@crossauth/sveltekit 0.0.28 → 0.0.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.cjs +1 -1
  2. package/dist/index.js +906 -896
  3. package/dist/sveltekitresserver.d.ts +2 -0
  4. package/package.json +3 -3
package/dist/index.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import { minimatch as I } from "minimatch";
2
2
  import { ApiKeyManager as K, KeyStorage as $, toCookieSerializeOptions as P, Crypto as F, OAuthAuthorizationServer as Z, setParameter as y, ParamType as E, DoubleSubmitCsrfToken as ee, OAuthClientManager as B, OAuthClientBackend as re, OAuthResourceServer as se, OAuthTokenConsumer as te, TokenEmailer as oe, SessionManager as ie } from "@crossauth/backend";
3
- import { CrossauthError as c, ErrorCode as h, CrossauthLogger as d, j as u, OAuthFlows as _, UserState as N, httpStatus as q } from "@crossauth/common";
3
+ import { CrossauthError as c, ErrorCode as h, CrossauthLogger as d, j as f, OAuthFlows as _, UserState as N, httpStatus as q } from "@crossauth/common";
4
4
  import { json as v, redirect as Q, error as Y } from "@sveltejs/kit";
5
5
  import "cookie";
6
6
  import { jwtDecode as M } from "jwt-decode";
@@ -26,11 +26,11 @@ class b {
26
26
  this.clone = r;
27
27
  }
28
28
  async loadData(r) {
29
- var t, e, s, i;
29
+ var t, e, s, a;
30
30
  if (!((t = r.request) != null && t.body))
31
31
  return;
32
32
  const o = r.request.headers.get("content-type");
33
- o == "application/json" ? this.jsonData = this.clone ? await ((s = (e = r.request) == null ? void 0 : e.clone()) == null ? void 0 : s.json()) : await ((i = r.request) == null ? void 0 : i.json()) : (o == "application/x-www-form-urlencoded" || o != null && o.startsWith("multipart/form-data")) && (this.formData = this.clone ? await r.request.clone().formData() : await r.request.formData());
33
+ o == "application/json" ? this.jsonData = this.clone ? await ((s = (e = r.request) == null ? void 0 : e.clone()) == null ? void 0 : s.json()) : await ((a = r.request) == null ? void 0 : a.json()) : (o == "application/x-www-form-urlencoded" || o != null && o.startsWith("multipart/form-data")) && (this.formData = this.clone ? await r.request.clone().formData() : await r.request.formData());
34
34
  }
35
35
  get(r) {
36
36
  if (this.jsonData) return this.jsonData[r];
@@ -89,32 +89,32 @@ class ne {
89
89
  const s = e.request.headers.get("authorization");
90
90
  if (s)
91
91
  try {
92
- d.logger.debug(u({
92
+ d.logger.debug(f({
93
93
  msg: "Received authorization header"
94
94
  }));
95
- const i = await this.apiKeyManager.validateToken(
95
+ const a = await this.apiKeyManager.validateToken(
96
96
  s
97
97
  );
98
- d.logger.debug(u({
98
+ d.logger.debug(f({
99
99
  msg: "Valid API key",
100
- hahedApiKey: K.hashSignedApiKeyValue(i.value)
100
+ hahedApiKey: K.hashSignedApiKeyValue(a.value)
101
101
  }));
102
- const a = $.decodeData(i.data);
103
- if (e.locals.apiKey = { ...i, ...a }, "scope" in a && Array.isArray(a.scope)) {
102
+ const i = $.decodeData(a.data);
103
+ if (e.locals.apiKey = { ...a, ...i }, "scope" in i && Array.isArray(i.scope)) {
104
104
  let n = [];
105
- for (let l of a.scope)
105
+ for (let l of i.scope)
106
106
  typeof l == "string" && n.push(l);
107
107
  e.locals.scope = n;
108
108
  }
109
- if (i.userid)
109
+ if (a.userid)
110
110
  try {
111
- const { user: n } = await this.userStorage.getUserById(i.userid);
112
- e.locals.user = n, e.locals.authType = "apiKey", d.logger.debug(u({ msg: "API key is for user", userid: n.id, user: n.username, hahedApiKey: K.hashSignedApiKeyValue(i.value) }));
111
+ const { user: n } = await this.userStorage.getUserById(a.userid);
112
+ e.locals.user = n, e.locals.authType = "apiKey", d.logger.debug(f({ msg: "API key is for user", userid: n.id, user: n.username, hahedApiKey: K.hashSignedApiKeyValue(a.value) }));
113
113
  } catch (n) {
114
- d.logger.error(u({ msg: "API key has invalid user", userid: i.userid, hashedApiKey: K.hashSignedApiKeyValue(i.value) })), d.logger.debug(u({ err: n }));
114
+ d.logger.error(f({ msg: "API key has invalid user", userid: a.userid, hashedApiKey: K.hashSignedApiKeyValue(a.value) })), d.logger.debug(f({ err: n }));
115
115
  }
116
- } catch (i) {
117
- d.logger.error(u({ msg: "Invalid authorization header received", header: s })), d.logger.debug(u({ err: i }));
116
+ } catch (a) {
117
+ d.logger.error(f({ msg: "Invalid authorization header received", header: s })), d.logger.debug(f({ err: a }));
118
118
  }
119
119
  };
120
120
  }
@@ -130,9 +130,9 @@ class ce {
130
130
  * @param options see {@link SvelteKitAuthorizationServerOptions}
131
131
  */
132
132
  constructor(r, o, t, e, s = {}) {
133
- var i;
133
+ var a;
134
134
  this.loginUrl = "/login", this.refreshTokenType = "json", this.refreshTokenCookieName = "CROSSAUTH_REFRESH_TOKEN", this.refreshTokenCookieDomain = void 0, this.refreshTokenCookieHttpOnly = !1, this.refreshTokenCookiePath = "/", this.refreshTokenCookieSecure = !0, this.refreshTokenCookieSameSite = "strict", this.authorizeEndpointUrl = "/oauth/authorize", this.tokenEndpointUrl = "/oauth/token", this.jwksEndpointUrl = "/oauth/jwks", this.oidcConfigurationEndpoint = {
135
- get: async (a) => v(this.authServer.oidcConfiguration(
135
+ get: async (i) => v(this.authServer.oidcConfiguration(
136
136
  {
137
137
  authorizeEndpoint: this.authorizeEndpointUrl,
138
138
  tokenEndpoint: this.tokenEndpointUrl,
@@ -141,7 +141,7 @@ class ce {
141
141
  }
142
142
  ))
143
143
  }, this.jwksGetEndpoint = {
144
- get: async (a) => {
144
+ get: async (i) => {
145
145
  try {
146
146
  return v(this.authServer.jwks());
147
147
  } catch (n) {
@@ -153,7 +153,7 @@ class ce {
153
153
  }
154
154
  }
155
155
  }, this.getCsrfTokenEndpoint = {
156
- get: async (a) => {
156
+ get: async (i) => {
157
157
  var l;
158
158
  if (!this.csrfTokens) return v({
159
159
  ok: !1,
@@ -163,23 +163,23 @@ class ce {
163
163
  let n = "";
164
164
  try {
165
165
  const {
166
- csrfCookie: f,
166
+ csrfCookie: u,
167
167
  csrfFormOrHeaderValue: g
168
168
  } = await this.createCsrfToken();
169
- return n = f.value, a.cookies.set(
170
- f.name,
171
- f.value,
172
- P(f.options)
169
+ return n = u.value, i.cookies.set(
170
+ u.name,
171
+ u.value,
172
+ P(u.options)
173
173
  ), v({ ok: !0, csrfToken: g });
174
- } catch (f) {
175
- const g = c.asCrossauthError(f);
176
- return d.logger.error(u({
174
+ } catch (u) {
175
+ const g = c.asCrossauthError(u);
176
+ return d.logger.error(f({
177
177
  msg: "getcsrftoken failure",
178
- user: (l = a.locals.user) == null ? void 0 : l.username,
178
+ user: (l = i.locals.user) == null ? void 0 : l.username,
179
179
  hashedCsrfCookie: F.hash(n.split(".")[0]),
180
180
  error: g.code,
181
181
  errorCodeName: g.codeName
182
- })), d.logger.debug(u({ err: f })), d.logger.error({ cerr: f }), v({
182
+ })), d.logger.debug(f({ err: u })), d.logger.error({ cerr: u }), v({
183
183
  ok: !1,
184
184
  error: g.oauthErrorCode,
185
185
  error_description: g.message
@@ -187,26 +187,26 @@ class ce {
187
187
  }
188
188
  }
189
189
  }, this.authorizeEndpoint = {
190
- load: async (a) => {
190
+ load: async (i) => {
191
191
  var m, S;
192
192
  if (!(this.authServer.validFlows.includes(_.AuthorizationCode) || this.authServer.validFlows.includes(_.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(_.OidcAuthorizationCode)))
193
193
  throw this.error(401, "authorize cannot be called because the authorization code flows are not supported");
194
- if (!a.locals.user) return this.redirect(
194
+ if (!i.locals.user) return this.redirect(
195
195
  302,
196
- this.loginUrl + "?next=" + encodeURIComponent(a.request.url)
196
+ this.loginUrl + "?next=" + encodeURIComponent(i.request.url)
197
197
  );
198
- let n = this.getAuthorizeQuery(a);
198
+ let n = this.getAuthorizeQuery(i);
199
199
  if (!n.query) return n.error;
200
200
  let l = n.query;
201
- d.logger.debug(u({ msg: "validating authorize parameters" }));
202
- let { error_description: f } = this.authServer.validateAuthorizeParameters(l), g;
203
- if (f ? (g = new c(h.BadRequest, f), d.logger.error(u({
201
+ d.logger.debug(f({ msg: "validating authorize parameters" }));
202
+ let { error_description: u } = this.authServer.validateAuthorizeParameters(l), g;
203
+ if (u ? (g = new c(h.BadRequest, u), d.logger.error(f({
204
204
  msg: "authorize parameter invalid",
205
205
  cerr: g,
206
- user: (m = a.locals.user) == null ? void 0 : m.username
207
- }))) : d.logger.error(u({
206
+ user: (m = i.locals.user) == null ? void 0 : m.username
207
+ }))) : d.logger.error(f({
208
208
  msg: "authorize parameter valid",
209
- user: (S = a.locals.user) == null ? void 0 : S.username
209
+ user: (S = i.locals.user) == null ? void 0 : S.username
210
210
  })), g)
211
211
  return {
212
212
  ok: !1,
@@ -214,23 +214,23 @@ class ce {
214
214
  error_description: g.message
215
215
  };
216
216
  let w = !1;
217
- if (d.logger.debug(u({
217
+ if (d.logger.debug(f({
218
218
  msg: "Checking scopes have been authorized",
219
219
  scope: l.scope
220
220
  })), l.scope ? w = await this.authServer.hasAllScopes(
221
221
  l.client_id,
222
- a.locals.user,
222
+ i.locals.user,
223
223
  l.scope.split(" ")
224
224
  ) : w = await this.authServer.hasAllScopes(
225
225
  l.client_id,
226
- a.locals.user,
226
+ i.locals.user,
227
227
  [null]
228
228
  ), w) {
229
- d.logger.debug(u({
229
+ d.logger.debug(f({
230
230
  msg: "All scopes authorized",
231
231
  scope: l.scope
232
232
  }));
233
- const C = await this.authorize(a, !0, {
233
+ const C = await this.authorize(i, !0, {
234
234
  responseType: l.response_type,
235
235
  client_id: l.client_id,
236
236
  redirect_uri: l.redirect_uri,
@@ -245,7 +245,7 @@ class ce {
245
245
  error_description: C.error_description ?? "An unexpected error occurred"
246
246
  };
247
247
  } else {
248
- d.logger.debug(u({
248
+ d.logger.debug(f({
249
249
  msg: "Not all scopes authorized",
250
250
  scope: l.scope
251
251
  }));
@@ -254,7 +254,7 @@ class ce {
254
254
  return {
255
255
  ok: !0,
256
256
  authorizationNeeded: {
257
- user: a.locals.user,
257
+ user: i.locals.user,
258
258
  response_type: l.response_type,
259
259
  client_id: l.client_id,
260
260
  client_name: C.client_name,
@@ -264,13 +264,13 @@ class ce {
264
264
  state: l.state,
265
265
  code_challenge: l.code_challenge,
266
266
  code_challenge_method: l.code_challenge_method,
267
- csrfToken: a.locals.csrfToken
267
+ csrfToken: i.locals.csrfToken
268
268
  },
269
269
  ...this.baseEndpoint
270
270
  };
271
271
  } catch (C) {
272
272
  const T = C;
273
- return d.logger.debug(u({ err: T })), {
273
+ return d.logger.debug(f({ err: T })), {
274
274
  ok: !1,
275
275
  error: "unauthorized_client",
276
276
  error_description: "Not a valid client"
@@ -280,12 +280,12 @@ class ce {
280
280
  },
281
281
  // load
282
282
  actions: {
283
- default: async (a) => {
284
- var f;
283
+ default: async (i) => {
284
+ var u;
285
285
  let n;
286
286
  try {
287
287
  var l = new b();
288
- await l.loadData(a), n = l.toObject();
288
+ await l.loadData(i), n = l.toObject();
289
289
  const g = l.getAsBoolean("authorized"), w = n.response_type, m = n.client_id, S = n.redirect_uri, C = n.scope, T = n.state, R = n.code_challenge, A = n.code_challenge_method;
290
290
  let U;
291
291
  if (g == null && (U = "authorized"), w ? m ? S ? T || (U = "state") : U = "redirect_uri" : U = "client_id" : U = "response_type", U)
@@ -294,12 +294,12 @@ class ce {
294
294
  error: "invalid_request",
295
295
  error_description: "Invalid form: does not contain " + U + " parameter"
296
296
  };
297
- if (!a.locals.user) return this.redirect(
297
+ if (!i.locals.user) return this.redirect(
298
298
  302,
299
- this.loginUrl + "?next=" + encodeURIComponent(a.request.url)
299
+ this.loginUrl + "?next=" + encodeURIComponent(i.request.url)
300
300
  );
301
- if ((f = this.svelteKitServer.sessionServer) != null && f.enableCsrfProtection && !a.locals.csrfToken) throw new c(h.InvalidCsrf);
302
- const z = await this.authorize(a, g ?? !1, {
301
+ if ((u = this.svelteKitServer.sessionServer) != null && u.enableCsrfProtection && !i.locals.csrfToken) throw new c(h.InvalidCsrf);
302
+ const z = await this.authorize(i, g ?? !1, {
303
303
  responseType: w,
304
304
  client_id: m,
305
305
  redirect_uri: S,
@@ -326,7 +326,7 @@ class ce {
326
326
  }
327
327
  }
328
328
  }, this.tokenEndpoint = {
329
- post: async (a) => {
329
+ post: async (i) => {
330
330
  let n;
331
331
  try {
332
332
  if (!(this.authServer.validFlows.includes(_.AuthorizationCode) || this.authServer.validFlows.includes(_.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(_.OidcAuthorizationCode) || this.authServer.validFlows.includes(_.ClientCredentials) || this.authServer.validFlows.includes(_.RefreshToken) || this.authServer.validFlows.includes(_.Password) || this.authServer.validFlows.includes(_.PasswordMfa || this.authServer.validFlows.includes(_.DeviceCode))))
@@ -336,12 +336,12 @@ class ce {
336
336
  error_description: "Token endpoint cannot be called as the supported OAuth flow types don't require it"
337
337
  }, { status: 500 });
338
338
  var l = new b();
339
- await l.loadData(a), n = l.toObject();
340
- const { client_id: f, client_secret: g } = this.getClientIdAndSecret(n, a);
341
- let w = n.refresh_token, m = a.cookies.get(this.refreshTokenCookieName);
339
+ await l.loadData(i), n = l.toObject();
340
+ const { client_id: u, client_secret: g } = this.getClientIdAndSecret(n, i);
341
+ let w = n.refresh_token, m = i.cookies.get(this.refreshTokenCookieName);
342
342
  if ((this.refreshTokenType == "cookie" && m || this.refreshTokenType == "both" && m && w == null) && this.csrfTokens) {
343
- const C = a.cookies.get(this.csrfTokens.cookieName);
344
- let T = a.request.headers.get(this.csrfTokens.headerName.toLowerCase());
343
+ const C = i.cookies.get(this.csrfTokens.cookieName);
344
+ let T = i.request.headers.get(this.csrfTokens.headerName.toLowerCase());
345
345
  if (Array.isArray(T) && (T = T[0]), !C || !T)
346
346
  return v({
347
347
  ok: !1,
@@ -351,7 +351,7 @@ class ce {
351
351
  try {
352
352
  this.csrfTokens.validateDoubleSubmitCsrfToken(C, T);
353
353
  } catch (R) {
354
- return d.logger.debug(u({ err: R })), d.logger.warn(u({ cerr: R, msg: "Invalid csrf token", client_id: n.client_id })), v({
354
+ return d.logger.debug(f({ err: R })), d.logger.warn(f({ cerr: R, msg: "Invalid csrf token", client_id: n.client_id })), v({
355
355
  ok: !1,
356
356
  error: "access_denied",
357
357
  error_description: "Invalid csrf token"
@@ -361,7 +361,7 @@ class ce {
361
361
  }
362
362
  const S = await this.authServer.tokenEndpoint({
363
363
  grantType: n.grant_type,
364
- client_id: f,
364
+ client_id: u,
365
365
  client_secret: g,
366
366
  scope: n.scope,
367
367
  codeVerifier: n.code_verifier,
@@ -375,68 +375,68 @@ class ce {
375
375
  refreshToken: w,
376
376
  deviceCode: n.device_code
377
377
  });
378
- if (S.refresh_token && this.refreshTokenType != "json" && this.setRefreshTokenCookie(a, S.refresh_token, S.expires_in), S.error == "authorization_pending")
378
+ if (S.refresh_token && this.refreshTokenType != "json" && this.setRefreshTokenCookie(i, S.refresh_token, S.expires_in), S.error == "authorization_pending")
379
379
  return v(S);
380
380
  if (S.error || !S.access_token) {
381
381
  let C = "server_error", T = "Neither code nor error received when requestoing authorization";
382
382
  S.error && (C = S.error), S.error_description && (T = S.error_description);
383
383
  const R = c.fromOAuthError(C, T);
384
- return d.logger.error(u({ cerr: R })), v(S, { status: R.httpStatus });
384
+ return d.logger.error(f({ cerr: R })), v(S, { status: R.httpStatus });
385
385
  }
386
386
  return v(S);
387
- } catch (f) {
388
- const g = c.asCrossauthError(f);
389
- return d.logger.debug({ err: f }), d.logger.error({ cerr: f }), v({
387
+ } catch (u) {
388
+ const g = c.asCrossauthError(u);
389
+ return d.logger.debug({ err: u }), d.logger.error({ cerr: u }), v({
390
390
  error: g.oauthErrorCode,
391
391
  error_description: g.message
392
392
  }, { status: g.httpStatus });
393
393
  }
394
394
  }
395
395
  }, this.mfaAuthenticatorsEndpoint = {
396
- get: async (a) => {
396
+ get: async (i) => {
397
397
  try {
398
398
  var n = new b();
399
- return await n.loadData(a), v(await this.mfaAuthenticators(a));
399
+ return await n.loadData(i), v(await this.mfaAuthenticators(i));
400
400
  } catch (l) {
401
- const f = c.asCrossauthError(l);
401
+ const u = c.asCrossauthError(l);
402
402
  return d.logger.debug({ err: l }), d.logger.error({ cerr: l }), v({
403
- error: f.oauthErrorCode,
404
- error_description: f.message
403
+ error: u.oauthErrorCode,
404
+ error_description: u.message
405
405
  });
406
406
  }
407
407
  },
408
- post: async (a) => {
408
+ post: async (i) => {
409
409
  try {
410
410
  var n = new b();
411
- await n.loadData(a);
412
- let l = await this.mfaAuthenticators(a), f = 200;
413
- return !Array.isArray(l) && l.error == "access_denied" ? f = 401 : !Array.isArray(l) && l.error && (f = 500), v(l, { status: f });
411
+ await n.loadData(i);
412
+ let l = await this.mfaAuthenticators(i), u = 200;
413
+ return !Array.isArray(l) && l.error == "access_denied" ? u = 401 : !Array.isArray(l) && l.error && (u = 500), v(l, { status: u });
414
414
  } catch (l) {
415
- const f = c.asCrossauthError(l);
415
+ const u = c.asCrossauthError(l);
416
416
  return d.logger.debug({ err: l }), d.logger.error({ cerr: l }), v({
417
- error: f.oauthErrorCode,
418
- error_description: f.message
419
- }, { status: f.httpStatus });
417
+ error: u.oauthErrorCode,
418
+ error_description: u.message
419
+ }, { status: u.httpStatus });
420
420
  }
421
421
  }
422
422
  }, this.mfaChallengeEndpoint = {
423
- post: async (a) => {
423
+ post: async (i) => {
424
424
  try {
425
425
  var n = new b();
426
- await n.loadData(a);
427
- const l = await this.mfaChallenge(a);
428
- let f = 200;
429
- return l.error == "access_denied" ? f = 401 : l.error && (f = 500), v(l, { status: f });
426
+ await n.loadData(i);
427
+ const l = await this.mfaChallenge(i);
428
+ let u = 200;
429
+ return l.error == "access_denied" ? u = 401 : l.error && (u = 500), v(l, { status: u });
430
430
  } catch (l) {
431
- const f = c.asCrossauthError(l);
431
+ const u = c.asCrossauthError(l);
432
432
  return d.logger.debug({ err: l }), d.logger.error({ cerr: l }), v({
433
- error: f.oauthErrorCode,
434
- error_description: f.message
433
+ error: u.oauthErrorCode,
434
+ error_description: u.message
435
435
  }, { status: 500 });
436
436
  }
437
437
  }
438
438
  }, this.deviceAuthorizationEndpoint = {
439
- post: async (a) => {
439
+ post: async (i) => {
440
440
  let n;
441
441
  try {
442
442
  if (!this.authServer.validFlows.includes(_.DeviceCode))
@@ -446,59 +446,59 @@ class ce {
446
446
  error_description: "Device authorization endpoint cannot be called as the supported OAuth flow types don't require it"
447
447
  });
448
448
  var l = new b();
449
- await l.loadData(a), n = l.toObject();
450
- const { client_id: f, client_secret: g } = this.getClientIdAndSecret(n, a), w = await this.authServer.deviceAuthorizationEndpoint({
451
- client_id: f,
449
+ await l.loadData(i), n = l.toObject();
450
+ const { client_id: u, client_secret: g } = this.getClientIdAndSecret(n, i), w = await this.authServer.deviceAuthorizationEndpoint({
451
+ client_id: u,
452
452
  client_secret: g,
453
453
  scope: n.scope
454
454
  });
455
455
  if (w.error) {
456
456
  const m = c.fromOAuthError(w.error, w.error_description);
457
- return d.logger.error(u({ cerr: m })), v(w, { status: 500 });
457
+ return d.logger.error(f({ cerr: m })), v(w, { status: 500 });
458
458
  }
459
459
  if (!w.device_code || !w.user_code || !w.verification_uri || !w.verification_uri_complete || !w.expires_in) {
460
460
  let m = "server_error", S = "Device authorization result has missing data";
461
461
  const C = new c(h.UnknownError, S);
462
- return d.logger.error(u({ cerr: C })), v({
462
+ return d.logger.error(f({ cerr: C })), v({
463
463
  error: m,
464
464
  error_description: S
465
465
  }, { status: 500 });
466
466
  }
467
467
  return v(w);
468
- } catch (f) {
469
- const g = c.asCrossauthError(f);
470
- return d.logger.debug({ err: f }), d.logger.error({ cerr: f }), v({
468
+ } catch (u) {
469
+ const g = c.asCrossauthError(u);
470
+ return d.logger.debug({ err: u }), d.logger.error({ cerr: u }), v({
471
471
  error: g.oauthErrorCode,
472
472
  error_description: g.message
473
473
  }, { status: 500 });
474
474
  }
475
475
  }
476
476
  }, this.deviceEndpoint = {
477
- load: async (a) => {
477
+ load: async (i) => {
478
478
  if (!this.authServer.validFlows.includes(_.DeviceCode))
479
479
  throw this.error(401, "device cannot be called because the device code flow is not supported");
480
- if (!a.locals.user) return this.redirect(
480
+ if (!i.locals.user) return this.redirect(
481
481
  302,
482
- this.loginUrl + "?next=" + encodeURIComponent(a.request.url)
482
+ this.loginUrl + "?next=" + encodeURIComponent(i.request.url)
483
483
  );
484
- let n = a.url.searchParams.get("user_code");
485
- return n ? await this.applyUserCode(n, a, a.locals.user) : {
484
+ let n = i.url.searchParams.get("user_code");
485
+ return n ? await this.applyUserCode(n, i, i.locals.user) : {
486
486
  ok: !0,
487
487
  completed: !1,
488
488
  retryAllowed: !0,
489
- user: a.locals.user,
490
- csrfToken: a.locals.csrfToken
489
+ user: i.locals.user,
490
+ csrfToken: i.locals.csrfToken
491
491
  };
492
492
  },
493
493
  // load
494
494
  actions: {
495
- userCode: async (a) => {
496
- if (!a.locals.user) throw this.error(401, "Access Denied");
495
+ userCode: async (i) => {
496
+ if (!i.locals.user) throw this.error(401, "Access Denied");
497
497
  try {
498
498
  var n = new b();
499
- await n.loadData(a);
499
+ await n.loadData(i);
500
500
  const l = n.get("user_code");
501
- return l ? await this.applyUserCode(l, a, a.locals.user) : {
501
+ return l ? await this.applyUserCode(l, i, i.locals.user) : {
502
502
  ok: !1,
503
503
  completed: !1,
504
504
  retryAllowed: !0,
@@ -507,22 +507,22 @@ class ce {
507
507
  };
508
508
  } catch (l) {
509
509
  if (p.isSvelteKitError(l) || p.isSvelteKitRedirect(l)) throw l;
510
- let f = c.asCrossauthError(l, "Couldn't validate user code");
510
+ let u = c.asCrossauthError(l, "Couldn't validate user code");
511
511
  return {
512
512
  ok: !1,
513
513
  completed: !1,
514
514
  retryAllowed: !0,
515
- error: f.oauthErrorCode,
516
- error_description: f.message
515
+ error: u.oauthErrorCode,
516
+ error_description: u.message
517
517
  };
518
518
  }
519
519
  },
520
- authorize: async (a) => {
521
- var f;
520
+ authorize: async (i) => {
521
+ var u;
522
522
  let n;
523
523
  try {
524
524
  var l = new b();
525
- await l.loadData(a), n = l.toObject();
525
+ await l.loadData(i), n = l.toObject();
526
526
  const g = l.getAsBoolean("authorized"), w = n.scope, m = n.client_id, S = n.user_code;
527
527
  let C;
528
528
  if (g == null && (C = "authorized"), m == null && (C = "client_id"), S == null && (C = "user_code"), C)
@@ -533,18 +533,18 @@ class ce {
533
533
  error: "invalid_request",
534
534
  error_description: "Invalid form: does not contain " + C + " parameter"
535
535
  };
536
- if (!a.locals.user) return this.redirect(
536
+ if (!i.locals.user) return this.redirect(
537
537
  302,
538
- this.loginUrl + "?next=" + encodeURIComponent(a.request.url)
538
+ this.loginUrl + "?next=" + encodeURIComponent(i.request.url)
539
539
  );
540
- if ((f = this.svelteKitServer.sessionServer) != null && f.enableCsrfProtection && !a.locals.csrfToken) throw new c(h.InvalidCsrf);
541
- return (await this.authServer.validateAndPersistScope(m, w, a.locals.user)).error ? {
540
+ if ((u = this.svelteKitServer.sessionServer) != null && u.enableCsrfProtection && !i.locals.csrfToken) throw new c(h.InvalidCsrf);
541
+ return (await this.authServer.validateAndPersistScope(m, w, i.locals.user)).error ? {
542
542
  ok: !1,
543
543
  completed: !1,
544
544
  retryAllowed: !1,
545
545
  error: "unauthorized_client",
546
546
  error_description: "You did not authorize access to your account"
547
- } : await this.applyUserCode(S, a, a.locals.user);
547
+ } : await this.applyUserCode(S, i, i.locals.user);
548
548
  } catch (g) {
549
549
  if (p.isSvelteKitError(g) || p.isSvelteKitRedirect(g)) throw g;
550
550
  let w = c.asCrossauthError(g, "Couldn't process authorization code");
@@ -563,7 +563,7 @@ class ce {
563
563
  t,
564
564
  e,
565
565
  s
566
- ), y("loginUrl", E.String, this, s, "LOGIN_URL"), y("refreshTokenType", E.String, this, s, "OAUTH_REFRESH_TOKEN_TYPE"), y("refreshTokenCookieName", E.String, this, s, "OAUTH_REFRESH_TOKEN_COOKIE_NAME"), y("refreshTokenCookieDomain", E.String, this, s, "OAUTH_REFRESH_TOKEN_COOKIE_DOMAIN"), y("refreshTokenCookieHttpOnly", E.Boolean, this, s, "OAUTH_REFRESH_TOKEN_COOKIE_HTTPONLY"), y("refreshTokenCookiePath", E.String, this, s, "OAUTH_REFRESH_TOKEN_COOKIE_PATH"), y("refreshTokenCookieSecure", E.Boolean, this, s, "OAUTH_REFRESH_TOKEN_COOKIE_SECURE"), y("refreshTokenCookieSameSite", E.String, this, s, "OAUTH_REFRESH_TOKEN_COOKIE_SAMESITE"), y("authorizeEndpointUrl", E.String, this, s, "OAUTH_AUTHORIZE_ENDPOINT"), y("tokenEndpointUrl", E.String, this, s, "OAUTH_TOKEN_ENDPOINT"), y("jwksEndpointUrl", E.String, this, s, "OAUTH_JWKS_ENDPOINT"), this.refreshTokenType != "json" && (((i = this.svelteKitServer.sessionServer) == null ? void 0 : i.enableCsrfProtection) == !0 ? this.csrfTokens = this.svelteKitServer.sessionServer.sessionManager.csrfTokens : this.csrfTokens = new ee(s.doubleSubmitCookieOptions));
