@convex-dev/better-auth 0.9.11 → 0.10.0

package/src/react/index.tsx

@@ -1,11 +1,24 @@
-import { useEffect } from "react";
-
-import { type ReactNode, useCallback, useMemo } from "react";
+import {
+  Component,
+  type PropsWithChildren,
+  type ReactNode,
+  useCallback,
+  useEffect,
+  useMemo,
+  useState,
+} from "react";
 import { type AuthTokenFetcher } from "convex/browser";
-import { ConvexProviderWithAuth } from "convex/react";
+import {
+  Authenticated,
+  ConvexProviderWithAuth,
+  useConvexAuth,
+  useQuery,
+} from "convex/react";
+import type { FunctionReference } from "convex/server";
 import { type BetterAuthClientPlugin } from "better-auth";
 import { createAuthClient } from "better-auth/react";
 import { convexClient, crossDomainClient } from "../client/plugins/index.js";
+import type { EmptyObject } from "convex-helpers";
 
 type CrossDomainClient = ReturnType<typeof crossDomainClient>;
 type ConvexClient = ReturnType<typeof convexClient>;
@@ -45,13 +58,14 @@ export function ConvexBetterAuthProvider({
   children,
   client,
   authClient,
+  initialToken,
 }: {
   children: ReactNode;
   client: IConvexReactClient;
   authClient: AuthClient;
+  initialToken?: string | null;
 }) {
-  const useBetterAuth = useUseAuthFromBetterAuth(authClient);
-
+  const useBetterAuth = useUseAuthFromBetterAuth(authClient, initialToken);
   useEffect(() => {
     (async () => {
       const url = new URL(window.location?.href);
@@ -86,19 +100,46 @@ export function ConvexBetterAuthProvider({
   );
 }
 
