@atria/server 0.0.10 → 0.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +26 -10
- package/dist/auth/cookies.d.ts +11 -0
- package/dist/auth/cookies.js +38 -0
- package/dist/auth/cookies.js.map +1 -0
- package/dist/auth/hash.d.ts +2 -0
- package/dist/auth/hash.js +36 -0
- package/dist/auth/hash.js.map +1 -0
- package/dist/auth/oauth.d.ts +5 -0
- package/dist/auth/oauth.js +215 -0
- package/dist/auth/oauth.js.map +1 -0
- package/dist/auth/runtime.d.ts +28 -0
- package/dist/auth/runtime.js +539 -0
- package/dist/auth/runtime.js.map +1 -0
- package/dist/auth/store.d.ts +43 -0
- package/dist/auth/store.js +68 -0
- package/dist/auth/store.js.map +1 -0
- package/dist/auth/types.d.ts +40 -0
- package/dist/auth/types.js +2 -0
- package/dist/auth/types.js.map +1 -0
- package/dist/auth/validation.d.ts +21 -0
- package/dist/auth/validation.js +97 -0
- package/dist/auth/validation.js.map +1 -0
- package/dist/dev/admin/assets.d.ts +2 -0
- package/dist/dev/admin/assets.js +30 -0
- package/dist/dev/admin/assets.js.map +1 -0
- package/dist/dev/admin/i18n.d.ts +2 -0
- package/dist/dev/admin/i18n.js +63 -0
- package/dist/dev/admin/i18n.js.map +1 -0
- package/dist/dev/admin/index.d.ts +3 -0
- package/dist/dev/admin/index.js +4 -0
- package/dist/dev/admin/index.js.map +1 -0
- package/dist/dev/admin/request.d.ts +14 -0
- package/dist/dev/admin/request.js +77 -0
- package/dist/dev/admin/request.js.map +1 -0
- package/dist/dev/admin/routing.d.ts +5 -0
- package/dist/dev/admin/routing.js +31 -0
- package/dist/dev/admin/routing.js.map +1 -0
- package/dist/dev/admin-assets.d.ts +2 -0
- package/dist/dev/admin-assets.js +30 -0
- package/dist/dev/admin-assets.js.map +1 -0
- package/dist/dev/admin.d.ts +2 -0
- package/dist/dev/admin.js +30 -0
- package/dist/dev/admin.js.map +1 -0
- package/dist/dev/constants.d.ts +12 -0
- package/dist/dev/constants.js +23 -0
- package/dist/dev/constants.js.map +1 -0
- package/dist/dev/health/index.d.ts +2 -0
- package/dist/dev/health/index.js +3 -0
- package/dist/dev/health/index.js.map +1 -0
- package/dist/dev/health/request.d.ts +14 -0
- package/dist/dev/health/request.js +22 -0
- package/dist/dev/health/request.js.map +1 -0
- package/dist/dev/health/state.d.ts +9 -0
- package/dist/dev/health/state.js +52 -0
- package/dist/dev/health/state.js.map +1 -0
- package/dist/dev/health.d.ts +9 -0
- package/dist/dev/health.js +52 -0
- package/dist/dev/health.js.map +1 -0
- package/dist/dev/http/errors.d.ts +3 -0
- package/dist/dev/http/errors.js +10 -0
- package/dist/dev/http/errors.js.map +1 -0
- package/dist/dev/http/routing.d.ts +3 -0
- package/dist/dev/http/routing.js +26 -0
- package/dist/dev/http/routing.js.map +1 -0
- package/dist/dev/i18n.d.ts +2 -0
- package/dist/dev/i18n.js +63 -0
- package/dist/dev/i18n.js.map +1 -0
- package/dist/dev/lifecycle.d.ts +2 -0
- package/dist/dev/lifecycle.js +10 -0
- package/dist/dev/lifecycle.js.map +1 -0
- package/dist/dev/public/index.d.ts +1 -0
- package/dist/dev/public/index.js +2 -0
- package/dist/dev/public/index.js.map +1 -0
- package/dist/dev/public/request.d.ts +9 -0
- package/dist/dev/public/request.js +29 -0
- package/dist/dev/public/request.js.map +1 -0
- package/dist/dev/public/responses.d.ts +3 -0
- package/dist/dev/public/responses.js +25 -0
- package/dist/dev/public/responses.js.map +1 -0
- package/dist/dev/public/routing.d.ts +1 -0
- package/dist/dev/public/routing.js +5 -0
- package/dist/dev/public/routing.js.map +1 -0
- package/dist/dev/responses.d.ts +2 -0
- package/dist/dev/responses.js +3 -0
- package/dist/dev/responses.js.map +1 -0
- package/dist/dev/routing.d.ts +3 -0
- package/dist/dev/routing.js +4 -0
- package/dist/dev/routing.js.map +1 -0
- package/dist/dev/setup/index.d.ts +2 -0
- package/dist/dev/setup/index.js +2 -0
- package/dist/dev/setup/index.js.map +1 -0
- package/dist/dev/setup/request.d.ts +5 -0
- package/dist/dev/setup/request.js +20 -0
- package/dist/dev/setup/request.js.map +1 -0
- package/dist/dev/setup/types.d.ts +5 -0
- package/dist/dev/setup/types.js +2 -0
- package/dist/dev/setup/types.js.map +1 -0
- package/dist/dev/static/files.d.ts +6 -0
- package/dist/dev/static/files.js +74 -0
- package/dist/dev/static/files.js.map +1 -0
- package/dist/dev/static/index.d.ts +4 -0
- package/dist/dev/static/index.js +5 -0
- package/dist/dev/static/index.js.map +1 -0
- package/dist/dev/static/paths.d.ts +1 -0
- package/dist/dev/static/paths.js +6 -0
- package/dist/dev/static/paths.js.map +1 -0
- package/dist/dev/static/publish.d.ts +1 -0
- package/dist/dev/static/publish.js +13 -0
- package/dist/dev/static/publish.js.map +1 -0
- package/dist/dev/static/resolver.d.ts +2 -0
- package/dist/dev/static/resolver.js +53 -0
- package/dist/dev/static/resolver.js.map +1 -0
- package/dist/dev/static/sender.d.ts +2 -0
- package/dist/dev/static/sender.js +26 -0
- package/dist/dev/static/sender.js.map +1 -0
- package/dist/dev/static-files.d.ts +6 -0
- package/dist/dev/static-files.js +74 -0
- package/dist/dev/static-files.js.map +1 -0
- package/dist/dev/types.d.ts +10 -0
- package/dist/dev/types.js +2 -0
- package/dist/dev/types.js.map +1 -0
- package/dist/server.js +74 -191
- package/dist/server.js.map +1 -1
- package/package.json +4 -2
|
@@ -0,0 +1,539 @@
|
|
|
1
|
+
import { randomBytes } from "node:crypto";
|
|
2
|
+
import { DEFAULT_AUTH_BROKER_ORIGIN } from "@atria/shared";
|
|
3
|
+
import { parseCookies, serializeCookie } from "./cookies.js";
|
|
4
|
+
import { hashSecret, verifySecret } from "./hash.js";
|
|
5
|
+
import { buildOAuthAuthorizationUrl, createOAuthStateId, getOAuthProfileFromCode, listConfiguredOAuthProviders } from "./oauth.js";
