@crossauth/fastify 1.1.7 → 1.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/fastifyserver.d.ts +1 -1
  2. package/dist/fastifysession.d.ts +6 -0
  3. package/dist/index.cjs +2 -2
  4. package/dist/index.d.ts +1 -0
  5. package/dist/index.js +1094 -1071
  6. package/package.json +3 -3
package/dist/index.js CHANGED
@@ -7,11 +7,11 @@ import ye from "@fastify/formbody";
7
7
  import be from "@fastify/cors";
8
8
  import _e from "@fastify/cookie";
9
9
  import ue from "nunjucks";
10
- import { setParameter as C, ParamType as k, Crypto as F, TokenEmailer as xe, OAuthClientManager as L, SessionManager as Ae, ApiKeyManager as Y, KeyStorage as Fe, OAuthAuthorizationServer as Ne, DoubleSubmitCsrfToken as Ue, OAuthClientBackend as Oe, OAuthResourceServer as Ie, OAuthTokenConsumer as Me } from "@crossauth/backend";
11
- import { CrossauthLogger as d, j as c, CrossauthError as l, ErrorCode as g, UserState as O, OAuthFlows as E } from "@crossauth/common";
12
- import { jwtDecode as J } from "jwt-decode";
10
+ import { setParameter as C, ParamType as k, Crypto as N, TokenEmailer as xe, OAuthClientManager as L, SessionManager as Ae, ApiKeyManager as Y, KeyStorage as Fe, OAuthAuthorizationServer as Ne, DoubleSubmitCsrfToken as Ue, OAuthClientBackend as Oe, OAuthResourceServer as Ie, OAuthTokenConsumer as Me } from "@crossauth/backend";
11
+ import { CrossauthLogger as d, j as c, CrossauthError as l, ErrorCode as g, UserState as I, OAuthFlows as E } from "@crossauth/common";
12
+ import { jwtDecode as K } from "jwt-decode";
13
13
  import Re from "qrcode";
14
- const U = ["Content-Type", "application/json; charset=utf-8"];
14
+ const O = ["Content-Type", "application/json; charset=utf-8"];
15
15
  class De {
16
16
  /**
17
17
  * Constructor.
@@ -93,23 +93,23 @@ class De {
93
93
  return await this.updateUser(
94
94
  e,
95
95
  o,
96
- (r, i, n) => {
97
- const t = n ? "Please click on the link in your email to verify your email address." : "Your details have been updated";
96
+ (r, t, n) => {
97
+ const i = n ? "Please click on the link in your email to verify your email address." : "Your details have been updated";
98
98
  return r.view(this.updateUserPage, {
99
99
  csrfToken: e.csrfToken,
100
- message: t,
100
+ message: i,
101
101
  urlPrefix: this.prefix,
102
102
  allowedFactor2: this.sessionServer.allowedFactor2Details()
103
103
  });
104
104
  }
105
105
  );
106
106
  } catch (r) {
107
- const i = l.asCrossauthError(r);
108
- d.logger.error(c({ message: "Update user failure", user: e.body.username, errorCodeName: i.codeName, errorCode: i.code })), d.logger.debug(c({ err: r }));
107
+ const t = l.asCrossauthError(r);
108
+ d.logger.error(c({ message: "Update user failure", user: e.body.username, errorCodeName: t.codeName, errorCode: t.code })), d.logger.debug(c({ err: r }));
109
109
  let n = {};
110
- for (let t in e.body)
111
- t.startsWith("user_") && (n[t] = e.body[t]);
112
- return this.sessionServer.handleError(r, e, o, (t, a) => t.view(this.updateUserPage, {
110
+ for (let i in e.body)
111
+ i.startsWith("user_") && (n[i] = e.body[i]);
112
+ return this.sessionServer.handleError(r, e, o, (i, a) => i.view(this.updateUserPage, {
113
113
  user: e.user,
114
114
  errorMessage: a.message,
115
115
  errorMessages: a.messages,
@@ -144,20 +144,20 @@ class De {
144
144
  return await this.updateUser(
145
145
  e,
146
146
  o,
147
- (i, n, t) => i.header(...U).send({
147
+ (t, n, i) => t.header(...O).send({
148
148
  ok: !0,
149
- emailVerificationRequired: t
149
+ emailVerificationRequired: i
150
150
  })
151
151
  );
152
- } catch (i) {
153
- const n = l.asCrossauthError(i);
152
+ } catch (t) {
153
+ const n = l.asCrossauthError(t);
154
154
  return d.logger.error(c({
155
155
  message: "Update user failure",
156
156
  user: (r = e.user) == null ? void 0 : r.username,
157
157
  errorCodeName: n.codeName,
158
158
  errorCode: n.code
159
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
160
- t.status(this.sessionServer.errorStatus(i)).header(...U).send({
159
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
160
+ i.status(this.sessionServer.errorStatus(t)).header(...O).send({
161
161
  ok: !1,
162
162
  errorMessage: a.message,
163
163
  errorMessages: a.messages,
@@ -176,7 +176,7 @@ class De {
176
176
  this.sessionServer.app.get(
177
177
  this.prefix + "changefactor2",
178
178
  async (e, o) => {
179
- var r, i;
179
+ var r, t;
180
180
  if (d.logger.info(c({
181
181
  message: "Page visit",
182
182
  method: "GET",
@@ -197,7 +197,7 @@ class De {
197
197
  csrfToken: e.csrfToken,
198
198
  next: e.query.next ?? this.sessionServer.loginRedirect,
199
199
  allowedFactor2: this.sessionServer.allowedFactor2Details(),
200
- factor2: ((i = e.user) == null ? void 0 : i.factor2) ?? "none",
200
+ factor2: ((t = e.user) == null ? void 0 : t.factor2) ?? "none",
201
201
  required: e.query.required ?? !1
202
202
  };
203
203
  return o.view(this.changeFactor2Page, s);
@@ -213,8 +213,8 @@ class De {
213
213
  ip: e.ip,
214
214
  user: (s = e.user) == null ? void 0 : s.username
215
215
  })), !this.sessionServer.isSessionUser(e) || !e.user) {
216
- const i = await this.sessionServer.getSessionData(e, "factor2change");
217
- if (!(i != null && i.username) && !this.sessionServer.isSessionUser(e))
216
+ const t = await this.sessionServer.getSessionData(e, "factor2change");
217
+ if (!(t != null && t.username) && !this.sessionServer.isSessionUser(e))
218
218
  return y.sendPageError(
219
219
  o,
220
220
  401,
@@ -225,26 +225,26 @@ class De {
225
225
  return await this.changeFactor2(
226
226
  e,
227
227
  o,
228
- (i, n, t) => n.factor2 ? i.view(this.configureFactor2Page, {
228
+ (t, n, i) => n.factor2 ? t.view(this.configureFactor2Page, {
229
229
  csrfToken: n.csrfToken,
230
230
  next: e.body.next ?? this.sessionServer.loginRedirect,
231
231
  ...n.userData
232
- }) : i.view(this.configureFactor2Page, {
232
+ }) : t.view(this.configureFactor2Page, {
233
233
  message: "Two factor authentication has been updated",
234
234
  next: e.body.next ?? this.sessionServer.loginRedirect,
235
235
  csrfToken: n.csrfToken
236
236
  })
237
237
  );
238
- } catch (i) {
239
- const n = l.asCrossauthError(i);
238
+ } catch (t) {
239
+ const n = l.asCrossauthError(t);
240
240
  return d.logger.error(c({
241
241
  message: "Change two factor authentication failure",
242
242
  user: (r = e.user) == null ? void 0 : r.username,
243
243
  errorCodeName: n.codeName,
244
244
  errorCode: n.code
245
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
245
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
246
246
  var h;
247
- return t.view(this.changeFactor2Page, {
247
+ return i.view(this.changeFactor2Page, {
248
248
  errorMessage: a.message,
249
249
  errorMessages: a.messages,
250
250
  errorCode: a.code,
@@ -280,19 +280,19 @@ class De {
280
280
  return await this.changeFactor2(
281
281
  e,
282
282
  o,
283
- (i, n, t) => i.header(...U).send({
283
+ (t, n, i) => t.header(...O).send({
284
284
  ok: !0,
285
285
  ...n.userData
286
286
  })
287
287
  );
288
- } catch (i) {
289
- const n = l.asCrossauthError(i);
288
+ } catch (t) {
289
+ const n = l.asCrossauthError(t);
290
290
  return d.logger.error(c({
291
291
  message: "Change factor2 failure",
292
292
  user: (r = e.user) == null ? void 0 : r.username,
293
293
  errorCodeName: n.codeName,
294
294
  errorCode: n.code
295
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.status(this.sessionServer.errorStatus(i)).header(...U).send({
295
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => i.status(this.sessionServer.errorStatus(t)).header(...O).send({
296
296
  ok: !1,
297
297
  errorMessage: a.message,
298
298
  errorMessages: a.messages,
@@ -318,8 +318,8 @@ class De {
318
318
  ip: e.ip,
319
319
  user: (r = e.user) == null ? void 0 : r.username
320
320
  })), !this.sessionServer.isSessionUser(e) || !e.user) {
321
- const i = await this.sessionServer.getSessionData(e, "passwordchange");
322
- if ((i == null ? void 0 : i.username) == null && !this.sessionServer.isSessionUser(e))
321
+ const t = await this.sessionServer.getSessionData(e, "passwordchange");
322
+ if ((t == null ? void 0 : t.username) == null && !this.sessionServer.isSessionUser(e))
323
323
  return y.sendPageError(
324
324
  o,
325
325
  401,
@@ -349,7 +349,7 @@ class De {
349
349
  return await this.changePassword(
350
350
  e,
351
351
  o,
352
- (i, n) => e.body.next ? i.redirect(e.body.next) : i.view(this.changePasswordPage, {
352
+ (t, n) => e.body.next ? t.redirect(e.body.next) : t.view(this.changePasswordPage, {
353
353
  csrfToken: e.csrfToken,
354
354
  message: "Your password has been changed.",
355
355
  urlPrefix: this.prefix,
@@ -357,14 +357,14 @@ class De {
357
357
  required: e.body.required
358
358
  })
359
359
  );
360
- } catch (i) {
361
- const n = l.asCrossauthError(i);
360
+ } catch (t) {
361
+ const n = l.asCrossauthError(t);
362
362
  return d.logger.error(c({
363
363
  message: "Change password failure",
364
364
  user: (r = e.user) == null ? void 0 : r.username,
365
365
  errorCodeName: n.codeName,
366
366
  errorCode: n.code
367
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.view(this.changePasswordPage, {
367
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => i.view(this.changePasswordPage, {
368
368
  errorMessage: a.message,
369
369
  errorMessages: a.messages,
370
370
  errorCode: a.code,
@@ -397,18 +397,18 @@ class De {
397
397
  return await this.changePassword(
398
398
  e,
399
399
  o,
400
- (i, n) => i.header(...U).send({
400
+ (t, n) => t.header(...O).send({
401
401
  ok: !0
402
402
  })
403
403
  );
404
- } catch (i) {
405
- const n = l.asCrossauthError(i);
404
+ } catch (t) {
405
+ const n = l.asCrossauthError(t);
406
406
  return d.logger.error(c({
407
407
  message: "Change password failure",
408
408
  user: (r = e.user) == null ? void 0 : r.username,
409
409
  errorCodeName: n.codeName,
410
410
  errorCode: n.code
411
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.status(this.sessionServer.errorStatus(i)).header(...U).send({
411
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => i.status(this.sessionServer.errorStatus(t)).header(...O).send({
412
412
  ok: !1,
413
413
  errorMessage: a.message,
414
414
  errorMessages: a.messages,
@@ -437,23 +437,23 @@ class De {
437
437
  return await this.reconfigureFactor2(
438
438
  e,
439
439
  o,
440
- (r, i, n) => r.view(this.configureFactor2Page, {
441
- ...i,
440
+ (r, t, n) => r.view(this.configureFactor2Page, {
441
+ ...t,
442
442
  next: e.query.next ?? this.sessionServer.loginRedirect
443
443
  })
444
444
  );
445
445
  } catch (r) {
446
- const i = l.asCrossauthError(r);
446
+ const t = l.asCrossauthError(r);
447
447
  return d.logger.error(c({
448
448
  message: "Configure factor2 failure",
449
449
  user: (s = e.user) == null ? void 0 : s.username,
450
- errorCodeName: i.codeName,
451
- errorCode: i.code
452
- })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (n, t) => n.view(this.configureFactor2Page, {
453
- errorMessage: t.message,
454
- errorMessages: t.messages,
455
- errorCode: t.code,
456
- errorCodeName: g[t.code],
450
+ errorCodeName: t.codeName,
451
+ errorCode: t.code
452
+ })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (n, i) => n.view(this.configureFactor2Page, {
453
+ errorMessage: i.message,
454
+ errorMessages: i.messages,
455
+ errorCode: i.code,
456
+ errorCodeName: g[i.code],
457
457
  next: e.query.next ?? this.sessionServer.loginRedirect,
458
458
  csrfToken: e.csrfToken,
459
459
  urlPrefix: this.prefix
@@ -474,8 +474,8 @@ class De {
474
474
  return d.logger.debug(c({ message: "Next page " + s })), await this.configureFactor2(
475
475
  e,
476
476
  o,
477
- (r, i) => {
478
- const n = i != null && i.factor2 ? this.sessionServer.authenticators[i.factor2] : void 0;
477
+ (r, t) => {
478
+ const n = t != null && t.factor2 ? this.sessionServer.authenticators[t.factor2] : void 0;
479
479
  return !this.sessionServer.isSessionUser(e) && this.enableEmailVerification && (n == null || n.skipEmailVerificationOnSignup() != !0) ? r.view(this.signupPage, {
480
480
  next: s,
481
481
  csrfToken: e.csrfToken,
@@ -497,10 +497,10 @@ class De {
497
497
  const a = l.asCrossauthError(r);
498
498
  return d.logger.error(c({ message: "Signup second factor failure", errorCodeName: a.codeName, errorCode: a.code })), d.logger.error(c({ message: "Session not defined during two factor process" })), o.status(500).view(this.sessionServer.errorPage, { status: 500, errorMessage: "An unknown error occurred", errorCode: g.UnknownError, errorCodeName: "UnknownError" });
499
499
  }
500
- let i = (await this.sessionServer.sessionManager.dataForSessionId(e.sessionId))["2fa"];
500
+ let t = (await this.sessionServer.sessionManager.dataForSessionId(e.sessionId))["2fa"];
501
501
  const n = l.asCrossauthError(r);
502
- d.logger.error(c({ message: "Signup two factor failure", user: i == null ? void 0 : i.username, errorCodeName: n.codeName, errorCode: n.code }));
503
- const { userData: t } = await this.sessionServer.sessionManager.repeatTwoFactorSignup(e.sessionId);
502
+ d.logger.error(c({ message: "Signup two factor failure", user: t == null ? void 0 : t.username, errorCodeName: n.codeName, errorCode: n.code }));
503
+ const { userData: i } = await this.sessionServer.sessionManager.repeatTwoFactorSignup(e.sessionId);
504
504
  return this.sessionServer.handleError(r, e, o, (a, h) => a.view(this.configureFactor2Page, {
505
505
  errorMessage: h.message,
506
506
  errorMessages: h.messages,
@@ -508,11 +508,11 @@ class De {
508
508
  errorCodeName: g[h.code],
509
509
  urlPrefix: this.prefix,
510
510
  next: s,
511
- ...t,
511
+ ...i,
512
512
  csrfToken: this.sessionServer.csrfToken(e, a)
513
513
  }));
514
- } catch (i) {
515
- return d.logger.error(c({ err: i })), o.status(500).view(this.sessionServer.errorPage, {
514
+ } catch (t) {
515
+ return d.logger.error(c({ err: t })), o.status(500).view(this.sessionServer.errorPage, {
516
516
  status: 500,
517
517
  errorMessage: "An unknown error occurred",
518
518
  errorCode: g.UnknownError,
@@ -542,20 +542,20 @@ class De {
542
542
  return await this.reconfigureFactor2(
543
543
  o,
544
544
  s,
545
- (i, n, t) => i.header(...U).send({
545
+ (t, n, i) => t.header(...O).send({
546
546
  ok: !0,
547
547
  ...n
548
548
  })
549
549
  );
550
- } catch (i) {
551
- const n = l.asCrossauthError(i);
550
+ } catch (t) {
551
+ const n = l.asCrossauthError(t);
552
552
  d.logger.error(c({
553
553
  message: "Configure 2FA configuration failure",
554
554
  user: (r = o.user) == null ? void 0 : r.username,
555
555
  errorCodeName: n.codeName,
556
556
  errorCode: n.code
557
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, o, s, (t, a) => {
558
- t.status(this.sessionServer.errorStatus(i)).header(...U).send({
557
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, o, s, (i, a) => {
558
+ i.status(this.sessionServer.errorStatus(t)).header(...O).send({
559
559
  ok: !1,
560
560
  errorMessage: a.message,
561
561
  errorMessages: a.messages,
@@ -579,23 +579,23 @@ class De {
579
579
  return await this.configureFactor2(
580
580
  o,
581
581
  s,
582
- (i, n) => {
583
- const t = {
582
+ (t, n) => {
583
+ const i = {
584
584
  ok: !0,
585
585
  user: n
586
586
  };
587
- return this.sessionServer.isSessionUser(o) || (t.emailVerificationNeeded = this.enableEmailVerification), i.header(...U).send(t);
587
+ return this.sessionServer.isSessionUser(o) || (i.emailVerificationNeeded = this.enableEmailVerification), t.header(...O).send(i);
588
588
  }
589
589
  );
590
- } catch (i) {
591
- const n = l.asCrossauthError(i);
590
+ } catch (t) {
591
+ const n = l.asCrossauthError(t);
592
592
  d.logger.error(c({
593
593
  message: "Configure 2FA configuration failure",
594
594
  user: (r = o.user) == null ? void 0 : r.username,
595
595
  errorCodeName: n.codeName,
596
596
  errorCode: n.code
597
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, o, s, (t, a) => {
598
- t.status(this.sessionServer.errorStatus(i)).header(...U).send({
597
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, o, s, (i, a) => {
598
+ i.status(this.sessionServer.errorStatus(t)).header(...O).send({
599
599
  ok: !1,
600
600
  errorMessage: a.message,
601
601
  errorMessages: a.messages,
@@ -640,7 +640,7 @@ class De {
640
640
  return await this.requestPasswordReset(
641
641
  e,
642
642
  o,
643
- (r, i) => r.view(this.requestPasswordResetPage, {
643
+ (r, t) => r.view(this.requestPasswordResetPage, {
644
644
  csrfToken: e.csrfToken,
645
645
  message: s,
646
646
  urlPrefix: this.prefix
@@ -650,13 +650,13 @@ class De {
650
650
  return d.logger.error(c({
651
651
  message: "Request password reset faiulure user failure",
652
652
  email: e.body.email
653
- })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, n) => n.code == g.EmailNotExist ? i.view(this.requestPasswordResetPage, {
653
+ })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (t, n) => n.code == g.EmailNotExist ? t.view(this.requestPasswordResetPage, {
654
654
  csrfToken: e.csrfToken,
655
655
  message: s,
656
656
  urlPrefix: this.prefix,
657
657
  required: e.body.required,
658
658
  next: e.body.next
659
- }) : e.body.next ? i.redirect(e.body.next) : i.view(this.requestPasswordResetPage, {
659
+ }) : e.body.next ? t.redirect(e.body.next) : t.view(this.requestPasswordResetPage, {
660
660
  errorMessage: n.message,
661
661
  errorMessages: n.messages,
662
662
  errorCode: n.code,
@@ -686,7 +686,7 @@ class De {
686
686
  return await this.requestPasswordReset(
687
687
  e,
688
688
  o,
689
- (s, r) => s.header(...U).send({
689
+ (s, r) => s.header(...O).send({
690
690
  ok: !0
691
691
  })
692
692
  );
@@ -697,8 +697,8 @@ class De {
697
697
  email: e.body.email,
698
698
  errorCodeName: r.codeName,
699
699
  errorCode: r.code
700
- })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (i, n) => {
701
- i.status(this.sessionServer.errorStatus(s)).header(...U).send({
700
+ })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (t, n) => {
701
+ t.status(this.sessionServer.errorStatus(s)).header(...O).send({
702
702
  ok: !1,
703
703
  errorMessage: n.message,
704
704
  errorMessages: n.messages,
@@ -761,10 +761,10 @@ class De {
761
761
  const r = l.asCrossauthError(s);
762
762
  return d.logger.error(c({
763
763
  message: "Reset password failure",
764
- hashedToken: F.hash(e.body.token),
764
+ hashedToken: N.hash(e.body.token),
765
765
  errorCodeName: r.codeName,
766
766
  errorCode: r.code
767
- })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (i, n) => i.view(this.resetPasswordPage, {
767
+ })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (t, n) => t.view(this.resetPasswordPage, {
768
768
  errorMessage: n.message,
769
769
  errorMessages: n.messages,
770
770
  errorCode: n.code,
@@ -794,7 +794,7 @@ class De {
794
794
  return await this.resetPassword(
795
795
  e,
796
796
  o,
797
- (s, r) => s.header(...U).send({
797
+ (s, r) => s.header(...O).send({
798
798
  ok: !0
799
799
  })
800
800
  );
@@ -802,11 +802,11 @@ class De {
802
802
  const r = l.asCrossauthError(s);
803
803
  return d.logger.error(c({
804
804
  message: "Reset password failure",
805
- hashedToken: F.hash(e.body.token),
805
+ hashedToken: N.hash(e.body.token),
806
806
  errorCodeName: r.codeName,
807
807
  errorCode: r.code
808
- })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (i, n) => {
809
- i.status(this.sessionServer.errorStatus(s)).header(...U).send({
808
+ })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (t, n) => {
809
+ t.status(this.sessionServer.errorStatus(s)).header(...O).send({
810
810
  ok: !1,
811
811
  errorMessage: n.message,
812
812
  errorMessages: n.messages,
@@ -844,10 +844,10 @@ class De {
844
844
  const r = l.asCrossauthError(s);
845
845
  return d.logger.error(c({
846
846
  message: "Verify email failed",
847
- hashedToken: F.hash(e.params.token),
847
+ hashedToken: N.hash(e.params.token),
848
848
  errorCodeName: r.codeName,
849
849
  errorCode: r.code
850
- })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (i, n) => i.view(this.sessionServer.errorPage, {
850
+ })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (t, n) => t.view(this.sessionServer.errorPage, {
851
851
  errorCode: n.code,
852
852
  errorCodeName: g[n.code],
853
853
  errorMessage: n.message,
@@ -875,7 +875,7 @@ class De {
875
875
  return await this.verifyEmail(
876
876
  e,
877
877
  o,
878
- (s, r) => s.header(...U).send({
878
+ (s, r) => s.header(...O).send({
879
879
  ok: !0,
880
880
  user: r
881
881
  })
@@ -884,11 +884,11 @@ class De {
884
884
  const r = l.asCrossauthError(s);
885
885
  return d.logger.error(c({
886
886
  message: "Verify email failure",
887
- hashedToken: F.hash(e.params.token),
887
+ hashedToken: N.hash(e.params.token),
888
888
  errorCodeName: r.codeName,
889
889
  errorCode: r.code
890
- })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (i, n) => {
891
- i.status(this.sessionServer.errorStatus(s)).header(...U).send({
890
+ })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (t, n) => {
891
+ t.status(this.sessionServer.errorStatus(s)).header(...O).send({
892
892
  ok: !1,
893
893
  errorMessage: n.message,
894
894
  errorMessages: n.messages,
@@ -920,28 +920,28 @@ class De {
920
920
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call delete user unless a user storage is provided");
921
921
  s = (await this.sessionServer.userStorage.getUserById(e.user.id)).user;
922
922
  } catch (n) {
923
- const t = l.asCrossauthError(n);
924
- return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
925
- errorMessage: t.message,
926
- errorMessages: t.messages,
927
- errorCode: t.code,
928
- errorCodeName: g[t.code]
923
+ const i = l.asCrossauthError(n);
924
+ return d.logger.debug(c({ err: n })), o.status(i.httpStatus).view(this.sessionServer.errorPage, {
925
+ errorMessage: i.message,
926
+ errorMessages: i.messages,
927
+ errorCode: i.code,
928
+ errorCodeName: g[i.code]
929
929
  });
930
930
  }
931
931
  const r = e.query.next ?? this.prefix;
932
- let i = {
932
+ let t = {
933
933
  urlPrefix: this.prefix,
934
934
  csrfToken: e.csrfToken,
935
935
  next: r,
936
936
  isAdmin: !1,
937
937
  user: s
938
938
  };
939
- return o.view(this.deleteUserPage, i);
939
+ return o.view(this.deleteUserPage, t);
940
940
  }
941
941
  ), this.sessionServer.app.post(
942
942
  this.prefix + "deleteuser",
943
943
  async (e, o) => {
944
- var r, i;
944
+ var r, t;
945
945
  if (d.logger.info(c({
946
946
  message: "Page visit",
947
947
  method: "POST",
@@ -956,24 +956,24 @@ class De {
956
956
  e,
957
957
  o,
958
958
  (n) => {
959
- var t;
959
+ var i;
960
960
  return n.view(this.deleteUserPage, {
961
961
  message: "User deleted",
962
962
  csrfToken: e.csrfToken,
963
963
  urlPrefix: this.prefix,
964
- userid: (t = e.user) == null ? void 0 : t.id,
964
+ userid: (i = e.user) == null ? void 0 : i.id,
965
965
  isAdmin: !1,
966
966
  next: s
967
967
  });
968
968
  }
969
969
  );
970
970
  } catch (n) {
971
- const t = l.asCrossauthError(n);
971
+ const i = l.asCrossauthError(n);
972
972
  return d.logger.error(c({
973
973
  message: "Failed deleting user",
974
- user: (i = e.user) == null ? void 0 : i.username,
975
- errorCodeName: t.codeName,
976
- errorCode: t.code
974
+ user: (t = e.user) == null ? void 0 : t.username,
975
+ errorCodeName: i.codeName,
976
+ errorCode: i.code
977
977
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
978
978
  var v;
979
979
  const p = l.asCrossauthError(n).httpStatus;
@@ -1008,28 +1008,28 @@ class De {
1008
1008
  ip: e.ip,
1009
1009
  user: (s = e.user) == null ? void 0 : s.username
1010
1010
  })), !e.user)
1011
- return o.status(401).header(...U).send({ ok: !1 });
1011
+ return o.status(401).header(...O).send({ ok: !1 });
1012
1012
  try {
1013
1013
  return await this.deleteUser(
1014
1014
  e,
1015
1015
  o,
1016
- (i) => {
1016
+ (t) => {
1017
1017
  var n;
1018
- return i.header(...U).send({
1018
+ return t.header(...O).send({
1019
1019
  ok: !0,
1020
1020
  userid: (n = e.user) == null ? void 0 : n.id
1021
1021
  });
1022
1022
  }
1023
1023
  );
1024
- } catch (i) {
1025
- const n = l.asCrossauthError(i);
1024
+ } catch (t) {
1025
+ const n = l.asCrossauthError(t);
1026
1026
  d.logger.error(c({
1027
1027
  message: "Delete user failure",
1028
1028
  user: (r = e.user) == null ? void 0 : r.username,
1029
1029
  errorCodeName: n.codeName,
1030
1030
  errorCode: n.code
1031
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1032
- t.status(this.sessionServer.errorStatus(i)).header(...U).send({
1031
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
1032
+ i.status(this.sessionServer.errorStatus(t)).header(...O).send({
1033
1033
  ok: !1,
1034
1034
  errorMessage: a.message,
1035
1035
  errorMessages: a.messages,
@@ -1057,9 +1057,9 @@ class De {
1057
1057
  e,
1058
1058
  this.sessionServer.userStorage.userEditableFields
1059
1059
  );
1060
- let i = this.sessionServer.validateUserFn(r);
1061
- if (i.length > 0)
1062
- throw new l(g.FormEntry, i);
1060
+ let t = this.sessionServer.validateUserFn(r);
1061
+ if (t.length > 0)
1062
+ throw new l(g.FormEntry, t);
1063
1063
  let n = await this.sessionServer.sessionManager.updateUser(e.user, r);
1064
1064
  return s(o, e.user, n.emailVerificationTokenSent);
1065
1065
  }
@@ -1086,26 +1086,26 @@ class De {
1086
1086
  throw new l(g.Unauthorized);
1087
1087
  if (!e.csrfToken)
1088
1088
  throw new l(g.InvalidCsrf);
1089
- let i = e.body.factor2;
1089
+ let t = e.body.factor2;
1090
1090
  if (e.body.factor2 && !this.sessionServer.allowedFactor2.includes(e.body.factor2))
1091
1091
  throw new l(
1092
1092
  g.Forbidden,
1093
1093
  "Illegal second factor " + e.body.factor2 + " requested"
1094
1094
  );
1095
- (e.body.factor2 == "none" || e.body.factor2 == "") && (i = void 0);
1096
- const n = await this.sessionServer.sessionManager.initiateTwoFactorSetup(r, i, e.sessionId);
1097
- let t = {
1098
- factor2: i,
1095
+ (e.body.factor2 == "none" || e.body.factor2 == "") && (t = void 0);
1096
+ const n = await this.sessionServer.sessionManager.initiateTwoFactorSetup(r, t, e.sessionId);
1097
+ let i = {
1098
+ factor2: t,
1099
1099
  userData: n,
1100
1100
  username: n.username,
1101
1101
  next: e.body.next ?? this.sessionServer.loginRedirect,
1102
1102
  csrfToken: e.csrfToken
1103
1103
  };
1104
- return s(o, t);
1104
+ return s(o, i);
1105
1105
  }
1106
1106
  async changePassword(e, o, s) {
1107
1107
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call changePassword unless a user storage is provided");
1108
- let r, i = !1;
1108
+ let r, t = !1;
1109
1109
  if (!this.sessionServer.isSessionUser(e) || !e.user) {
1110
1110
  const m = await this.sessionServer.getSessionData(e, "passwordchange");
1111
1111
  if (m != null && m.username) {
@@ -1115,7 +1115,7 @@ class De {
1115
1115
  skipActiveCheck: !0,
1116
1116
  skipEmailVerifiedCheck: !0
1117
1117
  }
1118
- )).user, i = !0, !e.csrfToken)
1118
+ )).user, t = !0, !e.csrfToken)
1119
1119
  throw new l(g.InvalidCsrf);
1120
1120
  } else
1121
1121
  throw new l(g.Unauthorized);
@@ -1125,18 +1125,18 @@ class De {
1125
1125
  r = e.user;
1126
1126
  } else
1127
1127
  throw new l(g.InsufficientPriviledges);
1128
- const n = this.sessionServer.authenticators[r.factor1], t = n.secretNames();
1128
+ const n = this.sessionServer.authenticators[r.factor1], i = n.secretNames();
1129
1129
  let a = {}, h = {}, f = {};
1130
1130
  for (let m in e.body)
1131
1131
  if (m.startsWith("new_")) {
1132
1132
  const w = m.replace(/^new_/, "");
1133
- t.includes(w) && (h[w] = e.body[m]);
1133
+ i.includes(w) && (h[w] = e.body[m]);
1134
1134
  } else if (m.startsWith("old_")) {
1135
1135
  const w = m.replace(/^old_/, "");
1136
- t.includes(w) && (a[w] = e.body[m]);
1136
+ i.includes(w) && (a[w] = e.body[m]);
1137
1137
  } else if (m.startsWith("repeat_")) {
1138
1138
  const w = m.replace(/^repeat_/, "");
1139
- t.includes(w) && (f[w] = e.body[m]);
1139
+ i.includes(w) && (f[w] = e.body[m]);
1140
1140
  }
1141
1141
  Object.keys(f).length === 0 && (f = void 0);
1142
1142
  let p = n.validateSecrets(h);
@@ -1144,7 +1144,7 @@ class De {
1144
1144
