@hammadj/better-auth-core 1.5.0-beta.9

package/dist/social-providers/tiktok.d.mts

@@ -0,0 +1,171 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/tiktok.d.ts
+/**
+ * [More info](https://developers.tiktok.com/doc/tiktok-api-v2-get-user-info/)
+ */
+interface TiktokProfile extends Record<string, any> {
+  data: {
+    user: {
+      /**
+       * The unique identification of the user in the current application.Open id
+       * for the client.
+       *
+       * To return this field, add `fields=open_id` in the user profile request's query parameter.
+       */
+      open_id: string;
+      /**
+       * The unique identification of the user across different apps for the same developer.
+       * For example, if a partner has X number of clients,
+       * it will get X number of open_id for the same TikTok user,
+       * but one persistent union_id for the particular user.
+       *
+       * To return this field, add `fields=union_id` in the user profile request's query parameter.
+       */
+      union_id?: string | undefined;
+      /**
+       * User's profile image.
+       *
+       * To return this field, add `fields=avatar_url` in the user profile request's query parameter.
+       */
+      avatar_url?: string | undefined;
+      /**
+       * User`s profile image in 100x100 size.
+       *
+       * To return this field, add `fields=avatar_url_100` in the user profile request's query parameter.
+       */
+      avatar_url_100?: string | undefined;
+      /**
+       * User's profile image with higher resolution
+       *
+       * To return this field, add `fields=avatar_url_100` in the user profile request's query parameter.
+       */
+      avatar_large_url: string;
+      /**
+       * User's profile name
+       *
+       * To return this field, add `fields=display_name` in the user profile request's query parameter.
+       */
+      display_name: string;
+      /**
+       * User's username.
+       *
+       * To return this field, add `fields=username` in the user profile request's query parameter.
+       */
+      username: string; /** @note Email is currently unsupported by TikTok  */
+      email?: string | undefined;
+      /**
+       * User's bio description if there is a valid one.
+       *
+       * To return this field, add `fields=bio_description` in the user profile request's query parameter.
+       */
+      bio_description?: string | undefined;
+      /**
+       * The link to user's TikTok profile page.
+       *
+       * To return this field, add `fields=profile_deep_link` in the user profile request's query parameter.
+       */
+      profile_deep_link?: string | undefined;
+      /**
+       * Whether TikTok has provided a verified badge to the account after confirming
+       * that it belongs to the user it represents.
+       *
+       * To return this field, add `fields=is_verified` in the user profile request's query parameter.
+       */
+      is_verified?: boolean | undefined;
+      /**
+       * User's followers count.
+       *
+       * To return this field, add `fields=follower_count` in the user profile request's query parameter.
+       */
+      follower_count?: number | undefined;
+      /**
+       * The number of accounts that the user is following.
+       *
+       * To return this field, add `fields=following_count` in the user profile request's query parameter.
+       */
+      following_count?: number | undefined;
+      /**
+       * The total number of likes received by the user across all of their videos.
+       *
+       * To return this field, add `fields=likes_count` in the user profile request's query parameter.
+       */
+      likes_count?: number | undefined;
+      /**
+       * The total number of publicly posted videos by the user.
+       *
+       * To return this field, add `fields=video_count` in the user profile request's query parameter.
+       */
+      video_count?: number | undefined;
+    };
+  };
+  error?: {
+    /**
+     * The error category in string.
+     */
+    code?: string;
+    /**
+     * The error message in string.
+     */
+    message?: string;
+    /**
+     * The error message in string.
+     */
+    log_id?: string;
+  } | undefined;
+}
+interface TiktokOptions extends ProviderOptions {
+  clientId?: never | undefined;
+  clientSecret: string;
+  clientKey: string;
+}
+declare const tiktok: (options: TiktokOptions) => {
+  id: "tiktok";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): URL;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: TiktokOptions;
+};
+//#endregion
+export { TiktokOptions, TiktokProfile, tiktok };
+//# sourceMappingURL=tiktok.d.mts.map

package/dist/social-providers/tiktok.mjs

@@ -0,0 +1,63 @@
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/tiktok.ts
+const tiktok = (options) => {
+	return {
+		id: "tiktok",
+		name: "TikTok",
+		createAuthorizationURL({ state, scopes, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["user.info.profile"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return new URL(`https://www.tiktok.com/v2/auth/authorize?scope=${_scopes.join(",")}&response_type=code&client_key=${options.clientKey}&redirect_uri=${encodeURIComponent(options.redirectURI || redirectURI)}&state=${state}`);
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI: options.redirectURI || redirectURI,
+				options: {
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://open.tiktokapis.com/v2/oauth/token/"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: { clientSecret: options.clientSecret },
+				tokenEndpoint: "https://open.tiktokapis.com/v2/oauth/token/",
+				authentication: "post",
+				extraParams: { client_key: options.clientKey }
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error } = await betterFetch(`https://open.tiktokapis.com/v2/user/info/?fields=${[
+				"open_id",
+				"avatar_large_url",
+				"display_name",
+				"username"
+			].join(",")}`, { headers: { authorization: `Bearer ${token.accessToken}` } });
+			if (error) return null;
+			return {
+				user: {
+					email: profile.data.user.email || profile.data.user.username,
+					id: profile.data.user.open_id,
+					name: profile.data.user.display_name || profile.data.user.username,
+					image: profile.data.user.avatar_large_url,
+					emailVerified: false
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { tiktok };
+//# sourceMappingURL=tiktok.mjs.map