|
|
6
|
+
import { createDbAuthStore } from "./store.js";
|
|
7
|
+
import { validateLoginCredentials, validateRegisterCredentials } from "./validation.js";
|
|
8
|
+
const SESSION_COOKIE_NAME = "atria_session";
|
|
9
|
+
const SESSION_MAX_AGE_SECONDS = 60 * 60 * 24 * 30;
|
|
10
|
+
const OAUTH_STATE_MAX_AGE_MS = 10 * 60 * 1000;
|
|
11
|
+
const SESSION_PRUNE_INTERVAL_MS = 60 * 1000;
|
|
12
|
+
const isOAuthProviderId = (value) => value === "google" || value === "github";
|
|
13
|
+
const parseProviderFromPath = (pathname, prefix) => {
|
|
14
|
+
if (!pathname.startsWith(prefix)) {
|
|
15
|
+
return null;
|
|
16
|
+
}
|
|
17
|
+
const provider = pathname.slice(prefix.length).replace(/^\/+/, "").split("/")[0] ?? "";
|
|
18
|
+
return isOAuthProviderId(provider) ? provider : null;
|
|
19
|
+
};
|
|
20
|
+
const writeJson = (response, statusCode, payload) => {
|
|
21
|
+
response.writeHead(statusCode, { "content-type": "application/json; charset=utf-8" });
|
|
22
|
+
response.end(JSON.stringify(payload));
|
|
23
|
+
};
|
|
24
|
+
const writeRedirect = (response, location, cookieHeader) => {
|
|
25
|
+
response.writeHead(302, cookieHeader ? { location, "set-cookie": cookieHeader } : { location });
|
|
26
|
+
response.end();
|
|
27
|
+
};
|
|
28
|
+
const makeSessionId = () => randomBytes(32).toString("hex");
|
|
29
|
+
const nowMs = () => Date.now();
|
|
30
|
+
const getOrigin = (port) => process.env.ATRIA_AUTH_ORIGIN?.trim() || `http://studio.localhost:${port}`;
|
|
31
|
+
const getProviderCallbackUrl = (provider, port) => `${getOrigin(port)}/api/auth/callback/${provider}`;
|
|
32
|
+
const getBrokerOrigin = () => {
|
|
33
|
+
const configured = process.env.ATRIA_AUTH_BROKER_ORIGIN?.trim();
|
|
34
|
+
if (configured) {
|
|
35
|
+
const lowered = configured.toLowerCase();
|
|
36
|
+
if (lowered === "off" || lowered === "local" || lowered === "false") {
|
|
37
|
+
return null;
|
|
38
|
+
}
|
|
39
|
+
return configured;
|
|
40
|
+
}
|
|
41
|
+
return DEFAULT_AUTH_BROKER_ORIGIN;
|
|
42
|
+
};
|
|
43
|
+
const readRequestSessionId = (request) => {
|
|
44
|
+
const cookies = parseCookies(request.headers);
|
|
45
|
+
return cookies[SESSION_COOKIE_NAME] ?? null;
|
|
46
|
+
};
|
|
47
|
+
const clearSessionCookie = () => serializeCookie(SESSION_COOKIE_NAME, "", {
|
|
48
|
+
httpOnly: true,
|
|
49
|
+
sameSite: "Lax",
|
|
50
|
+
maxAge: 0
|
|
51
|
+
});
|
|
52
|
+
const createSessionCookie = (sessionId) => serializeCookie(SESSION_COOKIE_NAME, sessionId, {
|
|
53
|
+
httpOnly: true,
|
|
54
|
+
sameSite: "Lax",
|
|
55
|
+
maxAge: SESSION_MAX_AGE_SECONDS
|
|
56
|
+
});
|
|
57
|
+
const createSessionResult = async (store, request, pruneExpiredSessions) => {
|
|
58
|
+
const sessionId = readRequestSessionId(request);
|
|
59
|
+
if (!sessionId) {
|
|
60
|
+
return { authenticated: false, user: null };
|
|
61
|
+
}
|
|
62
|
+
await pruneExpiredSessions();
|
|
63
|
+
const session = await store.getSessionById(sessionId);
|
|
64
|
+
if (!session) {
|
|
65
|
+
return { authenticated: false, user: null };
|
|
66
|
+
}
|
|
67
|
+
if (Date.parse(session.expiresAt) <= nowMs()) {
|
|
68
|
+
await store.deleteSessionById(session.id);
|
|
69
|
+
return { authenticated: false, user: null };
|
|
70
|
+
}
|
|
71
|
+
const user = await store.getUserById(session.userId);
|
|
72
|
+
if (!user) {
|
|
73
|
+
await store.deleteSessionById(session.id);
|
|
74
|
+
return { authenticated: false, user: null };
|
|
75
|
+
}
|
|
76
|
+
return {
|
|
77
|
+
authenticated: true,
|
|
78
|
+
user: {
|
|
79
|
+
id: user.id,
|
|
80
|
+
email: user.email,
|
|
81
|
+
name: user.name,
|
|
82
|
+
avatarUrl: user.avatarUrl
|
|
83
|
+
}
|
|
84
|
+
};
|
|
85
|
+
};
|
|
86
|
+
const parseJsonBody = async (request) => new Promise((resolve, reject) => {
|
|
87
|
+
let body = "";
|
|
88
|
+
request.on("data", (chunk) => {
|
|
89
|
+
body += chunk.toString();
|
|
90
|
+
if (body.length > 1_000_000) {
|
|
91
|
+
reject(new Error("Request body is too large."));
|
|
92
|
+
}
|
|
93
|
+
});
|
|
94
|
+
request.on("end", () => {
|
|
95
|
+
if (!body) {
|
|
96
|
+
resolve({});
|
|
97
|
+
return;
|
|
98
|
+
}
|
|
99
|
+
try {
|
|
100
|
+
resolve(JSON.parse(body));
|
|
101
|
+
}
|
|
102
|
+
catch {
|
|
103
|
+
reject(new Error("Invalid JSON body."));
|
|
104
|
+
}
|
|
105
|
+
});
|
|
106
|
+
request.on("error", reject);
|
|
107
|
+
});
|
|
108
|
+
const toBrokerProviders = (payload) => {
|
|
109
|
+
if (typeof payload !== "object" || payload === null || !("providers" in payload)) {
|
|
110
|
+
return [];
|
|
111
|
+
}
|
|
112
|
+
const providers = payload.providers;
|
|
113
|
+
if (!Array.isArray(providers)) {
|
|
114
|
+
return [];
|
|
115
|
+
}
|
|
116
|
+
return providers.filter((entry) => typeof entry === "string" ? isOAuthProviderId(entry) : false);
|
|
117
|
+
};
|
|
118
|
+
const listBrokerProviders = async (brokerOrigin) => {
|
|
119
|
+
try {
|
|
120
|
+
const response = await fetch(`${brokerOrigin}/oauth/providers`, {
|
|
121
|
+
headers: {
|
|
122
|
+
accept: "application/json"
|
|
123
|
+
}
|
|
124
|
+
});
|
|
125
|
+
if (!response.ok) {
|
|
126
|
+
return [];
|
|
127
|
+
}
|
|
128
|
+
const payload = (await response.json());
|
|
129
|
+
return toBrokerProviders(payload);
|
|
130
|
+
}
|
|
131
|
+
catch {
|
|
132
|
+
return [];
|
|
133
|
+
}
|
|
134
|
+
};
|
|
135
|
+
const parseBrokerExchangePayload = (payload) => {
|
|
136
|
+
if (typeof payload !== "object" || payload === null) {
|
|
137
|
+
return null;
|
|
138
|
+
}
|
|
139
|
+
const typedPayload = payload;
|
|
140
|
+
if (typedPayload.ok !== true) {
|
|
141
|
+
return null;
|
|
142
|
+
}
|
|
143
|
+
