@douvery/auth 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +36 -9
- package/dist/index.js.map +1 -1
- package/dist/qwik/index.d.ts +197 -0
- package/dist/qwik/index.js +813 -0
- package/dist/qwik/index.js.map +1 -0
- package/dist/react/index.d.ts +212 -0
- package/dist/react/index.js +868 -0
- package/dist/react/index.js.map +1 -0
- package/package.json +68 -1
package/dist/index.js
CHANGED
|
@@ -180,7 +180,10 @@ var CookieStorage = class {
|
|
|
180
180
|
}
|
|
181
181
|
set(key, value) {
|
|
182
182
|
if (typeof document === "undefined") return;
|
|
183
|
-
const parts = [
|
|
183
|
+
const parts = [
|
|
184
|
+
`${key}=${encodeURIComponent(value)}`,
|
|
185
|
+
`path=${this.options.path}`
|
|
186
|
+
];
|
|
184
187
|
if (this.options.domain) parts.push(`domain=${this.options.domain}`);
|
|
185
188
|
if (this.options.secure) parts.push("secure");
|
|
186
189
|
if (this.options.sameSite) parts.push(`samesite=${this.options.sameSite}`);
|
|
@@ -378,7 +381,11 @@ var DouveryAuthClient = class {
|
|
|
378
381
|
status: "unauthenticated",
|
|
379
382
|
user: null,
|
|
380
383
|
tokens: null,
|
|
381
|
-
error: error instanceof AuthError ? error : new AuthError(
|
|
384
|
+
error: error instanceof AuthError ? error : new AuthError(
|
|
385
|
+
"unknown_error",
|
|
386
|
+
"Initialization failed",
|
|
387
|
+
error
|
|
388
|
+
)
|
|
382
389
|
});
|
|
383
390
|
}
|
|
384
391
|
return this.state;
|
|
@@ -412,13 +419,18 @@ var DouveryAuthClient = class {
|
|
|
412
419
|
if (options.prompt) params.set("prompt", options.prompt);
|
|
413
420
|
if (options.loginHint) params.set("login_hint", options.loginHint);
|
|
414
421
|
if (options.uiLocales) params.set("ui_locales", options.uiLocales);
|
|
415
|
-
if (options.maxAge !== void 0)
|
|
422
|
+
if (options.maxAge !== void 0)
|
|
423
|
+
params.set("max_age", options.maxAge.toString());
|
|
416
424
|
if (options.acrValues) params.set("acr_values", options.acrValues);
|
|
417
425
|
const authUrl = `${discovery.authorization_endpoint}?${params}`;
|
|
418
426
|
this.log("Redirecting to:", authUrl);
|
|
419
427
|
window.location.href = authUrl;
|
|
420
428
|
} catch (error) {
|
|
421
|
-
const authError = error instanceof AuthError ? error : new AuthError(
|
|
429
|
+
const authError = error instanceof AuthError ? error : new AuthError(
|
|
430
|
+
"configuration_error",
|
|
431
|
+
"Login failed",
|
|
432
|
+
error
|
|
433
|
+
);
|
|
422
434
|
this.emit({ type: "LOGIN_ERROR", error: authError });
|
|
423
435
|
throw authError;
|
|
424
436
|
}
|
|
@@ -482,7 +494,10 @@ var DouveryAuthClient = class {
|
|
|
482
494
|
if (typeof window === "undefined") {
|
|
483
495
|
return {
|
|
484
496
|
success: false,
|
|
485
|
-
error: new AuthError(
|
|
497
|
+
error: new AuthError(
|
|
498
|
+
"configuration_error",
|
|
499
|
+
"Cannot handle callback on server"
|
|
500
|
+
)
|
|
486
501
|
};
|
|
487
502
|
}
|
|
488
503
|
const params = new URLSearchParams(window.location.search);
|
|
@@ -507,7 +522,10 @@ var DouveryAuthClient = class {
|
|
|
507
522
|
if (!code) {
|
|
508
523
|
return {
|
|
509
524
|
success: false,
|
|
510
|
-
error: new AuthError(
|
|
525
|
+
error: new AuthError(
|
|
526
|
+
"invalid_request",
|
|
527
|
+
"No authorization code received"
|
|
528
|
+
)
|
|
511
529
|
};
|
|
512
530
|
}
|
|
513
531
|
const codeVerifier = await this.tokenManager.getCodeVerifier();
|
|
@@ -530,7 +548,11 @@ var DouveryAuthClient = class {
|
|
|
530
548
|
this.emit({ type: "LOGIN_SUCCESS", user, tokens });
|
|
531
549
|
return { success: true, user, tokens, returnTo: returnTo ?? void 0 };
|
|
532
550
|
} catch (error) {
|
|
533
|
-
const authError = error instanceof AuthError ? error : new AuthError(
|
|
551
|
+
const authError = error instanceof AuthError ? error : new AuthError(
|
|
552
|
+
"invalid_grant",
|
|
553
|
+
"Token exchange failed",
|
|
554
|
+
error
|
|
555
|
+
);
|
|
534
556
|
this.emit({ type: "LOGIN_ERROR", error: authError });
|
|
535
557
|
return { success: false, error: authError };
|
|
536
558
|
}
|
|
@@ -659,7 +681,10 @@ var DouveryAuthClient = class {
|
|
|
659
681
|
const discoveryUrl = `${this.config.issuer}/.well-known/openid-configuration`;
|
|
660
682
|
const response = await fetch(discoveryUrl);
|
|
661
683
|
if (!response.ok) {
|
|
662
|
-
throw new AuthError(
|
|
684
|
+
throw new AuthError(
|
|
685
|
+
"configuration_error",
|
|
686
|
+
"Failed to fetch discovery document"
|
|
687
|
+
);
|
|
663
688
|
}
|
|
664
689
|
this.discovery = await response.json();
|
|
665
690
|
return this.discovery;
|
|
@@ -672,7 +697,9 @@ var DouveryAuthClient = class {
|
|
|
672
697
|
if (refreshIn > 0) {
|
|
673
698
|
this.log(`Scheduling token refresh in ${Math.round(refreshIn / 1e3)}s`);
|
|
674
699
|
this.refreshTimer = setTimeout(() => {
|
|
675
|
-
this.refreshTokens().catch(
|
|
700
|
+
this.refreshTokens().catch(
|
|
701
|
+
(error) => this.log("Auto-refresh failed:", error)
|
|
702
|
+
);
|
|
676
703
|
}, refreshIn);
|
|
677
704
|
}
|
|
678
705
|
}
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/types.ts","../src/pkce.ts","../src/storage.ts","../src/client.ts"],"names":[],"mappings":";AA6LO,IAAM,SAAA,GAAN,cAAwB,KAAA,CAAM;AAAA,EACnC,WAAA,CACS,IAAA,EACP,OAAA,EACO,KAAA,EACP;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAJN,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAGP,IAAA,IAAA,CAAK,IAAA,GAAO,WAAA;AAAA,EACd;AACF;;;AC9LO,SAAS,oBAAA,CAAqB,SAAiB,EAAA,EAAY;AAChE,EAAA,MAAM,OAAA,GACJ,oEAAA;AACF,EAAA,MAAM,eAAe,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAClE,EAAA,OAAO,KAAA,CAAM,IAAA,CAAK,YAAY,CAAA,CAC3B,IAAI,CAAC,CAAA,KAAM,OAAA,CAAQ,CAAA,GAAI,OAAA,CAAQ,MAAM,CAAC,CAAA,CACtC,KAAK,EAAE,CAAA;AACZ;AAGO,SAAS,aAAA,GAAwB;AACtC,EAAA,OAAO,qBAAqB,EAAE,CAAA;AAChC;AAGO,SAAS,aAAA,GAAwB;AACtC,EAAA,OAAO,qBAAqB,EAAE,CAAA;AAChC;AAGA,eAAsB,sBAAsB,QAAA,EAAmC;AAC7E,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA;AACpC,EAAA,MAAM,aAAa,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,WAAW,IAAI,CAAA;AAC7D,EAAA,OAAO,gBAAgB,UAAU,CAAA;AACnC;AAGO,SAAS,gBAAgB,MAAA,EAA6B;AAC3D,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAA,IAAU,MAAA,CAAO,YAAA,CAAa,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACxC;AACA,EAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,EAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AACzE;AAGO,SAAS,gBAAgB,KAAA,EAA4B;AAC1D,EAAA,IAAI,MAAA,GAAS,MAAM,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AACvD,EAAA,MAAM,OAAA,GAAU,OAAO,MAAA,GAAS,CAAA;AAChC,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,MAAA,IAAU,GAAA,CAAI,MAAA,CAAO,CAAA,GAAI,OAAO,CAAA;AAAA,EAClC;AACA,EAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AAC1C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EAChC;AACA,EAAA,OAAO,KAAA,CAAM,MAAA;AACf;AAGA,eAAsB,gBAAA,GAAsC;AAC1D,EAAA,MAAM,eAAe,oBAAA,EAAqB;AAC1C,EAAA,MAAM,aAAA,GAAgB,MAAM,qBAAA,CAAsB,YAAY,CAAA;AAC9D,EAAA,OAAO;AAAA,IACL,YAAA;AAAA,IACA,aAAA;AAAA,IACA,mBAAA,EAAqB;AAAA,GACvB;AACF;AAGA,eAAsB,mBAAA,CACpB,QAAA,EACA,SAAA,EACA,MAAA,GAA2B,MAAA,EACT;AAClB,EAAA,IAAI,WAAW,OAAA,EAAS;AACtB,IAAA,OAAO,QAAA,KAAa,SAAA;AAAA,EACtB;AACA,EAAA,MAAM,iBAAA,GAAoB,MAAM,qBAAA,CAAsB,QAAQ,CAAA;AAC9D,EAAA,OAAO,iBAAA,KAAsB,SAAA;AAC/B;AAGO,SAAS,UAAuC,KAAA,EAAkB;AACvE,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA;AAC7B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,IAAI,MAAM,oBAAoB,CAAA;AAAA,EACtC;AACA,EAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,EAAA,MAAM,OAAA,GAAU,gBAAgB,OAAO,CAAA;AACvC,EAAA,MAAM,IAAA,GAAO,IAAI,WAAA,EAAY,CAAE,OAAO,OAAO,CAAA;AAC7C,EAAA,OAAO,IAAA,CAAK,MAAM,IAAI,CAAA;AACxB;AAGO,SAAS,cAAA,CAAe,KAAA,EAAe,SAAA,GAAoB,EAAA,EAAa;AAC7E,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,GAAU,UAA4B,KAAK,CAAA;AACjD,IAAA,IAAI,CAAC,QAAQ,GAAA,EAAK;AAChB,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,IAAA,OAAO,OAAA,CAAQ,MAAM,GAAA,GAAM,SAAA;AAAA,EAC7B,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAGO,SAAS,mBAAmB,KAAA,EAA8B;AAC/D,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,GAAU,UAA4B,KAAK,CAAA;AACjD,IAAA,OAAO,OAAA,CAAQ,GAAA,GAAM,OAAA,CAAQ,GAAA,GAAM,GAAA,GAAO,IAAA;AAAA,EAC5C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;;;AChHA,IAAM,cAAA,GAAiB,cAAA;AAEhB,IAAM,YAAA,GAA4B;AAAA,EACvC,WAAA,EAAa,GAAG,cAAc,CAAA,aAAA,CAAA;AAAA,EAC9B,YAAA,EAAc,GAAG,cAAc,CAAA,cAAA,CAAA;AAAA,EAC/B,OAAA,EAAS,GAAG,cAAc,CAAA,SAAA,CAAA;AAAA,EAC1B,SAAA,EAAW,GAAG,cAAc,CAAA,WAAA,CAAA;AAAA,EAC5B,KAAA,EAAO,GAAG,cAAc,CAAA,MAAA,CAAA;AAAA,EACxB,KAAA,EAAO,GAAG,cAAc,CAAA,MAAA,CAAA;AAAA,EACxB,YAAA,EAAc,GAAG,cAAc,CAAA,cAAA,CAAA;AAAA,EAC/B,QAAA,EAAU,GAAG,cAAc,CAAA,UAAA;AAC7B;AAGO,IAAM,gBAAN,MAA4C;AAAA,EACzC,KAAA,uBAAY,GAAA,EAAoB;AAAA,EAExC,IAAI,GAAA,EAA4B;AAC9B,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA,IAAK,IAAA;AAAA,EAChC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC3B;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,EACvB;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,MAAM,KAAA,EAAM;AAAA,EACnB;AACF;AAGO,IAAM,eAAN,MAA2C;AAAA,EAChD,IAAI,GAAA,EAA4B;AAC9B,IAAA,IAAI,OAAO,MAAA,KAAW,WAAA,EAAa,OAAO,IAAA;AAC1C,IAAA,OAAO,YAAA,CAAa,QAAQ,GAAG,CAAA;AAAA,EACjC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACnC,IAAA,YAAA,CAAa,OAAA,CAAQ,KAAK,KAAK,CAAA;AAAA,EACjC;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACnC,IAAA,YAAA,CAAa,WAAW,GAAG,CAAA;AAAA,EAC7B;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACnC,IAAA,MAAA,CAAO,MAAA,CAAO,YAAY,CAAA,CAAE,OAAA,CAAQ,CAAC,GAAA,KAAQ;AAC3C,MAAA,YAAA,CAAa,WAAW,GAAG,CAAA;AAAA,IAC7B,CAAC,CAAA;AAAA,EACH;AACF;AAGO,IAAM,iBAAN,MAA6C;AAAA,EAClD,IAAI,GAAA,EAA4B;AAC9B,IAAA,IAAI,OAAO,MAAA,KAAW,WAAA,EAAa,OAAO,IAAA;AAC1C,IAAA,OAAO,cAAA,CAAe,QAAQ,GAAG,CAAA;AAAA,EACnC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACnC,IAAA,cAAA,CAAe,OAAA,CAAQ,KAAK,KAAK,CAAA;AAAA,EACnC;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACnC,IAAA,cAAA,CAAe,WAAW,GAAG,CAAA;AAAA,EAC/B;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACnC,IAAA,MAAA,CAAO,MAAA,CAAO,YAAY,CAAA,CAAE,OAAA,CAAQ,CAAC,GAAA,KAAQ;AAC3C,MAAA,cAAA,CAAe,WAAW,GAAG,CAAA;AAAA,IAC/B,CAAC,CAAA;AAAA,EACH;AACF;AAGO,IAAM,gBAAN,MAA4C;AAAA,EACjD,WAAA,CACU,OAAA,GAMJ,EAAC,EACL;AAPQ,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAQR,IAAA,IAAA,CAAK,OAAA,GAAU,EAAE,IAAA,EAAM,GAAA,EAAK,QAAQ,IAAA,EAAM,QAAA,EAAU,KAAA,EAAO,GAAG,OAAA,EAAQ;AAAA,EACxE;AAAA,EAEA,IAAI,GAAA,EAA4B;AAC9B,IAAA,IAAI,OAAO,QAAA,KAAa,WAAA,EAAa,OAAO,IAAA;AAC5C,IAAA,MAAM,OAAA,GAAU,QAAA,CAAS,MAAA,CAAO,KAAA,CAAM,GAAG,CAAA;AACzC,IAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,MAAA,MAAM,CAAC,MAAM,KAAK,CAAA,GAAI,OAAO,IAAA,EAAK,CAAE,MAAM,GAAG,CAAA;AAC7C,MAAA,IAAI,SAAS,GAAA,EAAK;AAChB,QAAA,OAAO,mBAAmB,KAAK,CAAA;AAAA,MACjC;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,MAAM,KAAA,GAAQ,CAAC,CAAA,EAAG,GAAG,CAAA,CAAA,EAAI,kBAAA,CAAmB,KAAK,CAAC,CAAA,CAAA,EAAI,CAAA,KAAA,EAAQ,IAAA,CAAK,OAAA,CAAQ,IAAI,CAAA,CAAE,CAAA;AACjF,IAAA,IAAI,IAAA,CAAK,QAAQ,MAAA,EAAQ,KAAA,CAAM,KAAK,CAAA,OAAA,EAAU,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAA,CAAE,CAAA;AACnE,IAAA,IAAI,IAAA,CAAK,OAAA,CAAQ,MAAA,EAAQ,KAAA,CAAM,KAAK,QAAQ,CAAA;AAC5C,IAAA,IAAI,IAAA,CAAK,QAAQ,QAAA,EAAU,KAAA,CAAM,KAAK,CAAA,SAAA,EAAY,IAAA,CAAK,OAAA,CAAQ,QAAQ,CAAA,CAAE,CAAA;AACzE,IAAA,IAAI,IAAA,CAAK,QAAQ,MAAA,EAAQ,KAAA,CAAM,KAAK,CAAA,QAAA,EAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAA,CAAE,CAAA;AACpE,IAAA,QAAA,CAAS,MAAA,GAAS,KAAA,CAAM,IAAA,CAAK,IAAI,CAAA;AAAA,EACnC;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,QAAA,CAAS,SAAS,CAAA,EAAG,GAAG,CAAA,QAAA,EAAW,IAAA,CAAK,QAAQ,IAAI,CAAA,uCAAA,CAAA;AAAA,EACtD;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,MAAA,CAAO,MAAA,CAAO,YAAY,CAAA,CAAE,OAAA,CAAQ,CAAC,GAAA,KAAQ,IAAA,CAAK,MAAA,CAAO,GAAG,CAAC,CAAA;AAAA,EAC/D;AACF;AAGO,SAAS,cACd,IAAA,EACc;AACd,EAAA,QAAQ,IAAA;AAAM,IACZ,KAAK,cAAA;AACH,MAAA,OAAO,IAAI,YAAA,EAAa;AAAA,IAC1B,KAAK,gBAAA;AACH,MAAA,OAAO,IAAI,cAAA,EAAe;AAAA,IAC5B,KAAK,QAAA;AACH,MAAA,OAAO,IAAI,aAAA,EAAc;AAAA,IAC3B,KAAK,QAAA;AAAA,IACL;AACE,MAAA,OAAO,IAAI,aAAA,EAAc;AAAA;AAE/B;AAGO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,OAAA,EAAuB;AAAvB,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAAwB;AAAA,EAE5C,MAAM,SAAA,GAAuC;AAC3C,IAAA,MAAM,cAAc,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,aAAa,WAAW,CAAA;AACnE,IAAA,IAAI,CAAC,aAAa,OAAO,IAAA;AAEzB,IAAA,MAAM,eAAe,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,aAAa,YAAY,CAAA;AACrE,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,aAAa,OAAO,CAAA;AAC3D,IAAA,MAAM,YAAY,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,aAAa,SAAS,CAAA;AAE/D,IAAA,OAAO;AAAA,MACL,WAAA;AAAA,MACA,cAAc,YAAA,IAAgB,MAAA;AAAA,MAC9B,SAAS,OAAA,IAAW,MAAA;AAAA,MACpB,SAAA,EAAW,SAAA,GAAY,QAAA,CAAS,SAAA,EAAW,EAAE,CAAA,GAAI,CAAA;AAAA,MACjD,SAAA,EAAW,QAAA;AAAA,MACX,OAAO;AAAC,KACV;AAAA,EACF;AAAA,EAEA,MAAM,UAAU,MAAA,EAAkC;AAChD,IAAA,MAAM,KAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,WAAA,EAAa,OAAO,WAAW,CAAA;AACnE,IAAA,MAAM,IAAA,CAAK,QAAQ,GAAA,CAAI,YAAA,CAAa,WAAW,MAAA,CAAO,SAAA,CAAU,UAAU,CAAA;AAC1E,IAAA,IAAI,OAAO,YAAA,EAAc;AACvB,MAAA,MAAM,KAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,YAAA,EAAc,OAAO,YAAY,CAAA;AAAA,IACvE;AACA,IAAA,IAAI,OAAO,OAAA,EAAS;AAClB,MAAA,MAAM,KAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,OAAA,EAAS,OAAO,OAAO,CAAA;AAAA,IAC7D;AAAA,EACF;AAAA,EAEA,MAAM,WAAA,GAA6B;AACjC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,WAAW,CAAA;AAClD,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,YAAY,CAAA;AACnD,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,OAAO,CAAA;AAC9C,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,SAAS,CAAA;AAAA,EAClD;AAAA,EAEA,MAAM,UAAU,KAAA,EAA8B;AAC5C,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,OAAO,KAAK,CAAA;AAAA,EAClD;AAAA,EAEA,MAAM,QAAA,GAAmC;AACvC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,KAAK,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,UAAA,GAA4B;AAChC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,KAAK,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,UAAU,KAAA,EAA8B;AAC5C,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,OAAO,KAAK,CAAA;AAAA,EAClD;AAAA,EAEA,MAAM,QAAA,GAAmC;AACvC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,KAAK,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,UAAA,GAA4B;AAChC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,KAAK,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,iBAAiB,QAAA,EAAiC;AACtD,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,cAAc,QAAQ,CAAA;AAAA,EAC5D;AAAA,EAEA,MAAM,eAAA,GAA0C;AAC9C,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,YAAY,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,iBAAA,GAAmC;AACvC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,YAAY,CAAA;AAAA,EACrD;AAAA,EAEA,MAAM,aAAa,GAAA,EAA4B;AAC7C,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,UAAU,GAAG,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,WAAA,GAAsC;AAC1C,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,QAAQ,CAAA;AAAA,EAC/C;AAAA,EAEA,MAAM,aAAA,GAA+B;AACnC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,QAAQ,CAAA;AAAA,EACjD;AAAA,EAEA,MAAM,QAAA,GAA0B;AAC9B,IAAA,MAAM,IAAA,CAAK,QAAQ,KAAA,EAAM;AAAA,EAC3B;AACF;;;ACxNA,IAAM,cAAA,GAAiB,0BAAA;AACvB,IAAM,cAAA,GAAiB,CAAC,QAAA,EAAU,SAAA,EAAW,OAAO,CAAA;AAE7C,IAAM,oBAAN,MAAwB;AAAA,EACrB,MAAA;AAAA,EAIA,YAAA;AAAA,EACA,SAAA,GAAkC,IAAA;AAAA,EAClC,aAAA,uBAA2C,GAAA,EAAI;AAAA,EAC/C,YAAA,GAAqD,IAAA;AAAA,EACrD,KAAA,GAAmB;AAAA,IACzB,MAAA,EAAQ,SAAA;AAAA,IACR,IAAA,EAAM,IAAA;AAAA,IACN,MAAA,EAAQ,IAAA;AAAA,IACR,KAAA,EAAO;AAAA,GACT;AAAA,EAEA,YAAY,MAAA,EAA2B;AACrC,IAAA,IAAA,CAAK,MAAA,GAAS;AAAA,MACZ,MAAA,EAAQ,cAAA;AAAA,MACR,MAAA,EAAQ,cAAA;AAAA,MACR,OAAA,EAAS,cAAA;AAAA,MACT,WAAA,EAAa,IAAA;AAAA,MACb,gBAAA,EAAkB,EAAA;AAAA,MAClB,KAAA,EAAO,KAAA;AAAA,MACP,GAAG;AAAA,KACL;AAEA,IAAA,MAAM,UACJ,MAAA,CAAO,aAAA,IAAiB,cAAc,IAAA,CAAK,MAAA,CAAO,WAAW,cAAc,CAAA;AAC7E,IAAA,IAAA,CAAK,YAAA,GAAe,IAAI,YAAA,CAAa,OAAO,CAAA;AAAA,EAC9C;AAAA;AAAA,EAGA,MAAM,UAAA,GAAiC;AACrC,IAAA,IAAA,CAAK,IAAI,6BAA6B,CAAA;AAEtC,IAAA,IAAI;AACF,MAAA,IAAI,IAAA,CAAK,YAAW,EAAG;AACrB,QAAA,IAAA,CAAK,IAAI,4BAA4B,CAAA;AACrC,QAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,cAAA,EAAe;AACzC,QAAA,IAAI,MAAA,CAAO,OAAA,IAAW,MAAA,CAAO,IAAA,IAAQ,OAAO,MAAA,EAAQ;AAClD,UAAA,IAAA,CAAK,WAAA,CAAY;AAAA,YACf,MAAA,EAAQ,eAAA;AAAA,YACR,MAAM,MAAA,CAAO,IAAA;AAAA,YACb,QAAQ,MAAA,CAAO,MAAA;AAAA,YACf,KAAA,EAAO;AAAA,WACR,CAAA;AACD,UAAA,IAAA,CAAK,gBAAA,EAAiB;AAAA,QACxB,CAAA,MAAO;AACL,UAAA,IAAA,CAAK,WAAA,CAAY;AAAA,YACf,MAAA,EAAQ,iBAAA;AAAA,YACR,IAAA,EAAM,IAAA;AAAA,YACN,MAAA,EAAQ,IAAA;AAAA,YACR,KAAA,EAAO,OAAO,KAAA,IAAS;AAAA,WACxB,CAAA;AAAA,QACH;AAAA,MACF,CAAA,MAAO;AACL,QAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,YAAA,CAAa,SAAA,EAAU;AACjD,QAAA,IAAI,MAAA,IAAU,OAAO,WAAA,EAAa;AAChC,UAAA,IAAI,CAAC,cAAA,CAAe,MAAA,CAAO,WAAW,CAAA,EAAG;AACvC,YAAA,IAAA,CAAK,IAAI,8BAA8B,CAAA;AACvC,YAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,OAAO,WAAW,CAAA;AACpD,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,MAAA,EAAQ,eAAA;AAAA,cACR,IAAA;AAAA,cACA,MAAA;AAAA,cACA,KAAA,EAAO;AAAA,aACR,CAAA;AACD,YAAA,IAAA,CAAK,gBAAA,EAAiB;AAAA,UACxB,CAAA,MAAA,IAAW,OAAO,YAAA,EAAc;AAC9B,YAAA,IAAA,CAAK,IAAI,6CAA6C,CAAA;AACtD,YAAA,MAAM,KAAK,aAAA,EAAc;AAAA,UAC3B,CAAA,MAAO;AACL,YAAA,IAAA,CAAK,IAAI,mCAAmC,CAAA;AAC5C,YAAA,MAAM,IAAA,CAAK,aAAa,WAAA,EAAY;AACpC,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,MAAA,EAAQ,iBAAA;AAAA,cACR,IAAA,EAAM,IAAA;AAAA,cACN,MAAA,EAAQ,IAAA;AAAA,cACR,KAAA,EAAO;AAAA,aACR,CAAA;AAAA,UACH;AAAA,QACF,CAAA,MAAO;AACL,UAAA,IAAA,CAAK,IAAI,2BAA2B,CAAA;AACpC,UAAA,IAAA,CAAK,WAAA,CAAY;AAAA,YACf,MAAA,EAAQ,iBAAA;AAAA,YACR,IAAA,EAAM,IAAA;AAAA,YACN,MAAA,EAAQ,IAAA;AAAA,YACR,KAAA,EAAO;AAAA,WACR,CAAA;AAAA,QACH;AAAA,MACF;AAEA,MAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,aAAA,EAAe,CAAA;AAAA,IACnC,SAAS,KAAA,EAAO;AACd,MAAA,IAAA,CAAK,GAAA,CAAI,yBAAyB,KAAK,CAAA;AACvC,MAAA,IAAA,CAAK,WAAA,CAAY;AAAA,QACf,MAAA,EAAQ,iBAAA;AAAA,QACR,IAAA,EAAM,IAAA;AAAA,QACN,MAAA,EAAQ,IAAA;AAAA,QACR,KAAA,EACE,iBAAiB,SAAA,GACb,KAAA,GACA,IAAI,SAAA,CAAU,eAAA,EAAiB,yBAAyB,KAAc;AAAA,OAC7E,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,IAAA,CAAK,KAAA;AAAA,EACd;AAAA;AAAA,EAGA,MAAM,KAAA,CAAM,OAAA,GAAwB,EAAC,EAAkB;AACrD,IAAA,IAAA,CAAK,IAAI,wBAAwB,CAAA;AACjC,IAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,eAAA,EAAiB,CAAA;AAEnC,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,MAAA,MAAM,IAAA,GAAO,MAAM,gBAAA,EAAiB;AACpC,MAAA,MAAM,QAAQ,aAAA,EAAc;AAC5B,MAAA,MAAM,QAAQ,aAAA,EAAc;AAE5B,MAAA,MAAM,IAAA,CAAK,YAAA,CAAa,SAAA,CAAU,KAAK,CAAA;AACvC,MAAA,MAAM,IAAA,CAAK,YAAA,CAAa,SAAA,CAAU,KAAK,CAAA;AACvC,MAAA,MAAM,IAAA,CAAK,YAAA,CAAa,gBAAA,CAAiB,IAAA,CAAK,YAAY,CAAA;AAE1D,MAAA,IAAI,QAAQ,QAAA,EAAU;AACpB,QAAA,MAAM,IAAA,CAAK,YAAA,CAAa,YAAA,CAAa,OAAA,CAAQ,QAAQ,CAAA;AAAA,MACvD;AAEA,MAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,QACjC,aAAA,EAAe,MAAA;AAAA,QACf,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,QACvB,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,QAC1B,KAAA,EAAO,IAAA,CAAK,MAAA,CAAO,MAAA,CAAQ,KAAK,GAAG,CAAA;AAAA,QACnC,KAAA;AAAA,QACA,KAAA;AAAA,QACA,gBAAgB,IAAA,CAAK,aAAA;AAAA,QACrB,uBAAuB,IAAA,CAAK,mBAAA;AAAA,QAC5B,GAAG,OAAA,CAAQ;AAAA,OACZ,CAAA;AAED,MAAA,IAAI,QAAQ,MAAA,EAAQ,MAAA,CAAO,GAAA,CAAI,QAAA,EAAU,QAAQ,MAAM,CAAA;AACvD,MAAA,IAAI,QAAQ,SAAA,EAAW,MAAA,CAAO,GAAA,CAAI,YAAA,EAAc,QAAQ,SAAS,CAAA;AACjE,MAAA,IAAI,QAAQ,SAAA,EAAW,MAAA,CAAO,GAAA,CAAI,YAAA,EAAc,QAAQ,SAAS,CAAA;AACjE,MAAA,IAAI,OAAA,CAAQ,WAAW,KAAA,CAAA,EAAW,MAAA,CAAO,IAAI,SAAA,EAAW,OAAA,CAAQ,MAAA,CAAO,QAAA,EAAU,CAAA;AACjF,MAAA,IAAI,QAAQ,SAAA,EAAW,MAAA,CAAO,GAAA,CAAI,YAAA,EAAc,QAAQ,SAAS,CAAA;AAEjE,MAAA,MAAM,OAAA,GAAU,CAAA,EAAG,SAAA,CAAU,sBAAsB,IAAI,MAAM,CAAA,CAAA;AAC7D,MAAA,IAAA,CAAK,GAAA,CAAI,mBAAmB,OAAO,CAAA;AAEnC,MAAA,MAAA,CAAO,SAAS,IAAA,GAAO,OAAA;AAAA,IACzB,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,SAAA,GACJ,iBAAiB,SAAA,GACb,KAAA,GACA,IAAI,SAAA,CAAU,qBAAA,EAAuB,gBAAgB,KAAc,CAAA;AACzE,MAAA,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,aAAA,EAAe,KAAA,EAAO,WAAW,CAAA;AACnD,MAAA,MAAM,SAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,MAAA,CAAO,OAAA,GAAyB,EAAC,EAAkB;AACvD,IAAA,IAAA,CAAK,IAAI,oBAAoB,CAAA;AAC7B,IAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,gBAAA,EAAkB,CAAA;AAEpC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,aAAa,QAAA,EAAS;AACjC,MAAA,IAAA,CAAK,gBAAA,EAAiB;AAEtB,MAAA,IAAA,CAAK,WAAA,CAAY;AAAA,QACf,MAAA,EAAQ,iBAAA;AAAA,QACR,IAAA,EAAM,IAAA;AAAA,QACN,MAAA,EAAQ,IAAA;AAAA,QACR,KAAA,EAAO;AAAA,OACR,CAAA;AAED,MAAA,IAAI,QAAQ,SAAA,EAAW;AACrB,QAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,gBAAA,EAAkB,CAAA;AACpC,QAAA;AAAA,MACF;AAEA,MAAA,IAAI,OAAA,CAAQ,cAAc,KAAA,EAAO;AAC/B,QAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,QAAA,IAAI,UAAU,oBAAA,EAAsB;AAClC,UAAA,MAAM,MAAA,GAAS,IAAI,eAAA,EAAgB;AACnC,UAAA,IAAI,IAAA,CAAK,KAAA,CAAM,MAAA,EAAQ,OAAA,EAAS;AAC9B,YAAA,MAAA,CAAO,GAAA,CAAI,eAAA,EAAiB,IAAA,CAAK,KAAA,CAAM,OAAO,OAAO,CAAA;AAAA,UACvD;AACA,UAAA,IAAI,OAAA,CAAQ,QAAA,IAAY,IAAA,CAAK,MAAA,CAAO,qBAAA,EAAuB;AACzD,YAAA,MAAA,CAAO,GAAA;AAAA,cACL,0BAAA;AAAA,cACA,OAAA,CAAQ,QAAA,IAAY,IAAA,CAAK,MAAA,CAAO;AAAA,aAClC;AAAA,UACF;AACA,UAAA,MAAA,CAAO,GAAA,CAAI,WAAA,EAAa,IAAA,CAAK,MAAA,CAAO,QAAQ,CAAA;AAE5C,UAAA,MAAM,SAAA,GAAY,CAAA,EAAG,SAAA,CAAU,oBAAoB,IAAI,MAAM,CAAA,CAAA;AAC7D,UAAA,IAAA,CAAK,GAAA,CAAI,0BAA0B,SAAS,CAAA;AAC5C,UAAA,MAAA,CAAO,SAAS,IAAA,GAAO,SAAA;AACvB,UAAA;AAAA,QACF;AAAA,MACF;AAEA,MAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,gBAAA,EAAkB,CAAA;AAEpC,MAAA,IAAI,QAAQ,QAAA,EAAU;AACpB,QAAA,MAAA,CAAO,QAAA,CAAS,OAAO,OAAA,CAAQ,QAAA;AAAA,MACjC;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,SAAA,GACJ,iBAAiB,SAAA,GACb,KAAA,GACA,IAAI,SAAA,CAAU,eAAA,EAAiB,iBAAiB,KAAc,CAAA;AACpE,MAAA,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,cAAA,EAAgB,KAAA,EAAO,WAAW,CAAA;AACpD,MAAA,MAAM,SAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA,EAGA,UAAA,GAAsB;AACpB,IAAA,IAAI,OAAO,MAAA,KAAW,WAAA,EAAa,OAAO,KAAA;AAC1C,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB,MAAA,CAAO,SAAS,MAAM,CAAA;AACzD,IAAA,OAAO,OAAO,GAAA,CAAI,MAAM,CAAA,IAAK,MAAA,CAAO,IAAI,OAAO,CAAA;AAAA,EACjD;AAAA;AAAA,EAGA,MAAM,cAAA,GAA0C;AAC9C,IAAA,IAAA,CAAK,IAAI,wBAAwB,CAAA;AAEjC,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,KAAA,EAAO,IAAI,SAAA,CAAU,qBAAA,EAAuB,kCAAkC;AAAA,OAChF;AAAA,IACF;AAEA,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB,MAAA,CAAO,SAAS,MAAM,CAAA;AACzD,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,GAAA,CAAI,MAAM,CAAA;AAC9B,IAAA,MAAM,UAAA,GAAa,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA;AACrC,IAAA,MAAM,UAAA,GAAa,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA;AACrC,IAAA,MAAM,gBAAA,GAAmB,MAAA,CAAO,GAAA,CAAI,mBAAmB,CAAA;AAEvD,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,MAAM,QAAQ,IAAI,SAAA;AAAA,QAChB,UAAA;AAAA,QACA,gBAAA,IAAoB;AAAA,OACtB;AACA,MAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAM;AAAA,IACjC;AAEA,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,YAAA,CAAa,QAAA,EAAS;AACpD,IAAA,IAAI,CAAC,UAAA,IAAc,UAAA,KAAe,UAAA,EAAY;AAC5C,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,KAAA,EAAO,IAAI,SAAA,CAAU,gBAAA,EAAkB,0BAA0B;AAAA,OACnE;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,KAAA,EAAO,IAAI,SAAA,CAAU,iBAAA,EAAmB,gCAAgC;AAAA,OAC1E;AAAA,IACF;AAEA,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,YAAA,CAAa,eAAA,EAAgB;AAC7D,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,KAAA,EAAO,IAAI,SAAA,CAAU,YAAA,EAAc,wBAAwB;AAAA,OAC7D;AAAA,IACF;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,YAAA,CAAa,MAAM,YAAY,CAAA;AACzD,MAAA,MAAM,IAAA,CAAK,YAAA,CAAa,SAAA,CAAU,MAAM,CAAA;AACxC,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,OAAO,WAAW,CAAA;AACpD,MAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,YAAA,CAAa,WAAA,EAAY;AAErD,MAAA,MAAM,IAAA,CAAK,aAAa,UAAA,EAAW;AACnC,MAAA,MAAM,IAAA,CAAK,aAAa,UAAA,EAAW;AACnC,MAAA,MAAM,IAAA,CAAK,aAAa,iBAAA,EAAkB;AAC1C,MAAA,MAAM,IAAA,CAAK,aAAa,aAAA,EAAc;AAEtC,MAAA,MAAA,CAAO,QAAQ,YAAA,CAAa,IAAI,EAAA,EAAI,MAAA,CAAO,SAAS,QAAQ,CAAA;AAE5D,MAAA,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,eAAA,EAAiB,IAAA,EAAM,QAAQ,CAAA;AAEjD,MAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,MAAM,MAAA,EAAQ,QAAA,EAAU,YAAY,KAAA,CAAA,EAAU;AAAA,IACxE,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,SAAA,GACJ,iBAAiB,SAAA,GACb,KAAA,GACA,IAAI,SAAA,CAAU,eAAA,EAAiB,yBAAyB,KAAc,CAAA;AAC5E,MAAA,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,aAAA,EAAe,KAAA,EAAO,WAAW,CAAA;AACnD,MAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,SAAA,EAAU;AAAA,IAC5C;AAAA,EACF;AAAA,EAEA,MAAc,YAAA,CAAa,IAAA,EAAc,YAAA,EAA0C;AACjF,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAE1C,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,SAAA,CAAU,cAAA,EAAgB;AAAA,MACrD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,mCAAA,EAAoC;AAAA,MAC/D,IAAA,EAAM,IAAI,eAAA,CAAgB;AAAA,QACxB,UAAA,EAAY,oBAAA;AAAA,QACZ,IAAA;AAAA,QACA,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,QAC1B,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,QACvB,aAAA,EAAe;AAAA,OAChB;AAAA,KACF,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,KAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,GAAO,KAAA,CAAM,OAAO,EAAC,CAAE,CAAA;AACpD,MAAA,MAAM,IAAI,SAAA;AAAA,QACR,MAAM,KAAA,IAAS,eAAA;AAAA,QACf,MAAM,iBAAA,IAAqB;AAAA,OAC7B;AAAA,IACF;AAEA,IAAA,MAAM,QAAA,GAAqB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC/C,IAAA,OAAO,IAAA,CAAK,eAAe,QAAQ,CAAA;AAAA,EACrC;AAAA;AAAA,EAGA,MAAM,aAAA,GAAoC;AACxC,IAAA,IAAA,CAAK,IAAI,sBAAsB,CAAA;AAE/B,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,YAAA,CAAa,SAAA,EAAU;AACjD,IAAA,IAAI,CAAC,QAAQ,YAAA,EAAc;AACzB,MAAA,MAAM,IAAI,SAAA,CAAU,sBAAA,EAAwB,4BAA4B,CAAA;AAAA,IAC1E;AAEA,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAE1C,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,SAAA,CAAU,cAAA,EAAgB;AAAA,MACrD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,mCAAA,EAAoC;AAAA,MAC/D,IAAA,EAAM,IAAI,eAAA,CAAgB;AAAA,QACxB,UAAA,EAAY,eAAA;AAAA,QACZ,eAAe,MAAA,CAAO,YAAA;AAAA,QACtB,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,OACxB;AAAA,KACF,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,KAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,GAAO,KAAA,CAAM,OAAO,EAAC,CAAE,CAAA;AACpD,MAAA,MAAM,YAAY,IAAI,SAAA;AAAA,QACpB,MAAM,KAAA,IAAS,sBAAA;AAAA,QACf,MAAM,iBAAA,IAAqB;AAAA,OAC7B;AACA,MAAA,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,qBAAA,EAAuB,KAAA,EAAO,WAAW,CAAA;AAC3D,MAAA,MAAM,IAAA,CAAK,aAAa,WAAA,EAAY;AACpC,MAAA,IAAA,CAAK,WAAA,CAAY;AAAA,QACf,MAAA,EAAQ,iBAAA;AAAA,QACR,IAAA,EAAM,IAAA;AAAA,QACN,MAAA,EAAQ,IAAA;AAAA,QACR,KAAA,EAAO;AAAA,OACR,CAAA;AACD,MAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,iBAAA,EAAmB,CAAA;AACrC,MAAA,MAAM,SAAA;AAAA,IACR;AAEA,IAAA,MAAM,QAAA,GAAqB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC/C,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,cAAA,CAAe,QAAQ,CAAA;AAC9C,IAAA,MAAM,IAAA,CAAK,YAAA,CAAa,SAAA,CAAU,SAAS,CAAA;AAE3C,IAAA,MAAM,IAAA,GAAO,UAAU,OAAA,GACnB,IAAA,CAAK,uBAAuB,SAAA,CAAU,OAAO,CAAA,GAC7C,IAAA,CAAK,KAAA,CAAM,IAAA;AAEf,IAAA,IAAA,CAAK,WAAA,CAAY,EAAE,GAAG,IAAA,CAAK,OAAO,MAAA,EAAQ,SAAA,EAAW,MAAM,CAAA;AAC3D,IAAA,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,iBAAA,EAAmB,MAAA,EAAQ,WAAW,CAAA;AACxD,IAAA,IAAA,CAAK,gBAAA,EAAiB;AAEtB,IAAA,OAAO,SAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,cAAA,GAAyC;AAC7C,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,YAAA,CAAa,SAAA,EAAU;AACjD,IAAA,IAAI,CAAC,QAAQ,OAAO,IAAA;AAEpB,IAAA,IAAI,cAAA,CAAe,MAAA,CAAO,WAAW,CAAA,EAAG;AACtC,MAAA,IAAI,OAAO,YAAA,EAAc;AACvB,QAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,aAAA,EAAc;AAC3C,QAAA,OAAO,SAAA,CAAU,WAAA;AAAA,MACnB;AACA,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,OAAO,MAAA,CAAO,WAAA;AAAA,EAChB;AAAA,EAEQ,eAAe,QAAA,EAA+B;AACpD,IAAA,OAAO;AAAA,MACL,aAAa,QAAA,CAAS,YAAA;AAAA,MACtB,cAAc,QAAA,CAAS,aAAA;AAAA,MACvB,SAAS,QAAA,CAAS,QAAA;AAAA,MAClB,SAAA,EAAW,IAAA,CAAK,GAAA,EAAI,GAAI,SAAS,UAAA,GAAa,GAAA;AAAA,MAC9C,WAAW,QAAA,CAAS,UAAA;AAAA,MACpB,OAAO,QAAA,CAAS,KAAA,EAAO,KAAA,CAAM,GAAG,KAAK;AAAC,KACxC;AAAA,EACF;AAAA,EAEA,MAAc,UAAU,WAAA,EAAoC;AAC1D,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAE1C,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,SAAA,CAAU,iBAAA,EAAmB;AAAA,MACxD,OAAA,EAAS,EAAE,aAAA,EAAe,CAAA,OAAA,EAAU,WAAW,CAAA,CAAA;AAAG,KACnD,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,IAAI,SAAA,CAAU,eAAA,EAAiB,2BAA2B,CAAA;AAAA,IAClE;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,QAAA,CAAS,IAAA,EAAK;AACrC,IAAA,OAAO,IAAA,CAAK,cAAc,QAAQ,CAAA;AAAA,EACpC;AAAA,EAEQ,uBAAuB,OAAA,EAAuB;AACpD,IAAA,MAAM,MAAA,GAAS,UAA0B,OAAO,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEQ,cAAc,MAAA,EAAuC;AAC3D,IAAA,OAAO;AAAA,MACL,IAAI,MAAA,CAAO,GAAA;AAAA,MACX,OAAO,MAAA,CAAO,KAAA;AAAA,MACd,eAAe,MAAA,CAAO,cAAA;AAAA,MACtB,MAAM,MAAA,CAAO,IAAA;AAAA,MACb,WAAW,MAAA,CAAO,UAAA;AAAA,MAClB,UAAU,MAAA,CAAO,WAAA;AAAA,MACjB,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,aAAa,MAAA,CAAO,YAAA;AAAA,MACpB,qBAAqB,MAAA,CAAO,qBAAA;AAAA,MAC5B,QAAQ,MAAA,CAAO,MAAA;AAAA,MACf,GAAG;AAAA,KACL;AAAA,EACF;AAAA,EAEA,MAAc,YAAA,GAAuC;AACnD,IAAA,IAAI,IAAA,CAAK,SAAA,EAAW,OAAO,IAAA,CAAK,SAAA;AAChC,IAAA,MAAM,YAAA,GAAe,CAAA,EAAG,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,iCAAA,CAAA;AAC1C,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,YAAY,CAAA;AACzC,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,IAAI,SAAA,CAAU,qBAAA,EAAuB,oCAAoC,CAAA;AAAA,IACjF;AACA,IAAA,IAAA,CAAK,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACrC,IAAA,OAAO,IAAA,CAAK,SAAA;AAAA,EACd;AAAA,EAEQ,gBAAA,GAAyB;AAC/B,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,eAAe,CAAC,IAAA,CAAK,MAAM,MAAA,EAAQ;AACpD,IAAA,IAAA,CAAK,gBAAA,EAAiB;AACtB,IAAA,MAAM,YAAY,IAAA,CAAK,KAAA,CAAM,MAAA,CAAO,SAAA,GAAY,KAAK,GAAA,EAAI;AACzD,IAAA,MAAM,SAAA,GAAY,SAAA,GAAY,IAAA,CAAK,MAAA,CAAO,gBAAA,GAAoB,GAAA;AAC9D,IAAA,IAAI,YAAY,CAAA,EAAG;AACjB,MAAA,IAAA,CAAK,IAAI,CAAA,4BAAA,EAA+B,IAAA,CAAK,MAAM,SAAA,GAAY,GAAI,CAAC,CAAA,CAAA,CAAG,CAAA;AACvE,MAAA,IAAA,CAAK,YAAA,GAAe,WAAW,MAAM;AACnC,QAAA,IAAA,CAAK,aAAA,GAAgB,KAAA,CAAM,CAAC,UAAU,IAAA,CAAK,GAAA,CAAI,sBAAA,EAAwB,KAAK,CAAC,CAAA;AAAA,MAC/E,GAAG,SAAS,CAAA;AAAA,IACd;AAAA,EACF;AAAA,EAEQ,gBAAA,GAAyB;AAC/B,IAAA,IAAI,KAAK,YAAA,EAAc;AACrB,MAAA,YAAA,CAAa,KAAK,YAAY,CAAA;AAC9B,MAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AAAA,IACtB;AAAA,EACF;AAAA,EAEA,QAAA,GAAsB;AACpB,IAAA,OAAO,EAAE,GAAG,IAAA,CAAK,KAAA,EAAM;AAAA,EACzB;AAAA,EAEA,eAAA,GAA2B;AACzB,IAAA,OAAO,IAAA,CAAK,MAAM,MAAA,KAAW,eAAA;AAAA,EAC/B;AAAA,EAEA,OAAA,GAAuB;AACrB,IAAA,OAAO,KAAK,KAAA,CAAM,IAAA;AAAA,EACpB;AAAA,EAEA,UAAU,OAAA,EAAuC;AAC/C,IAAA,IAAA,CAAK,aAAA,CAAc,IAAI,OAAO,CAAA;AAC9B,IAAA,OAAO,MAAM,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,OAAO,CAAA;AAAA,EAChD;AAAA,EAEQ,YAAY,QAAA,EAA2B;AAC7C,IAAA,IAAA,CAAK,KAAA,GAAQ,QAAA;AAAA,EACf;AAAA,EAEQ,KAAK,KAAA,EAAwB;AACnC,IAAA,IAAA,CAAK,aAAA,CAAc,OAAA,CAAQ,CAAC,OAAA,KAAY;AACtC,MAAA,IAAI;AACF,QAAA,OAAA,CAAQ,KAAK,CAAA;AAAA,MACf,SAAS,KAAA,EAAO;AACd,QAAA,OAAA,CAAQ,KAAA,CAAM,wBAAwB,KAAK,CAAA;AAAA,MAC7C;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AAAA,EAEQ,OAAO,IAAA,EAAuB;AACpC,IAAA,IAAI,IAAA,CAAK,OAAO,KAAA,EAAO;AACrB,MAAA,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,GAAG,IAAI,CAAA;AAAA,IACtC;AAAA,EACF;AACF;AAGO,SAAS,kBAAkB,MAAA,EAA8C;AAC9E,EAAA,OAAO,IAAI,kBAAkB,MAAM,CAAA;AACrC","file":"index.js","sourcesContent":["/**\n * @douvery/auth - Core Types\n * OAuth 2.0/OIDC type definitions\n */\n\n// ============================================\n// Configuration Types\n// ============================================\n\nexport interface DouveryAuthConfig {\n /** OAuth Client ID */\n clientId: string;\n /** Authorization server base URL @default \"https://auth.douvery.com\" */\n issuer?: string;\n /** Redirect URI after authentication */\n redirectUri: string;\n /** Post-logout redirect URI */\n postLogoutRedirectUri?: string;\n /** OAuth scopes to request @default [\"openid\", \"profile\", \"email\"] */\n scopes?: string[];\n /** Token storage strategy @default \"localStorage\" */\n storage?: \"localStorage\" | \"sessionStorage\" | \"memory\" | \"cookie\";\n /** Custom storage implementation */\n customStorage?: TokenStorage;\n /** Auto-refresh tokens before expiry @default true */\n autoRefresh?: boolean;\n /** Seconds before expiry to trigger refresh @default 60 */\n refreshThreshold?: number;\n /** Enable debug logging @default false */\n debug?: boolean;\n}\n\n// ============================================\n// Token Types\n// ============================================\n\nexport interface TokenSet {\n access_token: string;\n token_type: string;\n expires_in: number;\n refresh_token?: string;\n id_token?: string;\n scope?: string;\n}\n\nexport interface TokenInfo {\n accessToken: string;\n refreshToken?: string;\n idToken?: string;\n expiresAt: number;\n tokenType: string;\n scope: string[];\n}\n\nexport interface DecodedIdToken {\n iss: string;\n sub: string;\n aud: string;\n exp: number;\n iat: number;\n auth_time?: number;\n nonce?: string;\n acr?: string;\n amr?: string[];\n azp?: string;\n at_hash?: string;\n c_hash?: string;\n name?: string;\n given_name?: string;\n family_name?: string;\n middle_name?: string;\n nickname?: string;\n preferred_username?: string;\n profile?: string;\n picture?: string;\n website?: string;\n email?: string;\n email_verified?: boolean;\n gender?: string;\n birthdate?: string;\n zoneinfo?: string;\n locale?: string;\n phone_number?: string;\n phone_number_verified?: boolean;\n address?: {\n formatted?: string;\n street_address?: string;\n locality?: string;\n region?: string;\n postal_code?: string;\n country?: string;\n };\n updated_at?: number;\n [key: string]: unknown;\n}\n\n// ============================================\n// User Types\n// ============================================\n\nexport interface User {\n id: string;\n email?: string;\n emailVerified?: boolean;\n name?: string;\n firstName?: string;\n lastName?: string;\n picture?: string;\n phoneNumber?: string;\n phoneNumberVerified?: boolean;\n locale?: string;\n [key: string]: unknown;\n}\n\n// ============================================\n// Auth State Types\n// ============================================\n\nexport type AuthStatus = \"loading\" | \"authenticated\" | \"unauthenticated\";\n\nexport interface AuthState {\n status: AuthStatus;\n user: User | null;\n tokens: TokenInfo | null;\n error: AuthError | null;\n}\n\n// ============================================\n// PKCE Types\n// ============================================\n\nexport interface PKCEPair {\n codeVerifier: string;\n codeChallenge: string;\n codeChallengeMethod: \"S256\";\n}\n\nexport interface AuthorizationParams {\n state: string;\n nonce: string;\n codeVerifier: string;\n codeChallenge: string;\n redirectUri: string;\n}\n\n// ============================================\n// Storage Types\n// ============================================\n\nexport interface TokenStorage {\n get(key: string): string | null | Promise<string | null>;\n set(key: string, value: string): void | Promise<void>;\n remove(key: string): void | Promise<void>;\n clear(): void | Promise<void>;\n}\n\nexport interface StorageKeys {\n accessToken: string;\n refreshToken: string;\n idToken: string;\n expiresAt: string;\n state: string;\n nonce: string;\n codeVerifier: string;\n returnTo: string;\n}\n\n// ============================================\n// Event Types\n// ============================================\n\nexport type AuthEvent =\n | { type: \"INITIALIZED\" }\n | { type: \"LOGIN_STARTED\" }\n | { type: \"LOGIN_SUCCESS\"; user: User; tokens: TokenInfo }\n | { type: \"LOGIN_ERROR\"; error: AuthError }\n | { type: \"LOGOUT_STARTED\" }\n | { type: \"LOGOUT_SUCCESS\" }\n | { type: \"LOGOUT_ERROR\"; error: AuthError }\n | { type: \"TOKEN_REFRESHED\"; tokens: TokenInfo }\n | { type: \"TOKEN_REFRESH_ERROR\"; error: AuthError }\n | { type: \"SESSION_EXPIRED\" };\n\nexport type AuthEventHandler = (event: AuthEvent) => void;\n\n// ============================================\n// Error Types\n// ============================================\n\nexport class AuthError extends Error {\n constructor(\n public code: AuthErrorCode,\n message: string,\n public cause?: Error\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\nexport type AuthErrorCode =\n | \"invalid_request\"\n | \"invalid_client\"\n | \"invalid_grant\"\n | \"unauthorized_client\"\n | \"unsupported_grant_type\"\n | \"invalid_scope\"\n | \"access_denied\"\n | \"server_error\"\n | \"temporarily_unavailable\"\n | \"login_required\"\n | \"consent_required\"\n | \"interaction_required\"\n | \"invalid_token\"\n | \"insufficient_scope\"\n | \"token_expired\"\n | \"token_refresh_failed\"\n | \"pkce_error\"\n | \"state_mismatch\"\n | \"nonce_mismatch\"\n | \"network_error\"\n | \"configuration_error\"\n | \"unknown_error\";\n\n// ============================================\n// Discovery Types\n// ============================================\n\nexport interface OIDCDiscovery {\n issuer: string;\n authorization_endpoint: string;\n token_endpoint: string;\n userinfo_endpoint: string;\n jwks_uri: string;\n revocation_endpoint?: string;\n introspection_endpoint?: string;\n end_session_endpoint?: string;\n registration_endpoint?: string;\n scopes_supported: string[];\n response_types_supported: string[];\n response_modes_supported?: string[];\n grant_types_supported: string[];\n token_endpoint_auth_methods_supported?: string[];\n subject_types_supported: string[];\n id_token_signing_alg_values_supported: string[];\n claims_supported?: string[];\n code_challenge_methods_supported?: string[];\n}\n\n// ============================================\n// Callback Types\n// ============================================\n\nexport interface CallbackParams {\n code?: string;\n state?: string;\n error?: string;\n error_description?: string;\n}\n\nexport interface CallbackResult {\n success: boolean;\n user?: User;\n tokens?: TokenInfo;\n error?: AuthError;\n returnTo?: string;\n}\n\n// ============================================\n// Login Options\n// ============================================\n\nexport interface LoginOptions {\n /** URL to return to after login */\n returnTo?: string;\n /** Additional authorization parameters */\n authorizationParams?: Record<string, string>;\n /** Prompt parameter (none, login, consent, select_account) */\n prompt?: \"none\" | \"login\" | \"consent\" | \"select_account\";\n /** Login hint (email or identifier) */\n loginHint?: string;\n /** UI locales preference */\n uiLocales?: string;\n /** Maximum authentication age in seconds */\n maxAge?: number;\n /** ACR values requested */\n acrValues?: string;\n}\n\nexport interface LogoutOptions {\n /** URL to return to after logout */\n returnTo?: string;\n /** Whether to federate logout (end session at IdP) @default true */\n federated?: boolean;\n /** Only clear local session, don't redirect @default false */\n localOnly?: boolean;\n}\n","/**\n * @douvery/auth - PKCE Utilities\n * RFC 7636 - Proof Key for Code Exchange\n */\n\nimport type { PKCEPair } from \"./types\";\n\n/** Generate a cryptographically random string for use as code_verifier */\nexport function generateCodeVerifier(length: number = 64): string {\n const charset =\n \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~\";\n const randomValues = crypto.getRandomValues(new Uint8Array(length));\n return Array.from(randomValues)\n .map((v) => charset[v % charset.length])\n .join(\"\");\n}\n\n/** Generate a random state parameter for CSRF protection */\nexport function generateState(): string {\n return generateCodeVerifier(32);\n}\n\n/** Generate a random nonce for replay attack protection */\nexport function generateNonce(): string {\n return generateCodeVerifier(32);\n}\n\n/** Create SHA-256 hash and encode as base64url */\nexport async function generateCodeChallenge(verifier: string): Promise<string> {\n const encoder = new TextEncoder();\n const data = encoder.encode(verifier);\n const hashBuffer = await crypto.subtle.digest(\"SHA-256\", data);\n return base64UrlEncode(hashBuffer);\n}\n\n/** Encode ArrayBuffer as base64url (RFC 4648 Section 5) */\nexport function base64UrlEncode(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = \"\";\n for (let i = 0; i < bytes.length; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n const base64 = btoa(binary);\n return base64.replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n}\n\n/** Decode base64url string to ArrayBuffer */\nexport function base64UrlDecode(input: string): ArrayBuffer {\n let base64 = input.replace(/-/g, \"+\").replace(/_/g, \"/\");\n const padding = base64.length % 4;\n if (padding) {\n base64 += \"=\".repeat(4 - padding);\n }\n const binary = atob(base64);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes.buffer;\n}\n\n/** Generate a complete PKCE pair (verifier + challenge) */\nexport async function generatePKCEPair(): Promise<PKCEPair> {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = await generateCodeChallenge(codeVerifier);\n return {\n codeVerifier,\n codeChallenge,\n codeChallengeMethod: \"S256\",\n };\n}\n\n/** Verify a code_verifier against a code_challenge */\nexport async function verifyCodeChallenge(\n verifier: string,\n challenge: string,\n method: \"S256\" | \"plain\" = \"S256\"\n): Promise<boolean> {\n if (method === \"plain\") {\n return verifier === challenge;\n }\n const computedChallenge = await generateCodeChallenge(verifier);\n return computedChallenge === challenge;\n}\n\n/** Parse and decode a JWT token (without verification) */\nexport function decodeJWT<T = Record<string, unknown>>(token: string): T {\n const parts = token.split(\".\");\n if (parts.length !== 3) {\n throw new Error(\"Invalid JWT format\");\n }\n const payload = parts[1];\n const decoded = base64UrlDecode(payload);\n const text = new TextDecoder().decode(decoded);\n return JSON.parse(text) as T;\n}\n\n/** Check if a JWT token is expired */\nexport function isTokenExpired(token: string, clockSkew: number = 60): boolean {\n try {\n const payload = decodeJWT<{ exp?: number }>(token);\n if (!payload.exp) {\n return false;\n }\n const now = Math.floor(Date.now() / 1000);\n return payload.exp < now - clockSkew;\n } catch {\n return true;\n }\n}\n\n/** Get token expiration timestamp */\nexport function getTokenExpiration(token: string): number | null {\n try {\n const payload = decodeJWT<{ exp?: number }>(token);\n return payload.exp ? payload.exp * 1000 : null;\n } catch {\n return null;\n }\n}\n","/**\n * @douvery/auth - Token Storage\n * Abstraction for token persistence\n */\n\nimport type { TokenStorage, StorageKeys, TokenInfo } from \"./types\";\n\nconst DEFAULT_PREFIX = \"douvery_auth\";\n\nexport const STORAGE_KEYS: StorageKeys = {\n accessToken: `${DEFAULT_PREFIX}_access_token`,\n refreshToken: `${DEFAULT_PREFIX}_refresh_token`,\n idToken: `${DEFAULT_PREFIX}_id_token`,\n expiresAt: `${DEFAULT_PREFIX}_expires_at`,\n state: `${DEFAULT_PREFIX}_state`,\n nonce: `${DEFAULT_PREFIX}_nonce`,\n codeVerifier: `${DEFAULT_PREFIX}_code_verifier`,\n returnTo: `${DEFAULT_PREFIX}_return_to`,\n};\n\n/** In-memory storage implementation */\nexport class MemoryStorage implements TokenStorage {\n private store = new Map<string, string>();\n\n get(key: string): string | null {\n return this.store.get(key) ?? null;\n }\n\n set(key: string, value: string): void {\n this.store.set(key, value);\n }\n\n remove(key: string): void {\n this.store.delete(key);\n }\n\n clear(): void {\n this.store.clear();\n }\n}\n\n/** LocalStorage implementation */\nexport class LocalStorage implements TokenStorage {\n get(key: string): string | null {\n if (typeof window === \"undefined\") return null;\n return localStorage.getItem(key);\n }\n\n set(key: string, value: string): void {\n if (typeof window === \"undefined\") return;\n localStorage.setItem(key, value);\n }\n\n remove(key: string): void {\n if (typeof window === \"undefined\") return;\n localStorage.removeItem(key);\n }\n\n clear(): void {\n if (typeof window === \"undefined\") return;\n Object.values(STORAGE_KEYS).forEach((key) => {\n localStorage.removeItem(key);\n });\n }\n}\n\n/** SessionStorage implementation */\nexport class SessionStorage implements TokenStorage {\n get(key: string): string | null {\n if (typeof window === \"undefined\") return null;\n return sessionStorage.getItem(key);\n }\n\n set(key: string, value: string): void {\n if (typeof window === \"undefined\") return;\n sessionStorage.setItem(key, value);\n }\n\n remove(key: string): void {\n if (typeof window === \"undefined\") return;\n sessionStorage.removeItem(key);\n }\n\n clear(): void {\n if (typeof window === \"undefined\") return;\n Object.values(STORAGE_KEYS).forEach((key) => {\n sessionStorage.removeItem(key);\n });\n }\n}\n\n/** Cookie storage implementation (for SSR compatibility) */\nexport class CookieStorage implements TokenStorage {\n constructor(\n private options: {\n path?: string;\n domain?: string;\n secure?: boolean;\n sameSite?: \"Strict\" | \"Lax\" | \"None\";\n maxAge?: number;\n } = {}\n ) {\n this.options = { path: \"/\", secure: true, sameSite: \"Lax\", ...options };\n }\n\n get(key: string): string | null {\n if (typeof document === \"undefined\") return null;\n const cookies = document.cookie.split(\";\");\n for (const cookie of cookies) {\n const [name, value] = cookie.trim().split(\"=\");\n if (name === key) {\n return decodeURIComponent(value);\n }\n }\n return null;\n }\n\n set(key: string, value: string): void {\n if (typeof document === \"undefined\") return;\n const parts = [`${key}=${encodeURIComponent(value)}`, `path=${this.options.path}`];\n if (this.options.domain) parts.push(`domain=${this.options.domain}`);\n if (this.options.secure) parts.push(\"secure\");\n if (this.options.sameSite) parts.push(`samesite=${this.options.sameSite}`);\n if (this.options.maxAge) parts.push(`max-age=${this.options.maxAge}`);\n document.cookie = parts.join(\"; \");\n }\n\n remove(key: string): void {\n if (typeof document === \"undefined\") return;\n document.cookie = `${key}=; path=${this.options.path}; expires=Thu, 01 Jan 1970 00:00:00 GMT`;\n }\n\n clear(): void {\n Object.values(STORAGE_KEYS).forEach((key) => this.remove(key));\n }\n}\n\n/** Create storage instance based on type */\nexport function createStorage(\n type: \"localStorage\" | \"sessionStorage\" | \"memory\" | \"cookie\"\n): TokenStorage {\n switch (type) {\n case \"localStorage\":\n return new LocalStorage();\n case \"sessionStorage\":\n return new SessionStorage();\n case \"cookie\":\n return new CookieStorage();\n case \"memory\":\n default:\n return new MemoryStorage();\n }\n}\n\n/** Token manager for handling token persistence */\nexport class TokenManager {\n constructor(private storage: TokenStorage) {}\n\n async getTokens(): Promise<TokenInfo | null> {\n const accessToken = await this.storage.get(STORAGE_KEYS.accessToken);\n if (!accessToken) return null;\n\n const refreshToken = await this.storage.get(STORAGE_KEYS.refreshToken);\n const idToken = await this.storage.get(STORAGE_KEYS.idToken);\n const expiresAt = await this.storage.get(STORAGE_KEYS.expiresAt);\n\n return {\n accessToken,\n refreshToken: refreshToken ?? undefined,\n idToken: idToken ?? undefined,\n expiresAt: expiresAt ? parseInt(expiresAt, 10) : 0,\n tokenType: \"Bearer\",\n scope: [],\n };\n }\n\n async setTokens(tokens: TokenInfo): Promise<void> {\n await this.storage.set(STORAGE_KEYS.accessToken, tokens.accessToken);\n await this.storage.set(STORAGE_KEYS.expiresAt, tokens.expiresAt.toString());\n if (tokens.refreshToken) {\n await this.storage.set(STORAGE_KEYS.refreshToken, tokens.refreshToken);\n }\n if (tokens.idToken) {\n await this.storage.set(STORAGE_KEYS.idToken, tokens.idToken);\n }\n }\n\n async clearTokens(): Promise<void> {\n await this.storage.remove(STORAGE_KEYS.accessToken);\n await this.storage.remove(STORAGE_KEYS.refreshToken);\n await this.storage.remove(STORAGE_KEYS.idToken);\n await this.storage.remove(STORAGE_KEYS.expiresAt);\n }\n\n async saveState(state: string): Promise<void> {\n await this.storage.set(STORAGE_KEYS.state, state);\n }\n\n async getState(): Promise<string | null> {\n return this.storage.get(STORAGE_KEYS.state);\n }\n\n async clearState(): Promise<void> {\n await this.storage.remove(STORAGE_KEYS.state);\n }\n\n async saveNonce(nonce: string): Promise<void> {\n await this.storage.set(STORAGE_KEYS.nonce, nonce);\n }\n\n async getNonce(): Promise<string | null> {\n return this.storage.get(STORAGE_KEYS.nonce);\n }\n\n async clearNonce(): Promise<void> {\n await this.storage.remove(STORAGE_KEYS.nonce);\n }\n\n async saveCodeVerifier(verifier: string): Promise<void> {\n await this.storage.set(STORAGE_KEYS.codeVerifier, verifier);\n }\n\n async getCodeVerifier(): Promise<string | null> {\n return this.storage.get(STORAGE_KEYS.codeVerifier);\n }\n\n async clearCodeVerifier(): Promise<void> {\n await this.storage.remove(STORAGE_KEYS.codeVerifier);\n }\n\n async saveReturnTo(url: string): Promise<void> {\n await this.storage.set(STORAGE_KEYS.returnTo, url);\n }\n\n async getReturnTo(): Promise<string | null> {\n return this.storage.get(STORAGE_KEYS.returnTo);\n }\n\n async clearReturnTo(): Promise<void> {\n await this.storage.remove(STORAGE_KEYS.returnTo);\n }\n\n async clearAll(): Promise<void> {\n await this.storage.clear();\n }\n}\n","/**\n * @douvery/auth - Auth Client\n * Main OAuth 2.0/OIDC client implementation\n */\n\nimport type {\n DouveryAuthConfig,\n TokenSet,\n TokenInfo,\n User,\n AuthState,\n AuthEvent,\n AuthEventHandler,\n OIDCDiscovery,\n CallbackResult,\n LoginOptions,\n LogoutOptions,\n DecodedIdToken,\n} from \"./types\";\nimport { AuthError } from \"./types\";\nimport {\n generatePKCEPair,\n generateState,\n generateNonce,\n decodeJWT,\n isTokenExpired,\n} from \"./pkce\";\nimport { createStorage, TokenManager } from \"./storage\";\n\nconst DEFAULT_ISSUER = \"https://auth.douvery.com\";\nconst DEFAULT_SCOPES = [\"openid\", \"profile\", \"email\"];\n\nexport class DouveryAuthClient {\n private config: Required<\n Pick<DouveryAuthConfig, \"clientId\" | \"issuer\" | \"redirectUri\" | \"scopes\">\n > &\n DouveryAuthConfig;\n private tokenManager: TokenManager;\n private discovery: OIDCDiscovery | null = null;\n private eventHandlers: Set<AuthEventHandler> = new Set();\n private refreshTimer: ReturnType<typeof setTimeout> | null = null;\n private state: AuthState = {\n status: \"loading\",\n user: null,\n tokens: null,\n error: null,\n };\n\n constructor(config: DouveryAuthConfig) {\n this.config = {\n issuer: DEFAULT_ISSUER,\n scopes: DEFAULT_SCOPES,\n storage: \"localStorage\",\n autoRefresh: true,\n refreshThreshold: 60,\n debug: false,\n ...config,\n };\n\n const storage =\n config.customStorage ?? createStorage(this.config.storage ?? \"localStorage\");\n this.tokenManager = new TokenManager(storage);\n }\n\n /** Initialize the auth client */\n async initialize(): Promise<AuthState> {\n this.log(\"Initializing auth client...