package/dist/social-providers/tiktok.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"tiktok.mjs","names":[],"sources":["../../src/social-providers/tiktok.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport { refreshAccessToken, validateAuthorizationCode } from \"../oauth2\";\n\n/**\n * [More info](https://developers.tiktok.com/doc/tiktok-api-v2-get-user-info/)\n */\nexport interface TiktokProfile extends Record<string, any> {\n\tdata: {\n\t\tuser: {\n\t\t\t/**\n\t\t\t * The unique identification of the user in the current application.Open id\n\t\t\t * for the client.\n\t\t\t *\n\t\t\t * To return this field, add `fields=open_id` in the user profile request's query parameter.\n\t\t\t */\n\t\t\topen_id: string;\n\t\t\t/**\n\t\t\t * The unique identification of the user across different apps for the same developer.\n\t\t\t * For example, if a partner has X number of clients,\n\t\t\t * it will get X number of open_id for the same TikTok user,\n\t\t\t * but one persistent union_id for the particular user.\n\t\t\t *\n\t\t\t * To return this field, add `fields=union_id` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tunion_id?: string | undefined;\n\t\t\t/**\n\t\t\t * User's profile image.\n\t\t\t *\n\t\t\t * To return this field, add `fields=avatar_url` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tavatar_url?: string | undefined;\n\t\t\t/**\n\t\t\t * User`s profile image in 100x100 size.\n\t\t\t *\n\t\t\t * To return this field, add `fields=avatar_url_100` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tavatar_url_100?: string | undefined;\n\t\t\t/**\n\t\t\t * User's profile image with higher resolution\n\t\t\t *\n\t\t\t * To return this field, add `fields=avatar_url_100` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tavatar_large_url: string;\n\t\t\t/**\n\t\t\t * User's profile name\n\t\t\t *\n\t\t\t * To return this field, add `fields=display_name` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tdisplay_name: string;\n\t\t\t/**\n\t\t\t * User's username.\n\t\t\t *\n\t\t\t * To return this field, add `fields=username` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tusername: string;\n\t\t\t/** @note Email is currently unsupported by TikTok  */\n\t\t\temail?: string | undefined;\n\t\t\t/**\n\t\t\t * User's bio description if there is a valid one.\n\t\t\t *\n\t\t\t * To return this field, add `fields=bio_description` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tbio_description?: string | undefined;\n\t\t\t/**\n\t\t\t * The link to user's TikTok profile page.\n\t\t\t *\n\t\t\t * To return this field, add `fields=profile_deep_link` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tprofile_deep_link?: string | undefined;\n\t\t\t/**\n\t\t\t * Whether TikTok has provided a verified badge to the account after confirming\n\t\t\t * that it belongs to the user it represents.\n\t\t\t *\n\t\t\t * To return this field, add `fields=is_verified` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tis_verified?: boolean | undefined;\n\t\t\t/**\n\t\t\t * User's followers count.\n\t\t\t *\n\t\t\t * To return this field, add `fields=follower_count` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tfollower_count?: number | undefined;\n\t\t\t/**\n\t\t\t * The number of accounts that the user is following.\n\t\t\t *\n\t\t\t * To return this field, add `fields=following_count` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tfollowing_count?: number | undefined;\n\t\t\t/**\n\t\t\t * The total number of likes received by the user across all of their videos.\n\t\t\t *\n\t\t\t * To return this field, add `fields=likes_count` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tlikes_count?: number | undefined;\n\t\t\t/**\n\t\t\t * The total number of publicly posted videos by the user.