if (typeof typedPayload.provider !== "string" || !isOAuthProviderId(typedPayload.provider)) {
|
|
144
|
+
return null;
|
|
145
|
+
}
|
|
146
|
+
const user = typedPayload.user;
|
|
147
|
+
if (!user || typeof user.providerUserId !== "string" || user.providerUserId.length === 0) {
|
|
148
|
+
return null;
|
|
149
|
+
}
|
|
150
|
+
return {
|
|
151
|
+
provider: typedPayload.provider,
|
|
152
|
+
user: {
|
|
153
|
+
providerUserId: user.providerUserId,
|
|
154
|
+
email: typeof user.email === "string" ? user.email : null,
|
|
155
|
+
name: typeof user.name === "string" ? user.name : null,
|
|
156
|
+
avatarUrl: typeof user.avatarUrl === "string" ? user.avatarUrl : null,
|
|
157
|
+
emailVerified: user.emailVerified === true
|
|
158
|
+
}
|
|
159
|
+
};
|
|
160
|
+
};
|
|
161
|
+
const exchangeBrokerCode = async (brokerOrigin, code) => {
|
|
162
|
+
const exchangeUrl = new URL("/oauth/exchange", brokerOrigin);
|
|
163
|
+
exchangeUrl.searchParams.set("code", code);
|
|
164
|
+
const response = await fetch(exchangeUrl.toString(), {
|
|
165
|
+
method: "GET",
|
|
166
|
+
headers: {
|
|
167
|
+
accept: "application/json"
|
|
168
|
+
}
|
|
169
|
+
});
|
|
170
|
+
const payload = (await response.json().catch(() => null));
|
|
171
|
+
const parsed = parseBrokerExchangePayload(payload);
|
|
172
|
+
if (!response.ok || !parsed) {
|
|
173
|
+
throw new Error("Broker code exchange failed.");
|
|
174
|
+
}
|
|
175
|
+
return {
|
|
176
|
+
provider: parsed.provider,
|
|
177
|
+
providerUserId: parsed.user.providerUserId,
|
|
178
|
+
email: parsed.user.email,
|
|
179
|
+
name: parsed.user.name,
|
|
180
|
+
avatarUrl: parsed.user.avatarUrl,
|
|
181
|
+
emailVerified: parsed.user.emailVerified
|
|
182
|
+
};
|
|
183
|
+
};
|
|
184
|
+
export const createAuthRuntime = (options) => {
|
|
185
|
+
const store = createDbAuthStore(options.projectRoot);
|
|
186
|
+
const oauthStates = new Map();
|
|
187
|
+
let lastExpiredSessionCleanupAt = 0;
|
|
188
|
+
const pruneExpiredSessionsIfNeeded = async () => {
|
|
189
|
+
const now = nowMs();
|
|
190
|
+
if (now - lastExpiredSessionCleanupAt < SESSION_PRUNE_INTERVAL_MS) {
|
|
191
|
+
return;
|
|
192
|
+
}
|
|
193
|
+
lastExpiredSessionCleanupAt = now;
|
|
194
|
+
await store.deleteExpiredSessions(new Date(now).toISOString());
|
|
195
|
+
};
|
|
196
|
+
const issueSession = async (userId) => {
|
|
197
|
+
await pruneExpiredSessionsIfNeeded();
|
|
198
|
+
const sessionId = makeSessionId();
|
|
199
|
+
const createdAt = new Date().toISOString();
|
|
200
|
+
const expiresAt = new Date(nowMs() + SESSION_MAX_AGE_SECONDS * 1000).toISOString();
|
|
201
|
+
await store.createSession({
|
|
202
|
+
id: sessionId,
|
|
203
|
+
userId,
|
|
204
|
+
createdAt,
|
|
205
|
+
expiresAt
|
|
206
|
+
});
|
|
207
|
+
return sessionId;
|
|
208
|
+
};
|
|
209
|
+
const consumeState = (stateId) => {
|
|
210
|
+
const existingState = oauthStates.get(stateId);
|
|
211
|
+
if (!existingState) {
|
|
212
|
+
return null;
|
|
213
|
+
}
|
|
214
|
+
oauthStates.delete(stateId);
|
|
215
|
+
if (Date.parse(existingState.expiresAt) <= nowMs()) {
|
|
216
|
+
return null;
|
|
217
|
+
}
|
|
218
|
+
return existingState;
|
|
219
|
+
};
|
|
220
|
+
const handleStart = async (provider, response, requestUrl) => {
|
|
221
|
+
const brokerOrigin = getBrokerOrigin();
|
|
222
|
+
if (brokerOrigin) {
|
|
223
|
+
const nextPath = requestUrl.searchParams.get("next");
|
|
224
|
+
const redirectPath = nextPath && nextPath.startsWith("/") ? nextPath : "/";
|
|
225
|
+
const mode = requestUrl.searchParams.get("mode");
|
|
226
|
+
const returnPath = mode === "login" ? "/login" : mode === "create" ? "/create" : "/setup";
|
|
227
|
+
const returnTo = new URL(returnPath, getOrigin(options.port));
|
|
228
|
+
returnTo.searchParams.set("provider", provider);
|
|
229
|
+
if (redirectPath !== "/") {
|
|
230
|
+
returnTo.searchParams.set("next", redirectPath);
|
|
231
|
+
}
|
|
232
|
+
const brokerStartUrl = new URL(`/oauth/start/${provider}`, brokerOrigin);
|
|
233
|
+
brokerStartUrl.searchParams.set("return_to", returnTo.toString());
|
|
234
|
+
writeRedirect(response, brokerStartUrl.toString());
|
|
235
|
+
return;
|
|
236
|
+
}
|
|
237
|
+
const configuredProviders = listConfiguredOAuthProviders();
|
|
238
|
+
if (!configuredProviders.includes(provider)) {
|
|
239
|
+
writeJson(response, 400, {
|
|
240
|
+
ok: false,
|
|
241
|
+
error: `OAuth provider "${provider}" is not configured.`
|
|
242
|
+
});
|
|
243
|
+
return;
|
|
244
|
+
}
|
|
245
|
+
const stateId = createOAuthStateId();
|
|
246
|
+
const createdAt = new Date().toISOString();
|
|
247
|
+
const expiresAt = new Date(nowMs() + OAUTH_STATE_MAX_AGE_MS).toISOString();
|
|
248
|
+
const nextPath = requestUrl.searchParams.get("next");
|
|
249
|
+
const redirectPath = nextPath && nextPath.startsWith("/") ? nextPath : "/";
|
|
250
|
+
oauthStates.set(stateId, {
|
|
251
|
+
id: stateId,
|
|
252
|
+
provider,
|
|
253
|
+
createdAt,
|
|
254
|
+
expiresAt,
|
|
255
|
+
redirectPath
|
|
256
|
+
});
|
|
257
|
+
const callbackUrl = getProviderCallbackUrl(provider, options.port);
|
|
258
|
+
const authorizationUrl = buildOAuthAuthorizationUrl(provider, callbackUrl, stateId);
|
|
259
|
+
writeRedirect(response, authorizationUrl);
|
|
260
|
+
};
|
|
261
|
+
const handleCallback = async (provider, response, requestUrl) => {
|
|
262
|
+
const code = requestUrl.searchParams.get("code");
|
|
263
|
+
const stateId = requestUrl.searchParams.get("state");
|
|
264
|
+
if (!code || !stateId) {
|
|
265
|
+
writeJson(response, 400, {
|
|
266
|
+
ok: false,
|
|
267
|
+
error: "Missing OAuth callback parameters."