566
+ ), y("loginUrl", E.String, this, s, "LOGIN_URL"), y("refreshTokenType", E.String, this, s, "OAUTH_REFRESH_TOKEN_TYPE"), y("refreshTokenCookieName", E.String, this, s, "OAUTH_REFRESH_TOKEN_COOKIE_NAME"), y("refreshTokenCookieDomain", E.String, this, s, "OAUTH_REFRESH_TOKEN_COOKIE_DOMAIN"), y("refreshTokenCookieHttpOnly", E.Boolean, this, s, "OAUTH_REFRESH_TOKEN_COOKIE_HTTPONLY"), y("refreshTokenCookiePath", E.String, this, s, "OAUTH_REFRESH_TOKEN_COOKIE_PATH"), y("refreshTokenCookieSecure", E.Boolean, this, s, "OAUTH_REFRESH_TOKEN_COOKIE_SECURE"), y("refreshTokenCookieSameSite", E.String, this, s, "OAUTH_REFRESH_TOKEN_COOKIE_SAMESITE"), y("authorizeEndpointUrl", E.String, this, s, "OAUTH_AUTHORIZE_ENDPOINT"), y("tokenEndpointUrl", E.String, this, s, "OAUTH_TOKEN_ENDPOINT"), y("jwksEndpointUrl", E.String, this, s, "OAUTH_JWKS_ENDPOINT"), this.refreshTokenType != "json" && (((a = this.svelteKitServer.sessionServer) == null ? void 0 : a.enableCsrfProtection) == !0 ? this.csrfTokens = this.svelteKitServer.sessionServer.sessionManager.csrfTokens : this.csrfTokens = new ee(s.doubleSubmitCookieOptions));
567
567
  }
568
568
  /**
569
569
  * Returns this server's OIDC configuration. Just wraps
@@ -585,45 +585,45 @@ class ce {
585
585
  responseType: t,
586
586
  client_id: e,
587
587
  redirect_uri: s,
588
- scope: i,
589
- state: a,
588
+ scope: a,
589
+ state: i,
590
590
  codeChallenge: n,
591
591
  codeChallengeMethod: l
592
592
  }) {
593
- let f, g, w;
593
+ let u, g, w;
594
594
  if (o) {
595
595
  const m = await this.authServer.authorizeGetEndpoint({
596
596
  responseType: t,
597
597
  client_id: e,
598
598
  redirect_uri: s,
599
- scope: i,
600
- state: a,
599
+ scope: a,
600
+ state: i,
601
601
  codeChallenge: n,
602
602
  codeChallengeMethod: l,
603
603
  user: r.locals.user
604
604
  });
605
- if (w = m.code, f = m.error, g = m.error_description, f || !w) {
605
+ if (w = m.code, u = m.error, g = m.error_description, u || !w) {
606
606
  const S = c.fromOAuthError(
607
- f ?? "server_error",
607
+ u ?? "server_error",
608
608
  g ?? "Neither code nor error received"
609
609
  );
610
- return d.logger.error(u({ cerr: S })), {
610
+ return d.logger.error(f({ cerr: S })), {
611
611
  ok: !1,
612
- error: f,
612
+ error: u,
613
613
  error_description: g
614
614
  };
615
615
  }
616
616
  throw this.redirect(302, this.authServer.redirect_uri(
617
617
  s,
618
618
  w,
619
- a
619
+ i
620
620
  ));
621
621
  } else {
622
622
  const m = new c(
623
623
  h.Unauthorized,
624
624
  "You have not granted access"
625
625
  );
626
- d.logger.debug(u({ err: m })), d.logger.error(u({ cerr: m })), d.logger.error(u({
626
+ d.logger.debug(f({ err: m })), d.logger.error(f({ cerr: m })), d.logger.error(f({
627
627
  msg: g,
628
628
  errorCode: m.code,
629
629
  errorCodeName: m.codeName
@@ -632,7 +632,7 @@ class ce {
632
632
  throw B.validateUri(s), this.redirect(302, s + "?error=access_denied&error_description=" + encodeURIComponent("Access was not granted"));
633
633
  } catch (S) {
634
634
  if (p.isSvelteKitError(S) || p.isSvelteKitRedirect(S)) throw S;
635
- return d.logger.error(u({
635
+ return d.logger.error(f({
636
636
  msg: `Couldn't send error message ${m.codeName} to ${s}}`
637
637
  })), {
638
638
  ok: !1,
@@ -690,13 +690,13 @@ class ce {
690
690
  if (o = this.requireGetParam(r, "client_id"), o) return { error: o };
691
691
  if (o = this.requireGetParam(r, "redirect_uri"), o) return { error: o };
692
692
  if (o = this.requireGetParam(r, "state"), o) return { error: o };
693
- const t = r.url.searchParams.get("response_type") ?? "", e = r.url.searchParams.get("client_id") ?? "", s = r.url.searchParams.get("redirect_uri") ?? "", i = r.url.searchParams.get("scope") ?? void 0, a = r.url.searchParams.get("state") ?? "", n = r.url.searchParams.get("code_challenge") ?? void 0, l = r.url.searchParams.get("code_challenge_method") ?? void 0;
693
+ const t = r.url.searchParams.get("response_type") ?? "", e = r.url.searchParams.get("client_id") ?? "", s = r.url.searchParams.get("redirect_uri") ?? "", a = r.url.searchParams.get("scope") ?? void 0, i = r.url.searchParams.get("state") ?? "", n = r.url.searchParams.get("code_challenge") ?? void 0, l = r.url.searchParams.get("code_challenge_method") ?? void 0;
694
694
  return { query: {
695
695
  response_type: t,
696
696
  client_id: e,
697
697
  redirect_uri: s,
698
- scope: i,
699
- state: a,
698
+ scope: a,
699
+ state: i,
700
700
  code_challenge: n,
701
701
  code_challenge_method: l
702
702
  }, error: { error: "Unknown error", error_description: "Unknown error", ok: !0 } };
@@ -710,18 +710,18 @@ class ce {
710
710
  if (e = this.requireBodyParam(t, "challenge_type"), e) return { error: e };
711
711
  if (e = this.requireBodyParam(t, "mfa_token"), e) return { error: e };
712
712
  if (e = this.requireBodyParam(t, "authenticator_id"), e) return { error: e };
713
- const s = t.client_id ?? "", i = t.challenge_type ?? "", a = t.mfa_token ?? "", n = t.authenticator_id ?? "", l = t.client_secret ?? void 0;
713
+ const s = t.client_id ?? "", a = t.challenge_type ?? "", i = t.mfa_token ?? "", n = t.authenticator_id ?? "", l = t.client_secret ?? void 0;
714
714
  return { query: {
715
715
  client_id: s,
716
716
  client_secret: l,
717
- challenge_type: i,
718
- mfa_token: a,
717
+ challenge_type: a,
718
+ mfa_token: i,
719
719
  authenticator_id: n
720
720
  }, error: { error: "Unknown error", error_description: "Unknown error", ok: !0 } };
721
721
  }
722
722
  async mfaAuthenticators(r) {
723
- var i;
724
- const o = (i = r.request.headers.get("authorization")) == null ? void 0 : i.split(" ");
723
+ var a;
724
+ const o = (a = r.request.headers.get("authorization")) == null ? void 0 : a.split(" ");
725
725
  if (!o || o.length != 2)
726
726
  return {
727
727
  error: "access_denied",
@@ -752,65 +752,65 @@ class ce {
752
752
  let t = r.client_id, e = r.client_secret;
753
753
  const s = o.request.headers.get("authorization");
754
754
  if (s) {
755
- let i, a;
755
+ let a, i;
756
756
  const n = s.split(" ");
757
757
  if (n.length == 2 && n[0].toLocaleLowerCase() == "basic") {
758
- const f = F.base64Decode(n[1]).split(":", 2);
759
- f.length == 2 && (i = f[0], a = f[1]);
758
+ const u = F.base64Decode(n[1]).split(":", 2);
759
+ u.length == 2 && (a = u[0], i = u[1]);
760
760
  }
761
- i == null || a == null ? d.logger.warn(u({
761
+ a == null || i == null ? d.logger.warn(f({
762
762
  msg: "Ignoring malform authenization header " + s
763
- })) : (t = i, e = a);
763
+ })) : (t = a, e = i);
764
764
  }
765
765
  return { client_id: t, client_secret: e };
766
766
  }
767
767
  async applyUserCode(r, o, t) {
768
- var e, s, i;
768
+ var e, s, a;
769
769
  try {
770
- const a = await this.authServer.deviceEndpoint({ userCode: r, user: t });
771
- if (a.error)
770
+ const i = await this.authServer.deviceEndpoint({ userCode: r, user: t });
771
+ if (i.error)
772
772
  return {
773
773
  ok: !1,
774
774
  completed: !1,
775
775
  retryAllowed: !1,
776
- error: a.error,
777
- error_description: a.error_description
776
+ error: i.error,
777
+ error_description: i.error_description
778
778
  };
779
- if (!a.client_id)
780
- return d.logger.error(u({ msg: "No client id found for user code", userCodeHash: F.hash(r), ip: o.request.referrer, username: (e = o.locals.user) == null ? void 0 : e.username })), {
779
+ if (!i.client_id)
780
+ return d.logger.error(f({ msg: "No client id found for user code", userCodeHash: F.hash(r), ip: o.request.referrer, username: (e = o.locals.user) == null ? void 0 : e.username })), {
781
781
  ok: !1,
782
782
  completed: !1,
783
783
  retryAllowed: !1,
784
784
  error: "server_error",
785
785
  error_description: "No client id found for user code"
786
786
  };
787
- if (a.error == "access_denied")
788
- return d.logger.error(u({ msg: "Incorrect user code given", userCodeHash: F.hash(r), ip: o.request.referrer, username: (s = o.locals.user) == null ? void 0 : s.username })), this.authServer.userCodeThrottle > 0 && await ((f) => new Promise((g) => setTimeout(g, f)))(this.authServer.userCodeThrottle), {
787
+ if (i.error == "access_denied")
788
+ return d.logger.error(f({ msg: "Incorrect user code given", userCodeHash: F.hash(r), ip: o.request.referrer, username: (s = o.locals.user) == null ? void 0 : s.username })), this.authServer.userCodeThrottle > 0 && await ((u) => new Promise((g) => setTimeout(g, u)))(this.authServer.userCodeThrottle), {
789
789
  ok: !1,
790
790
  completed: !1,
791
791
  retryAllowed: !0,
792
- error: a.error,
793
- error_description: a.error_description
792
+ error: i.error,
793
+ error_description: i.error_description
794
794
  };
795
- if (a.error == "expired_token")
796
- return d.logger.error(u({ msg: "Expired user code", userCodeHash: F.hash(r), ip: o.request.referrer, username: (i = o.locals.user) == null ? void 0 : i.username })), {
795
+ if (i.error == "expired_token")
796
+ return d.logger.error(f({ msg: "Expired user code", userCodeHash: F.hash(r), ip: o.request.referrer, username: (a = o.locals.user) == null ? void 0 : a.username })), {
797
797
  ok: !1,
798
798
  completed: !1,
799
799
  retryAllowed: !1,
800
- error: a.error,
801
- error_description: a.error_description
800
+ error: i.error,
801
+ error_description: i.error_description
802
802
  };
803
- const n = await this.clientStorage.getClientById(a.client_id);
804
- return a.scopeAuthorizationNeeded ? {
803
+ const n = await this.clientStorage.getClientById(i.client_id);
804
+ return i.scopeAuthorizationNeeded ? {
805
805
  ok: !0,
806
806
  completed: !1,
807
807
  retryAllowed: !0,
808
808
  authorizationNeeded: {
809
809
  user: t,
810
- client_id: a.client_id,
810
+ client_id: i.client_id,
811
811
  client_name: n.client_name,
812
- scope: a.scope,
813
- scopes: a.scope ? a.scope.split(" ") : [],
812
+ scope: i.scope,
813
+ scopes: i.scope ? i.scope.split(" ") : [],
814
814
  csrfToken: o.locals.csrfToken
815
815
  },
816
816
  user: o.locals.user,
@@ -823,9 +823,9 @@ class ce {
823
823
  user: o.locals.user,
824
824
  csrfToken: o.locals.csrfToken
825
825
  };
826
- } catch (a) {
827
- const n = c.asCrossauthError(a);
828
- return d.logger.debug(u({ err: n })), d.logger.error(u({ msg: n.message, cerr: n })), {
826
+ } catch (i) {
827
+ const n = c.asCrossauthError(i);
828
+ return d.logger.debug(f({ err: n })), d.logger.error(f({ msg: n.message, cerr: n })), {
829
829
  ok: !1,
830
830
  completed: !1,
831
831
  retryAllowed: !0,
@@ -853,7 +853,7 @@ class ce {
853
853
  }
854
854
  }
855
855
  async function W(k, r, o) {
856
- return d.logger.debug(u({ err: o })), d.logger.error(u({ cerr: o })), v({
856
+ return d.logger.debug(f({ err: o })), d.logger.error(f({ cerr: o })), v({
857
857
  ok: !1,
858
858
  status: o.httpStatus,
859
859
  errorMessage: o.message,
@@ -872,7 +872,7 @@ function O(k) {
872
872
  try {
873
873
  r = JSON.parse(F.base64Decode(k.split(".")[1]));
874
874
  } catch {
875
- d.logger.error(u({ msg: "Couldn't decode id token" }));
875
+ d.logger.error(f({ msg: "Couldn't decode id token" }));
876
876
  }
877
877
  return r;
878
878
  }
@@ -885,42 +885,42 @@ function L(k, r) {
885
885
  if (k.access_token)
886
886
  try {
887
887
  if (k.access_token && r.includes("access")) {
888
- const s = (o = M(k.access_token)) == null ? void 0 : o.jti, i = s ? F.hash(s) : void 0;
889
- d.logger.debug(u({
888
+ const s = (o = M(k.access_token)) == null ? void 0 : o.jti, a = s ? F.hash(s) : void 0;
889
+ d.logger.debug(f({
890
890
  msg: "Got access token",
891
- accessTokenHash: i
891
+ accessTokenHash: a
892
892
  }));
893
893
  }
894
894
  } catch (s) {
895
- d.logger.debug(u({ err: s }));
895
+ d.logger.debug(f({ err: s }));
896
896
  }
897
897
  if (k.id_token)
898
898
  try {
899
899
  if (k.id_token && r.includes("id")) {
900
- const s = (t = M(k.id_token)) == null ? void 0 : t.jti, i = s ? F.hash(s) : void 0;
901
- d.logger.debug(u({
900
+ const s = (t = M(k.id_token)) == null ? void 0 : t.jti, a = s ? F.hash(s) : void 0;
901
+ d.logger.debug(f({
902
902
  msg: "Got id token",
903
- idTokenHash: i
903
+ idTokenHash: a
904
904
  }));
905
905
  }
906
906
  } catch (s) {
907
- d.logger.debug(u({ err: s }));
907
+ d.logger.debug(f({ err: s }));
908
908
  }
909
909
  if (k.refresh_token && r.includes("refresh"))
910
910
  try {
911
911
  if (k.refresh_token) {
912
- const s = (e = M(k.refresh_token)) == null ? void 0 : e.jti, i = s ? F.hash(s) : void 0;
913
- d.logger.debug(u({
912
+ const s = (e = M(k.refresh_token)) == null ? void 0 : e.jti, a = s ? F.hash(s) : void 0;
913
+ d.logger.debug(f({
914
914
  msg: "Got refresh token",
915
- refreshTokenHash: i
915
+ refreshTokenHash: a
916
916
  }));
917
917
  }
918
918
  } catch (s) {
919
- d.logger.debug(u({ err: s }));
919
+ d.logger.debug(f({ err: s }));
920
920
  }
921
921
  }
922
922
  async function j(k, r, o) {
923
- var i, a, n, l;
923
+ var a, i, n, l;
924
924
  if (!r.server.sessionAdapter)
925
925
  throw new c(
926
926
  h.Configuration,
@@ -928,8 +928,8 @@ async function j(k, r, o) {
928
928
  );
929
929
  let t = k.expires_in;
930
930
  if (!t && k.access_token && r.jwtTokens.includes("access")) {
931
- const f = M(k.access_token);
932
- f.exp && (t = f.exp);
931
+ const u = M(k.access_token);
932
+ u.exp && (t = u.exp);
933
933
  }
934
934
  if (!t)
935
935
  throw new c(
@@ -939,16 +939,16 @@ async function j(k, r, o) {
939
939
  const e = Date.now() + t * 1e3;
940
940
  let s = { ...k, expires_at: e };
941
941
  if ("id_token" in k) {
942
- let f = O(k.id_token);
943
- f && (s.id_token = f);
942
+ let u = O(k.id_token);
943
+ u && (s.id_token = u);
944
944
  }
945
945
  if (r.server.sessionServer) {
946
- let f = (i = r.server.sessionServer) == null ? void 0 : i.getSessionCookieValue(o);
947
- f ? await ((n = r.server.sessionAdapter) == null ? void 0 : n.updateSessionData(
946
+ let u = (a = r.server.sessionServer) == null ? void 0 : a.getSessionCookieValue(o);
947
+ u ? await ((n = r.server.sessionAdapter) == null ? void 0 : n.updateSessionData(
948
948
  o,
949
949
  r.sessionDataName,
950
950
  s
951
- )) : f = await ((a = r.server.sessionServer) == null ? void 0 : a.createAnonymousSession(
951
+ )) : u = await ((i = r.server.sessionServer) == null ? void 0 : i.createAnonymousSession(
952
952
  o,
953
953
  { [r.sessionDataName]: s }
954
954
  ));
@@ -977,8 +977,8 @@ async function de(k, r, o, t, e) {
977
977
  if (!t) return r.redirect(302, r.authorizedUrl);
978
978
  } catch (s) {
979
979
  if (p.isSvelteKitError(s) || p.isSvelteKitRedirect(s)) throw s;
980
- const i = c.asCrossauthError(s);
981
- return d.logger.debug(u({ err: i })), d.logger.debug(u({ cerr: i, msg: "Error receiving tokens" })), r.errorFn(r.server, o, i);
980
+ const a = c.asCrossauthError(s);
981
+ return d.logger.debug(f({ err: a })), d.logger.debug(f({ cerr: a, msg: "Error receiving tokens" })), r.errorFn(r.server, o, a);
982
982
  }
983
983
  }
984
984
  async function he(k, r, o, t, e) {
@@ -999,8 +999,8 @@ async function he(k, r, o, t, e) {
999
999
  return v({ ok: !0, ...k });
1000
1000
  } catch (s) {
1001
1001
  if (p.isSvelteKitError(s) || p.isSvelteKitRedirect(s)) throw s;
1002
- const i = c.asCrossauthError(s);
1003
- return d.logger.debug(u({ err: i })), d.logger.debug(u({ cerr: i, msg: "Error receiving tokens" })), r.errorFn(r.server, o, i);
1002
+ const a = c.asCrossauthError(s);
1003
+ return d.logger.debug(f({ err: a })), d.logger.debug(f({ cerr: a, msg: "Error receiving tokens" })), r.errorFn(r.server, o, a);
1004
1004
  }
1005
1005
  }
1006
1006
  async function ue(k, r, o, t, e) {
@@ -1020,11 +1020,11 @@ async function ue(k, r, o, t, e) {
1020
1020
  return r.jwtTokens.includes("id") && (s.id_payload = O(k.id_token)), s.id_payload && await e(o, s.id_payload), s;
1021
1021
  } catch (s) {
1022
1022
  if (p.isSvelteKitError(s) || p.isSvelteKitRedirect(s)) throw s;
1023
- const i = c.asCrossauthError(s);
1024
- return d.logger.debug(u({ err: i })), d.logger.debug(u({ cerr: i, msg: "Error receiving tokens" })), {
1023
+ const a = c.asCrossauthError(s);
1024
+ return d.logger.debug(f({ err: a })), d.logger.debug(f({ cerr: a, msg: "Error receiving tokens" })), {
1025
1025
  ok: !1,
1026
- error: i.oauthErrorCode,
1027
- error_description: i.message
1026
+ error: a.oauthErrorCode,
1027
+ error_description: a.message
1028
1028
  };
1029
1029
  }
1030
1030
  }
@@ -1045,7 +1045,7 @@ async function fe(k, r, o, t) {
1045
1045
  } catch (e) {
1046
1046
  if (p.isSvelteKitError(e) || p.isSvelteKitRedirect(e)) throw e;
1047
1047
  const s = c.asCrossauthError(e);
1048
- return d.logger.debug(u({ err: s })), d.logger.debug(u({ cerr: s, msg: "Error receiving tokens" })), {
1048
+ return d.logger.debug(f({ err: s })), d.logger.debug(f({ cerr: s, msg: "Error receiving tokens" })), {
1049
1049
  ok: !1,
1050
1050
  error: s.oauthErrorCode,
1051
1051
  error_description: s.message
@@ -1073,22 +1073,22 @@ class G extends re {
1073
1073
  }
1074
1074
  let s = e.url.searchParams.get("scope") ?? void 0;
1075
1075
  s == "" && (s = void 0);
1076
- const { url: i, error: a, error_description: n } = await this.startAuthorizationCodeFlow(s);
1077
- if (a || !i) {
1076
+ const { url: a, error: i, error_description: n } = await this.startAuthorizationCodeFlow(s);
1077
+ if (i || !a) {
1078
1078
  const l = c.fromOAuthError(
1079
- a ?? "server_error",
1079
+ i ?? "server_error",
1080
1080
  n
1081
1081
  );
1082
1082
  return await this.errorFn(this.server, e, l);
1083
1083
  }
1084
- throw d.logger.debug(u({
1084
+ throw d.logger.debug(f({
1085
1085
  msg: "Authorization code flow: redirecting",
1086
- url: i
1087
- })), this.redirect(302, i);
1086
+ url: a
1087
+ })), this.redirect(302, a);
1088
1088
  } catch (s) {
1089
1089
  if (p.isSvelteKitRedirect(s) || p.isSvelteKitError(s)) throw s;
1090
- const i = c.asCrossauthError(s);
1091
- return d.logger.debug({ err: s }), d.logger.error({ cerr: s }), this.errorFn(this.server, e, i);
1090
+ const a = c.asCrossauthError(s);
1091
+ return d.logger.debug({ err: s }), d.logger.error({ cerr: s }), this.errorFn(this.server, e, a);
1092
1092
  }
1093
1093
  },
1094
1094
  load: async (e) => {
@@ -1114,10 +1114,10 @@ class G extends re {
1114
1114
  }
1115
1115
  let s = e.url.searchParams.get("scope") ?? void 0;
1116
1116
  s == "" && (s = void 0);
1117
- const { url: i, error: a, error_description: n } = await this.startAuthorizationCodeFlow(s);
1118
- if (a || !i) {
1117
+ const { url: a, error: i, error_description: n } = await this.startAuthorizationCodeFlow(s);
1118
+ if (i || !a) {
1119
1119
  const l = c.fromOAuthError(
1120
- a ?? "server_error",
1120
+ i ?? "server_error",
1121
1121
  n
1122
1122
  );
1123
1123
  return {
@@ -1126,17 +1126,17 @@ class G extends re {
1126
1126
  error_description: l.message
1127
1127
  };
1128
1128
  }
1129
- throw d.logger.debug(u({
1129
+ throw d.logger.debug(f({
1130
1130
  msg: "Authorization code flow: redirecting",
1131
- url: i
1132
- })), this.redirect(302, i);
1131
+ url: a
1132
+ })), this.redirect(302, a);
1133
1133
  } catch (s) {
1134
1134
  if (p.isSvelteKitRedirect(s) || p.isSvelteKitError(s)) throw s;
1135
- const i = c.asCrossauthError(s);
1135
+ const a = c.asCrossauthError(s);
1136
1136
  return d.logger.debug({ err: s }), d.logger.error({ cerr: s }), {
1137
1137
  ok: !1,
1138
- error: i.oauthErrorCode,
1139
- error_description: i.message
1138
+ error: a.oauthErrorCode,
1139
+ error_description: a.message
1140
1140
  };
1141
1141
  }
1142
1142
  }
@@ -1153,25 +1153,25 @@ class G extends re {
1153
1153
  }
1154
1154
  let s = e.url.searchParams.get("scope") ?? void 0;
1155
1155
  s == "" && (s = void 0);
1156
- const { url: i, error: a, error_description: n } = await this.startAuthorizationCodeFlow(s, !0);
1157
- if (a || !i) {
1156
+ const { url: a, error: i, error_description: n } = await this.startAuthorizationCodeFlow(s, !0);
1157
+ if (i || !a) {
1158
1158
  const l = c.fromOAuthError(
1159
- a ?? "server_error",
1159
+ i ?? "server_error",
1160
1160
  n
1161
1161
  );
1162
1162
  return await this.errorFn(this.server, e, l);
1163
1163
  }
1164
- throw d.logger.debug(u({
1164
+ throw d.logger.debug(f({
1165
1165
  msg: "Authorization code flow: redirecting",
1166
- url: i
1167
- })), this.redirect(302, i);
1166
+ url: a
1167
+ })), this.redirect(302, a);
1168
1168
  } catch (s) {
1169
1169
  if (p.isSvelteKitRedirect(s) || p.isSvelteKitError(s)) throw s;
1170
- const i = c.asCrossauthError(s);
1170
+ const a = c.asCrossauthError(s);
1171
1171
  return d.logger.debug({ err: s }), d.logger.error({ cerr: s }), v({
1172
- error: i.oauthErrorCode,
1173
- error_description: i.message
1174
- }, { status: i.httpStatus });
1172
+ error: a.oauthErrorCode,
1173
+ error_description: a.message
1174
+ }, { status: a.httpStatus });
1175
1175
  }
1176
1176
  },
1177
1177
  load: async (e) => {
@@ -1197,10 +1197,10 @@ class G extends re {
1197
1197
  }
1198
1198
  let s = e.url.searchParams.get("scope") ?? void 0;
1199
1199
  s == "" && (s = void 0);
1200
- const { url: i, error: a, error_description: n } = await this.startAuthorizationCodeFlow(s, !0);
1201
- if (a || !i) {
1200
+ const { url: a, error: i, error_description: n } = await this.startAuthorizationCodeFlow(s, !0);
1201
+ if (i || !a) {
1202
1202
  const l = c.fromOAuthError(
1203
- a ?? "server_error",
1203
+ i ?? "server_error",
1204
1204
  n
1205
1205
  );
1206
1206
  return {
@@ -1209,17 +1209,17 @@ class G extends re {
1209
1209
  error_description: l.message
1210
1210
  };
1211
1211
  }
1212
- throw d.logger.debug(u({
1212
+ throw d.logger.debug(f({
1213
1213
  msg: "Authorization code flow: redirecting",
1214
- url: i
1215
- })), this.redirect(302, i);
1214
+ url: a
1215
+ })), this.redirect(302, a);
1216
1216
  } catch (s) {
1217
1217
  if (p.isSvelteKitRedirect(s) || p.isSvelteKitError(s)) throw s;
1218
- const i = c.asCrossauthError(s);
1218
+ const a = c.asCrossauthError(s);
1219
1219
  return d.logger.debug({ err: s }), d.logger.error({ cerr: s }), {
1220
1220
  ok: !1,
1221
- error: i.oauthErrorCode,
1222
- error_description: i.message
1221
+ error: a.oauthErrorCode,
1222
+ error_description: a.message
1223
1223
  };
1224
1224
  }
1225
1225
  }
@@ -1231,25 +1231,25 @@ class G extends re {
1231
1231
  }
1232
1232
  try {
1233
1233
  if (!(this.validFlows.includes(_.AuthorizationCode) || this.validFlows.includes(_.AuthorizationCodeWithPKCE) || this.validFlows.includes(_.OidcAuthorizationCode))) {
1234
- const f = new c(h.Unauthorized, "Authorization flows are not supported");
1235
- return this.errorFn(this.server, e, f);
1234
+ const u = new c(h.Unauthorized, "Authorization flows are not supported");
1235
+ return this.errorFn(this.server, e, u);
1236
1236
  }
1237
- const s = e.url.searchParams.get("code") ?? "", i = e.url.searchParams.get("state") ?? void 0, a = e.url.searchParams.get("error") ?? void 0, n = e.url.searchParams.get("error") ?? void 0, l = this.errorIfIdTokenInvalid(await this.redirectEndpoint(
1237
+ const s = e.url.searchParams.get("code") ?? "", a = e.url.searchParams.get("state") ?? void 0, i = e.url.searchParams.get("error") ?? void 0, n = e.url.searchParams.get("error") ?? void 0, l = this.errorIfIdTokenInvalid(await this.redirectEndpoint(
1238
1238
  s,
1239
- i,
1240
1239
  a,
1240
+ i,
1241
1241
  n
1242
1242
  ));
1243
1243
  if (l.error) return this.errorFn(this.server, e, c.fromOAuthError(l.error, l.error_description));
1244
1244
  if (l.error) {
1245
- const f = c.fromOAuthError(
1245
+ const u = c.fromOAuthError(
1246
1246
  l.error,
1247
1247
  l.error_description
1248
1248
  );
1249
1249
  return await this.errorFn(
1250
1250
  this.server,
1251
1251
  e,
1252
- f
1252
+ u
1253
1253
  );
1254
1254
  }
1255
1255
  return await this.receiveTokenFn(
@@ -1261,8 +1261,8 @@ class G extends re {
1261
1261
  );
1262
1262
  } catch (s) {
1263
1263
  if (p.isSvelteKitRedirect(s) || p.isSvelteKitError(s)) throw s;
1264
- const i = c.asCrossauthError(s);
1265
- return d.logger.debug({ err: s }), d.logger.error({ cerr: s }), this.errorFn(this.server, e, i);
1264
+ const a = c.asCrossauthError(s);
1265
+ return d.logger.debug({ err: s }), d.logger.error({ cerr: s }), this.errorFn(this.server, e, a);
1266
1266
  }
1267
1267
  },
1268
1268
  load: async (e) => {
@@ -1286,10 +1286,10 @@ class G extends re {
1286
1286
  error_description: g.message
1287
1287
  };
1288
1288
  }
1289
- const s = e.url.searchParams.get("code") ?? "", i = e.url.searchParams.get("state") ?? void 0, a = e.url.searchParams.get("error") ?? void 0, n = e.url.searchParams.get("error") ?? void 0, l = this.errorIfIdTokenInvalid(await this.redirectEndpoint(
1289
+ const s = e.url.searchParams.get("code") ?? "", a = e.url.searchParams.get("state") ?? void 0, i = e.url.searchParams.get("error") ?? void 0, n = e.url.searchParams.get("error") ?? void 0, l = this.errorIfIdTokenInvalid(await this.redirectEndpoint(
1290
1290
  s,
