@crossauth/fastify 0.0.28 → 0.0.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/fastifyresserver.d.ts +2 -0
  2. package/dist/index.cjs +2 -2
  3. package/dist/index.js +1116 -1105
  4. package/package.json +3 -3
package/dist/index.js CHANGED
@@ -93,8 +93,8 @@ class De {
93
93
  return await this.updateUser(
94
94
  e,
95
95
  o,
96
- (s, i, n) => {
97
- const t = n ? "Please click on the link in your email to verify your email address." : "Your details have been updated";
96
+ (s, i, a) => {
97
+ const t = a ? "Please click on the link in your email to verify your email address." : "Your details have been updated";
98
98
  return s.view(this.updateUserPage, {
99
99
  csrfToken: e.csrfToken,
100
100
  message: t,
@@ -106,19 +106,19 @@ class De {
106
106
  } catch (s) {
107
107
  const i = l.asCrossauthError(s);
108
108
  d.logger.error(c({ msg: "Update user failure", user: e.body.username, errorCodeName: i.codeName, errorCode: i.code })), d.logger.debug(c({ err: s }));
109
- let n = {};
109
+ let a = {};
110
110
  for (let t in e.body)
111
- t.startsWith("user_") && (n[t] = e.body[t]);
112
- return this.sessionServer.handleError(s, e, o, (t, a) => t.view(this.updateUserPage, {
111
+ t.startsWith("user_") && (a[t] = e.body[t]);
112
+ return this.sessionServer.handleError(s, e, o, (t, n) => t.view(this.updateUserPage, {
113
113
  user: e.user,
114
- errorMessage: a.message,
115
- errorMessages: a.messages,
116
- errorCode: a.code,
117
- errorCodeName: g[a.code],
114
+ errorMessage: n.message,
115
+ errorMessages: n.messages,
116
+ errorCode: n.code,
117
+ errorCodeName: g[n.code],
118
118
  csrfToken: e.csrfToken,
119
119
  urlPrefix: this.prefix,
120
120
  allowedFactor2: this.sessionServer.allowedFactor2Details(),
121
- ...n
121
+ ...a
122
122
  }));
123
123
  }
124
124
  }
@@ -144,25 +144,25 @@ class De {
144
144
  return await this.updateUser(
145
145
  e,
146
146
  o,
147
- (i, n, t) => i.header(...N).send({
147
+ (i, a, t) => i.header(...N).send({
148
148
  ok: !0,
149
149
  emailVerificationRequired: t
150
150
  })
151
151
  );
152
152
  } catch (i) {
153
- const n = l.asCrossauthError(i);
153
+ const a = l.asCrossauthError(i);
154
154
  return d.logger.error(c({
155
155
  msg: "Update user failure",
156
156
  user: (s = e.user) == null ? void 0 : s.username,
157
- errorCodeName: n.codeName,
158
- errorCode: n.code
159
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
157
+ errorCodeName: a.codeName,
158
+ errorCode: a.code
159
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => {
160
160
  t.status(this.sessionServer.errorStatus(i)).header(...N).send({
161
161
  ok: !1,
162
- errorMessage: a.message,
163
- errorMessages: a.messages,
164
- errorCode: a.code,
165
- errorCodeName: g[a.code]
162
+ errorMessage: n.message,
163
+ errorMessages: n.messages,
164
+ errorCode: n.code,
165
+ errorCodeName: g[n.code]
166
166
  });
167
167
  }, !0);
168
168
  }
@@ -184,8 +184,8 @@ class De {
184
184
  ip: e.ip,
185
185
  user: (s = e.user) == null ? void 0 : s.username
186
186
  })), !this.sessionServer.isSessionUser(e) || !e.user) {
187
- const n = await this.sessionServer.getSessionData(e, "factor2change");
188
- if (!(n != null && n.username) && !this.sessionServer.isSessionUser(e))
187
+ const a = await this.sessionServer.getSessionData(e, "factor2change");
188
+ if (!(a != null && a.username) && !this.sessionServer.isSessionUser(e))
189
189
  return y.sendPageError(
190
190
  o,
191
191
  401,
@@ -225,30 +225,30 @@ class De {
225
225
  return await this.changeFactor2(
226
226
  e,
227
227
  o,
228
- (i, n, t) => n.factor2 ? i.view(this.configureFactor2Page, {
229
- csrfToken: n.csrfToken,
228
+ (i, a, t) => a.factor2 ? i.view(this.configureFactor2Page, {
229
+ csrfToken: a.csrfToken,
230
230
  next: e.body.next ?? this.sessionServer.loginRedirect,
231
- ...n.userData
231
+ ...a.userData
232
232
  }) : i.view(this.configureFactor2Page, {
233
233
  message: "Two factor authentication has been updated",
234
234
  next: e.body.next ?? this.sessionServer.loginRedirect,
235
- csrfToken: n.csrfToken
235
+ csrfToken: a.csrfToken
236
236
  })
237
237
  );
238
238
  } catch (i) {
239
- const n = l.asCrossauthError(i);
239
+ const a = l.asCrossauthError(i);
240
240
  return d.logger.error(c({
241
241
  msg: "Change two factor authentication failure",
242
242
  user: (s = e.user) == null ? void 0 : s.username,
243
- errorCodeName: n.codeName,
244
- errorCode: n.code
245
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
243
+ errorCodeName: a.codeName,
244
+ errorCode: a.code
245
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => {
246
246
  var h;
247
247
  return t.view(this.changeFactor2Page, {
248
- errorMessage: a.message,
249
- errorMessages: a.messages,
250
- errorCode: a.code,
251
- errorCodeName: g[a.code],
248
+ errorMessage: n.message,
249
+ errorMessages: n.messages,
250
+ errorCode: n.code,
251
+ errorCodeName: g[n.code],
252
252
  csrfToken: e.csrfToken,
253
253
  urlPrefix: this.prefix,
254
254
  allowedFactor2: this.sessionServer.allowedFactor2Details(),
@@ -280,24 +280,24 @@ class De {
280
280
  return await this.changeFactor2(
281
281
  e,
282
282
  o,
283
- (i, n, t) => i.header(...N).send({
283
+ (i, a, t) => i.header(...N).send({
284
284
  ok: !0,
285
- ...n.userData
285
+ ...a.userData
286
286
  })
287
287
  );
288
288
  } catch (i) {
289
- const n = l.asCrossauthError(i);
289
+ const a = l.asCrossauthError(i);
290
290
  return d.logger.error(c({
291
291
  msg: "Change factor2 failure",
292
292
  user: (s = e.user) == null ? void 0 : s.username,
293
- errorCodeName: n.codeName,
294
- errorCode: n.code
295
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.status(this.sessionServer.errorStatus(i)).header(...N).send({
293
+ errorCodeName: a.codeName,
294
+ errorCode: a.code
295
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => t.status(this.sessionServer.errorStatus(i)).header(...N).send({
296
296
  ok: !1,
297
- errorMessage: a.message,
298
- errorMessages: a.messages,
299
- errorCode: a.code,
300
- errorCodeName: g[a.code]
297
+ errorMessage: n.message,
298
+ errorMessages: n.messages,
299
+ errorCode: n.code,
300
+ errorCodeName: g[n.code]
301
301
  }), !0);
302
302
  }
303
303
  }
@@ -349,7 +349,7 @@ class De {
349
349
  return await this.changePassword(
350
350
  e,
351
351
  o,
352
- (i, n) => e.body.next ? i.redirect(e.body.next) : i.view(this.changePasswordPage, {
352
+ (i, a) => e.body.next ? i.redirect(e.body.next) : i.view(this.changePasswordPage, {
353
353
  csrfToken: e.csrfToken,
354
354
  message: "Your password has been changed.",
355
355
  urlPrefix: this.prefix,
@@ -358,17 +358,17 @@ class De {
358
358
  })
359
359
  );
360
360
  } catch (i) {
361
- const n = l.asCrossauthError(i);
361
+ const a = l.asCrossauthError(i);
362
362
  return d.logger.error(c({
363
363
  msg: "Change password failure",
364
364
  user: (s = e.user) == null ? void 0 : s.username,
365
- errorCodeName: n.codeName,
366
- errorCode: n.code
367
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.view(this.changePasswordPage, {
368
- errorMessage: a.message,
369
- errorMessages: a.messages,
370
- errorCode: a.code,
371
- errorCodeName: g[a.code],
365
+ errorCodeName: a.codeName,
366
+ errorCode: a.code
367
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => t.view(this.changePasswordPage, {
368
+ errorMessage: n.message,
369
+ errorMessages: n.messages,
370
+ errorCode: n.code,
371
+ errorCodeName: g[n.code],
372
372
  csrfToken: e.csrfToken,
373
373
  urlPrefix: this.prefix,
374
374
  next: e.body.next,
@@ -397,23 +397,23 @@ class De {
397
397
  return await this.changePassword(
398
398
  e,
399
399
  o,
400
- (i, n) => i.header(...N).send({
400
+ (i, a) => i.header(...N).send({
401
401
  ok: !0
402
402
  })
403
403
  );
404
404
  } catch (i) {
405
- const n = l.asCrossauthError(i);
405
+ const a = l.asCrossauthError(i);
406
406
  return d.logger.error(c({
407
407
  msg: "Change password failure",
408
408
  user: (s = e.user) == null ? void 0 : s.username,
409
- errorCodeName: n.codeName,
410
- errorCode: n.code
411
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.status(this.sessionServer.errorStatus(i)).header(...N).send({
409
+ errorCodeName: a.codeName,
410
+ errorCode: a.code
411
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => t.status(this.sessionServer.errorStatus(i)).header(...N).send({
412
412
  ok: !1,
413
- errorMessage: a.message,
414
- errorMessages: a.messages,
415
- errorCode: a.code,
416
- errorCodeName: g[a.code]
413
+ errorMessage: n.message,
414
+ errorMessages: n.messages,
415
+ errorCode: n.code,
416
+ errorCodeName: g[n.code]
417
417
  }), !0);
418
418
  }
419
419
  }
@@ -437,7 +437,7 @@ class De {
437
437
  return await this.reconfigureFactor2(
438
438
  e,
439
439
  o,
440
- (s, i, n) => s.view(this.configureFactor2Page, {
440
+ (s, i, a) => s.view(this.configureFactor2Page, {
441
441
  ...i,
442
442
  next: e.query.next ?? this.sessionServer.loginRedirect
443
443
  })
@@ -449,7 +449,7 @@ class De {
449
449
  user: (r = e.user) == null ? void 0 : r.username,
450
450
  errorCodeName: i.codeName,
451
451
  errorCode: i.code
452
- })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (n, t) => n.view(this.configureFactor2Page, {
452
+ })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (a, t) => a.view(this.configureFactor2Page, {
453
453
  errorMessage: t.message,
454
454
  errorMessages: t.messages,
455
455
  errorCode: t.code,
@@ -475,8 +475,8 @@ class De {
475
475
  e,
476
476
  o,
477
477
  (s, i) => {
478
- const n = i != null && i.factor2 ? this.sessionServer.authenticators[i.factor2] : void 0;
479
- return !this.sessionServer.isSessionUser(e) && this.enableEmailVerification && (n == null || n.skipEmailVerificationOnSignup() != !0) ? s.view(this.signupPage, {
478
+ const a = i != null && i.factor2 ? this.sessionServer.authenticators[i.factor2] : void 0;
479
+ return !this.sessionServer.isSessionUser(e) && this.enableEmailVerification && (a == null || a.skipEmailVerificationOnSignup() != !0) ? s.view(this.signupPage, {
480
480
  next: r,
481
481
  csrfToken: e.csrfToken,
482
482
  urlPrefix: this.prefix,
@@ -494,14 +494,14 @@ class De {
494
494
  d.logger.debug(c({ err: s }));
495
495
  try {
496
496
  if (!e.sessionId) {
497
- const a = l.asCrossauthError(s);
498
- return d.logger.error(c({ msg: "Signup second factor failure", errorCodeName: a.codeName, errorCode: a.code })), d.logger.error(c({ msg: "Session not defined during two factor process" })), o.status(500).view(this.sessionServer.errorPage, { status: 500, errorMessage: "An unknown error occurred", errorCode: g.UnknownError, errorCodeName: "UnknownError" });
497
+ const n = l.asCrossauthError(s);
498
+ return d.logger.error(c({ msg: "Signup second factor failure", errorCodeName: n.codeName, errorCode: n.code })), d.logger.error(c({ msg: "Session not defined during two factor process" })), o.status(500).view(this.sessionServer.errorPage, { status: 500, errorMessage: "An unknown error occurred", errorCode: g.UnknownError, errorCodeName: "UnknownError" });
499
499
  }
500
500
  let i = (await this.sessionServer.sessionManager.dataForSessionId(e.sessionId))["2fa"];
501
- const n = l.asCrossauthError(s);
502
- d.logger.error(c({ msg: "Signup two factor failure", user: i == null ? void 0 : i.username, errorCodeName: n.codeName, errorCode: n.code }));
501
+ const a = l.asCrossauthError(s);
502
+ d.logger.error(c({ msg: "Signup two factor failure", user: i == null ? void 0 : i.username, errorCodeName: a.codeName, errorCode: a.code }));
503
503
  const { userData: t } = await this.sessionServer.sessionManager.repeatTwoFactorSignup(e.sessionId);
504
- return this.sessionServer.handleError(s, e, o, (a, h) => a.view(this.configureFactor2Page, {
504
+ return this.sessionServer.handleError(s, e, o, (n, h) => n.view(this.configureFactor2Page, {
505
505
  errorMessage: h.message,
506
506
  errorMessages: h.messages,
507
507
  errorCode: h.code,
@@ -509,7 +509,7 @@ class De {
509
509
  urlPrefix: this.prefix,
510
510
  next: r,
511
511
  ...t,
512
- csrfToken: this.sessionServer.csrfToken(e, a)
512
+ csrfToken: this.sessionServer.csrfToken(e, n)
513
513
  }));
514
514
  } catch (i) {
515
515
  return d.logger.error(c({ err: i })), o.status(500).view(this.sessionServer.errorPage, {
@@ -542,24 +542,24 @@ class De {
542
542
  return await this.reconfigureFactor2(
543
543
  o,
544
544
  r,
545
- (i, n, t) => i.header(...N).send({
545
+ (i, a, t) => i.header(...N).send({
546
546
  ok: !0,
547
- ...n
547
+ ...a
548
548
  })
549
549
  );
550
550
  } catch (i) {
551
- const n = l.asCrossauthError(i);
551
+ const a = l.asCrossauthError(i);
552
552
  d.logger.error(c({
553
553
  msg: "Configure 2FA configuration failure",
554
554
  user: (s = o.user) == null ? void 0 : s.username,
555
- errorCodeName: n.codeName,
556
- errorCode: n.code
557
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, o, r, (t, a) => {
555
+ errorCodeName: a.codeName,
556
+ errorCode: a.code
557
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, o, r, (t, n) => {
558
558
  t.status(this.sessionServer.errorStatus(i)).header(...N).send({
559
559
  ok: !1,
560
- errorMessage: a.message,
561
- errorMessages: a.messages,
562
- errorCode: g[a.code]
560
+ errorMessage: n.message,
561
+ errorMessages: n.messages,
562
+ errorCode: g[n.code]
563
563
  });
564
564
  });
565
565
  }
@@ -579,27 +579,27 @@ class De {
579
579
  return await this.configureFactor2(
580
580
  o,
581
581
  r,
582
- (i, n) => {
582
+ (i, a) => {
583
583
  const t = {
584
584
  ok: !0,
585
- user: n
585
+ user: a
586
586
  };
587
587
  return this.sessionServer.isSessionUser(o) || (t.emailVerificationNeeded = this.enableEmailVerification), i.header(...N).send(t);
588
588
  }
589
589
  );
590
590
  } catch (i) {
591
- const n = l.asCrossauthError(i);
591
+ const a = l.asCrossauthError(i);
592
592
  d.logger.error(c({
593
593
  msg: "Configure 2FA configuration failure",
594
594
  user: (s = o.user) == null ? void 0 : s.username,
595
- errorCodeName: n.codeName,
596
- errorCode: n.code
597
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, o, r, (t, a) => {
595
+ errorCodeName: a.codeName,
596
+ errorCode: a.code
597
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, o, r, (t, n) => {
598
598
  t.status(this.sessionServer.errorStatus(i)).header(...N).send({
599
599
  ok: !1,
600
- errorMessage: a.message,
601
- errorMessages: a.messages,
602
- errorCode: g[a.code]
600
+ errorMessage: n.message,
601
+ errorMessages: n.messages,
602
+ errorCode: g[n.code]
603
603
  });
604
604
  });
605
605
  }
@@ -650,17 +650,17 @@ class De {
650
650
  return d.logger.error(c({
651
651
  msg: "Request password reset faiulure user failure",
652
652
  email: e.body.email
653
- })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (i, n) => n.code == g.EmailNotExist ? i.view(this.requestPasswordResetPage, {
653
+ })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (i, a) => a.code == g.EmailNotExist ? i.view(this.requestPasswordResetPage, {
654
654
  csrfToken: e.csrfToken,
655
655
  message: r,
656
656
  urlPrefix: this.prefix,
657
657
  required: e.body.required,
658
658
  next: e.body.next
659
659
  }) : e.body.next ? i.redirect(e.body.next) : i.view(this.requestPasswordResetPage, {
660
- errorMessage: n.message,
661
- errorMessages: n.messages,
662
- errorCode: n.code,
663
- errorCodeName: g[n.code],
660
+ errorMessage: a.message,
661
+ errorMessages: a.messages,
662
+ errorCode: a.code,
663
+ errorCodeName: g[a.code],
664
664
  email: e.body.email,
665
665
  csrfToken: e.csrfToken,
666
666
  urlPrefix: this.prefix
@@ -697,13 +697,13 @@ class De {
697
697
  email: e.body.email,
698
698
  errorCodeName: s.codeName,
699
699
  errorCode: s.code
700
- })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, n) => {
700
+ })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, a) => {
701
701
  i.status(this.sessionServer.errorStatus(r)).header(...N).send({
702
702
  ok: !1,
703
- errorMessage: n.message,
704
- errorMessages: n.messages,
705
- errorCode: n.code,
706
- errorCodeName: g[n.code]
703
+ errorMessage: a.message,
704
+ errorMessages: a.messages,
705
+ errorCode: a.code,
706
+ errorCodeName: g[a.code]
707
707
  });
708
708
  }, !0);
709
709
  }
@@ -764,11 +764,11 @@ class De {
764
764
  hashedToken: F.hash(e.body.token),
765
765
  errorCodeName: s.codeName,
766
766
  errorCode: s.code
767
- })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, n) => i.view(this.resetPasswordPage, {
768
- errorMessage: n.message,
769
- errorMessages: n.messages,
770
- errorCode: n.code,
771
- errorCodeName: g[n.code],
767
+ })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, a) => i.view(this.resetPasswordPage, {
768
+ errorMessage: a.message,
769
+ errorMessages: a.messages,
770
+ errorCode: a.code,
771
+ errorCodeName: g[a.code],
772
772
  csrfToken: e.csrfToken,
773
773
  urlPrefix: this.prefix,
774
774
  token: e.body.token
@@ -805,13 +805,13 @@ class De {
805
805
  hashedToken: F.hash(e.body.token),
806
806
  errorCodeName: s.codeName,
807
807
  errorCode: s.code
808
- })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, n) => {
808
+ })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, a) => {
809
809
  i.status(this.sessionServer.errorStatus(r)).header(...N).send({
810
810
  ok: !1,
811
- errorMessage: n.message,
812
- errorMessages: n.messages,
813
- errorCode: n.code,
814
- errorCodeName: g[n.code]
811
+ errorMessage: a.message,
812
+ errorMessages: a.messages,
813
+ errorCode: a.code,
814
+ errorCodeName: g[a.code]
815
815
  });
816
816
  }, !0);
817
817
  }
@@ -847,11 +847,11 @@ class De {
847
847
  hashedToken: F.hash(e.params.token),
848
848
  errorCodeName: s.codeName,
849
849
  errorCode: s.code
850
- })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, n) => i.view(this.sessionServer.errorPage, {
851
- errorCode: n.code,
852
- errorCodeName: g[n.code],
853
- errorMessage: n.message,
854
- errorMessages: n.messages,
850
+ })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, a) => i.view(this.sessionServer.errorPage, {
851
+ errorCode: a.code,
852
+ errorCodeName: g[a.code],
853
+ errorMessage: a.message,
854
+ errorMessages: a.messages,
855
855
  urlPrefix: this.prefix
856
856
  }));
857
857
  }
@@ -887,13 +887,13 @@ class De {
887
887
  hashedToken: F.hash(e.params.token),
888
888
  errorCodeName: s.codeName,
889
889
  errorCode: s.code
890
- })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, n) => {
890
+ })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, a) => {
891
891
  i.status(this.sessionServer.errorStatus(r)).header(...N).send({
892
892
  ok: !1,
893
- errorMessage: n.message,
894
- errorMessages: n.messages,
895
- errorCode: n.code,
896
- errorCodeName: g[n.code]
893
+ errorMessage: a.message,
894
+ errorMessages: a.messages,
895
+ errorCode: a.code,
896
+ errorCodeName: g[a.code]
897
897
  });
898
898
  });
899
899
  }
@@ -919,9 +919,9 @@ class De {
919
919
  try {
920
920
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call delete user unless a user storage is provided");
921
921
  r = (await this.sessionServer.userStorage.getUserById(e.user.id)).user;
922
- } catch (n) {
923
- const t = l.asCrossauthError(n);
924
- return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
922
+ } catch (a) {
923
+ const t = l.asCrossauthError(a);
924
+ return d.logger.debug(c({ err: a })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
925
925
  errorMessage: t.message,
926
926
  errorMessages: t.messages,
927
927
  errorCode: t.code,
@@ -955,9 +955,9 @@ class De {
955
955
  return await this.deleteUser(
956
956
  e,
957
957
  o,
958
- (n) => {
958
+ (a) => {
959
959
  var t;
960
- return n.view(this.deleteUserPage, {
960
+ return a.view(this.deleteUserPage, {
961
961
  message: "User deleted",
962
962
  csrfToken: e.csrfToken,
963
963
  urlPrefix: this.prefix,
@@ -967,17 +967,17 @@ class De {
967
967
  });
968
968
  }
969
969
  );
970
- } catch (n) {
971
- const t = l.asCrossauthError(n);
970
+ } catch (a) {
971
+ const t = l.asCrossauthError(a);
972
972
  return d.logger.error(c({
973
973
  msg: "Failed deleting user",
974
974
  user: (i = e.user) == null ? void 0 : i.username,
975
975
  errorCodeName: t.codeName,
976
976
  errorCode: t.code
977
- })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
977
+ })), d.logger.debug(c({ err: a })), this.sessionServer.handleError(a, e, o, (n, h) => {
978
978
  var v;
979
- const p = l.asCrossauthError(n).httpStatus;
980
- return a.status(p).view(this.deleteUserPage, {
979
+ const m = l.asCrossauthError(a).httpStatus;
980
+ return n.status(m).view(this.deleteUserPage, {
981
981
  errorMessage: h.message,
982
982
  errorMessages: h.messages,
983
983
  errorCode: h.code,
@@ -1014,26 +1014,26 @@ class De {
1014
1014
  e,
1015
1015
  o,
1016
1016
  (i) => {
1017
- var n;
1017
+ var a;
1018
1018
  return i.header(...N).send({
1019
1019
  ok: !0,
1020
- userid: (n = e.user) == null ? void 0 : n.id
1020
+ userid: (a = e.user) == null ? void 0 : a.id
1021
1021
  });
1022
1022
  }
1023
1023
  );
1024
1024
  } catch (i) {
1025
- const n = l.asCrossauthError(i);
1025
+ const a = l.asCrossauthError(i);
1026
1026
  d.logger.error(c({
1027
1027
  msg: "Delete user failure",
1028
1028
  user: (s = e.user) == null ? void 0 : s.username,
1029
- errorCodeName: n.codeName,
1030
- errorCode: n.code
1031
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1029
+ errorCodeName: a.codeName,
1030
+ errorCode: a.code
1031
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => {
1032
1032
  t.status(this.sessionServer.errorStatus(i)).header(...N).send({
1033
1033
  ok: !1,
1034
- errorMessage: a.message,
1035
- errorMessages: a.messages,
1036
- errorCode: g[a.code]
1034
+ errorMessage: n.message,
1035
+ errorMessages: n.messages,
1036
+ errorCode: g[n.code]
1037
1037
  });
1038
1038
  });
1039
1039
  }
@@ -1060,17 +1060,17 @@ class De {
1060
1060
  let i = this.sessionServer.validateUserFn(s);
1061
1061
  if (i.length > 0)
1062
1062
  throw new l(g.FormEntry, i);
1063
- let n = await this.sessionServer.sessionManager.updateUser(e.user, s);
1064
- return r(o, e.user, n.emailVerificationTokenSent);
1063
+ let a = await this.sessionServer.sessionManager.updateUser(e.user, s);
1064
+ return r(o, e.user, a.emailVerificationTokenSent);
1065
1065
  }
1066
1066
  async changeFactor2(e, o, r) {
1067
1067
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call changeFactor2 unless a user storage is provided");
1068
1068
  let s;
1069
1069
  if (!this.sessionServer.isSessionUser(e) || !e.user) {
1070
- const a = await this.sessionServer.getSessionData(e, "factor2change");
1071
- if (a != null && a.username)
1070
+ const n = await this.sessionServer.getSessionData(e, "factor2change");
1071
+ if (n != null && n.username)
1072
1072
  s = (await this.sessionServer.userStorage.getUserByUsername(
1073
- a == null ? void 0 : a.username,
1073
+ n == null ? void 0 : n.username,
1074
1074
  {
1075
1075
  skipActiveCheck: !0,
1076
1076
  skipEmailVerifiedCheck: !0
@@ -1093,11 +1093,11 @@ class De {
1093
1093
  "Illegal second factor " + e.body.factor2 + " requested"
1094
1094
  );
1095
1095
  (e.body.factor2 == "none" || e.body.factor2 == "") && (i = void 0);
1096
- const n = await this.sessionServer.sessionManager.initiateTwoFactorSetup(s, i, e.sessionId);
1096
+ const a = await this.sessionServer.sessionManager.initiateTwoFactorSetup(s, i, e.sessionId);
1097
1097
  let t = {
1098
1098
  factor2: i,
1099
- userData: n,
1100
- username: n.username,
1099
+ userData: a,
1100
+ username: a.username,
1101
1101
  next: e.body.next ?? this.sessionServer.loginRedirect,
1102
1102
  csrfToken: e.csrfToken
1103
1103
  };
@@ -1107,10 +1107,10 @@ class De {
1107
1107
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call changePassword unless a user storage is provided");
1108
1108
  let s, i = !1;
1109
1109
  if (!this.sessionServer.isSessionUser(e) || !e.user) {
1110
- const m = await this.sessionServer.getSessionData(e, "passwordchange");
1111
- if (m != null && m.username) {
1110
+ const p = await this.sessionServer.getSessionData(e, "passwordchange");
1111
+ if (p != null && p.username) {
1112
1112
  if (s = (await this.sessionServer.userStorage.getUserByUsername(
1113
- m == null ? void 0 : m.username,
1113
+ p == null ? void 0 : p.username,
1114
1114
  {
1115
1115
  skipActiveCheck: !0,
1116
1116
  skipEmailVerifiedCheck: !0
@@ -1125,20 +1125,20 @@ class De {
1125
1125
  s = e.user;
1126
1126
  } else
1127
1127
  throw new l(g.InsufficientPriviledges);
1128
- const n = this.sessionServer.authenticators[s.factor1], t = n.secretNames();
1129
- let a = {}, h = {}, f = {};
1130
- for (let m in e.body)
1131
- if (m.startsWith("new_")) {
1132
- const w = m.replace(/^new_/, "");
1133
- t.includes(w) && (h[w] = e.body[m]);
1134
- } else if (m.startsWith("old_")) {
1135
- const w = m.replace(/^old_/, "");
1136
- t.includes(w) && (a[w] = e.body[m]);
1137
- } else if (m.startsWith("repeat_")) {
1138
- const w = m.replace(/^repeat_/, "");
1139
- t.includes(w) && (f[w] = e.body[m]);
1140
- }
1141
- if (Object.keys(f).length === 0 && (f = void 0), n.validateSecrets(h).length > 0)
1128
+ const a = this.sessionServer.authenticators[s.factor1], t = a.secretNames();
1129
+ let n = {}, h = {}, f = {};
1130
+ for (let p in e.body)
1131
+ if (p.startsWith("new_")) {
1132
+ const w = p.replace(/^new_/, "");
1133
+ t.includes(w) && (h[w] = e.body[p]);
1134
+ } else if (p.startsWith("old_")) {
1135
+ const w = p.replace(/^old_/, "");
1136
+ t.includes(w) && (n[w] = e.body[p]);
1137
+ } else if (p.startsWith("repeat_")) {
1138
+ const w = p.replace(/^repeat_/, "");
1139
+ t.includes(w) && (f[w] = e.body[p]);
1140
+ }
1141
+ if (Object.keys(f).length === 0 && (f = void 0), a.validateSecrets(h).length > 0)
1142
1142
  throw new l(g.PasswordFormat);
1143
1143
  const v = s.state;
1144
1144
  try {
@@ -1147,11 +1147,11 @@ class De {
1147
1147
  1,
1148
1148
  h,
1149
1149
  f,
1150
- a
1150
+ n
1151
1151
  );
1152
- } catch (m) {
1153
- const w = l.asCrossauthError(m);
1154
- if (d.logger.debug(c({ err: m })), i)
1152
+ } catch (p) {
1153
+ const w = l.asCrossauthError(p);
1154
+ if (d.logger.debug(c({ err: p })), i)
1155
1155
  try {
1156
1156
  await this.sessionServer.userStorage.updateUser({ id: s.id, state: v });
1157
1157
  } catch (P) {
@@ -1177,7 +1177,7 @@ class De {
1177
1177
  !0,
1178
1178
  e,
1179
1179
  o,
1180
- (i, n) => r(i, n)
1180
+ (i, a) => r(i, a)
1181
1181
  ) : r(o, s);
1182
1182
  }
1183
1183
  async reconfigureFactor2(e, o, r) {
@@ -1225,20 +1225,20 @@ class De {
1225
1225
  async resetPassword(e, o, r) {
1226
1226
  if (!e.csrfToken)
1227
1227
  throw new l(g.InvalidCsrf);
1228
- const s = e.body.token, i = await this.sessionServer.sessionManager.userForPasswordResetToken(s), n = this.sessionServer.authenticators[i.factor1], t = n.secretNames();