|
|
268
|
+
});
|
|
269
|
+
return;
|
|
270
|
+
}
|
|
271
|
+
const state = consumeState(stateId);
|
|
272
|
+
if (!state || state.provider !== provider) {
|
|
273
|
+
writeJson(response, 400, {
|
|
274
|
+
ok: false,
|
|
275
|
+
error: "Invalid or expired OAuth state."
|
|
276
|
+
});
|
|
277
|
+
return;
|
|
278
|
+
}
|
|
279
|
+
try {
|
|
280
|
+
const callbackUrl = getProviderCallbackUrl(provider, options.port);
|
|
281
|
+
const profile = await getOAuthProfileFromCode(provider, code, callbackUrl);
|
|
282
|
+
const user = await store.upsertOAuthProfile(profile);
|
|
283
|
+
await store.clearPreferredAuthMethod();
|
|
284
|
+
const sessionId = await issueSession(user.id);
|
|
285
|
+
writeRedirect(response, state.redirectPath || "/", createSessionCookie(sessionId));
|
|
286
|
+
}
|
|
287
|
+
catch (error) {
|
|
288
|
+
writeJson(response, 500, {
|
|
289
|
+
ok: false,
|
|
290
|
+
error: error instanceof Error ? error.message : "OAuth callback failed."
|
|
291
|
+
});
|
|
292
|
+
}
|
|
293
|
+
};
|
|
294
|
+
const handleBrokerExchange = async (request, response, requestUrl) => {
|
|
295
|
+
const brokerOrigin = getBrokerOrigin();
|
|
296
|
+
if (!brokerOrigin) {
|
|
297
|
+
writeJson(response, 400, {
|
|
298
|
+
ok: false,
|
|
299
|
+
error: "OAuth broker is disabled."
|
|
300
|
+
});
|
|
301
|
+
return;
|
|
302
|
+
}
|
|
303
|
+
let code = requestUrl.searchParams.get("code");
|
|
304
|
+
if (!code && request.method === "POST") {
|
|
305
|
+
const payload = await parseJsonBody(request);
|
|
306
|
+
const bodyCode = payload.code;
|
|
307
|
+
code = typeof bodyCode === "string" ? bodyCode : null;
|
|
308
|
+
}
|
|
309
|
+
if (!code) {
|
|
310
|
+
writeJson(response, 400, {
|
|
311
|
+
ok: false,
|
|
312
|
+
error: "Missing broker code."
|
|
313
|
+
});
|
|
314
|
+
return;
|
|
315
|
+
}
|
|
316
|
+
try {
|
|
317
|
+
const profile = await exchangeBrokerCode(brokerOrigin, code);
|
|
318
|
+
const user = await store.upsertOAuthProfile(profile);
|
|
319
|
+
await store.clearPreferredAuthMethod();
|
|
320
|
+
const sessionId = await issueSession(user.id);
|
|
321
|
+
response.writeHead(200, {
|
|
322
|
+
"content-type": "application/json; charset=utf-8",
|
|
323
|
+
"set-cookie": createSessionCookie(sessionId)
|
|
324
|
+
});
|
|
325
|
+
response.end(JSON.stringify({
|
|
326
|
+
ok: true,
|
|
327
|
+
authenticated: true,
|
|
328
|
+
user: {
|
|
329
|
+
id: user.id,
|
|
330
|
+
email: user.email,
|
|
331
|
+
name: user.name,
|
|
332
|
+
avatarUrl: user.avatarUrl
|
|
333
|
+
}
|
|
334
|
+
}));
|
|
335
|
+
}
|
|
336
|
+
catch (error) {
|
|
337
|
+
writeJson(response, 500, {
|
|
338
|
+
ok: false,
|
|
339
|
+
error: error instanceof Error ? error.message : "Broker exchange failed."
|
|
340
|
+
});
|
|
341
|
+
}
|
|
342
|
+
};
|
|
343
|
+
const parseRequestPayload = async (request, response) => {
|
|
344
|
+
try {
|
|
345
|
+
return await parseJsonBody(request);
|
|
346
|
+
}
|
|
347
|
+
catch (error) {
|
|
348
|
+
writeJson(response, 400, {
|
|
349
|
+
ok: false,
|
|
350
|
+
error: error instanceof Error ? error.message : "Invalid JSON body."
|
|
351
|
+
});
|
|
352
|
+
return null;
|
|
353
|
+
}
|
|
354
|
+
};
|
|
355
|
+
const respondAuthenticated = async (response, user) => {
|
|
356
|
+
const sessionId = await issueSession(user.id);
|
|
357
|
+
response.writeHead(200, {
|
|
358
|
+
"content-type": "application/json; charset=utf-8",
|
|
359
|
+
"set-cookie": createSessionCookie(sessionId)
|
|
360
|
+
});
|
|
361
|
+
response.end(JSON.stringify({
|
|
362
|
+
ok: true,
|
|
363
|
+
authenticated: true,
|
|
364
|
+
user
|
|
365
|
+
}));
|
|
366
|
+
};
|
|
367
|
+
const handleEmailRegister = async (request, response) => {
|
|
368
|
+
const payload = await parseRequestPayload(request, response);
|
|
369
|
+
if (!payload) {
|
|
370
|
+
return;
|
|
371
|
+
}
|
|
372
|
+
const validation = validateRegisterCredentials(payload);
|
|
373
|
+
if (!validation.ok) {
|
|
374
|
+
writeJson(response, 400, {
|
|
375
|
+
ok: false,
|
|
376
|
+
error: validation.error
|
|
377
|
+
});
|
|
378
|
+
return;
|
|
379
|
+
}
|
|
380
|
+
try {
|
|
381
|
+
const passwordHash = await hashSecret(validation.value.password);
|
|
382
|
+
const registration = await store.registerOwnerWithPassword({
|
|
383
|
+
email: validation.value.email,
|
|
384
|
+
passwordHash,
|
|
385
|
+
name: validation.value.name
|
|
386
|
+
});
|
|
387
|
+
if (!registration.ok) {
|
|
388
|
+
const errorMessage = registration.reason === "owner_exists"
|
|
389
|
+
? "Owner account already exists."
