@civic/auth 0.0.1-beta.18 → 0.0.1-beta.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +0 -26
- package/dist/chunk-5NUJ7LFF.mjs +17 -0
- package/dist/chunk-5NUJ7LFF.mjs.map +1 -0
- package/dist/chunk-KS7ERXGZ.js +481 -0
- package/dist/chunk-KS7ERXGZ.js.map +1 -0
- package/dist/chunk-NINRO7GS.js +209 -0
- package/dist/chunk-NINRO7GS.js.map +1 -0
- package/dist/chunk-NXBKSUKI.mjs +481 -0
- package/dist/chunk-NXBKSUKI.mjs.map +1 -0
- package/dist/chunk-T7HUHQ3J.mjs +209 -0
- package/dist/chunk-T7HUHQ3J.mjs.map +1 -0
- package/dist/chunk-WZLC5B4C.js +17 -0
- package/dist/chunk-WZLC5B4C.js.map +1 -0
- package/dist/index-DoDoIY_K.d.mts +79 -0
- package/dist/index-DoDoIY_K.d.ts +79 -0
- package/dist/index.css +70 -63
- package/dist/index.css.map +1 -1
- package/dist/index.d.mts +1 -3
- package/dist/index.d.ts +1 -3
- package/dist/nextjs.d.mts +11 -10
- package/dist/nextjs.d.ts +11 -10
- package/dist/nextjs.js +173 -62
- package/dist/nextjs.js.map +1 -1
- package/dist/nextjs.mjs +171 -60
- package/dist/nextjs.mjs.map +1 -1
- package/dist/react.d.mts +65 -39
- package/dist/react.d.ts +65 -39
- package/dist/react.js +212 -433
- package/dist/react.js.map +1 -1
- package/dist/react.mjs +235 -456
- package/dist/react.mjs.map +1 -1
- package/dist/server.d.mts +12 -13
- package/dist/server.d.ts +12 -13
- package/dist/server.js +186 -3
- package/dist/server.js.map +1 -1
- package/dist/server.mjs +192 -9
- package/dist/server.mjs.map +1 -1
- package/package.json +4 -4
- package/dist/chunk-5XL2ST72.mjs +0 -226
- package/dist/chunk-5XL2ST72.mjs.map +0 -1
- package/dist/chunk-G3P5TIO2.mjs +0 -708
- package/dist/chunk-G3P5TIO2.mjs.map +0 -1
- package/dist/chunk-RF23Q4V6.js +0 -708
- package/dist/chunk-RF23Q4V6.js.map +0 -1
- package/dist/chunk-SEKF2WZX.js +0 -226
- package/dist/chunk-SEKF2WZX.js.map +0 -1
- package/dist/index-DTimUlkB.d.ts +0 -17
- package/dist/index-DvjkKpkk.d.mts +0 -17
- package/dist/types-HdCjGldB.d.mts +0 -58
- package/dist/types-HdCjGldB.d.ts +0 -58
- package/dist/types-b4c1koXj.d.mts +0 -19
- package/dist/types-b4c1koXj.d.ts +0 -19
package/dist/nextjs.js
CHANGED
|
@@ -4,18 +4,10 @@
|
|
|
4
4
|
|
|
5
5
|
|
|
6
6
|
|
|
7
|
+
var _chunkKS7ERXGZjs = require('./chunk-KS7ERXGZ.js');
|
|
7
8
|
|
|
8
9
|
|
|
9
|
-
|
|
10
|
-
var _chunkSEKF2WZXjs = require('./chunk-SEKF2WZX.js');
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
var _chunkRF23Q4V6js = require('./chunk-RF23Q4V6.js');
|
|
10
|
+
var _chunkNINRO7GSjs = require('./chunk-NINRO7GS.js');
|
|
19
11
|
|
|
20
12
|
|
|
21
13
|
|
|
@@ -23,18 +15,12 @@ var _chunkRF23Q4V6js = require('./chunk-RF23Q4V6.js');
|
|
|
23
15
|
var _chunkCRTRMMJ7js = require('./chunk-CRTRMMJ7.js');
|
|
24
16
|
|
|
25
17
|
// src/nextjs/GetUser.ts
|
|
26
|
-
var
|
|
18
|
+
var _headersjs = require('next/headers.js');
|
|
19
|
+
var getUser = () => {
|
|
27
20
|
var _a;
|
|
28
|
-
const
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
const user = userSession.get();
|
|
32
|
-
if (!user || !tokens) return null;
|
|
33
|
-
return _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, user), {
|
|
34
|
-
idToken: tokens.id_token,
|
|
35
|
-
accessToken: tokens.access_token,
|
|
36
|
-
refreshToken: (_a = tokens.refresh_token) != null ? _a : ""
|
|
37
|
-
});
|
|
21
|
+
const user = (_a = _headersjs.cookies.call(void 0, ).get("user")) == null ? void 0 : _a.value;
|
|
22
|
+
if (!user) return null;
|
|
23
|
+
return JSON.parse(user);
|
|
38
24
|
};
|
|
39
25
|
|
|
40
26
|
// src/nextjs/middleware.ts
|
|
@@ -54,9 +40,9 @@ var matchesGlobs = (pathname, patterns) => patterns.some((pattern) => {
|
|
|
54
40
|
return matchGlob(pathname, pattern);
|
|
55
41
|
});
|
|
56
42
|
var applyAuth = (authConfig, request) => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
|
|
57
|
-
const authConfigWithDefaults =
|
|
43
|
+
const authConfigWithDefaults = _chunkKS7ERXGZjs.resolveAuthConfig.call(void 0, authConfig);
|
|
58
44
|
const isAuthenticated = !!request.cookies.get("id_token");
|
|
59
|
-
if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl
|
|
45
|
+
if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {
|
|
60
46
|
console.log("\u2192 Skipping auth check - this is the login URL");
|
|
61
47
|
return void 0;
|
|
62
48
|
}
|
|
@@ -76,7 +62,7 @@ var applyAuth = (authConfig, request) => _chunkCRTRMMJ7js.__async.call(void 0, v
|
|
|
76
62
|
console.log("\u2192 Auth check passed");
|
|
77
63
|
return void 0;
|
|
78
64
|
});
|
|
79
|
-
var authMiddleware = (authConfig =
|
|
65
|
+
var authMiddleware = (authConfig = _chunkKS7ERXGZjs.defaultAuthConfig) => (request) => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
|
|
80
66
|
const response = yield applyAuth(authConfig, request);
|
|
81
67
|
if (response) return response;
|
|
82
68
|
return _serverjs.NextResponse.next();
|
|
@@ -101,7 +87,130 @@ function auth(authConfig = {}) {
|
|
|
101
87
|
// src/nextjs/routeHandler.ts
|
|
102
88
|
|
|
103
89
|
var _cachejs = require('next/cache.js');
|
|
104
|
-
|
|
90
|
+
|
|
91
|
+
// src/nextjs/NextJSSessionService.ts
|
|
92
|
+
|
|
93
|
+
|
|
94
|
+
// src/nextjs/cookies.ts
|
|
95
|
+
var createTokenCookies = (response, sessionData, config) => {
|
|
96
|
+
var _a, _b;
|
|
97
|
+
const maxAge = (_a = sessionData.expiresIn) != null ? _a : 3600;
|
|
98
|
+
const cookieOptions = _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, (_b = config.cookies) == null ? void 0 : _b.tokens), {
|
|
99
|
+
maxAge
|
|
100
|
+
});
|
|
101
|
+
if (sessionData.accessToken) {
|
|
102
|
+
response.cookies.set("access_token", sessionData.accessToken, _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, cookieOptions), {
|
|
103
|
+
httpOnly: true
|
|
104
|
+
}));
|
|
105
|
+
}
|
|
106
|
+
if (sessionData.idToken) {
|
|
107
|
+
response.cookies.set("id_token", sessionData.idToken, _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, cookieOptions), {
|
|
108
|
+
httpOnly: true
|
|
109
|
+
}));
|
|
110
|
+
}
|
|
111
|
+
if (sessionData.refreshToken) {
|
|
112
|
+
response.cookies.set("refresh_token", sessionData.refreshToken, _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, cookieOptions), {
|
|
113
|
+
httpOnly: true
|
|
114
|
+
}));
|
|
115
|
+
}
|
|
116
|
+
};
|
|
117
|
+
var createUserInfoCookie = (response, user, sessionData, config) => {
|
|
118
|
+
var _a, _b, _c;
|
|
119
|
+
if (!user) {
|
|
120
|
+
response.cookies.set("user", "", _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, (_a = config.cookies) == null ? void 0 : _a.user), {
|
|
121
|
+
maxAge: 0
|
|
122
|
+
}));
|
|
123
|
+
return;
|
|
124
|
+
}
|
|
125
|
+
const maxAge = (_b = sessionData.expiresIn) != null ? _b : 3600;
|
|
126
|
+
const frontendUser = _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, user);
|
|
127
|
+
response.cookies.set("user", JSON.stringify(frontendUser), _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, (_c = config.cookies) == null ? void 0 : _c.user), {
|
|
128
