@hammadj/better-auth 1.5.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -0
- package/dist/_virtual/rolldown_runtime.mjs +36 -0
- package/dist/adapters/drizzle-adapter/index.d.mts +1 -0
- package/dist/adapters/drizzle-adapter/index.mjs +3 -0
- package/dist/adapters/index.d.mts +23 -0
- package/dist/adapters/index.mjs +13 -0
- package/dist/adapters/index.mjs.map +1 -0
- package/dist/adapters/kysely-adapter/index.d.mts +1 -0
- package/dist/adapters/kysely-adapter/index.mjs +3 -0
- package/dist/adapters/memory-adapter/index.d.mts +1 -0
- package/dist/adapters/memory-adapter/index.mjs +3 -0
- package/dist/adapters/mongodb-adapter/index.d.mts +1 -0
- package/dist/adapters/mongodb-adapter/index.mjs +3 -0
- package/dist/adapters/prisma-adapter/index.d.mts +1 -0
- package/dist/adapters/prisma-adapter/index.mjs +3 -0
- package/dist/api/index.d.mts +40 -0
- package/dist/api/index.mjs +205 -0
- package/dist/api/index.mjs.map +1 -0
- package/dist/api/middlewares/index.d.mts +1 -0
- package/dist/api/middlewares/index.mjs +3 -0
- package/dist/api/middlewares/origin-check.d.mts +17 -0
- package/dist/api/middlewares/origin-check.mjs +140 -0
- package/dist/api/middlewares/origin-check.mjs.map +1 -0
- package/dist/api/rate-limiter/index.mjs +177 -0
- package/dist/api/rate-limiter/index.mjs.map +1 -0
- package/dist/api/routes/account.d.mts +10 -0
- package/dist/api/routes/account.mjs +493 -0
- package/dist/api/routes/account.mjs.map +1 -0
- package/dist/api/routes/callback.d.mts +5 -0
- package/dist/api/routes/callback.mjs +178 -0
- package/dist/api/routes/callback.mjs.map +1 -0
- package/dist/api/routes/email-verification.d.mts +29 -0
- package/dist/api/routes/email-verification.mjs +301 -0
- package/dist/api/routes/email-verification.mjs.map +1 -0
- package/dist/api/routes/error.d.mts +5 -0
- package/dist/api/routes/error.mjs +386 -0
- package/dist/api/routes/error.mjs.map +1 -0
- package/dist/api/routes/index.d.mts +11 -0
- package/dist/api/routes/index.mjs +13 -0
- package/dist/api/routes/ok.d.mts +5 -0
- package/dist/api/routes/ok.mjs +30 -0
- package/dist/api/routes/ok.mjs.map +1 -0
- package/dist/api/routes/password.d.mts +8 -0
- package/dist/api/routes/password.mjs +198 -0
- package/dist/api/routes/password.mjs.map +1 -0
- package/dist/api/routes/session.d.mts +52 -0
- package/dist/api/routes/session.mjs +478 -0
- package/dist/api/routes/session.mjs.map +1 -0
- package/dist/api/routes/sign-in.d.mts +8 -0
- package/dist/api/routes/sign-in.mjs +262 -0
- package/dist/api/routes/sign-in.mjs.map +1 -0
- package/dist/api/routes/sign-out.d.mts +5 -0
- package/dist/api/routes/sign-out.mjs +33 -0
- package/dist/api/routes/sign-out.mjs.map +1 -0
- package/dist/api/routes/sign-up.d.mts +7 -0
- package/dist/api/routes/sign-up.mjs +227 -0
- package/dist/api/routes/sign-up.mjs.map +1 -0
- package/dist/api/routes/update-user.d.mts +12 -0
- package/dist/api/routes/update-user.mjs +493 -0
- package/dist/api/routes/update-user.mjs.map +1 -0
- package/dist/api/state/oauth.d.mts +5 -0
- package/dist/api/state/oauth.mjs +8 -0
- package/dist/api/state/oauth.mjs.map +1 -0
- package/dist/api/state/should-session-refresh.d.mts +13 -0
- package/dist/api/state/should-session-refresh.mjs +16 -0
- package/dist/api/state/should-session-refresh.mjs.map +1 -0
- package/dist/api/to-auth-endpoints.mjs +197 -0
- package/dist/api/to-auth-endpoints.mjs.map +1 -0
- package/dist/auth/base.mjs +44 -0
- package/dist/auth/base.mjs.map +1 -0
- package/dist/auth/full.d.mts +30 -0
- package/dist/auth/full.mjs +32 -0
- package/dist/auth/full.mjs.map +1 -0
- package/dist/auth/minimal.d.mts +12 -0
- package/dist/auth/minimal.mjs +14 -0
- package/dist/auth/minimal.mjs.map +1 -0
- package/dist/auth/trusted-origins.mjs +31 -0
- package/dist/auth/trusted-origins.mjs.map +1 -0
- package/dist/client/broadcast-channel.d.mts +20 -0
- package/dist/client/broadcast-channel.mjs +46 -0
- package/dist/client/broadcast-channel.mjs.map +1 -0
- package/dist/client/config.mjs +90 -0
- package/dist/client/config.mjs.map +1 -0
- package/dist/client/fetch-plugins.mjs +18 -0
- package/dist/client/fetch-plugins.mjs.map +1 -0
- package/dist/client/focus-manager.d.mts +11 -0
- package/dist/client/focus-manager.mjs +32 -0
- package/dist/client/focus-manager.mjs.map +1 -0
- package/dist/client/index.d.mts +30 -0
- package/dist/client/index.mjs +21 -0
- package/dist/client/index.mjs.map +1 -0
- package/dist/client/lynx/index.d.mts +62 -0
- package/dist/client/lynx/index.mjs +24 -0
- package/dist/client/lynx/index.mjs.map +1 -0
- package/dist/client/lynx/lynx-store.d.mts +47 -0
- package/dist/client/lynx/lynx-store.mjs +47 -0
- package/dist/client/lynx/lynx-store.mjs.map +1 -0
- package/dist/client/online-manager.d.mts +12 -0
- package/dist/client/online-manager.mjs +35 -0
- package/dist/client/online-manager.mjs.map +1 -0
- package/dist/client/parser.mjs +73 -0
- package/dist/client/parser.mjs.map +1 -0
- package/dist/client/path-to-object.d.mts +57 -0
- package/dist/client/plugins/index.d.mts +58 -0
- package/dist/client/plugins/index.mjs +33 -0
- package/dist/client/plugins/infer-plugin.d.mts +9 -0
- package/dist/client/plugins/infer-plugin.mjs +11 -0
- package/dist/client/plugins/infer-plugin.mjs.map +1 -0
- package/dist/client/proxy.mjs +79 -0
- package/dist/client/proxy.mjs.map +1 -0
- package/dist/client/query.d.mts +23 -0
- package/dist/client/query.mjs +98 -0
- package/dist/client/query.mjs.map +1 -0
- package/dist/client/react/index.d.mts +63 -0
- package/dist/client/react/index.mjs +24 -0
- package/dist/client/react/index.mjs.map +1 -0
- package/dist/client/react/react-store.d.mts +47 -0
- package/dist/client/react/react-store.mjs +47 -0
- package/dist/client/react/react-store.mjs.map +1 -0
- package/dist/client/session-atom.mjs +29 -0
- package/dist/client/session-atom.mjs.map +1 -0
- package/dist/client/session-refresh.d.mts +28 -0
- package/dist/client/session-refresh.mjs +140 -0
- package/dist/client/session-refresh.mjs.map +1 -0
- package/dist/client/solid/index.d.mts +57 -0
- package/dist/client/solid/index.mjs +22 -0
- package/dist/client/solid/index.mjs.map +1 -0
- package/dist/client/solid/solid-store.mjs +24 -0
- package/dist/client/solid/solid-store.mjs.map +1 -0
- package/dist/client/svelte/index.d.mts +63 -0
- package/dist/client/svelte/index.mjs +20 -0
- package/dist/client/svelte/index.mjs.map +1 -0
- package/dist/client/types.d.mts +58 -0
- package/dist/client/vanilla.d.mts +62 -0
- package/dist/client/vanilla.mjs +20 -0
- package/dist/client/vanilla.mjs.map +1 -0
- package/dist/client/vue/index.d.mts +86 -0
- package/dist/client/vue/index.mjs +38 -0
- package/dist/client/vue/index.mjs.map +1 -0
- package/dist/client/vue/vue-store.mjs +26 -0
- package/dist/client/vue/vue-store.mjs.map +1 -0
- package/dist/context/create-context.mjs +211 -0
- package/dist/context/create-context.mjs.map +1 -0
- package/dist/context/helpers.mjs +62 -0
- package/dist/context/helpers.mjs.map +1 -0
- package/dist/context/init-minimal.mjs +20 -0
- package/dist/context/init-minimal.mjs.map +1 -0
- package/dist/context/init.mjs +22 -0
- package/dist/context/init.mjs.map +1 -0
- package/dist/cookies/cookie-utils.d.mts +29 -0
- package/dist/cookies/cookie-utils.mjs +105 -0
- package/dist/cookies/cookie-utils.mjs.map +1 -0
- package/dist/cookies/index.d.mts +67 -0
- package/dist/cookies/index.mjs +264 -0
- package/dist/cookies/index.mjs.map +1 -0
- package/dist/cookies/session-store.d.mts +36 -0
- package/dist/cookies/session-store.mjs +200 -0
- package/dist/cookies/session-store.mjs.map +1 -0
- package/dist/crypto/buffer.d.mts +8 -0
- package/dist/crypto/buffer.mjs +18 -0
- package/dist/crypto/buffer.mjs.map +1 -0
- package/dist/crypto/index.d.mts +27 -0
- package/dist/crypto/index.mjs +38 -0
- package/dist/crypto/index.mjs.map +1 -0
- package/dist/crypto/jwt.d.mts +8 -0
- package/dist/crypto/jwt.mjs +95 -0
- package/dist/crypto/jwt.mjs.map +1 -0
- package/dist/crypto/password.d.mts +12 -0
- package/dist/crypto/password.mjs +36 -0
- package/dist/crypto/password.mjs.map +1 -0
- package/dist/crypto/random.d.mts +5 -0
- package/dist/crypto/random.mjs +8 -0
- package/dist/crypto/random.mjs.map +1 -0
- package/dist/db/adapter-base.d.mts +8 -0
- package/dist/db/adapter-base.mjs +28 -0
- package/dist/db/adapter-base.mjs.map +1 -0
- package/dist/db/adapter-kysely.d.mts +8 -0
- package/dist/db/adapter-kysely.mjs +21 -0
- package/dist/db/adapter-kysely.mjs.map +1 -0
- package/dist/db/field-converter.d.mts +8 -0
- package/dist/db/field-converter.mjs +21 -0
- package/dist/db/field-converter.mjs.map +1 -0
- package/dist/db/field.d.mts +55 -0
- package/dist/db/field.mjs +11 -0
- package/dist/db/field.mjs.map +1 -0
- package/dist/db/get-migration.d.mts +23 -0
- package/dist/db/get-migration.mjs +339 -0
- package/dist/db/get-migration.mjs.map +1 -0
- package/dist/db/get-schema.d.mts +11 -0
- package/dist/db/get-schema.mjs +39 -0
- package/dist/db/get-schema.mjs.map +1 -0
- package/dist/db/index.d.mts +9 -0
- package/dist/db/index.mjs +36 -0
- package/dist/db/index.mjs.map +1 -0
- package/dist/db/internal-adapter.d.mts +14 -0
- package/dist/db/internal-adapter.mjs +616 -0
- package/dist/db/internal-adapter.mjs.map +1 -0
- package/dist/db/schema.d.mts +26 -0
- package/dist/db/schema.mjs +118 -0
- package/dist/db/schema.mjs.map +1 -0
- package/dist/db/to-zod.d.mts +36 -0
- package/dist/db/to-zod.mjs +26 -0
- package/dist/db/to-zod.mjs.map +1 -0
- package/dist/db/verification-token-storage.mjs +28 -0
- package/dist/db/verification-token-storage.mjs.map +1 -0
- package/dist/db/with-hooks.d.mts +33 -0
- package/dist/db/with-hooks.mjs +159 -0
- package/dist/db/with-hooks.mjs.map +1 -0
- package/dist/index.d.mts +52 -0
- package/dist/index.mjs +26 -0
- package/dist/integrations/next-js.d.mts +14 -0
- package/dist/integrations/next-js.mjs +78 -0
- package/dist/integrations/next-js.mjs.map +1 -0
- package/dist/integrations/node.d.mts +13 -0
- package/dist/integrations/node.mjs +16 -0
- package/dist/integrations/node.mjs.map +1 -0
- package/dist/integrations/solid-start.d.mts +23 -0
- package/dist/integrations/solid-start.mjs +17 -0
- package/dist/integrations/solid-start.mjs.map +1 -0
- package/dist/integrations/svelte-kit.d.mts +29 -0
- package/dist/integrations/svelte-kit.mjs +57 -0
- package/dist/integrations/svelte-kit.mjs.map +1 -0
- package/dist/integrations/tanstack-start-solid.d.mts +22 -0
- package/dist/integrations/tanstack-start-solid.mjs +61 -0
- package/dist/integrations/tanstack-start-solid.mjs.map +1 -0
- package/dist/integrations/tanstack-start.d.mts +22 -0
- package/dist/integrations/tanstack-start.mjs +61 -0
- package/dist/integrations/tanstack-start.mjs.map +1 -0
- package/dist/oauth2/index.d.mts +5 -0
- package/dist/oauth2/index.mjs +7 -0
- package/dist/oauth2/link-account.d.mts +31 -0
- package/dist/oauth2/link-account.mjs +144 -0
- package/dist/oauth2/link-account.mjs.map +1 -0
- package/dist/oauth2/state.d.mts +26 -0
- package/dist/oauth2/state.mjs +51 -0
- package/dist/oauth2/state.mjs.map +1 -0
- package/dist/oauth2/utils.d.mts +8 -0
- package/dist/oauth2/utils.mjs +31 -0
- package/dist/oauth2/utils.mjs.map +1 -0
- package/dist/plugins/access/access.d.mts +30 -0
- package/dist/plugins/access/access.mjs +46 -0
- package/dist/plugins/access/access.mjs.map +1 -0
- package/dist/plugins/access/index.d.mts +3 -0
- package/dist/plugins/access/index.mjs +3 -0
- package/dist/plugins/access/types.d.mts +17 -0
- package/dist/plugins/additional-fields/client.d.mts +14 -0
- package/dist/plugins/additional-fields/client.mjs +11 -0
- package/dist/plugins/additional-fields/client.mjs.map +1 -0
- package/dist/plugins/admin/access/index.d.mts +2 -0
- package/dist/plugins/admin/access/index.mjs +3 -0
- package/dist/plugins/admin/access/statement.d.mts +118 -0
- package/dist/plugins/admin/access/statement.mjs +53 -0
- package/dist/plugins/admin/access/statement.mjs.map +1 -0
- package/dist/plugins/admin/admin.d.mts +14 -0
- package/dist/plugins/admin/admin.mjs +95 -0