\n\t\t\t *\n\t\t\t * To return this field, add `fields=video_count` in the user profile request's query parameter.\n\t\t\t */\n\t\t\tvideo_count?: number | undefined;\n\t\t};\n\t};\n\terror?:\n\t\t| {\n\t\t\t\t/**\n\t\t\t\t * The error category in string.\n\t\t\t\t */\n\t\t\t\tcode?: string;\n\t\t\t\t/**\n\t\t\t\t * The error message in string.\n\t\t\t\t */\n\t\t\t\tmessage?: string;\n\t\t\t\t/**\n\t\t\t\t * The error message in string.\n\t\t\t\t */\n\t\t\t\tlog_id?: string;\n\t\t  }\n\t\t| undefined;\n}\n\nexport interface TiktokOptions extends ProviderOptions {\n\t// Client ID is not used in TikTok, we delete it from the options\n\tclientId?: never | undefined;\n\tclientSecret: string;\n\tclientKey: string;\n}\n\nexport const tiktok = (options: TiktokOptions) => {\n\treturn {\n\t\tid: \"tiktok\",\n\t\tname: \"TikTok\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope ? [] : [\"user.info.profile\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn new URL(\n\t\t\t\t`https://www.tiktok.com/v2/auth/authorize?scope=${_scopes.join(\n\t\t\t\t\t\",\",\n\t\t\t\t)}&response_type=code&client_key=${options.clientKey}&redirect_uri=${encodeURIComponent(\n\t\t\t\t\toptions.redirectURI || redirectURI,\n\t\t\t\t)}&state=${state}`,\n\t\t\t);\n\t\t},\n\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI: options.redirectURI || redirectURI,\n\t\t\t\toptions: {\n\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t},\n\t\t\t\ttokenEndpoint: \"https://open.tiktokapis.com/v2/oauth/token/\",\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint: \"https://open.tiktokapis.com/v2/oauth/token/\",\n\t\t\t\t\t\tauthentication: \"post\",\n\t\t\t\t\t\textraParams: {\n\t\t\t\t\t\t\tclient_key: options.clientKey,\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\n\t\t\tconst fields = [\n\t\t\t\t\"open_id\",\n\t\t\t\t\"avatar_large_url\",\n\t\t\t\t\"display_name\",\n\t\t\t\t\"username\",\n\t\t\t];\n\t\t\tconst { data: profile, error } = await betterFetch<TiktokProfile>(\n\t\t\t\t`https://open.tiktokapis.com/v2/user/info/?fields=${fields.join(\",\")}`,\n\t\t\t\t{\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tauthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\temail: profile.data.user.email || profile.data.user.username,\n\t\t\t\t\tid: profile.data.user.open_id,\n\t\t\t\t\tname: profile.data.user.display_name || profile.data.user.username,\n\t\t\t\t\timage: profile.data.user.avatar_large_url,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<TiktokProfile, TiktokOptions>;\n};\n"],"mappings":";;;;;;AAgIA,MAAa,UAAU,YAA2B;AACjD,QAAO;EACN,IAAI;EACJ,MAAM;EACN,uBAAuB,EAAE,OAAO,QAAQ,eAAe;GACtD,MAAM,UAAU,QAAQ,sBAAsB,EAAE,GAAG,CAAC,oBAAoB;AACxE,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AACnC,UAAO,IAAI,IACV,kDAAkD,QAAQ,KACzD,IACA,CAAC,iCAAiC,QAAQ,UAAU,gBAAgB,mBACpE,QAAQ,eAAe,YACvB,CAAC,SAAS,QACX;;EAGF,2BAA2B,OAAO,EAAE,MAAM,kBAAkB;AAC3D,UAAO,0BAA0B;IAChC;IACA,aAAa,QAAQ,eAAe;IACpC,SAAS;KACR,WAAW,QAAQ;KACnB,cAAc,QAAQ;KACtB;IACD,eAAe;IACf,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS,EACR,cAAc,QAAQ,cACtB;IACD,eAAe;IACf,gBAAgB;IAChB,aAAa,EACZ,YAAY,QAAQ,WACpB;IACD,CAAC;;EAEL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GASlC,MAAM,EAAE,MAAM,SAAS,UAAU,MAAM,YACtC,oDAPc;IACd;IACA;IACA;IACA;IACA,CAE2D,KAAK,IAAI,IACpE,EACC,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B,EACD,CACD;AAED,OAAI,MACH,QAAO;AAGR,UAAO;IACN,MAAM;KACL,OAAO,QAAQ,KAAK,KAAK,SAAS,QAAQ,KAAK,KAAK;KACpD,IAAI,QAAQ,KAAK,KAAK;KACtB,MAAM,QAAQ,KAAK,KAAK,gBAAgB,QAAQ,KAAK,KAAK;KAC1D,OAAO,QAAQ,KAAK,KAAK;KACzB,eAAe;KACf;IACD,MAAM;IACN;;EAEF;EACA"}