  throw new l(g.PasswordFormat, p);
1145
1145
  const v = r.state;
1146
1146
  try {
1147
- i && (r.state = "active", await this.sessionServer.userStorage.updateUser({ id: r.id, state: r.state })), await this.sessionServer.sessionManager.changeSecrets(
1147
+ t && (r.state = "active", await this.sessionServer.userStorage.updateUser({ id: r.id, state: r.state })), await this.sessionServer.sessionManager.changeSecrets(
1148
1148
  r.username,
1149
1149
  1,
1150
1150
  h,
@@ -1153,7 +1153,7 @@ class De {
1153
1153
  );
1154
1154
  } catch (m) {
1155
1155
  const w = l.asCrossauthError(m);
1156
- if (d.logger.debug(c({ err: m })), i)
1156
+ if (d.logger.debug(c({ err: m })), t)
1157
1157
  try {
1158
1158
  await this.sessionServer.userStorage.updateUser({ id: r.id, state: v });
1159
1159
  } catch (P) {
@@ -1161,7 +1161,7 @@ class De {
1161
1161
  }
1162
1162
  throw w;
1163
1163
  }
1164
- return i ? await this.sessionServer.loginWithUser(r, !1, e, o, s) : s(o, void 0);
1164
+ return t ? await this.sessionServer.loginWithUser(r, !1, e, o, s) : s(o, void 0);
1165
1165
  }
1166
1166
  async configureFactor2(e, o, s) {
1167
1167
  if (this.sessionServer.isSessionUser(e) && !e.csrfToken)
@@ -1179,20 +1179,20 @@ class De {
1179
1179
  !0,
1180
1180
  e,
1181
1181
  o,
1182
- (i, n) => s(i, n)
1182
+ (t, n) => s(t, n)
1183
1183
  ) : s(o, r);
1184
1184
  }
1185
1185
  async reconfigureFactor2(e, o, s) {
1186
1186
  if (!e.user || !e.sessionId || !this.sessionServer.isSessionUser(e))
1187
1187
  throw new l(g.Unauthorized);
1188
1188
  let r = e.user.factor2;
1189
- const i = this.sessionServer.authenticators[r];
1190
- if (!i || i.secretNames().length == 0)
1189
+ const t = this.sessionServer.authenticators[r];
1190
+ if (!t || t.secretNames().length == 0)
1191
1191
  throw new l(
1192
1192
  g.BadRequest,
1193
1193
  "Selected second factor does not have configuration"
1194
1194
  );
1195
- let t = {
1195
+ let i = {
1196
1196
  ...await this.sessionServer.sessionManager.initiateTwoFactorSetup(
1197
1197
  e.user,
1198
1198
  r,
@@ -1200,7 +1200,7 @@ class De {
1200
1200
  ),
1201
1201
  csrfToken: e.csrfToken
1202
1202
  };
1203
- return s(o, t);
1203
+ return s(o, i);
1204
1204
  }
1205
1205
  async requestPasswordReset(e, o, s) {
1206
1206
  if (!this.enablePasswordReset)
@@ -1213,8 +1213,8 @@ class De {
1213
1213
  const r = e.body.email;
1214
1214
  try {
1215
1215
  await this.sessionServer.sessionManager.requestPasswordReset(r);
1216
- } catch (i) {
1217
- const n = l.asCrossauthError(i);
1216
+ } catch (t) {
1217
+ const n = l.asCrossauthError(t);
1218
1218
  if (n.code == g.UserNotExist)
1219
1219
  d.logger.warn(c({
1220
1220
  message: "Password reset requested for invalid email",
@@ -1222,7 +1222,7 @@ class De {
1222
1222
  }));
1223
1223
  else
1224
1224
  throw d.logger.error(c({
1225
- err: i,
1225
+ err: t,
1226
1226
  message: "Couldn't send password reset email"
1227
1227
  })), n;
1228
1228
  }
@@ -1231,30 +1231,30 @@ class De {
1231
1231
  async resetPassword(e, o, s) {
1232
1232
  if (!e.csrfToken)
1233
1233
  throw new l(g.InvalidCsrf);
1234
- const r = e.body.token, i = await this.sessionServer.sessionManager.userForPasswordResetToken(r), n = this.sessionServer.authenticators[i.factor1], t = n.secretNames();
1234
+ const r = e.body.token, t = await this.sessionServer.sessionManager.userForPasswordResetToken(r), n = this.sessionServer.authenticators[t.factor1], i = n.secretNames();
1235
1235
  let a = {}, h = {};
1236
1236
  for (let v in e.body)
1237
1237
  if (v.startsWith("new_")) {
1238
1238
  const m = v.replace(/^new_/, "");
1239
- t.includes(m) && (a[m] = e.body[v]);
1239
+ i.includes(m) && (a[m] = e.body[v]);
1240
1240
  } else if (v.startsWith("repeat_")) {
1241
1241
  const m = v.replace(/^repeat_/, "");
1242
- t.includes(m) && (h[m] = e.body[v]);
1242
+ i.includes(m) && (h[m] = e.body[v]);
1243
1243
  }
1244
1244
  Object.keys(h).length === 0 && (h = void 0);
1245
1245
  let f = n.validateSecrets(a);
1246
1246
  if (f.length > 0)
1247
1247
  throw new l(g.PasswordFormat, f);
1248
1248
  const p = await this.sessionServer.sessionManager.resetSecret(r, 1, a, h);
1249
- return p.state != O.factor2ResetNeeded ? this.sessionServer.loginWithUser(p, !0, e, o, s) : s(o);
1249
+ return p.state != I.factor2ResetNeeded ? this.sessionServer.loginWithUser(p, !0, e, o, s) : s(o);
1250
1250
  }
1251
1251
  async verifyEmail(e, o, s) {
1252
1252
  if (!this.enableEmailVerification) throw new l(
1253
1253
  g.Configuration,
1254
1254
  "Email verification reset not enabled"
1255
1255
  );
1256
- const r = e.params.token, i = await this.sessionServer.sessionManager.applyEmailVerificationToken(r);
1257
- return await this.sessionServer.loginWithUser(i, !0, e, o, s);
1256
+ const r = e.params.token, t = await this.sessionServer.sessionManager.applyEmailVerificationToken(r);
1257
+ return await this.sessionServer.loginWithUser(t, !0, e, o, s);
1258
1258
  }
1259
1259
  async deleteUser(e, o, s) {
1260
1260
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call deleteUser unless a user storage is provided");
@@ -1275,10 +1275,10 @@ async function ze(S, e) {
1275
1275
  if (r.code != g.UserNotExist)
1276
1276
  throw d.logger.debug(c({ err: r })), r;
1277
1277
  try {
1278
- const { user: i } = await e.getUserByEmail(S);
1279
- o.push(i);
1280
- } catch (i) {
1281
- const n = l.asCrossauthError(i);
1278
+ const { user: t } = await e.getUserByEmail(S);
1279
+ o.push(t);
1280
+ } catch (t) {
1281
+ const n = l.asCrossauthError(t);
1282
1282
  if (n.code != g.UserNotExist)
1283
1283
  throw d.logger.debug(c({ err: n })), r;
1284
1284
  }
@@ -1339,18 +1339,18 @@ class He {
1339
1339
  return d.logger.debug(c({ msg: "Next page " + s })), await this.createUser(
1340
1340
  e,
1341
1341
  o,
1342
- (i, n, t) => i.redirect(302, s)
1342
+ (t, n, i) => t.redirect(302, s)
1343
1343
  );
1344
- } catch (i) {
1345
- const n = l.asCrossauthError(i);
1344
+ } catch (t) {
1345
+ const n = l.asCrossauthError(t);
1346
1346
  return d.logger.error(c({
1347
1347
  msg: "Signup failure",
1348
1348
  user: e.body.username,
1349
1349
  errorCodeName: n.codeName,
1350
1350
  errorCode: n.code
1351
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1352
- const f = l.asCrossauthError(i).httpStatus;
1353
- return t.status(f).view(this.adminCreateUserPage, {
1351
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
1352
+ const f = l.asCrossauthError(t).httpStatus;
1353
+ return i.status(f).view(this.adminCreateUserPage, {
1354
1354
  errorMessage: a.message,
1355
1355
  errorMessages: a.messages,
1356
1356
  errorCode: a.code,
@@ -1387,21 +1387,21 @@ class He {
1387
1387
  return await this.createUser(
1388
1388
  e,
1389
1389
  o,
1390
- (i, n, t) => i.header(...R).send({
1390
+ (t, n, i) => t.header(...R).send({
1391
1391
  ok: !0,
1392
- user: t,
1392
+ user: i,
1393
1393
  ...n.userData
1394
1394
  })
1395
1395
  );
1396
- } catch (i) {
1397
- const n = l.asCrossauthError(i);
1396
+ } catch (t) {
1397
+ const n = l.asCrossauthError(t);
1398
1398
  d.logger.error(c({
1399
1399
  msg: "Create user failure",
1400
1400
  user: (r = e.user) == null ? void 0 : r.username,
1401
1401
  errorCodeName: n.codeName,
1402
1402
  errorCode: n.code
1403
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1404
- t.status(this.sessionServer.errorStatus(i)).header(...R).send({
1403
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
1404
+ i.status(this.sessionServer.errorStatus(t)).header(...R).send({
1405
1405
  ok: !1,
1406
1406
  errorMessage: a.message,
1407
1407
  errorMessages: a.messages,
@@ -1428,21 +1428,21 @@ class He {
1428
1428
  })), !(e != null && e.user) || !y.isAdmin(e.user))
1429
1429
  return this.accessDeniedPage(e, o);
1430
1430
  try {
1431
- let s = [], r = Number(e.query.skip), i = Number(e.query.take);
1432
- r < 0 && (i = -r, r = 0), r || (r = 0), i || (i = 10), e.query.search ? s = await this.userSearchFn(
1431
+ let s = [], r = Number(e.query.skip), t = Number(e.query.take);
1432
+ r < 0 && (t = -r, r = 0), r || (r = 0), t || (t = 10), e.query.search ? s = await this.userSearchFn(
1433
1433
  e.query.search,
1434
1434
  this.sessionServer.userStorage
1435
1435
  ) : s = await this.sessionServer.userStorage.getUsers(
1436
1436
  r,
1437
- i
1437
+ t
1438
1438
  );
1439
1439
  let n = {
1440
1440
  urlPrefix: this.adminPrefix,
1441
1441
  skip: r,
1442
- take: i,
1442
+ take: t,
1443
1443
  users: s,
1444
1444
  havePrevious: r > 0,
1445
- haveNext: i != null && s.length == i
1445
+ haveNext: t != null && s.length == t
1446
1446
  };
1447
1447
  return e.query.next && (n.next = e.query.next), o.view(this.adminSelectUserPage, n);
1448
1448
  } catch (s) {
@@ -1512,12 +1512,12 @@ class He {
1512
1512
  let s;
1513
1513
  try {
1514
1514
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call updateuser unless a user storage is provided");
1515
- const { user: i } = await this.sessionServer.userStorage.getUserById(e.params.id);
1516
- return s = i, await this.updateUser(
1515
+ const { user: t } = await this.sessionServer.userStorage.getUserById(e.params.id);
1516
+ return s = t, await this.updateUser(
1517
1517
  s,
1518
1518
  e,
1519
1519
  o,
1520
- (n, t, a, h) => {
1520
+ (n, i, a, h) => {
1521
1521
  let f = "User's details have been updated.";
1522
1522
  return a ? f = "User's details have been updated and sent and an email verification link." : h && (f = "User's details have been updated and sent and a password reset token sent."), n.view(this.adminUpdateUserPage, {
1523
1523
  csrfToken: e.csrfToken,
@@ -1527,9 +1527,9 @@ class He {
1527
1527
  });
1528
1528
  }
1529
1529
  );
1530
- } catch (i) {
1531
- const n = l.asCrossauthError(i);
1532
- return d.logger.error(c({ msg: "Update user failure", user: e.body.username, errorCodeName: n.codeName, errorCode: n.code })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => s ? t.view(this.adminUpdateUserPage, {
1530
+ } catch (t) {
1531
+ const n = l.asCrossauthError(t);
1532
+ return d.logger.error(c({ msg: "Update user failure", user: e.body.username, errorCodeName: n.codeName, errorCode: n.code })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => s ? i.view(this.adminUpdateUserPage, {
1533
1533
  user: s,
1534
1534
  errorMessage: a.message,
1535
1535
  errorMessages: a.messages,
@@ -1540,7 +1540,7 @@ class He {
1540
1540
  allowedFactor2: this.sessionServer.allowedFactor2Details(),
1541
1541
  ...e.body
1542
1542
  }) : y.sendPageError(
1543
- t,
1543
+ i,
1544
1544
  n.httpStatus,
1545
1545
  this.sessionServer.errorPage,
1546
1546
  n.message,
@@ -1570,28 +1570,28 @@ class He {
1570
1570
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call deleteuser unless a user storage is provided");
1571
1571
  s = (await this.sessionServer.userStorage.getUserById(e.params.id)).user;
1572
1572
  } catch (n) {
1573
- const t = l.asCrossauthError(n);
1574
- return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
1575
- errorMessage: t.message,
1576
- errorMessages: t.messages,
1577
- errorCode: t.code,
1578
- errorCodeName: g[t.code]
1573
+ const i = l.asCrossauthError(n);
1574
+ return d.logger.debug(c({ err: n })), o.status(i.httpStatus).view(this.sessionServer.errorPage, {
1575
+ errorMessage: i.message,
1576
+ errorMessages: i.messages,
1577
+ errorCode: i.code,
1578
+ errorCodeName: g[i.code]
1579
1579
  });
1580
1580
  }
1581
1581
  const r = e.query.next ?? this.adminPrefix + "selectuser";
1582
- let i = {
1582
+ let t = {
1583
1583
  urlPrefix: this.adminPrefix,
1584
1584
  csrfToken: e.csrfToken,
1585
1585
  next: r,
1586
1586
  isAdmin: !0,
1587
1587
  user: s
1588
1588
  };
1589
- return o.view(this.deleteUserPage, i);
1589
+ return o.view(this.deleteUserPage, t);
1590
1590
  }
1591
1591
  ), this.sessionServer.app.post(
1592
1592
  this.adminPrefix + "deleteuser/:id",
1593
1593
  async (e, o) => {
1594
- var r, i;
1594
+ var r, t;
1595
1595
  d.logger.info(c({
1596
1596
  msg: "Page visit",
1597
1597
  method: "POST",
@@ -1614,12 +1614,12 @@ class He {
1614
1614
  })
1615
1615
  );
1616
1616
  } catch (n) {
1617
- const t = l.asCrossauthError(n);
1617
+ const i = l.asCrossauthError(n);
1618
1618
  return d.logger.error(c({
1619
1619
  msg: "Failed deleting user",
1620
- user: (i = e.user) == null ? void 0 : i.username,
1621
- errorCodeName: t.codeName,
1622
- errorCode: t.code
1620
+ user: (t = e.user) == null ? void 0 : t.username,
1621
+ errorCodeName: i.codeName,
1622
+ errorCode: i.code
1623
1623
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
1624
1624
  const p = l.asCrossauthError(n).httpStatus;
1625
1625
  return a.status(p).view(this.deleteUserPage, {
@@ -1645,7 +1645,7 @@ class He {
1645
1645
  this.sessionServer.app.post(
1646
1646
  this.adminPrefix + "api/updateuser/:id",
1647
1647
  async (e, o) => {
1648
- var r, i;
1648
+ var r, t;
1649
1649
  if (d.logger.info(c({
1650
1650
  msg: "API visit",
1651
1651
  method: "POST",
@@ -1662,18 +1662,18 @@ class He {
1662
1662
  s,
1663
1663
  e,
1664
1664
  o,
1665
- (t, a, h) => t.header(...R).send({
1665
+ (i, a, h) => i.header(...R).send({
1666
1666
  ok: !0,
1667
1667
  emailVerificationRequired: h
1668
1668
  })
1669
1669
  );
1670
1670
  } catch (n) {
1671
- const t = l.asCrossauthError(n);
1671
+ const i = l.asCrossauthError(n);
1672
1672
  return d.logger.error(c({
1673
1673
  msg: "Update user failure",
1674
- user: (i = e.user) == null ? void 0 : i.username,
1675
- errorCodeName: t.codeName,
1676
- errorCode: t.code
1674
+ user: (t = e.user) == null ? void 0 : t.username,
1675
+ errorCodeName: i.codeName,
1676
+ errorCode: i.code
1677
1677
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
1678
1678
  a.status(this.sessionServer.errorStatus(n)).header(...R).send({
1679
1679
  ok: !1,
@@ -1706,20 +1706,20 @@ class He {
1706
1706
  return this.accessDeniedPage(e, o);
1707
1707
  try {
1708
1708
  const { user: r } = await this.sessionServer.userStorage.getUserById(e.params.id);
1709
- let i = {
1709
+ let t = {
1710
1710
  urlPrefix: this.adminPrefix,
1711
1711
  csrfToken: e.csrfToken,
1712
1712
  user: r
1713
1713
  };
1714
- return o.view(this.adminChangePasswordPage, i);
1714
+ return o.view(this.adminChangePasswordPage, t);
1715
1715
  } catch (r) {
1716
- const i = l.asCrossauthError(r);
1716
+ const t = l.asCrossauthError(r);
1717
1717
  return d.logger.error(c({ err: r })), y.sendPageError(
1718
1718
  o,
1719
- i.httpStatus,
1719
+ t.httpStatus,
1720
1720
  this.sessionServer.errorPage,
1721
- i.message,
1722
- i
1721
+ t.message,
1722
+ t
1723
1723
  );
1724
1724
  }
1725
1725
  }
@@ -1737,12 +1737,12 @@ class He {
1737
1737
  let s;
1738
1738
  try {
1739
1739
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call changepassword unless a user storage is provided");
1740
- const { user: i } = await this.sessionServer.userStorage.getUserById(e.params.id);
1741
- return s = i, await this.changePassword(
1740
+ const { user: t } = await this.sessionServer.userStorage.getUserById(e.params.id);
1741
+ return s = t, await this.changePassword(
1742
1742
  s,
1743
1743
  e,
1744
1744
  o,
1745
- (n, t) => e.body.next ? n.redirect(e.body.next) : n.view(this.adminChangePasswordPage, {
1745
+ (n, i) => e.body.next ? n.redirect(e.body.next) : n.view(this.adminChangePasswordPage, {
1746
1746
  csrfToken: e.csrfToken,
1747
1747
  message: "User's password has been changed.",
1748
1748
  urlPrefix: this.adminPrefix,
@@ -1751,14 +1751,14 @@ class He {
1751
1751
  user: s
1752
1752
  })
1753
1753
  );
1754
- } catch (i) {
1755
- const n = l.asCrossauthError(i);
1754
+ } catch (t) {
1755
+ const n = l.asCrossauthError(t);
1756
1756
  return d.logger.error(c({
1757
1757
  msg: "Change password failure",
1758
1758
  userid: e.params.id,
1759
1759
  errorCodeName: n.codeName,
1760
1760
  errorCode: n.code
1761
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.view(this.adminChangePasswordPage, {
1761
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => i.view(this.adminChangePasswordPage, {
1762
1762
  errorMessage: a.message,
1763
1763
  errorMessages: a.messages,
1764
1764
  errorCode: a.code,
@@ -1777,7 +1777,7 @@ class He {
1777
1777
  this.sessionServer.app.post(
1778
1778
  this.adminPrefix + "api/changepassword/:id",
1779
1779
  async (e, o) => {
1780
- var r, i;
1780
+ var r, t;
1781
1781
  if (d.logger.info(c({
1782
1782
  msg: "API visit",
1783
1783
  method: "POST",
@@ -1794,17 +1794,17 @@ class He {
1794
1794
  s,
1795
1795
  e,
1796
1796
  o,
1797
- (t, a) => t.header(...R).send({
1797
+ (i, a) => i.header(...R).send({
1798
1798
  ok: !0
1799
1799
  })
1800
1800
  );
1801
1801
  } catch (n) {
1802
- const t = l.asCrossauthError(n);
1802
+ const i = l.asCrossauthError(n);
1803
1803
  return d.logger.error(c({
1804
1804
  msg: "Update user failure",
1805
- user: (i = e.user) == null ? void 0 : i.username,
1806
- errorCodeName: t.codeName,
1807
- errorCode: t.code
1805
+ user: (t = e.user) == null ? void 0 : t.username,
1806
+ errorCodeName: i.codeName,
1807
+ errorCode: i.code
1808
1808
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
1809
1809
  a.status(this.sessionServer.errorStatus(n)).header(...R).send({
1810
1810
  ok: !1,
@@ -1837,20 +1837,20 @@ class He {
1837
1837
  return await this.deleteUser(
1838
1838
  e,
1839
1839
  o,
1840
- (i) => i.header(...R).send({
1840
+ (t) => t.header(...R).send({
1841
1841
  ok: !0,
1842
1842
  client_id: e.params.id
1843
1843
  })
1844
1844
  );
1845
- } catch (i) {
1846
- const n = l.asCrossauthError(i);
1845
+ } catch (t) {
1846
+ const n = l.asCrossauthError(t);
1847
1847
  d.logger.error(c({
1848
1848
  msg: "Delete user failure",
1849
1849
  user: (r = e.user) == null ? void 0 : r.username,
1850
1850
  errorCodeName: n.codeName,
1851
1851
  errorCode: n.code
1852
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1853
- t.status(this.sessionServer.errorStatus(i)).header(...R).send({
1852
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
1853
+ i.status(this.sessionServer.errorStatus(t)).header(...R).send({
1854
1854
  ok: !1,
1855
1855
  errorMessage: a.message,
1856
1856
  errorMessages: a.messages,
@@ -1884,31 +1884,31 @@ class He {
1884
1884
  this.sessionServer.adminAllowedFactor1,
1885
1885
  this.sessionServer.allowedFactor2
1886
1886
  );
1887
- const i = this.sessionServer.authenticators[r.factor1].secretNames();
1887
+ const t = this.sessionServer.authenticators[r.factor1].secretNames();
1888
1888
  let n = !0;
1889
- for (let v of i)
1889
+ for (let v of t)
1890
1890
  !e.body[v] && !e.body["repeat_" + v] && (n = !1);
1891
- let t = [], a = {};
1891
+ let i = [], a = {};
1892
1892
  if (n) {
1893
- t = this.sessionServer.authenticators[r.factor1].validateSecrets(e.body);
1893
+ i = this.sessionServer.authenticators[r.factor1].validateSecrets(e.body);
1894
1894
  for (let v in e.body)
1895
1895
  if (v.startsWith("repeat_")) {
1896
1896
  const m = v.replace(/^repeat_/, "");
1897
- i.includes(m) && (a[m] = e.body[v]);
1897
+ t.includes(m) && (a[m] = e.body[v]);
1898
1898
  }
1899
1899
  Object.keys(a).length === 0 && (a = void 0);
1900
1900
  }
1901
- n ? r.factor2 && r.factor2 != "none" && (r.state = O.factor2ResetNeeded, d.logger.warn(c({
1902
- msg: `Setting state for user to ${O.factor2ResetNeeded}`,
1901
+ n ? r.factor2 && r.factor2 != "none" && (r.state = I.factor2ResetNeeded, d.logger.warn(c({
1902
+ msg: `Setting state for user to ${I.factor2ResetNeeded}`,
1903
1903
  username: r.username
1904
- }))) : r.factor2 && r.factor2 != "none" ? (r.state = O.passwordAndFactor2ResetNeeded, d.logger.warn(c({
1905
- msg: `Setting state for user to ${O.passwordAndFactor2ResetNeeded}`,
1904
+ }))) : r.factor2 && r.factor2 != "none" ? (r.state = I.passwordAndFactor2ResetNeeded, d.logger.warn(c({
1905
+ msg: `Setting state for user to ${I.passwordAndFactor2ResetNeeded}`,
1906
1906
  username: r.username
1907
- }))) : (r.state = O.passwordResetNeeded, d.logger.warn(c({
1908
- msg: `Setting state for user to ${O.passwordResetNeeded}`,
1907
+ }))) : (r.state = I.passwordResetNeeded, d.logger.warn(c({
1908
+ msg: `Setting state for user to ${I.passwordResetNeeded}`,
1909
1909
  username: r.username
1910
1910
  })));
1911
- let f = [...this.sessionServer.validateUserFn(r), ...t];
1911
+ let f = [...this.sessionServer.validateUserFn(r), ...i];
1912
1912
  if (f.length > 0)
1913
1913
  throw new l(g.FormEntry, f);
1914
1914
  const p = await this.sessionServer.sessionManager.createUser(
@@ -1931,11 +1931,11 @@ class He {
1931
1931
  }
1932
1932
  async accessDeniedPage(e, o) {
1933
1933
  const s = new l(g.InsufficientPriviledges);
1934
- return this.sessionServer.handleError(s, e, o, (r, i) => r.status(s.httpStatus).view(this.sessionServer.errorPage, {
1935
- errorMessage: i.message,
1936
- errorMessages: i.messages,
1937
- errorCode: i.code,
1938
- errorCodeName: g[i.code]
1934
+ return this.sessionServer.handleError(s, e, o, (r, t) => r.status(s.httpStatus).view(this.sessionServer.errorPage, {
1935
+ errorMessage: t.message,
1936
+ errorMessages: t.messages,
1937
+ errorCode: t.code,
1938
+ errorCodeName: g[t.code]
1939
1939
  }));
1940
1940
  }
1941
1941
  async updateUser(e, o, s, r) {
@@ -1943,7 +1943,7 @@ class He {
1943
1943
  if (!o.user || !y.isAdmin(o.user))
1944
1944
  throw new l(g.Unauthorized);
1945
1945
  if (this.sessionServer.isSessionUser(o) && !o.csrfToken) throw new l(g.InvalidCsrf);
1946
- const i = e.factor2, n = e.state;
1946
+ const t = e.factor2, n = e.state;
1947
1947
  e.state = o.body.state, e = this.sessionServer.updateUserFn(
1948
1948
  e,
1949
1949
  o,
@@ -1952,11 +1952,11 @@ class He {
1952
1952
  ...this.sessionServer.userStorage.adminEditableFields
1953
1953
  }
1954
1954
  );
1955
- const t = e.factor2 && e.factor2 != "none" && e.factor2 != i;
1956
- if (t && !(e.state == n || e.state == "factor2ResetNeeded"))
1955
+ const i = e.factor2 && e.factor2 != "none" && e.factor2 != t;
1956
+ if (i && !(e.state == n || e.state == "factor2ResetNeeded"))
1957
1957
  throw new l(g.BadRequest, "Cannot change both factor2 and state at the same time");
1958
- t && (e.state = O.factor2ResetNeeded, d.logger.warn(c({
1959
- msg: `Setting state for user to ${O.factor2ResetNeeded}`,
1958
+ i && (e.state = I.factor2ResetNeeded, d.logger.warn(c({
1959
+ msg: `Setting state for user to ${I.factor2ResetNeeded}`,
1960
1960
  username: e.username
1961
1961
  })));
1962
1962
  let a = this.sessionServer.validateUserFn(e);
@@ -1974,22 +1974,22 @@ class He {
1974
1974
  if (!o.user || !y.isAdmin(o.user))
1975
1975
  throw new l(g.Unauthorized);
1976
1976
  if (this.sessionServer.isSessionUser(o) && !o.csrfToken) throw new l(g.InvalidCsrf);
1977
- const i = this.sessionServer.authenticators[e.factor1], n = i.secretNames();
1978
- let t = {}, a = {};
1977
+ const t = this.sessionServer.authenticators[e.factor1], n = t.secretNames();
1978
+ let i = {}, a = {};
1979
1979
  for (let f in o.body)
1980
1980
  if (f.startsWith("new_")) {
1981
1981
  const p = f.replace(/^new_/, "");
1982
- n.includes(p) && (t[p] = o.body[f]);
1982
+ n.includes(p) && (i[p] = o.body[f]);
1983
1983
  } else if (f.startsWith("repeat_")) {
1984
1984
  const p = f.replace(/^repeat_/, "");
1985
1985
  n.includes(p) && (a[p] = o.body[f]);
1986
1986
  }
1987
- if (Object.keys(a).length === 0 && (a = void 0), i.validateSecrets(t).length > 0)
1987
+ if (Object.keys(a).length === 0 && (a = void 0), t.validateSecrets(i).length > 0)
1988
1988
  throw new l(g.PasswordFormat);
1989
1989
  return e.state = "active", await this.sessionServer.userStorage.updateUser({ id: e.id, state: e.state }), await this.sessionServer.sessionManager.changeSecrets(
1990
1990
  e.username,
1991
1991
  1,
1992
- t,
1992
+ i,
1993
1993
  a
1994
1994
  ), r(s, void 0);
1995
1995
  }
@@ -2008,15 +2008,15 @@ async function ve(S, e, o) {
2008
2008
  const r = await e.getClientById(S);
2009
2009
  s.push(r);
2010
2010
  } catch (r) {
2011
- const i = l.asCrossauthError(r);
2012
- if (i.code != g.UserNotExist)
2013
- throw d.logger.debug(c({ err: i })), i;
2011
+ const t = l.asCrossauthError(r);
2012
+ if (t.code != g.UserNotExist)
2013
+ throw d.logger.debug(c({ err: t })), t;
2014
2014
  try {
2015
2015
  s = await e.getClientByName(S, o);
2016
2016
  } catch (n) {
2017
- const t = l.asCrossauthError(n);
2018
- if (t.code != g.UserNotExist)
2019
- throw d.logger.debug(c({ err: t })), i;
2017
+ const i = l.asCrossauthError(n);
2018
+ if (i.code != g.UserNotExist)
2019
+ throw d.logger.debug(c({ err: i })), t;
2020
2020
  }
2021
2021
  }
2022
2022
  return s;
@@ -2059,42 +2059,42 @@ class Le {
2059
2059
  return this.accessDeniedPage(e, o);
2060
2060
  const s = e.query.next ?? encodeURIComponent(e.url);
2061
2061
  try {
2062
- let r = [], i = Number(e.query.skip), n = Number(e.query.take);
2063
- i || (i = 0), n || (n = 10);
2064
- let t = null, a;
2062
+ let r = [], t = Number(e.query.skip), n = Number(e.query.take);
2063
+ t || (t = 0), n || (n = 10);
2064
+ let i = null, a;
2065
2065
  if (e.query.userid) {
2066
2066
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call selectclient with user unless a user storage is provided");
2067
- a = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user, t = a.id;
2067
+ a = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user, i = a.id;
2068
2068
  }
2069
2069
  e.query.search ? r = await this.clientSearchFn(
2070
2070
  e.query.search,
2071
2071
  this.clientStorage,
2072
- t
2072
+ i
2073
2073
  ) : r = await this.clientStorage.getClients(
2074
- i,
2074
+ t,
2075
2075
  n,
2076
- t
2076
+ i
2077
2077
  );
2078
2078
  let h = {
2079
2079
  urlPrefix: this.adminPrefix,
2080
2080
  user: a,
2081
- skip: i,
2081
+ skip: t,
2082
2082
  take: n,
2083
2083
  clients: r,
2084
- havePrevious: i > 0,
2084
+ havePrevious: t > 0,
2085
2085
  haveNext: n != null && r.length == n,
2086
2086
  isAdmin: !0,
2087
2087
  next: s
2088
2088
  };
2089
2089
  return e.query.next && (h.next = e.query.next), o.view(this.selectClientPage, h);
2090
2090
  } catch (r) {
2091
- const i = l.asCrossauthError(r);
2091
+ const t = l.asCrossauthError(r);
2092
2092
  return d.logger.error(c({ err: r })), y.sendPageError(
2093
2093
  o,
2094
- i.httpStatus,
2094
+ t.httpStatus,
2095
2095
  this.sessionServer.errorPage,
2096
- i.message,
2097
- i
2096
+ t.message,
2097
+ t
2098
2098
  );
2099
2099
  }
2100
2100
  }
@@ -2123,15 +2123,15 @@ class Le {
2123
2123
  r = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user;
2124
2124
  }
2125
2125
  } catch (n) {
2126
- const t = l.asCrossauthError(n);
2127
- return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
2128
- errorMessage: t.message,
2129
- errorMessages: t.messages,
2130
- errorCode: t.code,
2131
- errorCodeName: g[t.code]
2126
+ const i = l.asCrossauthError(n);
2127
+ return d.logger.debug(c({ err: n })), o.status(i.httpStatus).view(this.sessionServer.errorPage, {
2128
+ errorMessage: i.message,
2129
+ errorMessages: i.messages,
2130
+ errorCode: i.code,
2131
+ errorCodeName: g[i.code]
2132
2132
  });
2133
2133
  }
2134
- let i = {
2134
+ let t = {
2135
2135
  urlPrefix: this.adminPrefix,
2136
2136
  csrfToken: e.csrfToken,
2137
2137
  validFlows: this.validFlows,
@@ -2140,18 +2140,18 @@ class Le {
2140
2140
  isAdmin: !0,
2141
2141
  next: s
2142
2142
  };
2143
- return o.view(this.createClientPage, i);
2143
+ return o.view(this.createClientPage, t);
2144
2144
  }
2145
2145
  ), this.sessionServer.app.post(
2146
2146
  this.adminPrefix + "createclient",
2147
2147
  async (e, o) => {
2148
- var i, n;
2148
+ var t, n;
2149
2149
  d.logger.info(c({
2150
2150
  msg: "Page visit",
2151
2151
  method: "POST",
2152
2152
  url: this.adminPrefix + "createclient",
2153
2153
  ip: e.ip,
2154
- user: (i = e.user) == null ? void 0 : i.username
2154
+ user: (t = e.user) == null ? void 0 : t.username
2155
2155
  }));
2156
2156
  let s = e.body.next;
2157
2157
  s || (e.body.userid ? s = this.adminPrefix + "selectuser" : s = this.adminPrefix + "selectclient");
@@ -2164,7 +2164,7 @@ class Le {
2164
2164
  return await this.createClient(
2165
2165
  e,
2166
2166
  o,
2167
- (t, a) => t.view(this.createClientPage, {
2167
+ (i, a) => i.view(this.createClientPage, {
2168
2168