|
|
390
|
+
: "Email is already in use.";
|
|
391
|
+
writeJson(response, 409, {
|
|
392
|
+
ok: false,
|
|
393
|
+
error: errorMessage,
|
|
394
|
+
reason: registration.reason
|
|
395
|
+
});
|
|
396
|
+
return;
|
|
397
|
+
}
|
|
398
|
+
await store.clearPreferredAuthMethod();
|
|
399
|
+
await respondAuthenticated(response, {
|
|
400
|
+
id: registration.user.id,
|
|
401
|
+
email: registration.user.email,
|
|
402
|
+
name: registration.user.name,
|
|
403
|
+
avatarUrl: registration.user.avatarUrl
|
|
404
|
+
});
|
|
405
|
+
}
|
|
406
|
+
catch (error) {
|
|
407
|
+
writeJson(response, 500, {
|
|
408
|
+
ok: false,
|
|
409
|
+
error: error instanceof Error ? error.message : "Could not create owner account."
|
|
410
|
+
});
|
|
411
|
+
}
|
|
412
|
+
};
|
|
413
|
+
const handleEmailLogin = async (request, response) => {
|
|
414
|
+
const payload = await parseRequestPayload(request, response);
|
|
415
|
+
if (!payload) {
|
|
416
|
+
return;
|
|
417
|
+
}
|
|
418
|
+
const validation = validateLoginCredentials(payload);
|
|
419
|
+
if (!validation.ok) {
|
|
420
|
+
writeJson(response, 400, {
|
|
421
|
+
ok: false,
|
|
422
|
+
error: validation.error
|
|
423
|
+
});
|
|
424
|
+
return;
|
|
425
|
+
}
|
|
426
|
+
try {
|
|
427
|
+
const userWithPassword = await store.getUserWithPasswordByEmail(validation.value.email);
|
|
428
|
+
if (!userWithPassword) {
|
|
429
|
+
writeJson(response, 401, {
|
|
430
|
+
ok: false,
|
|
431
|
+
error: "Invalid email or password."
|
|
432
|
+
});
|
|
433
|
+
return;
|
|
434
|
+
}
|
|
435
|
+
const isValidPassword = await verifySecret(validation.value.password, userWithPassword.passwordHash);
|
|
436
|
+
if (!isValidPassword) {
|
|
437
|
+
writeJson(response, 401, {
|
|
438
|
+
ok: false,
|
|
439
|
+
error: "Invalid email or password."
|
|
440
|
+
});
|
|
441
|
+
return;
|
|
442
|
+
}
|
|
443
|
+
await respondAuthenticated(response, userWithPassword.user);
|
|
444
|
+
}
|
|
445
|
+
catch (error) {
|
|
446
|
+
writeJson(response, 500, {
|
|
447
|
+
ok: false,
|
|
448
|
+
error: error instanceof Error ? error.message : "Could not complete sign in."
|
|
449
|
+
});
|
|
450
|
+
}
|
|
451
|
+
};
|
|
452
|
+
return {
|
|
453
|
+
hasUsers: () => store.hasUsers(),
|
|
454
|
+
getOwnerSetupState: () => store.getOwnerSetupState(),
|
|
455
|
+
getSession: (request) => createSessionResult(store, request, pruneExpiredSessionsIfNeeded),
|
|
456
|
+
close: async () => {
|
|
457
|
+
await store.close();
|
|
458
|
+
},
|
|
459
|
+
handleRequest: async (request, response, requestUrl) => {
|
|
460
|
+
const pathname = requestUrl.pathname;
|
|
461
|
+
if (!pathname.startsWith("/api/auth/")) {
|
|
462
|
+
return false;
|
|
463
|
+
}
|
|
464
|
+
if (pathname === "/api/auth/providers") {
|
|
465
|
+
const localProviders = listConfiguredOAuthProviders();
|
|
466
|
+
const brokerOrigin = getBrokerOrigin();
|
|
467
|
+
const providers = new Set(["email", ...localProviders]);
|
|
468
|
+
if (brokerOrigin) {
|
|
469
|
+
const brokerProviders = await listBrokerProviders(brokerOrigin);
|
|
470
|
+
for (const provider of brokerProviders) {
|
|
471
|
+
providers.add(provider);
|
|
472
|
+
}
|
|
473
|
+
}
|
|
474
|
+
writeJson(response, 200, {
|
|
475
|
+
ok: true,
|
|
476
|
+
providers: [...providers]
|
|
477
|
+
});
|
|
478
|
+
return true;
|
|
479
|
+
}
|
|
480
|
+
if (pathname === "/api/auth/session") {
|
|
481
|
+
writeJson(response, 200, await createSessionResult(store, request, pruneExpiredSessionsIfNeeded));
|
|
482
|
+
return true;
|
|
483
|
+
}
|
|
484
|
+
if (pathname === "/api/auth/logout") {
|
|
485
|
+
const sessionId = readRequestSessionId(request);
|
|
486
|
+
if (sessionId) {
|
|
487
|
+
await store.deleteSessionById(sessionId);
|
|
488
|
+
}
|
|
489
|
+
response.writeHead(204, {
|
|
490
|
+
"set-cookie": clearSessionCookie()
|
|
491
|
+
});
|
|
492
|
+
response.end();
|
|
493
|
+
return true;
|
|
494
|
+
}
|
|
495
|
+
if (pathname === "/api/auth/email/register") {
|
|
496
|
+
if (request.method !== "POST") {
|
|
497
|
+
writeJson(response, 405, {
|
|
498
|
+
ok: false,
|
|
499
|
+
error: "Method not allowed."
|
|
500
|
+
});
|
|
501
|
+
return true;
|
|
502
|
+
}
|
|
503
|
+
await handleEmailRegister(request, response);
|
|
504
|
+
return true;
|
|
505
|
+
}
|
|
506
|
+
if (pathname === "/api/auth/email/login") {
|
|
507
|
+
if (request.method !== "POST") {
|
|
508
|
+
writeJson(response, 405, {
|
|
509
|
+
ok: false,
|
|
510
|
+
error: "Method not allowed."
|
|
511
|
+
});
|
|
512
|
+
return true;
|
|
513
|
+
}
|
|
514
|
+
await handleEmailLogin(request, response);
|
|
515
|
+
return true;
|
|
516
|
+
}
|
|
517
|
+
if (pathname === "/api/auth/broker/exchange") {
|
|
518
|
+
await handleBrokerExchange(request, response, requestUrl);
|
|
519
|
+
return true;
|
|
520
|
+
}
|
|
521
|
+
const startProvider = parseProviderFromPath(pathname, "/api/auth/start/");
|
|
522
|
+
if (startProvider) {
|
|
523
|
+
await handleStart(startProvider, response, requestUrl);
|
|
524
|
+
return true;
|
|
525
|
+
}
|
|
526
|
+
const callbackProvider = parseProviderFromPath(pathname, "/api/auth/callback/");
|
|
527
|
+
if (callbackProvider) {
|
|
528
|
+
await handleCallback(callbackProvider, response, requestUrl);
|
|
529
|
+
return true;
|
|
530
|
+
}
|
|
531
|
+
writeJson(response, 404, {
|
|
532
|
+
ok: false,
|
|
533
|
+
error: "Auth endpoint not found."