package/dist/social-providers/twitch.d.mts

@@ -0,0 +1,82 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/twitch.d.ts
+/**
+ * @see https://dev.twitch.tv/docs/authentication/getting-tokens-oidc/#requesting-claims
+ */
+interface TwitchProfile {
+  /**
+   * The sub of the user
+   */
+  sub: string;
+  /**
+   * The preferred username of the user
+   */
+  preferred_username: string;
+  /**
+   * The email of the user
+   */
+  email: string;
+  /**
+   * Indicate if this user has a verified email.
+   */
+  email_verified: boolean;
+  /**
+   * The picture of the user
+   */
+  picture: string;
+}
+interface TwitchOptions extends ProviderOptions<TwitchProfile> {
+  clientId: string;
+  claims?: string[] | undefined;
+}
+declare const twitch: (options: TwitchOptions) => {
+  id: "twitch";
+  name: string;
+  createAuthorizationURL({
+    state,
+    scopes,
+    redirectURI
+  }: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name?: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: TwitchOptions;
+};
+//#endregion
+export { TwitchOptions, TwitchProfile, twitch };
+//# sourceMappingURL=twitch.d.mts.map

package/dist/social-providers/twitch.mjs

@@ -0,0 +1,79 @@
+import { logger } from "../env/logger.mjs";
+import "../env/index.mjs";
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { decodeJwt } from "jose";
+
+//#region src/social-providers/twitch.ts
+const twitch = (options) => {
+	return {
+		id: "twitch",
+		name: "Twitch",
+		createAuthorizationURL({ state, scopes, redirectURI }) {
+			const _scopes = options.disableDefaultScope ? [] : ["user:read:email", "openid"];
+			if (options.scope) _scopes.push(...options.scope);
+			if (scopes) _scopes.push(...scopes);
+			return createAuthorizationURL({
+				id: "twitch",
+				redirectURI,
+				options,
+				authorizationEndpoint: "https://id.twitch.tv/oauth2/authorize",
+				scopes: _scopes,
+				state,
+				claims: options.claims || [
+					"email",
+					"email_verified",
+					"preferred_username",
+					"picture"
+				]
+			});
+		},
+		validateAuthorizationCode: async ({ code, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				redirectURI,
+				options,
+				tokenEndpoint: "https://id.twitch.tv/oauth2/token"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				tokenEndpoint: "https://id.twitch.tv/oauth2/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const idToken = token.idToken;
+			if (!idToken) {
+				logger.error("No idToken found in token");
+				return null;
+			}
+			const profile = decodeJwt(idToken);
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.sub,
+					name: profile.preferred_username,
+					email: profile.email,
+					image: profile.picture,
+					emailVerified: profile.email_verified,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { twitch };
+//# sourceMappingURL=twitch.mjs.map

package/dist/social-providers/twitch.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"twitch.mjs","names":[],"sources":["../../src/social-providers/twitch.ts"],"sourcesContent":["import { decodeJwt } from \"jose\";\nimport { logger } from \"../env\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\n/**\n * @see https://dev.twitch.tv/docs/authentication/getting-tokens-oidc/#requesting-claims\n */\nexport interface TwitchProfile {\n\t/**\n\t * The sub of the user\n\t */\n\tsub: string;\n\t/**\n\t * The preferred username of the user\n\t */\n\tpreferred_username: string;\n\t/**\n\t * The email of the user\n\t */\n\temail: string;\n\t/**\n\t * Indicate if this user has a verified email.\n\t */\n\temail_verified: boolean;\n\t/**\n\t * The picture of the user\n\t */\n\tpicture: string;\n}\n\nexport interface TwitchOptions extends ProviderOptions<TwitchProfile> {\n\tclientId: string;\n\tclaims?: string[] | undefined;\n}\nexport const twitch = (options: TwitchOptions) => {\n\treturn {\n\t\tid: \"twitch\",\n\t\tname: \"Twitch\",\n\t\tcreateAuthorizationURL({ state, scopes, redirectURI }) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"user:read:email\", \"openid\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (scopes) _scopes.push(...scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"twitch\",\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://id.twitch.tv/oauth2/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate,\n\t\t\t\tclaims: options.claims || [\n\t\t\t\t\t\"email\",\n\t\t\t\t\t\"email_verified\",\n\t\t\t\t\t\"preferred_username\",\n\t\t\t\t\t\"picture\",\n\t\t\t\t],\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint: \"https://id.twitch.tv/oauth2/token\",\n\t\t\t});\n\t\t},\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\ttokenEndpoint: \"https://id.twitch.tv/oauth2/token\",\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst idToken = token.idToken;\n\t\t\tif (!idToken) {\n\t\t\t\tlogger.error(\"No idToken found in token\");\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst profile = decodeJwt(idToken) as TwitchProfile;\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.sub,\n\t\t\t\t\tname: profile.preferred_username,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.picture,\n\t\t\t\t\temailVerified: profile.email_verified,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<TwitchProfile>;\n};\n"],"mappings":";;;;;;;;;AAuCA,MAAa,UAAU,YAA2B;AACjD,QAAO;EACN,IAAI;EACJ,MAAM;EACN,uBAAuB,EAAE,OAAO,QAAQ,eAAe;GACtD,MAAM,UAAU,QAAQ,sBACrB,EAAE,GACF,CAAC,mBAAmB,SAAS;AAChC,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,OAAQ,SAAQ,KAAK,GAAG,OAAO;AACnC,UAAO,uBAAuB;IAC7B,IAAI;IACJ;IACA;IACA,uBAAuB;IACvB,QAAQ;IACR;IACA,QAAQ,QAAQ,UAAU;KACzB;KACA;KACA;KACA;KACA;IACD,CAAC;;EAEH,2BAA2B,OAAO,EAAE,MAAM,kBAAkB;AAC3D,UAAO,0BAA0B;IAChC;IACA;IACA;IACA,eAAe;IACf,CAAC;;EAEH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,WAAW,QAAQ;KACnB,cAAc,QAAQ;KACtB;IACD,eAAe;IACf,CAAC;;EAEL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAElC,MAAM,UAAU,MAAM;AACtB,OAAI,CAAC,SAAS;AACb,WAAO,MAAM,4BAA4B;AACzC,WAAO;;GAER,MAAM,UAAU,UAAU,QAAQ;GAClC,MAAM,UAAU,MAAM,QAAQ,mBAAmB,QAAQ;AACzD,UAAO;IACN,MAAM;KACL,IAAI,QAAQ;KACZ,MAAM,QAAQ;KACd,OAAO,QAAQ;KACf,OAAO,QAAQ;KACf,eAAe,QAAQ;KACvB,GAAG;KACH;IACD,MAAM;IACN;;EAEF;EACA"}