-function useUseAuthFromBetterAuth(authClient: AuthClient) {
+let initialTokenUsed = false;
+
+function useUseAuthFromBetterAuth(
+  authClient: AuthClient,
+  initialToken?: string | null
+) {
+  const [cachedToken, setCachedToken] = useState<string | null>(
+    initialTokenUsed ? (initialToken ?? null) : null
+  );
+  useEffect(() => {
+    if (!initialTokenUsed) {
+      initialTokenUsed = true;
+    }
+  }, []);
+
   return useMemo(
     () =>
       function useAuthFromBetterAuth() {
         const { data: session, isPending: isSessionPending } =
           authClient.useSession();
         const sessionId = session?.session?.id;
+        useEffect(() => {
+          if (!session && !isSessionPending && cachedToken) {
+            setCachedToken(null);
+          }
+        }, [session, isSessionPending]);
         const fetchAccessToken = useCallback(
-          async () => {
+          async ({
+            forceRefreshToken = false,
+          }: { forceRefreshToken?: boolean } = {}) => {
+            if (cachedToken && !forceRefreshToken) {
+              return cachedToken;
+            }
             try {
               const { data } = await authClient.convex.token();
-              return data?.token || null;
+              const token = data?.token || null;
+              setCachedToken(token);
+              return token;
             } catch {
+              setCachedToken(null);
               return null;
             }
           },
@@ -120,3 +161,148 @@ function useUseAuthFromBetterAuth(authClient: AuthClient) {
     [authClient]
   );
 }
+
+interface ErrorBoundaryProps {
+  children: React.ReactNode;
+  onUnauth: () => void | Promise<void>;
+  renderFallback?: () => React.ReactNode;
+  isAuthError: (error: unknown) => boolean;
+}
+interface ErrorBoundaryState {
+  error?: unknown;
+}
+
+class ErrorBoundary extends Component<ErrorBoundaryProps, ErrorBoundaryState> {
+  constructor(props: ErrorBoundaryProps) {
+    super(props);
+    this.state = {};
+  }
+  static defaultProps: Partial<ErrorBoundaryProps> = {
+    renderFallback: () => null,
+  };
+  static getDerivedStateFromError(error: Error) {
+    return { error };
+  }
+  async componentDidCatch(error: Error) {
+    if (this.props.isAuthError(error)) {
+      await this.props.onUnauth();
+    }
+  }
+  render() {
+    if (this.state.error && this.props.isAuthError(this.state.error)) {
+      return this.props.renderFallback?.();
+    }
+    return this.props.children;
+  }
+}
+
+// Subscribe to the session validated user to keep this check reactive to
+// actual user auth state at the provider level (rather than just jwt validity state).
+const UserSubscription = ({
+  getAuthUserFn,
+}: {
+  getAuthUserFn: FunctionReference<"query">;
+}) => {
+  useQuery(getAuthUserFn);
+  return null;
+};
+
+/**
+ * _Experimental_
+ *
+ * A wrapper React component which provides error handling for auth related errors.
+ * This is typically used to redirect the user to the login page when they are
+ * unauthenticated, and does so reactively based on the getAuthUserFn query.
+ *
+ * @example
+ * ```ts
+ * // convex/auth.ts
+ * export const { getAuthUser } = authComponent.clientApi();
+ *
+ * // auth-client.tsx
+ * import { AuthBoundary } from "@convex-dev/react";
+ * import { api } from '../../convex/_generated/api'
+ * import { isAuthError } from '../lib/utils'
+ *
+ * export const ClientAuthBoundary = ({ children }: PropsWithChildren) => {
+ *   return (
+ *     <AuthBoundary
+ *       onUnauth={() => redirect("/sign-in")}
+ *       authClient={authClient}
+ *       getAuthUserFn={api.auth.getAuthUser}
+ *       isAuthError={isAuthError}
+ * >
+ *   <>{children}</>
+ * </AuthBoundary>
+ * )
+ * ```
+ * @param props.children - Children to render.
+ * @param props.onUnauth - Function to call when the user is
+ * unauthenticated. Typically a redirect to the login page.
+ * @param props.authClient - Better Auth authClient to use.
+ * @param props.renderFallback - Fallback component to render when the user is
+ * unauthenticated. Defaults to null. Generally not rendered as error handling
+ * is typically a redirect.
+ * @param props.getAuthUserFn - Reference to a Convex query that returns user.
+ * The component provides a query for this via `export const { getAuthUser } = authComponent.clientApi()`.
+ * @param props.isAuthError - Function to check if the error is auth related.
+ */
+export const AuthBoundary = ({
+  children,
+  /**
+   * The function to call when the user is unauthenticated. Typically a redirect
+   * to the login page.
+   */
+  onUnauth,
+  /**
+   * The Better Auth authClient to use.
+   */
+  authClient,
+  /**
+   * The fallback to render when the user is unauthenticated. Defaults to null.
+   * Generally not rendered as error handling is typically a redirect.
+   */
+  renderFallback,
+  /**
+   * The function to call to get the auth user.
+   */
+  getAuthUserFn,
+  /**
+   * The function to call to check if the error is auth related.
+   */
+  isAuthError,
+}: PropsWithChildren<{
+  onUnauth: () => void | Promise<void>;
+  authClient: AuthClient;
+  renderFallback?: () => React.ReactNode;
+  getAuthUserFn: FunctionReference<"query", "public", EmptyObject>;
+  isAuthError: (error: unknown) => boolean;
+}>) => {
+  const { isAuthenticated, isLoading } = useConvexAuth();
+  const handleUnauth = useCallback(async () => {
+    // Auth request that will clear cookies if session is invalid
+    await authClient.getSession();
+    await onUnauth();
+  }, [onUnauth]);
+
+  useEffect(() => {
+    void (async () => {
+      if (!isLoading && !isAuthenticated) {
+        await handleUnauth();
+      }
+    })();
+  }, [isLoading, isAuthenticated]);
+
+  return (
+    <ErrorBoundary
+      onUnauth={handleUnauth}
+      isAuthError={isAuthError}
+      renderFallback={renderFallback}
+    >
+      <Authenticated>
+        <UserSubscription getAuthUserFn={getAuthUserFn} />
+      </Authenticated>
+      {children}
+    </ErrorBoundary>
+  );
+};

package/src/react-start/index.ts

@@ -1,189 +1,69 @@
-import { betterAuth } from "better-auth";
-import { createCookieGetter } from "better-auth/cookies";
-import { betterFetch } from "@better-fetch/fetch";
-import * as jose from "jose";
-import {
-  type FunctionReference,
-  type FunctionReturnType,
-  type GenericActionCtx,
-  type GenericDataModel,
+import { stripIndent } from "common-tags";
+import type {
+  FunctionReference,
+  FunctionReturnType,
+  OptionalRestArgs,
 } from "convex/server";
-import { JWT_COOKIE_NAME } from "../plugins/convex/index.js";
 import { ConvexHttpClient } from "convex/browser";
-import { type CreateAuth, getStaticAuth } from "../client/index.js";
+import { getToken, type GetTokenOptions } from "../utils/index.js";
+import React from "react";
 
