npm - @civic/auth - Versions diffs - 0.0.1-beta.18 → 0.0.1-beta.2 - Mend

@civic/auth 0.0.1-beta.18 → 0.0.1-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (52) hide show

package/README.md +0 -26
package/dist/chunk-5NUJ7LFF.mjs +17 -0
package/dist/chunk-5NUJ7LFF.mjs.map +1 -0
package/dist/chunk-KS7ERXGZ.js +481 -0
package/dist/chunk-KS7ERXGZ.js.map +1 -0
package/dist/chunk-NINRO7GS.js +209 -0
package/dist/chunk-NINRO7GS.js.map +1 -0
package/dist/chunk-NXBKSUKI.mjs +481 -0
package/dist/chunk-NXBKSUKI.mjs.map +1 -0
package/dist/chunk-T7HUHQ3J.mjs +209 -0
package/dist/chunk-T7HUHQ3J.mjs.map +1 -0
package/dist/chunk-WZLC5B4C.js +17 -0
package/dist/chunk-WZLC5B4C.js.map +1 -0
package/dist/index-DoDoIY_K.d.mts +79 -0
package/dist/index-DoDoIY_K.d.ts +79 -0
package/dist/index.css +70 -63
package/dist/index.css.map +1 -1
package/dist/index.d.mts +1 -3
package/dist/index.d.ts +1 -3
package/dist/nextjs.d.mts +11 -10
package/dist/nextjs.d.ts +11 -10
package/dist/nextjs.js +173 -62
package/dist/nextjs.js.map +1 -1
package/dist/nextjs.mjs +171 -60
package/dist/nextjs.mjs.map +1 -1
package/dist/react.d.mts +65 -39
package/dist/react.d.ts +65 -39
package/dist/react.js +212 -433
package/dist/react.js.map +1 -1
package/dist/react.mjs +235 -456
package/dist/react.mjs.map +1 -1
package/dist/server.d.mts +12 -13
package/dist/server.d.ts +12 -13
package/dist/server.js +186 -3
package/dist/server.js.map +1 -1
package/dist/server.mjs +192 -9
package/dist/server.mjs.map +1 -1
package/package.json +4 -4
package/dist/chunk-5XL2ST72.mjs +0 -226
package/dist/chunk-5XL2ST72.mjs.map +0 -1
package/dist/chunk-G3P5TIO2.mjs +0 -708
package/dist/chunk-G3P5TIO2.mjs.map +0 -1
package/dist/chunk-RF23Q4V6.js +0 -708
package/dist/chunk-RF23Q4V6.js.map +0 -1
package/dist/chunk-SEKF2WZX.js +0 -226
package/dist/chunk-SEKF2WZX.js.map +0 -1
package/dist/index-DTimUlkB.d.ts +0 -17
package/dist/index-DvjkKpkk.d.mts +0 -17
package/dist/types-HdCjGldB.d.mts +0 -58
package/dist/types-HdCjGldB.d.ts +0 -58
package/dist/types-b4c1koXj.d.mts +0 -19
package/dist/types-b4c1koXj.d.ts +0 -19

package/dist/chunk-NXBKSUKI.mjs ADDED Viewed

@@ -0,0 +1,481 @@
+import {
+  buildOauth2Client,
+  displayModeFromState,
+  generateState,
+  getOauthEndpoints,
+  isPopupBlocked,
+  validateOauth2Tokens,
+  withoutUndefined
+} from "./chunk-T7HUHQ3J.mjs";
+import {
+  __async,
+  __spreadProps,
+  __spreadValues
+} from "./chunk-RGHW4PYM.mjs";
+// src/lib/logger.ts
+import debug from "debug";
+var PACKAGE_NAME = "@civic/auth";
+var DebugLogger = class {
+  constructor(namespace) {
+    this.debugLogger = debug(`${PACKAGE_NAME}:${namespace}:debug`);
+    this.infoLogger = debug(`${PACKAGE_NAME}:${namespace}:info`);
+    this.warnLogger = debug(`${PACKAGE_NAME}:${namespace}:warn`);
+    this.errorLogger = debug(`${PACKAGE_NAME}:${namespace}:error`);
+    this.debugLogger.color = "4";
+    this.infoLogger.color = "2";
+    this.warnLogger.color = "3";
+    this.errorLogger.color = "1";
+  }
+  debug(message, ...args) {
+    this.debugLogger(message, ...args);
+  }
+  info(message, ...args) {
+    this.infoLogger(message, ...args);
+  }
+  warn(message, ...args) {
+    this.warnLogger(message, ...args);
+  }
+  error(message, ...args) {
+    this.errorLogger(message, ...args);
+  }
+};
+var createLogger = (namespace) => new DebugLogger(namespace);
+var loggers = {
+  // Next.js specific loggers
+  nextjs: {
+    routes: createLogger("api:routes"),
+    middleware: createLogger("api:middleware"),
+    handlers: {
+      auth: createLogger("api:handlers:auth")
+    }
+  },
+  // React specific loggers
+  react: {
+    components: createLogger("react:components"),
+    hooks: createLogger("react:hooks"),
+    context: createLogger("react:context")
+  },
+  // Shared utilities loggers
+  services: {
+    validation: createLogger("utils:validation"),
+    network: createLogger("utils:network")
+  }
+};
+// src/nextjs/config.ts
+var logger = loggers.nextjs.handlers.auth;
+var defaultAuthConfig = {
+  oauthServer: "https://auth-dev.civic.com/oauth",
+  callbackUrl: "/api/auth/callback",
+  challengeUrl: "/api/auth/challenge",
+  logoutUrl: "/api/auth/logout",
+  loginUrl: "/",
+  include: ["/*"],
+  exclude: [],
+  cookies: {
+    tokens: {
+      sameSite: "strict",
+      path: "/",
+      maxAge: 60 * 60
+      // 1 hour
+    },
+    user: {
+      sameSite: "strict",
+      path: "/",
+      maxAge: 60 * 60
+      // 1 hour
+    }
+  }
+};
+var resolveAuthConfig = (config = {}) => {
+  var _a, _b, _c, _d;
+  const configFromEnv = withoutUndefined({
+    clientId: process.env._civic_auth_client_id,
+    oauthServer: process.env._civic_oauth_server,
+    callbackUrl: process.env._civic_auth_callback_url,
+    challengeUrl: process.env._civic_auth_challenge_url,
+    loginUrl: process.env._civic_auth_login_url,
+    logoutUrl: process.env._civic_auth_logout_url,
+    include: (_a = process.env._civic_auth_includes) == null ? void 0 : _a.split(","),
+    exclude: (_b = process.env._civic_auth_excludes) == null ? void 0 : _b.split(","),
+    cookies: process.env._civic_auth_cookie_config ? JSON.parse(process.env._civic_auth_cookie_config) : void 0
+  });
+  const mergedConfig = __spreadProps(__spreadValues(__spreadValues(__spreadValues({}, defaultAuthConfig), configFromEnv), config), {
+    // Override with directly passed config
+    cookies: {
+      tokens: __spreadValues(__spreadValues({}, defaultAuthConfig.cookies.tokens), ((_c = config.cookies) == null ? void 0 : _c.tokens) || {}),
+      user: __spreadValues(__spreadValues({}, defaultAuthConfig.cookies.user), ((_d = config.cookies) == null ? void 0 : _d.user) || {})
