@baasix/baasix 0.1.0

package/dist/auth/core.js

@@ -0,0 +1,528 @@
+/**
+ * Baasix Auth Core
+ * Main entry point for the auth module
+ * Inspired by better-auth architecture
+ */
+import argon2 from "argon2";
+import { createBaasixAdapter } from "./adapters/baasix-adapter.js";
+import { createSessionService, validateSessionLimits } from "./services/session.js";
+import { createTokenService } from "./services/token.js";
+import { createVerificationService } from "./services/verification.js";
+import { credential } from "./providers/credential.js";
+import { google } from "./providers/google.js";
+import { facebook } from "./providers/facebook.js";
+import { apple } from "./providers/apple.js";
+import { github } from "./providers/github.js";
+import { generateState, generateCodeVerifier } from "./oauth2/utils.js";
+/**
+ * Default password hashing functions using argon2
+ */
+const defaultPasswordFunctions = {
+    hash: async (password) => argon2.hash(password),
+    verify: async ({ password, hash }) => argon2.verify(hash, password),
+};
+/**
+ * Create a Baasix Auth instance
+ */
+export function createAuth(options) {
+    // Create adapter
+    const adapter = createBaasixAdapter();
+    // Create services
+    const sessionService = createSessionService(adapter, {
+        expiresIn: options.session?.expiresIn,
+        updateAge: options.session?.updateAge,
+        cookieRefresh: options.session?.cookieRefresh,
+    });
+    const tokenService = createTokenService({
+        secret: options.secret,
+        expiresIn: options.session?.expiresIn ? `${options.session.expiresIn}s` : "7d",
+    });
+    const verificationService = createVerificationService(adapter);
+    // Create credential provider
+    const passwordFns = options.password || defaultPasswordFunctions;
+    const credentialProvider = credential({
+        hashPassword: passwordFns.hash,
+        verifyPassword: passwordFns.verify,
+        minPasswordLength: options.emailAndPassword?.minPasswordLength,
+        maxPasswordLength: options.emailAndPassword?.maxPasswordLength,
+    });
+    // Initialize OAuth providers
+    const providers = new Map();
+    if (options.socialProviders) {
+        for (const [name, config] of Object.entries(options.socialProviders)) {
+            if (!config.clientId || !config.clientSecret)
+                continue;
+            switch (name.toLowerCase()) {
+                case "google":
+                    providers.set("google", google(config));
+                    break;
+                case "facebook":
+                    providers.set("facebook", facebook(config));
+                    break;
+                case "apple":
+                    providers.set("apple", apple(config));
+                    break;
+                case "github":
+                    providers.set("github", github(config));
+                    break;
+            }
+        }
+    }
+    // Create context
+    const context = {
+        options,
+        adapter,
+        providers,
+        session: null,
+    };
+    // Helper to get role and permissions
+    async function getUserRoleAndPermissions(userId, tenantId) {
+        const userRoles = await adapter.findUserRolesByUserId(userId, tenantId);
+        if (!userRoles || userRoles.length === 0) {
+            throw new Error("User role not found");
+        }
+        const userRole = userRoles[0];
+        const role = userRole.role;
+        if (!role) {
+            throw new Error("Role not found");
+        }
+        const permissions = await adapter.findPermissionsByRoleId(role.id);
+        let tenant = null;
+        if (userRole.tenant_Id) {
+            tenant = await adapter.findTenantById(userRole.tenant_Id);
+        }
+        return { role, permissions, tenant };
+    }
+    // Helper to create auth response
+    async function createAuthResponse(user, tenantId, ipAddress, userAgent, sessionType = "default") {
+        const { role, permissions, tenant } = await getUserRoleAndPermissions(user.id, tenantId);
+        // Create session
+        const session = await sessionService.createSession({
+            user,
+            tenantId: tenant?.id || null,
+            ipAddress,
+            userAgent,
+            type: sessionType,
+        });
+        // Generate token
+        const token = tokenService.generateUserToken({
+            user,
+            role,
+            session,
+            tenant,
+        });
+        return {
+            token,
+            user,
+            role,
+            permissions,
+            tenant,
+        };
+    }
+    return {
+        context,
+        adapter,
+        sessionService,
+        tokenService,
+        verificationService,
+        credentialProvider,
+        providers,
+        // Email/Password Sign Up
+        async signUp(input) {
+            const { email, password, firstName, lastName, phone, tenant, roleName, inviteToken, ipAddress, userAgent } = input;
+            // Validate email and password are enabled
+            if (options.emailAndPassword?.enabled === false) {
+                throw new Error("Email and password authentication is disabled");
+            }
+            // Check if user already exists
+            const existingUser = await adapter.findUserByEmail(email);
+            if (existingUser) {
+                throw new Error("User already exists");
+            }
+            let tenantId = null;
+            let roleToAssign = null;