1291
- i,
1292
1291
  a,
1292
+ i,
1293
1293
  n
1294
1294
  ));
1295
1295
  if (l.error) return {
@@ -1308,43 +1308,43 @@ class G extends re {
1308
1308
  error_description: g.message
1309
1309
  };
1310
1310
  }
1311
- const f = await this.receiveTokenFn(
1311
+ const u = await this.receiveTokenFn(
1312
1312
  l,
1313
1313
  this,
1314
1314
  e,
1315
1315
  !1,
1316
1316
  this.setEventLocalsUser
1317
1317
  );
1318
- return f instanceof Response ? {
1318
+ return u instanceof Response ? {
1319
1319
  ok: !1,
1320
1320
  error: "server_error",
1321
1321
  error_description: "When using load, receiveTokenFn should return an object not a Response"
1322
- } : f == null ? {
1322
+ } : u == null ? {
1323
1323
  ok: !1,
1324
1324
  error: "server_error",
1325
1325
  error_description: "No response received from receiveTokenFn"
1326
- } : f.error ? {
1326
+ } : u.error ? {
1327
1327
  ok: !1,
1328
- error: f.error,
1329
- error_description: f.error_description
1328
+ error: u.error,
1329
+ error_description: u.error_description
1330
1330
  } : {
1331
- ...f
1331
+ ...u
1332
1332
  };
1333
1333
  } catch (s) {
1334
1334
  if (p.isSvelteKitRedirect(s) || p.isSvelteKitError(s)) throw s;
1335
- const i = c.asCrossauthError(s);
1335
+ const a = c.asCrossauthError(s);
1336
1336
  return d.logger.debug({ err: s }), d.logger.error({ cerr: s }), {
1337
1337
  ok: !1,
1338
- error: i.oauthErrorCode,
1339
- error_description: i.message
1338
+ error: a.oauthErrorCode,
1339
+ error_description: a.message
1340
1340
  };
1341
1341
  }
1342
1342
  }
1343
1343
  }, this.clientCredentialsFlowEndpoint = {
1344
1344
  post: async (e) => {
1345
1345
  if (this.tokenResponseType == "saveInSessionAndLoad" || this.tokenResponseType == "sendInPage") {
1346
- const a = new c(h.Configuration, "If tokenResponseType is " + this.tokenResponseType + ", use actions not post");
1347
- return this.errorFn(this.server, e, a);
1346
+ const i = new c(h.Configuration, "If tokenResponseType is " + this.tokenResponseType + ", use actions not post");
1347
+ return this.errorFn(this.server, e, i);
1348
1348
  }
1349
1349
  let s;
1350
1350
  try {
@@ -1352,13 +1352,13 @@ class G extends re {
1352
1352
  const l = new c(h.Unauthorized, "Client credentials flow is not supported");
1353
1353
  return this.errorFn(this.server, e, l);
1354
1354
  }
1355
- var i = new b();
1356
- await i.loadData(e), s = i.toObject();
1357
- const a = this.errorIfIdTokenInvalid(await this.clientCredentialsFlow(s == null ? void 0 : s.scope));
1358
- if (a.error) {
1355
+ var a = new b();
1356
+ await a.loadData(e), s = a.toObject();
1357
+ const i = this.errorIfIdTokenInvalid(await this.clientCredentialsFlow(s == null ? void 0 : s.scope));
1358
+ if (i.error) {
1359
1359
  const l = c.fromOAuthError(
1360
- a.error,
1361
- a.error_description
1360
+ i.error,
1361
+ i.error_description
1362
1362
  );
1363
1363
  return await this.errorFn(
1364
1364
  this.server,
@@ -1367,17 +1367,17 @@ class G extends re {
1367
1367
  );
1368
1368
  }
1369
1369
  const n = await this.receiveTokenFn(
1370
- a,
1370
+ i,
1371
1371
  this,
1372
1372
  e,
1373
1373
  !1,
1374
1374
  this.setEventLocalsUser
1375
1375
  );
1376
1376
  return n instanceof Response ? n : this.pack(n);
1377
- } catch (a) {
1378
- if (p.isSvelteKitRedirect(a) || p.isSvelteKitError(a)) throw a;
1379
- const n = c.asCrossauthError(a);
1380
- return d.logger.debug({ err: a }), d.logger.error({ cerr: a }), this.errorFn(this.server, e, n);
1377
+ } catch (i) {
1378
+ if (p.isSvelteKitRedirect(i) || p.isSvelteKitError(i)) throw i;
1379
+ const n = c.asCrossauthError(i);
1380
+ return d.logger.debug({ err: i }), d.logger.error({ cerr: i }), this.errorFn(this.server, e, n);
1381
1381
  }
1382
1382
  },
1383
1383
  actions: {
@@ -1391,25 +1391,25 @@ class G extends re {
1391
1391
  try {
1392
1392
  if (!this.validFlows.includes(_.ClientCredentials))
1393
1393
  throw new c(h.Unauthorized, "Client credentials flow is not supported");
1394
- var i = new b();
1395
- await i.loadData(e), s = i.toObject();
1396
- const a = this.errorIfIdTokenInvalid(await this.clientCredentialsFlow(s == null ? void 0 : s.scope));
1397
- if (a.error)
1394
+ var a = new b();
1395
+ await a.loadData(e), s = a.toObject();
1396
+ const i = this.errorIfIdTokenInvalid(await this.clientCredentialsFlow(s == null ? void 0 : s.scope));
1397
+ if (i.error)
1398
1398
  throw c.fromOAuthError(
1399
- a.error,
1400
- a.error_description
1399
+ i.error,
1400
+ i.error_description
1401
1401
  );
1402
1402
  return await this.receiveTokenFn(
1403
- a,
1403
+ i,
1404
1404
  this,
1405
1405
  e,
1406
1406
  !1,
1407
1407
  this.setEventLocalsUser
1408
1408
  ) ?? {};
1409
- } catch (a) {
1410
- if (p.isSvelteKitRedirect(a) || p.isSvelteKitError(a)) throw a;
1411
- const n = c.asCrossauthError(a);
1412
- return d.logger.debug({ err: a }), d.logger.error({ cerr: a }), {
1409
+ } catch (i) {
1410
+ if (p.isSvelteKitRedirect(i) || p.isSvelteKitError(i)) throw i;
1411
+ const n = c.asCrossauthError(i);
1412
+ return d.logger.debug({ err: i }), d.logger.error({ cerr: i }), {
1413
1413
  ok: !1,
1414
1414
  error: n.oauthErrorCode,
1415
1415
  error_description: n.message
@@ -1420,45 +1420,45 @@ class G extends re {
1420
1420
  }, this.refreshTokenFlowEndpoint = {
1421
1421
  post: async (e) => {
1422
1422
  if (this.tokenResponseType == "saveInSessionAndLoad" || this.tokenResponseType == "sendInPage") {
1423
- const a = new c(h.Configuration, "If tokenResponseType is " + this.tokenResponseType + ", use actions not post");
1424
- return this.errorFn(this.server, e, a);
1423
+ const i = new c(h.Configuration, "If tokenResponseType is " + this.tokenResponseType + ", use actions not post");
1424
+ return this.errorFn(this.server, e, i);
1425
1425
  }
1426
1426
  let s;
1427
1427
  try {
1428
1428
  if (!this.validFlows.includes(_.RefreshToken)) {
1429
- const f = new c(h.Unauthorized, "Refresh token flow is not supported");
1430
- return this.errorFn(this.server, e, f);
1429
+ const u = new c(h.Unauthorized, "Refresh token flow is not supported");
1430
+ return this.errorFn(this.server, e, u);
1431
1431
  }
1432
- var i = new b();
1433
- if (await i.loadData(e), s = i.toObject(), this.server.sessionAdapter && this.server.sessionAdapter.csrfProtectionEnabled())
1432
+ var a = new b();
1433
+ if (await a.loadData(e), s = a.toObject(), this.server.sessionAdapter && this.server.sessionAdapter.csrfProtectionEnabled())
1434
1434
  try {
1435
1435
  if (!this.server.sessionAdapter.getCsrfToken(e))
1436
1436
  throw new c(h.InvalidCsrf);
1437
- } catch (f) {
1438
- if (p.isSvelteKitError(f) || p.isSvelteKitRedirect(f)) throw f;
1437
+ } catch (u) {
1438
+ if (p.isSvelteKitError(u) || p.isSvelteKitRedirect(u)) throw u;
1439
1439
  const g = new c(h.Unauthorized, "CSRF token not present");
1440
1440
  return this.errorFn(this.server, e, g);
1441
1441
  }
1442
- let a = s.refresh_token;
1443
- if (!a && this.server.sessionAdapter) {
1444
- const f = await this.server.sessionAdapter.getSessionData(e, this.sessionDataName);
1445
- if (!(f != null && f.refresh_token)) {
1442
+ let i = s.refresh_token;
1443
+ if (!i && this.server.sessionAdapter) {
1444
+ const u = await this.server.sessionAdapter.getSessionData(e, this.sessionDataName);
1445
+ if (!(u != null && u.refresh_token)) {
1446
1446
  const g = new c(
1447
1447
  h.BadRequest,
1448
1448
  "No refresh token in session or in parameters"
1449
1449
  );
1450
1450
  return this.errorFn(this.server, e, g);
1451
1451
  }
1452
- a = f.refresh_token;
1452
+ i = u.refresh_token;
1453
1453
  }
1454
- if (!a) {
1455
- const f = new c(
1454
+ if (!i) {
1455
+ const u = new c(
1456
1456
  h.BadRequest,
1457
1457
  "No refresh token supplied"
1458
1458
  );
1459
- return this.errorFn(this.server, e, f);
1459
+ return this.errorFn(this.server, e, u);
1460
1460
  }
1461
- const n = this.errorIfIdTokenInvalid(await this.refreshTokenFlow(a)), l = await this.receiveTokenFn(
1461
+ const n = this.errorIfIdTokenInvalid(await this.refreshTokenFlow(i)), l = await this.receiveTokenFn(
1462
1462
  n,
1463
1463
  this,
1464
1464
  e,
@@ -1467,10 +1467,10 @@ class G extends re {
1467
1467
  );
1468
1468
  if (n && l instanceof Response) return l;
1469
1469
  throw new c(h.UnknownError, "Receive token function did not return a Response");
1470
- } catch (a) {
1471
- if (p.isSvelteKitRedirect(a) || p.isSvelteKitError(a)) throw a;
1472
- const n = c.asCrossauthError(a);
1473
- return d.logger.debug({ err: a }), d.logger.error({ cerr: a }), this.errorFn(this.server, e, n);
1470
+ } catch (i) {
1471
+ if (p.isSvelteKitRedirect(i) || p.isSvelteKitError(i)) throw i;
1472
+ const n = c.asCrossauthError(i);
1473
+ return d.logger.debug({ err: i }), d.logger.error({ cerr: i }), this.errorFn(this.server, e, n);
1474
1474
  }
1475
1475
  },
1476
1476
  actions: {
@@ -1483,33 +1483,33 @@ class G extends re {
1483
1483
  let s;
1484
1484
  try {
1485
1485
  if (!this.validFlows.includes(_.RefreshToken)) {
1486
- const f = new c(h.Unauthorized, "Refresh token flow is not supported");
1487
- return this.errorFn(this.server, e, f);
1486
+ const u = new c(h.Unauthorized, "Refresh token flow is not supported");
1487
+ return this.errorFn(this.server, e, u);
1488
1488
  }
1489
- var i = new b();
1490
- if (await i.loadData(e), s = i.toObject(), this.server.sessionAdapter && this.server.sessionAdapter.csrfProtectionEnabled())
1489
+ var a = new b();
1490
+ if (await a.loadData(e), s = a.toObject(), this.server.sessionAdapter && this.server.sessionAdapter.csrfProtectionEnabled())
1491
1491
  try {
1492
1492
  if (!this.server.sessionAdapter.getCsrfToken(e))
1493
1493
  throw new c(h.InvalidCsrf);
1494
- } catch (f) {
1495
- throw p.isSvelteKitError(f) || p.isSvelteKitRedirect(f) ? f : new c(h.Unauthorized, "CSRF token not present");
1494
+ } catch (u) {
1495
+ throw p.isSvelteKitError(u) || p.isSvelteKitRedirect(u) ? u : new c(h.Unauthorized, "CSRF token not present");
1496
1496
  }
1497
- let a = s.refresh_token;
1498
- if (!a && this.server.sessionAdapter) {
1499
- const f = await this.server.sessionAdapter.getSessionData(e, this.sessionDataName);
1500
- if (!(f != null && f.refresh_token))
1497
+ let i = s.refresh_token;
1498
+ if (!i && this.server.sessionAdapter) {
1499
+ const u = await this.server.sessionAdapter.getSessionData(e, this.sessionDataName);
1500
+ if (!(u != null && u.refresh_token))
1501
1501
  throw new c(
1502
1502
  h.BadRequest,
1503
1503
  "No refresh token in session or in parameters"
1504
1504
  );
1505
- a = f.refresh_token;
1505
+ i = u.refresh_token;
1506
1506
  }
1507
- if (!a)
1507
+ if (!i)
1508
1508
  throw new c(
1509
1509
  h.BadRequest,
1510
1510
  "No refresh token supplied"
1511
1511
  );
1512
- const n = this.errorIfIdTokenInvalid(await this.refreshTokenFlow(a)), l = await this.receiveTokenFn(
1512
+ const n = this.errorIfIdTokenInvalid(await this.refreshTokenFlow(i)), l = await this.receiveTokenFn(
1513
1513
  n,
1514
1514
  this,
1515
1515
  e,
@@ -1518,10 +1518,10 @@ class G extends re {
1518
1518
  ) ?? {};
1519
1519
  if (l instanceof Response) throw new c(h.Configuration, "Refresh token flow should return an object not Response");
1520
1520
  return l;
1521
- } catch (a) {
1522
- if (p.isSvelteKitRedirect(a) || p.isSvelteKitError(a)) throw a;
1523
- const n = c.asCrossauthError(a);
1524
- return d.logger.debug({ err: a }), d.logger.error({ cerr: a }), {
1521
+ } catch (i) {
1522
+ if (p.isSvelteKitRedirect(i) || p.isSvelteKitError(i)) throw i;
1523
+ const n = c.asCrossauthError(i);
1524
+ return d.logger.debug({ err: i }), d.logger.error({ cerr: i }), {
1525
1525
  ok: !1,
1526
1526
  error: n.oauthErrorCode,
1527
1527
  error_description: n.message
@@ -1570,8 +1570,8 @@ class G extends re {
1570
1570
  post: async (e) => {
1571
1571
  const s = await this.startDeviceCodeFlow_internal(e);
1572
1572
  if (s.error) {
1573
- const i = c.fromOAuthError(s.error, s.error_description);
1574
- return v(s, { status: i.httpStatus });
1573
+ const a = c.fromOAuthError(s.error, s.error_description);
1574
+ return v(s, { status: a.httpStatus });
1575
1575
  }
1576
1576
  return v(s);
1577
1577
  }
@@ -1587,40 +1587,40 @@ class G extends re {
1587
1587
  if (s instanceof Response) return s;
1588
1588
  if (s == null) return new Response(null, { status: 204 });
1589
1589
  if (s.error) {
1590
- const i = c.fromOAuthError(s.error, s.error_description);
1591
- return v(s, { status: i.httpStatus });
1590
+ const a = c.fromOAuthError(s.error, s.error_description);
1591
+ return v(s, { status: a.httpStatus });
1592
1592
  }
1593
1593
  return v(s);
1594
1594
  }
1595
1595
  }, this.passwordFlowEndpoint = {
1596
- post: async (e) => await this.passwordFlow_post(e, (s, i) => this.passwordPost(s, i)),
1596
+ post: async (e) => await this.passwordFlow_post(e, (s, a) => this.passwordPost(s, a)),
1597
1597
  actions: {
1598
- password: async (e) => await this.passwordFlow_action(e, (s, i) => this.passwordPost(s, i)),
1599
- passwordOtp: async (e) => await this.passwordFlow_action(e, (s, i) => this.passwordOtp(s, i)),
1600
- passwordOob: async (e) => await this.passwordFlow_action(e, (s, i) => this.passwordOob(s, i))
1598
+ password: async (e) => await this.passwordFlow_action(e, (s, a) => this.passwordPost(s, a)),
1599
+ passwordOtp: async (e) => await this.passwordFlow_action(e, (s, a) => this.passwordOtp(s, a)),
1600
+ passwordOob: async (e) => await this.passwordFlow_action(e, (s, a) => this.passwordOob(s, a))
1601
1601
  }
1602
1602
  }, this.passwordOtpEndpoint = {
1603
- post: async (e) => await this.passwordFlow_post(e, (s, i) => this.passwordOtp(s, i)),
1603
+ post: async (e) => await this.passwordFlow_post(e, (s, a) => this.passwordOtp(s, a)),
1604
1604
  actions: {
1605
- default: async (e) => await this.passwordFlow_action(e, (s, i) => this.passwordOtp(s, i))
1605
+ default: async (e) => await this.passwordFlow_action(e, (s, a) => this.passwordOtp(s, a))
1606
1606
  }
1607
1607
  }, this.passwordOobEndpoint = {
1608
- post: async (e) => await this.passwordFlow_post(e, (s, i) => this.passwordOob(s, i)),
1608
+ post: async (e) => await this.passwordFlow_post(e, (s, a) => this.passwordOob(s, a)),
1609
1609
  actions: {
1610
- default: async (e) => await this.passwordFlow_action(e, (s, i) => this.passwordOob(s, i))
1610
+ default: async (e) => await this.passwordFlow_action(e, (s, a) => this.passwordOob(s, a))
1611
1611
  }
1612
1612
  }, this.deleteTokensEndpoint = {
1613
1613
  post: async (e) => {
1614
- var s, i;
1614
+ var s, a;
1615
1615
  try {
1616
1616
  return await this.deleteSessionData(e), v({ ok: !0 });
1617
- } catch (a) {
1618
- if (p.isSvelteKitRedirect(a) || p.isSvelteKitError(a)) throw a;
1619
- const n = c.asCrossauthError(a);
1617
+ } catch (i) {
1618
+ if (p.isSvelteKitRedirect(i) || p.isSvelteKitError(i)) throw i;
1619
+ const n = c.asCrossauthError(i);
1620
1620
  return d.logger.debug({ err: n }), d.logger.error({ cerr: n }), v({
1621
1621
  ok: !1,
1622
1622
  user: (s = this.server.sessionAdapter) == null ? void 0 : s.getUser(e),
1623
- csrfToken: (i = this.server.sessionAdapter) == null ? void 0 : i.getCsrfToken(e),
1623
+ csrfToken: (a = this.server.sessionAdapter) == null ? void 0 : a.getCsrfToken(e),
1624
1624
  errorCode: n.code,
1625
1625
  errorCodeName: n.codeName,
1626
1626
  errorMessage: n.message
@@ -1629,16 +1629,16 @@ class G extends re {
1629
1629
  },
1630
1630
  actions: {
1631
1631
  default: async (e) => {
1632
- var s, i;
1632
+ var s, a;
1633
1633
  try {
1634
1634
  return await this.deleteSessionData(e), { ok: !0 };
1635
- } catch (a) {
1636
- if (p.isSvelteKitRedirect(a) || p.isSvelteKitError(a)) throw a;
1637
- const n = c.asCrossauthError(a);
1635
+ } catch (i) {
1636
+ if (p.isSvelteKitRedirect(i) || p.isSvelteKitError(i)) throw i;
1637
+ const n = c.asCrossauthError(i);
1638
1638
  return d.logger.debug({ err: n }), d.logger.error({ cerr: n }), {
1639
1639
  ok: !1,
1640
1640
  user: (s = this.server.sessionAdapter) == null ? void 0 : s.getUser(e),
1641
- csrfToken: (i = this.server.sessionAdapter) == null ? void 0 : i.getCsrfToken(e),
1641
+ csrfToken: (a = this.server.sessionAdapter) == null ? void 0 : a.getCsrfToken(e),
1642
1642
  errorCode: n.code,
1643
1643
  errorCodeName: n.codeName,
1644
1644
  errorMessage: n.message
@@ -1753,8 +1753,8 @@ class G extends re {
1753
1753
  if (e.locals.user || !r.sessionAdapter) return;
1754
1754
  let s = await r.sessionAdapter.getSessionData(e, this.sessionDataName);
1755
1755
  if (s && s.id_payload) {
1756
- let i = s.expires_at;
1757
- i && i > Date.now() && s.id_payload.sub && await this.setEventLocalsUser(e, s.id_payload);
1756
+ let a = s.expires_at;
1757
+ a && a > Date.now() && s.id_payload.sub && await this.setEventLocalsUser(e, s.id_payload);
1758
1758
  }
1759
1759
  this.testMiddleware && (this.testEvent = e);
1760
1760
  };
@@ -1776,7 +1776,7 @@ class G extends re {
1776
1776
  this.idTokenMatchField
1777
1777
  ), r.locals.user = t, r.locals.authType = t ? "oidc" : void 0;
1778
1778
  } catch (e) {
1779
- d.logger.error(u({ cerr: e })), r.locals.user = void 0, r.locals.authType = void 0;
1779
+ d.logger.error(f({ cerr: e })), r.locals.user = void 0, r.locals.authType = void 0;
1780
1780
  }
1781
1781
  }
1782
1782
  async passwordPost(r, o) {
@@ -1789,10 +1789,10 @@ class G extends re {
1789
1789
  );
1790
1790
  if (e.error == "mfa_required" && e.mfa_token && this.validFlows.includes(_.PasswordMfa)) {
1791
1791
  const s = e.mfa_token;
1792
- let i = o.scope;
1793
- if (i == "" && (i = void 0), e = this.errorIfIdTokenInvalid(await this.passwordMfa(
1792
+ let a = o.scope;
1793
+ if (a == "" && (a = void 0), e = this.errorIfIdTokenInvalid(await this.passwordMfa(
1794
1794
  s,
1795
- i,
1795
+ a,
1796
1796
  r
1797
1797
  )), e.error)
1798
1798
  throw c.fromOAuthError(
@@ -1809,11 +1809,11 @@ class G extends re {
1809
1809
  } catch (e) {
1810
1810
  if (p.isSvelteKitError(e) || p.isSvelteKitRedirect(e)) throw e;
1811
1811
  const s = c.asCrossauthError(e);
1812
- return d.logger.error(u({
1812
+ return d.logger.error(f({
1813
1813
  msg: "Error receiving token",
1814
1814
  cerr: s,
1815
1815
  user: (t = this.server.sessionAdapter) == null ? void 0 : t.getUser(r)
1816
- })), d.logger.debug(u({ err: e })), {
1816
+ })), d.logger.debug(f({ err: e })), {
1817
1817
  error: s.oauthErrorCode,
1818
1818
  error_description: s.message
1819
1819
  };
@@ -1828,11 +1828,11 @@ class G extends re {
1828
1828
  };
1829
1829
  const s = e.authenticators[0];
1830
1830
  if (s.authenticator_type == "otp") {
1831
- const a = await this.mfaOtpRequest(r, s.id);
1832
- if (a.error || a.challenge_type != "otp") {
1831
+ const i = await this.mfaOtpRequest(r, s.id);
1832
+ if (i.error || i.challenge_type != "otp") {
1833
1833
  const n = c.fromOAuthError(
1834
- a.error ?? "server_error",
1835
- a.error_description ?? "Invalid response from MFA OTP challenge"
1834
+ i.error ?? "server_error",
1835
+ i.error_description ?? "Invalid response from MFA OTP challenge"
1836
1836
  );
1837
1837
  return d.logger.debug({ err: n }), d.logger.error({ cerr: n }), {
1838
1838
  error: n.oauthErrorCode,
@@ -1842,14 +1842,14 @@ class G extends re {
1842
1842
  return {
1843
1843
  scope: o,
1844
1844
  mfa_token: r,
1845
- challenge_type: a.challenge_type
1845
+ challenge_type: i.challenge_type
1846
1846
  };
1847
1847
  } else if (s.authenticator_type == "oob") {
1848
- const a = await this.mfaOobRequest(r, s.id);
1849
- if (a.error || a.challenge_type != "oob" || !a.oob_code || a.binding_method != "prompt") {
1848
+ const i = await this.mfaOobRequest(r, s.id);
1849
+ if (i.error || i.challenge_type != "oob" || !i.oob_code || i.binding_method != "prompt") {
1850
1850
  const n = c.fromOAuthError(
1851
- a.error ?? "server_error",
1852
- a.error_description ?? "Invalid response from MFA OOB challenge"
1851
+ i.error ?? "server_error",
1852
+ i.error_description ?? "Invalid response from MFA OOB challenge"
1853
1853
  );
1854
1854
  return d.logger.debug({ err: n }), d.logger.error({ cerr: n }), {
1855
1855
  error: n.oauthErrorCode,
@@ -1860,19 +1860,19 @@ class G extends re {
1860
1860
  scope: o,
1861
1861
  mfa_token: r,
1862
1862
  oob_channel: s.oob_channel,
1863
- challenge_type: a.challenge_type,
1864
- binding_method: a.binding_method,
1865
- oob_code: a.oob_code,
1863
+ challenge_type: i.challenge_type,
1864
+ binding_method: i.binding_method,
1865
+ oob_code: i.oob_code,
1866
1866
  name: s.name
1867
1867
  };
1868
1868
  }
1869
- const i = new c(
1869
+ const a = new c(
1870
1870
  h.UnknownError,
1871
1871
  "Unsupported MFA type " + s.authenticator_type + " returned"
1872
1872
  );
1873
1873
  return {
1874
- error: i.oauthErrorCode,
1875
- error_description: i.message
1874
+ error: a.oauthErrorCode,
1875
+ error_description: a.message
1876
1876
  };
1877
1877
  }
1878
1878
  async passwordOtp(r, o) {
@@ -1905,7 +1905,7 @@ class G extends re {
1905
1905
  o.binding_code,
1906
1906
  t
1907
1907
  ));
1908
- return e.error ? (d.logger.warn(u({
1908
+ return e.error ? (d.logger.warn(f({
1909
1909
  msg: "Error completing MFA",
1910
1910
  user: (s = this.server.sessionAdapter) == null ? void 0 : s.getUser(r),
1911
1911
  hashedMfaToken: o.mfa_token ? F.hash(o.mfa_token) : void 0
@@ -1927,10 +1927,10 @@ class G extends re {
1927
1927
  if (o.locals.sessionId && this.autoRefreshActive[o.locals.sessionId]) return;
1928
1928
  try {
1929
1929
  o.locals.sessionId && (this.autoRefreshActive[o.locals.sessionId] = !0);
1930
- const i = this.errorIfIdTokenInvalid(await this.refreshTokenFlow(e));
1931
- if (!i.error && !i.access_token && (i.error = "server_error", i.error_description = "Unexpectedly did not receive error or access token"), !i.error) {
1930
+ const a = this.errorIfIdTokenInvalid(await this.refreshTokenFlow(e));
1931
+ if (!a.error && !a.access_token && (a.error = "server_error", a.error_description = "Unexpectedly did not receive error or access token"), !a.error) {
1932
1932
  const l = await this.receiveTokenFn(
1933
- i,
1933
+ a,
1934
1934
  this,
1935
1935
  o,
1936
1936
  r == "silent",
@@ -1940,43 +1940,43 @@ class G extends re {
1940
1940
  }
1941
1941
  if (r != "silent") {
1942
1942
  const l = c.fromOAuthError(
1943
- i.error ?? "server_error",
1944
- i.error_description
1943
+ a.error ?? "server_error",
1944
+ a.error_description
1945
1945
  );
1946
1946
  return r == "page" ? this.errorFn(this.server, o, l) : {
1947
1947
  error: l.oauthErrorCode,
1948
1948
  error_description: l.message
1949
1949
  };
1950
1950
  }
1951
- let a = i.expires_in;
1952
- if (!a && i.access_token) {
1953
- const l = M(i.access_token);
1954
- l.exp && (a = l.exp);
1951
+ let i = a.expires_in;
1952
+ if (!i && a.access_token) {
1953
+ const l = M(a.access_token);
1954
+ l.exp && (i = l.exp);
1955
1955
  }
1956
- if (!a)
1956
+ if (!i)
1957
1957
  throw new c(
1958
1958
  h.BadRequest,
1959
1959
  "OAuth server did not return an expiry for the access token"
1960
1960
  );
1961
- const n = (/* @__PURE__ */ new Date()).getTime() + a * 1e3;
1961
+ const n = (/* @__PURE__ */ new Date()).getTime() + i * 1e3;
1962
1962
  return {
1963
- access_token: i.access_token,
1964
- refresh_token: i.refresh_token,
1965
- expires_in: i.expires_in,
1963
+ access_token: a.access_token,
1964
+ refresh_token: a.refresh_token,
1965
+ expires_in: a.expires_in,
1966
1966
  expires_at: n,
1967
- error: i.error,
1968
- error_description: i.error_description
1967
+ error: a.error,
1968
+ error_description: a.error_description
1969
1969
  };
1970
- } catch (i) {
1971
- if (p.isSvelteKitRedirect(i) || p.isSvelteKitError(i)) throw i;
1972
- if (d.logger.debug(u({ err: i })), d.logger.error(u({
1973
- cerr: i,
1970
+ } catch (a) {
1971
+ if (p.isSvelteKitRedirect(a) || p.isSvelteKitError(a)) throw a;
1972
+ if (d.logger.debug(f({ err: a })), d.logger.error(f({
1973
+ cerr: a,
1974
1974
  msg: "Failed refreshing access token"
1975
1975
  })), r != "silent") {
1976
- const a = c.asCrossauthError(i);
1977
- return r == "page" ? this.errorFn(this.server, o, a) : {
1978
- error: a.oauthErrorCode,
1979
- error_description: a.message
1976
+ const i = c.asCrossauthError(a);
1977
+ return r == "page" ? this.errorFn(this.server, o, i) : {
1978
+ error: i.oauthErrorCode,
1979
+ error_description: i.message
1980
1980
  };
1981
1981
  }
1982
1982
  return {
@@ -2053,16 +2053,16 @@ class G extends re {
2053
2053
  let t;
2054
2054
  try {
2055
2055
  if (!(this.validFlows.includes(_.Password) || this.validFlows.includes(_.PasswordMfa))) {
2056
- const a = new c(h.Unauthorized, "Password flow is not supported");
2057
- return this.errorFn(this.server, r, a);
2056
+ const i = new c(h.Unauthorized, "Password flow is not supported");
2057
+ return this.errorFn(this.server, r, i);
2058
2058
  }
2059
2059
  var e = new b();
2060
2060
  if (await e.loadData(r), t = e.toObject(), this.server.sessionAdapter && this.server.sessionAdapter.csrfProtectionEnabled())
2061
2061
  try {
2062
2062
  if (!this.server.sessionAdapter.getCsrfToken(r))
2063
2063
  throw new c(h.InvalidCsrf);
2064
- } catch (a) {
2065
- if (p.isSvelteKitError(a) || p.isSvelteKitRedirect(a)) throw a;
2064
+ } catch (i) {
2065
+ if (p.isSvelteKitError(i) || p.isSvelteKitRedirect(i)) throw i;
2066