|
+
maxAge
|
|
129
|
+
}));
|
|
130
|
+
};
|
|
131
|
+
var clearAuthCookies = (response, config) => {
|
|
132
|
+
var _a, _b;
|
|
133
|
+
const clearOptions = _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, (_a = config.cookies) == null ? void 0 : _a.tokens), {
|
|
134
|
+
maxAge: 0
|
|
135
|
+
});
|
|
136
|
+
response.cookies.set("access_token", "", clearOptions);
|
|
137
|
+
response.cookies.set("id_token", "", clearOptions);
|
|
138
|
+
response.cookies.set("refresh_token", "", clearOptions);
|
|
139
|
+
response.cookies.set("codeVerifier", "", clearOptions);
|
|
140
|
+
response.cookies.set("user", "", _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, (_b = config.cookies) == null ? void 0 : _b.user), {
|
|
141
|
+
maxAge: 0
|
|
142
|
+
}));
|
|
143
|
+
};
|
|
144
|
+
|
|
145
|
+
// src/nextjs/NextJSSessionService.ts
|
|
146
|
+
var NextJSAuthSessionServiceImpl = class extends _chunkKS7ERXGZjs.AuthSessionServiceImpl {
|
|
147
|
+
constructor(authConfig, request, response, inputEndpoints) {
|
|
148
|
+
super(
|
|
149
|
+
authConfig.clientId,
|
|
150
|
+
authConfig.callbackUrl,
|
|
151
|
+
authConfig.oauthServer,
|
|
152
|
+
inputEndpoints
|
|
153
|
+
);
|
|
154
|
+
this.authConfig = authConfig;
|
|
155
|
+
this.request = request;
|
|
156
|
+
this.response = response;
|
|
157
|
+
this.inputEndpoints = inputEndpoints;
|
|
158
|
+
}
|
|
159
|
+
getCodeVerifier() {
|
|
160
|
+
const codeVerifier = _headersjs.cookies.call(void 0, ).get("codeVerifier");
|
|
161
|
+
if (!codeVerifier) {
|
|
162
|
+
throw new Error("Code verifier not found in cookies");
|
|
163
|
+
}
|
|
164
|
+
return codeVerifier.value;
|
|
165
|
+
}
|
|
166
|
+
getSessionData() {
|
|
167
|
+
var _a, _b, _c, _d;
|
|
168
|
+
const authenticated = _headersjs.cookies.call(void 0, ).get("access_token") !== void 0;
|
|
169
|
+
return {
|
|
170
|
+
authenticated,
|
|
171
|
+
codeVerifier: (_a = _headersjs.cookies.call(void 0, ).get("codeVerifier")) == null ? void 0 : _a.value,
|
|
172
|
+
accessToken: (_b = _headersjs.cookies.call(void 0, ).get("access_token")) == null ? void 0 : _b.value,
|
|
173
|
+
idToken: (_c = _headersjs.cookies.call(void 0, ).get("id_token")) == null ? void 0 : _c.value,
|
|
174
|
+
refreshToken: (_d = _headersjs.cookies.call(void 0, ).get("refresh_token")) == null ? void 0 : _d.value
|
|
175
|
+
};
|
|
176
|
+
}
|
|
177
|
+
updateSessionData(data) {
|
|
178
|
+
createTokenCookies(
|
|
179
|
+
this.response,
|
|
180
|
+
data,
|
|
181
|
+
this.authConfig
|
|
182
|
+
);
|
|
183
|
+
}
|
|
184
|
+
getUser() {
|
|
185
|
+
const userCookie = _headersjs.cookies.call(void 0, ).get("user");
|
|
186
|
+
if (!userCookie) return null;
|
|
187
|
+
return JSON.parse(userCookie.value);
|
|
188
|
+
}
|
|
189
|
+
setUser(user) {
|
|
190
|
+
createUserInfoCookie(
|
|
191
|
+
this.response,
|
|
192
|
+
user,
|
|
193
|
+
{ authenticated: true },
|
|
194
|
+
this.authConfig
|
|
195
|
+
);
|
|
196
|
+
}
|
|
197
|
+
clearSessionData() {
|
|
198
|
+
clearAuthCookies(this.response, this.authConfig);
|
|
199
|
+
}
|
|
200
|
+
// TODO fix the Window reference
|
|
201
|
+
loadAuthorizationUrl() {
|
|
202
|
+
throw new Error("Not implemented");
|
|
203
|
+
}
|
|
204
|
+
logout() {
|
|
205
|
+
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
206
|
+
this.updateSessionData({ authenticated: false });
|
|
207
|
+
});
|
|
208
|
+
}
|
|
209
|
+
};
|
|
210
|
+
|
|
211
|
+
// src/nextjs/routeHandler.ts
|
|
212
|
+
var _oauth2 = require('oslo/oauth2');
|
|
213
|
+
var logger = _chunkKS7ERXGZjs.loggers.nextjs.handlers.auth;
|
|
105
214
|
var AuthError = class extends Error {
|
|
106
215
|
constructor(message, status = 401) {
|
|
107
216
|
super(message);
|
|
@@ -111,48 +220,47 @@ var AuthError = class extends Error {
|
|
|
111
220
|
};
|
|
112
221
|
function handleChallenge() {
|
|
113
222
|
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
114
|
-
const
|
|
115
|
-
|
|
116
|
-
const challenge = yield
|
|
117
|
-
|
|
223
|
+
const codeVerifier = _oauth2.generateCodeVerifier.call(void 0, );
|
|
224
|
+
console.log("handleChallenge codeVerifier", codeVerifier);
|
|
225
|
+
const challenge = yield _chunkNINRO7GSjs.deriveCodeChallenge.call(void 0, codeVerifier);
|
|
226
|
+
const response = _serverjs.NextResponse.json({ status: "success", challenge });
|
|
227
|
+
response.cookies.set("codeVerifier", codeVerifier, {
|
|
228
|
+
httpOnly: true,
|
|
229
|
+
secure: true,
|
|
230
|
+
sameSite: "strict"
|
|
231
|
+
});
|
|
232
|
+
return response;
|
|
118
233
|
});
|
|
119
234
|
}
|
|
120
235
|
function handleCallback(request, config) {
|
|
121
236
|
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
122
|
-
if (!request.cookies.get("code_verifier")) {
|
|
123
|
-
const response2 = new (0, _serverjs.NextResponse)(
|
|
124
|
-
`<html><body><span style="display:none">${_chunkRF23Q4V6js.TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`
|
|
125
|
-
);
|
|
126
|
-
response2.headers.set("Content-Type", "text/html; charset=utf-8");
|
|
127
|
-
console.log(
|
|
128
|
-
`handleCallback no code_verifier found, returning ${_chunkRF23Q4V6js.TOKEN_EXCHANGE_TRIGGER_TEXT}`
|
|
129
|
-
);
|
|
130
|
-
return response2;
|
|
131
|
-
}
|
|
132
237
|
const code = request.nextUrl.searchParams.get("code");
|
|
133
|
-
|
|
134
|
-
if (!code || !state) throw new AuthError("Bad parameters", 400);
|
|
135
|
-
const resolvedConfigs = _chunkSEKF2WZXjs.resolveAuthConfig.call(void 0, config);
|
|
136
|
-
const cookieStorage = new (0, _chunkSEKF2WZXjs.NextjsCookieStorage)(resolvedConfigs.cookies.tokens);
|
|
137
|
-
const callbackUrl = _chunkSEKF2WZXjs.resolveCallbackUrl.call(void 0, resolvedConfigs, request.url);
|
|
238
|
+
if (!code) throw new AuthError("Missing authorization code");
|
|
138
239
|
try {
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
240
|
+
const response = new (0, _serverjs.NextResponse)(`<html></html>`);
|
|
241
|
+
response.headers.set("Content-Type", "text/html; charset=utf-8");
|
|
242
|
+
const resolvedConfigs = _chunkKS7ERXGZjs.resolveAuthConfig.call(void 0, config);
|
|
243
|
+
const callbackUrl = new URL(
|
|
244
|
+
resolvedConfigs == null ? void 0 : resolvedConfigs.callbackUrl,
|
|
245
|
+
request.url
|
|
246
|
+
).toString();
|
|
247
|
+
const authService = getDefaultAuthSessionService(
|
|
248
|
+
_chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, resolvedConfigs), {
|
|
249
|
+
callbackUrl
|
|
250
|
+
}),
|
|
251
|
+
request,
|
|
252
|
+
response
|
|
253
|
+
);
|
|
254
|
+
console.log("handleCallback authService", authService);
|
|
255
|
+
const tokens = yield authService.tokenExchange(request.nextUrl.toString());
|
|
256
|
+
if (!tokens.accessToken) {
|
|
257
|
+
throw new AuthError("Missing access token");
|
|
258
|
+
}
|
|
259
|
+
return response;
|
|
142
260
|
} catch (error) {
|
|
143
261
|
logger.error("Token exchange failed:", error);
|
|
144
262
|
throw new AuthError("Failed to authenticate user", 401);