+            let inviteData = null;
+            // Handle invite token if provided
+            if (inviteToken) {
+                inviteData = await adapter.findInviteByToken(inviteToken);
+                if (!inviteData) {
+                    throw new Error("Invalid or expired invitation");
+                }
+                // Check if invited email matches registration email
+                if (inviteData.email.toLowerCase() !== email.toLowerCase()) {
+                    throw new Error("The email address doesn't match the invitation");
+                }
+                // Use role and tenant from invite
+                if (inviteData.role_Id) {
+                    roleToAssign = await adapter.findRoleById(inviteData.role_Id);
+                }
+                if (inviteData.tenant_Id) {
+                    tenantId = inviteData.tenant_Id;
+                }
+            }
+            else {
+                // Multi-tenant mode validation - only if no invite
+                const isMultiTenant = options.multiTenant?.enabled;
+                if (isMultiTenant && !tenant?.name) {
+                    throw new Error("Tenant information is required for registration in multi-tenant mode");
+                }
+                // Create tenant if provided
+                if (tenant?.name) {
+                    const newTenant = await adapter.createTenant({ name: tenant.name });
+                    tenantId = newTenant.id;
+                }
+            }
+            // Create user and credential account
+            const { user, account } = await credentialProvider.signUp({
+                adapter,
+                email,
+                password,
+                firstName,
+                lastName,
+                phone,
+            });
+            // Get role to assign if not from invite
+            if (!roleToAssign) {
+                if (roleName) {
+                    roleToAssign = await adapter.findRoleByName(roleName);
+                }
+                if (!roleToAssign) {
+                    // Get default role
+                    const defaultRoleName = process.env.DEFAULT_ROLE_REGISTERED || "user";
+                    roleToAssign = await adapter.findRoleByName(defaultRoleName);
+                }
+            }
+            if (!roleToAssign) {
+                throw new Error("Default role not found");
+            }
+            // Create user role
+            await adapter.createUserRole({
+                user_Id: user.id,
+                role_Id: roleToAssign.id,
+                tenant_Id: tenantId,
+            });
+            // Mark invite as accepted if used
+            if (inviteData) {
+                await adapter.updateInviteStatus(inviteData.id, "accepted");
+            }
+            // Call hook if defined
+            if (options.hooks?.onUserCreated) {
+                await options.hooks.onUserCreated(user, account);
+            }
+            if (options.hooks?.onSignUp) {
+                await options.hooks.onSignUp(user, account);
+            }
+            // Check if email verification is required
+            const requireEmailVerification = options.emailAndPassword?.requireEmailVerification === true;
+            if (requireEmailVerification) {
+                // Don't create session or return token - user needs to verify email first
+                const { role, permissions, tenant } = await getUserRoleAndPermissions(user.id, tenantId);
+                return {
+                    token: "", // Empty token - user needs to verify email
+                    user,
+                    role,
+                    permissions,
+                    tenant,
+                    requiresEmailVerification: true,
+                };
+            }
+            return createAuthResponse(user, tenantId, ipAddress, userAgent);
+        },
+        // Email/Password Sign In
+        async signIn(input) {
+            const { email, password, tenant_Id, authType = "default", ipAddress, userAgent } = input;
+            // Validate email and password are enabled
+            if (options.emailAndPassword?.enabled === false) {
+                throw new Error("Email and password authentication is disabled");
+            }
+            // Authenticate user
+            const user = await credentialProvider.signIn({
+                adapter,
+                email,
+                password,
+            });
+            if (!user) {
+                throw new Error("Invalid credentials");
+            }
+            // Check if email verification is required
+            const requireEmailVerification = options.emailAndPassword?.requireEmailVerification === true;
+            if (requireEmailVerification && !user.emailVerified) {
+                throw new Error("Email not verified. Please verify your email before logging in.");
+            }
+            // Get role and permissions
+            const { role, tenant } = await getUserRoleAndPermissions(user.id, tenant_Id);
+            // Validate session type and limits
+            const validation = await validateSessionLimits(sessionService, user.id, authType, tenant?.id || null, role);
+            if (!validation.isValid) {
+                throw new Error(validation.error);
+            }
+            // Call hook if defined
+            if (options.hooks?.onSignIn) {
+                const session = await sessionService.createSession({