- package/dist/plugins/admin/admin.mjs.map +1 -0
- package/dist/plugins/admin/client.d.mts +14 -0
- package/dist/plugins/admin/client.mjs +36 -0
- package/dist/plugins/admin/client.mjs.map +1 -0
- package/dist/plugins/admin/error-codes.d.mts +5 -0
- package/dist/plugins/admin/error-codes.mjs +30 -0
- package/dist/plugins/admin/error-codes.mjs.map +1 -0
- package/dist/plugins/admin/has-permission.mjs +16 -0
- package/dist/plugins/admin/has-permission.mjs.map +1 -0
- package/dist/plugins/admin/index.d.mts +3 -0
- package/dist/plugins/admin/index.mjs +3 -0
- package/dist/plugins/admin/routes.mjs +855 -0
- package/dist/plugins/admin/routes.mjs.map +1 -0
- package/dist/plugins/admin/schema.d.mts +6 -0
- package/dist/plugins/admin/schema.mjs +34 -0
- package/dist/plugins/admin/schema.mjs.map +1 -0
- package/dist/plugins/admin/types.d.mts +89 -0
- package/dist/plugins/anonymous/client.d.mts +9 -0
- package/dist/plugins/anonymous/client.mjs +22 -0
- package/dist/plugins/anonymous/client.mjs.map +1 -0
- package/dist/plugins/anonymous/error-codes.d.mts +5 -0
- package/dist/plugins/anonymous/error-codes.mjs +16 -0
- package/dist/plugins/anonymous/error-codes.mjs.map +1 -0
- package/dist/plugins/anonymous/index.d.mts +14 -0
- package/dist/plugins/anonymous/index.mjs +163 -0
- package/dist/plugins/anonymous/index.mjs.map +1 -0
- package/dist/plugins/anonymous/schema.d.mts +5 -0
- package/dist/plugins/anonymous/schema.mjs +11 -0
- package/dist/plugins/anonymous/schema.mjs.map +1 -0
- package/dist/plugins/anonymous/types.d.mts +68 -0
- package/dist/plugins/api-key/adapter.mjs +468 -0
- package/dist/plugins/api-key/adapter.mjs.map +1 -0
- package/dist/plugins/api-key/client.d.mts +9 -0
- package/dist/plugins/api-key/client.mjs +19 -0
- package/dist/plugins/api-key/client.mjs.map +1 -0
- package/dist/plugins/api-key/error-codes.d.mts +5 -0
- package/dist/plugins/api-key/error-codes.mjs +34 -0
- package/dist/plugins/api-key/error-codes.mjs.map +1 -0
- package/dist/plugins/api-key/index.d.mts +17 -0
- package/dist/plugins/api-key/index.mjs +134 -0
- package/dist/plugins/api-key/index.mjs.map +1 -0
- package/dist/plugins/api-key/rate-limit.mjs +74 -0
- package/dist/plugins/api-key/rate-limit.mjs.map +1 -0
- package/dist/plugins/api-key/routes/create-api-key.mjs +252 -0
- package/dist/plugins/api-key/routes/create-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs +24 -0
- package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs.map +1 -0
- package/dist/plugins/api-key/routes/delete-api-key.mjs +74 -0
- package/dist/plugins/api-key/routes/delete-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/get-api-key.mjs +158 -0
- package/dist/plugins/api-key/routes/get-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/index.mjs +71 -0
- package/dist/plugins/api-key/routes/index.mjs.map +1 -0
- package/dist/plugins/api-key/routes/list-api-keys.mjs +194 -0
- package/dist/plugins/api-key/routes/list-api-keys.mjs.map +1 -0
- package/dist/plugins/api-key/routes/update-api-key.mjs +248 -0
- package/dist/plugins/api-key/routes/update-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/routes/verify-api-key.mjs +223 -0
- package/dist/plugins/api-key/routes/verify-api-key.mjs.map +1 -0
- package/dist/plugins/api-key/schema.d.mts +11 -0
- package/dist/plugins/api-key/schema.mjs +130 -0
- package/dist/plugins/api-key/schema.mjs.map +1 -0
- package/dist/plugins/api-key/types.d.mts +346 -0
- package/dist/plugins/bearer/index.d.mts +25 -0
- package/dist/plugins/bearer/index.mjs +66 -0
- package/dist/plugins/bearer/index.mjs.map +1 -0
- package/dist/plugins/captcha/constants.d.mts +10 -0
- package/dist/plugins/captcha/constants.mjs +22 -0
- package/dist/plugins/captcha/constants.mjs.map +1 -0
- package/dist/plugins/captcha/error-codes.mjs +16 -0
- package/dist/plugins/captcha/error-codes.mjs.map +1 -0
- package/dist/plugins/captcha/index.d.mts +14 -0
- package/dist/plugins/captcha/index.mjs +60 -0
- package/dist/plugins/captcha/index.mjs.map +1 -0
- package/dist/plugins/captcha/types.d.mts +28 -0
- package/dist/plugins/captcha/utils.mjs +11 -0
- package/dist/plugins/captcha/utils.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/captchafox.mjs +27 -0
- package/dist/plugins/captcha/verify-handlers/captchafox.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs +25 -0
- package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs +29 -0
- package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/h-captcha.mjs +27 -0
- package/dist/plugins/captcha/verify-handlers/h-captcha.mjs.map +1 -0
- package/dist/plugins/captcha/verify-handlers/index.mjs +6 -0
- package/dist/plugins/custom-session/client.d.mts +10 -0
- package/dist/plugins/custom-session/client.mjs +11 -0
- package/dist/plugins/custom-session/client.mjs.map +1 -0
- package/dist/plugins/custom-session/index.d.mts +26 -0
- package/dist/plugins/custom-session/index.mjs +70 -0
- package/dist/plugins/custom-session/index.mjs.map +1 -0
- package/dist/plugins/device-authorization/client.d.mts +5 -0
- package/dist/plugins/device-authorization/client.mjs +18 -0
- package/dist/plugins/device-authorization/client.mjs.map +1 -0
- package/dist/plugins/device-authorization/error-codes.mjs +21 -0
- package/dist/plugins/device-authorization/error-codes.mjs.map +1 -0
- package/dist/plugins/device-authorization/index.d.mts +28 -0
- package/dist/plugins/device-authorization/index.mjs +50 -0
- package/dist/plugins/device-authorization/index.mjs.map +1 -0
- package/dist/plugins/device-authorization/routes.mjs +510 -0
- package/dist/plugins/device-authorization/routes.mjs.map +1 -0
- package/dist/plugins/device-authorization/schema.mjs +57 -0
- package/dist/plugins/device-authorization/schema.mjs.map +1 -0
- package/dist/plugins/email-otp/client.d.mts +7 -0
- package/dist/plugins/email-otp/client.mjs +18 -0
- package/dist/plugins/email-otp/client.mjs.map +1 -0
- package/dist/plugins/email-otp/error-codes.d.mts +5 -0
- package/dist/plugins/email-otp/error-codes.mjs +12 -0
- package/dist/plugins/email-otp/error-codes.mjs.map +1 -0
- package/dist/plugins/email-otp/index.d.mts +14 -0
- package/dist/plugins/email-otp/index.mjs +108 -0
- package/dist/plugins/email-otp/index.mjs.map +1 -0
- package/dist/plugins/email-otp/otp-token.mjs +29 -0
- package/dist/plugins/email-otp/otp-token.mjs.map +1 -0
- package/dist/plugins/email-otp/routes.mjs +564 -0
- package/dist/plugins/email-otp/routes.mjs.map +1 -0
- package/dist/plugins/email-otp/types.d.mts +74 -0
- package/dist/plugins/email-otp/utils.mjs +17 -0
- package/dist/plugins/email-otp/utils.mjs.map +1 -0
- package/dist/plugins/generic-oauth/client.d.mts +19 -0
- package/dist/plugins/generic-oauth/client.mjs +14 -0
- package/dist/plugins/generic-oauth/client.mjs.map +1 -0
- package/dist/plugins/generic-oauth/error-codes.d.mts +5 -0
- package/dist/plugins/generic-oauth/error-codes.mjs +15 -0
- package/dist/plugins/generic-oauth/error-codes.mjs.map +1 -0
- package/dist/plugins/generic-oauth/index.d.mts +34 -0
- package/dist/plugins/generic-oauth/index.mjs +137 -0
- package/dist/plugins/generic-oauth/index.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/auth0.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/auth0.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/auth0.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/gumroad.d.mts +32 -0
- package/dist/plugins/generic-oauth/providers/gumroad.mjs +60 -0
- package/dist/plugins/generic-oauth/providers/gumroad.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/hubspot.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/hubspot.mjs +60 -0
- package/dist/plugins/generic-oauth/providers/hubspot.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/index.d.mts +9 -0
- package/dist/plugins/generic-oauth/providers/index.mjs +11 -0
- package/dist/plugins/generic-oauth/providers/keycloak.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/keycloak.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/keycloak.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/line.d.mts +55 -0
- package/dist/plugins/generic-oauth/providers/line.mjs +91 -0
- package/dist/plugins/generic-oauth/providers/line.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs +66 -0
- package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/okta.d.mts +37 -0
- package/dist/plugins/generic-oauth/providers/okta.mjs +62 -0
- package/dist/plugins/generic-oauth/providers/okta.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/patreon.d.mts +30 -0
- package/dist/plugins/generic-oauth/providers/patreon.mjs +59 -0
- package/dist/plugins/generic-oauth/providers/patreon.mjs.map +1 -0
- package/dist/plugins/generic-oauth/providers/slack.d.mts +30 -0
- package/dist/plugins/generic-oauth/providers/slack.mjs +61 -0
- package/dist/plugins/generic-oauth/providers/slack.mjs.map +1 -0
- package/dist/plugins/generic-oauth/routes.mjs +394 -0
- package/dist/plugins/generic-oauth/routes.mjs.map +1 -0
- package/dist/plugins/generic-oauth/types.d.mts +145 -0
- package/dist/plugins/haveibeenpwned/index.d.mts +21 -0
- package/dist/plugins/haveibeenpwned/index.mjs +56 -0
- package/dist/plugins/haveibeenpwned/index.mjs.map +1 -0
- package/dist/plugins/index.d.mts +68 -0
- package/dist/plugins/index.mjs +51 -0
- package/dist/plugins/jwt/adapter.mjs +27 -0
- package/dist/plugins/jwt/adapter.mjs.map +1 -0
- package/dist/plugins/jwt/client.d.mts +18 -0
- package/dist/plugins/jwt/client.mjs +19 -0
- package/dist/plugins/jwt/client.mjs.map +1 -0
- package/dist/plugins/jwt/index.d.mts +17 -0
- package/dist/plugins/jwt/index.mjs +202 -0
- package/dist/plugins/jwt/index.mjs.map +1 -0
- package/dist/plugins/jwt/schema.d.mts +5 -0
- package/dist/plugins/jwt/schema.mjs +23 -0
- package/dist/plugins/jwt/schema.mjs.map +1 -0
- package/dist/plugins/jwt/sign.d.mts +57 -0
- package/dist/plugins/jwt/sign.mjs +66 -0
- package/dist/plugins/jwt/sign.mjs.map +1 -0
- package/dist/plugins/jwt/types.d.mts +194 -0
- package/dist/plugins/jwt/utils.d.mts +42 -0
- package/dist/plugins/jwt/utils.mjs +64 -0
- package/dist/plugins/jwt/utils.mjs.map +1 -0
- package/dist/plugins/jwt/verify.d.mts +12 -0
- package/dist/plugins/jwt/verify.mjs +46 -0
- package/dist/plugins/jwt/verify.mjs.map +1 -0
- package/dist/plugins/last-login-method/client.d.mts +18 -0
- package/dist/plugins/last-login-method/client.mjs +32 -0
- package/dist/plugins/last-login-method/client.mjs.map +1 -0
- package/dist/plugins/last-login-method/index.d.mts +52 -0
- package/dist/plugins/last-login-method/index.mjs +77 -0
- package/dist/plugins/last-login-method/index.mjs.map +1 -0
- package/dist/plugins/magic-link/client.d.mts +5 -0
- package/dist/plugins/magic-link/client.mjs +11 -0
- package/dist/plugins/magic-link/client.mjs.map +1 -0
- package/dist/plugins/magic-link/index.d.mts +61 -0
- package/dist/plugins/magic-link/index.mjs +167 -0
- package/dist/plugins/magic-link/index.mjs.map +1 -0
- package/dist/plugins/magic-link/utils.mjs +12 -0
- package/dist/plugins/magic-link/utils.mjs.map +1 -0
- package/dist/plugins/mcp/authorize.mjs +133 -0
- package/dist/plugins/mcp/authorize.mjs.map +1 -0
- package/dist/plugins/mcp/index.d.mts +46 -0
- package/dist/plugins/mcp/index.mjs +717 -0
- package/dist/plugins/mcp/index.mjs.map +1 -0
- package/dist/plugins/multi-session/client.d.mts +8 -0
- package/dist/plugins/multi-session/client.mjs +20 -0
- package/dist/plugins/multi-session/client.mjs.map +1 -0
- package/dist/plugins/multi-session/error-codes.d.mts +5 -0
- package/dist/plugins/multi-session/error-codes.mjs +8 -0
- package/dist/plugins/multi-session/error-codes.mjs.map +1 -0
- package/dist/plugins/multi-session/index.d.mts +22 -0
- package/dist/plugins/multi-session/index.mjs +172 -0
- package/dist/plugins/multi-session/index.mjs.map +1 -0
- package/dist/plugins/oauth-proxy/index.d.mts +39 -0
- package/dist/plugins/oauth-proxy/index.mjs +305 -0
- package/dist/plugins/oauth-proxy/index.mjs.map +1 -0
- package/dist/plugins/oauth-proxy/utils.mjs +44 -0