2066
  const n = new c(h.Unauthorized, "CSRF token not present");
2067
2067
  return this.errorFn(this.server, r, n);
2068
2068
  }
@@ -2072,19 +2072,19 @@ class G extends re {
2072
2072
  ok: !1,
2073
2073
  ...s
2074
2074
  };
2075
- const i = await this.receiveTokenFn(
2075
+ const a = await this.receiveTokenFn(
2076
2076
  s,
2077
2077
  this,
2078
2078
  r,
2079
2079
  !1,
2080
2080
  this.setEventLocalsUser
2081
2081
  );
2082
- if (s && i instanceof Response) return i;
2082
+ if (s && a instanceof Response) return a;
2083
2083
  throw new c(h.UnknownError, "Receive token function did not return a Response");
2084
2084
  } catch (s) {
2085
2085
  if (p.isSvelteKitRedirect(s) || p.isSvelteKitError(s)) throw s;
2086
- const i = c.asCrossauthError(s);
2087
- return d.logger.debug({ err: s }), d.logger.error({ cerr: s }), this.errorFn(this.server, r, i);
2086
+ const a = c.asCrossauthError(s);
2087
+ return d.logger.debug({ err: s }), d.logger.error({ cerr: s }), this.errorFn(this.server, r, a);
2088
2088
  }
2089
2089
  }
2090
2090
  async passwordFlow_action(r, o) {
@@ -2096,16 +2096,16 @@ class G extends re {
2096
2096
  let t;
2097
2097
  try {
2098
2098
  if (!(this.validFlows.includes(_.Password) || this.validFlows.includes(_.PasswordMfa))) {
2099
- const a = new c(h.Unauthorized, "Password and Password MFA flows are not supported");
2100
- return this.errorFn(this.server, r, a);
2099
+ const i = new c(h.Unauthorized, "Password and Password MFA flows are not supported");
2100
+ return this.errorFn(this.server, r, i);
2101
2101
  }
2102
2102
  var e = new b();
2103
2103
  if (await e.loadData(r), t = e.toObject(), this.server.sessionAdapter && this.server.sessionAdapter.csrfProtectionEnabled())
2104
2104
  try {
2105
2105
  if (!this.server.sessionAdapter.getCsrfToken(r))
2106
2106
  throw new c(h.InvalidCsrf);
2107
- } catch (a) {
2108
- throw p.isSvelteKitError(a) || p.isSvelteKitRedirect(a) ? a : new c(h.Unauthorized, "CSRF token not present");
2107
+ } catch (i) {
2108
+ throw p.isSvelteKitError(i) || p.isSvelteKitRedirect(i) ? i : new c(h.Unauthorized, "CSRF token not present");
2109
2109
  }
2110
2110
  const s = await o(r, t);
2111
2111
  if (!s) throw new c(h.UnknownError, "Password flow returned no data");
@@ -2116,27 +2116,27 @@ class G extends re {
2116
2116
  };
2117
2117
  if (s.challenge_type) {
2118
2118
  if (!this.validFlows.includes(_.PasswordMfa)) {
2119
- const a = new c(h.Unauthorized, "Password MFA flow is not supported");
2120
- return this.errorFn(this.server, r, a);
2119
+ const i = new c(h.Unauthorized, "Password MFA flow is not supported");
2120
+ return this.errorFn(this.server, r, i);
2121
2121
  }
2122
2122
  return s;
2123
2123
  }
2124
- const i = await this.receiveTokenFn(
2124
+ const a = await this.receiveTokenFn(
2125
2125
  s,
2126
2126
  this,
2127
2127
  r,
2128
2128
  !1,
2129
2129
  this.setEventLocalsUser
2130
2130
  ) ?? {};
2131
- if (i instanceof Response) throw new c(h.Configuration, "Refresh token flow should return an object not Response");
2132
- return i;
2131
+ if (a instanceof Response) throw new c(h.Configuration, "Refresh token flow should return an object not Response");
2132
+ return a;
2133
2133
  } catch (s) {
2134
2134
  if (p.isSvelteKitRedirect(s) || p.isSvelteKitError(s)) throw s;
2135
- const i = c.asCrossauthError(s);
2135
+ const a = c.asCrossauthError(s);
2136
2136
  return d.logger.debug({ err: s }), d.logger.error({ cerr: s }), {
2137
2137
  ok: !1,
2138
- error: i.oauthErrorCode,
2139
- error_description: i.message
2138
+ error: a.oauthErrorCode,
2139
+ error_description: a.message
2140
2140
  };
2141
2141
  }
2142
2142
  }
@@ -2162,30 +2162,30 @@ class G extends re {
2162
2162
  let s = o.url;
2163
2163
  if (!s) {
2164
2164
  if (!r.url.pathname.startsWith(this.bffEndpointName)) throw new c(h.Unauthorized, "Attempt to call BFF url with the wrong prefix");
2165
- const i = r.url.pathname.substring(this.bffEndpointName.length);
2166
- let a = ((e = r.url.searchParams) == null ? void 0 : e.toString()) ?? void 0;
2167
- a && a != "" && (a = "?" + a), s = new URL(this.bffBaseUrl + i + a);
2165
+ const a = r.url.pathname.substring(this.bffEndpointName.length);
2166
+ let i = ((e = r.url.searchParams) == null ? void 0 : e.toString()) ?? void 0;
2167
+ i && i != "" && (i = "?" + i), s = new URL(this.bffBaseUrl + a + i);
2168
2168
  }
2169
2169
  o.headers || (o.headers = new Headers());
2170
- for (let i = 0; i < this.bffMaxTries; ++i) {
2171
- i > 0 && await new Promise((g) => setTimeout(g, this.bffSleepMilliseconds));
2172
- const a = await this.server.sessionAdapter.getSessionData(
2170
+ for (let a = 0; a < this.bffMaxTries; ++a) {
2171
+ a > 0 && await new Promise((g) => setTimeout(g, this.bffSleepMilliseconds));
2172
+ const i = await this.server.sessionAdapter.getSessionData(
2173
2173
  r,
2174
2174
  this.sessionDataName
2175
2175
  );
2176
- if (!a) {
2177
- if (i == this.bffMaxTries)
2176
+ if (!i) {
2177
+ if (a == this.bffMaxTries)
2178
2178
  throw new c(h.Unauthorized, "No access token found");
2179
2179
  continue;
2180
2180
  }
2181
- let n = a.access_token;
2182
- if (a && a.access_token) {
2181
+ let n = i.access_token;
2182
+ if (i && i.access_token) {
2183
2183
  const g = await this.refresh(
2184
2184
  "silent",
2185
2185
  r,
2186
2186
  !0,
2187
- a.refresh_token,
2188
- a.expires_at
2187
+ i.refresh_token,
2188
+ i.expires_at
2189
2189
  );
2190
2190
  if (g instanceof Response) throw new c(h.Configuration, "Expected object when refreshing tokens, not Response");
2191
2191
  if (g != null && g.access_token)
@@ -2194,20 +2194,20 @@ class G extends re {
2194
2194
  continue;
2195
2195
  }
2196
2196
  o.headers.set("accept", "application/json"), o.headers.set("content-type", "application/json"), n && o.headers.set("authorization", "Bearer " + n);
2197
- let l, f;
2197
+ let l, u;
2198
2198
  if (r.request.body) {
2199
2199
  var t = new b();
2200
- await t.loadData(r), f = t.toObject();
2200
+ await t.loadData(r), u = t.toObject();
2201
2201
  }
2202
- if (d.logger.debug(u({ msg: "Calling BFF URL", url: s, method: r.request.method })), f ? l = await fetch(s, {
2202
+ if (d.logger.debug(f({ msg: "Calling BFF URL", url: s, method: r.request.method })), u ? l = await fetch(s, {
2203
2203
  headers: o.headers,
2204
2204
  method: o.method ?? r.request.method,
2205
- body: JSON.stringify(f ?? "{}")
2205
+ body: JSON.stringify(u ?? "{}")
2206
2206
  }) : l = await fetch(s, {
2207
2207
  headers: o.headers,
2208
2208
  method: o.method ?? r.request.method
2209
2209
  }), l.status == 401) {
2210
- if (i < this.bffMaxTries - 1)
2210
+ if (a < this.bffMaxTries - 1)
2211
2211
  continue;
2212
2212
  return l;
2213
2213
  } else
@@ -2216,11 +2216,11 @@ class G extends re {
2216
2216
  return new Response(null, { status: 401 });
2217
2217
  } catch (s) {
2218
2218
  if (p.isSvelteKitError(s) || p.isSvelteKitRedirect(s)) throw s;
2219
- const i = c.asCrossauthError(s);
2220
- return d.logger.debug({ err: i }), d.logger.error({ cerr: i }), v({
2221
- error: i.oauthErrorCode,
2222
- error_description: i.message
2223
- }, { status: i.httpStatus });
2219
+ const a = c.asCrossauthError(s);
2220
+ return d.logger.debug({ err: a }), d.logger.error({ cerr: a }), v({
2221
+ error: a.oauthErrorCode,
2222
+ error_description: a.message
2223
+ }, { status: a.httpStatus });
2224
2224
  }
2225
2225
  }
2226
2226
  async unpack(r) {
@@ -2249,7 +2249,7 @@ class G extends re {
2249
2249
  */
2250
2250
  async allBff(r, o = {}) {
2251
2251
  try {
2252
- if (d.logger.debug(u({ msg: "Called allBff", url: r.url.toString() })), !this.server.sessionAdapter) throw new c(h.Configuration, "Session server must be instantiated to use bff()");
2252
+ if (d.logger.debug(f({ msg: "Called allBff", url: r.url.toString() })), !this.server.sessionAdapter) throw new c(h.Configuration, "Session server must be instantiated to use bff()");
2253
2253
  if (!this.server.oAuthClient) throw new c(h.Configuration, "OAuth Client not found");
2254
2254
  if (!this.bffBaseUrl) throw new c(h.Configuration, "Must set bffBaseUrl to use bff()");
2255
2255
  if (!this.bffEndpointName) throw new c(h.Configuration, "Must set bffEndpointName to use bff()");
@@ -2258,16 +2258,16 @@ class G extends re {
2258
2258
  const t = r.url.pathname.substring(this.bffEndpointName.length);
2259
2259
  let e;
2260
2260
  for (let s = 0; s < this.bffEndpoints.length; ++s) {
2261
- let i = this.bffEndpoints[s];
2262
- if (i.matchSubUrls) {
2263
- let a = i.url, n = i.url;
2264
- if (n.endsWith("/") || (n += "/"), i.methodsString.includes(r.request.method) && (t.startsWith(n) || t == a)) {
2261
+ let a = this.bffEndpoints[s];
2262
+ if (a.matchSubUrls) {
2263
+ let i = a.url, n = a.url;
2264
+ if (n.endsWith("/") || (n += "/"), a.methodsString.includes(r.request.method) && (t.startsWith(n) || t == i)) {
2265
2265
  e = s;
2266
2266
  break;
2267
2267
  }
2268
2268
  } else {
2269
- let a = i.url;
2270
- if (i.methodsString.includes(r.request.method) && t == a) {
2269
+ let i = a.url;
2270
+ if (a.methodsString.includes(r.request.method) && t == i) {
2271
2271
  e = s;
2272
2272
  break;
2273
2273
  }
@@ -2297,23 +2297,23 @@ class G extends re {
2297
2297
  if (!this.tokenEndpoints || this.tokenEndpoints.length == 0)
2298
2298
  throw new c(h.Unauthorized, "No tokens have been made available");
2299
2299
  let s = Array.isArray(o) ? o : [o];
2300
- const i = await this.server.sessionAdapter.getSessionData(
2300
+ const a = await this.server.sessionAdapter.getSessionData(
2301
2301
  r,
2302
2302
  this.sessionDataName
2303
2303
  );
2304
- if (!i)
2304
+ if (!a)
2305
2305
  throw new c(h.Unauthorized, "No access token found");
2306
- let a = {}, n, l = !1;
2307
- for (let f of s) {
2308
- if (!this.tokenEndpoints.includes(f)) throw new c(h.Unauthorized, "Token type " + f + " may not be returned");
2306
+ let i = {}, n, l = !1;
2307
+ for (let u of s) {
2308
+ if (!this.tokenEndpoints.includes(u)) throw new c(h.Unauthorized, "Token type " + u + " may not be returned");
2309
2309
  l = !1;
2310
- let g = f;
2311
- f.startsWith("have_") && (g = f.replace("have_", ""), l = !0);
2310
+ let g = u;
2311
+ u.startsWith("have_") && (g = u.replace("have_", ""), l = !0);
2312
2312
  const w = g.replace("_token", ""), m = e && this.jwtTokens.includes(w);
2313
- let S = this.tokenPayload(g, i, l, m);
2314
- l ? a[f] = S.ok : S && (a[f] = S), n = a[f];
2313
+ let S = this.tokenPayload(g, a, l, m);
2314
+ l ? i[u] = S.ok : S && (i[u] = S), n = i[u];
2315
2315
  }
2316
- return Array.isArray(o) ? { status: 200, body: a } : n ? l ? { status: 200, body: typeof n == "boolean" ? { ok: n } : n } : { status: 200, body: n } : o.startsWith("have_") ? { status: 200, body: { ok: !1 } } : { status: 204 };
2316
+ return Array.isArray(o) ? { status: 200, body: i } : n ? l ? { status: 200, body: typeof n == "boolean" ? { ok: n } : n } : { status: 200, body: n } : o.startsWith("have_") ? { status: 200, body: { ok: !1 } } : { status: 204 };
2317
2317
  } catch (t) {
2318
2318
  if (p.isSvelteKitError(t) || p.isSvelteKitRedirect(t)) throw t;
2319
2319
  const e = c.asCrossauthError(t);
@@ -2344,13 +2344,13 @@ class G extends re {
2344
2344
  e == "" && (e = void 0);
2345
2345
  let s = this.authServerBaseUrl;
2346
2346
  s.endsWith("/") || (s += "/"), s += this.deviceAuthorizationUrl;
2347
- const i = await this.startDeviceCodeFlow(s, e);
2348
- let a;
2349
- return i.verification_uri_complete && await ae.toDataURL(i.verification_uri_complete).then((n) => {
2350
- a = n;
2347
+ const a = await this.startDeviceCodeFlow(s, e);
2348
+ let i;
2349
+ return a.verification_uri_complete && await ae.toDataURL(a.verification_uri_complete).then((n) => {
2350
+ i = n;
2351
2351
  }).catch((n) => {
2352
- d.logger.debug(u({ err: n })), d.logger.warn(u({ msg: "Couldn't generate verification URL QR Code" }));
2353
- }), a ? { verification_uri_qrdata: a, ...i } : i;
2352
+ d.logger.debug(f({ err: n })), d.logger.warn(f({ msg: "Couldn't generate verification URL QR Code" }));
2353
+ }), i ? { verification_uri_qrdata: i, ...a } : a;
2354
2354
  } catch (e) {
2355
2355
  if (p.isSvelteKitRedirect(e) || p.isSvelteKitError(e)) throw e;
2356
2356
  const s = c.asCrossauthError(e);
@@ -2370,8 +2370,8 @@ class G extends re {
2370
2370
  try {
2371
2371
  if (!this.server.sessionAdapter.getCsrfToken(r))
2372
2372
  throw new c(h.InvalidCsrf);
2373
- } catch (i) {
2374
- throw p.isSvelteKitError(i) || p.isSvelteKitRedirect(i) ? i : new c(h.Unauthorized, "CSRF token not present");
2373
+ } catch (a) {
2374
+ throw p.isSvelteKitError(a) || p.isSvelteKitRedirect(a) ? a : new c(h.Unauthorized, "CSRF token not present");
2375
2375
  }
2376
2376
  let e = o.device_code;
2377
2377
  if (!e) throw new c(h.BadRequest, "No device code given when polling for user authorization");
@@ -2386,8 +2386,8 @@ class G extends re {
2386
2386
  );
2387
2387
  {
2388
2388
  if (s.error == "authorization_pending") return { ok: !0, ...s };
2389
- let i = s.error ?? "server_error", a = s.error_description ?? "Didn't receive an access token";
2390
- const n = c.fromOAuthError(i, a);
2389
+ let a = s.error ?? "server_error", i = s.error_description ?? "Didn't receive an access token";
2390
+ const n = c.fromOAuthError(a, i);
2391
2391
  return this.errorFn(this.server, r, n);
2392
2392
  }
2393
2393
  } catch (e) {
@@ -2428,88 +2428,98 @@ class ge extends se {
2428
2428
  * @param options See {@link SvelteKitOAuthResourceServerOptions}
2429
2429
  */
2430
2430
  constructor(r, o = {}) {
2431
- if (super(r, o), this.errorBody = {}, this.protectedEndpoints = {}, this.sessionDataName = "oauth", this.tokenLocations = ["header"], y("errorBody", E.Json, this, o, "OAUTH_RESSERVER_ACCESS_DENIED_BODY"), y("tokenLocations", E.JsonArray, this, o, "OAUTH_TOKEN_LOCATIONS"), y("sessionDataName", E.String, this, o, "OAUTH_SESSION_DATA_NAME"), this.userStorage = o.userStorage, this.sessionAdapter = o.sessionAdapter, o.protectedEndpoints) {
2431
+ if (super(r, o), this.errorBody = {}, this.protectedEndpoints = {}, this.protectedEndpointPrefixes = [], this.sessionDataName = "oauth", this.tokenLocations = ["header"], y("errorBody", E.Json, this, o, "OAUTH_RESSERVER_ACCESS_DENIED_BODY"), y("tokenLocations", E.JsonArray, this, o, "OAUTH_TOKEN_LOCATIONS"), y("sessionDataName", E.String, this, o, "OAUTH_SESSION_DATA_NAME"), this.userStorage = o.userStorage, this.sessionAdapter = o.sessionAdapter, o.protectedEndpoints) {
2432
2432
  const t = /^[!#\$%&'\(\)\*\+,\.\/a-zA-Z\[\]\^_`-]+/;
2433
2433
  for (const [e, s] of Object.entries(o.protectedEndpoints)) {
2434
2434
  if (!e.startsWith("/"))
2435
2435
  throw new c(h.Configuration, "protected endpoints must be absolute paths without the protocol and hostname");
2436
- s.scope && s.scope.forEach((i) => {
2437
- if (!t.test(i)) throw new c(h.Configuration, "Illegal characters in scope " + i);
2436
+ s.scope && s.scope.forEach((a) => {
2437
+ if (!t.test(a)) throw new c(h.Configuration, "Illegal characters in scope " + a);
2438
2438
  });
2439
2439
  }
2440
- this.protectedEndpoints = o.protectedEndpoints;
2440
+ this.protectedEndpoints = { ...o.protectedEndpoints };
2441
+ for (let e in o.protectedEndpoints) {
2442
+ let s = this.protectedEndpoints[e];
2443
+ s.suburls == !0 && (e.endsWith("/") || (e += "/", this.protectedEndpoints[e] = s), this.protectedEndpointPrefixes.push(e));
2444
+ }
2441
2445
  }
2442
2446
  o.protectedEndpoints && (this.hook = async ({ event: t }) => {
2443
- var i, a;
2447
+ var n, l;
2444
2448
  const e = t.url.pathname;
2445
- if (!(e in this.protectedEndpoints)) return;
2446
- const s = await this.authorized(t);
2447
- if (!(t.locals.user && t.locals.authType == "cookie" && this.protectedEndpoints[e].acceptSessionAuthorization != !0)) {
2448
- if (!s) {
2449
+ let s = !1, a = "";
2450
+ if (e in this.protectedEndpoints)
2451
+ s = !0, a = e;
2452
+ else
2453
+ for (let u of this.protectedEndpointPrefixes)
2454
+ e.startsWith(u) && (s = !0), a = u;
2455
+ if (!s) return;
2456
+ const i = await this.authorized(t);
2457
+ if (!(t.locals.user && t.locals.authType == "cookie" && this.protectedEndpoints[a].acceptSessionAuthorization != !0)) {
2458
+ if (!i) {
2449
2459
  t.locals.authError = "access_denied", t.locals.authErrorDescription = "No access token";
2450
- const n = this.authenticateHeader(t);
2460
+ const u = this.authenticateHeader(t);
2451
2461
  return new Response(JSON.stringify(this.errorBody), {
2452
2462
  headers: {
2453
2463
  "content-type": "application/json",
2454
- "WWW-Authenticate": n
2464
+ "WWW-Authenticate": u
2455
2465
  },
2456
2466
  status: 401
2457
2467
  });
2458
2468
  }
2459
- if (!s.authorized) {
2460
- const n = this.authenticateHeader(t);
2469
+ if (!i.authorized) {
2470
+ const u = this.authenticateHeader(t);
2461
2471
  return new Response(JSON.stringify(this.errorBody), {
2462
2472
  headers: {
2463
2473
  "content-type": "application/json",
2464
- "WWW-Authenticate": n
2474
+ "WWW-Authenticate": u
2465
2475
  },
2466
2476
  status: 401
2467
2477
  });
2468
2478
  }
2469
2479
  }
2470
- if (s) {
2471
- if (t.locals.accessTokenPayload = s.tokenPayload, t.locals.user = s.user, (i = s.tokenPayload) != null && i.scope)
2472
- if (Array.isArray(s.tokenPayload.scope)) {
2473
- let n = [];
2474
- for (let l of s.tokenPayload.scope)
2475
- typeof l == "string" && n.push(l);
2476
- t.locals.scope = n;
2477
- } else typeof s.tokenPayload.scope == "string" && (t.locals.scope = s.tokenPayload.scope.split(" "));
2478
- if (this.protectedEndpoints[e].scope) {
2479
- for (let n of this.protectedEndpoints[e].scope ?? [])
2480
- if (!t.locals.scope || !t.locals.scope.includes(n) && this.protectedEndpoints[e].acceptSessionAuthorization != !0) {
2481
- d.logger.warn(u({
2480
+ if (i) {
2481
+ if (t.locals.accessTokenPayload = i.tokenPayload, t.locals.user = i.user, (n = i.tokenPayload) != null && n.scope)
2482
+ if (Array.isArray(i.tokenPayload.scope)) {
2483
+ let u = [];
2484
+ for (let g of i.tokenPayload.scope)
2485
+ typeof g == "string" && u.push(g);
2486
+ t.locals.scope = u;
2487
+ } else typeof i.tokenPayload.scope == "string" && (t.locals.scope = i.tokenPayload.scope.split(" "));
2488
+ if (this.protectedEndpoints[a].scope) {
2489
+ for (let u of this.protectedEndpoints[a].scope ?? [])
2490
+ if (!t.locals.scope || !t.locals.scope.includes(u) && this.protectedEndpoints[a].acceptSessionAuthorization != !0) {
2491
+ d.logger.warn(f({
2482
2492
  msg: "Access token does not have sufficient scope",
2483
- username: (a = t.locals.user) == null ? void 0 : a.username,
2493
+ username: (l = t.locals.user) == null ? void 0 : l.username,
2484
2494
  url: t.request.url
2485
2495
  })), t.locals.scope = void 0, t.locals.accessTokenPayload = void 0, t.locals.user = void 0, t.locals.authError = "access_denied", t.locals.authErrorDescription = "Access token does not have sufficient scope";
2486
- const l = this.authenticateHeader(t);
2496
+ const g = this.authenticateHeader(t);
2487
2497
  return new Response(JSON.stringify(this.errorBody), {
2488
2498
  headers: {
2489
2499
  "content-type": "application/json",
2490
- "WWW-Authenticate": l
2500
+ "WWW-Authenticate": g
2491
2501
  },
2492
2502
  status: 401
2493
2503
  });
2494
2504
  }
2495
2505
  }
2496
- if (t.locals.authType = "oauth", t.locals.authError = s == null ? void 0 : s.error, (s == null ? void 0 : s.error) == "access_denied") {
2497
- const n = this.authenticateHeader(t);
2506
+ if (t.locals.authType = "oauth", t.locals.authError = i == null ? void 0 : i.error, (i == null ? void 0 : i.error) == "access_denied") {
2507
+ const u = this.authenticateHeader(t);
2498
2508
  return new Response(JSON.stringify(this.errorBody), {
2499
2509
  headers: {
2500
2510
  "content-type": "application/json",
2501
- "WWW-Authenticate": n
2511
+ "WWW-Authenticate": u
2502
2512
  },
2503
2513
  status: 401
2504
2514
  });
2505
- } else if (s != null && s.error)
2515
+ } else if (i != null && i.error)
2506
2516
  return new Response(JSON.stringify(this.errorBody), {
2507
2517
  headers: {
2508
2518
  "content-type": "application/json"
2509
2519
  },
2510
2520
  status: 500
2511
2521
  });
2512
- t.locals.authErrorDescription = s == null ? void 0 : s.error_description, d.logger.debug(u({ msg: "Resource server url", url: t.request.url, authorized: t.locals.accessTokenPayload != null }));
2522
+ t.locals.authErrorDescription = i == null ? void 0 : i.error_description, d.logger.debug(f({ msg: "Resource server url", url: t.request.url, authorized: t.locals.accessTokenPayload != null }));
2513
2523
  }
2514
2524
  });
2515
2525
  }
@@ -2567,7 +2577,7 @@ class ge extends se {
2567
2577
  return { authorized: !1 };
2568
2578
  } catch (o) {
2569
2579
  const t = o;
2570
- return d.logger.debug(u({ err: o })), d.logger.error(u({ cerr: t })), r.locals.authError = "server_error", r.locals.authErrorDescription = t.message, { authorized: !1, error: "server_error", error_description: t.message };
2580
+ return d.logger.debug(f({ err: o })), d.logger.error(f({ cerr: t })), r.locals.authError = "server_error", r.locals.authErrorDescription = t.message, { authorized: !1, error: "server_error", error_description: t.message };
2571
2581
  }
2572
2582
  }
2573
2583
  async tokenFromHeader(r) {
@@ -2635,11 +2645,11 @@ const D = class D {
2635
2645
  apiKey: t,
2636
2646
  oAuthAuthServer: e,
2637
2647
  oAuthClient: s,
2638
- oAuthClients: i,
2639
- oAuthResServer: a,
2648
+ oAuthClients: a,
2649
+ oAuthResServer: i,
2640
2650
  options: n
2641
2651
  }) {
2642
- this.loginUrl = "/login", this.audience = "", this.dummyLoad = async (f) => ({}), this.dummyActions = {}, this.dummyBff = async (f) => ({ status: 500, body: { error: "Unimplemented" } }), n || (n = {}), y("loginUrl", E.String, this, n, "LOGIN_URL", !1), n.isAdminFn && (D.isAdminFn = n.isAdminFn);
2652
+ this.loginUrl = "/login", this.audience = "", this.dummyLoad = async (u) => ({}), this.dummyActions = {}, this.dummyBff = async (u) => ({ status: 500, body: { error: "Unimplemented" } }), n || (n = {}), y("loginUrl", E.String, this, n, "LOGIN_URL", !1), n.isAdminFn && (D.isAdminFn = n.isAdminFn);
2643
2653
  let l = {};
2644
2654
  if (n.authenticators && (l = n.authenticators), this.userStorage = n.userStorage, r) {
2645
2655
  if (!l)
@@ -2658,37 +2668,37 @@ const D = class D {
2658
2668
  );
2659
2669
  }
2660
2670
  if (e) {
2661
- let f = {};
2662
- this.loginUrl && (f.loginUrl = this.loginUrl), this.oAuthAuthServer = new ce(
2671
+ let u = {};
2672
+ this.loginUrl && (u.loginUrl = this.loginUrl), this.oAuthAuthServer = new ce(
2663
2673
  this,
2664
2674
  e.clientStorage,
2665
2675
  e.keyStorage,
2666
2676
  l,
2667
- { ...f, ...n, ...e.options }
2677
+ { ...u, ...n, ...e.options }
2668
2678
  );
2669
2679
  }
2670
- if (s && i)
2680
+ if (s && a)
2671
2681
  throw new c(h.Configuration, "Cannot specify both oAuthClient and oAuthClients");
2672
2682
  if (s && (this.oAuthClient = new G(
2673
2683
  this,
2674
2684
  s.authServerBaseUrl,
2675
2685
  { ...n, ...s.options }
2676
- )), i) {
2686
+ )), a) {
2677
2687
  this.oAuthClients = [];
2678
- for (let f of i)
2688
+ for (let u of a)
2679
2689
  this.oAuthClients.push(
2680
2690
  new G(
2681
2691
  this,
2682
- f.authServerBaseUrl,
2683
- { ...n, ...f.options }
2692
+ u.authServerBaseUrl,
2693
+ { ...n, ...u.options }
2684
2694
  )
2685
2695
  );
2686
2696
  }
2687
- a && (y("audience", E.String, this, n, "OAUTH_AUDIENCE", !0), this.oAuthResServer = new ge(
2697
+ i && (y("audience", E.String, this, n, "OAUTH_AUDIENCE", !0), this.oAuthResServer = new ge(
2688
2698
  [new te(this.audience, n)],
2689
- { sessionAdapter: this.sessionAdapter, ...a.options, ...n }
2690
- )), this.hooks = async ({ event: f, resolve: g }) => {
2691
- const w = await this.unresolvedHooks(f);
2699
+ { sessionAdapter: this.sessionAdapter, ...i.options, ...n }
2700
+ )), this.hooks = async ({ event: u, resolve: g }) => {
2701
+ const w = await this.unresolvedHooks(u);
2692
2702
  return w instanceof Response ? w : await g(w);
2693
2703
  };
2694
2704
  }
@@ -2791,18 +2801,18 @@ class we {
2791
2801
  reconfigure: async (t) => await this.reconfigureFactor2(t)
2792
2802
  },
2793
2803
  load: async (t) => {
2794
- var f;
2795
- let e = (f = t.locals.user) == null ? void 0 : f.username;
2804
+ var u;
2805
+ let e = (u = t.locals.user) == null ? void 0 : u.username;
2796
2806
  if (!this.isSessionUser(t) || !t.locals.user) {
2797
2807
  const g = await this.sessionServer.getSessionData(t, "factor2change");
2798
2808
  g != null && g.username || this.isSessionUser(t) || (this.sessionServer.unauthorizedUrl && this.sessionServer.redirect(302, this.sessionServer.unauthorizedUrl), this.sessionServer.error(401, "Unauthorized")), e = g == null ? void 0 : g.username;
2799
2809
  }
2800
- let s = this.sessionServer.allowedFactor2 ?? [{ name: "none", friendlyName: "None", configurable: !1 }], i = {}, a = t.url.searchParams.get("required"), n;
2801
- a && (a = a.toLowerCase(), n = a == "true" || a == "1", n == !0 && (i.required = !0));
2810
+ let s = this.sessionServer.allowedFactor2 ?? [{ name: "none", friendlyName: "None", configurable: !1 }], a = {}, i = t.url.searchParams.get("required"), n;
2811
+ i && (i = i.toLowerCase(), n = i == "true" || i == "1", n == !0 && (a.required = !0));