+                    user,
+                    tenantId: tenant?.id || null,
+                    type: authType,
+                });
+                await options.hooks.onSignIn(user, null, session);
+                await sessionService.invalidateSession(session.token);
+            }
+            return createAuthResponse(user, tenant_Id, ipAddress, userAgent, authType);
+        },
+        // Get OAuth URL
+        async getOAuthUrl(providerName, redirectURI, scopes) {
+            const provider = providers.get(providerName);
+            if (!provider) {
+                throw new Error(`Provider '${providerName}' not found`);
+            }
+            const state = generateState();
+            const codeVerifier = generateCodeVerifier();
+            const url = await provider.createAuthorizationURL({
+                state,
+                codeVerifier,
+                scopes,
+                redirectURI,
+            });
+            return {
+                url: url.toString(),
+                state,
+                codeVerifier,
+            };
+        },
+        // Handle OAuth Callback
+        async handleOAuthCallback(providerName, code, state, codeVerifier, redirectURI) {
+            const provider = providers.get(providerName);
+            if (!provider) {
+                throw new Error(`Provider '${providerName}' not found`);
+            }
+            // Exchange code for tokens
+            const tokens = await provider.validateAuthorizationCode({
+                code,
+                redirectURI,
+                codeVerifier,
+            });
+            // Get user info from provider
+            const userInfo = await provider.getUserInfo(tokens);
+            if (!userInfo) {
+                throw new Error("Failed to get user info from provider");
+            }
+            const { user: oauthUser, data: _profile } = userInfo;
+            // Find or create user
+            let user = null;
+            let account = null;
+            // Check if account exists for this provider
+            account = await adapter.findAccountByProvider(providerName, oauthUser.id.toString());
+            if (account) {
+                // Existing account - get user
+                user = await adapter.findUserById(account.user_Id);
+                // Update tokens
+                await adapter.updateAccount(account.id, {
+                    accessToken: tokens.accessToken,
+                    refreshToken: tokens.refreshToken,
+                    accessTokenExpiresAt: tokens.accessTokenExpiresAt,
+                    idToken: tokens.idToken,
+                    scope: tokens.scopes?.join(" "),
+                });
+            }
+            else if (oauthUser.email) {
+                // Check if user exists with this email
+                user = await adapter.findUserByEmail(oauthUser.email);
+                if (user) {
+                    // Link account to existing user
+                    account = await adapter.createAccount({
+                        user_Id: user.id,
+                        accountId: oauthUser.id.toString(),
+                        providerId: providerName,
+                        accessToken: tokens.accessToken,
+                        refreshToken: tokens.refreshToken,
+                        accessTokenExpiresAt: tokens.accessTokenExpiresAt,
+                        idToken: tokens.idToken,
+                        scope: tokens.scopes?.join(" "),
+                    });
+                    // Call hook if defined
+                    if (options.hooks?.onOAuthAccountLinked) {
+                        await options.hooks.onOAuthAccountLinked(user, account);
+                    }
+                }
+            }
+            if (!user) {
+                // Create new user
+                user = await adapter.createUser({
+                    email: oauthUser.email || null,
+                    emailVerified: oauthUser.emailVerified,
+                    firstName: oauthUser.firstName || oauthUser.name || "User",
+                    lastName: oauthUser.lastName || null,
+                    status: "active",
+                });
+                // Create account
+                account = await adapter.createAccount({
+                    user_Id: user.id,
+                    accountId: oauthUser.id.toString(),
+                    providerId: providerName,
+                    accessToken: tokens.accessToken,
+                    refreshToken: tokens.refreshToken,
+                    accessTokenExpiresAt: tokens.accessTokenExpiresAt,
+                    idToken: tokens.idToken,
+                    scope: tokens.scopes?.join(" "),
+                });
+                // Assign default role
+                const defaultRoleName = process.env.DEFAULT_ROLE_REGISTERED || "user";
+                const role = await adapter.findRoleByName(defaultRoleName);
+                if (role) {
+                    await adapter.createUserRole({
+                        user_Id: user.id,
+                        role_Id: role.id,
+                    });
+                }
+                // Call hooks
+                if (options.hooks?.onUserCreated) {
+                    await options.hooks.onUserCreated(user, account);
+                }
+                if (options.hooks?.onSignUp) {
+                    await options.hooks.onSignUp(user, account);
+                }
+            }
+            return createAuthResponse(user);