+    }
+  });
+  logger.debug("Config from environment:", configFromEnv);
+  logger.debug("Resolved config:", mergedConfig);
+  if (mergedConfig.clientId === void 0) {
+    throw new Error("Civic Auth client ID is required");
+  }
+  return mergedConfig;
+};
+var createCivicAuthPlugin = (clientId, authConfig = {}) => {
+  return (nextConfig) => {
+    const resolvedConfig = resolveAuthConfig(__spreadProps(__spreadValues({}, authConfig), { clientId }));
+    return __spreadProps(__spreadValues({}, nextConfig), {
+      env: __spreadProps(__spreadValues({}, nextConfig == null ? void 0 : nextConfig.env), {
+        // Internal environment variables - do not set these manually
+        _civic_auth_client_id: clientId,
+        _civic_oauth_server: resolvedConfig.oauthServer,
+        _civic_auth_callback_url: resolvedConfig.callbackUrl,
+        _civic_auth_challenge_url: resolvedConfig.challengeUrl,
+        _civic_auth_login_url: resolvedConfig.loginUrl,
+        _civic_auth_logout_url: resolvedConfig.logoutUrl,
+        _civic_auth_includes: resolvedConfig.include.join(","),
+        _civic_auth_excludes: resolvedConfig.exclude.join(","),
+        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies)
+      })
+    });
+  };
+};
+// src/services/UserInfoService.ts
+import { parseJWT } from "oslo/jwt";
+var UserInfoServiceImpl = class {
+  constructor(endpoints) {
+    this.endpoints = endpoints;
+  }
+  extractUserFromIdToken(idToken) {
+    const parsedJWT = parseJWT(idToken);
+    if (!parsedJWT) {
+      return null;
+    }
+    return parsedJWT.payload;
+  }
+  getUserInfo(accessToken, idToken) {
+    return __async(this, null, function* () {
+      if (idToken) {
+        return this.extractUserFromIdToken(idToken);
+      }
+      const userInfo = yield fetch(this.endpoints.userinfo, {
+        headers: { Authorization: `Bearer ${accessToken}` }
+      });
+      return userInfo.json();
+    });
+  }
+};
+// src/services/SessionService.ts
+import { generateCodeVerifier } from "oslo/oauth2";
+var AuthSessionServiceImpl = class {
+  constructor(clientId, redirectUrl, oauthServer, inputEndpoints) {
+    this.clientId = clientId;
+    this.redirectUrl = redirectUrl;
+    this.oauthServer = oauthServer;
+    this.inputEndpoints = inputEndpoints;
+    this.codeVerifier = void 0;
+    this.refreshTokenTimeout = null;
+    this.codeVerifier = this.getCodeVerifier();
+    this.endpoints = inputEndpoints;
+  }
+  getCodeVerifier() {
+    return generateCodeVerifier();
+  }
+  getUserInfoService() {
+    return __async(this, null, function* () {
+      if (this.userInfoService) {
+        return this.userInfoService;
+      }
+      const endpoints = yield this.getEndpoints();
+      this.userInfoService = new UserInfoServiceImpl(endpoints);
+      return this.userInfoService;
+    });
+  }
+  getEndpoints() {
+    return __async(this, null, function* () {
+      var _a;
+      if ((_a = this.endpoints) == null ? void 0 : _a.auth) {
+        return this.endpoints;
+      }
+      const jwksEndpoints = yield getOauthEndpoints(this.oauthServer);
+      return this.endpoints ? __spreadValues(__spreadValues({}, this.endpoints), jwksEndpoints) : jwksEndpoints;
+    });
+  }
+  getOauth2Client() {
+    return __async(this, null, function* () {
+      if (this.oauth2Client) {
+        return this.oauth2Client;
+      }
+      const endpoints = yield this.getEndpoints();
+      this.oauth2Client = buildOauth2Client(
+        this.clientId,
+        this.redirectUrl,
+        endpoints
+      );
+      return this.oauth2Client;
+    });
+  }
+  getSessionData() {
+    console.log("getSessionData", this.clientId);
+    const storedItem = localStorage.getItem(`civic-auth:${this.clientId}`) || "{}";
+    console.log("stored item", storedItem);
+    return JSON.parse(storedItem);
+  }
+  updateSessionData(data) {
+    localStorage.setItem(
+      `civic-auth:${this.clientId}`,
+      JSON.stringify(__spreadValues({}, data))
+    );
+  }
+  getUser() {
+    return JSON.parse(
+      localStorage.getItem(`civic-auth:${this.clientId}:user`) || "{}"
+    );
+  }
+  setUser(data) {
+    localStorage.setItem(
+      `civic-auth:${this.clientId}:user`,
+      JSON.stringify(data === null ? {} : data)
+    );
+  }
+  clearSessionData() {
+    localStorage.setItem(`civic-auth:${this.clientId}`, JSON.stringify({}));
+  }
+  getAuthorizationUrlWithChallenge(state, scopes) {
+    return __async(this, null, function* () {
+      var _a;
+      const oauth2Client = yield this.getOauth2Client();
+      if ((_a = this.endpoints) == null ? void 0 : _a.challenge) {
+        const challenge = yield fetch(this.endpoints.challenge).then(
+          (res) => res.json().then((data) => data.challenge)
+        );
+        const oAuthUrl = yield oauth2Client.createAuthorizationURL({
+          state,
+          scopes
+        });
+        oAuthUrl.searchParams.append("code_challenge", challenge);
+        oAuthUrl.searchParams.append("code_challenge_method", "S256");
+        return oAuthUrl;
+      }
+      return oauth2Client.createAuthorizationURL({
+        state,
+        codeVerifier: this.codeVerifier,
+        codeChallengeMethod: "S256",
+        scopes
+      });
+    });
+  }
+  getAuthorizationUrl(scopes, displayMode, nonce) {
+    return __async(this, null, function* () {
+      const state = generateState(displayMode);
+      const existingSessionData = this.getSessionData();
+      this.updateSessionData(__spreadProps(__spreadValues({}, existingSessionData), {
+        codeVerifier: this.codeVerifier,
+        displayMode
