@holeauth/core 0.0.1-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +5 -0
  3. package/cjs-error.cjs +8 -0
  4. package/dist/adapters/index.d.ts +1 -0
  5. package/dist/adapters/index.js +3 -0
  6. package/dist/adapters/index.js.map +1 -0
  7. package/dist/cookies/index.d.ts +3 -0
  8. package/dist/cookies/index.js +74 -0
  9. package/dist/cookies/index.js.map +1 -0
  10. package/dist/errors/index.d.ts +40 -0
  11. package/dist/errors/index.js +70 -0
  12. package/dist/errors/index.js.map +1 -0
  13. package/dist/events/index.d.ts +3 -0
  14. package/dist/events/index.js +52 -0
  15. package/dist/events/index.js.map +1 -0
  16. package/dist/flows/index.d.ts +4 -0
  17. package/dist/flows/index.js +835 -0
  18. package/dist/flows/index.js.map +1 -0
  19. package/dist/index-BIXESLma.d.ts +58 -0
  20. package/dist/index-BYtkmk9_.d.ts +18 -0
  21. package/dist/index-BbEXbI_k.d.ts +116 -0
  22. package/dist/index-BmYQquGs.d.ts +563 -0
  23. package/dist/index-BwEvEa8-.d.ts +20 -0
  24. package/dist/index-CHS-socJ.d.ts +97 -0
  25. package/dist/index-CNtnPdzk.d.ts +136 -0
  26. package/dist/index-CjEXpqaW.d.ts +22 -0
  27. package/dist/index-CotvcK_b.d.ts +42 -0
  28. package/dist/index-D57PvFMN.d.ts +105 -0
  29. package/dist/index-DRN-5E_H.d.ts +26 -0
  30. package/dist/index.d.ts +39 -0
  31. package/dist/index.js +1757 -0
  32. package/dist/index.js.map +1 -0
  33. package/dist/jwt/index.d.ts +2 -0
  34. package/dist/jwt/index.js +53 -0
  35. package/dist/jwt/index.js.map +1 -0
  36. package/dist/otp/index.d.ts +1 -0
  37. package/dist/otp/index.js +16 -0
  38. package/dist/otp/index.js.map +1 -0
  39. package/dist/password/index.d.ts +1 -0
  40. package/dist/password/index.js +75 -0
  41. package/dist/password/index.js.map +1 -0
  42. package/dist/plugins/index.d.ts +4 -0
  43. package/dist/plugins/index.js +480 -0
  44. package/dist/plugins/index.js.map +1 -0
  45. package/dist/registry-CZhM1tEB.d.ts +101 -0
  46. package/dist/session/index.d.ts +3 -0
  47. package/dist/session/index.js +346 -0
  48. package/dist/session/index.js.map +1 -0
  49. package/dist/sso/index.d.ts +3 -0
  50. package/dist/sso/index.js +475 -0
  51. package/dist/sso/index.js.map +1 -0
  52. package/package.json +121 -0
package/dist/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/errors/index.ts","../src/jwt/index.ts","../src/session/index.ts","../src/cookies/csrf.ts","../src/events/emitter.ts","../src/plugins/runner-ref.ts","../src/session/hash.ts","../src/session/issue.ts","../src/session/rotate.ts","../src/session/validate.ts","../src/session/revoke.ts","../src/session/get-or-refresh.ts","../src/password/index.ts","../src/otp/index.ts","../src/sso/index.ts","../src/sso/client.ts","../src/sso/authorize.ts","../src/sso/callback.ts","../src/sso/providers/google.ts","../src/sso/providers/github.ts","../src/adapters/index.ts","../src/cookies/index.ts","../src/cookies/spec.ts","../src/events/index.ts","../src/flows/index.ts","../src/flows/register.ts","../src/flows/signin.ts","../src/flows/signout.ts","../src/flows/refresh.ts","../src/flows/tx.ts","../src/flows/password-change.ts","../src/utils/base64url.ts","../src/flows/password-reset.ts","../src/flows/user-mutation.ts","../src/flows/invite.ts","../src/plugins/index.ts","../src/plugins/define.ts","../src/plugins/registry.ts","../src/define.ts"],"names":["ACCESS_DEFAULT","REFRESH_DEFAULT","session","verify","hash","email"],"mappings":";;;;;;;;;AAAO,IAAM,aAAA,GAAN,cAA4B,KAAA,CAAM;AAAA,EAC9B,IAAA;AAAA,EACA,MAAA;AAAA,EACT,WAAA,CAAY,IAAA,EAAc,OAAA,EAAiB,MAAA,GAAS,GAAA,EAAK;AACvD,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,eAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AACF;AACO,IAAM,iBAAA,GAAN,cAAgC,aAAA,CAAc;AAAA,EACnD,WAAA,CAAY,UAAU,eAAA,EAAiB;AAAE,IAAA,KAAA,CAAM,eAAA,EAAiB,SAAS,GAAG,CAAA;AAAA,EAAG;AACjF;AACO,IAAM,mBAAA,GAAN,cAAkC,aAAA,CAAc;AAAA,EACrD,WAAA,CAAY,UAAU,iBAAA,EAAmB;AAAE,IAAA,KAAA,CAAM,iBAAA,EAAmB,SAAS,GAAG,CAAA;AAAA,EAAG;AACrF;AACO,IAAM,YAAA,GAAN,cAA2B,aAAA,CAAc;AAAA,EAC9C,WAAA,CAAY,UAAU,eAAA,EAAiB;AAAE,IAAA,KAAA,CAAM,eAAA,EAAiB,SAAS,GAAG,CAAA;AAAA,EAAG;AACjF;AACO,IAAM,aAAA,GAAN,cAA4B,aAAA,CAAc;AAAA,EAC/C,WAAA,CAAY,UAAU,gBAAA,EAAkB;AAAE,IAAA,KAAA,CAAM,gBAAA,EAAkB,SAAS,GAAG,CAAA;AAAA,EAAG;AACnF;AACO,IAAM,SAAA,GAAN,cAAwB,aAAA,CAAc;AAAA,EAC3C,WAAA,CAAY,UAAU,wBAAA,EAA0B;AAAE,IAAA,KAAA,CAAM,aAAA,EAAe,SAAS,GAAG,CAAA;AAAA,EAAG;AACxF;AACO,IAAM,gBAAA,GAAN,cAA+B,aAAA,CAAc;AAAA,EAClD,WAAA,CAAY,UAAU,qBAAA,EAAuB;AAAE,IAAA,KAAA,CAAM,qBAAA,EAAuB,SAAS,GAAG,CAAA;AAAA,EAAG;AAC7F;AACO,IAAM,oBAAA,GAAN,cAAmC,aAAA,CAAc;AAAA,EACtD,WAAA,CAAY,UAAU,kBAAA,EAAoB;AAAE,IAAA,KAAA,CAAM,kBAAA,EAAoB,SAAS,GAAG,CAAA;AAAA,EAAG;AACvF;AACO,IAAM,iBAAA,GAAN,cAAgC,aAAA,CAAc;AAAA,EACnD,WAAA,CAAY,UAAU,8BAAA,EAAgC;AAAE,IAAA,KAAA,CAAM,eAAA,EAAiB,SAAS,GAAG,CAAA;AAAA,EAAG;AAChG;AACO,IAAM,qBAAA,GAAN,cAAoC,aAAA,CAAc;AAAA,EACvD,WAAA,CAAY,UAAU,4BAAA,EAA8B;AAAE,IAAA,KAAA,CAAM,mBAAA,EAAqB,SAAS,GAAG,CAAA;AAAA,EAAG;AAClG;AACO,IAAM,yBAAA,GAAN,cAAwC,aAAA,CAAc;AAAA,EAC3D,WAAA,CAAY,UAAU,+BAAA,EAAiC;AAAE,IAAA,KAAA,CAAM,uBAAA,EAAyB,SAAS,GAAG,CAAA;AAAA,EAAG;AACzG;AACO,IAAM,iBAAA,GAAN,cAAgC,aAAA,CAAc;AAAA,EACnD,WAAA,CAAY,UAAU,oCAAA,EAAsC;AAAE,IAAA,KAAA,CAAM,eAAA,EAAiB,SAAS,GAAG,CAAA;AAAA,EAAG;AACtG;;;AC1CA,IAAA,WAAA,GAAA;AAAA,QAAA,CAAA,WAAA,EAAA;AAAA,EAAA,MAAA,EAAA,MAAA,MAAA;AAAA,EAAA,IAAA,EAAA,MAAA,IAAA;AAAA,EAAA,MAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAGA,SAAS,MAAM,MAAA,EAAyC;AACtD,EAAA,OAAO,OAAO,WAAW,QAAA,GAAW,IAAI,aAAY,CAAE,MAAA,CAAO,MAAM,CAAA,GAAI,MAAA;AACzE;AAUA,eAAsB,IAAA,CACpB,OAAA,EACA,MAAA,EACA,IAAA,GAAoB,EAAC,EACJ;AACjB,EAAA,MAAM,GAAA,GAAM,IAAI,OAAA,CAAQ,OAAO,CAAA,CAAE,kBAAA,CAAmB,EAAE,GAAA,EAAK,OAAA,EAAS,CAAA,CAAE,WAAA,EAAY;AAClF,EAAA,IAAI,IAAA,CAAK,MAAA,EAAQ,GAAA,CAAI,SAAA,CAAU,KAAK,MAAM,CAAA;AAC1C,EAAA,IAAI,IAAA,CAAK,QAAA,EAAU,GAAA,CAAI,WAAA,CAAY,KAAK,QAAQ,CAAA;AAChD,EAAA,IAAI,IAAA,CAAK,OAAA,EAAS,GAAA,CAAI,UAAA,CAAW,KAAK,OAAO,CAAA;AAC7C,EAAA,IAAI,IAAA,CAAK,GAAA,EAAK,GAAA,CAAI,MAAA,CAAO,KAAK,GAAG,CAAA;AACjC,EAAA,IAAI,KAAK,SAAA,KAAc,MAAA,EAAW,GAAA,CAAI,iBAAA,CAAkB,KAAK,SAAS,CAAA;AACtE,EAAA,OAAO,GAAA,CAAI,IAAA,CAAK,KAAA,CAAM,MAAM,CAAC,CAAA;AAC/B;AAEA,eAAsB,MAAA,CACpB,OACA,MAAA,EACY;AACZ,EAAA,IAAI;AACF,IAAA,MAAM,EAAE,SAAQ,GAAI,MAAM,UAAU,KAAA,EAAO,KAAA,CAAM,MAAM,CAAC,CAAA;AACxD,IAAA,OAAO,OAAA;AAAA,EACT,SAAS,CAAA,EAAG;AACV,IAAA,MAAM,IAAI,iBAAA,CAAmB,CAAA,CAAY,OAAO,CAAA;AAAA,EAClD;AACF;AAEO,SAAS,OAA0C,KAAA,EAAkB;AAC1E,EAAA,IAAI;AACF,IAAA,OAAO,UAAU,KAAK,CAAA;AAAA,EACxB,SAAS,CAAA,EAAG;AACV,IAAA,MAAM,IAAI,iBAAA,CAAmB,CAAA,CAAY,OAAO,CAAA;AAAA,EAClD;AACF;;;AC/CA,IAAA,eAAA,GAAA;AAAA,QAAA,CAAA,eAAA,EAAA;AAAA,EAAA,mBAAA,EAAA,MAAA,mBAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,gBAAA,EAAA,MAAA,gBAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,eAAA,EAAA,MAAA;AAAA,CAAA,CAAA;;;ACQA,IAAM,WAAA,GAAc,kEAAA;AAEb,SAAS,iBAAA,GAA4B;AAC1C,EAAA,MAAM,QAAQ,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,EAAE,CAAC,CAAA;AACvD,EAAA,IAAI,GAAA,GAAM,EAAA;AACV,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,EAAO,GAAA,IAAO,WAAA,CAAY,IAAI,EAAE,CAAA;AAChD,EAAA,OAAO,GAAA;AACT;AAGO,SAAS,UAAA,CAAW,aAAiC,WAAA,EAA0C;AACpG,EAAA,IAAI,CAAC,WAAA,IAAe,CAAC,WAAA,EAAa,OAAO,KAAA;AACzC,EAAA,IAAI,WAAA,CAAY,MAAA,KAAW,WAAA,CAAY,MAAA,EAAQ,OAAO,KAAA;AACtD,EAAA,IAAI,IAAA,GAAO,CAAA;AACX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,WAAA,CAAY,QAAQ,CAAA,EAAA,EAAK;AAC3C,IAAA,IAAA,IAAQ,YAAY,UAAA,CAAW,CAAC,CAAA,GAAI,WAAA,CAAY,WAAW,CAAC,CAAA;AAAA,EAC9D;AACA,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB;AAEO,IAAM,WAAA,GAAc,cAAA;;;AClB3B,IAAM,WAAA,uBAAkB,OAAA,EAAkC;AAE1D,SAAS,OAAO,GAAA,EAA+B;AAC7C,EAAA,IAAI,GAAA,GAAM,WAAA,CAAY,GAAA,CAAI,GAAG,CAAA;AAC7B,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,GAAA,GAAM,EAAE,wBAAQ,IAAI,GAAA,IAAO,QAAA,kBAAU,IAAI,KAAI,EAAE;AAC/C,IAAA,WAAA,CAAY,GAAA,CAAI,KAAK,GAAG,CAAA;AAAA,EAC1B;AACA,EAAA,OAAO,GAAA;AACT;AAGO,SAAS,SAAA,CAAU,GAAA,EAAqB,IAAA,EAAc,OAAA,EAA8B;AACzF,EAAA,MAAM,GAAA,GAAM,OAAO,GAAG,CAAA;AACtB,EAAA,IAAI,SAAS,GAAA,EAAK;AAChB,IAAA,GAAA,CAAI,QAAA,CAAS,IAAI,OAAO,CAAA;AACxB,IAAA,OAAO,MAAM,GAAA,CAAI,QAAA,CAAS,MAAA,CAAO,OAAO,CAAA;AAAA,EAC1C;AACA,EAAA,IAAI,GAAA,GAAM,GAAA,CAAI,MAAA,CAAO,GAAA,CAAI,IAAI,CAAA;AAC7B,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,GAAA,uBAAU,GAAA,EAAI;AACd,IAAA,GAAA,CAAI,MAAA,CAAO,GAAA,CAAI,IAAA,EAAM,GAAG,CAAA;AAAA,EAC1B;AACA,EAAA,GAAA,CAAI,IAAI,OAAO,CAAA;AACf,EAAA,OAAO,MAAM,GAAA,CAAK,MAAA,CAAO,OAAO,CAAA;AAClC;AAEO,SAAS,WAAA,CAAY,GAAA,EAAqB,IAAA,EAAc,OAAA,EAAwB;AACrF,EAAA,MAAM,GAAA,GAAM,OAAO,GAAG,CAAA;AACtB,EAAA,IAAI,SAAS,GAAA,EAAK;AAChB,IAAA,GAAA,CAAI,QAAA,CAAS,OAAO,OAAO,CAAA;AAC3B,IAAA;AAAA,EACF;AACA,EAAA,GAAA,CAAI,MAAA,CAAO,GAAA,CAAI,IAAI,CAAA,EAAG,OAAO,OAAO,CAAA;AACtC;AAUA,eAAsB,IAAA,CAAK,KAAqB,KAAA,EAAqC;AACnF,EAAA,MAAM,gBAA+B,EAAE,EAAA,sBAAQ,IAAA,EAAK,EAAG,GAAG,KAAA,EAAM;AAChE,EAAA,MAAM,GAAA,CAAI,QAAA,CAAS,QAAA,CAAS,MAAA,CAAO,aAAa,CAAA;AAEhD,EAAA,MAAM,GAAA,GAAM,OAAO,GAAG,CAAA;AACtB,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,MAAA,CAAO,GAAA,CAAI,cAAc,IAAI,CAAA;AAC/C,EAAA,MAAM,IAAA,GAAO,CAAC,CAAA,KAAe;AAC3B,IAAA,OAAA,CAAQ,OAAA,GACL,IAAA,CAAK,MAAM,EAAE,aAAa,CAAC,CAAA,CAC3B,KAAA,CAAM,MAAM;AAAA,IAAyC,CAAC,CAAA;AAAA,EAC3D,CAAA;AACA,EAAA,IAAI,KAAA,EAAO,KAAA,MAAW,CAAA,IAAK,KAAA,OAAY,CAAC,CAAA;AACxC,EAAA,KAAA,MAAW,CAAA,IAAK,GAAA,CAAI,QAAA,EAAU,IAAA,CAAK,CAAC,CAAA;AAEpC,EAAA,IAAI,IAAI,OAAA,EAAS;AACf,IAAA,OAAA,CAAQ,OAAA,EAAQ,CACb,IAAA,CAAK,MAAM,GAAA,CAAI,UAAU,aAAa,CAAC,CAAA,CACvC,KAAA,CAAM,MAAM;AAAA,IAAyC,CAAC,CAAA;AAAA,EAC3D;AACF;;;AC/DA,IAAM,OAAA,uBAAc,OAAA,EAAoC;AAEjD,SAAS,gBAAA,CAAiB,KAAqB,MAAA,EAA0B;AAC9E,EAAA,OAAA,CAAQ,GAAA,CAAI,KAAK,MAAM,CAAA;AACzB;AAEA,IAAM,IAAA,GAAmB;AAAA,EACvB,MAAM,iBAAA,GAAoB;AAAA,EAAC,CAAA;AAAA,EAC3B,MAAM,gBAAA,GAAmB;AAAA,EAAC,CAAA;AAAA,EAC1B,MAAM,eAAA,GAAkB;AAAA,EAAC,CAAA;AAAA,EACzB,MAAM,kBAAA,GAAqB;AAAE,IAAA,OAAO,IAAA;AAAA,EAAM,CAAA;AAAA,EAC1C,MAAM,cAAA,GAAiB;AAAA,EAAC,CAAA;AAAA,EACxB,MAAM,eAAA,GAAkB;AAAA,EAAC,CAAA;AAAA,EACzB,MAAM,gBAAA,GAAmB;AAAA,EAAC,CAAA;AAAA,EAC1B,MAAM,eAAA,GAAkB;AAAA,EAAC,CAAA;AAAA,EACzB,MAAM,uBAAA,GAA0B;AAAA,EAAC,CAAA;AAAA,EACjC,MAAM,sBAAA,GAAyB;AAAA,EAAC,CAAA;AAAA,EAChC,MAAM,sBAAA,GAAyB;AAAA,EAAC,CAAA;AAAA,EAChC,MAAM,qBAAA,GAAwB;AAAA,EAAC,CAAA;AAAA,EAC/B,MAAM,kBAAA,GAAqB;AAAA,EAAC,CAAA;AAAA,EAC5B,MAAM,kBAAA,GAAqB;AAAA,EAAC,CAAA;AAAA,EAC5B,MAAM,eAAA,GAAkB;AAAA,EAAC,CAAA;AAAA,EACzB,MAAM,gBAAA,GAAmB;AAAA,EAAC,CAAA;AAAA,EAC1B,MAAM,gBAAA,GAAmB;AAAA,EAAC;AAC5B,CAAA;AAEO,SAAS,cAAc,GAAA,EAAiC;AAC7D,EAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA,IAAK,IAAA;AAC7B;;;ACrCA,eAAsB,aAAa,KAAA,EAAgC;AACjE,EAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,KAAK,CAAC,CAAA;AACjF,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,GAAG,CAAA;AAChC,EAAA,IAAI,CAAA,GAAI,EAAA;AACR,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,EAAO,CAAA,IAAK,MAAA,CAAO,aAAa,CAAC,CAAA;AACjD,EAAA,OAAO,IAAA,CAAK,CAAC,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC1E;;;ACAA,IAAM,cAAA,GAAiB,GAAA;AACvB,IAAM,eAAA,GAAkB,MAAA;AAcxB,eAAsB,YAAA,CAAa,KAAqB,KAAA,EAA0C;AAChG,EAAA,MAAM,SAAA,GAAY,GAAA,CAAI,MAAA,EAAQ,SAAA,IAAa,cAAA;AAC3C,EAAA,MAAM,UAAA,GAAa,GAAA,CAAI,MAAA,EAAQ,UAAA,IAAc,eAAA;AAC7C,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AAExC,EAAA,MAAM,QAAA,GAAW,KAAA,CAAM,QAAA,IAAY,MAAA,CAAO,UAAA,EAAW;AACrD,EAAA,MAAM,SAAA,GAAY,OAAO,UAAA,EAAW;AACpC,EAAA,MAAM,KAAA,GAAQ,OAAO,UAAA,EAAW;AAEhC,EAAA,MAAM,CAAC,WAAA,EAAa,YAAY,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,IACpD,IAAA;AAAA,MACE,EAAE,KAAK,SAAA,EAAW,GAAA,EAAK,MAAM,MAAA,EAAQ,GAAA,EAAK,QAAA,EAAU,GAAA,EAAK,KAAA,EAAM;AAAA,MAC/D,IAAI,OAAA,CAAQ,SAAA;AAAA,MACZ,EAAE,SAAA,EAAW,CAAA,EAAG,SAAS,CAAA,CAAA,CAAA;AAAI,KAC/B;AAAA,IACA,IAAA;AAAA,MACE,EAAE,GAAA,EAAK,SAAA,EAAW,GAAA,EAAK,KAAA,CAAM,MAAA,EAAQ,GAAA,EAAK,QAAA,EAAU,GAAA,EAAK,SAAA,EAAW,GAAA,EAAK,KAAA,EAAM;AAAA,MAC/E,IAAI,OAAA,CAAQ,SAAA;AAAA,MACZ,EAAE,SAAA,EAAW,CAAA,EAAG,UAAU,CAAA,CAAA,CAAA,EAAK,KAAK,KAAA;AAAM;AAC5C,GACD,CAAA;AACD,EAAA,MAAM,gBAAA,GAAmB,MAAM,YAAA,CAAa,YAAY,CAAA;AAExD,EAAA,MAAM,GAAA,CAAI,QAAA,CAAS,OAAA,CAAQ,aAAA,CAAc;AAAA,IACvC,EAAA,EAAI,SAAA;AAAA,IACJ,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,QAAA;AAAA,IACA,gBAAA;AAAA,IACA,SAAA,EAAW,IAAI,IAAA,CAAA,CAAM,GAAA,GAAM,cAAc,GAAI,CAAA;AAAA,IAC7C,SAAA,sBAAe,IAAA,EAAK;AAAA,IACpB,SAAA,EAAW,IAAA;AAAA,IACX,EAAA,EAAI,MAAM,EAAA,IAAM,IAAA;AAAA,IAChB,SAAA,EAAW,MAAM,SAAA,IAAa;AAAA,GAC/B,CAAA;AAED,EAAA,MAAM,YAAY,iBAAA,EAAkB;AAEpC,EAAA,MAAM,KAAK,GAAA,EAAK;AAAA,IACd,IAAA,EAAM,iBAAA;AAAA,IACN,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,SAAA;AAAA,IACA,EAAA,EAAI,MAAM,EAAA,IAAM,IAAA;AAAA,IAChB,SAAA,EAAW,MAAM,SAAA,IAAa,IAAA;AAAA,IAC9B,IAAA,EAAM,EAAE,QAAA;AAAS,GAClB,CAAA;AACD,EAAA,MAAM,aAAA,CAAc,GAAG,CAAA,CAAE,eAAA,CAAgB,EAAE,QAAQ,KAAA,CAAM,MAAA,EAAQ,SAAA,EAAW,QAAA,EAAU,CAAA;AAEtF,EAAA,OAAO;AAAA,IACL,WAAA;AAAA,IACA,YAAA;AAAA,IACA,SAAA;AAAA,IACA,SAAA;AAAA,IACA,QAAA;AAAA,IACA,eAAA,EAAA,CAAkB,MAAM,SAAA,IAAa,GAAA;AAAA,IACrC,gBAAA,EAAA,CAAmB,MAAM,UAAA,IAAc;AAAA,GACzC;AACF;;;ACtEA,IAAMA,eAAAA,GAAiB,GAAA;AACvB,IAAMC,gBAAAA,GAAkB,MAAA;AAYxB,eAAsB,aAAA,CACpB,GAAA,EACA,gBAAA,EACA,IAAA,GAA0D,EAAC,EACpC;AACvB,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,MAAM,MAAA,CAAO,gBAAA,EAAkB,GAAA,CAAI,QAAQ,SAAS,CAAA;AAAA,EAC/D,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,kBAAkB,uBAAuB,CAAA;AAAA,EACrD;AACA,EAAA,IAAI,MAAA,CAAO,GAAA,KAAQ,SAAA,IAAa,CAAC,MAAA,CAAO,GAAA,IAAO,CAAC,MAAA,CAAO,GAAA,IAAO,CAAC,MAAA,CAAO,GAAA,EAAK;AACzE,IAAA,MAAM,IAAI,kBAAkB,0BAA0B,CAAA;AAAA,EACxD;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAM,YAAA,CAAa,gBAAgB,CAAA;AACzD,EAAA,MAAM,QAAQ,MAAM,GAAA,CAAI,QAAA,CAAS,OAAA,CAAQ,iBAAiB,aAAa,CAAA;AAEvE,EAAA,IAAI,CAAC,KAAA,IAAS,KAAA,CAAM,SAAA,EAAW;AAE7B,IAAA,MAAM,GAAA,CAAI,QAAA,CAAS,OAAA,CAAQ,YAAA,CAAa,OAAO,GAAG,CAAA;AAClD,IAAA,MAAM,KAAK,GAAA,EAAK;AAAA,MACd,IAAA,EAAM,wBAAA;AAAA,MACN,QAAQ,MAAA,CAAO,GAAA;AAAA,MACf,WAAW,MAAA,CAAO,GAAA;AAAA,MAClB,EAAA,EAAI,KAAK,EAAA,IAAM,IAAA;AAAA,MACf,SAAA,EAAW,KAAK,SAAA,IAAa,IAAA;AAAA,MAC7B,IAAA,EAAM,EAAE,QAAA,EAAU,MAAA,CAAO,GAAA;AAAI,KAC9B,CAAA;AACD,IAAA,MAAM,IAAI,iBAAA,EAAkB;AAAA,EAC9B;AAEA,EAAA,IAAI,MAAM,SAAA,CAAU,OAAA,EAAQ,GAAI,IAAA,CAAK,KAAI,EAAG;AAC1C,IAAA,MAAM,GAAA,CAAI,QAAA,CAAS,OAAA,CAAQ,YAAA,CAAa,OAAO,GAAG,CAAA;AAClD,IAAA,MAAM,IAAI,mBAAA,EAAoB;AAAA,EAChC;AAEA,EAAA,MAAM,SAAA,GAAY,GAAA,CAAI,MAAA,EAAQ,SAAA,IAAaD,eAAAA;AAC3C,EAAA,MAAM,UAAA,GAAa,GAAA,CAAI,MAAA,EAAQ,UAAA,IAAcC,gBAAAA;AAC7C,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,MAAM,KAAA,GAAQ,OAAO,UAAA,EAAW;AAEhC,EAAA,MAAM,CAAC,WAAA,EAAa,YAAY,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,IACpD,IAAA;AAAA,MACE,EAAE,GAAA,EAAK,KAAA,CAAM,EAAA,EAAI,GAAA,EAAK,KAAA,CAAM,MAAA,EAAQ,GAAA,EAAK,KAAA,CAAM,QAAA,EAAU,GAAA,EAAK,KAAA,EAAM;AAAA,MACpE,IAAI,OAAA,CAAQ,SAAA;AAAA,MACZ,EAAE,SAAA,EAAW,CAAA,EAAG,SAAS,CAAA,CAAA,CAAA;AAAI,KAC/B;AAAA,IACA,IAAA;AAAA,MACE,EAAE,GAAA,EAAK,KAAA,CAAM,EAAA,EAAI,GAAA,EAAK,KAAA,CAAM,MAAA,EAAQ,GAAA,EAAK,KAAA,CAAM,QAAA,EAAU,GAAA,EAAK,SAAA,EAAW,KAAK,KAAA,EAAM;AAAA,MACpF,IAAI,OAAA,CAAQ,SAAA;AAAA,MACZ,EAAE,SAAA,EAAW,CAAA,EAAG,UAAU,CAAA,CAAA,CAAA,EAAK,KAAK,KAAA;AAAM;AAC5C,GACD,CAAA;AACD,EAAA,MAAM,OAAA,GAAU,MAAM,YAAA,CAAa,YAAY,CAAA;AAC/C,EAAA,MAAM,GAAA,CAAI,SAAS,OAAA,CAAQ,aAAA;AAAA,IACzB,KAAA,CAAM,EAAA;AAAA,IACN,OAAA;AAAA,IACA,IAAI,IAAA,CAAA,CAAM,GAAA,GAAM,UAAA,IAAc,GAAI;AAAA,GACpC;AAEA,EAAA,MAAM,KAAK,GAAA,EAAK;AAAA,IACd,IAAA,EAAM,iBAAA;AAAA,IACN,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,WAAW,KAAA,CAAM,EAAA;AAAA,IACjB,EAAA,EAAI,KAAK,EAAA,IAAM,IAAA;AAAA,IACf,SAAA,EAAW,KAAK,SAAA,IAAa,IAAA;AAAA,IAC7B,IAAA,EAAM,EAAE,QAAA,EAAU,KAAA,CAAM,QAAA;AAAS,GAClC,CAAA;AACD,EAAA,MAAM,aAAA,CAAc,GAAG,CAAA,CAAE,gBAAA,CAAiB;AAAA,IACxC,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,WAAW,KAAA,CAAM,EAAA;AAAA,IACjB,UAAU,KAAA,CAAM;AAAA,GACjB,CAAA;AAED,EAAA,OAAO;AAAA,IACL,WAAA;AAAA,IACA,YAAA;AAAA,IACA,WAAW,iBAAA,EAAkB;AAAA,IAC7B,WAAW,KAAA,CAAM,EAAA;AAAA,IACjB,UAAU,KAAA,CAAM,QAAA;AAAA,IAChB,eAAA,EAAA,CAAkB,MAAM,SAAA,IAAa,GAAA;AAAA,IACrC,gBAAA,EAAA,CAAmB,MAAM,UAAA,IAAc;AAAA,GACzC;AACF;;;AClGA,eAAsB,eAAA,CAAgB,KAAqB,KAAA,EAA4C;AACrG,EAAA,IAAI;AACF,IAAA,MAAM,IAAI,MAAM,MAAA;AAAA,MACd,KAAA;AAAA,MACA,IAAI,OAAA,CAAQ;AAAA,KACd;AACA,IAAA,IAAI,CAAC,CAAA,CAAE,GAAA,IAAO,CAAC,CAAA,CAAE,KAAK,OAAO,IAAA;AAC7B,IAAA,OAAO;AAAA,MACL,WAAW,CAAA,CAAE,GAAA;AAAA,MACb,QAAQ,CAAA,CAAE,GAAA;AAAA,MACV,SAAA,EAAA,CAAY,CAAA,CAAE,GAAA,IAAO,CAAA,IAAK,GAAA;AAAA,MAC1B,UAAU,CAAA,CAAE;AAAA,KACd;AAAA,EACF,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;;;ACjBA,eAAsB,aAAA,CAAc,GAAA,EAAqB,SAAA,EAAmB,MAAA,EAAgC;AAC1G,EAAA,MAAM,GAAA,CAAI,QAAA,CAAS,OAAA,CAAQ,aAAA,CAAc,SAAS,CAAA;AAClD,EAAA,MAAM,KAAK,GAAA,EAAK;AAAA,IACd,IAAA,EAAM,iBAAA;AAAA,IACN,QAAQ,MAAA,IAAU,IAAA;AAAA,IAClB;AAAA,GACD,CAAA;AACD,EAAA,MAAM,aAAA,CAAc,GAAG,CAAA,CAAE,gBAAA,CAAiB,EAAE,MAAA,EAAQ,MAAA,IAAU,IAAA,EAAM,SAAA,EAAW,CAAA;AACjF;AAGA,eAAsB,eAAA,CAAgB,KAAqB,YAAA,EAAqC;AAC9F,EAAA,IAAI;AACF,IAAA,MAAM,IAAI,MAAM,MAAA,CAAuC,YAAA,EAAc,GAAA,CAAI,QAAQ,SAAS,CAAA;AAC1F,IAAA,IAAI,EAAE,GAAA,EAAK;AACT,MAAA,MAAM,GAAA,CAAI,QAAA,CAAS,OAAA,CAAQ,aAAA,CAAc,EAAE,GAAG,CAAA;AAC9C,MAAA,MAAM,IAAA,CAAK,GAAA,EAAK,EAAE,IAAA,EAAM,iBAAA,EAAmB,MAAA,EAAQ,CAAA,CAAE,GAAA,IAAO,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,GAAA,EAAK,CAAA;AACpF,MAAA,MAAM,aAAA,CAAc,GAAG,CAAA,CAAE,gBAAA,CAAiB,EAAE,MAAA,EAAQ,CAAA,CAAE,GAAA,IAAO,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,GAAA,EAAK,CAAA;AAAA,IACvF;AAAA,EACF,CAAA,CAAA,MAAQ;AAAA,EAAe;AACzB;AAGA,eAAsB,gBAAA,CAAiB,KAAqB,MAAA,EAA+B;AACzF,EAAA,IAAI,GAAA,CAAI,QAAA,CAAS,OAAA,CAAQ,UAAA,EAAY;AACnC,IAAA,MAAM,GAAA,CAAI,QAAA,CAAS,OAAA,CAAQ,UAAA,CAAW,MAAM,CAAA;AAC5C,IAAA,MAAM,IAAA,CAAK,GAAA,EAAK,EAAE,IAAA,EAAM,iBAAA,EAAmB,MAAA,EAAQ,IAAA,EAAM,EAAE,KAAA,EAAO,KAAA,EAAM,EAAG,CAAA;AAC3E,IAAA,MAAM,aAAA,CAAc,GAAG,CAAA,CAAE,gBAAA,CAAiB,EAAE,QAAQ,SAAA,EAAW,IAAA,EAAM,KAAA,EAAO,KAAA,EAAO,CAAA;AAAA,EACrF;AACF;;;ACeA,eAAsB,mBAAA,CACpB,UACA,KAAA,EACoC;AACpC,EAAA,MAAM,EAAE,WAAA,EAAa,YAAA,EAAc,EAAA,EAAI,WAAU,GAAI,KAAA;AAGrD,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,MAAMC,QAAAA,GAAU,MAAM,eAAA,CAAgB,QAAA,CAAS,QAAQ,WAAW,CAAA;AAClE,IAAA,IAAIA,QAAAA,IAAWA,QAAAA,CAAQ,SAAA,GAAY,IAAA,CAAK,KAAI,EAAG;AAC7C,MAAA,OAAO,EAAE,OAAA,EAAAA,QAAAA,EAAS,MAAA,EAAQ,IAAA,EAAM,WAAW,KAAA,EAAM;AAAA,IACnD;AAAA,EACF;AAGA,EAAA,IAAI,CAAC,YAAA,EAAc;AACjB,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,WAAW,KAAA,EAAM;AAAA,EACzD;AAEA,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,MAAM,QAAA,CAAS,OAAA,CAAQ,EAAE,YAAA,EAAc,EAAA,EAAI,WAAW,CAAA;AAAA,EACjE,CAAA,CAAA,MAAQ;AAEN,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,WAAW,KAAA,EAAM;AAAA,EACzD;AAEA,EAAA,MAAM,UAAU,MAAM,eAAA,CAAgB,QAAA,CAAS,MAAA,EAAQ,OAAO,WAAW,CAAA;AACzE,EAAA,OAAO,EAAE,OAAA,EAAS,MAAA,EAAQ,SAAA,EAAW,IAAA,EAAK;AAC5C;;;AC/EA,IAAA,gBAAA,GAAA;AAAA,QAAA,CAAA,gBAAA,EAAA;AAAA,EAAA,IAAA,EAAA,MAAA,IAAA;AAAA,EAAA,MAAA,EAAA,MAAAC;AAAA,CAAA,CAAA;AASA,IAAM,IAAA,GAAO,GAAA;AACb,IAAM,MAAA,GAAS,EAAA;AACf,IAAM,QAAA,GAAW,EAAA;AAEjB,SAAS,IAAI,GAAA,EAAuC;AAClD,EAAA,MAAM,QAAQ,GAAA,YAAe,UAAA,GAAa,GAAA,GAAM,IAAI,WAAW,GAAG,CAAA;AAClE,EAAA,IAAI,CAAA,GAAI,EAAA;AAAI,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,EAAO,CAAA,IAAK,MAAA,CAAO,aAAa,CAAC,CAAA;AAC7D,EAAA,OAAO,KAAK,CAAC,CAAA;AACf;AACA,SAAS,QAAQ,CAAA,EAAuB;AACtC,EAAA,MAAM,GAAA,GAAM,KAAK,CAAC,CAAA;AAAG,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,GAAA,CAAI,MAAM,CAAA;AAC1D,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,GAAA,CAAI,MAAA,EAAQ,CAAA,EAAA,EAAK,GAAA,CAAI,CAAC,CAAA,GAAI,GAAA,CAAI,UAAA,CAAW,CAAC,CAAA;AAC9D,EAAA,OAAO,GAAA;AACT;AAEA,eAAe,UAAA,CAAW,UAAkB,IAAA,EAAuC;AACjF,EAAA,MAAM,WAAA,GAAc,IAAI,WAAA,EAAY,CAAE,OAAO,QAAQ,CAAA;AACrD,EAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA,CAAU,KAAA,EAAO,WAAA,EAA6B,QAAA,EAAU,KAAA,EAAO,CAAC,YAAY,CAAC,CAAA;AAC7G,EAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,MAAA,CAAO,UAAA;AAAA,IAC/B,EAAE,IAAA,EAAM,QAAA,EAAU,MAA4B,UAAA,EAAY,IAAA,EAAM,MAAM,SAAA,EAAU;AAAA,IAChF,GAAA;AAAA,IACA,MAAA,GAAS;AAAA,GACX;AACA,EAAA,OAAO,IAAI,WAAW,IAAI,CAAA;AAC5B;AAEA,eAAe,SAAA,GAA8D;AAC3E,EAAA,IAAI;AAKF,IAAA,MAAM,MAAO,MAAM;AAAA;AAAA;AAAA;AAAA,MAEjB;AAAA,KACF,CAAE,KAAA,CAAM,MAAM,IAAI,CAAA;AAClB,IAAA,OAAO,GAAA,IAAO,IAAA;AAAA,EAChB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAEA,eAAsB,KAAK,QAAA,EAAmC;AAC5D,EAAA,MAAM,KAAA,GAAQ,MAAM,SAAA,EAAU;AAC9B,EAAA,IAAI,KAAA,EAAO;AACT,IAAA,OAAO,KAAA,CAAM,KAAK,QAAQ,CAAA;AAAA,EAC5B;AACA,EAAA,MAAM,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,QAAQ,CAAC,CAAA;AAC5D,EAAA,MAAM,CAAA,GAAI,MAAM,UAAA,CAAW,QAAA,EAAU,IAAI,CAAA;AACzC,EAAA,OAAO,CAAA,cAAA,EAAiB,IAAI,CAAA,CAAA,EAAI,GAAA,CAAI,IAAI,CAAC,CAAA,CAAA,EAAI,GAAA,CAAI,CAAC,CAAC,CAAA,CAAA;AACrD;AAEA,eAAsBA,OAAAA,CAAO,UAAkB,MAAA,EAAkC;AAC/E,EAAA,IAAI,MAAA,CAAO,UAAA,CAAW,SAAS,CAAA,EAAG;AAChC,IAAA,MAAM,KAAA,GAAQ,MAAM,SAAA,EAAU;AAC9B,IAAA,IAAI,CAAC,OAAO,OAAO,KAAA;AACnB,IAAA,OAAO,KAAA,CAAM,MAAA,CAAO,MAAA,EAAQ,QAAQ,CAAA;AAAA,EACtC;AACA,EAAA,MAAM,CAAC,QAAQ,OAAA,EAAS,OAAA,EAAS,OAAO,CAAA,GAAI,MAAA,CAAO,MAAM,GAAG,CAAA;AAC5D,EAAA,IAAI,MAAA,KAAW,mBAAmB,CAAC,OAAA,IAAW,CAAC,OAAA,IAAW,CAAC,SAAS,OAAO,KAAA;AAC3E,EAAA,MAAM,IAAA,GAAO,QAAQ,OAAO,CAAA;AAC5B,EAAA,MAAM,QAAA,GAAW,QAAQ,OAAO,CAAA;AAChC,EAAA,MAAM,WAAA,GAAc,IAAI,WAAA,EAAY,CAAE,OAAO,QAAQ,CAAA;AACrD,EAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA,CAAU,KAAA,EAAO,WAAA,EAA6B,QAAA,EAAU,KAAA,EAAO,CAAC,YAAY,CAAC,CAAA;AAC7G,EAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,MAAA,CAAO,UAAA;AAAA,IAC/B,EAAE,MAAM,QAAA,EAAU,IAAA,EAA4B,YAAY,MAAA,CAAO,OAAO,CAAA,EAAG,IAAA,EAAM,SAAA,EAAU;AAAA,IAC3F,GAAA;AAAA,IACA,SAAS,MAAA,GAAS;AAAA,GACpB;AACA,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,IAAI,CAAA;AAC/B,EAAA,IAAI,GAAA,CAAI,MAAA,KAAW,QAAA,CAAS,MAAA,EAAQ,OAAO,KAAA;AAC3C,EAAA,IAAI,IAAA,GAAO,CAAA;AACX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,GAAA,CAAI,MAAA,EAAQ,CAAA,EAAA,EAAK,IAAA,IAAQ,GAAA,CAAI,CAAC,CAAA,GAAK,QAAA,CAAS,CAAC,CAAA;AACjE,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB;;;ACnFA,IAAA,WAAA,GAAA;AAAA,QAAA,CAAA,WAAA,EAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,kBAAA,EAAA,MAAA,kBAAA;AAAA,EAAA,SAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAGO,SAAS,kBAAA,CAAmB,SAAS,CAAA,EAAW;AACrD,EAAA,MAAM,MAAM,EAAA,IAAM,MAAA;AAClB,EAAA,MAAM,CAAA,GAAI,OAAO,eAAA,CAAgB,IAAI,YAAY,CAAC,CAAC,CAAA,CAAE,CAAC,CAAA,GAAK,GAAA;AAC3D,EAAA,OAAO,CAAA,CAAE,QAAA,EAAS,CAAE,QAAA,CAAS,QAAQ,GAAG,CAAA;AAC1C;AAOO,SAAS,eAAA,CAAgB,UAAA,GAAa,GAAA,EAAK,MAAA,GAAS,CAAA,EAAiB;AAC1E,EAAA,OAAO,EAAE,IAAA,EAAM,kBAAA,CAAmB,MAAM,CAAA,EAAG,WAAW,IAAA,CAAK,GAAA,EAAI,GAAI,UAAA,GAAa,GAAA,EAAK;AACvF;AAEO,SAAS,UAAU,SAAA,EAAkC;AAC1D,EAAA,OAAO,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA,CAAU,SAAA;AAChC;;;ACpBA,IAAA,WAAA,GAAA;AAAA,QAAA,CAAA,WAAA,EAAA;AAAA,EAAA,cAAA,EAAA,MAAA,cAAA;AAAA,EAAA,cAAA,EAAA,MAAA,cAAA;AAAA,EAAA,SAAA,EAAA,MAAA,SAAA;AAAA,EAAA,SAAA,EAAA,MAAA,SAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,QAAA,EAAA,MAAA,QAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,gBAAA,EAAA,MAAA,gBAAA;AAAA,EAAA,aAAA,EAAA,MAAA;AAAA,CAAA,CAAA;;;ACkBO,SAAS,kBAAkB,CAAA,EAA4B;AAC5D,EAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,CAAA,CAAE,aAAa,CAAA;AACnC,EAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,MAAM,CAAA;AAC5C,EAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,CAAA,CAAE,QAAQ,CAAA;AAC5C,EAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,CAAA,CAAE,WAAW,CAAA;AAClD,EAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAA,CAAU,CAAA,CAAE,MAAA,IAAU,CAAC,QAAA,EAAU,OAAA,EAAS,SAAS,CAAA,EAAG,IAAA,CAAK,GAAG,CAAC,CAAA;AACpF,EAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,CAAA,CAAE,KAAK,CAAA;AACrC,EAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,CAAA,CAAE,aAAa,CAAA;AACtD,EAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,uBAAA,EAAyB,MAAM,CAAA;AACpD,EAAA,IAAI,EAAE,KAAA,EAAO,GAAA,CAAI,aAAa,GAAA,CAAI,OAAA,EAAS,EAAE,KAAK,CAAA;AAClD,EAAA,KAAA,MAAW,CAAC,CAAA,EAAG,CAAC,CAAA,IAAK,OAAO,OAAA,CAAQ,CAAA,CAAE,KAAA,IAAS,EAAE,CAAA,EAAG,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,GAAG,CAAC,CAAA;AAC7E,EAAA,OAAO,IAAI,QAAA,EAAS;AACtB;AAEA,eAAsB,gBAAA,GAAqE;AACzF,EAAA,MAAM,QAAQ,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,EAAE,CAAC,CAAA;AACvD,EAAA,MAAM,QAAA,GAAW,UAAU,KAAK,CAAA;AAChC,EAAA,MAAMC,KAAAA,GAAO,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,SAAA,EAAW,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,QAAQ,CAAC,CAAA;AACrF,EAAA,OAAO,EAAE,UAAU,SAAA,EAAW,SAAA,CAAU,IAAI,UAAA,CAAWA,KAAI,CAAC,CAAA,EAAE;AAChE;AAEO,SAAS,aAAA,GAAwB;AACtC,EAAA,OAAO,UAAU,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,EAAE,CAAC,CAAC,CAAA;AAC7D;AAEO,SAAS,aAAA,GAAwB;AACtC,EAAA,OAAO,UAAU,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,EAAE,CAAC,CAAC,CAAA;AAC7D;AAWA,eAAsB,aAAa,CAAA,EAAyD;AAC1F,EAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,IAC/B,UAAA,EAAY,oBAAA;AAAA,IACZ,MAAM,CAAA,CAAE,IAAA;AAAA,IACR,cAAc,CAAA,CAAE,WAAA;AAAA,IAChB,WAAW,CAAA,CAAE,QAAA;AAAA,IACb,eAAe,CAAA,CAAE,YAAA;AAAA,IACjB,eAAe,CAAA,CAAE;AAAA,GAClB,CAAA;AACD,EAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,CAAE,QAAA,EAAU;AAAA,IAClC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,mCAAA,EAAqC,QAAQ,kBAAA,EAAmB;AAAA,IAC3F;AAAA,GACD,CAAA;AACD,EAAA,IAAI,CAAC,IAAI,EAAA,EAAI,MAAM,IAAI,aAAA,CAAc,CAAA,uBAAA,EAA0B,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAC3E,EAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AACzB;AAEA,eAAsB,aAAA,CACpB,aACA,WAAA,EACkC;AAClC,EAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,WAAA,EAAa;AAAA,IACnC,SAAS,EAAE,aAAA,EAAe,UAAU,WAAW,CAAA,CAAA,EAAI,QAAQ,kBAAA;AAAmB,GAC/E,CAAA;AACD,EAAA,IAAI,CAAC,IAAI,EAAA,EAAI,MAAM,IAAI,aAAA,CAAc,CAAA,iBAAA,EAAoB,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AACrE,EAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AACzB;AAEO,SAAS,UAAU,KAAA,EAA2B;AACnD,EAAA,IAAI,CAAA,GAAI,EAAA;AAAI,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,EAAO,CAAA,IAAK,MAAA,CAAO,aAAa,CAAC,CAAA;AAC7D,EAAA,OAAO,IAAA,CAAK,CAAC,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC1E;;;ACnFO,SAAS,YAAA,CAAa,KAAqB,EAAA,EAA4B;AAC5E,EAAA,MAAM,CAAA,GAAI,IAAI,SAAA,EAAW,