+        },
+        // Validate Session
+        async validateSession(token) {
+            const decoded = tokenService.verifyToken(token);
+            if (!decoded) {
+                return null;
+            }
+            // Validate session in database
+            const sessionResult = await sessionService.validateSession(decoded.sessionToken);
+            if (!sessionResult) {
+                return null;
+            }
+            const { user } = sessionResult;
+            const { role, permissions, tenant } = await getUserRoleAndPermissions(user.id, decoded.tenant_Id);
+            return { user, role, permissions, tenant };
+        },
+        // Invalidate Session
+        async invalidateSession(token) {
+            const decoded = tokenService.decodeToken(token);
+            if (decoded?.sessionToken) {
+                await sessionService.invalidateSession(decoded.sessionToken);
+                // Call hook if defined
+                if (options.hooks?.onSignOut) {
+                    const sessionResult = await sessionService.validateSession(decoded.sessionToken);
+                    if (sessionResult) {
+                        await options.hooks.onSignOut(sessionResult.session);
+                    }
+                }
+            }
+        },
+        // Invalidate All Sessions
+        async invalidateAllSessions(userId) {
+            await sessionService.invalidateAllSessions(userId);
+        },
+        // Get User by ID
+        async getUserById(userId) {
+            return adapter.findUserById(userId);
+        },
+        // Get User by Email
+        async getUserByEmail(email) {
+            return adapter.findUserByEmail(email);
+        },
+        // Update User
+        async updateUser(userId, data) {
+            const user = await adapter.updateUser(userId, data);
+            if (user && options.hooks?.onUserUpdated) {
+                await options.hooks.onUserUpdated(user);
+            }
+            return user;
+        },
+        // Get User Role and Permissions
+        getUserRoleAndPermissions,
+        // Change Password
+        async changePassword(userId, currentPassword, newPassword) {
+            return credentialProvider.changePassword({
+                adapter,
+                userId,
+                currentPassword,
+                newPassword,
+            });
+        },
+        // Reset Password
+        async resetPassword(userId, newPassword) {
+            return credentialProvider.resetPassword({
+                adapter,
+                userId,
+                newPassword,
+            });
+        },
+        // Create Email Verification
+        async createEmailVerification(email) {
+            return verificationService.createEmailVerification(email);
+        },
+        // Verify Email
+        async verifyEmail(token) {
+            const email = await verificationService.verifyEmail(token);
+            if (!email) {
+                return null;
+            }
+            const user = await adapter.findUserByEmail(email);
+            if (!user) {
+                return null;
+            }
+            await adapter.updateUser(user.id, { emailVerified: true });
+            return adapter.findUserById(user.id);
+        },
+        // Create Magic Link
+        async createMagicLink(email) {
+            return verificationService.createMagicLink(email);
+        },
+        // Update Magic Link Token (for code mode)
+        async updateMagicLinkToken(email, newToken) {
+            return verificationService.updateMagicLinkToken(email, newToken);
+        },
+        // Verify Magic Link
+        async verifyMagicLink(token) {
+            const email = await verificationService.verifyMagicLink(token);
+            if (!email) {
+                return null;
+            }
+            let user = await adapter.findUserByEmail(email);
+            if (!user) {
+                return null;
+            }
+            // Mark email as verified after successful magic link login
+            if (!user.emailVerified) {
+                await adapter.updateUser(user.id, { emailVerified: true });
+                user = await adapter.findUserById(user.id);
+            }
+            return createAuthResponse(user);
+        },
+        // Create Password Reset
+        async createPasswordReset(email) {
+            return verificationService.createPasswordReset(email);
+        },
+        // Verify Password Reset and set new password
+        async verifyPasswordReset(token, newPassword) {
+            const email = await verificationService.verifyPasswordReset(token);
+            if (!email) {
+                return false;
+            }
+            const user = await adapter.findUserByEmail(email);
+            if (!user) {
+                return false;
+            }
+            return credentialProvider.resetPassword({
+                adapter,
+                userId: user.id,
+                newPassword,
+            });
+        },
+        // Generate Token for User (for extensions)
+        async generateTokenForUser(userId, options = {}) {
+            const { tenantId = null, sessionType = "default", ipAddress = null, userAgent = null } = options;
+            const user = await adapter.findUserById(userId);
+            if (!user) {
+                throw new Error("User not found");
+            }