package/dist/social-providers/twitter.d.mts

@@ -0,0 +1,129 @@
+import { OAuth2Tokens, ProviderOptions } from "../oauth2/oauth-provider.mjs";
+import "../oauth2/index.mjs";
+
+//#region src/social-providers/twitter.d.ts
+interface TwitterProfile {
+  data: {
+    /**
+     * Unique identifier of this user. This is returned as a string in order to avoid complications with languages and tools
+     * that cannot handle large integers.
+     */
+    id: string; /** The friendly name of this user, as shown on their profile. */
+    name: string; /** The email address of this user. */
+    email?: string | undefined; /** The Twitter handle (screen name) of this user. */
+    username: string;
+    /**
+     * The location specified in the user's profile, if the user provided one.
+     * As this is a freeform value, it may not indicate a valid location, but it may be fuzzily evaluated when performing searches with location queries.
+     *
+     * To return this field, add `user.fields=location` in the authorization request's query parameter.
+     */
+    location?: string | undefined;
+    /**
+     * This object and its children fields contain details about text that has a special meaning in the user's description.
+     *
+     *To return this field, add `user.fields=entities` in the authorization request's query parameter.
+     */
+    entities?: {
+      /** Contains details about the user's profile website. */url: {
+        /** Contains details about the user's profile website. */urls: Array<{
+          /** The start position (zero-based) of the recognized user's profile website. All start indices are inclusive. */start: number; /** The end position (zero-based) of the recognized user's profile website. This end index is exclusive. */
+          end: number; /** The URL in the format entered by the user. */
+          url: string; /** The fully resolved URL. */
+          expanded_url: string; /** The URL as displayed in the user's profile. */
+          display_url: string;
+        }>;
+      }; /** Contains details about URLs, Hashtags, Cashtags, or mentions located within a user's description. */
+      description: {
+        hashtags: Array<{
+          start: number;
+          end: number;
+          tag: string;
+        }>;
+      };
+    } | undefined;
+    /**
+     * Indicate if this user is a verified Twitter user.
+     *
+     * To return this field, add `user.fields=verified` in the authorization request's query parameter.
+     */
+    verified?: boolean | undefined;
+    /**
+     * The text of this user's profile description (also known as bio), if the user provided one.
+     *
+     * To return this field, add `user.fields=description` in the authorization request's query parameter.
+     */
+    description?: string | undefined;
+    /**
+     * The URL specified in the user's profile, if present.
+     *
+     * To return this field, add `user.fields=url` in the authorization request's query parameter.
+     */
+    url?: string | undefined; /** The URL to the profile image for this user, as shown on the user's profile. */
+    profile_image_url?: string | undefined;
+    protected?: boolean | undefined;
+    /**
+     * Unique identifier of this user's pinned Tweet.
+     *
+     *  You can obtain the expanded object in `includes.tweets` by adding `expansions=pinned_tweet_id` in the authorization request's query parameter.
+     */
+    pinned_tweet_id?: string | undefined;
+    created_at?: string | undefined;
+  };
+  includes?: {
+    tweets?: Array<{
+      id: string;
+      text: string;
+    }>;
+  } | undefined;
+  [claims: string]: unknown;
+}
+interface TwitterOption extends ProviderOptions<TwitterProfile> {
+  clientId: string;
+}
+declare const twitter: (options: TwitterOption) => {
+  id: "twitter";
+  name: string;
+  createAuthorizationURL(data: {
+    state: string;
+    codeVerifier: string;
+    scopes?: string[] | undefined;
+    redirectURI: string;
+    display?: string | undefined;
+    loginHint?: string | undefined;
+  }): Promise<URL>;
+  validateAuthorizationCode: ({
+    code,
+    codeVerifier,
+    redirectURI
+  }: {
+    code: string;
+    redirectURI: string;
+    codeVerifier?: string | undefined;
+    deviceId?: string | undefined;
+  }) => Promise<OAuth2Tokens>;
+  refreshAccessToken: (refreshToken: string) => Promise<OAuth2Tokens>;
+  getUserInfo(token: OAuth2Tokens & {
+    user?: {
+      name? /** The start position (zero-based) of the recognized user's profile website. All start indices are inclusive. */: {
+        firstName?: string;
+        lastName?: string;
+      };
+      email?: string;
+    } | undefined;
+  }): Promise<{
+    user: {
+      id: string;
+      name?: string;
+      email?: string | null;
+      image?: string;
+      emailVerified: boolean;
+      [key: string]: any;
+    };
+    data: any;
+  } | null>;
+  options: TwitterOption;
+};
+//#endregion
+export { TwitterOption, TwitterProfile, twitter };
+//# sourceMappingURL=twitter.d.mts.map