+      }));
+      const oAuthUrl = yield this.getAuthorizationUrlWithChallenge(state, scopes);
+      if (nonce) {
+        oAuthUrl.searchParams.append("nonce", nonce);
+      }
+      oAuthUrl.searchParams.append("prompt", "consent");
+      return oAuthUrl.toString();
+    });
+  }
+  // TODO fix the Window reference
+  loadAuthorizationUrl(authorizationURL, displayMode) {
+    switch (displayMode) {
+      case "iframe":
+        break;
+      case "redirect":
+        window.location.href = authorizationURL;
+        break;
+      case "new_tab":
+        window.open(authorizationURL, "_blank");
+        break;
+      case "custom_tab":
+        break;
+    }
+  }
+  init() {
+    return __async(this, null, function* () {
+      yield this.getOauth2Client();
+      return this;
+    });
+  }
+  logout() {
+    return __async(this, null, function* () {
+      this.updateSessionData({ authenticated: false });
+    });
+  }
+  determineDisplayMode(displayMode) {
+    if (isPopupBlocked() && displayMode === "iframe") {
+      displayMode = "redirect";
+    }
+    return displayMode;
+  }
+  signIn(displayMode, scopes, nonce) {
+    return __async(this, null, function* () {
+      const authorizationURL = yield this.getAuthorizationUrl(
+        scopes,
+        displayMode,
+        nonce
+      );
+      this.loadAuthorizationUrl(authorizationURL, displayMode);
+    });
+  }
+  tokenExchange(responseUrl) {
+    return __async(this, null, function* () {
+      let session = this.getSessionData();
+      if (!session.authenticated) {
+        const url = new URL(responseUrl);
+        const authorizationCode = url.searchParams.get("code");
+        const returnedState = url.searchParams.get("state");
+        if (!authorizationCode || !returnedState) {
+          throw new Error("Invalid authorization response");
+        }
+        const codeVerifier = session.codeVerifier;
+        const oauth2Client = yield this.getOauth2Client();
+        const tokens = yield oauth2Client.validateAuthorizationCode(
+          authorizationCode,
+          {
+            codeVerifier
+          }
+        );
+        try {
+          yield this.validateTokens(tokens);
+        } catch (error) {
+          console.error("tokenExchange tokens", { error, tokens });
+          throw new Error(
+            `OIDC tokens validation failed: ${error.message}`
+          );
+        }
+        const parsedDisplayMode = displayModeFromState(
+          returnedState,
+          session.displayMode
+        );
+        session = __spreadProps(__spreadValues({}, session), {
+          displayMode: parsedDisplayMode,
+          idToken: tokens.id_token,
+          authenticated: true,
+          state: returnedState,
+          accessToken: tokens.access_token,
+          refreshToken: tokens.refresh_token,
+          timestamp: Date.now(),
+          expiresIn: tokens.expires_in
+        });
+        this.updateSessionData(session);
+        const user = yield (yield this.getUserInfoService()).getUserInfo(tokens.access_token, tokens.id_token || null);
+        this.setUser(user);
+      }
+      this.setupTokenRefresh(session);
+      if (session.displayMode === "new_tab") {
+        window.close();
+      } else if (session.displayMode === "redirect") {
+      }
+      return session;
+    });
+  }
+  setupTokenRefresh(session) {
+    if (this.refreshTokenTimeout) {
+      clearTimeout(this.refreshTokenTimeout);
+    }
+    if (session.expiresIn) {
+      const elapsedTime = Date.now() - (session.timestamp || 0);
+      const remainingTime = session.expiresIn * 1e3 - elapsedTime;
+      const refreshTime = Math.max(0, remainingTime - 6e4);
+      this.refreshTokenTimeout = setTimeout(() => {
+        this.refreshToken().then((newSession) => {
+          console.log("Token refreshed successfully", newSession);
+        }).catch((error) => {
+          console.error("Failed to refresh token:", error);
+          this.updateSessionData({});
+        });
+      }, refreshTime);
+    }
+  }
+  refreshToken() {
+    return __async(this, null, function* () {
+      const sessionData = this.getSessionData();
+      if (!sessionData.refreshToken) {
+        throw new Error("No refresh token available");
+      }
+      const oauth2Client = yield this.getOauth2Client();
+      const tokens = yield oauth2Client.refreshAccessToken(
+        sessionData.refreshToken
+      );
+      const session = __spreadProps(__spreadValues({}, sessionData), {
+        idToken: tokens.id_token,
+        authenticated: true,
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        timestamp: Date.now(),
+        expiresIn: tokens.expires_in
+      });
+      this.updateSessionData(session);
+      this.setupTokenRefresh(session);
+      return session;
+    });
+  }
+  getUserInfo() {
+    return __async(this, null, function* () {
+      const sessionData = this.getSessionData();
+      if (!sessionData.accessToken) {
+        throw new Error("No access token available");
+      }
+      const userInfoService = yield this.getUserInfoService();
+      return userInfoService.getUserInfo(
+        sessionData.accessToken,
+        sessionData.idToken || null
+      );
+    });
+  }
+  /**
+   * Uses the jose library to validate a JWT token using the OAuth JWKS endpoint
+   * @returns {Promise<jose.JWTPayload>}
+   * @throws {Error} if the token is invalid
+   * @param tokens
+   */
+  validateTokens(tokens) {
+    return __async(this, null, function* () {
+      const endpoints = yield this.getEndpoints();
+      if (!this.oauth2Client) yield this.init();