-export const getCookieName = <DataModel extends GenericDataModel>(
-  createAuth: CreateAuth<DataModel>
-) => {
-  const createCookie = createCookieGetter(getStaticAuth(createAuth).options);
-  const cookie = createCookie(JWT_COOKIE_NAME);
-  return cookie.name;
-};
-
-export const getCookieNames = <DataModel extends GenericDataModel>(
-  createAuth: CreateAuth<DataModel>
-) => {
-  const createCookie = createCookieGetter(getStaticAuth(createAuth).options);
-  return {
-    convexJwt: createCookie(JWT_COOKIE_NAME).name,
-    sessionToken: createCookie("session_token").name,
-  };
-};
-
-export const setupFetchClient = async <DataModel extends GenericDataModel>(
-  createAuth: CreateAuth<DataModel>,
-  getCookie: (name: string) => string | undefined
-) => {
-  const createClient = () => {
-    const sessionCookieName = getCookieName(createAuth);
-    const token = getCookie(sessionCookieName);
-    const client = new ConvexHttpClient(process.env.VITE_CONVEX_URL!);
-    if (token) {
-      client.setAuth(token);
-    }
-    return client;
-  };
-  return {
-    fetchQuery<
-      Query extends FunctionReference<"query">,
-      FuncRef extends FunctionReference<any, any>,
-    >(
-      query: Query,
-      args: FuncRef["_args"]
-    ): Promise<FunctionReturnType<Query>> {
-      return createClient().query(query, args);
-    },
-    fetchMutation<
-      Mutation extends FunctionReference<"mutation">,
-      FuncRef extends FunctionReference<any, any>,
-    >(
-      mutation: Mutation,
-      args: FuncRef["_args"]
-    ): Promise<FunctionReturnType<Mutation>> {
-      return createClient().mutation(mutation, args);
-    },
-    fetchAction<
-      Action extends FunctionReference<"action">,
-      FuncRef extends FunctionReference<any, any>,
-    >(
-      action: Action,
-      args: FuncRef["_args"]
-    ): Promise<FunctionReturnType<Action>> {
-      return createClient().action(action, args);
-    },
-  };
-};
-
-export const fetchSession = async <
-  T extends (ctx: GenericActionCtx<any>) => ReturnType<typeof betterAuth>,
->(
-  request: Request,
-  opts?: {
-    convexSiteUrl?: string;
-    verbose?: boolean;
-  }
-) => {
-  type Session = ReturnType<T>["$Infer"]["Session"];
+// Caching supported for React 19+ only
+const cache =
+  React.cache ||
+  ((fn: (...args: any[]) => any) => {
+    return (...args: any[]) => fn(...args);
+  });
 
-  if (!request) {
-    throw new Error("No request found");
-  }
-  const convexSiteUrl = opts?.convexSiteUrl ?? process.env.VITE_CONVEX_SITE_URL;
-  if (!convexSiteUrl) {
-    throw new Error("VITE_CONVEX_SITE_URL is not set");
-  }
-  const { data: session } = await betterFetch<Session>(
-    "/api/auth/get-session",
-    {
-      baseURL: convexSiteUrl,
-      headers: {
-        cookie: request.headers.get("cookie") ?? "",
-      },
-    }
-  );
-  return {
-    session,
-  };
+type ClientOptions = {
+  /**
+   * The URL of the Convex deployment to use for the function call.
+   */
+  convexUrl: string;
+  /**
+   * The HTTP Actions URL of the Convex deployment to use for the function call.
+   */
+  convexSiteUrl: string;
+  /**
+   * The JWT-encoded OpenID Connect authentication token to use for the function call.
+   * Just an optional override for edge cases, you probably don't need this.
+   */
+  token?: string;
 };
 