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,EAAE,CAAA;AAChD,EAAA,IAAI,CAAC,CAAA,EAAG,MAAM,IAAI,aAAA,CAAc,CAAA,kBAAA,EAAqB,EAAE,CAAA,CAAE,CAAA;AACzD,EAAA,OAAO,CAAA;AACT;AAOA,eAAsB,SAAA,CACpB,KACA,UAAA,EAC+E;AAC/E,EAAA,MAAM,CAAA,GAAI,YAAA,CAAa,GAAA,EAAK,UAAU,CAAA;AACtC,EAAA,MAAM,QAAQ,aAAA,EAAc;AAC5B,EAAA,MAAM,EAAE,QAAA,EAAU,SAAA,EAAU,GAAI,MAAM,gBAAA,EAAiB;AACvD,EAAA,MAAM,KAAA,GAAQ,CAAA,CAAE,IAAA,KAAS,MAAA,GAAS,eAAc,GAAI,MAAA;AAEpD,EAAA,MAAM,MAAM,iBAAA,CAAkB;AAAA,IAC5B,eAAe,CAAA,CAAE,gBAAA;AAAA,IACjB,UAAU,CAAA,CAAE,QAAA;AAAA,IACZ,aAAa,CAAA,CAAE,WAAA;AAAA,IACf,QAAQ,CAAA,CAAE,MAAA;AAAA,IACV,KAAA;AAAA,IACA,aAAA,EAAe,SAAA;AAAA,IACf;AAAA,GACD,CAAA;AAED,EAAA,MAAM,IAAA,CAAK,GAAA,EAAK,EAAE,IAAA,EAAM,eAAA,EAAiB,MAAM,EAAE,QAAA,EAAU,UAAA,EAAW,EAAG,CAAA;AACzE,EAAA,OAAO,EAAE,GAAA,EAAK,KAAA,EAAO,YAAA,EAAc,UAAU,KAAA,EAAM;AACrD;;;ACZA,eAAe,kBAAA,CACb,GACA,KAAA,EAC0E;AAC1E,EAAA,MAAM,MAAA,GAAS,MAAM,YAAA,CAAa;AAAA,IAChC,UAAU,CAAA,CAAE,QAAA;AAAA,IACZ,UAAU,CAAA,CAAE,QAAA;AAAA,IACZ,cAAc,CAAA,CAAE,YAAA;AAAA,IAChB,aAAa,CAAA,CAAE,WAAA;AAAA,IACf,MAAM,KAAA,CAAM,IAAA;AAAA,IACZ,cAAc,KAAA,CAAM;AAAA,GACrB,CAAA;AAED,EAAA,MAAM,cAAc,OAAO,MAAA,CAAO,YAAA,KAAiB,QAAA,GAAW,OAAO,YAAA,GAAe,IAAA;AACpF,EAAA,IAAI,CAAC,WAAA,EAAa,MAAM,IAAI,cAAc,6BAA6B,CAAA;AAEvE,EAAA,IAAI,CAAA,CAAE,SAAS,MAAA,EAAQ;AACrB,IAAA,MAAM,UAAU,OAAO,MAAA,CAAO,QAAA,KAAa,QAAA,GAAW,OAAO,QAAA,GAAW,IAAA;AACxE,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,MAAM,MAAA,GAAS,OAMZ,OAAO,CAAA;AACV,MAAA,IAAI,MAAA,CAAO,GAAA,IAAO,MAAA,CAAO,KAAA,EAAO;AAC9B,QAAA,OAAO;AAAA,UACL,MAAA;AAAA,UACA,OAAA,EAAS;AAAA,YACP,mBAAmB,MAAA,CAAO,GAAA;AAAA,YAC1B,KAAA,EAAO,MAAA,CAAO,KAAA,CAAM,WAAA,EAAY;AAAA,YAChC,IAAA,EAAM,OAAO,IAAA,IAAQ,IAAA;AAAA,YACrB,KAAA,EAAO,OAAO,OAAA,IAAW,IAAA;AAAA,YACzB,aAAA,EAAe,OAAO,cAAA,IAAkB;AAAA;AAC1C,SACF;AAAA,MACF;AAAA,IACF;AAEA,IAAA,MAAM,EAAA,GAAK,MAAM,aAAA,CAAc,CAAA,CAAE,aAAa,WAAW,CAAA;AACzD,IAAA,MAAM,GAAA,GAAO,GAAG,GAAA,IAAO,EAAA;AACvB,IAAA,MAAMC,MAAAA,GAAQ,OAAO,EAAA,CAAG,KAAA,KAAU,WAAW,EAAA,CAAG,KAAA,CAAM,aAAY,GAAI,EAAA;AACtE,IAAA,IAAI,CAAC,GAAA,IAAO,CAACA,QAAO,MAAM,IAAI,cAAc,4BAA4B,CAAA;AACxE,IAAA,OAAO;AAAA,MACL,MAAA;AAAA,MACA,OAAA,EAAS;AAAA,QACP,iBAAA,EAAmB,GAAA;AAAA,QACnB,KAAA,EAAAA,MAAAA;AAAA,QACA,IAAA,EAAO,GAAG,IAAA,IAA0B,IAAA;AAAA,QACpC,KAAA,EAAQ,GAAG,OAAA,IAA6B,IAAA;AAAA,QACxC,aAAA,EAAe,OAAA,CAAQ,EAAA,CAAG,cAAc;AAAA;AAC1C,KACF;AAAA,EACF;AAGA,EAAA,MAAM,GAAA,GAAM,MAAM,aAAA,CAAc,CAAA,CAAE,aAAa,WAAW,CAAA;AAC1D,EAAA,MAAM,MAAA,GAAS,CAAA,CAAE,OAAA,CAAQ,GAAG,CAAA;AAC5B,EAAA,IAAI,CAAC,MAAA,CAAO,iBAAA,EAAmB,MAAM,IAAI,cAAc,6BAA6B,CAAA;AAEpF,EAAA,IAAI,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,WAAA,EAAY;AACrC,EAAA,IAAI,QAAA,GAAW,KAAA;AACf,EAAA,IAAI,CAAC,KAAA,IAAS,CAAA,CAAE,EAAA,KAAO,QAAA,EAAU;AAC/B,IAAA,MAAM,MAAA,GAAU,MAAM,aAAA,CAAc,oCAAA,EAAsC,WAAW,CAAA;AAKrF,IAAA,MAAM,OAAA,GAAU,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA,GAAI,MAAA;AACxE,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,KAAA,GAAQ,OAAA,CAAQ,MAAM,WAAA,EAAY;AAClC,MAAA,QAAA,GAAW,OAAA,CAAQ,QAAA;AAAA,IACrB;AAAA,EACF;AACA,EAAA,IAAI,CAAC,KAAA,EAAO,MAAM,IAAI,cAAc,kCAAkC,CAAA;AACtE,EAAA,OAAO;AAAA,IACL,MAAA;AAAA,IACA,OAAA,EAAS;AAAA,MACP,mBAAmB,MAAA,CAAO,iBAAA;AAAA,MAC1B,KAAA;AAAA,MACA,IAAA,EAAM,OAAO,IAAA,IAAQ,IAAA;AAAA,MACrB,KAAA,EAAO,OAAO,KAAA,IAAS,IAAA;AAAA,MACvB,aAAA,EAAe;AAAA;AACjB,GACF;AACF;AAEA,eAAe,WAAA,CACb,GAAA,EACA,QAAA,EACA,OAAA,EACA,SAAA,EACsB;AACtB,EAAA,MAAM,OAAA,GAAU,IAAI,QAAA,CAAS,OAAA;AAG7B,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,MAAM,WAAW,MAAM,OAAA,CAAQ,qBAAqB,QAAA,CAAS,EAAA,EAAI,QAAQ,iBAAiB,CAAA;AAC1F,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,MAAM,IAAI,MAAM,GAAA,CAAI,SAAS,IAAA,CAAK,WAAA,CAAY,SAAS,MAAM,CAAA;AAC7D,MAAA,IAAI,GAAG,OAAO,CAAA;AAAA,IAChB;AAAA,EACF;AAGA,EAAA,MAAM,UAAU,MAAM,GAAA,CAAI,SAAS,IAAA,CAAK,cAAA,CAAe,QAAQ,KAAK,CAAA;AACpE,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,IAAI,CAAC,GAAA,CAAI,iCAAA,IAAqC,CAAC,QAAQ,aAAA,EAAe;AACpE,MAAA,MAAM,IAAI,oBAAA;AAAA,QACR,CAAA,sBAAA,EAAyB,QAAQ,KAAK,CAAA,wFAAA;AAAA,OACxC;AAAA,IACF;AAEA,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,MAAM,MAAA,GAAS,MAAM,OAAA,CAAQ,WAAA,CAAY;AAAA,QACvC,QAAQ,OAAA,CAAQ,EAAA;AAAA,QAChB,UAAU,QAAA,CAAS,EAAA;AAAA,QACnB,mBAAmB,OAAA,CAAQ,iBAAA;AAAA,QAC3B,OAAO,OAAA,CAAQ,KAAA;AAAA,QACf,WAAA,EAAc,UAAU,YAAA,IAA2B,IAAA;AAAA,QACnD,YAAA,EAAe,UAAU,aAAA,IAA4B,IAAA;AAAA,QACrD,OAAA,EAAU,UAAU,QAAA,IAAuB,IAAA;AAAA,QAC3C,SAAA,EAAY,UAAU,UAAA,IAAyB,IAAA;AAAA,QAC/C,KAAA,EAAQ,UAAU,KAAA,IAAoB,IAAA;AAAA,QACtC,SAAA,EAAW,OAAO,SAAA,CAAU,UAAA,KAAe,QAAA,GACvC,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,EAAI,GAAK,SAAA,CAAU,UAAA,GAAwB,GAAI,CAAA,GAC7D;AAAA,OACL,CAAA;AACD,MAAA,MAAM,KAAK,GAAA,EAAK;AAAA,QACd,IAAA,EAAM,gBAAA;AAAA,QACN,QAAQ,OAAA,CAAQ,EAAA;AAAA,QAChB,IAAA,EAAM,EAAE,QAAA,EAAU,QAAA,CAAS,IAAI,SAAA,EAAW,MAAA,CAAO,EAAA,EAAI,IAAA,EAAM,IAAA;AAAK,OACjE,CAAA;AAAA,IACH;AACA,IAAA,OAAO,OAAA;AAAA,EACT;AAGA,EAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,QAAA,CAAS,KAAK,UAAA,CAAW;AAAA,IAC9C,OAAO,OAAA,CAAQ,KAAA;AAAA,IACf,IAAA,EAAM,QAAQ,IAAA,IAAQ,IAAA;AAAA,IACtB,KAAA,EAAO,QAAQ,KAAA,IAAS,IAAA;AAAA,IACxB,aAAA,EAAe,OAAA,CAAQ,aAAA,mBAAgB,IAAI,MAAK,GAAI;AAAA,GACrD,CAAA;AACD,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,MAAM,MAAA,GAAS,MAAM,OAAA,CAAQ,WAAA,CAAY;AAAA,MACvC,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,UAAU,QAAA,CAAS,EAAA;AAAA,MACnB,mBAAmB,OAAA,CAAQ,iBAAA;AAAA,MAC3B,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,WAAA,EAAc,UAAU,YAAA,IAA2B,IAAA;AAAA,MACnD,YAAA,EAAe,UAAU,aAAA,IAA4B,IAAA;AAAA,MACrD,OAAA,EAAU,UAAU,QAAA,IAAuB,IAAA;AAAA,MAC3C,SAAA,EAAY,UAAU,UAAA,IAAyB,IAAA;AAAA,MAC/C,KAAA,EAAQ,UAAU,KAAA,IAAoB,IAAA;AAAA,MACtC,SAAA,EAAW,OAAO,SAAA,CAAU,UAAA,KAAe,QAAA,GACvC,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,EAAI,GAAK,SAAA,CAAU,UAAA,GAAwB,GAAI,CAAA,GAC7D;AAAA,KACL,CAAA;AACD,IAAA,MAAM,KAAK,GAAA,EAAK;AAAA,MACd,IAAA,EAAM,gBAAA;AAAA,MACN,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,IAAA,EAAM,EAAE,QAAA,EAAU,QAAA,CAAS,IAAI,SAAA,EAAW,MAAA,CAAO,EAAA,EAAI,QAAA,EAAU,IAAA;AAAK,KACrE,CAAA;AAAA,EACH;AACA,EAAA,OAAO,IAAA;AACT;AAEA,eAAsB,QAAA,CACpB,GAAA,EACA,UAAA,EACA,KAAA,EACsD;AACtD,EAAA,MAAM,CAAA,GAAI,YAAA,CAAa,GAAA,EAAK,UAAU,CAAA;AACtC,EAAA,IAAI;AACF,IAAA,MAAM,EAAE,QAAQ,SAAA,EAAW,OAAA,KAAY,MAAM,kBAAA,CAAmB,GAAG,KAAK,CAAA;AACxE,IAAA,MAAM,OAAO,MAAM,WAAA,CAAY,GAAA,EAAK,CAAA,EAAG,SAAS,SAAS,CAAA;AAEzD,IAAA,MAAM,MAAA,GAAS,MAAM,YAAA,CAAa,GAAA,EAAK;AAAA,MACrC,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,EAAA,EAAI,MAAM,EAAA,IAAM,IAAA;AAAA,MAChB,SAAA,EAAW,MAAM,SAAA,IAAa;AAAA,KAC/B,CAAA;AACD,IAAA,MAAM,KAAK,GAAA,EAAK;AAAA,MACd,IAAA,EAAM,iBAAA;AAAA,MACN,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,WAAW,MAAA,CAAO,SAAA;AAAA,MAClB,IAAA,EAAM,EAAE,QAAA,EAAU,UAAA;AAAW,KAC9B,CAAA;AACD,IAAA,OAAO,EAAE,MAAM,MAAA,EAAO;AAAA,EACxB,SAAS,CAAA,EAAG;AACV,IAAA,MAAM,KAAK,GAAA,EAAK;AAAA,MACd,IAAA,EAAM,qBAAA;AAAA,MACN,MAAM,EAAE,QAAA,EAAU,UAAA,EAAY,KAAA,EAAQ,EAAY,OAAA;AAAQ,KAC3D,CAAA;AACD,IAAA,MAAM,CAAA;AAAA,EACR;AACF;;;ACpNO,SAAS,eAAe,IAAA,EAAyC;AACtE,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,MAAA;AAAA,IACN,EAAA,EAAI,KAAK,EAAA,IAAM,QAAA;AAAA,IACf,IAAA,EAAM,QAAA;AAAA,IACN,UAAU,IAAA,CAAK,QAAA;AAAA,IACf,cAAc,IAAA,CAAK,YAAA;AAAA,IACnB,aAAa,IAAA,CAAK,WAAA;AAAA,IAClB,QAAQ,IAAA,CAAK,MAAA,IAAU,CAAC,QAAA,EAAU,SAAS,SAAS,CAAA;AAAA,IACpD,MAAA,EAAQ,6BAAA;AAAA,IACR,gBAAA,EAAkB,8CAAA;AAAA,IAClB,QAAA,EAAU,qCAAA;AAAA,IACV,WAAA,EAAa;AAAA,GACf;AACF;;;ACdO,SAAS,eAAe,IAAA,EAA2C;AACxE,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,QAAA;AAAA,IACN,EAAA,EAAI,KAAK,EAAA,IAAM,QAAA;AAAA,IACf,IAAA,EAAM,QAAA;AAAA,IACN,UAAU,IAAA,CAAK,QAAA;AAAA,IACf,cAAc,IAAA,CAAK,YAAA;AAAA,IACnB,aAAa,IAAA,CAAK,WAAA;AAAA,IAClB,MAAA,EAAQ,IAAA,CAAK,MAAA,IAAU,CAAC,aAAa,YAAY,CAAA;AAAA,IACjD,gBAAA,EAAkB,0CAAA;AAAA,IAClB,QAAA,EAAU,6CAAA;AAAA,IACV,WAAA,EAAa,6BAAA;AAAA,IACb,OAAA,EAAS,CAAC,GAAA,KAAQ;AAChB,MAAA,MAAM,CAAA,GAAK,OAAO,EAAC;AAOnB,MAAA,OAAO;AAAA,QACL,mBAAmB,MAAA,CAAO,CAAA,CAAE,EAAA,IAAM,CAAA,CAAE,SAAS,EAAE,CAAA;AAAA,QAC/C,KAAA,EAAO,EAAE,KAAA,IAAS,EAAA;AAAA,QAClB,IAAA,EAAM,CAAA,CAAE,IAAA,IAAQ,CAAA,CAAE,KAAA,IAAS,IAAA;AAAA,QAC3B,KAAA,EAAO,EAAE,UAAA,IAAc;AAAA,OACzB;AAAA,IACF;AAAA,GACF;AACF;;;ACvCA,IAAA,gBAAA,GAAA;;;ACAA,IAAA,eAAA,GAAA;AAAA,QAAA,CAAA,eAAA,EAAA;AAAA,EAAA,WAAA,EAAA,MAAA,WAAA;AAAA,EAAA,WAAA,EAAA,MAAA,WAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,UAAA,EAAA,MAAA;AAAA,CAAA,CAAA;;;ACeO,SAAS,UAAA,CAAW,KAAqB,IAAA,EAA0B;AACxE,EAAA,MAAM,MAAA,GAAS,GAAA,CAAI,MAAA,EAAQ,YAAA,IAAgB,UAAA;AAC3C,EAAA,QAAQ,IAAA;AAAM,IACZ,KAAK,QAAA;AAAc,MAAA,OAAO,GAAG,MAAM,CAAA,GAAA,CAAA;AAAA,IACnC,KAAK,SAAA;AAAc,MAAA,OAAO,GAAG,MAAM,CAAA,GAAA,CAAA;AAAA,IACnC,KAAK,MAAA;AAAc,MAAA,OAAO,GAAG,MAAM,CAAA,KAAA,CAAA;AAAA,IACnC,KAAK,SAAA;AAAc,MAAA,OAAO,GAAG,MAAM,CAAA,QAAA,CAAA;AAAA,IACnC,KAAK,YAAA;AAAc,MAAA,OAAO,GAAG,MAAM,CAAA,YAAA,CAAA;AAAA,IACnC,KAAK,WAAA;AAAc,MAAA,OAAO,GAAG,MAAM,CAAA,WAAA,CAAA;AAAA;AAEvC;AAEO,SAAS,YAAA,GAAwB;AACtC,EAAA,OAAQ,UAAA,CAA6D,OAAA,EAAS,GAAA,EAAK,QAAA,KAAa,YAAA;AAClG;AAaO,SAAS,WAAA,CAAY,KAAqB,KAAA,EAAqC;AACpF,EAAA,MAAM,QAAA,GAAW,KAAA,CAAM,QAAA,IAAY,KAAA,CAAM,IAAA,KAAS,MAAA;AAClD,EAAA,MAAM,MAAA,GAAS,GAAA,CAAI,MAAA,EAAQ,YAAA,IAAgB,YAAA,EAAa;AACxD,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,UAAA,CAAW,GAAA,EAAK,KAAA,CAAM,IAAI,CAAA;AAAA,IAChC,OAAO,KAAA,CAAM,KAAA;AAAA,IACb,QAAQ,KAAA,CAAM,MAAA;AAAA,IACd,QAAA;AAAA,IACA,MAAA;AAAA,IACA,QAAA,EAAU,KAAA,CAAM,QAAA,IAAY,GAAA,CAAI,QAAQ,QAAA,IAAY,KAAA;AAAA,IACpD,IAAA,EAAM,MAAM,IAAA,IAAQ,GAAA;AAAA,IACpB,MAAA,EAAQ,IAAI,MAAA,EAAQ;AAAA,GACtB;AACF;AAGO,SAAS,gBAAgB,CAAA,EAAuB;AACrD,EAAA,MAAM,KAAA,GAAQ,CAAC,CAAA,EAAG,CAAA,CAAE,IAAI,IAAI,kBAAA,CAAmB,CAAA,CAAE,KAAK,CAAC,CAAA,CAAE,CAAA;AACzD,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,KAAA,EAAQ,CAAA,CAAE,IAAI,CAAA,CAAE,CAAA;AAC3B,EAAA,IAAI,EAAE,MAAA,EAAQ,KAAA,CAAM,KAAK,CAAA,OAAA,EAAU,CAAA,CAAE,MAAM,CAAA,CAAE,CAAA;AAC7C,EAAA,IAAI,CAAA,CAAE,WAAW,MAAA,EAAW;AAC1B,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,QAAA,EAAW,CAAA,CAAE,MAAM,CAAA,CAAE,CAAA;AAChC,IAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,EAAG,KAAA,CAAM,KAAK,uCAAuC,CAAA;AAAA,EACxE;AACA,EAAA,IAAI,CAAA,CAAE,QAAA,EAAU,KAAA,CAAM,IAAA,CAAK,UAAU,CAAA;AACrC,EAAA,IAAI,CAAA,CAAE,MAAA,EAAQ,KAAA,CAAM,IAAA,CAAK,QAAQ,CAAA;AACjC,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,SAAA,EAAY,CAAA,CAAE,QAAA,CAAS,OAAO,CAAC,CAAA,CAAE,WAAA,EAAa,GAAG,CAAA,CAAE,QAAA,CAAS,KAAA,CAAM,CAAC,CAAC,CAAA,CAAE,CAAA;AACjF,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AACxB;AAEO,SAAS,YAAA,CAAa,KAAqB,IAAA,EAA8B;AAC9E,EAAA,OAAO,WAAA,CAAY,KAAK,EAAE,IAAA,EAAM,OAAO,EAAA,EAAI,MAAA,EAAQ,GAAG,CAAA;AACxD;;;AC1EA,IAAA,cAAA,GAAA;AAAA,QAAA,CAAA,cAAA,EAAA;AAAA,EAAA,IAAA,EAAA,MAAA,IAAA;AAAA,EAAA,SAAA,EAAA,MAAA,SAAA;AAAA,EAAA,WAAA,EAAA,MAAA;AAAA,CAAA,CAAA;;;ACAA,IAAA,aAAA,GAAA;AAAA,QAAA,CAAA,aAAA,EAAA;AAAA,EAAA,cAAA,EAAA,MAAA,cAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,oBAAA,EAAA,MAAA,oBAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,WAAA,EAAA,MAAA,WAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,QAAA,EAAA,MAAA,QAAA;AAAA,EAAA,oBAAA,EAAA,MAAA,oBAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,MAAA,EAAA,MAAA,MAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,kBAAA,EAAA,MAAA;AAAA,CAAA,CAAA;;;ACaA,eAAsB,QAAA,CACpB,GAAA,EACA,KAAA,EACA,KAAA,EACsB;AACtB,EAAA,IAAI,GAAA,CAAI,YAAA,EAAc,SAAA,KAAc,KAAA,EAAO;AACzC,IAAA,MAAM,IAAI,yBAAA,EAA0B;AAAA,EACtC;AACA,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,IAAA,GAAO,WAAA,EAAY;AAC7C,EAAA,MAAM,KAAA,CAAM,iBAAA,CAAkB,EAAE,KAAA,EAAO,QAAA,EAAU,KAAA,CAAM,QAAA,EAAU,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,IAAA,EAAM,CAAA;AAE3F,EAAA,MAAM,WAAW,MAAM,GAAA,CAAI,QAAA,CAAS,IAAA,CAAK,eAAe,KAAK,CAAA;AAC7D,EAAA,IAAI,QAAA,EAAU,MAAM,IAAI,oBAAA,CAAqB,0BAA0B,CAAA;AAEvE,EAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAO,KAAA,CAAM,QAAQ,CAAA;AAChD,EAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,QAAA,CAAS,KAAK,UAAA,CAAW;AAAA,IAC9C,KAAA;AAAA,IACA,IAAA,EAAM,MAAM,IAAA,IAAQ,IAAA;AAAA,IACpB,YAAA;AAAA,IACA,aAAA,EAAe;AAAA,GAChB,CAAA;AAED,EAAA,MAAM,IAAA,CAAK,GAAA,EAAK,EAAE,IAAA,EAAM,iBAAA,EAAmB,MAAA,EAAQ,IAAA,CAAK,EAAA,EAAI,IAAA,EAAM,EAAE,KAAA,EAAM,EAAG,CAAA;AAC7E,EAAA,MAAM,KAAA,CAAM,iBAAiB,IAAI,CAAA;AACjC,EAAA,OAAO,IAAA;AACT;;;AClBA,eAAsB,MAAA,CACpB,GAAA,EACA,KAAA,EACA,KAAA,EACuB;AACvB,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,IAAA,GAAO,WAAA,EAAY;AAC7C,EAAA,MAAM,KAAA,CAAM,eAAA,CAAgB,EAAE,KAAA,EAAO,EAAA,EAAI,MAAM,EAAA,EAAI,SAAA,EAAW,KAAA,CAAM,SAAA,EAAW,CAAA;AAE/E,EAAA,MAAM,OAAO,MAAM,GAAA,CAAI,QAAA,CAAS,IAAA,CAAK,eAAe,KAAK,CAAA;AACzD,EAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,KAAK,YAAA,EAAc,MAAM,IAAI,gBAAA,EAAiB;AAE5D,EAAA,MAAM,KAAK,MAAMF,OAAAA,CAAS,KAAA,CAAM,QAAA,EAAU,KAAK,YAAY,CAAA;AAC3D,EAAA,IAAI,CAAC,EAAA,EAAI,MAAM,IAAI,gBAAA,EAAiB;AAEpC,EAAA,MAAM,SAAA,GAAY,MAAM,KAAA,CAAM,kBAAA,CAAmB,IAAA,EAAM;AAAA,IACrD,IAAI,KAAA,CAAM,EAAA;AAAA,IACV,WAAW,KAAA,CAAM;AAAA,GAClB,CAAA;AACD,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,MAAM,KAAK,GAAA,EAAK;AAAA,MACd,IAAA,EAAM,gBAAA;AAAA,MACN,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,EAAA,EAAI,MAAM,EAAA,IAAM,IAAA;AAAA,MAChB,SAAA,EAAW,MAAM,SAAA,IAAa,IAAA;AAAA,MAC9B,MAAM,EAAE,KAAA,EAAO,SAAA,EAAW,QAAA,EAAU,UAAU,QAAA;AAAS,KACxD,CAAA;AACD,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,SAAA;AAAA,MACN,UAAU,SAAA,CAAU,QAAA;AAAA,MACpB,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,cAAc,SAAA,CAAU,YAAA;AAAA,MACxB,kBAAkB,SAAA,CAAU,SAAA;AAAA,MAC5B,IAAA,EAAM,UAAU,IAAA,IAAQ;AAAA,KAC1B;AAAA,EACF;AAEA,EAAA,MAAM,MAAA,GAAS,MAAM,YAAA,CAAa,GAAA,EAAK;AAAA,IACrC,QAAQ,IAAA,CAAK,EAAA;AAAA,IACb,EAAA,EAAI,MAAM,EAAA,IAAM,IAAA;AAAA,IAChB,SAAA,EAAW,MAAM,SAAA,IAAa;AAAA,GAC/B,CAAA;AACD,EAAA,MAAM,KAAK,GAAA,EAAK;AAAA,IACd,IAAA,EAAM,gBAAA;AAAA,IACN,QAAQ,IAAA,CAAK,EAAA;AAAA,IACb,WAAW,MAAA,CAAO,SAAA;AAAA,IAClB,EAAA,EAAI,MAAM,EAAA,IAAM,IAAA;AAAA,IAChB,SAAA,EAAW,MAAM,SAAA,IAAa,IAAA;AAAA,IAC9B,IAAA,EAAM,EAAE,MAAA,EAAQ,UAAA;AAAW,GAC5B,CAAA;AACD,EAAA,MAAM,MAAM,cAAA,CAAe,EAAE,MAAM,MAAA,EAAQ,MAAA,EAAQ,YAAY,CAAA;AAC/D,EAAA,OAAO,EAAE,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,MAAA,EAAO;AACpC;AAOA,eAAsB,iBAAA,CACpB,KACA,KAAA,EAC+C;AAC/C,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,UAAA,IAAc,GAAA,CAAI,QAAQ,UAAA,IAAc,GAAA;AAC1D,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,MAAM,QAAQ,MAAM,IAAA;AAAA,IAClB,EAAE,GAAA,EAAK,KAAA,CAAM,MAAA,EAAQ,GAAA,EAAK,SAAA,EAAW,GAAA,EAAK,KAAA,CAAM,QAAA,EAAU,GAAI,KAAA,CAAM,KAAA,IAAS,EAAC,EAAG;AAAA,IACjF,IAAI,OAAA,CAAQ,SAAA;AAAA,IACZ,EAAE,SAAA,EAAW,CAAA,EAAG,GAAG,CAAA,CAAA,CAAA;AAAI,GACzB;AACA,EAAA,OAAO,EAAE,KAAA,EAAO,SAAA,EAAA,CAAY,GAAA,GAAM,OAAO,GAAA,EAAK;AAChD;AAEA,eAAsB,kBAAA,CACpB,GAAA,EACA,KAAA,EACA,gBAAA,EAC6D;AAC7D,EAAA,MAAM,SAAS,MAAM,MAAA;AAAA,IACnB,KAAA;AAAA,IACA,IAAI,OAAA,CAAQ;AAAA,GACd;AACA,EAAA,IAAI,MAAA,CAAO,QAAQ,SAAA,IAAa,MAAA,CAAO,QAAQ,gBAAA,IAAoB,CAAC,OAAO,GAAA,EAAK;AAC9E,IAAA,MAAM,IAAI,iBAAiB,uBAAuB,CAAA;AAAA,EACpD;AAEA,EAAA,MAAM,EAAE,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,KAAK,GAAA,EAAK,GAAA,EAAK,GAAG,KAAA,EAAM,GAAI,MAAA;AAMxD,EAAA,OAAO,EAAE,MAAA,EAAQ,GAAA,EAAK,KAAA,EAAM;AAC9B;;;ACrGA,eAAsB,OAAA,CACpB,GAAA,EACA,KAAA,EACA,KAAA,EACe;AACf,EAAA,IAAI,MAAA,GAAwB,IAAA;AAC5B,EAAA,IAAI,SAAA,GAA2B,IAAA;AAE/B,EAAA,IAAI,MAAM,YAAA,EAAc;AACtB,IAAA,MAAM,eAAA,CAAgB,GAAA,EAAK,KAAA,CAAM,YAAY,CAAA;AAAA,EAC/C,CAAA,MAAA,IAAW,MAAM,WAAA,EAAa;AAC5B,IAAA,IAAI;AACF,MAAA,MAAM,IAAI,MAAM,MAAA,CAAuC,MAAM,WAAA,EAAa,GAAA,CAAI,QAAQ,SAAS,CAAA;AAC/F,MAAA,IAAI,EAAE,GAAA,EAAK;AACT,QAAA,SAAA,GAAY,CAAA,CAAE,GAAA;AACd,QAAA,MAAA,GAAS,EAAE,GAAA,IAAO,IAAA;AAClB,QAAA,MAAM,aAAA,CAAc,GAAA,EAAK,CAAA,CAAE,GAAA,EAAK,EAAE,GAAG,CAAA;AAAA,MACvC;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAAe;AAAA,EACzB;AAEA,EAAA,MAAM,KAAK,GAAA,EAAK;AAAA,IACd,IAAA,EAAM,iBAAA;AAAA,IACN,MAAA;AAAA,IACA;AAAA,GACD,CAAA;AACD,EAAA,MAAM,KAAA,CAAM,eAAA,CAAgB,EAAE,MAAA,EAAQ,WAAW,CAAA;AACnD;;;AC3BA,eAAsB,OAAA,CACpB,GAAA,EACA,KAAA,EACA,KAAA,EACuB;AACvB,EAAA,MAAM,KAAA,CAAM,iBAAiB,EAAE,EAAA,EAAI,MAAM,EAAA,EAAI,SAAA,EAAW,KAAA,CAAM,SAAA,EAAW,CAAA;AACzE,EAAA,MAAM,MAAA,GAAS,MAAM,aAAA,CAAc,GAAA,EAAK,MAAM,YAAA,EAAc;AAAA,IAC1D,EAAA,EAAI,MAAM,EAAA,IAAM,IAAA;AAAA,IAChB,SAAA,EAAW,MAAM,SAAA,IAAa;AAAA,GAC/B,CAAA;AAED,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,IAAI;AACF,IAAA,MAAM,IAAI,MAAM,MAAA,CAAyB,OAAO,WAAA,EAAa,GAAA,CAAI,QAAQ,SAAS,CAAA;AAClF,IAAA,MAAA,GAAS,EAAE,GAAA,IAAO,EAAA;AAAA,EACpB,CAAA,CAAA,MAAQ;AAAA,EAAoB;AAC5B,EAAA,MAAM,MAAM,eAAA,CAAgB;AAAA,IAC1B,MAAA;AAAA,IACA,WAAW,MAAA,CAAO,SAAA;AAAA,IAClB;AAAA,GACD,CAAA;AACD,EAAA,OAAO,MAAA;AACT;;;AC3BA,eAAsB,gBAAA,CAAoB,KAAqB,EAAA,EAAkC;AAC/F,EAAA,MAAM,EAAA,GAAK,IAAI,QAAA,CAAS,WAAA;AACxB,EAAA,IAAI,CAAC,EAAA,EAAI,OAAO,EAAA,EAAG;AACnB,EAAA,OAAO,EAAA,CAAG,IAAI,EAAE,CAAA;AAClB;;;ACMA,eAAsB,cAAA,CACpB,GAAA,EACA,KAAA,EACA,KAAA,EACe;AACf,EAAA,MAAM,KAAA,CAAM,wBAAwB,KAAK,CAAA;AAEzC,EAAA,MAAM,OAAO,MAAM,GAAA,CAAI,SAAS,IAAA,CAAK,WAAA,CAAY,MAAM,MAAM,CAAA;AAC7D,EAAA,IAAI,CAAC,QAAQ,CAAC,IAAA,CAAK,cAAc,MAAM,IAAI,iBAAiB,sBAAsB,CAAA;AAElF,EAAA,MAAM,KAAK,MAAMA,OAAAA,CAAS,KAAA,CAAM,eAAA,EAAiB,KAAK,YAAY,CAAA;AAClE,EAAA,IAAI,CAAC,EAAA,EAAI,MAAM,IAAI,gBAAA,EAAiB;AAEpC,EAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAO,KAAA,CAAM,WAAW,CAAA;AACnD,EAAA,MAAM,gBAAA,CAAiB,KAAK,YAAY;AACtC,IAAA,MAAM,GAAA,CAAI,SAAS,IAAA,CAAK,UAAA,CAAW,KAAK,EAAA,EAAI,EAAE,cAAc,CAAA;AAC5D,IAAA,IAAI,KAAA,CAAM,wBAAwB,KAAA,EAAO;AACvC,MAAA,MAAM,gBAAA,CAAiB,