2802
2812
  let l = t.url.searchParams.get("next");
2803
- return l && (i.next = l), {
2813
+ return l && (a.next = l), {
2804
2814
  allowedFactor2: s,
2805
- ...i,
2815
+ ...a,
2806
2816
  username: e,
2807
2817
  ...this.baseEndpoint(t)
2808
2818
  };
@@ -2812,12 +2822,12 @@ class we {
2812
2822
  default: async (t) => await this.changePassword(t)
2813
2823
  },
2814
2824
  load: async (t) => {
2815
- let e = {}, s = t.url.searchParams.get("required"), i, a = t.locals.user != null;
2816
- if (!a) {
2825
+ let e = {}, s = t.url.searchParams.get("required"), a, i = t.locals.user != null;
2826
+ if (!i) {
2817
2827
  const l = await this.sessionServer.getSessionData(t, "passwordchange");
2818
- l != null && l.username && (a = !0);
2828
+ l != null && l.username && (i = !0);
2819
2829
  }
2820
- a || this.sessionServer.redirect(302, this.loginUrl), s && (s = s.toLowerCase(), i = s == "true" || s == "1", i == !0 && (e.required = !0));
2830
+ i || this.sessionServer.redirect(302, this.loginUrl), s && (s = s.toLowerCase(), a = s == "true" || s == "1", a == !0 && (e.required = !0));
2821
2831
  let n = t.url.searchParams.get("next");
2822
2832
  return n && (e.next = n), {
2823
2833
  ...e,
@@ -2843,8 +2853,8 @@ class we {
2843
2853
  default: async (t) => await this.requestPasswordReset(t)
2844
2854
  },
2845
2855
  load: async (t) => {
2846
- let e = {}, s = t.url.searchParams.get("required"), i;
2847
- return s && (s = s.toLowerCase(), i = s == "true" || s == "1", i == !0 && (e.required = !0)), {
2856
+ let e = {}, s = t.url.searchParams.get("required"), a;
2857
+ return s && (s = s.toLowerCase(), a = s == "true" || s == "1", a == !0 && (e.required = !0)), {
2848
2858
  ...e,
2849
2859
  ...this.baseEndpoint(t)
2850
2860
  };
@@ -2864,14 +2874,14 @@ class we {
2864
2874
  try {
2865
2875
  return e = await this.resetPassword(t), e;
2866
2876
  } catch (s) {
2867
- const i = c.asCrossauthError(s);
2877
+ const a = c.asCrossauthError(s);
2868
2878
  if (p.isSvelteKitRedirect(s) || p.isSvelteKitError(s)) throw s;
2869
- return d.logger.debug(u({ err: i })), d.logger.error(u({ cerr: i })), {
2879
+ return d.logger.debug(f({ err: a })), d.logger.error(f({ cerr: a })), {
2870
2880
  ok: !1,
2871
2881
  tokenValidated: !1,
2872
2882
  error: e == null ? void 0 : e.error,
2873
- errorCode: i.code,
2874
- errorCodeName: i.codeName,
2883
+ errorCode: a.code,
2884
+ errorCodeName: a.codeName,
2875
2885
  ...this.baseEndpoint(t)
2876
2886
  };
2877
2887
  }
@@ -2894,7 +2904,7 @@ class we {
2894
2904
  };
2895
2905
  } catch (e) {
2896
2906
  const s = c.asCrossauthError(e);
2897
- return d.logger.debug(u({ err: s })), d.logger.error(u({ cerr: s })), {
2907
+ return d.logger.debug(f({ err: s })), d.logger.error(f({ cerr: s })), {
2898
2908
  tokenValidated: !1,
2899
2909
  error: s.message,
2900
2910
  errorCode: s.code,
@@ -2971,43 +2981,43 @@ class we {
2971
2981
  try {
2972
2982
  var t = new b();
2973
2983
  await t.loadData(r), o = t.toObject();
2974
- const e = t.get("username") ?? "", s = t.getAsBoolean("persist") ?? !1, i = o.next ?? this.loginRedirectUrl;
2984
+ const e = t.get("username") ?? "", s = t.getAsBoolean("persist") ?? !1, a = o.next ?? this.loginRedirectUrl;
2975
2985
  if (e == "") throw new c(h.InvalidUsername, "Username field may not be empty");
2976
- let a = this.addToSession ? this.addToSession(r, o) : {};
2986
+ let i = this.addToSession ? this.addToSession(r, o) : {};
2977
2987
  if (this.sessionServer.enableCsrfProtection && !r.locals.csrfToken) throw new c(h.InvalidCsrf);
2978
2988
  const n = this.sessionServer.getSessionCookieValue(r);
2979
- let { sessionCookie: l, csrfCookie: f, user: g } = await this.sessionServer.sessionManager.login(e, t.toObject(), a, s);
2980
- if (d.logger.debug(u({
2989
+ let { sessionCookie: l, csrfCookie: u, user: g } = await this.sessionServer.sessionManager.login(e, t.toObject(), i, s);
2990
+ if (d.logger.debug(f({
2981
2991
  msg: "Login: set session cookie " + l.name + " opts " + JSON.stringify(l.options),
2982
2992
  user: e
2983
2993
  })), r.cookies.set(
2984
2994
  l.name,
2985
2995
  l.value,
2986
2996
  P(l.options)
2987
- ), d.logger.debug(u({
2988
- msg: "Login: set csrf cookie " + f.name + " opts " + JSON.stringify(l.options),
2997
+ ), d.logger.debug(f({
2998
+ msg: "Login: set csrf cookie " + u.name + " opts " + JSON.stringify(l.options),
2989
2999
  user: e
2990
3000
  })), this.sessionServer.enableCsrfProtection && (r.cookies.set(
2991
- f.name,
2992
- f.value,
2993
- P(f.options)
2994
- ), r.locals.csrfToken = await this.sessionServer.sessionManager.createCsrfFormOrHeaderValue(f.value)), n)
3001
+ u.name,
3002
+ u.value,
3003
+ P(u.options)
3004
+ ), r.locals.csrfToken = await this.sessionServer.sessionManager.createCsrfFormOrHeaderValue(u.value)), n)
2995
3005
  try {
2996
3006
  await this.sessionServer.sessionManager.deleteSession(n);
2997
3007
  } catch (w) {
2998
- d.logger.warn(u({
3008
+ d.logger.warn(f({
2999
3009
  msg: "Couldn't delete session ID from database",
3000
3010
  hashOfSessionId: this.sessionServer.getHashOfSessionId(r)
3001
- })), d.logger.debug(u({ err: w }));
3011
+ })), d.logger.debug(f({ err: w }));
3002
3012
  }
3003
3013
  if (g.state == N.passwordChangeNeeded)
3004
- this.sessionServer.redirect(302, this.changePasswordUrl + "?required=true&next=" + encodeURIComponent("login?next=" + i));
3014
+ this.sessionServer.redirect(302, this.changePasswordUrl + "?required=true&next=" + encodeURIComponent("login?next=" + a));
3005
3015
  else {
3006
3016
  if (g.state == N.passwordResetNeeded)
3007
3017
  throw new c(h.PasswordResetNeeded, "Please click on the link we sent you to reset your password");
3008
3018
  if (g.state == N.passwordAndFactor2ResetNeeded)
3009
3019
  throw new c(h.PasswordResetNeeded, "Please click on the link we sent you to reset your password");
3010
- this.sessionServer.allowedFactor2.length > 0 && g.state == N.factor2ResetNeeded || !this.sessionServer.allowedFactor2Names.includes(g.factor2 ? g.factor2 : "none") ? this.sessionServer.redirect(302, this.changeFactor2Url + "?required=true&next=" + encodeURIComponent("login?next=" + i)) : (!g.factor2 || g.factor2 == "") && (r.locals.user = g);
3020
+ this.sessionServer.allowedFactor2.length > 0 && g.state == N.factor2ResetNeeded || !this.sessionServer.allowedFactor2Names.includes(g.factor2 ? g.factor2 : "none") ? this.sessionServer.redirect(302, this.changeFactor2Url + "?required=true&next=" + encodeURIComponent("login?next=" + a)) : (!g.factor2 || g.factor2 == "") && (r.locals.user = g);
3011
3021
  }
3012
3022
  return {
3013
3023
  user: g,
@@ -3018,7 +3028,7 @@ class we {
3018
3028
  } catch (e) {
3019
3029
  if (typeof e == "object" && e != null && "status" in e && "location" in e) throw e;
3020
3030
  let s = c.asCrossauthError(e, "Couldn't log in");
3021
- return d.logger.debug(u({ err: s })), d.logger.error(u({ cerr: s })), {
3031
+ return d.logger.debug(f({ err: s })), d.logger.error(f({ cerr: s })), {
3022
3032
  error: s.message,
3023
3033
  ok: !1,
3024
3034
  formData: o,
@@ -3033,29 +3043,29 @@ class we {
3033
3043
  async loginWithUser(r, o, t) {
3034
3044
  const e = t.locals.sessionId, s = new b();
3035
3045
  await s.loadData(t);
3036
- let i = this.addToSession ? this.addToSession(t, s.toObject()) : {}, { sessionCookie: a, csrfCookie: n, csrfFormOrHeaderValue: l } = await this.sessionServer.sessionManager.login("", {}, i, void 0, r, o);
3037
- if (d.logger.debug(u({
3038
- msg: "Login: set session cookie " + a.name + " opts " + JSON.stringify(a.options),
3046
+ let a = this.addToSession ? this.addToSession(t, s.toObject()) : {}, { sessionCookie: i, csrfCookie: n, csrfFormOrHeaderValue: l } = await this.sessionServer.sessionManager.login("", {}, a, void 0, r, o);
3047
+ if (d.logger.debug(f({
3048
+ msg: "Login: set session cookie " + i.name + " opts " + JSON.stringify(i.options),
3039
3049
  user: r.username
3040
3050
  })), t.cookies.set(
3041
- a.name,
3042
- a.value,
3043
- P(a.options)
3044
- ), d.logger.debug(u({
3045
- msg: "Login: set csrf cookie " + n.name + " opts " + JSON.stringify(a.options),
3051
+ i.name,
3052
+ i.value,
3053
+ P(i.options)
3054
+ ), d.logger.debug(f({
3055
+ msg: "Login: set csrf cookie " + n.name + " opts " + JSON.stringify(i.options),
3046
3056
  user: r.username
3047
3057
  })), this.sessionServer.enableCsrfProtection && t.cookies.set(
3048
3058
  n.name,
3049
3059
  n.value,
3050
3060
  P(n.options)
3051
- ), t.locals.user = r, t.locals.csrfToken = l, t.locals.sessionId = this.sessionServer.sessionManager.getSessionId(a.value), e)
3061
+ ), t.locals.user = r, t.locals.csrfToken = l, t.locals.sessionId = this.sessionServer.sessionManager.getSessionId(i.value), e)
3052
3062
  try {
3053
3063
  await this.sessionServer.sessionManager.deleteSession(e);
3054
- } catch (f) {
3055
- d.logger.warn(u({
3064
+ } catch (u) {
3065
+ d.logger.warn(f({
3056
3066
  msg: "Couldn't delete session ID from database",
3057
3067
  hashOfSessionId: this.sessionServer.getHashOfSessionId(t)
3058
- })), d.logger.debug(u({ err: f }));
3068
+ })), d.logger.debug(f({ err: u }));
3059
3069
  }
3060
3070
  return {
3061
3071
  user: r,
@@ -3079,14 +3089,14 @@ class we {
3079
3089
  */
3080
3090
  async logout(r) {
3081
3091
  try {
3082
- if (r.locals.sessionId && await this.sessionServer.sessionManager.logout(r.locals.sessionId), d.logger.debug(u({ msg: "Logout: clear cookie " + this.sessionServer.sessionManager.sessionCookieName })), r.cookies.delete(this.sessionServer.sessionManager.sessionCookieName, { path: "/" }), this.sessionServer.enableCsrfProtection && r.cookies.delete(this.sessionServer.sessionManager.csrfCookieName, { path: "/" }), r.locals.sessionId)
3092
+ if (r.locals.sessionId && await this.sessionServer.sessionManager.logout(r.locals.sessionId), d.logger.debug(f({ msg: "Logout: clear cookie " + this.sessionServer.sessionManager.sessionCookieName })), r.cookies.delete(this.sessionServer.sessionManager.sessionCookieName, { path: "/" }), this.sessionServer.enableCsrfProtection && r.cookies.delete(this.sessionServer.sessionManager.csrfCookieName, { path: "/" }), r.locals.sessionId)
3083
3093
  try {
3084
3094
  await this.sessionServer.sessionManager.deleteSession(r.locals.sessionId);
3085
3095
  } catch (o) {
3086
- d.logger.warn(u({
3096
+ d.logger.warn(f({
3087
3097
  msg: "Couldn't delete session ID from database",
3088
3098
  hashOfSessionId: this.sessionServer.getHashOfSessionId(r)
3089
- })), d.logger.debug(u({ err: o }));
3099
+ })), d.logger.debug(f({ err: o }));
3090
3100
  }
3091
3101
  if (r.locals.sessionId = void 0, r.locals.user = void 0, this.sessionServer.enableCsrfProtection) {
3092
3102
  r.locals.csrfToken = void 0, r.cookies.delete(this.sessionServer.sessionManager.csrfCookieName, { path: "/" });
@@ -3096,7 +3106,7 @@ class we {
3096
3106
  return { ok: !0 };
3097
3107
  } catch (o) {
3098
3108
  const t = c.asCrossauthError(o);
3099
- return d.logger.debug(u({ err: t })), d.logger.error(u({ cerr: t })), {
3109
+ return d.logger.debug(f({ err: t })), d.logger.error(f({ cerr: t })), {
3100
3110
  ok: !1,
3101
3111
  error: t.message,
3102
3112
  errorCode: t.code,
@@ -3166,18 +3176,18 @@ class we {
3166
3176
  "Illegal second factor " + o.factor2 + " requested"
3167
3177
  );
3168
3178
  (o.factor2 == "none" || o.factor2 == "") && (o.factor2 = void 0), s = this.sessionServer.createUserFn(r, o, this.sessionServer.userStorage.userEditableFields);
3169
- let i = this.sessionServer.authenticators[s.factor1].validateSecrets(o);
3170
- const a = this.sessionServer.authenticators[s.factor1].secretNames();
3179
+ let a = this.sessionServer.authenticators[s.factor1].validateSecrets(o);
3180
+ const i = this.sessionServer.authenticators[s.factor1].secretNames();
3171
3181
  let n = {};
3172
3182
  for (let w in o)
3173
3183
  if (w.startsWith("repeat_")) {
3174
3184
  const m = w.replace(/^repeat_/, "");
3175
- a.includes(m) && (n[m] = o[w]);
3185
+ i.includes(m) && (n[m] = o[w]);
3176
3186
  }
3177
3187
  Object.keys(n).length === 0 && (n = void 0), s.state = "active", o.factor2 && o.factor2 != "none" ? s.state = "awaitingtwofactor" : this.sessionServer.enableEmailVerification && (s.state = "awaitingemailverification");
3178
- let f = [...this.sessionServer.validateUserFn(s), ...i];
3179
- if (f.length > 0)
3180
- throw new c(h.FormEntry, f);
3188
+ let u = [...this.sessionServer.validateUserFn(s), ...a];
3189
+ if (u.length > 0)
3190
+ throw new c(h.FormEntry, u);
3181
3191
  let g = !1;
3182
3192
  try {
3183
3193
  const { user: w, secrets: m } = await this.sessionServer.userStorage.getUserByUsername(e);
@@ -3213,18 +3223,18 @@ class we {
3213
3223
  };
3214
3224
  return this.sessionServer.enableCsrfProtection && (m.csrfToken = r.locals.csrfToken), { factor2Data: m, ok: !0, factor2Required: !0, formData: o };
3215
3225
  } catch (m) {
3216
- d.logger.error(u({ err: m }));
3226
+ d.logger.error(f({ err: m }));
3217
3227
  try {
3218
3228
  this.sessionServer.sessionManager.deleteUserByUsername(e);
3219
3229
  } catch (S) {
3220
- d.logger.error(u({ err: S }));
3230
+ d.logger.error(f({ err: S }));
3221
3231
  }
3222
3232
  }
3223
3233
  }
3224
3234
  return { user: s, formData: o, ok: !0 };
3225
3235
  } catch (e) {
3226
3236
  let s = c.asCrossauthError(e, "Couldn't sign up");
3227
- return d.logger.debug(u({ err: s })), d.logger.error(u({ cerr: s })), {
3237
+ return d.logger.debug(f({ err: s })), d.logger.error(f({ cerr: s })), {
3228
3238
  error: s.message,
3229
3239
  ok: !1,
3230
3240
  formData: o,
@@ -3275,7 +3285,7 @@ class we {
3275
3285
  };
3276
3286
  } catch (t) {
3277
3287
  const e = c.asCrossauthError(t);
3278
- return d.logger.debug(u({ err: t })), d.logger.error(u({ cerr: t })), {
3288
+ return d.logger.debug(f({ err: t })), d.logger.error(f({ cerr: t })), {
3279
3289
  ok: !1,
3280
3290
  error: e.message,
3281
3291
  errorCode: e.code,
@@ -3309,8 +3319,8 @@ class we {
3309
3319
  try {
3310
3320
  var s = new b();
3311
3321
  await s.loadData(r), o = s.toObject();
3312
- const i = await this.sessionServer.getSessionData(r, "2fa");
3313
- if (i != null && i.factor2) e = i == null ? void 0 : i.factor2;
3322
+ const a = await this.sessionServer.getSessionData(r, "2fa");
3323
+ if (a != null && a.factor2) e = a == null ? void 0 : a.factor2;
3314
3324
  else throw new c(h.BadRequest, "Two factor authentication was not started");
3315
3325
  if (this.isSessionUser(r) && this.sessionServer.enableCsrfProtection && !r.locals.csrfToken)
3316
3326
  throw new c(h.InvalidCsrf);
@@ -3318,17 +3328,17 @@ class we {
3318
3328
  h.Unauthorized,
3319
3329
  "No session active while enabling 2FA. Please enable cookies"
3320
3330
  );
3321
- let a = await this.sessionServer.sessionManager.completeTwoFactorSetup(
3331
+ let i = await this.sessionServer.sessionManager.completeTwoFactorSetup(
3322
3332
  o,
3323
3333
  r.locals.sessionId
3324
3334
  );
3325
- return this.sessionServer.enableEmailVerification || await this.loginWithUser(a, !0, r), r.locals.user ? {
3335
+ return this.sessionServer.enableEmailVerification || await this.loginWithUser(i, !0, r), r.locals.user ? {
3326
3336
  ok: !0,
3327
- user: a,
3337
+ user: i,
3328
3338
  emailVerificationRequired: this.sessionServer.enableEmailVerification
3329
- } : await this.loginWithUser(a, !0, r);
3330
- } catch (i) {
3331
- const a = c.asCrossauthError(i);
3339
+ } : await this.loginWithUser(i, !0, r);
3340
+ } catch (a) {
3341
+ const i = c.asCrossauthError(a);
3332
3342
  let n;
3333
3343
  try {
3334
3344
  n = (await this.sessionServer.sessionManager.repeatTwoFactorSignup(r.locals.sessionId ?? "")).userData;
@@ -3339,11 +3349,11 @@ class we {
3339
3349
  csrfToken: r.locals.csrfToken,
3340
3350
  username: n.username ?? "",
3341
3351
  factor2: e
3342
- }), d.logger.debug(u({ err: i })), d.logger.error(u({ cerr: i })), {
3352
+ }), d.logger.debug(f({ err: a })), d.logger.error(f({ cerr: a })), {
3343
3353
  ok: !1,
3344
- error: a.message,
3345
- errorCode: a.code,
3346
- errorCodeName: a.codeName,
3354
+ error: i.message,
3355
+ errorCode: i.code,
3356
+ errorCodeName: i.codeName,
3347
3357
  formData: o,
3348
3358
  factor2Data: t,
3349
3359
  emailVerificationRequired: this.sessionServer.enableEmailVerification
@@ -3379,22 +3389,22 @@ class we {
3379
3389
  if (!s) throw new c(h.Unauthorized);
3380
3390
  if (this.isSessionUser(r) && this.sessionServer.enableCsrfProtection && !r.locals.csrfToken)
3381
3391
  throw new c(h.InvalidCsrf);
3382
- let i = this.addToSession ? this.addToSession(r, o) : {};
3383
- const { sessionCookie: a, csrfCookie: n, user: l } = await this.sessionServer.sessionManager.completeTwoFactorLogin(
3392
+ let a = this.addToSession ? this.addToSession(r, o) : {};
3393
+ const { sessionCookie: i, csrfCookie: n, user: l } = await this.sessionServer.sessionManager.completeTwoFactorLogin(
3384
3394
  o,
3385
3395
  s,
3386
- i,
3396
+ a,
3387
3397
  e
3388
3398
  );
3389
- return d.logger.debug(u({
3390
- msg: "Login: set session cookie " + a.name + " opts " + JSON.stringify(a.options),
3399
+ return d.logger.debug(f({
3400
+ msg: "Login: set session cookie " + i.name + " opts " + JSON.stringify(i.options),
3391
3401
  user: l == null ? void 0 : l.username
3392
3402
  })), r.cookies.set(
3393
- a.name,
3394
- a.value,
3395
- P(a.options)
3396
- ), d.logger.debug(u({
3397
- msg: "Login: set csrf cookie " + n.name + " opts " + JSON.stringify(a.options),
3403
+ i.name,
3404
+ i.value,
3405
+ P(i.options)
3406
+ ), d.logger.debug(f({
3407
+ msg: "Login: set csrf cookie " + n.name + " opts " + JSON.stringify(i.options),
3398
3408
  user: l == null ? void 0 : l.username
3399
3409
  })), r.cookies.set(
3400
3410
  n.name,
@@ -3406,7 +3416,7 @@ class we {
3406
3416
  };
3407
3417
  } catch (e) {
3408
3418
  const s = c.asCrossauthError(e);
3409
- return d.logger.debug(u({ err: e })), d.logger.error(u({ cerr: e })), {
3419
+ return d.logger.debug(f({ err: e })), d.logger.error(f({ cerr: e })), {
3410
3420
  ok: !1,
3411
3421
  error: s.message,
3412
3422
  errorCode: s.code,
@@ -3432,7 +3442,7 @@ class we {
3432
3442
  return await this.sessionServer.sessionManager.requestPasswordReset(e), { formData: o, ok: !0 };
3433
3443
  } catch (e) {
3434
3444
  let s = c.asCrossauthError(e, "Couldn't log in");
3435
- return d.logger.debug(u({ err: e })), d.logger.error(u({ cerr: e })), {
3445
+ return d.logger.debug(f({ err: e })), d.logger.error(f({ cerr: e })), {
3436
3446
  error: s.message,
3437
3447
  errorCode: s.code,
3438
3448
  errorCodeName: s.codeName,
@@ -3460,7 +3470,7 @@ class we {
3460
3470
  * - `formData` the form fields extracted from the request
3461
3471
  */
3462
3472
  async validatePasswordResetToken(r) {
3463
- d.logger.debug(u({ msg: "validatePasswordResetToken " + r.request.method }));
3473
+ d.logger.debug(f({ msg: "validatePasswordResetToken " + r.request.method }));
3464
3474
  try {
3465
3475
  const o = r.params.token;
3466
3476
  if (!o) throw new c(h.InvalidToken, "Invalid email verification token");
@@ -3471,7 +3481,7 @@ class we {
3471
3481
  };
3472
3482
  } catch (o) {
3473
3483
  const t = c.asCrossauthError(o);
3474
- return d.logger.debug(u({ err: t })), d.logger.error(u({ cerr: t })), {
3484
+ return d.logger.debug(f({ err: t })), d.logger.error(f({ cerr: t })), {
3475
3485
  ok: !1,
3476
3486
  error: t.message,
3477
3487
  errorCode: t.code,
@@ -3499,7 +3509,7 @@ class we {
3499
3509
  * - `formData` the form fields extracted from the request
3500
3510
  */
3501
3511
  async resetPassword(r) {
3502
- d.logger.debug(u({ msg: "resetPassword" }));
3512
+ d.logger.debug(f({ msg: "resetPassword" }));
3503
3513
  let o;
3504
3514
  try {
3505
3515
  var t = new b();
@@ -3512,17 +3522,17 @@ class we {
3512
3522
  );
3513
3523
  const e = r.params.token ?? "";
3514
3524
  if (e == "") throw new c(h.InvalidUsername, "No token provided");
3515
- const s = await this.sessionServer.sessionManager.userForPasswordResetToken(e), i = this.sessionServer.authenticators[s.factor1], a = i.secretNames();
3525
+ const s = await this.sessionServer.sessionManager.userForPasswordResetToken(e), a = this.sessionServer.authenticators[s.factor1], i = a.secretNames();
3516
3526
  let n = {}, l = {};
3517
3527
  for (let w in o)
3518
3528
  if (w.startsWith("new_")) {
3519
3529
  const m = w.replace(/^new_/, "");
3520
- a.includes(m) && (n[m] = o[w]);
3530
+ i.includes(m) && (n[m] = o[w]);
3521
3531
  } else if (w.startsWith("repeat_")) {
3522
3532
  const m = w.replace(/^repeat_/, "");
3523
- a.includes(m) && (l[m] = o[w]);
3533
+ i.includes(m) && (l[m] = o[w]);
3524
3534
  }
3525
- if (Object.keys(l).length === 0 && (l = void 0), i.validateSecrets(n).length > 0)
3535
+ if (Object.keys(l).length === 0 && (l = void 0), a.validateSecrets(n).length > 0)
3526
3536
  throw new c(h.PasswordFormat);
3527
3537
  const g = await this.sessionServer.sessionManager.resetSecret(e, 1, n, l);
3528
3538
  if (g.state == N.active)
@@ -3534,7 +3544,7 @@ class we {
3534
3544
  } catch (e) {
3535
3545
  if (p.isSvelteKitRedirect(e)) throw e;
3536
3546
  let s = c.asCrossauthError(e, "Couldn't log in");
3537
- return d.logger.debug(u({ err: s })), d.logger.error(u({ cerr: s })), {
3547
+ return d.logger.debug(f({ err: s })), d.logger.error(f({ cerr: s })), {
3538
3548
  error: s.message,
3539
3549
  errorCode: s.code,
3540
3550
  errorCodeName: s.codeName,
@@ -3584,7 +3594,7 @@ class we {
3584
3594
  };
3585
3595
  } catch (o) {
3586
3596
  let t = c.asCrossauthError(o, "2FA failed");
3587
- return d.logger.debug(u({ err: t })), d.logger.error(u({ cerr: t })), {
3597
+ return d.logger.debug(f({ err: t })), d.logger.error(f({ cerr: t })), {
3588
3598
  error: t.message,
3589
3599
  errorCode: t.code,
3590
3600
  errorCodeName: t.codeName,
@@ -3611,7 +3621,7 @@ class we {
3611
3621
  * - `formData` the form fields extracted from the request
3612
3622
  */
3613
3623
  async changePassword(r) {
3614
- d.logger.debug(u({ msg: "changePassword" }));
3624
+ d.logger.debug(f({ msg: "changePassword" }));
3615
3625
  let o;
3616
3626
  try {
3617
3627
  if (!this.sessionServer.userStorage) throw new c(h.Configuration, "Must provide user storage to use this function");
@@ -3637,20 +3647,20 @@ class we {
3637
3647
  e = r.locals.user;
3638
3648
  } else
3639
3649
  throw new c(h.InsufficientPriviledges);
3640
- const i = this.sessionServer.authenticators[e.factor1], a = i.secretNames();
3641
- let n = {}, l = {}, f = {};
3650
+ const a = this.sessionServer.authenticators[e.factor1], i = a.secretNames();
3651
+ let n = {}, l = {}, u = {};
3642
3652
  for (let m in o)
3643
3653
  if (m.startsWith("new_")) {
3644
3654
  const S = m.replace(/^new_/, "");
3645
- a.includes(S) && (l[S] = o[m]);
3655
+ i.includes(S) && (l[S] = o[m]);
3646
3656
  } else if (m.startsWith("old_")) {
3647
3657
  const S = m.replace(/^old_/, "");
3648
- a.includes(S) && (n[S] = o[m]);
3658
+ i.includes(S) && (n[S] = o[m]);
3649
3659
  } else if (m.startsWith("repeat_")) {
3650
3660
  const S = m.replace(/^repeat_/, "");
3651
- a.includes(S) && (f[S] = o[m]);
3661
+ i.includes(S) && (u[S] = o[m]);
3652
3662
  }
3653
- if (Object.keys(f).length === 0 && (f = void 0), i.validateSecrets(l).length > 0)
3663
+ if (Object.keys(u).length === 0 && (u = void 0), a.validateSecrets(l).length > 0)
3654
3664
  throw new c(h.PasswordFormat);
3655
3665
  const w = e.state;
3656
3666
  try {
@@ -3658,16 +3668,16 @@ class we {
3658
3668
  e.username,
3659
3669
  1,
3660
3670
  l,
3661
- f,
3671
+ u,
3662
3672
  n
3663
3673
  );
3664
3674
  } catch (m) {
3665
3675
  const S = c.asCrossauthError(m);
3666
- if (d.logger.debug(u({ err: m })), s)
3676
+ if (d.logger.debug(f({ err: m })), s)
3667
3677
  try {
3668
3678
  await this.sessionServer.userStorage.updateUser({ id: e.id, state: w });
3669
3679
  } catch (C) {
3670
- d.logger.debug(u({ err: C }));
3680
+ d.logger.debug(f({ err: C }));
3671
3681
  }
3672
3682
  throw S;
3673
3683
  }
@@ -3677,7 +3687,7 @@ class we {
3677
3687
  };
3678
3688
  } catch (e) {
3679
3689
  let s = c.asCrossauthError(e, "Couldn't change password");
3680
- return d.logger.debug(u({ err: s })), d.logger.error(u({ cerr: s })), {
3690
+ return d.logger.debug(f({ err: s })), d.logger.error(f({ cerr: s })), {
3681
3691
  error: s.message,
3682
3692
  ok: !1,
3683
3693
  errorCode: s.code,
@@ -3700,7 +3710,7 @@ class we {
3700
3710
  * exception was raised
3701
3711
  */
3702
3712
  async deleteUser(r) {
3703
- d.logger.debug(u({ msg: "deleteUser" }));
3713
+ d.logger.debug(f({ msg: "deleteUser" }));
3704
3714
  try {
3705
3715
  if (!this.sessionServer.userStorage) throw new c(h.Configuration, "Must provide user storage to use this function");
3706
3716
  if (this.sessionServer.enableCsrfProtection && !r.locals.csrfToken)
@@ -3712,7 +3722,7 @@ class we {
3712
3722
  };
3713
3723
  } catch (o) {
3714
3724
  let t = c.asCrossauthError(o, "Couldn't delete account");
3715
- return d.logger.debug(u({ err: t })), d.logger.error(u({ cerr: t })), {
3725
+ return d.logger.debug(f({ err: t })), d.logger.error(f({ cerr: t })), {
3716
3726
  error: t.message,
3717
3727
  errorCode: t.code,
3718
3728
  errorCodeName: t.codeName,
@@ -3745,7 +3755,7 @@ class we {
3745
3755
  * the link emailed to them to complete signup.