- package/dist/plugins/oauth-proxy/utils.mjs.map +1 -0
- package/dist/plugins/oidc-provider/authorize.mjs +194 -0
- package/dist/plugins/oidc-provider/authorize.mjs.map +1 -0
- package/dist/plugins/oidc-provider/client.d.mts +8 -0
- package/dist/plugins/oidc-provider/client.mjs +11 -0
- package/dist/plugins/oidc-provider/client.mjs.map +1 -0
- package/dist/plugins/oidc-provider/error.mjs +17 -0
- package/dist/plugins/oidc-provider/error.mjs.map +1 -0
- package/dist/plugins/oidc-provider/index.d.mts +32 -0
- package/dist/plugins/oidc-provider/index.mjs +1093 -0
- package/dist/plugins/oidc-provider/index.mjs.map +1 -0
- package/dist/plugins/oidc-provider/schema.d.mts +26 -0
- package/dist/plugins/oidc-provider/schema.mjs +132 -0
- package/dist/plugins/oidc-provider/schema.mjs.map +1 -0
- package/dist/plugins/oidc-provider/types.d.mts +517 -0
- package/dist/plugins/oidc-provider/utils/prompt.mjs +19 -0
- package/dist/plugins/oidc-provider/utils/prompt.mjs.map +1 -0
- package/dist/plugins/oidc-provider/utils.mjs +15 -0
- package/dist/plugins/oidc-provider/utils.mjs.map +1 -0
- package/dist/plugins/one-tap/client.d.mts +159 -0
- package/dist/plugins/one-tap/client.mjs +214 -0
- package/dist/plugins/one-tap/client.mjs.map +1 -0
- package/dist/plugins/one-tap/index.d.mts +27 -0
- package/dist/plugins/one-tap/index.mjs +96 -0
- package/dist/plugins/one-tap/index.mjs.map +1 -0
- package/dist/plugins/one-time-token/client.d.mts +7 -0
- package/dist/plugins/one-time-token/client.mjs +11 -0
- package/dist/plugins/one-time-token/client.mjs.map +1 -0
- package/dist/plugins/one-time-token/index.d.mts +53 -0
- package/dist/plugins/one-time-token/index.mjs +82 -0
- package/dist/plugins/one-time-token/index.mjs.map +1 -0
- package/dist/plugins/one-time-token/utils.mjs +12 -0
- package/dist/plugins/one-time-token/utils.mjs.map +1 -0
- package/dist/plugins/open-api/generator.d.mts +115 -0
- package/dist/plugins/open-api/generator.mjs +315 -0
- package/dist/plugins/open-api/generator.mjs.map +1 -0
- package/dist/plugins/open-api/index.d.mts +45 -0
- package/dist/plugins/open-api/index.mjs +67 -0
- package/dist/plugins/open-api/index.mjs.map +1 -0
- package/dist/plugins/open-api/logo.mjs +15 -0
- package/dist/plugins/open-api/logo.mjs.map +1 -0
- package/dist/plugins/organization/access/index.d.mts +2 -0
- package/dist/plugins/organization/access/index.mjs +3 -0
- package/dist/plugins/organization/access/statement.d.mts +249 -0
- package/dist/plugins/organization/access/statement.mjs +81 -0
- package/dist/plugins/organization/access/statement.mjs.map +1 -0
- package/dist/plugins/organization/adapter.d.mts +205 -0
- package/dist/plugins/organization/adapter.mjs +624 -0
- package/dist/plugins/organization/adapter.mjs.map +1 -0
- package/dist/plugins/organization/call.mjs +19 -0
- package/dist/plugins/organization/call.mjs.map +1 -0
- package/dist/plugins/organization/client.d.mts +151 -0
- package/dist/plugins/organization/client.mjs +107 -0
- package/dist/plugins/organization/client.mjs.map +1 -0
- package/dist/plugins/organization/error-codes.d.mts +5 -0
- package/dist/plugins/organization/error-codes.mjs +65 -0
- package/dist/plugins/organization/error-codes.mjs.map +1 -0
- package/dist/plugins/organization/has-permission.mjs +35 -0
- package/dist/plugins/organization/has-permission.mjs.map +1 -0
- package/dist/plugins/organization/index.d.mts +5 -0
- package/dist/plugins/organization/index.mjs +4 -0
- package/dist/plugins/organization/organization.d.mts +252 -0
- package/dist/plugins/organization/organization.mjs +428 -0
- package/dist/plugins/organization/organization.mjs.map +1 -0
- package/dist/plugins/organization/permission.d.mts +26 -0
- package/dist/plugins/organization/permission.mjs +16 -0
- package/dist/plugins/organization/permission.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-access-control.d.mts +11 -0
- package/dist/plugins/organization/routes/crud-access-control.mjs +656 -0
- package/dist/plugins/organization/routes/crud-access-control.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-invites.d.mts +16 -0
- package/dist/plugins/organization/routes/crud-invites.mjs +555 -0
- package/dist/plugins/organization/routes/crud-invites.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-members.d.mts +13 -0
- package/dist/plugins/organization/routes/crud-members.mjs +473 -0
- package/dist/plugins/organization/routes/crud-members.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-org.d.mts +13 -0
- package/dist/plugins/organization/routes/crud-org.mjs +447 -0
- package/dist/plugins/organization/routes/crud-org.mjs.map +1 -0
- package/dist/plugins/organization/routes/crud-team.d.mts +15 -0
- package/dist/plugins/organization/routes/crud-team.mjs +676 -0
- package/dist/plugins/organization/routes/crud-team.mjs.map +1 -0
- package/dist/plugins/organization/schema.d.mts +376 -0
- package/dist/plugins/organization/schema.mjs +68 -0
- package/dist/plugins/organization/schema.mjs.map +1 -0
- package/dist/plugins/organization/types.d.mts +733 -0
- package/dist/plugins/phone-number/client.d.mts +8 -0
- package/dist/plugins/phone-number/client.mjs +20 -0
- package/dist/plugins/phone-number/client.mjs.map +1 -0
- package/dist/plugins/phone-number/error-codes.d.mts +5 -0
- package/dist/plugins/phone-number/error-codes.mjs +21 -0
- package/dist/plugins/phone-number/error-codes.mjs.map +1 -0
- package/dist/plugins/phone-number/index.d.mts +14 -0
- package/dist/plugins/phone-number/index.mjs +49 -0
- package/dist/plugins/phone-number/index.mjs.map +1 -0
- package/dist/plugins/phone-number/routes.mjs +459 -0
- package/dist/plugins/phone-number/routes.mjs.map +1 -0
- package/dist/plugins/phone-number/schema.d.mts +5 -0
- package/dist/plugins/phone-number/schema.mjs +20 -0
- package/dist/plugins/phone-number/schema.mjs.map +1 -0
- package/dist/plugins/phone-number/types.d.mts +118 -0
- package/dist/plugins/siwe/client.d.mts +5 -0
- package/dist/plugins/siwe/client.mjs +11 -0
- package/dist/plugins/siwe/client.mjs.map +1 -0
- package/dist/plugins/siwe/error-codes.mjs +13 -0
- package/dist/plugins/siwe/error-codes.mjs.map +1 -0
- package/dist/plugins/siwe/index.d.mts +26 -0
- package/dist/plugins/siwe/index.mjs +261 -0
- package/dist/plugins/siwe/index.mjs.map +1 -0
- package/dist/plugins/siwe/schema.d.mts +5 -0
- package/dist/plugins/siwe/schema.mjs +32 -0
- package/dist/plugins/siwe/schema.mjs.map +1 -0
- package/dist/plugins/siwe/types.d.mts +44 -0
- package/dist/plugins/two-factor/backup-codes/index.d.mts +91 -0
- package/dist/plugins/two-factor/backup-codes/index.mjs +277 -0
- package/dist/plugins/two-factor/backup-codes/index.mjs.map +1 -0
- package/dist/plugins/two-factor/client.d.mts +17 -0
- package/dist/plugins/two-factor/client.mjs +37 -0
- package/dist/plugins/two-factor/client.mjs.map +1 -0
- package/dist/plugins/two-factor/constant.mjs +8 -0
- package/dist/plugins/two-factor/constant.mjs.map +1 -0
- package/dist/plugins/two-factor/error-code.d.mts +5 -0
- package/dist/plugins/two-factor/error-code.mjs +18 -0
- package/dist/plugins/two-factor/error-code.mjs.map +1 -0
- package/dist/plugins/two-factor/index.d.mts +19 -0
- package/dist/plugins/two-factor/index.mjs +207 -0
- package/dist/plugins/two-factor/index.mjs.map +1 -0
- package/dist/plugins/two-factor/otp/index.d.mts +96 -0
- package/dist/plugins/two-factor/otp/index.mjs +199 -0
- package/dist/plugins/two-factor/otp/index.mjs.map +1 -0
- package/dist/plugins/two-factor/schema.d.mts +5 -0
- package/dist/plugins/two-factor/schema.mjs +36 -0
- package/dist/plugins/two-factor/schema.mjs.map +1 -0
- package/dist/plugins/two-factor/totp/index.d.mts +81 -0
- package/dist/plugins/two-factor/totp/index.mjs +157 -0
- package/dist/plugins/two-factor/totp/index.mjs.map +1 -0
- package/dist/plugins/two-factor/types.d.mts +65 -0
- package/dist/plugins/two-factor/utils.mjs +12 -0
- package/dist/plugins/two-factor/utils.mjs.map +1 -0
- package/dist/plugins/two-factor/verify-two-factor.mjs +76 -0
- package/dist/plugins/two-factor/verify-two-factor.mjs.map +1 -0
- package/dist/plugins/username/client.d.mts +7 -0
- package/dist/plugins/username/client.mjs +18 -0
- package/dist/plugins/username/client.mjs.map +1 -0
- package/dist/plugins/username/error-codes.d.mts +5 -0
- package/dist/plugins/username/error-codes.mjs +17 -0
- package/dist/plugins/username/error-codes.mjs.map +1 -0
- package/dist/plugins/username/index.d.mts +74 -0
- package/dist/plugins/username/index.mjs +237 -0
- package/dist/plugins/username/index.mjs.map +1 -0
- package/dist/plugins/username/schema.d.mts +9 -0
- package/dist/plugins/username/schema.mjs +26 -0
- package/dist/plugins/username/schema.mjs.map +1 -0
- package/dist/social-providers/index.d.mts +1 -0
- package/dist/social-providers/index.mjs +3 -0
- package/dist/state.d.mts +42 -0
- package/dist/state.mjs +107 -0
- package/dist/state.mjs.map +1 -0
- package/dist/test-utils/headers.d.mts +9 -0
- package/dist/test-utils/headers.mjs +24 -0
- package/dist/test-utils/headers.mjs.map +1 -0
- package/dist/test-utils/index.d.mts +3 -0
- package/dist/test-utils/index.mjs +4 -0
- package/dist/test-utils/test-instance.d.mts +181 -0
- package/dist/test-utils/test-instance.mjs +210 -0
- package/dist/test-utils/test-instance.mjs.map +1 -0
- package/dist/types/adapter.d.mts +24 -0
- package/dist/types/api.d.mts +62 -0
- package/dist/types/auth.d.mts +30 -0
- package/dist/types/helper.d.mts +21 -0
- package/dist/types/index.d.mts +11 -0
- package/dist/types/index.mjs +1 -0
- package/dist/types/models.d.mts +17 -0
- package/dist/types/plugins.d.mts +16 -0
- package/dist/utils/boolean.mjs +8 -0
- package/dist/utils/boolean.mjs.map +1 -0
- package/dist/utils/constants.mjs +6 -0
- package/dist/utils/constants.mjs.map +1 -0
- package/dist/utils/date.mjs +8 -0
- package/dist/utils/date.mjs.map +1 -0
- package/dist/utils/get-request-ip.d.mts +7 -0
- package/dist/utils/get-request-ip.mjs +23 -0
- package/dist/utils/get-request-ip.mjs.map +1 -0
- package/dist/utils/hashing.mjs +21 -0
- package/dist/utils/hashing.mjs.map +1 -0
- package/dist/utils/hide-metadata.d.mts +7 -0
- package/dist/utils/hide-metadata.mjs +6 -0
- package/dist/utils/hide-metadata.mjs.map +1 -0
- package/dist/utils/index.d.mts +3 -0
- package/dist/utils/index.mjs +5 -0
- package/dist/utils/is-api-error.d.mts +7 -0
- package/dist/utils/is-api-error.mjs +11 -0
- package/dist/utils/is-api-error.mjs.map +1 -0
- package/dist/utils/is-atom.mjs +8 -0
- package/dist/utils/is-atom.mjs.map +1 -0
- package/dist/utils/is-promise.mjs +8 -0
- package/dist/utils/is-promise.mjs.map +1 -0
- package/dist/utils/middleware-response.mjs +6 -0
- package/dist/utils/middleware-response.mjs.map +1 -0
- package/dist/utils/password.mjs +26 -0
- package/dist/utils/password.mjs.map +1 -0
- package/dist/utils/plugin-helper.mjs +17 -0
- package/dist/utils/plugin-helper.mjs.map +1 -0
- package/dist/utils/shim.mjs +24 -0
- package/dist/utils/shim.mjs.map +1 -0
- package/dist/utils/time.d.mts +49 -0
- package/dist/utils/time.mjs +100 -0
- package/dist/utils/time.mjs.map +1 -0
- package/dist/utils/url.mjs +92 -0
- package/dist/utils/url.mjs.map +1 -0
- package/dist/utils/wildcard.mjs +108 -0
- package/dist/utils/wildcard.mjs.map +1 -0
- package/package.json +601 -0
|
@@ -0,0 +1,493 @@
|
|
|
1
|
+
import { getAccountCookie, setAccountCookie } from "../../cookies/session-store.mjs";
|
|
2
|
+
import { parseAccountOutput } from "../../db/schema.mjs";
|
|
3
|
+
import { generateState } from "../../oauth2/state.mjs";
|
|
4
|
+
import { decryptOAuthToken, setTokenUtil } from "../../oauth2/utils.mjs";
|
|
5
|
+
import { freshSessionMiddleware, getSessionFromCtx, sessionMiddleware } from "./session.mjs";
|
|
6
|
+
import { APIError, BASE_ERROR_CODES } from "@better-auth/core/error";
|
|
7
|
+
import { SocialProviderListEnum } from "@better-auth/core/social-providers";
|
|
8
|
+
import { createAuthEndpoint } from "@better-auth/core/api";
|
|
9
|
+
import * as z from "zod";
|
|
10
|
+
|
|
11
|
+
//#region src/api/routes/account.ts