  message: "Created client",
2169
2169
  client: a,
2170
2170
  csrfToken: e.csrfToken,
@@ -2178,15 +2178,15 @@ class Le {
2178
2178
  }),
2179
2179
  r
2180
2180
  );
2181
- } catch (t) {
2182
- const a = l.asCrossauthError(t);
2181
+ } catch (i) {
2182
+ const a = l.asCrossauthError(i);
2183
2183
  return d.logger.error(c({
2184
2184
  msg: "Failed creating OAuth client",
2185
2185
  user: (n = e.user) == null ? void 0 : n.username,
2186
2186
  errorCodeName: a.codeName,
2187
2187
  errorCode: a.code
2188
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (h, f) => {
2189
- const v = l.asCrossauthError(t).httpStatus;
2188
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (h, f) => {
2189
+ const v = l.asCrossauthError(i).httpStatus;
2190
2190
  return h.status(v).view(this.createClientPage, {
2191
2191
  errorMessage: f.message,
2192
2192
  errorMessages: f.messages,
@@ -2233,11 +2233,11 @@ class Le {
2233
2233
  }
2234
2234
  let r = e.query.next;
2235
2235
  r || (e.query.userid ? r = this.adminPrefix + "selectuser" : r = this.adminPrefix + "selectclient");
2236
- let i;
2236
+ let t;
2237
2237
  try {
2238
2238
  if (s.userid) {
2239
2239
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call updateclient with user unless a user storage is provided");
2240
- i = (await this.sessionServer.userStorage.getUserById(s.userid)).user;
2240
+ t = (await this.sessionServer.userStorage.getUserById(s.userid)).user;
2241
2241
  }
2242
2242
  } catch (a) {
2243
2243
  const h = l.asCrossauthError(a);
@@ -2251,13 +2251,13 @@ class Le {
2251
2251
  let n = {};
2252
2252
  for (let a of this.validFlows)
2253
2253
  s.valid_flow.includes(a) && (n[a] = !0);
2254
- let t = {
2254
+ let i = {
2255
2255
  urlPrefix: this.adminPrefix,
2256
2256
  csrfToken: e.csrfToken,
2257
2257
  validFlows: this.validFlows,
2258
2258
  flowNames: E.flowNames(this.validFlows),
2259
2259
  selectedFlows: n,
2260
- user: i,
2260
+ user: t,
2261
2261
  client_id: s.client_id,
2262
2262
  client_name: s.client_name,
2263
2263
  confidential: s.confidential,
@@ -2265,18 +2265,18 @@ class Le {
2265
2265
  isAdmin: !0,
2266
2266
  next: r
2267
2267
  };
2268
- return o.view(this.updateClientPage, t);
2268
+ return o.view(this.updateClientPage, i);
2269
2269
  }
2270
2270
  ), this.sessionServer.app.post(
2271
2271
  this.adminPrefix + "updateclient/:client_id",
2272
2272
  async (e, o) => {
2273
- var i, n;
2273
+ var t, n;
2274
2274
  d.logger.info(c({
2275
2275
  msg: "Page visit",
2276
2276
  method: "POST",
2277
2277
  url: this.adminPrefix + "updateclient",
2278
2278
  ip: e.ip,
2279
- user: (i = e.user) == null ? void 0 : i.username
2279
+ user: (t = e.user) == null ? void 0 : t.username
2280
2280
  }));
2281
2281
  let s = e.body.next;
2282
2282
  s || (e.body.userid ? s = this.adminPrefix + "selectuser" : s = this.adminPrefix + "selectclient");
@@ -2289,7 +2289,7 @@ class Le {
2289
2289
  return await this.updateClient(
2290
2290
  e,
2291
2291
  o,
2292
- (t, a, h) => t.view(this.updateClientPage, {
2292
+ (i, a, h) => i.view(this.updateClientPage, {
2293
2293
  message: "Updated client",
2294
2294
  client: a,
2295
2295
  csrfToken: e.csrfToken,
@@ -2303,15 +2303,15 @@ class Le {
2303
2303
  ...e.body
2304
2304
  })
2305
2305
  );
2306
- } catch (t) {
2307
- const a = l.asCrossauthError(t);
2306
+ } catch (i) {
2307
+ const a = l.asCrossauthError(i);
2308
2308
  return d.logger.error(c({
2309
2309
  msg: "Failed updating OAuth client",
2310
2310
  user: (n = e.user) == null ? void 0 : n.username,
2311
2311
  errorCodeName: a.codeName,
2312
2312
  errorCode: a.code
2313
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (h, f) => {
2314
- const v = l.asCrossauthError(t).httpStatus;
2313
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (h, f) => {
2314
+ const v = l.asCrossauthError(i).httpStatus;
2315
2315
  let m = {};
2316
2316
  for (let w of this.validFlows)
2317
2317
  w in e.body && (m[w] = !0);
@@ -2353,27 +2353,27 @@ class Le {
2353
2353
  try {
2354
2354
  s = await this.clientStorage.getClientById(e.params.client_id);
2355
2355
  } catch (n) {
2356
- const t = l.asCrossauthError(n);
2357
- return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
2358
- errorMessage: t.message,
2359
- errorMessages: t.messages,
2360
- errorCode: t.code,
2361
- errorCodeName: g[t.code]
2356
+ const i = l.asCrossauthError(n);
2357
+ return d.logger.debug(c({ err: n })), o.status(i.httpStatus).view(this.sessionServer.errorPage, {
2358
+ errorMessage: i.message,
2359
+ errorMessages: i.messages,
2360
+ errorCode: i.code,
2361
+ errorCodeName: g[i.code]
2362
2362
  });
2363
2363
  }
2364
2364
  const r = e.query.next ?? this.adminPrefix + "selectclient";
2365
- let i = {
2365
+ let t = {
2366
2366
  urlPrefix: this.adminPrefix,
2367
2367
  csrfToken: e.csrfToken,
2368
2368
  next: r,
2369
2369
  client: s
2370
2370
  };
2371
- return o.view(this.deleteClientPage, i);
2371
+ return o.view(this.deleteClientPage, t);
2372
2372
  }
2373
2373
  ), this.sessionServer.app.post(
2374
2374
  this.adminPrefix + "deleteclient/:client_id",
2375
2375
  async (e, o) => {
2376
- var r, i;
2376
+ var r, t;
2377
2377
  d.logger.info(c({
2378
2378
  msg: "Page visit",
2379
2379
  method: "POST",
@@ -2396,12 +2396,12 @@ class Le {
2396
2396
  })
2397
2397
  );
2398
2398
  } catch (n) {
2399
- const t = l.asCrossauthError(n);
2399
+ const i = l.asCrossauthError(n);
2400
2400
  return d.logger.error(c({
2401
2401
  msg: "Failed deleting OAuth client",
2402
- user: (i = e.user) == null ? void 0 : i.username,
2403
- errorCodeName: t.codeName,
2404
- errorCode: t.code
2402
+ user: (t = e.user) == null ? void 0 : t.username,
2403
+ errorCodeName: i.codeName,
2404
+ errorCode: i.code
2405
2405
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
2406
2406
  const p = l.asCrossauthError(n).httpStatus;
2407
2407
  return a.status(p).view(this.deleteClientPage, {
@@ -2427,7 +2427,7 @@ class Le {
2427
2427
  this.sessionServer.app.post(
2428
2428
  this.adminPrefix + "api/createclient",
2429
2429
  async (e, o) => {
2430
- var r, i;
2430
+ var r, t;
2431
2431
  d.logger.info(c({
2432
2432
  msg: "API visit",
2433
2433
  method: "POST",
@@ -2444,19 +2444,19 @@ class Le {
2444
2444
  return await this.createClient(
2445
2445
  e,
2446
2446
  o,
2447
- (n, t) => n.header(...B).send({
2447
+ (n, i) => n.header(...B).send({
2448
2448
  ok: !0,
2449
- client: t
2449
+ client: i
2450
2450
  }),
2451
2451
  s
2452
2452
  );
2453
2453
  } catch (n) {
2454
- const t = l.asCrossauthError(n);
2454
+ const i = l.asCrossauthError(n);
2455
2455
  d.logger.error(c({
2456
2456
  msg: "Create client failure",
2457
- user: (i = e.user) == null ? void 0 : i.username,
2458
- errorCodeName: t.codeName,
2459
- errorCode: t.code
2457
+ user: (t = e.user) == null ? void 0 : t.username,
2458
+ errorCodeName: i.codeName,
2459
+ errorCode: i.code
2460
2460
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
2461
2461
  a.status(this.sessionServer.errorStatus(n)).header(...B).send({
2462
2462
  ok: !1,
@@ -2492,22 +2492,22 @@ class Le {
2492
2492
  return await this.updateClient(
2493
2493
  e,
2494
2494
  o,
2495
- (i, n, t) => i.header(...B).send({
2495
+ (t, n, i) => t.header(...B).send({
2496
2496
  ok: !0,
2497
2497
  client: n,
2498
2498
  csrfToken: e.csrfToken,
2499
- newSecret: t
2499
+ newSecret: i
2500
2500
  })
2501
2501
  );
2502
- } catch (i) {
2503
- const n = l.asCrossauthError(i);
2502
+ } catch (t) {
2503
+ const n = l.asCrossauthError(t);
2504
2504
  return d.logger.error(c({
2505
2505
  msg: "Failed updating OAuth client",
2506
2506
  user: (r = e.user) == null ? void 0 : r.username,
2507
2507
  errorCodeName: n.codeName,
2508
2508
  errorCode: n.code
2509
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
2510
- t.status(this.sessionServer.errorStatus(i)).header(...B).send({
2509
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
2510
+ i.status(this.sessionServer.errorStatus(t)).header(...B).send({
2511
2511
  ok: !1,
2512
2512
  errorMessage: a.message,
2513
2513
  errorMessages: a.messages,
@@ -2538,20 +2538,20 @@ class Le {
2538
2538
  return await this.deleteClient(
2539
2539
  e,
2540
2540
  o,
2541
- (i) => i.header(...B).send({
2541
+ (t) => t.header(...B).send({
2542
2542
  ok: !0,
2543
2543
  client_id: e.params.client_id
2544
2544
  })
2545
2545
  );
2546
- } catch (i) {
2547
- const n = l.asCrossauthError(i);
2546
+ } catch (t) {
2547
+ const n = l.asCrossauthError(t);
2548
2548
  d.logger.error(c({
2549
2549
  msg: "Delete client failure",
2550
2550
  user: (r = e.user) == null ? void 0 : r.username,
2551
2551
  errorCodeName: n.codeName,
2552
2552
  errorCode: n.code
2553
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
2554
- t.status(this.sessionServer.errorStatus(i)).header(...B).send({
2553
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
2554
+ i.status(this.sessionServer.errorStatus(t)).header(...B).send({
2555
2555
  ok: !1,
2556
2556
  errorMessage: a.message,
2557
2557
  errorMessages: a.messages,
@@ -2566,11 +2566,11 @@ class Le {
2566
2566
  // Internal functions
2567
2567
  async accessDeniedPage(e, o) {
2568
2568
  const s = new l(g.InsufficientPriviledges);
2569
- return this.sessionServer.handleError(s, e, o, (r, i) => r.status(s.httpStatus).view(this.sessionServer.errorPage, {
2570
- errorMessage: i.message,
2571
- errorMessages: i.messages,
2572
- errorCode: i.code,
2573
- errorCodeName: g[i.code]
2569
+ return this.sessionServer.handleError(s, e, o, (r, t) => r.status(s.httpStatus).view(this.sessionServer.errorPage, {
2570
+ errorMessage: t.message,
2571
+ errorMessages: t.messages,
2572
+ errorCode: t.code,
2573
+ errorCodeName: g[t.code]
2574
2574
  }));
2575
2575
  }
2576
2576
  async createClient(e, o, s, r) {
@@ -2578,9 +2578,9 @@ class Le {
2578
2578
  throw new l(g.InvalidCsrf);
2579
2579
  if (!e.user || !y.isAdmin(e.user))
2580
2580
  throw new l(g.InsufficientPriviledges);
2581
- const i = e.body.confidential == "true", n = e.body.client_name, t = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
2581
+ const t = e.body.confidential == "true", n = e.body.client_name, i = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
2582
2582
  let a = [];
2583
- for (let p of t)
2583
+ for (let p of i)
2584
2584
  try {
2585
2585
  L.validateUri(p);
2586
2586
  } catch (v) {
@@ -2596,9 +2596,9 @@ class Le {
2596
2596
  p in e.body && h.push(p);
2597
2597
  const f = await this.clientManager.createClient(
2598
2598
  n,
2599
- t,
2600
- h,
2601
2599
  i,
2600
+ h,
2601
+ t,
2602
2602
  r == null ? void 0 : r.id
2603
2603
  );
2604
2604
  return s(o, f);
@@ -2609,26 +2609,26 @@ class Le {
2609
2609
  if (!e.user || !y.isAdmin(e.user))
2610
2610
  throw new l(g.InsufficientPriviledges);
2611
2611
  const r = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
2612
- let i = [];
2612
+ let t = [];
2613
2613
  for (let p of r)
2614
2614
  try {
2615
2615
  L.validateUri(p);
2616
2616
  } catch (v) {
2617
- d.logger.error(c({ err: v })), i.push("[" + p + "]");
2617
+ d.logger.error(c({ err: v })), t.push("[" + p + "]");
2618
2618
  }
2619
- if (i.length > 0)
2619
+ if (t.length > 0)
2620
2620
  throw new l(
2621
2621
  g.BadRequest,
2622
- "The following redirect URIs are invalid: " + i.join(" ")
2622
+ "The following redirect URIs are invalid: " + t.join(" ")
2623
2623
  );
2624
2624
  let n = [];
2625
2625
  for (let p of this.validFlows)
2626
2626
  p in e.body && n.push(p);
2627
- const t = {};
2628
- t.client_name = e.body.client_name, t.confidential = e.body.confidential == "true", t.valid_flow = n, t.redirect_uri = r, t.userid = e.body.userid, t.userid == null && (t.userid = null);
2627
+ const i = {};
2628
+ i.client_name = e.body.client_name, i.confidential = e.body.confidential == "true", i.valid_flow = n, i.redirect_uri = r, i.userid = e.body.userid, i.userid == null && (i.userid = null);
2629
2629
  const a = e.body.resetSecret == "true", { client: h, newSecret: f } = await this.clientManager.updateClient(
2630
2630
  e.params.client_id,
2631
- t,
2631
+ i,
2632
2632
  a
2633
2633
  );
2634
2634
  return s(o, h, f);
@@ -2683,29 +2683,29 @@ class Ge {
2683
2683
  })), !(e != null && e.user))
2684
2684
  return o.redirect(this.sessionServer.loginUrl + "?next=" + this.prefix + "selectclient");
2685
2685
  try {
2686
- let s = [], r = Number(e.query.skip), i = Number(e.query.take);
2687
- r || (r = 0), i || (i = 10), e.query.search ? s = await this.clientSearchFn(
2686
+ let s = [], r = Number(e.query.skip), t = Number(e.query.take);
2687
+ r || (r = 0), t || (t = 10), e.query.search ? s = await this.clientSearchFn(
2688
2688
  e.query.search,
2689
2689
  this.clientStorage,
2690
2690
  e.user.id
2691
2691
  ) : s = await this.clientStorage.getClients(
2692
2692
  r,
2693
- i,
2693
+ t,
2694
2694
  e.user.id
2695
2695
  );
2696
2696
  const n = e.query.next ?? encodeURIComponent(e.url);
2697
- let t = {
2697
+ let i = {
2698
2698
  urlPrefix: this.prefix,
2699
2699
  user: e.user,
2700
2700
  skip: r,
2701
- take: i,
2701
+ take: t,
2702
2702
  clients: s,
2703
2703
  havePrevious: r > 0,
2704
- haveNext: i != null && s.length == i,
2704
+ haveNext: t != null && s.length == t,
2705
2705
  isAdmin: !1,
2706
2706
  next: n
2707
2707
  };
2708
- return e.query.next && (t.next = e.query.next), o.view(this.selectClientPage, t);
2708
+ return e.query.next && (i.next = e.query.next), o.view(this.selectClientPage, i);
2709
2709
  } catch (s) {
2710
2710
  const r = l.asCrossauthError(s);
2711
2711
  return d.logger.error(c({ err: s })), y.sendPageError(
@@ -2748,7 +2748,7 @@ class Ge {
2748
2748
  ), this.sessionServer.app.post(
2749
2749
  this.prefix + "createclient",
2750
2750
  async (e, o) => {
2751
- var r, i;
2751
+ var r, t;
2752
2752
  if (d.logger.info(c({
2753
2753
  msg: "Page visit",
2754
2754
  method: "POST",
@@ -2762,9 +2762,9 @@ class Ge {
2762
2762
  return await this.createClient(
2763
2763
  e,
2764
2764
  o,
2765
- (n, t) => n.view(this.createClientPage, {
2765
+ (n, i) => n.view(this.createClientPage, {
2766
2766
  message: "Created client",
2767
- client: t,
2767
+ client: i,
2768
2768
  csrfToken: e.csrfToken,
2769
2769
  urlPrefix: this.prefix,
2770
2770
  validFlows: this.validFlows,
@@ -2777,12 +2777,12 @@ class Ge {
2777
2777
  e.user
2778
2778
  );
2779
2779
  } catch (n) {
2780
- const t = l.asCrossauthError(n);
2780
+ const i = l.asCrossauthError(n);
2781
2781
  return d.logger.error(c({
2782
2782
  msg: "Failed creating OAuth client",
2783
- user: (i = e.user) == null ? void 0 : i.username,
2784
- errorCodeName: t.codeName,
2785
- errorCode: t.code
2783
+ user: (t = e.user) == null ? void 0 : t.username,
2784
+ errorCodeName: i.codeName,
2785
+ errorCode: i.code
2786
2786
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
2787
2787
  const p = l.asCrossauthError(n).httpStatus;
2788
2788
  return a.status(p).view(this.createClientPage, {
@@ -2823,21 +2823,21 @@ class Ge {
2823
2823
  return await this.createClient(
2824
2824
  e,
2825
2825
  o,
2826
- (i, n) => i.header(...D).send({
2826
+ (t, n) => t.header(...D).send({
2827
2827
  ok: !0,
2828
2828
  client: n
2829
2829
  }),
2830
2830
  e.user
2831
2831
  );
2832
- } catch (i) {
2833
- const n = l.asCrossauthError(i);
2832
+ } catch (t) {
2833
+ const n = l.asCrossauthError(t);
2834
2834
  d.logger.error(c({
2835
2835
  msg: "Create client failure",
2836
2836
  user: (r = e.user) == null ? void 0 : r.username,
2837
2837
  errorCodeName: n.codeName,
2838
2838
  errorCode: n.code
2839
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
2840
- t.status(this.sessionServer.errorStatus(i)).header(...D).send({
2839
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
2840
+ i.status(this.sessionServer.errorStatus(t)).header(...D).send({
2841
2841
  ok: !1,
2842
2842
  errorMessage: a.message,
2843
2843
  errorMessages: a.messages,
@@ -2877,9 +2877,9 @@ class Ge {
2877
2877
  }
2878
2878
  let r = e.query.next;
2879
2879
  r || (e.query.userid ? r = this.prefix + "selectuser" : r = this.prefix + "selectclient");
2880
- let i;
2880
+ let t;
2881
2881
  try {
2882
- e.query.userid && (i = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user);
2882
+ e.query.userid && (t = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user);
2883
2883
  } catch (a) {
2884
2884
  const h = l.asCrossauthError(a);
2885
2885
  return d.logger.debug(c({ err: a })), o.status(h.httpStatus).view(this.sessionServer.errorPage, {
@@ -2892,13 +2892,13 @@ class Ge {
2892
2892
  let n = {};
2893
2893
  for (let a of this.validFlows)
2894
2894
  s.valid_flow.includes(a) && (n[a] = !0);
2895
- let t = {
2895
+ let i = {
2896
2896
  urlPrefix: this.prefix,
2897
2897
  csrfToken: e.csrfToken,
2898
2898
  validFlows: this.validFlows,
2899
2899
  flowNames: E.flowNames(this.validFlows),
2900
2900
  selectedFlows: n,
2901
- user: i,
2901
+ user: t,
2902
2902
  client_id: s.client_id,
2903
2903
  client_name: s.client_name,
2904
2904
  confidential: s.confidential,
@@ -2906,19 +2906,19 @@ class Ge {
2906
2906
  isAdmin: !0,
2907
2907
  next: r
2908
2908
  };
2909
- return o.view(this.updateClientPage, t);
2909
+ return o.view(this.updateClientPage, i);
2910
2910
  }
2911
2911
  ), this.sessionServer.app.post(
2912
2912
  this.prefix + "updateclient/:client_id",
2913
2913
  async (e, o) => {
2914
- var i, n;
2914
+ var t, n;
2915
2915
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call updateclient unless a user storage is provided ");
2916
2916
  d.logger.info(c({
2917
2917
  msg: "Page visit",
2918
2918
  method: "POST",
2919
2919
  url: this.prefix + "updateclient",
2920
2920
  ip: e.ip,
2921
- user: (i = e.user) == null ? void 0 : i.username
2921
+ user: (t = e.user) == null ? void 0 : t.username
2922
2922
  }));
2923
2923
  let s = e.body.next;
2924
2924
  s || (s = this.prefix + "selectuser");
@@ -2928,7 +2928,7 @@ class Ge {
2928
2928
  return e.body.userid && (r = (await this.sessionServer.userStorage.getUserById(e.body.userid)).user), await this.updateClient(
2929
2929
  e,
2930
2930
  o,
2931
- (t, a, h) => t.view(this.updateClientPage, {
2931
+ (i, a, h) => i.view(this.updateClientPage, {
2932
2932
  message: "Updated client",
2933
2933
  client: a,
2934
2934
  csrfToken: e.csrfToken,
@@ -2942,15 +2942,15 @@ class Ge {
2942
2942
  ...e.body
2943
2943
  })
2944
2944
  );
2945
- } catch (t) {
2946
- const a = l.asCrossauthError(t);
2945
+ } catch (i) {
2946
+ const a = l.asCrossauthError(i);
2947
2947
  return d.logger.error(c({
2948
2948
  msg: "Failed updating OAuth client",
2949
2949
  user: (n = e.user) == null ? void 0 : n.username,
2950
2950
  errorCodeName: a.codeName,
2951
2951
  errorCode: a.code
2952
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (h, f) => {
2953
- const v = l.asCrossauthError(t).httpStatus;
2952
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (h, f) => {
2953
+ const v = l.asCrossauthError(i).httpStatus;
2954
2954
  let m = {};
2955
2955
  for (let w of this.validFlows)
2956
2956
  w in e.body && (m[w] = !0);
@@ -2993,22 +2993,22 @@ class Ge {
2993
2993
  return e.body.userid && await this.sessionServer.userStorage.getUserById(e.body.userid), await this.updateClient(
2994
2994
  e,
2995
2995
  o,
2996
- (i, n, t) => i.header(...D).send({
2996
+ (t, n, i) => t.header(...D).send({
2997
2997
  ok: !0,
2998
2998
  client: n,
2999
2999
  csrfToken: e.csrfToken,
3000
- newSecret: t
3000
+ newSecret: i
3001
3001
  })
3002
3002
  );
3003
- } catch (i) {
3004
- const n = l.asCrossauthError(i);
3003
+ } catch (t) {
3004
+ const n = l.asCrossauthError(t);
3005
3005
  return d.logger.error(c({
3006
3006
  msg: "Failed updating OAuth client",
3007
3007
  user: (r = e.user) == null ? void 0 : r.username,
3008
3008
  errorCodeName: n.codeName,
3009
3009
  errorCode: n.code
3010
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
3011
- t.status(this.sessionServer.errorStatus(i)).header(...D).send({
3010
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
3011
+ i.status(this.sessionServer.errorStatus(t)).header(...D).send({
3012
3012
  ok: !1,
3013
3013
  errorMessage: a.message,
3014
3014
  errorMessages: a.messages,
@@ -3043,28 +3043,28 @@ class Ge {
3043
3043
  "You may not delete this client"
3044
3044
  );
3045
3045
  } catch (n) {
3046
- const t = l.asCrossauthError(n);
3047
- return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
3048
- errorMessage: t.message,
3049
- errorMessages: t.messages,
3050
- errorCode: t.code,
3051
- errorCodeName: g[t.code]
3046
+ const i = l.asCrossauthError(n);
3047
+ return d.logger.debug(c({ err: n })), o.status(i.httpStatus).view(this.sessionServer.errorPage, {
3048
+ errorMessage: i.message,
3049
+ errorMessages: i.messages,
3050
+ errorCode: i.code,
3051
+ errorCodeName: g[i.code]
3052
3052
  });
3053
3053
  }
3054
3054
  const r = e.query.next ?? "/";
3055
- let i = {
3055
+ let t = {
3056
3056
  urlPrefix: this.prefix,
3057
3057
  csrfToken: e.csrfToken,
3058
3058
  backUrl: this.prefix + "selectclient",
3059
3059
  client: s,
3060
3060
  next: r
3061
3061
  };
3062
- return o.view(this.deleteClientPage, i);
3062
+ return o.view(this.deleteClientPage, t);
3063
3063
  }
3064
3064
  ), this.sessionServer.app.post(
3065
3065
  this.prefix + "deleteclient/:client_id",
3066
3066
  async (e, o) => {
3067
- var r, i;
3067
+ var r, t;
3068
3068
  if (d.logger.info(c({
3069
3069
  msg: "Page visit",
3070
3070
  method: "POST",
@@ -3088,12 +3088,12 @@ class Ge {
3088
3088
  e.user
3089
3089
  );
3090
3090
  } catch (n) {
3091
- const t = l.asCrossauthError(n);
3091
+ const i = l.asCrossauthError(n);
3092
3092
  return d.logger.error(c({
3093
3093
  msg: "Failed deleting OAuth client",
3094
- user: (i = e.user) == null ? void 0 : i.username,
3095
- errorCodeName: t.codeName,
3096
- errorCode: t.code
3094
+ user: (t = e.user) == null ? void 0 : t.username,
3095
+ errorCodeName: i.codeName,
3096
+ errorCode: i.code
3097
3097
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
3098
3098
  const p = l.asCrossauthError(n).httpStatus;
3099
3099
  return a.status(p).view(this.deleteClientPage, {
@@ -3132,21 +3132,21 @@ class Ge {
3132
3132
  return await this.deleteClient(
3133
3133
  e,
3134
3134
  o,
3135
- (i) => i.header(...D).send({
3135
+ (t) => t.header(...D).send({
3136
3136
  ok: !0,
3137
3137
  client_id: e.params.client_id
3138
3138
  }),
3139
3139
  e.user
3140
3140
  );
3141
- } catch (i) {
3142
- const n = l.asCrossauthError(i);
3141
+ } catch (t) {
3142
+ const n = l.asCrossauthError(t);
3143
3143
  d.logger.error(c({
3144
3144
  msg: "Delete client failure",
3145
3145
  user: (r = e.user) == null ? void 0 : r.username,
3146
3146
  errorCodeName: n.codeName,
3147
3147
  errorCode: n.code
3148
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
3149
- t.status(this.sessionServer.errorStatus(i)).header(...D).send({
3148
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
3149
+ i.status(this.sessionServer.errorStatus(t)).header(...D).send({
3150
3150
  ok: !1,
3151
3151
  errorMessage: a.message,
3152
3152
  errorMessages: a.messages,
@@ -3164,9 +3164,9 @@ class Ge {
3164
3164
  throw new l(g.InvalidCsrf);
3165
3165
  if (!e.user)
3166
3166
  throw new l(g.InsufficientPriviledges);
3167
- const i = e.body.confidential == "true", n = e.body.client_name, t = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
3167
+ const t = e.body.confidential == "true", n = e.body.client_name, i = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
3168
3168
  let a = [];
3169
- for (let p of t)
3169
+ for (let p of i)
3170
3170
  try {
3171
3171
  L.validateUri(p);
3172
3172
  } catch (v) {
@@ -3181,9 +3181,9 @@ class Ge {
3181
3181
  e.body[E.AuthorizationCode] && h.push(E.AuthorizationCode), e.body[E.AuthorizationCodeWithPKCE] && h.push(E.AuthorizationCodeWithPKCE), e.body[E.ClientCredentials] && h.push(E.ClientCredentials), e.body[E.RefreshToken] && h.push(E.RefreshToken), e.body[E.DeviceCode] && h.push(E.DeviceCode), e.body[E.Password] && h.push(E.Password), e.body[E.PasswordMfa] && h.push(E.PasswordMfa), e.body[E.OidcAuthorizationCode] && h.push(E.OidcAuthorizationCode);
3182
3182
  const f = await this.clientManager.createClient(
3183
3183
  n,
3184
- t,
3185
- h,
3186
3184
  i,
3185
+ h,
3186
+ t,
3187
3187
  r == null ? void 0 : r.id
3188
3188
  );
3189
3189
  return s(o, f);
@@ -3194,26 +3194,26 @@ class Ge {
3194
3194
  if (!e.user)
3195
3195
  throw new l(g.InsufficientPriviledges);
3196
3196
  const r = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
3197
- let i = [];
3197
+ let t = [];
3198
3198
  for (let p of r)
3199
3199
  try {
3200
3200
  L.validateUri(p);
3201
3201
  } catch (v) {
3202
- d.logger.error(c({ err: v })), i.push("[" + p + "]");
3202
+ d.logger.error(c({ err: v })), t.push("[" + p + "]");
3203
3203
  }
3204
- if (i.length > 0)
3204
+ if (t.length > 0)
3205
3205
  throw new l(
3206
3206
  g.BadRequest,
3207
- "The following redirect URIs are invalid: " + i.join(" ")
3207
+ "The following redirect URIs are invalid: " + t.join(" ")
3208
3208
  );
3209
3209
  let n = [];
3210
3210
  for (let p of this.validFlows)
3211
3211
  p in e.body && n.push(p);
3212
- const t = {};
3213
- t.client_name = e.body.client_name, t.confidential = e.body.confidential == "true", t.valid_flow = n, t.redirect_uri = r, t.userid = e.user.id;
3212
+ const i = {};
3213
+ i.client_name = e.body.client_name, i.confidential = e.body.confidential == "true", i.valid_flow = n, i.redirect_uri = r, i.userid = e.user.id;
3214
3214
  const a = e.body.resetSecret == "true", { client: h, newSecret: f } = await this.clientManager.updateClient(
3215
3215
  e.params.client_id,
3216
- t,
3216
+ i,
3217
3217
  a
3218
3218
  );
3219
3219
  return s(o, h, f);
@@ -3231,7 +3231,7 @@ class Ge {
3231
3231
  return await this.clientStorage.deleteClient(e.params.client_id), s(o);
3232
3232
  }
3233
3233
  }
3234
- const A = ["Content-Type", "application/json; charset=utf-8"], se = [
3234
+ const F = ["Content-Type", "application/json; charset=utf-8"], se = [
3235
3235
  "login",
3236
3236
  "logout",
3237
3237
  "changepassword",
@@ -3338,26 +3338,26 @@ function je(S) {
3338
3338
  return S.username == null ? e.push("Username must be given") : S.username.length < 2 ? e.push("Username must be at least 2 characters") : S.username.length > 254 && e.push("Username must be no longer than 254 characters"), e;
3339
3339
  }
3340
3340
  function We(S, e, o, s) {
3341
- let i = {
3341
+ let t = {
3342
3342
  username: S.body.username,
3343
3343
  state: "active"
3344
3344
  };
3345
3345
  const n = S.user && y.isAdmin(S.user);
3346
- for (let t in S.body) {
3347
- let a = t.replace(/^user_/, "");
3348
- t.startsWith("user_") && (n || e.includes(a)) && (i[a] = S.body[t]);
3346
+ for (let i in S.body) {
3347
+ let a = i.replace(/^user_/, "");
3348
+ i.startsWith("user_") && (n || e.includes(a)) && (t[a] = S.body[i]);
3349
3349
  }
3350
- return i.factor1 = "localpassword", S.body.factor1 && o.includes("" + S.body.factor1) && (i.factor1 = S.body.factor1), S.body.factor2 && s.includes("" + S.body.factor2) && (i.factor2 = S.body.factor2), i;
3350
+ return t.factor1 = "localpassword", S.body.factor1 && o.includes("" + S.body.factor1) && (t.factor1 = S.body.factor1), S.body.factor2 && s.includes("" + S.body.factor2) && (t.factor2 = S.body.factor2), t;
3351
3351
  }
3352
- function Je(S, e, o) {
3352
+ function Ke(S, e, o) {
3353
3353
  const s = e.user && y.isAdmin(e.user);
3354
3354
  for (let r in e.body) {
3355
- let i = r.replace(/^user_/, "");
3356
- r.startsWith("user_") && (s || o.includes(i)) && (S[i] = e.body[r]);
3355
+ let t = r.replace(/^user_/, "");
3356
+ r.startsWith("user_") && (s || o.includes(t)) && (S[t] = e.body[r]);
3357
3357
  }
3358
3358
  return S;
3359
3359
  }
3360
- class Ke {
3360
+ class Je {
3361
3361
  /**
3362
3362
  * Constructor
3363
3363
  *
@@ -3419,7 +3419,7 @@ class Ke {
3419
3419
  * construction or the default value.
3420
3420
  * See {@link FastifySessionServerOptions}.
3421
3421
  */
3422
- u(this, "updateUserFn", Je);
3422
+ u(this, "updateUserFn", Ke);
3423
3423
  /**
3424
3424
  * User storage taken from constructor args.
3425
3425
  * See {@link FastifySessionServer.constructor}.