|
|
145
263
|
}
|
|
146
|
-
const user = yield _chunkRF23Q4V6js.getUser.call(void 0, cookieStorage);
|
|
147
|
-
if (!user) {
|
|
148
|
-
throw new AuthError("Failed to get user info", 401);
|
|
149
|
-
}
|
|
150
|
-
const clientStorage = new (0, _chunkSEKF2WZXjs.NextjsClientStorage)();
|
|
151
|
-
const userSession = new (0, _chunkRF23Q4V6js.GenericUserSession)(clientStorage);
|
|
152
|
-
userSession.set(user);
|
|
153
|
-
const response = new (0, _serverjs.NextResponse)(`<html></html>`);
|
|
154
|
-
response.headers.set("Content-Type", "text/html; charset=utf-8");
|
|
155
|
-
return response;
|
|
156
264
|
});
|
|
157
265
|
}
|
|
158
266
|
var getAbsoluteRedirectPath = (redirectPath, currentBasePath) => {
|
|
@@ -164,7 +272,7 @@ var getAbsoluteRedirectPath = (redirectPath, currentBasePath) => {
|
|
|
164
272
|
function handleLogout(request, config) {
|
|
165
273
|
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
166
274
|
var _a;
|
|
167
|
-
const resolvedConfigs =
|
|
275
|
+
const resolvedConfigs = _chunkKS7ERXGZjs.resolveAuthConfig.call(void 0, config);
|
|
168
276
|
const defaultRedirectPath = (_a = resolvedConfigs.loginUrl) != null ? _a : "/";
|
|
169
277
|
const redirectTarget = new URL(request.url).searchParams.get("redirect") || defaultRedirectPath;
|
|
170
278
|
const isAbsoluteRedirect = /^(https?:\/\/|www\.).+/i.test(redirectTarget);
|
|
@@ -173,7 +281,7 @@ function handleLogout(request, config) {
|
|
|
173
281
|
new URL(request.url).origin
|
|
174
282
|
);
|
|
175
283
|
const response = _serverjs.NextResponse.redirect(finalRedirectUrl);
|
|
176
|
-
|
|
284
|
+
clearAuthCookies(response, resolvedConfigs);
|
|
177
285
|
try {
|
|
178
286
|
_cachejs.revalidatePath.call(void 0, isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);
|
|
179
287
|
} catch (error) {
|
|
@@ -182,8 +290,11 @@ function handleLogout(request, config) {
|
|
|
182
290
|
return response;
|
|
183
291
|
});
|
|
184
292
|
}
|
|
293
|
+
var getDefaultAuthSessionService = (authConfig, request, response) => {
|
|
294
|
+
return new NextJSAuthSessionServiceImpl(authConfig, request, response);
|
|
295
|
+
};
|
|
185
296
|
var handler = (authConfig = {}) => (request) => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
|
|
186
|
-
const config =
|
|
297
|
+
const config = _chunkKS7ERXGZjs.resolveAuthConfig.call(void 0, authConfig);
|
|
187
298
|
try {
|
|
188
299
|
const pathname = request.nextUrl.pathname;
|
|
189
300
|
const pathSegments = pathname.split("/");
|
|
@@ -203,7 +314,7 @@ var handler = (authConfig = {}) => (request) => _chunkCRTRMMJ7js.__async.call(vo
|
|
|
203
314
|
const status = error instanceof AuthError ? error.status : 500;
|
|
204
315
|
const message = error instanceof Error ? error.message : "Authentication failed";
|
|
205
316
|
const response = _serverjs.NextResponse.json({ error: message }, { status });
|
|
206
|
-
|
|
317
|
+
clearAuthCookies(response, config);
|
|
207
318
|
return response;
|
|
208
319
|
}
|
|
209
320
|
});
|
|
@@ -214,5 +325,5 @@ var handler = (authConfig = {}) => (request) => _chunkCRTRMMJ7js.__async.call(vo
|
|
|
214
325
|
|
|
215
326
|
|
|
216
327
|
|
|
217
|
-
exports.auth = auth; exports.authMiddleware = authMiddleware; exports.createCivicAuthPlugin =
|
|
328
|
+
exports.auth = auth; exports.authMiddleware = authMiddleware; exports.createCivicAuthPlugin = _chunkKS7ERXGZjs.createCivicAuthPlugin; exports.getUser = getUser; exports.handler = handler; exports.withAuth = withAuth;
|
|
218
329
|
//# sourceMappingURL=nextjs.js.map
|
package/dist/nextjs.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/nextjs.js","../src/nextjs/GetUser.ts","../src/nextjs/middleware.ts","../src/nextjs/routeHandler.ts"],"names":["getUser","NextResponse","response"],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;AChBO,IAAMA,SAAAA,EAAU,CAAA,EAAA,GAAmB;AAR1C,EAAA,IAAA,EAAA;AASE,EAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,CAAA;AAC9C,EAAA,MAAM,YAAA,EAAc,IAAI,wCAAA,CAAmB,aAAa,CAAA;AACxD,EAAA,MAAM,OAAA,EAAS,6CAAA,aAA4B,CAAA;AAC3C,EAAA,MAAM,KAAA,EAAO,WAAA,CAAY,GAAA,CAAI,CAAA;AAC7B,EAAA,GAAA,CAAI,CAAC,KAAA,GAAQ,CAAC,MAAA,EAAQ,OAAO,IAAA;AAE7B,EAAA,OAAO,4CAAA,6CAAA,CAAA,CAAA,EACF,IAAA,CAAA,EADE;AAAA,IAEL,OAAA,EAAS,MAAA,CAAO,QAAA;AAAA,IAChB,WAAA,EAAa,MAAA,CAAO,YAAA;AAAA,IACpB,YAAA,EAAA,CAAc,GAAA,EAAA,MAAA,CAAO,aAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAwB;AAAA,EACxC,CAAA,CAAA;AACF,CAAA;ADiBA;AACA;AElBA,0CAA0C;AAC1C,4FAAsB;AAgBtB,IAAM,UAAA,EAAY,CAAC,QAAA,EAAkB,WAAA,EAAA,GAAwB;AAC3D,EAAA,MAAM,QAAA,EAAU,iCAAA,WAAqB,CAAA;AACrC,EAAA,OAAO,OAAA,CAAQ,QAAQ,CAAA;AACzB,CAAA;AAOA,IAAM,aAAA,EAAe,CAAC,QAAA,EAAkB,QAAA,EAAA,GACtC,QAAA,CAAS,IAAA,CAAK,CAAC,OAAA,EAAA,GAAY;AACzB,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS,OAAO,KAAA;AACrB,EAAA,OAAA,CAAQ,GAAA,CAAI,UAAA,EAAY;AAAA,IACtB,OAAA;AAAA,IACA,QAAA;AAAA,IACA,KAAA,EAAO,SAAA,CAAU,QAAA,EAAU,OAAO;AAAA,EACpC,CAAC,CAAA;AACD,EAAA,OAAO,SAAA,CAAU,QAAA,EAAU,OAAO,CAAA;AACpC,CAAC,CAAA;AAGH,IAAM,UAAA,EAAY,CAChB,UAAA,EACA,OAAA,EAAA,GACsC,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtC,EAAA,MAAM,uBAAA,EAAyB,gDAAA,UAA4B,CAAA;AAG3D,EAAA,MAAM,gBAAA,EAAkB,CAAC,CAAC,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AAGxD,EAAA,GAAA,CACE,OAAA,CAAQ,OAAA,CAAQ,SAAA,IAAa,sBAAA,CAAuB,SAAA,GACpD,OAAA,CAAQ,OAAA,IAAW,KAAA,EACnB;AACA,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,CAAC,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC3E,IAAA,OAAA,CAAQ,GAAA,CAAI,2DAAsD,CAAA;AAClE,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC1E,IAAA,OAAA,CAAQ,GAAA,CAAI,uDAAkD,CAAA;AAC9D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAGA,EAAA,GAAA,CAAI,CAAC,eAAA,EAAiB;AACpB,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,MAAM,SAAA,EAAW,IAAI,GAAA,CAAI,sBAAA,CAAuB,QAAA,EAAU,OAAA,CAAQ,GAAG,CAAA;AACrE,IAAA,OAAO,sBAAA,CAAa,QAAA,CAAS,QAAQ,CAAA;AAAA,EACvC;AAEA,EAAA,OAAA,CAAQ,GAAA,CAAI,0BAAqB,CAAA;AACjC,EAAA,OAAO,KAAA,CAAA;AACT,CAAA,CAAA;AAUO,IAAM,eAAA,EACX,CAAC,WAAA,EAAa,kCAAA,EAAA,GACd,CAAO,OAAA,EAAA,GAAgD,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACrD,EAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,EAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AAIrB,EAAA,OAAO,sBAAA,CAAa,IAAA,CAAK,CAAA;AAC3B,CAAA,CAAA;AAWK,SAAS,QAAA,CACd,UAAA,EACiD;AACjD,EAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,IAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,CAAC,CAAA,EAAG,OAAO,CAAA;AAC5C,IAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AACrB,IAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,EAC3B,CAAA,CAAA;AACF;AAeO,SAAS,IAAA,CAAK,WAAA,EAAyB,CAAC,CAAA,EAAG;AAChD,EAAA,OAAO,CACL,UAAA,EAAA,GACsD;AACtD,IAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,MAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,MAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AACrB,MAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,IAC3B,CAAA,CAAA;AAAA,EACF,CAAA;AACF;AF7DA;AACA;AGpGA;AACA,wCAA+B;AAe