3746
3756
  */
3747
3757
  async updateUser(r) {
3748
- d.logger.debug(u({ msg: "updateUser" }));
3758
+ d.logger.debug(f({ msg: "updateUser" }));
3749
3759
  let o;
3750
3760
  try {
3751
3761
  if (!this.sessionServer.userStorage) throw new c(h.Configuration, "Must provide user storage to use this function");
@@ -3768,19 +3778,19 @@ class we {
3768
3778
  let s = this.sessionServer.validateUserFn(e);
3769
3779
  if (s.length > 0)
3770
3780
  throw new c(h.FormEntry, s);
3771
- let { emailVerificationTokenSent: i } = await this.sessionServer.sessionManager.updateUser(r.locals.user, e);
3772
- if (!i) {
3773
- const a = await this.sessionServer.userStorage.getUserById(r.locals.user.id);
3774
- r.locals.user = a.user;
3781
+ let { emailVerificationTokenSent: a } = await this.sessionServer.sessionManager.updateUser(r.locals.user, e);
3782
+ if (!a) {
3783
+ const i = await this.sessionServer.userStorage.getUserById(r.locals.user.id);
3784
+ r.locals.user = i.user;
3775
3785
  }
3776
3786
  return {
3777
3787
  ok: !0,
3778
3788
  formData: o,
3779
- emailVerificationNeeded: i
3789
+ emailVerificationNeeded: a
3780
3790
  };
3781
3791
  } catch (e) {
3782
3792
  let s = c.asCrossauthError(e, "Couldn't update account");
3783
- return d.logger.debug(u({ err: s })), d.logger.error(u({ cerr: s })), {
3793
+ return d.logger.debug(f({ err: s })), d.logger.error(f({ cerr: s })), {
3784
3794
  error: s.message,
3785
3795
  errorCode: s.code,
3786
3796
  errorCodeName: s.codeName,
@@ -3812,7 +3822,7 @@ class we {
3812
3822
  */
3813
3823
  async changeFactor2(r) {
3814
3824
  var e;
3815
- d.logger.debug(u({ msg: "updateUser" }));
3825
+ d.logger.debug(f({ msg: "updateUser" }));
3816
3826
  let o;
3817
3827
  try {
3818
3828
  if (!this.sessionServer.userStorage) throw new c(h.Configuration, "Must provide user storage to use this function");
@@ -3824,32 +3834,32 @@ class we {
3824
3834
  const l = await this.sessionServer.getSessionData(r, "factor2change");
3825
3835
  l != null && l.username || this.isSessionUser(r) || (this.sessionServer.unauthorizedUrl && this.sessionServer.redirect(302, this.sessionServer.unauthorizedUrl), this.sessionServer.error(401, "Unauthorized")), s = l == null ? void 0 : l.username;
3826
3836
  }
3827
- let i = r.locals.user;
3828
- if (!i && s && (i = (await this.sessionServer.userStorage.getUserByUsername(
3837
+ let a = r.locals.user;
3838
+ if (!a && s && (a = (await this.sessionServer.userStorage.getUserByUsername(
3829
3839
  s,
3830
3840
  {
3831
3841
  skipActiveCheck: !0,
3832
3842
  skipEmailVerifiedCheck: !0
3833
3843
  }
3834
- )).user), !i)
3844
+ )).user), !a)
3835
3845
  throw new c(h.InsufficientPriviledges);
3836
3846
  if (!r.locals.sessionId)
3837
3847
  throw new c(h.Unauthorized);
3838
- let a = o.factor2;
3848
+ let i = o.factor2;
3839
3849
  if (o.factor2 && !this.sessionServer.allowedFactor2Names.includes(o.factor2))
3840
3850
  throw new c(
3841
3851
  h.Forbidden,
3842
3852
  "Illegal second factor " + o.factor2 + " requested"
3843
3853
  );
3844
- if ((o.factor2 == "none" || o.factor2 == "") && (a = void 0, !r.locals.user))
3845
- return await this.loginWithUser(i, !0, r);
3846
- const n = await this.sessionServer.sessionManager.initiateTwoFactorSetup(i, a, r.locals.sessionId);
3847
- return a ? {
3854
+ if ((o.factor2 == "none" || o.factor2 == "") && (i = void 0, !r.locals.user))
3855
+ return await this.loginWithUser(a, !0, r);
3856
+ const n = await this.sessionServer.sessionManager.initiateTwoFactorSetup(a, i, r.locals.sessionId);
3857
+ return i ? {
3848
3858
  ok: !0,
3849
3859
  formData: o,
3850
3860
  factor2Data: {
3851
- username: i.username,
3852
- factor2: a ?? "",
3861
+ username: a.username,
3862
+ factor2: i ?? "",
3853
3863
  userData: n,
3854
3864
  csrfToken: r.locals.csrfToken
3855
3865
  }
@@ -3858,11 +3868,11 @@ class we {
3858
3868
  formData: o
3859
3869
  };
3860
3870
  } catch (s) {
3861
- let i = c.asCrossauthError(s, "Couldn't update account");
3862
- return d.logger.debug(u({ err: i })), d.logger.error(u({ cerr: i })), {
3863
- error: i.message,
3864
- errorCode: i.code,
3865
- errorCodeName: i.codeName,
3871
+ let a = c.asCrossauthError(s, "Couldn't update account");
3872
+ return d.logger.debug(f({ err: a })), d.logger.error(f({ cerr: a })), {
3873
+ error: a.message,
3874
+ errorCode: a.code,
3875
+ errorCodeName: a.codeName,
3866
3876
  ok: !1,
3867
3877
  formData: o
3868
3878
  };
@@ -3888,7 +3898,7 @@ class we {
3888
3898
  */
3889
3899
  async reconfigureFactor2(r) {
3890
3900
  var e;
3891
- d.logger.debug(u({ msg: "updateUser" }));
3901
+ d.logger.debug(f({ msg: "updateUser" }));
3892
3902
  let o;
3893
3903
  try {
3894
3904
  if (!this.sessionServer.userStorage) throw new c(h.Configuration, "Must provide user storage to use this function");
@@ -3897,50 +3907,50 @@ class we {
3897
3907
  throw new c(h.InvalidCsrf);
3898
3908
  let s = (e = r.locals.user) == null ? void 0 : e.username;
3899
3909
  if (!this.isSessionUser(r) || !r.locals.user) {
3900
- const f = await this.sessionServer.getSessionData(r, "factor2change");
3901
- f != null && f.username || this.isSessionUser(r) || (this.sessionServer.unauthorizedUrl && this.sessionServer.redirect(302, this.sessionServer.unauthorizedUrl), this.sessionServer.error(401, "Unauthorized")), s = f == null ? void 0 : f.username;
3910
+ const u = await this.sessionServer.getSessionData(r, "factor2change");
3911
+ u != null && u.username || this.isSessionUser(r) || (this.sessionServer.unauthorizedUrl && this.sessionServer.redirect(302, this.sessionServer.unauthorizedUrl), this.sessionServer.error(401, "Unauthorized")), s = u == null ? void 0 : u.username;
3902
3912
  }
3903
- let i = r.locals.user;
3904
- if (!i && s && (i = (await this.sessionServer.userStorage.getUserByUsername(
3913
+ let a = r.locals.user;
3914
+ if (!a && s && (a = (await this.sessionServer.userStorage.getUserByUsername(
3905
3915
  s,
3906
3916
  {
3907
3917
  skipActiveCheck: !0,
3908
3918
  skipEmailVerifiedCheck: !0
3909
3919
  }
3910
- )).user), !i)
3920
+ )).user), !a)
3911
3921
  throw new c(h.InsufficientPriviledges);
3912
3922
  if (!r.locals.sessionId)
3913
3923
  throw new c(h.Unauthorized);
3914
3924
  if (!r.locals.sessionId)
3915
3925
  throw new c(h.Unauthorized);
3916
- let a = i.factor2;
3917
- const n = this.sessionServer.authenticators[a];
3926
+ let i = a.factor2;
3927
+ const n = this.sessionServer.authenticators[i];
3918
3928
  if (!n || n.secretNames().length == 0)
3919
3929
  throw new c(
3920
3930
  h.BadRequest,
3921
3931
  "Selected second factor does not have configuration"
3922
3932
  );
3923
3933
  const l = await this.sessionServer.sessionManager.initiateTwoFactorSetup(
3924
- i,
3925
3934
  a,
3935
+ i,
3926
3936
  r.locals.sessionId
3927
3937
  );
3928
3938
  return {
3929
3939
  ok: !0,
3930
3940
  formData: o,
3931
3941
  factor2Data: {
3932
- username: i.username,
3933
- factor2: i.factor2 ?? "",
3942
+ username: a.username,
3943
+ factor2: a.factor2 ?? "",
3934
3944
  userData: l,
3935
3945
  csrfToken: r.locals.csrfToken
3936
3946
  }
3937
3947
  };
3938
3948
  } catch (s) {
3939
- let i = c.asCrossauthError(s, "Couldn't update account");
3940
- return d.logger.debug(u({ err: i })), d.logger.error(u({ cerr: i })), {
3941
- error: i.message,
3942
- errorCode: i.code,
3943
- errorCodeName: i.codeName,
3949
+ let a = c.asCrossauthError(s, "Couldn't update account");
3950
+ return d.logger.debug(f({ err: a })), d.logger.error(f({ cerr: a })), {
3951
+ error: a.message,
3952
+ errorCode: a.code,
3953
+ errorCodeName: a.codeName,
3944
3954
  ok: !1,
3945
3955
  formData: o
3946
3956
  };
@@ -3962,16 +3972,16 @@ async function me(k, r, o = 0, t = 10) {
3962
3972
  const { user: s } = await r.getUserByUsername(k);
3963
3973
  e.push(s);
3964
3974
  } catch (s) {
3965
- const i = c.asCrossauthError(s);
3966
- if (i.code != h.UserNotExist)
3967
- throw d.logger.debug(u({ err: i })), i;
3975
+ const a = c.asCrossauthError(s);
3976
+ if (a.code != h.UserNotExist)
3977
+ throw d.logger.debug(f({ err: a })), a;
3968
3978
  try {
3969
- const { user: a } = await r.getUserByEmail(k);
3970
- e.push(a);
3971
- } catch (a) {
3972
- const n = c.asCrossauthError(a);
3979
+ const { user: i } = await r.getUserByEmail(k);
3980
+ e.push(i);
3981
+ } catch (i) {
3982
+ const n = c.asCrossauthError(i);
3973
3983
  if (n.code != h.UserNotExist)
3974
- throw d.logger.debug(u({ err: n })), i;
3984
+ throw d.logger.debug(f({ err: n })), a;
3975
3985
  }
3976
3986
  }
3977
3987
  return e;
@@ -3990,12 +4000,12 @@ class ke {
3990
4000
  }, this.updateUserEndpoint = {
3991
4001
  actions: {
3992
4002
  default: async (t) => {
3993
- var i, a, n;
4003
+ var a, i, n;
3994
4004
  const e = await this.getUserFromParam(t);
3995
4005
  return e.exception || !e.user ? {
3996
4006
  ok: !1,
3997
- error: ((i = e.exception) == null ? void 0 : i.message) ?? "Couldn't get user",
3998
- errorCode: (a = e.exception) == null ? void 0 : a.code,
4007
+ error: ((a = e.exception) == null ? void 0 : a.message) ?? "Couldn't get user",
4008
+ errorCode: (i = e.exception) == null ? void 0 : i.code,
3999
4009
  errorCodeName: (n = e.exception) == null ? void 0 : n.codeName
4000
4010
  } : await this.updateUser(e.user, t);
4001
4011
  }
@@ -4017,12 +4027,12 @@ class ke {
4017
4027
  }, this.changePasswordEndpoint = {
4018
4028
  actions: {
4019
4029
  default: async (t) => {
4020
- var i, a, n;
4030
+ var a, i, n;
4021
4031
  const e = await this.getUserFromParam(t);
4022
4032
  return e.exception || !e.user ? {
4023
4033
  ok: !1,
4024
- error: ((i = e.exception) == null ? void 0 : i.message) ?? "Couldn't get user",
4025
- errorCode: (a = e.exception) == null ? void 0 : a.code,
4034
+ error: ((a = e.exception) == null ? void 0 : a.message) ?? "Couldn't get user",
4035
+ errorCode: (i = e.exception) == null ? void 0 : i.code,
4026
4036
  errorCodeName: (n = e.exception) == null ? void 0 : n.codeName
4027
4037
  } : await this.changePassword(e.user, t);
4028
4038
  }
@@ -4035,8 +4045,8 @@ class ke {
4035
4045
  editUser: e.user,
4036
4046
  ...this.baseEndpoint(t)
4037
4047
  };
4038
- let s = {}, i = t.url.searchParams.get("next");
4039
- return i && (s.next = i), {
4048
+ let s = {}, a = t.url.searchParams.get("next");
4049
+ return a && (s.next = a), {
4040
4050
  ...s,
4041
4051
  editUser: e.user,
4042
4052
  ...this.baseEndpoint(t)
@@ -4058,15 +4068,15 @@ class ke {
4058
4068
  default: async (t) => await this.deleteUser(t)
4059
4069
  },
4060
4070
  load: async (t) => {
4061
- var s, i, a;
4071
+ var s, a, i;
4062
4072
  const e = await this.getUserFromParam(t);
4063
4073
  return e.exception || !e.user ? {
4064
4074
  error: "User doesn't exist",
4065
4075
  errorCode: (s = e.exception) == null ? void 0 : s.code,
4066
- errorCodeName: (i = e.exception) == null ? void 0 : i.codeName,
4076
+ errorCodeName: (a = e.exception) == null ? void 0 : a.codeName,
4067
4077
  ...this.baseEndpoint(t)
4068
4078
  } : {
4069
- username: (a = e.user) == null ? void 0 : a.username,
4079
+ username: (i = e.user) == null ? void 0 : i.username,
4070
4080
  ...this.baseEndpoint(t)
4071
4081
  };
4072
4082
  }
@@ -4117,20 +4127,20 @@ class ke {
4117
4127
  try {
4118
4128
  if (!this.sessionServer.userStorage) throw new c(h.Configuration, "Must provide user storage to use this function");
4119
4129
  (!r.locals.user || !p.isAdminFn(r.locals.user)) && this.sessionServer.error(401);
4120
- let s = [], i = [], a = [];
4130
+ let s = [], a = [], i = [];
4121
4131
  if (!t)
4122
4132
  try {
4123
4133
  const l = r.url.searchParams.get("skip");
4124
4134
  l && (t = parseInt(l));
4125
4135
  } catch (l) {
4126
- d.logger.warn(u({ cerr: l, msg: "skip parameter is not an integer" }));
4136
+ d.logger.warn(f({ cerr: l, msg: "skip parameter is not an integer" }));
4127
4137
  }
4128
4138
  if (t || (t = 0), !e)
4129
4139
  try {
4130
4140
  const l = r.url.searchParams.get("take");
4131
4141
  l && (e = parseInt(l));
4132
4142
  } catch (l) {
4133
- d.logger.warn(u({ cerr: l, msg: "take parameter is not an integer" }));
4143
+ d.logger.warn(f({ cerr: l, msg: "take parameter is not an integer" }));
4134
4144
  }
4135
4145
  e || (e = 10);
4136
4146
  const n = r.url.searchParams.get("search");
@@ -4139,7 +4149,7 @@ class ke {
4139
4149
  this.sessionServer.userStorage,
4140
4150
  t,
4141
4151
  e
4142
- ), t > 0 && (i = await this.userSearchFn(
4152
+ ), t > 0 && (a = await this.userSearchFn(
4143
4153
  o,
4144
4154
  this.sessionServer.userStorage,
4145
4155
  t - 1,
@@ -4147,7 +4157,7 @@ class ke {
4147
4157
  ))) : (s = await this.sessionServer.userStorage.getUsers(
4148
4158
  t,
4149
4159
  e
4150
- ), s.length == e && (a = await this.sessionServer.userStorage.getUsers(
4160
+ ), s.length == e && (i = await this.sessionServer.userStorage.getUsers(
4151
4161
  t + e,
4152
4162
  1
4153
4163
  ))), {
@@ -4155,17 +4165,17 @@ class ke {
4155
4165
  users: s,
4156
4166
  skip: t,
4157
4167
  take: e,
4158
- hasPrevious: i.length > 0,
4159
- hasNext: a.length > 0,
4168
+ hasPrevious: a.length > 0,
4169
+ hasNext: i.length > 0,
4160
4170
  search: o
4161
4171
  };
4162
4172
  } catch (s) {
4163
- const i = c.asCrossauthError(s);
4164
- return d.logger.debug(u({ err: i })), d.logger.error(u({ cerr: i })), {
4173
+ const a = c.asCrossauthError(s);
4174
+ return d.logger.debug(f({ err: a })), d.logger.error(f({ cerr: a })), {
4165
4175
  ok: !1,
4166
- error: i.message,
4167
- errorCode: i.code,
4168
- errorCodeName: i.codeName,
4176
+ error: a.message,
4177
+ errorCode: a.code,
4178
+ errorCodeName: a.codeName,
4169
4179
  hasPrevious: !1,
4170
4180
  hasNext: !1,
4171
4181
  skip: t ?? 0,
@@ -4211,7 +4221,7 @@ class ke {
4211
4221
  if (!this.sessionServer.userStorage) throw new c(h.Configuration, "Must provide user storage to use this function");
4212
4222
  var e = new b();
4213
4223
  if (await e.loadData(o), t = e.toObject(), (!o.locals.user || !p.isAdminFn(o.locals.user)) && this.sessionServer.error(401), this.isSessionUser(o) && this.sessionServer.enableCsrfProtection && !o.locals.csrfToken) throw new c(h.InvalidCsrf);
4214
- const s = r.factor2, i = r.state;
4224
+ const s = r.factor2, a = r.state;
4215
4225
  r.state = t.state ?? "active", r = this.sessionServer.updateUserFn(
4216
4226
  r,
4217
4227
  o,
@@ -4221,10 +4231,10 @@ class ke {
4221
4231
  ...this.sessionServer.userStorage.adminEditableFields
4222
4232
  }
4223
4233
  );
4224
- const a = r.factor2 && r.factor2 != "none" && r.factor2 != s;
4225
- if (a && !(r.state == i || r.state == "factor2ResetNeeded"))
4234
+ const i = r.factor2 && r.factor2 != "none" && r.factor2 != s;
4235
+ if (i && !(r.state == a || r.state == "factor2ResetNeeded"))
4226
4236
  throw new c(h.BadRequest, "Cannot change both factor2 and state at the same time");
4227
- a && (r.state = N.factor2ResetNeeded, d.logger.warn(u({
4237
+ i && (r.state = N.factor2ResetNeeded, d.logger.warn(f({
4228
4238
  msg: `Setting state for user to ${N.factor2ResetNeeded}`,
4229
4239
  username: r.username
4230
4240
  })));
@@ -4232,19 +4242,19 @@ class ke {
4232
4242
  if (n.length > 0)
4233
4243
  throw new c(h.FormEntry, n);
4234
4244
  const l = await this.sessionServer.sessionManager.updateUser(r, r, !0, !0);
4235
- let f;
4236
- return l.emailVerificationTokenSent ? f = "An email verification token has been sent to the user" : l.passwordResetTokenSent && (f = "A password reset token has been sent to the user"), {
4245
+ let u;
4246
+ return l.emailVerificationTokenSent ? u = "An email verification token has been sent to the user" : l.passwordResetTokenSent && (u = "A password reset token has been sent to the user"), {
4237
4247
  ok: !0,
4238
4248
  formData: t,
4239
- info: f
4249
+ info: u
4240
4250
  };
4241
4251
  } catch (s) {
4242
4252
  if (p.isSvelteKitRedirect(s) || p.isSvelteKitError(s, 401)) throw s;
4243
- let i = c.asCrossauthError(s, "Couldn't log in");
4244
- return d.logger.debug(u({ err: i })), d.logger.error(u({ cerr: i })), {
4245
- error: i.message,
4246
- errorCode: i.code,
4247
- errorCodeName: i.codeName,
4253
+ let a = c.asCrossauthError(s, "Couldn't log in");
4254
+ return d.logger.debug(f({ err: a })), d.logger.error(f({ cerr: a })), {
4255
+ error: a.message,
4256
+ errorCode: a.code,
4257
+ errorCodeName: a.codeName,
4248
4258
  ok: !1,
4249
4259
  formData: t
4250
4260
  };
@@ -4270,26 +4280,26 @@ class ke {
4270
4280
  * - `formData` the form fields extracted from the request
4271
4281
  */
4272
4282
  async changePassword(r, o) {
4273
- d.logger.debug(u({ msg: "changePassword" }));
4283
+ d.logger.debug(f({ msg: "changePassword" }));
4274
4284
  let t;
4275
4285
  try {
4276
4286
  var e = new b();
4277
4287
  if (await e.loadData(o), t = e.toObject(), (!o.locals.user || !p.isAdminFn(o.locals.user)) && this.sessionServer.error(401), this.isSessionUser(o) && this.sessionServer.enableCsrfProtection && !o.locals.csrfToken)
4278
4288
  throw new c(h.InvalidCsrf);
4279
- const s = this.sessionServer.authenticators[r.factor1], i = s.secretNames();
4280
- let a = {}, n = {}, l = {};
4289
+ const s = this.sessionServer.authenticators[r.factor1], a = s.secretNames();
4290
+ let i = {}, n = {}, l = {};
4281
4291
  for (let g in t)
4282
4292
  if (g.startsWith("new_")) {
4283
4293
  const w = g.replace(/^new_/, "");
4284
- i.includes(w) && (n[w] = t[g]);
4294
+ a.includes(w) && (n[w] = t[g]);
4285
4295
  } else if (g.startsWith("old_")) {
4286
4296
  const w = g.replace(/^old_/, "");
4287
- i.includes(w) && (a[w] = t[g]);
4297
+ a.includes(w) && (i[w] = t[g]);
4288
4298
  } else if (g.startsWith("repeat_")) {
4289
4299
  const w = g.replace(/^repeat_/, "");
4290
- i.includes(w) && (l[w] = t[g]);
4300
+ a.includes(w) && (l[w] = t[g]);
4291
4301
  }
4292
- if (Object.keys(l).length === 0 && (l = void 0), Object.keys(a).length === 0 && (a = void 0), s.validateSecrets(n).length > 0)
4302
+ if (Object.keys(l).length === 0 && (l = void 0), Object.keys(i).length === 0 && (i = void 0), s.validateSecrets(n).length > 0)
4293
4303
  throw new c(h.PasswordFormat);
4294
4304
  try {
4295
4305
  await this.sessionServer.sessionManager.changeSecrets(
@@ -4297,11 +4307,11 @@ class ke {
4297
4307
  1,
4298
4308
  n,
4299
4309
  l,
4300
- a
4310
+ i
4301
4311
  );
4302
4312
  } catch (g) {
4303
4313
  const w = c.asCrossauthError(g);
4304
- throw d.logger.debug(u({ err: g })), w;
4314
+ throw d.logger.debug(f({ err: g })), w;
4305
4315
  }
4306
4316
  return {
4307
4317
  ok: !0,
@@ -4309,11 +4319,11 @@ class ke {
4309
4319
  };
4310
4320
  } catch (s) {
4311
4321
  if (p.isSvelteKitRedirect(s) || p.isSvelteKitError(s, 401)) throw s;
4312
- let i = c.asCrossauthError(s, "Couldn't change password");
4313
- return d.logger.debug(u({ err: i })), d.logger.error(u({ cerr: i })), {
4314
- error: i.message,
4315
- errorCode: i.code,
4316
- errorCodeName: i.codeName,
4322
+ let a = c.asCrossauthError(s, "Couldn't change password");
4323
+ return d.logger.debug(f({ err: a })), d.logger.error(f({ cerr: a })), {
4324
+ error: a.message,
4325
+ errorCode: a.code,
4326
+ errorCodeName: a.codeName,
4317
4327
  ok: !1,
4318
4328
  formData: t
4319
4329
  };
@@ -4388,21 +4398,21 @@ class ke {
4388
4398
  ...this.sessionServer.userStorage.adminEditableFields
4389
4399
  }
4390
4400
  );
4391
- const i = this.sessionServer.authenticators[s.factor1].secretNames();
4392
- let a = !0;
4393
- for (let m of i)
4394
- !o[m] && !o["repeat_" + m] && (a = !1);
4401
+ const a = this.sessionServer.authenticators[s.factor1].secretNames();
4402
+ let i = !0;
4403
+ for (let m of a)
4404
+ !o[m] && !o["repeat_" + m] && (i = !1);
4395
4405
  let n = [], l = {};
4396
- if (a) {
4406
+ if (i) {
4397
4407
  n = this.sessionServer.authenticators[s.factor1].validateSecrets(o);
4398
4408
  for (let m in o)
4399
4409
  if (m.startsWith("repeat_")) {
4400
4410
  const S = m.replace(/^repeat_/, "");
4401
- i.includes(S) && (l[S] = o[m]);
4411
+ a.includes(S) && (l[S] = o[m]);
4402
4412
  }
4403
4413
  Object.keys(l).length === 0 && (l = void 0);
4404
4414
  }
4405
- a ? o.factor2 != null && (s.state = N.factor2ResetNeeded) : o.factor2 == null ? s.state = N.passwordResetNeeded : s.state = N.passwordAndFactor2ResetNeeded;
4415
+ i ? o.factor2 != null && (s.state = N.factor2ResetNeeded) : o.factor2 == null ? s.state = N.passwordResetNeeded : s.state = N.passwordAndFactor2ResetNeeded;
4406
4416
  let g = [...this.sessionServer.validateUserFn(s), ...n];
4407
4417
  if (g.length > 0)
4408
4418
  throw new c(h.FormEntry, g);
@@ -4411,9 +4421,9 @@ class ke {
4411
4421
  o,
4412
4422
  l,
4413
4423
  !0,
4414
- !a
4424
+ !i
4415
4425
  );
4416
- if (!a) {
4426
+ if (!i) {
4417
4427
  let m = o.username;
4418
4428
  if ("user_email" in o && (m = o.user_email), oe.validateEmail(m), !m) throw new c(h.FormEntry, "No password given but no email address found either");
4419
4429
  await this.sessionServer.sessionManager.requestPasswordReset(m);
@@ -4421,7 +4431,7 @@ class ke {
4421
4431
  return { ok: !0, user: w, formData: o };
4422
4432
  } catch (e) {
4423
4433
  let s = c.asCrossauthError(e, "Couldn't create user");
4424
- return d.logger.debug(u({ err: s })), d.logger.error(u({ cerr: s })), {
4434
+ return d.logger.debug(f({ err: s })), d.logger.error(f({ cerr: s })), {
4425
4435
  error: s.message,
4426
4436
  errorCode: s.code,
4427
4437
  errorCodeName: s.codeName,