@@ -3473,102 +3473,115 @@ class Ke {
3473
3473
  u(this, "userAllowedFactor1", ["localpassword"]);
3474
3474
  u(this, "adminAllowedFactor1", ["localpassword"]);
3475
3475
  this.app = e, this.userEndpoints = new De(this, r), this.adminEndpoints = new He(this, r), C("prefix", k.String, this, r, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), this.prefix.startsWith("/") || "" + this.prefix, this.loginUrl = this.prefix + "login", C("signupPage", k.String, this, r, "SIGNUP_PAGE"), C("loginPage", k.String, this, r, "LOGIN_PAGE"), C("factor2Page", k.String, this, r, "FACTOR2_PAGE"), C("configureFactor2Page", k.String, this, r, "SIGNUP_FACTOR2_PAGE"), C("errorPage", k.String, this, r, "ERROR_PAGE"), C("allowedFactor2", k.JsonArray, this, r, "ALLOWED_FACTOR2"), C("enableEmailVerification", k.Boolean, this, r, "ENABLE_EMAIL_VERIFICATION"), C("enablePasswordReset", k.Boolean, this, r, "ENABLE_PASSWORD_RESET"), C("factor2ProtectedPageEndpoints", k.JsonArray, this, r, "FACTOR2_PROTECTED_PAGE_ENDPOINTS"), C("factor2ProtectedApiEndpoints", k.JsonArray, this, r, "FACTOR2_PROTECTED_API_ENDPOINTS"), C("enableAdminEndpoints", k.Boolean, this, r, "ENABLE_ADMIN_ENDPOINTS"), C("enableOAuthClientManagement", k.Boolean, this, r, "ENABLE_OAUTH_CLIENT_MANAGEMENT"), C("editUserScope", k.String, this, r, "EDIT_USER_SCOPE"), C("userAllowedFactor1", k.JsonArray, this, r, "USER_ALLOWED_FACTOR1"), C("adminAllowedFactor1", k.JsonArray, this, r, "ADMIN_ALLOWED_FACTOR1"), C("loginRedirect", k.JsonArray, this, r, "LOGIN_REDIRECT"), C("logoutRedirect", k.JsonArray, this, r, "LOGOUT_REDIRECT"), r.validateUserFn && (this.validateUserFn = r.validateUserFn), r.createUserFn && (this.createUserFn = r.createUserFn), r.updateUserFn && (this.updateUserFn = r.updateUserFn), r.addToSession && (this.addToSession = r.addToSession), r.validateSession && (this.validateSession = r.validateSession), this.endpoints = [...he, ...le], this.endpoints = [...this.endpoints, ...se, ...ie], this.enableAdminEndpoints && (this.endpoints = [...this.endpoints, ...re, ...te]), this.enableOAuthClientManagement && (this.endpoints = [...this.endpoints, ...Z, ...ee, ...Q, ...q]), this.enableEmailVerification && (this.endpoints = [...this.endpoints, ...ae, ...ne]), this.enablePasswordReset && (this.endpoints = [...this.endpoints, ...de, ...ce]), r.endpoints && (C("endpoints", k.JsonArray, this, r, "SESSION_ENDPOINTS"), this.endpoints.length == 1 && this.endpoints[0] == "all" && (this.endpoints = Ve), this.endpoints.length == 1 && this.endpoints[0] == "allMinusOAuth" && (this.endpoints = Be)), this.allowedFactor2.length > 0 && (this.endpoints = [...this.endpoints, ...ge, ...oe]);
3476
- let i = !1;
3477
- for (let t of this.endpoints)
3478
- if (q.includes(t) || Q.includes(t)) {
3479
- i = !0;
3476
+ let t = !1;
3477
+ for (let i of this.endpoints)
3478
+ if (q.includes(i) || Q.includes(i)) {
3479
+ t = !0;
3480
3480
  break;
3481
3481
  }
3482
- i && (this.adminClientEndpoints = new Le(this, r));
3482
+ t && (this.adminClientEndpoints = new Le(this, r));
3483
3483
  let n = !1;
3484
- for (let t of this.endpoints)
3485
- if (ee.includes(t) || Z.includes(t)) {
3484
+ for (let i of this.endpoints)
3485
+ if (ee.includes(i) || Z.includes(i)) {
3486
3486
  n = !0;
3487
3487
  break;
3488
3488
  }
3489
- n && (this.userClientEndpoints = new Ge(this, r)), this.addEndpoints(), C("endpoints", k.JsonArray, this, r, "ENDPOINTS"), r.userStorage && (this.userStorage = r.userStorage), this.authenticators = s, this.sessionManager = new Ae(o, s, r), e.addHook("preHandler", async (t, a) => {
3489
+ n && (this.userClientEndpoints = new Ge(this, r)), this.addEndpoints(), C("endpoints", k.JsonArray, this, r, "ENDPOINTS"), r.userStorage && (this.userStorage = r.userStorage), this.authenticators = s, this.sessionManager = new Ae(o, s, r), e.addHook("preHandler", async (i, a) => {
3490
3490
  var v, m;
3491
3491
  d.logger.debug(c({ message: "Getting session cookie" }));
3492
- let h = this.getSessionCookieValue(t), f = {};
3492
+ let h = this.getSessionCookieValue(i), f = {};
3493
3493
  if (h)
3494
3494
  try {
3495
- f.hashedSessionId = F.hash(this.sessionManager.getSessionId(h));
3495
+ f.hashedSessionId = N.hash(this.sessionManager.getSessionId(h));
3496
3496
  } catch {
3497
- f.hashedSessionCookie = F.hash(h);
3497
+ f.hashedSessionCookie = N.hash(h);
3498
3498
  }
3499
3499
  d.logger.debug(c({ message: "Getting csrf cookie" }));
3500
3500
  let p;
3501
3501
  try {
3502
- p = this.getCsrfCookieValue(t), p && this.sessionManager.validateCsrfCookie(p);
3502
+ p = this.getCsrfCookieValue(i), p && this.sessionManager.validateCsrfCookie(p);
3503
3503
  } catch (w) {
3504
- d.logger.warn(c({ message: "Invalid csrf cookie received", cerr: w, hashedCsrfCookie: this.getHashOfCsrfCookie(t) })), a.clearCookie(this.sessionManager.csrfCookieName), p = void 0;
3504
+ d.logger.warn(c({ message: "Invalid csrf cookie received", cerr: w, hashedCsrfCookie: this.getHashOfCsrfCookie(i) })), a.clearCookie(this.sessionManager.csrfCookieName), p = void 0;
3505
3505
  }
3506
- if (["GET", "OPTIONS", "HEAD"].includes(t.method))
3506
+ if (["GET", "OPTIONS", "HEAD"].includes(i.method))
3507
3507
  try {
3508
3508
  if (p) {
3509
3509
  d.logger.debug(c({ message: "Valid CSRF cookie - creating token" }));
3510
3510
  const w = await this.sessionManager.createCsrfFormOrHeaderValue(p);
3511
- t.csrfToken = w;
3511
+ i.csrfToken = w;
3512
3512
  } else {
3513
3513
  d.logger.debug(c({ message: "Invalid CSRF cookie - recreating" }));
3514
3514
  const { csrfCookie: w, csrfFormOrHeaderValue: P } = await this.sessionManager.createCsrfToken();
3515
- a.setCookie(w.name, w.value, w.options), t.csrfToken = P;
3515
+ a.setCookie(w.name, w.value, w.options), i.csrfToken = P;
3516
3516
  }
3517
- a.header(this.sessionManager.csrfHeaderName, t.csrfToken);
3517
+ a.header(this.sessionManager.csrfHeaderName, i.csrfToken);
3518
3518
  } catch (w) {
3519
3519
  d.logger.error(c({
3520
3520
  message: "Couldn't create CSRF token",
3521
3521
  cerr: w,
3522
- user: (v = t.user) == null ? void 0 : v.username,
3522
+ user: (v = i.user) == null ? void 0 : v.username,
3523
3523
  ...f
3524
3524
  })), d.logger.debug(c({ err: w })), a.clearCookie(this.sessionManager.csrfCookieName);
3525
3525
  }
3526
3526
  else if (p)
3527
3527
  try {
3528
- this.csrfToken(t, a);
3528
+ this.csrfToken(i, a);
3529
3529
  } catch (w) {
3530
3530
  d.logger.error(c({
3531
3531
  message: "Couldn't create CSRF token",
3532
3532
  cerr: w,
3533
- user: (m = t.user) == null ? void 0 : m.username,
3533
+ user: (m = i.user) == null ? void 0 : m.username,
3534
3534
  ...f
3535
3535
  })), d.logger.debug(c({ err: w }));
3536
3536
  }
3537
- if (h = this.getSessionCookieValue(t), h)
3537
+ if (h = this.getSessionCookieValue(i), h) {
3538
3538
  try {
3539
- const w = this.sessionManager.getSessionId(h);
3540
- let { key: P, user: T } = await this.sessionManager.userForSessionId(w);
3539
+ const _ = this.sessionManager.getSessionId(h);
3540
+ let { key: b, user: U } = await this.sessionManager.userForSessionId(_);
3541
3541
  this.validateSession && this.validateSession(
3542
- P,
3543
- T,
3544
- t
3545
- ), t.sessionId = w, t.user = T, t.authType = "cookie", d.logger.debug(c({
3542
+ b,
3543
+ U,
3544
+ i
3545
+ ), i.sessionId = _, i.user = U, i.authType = "cookie", d.logger.debug(c({
3546
3546
  message: "Valid session id",
3547
- user: T == null ? void 0 : T.username
3547
+ user: U == null ? void 0 : U.username
3548
3548
  }));
3549
3549
  } catch {
3550
3550
  d.logger.warn(c({
3551
3551
  message: "Invalid session cookie received",
3552
- hashOfSessionId: this.getHashOfSessionId(t)
3552
+ hashOfSessionId: this.getHashOfSessionId(i)
3553
3553
  })), a.clearCookie(this.sessionManager.sessionCookieName);
3554
3554
  }
3555
+ let w = !1, P = {}, T;
3556
+ if (!this.sessionManager.enableKnownDevices)
3557
+ i.knownDevice = !1;
3558
+ else {
3559
+ d.logger.debug(c({ message: "Getting known device cookie" })), T = void 0;
3560
+ try {
3561
+ T = this.getKnownDeviceCookieValue(i), w = !0, T && (P = await this.sessionManager.getUsersForKnownDeviceKey(T) ?? {});
3562
+ } catch (_) {
3563
+ d.logger.warn(c({ message: "Invalid or expired known devive cookie received", cerr: _, knownDeviceCookieValue: T })), a.clearCookie(this.sessionManager.knownDeviceCookieName), p = void 0;
3564
+ }
3565
+ }
3566
+ w && i.user && i.user.userid in P && T && (Date.now() > P[i.user.userid].getTime() ? (d.logger.info(c({ msg: "Known device has expired for user", username: i.user.username })), await this.sessionManager.removeUserFromKnownDevice(T, i.user.userid)) : i.knownDevice = !0);
3567
+ }
3555
3568
  }), e.addHook(
3556
3569
  "preHandler",
3557
- async (t, a) => {
3570
+ async (i, a) => {
3558
3571
  var f, p, v;
3559
- const h = this.getSessionCookieValue(t);
3560
- if (h && ((f = t.user) != null && f.factor2) && (this.factor2ProtectedPageEndpoints.includes(t.url) || this.factor2ProtectedApiEndpoints.includes(t.url))) {
3572
+ const h = this.getSessionCookieValue(i);
3573
+ if (h && ((f = i.user) != null && f.factor2) && (this.factor2ProtectedPageEndpoints.includes(i.url) || this.factor2ProtectedApiEndpoints.includes(i.url)) && (!this.sessionManager.enableKnownDevices || !i.knownDevice)) {
3561
3574
  const m = this.sessionManager.getSessionId(h);
3562
- if (["GET", "OPTIONS", "HEAD"].includes(t.method)) {
3563
- const w = this.getSessionCookieValue(t);
3575
+ if (["GET", "OPTIONS", "HEAD"].includes(i.method)) {
3576
+ const w = this.getSessionCookieValue(i);
3564
3577
  if (w) {
3565
3578
  const P = this.sessionManager.getSessionId(w);
3566
3579
  if ("pre2fa" in await this.sessionManager.dataForSessionId(P)) {
3567
3580
  d.logger.debug("Cancelling 2FA");
3568
3581
  try {
3569
3582
  await this.sessionManager.cancelTwoFactorPageVisit(P);
3570
- } catch (N) {
3571
- d.logger.debug(c({ err: N })), d.logger.error(c({ message: "Failed cancelling 2FA", cerr: N, user: (v = t.user) == null ? void 0 : v.username, hashOfSessionId: this.getHashOfSessionId(t) }));
3583
+ } catch (_) {
3584
+ d.logger.debug(c({ err: _ })), d.logger.error(c({ message: "Failed cancelling 2FA", cerr: _, user: (v = i.user) == null ? void 0 : v.username, hashOfSessionId: this.getHashOfSessionId(i) }));
3572
3585
  }
3573
3586
  }
3574
3587
  }
@@ -3577,40 +3590,40 @@ class Ke {
3577
3590
  if ("pre2fa" in w) {
3578
3591
  d.logger.debug("Completing 2FA");
3579
3592
  const T = [...this.authenticators[w.pre2fa.factor2].transientSecretNames()];
3580
- let N = {};
3581
- for (let M in t.body)
3582
- T.includes(M) && (N[M] = t.body[M]);
3593
+ let _ = {};
3594
+ for (let U in i.body)
3595
+ T.includes(U) && (_[U] = i.body[U]);
3583
3596
  let b;
3584
3597
  try {
3585
- await this.sessionManager.completeTwoFactorPageVisit(N, m);
3586
- } catch (M) {
3587
- b = l.asCrossauthError(M), d.logger.debug(c({ err: M }));
3588
- const I = l.asCrossauthError(M);
3598
+ await this.sessionManager.completeTwoFactorPageVisit(_, m);
3599
+ } catch (U) {
3600
+ b = l.asCrossauthError(U), d.logger.debug(c({ err: U }));
3601
+ const M = l.asCrossauthError(U);
3589
3602
  d.logger.error(c({
3590
3603
  message: b.message,
3591
- cerr: M,
3592
- user: t.body.username,
3593
- errorCode: I.code,
3594
- errorCodeName: I.codeName
3604
+ cerr: U,
3605
+ user: i.body.username,
3606
+ errorCode: M.code,
3607
+ errorCodeName: M.codeName
3595
3608
  }));
3596
3609
  }
3597
- if (t.body = w.pre2fa.body, b)
3610
+ if (i.body = w.pre2fa.body, b)
3598
3611
  if (b.code == g.Expired) {
3599
3612
  d.logger.debug("Error - cancelling 2FA");
3600
3613
  try {
3601
3614
  await this.sessionManager.cancelTwoFactorPageVisit(m);
3602
- } catch (M) {
3603
- d.logger.error(c({ message: "Failed cancelling 2FA", cerr: M, user: (p = t.user) == null ? void 0 : p.username, hashOfSessionId: this.getHashOfSessionId(t) })), d.logger.debug(c({ err: M }));
3615
+ } catch (U) {
3616
+ d.logger.error(c({ message: "Failed cancelling 2FA", cerr: U, user: (p = i.user) == null ? void 0 : p.username, hashOfSessionId: this.getHashOfSessionId(i) })), d.logger.debug(c({ err: U }));
3604
3617
  }
3605
- t.body = {
3606
- ...t.body,
3618
+ i.body = {
3619
+ ...i.body,
3607
3620
  errorMessage: b.message,
3608
3621
  errorMessages: b.message,
3609
3622
  errorCode: "" + b.code,
3610
3623
  errorCodeName: g[b.code]
3611
3624
  };
3612
3625
  } else
3613
- return this.factor2ProtectedPageEndpoints.includes(t.url) ? a.redirect(this.prefix + "factor2?error=" + g[b.code]) : a.status(b.httpStatus).send(JSON.stringify({
3626
+ return this.factor2ProtectedPageEndpoints.includes(i.url) ? a.redirect(this.prefix + "factor2?error=" + g[b.code]) : a.status(b.httpStatus).send(JSON.stringify({
3614
3627
  ok: !1,
3615
3628
  errorMessage: b.message,
3616
3629
  errorMessages: b.messages,
@@ -3618,7 +3631,7 @@ class Ke {
3618
3631
  errorCodeName: g[b.code]
3619
3632
  }));
3620
3633
  } else
3621
- return this.validateCsrfToken(t), d.logger.debug("Starting 2FA"), await this.sessionManager.initiateTwoFactorPageVisit(t.user, m, t.body, t.url.replace(/\?.*$/, "")), this.factor2ProtectedPageEndpoints.includes(t.url) ? a.redirect(this.prefix + "factor2") : a.send(JSON.stringify({
3634
+ return this.validateCsrfToken(i), d.logger.debug("Starting 2FA"), await this.sessionManager.initiateTwoFactorPageVisit(i.user, m, i.body, i.url.replace(/\?.*$/, "")), this.factor2ProtectedPageEndpoints.includes(i.url) ? a.redirect(this.prefix + "factor2") : a.send(JSON.stringify({
3622
3635
  ok: !0,
3623
3636
  factor2Required: !0
3624
3637
  }));
@@ -3685,13 +3698,13 @@ class Ke {
3685
3698
  return await this.login(
3686
3699
  e,
3687
3700
  o,
3688
- (r, i) => {
3689
- if (i.state == O.passwordChangeNeeded) {
3701
+ (r, t) => {
3702
+ if (t.state == I.passwordChangeNeeded) {
3690
3703
  if (this.endpoints.includes("changepassword"))
3691
3704
  return d.logger.debug(c({ message: "Password change needed - sending redirect" })), r.redirect("/changepassword?required=true&next=" + encodeURIComponent("login?next=" + s));
3692
3705
  {
3693
3706
  const n = new l(g.PasswordChangeNeeded);
3694
- return this.handleError(n, e, r, (t, a) => t.view(this.loginPage, {
3707
+ return this.handleError(n, e, r, (i, a) => i.view(this.loginPage, {
3695
3708
  errorMessage: a.message,
3696
3709
  errorMessages: a.messages,
3697
3710
  errorCode: a.code,
@@ -3703,10 +3716,10 @@ class Ke {
3703
3716
  urlPrefix: this.prefix
3704
3717
  }));
3705
3718
  }
3706
- } else if (i.state == O.passwordResetNeeded || i.state == O.passwordAndFactor2ResetNeeded) {
3719
+ } else if (t.state == I.passwordResetNeeded || t.state == I.passwordAndFactor2ResetNeeded) {
3707
3720
  d.logger.debug(c({ message: "Password reset needed - sending error" }));
3708
3721
  const n = new l(g.PasswordResetNeeded);
3709
- return this.handleError(n, e, r, (t, a) => t.view(this.loginPage, {
3722
+ return this.handleError(n, e, r, (i, a) => i.view(this.loginPage, {
3710
3723
  errorMessage: a.message,
3711
3724
  errorMessages: a.messages,
3712
3725
  errorCode: a.code,
@@ -3717,15 +3730,15 @@ class Ke {
3717
3730
  csrfToken: e.csrfToken,
3718
3731
  urlPrefix: this.prefix
3719
3732
  }));
3720
- } else if (this.allowedFactor2.length > 0 && (i.state == O.factor2ResetNeeded || !this.allowedFactor2.includes(i.factor2 ? i.factor2 : "none"))) {
3733
+ } else if (this.allowedFactor2.length > 0 && (t.state == I.factor2ResetNeeded || !this.allowedFactor2.includes(t.factor2 ? t.factor2 : "none"))) {
3721
3734
  if (d.logger.debug(c({
3722
- message: `Factor2 reset needed. Factor2 is ${i.factor2}, state is ${i.state}, allowed factor2 is [${this.allowedFactor2.join(", ")}]`,
3723
- username: i.username
3735
+ message: `Factor2 reset needed. Factor2 is ${t.factor2}, state is ${t.state}, allowed factor2 is [${this.allowedFactor2.join(", ")}]`,
3736
+ username: t.username
3724
3737
  })), this.endpoints.includes("changefactor2"))
3725
3738
  return d.logger.debug(c({ message: "Factor 2 reset needed - sending redirect" })), r.redirect("/changefactor2?required=true&next=" + encodeURIComponent("login?next=" + s));
3726
3739
  {
3727
3740
  const n = new l(g.Factor2ResetNeeded);
3728
- return this.handleError(n, e, r, (t, a) => t.view(this.loginPage, {
3741
+ return this.handleError(n, e, r, (i, a) => i.view(this.loginPage, {
3729
3742
  errorMessage: a.message,
3730
3743
  errorMessages: a.messages,
3731
3744
  errorCode: a.code,
@@ -3738,7 +3751,7 @@ class Ke {
3738
3751
  }));
3739
3752
  }
3740
3753
  } else {
3741
- if (!i.factor2 || i.factor2.length == 0)
3754
+ if (!t.factor2 || t.factor2.length == 0)
3742
3755
  return d.logger.debug(c({ message: "Successful login - sending redirect" })), r.redirect(s);
3743
3756
  {
3744
3757
  let n = {
@@ -3746,7 +3759,7 @@ class Ke {
3746
3759
  next: e.body.next ?? this.loginRedirect,
3747
3760
  persist: e.body.persist ? "on" : "",
3748
3761
  urlPrefix: this.prefix,
3749
- factor2: i.factor2,
3762
+ factor2: t.factor2,
3750
3763
  action: "loginfactor2"
3751
3764
  };
3752
3765
  return r.view(this.factor2Page, n);
@@ -3755,7 +3768,7 @@ class Ke {
3755
3768
  }
3756
3769
  );
3757
3770
  } catch (r) {
3758
- return d.logger.debug(c({ err: r })), this.handleError(r, e, o, (i, n) => i.view(this.loginPage, {
3771
+ return d.logger.debug(c({ err: r })), this.handleError(r, e, o, (t, n) => t.view(this.loginPage, {
3759
3772
  errorMessage: n.message,
3760
3773
  errorMessages: n.messages,
3761
3774
  errorCode: n.code,
@@ -3780,33 +3793,33 @@ class Ke {
3780
3793
  return d.logger.debug(c({ message: "Next page " + s })), await this.loginFactor2(
3781
3794
  e,
3782
3795
  o,
3783
- (r, i) => (d.logger.debug(c({ message: "Successful login - sending redirect to" })), r.redirect(s))
3796
+ (r, t) => (d.logger.debug(c({ message: "Successful login - sending redirect to" })), r.redirect(s))
3784
3797
  );
3785
3798
  } catch (r) {
3786
3799
  d.logger.debug(c({ err: r }));
3787
- let i;
3800
+ let t;
3788
3801
  try {
3789
3802
  const n = e.sessionId ? await this.sessionManager.dataForSessionId(e.sessionId) : void 0;
3790
- i = n == null ? void 0 : n.factor2;
3803
+ t = n == null ? void 0 : n.factor2;
3791
3804
  } catch (n) {
3792
3805
  d.logger.error(c({ err: n }));
3793
3806
  }
3794
- return i && i in this.authenticators ? this.handleError(r, e, o, (n, t) => n.view(this.factor2Page, {
3795
- errorMessage: t.message,
3796
- errorMessages: t.messages,
3797
- errorCode: t.code,
3798
- errorCodeName: g[t.code],
3807
+ return t && t in this.authenticators ? this.handleError(r, e, o, (n, i) => n.view(this.factor2Page, {
3808
+ errorMessage: i.message,
3809
+ errorMessages: i.messages,
3810
+ errorCode: i.code,
3811
+ errorCodeName: g[i.code],
3799
3812
  next: e.body.next,
3800
3813
  persist: e.body.persist ? "on" : "",
3801
3814
  csrfToken: e.csrfToken,
3802
3815
  urlPrefix: this.prefix,
3803
- factor2: i,
3816
+ factor2: t,
3804
3817
  action: "loginfactor2"
3805
- })) : this.handleError(r, e, o, (n, t) => n.view(this.loginPage, {
3806
- errorMessage: t.message,
3807
- errorMessages: t.messages,
3808
- errorCode: t.code,
3809
- errorCodeName: g[t.code],
3818
+ })) : this.handleError(r, e, o, (n, i) => n.view(this.loginPage, {
3819
+ errorMessage: i.message,
3820
+ errorMessages: i.messages,
3821
+ errorCode: i.code,
3822
+ errorCodeName: g[i.code],
3810
3823
  next: e.body.next,
3811
3824
  persist: e.body.persist ? "on" : "",
3812
3825
  csrfToken: e.csrfToken,
@@ -3829,17 +3842,17 @@ class Ke {
3829
3842
  g.Unauthorized,
3830
3843
  "No session cookie present"
3831
3844
  );
3832
- const s = this.getSessionCookieValue(e), r = this.sessionManager.getSessionId(s ?? ""), i = await this.sessionManager.dataForSessionId(r);
3833
- if (!(i != null && i.pre2fa)) throw new l(
3845
+ const s = this.getSessionCookieValue(e), r = this.sessionManager.getSessionId(s ?? ""), t = await this.sessionManager.dataForSessionId(r);
3846
+ if (!(t != null && t.pre2fa)) throw new l(
3834
3847
  g.Unauthorized,
3835
3848
  "2FA not initiated"
3836
3849
  );
3837
3850
  let n = {
3838
3851
  urlPrefix: this.prefix,
3839
3852
  csrfToken: e.csrfToken,
3840
- action: i.pre2fa.url,
3853
+ action: t.pre2fa.url,
3841
3854
  errorCodeName: e.query.error,
3842
- factor2: i.pre2fa.factor2
3855
+ factor2: t.pre2fa.factor2
3843
3856
  };
3844
3857
  return o.view(this.factor2Page, n);
3845
3858
  }
@@ -3877,39 +3890,39 @@ class Ke {
3877
3890
  return d.logger.debug(c({ message: "Next page " + s })), await this.signup(
3878
3891
  e,
3879
3892
  o,
3880
- (r, i, n) => {
3893
+ (r, t, n) => {
3881
3894
  var a, h;
3882
- const t = (a = i == null ? void 0 : i.userData) != null && a.factor2 ? this.authenticators[i.userData.factor2] : void 0;
3883
- return (h = i.userData) != null && h.factor2 ? r.view(this.configureFactor2Page, {
3884
- csrfToken: i.csrfToken,
3885
- ...i.userData
3886
- }) : this.enableEmailVerification && (t == null || t.skipEmailVerificationOnSignup() != !0) ? r.view(this.signupPage, {
3895
+ const i = (a = t == null ? void 0 : t.userData) != null && a.factor2 ? this.authenticators[t.userData.factor2] : void 0;
3896
+ return (h = t.userData) != null && h.factor2 ? r.view(this.configureFactor2Page, {
3897
+ csrfToken: t.csrfToken,
3898
+ ...t.userData
3899
+ }) : this.enableEmailVerification && (i == null || i.skipEmailVerificationOnSignup() != !0) ? r.view(this.signupPage, {
3887
3900
  next: s,
3888
3901
  csrfToken: e.csrfToken,
3889
3902
  message: "Please check your email to finish signing up.",
3890
3903
  allowedFactor2: this.allowedFactor2Details(),
3891
3904
  urlPrefix: this.prefix,
3892
3905
  factor2: e.body.factor2,
3893
- ...i.userData
3906
+ ...t.userData
3894
3907
  }) : r.redirect(this.loginRedirect);
3895
3908
  }
3896
3909
  );
3897
3910
  } catch (r) {
3898
- const i = l.asCrossauthError(r);
3911
+ const t = l.asCrossauthError(r);
3899
3912
  return d.logger.error(c({
3900
3913
  message: "Signup failure",
3901
3914
  user: e.body.username,
3902
- errorCodeName: i.codeName,
3903
- errorCode: i.code
3904
- })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (n, t) => {
3915
+ errorCodeName: t.codeName,
3916
+ errorCode: t.code
3917
+ })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (n, i) => {
3905
3918
  let a = {};
3906
3919
  for (let h in e.body)
3907
3920
  h.startsWith("user_") && (a[h] = e.body[h]);
3908
3921
  return n.view(this.signupPage, {
3909
- errorMessage: t.message,
3910
- errorMessages: t.messages,
3911
- errorCode: t.code,
3912
- errorCodeName: g[t.code],
3922
+ errorMessage: i.message,
3923
+ errorMessages: i.messages,
3924
+ errorCode: i.code,
3925
+ errorCodeName: g[i.code],
3913
3926
  next: s,
3914
3927
  persist: e.body.persist,
3915
3928
  username: e.body.username,
@@ -3940,16 +3953,16 @@ class Ke {
3940
3953
  return await this.logout(
3941
3954
  e,
3942
3955
  o,
3943
- (i) => i.redirect(e.body.next ? e.body.next : this.logoutRedirect)
3956
+ (t) => t.redirect(e.body.next ? e.body.next : this.logoutRedirect)
3944
3957
  );
3945
- } catch (i) {
3946
- const n = l.asCrossauthError(i);
3958
+ } catch (t) {
3959
+ const n = l.asCrossauthError(t);
3947
3960
  return d.logger.error(c({
3948
3961
  message: "Logout failure",
3949
3962
  user: (r = e.user) == null ? void 0 : r.username,
3950
3963
  errorCodeName: n.codeName,
3951
3964
  errorCode: n.code
3952
- })), d.logger.debug(c({ err: i })), this.handleError(i, e, o, (t, a) => t.view(this.errorPage, {
3965
+ })), d.logger.debug(c({ err: t })), this.handleError(t, e, o, (i, a) => i.view(this.errorPage, {
3953
3966
  urlPrefix: this.prefix,
3954
3967
  errorMessage: a.message,
3955
3968
  errorMessages: a.messages,
@@ -3971,46 +3984,46 @@ class Ke {
3971
3984
  method: "POST",
3972
3985
  url: this.prefix + "api/login",
3973
3986
  ip: e.ip
3974
- })), e.user) return o.header(...A).send({ ok: !1, user: e.user });
3987
+ })), e.user) return o.header(...F).send({ ok: !1, user: e.user });
3975
3988
  try {
3976
3989
  return await this.login(
3977
3990
  e,
3978
3991
  o,
3979
3992
  (s, r) => {
3980
- if (r.state == O.passwordChangeNeeded) {
3981
- const i = new l(g.PasswordChangeNeeded);
3982
- return this.handleError(i, e, s, (n, t) => {
3983
- n.status(this.errorStatus(i)).header(...A).send({
3993
+ if (r.state == I.passwordChangeNeeded) {
3994
+ const t = new l(g.PasswordChangeNeeded);
3995
+ return this.handleError(t, e, s, (n, i) => {
3996
+ n.status(this.errorStatus(t)).header(...F).send({
3984
3997
  ok: !1,
3985
- errorMessage: t.message,
3986
- errorMessages: t.messages,
3987
- errorCode: t.code,
3988
- errorCodeName: g[t.code]
3998
+ errorMessage: i.message,
3999
+ errorMessages: i.messages,
4000
+ errorCode: i.code,
4001
+ errorCodeName: g[i.code]
3989
4002
  });
3990
4003
  });
3991
- } else if (r.state == O.passwordResetNeeded || r.state == O.passwordAndFactor2ResetNeeded) {
3992
- const i = new l(g.PasswordResetNeeded);
3993
- return this.handleError(i, e, s, (n, t) => {
3994
- n.status(this.errorStatus(i)).header(...A).send({
4004
+ } else if (r.state == I.passwordResetNeeded || r.state == I.passwordAndFactor2ResetNeeded) {
4005
+ const t = new l(g.PasswordResetNeeded);
4006
+ return this.handleError(t, e, s, (n, i) => {
4007
+ n.status(this.errorStatus(t)).header(...F).send({
3995
4008
  ok: !1,
3996
- errorMessage: t.message,
3997
- errorMessages: t.messages,
3998
- errorCode: t.code,
3999
- errorCodeName: g[t.code]
4009
+ errorMessage: i.message,
4010
+ errorMessages: i.messages,
4011
+ errorCode: i.code,
4012
+ errorCodeName: g[i.code]
4000
4013
  });
4001
4014
  });
4002
- } else if (this.allowedFactor2.length > 0 && (r.state == O.factor2ResetNeeded || !this.allowedFactor2.includes(r.factor2 ? r.factor2 : "none"))) {
4003
- const i = new l(g.Factor2ResetNeeded);
4004
- return this.handleError(i, e, s, (n, t) => {
4005
- n.status(this.errorStatus(i)).header(...A).send({
4015
+ } else if (this.allowedFactor2.length > 0 && (r.state == I.factor2ResetNeeded || !this.allowedFactor2.includes(r.factor2 ? r.factor2 : "none"))) {
4016
+ const t = new l(g.Factor2ResetNeeded);
4017
+ return this.handleError(t, e, s, (n, i) => {
4018
+ n.status(this.errorStatus(t)).header(...F).send({
4006
4019
  ok: !1,
4007
- errorMessage: t.message,
4008
- errorMessages: t.messages,
4009
- errorCode: t.code,
4010
- errorCodeName: g[t.code]
4020
+ errorMessage: i.message,
4021
+ errorMessages: i.messages,
4022
+ errorCode: i.code,
4023
+ errorCodeName: g[i.code]
4011
4024
  });
4012
4025
  });
4013
- } else return "factor2" in r && r.factor2 != "" && r.factor2 in this.authenticators ? s.header(...A).send({ ok: !0, twoFactorRequired: !0 }) : s.header(...A).send({ ok: !0, user: r });
4026