/B,IAAM,OAAA,EAAS,wBAAA,CAAQ,MAAA,CAAO,QAAA,CAAS,IAAA;AAEvC,IAAM,UAAA,EAAN,MAAA,QAAwB,MAAM;AAAA,EAC5B,WAAA,CACE,OAAA,EACgB,OAAA,EAAiB,GAAA,EACjC;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAFG,IAAA,IAAA,CAAA,OAAA,EAAA,MAAA;AAGhB,IAAA,IAAA,CAAK,KAAA,EAAO,WAAA;AAAA,EACd;AACF,CAAA;AAOA,SAAe,eAAA,CAAA,EAAyC;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtD,IAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,CAAA;AAC9C,IAAA,MAAM,aAAA,EAAe,IAAI,qDAAA,CAAgC,aAAa,CAAA;AAEtE,IAAA,MAAM,UAAA,EAAY,MAAM,YAAA,CAAa,gBAAA,CAAiB,CAAA;AAEtD,IAAA,OAAOC,sBAAAA,CAAa,IAAA,CAAK,EAAE,MAAA,EAAQ,SAAA,EAAW,UAAU,CAAC,CAAA;AAAA,EAC3D,CAAA,CAAA;AAAA;AAEA,SAAe,cAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAKvB,IAAA,GAAA,CAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA,EAAG;AACzC,MAAA,MAAMC,UAAAA,EAAW,IAAID,2BAAAA;AAAA,QACnB,CAAA,uCAAA,EAA0C,4CAA2B,CAAA,qBAAA;AAAA,MACvE,CAAA;AACA,MAAAC,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAA,EAAgB,0BAA0B,CAAA;AAC/D,MAAA,OAAA,CAAQ,GAAA;AAAA,QACN,CAAA,iDAAA,EAAoD,4CAA2B,CAAA;AAAA,MAAA;AAEjF,MAAA;AAAO,IAAA;AAET,IAAA;AACA,IAAA;AACA,IAAA;AAEA,IAAA;AACA,IAAA;AAEA,IAAA;AACA,IAAA;AACE,MAAA;AAAyD,QAAA;AAE1C,MAAA;AACd,IAAA;AAED,MAAA;AACA,MAAA;AAAsD,IAAA;AAGxD,IAAA;AACA,IAAA;AACE,MAAA;AAAkD,IAAA;AAGpD,IAAA;AACA,IAAA;AACA,IAAA;AAKA,IAAA;AACA,IAAA;AACA,IAAA;AAAO,EAAA;AACT;AAQA;AAKE,EAAA;AACE,IAAA;AAAO,EAAA;AAET,EAAA;AACF;AAEA;AAGyB,EAAA;AAnHzB,IAAA;AAoHE,IAAA;AACA,IAAA;AACA,IAAA;AAEA,IAAA;AACA,IAAA;AAAyB,MAAA;AACvB,MAAA;AACqB,IAAA;AAGvB,IAAA;AAEA,IAAA;AAEA,IAAA;AACE,MAAA;AAAqE,IAAA;AAErE,MAAA;AAA4D,IAAA;AAG9D,IAAA;AAAO,EAAA;AACT;AAcO;AAGH,EAAA;AAEA,EAAA;AACE,IAAA;AACA,IAAA;AACA,IAAA;AAEA,IAAA;AAAqB,MAAA;AAEjB,QAAA;AAA6B,MAAA;AAE7B,QAAA;AAA2C,MAAA;AAE3C,QAAA;AAAyC,MAAA;AAEzC,QAAA;AAA0D,IAAA;AAC9D,EAAA;AAEA,IAAA;AAEA,IAAA;AACA,IAAA;AAGA,IAAA;AAEA,IAAA;AACA,IAAA;AAAO,EAAA;AAEX;AH0BF;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/nextjs.js","sourcesContent":[null,"/**\n * Used on the server-side to get the user object from the cookie\n */\nimport { User } from \"@/types\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies\";\nimport { retrieveTokens } from \"@/shared/util\";\n\nexport const getUser = (): User | null => {\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n const tokens = retrieveTokens(clientStorage);\n const user = userSession.get();\n if (!user || !tokens) return null;\n\n return {\n ...user!,\n idToken: tokens.id_token,\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token ?? \"\",\n } as User;\n};\n","/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n * console.log('in custom middleware', request.nextUrl.pathname);\n * return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n * console.log('in custom middleware', request.url);\n * return NextResponse.next();\n * })\n *\n */\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport {\n AuthConfig,\n defaultAuthConfig,\n resolveAuthConfig,\n} from \"@/nextjs/config.js\";\n\ntype Middleware = (\n request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n const matches = picomatch(globPattern);\n return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n patterns.some((pattern) => {\n if (!pattern) return false;\n console.log(\"matching\", {\n pattern,\n pathname,\n match: matchGlob(pathname, pattern),\n });\n return matchGlob(pathname, pattern);\n });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n authConfig: AuthConfig,\n request: NextRequest,\n): Promise<NextResponse | undefined> => {\n const authConfigWithDefaults = resolveAuthConfig(authConfig);\n\n // Check for any valid auth token\n const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n // skip auth check for redirect to login url\n if (\n request.nextUrl.pathname === authConfigWithDefaults.loginUrl &&\n request.method === \"GET\"\n ) {\n console.log(\"→ Skipping auth check - this is the login URL\");\n return undefined;\n }\n\n if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n console.log(\"→ Skipping auth check - path not in include patterns\");\n return undefined;\n }\n\n if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n console.log(\"→ Skipping auth check - path in exclude patterns\");\n return undefined;\n }\n\n // Check for either token type\n if (!isAuthenticated) {\n console.log(\"→ No valid token found - redirecting to login\");\n const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n return NextResponse.redirect(loginUrl);\n }\n\n console.log(\"→ Auth check passed\");\n return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n (authConfig = defaultAuthConfig) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n // NextJS doesn't do middleware chaining yet, so this does not mean\n // \"call the next middleware\" - it means \"continue to the route handler\"\n return NextResponse.next();\n };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth({}, request);\n if (response) return response;\n return middleware(request);\n };\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n return (\n middleware: Middleware,\n ): ((request: NextRequest) => Promise<NextResponse>) => {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n return middleware(request);\n };\n };\n}\n","import { NextRequest, NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport { AuthConfig, resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n clearAuthCookies,\n NextjsClientStorage,\n NextjsCookieStorage,\n} from \"@/nextjs/cookies.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { getUser } from \"@/shared/session.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { GenericUserSession } from \"@/shared/UserSession.js\";\nimport { TOKEN_EXCHANGE_TRIGGER_TEXT } from \"@/constants\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n constructor(\n message: string,\n public readonly status: number = 401,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(): Promise<NextResponse> {\n const cookieStorage = new NextjsCookieStorage();\n const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n const challenge = await pkceProducer.getCodeChallenge();\n\n return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function handleCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n // If we have a code_verifier cookie, we can do a token exchange.\n // Otherwise, just render an empty page.\n // The initial redirect back from the auth server does not send cookies, because the redirect is from a 3rd-party domain.\n // The client will make an additional call to this route with cookies included, at which point we do the token exchange.