@@ -4444,7 +4454,7 @@ class ke {
4444
4454
  * exception was raised
4445
4455
  */
4446
4456
  async deleteUser(r) {
4447
- if (d.logger.debug(u({ msg: "deleteUser" })), !this.sessionServer.userStorage) throw new c(h.Configuration, "Must provide user storage to use this function");
4457
+ if (d.logger.debug(f({ msg: "deleteUser" })), !this.sessionServer.userStorage) throw new c(h.Configuration, "Must provide user storage to use this function");
4448
4458
  try {
4449
4459
  const o = r.params.id;
4450
4460
  if (!o) throw new c(h.BadRequest, "User ID is undefined");
@@ -4455,7 +4465,7 @@ class ke {
4455
4465
  };
4456
4466
  } catch (o) {
4457
4467
  let t = c.asCrossauthError(o, "Couldn't delete account");
4458
- return d.logger.debug(u({ err: t })), d.logger.error(u({ cerr: t })), {
4468
+ return d.logger.debug(f({ err: t })), d.logger.error(f({ cerr: t })), {
4459
4469
  error: t.message,
4460
4470
  errorCode: t.code,
4461
4471
  errorCodeName: t.codeName,
@@ -4487,18 +4497,18 @@ async function Se(k, r, o, t, e) {
4487
4497
  let s = [];
4488
4498
  if (o > 0) return [];
4489
4499
  try {
4490
- const i = await r.getClientById(k);
4491
- s.push(i);
4492
- } catch (i) {
4493
- const a = c.asCrossauthError(i);
4494
- if (a.code != h.UserNotExist)
4495
- throw d.logger.debug(u({ err: a })), a;
4500
+ const a = await r.getClientById(k);
4501
+ s.push(a);
4502
+ } catch (a) {
4503
+ const i = c.asCrossauthError(a);
4504
+ if (i.code != h.UserNotExist)
4505
+ throw d.logger.debug(f({ err: i })), i;
4496
4506
  try {
4497
4507
  s = await r.getClientByName(k, e);
4498
4508
  } catch (n) {
4499
4509
  const l = c.asCrossauthError(n);
4500
4510
  if (l.code != h.UserNotExist)
4501
- throw d.logger.debug(u({ err: l })), a;
4511
+ throw d.logger.debug(f({ err: l })), i;
4502
4512
  }
4503
4513
  }
4504
4514
  return s;
@@ -4557,61 +4567,61 @@ class X {
4557
4567
  if (!this.sessionServer.clientStorage) throw new c(h.Configuration, "Must provide client storage to use this function");
4558
4568
  if (!r.locals.user)
4559
4569
  throw this.redirect(302, this.loginUrl + "?next=" + encodeURIComponent(r.request.url));
4560
- let i = [], a = [], n = [];
4570
+ let a = [], i = [], n = [];
4561
4571
  if (!t)
4562
4572
  try {
4563
- const f = r.url.searchParams.get("skip");
4564
- f && (t = parseInt(f));
4565
- } catch (f) {
4566
- d.logger.warn(u({ cerr: f, msg: "skip parameter is not an integer" }));
4573
+ const u = r.url.searchParams.get("skip");
4574
+ u && (t = parseInt(u));
4575
+ } catch (u) {
4576
+ d.logger.warn(f({ cerr: u, msg: "skip parameter is not an integer" }));
4567
4577
  }
4568
4578
  if (t || (t = 0), !e)
4569
4579
  try {
4570
- const f = r.url.searchParams.get("take");
4571
- f && (e = parseInt(f));
4572
- } catch (f) {
4573
- d.logger.warn(u({ cerr: f, msg: "take parameter is not an integer" }));
4580
+ const u = r.url.searchParams.get("take");
4581
+ u && (e = parseInt(u));
4582
+ } catch (u) {
4583
+ d.logger.warn(f({ cerr: u, msg: "take parameter is not an integer" }));
4574
4584
  }
4575
4585
  e || (e = 10);
4576
4586
  const l = r.url.searchParams.get("search");
4577
- return !o && l != null && l != "" && (o = l), o || (o = ""), o.length == 0 && (o = void 0), o ? (i = await this.clientSearchFn(
4587
+ return !o && l != null && l != "" && (o = l), o || (o = ""), o.length == 0 && (o = void 0), o ? (a = await this.clientSearchFn(
4578
4588
  o,
4579
4589
  this.sessionServer.clientStorage,
4580
4590
  t,
4581
4591
  e
4582
- ), t > 0 && (a = await this.clientSearchFn(
4592
+ ), t > 0 && (i = await this.clientSearchFn(
4583
4593
  o,
4584
4594
  this.sessionServer.clientStorage,
4585
4595
  t - 1,
4586
4596
  1,
4587
4597
  s
4588
- ))) : (i = await this.sessionServer.clientStorage.getClients(
4598
+ ))) : (a = await this.sessionServer.clientStorage.getClients(
4589
4599
  t,
4590
4600
  e,
4591
4601
  s
4592
- ), i.length == e && (n = await this.sessionServer.clientStorage.getClients(
4602
+ ), a.length == e && (n = await this.sessionServer.clientStorage.getClients(
4593
4603
  t + e,
4594
4604
  1,
4595
4605
  s
4596
4606
  ))), {
4597
4607
  ok: !0,
4598
- clients: i,
4608
+ clients: a,
4599
4609
  skip: t,
4600
4610
  take: e,
4601
- hasPrevious: a.length > 0,
4611
+ hasPrevious: i.length > 0,
4602
4612
  hasNext: n.length > 0,
4603
4613
  search: o,
4604
4614
  clientUserId: s
4605
4615
  };
4606
- } catch (i) {
4607
- if (p.isSvelteKitRedirect(i) || p.isSvelteKitRedirect(i))
4608
- throw i;
4609
- const a = c.asCrossauthError(i);
4610
- return d.logger.debug(u({ err: a })), d.logger.error(u({ cerr: a })), {
4616
+ } catch (a) {
4617
+ if (p.isSvelteKitRedirect(a) || p.isSvelteKitRedirect(a))
4618
+ throw a;
4619
+ const i = c.asCrossauthError(a);
4620
+ return d.logger.debug(f({ err: i })), d.logger.error(f({ cerr: i })), {
4611
4621
  ok: !1,
4612
- error: a.message,
4613
- errorCode: a.code,
4614
- errorCodeName: a.codeName,
4622
+ error: i.message,
4623
+ errorCode: i.code,
4624
+ errorCodeName: i.codeName,
4615
4625
  hasPrevious: !1,
4616
4626
  hasNext: !1,
4617
4627
  skip: t ?? 0,
@@ -4634,21 +4644,21 @@ class X {
4634
4644
  try {
4635
4645
  if (!o) throw new c(h.BadRequest, "No client ID specified");
4636
4646
  if (!this.clientStorage) throw new c(h.Configuration, "No client storage specified");
4637
- const i = await this.clientStorage.getClientById(o), a = i.userid == null ? void 0 : await ((e = (t = this.sessionServer) == null ? void 0 : t.userStorage) == null ? void 0 : e.getUserById(i.userid)), n = (s = a == null ? void 0 : a.user) == null ? void 0 : s.username;
4647
+ const a = await this.clientStorage.getClientById(o), i = a.userid == null ? void 0 : await ((e = (t = this.sessionServer) == null ? void 0 : t.userStorage) == null ? void 0 : e.getUserById(a.userid)), n = (s = i == null ? void 0 : i.user) == null ? void 0 : s.username;
4638
4648
  return {
4639
4649
  ok: !0,
4640
- client: i,
4650
+ client: a,
4641
4651
  validFlows: this.validFlows,
4642
4652
  valid_flowNames: this.valid_flowNames,
4643
4653
  client_id: o,
4644
4654
  clientUsername: n
4645
4655
  };
4646
- } catch (i) {
4647
- let a = c.asCrossauthError(i, "Couldn't load client");
4648
- return d.logger.debug(u({ err: a })), d.logger.error(u({ cerr: a })), {
4649
- error: a.message,
4650
- errorCode: a.code,
4651
- errorCodeName: a.codeName,
4656
+ } catch (a) {
4657
+ let i = c.asCrossauthError(a, "Couldn't load client");
4658
+ return d.logger.debug(f({ err: i })), d.logger.error(f({ cerr: i })), {
4659
+ error: i.message,
4660
+ errorCode: i.code,
4661
+ errorCodeName: i.codeName,
4652
4662
  ok: !1,
4653
4663
  validFlows: this.validFlows,
4654
4664
  valid_flowNames: this.valid_flowNames,
@@ -4669,11 +4679,11 @@ class X {
4669
4679
  * @returns {@link UpdateClientFormData}. If a new secret was created, it will be placed as plaintext in the client that is returned.
4670
4680
  */
4671
4681
  async updateClient_internal(r, o) {
4672
- var s, i;
4682
+ var s, a;
4673
4683
  let t;
4674
4684
  try {
4675
- const a = r.params.client_id;
4676
- if (!a) throw new c(h.BadRequest, "No client ID given");
4685
+ const i = r.params.client_id;
4686
+ if (!i) throw new c(h.BadRequest, "No client ID given");
4677
4687
  var e = new b();
4678
4688
  if (await e.loadData(r), t = e.toObject(), this.sessionServer.enableCsrfProtection && r.locals.authType == "cookie" && !r.locals.csrfToken)
4679
4689
  throw new c(h.InvalidCsrf);
@@ -4683,21 +4693,21 @@ class X {
4683
4693
  try {
4684
4694
  B.validateUri(C);
4685
4695
  } catch (T) {
4686
- d.logger.error(u({ err: T })), l.push("[" + C + "]");
4696
+ d.logger.error(f({ err: T })), l.push("[" + C + "]");
4687
4697
  }
4688
4698
  if (l.length > 0)
4689
4699
  throw new c(
4690
4700
  h.BadRequest,
4691
4701
  "The following redirect URIs are invalid: " + l.join(" ")
4692
4702
  );
4693
- let f = [];
4703
+ let u = [];
4694
4704
  for (let C of this.validFlows)
4695
- C in t && f.push(C);
4705
+ C in t && u.push(C);
4696
4706
  const g = {};
4697
- if (g.client_name = t.client_name, g.confidential = e.getAsBoolean("confidential") ?? !1, g.valid_flow = f, g.redirect_uri = n, o) {
4707
+ if (g.client_name = t.client_name, g.confidential = e.getAsBoolean("confidential") ?? !1, g.valid_flow = u, g.redirect_uri = n, o) {
4698
4708
  let C = t.userid ?? void 0;
4699
4709
  if (C && ((s = this.sessionServer) != null && s.userStorage)) {
4700
- const { user: T } = await ((i = this.sessionServer) == null ? void 0 : i.userStorage.getUserById(C));
4710
+ const { user: T } = await ((a = this.sessionServer) == null ? void 0 : a.userStorage.getUserById(C));
4701
4711
  C = T.id;
4702
4712
  }
4703
4713
  g.userid = t.userid ? Number(t.userid) : null;
@@ -4705,7 +4715,7 @@ class X {
4705
4715
  const w = e.getAsBoolean("resetSecret");
4706
4716
  if (!this.clientManager) throw new c(h.Configuration, "Cannot call this endpoint as you did not provide a clientStorage");
4707
4717
  const { client: m, newSecret: S } = await this.clientManager.updateClient(
4708
- a,
4718
+ i,
4709
4719
  g,
4710
4720
  w
4711
4721
  );
@@ -4716,10 +4726,10 @@ class X {
4716
4726
  //plaintextSecret: resetSecret ? formData.client_secret : undefined,
4717
4727
  plaintextSecret: S && m.client_secret ? m.client_secret : void 0
4718
4728
  };
4719
- } catch (a) {
4720
- if (p.isSvelteKitRedirect(a) || p.isSvelteKitError(a)) throw a;
4721
- let n = c.asCrossauthError(a, "Couldn't update client");
4722
- return d.logger.debug(u({ err: n })), d.logger.error(u({ cerr: n })), {
4729
+ } catch (i) {
4730
+ if (p.isSvelteKitRedirect(i) || p.isSvelteKitError(i)) throw i;
4731
+ let n = c.asCrossauthError(i, "Couldn't update client");
4732
+ return d.logger.debug(f({ err: n })), d.logger.error(f({ cerr: n })), {
4723
4733
  error: n.message,
4724
4734
  errorCode: n.code,
4725
4735
  errorCodeName: n.codeName,
@@ -4737,7 +4747,7 @@ class X {
4737
4747
  * @returns {@link CreateClientPageData}.
4738
4748
  */
4739
4749
  async emptyClient_internal(r, o) {
4740
- var e, s, i, a, n, l, f;
4750
+ var e, s, a, i, n, l, u;
4741
4751
  try {
4742
4752
  var t = new b();
4743
4753
  await t.loadData(r);
@@ -4749,8 +4759,8 @@ class X {
4749
4759
  g = T.id;
4750
4760
  }
4751
4761
  const C = t.get("userid");
4752
- if (C && ((i = this.sessionServer) != null && i.userStorage)) {
4753
- const { user: T } = await ((a = this.sessionServer) == null ? void 0 : a.userStorage.getUserById(C));
4762
+ if (C && ((a = this.sessionServer) != null && a.userStorage)) {
4763
+ const { user: T } = await ((i = this.sessionServer) == null ? void 0 : i.userStorage.getUserById(C));
4754
4764
  g = T.id;
4755
4765
  }
4756
4766
  } else {
@@ -4758,7 +4768,7 @@ class X {
4758
4768
  g = r.locals.user.id;
4759
4769
  }
4760
4770
  if (!this.clientStorage) throw new c(h.Configuration, "No client storage specified");
4761
- const w = g == null ? void 0 : await ((l = (n = this.sessionServer) == null ? void 0 : n.userStorage) == null ? void 0 : l.getUserById(g)), m = (f = w == null ? void 0 : w.user) == null ? void 0 : f.username;
4771
+ const w = g == null ? void 0 : await ((l = (n = this.sessionServer) == null ? void 0 : n.userStorage) == null ? void 0 : l.getUserById(g)), m = (u = w == null ? void 0 : w.user) == null ? void 0 : u.username;
4762
4772
  return {
4763
4773
  ok: !0,
4764
4774
  validFlows: this.validFlows,
@@ -4768,7 +4778,7 @@ class X {
4768
4778
  };
4769
4779
  } catch (g) {
4770
4780
  let w = c.asCrossauthError(g, "Couldn't initialize new client");
4771
- return d.logger.debug(u({ err: w })), d.logger.error(u({ cerr: w })), {
4781
+ return d.logger.debug(f({ err: w })), d.logger.error(f({ cerr: w })), {
4772
4782
  error: w.message,
4773
4783
  errorCode: w.code,
4774
4784
  errorCodeName: w.codeName,
@@ -4790,7 +4800,7 @@ class X {
4790
4800
  * @returns {@link UpdateClientFormData}. If a secret was created, it will be placed as plaintext in the client that is returned. A random `client_id` is created.
4791
4801
  */
4792
4802
  async createClient_internal(r, o) {
4793
- var s, i, a, n;
4803
+ var s, a, i, n;
4794
4804
  let t;
4795
4805
  try {
4796
4806
  var e = new b();
@@ -4799,7 +4809,7 @@ class X {
4799
4809
  if (o) {
4800
4810
  const C = e.get("userid");
4801
4811
  if (C && ((s = this.sessionServer) != null && s.userStorage)) {
4802
- const { user: T } = await ((i = this.sessionServer) == null ? void 0 : i.userStorage.getUserById(C));
4812
+ const { user: T } = await ((a = this.sessionServer) == null ? void 0 : a.userStorage.getUserById(C));
4803
4813
  l = T.id;
4804
4814
  }
4805
4815
  } else {
@@ -4807,15 +4817,15 @@ class X {
4807
4817
  l = r.locals.user.id;
4808
4818
  }
4809
4819
  if (!this.clientStorage) throw new c(h.Configuration, "No client storage specified");
4810
- if (l && await ((n = (a = this.sessionServer) == null ? void 0 : a.userStorage) == null ? void 0 : n.getUserById(l)), this.sessionServer.enableCsrfProtection && r.locals.authType == "cookie" && !r.locals.csrfToken)
4820
+ if (l && await ((n = (i = this.sessionServer) == null ? void 0 : i.userStorage) == null ? void 0 : n.getUserById(l)), this.sessionServer.enableCsrfProtection && r.locals.authType == "cookie" && !r.locals.csrfToken)
4811
4821
  throw new c(h.InvalidCsrf);
4812
- const f = !t.redirect_uri || t.redirect_uri.trim().length == 0 ? [] : t.redirect_uri.trim().split(/[, ][ \t\n]*/);
4822
+ const u = !t.redirect_uri || t.redirect_uri.trim().length == 0 ? [] : t.redirect_uri.trim().split(/[, ][ \t\n]*/);
4813
4823
  let g = [];
4814
- for (let C of f)
4824
+ for (let C of u)
4815
4825
  try {
4816
4826
  B.validateUri(C);
4817
4827
  } catch (T) {
4818
- d.logger.error(u({ err: T })), g.push("[" + C + "]");
4828
+ d.logger.error(f({ err: T })), g.push("[" + C + "]");
4819
4829
  }
4820
4830
  if (g.length > 0)
4821
4831
  throw new c(
@@ -4826,12 +4836,12 @@ class X {
4826
4836
  for (let C of this.validFlows)
4827
4837
  C in t && w.push(C);
4828
4838
  const m = {};
4829
- if (m.client_name = t.client_name, m.confidential = e.getAsBoolean("confidential"), m.valid_flow = w, m.redirect_uri = f, o && (m.userid = t.userid ? Number(t.userid) : null), !this.clientManager) throw new c(h.Configuration, "Cannot call this endpoint as you did not provide a clientStorage");
4839
+ if (m.client_name = t.client_name, m.confidential = e.getAsBoolean("confidential"), m.valid_flow = w, m.redirect_uri = u, o && (m.userid = t.userid ? Number(t.userid) : null), !this.clientManager) throw new c(h.Configuration, "Cannot call this endpoint as you did not provide a clientStorage");
4830
4840
  return {
4831
4841
  ok: !0,
4832
4842
  client: await this.clientManager.createClient(
4833
4843
  t.client_name,
4834
- f,
4844
+ u,
4835
4845
  w,
4836
4846
  e.getAsBoolean("confidential") ?? !1,
4837
4847
  l
@@ -4840,11 +4850,11 @@ class X {
4840
4850
  };
4841
4851
  } catch (l) {
4842
4852
  if (p.isSvelteKitRedirect(l) || p.isSvelteKitError(l)) throw l;
4843
- let f = c.asCrossauthError(l, "Couldn't create client");
4844
- return d.logger.debug(u({ err: f })), d.logger.error(u({ cerr: f })), {
4845
- error: f.message,
4846
- errorCode: f.code,
4847
- errorCodeName: f.codeName,
4853
+ let u = c.asCrossauthError(l, "Couldn't create client");
4854
+ return d.logger.debug(f({ err: u })), d.logger.error(f({ cerr: u })), {
4855
+ error: u.message,
4856
+ errorCode: u.code,
4857
+ errorCodeName: u.codeName,
4848
4858
  ok: !1,
4849
4859
  formData: t
4850
4860
  };
@@ -4863,19 +4873,19 @@ class X {
4863
4873
  try {
4864
4874
  if (!o) throw new c(h.BadRequest, "No client ID specified");
4865
4875
  if (!this.clientStorage) throw new c(h.Configuration, "No client storage specified");
4866
- const i = await this.clientStorage.getClientById(o), a = i.userid == null ? void 0 : await ((e = (t = this.sessionServer) == null ? void 0 : t.userStorage) == null ? void 0 : e.getUserById(i.userid)), n = (s = a == null ? void 0 : a.user) == null ? void 0 : s.username;
4876
+ const a = await this.clientStorage.getClientById(o), i = a.userid == null ? void 0 : await ((e = (t = this.sessionServer) == null ? void 0 : t.userStorage) == null ? void 0 : e.getUserById(a.userid)), n = (s = i == null ? void 0 : i.user) == null ? void 0 : s.username;
4867
4877
  return {
4868
4878
  ok: !0,
4869
- client: i,
4879
+ client: a,
4870
4880
  client_id: o,
4871
4881
  clientUsername: n
4872
4882
  };
4873
- } catch (i) {
4874
- let a = c.asCrossauthError(i, "Couldn't load client");
4875
- return d.logger.debug(u({ err: a })), d.logger.error(u({ cerr: a })), {
4876
- error: a.message,
4877
- errorCode: a.code,
4878
- errorCodeName: a.codeName,
4883
+ } catch (a) {
4884
+ let i = c.asCrossauthError(a, "Couldn't load client");
4885
+ return d.logger.debug(f({ err: i })), d.logger.error(f({ cerr: i })), {
4886
+ error: i.message,
4887
+ errorCode: i.code,
4888
+ errorCodeName: i.codeName,
4879
4889
  ok: !1,
4880
4890
  client_id: o
4881
4891
  };
@@ -4896,19 +4906,19 @@ class X {
4896
4906
  const s = r.params.client_id;
4897
4907
  if (!s) throw new c(h.BadRequest, "No client ID given");
4898
4908
  if (!this.clientStorage) throw new c(h.Configuration, "No client storage specified");
4899
- const i = await ((t = this.clientStorage) == null ? void 0 : t.getClientById(s));
4900
- if (!o && i.userid != ((e = r.locals.user) == null ? void 0 : e.id))
4909
+ const a = await ((t = this.clientStorage) == null ? void 0 : t.getClientById(s));
4910
+ if (!o && a.userid != ((e = r.locals.user) == null ? void 0 : e.id))
4901
4911
  throw this.error(401, "Unauthorized");
4902
4912
  return await this.clientStorage.deleteClient(s), {
4903
4913
  ok: !0
4904
4914
  };
4905
4915
  } catch (s) {
4906
4916
  if (p.isSvelteKitRedirect(s) || p.isSvelteKitError(s)) throw s;
4907
- let i = c.asCrossauthError(s, "Couldn't delete client");
4908
- return d.logger.debug(u({ err: i })), d.logger.error(u({ cerr: i })), {
4909
- error: i.message,
4910
- errorCode: i.code,
4911
- errorCodeName: i.codeName,
4917
+ let a = c.asCrossauthError(s, "Couldn't delete client");
4918
+ return d.logger.debug(f({ err: a })), d.logger.error(f({ cerr: a })), {
4919
+ error: a.message,
4920
+ errorCode: a.code,
4921
+ errorCodeName: a.codeName,
4912
4922
  ok: !1
4913
4923
  };
4914
4924
  }
@@ -5005,7 +5015,7 @@ class Ce extends X {
5005
5015
  } catch (t) {
5006
5016
  if (p.isSvelteKitRedirect(t) || p.isSvelteKitError(t)) throw t;
5007
5017
  const e = c.asCrossauthError(t);
5008
- return d.logger.debug(u({ err: e })), d.logger.error(u({ cerr: e })), {
5018
+ return d.logger.debug(f({ err: e })), d.logger.error(f({ cerr: e })), {
5009
5019
  ok: !1,
5010
5020
  error: e.message,
5011
5021
  errorCode: e.code,
@@ -5031,7 +5041,7 @@ class Ce extends X {
5031
5041
  } catch (t) {
5032
5042
  if (p.isSvelteKitRedirect(t) || p.isSvelteKitError(t)) throw t;
5033
5043
  const e = c.asCrossauthError(t);
5034
- return d.logger.debug(u({ err: e })), d.logger.error(u({ cerr: e })), {
5044
+ return d.logger.debug(f({ err: e })), d.logger.error(f({ cerr: e })), {
5035
5045
  ok: !1,
5036
5046
  error: e.message,
5037
5047
  errorCode: e.code,
@@ -5055,7 +5065,7 @@ class Ce extends X {
5055
5065
  } catch (t) {
5056
5066
  if (p.isSvelteKitRedirect(t) || p.isSvelteKitError(t)) throw t;
5057
5067
  const e = c.asCrossauthError(t);
5058
- return d.logger.debug(u({ err: e })), d.logger.error(u({ cerr: e })), {
5068
+ return d.logger.debug(f({ err: e })), d.logger.error(f({ cerr: e })), {
5059
5069
  ok: !1,
5060
5070
  error: e.message,
5061
5071
  errorCode: e.code,
@@ -5079,7 +5089,7 @@ class Ce extends X {
5079
5089
  } catch (t) {
5080
5090
  if (p.isSvelteKitRedirect(t) || p.isSvelteKitError(t)) throw t;
5081
5091
  const e = c.asCrossauthError(t);
5082
- return d.logger.debug(u({ err: e })), d.logger.error(u({ cerr: e })), {
5092
+ return d.logger.debug(f({ err: e })), d.logger.error(f({ cerr: e })), {
5083
5093
  ok: !1,
5084
5094
  error: e.message,
5085
5095
  errorCode: e.code,
@@ -5118,7 +5128,7 @@ class ye extends X {
5118
5128
  try {
5119
5129
  e = t.url.searchParams.get("userid") ? Number(t.url.searchParams.get("userid")) : void 0;
5120
5130
  } catch {
5121
- d.logger.warn(u({ msg: "Invalid userid " + t.url.searchParams.get("userid") }));
5131
+ d.logger.warn(f({ msg: "Invalid userid " + t.url.searchParams.get("userid") }));
5122
5132
  }
5123
5133
  const s = await this.searchClients(t, void 0, void 0, void 0, e);
5124
5134
  return {
@@ -5226,46 +5236,46 @@ function Ee(k) {
5226
5236
  return k.username == null ? r.push("Username must be given") : k.username.length < 2 ? r.push("Username must be at least 2 characters") : k.username.length > 254 && r.push("Username must be no longer than 254 characters"), r;
5227
5237
  }
5228
5238
  function _e(k, r, o) {
5229
- var i;
5239
+ var a;
5230
5240
  let e = {
5231
5241
  username: r.username ?? "",
5232
5242
  state: "active"
5233
5243
  };
5234
5244
  const s = k.locals.user && p.isAdminFn(k.locals.user);
5235
- for (let a in r) {
5236
- let n = a.replace(/^user_/, "");
5237
- if (a.startsWith("user_") && (s || o.includes(n)))
5245
+ for (let i in r) {
5246
+ let n = i.replace(/^user_/, "");
5247
+ if (i.startsWith("user_") && (s || o.includes(n)))
5238
5248
  if ("type_" + n in r) {
5239
5249
  if (r["type_" + n] == "string")
5240
- e[n] = r[a];
5250
+ e[n] = r[i];
5241