1229
- let a = {}, h = {};
1228
+ const s = e.body.token, i = await this.sessionServer.sessionManager.userForPasswordResetToken(s), a = this.sessionServer.authenticators[i.factor1], t = a.secretNames();
1229
+ let n = {}, h = {};
1230
1230
  for (let v in e.body)
1231
1231
  if (v.startsWith("new_")) {
1232
- const m = v.replace(/^new_/, "");
1233
- t.includes(m) && (a[m] = e.body[v]);
1232
+ const p = v.replace(/^new_/, "");
1233
+ t.includes(p) && (n[p] = e.body[v]);
1234
1234
  } else if (v.startsWith("repeat_")) {
1235
- const m = v.replace(/^repeat_/, "");
1236
- t.includes(m) && (h[m] = e.body[v]);
1235
+ const p = v.replace(/^repeat_/, "");
1236
+ t.includes(p) && (h[p] = e.body[v]);
1237
1237
  }
1238
- if (Object.keys(h).length === 0 && (h = void 0), n.validateSecrets(a).length > 0)
1238
+ if (Object.keys(h).length === 0 && (h = void 0), a.validateSecrets(n).length > 0)
1239
1239
  throw new l(g.PasswordFormat);
1240
- const p = await this.sessionServer.sessionManager.resetSecret(s, 1, a, h);
1241
- return p.state != O.factor2ResetNeeded ? this.sessionServer.loginWithUser(p, !0, e, o, r) : r(o);
1240
+ const m = await this.sessionServer.sessionManager.resetSecret(s, 1, n, h);
1241
+ return m.state != O.factor2ResetNeeded ? this.sessionServer.loginWithUser(m, !0, e, o, r) : r(o);
1242
1242
  }
1243
1243
  async verifyEmail(e, o, r) {
1244
1244
  if (!this.enableEmailVerification) throw new l(
@@ -1270,9 +1270,9 @@ async function ze(k, e) {
1270
1270
  const { user: i } = await e.getUserByEmail(k);
1271
1271
  o.push(i);
1272
1272
  } catch (i) {
1273
- const n = l.asCrossauthError(i);
1274
- if (n.code != g.UserNotExist)
1275
- throw d.logger.debug(c({ err: n })), s;
1273
+ const a = l.asCrossauthError(i);
1274
+ if (a.code != g.UserNotExist)
1275
+ throw d.logger.debug(c({ err: a })), s;
1276
1276
  }
1277
1277
  }
1278
1278
  return o;
@@ -1331,22 +1331,22 @@ class He {
1331
1331
  return d.logger.debug(c({ msg: "Next page " + r })), await this.createUser(
1332
1332
  e,
1333
1333
  o,
1334
- (i, n, t) => i.redirect(302, r)
1334
+ (i, a, t) => i.redirect(302, r)
1335
1335
  );
1336
1336
  } catch (i) {
1337
- const n = l.asCrossauthError(i);
1337
+ const a = l.asCrossauthError(i);
1338
1338
  return d.logger.error(c({
1339
1339
  msg: "Signup failure",
1340
1340
  user: e.body.username,
1341
- errorCodeName: n.codeName,
1342
- errorCode: n.code
1343
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1341
+ errorCodeName: a.codeName,
1342
+ errorCode: a.code
1343
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => {
1344
1344
  const f = l.asCrossauthError(i).httpStatus;
1345
1345
  return t.status(f).view(this.adminCreateUserPage, {
1346
- errorMessage: a.message,
1347
- errorMessages: a.messages,
1348
- errorCode: a.code,
1349
- errorCodeName: g[a.code],
1346
+ errorMessage: n.message,
1347
+ errorMessages: n.messages,
1348
+ errorCode: n.code,
1349
+ errorCodeName: g[n.code],
1350
1350
  next: r,
1351
1351
  persist: e.body.persist,
1352
1352
  csrfToken: e.csrfToken,
@@ -1379,25 +1379,25 @@ class He {
1379
1379
  return await this.createUser(
1380
1380
  e,
1381
1381
  o,
1382
- (i, n, t) => i.header(...R).send({
1382
+ (i, a, t) => i.header(...R).send({
1383
1383
  ok: !0,
1384
1384
  user: t,
1385
- ...n.userData
1385
+ ...a.userData
1386
1386
  })
1387
1387
  );
1388
1388
  } catch (i) {
1389
- const n = l.asCrossauthError(i);
1389
+ const a = l.asCrossauthError(i);
1390
1390
  d.logger.error(c({
1391
1391
  msg: "Create user failure",
1392
1392
  user: (s = e.user) == null ? void 0 : s.username,
1393
- errorCodeName: n.codeName,
1394
- errorCode: n.code
1395
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1393
+ errorCodeName: a.codeName,
1394
+ errorCode: a.code
1395
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => {
1396
1396
  t.status(this.sessionServer.errorStatus(i)).header(...R).send({
1397
1397
  ok: !1,
1398
- errorMessage: a.message,
1399
- errorMessages: a.messages,
1400
- errorCode: g[a.code]
1398
+ errorMessage: n.message,
1399
+ errorMessages: n.messages,
1400
+ errorCode: g[n.code]
1401
1401
  });
1402
1402
  });
1403
1403
  }
@@ -1428,7 +1428,7 @@ class He {
1428
1428
  s,
1429
1429
  i
1430
1430
  );
1431
- let n = {
1431
+ let a = {
1432
1432
  urlPrefix: this.adminPrefix,
1433
1433
  skip: s,
1434
1434
  take: i,
@@ -1436,7 +1436,7 @@ class He {
1436
1436
  havePrevious: s > 0,
1437
1437
  haveNext: i != null && r.length == i
1438
1438
  };
1439
- return e.query.next && (n.next = e.query.next), o.view(this.adminSelectUserPage, n);
1439
+ return e.query.next && (a.next = e.query.next), o.view(this.adminSelectUserPage, a);
1440
1440
  } catch (r) {
1441
1441
  const s = l.asCrossauthError(r);
1442
1442
  return d.logger.error(c({ err: r })), y.sendPageError(
@@ -1509,9 +1509,9 @@ class He {
1509
1509
  r,
1510
1510
  e,
1511
1511
  o,
1512
- (n, t, a, h) => {
1512
+ (a, t, n, h) => {
1513
1513
  let f = "User's details have been updated.";
1514
- return a ? f = "User's details have been updated and sent and an email verification link." : h && (f = "User's details have been updated and sent and a password reset token sent."), n.view(this.adminUpdateUserPage, {
1514
+ return n ? f = "User's details have been updated and sent and an email verification link." : h && (f = "User's details have been updated and sent and a password reset token sent."), a.view(this.adminUpdateUserPage, {
1515
1515
  csrfToken: e.csrfToken,
1516
1516
  message: f,
1517
1517
  urlPrefix: this.adminPrefix,
@@ -1520,23 +1520,23 @@ class He {
1520
1520
  }
1521
1521
  );
1522
1522
  } catch (i) {
1523
- const n = l.asCrossauthError(i);
1524
- return d.logger.error(c({ msg: "Update user failure", user: e.body.username, errorCodeName: n.codeName, errorCode: n.code })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => r ? t.view(this.adminUpdateUserPage, {
1523
+ const a = l.asCrossauthError(i);
1524
+ return d.logger.error(c({ msg: "Update user failure", user: e.body.username, errorCodeName: a.codeName, errorCode: a.code })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => r ? t.view(this.adminUpdateUserPage, {
1525
1525
  user: r,
1526
- errorMessage: a.message,
1527
- errorMessages: a.messages,
1528
- errorCode: a.code,
1529
- errorCodeName: g[a.code],
1526
+ errorMessage: n.message,
1527
+ errorMessages: n.messages,
1528
+ errorCode: n.code,
1529
+ errorCodeName: g[n.code],
1530
1530
  csrfToken: e.csrfToken,
1531
1531
  urlPrefix: this.adminPrefix,
1532
1532
  allowedFactor2: this.sessionServer.allowedFactor2Details(),
1533
1533
  ...e.body
1534
1534
  }) : y.sendPageError(
1535
1535
  t,
1536
- n.httpStatus,
1536
+ a.httpStatus,
1537
1537
  this.sessionServer.errorPage,
1538
- n.message,
1539
- n
1538
+ a.message,
1539
+ a
1540
1540
  ));
1541
1541
  }
1542
1542
  }
@@ -1561,9 +1561,9 @@ class He {
1561
1561
  try {
1562
1562
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call deleteuser unless a user storage is provided");
1563
1563
  r = (await this.sessionServer.userStorage.getUserById(e.params.id)).user;
1564
- } catch (n) {
1565
- const t = l.asCrossauthError(n);
1566
- return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
1564
+ } catch (a) {
1565
+ const t = l.asCrossauthError(a);
1566
+ return d.logger.debug(c({ err: a })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
1567
1567
  errorMessage: t.message,
1568
1568
  errorMessages: t.messages,
1569
1569
  errorCode: t.code,
@@ -1596,7 +1596,7 @@ class He {
1596
1596
  return await this.deleteUser(
1597
1597
  e,
1598
1598
  o,
1599
- (n) => n.view(this.deleteUserPage, {
1599
+ (a) => a.view(this.deleteUserPage, {
1600
1600
  message: "User deleted",
1601
1601
  csrfToken: e.csrfToken,
1602
1602
  urlPrefix: this.adminPrefix,
@@ -1605,16 +1605,16 @@ class He {
1605
1605
  next: r
1606
1606
  })
1607
1607
  );
1608
- } catch (n) {
1609
- const t = l.asCrossauthError(n);
1608
+ } catch (a) {
1609
+ const t = l.asCrossauthError(a);
1610
1610
  return d.logger.error(c({
1611
1611
  msg: "Failed deleting user",
1612
1612
  user: (i = e.user) == null ? void 0 : i.username,
1613
1613
  errorCodeName: t.codeName,
1614
1614
  errorCode: t.code
1615
- })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
1616
- const p = l.asCrossauthError(n).httpStatus;
1617
- return a.status(p).view(this.deleteUserPage, {
1615
+ })), d.logger.debug(c({ err: a })), this.sessionServer.handleError(a, e, o, (n, h) => {
1616
+ const m = l.asCrossauthError(a).httpStatus;
1617
+ return n.status(m).view(this.deleteUserPage, {
1618
1618
  errorMessage: h.message,
1619
1619
  errorMessages: h.messages,
1620
1620
  errorCode: h.code,
@@ -1649,25 +1649,25 @@ class He {
1649
1649
  let r;
1650
1650
  try {
1651
1651
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call updateuser unless a user storage is provided");
1652
- const { user: n } = await this.sessionServer.userStorage.getUserById(e.params.id);
1653
- return r = n, await this.updateUser(
1652
+ const { user: a } = await this.sessionServer.userStorage.getUserById(e.params.id);
1653
+ return r = a, await this.updateUser(
1654
1654
  r,
1655
1655
  e,
1656
1656
  o,
1657
- (t, a, h) => t.header(...R).send({
1657
+ (t, n, h) => t.header(...R).send({
1658
1658
  ok: !0,
1659
1659
  emailVerificationRequired: h
1660
1660
  })
1661
1661
  );
1662
- } catch (n) {
1663
- const t = l.asCrossauthError(n);
1662
+ } catch (a) {
1663
+ const t = l.asCrossauthError(a);
1664
1664
  return d.logger.error(c({
1665
1665
  msg: "Update user failure",
1666
1666
  user: (i = e.user) == null ? void 0 : i.username,
1667
1667
  errorCodeName: t.codeName,
1668
1668
  errorCode: t.code
1669
- })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
1670
- a.status(this.sessionServer.errorStatus(n)).header(...R).send({
1669
+ })), d.logger.debug(c({ err: a })), this.sessionServer.handleError(a, e, o, (n, h) => {
1670
+ n.status(this.sessionServer.errorStatus(a)).header(...R).send({
1671
1671
  ok: !1,
1672
1672
  errorMessage: h.message,
1673
1673
  errorMessages: h.messages,
@@ -1734,7 +1734,7 @@ class He {
1734
1734
  r,
1735
1735
  e,
1736
1736
  o,
1737
- (n, t) => e.body.next ? n.redirect(e.body.next) : n.view(this.adminChangePasswordPage, {
1737
+ (a, t) => e.body.next ? a.redirect(e.body.next) : a.view(this.adminChangePasswordPage, {
1738
1738
  csrfToken: e.csrfToken,
1739
1739
  message: "User's password has been changed.",
1740
1740
  urlPrefix: this.adminPrefix,
@@ -1744,17 +1744,17 @@ class He {
1744
1744
  })
1745
1745
  );
1746
1746
  } catch (i) {
1747
- const n = l.asCrossauthError(i);
1747
+ const a = l.asCrossauthError(i);
1748
1748
  return d.logger.error(c({
1749
1749
  msg: "Change password failure",
1750
1750
  userid: e.params.id,
1751
- errorCodeName: n.codeName,
1752
- errorCode: n.code
1753
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.view(this.adminChangePasswordPage, {
1754
- errorMessage: a.message,
1755
- errorMessages: a.messages,
1756
- errorCode: a.code,
1757
- errorCodeName: g[a.code],
1751
+ errorCodeName: a.codeName,
1752
+ errorCode: a.code
1753
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => t.view(this.adminChangePasswordPage, {
1754
+ errorMessage: n.message,
1755
+ errorMessages: n.messages,
1756
+ errorCode: n.code,
1757
+ errorCodeName: g[n.code],
1758
1758
  csrfToken: e.csrfToken,
1759
1759
  urlPrefix: this.adminPrefix
1760
1760
  }));
@@ -1781,24 +1781,24 @@ class He {
1781
1781
  let r;
1782
1782
  try {
1783
1783
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call changepassword unless a user storage is provided");
1784
- const { user: n } = await this.sessionServer.userStorage.getUserById(e.params.id);
1785
- return r = n, await this.changePassword(
1784
+ const { user: a } = await this.sessionServer.userStorage.getUserById(e.params.id);
1785
+ return r = a, await this.changePassword(
1786
1786
  r,
1787
1787
  e,
1788
1788
  o,
1789
- (t, a) => t.header(...R).send({
1789
+ (t, n) => t.header(...R).send({
1790
1790
  ok: !0
1791
1791
  })
1792
1792
  );
1793
- } catch (n) {
1794
- const t = l.asCrossauthError(n);
1793
+ } catch (a) {
1794
+ const t = l.asCrossauthError(a);
1795
1795
  return d.logger.error(c({
1796
1796
  msg: "Update user failure",
1797
1797
  user: (i = e.user) == null ? void 0 : i.username,
1798
1798
  errorCodeName: t.codeName,
1799
1799
  errorCode: t.code
1800
- })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
1801
- a.status(this.sessionServer.errorStatus(n)).header(...R).send({
1800
+ })), d.logger.debug(c({ err: a })), this.sessionServer.handleError(a, e, o, (n, h) => {
1801
+ n.status(this.sessionServer.errorStatus(a)).header(...R).send({
1802
1802
  ok: !1,
1803
1803
  errorMessage: h.message,
1804
1804
  errorMessages: h.messages,
@@ -1835,18 +1835,18 @@ class He {
1835
1835
  })
1836
1836
  );
1837
1837
  } catch (i) {
1838
- const n = l.asCrossauthError(i);
1838
+ const a = l.asCrossauthError(i);
1839
1839
  d.logger.error(c({
1840
1840
  msg: "Delete user failure",
1841
1841
  user: (s = e.user) == null ? void 0 : s.username,
1842
- errorCodeName: n.codeName,
1843
- errorCode: n.code
1844
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1842
+ errorCodeName: a.codeName,
1843
+ errorCode: a.code
1844
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => {
1845
1845
  t.status(this.sessionServer.errorStatus(i)).header(...R).send({
1846
1846
  ok: !1,
1847
- errorMessage: a.message,
1848
- errorMessages: a.messages,
1849
- errorCode: g[a.code]
1847
+ errorMessage: n.message,
1848
+ errorMessages: n.messages,
1849
+ errorCode: g[n.code]
1850
1850
  });
1851
1851
  });
1852
1852
  }
@@ -1875,20 +1875,20 @@ class He {
1875
1875
  }
1876
1876
  );
1877
1877
  const i = this.sessionServer.authenticators[s.factor1].secretNames();
1878
- let n = !0;
1878
+ let a = !0;
1879
1879
  for (let v of i)
1880
- !e.body[v] && !e.body["repeat_" + v] && (n = !1);
1881
- let t = [], a = {};
1882
- if (n) {
1880
+ !e.body[v] && !e.body["repeat_" + v] && (a = !1);
1881
+ let t = [], n = {};
1882
+ if (a) {
1883
1883
  t = this.sessionServer.authenticators[s.factor1].validateSecrets(e.body);
1884
1884
  for (let v in e.body)
1885
1885
  if (v.startsWith("repeat_")) {
1886
- const m = v.replace(/^repeat_/, "");
1887
- i.includes(m) && (a[m] = e.body[v]);
1886
+ const p = v.replace(/^repeat_/, "");
1887
+ i.includes(p) && (n[p] = e.body[v]);
1888
1888
  }
1889
- Object.keys(a).length === 0 && (a = void 0);
1889
+ Object.keys(n).length === 0 && (n = void 0);
1890
1890
  }
1891
- n ? s.factor2 && s.factor2 != "none" && (s.state = O.factor2ResetNeeded, d.logger.warn(c({
1891
+ a ? s.factor2 && s.factor2 != "none" && (s.state = O.factor2ResetNeeded, d.logger.warn(c({
1892
1892
  msg: `Setting state for user to ${O.factor2ResetNeeded}`,
1893
1893
  username: s.username
1894
1894
  }))) : s.factor2 && s.factor2 != "none" ? (s.state = O.passwordAndFactor2ResetNeeded, d.logger.warn(c({
@@ -1901,23 +1901,23 @@ class He {
1901
1901
  let f = [...this.sessionServer.validateUserFn(s), ...t];
1902
1902
  if (f.length > 0)
1903
1903
  throw new l(g.FormEntry, f);
1904
- const p = await this.sessionServer.sessionManager.createUser(
1904
+ const m = await this.sessionServer.sessionManager.createUser(
1905
1905
  s,
1906
1906
  e.body,
1907
- a,
1907
+ n,
1908
1908
  !0,
1909
- !n
1909
+ !a
1910
1910
  );
1911
- if (!n) {
1911
+ if (!a) {
1912
1912
  let v = e.body.username;
1913
1913
  if ("user_email" in e.body) {
1914
- const m = e.body.user_email;
1915
- typeof m == "string" && (v = m);
1914
+ const p = e.body.user_email;
1915
+ typeof p == "string" && (v = p);
1916
1916
  }
1917
1917
  if (xe.validateEmail(v), !v) throw new l(g.FormEntry, "No password given but no email address found either");
1918
1918
  await this.sessionServer.sessionManager.requestPasswordReset(v);
1919
1919
  }
1920
- return r(o, {}, p);
1920
+ return r(o, {}, m);
1921
1921
  }
1922
1922
  async accessDeniedPage(e, o) {
1923
1923
  const r = new l(g.InsufficientPriviledges);
@@ -1933,7 +1933,7 @@ class He {
1933
1933
  if (!o.user || !y.isAdmin(o.user))
1934
1934
  throw new l(g.Unauthorized);
1935
1935
  if (this.sessionServer.isSessionUser(o) && !o.csrfToken) throw new l(g.InvalidCsrf);
1936
- const i = e.factor2, n = e.state;
1936
+ const i = e.factor2, a = e.state;
1937
1937
  e.state = o.body.state, e = this.sessionServer.updateUserFn(
1938
1938
  e,
1939
1939
  o,
@@ -1943,15 +1943,15 @@ class He {
1943
1943
  }
1944
1944
  );
1945
1945
  const t = e.factor2 && e.factor2 != "none" && e.factor2 != i;
1946
- if (t && !(e.state == n || e.state == "factor2ResetNeeded"))
1946
+ if (t && !(e.state == a || e.state == "factor2ResetNeeded"))
1947
1947
  throw new l(g.BadRequest, "Cannot change both factor2 and state at the same time");
1948
1948
  t && (e.state = O.factor2ResetNeeded, d.logger.warn(c({
1949
1949
  msg: `Setting state for user to ${O.factor2ResetNeeded}`,
1950
1950
  username: e.username
1951
1951
  })));
1952
- let a = this.sessionServer.validateUserFn(e);
1953
- if (a.length > 0)
1954
- throw new l(g.FormEntry, a);
1952
+ let n = this.sessionServer.validateUserFn(e);
1953
+ if (n.length > 0)
1954
+ throw new l(g.FormEntry, n);
1955
1955
  let h = (
1956
1956
  // this surely isn't right
1957
1957
  //await this.sessionServer.sessionManager.updateUser(request.user, user,);
@@ -1964,23 +1964,23 @@ class He {
1964
1964
  if (!o.user || !y.isAdmin(o.user))
1965
1965
  throw new l(g.Unauthorized);
1966
1966
  if (this.sessionServer.isSessionUser(o) && !o.csrfToken) throw new l(g.InvalidCsrf);
1967
- const i = this.sessionServer.authenticators[e.factor1], n = i.secretNames();
1968
- let t = {}, a = {};
1967
+ const i = this.sessionServer.authenticators[e.factor1], a = i.secretNames();
1968
+ let t = {}, n = {};
1969
1969
  for (let f in o.body)
1970
1970
  if (f.startsWith("new_")) {
1971
- const p = f.replace(/^new_/, "");
1972
- n.includes(p) && (t[p] = o.body[f]);
1971
+ const m = f.replace(/^new_/, "");
1972
+ a.includes(m) && (t[m] = o.body[f]);
1973
1973
  } else if (f.startsWith("repeat_")) {
1974
- const p = f.replace(/^repeat_/, "");
1975
- n.includes(p) && (a[p] = o.body[f]);
1974
+ const m = f.replace(/^repeat_/, "");
1975
+ a.includes(m) && (n[m] = o.body[f]);
1976
1976
  }
1977
- if (Object.keys(a).length === 0 && (a = void 0), i.validateSecrets(t).length > 0)
1977
+ if (Object.keys(n).length === 0 && (n = void 0), i.validateSecrets(t).length > 0)
1978
1978
  throw new l(g.PasswordFormat);
1979
1979
  return e.state = "active", await this.sessionServer.userStorage.updateUser({ id: e.id, state: e.state }), await this.sessionServer.sessionManager.changeSecrets(
1980
1980
  e.username,
1981
1981
  1,
1982
1982
  t,
1983
- a
1983
+ n
1984
1984
  ), s(r, void 0);
1985
1985
  }
1986
1986
  async deleteUser(e, o, r) {
@@ -2003,8 +2003,8 @@ async function ve(k, e, o) {
2003
2003
  throw d.logger.debug(c({ err: i })), i;
2004
2004
  try {
2005
2005
  r = await e.getClientByName(k, o);
2006
- } catch (n) {
2007
- const t = l.asCrossauthError(n);
2006
+ } catch (a) {
2007
+ const t = l.asCrossauthError(a);
2008
2008
  if (t.code != g.UserNotExist)
2009
2009
  throw d.logger.debug(c({ err: t })), i;
2010
2010
  }
@@ -2049,12 +2049,12 @@ class Le {
2049
2049
  return this.accessDeniedPage(e, o);
2050
2050
  const r = e.query.next ?? encodeURIComponent(e.url);
2051
2051
  try {
2052
- let s = [], i = Number(e.query.skip), n = Number(e.query.take);
2053
- i || (i = 0), n || (n = 10);
2054
- let t = null, a;
2052
+ let s = [], i = Number(e.query.skip), a = Number(e.query.take);
2053
+ i || (i = 0), a || (a = 10);
2054
+ let t = null, n;
2055
2055
  if (e.query.userid) {
2056
2056
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call selectclient with user unless a user storage is provided");
2057
- a = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user, t = a.id;
2057
+ n = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user, t = n.id;
2058
2058
  }
2059
2059
  e.query.search ? s = await this.clientSearchFn(
2060
2060
  e.query.search,
@@ -2062,17 +2062,17 @@ class Le {
2062
2062
  t
2063
2063
  ) : s = await this.clientStorage.getClients(
2064
2064
  i,
2065
- n,
2065
+ a,
2066
2066
  t
2067
2067
  );
2068
2068
  let h = {
2069
2069
  urlPrefix: this.adminPrefix,
2070
- user: a,
2070
+ user: n,
2071
2071
  skip: i,
2072
- take: n,
2072
+ take: a,
2073
2073
  clients: s,
2074
2074
  havePrevious: i > 0,
2075
- haveNext: n != null && s.length == n,
2075
+ haveNext: a != null && s.length == a,
2076
2076
  isAdmin: !0,
2077
2077
  next: r
2078
2078
  };
@@ -2112,9 +2112,9 @@ class Le {
2112
2112
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call createclient unless a user storage is provided");
2113
2113
  s = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user;
2114
2114
  }
2115
- } catch (n) {
2116
- const t = l.asCrossauthError(n);
2117
- return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
2115
+ } catch (a) {
2116
+ const t = l.asCrossauthError(a);
2117
+ return d.logger.debug(c({ err: a })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
2118
2118
  errorMessage: t.message,
2119
2119
  errorMessages: t.messages,
2120
2120
  errorCode: t.code,
@@ -2135,7 +2135,7 @@ class Le {
2135
2135
  ), this.sessionServer.app.post(
2136
2136
  this.adminPrefix + "createclient",
2137
2137
  async (e, o) => {
2138
- var i, n;
2138
+ var i, a;
2139
2139
  d.logger.info(c({
2140
2140
  msg: "Page visit",
2141
2141
  method: "POST",
@@ -2154,9 +2154,9 @@ class Le {
2154
2154
  return await this.createClient(
2155
2155
  e,
2156
2156
  o,
2157
- (t, a) => t.view(this.createClientPage, {
2157
+ (t, n) => t.view(this.createClientPage, {
2158
2158
  message: "Created client",
2159
- client: a,
2159
+ client: n,
2160
2160
  csrfToken: e.csrfToken,
2161
2161
  urlPrefix: this.adminPrefix,
2162
2162
  validFlows: this.validFlows,
@@ -2169,12 +2169,12 @@ class Le {
2169
2169
  s
2170
2170
  );
2171
2171
  } catch (t) {
2172
- const a = l.asCrossauthError(t);
2172
+ const n = l.asCrossauthError(t);
2173
2173
  return d.logger.error(c({
2174
2174
  msg: "Failed creating OAuth client",
2175
- user: (n = e.user) == null ? void 0 : n.username,
2176
- errorCodeName: a.codeName,
2177
- errorCode: a.code
2175
+ user: (a = e.user) == null ? void 0 : a.username,
2176
+ errorCodeName: n.codeName,
2177
+ errorCode: n.code
2178
2178
  })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (h, f) => {
2179
2179
  const v = l.asCrossauthError(t).httpStatus;
2180
2180
  return h.status(v).view(this.createClientPage, {
@@ -2212,9 +2212,9 @@ class Le {
2212
2212
  let r;
2213
2213
  try {
2214
2214
  r = await this.clientStorage.getClientById(e.params.client_id);
2215
- } catch (a) {
2216
- const h = l.asCrossauthError(a);
2217
- return d.logger.debug(c({ err: a })), o.status(h.httpStatus).view(this.sessionServer.errorPage, {
2215
+ } catch (n) {
2216
+ const h = l.asCrossauthError(n);
2217
+ return d.logger.debug(c({ err: n })), o.status(h.httpStatus).view(this.sessionServer.errorPage, {
2218
2218
  errorMessage: h.message,
2219
2219
  errorMessages: h.messages,
2220
2220
  errorCode: h.code,
@@ -2229,24 +2229,24 @@ class Le {
2229
2229
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call updateclient with user unless a user storage is provided");
2230
2230
  i = (await this.sessionServer.userStorage.getUserById(r.userid)).user;
2231
2231
  }
2232
- } catch (a) {
2233
- const h = l.asCrossauthError(a);
2234
- return d.logger.debug(c({ err: a })), o.status(h.httpStatus).view(this.sessionServer.errorPage, {
2232
+ } catch (n) {
2233
+ const h = l.asCrossauthError(n);
2234
+ return d.logger.debug(c({ err: n })), o.status(h.httpStatus).view(this.sessionServer.errorPage, {
2235
2235
  errorMessage: h.message,
2236
2236
  errorMessages: h.messages,
2237
2237
  errorCode: h.code,
2238
2238
  errorCodeName: g[h.code]
2239
2239
  });
2240
2240
  }
2241
- let n = {};
2242
- for (let a of this.validFlows)
2243
- r.valid_flow.includes(a) && (n[a] = !0);
2241
+ let a = {};
2242
+ for (let n of this.validFlows)
2243
+ r.valid_flow.includes(n) && (a[n] = !0);
2244
2244
  let t = {
2245
2245
  urlPrefix: this.adminPrefix,
2246
2246
  csrfToken: e.csrfToken,
2247
2247
  validFlows: this.validFlows,
2248
2248
  flowNames: E.flowNames(this.validFlows),
2249
- selectedFlows: n,
2249
+ selectedFlows: a,
2250
2250
  user: i,
2251
2251
  client_id: r.client_id,
2252
2252
  client_name: r.client_name,
@@ -2260,7 +2260,7 @@ class Le {
2260
2260
  ), this.sessionServer.app.post(
2261
2261
  this.adminPrefix + "updateclient/:client_id",
2262
2262
  async (e, o) => {
2263
- var i, n;
2263
+ var i, a;
2264
2264
  d.logger.info(c({
2265
2265
  msg: "Page visit",
2266
2266
  method: "POST",
@@ -2279,9 +2279,9 @@ class Le {
2279
2279
  return await this.updateClient(
2280
2280
  e,
2281
2281
  o,
2282
- (t, a, h) => t.view(this.updateClientPage, {
2282
+ (t, n, h) => t.view(this.updateClientPage, {
2283
2283
  message: "Updated client",
2284
- client: a,
2284
+ client: n,
2285
2285
  csrfToken: e.csrfToken,
2286
2286
  urlPrefix: this.adminPrefix,
2287
2287
  validFlows: this.validFlows,
@@ -2294,17 +2294,17 @@ class Le {
2294
2294
  })
2295
2295
  );
2296
2296
  } catch (t) {
2297
- const a = l.asCrossauthError(t);
2297
+ const n = l.asCrossauthError(t);
2298
2298
  return d.logger.error(c({
2299
2299
  msg: "Failed updating OAuth client",
2300
- user: (n = e.user) == null ? void 0 : n.username,
2301
- errorCodeName: a.codeName,
2302
- errorCode: a.code
2300
+ user: (a = e.user) == null ? void 0 : a.username,
2301
+ errorCodeName: n.codeName,
2302
+ errorCode: n.code
2303
2303
  })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (h, f) => {
2304
2304
  const v = l.asCrossauthError(t).httpStatus;
2305
- let m = {};
2305
+ let p = {};
2306
2306
  for (let w of this.validFlows)
2307
- w in e.body && (m[w] = !0);
2307
+ w in e.body && (p[w] = !0);
2308
2308
  return h.status(v).view(this.updateClientPage, {
2309
2309
  errorMessage: f.message,
2310
2310
  errorMessages: f.messages,
@@ -2315,7 +2315,7 @@ class Le {
2315
2315
  isAdmin: !0,
2316
2316
  next: r,
2317
2317
  validFlows: this.validFlows,
2318
- selectedFlows: m,
2318
+ selectedFlows: p,
2319
2319
  flowNames: E.flowNames(this.validFlows),
2320
2320
  ...e.body
2321
2321
  });
@@ -2342,9 +2342,9 @@ class Le {
2342
2342
  return this.accessDeniedPage(e, o);
2343
2343
  try {
2344
2344
  r = await this.clientStorage.getClientById(e.params.client_id);
2345
- } catch (n) {
2346
- const t = l.asCrossauthError(n);
2347
- return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
2345
+ } catch (a) {
2346
+ const t = l.asCrossauthError(a);
2347
+ return d.logger.debug(c({ err: a })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
2348
2348
  errorMessage: t.message,
2349
2349
  errorMessages: t.messages,
2350
2350