+ } else return "factor2" in r && r.factor2 != "" && r.factor2 in this.authenticators ? s.header(...F).send({ ok: !0, twoFactorRequired: !0 }) : s.header(...F).send({ ok: !0, user: r });
4014
4027
  }
4015
4028
  );
4016
4029
  } catch (s) {
@@ -4020,8 +4033,8 @@ class Ke {
4020
4033
  user: e.body.username,
4021
4034
  errorCodeName: r.codeName,
4022
4035
  errorCode: r.code
4023
- })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (i, n) => {
4024
- i.status(this.errorStatus(s)).header(...A).send({
4036
+ })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (t, n) => {
4037
+ t.status(this.errorStatus(s)).header(...F).send({
4025
4038
  ok: !1,
4026
4039
  errorMessage: n.message,
4027
4040
  errorMessages: n.messages,
@@ -4042,22 +4055,22 @@ class Ke {
4042
4055
  method: "POST",
4043
4056
  url: this.prefix + "api/cancelfactor2",
4044
4057
  ip: e.ip
4045
- })), e.user) return o.header(...A).send({ ok: !1, user: e.user });
4058
+ })), e.user) return o.header(...F).send({ ok: !1, user: e.user });
4046
4059
  try {
4047
4060
  return await this.cancelFactor2(
4048
4061
  e,
4049
4062
  o,
4050
- (s) => s.header(...A).send({ ok: !0 })
4063
+ (s) => s.header(...F).send({ ok: !0 })
4051
4064
  );
4052
4065
  } catch (s) {
4053
- const i = e.user || "", n = l.asCrossauthError(s);
4066
+ const t = e.user || "", n = l.asCrossauthError(s);
4054
4067
  return d.logger.error(c({
4055
4068
  message: "Cancel 2FA failure",
4056
- user: i,
4069
+ user: t,
4057
4070
  errorCodeName: n.codeName,
4058
4071
  errorCode: n.code
4059
- })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (t, a) => {
4060
- t.status(this.errorStatus(s)).header(...A).send({
4072
+ })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (i, a) => {
4073
+ i.status(this.errorStatus(s)).header(...F).send({
4061
4074
  ok: !1,
4062
4075
  errorMessage: a.message,
4063
4076
  errorMessages: a.messages,
@@ -4078,12 +4091,12 @@ class Ke {
4078
4091
  method: "POST",
4079
4092
  url: this.prefix + "api/loginfactor2",
4080
4093
  ip: e.ip
4081
- })), e.user) return o.header(...A).send({ ok: !1, user: e.user });
4094
+ })), e.user) return o.header(...F).send({ ok: !1, user: e.user });
4082
4095
  try {
4083
4096
  return await this.loginFactor2(
4084
4097
  e,
4085
4098
  o,
4086
- (s, r) => s.header(...A).send({ ok: !0, user: r })
4099
+ (s, r) => s.header(...F).send({ ok: !0, user: r })
4087
4100
  );
4088
4101
  } catch (s) {
4089
4102
  const r = l.asCrossauthError(s);
@@ -4092,7 +4105,7 @@ class Ke {
4092
4105
  hashOfSessionId: this.getHashOfSessionId(e),
4093
4106
  errorCodeName: r.codeName,
4094
4107
  errorCode: r.code
4095
- })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (i, n) => i.status(this.errorStatus(s)).header(...A).send({
4108
+ })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (t, n) => t.status(this.errorStatus(s)).header(...F).send({
4096
4109
  ok: !1,
4097
4110
  errorMessage: n.message,
4098
4111
  errorMessages: n.messages,
@@ -4119,17 +4132,17 @@ class Ke {
4119
4132
  return await this.logout(
4120
4133
  e,
4121
4134
  o,
4122
- (i) => i.header(...A).send({ ok: !0 })
4135
+ (t) => t.header(...F).send({ ok: !0 })
4123
4136
  );
4124
- } catch (i) {
4125
- const n = l.asCrossauthError(i);
4137
+ } catch (t) {
4138
+ const n = l.asCrossauthError(t);
4126
4139
  return d.logger.error(c({
4127
4140
  message: "Logout failure",
4128
4141
  user: (r = e.user) == null ? void 0 : r.username,
4129
4142
  errorCodeName: n.codeName,
4130
4143
  errorCode: n.code
4131
- })), d.logger.debug(c({ err: i })), this.handleError(i, e, o, (t, a) => {
4132
- t.status(this.errorStatus(i)).header(...A).send({
4144
+ })), d.logger.debug(c({ err: t })), this.handleError(t, e, o, (i, a) => {
4145
+ i.status(this.errorStatus(t)).header(...F).send({
4133
4146
  ok: !1,
4134
4147
  errorMessage: a.message,
4135
4148
  errorMessages: a.messages,
@@ -4156,26 +4169,26 @@ class Ke {
4156
4169
  return await this.signup(
4157
4170
  e,
4158
4171
  o,
4159
- (r, i, n) => r.header(...A).send({
4172
+ (r, t, n) => r.header(...F).send({
4160
4173
  ok: !0,
4161
4174
  user: n,
4162
4175
  emailVerificationNeeded: this.enableEmailVerification ?? !1,
4163
- ...i.userData
4176
+ ...t.userData
4164
4177
  })
4165
4178
  );
4166
4179
  } catch (r) {
4167
- const i = l.asCrossauthError(r);
4180
+ const t = l.asCrossauthError(r);
4168
4181
  d.logger.error(c({
4169
4182
  message: "Signup failure",
4170
4183
  user: (s = e.user) == null ? void 0 : s.username,
4171
- errorCodeName: i.codeName,
4172
- errorCode: i.code
4173
- })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (n, t) => {
4174
- n.status(this.errorStatus(r)).header(...A).send({
4184
+ errorCodeName: t.codeName,
4185
+ errorCode: t.code
4186
+ })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (n, i) => {
4187
+ n.status(this.errorStatus(r)).header(...F).send({
4175
4188
  ok: !1,
4176
- errorMessage: t.message,
4177
- errorMessages: t.messages,
4178
- errorCode: g[t.code]
4189
+ errorMessage: i.message,
4190
+ errorMessages: i.messages,
4191
+ errorCode: g[i.code]
4179
4192
  });
4180
4193
  });
4181
4194
  }
@@ -4200,28 +4213,28 @@ class Ke {
4200
4213
  "No CSRF token present"
4201
4214
  );
4202
4215
  try {
4203
- let i;
4204
- return e.sessionId ? (i = (await this.sessionManager.userForSessionId(e.sessionId)).user, o.header(...A).send({ ok: !0, user: i })) : this.sendJsonError(
4216
+ let t;
4217
+ return e.sessionId ? (t = (await this.sessionManager.userForSessionId(e.sessionId)).user, o.header(...F).send({ ok: !0, user: t })) : this.sendJsonError(
4205
4218
  o,
4206
4219
  401,
4207
4220
  "User not logged in"
4208
4221
  );
4209
- } catch (i) {
4210
- const n = l.asCrossauthError(i);
4211
- let t = n.message, a = n.code, h = n.codeName;
4222
+ } catch (t) {
4223
+ const n = l.asCrossauthError(t);
4224
+ let i = n.message, a = n.code, h = n.codeName;
4212
4225
  switch (n.code) {
4213
4226
  case g.UserNotExist:
4214
4227
  case g.PasswordInvalid:
4215
- t = "Invalid username or password", a = g.UsernameOrPasswordInvalid, h = g[a];
4228
+ i = "Invalid username or password", a = g.UsernameOrPasswordInvalid, h = g[a];
4216
4229
  break;
4217
4230
  }
4218
4231
  return d.logger.error(c({
4219
- message: t,
4232
+ message: i,
4220
4233
  user: (r = e.user) == null ? void 0 : r.username,
4221
4234
  hashOfSessionId: this.getHashOfSessionId(e),
4222
4235
  errorCodeName: h,
4223
4236
  errorCode: a
4224
- })), d.logger.debug(c({ err: i })), o.status(this.errorStatus(i)).header(...A).send({
4237
+ })), d.logger.debug(c({ err: t })), o.status(this.errorStatus(t)).header(...F).send({
4225
4238
  ok: !1,
4226
4239
  errorCode: a,
4227
4240
  errorCodeName: h
@@ -4243,19 +4256,19 @@ class Ke {
4243
4256
  user: (s = e.user) == null ? void 0 : s.username
4244
4257
  }));
4245
4258
  try {
4246
- return o.header(...A).send({
4259
+ return o.header(...F).send({
4247
4260
  ok: !0,
4248
4261
  csrfToken: e.csrfToken
4249
4262
  });
4250
- } catch (i) {
4251
- const n = l.asCrossauthError(i);
4263
+ } catch (t) {
4264
+ const n = l.asCrossauthError(t);
4252
4265
  return d.logger.error(c({
4253
4266
  message: "getcsrftoken failure",
4254
4267
  user: (r = e.user) == null ? void 0 : r.username,
4255
4268
  hashedCsrfCookie: this.getHashOfCsrfCookie(e),
4256
4269
  errorCode: n.code,
4257
4270
  errorCodeName: n.codeName
4258
- })), d.logger.debug(c({ err: i })), o.status(this.errorStatus(i)).header(...A).send({
4271
+ })), d.logger.debug(c({ err: t })), o.status(this.errorStatus(t)).header(...F).send({
4259
4272
  ok: !1,
4260
4273
  errorCode: n.code,
4261
4274
  errorCodeName: n.codeName,
@@ -4272,10 +4285,10 @@ class Ke {
4272
4285
  o,
4273
4286
  e.user
4274
4287
  );
4275
- const r = e.body.username, i = e.body.persist;
4288
+ const r = e.body.username, t = e.body.persist;
4276
4289
  if (!e.csrfToken) throw new l(g.InvalidCsrf);
4277
4290
  const n = this.getSessionCookieValue(e);
4278
- let t = this.addToSession ? this.addToSession(e) : {}, { sessionCookie: a, csrfCookie: h, user: f } = await this.sessionManager.login(r, e.body, t, i);
4291
+ let i = this.addToSession ? this.addToSession(e) : {}, { sessionCookie: a, csrfCookie: h, user: f } = await this.sessionManager.login(r, e.body, i, t);
4279
4292
  if (d.logger.debug(c({
4280
4293
  message: "Login: set session cookie " + a.name + " opts " + JSON.stringify(a.options),
4281
4294
  user: e.body.username
@@ -4304,24 +4317,24 @@ class Ke {
4304
4317
  );
4305
4318
  const r = e.sessionId;
4306
4319
  if (!r) throw new l(g.Unauthorized);
4307
- const i = e.body.persist;
4320
+ const t = e.body.persist;
4308
4321
  if (this.isSessionUser(e) && !e.csrfToken) throw new l(g.InvalidCsrf);
4309
4322
  let n = this.addToSession ? this.addToSession(e) : {};
4310
- const { sessionCookie: t, csrfCookie: a, user: h } = await this.sessionManager.completeTwoFactorLogin(
4323
+ const { sessionCookie: i, csrfCookie: a, user: h } = await this.sessionManager.completeTwoFactorLogin(
4311
4324
  e.body,
4312
4325
  r,
4313
4326
  n,
4314
- i
4327
+ t
4315
4328
  );
4316
4329
  return d.logger.debug(c({
4317
- message: "Login: set session cookie " + t.name + " opts " + JSON.stringify(t.options),
4330
+ message: "Login: set session cookie " + i.name + " opts " + JSON.stringify(i.options),
4318
4331
  user: h == null ? void 0 : h.username
4319
4332
  })), o.cookie(
4320
- t.name,
4321
- t.value,
4322
- t.options
4333
+ i.name,
4334
+ i.value,
4335
+ i.options
4323
4336
  ), d.logger.debug(c({
4324
- message: "Login: set csrf cookie " + a.name + " opts " + JSON.stringify(t.options),
4337
+ message: "Login: set csrf cookie " + a.name + " opts " + JSON.stringify(i.options),
4325
4338
  user: h == null ? void 0 : h.username
4326
4339
  })), o.cookie(a.name, a.value, a.options), e.csrfToken = await this.sessionManager.createCsrfFormOrHeaderValue(a.value), s(o, h);
4327
4340
  }
@@ -4333,9 +4346,9 @@ class Ke {
4333
4346
  /**
4334
4347
  * This is called after the user has been validated to log the user in
4335
4348
  */
4336
- async loginWithUser(e, o, s, r, i) {
4349
+ async loginWithUser(e, o, s, r, t) {
4337
4350
  const n = this.getSessionCookieValue(s);
4338
- let t = this.addToSession ? this.addToSession(s) : {}, { sessionCookie: a, csrfCookie: h } = await this.sessionManager.login("", {}, t, void 0, e, o);
4351
+ let i = this.addToSession ? this.addToSession(s) : {}, { sessionCookie: a, csrfCookie: h } = await this.sessionManager.login("", {}, i, void 0, e, o);
4339
4352
  if (d.logger.debug(c({
4340
4353
  message: "Login: set session cookie " + a.name + " opts " + JSON.stringify(a.options),
4341
4354
  user: e.username
@@ -4355,19 +4368,19 @@ class Ke {
4355
4368
  hashOfSessionId: this.getHashOfSessionId(s)
4356
4369
  })), d.logger.debug(c({ err: f }));
4357
4370
  }
4358
- return i(r, e);
4371
+ return t(r, e);
4359
4372
  }
4360
4373
  async signup(e, o, s) {
4361
4374
  if (!this.userStorage) throw new l(g.Configuration, "Cannot call signup unless you provide a user stotage");
4362
4375
  if (this.isSessionUser(e) && !e.csrfToken) throw new l(g.InvalidCsrf);
4363
- const r = e.body.username, i = e.body.next;
4376
+ const r = e.body.username, t = e.body.next;
4364
4377
  if (e.body.factor2 || (e.body.factor2 = this.allowedFactor2[0]), e.body.factor2 && !this.allowedFactor2.includes(e.body.factor2 ?? "none"))
4365
4378
  throw new l(
4366
4379
  g.Forbidden,
4367
4380
  "Illegal second factor " + e.body.factor2 + " requested"
4368
4381
  );
4369
4382
  (e.body.factor2 == "none" || e.body.factor2 == "") && (e.body.factor2 = void 0);
4370
- let n = this.createUserFn(e, this.userStorage.userEditableFields, this.userAllowedFactor1, this.allowedFactor2), t = this.authenticators[n.factor1].validateSecrets(e.body);
4383
+ let n = this.createUserFn(e, this.userStorage.userEditableFields, this.userAllowedFactor1, this.allowedFactor2), i = this.authenticators[n.factor1].validateSecrets(e.body);
4371
4384
  const a = this.authenticators[n.factor1].secretNames();
4372
4385
  let h = {};
4373
4386
  for (let m in e.body)
@@ -4375,8 +4388,8 @@ class Ke {
4375
4388
  const w = m.replace(/^repeat_/, "");
4376
4389
  a.includes(w) && (h[w] = e.body[m]);
4377
4390
  }
4378
- Object.keys(h).length === 0 && (h = void 0), n.state = "active", e.body.factor2 && e.body.factor2 != "none" ? this.enableEmailVerification ? n.state = O.awaitingTwoFactorSetupAndEmailVerification : n.state = O.awaitingTwoFactorSetup : this.enableEmailVerification && (n.state = "awaitingemailverification");
4379
- let p = [...this.validateUserFn(n), ...t];
4391
+ Object.keys(h).length === 0 && (h = void 0), n.state = "active", e.body.factor2 && e.body.factor2 != "none" ? this.enableEmailVerification ? n.state = I.awaitingTwoFactorSetupAndEmailVerification : n.state = I.awaitingTwoFactorSetup : this.enableEmailVerification && (n.state = "awaitingemailverification");
4392
+ let p = [...this.validateUserFn(n), ...i];
4380
4393
  if (p.length > 0)
4381
4394
  throw new l(g.FormEntry, p);
4382
4395
  let v = !1;
@@ -4410,7 +4423,7 @@ class Ke {
4410
4423
  let w = {
4411
4424
  userData: m,
4412
4425
  username: r,
4413
- next: i ?? this.loginRedirect,
4426
+ next: t ?? this.loginRedirect,
4414
4427
  csrfToken: e.csrfToken
4415
4428
  };
4416
4429
  return s(o, w);
@@ -4453,14 +4466,14 @@ class Ke {
4453
4466
  d.logger.debug(c({ message: "Creating session ID" }));
4454
4467
  let r = this.addToSession ? this.addToSession(e) : {};
4455
4468
  s && (r.data = JSON.stringify(s));
4456
- let { sessionCookie: i, csrfCookie: n, csrfFormOrHeaderValue: t } = await this.sessionManager.createAnonymousSession(r);
4469
+ let { sessionCookie: t, csrfCookie: n, csrfFormOrHeaderValue: i } = await this.sessionManager.createAnonymousSession(r);
4457
4470
  o.cookie(
4458
- i.name,
4459
- i.value,
4460
- i.options
4461
- ), e.csrfToken = t, o.setCookie(n.name, n.value, n.options), e.user = void 0;
4462
- const a = this.sessionManager.getSessionId(i.value);
4463
- return e.sessionId = a, i.value;
4471
+ t.name,
4472
+ t.value,
4473
+ t.options
4474
+ ), e.csrfToken = i, o.setCookie(n.name, n.value, n.options), e.user = void 0;
4475
+ const a = this.sessionManager.getSessionId(t.value);
4476
+ return e.sessionId = a, t.value;
4464
4477
  }
4465
4478
  /**
4466
4479
  * Called by each endpoint on error.
@@ -4476,27 +4489,27 @@ class Ke {
4476
4489
  * incorrect. If false, report that the username or password is
4477
4490
  * incorrect. Default false.
4478
4491
  */
4479
- handleError(e, o, s, r, i = !1) {
4492
+ handleError(e, o, s, r, t = !1) {
4480
4493
  var n;
4481
4494
  try {
4482
- let t = l.asCrossauthError(e);
4483
- if (!i)
4484
- switch (t.code) {
4495
+ let i = l.asCrossauthError(e);
4496
+ if (!t)
4497
+ switch (i.code) {
4485
4498
  case g.UserNotExist:
4486
4499
  case g.PasswordInvalid:
4487
- t = new l(
4500
+ i = new l(
4488
4501
  g.UsernameOrPasswordInvalid,
4489
4502
  "Invalid username or password"
4490
4503
  );
4491
4504
  break;
4492
4505
  }
4493
- return d.logger.debug(c({ err: t })), d.logger.error(c({
4494
- cerr: t,
4506
+ return d.logger.debug(c({ err: i })), d.logger.error(c({
4507
+ cerr: i,
4495
4508
  hashOfSessionId: this.getHashOfSessionId(o),
4496
4509
  user: (n = o.user) == null ? void 0 : n.username
4497
- })), r(s, t);
4498
- } catch (t) {
4499
- return d.logger.error(c({ err: t })), r(s, new l(g.UnknownError));
4510
+ })), r(s, i);
4511
+ } catch (i) {
4512
+ return d.logger.error(c({ err: i })), r(s, new l(g.UnknownError));
4500
4513
  }
4501
4514
  }
4502
4515
  //////////////
@@ -4519,6 +4532,15 @@ class Ke {
4519
4532
  if (e.cookies && this.sessionManager.csrfCookieName in e.cookies)
4520
4533
  return e.cookies[this.sessionManager.csrfCookieName];
4521
4534
  }
4535
+ /**
4536
+ * Returns the known device cookie value from the request
4537
+ * @param request the Fastify request
4538
+ * @returns the CSRF token cookie value
4539
+ */
4540
+ getKnownDeviceCookieValue(e) {
4541
+ if (e.cookies && this.sessionManager.knownDeviceCookieName in e.cookies)
4542
+ return e.cookies[this.sessionManager.knownDeviceCookieName];
4543
+ }
4522
4544
  /**
4523
4545
  * Returns a hash of the session ID. Used for logging (for security,
4524
4546
  * the actual session ID is not logged)
@@ -4528,7 +4550,7 @@ class Ke {
4528
4550
  getHashOfSessionId(e) {
4529
4551
  if (!e.sessionId) return "";
4530
4552
  try {
4531
- return F.hash(e.sessionId);
4553
+ return N.hash(e.sessionId);
4532
4554
  } catch {
4533
4555
  }
4534
4556
  return "";
@@ -4543,7 +4565,7 @@ class Ke {
4543
4565
  const o = this.getCsrfCookieValue(e);
4544
4566
  if (!o) return "";
4545
4567
  try {
4546
- return F.hash(o.split(".")[0]);
4568
+ return N.hash(o.split(".")[0]);
4547
4569
  } catch {
4548
4570
  }
4549
4571
  return "";
@@ -4572,14 +4594,14 @@ class Ke {
4572
4594
  * @returns the Fastiy reply
4573
4595
  */
4574
4596
  csrfToken(e, o) {
4575
- var i;
4597
+ var t;
4576
4598
  let s;
4577
4599
  const r = this.sessionManager.csrfHeaderName;
4578
4600
  if (e.headers && r.toLowerCase() in e.headers) {
4579
4601
  const n = e.headers[r.toLowerCase()];
4580
4602
  Array.isArray(n) ? s = n[0] : s = n;
4581
4603
  }
4582
- if (!s && ((i = e.body) != null && i.csrfToken) && (s = e.body.csrfToken), s)
4604
+ if (!s && ((t = e.body) != null && t.csrfToken) && (s = e.body.csrfToken), s)
4583
4605
  try {
4584
4606
  this.sessionManager.validateDoubleSubmitCsrfToken(
4585
4607
  this.getCsrfCookieValue(e),
@@ -4605,18 +4627,18 @@ class Ke {
4605
4627
  */
4606
4628
  sendJsonError(e, o, s, r) {
4607
4629
  (!s || !r) && (s = "Unknown error");
4608
- const i = r ? l.asCrossauthError(r) : void 0;
4630
+ const t = r ? l.asCrossauthError(r) : void 0;
4609
4631
  return d.logger.warn(c({
4610
4632
  message: s,
4611
- errorCode: i == null ? void 0 : i.code,
4612
- errorCodeName: i == null ? void 0 : i.codeName,
4633
+ errorCode: t == null ? void 0 : t.code,
4634
+ errorCodeName: t == null ? void 0 : t.codeName,
4613
4635
  httpStatus: o
4614
- })), e.header(...A).status(o).send({
4636
+ })), e.header(...F).status(o).send({
4615
4637
  ok: !1,
4616
4638
  status: o,
4617
4639
  errorMessage: s,
4618
- errorCode: i == null ? void 0 : i.code,
4619
- errorCodeName: i == null ? void 0 : i.codeName
4640
+ errorCode: t == null ? void 0 : t.code,
4641
+ errorCodeName: t == null ? void 0 : t.codeName
4620
4642
  });
4621
4643
  }
4622
4644
  /**
@@ -4743,41 +4765,41 @@ class Ye {
4743
4765
  u(this, "apiKeyManager");
4744
4766
  this.app = e, this.userStorage = o, this.apiKeyManager = new Y(s, r), this.app.addHook(
4745
4767
  "preHandler",
4746
- async (i, n) => {
4747
- if (i.headers.authorization)
4768
+ async (t, n) => {
4769
+ if (t.headers.authorization)
4748
4770
  try {
4749
4771
  d.logger.debug(c({
4750
4772
  msg: "Received authorization header"
4751
4773
  }));
4752
- const t = await this.apiKeyManager.validateToken(
4753
- i.headers.authorization
4774
+ const i = await this.apiKeyManager.validateToken(
4775
+ t.headers.authorization
4754
4776
  );
4755
4777
  d.logger.debug(c({
4756
4778
  msg: "Valid API key",
4757
- hahedApiKey: Y.hashSignedApiKeyValue(t.value)
4779
+ hashedApiKey: Y.hashSignedApiKeyValue(i.value)
4758
4780
  }));
4759
- const a = Fe.decodeData(t.data);
4760
- if (i.apiKey = { ...t, ...a }, "scope" in a && Array.isArray(a.scope)) {
4781
+ const a = Fe.decodeData(i.data);
4782
+ if (t.apiKey = { ...i, ...a }, "scope" in a && Array.isArray(a.scope)) {
4761
4783
  let h = [];
4762
4784
  for (let f of a.scope)
4763
4785
  typeof f == "string" && h.push(f);
4764
- i.scope = h;
4786
+ t.scope = h;
4765
4787
  }
4766
- if (t.userid)
4788
+ if (i.userid)
4767
4789
  try {
4768
- const { user: h } = await this.userStorage.getUserById(t.userid);
4769
- i.user = h, i.authType = "apiKey", d.logger.debug(c({ msg: "API key is for user", userid: h.id, user: h.username, hahedApiKey: Y.hashSignedApiKeyValue(t.value) }));
4790
+ const { user: h } = await this.userStorage.getUserById(i.userid);
4791
+ t.user = h, t.authType = "apiKey", d.logger.debug(c({ msg: "API key is for user", userid: h.id, user: h.username, hashedApiKey: Y.hashSignedApiKeyValue(i.value) }));
4770
4792
  } catch (h) {
4771
- d.logger.error(c({ msg: "API key has invalid user", userid: t.userid, hashedApiKey: Y.hashSignedApiKeyValue(t.value) })), d.logger.debug(c({ err: h }));
4793
+ d.logger.error(c({ msg: "API key has invalid user", userid: i.userid, hashedApiKey: Y.hashSignedApiKeyValue(i.value) })), d.logger.debug(c({ err: h }));
4772
4794
  }
4773
- } catch (t) {
4774
- d.logger.error(c({ msg: "Invalid authorization header received", header: i.headers.authorization })), d.logger.debug(c({ err: t }));
4795
+ } catch (i) {
4796
+ d.logger.error(c({ msg: "Invalid authorization header received", header: t.headers.authorization })), d.logger.debug(c({ err: i }));
4775
4797
  }
4776
4798
  }
4777
4799
  );
4778
4800
  }
4779
4801
  }
4780
- const x = ["Content-Type", "application/json; charset=utf-8"];
4802
+ const A = ["Content-Type", "application/json; charset=utf-8"];
4781
4803
  class $e {
4782
4804
  /**
4783
4805
  * Constructor
@@ -4789,7 +4811,7 @@ class $e {
4789
4811
  * for the password flow
4790
4812
  * @param options see {@link FastifyAuthorizationServerOptions}
4791
4813
  */
4792
- constructor(e, o, s, r, i, n = {}) {
4814
+ constructor(e, o, s, r, t, n = {}) {
4793
4815
  /** The Fastify app passed to the constructor */
4794
4816
  u(this, "app");
4795
4817
  /** The underlying framework-independent authorization server */
@@ -4814,11 +4836,11 @@ class $e {
4814
4836
  this.app = e, this.fastifyServer = o, this.clientStorage = s, this.authServer = new Ne(
4815
4837
  this.clientStorage,
4816
4838
  r,
4817
- i,
4839
+ t,
4818
4840
  n
4819
4841
  ), C("prefix", k.String, this, n, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), C("errorPage", k.String, this, n, "ERROR_PAGE"), C("devicePage", k.String, this, n, "OAUTH_DEVICE_PAGE"), C("loginUrl", k.String, this, n, "LOGIN_URL"), C("oauthAuthorizePage", k.String, this, n, "OAUTH_AUTHORIZE_PAGE"), C("refreshTokenType", k.String, this, n, "OAUTH_REFRESH_TOKEN_TYPE"), C("refreshTokenCookieName", k.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_NAME"), C("refreshTokenCookieDomain", k.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_DOMAIN"), C("refreshTokenCookieHttpOnly", k.Boolean, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_HTTPONLY"), C("refreshTokenCookiePath", k.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_PATH"), C("refreshTokenCookieSecure", k.Boolean, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_SECURE"), C("refreshTokenCookieSameSite", k.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_SAMESITE"), C("createGetCsrfTokenEndpoint", k.String, this, n, "OAUTH_CREATE_GET_CSRF_TOKEN_ENDPOINT"), this.refreshTokenType != "json" && (this.createGetCsrfTokenEndpoint ? this.csrfTokens = new Ue(n.doubleSubmitCookieOptions) : this.fastifyServer.sessionServer && (this.csrfTokens = this.fastifyServer.sessionServer.sessionManager.csrfTokens)), this.createGetCsrfTokenEndpoint && this.addApiGetCsrfTokenEndpoints(), e.get(
4820
4842
  this.prefix + ".well-known/openid-configuration",
4821
- async (t, a) => a.header(...x).status(200).send(
4843
+ async (i, a) => a.header(...A).status(200).send(
4822
4844
  this.authServer.oidcConfiguration({
4823
4845
  authorizeEndpoint: this.prefix + "authorize",
4824
4846
  tokenEndpoint: this.prefix + "token",
@@ -4828,32 +4850,32 @@ class $e {
4828
4850
  )
4829
4851
  ), e.get(
4830
4852
  this.prefix + "jwks",
4831
- async (t, a) => a.header(...x).status(200).send(
4853
+ async (i, a) => a.header(...A).status(200).send(
4832
4854
  this.authServer.jwks()
4833
4855
  )
4834
- ), (this.authServer.validFlows.includes(E.AuthorizationCode) || this.authServer.validFlows.includes(E.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(E.OidcAuthorizationCode)) && (e.get(this.prefix + "authorize", async (t, a) => {
4856
+ ), (this.authServer.validFlows.includes(E.AuthorizationCode) || this.authServer.validFlows.includes(E.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(E.OidcAuthorizationCode)) && (e.get(this.prefix + "authorize", async (i, a) => {
4835
4857
  var h;
4836
- return d.logger.info(c({ msg: "Page visit", method: "GET", url: this.prefix + "authorize", ip: t.ip, user: (h = t.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(t, a, t.query);
4837
- }), e.post(this.prefix + "authorize", async (t, a) => {
4858
+ return d.logger.info(c({ msg: "Page visit", method: "GET", url: this.prefix + "authorize", ip: i.ip, user: (h = i.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(i, a, i.query);
4859
+ }), e.post(this.prefix + "authorize", async (i, a) => {
4838
4860
  var h;
4839
- return d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: t.ip, user: (h = t.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(t, a, t.body);
4861
+ return d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: i.ip, user: (h = i.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(i, a, i.body);
4840
4862
  }), this.app.post(
4841
4863
  this.prefix + "userauthorize",
4842
- async (t, a) => {
4864
+ async (i, a) => {
4843
4865
  var p, v;
4844
- if (d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: t.ip, user: (p = t.user) == null ? void 0 : p.username })), !t.user) return y.sendPageError(
4866
+ if (d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: i.ip, user: (p = i.user) == null ? void 0 : p.username })), !i.user) return y.sendPageError(
4845
4867
  a,
4846
4868
  401,
4847
4869
  this.errorPage
4848
4870
  );
4849
4871
  let h, f;
4850
4872
  try {
4851
- h = await this.fastifyServer.validateCsrfToken(t);
4873
+ h = await this.fastifyServer.validateCsrfToken(i);
4852
4874
  } catch (m) {
4853
4875
  f = l.asCrossauthError(m), f.message = "Invalid csrf cookie received", d.logger.error(c({
4854
4876
  msg: f.message,
4855
- hashedCsrfCookie: h ? F.hash(h) : void 0,
4856
- user: (v = t.user) == null ? void 0 : v.username,
4877
+ hashedCsrfCookie: h ? N.hash(h) : void 0,
4878
+ user: (v = i.user) == null ? void 0 : v.username,
4857
4879
  cerr: f
4858
4880
  }));
4859
4881
  }
@@ -4882,45 +4904,45 @@ class $e {
4882
4904
  }
4883
4905
  }
4884
4906
  if (!f) {
4885
- const m = t.body.authorized == "true";
4886
- return await this.authorize(t, a, m, {
4887
- responseType: t.body.response_type,
4888
- client_id: t.body.client_id,
4889
- redirect_uri: t.body.redirect_uri,
4890
- scope: t.body.scope,
4891
- state: t.body.state,
4892
- codeChallenge: t.body.code_challenge,
4893
- codeChallengeMethod: t.body.code_challenge_method
4907
+ const m = i.body.authorized == "true";
4908
+ return await this.authorize(i, a, m, {