-export const fetchAuth = async (
-  request: Request,
-  opts?: {
-    convexSiteUrl?: string;
-    verbose?: boolean;
-  }
-) => {
-  if (!request) {
-    throw new Error("No request found");
-  }
-  const convexSiteUrl = opts?.convexSiteUrl ?? process.env.VITE_CONVEX_SITE_URL;
-  if (!convexSiteUrl) {
-    throw new Error("VITE_CONVEX_SITE_URL is not set");
+function setupClient(options: ClientOptions) {
+  const client = new ConvexHttpClient(options.convexUrl);
+  if (options.token !== undefined) {
+    client.setAuth(options.token);
   }
-  const { data } = await betterFetch<{ token: string }>(
-    "/api/auth/convex/token",
-    {
-      baseURL: convexSiteUrl,
-      headers: {
-        cookie: request.headers.get("cookie") ?? "",
-      },
-    }
-  );
-  if (!data?.token) {
-    return;
-  }
-  const claims = jose.decodeJwt(data.token);
-  return {
-    token: data.token,
-    userId: claims.sub,
-  };
-};
+  // @ts-expect-error - setFetchOptions is internal
+  client.setFetchOptions({ cache: "no-store" });
+  return client;
+}
 
-export const getAuthFromCookie = (
-  cookie?: string,
-  { tolerance = 10 }: { tolerance?: number } = {}
-) => {
-  if (!cookie) {
-    return;
+const parseConvexSiteUrl = (url: string) => {
+  if (!url) {
+    throw new Error(stripIndent`
+      CONVEX_SITE_URL is not set.
+      This is automatically set in the Convex backend, but must be set in the TanStack Start environment.
+      For local development, this can be set in the .env.local file.
+    `);
   }
-  const claims = jose.decodeJwt(cookie);
-  const exp = claims?.exp;
-  const now = Math.floor(new Date().getTime() / 1000);
-  const isExpired = exp ? now > exp + tolerance : true;
-  if (isExpired) {
-    return;
+  if (url.endsWith(".convex.cloud")) {
+    throw new Error(stripIndent`
+      CONVEX_SITE_URL should be set to your Convex Site URL, which ends in .convex.site.
+      Currently set to ${url}.
+    `);
   }
-  return { userId: claims?.sub, token: cookie };
-};
-
-export const getAuth = async <DataModel extends GenericDataModel>(
-  request: Request,
-  getCookie: (name: string) => string | undefined,
-  createAuth: CreateAuth<DataModel>,
-  opts?: { convexSiteUrl?: string }
-) => {
-  const sessionCookieName = getCookieName(createAuth);
-  const token = getCookie(sessionCookieName);
-  const { session } = await fetchSession(request, opts);
-  return {
-    userId: session?.user.id,
-    token,
-  };
+  return url;
 };
 
-export const reactStartHandler = (
-  request: Request,
-  opts?: { convexSiteUrl?: string; verbose?: boolean }
-) => {
+const handler = (request: Request, opts: { convexSiteUrl: string }) => {
   const requestUrl = new URL(request.url);
-  const convexSiteUrl = opts?.convexSiteUrl ?? process.env.VITE_CONVEX_SITE_URL;
-  if (!convexSiteUrl) {
-    throw new Error("VITE_CONVEX_SITE_URL is not set");
-  }
-  const nextUrl = `${convexSiteUrl}${requestUrl.pathname}${requestUrl.search}`;
+  const nextUrl = `${opts.convexSiteUrl}${requestUrl.pathname}${requestUrl.search}`;
   const headers = new Headers(request.headers);
   headers.set("accept-encoding", "application/json");
-  headers.set("host", convexSiteUrl);
+  headers.set("host", opts.convexSiteUrl);
   return fetch(nextUrl, {
     method: request.method,
     headers,
@@ -193,3 +73,78 @@ export const reactStartHandler = (
     duplex: "half",
   });
 };
+
+export const convexBetterAuthReactStart = (
+  opts: Omit<GetTokenOptions, "forceRefresh"> & {
+    convexUrl: string;
+    convexSiteUrl: string;
+  }
+) => {
+  const siteUrl = parseConvexSiteUrl(opts.convexSiteUrl);
+
+  const cachedGetToken = cache(async (opts: GetTokenOptions) => {
+    const { getRequestHeaders } = await import("@tanstack/react-start/server");
+    const headers = getRequestHeaders();
+    return getToken(siteUrl, headers, opts);
+  });
+
+  const callWithToken = async <
+    FnType extends "query" | "mutation" | "action",
+    Fn extends FunctionReference<FnType>,
+  >(
+    fn: (token?: string) => Promise<FunctionReturnType<Fn>>
+  ): Promise<FunctionReturnType<Fn>> => {
+    const token = (await cachedGetToken(opts)) ?? {};
+    try {
+      return await fn(token?.token);
+    } catch (error) {
+      if (
+        !opts?.jwtCache?.enabled ||
+        token.isFresh ||
+        opts.jwtCache?.isAuthError(error)
+      ) {
+        throw error;
+      }
+      const newToken = await cachedGetToken({
+        ...opts,
+        forceRefresh: true,
+      });
+      return await fn(newToken.token);
+    }
+  };
+
+  return {
+    getToken: async () => {
+      const token = await cachedGetToken(opts);
+      return token.token;
+    },
+    handler: (request: Request) => handler(request, opts),
+    fetchAuthQuery: async <Query extends FunctionReference<"query">>(
+      query: Query,
+      ...args: OptionalRestArgs<Query>
+    ): Promise<FunctionReturnType<Query>> => {
+      return callWithToken((token?: string) => {
+        const client = setupClient({ ...opts, token });
+        return client.query(query, ...args);
+      });
+    },
+    fetchAuthMutation: async <Mutation extends FunctionReference<"mutation">>(
+      mutation: Mutation,
+      ...args: OptionalRestArgs<Mutation>
+    ): Promise<FunctionReturnType<Mutation>> => {
+      return callWithToken((token?: string) => {
+        const client = setupClient({ ...opts, token });
+        return client.mutation(mutation, ...args);
+      });
+    },
+    fetchAuthAction: async <Action extends FunctionReference<"action">>(
+      action: Action,
+      ...args: OptionalRestArgs<Action>
+    ): Promise<FunctionReturnType<Action>> => {
+      return callWithToken((token?: string) => {
+        const client = setupClient({ ...opts, token });
+        return client.action(action, ...args);
+      });
+    },
+  };
+};