  errorCode: t.code,
@@ -2376,7 +2376,7 @@ class Le {
2376
2376
  return await this.deleteClient(
2377
2377
  e,
2378
2378
  o,
2379
- (n) => n.view(this.deleteClientPage, {
2379
+ (a) => a.view(this.deleteClientPage, {
2380
2380
  message: "Client deleted",
2381
2381
  csrfToken: e.csrfToken,
2382
2382
  urlPrefix: this.adminPrefix,
@@ -2385,16 +2385,16 @@ class Le {
2385
2385
  next: r
2386
2386
  })
2387
2387
  );
2388
- } catch (n) {
2389
- const t = l.asCrossauthError(n);
2388
+ } catch (a) {
2389
+ const t = l.asCrossauthError(a);
2390
2390
  return d.logger.error(c({
2391
2391
  msg: "Failed deleting OAuth client",
2392
2392
  user: (i = e.user) == null ? void 0 : i.username,
2393
2393
  errorCodeName: t.codeName,
2394
2394
  errorCode: t.code
2395
- })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
2396
- const p = l.asCrossauthError(n).httpStatus;
2397
- return a.status(p).view(this.deleteClientPage, {
2395
+ })), d.logger.debug(c({ err: a })), this.sessionServer.handleError(a, e, o, (n, h) => {
2396
+ const m = l.asCrossauthError(a).httpStatus;
2397
+ return n.status(m).view(this.deleteClientPage, {
2398
2398
  errorMessage: h.message,
2399
2399
  errorMessages: h.messages,
2400
2400
  errorCode: h.code,
@@ -2434,21 +2434,21 @@ class Le {
2434
2434
  return await this.createClient(
2435
2435
  e,
2436
2436
  o,
2437
- (n, t) => n.header(...B).send({
2437
+ (a, t) => a.header(...B).send({
2438
2438
  ok: !0,
2439
2439
  client: t
2440
2440
  }),
2441
2441
  r
2442
2442
  );
2443
- } catch (n) {
2444
- const t = l.asCrossauthError(n);
2443
+ } catch (a) {
2444
+ const t = l.asCrossauthError(a);
2445
2445
  d.logger.error(c({
2446
2446
  msg: "Create client failure",
2447
2447
  user: (i = e.user) == null ? void 0 : i.username,
2448
2448
  errorCodeName: t.codeName,
2449
2449
  errorCode: t.code
2450
- })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
2451
- a.status(this.sessionServer.errorStatus(n)).header(...B).send({
2450
+ })), d.logger.debug(c({ err: a })), this.sessionServer.handleError(a, e, o, (n, h) => {
2451
+ n.status(this.sessionServer.errorStatus(a)).header(...B).send({
2452
2452
  ok: !1,
2453
2453
  errorMessage: h.message,
2454
2454
  errorMessages: h.messages,
@@ -2482,27 +2482,27 @@ class Le {
2482
2482
  return await this.updateClient(
2483
2483
  e,
2484
2484
  o,
2485
- (i, n, t) => i.header(...B).send({
2485
+ (i, a, t) => i.header(...B).send({
2486
2486
  ok: !0,
2487
- client: n,
2487
+ client: a,
2488
2488
  csrfToken: e.csrfToken,
2489
2489
  newSecret: t
2490
2490
  })
2491
2491
  );
2492
2492
  } catch (i) {
2493
- const n = l.asCrossauthError(i);
2493
+ const a = l.asCrossauthError(i);
2494
2494
  return d.logger.error(c({
2495
2495
  msg: "Failed updating OAuth client",
2496
2496
  user: (s = e.user) == null ? void 0 : s.username,
2497
- errorCodeName: n.codeName,
2498
- errorCode: n.code
2499
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
2497
+ errorCodeName: a.codeName,
2498
+ errorCode: a.code
2499
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => {
2500
2500
  t.status(this.sessionServer.errorStatus(i)).header(...B).send({
2501
2501
  ok: !1,
2502
- errorMessage: a.message,
2503
- errorMessages: a.messages,
2504
- errorCode: a.code,
2505
- errorCodeName: g[a.code]
2502
+ errorMessage: n.message,
2503
+ errorMessages: n.messages,
2504
+ errorCode: n.code,
2505
+ errorCodeName: g[n.code]
2506
2506
  });
2507
2507
  });
2508
2508
  }
@@ -2534,18 +2534,18 @@ class Le {
2534
2534
  })
2535
2535
  );
2536
2536
  } catch (i) {
2537
- const n = l.asCrossauthError(i);
2537
+ const a = l.asCrossauthError(i);
2538
2538
  d.logger.error(c({
2539
2539
  msg: "Delete client failure",
2540
2540
  user: (s = e.user) == null ? void 0 : s.username,
2541
- errorCodeName: n.codeName,
2542
- errorCode: n.code
2543
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
2541
+ errorCodeName: a.codeName,
2542
+ errorCode: a.code
2543
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => {
2544
2544
  t.status(this.sessionServer.errorStatus(i)).header(...B).send({
2545
2545
  ok: !1,
2546
- errorMessage: a.message,
2547
- errorMessages: a.messages,
2548
- errorCode: g[a.code]
2546
+ errorMessage: n.message,
2547
+ errorMessages: n.messages,
2548
+ errorCode: g[n.code]
2549
2549
  });
2550
2550
  });
2551
2551
  }
@@ -2568,24 +2568,24 @@ class Le {
2568
2568
  throw new l(g.InvalidCsrf);
2569
2569
  if (!e.user || !y.isAdmin(e.user))
2570
2570
  throw new l(g.InsufficientPriviledges);
2571
- const i = e.body.confidential == "true", n = e.body.client_name, t = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
2572
- let a = [];
2573
- for (let p of t)
2571
+ const i = e.body.confidential == "true", a = e.body.client_name, t = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
2572
+ let n = [];
2573
+ for (let m of t)
2574
2574
  try {
2575
- L.validateUri(p);
2575
+ L.validateUri(m);
2576
2576
  } catch (v) {
2577
- d.logger.error(c({ err: v })), a.push("[" + p + "]");
2577
+ d.logger.error(c({ err: v })), n.push("[" + m + "]");
2578
2578
  }
2579
- if (a.length > 0)
2579
+ if (n.length > 0)
2580
2580
  throw new l(
2581
2581
  g.BadRequest,
2582
- "The following redirect URIs are invalid: " + a.join(" ")
2582
+ "The following redirect URIs are invalid: " + n.join(" ")
2583
2583
  );
2584
2584
  let h = [];
2585
- for (let p of this.validFlows)
2586
- p in e.body && h.push(p);
2585
+ for (let m of this.validFlows)
2586
+ m in e.body && h.push(m);
2587
2587
  const f = await this.clientManager.createClient(
2588
- n,
2588
+ a,
2589
2589
  t,
2590
2590
  h,
2591
2591
  i,
@@ -2600,26 +2600,26 @@ class Le {
2600
2600
  throw new l(g.InsufficientPriviledges);
2601
2601
  const s = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
2602
2602
  let i = [];
2603
- for (let p of s)
2603
+ for (let m of s)
2604
2604
  try {
2605
- L.validateUri(p);
2605
+ L.validateUri(m);
2606
2606
  } catch (v) {
2607
- d.logger.error(c({ err: v })), i.push("[" + p + "]");
2607
+ d.logger.error(c({ err: v })), i.push("[" + m + "]");
2608
2608
  }
2609
2609
  if (i.length > 0)
2610
2610
  throw new l(
2611
2611
  g.BadRequest,
2612
2612
  "The following redirect URIs are invalid: " + i.join(" ")
2613
2613
  );
2614
- let n = [];
2615
- for (let p of this.validFlows)
2616
- p in e.body && n.push(p);
2614
+ let a = [];
2615
+ for (let m of this.validFlows)
2616
+ m in e.body && a.push(m);
2617
2617
  const t = {};
2618
- t.client_name = e.body.client_name, t.confidential = e.body.confidential == "true", t.valid_flow = n, t.redirect_uri = s, t.userid = e.body.userid, t.userid == null && (t.userid = null);
2619
- const a = e.body.resetSecret == "true", { client: h, newSecret: f } = await this.clientManager.updateClient(
2618
+ t.client_name = e.body.client_name, t.confidential = e.body.confidential == "true", t.valid_flow = a, t.redirect_uri = s, t.userid = e.body.userid, t.userid == null && (t.userid = null);
2619
+ const n = e.body.resetSecret == "true", { client: h, newSecret: f } = await this.clientManager.updateClient(
2620
2620
  e.params.client_id,
2621
2621
  t,
2622
- a
2622
+ n
2623
2623
  );
2624
2624
  return r(o, h, f);
2625
2625
  }
@@ -2683,7 +2683,7 @@ class Ge {
2683
2683
  i,
2684
2684
  e.user.id
2685
2685
  );
2686
- const n = e.query.next ?? encodeURIComponent(e.url);
2686
+ const a = e.query.next ?? encodeURIComponent(e.url);
2687
2687
  let t = {
2688
2688
  urlPrefix: this.prefix,
2689
2689
  user: e.user,
@@ -2693,7 +2693,7 @@ class Ge {
2693
2693
  havePrevious: s > 0,
2694
2694
  haveNext: i != null && r.length == i,
2695
2695
  isAdmin: !1,
2696
- next: n
2696
+ next: a
2697
2697
  };
2698
2698
  return e.query.next && (t.next = e.query.next), o.view(this.selectClientPage, t);
2699
2699
  } catch (r) {
@@ -2752,7 +2752,7 @@ class Ge {
2752
2752
  return await this.createClient(
2753
2753
  e,
2754
2754
  o,
2755
- (n, t) => n.view(this.createClientPage, {
2755
+ (a, t) => a.view(this.createClientPage, {
2756
2756
  message: "Created client",
2757
2757
  client: t,
2758
2758
  csrfToken: e.csrfToken,
@@ -2766,16 +2766,16 @@ class Ge {
2766
2766
  }),
2767
2767
  e.user
2768
2768
  );
2769
- } catch (n) {
2770
- const t = l.asCrossauthError(n);
2769
+ } catch (a) {
2770
+ const t = l.asCrossauthError(a);
2771
2771
  return d.logger.error(c({
2772
2772
  msg: "Failed creating OAuth client",
2773
2773
  user: (i = e.user) == null ? void 0 : i.username,
2774
2774
  errorCodeName: t.codeName,
2775
2775
  errorCode: t.code
2776
- })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
2777
- const p = l.asCrossauthError(n).httpStatus;
2778
- return a.status(p).view(this.createClientPage, {
2776
+ })), d.logger.debug(c({ err: a })), this.sessionServer.handleError(a, e, o, (n, h) => {
2777
+ const m = l.asCrossauthError(a).httpStatus;
2778
+ return n.status(m).view(this.createClientPage, {
2779
2779
  errorMessage: h.message,
2780
2780
  errorMessages: h.messages,
2781
2781
  errorCode: h.code,
@@ -2813,25 +2813,25 @@ class Ge {
2813
2813
  return await this.createClient(
2814
2814
  e,
2815
2815
  o,
2816
- (i, n) => i.header(...D).send({
2816
+ (i, a) => i.header(...D).send({
2817
2817
  ok: !0,
2818
- client: n
2818
+ client: a
2819
2819
  }),
2820
2820
  e.user
2821
2821
  );
2822
2822
  } catch (i) {
2823
- const n = l.asCrossauthError(i);
2823
+ const a = l.asCrossauthError(i);
2824
2824
  d.logger.error(c({
2825
2825
  msg: "Create client failure",
2826
2826
  user: (s = e.user) == null ? void 0 : s.username,
2827
- errorCodeName: n.codeName,
2828
- errorCode: n.code
2829
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
2827
+ errorCodeName: a.codeName,
2828
+ errorCode: a.code
2829
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => {
2830
2830
  t.status(this.sessionServer.errorStatus(i)).header(...D).send({
2831
2831
  ok: !1,
2832
- errorMessage: a.message,
2833
- errorMessages: a.messages,
2834
- errorCode: g[a.code]
2832
+ errorMessage: n.message,
2833
+ errorMessages: n.messages,
2834
+ errorCode: g[n.code]
2835
2835
  });
2836
2836
  });
2837
2837
  }
@@ -2856,9 +2856,9 @@ class Ge {
2856
2856
  let r;
2857
2857
  try {
2858
2858
  r = await this.clientStorage.getClientById(e.params.client_id);
2859
- } catch (a) {
2860
- const h = l.asCrossauthError(a);
2861
- return d.logger.debug(c({ err: a })), o.status(h.httpStatus).view(this.sessionServer.errorPage, {
2859
+ } catch (n) {
2860
+ const h = l.asCrossauthError(n);
2861
+ return d.logger.debug(c({ err: n })), o.status(h.httpStatus).view(this.sessionServer.errorPage, {
2862
2862
  errorMessage: h.message,
2863
2863
  errorMessages: h.messages,
2864
2864
  errorCode: h.code,
@@ -2870,24 +2870,24 @@ class Ge {
2870
2870
  let i;
2871
2871
  try {
2872
2872
  e.query.userid && (i = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user);
2873
- } catch (a) {
2874
- const h = l.asCrossauthError(a);
2875
- return d.logger.debug(c({ err: a })), o.status(h.httpStatus).view(this.sessionServer.errorPage, {
2873
+ } catch (n) {
2874
+ const h = l.asCrossauthError(n);
2875
+ return d.logger.debug(c({ err: n })), o.status(h.httpStatus).view(this.sessionServer.errorPage, {
2876
2876
  errorMessage: h.message,
2877
2877
  errorMessages: h.messages,
2878
2878
  errorCode: h.code,
2879
2879
  errorCodeName: g[h.code]
2880
2880
  });
2881
2881
  }
2882
- let n = {};
2883
- for (let a of this.validFlows)
2884
- r.valid_flow.includes(a) && (n[a] = !0);
2882
+ let a = {};
2883
+ for (let n of this.validFlows)
2884
+ r.valid_flow.includes(n) && (a[n] = !0);
2885
2885
  let t = {
2886
2886
  urlPrefix: this.prefix,
2887
2887
  csrfToken: e.csrfToken,
2888
2888
  validFlows: this.validFlows,
2889
2889
  flowNames: E.flowNames(this.validFlows),
2890
- selectedFlows: n,
2890
+ selectedFlows: a,
2891
2891
  user: i,
2892
2892
  client_id: r.client_id,
2893
2893
  client_name: r.client_name,
@@ -2901,7 +2901,7 @@ class Ge {
2901
2901
  ), this.sessionServer.app.post(
2902
2902
  this.prefix + "updateclient/:client_id",
2903
2903
  async (e, o) => {
2904
- var i, n;
2904
+ var i, a;
2905
2905
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call updateclient unless a user storage is provided ");
2906
2906
  d.logger.info(c({
2907
2907
  msg: "Page visit",
@@ -2918,9 +2918,9 @@ class Ge {
2918
2918
  return e.body.userid && (s = (await this.sessionServer.userStorage.getUserById(e.body.userid)).user), await this.updateClient(
2919
2919
  e,
2920
2920
  o,
2921
- (t, a, h) => t.view(this.updateClientPage, {
2921
+ (t, n, h) => t.view(this.updateClientPage, {
2922
2922
  message: "Updated client",
2923
- client: a,
2923
+ client: n,
2924
2924
  csrfToken: e.csrfToken,
2925
2925
  urlPrefix: this.prefix,
2926
2926
  validFlows: this.validFlows,
@@ -2933,17 +2933,17 @@ class Ge {
2933
2933
  })
2934
2934
  );
2935
2935
  } catch (t) {
2936
- const a = l.asCrossauthError(t);
2936
+ const n = l.asCrossauthError(t);
2937
2937
  return d.logger.error(c({
2938
2938
  msg: "Failed updating OAuth client",
2939
- user: (n = e.user) == null ? void 0 : n.username,
2940
- errorCodeName: a.codeName,
2941
- errorCode: a.code
2939
+ user: (a = e.user) == null ? void 0 : a.username,
2940
+ errorCodeName: n.codeName,
2941
+ errorCode: n.code
2942
2942
  })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (h, f) => {
2943
2943
  const v = l.asCrossauthError(t).httpStatus;
2944
- let m = {};
2944
+ let p = {};
2945
2945
  for (let w of this.validFlows)
2946
- w in e.body && (m[w] = !0);
2946
+ w in e.body && (p[w] = !0);
2947
2947
  return h.status(v).view(this.updateClientPage, {
2948
2948
  errorMessage: f.message,
2949
2949
  errorMessages: f.messages,
@@ -2952,7 +2952,7 @@ class Ge {
2952
2952
  csrfToken: e.csrfToken,
2953
2953
  urlPrefix: this.prefix,
2954
2954
  validFlows: this.validFlows,
2955
- selectedFlows: m,
2955
+ selectedFlows: p,
2956
2956
  flowNames: E.flowNames(this.validFlows),
2957
2957
  isAdmin: !0,
2958
2958
  next: r,
@@ -2983,27 +2983,27 @@ class Ge {
2983
2983
  return e.body.userid && await this.sessionServer.userStorage.getUserById(e.body.userid), await this.updateClient(
2984
2984
  e,
2985
2985
  o,
2986
- (i, n, t) => i.header(...D).send({
2986
+ (i, a, t) => i.header(...D).send({
2987
2987
  ok: !0,
2988
- client: n,
2988
+ client: a,
2989
2989
  csrfToken: e.csrfToken,
2990
2990
  newSecret: t
2991
2991
  })
2992
2992
  );
2993
2993
  } catch (i) {
2994
- const n = l.asCrossauthError(i);
2994
+ const a = l.asCrossauthError(i);
2995
2995
  return d.logger.error(c({
2996
2996
  msg: "Failed updating OAuth client",
2997
2997
  user: (s = e.user) == null ? void 0 : s.username,
2998
- errorCodeName: n.codeName,
2999
- errorCode: n.code
3000
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
2998
+ errorCodeName: a.codeName,
2999
+ errorCode: a.code
3000
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => {
3001
3001
  t.status(this.sessionServer.errorStatus(i)).header(...D).send({
3002
3002
  ok: !1,
3003
- errorMessage: a.message,
3004
- errorMessages: a.messages,
3005
- errorCode: a.code,
3006
- errorCodeName: g[a.code]
3003
+ errorMessage: n.message,
3004
+ errorMessages: n.messages,
3005
+ errorCode: n.code,
3006
+ errorCodeName: g[n.code]
3007
3007
  });
3008
3008
  });
3009
3009
  }
@@ -3032,9 +3032,9 @@ class Ge {
3032
3032
  g.InsufficientPriviledges,
3033
3033
  "You may not delete this client"
3034
3034
  );
3035
- } catch (n) {
3036
- const t = l.asCrossauthError(n);
3037
- return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
3035
+ } catch (a) {
3036
+ const t = l.asCrossauthError(a);
3037
+ return d.logger.debug(c({ err: a })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
3038
3038
  errorMessage: t.message,
3039
3039
  errorMessages: t.messages,
3040
3040
  errorCode: t.code,
@@ -3068,7 +3068,7 @@ class Ge {
3068
3068
  return await this.deleteClient(
3069
3069
  e,
3070
3070
  o,
3071
- (n) => n.view(this.deleteClientPage, {
3071
+ (a) => a.view(this.deleteClientPage, {
3072
3072
  message: "Client deleted",
3073
3073
  csrfToken: e.csrfToken,
3074
3074
  urlPrefix: this.prefix,
@@ -3077,16 +3077,16 @@ class Ge {
3077
3077
  }),
3078
3078
  e.user
3079
3079
  );
3080
- } catch (n) {
3081
- const t = l.asCrossauthError(n);
3080
+ } catch (a) {
3081
+ const t = l.asCrossauthError(a);
3082
3082
  return d.logger.error(c({
3083
3083
  msg: "Failed deleting OAuth client",
3084
3084
  user: (i = e.user) == null ? void 0 : i.username,
3085
3085
  errorCodeName: t.codeName,
3086
3086
  errorCode: t.code
3087
- })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
3088
- const p = l.asCrossauthError(n).httpStatus;
3089
- return a.status(p).view(this.deleteClientPage, {
3087
+ })), d.logger.debug(c({ err: a })), this.sessionServer.handleError(a, e, o, (n, h) => {
3088
+ const m = l.asCrossauthError(a).httpStatus;
3089
+ return n.status(m).view(this.deleteClientPage, {
3090
3090
  errorMessage: h.message,
3091
3091
  errorMessages: h.messages,
3092
3092
  errorCode: h.code,
@@ -3129,18 +3129,18 @@ class Ge {
3129
3129
  e.user
3130
3130
  );
3131
3131
  } catch (i) {
3132
- const n = l.asCrossauthError(i);
3132
+ const a = l.asCrossauthError(i);
3133
3133
  d.logger.error(c({
3134
3134
  msg: "Delete client failure",
3135
3135
  user: (s = e.user) == null ? void 0 : s.username,
3136
- errorCodeName: n.codeName,
3137
- errorCode: n.code
3138
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
3136
+ errorCodeName: a.codeName,
3137
+ errorCode: a.code
3138
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, n) => {
3139
3139
  t.status(this.sessionServer.errorStatus(i)).header(...D).send({
3140
3140
  ok: !1,
3141
- errorMessage: a.message,
3142
- errorMessages: a.messages,
3143
- errorCode: g[a.code]
3141
+ errorMessage: n.message,
3142
+ errorMessages: n.messages,
3143
+ errorCode: g[n.code]
3144
3144
  });
3145
3145
  });
3146
3146
  }
@@ -3154,23 +3154,23 @@ class Ge {
3154
3154
  throw new l(g.InvalidCsrf);
3155
3155
  if (!e.user)
3156
3156
  throw new l(g.InsufficientPriviledges);
3157
- const i = e.body.confidential == "true", n = e.body.client_name, t = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
3158
- let a = [];
3159
- for (let p of t)
3157
+ const i = e.body.confidential == "true", a = e.body.client_name, t = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
3158
+ let n = [];
3159
+ for (let m of t)
3160
3160
  try {
3161
- L.validateUri(p);
3161
+ L.validateUri(m);
3162
3162
  } catch (v) {
3163
- d.logger.error(c({ err: v })), a.push("[" + p + "]");
3163
+ d.logger.error(c({ err: v })), n.push("[" + m + "]");
3164
3164
  }
3165
- if (a.length > 0)
3165
+ if (n.length > 0)
3166
3166
  throw new l(
3167
3167
  g.BadRequest,
3168
- "The following redirect URIs are invalid: " + a.join(" ")
3168
+ "The following redirect URIs are invalid: " + n.join(" ")
3169
3169
  );
3170
3170
  let h = [];
3171
3171
  e.body[E.AuthorizationCode] && h.push(E.AuthorizationCode), e.body[E.AuthorizationCodeWithPKCE] && h.push(E.AuthorizationCodeWithPKCE), e.body[E.ClientCredentials] && h.push(E.ClientCredentials), e.body[E.RefreshToken] && h.push(E.RefreshToken), e.body[E.DeviceCode] && h.push(E.DeviceCode), e.body[E.Password] && h.push(E.Password), e.body[E.PasswordMfa] && h.push(E.PasswordMfa), e.body[E.OidcAuthorizationCode] && h.push(E.OidcAuthorizationCode);
3172
3172
  const f = await this.clientManager.createClient(
3173
- n,
3173
+ a,
3174
3174
  t,
3175
3175
  h,
3176
3176
  i,
@@ -3185,26 +3185,26 @@ class Ge {
3185
3185
  throw new l(g.InsufficientPriviledges);
3186
3186
  const s = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
3187
3187
  let i = [];
3188
- for (let p of s)
3188
+ for (let m of s)
3189
3189
  try {
3190
- L.validateUri(p);
3190
+ L.validateUri(m);
3191
3191
  } catch (v) {
3192
- d.logger.error(c({ err: v })), i.push("[" + p + "]");
3192
+ d.logger.error(c({ err: v })), i.push("[" + m + "]");
3193
3193
  }
3194
3194
  if (i.length > 0)
3195
3195
  throw new l(
3196
3196
  g.BadRequest,
3197
3197
  "The following redirect URIs are invalid: " + i.join(" ")
3198
3198
  );
3199
- let n = [];
3200
- for (let p of this.validFlows)
3201
- p in e.body && n.push(p);
3199
+ let a = [];
3200
+ for (let m of this.validFlows)
3201
+ m in e.body && a.push(m);
3202
3202
  const t = {};
3203
- t.client_name = e.body.client_name, t.confidential = e.body.confidential == "true", t.valid_flow = n, t.redirect_uri = s, t.userid = e.user.id;
3204
- const a = e.body.resetSecret == "true", { client: h, newSecret: f } = await this.clientManager.updateClient(
3203
+ t.client_name = e.body.client_name, t.confidential = e.body.confidential == "true", t.valid_flow = a, t.redirect_uri = s, t.userid = e.user.id;
3204
+ const n = e.body.resetSecret == "true", { client: h, newSecret: f } = await this.clientManager.updateClient(
3205
3205
  e.params.client_id,
3206
3206
  t,
3207
- a
3207
+ n
3208
3208
  );
3209
3209
  return r(o, h, f);
3210
3210
  }
@@ -3334,8 +3334,8 @@ function We(k, e) {
3334
3334
  };
3335
3335
  const s = k.user && y.isAdmin(k.user);
3336
3336
  for (let i in k.body) {
3337
- let n = i.replace(/^user_/, "");
3338
- i.startsWith("user_") && (s || e.includes(n)) && (r[n] = k.body[i]);
3337
+ let a = i.replace(/^user_/, "");
3338
+ i.startsWith("user_") && (s || e.includes(a)) && (r[a] = k.body[i]);
3339
3339
  }
3340
3340
  return r.factor1 = "localpassword", r.factor2 = k.body.factor2, r;
3341
3341
  }
@@ -3468,14 +3468,14 @@ class Ke {
3468
3468
  break;
3469
3469
  }
3470
3470
  i && (this.adminClientEndpoints = new Le(this, s));
3471
- let n = !1;
3471
+ let a = !1;
3472
3472
  for (let t of this.endpoints)
3473
3473
  if (ee.includes(t) || Z.includes(t)) {
3474
- n = !0;
3474
+ a = !0;
3475
3475
  break;
3476
3476
  }
3477
- n && (this.userClientEndpoints = new Ge(this, s)), this.addEndpoints(), S("endpoints", C.JsonArray, this, s, "ENDPOINTS"), s.userStorage && (this.userStorage = s.userStorage), this.authenticators = r, this.sessionManager = new Ae(o, r, s), e.addHook("preHandler", async (t, a) => {
3478
- var v, m;
3477
+ a && (this.userClientEndpoints = new Ge(this, s)), this.addEndpoints(), S("endpoints", C.JsonArray, this, s, "ENDPOINTS"), s.userStorage && (this.userStorage = s.userStorage), this.authenticators = r, this.sessionManager = new Ae(o, r, s), e.addHook("preHandler", async (t, n) => {
3478
+ var v, p;
3479
3479
  d.logger.debug(c({ msg: "Getting session cookie" }));
3480
3480
  let h = this.getSessionCookieValue(t), f = {};
3481
3481
  if (h)
@@ -3485,40 +3485,40 @@ class Ke {
3485
3485
  f.hashedSessionCookie = F.hash(h);
3486
3486
  }
3487
3487
  d.logger.debug(c({ msg: "Getting csrf cookie" }));
3488
- let p;
3488
+ let m;
3489
3489
  try {
3490
- p = this.getCsrfCookieValue(t), p && this.sessionManager.validateCsrfCookie(p);
3490
+ m = this.getCsrfCookieValue(t), m && this.sessionManager.validateCsrfCookie(m);
3491
3491
  } catch (w) {
3492
- d.logger.warn(c({ msg: "Invalid csrf cookie received", cerr: w, hashedCsrfCookie: this.getHashOfCsrfCookie(t) })), a.clearCookie(this.sessionManager.csrfCookieName), p = void 0;
3492
+ d.logger.warn(c({ msg: "Invalid csrf cookie received", cerr: w, hashedCsrfCookie: this.getHashOfCsrfCookie(t) })), n.clearCookie(this.sessionManager.csrfCookieName), m = void 0;
3493
3493
  }
3494
3494
  if (["GET", "OPTIONS", "HEAD"].includes(t.method))
3495
3495
  try {
3496
- if (p) {
3496
+ if (m) {
3497
3497
  d.logger.debug(c({ msg: "Valid CSRF cookie - creating token" }));
3498
- const w = await this.sessionManager.createCsrfFormOrHeaderValue(p);
3498
+ const w = await this.sessionManager.createCsrfFormOrHeaderValue(m);
3499
3499
  t.csrfToken = w;
3500
3500
  } else {
3501
3501
  d.logger.debug(c({ msg: "Invalid CSRF cookie - recreating" }));
3502
3502
  const { csrfCookie: w, csrfFormOrHeaderValue: P } = await this.sessionManager.createCsrfToken();
3503
- a.setCookie(w.name, w.value, w.options), t.csrfToken = P;
3503
+ n.setCookie(w.name, w.value, w.options), t.csrfToken = P;
3504
3504
  }
3505
- a.header(this.sessionManager.csrfHeaderName, t.csrfToken);
3505
+ n.header(this.sessionManager.csrfHeaderName, t.csrfToken);
3506
3506
  } catch (w) {
3507
3507
  d.logger.error(c({
3508
3508
  msg: "Couldn't create CSRF token",
3509
3509
  cerr: w,
3510
3510
  user: (v = t.user) == null ? void 0 : v.username,
3511
3511
  ...f
3512
- })), d.logger.debug(c({ err: w })), a.clearCookie(this.sessionManager.csrfCookieName);
3512
+ })), d.logger.debug(c({ err: w })), n.clearCookie(this.sessionManager.csrfCookieName);
3513
3513
  }
3514
- else if (p)
3514
+ else if (m)
3515
3515
  try {
3516
- this.csrfToken(t, a);
3516
+ this.csrfToken(t, n);
3517
3517
  } catch (w) {
3518
3518
  d.logger.error(c({
3519
3519
  msg: "Couldn't create CSRF token",
3520
3520
  cerr: w,
3521
- user: (m = t.user) == null ? void 0 : m.username,
3521
+ user: (p = t.user) == null ? void 0 : p.username,
3522
3522
  ...f
3523
3523
  })), d.logger.debug(c({ err: w }));
3524
3524
  }
@@ -3538,15 +3538,15 @@ class Ke {
3538
3538
  d.logger.warn(c({
3539
3539
  msg: "Invalid session cookie received",
3540
3540
  hashOfSessionId: this.getHashOfSessionId(t)
3541
- })), a.clearCookie(this.sessionManager.sessionCookieName);
3541
+ })), n.clearCookie(this.sessionManager.sessionCookieName);
3542
3542
  }
3543
3543
  }), e.addHook(
3544
3544
  "preHandler",
3545
- async (t, a) => {
3546
- var f, p, v;
3545
+ async (t, n) => {
3546
+ var f, m, v;
3547
3547
  const h = this.getSessionCookieValue(t);
3548
3548
  if (h && ((f = t.user) != null && f.factor2) && (this.factor2ProtectedPageEndpoints.includes(t.url) || this.factor2ProtectedApiEndpoints.includes(t.url))) {
3549
- const m = this.sessionManager.getSessionId(h);
3549
+ const p = this.sessionManager.getSessionId(h);
3550
3550
  if (["GET", "OPTIONS", "HEAD"].includes(t.method)) {
3551
3551
  const w = this.getSessionCookieValue(t);
3552
3552
  if (w) {
@@ -3561,7 +3561,7 @@ class Ke {
3561
3561
  }
3562
3562
  }
3563
3563
  } else {
3564
- const w = await this.sessionManager.dataForSessionId(m);
3564
+ const w = await this.sessionManager.dataForSessionId(p);
3565
3565
  if ("pre2fa" in w) {
3566
3566
  d.logger.debug("Completing 2FA");
3567
3567
  const T = [...this.authenticators[w.pre2fa.factor2].transientSecretNames()];
@@ -3570,7 +3570,7 @@ class Ke {
3570
3570
  T.includes(M) && (U[M] = t.body[M]);
3571
3571
  let _;
3572
3572
  try {
3573
- await this.sessionManager.completeTwoFactorPageVisit(U, m);
3573
+ await this.sessionManager.completeTwoFactorPageVisit(U, p);
3574
3574
  } catch (M) {
3575
3575
  _ = l.asCrossauthError(M), d.logger.debug(c({ err: M }));
3576
3576
  const I = l.asCrossauthError(M);
@@ -3586,9 +3586,9 @@ class Ke {
3586
3586
  if (_.code == g.Expired) {
3587
3587
  d.logger.debug("Error - cancelling 2FA");
3588
3588
  try {
3589
- await this.sessionManager.cancelTwoFactorPageVisit(m);
3589