\n if (!request.cookies.get(\"code_verifier\")) {\n const response = new NextResponse(\n `<html><body><span style=\"display:none\">${TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`,\n );\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n console.log(\n `handleCallback no code_verifier found, returning ${TOKEN_EXCHANGE_TRIGGER_TEXT}`,\n );\n return response;\n }\n const code = request.nextUrl.searchParams.get(\"code\");\n const state = request.nextUrl.searchParams.get(\"state\");\n if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n const resolvedConfigs = resolveAuthConfig(config);\n const cookieStorage = new NextjsCookieStorage(resolvedConfigs.cookies.tokens);\n\n const callbackUrl = resolveCallbackUrl(resolvedConfigs, request.url);\n try {\n await resolveOAuthAccessCode(code, state, cookieStorage, {\n ...resolvedConfigs,\n redirectUrl: callbackUrl,\n });\n } catch (error) {\n logger.error(\"Token exchange failed:\", error);\n throw new AuthError(\"Failed to authenticate user\", 401);\n }\n\n const user = await getUser(cookieStorage);\n if (!user) {\n throw new AuthError(\"Failed to get user info\", 401);\n }\n\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(user);\n\n // return an empty HTML response so the iframe doesn't show any response\n // in the short moment between the redirect and the parent window\n // acknowledging the redirect and closing the iframe\n const response = new NextResponse(`<html></html>`);\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n redirectPath: string,\n currentBasePath: string,\n) => {\n // Check if the redirectPath is an absolute URL\n if (/^(https?:\\/\\/|www\\.).+/i.test(redirectPath)) {\n return redirectPath; // Return as-is if it's an absolute URL\n }\n return new URL(redirectPath, currentBasePath).href;\n};\n\nasync function handleLogout(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n const redirectTarget =\n new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n const finalRedirectUrl = getAbsoluteRedirectPath(\n redirectTarget,\n new URL(request.url).origin,\n );\n\n const response = NextResponse.redirect(finalRedirectUrl);\n\n clearAuthCookies();\n\n try {\n revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n } catch (error) {\n logger.warn(\"Failed to revalidate path after logout:\", error);\n }\n\n return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n * // optional config overrides\n * })\n * ```\n */\nexport const handler =\n (authConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const config = resolveAuthConfig(authConfig);\n\n try {\n const pathname = request.nextUrl.pathname;\n const pathSegments = pathname.split(\"/\");\n const lastSegment = pathSegments[pathSegments.length - 1];\n\n switch (lastSegment) {\n case \"challenge\":\n return await handleChallenge();\n case \"callback\":\n return await handleCallback(request, config);\n case \"logout\":\n return await handleLogout(request, config);\n default:\n throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n }\n } catch (error) {\n logger.error(\"Auth handler error:\", error);\n\n const status = error instanceof AuthError ? error.status : 500;\n const message =\n error instanceof Error ? error.message : \"Authentication failed\";\n\n const response = NextResponse.json({ error: message }, { status });\n\n clearAuthCookies();\n return response;\n }\n };\n"]}
|
|
1
|
+
{"version":3,"sources":["/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/nextjs.js","../src/nextjs/GetUser.ts","../src/nextjs/middleware.ts","../src/nextjs/routeHandler.ts","../src/nextjs/NextJSSessionService.ts","../src/nextjs/cookies.ts"],"names":["cookies","NextResponse"],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;ACbA,4CAAwB;AAGjB,IAAM,QAAA,EAAU,CAAA,EAAA,GAAkC;AANzD,EAAA,IAAA,EAAA;AAQE,EAAA,MAAM,KAAA,EAAA,CAAO,GAAA,EAAA,gCAAA,CAAQ,CAAE,GAAA,CAAI,MAAM,CAAA,EAAA,GAApB,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAAuB,KAAA;AACpC,EAAA,GAAA,CAAI,CAAC,IAAA,EAAM,OAAO,IAAA;AAClB,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,IAAI,CAAA;AACxB,CAAA;ADaA;AACA;AEJA,0CAA0C;AAC1C,4FAAsB;AAgBtB,IAAM,UAAA,EAAY,CAAC,QAAA,EAAkB,WAAA,EAAA,GAAwB;AAC3D,EAAA,MAAM,QAAA,EAAU,iCAAA,WAAqB,CAAA;AACrC,EAAA,OAAO,OAAA,CAAQ,QAAQ,CAAA;AACzB,CAAA;AAOA,IAAM,aAAA,EAAe,CAAC,QAAA,EAAkB,QAAA,EAAA,GACtC,QAAA,CAAS,IAAA,CAAK,CAAC,OAAA,EAAA,GAAY;AACzB,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS,OAAO,KAAA;AACrB,EAAA,OAAA,CAAQ,GAAA,CAAI,UAAA,EAAY;AAAA,IACtB,OAAA;AAAA,IACA,QAAA;AAAA,IACA,KAAA,EAAO,SAAA,CAAU,QAAA,EAAU,OAAO;AAAA,EACpC,CAAC,CAAA;AACD,EAAA,OAAO,SAAA,CAAU,QAAA,EAAU,OAAO,CAAA;AACpC,CAAC,CAAA;AAGH,IAAM,UAAA,EAAY,CAChB,UAAA,EACA,OAAA,EAAA,GACsC,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtC,EAAA,MAAM,uBAAA,EAAyB,gDAAA,UAA4B,CAAA;AAG3D,EAAA,MAAM,gBAAA,EAAkB,CAAC,CAAC,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AAGxD,EAAA,GAAA,CAAI,OAAA,CAAQ,OAAA,CAAQ,SAAA,IAAa,sBAAA,CAAuB,QAAA,EAAU;AAChE,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,CAAC,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC3E,IAAA,OAAA,CAAQ,GAAA,CAAI,2DAAsD,CAAA;AAClE,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC1E,IAAA,OAAA,CAAQ,GAAA,CAAI,uDAAkD,CAAA;AAC9D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAGA,EAAA,GAAA,CAAI,CAAC,eAAA,EAAiB;AACpB,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,MAAM,SAAA,EAAW,IAAI,GAAA,CAAI,sBAAA,CAAuB,QAAA,EAAU,OAAA,CAAQ,GAAG,CAAA;AACrE,IAAA,OAAO,sBAAA,CAAa,QAAA,CAAS,QAAQ,CAAA;AAAA,EACvC;AAEA,EAAA,OAAA,CAAQ,GAAA,CAAI,0BAAqB,CAAA;AACjC,EAAA,OAAO,KAAA,CAAA;AACT,CAAA,CAAA;AAUO,IAAM,eAAA,EACX,CAAC,WAAA,EAAa,kCAAA,EAAA,GACd,CAAO,OAAA,EAAA,GAAgD,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACrD,EAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,EAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AAIrB,EAAA,OAAO,sBAAA,CAAa,IAAA,CAAK,CAAA;AAC3B,CAAA,CAAA;AAWK,SAAS,QAAA,CACd,UAAA,EACiD;AACjD,EAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,IAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,CAAC,CAAA,EAAG,OAAO,CAAA;AAC5C,IAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AACrB,IAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,EAC3B,CAAA,CAAA;AACF;AAeO,SAAS,IAAA,CAAK,WAAA,EAAyB,CAAC,CAAA,EAAG;AAChD,EAAA,OAAO,CACL,UAAA,EAAA,GACsD;AACtD,IAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,MAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,MAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AACrB,MAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,IAC3B,CAAA,CAAA;AAAA,EACF,CAAA;AACF;AFxEA;AACA;AGtFA;AACA,wCAA+B;AHwF/B;AACA;AI1FA;AJ4FA;AACA;AKtFA,IAAM,mBAAA,EAAqB,CACzB,QAAA,EACA,WAAA,EACA,MAAA,EAAA,GACG;AAXL,EAAA,IAAA,EAAA,EAAA,EAAA;AAYE,EAAA,MAAM,OAAA,EAAA,CAAS,GAAA,EAAA,WAAA,CAAY,SAAA,EAAA,GAAZ,KAAA,EAAA,GAAA,EAAyB,IAAA;AACxC,EAAA,MAAM,cAAA,EAAgB,4CAAA,6CAAA,CAAA,CAAA,EAAA,CACjB,GAAA,EAAA,MAAA,CAAO,OAAA,EAAA,GAAP,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAAgB,MAAA,CAAA,EADC;AAAA,IAEpB;AAAA,EACF,CAAA,CAAA;AAEA,EAAA,GAAA,CAAI,WAAA,CAAY,WAAA,EAAa;AAC3B,IAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAA,EAAgB,WAAA,CAAY,WAAA,EAAa,4CAAA,6CAAA,CAAA,CAAA,EACzD,aAAA,CAAA,EADyD;AAAA,MAE5D,QAAA,EAAU;AAAA,IACZ,CAAA,CAAC,CAAA;AAAA,EACH;AAEA,EAAA,GAAA,CAAI,WAAA,CAAY,OAAA,EAAS;AACvB,IAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