\");\n\n try {\n if (this.isCallback()) {\n this.log(\"Handling OAuth callback...\");\n const result = await this.handleCallback();\n if (result.success && result.user && result.tokens) {\n this.updateState({\n status: \"authenticated\",\n user: result.user,\n tokens: result.tokens,\n error: null,\n });\n this.setupAutoRefresh();\n } else {\n this.updateState({\n status: \"unauthenticated\",\n user: null,\n tokens: null,\n error: result.error ?? null,\n });\n }\n } else {\n const tokens = await this.tokenManager.getTokens();\n if (tokens && tokens.accessToken) {\n if (!isTokenExpired(tokens.accessToken)) {\n this.log(\"Found valid existing session\");\n const user = await this.fetchUser(tokens.accessToken);\n this.updateState({\n status: \"authenticated\",\n user,\n tokens,\n error: null,\n });\n this.setupAutoRefresh();\n } else if (tokens.refreshToken) {\n this.log(\"Access token expired, attempting refresh...\");\n await this.refreshTokens();\n } else {\n this.log(\"Session expired, no refresh token\");\n await this.tokenManager.clearTokens();\n this.updateState({\n status: \"unauthenticated\",\n user: null,\n tokens: null,\n error: null,\n });\n }\n } else {\n this.log(\"No existing session found\");\n this.updateState({\n status: \"unauthenticated\",\n user: null,\n tokens: null,\n error: null,\n });\n }\n }\n\n this.emit({ type: \"INITIALIZED\" });\n } catch (error) {\n this.log(\"Initialization error:\", error);\n this.updateState({\n status: \"unauthenticated\",\n user: null,\n tokens: null,\n error:\n error instanceof AuthError\n ? error\n : new AuthError(\"unknown_error\", \"Initialization failed\", error as Error),\n });\n }\n\n return this.state;\n }\n\n /** Start the login flow */\n async login(options: LoginOptions = {}): Promise<void> {\n this.log(\"Starting login flow...\");\n this.emit({ type: \"LOGIN_STARTED\" });\n\n try {\n const discovery = await this.getDiscovery();\n const pkce = await generatePKCEPair();\n const state = generateState();\n const nonce = generateNonce();\n\n await this.tokenManager.saveState(state);\n await this.tokenManager.saveNonce(nonce);\n await this.tokenManager.saveCodeVerifier(pkce.codeVerifier);\n\n if (options.returnTo) {\n await this.tokenManager.saveReturnTo(options.returnTo);\n }\n\n const params = new URLSearchParams({\n response_type: \"code\",\n client_id: this.config.clientId,\n redirect_uri: this.config.redirectUri,\n scope: this.config.scopes!.join(\" \"),\n state,\n nonce,\n code_challenge: pkce.codeChallenge,\n code_challenge_method: pkce.codeChallengeMethod,\n ...options.authorizationParams,\n });\n\n if (options.prompt) params.set(\"prompt\", options.prompt);\n if (options.loginHint) params.set(\"login_hint\", options.loginHint);\n if (options.uiLocales) params.set(\"ui_locales\", options.uiLocales);\n if (options.maxAge !== undefined) params.set(\"max_age\", options.maxAge.toString());\n if (options.acrValues) params.set(\"acr_values\", options.acrValues);\n\n const authUrl = `${discovery.authorization_endpoint}?${params}`;\n this.log(\"Redirecting to:\", authUrl);\n\n window.location.href = authUrl;\n } catch (error) {\n const authError =\n error instanceof AuthError\n ? error\n : new AuthError(\"configuration_error\", \"Login failed\", error as Error);\n this.emit({ type: \"LOGIN_ERROR\", error: authError });\n throw authError;\n }\n }\n\n /** Logout the user */\n async logout(options: LogoutOptions = {}): Promise<void> {\n this.log(\"Starting logout...\");\n this.emit({ type: \"LOGOUT_STARTED\" });\n\n try {\n await this.tokenManager.clearAll();\n this.clearAutoRefresh();\n\n this.updateState({\n status: \"unauthenticated\",\n user: null,\n tokens: null,\n error: null,\n });\n\n if (options.localOnly) {\n this.emit({ type: \"LOGOUT_SUCCESS\" });\n return;\n }\n\n if (options.federated !== false) {\n const discovery = await this.getDiscovery();\n if (discovery.end_session_endpoint) {\n const params = new URLSearchParams();\n if (this.state.tokens?.idToken) {\n params.set(\"id_token_hint\", this.state.tokens.idToken);\n }\n if (options.returnTo || this.config.postLogoutRedirectUri) {\n params.set(\n \"post_logout_redirect_uri\",\n options.returnTo || this.config.postLogoutRedirectUri!\n );\n }\n params.set(\"client_id\", this.config.clientId);\n\n const logoutUrl = `${discovery.end_session_endpoint}?${params}`;\n this.log(\"Redirecting to logout:\", logoutUrl);\n window.location.href = logoutUrl;\n return;\n }\n }\n\n this.emit({ type: \"LOGOUT_SUCCESS\" });\n\n if (options.returnTo) {\n window.location.href = options.returnTo;\n }\n } catch (error) {\n const authError =\n error instanceof AuthError\n ? error\n : new AuthError(\"unknown_error\", \"Logout failed\", error as Error);\n this.emit({ type: \"LOGOUT_ERROR\", error: authError });\n throw authError;\n }\n }\n\n /** Check if current URL is an OAuth callback */\n isCallback(): boolean {\n if (typeof window === \"undefined\") return false;\n const params = new URLSearchParams(window.location.search);\n return params.has(\"code\") || params.has(\"error\");\n }\n\n /** Handle the OAuth callback */\n async handleCallback(): Promise<CallbackResult> {\n this.log(\"Processing callback...\");\n\n if (typeof window === \"undefined\") {\n return {\n success: false,\n error: new AuthError(\"configuration_error\", \"Cannot handle callback on server\"),\n };\n }\n\n const params = new URLSearchParams(window.location.search);\n const code = params.get(\"code\");\n const stateParam = params.get(\"state\");\n const errorParam = params.get(\"error\");\n const errorDescription = params.get(\"error_description\");\n\n if (errorParam) {\n const error = new AuthError(\n errorParam as any,\n errorDescription ?? \"Authorization failed\"\n );\n return { success: false, error };\n }\n\n const savedState = await this.tokenManager.getState();\n if (!stateParam || stateParam !== savedState) {\n return {\n success: false,\n error: new AuthError(\"state_mismatch\", \"State parameter mismatch\"),\n };\n }\n\n if (!code) {\n return {\n success: false,\n error: new AuthError(\"invalid_request\", \"No authorization code received\"),\n };\n }\n\n const codeVerifier = await this.tokenManager.getCodeVerifier();\n if (!codeVerifier) {\n return {\n success: false,\n error: new AuthError(\"pkce_error\", \"No code verifier found\"),\n };\n }\n\n try {\n const tokens = await this.exchangeCode(code, codeVerifier);\n await this.tokenManager.setTokens(tokens);\n const user = await this.fetchUser(tokens.accessToken);\n const returnTo = await this.tokenManager.getReturnTo();\n\n await this.tokenManager.clearState();\n await this.tokenManager.clearNonce();\n await this.tokenManager.clearCodeVerifier();\n await this.tokenManager.clearReturnTo();\n\n window.history.replaceState({}, \"\", window.location.pathname);\n\n this.emit({ type: \"LOGIN_SUCCESS\", user, tokens });\n\n return { success: true, user, tokens, returnTo: returnTo ?? undefined };\n } catch (error) {\n const authError =\n error instanceof AuthError\n ? error\n : new AuthError(\"invalid_grant\", \"Token exchange failed\", error as Error);\n this.emit({ type: \"LOGIN_ERROR\", error: authError });\n return { success: false, error: authError };\n }\n }\n\n private async exchangeCode(code: string, codeVerifier: string): Promise<TokenInfo> {\n const discovery = await this.getDiscovery();\n\n const response = await fetch(discovery.token_endpoint, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({\n grant_type: \"authorization_code\",\n code,\n redirect_uri: this.config.redirectUri,\n client_id: this.config.clientId,\n code_verifier: codeVerifier,\n }),\n });\n\n if (!response.ok) {\n const error = await response.json().catch(() => ({}));\n throw new AuthError(\n error.error ?? \"invalid_grant\",\n error.error_description ?? \"Token exchange failed\"\n );\n }\n\n const tokenSet: TokenSet = await response.json();\n return this.tokenSetToInfo(tokenSet);\n }\n\n /** Refresh the access token */\n async refreshTokens(): Promise<TokenInfo> {\n this.log(\"Refreshing tokens...\");\n\n const tokens = await this.tokenManager.getTokens();\n if (!tokens?.refreshToken) {\n throw new AuthError(\"token_refresh_failed\", \"No refresh token available\");\n }\n\n const discovery = await this.getDiscovery();\n\n const response = await fetch(discovery.token_endpoint, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({\n grant_type: \"refresh_token\",\n refresh_token: tokens.refreshToken,\n client_id: this.config.clientId,\n }),\n });\n\n if (!response.ok) {\n const error = await response.json().catch(() => ({}));\n const authError = new AuthError(\n error.error ?? \"token_refresh_failed\",\n error.error_description ?? \"Token refresh failed\"\n );\n this.emit({ type: \"TOKEN_REFRESH_ERROR\", error: authError });\n await this.tokenManager.clearTokens();\n this.updateState({\n status: \"unauthenticated\",\n user: null,\n tokens: null,\n error: authError,\n });\n this.emit({ type: \"SESSION_EXPIRED\" });\n throw authError;\n }\n\n const tokenSet: TokenSet = await response.json();\n const newTokens = this.tokenSetToInfo(tokenSet);\n await this.tokenManager.setTokens(newTokens);\n\n const user = newTokens.idToken\n ? this.extractUserFromIdToken(newTokens.idToken)\n : this.state.user;\n\n this.updateState({ ...this.state, tokens: newTokens, user });\n this.emit({ type: \"TOKEN_REFRESHED\", tokens: newTokens });\n this.setupAutoRefresh();\n\n return newTokens;\n }\n\n /** Get current access token (auto-refreshes if needed) */\n async getAccessToken(): Promise<string | null> {\n const tokens = await this.tokenManager.getTokens();\n if (!tokens) return null;\n\n if (isTokenExpired(tokens.accessToken)) {\n if (tokens.refreshToken) {\n const newTokens = await this.refreshTokens();\n return newTokens.accessToken;\n }\n return null;\n }\n\n return tokens.accessToken;\n }\n\n private tokenSetToInfo(tokenSet: TokenSet): TokenInfo {\n return {\n accessToken: tokenSet.access_token,\n refreshToken: tokenSet.refresh_token,\n idToken: tokenSet.id_token,\n expiresAt: Date.now() + tokenSet.expires_in * 1000,\n tokenType: tokenSet.token_type,\n scope: tokenSet.scope?.split(\" \") ?? [],\n };\n }\n\n private async fetchUser(accessToken: string): Promise<User> {\n const discovery = await this.getDiscovery();\n\n const response = await fetch(discovery.userinfo_endpoint, {\n headers: { Authorization: `Bearer ${accessToken}` },\n });\n\n if (!response.ok) {\n throw new AuthError(\"invalid_token\", \"Failed to fetch user info\");\n }\n\n const userInfo = await response.json();\n return this.normalizeUser(userInfo);\n }\n\n private extractUserFromIdToken(idToken: string): User {\n const claims = decodeJWT<DecodedIdToken>(idToken);\n return this.normalizeUser(claims);\n }\n\n private normalizeUser(claims: Record<string, unknown>): User {\n return {\n id: claims.sub as string,\n email: claims.email as string | undefined,\n emailVerified: claims.email_verified as boolean | undefined,\n name: claims.name as string | undefined,\n firstName: claims.given_name as string | undefined,\n lastName: claims.family_name as string | undefined,\n picture: claims.picture as string | undefined,\n phoneNumber: claims.phone_number as string | undefined,\n phoneNumberVerified: claims.phone_number_verified as boolean | undefined,\n locale: claims.locale as string | undefined,\n ...claims,\n };\n }\n\n private async getDiscovery(): Promise<OIDCDiscovery> {\n if (this.discovery) return this.discovery;\n const discoveryUrl = `${this.config.issuer}/.well-known/openid-configuration`;\n const response = await fetch(discoveryUrl);\n if (!response.ok) {\n throw new AuthError(\"configuration_error\", \"Failed to fetch discovery document\");\n }\n this.discovery = await response.json();\n return this.discovery!;\n }\n\n private setupAutoRefresh(): void {\n if (!this.config.autoRefresh || !this.state.tokens) return;\n this.clearAutoRefresh();\n const expiresIn = this.state.tokens.expiresAt - Date.now();\n const refreshIn = expiresIn - this.config.refreshThreshold! * 1000;\n if (refreshIn > 0) {\n this.log(`Scheduling token refresh in ${Math.round(refreshIn / 1000)}s`);\n this.refreshTimer = setTimeout(() => {\n this.refreshTokens().catch((error) => this.log(\"Auto-refresh failed:\", error));\n }, refreshIn);\n }\n }\n\n private clearAutoRefresh(): void {\n if (this.refreshTimer) {\n clearTimeout(this.refreshTimer);\n this.refreshTimer = null;\n }\n }\n\n getState(): AuthState {\n return { ...this.state };\n }\n\n isAuthenticated(): boolean {\n return this.state.status === \"authenticated\";\n }\n\n getUser(): User | null {\n return this.state.user;\n }\n\n subscribe(handler: AuthEventHandler): () => void {\n this.eventHandlers.add(handler);\n return () => this.eventHandlers.delete(handler);\n }\n\n private updateState(newState: AuthState): void {\n this.state = newState;\n }\n\n private emit(event: AuthEvent): void {\n this.eventHandlers.forEach((handler) => {\n try {\n handler(event);\n } catch (error) {\n console.error(\"Event handler error:\", error);\n }\n });\n }\n\n private log(...args: unknown[]): void {\n if (this.config.debug) {\n console.log(\"[DouveryAuth]\", ...args);\n }\n }\n}\n\n/** Create a new DouveryAuthClient instance */\nexport function createDouveryAuth(config: DouveryAuthConfig): DouveryAuthClient {\n return new