+ await this.sessionManager.cancelTwoFactorPageVisit(p);
3590
3590
  } catch (M) {
3591
- d.logger.error(c({ msg: "Failed cancelling 2FA", cerr: M, user: (p = t.user) == null ? void 0 : p.username, hashOfSessionId: this.getHashOfSessionId(t) })), d.logger.debug(c({ err: M }));
3591
+ d.logger.error(c({ msg: "Failed cancelling 2FA", cerr: M, user: (m = t.user) == null ? void 0 : m.username, hashOfSessionId: this.getHashOfSessionId(t) })), d.logger.debug(c({ err: M }));
3592
3592
  }
3593
3593
  t.body = {
3594
3594
  ...t.body,
@@ -3598,7 +3598,7 @@ class Ke {
3598
3598
  errorCodeName: g[_.code]
3599
3599
  };
3600
3600
  } else
3601
- return this.factor2ProtectedPageEndpoints.includes(t.url) ? a.redirect(this.prefix + "factor2?error=" + g[_.code]) : a.status(_.httpStatus).send(JSON.stringify({
3601
+ return this.factor2ProtectedPageEndpoints.includes(t.url) ? n.redirect(this.prefix + "factor2?error=" + g[_.code]) : n.status(_.httpStatus).send(JSON.stringify({
3602
3602
  ok: !1,
3603
3603
  errorMessage: _.message,
3604
3604
  errorMessages: _.messages,
@@ -3606,7 +3606,7 @@ class Ke {
3606
3606
  errorCodeName: g[_.code]
3607
3607
  }));
3608
3608
  } else
3609
- return this.validateCsrfToken(t), d.logger.debug("Starting 2FA"), this.sessionManager.initiateTwoFactorPageVisit(t.user, m, t.body, t.url.replace(/\?.*$/, "")), this.factor2ProtectedPageEndpoints.includes(t.url) ? a.redirect(this.prefix + "factor2") : a.send(JSON.stringify({
3609
+ return this.validateCsrfToken(t), d.logger.debug("Starting 2FA"), this.sessionManager.initiateTwoFactorPageVisit(t.user, p, t.body, t.url.replace(/\?.*$/, "")), this.factor2ProtectedPageEndpoints.includes(t.url) ? n.redirect(this.prefix + "factor2") : n.send(JSON.stringify({
3610
3610
  ok: !0,
3611
3611
  factor2Required: !0
3612
3612
  }));
@@ -3678,12 +3678,12 @@ class Ke {
3678
3678
  if (this.endpoints.includes("changepassword"))
3679
3679
  return d.logger.debug(c({ msg: "Password change needed - sending redirect" })), s.redirect("/changepassword?required=true&next=" + encodeURIComponent("login?next=" + r));
3680
3680
  {
3681
- const n = new l(g.PasswordChangeNeeded);
3682
- return this.handleError(n, e, s, (t, a) => t.view(this.loginPage, {
3683
- errorMessage: a.message,
3684
- errorMessages: a.messages,
3685
- errorCode: a.code,
3686
- errorCodeName: g[a.code],
3681
+ const a = new l(g.PasswordChangeNeeded);
3682
+ return this.handleError(a, e, s, (t, n) => t.view(this.loginPage, {
3683
+ errorMessage: n.message,
3684
+ errorMessages: n.messages,
3685
+ errorCode: n.code,
3686
+ errorCodeName: g[n.code],
3687
3687
  next: r,
3688
3688
  persist: e.body.persist,
3689
3689
  username: e.body.username,
@@ -3693,12 +3693,12 @@ class Ke {
3693
3693
  }
3694
3694
  } else if (i.state == O.passwordResetNeeded || i.state == O.passwordAndFactor2ResetNeeded) {
3695
3695
  d.logger.debug(c({ msg: "Password reset needed - sending error" }));
3696
- const n = new l(g.PasswordResetNeeded);
3697
- return this.handleError(n, e, s, (t, a) => t.view(this.loginPage, {
3698
- errorMessage: a.message,
3699
- errorMessages: a.messages,
3700
- errorCode: a.code,
3701
- errorCodeName: g[a.code],
3696
+ const a = new l(g.PasswordResetNeeded);
3697
+ return this.handleError(a, e, s, (t, n) => t.view(this.loginPage, {
3698
+ errorMessage: n.message,
3699
+ errorMessages: n.messages,
3700
+ errorCode: n.code,
3701
+ errorCodeName: g[n.code],
3702
3702
  next: r,
3703
3703
  persist: e.body.persist,
3704
3704
  username: e.body.username,
@@ -3712,12 +3712,12 @@ class Ke {
3712
3712
  })), this.endpoints.includes("changefactor2"))
3713
3713
  return d.logger.debug(c({ msg: "Factor 2 reset needed - sending redirect" })), s.redirect("/changefactor2?required=true&next=" + encodeURIComponent("login?next=" + r));
3714
3714
  {
3715
- const n = new l(g.Factor2ResetNeeded);
3716
- return this.handleError(n, e, s, (t, a) => t.view(this.loginPage, {
3717
- errorMessage: a.message,
3718
- errorMessages: a.messages,
3719
- errorCode: a.code,
3720
- errorCodeName: g[a.code],
3715
+ const a = new l(g.Factor2ResetNeeded);
3716
+ return this.handleError(a, e, s, (t, n) => t.view(this.loginPage, {
3717
+ errorMessage: n.message,
3718
+ errorMessages: n.messages,
3719
+ errorCode: n.code,
3720
+ errorCodeName: g[n.code],
3721
3721
  next: r,
3722
3722
  persist: e.body.persist,
3723
3723
  username: e.body.username,
@@ -3729,7 +3729,7 @@ class Ke {
3729
3729
  if (!i.factor2 || i.factor2.length == 0)
3730
3730
  return d.logger.debug(c({ msg: "Successful login - sending redirect" })), s.redirect(r);
3731
3731
  {
3732
- let n = {
3732
+ let a = {
3733
3733
  csrfToken: e.csrfToken,
3734
3734
  next: e.body.next ?? this.loginRedirect,
3735
3735
  persist: e.body.persist ? "on" : "",
@@ -3737,17 +3737,17 @@ class Ke {
3737
3737
  factor2: i.factor2,
3738
3738
  action: "loginfactor2"
3739
3739
  };
3740
- return s.view(this.factor2Page, n);
3740
+ return s.view(this.factor2Page, a);
3741
3741
  }
3742
3742
  }
3743
3743
  }
3744
3744
  );
3745
3745
  } catch (s) {
3746
- return d.logger.debug(c({ err: s })), this.handleError(s, e, o, (i, n) => i.view(this.loginPage, {
3747
- errorMessage: n.message,
3748
- errorMessages: n.messages,
3749
- errorCode: n.code,
3750
- errorCodeName: g[n.code],
3746
+ return d.logger.debug(c({ err: s })), this.handleError(s, e, o, (i, a) => i.view(this.loginPage, {
3747
+ errorMessage: a.message,
3748
+ errorMessages: a.messages,
3749
+ errorCode: a.code,
3750
+ errorCodeName: g[a.code],
3751
3751
  next: r,
3752
3752
  persist: e.body.persist,
3753
3753
  username: e.body.username,
@@ -3774,12 +3774,12 @@ class Ke {
3774
3774
  d.logger.debug(c({ err: s }));
3775
3775
  let i;
3776
3776
  try {
3777
- const n = e.sessionId ? await this.sessionManager.dataForSessionId(e.sessionId) : void 0;
3778
- i = n == null ? void 0 : n.factor2;
3779
- } catch (n) {
3780
- d.logger.error(c({ err: n }));
3777
+ const a = e.sessionId ? await this.sessionManager.dataForSessionId(e.sessionId) : void 0;
3778
+ i = a == null ? void 0 : a.factor2;
3779
+ } catch (a) {
3780
+ d.logger.error(c({ err: a }));
3781
3781
  }
3782
- return i && i in this.authenticators ? this.handleError(s, e, o, (n, t) => n.view(this.factor2Page, {
3782
+ return i && i in this.authenticators ? this.handleError(s, e, o, (a, t) => a.view(this.factor2Page, {
3783
3783
  errorMessage: t.message,
3784
3784
  errorMessages: t.messages,
3785
3785
  errorCode: t.code,
@@ -3790,7 +3790,7 @@ class Ke {
3790
3790
  urlPrefix: this.prefix,
3791
3791
  factor2: i,
3792
3792
  action: "loginfactor2"
3793
- })) : this.handleError(s, e, o, (n, t) => n.view(this.loginPage, {
3793
+ })) : this.handleError(s, e, o, (a, t) => a.view(this.loginPage, {
3794
3794
  errorMessage: t.message,
3795
3795
  errorMessages: t.messages,
3796
3796
  errorCode: t.code,
@@ -3822,14 +3822,14 @@ class Ke {
3822
3822
  g.Unauthorized,
3823
3823
  "2FA not initiated"
3824
3824
  );
3825
- let n = {
3825
+ let a = {
3826
3826
  urlPrefix: this.prefix,
3827
3827
  csrfToken: e.csrfToken,
3828
3828
  action: i.pre2fa.url,
3829
3829
  errorCodeName: e.query.error,
3830
3830
  factor2: i.pre2fa.factor2
3831
3831
  };
3832
- return o.view(this.factor2Page, n);
3832
+ return o.view(this.factor2Page, a);
3833
3833
  }
3834
3834
  );
3835
3835
  }
@@ -3865,9 +3865,9 @@ class Ke {
3865
3865
  return d.logger.debug(c({ msg: "Next page " + r })), await this.signup(
3866
3866
  e,
3867
3867
  o,
3868
- (s, i, n) => {
3869
- var a, h;
3870
- const t = (a = i == null ? void 0 : i.userData) != null && a.factor2 ? this.authenticators[i.userData.factor2] : void 0;
3868
+ (s, i, a) => {
3869
+ var n, h;
3870
+ const t = (n = i == null ? void 0 : i.userData) != null && n.factor2 ? this.authenticators[i.userData.factor2] : void 0;
3871
3871
  return (h = i.userData) != null && h.factor2 ? s.view(this.configureFactor2Page, {
3872
3872
  csrfToken: i.csrfToken,
3873
3873
  ...i.userData
@@ -3889,11 +3889,11 @@ class Ke {
3889
3889
  user: e.body.username,
3890
3890
  errorCodeName: i.codeName,
3891
3891
  errorCode: i.code
3892
- })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (n, t) => {
3893
- let a = {};
3892
+ })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (a, t) => {
3893
+ let n = {};
3894
3894
  for (let h in e.body)
3895
- h.startsWith("user_") && (a[h] = e.body[h]);
3896
- return n.view(this.signupPage, {
3895
+ h.startsWith("user_") && (n[h] = e.body[h]);
3896
+ return a.view(this.signupPage, {
3897
3897
  errorMessage: t.message,
3898
3898
  errorMessages: t.messages,
3899
3899
  errorCode: t.code,
@@ -3905,7 +3905,7 @@ class Ke {
3905
3905
  factor2: e.body.factor2,
3906
3906
  allowedFactor2: this.allowedFactor2Details(),
3907
3907
  urlPrefix: this.prefix,
3908
- ...a
3908
+ ...n
3909
3909
  });
3910
3910
  });
3911
3911
  }
@@ -3931,18 +3931,18 @@ class Ke {
3931
3931
  (i) => i.redirect(e.body.next ? e.body.next : this.logoutRedirect)
3932
3932
  );
3933
3933
  } catch (i) {
3934
- const n = l.asCrossauthError(i);
3934
+ const a = l.asCrossauthError(i);
3935
3935
  return d.logger.error(c({
3936
3936
  msg: "Logout failure",
3937
3937
  user: (s = e.user) == null ? void 0 : s.username,
3938
- errorCodeName: n.codeName,
3939
- errorCode: n.code
3940
- })), d.logger.debug(c({ err: i })), this.handleError(i, e, o, (t, a) => t.view(this.errorPage, {
3938
+ errorCodeName: a.codeName,
3939
+ errorCode: a.code
3940
+ })), d.logger.debug(c({ err: i })), this.handleError(i, e, o, (t, n) => t.view(this.errorPage, {
3941
3941
  urlPrefix: this.prefix,
3942
- errorMessage: a.message,
3943
- errorMessages: a.messages,
3944
- errorCode: a.code,
3945
- errorCodeName: g[a.code]
3942
+ errorMessage: n.message,
3943
+ errorMessages: n.messages,
3944
+ errorCode: n.code,
3945
+ errorCodeName: g[n.code]
3946
3946
  }));
3947
3947
  }
3948
3948
  }
@@ -3967,8 +3967,8 @@ class Ke {
3967
3967
  (r, s) => {
3968
3968
  if (s.state == O.passwordChangeNeeded) {
3969
3969
  const i = new l(g.PasswordChangeNeeded);
3970
- return this.handleError(i, e, r, (n, t) => {
3971
- n.status(this.errorStatus(i)).header(...A).send({
3970
+ return this.handleError(i, e, r, (a, t) => {
3971
+ a.status(this.errorStatus(i)).header(...A).send({
3972
3972
  ok: !1,
3973
3973
  errorMessage: t.message,
3974
3974
  errorMessages: t.messages,
@@ -3978,8 +3978,8 @@ class Ke {
3978
3978
  });
3979
3979
  } else if (s.state == O.passwordResetNeeded || s.state == O.passwordAndFactor2ResetNeeded) {
3980
3980
  const i = new l(g.PasswordResetNeeded);
3981
- return this.handleError(i, e, r, (n, t) => {
3982
- n.status(this.errorStatus(i)).header(...A).send({
3981
+ return this.handleError(i, e, r, (a, t) => {
3982
+ a.status(this.errorStatus(i)).header(...A).send({
3983
3983
  ok: !1,
3984
3984
  errorMessage: t.message,
3985
3985
  errorMessages: t.messages,
@@ -3989,8 +3989,8 @@ class Ke {
3989
3989
  });
3990
3990
  } else if (this.allowedFactor2.length > 0 && (s.state == O.factor2ResetNeeded || !this.allowedFactor2.includes(s.factor2 ? s.factor2 : "none"))) {
3991
3991
  const i = new l(g.Factor2ResetNeeded);
3992
- return this.handleError(i, e, r, (n, t) => {
3993
- n.status(this.errorStatus(i)).header(...A).send({
3992
+ return this.handleError(i, e, r, (a, t) => {
3993
+ a.status(this.errorStatus(i)).header(...A).send({
3994
3994
  ok: !1,
3995
3995
  errorMessage: t.message,
3996
3996
  errorMessages: t.messages,
@@ -4008,13 +4008,13 @@ class Ke {
4008
4008
  user: e.body.username,
4009
4009
  errorCodeName: s.codeName,
4010
4010
  errorCode: s.code
4011
- })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (i, n) => {
4011
+ })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (i, a) => {
4012
4012
  i.status(this.errorStatus(r)).header(...A).send({
4013
4013
  ok: !1,
4014
- errorMessage: n.message,
4015
- errorMessages: n.messages,
4016
- errorCode: n.code,
4017
- errorCodeName: g[n.code]
4014
+ errorMessage: a.message,
4015
+ errorMessages: a.messages,
4016
+ errorCode: a.code,
4017
+ errorCodeName: g[a.code]
4018
4018
  });
4019
4019
  });
4020
4020
  }
@@ -4038,19 +4038,19 @@ class Ke {
4038
4038
  (r) => r.header(...A).send({ ok: !0 })
4039
4039
  );
4040
4040
  } catch (r) {
4041
- const i = e.user || "", n = l.asCrossauthError(r);
4041
+ const i = e.user || "", a = l.asCrossauthError(r);
4042
4042
  return d.logger.error(c({
4043
4043
  msg: "Login failure",
4044
4044
  user: i,
4045
- errorCodeName: n.codeName,
4046
- errorCode: n.code
4047
- })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (t, a) => {
4045
+ errorCodeName: a.codeName,
4046
+ errorCode: a.code
4047
+ })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (t, n) => {
4048
4048
  t.status(this.errorStatus(r)).header(...A).send({
4049
4049
  ok: !1,
4050
- errorMessage: a.message,
4051
- errorMessages: a.messages,
4052
- errorCode: a.code,
4053
- errorCodeName: g[a.code]
4050
+ errorMessage: n.message,
4051
+ errorMessages: n.messages,
4052
+ errorCode: n.code,
4053
+ errorCodeName: g[n.code]
4054
4054
  });
4055
4055
  });
4056
4056
  }
@@ -4080,12 +4080,12 @@ class Ke {
4080
4080
  hashOfSessionId: this.getHashOfSessionId(e),
4081
4081
  errorCodeName: s.codeName,
4082
4082
  errorCode: s.code
4083
- })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (i, n) => i.status(this.errorStatus(r)).header(...A).send({
4083
+ })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (i, a) => i.status(this.errorStatus(r)).header(...A).send({
4084
4084
  ok: !1,
4085
- errorMessage: n.message,
4086
- errorMessages: n.messages,
4087
- errorCode: n.code,
4088
- errorCodeName: g[n.code]
4085
+ errorMessage: a.message,
4086
+ errorMessages: a.messages,
4087
+ errorCode: a.code,
4088
+ errorCodeName: g[a.code]
4089
4089
  }));
4090
4090
  }
4091
4091
  }
@@ -4114,18 +4114,18 @@ class Ke {
4114
4114
  (i) => i.header(...A).send({ ok: !0 })
4115
4115
  );
4116
4116
  } catch (i) {
4117
- const n = l.asCrossauthError(i);
4117
+ const a = l.asCrossauthError(i);
4118
4118
  return d.logger.error(c({
4119
4119
  msg: "Logout failure",
4120
4120
  user: (s = e.user) == null ? void 0 : s.username,
4121
- errorCodeName: n.codeName,
4122
- errorCode: n.code
4123
- })), d.logger.debug(c({ err: i })), this.handleError(i, e, o, (t, a) => {
4121
+ errorCodeName: a.codeName,
4122
+ errorCode: a.code
4123
+ })), d.logger.debug(c({ err: i })), this.handleError(i, e, o, (t, n) => {
4124
4124
  t.status(this.errorStatus(i)).header(...A).send({
4125
4125
  ok: !1,
4126
- errorMessage: a.message,
4127
- errorMessages: a.messages,
4128
- errorCode: g[a.code]
4126
+ errorMessage: n.message,
4127
+ errorMessages: n.messages,
4128
+ errorCode: g[n.code]
4129
4129
  });
4130
4130
  });
4131
4131
  }
@@ -4148,9 +4148,9 @@ class Ke {
4148
4148
  return await this.signup(
4149
4149
  e,
4150
4150
  o,
4151
- (s, i, n) => s.header(...A).send({
4151
+ (s, i, a) => s.header(...A).send({
4152
4152
  ok: !0,
4153
- user: n,
4153
+ user: a,
4154
4154
  emailVerificationNeeded: this.enableEmailVerification ?? !1,
4155
4155
  ...i.userData
4156
4156
  })
@@ -4162,8 +4162,8 @@ class Ke {
4162
4162
  user: (r = e.user) == null ? void 0 : r.username,
4163
4163
  errorCodeName: i.codeName,
4164
4164
  errorCode: i.code
4165
- })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (n, t) => {
4166
- n.status(this.errorStatus(s)).header(...A).send({
4165
+ })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (a, t) => {
4166
+ a.status(this.errorStatus(s)).header(...A).send({
4167
4167
  ok: !1,
4168
4168
  errorMessage: t.message,
4169
4169
  errorMessages: t.messages,
@@ -4200,12 +4200,12 @@ class Ke {
4200
4200
  let i;
4201
4201
  return e.sessionId && (i = (await this.sessionManager.userForSessionId(e.sessionId)).user), o.header(...A).send({ ok: !0, user: i });
4202
4202
  } catch (i) {
4203
- const n = l.asCrossauthError(i);
4204
- let t = n.message, a = n.code, h = n.codeName;
4205
- switch (n.code) {
4203
+ const a = l.asCrossauthError(i);
4204
+ let t = a.message, n = a.code, h = a.codeName;
4205
+ switch (a.code) {
4206
4206
  case g.UserNotExist:
4207
4207
  case g.PasswordInvalid:
4208
- t = "Invalid username or password", a = g.UsernameOrPasswordInvalid, h = g[a];
4208
+ t = "Invalid username or password", n = g.UsernameOrPasswordInvalid, h = g[n];
4209
4209
  break;
4210
4210
  }
4211
4211
  return d.logger.error(c({
@@ -4213,10 +4213,10 @@ class Ke {
4213
4213
  user: (s = e.user) == null ? void 0 : s.username,
4214
4214
  hashOfSessionId: this.getHashOfSessionId(e),
4215
4215
  errorCodeName: h,
4216
- errorCode: a
4216
+ errorCode: n
4217
4217
  })), d.logger.debug(c({ err: i })), o.status(this.errorStatus(i)).header(...A).send({
4218
4218
  ok: !1,
4219
- errorCode: a,
4219
+ errorCode: n,
4220
4220
  errorCodeName: h
4221
4221
  });
4222
4222
  }
@@ -4241,18 +4241,18 @@ class Ke {
4241
4241
  csrfToken: e.csrfToken
4242
4242
  });
4243
4243
  } catch (i) {
4244
- const n = l.asCrossauthError(i);
4244
+ const a = l.asCrossauthError(i);
4245
4245
  return d.logger.error(c({
4246
4246
  msg: "getcsrftoken failure",
4247
4247
  user: (s = e.user) == null ? void 0 : s.username,
4248
4248
  hashedCsrfCookie: this.getHashOfCsrfCookie(e),
4249
- errorCode: n.code,
4250
- errorCodeName: n.codeName
4249
+ errorCode: a.code,
4250
+ errorCodeName: a.codeName
4251
4251
  })), d.logger.debug(c({ err: i })), o.status(this.errorStatus(i)).header(...A).send({
4252
4252
  ok: !1,
4253
- errorCode: n.code,
4254
- errorCodeName: n.codeName,
4255
- error: n.message
4253
+ errorCode: a.code,
4254
+ errorCodeName: a.codeName,
4255
+ error: a.message
4256
4256
  });
4257
4257
  }
4258
4258
  }
@@ -4267,26 +4267,26 @@ class Ke {
4267
4267
  );
4268
4268
  const s = e.body.username, i = e.body.persist;
4269
4269
  if (!e.csrfToken) throw new l(g.InvalidCsrf);
4270
- const n = this.getSessionCookieValue(e);
4271
- let t = this.addToSession ? this.addToSession(e) : {}, { sessionCookie: a, csrfCookie: h, user: f } = await this.sessionManager.login(s, e.body, t, i);
4270
+ const a = this.getSessionCookieValue(e);
4271
+ let t = this.addToSession ? this.addToSession(e) : {}, { sessionCookie: n, csrfCookie: h, user: f } = await this.sessionManager.login(s, e.body, t, i);
4272
4272
  if (d.logger.debug(c({
4273
- msg: "Login: set session cookie " + a.name + " opts " + JSON.stringify(a.options),
4273
+ msg: "Login: set session cookie " + n.name + " opts " + JSON.stringify(n.options),
4274
4274
  user: e.body.username
4275
4275
  })), o.cookie(
4276
- a.name,
4277
- a.value,
4278
- a.options
4276
+ n.name,
4277
+ n.value,
4278
+ n.options
4279
4279
  ), d.logger.debug(c({
4280
- msg: "Login: set csrf cookie " + h.name + " opts " + JSON.stringify(a.options),
4280
+ msg: "Login: set csrf cookie " + h.name + " opts " + JSON.stringify(n.options),
4281
4281
  user: e.body.username
4282
- })), o.cookie(h.name, h.value, h.options), e.csrfToken = await this.sessionManager.createCsrfFormOrHeaderValue(h.value), n)
4282
+ })), o.cookie(h.name, h.value, h.options), e.csrfToken = await this.sessionManager.createCsrfFormOrHeaderValue(h.value), a)
4283
4283
  try {
4284
- await this.sessionManager.deleteSession(n);
4285
- } catch (p) {
4284
+ await this.sessionManager.deleteSession(a);
4285
+ } catch (m) {
4286
4286
  d.logger.warn(c({
4287
4287
  msg: "Couldn't delete session ID from database",
4288
4288
  hashOfSessionId: this.getHashOfSessionId(e)
4289
- })), d.logger.debug(c({ err: p }));
4289
+ })), d.logger.debug(c({ err: m }));
4290
4290
  }
4291
4291
  return r(o, f);
4292
4292
  }
@@ -4299,11 +4299,11 @@ class Ke {
4299
4299
  if (!s) throw new l(g.Unauthorized);
4300
4300
  const i = e.body.persist;
4301
4301
  if (this.isSessionUser(e) && !e.csrfToken) throw new l(g.InvalidCsrf);
4302
- let n = this.addToSession ? this.addToSession(e) : {};
4303
- const { sessionCookie: t, csrfCookie: a, user: h } = await this.sessionManager.completeTwoFactorLogin(
4302
+ let a = this.addToSession ? this.addToSession(e) : {};
4303
+ const { sessionCookie: t, csrfCookie: n, user: h } = await this.sessionManager.completeTwoFactorLogin(
4304
4304
  e.body,
4305
4305
  s,
4306
- n,
4306
+ a,
4307
4307
  i
4308
4308
  );
4309
4309
  return d.logger.debug(c({
@@ -4314,9 +4314,9 @@ class Ke {
4314
4314
  t.value,
4315
4315
  t.options
4316
4316
  ), d.logger.debug(c({
4317
- msg: "Login: set csrf cookie " + a.name + " opts " + JSON.stringify(t.options),
4317
+ msg: "Login: set csrf cookie " + n.name + " opts " + JSON.stringify(t.options),
4318
4318
  user: h == null ? void 0 : h.username
4319
- })), o.cookie(a.name, a.value, a.options), e.csrfToken = await this.sessionManager.createCsrfFormOrHeaderValue(a.value), r(o, h);
4319
+ })), o.cookie(n.name, n.value, n.options), e.csrfToken = await this.sessionManager.createCsrfFormOrHeaderValue(n.value), r(o, h);
4320
4320
  }
4321
4321
  async cancelFactor2(e, o, r) {
4322
4322
  if (this.isSessionUser(e) && !e.csrfToken) throw new l(g.InvalidCsrf);
@@ -4327,21 +4327,21 @@ class Ke {
4327
4327
  * This is called after the user has been validated to log the user in
4328
4328
  */
4329
4329
  async loginWithUser(e, o, r, s, i) {
4330
- const n = this.getSessionCookieValue(r);
4331
- let t = this.addToSession ? this.addToSession(r) : {}, { sessionCookie: a, csrfCookie: h } = await this.sessionManager.login("", {}, t, void 0, e, o);
4330
+ const a = this.getSessionCookieValue(r);
4331
+ let t = this.addToSession ? this.addToSession(r) : {}, { sessionCookie: n, csrfCookie: h } = await this.sessionManager.login("", {}, t, void 0, e, o);
4332
4332
  if (d.logger.debug(c({
4333
- msg: "Login: set session cookie " + a.name + " opts " + JSON.stringify(a.options),
4333
+ msg: "Login: set session cookie " + n.name + " opts " + JSON.stringify(n.options),
4334
4334
  user: e.username
4335
4335
  })), s.cookie(
4336
- a.name,
4337
- a.value,
4338
- a.options
4336
+ n.name,
4337
+ n.value,
4338
+ n.options
4339
4339
  ), d.logger.debug(c({
4340
- msg: "Login: set csrf cookie " + h.name + " opts " + JSON.stringify(a.options),
4340
+ msg: "Login: set csrf cookie " + h.name + " opts " + JSON.stringify(n.options),
4341
4341
  user: e.username
4342
- })), s.cookie(h.name, h.value, h.options), n)
4342
+ })), s.cookie(h.name, h.value, h.options), a)
4343
4343
  try {
4344
- await this.sessionManager.deleteSession(n);
4344
+ await this.sessionManager.deleteSession(a);
4345
4345
  } catch (f) {
4346
4346
  d.logger.warn(c({
4347
4347
  msg: "Couldn't delete session ID from database",
@@ -4360,40 +4360,40 @@ class Ke {
4360
4360
  "Illegal second factor " + e.body.factor2 + " requested"
4361
4361
  );
4362
4362
  (e.body.factor2 == "none" || e.body.factor2 == "") && (e.body.factor2 = void 0);
4363
- let n = this.createUserFn(e, this.userStorage.userEditableFields), t = this.authenticators[n.factor1].validateSecrets(e.body);
4364
- const a = this.authenticators[n.factor1].secretNames();
4363
+ let a = this.createUserFn(e, this.userStorage.userEditableFields), t = this.authenticators[a.factor1].validateSecrets(e.body);
4364
+ const n = this.authenticators[a.factor1].secretNames();
4365
4365
  let h = {};
4366
- for (let m in e.body)
4367
- if (m.startsWith("repeat_")) {
4368
- const w = m.replace(/^repeat_/, "");
4369
- a.includes(w) && (h[w] = e.body[m]);
4370
- }
4371
- Object.keys(h).length === 0 && (h = void 0), n.state = "active", e.body.factor2 && e.body.factor2 != "none" ? n.state = "awaitingtwofactor" : this.enableEmailVerification && (n.state = "awaitingemailverification");
4372
- let p = [...this.validateUserFn(n), ...t];
4373
- if (p.length > 0)
4374
- throw new l(g.FormEntry, p);
4366
+ for (let p in e.body)
4367
+ if (p.startsWith("repeat_")) {
4368
+ const w = p.replace(/^repeat_/, "");
4369
+ n.includes(w) && (h[w] = e.body[p]);
4370
+ }
4371
+ Object.keys(h).length === 0 && (h = void 0), a.state = "active", e.body.factor2 && e.body.factor2 != "none" ? a.state = "awaitingtwofactor" : this.enableEmailVerification && (a.state = "awaitingemailverification");
4372
+ let m = [...this.validateUserFn(a), ...t];
4373
+ if (m.length > 0)
4374
+ throw new l(g.FormEntry, m);
4375
4375
  let v = !1;
4376
4376
  try {
4377
- const { user: m, secrets: w } = await this.userStorage.getUserByUsername(s);
4378
- await this.sessionManager.authenticators[n.factor1].authenticateUser(m, w, e.body);
4379
- } catch (m) {
4380
- l.asCrossauthError(m).code == g.TwoFactorIncomplete && (v = !0);
4377
+ const { user: p, secrets: w } = await this.userStorage.getUserByUsername(s);
4378
+ await this.sessionManager.authenticators[a.factor1].authenticateUser(p, w, e.body);
4379
+ } catch (p) {
4380
+ l.asCrossauthError(p).code == g.TwoFactorIncomplete && (v = !0);
4381
4381
  }
4382
4382
  if (!e.body.factor2 && !v)
4383
4383
  return await this.sessionManager.createUser(
4384
- n,
4384
+ a,
4385
4385
  e.body,
4386
4386
  h
4387
- ), this.enableEmailVerification ? r(o, {}, void 0) : this.login(e, o, (m, w) => r(m, {}, w));
4387
+ ), this.enableEmailVerification ? r(o, {}, void 0) : this.login(e, o, (p, w) => r(p, {}, w));
4388
4388
  {
4389
- let m;
4389
+ let p;
4390
4390
  if (v) {
4391
4391
  if (!e.sessionId) throw new l(g.Unauthorized);
4392
- m = (await this.sessionManager.repeatTwoFactorSignup(e.sessionId)).userData;
4392
+ p = (await this.sessionManager.repeatTwoFactorSignup(e.sessionId)).userData;
4393
4393
  } else {
4394
4394
  const w = await this.createAnonymousSession(e, o), P = this.sessionManager.getSessionId(w);
4395
- m = (await this.sessionManager.initiateTwoFactorSignup(
4396
- n,
4395
+ p = (await this.sessionManager.initiateTwoFactorSignup(
4396
+ a,
4397
4397
  e.body,
4398
4398
  P,
4399
4399
  h
@@ -4401,7 +4401,7 @@ class Ke {
4401
4401
  }
4402
4402
  try {
4403
4403
  let w = {
4404
- userData: m,
4404
+ userData: p,
4405
4405
  username: s,
4406
4406
  next: i ?? this.loginRedirect,
4407
4407
  csrfToken: e.csrfToken
@@ -4446,14 +4446,14 @@ class Ke {
4446
4446
  d.logger.debug(c({ msg: "Creating session ID" }));
4447
4447
  let s = this.addToSession ? this.addToSession(e) : {};
4448
4448
  r && (s.data = JSON.stringify(r));
4449
- let { sessionCookie: i, csrfCookie: n, csrfFormOrHeaderValue: t } = await this.sessionManager.createAnonymousSession(s);
4449
+ let { sessionCookie: i, csrfCookie: a, csrfFormOrHeaderValue: t } = await this.sessionManager.createAnonymousSession(s);
4450
4450
  o.cookie(
4451
4451
  i.name,
4452
4452
  i.value,
4453
4453
  i.options
4454
- ), e.csrfToken = t, o.setCookie(n.name, n.value, n.options), e.user = void 0;
4455
- const a = this.sessionManager.getSessionId(i.value);
4456
- return e.sessionId = a, i.value;
4454
+ ), e.csrfToken = t, o.setCookie(a.name, a.value, a.options), e.user = void 0;
4455
+ const n = this.sessionManager.getSessionId(i.value);
4456
+ return e.sessionId = n, i.value;
4457
4457
  }
4458
4458
  /**
4459
4459
  * Called by each endpoint on error.