package/dist/social-providers/twitter.mjs

@@ -0,0 +1,88 @@
+import { createAuthorizationURL } from "../oauth2/create-authorization-url.mjs";
+import { refreshAccessToken } from "../oauth2/refresh-access-token.mjs";
+import { validateAuthorizationCode } from "../oauth2/validate-authorization-code.mjs";
+import "../oauth2/index.mjs";
+import { betterFetch } from "@better-fetch/fetch";
+
+//#region src/social-providers/twitter.ts
+const twitter = (options) => {
+	return {
+		id: "twitter",
+		name: "Twitter",
+		createAuthorizationURL(data) {
+			const _scopes = options.disableDefaultScope ? [] : [
+				"users.read",
+				"tweet.read",
+				"offline.access",
+				"users.email"
+			];
+			if (options.scope) _scopes.push(...options.scope);
+			if (data.scopes) _scopes.push(...data.scopes);
+			return createAuthorizationURL({
+				id: "twitter",
+				options,
+				authorizationEndpoint: "https://x.com/i/oauth2/authorize",
+				scopes: _scopes,
+				state: data.state,
+				codeVerifier: data.codeVerifier,
+				redirectURI: data.redirectURI
+			});
+		},
+		validateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {
+			return validateAuthorizationCode({
+				code,
+				codeVerifier,
+				authentication: "basic",
+				redirectURI,
+				options,
+				tokenEndpoint: "https://api.x.com/2/oauth2/token"
+			});
+		},
+		refreshAccessToken: options.refreshAccessToken ? options.refreshAccessToken : async (refreshToken) => {
+			return refreshAccessToken({
+				refreshToken,
+				options: {
+					clientId: options.clientId,
+					clientKey: options.clientKey,
+					clientSecret: options.clientSecret
+				},
+				authentication: "basic",
+				tokenEndpoint: "https://api.x.com/2/oauth2/token"
+			});
+		},
+		async getUserInfo(token) {
+			if (options.getUserInfo) return options.getUserInfo(token);
+			const { data: profile, error: profileError } = await betterFetch("https://api.x.com/2/users/me?user.fields=profile_image_url", {
+				method: "GET",
+				headers: { Authorization: `Bearer ${token.accessToken}` }
+			});
+			if (profileError) return null;
+			const { data: emailData, error: emailError } = await betterFetch("https://api.x.com/2/users/me?user.fields=confirmed_email", {
+				method: "GET",
+				headers: { Authorization: `Bearer ${token.accessToken}` }
+			});
+			let emailVerified = false;
+			if (!emailError && emailData?.data?.confirmed_email) {
+				profile.data.email = emailData.data.confirmed_email;
+				emailVerified = true;
+			}
+			const userMap = await options.mapProfileToUser?.(profile);
+			return {
+				user: {
+					id: profile.data.id,
+					name: profile.data.name,
+					email: profile.data.email || profile.data.username || null,
+					image: profile.data.profile_image_url,
+					emailVerified,
+					...userMap
+				},
+				data: profile
+			};
+		},
+		options
+	};
+};
+
+//#endregion
+export { twitter };
+//# sourceMappingURL=twitter.mjs.map