4909
+ responseType: i.body.response_type,
4910
+ client_id: i.body.client_id,
4911
+ redirect_uri: i.body.redirect_uri,
4912
+ scope: i.body.scope,
4913
+ state: i.body.state,
4914
+ codeChallenge: i.body.code_challenge,
4915
+ codeChallengeMethod: i.body.code_challenge_method
4894
4916
  });
4895
4917
  }
4896
4918
  }
4897
4919
  )), (this.authServer.validFlows.includes(E.AuthorizationCode) || this.authServer.validFlows.includes(E.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(E.OidcAuthorizationCode) || this.authServer.validFlows.includes(E.ClientCredentials) || this.authServer.validFlows.includes(E.RefreshToken) || this.authServer.validFlows.includes(E.Password) || this.authServer.validFlows.includes(E.PasswordMfa) || this.authServer.validFlows.includes(E.DeviceCode)) && this.app.post(
4898
4920
  this.prefix + "token",
4899
- async (t, a) => {
4921
+ async (i, a) => {
4900
4922
  var m;
4901
4923
  d.logger.info(c({
4902
4924
  msg: "Page visit",
4903
4925
  method: "POST",
4904
4926
  url: this.prefix + "token",
4905
- ip: t.ip,
4906
- user: (m = t.user) == null ? void 0 : m.username
4927
+ ip: i.ip,
4928
+ user: (m = i.user) == null ? void 0 : m.username
4907
4929
  }));
4908
- let h = t.body.client_id, f = t.body.client_secret;
4909
- if (t.headers.authorization) {
4930
+ let h = i.body.client_id, f = i.body.client_secret;
4931
+ if (i.headers.authorization) {
4910
4932
  let w, P;
4911
- const T = t.headers.authorization.split(" ");
4933
+ const T = i.headers.authorization.split(" ");
4912
4934
  if (T.length == 2 && T[0].toLocaleLowerCase() == "basic") {
4913
- const b = F.base64Decode(T[1]).split(":", 2);
4935
+ const b = N.base64Decode(T[1]).split(":", 2);
4914
4936
  b.length == 2 && (w = b[0], P = b[1]);
4915
4937
  }
4916
4938
  w == null || P == null ? d.logger.warn(c({
4917
- msg: "Ignoring malform authenization header " + t.headers.authorization
4939
+ msg: "Ignoring malform authenization header " + i.headers.authorization
4918
4940
  })) : (h = w, f = P);
4919
4941
  }
4920
- let p = t.body.refresh_token;
4921
- if ((this.refreshTokenType == "cookie" && t.cookies && this.refreshTokenCookieName in t.cookies || this.refreshTokenType == "both" && t.cookies && this.refreshTokenCookieName in t.cookies && p == null) && this.csrfTokens) {
4922
- const w = t.cookies[this.csrfTokens.cookieName];
4923
- let P = t.headers[this.csrfTokens.headerName.toLowerCase()];
4942
+ let p = i.body.refresh_token;
4943
+ if ((this.refreshTokenType == "cookie" && i.cookies && this.refreshTokenCookieName in i.cookies || this.refreshTokenType == "both" && i.cookies && this.refreshTokenCookieName in i.cookies && p == null) && this.csrfTokens) {
4944
+ const w = i.cookies[this.csrfTokens.cookieName];
4945
+ let P = i.headers[this.csrfTokens.headerName.toLowerCase()];
4924
4946
  if (Array.isArray(P) && (P = P[0]), !w || !P)
4925
4947
  return {
4926
4948
  error: "access_denied",
@@ -4929,166 +4951,166 @@ class $e {
4929
4951
  try {
4930
4952
  this.csrfTokens.validateDoubleSubmitCsrfToken(w, P);
4931
4953
  } catch (T) {
4932
- return d.logger.debug(c({ err: T })), d.logger.warn(c({ cerr: T, msg: "Invalid csrf token", client_id: t.body.client_id })), {
4954
+ return d.logger.debug(c({ err: T })), d.logger.warn(c({ cerr: T, msg: "Invalid csrf token", client_id: i.body.client_id })), {
4933
4955
  error: "access_denied",
4934
4956
  error_description: "Invalid csrf token"
4935
4957
  };
4936
4958
  }
4937
- p = t.cookies[this.refreshTokenCookieName];
4959
+ p = i.cookies[this.refreshTokenCookieName];
4938
4960
  }
4939
4961
  const v = await this.authServer.tokenEndpoint({
4940
- grantType: t.body.grant_type,
4962
+ grantType: i.body.grant_type,
4941
4963
  client_id: h,
4942
4964
  client_secret: f,
4943
- scope: t.body.scope,
4944
- codeVerifier: t.body.code_verifier,
4945
- code: t.body.code,
4946
- username: t.body.username,
4947
- password: t.body.password,
4948
- mfaToken: t.body.mfa_token,
4949
- oobCode: t.body.oob_code,
4950
- bindingCode: t.body.binding_code,
4951
- otp: t.body.otp,
4965
+ scope: i.body.scope,
4966
+ codeVerifier: i.body.code_verifier,
4967
+ code: i.body.code,
4968
+ username: i.body.username,
4969
+ password: i.body.password,
4970
+ mfaToken: i.body.mfa_token,
4971
+ oobCode: i.body.oob_code,
4972
+ bindingCode: i.body.binding_code,
4973
+ otp: i.body.otp,
4952
4974
  refreshToken: p,
4953
- deviceCode: t.body.device_code
4975
+ deviceCode: i.body.device_code
4954
4976
  });
4955
4977
  if (v.error == "authorization_pending")
4956
- return a.header(...x).status(200).send(v);
4978
+ return a.header(...A).status(200).send(v);
4957
4979
  if (v.refresh_token && this.refreshTokenType != "json" && this.setRefreshTokenCookie(a, v.refresh_token, v.expires_in), v.error || !v.access_token) {
4958
4980
  let w = "server_error", P = "Neither code nor error received when requesting authorization";
4959
4981
  v.error && (w = v.error), v.error_description && (P = v.error_description);
4960
4982
  const T = l.fromOAuthError(w, P);
4961
- return d.logger.error(c({ cerr: T })), a.header(...x).status(T.httpStatus).send(v);
4983
+ return d.logger.error(c({ cerr: T })), a.header(...A).status(T.httpStatus).send(v);
4962
4984
  }
4963
- return a.header(...x).send(v);
4985
+ return a.header(...A).send(v);
4964
4986
  }
4965
4987
  ), this.authServer.validFlows.includes(E.PasswordMfa) && (e.get(
4966
4988
  this.prefix + "mfa/authenticators",
4967
- async (t, a) => {
4989
+ async (i, a) => {
4968
4990
  var h;
4969
4991
  return d.logger.info(c({
4970
4992
  msg: "Page visit",
4971
4993
  method: "GET",
4972
4994
  url: this.prefix + "mfa/authenticators",
4973
- ip: t.ip,
4974
- user: (h = t.user) == null ? void 0 : h.username
4975
- })), await this.mfaAuthenticatorsEndpoint(t, a);
4995
+ ip: i.ip,
4996
+ user: (h = i.user) == null ? void 0 : h.username
4997
+ })), await this.mfaAuthenticatorsEndpoint(i, a);
4976
4998
  }
4977
4999
  ), e.post(
4978
5000
  this.prefix + "mfa/authenticators",
4979
- async (t, a) => {
5001
+ async (i, a) => {
4980
5002
  var h;
4981
5003
  return d.logger.info(c({
4982
5004
  msg: "Page visit",
4983
5005
  method: "POST",
4984
5006
  url: this.prefix + "mfa/authenticators",
4985
- ip: t.ip,
4986
- user: (h = t.user) == null ? void 0 : h.username
4987
- })), await this.mfaAuthenticatorsEndpoint(t, a);
5007
+ ip: i.ip,
5008
+ user: (h = i.user) == null ? void 0 : h.username
5009
+ })), await this.mfaAuthenticatorsEndpoint(i, a);
4988
5010
  }
4989
5011
  ), e.post(
4990
5012
  this.prefix + "mfa/challenge",
4991
- async (t, a) => {
5013
+ async (i, a) => {
4992
5014
  var h;
4993
5015
  return d.logger.info(c({
4994
5016
  msg: "Page visit",
4995
5017
  method: "POST",
4996
5018
  url: this.prefix + "mfa/challenge",
4997
- ip: t.ip,
4998
- user: (h = t.user) == null ? void 0 : h.username
4999
- })), await this.mfaChallengeEndpoint(t, a, t.body);
5019
+ ip: i.ip,
5020
+ user: (h = i.user) == null ? void 0 : h.username
5021
+ })), await this.mfaChallengeEndpoint(i, a, i.body);
5000
5022
  }
5001
5023
  )), this.authServer.validFlows.includes(E.DeviceCode) && (this.app.post(
5002
5024
  this.prefix + "device_authorization",
5003
- async (t, a) => {
5025
+ async (i, a) => {
5004
5026
  var v;
5005
5027
  d.logger.info(c({
5006
5028
  msg: "Page visit",
5007
5029
  method: "POST",
5008
5030
  url: this.prefix + "device_authorization",
5009
- ip: t.ip,
5010
- user: (v = t.user) == null ? void 0 : v.username
5031
+ ip: i.ip,
5032
+ user: (v = i.user) == null ? void 0 : v.username
5011
5033
  }));
5012
- let h = t.body.client_id, f = t.body.client_secret;
5013
- if (t.headers.authorization) {
5034
+ let h = i.body.client_id, f = i.body.client_secret;
5035
+ if (i.headers.authorization) {
5014
5036
  let m, w;
5015
- const P = t.headers.authorization.split(" ");
5037
+ const P = i.headers.authorization.split(" ");
5016
5038
  if (P.length == 2 && P[0].toLocaleLowerCase() == "basic") {
5017
- const N = F.base64Decode(P[1]).split(":", 2);
5018
- N.length == 2 && (m = N[0], w = N[1]);
5039
+ const _ = N.base64Decode(P[1]).split(":", 2);
5040
+ _.length == 2 && (m = _[0], w = _[1]);
5019
5041
  }
5020
5042
  m == null || w == null ? d.logger.warn(c({
5021
- msg: "Ignoring malform authenization header " + t.headers.authorization
5043
+ msg: "Ignoring malform authenization header " + i.headers.authorization
5022
5044
  })) : (h = m, f = w);
5023
5045
  }
5024
5046
  const p = await this.authServer.deviceAuthorizationEndpoint({
5025
5047
  client_id: h,
5026
5048
  client_secret: f,
5027
- scope: t.body.scope
5049
+ scope: i.body.scope
5028
5050
  });
5029
5051
  if (p.error || !p.device_code || !p.user_code) {
5030
5052
  let m = "server_error", w = "Neither code nor error received when requesting authorization";
5031
5053
  p.error && (m = p.error), p.error_description && (w = p.error_description);
5032
5054
  const P = l.fromOAuthError(m, w);
5033
- return d.logger.error(c({ cerr: P })), a.header(...x).status(P.httpStatus).send(p);
5055
+ return d.logger.error(c({ cerr: P })), a.header(...A).status(P.httpStatus).send(p);
5034
5056
  }
5035
- return a.header(...x).send(p);
5057
+ return a.header(...A).send(p);
5036
5058
  }
5037
5059
  ), e.get(
5038
5060
  this.prefix + "device",
5039
- async (t, a) => {
5061
+ async (i, a) => {
5040
5062
  var h;
5041
5063
  return d.logger.info(c({
5042
5064
  msg: "Page visit",
5043
5065
  method: "GET",
5044
5066
  url: this.prefix + "device",
5045
- ip: t.ip,
5046
- user: (h = t.user) == null ? void 0 : h.username
5047
- })), t.user ? await this.deviceGet(!1, t, a, t.user) : a.redirect(this.loginUrl + "?next=" + encodeURIComponent(t.url), 302);
5067
+ ip: i.ip,
5068
+ user: (h = i.user) == null ? void 0 : h.username
5069
+ })), i.user ? await this.deviceGet(!1, i, a, i.user) : a.redirect(this.loginUrl + "?next=" + encodeURIComponent(i.url), 302);
5048
5070
  }
5049
5071
  ), e.get(
5050
5072
  this.prefix + "api/device",
5051
- async (t, a) => {
5073
+ async (i, a) => {
5052
5074
  var h;
5053
5075
  if (d.logger.info(c({
5054
5076
  msg: "Page visit",
5055
5077
  method: "GET",
5056
5078
  url: this.prefix + "device",
5057
- ip: t.ip,
5058
- user: (h = t.user) == null ? void 0 : h.username
5059
- })), !t.user) {
5079
+ ip: i.ip,
5080
+ user: (h = i.user) == null ? void 0 : h.username
5081
+ })), !i.user) {
5060
5082
  const f = new l(g.Unauthorized, "Not logged in");
5061
- return a.header(...x).status(401).send({
5083
+ return a.header(...A).status(401).send({
5062
5084
  errorMessage: f.message,
5063
5085
  errorCode: f.code,
5064
5086
  errorCodeName: f.codeName
5065
5087
  });
5066
5088
  }
5067
- return await this.deviceGet(!0, t, a, t.user);
5089
+ return await this.deviceGet(!0, i, a, i.user);
5068
5090
  }
5069
5091
  ), this.app.post(
5070
5092
  this.prefix + "device",
5071
- async (t, a) => {
5093
+ async (i, a) => {
5072
5094
  var h;
5073
5095
  return d.logger.info(c({
5074
5096
  msg: "Page visit",
5075
5097
  method: "POST",
5076
5098
  url: this.prefix + "device",
5077
- ip: t.ip,
5078
- user: (h = t.user) == null ? void 0 : h.username
5079
- })), t.user ? await this.deviceCodePost(!1, t, a) : a.redirect(this.loginUrl + "?next=" + encodeURIComponent(t.url), 302);
5099
+ ip: i.ip,
5100
+ user: (h = i.user) == null ? void 0 : h.username
5101
+ })), i.user ? await this.deviceCodePost(!1, i, a) : a.redirect(this.loginUrl + "?next=" + encodeURIComponent(i.url), 302);
5080
5102
  }
5081
5103
  ), this.app.post(
5082
5104
  this.prefix + "api/device",
5083
- async (t, a) => {
5105
+ async (i, a) => {
5084
5106
  var h;
5085
5107
  return d.logger.info(c({
5086
5108
  msg: "Page visit",
5087
5109
  method: "POST",
5088
5110
  url: this.prefix + "device",
5089
- ip: t.ip,
5090
- user: (h = t.user) == null ? void 0 : h.username
5091
- })), await this.deviceCodePost(!0, t, a);
5111
+ ip: i.ip,
5112
+ user: (h = i.user) == null ? void 0 : h.username
5113
+ })), await this.deviceCodePost(!0, i, a);
5092
5114
  }
5093
5115
  ));
5094
5116
  }
@@ -5109,7 +5131,7 @@ class $e {
5109
5131
  this.csrfTokens && this.app.get(
5110
5132
  this.prefix + "getcsrftoken",
5111
5133
  async (e, o) => {
5112
- var r, i;
5134
+ var r, t;
5113
5135
  if (d.logger.info(c({
5114
5136
  msg: "API visit",
5115
5137
  method: "POST",
@@ -5121,56 +5143,56 @@ class $e {
5121
5143
  try {
5122
5144
  const {
5123
5145
  csrfCookie: n,
5124
- csrfFormOrHeaderValue: t
5146
+ csrfFormOrHeaderValue: i
5125
5147
  } = await this.createCsrfToken();
5126
- return s = n.value, o.setCookie(n.name, n.value, n.options), o.header(...x).send({
5148
+ return s = n.value, o.setCookie(n.name, n.value, n.options), o.header(...A).send({
5127
5149
  ok: !0,
5128
- csrfToken: t
5150
+ csrfToken: i
5129
5151
  });
5130
5152
  } catch (n) {
5131
- const t = l.asCrossauthError(n);
5153
+ const i = l.asCrossauthError(n);
5132
5154
  return d.logger.error(c({
5133
5155
  msg: "getcsrftoken failure",
5134
- user: (i = e.user) == null ? void 0 : i.username,
5135
- hashedCsrfCookie: F.hash(s.split(".")[0]),
5136
- errorCode: t.code,
5137
- errorCodeName: t.codeName
5138
- })), d.logger.debug(c({ err: n })), o.status(t.httpStatus).header(...x).send({
5156
+ user: (t = e.user) == null ? void 0 : t.username,
5157
+ hashedCsrfCookie: N.hash(s.split(".")[0]),
5158
+ errorCode: i.code,
5159
+ errorCodeName: i.codeName
5160
+ })), d.logger.debug(c({ err: n })), o.status(i.httpStatus).header(...A).send({
5139
5161
  ok: !1,
5140
- errorCode: t.code,
5141
- errorCodeName: t.codeName,
5142
- error: t.message
5162
+ errorCode: i.code,
5163
+ errorCodeName: i.codeName,
5164
+ error: i.message
5143
5165
  });
5144
5166
  }
5145
5167
  }
5146
5168
  );
5147
5169
  }
5148
5170
  async authorizeEndpoint(e, o, s) {
5149
- var t, a, h;
5171
+ var i, a, h;
5150
5172
  if (!e.user) return o.redirect(this.loginUrl + "?next=" + encodeURIComponent(e.url), 302);
5151
5173
  d.logger.debug(c({ msg: "validating authorize parameters" }));
5152
- let { error_description: r } = this.authServer.validateAuthorizeParameters(s), i;
5153
- if (r ? (i = new l(g.BadRequest, r), d.logger.error(c({
5174
+ let { error_description: r } = this.authServer.validateAuthorizeParameters(s), t;
5175
+ if (r ? (t = new l(g.BadRequest, r), d.logger.error(c({
5154
5176
  msg: "authorize parameter invalid",
5155
- cerr: i,
5156
- user: (t = e.user) == null ? void 0 : t.username
5177
+ cerr: t,
5178
+ user: (i = e.user) == null ? void 0 : i.username
5157
5179
  }))) : d.logger.error(c({
5158
5180
  msg: "authorize parameter valid",
5159
5181
  user: (a = e.user) == null ? void 0 : a.username
5160
- })), i) {
5182
+ })), t) {
5161
5183
  if (this.errorPage)
5162
- return o.status(i.httpStatus).view(
5184
+ return o.status(t.httpStatus).view(
5163
5185
  this.errorPage,
5164
5186
  {
5165
- status: i.httpStatus,
5166
- errorMessage: i.message,
5167
- errorCode: i.code,
5168
- errorCodeName: i.codeName
5187
+ status: t.httpStatus,
5188
+ errorMessage: t.message,
5189
+ errorCode: t.code,
5190
+ errorCodeName: t.codeName
5169
5191
  }
5170
5192
  );
5171
5193
  {
5172
5194
  let f = "500";
5173
- switch (i.httpStatus) {
5195
+ switch (t.httpStatus) {
5174
5196
  case 401:
5175
5197
  f = "401";
5176
5198
  break;
@@ -5178,7 +5200,7 @@ class $e {
5178
5200
  f = "400";
5179
5201
  break;
5180
5202
  }
5181
- return o.status(i.httpStatus).send($[f] ?? G);
5203
+ return o.status(t.httpStatus).send($[f] ?? G);
5182
5204
  }
5183
5205
  }
5184
5206
  let n = !1;
@@ -5240,9 +5262,9 @@ class $e {
5240
5262
  }
5241
5263
  async authorize(e, o, s, {
5242
5264
  responseType: r,
5243
- client_id: i,
5265
+ client_id: t,
5244
5266
  redirect_uri: n,
5245
- scope: t,
5267
+ scope: i,
5246
5268
  state: a,
5247
5269
  codeChallenge: h,
5248
5270
  codeChallengeMethod: f
@@ -5251,9 +5273,9 @@ class $e {
5251
5273
  if (s) {
5252
5274
  const w = await this.authServer.authorizeGetEndpoint({
5253
5275
  responseType: r,
5254
- client_id: i,
5276
+ client_id: t,
5255
5277
  redirect_uri: n,
5256
- scope: t,
5278
+ scope: i,
5257
5279
  state: a,
5258
5280
  codeChallenge: h,
5259
5281
  codeChallengeMethod: f,
@@ -5312,18 +5334,18 @@ class $e {
5312
5334
  }
5313
5335
  }
5314
5336
  async mfaAuthenticatorsEndpoint(e, o) {
5315
- var t;
5316
- const s = (t = e.headers.authorization) == null ? void 0 : t.split(" ");
5337
+ var i;
5338
+ const s = (i = e.headers.authorization) == null ? void 0 : i.split(" ");
5317
5339
  if (!s || s.length != 2)
5318
5340
  return {
5319
5341
  error: "access_denied",
5320
5342
  error_desciption: "Invalid authorization header"
5321
5343
  };
5322
- const r = s[1], i = await this.authServer.mfaAuthenticatorsEndpoint(r);
5323
- if (i.authenticators)
5324
- return o.header(...x).status(200).send(i.authenticators);
5325
- const n = l.fromOAuthError(i.error ?? "server_error");
5326
- return o.header(...x).status(n.httpStatus).send(i);
5344
+ const r = s[1], t = await this.authServer.mfaAuthenticatorsEndpoint(r);
5345
+ if (t.authenticators)
5346
+ return o.header(...A).status(200).send(t.authenticators);
5347
+ const n = l.fromOAuthError(t.error ?? "server_error");
5348
+ return o.header(...A).status(n.httpStatus).send(t);
5327
5349
  }
5328
5350
  async mfaChallengeEndpoint(e, o, s) {
5329
5351
  const r = await this.authServer.mfaChallengeEndpoint(
@@ -5334,15 +5356,15 @@ class $e {
5334
5356
  s.authenticator_id
5335
5357
  );
5336
5358
  if (r.error) {
5337
- const i = l.fromOAuthError(r.error);
5338
- return o.header(...x).status(i.httpStatus).send(r);
5359
+ const t = l.fromOAuthError(r.error);
5360
+ return o.header(...A).status(t.httpStatus).send(r);
5339
5361
  }
5340
- return o.header(...x).status(200).send(r);
5362
+ return o.header(...A).status(200).send(r);
5341
5363
  }
5342
5364
  setRefreshTokenCookie(e, o, s) {
5343
5365
  if (!this.refreshTokenCookieName) return;
5344
- let r = s ? new Date(Date.now() + s * 1e3).toUTCString() : void 0, i = this.refreshTokenCookieName + "=" + o;
5345
- r && (i += "; expires=" + new Date(r).toUTCString()), this.refreshTokenCookieSameSite && (i += "; SameSite=" + this.refreshTokenCookieSameSite), this.refreshTokenCookieDomain && (i += "; domain=" + this.refreshTokenCookieDomain), this.refreshTokenCookiePath && (i += "; path=" + this.refreshTokenCookiePath), this.refreshTokenCookieHttpOnly == !0 && (i += "; httpOnly"), this.refreshTokenCookieSecure == !0 && (i += "; secure"), e.setCookie(this.refreshTokenCookieName, i);
5366
+ let r = s ? new Date(Date.now() + s * 1e3).toUTCString() : void 0, t = this.refreshTokenCookieName + "=" + o;
5367
+ r && (t += "; expires=" + new Date(r).toUTCString()), this.refreshTokenCookieSameSite && (t += "; SameSite=" + this.refreshTokenCookieSameSite), this.refreshTokenCookieDomain && (t += "; domain=" + this.refreshTokenCookieDomain), this.refreshTokenCookiePath && (t += "; path=" + this.refreshTokenCookiePath), this.refreshTokenCookieHttpOnly == !0 && (t += "; httpOnly"), this.refreshTokenCookieSecure == !0 && (t += "; secure"), e.setCookie(this.refreshTokenCookieName, t);
5346
5368
  }
5347
5369
  /**
5348
5370
  * Returns this server's OIDC configuration. Just wraps
@@ -5360,52 +5382,52 @@ class $e {
5360
5382
  /////
5361
5383
  // Device code flow
5362
5384
  async applyUserCode(e, o, s) {
5363
- var r, i, n;
5385
+ var r, t, n;
5364
5386
  try {
5365
- const t = await this.authServer.deviceEndpoint({ userCode: e, user: s });
5366
- if (t.error)
5387
+ const i = await this.authServer.deviceEndpoint({ userCode: e, user: s });
5388
+ if (i.error)
5367
5389
  return {
5368
5390
  ok: !1,
5369
5391
  completed: !1,
5370
5392
  retryAllowed: !1,
5371
- error: t.error,
5372
- error_description: t.error_description
5393
+ error: i.error,
5394
+ error_description: i.error_description
5373
5395
  };
5374
- if (!t.client_id)
5375
- return d.logger.error(c({ msg: "No client id found for user code", userCodeHash: F.hash(e), ip: o.ip, username: (r = o.user) == null ? void 0 : r.username })), {
5396
+ if (!i.client_id)
5397
+ return d.logger.error(c({ msg: "No client id found for user code", userCodeHash: N.hash(e), ip: o.ip, username: (r = o.user) == null ? void 0 : r.username })), {
5376
5398
  ok: !1,
5377
5399
  completed: !1,
5378
5400
  retryAllowed: !1,
5379
5401
  error: "server_error",
5380
5402
  error_description: "No client id found for user code"
5381
5403
  };
5382
- if (t.error == "access_denied")
5383
- return d.logger.error(c({ msg: "Incorrect user code given", userCodeHash: F.hash(e), ip: o.ip, username: (i = o.user) == null ? void 0 : i.username })), this.authServer.userCodeThrottle > 0 && await ((f) => new Promise((p) => setTimeout(p, f)))(this.authServer.userCodeThrottle), {
5404
+ if (i.error == "access_denied")
5405
+ return d.logger.error(c({ msg: "Incorrect user code given", userCodeHash: N.hash(e), ip: o.ip, username: (t = o.user) == null ? void 0 : t.username })), this.authServer.userCodeThrottle > 0 && await ((f) => new Promise((p) => setTimeout(p, f)))(this.authServer.userCodeThrottle), {
5384
5406
  ok: !1,
5385
5407
  completed: !1,
5386
5408
  retryAllowed: !0,
5387
- error: t.error,
5388
- error_description: t.error_description
5409
+ error: i.error,
5410
+ error_description: i.error_description
5389
5411
  };
5390
- if (t.error == "expired_token")
5391
- return d.logger.error(c({ msg: "Expired user code", userCodeHash: F.hash(e), ip: o.ip, username: (n = o.user) == null ? void 0 : n.username })), {
5412
+ if (i.error == "expired_token")
5413
+ return d.logger.error(c({ msg: "Expired user code", userCodeHash: N.hash(e), ip: o.ip, username: (n = o.user) == null ? void 0 : n.username })), {
5392
5414
  ok: !1,
5393
5415
  completed: !1,
5394
5416
  retryAllowed: !1,
5395
- error: t.error,
5396
- error_description: t.error_description
5417
+ error: i.error,
5418
+ error_description: i.error_description
5397
5419
  };
5398
- const a = await this.clientStorage.getClientById(t.client_id);
5399
- return t.scopeAuthorizationNeeded ? {
5420
+ const a = await this.clientStorage.getClientById(i.client_id);
5421
+ return i.scopeAuthorizationNeeded ? {
5400
5422
  ok: !0,
5401
5423
  completed: !1,
5402
5424
  retryAllowed: !0,
5403
5425
  authorizationNeeded: {
5404
5426
  user: s,
5405
- client_id: t.client_id,
5427
+ client_id: i.client_id,
5406
5428
  client_name: a.client_name,
5407
- scope: t.scope,
5408
- scopes: t.scope ? t.scope.split(" ") : [],
5429
+ scope: i.scope,
5430
+ scopes: i.scope ? i.scope.split(" ") : [],
5409
5431
  csrfToken: o.csrfToken
5410
5432
  },
5411
5433
  user: o.user,
@@ -5418,8 +5440,8 @@ class $e {
5418
5440
  user: o.user,
5419
5441
  csrfToken: o.csrfToken
5420
5442
  };
5421
- } catch (t) {
5422
- const a = l.asCrossauthError(t);
5443
+ } catch (i) {
5444
+ const a = l.asCrossauthError(i);
5423
5445
  return d.logger.debug(c({ err: a })), d.logger.error(c({ msg: a.message, cerr: a })), {
5424
5446
  ok: !1,
5425
5447
  completed: !1,
@@ -5431,52 +5453,52 @@ class $e {
5431
5453
  }
5432
5454
  async deviceGet(e, o, s, r) {
5433
5455
  if (o.query.user_code) {
5434
- let i = await this.applyUserCode(o.query.user_code, o, r);
5435
- if (i.error) {
5436
- const t = l.fromOAuthError(i.error, i.error_description);
5437
- d.logger.debug({ err: t }), d.logger.error({ cerr: t });
5456
+ let t = await this.applyUserCode(o.query.user_code, o, r);
5457
+ if (t.error) {
5458
+ const i = l.fromOAuthError(t.error, t.error_description);
5459
+ d.logger.debug({ err: i }), d.logger.error({ cerr: i });
5438
5460
  const a = {
5439
5461
  ok: !1,
5440
5462
  completed: !1,
5441
- status: t.httpStatus,
5442
- errorMessage: t.message,
5443
- errorCode: t.code,
5444
- errorCodeName: t.codeName,
5445
- retryAllowed: i.retryAllowed
5463
+ status: i.httpStatus,
5464
+ errorMessage: i.message,
5465
+ errorCode: i.code,
5466
+ errorCodeName: i.codeName,
5467
+ retryAllowed: t.retryAllowed
5446
5468
  };
5447
- return e ? s.header(...x).status(t.httpStatus).send(a) : s.status(t.httpStatus).view(this.devicePage, {
5469
+ return e ? s.header(...A).status(i.httpStatus).send(a) : s.status(i.httpStatus).view(this.devicePage, {
5448
5470
  csrfToken: o.csrfToken,
5449
5471
  ...a
5450
5472
  });
5451
- } else if (i.authorizationNeeded) {
5452
- const t = {
5473
+ } else if (t.authorizationNeeded) {
5474
+ const i = {
5453
5475
  ok: !0,
5454
5476
  completed: !1,
5455
- retryAllowed: i.retryAllowed,
5456
- authorizationNeeded: i.authorizationNeeded,
5457
- user_code: i.user_code
5477
+ retryAllowed: t.retryAllowed,
5478
+ authorizationNeeded: t.authorizationNeeded,
5479
+ user_code: t.user_code
5458
5480
  };
5459
- return e ? s.header(...x).status(200).send(t) : s.status(200).view(this.devicePage, {
5481
+ return e ? s.header(...A).status(200).send(i) : s.status(200).view(this.devicePage, {
5460
5482
  csrfToken: o.csrfToken,
5461
- ...t
5483
+ ...i
5462
5484
  });
5463
5485
  }
5464
5486
  const n = {
5465
5487
  ok: !0,
5466
5488
  completed: !0
5467
5489
  };
5468
- return e ? s.header(...x).status(401).send(n) : s.status(200).view(this.devicePage, {
5490
+ return e ? s.header(...A).status(401).send(n) : s.status(200).view(this.devicePage, {
5469
5491
  csrfToken: o.csrfToken,
5470
5492
  ...n
5471
5493
  });
5472
5494
  } else {
5473
- const i = {
5495
+ const t = {
5474
5496
  ok: !1,
5475
5497
  completed: !1,
5476
5498
  user_code: o.query.user_code,
5477
5499
  csrfToken: o.csrfToken
5478
5500
  };
5479
- return e ? s.header(...x).status(200).send(i) : s.status(200).view(this.devicePage, i);
5501
+ return e ? s.header(...A).status(200).send(t) : s.status(200).view(this.devicePage, t);
5480
5502
  }
5481
5503
  }
5482
5504
  async deviceCodePost(e, o, s) {
@@ -5489,7 +5511,7 @@ class $e {
5489
5511
  if (r.error) {
5490
5512
  const n = l.fromOAuthError(r.error, r.error_description);
5491
5513
  d.logger.debug({ err: n }), d.logger.error({ cerr: n });
5492
- const t = {
5514
+ const i = {
5493
5515
  ok: !1,
5494
5516
  completed: !1,
5495
5517
  status: n.httpStatus,
@@ -5498,9 +5520,9 @@ class $e {
5498
5520
  errorCodeName: n.codeName,
5499
5521
  retryAllowed: r.retryAllowed
5500
5522
  };
5501
- return e ? s.header(...x).status(200).send(t) : s.status(n.httpStatus).view(this.devicePage, {
5523
+ return e ? s.header(...A).status(200).send(i) : s.status(n.httpStatus).view(this.devicePage, {
5502
5524
  csrfToken: o.csrfToken,
5503
- ...t
5525
+ ...i
5504
5526
  });
5505
5527
  } else if (r.authorizationNeeded) {
5506
5528
  const n = {
@@ -5510,19 +5532,19 @@ class $e {
5510
5532
  authorizationNeeded: r.authorizationNeeded,
5511
5533
  user_code: r.user_code
5512
5534
  };
5513
- return e ? s.header(...x).status(200).send(n) : s.status(200).view(this.devicePage, {
5535