|
|
534
|
+
});
|
|
535
|
+
return true;
|
|
536
|
+
}
|
|
537
|
+
};
|
|
538
|
+
};
|
|
539
|
+
//# sourceMappingURL=runtime.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../../src/auth/runtime.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,OAAO,EAAE,0BAA0B,EAAmB,MAAM,eAAe,CAAC;AAC5E,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACrD,OAAO,EACL,0BAA0B,EAC1B,kBAAkB,EAClB,uBAAuB,EACvB,4BAA4B,EAC7B,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,iBAAiB,EAAkB,MAAM,YAAY,CAAC;AAE/D,OAAO,EAAE,wBAAwB,EAAE,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AAExF,MAAM,mBAAmB,GAAG,eAAe,CAAC;AAC5C,MAAM,uBAAuB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAClD,MAAM,sBAAsB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAC9C,MAAM,yBAAyB,GAAG,EAAE,GAAG,IAAI,CAAC;AA+C5C,MAAM,iBAAiB,GAAG,CAAC,KAAa,EAA4B,EAAE,CACpE,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,QAAQ,CAAC;AAE3C,MAAM,qBAAqB,GAAG,CAAC,QAAgB,EAAE,MAAc,EAA0B,EAAE;IACzF,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACvF,OAAO,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;AACvD,CAAC,CAAC;AAEF,MAAM,SAAS,GAAG,CAAC,QAAwB,EAAE,UAAkB,EAAE,OAAgB,EAAQ,EAAE;IACzF,QAAQ,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,cAAc,EAAE,iCAAiC,EAAE,CAAC,CAAC;IACtF,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;AACxC,CAAC,CAAC;AAEF,MAAM,aAAa,GAAG,CAAC,QAAwB,EAAE,QAAgB,EAAE,YAAqB,EAAQ,EAAE;IAChG,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;IAChG,QAAQ,CAAC,GAAG,EAAE,CAAC;AACjB,CAAC,CAAC;AAEF,MAAM,aAAa,GAAG,GAAW,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAEpE,MAAM,KAAK,GAAG,GAAW,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;AAEvC,MAAM,SAAS,GAAG,CAAC,IAAY,EAAU,EAAE,CACzC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,IAAI,EAAE,IAAI,2BAA2B,IAAI,EAAE,CAAC;AAE7E,MAAM,sBAAsB,GAAG,CAAC,QAAyB,EAAE,IAAY,EAAU,EAAE,CACjF,GAAG,SAAS,CAAC,IAAI,CAAC,sBAAsB,QAAQ,EAAE,CAAC;AAErD,MAAM,eAAe,GAAG,GAAkB,EAAE;IAC1C,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE,CAAC;IAChE,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;QACzC,IAAI,OAAO,KAAK,KAAK,IAAI,OAAO,KAAK,OAAO,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;YACpE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,OAAO,0BAA0B,CAAC;AACpC,CAAC,CAAC;AAEF,MAAM,oBAAoB,GAAG,CAAC,OAAwB,EAAiB,EAAE;IACvE,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9C,OAAO,OAAO,CAAC,mBAAmB,CAAC,IAAI,IAAI,CAAC;AAC9C,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,GAAW,EAAE,CACtC,eAAe,CAAC,mBAAmB,EAAE,EAAE,EAAE;IACvC,QAAQ,EAAE,IAAI;IACd,QAAQ,EAAE,KAAK;IACf,MAAM,EAAE,CAAC;CACV,CAAC,CAAC;AAEL,MAAM,mBAAmB,GAAG,CAAC,SAAiB,EAAU,EAAE,CACxD,eAAe,CAAC,mBAAmB,EAAE,SAAS,EAAE;IAC9C,QAAQ,EAAE,IAAI;IACd,QAAQ,EAAE,KAAK;IACf,MAAM,EAAE,uBAAuB;CAChC,CAAC,CAAC;AAEL,MAAM,mBAAmB,GAAG,KAAK,EAC/B,KAAgB,EAChB,OAAwB,EACxB,oBAAyC,EACjB,EAAE;IAC1B,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAChD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAC9C,CAAC;IAED,MAAM,oBAAoB,EAAE,CAAC;IAE7B,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;IACtD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAC9C,CAAC;IAED,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,KAAK,EAAE,EAAE,CAAC;QAC7C,MAAM,KAAK,CAAC,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC1C,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAC9C,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACrD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,KAAK,CAAC,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC1C,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAC9C,CAAC;IAED,OAAO;QACL,aAAa,EAAE,IAAI;QACnB,IAAI,EAAE;YACJ,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B;KACF,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,aAAa,GAAG,KAAK,EAAE,OAAwB,EAAoC,EAAE,CACzF,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;IAC9B,IAAI,IAAI,GAAG,EAAE,CAAC;IAEd,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;QAC3B,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;QAClD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;QACrB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,CAAC,EAAE,CAAC,CAAC;YACZ,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC,CAAC;QACvD,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AAC9B,CAAC,CAAC,CAAC;AAEL,MAAM,iBAAiB,GAAG,CAAC,OAAgB,EAAqB,EAAE;IAChE,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,IAAI,CAAC,CAAC,WAAW,IAAI,OAAO,CAAC,EAAE,CAAC;QACjF,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,SAAS,GAAI,OAAmC,CAAC,SAAS,CAAC;IACjE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC,KAAK,EAA4B,EAAE,CAC1D,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAC7D,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,mBAAmB,GAAG,KAAK,EAAE,YAAoB,EAA8B,EAAE;IACrF,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,kBAAkB,EAAE;YAC9D,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;aAC3B;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAY,CAAC;QACnD,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,0BAA0B,GAAG,CAAC,OAAgB,EAAgC,EAAE;IACpF,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACpD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,YAAY,GAAG,OAUpB,CAAC;IAEF,IAAI,YAAY,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,YAAY,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,iBAAiB,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3F,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC;IAC/B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,YAAY,CAAC,QAAQ;QAC/B,IAAI,EAAE;YACJ,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,KAAK,EAAE,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI;YACzD,IAAI,EAAE,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;YACtD,SAAS,EAAE,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;YACrE,aAAa,EAAE,IAAI,CAAC,aAAa,KAAK,IAAI;SAC3C;KACF,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,KAAK,EAAE,YAAoB,EAAE,IAAY,EAAyB,EAAE;IAC7F,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,iBAAiB,EAAE,YAAY,CAAC,CAAC;IAC7D,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAE3C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,QAAQ,EAAE,EAAE;QACnD,MAAM,EAAE,KAAK;QACb,OAAO,EAAE;YACP,MAAM,EAAE,kBAAkB;SAC3B;KACF,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAY,CAAC;IACrE,MAAM,MAAM,GAAG,0BAA0B,CAAC,OAAO,CAAC,CAAC;IACnD,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAClD,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc;QAC1C,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK;QACxB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI;QACtB,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS;QAChC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa;KACzC,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,OAAiC,EAAe,EAAE;IAClF,MAAM,KAAK,GAAG,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACrD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAsB,CAAC;IAClD,IAAI,2BAA2B,GAAG,CAAC,CAAC;IAEpC,MAAM,4BAA4B,GAAG,KAAK,IAAmB,EAAE;QAC7D,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;QACpB,IAAI,GAAG,GAAG,2BAA2B,GAAG,yBAAyB,EAAE,CAAC;YAClE,OAAO;QACT,CAAC;QAED,2BAA2B,GAAG,GAAG,CAAC;QAClC,MAAM,KAAK,CAAC,qBAAqB,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACjE,CAAC,CAAC;IAEF,MAAM,YAAY,GAAG,KAAK,EAAE,MAAc,EAAmB,EAAE;QAC7D,MAAM,4BAA4B,EAAE,CAAC;QAErC,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;QAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,KAAK,EAAE,GAAG,uBAAuB,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QACnF,MAAM,KAAK,CAAC,aAAa,CAAC;YACxB,EAAE,EAAE,SAAS;YACb,MAAM;YACN,SAAS;YACT,SAAS;SACV,CAAC,CAAC;QACH,OAAO,SAAS,CAAC;IACnB,CAAC,CAAC;IAEF,MAAM,YAAY,GAAG,CAAC,OAAe,EAAqB,EAAE;QAC1D,MAAM,aAAa,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC5B,IAAI,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,CAAC,IAAI,KAAK,EAAE,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,aAAa,CAAC;IACvB,CAAC,CAAC;IAEF,MAAM,WAAW,GAAG,KAAK,EACvB,QAAyB,EACzB,QAAwB,EACxB,UAAe,EACA,EAAE;QACjB,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;QACvC,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,QAAQ,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACrD,MAAM,YAAY,GAAG,QAAQ,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;YAC3E,MAAM,IAAI,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACjD,MAAM,UAAU,GAAG,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;YAC1F,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YAC9D,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;YAChD,IAAI,YAAY,KAAK,GAAG,EAAE,CAAC;gBACzB,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;YAClD,CAAC;YAED,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,gBAAgB,QAAQ,EAAE,EAAE,YAAY,CAAC,CAAC;YACzE,cAAc,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;YAClE,aAAa,CAAC,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QAED,MAAM,mBAAmB,GAAG,4BAA4B,EAAE,CAAC;QAC3D,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5C,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACvB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,mBAAmB,QAAQ,sBAAsB;aACzD,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;QACrC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,KAAK,EAAE,GAAG,sBAAsB,CAAC,CAAC,WAAW,EAAE,CAAC;QAC3E,MAAM,QAAQ,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACrD,MAAM,YAAY,GAAG,QAAQ,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;QAE3E,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE;YACvB,EAAE,EAAE,OAAO;YACX,QAAQ;YACR,SAAS;YACT,SAAS;YACT,YAAY;SACb,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,sBAAsB,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;QACnE,MAAM,gBAAgB,GAAG,0BAA0B,CAAC,QAAQ,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;QACpF,aAAa,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;IAC5C,CAAC,CAAC;IAEF,MAAM,cAAc,GAAG,KAAK,EAC1B,QAAyB,EACzB,QAAwB,EACxB,UAAe,EACA,EAAE;QACjB,MAAM,IAAI,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACjD,MAAM,OAAO,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrD,IAAI,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACtB,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACvB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,oCAAoC;aAC5C,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;QACpC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC1C,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACvB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,iCAAiC;aACzC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,sBAAsB,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;YACnE,MAAM,OAAO,GAAG,MAAM,uBAAuB,CAAC,QAAQ,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;YAC3E,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,KAAK,CAAC,wBAAwB,EAAE,CAAC;YACvC,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAE9C,aAAa,CAAC,QAAQ,EAAE,KAAK,CAAC,YAAY,IAAI,GAAG,EAAE,mBAAmB,CAAC,SAAS,CAAC,CAAC,CAAC;QACrF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACvB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,wBAAwB;aACzE,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,oBAAoB,GAAG,KAAK,EAChC,OAAwB,EACxB,QAAwB,EACxB,UAAe,EACA,EAAE;QACjB,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;QACvC,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACvB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,2BAA2B;aACnC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,IAAI,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC/C,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YACvC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;YAC7C,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;YAC9B,IAAI,GAAG,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;QACxD,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACvB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,sBAAsB;aAC9B,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;YAC7D,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,KAAK,CAAC,wBAAwB,EAAE,CAAC;YACvC,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAE9C,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE;gBACtB,cAAc,EAAE,iCAAiC;gBACjD,YAAY,EAAE,mBAAmB,CAAC,SAAS,CAAC;aAC7C,CAAC,CAAC;YACH,QAAQ,CAAC,GAAG,CACV,IAAI,CAAC,SAAS,CAAC;gBACb,EAAE,EAAE,IAAI;gBACR,aAAa,EAAE,IAAI;gBACnB,IAAI,EAAE;oBACJ,EAAE,EAAE,IAAI,CAAC,EAAE;oBACX,KAAK,EAAE,IAAI,CAAC,KAAK;oBACjB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,SAAS,EAAE,IAAI,CAAC,SAAS;iBAC1B;aACF,CAAC,CACH,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACvB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,yBAAyB;aAC1E,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,mBAAmB,GAAG,KAAK,EAC/B,OAAwB,EACxB,QAAwB,EACiB,EAAE;QAC3C,IAAI,CAAC;YACH,OAAO,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACvB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB;aACrE,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,oBAAoB,GAAG,KAAK,EAChC,QAAwB,EACxB,IAKC,EACc,EAAE;QACjB,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9C,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE;YACtB,cAAc,EAAE,iCAAiC;YACjD,YAAY,EAAE,mBAAmB,CAAC,SAAS,CAAC;SAC7C,CAAC,CAAC;QACH,QAAQ,CAAC,GAAG,CACV,IAAI,CAAC,SAAS,CAAC;YACb,EAAE,EAAE,IAAI;YACR,aAAa,EAAE,IAAI;YACnB,IAAI;SACL,CAAC,CACH,CAAC;IACJ,CAAC,CAAC;IAEF,MAAM,mBAAmB,GAAG,KAAK,EAC/B,OAAwB,EACxB,QAAwB,EACT,EAAE;QACjB,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC7D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,2BAA2B,CAAC,OAAO,CAAC,CAAC;QACxD,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACvB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,UAAU,CAAC,KAAK;aACxB,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACjE,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,yBAAyB,CAAC;gBACzD,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,KAAK;gBAC7B,YAAY;gBACZ,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC,IAAI;aAC5B,CAAC,CAAC;YAEH,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;gBACrB,MAAM,YAAY,GAChB,YAAY,CAAC,MAAM,KAAK,cAAc;oBACpC,CAAC,CAAC,+BAA+B;oBACjC,CAAC,CAAC,0BAA0B,CAAC;gBAEjC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;oBACvB,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