|
|
12
|
+
const listUserAccounts = createAuthEndpoint("/list-accounts", {
|
|
13
|
+
method: "GET",
|
|
14
|
+
use: [sessionMiddleware],
|
|
15
|
+
metadata: { openapi: {
|
|
16
|
+
operationId: "listUserAccounts",
|
|
17
|
+
description: "List all accounts linked to the user",
|
|
18
|
+
responses: { "200": {
|
|
19
|
+
description: "Success",
|
|
20
|
+
content: { "application/json": { schema: {
|
|
21
|
+
type: "array",
|
|
22
|
+
items: {
|
|
23
|
+
type: "object",
|
|
24
|
+
properties: {
|
|
25
|
+
id: { type: "string" },
|
|
26
|
+
providerId: { type: "string" },
|
|
27
|
+
createdAt: {
|
|
28
|
+
type: "string",
|
|
29
|
+
format: "date-time"
|
|
30
|
+
},
|
|
31
|
+
updatedAt: {
|
|
32
|
+
type: "string",
|
|
33
|
+
format: "date-time"
|
|
34
|
+
},
|
|
35
|
+
accountId: { type: "string" },
|
|
36
|
+
userId: { type: "string" },
|
|
37
|
+
scopes: {
|
|
38
|
+
type: "array",
|
|
39
|
+
items: { type: "string" }
|
|
40
|
+
}
|
|
41
|
+
},
|
|
42
|
+
required: [
|
|
43
|
+
"id",
|
|
44
|
+
"providerId",
|
|
45
|
+
"createdAt",
|
|
46
|
+
"updatedAt",
|
|
47
|
+
"accountId",
|
|
48
|
+
"userId",
|
|
49
|
+
"scopes"
|
|
50
|
+
]
|
|
51
|
+
}
|
|
52
|
+
} } }
|
|
53
|
+
} }
|
|
54
|
+
} }
|
|
55
|
+
}, async (c) => {
|
|
56
|
+
const session = c.context.session;
|
|
57
|
+
const accounts = await c.context.internalAdapter.findAccounts(session.user.id);
|
|
58
|
+
return c.json(accounts.map((a) => {
|
|
59
|
+
const { scope, ...parsed } = parseAccountOutput(c.context.options, a);
|
|
60
|
+
return {
|
|
61
|
+
...parsed,
|
|
62
|
+
scopes: scope?.split(",") || []
|
|
63
|
+
};
|
|
64
|
+
}));
|
|
65
|
+
});
|
|
66
|
+
const linkSocialAccount = createAuthEndpoint("/link-social", {
|
|
67
|
+
method: "POST",
|
|
68
|
+
requireHeaders: true,
|
|
69
|
+
body: z.object({
|
|
70
|
+
callbackURL: z.string().meta({ description: "The URL to redirect to after the user has signed in" }).optional(),
|
|
71
|
+
provider: SocialProviderListEnum,
|
|
72
|
+
idToken: z.object({
|
|
73
|
+
token: z.string(),
|
|
74
|
+
nonce: z.string().optional(),
|
|
75
|
+
accessToken: z.string().optional(),
|
|
76
|
+
refreshToken: z.string().optional(),
|
|
77
|
+
scopes: z.array(z.string()).optional()
|
|
78
|
+
}).optional(),
|
|
79
|
+
requestSignUp: z.boolean().optional(),
|
|
80
|
+
scopes: z.array(z.string()).meta({ description: "Additional scopes to request from the provider" }).optional(),
|
|
81
|
+
errorCallbackURL: z.string().meta({ description: "The URL to redirect to if there is an error during the link process" }).optional(),
|
|
82
|
+
disableRedirect: z.boolean().meta({ description: "Disable automatic redirection to the provider. Useful for handling the redirection yourself" }).optional(),
|
|
83
|
+
additionalData: z.record(z.string(), z.any()).optional()
|
|
84
|
+
}),
|
|
85
|
+
use: [sessionMiddleware],
|
|
86
|
+
metadata: { openapi: {
|
|
87
|
+
description: "Link a social account to the user",
|
|
88
|
+
operationId: "linkSocialAccount",
|
|
89
|
+
responses: { "200": {
|
|
90
|
+
description: "Success",
|
|
91
|
+
content: { "application/json": { schema: {
|
|
92
|
+
type: "object",
|
|
93
|
+
properties: {
|
|
94
|
+
url: {
|
|
95
|
+
type: "string",
|
|
96
|
+
description: "The authorization URL to redirect the user to"
|
|
97
|
+
},
|
|
98
|
+
redirect: {
|
|
99
|
+
type: "boolean",
|
|
100
|
+
description: "Indicates if the user should be redirected to the authorization URL"
|
|
101
|
+
},
|
|
102
|
+
status: { type: "boolean" }
|
|
103
|
+
},
|
|
104
|
+
required: ["redirect"]
|
|
105
|
+
} } }
|
|
106
|
+
} }
|
|
107
|
+
} }
|
|
108
|
+
}, async (c) => {
|
|
109
|
+
const session = c.context.session;
|
|
110
|
+
const provider = c.context.socialProviders.find((p) => p.id === c.body.provider);
|
|
111
|
+
if (!provider) {
|
|
112
|
+
c.context.logger.error("Provider not found. Make sure to add the provider in your auth config", { provider: c.body.provider });
|
|
113
|
+
throw APIError.from("NOT_FOUND", BASE_ERROR_CODES.PROVIDER_NOT_FOUND);
|
|
114
|
+
}
|
|
115
|
+
if (c.body.idToken) {
|
|
116
|
+
if (!provider.verifyIdToken) {
|
|
117
|
+
c.context.logger.error("Provider does not support id token verification", { provider: c.body.provider });
|
|
118
|
+
throw APIError.from("NOT_FOUND", BASE_ERROR_CODES.ID_TOKEN_NOT_SUPPORTED);
|
|
119
|
+
}
|
|
120
|
+
const { token, nonce } = c.body.idToken;
|
|
121
|
+
if (!await provider.verifyIdToken(token, nonce)) {
|
|
122
|
+
c.context.logger.error("Invalid id token", { provider: c.body.provider });
|
|
123
|
+
throw APIError.from("UNAUTHORIZED", BASE_ERROR_CODES.INVALID_TOKEN);
|
|
124
|
+
}
|
|
125
|
+
const linkingUserInfo = await provider.getUserInfo({
|
|
126
|
+
idToken: token,
|
|
127
|
+
accessToken: c.body.idToken.accessToken,
|
|
128
|
+
refreshToken: c.body.idToken.refreshToken
|
|
129
|
+
});
|
|
130
|
+
if (!linkingUserInfo || !linkingUserInfo?.user) {
|
|
131
|
+
c.context.logger.error("Failed to get user info", { provider: c.body.provider });
|
|
132
|
+
throw APIError.from("UNAUTHORIZED", BASE_ERROR_CODES.FAILED_TO_GET_USER_INFO);
|
|
133
|
+
}
|
|
134
|
+
const linkingUserId = String(linkingUserInfo.user.id);
|
|
135
|
+
if (!linkingUserInfo.user.email) {
|
|
136
|
+
c.context.logger.error("User email not found", { provider: c.body.provider });
|
|
137
|
+
throw APIError.from("UNAUTHORIZED", BASE_ERROR_CODES.USER_EMAIL_NOT_FOUND);
|
|
138
|
+
}
|
|
139
|
+
if ((await c.context.internalAdapter.findAccounts(session.user.id)).find((a) => a.providerId === provider.id && a.accountId === linkingUserId)) return c.json({
|
|
140
|
+
url: "",
|
|
141
|
+
status: true,
|
|
142
|
+
redirect: false
|
|
143
|
+
});
|
|
144
|
+
if (!(c.context.options.account?.accountLinking?.trustedProviders)?.includes(provider.id) && !linkingUserInfo.user.emailVerified || c.context.options.account?.accountLinking?.enabled === false) throw APIError.from("UNAUTHORIZED", {
|
|
145
|
+
message: "Account not linked - linking not allowed",
|
|
146
|
+
code: "LINKING_NOT_ALLOWED"
|
|
147
|
+
});
|
|
148
|
+
if (linkingUserInfo.user.email !== session.user.email && c.context.options.account?.accountLinking?.allowDifferentEmails !== true) throw APIError.from("UNAUTHORIZED", {
|
|
149
|
+
message: "Account not linked - different emails not allowed",
|
|
150
|
+
code: "LINKING_DIFFERENT_EMAILS_NOT_ALLOWED"
|
|
151
|
+
});
|
|
152
|
+
try {
|
|
153
|
+
await c.context.internalAdapter.createAccount({
|
|
154
|
+
userId: session.user.id,
|
|
155
|
+
providerId: provider.id,
|
|
156
|
+
accountId: linkingUserId,
|
|
157
|
+
accessToken: c.body.idToken.accessToken,
|
|
158
|
+
idToken: token,
|
|
159
|
+
refreshToken: c.body.idToken.refreshToken,
|
|
160
|
+
scope: c.body.idToken.scopes?.join(",")
|
|
161
|
+
});
|
|
162
|
+
} catch (_e) {
|
|
163
|
+
throw APIError.from("EXPECTATION_FAILED", {
|
|
164
|
+
message: "Account not linked - unable to create account",
|
|
165
|
+
code: "LINKING_FAILED"
|
|
166
|
+
});
|
|
167
|
+
}
|
|
168
|
+
if (c.context.options.account?.accountLinking?.updateUserInfoOnLink === true) try {
|
|
169
|
+
await c.context.internalAdapter.updateUser(session.user.id, {
|
|
170
|
+
name: linkingUserInfo.user?.name,
|
|
171
|
+
image: linkingUserInfo.user?.image
|
|
172
|
+
});
|
|
173
|
+
} catch (e) {
|
|
174
|
+
console.warn("Could not update user - " + e.toString());
|
|
175
|
+
}
|
|
176
|
+
return c.json({
|
|
177
|
+
url: "",
|
|
178
|
+
status: true,
|
|
179
|
+
redirect: false
|
|
180
|
+
});
|
|
181
|
+
}
|
|
182
|
+
const state = await generateState(c, {
|
|
183
|
+
userId: session.user.id,
|
|
184
|
+
email: session.user.email
|
|
185
|
+
}, c.body.additionalData);
|
|
186
|
+
const url = await provider.createAuthorizationURL({
|
|
187
|
+
state: state.state,
|
|
188
|
+
codeVerifier: state.codeVerifier,
|
|
189
|
+
redirectURI: `${c.context.baseURL}/callback/${provider.id}`,
|
|
190
|
+
scopes: c.body.scopes
|
|
191
|
+
});
|
|
192
|
+
if (!c.body.disableRedirect) c.setHeader("Location", url.toString());
|
|
193
|
+
return c.json({
|
|
194
|
+
url: url.toString(),
|
|
195
|
+
redirect: !c.body.disableRedirect
|
|
196
|
+
});
|
|
197
|
+
});
|
|
198
|
+
const unlinkAccount = createAuthEndpoint("/unlink-account", {
|
|
199
|
+
method: "POST",
|
|
200
|
+
body: z.object({
|
|
201
|
+
providerId: z.string(),
|
|
202
|
+
accountId: z.string().optional()
|
|
203
|
+
}),
|
|
204
|
+
use: [freshSessionMiddleware],
|
|
205
|
+
metadata: { openapi: {
|
|
206
|
+
description: "Unlink an account",
|
|
207
|
+
responses: { "200": {
|
|
208
|
+
description: "Success",
|
|
209
|
+
content: { "application/json": { schema: {
|
|
210
|
+
type: "object",
|
|
211
|
+
properties: { status: { type: "boolean" } }
|
|
212
|
+
} } }
|
|
213
|
+
} }
|
|
214
|
+
} }
|
|
215
|
+
}, async (ctx) => {
|
|
216
|
+
const { providerId, accountId } = ctx.body;
|
|
217
|
+
const accounts = await ctx.context.internalAdapter.findAccounts(ctx.context.session.user.id);
|
|
218
|
+
if (accounts.length === 1 && !ctx.context.options.account?.accountLinking?.allowUnlinkingAll) throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.FAILED_TO_UNLINK_LAST_ACCOUNT);
|
|
219
|
+
const accountExist = accounts.find((account) => accountId ? account.accountId === accountId && account.providerId === providerId : account.providerId === providerId);
|
|
220
|
+
if (!accountExist) throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);
|
|
221
|
+
await ctx.context.internalAdapter.deleteAccount(accountExist.id);
|
|
222
|
+
return ctx.json({ status: true });
|
|
223
|
+
});
|
|
224
|
+
const getAccessToken = createAuthEndpoint("/get-access-token", {
|
|
225
|
+
method: "POST",
|
|
226
|
+
body: z.object({
|
|
227
|
+
providerId: z.string().meta({ description: "The provider ID for the OAuth provider" }),
|
|
228
|
+
accountId: z.string().meta({ description: "The account ID associated with the refresh token" }).optional(),
|
|
229
|
+
userId: z.string().meta({ description: "The user ID associated with the account" }).optional()
|
|
230
|
+
}),
|
|
231
|
+
metadata: { openapi: {
|
|
232
|
+
description: "Get a valid access token, doing a refresh if needed",
|
|
233
|
+
responses: {
|
|
234
|
+
200: {
|
|
235
|
+
description: "A Valid access token",
|
|
236
|
+
content: { "application/json": { schema: {
|
|
237
|
+
type: "object",
|
|
238
|
+
properties: {
|
|
239
|
+
tokenType: { type: "string" },
|
|
240
|
+
idToken: { type: "string" },
|
|
241
|
+
accessToken: { type: "string" },
|
|
242
|
+
accessTokenExpiresAt: {
|
|
243
|
+
type: "string",
|
|
244
|
+
format: "date-time"
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
} } }
|
|
248
|
+
},
|
|
249
|
+
400: { description: "Invalid refresh token or provider configuration" }
|
|
250
|
+
}
|
|
251
|
+
} }
|
|
252
|
+
}, async (ctx) => {
|
|
253
|
+
const { providerId, accountId, userId } = ctx.body || {};
|
|
254
|
+
const req = ctx.request;
|
|
255
|
+
const session = await getSessionFromCtx(ctx);
|
|
256
|
+
if (req && !session) throw ctx.error("UNAUTHORIZED");
|
|
257
|
+
const resolvedUserId = session?.user?.id || userId;
|
|
258
|
+
if (!resolvedUserId) throw ctx.error("UNAUTHORIZED");
|
|
259
|
+
if (!ctx.context.socialProviders.find((p) => p.id === providerId)) throw APIError.from("BAD_REQUEST", {
|
|
260
|
+
message: `Provider ${providerId} is not supported.`,
|
|
261
|
+
code: "PROVIDER_NOT_SUPPORTED"
|
|
262
|
+
});
|
|
263
|
+
const accountData = await getAccountCookie(ctx);
|
|
264
|
+
let account = void 0;
|
|
265
|
+
if (accountData && providerId === accountData.providerId && (!accountId || accountData.id === accountId)) account = accountData;
|
|
266
|
+
else account = (await ctx.context.internalAdapter.findAccounts(resolvedUserId)).find((acc) => accountId ? acc.accountId === accountId && acc.providerId === providerId : acc.providerId === providerId);
|
|
267
|
+
if (!account) throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);
|
|
268
|
+