package/src/test.ts

@@ -11,7 +11,7 @@ const modules = import.meta.glob("./component/**/*.ts");
  */
 export function register(
   t: TestConvex<SchemaDefinition<GenericSchema, boolean>>,
-  name: string = "migrations"
+  name: string = "betterAuth"
 ) {
   t.registerComponent(name, schema, modules);
 }

package/src/utils/index.ts

@@ -1,10 +1,34 @@
+import { betterFetch } from "@better-fetch/fetch";
+import { type Auth, betterAuth } from "better-auth";
+import { getSessionCookie } from "better-auth/cookies";
 import {
+  type AuthProvider,
+  type DefaultFunctionArgs,
+  type FunctionReference,
   type GenericActionCtx,
   type GenericDataModel,
   type GenericMutationCtx,
   type GenericQueryCtx,
 } from "convex/server";
-import { type GenericCtx } from "../client/index.js";
+import { JWT_COOKIE_NAME } from "../plugins/convex/index.js";
+import * as jose from "jose";
+import type { Jwk } from "better-auth/plugins/jwt";
+
+export type CreateAuth<
+  DataModel extends GenericDataModel,
+  A extends ReturnType<typeof betterAuth> = Auth,
+> = (ctx: GenericCtx<DataModel>) => A;
+
+export type EventFunction<T extends DefaultFunctionArgs> = FunctionReference<
+  "mutation",
+  "internal" | "public",
+  T
+>;
+
+export type GenericCtx<DataModel extends GenericDataModel = GenericDataModel> =
+  | GenericQueryCtx<DataModel>
+  | GenericMutationCtx<DataModel>
+  | GenericActionCtx<DataModel>;
 