@@ -4470,7 +4470,7 @@ class Ke {
4470
4470
  * incorrect. Default false.
4471
4471
  */
4472
4472
  handleError(e, o, r, s, i = !1) {
4473
- var n;
4473
+ var a;
4474
4474
  try {
4475
4475
  let t = l.asCrossauthError(e);
4476
4476
  if (!i)
@@ -4486,7 +4486,7 @@ class Ke {
4486
4486
  return d.logger.debug(c({ err: t })), d.logger.error(c({
4487
4487
  cerr: t,
4488
4488
  hashOfSessionId: this.getHashOfSessionId(o),
4489
- user: (n = o.user) == null ? void 0 : n.username
4489
+ user: (a = o.user) == null ? void 0 : a.username
4490
4490
  })), s(r, t);
4491
4491
  } catch (t) {
4492
4492
  return d.logger.error(c({ err: t })), s(r, new l(g.UnknownError));
@@ -4569,8 +4569,8 @@ class Ke {
4569
4569
  let r;
4570
4570
  const s = this.sessionManager.csrfHeaderName;
4571
4571
  if (e.headers && s.toLowerCase() in e.headers) {
4572
- const n = e.headers[s.toLowerCase()];
4573
- Array.isArray(n) ? r = n[0] : r = n;
4572
+ const a = e.headers[s.toLowerCase()];
4573
+ Array.isArray(a) ? r = a[0] : r = a;
4574
4574
  }
4575
4575
  if (!r && ((i = e.body) != null && i.csrfToken) && (r = e.body.csrfToken), r)
4576
4576
  try {
@@ -4736,7 +4736,7 @@ class Ye {
4736
4736
  u(this, "apiKeyManager");
4737
4737
  this.app = e, this.userStorage = o, this.apiKeyManager = new Y(r, s), this.app.addHook(
4738
4738
  "preHandler",
4739
- async (i, n) => {
4739
+ async (i, a) => {
4740
4740
  if (i.headers.authorization)
4741
4741
  try {
4742
4742
  d.logger.debug(c({
@@ -4749,10 +4749,10 @@ class Ye {
4749
4749
  msg: "Valid API key",
4750
4750
  hahedApiKey: Y.hashSignedApiKeyValue(t.value)
4751
4751
  }));
4752
- const a = Fe.decodeData(t.data);
4753
- if (i.apiKey = { ...t, ...a }, "scope" in a && Array.isArray(a.scope)) {
4752
+ const n = Fe.decodeData(t.data);
4753
+ if (i.apiKey = { ...t, ...n }, "scope" in n && Array.isArray(n.scope)) {
4754
4754
  let h = [];
4755
- for (let f of a.scope)
4755
+ for (let f of n.scope)
4756
4756
  typeof f == "string" && h.push(f);
4757
4757
  i.scope = h;
4758
4758
  }
@@ -4782,7 +4782,7 @@ class $e {
4782
4782
  * for the password flow
4783
4783
  * @param options see {@link FastifyAuthorizationServerOptions}
4784
4784
  */
4785
- constructor(e, o, r, s, i, n = {}) {
4785
+ constructor(e, o, r, s, i, a = {}) {
4786
4786
  /** The Fastify app passed to the constructor */
4787
4787
  u(this, "app");
4788
4788
  /** The underlying framework-independent authorization server */
@@ -4808,10 +4808,10 @@ class $e {
4808
4808
  this.clientStorage,
4809
4809
  s,
4810
4810
  i,
4811
- n
4812
- ), S("prefix", C.String, this, n, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), S("errorPage", C.String, this, n, "ERROR_PAGE"), S("devicePage", C.String, this, n, "OAUTH_DEVICE_PAGE"), S("loginUrl", C.String, this, n, "LOGIN_URL"), S("oauthAuthorizePage", C.String, this, n, "OAUTH_AUTHORIZE_PAGE"), S("refreshTokenType", C.String, this, n, "OAUTH_REFRESH_TOKEN_TYPE"), S("refreshTokenCookieName", C.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_NAME"), S("refreshTokenCookieDomain", C.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_DOMAIN"), S("refreshTokenCookieHttpOnly", C.Boolean, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_HTTPONLY"), S("refreshTokenCookiePath", C.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_PATH"), S("refreshTokenCookieSecure", C.Boolean, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_SECURE"), S("refreshTokenCookieSameSite", C.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_SAMESITE"), S("createGetCsrfTokenEndpoint", C.String, this, n, "OAUTH_CREATE_GET_CSRF_TOKEN_ENDPOINT"), this.refreshTokenType != "json" && (this.createGetCsrfTokenEndpoint ? this.csrfTokens = new Ue(n.doubleSubmitCookieOptions) : this.fastifyServer.sessionServer && (this.csrfTokens = this.fastifyServer.sessionServer.sessionManager.csrfTokens)), this.createGetCsrfTokenEndpoint && this.addApiGetCsrfTokenEndpoints(), e.get(
4811
+ a
4812
+ ), S("prefix", C.String, this, a, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), S("errorPage", C.String, this, a, "ERROR_PAGE"), S("devicePage", C.String, this, a, "OAUTH_DEVICE_PAGE"), S("loginUrl", C.String, this, a, "LOGIN_URL"), S("oauthAuthorizePage", C.String, this, a, "OAUTH_AUTHORIZE_PAGE"), S("refreshTokenType", C.String, this, a, "OAUTH_REFRESH_TOKEN_TYPE"), S("refreshTokenCookieName", C.String, this, a, "OAUTH_REFRESH_TOKEN_COOKIE_NAME"), S("refreshTokenCookieDomain", C.String, this, a, "OAUTH_REFRESH_TOKEN_COOKIE_DOMAIN"), S("refreshTokenCookieHttpOnly", C.Boolean, this, a, "OAUTH_REFRESH_TOKEN_COOKIE_HTTPONLY"), S("refreshTokenCookiePath", C.String, this, a, "OAUTH_REFRESH_TOKEN_COOKIE_PATH"), S("refreshTokenCookieSecure", C.Boolean, this, a, "OAUTH_REFRESH_TOKEN_COOKIE_SECURE"), S("refreshTokenCookieSameSite", C.String, this, a, "OAUTH_REFRESH_TOKEN_COOKIE_SAMESITE"), S("createGetCsrfTokenEndpoint", C.String, this, a, "OAUTH_CREATE_GET_CSRF_TOKEN_ENDPOINT"), this.refreshTokenType != "json" && (this.createGetCsrfTokenEndpoint ? this.csrfTokens = new Ue(a.doubleSubmitCookieOptions) : this.fastifyServer.sessionServer && (this.csrfTokens = this.fastifyServer.sessionServer.sessionManager.csrfTokens)), this.createGetCsrfTokenEndpoint && this.addApiGetCsrfTokenEndpoints(), e.get(
4813
4813
  this.prefix + ".well-known/openid-configuration",
4814
- async (t, a) => a.header(...x).status(200).send(
4814
+ async (t, n) => n.header(...x).status(200).send(
4815
4815
  this.authServer.oidcConfiguration({
4816
4816
  authorizeEndpoint: this.prefix + "authorize",
4817
4817
  tokenEndpoint: this.prefix + "token",
@@ -4821,29 +4821,29 @@ class $e {
4821
4821
  )
4822
4822
  ), e.get(
4823
4823
  this.prefix + "jwks",
4824
- async (t, a) => a.header(...x).status(200).send(
4824
+ async (t, n) => n.header(...x).status(200).send(
4825
4825
  this.authServer.jwks()
4826
4826
  )
4827
- ), (this.authServer.validFlows.includes(E.AuthorizationCode) || this.authServer.validFlows.includes(E.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(E.OidcAuthorizationCode)) && (e.get(this.prefix + "authorize", async (t, a) => {
4827
+ ), (this.authServer.validFlows.includes(E.AuthorizationCode) || this.authServer.validFlows.includes(E.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(E.OidcAuthorizationCode)) && (e.get(this.prefix + "authorize", async (t, n) => {
4828
4828
  var h;
4829
- return d.logger.info(c({ msg: "Page visit", method: "GET", url: this.prefix + "authorize", ip: t.ip, user: (h = t.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(t, a, t.query);
4830
- }), e.post(this.prefix + "authorize", async (t, a) => {
4829
+ return d.logger.info(c({ msg: "Page visit", method: "GET", url: this.prefix + "authorize", ip: t.ip, user: (h = t.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(t, n, t.query);
4830
+ }), e.post(this.prefix + "authorize", async (t, n) => {
4831
4831
  var h;
4832
- return d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: t.ip, user: (h = t.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(t, a, t.body);
4832
+ return d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: t.ip, user: (h = t.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(t, n, t.body);
4833
4833
  }), this.app.post(
4834
4834
  this.prefix + "userauthorize",
4835
- async (t, a) => {
4836
- var p, v;
4837
- if (d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: t.ip, user: (p = t.user) == null ? void 0 : p.username })), !t.user) return y.sendPageError(
4838
- a,
4835
+ async (t, n) => {
4836
+ var m, v;
4837
+ if (d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: t.ip, user: (m = t.user) == null ? void 0 : m.username })), !t.user) return y.sendPageError(
4838
+ n,
4839
4839
  401,
4840
4840
  this.errorPage
4841
4841
  );
4842
4842
  let h, f;
4843
4843
  try {
4844
4844
  h = await this.fastifyServer.validateCsrfToken(t);
4845
- } catch (m) {
4846
- f = l.asCrossauthError(m), f.message = "Invalid csrf cookie received", d.logger.error(c({
4845
+ } catch (p) {
4846
+ f = l.asCrossauthError(p), f.message = "Invalid csrf cookie received", d.logger.error(c({
4847
4847
  msg: f.message,
4848
4848
  hashedCsrfCookie: h ? F.hash(h) : void 0,
4849
4849
  user: (v = t.user) == null ? void 0 : v.username,
@@ -4852,7 +4852,7 @@ class $e {
4852
4852
  }
4853
4853
  if (f) {
4854
4854
  if (this.errorPage)
4855
- return a.status(f.httpStatus).view(
4855
+ return n.status(f.httpStatus).view(
4856
4856
  this.errorPage,
4857
4857
  {
4858
4858
  status: f.httpStatus,
@@ -4862,21 +4862,21 @@ class $e {
4862
4862
  }
4863
4863
  );
4864
4864
  {
4865
- let m = "500";
4865
+ let p = "500";
4866
4866
  switch (f.httpStatus) {
4867
4867
  case 401:
4868
- m = "401";
4868
+ p = "401";
4869
4869
  break;
4870
4870
  case 400:
4871
- m = "400";
4871
+ p = "400";
4872
4872
  break;
4873
4873
  }
4874
- return a.status(f.httpStatus).send($[m] ?? G);
4874
+ return n.status(f.httpStatus).send($[p] ?? G);
4875
4875
  }
4876
4876
  }
4877
4877
  if (!f) {
4878
- const m = t.body.authorized == "true";
4879
- return await this.authorize(t, a, m, {
4878
+ const p = t.body.authorized == "true";
4879
+ return await this.authorize(t, n, p, {
4880
4880
  responseType: t.body.response_type,
4881
4881
  client_id: t.body.client_id,
4882
4882
  redirect_uri: t.body.redirect_uri,
@@ -4889,14 +4889,14 @@ class $e {
4889
4889
  }
4890
4890
  )), (this.authServer.validFlows.includes(E.AuthorizationCode) || this.authServer.validFlows.includes(E.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(E.OidcAuthorizationCode) || this.authServer.validFlows.includes(E.ClientCredentials) || this.authServer.validFlows.includes(E.RefreshToken) || this.authServer.validFlows.includes(E.Password) || this.authServer.validFlows.includes(E.PasswordMfa) || this.authServer.validFlows.includes(E.DeviceCode)) && this.app.post(
4891
4891
  this.prefix + "token",
4892
- async (t, a) => {
4893
- var m;
4892
+ async (t, n) => {
4893
+ var p;
4894
4894
  d.logger.info(c({
4895
4895
  msg: "Page visit",
4896
4896
  method: "POST",
4897
4897
  url: this.prefix + "token",
4898
4898
  ip: t.ip,
4899
- user: (m = t.user) == null ? void 0 : m.username
4899
+ user: (p = t.user) == null ? void 0 : p.username
4900
4900
  }));
4901
4901
  let h = t.body.client_id, f = t.body.client_secret;
4902
4902
  if (t.headers.authorization) {
@@ -4910,8 +4910,8 @@ class $e {
4910
4910
  msg: "Ignoring malform authenization header " + t.headers.authorization
4911
4911
  })) : (h = w, f = P);
4912
4912
  }
4913
- let p = t.body.refresh_token;
4914
- if ((this.refreshTokenType == "cookie" && t.cookies && this.refreshTokenCookieName in t.cookies || this.refreshTokenType == "both" && t.cookies && this.refreshTokenCookieName in t.cookies && p == null) && this.csrfTokens) {
4913
+ let m = t.body.refresh_token;
4914
+ if ((this.refreshTokenType == "cookie" && t.cookies && this.refreshTokenCookieName in t.cookies || this.refreshTokenType == "both" && t.cookies && this.refreshTokenCookieName in t.cookies && m == null) && this.csrfTokens) {
4915
4915
  const w = t.cookies[this.csrfTokens.cookieName];
4916
4916
  let P = t.headers[this.csrfTokens.headerName.toLowerCase()];
4917
4917
  if (Array.isArray(P) && (P = P[0]), !w || !P)
@@ -4927,7 +4927,7 @@ class $e {
4927
4927
  error_description: "Invalid csrf token"
4928
4928
  };
4929
4929
  }
4930
- p = t.cookies[this.refreshTokenCookieName];
4930
+ m = t.cookies[this.refreshTokenCookieName];
4931
4931
  }
4932
4932
  const v = await this.authServer.tokenEndpoint({
4933
4933
  grantType: t.body.grant_type,
@@ -4942,22 +4942,22 @@ class $e {
4942
4942
  oobCode: t.body.oob_code,
4943
4943
  bindingCode: t.body.binding_code,
4944
4944
  otp: t.body.otp,
4945
- refreshToken: p,
4945
+ refreshToken: m,
4946
4946
  deviceCode: t.body.device_code
4947
4947
  });
4948
4948
  if (v.error == "authorization_pending")
4949
- return a.header(...x).status(200).send(v);
4950
- if (v.refresh_token && this.refreshTokenType != "json" && this.setRefreshTokenCookie(a, v.refresh_token, v.expires_in), v.error || !v.access_token) {
4949
+ return n.header(...x).status(200).send(v);
4950
+ if (v.refresh_token && this.refreshTokenType != "json" && this.setRefreshTokenCookie(n, v.refresh_token, v.expires_in), v.error || !v.access_token) {
4951
4951
  let w = "server_error", P = "Neither code nor error received when requesting authorization";
4952
4952
  v.error && (w = v.error), v.error_description && (P = v.error_description);
4953
4953
  const T = l.fromOAuthError(w, P);
4954
- return d.logger.error(c({ cerr: T })), a.header(...x).status(T.httpStatus).send(v);
4954
+ return d.logger.error(c({ cerr: T })), n.header(...x).status(T.httpStatus).send(v);
4955
4955
  }
4956
- return a.header(...x).send(v);
4956
+ return n.header(...x).send(v);
4957
4957
  }
4958
4958
  ), this.authServer.validFlows.includes(E.PasswordMfa) && (e.get(
4959
4959
  this.prefix + "mfa/authenticators",
4960
- async (t, a) => {
4960
+ async (t, n) => {
4961
4961
  var h;
4962
4962
  return d.logger.info(c({
4963
4963
  msg: "Page visit",
@@ -4965,11 +4965,11 @@ class $e {
4965
4965
  url: this.prefix + "mfa/authenticators",
4966
4966
  ip: t.ip,
4967
4967
  user: (h = t.user) == null ? void 0 : h.username
4968
- })), await this.mfaAuthenticatorsEndpoint(t, a);
4968
+ })), await this.mfaAuthenticatorsEndpoint(t, n);
4969
4969
  }
4970
4970
  ), e.post(
4971
4971
  this.prefix + "mfa/authenticators",
4972
- async (t, a) => {
4972
+ async (t, n) => {
4973
4973
  var h;
4974
4974
  return d.logger.info(c({
4975
4975
  msg: "Page visit",
@@ -4977,11 +4977,11 @@ class $e {
4977
4977
  url: this.prefix + "mfa/authenticators",
4978
4978
  ip: t.ip,
4979
4979
  user: (h = t.user) == null ? void 0 : h.username
4980
- })), await this.mfaAuthenticatorsEndpoint(t, a);
4980
+ })), await this.mfaAuthenticatorsEndpoint(t, n);
4981
4981
  }
4982
4982
  ), e.post(
4983
4983
  this.prefix + "mfa/challenge",
4984
- async (t, a) => {
4984
+ async (t, n) => {
4985
4985
  var h;
4986
4986
  return d.logger.info(c({
4987
4987
  msg: "Page visit",
@@ -4989,11 +4989,11 @@ class $e {
4989
4989
  url: this.prefix + "mfa/challenge",
4990
4990
  ip: t.ip,
4991
4991
  user: (h = t.user) == null ? void 0 : h.username
4992
- })), await this.mfaChallengeEndpoint(t, a, t.body);
4992
+ })), await this.mfaChallengeEndpoint(t, n, t.body);
4993
4993
  }
4994
4994
  )), this.authServer.validFlows.includes(E.DeviceCode) && (this.app.post(
4995
4995
  this.prefix + "device_authorization",
4996
- async (t, a) => {
4996
+ async (t, n) => {
4997
4997
  var v;
4998
4998
  d.logger.info(c({
4999
4999
  msg: "Page visit",
@@ -5004,32 +5004,32 @@ class $e {
5004
5004
  }));
5005
5005
  let h = t.body.client_id, f = t.body.client_secret;
5006
5006
  if (t.headers.authorization) {
5007
- let m, w;
5007
+ let p, w;
5008
5008
  const P = t.headers.authorization.split(" ");
5009
5009
  if (P.length == 2 && P[0].toLocaleLowerCase() == "basic") {
5010
5010
  const U = F.base64Decode(P[1]).split(":", 2);
5011
- U.length == 2 && (m = U[0], w = U[1]);
5011
+ U.length == 2 && (p = U[0], w = U[1]);
5012
5012
  }
5013
- m == null || w == null ? d.logger.warn(c({
5013
+ p == null || w == null ? d.logger.warn(c({
5014
5014
  msg: "Ignoring malform authenization header " + t.headers.authorization
5015
- })) : (h = m, f = w);
5015
+ })) : (h = p, f = w);
5016
5016
  }
5017
- const p = await this.authServer.deviceAuthorizationEndpoint({
5017
+ const m = await this.authServer.deviceAuthorizationEndpoint({
5018
5018
  client_id: h,
5019
5019
  client_secret: f,
5020
5020
  scope: t.body.scope
5021
5021
  });
5022
- if (p.error || !p.device_code || !p.user_code) {
5023
- let m = "server_error", w = "Neither code nor error received when requesting authorization";
5024
- p.error && (m = p.error), p.error_description && (w = p.error_description);
5025
- const P = l.fromOAuthError(m, w);
5026
- return d.logger.error(c({ cerr: P })), a.header(...x).status(P.httpStatus).send(p);
5022
+ if (m.error || !m.device_code || !m.user_code) {
5023
+ let p = "server_error", w = "Neither code nor error received when requesting authorization";
5024
+ m.error && (p = m.error), m.error_description && (w = m.error_description);
5025
+ const P = l.fromOAuthError(p, w);
5026
+ return d.logger.error(c({ cerr: P })), n.header(...x).status(P.httpStatus).send(m);
5027
5027
  }
5028
- return a.header(...x).send(p);
5028
+ return n.header(...x).send(m);
5029
5029
  }
5030
5030
  ), e.get(
5031
5031
  this.prefix + "device",
5032
- async (t, a) => {
5032
+ async (t, n) => {
5033
5033
  var h;
5034
5034
  return d.logger.info(c({
5035
5035
  msg: "Page visit",
@@ -5037,11 +5037,11 @@ class $e {
5037
5037
  url: this.prefix + "device",
5038
5038
  ip: t.ip,
5039
5039
  user: (h = t.user) == null ? void 0 : h.username
5040
- })), t.user ? await this.deviceGet(!1, t, a, t.user) : a.redirect(this.loginUrl + "?next=" + encodeURIComponent(t.url), 302);
5040
+ })), t.user ? await this.deviceGet(!1, t, n, t.user) : n.redirect(this.loginUrl + "?next=" + encodeURIComponent(t.url), 302);
5041
5041
  }
5042
5042
  ), e.get(
5043
5043
  this.prefix + "api/device",
5044
- async (t, a) => {
5044
+ async (t, n) => {
5045
5045
  var h;
5046
5046
  if (d.logger.info(c({
5047
5047
  msg: "Page visit",
@@ -5051,17 +5051,17 @@ class $e {
5051
5051
  user: (h = t.user) == null ? void 0 : h.username
5052
5052
  })), !t.user) {
5053
5053
  const f = new l(g.Unauthorized, "Not logged in");
5054
- return a.header(...x).status(401).send({
5054
+ return n.header(...x).status(401).send({
5055
5055
  errorMessage: f.message,
5056
5056
  errorCode: f.code,
5057
5057
  errorCodeName: f.codeName
5058
5058
  });
5059
5059
  }
5060
- return await this.deviceGet(!0, t, a, t.user);
5060
+ return await this.deviceGet(!0, t, n, t.user);
5061
5061
  }
5062
5062
  ), this.app.post(
5063
5063
  this.prefix + "device",
5064
- async (t, a) => {
5064
+ async (t, n) => {
5065
5065
  var h;
5066
5066
  return d.logger.info(c({
5067
5067
  msg: "Page visit",
@@ -5069,11 +5069,11 @@ class $e {
5069
5069
  url: this.prefix + "device",
5070
5070
  ip: t.ip,
5071
5071
  user: (h = t.user) == null ? void 0 : h.username
5072
- })), t.user ? await this.deviceCodePost(!1, t, a) : a.redirect(this.loginUrl + "?next=" + encodeURIComponent(t.url), 302);
5072
+ })), t.user ? await this.deviceCodePost(!1, t, n) : n.redirect(this.loginUrl + "?next=" + encodeURIComponent(t.url), 302);
5073
5073
  }
5074
5074
  ), this.app.post(
5075
5075
  this.prefix + "api/device",
5076
- async (t, a) => {
5076
+ async (t, n) => {
5077
5077
  var h;
5078
5078
  return d.logger.info(c({
5079
5079
  msg: "Page visit",
@@ -5081,7 +5081,7 @@ class $e {
5081
5081
  url: this.prefix + "device",
5082
5082
  ip: t.ip,
5083
5083
  user: (h = t.user) == null ? void 0 : h.username
5084
- })), await this.deviceCodePost(!0, t, a);
5084
+ })), await this.deviceCodePost(!0, t, n);
5085
5085
  }
5086
5086
  ));
5087
5087
  }
@@ -5113,22 +5113,22 @@ class $e {
5113
5113
  let r = "";
5114
5114
  try {
5115
5115
  const {
5116
- csrfCookie: n,
5116
+ csrfCookie: a,
5117
5117
  csrfFormOrHeaderValue: t
5118
5118
  } = await this.createCsrfToken();
5119
- return r = n.value, o.setCookie(n.name, n.value, n.options), o.header(...x).send({
5119
+ return r = a.value, o.setCookie(a.name, a.value, a.options), o.header(...x).send({
5120
5120
  ok: !0,
5121
5121
  csrfToken: t
5122
5122
  });
5123
- } catch (n) {
5124
- const t = l.asCrossauthError(n);
5123
+ } catch (a) {
5124
+ const t = l.asCrossauthError(a);
5125
5125
  return d.logger.error(c({
5126
5126
  msg: "getcsrftoken failure",
5127
5127
  user: (i = e.user) == null ? void 0 : i.username,
5128
5128
  hashedCsrfCookie: F.hash(r.split(".")[0]),
5129
5129
  errorCode: t.code,
5130
5130
  errorCodeName: t.codeName
5131
- })), d.logger.debug(c({ err: n })), o.status(t.httpStatus).header(...x).send({
5131
+ })), d.logger.debug(c({ err: a })), o.status(t.httpStatus).header(...x).send({
5132
5132
  ok: !1,
5133
5133
  errorCode: t.code,
5134
5134
  errorCodeName: t.codeName,
@@ -5139,7 +5139,7 @@ class $e {
5139
5139
  );
5140
5140
  }
5141
5141
  async authorizeEndpoint(e, o, r) {
5142
- var t, a, h;
5142
+ var t, n, h;
5143
5143
  if (!e.user) return o.redirect(this.loginUrl + "?next=" + encodeURIComponent(e.url), 302);
5144
5144
  d.logger.debug(c({ msg: "validating authorize parameters" }));
5145
5145
  let { error_description: s } = this.authServer.validateAuthorizeParameters(r), i;
@@ -5149,7 +5149,7 @@ class $e {
5149
5149
  user: (t = e.user) == null ? void 0 : t.username
5150
5150
  }))) : d.logger.error(c({
5151
5151
  msg: "authorize parameter valid",
5152
- user: (a = e.user) == null ? void 0 : a.username
5152
+ user: (n = e.user) == null ? void 0 : n.username
5153
5153
  })), i) {
5154
5154
  if (this.errorPage)
5155
5155
  return o.status(i.httpStatus).view(
@@ -5174,19 +5174,19 @@ class $e {
5174
5174
  return o.status(i.httpStatus).send($[f] ?? G);
5175
5175
  }
5176
5176
  }
5177
- let n = !1;
5177
+ let a = !1;
5178
5178
  if (d.logger.debug(c({
5179
5179
  msg: "Checking scopes have been authorized",
5180
5180
  scope: r.scope
5181
- })), r.scope ? n = await this.authServer.hasAllScopes(
5181
+ })), r.scope ? a = await this.authServer.hasAllScopes(
5182
5182
  r.client_id,
5183
5183
  e.user,
5184
5184
  r.scope.split(" ")
5185
- ) : n = await this.authServer.hasAllScopes(
5185
+ ) : a = await this.authServer.hasAllScopes(
5186
5186
  r.client_id,
5187
5187
  e.user,
5188
5188
  [null]
5189
- ), n)
5189
+ ), a)
5190
5190
  return d.logger.debug(c({
5191
5191
  msg: "All scopes authorized",
5192
5192
  scope: r.scope
@@ -5219,42 +5219,42 @@ class $e {
5219
5219
  csrfToken: e.csrfToken
5220
5220
  });
5221
5221
  } catch (f) {
5222
- const p = f;
5223
- return d.logger.debug(c({ err: p })), this.errorPage ? o.status(p.httpStatus).view(this.errorPage, {
5224
- status: p.httpStatus,
5222
+ const m = f;
5223
+ return d.logger.debug(c({ err: m })), this.errorPage ? o.status(m.httpStatus).view(this.errorPage, {
5224
+ status: m.httpStatus,
5225
5225
  errorMessage: "Invalid client given",
5226
5226
  client_id: r.client_id,
5227
5227
  user: (h = e.user) == null ? void 0 : h.username,
5228
- httpStatus: p.httpStatus,
5228
+ httpStatus: m.httpStatus,
5229
5229
  errorCode: g.UnauthorizedClient,
5230
5230
  errorCodeName: g[g.UnauthorizedClient]
5231
- }) : o.status(p.httpStatus).send($[401]);
5231
+ }) : o.status(m.httpStatus).send($[401]);
5232
5232
  }
5233
5233
  }
5234
5234
  async authorize(e, o, r, {
5235
5235
  responseType: s,
5236
5236
  client_id: i,
5237
- redirect_uri: n,
5237
+ redirect_uri: a,
5238
5238
  scope: t,
5239
- state: a,
5239
+ state: n,
5240
5240
  codeChallenge: h,
5241
5241
  codeChallengeMethod: f
5242
5242
  }) {
5243
- let p, v, m;
5243
+ let m, v, p;
5244
5244
  if (r) {
5245
5245
  const w = await this.authServer.authorizeGetEndpoint({
5246
5246
  responseType: s,
5247
5247
  client_id: i,
5248
- redirect_uri: n,
5248
+ redirect_uri: a,
5249
5249
  scope: t,
5250
- state: a,
5250
+ state: n,
5251
5251
  codeChallenge: h,
5252
5252
  codeChallengeMethod: f,
5253
5253
  user: e.user
5254
5254
  });
5255
- if (m = w.code, p = w.error, v = w.error_description, p || !m) {
5255
+ if (p = w.code, m = w.error, v = w.error_description, m || !p) {
5256
5256
  const P = l.fromOAuthError(
5257
- p ?? "server_error",
5257
+ m ?? "server_error",
5258
5258
  v ?? "Neither code nor error received"
5259
5259
  );
5260
5260
  if (d.logger.error(c({ cerr: P })), this.errorPage)
@@ -5281,9 +5281,9 @@ class $e {
5281
5281
  }
5282
5282
  }
5283
5283
  return o.redirect(this.authServer.redirect_uri(
5284
- n,
5285
- m,
5286
- a
5284
+ a,
5285
+ p,
5286
+ n
5287
5287
  ));
5288
5288
  } else {
5289
5289
  const w = new l(
@@ -5296,10 +5296,10 @@ class $e {
5296
5296
  errorCodeName: w.codeName
5297
5297
  }));
5298
5298
  try {
5299
- return L.validateUri(n), o.redirect(n);
5299
+ return L.validateUri(a), o.redirect(a);
5300
5300
  } catch {
5301
5301
  d.logger.error(c({
5302
- msg: `Couldn't send error message ${w.codeName} to ${n}}`
5302
+ msg: `Couldn't send error message ${w.codeName} to ${a}}`
5303
5303
  }));
5304
5304
  }
5305
5305
  }
@@ -5315,8 +5315,8 @@ class $e {
5315
5315
  const s = r[1], i = await this.authServer.mfaAuthenticatorsEndpoint(s);
5316
5316
  if (i.authenticators)
5317
5317
  return o.header(...x).status(200).send(i.authenticators);
5318
- const n = l.fromOAuthError(i.error ?? "server_error");