GAAA,EAAK,IAAA,CAAK,EAAE,CAAA;AAAA,IACrC;AAAA,EACF,CAAC,CAAA;AAED,EAAA,MAAM,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,yBAAyB,MAAA,EAAQ,IAAA,CAAK,IAAI,CAAA;AAClE,EAAA,MAAM,MAAM,sBAAA,CAAuB,EAAE,MAAA,EAAQ,IAAA,CAAK,IAAI,CAAA;AACxD;;;ACnCA,IAAM,QAAA,GAAW,kEAAA;AAEjB,SAAS,IAAI,CAAA,EAAmB;AAC9B,EAAA,OAAO,QAAA,CAAS,MAAA,CAAO,CAAA,GAAI,EAAE,CAAA;AAC/B;AAEO,SAAS,iBAAiB,KAAA,EAA2B;AAC1D,EAAA,IAAI,GAAA,GAAM,EAAA;AACV,EAAA,IAAI,CAAA,GAAI,CAAA;AACR,EAAA,OAAO,CAAA,GAAI,CAAA,IAAK,KAAA,CAAM,MAAA,EAAQ,KAAK,CAAA,EAAG;AACpC,IAAA,MAAM,EAAA,GAAK,KAAA,CAAM,CAAC,CAAA,IAAK,CAAA;AACvB,IAAA,MAAM,EAAA,GAAK,KAAA,CAAM,CAAA,GAAI,CAAC,CAAA,IAAK,CAAA;AAC3B,IAAA,MAAM,EAAA,GAAK,KAAA,CAAM,CAAA,GAAI,CAAC,CAAA,IAAK,CAAA;AAC3B,IAAA,MAAM,CAAA,GAAK,EAAA,IAAM,EAAA,GAAO,EAAA,IAAM,CAAA,GAAK,EAAA;AACnC,IAAA,GAAA,IAAO,GAAA,CAAI,CAAA,IAAK,EAAE,CAAA,GAAI,GAAA,CAAI,CAAA,IAAK,EAAE,CAAA,GAAI,GAAA,CAAI,CAAA,IAAK,CAAC,CAAA,GAAI,IAAI,CAAC,CAAA;AAAA,EAC1D;AACA,EAAA,MAAM,GAAA,GAAM,MAAM,MAAA,GAAS,CAAA;AAC3B,EAAA,IAAI,QAAQ,CAAA,EAAG;AACb,IAAA,MAAM,CAAA,GAAA,CAAK,KAAA,CAAM,CAAC,CAAA,IAAK,CAAA,KAAM,EAAA;AAC7B,IAAA,GAAA,IAAO,IAAI,CAAA,IAAK,EAAE,CAAA,GAAI,GAAA,CAAI,KAAK,EAAE,CAAA;AAAA,EACnC,CAAA,MAAA,IAAW,QAAQ,CAAA,EAAG;AACpB,IAAA,MAAM,CAAA,GAAA,CAAM,KAAA,CAAM,CAAC,CAAA,IAAK,CAAA,KAAM,MAAQ,KAAA,CAAM,CAAA,GAAI,CAAC,CAAA,IAAK,CAAA,KAAM,CAAA;AAC5D,IAAA,GAAA,IAAO,GAAA,CAAI,CAAA,IAAK,EAAE,CAAA,GAAI,GAAA,CAAI,KAAK,EAAE,CAAA,GAAI,GAAA,CAAI,CAAA,IAAK,CAAC,CAAA;AAAA,EACjD;AACA,EAAA,OAAO,GAAA;AACT;AAEO,SAAS,eAAA,CAAgB,QAAQ,EAAA,EAAY;AAClD,EAAA,MAAM,CAAA,GAAI,IAAI,UAAA,CAAW,KAAK,CAAA;AAC9B,EAAA,MAAA,CAAO,gBAAgB,CAAC,CAAA;AACxB,EAAA,OAAO,iBAAiB,CAAC,CAAA;AAC3B;;;AC1BA,IAAM,oBAAoB,EAAA,GAAK,EAAA;AAE/B,SAAS,WAAA,CAAY,QAAQ,EAAA,EAAY;AACvC,EAAA,OAAO,gBAAgB,KAAK,CAAA;AAC9B;AAEA,SAAS,2BAA2B,GAAA,EAAqB;AACvD,EAAA,MAAM,CAAA,GAAI,IAAI,QAAA,CAAS,iBAAA;AACvB,EAAA,IAAI,CAAC,CAAA,EAAG;AACN,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,6BAAA;AAAA,MACA,mDAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,CAAA;AACT;AAQA,eAAsB,oBAAA,CACpB,GAAA,EACA,KAAA,EACA,KAAA,EAC8C;AAC9C,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,IAAA,GAAO,WAAA,EAAY;AAC7C,EAAA,MAAM,KAAA,CAAM,sBAAA,CAAuB,EAAE,KAAA,EAAO,CAAA;AAC5C,EAAA,MAAM,OAAO,MAAM,GAAA,CAAI,QAAA,CAAS,IAAA,CAAK,eAAe,KAAK,CAAA;AACzD,EAAA,IAAI,CAAC,IAAA,EAAM;AAET,IAAA,OAAO,EAAC;AAAA,EACV;AAEA,EAAA,MAAM,YAAA,GAAe,2BAA2B,GAAG,CAAA;AACnD,EAAA,MAAM,KAAA,GAAQ,YAAY,EAAE,CAAA;AAC5B,EAAA,MAAM,aAAa,MAAA,CAAO;AAAA,IACxB,UAAA,EAAY,KAAA;AAAA,IACZ,KAAA;AAAA,IACA,WAAW,IAAI,IAAA,CAAK,KAAK,GAAA,EAAI,GAAI,oBAAoB,GAAI;AAAA,GAC1D,CAAA;AAED,EAAA,MAAM,KAAK,GAAA,EAAK;AAAA,IACd,IAAA,EAAM,+BAAA;AAAA,IACN,QAAQ,IAAA,CAAK,EAAA;AAAA,IACb,IAAA,EAAM,EAAE,KAAA;AAAM,GACf,CAAA;AACD,EAAA,MAAM,KAAA,CAAM,sBAAsB,EAAE,MAAA,EAAQ,KAAK,EAAA,EAAI,KAAA,EAAO,WAAW,CAAA;AACvE,EAAA,OAAO,EAAE,KAAA,EAAO,MAAA,EAAQ,IAAA,CAAK,EAAA,EAAG;AAClC;AAEA,eAAsB,oBAAA,CACpB,GAAA,EACA,KAAA,EACA,KAAA,EACe;AACf,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,IAAA,GAAO,WAAA,EAAY;AAC7C,EAAA,MAAM,KAAA,CAAM,sBAAA,CAAuB,EAAE,KAAA,EAAO,KAAA,EAAO,MAAM,KAAA,EAAO,WAAA,EAAa,KAAA,CAAM,WAAA,EAAa,CAAA;AAChG,EAAA,MAAM,YAAA,GAAe,2BAA2B,GAAG,CAAA;AACnD,EAAA,MAAM,MAAM,MAAM,YAAA,CAAa,OAAA,CAAQ,KAAA,EAAO,MAAM,KAAK,CAAA;AACzD,EAAA,IAAI,CAAC,GAAA,EAAK,MAAM,IAAI,iBAAiB,qBAAqB,CAAA;AAC1D,EAAA,IAAI,GAAA,CAAI,SAAA,CAAU,OAAA,EAAQ,GAAI,IAAA,CAAK,KAAI,EAAG,MAAM,IAAI,gBAAA,CAAiB,qBAAqB,CAAA;AAE1F,EAAA,MAAM,OAAO,MAAM,GAAA,CAAI,QAAA,CAAS,IAAA,CAAK,eAAe,KAAK,CAAA;AACzD,EAAA,IAAI,CAAC,IAAA,EAAM,MAAM,IAAI,gBAAA,EAAiB;AACtC,EAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAO,KAAA,CAAM,WAAW,CAAA;AACnD,EAAA,MAAM,gBAAA,CAAiB,KAAK,YAAY;AACtC,IAAA,MAAM,GAAA,CAAI,SAAS,IAAA,CAAK,UAAA,CAAW,KAAK,EAAA,EAAI,EAAE,cAAc,CAAA;AAC5D,IAAA,MAAM,gBAAA,CAAiB,GAAA,EAAK,IAAA,CAAK,EAAE,CAAA;AAAA,EACrC,CAAC,CAAA;AACD,EAAA,MAAM,IAAA,CAAK,KAAK,EAAE,IAAA,EAAM,uBAAuB,MAAA,EAAQ,IAAA,CAAK,IAAI,CAAA;AAChE,EAAA,MAAM,KAAA,CAAM,sBAAsB,EAAE,MAAA,EAAQ,KAAK,EAAA,EAAI,KAAA,EAAO,WAAW,CAAA;AACzE;;;AC5EA,eAAsB,UAAA,CACpB,GAAA,EACA,KAAA,EACA,MAAA,EACA,KAAA,EACsB;AAEtB,EAAA,IAAI,kBAAkB,KAAA,EAAO;AAC3B,IAAA,MAAM,IAAI,iBAAiB,wCAAwC,CAAA;AAAA,EACrE;AACA,EAAA,MAAM,OAAO,MAAM,GAAA,CAAI,SAAS,IAAA,CAAK,UAAA,CAAW,QAAQ,KAAK,CAAA;AAC7D,EAAA,MAAM,IAAA,CAAK,GAAA,EAAK,EAAE,IAAA,EAAM,gBAAgB,MAAA,EAAQ,IAAA,EAAM,EAAE,KAAA,EAAO,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,IAAK,CAAA;AACrF,EAAA,MAAM,MAAM,kBAAA,CAAmB,EAAE,IAAA,EAAM,IAAA,EAAM,OAAO,CAAA;AACpD,EAAA,OAAO,IAAA;AACT;AAEA,eAAsB,UAAA,CACpB,GAAA,EACA,KAAA,EACA,MAAA,EACe;AAIf,EAAA,MAAM,KAAK,GAAA,EAAK,EAAE,IAAA,EAAM,uBAAA,EAAyB,QAAQ,CAAA;AACzD,EAAA,MAAM,KAAA,CAAM,kBAAA,CAAmB,EAAE,MAAA,EAAQ,CAAA;AACzC,EAAA,MAAM,gBAAA,CAAiB,KAAK,YAAY;AACtC,IAAA,MAAM,gBAAA,CAAiB,KAAK,MAAM,CAAA;AAClC,IAAA,MAAM,GAAA,CAAI,QAAA,CAAS,IAAA,CAAK,UAAA,CAAW,MAAM,CAAA;AAAA,EAC3C,CAAC,CAAA;AACD,EAAA,MAAM,KAAK,GAAA,EAAK,EAAE,IAAA,EAAM,cAAA,EAAgB,QAAQ,CAAA;AAClD;;;ACfA,IAAM,aAAA,GAAgB,SAAA;AACtB,IAAM,UAAA,GAAa,QAAA;AAanB,SAAS,oBAAoB,GAAA,EAAqB;AAChD,EAAA,MAAM,CAAA,GAAI,IAAI,QAAA,CAAS,iBAAA;AACvB,EAAA,IAAI,CAAC,CAAA,EAAG;AACN,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,6BAAA;AAAA,MACA,4CAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,CAAA;AACT;AAEA,SAAS,gBAAgB,KAAA,EAAuB;AAC9C,EAAA,MAAM,IAAA,GAAO,gBAAgB,CAAC,CAAA;AAC9B,EAAA,OAAO,CAAA,EAAG,aAAa,CAAA,EAAG,KAAK,IAAI,IAAI,CAAA,CAAA;AACzC;AAEA,SAAS,gBAAgB,UAAA,EAA8C;AACrE,EAAA,IAAI,CAAC,UAAA,CAAW,UAAA,CAAW,aAAa,GAAG,OAAO,IAAA;AAClD,EAAA,MAAM,IAAA,GAAO,UAAA,CAAW,KAAA,CAAM,aAAA,CAAc,MAAM,CAAA;AAClD,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,WAAA,CAAY,GAAG,CAAA;AACtC,EAAA,IAAI,SAAA,GAAY,GAAG,OAAO,IAAA;AAC1B,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,CAAK,KAAA,CAAM,CAAA,EAAG,SAAS,CAAA,EAAE;AAC3C;AAEA,eAAsB,YAAA,CACpB,GAAA,EACA,MAAA,EACA,KAAA,EAC6B;AAC7B,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,IAAA,GAAO,WAAA,EAAY;AAC7C,EAAA,IAAI,CAAC,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG;AACxB,IAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,eAAA,EAAiB,GAAG,CAAA;AAAA,EAC/D;AACA,EAAA,MAAM,WAAW,MAAM,GAAA,CAAI,QAAA,CAAS,IAAA,CAAK,eAAe,KAAK,CAAA;AAC7D,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,MAAM,IAAI,qBAAqB,qCAAqC,CAAA;AAAA,EACtE;AAEA,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,UAAA,IAAc,GAAA,CAAI,YAAA,EAAc,gBAAA;AAClD,EAAA,IAAI,CAAC,GAAA,IAAO,GAAA,IAAO,CAAA,EAAG;AACpB,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,cAAA;AAAA,MACA,uFAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,YAAA,GAAe,oBAAoB,GAAG,CAAA;AAC5C,EAAA,MAAM,UAAA,GAAa,gBAAgB,KAAK,CAAA;AACxC,EAAA,MAAM,aAAa,IAAA,CAAK,KAAA,CAAM,KAAK,GAAA,EAAI,GAAI,GAAI,CAAA,GAAI,GAAA;AACnD,EAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,UAAA,GAAa,GAAI,CAAA;AAE5C,EAAA,MAAM,QAAQ,MAAM,IAAA;AAAA,IAClB;AAAA,MACE,GAAA,EAAK,KAAA;AAAA,MACL,IAAA,EAAM,MAAM,IAAA,IAAQ,IAAA;AAAA,MACpB,GAAA,EAAK,KAAA,CAAM,QAAA,IAAY,EAAC;AAAA,MACxB,EAAA,EAAI,MAAM,SAAA,IAAa,IAAA;AAAA,MACvB,IAAA,EAAM,MAAM,QAAA,IAAY,IAAA;AAAA,MACxB,GAAA,EAAK;AAAA,KACP;AAAA,IACA,IAAI,OAAA,CAAQ,SAAA;AAAA,IACZ,EAAE,WAAW,CAAA,EAAG,GAAG,KAAK,GAAA,EAAK,UAAA,EAAY,SAAS,KAAA;AAAM,GAC1D;AAEA,EAAA,MAAM,SAAA,GAAY,MAAM,YAAA,CAAa,KAAK,CAAA;AAC1C,EAAA,MAAM,aAAa,MAAA,CAAO,EAAE,YAAY,KAAA,EAAO,SAAA,EAAW,WAAW,CAAA;AAErE,EAAA,MAAM,GAAA,GAAM,IAAI,YAAA,EAAc,SAAA,GAAY,EAAE,KAAA,EAAO,KAAA,EAAO,CAAA,IAAK,MAAA;AAE/D,EAAA,MAAM,KAAK,GAAA,EAAK;AAAA,IACd,IAAA,EAAM,cAAA;AAAA,IACN,MAAA,EAAQ,MAAM,SAAA,IAAa,IAAA;AAAA,IAC3B,IAAA,EAAM,EAAE,KAAA,EAAO,UAAA,EAAY,UAAU,KAAA,CAAM,QAAA,IAAY,EAAC;AAAE,GAC3D,CAAA;AAED,EAAA,OAAO,EAAE,KAAA,EAAO,GAAA,EAAK,UAAA,EAAY,SAAA,EAAW,aAAa,GAAA,EAAK;AAChE;AAEA,eAAe,YAAA,CAAa,KAAqB,KAAA,EAAsC;AACrF,EAAA,MAAM,SAAS,MAAM,MAAA,CAAqB,KAAA,EAAO,GAAA,CAAI,QAAQ,SAAS,CAAA;AACtE,EAAA,IAAI,MAAA,CAAO,QAAQ,UAAA,EAAY;AAC7B,IAAA,MAAM,IAAI,iBAAiB,qBAAqB,CAAA;AAAA,EAClD;AACA,EAAA,IAAI,CAAC,MAAA,CAAO,GAAA,IAAO,CAAC,OAAO,GAAA,EAAK;AAC9B,IAAA,MAAM,IAAI,iBAAiB,6BAA6B,CAAA;AAAA,EAC1D;AACA,EAAA,OAAO;AAAA,IACL,OAAO,MAAA,CAAO,GAAA;AAAA,IACd,IAAA,EAAM,OAAO,IAAA,IAAQ,IAAA;AAAA,IACrB,QAAA,EAAU,MAAA,CAAO,GAAA,IAAO,EAAC;AAAA,IACzB,SAAA,EAAW,OAAO,EAAA,IAAM,IAAA;AAAA,IACxB,QAAA,EAAU,OAAO,IAAA,IAAQ,IAAA;AAAA,IACzB,SAAA,EAAA,CAAY,MAAA,CAAO,GAAA,IAAO,CAAA,IAAK,GAAA;AAAA,IAC/B,YAAY,MAAA,CAAO;AAAA,GACrB;AACF;AAEA,eAAsB,aAAA,CACpB,KACA,KAAA,EACuB;AACvB,EAAA,OAAO,YAAA,CAAa,GAAA,EAAK,KAAA,CAAM,KAAK,CAAA;AACtC;AAEA,eAAsB,aAAA,CACpB,GAAA,EACA,KAAA,EACA,KAAA,EAC8B;AAC9B,EAAA,MAAM,MAAA,GAAS,MAAM,YAAA,CAAa,GAAA,EAAK,MAAM,KAAK,CAAA;AAClD,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,IAAA,GAAO,WAAA,EAAY;AAE9C,EAAA,MAAM,YAAA,GAAe,oBAAoB,GAAG,CAAA;AAC5C,EAAA,MAAM,SAAA,GAAY,MAAM,YAAA,CAAa,KAAA,CAAM,KAAK,CAAA;AAChD,EAAA,MAAM,MAAM,MAAM,YAAA,CAAa,OAAA,CAAQ,MAAA,CAAO,YAAY,SAAS,CAAA;AACnE,EAAA,IAAI,CAAC,GAAA,EAAK,MAAM,IAAI,iBAAiB,gCAAgC,CAAA;AACrE,EAAA,IAAI,IAAI,SAAA,CAAU,OAAA,EAAQ,GAAI,IAAA,CAAK,KAAI,EAAG;AACxC,IAAA,MAAM,IAAI,iBAAiB,gBAAgB,CAAA;AAAA,EAC7C;AAEA,EAAA,MAAM,MAAM,iBAAA,CAAkB;AAAA,IAC5B,KAAA;AAAA,IACA,UAAU,KAAA,CAAM,QAAA;AAAA,IAChB,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,MAAA,CAAO,IAAA,IAAQ;AAAA,GACpC,CAAA;AAED,EAAA,MAAM,WAAW,MAAM,GAAA,CAAI,QAAA,CAAS,IAAA,CAAK,eAAe,KAAK,CAAA;AAC7D,EAAA,IAAI,QAAA,EAAU,MAAM,IAAI,oBAAA,CAAqB,0BAA0B,CAAA;AAEvE,EAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAO,KAAA,CAAM,QAAQ,CAAA;AAChD,EAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,QAAA,CAAS,KAAK,UAAA,CAAW;AAAA,IAC9C,KAAA;AAAA,IACA,IAAA,EAAM,KAAA,CAAM,IAAA,IAAQ,MAAA,CAAO,IAAA,IAAQ,IAAA;AAAA,IACnC,YAAA;AAAA,IACA,aAAA,sBAAmB,IAAA;AAAK,GACzB,CAAA;AAED,EAAA,MAAM,IAAA,CAAK,GAAA,EAAK,EAAE,IAAA,EAAM,mBAAmB,MAAA,EAAQ,IAAA,CAAK,EAAA,EAAI,IAAA,EAAM,EAAE,KAAA,EAAO,GAAA,EAAK,QAAA,IAAY,CAAA;AAC5F,EAAA,MAAM,KAAK,GAAA,EAAK;AAAA,IACd,IAAA,EAAM,sBAAA;AAAA,IACN,QAAQ,IAAA,CAAK,EAAA;AAAA,IACb,IAAA,EAAM;AAAA,MACJ,KAAA;AAAA,MACA,YAAY,MAAA,CAAO,UAAA;AAAA,MACnB,QAAA,EAAU,MAAA,CAAO,QAAA,IAAY,EAAC;AAAA,MAC9B,SAAA,EAAW,OAAO,SAAA,IAAa,IAAA;AAAA,MAC/B,QAAA,EAAU,OAAO,QAAA,IAAY;AAAA;AAC/B,GACD,CAAA;AACD,EAAA,MAAM,KAAA,CAAM,iBAAiB,IAAI,CAAA;AAEjC,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI,MAAM,UAAA,EAAY;AACpB,IAAA,MAAA,GAAS,MAAM,aAAa,GAAA,EAAK;AAAA,MAC/B,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,EAAA,EAAI,MAAM,EAAA,IAAM,IAAA;AAAA,MAChB,SAAA,EAAW,MAAM,SAAA,IAAa;AAAA,KAC/B,CAAA;AACD,IAAA,MAAM,KAAK,GAAA,EAAK;AAAA,MACd,IAAA,EAAM,gBAAA;AAAA,MACN,QAAQ,IAAA,CAAK,EAAA;AAAA,MACb,WAAW,MAAA,CAAO,SAAA;AAAA,MAClB,EAAA,EAAI,MAAM,EAAA,IAAM,IAAA;AAAA,MAChB,SAAA,EAAW,MAAM,SAAA,IAAa,IAAA;AAAA,MAC9B,IAAA,EAAM,EAAE,MAAA,EAAQ,QAAA;AAAS,KAC1B,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,EAAE,IAAA,EAAM,MAAA,EAAQ,UAAU,MAAA,CAAO,QAAA,IAAY,EAAC,EAAE;AACzD;AAEA,eAAsB,YAAA,CACpB,KACA,KAAA,EACe;AACf,EAAA,MAAM,YAAA,GAAe,oBAAoB,GAAG,CAAA;AAC5C,EAAA,IAAI,CAAC,aAAa,kBAAA,EAAoB;AACpC,IAAA,MAAM,IAAI,kBAAkB,+DAA+D,CAAA;AAAA,EAC7F;AACA,EAAA,MAAM,YAAA,CAAa,kBAAA,CAAmB,KAAA,CAAM,UAAU,CAAA;AACtD,EAAA,MAAM,KAAK,GAAA,EAAK;AAAA,IACd,IAAA,EAAM,qBAAA;AAAA,IACN,IAAA,EAAM,EAAE,UAAA,EAAY,KAAA,CAAM,UAAA;AAAW,GACtC,CAAA;AACH;AAEA,eAAsB,YAAY,GAAA,EAAiD;AACjF,EAAA,MAAM,YAAA,GAAe,oBAAoB,GAAG,CAAA;AAC5C,EAAA,IAAI,CAAC,aAAa,sBAAA,EAAwB;AACxC,IAAA,MAAM,IAAI,iBAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AACA,EAAA,MAAM,IAAA,GAAO,MAAM,YAAA,CAAa,sBAAA,CAAuB,aAAa,CAAA;AACpE,EAAA,MAAM,MAAyB,EAAC;AAChC,EAAA,KAAA,MAAW,KAAK,IAAA,EAAM;AACpB,IAAA,MAAM,MAAA,GAAS,eAAA,CAAgB,CAAA,CAAE,UAAU,CAAA;AAC3C,IAAA,IAAI,CAAC,MAAA,EAAQ;AACb,IAAA,GAAA,CAAI,IAAA,CAAK;AAAA,MACP,YAAY,CAAA,CAAE,UAAA;AAAA,MACd,OAAO,MAAA,CAAO,KAAA;AAAA,MACd,SAAA,EAAW,CAAA,CAAE,SAAA,CAAU,OAAA;AAAQ,KAChC,CAAA;AAAA,EACH;AACA,EAAA,OAAO,GAAA;AACT;;;ACrPA,IAAA,eAAA,GAAA;AAAA,QAAA,CAAA,eAAA,EAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,SAAA,EAAA,MAAA;AAAA,CAAA,CAAA;;;ACYO,SAAS,aAA8D,CAAA,EAAS;AACrF,EAAA,OAAO,CAAA;AACT;;;ACOO,IAAM,gBAAA,uBAA4C,GAAA,CAAY;AAAA,EACnE,cAAA;AAAA,EACA,WAAA;AAAA,EACA,0BAAA;AAAA,EACA,yBAAA;AAAA,EACA,gBAAA;AAAA,EACA,cAAA;AAAA,EACA,eAAA;AAAA,EACA,eAAA;AAAA,EACA,uBAAA;AAAA,EACA,8BAAA;AAAA,EACA,8BAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA,qBAAA;AAAA,EACA,sBAAA;AAAA,EACA;AACF,CAAC,CAAA;AAyCD,SAAS,cAAc,GAAA,EAAmC;AACxD,EAAA,MAAM,MAAA,GAAS,YAAA;AACf,EAAA,MAAM,MAAA,GAAS,GAAA,CAAI,MAAA,EAAQ,MAAA,KAAW,IAAA;AACtC,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,SAAS,MAAM;AAAA,IAAC,CAAA,GAAI,CAAC,CAAA,EAAG,CAAA,KAAM,QAAQ,KAAA,CAAM,MAAA,EAAQ,CAAA,EAAG,CAAA,IAAK,EAAE,CAAA;AAAA,IACrE,IAAA,EAAM,SAAS,MAAM;AAAA,IAAC,CAAA,GAAI,CAAC,CAAA,EAAG,CAAA,KAAM,QAAQ,IAAA,CAAK,MAAA,EAAQ,CAAA,EAAG,CAAA,IAAK,EAAE,CAAA;AAAA,IACnE,IAAA,EAAM,CAAC,CAAA,EAAG,CAAA,KAAM,QAAQ,IAAA,CAAK,MAAA,EAAQ,CAAA,EAAG,CAAA,IAAK,EAAE,CAAA;AAAA,IAC/C,KAAA,EAAO,CAAC,CAAA,EAAG,CAAA,KAAM,QAAQ,KAAA,CAAM,MAAA,EAAQ,CAAA,EAAG,CAAA,IAAK,EAAE;AAAA,GACnD;AACF;AAGA,SAAS,SAAS,OAAA,EAAsD;AACtE,EAAA,MAAM,IAAA,uBAAW,GAAA,EAA4B;AAC7C,EAAA,KAAA,MAAW,KAAK,OAAA,EAAS;AACvB,IAAA,IAAI,IAAA,CAAK,GAAA,CAAI,CAAA,CAAE,EAAE,CAAA,EAAG,MAAM,IAAI,KAAA,CAAM,CAAA,+BAAA,EAAkC,CAAA,CAAE,EAAE,CAAA,CAAA,CAAG,CAAA;AAC7E,IAAA,IAAA,CAAK,GAAA,CAAI,CAAA,CAAE,EAAA,EAAI,CAAC,CAAA;AAAA,EAClB;AACA,EAAA,MAAM,KAAA,uBAAY,GAAA,EAAoB;AACtC,EAAA,MAAM,UAAA,uBAAiB,GAAA,EAAsB;AAC7C,EAAA,KAAA,MAAW,KAAK,OAAA,EAAS;AACvB,IAAA,KAAA,CAAM,GAAA,CAAI,CAAA,CAAE,EAAA,EAAI,CAAC,CAAA;AACjB,IAAA,UAAA,CAAW,GAAA,CAAI,CAAA,CAAE,EAAA,EAAI,EAAE,CAAA;AAAA,EACzB;AACA,EAAA,KAAA,MAAW,KAAK,OAAA,EAAS;AACvB,IAAA,KAAA,MAAW,GAAA,IAAO,CAAA,CAAE,SAAA,IAAa,EAAC,EAAG;AACnC,MAAA,IAAI,CAAC,IAAA,CAAK,GAAA,CAAI,GAAG,CAAA,EAAG;AAClB,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,kBAAA,EAAqB,EAAE,EAAE,CAAA,6BAAA,EAAgC,GAAG,CAAA,CAAA,CAAG,CAAA;AAAA,MACjF;AACA,MAAA,KAAA,CAAM,GAAA,CAAI,EAAE,EAAA,EAAA,CAAK,KAAA,CAAM,IAAI,CAAA,CAAE,EAAE,CAAA,IAAK,CAAA,IAAK,CAAC,CAAA;AAC1C,MAAA,UAAA,CAAW,GAAA,CAAI,GAAG,CAAA,CAAG,IAAA,CAAK,EAAE,EAAE,CAAA;AAAA,IAChC;AAAA,EACF;AACA,EAAA,MAAM,QAAkB,EAAC;AACzB,EAAA,KAAA,MAAW,CAAC,EAAA,EAAI,CAAC,CAAA,IAAK,KAAA,MAAW,CAAA,KAAM,CAAA,EAAG,KAAA,CAAM,IAAA,CAAK,EAAE,CAAA;AACvD,EAAA,MAAM,SAA2B,EAAC;AAClC,EAAA,OAAO,MAAM,MAAA,EAAQ;AACnB,IAAA,MAAM,EAAA,GAAK,MAAM,KAAA,EAAM;AACvB,IAAA,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,GAAA,CAAI,EAAE,CAAE,CAAA;AACzB,IAAA,KAAA,MAAW,OAAO,UAAA,CAAW,GAAA,CAAI,EAAE,CAAA,IAAK,EAAC,EAAG;AAC1C,MAAA,MAAM,IAAA,GAAA,CAAQ,KAAA,CAAM,GAAA,CAAI,GAAG,KAAK,CAAA,IAAK,CAAA;AACrC,MAAA,KAAA,CAAM,GAAA,CAAI,KAAK,IAAI,CAAA;AACnB,MAAA,IAAI,IAAA,KAAS,CAAA,EAAG,KAAA,CAAM,IAAA,CAAK,GAAG,CAAA;AAAA,IAChC;AAAA,EACF;AACA,EAAA,IAAI,MAAA,CAAO,MAAA,KAAW,OAAA,CAAQ,MAAA,EAAQ;AACpC,IAAA,MAAM,IAAI,MAAM,8CAA8C,CAAA;AAAA,EAChE;AACA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,kBAAkB,GAAA,EAAmC;AAC5D,EAAA,OAAO;AAAA,IACL,EAAA,CAAG,MAAM,OAAA,EAAS;AAChB,MAAA,OAAO,SAAA,CAAU,GAAA,EAAK,IAAA,EAAM,OAAO,CAAA;AAAA,IACrC,CAAA;AAAA,IACA,GAAA,CAAI,MAAM,OAAA,EAAS;AACjB,MAAA,WAAA,CAAY,GAAA,EAAK,MAAM,OAAO,CAAA;AAAA,IAChC,CAAA;AAAA,IACA,MAAM,KAAK,CAAA,EAAG;AACZ,MAAA,MAAM,IAAA,CAAK,KAAK,CAAC,CAAA;AAAA,IACnB;AAAA,GACF;AACF;AAEA,SAAS,SAAS,CAAA,EAAwB;AACxC,EAAA,OAAO,CAAA,EAAG,CAAA,CAAE,MAAM,CAAA,CAAA,EAAI,EAAE,IAAI,CAAA,CAAA;AAC9B;AAEA,SAAS,qBAAqB,OAAA,EAAmD;AAC/E,EAAA,MAAM,IAAA,uBAAW,GAAA,EAAoB;AACrC,EAAA,MAAM,MAAqB,EAAC;AAC5B,EAAA,KAAA,MAAW,KAAK,OAAA,EAAS;AACvB,IAAA,KAAA,MAAW,CAAA,IAAK,CAAA,CAAE,MAAA,IAAU,EAAC,EAAG;AAC9B,MAAA,IAAI,CAAC,CAAA,CAAE,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,EAAG;AAC3B,QAAA,MAAM,IAAI,KAAA;AAAA,UACR,CAAA,kBAAA,EAAqB,CAAA,CAAE,EAAE,CAAA,oCAAA,EAAuC,EAAE,IAAI,CAAA,uBAAA;AAAA,SACxE;AAAA,MACF;AACA,MAAA,MAAM,GAAA,GAAM,SAAS,CAAC,CAAA;AACtB,MAAA,IAAI,gBAAA,CAAiB,GAAA,CAAI,GAAG,CAAA,EAAG;AAC7B,QAAA,MAAM,IAAI,KAAA;AAAA,UACR,CAAA,kBAAA,EAAqB,CAAA,CAAE,EAAE,CAAA,QAAA,EAAW,GAAG,CAAA,4BAAA;AAAA,SACzC;AAAA,MACF;AACA,MAAA,MAAM,IAAA,GAAO,IAAA,CAAK,GAAA,CAAI,GAAG,CAAA;AACzB,MAAA,IAAI,IAAA,EAAM;AACR,QAAA,MAAM,IAAI,KAAA;AAAA,UACR,qBAAqB,CAAA,CAAE,EAAE,CAAA,QAAA,EAAW,GAAG,2BAA2B,IAAI,CAAA,CAAA;AAAA,SACxE;AAAA,MACF;AACA,MAAA,IAAA,CAAK,GAAA,CAAI,GAAA,EAAK,CAAA,CAAE,EAAE,CAAA;AAClB,MAAA,GAAA,CAAI,KAAK,CAAC,CAAA;AAAA,IACZ;AAAA,EACF;AACA,EAAA,OAAO,GAAA;AACT;AAIA,SAAS,cAAA,CACP,SACA,GAAA,EACY;AACZ,EAAA,MAAM,SAAS,GAAA,CAAI,MAAA;AAEnB,EAAA,eAAe,QAAA,CACb,KAAA,EACA,GAAA,EACA,IAAA,EACe;AACf,IAAA,KAAA,MAAW,MAAM,GAAA,EAAK;AACpB,MAAA,IAAI;AACF,QAAA,MAAM,EAAA,CAAG,MAAM,GAAG,CAAA;AAAA,MACpB,SAAS,GAAA,EAAK;AACZ,QAAA,MAAA,CAAO,KAAA,CAAM,CAAA,KAAA,EAAQ,KAAK,CAAA,MAAA,CAAA,EAAU,GAAG,CAAA;AAEvC,QAAA,KAAK,GAAA,CAAI,OACN,IAAA,CAAK;AAAA,UACJ,IAAA,EAAM,cAAA;AAAA,UACN,IAAA,EAAM,EAAE,IAAA,EAAM,KAAA,EAAO,OAAO,MAAA,CAAQ,GAAA,EAAe,OAAA,IAAW,GAAG,CAAA;AAAE,SACpE,CAAA,CACA,KAAA,CAAM,MAAM;AAAA,QAAC,CAAC,CAAA;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAEA,EAAA,eAAe,SAAA,CACb,KACA,KAAA,EACe;AAEf,IAAA,KAAA,MAAW,EAAA,IAAM,GAAA,EAAK,MAAM,EAAA,CAAG,OAAO,GAAG,CAAA;AAAA,EAC3C;AAGA,EAAA,MAAM,OAAO,CACX,KAAA,EACA,SAEA,OAAA,CACG,GAAA,CAAI,CAAC,CAAA,KAAM;AACV,IAAA,MAAM,CAAA,GAAI,CAAA,CAAE,KAAA,GAAQ,KAAK,CAAA;AACzB,IAAA,OAAO,IAAI,IAAI,CAAA;AAAA,EACjB,CAAC,CAAA,CACA,MAAA,CAAO,CAAC,CAAA,KAAuE,CAAC,CAAC,CAAC,CAAA;AAEvF,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,UAAA,EAAY,QAAQ,CAAA;AAC3C,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,UAAA,EAAY,OAAO,CAAA;AACzC,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,QAAA,EAAU,QAAQ,CAAA;AACxC,EAAA,MAAM,WAAA,GAAc,QACjB,GAAA,CAAI,CAAC,OAAO,EAAE,EAAA,EAAI,CAAA,CAAE,EAAA,EAAI,EAAA,EAAI,CAAA,CAAE,OAAO,MAAA,EAAQ,SAAA,GAAY,CAAA,CACzD,MAAA,CAAO,CAAC,CAAA,KAA+F,CAAC,CAAC,CAAA,CAAE,EAAE,CAAA;AAChH,