+      return validateOauth2Tokens(
+        tokens,
+        endpoints,
+        this.oauth2Client,
+        this.oauthServer
+      );
+    });
+  }
+  validateExistingSession() {
+    return __async(this, null, function* () {
+      const sessionData = this.getSessionData();
+      try {
+        if (!sessionData.idToken || !sessionData.accessToken) {
+          const unAuthenticatedSession = __spreadProps(__spreadValues({}, sessionData), { authenticated: false });
+          this.updateSessionData(unAuthenticatedSession);
+          return unAuthenticatedSession;
+        }
+        yield this.validateTokens({
+          id_token: sessionData.idToken,
+          access_token: sessionData.accessToken,
+          refresh_token: sessionData.refreshToken
+        });
+        sessionData.authenticated = true;
+        return sessionData;
+      } catch (error) {
+        console.warn("Failed to validate existing tokens", error);
+        const unAuthenticatedSession = {
+          authenticated: false
+        };
+        this.updateSessionData(unAuthenticatedSession);
+        return unAuthenticatedSession;
+      }
+    });
+  }
+};
+export {
+  AuthSessionServiceImpl,
+  loggers,
+  defaultAuthConfig,
+  resolveAuthConfig,
+  createCivicAuthPlugin
+};
+//# sourceMappingURL=chunk-NXBKSUKI.mjs.map

package/dist/chunk-NXBKSUKI.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/lib/logger.ts","../src/nextjs/config.ts","../src/services/UserInfoService.ts","../src/services/SessionService.ts"],"sourcesContent":["import debug from \"debug\";\n\nconst PACKAGE_NAME = \"@civic/auth\";\n\nexport interface Logger {\n debug(message: string, ...args: unknown[]): void;\n info(message: string, ...args: unknown[]): void;\n warn(message: string, ...args: unknown[]): void;\n error(message: string, ...args: unknown[]): void;\n}\n\nclass DebugLogger implements Logger {\n private debugLogger: debug.Debugger;\n private infoLogger: debug.Debugger;\n private warnLogger: debug.Debugger;\n private errorLogger: debug.Debugger;\n\n constructor(namespace: string) {\n // Format: @org/package:library:component:level\n this.debugLogger = debug(`${PACKAGE_NAME}:${namespace}:debug`);\n this.infoLogger = debug(`${PACKAGE_NAME}:${namespace}:info`);\n this.warnLogger = debug(`${PACKAGE_NAME}:${namespace}:warn`);\n this.errorLogger = debug(`${PACKAGE_NAME}:${namespace}:error`);\n\n this.debugLogger.color = \"4\";\n this.infoLogger.color = \"2\";\n this.warnLogger.color = \"3\";\n this.errorLogger.color = \"1\";\n }\n\n debug(message: string, ...args: unknown[]): void {\n this.debugLogger(message, ...args);\n }\n\n info(message: string, ...args: unknown[]): void {\n this.infoLogger(message, ...args);\n }\n\n warn(message: string, ...args: unknown[]): void {\n this.warnLogger(message, ...args);\n }\n\n error(message: string, ...args: unknown[]): void {\n this.errorLogger(message, ...args);\n }\n}\n\nexport const createLogger = (namespace: string): Logger =>\n new DebugLogger(namespace);\n\n// Pre-configured loggers for different parts of your package\nexport const loggers = {\n // Next.js specific loggers\n nextjs: {\n routes: createLogger(\"api:routes\"),\n middleware: createLogger(\"api:middleware\"),\n handlers: {\n auth: createLogger(\"api:handlers:auth\"),\n },\n },\n // React specific loggers\n react: {\n components: createLogger(\"react:components\"),\n hooks: createLogger(\"react:hooks\"),\n context: createLogger(\"react:context\"),\n },\n // Shared utilities loggers\n services: {\n validation: createLogger(\"utils:validation\"),\n network: createLogger(\"utils:network\"),\n },\n} as const;\n","/* eslint-disable turbo/no-undeclared-env-vars */\nimport { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger\";\nimport { withoutUndefined } from \"@/utils.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nexport interface CookieConfig {\n secure?: boolean;\n sameSite?: \"strict\" | \"lax\" | \"none\";\n domain?: string;\n path?: string;\n maxAge?: number;\n}\n\nexport type AuthConfigWithDefaults = {\n clientId: string;\n oauthServer: string;\n callbackUrl: string;\n loginUrl: string;\n logoutUrl: string;\n challengeUrl: string;\n include: string[];\n exclude: string[];\n cookies: {\n tokens: CookieConfig;\n user: CookieConfig;\n };\n};\n\nexport type AuthConfig = Partial<AuthConfigWithDefaults>;\n\nexport type DefinedAuthConfig = AuthConfigWithDefaults;\n\n/**\n * Default configuration values that will be used if not overridden\n */\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n oauthServer: \"https://auth-dev.civic.com/oauth\",\n callbackUrl: \"/api/auth/callback\",\n challengeUrl: \"/api/auth/challenge\",\n logoutUrl: \"/api/auth/logout\",\n loginUrl: \"/\",\n include: [\"/*\"],\n exclude: [],\n cookies: {\n tokens: {\n sameSite: \"strict\",\n path: \"/\",\n maxAge: 60 * 60, // 1 hour\n },\n user: {\n sameSite: \"strict\",\n path: \"/\",\n maxAge: 60 * 60, // 1 hour\n },\n },\n};\n\n/**\n * Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n *\n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * callbackUrl: '/custom/callback',\n * })\n * ```\n */\nexport const resolveAuthConfig = (\n config: AuthConfig = {},\n): AuthConfigWithDefaults & { clientId: string } => {\n // Read configuration that was set by the plugin via environment variables\n const configFromEnv = withoutUndefined({\n clientId: process.env._civic_auth_client_id,\n oauthServer: process.env._civic_oauth_server,\n callbackUrl: process.env._civic_auth_callback_url,\n challengeUrl: process.env._civic_auth_challenge_url,\n loginUrl: process.env._civic_auth_login_url,\n logoutUrl: process.env._civic_auth_logout_url,\n include: process.env._civic_auth_includes?.split(\",\"),\n exclude: process.env._civic_auth_excludes?.split(\",\"),\n cookies: process.env._civic_auth_cookie_config\n ? JSON.parse(process.env._civic_auth_cookie_config)\n : undefined,\n });\n\n const mergedConfig = {\n ...defaultAuthConfig,\n ...configFromEnv, // Apply plugin-set config\n ...config, // Override with directly passed config\n cookies: {\n tokens: {\n ...defaultAuthConfig.cookies.tokens,\n ...