5319
- return o.header(...x).status(n.httpStatus).send(i);
5318
+ const a = l.fromOAuthError(i.error ?? "server_error");
5319
+ return o.header(...x).status(a.httpStatus).send(i);
5320
5320
  }
5321
5321
  async mfaChallengeEndpoint(e, o, r) {
5322
5322
  const s = await this.authServer.mfaChallengeEndpoint(
@@ -5353,7 +5353,7 @@ class $e {
5353
5353
  /////
5354
5354
  // Device code flow
5355
5355
  async applyUserCode(e, o, r) {
5356
- var s, i, n;
5356
+ var s, i, a;
5357
5357
  try {
5358
5358
  const t = await this.authServer.deviceEndpoint({ userCode: e, user: r });
5359
5359
  if (t.error)
@@ -5373,7 +5373,7 @@ class $e {
5373
5373
  error_description: "No client id found for user code"
5374
5374
  };
5375
5375
  if (t.error == "access_denied")
5376
- return d.logger.error(c({ msg: "Incorrect user code given", userCodeHash: F.hash(e), ip: o.ip, username: (i = o.user) == null ? void 0 : i.username })), this.authServer.userCodeThrottle > 0 && await ((f) => new Promise((p) => setTimeout(p, f)))(this.authServer.userCodeThrottle), {
5376
+ return d.logger.error(c({ msg: "Incorrect user code given", userCodeHash: F.hash(e), ip: o.ip, username: (i = o.user) == null ? void 0 : i.username })), this.authServer.userCodeThrottle > 0 && await ((f) => new Promise((m) => setTimeout(m, f)))(this.authServer.userCodeThrottle), {
5377
5377
  ok: !1,
5378
5378
  completed: !1,
5379
5379
  retryAllowed: !0,
@@ -5381,14 +5381,14 @@ class $e {
5381
5381
  error_description: t.error_description
5382
5382
  };
5383
5383
  if (t.error == "expired_token")
5384
- return d.logger.error(c({ msg: "Expired user code", userCodeHash: F.hash(e), ip: o.ip, username: (n = o.user) == null ? void 0 : n.username })), {
5384
+ return d.logger.error(c({ msg: "Expired user code", userCodeHash: F.hash(e), ip: o.ip, username: (a = o.user) == null ? void 0 : a.username })), {
5385
5385
  ok: !1,
5386
5386
  completed: !1,
5387
5387
  retryAllowed: !1,
5388
5388
  error: t.error,
5389
5389
  error_description: t.error_description
5390
5390
  };
5391
- const a = await this.clientStorage.getClientById(t.client_id);
5391
+ const n = await this.clientStorage.getClientById(t.client_id);
5392
5392
  return t.scopeAuthorizationNeeded ? {
5393
5393
  ok: !0,
5394
5394
  completed: !1,
@@ -5396,7 +5396,7 @@ class $e {
5396
5396
  authorizationNeeded: {
5397
5397
  user: r,
5398
5398
  client_id: t.client_id,
5399
- client_name: a.client_name,
5399
+ client_name: n.client_name,
5400
5400
  scope: t.scope,
5401
5401
  scopes: t.scope ? t.scope.split(" ") : [],
5402
5402
  csrfToken: o.csrfToken
@@ -5412,13 +5412,13 @@ class $e {
5412
5412
  csrfToken: o.csrfToken
5413
5413
  };
5414
5414
  } catch (t) {
5415
- const a = l.asCrossauthError(t);
5416
- return d.logger.debug(c({ err: a })), d.logger.error(c({ msg: a.message, cerr: a })), {
5415
+ const n = l.asCrossauthError(t);
5416
+ return d.logger.debug(c({ err: n })), d.logger.error(c({ msg: n.message, cerr: n })), {
5417
5417
  ok: !1,
5418
5418
  completed: !1,
5419
5419
  retryAllowed: !0,
5420
- error: a.oauthErrorCode,
5421
- error_description: a.message
5420
+ error: n.oauthErrorCode,
5421
+ error_description: n.message
5422
5422
  };
5423
5423
  }
5424
5424
  }
@@ -5428,7 +5428,7 @@ class $e {
5428
5428
  if (i.error) {
5429
5429
  const t = l.fromOAuthError(i.error, i.error_description);
5430
5430
  d.logger.debug({ err: t }), d.logger.error({ cerr: t });
5431
- const a = {
5431
+ const n = {
5432
5432
  ok: !1,
5433
5433
  completed: !1,
5434
5434
  status: t.httpStatus,
@@ -5437,9 +5437,9 @@ class $e {
5437
5437
  errorCodeName: t.codeName,
5438
5438
  retryAllowed: i.retryAllowed
5439
5439
  };
5440
- return e ? r.header(...x).status(t.httpStatus).send(a) : r.status(t.httpStatus).view(this.devicePage, {
5440
+ return e ? r.header(...x).status(t.httpStatus).send(n) : r.status(t.httpStatus).view(this.devicePage, {
5441
5441
  csrfToken: o.csrfToken,
5442
- ...a
5442
+ ...n
5443
5443
  });
5444
5444
  } else if (i.authorizationNeeded) {
5445
5445
  const t = {
@@ -5454,13 +5454,13 @@ class $e {
5454
5454
  ...t
5455
5455
  });
5456
5456
  }
5457
- const n = {
5457
+ const a = {
5458
5458
  ok: !0,
5459
5459
  completed: !0
5460
5460
  };
5461
- return e ? r.header(...x).status(401).send(n) : r.status(200).view(this.devicePage, {
5461
+ return e ? r.header(...x).status(401).send(a) : r.status(200).view(this.devicePage, {
5462
5462
  csrfToken: o.csrfToken,
5463
- ...n
5463
+ ...a
5464
5464
  });
5465
5465
  } else {
5466
5466
  const i = {
@@ -5480,32 +5480,32 @@ class $e {
5480
5480
  if (o.body.user_code) {
5481
5481
  let s = await this.applyUserCode(o.body.user_code, o, o.user);
5482
5482
  if (s.error) {
5483
- const n = l.fromOAuthError(s.error, s.error_description);
5484
- d.logger.debug({ err: n }), d.logger.error({ cerr: n });
5483
+ const a = l.fromOAuthError(s.error, s.error_description);
5484
+ d.logger.debug({ err: a }), d.logger.error({ cerr: a });
5485
5485
  const t = {
5486
5486
  ok: !1,
5487
5487
  completed: !1,
5488
- status: n.httpStatus,
5489
- errorMessage: n.message,
5490
- errorCode: n.code,
5491
- errorCodeName: n.codeName,
5488
+ status: a.httpStatus,
5489
+ errorMessage: a.message,
5490
+ errorCode: a.code,
5491
+ errorCodeName: a.codeName,
5492
5492
  retryAllowed: s.retryAllowed
5493
5493
  };
5494
- return e ? r.header(...x).status(200).send(t) : r.status(n.httpStatus).view(this.devicePage, {
5494
+ return e ? r.header(...x).status(200).send(t) : r.status(a.httpStatus).view(this.devicePage, {
5495
5495
  csrfToken: o.csrfToken,
5496
5496
  ...t
5497
5497
  });
5498
5498
  } else if (s.authorizationNeeded) {
5499
- const n = {
5499
+ const a = {
5500
5500
  ok: !0,
5501
5501
  completed: !1,
5502
5502
  retryAllowed: s.retryAllowed,
5503
5503
  authorizationNeeded: s.authorizationNeeded,
5504
5504
  user_code: s.user_code
5505
5505
  };
5506
- return e ? r.header(...x).status(200).send(n) : r.status(200).view(this.devicePage, {
5506
+ return e ? r.header(...x).status(200).send(a) : r.status(200).view(this.devicePage, {
5507
5507
  csrfToken: o.csrfToken,
5508
- ...n
5508
+ ...a
5509
5509
  });
5510
5510
  }
5511
5511
  const i = {
@@ -5534,35 +5534,35 @@ class $e {
5534
5534
  else if (o.body.authorized == "true") {
5535
5535
  let s = o.body.user_code, i = o.body.scope;
5536
5536
  i == "";
5537
- const n = o.body.client_id;
5537
+ const a = o.body.client_id;
5538
5538
  if (!s) throw new l(g.BadRequest, "user_code missing");
5539
- if (!n) throw new l(g.BadRequest, "client_id missing");
5540
- let t = await this.authServer.validateAndPersistScope(n, i, o.user);
5539
+ if (!a) throw new l(g.BadRequest, "client_id missing");
5540
+ let t = await this.authServer.validateAndPersistScope(a, i, o.user);
5541
5541
  if (t.error)
5542
5542
  throw l.fromOAuthError(t.error, t.error_description);
5543
5543
  if (t = await this.applyUserCode(s, o, o.user), t.error)
5544
5544
  throw l.fromOAuthError(t.error, t.error_description);
5545
- const a = {
5545
+ const n = {
5546
5546
  ok: !0,
5547
5547
  completed: !0,
5548
5548
  csrfToken: o.csrfToken
5549
5549
  };
5550
- return e ? r.header(...x).status(401).send(a) : r.status(200).view(this.devicePage, a);
5550
+ return e ? r.header(...x).status(401).send(n) : r.status(200).view(this.devicePage, n);
5551
5551
  } else
5552
5552
  throw new l(g.Unauthorized, "You did not authorize the client");
5553
5553
  } catch (s) {
5554
5554
  const i = l.asCrossauthError(s);
5555
5555
  d.logger.debug({ err: i }), d.logger.error({ cerr: i });
5556
- const n = {
5556
+ const a = {
5557
5557
  ok: !1,
5558
5558
  status: i.httpStatus,
5559
5559
  errorMessage: i.message,
5560
5560
  errorCode: i.code,
5561
5561
  errorCodeName: i.codeName
5562
5562
  };
5563
- return e ? r.header(...x).status(401).send(n) : r.status(i.httpStatus).view(this.devicePage, {
5563
+ return e ? r.header(...x).status(401).send(a) : r.status(i.httpStatus).view(this.devicePage, {
5564
5564
  csrfToken: o.csrfToken,
5565
- ...n
5565
+ ...a
5566
5566
  });
5567
5567
  }
5568
5568
  }
@@ -5608,10 +5608,10 @@ function fe(k, e) {
5608
5608
  if (k.access_token)
5609
5609
  try {
5610
5610
  if (k.access_token && e.includes("access")) {
5611
- const i = (o = J(k.access_token)) == null ? void 0 : o.jti, n = i ? F.hash(i) : void 0;
5611
+ const i = (o = J(k.access_token)) == null ? void 0 : o.jti, a = i ? F.hash(i) : void 0;
5612
5612
  d.logger.debug(c({
5613
5613
  msg: "Got access token",
5614
- accessTokenHash: n
5614
+ accessTokenHash: a
5615
5615
  }));
5616
5616
  }
5617
5617
  } catch (i) {
@@ -5620,10 +5620,10 @@ function fe(k, e) {
5620
5620
  if (k.id_token)
5621
5621
  try {
5622
5622
  if (k.id_token && e.includes("id")) {
5623
- const i = (r = J(k.id_token)) == null ? void 0 : r.jti, n = i ? F.hash(i) : void 0;
5623
+ const i = (r = J(k.id_token)) == null ? void 0 : r.jti, a = i ? F.hash(i) : void 0;
5624
5624
  d.logger.debug(c({
5625
5625
  msg: "Got id token",
5626
- idTokenHash: n
5626
+ idTokenHash: a
5627
5627
  }));
5628
5628
  }
5629
5629
  } catch (i) {
@@ -5632,10 +5632,10 @@ function fe(k, e) {
5632
5632
  if (k.refresh_token && e.includes("refresh"))
5633
5633
  try {
5634
5634
  if (k.refresh_token) {
5635
- const i = (s = J(k.refresh_token)) == null ? void 0 : s.jti, n = i ? F.hash(i) : void 0;
5635
+ const i = (s = J(k.refresh_token)) == null ? void 0 : s.jti, a = i ? F.hash(i) : void 0;
5636
5636
  d.logger.debug(c({
5637
5637
  msg: "Got refresh token",
5638
- refreshTokenHash: n
5638
+ refreshTokenHash: a
5639
5639
  }));
5640
5640
  }
5641
5641
  } catch (i) {
@@ -5722,24 +5722,24 @@ async function Se(k, e, o, r) {
5722
5722
  "OAuth server did not return an expiry for the access token"
5723
5723
  );
5724
5724
  const i = Date.now() + s * 1e3;
5725
- let n = { ...k, expires_at: i };
5725
+ let a = { ...k, expires_at: i };
5726
5726
  if ("id_token" in k) {
5727
5727
  let t = j(k.id_token);
5728
- t && (n.id_token = t);
5728
+ t && (a.id_token = t);
5729
5729
  }
5730
5730
  if (e.server.sessionServer) {
5731
5731
  let t = e.server.sessionServer.getSessionCookieValue(o);
5732
5732
  !t && r ? t = await e.server.createAnonymousSession(
5733
5733
  o,
5734
5734
  r,
5735
- { [e.sessionDataName]: n }
5736
- ) : await e.server.sessionAdapter.updateSessionData(o, e.sessionDataName, n);
5735
+ { [e.sessionDataName]: a }
5736
+ ) : await e.server.sessionAdapter.updateSessionData(o, e.sessionDataName, a);
5737
5737
  } else {
5738
5738
  if (!e.server.sessionAdapter) throw new l(
5739
5739
  g.Configuration,
5740
5740
  "Cannot get session data if sessions not enabled"
5741
5741
  );
5742
- await e.server.sessionAdapter.updateSessionData(o, e.sessionDataName, n);
5742
+ await e.server.sessionAdapter.updateSessionData(o, e.sessionDataName, a);
5743
5743
  }
5744
5744
  }
5745
5745
  async function qe(k, e, o, r) {
@@ -5783,7 +5783,7 @@ class we extends Oe {
5783
5783
  * @param options See {@link FastifyOAuthClientOptions}
5784
5784
  */
5785
5785
  constructor(o, r, s) {
5786
- var i, n, t;
5786
+ var i, a, t;
5787
5787
  super(r, s);
5788
5788
  u(this, "server");
5789
5789
  u(this, "siteUrl", "/");
@@ -5823,7 +5823,7 @@ class we extends Oe {
5823
5823
  u(this, "bffEndpointName", "bff");
5824
5824
  u(this, "bffBaseUrl");
5825
5825
  u(this, "tokenEndpoints", []);
5826
- if (this.server = o, S("sessionDataName", C.String, this, s, "OAUTH_SESSION_DATA_NAME"), S("siteUrl", C.String, this, s, "SITE_URL", !0), S("tokenResponseType", C.String, this, s, "OAUTH_TOKEN_RESPONSE_TYPE"), S("errorResponseType", C.String, this, s, "OAUTH_ERROR_RESPONSE_TYPE"), S("prefix", C.String, this, s, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), S("loginUrl", C.String, this, s, "LOGIN_URL"), S("errorPage", C.String, this, s, "ERROR_PAGE"), S("authorizedPage", C.String, this, s, "AUTHORIZED_PAGE"), S("authorizedUrl", C.String, this, s, "AUTHORIZED_URL"), S("loginProtectedFlows", C.JsonArray, this, s, "OAUTH_LOGIN_PROTECTED_FLOWS"), S("passwordFlowUrl", C.String, this, s, "OAUTH_PASSWORD_FLOW_URL"), S("passwordOtpUrl", C.String, this, s, "OAUTH_PASSWORD_OTP_URL"), S("passwordOobUrl", C.String, this, s, "OAUTH_PASSWORD_OOB_URL"), S("passwordFlowPage", C.String, this, s, "OAUTH_PASSWORD_FLOW_PAGE"), S("deviceCodeFlowPage", C.String, this, s, "OAUTH_DEVICECODE_FLOW_PAGE"), S("deleteTokensPage", C.String, this, s, "OAUTH_DELETE_TOKENS_PAGE"), S("deleteTokensGetUrl", C.String, this, s, "OAUTH_DELETE_TOKENS_GET_URL"), S("deleteTokensPostUrl", C.String, this, s, "OAUTH_DELETE_TOKENS_POST_URL"), S("apiDeleteTokensPostUrl", C.String, this, s, "OAUTHAPI__DELETE_TOKENS_POST_URL"), S("mfaOtpPage", C.String, this, s, "OAUTH_MFA_OTP_PAGE"), S("mfaOobPage", C.String, this, s, "OAUTH_MFA_OOB_PAGE"), S("deviceCodeFlowUrl", C.String, this, s, "OAUTH_DEVICECODE_FLOW_URL"), S("deviceCodePollUrl", C.String, this, s, "OAUTH_DEVICECODE_POLL_URL"), S("bffEndpointName", C.String, this, s, "OAUTH_BFF_ENDPOINT_NAME"), S("bffBaseUrl", C.String, this, s, "OAUTH_BFF_BASEURL"), S("validFlows", C.JsonArray, this, s, "OAUTH_VALIDFLOWS"), S("jwtTokens", C.JsonArray, this, s, "OAUTH_JWT_TOKENS"), (i = this.deleteTokensGetUrl) != null && i.startsWith("/") && (this.deleteTokensGetUrl = this.deleteTokensGetUrl.substring(1)), (n = this.deleteTokensPostUrl) != null && n.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), (t = this.deleteTokensPostUrl) != null && t.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), this.validFlows.length == 1 && this.validFlows[0] == E.All)
5826
+ if (this.server = o, S("sessionDataName", C.String, this, s, "OAUTH_SESSION_DATA_NAME"), S("siteUrl", C.String, this, s, "SITE_URL", !0), S("tokenResponseType", C.String, this, s, "OAUTH_TOKEN_RESPONSE_TYPE"), S("errorResponseType", C.String, this, s, "OAUTH_ERROR_RESPONSE_TYPE"), S("prefix", C.String, this, s, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), S("loginUrl", C.String, this, s, "LOGIN_URL"), S("errorPage", C.String, this, s, "ERROR_PAGE"), S("authorizedPage", C.String, this, s, "AUTHORIZED_PAGE"), S("authorizedUrl", C.String, this, s, "AUTHORIZED_URL"), S("loginProtectedFlows", C.JsonArray, this, s, "OAUTH_LOGIN_PROTECTED_FLOWS"), S("passwordFlowUrl", C.String, this, s, "OAUTH_PASSWORD_FLOW_URL"), S("passwordOtpUrl", C.String, this, s, "OAUTH_PASSWORD_OTP_URL"), S("passwordOobUrl", C.String, this, s, "OAUTH_PASSWORD_OOB_URL"), S("passwordFlowPage", C.String, this, s, "OAUTH_PASSWORD_FLOW_PAGE"), S("deviceCodeFlowPage", C.String, this, s, "OAUTH_DEVICECODE_FLOW_PAGE"), S("deleteTokensPage", C.String, this, s, "OAUTH_DELETE_TOKENS_PAGE"), S("deleteTokensGetUrl", C.String, this, s, "OAUTH_DELETE_TOKENS_GET_URL"), S("deleteTokensPostUrl", C.String, this, s, "OAUTH_DELETE_TOKENS_POST_URL"), S("apiDeleteTokensPostUrl", C.String, this, s, "OAUTHAPI__DELETE_TOKENS_POST_URL"), S("mfaOtpPage", C.String, this, s, "OAUTH_MFA_OTP_PAGE"), S("mfaOobPage", C.String, this, s, "OAUTH_MFA_OOB_PAGE"), S("deviceCodeFlowUrl", C.String, this, s, "OAUTH_DEVICECODE_FLOW_URL"), S("deviceCodePollUrl", C.String, this, s, "OAUTH_DEVICECODE_POLL_URL"), S("bffEndpointName", C.String, this, s, "OAUTH_BFF_ENDPOINT_NAME"), S("bffBaseUrl", C.String, this, s, "OAUTH_BFF_BASEURL"), S("validFlows", C.JsonArray, this, s, "OAUTH_VALIDFLOWS"), S("jwtTokens", C.JsonArray, this, s, "OAUTH_JWT_TOKENS"), (i = this.deleteTokensGetUrl) != null && i.startsWith("/") && (this.deleteTokensGetUrl = this.deleteTokensGetUrl.substring(1)), (a = this.deleteTokensPostUrl) != null && a.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), (t = this.deleteTokensPostUrl) != null && t.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), this.validFlows.length == 1 && this.validFlows[0] == E.All)
5827
5827
  this.validFlows = E.allFlows();
5828
5828
  else if (!E.areAllValidFlows(this.validFlows))
5829
5829
  throw new l(g.Configuration, "Invalid flows specificied in " + this.validFlows.join(","));
@@ -5851,43 +5851,43 @@ class we extends Oe {
5851
5851
  );
5852
5852
  this.prefix.endsWith("/") || (this.prefix += "/"), this.redirect_uri = this.siteUrl + this.prefix + "authzcode", this.validFlows.includes(E.AuthorizationCode) && this.server.app.get(
5853
5853
  this.prefix + "authzcodeflow",
5854
- async (a, h) => {
5855
- var m;
5854
+ async (n, h) => {
5855
+ var p;
5856
5856
  if (d.logger.info(c({
5857
5857
  msg: "Page visit",
5858
5858
  method: "GET",
5859
5859
  url: this.prefix + "authzcodeflow",
5860
- ip: a.ip,
5861
- user: (m = a.user) == null ? void 0 : m.username
5862
- })), !a.user && this.loginProtectedFlows.includes(E.AuthorizationCode))
5860
+ ip: n.ip,
5861
+ user: (p = n.user) == null ? void 0 : p.username
5862
+ })), !n.user && this.loginProtectedFlows.includes(E.AuthorizationCode))
5863
5863
  return h.redirect(
5864
5864
  302,
5865
- this.loginUrl + "?next=" + encodeURIComponent(a.url)
5865
+ this.loginUrl + "?next=" + encodeURIComponent(n.url)
5866
5866
  );
5867
- const { url: f, error: p, error_description: v } = await this.startAuthorizationCodeFlow(a.query.scope);
5868
- if (p || !f) {
5867
+ const { url: f, error: m, error_description: v } = await this.startAuthorizationCodeFlow(n.query.scope);
5868
+ if (m || !f) {
5869
5869
  const w = l.fromOAuthError(
5870
- p ?? "server_error",
5870
+ m ?? "server_error",
5871
5871
  v
5872
5872
  );
5873
- return await this.errorFn(this.server, a, h, w);
5873
+ return await this.errorFn(this.server, n, h, w);
5874
5874
  }
5875
5875
  return d.logger.debug(c({
5876
5876
  msg: "Authorization code flow: redirecting",
5877
5877
  url: f
5878
5878
  })), h.redirect(f);
5879
5879
  }
5880
- ), o.app.addHook("preHandler", async (a, h) => {
5881
- if (a.user || !o.sessionAdapter) return;
5882
- let f = await o.sessionAdapter.getSessionData(a, this.sessionDataName);
5880
+ ), o.app.addHook("preHandler", async (n, h) => {
5881
+ if (n.user || !o.sessionAdapter) return;
5882
+ let f = await o.sessionAdapter.getSessionData(n, this.sessionDataName);
5883
5883
  if (f && f.id_payload) {
5884
- let p = f.expires_at;
5885
- if (p && p > Date.now() && f.id_payload.sub) {
5886
- a.user = {
5884
+ let m = f.expires_at;
5885
+ if (m && m > Date.now() && f.id_payload.sub) {
5886
+ n.user = {
5887
5887
  id: f.id_payload.userid ?? f.id_payload.sub,
5888
5888
  username: f.id_payload.sub,
5889
5889
  state: f.id_payload.state ?? "active"
5890
- }, a.idTokenPayload = f.id_payload;
5890
+ }, n.idTokenPayload = f.id_payload;
5891
5891
  let v;
5892
5892
  try {
5893
5893
  v = await this.userCreationFn(
@@ -5895,154 +5895,154 @@ class we extends Oe {
5895
5895
  this.userStorage,
5896
5896
  this.userMatchField,
5897
5897
  this.idTokenMatchField
5898
- ), a.user = v, a.authType = v ? "oidc" : void 0;
5899
- } catch (m) {
5900
- d.logger.error(c({ cerr: m })), a.user = void 0, a.authType = void 0;
5898
+ ), n.user = v, n.authType = v ? "oidc" : void 0;
5899
+ } catch (p) {
5900
+ d.logger.error(c({ cerr: p })), n.user = void 0, n.authType = void 0;
5901
5901
  }
5902
5902
  }
5903
5903
  }
5904
- this.testMiddleware && (this.requestObj = a);
5904
+ this.testMiddleware && (this.requestObj = n);
5905
5905
  }), this.validFlows.includes(E.AuthorizationCodeWithPKCE) && this.server.app.get(
5906
5906
  this.prefix + "authzcodeflowpkce",
5907
- async (a, h) => {
5908
- var m;
5907
+ async (n, h) => {
5908
+ var p;
5909
5909
  if (d.logger.info(c({
5910
5910
  msg: "Page visit",
5911
5911
  method: "GET",
5912
5912
  url: this.prefix + "authzcodeflowpkce",
5913
- ip: a.ip,
5914
- user: (m = a.user) == null ? void 0 : m.username
5915
- })), !a.user && this.loginProtectedFlows.includes(E.AuthorizationCodeWithPKCE))
5913
+ ip: n.ip,
5914
+ user: (p = n.user) == null ? void 0 : p.username
5915
+ })), !n.user && this.loginProtectedFlows.includes(E.AuthorizationCodeWithPKCE))
5916
5916
  return h.redirect(
5917
5917
  302,
5918
- this.loginUrl + "?next=" + encodeURIComponent(a.url)
5918
+ this.loginUrl + "?next=" + encodeURIComponent(n.url)
5919
5919
  );
5920
- const { url: f, error: p, error_description: v } = await this.startAuthorizationCodeFlow(
5921
- a.query.scope,
5920
+ const { url: f, error: m, error_description: v } = await this.startAuthorizationCodeFlow(
5921
+ n.query.scope,
5922
5922
  !0
5923
5923
  );
5924
- if (p || !f) {
5924
+ if (m || !f) {
5925
5925
  const w = l.fromOAuthError(
5926
- p ?? "server_error",
5926
+ m ?? "server_error",
5927
5927
  v
5928
5928
  );
5929
- return await this.errorFn(this.server, a, h, w);
5929
+ return await this.errorFn(this.server, n, h, w);
5930
5930
  }
5931
5931
  return h.redirect(f);
5932
5932
  }
5933
5933
  ), (this.validFlows.includes(E.AuthorizationCode) || this.validFlows.includes(E.AuthorizationCodeWithPKCE) || this.validFlows.includes(E.OidcAuthorizationCode)) && this.server.app.get(
5934
5934
  this.prefix + "authzcode",
5935
- async (a, h) => {
5936
- var p, v;
5935
+ async (n, h) => {
5936
+ var m, v;
5937
5937
  if (d.logger.info(c({
5938
5938
  msg: "Page visit",
5939
5939
  method: "GET",
5940
5940
  url: this.prefix + "authzcode",
5941
- ip: a.ip,
5942
- user: (p = a.user) == null ? void 0 : p.username
5943
- })), !a.user && (this.loginProtectedFlows.includes(E.AuthorizationCodeWithPKCE) || this.loginProtectedFlows.includes(E.AuthorizationCode)))
5941
+ ip: n.ip,
5942
+ user: (m = n.user) == null ? void 0 : m.username
5943
+ })), !n.user && (this.loginProtectedFlows.includes(E.AuthorizationCodeWithPKCE) || this.loginProtectedFlows.includes(E.AuthorizationCode)))
5944
5944
  return h.redirect(
5945
5945
  302,
5946
- this.loginUrl + "?next=" + encodeURIComponent(a.url)
5946
+ this.loginUrl + "?next=" + encodeURIComponent(n.url)
5947
5947
  );
5948
5948
  const f = await this.redirectEndpoint(
5949
- a.query.code,
5950
- a.query.state,
5951
- a.query.error,
5952
- a.query.error_description
5949
+ n.query.code,
5950
+ n.query.state,
5951
+ n.query.error,
5952
+ n.query.error_description
5953
5953
  );
5954
5954
  f.id_token && (this.validateIdToken(f.id_token) || (f.error = "access_denied", f.error_description = "Invalid ID token received"));
5955
5955
  try {
5956
5956
  if (f.error) {
5957
- const m = l.fromOAuthError(
5957
+ const p = l.fromOAuthError(
5958
5958
  f.error,
5959
5959
  f.error_description
5960
5960
  );
5961
5961
  return await this.errorFn(
5962
5962
  this.server,
5963
- a,
5963
+ n,
5964
5964
  h,
5965
- m
5965
+ p
5966
5966
  );
5967
5967
  }
5968
- return await this.receiveTokenFn(f, this, a, h);
5969
- } catch (m) {
5970
- const w = l.asCrossauthError(m);
5968
+ return await this.receiveTokenFn(f, this, n, h);
5969
+ } catch (p) {
5970
+ const w = l.asCrossauthError(p);
5971
5971
  return d.logger.error(c({
5972
5972
  msg: "Error receiving token",
5973
5973
  cerr: w,
5974
- user: (v = a.user) == null ? void 0 : v.user
5975
- })), d.logger.debug(c({ err: m })), await this.errorFn(this.server, a, h, w);
5974
+ user: (v = n.user) == null ? void 0 : v.user
5975
+ })), d.logger.debug(c({ err: p })), await this.errorFn(this.server, n, h, w);
5976
5976
  }
5977
5977
  }
5978
5978
  ), this.validFlows.includes(E.ClientCredentials) && this.server.app.post(
5979
5979
  this.prefix + "clientcredflow",
5980
- async (a, h) => {
5981
- var f, p, v;
5980
+ async (n, h) => {
5981
+ var f, m, v;
5982
5982
  if (d.logger.info(c({
5983
5983
  msg: "Page visit",
5984
5984
  method: "POST",
5985
5985
  url: this.prefix + "clientcredflow",
5986
- ip: a.ip,
5987
- user: (f = a.user) == null ? void 0 : f.username
5986
+ ip: n.ip,
5987
+ user: (f = n.user) == null ? void 0 : f.username
5988
5988
  })), this.server.sessionAdapter) {
5989
- const { error: m, reply: w } = await o.errorIfCsrfInvalid(
5990
- a,
5989
+ const { error: p, reply: w } = await o.errorIfCsrfInvalid(
5990
+ n,
5991
5991
  h,
5992
5992
  this.errorFn
5993
5993
  );
5994
- if (m) return w;
5994
+ if (p) return w;
5995
5995
  }
5996
- if (!a.user && this.loginProtectedFlows.includes(E.ClientCredentials))
5996
+ if (!n.user && this.loginProtectedFlows.includes(E.ClientCredentials))
5997
5997
  return h.status(401).header(...b).send({ ok: !1, msg: "Access denied" });
5998
5998
  try {
5999
- const m = await this.clientCredentialsFlow((p = a.body) == null ? void 0 : p.scope);
6000
- if (m.id_token && (this.validateIdToken(m.id_token) || (m.error = "access_denied", m.error_description = "Invalid ID token received")), m.error) {
5999
+ const p = await this.clientCredentialsFlow((m = n.body) == null ? void 0 : m.scope);
6000