,UAAA,EAAY,WAAA,CAAY,OAAA,EAAS,4CAAA,6CAAA,CAAA,CAAA,EACjD,aAAA,CAAA,EADiD;AAAA,MAEpD,QAAA,EAAU;AAAA,IACZ,CAAA,CAAC,CAAA;AAAA,EACH;AAEA,EAAA,GAAA,CAAI,WAAA,CAAY,YAAA,EAAc;AAC5B,IAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,WAAA,CAAY,YAAA,EAAc,4CAAA,6CAAA,CAAA,CAAA,EAC3D,aAAA,CAAA,EAD2D;AAAA,MAE9D,QAAA,EAAU;AAAA,IACZ,CAAA,CAAC,CAAA;AAAA,EACH;AACF,CAAA;AAKA,IAAM,qBAAA,EAAuB,CAC3B,QAAA,EACA,IAAA,EACA,WAAA,EACA,MAAA,EAAA,GACG;AAhDL,EAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAiDE,EAAA,GAAA,CAAI,CAAC,IAAA,EAAM;AACT,IAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,MAAA,EAAQ,EAAA,EAAI,4CAAA,6CAAA,CAAA,CAAA,EAAA,CAC5B,GAAA,EAAA,MAAA,CAAO,OAAA,EAAA,GAAP,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAAgB,IAAA,CAAA,EADY;AAAA,MAE/B,MAAA,EAAQ;AAAA,IACV,CAAA,CAAC,CAAA;AACD,IAAA,MAAA;AAAA,EACF;AACA,EAAA,MAAM,OAAA,EAAA,CAAS,GAAA,EAAA,WAAA,CAAY,SAAA,EAAA,GAAZ,KAAA,EAAA,GAAA,EAAyB,IAAA;AAGxC,EAAA,MAAM,aAAA,EAAe,6CAAA,CAAA,CAAA,EAChB,IAAA,CAAA;AAOL,EAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,MAAA,EAAQ,IAAA,CAAK,SAAA,CAAU,YAAY,CAAA,EAAG,4CAAA,6CAAA,CAAA,CAAA,EAAA,CACtD,GAAA,EAAA,MAAA,CAAO,OAAA,EAAA,GAAP,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAAgB,IAAA,CAAA,EADsC;AAAA,IAEzD;AAAA,EACF,CAAA,CAAC,CAAA;AACH,CAAA;AAKA,IAAM,iBAAA,EAAmB,CAAC,QAAA,EAAwB,MAAA,EAAA,GAAuB;AA5EzE,EAAA,IAAA,EAAA,EAAA,EAAA;AA6EE,EAAA,MAAM,aAAA,EAAe,4CAAA,6CAAA,CAAA,CAAA,EAAA,CAChB,GAAA,EAAA,MAAA,CAAO,OAAA,EAAA,GAAP,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAAgB,MAAA,CAAA,EADA;AAAA,IAEnB,MAAA,EAAQ;AAAA,EACV,CAAA,CAAA;AAEA,EAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAA,EAAgB,EAAA,EAAI,YAAY,CAAA;AACrD,EAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,UAAA,EAAY,EAAA,EAAI,YAAY,CAAA;AACjD,EAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,EAAA,EAAI,YAAY,CAAA;AACtD,EAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAA,EAAgB,EAAA,EAAI,YAAY,CAAA;AACrD,EAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,MAAA,EAAQ,EAAA,EAAI,4CAAA,6CAAA,CAAA,CAAA,EAAA,CAC5B,GAAA,EAAA,MAAA,CAAO,OAAA,EAAA,GAAP,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAAgB,IAAA,CAAA,EADY;AAAA,IAE/B,MAAA,EAAQ;AAAA,EACV,CAAA,CAAC,CAAA;AACH,CAAA;ALqDA;AACA;AI7HO,IAAM,6BAAA,EAAN,MAAA,QAA2C,wCAAuB;AAAA,EACvE,WAAA,CACW,UAAA,EACA,OAAA,EACA,QAAA,EACA,cAAA,EACT;AACA,IAAA,KAAA;AAAA,MACE,UAAA,CAAW,QAAA;AAAA,MACX,UAAA,CAAW,WAAA;AAAA,MACX,UAAA,CAAW,WAAA;AAAA,MACX;AAAA,IACF,CAAA;AAVS,IAAA,IAAA,CAAA,WAAA,EAAA,UAAA;AACA,IAAA,IAAA,CAAA,QAAA,EAAA,OAAA;AACA,IAAA,IAAA,CAAA,SAAA,EAAA,QAAA;AACA,IAAA,IAAA,CAAA,eAAA,EAAA,cAAA;AAAA,EAQX;AAAA,EAEU,eAAA,CAAA,EAA0B;AAClC,IAAA,MAAM,aAAA,EAAeA,gCAAAA,CAAQ,CAAE,GAAA,CAAI,cAAc,CAAA;AACjD,IAAA,GAAA,CAAI,CAAC,YAAA,EAAc;AACjB,MAAA,MAAM,IAAI,KAAA,CAAM,oCAAoC,CAAA;AAAA,IACtD;AACA,IAAA,OAAO,YAAA,CAAa,KAAA;AAAA,EACtB;AAAA,EAEA,cAAA,CAAA,EAA8B;AA1ChC,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AA2CI,IAAA,MAAM,cAAA,EAAgBA,gCAAAA,CAAQ,CAAE,GAAA,CAAI,cAAc,EAAA,IAAM,KAAA,CAAA;AACxD,IAAA,OAAO;AAAA,MACL,aAAA;AAAA,MACA,YAAA,EAAA,CAAc,GAAA,EAAAA,gCAAAA,CAAQ,CAAE,GAAA,CAAI,cAAc,CAAA,EAAA,GAA5B,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAA+B,KAAA;AAAA,MAC7C,WAAA,EAAA,CAAa,GAAA,EAAAA,gCAAAA,CAAQ,CAAE,GAAA,CAAI,cAAc,CAAA,EAAA,GAA5B,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAA+B,KAAA;AAAA,MAC5C,OAAA,EAAA,CAAS,GAAA,EAAAA,gCAAAA,CAAQ,CAAE,GAAA,CAAI,UAAU,CAAA,EAAA,GAAxB,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAA2B,KAAA;AAAA,MACpC,YAAA,EAAA,CAAc,GAAA,EAAAA,gCAAAA,CAAQ,CAAE,GAAA,CAAI,eAAe,CAAA,EAAA,GAA7B,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAAgC;AAAA,IAChD,CAAA;AAAA,EACF;AAAA,EAEA,iBAAA,CAAkB,IAAA,EAAkC;AAClD,IAAA,kBAAA;AAAA,MACE,IAAA,CAAK,QAAA;AAAA,MACL,IAAA;AAAA,MACA,IAAA,CAAK;AAAA,IACP,CAAA;AAAA,EACF;AAAA,EAEA,OAAA,CAAA,EAAsC;AACpC,IAAA,MAAM,WAAA,EAAaA,gCAAAA,CAAQ,CAAE,GAAA,CAAI,MAAM,CAAA;AACvC,IAAA,GAAA,CAAI,CAAC,UAAA,EAAY,OAAO,IAAA;AACxB,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,UAAA,CAAW,KAAK,CAAA;AAAA,EACpC;AAAA,EAEA,OAAA,CAAQ,IAAA,EAAwC;AAC9C,IAAA,oBAAA;AAAA,MACE,IAAA,CAAK,QAAA;AAAA,MACL,IAAA;AAAA,MACA,EAAE,aAAA,EAAe,KAAK,CAAA;AAAA,MACtB,IAAA,CAAK;AAAA,IACP,CAAA;AAAA,EACF;AAAA,EAEA,gBAAA,CAAA,EAAyB;AACvB,IAAA,gBAAA,CAAiB,IAAA,CAAK,QAAA,EAA0B,IAAA,CAAK,UAAU,CAAA;AAAA,EACjE;AAAA;AAAA,EAGA,oBAAA,CAAA,EAAuB;AACrB,IAAA,MAAM,IAAI,KAAA,CAAM,iBAAiB,CAAA;AAAA,EACnC;AAAA,EAEM,MAAA,CAAA,EAAwB;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5B,MAAA,IAAA,CAAK,iBAAA,CAAkB,EAAE,aAAA,EAAe,MAAM,CAAC,CAAA;AAAA,IACjD,CAAA,CAAA;AAAA,EAAA;AACF,CAAA;AJyHA;AACA;AGvMA,qCAAqC;AAGrC,IAAM,OAAA,EAAS,wBAAA,CAAQ,MAAA,CAAO,QAAA,CAAS,IAAA;AAEvC,IAAM,UAAA,EAAN,MAAA,QAAwB,MAAM;AAAA,EAC5B,WAAA,CACE,OAAA,EACgB,OAAA,EAAiB,GAAA,EACjC;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAFG,IAAA,IAAA,CAAA,OAAA,EAAA,MAAA;AAGhB,IAAA,IAAA,CAAK,KAAA,EAAO,WAAA;AAAA,EACd;AACF,CAAA;AAOA,SAAe,eAAA,CAAA,EAAyC;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtD,IAAA,MAAM,aAAA,EAAe,0CAAA,CAAqB;AAC1C,IAAA,OAAA,CAAQ,GAAA,CAAI,8BAAA,EAAgC,YAAY,CAAA;AACxD,IAAA,MAAM,UAAA,EAAY,MAAM,kDAAA,YAAgC,CAAA;AACxD,IAAA,MAAM,SAAA,EAAWC,sBAAAA,CAAa,IAAA,CAAK,EAAE,MAAA,EAAQ,SAAA,EAAW,UAAU,CAAC,CAAA;AACnE,IAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAA,EAAgB,YAAA,EAAc;AAAA,MACjD,QAAA,EAAU,IAAA;AAAA,MACV,MAAA,EAAQ,IAAA;AAAA,MACR,QAAA,EAAU;AAAA,IACZ,CAAC,CAAA;AACD,IAAA,OAAO,QAAA;AAAA,EACT,CAAA,CAAA;AAAA;AACA,SAAe,cAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACvB,IAAA,MAAM,KAAA,EAAO,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACpD,IAAA,GAAA,CAAI,CAAC,IAAA,EAAM,MAAM,IAAI,SAAA,CAAU,4BAA4B,CAAA;AAE3D,IAAA,IAAI;AAIF,MAAA,MAAM,SAAA,EAAW,IAAIA,2BAAAA,CAAa,CAAA,aAAA,CAAe,CAAA;AACjD,MAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAA,EAAgB,0BAA0B,CAAA;AAE/D,MAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAChD,MAAA,MAAM,YAAA,EAAc,IAAI,GAAA;AAAA,QACtB,gBAAA,GAAA,KAAA,EAAA,KAAA,EAAA,EAAA,eAAA,CAAiB,WAAA;AAAA,QACjB,OAAA,CAAQ;AAAA,MACV,CAAA,CAAE,QAAA,CAAS,CAAA;AAEX,MAAA,MAAM,YAAA,EAAc,4BAAA;AAAA,QAClB,4CAAA,6CAAA,CAAA,CAAA,EACK,eAAA,CAAA,EADL;AAAA,UAEE;AAAA,QACF,CAAA,CAAA;AAAA,QACA,OAAA;AAAA,QACA;AAAA,MACF,CAAA;AACA,MAAA,OAAA,CAAQ,GAAA,CAAI,4BAAA,EAA8B,WAAW,CAAA;AACrD,MAAA,MAAM,OAAA,EAAS,MAAM,WAAA,CAAY,aAAA,CAAc,OAAA,CAAQ,OAAA,CAAQ,QAAA,CAAS,CAAC,CAAA;AAEzE,MAAA,GAAA,CAAI,CAAC,MAAA,CAAO,WAAA,EAAa;AACvB,QAAA,MAAM,IAAI,SAAA,CAAU,sBAAsB,CAAA;AAAA,MAC5C;AAEA,MAAA,OAAO,QAAA;AAAA,IACT,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAA,CAAO,KAAA,CAAM,wBAAA,EAA0B,KAAK,CAAA;AAC5C,MAAA,MAAM,IAAI,SAAA,CAAU,6BAAA,EAA+B,GAAG,CAAA;AAAA,IACxD;AAAA,EACF,CAAA,CAAA;AAAA;AAQA,IAAM,wBAAA,EAA0B,CAC9B,YAAA,EACA,eAAA,EAAA,GACG;AAEH,EAAA,GAAA,CAAI,yBAAA,CAA0B,IAAA,CAAK,YAAY,CAAA,EAAG;AAChD,IAAA,OAAO,YAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAI,GAAA,CAAI,YAAA,EAAc,eAAe,CAAA,CAAE,IAAA;AAChD,CAAA;AAEA,SAAe,YAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAzGzB,IAAA,IAAA,EAAA;AA0GE,IAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAChD,IAAA,MAAM,oBAAA,EAAA,CAAsB,GAAA,EAAA,eAAA,CAAgB,QAAA,EAAA,GAAhB,KAAA,EAAA,GAAA,EAA4B,GAAA;AACxD,IAAA,MAAM,eAAA,EACJ,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,YAAA,CAAa,GAAA,CAAI,UAAU,EAAA,GAAK,mBAAA;AACvD,IAAA,MAAM,mBAAA,EAAqB,yBAAA,CAA0B,IAAA,CAAK,cAAc,CAAA;AACxE,IAAA,MAAM,iBAAA,EAAmB,uBAAA;AAAA,MACvB,cAAA;AAAA,MACA,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE;AAAA,IACvB,CAAA;AAEA,IAAA,MAAM,SAAA,EAAWA,sBAAAA,CAAa,QAAA,CAAS,gBAAgB,CAAA;AACvD,IAAA,gBAAA,CAAiB,QAAA,EAAU,eAAe,CAAA;AAE1C,IAAA,IAAI;AACF,MAAA,qCAAA,mBAAe,EAAqB,iBAAA,EAAmB,cAAc,CAAA;AAAA,IACvE,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAA,CAAO,IAAA,CAAK,yCAAA,EAA2C,KAAK,CAAA;AAAA,IAC9D;AAEA,IAAA,OAAO,QAAA;AAAA,EACT,CAAA,CAAA;AAAA;AAEA,IAAM,6BAAA,EAA+B,CACnC,UAAA,EACA,OAAA,EACA,QAAA,EAAA,GACuB;AACvB,EAAA,OAAO,IAAI,4BAAA,CAA6B,UAAA,EAAY,OAAA,EAAS,QAAQ,CAAA;AACvE,CAAA;AAcO,IAAM,QAAA,EACX,CAAC,WAAA,EAAiB,CAAC,CAAA,EAAA,GACnB,CAAO,OAAA,EAAA,GAAgD,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACrD,EAAA,MAAM,OAAA,EAAS,gDAAA,UAA4B,CAAA;AAE3C,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,QAAA;AACjC,IAAA,MAAM,aAAA,EAAe,QAAA,CAAS,KAAA,CAAM,GAAG,CAAA;AACvC,IAAA,MAAM,YAAA,EAAc,YAAA,CAAa,YAAA,CAAa,OAAA,EAAS,CAAC,CAAA;AAExD,IAAA,OAAA,CAAQ,WAAA,EAAa;AAAA,MACnB,KAAK,WAAA;AACH,QAAA,OAAO,MAAM,eAAA,CAAgB,CAAA;AAAA,MAC/B,KAAK,UAAA;AACH,QAAA,OAAO,MAAM,cAAA,CAAe,OAAA,EAAS,MAAM,CAAA;AAAA,MAC7C,KAAK,QAAA;AACH,QAAA,OAAO,MAAM,YAAA,CAAa,OAAA,EAAS,MAAM,CAAA;AAAA,MAC3C,OAAA;AACE,QAAA,MAAM,IAAI,SAAA,CAAU,CAAA,oBAAA,EAAuB,QAAQ,CAAA,CAAA;AACvD,IAAA;AACc,EAAA;AAC2B,IAAA;AAES,IAAA;AAEjB,IAAA;AAEsB,IAAA;AAEtB,IAAA;AAC1B,IAAA;AACT,EAAA;AACF;AH4I0D;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/nextjs.js","sourcesContent":[null,"/**\n * Used on the server-side to get the user object from the cookie\n */\nimport { cookies } from \"next/headers.js\";\nimport { UnknownObject, User } from \"../types\";\n\nexport const getUser = (): User<UnknownObject> | null => {\n // TODO validate the token?\n const user = cookies().get(\"user\")?.value;\n if (!user) return null;\n return JSON.parse(user);\n};\n","/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n * console.log('in custom middleware', request.nextUrl.pathname);\n * return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n * console.log('in custom middleware', request.url);\n * return NextResponse.next();\n * })\n *\n */\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport {\n AuthConfig,\n defaultAuthConfig,\n resolveAuthConfig,\n} from \"@/nextjs/config.js\";\n\ntype Middleware = (\n request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n const matches = picomatch(globPattern);\n return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n patterns.some((pattern) => {\n if (!pattern) return false;\n console.log(\"matching\", {\n pattern,\n pathname,\n match: matchGlob(pathname, pattern),\n });\n return matchGlob(pathname, pattern);\n });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n authConfig: AuthConfig,\n request: NextRequest,\n): Promise<NextResponse | undefined> => {\n const authConfigWithDefaults = resolveAuthConfig(authConfig);\n\n // Check for any valid auth token\n const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n // skip auth check for login url\n if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {\n console.log(\"→ Skipping auth check - this is the login URL\");\n return undefined;\n }\n\n if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n console.log(\"→ Skipping auth check - path not in include patterns\");\n return undefined;\n }\n\n if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n console.log(\"→ Skipping auth check - path in exclude patterns\");\n return undefined;\n }\n\n // Check for either token type\n if (!isAuthenticated) {\n console.log(\"→ No valid token found - redirecting to login\");\n const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n return NextResponse.redirect(loginUrl);\n }\n\n console.log(\"→ Auth check passed\");\n return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n (authConfig = defaultAuthConfig) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n // NextJS doesn't do middleware chaining yet, so this does not mean\n // \"call the next middleware\" - it means \"continue to the route handler\"\n return NextResponse.next();\n };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth({}, request);\n if (response) return response;\n return middleware(request);\n };\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n return (\n middleware: Middleware,\n ): ((request: NextRequest) => Promise<NextResponse>) => {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n return middleware(request);\n };\n };\n}\n","import { NextRequest, NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport {\n AuthConfig,\n DefinedAuthConfig,\n resolveAuthConfig,\n} from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { AuthSessionService } from \"@/types\";\nimport { NextJSAuthSessionServiceImpl } from \"./NextJSSessionService.js\";\nimport { clearAuthCookies } from \"./cookies.js\";\nimport { generateCodeVerifier } from \"oslo/oauth2\";\nimport { deriveCodeChallenge } from \"@/shared/util.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n constructor(\n message: string,\n public readonly status: number = 401,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(): Promise<NextResponse> {\n const codeVerifier = generateCodeVerifier();\n console.log(\"handleChallenge codeVerifier\", codeVerifier);\n const challenge = await deriveCodeChallenge(codeVerifier);\n const response = NextResponse.json({ status: \"success\", challenge });\n response.cookies.set(\"codeVerifier\", codeVerifier, {\n httpOnly: true,\n secure: true,\n sameSite: \"strict\",\n });\n return response;\n}\nasync function handleCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const code = request.nextUrl.searchParams.get(\"code\");\n if (!code) throw new AuthError(\"Missing authorization code\");\n\n try {\n // return an empty HTML response so the iframe doesn't show any response\n // in the short moment between the redirect and the parent window\n // acknowledging the redirect and closing the iframe\n const response = new NextResponse(`<html></html>`);\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n\n const resolvedConfigs = resolveAuthConfig(config);\n const callbackUrl = new URL(\n resolvedConfigs?.callbackUrl,\n request.url,\n ).toString();\n\n const authService = getDefaultAuthSessionService(\n {\n ...resolvedConfigs,\n callbackUrl,\n },\n request,\n response,\n );\n console.log(\"handleCallback authService\", authService);\n const tokens = await authService.tokenExchange(request.nextUrl.toString());\n\n if (!tokens.accessToken) {\n throw new AuthError(\"Missing access token\");\n }\n\n return response;\n } catch (error) {\n logger.error(\"Token exchange failed:\", error);\n throw new AuthError(\"Failed to authenticate user\", 401);\n }\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n redirectPath: string,\n currentBasePath: string,\n) => {\n // Check if the redirectPath is an absolute URL\n if (/^(https?:\\/\\/|www\\.).