+ return e ? s.header(...A).status(200).send(n) : s.status(200).view(this.devicePage, {
5514
5536
  csrfToken: o.csrfToken,
5515
5537
  ...n
5516
5538
  });
5517
5539
  }
5518
- const i = {
5540
+ const t = {
5519
5541
  ok: !0,
5520
5542
  completed: !0,
5521
5543
  csrfToken: o.csrfToken
5522
5544
  };
5523
- return e ? s.header(...x).status(200).send(i) : s.status(200).view(this.devicePage, i);
5545
+ return e ? s.header(...A).status(200).send(t) : s.status(200).view(this.devicePage, t);
5524
5546
  } else {
5525
- const r = l.fromOAuthError("unauthorized", "Please enter the code"), i = {
5547
+ const r = l.fromOAuthError("unauthorized", "Please enter the code"), t = {
5526
5548
  ok: !1,
5527
5549
  completed: !1,
5528
5550
  user_code: o.body.user_code,
@@ -5533,50 +5555,50 @@ class $e {
5533
5555
  errorCode: r.code,
5534
5556
  errorCodeName: r.codeName
5535
5557
  };
5536
- return e ? s.header(...x).status(401).send(i) : s.status(200).view(this.devicePage, {
5558
+ return e ? s.header(...A).status(401).send(t) : s.status(200).view(this.devicePage, {
5537
5559
  csrfToken: o.csrfToken,
5538
- ...i
5560
+ ...t
5539
5561
  });
5540
5562
  }
5541
5563
  else if (o.body.authorized == "true") {
5542
- let r = o.body.user_code, i = o.body.scope;
5543
- i == "";
5564
+ let r = o.body.user_code, t = o.body.scope;
5565
+ t == "";
5544
5566
  const n = o.body.client_id;
5545
5567
  if (!r) throw new l(g.BadRequest, "user_code missing");
5546
5568
  if (!n) throw new l(g.BadRequest, "client_id missing");
5547
- let t = await this.authServer.validateAndPersistScope(n, i, o.user);
5548
- if (t.error)
5549
- throw l.fromOAuthError(t.error, t.error_description);
5550
- if (t = await this.applyUserCode(r, o, o.user), t.error)
5551
- throw l.fromOAuthError(t.error, t.error_description);
5569
+ let i = await this.authServer.validateAndPersistScope(n, t, o.user);
5570
+ if (i.error)
5571
+ throw l.fromOAuthError(i.error, i.error_description);
5572
+ if (i = await this.applyUserCode(r, o, o.user), i.error)
5573
+ throw l.fromOAuthError(i.error, i.error_description);
5552
5574
  const a = {
5553
5575
  ok: !0,
5554
5576
  completed: !0,
5555
5577
  csrfToken: o.csrfToken
5556
5578
  };
5557
- return e ? s.header(...x).status(401).send(a) : s.status(200).view(this.devicePage, a);
5579
+ return e ? s.header(...A).status(401).send(a) : s.status(200).view(this.devicePage, a);
5558
5580
  } else
5559
5581
  throw new l(g.Unauthorized, "You did not authorize the client");
5560
5582
  } catch (r) {
5561
- const i = l.asCrossauthError(r);
5562
- d.logger.debug({ err: i }), d.logger.error({ cerr: i });
5583
+ const t = l.asCrossauthError(r);
5584
+ d.logger.debug({ err: t }), d.logger.error({ cerr: t });
5563
5585
  const n = {
5564
5586
  ok: !1,
5565
- status: i.httpStatus,
5566
- errorMessage: i.message,
5567
- errorCode: i.code,
5568
- errorCodeName: i.codeName
5587
+ status: t.httpStatus,
5588
+ errorMessage: t.message,
5589
+ errorCode: t.code,
5590
+ errorCodeName: t.codeName
5569
5591
  };
5570
- return e ? s.header(...x).status(401).send(n) : s.status(i.httpStatus).view(this.devicePage, {
5592
+ return e ? s.header(...A).status(401).send(n) : s.status(t.httpStatus).view(this.devicePage, {
5571
5593
  csrfToken: o.csrfToken,
5572
5594
  ...n
5573
5595
  });
5574
5596
  }
5575
5597
  }
5576
5598
  }
5577
- const _ = ["Content-Type", "application/json; charset=utf-8"];
5599
+ const x = ["Content-Type", "application/json; charset=utf-8"];
5578
5600
  async function pe(S, e, o, s) {
5579
- return d.logger.debug(c({ err: s })), o.header(..._).status(s.httpStatus).send({
5601
+ return d.logger.debug(c({ err: s })), o.header(...x).status(s.httpStatus).send({
5580
5602
  ok: !1,
5581
5603
  status: s.httpStatus,
5582
5604
  errorMessage: s.message,
@@ -5598,7 +5620,7 @@ function V(S) {
5598
5620
  let e;
5599
5621
  if (S)
5600
5622
  try {
5601
- e = JSON.parse(F.base64Decode(S.split(".")[1]));
5623
+ e = JSON.parse(N.base64Decode(S.split(".")[1]));
5602
5624
  } catch (o) {
5603
5625
  const s = l.asCrossauthError(o);
5604
5626
  d.logger.debug(c({ err: s })), d.logger.error(c({ msg: "Couldn't decode id token", cerr: s }));
@@ -5608,7 +5630,7 @@ function V(S) {
5608
5630
  async function me(S, e, o, s) {
5609
5631
  if (s) {
5610
5632
  let r = { ok: !0, ...S };
5611
- return e.jwtTokens.includes("id") && (r.id_payload = S.id_payload ?? V(S.id_token)), s.header(..._).status(200).send(r);
5633
+ return e.jwtTokens.includes("id") && (r.id_payload = S.id_payload ?? V(S.id_token)), s.header(...x).status(200).send(r);
5612
5634
  }
5613
5635
  }
5614
5636
  function fe(S, e) {
@@ -5616,10 +5638,10 @@ function fe(S, e) {
5616
5638
  if (S.access_token)
5617
5639
  try {
5618
5640
  if (S.access_token && e.includes("access")) {
5619
- const s = J(S.access_token), r = s.jti ? s.jti : s.sid ? s.sid : "", i = r ? F.hash(r) : void 0;
5641
+ const s = K(S.access_token), r = s.jti ? s.jti : s.sid ? s.sid : "", t = r ? N.hash(r) : void 0;
5620
5642
  d.logger.debug(c({
5621
5643
  msg: "Got access token",
5622
- accessTokenHash: i
5644
+ accessTokenHash: t
5623
5645
  }));
5624
5646
  }
5625
5647
  } catch (s) {
@@ -5628,12 +5650,12 @@ function fe(S, e) {
5628
5650
  if (S.id_token)
5629
5651
  try {
5630
5652
  if (S.id_token && e.includes("id")) {
5631
- let s = S.id_payload ?? J(S.id_token);
5653
+ let s = S.id_payload ?? K(S.id_token);
5632
5654
  if (s) {
5633
- const r = s.jti ? s.jti : s.sid ? s.sid : "", i = r ? F.hash(r) : void 0;
5655
+ const r = s.jti ? s.jti : s.sid ? s.sid : "", t = r ? N.hash(r) : void 0;
5634
5656
  d.logger.debug(c({
5635
5657
  msg: "Got id token",
5636
- idTokenHash: i
5658
+ idTokenHash: t
5637
5659
  }));
5638
5660
  }
5639
5661
  }
@@ -5643,7 +5665,7 @@ function fe(S, e) {
5643
5665
  if (S.refresh_token && e.includes("refresh"))
5644
5666
  try {
5645
5667
  if (S.refresh_token) {
5646
- const s = (o = J(S.refresh_token)) == null ? void 0 : o.jti, r = s ? F.hash(s) : void 0;
5668
+ const s = (o = K(S.refresh_token)) == null ? void 0 : o.jti, r = s ? N.hash(s) : void 0;
5647
5669
  d.logger.debug(c({
5648
5670
  msg: "Got refresh token",
5649
5671
  refreshTokenHash: r
@@ -5672,11 +5694,11 @@ async function Qe(S, e, o, s) {
5672
5694
  let r = { ...S };
5673
5695
  return e.jwtTokens.includes("id") && S.id_token && (r.id_payload = S.id_payload ?? V(S.id_token)), s.status(200).view(e.authorizedPage, r);
5674
5696
  } catch (r) {
5675
- const i = l.asCrossauthError(r);
5676
- return s.status(i.httpStatus).view(e.errorPage, {
5677
- status: i.httpStatus,
5678
- errorMessage: i.message,
5679
- errorCodeName: i.codeName
5697
+ const t = l.asCrossauthError(r);
5698
+ return s.status(t.httpStatus).view(e.errorPage, {
5699
+ status: t.httpStatus,
5700
+ errorMessage: t.message,
5701
+ errorCodeName: t.codeName
5680
5702
  });
5681
5703
  }
5682
5704
  }
@@ -5708,12 +5730,12 @@ async function Ze(S, e, o, s) {
5708
5730
  return e.jwtTokens.includes("id") && (r.id_payload = S.id_payload ?? V(S.id_token)), s.status(200).view(e.authorizedPage, r);
5709
5731
  }
5710
5732
  } catch (r) {
5711
- const i = l.asCrossauthError(r);
5712
- if (d.logger.debug(c({ err: i })), d.logger.debug(c({ cerr: i, msg: "Error receiving tokens" })), s)
5713
- return s.status(i.httpStatus).view(e.errorPage, {
5714
- status: i.httpStatus,
5715
- errorMessage: i.message,
5716
- errorCodeName: i.codeName
5733
+ const t = l.asCrossauthError(r);
5734
+ if (d.logger.debug(c({ err: t })), d.logger.debug(c({ cerr: t, msg: "Error receiving tokens" })), s)
5735
+ return s.status(t.httpStatus).view(e.errorPage, {
5736
+ status: t.httpStatus,
5737
+ errorMessage: t.message,
5738
+ errorCodeName: t.codeName
5717
5739
  });
5718
5740
  }
5719
5741
  }
@@ -5722,23 +5744,23 @@ async function Se(S, e, o, s, r) {
5722
5744
  g.Configuration,
5723
5745
  "Cannot update session data if sessions not enabled"
5724
5746
  );
5725
- let i = S.expires_in;
5726
- if (!i && S.access_token && e.jwtTokens.includes("access")) {
5727
- const a = J(S.access_token);
5728
- a.exp && (i = a.exp);
5747
+ let t = S.expires_in;
5748
+ if (!t && S.access_token && e.jwtTokens.includes("access")) {
5749
+ const a = K(S.access_token);
5750
+ a.exp && (t = a.exp);
5729
5751
  }
5730
- if (!i)
5752
+ if (!t)
5731
5753
  throw new l(
5732
5754
  g.BadRequest,
5733
5755
  "OAuth server did not return an expiry for the access token"
5734
5756
  );
5735
- const n = Date.now() + i * 1e3;
5736
- let t = {};
5737
- if (t = { ...S, expires_at: n }, "id_token" in S) {
5757
+ const n = Date.now() + t * 1e3;
5758
+ let i = {};
5759
+ if (i = { ...S, expires_at: n }, "id_token" in S) {
5738
5760
  let a = S.id_payload ?? V(S.id_token);
5739
- a && (t.id_token = a);
5761
+ a && (i.id_token = a);
5740
5762
  }
5741
- await e.storeSessionData(t, o, s);
5763
+ await e.storeSessionData(i, o, s);
5742
5764
  }
5743
5765
  async function qe(S, e, o, s) {
5744
5766
  if (S.error) {
@@ -5764,12 +5786,12 @@ async function qe(S, e, o, s) {
5764
5786
  errorCode: g.Configuration
5765
5787
  });
5766
5788
  } catch (r) {
5767
- const i = l.asCrossauthError(r);
5768
- if (d.logger.debug(c({ err: i })), d.logger.debug(c({ cerr: i, msg: "Error receiving tokens" })), s)
5769
- return s.status(i.httpStatus).view(e.errorPage, {
5770
- status: i.httpStatus,
5771
- errorMessage: i.message,
5772
- errorCodeName: i.codeName
5789
+ const t = l.asCrossauthError(r);
5790
+ if (d.logger.debug(c({ err: t })), d.logger.debug(c({ cerr: t, msg: "Error receiving tokens" })), s)
5791
+ return s.status(t.httpStatus).view(e.errorPage, {
5792
+ status: t.httpStatus,
5793
+ errorMessage: t.message,
5794
+ errorCodeName: t.codeName
5773
5795
  });
5774
5796
  }
5775
5797
  }
@@ -5781,7 +5803,7 @@ class we extends Oe {
5781
5803
  * @param options See {@link FastifyOAuthClientOptions}
5782
5804
  */
5783
5805
  constructor(o, s, r) {
5784
- var i, n, t;
5806
+ var t, n, i;
5785
5807
  super(s, r);
5786
5808
  u(this, "server");
5787
5809
  u(this, "siteUrl", "/");
@@ -5821,7 +5843,7 @@ class we extends Oe {
5821
5843
  u(this, "bffEndpointName", "bff");
5822
5844
  u(this, "bffBaseUrl");
5823
5845
  u(this, "tokenEndpoints", []);
5824
- if (this.server = o, C("sessionDataName", k.String, this, r, "OAUTH_SESSION_DATA_NAME"), C("siteUrl", k.String, this, r, "SITE_URL", !0), C("tokenResponseType", k.String, this, r, "OAUTH_TOKEN_RESPONSE_TYPE"), C("errorResponseType", k.String, this, r, "OAUTH_ERROR_RESPONSE_TYPE"), C("prefix", k.String, this, r, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), C("loginUrl", k.String, this, r, "LOGIN_URL"), C("errorPage", k.String, this, r, "ERROR_PAGE"), C("authorizedPage", k.String, this, r, "AUTHORIZED_PAGE"), C("authorizedUrl", k.String, this, r, "AUTHORIZED_URL"), C("loginProtectedFlows", k.JsonArray, this, r, "OAUTH_LOGIN_PROTECTED_FLOWS"), C("passwordFlowUrl", k.String, this, r, "OAUTH_PASSWORD_FLOW_URL"), C("passwordOtpUrl", k.String, this, r, "OAUTH_PASSWORD_OTP_URL"), C("passwordOobUrl", k.String, this, r, "OAUTH_PASSWORD_OOB_URL"), C("passwordFlowPage", k.String, this, r, "OAUTH_PASSWORD_FLOW_PAGE"), C("deviceCodeFlowPage", k.String, this, r, "OAUTH_DEVICECODE_FLOW_PAGE"), C("deleteTokensPage", k.String, this, r, "OAUTH_DELETE_TOKENS_PAGE"), C("deleteTokensGetUrl", k.String, this, r, "OAUTH_DELETE_TOKENS_GET_URL"), C("deleteTokensPostUrl", k.String, this, r, "OAUTH_DELETE_TOKENS_POST_URL"), C("apiDeleteTokensPostUrl", k.String, this, r, "OAUTHAPI__DELETE_TOKENS_POST_URL"), C("mfaOtpPage", k.String, this, r, "OAUTH_MFA_OTP_PAGE"), C("mfaOobPage", k.String, this, r, "OAUTH_MFA_OOB_PAGE"), C("deviceCodeFlowUrl", k.String, this, r, "OAUTH_DEVICECODE_FLOW_URL"), C("deviceCodePollUrl", k.String, this, r, "OAUTH_DEVICECODE_POLL_URL"), C("bffEndpointName", k.String, this, r, "OAUTH_BFF_ENDPOINT_NAME"), C("bffBaseUrl", k.String, this, r, "OAUTH_BFF_BASEURL"), C("validFlows", k.JsonArray, this, r, "OAUTH_VALIDFLOWS"), C("jwtTokens", k.JsonArray, this, r, "OAUTH_JWT_TOKENS"), (i = this.deleteTokensGetUrl) != null && i.startsWith("/") && (this.deleteTokensGetUrl = this.deleteTokensGetUrl.substring(1)), (n = this.deleteTokensPostUrl) != null && n.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), (t = this.deleteTokensPostUrl) != null && t.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), this.validFlows.length == 1 && this.validFlows[0] == E.All)
5846
+ if (this.server = o, C("sessionDataName", k.String, this, r, "OAUTH_SESSION_DATA_NAME"), C("siteUrl", k.String, this, r, "SITE_URL", !0), C("tokenResponseType", k.String, this, r, "OAUTH_TOKEN_RESPONSE_TYPE"), C("errorResponseType", k.String, this, r, "OAUTH_ERROR_RESPONSE_TYPE"), C("prefix", k.String, this, r, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), C("loginUrl", k.String, this, r, "LOGIN_URL"), C("errorPage", k.String, this, r, "ERROR_PAGE"), C("authorizedPage", k.String, this, r, "AUTHORIZED_PAGE"), C("authorizedUrl", k.String, this, r, "AUTHORIZED_URL"), C("loginProtectedFlows", k.JsonArray, this, r, "OAUTH_LOGIN_PROTECTED_FLOWS"), C("passwordFlowUrl", k.String, this, r, "OAUTH_PASSWORD_FLOW_URL"), C("passwordOtpUrl", k.String, this, r, "OAUTH_PASSWORD_OTP_URL"), C("passwordOobUrl", k.String, this, r, "OAUTH_PASSWORD_OOB_URL"), C("passwordFlowPage", k.String, this, r, "OAUTH_PASSWORD_FLOW_PAGE"), C("deviceCodeFlowPage", k.String, this, r, "OAUTH_DEVICECODE_FLOW_PAGE"), C("deleteTokensPage", k.String, this, r, "OAUTH_DELETE_TOKENS_PAGE"), C("deleteTokensGetUrl", k.String, this, r, "OAUTH_DELETE_TOKENS_GET_URL"), C("deleteTokensPostUrl", k.String, this, r, "OAUTH_DELETE_TOKENS_POST_URL"), C("apiDeleteTokensPostUrl", k.String, this, r, "OAUTHAPI__DELETE_TOKENS_POST_URL"), C("mfaOtpPage", k.String, this, r, "OAUTH_MFA_OTP_PAGE"), C("mfaOobPage", k.String, this, r, "OAUTH_MFA_OOB_PAGE"), C("deviceCodeFlowUrl", k.String, this, r, "OAUTH_DEVICECODE_FLOW_URL"), C("deviceCodePollUrl", k.String, this, r, "OAUTH_DEVICECODE_POLL_URL"), C("bffEndpointName", k.String, this, r, "OAUTH_BFF_ENDPOINT_NAME"), C("bffBaseUrl", k.String, this, r, "OAUTH_BFF_BASEURL"), C("validFlows", k.JsonArray, this, r, "OAUTH_VALIDFLOWS"), C("jwtTokens", k.JsonArray, this, r, "OAUTH_JWT_TOKENS"), (t = this.deleteTokensGetUrl) != null && t.startsWith("/") && (this.deleteTokensGetUrl = this.deleteTokensGetUrl.substring(1)), (n = this.deleteTokensPostUrl) != null && n.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), (i = this.deleteTokensPostUrl) != null && i.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), this.validFlows.length == 1 && this.validFlows[0] == E.All)
5825
5847
  this.validFlows = E.allFlows();
5826
5848
  else if (!E.areAllValidFlows(this.validFlows))
5827
5849
  throw new l(g.Configuration, "Invalid flows specificied in " + this.validFlows.join(","));
@@ -5909,13 +5931,13 @@ class we extends Oe {
5909
5931
  }), this.validFlows.includes(E.AuthorizationCodeWithPKCE) && this.server.app.get(
5910
5932
  this.prefix + "authzcodeflowpkce",
5911
5933
  async (a, h) => {
5912
- var N;
5934
+ var _;
5913
5935
  if (d.logger.info(c({
5914
5936
  msg: "Page visit",
5915
5937
  method: "GET",
5916
5938
  url: this.prefix + "authzcodeflowpkce",
5917
5939
  ip: a.ip,
5918
- user: (N = a.user) == null ? void 0 : N.username
5940
+ user: (_ = a.user) == null ? void 0 : _.username
5919
5941
  })), !a.user && this.loginProtectedFlows.includes(E.AuthorizationCodeWithPKCE))
5920
5942
  return h.redirect(this.loginUrl + "?next=" + encodeURIComponent(a.url), 302);
5921
5943
  const f = this.randomValue(this.stateLength), { codeChallenge: p, codeVerifier: v } = await this.codeChallengeAndVerifier(), m = { scope: a.query.scope, state: f, codeChallenge: p, codeVerifier: v };
@@ -6000,7 +6022,7 @@ class we extends Oe {
6000
6022
  if (m) return w;
6001
6023
  }
6002
6024
  if (!a.user && this.loginProtectedFlows.includes(E.ClientCredentials))
6003
- return h.status(401).header(..._).send({ ok: !1, msg: "Access denied" });
6025
+ return h.status(401).header(...x).send({ ok: !1, msg: "Access denied" });
6004
6026
  try {
6005
6027
  const m = await this.clientCredentialsFlow((p = a.body) == null ? void 0 : p.scope);
6006
6028
  if (m.error) {
@@ -6076,7 +6098,7 @@ class we extends Oe {
6076
6098
  );
6077
6099
  }
6078
6100
  if (!a.user && this.loginProtectedFlows.includes(E.RefreshToken))
6079
- return h.status(401).header(..._).send({ ok: !1, msg: "Access denied" });
6101
+ return h.status(401).header(...x).send({ ok: !1, msg: "Access denied" });
6080
6102
  try {
6081
6103
  const P = await this.refreshTokenFlow(v);
6082
6104
  if (P.error) {
@@ -6317,10 +6339,10 @@ class we extends Oe {
6317
6339
  user: (f = a.user) == null ? void 0 : f.username
6318
6340
  }));
6319
6341
  try {
6320
- return await this.deleteTokens(a), h.header(..._).send('{"ok": true}');
6342
+ return await this.deleteTokens(a), h.header(...x).send('{"ok": true}');
6321
6343
  } catch (p) {
6322
6344
  const v = l.asCrossauthError(p);
6323
- return d.logger.debug(c({ err: v })), d.logger.error(c({ msg: "Couldn't delete oauth tokens", cerr: v })), h.header(..._).status(v.httpStatus).send(JSON.stringify({
6345
+ return d.logger.debug(c({ err: v })), d.logger.error(c({ msg: "Couldn't delete oauth tokens", cerr: v })), h.header(...x).status(v.httpStatus).send(JSON.stringify({
6324
6346
  ok: !1,
6325
6347
  errorMessage: v.message,
6326
6348
  errorCode: v.code,
@@ -6334,15 +6356,15 @@ class we extends Oe {
6334
6356
  this.server.app.post(
6335
6357
  this.prefix + a,
6336
6358
  async (h, f) => {
6337
- var N;
6359
+ var _;
6338
6360
  if (d.logger.info(c({
6339
6361
  msg: "Page visit",
6340
6362
  method: "POST",
6341
6363
  url: this.prefix + a,
6342
6364
  ip: h.ip,
6343
- user: (N = h.user) == null ? void 0 : N.username
6365
+ user: (_ = h.user) == null ? void 0 : _.username
6344
6366
  })), !h.csrfToken)
6345
- return f.header(..._).status(401).send({ ok: !1, msg: "No csrf token given" });
6367
+ return f.header(...x).status(401).send({ ok: !1, msg: "No csrf token given" });
6346
6368
  let p = !1, v = a;
6347
6369
  a.startsWith("have_") && (v = a.replace("have_", ""), p = !0);
6348
6370
  let m = v.replace("_token", ""), w = !1;
@@ -6352,9 +6374,9 @@ class we extends Oe {
6352
6374
  );
6353
6375
  const P = await this.server.sessionAdapter.getSessionData(h, this.sessionDataName);
6354
6376
  if (!P)
6355
- return p ? f.header(..._).status(200).send({ ok: !1 }) : f.header(..._).status(204).send();
6377
+ return p ? f.header(...x).status(200).send({ ok: !1 }) : f.header(...x).status(204).send();
6356
6378
  let T = P[v];
6357
- return w && (T = V(P[v])), T ? p ? f.header(..._).status(200).send({ ok: !0 }) : f.header(..._).status(200).send({ ...T }) : p ? f.header(..._).status(200).send({ ok: !1 }) : f.header(..._).status(204).send();
6379
+ return w && (T = V(P[v])), T ? p ? f.header(...x).status(200).send({ ok: !0 }) : f.header(...x).status(200).send({ ...T }) : p ? f.header(...x).status(200).send({ ok: !1 }) : f.header(...x).status(204).send();
6358
6380
  }
6359
6381
  );
6360
6382
  if (this.server.app.post(
@@ -6368,25 +6390,25 @@ class we extends Oe {
6368
6390
  ip: a.ip,
6369
6391
  user: (v = a.user) == null ? void 0 : v.username
6370
6392
  })), !a.csrfToken)
6371
- return h.header(..._).status(401).send({ ok: !1, msg: "No csrf token given" });
6393
+ return h.header(...x).status(401).send({ ok: !1, msg: "No csrf token given" });
6372
6394
  if (!this.server.sessionAdapter) throw new l(
6373
6395
  g.Configuration,
6374
6396
  "Cannot get session data if sessions not enabled"
6375
6397
  );
6376
6398
  const f = await this.server.sessionAdapter.getSessionData(a, this.sessionDataName);
6377
6399
  if (!f)
6378
- return h.header(..._).status(204).send();
6400
+ return h.header(...x).status(204).send();
6379
6401
  let p = {};
6380
6402
  for (let m of this.tokenEndpoints) {
6381
6403
  let w = !1, P = m;
6382
6404
  m.startsWith("have_") && (P = m.replace("have_", ""), w = !0);
6383
- let T = P.replace("_token", ""), N = !1;
6384
- if (this.jwtTokens.includes(T) && (N = a.body.decode ?? !0), P in f) {
6405
+ let T = P.replace("_token", ""), _ = !1;
6406
+ if (this.jwtTokens.includes(T) && (_ = a.body.decode ?? !0), P in f) {
6385
6407
  let b = f[P];
6386
- N && (b = V(f[P])), b && (p[m] = w ? !0 : b);
6408
+ _ && (b = V(f[P])), b && (p[m] = w ? !0 : b);
6387
6409
  } else w && (p[m] = !1);
6388
6410
  }
6389
- return h.header(..._).status(200).send({ ...p });
6411
+ return h.header(...x).status(200).send({ ...p });
6390
6412
  }
6391
6413
  ), this.bffEndpoints.length > 0 && !this.bffBaseUrl)
6392
6414
  throw new l(g.Configuration, "If enabling BFF endpoints, must also define bffBaseUrl");
@@ -6406,7 +6428,7 @@ class we extends Oe {
6406
6428
  url: this.prefix + this.bffEndpointName + v,
6407
6429
  // was url
6408
6430
  handler: async (w, P) => {
6409
- var b, M;
6431
+ var b, U;
6410
6432
  d.logger.info(c({
6411
6433
  msg: "Page visit",
6412
6434
  method: w.method,
@@ -6416,32 +6438,32 @@ class we extends Oe {
6416
6438
  }));
6417
6439
  const T = w.url.substring(this.prefix.length + this.bffEndpointName.length);
6418
6440
  d.logger.debug(c({ msg: "Resource server URL " + T }));
6419
- const N = f[m] != "GET" && f[m] != "HEAD" && f[m] != "OPTIONS";
6420
- if (this.server.sessionAdapter && N) {
6421
- const { error: I, reply: j } = await o.errorIfCsrfInvalid(
6441
+ const _ = f[m] != "GET" && f[m] != "HEAD" && f[m] != "OPTIONS";
6442
+ if (this.server.sessionAdapter && _) {
6443
+ const { error: M, reply: j } = await o.errorIfCsrfInvalid(
6422
6444
  w,
6423
6445
  P,
6424
6446
  this.errorFn
6425
6447
  );
6426
- if (I) return j;
6448
+ if (M) return j;
6427
6449
  }
6428
6450
  try {
6429
6451
  if (!this.server.sessionAdapter) throw new l(
6430
6452
  g.Configuration,
6431
6453
  "Cannot get session data if sessions not enabled"
6432
6454
  );
6433
- const I = await this.server.sessionAdapter.getSessionData(w, this.sessionDataName);
6434
- if (!I)
6435
- return P.header(..._).status(401).send({ ok: !1 });
6436
- let j = I == null ? void 0 : I.access_token;
6437
- if (I && I.access_token) {
6438
- const H = await ((M = o.oAuthClient) == null ? void 0 : M.refresh(
6455
+ const M = await this.server.sessionAdapter.getSessionData(w, this.sessionDataName);
6456
+ if (!M)
6457
+ return P.header(...x).status(401).send({ ok: !1 });
6458
+ let j = M == null ? void 0 : M.access_token;
6459
+ if (M && M.access_token) {
6460
+ const H = await ((U = o.oAuthClient) == null ? void 0 : U.refresh(
6439
6461
  w,
6440
6462
  P,
6441
6463
  !0,
6442
6464
  !0,
6443
- I.refresh_token,
6444
- I.expires_at
6465
+ M.refresh_token,
6466
+ M.expires_at
6445
6467
  ));
6446
6468
  H != null && H.access_token && (j = H.access_token);
6447
6469
  }
@@ -6462,23 +6484,23 @@ class we extends Oe {
6462
6484
  const Ce = await W.json();
6463
6485
  for (const H of W.headers.entries())
6464
6486
  P = P.header(H[0], H[1]);
6465
- return P.header(..._).status(W.status).send(Ce);
6466
- } catch (I) {
6467
- return d.logger.error(c({ err: I })), P.header(..._).status(500).send({});
6487
+ return P.header(...x).status(W.status).send(Ce);
6488
+ } catch (M) {
6489
+ return d.logger.error(c({ err: M })), P.header(...x).status(500).send({});
6468
6490
  }
6469
6491
  }
6470
6492
  });
6471
6493
  }
6472
6494
  }
6473
6495
  async passwordPost(o, s, r) {
6474
- var i;
6496
+ var t;
6475
6497
  if (this.server.sessionAdapter) {
6476
- const { error: n, reply: t } = await this.server.errorIfCsrfInvalid(
6498
+ const { error: n, reply: i } = await this.server.errorIfCsrfInvalid(
6477
6499
  s,
6478
6500
  r,
6479
6501
  this.errorFn
6480
6502
  );
6481
- if (n) return t;
6503
+ if (n) return i;
6482
6504
  }
6483
6505
  try {
6484
6506
  let n = await this.passwordFlow(
@@ -6487,10 +6509,10 @@ class we extends Oe {
6487
6509
  s.body.scope
6488
6510
  );
6489
6511
  if (n.error == "mfa_required" && n.mfa_token && this.validFlows.includes(E.PasswordMfa)) {
6490
- const t = n.mfa_token;
6512
+ const i = n.mfa_token;
6491
6513
  if (n = await this.passwordMfa(
6492
6514
  o,
6493
- t,
6515
+ i,
6494
6516
  s.body.scope,
6495
6517
  s,
6496
6518
  r
@@ -6520,56 +6542,56 @@ class we extends Oe {
6520
6542
  }
6521
6543
  return await this.receiveTokenFn(n, this, s, r);
6522
6544
  } else if (n.error) {
6523
- const t = l.fromOAuthError(
6545
+ const i = l.fromOAuthError(
6524
6546
  n.error,
6525
6547
  n.error_description
6526
6548
  );
6527
- return o ? await this.errorFn(this.server, s, r, t) : r.view(
6549
+ return o ? await this.errorFn(this.server, s, r, i) : r.view(
6528
6550
  this.passwordFlowPage,
6529
6551
  {
6530
6552
  user: s.user,
6531
6553
  username: s.body.username,
6532
6554
  //password: request.body.password,
6533
6555
  scope: s.body.scope,
6534
- errorMessage: t.message,
6535
- errorCode: t.code,
6536
- errorCodeName: t.codeName,
6556
+ errorMessage: i.message,
6557
+ errorCode: i.code,
6558
+ errorCodeName: i.codeName,
6537
6559
  csrfToken: s.csrfToken
6538
6560
  }
6539
6561
  );
6540
6562
  }
6541
6563
  return await this.receiveTokenFn(n, this, s, r);
6542
6564
  } catch (n) {
6543
- const t = l.asCrossauthError(n);
6565
+ const i = l.asCrossauthError(n);
6544
6566
  return d.logger.error(c({
6545
6567
  msg: "Error receiving token",
6546
- cerr: t,
6547
- user: (i = s.user) == null ? void 0 : i.user
6568
+ cerr: i,
6569
+ user: (t = s.user) == null ? void 0 : t.user
6548
6570
  })), d.logger.debug(c({ err: n })), o ? await this.errorFn(
6549
6571
  this.server,
6550
6572
  s,
6551
6573
  r,
6552
- t
6574
+ i
6553
6575
  ) : r.view(this.passwordFlowPage, {
6554
6576
  user: s.user,
6555
6577
  username: s.body.username,
6556
6578
  password: s.body.password,
6557
6579
  scope: s.body.scope,
6558
- errorMessage: t.message,
6559
- errorCode: t.code,
6560
- errorCodeName: t.codeName,
6580
+ errorMessage: i.message,
6581
+ errorCode: i.code,
6582
+ errorCodeName: i.codeName,
6561
6583
  csrfToken: s.csrfToken
6562
6584
  });
6563
6585
  }
6564
6586
  }
6565
- async passwordMfa(o, s, r, i, n) {
6566
- const t = await this.mfaAuthenticators(s);
6567
- if (t.error || !t.authenticators || !Array.isArray(t.authenticators) || t.authenticators.length == 0 || t.authenticators.length > 1 && !t.authenticators[0].active)
6568
- return t.error ? t : {
6587
+ async passwordMfa(o, s, r, t, n) {
6588
+ const i = await this.mfaAuthenticators(s);
6589
+ if (i.error || !i.authenticators || !Array.isArray(i.authenticators) || i.authenticators.length == 0 || i.authenticators.length > 1 && !i.authenticators[0].active)
6590
+ return i.error ? i : {
6569
6591
  error: "access_denied",
6570
6592
  error_description: "No MFA authenticators available"
6571
6593
  };
6572
- const a = t.authenticators[0];