,YAAY;oBACnB,MAAM,EAAE,YAAY,CAAC,MAAM;iBAC5B,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,KAAK,CAAC,wBAAwB,EAAE,CAAC;YACvC,MAAM,oBAAoB,CAAC,QAAQ,EAAE;gBACnC,EAAE,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE;gBACxB,KAAK,EAAE,YAAY,CAAC,IAAI,CAAC,KAAK;gBAC9B,IAAI,EAAE,YAAY,CAAC,IAAI,CAAC,IAAI;gBAC5B,SAAS,EAAE,YAAY,CAAC,IAAI,CAAC,SAAS;aACvC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACvB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,iCAAiC;aAClF,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,gBAAgB,GAAG,KAAK,EAAE,OAAwB,EAAE,QAAwB,EAAiB,EAAE;QACnG,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC7D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;QACrD,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACvB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,UAAU,CAAC,KAAK;aACxB,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,0BAA0B,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACxF,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;oBACvB,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,4BAA4B;iBACpC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,eAAe,GAAG,MAAM,YAAY,CACxC,UAAU,CAAC,KAAK,CAAC,QAAQ,EACzB,gBAAgB,CAAC,YAAY,CAC9B,CAAC;YAEF,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;oBACvB,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,4BAA4B;iBACpC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,oBAAoB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAC9D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACvB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,6BAA6B;aAC9E,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;IAEF,OAAO;QACL,QAAQ,EAAE,GAAqB,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE;QAElD,kBAAkB,EAAE,GAA6B,EAAE,CAAC,KAAK,CAAC,kBAAkB,EAAE;QAE9E,UAAU,EAAE,CAAC,OAAwB,EAA0B,EAAE,CAC/D,mBAAmB,CAAC,KAAK,EAAE,OAAO,EAAE,4BAA4B,CAAC;QAEnE,KAAK,EAAE,KAAK,IAAmB,EAAE;YAC/B,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;QACtB,CAAC;QAED,aAAa,EAAE,KAAK,EAClB,OAAwB,EACxB,QAAwB,EACxB,UAAe,EACG,EAAE;YACpB,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;YACrC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBACvC,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,QAAQ,KAAK,qBAAqB,EAAE,CAAC;gBACvC,MAAM,cAAc,GAAG,4BAA4B,EAAE,CAAC;gBACtD,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;gBAEvC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAS,CAAC,OAAO,EAAE,GAAG,cAAc,CAAC,CAAC,CAAC;gBAEhE,IAAI,YAAY,EAAE,CAAC;oBACjB,MAAM,eAAe,GAAG,MAAM,mBAAmB,CAAC,YAAY,CAAC,CAAC;oBAChE,KAAK,MAAM,QAAQ,IAAI,eAAe,EAAE,CAAC;wBACvC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBAC1B,CAAC;gBACH,CAAC;gBAED,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;oBACvB,EAAE,EAAE,IAAI;oBACR,SAAS,EAAE,CAAC,GAAG,SAAS,CAAC;iBAC1B,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,QAAQ,KAAK,mBAAmB,EAAE,CAAC;gBACrC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,mBAAmB,CAAC,KAAK,EAAE,OAAO,EAAE,4BAA4B,CAAC,CAAC,CAAC;gBAClG,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,QAAQ,KAAK,kBAAkB,EAAE,CAAC;gBACpC,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;gBAChD,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,KAAK,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;gBAC3C,CAAC;gBACD,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE;oBACtB,YAAY,EAAE,kBAAkB,EAAE;iBACnC,CAAC,CAAC;gBACH,QAAQ,CAAC,GAAG,EAAE,CAAC;gBACf,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,QAAQ,KAAK,0BAA0B,EAAE,CAAC;gBAC5C,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;oBAC9B,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;wBACvB,EAAE,EAAE,KAAK;wBACT,KAAK,EAAE,qBAAqB;qBAC7B,CAAC,CAAC;oBACH,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,MAAM,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;gBAC7C,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,QAAQ,KAAK,uBAAuB,EAAE,CAAC;gBACzC,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;oBAC9B,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;wBACvB,EAAE,EAAE,KAAK;wBACT,KAAK,EAAE,qBAAqB;qBAC7B,CAAC,CAAC;oBACH,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,MAAM,gBAAgB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;gBAC1C,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,QAAQ,KAAK,2BAA2B,EAAE,CAAC;gBAC7C,MAAM,oBAAoB,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;gBAC1D,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,aAAa,GAAG,qBAAqB,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC;YAC1E,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,WAAW,CAAC,aAAa,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;gBACvD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,gBAAgB,GAAG,qBAAqB,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;YAChF,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,cAAc,CAAC,gBAAgB,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;gBAC7D,OAAO,IAAI,CAAC;YACd,CAAC;YAED,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACvB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,0BAA0B;aAClC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;AACJ,CAAC,CAAC"}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
import { type DatabaseOwnerRegistrationResult } from "@atria/db";
|
|
2
|
+
import type { AuthMethod } from "@atria/shared";
|
|
3
|
+
import type { OAuthProfile } from "./types.js";
|
|
4
|
+
interface OwnerSetupState {
|
|
5
|
+
pending: boolean;
|
|
6
|
+
preferredAuthMethod: AuthMethod | null;
|
|
7
|
+
}
|
|
8
|
+
interface AuthUser {
|
|
9
|
+
id: string;
|
|
10
|
+
email: string | null;
|
|
11
|
+
name: string | null;
|
|
12
|
+
avatarUrl: string | null;
|
|
13
|
+
}
|
|
14
|
+
interface AuthSession {
|
|
15
|
+
id: string;
|
|
16
|
+
userId: string;
|
|
17
|
+
createdAt: string;
|
|
18
|
+
expiresAt: string;
|
|
19
|
+
}
|
|
20
|
+
export interface AuthStore {
|
|
21
|
+
close: () => Promise<void>;
|
|
22
|
+
hasUsers: () => Promise<boolean>;
|
|
23
|
+
getOwnerSetupState: () => Promise<OwnerSetupState>;
|
|
24
|
+
setPreferredAuthMethod: (authMethod: AuthMethod | null) => Promise<void>;
|
|
25
|
+
clearPreferredAuthMethod: () => Promise<void>;
|
|
26
|
+
getUserById: (userId: string) => Promise<AuthUser | null>;
|
|
27
|
+
getUserWithPasswordByEmail: (email: string) => Promise<{
|
|
28
|
+
user: AuthUser;
|
|
29
|
+
passwordHash: string;
|
|
30
|
+
} | null>;
|
|
31
|
+
registerOwnerWithPassword: (input: {
|
|
32
|
+
email: string;
|
|
33
|
+
passwordHash: string;
|
|
34
|
+
name: string | null;
|
|
35
|
+
}) => Promise<DatabaseOwnerRegistrationResult>;
|
|
36
|
+
upsertOAuthProfile: (profile: OAuthProfile) => Promise<AuthUser>;
|
|
37
|
+
getSessionById: (sessionId: string) => Promise<AuthSession | null>;
|
|
38
|
+
createSession: (session: AuthSession) => Promise<void>;
|
|
39
|
+
deleteSessionById: (sessionId: string) => Promise<void>;
|
|
40
|
+
deleteExpiredSessions: (expiresAtOrBefore: string) => Promise<void>;
|
|
41
|
+
}
|
|
42
|
+
export declare const createDbAuthStore: (projectRoot: string) => AuthStore;
|
|
43
|
+
export {};
|