__exportStar(require("./Contracts/RateLimiter"), exports);
+__exportStar(require("./Contracts/CanVerifyEmail"), exports);
+__exportStar(require("./Contracts/CanResetPassword"), exports);
+__exportStar(require("./Contracts/PasswordBroker"), exports);
+__exportStar(require("./Guards/SessionGuard"), exports);
+__exportStar(require("./Guards/TokenGuard"), exports);
+__exportStar(require("./Guards/JwtGuard"), exports);
+__exportStar(require("./Guards/BasicGuard"), exports);
+__exportStar(require("./Passwords/PasswordResetBroker"), exports);
+__exportStar(require("./Middleware/Authenticate"), exports);
+__exportStar(require("./Middleware/EnsureEmailIsVerified"), exports);
+__exportStar(require("./Providers/EloquentUserProvider"), exports);
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAwB;AACxB,gDAA8B;AAC9B,gDAA8B;AAC9B,2CAAyB;AACzB,2DAAyC;AACzC,8DAA4C;AAC5C,0DAAwC;AACxC,6DAA2C;AAC3C,+DAA6C;AAC7C,6DAA2C;AAC3C,wDAAsC;AACtC,sDAAoC;AACpC,oDAAkC;AAClC,sDAAoC;AACpC,kEAAgD;AAChD,4DAA0C;AAC1C,qEAAmD;AACnD,mEAAiD"}

package/dist/tests/Auth.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=Auth.test.d.ts.map

package/dist/tests/Auth.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Auth.test.d.ts","sourceRoot":"","sources":["../../tests/Auth.test.ts"],"names":[],"mappings":""}