(config.cookies?.tokens || {}),\n },\n user: {\n ...defaultAuthConfig.cookies.user,\n ...(config.cookies?.user || {}),\n },\n },\n };\n\n logger.debug(\"Config from environment:\", configFromEnv);\n logger.debug(\"Resolved config:\", mergedConfig);\n if (mergedConfig.clientId === undefined) {\n throw new Error(\"Civic Auth client ID is required\");\n }\n return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/**\n * Creates a Next.js plugin that handles auth configuration.\n *\n * This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * clientId: 'my-client-id',\n * callbackUrl: '/custom/callback',\n * loginUrl: '/custom/login',\n * logoutUrl: '/custom/logout',\n * include: ['/protected/*'],\n * exclude: ['/public/*']\n * })\n * ```\n *\n * The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (\n clientId: string,\n authConfig: AuthConfig = {},\n) => {\n return (nextConfig?: NextConfig) => {\n const resolvedConfig = resolveAuthConfig({ ...authConfig, clientId });\n return {\n ...nextConfig,\n env: {\n ...nextConfig?.env,\n // Internal environment variables - do not set these manually\n _civic_auth_client_id: clientId,\n _civic_oauth_server: resolvedConfig.oauthServer,\n _civic_auth_callback_url: resolvedConfig.callbackUrl,\n _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n _civic_auth_login_url: resolvedConfig.loginUrl,\n _civic_auth_logout_url: resolvedConfig.logoutUrl,\n _civic_auth_includes: resolvedConfig.include.join(\",\"),\n _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n },\n };\n };\n};\n","import { UserInfoService, Endpoints } from \"@/types\";\nimport { parseJWT } from \"oslo/jwt\";\n\nexport class UserInfoServiceImpl implements UserInfoService {\n constructor(private endpoints: Endpoints) {}\n\n extractUserFromIdToken<T>(idToken: string): T | null {\n const parsedJWT = parseJWT(idToken);\n if (!parsedJWT) {\n return null;\n }\n return parsedJWT.payload as T;\n }\n\n async getUserInfo<T>(\n accessToken: string,\n idToken: string | null,\n ): Promise<T | null> {\n if (idToken) {\n return this.extractUserFromIdToken<T>(idToken);\n }\n\n const userInfo = await fetch(this.endpoints.userinfo, {\n headers: { Authorization: `Bearer ${accessToken}` },\n });\n return userInfo.json() as T;\n }\n}\n","import {\n AuthSessionService,\n DisplayMode,\n Endpoints,\n OIDCTokenResponseBody,\n ParsedTokens,\n SessionData,\n UnknownObject,\n User,\n UserInfoService,\n} from \"../types\";\nimport { UserInfoServiceImpl } from \"./UserInfoService\";\nimport { generateCodeVerifier, OAuth2Client } from \"oslo/oauth2\";\nimport {\n displayModeFromState,\n generateState,\n getOauthEndpoints,\n} from \"@/lib/oauth\";\nimport { isPopupBlocked } from \"@/utils\";\nimport { buildOauth2Client, validateOauth2Tokens } from \"@/shared/util.js\";\n\nexport type StorageInterface = {\n get(): SessionData;\n getUser(): User<UnknownObject> | null;\n set(data: Partial<SessionData>): void;\n setUser(data: User<UnknownObject> | null): void;\n clear(): void;\n};\n\nexport class AuthSessionServiceImpl implements AuthSessionService {\n private endpoints: Endpoints | undefined;\n private oauth2Client: OAuth2Client | undefined;\n private userInfoService: UserInfoService | undefined;\n private codeVerifier: string | undefined = undefined;\n private refreshTokenTimeout: NodeJS.Timeout | null = null;\n\n constructor(\n readonly clientId: string,\n readonly redirectUrl: string,\n readonly oauthServer: string,\n readonly inputEndpoints?: Partial<Endpoints> | undefined,\n ) {\n this.codeVerifier = this.getCodeVerifier();\n this.endpoints = inputEndpoints as Endpoints;\n }\n\n protected getCodeVerifier(): string {\n return generateCodeVerifier();\n }\n\n public async getUserInfoService(): Promise<UserInfoService> {\n if (this.userInfoService) {\n return this.userInfoService;\n }\n const endpoints = await this.getEndpoints();\n\n this.userInfoService = new UserInfoServiceImpl(endpoints);\n return this.userInfoService;\n }\n\n protected async getEndpoints(): Promise<Endpoints> {\n if (this.endpoints?.auth) {\n return this.endpoints;\n }\n const jwksEndpoints = await getOauthEndpoints(this.oauthServer);\n return this.endpoints\n ? { ...this.endpoints, ...jwksEndpoints }\n : jwksEndpoints;\n }\n\n protected async getOauth2Client() {\n if (this.oauth2Client) {\n return this.oauth2Client;\n }\n const endpoints = await this.getEndpoints();\n this.oauth2Client = buildOauth2Client(\n this.clientId,\n this.redirectUrl,\n endpoints,\n );\n return this.oauth2Client;\n }\n\n getSessionData(): SessionData {\n console.log(\"getSessionData\", this.clientId);\n const storedItem =\n localStorage.getItem(`civic-auth:${this.clientId}`) || \"{}\";\n console.log(\"stored item\", storedItem);\n return JSON.parse(storedItem) as SessionData;\n }\n\n updateSessionData(data: Partial<SessionData>): void {\n localStorage.setItem(\n `civic-auth:${this.clientId}`,\n JSON.stringify({ ...data }),\n );\n }\n\n getUser(): User<UnknownObject> | null {\n return JSON.parse(\n localStorage.getItem(`civic-auth:${this.clientId}:user`) || \"{}\",\n ) as User<UnknownObject>;\n }\n\n setUser(data: User<UnknownObject> | null): void {\n localStorage.setItem(\n `civic-auth:${this.clientId}:user`,\n JSON.stringify(data === null ? {} : data),\n );\n }\n\n clearSessionData(): void {\n localStorage.setItem(`civic-auth:${this.clientId}`, JSON.stringify({}));\n }\n\n async getAuthorizationUrlWithChallenge(\n state: string,\n scopes: string[],\n ): Promise<URL> {\n const oauth2Client = await this.getOauth2Client();\n if (this.endpoints?.challenge) {\n const challenge = await fetch(this.endpoints.challenge).then((res) =>\n res.json().then((data) => data.challenge),\n );\n const oAuthUrl = await oauth2Client.createAuthorizationURL({\n state,\n scopes,\n });\n oAuthUrl.searchParams.append(\"code_challenge\", challenge);\n oAuthUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n return oAuthUrl;\n }\n return oauth2Client.createAuthorizationURL({\n state,\n codeVerifier: this.codeVerifier,\n codeChallengeMethod: \"S256\",\n scopes,\n });\n }\n\n async getAuthorizationUrl(\n scopes: string[],\n displayMode: DisplayMode,\n nonce?: string,\n ): Promise<string> {\n const state = generateState(displayMode);\n const existingSessionData = this.getSessionData();\n // TODO DK NOTES: Getter should not update state. This would be confusing to others. Should probably be part of signIn()\n this.updateSessionData({\n ...existingSessionData,\n codeVerifier: this.codeVerifier,\n displayMode,\n });\n const oAuthUrl = await this.getAuthorizationUrlWithChallenge(state, scopes);\n if (nonce) {\n // nonce isn't supported by oslo, so we add it manually\n oAuthUrl.searchParams.append(\"nonce\", nonce);\n }\n oAuthUrl.searchParams.append(\"prompt\", \"consent\");\n return oAuthUrl.toString();\n }\n\n // TODO fix the Window reference\n loadAuthorizationUrl(authorizationURL: string, displayMode: DisplayMode) {\n switch (displayMode) {\n case \"iframe\":\n // Implement iframe logic\n break;\n case \"redirect\":\n window.location.href = authorizationURL;\n break;\n case \"new_tab\":\n window.open(authorizationURL, \"_blank\");\n break;\n case \"custom_tab\":\n // Implement custom tab logic (might require native app integration)\n break;\n }\n }\n\n async init(): Promise<this> {\n await this.getOauth2Client();\n return this;\n }\n\n async logout(): Promise<void> {\n this.updateSessionData({ authenticated: false });\n }\n\n determineDisplayMode(displayMode: DisplayMode): DisplayMode {\n // If popups are blocked and we're in iframe mode, we need to override the display mode to redirect\n if (isPopupBlocked() && displayMode === \"iframe\") {\n displayMode = \"redirect\";\n }\n // TODO: Add additional checks to determine the display mode for new_mode if new tabs are blocked.\n return displayMode;\n }\n\n async signIn(\n displayMode: DisplayMode,\n scopes: string[],\n nonce: string,\n ): Promise<void> {\n const authorizationURL = await this.getAuthorizationUrl(\n scopes,\n displayMode,\n nonce,\n );\n\n this.loadAuthorizationUrl(authorizationURL, displayMode);\n }\n\n async tokenExchange(responseUrl: string): Promise<SessionData> {\n let session = this.getSessionData();\n\n if (!session.authenticated) {\n const url = new URL(responseUrl);\n const authorizationCode = url.searchParams.get(\"code\");\n const returnedState = url.searchParams.get(\"state\");\n if (!authorizationCode || !returnedState) {\n throw new Error(\"Invalid authorization response\");\n }\n const codeVerifier = session.codeVerifier;\n const oauth2Client = await this.getOauth2Client();\n const tokens =\n await oauth2Client.validateAuthorizationCode<OIDCTokenResponseBody>(\n authorizationCode,\n {\n codeVerifier,\n },\n );\n\n // Validate relevant tokens\n try {\n await this.validateTokens(tokens);\n } catch (error) {\n console.error(\"tokenExchange tokens\", { error, tokens });\n throw new Error(\n `OIDC tokens validation failed: ${(error as Error).message}`,\n );\n }\n const parsedDisplayMode = displayModeFromState(\n returnedState,\n session.displayMode,\n );\n // Update session with authentication result\n session = {\n ...session,\n displayMode: parsedDisplayMode,\n idToken: tokens.id_token,\n authenticated: true,\n state: returnedState,\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token,\n timestamp: Date.now(),\n expiresIn: tokens.expires_in,\n };\n this.updateSessionData(session);\n const user = await (\n await this.getUserInfoService()\n ).getUserInfo(tokens.access_token, tokens.id_token || null);\n this.setUser(user);\n }\n\n // Set up automatic token refresh\n this.setupTokenRefresh(session);\n\n if (session.displayMode === \"new_tab\") {\n // Close the popup window\n window.close();\n } else if (session.displayMode === \"redirect\") {\n // TODO: Determine if there is anything additional to do here\n }\n return session;\n }\n\n private setupTokenRefresh(session: SessionData): void {\n if (this.refreshTokenTimeout) {\n clearTimeout(this.refreshTokenTimeout);\n }\n\n if (session.expiresIn) {\n // Calculate remaining time by subtracting elapsed time from total expiration time\n const elapsedTime = Date.now() - (session.timestamp || 0);\n const remainingTime = session.expiresIn * 1000 - elapsedTime;\n // Refresh the token 1 minute before it expires\n const refreshTime = Math.max(0, remainingTime - 60000);\n\n this.refreshTokenTimeout = setTimeout(() => {\n this.refreshToken()\n .then((newSession) => {\n console.log(\"Token refreshed successfully\", newSession);\n })\n .catch((error) => {\n console.error(\"Failed to refresh token:\", error);\n // Handle the error (e.g., log out the user or retry)\n // TODO this should be replaced by the real logout once it is available\n this.updateSessionData({});\n });\n }, refreshTime);\n }\n }\n\n async refreshToken(): Promise<SessionData> {\n const sessionData = this.getSessionData();\n if (!sessionData.refreshToken) {\n throw new Error(\"No refresh token available\");\n }\n const oauth2Client = await this.getOauth2Client();\n const tokens = await oauth2Client.refreshAccessToken<OIDCTokenResponseBody>(\n sessionData.refreshToken,\n );\n\n // Update session data\n const session = {\n ...sessionData,\n idToken: tokens.id_token,\n authenticated: true,\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token,\n timestamp: Date.now(),\n expiresIn: tokens.expires_in,\n };\n this.updateSessionData(session);\n\n // Schedule next automatic refresh\n this.setupTokenRefresh(session);\n\n return session;\n }\n\n async getUserInfo<T extends UnknownObject>(): Promise<User<T> | null> {\n const sessionData = this.getSessionData();\n if (!sessionData.accessToken) {\n throw new Error(\"No access token available\");\n }\n const userInfoService = await this.getUserInfoService();\n return userInfoService.getUserInfo<T>(\n sessionData.accessToken,\n sessionData.idToken || null,\n );\n }\n\n /**\n * Uses the jose library to validate a JWT token using the OAuth JWKS endpoint\n * @returns {Promise<jose.JWTPayload>}\n * @throws {Error} if the token is invalid\n * @param tokens\n */\n async validateTokens(tokens: OIDCTokenResponseBody): Promise<ParsedTokens> {\n const endpoints = await this.getEndpoints();\n\n if (!this.oauth2Client) await this.init();\n\n return validateOauth2Tokens(\n tokens,\n endpoints,\n this.oauth2Client!,\n this.oauthServer,\n );\n }\n\n async validateExistingSession(): Promise<SessionData> {\n const sessionData = this.getSessionData();\n try {\n if (!sessionData.idToken || !sessionData.accessToken) {\n const unAuthenticatedSession = { ...sessionData, authenticated: false };\n this.updateSessionData(unAuthenticatedSession);\n return unAuthenticatedSession;\n }\n await this.validateTokens({\n id_token: sessionData.idToken as string,\n access_token: sessionData.accessToken as string,\n refresh_token: sessionData.refreshToken as string,\n });\n sessionData.authenticated = true;\n return sessionData;\n } catch (error) {\n console.warn(\"Failed to validate existing tokens\", error);\n const unAuthenticatedSession = {\n authenticated: false,\n };\n this.updateSessionData(unAuthenticatedSession);\n return unAuthenticatedSession;\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;AAAA,OAAO,WAAW;AAElB,IAAM,eAAe;AASrB,IAAM,cAAN,MAAoC;AAAA,EAMlC,YAAY,WAAmB;AAE7B,SAAK,cAAc,MAAM,GAAG,YAAY,IAAI,SAAS,QAAQ;AAC7D,SAAK,aAAa,MAAM,GAAG,YAAY,IAAI,SAAS,OAAO;AAC3D,SAAK,aAAa,MAAM,GAAG,YAAY,IAAI,SAAS,OAAO;AAC3D,SAAK,cAAc,MAAM,GAAG,YAAY,IAAI,SAAS,QAAQ;AAE7D,SAAK,YAAY,QAAQ;AACzB,SAAK,WAAW,QAAQ;AACxB,SAAK,WAAW,QAAQ;AACxB,SAAK,YAAY,QAAQ;AAAA,EAC3B;AAAA,EAEA,MAAM,YAAoB,MAAuB;AAC/C,SAAK,YAAY,SAAS,GAAG,IAAI;AAAA,EACnC;AAAA,EAEA,KAAK,YAAoB,MAAuB;AAC9C,SAAK,WAAW,SAAS,GAAG,IAAI;AAAA,EAClC;AAAA,EAEA,KAAK,YAAoB,MAAuB;AAC9C,SAAK,WAAW,SAAS,GAAG,IAAI;AAAA,EAClC;AAAA,EAEA,MAAM,YAAoB,MAAuB;AAC/C,SAAK,YAAY,SAAS,GAAG,IAAI;AAAA,EACnC;AACF;AAEO,IAAM,eAAe,CAAC,cAC3B,IAAI,YAAY,SAAS;AAGpB,IAAM,UAAU;AAAA;AAAA,EAErB,QAAQ;AAAA,IACN,QAAQ,aAAa,YAAY;AAAA,IACjC,YAAY,aAAa,gBAAgB;AAAA,IACzC,UAAU;AAAA,MACR,MAAM,aAAa,mBAAmB;AAAA,IACxC;AAAA,EACF;AAAA;AAAA,EAEA,OAAO;AAAA,IACL,YAAY,aAAa,kBAAkB;AAAA,IAC3C,OAAO,aAAa,aAAa;AAAA,IACjC,SAAS,aAAa,eAAe;AAAA,EACvC;AAAA;AAAA,EAEA,UAAU;AAAA,IACR,YAAY,aAAa,kBAAkB;AAAA,IAC3C,SAAS,aAAa,eAAe;AAAA,EACvC;AACF;;;AClEA,IAAM,SAAS,QAAQ,OAAO,SAAS;AAgChC,IAAM,oBAA8D;AAAA,EACzE,aAAa;AAAA,EACb,aAAa;AAAA,EACb,cAAc;AAAA,EACd,WAAW;AAAA,EACX,UAAU;AAAA,EACV,SAAS,CAAC,IAAI;AAAA,EACd,SAAS,CAAC;AAAA,EACV,SAAS;AAAA,IACP,QAAQ;AAAA,MACN,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,KAAK;AAAA;AAAA,IACf;AAAA,IACA,MAAM;AAAA,MACJ,UAAU;AAAA,MACV,MAAM;AAAA,MACN,QAAQ,KAAK;AAAA;AAAA,IACf;AAAA,EACF;AACF;AAmBO,IAAM,oBAAoB,CAC/B,SAAqB,CAAC,MAC4B;AA9EpD;AAgFE,QAAM,gBAAgB,iBAAiB;AAAA,IACrC,UAAU,QAAQ,IAAI;AAAA,IACtB,aAAa,QAAQ,IAAI;AAAA,IACzB,aAAa,QAAQ,IAAI;AAAA,IACzB,cAAc,QAAQ,IAAI;AAAA,IAC1B,UAAU,QAAQ,IAAI;AAAA,IACtB,WAAW,QAAQ,IAAI;AAAA,IACvB,UAAS,aAAQ,IAAI,yBAAZ,mBAAkC,MAAM;AAAA,IACjD,UAAS,aAAQ,IAAI,yBAAZ,mBAAkC,MAAM;AAAA,IACjD,SAAS,QAAQ,IAAI,4BACjB,KAAK,MAAM,QAAQ,IAAI,yBAAyB,IAChD;AAAA,EACN,CAAC;AAED,QAAM,eAAe,+DAChB,oBACA,gBACA,SAHgB;AAAA;AAAA,IAInB,SAAS;AAAA,MACP,QAAQ,kCACH,kBAAkB,QAAQ,WACzB,YAAO,YAAP,mBAAgB,WAAU,CAAC;AAAA,MAEjC,MAAM,kCACD,kBAAkB,QAAQ,SACzB,YAAO,YAAP,mBAAgB,SAAQ,CAAC;AAAA,IAEjC;AAAA,EACF;AAEA,SAAO,MAAM,4BAA4B,aAAa;AACtD,SAAO,MAAM,oBAAoB,YAAY;AAC7C,MAAI,aAAa,aAAa,QAAW;AACvC,UAAM,IAAI,MAAM,kCAAkC;AAAA,EACpD;AACA,SAAO;AACT;AAyBO,IAAM,wBAAwB,CACnC,UACA,aAAyB,CAAC,MACvB;AACH,SAAO,CAAC,eAA4B;AAClC,UAAM,iBAAiB,kBAAkB,iCAAK,aAAL,EAAiB,SAAS,EAAC;AACpE,WAAO,iCACF,aADE;AAAA,MAEL,KAAK,iCACA,yCAAY,MADZ;AAAA;AAAA,QAGH,uBAAuB;AAAA,QACvB,qBAAqB,eAAe;AAAA,QACpC,0BAA0B,eAAe;AAAA,QACzC,2BAA2B,eAAe;AAAA,QAC1C,uBAAuB,eAAe;AAAA,QACtC,wBAAwB,eAAe;AAAA,QACvC,sBAAsB,eAAe,QAAQ,KAAK,GAAG;AAAA,QACrD,sBAAsB,eAAe,QAAQ,KAAK,GAAG;AAAA,QACrD,2BAA2B,KAAK,UAAU,eAAe,OAAO;AAAA,MAClE;AAAA,IACF;AAAA,EACF;AACF;;;ACnKA,SAAS,gBAAgB;AAElB,IAAM,sBAAN,MAAqD;AAAA,EAC1D,YAAoB,WAAsB;AAAtB;AAAA,EAAuB;AAAA,EAE3C,uBAA0B,SAA2B;AACnD,UAAM,YAAY,SAAS,OAAO;AAClC,QAAI,CAAC,WAAW;AACd,aAAO;AAAA,IACT;AACA,WAAO,UAAU;AAAA,EACnB;AAAA,EAEM,YACJ,aACA,SACmB;AAAA;AACnB,UAAI,SAAS;AACX,eAAO,KAAK,uBAA0B,OAAO;AAAA,MAC/C;AAEA,YAAM,WAAW,MAAM,MAAM,KAAK,UAAU,UAAU;AAAA,QACpD,SAAS,EAAE,eAAe,UAAU,WAAW,GAAG;AAAA,MACpD,CAAC;AACD,aAAO,SAAS,KAAK;AAAA,IACvB;AAAA;AACF;;;ACfA,SAAS,4BAA0C;AAiB5C,IAAM,yBAAN,MAA2D;AAAA,EAOhE,YACW,UACA,aACA,aACA,gBACT;AAJS;AACA;AACA;AACA;AAPX,SAAQ,eAAmC;AAC3