const provider = ctx.context.socialProviders.find((p) => p.id === providerId);
|
|
269
|
+
if (!provider) throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.PROVIDER_NOT_FOUND);
|
|
270
|
+
try {
|
|
271
|
+
let newTokens = null;
|
|
272
|
+
const accessTokenExpired = account.accessTokenExpiresAt && new Date(account.accessTokenExpiresAt).getTime() - Date.now() < 5e3;
|
|
273
|
+
if (account.refreshToken && accessTokenExpired && provider.refreshAccessToken) {
|
|
274
|
+
const refreshToken = await decryptOAuthToken(account.refreshToken, ctx.context);
|
|
275
|
+
newTokens = await provider.refreshAccessToken(refreshToken);
|
|
276
|
+
const updatedData = {
|
|
277
|
+
accessToken: await setTokenUtil(newTokens.accessToken, ctx.context),
|
|
278
|
+
accessTokenExpiresAt: newTokens.accessTokenExpiresAt,
|
|
279
|
+
refreshToken: await setTokenUtil(newTokens.refreshToken, ctx.context),
|
|
280
|
+
refreshTokenExpiresAt: newTokens.refreshTokenExpiresAt
|
|
281
|
+
};
|
|
282
|
+
let updatedAccount = null;
|
|
283
|
+
if (account.id) updatedAccount = await ctx.context.internalAdapter.updateAccount(account.id, updatedData);
|
|
284
|
+
if (ctx.context.options.account?.storeAccountCookie) await setAccountCookie(ctx, {
|
|
285
|
+
...account,
|
|
286
|
+
...updatedAccount ?? updatedData
|
|
287
|
+
});
|
|
288
|
+
}
|
|
289
|
+
const accessTokenExpiresAt = (() => {
|
|
290
|
+
if (newTokens?.accessTokenExpiresAt) {
|
|
291
|
+
if (typeof newTokens.accessTokenExpiresAt === "string") return new Date(newTokens.accessTokenExpiresAt);
|
|
292
|
+
return newTokens.accessTokenExpiresAt;
|
|
293
|
+
}
|
|
294
|
+
if (account.accessTokenExpiresAt) {
|
|
295
|
+
if (typeof account.accessTokenExpiresAt === "string") return new Date(account.accessTokenExpiresAt);
|
|
296
|
+
return account.accessTokenExpiresAt;
|
|
297
|
+
}
|
|
298
|
+
})();
|
|
299
|
+
const tokens = {
|
|
300
|
+
accessToken: newTokens?.accessToken ?? await decryptOAuthToken(account.accessToken ?? "", ctx.context),
|
|
301
|
+
accessTokenExpiresAt,
|
|
302
|
+
scopes: account.scope?.split(",") ?? [],
|
|
303
|
+
idToken: newTokens?.idToken ?? account.idToken ?? void 0
|
|
304
|
+
};
|
|
305
|
+
return ctx.json(tokens);
|
|
306
|
+
} catch (_error) {
|
|
307
|
+
throw APIError.from("BAD_REQUEST", {
|
|
308
|
+
message: "Failed to get a valid access token",
|
|
309
|
+
code: "FAILED_TO_GET_ACCESS_TOKEN"
|
|
310
|
+
});
|
|
311
|
+
}
|
|
312
|
+
});
|
|
313
|
+
const refreshToken = createAuthEndpoint("/refresh-token", {
|
|
314
|
+
method: "POST",
|
|
315
|
+
body: z.object({
|
|
316
|
+
providerId: z.string().meta({ description: "The provider ID for the OAuth provider" }),
|
|
317
|
+
accountId: z.string().meta({ description: "The account ID associated with the refresh token" }).optional(),
|
|
318
|
+
userId: z.string().meta({ description: "The user ID associated with the account" }).optional()
|
|
319
|
+
}),
|
|
320
|
+
metadata: { openapi: {
|
|
321
|
+
description: "Refresh the access token using a refresh token",
|
|
322
|
+
responses: {
|
|
323
|
+
200: {
|
|
324
|
+
description: "Access token refreshed successfully",
|
|
325
|
+
content: { "application/json": { schema: {
|
|
326
|
+
type: "object",
|
|
327
|
+
properties: {
|
|
328
|
+
tokenType: { type: "string" },
|
|
329
|
+
idToken: { type: "string" },
|
|
330
|
+
accessToken: { type: "string" },
|
|
331
|
+
refreshToken: { type: "string" },
|
|
332
|
+
accessTokenExpiresAt: {
|
|
333
|
+
type: "string",
|
|
334
|
+
format: "date-time"
|
|
335
|
+
},
|
|
336
|
+
refreshTokenExpiresAt: {
|
|
337
|
+
type: "string",
|
|
338
|
+
format: "date-time"
|
|
339
|
+
}
|
|
340
|
+
}
|
|
341
|
+
} } }
|
|
342
|
+
},
|
|
343
|
+
400: { description: "Invalid refresh token or provider configuration" }
|
|
344
|
+
}
|
|
345
|
+
} }
|
|
346
|
+
}, async (ctx) => {
|
|
347
|
+
const { providerId, accountId, userId } = ctx.body;
|
|
348
|
+
const req = ctx.request;
|
|
349
|
+
const session = await getSessionFromCtx(ctx);
|
|
350
|
+
if (req && !session) throw ctx.error("UNAUTHORIZED");
|
|
351
|
+
const resolvedUserId = session?.user?.id || userId;
|
|
352
|
+
if (!resolvedUserId) throw APIError.from("BAD_REQUEST", {
|
|
353
|
+
message: `Either userId or session is required`,
|
|
354
|
+
code: "USER_ID_OR_SESSION_REQUIRED"
|
|
355
|
+
});
|
|
356
|
+
const provider = ctx.context.socialProviders.find((p) => p.id === providerId);
|
|
357
|
+
if (!provider) throw APIError.from("BAD_REQUEST", {
|
|
358
|
+
message: `Provider ${providerId} not found.`,
|
|
359
|
+
code: "PROVIDER_NOT_FOUND"
|
|
360
|
+
});
|
|
361
|
+
if (!provider.refreshAccessToken) throw APIError.from("BAD_REQUEST", {
|
|
362
|
+
message: `Provider ${providerId} does not support token refreshing.`,
|
|
363
|
+
code: "TOKEN_REFRESH_NOT_SUPPORTED"
|
|
364
|
+
});
|
|
365
|
+
let account = void 0;
|
|
366
|
+
const accountData = await getAccountCookie(ctx);
|
|
367
|
+
if (accountData && (!providerId || providerId === accountData?.providerId)) account = accountData;
|
|
368
|
+
else account = (await ctx.context.internalAdapter.findAccounts(resolvedUserId)).find((acc) => accountId ? acc.accountId === accountId && acc.providerId === providerId : acc.providerId === providerId);
|
|
369
|
+
if (!account) throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);
|
|
370
|
+
let refreshToken = void 0;
|
|
371
|
+
if (accountData && providerId === accountData.providerId) refreshToken = accountData.refreshToken ?? void 0;
|
|
372
|
+
else refreshToken = account.refreshToken ?? void 0;
|
|
373
|
+
if (!refreshToken) throw APIError.from("BAD_REQUEST", {
|
|
374
|
+
message: "Refresh token not found",
|
|
375
|
+
code: "REFRESH_TOKEN_NOT_FOUND"
|
|
376
|
+
});
|
|
377
|
+
try {
|
|
378
|
+
const decryptedRefreshToken = await decryptOAuthToken(refreshToken, ctx.context);
|
|
379
|
+
const tokens = await provider.refreshAccessToken(decryptedRefreshToken);
|
|
380
|
+
if (account.id) {
|
|
381
|
+
const updateData = {
|
|
382
|
+
...account || {},
|
|
383
|
+
accessToken: await setTokenUtil(tokens.accessToken, ctx.context),
|
|
384
|
+
refreshToken: await setTokenUtil(tokens.refreshToken, ctx.context),
|
|
385
|
+
accessTokenExpiresAt: tokens.accessTokenExpiresAt,
|
|
386
|
+
refreshTokenExpiresAt: tokens.refreshTokenExpiresAt,
|
|
387
|
+
scope: tokens.scopes?.join(",") || account.scope,
|
|
388
|
+
idToken: tokens.idToken || account.idToken
|
|
389
|
+
};
|
|
390
|
+
await ctx.context.internalAdapter.updateAccount(account.id, updateData);
|
|
391
|
+
}
|
|
392
|
+
if (accountData && providerId === accountData.providerId && ctx.context.options.account?.storeAccountCookie) await setAccountCookie(ctx, {
|
|
393
|
+
...accountData,
|
|
394
|
+
accessToken: await setTokenUtil(tokens.accessToken, ctx.context),
|
|
395
|
+
refreshToken: await setTokenUtil(tokens.refreshToken, ctx.context),
|
|
396
|
+
accessTokenExpiresAt: tokens.accessTokenExpiresAt,
|
|
397
|
+
refreshTokenExpiresAt: tokens.refreshTokenExpiresAt,
|
|
398
|
+
scope: tokens.scopes?.join(",") || accountData.scope,
|
|
399
|
+
idToken: tokens.idToken || accountData.idToken
|
|
400
|
+
});
|
|
401
|
+
return ctx.json({
|
|
402
|
+
accessToken: tokens.accessToken,
|
|
403
|
+
refreshToken: tokens.refreshToken,
|
|
404
|
+
accessTokenExpiresAt: tokens.accessTokenExpiresAt,
|
|
405
|
+
refreshTokenExpiresAt: tokens.refreshTokenExpiresAt,
|
|
406
|
+
scope: tokens.scopes?.join(",") || account.scope,
|
|
407
|
+
idToken: tokens.idToken || account.idToken,
|
|
408
|
+
providerId: account.providerId,
|
|
409
|
+
accountId: account.accountId
|
|
410
|
+
});
|
|
411
|
+
} catch (_error) {
|
|
412
|
+
throw APIError.from("BAD_REQUEST", {
|
|
413
|
+
message: "Failed to refresh access token",
|
|
414
|
+
code: "FAILED_TO_REFRESH_ACCESS_TOKEN"
|
|
415
|
+
});
|
|
416
|
+
}
|
|
417
|
+
});
|
|
418
|
+
const accountInfoQuerySchema = z.optional(z.object({ accountId: z.string().meta({ description: "The provider given account id for which to get the account info" }).optional() }));
|
|
419
|
+
const accountInfo = createAuthEndpoint("/account-info", {
|
|
420
|
+
method: "GET",
|
|
421
|
+
use: [sessionMiddleware],
|
|
422
|
+
metadata: { openapi: {
|
|
423
|
+
description: "Get the account info provided by the provider",
|
|
424
|
+
responses: { "200": {
|
|
425
|
+
description: "Success",
|
|
426
|
+
content: { "application/json": { schema: {
|
|
427
|
+
type: "object",
|
|
428
|
+
properties: {
|
|
429
|
+
user: {
|
|
430
|
+
type: "object",
|
|
431
|
+
properties: {
|
|
432
|
+
id: { type: "string" },
|
|
433
|
+
name: { type: "string" },
|
|
434
|
+
email: { type: "string" },
|
|
435
|
+
image: { type: "string" },
|
|
436
|
+
emailVerified: { type: "boolean" }
|
|
437
|
+
},
|
|
438
|
+
required: ["id", "emailVerified"]
|
|
439
|
+
},
|
|
440
|
+
data: {
|
|
441
|
+
type: "object",
|
|
442
|
+
properties: {},
|
|
443
|
+
additionalProperties: true
|
|
444
|
+
}
|
|
445
|
+
},
|
|
446
|
+
required: ["user", "data"],
|
|
447
|
+
additionalProperties: false
|
|
448
|
+
} } }
|
|
449
|
+
} }
|
|
450
|
+
} },
|
|
451
|
+
query: accountInfoQuerySchema
|
|
452
|
+
}, async (ctx) => {
|
|
453
|
+
const providedAccountId = ctx.query?.accountId;
|
|
454
|
+
let account = void 0;
|
|
455
|
+
if (!providedAccountId) {
|
|
456
|
+
if (ctx.context.options.account?.storeAccountCookie) {
|
|
457
|
+
const accountData = await getAccountCookie(ctx);
|
|
458
|
+
if (accountData) account = accountData;
|
|
459
|
+
}
|
|
460
|
+
} else {
|
|
461
|
+
const accountData = await ctx.context.internalAdapter.findAccount(providedAccountId);
|
|
462
|
+
if (accountData) account = accountData;
|
|
463
|
+
}
|
|
464
|
+
if (!account || account.userId !== ctx.context.session.user.id) throw APIError.from("BAD_REQUEST", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);
|
|
465
|
+
const provider = ctx.context.socialProviders.find((p) => p.id === account.providerId);
|
|
466
|
+
if (!provider) throw APIError.from("INTERNAL_SERVER_ERROR", {
|
|
467
|
+
message: `Provider account provider is ${account.providerId} but it is not configured`,
|
|
468
|
+
code: "PROVIDER_NOT_CONFIGURED"
|
|
469
|
+
});
|
|
470
|
+
const tokens = await getAccessToken({
|
|
471
|
+
...ctx,
|
|
472
|
+
method: "POST",
|
|
473
|
+
body: {
|
|
474
|
+
accountId: account.id,
|
|
475
|
+
providerId: account.providerId
|
|
476
|
+
},
|
|
477
|
+
returnHeaders: false,
|
|
478
|
+
returnStatus: false
|
|
479
|
+
});
|
|
480
|
+
if (!tokens.accessToken) throw APIError.from("BAD_REQUEST", {
|
|
481
|
+
message: "Access token not found",
|
|
482
|
+
code: "ACCESS_TOKEN_NOT_FOUND"
|
|
483
|
+
});
|
|
484
|
+
const info = await provider.getUserInfo({
|
|
485
|
+
...tokens,
|
|
486
|
+
accessToken: tokens.accessToken
|
|
487
|
+
});
|
|
488
|
+
return ctx.json(info);
|
|
489
|
+
});
|
|
490
|
+
|
|
491
|
+
//#endregion
|
|
492
|
+
export { accountInfo, getAccessToken, linkSocialAccount, listUserAccounts, refreshToken, unlinkAccount };
|
|
493
|
+