package/dist/tests/Auth.test.js

@@ -0,0 +1,177 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_test_1 = require("node:test");
+const assert = __importStar(require("node:assert"));
+const src_1 = require("../src/index");
+const SessionGuard_1 = require("../src/Guards/SessionGuard");
+class MockPoolProvider {
+    constructor() {
+        this.users = [
+            { id: 1, email: 'test@example.com', password: '$2a$10$...' }
+        ];
+    }
+    async retrieveById(id) {
+        return this.users.find(u => u.id === Number(id)) || null;
+    }
+    async retrieveByCredentials(credentials) {
+        if (credentials.email === 'test@example.com') {
+            return this.users[0];
+        }
+        return null;
+    }
+    validateCredentials(user, credentials) {
+        return credentials.password === 'secret';
+    }
+}
+(0, node_test_1.describe)('Arika Auth', () => {
+    let authManager;
+    let config;
+    (0, node_test_1.beforeEach)(() => {
+        config = {
+            default: 'web',
+            guards: {
+                web: { driver: 'session', provider: 'users' },
+                api: { driver: 'token', provider: 'users' }
+            }
+        };
+        authManager = new src_1.AuthManager(config);
+        authManager.registerProvider('users', new MockPoolProvider());
+    });
+    (0, node_test_1.it)('resolves session guard by default via context', async () => {
+        const request = { session: { get: () => null, put: () => { } } };
+        const ctx = authManager.createContext(request);
+        const guard = ctx.guard();
+        assert.ok(guard);
+        const isSessionGuard = guard instanceof SessionGuard_1.SessionGuard || guard.constructor.name === 'SessionGuard';
+        assert.ok(isSessionGuard);
+    });
+    (0, node_test_1.it)('proxies methods through context', async () => {
+        const session = {};
+        const request = {
+            session: {
+                get: (key) => session[key] || null,
+                put: (key, val) => { session[key] = val; },
+                forget: (key) => { delete session[key]; }
+            }
+        };
+        const ctx = authManager.createContext(request);
+        const success = await ctx.attempt({ email: 'test@example.com', password: 'secret' });
+        assert.strictEqual(success, true);
+        const user = await ctx.user();
+        assert.ok(user);
+        assert.strictEqual(user.id, 1);
+        const check = await ctx.check();
+        assert.strictEqual(check, true);
+        await ctx.logout();
+        const checkAfterLogout = await ctx.check();
+        assert.strictEqual(checkAfterLogout, false);
+    });
+    (0, node_test_1.it)('can validate credentials via context guard', async () => {
+        const request = { session: { get: () => null, put: () => { } } };
+        const ctx = authManager.createContext(request);
+        const guard = ctx.guard('web');
+        const success = await guard.validate({ email: 'test@example.com', password: 'secret' });
+        assert.strictEqual(success, true);
+        const fail = await guard.validate({ email: 'test@example.com', password: 'wrong' });
+        assert.strictEqual(fail, false);
+    });
+    (0, node_test_1.it)('hashes passwords securely', async () => {
+        const password = 'my-secret-password';
+        const hash = await src_1.Hasher.make(password);
+        assert.ok(hash.length > 0);
+        assert.notStrictEqual(password, hash);
+        const valid = await src_1.Hasher.check(password, hash);
+        assert.strictEqual(valid, true);
+        const invalid = await src_1.Hasher.check('wrong', hash);
+        assert.strictEqual(invalid, false);
+    });
+    (0, node_test_1.it)('request-scoped auth context isolation', async () => {
+        // Simulate two concurrent requests
+        const session1 = {};
+        const request1 = {
+            session: {
+                get: (key) => session1[key] || null,
+                put: (key, val) => { session1[key] = val; },
+                forget: (key) => { delete session1[key]; }
+            }
+        };
+        const session2 = {};
+        const request2 = {
+            session: {
+                get: (key) => session2[key] || null,
+                put: (key, val) => { session2[key] = val; },
+                forget: (key) => { delete session2[key]; }
+            }
+        };
+        const ctx1 = authManager.createContext(request1);
+        const ctx2 = authManager.createContext(request2);
+        // Log in user on ctx1 only
+        await ctx1.attempt({ email: 'test@example.com', password: 'secret' });
+        const user1 = await ctx1.user();
+        assert.ok(user1);
+        // ctx2 should NOT have a user
+        const user2 = await ctx2.user();
+        assert.strictEqual(user2, null);
+    });
+    (0, node_test_1.it)('middleware protects routes with AuthContext', async () => {
+        const { Authenticate } = require('../src/Middleware/Authenticate');
+        const middleware = new Authenticate(authManager);
+        const next = async () => 'success';
+        // Mock request with token
+        const request = {
+            headers: { authorization: 'Bearer token-123' },
+            user: null,
+            session: { get: () => null, put: () => { } }
+        };
+        // Override config to default to 'api' for this test
+        authManager.shouldUse('api');
+        // Hack: mock the provider to accept this token
+        const provider = authManager['providers'].get('users');
+        provider.retrieveByCredentials = async (creds) => {
+            if (creds.api_token === 'token-123')
+                return { id: 1 };
+            return null;
+        };
+        // Should pass
+        const result = await middleware.handle(request, next);
+        assert.strictEqual(result, 'success');
+        // req.auth should have been set
+        assert.ok(request.auth);
+        const user = await request.auth.user();
+        assert.strictEqual(user.id, 1);
+    });
+});
+//# sourceMappingURL=Auth.test.js.map