DouveryAuthClient(config);\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/types.ts","../src/pkce.ts","../src/storage.ts","../src/client.ts"],"names":[],"mappings":";AA6LO,IAAM,SAAA,GAAN,cAAwB,KAAA,CAAM;AAAA,EACnC,WAAA,CACS,IAAA,EACP,OAAA,EACO,KAAA,EACP;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAJN,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAGP,IAAA,IAAA,CAAK,IAAA,GAAO,WAAA;AAAA,EACd;AACF;;;AC9LO,SAAS,oBAAA,CAAqB,SAAiB,EAAA,EAAY;AAChE,EAAA,MAAM,OAAA,GACJ,oEAAA;AACF,EAAA,MAAM,eAAe,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAClE,EAAA,OAAO,KAAA,CAAM,IAAA,CAAK,YAAY,CAAA,CAC3B,IAAI,CAAC,CAAA,KAAM,OAAA,CAAQ,CAAA,GAAI,OAAA,CAAQ,MAAM,CAAC,CAAA,CACtC,KAAK,EAAE,CAAA;AACZ;AAGO,SAAS,aAAA,GAAwB;AACtC,EAAA,OAAO,qBAAqB,EAAE,CAAA;AAChC;AAGO,SAAS,aAAA,GAAwB;AACtC,EAAA,OAAO,qBAAqB,EAAE,CAAA;AAChC;AAGA,eAAsB,sBAAsB,QAAA,EAAmC;AAC7E,EAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA;AACpC,EAAA,MAAM,aAAa,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,WAAW,IAAI,CAAA;AAC7D,EAAA,OAAO,gBAAgB,UAAU,CAAA;AACnC;AAGO,SAAS,gBAAgB,MAAA,EAA6B;AAC3D,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAA,IAAU,MAAA,CAAO,YAAA,CAAa,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACxC;AACA,EAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,EAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AACzE;AAGO,SAAS,gBAAgB,KAAA,EAA4B;AAC1D,EAAA,IAAI,MAAA,GAAS,MAAM,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AACvD,EAAA,MAAM,OAAA,GAAU,OAAO,MAAA,GAAS,CAAA;AAChC,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,MAAA,IAAU,GAAA,CAAI,MAAA,CAAO,CAAA,GAAI,OAAO,CAAA;AAAA,EAClC;AACA,EAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AAC1C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EAChC;AACA,EAAA,OAAO,KAAA,CAAM,MAAA;AACf;AAGA,eAAsB,gBAAA,GAAsC;AAC1D,EAAA,MAAM,eAAe,oBAAA,EAAqB;AAC1C,EAAA,MAAM,aAAA,GAAgB,MAAM,qBAAA,CAAsB,YAAY,CAAA;AAC9D,EAAA,OAAO;AAAA,IACL,YAAA;AAAA,IACA,aAAA;AAAA,IACA,mBAAA,EAAqB;AAAA,GACvB;AACF;AAGA,eAAsB,mBAAA,CACpB,QAAA,EACA,SAAA,EACA,MAAA,GAA2B,MAAA,EACT;AAClB,EAAA,IAAI,WAAW,OAAA,EAAS;AACtB,IAAA,OAAO,QAAA,KAAa,SAAA;AAAA,EACtB;AACA,EAAA,MAAM,iBAAA,GAAoB,MAAM,qBAAA,CAAsB,QAAQ,CAAA;AAC9D,EAAA,OAAO,iBAAA,KAAsB,SAAA;AAC/B;AAGO,SAAS,UAAuC,KAAA,EAAkB;AACvE,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA;AAC7B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,IAAI,MAAM,oBAAoB,CAAA;AAAA,EACtC;AACA,EAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,EAAA,MAAM,OAAA,GAAU,gBAAgB,OAAO,CAAA;AACvC,EAAA,MAAM,IAAA,GAAO,IAAI,WAAA,EAAY,CAAE,OAAO,OAAO,CAAA;AAC7C,EAAA,OAAO,IAAA,CAAK,MAAM,IAAI,CAAA;AACxB;AAGO,SAAS,cAAA,CAAe,KAAA,EAAe,SAAA,GAAoB,EAAA,EAAa;AAC7E,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,GAAU,UAA4B,KAAK,CAAA;AACjD,IAAA,IAAI,CAAC,QAAQ,GAAA,EAAK;AAChB,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,IAAA,OAAO,OAAA,CAAQ,MAAM,GAAA,GAAM,SAAA;AAAA,EAC7B,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAGO,SAAS,mBAAmB,KAAA,EAA8B;AAC/D,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,GAAU,UAA4B,KAAK,CAAA;AACjD,IAAA,OAAO,OAAA,CAAQ,GAAA,GAAM,OAAA,CAAQ,GAAA,GAAM,GAAA,GAAO,IAAA;AAAA,EAC5C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;;;AChHA,IAAM,cAAA,GAAiB,cAAA;AAEhB,IAAM,YAAA,GAA4B;AAAA,EACvC,WAAA,EAAa,GAAG,cAAc,CAAA,aAAA,CAAA;AAAA,EAC9B,YAAA,EAAc,GAAG,cAAc,CAAA,cAAA,CAAA;AAAA,EAC/B,OAAA,EAAS,GAAG,cAAc,CAAA,SAAA,CAAA;AAAA,EAC1B,SAAA,EAAW,GAAG,cAAc,CAAA,WAAA,CAAA;AAAA,EAC5B,KAAA,EAAO,GAAG,cAAc,CAAA,MAAA,CAAA;AAAA,EACxB,KAAA,EAAO,GAAG,cAAc,CAAA,MAAA,CAAA;AAAA,EACxB,YAAA,EAAc,GAAG,cAAc,CAAA,cAAA,CAAA;AAAA,EAC/B,QAAA,EAAU,GAAG,cAAc,CAAA,UAAA;AAC7B;AAGO,IAAM,gBAAN,MAA4C;AAAA,EACzC,KAAA,uBAAY,GAAA,EAAoB;AAAA,EAExC,IAAI,GAAA,EAA4B;AAC9B,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA,IAAK,IAAA;AAAA,EAChC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC3B;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,EACvB;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,MAAM,KAAA,EAAM;AAAA,EACnB;AACF;AAGO,IAAM,eAAN,MAA2C;AAAA,EAChD,IAAI,GAAA,EAA4B;AAC9B,IAAA,IAAI,OAAO,MAAA,KAAW,WAAA,EAAa,OAAO,IAAA;AAC1C,IAAA,OAAO,YAAA,CAAa,QAAQ,GAAG,CAAA;AAAA,EACjC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACnC,IAAA,YAAA,CAAa,OAAA,CAAQ,KAAK,KAAK,CAAA;AAAA,EACjC;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACnC,IAAA,YAAA,CAAa,WAAW,GAAG,CAAA;AAAA,EAC7B;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACnC,IAAA,MAAA,CAAO,MAAA,CAAO,YAAY,CAAA,CAAE,OAAA,CAAQ,CAAC,GAAA,KAAQ;AAC3C,MAAA,YAAA,CAAa,WAAW,GAAG,CAAA;AAAA,IAC7B,CAAC,CAAA;AAAA,EACH;AACF;AAGO,IAAM,iBAAN,MAA6C;AAAA,EAClD,IAAI,GAAA,EAA4B;AAC9B,IAAA,IAAI,OAAO,MAAA,KAAW,WAAA,EAAa,OAAO,IAAA;AAC1C,IAAA,OAAO,cAAA,CAAe,QAAQ,GAAG,CAAA;AAAA,EACnC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACnC,IAAA,cAAA,CAAe,OAAA,CAAQ,KAAK,KAAK,CAAA;AAAA,EACnC;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACnC,IAAA,cAAA,CAAe,WAAW,GAAG,CAAA;AAAA,EAC/B;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACnC,IAAA,MAAA,CAAO,MAAA,CAAO,YAAY,CAAA,CAAE,OAAA,CAAQ,CAAC,GAAA,KAAQ;AAC3C,MAAA,cAAA,CAAe,WAAW,GAAG,CAAA;AAAA,IAC/B,CAAC,CAAA;AAAA,EACH;AACF;AAGO,IAAM,gBAAN,MAA4C;AAAA,EACjD,WAAA,CACU,OAAA,GAMJ,EAAC,EACL;AAPQ,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAQR,IAAA,IAAA,CAAK,OAAA,GAAU,EAAE,IAAA,EAAM,GAAA,EAAK,QAAQ,IAAA,EAAM,QAAA,EAAU,KAAA,EAAO,GAAG,OAAA,EAAQ;AAAA,EACxE;AAAA,EAEA,IAAI,GAAA,EAA4B;AAC9B,IAAA,IAAI,OAAO,QAAA,KAAa,WAAA,EAAa,OAAO,IAAA;AAC5C,IAAA,MAAM,OAAA,GAAU,QAAA,CAAS,MAAA,CAAO,KAAA,CAAM,GAAG,CAAA;AACzC,IAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,MAAA,MAAM,CAAC,MAAM,KAAK,CAAA,GAAI,OAAO,IAAA,EAAK,CAAE,MAAM,GAAG,CAAA;AAC7C,MAAA,IAAI,SAAS,GAAA,EAAK;AAChB,QAAA,OAAO,mBAAmB,KAAK,CAAA;AAAA,MACjC;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,MAAM,KAAA,GAAQ;AAAA,MACZ,CAAA,EAAG,GAAG,CAAA,CAAA,EAAI,kBAAA,CAAmB,KAAK,CAAC,CAAA,CAAA;AAAA,MACnC,CAAA,KAAA,EAAQ,IAAA,CAAK,OAAA,CAAQ,IAAI,CAAA;AAAA,KAC3B;AACA,IAAA,IAAI,IAAA,CAAK,QAAQ,MAAA,EAAQ,KAAA,CAAM,KAAK,CAAA,OAAA,EAAU,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAA,CAAE,CAAA;AACnE,IAAA,IAAI,IAAA,CAAK,OAAA,CAAQ,MAAA,EAAQ,KAAA,CAAM,KAAK,QAAQ,CAAA;AAC5C,IAAA,IAAI,IAAA,CAAK,QAAQ,QAAA,EAAU,KAAA,CAAM,KAAK,CAAA,SAAA,EAAY,IAAA,CAAK,OAAA,CAAQ,QAAQ,CAAA,CAAE,CAAA;AACzE,IAAA,IAAI,IAAA,CAAK,QAAQ,MAAA,EAAQ,KAAA,CAAM,KAAK,CAAA,QAAA,EAAW,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAA,CAAE,CAAA;AACpE,IAAA,QAAA,CAAS,MAAA,GAAS,KAAA,CAAM,IAAA,CAAK,IAAI,CAAA;AAAA,EACnC;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,QAAA,CAAS,SAAS,CAAA,EAAG,GAAG,CAAA,QAAA,EAAW,IAAA,CAAK,QAAQ,IAAI,CAAA,uCAAA,CAAA;AAAA,EACtD;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,MAAA,CAAO,MAAA,CAAO,YAAY,CAAA,CAAE,OAAA,CAAQ,CAAC,GAAA,KAAQ,IAAA,CAAK,MAAA,CAAO,GAAG,CAAC,CAAA;AAAA,EAC/D;AACF;AAGO,SAAS,cACd,IAAA,EACc;AACd,EAAA,QAAQ,IAAA;AAAM,IACZ,KAAK,cAAA;AACH,MAAA,OAAO,IAAI,YAAA,EAAa;AAAA,IAC1B,KAAK,gBAAA;AACH,MAAA,OAAO,IAAI,cAAA,EAAe;AAAA,IAC5B,KAAK,QAAA;AACH,MAAA,OAAO,IAAI,aAAA,EAAc;AAAA,IAC3B,KAAK,QAAA;AAAA,IACL;AACE,MAAA,OAAO,IAAI,aAAA,EAAc;AAAA;AAE/B;AAGO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,OAAA,EAAuB;AAAvB,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAAwB;AAAA,EAE5C,MAAM,SAAA,GAAuC;AAC3C,IAAA,MAAM,cAAc,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,aAAa,WAAW,CAAA;AACnE,IAAA,IAAI,CAAC,aAAa,OAAO,IAAA;AAEzB,IAAA,MAAM,eAAe,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,aAAa,YAAY,CAAA;AACrE,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,aAAa,OAAO,CAAA;AAC3D,IAAA,MAAM,YAAY,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,aAAa,SAAS,CAAA;AAE/D,IAAA,OAAO;AAAA,MACL,WAAA;AAAA,MACA,cAAc,YAAA,IAAgB,MAAA;AAAA,MAC9B,SAAS,OAAA,IAAW,MAAA;AAAA,MACpB,SAAA,EAAW,SAAA,GAAY,QAAA,CAAS,SAAA,EAAW,EAAE,CAAA,GAAI,CAAA;AAAA,MACjD,SAAA,EAAW,QAAA;AAAA,MACX,OAAO;AAAC,KACV;AAAA,EACF;AAAA,EAEA,MAAM,UAAU,MAAA,EAAkC;AAChD,IAAA,MAAM,KAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,WAAA,EAAa,OAAO,WAAW,CAAA;AACnE,IAAA,MAAM,IAAA,CAAK,QAAQ,GAAA,CAAI,YAAA,CAAa,WAAW,MAAA,CAAO,SAAA,CAAU,UAAU,CAAA;AAC1E,IAAA,IAAI,OAAO,YAAA,EAAc;AACvB,MAAA,MAAM,KAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,YAAA,EAAc,OAAO,YAAY,CAAA;AAAA,IACvE;AACA,IAAA,IAAI,OAAO,OAAA,EAAS;AAClB,MAAA,MAAM,KAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,OAAA,EAAS,OAAO,OAAO,CAAA;AAAA,IAC7D;AAAA,EACF;AAAA,EAEA,MAAM,WAAA,GAA6B;AACjC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,WAAW,CAAA;AAClD,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,YAAY,CAAA;AACnD,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,OAAO,CAAA;AAC9C,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,SAAS,CAAA;AAAA,EAClD;AAAA,EAEA,MAAM,UAAU,KAAA,EAA8B;AAC5C,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,OAAO,KAAK,CAAA;AAAA,EAClD;AAAA,EAEA,MAAM,QAAA,GAAmC;AACvC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,KAAK,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,UAAA,GAA4B;AAChC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,KAAK,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,UAAU,KAAA,EAA8B;AAC5C,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,OAAO,KAAK,CAAA;AAAA,EAClD;AAAA,EAEA,MAAM,QAAA,GAAmC;AACvC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,KAAK,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,UAAA,GAA4B;AAChC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,KAAK,CAAA;AAAA,EAC9C;AAAA,EAEA,MAAM,iBAAiB,QAAA,EAAiC;AACtD,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,cAAc,QAAQ,CAAA;AAAA,EAC5D;AAAA,EAEA,MAAM,eAAA,GAA0C;AAC9C,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,YAAY,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,iBAAA,GAAmC;AACvC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,YAAY,CAAA;AAAA,EACrD;AAAA,EAEA,MAAM,aAAa,GAAA,EAA4B;AAC7C,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,UAAU,GAAG,CAAA;AAAA,EACnD;AAAA,EAEA,MAAM,WAAA,GAAsC;AAC1C,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,YAAA,CAAa,QAAQ,CAAA;AAAA,EAC/C;AAAA,EAEA,MAAM,aAAA,GAA+B;AACnC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,YAAA,CAAa,QAAQ,CAAA;AAAA,EACjD;AAAA,EAEA,MAAM,QAAA,GAA0B;AAC9B,IAAA,MAAM,IAAA,CAAK,QAAQ,KAAA,EAAM;AAAA,EAC3B;AACF;;;AC3NA,IAAM,cAAA,GAAiB,0BAAA;AACvB,IAAM,cAAA,GAAiB,CAAC,QAAA,EAAU,SAAA,EAAW,OAAO,CAAA;AAE7C,IAAM,oBAAN,MAAwB;AAAA,EACrB,MAAA;AAAA,EAIA,YAAA;AAAA,EACA,SAAA,GAAkC,IAAA;AAAA,EAClC,aAAA,uBAA2C,GAAA,EAAI;AAAA,EAC/C,YAAA,GAAqD,IAAA;AAAA,EACrD,KAAA,GAAmB;AAAA,IACzB,MAAA,EAAQ,SAAA;AAAA,IACR,IAAA,EAAM,IAAA;AAAA,IACN,MAAA,EAAQ,IAAA;AAAA,IACR,KAAA,EAAO;AAAA,GACT;AAAA,EAEA,YAAY,MAAA,EAA2B;AACrC,IAAA,IAAA,CAAK,MAAA,GAAS;AAAA,MACZ,MAAA,EAAQ,cAAA;AAAA,MACR,MAAA,EAAQ,cAAA;AAAA,MACR,OAAA,EAAS,cAAA;AAAA,MACT,WAAA,EAAa,IAAA;AAAA,MACb,gBAAA,EAAkB,EAAA;AAAA,MAClB,KAAA,EAAO,KAAA;AAAA,MACP,GAAG;AAAA,KACL;AAEA,IAAA,MAAM,UACJ,MAAA,CAAO,aAAA,IACP,cAAc,IAAA,CAAK,MAAA,CAAO,WAAW,cAAc,CAAA;AACrD,IAAA,IAAA,CAAK,YAAA,GAAe,IAAI,YAAA,CAAa,OAAO,CAAA;AAAA,EAC9C;AAAA;AAAA,EAGA,MAAM,UAAA,GAAiC;AACrC,IAAA,IAAA,CAAK,IAAI,6BAA6B,CAAA;AAEtC,IAAA,IAAI;AACF,MAAA,IAAI,IAAA,CAAK,YAAW,EAAG;AACrB,QAAA,IAAA,CAAK,IAAI,4BAA4B,CAAA;AACrC,QAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,cAAA,EAAe;AACzC,QAAA,IAAI,MAAA,CAAO,OAAA,IAAW,MAAA,CAAO,IAAA,IAAQ,OAAO,MAAA,EAAQ;AAClD,UAAA,IAAA,CAAK,WAAA,CAAY;AAAA,YACf,MAAA,EAAQ,eAAA;AAAA,YACR,MAAM,MAAA,CAAO,IAAA;AAAA,YACb,QAAQ,MAAA,CAAO,MAAA;AAAA,YACf,KAAA,EAAO;AAAA,WACR,CAAA;AACD,UAAA,IAAA,CAAK,gBAAA,EAAiB;AAAA,QACxB,CAAA,MAAO;AACL,UAAA,IAAA,CAAK,WAAA,CAAY;AAAA,YACf,MAAA,EAAQ,iBAAA;AAAA,YACR,IAAA,EAAM,IAAA;AAAA,YACN,MAAA,EAAQ,IAAA;AAAA,YACR,KAAA,EAAO,OAAO,KAAA,IAAS;AAAA,WACxB,CAAA;AAAA,QACH;AAAA,MACF,CAAA,MAAO;AACL,QAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,YAAA,CAAa,SAAA,EAAU;AACjD,QAAA,IAAI,MAAA,IAAU,OAAO,WAAA,EAAa;AAChC,UAAA,IAAI,CAAC,cAAA,CAAe,MAAA,CAAO,WAAW,CAAA,EAAG;AACvC,YAAA,IAAA,CAAK,IAAI,8BAA8B,CAAA;AACvC,YAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,OAAO,WAAW,CAAA;AACpD,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,MAAA,EAAQ,eAAA;AAAA,cACR,IAAA;AAAA,cACA,MAAA;AAAA,cACA,KAAA,EAAO;AAAA,aACR,CAAA;AACD,YAAA,IAAA,CAAK,gBAAA,EAAiB;AAAA,UACxB,CAAA,MAAA,IAAW,OAAO,YAAA,EAAc;AAC9B,YAAA,IAAA,CAAK,IAAI,6CAA6C,CAAA;AACtD,YAAA,MAAM,KAAK,aAAA,EAAc;AAAA,UAC3B,CAAA,MAAO;AACL,YAAA,IAAA,CAAK,IAAI,mCAAmC,CAAA;AAC5C,YAAA,MAAM,IAAA,CAAK,aAAa,WAAA,EAAY;AACpC,YAAA,IAAA,CAAK,WAAA,CAAY;AAAA,cACf,MAAA,EAAQ,iBAAA;AAAA,cACR,IAAA,EAAM,IAAA;AAAA,cACN,MAAA,EAAQ,IAAA;AAAA,cACR,KAAA,EAAO;AAAA,aACR,CAAA;AAAA,UACH;AAAA,QACF,CAAA,MAAO;AACL,UAAA,IAAA,CAAK,IAAI,2BAA2B,CAAA;AACpC,UAAA,IAAA,CAAK,WAAA,CAAY;AAAA,YACf,MAAA,EAAQ,iBAAA;AAAA,YACR,IAAA,EAAM,IAAA;AAAA,YACN,MAAA,EAAQ,IAAA;AAAA,YACR,KAAA,EAAO;AAAA,WACR,CAAA;AAAA,QACH;AAAA,MACF;AAEA,MAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,aAAA,EAAe,CAAA;AAAA,IACnC,SAAS,KAAA,EAAO;AACd,MAAA,IAAA,CAAK,GAAA,CAAI,yBAAyB,KAAK,CAAA;AACvC,MAAA,IAAA,CAAK,WAAA,CAAY;AAAA,QACf,MAAA,EAAQ,iBAAA;AAAA,QACR,IAAA,EAAM,IAAA;AAAA,QACN,MAAA,EAAQ,IAAA;AAAA,QACR,KAAA,EACE,KAAA,YAAiB,SAAA,GACb,KAAA,GACA,IAAI,SAAA;AAAA,UACF,eAAA;AAAA,UACA,uBAAA;AAAA,UACA;AAAA;AACF,OACP,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,IAAA,CAAK,KAAA;AAAA,EACd;AAAA;AAAA,EAGA,MAAM,KAAA,CAAM,OAAA,GAAwB,EAAC,EAAkB;AACrD,IAAA,IAAA,CAAK,IAAI,wBAAwB,CAAA;AACjC,IAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,eAAA,EAAiB,CAAA;AAEnC,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,MAAA,MAAM,IAAA,GAAO,MAAM,gBAAA,EAAiB;AACpC,MAAA,MAAM,QAAQ,aAAA,EAAc;AAC5B,MAAA,MAAM,QAAQ,aAAA,EAAc;AAE5B,MAAA,MAAM,IAAA,CAAK,YAAA,CAAa,SAAA,CAAU,KAAK,CAAA;AACvC,MAAA,MAAM,IAAA,CAAK,YAAA,CAAa,SAAA,CAAU,KAAK,CAAA;AACvC,MAAA,MAAM,IAAA,CAAK,YAAA,CAAa,gBAAA,CAAiB,IAAA,CAAK,YAAY,CAAA;AAE1D,MAAA,IAAI,QAAQ,QAAA,EAAU;AACpB,QAAA,MAAM,IAAA,CAAK,YAAA,CAAa,YAAA,CAAa,OAAA,CAAQ,QAAQ,CAAA;AAAA,MACvD;AAEA,MAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,QACjC,aAAA,EAAe,MAAA;AAAA,QACf,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,QACvB,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,QAC1B,KAAA,EAAO,IAAA,CAAK,MAAA,CAAO,MAAA,CAAQ,KAAK,GAAG,CAAA;AAAA,QACnC,KAAA;AAAA,QACA,KAAA;AAAA,QACA,gBAAgB,IAAA,CAAK,aAAA;AAAA,QACrB,uBAAuB,IAAA,CAAK,mBAAA;AAAA,QAC5B,GAAG,OAAA,CAAQ;AAAA,OACZ,CAAA;AAED,MAAA,IAAI,QAAQ,MAAA,EAAQ,MAAA,CAAO,GAAA,CAAI,QAAA,EAAU,QAAQ,MAAM,CAAA;AACvD,MAAA,IAAI,QAAQ,SAAA,EAAW,MAAA,CAAO,GAAA,CAAI,YAAA,EAAc,QAAQ,SAAS,CAAA;AACjE,MAAA,IAAI,QAAQ,SAAA,EAAW,MAAA,CAAO,GAAA,CAAI,YAAA,EAAc,QAAQ,SAAS,CAAA;AACjE,MAAA,IAAI,QAAQ,MAAA,KAAW,KAAA,CAAA;AACrB,QAAA,MAAA,CAAO,GAAA,CAAI,SAAA,EAAW,OAAA,CAAQ,MAAA,CAAO,UAAU,CAAA;AACjD,MAAA,IAAI,QAAQ,SAAA,EAAW,MAAA,CAAO,GAAA,CAAI,YAAA,EAAc,QAAQ,SAAS,CAAA;AAEjE,MAAA,MAAM,OAAA,GAAU,CAAA,EAAG,SAAA,CAAU,sBAAsB,IAAI,MAAM,CAAA,CAAA;AAC7D,MAAA,IAAA,CAAK,GAAA,CAAI,mBAAmB,OAAO,CAAA;AAEnC,MAAA,MAAA,CAAO,SAAS,IAAA,GAAO,OAAA;AAAA,IACzB,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,SAAA,GACJ,KAAA,YAAiB,SAAA,GACb,KAAA,GACA,IAAI,SAAA;AAAA,QACF,qBAAA;AAAA,QACA,cAAA;AAAA,QACA;AAAA,OACF;AACN,MAAA,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,aAAA,EAAe,KAAA,EAAO,WAAW,CAAA;AACnD,MAAA,MAAM,SAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,MAAA,CAAO,OAAA,GAAyB,EAAC,EAAkB;AACvD,IAAA,IAAA,CAAK,IAAI,oBAAoB,CAAA;AAC7B,IAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,gBAAA,EAAkB,CAAA;AAEpC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,aAAa,QAAA,EAAS;AACjC,MAAA,IAAA,CAAK,gBAAA,EAAiB;AAEtB,MAAA,IAAA,CAAK,WAAA,CAAY;AAAA,QACf,MAAA,EAAQ,iBAAA;AAAA,QACR,IAAA,EAAM,IAAA;AAAA,QACN,MAAA,EAAQ,IAAA;AAAA,QACR,KAAA,EAAO;AAAA,OACR,CAAA;AAED,MAAA,IAAI,QAAQ,SAAA,EAAW;AACrB,QAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,gBAAA,EAAkB,CAAA;AACpC,QAAA;AAAA,MACF;AAEA,MAAA,IAAI,OAAA,CAAQ,cAAc,KAAA,EAAO;AAC/B,QAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAC1C,QAAA,IAAI,UAAU,oBAAA,EAAsB;AAClC,UAAA,MAAM,MAAA,GAAS,IAAI,eAAA,EAAgB;AACnC,UAAA,IAAI,IAAA,CAAK,KAAA,CAAM,MAAA,EAAQ,OAAA,EAAS;AAC9B,YAAA,MAAA,CAAO,GAAA,CAAI,eAAA,EAAiB,IAAA,CAAK,KAAA,CAAM,OAAO,OAAO,CAAA;AAAA,UACvD;AACA,UAAA,IAAI,OAAA,CAAQ,QAAA,IAAY,IAAA,CAAK,MAAA,CAAO,qBAAA,EAAuB;AACzD,YAAA,MAAA,CAAO,GAAA;AAAA,cACL,0BAAA;AAAA,cACA,OAAA,CAAQ,QAAA,IAAY,IAAA,CAAK,MAAA,CAAO;AAAA,aAClC;AAAA,UACF;AACA,UAAA,MAAA,CAAO,GAAA,CAAI,WAAA,EAAa,IAAA,CAAK,MAAA,CAAO,QAAQ,CAAA;AAE5C,UAAA,MAAM,SAAA,GAAY,CAAA,EAAG,SAAA,CAAU,oBAAoB,IAAI,MAAM,CAAA,CAAA;AAC7D,UAAA,IAAA,CAAK,GAAA,CAAI,0BAA0B,SAAS,CAAA;AAC5C,UAAA,MAAA,CAAO,SAAS,IAAA,GAAO,SAAA;AACvB,UAAA;AAAA,QACF;AAAA,MACF;AAEA,MAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,gBAAA,EAAkB,CAAA;AAEpC,MAAA,IAAI,QAAQ,QAAA,EAAU;AACpB,QAAA,MAAA,CAAO,QAAA,CAAS,OAAO,OAAA,CAAQ,QAAA;AAAA,MACjC;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,SAAA,GACJ,iBAAiB,SAAA,GACb,KAAA,GACA,IAAI,SAAA,CAAU,eAAA,EAAiB,iBAAiB,KAAc,CAAA;AACpE,MAAA,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,cAAA,EAAgB,KAAA,EAAO,WAAW,CAAA;AACpD,MAAA,MAAM,SAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA,EAGA,UAAA,GAAsB;AACpB,IAAA,IAAI,OAAO,MAAA,KAAW,WAAA,EAAa,OAAO,KAAA;AAC1C,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB,MAAA,CAAO,SAAS,MAAM,CAAA;AACzD,IAAA,OAAO,OAAO,GAAA,CAAI,MAAM,CAAA,IAAK,MAAA,CAAO,IAAI,OAAO,CAAA;AAAA,EACjD;AAAA;AAAA,EAGA,MAAM,cAAA,GAA0C;AAC9C,IAAA,IAAA,CAAK,IAAI,wBAAwB,CAAA;AAEjC,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,OAAO,IAAI,SAAA;AAAA,UACT,qBAAA;AAAA,UACA;AAAA;AACF,OACF;AAAA,IACF;AAEA,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB,MAAA,CAAO,SAAS,MAAM,CAAA;AACzD,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,GAAA,CAAI,MAAM,CAAA;AAC9B,IAAA,MAAM,UAAA,GAAa,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA;AACrC,IAAA,MAAM,UAAA,GAAa,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA;AACrC,IAAA,MAAM,gBAAA,GAAmB,MAAA,CAAO,GAAA,CAAI,mBAAmB,CAAA;AAEvD,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,MAAM,QAAQ,IAAI,SAAA;AAAA,QAChB,UAAA;AAAA,QACA,gBAAA,IAAoB;AAAA,OACtB;AACA,MAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAM;AAAA,IACjC;AAEA,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,YAAA,CAAa,QAAA,EAAS;AACpD,IAAA,IAAI,CAAC,UAAA,IAAc,UAAA,KAAe,UAAA,EAAY;AAC5C,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,KAAA,EAAO,IAAI,SAAA,CAAU,gBAAA,EAAkB,0BAA0B;AAAA,OACnE;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,OAAO,IAAI,SAAA;AAAA,UACT,iBAAA;AAAA,UACA;AAAA;AACF,OACF;AAAA,IACF;AAEA,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,YAAA,CAAa,eAAA,EAAgB;AAC7D,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,KAAA,EAAO,IAAI,SAAA,CAAU,YAAA,EAAc,wBAAwB;AAAA,OAC7D;AAAA,IACF;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,YAAA,CAAa,MAAM,YAAY,CAAA;AACzD,MAAA,MAAM,IAAA,CAAK,YAAA,CAAa,SAAA,CAAU,MAAM,CAAA;AACxC,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,OAAO,WAAW,CAAA;AACpD,MAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,YAAA,CAAa,WAAA,EAAY;AAErD,MAAA,MAAM,IAAA,CAAK,aAAa,UAAA,EAAW;AACnC,MAAA,MAAM,IAAA,CAAK,aAAa,UAAA,EAAW;AACnC,MAAA,MAAM,IAAA,CAAK,aAAa,iBAAA,EAAkB;AAC1C,MAAA,MAAM,IAAA,CAAK,aAAa,aAAA,EAAc;AAEtC,MAAA,MAAA,CAAO,QAAQ,YAAA,CAAa,IAAI,EAAA,EAAI,MAAA,CAAO,SAAS,QAAQ,CAAA;AAE5D,MAAA,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,eAAA,EAAiB,IAAA,EAAM,QAAQ,CAAA;AAEjD,MAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,MAAM,MAAA,EAAQ,QAAA,EAAU,YAAY,KAAA,CAAA,EAAU;AAAA,IACxE,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,SAAA,GACJ,KAAA,YAAiB,SAAA,GACb,KAAA,GACA,IAAI,SAAA;AAAA,QACF,eAAA;AAAA,QACA,uBAAA;AAAA,QACA;AAAA,OACF;AACN,MAAA,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,aAAA,EAAe,KAAA,EAAO,WAAW,CAAA;AACnD,MAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,SAAA,EAAU;AAAA,IAC5C;AAAA,EACF;AAAA,EAEA,MAAc,YAAA,CACZ,IAAA,EACA,YAAA,EACoB;AACpB,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAE1C,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,SAAA,CAAU,cAAA,EAAgB;AAAA,MACrD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,mCAAA,EAAoC;AAAA,MAC/D,IAAA,EAAM,IAAI,eAAA,CAAgB;AAAA,QACxB,UAAA,EAAY,oBAAA;AAAA,QACZ,IAAA;AAAA,QACA,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,QAC1B,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,QACvB,aAAA,EAAe;AAAA,OAChB;AAAA,KACF,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,KAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,GAAO,KAAA,CAAM,OAAO,EAAC,CAAE,CAAA;AACpD,MAAA,MAAM,IAAI,SAAA;AAAA,QACR,MAAM,KAAA,IAAS,eAAA;AAAA,QACf,MAAM,iBAAA,IAAqB;AAAA,OAC7B;AAAA,IACF;AAEA,IAAA,MAAM,QAAA,GAAqB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC/C,IAAA,OAAO,IAAA,CAAK,eAAe,QAAQ,CAAA;AAAA,EACrC;AAAA;AAAA,EAGA,MAAM,aAAA,GAAoC;AACxC,IAAA,IAAA,CAAK,IAAI,sBAAsB,CAAA;AAE/B,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,YAAA,CAAa,SAAA,EAAU;AACjD,IAAA,IAAI,CAAC,QAAQ,YAAA,EAAc;AACzB,MAAA,MAAM,IAAI,SAAA,CAAU,sBAAA,EAAwB,4BAA4B,CAAA;AAAA,IAC1E;AAEA,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAE1C,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,SAAA,CAAU,cAAA,EAAgB;AAAA,MACrD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,mCAAA,EAAoC;AAAA,MAC/D,IAAA,EAAM,IAAI,eAAA,CAAgB;AAAA,QACxB,UAAA,EAAY,eAAA;AAAA,QACZ,eAAe,MAAA,CAAO,YAAA;AAAA,QACtB,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,OACxB;AAAA,KACF,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,KAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,GAAO,KAAA,CAAM,OAAO,EAAC,CAAE,CAAA;AACpD,MAAA,MAAM,YAAY,IAAI,SAAA;AAAA,QACpB,MAAM,KAAA,IAAS,sBAAA;AAAA,QACf,MAAM,iBAAA,IAAqB;AAAA,OAC7B;AACA,MAAA,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,qBAAA,EAAuB,KAAA,EAAO,WAAW,CAAA;AAC3D,MAAA,MAAM,IAAA,CAAK,aAAa,WAAA,EAAY;AACpC,MAAA,IAAA,CAAK,WAAA,CAAY;AAAA,QACf,MAAA,EAAQ,iBAAA;AAAA,QACR,IAAA,EAAM,IAAA;AAAA,QACN,MAAA,EAAQ,IAAA;AAAA,QACR,KAAA,EAAO;AAAA,OACR,CAAA;AACD,MAAA,IAAA,CAAK,IAAA,CAAK,EAAE,IAAA,EAAM,iBAAA,EAAmB,CAAA;AACrC,MAAA,MAAM,SAAA;AAAA,IACR;AAEA,IAAA,MAAM,QAAA,GAAqB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC/C,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,cAAA,CAAe,QAAQ,CAAA;AAC9C,IAAA,MAAM,IAAA,CAAK,YAAA,CAAa,SAAA,CAAU,SAAS,CAAA;AAE3C,IAAA,MAAM,IAAA,GAAO,UAAU,OAAA,GACnB,IAAA,CAAK,uBAAuB,SAAA,CAAU,OAAO,CAAA,GAC7C,IAAA,CAAK,KAAA,CAAM,IAAA;AAEf,IAAA,IAAA,CAAK,WAAA,CAAY,EAAE,GAAG,IAAA,CAAK,OAAO,MAAA,EAAQ,SAAA,EAAW,MAAM,CAAA;AAC3D,IAAA,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,iBAAA,EAAmB,MAAA,EAAQ,WAAW,CAAA;AACxD,IAAA,IAAA,CAAK,gBAAA,EAAiB;AAEtB,IAAA,OAAO,SAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,cAAA,GAAyC;AAC7C,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,YAAA,CAAa,SAAA,EAAU;AACjD,IAAA,IAAI,CAAC,QAAQ,OAAO,IAAA;AAEpB,IAAA,IAAI,cAAA,CAAe,MAAA,CAAO,WAAW,CAAA,EAAG;AACtC,MAAA,IAAI,OAAO,YAAA,EAAc;AACvB,QAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,aAAA,EAAc;AAC3C,QAAA,OAAO,SAAA,CAAU,WAAA;AAAA,MACnB;AACA,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,OAAO,MAAA,CAAO,WAAA;AAAA,EAChB;AAAA,EAEQ,eAAe,QAAA,EAA+B;AACpD,IAAA,OAAO;AAAA,MACL,aAAa,QAAA,CAAS,YAAA;AAAA,MACtB,cAAc,QAAA,CAAS,aAAA;AAAA,MACvB,SAAS,QAAA,CAAS,QAAA;AAAA,MAClB,SAAA,EAAW,IAAA,CAAK,GAAA,EAAI,GAAI,SAAS,UAAA,GAAa,GAAA;AAAA,MAC9C,WAAW,QAAA,CAAS,UAAA;AAAA,MACpB,OAAO,QAAA,CAAS,KAAA,EAAO,KAAA,CAAM,GAAG,KAAK;AAAC,KACxC;AAAA,EACF;AAAA,EAEA,MAAc,UAAU,WAAA,EAAoC;AAC1D,IAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,EAAa;AAE1C,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,SAAA,CAAU,iBAAA,EAAmB;AAAA,MACxD,OAAA,EAAS,EAAE,aAAA,EAAe,CAAA,OAAA,EAAU,WAAW,CAAA,CAAA;AAAG,KACnD,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,IAAI,SAAA,CAAU,eAAA,EAAiB,2BAA2B,CAAA;AAAA,IAClE;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,QAAA,CAAS,IAAA,EAAK;AACrC,IAAA,OAAO,IAAA,CAAK,cAAc,QAAQ,CAAA;AAAA,EACpC;AAAA,EAEQ,uBAAuB,OAAA,EAAuB;AACpD,IAAA,MAAM,MAAA,GAAS,UAA0B,OAAO,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEQ,cAAc,MAAA,EAAuC;AAC3D,IAAA,OAAO;AAAA,MACL,IAAI,MAAA,CAAO,GAAA;AAAA,MACX,OAAO,MAAA,CAAO,KAAA;AAAA,MACd,eAAe,MAAA,CAAO,cAAA;AAAA,MACtB,MAAM,MAAA,CAAO,IAAA;AAAA,MACb,WAAW,MAAA,CAAO,UAAA;AAAA,MAClB,UAAU,MAAA,CAAO,WAAA;AAAA,MACjB,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,aAAa,MAAA,CAAO,YAAA;AAAA,MACpB,qBAAqB,MAAA,CAAO,qBAAA;AAAA,MAC5B,QAAQ,MAAA,CAAO,MAAA;AAAA,MACf,GAAG;AAAA,KACL;AAAA,EACF;AAAA,EAEA,MAAc,YAAA,GAAuC;AACnD,IAAA,IAAI,IAAA,CAAK,SAAA,EAAW,OAAO,IAAA,CAAK,SAAA;AAChC,IAAA,MAAM,YAAA,GAAe,CAAA,EAAG,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,iCAAA,CAAA;AAC1C,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,YAAY,CAAA;AACzC,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,IAAI,SAAA;AAAA,QACR,qBAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAA,CAAK,SAAA,GAAY,MAAM,QAAA,CAAS,IAAA,EAAK;AACrC,IAAA,OAAO,IAAA,CAAK,SAAA;AAAA,EACd;AAAA,EAEQ,gBAAA,GAAyB;AAC/B,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,eAAe,CAAC,IAAA,CAAK,MAAM,MAAA,EAAQ;AACpD,IAAA,IAAA,CAAK,gBAAA,EAAiB;AACtB,IAAA,MAAM,YAAY,IAAA,CAAK,KAAA,CAAM,MAAA,CAAO,SAAA,GAAY,KAAK,GAAA,EAAI;AACzD,IAAA,MAAM,SAAA,GAAY,SAAA,GAAY,IAAA,CAAK,MAAA,CAAO,gBAAA,GAAoB,GAAA;AAC9D,IAAA,IAAI,YAAY,CAAA,EAAG;AACjB,MAAA,IAAA,CAAK,IAAI,CAAA,4BAAA,EAA+B,IAAA,CAAK,MAAM,SAAA,GAAY,GAAI,CAAC,CAAA,CAAA,CAAG,CAAA;AACvE,MAAA,IAAA,CAAK,YAAA,GAAe,WAAW,MAAM;AACnC,QAAA,IAAA,CAAK,eAAc,CAAE,KAAA;AAAA,UAAM,CAAC,KAAA,KAC1B,IAAA,CAAK,GAAA,CAAI,wBAAwB,KAAK;AAAA,SACxC;AAAA,MACF,GAAG,SAAS,CAAA;AAAA,IACd;AAAA,EACF;AAAA,EAEQ,gBAAA,GAAyB;AAC/B,IAAA,IAAI,KAAK,YAAA,EAAc;AACrB,MAAA,YAAA,CAAa,KAAK,YAAY,CAAA;AAC9B,MAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AAAA,IACtB;AAAA,EACF;AAAA,EAEA,QAAA,GAAsB;AACpB,IAAA,OAAO,EAAE,GAAG,IAAA,CAAK,KAAA,EAAM;AAAA,EACzB;AAAA,EAEA,eAAA,GAA2B;AACzB,IAAA,OAAO,IAAA,CAAK,MAAM,MAAA,KAAW,eAAA;AAAA,EAC/B;AAAA,EAEA,OAAA,GAAuB;AACrB,IAAA,OAAO,KAAK,KAAA,CAAM,IAAA;AAAA,EACpB;AAAA,EAEA,UAAU,OAAA,EAAuC;AAC/C,IAAA,IAAA,CAAK,aAAA,CAAc,IAAI,OAAO,CAAA;AAC9B,IAAA,OAAO,MAAM,IAAA,CAAK,aAAA,CAAc,MAAA,CAAO,OAAO,CAAA;AAAA,EAChD;AAAA,EAEQ,YAAY,QAAA,EAA2B;AAC7C,IAAA,IAAA,CAAK,KAAA,GAAQ,QAAA;AAAA,EACf;AAAA,EAEQ,KAAK,KAAA,EAAwB;AACnC,IAAA,IAAA,CAAK,aAAA,CAAc,OAAA,CAAQ,CAAC,OAAA,KAAY;AACtC,MAAA,IAAI;AACF,QAAA,OAAA,CAAQ,KAAK,CAAA;AAAA,MACf,SAAS,KAAA,EAAO;AACd,QAAA,OAAA,CAAQ,KAAA,CAAM,wBAAwB,KAAK,CAAA;AAAA,MAC7C;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AAAA,EAEQ,OAAO,IAAA,EAAuB;AACpC,IAAA,IAAI,IAAA,CAAK,OAAO,KAAA,EAAO;AACrB,MAAA,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,GAAG,IAAI,CAAA;AAAA,IACtC;AAAA,EACF;AACF;AAGO,SAAS,kBACd,MAAA,EACmB;AACnB,EAAA,OAAO,IAAI,kBAAkB,MAAM,CAAA;AACrC","file":"index.js","sourcesContent":["/**\n * @douvery/auth - Core Types\n * OAuth 2.0/OIDC type definitions\n */\n\n// ============================================\n// Configuration Types\n// ============================================\n\nexport interface DouveryAuthConfig {\n /** OAuth Client ID */\n clientId: string;\n /** Authorization server base URL @default \"https://auth.douvery.com\" */\n issuer?: string;\n /** Redirect URI after authentication */\n redirectUri: string;\n /** Post-logout redirect URI */\n postLogoutRedirectUri?: string;\n /** OAuth scopes to request @default [\"openid\", \"profile\", \"email\"] */\n scopes?: string[];\n /** Token storage strategy @default \"localStorage\" */\n storage?: \"localStorage\" | \"sessionStorage\" | \"memory\" | \"cookie\";\n /** Custom storage implementation */\n customStorage?: TokenStorage;\n /** Auto-refresh tokens before expiry @default true */\n autoRefresh?: boolean;\n /** Seconds before expiry to trigger refresh @default 60 */\n refreshThreshold?: number;\n /** Enable debug logging @default false */\n debug?: boolean;\n}\n\n// ============================================\n// Token Types\n// ============================================\n\nexport interface TokenSet {\n access_token: string;\n token_type: string;\n expires_in: number;\n refresh_token?: string;\n id_token?: string;\n scope?: string;\n}\n\nexport interface TokenInfo {\n accessToken: string;\n refreshToken?: string;\n idToken?: string;\n expiresAt: number;\n tokenType: string;\n scope: string[];\n}\n\nexport interface DecodedIdToken {\n iss: string;\n sub: string;\n aud: string;\n exp: number;\n iat: number;\n auth_time?: number;\n nonce?: string;\n acr?: string;\n amr?: string[];\n azp?: string;\n at_hash?: string;\n c_hash?: string;\n name?: string;\n given_name?: string;\n family_name?: string;\n middle_name?: string;\n nickname?: string;\n preferred_username?: string;\n profile?: string;\n picture?: string;\n website?: string;\n email?: string;\n email_verified?: boolean;\n gender?: string;\n birthdate?: string;\n zoneinfo?: string;\n locale?: string;\n phone_number?: string;\n phone_number_verified?: boolean;\n address?: {\n formatted?: string;\n street_address?: string;\n locality?: string;\n region?: string;\n postal_code?: string;\n country?: string;\n };\n updated_at?: number;\n [key: string]: unknown;\n}\n\n// ============================================\n// User Types\n// ============================================\n\nexport interface User {\n id: string;\n email?: string;\n emailVerified?: boolean;\n name?: string;\n firstName?: string;\n lastName?: string;\n picture?: string;\n phoneNumber?: string;\n phoneNumberVerified?: boolean;\n locale?: string;\n [key: string]: unknown;\n}\n\n// ============================================\n// Auth State Types\n// ============================================\n\nexport type AuthStatus = \"loading\" | \"authenticated\" | \"unauthenticated\";\n\nexport interface AuthState {\n status: AuthStatus;\n user: User | null;\n tokens: TokenInfo | null;\n error: AuthError | null;\n}\n\n// ============================================\n// PKCE Types\n// ============================================\n\nexport interface PKCEPair {\n codeVerifier: string;\n codeChallenge: string;\n codeChallengeMethod: \"S256\";\n}\n\nexport interface AuthorizationParams {\n state: string;\n nonce: string;\n codeVerifier: string;\n codeChallenge: string;\n redirectUri: string;\n}\n\n// ============================================\n// Storage Types\n// ============================================\n\nexport interface TokenStorage {\n get(key: string): string | null | Promise<string | null>;\n set(key: string, value: string): void | Promise<void>;\n remove(key: string): void | Promise<void>;\n clear(): void | Promise<void>;\n}\n\nexport interface StorageKeys {\n accessToken: string;\n refreshToken: string;\n idToken: string;\n expiresAt: string;\n state: string;\n nonce: string;\n codeVerifier: string;\n returnTo: string;\n}\n\n// ============================================\n// Event Types\n// ============================================\n\nexport type AuthEvent =\n | { type: \"INITIALIZED\" }\n | { type: \"LOGIN_STARTED\" }\n | { type: \"LOGIN_SUCCESS\"; user: User; tokens: TokenInfo }\n | { type: \"LOGIN_ERROR\"; error: AuthError }\n | { type: \"LOGOUT_STARTED\" }\n | { type: \"LOGOUT_SUCCESS\" }\n | { type: \"LOGOUT_ERROR\"; error: AuthError }\n | { type: \"TOKEN_REFRESHED\"; tokens: TokenInfo }\n | { type: \"TOKEN_REFRESH_ERROR\"; error: AuthError }\n | { type: \"SESSION_EXPIRED\" };\n\nexport type AuthEventHandler = (event: AuthEvent) => void;\n\n// ============================================\n// Error Types\n// ============================================\n\nexport class AuthError extends Error {\n constructor(\n public code: AuthErrorCode,\n message: string,\n public cause?: Error,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\nexport type AuthErrorCode =\n | \"invalid_request\"\n | \"invalid_client\"\n | \"invalid_grant\"\n | \"unauthorized_client\"\n | \"unsupported_grant_type\"\n | \"invalid_scope\"\n | \"access_denied\"\n | \"server_error\"\n | \"temporarily_unavailable\"\n | \"login_required\"\n | \"consent_required\"\n | \"interaction_required\"\n | \"invalid_token\"\n | \"insufficient_scope\"\n | \"token_expired\"\n | \"token_refresh_failed\"\n | \"pkce_error\"\n | \"state_mismatch\"\n | \"nonce_mismatch\"\n | \"network_error\"\n | \"configuration_error\"\n | \"unknown_error\";\n\n// ============================================\n// Discovery Types\n// ============================================\n\nexport interface OIDCDiscovery {\n issuer: string;\n authorization_endpoint: string;\n token_endpoint: string;\n userinfo_endpoint: string;\n jwks_uri: string;\n revocation_endpoint?: string;\n introspection_endpoint?: string;\n end_session_endpoint?: string;\n registration_endpoint?: string;\n scopes_supported: string[];\n response_types_supported: string[];\n response_modes_supported?: string[];\n grant_types_supported: string[];\n token_endpoint_auth_methods_supported?: string[];\n subject_types_supported: string[];\n id_token_signing_alg_values_supported: string[];\n claims_supported?: string[];\n code_challenge_methods_supported?: string[];\n}\n\n// ============================================\n// Callback Types\n// ============================================\n\nexport interface CallbackParams {\n code?: string;\n state?: string;\n error?: string;\n error_description?: string;\n}\n\nexport interface CallbackResult {\n success: boolean;\n user?: User;\n tokens?: TokenInfo;\n error?: AuthError;\n returnTo?: string;\n}\n\n// ============================================\n// Login Options\n// ============================================\n\nexport interface LoginOptions {\n /** URL to return to after login */\n returnTo?: string;\n /** Additional authorization parameters */\n authorizationParams?: Record<string, string>;\n /** Prompt parameter (none, login, consent, select_account) */\n prompt?: \"none\" | \"login\" | \"consent\" | \"select_account\";\n /** Login hint (email or identifier) */\n loginHint?: string;\n /** UI locales preference */\n uiLocales?: string;\n /** Maximum authentication age in seconds */\n maxAge?: number;\n /** ACR values requested */\n acrValues?: string;\n}\n\nexport interface LogoutOptions {\n /** URL to return to after logout */\n returnTo?: string;\n /** Whether to federate logout (end session at IdP) @default true */\n federated?: boolean;\n /** Only clear local session, don't redirect @default false */\n localOnly?: boolean;\n}\n","/**\n * @douvery/auth - PKCE Utilities\n * RFC 7636 - Proof Key for Code Exchange\n */\n\nimport type { PKCEPair } from \"./types\";\n\n/** Generate a cryptographically random string for use as code_verifier */\nexport function generateCodeVerifier(length: number = 64): string {\n const charset =\n \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~\";\n const randomValues = crypto.getRandomValues(new Uint8Array(length));\n return Array.from(randomValues)\n .map((v) => charset[v % charset.length])\n .join(\"\");\n}\n\n/** Generate a random state parameter for CSRF protection */\nexport function generateState(): string {\n return generateCodeVerifier(32);\n}\n\n/** Generate a random nonce for replay attack protection */\nexport function generateNonce(): string {\n return generateCodeVerifier(32);\n}\n\n/** Create SHA-256 hash and encode as base64url */\nexport async function generateCodeChallenge(verifier: string): Promise<string> {\n const encoder = new TextEncoder();\n const data = encoder.encode(verifier);\n const hashBuffer = await crypto.subtle.digest(\"SHA-256\", data);\n return base64UrlEncode(hashBuffer);\n}\n\n/** Encode ArrayBuffer as base64url (RFC 4648 Section 5) */\nexport function base64UrlEncode(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = \"\";\n for (let i = 0; i < bytes.length; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n const base64 = btoa(binary);\n return base64.replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n}\n\n/** Decode base64url string to ArrayBuffer */\nexport function base64UrlDecode(input: string): ArrayBuffer {\n let base64 = input.replace(/-/g, \"+\").replace(/_/g, \"/\");\n const padding = base64.length % 4;\n if (padding) {\n base64 += \"=\".repeat(4 - padding);\n }\n const binary = atob(base64);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes.buffer;\n}\n\n/** Generate a complete PKCE pair (verifier + challenge) */\nexport async function generatePKCEPair(): Promise<PKCEPair> {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = await generateCodeChallenge(codeVerifier);\n return {\n codeVerifier,\n codeChallenge,\n codeChallengeMethod: \"S256\",\n };\n}\n\n/** Verify a code_verifier against a code_challenge */\nexport async function verifyCodeChallenge(\n verifier: string,\n challenge: string,\n method: \"S256\" | \"plain\" = \"S256\",\n): Promise<boolean> {\n if (method === \"plain\") {\n return verifier === challenge;\n }\n const computedChallenge = await generateCodeChallenge(verifier);\n return computedChallenge === challenge;\n}\n\n/** Parse and decode a JWT token (without verification) */\nexport function decodeJWT<T = Record<string, unknown>>(token: string): T {\n const parts = token.split(\".