+            return createAuthResponse(user, tenantId, ipAddress, userAgent, sessionType);
+        },
+    };
+}
+export default createAuth;
+//# sourceMappingURL=core.js.map

package/dist/auth/core.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"core.js","sourceRoot":"","sources":["../../baasix/auth/core.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAe5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AACpF,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AA2ExE;;GAEG;AACH,MAAM,wBAAwB,GAAG;IAC/B,IAAI,EAAE,KAAK,EAAE,QAAgB,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC;IACvD,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAsC,EAAE,EAAE,CACvE,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC;CAChC,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,OAAoB;IAC7C,iBAAiB;IACjB,MAAM,OAAO,GAAG,mBAAmB,EAAE,CAAC;IAEtC,kBAAkB;IAClB,MAAM,cAAc,GAAG,oBAAoB,CAAC,OAAO,EAAE;QACnD,SAAS,EAAE,OAAO,CAAC,OAAO,EAAE,SAAS;QACrC,SAAS,EAAE,OAAO,CAAC,OAAO,EAAE,SAAS;QACrC,aAAa,EAAE,OAAO,CAAC,OAAO,EAAE,aAAa;KAC9C,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,kBAAkB,CAAC;QACtC,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,SAAS,EAAE,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,IAAI;KAC/E,CAAC,CAAC;IAEH,MAAM,mBAAmB,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAC;IAE/D,6BAA6B;IAC7B,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,IAAI,wBAAwB,CAAC;IACjE,MAAM,kBAAkB,GAAG,UAAU,CAAC;QACpC,YAAY,EAAE,WAAW,CAAC,IAAI;QAC9B,cAAc,EAAE,WAAW,CAAC,MAAM;QAClC,iBAAiB,EAAE,OAAO,CAAC,gBAAgB,EAAE,iBAAiB;QAC9D,iBAAiB,EAAE,OAAO,CAAC,gBAAgB,EAAE,iBAAiB;KAC/D,CAAC,CAAC;IAEH,6BAA6B;IAC7B,MAAM,SAAS,GAAG,IAAI,GAAG,EAAyB,CAAC;IAEnD,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;QAC5B,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;YACrE,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,YAAY;gBAAE,SAAS;YAEvD,QAAQ,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;gBAC3B,KAAK,QAAQ;oBACX,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAa,CAAC,CAAC,CAAC;oBAC/C,MAAM;gBACR,KAAK,UAAU;oBACb,SAAS,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAa,CAAC,CAAC,CAAC;oBACnD,MAAM;gBACR,KAAK,OAAO;oBACV,SAAS,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,MAAa,CAAC,CAAC,CAAC;oBAC7C,MAAM;gBACR,KAAK,QAAQ;oBACX,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAa,CAAC,CAAC,CAAC;oBAC/C,MAAM;YACV,CAAC;QACH,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,MAAM,OAAO,GAAgB;QAC3B,OAAO;QACP,OAAO;QACP,SAAS;QACT,OAAO,EAAE,IAAI;KACd,CAAC;IAEF,qCAAqC;IACrC,KAAK,UAAU,yBAAyB,CAAC,MAAc,EAAE,QAAwB;QAC/E,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAExE,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;QAED,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAE3B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,uBAAuB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEnE,IAAI,MAAM,GAAkB,IAAI,CAAC;QACjC,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;YACvB,MAAM,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC;IACvC,CAAC;IAED,iCAAiC;IACjC,KAAK,UAAU,kBAAkB,CAC/B,IAAU,EACV,QAAwB,EACxB,SAAyB,EACzB,SAAyB,EACzB,cAAsB,SAAS;QAE/B,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,MAAM,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QAEzF,iBAAiB;QACjB,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,aAAa,CAAC;YACjD,IAAI;YACJ,QAAQ,EAAE,MAAM,EAAE,EAAE,IAAI,IAAI;YAC5B,SAAS;YACT,SAAS;YACT,IAAI,EAAE,WAAW;SAClB,CAAC,CAAC;QAEH,iBAAiB;QACjB,MAAM,KAAK,GAAG,YAAY,CAAC,iBAAiB,CAAC;YAC3C,IAAI;YACJ,IAAI;YACJ,OAAO;YACP,MAAM;SACP,CAAC,CAAC;QAEH,OAAO;YACL,KAAK;YACL,IAAI;YACJ,IAAI;YACJ,WAAW;YACX,MAAM;SACP,CAAC;IACJ,CAAC;IAED,OAAO;QACL,OAAO;QACP,OAAO;QACP,cAAc;QACd,YAAY;QACZ,mBAAmB;QACnB,kBAAkB;QAClB,SAAS;QAET,yBAAyB;QACzB,KAAK,CAAC,MAAM,CAAC,KAAK;YAChB,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,KAAK,CAAC;YAEnH,0CAA0C;YAC1C,IAAI,OAAO,CAAC,gBAAgB,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;gBAChD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;YACnE,CAAC;YAED,+BAA+B;YAC/B,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC1D,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACzC,CAAC;YAED,IAAI,QAAQ,GAAkB,IAAI,CAAC;YACnC,IAAI,YAAY,GAAgB,IAAI,CAAC;YACrC,IAAI,UAAU,GAAQ,IAAI,CAAC;YAE3B,kCAAkC;YAClC,IAAI,WAAW,EAAE,CAAC;gBAChB,UAAU,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;gBAE1D,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBACnD,CAAC;gBAED,oDAAoD;gBACpD,IAAI,UAAU,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;oBAC3D,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;gBACpE,CAAC;gBAED,kCAAkC;gBAClC,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;oBACvB,YAAY,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBAChE,CAAC;gBAED,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC;oBACzB,QAAQ,GAAG,UAAU,CAAC,SAAS,CAAC;gBAClC,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,mDAAmD;gBACnD,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC;gBACnD,IAAI,aAAa,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC;oBACnC,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;gBAC1F,CAAC;gBAED,4BAA4B;gBAC5B,IAAI,MAAM,EAAE,IAAI,EAAE,CAAC;oBACjB,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;oBACpE,QAAQ,GAAG,SAAS,CAAC,EAAE,CAAC;gBAC1B,CAAC;YACH,CAAC;YAED,qCAAqC;YACrC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC;gBACxD,OAAO;gBACP,KAAK;gBACL,QAAQ;gBACR,SAAS;gBACT,QAAQ;gBACR,KAAK;aACN,CAAC,CAAC;YAEH,wCAAwC;YACxC,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,IAAI,QAAQ,EAAE,CAAC;oBACb,YAAY,