C,SAAQ,sBAA6C;AAQnD,SAAK,eAAe,KAAK,gBAAgB;AACzC,SAAK,YAAY;AAAA,EACnB;AAAA,EAEU,kBAA0B;AAClC,WAAO,qBAAqB;AAAA,EAC9B;AAAA,EAEa,qBAA+C;AAAA;AAC1D,UAAI,KAAK,iBAAiB;AACxB,eAAO,KAAK;AAAA,MACd;AACA,YAAM,YAAY,MAAM,KAAK,aAAa;AAE1C,WAAK,kBAAkB,IAAI,oBAAoB,SAAS;AACxD,aAAO,KAAK;AAAA,IACd;AAAA;AAAA,EAEgB,eAAmC;AAAA;AA5DrD;AA6DI,WAAI,UAAK,cAAL,mBAAgB,MAAM;AACxB,eAAO,KAAK;AAAA,MACd;AACA,YAAM,gBAAgB,MAAM,kBAAkB,KAAK,WAAW;AAC9D,aAAO,KAAK,YACR,kCAAK,KAAK,YAAc,iBACxB;AAAA,IACN;AAAA;AAAA,EAEgB,kBAAkB;AAAA;AAChC,UAAI,KAAK,cAAc;AACrB,eAAO,KAAK;AAAA,MACd;AACA,YAAM,YAAY,MAAM,KAAK,aAAa;AAC1C,WAAK,eAAe;AAAA,QAClB,KAAK;AAAA,QACL,KAAK;AAAA,QACL;AAAA,MACF;AACA,aAAO,KAAK;AAAA,IACd;AAAA;AAAA,EAEA,iBAA8B;AAC5B,YAAQ,IAAI,kBAAkB,KAAK,QAAQ;AAC3C,UAAM,aACJ,aAAa,QAAQ,cAAc,KAAK,QAAQ,EAAE,KAAK;AACzD,YAAQ,IAAI,eAAe,UAAU;AACrC,WAAO,KAAK,MAAM,UAAU;AAAA,EAC9B;AAAA,EAEA,kBAAkB,MAAkC;AAClD,iBAAa;AAAA,MACX,cAAc,KAAK,QAAQ;AAAA,MAC3B,KAAK,UAAU,mBAAK,KAAM;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,UAAsC;AACpC,WAAO,KAAK;AAAA,MACV,aAAa,QAAQ,cAAc,KAAK,QAAQ,OAAO,KAAK;AAAA,IAC9D;AAAA,EACF;AAAA,EAEA,QAAQ,MAAwC;AAC9C,iBAAa;AAAA,MACX,cAAc,KAAK,QAAQ;AAAA,MAC3B,KAAK,UAAU,SAAS,OAAO,CAAC,IAAI,IAAI;AAAA,IAC1C;AAAA,EACF;AAAA,EAEA,mBAAyB;AACvB,iBAAa,QAAQ,cAAc,KAAK,QAAQ,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC;AAAA,EACxE;AAAA,EAEM,iCACJ,OACA,QACc;AAAA;AAtHlB;AAuHI,YAAM,eAAe,MAAM,KAAK,gBAAgB;AAChD,WAAI,UAAK,cAAL,mBAAgB,WAAW;AAC7B,cAAM,YAAY,MAAM,MAAM,KAAK,UAAU,SAAS,EAAE;AAAA,UAAK,CAAC,QAC5D,IAAI,KAAK,EAAE,KAAK,CAAC,SAAS,KAAK,SAAS;AAAA,QAC1C;AACA,cAAM,WAAW,MAAM,aAAa,uBAAuB;AAAA,UACzD;AAAA,UACA;AAAA,QACF,CAAC;AACD,iBAAS,aAAa,OAAO,kBAAkB,SAAS;AACxD,iBAAS,aAAa,OAAO,yBAAyB,MAAM;AAC5D,eAAO;AAAA,MACT;AACA,aAAO,aAAa,uBAAuB;AAAA,QACzC;AAAA,QACA,cAAc,KAAK;AAAA,QACnB,qBAAqB;AAAA,QACrB;AAAA,MACF,CAAC;AAAA,IACH;AAAA;AAAA,EAEM,oBACJ,QACA,aACA,OACiB;AAAA;AACjB,YAAM,QAAQ,cAAc,WAAW;AACvC,YAAM,sBAAsB,KAAK,eAAe;AAEhD,WAAK,kBAAkB,iCAClB,sBADkB;AAAA,QAErB,cAAc,KAAK;AAAA,QACnB;AAAA,MACF,EAAC;AACD,YAAM,WAAW,MAAM,KAAK,iCAAiC,OAAO,MAAM;AAC1E,UAAI,OAAO;AAET,iBAAS,aAAa,OAAO,SAAS,KAAK;AAAA,MAC7C;AACA,eAAS,aAAa,OAAO,UAAU,SAAS;AAChD,aAAO,SAAS,SAAS;AAAA,IAC3B;AAAA;AAAA;AAAA,EAGA,qBAAqB,kBAA0B,aAA0B;AACvE,YAAQ,aAAa;AAAA,MACnB,KAAK;AAEH;AAAA,MACF,KAAK;AACH,eAAO,SAAS,OAAO;AACvB;AAAA,MACF,KAAK;AACH,eAAO,KAAK,kBAAkB,QAAQ;AACtC;AAAA,MACF,KAAK;AAEH;AAAA,IACJ;AAAA,EACF;AAAA,EAEM,OAAsB;AAAA;AAC1B,YAAM,KAAK,gBAAgB;AAC3B,aAAO;AAAA,IACT;AAAA;AAAA,EAEM,SAAwB;AAAA;AAC5B,WAAK,kBAAkB,EAAE,eAAe,MAAM,CAAC;AAAA,IACjD;AAAA;AAAA,EAEA,qBAAqB,aAAuC;AAE1D,QAAI,eAAe,KAAK,gBAAgB,UAAU;AAChD,oBAAc;AAAA,IAChB;AAEA,WAAO;AAAA,EACT;AAAA,EAEM,OACJ,aACA,QACA,OACe;AAAA;AACf,YAAM,mBAAmB,MAAM,KAAK;AAAA,QAClC;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEA,WAAK,qBAAqB,kBAAkB,WAAW;AAAA,IACzD;AAAA;AAAA,EAEM,cAAc,aAA2C;AAAA;AAC7D,UAAI,UAAU,KAAK,eAAe;AAElC,UAAI,CAAC,QAAQ,eAAe;AAC1B,cAAM,MAAM,IAAI,IAAI,WAAW;AAC/B,cAAM,oBAAoB,IAAI,aAAa,IAAI,MAAM;AACrD,cAAM,gBAAgB,IAAI,aAAa,IAAI,OAAO;AAClD,YAAI,CAAC,qBAAqB,CAAC,eAAe;AACxC,gBAAM,IAAI,MAAM,gCAAgC;AAAA,QAClD;AACA,cAAM,eAAe,QAAQ;AAC7B,cAAM,eAAe,MAAM,KAAK,gBAAgB;AAChD,cAAM,SACJ,MAAM,aAAa;AAAA,UACjB;AAAA,UACA;AAAA,YACE;AAAA,UACF;AAAA,QACF;AAGF,YAAI;AACF,gBAAM,KAAK,eAAe,MAAM;AAAA,QAClC,SAAS,OAAO;AACd,kBAAQ,MAAM,wBAAwB,EAAE,OAAO,OAAO,CAAC;AACvD,gBAAM,IAAI;AAAA,YACR,kCAAmC,MAAgB,OAAO;AAAA,UAC5D;AAAA,QACF;AACA,cAAM,oBAAoB;AAAA,UACxB;AAAA,UACA,QAAQ;AAAA,QACV;AAEA,kBAAU,iCACL,UADK;AAAA,UAER,aAAa;AAAA,UACb,SAAS,OAAO;AAAA,UAChB,eAAe;AAAA,UACf,OAAO;AAAA,UACP,aAAa,OAAO;AAAA,UACpB,cAAc,OAAO;AAAA,UACrB,WAAW,KAAK,IAAI;AAAA,UACpB,WAAW,OAAO;AAAA,QACpB;AACA,aAAK,kBAAkB,OAAO;AAC9B,cAAM,OAAO,OACX,MAAM,KAAK,mBAAmB,GAC9B,YAAY,OAAO,cAAc,OAAO,YAAY,IAAI;AAC1D,aAAK,QAAQ,IAAI;AAAA,MACnB;AAGA,WAAK,kBAAkB,OAAO;AAE9B,UAAI,QAAQ,gBAAgB,WAAW;AAErC,eAAO,MAAM;AAAA,MACf,WAAW,QAAQ,gBAAgB,YAAY;AAAA,MAE/C;AACA,aAAO;AAAA,IACT;AAAA;AAAA,EAEQ,kBAAkB,SAA4B;AACpD,QAAI,KAAK,qBAAqB;AAC5B,mBAAa,KAAK,mBAAmB;AAAA,IACvC;AAEA,QAAI,QAAQ,WAAW;AAErB,YAAM,cAAc,KAAK,IAAI,KAAK,QAAQ,aAAa;AACvD,YAAM,gBAAgB,QAAQ,YAAY,MAAO;AAEjD,YAAM,cAAc,KAAK,IAAI,GAAG,gBAAgB,GAAK;AAErD,WAAK,sBAAsB,WAAW,MAAM;AAC1C,aAAK,aAAa,EACf,KAAK,CAAC,eAAe;AACpB,kBAAQ,IAAI,gCAAgC,UAAU;AAAA,QACxD,CAAC,EACA,MAAM,CAAC,UAAU;AAChB,kBAAQ,MAAM,4BAA4B,KAAK;AAG/C,eAAK,kBAAkB,CAAC,CAAC;AAAA,QAC3B,CAAC;AAAA,MACL,GAAG,WAAW;AAAA,IAChB;AAAA,EACF;AAAA,EAEM,eAAqC;AAAA;AACzC,YAAM,cAAc,KAAK,eAAe;AACxC,UAAI,CAAC,YAAY,cAAc;AAC7B,cAAM,IAAI,MAAM,4BAA4B;AAAA,MAC9C;AACA,YAAM,eAAe,MAAM,KAAK,gBAAgB;AAChD,YAAM,SAAS,MAAM,aAAa;AAAA,QAChC,YAAY;AAAA,MACd;AAGA,YAAM,UAAU,iCACX,cADW;AAAA,QAEd,SAAS,OAAO;AAAA,QAChB,eAAe;AAAA,QACf,aAAa,OAAO;AAAA,QACpB,cAAc,OAAO;AAAA,QACrB,WAAW,KAAK,IAAI;AAAA,QACpB,WAAW,OAAO;AAAA,MACpB;AACA,WAAK,kBAAkB,OAAO;AAG9B,WAAK,kBAAkB,OAAO;AAE9B,aAAO;AAAA,IACT;AAAA;AAAA,EAEM,cAAgE;AAAA;AACpE,YAAM,cAAc,KAAK,eAAe;AACxC,UAAI,CAAC,YAAY,aAAa;AAC5B,cAAM,IAAI,MAAM,2BAA2B;AAAA,MAC7C;AACA,YAAM,kBAAkB,MAAM,KAAK,mBAAmB;AACtD,aAAO,gBAAgB;AAAA,QACrB,YAAY;AAAA,QACZ,YAAY,WAAW;AAAA,MACzB;AAAA,IACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQM,eAAe,QAAsD;AAAA;AACzE,YAAM,YAAY,MAAM,KAAK,aAAa;AAE1C,UAAI,CAAC,KAAK,aAAc,OAAM,KAAK,KAAK;AAExC,aAAO;AAAA,QACL;AAAA,QACA;AAAA,QACA,KAAK;AAAA,QACL,KAAK;AAAA,MACP;AAAA,IACF;AAAA;AAAA,EAEM,0BAAgD;AAAA;AACpD,YAAM,cAAc,KAAK,eAAe;AACxC,UAAI;AACF,YAAI,CAAC,YAAY,WAAW,CAAC,YAAY,aAAa;AACpD,gBAAM,yBAAyB,iCAAK,cAAL,EAAkB,eAAe,MAAM;AACtE,eAAK,kBAAkB,sBAAsB;AAC7C,iBAAO;AAAA,QACT;AACA,cAAM,KAAK,eAAe;AAAA,UACxB,UAAU,YAAY;AAAA,UACtB,cAAc,YAAY;AAAA,UAC1B,eAAe,YAAY;AAAA,QAC7B,CAAC;AACD,oBAAY,gBAAgB;AAC5B,eAAO;AAAA,MACT,SAAS,OAAO;AACd,gBAAQ,KAAK,sCAAsC,KAAK;AACxD,cAAM,yBAAyB;AAAA,UAC7B,eAAe;AAAA,QACjB;AACA,aAAK,kBAAkB,sBAAsB;AAC7C,eAAO;AAAA,MACT;AAAA,IACF;AAAA;AACF;","names":[]}