package/dist/social-providers/twitter.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"twitter.mjs","names":[],"sources":["../../src/social-providers/twitter.ts"],"sourcesContent":["import { betterFetch } from \"@better-fetch/fetch\";\nimport type { OAuthProvider, ProviderOptions } from \"../oauth2\";\nimport {\n\tcreateAuthorizationURL,\n\trefreshAccessToken,\n\tvalidateAuthorizationCode,\n} from \"../oauth2\";\n\nexport interface TwitterProfile {\n\tdata: {\n\t\t/**\n\t\t * Unique identifier of this user. This is returned as a string in order to avoid complications with languages and tools\n\t\t * that cannot handle large integers.\n\t\t */\n\t\tid: string;\n\t\t/** The friendly name of this user, as shown on their profile. */\n\t\tname: string;\n\t\t/** The email address of this user. */\n\t\temail?: string | undefined;\n\t\t/** The Twitter handle (screen name) of this user. */\n\t\tusername: string;\n\t\t/**\n\t\t * The location specified in the user's profile, if the user provided one.\n\t\t * As this is a freeform value, it may not indicate a valid location, but it may be fuzzily evaluated when performing searches with location queries.\n\t\t *\n\t\t * To return this field, add `user.fields=location` in the authorization request's query parameter.\n\t\t */\n\t\tlocation?: string | undefined;\n\t\t/**\n\t\t * This object and its children fields contain details about text that has a special meaning in the user's description.\n\t\t *\n\t\t *To return this field, add `user.fields=entities` in the authorization request's query parameter.\n\t\t */\n\t\tentities?:\n\t\t\t| {\n\t\t\t\t\t/** Contains details about the user's profile website. */\n\t\t\t\t\turl: {\n\t\t\t\t\t\t/** Contains details about the user's profile website. */\n\t\t\t\t\t\turls: Array<{\n\t\t\t\t\t\t\t/** The start position (zero-based) of the recognized user's profile website. All start indices are inclusive. */\n\t\t\t\t\t\t\tstart: number;\n\t\t\t\t\t\t\t/** The end position (zero-based) of the recognized user's profile website. This end index is exclusive. */\n\t\t\t\t\t\t\tend: number;\n\t\t\t\t\t\t\t/** The URL in the format entered by the user. */\n\t\t\t\t\t\t\turl: string;\n\t\t\t\t\t\t\t/** The fully resolved URL. */\n\t\t\t\t\t\t\texpanded_url: string;\n\t\t\t\t\t\t\t/** The URL as displayed in the user's profile. */\n\t\t\t\t\t\t\tdisplay_url: string;\n\t\t\t\t\t\t}>;\n\t\t\t\t\t};\n\t\t\t\t\t/** Contains details about URLs, Hashtags, Cashtags, or mentions located within a user's description. */\n\t\t\t\t\tdescription: {\n\t\t\t\t\t\thashtags: Array<{\n\t\t\t\t\t\t\tstart: number;\n\t\t\t\t\t\t\tend: number;\n\t\t\t\t\t\t\ttag: string;\n\t\t\t\t\t\t}>;\n\t\t\t\t\t};\n\t\t\t  }\n\t\t\t| undefined;\n\t\t/**\n\t\t * Indicate if this user is a verified Twitter user.\n\t\t *\n\t\t * To return this field, add `user.fields=verified` in the authorization request's query parameter.\n\t\t */\n\t\tverified?: boolean | undefined;\n\t\t/**\n\t\t * The text of this user's profile description (also known as bio), if the user provided one.\n\t\t *\n\t\t * To return this field, add `user.fields=description` in the authorization request's query parameter.\n\t\t */\n\t\tdescription?: string | undefined;\n\t\t/**\n\t\t * The URL specified in the user's profile, if present.\n\t\t *\n\t\t * To return this field, add `user.fields=url` in the authorization request's query parameter.\n\t\t */\n\t\turl?: string | undefined;\n\t\t/** The URL to the profile image for this user, as shown on the user's profile. */\n\t\tprofile_image_url?: string | undefined;\n\t\tprotected?: boolean | undefined;\n\t\t/**\n\t\t * Unique identifier of this user's pinned Tweet.\n\t\t *\n\t\t *  You can obtain the expanded object in `includes.tweets` by adding `expansions=pinned_tweet_id` in the authorization request's query parameter.