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;gBACxD,CAAC;gBAED,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,mBAAmB;oBACnB,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,MAAM,CAAC;oBACtE,YAAY,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC;gBAC/D,CAAC;YACH,CAAC;YAED,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;YAC5C,CAAC;YAED,mBAAmB;YACnB,MAAM,OAAO,CAAC,cAAc,CAAC;gBAC3B,OAAO,EAAE,IAAI,CAAC,EAAE;gBAChB,OAAO,EAAE,YAAY,CAAC,EAAE;gBACxB,SAAS,EAAE,QAAQ;aACpB,CAAC,CAAC;YAEH,kCAAkC;YAClC,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,OAAO,CAAC,kBAAkB,CAAC,UAAU,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;YAC9D,CAAC;YAED,uBAAuB;YACvB,IAAI,OAAO,CAAC,KAAK,EAAE,aAAa,EAAE,CAAC;gBACjC,MAAM,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACnD,CAAC;YAED,IAAI,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC;gBAC5B,MAAM,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC9C,CAAC;YAED,0CAA0C;YAC1C,MAAM,wBAAwB,GAAG,OAAO,CAAC,gBAAgB,EAAE,wBAAwB,KAAK,IAAI,CAAC;YAE7F,IAAI,wBAAwB,EAAE,CAAC;gBAC7B,0EAA0E;gBAC1E,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,MAAM,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;gBACzF,OAAO;oBACL,KAAK,EAAE,EAAE,EAAE,2CAA2C;oBACtD,IAAI;oBACJ,IAAI;oBACJ,WAAW;oBACX,MAAM;oBACN,yBAAyB,EAAE,IAAI;iBAChC,CAAC;YACJ,CAAC;YAED,OAAO,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QAClE,CAAC;QAED,yBAAyB;QACzB,KAAK,CAAC,MAAM,CAAC,KAAK;YAChB,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,GAAG,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,KAAK,CAAC;YAEzF,0CAA0C;YAC1C,IAAI,OAAO,CAAC,gBAAgB,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;gBAChD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;YACnE,CAAC;YAED,oBAAoB;YACpB,MAAM,IAAI,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC;gBAC3C,OAAO;gBACP,KAAK;gBACL,QAAQ;aACT,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACzC,CAAC;YAED,0CAA0C;YAC1C,MAAM,wBAAwB,GAAG,OAAO,CAAC,gBAAgB,EAAE,wBAAwB,KAAK,IAAI,CAAC;YAC7F,IAAI,wBAAwB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpD,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;YACrF,CAAC;YAED,2BAA2B;YAC3B,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAE7E,mCAAmC;YACnC,MAAM,UAAU,GAAG,MAAM,qBAAqB,CAC5C,cAAc,EACd,IAAI,CAAC,EAAE,EACP,QAAQ,EACR,MAAM,EAAE,EAAE,IAAI,IAAI,EAClB,IAAI,CACL,CAAC;YAEF,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACpC,CAAC;YAED,uBAAuB;YACvB,IAAI,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC;gBAC5B,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,aAAa,CAAC;oBACjD,IAAI;oBACJ,QAAQ,EAAE,MAAM,EAAE,EAAE,IAAI,IAAI;oBAC5B,IAAI,EAAE,QAAQ;iBACf,CAAC,CAAC;gBACH,MAAM,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;gBAClD,MAAM,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,CAAC;YAED,OAAO,kBAAkB,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC7E,CAAC;QAED,gBAAgB;QAChB,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,WAAW,EAAE,MAAM;YACjD,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,aAAa,YAAY,aAAa,CAAC,CAAC;YAC1D,CAAC;YAED,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;YAC9B,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;YAE5C,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,sBAAsB,CAAC;gBAChD,KAAK;gBACL,YAAY;gBACZ,MAAM;gBACN,WAAW;aACZ,CAAC,CAAC;YAEH,OAAO;gBACL,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE;gBACnB,KAAK;gBACL,YAAY;aACb,CAAC;QACJ,CAAC;QAED,wBAAwB;QACxB,KAAK,CAAC,mBAAmB,CAAC,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW;YAC5E,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,aAAa,YAAY,aAAa,CAAC,CAAC;YAC1D,CAAC;YAED,2BAA2B;YAC3B,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,yBAAyB,CAAC;gBACtD,IAAI;gBACJ,WAAW;gBACX,YAAY;aACb,CAAC,CAAC;YAEH,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YACpD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAC3D,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAAC;YAErD,sBAAsB;YACtB,IAAI,IAAI,GAAgB,IAAI,CAAC;YAC7B,IAAI,OAAO,GAAmB,IAAI,CAAC;YAEnC,4CAA4C;YAC5C,OAAO,GAAG,MAAM,OAAO,CAAC,qBAAqB,CAAC,YAAY,EAAE,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,CAAC;YAErF,IAAI,OAAO,EAAE,CAAC;gBACZ,8BAA8B;gBAC9B,IAAI,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gBAEnD,gBAAgB;gBAChB,MAAM,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,EAAE;oBACtC,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;oBACjC,oBAAoB,EAAE,MAAM,CAAC,oBAAoB;oBACjD,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC;iBAChC,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC;gBAC3B,uCAAuC;gBACvC,IAAI,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBAEtD,IAAI,IAAI,EAAE,CAAC;oBACT,gCAAgC;oBAChC,OAAO,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC;wBACpC,OAAO,EAAE,IAAI,CAAC,EAAE;wBAChB,SAAS,EAAE,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE;wBAClC,UAAU,EAAE,YAAY;wBACxB,WAAW,EAAE,MAAM,CAAC,WAAW;wBAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;wBACjC,oBAAoB,EAAE,MAAM,CAAC,oBAAoB;wBACjD,OAAO,EAAE,MAAM,CAAC,OAAO;wBACvB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC;qBAChC,CAAC,CAAC;oBAEH,uBAAuB;oBACvB,IAAI,OAAO,CAAC,KAAK,EAAE,oBAAoB,EAAE,CAAC;wBACxC,MAAM,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBAC1D,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,kBAAkB;gBAClB,IAAI,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC;oBAC9B,KAAK,EAAE,SAAS,CAAC,KAAK,IAAI,IAAI;oBAC9B,aAAa,EAAE,SAAS,CAAC,aAAa;oBACtC,SAAS,EAAE,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,IAAI,IAAI,MAAM;oBAC1D,QAAQ,EAAE,SAAS,CAAC,QAAQ,IAAI,IAAI;oBACpC,MAAM,EAAE,QAAQ;iBACjB,CAAC,CAAC;gBAEH,iBAAiB;gBACjB,OAAO,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC;oBACpC,OAAO,EAAE,IAAI,CAAC,EAAE;oBAChB,SAAS,EAAE,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE,YAAY;oBACxB,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;oBACjC,oBAAoB,EAAE,MAAM,CAAC,oBAAoB;oBACjD,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC;iBAChC,CAAC,CAAC;gBAEH,sBAAsB;gBACtB,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,MAAM,CAAC;gBACtE,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC;gBAE3D,IAAI,IAAI,EAAE,CAAC;oBACT,MAAM,OAAO,CAAC,cAAc,CAAC;wBAC3B,OAAO,EAAE,IAAI,CAAC,EAAE;wBAChB,OAAO,EAAE,IAAI,CAAC,EAAE;qBACjB,CAAC,CAAC;gBACL,CAAC;gBAED,aAAa;gBACb,IAAI,OAAO,CAAC,KAAK,EAAE,aAAa,EAAE,CAAC;oBACjC,MAAM,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBACnD,CAAC;gBAED,IAAI,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC;oBAC5B,MAAM,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;YAED,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAClC,CAAC;QAED,mBAAmB;QACnB,KAAK,CAAC,eAAe,CAAC,KAAK;YACzB,MAAM,OAAO,GAAG,YAAY,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAChD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,IAAI,CAAC;YACd,CAAC;YAED,+BAA+B;YAC/B,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YACjF,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC;YAC/B,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,MAAM,yBAAyB,CACnE,IAAI,CAAC,EAAE,EACP,OAAO,CAAC,SAAS,CAClB,CAAC;YAEF,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC;QAC7C,CAAC;QAED,qBAAqB;QACrB,KAAK,CAAC,iBAAiB,CAAC,KAAK;YAC3B,MAAM,OAAO,GAAG,YAAY,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAChD,IAAI,OAAO,EAAE,YAAY,EAAE,CAAC;gBAC1B,MAAM,cAAc,CAAC,iBAAiB,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;gBAE7D,uBAAuB;gBACvB,IAAI,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC;oBAC7B,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;oBACjF,IAAI,aAAa,EAAE,CAAC;wBAClB,MAAM,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;oBACvD,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,KAAK,CAAC,qBAAqB,CAAC,MAAM;YAChC,MAAM,cAAc,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC;QAED,iBAAiB;QACjB,KAAK,CAAC,WAAW,CAAC,MAAM;YACtB,OAAO,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC;QAED,oBAAoB;QACpB,KAAK,CAAC,cAAc,CAAC,KAAK;YACxB,OAAO,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC;QAED,cAAc;QACd,KAAK,CAAC,UAAU,CAAC,MAAM,EAAE,IAAI;YAC3B,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAEpD,IAAI,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,aAAa,EAAE,CAAC;gBACzC,MAAM,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YAC1C,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAED,gCAAgC;QAChC,yBAAyB;QAEzB,kBAAkB;QAClB,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,eAAe,EAAE,WAAW;YACvD,OAAO,kBAAkB,CAAC,cAAc,CAAC;gBACvC,OAAO;gBACP,MAAM;gBACN,eAAe;gBACf,WAAW;aACZ,CAAC,CAAC;QACL,CAAC;QAED,iBAAiB;QACjB,KAAK,CAAC,aAAa,CAAC,MAAM,EAAE,WAAW;YACrC,OAAO,kBAAkB,CAAC,aAAa,CAAC;gBACtC,OAAO;gBACP,MAAM;gBACN,WAAW;aACZ,CAAC,CAAC;QACL,CAAC;QAED,4BAA4B;QAC5B,KAAK,CAAC,uBAAuB,CAAC,KAAK;YACjC,OAAO,mBAAmB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;QAC5D,CAAC;QAED,eAAe;QACf,KAAK,CAAC,WAAW,CAAC,KAAK;YACrB,MAAM,KAAK,GAAG,MAAM,mBAAmB,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAC3D,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAClD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;YAC3D,OAAO,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACvC,CAAC;QAED,oBAAoB;QACpB,KAAK,CAAC,eAAe,CAAC,KAAK;YACzB,OAAO,mBAAmB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QACpD,CAAC;QAED,0CAA0C;QAC1C,KAAK,CAAC,oBAAoB,CAAC,KAAK,EAAE,QAAQ;YACxC,OAAO,mBAAmB,CAAC,oBAAoB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QACnE,CAAC;QAED,oBAAoB;QACpB,KAAK,CAAC,eAAe,CAAC,KAAK;YACzB,MAAM,KAAK,GAAG,MAAM,mBAAmB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC/D,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,IAAI,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,IAAI,CAAC;YACd,CAAC;YAED,2DAA2D;YAC3D,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;gBACxB,MAAM,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC3D,IAAI,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAS,CAAC;YACrD,CAAC;YAED,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAClC,CAAC;QAED,wBAAwB;QACxB,KAAK,CAAC,mBAAmB,CAAC,KAAK;YAC7B,OAAO,mBAAmB,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACxD,CAAC;QAED,6CAA6C;QAC7C,KAAK,CAAC,mBAAmB,CAAC,KAAK,EAAE,WAAW;YAC1C,MAAM,KAAK,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YACnE,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAClD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,KAAK,CAAC;YACf,CAAC;YAED,OAAO,kBAAkB,CAAC,aAAa,CAAC;gBACtC,OAAO;gBACP,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,WAAW;aACZ,CAAC,CAAC;QACL,CAAC;QAED,2CAA2C;QAC3C,KAAK,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,GAAG,EAAE;YAC7C,MAAM,EAAE,QAAQ,GAAG,IAAI,EAAE,WAAW,GAAG,SAAS,EAAE,SAAS,GAAG,IAAI,EAAE,SAAS,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;YAEjG,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;YACpC,CAAC;YAED,OAAO,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;QAC/E,CAAC;KACF,CAAC;AACJ,CAAC;AAED,eAAe,UAAU,CAAC"}

package/dist/auth/index.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Baasix Auth Module
+ *
+ * A flexible authentication module inspired by better-auth architecture.