+ if (p.id_token && (this.validateIdToken(p.id_token) || (p.error = "access_denied", p.error_description = "Invalid ID token received")), p.error) {
6001
6001
  const w = l.fromOAuthError(
6002
- m.error,
6003
- m.error_description
6002
+ p.error,
6003
+ p.error_description
6004
6004
  );
6005
6005
  return await this.errorFn(
6006
6006
  this.server,
6007
- a,
6007
+ n,
6008
6008
  h,
6009
6009
  w
6010
6010
  );
6011
6011
  }
6012
- return await this.receiveTokenFn(m, this, a, h);
6013
- } catch (m) {
6014
- const w = l.asCrossauthError(m);
6012
+ return await this.receiveTokenFn(p, this, n, h);
6013
+ } catch (p) {
6014
+ const w = l.asCrossauthError(p);
6015
6015
  return d.logger.error(c({
6016
6016
  msg: "Error receiving token",
6017
6017
  cerr: w,
6018
- user: (v = a.user) == null ? void 0 : v.user
6019
- })), d.logger.debug(c({ err: m })), await this.errorFn(this.server, a, h, w);
6018
+ user: (v = n.user) == null ? void 0 : v.user
6019
+ })), d.logger.debug(c({ err: p })), await this.errorFn(this.server, n, h, w);
6020
6020
  }
6021
6021
  }
6022
6022
  ), this.validFlows.includes(E.RefreshToken) && (this.server.app.post(
6023
6023
  this.prefix + "refreshtokenflow",
6024
- async (a, h) => {
6025
- var m, w;
6024
+ async (n, h) => {
6025
+ var p, w;
6026
6026
  d.logger.info(c({
6027
6027
  msg: "Page visit",
6028
6028
  method: "POST",
6029
6029
  url: this.prefix + "refreshtokenflow",
6030
- ip: a.ip,
6031
- user: (m = a.user) == null ? void 0 : m.username
6030
+ ip: n.ip,
6031
+ user: (p = n.user) == null ? void 0 : p.username
6032
6032
  }));
6033
- const { error: f, reply: p } = await o.errorIfCsrfInvalid(
6034
- a,
6033
+ const { error: f, reply: m } = await o.errorIfCsrfInvalid(
6034
+ n,
6035
6035
  h,
6036
6036
  this.errorFn
6037
6037
  );
6038
- if (f) return p;
6039
- let v = a.body.refreshToken;
6038
+ if (f) return m;
6039
+ let v = n.body.refreshToken;
6040
6040
  if (!v && this.server.sessionAdapter) {
6041
6041
  if (!this.server.sessionAdapter) throw new l(
6042
6042
  g.Configuration,
6043
6043
  "Cannot get session data if sessions not enabled"
6044
6044
  );
6045
- const P = await this.server.sessionAdapter.getSessionData(a, this.sessionDataName);
6045
+ const P = await this.server.sessionAdapter.getSessionData(n, this.sessionDataName);
6046
6046
  if (!(P != null && P.refresh_token)) {
6047
6047
  const T = new l(
6048
6048
  g.BadRequest,
@@ -6050,7 +6050,7 @@ class we extends Oe {
6050
6050
  );
6051
6051
  return await this.errorFn(
6052
6052
  this.server,
6053
- a,
6053
+ n,
6054
6054
  h,
6055
6055
  T
6056
6056
  );
@@ -6064,12 +6064,12 @@ class we extends Oe {
6064
6064
  );
6065
6065
  return await this.errorFn(
6066
6066
  this.server,
6067
- a,
6067
+ n,
6068
6068
  h,
6069
6069
  P
6070
6070
  );
6071
6071
  }
6072
- if (!a.user && this.loginProtectedFlows.includes(E.RefreshToken))
6072
+ if (!n.user && this.loginProtectedFlows.includes(E.RefreshToken))
6073
6073
  return h.status(401).header(...b).send({ ok: !1, msg: "Access denied" });
6074
6074
  try {
6075
6075
  const P = await this.refreshTokenFlow(v);
@@ -6080,218 +6080,218 @@ class we extends Oe {
6080
6080
  );
6081
6081
  return await this.errorFn(
6082
6082
  this.server,
6083
- a,
6083
+ n,
6084
6084
  h,
6085
6085
  T
6086
6086
  );
6087
6087
  }
6088
- return await this.receiveTokenFn(P, this, a, h);
6088
+ return await this.receiveTokenFn(P, this, n, h);
6089
6089
  } catch (P) {
6090
6090
  const T = l.asCrossauthError(P);
6091
6091
  return d.logger.error(c({
6092
6092
  msg: "Error receiving token",
6093
6093
  cerr: T,
6094
- user: (w = a.user) == null ? void 0 : w.user
6095
- })), d.logger.debug(c({ err: P })), await this.errorFn(this.server, a, h, T);
6094
+ user: (w = n.user) == null ? void 0 : w.user
6095
+ })), d.logger.debug(c({ err: P })), await this.errorFn(this.server, n, h, T);
6096
6096
  }
6097
6097
  }
6098
6098
  ), this.server.app.post(
6099
6099
  this.prefix + "refreshtokensifexpired",
6100
- async (a, h) => {
6100
+ async (n, h) => {
6101
6101
  var f;
6102
6102
  return d.logger.info(c({
6103
6103
  msg: "Page visit",
6104
6104
  method: "POST",
6105
6105
  url: this.prefix + "refreshtokensifexpired",
6106
- ip: a.ip,
6107
- user: (f = a.user) == null ? void 0 : f.username
6108
- })), this.refreshTokens(a, h, !1, !0);
6106
+ ip: n.ip,
6107
+ user: (f = n.user) == null ? void 0 : f.username
6108
+ })), this.refreshTokens(n, h, !1, !0);
6109
6109
  }
6110
6110
  ), this.server.app.post(
6111
6111
  this.prefix + "api/refreshtokensifexpired",
6112
- async (a, h) => {
6112
+ async (n, h) => {
6113
6113
  var f;
6114
6114
  return d.logger.info(c({
6115
6115
  msg: "Page visit",
6116
6116
  method: "POST",
6117
6117
  url: this.prefix + "refreshtokens",
6118
- ip: a.ip,
6119
- user: (f = a.user) == null ? void 0 : f.username
6120
- })), this.refreshTokens(a, h, !0, !0);
6118
+ ip: n.ip,
6119
+ user: (f = n.user) == null ? void 0 : f.username
6120
+ })), this.refreshTokens(n, h, !0, !0);
6121
6121
  }
6122
6122
  ), this.server.app.post(
6123
6123
  this.prefix + "refreshtokens",
6124
- async (a, h) => {
6124
+ async (n, h) => {
6125
6125
  var f;
6126
6126
  return d.logger.info(c({
6127
6127
  msg: "Page visit",
6128
6128
  method: "POST",
6129
6129
  url: this.prefix + "refreshtokens",
6130
- ip: a.ip,
6131
- user: (f = a.user) == null ? void 0 : f.username
6132
- })), this.refreshTokens(a, h, !1, !1);
6130
+ ip: n.ip,
6131
+ user: (f = n.user) == null ? void 0 : f.username
6132
+ })), this.refreshTokens(n, h, !1, !1);
6133
6133
  }
6134
6134
  ), this.server.app.post(
6135
6135
  this.prefix + "api/refreshtokens",
6136
- async (a, h) => {
6136
+ async (n, h) => {
6137
6137
  var f;
6138
6138
  return d.logger.info(c({
6139
6139
  msg: "Page visit",
6140
6140
  method: "POST",
6141
6141
  url: this.prefix + "refreshtokens",
6142
- ip: a.ip,
6143
- user: (f = a.user) == null ? void 0 : f.username
6144
- })), this.refreshTokens(a, h, !0, !1);
6142
+ ip: n.ip,
6143
+ user: (f = n.user) == null ? void 0 : f.username
6144
+ })), this.refreshTokens(n, h, !0, !1);
6145
6145
  }
6146
6146
  )), (this.validFlows.includes(E.Password) || this.validFlows.includes(E.PasswordMfa)) && (this.server.app.get(
6147
6147
  this.prefix + this.passwordFlowUrl,
6148
- async (a, h) => {
6148
+ async (n, h) => {
6149
6149
  var f;
6150
6150
  return d.logger.info(c({
6151
6151
  msg: "Page visit",
6152
6152
  method: "GET",
6153
6153
  url: this.prefix + this.passwordFlowUrl,
6154
- ip: a.ip,
6155
- user: (f = a.user) == null ? void 0 : f.username
6156
- })), !a.user && this.loginProtectedFlows.includes(E.Password) ? h.redirect(
6154
+ ip: n.ip,
6155
+ user: (f = n.user) == null ? void 0 : f.username
6156
+ })), !n.user && this.loginProtectedFlows.includes(E.Password) ? h.redirect(
6157
6157
  302,
6158
- this.loginUrl + "?next=" + encodeURIComponent(a.url)
6158
+ this.loginUrl + "?next=" + encodeURIComponent(n.url)
6159
6159
  ) : h.view(this.passwordFlowPage, {
6160
- user: a.user,
6161
- scope: a.query.scope,
6162
- csrfToken: a.csrfToken
6160
+ user: n.user,
6161
+ scope: n.query.scope,
6162
+ csrfToken: n.csrfToken
6163
6163
  });
6164
6164
  }
6165
6165
  ), this.server.app.post(
6166
6166
  this.prefix + this.passwordFlowUrl,
6167
- async (a, h) => {
6167
+ async (n, h) => {
6168
6168
  var f;
6169
6169
  return d.logger.info(c({
6170
6170
  msg: "Page visit",
6171
6171
  method: "POST",
6172
6172
  url: this.prefix + this.passwordFlowUrl,
6173
- ip: a.ip,
6174
- user: (f = a.user) == null ? void 0 : f.username
6175
- })), await this.passwordPost(!1, a, h);
6173
+ ip: n.ip,
6174
+ user: (f = n.user) == null ? void 0 : f.username
6175
+ })), await this.passwordPost(!1, n, h);
6176
6176
  }
6177
6177
  )), this.validFlows.includes(E.PasswordMfa) && (this.server.app.post(
6178
6178
  this.prefix + this.passwordOtpUrl,
6179
- async (a, h) => {
6179
+ async (n, h) => {
6180
6180
  var f;
6181
6181
  return d.logger.info(c({
6182
6182
  msg: "Page visit",
6183
6183
  method: "POST",
6184
6184
  url: this.prefix + this.passwordOtpUrl,
6185
- ip: a.ip,
6186
- user: (f = a.user) == null ? void 0 : f.username
6187
- })), await this.passwordOtp(!1, a, h);
6185
+ ip: n.ip,
6186
+ user: (f = n.user) == null ? void 0 : f.username
6187
+ })), await this.passwordOtp(!1, n, h);
6188
6188
  }
6189
6189
  ), this.server.app.post(
6190
6190
  this.prefix + this.passwordOobUrl,
6191
- async (a, h) => {
6191
+ async (n, h) => {
6192
6192
  var f;
6193
6193
  return d.logger.info(c({
6194
6194
  msg: "Page visit",
6195
6195
  method: "POST",
6196
6196
  url: this.prefix + this.passwordOobUrl,
6197
- ip: a.ip,
6198
- user: (f = a.user) == null ? void 0 : f.username
6199
- })), await this.passwordOob(!1, a, h);
6197
+ ip: n.ip,
6198
+ user: (f = n.user) == null ? void 0 : f.username
6199
+ })), await this.passwordOob(!1, n, h);
6200
6200
  }
6201
6201
  )), this.validFlows.includes(E.DeviceCode) && (this.server.app.post(
6202
6202
  this.prefix + this.deviceCodeFlowUrl,
6203
- async (a, h) => {
6203
+ async (n, h) => {
6204
6204
  var f;
6205
6205
  return d.logger.info(c({
6206
6206
  msg: "Page visit",
6207
6207
  method: "POST",
6208
6208
  url: this.prefix + this.deviceCodeFlowPage,
6209
- ip: a.ip,
6210
- user: (f = a.user) == null ? void 0 : f.username
6211
- })), await this.deviceCodePost(!1, a, h);
6209
+ ip: n.ip,
6210
+ user: (f = n.user) == null ? void 0 : f.username
6211
+ })), await this.deviceCodePost(!1, n, h);
6212
6212
  }
6213
6213
  ), this.server.app.post(
6214
6214
  this.prefix + "api/" + this.deviceCodeFlowUrl,
6215
- async (a, h) => {
6215
+ async (n, h) => {
6216
6216
  var f;
6217
6217
  return d.logger.info(c({
6218
6218
  msg: "Page visit",
6219
6219
  method: "POST",
6220
6220
  url: this.prefix + "api/" + this.deviceCodeFlowPage,
6221
- ip: a.ip,
6222
- user: (f = a.user) == null ? void 0 : f.username
6223
- })), await this.deviceCodePost(!0, a, h);
6221
+ ip: n.ip,
6222
+ user: (f = n.user) == null ? void 0 : f.username
6223
+ })), await this.deviceCodePost(!0, n, h);
6224
6224
  }
6225
6225
  ), this.server.app.post(
6226
6226
  this.prefix + this.deviceCodePollUrl,
6227
- async (a, h) => {
6227
+ async (n, h) => {
6228
6228
  var f;
6229
6229
  return d.logger.info(c({
6230
6230
  msg: "Page visit",
6231
6231
  method: "POST",
6232
6232
  url: this.prefix + this.deviceCodePollUrl,
6233
- ip: a.ip,
6234
- user: (f = a.user) == null ? void 0 : f.username
6235
- })), await this.deviceCodePoll(!1, a, h);
6233
+ ip: n.ip,
6234
+ user: (f = n.user) == null ? void 0 : f.username
6235
+ })), await this.deviceCodePoll(!1, n, h);
6236
6236
  }
6237
6237
  ), this.server.app.post(
6238
6238
  this.prefix + "api/" + this.deviceCodePollUrl,
6239
- async (a, h) => {
6239
+ async (n, h) => {
6240
6240
  var f;
6241
6241
  return d.logger.info(c({
6242
6242
  msg: "Page visit",
6243
6243
  method: "POST",
6244
6244
  url: this.prefix + this.deviceCodePollUrl,
6245
- ip: a.ip,
6246
- user: (f = a.user) == null ? void 0 : f.username
6247
- })), await this.deviceCodePoll(!0, a, h);
6245
+ ip: n.ip,
6246
+ user: (f = n.user) == null ? void 0 : f.username
6247
+ })), await this.deviceCodePoll(!0, n, h);
6248
6248
  }
6249
6249
  )), this.deleteTokensGetUrl && this.server.app.get(
6250
6250
  this.prefix + this.deleteTokensGetUrl,
6251
- async (a, h) => {
6252
- var f, p;
6251
+ async (n, h) => {
6252
+ var f, m;
6253
6253
  return d.logger.info(c({
6254
6254
  msg: "Page visit",
6255
6255
  method: "GET",
6256
6256
  url: this.prefix + this.deleteTokensGetUrl,
6257
- ip: a.ip,
6258
- user: (f = a.user) == null ? void 0 : f.username
6257
+ ip: n.ip,
6258
+ user: (f = n.user) == null ? void 0 : f.username
6259
6259
  })), h.view(
6260
6260
  this.deleteTokensPage,
6261
6261
  {
6262
- user: (p = a.user) == null ? void 0 : p.username,
6263
- csrfToken: a.csrfToken
6262
+ user: (m = n.user) == null ? void 0 : m.username,
6263
+ csrfToken: n.csrfToken
6264
6264
  }
6265
6265
  );
6266
6266
  }
6267
6267
  ), this.deleteTokensPostUrl && this.server.app.post(
6268
6268
  this.prefix + this.deleteTokensPostUrl,
6269
- async (a, h) => {
6270
- var f, p, v;
6269
+ async (n, h) => {
6270
+ var f, m, v;
6271
6271
  d.logger.info(c({
6272
6272
  msg: "Page visit",
6273
6273
  method: "POST",
6274
6274
  url: this.prefix + this.deleteTokensPostUrl,
6275
- ip: a.ip,
6276
- user: (f = a.user) == null ? void 0 : f.username
6275
+ ip: n.ip,
6276
+ user: (f = n.user) == null ? void 0 : f.username
6277
6277
  }));
6278
6278
  try {
6279
- return await this.deleteTokens(a), h.view(
6279
+ return await this.deleteTokens(n), h.view(
6280
6280
  this.deleteTokensPage,
6281
6281
  {
6282
6282
  ok: !0,
6283
- user: (p = a.user) == null ? void 0 : p.username,
6284
- csrfToken: a.csrfToken
6283
+ user: (m = n.user) == null ? void 0 : m.username,
6284
+ csrfToken: n.csrfToken
6285
6285
  }
6286
6286
  );
6287
- } catch (m) {
6288
- const w = l.asCrossauthError(m);
6287
+ } catch (p) {
6288
+ const w = l.asCrossauthError(p);
6289
6289
  return d.logger.debug(c({ err: w })), d.logger.error(c({ msg: "Couldn't delete oauth tokens", cerr: w })), h.view(
6290
6290
  this.deleteTokensPage,
6291
6291
  {
6292
6292
  ok: !1,
6293
- user: (v = a.user) == null ? void 0 : v.username,
6294
- csrfToken: a.csrfToken,
6293
+ user: (v = n.user) == null ? void 0 : v.username,
6294
+ csrfToken: n.csrfToken,
6295
6295
  errorMessage: w.message,
6296
6296
  errorCode: w.code,
6297
6297
  errorCodeName: w.codeName
@@ -6301,102 +6301,102 @@ class we extends Oe {
6301
6301
  }
6302
6302
  ), this.apiDeleteTokensPostUrl && this.server.app.post(
6303
6303
  this.prefix + this.apiDeleteTokensPostUrl,
6304
- async (a, h) => {
6304
+ async (n, h) => {
6305
6305
  var f;
6306
6306
  d.logger.info(c({
6307
6307
  msg: "Page visit",
6308
6308
  method: "POST",
6309
6309
  url: this.prefix + this.apiDeleteTokensPostUrl,
6310
- ip: a.ip,
6311
- user: (f = a.user) == null ? void 0 : f.username
6310
+ ip: n.ip,
6311
+ user: (f = n.user) == null ? void 0 : f.username
6312
6312
  }));
6313
6313
  try {
6314
- return await this.deleteTokens(a), h.header(...b).send('{"ok": true}');
6315
- } catch (p) {
6316
- const v = l.asCrossauthError(p);
6314
+ return await this.deleteTokens(n), h.header(...b).send('{"ok": true}');
6315
+ } catch (m) {
6316
+ const v = l.asCrossauthError(m);
6317
6317
  return d.logger.debug(c({ err: v })), d.logger.error(c({ msg: "Couldn't delete oauth tokens", cerr: v })), h.header(...b).status(v.httpStatus).send(JSON.stringify({
6318
6318
  ok: !1,
6319
6319
  errorMessage: v.message,
6320
6320
  errorCode: v.code,
6321
6321
  errorCodeName: v.codeName,
6322
- csrfToken: a.csrfToken
6322
+ csrfToken: n.csrfToken
6323
6323
  }));
6324
6324
  }
6325
6325
  }
6326
6326
  );
6327
- for (let a of this.tokenEndpoints)
6327
+ for (let n of this.tokenEndpoints)
6328
6328
  this.server.app.post(
6329
- this.prefix + a,
6329
+ this.prefix + n,
6330
6330
  async (h, f) => {
6331
6331
  var U;
6332
6332
  if (d.logger.info(c({
6333
6333
  msg: "Page visit",
6334
6334
  method: "POST",
6335
- url: this.prefix + a,
6335
+ url: this.prefix + n,
6336
6336
  ip: h.ip,
6337
6337
  user: (U = h.user) == null ? void 0 : U.username
6338
6338
  })), !h.csrfToken)
6339
6339
  return f.header(...b).status(401).send({ ok: !1, msg: "No csrf token given" });
6340
- let p = !1, v = a;
6341
- a.startsWith("have_") && (v = a.replace("have_", ""), p = !0);
6342
- let m = v.replace("_token", ""), w = !1;
6343
- if (this.jwtTokens.includes(m) && (w = h.body.decode ?? !0), !this.server.sessionAdapter) throw new l(
6340
+ let m = !1, v = n;
6341
+ n.startsWith("have_") && (v = n.replace("have_", ""), m = !0);
6342
+ let p = v.replace("_token", ""), w = !1;
6343
+ if (this.jwtTokens.includes(p) && (w = h.body.decode ?? !0), !this.server.sessionAdapter) throw new l(
6344
6344
  g.Configuration,
6345
6345
  "Cannot get session data if sessions not enabled"
6346
6346
  );
6347
6347
  const P = await this.server.sessionAdapter.getSessionData(h, this.sessionDataName);
6348
6348
  if (!P)
6349
- return p ? f.header(...b).status(200).send({ ok: !1 }) : f.header(...b).status(204).send();
6349
+ return m ? f.header(...b).status(200).send({ ok: !1 }) : f.header(...b).status(204).send();
6350
6350
  let T = P[v];
6351
- return w && (T = j(P[v])), T ? p ? f.header(...b).status(200).send({ ok: !0 }) : f.header(...b).status(200).send({ ...T }) : p ? f.header(...b).status(200).send({ ok: !1 }) : f.header(...b).status(204).send();
6351
+ return w && (T = j(P[v])), T ? m ? f.header(...b).status(200).send({ ok: !0 }) : f.header(...b).status(200).send({ ...T }) : m ? f.header(...b).status(200).send({ ok: !1 }) : f.header(...b).status(204).send();
6352
6352
  }
6353
6353
  );
6354
6354
  if (this.server.app.post(
6355
6355
  this.prefix + "tokens",
6356
- async (a, h) => {
6356
+ async (n, h) => {
6357
6357
  var v;
6358
6358
  if (d.logger.info(c({
6359
6359
  msg: "Page visit",
6360
6360
  method: "POST",
6361
6361
  url: this.prefix + "tokens",
6362
- ip: a.ip,
6363
- user: (v = a.user) == null ? void 0 : v.username
6364
- })), !a.csrfToken)
6362
+ ip: n.ip,
6363
+ user: (v = n.user) == null ? void 0 : v.username
6364
+ })), !n.csrfToken)
6365
6365
  return h.header(...b).status(401).send({ ok: !1, msg: "No csrf token given" });
6366
6366
  if (!this.server.sessionAdapter) throw new l(
6367
6367
  g.Configuration,
6368
6368
  "Cannot get session data if sessions not enabled"
6369
6369
  );
6370
- const f = await this.server.sessionAdapter.getSessionData(a, this.sessionDataName);
6370
+ const f = await this.server.sessionAdapter.getSessionData(n, this.sessionDataName);
6371
6371
  if (!f)
6372
6372
  return h.header(...b).status(204).send();
6373
- let p = {};
6374
- for (let m of this.tokenEndpoints) {
6375
- let w = !1, P = m;
6376
- m.startsWith("have_") && (P = m.replace("have_", ""), w = !0);
6373
+ let m = {};
6374
+ for (let p of this.tokenEndpoints) {
6375
+ let w = !1, P = p;
6376
+ p.startsWith("have_") && (P = p.replace("have_", ""), w = !0);
6377
6377
  let T = P.replace("_token", ""), U = !1;
6378
- if (this.jwtTokens.includes(T) && (U = a.body.decode ?? !0), P in f) {
6378
+ if (this.jwtTokens.includes(T) && (U = n.body.decode ?? !0), P in f) {
6379
6379
  let _ = f[P];
6380
- U && (_ = j(f[P])), _ && (p[m] = w ? !0 : _);
6381
- } else w && (p[m] = !1);
6380
+ U && (_ = j(f[P])), _ && (m[p] = w ? !0 : _);
6381
+ } else w && (m[p] = !1);
6382
6382
  }
6383
- return h.header(...b).status(200).send({ ...p });
6383
+ return h.header(...b).status(200).send({ ...m });
6384
6384
  }
6385
6385
  ), this.bffEndpoints.length > 0 && !this.bffBaseUrl)
6386
6386
  throw new l(g.Configuration, "If enabling BFF endpoints, must also define bffBaseUrl");
6387
6387
  this.bffBaseUrl == null && (this.bffBaseUrl = ""), this.bffBaseUrl.endsWith("/") && (this.bffBaseUrl = this.bffBaseUrl.substring(0, this.bffBaseUrl.length - 1));
6388
- for (let a = 0; a < this.bffEndpoints.length; ++a) {
6389
- const h = this.bffEndpoints[a].url;
6388
+ for (let n = 0; n < this.bffEndpoints.length; ++n) {
6389
+ const h = this.bffEndpoints[n].url;
6390
6390
  if (h.includes("?") || h.includes("#"))
6391
6391
  throw new l(g.Configuration, "BFF urls may not contain query parameters or page fragments");
6392
6392
  if (!h.startsWith("/"))
6393
6393
  throw new l(g.Configuration, "BFF urls must be absolute and without the HTTP method, hostname or port");
6394
- const f = this.bffEndpoints[a].methods, p = this.bffEndpoints[a].matchSubUrls ?? !1;
6394
+ const f = this.bffEndpoints[n].methods, m = this.bffEndpoints[n].matchSubUrls ?? !1;
6395
6395
  let v = h;
6396
- p && (v.endsWith("/") || (v += "/"), v += "*");
6397
- for (let m in f)
6396
+ m && (v.endsWith("/") || (v += "/"), v += "*");
6397
+ for (let p in f)
6398
6398
  this.server.app.route({
6399
- method: f[m],
6399
+ method: f[p],
6400
6400
  url: this.prefix + this.bffEndpointName + v,
6401
6401
  // was url
6402
6402
  handler: async (w, P) => {
@@ -6410,7 +6410,7 @@ class we extends Oe {
6410
6410
  }));
6411
6411
  const T = w.url.substring(this.prefix.length + this.bffEndpointName.length);
6412
6412
  d.logger.debug(c({ msg: "Resource server URL " + T }));
6413
- const U = f[m] != "GET" && f[m] != "HEAD" && f[m] != "OPTIONS";
6413
+ const U = f[p] != "GET" && f[p] != "HEAD" && f[p] != "OPTIONS";
6414
6414
  if (this.server.sessionAdapter && U) {
6415
6415
  const { error: I, reply: V } = await o.errorIfCsrfInvalid(
6416
6416
  w,
@@ -6467,37 +6467,37 @@ class we extends Oe {
6467
6467
  async passwordPost(o, r, s) {
6468
6468
  var i;
6469
6469
  if (this.server.sessionAdapter) {
6470
- const { error: n, reply: t } = await this.server.errorIfCsrfInvalid(
6470
+ const { error: a, reply: t } = await this.server.errorIfCsrfInvalid(
6471
6471
  r,
6472
6472
  s,
6473
6473
  this.errorFn
6474
6474
  );
6475
- if (n) return t;
6475
+ if (a) return t;
6476
6476
  }
6477
6477
  try {
6478
- let n = await this.passwordFlow(
6478
+ let a = await this.passwordFlow(
6479
6479
  r.body.username,
6480
6480
  r.body.password,
6481
6481
  r.body.scope
6482
6482
  );
6483
- if (n.id_token && (this.validateIdToken(n.id_token) || (n.error = "access_denied", n.error_description = "Invalid ID token received")), n.error == "mfa_required" && n.mfa_token && this.validFlows.includes(E.PasswordMfa)) {
6484
- const t = n.mfa_token;
6485
- if (n = await this.passwordMfa(
6483
+ if (a.id_token && (this.validateIdToken(a.id_token) || (a.error = "access_denied", a.error_description = "Invalid ID token received")), a.error == "mfa_required" && a.mfa_token && this.validFlows.includes(E.PasswordMfa)) {
6484
+ const t = a.mfa_token;
6485
+ if (a = await this.passwordMfa(
6486
6486
  o,
6487
6487
  t,
6488
6488
  r.body.scope,
6489
6489
  r,
6490
6490
  s
6491
- ), n.id_token && (this.validateIdToken(n.id_token) || (n.error = "access_denied", n.error_description = "Invalid ID token received")), n.error) {
6492
- const a = l.fromOAuthError(
6493
- n.error,
6494
- n.error_description
6491
+ ), a.id_token && (this.validateIdToken(a.id_token) || (a.error = "access_denied", a.error_description = "Invalid ID token received")), a.error) {
6492
+ const n = l.fromOAuthError(
6493
+ a.error,
6494
+ a.error_description
6495
6495
  );
6496
6496
  return o ? await this.errorFn(
6497
6497
  this.server,
6498
6498
  r,
6499
6499
  s,
6500
- a
6500
+ n
6501
6501
  ) : s.view(
6502
6502
  this.passwordFlowPage,
6503
6503
  {
@@ -6505,18 +6505,18 @@ class we extends Oe {
6505
6505
  username: r.body.username,
6506
6506
  password: r.body.password,
6507
6507
  scope: r.body.scope,
6508
- errorMessage: a.message,
6509
- errorCode: a.code,
6510
- errorCodeName: a.codeName,
6508
+ errorMessage: n.message,
6509
+ errorCode: n.code,
6510
+ errorCodeName: n.codeName,
6511
6511
  csrfToken: r.csrfToken
6512
6512
  }
6513
6513
  );
6514
6514
  }
6515
- return await this.receiveTokenFn(n, this, r, s);
6516
- } else if (n.error) {
6515
+ return await this.receiveTokenFn(a, this, r, s);
6516
+ } else if (a.error) {
6517
6517
  const t = l.fromOAuthError(
6518
- n.error,
6519
- n.error_description
6518
+ a.error,
6519
+ a.error_description
6520
6520
  );
6521
6521
  return o ? await this.errorFn(this.server, r, s, t) : s.view(
6522
6522
  this.passwordFlowPage,
@@ -6532,14 +6532,14 @@ class we extends Oe {
6532
6532
  }
6533
6533
  );
6534
6534
  }
6535
- return await this.receiveTokenFn(n, this, r, s);
6536
- } catch (n) {
6537
- const t = l.asCrossauthError(n);
6535
+ return await this.receiveTokenFn(a, this, r, s);
6536
+ } catch (a) {
6537
+ const t = l.asCrossauthError(a);
6538
6538
  return d.logger.error(c({
6539
6539
  msg: "Error receiving token",
6540
6540
  cerr: t,
6541
6541
  user: (i = r.user) == null ? void 0 : i.user
6542
- })), d.logger.debug(c({ err: n })), o ? await this.errorFn(
6542
+ })), d.logger.debug(c({ err: a })), o ? await this.errorFn(
6543
6543
  this.server,
6544
6544
  r,
6545
6545
  s,
@@ -6556,16 +6556,16 @@ class we extends Oe {
6556
6556
  });
6557
6557
  }
6558
6558
  }
6559
- async passwordMfa(o, r, s, i, n) {
6559
+ async passwordMfa(o, r, s, i, a) {
6560
6560
  const t = await this.mfaAuthenticators(r);
6561
6561
  if (t.error || !t.authenticators || !Array.isArray(t.authenticators) || t.authenticators.length == 0 || t.authenticators.length > 1 && !t.authenticators[0].active)
6562
6562
  return t.error ? t : {
6563
6563
  error: "access_denied",
6564
6564
  error_description: "No MFA authenticators available"