5251
  else if (r["type_" + n] == "number" || r["type_" + n] == "integer" || r["type_" + n] == "float")
5242
- e[n] = Number(r[a]);
5252
+ e[n] = Number(r[i]);
5243
5253
  else if (r["type_" + n] == "boolean") {
5244
- const l = (i = r[a]) == null ? void 0 : i.toLocaleLowerCase();
5254
+ const l = (a = r[i]) == null ? void 0 : a.toLocaleLowerCase();
5245
5255
  e[n] = l == "1" || l == "y" || l == "t" || l == "yes" || l == "true";
5246
5256
  }
5247
5257
  } else
5248
- e[n] = r[a];
5258
+ e[n] = r[i];
5249
5259
  }
5250
5260
  return e.factor1 = "localpassword", e.factor2 = r.factor2, e;
5251
5261
  }
5252
5262
  function ve(k, r, o, t) {
5253
5263
  var s;
5254
5264
  const e = r.locals.user && p.isAdminFn(r.locals.user);
5255
- for (let i in o) {
5256
- let a = i.replace(/^user_/, "");
5257
- if (i.startsWith("user_") && (e || t.includes(a)))
5258
- if ("type_" + a in o) {
5259
- if (o["type_" + a] == "string")
5260
- k[a] = o[i];
5261
- else if (o["type_" + a] == "number" || o["type_" + a] == "integer" || o["type_" + a] == "float")
5262
- k[a] = Number(o[i]);
5263
- else if (o["type_" + a] == "boolean") {
5264
- const n = (s = o[i]) == null ? void 0 : s.toLocaleLowerCase();
5265
- k[a] = n == "1" || n == "y" || n == "t" || n == "yes" || n == "true";
5265
+ for (let a in o) {
5266
+ let i = a.replace(/^user_/, "");
5267
+ if (a.startsWith("user_") && (e || t.includes(i)))
5268
+ if ("type_" + i in o) {
5269
+ if (o["type_" + i] == "string")
5270
+ k[i] = o[a];
5271
+ else if (o["type_" + i] == "number" || o["type_" + i] == "integer" || o["type_" + i] == "float")
5272
+ k[i] = Number(o[a]);
5273
+ else if (o["type_" + i] == "boolean") {
5274
+ const n = (s = o[a]) == null ? void 0 : s.toLocaleLowerCase();
5275
+ k[i] = n == "1" || n == "y" || n == "t" || n == "yes" || n == "true";
5266
5276
  }
5267
5277
  } else
5268
- k[a] = o[i];
5278
+ k[i] = o[a];
5269
5279
  }
5270
5280
  return k;
5271
5281
  }
@@ -5292,63 +5302,63 @@ class H {
5292
5302
  configurable: !1
5293
5303
  });
5294
5304
  y("enableEmailVerification", E.Boolean, this, t, "ENABLE_EMAIL_VERIFICATION"), y("enablePasswordReset", E.Boolean, this, t, "ENABLE_PASSWORD_RESET"), y("enableCsrfProtection", E.Boolean, this, t, "ENABLE_CSRF_PROTECTION"), y("editUserScope", E.String, this, t, "EDIT_USER_SCOPE"), t.validateUserFn && (this.validateUserFn = t.validateUserFn), t.createUserFn && (this.createUserFn = t.createUserFn), t.updateUserFn && (this.updateUserFn = t.updateUserFn), t.addToSession && (this.addToSession = t.addToSession), t.validateSession && (this.validateSession = t.validateSession), this.userEndpoints = new we(this, t), this.adminEndpoints = new ke(this, t), this.userClientEndpoints = new Ce(this, t), this.adminClientEndpoints = new ye(this, t), this.sessionHook = async ({ event: s }) => {
5295
- var f, g;
5305
+ var u, g;
5296
5306
  d.logger.debug("Session hook");
5297
- let i = [];
5298
- const a = this.sessionManager.csrfCookieName, n = this.sessionManager.sessionCookieName;
5307
+ let a = [];
5308
+ const i = this.sessionManager.csrfCookieName, n = this.sessionManager.sessionCookieName;
5299
5309
  if (this.enableCsrfProtection) {
5300
- d.logger.debug(u({ msg: "Getting csrf cookie" }));
5310
+ d.logger.debug(f({ msg: "Getting csrf cookie" }));
5301
5311
  let w;
5302
5312
  try {
5303
5313
  w = this.getCsrfCookieValue(s), w && this.sessionManager.validateCsrfCookie(w);
5304
5314
  } catch (m) {
5305
- d.logger.warn(u({ msg: "Invalid csrf cookie received", cerr: m, hashedCsrfCookie: this.getHashOfCsrfCookie(s) }));
5315
+ d.logger.warn(f({ msg: "Invalid csrf cookie received", cerr: m, hashedCsrfCookie: this.getHashOfCsrfCookie(s) }));
5306
5316
  try {
5307
- this.clearCookie(a, this.sessionManager.csrfCookiePath, s);
5317
+ this.clearCookie(i, this.sessionManager.csrfCookiePath, s);
5308
5318
  } catch (S) {
5309
- d.logger.debug(u({ err: S })), d.logger.error(u({ cerr: S, msg: "Couldn't delete CSRF cookie", ip: s.request.referrer, hashedCsrfCookie: this.getHashOfCsrfCookie(s) }));
5319
+ d.logger.debug(f({ err: S })), d.logger.error(f({ cerr: S, msg: "Couldn't delete CSRF cookie", ip: s.request.referrer, hashedCsrfCookie: this.getHashOfCsrfCookie(s) }));
5310
5320
  }
5311
5321
  w = void 0, s.locals.csrfToken = void 0;
5312
5322
  }
5313
5323
  if (["GET", "OPTIONS", "HEAD"].includes(s.request.method))
5314
5324
  try {
5315
5325
  if (w) {
5316
- d.logger.debug(u({ msg: "Valid CSRF cookie - creating token" }));
5326
+ d.logger.debug(f({ msg: "Valid CSRF cookie - creating token" }));
5317
5327
  const m = await this.sessionManager.createCsrfFormOrHeaderValue(w);
5318
5328
  s.locals.csrfToken = m;
5319
5329
  } else {
5320
- d.logger.debug(u({ msg: "Invalid CSRF cookie - recreating" }));
5330
+ d.logger.debug(f({ msg: "Invalid CSRF cookie - recreating" }));
5321
5331
  const { csrfCookie: m, csrfFormOrHeaderValue: S } = await this.sessionManager.createCsrfToken();
5322
5332
  this.setCsrfCookie(m, s), s.locals.csrfToken = S;
5323
5333
  }
5324
- this.setHeader(x, s.locals.csrfToken, i);
5334
+ this.setHeader(x, s.locals.csrfToken, a);
5325
5335
  } catch (m) {
5326
- d.logger.error(u({ msg: "Couldn't create CSRF token", cerr: m, user: (f = s.locals.user) == null ? void 0 : f.username, hashedSessionCookie: this.getHashOfSessionCookie(s) })), d.logger.debug(u({ err: m })), this.clearCookie(a, this.sessionManager.csrfCookiePath, s), s.locals.csrfToken = void 0;
5336
+ d.logger.error(f({ msg: "Couldn't create CSRF token", cerr: m, user: (u = s.locals.user) == null ? void 0 : u.username, hashedSessionCookie: this.getHashOfSessionCookie(s) })), d.logger.debug(f({ err: m })), this.clearCookie(i, this.sessionManager.csrfCookiePath, s), s.locals.csrfToken = void 0;
5327
5337
  }
5328
5338
  else if (w)
5329
5339
  try {
5330
- await this.csrfToken(s, i);
5340
+ await this.csrfToken(s, a);
5331
5341
  } catch (m) {
5332
- d.logger.error(u({ msg: "Couldn't create CSRF token", cerr: m, user: (g = s.locals.user) == null ? void 0 : g.username, hashedSessionCookie: this.getHashOfSessionCookie(s) })), d.logger.debug(u({ err: m }));
5342
+ d.logger.error(f({ msg: "Couldn't create CSRF token", cerr: m, user: (g = s.locals.user) == null ? void 0 : g.username, hashedSessionCookie: this.getHashOfSessionCookie(s) })), d.logger.debug(f({ err: m }));
5333
5343
  }
5334
5344
  }
5335
5345
  s.locals.user = void 0, s.locals.authType = void 0;
5336
5346
  const l = this.getSessionCookieValue(s);
5337
- if (d.logger.debug(u({ msg: "Getting session cookie" })), l)
5347
+ if (d.logger.debug(f({ msg: "Getting session cookie" })), l)
5338
5348
  try {
5339
5349
  const w = this.sessionManager.getSessionId(l);
5340
5350
  let { key: m, user: S } = await this.sessionManager.userForSessionId(w);
5341
- this.validateSession && this.validateSession(m, S, s), s.locals.sessionId = w, s.locals.user = S, s.locals.authType = "cookie", d.logger.debug(u({ msg: "Valid session id", user: S == null ? void 0 : S.username }));
5351
+ this.validateSession && this.validateSession(m, S, s), s.locals.sessionId = w, s.locals.user = S, s.locals.authType = "cookie", d.logger.debug(f({ msg: "Valid session id", user: S == null ? void 0 : S.username }));
5342
5352
  } catch {
5343
- d.logger.warn(u({ msg: "Invalid session cookie received", hashedSessionCookie: this.getHashOfSessionCookie(s) })), this.clearCookie(n, this.sessionManager.sessionCookiePath, s);
5353
+ d.logger.warn(f({ msg: "Invalid session cookie received", hashedSessionCookie: this.getHashOfSessionCookie(s) })), this.clearCookie(n, this.sessionManager.sessionCookiePath, s);
5344
5354
  }
5345
- return { headers: i };
5355
+ return { headers: a };
5346
5356
  }, this.twoFAHook = async ({ event: s }) => {
5347
- var f;
5348
- if (d.logger.debug(u({ msg: "twoFAHook", username: (f = s.locals.user) == null ? void 0 : f.username })), !this.userStorage) throw this.error(500, "No user storage defined");
5349
- const i = this.getSessionCookieValue(s), a = this.isFactor2PageProtected(s), n = this.isFactor2ApiProtected(s);
5357
+ var u;
5358
+ if (d.logger.debug(f({ msg: "twoFAHook", username: (u = s.locals.user) == null ? void 0 : u.username })), !this.userStorage) throw this.error(500, "No user storage defined");
5359
+ const a = this.getSessionCookieValue(s), i = this.isFactor2PageProtected(s), n = this.isFactor2ApiProtected(s);
5350
5360
  let l;
5351
- if (i)
5361
+ if (a)
5352
5362
  if (s.locals.user) l = s.locals.user;
5353
5363
  else {
5354
5364
  const g = await this.getSessionData(s, "user");
@@ -5357,25 +5367,25 @@ class H {
5357
5367
  (w.user.status == N.active || w.user.state == N.factor2ResetNeeded) && (l = w.user);
5358
5368
  }
5359
5369
  }
5360
- if (l && i && l.factor2 != "" && (a || n))
5361
- if (d.logger.debug(u({ msg: "Factor2-protected endpoint visited" })), ["GET", "OPTIONS", "HEAD"].includes(s.request.method)) {
5362
- d.logger.debug(u({ msg: "Factor2-protected GET endpoint - cancelling 2FA" }));
5370
+ if (l && a && l.factor2 != "" && (i || n))
5371
+ if (d.logger.debug(f({ msg: "Factor2-protected endpoint visited" })), ["GET", "OPTIONS", "HEAD"].includes(s.request.method)) {
5372
+ d.logger.debug(f({ msg: "Factor2-protected GET endpoint - cancelling 2FA" }));
5363
5373
  const g = this.getSessionCookieValue(s);
5364
5374
  if (g) {
5365
5375
  const w = this.sessionManager.getSessionId(g);
5366
5376
  if ("pre2fa" in await this.sessionManager.dataForSessionId(w)) {
5367
- d.logger.debug(u({ msg: "Cancelling 2FA" }));
5377
+ d.logger.debug(f({ msg: "Cancelling 2FA" }));
5368
5378
  try {
5369
5379
  await this.sessionManager.cancelTwoFactorPageVisit(g);
5370
5380
  } catch (S) {
5371
- d.logger.debug(u({ err: S })), d.logger.error(u({ msg: "Failed cancelling 2FA", cerr: S, user: l.username, hashedSessionCookie: this.getHashOfSessionCookie(s) }));
5381
+ d.logger.debug(f({ err: S })), d.logger.error(f({ msg: "Failed cancelling 2FA", cerr: S, user: l.username, hashedSessionCookie: this.getHashOfSessionCookie(s) }));
5372
5382
  }
5373
5383
  }
5374
5384
  }
5375
5385
  } else {
5376
- const g = this.sessionManager.getSessionId(i), w = await this.sessionManager.dataForSessionId(g);
5386
+ const g = this.sessionManager.getSessionId(a), w = await this.sessionManager.dataForSessionId(g);
5377
5387
  if ("pre2fa" in w) {
5378
- d.logger.debug(u({ msg: "Completing 2FA" }));
5388
+ d.logger.debug(f({ msg: "Completing 2FA" }));
5379
5389
  const m = this.authenticators[w.pre2fa.factor2], S = [...m.secretNames(), ...m.transientSecretNames()];
5380
5390
  let C = {};
5381
5391
  const T = new b();
@@ -5388,21 +5398,21 @@ class H {
5388
5398
  try {
5389
5399
  await this.sessionManager.completeTwoFactorPageVisit(C, s.locals.sessionId ?? "");
5390
5400
  } catch (U) {
5391
- A = c.asCrossauthError(U), d.logger.debug(u({ err: U }));
5401
+ A = c.asCrossauthError(U), d.logger.debug(f({ err: U }));
5392
5402
  const z = c.asCrossauthError(U);
5393
- d.logger.error(u({ msg: A.message, cerr: U, user: T.get("username"), errorCode: z.code, errorCodeName: z.codeName }));
5403
+ d.logger.error(f({ msg: A.message, cerr: U, user: T.get("username"), errorCode: z.code, errorCodeName: z.codeName }));
5394
5404
  }
5395
5405
  if (A)
5396
5406
  if (A.code == h.Expired) {
5397
- d.logger.debug(u({ msg: "Error - cancelling 2FA" }));
5407
+ d.logger.debug(f({ msg: "Error - cancelling 2FA" }));
5398
5408
  try {
5399
5409
  await this.sessionManager.cancelTwoFactorPageVisit(R);
5400
5410
  } catch (U) {
5401
- d.logger.error(u({ msg: "Failed cancelling 2FA", cerr: U, user: l.username, hashedSessionCookie: this.getHashOfSessionCookie(s) })), d.logger.debug(u({ err: U }));
5411
+ d.logger.error(f({ msg: "Failed cancelling 2FA", cerr: U, user: l.username, hashedSessionCookie: this.getHashOfSessionCookie(s) })), d.logger.debug(f({ err: U }));
5402
5412
  }
5403
5413
  return this.error(401, { message: "Sorry, your code has expired" }), { ok: !1, twofa: !0 };
5404
5414
  } else
5405
- return a ? {
5415
+ return i ? {
5406
5416
  twofa: !0,
5407
5417
  ok: !1,
5408
5418
  response: new Response("", {
@@ -5427,7 +5437,7 @@ class H {
5427
5437
  };
5428
5438
  return H.updateRequest(s, w.pre2fa.body, w.pre2fa["content-type"]), { twofa: !0, ok: !0 };
5429
5439
  } else {
5430
- if (d.logger.debug(u({ msg: "Starting 2FA", username: l.username })), this.enableCsrfProtection && !s.locals.csrfToken) {
5440
+ if (d.logger.debug(f({ msg: "Starting 2FA", username: l.username })), this.enableCsrfProtection && !s.locals.csrfToken) {
5431
5441
  const C = new c(h.Forbidden, "CSRF token missing");
5432
5442
  return {
5433
5443
  twofa: !0,
@@ -5450,7 +5460,7 @@ class H {
5450
5460
  const m = new b();
5451
5461
  await m.loadData(s);
5452
5462
  let S = s.request.headers.get("content-type");
5453
- return await this.sessionManager.initiateTwoFactorPageVisit(l, s.locals.sessionId ?? "", m.toObject(), s.request.url.replace(/\?.*$/, ""), S || void 0), a ? {
5463
+ return await this.sessionManager.initiateTwoFactorPageVisit(l, s.locals.sessionId ?? "", m.toObject(), s.request.url.replace(/\?.*$/, ""), S || void 0), i ? {
5454
5464
  twofa: !0,
5455
5465
  ok: !0,
5456
5466
  response: new Response("", {
@@ -5573,21 +5583,21 @@ class H {
5573
5583
  * @returns the string CSRF token for inclusion in forms
5574
5584
  */
5575
5585
  async csrfToken(r, o) {
5576
- var e, s, i;
5586
+ var e, s, a;
5577
5587
  let t;
5578
5588
  if (r.request.headers && r.request.headers.has(x.toLowerCase())) {
5579
- const a = r.request.headers.get(x.toLowerCase());
5580
- Array.isArray(a) ? t = a[0] : a && (t = a);
5589
+ const i = r.request.headers.get(x.toLowerCase());
5590
+ Array.isArray(i) ? t = i[0] : i && (t = i);
5581
5591
  }
5582
5592
  if (!t) {
5583
5593
  if (!((e = r.request) != null && e.body)) {
5584
- d.logger.warn(u({ msg: "Received CSRF header but not token", ip: r.request.referrerPolicy, hashedCsrfCookie: this.getHashOfCsrfCookie(r) }));
5594
+ d.logger.warn(f({ msg: "Received CSRF header but not token", ip: r.request.referrerPolicy, hashedCsrfCookie: this.getHashOfCsrfCookie(r) }));
5585
5595
  return;
5586
5596
  }
5587
- const a = r.request.headers.get("content-type");
5588
- if (a == "application/json")
5589
- t = (await ((i = (s = r.request) == null ? void 0 : s.clone()) == null ? void 0 : i.json())).csrfToken;
5590
- else if (a == "application/x-www-form-urlencoded" || a == "multipart/form-data") {
5597
+ const i = r.request.headers.get("content-type");
5598
+ if (i == "application/json")
5599
+ t = (await ((a = (s = r.request) == null ? void 0 : s.clone()) == null ? void 0 : a.json())).csrfToken;
5600
+ else if (i == "application/x-www-form-urlencoded" || i == "multipart/form-data") {
5591
5601
  const l = (await r.request.clone().formData()).get("csrfToken");
5592
5602
  l && typeof l == "string" && (t = l);
5593
5603
  }
@@ -5596,7 +5606,7 @@ class H {
5596
5606
  try {
5597
5607
  this.sessionManager.validateDoubleSubmitCsrfToken(this.getCsrfCookieValue(r), t), r.locals.csrfToken = t, this.setHeader(x, t, o);
5598
5608
  } catch {
5599
- d.logger.warn(u({ msg: "Invalid CSRF token", hashedCsrfCookie: this.getHashOfCsrfCookie(r) })), this.clearCookie(this.sessionManager.csrfCookieName, this.sessionManager.csrfCookiePath, r), r.locals.csrfToken = void 0;
5609
+ d.logger.warn(f({ msg: "Invalid CSRF token", hashedCsrfCookie: this.getHashOfCsrfCookie(r) })), this.clearCookie(this.sessionManager.csrfCookieName, this.sessionManager.csrfCookiePath, r), r.locals.csrfToken = void 0;
5600
5610
  }
5601
5611
  else
5602
5612
  r.locals.csrfToken = void 0;
@@ -5620,8 +5630,8 @@ class H {
5620
5630
  else {
5621
5631
  e = "";
5622
5632
  for (let s in o) {
5623
- const i = o[s];
5624
- e.length > 0 && (e += "&"), e += encodeURIComponent(s) + "=" + encodeURIComponent(i);
5633
+ const a = o[s];
5634
+ e.length > 0 && (e += "&"), e += encodeURIComponent(s) + "=" + encodeURIComponent(a);
5625
5635
  }
5626
5636
  }
5627
5637
  return r.request = new Request(r.request.url, {
@@ -5655,7 +5665,7 @@ class H {
5655
5665
  return this.getSessionData(r, "pre2fa") != null;
5656
5666
  } catch (o) {
5657
5667
  const t = c.asCrossauthError(o);
5658
- return d.logger.debug(u({ err: t })), d.logger.error(u({ cerr: t, msg: "Couldn't get pre2fa data from session" })), !1;
5668
+ return d.logger.debug(f({ err: t })), d.logger.error(f({ cerr: t, msg: "Couldn't get pre2fa data from session" })), !1;
5659
5669
  }
5660
5670
  }
5661
5671
  /////////////////////////////////////////////////////////////
@@ -5675,10 +5685,10 @@ class H {
5675
5685
  if (o.pathname == this.loginUrl) return !1;
5676
5686
  let t = !1;
5677
5687
  return t = this.loginProtectedExceptionPageEndpoints.reduce(
5678
- (s, i) => s || I(o.pathname, i),
5688
+ (s, a) => s || I(o.pathname, a),
5679
5689
  t
5680
5690
  ), t ? !1 : this.loginProtectedPageEndpoints.reduce(
5681
- (s, i) => s || I(o.pathname, i),
5691
+ (s, a) => s || I(o.pathname, a),
5682
5692
  !1
5683
5693
  );
5684
5694
  }
@@ -5696,10 +5706,10 @@ class H {
5696
5706
  if (o.pathname == this.loginUrl) return !1;
5697
5707
  let t = !1;
5698
5708
  return t = this.loginProtectedExceptionApiEndpoints.reduce(
5699
- (s, i) => s || I(o.pathname, i),
5709
+ (s, a) => s || I(o.pathname, a),
5700
5710
  t
5701
5711
  ), t ? !1 : this.loginProtectedApiEndpoints.reduce(
5702
- (s, i) => s || I(o.pathname, i),
5712
+ (s, a) => s || I(o.pathname, a),
5703
5713
  !1
5704
5714
  );
5705
5715
  }
@@ -5748,13 +5758,13 @@ class H {
5748
5758
  const o = new URL(typeof r == "string" ? r : r.request.url);
5749
5759
  let t = !1;
5750
5760
  return t = this.adminProtectedExceptionPageEndpoints.reduce(
5751
- (s, i) => s || I(o.pathname, i),
5761
+ (s, a) => s || I(o.pathname, a),
5752
5762
  t
5753
5763
  ), t || (t = this.loginProtectedExceptionPageEndpoints.reduce(
5754
- (s, i) => s || I(o.pathname, i),
5764
+ (s, a) => s || I(o.pathname, a),
5755
5765
  t
5756
5766
  ), t) ? !1 : this.adminPageEndpoints.reduce(
5757
- (s, i) => s || I(o.pathname, i),
5767
+ (s, a) => s || I(o.pathname, a),
5758
5768
  !1
5759
5769
  );
5760
5770
  }
@@ -5771,13 +5781,13 @@ class H {
5771
5781
  const o = new URL(typeof r == "string" ? r : r.request.url);
5772
5782
  let t = !1;
5773
5783
  return t = this.adminProtectedExceptionApiEndpoints.reduce(
5774
- (s, i) => s || I(o.pathname, i),
5784
+ (s, a) => s || I(o.pathname, a),
5775
5785
  t
5776
5786
  ), t || (t = this.loginProtectedExceptionApiEndpoints.reduce(
5777
- (s, i) => s || I(o.pathname, i),
5787
+ (s, a) => s || I(o.pathname, a),
5778
5788
  t
5779
5789
  ), t) ? !1 : this.adminApiEndpoints.reduce(
5780
- (s, i) => s || I(o.pathname, i),
5790
+ (s, a) => s || I(o.pathname, a),
5781
5791
  !1
5782
5792
  );
5783
5793
  }
@@ -5794,20 +5804,20 @@ class H {
5794
5804
  * @returns the session cookie value
5795
5805
  */
5796
5806
  async createAnonymousSession(r, o) {
5797
- d.logger.debug(u({ msg: "Creating anonympous session ID " }));
5807
+ d.logger.debug(f({ msg: "Creating anonympous session ID " }));
5798
5808
  const t = new b();
5799
5809
  await t.loadData(r);
5800
5810
  let e = this.addToSession ? this.addToSession(r, t.toObject()) : {};
5801
5811
  o && (e.data = JSON.stringify(o));
5802
- let { sessionCookie: s, csrfCookie: i, csrfFormOrHeaderValue: a } = await this.sessionManager.createAnonymousSession(e);
5812
+ let { sessionCookie: s, csrfCookie: a, csrfFormOrHeaderValue: i } = await this.sessionManager.createAnonymousSession(e);
5803
5813
  r.cookies.set(
5804
5814
  s.name,
5805
5815
  s.value,
5806
5816
  P(s.options)
5807
- ), this.enableCsrfProtection && (r.locals.csrfToken = a, r.cookies.set(
5808
- i.name,
5809
- i.value,
5810
- P(i.options)
5817
+ ), this.enableCsrfProtection && (r.locals.csrfToken = i, r.cookies.set(
5818
+ a.name,
5819
+ a.value,
5820
+ P(a.options)
5811
5821
  )), r.locals.user = void 0;
5812
5822
  const n = this.sessionManager.getSessionId(s.value);
5813
5823
  return r.locals.sessionId = n, s.value;
@@ -5832,7 +5842,7 @@ class H {
5832
5842
  } else
5833
5843
  r.locals.sessionId = void 0, r.locals.user = void 0;
5834
5844
  } catch (o) {
5835
- d.logger.error(u({ errr: o }));
5845
+ d.logger.error(f({ errr: o }));
5836
5846
  }
5837
5847
  }
5838
5848
  ////////////////////////////////////////////////////////////////
@@ -5858,10 +5868,10 @@ class H {
5858
5868
  const t = r.locals.sessionId ? await this.sessionManager.dataForSessionId(r.locals.sessionId) : void 0;
5859
5869
  if (t && o in t) return t[o];
5860
5870
  } catch (t) {
5861
- d.logger.error(u({
5871
+ d.logger.error(f({
5862
5872
  msg: "Couldn't get " + o + "from session",
5863
5873
  cerr: t
5864
- })), d.logger.debug(u({ err: t }));
5874
+ })), d.logger.debug(f({ err: t }));
5865
5875
  }
5866
5876
  }
5867
5877
  /**
@@ -5896,7 +5906,7 @@ class H {
5896
5906
  * @param name the name of the field to set
5897
5907
  */
5898
5908
  async deleteSessionData(r, o) {
5899
- r.locals.sessionId ? await this.sessionManager.deleteSessionData(r.locals.sessionId, o) : d.logger.debug(u({ msg: `Attempting to delete session data ${o} when no session is present` }));
5909
+ r.locals.sessionId ? await this.sessionManager.deleteSessionData(r.locals.sessionId, o) : d.logger.debug(f({ msg: `Attempting to delete session data ${o} when no session is present` }));
5900
5910
  }
5901
5911
  }
5902
5912
  export {