\");\n if (parts.length !== 3) {\n throw new Error(\"Invalid JWT format\");\n }\n const payload = parts[1];\n const decoded = base64UrlDecode(payload);\n const text = new TextDecoder().decode(decoded);\n return JSON.parse(text) as T;\n}\n\n/** Check if a JWT token is expired */\nexport function isTokenExpired(token: string, clockSkew: number = 60): boolean {\n try {\n const payload = decodeJWT<{ exp?: number }>(token);\n if (!payload.exp) {\n return false;\n }\n const now = Math.floor(Date.now() / 1000);\n return payload.exp < now - clockSkew;\n } catch {\n return true;\n }\n}\n\n/** Get token expiration timestamp */\nexport function getTokenExpiration(token: string): number | null {\n try {\n const payload = decodeJWT<{ exp?: number }>(token);\n return payload.exp ? payload.exp * 1000 : null;\n } catch {\n return null;\n }\n}\n","/**\n * @douvery/auth - Token Storage\n * Abstraction for token persistence\n */\n\nimport type { TokenStorage, StorageKeys, TokenInfo } from \"./types\";\n\nconst DEFAULT_PREFIX = \"douvery_auth\";\n\nexport const STORAGE_KEYS: StorageKeys = {\n accessToken: `${DEFAULT_PREFIX}_access_token`,\n refreshToken: `${DEFAULT_PREFIX}_refresh_token`,\n idToken: `${DEFAULT_PREFIX}_id_token`,\n expiresAt: `${DEFAULT_PREFIX}_expires_at`,\n state: `${DEFAULT_PREFIX}_state`,\n nonce: `${DEFAULT_PREFIX}_nonce`,\n codeVerifier: `${DEFAULT_PREFIX}_code_verifier`,\n returnTo: `${DEFAULT_PREFIX}_return_to`,\n};\n\n/** In-memory storage implementation */\nexport class MemoryStorage implements TokenStorage {\n private store = new Map<string, string>();\n\n get(key: string): string | null {\n return this.store.get(key) ?? null;\n }\n\n set(key: string, value: string): void {\n this.store.set(key, value);\n }\n\n remove(key: string): void {\n this.store.delete(key);\n }\n\n clear(): void {\n this.store.clear();\n }\n}\n\n/** LocalStorage implementation */\nexport class LocalStorage implements TokenStorage {\n get(key: string): string | null {\n if (typeof window === \"undefined\") return null;\n return localStorage.getItem(key);\n }\n\n set(key: string, value: string): void {\n if (typeof window === \"undefined\") return;\n localStorage.setItem(key, value);\n }\n\n remove(key: string): void {\n if (typeof window === \"undefined\") return;\n localStorage.removeItem(key);\n }\n\n clear(): void {\n if (typeof window === \"undefined\") return;\n Object.values(STORAGE_KEYS).forEach((key) => {\n localStorage.removeItem(key);\n });\n }\n}\n\n/** SessionStorage implementation */\nexport class SessionStorage implements TokenStorage {\n get(key: string): string | null {\n if (typeof window === \"undefined\") return null;\n return sessionStorage.getItem(key);\n }\n\n set(key: string, value: string): void {\n if (typeof window === \"undefined\") return;\n sessionStorage.setItem(key, value);\n }\n\n remove(key: string): void {\n if (typeof window === \"undefined\") return;\n sessionStorage.removeItem(key);\n }\n\n clear(): void {\n if (typeof window === \"undefined\") return;\n Object.values(STORAGE_KEYS).forEach((key) => {\n sessionStorage.removeItem(key);\n });\n }\n}\n\n/** Cookie storage implementation (for SSR compatibility) */\nexport class CookieStorage implements TokenStorage {\n constructor(\n private options: {\n path?: string;\n domain?: string;\n secure?: boolean;\n sameSite?: \"Strict\" | \"Lax\" | \"None\";\n maxAge?: number;\n } = {},\n ) {\n this.options = { path: \"/\", secure: true, sameSite: \"Lax\", ...options };\n }\n\n get(key: string): string | null {\n if (typeof document === \"undefined\") return null;\n const cookies = document.cookie.split(\";\");\n for (const cookie of cookies) {\n const [name, value] = cookie.trim().split(\"=\");\n if (name === key) {\n return decodeURIComponent(value);\n }\n }\n return null;\n }\n\n set(key: string, value: string): void {\n if (typeof document === \"undefined\") return;\n const parts = [\n `${key}=${encodeURIComponent(value)}`,\n `path=${this.options.path}`,\n ];\n if (this.options.domain) parts.push(`domain=${this.options.domain}`);\n if (this.options.secure) parts.push(\"secure\");\n if (this.options.sameSite) parts.push(`samesite=${this.options.sameSite}`);\n if (this.options.maxAge) parts.push(`max-age=${this.options.maxAge}`);\n document.cookie = parts.join(\"; \");\n }\n\n remove(key: string): void {\n if (typeof document === \"undefined\") return;\n document.cookie = `${key}=; path=${this.options.path}; expires=Thu, 01 Jan 1970 00:00:00 GMT`;\n }\n\n clear(): void {\n Object.values(STORAGE_KEYS).forEach((key) => this.remove(key));\n }\n}\n\n/** Create storage instance based on type */\nexport function createStorage(\n type: \"localStorage\" | \"sessionStorage\" | \"memory\" | \"cookie\",\n): TokenStorage {\n switch (type) {\n case \"localStorage\":\n return new LocalStorage();\n case \"sessionStorage\":\n return new SessionStorage();\n case \"cookie\":\n return new CookieStorage();\n case \"memory\":\n default:\n return new MemoryStorage();\n }\n}\n\n/** Token manager for handling token persistence */\nexport class TokenManager {\n constructor(private storage: TokenStorage) {}\n\n async getTokens(): Promise<TokenInfo | null> {\n const accessToken = await this.storage.get(STORAGE_KEYS.accessToken);\n if (!accessToken) return null;\n\n const refreshToken = await this.storage.get(STORAGE_KEYS.refreshToken);\n const idToken = await this.storage.get(STORAGE_KEYS.idToken);\n const expiresAt = await this.storage.get(STORAGE_KEYS.expiresAt);\n\n return {\n accessToken,\n refreshToken: refreshToken ?? undefined,\n idToken: idToken ?? undefined,\n expiresAt: expiresAt ? parseInt(expiresAt, 10) : 0,\n tokenType: \"Bearer\",\n scope: [],\n };\n }\n\n async setTokens(tokens: TokenInfo): Promise<void> {\n await this.storage.set(STORAGE_KEYS.accessToken, tokens.accessToken);\n await this.storage.set(STORAGE_KEYS.expiresAt, tokens.expiresAt.toString());\n if (tokens.refreshToken) {\n await this.storage.set(STORAGE_KEYS.refreshToken, tokens.refreshToken);\n }\n if (tokens.idToken) {\n await this.storage.set(STORAGE_KEYS.idToken, tokens.idToken);\n }\n }\n\n async clearTokens(): Promise<void> {\n await this.storage.remove(STORAGE_KEYS.accessToken);\n await this.storage.remove(STORAGE_KEYS.refreshToken);\n await this.storage.remove(STORAGE_KEYS.idToken);\n await this.storage.remove(STORAGE_KEYS.expiresAt);\n }\n\n async saveState(state: string): Promise<void> {\n await this.storage.set(STORAGE_KEYS.state, state);\n }\n\n async getState(): Promise<string | null> {\n return this.storage.get(STORAGE_KEYS.state);\n }\n\n async clearState(): Promise<void> {\n await this.storage.remove(STORAGE_KEYS.state);\n }\n\n async saveNonce(nonce: string): Promise<void> {\n await this.storage.set(STORAGE_KEYS.nonce, nonce);\n }\n\n async getNonce(): Promise<string | null> {\n return this.storage.get(STORAGE_KEYS.nonce);\n }\n\n async clearNonce(): Promise<void> {\n await this.storage.remove(STORAGE_KEYS.nonce);\n }\n\n async saveCodeVerifier(verifier: string): Promise<void> {\n await this.storage.set(STORAGE_KEYS.codeVerifier, verifier);\n }\n\n async getCodeVerifier(): Promise<string | null> {\n return this.storage.get(STORAGE_KEYS.codeVerifier);\n }\n\n async clearCodeVerifier(): Promise<void> {\n await this.storage.remove(STORAGE_KEYS.codeVerifier);\n }\n\n async saveReturnTo(url: string): Promise<void> {\n await this.storage.set(STORAGE_KEYS.returnTo, url);\n }\n\n async getReturnTo(): Promise<string | null> {\n return this.storage.get(STORAGE_KEYS.returnTo);\n }\n\n async clearReturnTo(): Promise<void> {\n await this.storage.remove(STORAGE_KEYS.returnTo);\n }\n\n async clearAll(): Promise<void> {\n await this.storage.clear();\n }\n}\n","/**\n * @douvery/auth - Auth Client\n * Main OAuth 2.0/OIDC client implementation\n */\n\nimport type {\n DouveryAuthConfig,\n TokenSet,\n TokenInfo,\n User,\n AuthState,\n AuthEvent,\n AuthEventHandler,\n OIDCDiscovery,\n CallbackResult,\n LoginOptions,\n LogoutOptions,\n DecodedIdToken,\n} from \"./types\";\nimport { AuthError } from \"./types\";\nimport {\n generatePKCEPair,\n generateState,\n generateNonce,\n decodeJWT,\n isTokenExpired,\n} from \"./pkce\";\nimport { createStorage, TokenManager } from \"./storage\";\n\nconst DEFAULT_ISSUER = \"https://auth.douvery.com\";\nconst DEFAULT_SCOPES = [\"openid\", \"profile\", \"email\"];\n\nexport class DouveryAuthClient {\n private config: Required<\n Pick<DouveryAuthConfig, \"clientId\" | \"issuer\" | \"redirectUri\" | \"scopes\">\n > &\n DouveryAuthConfig;\n private tokenManager: TokenManager;\n private discovery: OIDCDiscovery | null = null;\n private eventHandlers: Set<AuthEventHandler> = new Set();\n private refreshTimer: ReturnType<typeof setTimeout> | null = null;\n private state: AuthState = {\n status: \"loading\",\n user: null,\n tokens: null,\n error: null,\n };\n\n constructor(config: DouveryAuthConfig) {\n this.config = {\n issuer: DEFAULT_ISSUER,\n scopes: DEFAULT_SCOPES,\n storage: \"localStorage\",\n autoRefresh: true,\n refreshThreshold: 60,\n debug: false,\n ...config,\n };\n\n const storage =\n config.customStorage ??\n createStorage(this.config.storage ?? \"localStorage\");\n this.tokenManager = new TokenManager(storage);\n }\n\n /** Initialize the auth client */\n async initialize(): Promise<AuthState> {\n this.log(\"Initializing auth client...\");\n\n try {\n if (this.isCallback()) {\n this.log(\"Handling OAuth callback...\");\n const result = await this.handleCallback();\n if (result.success && result.user && result.tokens) {\n this.updateState({\n status: \"authenticated\",\n user: result.user,\n tokens: result.tokens,\n error: null,\n });\n this.setupAutoRefresh();\n } else {\n this.updateState({\n status: \"unauthenticated\",\n user: null,\n tokens: null,\n error: result.error ?? null,\n });\n }\n } else {\n const tokens = await this.tokenManager.getTokens();\n if (tokens && tokens.accessToken) {\n if (!isTokenExpired(tokens.accessToken)) {\n this.log(\"Found valid existing session\");\n const user = await this.fetchUser(tokens.accessToken);\n this.updateState({\n status: \"authenticated\",\n user,\n tokens,\n error: null,\n });\n this.setupAutoRefresh();\n } else if (tokens.refreshToken) {\n this.log(\"Access token expired, attempting refresh...\");\n await this.refreshTokens();\n } else {\n this.log(\"Session expired, no refresh token\");\n await this.tokenManager.clearTokens();\n this.updateState({\n status: \"unauthenticated\",\n user: null,\n tokens: null,\n error: null,\n });\n }\n } else {\n this.log(\"No existing session found\");\n this.updateState({\n status: \"unauthenticated\",\n user: null,\n tokens: null,\n error: null,\n });\n }\n }\n\n this.emit({ type: \"INITIALIZED\" });\n } catch (error) {\n this.log(\"Initialization error:\", error);\n this.updateState({\n status: \"unauthenticated\",\n user: null,\n tokens: null,\n error:\n error instanceof AuthError\n ? error\n : new AuthError(\n \"unknown_error\",\n \"Initialization failed\",\n error as Error,\n ),\n });\n }\n\n return this.state;\n }\n\n /** Start the login flow */\n async login(options: LoginOptions = {}): Promise<void> {\n this.log(\"Starting login flow...\");\n this.emit({ type: \"LOGIN_STARTED\" });\n\n try {\n const discovery = await this.getDiscovery();\n const pkce = await generatePKCEPair();\n const state = generateState();\n const nonce = generateNonce();\n\n await this.tokenManager.saveState(state);\n await this.tokenManager.saveNonce(nonce);\n await this.tokenManager.saveCodeVerifier(pkce.codeVerifier);\n\n if (options.returnTo) {\n await this.tokenManager.saveReturnTo(options.returnTo);\n }\n\n const params = new URLSearchParams({\n response_type: \"code\",\n client_id: this.config.clientId,\n redirect_uri: this.config.redirectUri,\n scope: this.config.scopes!.join(\" \"),\n state,\n nonce,\n code_challenge: pkce.codeChallenge,\n code_challenge_method: pkce.codeChallengeMethod,\n ...options.authorizationParams,\n });\n\n if (options.prompt) params.set(\"prompt\", options.prompt);\n if (options.loginHint) params.set(\"login_hint\", options.loginHint);\n if (options.uiLocales) params.set(\"ui_locales\", options.uiLocales);\n if (options.maxAge !== undefined)\n params.set(\"max_age\", options.maxAge.toString());\n if (options.acrValues) params.set(\"acr_values\", options.acrValues);\n\n const authUrl = `${discovery.authorization_endpoint}?${params}`;\n this.log(\"Redirecting to:\", authUrl);\n\n window.location.href = authUrl;\n } catch (error) {\n const authError =\n error instanceof AuthError\n ? error\n : new AuthError(\n \"configuration_error\",\n \"Login failed\",\n error as Error,\n );\n this.emit({ type: \"LOGIN_ERROR\", error: authError });\n throw authError;\n }\n }\n\n /** Logout the user */\n async logout(options: LogoutOptions = {}): Promise<void> {\n this.log(\"Starting logout...\");\n this.emit({ type: \"LOGOUT_STARTED\" });\n\n try {\n await this.tokenManager.clearAll();\n this.clearAutoRefresh();\n\n this.updateState({\n status: \"unauthenticated\",\n user: null,\n tokens: null,\n error: null,\n });\n\n if (options.localOnly) {\n this.emit({ type: \"LOGOUT_SUCCESS\" });\n return;\n }\n\n if (options.federated !== false) {\n const discovery = await this.getDiscovery();\n if (discovery.end_session_endpoint) {\n const params = new URLSearchParams();\n if (this.state.tokens?.idToken) {\n params.set(\"id_token_hint\", this.state.tokens.idToken);\n }\n if (options.returnTo || this.config.postLogoutRedirectUri) {\n params.set(\n \"post_logout_redirect_uri\",\n options.returnTo || this.config.postLogoutRedirectUri!,\n );\n }\n params.set(\"client_id\", this.config.clientId);\n\n const logoutUrl = `${discovery.end_session_endpoint}?${params}`;\n this.log(\"Redirecting to logout:\", logoutUrl);\n window.location.href = logoutUrl;\n return;\n }\n }\n\n this.emit({ type: \"LOGOUT_SUCCESS\" });\n\n if (options.returnTo) {\n window.location.href = options.returnTo;\n }\n } catch (error) {\n const authError =\n error instanceof AuthError\n ? error\n : new AuthError(\"unknown_error\", \"Logout failed\", error as Error);\n this.emit({ type: \"LOGOUT_ERROR\", error: authError });\n throw authError;\n }\n }\n\n /** Check if current URL is an OAuth callback */\n isCallback(): boolean {\n if (typeof window === \"undefined\") return false;\n const params = new URLSearchParams(window.location.search);\n return params.has(\"code\") || params.has(\"error\");\n }\n\n /** Handle the OAuth callback */\n async handleCallback(): Promise<CallbackResult> {\n this.log(\"Processing callback...