6565
6565
  };
6566
- const a = t.authenticators[0];
6567
- if (a.authenticator_type == "otp") {
6568
- const f = await this.mfaOtpRequest(r, a.id);
6566
+ const n = t.authenticators[0];
6567
+ if (n.authenticator_type == "otp") {
6568
+ const f = await this.mfaOtpRequest(r, n.id);
6569
6569
  return f.error || f.challenge_type != "otp" ? {
6570
6570
  error: f.error ?? "server_error",
6571
6571
  error_description: f.error_description ?? "Invalid response from MFA OTP challenge"
@@ -6573,24 +6573,24 @@ class we extends Oe {
6573
6573
  scope: s,
6574
6574
  mfa_token: r
6575
6575
  };
6576
- } else if (a.authenticator_type == "oob") {
6577
- const f = await this.mfaOobRequest(r, a.id);
6576
+ } else if (n.authenticator_type == "oob") {
6577
+ const f = await this.mfaOobRequest(r, n.id);
6578
6578
  return f.error || f.challenge_type != "oob" || !f.oob_code || f.binding_method != "prompt" ? {
6579
6579
  error: f.error ?? "server_error",
6580
6580
  error_description: f.error_description ?? "Invalid response from MFA OOB challenge"
6581
6581
  } : {
6582
6582
  scope: s,
6583
6583
  mfa_token: r,
6584
- oob_channel: a.oob_channel,
6584
+ oob_channel: n.oob_channel,
6585
6585
  challenge_type: f.challenge_type,
6586
6586
  binding_method: f.binding_method,
6587
6587
  oob_code: f.oob_code,
6588
- name: a.name
6588
+ name: n.name
6589
6589
  };
6590
6590
  }
6591
6591
  const h = new l(
6592
6592
  g.UnknownError,
6593
- "Unsupported MFA type " + a.authenticator_type + " returned"
6593
+ "Unsupported MFA type " + n.authenticator_type + " returned"
6594
6594
  );
6595
6595
  return {
6596
6596
  error: h.oauthErrorCode,
@@ -6598,7 +6598,7 @@ class we extends Oe {
6598
6598
  };
6599
6599
  }
6600
6600
  async passwordOtp(o, r, s) {
6601
- var n;
6601
+ var a;
6602
6602
  const i = await this.mfaOtpComplete(
6603
6603
  r.body.mfa_token,
6604
6604
  r.body.otp
@@ -6611,7 +6611,7 @@ class we extends Oe {
6611
6611
  return d.logger.warn(c({
6612
6612
  msg: "Error completing MFA",
6613
6613
  cerr: t,
6614
- user: (n = r.user) == null ? void 0 : n.user,
6614
+ user: (a = r.user) == null ? void 0 : a.user,
6615
6615
  hashedMfaToken: F.hash(r.body.mfa_token)
6616
6616
  })), d.logger.debug(c({ err: t })), o ? await this.errorFn(
6617
6617
  this.server,
@@ -6632,7 +6632,7 @@ class we extends Oe {
6632
6632
  return await this.receiveTokenFn(i, this, r, s) ?? s;
6633
6633
  }
6634
6634
  async passwordOob(o, r, s) {
6635
- var n;
6635
+ var a;
6636
6636
  const i = await this.mfaOobComplete(
6637
6637
  r.body.mfa_token,
6638
6638
  r.body.oob_code,
@@ -6646,7 +6646,7 @@ class we extends Oe {
6646
6646
  return d.logger.warn(c({
6647
6647
  msg: "Error completing MFA",
6648
6648
  cerr: t,
6649
- user: (n = r.user) == null ? void 0 : n.user,
6649
+ user: (a = r.user) == null ? void 0 : a.user,
6650
6650
  hashedMfaToken: F.hash(r.body.mfa_token)
6651
6651
  })), d.logger.debug(c({ err: t })), o ? await this.errorFn(
6652
6652
  this.server,
@@ -6671,19 +6671,19 @@ class we extends Oe {
6671
6671
  async deviceCodePost(o, r, s) {
6672
6672
  var i;
6673
6673
  if (this.server.sessionAdapter) {
6674
- const { error: n, reply: t } = await this.server.errorIfCsrfInvalid(
6674
+ const { error: a, reply: t } = await this.server.errorIfCsrfInvalid(
6675
6675
  r,
6676
6676
  s,
6677
6677
  this.errorFn
6678
6678
  );
6679
- if (n) return t;
6679
+ if (a) return t;
6680
6680
  }
6681
6681
  try {
6682
6682
  if (!r.csrfToken)
6683
6683
  throw new l(g.Unauthorized, "CSRF token missing or invalid");
6684
- let n = this.authServerBaseUrl;
6685
- n.endsWith("/") || (n += "/"), n += this.deviceAuthorizationUrl;
6686
- const t = await this.startDeviceCodeFlow(n, r.body.scope);
6684
+ let a = this.authServerBaseUrl;
6685
+ a.endsWith("/") || (a += "/"), a += this.deviceAuthorizationUrl;
6686
+ const t = await this.startDeviceCodeFlow(a, r.body.scope);
6687
6687
  if (t.error) {
6688
6688
  const h = l.fromOAuthError(t.error, t.error_description), f = {
6689
6689
  user: r.user,
@@ -6697,9 +6697,9 @@ class we extends Oe {
6697
6697
  };
6698
6698
  return o ? s.header(...b).status(h.httpStatus).send(t) : s.view(this.deviceCodeFlowPage, f);
6699
6699
  }
6700
- let a;
6700
+ let n;
6701
6701
  return t.verification_uri_complete && await Re.toDataURL(t.verification_uri_complete).then((h) => {
6702
- a = h;
6702
+ n = h;
6703
6703
  }).catch((h) => {
6704
6704
  d.logger.debug(c({ err: h })), d.logger.warn(c({ msg: "Couldn't generate verification URL QR Code" }));
6705
6705
  }), o ? s.header(...b).send(t) : s.view(
@@ -6707,47 +6707,47 @@ class we extends Oe {
6707
6707
  {
6708
6708
  user: r.user,
6709
6709
  scope: r.body.scope,
6710
- verification_uri_qrdata: a,
6710
+ verification_uri_qrdata: n,
6711
6711
  ...t
6712
6712
  }
6713
6713
  );
6714
- } catch (n) {
6715
- const t = l.asCrossauthError(n);
6714
+ } catch (a) {
6715
+ const t = l.asCrossauthError(a);
6716
6716
  d.logger.error(c({
6717
6717
  msg: "Error receiving token",
6718
6718
  cerr: t,
6719
6719
  user: (i = r.user) == null ? void 0 : i.user
6720
- })), d.logger.debug(c({ err: n }));
6721
- const a = {
6720
+ })), d.logger.debug(c({ err: a }));
6721
+ const n = {
6722
6722
  errorMessage: t.message,
6723
6723
  errorCode: t.code,
6724
6724
  errorCodeName: t.codeName
6725
6725
  };
6726
- return o ? s.header(...b).status(t.httpStatus).send(a) : s.view(this.deviceCodeFlowPage, {
6726
+ return o ? s.header(...b).status(t.httpStatus).send(n) : s.view(this.deviceCodeFlowPage, {
6727
6727
  user: r.user,
6728
6728
  csrfToken: r.csrfToken,
6729
6729
  scope: r.body.scope,
6730
- ...a
6730
+ ...n
6731
6731
  });
6732
6732
  }
6733
6733
  }
6734
6734
  async deviceCodePoll(o, r, s) {
6735
6735
  var i;
6736
6736
  try {
6737
- const n = await this.pollDeviceCodeFlow(r.body.device_code);
6738
- return n.id_token && (this.validateIdToken(n.id_token) || (n.error = "access_denied", n.error_description = "Invalid ID token received")), n.error ? s.header(...b).send(n) : await this.receiveTokenFn(
6739
- n,
6737
+ const a = await this.pollDeviceCodeFlow(r.body.device_code);
6738
+ return a.id_token && (this.validateIdToken(a.id_token) || (a.error = "access_denied", a.error_description = "Invalid ID token received")), a.error ? s.header(...b).send(a) : await this.receiveTokenFn(
6739
+ a,
6740
6740
  this,
6741
6741
  r,
6742
6742
  o ? void 0 : s
6743
6743
  );
6744
- } catch (n) {
6745
- const t = l.asCrossauthError(n);
6744
+ } catch (a) {
6745
+ const t = l.asCrossauthError(a);
6746
6746
  return d.logger.error(c({
6747
6747
  msg: "Error receiving token",
6748
6748
  cerr: t,
6749
6749
  user: (i = r.user) == null ? void 0 : i.user
6750
- })), d.logger.debug(c({ err: n })), await this.errorFn(
6750
+ })), d.logger.debug(c({ err: a })), await this.errorFn(
6751
6751
  this.server,
6752
6752
  r,
6753
6753
  s,
@@ -6755,8 +6755,8 @@ class we extends Oe {
6755
6755
  );
6756
6756
  }
6757
6757
  }
6758
- async refresh(o, r, s, i, n, t) {
6759
- if (!t || !n)
6758
+ async refresh(o, r, s, i, a, t) {
6759
+ if (!t || !a)
6760
6760
  return s ? void 0 : await this.receiveTokenFn(
6761
6761
  {},
6762
6762
  this,
@@ -6765,27 +6765,27 @@ class we extends Oe {
6765
6765
  );
6766
6766
  if (!i || t <= Date.now())
6767
6767
  try {
6768
- const a = await this.refreshTokenFlow(n);
6769
- if (a.id_token && (this.validateIdToken(a.id_token) || (a.error = "access_denied", a.error_description = "Invalid ID token received")), !a.error && !a.access_token && (a.error = "server_error", a.error_description = "Unexpectedly did not receive error or access token"), !a.error) {
6770
- const p = await this.receiveTokenFn(
6771
- a,
6768
+ const n = await this.refreshTokenFlow(a);
6769
+ if (n.id_token && (this.validateIdToken(n.id_token) || (n.error = "access_denied", n.error_description = "Invalid ID token received")), !n.error && !n.access_token && (n.error = "server_error", n.error_description = "Unexpectedly did not receive error or access token"), !n.error) {
6770
+ const m = await this.receiveTokenFn(
6771
+ n,
6772
6772
  this,
6773
6773
  o,
6774
6774
  s ? void 0 : r
6775
6775
  );
6776
- if (!s) return p;
6776
+ if (!s) return m;
6777
6777
  }
6778
6778
  if (!s) {
6779
- const p = l.fromOAuthError(
6780
- a.error ?? "server_error",
6781
- a.error_description
6779
+ const m = l.fromOAuthError(
6780
+ n.error ?? "server_error",
6781
+ n.error_description
6782
6782
  );
6783
- return await this.errorFn(this.server, o, r, p);
6783
+ return await this.errorFn(this.server, o, r, m);
6784
6784
  }
6785
- let h = a.expires_in;
6786
- if (!h && a.access_token) {
6787
- const p = J(a.access_token);
6788
- p.exp && (h = p.exp);
6785
+ let h = n.expires_in;
6786
+ if (!h && n.access_token) {
6787
+ const m = J(n.access_token);
6788
+ m.exp && (h = m.exp);
6789
6789
  }
6790
6790
  if (!h)
6791
6791
  throw new l(
@@ -6794,19 +6794,19 @@ class we extends Oe {
6794
6794
  );
6795
6795
  const f = (/* @__PURE__ */ new Date()).getTime() + h * 1e3;
6796
6796
  return {
6797
- access_token: a.access_token,
6798
- refresh_token: a.refresh_token,
6799
- expires_in: a.expires_in,
6797
+ access_token: n.access_token,
6798
+ refresh_token: n.refresh_token,
6799
+ expires_in: n.expires_in,
6800
6800
  expires_at: f,
6801
- error: a.error,
6802
- error_description: a.error_description
6801
+ error: n.error,
6802
+ error_description: n.error_description
6803
6803
  };
6804
- } catch (a) {
6805
- if (d.logger.debug(c({ err: a })), d.logger.error(c({
6806
- cerr: a,
6804
+ } catch (n) {
6805
+ if (d.logger.debug(c({ err: n })), d.logger.error(c({
6806
+ cerr: n,
6807
6807
  msg: "Failed refreshing access token"
6808
6808
  })), !s) {
6809
- const h = l.asCrossauthError(a);
6809
+ const h = l.asCrossauthError(n);
6810
6810
  return await this.errorFn(this.server, o, r, h);
6811
6811
  }
6812
6812
  return {
@@ -6822,12 +6822,12 @@ class we extends Oe {
6822
6822
  g.Configuration,
6823
6823
  "Cannot get session data if sessions not enabled"
6824
6824
  );
6825
- const n = await this.server.sessionAdapter.getSessionData(o, this.sessionDataName);
6826
- if (!(n != null && n.refresh_token)) {
6825
+ const a = await this.server.sessionAdapter.getSessionData(o, this.sessionDataName);
6826
+ if (!(a != null && a.refresh_token)) {
6827
6827
  if (s)
6828
6828
  return r.header(...b).status(204).send();
6829
6829
  {
6830
- const a = new l(
6830
+ const n = new l(
6831
6831
  g.InvalidSession,
6832
6832
  "No tokens found in session"
6833
6833
  );
@@ -6835,7 +6835,7 @@ class we extends Oe {
6835
6835
  this.server,
6836
6836
  o,
6837
6837
  r,
6838
- a
6838
+ n
6839
6839
  );
6840
6840
  }
6841
6841
  }
@@ -6844,9 +6844,9 @@ class we extends Oe {
6844
6844
  r,
6845
6845
  s,
6846
6846
  i,
6847
- n.refresh_token,
6847
+ a.refresh_token,
6848
6848
  //onlyIfExpired ? oauthData.expires_at : undefined
6849
- n.expires_at
6849
+ a.expires_at
6850
6850
  );
6851
6851
  if (t && t.id_token && (this.validateIdToken(t.id_token) || (t.error = "access_denied", t.error_description = "Invalid ID token received")), !s) {
6852
6852
  if (t == null) return this.receiveTokenFn({}, this, o, r);
@@ -6882,60 +6882,71 @@ class er extends Ie {
6882
6882
  super(r, s);
6883
6883
  u(this, "userStorage");
6884
6884
  u(this, "protectedEndpoints", {});
6885
+ u(this, "protectedEndpointPrefixes", []);
6885
6886
  u(this, "errorBody", {});
6886
6887
  u(this, "sessionDataName", "oauth");
6887
6888
  u(this, "tokenLocations", ["header"]);
6888
6889
  u(this, "sessionAdapter");
6889
6890
  if (S("errorBody", C.Json, this, s, "OAUTH_RESSERVER_ACCESS_DENIED_BODY"), S("tokenLocations", C.JsonArray, this, s, "OAUTH_TOKEN_LOCATIONS"), S("sessionDataName", C.String, this, s, "OAUTH_SESSION_DATA_NAME"), this.userStorage = s.userStorage, this.sessionAdapter = s.sessionAdapter, s.protectedEndpoints) {
6890
6891
  const i = /^[!#\$%&'\(\)\*\+,\.\/a-zA-Z\[\]\^_`-]+/;
6891
- for (const [n, t] of Object.entries(s.protectedEndpoints)) {
6892
- if (!n.startsWith("/"))
6892
+ for (const [a, t] of Object.entries(s.protectedEndpoints)) {
6893
+ if (!a.startsWith("/"))
6893
6894
  throw new l(g.Configuration, "protected endpoints must be absolute paths without the protocol and hostname");
6894
- t.scope && t.scope.forEach((a) => {
6895
- if (!i.test(a)) throw new l(g.Configuration, "Illegal characters in scope " + a);
6895
+ t.scope && t.scope.forEach((n) => {
6896
+ if (!i.test(n)) throw new l(g.Configuration, "Illegal characters in scope " + n);
6896
6897
  });
6897
6898
  }
6898
- this.protectedEndpoints = s.protectedEndpoints;
6899
+ this.protectedEndpoints = { ...s.protectedEndpoints };
6900
+ for (let a in s.protectedEndpoints) {
6901
+ let t = this.protectedEndpoints[a];
6902
+ t.suburls == !0 && (a.endsWith("/") || (a += "/", this.protectedEndpoints[a] = t), this.protectedEndpointPrefixes.push(a));
6903
+ }
6899
6904
  }
6900
- s.protectedEndpoints && o.addHook("preHandler", async (i, n) => {
6901
- var h, f;
6905
+ s.protectedEndpoints && o.addHook("preHandler", async (i, a) => {
6906
+ var m, v;
6902
6907
  const t = i.url.split("?", 2)[0];
6903
- if (!(t in this.protectedEndpoints)) return;
6904
- const a = await this.authorized(i);
6905
- if (!(i.user && i.authType == "cookie" && this.protectedEndpoints[t].acceptSessionAuthorization != !0)) {
6906
- if (!a) {
6908
+ let n = !1, h = "";
6909
+ if (t in this.protectedEndpoints)
6910
+ n = !0, h = t;
6911
+ else
6912
+ for (let p of this.protectedEndpointPrefixes)
6913
+ t.startsWith(p) && (n = !0), h = p;
6914
+ if (!n) return;
6915
+ const f = await this.authorized(i);
6916
+ if (!(i.user && i.authType == "cookie" && this.protectedEndpoints[h].acceptSessionAuthorization != !0)) {
6917
+ if (!f) {
6907
6918
  i.authError = "access_denied", i.authErrorDescription = "No access token";
6908
6919
  const p = this.authenticateHeader(i);
6909
- return n.header("WWW-Authenticate", p).status(401).send(this.errorBody);
6920
+ return a.header("WWW-Authenticate", p).status(401).send(this.errorBody);
6910
6921
  }
6911
- if (!a.authorized) {
6922
+ if (!f.authorized) {
6912
6923
  const p = this.authenticateHeader(i);
6913
- return n.header("WWW-Authenticate", p).status(401).send(this.errorBody);
6924
+ return a.header("WWW-Authenticate", p).status(401).send(this.errorBody);
6914
6925
  }
6915
6926
  }
6916
- if (a) {
6917
- if (i.accessTokenPayload = a.tokenPayload, i.user = a.user, (h = a.tokenPayload) != null && h.scope)
6918
- if (Array.isArray(a.tokenPayload.scope)) {
6927
+ if (f) {
6928
+ if (i.accessTokenPayload = f.tokenPayload, i.user = f.user, (m = f.tokenPayload) != null && m.scope)
6929
+ if (Array.isArray(f.tokenPayload.scope)) {
6919
6930
  let p = [];
6920
- for (let v of a.tokenPayload.scope)
6921
- typeof v == "string" && p.push(v);
6931
+ for (let w of f.tokenPayload.scope)
6932
+ typeof w == "string" && p.push(w);
6922
6933
  i.scope = p;
6923
- } else typeof a.tokenPayload.scope == "string" && (i.scope = a.tokenPayload.scope.split(" "));
6924
- if (this.protectedEndpoints[t].scope) {
6925
- for (let p of this.protectedEndpoints[t].scope ?? [])
6926
- if (!i.scope || !i.scope.includes(p) && this.protectedEndpoints[t].acceptSessionAuthorization != !0)
6934
+ } else typeof f.tokenPayload.scope == "string" && (i.scope = f.tokenPayload.scope.split(" "));
6935
+ if (this.protectedEndpoints[h].scope) {
6936
+ for (let p of this.protectedEndpoints[h].scope ?? [])
6937
+ if (!i.scope || !i.scope.includes(p) && this.protectedEndpoints[h].acceptSessionAuthorization != !0)
6927
6938
  return d.logger.warn(c({
6928
6939
  msg: "Access token does not have sufficient scope",
6929
- username: (f = i.user) == null ? void 0 : f.username,
6940
+ username: (v = i.user) == null ? void 0 : v.username,
6930
6941
  url: i.url
6931
- })), i.scope = void 0, i.accessTokenPayload = void 0, i.user = void 0, i.authError = "access_denied", i.authErrorDescription = "Access token does not have sufficient scope", n.status(401).send(this.errorBody);
6942
+ })), i.scope = void 0, i.accessTokenPayload = void 0, i.user = void 0, i.authError = "access_denied", i.authErrorDescription = "Access token does not have sufficient scope", a.status(401).send(this.errorBody);
6932
6943
  }
6933
- if (i.authType = "oauth", i.authError = a == null ? void 0 : a.error, (a == null ? void 0 : a.error) == "access_denied") {
6944
+ if (i.authType = "oauth", i.authError = f == null ? void 0 : f.error, (f == null ? void 0 : f.error) == "access_denied") {
6934
6945
  const p = this.authenticateHeader(i);
6935
- return n.header("WWW-Authenticate", p).status(401).send(this.errorBody);
6936
- } else if (a != null && a.error)
6937
- return n.status(500).send(this.errorBody);
6938
- i.authErrorDescription = a == null ? void 0 : a.error_description, d.logger.debug(c({ msg: "Resource server url", url: i.url, authorized: i.accessTokenPayload != null }));
6946
+ return a.header("WWW-Authenticate", p).status(401).send(this.errorBody);
6947
+ } else if (f != null && f.error)
6948
+ return a.status(500).send(this.errorBody);
6949
+ i.authErrorDescription = f == null ? void 0 : f.error_description, d.logger.debug(c({ msg: "Resource server url", url: i.url, authorized: i.accessTokenPayload != null }));
6939
6950
  }
6940
6951
  });
6941
6952
  }
@@ -6963,15 +6974,15 @@ class er extends Ie {
6963
6974
  let r;
6964
6975
  for (let i of this.tokenLocations)
6965
6976
  if (i == "header") {
6966
- const n = await this.tokenFromHeader(o);
6967
- if (n) {
6968
- r = n;
6977
+ const a = await this.tokenFromHeader(o);
6978
+ if (a) {
6979
+ r = a;
6969
6980
  break;
6970
6981
  }
6971
6982
  } else {
6972
- const n = await this.tokenFromSession(o);
6973
- if (n) {
6974
- r = n;
6983
+ const a = await this.tokenFromSession(o);
6984
+ if (a) {
6985
+ r = a;
6975
6986
  break;
6976
6987
  }
6977
6988
  }
@@ -7092,9 +7103,9 @@ const K = class K {
7092
7103
  apiKey: r,
7093
7104
  oAuthAuthServer: s,
7094
7105
  oAuthClient: i,
7095
- oAuthClients: n,
7106
+ oAuthClients: a,
7096
7107
  oAuthResServer: t
7097
- }, a = {}) {
7108
+ }, n = {}) {
7098
7109
  u(this, "views", "views");
7099
7110
  /** The Fastify app, which was either passed in the constructor or
7100
7111
  * created if none was passed in.
@@ -7119,7 +7130,7 @@ const K = class K {
7119
7130
  /** Config for `@fastify/cors` */
7120
7131
  u(this, "cors");
7121
7132
  u(this, "audience", "");
7122
- S("views", C.String, this, a, "VIEWS"), S("cors", C.Json, this, a, "CORS"), a.isAdminFn && (K.isAdminFn = a.isAdminFn), a.app ? this.app = a.app : (this.views && ue.configure(this.views, {
7133
+ S("views", C.String, this, n, "VIEWS"), S("cors", C.Json, this, n, "CORS"), n.isAdminFn && (K.isAdminFn = n.isAdminFn), n.app ? this.app = n.app : (this.views && ue.configure(this.views, {
7123
7134
  autoescape: !0
7124
7135
  }), this.app = Ee({ logger: !1 }), this.app.register(Te, {
7125
7136
  engine: {
@@ -7139,7 +7150,7 @@ const K = class K {
7139
7150
  // options for parsing cookies
7140
7151
  }), this.app.decorateRequest("user", void 0), this.app.decorateRequest("csrfToken", void 0);
7141
7152
  let h = {};
7142
- if (a.authenticators && (h = a.authenticators), e) {
7153
+ if (n.authenticators && (h = n.authenticators), e) {
7143
7154
  if (!h)
7144
7155
  throw new l(
7145
7156
  g.Configuration,
@@ -7149,17 +7160,17 @@ const K = class K {
7149
7160
  this.app,
7150
7161
  e.keyStorage,
7151
7162
  h,
7152
- { ...a, ...e.options }
7163
+ { ...n, ...e.options }
7153
7164
  );
7154
7165
  this.sessionServer = f, this.sessionAdapter = this.sessionServer;
7155
7166
  } else o && (this.sessionAdapter = o);
7156
7167
  if (r) {
7157
- if (!a.userStorage) throw new l(g.Configuration, "Need a user storage to user API server");
7168
+ if (!n.userStorage) throw new l(g.Configuration, "Need a user storage to user API server");
7158
7169
  new Ye(
7159
7170
  this.app,
7160
- a.userStorage,
7171
+ n.userStorage,
7161
7172
  r.keyStorage,
7162
- { ...a, ...r.options }
7173
+ { ...n, ...r.options }
7163
7174
  );
7164
7175
  }
7165
7176
  if (s) {
@@ -7170,7 +7181,7 @@ const K = class K {
7170
7181
  s.clientStorage,
7171
7182
  s.keyStorage,
7172
7183
  h,
7173
- { ...f, ...a, ...s.options }
7184
+ { ...f, ...n, ...s.options }
7174
7185
  );
7175
7186
  }
7176
7187
  if (i && this.oAuthClients)
@@ -7178,22 +7189,22 @@ const K = class K {
7178
7189
  if (i && (this.oAuthClient = new we(
7179
7190
  this,
7180
7191
  i.authServerBaseUrl,
7181
- { ...a, ...i.options }
7182
- )), n) {
7192
+ { ...n, ...i.options }
7193
+ )), a) {
7183
7194
  this.oAuthClients = [];
7184
- for (let f of n)
7195
+ for (let f of a)
7185
7196
  this.oAuthClients.push(
7186
7197
  new we(
7187
7198
  this,
7188
7199
  f.authServerBaseUrl,
7189
- { ...a, ...f.options }
7200
+ { ...n, ...f.options }
7190
7201
  )
7191
7202
  );
7192
7203
  }
7193
- t && (this.audience = "", S("audience", C.String, this, a, "OAUTH_AUDIENCE", !0), this.oAuthResServer = new er(
7204
+ t && (this.audience = "", S("audience", C.String, this, n, "OAUTH_AUDIENCE", !0), this.oAuthResServer = new er(
7194
7205
  this.app,
7195
- [new Me(this.audience, a)],
7196
- { sessionAdapter: this.sessionAdapter, ...t.options, ...a }
7206
+ [new Me(this.audience, n)],
7207
+ { sessionAdapter: this.sessionAdapter, ...t.options, ...n }
7197
7208
  ));
7198
7209
  }
7199
7210
  /**
@@ -7229,14 +7240,14 @@ const K = class K {
7229
7240
  try {
7230
7241
  if (!e.csrfToken) throw new l(g.InvalidCsrf);
7231
7242
  return { error: !1, reply: o };
7232
- } catch (n) {
7233
- d.logger.debug(c({ err: n })), d.logger.warn(c({
7243
+ } catch (a) {
7244
+ d.logger.debug(c({ err: a })), d.logger.warn(c({
7234
7245
  msg: "Attempt to access url without csrf token",
7235
7246
  url: e.url
7236
7247
  }));
7237
7248
  try {
7238
7249
  if (r) {
7239
- const t = l.asCrossauthError(n);
7250
+ const t = l.asCrossauthError(a);
7240
7251
  return { error: !0, reply: await r(this, e, o, t) };
7241
7252
  } else if ((s = this.sessionServer) != null && s.errorPage) {
7242
7253
  const t = new l(g.InvalidCsrf, "CSRF Token not provided");
@@ -7270,7 +7281,7 @@ const K = class K {
7270
7281
  * from calling `errorFn`.
7271
7282
  */
7272
7283
  async errorIfNotLoggedIn(e, o, r) {
7273
- var s, i, n;
7284
+ var s, i, a;
7274
7285
  if (!e.user) {
7275
7286
  d.logger.warn(c({
7276
7287
  msg: "Attempt to access url without csrf token",
@@ -7296,7 +7307,7 @@ const K = class K {
7296
7307
  } catch (t) {
7297
7308
  return d.logger.debug(c({ err: t })), d.logger.error(c({
7298
7309
  cerr: t,
7299
- hashedSessionCookie: (n = this.sessionServer) == null ? void 0 : n.getHashOfSessionId(e)
7310
+ hashedSessionCookie: (a = this.sessionServer) == null ? void 0 : a.getHashOfSessionId(e)
7300
7311
  })), o.status(401).send(z);
7301
7312
  }
7302
7313
  return o.status(401).send(z);
@@ -7337,14 +7348,14 @@ const K = class K {
7337
7348
  }
7338
7349
  ) : e.status(o).send(o == 401 ? z : G);
7339
7350
  try {
7340
- let n = 0, t = "UnknownError";
7351
+ let a = 0, t = "UnknownError";
7341
7352
  if ("isCrossAuthError" in i) {
7342
- const a = l.asCrossauthError(i);
7343
- n = a.code, t = a.name, s || (s = i.message);
7353
+ const n = l.asCrossauthError(i);
7354
+ a = n.code, t = n.name, s || (s = i.message);
7344
7355
  }
7345
- return s || (o == 401 ? (s = "You are not authorized to access this page", n = g.Unauthorized, t = g[n]) : o == 403 ? (s = "You do not have permission to access this page", n = g.Forbidden, t = g[n]) : s = "An unknwon error has occurred"), d.logger.warn(c({
7356
+ return s || (o == 401 ? (s = "You are not authorized to access this page", a = g.Unauthorized, t = g[a]) : o == 403 ? (s = "You do not have permission to access this page", a = g.Forbidden, t = g[a]) : s = "An unknwon error has occurred"), d.logger.warn(c({
7346
7357
  msg: s,
7347
- errorCode: n,
7358
+ errorCode: a,
7348
7359
  errorCodeName: t,
7349
7360
  httpStatus: o
7350
7361
  })), r ? e.status(o).view(
@@ -7352,12 +7363,12 @@ const K = class K {
7352
7363
  {
7353
7364
  status: o,
7354
7365
  errorMessage: s,
7355
- errorCode: n,
7366
+ errorCode: a,
7356
7367
  errorCodeName: t
7357
7368
  }
7358
7369
  ) : e.status(o).send(o == 401 ? z : G);
7359
- } catch (n) {
7360
- return d.logger.error(c({ err: n })), e.status(o).send(o == 401 ? z : G);
7370
+ } catch (a) {
7371
+ return d.logger.error(c({ err: a })), e.status(o).send(o == 401 ? z : G);
7361
7372
  }
7362
7373
  }
7363
7374
  /*