//# sourceMappingURL=account.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"account.mjs","names":[],"sources":["../../../src/api/routes/account.ts"],"sourcesContent":["import { createAuthEndpoint } from \"@better-auth/core/api\";\nimport type { Account } from \"@better-auth/core/db\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport type { OAuth2Tokens } from \"@better-auth/core/oauth2\";\nimport { SocialProviderListEnum } from \"@better-auth/core/social-providers\";\n\nimport * as z from \"zod\";\nimport {\n\tgetAccountCookie,\n\tsetAccountCookie,\n} from \"../../cookies/session-store\";\nimport { parseAccountOutput } from \"../../db/schema\";\nimport { generateState } from \"../../oauth2/state\";\nimport { decryptOAuthToken, setTokenUtil } from \"../../oauth2/utils\";\nimport {\n\tfreshSessionMiddleware,\n\tgetSessionFromCtx,\n\tsessionMiddleware,\n} from \"./session\";\n\nexport const listUserAccounts = createAuthEndpoint(\n\t\"/list-accounts\",\n\t{\n\t\tmethod: \"GET\",\n\t\tuse: [sessionMiddleware],\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\toperationId: \"listUserAccounts\",\n\t\t\t\tdescription: \"List all accounts linked to the user\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tid: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tproviderId: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tupdatedAt: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\taccountId: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuserId: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tscopes: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\n\t\t\t\t\t\t\t\t\t\t\t\"id\",\n\t\t\t\t\t\t\t\t\t\t\t\"providerId\",\n\t\t\t\t\t\t\t\t\t\t\t\"createdAt\",\n\t\t\t\t\t\t\t\t\t\t\t\"updatedAt\",\n\t\t\t\t\t\t\t\t\t\t\t\"accountId\",\n\t\t\t\t\t\t\t\t\t\t\t\"userId\",\n\t\t\t\t\t\t\t\t\t\t\t\"scopes\",\n\t\t\t\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (c) => {\n\t\tconst session = c.context.session;\n\t\tconst accounts = await c.context.internalAdapter.findAccounts(\n\t\t\tsession.user.id,\n\t\t);\n\t\treturn c.json(\n\t\t\taccounts.map((a) => {\n\t\t\t\tconst { scope, ...parsed } = parseAccountOutput(c.context.options, a);\n\t\t\t\treturn {\n\t\t\t\t\t...parsed,\n\t\t\t\t\tscopes: scope?.split(\",\") || [],\n\t\t\t\t};\n\t\t\t}),\n\t\t);\n\t},\n);\n\nexport const linkSocialAccount = createAuthEndpoint(\n\t\"/link-social\",\n\t{\n\t\tmethod: \"POST\",\n\t\trequireHeaders: true,\n\t\tbody: z.object({\n\t\t\t/**\n\t\t\t * Callback URL to redirect to after the user has signed in.\n\t\t\t */\n\t\t\tcallbackURL: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The URL to redirect to after the user has signed in\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * OAuth2 provider to use\n\t\t\t */\n\t\t\tprovider: SocialProviderListEnum,\n\t\t\t/**\n\t\t\t * ID Token for direct authentication without redirect\n\t\t\t */\n\t\t\tidToken: z\n\t\t\t\t.object({\n\t\t\t\t\ttoken: z.string(),\n\t\t\t\t\tnonce: z.string().optional(),\n\t\t\t\t\taccessToken: z.string().optional(),\n\t\t\t\t\trefreshToken: z.string().optional(),\n\t\t\t\t\tscopes: z.array(z.string()).optional(),\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * Whether to allow sign up for new users\n\t\t\t */\n\t\t\trequestSignUp: z.boolean().optional(),\n\t\t\t/**\n\t\t\t * Additional scopes to request when linking the account.\n\t\t\t * This is useful for requesting additional permissions when\n\t\t\t * linking a social account compared to the initial authentication.\n\t\t\t */\n\t\t\tscopes: z\n\t\t\t\t.array(z.string())\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"Additional scopes to request from the provider\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * The URL to redirect to if there is an error during the link process.\n\t\t\t */\n\t\t\terrorCallbackURL: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription:\n\t\t\t\t\t\t\"The URL to redirect to if there is an error during the link process\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * Disable automatic redirection to the provider\n\t\t\t *\n\t\t\t * This is useful if you want to handle the redirection\n\t\t\t * yourself like in a popup or a different tab.\n\t\t\t */\n\t\t\tdisableRedirect: z\n\t\t\t\t.boolean()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription:\n\t\t\t\t\t\t\"Disable automatic redirection to the provider. Useful for handling the redirection yourself\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\t/**\n\t\t\t * Any additional data to pass through the oauth flow.\n\t\t\t */\n\t\t\tadditionalData: z.record(z.string(), z.any()).optional(),\n\t\t}),\n\t\tuse: [sessionMiddleware],\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Link a social account to the user\",\n\t\t\t\toperationId: \"linkSocialAccount\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\turl: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\"The authorization URL to redirect the user to\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tredirect: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\t\t\t\t\t\"Indicates if the user should be redirected to the authorization URL\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"redirect\"],\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (c) => {\n\t\tconst session = c.context.session;\n\n\t\tconst provider = c.context.socialProviders.find(\n\t\t\t(p) => p.id === c.body.provider,\n\t\t);\n\n\t\tif (!provider) {\n\t\t\tc.context.logger.error(\n\t\t\t\t\"Provider not found. Make sure to add the provider in your auth config\",\n\t\t\t\t{\n\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t},\n\t\t\t);\n\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.PROVIDER_NOT_FOUND);\n\t\t}\n\n\t\t// Handle ID Token flow if provided\n\t\tif (c.body.idToken) {\n\t\t\tif (!provider.verifyIdToken) {\n\t\t\t\tc.context.logger.error(\n\t\t\t\t\t\"Provider does not support id token verification\",\n\t\t\t\t\t{\n\t\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"NOT_FOUND\",\n\t\t\t\t\tBASE_ERROR_CODES.ID_TOKEN_NOT_SUPPORTED,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst { token, nonce } = c.body.idToken;\n\t\t\tconst valid = await provider.verifyIdToken(token, nonce);\n\t\t\tif (!valid) {\n\t\t\t\tc.context.logger.error(\"Invalid id token\", {\n\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t});\n\t\t\t\tthrow APIError.from(\"UNAUTHORIZED\", BASE_ERROR_CODES.INVALID_TOKEN);\n\t\t\t}\n\n\t\t\tconst linkingUserInfo = await provider.getUserInfo({\n\t\t\t\tidToken: token,\n\t\t\t\taccessToken: c.body.idToken.accessToken,\n\t\t\t\trefreshToken: c.body.idToken.refreshToken,\n\t\t\t});\n\n\t\t\tif (!linkingUserInfo || !linkingUserInfo?.user) {\n\t\t\t\tc.context.logger.error(\"Failed to get user info\", {\n\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t});\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.FAILED_TO_GET_USER_INFO,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst linkingUserId = String(linkingUserInfo.user.id);\n\n\t\t\tif (!linkingUserInfo.user.email) {\n\t\t\t\tc.context.logger.error(\"User email not found\", {\n\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t});\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"UNAUTHORIZED\",\n\t\t\t\t\tBASE_ERROR_CODES.USER_EMAIL_NOT_FOUND,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst existingAccounts = await c.context.internalAdapter.findAccounts(\n\t\t\t\tsession.user.id,\n\t\t\t);\n\n\t\t\tconst hasBeenLinked = existingAccounts.find(\n\t\t\t\t(a) => a.providerId === provider.id && a.accountId === linkingUserId,\n\t\t\t);\n\n\t\t\tif (hasBeenLinked) {\n\t\t\t\treturn c.json({\n\t\t\t\t\turl: \"\", // this is for type inference\n\t\t\t\t\tstatus: true,\n\t\t\t\t\tredirect: false,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tconst trustedProviders =\n\t\t\t\tc.context.options.account?.accountLinking?.trustedProviders;\n\n\t\t\tconst isTrustedProvider = trustedProviders?.includes(provider.id);\n\t\t\tif (\n\t\t\t\t(!isTrustedProvider && !linkingUserInfo.user.emailVerified) ||\n\t\t\t\tc.context.options.account?.accountLinking?.enabled === false\n\t\t\t) {\n\t\t\t\tthrow APIError.from(\"UNAUTHORIZED\", {\n\t\t\t\t\tmessage: \"Account not linked - linking not allowed\",\n\t\t\t\t\tcode: \"LINKING_NOT_ALLOWED\",\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (\n\t\t\t\tlinkingUserInfo.user.email !== session.user.email &&\n\t\t\t\tc.context.options.account?.accountLinking?.allowDifferentEmails !== true\n\t\t\t) {\n\t\t\t\tthrow APIError.from(\"UNAUTHORIZED\", {\n\t\t\t\t\tmessage: \"Account not linked - different emails not allowed\",\n\t\t\t\t\tcode: \"LINKING_DIFFERENT_EMAILS_NOT_ALLOWED\",\n\t\t\t\t});\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tawait c.context.internalAdapter.createAccount({\n\t\t\t\t\tuserId: session.user.id,\n\t\t\t\t\tproviderId: provider.id,\n\t\t\t\t\taccountId: linkingUserId,\n\t\t\t\t\taccessToken: c.body.idToken.accessToken,\n\t\t\t\t\tidToken: token,\n\t\t\t\t\trefreshToken: c.body.idToken.refreshToken,\n\t\t\t\t\tscope: c.body.idToken.scopes?.join(\",\"),\n\t\t\t\t});\n\t\t\t} catch (_e: any) {\n\t\t\t\tthrow APIError.from(\"EXPECTATION_FAILED\", {\n\t\t\t\t\tmessage: \"Account not linked - unable to create account\",\n\t\t\t\t\tcode: \"LINKING_FAILED\",\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (\n\t\t\t\tc.context.options.account?.accountLinking?.updateUserInfoOnLink === true\n\t\t\t) {\n\t\t\t\ttry {\n\t\t\t\t\tawait c.context.internalAdapter.updateUser(session.user.id, {\n\t\t\t\t\t\tname: linkingUserInfo.user?.name,\n\t\t\t\t\t\timage: linkingUserInfo.user?.image,\n\t\t\t\t\t});\n\t\t\t\t} catch (e: any) {\n\t\t\t\t\tconsole.warn(\"Could not update user - \" + e.toString());\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn c.json({\n\t\t\t\turl: \"\", // this is for type inference\n\t\t\t\tstatus: true,\n\t\t\t\tredirect: false,\n\t\t\t});\n\t\t}\n\n\t\t// Handle OAuth flow\n\t\tconst state = await generateState(\n\t\t\tc,\n\t\t\t{\n\t\t\t\tuserId: session.user.id,\n\t\t\t\temail: session.user.email,\n\t\t\t},\n\t\t\tc.body.additionalData,\n\t\t);\n\n\t\tconst url = await provider.createAuthorizationURL({\n\t\t\tstate: state.state,\n\t\t\tcodeVerifier: state.codeVerifier,\n\t\t\tredirectURI: `${c.context.baseURL}/callback/${provider.id}`,\n\t\t\tscopes: c.body.scopes,\n\t\t});\n\n\t\tif (!c.body.disableRedirect) {\n\t\t\tc.setHeader(\"Location\", url.toString());\n\t\t}\n\n\t\treturn c.json({\n\t\t\turl: url.toString(),\n\t\t\tredirect: !c.body.disableRedirect,\n\t\t});\n\t},\n);\nexport const unlinkAccount = createAuthEndpoint(\n\t\"/unlink-account\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tproviderId: z.string(),\n\t\t\taccountId: z.string().optional(),\n\t\t}),\n\t\tuse: [freshSessionMiddleware],\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Unlink an account\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst { providerId, accountId } = ctx.body;\n\t\tconst accounts = await ctx.context.internalAdapter.findAccounts(\n\t\t\tctx.context.session.user.id,\n\t\t);\n\t\tif (\n\t\t\taccounts.length === 1 &&\n\t\t\t!ctx.context.options.account?.accountLinking?.allowUnlinkingAll\n\t\t) {\n\t\t\tthrow APIError.from(\n\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\tBASE_ERROR_CODES.FAILED_TO_UNLINK_LAST_ACCOUNT,\n\t\t\t);\n\t\t}\n\t\tconst accountExist = accounts.find((account) =>\n\t\t\taccountId\n\t\t\t\t? account.accountId === accountId && account.providerId === providerId\n\t\t\t\t: account.providerId === providerId,\n\t\t);\n\t\tif (!accountExist) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);\n\t\t}\n\t\tawait ctx.context.internalAdapter.deleteAccount(accountExist.id);\n\t\treturn ctx.json({\n\t\t\tstatus: true,\n\t\t});\n\t},\n);\n\nexport const getAccessToken = createAuthEndpoint(\n\t\"/get-access-token\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tproviderId: z.string().meta({\n\t\t\t\tdescription: \"The provider ID for the OAuth provider\",\n\t\t\t}),\n\t\t\taccountId: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The account ID associated with the refresh token\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\tuserId: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The user ID associated with the account\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t}),\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Get a valid access token, doing a refresh if needed\",\n\t\t\t\tresponses: {\n\t\t\t\t\t200: {\n\t\t\t\t\t\tdescription: \"A Valid access token\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\ttokenType: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tidToken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\taccessToken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\taccessTokenExpiresAt: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t400: {\n\t\t\t\t\t\tdescription: \"Invalid refresh token or provider configuration\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst { providerId, accountId, userId } = ctx.body || {};\n\t\tconst req = ctx.request;\n\t\tconst session = await getSessionFromCtx(ctx);\n\t\tif (req && !session) {\n\t\t\tthrow ctx.error(\"UNAUTHORIZED\");\n\t\t}\n\t\tconst resolvedUserId = session?.user?.id || userId;\n\t\tif (!resolvedUserId) {\n\t\t\tthrow ctx.error(\"UNAUTHORIZED\");\n\t\t}\n\t\tif (!ctx.context.socialProviders.find((p) => p.id === providerId)) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: `Provider ${providerId} is not supported.