package/dist/tests/Auth.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Auth.test.js","sourceRoot":"","sources":["../../tests/Auth.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yCAAqD;AACrD,oDAAsC;AACtC,gCAAwE;AACxE,6DAA0D;AAE1D,MAAM,gBAAgB;IAAtB;QACY,UAAK,GAAG;YACZ,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,QAAQ,EAAE,YAAY,EAAE;SAC/D,CAAC;IAgBN,CAAC;IAdG,KAAK,CAAC,YAAY,CAAC,EAAmB;QAClC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,WAAgC;QACxD,IAAI,WAAW,CAAC,KAAK,KAAK,kBAAkB,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,mBAAmB,CAAC,IAAS,EAAE,WAAgC;QAC3D,OAAO,WAAW,CAAC,QAAQ,KAAK,QAAQ,CAAC;IAC7C,CAAC;CACJ;AAED,IAAA,oBAAQ,EAAC,YAAY,EAAE,GAAG,EAAE;IACxB,IAAI,WAAwB,CAAC;IAC7B,IAAI,MAAW,CAAC;IAEhB,IAAA,sBAAU,EAAC,GAAG,EAAE;QACZ,MAAM,GAAG;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE;gBACJ,GAAG,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE;gBAC7C,GAAG,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE;aAC9C;SACJ,CAAC;QACF,WAAW,GAAG,IAAI,iBAAW,CAAC,MAAM,CAAC,CAAC;QACtC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,IAAI,gBAAgB,EAAE,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,OAAO,GAAG,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC;QACjE,MAAM,GAAG,GAAG,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,EAAE,CAAC;QAC1B,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;QACjB,MAAM,cAAc,GAAG,KAAK,YAAY,2BAAY,IAAI,KAAK,CAAC,WAAW,CAAC,IAAI,KAAK,cAAc,CAAC;QAClG,MAAM,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC7C,MAAM,OAAO,GAAwB,EAAE,CAAC;QACxC,MAAM,OAAO,GAAG;YACZ,OAAO,EAAE;gBACL,GAAG,EAAE,CAAC,GAAW,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI;gBAC1C,GAAG,EAAE,CAAC,GAAW,EAAE,GAAQ,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;gBACvD,MAAM,EAAE,CAAC,GAAW,EAAE,EAAE,GAAG,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;aACpD;SACJ,CAAC;QACF,MAAM,GAAG,GAAG,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAE/C,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;QACrF,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAElC,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QAChB,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QAE/B,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,KAAK,EAAE,CAAC;QAChC,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAEhC,MAAM,GAAG,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,gBAAgB,GAAG,MAAM,GAAG,CAAC,KAAK,EAAE,CAAC;QAC3C,MAAM,CAAC,WAAW,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;QACxD,MAAM,OAAO,GAAG,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC;QACjE,MAAM,GAAG,GAAG,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;QACxF,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAElC,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QACpF,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;QACvC,MAAM,QAAQ,GAAG,oBAAoB,CAAC;QACtC,MAAM,IAAI,GAAG,MAAM,YAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEzC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,CAAC,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAEtC,MAAM,KAAK,GAAG,MAAM,YAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QACjD,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAEhC,MAAM,OAAO,GAAG,MAAM,YAAM,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAClD,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACnD,mCAAmC;QACnC,MAAM,QAAQ,GAAwB,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG;YACb,OAAO,EAAE;gBACL,GAAG,EAAE,CAAC,GAAW,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI;gBAC3C,GAAG,EAAE,CAAC,GAAW,EAAE,GAAQ,EAAE,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;gBACxD,MAAM,EAAE,CAAC,GAAW,EAAE,EAAE,GAAG,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;aACrD;SACJ,CAAC;QAEF,MAAM,QAAQ,GAAwB,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG;YACb,OAAO,EAAE;gBACL,GAAG,EAAE,CAAC,GAAW,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI;gBAC3C,GAAG,EAAE,CAAC,GAAW,EAAE,GAAQ,EAAE,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;gBACxD,MAAM,EAAE,CAAC,GAAW,EAAE,EAAE,GAAG,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;aACrD;SACJ,CAAC;QAEF,MAAM,IAAI,GAAG,WAAW,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACjD,MAAM,IAAI,GAAG,WAAW,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAEjD,2BAA2B;QAC3B,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;QAEtE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAChC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;QAEjB,8BAA8B;QAC9B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAChC,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QACzD,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,gCAAgC,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,IAAI,YAAY,CAAC,WAAW,CAAC,CAAC;QAEjD,MAAM,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC,SAAS,CAAC;QAEnC,0BAA0B;QAC1B,MAAM,OAAO,GAAG;YACZ,OAAO,EAAE,EAAE,aAAa,EAAE,kBAAkB,EAAE;YAC9C,IAAI,EAAE,IAAI;YACV,OAAO,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE;SAC/C,CAAC;QAEF,oDAAoD;QACpD,WAAW,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAE7B,+CAA+C;QAC/C,MAAM,QAAQ,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,OAAO,CAAqB,CAAC;QAC3E,QAAQ,CAAC,qBAAqB,GAAG,KAAK,EAAE,KAAK,EAAE,EAAE;YAC7C,IAAI,KAAK,CAAC,SAAS,KAAK,WAAW;gBAAE,OAAO,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;YACtD,OAAO,IAAI,CAAC;QAChB,CAAC,CAAC;QAEF,cAAc;QACd,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACtD,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAEtC,gCAAgC;QAChC,MAAM,CAAC,EAAE,CAAE,OAAe,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,MAAO,OAAe,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAChD,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}