+/i.test(redirectPath)) {\n return redirectPath; // Return as-is if it's an absolute URL\n }\n return new URL(redirectPath, currentBasePath).href;\n};\n\nasync function handleLogout(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n const redirectTarget =\n new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n const finalRedirectUrl = getAbsoluteRedirectPath(\n redirectTarget,\n new URL(request.url).origin,\n );\n\n const response = NextResponse.redirect(finalRedirectUrl);\n clearAuthCookies(response, resolvedConfigs);\n\n try {\n revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n } catch (error) {\n logger.warn(\"Failed to revalidate path after logout:\", error);\n }\n\n return response;\n}\n\nconst getDefaultAuthSessionService = (\n authConfig: DefinedAuthConfig,\n request?: NextRequest,\n response?: NextResponse,\n): AuthSessionService => {\n return new NextJSAuthSessionServiceImpl(authConfig, request, response);\n};\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n * // optional config overrides\n * })\n * ```\n */\nexport const handler =\n (authConfig: {} = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const config = resolveAuthConfig(authConfig);\n\n try {\n const pathname = request.nextUrl.pathname;\n const pathSegments = pathname.split(\"/\");\n const lastSegment = pathSegments[pathSegments.length - 1];\n\n switch (lastSegment) {\n case \"challenge\":\n return await handleChallenge();\n case \"callback\":\n return await handleCallback(request, config);\n case \"logout\":\n return await handleLogout(request, config);\n default:\n throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n }\n } catch (error) {\n logger.error(\"Auth handler error:\", error);\n\n const status = error instanceof AuthError ? error.status : 500;\n const message =\n error instanceof Error ? error.message : \"Authentication failed\";\n\n const response = NextResponse.json({ error: message }, { status });\n\n clearAuthCookies(response, config);\n return response;\n }\n };\n","import { cookies } from \"next/headers.js\";\nimport { SessionData, UnknownObject, Endpoints, User } from \"../types.js\";\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport { AuthConfigWithDefaults } from \"./config.js\";\nimport { AuthSessionServiceImpl } from \"@/services\";\nimport {\n clearAuthCookies,\n createTokenCookies,\n createUserInfoCookie,\n} from \"./cookies.js\";\n\nexport type StorageInterface = {\n get(): SessionData;\n getUser(): User<UnknownObject> | null;\n set(data: Partial<SessionData>): void;\n setUser(data: User<UnknownObject> | null): void;\n clear(): void;\n};\n\nexport class NextJSAuthSessionServiceImpl extends AuthSessionServiceImpl {\n constructor(\n readonly authConfig: AuthConfigWithDefaults,\n readonly request: NextRequest | undefined,\n readonly response: NextResponse | undefined,\n readonly inputEndpoints?: Endpoints | undefined,\n ) {\n super(\n authConfig.clientId,\n authConfig.callbackUrl,\n authConfig.oauthServer,\n inputEndpoints,\n );\n }\n\n protected getCodeVerifier(): string {\n const codeVerifier = cookies().get(\"codeVerifier\");\n if (!codeVerifier) {\n throw new Error(\"Code verifier not found in cookies\");\n }\n return codeVerifier.value;\n }\n\n getSessionData(): SessionData {\n const authenticated = cookies().get(\"access_token\") !== undefined;\n return {\n authenticated,\n codeVerifier: cookies().get(\"codeVerifier\")?.value,\n accessToken: cookies().get(\"access_token\")?.value,\n idToken: cookies().get(\"id_token\")?.value,\n refreshToken: cookies().get(\"refresh_token\")?.value,\n };\n }\n\n updateSessionData(data: Partial<SessionData>): void {\n createTokenCookies(\n this.response as NextResponse,\n data as SessionData,\n this.authConfig,\n );\n }\n\n getUser(): User<UnknownObject> | null {\n const userCookie = cookies().get(\"user\");\n if (!userCookie) return null;\n return JSON.parse(userCookie.value);\n }\n\n setUser(user: User<UnknownObject> | null): void {\n createUserInfoCookie(\n this.response as NextResponse,\n user,\n { authenticated: true },\n this.authConfig,\n );\n }\n\n clearSessionData(): void {\n clearAuthCookies(this.response as NextResponse, this.authConfig);\n }\n\n // TODO fix the Window reference\n loadAuthorizationUrl() {\n throw new Error(\"Not implemented\");\n }\n\n async logout(): Promise<void> {\n this.updateSessionData({ authenticated: false });\n }\n}\n","import { SessionData, UnknownObject, User } from \"@/types\";\nimport { NextResponse } from \"next/server\";\nimport { AuthConfig } from \"./config\";\n\n/**\n * Creates HTTP-only cookies for authentication tokens\n */\nconst createTokenCookies = (\n response: NextResponse,\n sessionData: SessionData,\n config: AuthConfig,\n) => {\n const maxAge = sessionData.expiresIn ?? 3600;\n const cookieOptions = {\n ...config.cookies?.tokens,\n maxAge,\n };\n\n if (sessionData.accessToken) {\n response.cookies.set(\"access_token\", sessionData.accessToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n\n if (sessionData.idToken) {\n response.cookies.set(\"id_token\", sessionData.idToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n\n if (sessionData.refreshToken) {\n response.cookies.set(\"refresh_token\", sessionData.refreshToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n};\n\n/**\n * Creates a client-readable cookie with user info\n */\nconst createUserInfoCookie = (\n response: NextResponse,\n user: User<UnknownObject> | null,\n sessionData: SessionData,\n config: AuthConfig,\n) => {\n if (!user) {\n response.cookies.set(\"user\", \"\", {\n ...config.cookies?.user,\n maxAge: 0,\n });\n return;\n }\n const maxAge = sessionData.expiresIn ?? 3600;\n\n // TODO select fields to include in the user cookie\n const frontendUser = {\n ...user,\n };\n\n // TODO make call to get user info from the\n // auth server /userinfo endpoint when it's available\n // then add to the default claims above\n\n response.cookies.set(\"user\", JSON.stringify(frontendUser), {\n ...config.cookies?.user,\n maxAge,\n });\n};\n\n/**\n * Clears all authentication cookies\n */\nconst clearAuthCookies = (response: NextResponse, config: AuthConfig) => {\n const clearOptions = {\n ...config.cookies?.tokens,\n maxAge: 0,\n };\n\n response.cookies.set(\"access_token\", \"\", clearOptions);\n response.cookies.set(\"id_token\", \"\", clearOptions);\n response.cookies.set(\"refresh_token\", \"\", clearOptions);\n response.cookies.set(\"codeVerifier\", \"\", clearOptions);\n response.cookies.set(\"user\", \"\", {\n ...config.cookies?.user,\n maxAge: 0,\n });\n};\n\nexport { createTokenCookies, createUserInfoCookie, clearAuthCookies };\n"]}
|