6594
+ const a = i.authenticators[0];
6573
6595
  if (a.authenticator_type == "otp") {
6574
6596
  const f = await this.mfaOtpRequest(s, a.id);
6575
6597
  return f.error || f.challenge_type != "otp" ? {
@@ -6605,60 +6627,60 @@ class we extends Oe {
6605
6627
  }
6606
6628
  async passwordOtp(o, s, r) {
6607
6629
  var n;
6608
- const i = await this.mfaOtpComplete(
6630
+ const t = await this.mfaOtpComplete(
6609
6631
  s.body.mfa_token,
6610
6632
  s.body.otp
6611
6633
  );
6612
- if (i.error) {
6613
- const t = l.fromOAuthError(
6614
- i.error,
6615
- i.error_description ?? "Error completing MFA"
6634
+ if (t.error) {
6635
+ const i = l.fromOAuthError(
6636
+ t.error,
6637
+ t.error_description ?? "Error completing MFA"
6616
6638
  );
6617
6639
  return d.logger.warn(c({
6618
6640
  msg: "Error completing MFA",
6619
- cerr: t,
6641
+ cerr: i,
6620
6642
  user: (n = s.user) == null ? void 0 : n.user,
6621
- hashedMfaToken: F.hash(s.body.mfa_token)
6622
- })), d.logger.debug(c({ err: t })), o ? await this.errorFn(
6643
+ hashedMfaToken: N.hash(s.body.mfa_token)
6644
+ })), d.logger.debug(c({ err: i })), o ? await this.errorFn(
6623
6645
  this.server,
6624
6646
  s,
6625
6647
  r,
6626
- t
6648
+ i
6627
6649
  ) : r.view(this.mfaOtpPage, {
6628
6650
  user: s.user,
6629
6651
  scope: s.body.scope,
6630
6652
  mfa_token: s.body.mfa_token,
6631
6653
  challenge_tpye: s.body.challenge_type,
6632
- errorMessage: t.message,
6633
- errorCode: t.code,
6634
- errorCodeName: t.codeName,
6654
+ errorMessage: i.message,
6655
+ errorCode: i.code,
6656
+ errorCodeName: i.codeName,
6635
6657
  csrfToken: s.csrfToken
6636
6658
  });
6637
6659
  }
6638
- return await this.receiveTokenFn(i, this, s, r) ?? r;
6660
+ return await this.receiveTokenFn(t, this, s, r) ?? r;
6639
6661
  }
6640
6662
  async passwordOob(o, s, r) {
6641
6663
  var n;
6642
- const i = await this.mfaOobComplete(
6664
+ const t = await this.mfaOobComplete(
6643
6665
  s.body.mfa_token,
6644
6666
  s.body.oob_code,
6645
6667
  s.body.binding_code
6646
6668
  );
6647
- if (i.error) {
6648
- const t = l.fromOAuthError(
6649
- i.error,
6650
- i.error_description ?? "Error completing MFA"
6669
+ if (t.error) {
6670
+ const i = l.fromOAuthError(
6671
+ t.error,
6672
+ t.error_description ?? "Error completing MFA"
6651
6673
  );
6652
6674
  return d.logger.warn(c({
6653
6675
  msg: "Error completing MFA",
6654
- cerr: t,
6676
+ cerr: i,
6655
6677
  user: (n = s.user) == null ? void 0 : n.user,
6656
- hashedMfaToken: F.hash(s.body.mfa_token)
6657
- })), d.logger.debug(c({ err: t })), o ? await this.errorFn(
6678
+ hashedMfaToken: N.hash(s.body.mfa_token)
6679
+ })), d.logger.debug(c({ err: i })), o ? await this.errorFn(
6658
6680
  this.server,
6659
6681
  s,
6660
6682
  r,
6661
- t
6683
+ i
6662
6684
  ) : r.view(this.mfaOobPage, {
6663
6685
  user: s.user,
6664
6686
  scope: s.body.scope,
@@ -6666,70 +6688,70 @@ class we extends Oe {
6666
6688
  name: s.body.name,
6667
6689
  challenge_tpye: s.body.challenge_type,
6668
6690
  mfa_token: s.body.mfa_token,
6669
- errorMessage: t.message,
6670
- errorCode: t.code,
6671
- errorCodeName: t.codeName,
6691
+ errorMessage: i.message,
6692
+ errorCode: i.code,
6693
+ errorCodeName: i.codeName,
6672
6694
  csrfToken: s.csrfToken
6673
6695
  });
6674
6696
  }
6675
- return await this.receiveTokenFn(i, this, s, r) ?? r;
6697
+ return await this.receiveTokenFn(t, this, s, r) ?? r;
6676
6698
  }
6677
6699
  async deviceCodePost(o, s, r) {
6678
- var i;
6700
+ var t;
6679
6701
  if (this.server.sessionAdapter) {
6680
- const { error: n, reply: t } = await this.server.errorIfCsrfInvalid(
6702
+ const { error: n, reply: i } = await this.server.errorIfCsrfInvalid(
6681
6703
  s,
6682
6704
  r,
6683
6705
  this.errorFn
6684
6706
  );
6685
- if (n) return t;
6707
+ if (n) return i;
6686
6708
  }
6687
6709
  try {
6688
6710
  if (!s.csrfToken)
6689
6711
  throw new l(g.Unauthorized, "CSRF token missing or invalid");
6690
6712
  let n = this.authServerBaseUrl;
6691
6713
  n.endsWith("/") || (n += "/"), n += this.deviceAuthorizationUrl;
6692
- const t = await this.startDeviceCodeFlow(n, s.body.scope);
6693
- if (t.error) {
6694
- const h = l.fromOAuthError(t.error, t.error_description), f = {
6714
+ const i = await this.startDeviceCodeFlow(n, s.body.scope);
6715
+ if (i.error) {
6716
+ const h = l.fromOAuthError(i.error, i.error_description), f = {
6695
6717
  user: s.user,
6696
6718
  scope: s.body.scope,
6697
6719
  errorMessage: h.message,
6698
6720
  errorCode: h.code,
6699
6721
  errorCodeName: h.codeName,
6700
6722
  csrfToken: s.csrfToken,
6701
- error: t.error,
6702
- error_description: t.error_description
6723
+ error: i.error,
6724
+ error_description: i.error_description
6703
6725
  };
6704
- return o ? r.header(..._).status(h.httpStatus).send(t) : r.view(this.deviceCodeFlowPage, f);
6726
+ return o ? r.header(...x).status(h.httpStatus).send(i) : r.view(this.deviceCodeFlowPage, f);
6705
6727
  }
6706
6728
  let a;
6707
- return t.verification_uri_complete && await Re.toDataURL(t.verification_uri_complete).then((h) => {
6729
+ return i.verification_uri_complete && await Re.toDataURL(i.verification_uri_complete).then((h) => {
6708
6730
  a = h;
6709
6731
  }).catch((h) => {
6710
6732
  d.logger.debug(c({ err: h })), d.logger.warn(c({ msg: "Couldn't generate verification URL QR Code" }));
6711
- }), o ? r.header(..._).send(t) : r.view(
6733
+ }), o ? r.header(...x).send(i) : r.view(
6712
6734
  this.deviceCodeFlowPage,
6713
6735
  {
6714
6736
  user: s.user,
6715
6737
  scope: s.body.scope,
6716
6738
  verification_uri_qrdata: a,
6717
- ...t
6739
+ ...i
6718
6740
  }
6719
6741
  );
6720
6742
  } catch (n) {
6721
- const t = l.asCrossauthError(n);
6743
+ const i = l.asCrossauthError(n);
6722
6744
  d.logger.error(c({
6723
6745
  msg: "Error receiving token",
6724
- cerr: t,
6725
- user: (i = s.user) == null ? void 0 : i.user
6746
+ cerr: i,
6747
+ user: (t = s.user) == null ? void 0 : t.user
6726
6748
  })), d.logger.debug(c({ err: n }));
6727
6749
  const a = {
6728
- errorMessage: t.message,
6729
- errorCode: t.code,
6730
- errorCodeName: t.codeName
6750
+ errorMessage: i.message,
6751
+ errorCode: i.code,
6752
+ errorCodeName: i.codeName
6731
6753
  };
6732
- return o ? r.header(..._).status(t.httpStatus).send(a) : r.view(this.deviceCodeFlowPage, {
6754
+ return o ? r.header(...x).status(i.httpStatus).send(a) : r.view(this.deviceCodeFlowPage, {
6733
6755
  user: s.user,
6734
6756
  csrfToken: s.csrfToken,
6735
6757
  scope: s.body.scope,
@@ -6738,38 +6760,38 @@ class we extends Oe {
6738
6760
  }
6739
6761
  }
6740
6762
  async deviceCodePoll(o, s, r) {
6741
- var i;
6763
+ var t;
6742
6764
  try {
6743
6765
  const n = await this.pollDeviceCodeFlow(s.body.device_code);
6744
- return n.error ? r.header(..._).send(n) : await this.receiveTokenFn(
6766
+ return n.error ? r.header(...x).send(n) : await this.receiveTokenFn(
6745
6767
  n,
6746
6768
  this,
6747
6769
  s,
6748
6770
  o ? void 0 : r
6749
6771
  );
6750
6772
  } catch (n) {
6751
- const t = l.asCrossauthError(n);
6773
+ const i = l.asCrossauthError(n);
6752
6774
  return d.logger.error(c({
6753
6775
  msg: "Error receiving token",
6754
- cerr: t,
6755
- user: (i = s.user) == null ? void 0 : i.user
6776
+ cerr: i,
6777
+ user: (t = s.user) == null ? void 0 : t.user
6756
6778
  })), d.logger.debug(c({ err: n })), await this.errorFn(
6757
6779
  this.server,
6758
6780
  s,
6759
6781
  r,
6760
- t
6782
+ i
6761
6783
  );
6762
6784
  }
6763
6785
  }
6764
- async refresh(o, s, r, i, n, t) {
6765
- if (!t || !n)
6786
+ async refresh(o, s, r, t, n, i) {
6787
+ if (!i || !n)
6766
6788
  return r ? void 0 : await this.receiveTokenFn(
6767
6789
  {},
6768
6790
  this,
6769
6791
  o,
6770
6792
  r ? void 0 : s
6771
6793
  );
6772
- if (!i || t <= Date.now())
6794
+ if (!t || i <= Date.now())
6773
6795
  try {
6774
6796
  const a = await this.refreshTokenFlow(n);
6775
6797
  if (!a.error && !a.access_token && (a.error = "server_error", a.error_description = "Unexpectedly did not receive error or access token"), !a.error) {
@@ -6790,7 +6812,7 @@ class we extends Oe {
6790
6812
  }
6791
6813
  let h = a.expires_in;
6792
6814
  if (!h && a.access_token) {
6793
- const p = J(a.access_token);
6815
+ const p = K(a.access_token);
6794
6816
  p.exp && (h = p.exp);
6795
6817
  }
6796
6818
  if (!h)
@@ -6821,9 +6843,9 @@ class we extends Oe {
6821
6843
  };
6822
6844
  }
6823
6845
  }
6824
- async refreshTokens(o, s, r, i) {
6846
+ async refreshTokens(o, s, r, t) {
6825
6847
  if (!o.csrfToken)
6826
- return s.header(..._).status(401).send({ ok: !1, msg: "No csrf token given" });
6848
+ return s.header(...x).status(401).send({ ok: !1, msg: "No csrf token given" });
6827
6849
  if (!this.server.sessionAdapter) throw new l(
6828
6850
  g.Configuration,
6829
6851
  "Cannot get session data if sessions not enabled"
@@ -6831,7 +6853,7 @@ class we extends Oe {
6831
6853
  const n = await this.server.sessionAdapter.getSessionData(o, this.sessionDataName);
6832
6854
  if (!(n != null && n.refresh_token)) {
6833
6855
  if (r)
6834
- return s.header(..._).status(204).send();
6856
+ return s.header(...x).status(204).send();
6835
6857
  {
6836
6858
  const a = new l(
6837
6859
  g.InvalidSession,
@@ -6845,20 +6867,20 @@ class we extends Oe {
6845
6867
  );
6846
6868
  }
6847
6869
  }
6848
- const t = await this.refresh(
6870
+ const i = await this.refresh(
6849
6871
  o,
6850
6872
  s,
6851
6873
  r,
6852
- i,
6874
+ t,
6853
6875
  n.refresh_token,
6854
6876
  //onlyIfExpired ? oauthData.expires_at : undefined
6855
6877
  n.expires_at
6856
6878
  );
6857
6879
  if (!r) {
6858
- if (t == null) return this.receiveTokenFn({}, this, o, s);
6859
- if (t != null) return t;
6880
+ if (i == null) return this.receiveTokenFn({}, this, o, s);
6881
+ if (i != null) return i;
6860
6882
  }
6861
- return s.header(..._).status(200).send({ ok: !0, expires_at: t == null ? void 0 : t.expires_at });
6883
+ return s.header(...x).status(200).send({ ok: !0, expires_at: i == null ? void 0 : i.expires_at });
6862
6884
  }
6863
6885
  async deleteTokens(o) {
6864
6886
  if (!this.server.sessionAdapter) throw new l(
@@ -6877,14 +6899,14 @@ class we extends Oe {
6877
6899
  await this.server.sessionAdapter.deleteSessionData(o, this.sessionDataName);
6878
6900
  }
6879
6901
  async storeSessionData(o, s, r) {
6880
- var i;
6902
+ var t;
6881
6903
  if (this.server.sessionServer) {
6882
6904
  let n = this.server.sessionServer.getSessionCookieValue(s);
6883
6905
  !n && r ? n = await this.server.createAnonymousSession(
6884
6906
  s,
6885
6907
  r,
6886
6908
  { [this.sessionDataName]: o }
6887
- ) : await ((i = this.server.sessionAdapter) == null ? void 0 : i.updateSessionData(s, this.sessionDataName, o));
6909
+ ) : await ((t = this.server.sessionAdapter) == null ? void 0 : t.updateSessionData(s, this.sessionDataName, o));
6888
6910
  } else {
6889
6911
  if (!this.server.sessionAdapter) throw new l(
6890
6912
  g.Configuration,
@@ -6911,65 +6933,65 @@ class es extends Ie {
6911
6933
  u(this, "tokenLocations", ["header"]);
6912
6934
  u(this, "sessionAdapter");
6913
6935
  if (C("errorBody", k.Json, this, r, "OAUTH_RESSERVER_ACCESS_DENIED_BODY"), C("tokenLocations", k.JsonArray, this, r, "OAUTH_TOKEN_LOCATIONS"), C("sessionDataName", k.String, this, r, "OAUTH_SESSION_DATA_NAME"), this.userStorage = r.userStorage, this.sessionAdapter = r.sessionAdapter, r.protectedEndpoints) {
6914
- const i = /^[!#\$%&'\(\)\*\+,\.\/a-zA-Z\[\]\^_`-]+/;
6915
- for (const [n, t] of Object.entries(r.protectedEndpoints)) {
6936
+ const t = /^[!#\$%&'\(\)\*\+,\.\/a-zA-Z\[\]\^_`-]+/;
6937
+ for (const [n, i] of Object.entries(r.protectedEndpoints)) {
6916
6938
  if (!n.startsWith("/"))
6917
6939
  throw new l(g.Configuration, "protected endpoints must be absolute paths without the protocol and hostname");
6918
- t.scope && t.scope.forEach((a) => {
6919
- if (!i.test(a)) throw new l(g.Configuration, "Illegal characters in scope " + a);
6940
+ i.scope && i.scope.forEach((a) => {
6941
+ if (!t.test(a)) throw new l(g.Configuration, "Illegal characters in scope " + a);
6920
6942
  });
6921
6943
  }
6922
6944
  this.protectedEndpoints = { ...r.protectedEndpoints };
6923
6945
  for (let n in r.protectedEndpoints) {
6924
- let t = this.protectedEndpoints[n];
6925
- t.suburls == !0 && (n.endsWith("/") || (n += "/", this.protectedEndpoints[n] = t), this.protectedEndpointPrefixes.push(n));
6946
+ let i = this.protectedEndpoints[n];
6947
+ i.suburls == !0 && (n.endsWith("/") || (n += "/", this.protectedEndpoints[n] = i), this.protectedEndpointPrefixes.push(n));
6926
6948
  }
6927
6949
  }
6928
- r.protectedEndpoints && o.addHook("preHandler", async (i, n) => {
6950
+ r.protectedEndpoints && o.addHook("preHandler", async (t, n) => {
6929
6951
  var p, v;
6930
- const t = i.url.split("?", 2)[0];
6952
+ const i = t.url.split("?", 2)[0];
6931
6953
  let a = !1, h = "";
6932
- if (t in this.protectedEndpoints)
6933
- a = !0, h = t;
6954
+ if (i in this.protectedEndpoints)
6955
+ a = !0, h = i;
6934
6956
  else
6935
6957
  for (let m of this.protectedEndpointPrefixes)
6936
- t.startsWith(m) && (a = !0), h = m;
6958
+ i.startsWith(m) && (a = !0), h = m;
6937
6959
  if (!a) return;
6938
- const f = await this.authorized(i);
6939
- if (!(i.user && i.authType == "cookie" && this.protectedEndpoints[h].acceptSessionAuthorization != !0)) {
6960
+ const f = await this.authorized(t);
6961
+ if (!(t.user && t.authType == "cookie" && this.protectedEndpoints[h].acceptSessionAuthorization != !0)) {
6940
6962
  if (!f) {
6941
- i.authError = "access_denied", i.authErrorDescription = "No access token";
6942
- const m = this.authenticateHeader(i);
6963
+ t.authError = "access_denied", t.authErrorDescription = "No access token";
6964
+ const m = this.authenticateHeader(t);
6943
6965
  return n.header("WWW-Authenticate", m).status(401).send(this.errorBody);
6944
6966
  }
6945
6967
  if (!f.authorized) {
6946
- const m = this.authenticateHeader(i);
6968
+ const m = this.authenticateHeader(t);
6947
6969
  return n.header("WWW-Authenticate", m).status(401).send(this.errorBody);
6948
6970
  }
6949
6971
  }
6950
6972
  if (f) {
6951
- if (i.accessTokenPayload = f.tokenPayload, i.user = f.user, (p = f.tokenPayload) != null && p.scope)
6973
+ if (t.accessTokenPayload = f.tokenPayload, t.user = f.user, (p = f.tokenPayload) != null && p.scope)
6952
6974
  if (Array.isArray(f.tokenPayload.scope)) {
6953
6975
  let m = [];
6954
6976
  for (let w of f.tokenPayload.scope)
6955
6977
  typeof w == "string" && m.push(w);
6956
- i.scope = m;
6957
- } else typeof f.tokenPayload.scope == "string" && (i.scope = f.tokenPayload.scope.split(" "));
6978
+ t.scope = m;
6979
+ } else typeof f.tokenPayload.scope == "string" && (t.scope = f.tokenPayload.scope.split(" "));
6958
6980
  if (this.protectedEndpoints[h].scope) {
6959
6981
  for (let m of this.protectedEndpoints[h].scope ?? [])
6960
- if (!i.scope || !i.scope.includes(m) && this.protectedEndpoints[h].acceptSessionAuthorization != !0)
6982
+ if (!t.scope || !t.scope.includes(m) && this.protectedEndpoints[h].acceptSessionAuthorization != !0)
6961
6983
  return d.logger.warn(c({
6962
6984
  msg: "Access token does not have sufficient scope",
6963
- username: (v = i.user) == null ? void 0 : v.username,
6964
- url: i.url
6965
- })), i.scope = void 0, i.accessTokenPayload = void 0, i.user = void 0, i.authError = "access_denied", i.authErrorDescription = "Access token does not have sufficient scope", n.status(401).send(this.errorBody);
6985
+ username: (v = t.user) == null ? void 0 : v.username,
6986
+ url: t.url
6987
+ })), t.scope = void 0, t.accessTokenPayload = void 0, t.user = void 0, t.authError = "access_denied", t.authErrorDescription = "Access token does not have sufficient scope", n.status(401).send(this.errorBody);
6966
6988
  }
6967
- if (i.authType = "oauth", i.authError = f == null ? void 0 : f.error, (f == null ? void 0 : f.error) == "access_denied") {
6968
- const m = this.authenticateHeader(i);
6989
+ if (t.authType = "oauth", t.authError = f == null ? void 0 : f.error, (f == null ? void 0 : f.error) == "access_denied") {
6990
+ const m = this.authenticateHeader(t);
6969
6991
  return n.header("WWW-Authenticate", m).status(401).send(this.errorBody);
6970
6992
  } else if (f != null && f.error)
6971
6993
  return n.status(500).send(this.errorBody);
6972
- i.authErrorDescription = f == null ? void 0 : f.error_description, d.logger.debug(c({ msg: "Resource server url", url: i.url, authorized: i.accessTokenPayload != null }));
6994
+ t.authErrorDescription = f == null ? void 0 : f.error_description, d.logger.debug(c({ msg: "Resource server url", url: t.url, authorized: t.accessTokenPayload != null }));
6973
6995
  }
6974
6996
  });
6975
6997
  }
@@ -6995,8 +7017,8 @@ class es extends Ie {
6995
7017
  async authorized(o) {
6996
7018
  try {
6997
7019
  let s;
6998
- for (let i of this.tokenLocations)
6999
- if (i == "header") {
7020
+ for (let t of this.tokenLocations)
7021
+ if (t == "header") {
7000
7022
  const n = await this.tokenFromHeader(o);
7001
7023
  if (n) {
7002
7024
  s = n;
@@ -7012,8 +7034,8 @@ class es extends Ie {
7012
7034
  let r;
7013
7035
  if (s) {
7014
7036
  if (s.sub && this.userStorage) {
7015
- const i = await this.userStorage.getUserByUsername(s.sub);
7016
- i && (r = i.user), o.user = r;
7037
+ const t = await this.userStorage.getUserByUsername(s.sub);
7038
+ t && (r = t.user), o.user = r;
7017
7039
  } else s.sub && (o.user = {
7018
7040
  id: s.userid ?? s.sub,
7019
7041
  username: s.sub,
@@ -7074,7 +7096,7 @@ const ss = `<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
7074
7096
  function rs(S) {
7075
7097
  return S.admin == !0;
7076
7098
  }
7077
- const K = class K {
7099
+ const J = class J {
7078
7100
  /**
7079
7101
  * Integrates fastify session, API key and OAuth servers
7080
7102
  * @param config object with entries as follow:
@@ -7125,9 +7147,9 @@ const K = class K {
7125
7147
  sessionAdapter: o,
7126
7148
  apiKey: s,
7127
7149
  oAuthAuthServer: r,
7128
- oAuthClient: i,
7150
+ oAuthClient: t,
7129
7151
  oAuthClients: n,
7130
- oAuthResServer: t
7152
+ oAuthResServer: i
7131
7153
  }, a = {}) {
7132
7154
  u(this, "views", "views");
7133
7155
  /** The Fastify app, which was either passed in the constructor or
@@ -7153,7 +7175,7 @@ const K = class K {
7153
7175
  /** Config for `@fastify/cors` */
7154
7176
  u(this, "cors");
7155
7177
  u(this, "audience", "");
7156
- C("views", k.String, this, a, "VIEWS"), C("cors", k.Json, this, a, "CORS"), a.isAdminFn && (K.isAdminFn = a.isAdminFn), a.app ? this.app = a.app : (this.views && ue.configure(this.views, {
7178
+ C("views", k.String, this, a, "VIEWS"), C("cors", k.Json, this, a, "CORS"), a.isAdminFn && (J.isAdminFn = a.isAdminFn), a.app ? this.app = a.app : (this.views && ue.configure(this.views, {
7157
7179
  autoescape: !0
7158
7180
  }), this.app = Ee({ logger: !1 }), this.app.register(Te, {
7159
7181
  engine: {
@@ -7179,7 +7201,7 @@ const K = class K {
7179
7201
  g.Configuration,
7180
7202
  "If using session management, must also supply authenticators"
7181
7203
  );
7182
- const f = new Ke(
7204
+ const f = new Je(
7183
7205
  this.app,
7184
7206
  e.keyStorage,
7185
7207
  h,
@@ -7207,12 +7229,12 @@ const K = class K {
7207
7229
  { ...f, ...a, ...r.options }
7208
7230
  );
7209
7231
  }
7210
- if (i && this.oAuthClients)
7232
+ if (t && this.oAuthClients)
7211
7233
  throw new l(g.Configuration, "Do not use both oAuthClient and oAuthClients");
7212
- if (i && (this.oAuthClient = new we(
7234
+ if (t && (this.oAuthClient = new we(
7213
7235
  this,
7214
- i.authServerBaseUrl,
7215
- { ...a, ...i.options }
7236
+ t.authServerBaseUrl,
7237
+ { ...a, ...t.options }
7216
7238
  )), n) {
7217
7239
  this.oAuthClients = [];
7218
7240
  for (let f of n)
@@ -7224,10 +7246,10 @@ const K = class K {
7224
7246
  )
7225
7247
  );
7226
7248
  }
7227
- t && (this.audience = "", C("audience", k.String, this, a, "OAUTH_AUDIENCE", !0), this.oAuthResServer = new es(
7249
+ i && (this.audience = "", C("audience", k.String, this, a, "OAUTH_AUDIENCE", !0), this.oAuthResServer = new es(
7228
7250
  this.app,
7229
7251
  [new Me(this.audience, a)],
7230
- { sessionAdapter: this.sessionAdapter, ...t.options, ...a }
7252
+ { sessionAdapter: this.sessionAdapter, ...i.options, ...a }
7231
7253
  ));
7232
7254
  }
7233
7255
  /**
@@ -7259,7 +7281,7 @@ const K = class K {
7259
7281
  * from calling `errorFn`.
7260
7282
  */
7261
7283
  async errorIfCsrfInvalid(e, o, s) {
7262
- var r, i;
7284
+ var r, t;
7263
7285
  try {
7264
7286
  if (!e.csrfToken) throw new l(g.InvalidCsrf);
7265
7287
  return { error: !1, reply: o };
@@ -7270,23 +7292,23 @@ const K = class K {
7270
7292
  }));
7271
7293
  try {
7272
7294
  if (s) {
7273
- const t = l.asCrossauthError(n);
7274
- return { error: !0, reply: await s(this, e, o, t) };
7295
+ const i = l.asCrossauthError(n);
7296
+ return { error: !0, reply: await s(this, e, o, i) };
7275
7297
  } else if ((r = this.sessionServer) != null && r.errorPage) {
7276
- const t = new l(g.InvalidCsrf, "CSRF Token not provided");
7298
+ const i = new l(g.InvalidCsrf, "CSRF Token not provided");
7277
7299
  return { error: !0, reply: o.status(401).view(
7278
- ((i = this.sessionServer) == null ? void 0 : i.errorPage) ?? "",
7300
+ ((t = this.sessionServer) == null ? void 0 : t.errorPage) ?? "",
7279
7301
  {
7280
- errorMessage: t.message,
7281
- errorMessages: t.messages,
7282
- status: t.httpStatus,
7302
+ errorMessage: i.message,
7303
+ errorMessages: i.messages,
7304
+ status: i.httpStatus,
7283
7305
  errorCode: g.InvalidCsrf,
7284
7306
  errorCodeName: g[g.InvalidCsrf]
7285
7307
  }
7286
7308
  ) };
7287
7309
  }
7288
- } catch (t) {
7289
- return d.logger.error(c({ err: t })), { error: !0, reply: o.status(401).send(z) };
7310
+ } catch (i) {
7311
+ return d.logger.error(c({ err: i })), { error: !0, reply: o.status(401).send(z) };
7290
7312
  }
7291
7313
  return { error: !0, reply: o.status(401).send(z) };
7292
7314
  }
@@ -7304,7 +7326,7 @@ const K = class K {
7304
7326
  * from calling `errorFn`.
7305
7327
  */
7306
7328
  async errorIfNotLoggedIn(e, o, s) {
7307
- var r, i, n;
7329
+ var r, t, n;
7308
7330
  if (!e.user) {
7309
7331
  d.logger.warn(c({
7310
7332
  msg: "Attempt to access url without csrf token",
@@ -7312,14 +7334,14 @@ const K = class K {
7312
7334
  }));
7313
7335
  try {
7314
7336
  if (s) {
7315
- const t = new l(
7337
+ const i = new l(
7316
7338
  g.Unauthorized,
7317
7339
  "User is not logged in"
7318
7340
  );
7319
- return await s(this, e, o, t);
7341
+ return await s(this, e, o, i);
7320
7342
  } else if ((r = this.sessionServer) != null && r.errorPage)
7321
7343
  return o.status(401).view(
7322
- ((i = this.sessionServer) == null ? void 0 : i.errorPage) ?? "",
7344
+ ((t = this.sessionServer) == null ? void 0 : t.errorPage) ?? "",
7323
7345
  {
7324
7346
  errorMessage: "User is not logged in",
7325
7347
  status: 401,
@@ -7327,9 +7349,9 @@ const K = class K {
7327
7349
  codeName: g[g.Unauthorized]
7328
7350
  }
7329
7351
  );
7330
- } catch (t) {
7331
- return d.logger.debug(c({ err: t })), d.logger.error(c({
7332
- cerr: t,
7352
+ } catch (i) {
7353
+ return d.logger.debug(c({ err: i })), d.logger.error(c({
7354
+ cerr: i,
7333
7355
  hashedSessionCookie: (n = this.sessionServer) == null ? void 0 : n.getHashOfSessionId(e)
7334
7356
  })), o.status(401).send(z);
7335
7357
  }
@@ -7356,8 +7378,8 @@ const K = class K {
7356
7378
  * @returns the reply from rendering the error page.
7357
7379
  *
7358
7380
  */
7359
- static sendPageError(e, o, s, r, i) {
7360
- if (!r || !i)
7381
+ static sendPageError(e, o, s, r, t) {
7382
+ if (!r || !t)
7361
7383
  return d.logger.warn(c({
7362
7384
  msg: r,
7363
7385
  errorCode: g.UnknownError,
@@ -7371,15 +7393,15 @@ const K = class K {
7371
7393
  }
7372
7394
  ) : e.status(o).send(o == 401 ? z : G);
7373
7395
  try {
7374
- let n = 0, t = "UnknownError";
7375
- if ("isCrossAuthError" in i) {
7376
- const a = l.asCrossauthError(i);
7377
- n = a.code, t = a.name, r || (r = i.message);
7396
+ let n = 0, i = "UnknownError";
7397
+ if ("isCrossAuthError" in t) {
7398
+ const a = l.asCrossauthError(t);
7399
+ n = a.code, i = a.name, r || (r = t.message);
7378
7400
  }
7379
- return r || (o == 401 ? (r = "You are not authorized to access this page", n = g.Unauthorized, t = g[n]) : o == 403 ? (r = "You do not have permission to access this page", n = g.Forbidden, t = g[n]) : r = "An unknwon error has occurred"), d.logger.warn(c({
7401
+ return r || (o == 401 ? (r = "You are not authorized to access this page", n = g.Unauthorized, i = g[n]) : o == 403 ? (r = "You do not have permission to access this page", n = g.Forbidden, i = g[n]) : r = "An unknwon error has occurred"), d.logger.warn(c({
7380
7402
  msg: r,
7381
7403
  errorCode: n,
7382
- errorCodeName: t,
7404
+ errorCodeName: i,
7383
7405
  httpStatus: o
7384
7406
  })), s ? e.status(o).view(
7385
7407
  s,
@@ -7387,7 +7409,7 @@ const K = class K {
7387
7409
  status: o,
7388
7410
  errorMessage: r,
7389
7411
  errorCode: n,
7390
- errorCodeName: t
7412
+ errorCodeName: i
7391
7413
  }
7392
7414
  ) : e.status(o).send(o == 401 ? z : G);
7393
7415
  } catch (n) {
@@ -7427,18 +7449,19 @@ const K = class K {
7427
7449
  * @returns true if the passed user is an admin, false otherwise.
7428
7450
  */
7429
7451
  static isAdmin(e) {
7430
- return K.isAdminFn(e);
7452
+ return J.isAdminFn(e);
7431
7453
  }
7432
7454
  /**
7433
7455
  * Starts the Fastify app on the given port.
7434
7456
  * @param port the port to listen on
7435
7457
  */
7436
- start(e = 3e3) {
7458
+ start(e = 3e3, o = "0.0.0.0") {
7437
7459
  this.app.listen(
7438
7460
  { port: e },
7439
7461
  () => d.logger.info(c({
7440
7462
  msg: "Starting fastify server",
7441
- port: e
7463
+ port: e,
7464
+ hostname: o
7442
7465
  }))
7443
7466
  );
7444
7467
  }
@@ -7451,14 +7474,14 @@ const K = class K {
7451
7474
  getHashOfSessionId(e) {
7452
7475
  if (!e.sessionId) return "";
7453
7476
  try {
7454
- return F.hash(e.sessionId);
7477
+ return N.hash(e.sessionId);
7455
7478
  } catch {
7456
7479
  }
7457
7480
  return "";
7458
7481
  }
7459
7482
  };
7460
- u(K, "isAdminFn", rs);
7461
- let y = K;
7483
+ u(J, "isAdminFn", rs);
7484
+ let y = J;
7462
7485
  class us {
7463
7486
  }
7464
7487
  export {
@@ -7470,7 +7493,7 @@ export {
7470
7493
  es as FastifyOAuthResourceServer,
7471
7494
  y as FastifyServer,
7472
7495
  us as FastifySessionAdapter,
7473
- Ke as FastifySessionServer,
7496
+ Je as FastifySessionServer,
7474
7497
  Ge as FastifyUserClientEndpoints,
7475
7498
  De as FastifyUserEndpoints
7476
7499
  };