`,\n\t\t\t\tcode: \"PROVIDER_NOT_SUPPORTED\",\n\t\t\t});\n\t\t}\n\t\tconst accountData = await getAccountCookie(ctx);\n\t\tlet account: Account | undefined = undefined;\n\t\tif (\n\t\t\taccountData &&\n\t\t\tproviderId === accountData.providerId &&\n\t\t\t(!accountId || accountData.id === accountId)\n\t\t) {\n\t\t\taccount = accountData;\n\t\t} else {\n\t\t\tconst accounts =\n\t\t\t\tawait ctx.context.internalAdapter.findAccounts(resolvedUserId);\n\t\t\taccount = accounts.find((acc) =>\n\t\t\t\taccountId\n\t\t\t\t\t? acc.accountId === accountId && acc.providerId === providerId\n\t\t\t\t\t: acc.providerId === providerId,\n\t\t\t);\n\t\t}\n\n\t\tif (!account) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);\n\t\t}\n\t\tconst provider = ctx.context.socialProviders.find(\n\t\t\t(p) => p.id === providerId,\n\t\t);\n\t\tif (!provider) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PROVIDER_NOT_FOUND);\n\t\t}\n\n\t\ttry {\n\t\t\tlet newTokens: OAuth2Tokens | null = null;\n\t\t\tconst accessTokenExpired =\n\t\t\t\taccount.accessTokenExpiresAt &&\n\t\t\t\tnew Date(account.accessTokenExpiresAt).getTime() - Date.now() < 5_000;\n\t\t\tif (\n\t\t\t\taccount.refreshToken &&\n\t\t\t\taccessTokenExpired &&\n\t\t\t\tprovider.refreshAccessToken\n\t\t\t) {\n\t\t\t\tconst refreshToken = await decryptOAuthToken(\n\t\t\t\t\taccount.refreshToken,\n\t\t\t\t\tctx.context,\n\t\t\t\t);\n\t\t\t\tnewTokens = await provider.refreshAccessToken(refreshToken);\n\t\t\t\tconst updatedData = {\n\t\t\t\t\taccessToken: await setTokenUtil(newTokens.accessToken, ctx.context),\n\t\t\t\t\taccessTokenExpiresAt: newTokens.accessTokenExpiresAt,\n\t\t\t\t\trefreshToken: await setTokenUtil(newTokens.refreshToken, ctx.context),\n\t\t\t\t\trefreshTokenExpiresAt: newTokens.refreshTokenExpiresAt,\n\t\t\t\t};\n\t\t\t\tlet updatedAccount: Record<string, any> | null = null;\n\t\t\t\tif (account.id) {\n\t\t\t\t\tupdatedAccount = await ctx.context.internalAdapter.updateAccount(\n\t\t\t\t\t\taccount.id,\n\t\t\t\t\t\tupdatedData,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tif (ctx.context.options.account?.storeAccountCookie) {\n\t\t\t\t\tawait setAccountCookie(ctx, {\n\t\t\t\t\t\t...account,\n\t\t\t\t\t\t...(updatedAccount ?? updatedData),\n\t\t\t\t\t});\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst accessTokenExpiresAt = (() => {\n\t\t\t\tif (newTokens?.accessTokenExpiresAt) {\n\t\t\t\t\tif (typeof newTokens.accessTokenExpiresAt === \"string\") {\n\t\t\t\t\t\treturn new Date(newTokens.accessTokenExpiresAt);\n\t\t\t\t\t}\n\t\t\t\t\treturn newTokens.accessTokenExpiresAt;\n\t\t\t\t}\n\t\t\t\tif (account.accessTokenExpiresAt) {\n\t\t\t\t\tif (typeof account.accessTokenExpiresAt === \"string\") {\n\t\t\t\t\t\treturn new Date(account.accessTokenExpiresAt);\n\t\t\t\t\t}\n\t\t\t\t\treturn account.accessTokenExpiresAt;\n\t\t\t\t}\n\t\t\t\treturn undefined;\n\t\t\t})();\n\n\t\t\tconst tokens = {\n\t\t\t\taccessToken:\n\t\t\t\t\tnewTokens?.accessToken ??\n\t\t\t\t\t(await decryptOAuthToken(account.accessToken ?? \"\", ctx.context)),\n\t\t\t\taccessTokenExpiresAt,\n\t\t\t\tscopes: account.scope?.split(\",\") ?? [],\n\t\t\t\tidToken: newTokens?.idToken ?? account.idToken ?? undefined,\n\t\t\t};\n\t\t\treturn ctx.json(tokens);\n\t\t} catch (_error) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Failed to get a valid access token\",\n\t\t\t\tcode: \"FAILED_TO_GET_ACCESS_TOKEN\",\n\t\t\t});\n\t\t}\n\t},\n);\n\nexport const refreshToken = createAuthEndpoint(\n\t\"/refresh-token\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tproviderId: z.string().meta({\n\t\t\t\tdescription: \"The provider ID for the OAuth provider\",\n\t\t\t}),\n\t\t\taccountId: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The account ID associated with the refresh token\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t\tuserId: z\n\t\t\t\t.string()\n\t\t\t\t.meta({\n\t\t\t\t\tdescription: \"The user ID associated with the account\",\n\t\t\t\t})\n\t\t\t\t.optional(),\n\t\t}),\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Refresh the access token using a refresh token\",\n\t\t\t\tresponses: {\n\t\t\t\t\t200: {\n\t\t\t\t\t\tdescription: \"Access token refreshed successfully\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\ttokenType: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tidToken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\taccessToken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trefreshToken: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\taccessTokenExpiresAt: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trefreshTokenExpiresAt: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\tformat: \"date-time\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t400: {\n\t\t\t\t\t\tdescription: \"Invalid refresh token or provider configuration\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t},\n\tasync (ctx) => {\n\t\tconst { providerId, accountId, userId } = ctx.body;\n\t\tconst req = ctx.request;\n\t\tconst session = await getSessionFromCtx(ctx);\n\t\tif (req && !session) {\n\t\t\tthrow ctx.error(\"UNAUTHORIZED\");\n\t\t}\n\t\tconst resolvedUserId = session?.user?.id || userId;\n\t\tif (!resolvedUserId) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: `Either userId or session is required`,\n\t\t\t\tcode: \"USER_ID_OR_SESSION_REQUIRED\",\n\t\t\t});\n\t\t}\n\t\tconst provider = ctx.context.socialProviders.find(\n\t\t\t(p) => p.id === providerId,\n\t\t);\n\t\tif (!provider) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: `Provider ${providerId} not found.`,\n\t\t\t\tcode: \"PROVIDER_NOT_FOUND\",\n\t\t\t});\n\t\t}\n\t\tif (!provider.refreshAccessToken) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: `Provider ${providerId} does not support token refreshing.`,\n\t\t\t\tcode: \"TOKEN_REFRESH_NOT_SUPPORTED\",\n\t\t\t});\n\t\t}\n\n\t\t// Try to read refresh token from cookie first\n\t\tlet account: Account | undefined = undefined;\n\t\tconst accountData = await getAccountCookie(ctx);\n\t\tif (\n\t\t\taccountData &&\n\t\t\t(!providerId || providerId === accountData?.providerId)\n\t\t) {\n\t\t\taccount = accountData;\n\t\t} else {\n\t\t\tconst accounts =\n\t\t\t\tawait ctx.context.internalAdapter.findAccounts(resolvedUserId);\n\t\t\taccount = accounts.find((acc) =>\n\t\t\t\taccountId\n\t\t\t\t\t? acc.accountId === accountId && acc.providerId === providerId\n\t\t\t\t\t: acc.providerId === providerId,\n\t\t\t);\n\t\t}\n\n\t\tif (!account) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);\n\t\t}\n\n\t\tlet refreshToken: string | null | undefined = undefined;\n\t\tif (accountData && providerId === accountData.providerId) {\n\t\t\trefreshToken = accountData.refreshToken ?? undefined;\n\t\t} else {\n\t\t\trefreshToken = account.refreshToken ?? undefined;\n\t\t}\n\n\t\tif (!refreshToken) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Refresh token not found\",\n\t\t\t\tcode: \"REFRESH_TOKEN_NOT_FOUND\",\n\t\t\t});\n\t\t}\n\n\t\ttry {\n\t\t\tconst decryptedRefreshToken = await decryptOAuthToken(\n\t\t\t\trefreshToken,\n\t\t\t\tctx.context,\n\t\t\t);\n\t\t\tconst tokens: OAuth2Tokens = await provider.refreshAccessToken(\n\t\t\t\tdecryptedRefreshToken,\n\t\t\t);\n\n\t\t\tif (account.id) {\n\t\t\t\tconst updateData = {\n\t\t\t\t\t...(account || {}),\n\t\t\t\t\taccessToken: await setTokenUtil(tokens.accessToken, ctx.context),\n\t\t\t\t\trefreshToken: await setTokenUtil(tokens.refreshToken, ctx.context),\n\t\t\t\t\taccessTokenExpiresAt: tokens.accessTokenExpiresAt,\n\t\t\t\t\trefreshTokenExpiresAt: tokens.refreshTokenExpiresAt,\n\t\t\t\t\tscope: tokens.scopes?.join(\",\") || account.scope,\n\t\t\t\t\tidToken: tokens.idToken || account.idToken,\n\t\t\t\t};\n\t\t\t\tawait ctx.context.internalAdapter.updateAccount(account.id, updateData);\n\t\t\t}\n\n\t\t\tif (\n\t\t\t\taccountData &&\n\t\t\t\tproviderId === accountData.providerId &&\n\t\t\t\tctx.context.options.account?.storeAccountCookie\n\t\t\t) {\n\t\t\t\tconst updateData = {\n\t\t\t\t\t...accountData,\n\t\t\t\t\taccessToken: await setTokenUtil(tokens.accessToken, ctx.context),\n\t\t\t\t\trefreshToken: await setTokenUtil(tokens.refreshToken, ctx.context),\n\t\t\t\t\taccessTokenExpiresAt: tokens.accessTokenExpiresAt,\n\t\t\t\t\trefreshTokenExpiresAt: tokens.refreshTokenExpiresAt,\n\t\t\t\t\tscope: tokens.scopes?.join(\",\") || accountData.scope,\n\t\t\t\t\tidToken: tokens.idToken || accountData.idToken,\n\t\t\t\t};\n\t\t\t\tawait setAccountCookie(ctx, updateData);\n\t\t\t}\n\t\t\treturn ctx.json({\n\t\t\t\taccessToken: tokens.accessToken,\n\t\t\t\trefreshToken: tokens.refreshToken,\n\t\t\t\taccessTokenExpiresAt: tokens.accessTokenExpiresAt,\n\t\t\t\trefreshTokenExpiresAt: tokens.refreshTokenExpiresAt,\n\t\t\t\tscope: tokens.scopes?.join(\",\") || account.scope,\n\t\t\t\tidToken: tokens.idToken || account.idToken,\n\t\t\t\tproviderId: account.providerId,\n\t\t\t\taccountId: account.accountId,\n\t\t\t});\n\t\t} catch (_error) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Failed to refresh access token\",\n\t\t\t\tcode: \"FAILED_TO_REFRESH_ACCESS_TOKEN\",\n\t\t\t});\n\t\t}\n\t},\n);\n\nconst accountInfoQuerySchema = z.optional(\n\tz.object({\n\t\taccountId: z\n\t\t\t.string()\n\t\t\t.meta({\n\t\t\t\tdescription:\n\t\t\t\t\t\"The provider given account id for which to get the account info\",\n\t\t\t})\n\t\t\t.optional(),\n\t}),\n);\n\nexport const accountInfo = createAuthEndpoint(\n\t\"/account-info\",\n\t{\n\t\tmethod: \"GET\",\n\t\tuse: [sessionMiddleware],\n\t\tmetadata: {\n\t\t\topenapi: {\n\t\t\t\tdescription: \"Get the account info provided by the provider\",\n\t\t\t\tresponses: {\n\t\t\t\t\t\"200\": {\n\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\t\tid: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\tname: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\temail: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\timage: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\temailVerified: {\n\t\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\trequired: [\"id\", \"emailVerified\"],\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tdata: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tproperties: {},\n\t\t\t\t\t\t\t\t\t\t\tadditionalProperties: true,\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"user\", \"data\"],\n\t\t\t\t\t\t\t\t\tadditionalProperties: false,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tquery: accountInfoQuerySchema,\n\t},\n\tasync (ctx) => {\n\t\tconst providedAccountId = ctx.query?.accountId;\n\t\tlet account: Account | undefined = undefined;\n\t\tif (!providedAccountId) {\n\t\t\tif (ctx.context.options.account?.storeAccountCookie) {\n\t\t\t\tconst accountData = await getAccountCookie(ctx);\n\t\t\t\tif (accountData) {\n\t\t\t\t\taccount = accountData;\n\t\t\t\t}\n\t\t\t}\n\t\t} else {\n\t\t\tconst accountData =\n\t\t\t\tawait ctx.context.internalAdapter.findAccount(providedAccountId);\n\t\t\tif (accountData) {\n\t\t\t\taccount = accountData;\n\t\t\t}\n\t\t}\n\n\t\tif (!account || account.userId !