+ * Supports multiple authentication strategies through adapters and providers.
+ *
+ * Features:
+ * - Email/Password authentication
+ * - OAuth2 social authentication (Google, Facebook, Apple, GitHub)
+ * - Session management
+ * - JWT token handling
+ * - Email verification
+ * - Password reset
+ * - Magic links
+ * - Multi-tenant support
+ * - Session limits
+ *
+ * @example
+ * ```typescript
+ * import { createAuth, createAuthRoutes, createAuthMiddleware } from './auth';
+ *
+ * // Create auth instance
+ * const auth = createAuth({
+ *   secret: process.env.SECRET_KEY,
+ *   emailAndPassword: { enabled: true },
+ *   socialProviders: {
+ *     google: {
+ *       clientId: process.env.GOOGLE_CLIENT_ID,
+ *       clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+ *     },
+ *   },
+ * });
+ *
+ * // Register routes
+ * createAuthRoutes(app, {
+ *   secret: process.env.SECRET_KEY,
+ *   // ... other options
+ * });
+ *
+ * // Use middleware
+ * app.use(createAuthMiddleware(auth));
+ * ```
+ */
+export { createAuth } from "./core.js";
+export type { BaasixAuth } from "./core.js";
+export { createAuthRoutes, createAuthMiddleware, setTokenInResponse } from "./routes.js";
+export type { AuthRouteOptions } from "./routes.js";
+export * from "./types.js";
+export { createBaasixAdapter } from "./adapters/index.js";
+export type { AuthAdapter } from "./adapters/index.js";
+export { google, facebook, apple, github, credential } from "./providers/index.js";
+export type { GoogleOptions, GoogleProfile, FacebookOptions, FacebookProfile, AppleOptions, AppleProfile, GitHubOptions, GitHubProfile, CredentialProvider, CredentialProviderOptions, SocialProviderName, } from "./providers/index.js";
+export { createSessionService, createTokenService, createVerificationService, validateSessionLimits, } from "./services/index.js";
+export type { SessionConfig, SessionService, SessionLimitConfig, TokenConfig, TokenService, VerificationConfig, VerificationService, VerificationType, } from "./services/index.js";
+export { generateState, generateCodeVerifier, generateCodeChallenge, createAuthorizationURL, validateAuthorizationCode, refreshAccessToken, parseOAuth2Tokens, } from "./oauth2/index.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../baasix/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,YAAY,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAG5C,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACzF,YAAY,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAGpD,cAAc,YAAY,CAAC;AAG3B,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,YAAY,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AACnF,YAAY,EACV,aAAa,EACb,aAAa,EACb,eAAe,EACf,eAAe,EACf,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,aAAa,EACb,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,oBAAoB,EACpB,kBAAkB,EAClB,yBAAyB,EACzB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,aAAa,EACb,cAAc,EACd,kBAAkB,EAClB,WAAW,EACX,YAAY,EACZ,kBAAkB,EAClB,mBAAmB,EACnB,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,qBAAqB,EACrB,sBAAsB,EACtB,yBAAyB,EACzB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,mBAAmB,CAAC"}

package/dist/auth/index.js

@@ -0,0 +1,58 @@
+/**
+ * Baasix Auth Module
+ *
+ * A flexible authentication module inspired by better-auth architecture.
+ * Supports multiple authentication strategies through adapters and providers.
+ *
+ * Features:
+ * - Email/Password authentication
+ * - OAuth2 social authentication (Google, Facebook, Apple, GitHub)
+ * - Session management
+ * - JWT token handling
+ * - Email verification
+ * - Password reset
+ * - Magic links
+ * - Multi-tenant support
+ * - Session limits
+ *
+ * @example
+ * ```typescript
+ * import { createAuth, createAuthRoutes, createAuthMiddleware } from './auth';
+ *
+ * // Create auth instance
+ * const auth = createAuth({
+ *   secret: process.env.SECRET_KEY,
+ *   emailAndPassword: { enabled: true },
+ *   socialProviders: {
+ *     google: {
+ *       clientId: process.env.GOOGLE_CLIENT_ID,
+ *       clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+ *     },
+ *   },
+ * });
+ *
+ * // Register routes
+ * createAuthRoutes(app, {
+ *   secret: process.env.SECRET_KEY,
+ *   // ... other options
+ * });
+ *
+ * // Use middleware
+ * app.use(createAuthMiddleware(auth));
+ * ```
+ */
+// Core
+export { createAuth } from "./core.js";
+// Routes
+export { createAuthRoutes, createAuthMiddleware, setTokenInResponse } from "./routes.js";
+// Types
+export * from "./types.js";
+// Adapters
+export { createBaasixAdapter } from "./adapters/index.js";
+// Providers
+export { google, facebook, apple, github, credential } from "./providers/index.js";
+// Services
+export { createSessionService, createTokenService, createVerificationService, validateSessionLimits, } from "./services/index.js";
+// OAuth2 Utilities
+export { generateState, generateCodeVerifier, generateCodeChallenge, createAuthorizationURL, validateAuthorizationCode, refreshAccessToken, parseOAuth2Tokens, } from "./oauth2/index.js";
+//# sourceMappingURL=index.js.map