\n\t\t */\n\t\tpinned_tweet_id?: string | undefined;\n\t\tcreated_at?: string | undefined;\n\t};\n\tincludes?:\n\t\t| {\n\t\t\t\ttweets?: Array<{\n\t\t\t\t\tid: string;\n\t\t\t\t\ttext: string;\n\t\t\t\t}>;\n\t\t  }\n\t\t| undefined;\n\t[claims: string]: unknown;\n}\n\nexport interface TwitterOption extends ProviderOptions<TwitterProfile> {\n\tclientId: string;\n}\n\nexport const twitter = (options: TwitterOption) => {\n\treturn {\n\t\tid: \"twitter\",\n\t\tname: \"Twitter\",\n\t\tcreateAuthorizationURL(data) {\n\t\t\tconst _scopes = options.disableDefaultScope\n\t\t\t\t? []\n\t\t\t\t: [\"users.read\", \"tweet.read\", \"offline.access\", \"users.email\"];\n\t\t\tif (options.scope) _scopes.push(...options.scope);\n\t\t\tif (data.scopes) _scopes.push(...data.scopes);\n\t\t\treturn createAuthorizationURL({\n\t\t\t\tid: \"twitter\",\n\t\t\t\toptions,\n\t\t\t\tauthorizationEndpoint: \"https://x.com/i/oauth2/authorize\",\n\t\t\t\tscopes: _scopes,\n\t\t\t\tstate: data.state,\n\t\t\t\tcodeVerifier: data.codeVerifier,\n\t\t\t\tredirectURI: data.redirectURI,\n\t\t\t});\n\t\t},\n\t\tvalidateAuthorizationCode: async ({ code, codeVerifier, redirectURI }) => {\n\t\t\treturn validateAuthorizationCode({\n\t\t\t\tcode,\n\t\t\t\tcodeVerifier,\n\t\t\t\tauthentication: \"basic\",\n\t\t\t\tredirectURI,\n\t\t\t\toptions,\n\t\t\t\ttokenEndpoint: \"https://api.x.com/2/oauth2/token\",\n\t\t\t});\n\t\t},\n\n\t\trefreshAccessToken: options.refreshAccessToken\n\t\t\t? options.refreshAccessToken\n\t\t\t: async (refreshToken) => {\n\t\t\t\t\treturn refreshAccessToken({\n\t\t\t\t\t\trefreshToken,\n\t\t\t\t\t\toptions: {\n\t\t\t\t\t\t\tclientId: options.clientId,\n\t\t\t\t\t\t\tclientKey: options.clientKey,\n\t\t\t\t\t\t\tclientSecret: options.clientSecret,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tauthentication: \"basic\",\n\t\t\t\t\t\ttokenEndpoint: \"https://api.x.com/2/oauth2/token\",\n\t\t\t\t\t});\n\t\t\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (options.getUserInfo) {\n\t\t\t\treturn options.getUserInfo(token);\n\t\t\t}\n\t\t\tconst { data: profile, error: profileError } =\n\t\t\t\tawait betterFetch<TwitterProfile>(\n\t\t\t\t\t\"https://api.x.com/2/users/me?user.fields=profile_image_url\",\n\t\t\t\t\t{\n\t\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\t\theaders: {\n\t\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t);\n\n\t\t\tif (profileError) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\tconst { data: emailData, error: emailError } = await betterFetch<{\n\t\t\t\tdata: { confirmed_email: string };\n\t\t\t}>(\"https://api.x.com/2/users/me?user.fields=confirmed_email\", {\n\t\t\t\tmethod: \"GET\",\n\t\t\t\theaders: {\n\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t},\n\t\t\t});\n\t\t\tlet emailVerified = false;\n\t\t\tif (!emailError && emailData?.data?.confirmed_email) {\n\t\t\t\tprofile.data.email = emailData.data.confirmed_email;\n\t\t\t\temailVerified = true;\n\t\t\t}\n\t\t\tconst userMap = await options.mapProfileToUser?.(profile);\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.data.id,\n\t\t\t\t\tname: profile.data.name,\n\t\t\t\t\temail: profile.data.email || profile.data.username || null,\n\t\t\t\t\timage: profile.data.profile_image_url,\n\t\t\t\t\temailVerified: emailVerified,\n\t\t\t\t\t...userMap,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t\toptions,\n\t} satisfies OAuthProvider<TwitterProfile>;\n};\n"],"mappings":";;;;;;;AAyGA,MAAa,WAAW,YAA2B;AAClD,QAAO;EACN,IAAI;EACJ,MAAM;EACN,uBAAuB,MAAM;GAC5B,MAAM,UAAU,QAAQ,sBACrB,EAAE,GACF;IAAC;IAAc;IAAc;IAAkB;IAAc;AAChE,OAAI,QAAQ,MAAO,SAAQ,KAAK,GAAG,QAAQ,MAAM;AACjD,OAAI,KAAK,OAAQ,SAAQ,KAAK,GAAG,KAAK,OAAO;AAC7C,UAAO,uBAAuB;IAC7B,IAAI;IACJ;IACA,uBAAuB;IACvB,QAAQ;IACR,OAAO,KAAK;IACZ,cAAc,KAAK;IACnB,aAAa,KAAK;IAClB,CAAC;;EAEH,2BAA2B,OAAO,EAAE,MAAM,cAAc,kBAAkB;AACzE,UAAO,0BAA0B;IAChC;IACA;IACA,gBAAgB;IAChB;IACA;IACA,eAAe;IACf,CAAC;;EAGH,oBAAoB,QAAQ,qBACzB,QAAQ,qBACR,OAAO,iBAAiB;AACxB,UAAO,mBAAmB;IACzB;IACA,SAAS;KACR,UAAU,QAAQ;KAClB,WAAW,QAAQ;KACnB,cAAc,QAAQ;KACtB;IACD,gBAAgB;IAChB,eAAe;IACf,CAAC;;EAEL,MAAM,YAAY,OAAO;AACxB,OAAI,QAAQ,YACX,QAAO,QAAQ,YAAY,MAAM;GAElC,MAAM,EAAE,MAAM,SAAS,OAAO,iBAC7B,MAAM,YACL,8DACA;IACC,QAAQ;IACR,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B;IACD,CACD;AAEF,OAAI,aACH,QAAO;GAGR,MAAM,EAAE,MAAM,WAAW,OAAO,eAAe,MAAM,YAElD,4DAA4D;IAC9D,QAAQ;IACR,SAAS,EACR,eAAe,UAAU,MAAM,eAC/B;IACD,CAAC;GACF,IAAI,gBAAgB;AACpB,OAAI,CAAC,cAAc,WAAW,MAAM,iBAAiB;AACpD,YAAQ,KAAK,QAAQ,UAAU,KAAK;AACpC,oBAAgB;;GAEjB,MAAM,UAAU,MAAM,QAAQ,mBAAmB,QAAQ;AACzD,UAAO;IACN,MAAM;KACL,IAAI,QAAQ,KAAK;KACjB,MAAM,QAAQ,KAAK;KACnB,OAAO,QAAQ,KAAK,SAAS,QAAQ,KAAK,YAAY;KACtD,OAAO,QAAQ,KAAK;KACL;KACf,GAAG;KACH;IACD,MAAM;IACN;;EAEF;EACA"}