== ctx.context.session.user.id) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);\n\t\t}\n\n\t\tconst provider = ctx.context.socialProviders.find(\n\t\t\t(p) => p.id === account.providerId,\n\t\t);\n\n\t\tif (!provider) {\n\t\t\tthrow APIError.from(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\tmessage: `Provider account provider is ${account.providerId} but it is not configured`,\n\t\t\t\tcode: \"PROVIDER_NOT_CONFIGURED\",\n\t\t\t});\n\t\t}\n\t\tconst tokens = await getAccessToken({\n\t\t\t...ctx,\n\t\t\tmethod: \"POST\",\n\t\t\tbody: {\n\t\t\t\taccountId: account.id,\n\t\t\t\tproviderId: account.providerId,\n\t\t\t},\n\t\t\treturnHeaders: false,\n\t\t\treturnStatus: false,\n\t\t});\n\t\tif (!tokens.accessToken) {\n\t\t\tthrow APIError.from(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Access token not found\",\n\t\t\t\tcode: \"ACCESS_TOKEN_NOT_FOUND\",\n\t\t\t});\n\t\t}\n\t\tconst info = await provider.getUserInfo({\n\t\t\t...tokens,\n\t\t\taccessToken: tokens.accessToken as string,\n\t\t});\n\t\treturn ctx.json(info);\n\t},\n);\n"],"mappings":";;;;;;;;;;;AAoBA,MAAa,mBAAmB,mBAC/B,kBACA;CACC,QAAQ;CACR,KAAK,CAAC,kBAAkB;CACxB,UAAU,EACT,SAAS;EACR,aAAa;EACb,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,OAAO;KACN,MAAM;KACN,YAAY;MACX,IAAI,EACH,MAAM,UACN;MACD,YAAY,EACX,MAAM,UACN;MACD,WAAW;OACV,MAAM;OACN,QAAQ;OACR;MACD,WAAW;OACV,MAAM;OACN,QAAQ;OACR;MACD,WAAW,EACV,MAAM,UACN;MACD,QAAQ,EACP,MAAM,UACN;MACD,QAAQ;OACP,MAAM;OACN,OAAO,EACN,MAAM,UACN;OACD;MACD;KACD,UAAU;MACT;MACA;MACA;MACA;MACA;MACA;MACA;MACA;KACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,MAAM;CACZ,MAAM,UAAU,EAAE,QAAQ;CAC1B,MAAM,WAAW,MAAM,EAAE,QAAQ,gBAAgB,aAChD,QAAQ,KAAK,GACb;AACD,QAAO,EAAE,KACR,SAAS,KAAK,MAAM;EACnB,MAAM,EAAE,OAAO,GAAG,WAAW,mBAAmB,EAAE,QAAQ,SAAS,EAAE;AACrE,SAAO;GACN,GAAG;GACH,QAAQ,OAAO,MAAM,IAAI,IAAI,EAAE;GAC/B;GACA,CACF;EAEF;AAED,MAAa,oBAAoB,mBAChC,gBACA;CACC,QAAQ;CACR,gBAAgB;CAChB,MAAM,EAAE,OAAO;EAId,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,uDACb,CAAC,CACD,UAAU;EAIZ,UAAU;EAIV,SAAS,EACP,OAAO;GACP,OAAO,EAAE,QAAQ;GACjB,OAAO,EAAE,QAAQ,CAAC,UAAU;GAC5B,aAAa,EAAE,QAAQ,CAAC,UAAU;GAClC,cAAc,EAAE,QAAQ,CAAC,UAAU;GACnC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,UAAU;GACtC,CAAC,CACD,UAAU;EAIZ,eAAe,EAAE,SAAS,CAAC,UAAU;EAMrC,QAAQ,EACN,MAAM,EAAE,QAAQ,CAAC,CACjB,KAAK,EACL,aAAa,kDACb,CAAC,CACD,UAAU;EAIZ,kBAAkB,EAChB,QAAQ,CACR,KAAK,EACL,aACC,uEACD,CAAC,CACD,UAAU;EAOZ,iBAAiB,EACf,SAAS,CACT,KAAK,EACL,aACC,+FACD,CAAC,CACD,UAAU;EAIZ,gBAAgB,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,UAAU;EACxD,CAAC;CACF,KAAK,CAAC,kBAAkB;CACxB,UAAU,EACT,SAAS;EACR,aAAa;EACb,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,KAAK;MACJ,MAAM;MACN,aACC;MACD;KACD,UAAU;MACT,MAAM;MACN,aACC;MACD;KACD,QAAQ,EACP,MAAM,WACN;KACD;IACD,UAAU,CAAC,WAAW;IACtB,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,MAAM;CACZ,MAAM,UAAU,EAAE,QAAQ;CAE1B,MAAM,WAAW,EAAE,QAAQ,gBAAgB,MACzC,MAAM,EAAE,OAAO,EAAE,KAAK,SACvB;AAED,KAAI,CAAC,UAAU;AACd,IAAE,QAAQ,OAAO,MAChB,yEACA,EACC,UAAU,EAAE,KAAK,UACjB,CACD;AACD,QAAM,SAAS,KAAK,aAAa,iBAAiB,mBAAmB;;AAItE,KAAI,EAAE,KAAK,SAAS;AACnB,MAAI,CAAC,SAAS,eAAe;AAC5B,KAAE,QAAQ,OAAO,MAChB,mDACA,EACC,UAAU,EAAE,KAAK,UACjB,CACD;AACD,SAAM,SAAS,KACd,aACA,iBAAiB,uBACjB;;EAGF,MAAM,EAAE,OAAO,UAAU,EAAE,KAAK;AAEhC,MAAI,CADU,MAAM,SAAS,cAAc,OAAO,MAAM,EAC5C;AACX,KAAE,QAAQ,OAAO,MAAM,oBAAoB,EAC1C,UAAU,EAAE,KAAK,UACjB,CAAC;AACF,SAAM,SAAS,KAAK,gBAAgB,iBAAiB,cAAc;;EAGpE,MAAM,kBAAkB,MAAM,SAAS,YAAY;GAClD,SAAS;GACT,aAAa,EAAE,KAAK,QAAQ;GAC5B,cAAc,EAAE,KAAK,QAAQ;GAC7B,CAAC;AAEF,MAAI,CAAC,mBAAmB,CAAC,iBAAiB,MAAM;AAC/C,KAAE,QAAQ,OAAO,MAAM,2BAA2B,EACjD,UAAU,EAAE,KAAK,UACjB,CAAC;AACF,SAAM,SAAS,KACd,gBACA,iBAAiB,wBACjB;;EAGF,MAAM,gBAAgB,OAAO,gBAAgB,KAAK,GAAG;AAErD,MAAI,CAAC,gBAAgB,KAAK,OAAO;AAChC,KAAE,QAAQ,OAAO,MAAM,wBAAwB,EAC9C,UAAU,EAAE,KAAK,UACjB,CAAC;AACF,SAAM,SAAS,KACd,gBACA,iBAAiB,qBACjB;;AAWF,OARyB,MAAM,EAAE,QAAQ,gBAAgB,aACxD,QAAQ,KAAK,GACb,EAEsC,MACrC,MAAM,EAAE,eAAe,SAAS,MAAM,EAAE,cAAc,cACvD,CAGA,QAAO,EAAE,KAAK;GACb,KAAK;GACL,QAAQ;GACR,UAAU;GACV,CAAC;AAOH,MACE,EAJD,EAAE,QAAQ,QAAQ,SAAS,gBAAgB,mBAEA,SAAS,SAAS,GAAG,IAEzC,CAAC,gBAAgB,KAAK,iBAC7C,EAAE,QAAQ,QAAQ,SAAS,gBAAgB,YAAY,MAEvD,OAAM,SAAS,KAAK,gBAAgB;GACnC,SAAS;GACT,MAAM;GACN,CAAC;AAGH,MACC,gBAAgB,KAAK,UAAU,QAAQ,KAAK,SAC5C,EAAE,QAAQ,QAAQ,SAAS,gBAAgB,yBAAyB,KAEpE,OAAM,SAAS,KAAK,gBAAgB;GACnC,SAAS;GACT,MAAM;GACN,CAAC;AAGH,MAAI;AACH,SAAM,EAAE,QAAQ,gBAAgB,cAAc;IAC7C,QAAQ,QAAQ,KAAK;IACrB,YAAY,SAAS;IACrB,WAAW;IACX,aAAa,EAAE,KAAK,QAAQ;IAC5B,SAAS;IACT,cAAc,EAAE,KAAK,QAAQ;IAC7B,OAAO,EAAE,KAAK,QAAQ,QAAQ,KAAK,IAAI;IACvC,CAAC;WACM,IAAS;AACjB,SAAM,SAAS,KAAK,sBAAsB;IACzC,SAAS;IACT,MAAM;IACN,CAAC;;AAGH,MACC,EAAE,QAAQ,QAAQ,SAAS,gBAAgB,yBAAyB,KAEpE,KAAI;AACH,SAAM,EAAE,QAAQ,gBAAgB,WAAW,QAAQ,KAAK,IAAI;IAC3D,MAAM,gBAAgB,MAAM;IAC5B,OAAO,gBAAgB,MAAM;IAC7B,CAAC;WACM,GAAQ;AAChB,WAAQ,KAAK,6BAA6B,EAAE,UAAU,CAAC;;AAIzD,SAAO,EAAE,KAAK;GACb,KAAK;GACL,QAAQ;GACR,UAAU;GACV,CAAC;;CAIH,MAAM,QAAQ,MAAM,cACnB,GACA;EACC,QAAQ,QAAQ,KAAK;EACrB,OAAO,QAAQ,KAAK;EACpB,EACD,EAAE,KAAK,eACP;CAED,MAAM,MAAM,MAAM,SAAS,uBAAuB;EACjD,OAAO,MAAM;EACb,cAAc,MAAM;EACpB,aAAa,GAAG,EAAE,QAAQ,QAAQ,YAAY,SAAS;EACvD,QAAQ,EAAE,KAAK;EACf,CAAC;AAEF,KAAI,CAAC,EAAE,KAAK,gBACX,GAAE,UAAU,YAAY,IAAI,UAAU,CAAC;AAGxC,QAAO,EAAE,KAAK;EACb,KAAK,IAAI,UAAU;EACnB,UAAU,CAAC,EAAE,KAAK;EAClB,CAAC;EAEH;AACD,MAAa,gBAAgB,mBAC5B,mBACA;CACC,QAAQ;CACR,MAAM,EAAE,OAAO;EACd,YAAY,EAAE,QAAQ;EACtB,WAAW,EAAE,QAAQ,CAAC,UAAU;EAChC,CAAC;CACF,KAAK,CAAC,uBAAuB;CAC7B,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,YAAY,cAAc,IAAI;CACtC,MAAM,WAAW,MAAM,IAAI,QAAQ,gBAAgB,aAClD,IAAI,QAAQ,QAAQ,KAAK,GACzB;AACD,KACC,SAAS,WAAW,KACpB,CAAC,IAAI,QAAQ,QAAQ,SAAS,gBAAgB,kBAE9C,OAAM,SAAS,KACd,eACA,iBAAiB,8BACjB;CAEF,MAAM,eAAe,SAAS,MAAM,YACnC,YACG,QAAQ,cAAc,aAAa,QAAQ,eAAe,aAC1D,QAAQ,eAAe,WAC1B;AACD,KAAI,CAAC,aACJ,OAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;AAEvE,OAAM,IAAI,QAAQ,gBAAgB,cAAc,aAAa,GAAG;AAChE,QAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;EAEH;AAED,MAAa,iBAAiB,mBAC7B,qBACA;CACC,QAAQ;CACR,MAAM,EAAE,OAAO;EACd,YAAY,EAAE,QAAQ,CAAC,KAAK,EAC3B,aAAa,0CACb,CAAC;EACF,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,oDACb,CAAC,CACD,UAAU;EACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,2CACb,CAAC,CACD,UAAU;EACZ,CAAC;CACF,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW;GACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY;MACX,WAAW,EACV,MAAM,UACN;MACD,SAAS,EACR,MAAM,UACN;MACD,aAAa,EACZ,MAAM,UACN;MACD,sBAAsB;OACrB,MAAM;OACN,QAAQ;OACR;MACD;KACD,EACD,EACD;IACD;GACD,KAAK,EACJ,aAAa,mDACb;GACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,YAAY,WAAW,WAAW,IAAI,QAAQ,EAAE;CACxD,MAAM,MAAM,IAAI;CAChB,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,OAAO,CAAC,QACX,OAAM,IAAI,MAAM,eAAe;CAEhC,MAAM,iBAAiB,SAAS,MAAM,MAAM;AAC5C,KAAI,CAAC,eACJ,OAAM,IAAI,MAAM,eAAe;AAEhC,KAAI,CAAC,IAAI,QAAQ,gBAAgB,MAAM,MAAM,EAAE,OAAO,WAAW,CAChE,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS,YAAY,WAAW;EAChC,MAAM;EACN,CAAC;CAEH,MAAM,cAAc,MAAM,iBAAiB,IAAI;CAC/C,IAAI,UAA+B;AACnC,KACC,eACA,eAAe,YAAY,eAC1B,CAAC,aAAa,YAAY,OAAO,WAElC,WAAU;KAIV,YADC,MAAM,IAAI,QAAQ,gBAAgB,aAAa,eAAe,EAC5C,MAAM,QACxB,YACG,IAAI,cAAc,aAAa,IAAI,eAAe,aAClD,IAAI,eAAe,WACtB;AAGF,KAAI,CAAC,QACJ,OAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;CAEvE,MAAM,WAAW,IAAI,QAAQ,gBAAgB,MAC3C,MAAM,EAAE,OAAO,WAChB;AACD,KAAI,CAAC,SACJ,OAAM,SAAS,KAAK,eAAe,iBAAiB,mBAAmB;AAGxE,KAAI;EACH,IAAI,YAAiC;EACrC,MAAM,qBACL,QAAQ,wBACR,IAAI,KAAK,QAAQ,qBAAqB,CAAC,SAAS,GAAG,KAAK,KAAK,GAAG;AACjE,MACC,QAAQ,gBACR,sBACA,SAAS,oBACR;GACD,MAAM,eAAe,MAAM,kBAC1B,QAAQ,cACR,IAAI,QACJ;AACD,eAAY,MAAM,SAAS,mBAAmB,aAAa;GAC3D,MAAM,cAAc;IACnB,aAAa,MAAM,aAAa,UAAU,aAAa,IAAI,QAAQ;IACnE,sBAAsB,UAAU;IAChC,cAAc,MAAM,aAAa,UAAU,cAAc,IAAI,QAAQ;IACrE,uBAAuB,UAAU;IACjC;GACD,IAAI,iBAA6C;AACjD,OAAI,QAAQ,GACX,kBAAiB,MAAM,IAAI,QAAQ,gBAAgB,cAClD,QAAQ,IACR,YACA;AAEF,OAAI,IAAI,QAAQ,QAAQ,SAAS,mBAChC,OAAM,iBAAiB,KAAK;IAC3B,GAAG;IACH,GAAI,kBAAkB;IACtB,CAAC;;EAIJ,MAAM,8BAA8B;AACnC,OAAI,WAAW,sBAAsB;AACpC,QAAI,OAAO,UAAU,yBAAyB,SAC7C,QAAO,IAAI,KAAK,UAAU,qBAAqB;AAEhD,WAAO,UAAU;;AAElB,OAAI,QAAQ,sBAAsB;AACjC,QAAI,OAAO,QAAQ,yBAAyB,SAC3C,QAAO,IAAI,KAAK,QAAQ,qBAAqB;AAE9C,WAAO,QAAQ;;MAGb;EAEJ,MAAM,SAAS;GACd,aACC,WAAW,eACV,MAAM,kBAAkB,QAAQ,eAAe,IAAI,IAAI,QAAQ;GACjE;GACA,QAAQ,QAAQ,OAAO,MAAM,IAAI,IAAI,EAAE;GACvC,SAAS,WAAW,WAAW,QAAQ,WAAW;GAClD;AACD,SAAO,IAAI,KAAK,OAAO;UACf,QAAQ;AAChB,QAAM,SAAS,KAAK,eAAe;GAClC,SAAS;GACT,MAAM;GACN,CAAC;;EAGJ;AAED,MAAa,eAAe,mBAC3B,kBACA;CACC,QAAQ;CACR,MAAM,EAAE,OAAO;EACd,YAAY,EAAE,QAAQ,CAAC,KAAK,EAC3B,aAAa,0CACb,CAAC;EACF,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,oDACb,CAAC,CACD,UAAU;EACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,2CACb,CAAC,CACD,UAAU;EACZ,CAAC;CACF,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW;GACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY;MACX,WAAW,EACV,MAAM,UACN;MACD,SAAS,EACR,MAAM,UACN;MACD,aAAa,EACZ,MAAM,UACN;MACD,cAAc,EACb,MAAM,UACN;MACD,sBAAsB;OACrB,MAAM;OACN,QAAQ;OACR;MACD,uBAAuB;OACtB,MAAM;OACN,QAAQ;OACR;MACD;KACD,EACD,EACD;IACD;GACD,KAAK,EACJ,aAAa,mDACb;GACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,YAAY,WAAW,WAAW,IAAI;CAC9C,MAAM,MAAM,IAAI;CAChB,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,OAAO,CAAC,QACX,OAAM,IAAI,MAAM,eAAe;CAEhC,MAAM,iBAAiB,SAAS,MAAM,MAAM;AAC5C,KAAI,CAAC,eACJ,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS;EACT,MAAM;EACN,CAAC;CAEH,MAAM,WAAW,IAAI,QAAQ,gBAAgB,MAC3C,MAAM,EAAE,OAAO,WAChB;AACD,KAAI,CAAC,SACJ,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS,YAAY,WAAW;EAChC,MAAM;EACN,CAAC;AAEH,KAAI,CAAC,SAAS,mBACb,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS,YAAY,WAAW;EAChC,MAAM;EACN,CAAC;CAIH,IAAI,UAA+B;CACnC,MAAM,cAAc,MAAM,iBAAiB,IAAI;AAC/C,KACC,gBACC,CAAC,cAAc,eAAe,aAAa,YAE5C,WAAU;KAIV,YADC,MAAM,IAAI,QAAQ,gBAAgB,aAAa,eAAe,EAC5C,MAAM,QACxB,YACG,IAAI,cAAc,aAAa,IAAI,eAAe,aAClD,IAAI,eAAe,WACtB;AAGF,KAAI,CAAC,QACJ,OAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;CAGvE,IAAI,eAA0C;AAC9C,KAAI,eAAe,eAAe,YAAY,WAC7C,gBAAe,YAAY,gBAAgB;KAE3C,gBAAe,QAAQ,gBAAgB;AAGxC,KAAI,CAAC,aACJ,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS;EACT,MAAM;EACN,CAAC;AAGH,KAAI;EACH,MAAM,wBAAwB,MAAM,kBACnC,cACA,IAAI,QACJ;EACD,MAAM,SAAuB,MAAM,SAAS,mBAC3C,sBACA;AAED,MAAI,QAAQ,IAAI;GACf,MAAM,aAAa;IAClB,GAAI,WAAW,EAAE;IACjB,aAAa,MAAM,aAAa,OAAO,aAAa,IAAI,QAAQ;IAChE,cAAc,MAAM,aAAa,OAAO,cAAc,IAAI,QAAQ;IAClE,sBAAsB,OAAO;IAC7B,uBAAuB,OAAO;IAC9B,OAAO,OAAO,QAAQ,KAAK,IAAI,IAAI,QAAQ;IAC3C,SAAS,OAAO,WAAW,QAAQ;IACnC;AACD,SAAM,IAAI,QAAQ,gBAAgB,cAAc,QAAQ,IAAI,WAAW;;AAGxE,MACC,eACA,eAAe,YAAY,cAC3B,IAAI,QAAQ,QAAQ,SAAS,mBAW7B,OAAM,iBAAiB,KATJ;GAClB,GAAG;GACH,aAAa,MAAM,aAAa,OAAO,aAAa,IAAI,QAAQ;GAChE,cAAc,MAAM,aAAa,OAAO,cAAc,IAAI,QAAQ;GAClE,sBAAsB,OAAO;GAC7B,uBAAuB,OAAO;GAC9B,OAAO,OAAO,QAAQ,KAAK,IAAI,IAAI,YAAY;GAC/C,SAAS,OAAO,WAAW,YAAY;GACvC,CACsC;AAExC,SAAO,IAAI,KAAK;GACf,aAAa,OAAO;GACpB,cAAc,OAAO;GACrB,sBAAsB,OAAO;GAC7B,uBAAuB,OAAO;GAC9B,OAAO,OAAO,QAAQ,KAAK,IAAI,IAAI,QAAQ;GAC3C,SAAS,OAAO,WAAW,QAAQ;GACnC,YAAY,QAAQ;GACpB,WAAW,QAAQ;GACnB,CAAC;UACM,QAAQ;AAChB,QAAM,SAAS,KAAK,eAAe;GAClC,SAAS;GACT,MAAM;GACN,CAAC;;EAGJ;AAED,MAAM,yBAAyB,EAAE,SAChC,EAAE,OAAO,EACR,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aACC,mEACD,CAAC,CACD,UAAU,EACZ,CAAC,CACF;AAED,MAAa,cAAc,mBAC1B,iBACA;CACC,QAAQ;CACR,KAAK,CAAC,kBAAkB;CACxB,UAAU,EACT,SAAS;EACR,aAAa;EACb,WAAW,EACV,OAAO;GACN,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,MAAM;MACL,MAAM;MACN,YAAY;OACX,IAAI,EACH,MAAM,UACN;OACD,MAAM,EACL,MAAM,UACN;OACD,OAAO,EACN,MAAM,UACN;OACD,OAAO,EACN,MAAM,UACN;OACD,eAAe,EACd,MAAM,WACN;OACD;MACD,UAAU,CAAC,MAAM,gBAAgB;MACjC;KACD,MAAM;MACL,MAAM;MACN,YAAY,EAAE;MACd,sBAAsB;MACtB;KACD;IACD,UAAU,CAAC,QAAQ,OAAO;IAC1B,sBAAsB;IACtB,EACD,EACD;GACD,EACD;EACD,EACD;CACD,OAAO;CACP,EACD,OAAO,QAAQ;CACd,MAAM,oBAAoB,IAAI,OAAO;CACrC,IAAI,UAA+B;AACnC,KAAI,CAAC,mBACJ;MAAI,IAAI,QAAQ,QAAQ,SAAS,oBAAoB;GACpD,MAAM,cAAc,MAAM,iBAAiB,IAAI;AAC/C,OAAI,YACH,WAAU;;QAGN;EACN,MAAM,cACL,MAAM,IAAI,QAAQ,gBAAgB,YAAY,kBAAkB;AACjE,MAAI,YACH,WAAU;;AAIZ,KAAI,CAAC,WAAW,QAAQ,WAAW,IAAI,QAAQ,QAAQ,KAAK,GAC3D,OAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;CAGvE,MAAM,WAAW,IAAI,QAAQ,gBAAgB,MAC3C,MAAM,EAAE,OAAO,QAAQ,WACxB;AAED,KAAI,CAAC,SACJ,OAAM,SAAS,KAAK,yBAAyB;EAC5C,SAAS,gCAAgC,QAAQ,WAAW;EAC5D,MAAM;EACN,CAAC;CAEH,MAAM,SAAS,MAAM,eAAe;EACnC,GAAG;EACH,QAAQ;EACR,MAAM;GACL,WAAW,QAAQ;GACnB,YAAY,QAAQ;GACpB;EACD,eAAe;EACf,cAAc;EACd,CAAC;AACF,KAAI,CAAC,OAAO,YACX,OAAM,SAAS,KAAK,eAAe;EAClC,SAAS;EACT,MAAM;EACN,CAAC;CAEH,MAAM,OAAO,MAAM,SAAS,YAAY;EACvC,GAAG;EACH,aAAa,OAAO;EACpB,CAAC;AACF,QAAO,IAAI,KAAK,KAAK;EAEtB"}
|