\");\n\n if (typeof window === \"undefined\") {\n return {\n success: false,\n error: new AuthError(\n \"configuration_error\",\n \"Cannot handle callback on server\",\n ),\n };\n }\n\n const params = new URLSearchParams(window.location.search);\n const code = params.get(\"code\");\n const stateParam = params.get(\"state\");\n const errorParam = params.get(\"error\");\n const errorDescription = params.get(\"error_description\");\n\n if (errorParam) {\n const error = new AuthError(\n errorParam as any,\n errorDescription ?? \"Authorization failed\",\n );\n return { success: false, error };\n }\n\n const savedState = await this.tokenManager.getState();\n if (!stateParam || stateParam !== savedState) {\n return {\n success: false,\n error: new AuthError(\"state_mismatch\", \"State parameter mismatch\"),\n };\n }\n\n if (!code) {\n return {\n success: false,\n error: new AuthError(\n \"invalid_request\",\n \"No authorization code received\",\n ),\n };\n }\n\n const codeVerifier = await this.tokenManager.getCodeVerifier();\n if (!codeVerifier) {\n return {\n success: false,\n error: new AuthError(\"pkce_error\", \"No code verifier found\"),\n };\n }\n\n try {\n const tokens = await this.exchangeCode(code, codeVerifier);\n await this.tokenManager.setTokens(tokens);\n const user = await this.fetchUser(tokens.accessToken);\n const returnTo = await this.tokenManager.getReturnTo();\n\n await this.tokenManager.clearState();\n await this.tokenManager.clearNonce();\n await this.tokenManager.clearCodeVerifier();\n await this.tokenManager.clearReturnTo();\n\n window.history.replaceState({}, \"\", window.location.pathname);\n\n this.emit({ type: \"LOGIN_SUCCESS\", user, tokens });\n\n return { success: true, user, tokens, returnTo: returnTo ?? undefined };\n } catch (error) {\n const authError =\n error instanceof AuthError\n ? error\n : new AuthError(\n \"invalid_grant\",\n \"Token exchange failed\",\n error as Error,\n );\n this.emit({ type: \"LOGIN_ERROR\", error: authError });\n return { success: false, error: authError };\n }\n }\n\n private async exchangeCode(\n code: string,\n codeVerifier: string,\n ): Promise<TokenInfo> {\n const discovery = await this.getDiscovery();\n\n const response = await fetch(discovery.token_endpoint, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({\n grant_type: \"authorization_code\",\n code,\n redirect_uri: this.config.redirectUri,\n client_id: this.config.clientId,\n code_verifier: codeVerifier,\n }),\n });\n\n if (!response.ok) {\n const error = await response.json().catch(() => ({}));\n throw new AuthError(\n error.error ?? \"invalid_grant\",\n error.error_description ?? \"Token exchange failed\",\n );\n }\n\n const tokenSet: TokenSet = await response.json();\n return this.tokenSetToInfo(tokenSet);\n }\n\n /** Refresh the access token */\n async refreshTokens(): Promise<TokenInfo> {\n this.log(\"Refreshing tokens...\");\n\n const tokens = await this.tokenManager.getTokens();\n if (!tokens?.refreshToken) {\n throw new AuthError(\"token_refresh_failed\", \"No refresh token available\");\n }\n\n const discovery = await this.getDiscovery();\n\n const response = await fetch(discovery.token_endpoint, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({\n grant_type: \"refresh_token\",\n refresh_token: tokens.refreshToken,\n client_id: this.config.clientId,\n }),\n });\n\n if (!response.ok) {\n const error = await response.json().catch(() => ({}));\n const authError = new AuthError(\n error.error ?? \"token_refresh_failed\",\n error.error_description ?? \"Token refresh failed\",\n );\n this.emit({ type: \"TOKEN_REFRESH_ERROR\", error: authError });\n await this.tokenManager.clearTokens();\n this.updateState({\n status: \"unauthenticated\",\n user: null,\n tokens: null,\n error: authError,\n });\n this.emit({ type: \"SESSION_EXPIRED\" });\n throw authError;\n }\n\n const tokenSet: TokenSet = await response.json();\n const newTokens = this.tokenSetToInfo(tokenSet);\n await this.tokenManager.setTokens(newTokens);\n\n const user = newTokens.idToken\n ? this.extractUserFromIdToken(newTokens.idToken)\n : this.state.user;\n\n this.updateState({ ...this.state, tokens: newTokens, user });\n this.emit({ type: \"TOKEN_REFRESHED\", tokens: newTokens });\n this.setupAutoRefresh();\n\n return newTokens;\n }\n\n /** Get current access token (auto-refreshes if needed) */\n async getAccessToken(): Promise<string | null> {\n const tokens = await this.tokenManager.getTokens();\n if (!tokens) return null;\n\n if (isTokenExpired(tokens.accessToken)) {\n if (tokens.refreshToken) {\n const newTokens = await this.refreshTokens();\n return newTokens.accessToken;\n }\n return null;\n }\n\n return tokens.accessToken;\n }\n\n private tokenSetToInfo(tokenSet: TokenSet): TokenInfo {\n return {\n accessToken: tokenSet.access_token,\n refreshToken: tokenSet.refresh_token,\n idToken: tokenSet.id_token,\n expiresAt: Date.now() + tokenSet.expires_in * 1000,\n tokenType: tokenSet.token_type,\n scope: tokenSet.scope?.split(\" \") ?? [],\n };\n }\n\n private async fetchUser(accessToken: string): Promise<User> {\n const discovery = await this.getDiscovery();\n\n const response = await fetch(discovery.userinfo_endpoint, {\n headers: { Authorization: `Bearer ${accessToken}` },\n });\n\n if (!response.ok) {\n throw new AuthError(\"invalid_token\", \"Failed to fetch user info\");\n }\n\n const userInfo = await response.json();\n return this.normalizeUser(userInfo);\n }\n\n private extractUserFromIdToken(idToken: string): User {\n const claims = decodeJWT<DecodedIdToken>(idToken);\n return this.normalizeUser(claims);\n }\n\n private normalizeUser(claims: Record<string, unknown>): User {\n return {\n id: claims.sub as string,\n email: claims.email as string | undefined,\n emailVerified: claims.email_verified as boolean | undefined,\n name: claims.name as string | undefined,\n firstName: claims.given_name as string | undefined,\n lastName: claims.family_name as string | undefined,\n picture: claims.picture as string | undefined,\n phoneNumber: claims.phone_number as string | undefined,\n phoneNumberVerified: claims.phone_number_verified as boolean | undefined,\n locale: claims.locale as string | undefined,\n ...claims,\n };\n }\n\n private async getDiscovery(): Promise<OIDCDiscovery> {\n if (this.discovery) return this.discovery;\n const discoveryUrl = `${this.config.issuer}/.well-known/openid-configuration`;\n const response = await fetch(discoveryUrl);\n if (!response.ok) {\n throw new AuthError(\n \"configuration_error\",\n \"Failed to fetch discovery document\",\n );\n }\n this.discovery = await response.json();\n return this.discovery!;\n }\n\n private setupAutoRefresh(): void {\n if (!this.config.autoRefresh || !this.state.tokens) return;\n this.clearAutoRefresh();\n const expiresIn = this.state.tokens.expiresAt - Date.now();\n const refreshIn = expiresIn - this.config.refreshThreshold! * 1000;\n if (refreshIn > 0) {\n this.log(`Scheduling token refresh in ${Math.round(refreshIn / 1000)}s`);\n this.refreshTimer = setTimeout(() => {\n this.refreshTokens().catch((error) =>\n this.log(\"Auto-refresh failed:\", error),\n );\n }, refreshIn);\n }\n }\n\n private clearAutoRefresh(): void {\n if (this.refreshTimer) {\n clearTimeout(this.refreshTimer);\n this.refreshTimer = null;\n }\n }\n\n getState(): AuthState {\n return { ...this.state };\n }\n\n isAuthenticated(): boolean {\n return this.state.status === \"authenticated\";\n }\n\n getUser(): User | null {\n return this.state.user;\n }\n\n subscribe(handler: AuthEventHandler): () => void {\n this.eventHandlers.add(handler);\n return () => this.eventHandlers.delete(handler);\n }\n\n private updateState(newState: AuthState): void {\n this.state = newState;\n }\n\n private emit(event: AuthEvent): void {\n this.eventHandlers.forEach((handler) => {\n try {\n handler(event);\n } catch (error) {\n console.error(\"Event handler error:\", error);\n }\n });\n }\n\n private log(...args: unknown[]): void {\n if (this.config.debug) {\n console.log(\"[DouveryAuth]\", ...args);\n }\n }\n}\n\n/** Create a new DouveryAuthClient instance */\nexport function createDouveryAuth(\n config: DouveryAuthConfig,\n): DouveryAuthClient {\n return new DouveryAuthClient(config);\n}\n"]}
|
|
@@ -0,0 +1,197 @@
|
|
|
1
|
+
import * as _builder_io_qwik from '@builder.io/qwik';
|
|
2
|
+
import { Signal } from '@builder.io/qwik';
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* @douvery/auth - Core Types
|
|
6
|
+
* OAuth 2.0/OIDC type definitions
|
|
7
|
+
*/
|
|
8
|
+
interface DouveryAuthConfig {
|
|
9
|
+
/** OAuth Client ID */
|
|
10
|
+
clientId: string;
|
|
11
|
+
/** Authorization server base URL @default "https://auth.douvery.com" */
|
|
12
|
+
issuer?: string;
|
|
13
|
+
/** Redirect URI after authentication */
|
|
14
|
+
redirectUri: string;
|
|
15
|
+
/** Post-logout redirect URI */
|
|
16
|
+
postLogoutRedirectUri?: string;
|
|
17
|
+
/** OAuth scopes to request @default ["openid", "profile", "email"] */
|
|
18
|
+
scopes?: string[];
|
|
19
|
+
/** Token storage strategy @default "localStorage" */
|
|
20
|
+
storage?: "localStorage" | "sessionStorage" | "memory" | "cookie";
|
|
21
|
+
/** Custom storage implementation */
|
|
22
|
+
customStorage?: TokenStorage;
|
|
23
|
+
/** Auto-refresh tokens before expiry @default true */
|
|
24
|
+
autoRefresh?: boolean;
|
|
25
|
+
/** Seconds before expiry to trigger refresh @default 60 */
|
|
26
|
+
refreshThreshold?: number;
|
|
27
|
+
/** Enable debug logging @default false */
|
|
28
|
+
debug?: boolean;
|
|
29
|
+
}
|
|
30
|
+
interface TokenInfo {
|
|
31
|
+
accessToken: string;
|
|
32
|
+
refreshToken?: string;
|
|
33
|
+
idToken?: string;
|
|
34
|
+
expiresAt: number;
|
|
35
|
+
tokenType: string;
|
|
36
|
+
scope: string[];
|
|
37
|
+
}
|
|
38
|
+
interface User {
|
|
39
|
+
id: string;
|
|
40
|
+
email?: string;
|
|
41
|
+
emailVerified?: boolean;
|
|
42
|
+
name?: string;
|
|
43
|
+
firstName?: string;
|
|
44
|
+
lastName?: string;
|
|
45
|
+
picture?: string;
|
|
46
|
+
phoneNumber?: string;
|
|
47
|
+
phoneNumberVerified?: boolean;
|
|
48
|
+
locale?: string;
|
|
49
|
+
[key: string]: unknown;
|
|
50
|
+
}
|
|
51
|
+
type AuthStatus = "loading" | "authenticated" | "unauthenticated";
|
|
52
|
+
interface AuthState {
|
|
53
|
+
status: AuthStatus;
|
|
54
|
+
user: User | null;
|
|
55
|
+
tokens: TokenInfo | null;
|
|
56
|
+
error: AuthError | null;
|
|
57
|
+
}
|
|
58
|
+
interface TokenStorage {
|
|
59
|
+
get(key: string): string | null | Promise<string | null>;
|
|
60
|
+
set(key: string, value: string): void | Promise<void>;
|
|
61
|
+
remove(key: string): void | Promise<void>;
|
|
62
|
+
clear(): void | Promise<void>;
|
|
63
|
+
}
|
|
64
|
+
type AuthEvent = {
|
|
65
|
+
type: "INITIALIZED";
|
|
66
|
+
} | {
|
|
67
|
+
type: "LOGIN_STARTED";
|
|
68
|
+
} | {
|
|
69
|
+
type: "LOGIN_SUCCESS";
|
|
70
|
+
user: User;
|
|
71
|
+
tokens: TokenInfo;
|
|
72
|
+
} | {
|
|
73
|
+
type: "LOGIN_ERROR";
|
|
74
|
+
error: AuthError;
|
|
75
|
+
} | {
|
|
76
|
+
type: "LOGOUT_STARTED";
|
|
77
|
+
} | {
|
|
78
|
+
type: "LOGOUT_SUCCESS";
|
|
79
|
+
} | {
|
|
80
|
+
type: "LOGOUT_ERROR";
|
|
81
|
+
error: AuthError;
|
|
82
|
+
} | {
|
|
83
|
+
type: "TOKEN_REFRESHED";
|
|
84
|
+
tokens: TokenInfo;
|
|
85
|
+
} | {
|
|
86
|
+
type: "TOKEN_REFRESH_ERROR";
|
|
87
|
+
error: AuthError;
|
|
88
|
+
} | {
|
|
89
|
+
type: "SESSION_EXPIRED";
|
|
90
|
+
};
|
|
91
|
+
type AuthEventHandler = (event: AuthEvent) => void;
|
|
92
|
+
declare class AuthError extends Error {
|
|
93
|
+
code: AuthErrorCode;
|
|
94
|
+
cause?: Error | undefined;
|
|
95
|
+
constructor(code: AuthErrorCode, message: string, cause?: Error | undefined);
|
|
96
|
+
}
|
|
97
|
+
type AuthErrorCode = "invalid_request" | "invalid_client" | "invalid_grant" | "unauthorized_client" | "unsupported_grant_type" | "invalid_scope" | "access_denied" | "server_error" | "temporarily_unavailable" | "login_required" | "consent_required" | "interaction_required" | "invalid_token" | "insufficient_scope" | "token_expired" | "token_refresh_failed" | "pkce_error" | "state_mismatch" | "nonce_mismatch" | "network_error" | "configuration_error" | "unknown_error";
|
|
98
|
+
interface CallbackResult {
|
|
99
|
+
success: boolean;
|
|
100
|
+
user?: User;
|
|
101
|
+
tokens?: TokenInfo;
|
|
102
|
+
error?: AuthError;
|
|
103
|
+
returnTo?: string;
|
|
104
|
+
}
|
|
105
|
+
interface LoginOptions {
|
|
106
|
+
/** URL to return to after login */
|
|
107
|
+
returnTo?: string;
|
|
108
|
+
/** Additional authorization parameters */
|
|
109
|
+
authorizationParams?: Record<string, string>;
|
|
110
|
+
/** Prompt parameter (none, login, consent, select_account) */
|
|
111
|
+
prompt?: "none" | "login" | "consent" | "select_account";
|
|
112
|
+
/** Login hint (email or identifier) */
|
|
113
|
+
loginHint?: string;
|
|
114
|
+
/** UI locales preference */
|
|
115
|
+
uiLocales?: string;
|
|
116
|
+
/** Maximum authentication age in seconds */
|
|
117
|
+
maxAge?: number;
|
|
118
|
+
/** ACR values requested */
|
|
119
|
+
acrValues?: string;
|
|
120
|
+
}
|
|
121
|
+
interface LogoutOptions {
|
|
122
|
+
/** URL to return to after logout */
|
|
123
|
+
returnTo?: string;
|
|
124
|
+
/** Whether to federate logout (end session at IdP) @default true */
|
|
125
|
+
federated?: boolean;
|
|
126
|
+
/** Only clear local session, don't redirect @default false */
|
|
127
|
+
localOnly?: boolean;
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
/**
|
|
131
|
+
* @douvery/auth - Auth Client
|
|
132
|
+
* Main OAuth 2.0/OIDC client implementation
|
|
133
|
+
*/
|
|
134
|
+
|
|
135
|
+
declare class DouveryAuthClient {
|
|
136
|
+
private config;
|
|
137
|
+
private tokenManager;
|
|
138
|
+
private discovery;
|
|
139
|
+
private eventHandlers;
|
|
140
|
+
private refreshTimer;
|
|
141
|
+
private state;
|
|
142
|
+
constructor(config: DouveryAuthConfig);
|
|
143
|
+
/** Initialize the auth client */
|
|
144
|
+
initialize(): Promise<AuthState>;
|
|
145
|
+
/** Start the login flow */
|
|
146
|
+
login(options?: LoginOptions): Promise<void>;
|
|
147
|
+
/** Logout the user */
|
|
148
|
+
logout(options?: LogoutOptions): Promise<void>;
|
|
149
|
+
/** Check if current URL is an OAuth callback */
|
|
150
|
+
isCallback(): boolean;
|
|
151
|
+
/** Handle the OAuth callback */
|
|
152
|
+
handleCallback(): Promise<CallbackResult>;
|
|
153
|
+
private exchangeCode;
|
|
154
|
+
/** Refresh the access token */
|
|
155
|
+
refreshTokens(): Promise<TokenInfo>;
|
|
156
|
+
/** Get current access token (auto-refreshes if needed) */
|
|
157
|
+
getAccessToken(): Promise<string | null>;
|
|
158
|
+
private tokenSetToInfo;
|
|
159
|
+
private fetchUser;
|
|
160
|
+
private extractUserFromIdToken;
|
|
161
|
+
private normalizeUser;
|
|
162
|
+
private getDiscovery;
|
|
163
|
+
private setupAutoRefresh;
|
|
164
|
+
private clearAutoRefresh;
|
|
165
|
+
getState(): AuthState;
|
|
166
|
+
isAuthenticated(): boolean;
|
|
167
|
+
getUser(): User | null;
|
|
168
|
+
subscribe(handler: AuthEventHandler): () => void;
|
|
169
|
+
private updateState;
|
|
170
|
+
private emit;
|
|
171
|
+
private log;
|
|
172
|
+
}
|
|
173
|
+
/** Create a new DouveryAuthClient instance */
|
|
174
|
+
declare function createDouveryAuth(config: DouveryAuthConfig): DouveryAuthClient;
|
|
175
|
+
|
|
176
|
+
interface DouveryAuthContextValue {
|
|
177
|
+
state: Signal<AuthState>;
|
|
178
|
+
isInitialized: Signal<boolean>;
|
|
179
|
+
isLoading: Signal<boolean>;
|
|
180
|
+
error: Signal<Error | null>;
|
|
181
|
+
client: DouveryAuthClient;
|
|
182
|
+
}
|
|
183
|
+
declare const DouveryAuthContext: _builder_io_qwik.ContextId<DouveryAuthContextValue>;
|
|
184
|
+
interface DouveryAuthProviderProps {
|
|
185
|
+
config: DouveryAuthConfig;
|
|
186
|
+
}
|
|
187
|
+
declare const DouveryAuthProvider: _builder_io_qwik.Component<DouveryAuthProviderProps>;
|
|
188
|
+
declare function useDouveryAuth(): DouveryAuthContextValue;
|
|
189
|
+
declare function useUser(): Signal<User | null>;
|
|
190
|
+
declare function useIsAuthenticated(): Signal<boolean>;
|
|
191
|
+
declare function useAuthActions(): {
|
|
192
|
+
login: (options?: LoginOptions) => Promise<void>;
|
|
193
|
+
logout: (options?: LogoutOptions) => Promise<void>;
|
|
194
|
+
isLoading: Signal<boolean>;
|
|
195
|
+
};
|
|
196
|
+
|
|
197
|
+
export { type AuthState, DouveryAuthClient, type DouveryAuthConfig, DouveryAuthContext, DouveryAuthProvider, type DouveryAuthProviderProps, type LoginOptions, type LogoutOptions, type User, createDouveryAuth, useAuthActions, useDouveryAuth, useIsAuthenticated, useUser };
|