 export type RunMutationCtx<DataModel extends GenericDataModel> = (
   | GenericMutationCtx<DataModel>
@@ -72,3 +96,74 @@ export const requireRunMutationCtx = <DataModel extends GenericDataModel>(
   }
   return ctx;
 };
+
+export type GetTokenOptions = {
+  forceRefresh?: boolean;
+  cookiePrefix?: string;
+  jwtCache?: {
+    enabled: boolean;
+    expirationToleranceSeconds?: number;
+    isAuthError: (error: unknown) => boolean;
+  };
+};
+
+export const getToken = async (
+  siteUrl: string,
+  headers: Headers,
+  opts?: GetTokenOptions
+) => {
+  const fetchToken = async () => {
+    const { data } = await betterFetch<{ token: string }>(
+      "/api/auth/convex/token",
+      {
+        baseURL: siteUrl,
+        headers,
+      }
+    );
+    return { isFresh: true, token: data?.token };
+  };
+  if (!opts?.jwtCache?.enabled || opts.forceRefresh) {
+    return await fetchToken();
+  }
+  const token = getSessionCookie(new Headers(headers), {
+    cookieName: JWT_COOKIE_NAME,
+    cookiePrefix: opts?.cookiePrefix,
+  });
+  if (!token) {
+    return await fetchToken();
+  }
+  try {
+    const claims = jose.decodeJwt(token);
+    const exp = claims?.exp;
+    const now = Math.floor(new Date().getTime() / 1000);
+    const isExpired = exp
+      ? now > exp + (opts?.jwtCache?.expirationToleranceSeconds ?? 60)
+      : true;
+    if (!isExpired) {
+      return { isFresh: false, token };
+    }
+  } catch (error) {
+    console.error("Error decoding JWT", error);
+  }
+  return await fetchToken();
+};
+
+export const parseJwks = (providerConfig: AuthProvider) => {
+  const staticJwksString =
+    "jwks" in providerConfig && providerConfig.jwks?.startsWith("data:text/")
+      ? atob(providerConfig.jwks.split("base64,")[1])
+      : undefined;
+
+  if (!staticJwksString) {
+    return;
+  }
+  const parsed = JSON.parse(
+    staticJwksString?.slice(1, -1).replaceAll(/[\s\\]/g, "") || "{}"
+  );
+  const staticJwks = {
+    ...parsed,
+    privateKey: `"${parsed.privateKey}"`,
+    publicKey: `"${parsed.publicKey}"`,
+  } as Jwk;
+  return staticJwks;
+};

package/dist/client/adapterUtils.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"adapterUtils.d.ts","sourceRoot":"","sources":["../../src/client/adapterUtils.ts"],"names":[],"mappings":"AACA,OAAO,EAAkB,KAAK,KAAK,EAAK,MAAM,eAAe,CAAC;AAC9D,OAAO,EACL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,qBAAqB,EAC3B,MAAM,eAAe,CAAC;AAIvB,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEzD,eAAO,MAAM,qBAAqB;;;;;;;;;;4DA0BhC,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kHAY/B,CAAC;AAiBH,eAAO,MAAM,eAAe,GAC1B,kBAAkB,kBAAkB,EACpC,OAAO,MAAM,EACb,OAAO,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,YAQ3B,CAAC;AA0JF,eAAO,MAAM,iBAAiB,GAC5B,MAAM,SAAS,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,EAEzC,KAAK,eAAe,CAAC,gBAAgB,CAAC,EACtC,QAAQ,MAAM,EACd,kBAAkB,kBAAkB,EACpC,OAAO,MAAM,EACb,OAAO,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC1B,MAAM,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,kBA6B1B,CAAC;AAIF,eAAO,MAAM,YAAY,GACvB,CAAC,SAAS,qBAAqB,CAAC,gBAAgB,CAAC,EACjD,CAAC,SAAS,cAAc,CAAC,gBAAgB,EAAE,CAAC,CAAC,EAE7C,KAAK,CAAC,GAAG,IAAI,EACb,SAAS,MAAM,EAAE,sBAYlB,CAAC;AAsKF,eAAO,MAAM,QAAQ,GACnB,GAAG,SAAS,cAAc,CAAC,gBAAgB,EAAE,CAAC,CAAC,EAC/C,CAAC,SAAS,qBAAqB,CAAC,gBAAgB,CAAC,EAEjD,KAAK,eAAe,CAAC,gBAAgB,CAAC,EACtC,QAAQ,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,EAClC,kBAAkB,kBAAkB,EACpC,MAAM,KAAK,CAAC,OAAO,oBAAoB,CAAC,GAAG;IACzC,cAAc,EAAE,iBAAiB,CAAC;CACnC,KACA,OAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAiJ/B,CAAC;AAEF,eAAO,MAAM,OAAO,GAClB,GAAG,SAAS,cAAc,CAAC,gBAAgB,EAAE,CAAC,CAAC,EAC/C,CAAC,SAAS,qBAAqB,CAAC,gBAAgB,CAAC,EAEjD,KAAK,eAAe,CAAC,gBAAgB,CAAC,EACtC,QAAQ,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,EAClC,kBAAkB,kBAAkB,EACpC,MAAM,KAAK,CAAC,OAAO,oBAAoB,CAAC,KACvC,OAAO,CAAC,GAAG,GAAG,IAAI,CAUpB,CAAC"}