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,QAAA,EAAU,OAAO,CAAA;AACtC,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,SAAA,EAAW,OAAO,CAAA;AACvC,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,SAAA,EAAW,QAAQ,CAAA;AACzC,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,SAAA,EAAW,OAAO,CAAA;AACvC,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,gBAAA,EAAkB,QAAQ,CAAA;AAChD,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,gBAAA,EAAkB,OAAO,CAAA;AAC9C,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,eAAA,EAAiB,QAAQ,CAAA;AAC/C,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,eAAA,EAAiB,OAAO,CAAA;AAC7C,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,YAAA,EAAc,OAAO,CAAA;AAC1C,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,YAAA,EAAc,OAAO,CAAA;AAC1C,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,SAAA,EAAW,SAAS,CAAA;AACzC,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,SAAA,EAAW,UAAU,CAAA;AAC3C,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,SAAA,EAAW,UAAU,CAAA;AAE3C,EAAA,OAAO;AAAA,IACL,iBAAA,EAAmB,CAAC,CAAA,KAAM,SAAA,CAAU,WAAW,CAAC,CAAA;AAAA,IAChD,kBAAkB,CAAC,CAAA,KAAM,QAAA,CAAS,gBAAA,EAAkB,UAAU,CAAC,CAAA;AAAA,IAC/D,eAAA,EAAiB,CAAC,CAAA,KAAM,SAAA,CAAU,UAAU,CAAC,CAAA;AAAA,IAC7C,MAAM,kBAAA,CAAmB,IAAA,EAAM,KAAA,EAAO;AACpC,MAAA,IAAI,MAAA,GAAiC,IAAA;AACrC,MAAA,KAAA,MAAW,EAAE,EAAA,EAAI,EAAA,EAAG,IAAK,WAAA,EAAa;AACpC,QAAA,IAAI,MAAA;AACJ,QAAA,IAAI;AACF,UAAA,MAAA,GAAU,MAAM,EAAA,CAAG,IAAA,EAAM,KAAA,EAAO,GAAG,CAAA,IAAM,IAAA;AAAA,QAC3C,SAAS,GAAA,EAAK;AACZ,UAAA,MAAA,CAAO,KAAA,CAAM,CAAA,iBAAA,EAAoB,EAAE,CAAA,OAAA,CAAA,EAAW,GAAG,CAAA;AACjD,UAAA;AAAA,QACF;AACA,QAAA,IAAI,CAAC,MAAA,EAAQ;AACb,QAAA,IAAI,MAAA,CAAO,aAAa,EAAA,EAAI;AAC1B,UAAA,MAAA,CAAO,IAAA;AAAA,YACL,oBAAoB,EAAE,CAAA,qBAAA,EAAwB,MAAA,CAAO,QAAQ,eAAe,EAAE,CAAA,CAAA;AAAA,WAChF;AACA,UAAA,MAAA,CAAO,QAAA,GAAW,EAAA;AAAA,QACpB;AACA,QAAA,IAAI,MAAA,EAAQ;AACV,UAAA,MAAA,CAAO,IAAA;AAAA,YACL,CAAA,uDAAA,EAAqD,MAAA,CAAO,QAAQ,CAAA,cAAA,EAAiB,OAAO,QAAQ,CAAA,CAAA;AAAA,WACtG;AACA,UAAA;AAAA,QACF;AACA,QAAA,MAAA,GAAS,MAAA;AAAA,MACX;AACA,MAAA,OAAO,MAAA;AAAA,IACT,CAAA;AAAA,IACA,gBAAgB,CAAC,CAAA,KAAM,QAAA,CAAS,cAAA,EAAgB,SAAS,CAAC,CAAA;AAAA,IAC1D,iBAAiB,CAAC,CAAA,KAAM,QAAA,CAAS,eAAA,EAAiB,SAAS,CAAC,CAAA;AAAA,IAC5D,gBAAA,EAAkB,CAAC,CAAA,KAAM,SAAA,CAAU,UAAU,CAAC,CAAA;AAAA,IAC9C,iBAAiB,CAAC,CAAA,KAAM,QAAA,CAAS,eAAA,EAAiB,SAAS,CAAC,CAAA;AAAA,IAC5D,uBAAA,EAAyB,CAAC,CAAA,KAAM,SAAA,CAAU,UAAU,CAAC,CAAA;AAAA,IACrD,wBAAwB,CAAC,CAAA,KAAM,QAAA,CAAS,sBAAA,EAAwB,SAAS,CAAC,CAAA;AAAA,IAC1E,sBAAA,EAAwB,CAAC,CAAA,KAAM,SAAA,CAAU,UAAU,CAAC,CAAA;AAAA,IACpD,uBAAuB,CAAC,CAAA,KAAM,QAAA,CAAS,qBAAA,EAAuB,SAAS,CAAC,CAAA;AAAA,IACxE,oBAAoB,CAAC,CAAA,KAAM,QAAA,CAAS,kBAAA,EAAoB,SAAS,CAAC,CAAA;AAAA,IAClE,oBAAoB,CAAC,CAAA,KAAM,QAAA,CAAS,kBAAA,EAAoB,SAAS,CAAC,CAAA;AAAA,IAClE,iBAAiB,CAAC,CAAA,KAAM,QAAA,CAAS,iBAAA,EAAmB,SAAS,CAAC,CAAA;AAAA,IAC9D,kBAAkB,CAAC,CAAA,KAAM,QAAA,CAAS,kBAAA,EAAoB,UAAU,CAAC,CAAA;AAAA,IACjE,kBAAkB,CAAC,CAAA,KAAM,QAAA,CAAS,kBAAA,EAAoB,UAAU,CAAC;AAAA,GACnE;AACF;AAIA,SAAS,eAAA,CACP,KACA,QAAA,EACuB;AACvB,EAAA,OAAO;AAAA,IACL,aAAa,CAAC,EAAA,KAAO,IAAI,QAAA,CAAS,IAAA,CAAK,YAAY,EAAE,CAAA;AAAA,IACrD,gBAAgB,CAAC,KAAA,KAAU,IAAI,QAAA,CAAS,IAAA,CAAK,eAAe,KAAK,CAAA;AAAA,IACjE,MAAM,aAAa,KAAA,EAAO;AACxB,MAAA,OAAO,aAAa,GAAA,EAAK;AAAA,QACvB,QAAQ,KAAA,CAAM,MAAA;AAAA,QACd,EAAA,EAAI,MAAM,EAAA,IAAM,IAAA;AAAA,QAChB,SAAA,EAAW,MAAM,SAAA,IAAa;AAAA,OAC/B,CAAA;AAAA,IACH,CAAA;AAAA,IACA,MAAM,aAAA,CAAc,SAAA,EAAW,MAAA,EAAQ;AACrC,MAAA,OAAO,aAAA,CAAkB,GAAA,EAAK,SAAA,EAAW,MAAM,CAAA;AAAA,IACjD,CAAA;AAAA,IACA,MAAM,cAAA,CAAe,MAAA,EAAQ,KAAA,EAAO;AAClC,MAAA,MAAM,OAAO,MAAM,GAAA,CAAI,QAAA,CAAS,IAAA,CAAK,YAAY,MAAM,CAAA;AACvD,MAAA,IAAI,CAAC,IAAA,EAAM,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAC3D,MAAA,MAAM,MAAA,GAAS,MAAM,YAAA,CAAa,GAAA,EAAK;AAAA,QACrC,QAAQ,IAAA,CAAK,EAAA;AAAA,QACb,EAAA,EAAI,MAAM,EAAA,IAAM,IAAA;AAAA,QAChB,SAAA,EAAW,MAAM,SAAA,IAAa;AAAA,OAC/B,CAAA;AACD,MAAA,MAAM,KAAK,GAAA,EAAK;AAAA,QACd,IAAA,EAAM,gBAAA;AAAA,QACN,QAAQ,IAAA,CAAK,EAAA;AAAA,QACb,WAAW,MAAA,CAAO,SAAA;AAAA,QAClB,EAAA,EAAI,MAAM,EAAA,IAAM,IAAA;AAAA,QAChB,SAAA,EAAW,MAAM,SAAA,IAAa,IAAA;AAAA,QAC9B,IAAA,EAAM,EAAE,MAAA,EAAQ,KAAA,CAAM,MAAA;AAAO,OAC9B,CAAA;AACD,MAAA,MAAM,QAAA,GAAW,cAAA,CAAe,EAAE,MAAM,MAAA,EAAQ,MAAA,EAAQ,KAAA,CAAM,MAAA,EAAQ,CAAA;AACtE,MAAA,OAAO,EAAE,MAAM,MAAA,EAAO;AAAA,IACxB,CAAA;AAAA,IACA,MAAM,iBAAA,CAAkB,IAAA,EAAM,KAAA,EAA8B;AAC1D,MAAA,MAAM,MAAA,GAAS,MAAM,YAAA,CAAa,GAAA,EAAK;AAAA,QACrC,QAAQ,IAAA,CAAK,EAAA;AAAA,QACb,EAAA,EAAI,MAAM,EAAA,IAAM,IAAA;AAAA,QAChB,SAAA,EAAW,MAAM,SAAA,IAAa;AAAA,OAC/B,CAAA;AACD,MAAA,OAAO,EAAE,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,MAAA,EAAO;AAAA,IACpC;AAAA,GACF;AACF;AAWO,SAAS,aAAA,CACd,GAAA,EACA,UAAA,GAAwC,EAAC,EACzB;AAChB,EAAA,MAAM,OAAA,GAAU,SAAS,UAAU,CAAA;AACnC,EAAA,MAAM,MAAA,GAAS,qBAAqB,OAAO,CAAA;AAE3C,EAAA,MAAM,SAAkC,EAAC;AAIzC,EAAA,IAAI,UAAA;AAEJ,EAAA,MAAM,GAAA,GAAqB;AAAA,IACzB,MAAA,EAAQ,GAAA;AAAA,IACR,MAAA,EAAQ,kBAAkB,GAAG,CAAA;AAAA,IAC7B,MAAA,EAAQ,cAAc,GAAG,CAAA;AAAA,IACzB,IAAA,EAAM,eAAA,CAAgB,GAAA,EAAK,MAAM,UAAU,CAAA;AAAA,IAC3C,UAAuB,EAAA,EAAe;AACpC,MAAA,MAAM,CAAA,GAAI,OAAO,EAAE,CAAA;AACnB,MAAA,IAAI,MAAM,MAAA,EAAW,MAAM,IAAI,KAAA,CAAM,CAAA,kBAAA,EAAqB,EAAE,CAAA,gBAAA,CAAkB,CAAA;AAC9E,MAAA,OAAO,CAAA;AAAA,IACT,CAAA;AAAA,IACA,iBAA8B,EAAA,EAA2B;AACvD,MAAA,OAAO,GAAA,CAAI,iBAAiB,EAAE,CAAA;AAAA,IAChC;AAAA,GACF;AAGA,EAAA,KAAA,MAAW,KAAK,OAAA,EAAS;AACvB,IAAA,MAAA,CAAO,CAAA,CAAE,EAAE,CAAA,GAAI,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA,EAC1B;AACA,EAAA,UAAA,GAAa,cAAA,CAAe,SAAS,GAAG,CAAA;AAExC,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,GAAA,EAAK,MAAA;AAAA,IACL,MAAA;AAAA,IACA,KAAA,EAAO,UAAA;AAAA,IACP;AAAA,GACF;AACF;AAGO,SAAS,cAAc,GAAA,EAAqC;AACjE,EAAA,OAAO,aAAA,CAAc,GAAA,EAAK,EAAE,CAAA;AAC9B;AAEA,eAAsB,UAAU,QAAA,EAAyC;AACvE,EAAA,KAAA,MAAW,CAAA,IAAK,SAAS,OAAA,EAAS;AAChC,IAAA,IAAI,EAAE,MAAA,EAAQ,MAAM,CAAA,CAAE,MAAA,CAAO,SAAS,GAAG,CAAA;AAAA,EAC3C;AACF;;;ACpYA,IAAM,YAAA,mBAA8B,MAAA,CAAO,GAAA,CAAI,mBAAmB,CAAA;AAG3D,IAAM,qBAAA,GAAwB;AAG9B,SAAS,YAAY,QAAA,EAA4C;AACtE,EAAA,MAAM,CAAA,GAAK,SAAmE,YAAY,CAAA;AAC1F,EAAA,IAAI,CAAC,CAAA,EAAG,MAAM,IAAI,MAAM,oDAAoD,CAAA;AAC5E,EAAA,OAAO,CAAA;AACT;AAgBO,SAAS,eAGd,MAAA,EACwC;AACxC,EAAA,MAAM,WAAW,aAAA,CAAc,MAAA,EAAQ,MAAA,CAAO,OAAA,IAAW,EAAE,CAAA;AAC3D,EAAA,gBAAA,CAAiB,MAAA,EAAQ,SAAS,KAAK,CAAA;AAEvC,EAAA,MAAM,QAAA,GAA6B;AAAA,IACjC,MAAA;AAAA,IACA,SAAS,KAAA,EAA6B;AACpC,MAAA,OAAa,QAAA,CAAS,MAAA,EAAQ,QAAA,CAAS,KAAA,EAAO,KAAK,CAAA;AAAA,IACrD,CAAA;AAAA,IACA,OAAO,KAAA,EAA8B;AACnC,MAAA,OAAa,MAAA,CAAO,MAAA,EAAQ,QAAA,CAAS,KAAA,EAAO,KAAK,CAAA;AAAA,IACnD,CAAA;AAAA,IACA,QAAQ,KAAA,EAAsB;AAC5B,MAAA,OAAa,OAAA,CAAQ,MAAA,EAAQ,QAAA,CAAS,KAAA,EAAO,KAAK,CAAA;AAAA,IACpD,CAAA;AAAA,IACA,QAAQ,KAAA,EAA8B;AACpC,MAAA,OAAa,OAAA,CAAQ,MAAA,EAAQ,QAAA,CAAS,KAAA,EAAO,KAAK,CAAA;AAAA,IACpD,CAAA;AAAA,IACA,MAAM,WAAW,WAAA,EAAmD;AAClE,MAAA,IAAI,CAAC,aAAa,OAAO,IAAA;AACzB,MAAA,OAAkB,eAAA,CAAgB,QAAQ,WAAW,CAAA;AAAA,IACvD,CAAA;AAAA,IACA,eAAe,KAAA,EAAO;AACpB,MAAA,OAAa,cAAA,CAAe,MAAA,EAAQ,QAAA,CAAS,KAAA,EAAO,KAAK,CAAA;AAAA,IAC3D,CAAA;AAAA,IACA,qBAAqB,KAAA,EAAO;AAC1B,MAAA,OAAa,oBAAA,CAAqB,MAAA,EAAQ,QAAA,CAAS,KAAA,EAAO,KAAK,CAAA;AAAA,IACjE,CAAA;AAAA,IACA,qBAAqB,KAAA,EAAO;AAC1B,MAAA,OAAa,oBAAA,CAAqB,MAAA,EAAQ,QAAA,CAAS,KAAA,EAAO,KAAK,CAAA;AAAA,IACjE,CAAA;AAAA,IACA,UAAA,CAAW,QAAQ,KAAA,EAAO;AACxB,MAAA,OAAa,UAAA,CAAW,MAAA,EAAQ,QAAA,CAAS,KAAA,EAAO,QAAQ,KAAK,CAAA;AAAA,IAC/D,CAAA;AAAA,IACA,WAAW,MAAA,EAAQ;AACjB,MAAA,OAAa,UAAA,CAAW,MAAA,EAAQ,QAAA,CAAS,KAAA,EAAO,MAAM,CAAA;AAAA,IACxD,CAAA;AAAA,IACA,aAAa,KAAA,EAAO;AAClB,MAAA,OAAa,YAAA,CAAa,MAAA,EAAQ,QAAA,CAAS,KAAA,EAAO,KAAK,CAAA;AAAA,IACzD,CAAA;AAAA,IACA,cAAc,KAAA,EAAO;AACnB,MAAA,OAAa,aAAA,CAAc,QAAQ,KAAK,CAAA;AAAA,IAC1C,CAAA;AAAA,IACA,cAAc,KAAA,EAAO;AACnB,MAAA,OAAa,aAAA,CAAc,MAAA,EAAQ,QAAA,CAAS,KAAA,EAAO,KAAK,CAAA;AAAA,IAC1D,CAAA;AAAA,IACA,aAAa,KAAA,EAAO;AAClB,MAAA,OAAa,YAAA,CAAa,QAAQ,KAAK,CAAA;AAAA,IACzC,CAAA;AAAA,IACA,WAAA,GAAc;AACZ,MAAA,OAAa,YAAY,MAAM,CAAA;AAAA,IACjC,CAAA;AAAA,IACA,GAAA,EAAK;AAAA,MACH,SAAA,EAAW,CAAC,UAAA,KAAsB,SAAA,CAAU,QAAQ,UAAU,CAAA;AAAA,MAC9D,UAAU,CAAC,UAAA,EAAY,UAAiB,QAAA,CAAS,MAAA,EAAQ,YAAY,KAAK;AAAA;AAC5E,GACF;AAGA,EAAA,MAAM,SAAS,EAAE,GAAG,QAAA,EAAU,GAAG,SAAS,GAAA,EAAI;AAC9C,EAAA,MAAA,CAAO,cAAA,CAAe,QAAQ,YAAA,EAAc;AAAA,IAC1C,KAAA,EAAO,QAAA;AAAA,IACP,UAAA,EAAY,KAAA;AAAA,IACZ,YAAA,EAAc,KAAA;AAAA,IACd,QAAA,EAAU;AAAA,GACX,CAAA;AAKD,EAAA,KAAK,SAAA,CAAU,QAAQ,CAAA,CAAE,KAAA,CAAM,CAAC,GAAA,KAAQ;AACtC,IAAA,QAAA,CAAS,GAAA,CAAI,MAAA,CAAO,KAAA,CAAM,sBAAA,EAAwB,GAAG,CAAA;AAAA,EACvD,CAAC,CAAA;AAED,EAAA,OAAO,MAAA;AACT","file":"index.js","sourcesContent":["export class HoleauthError extends Error {\n readonly code: string;\n readonly status: number;\n constructor(code: string, message: string, status = 400) {\n super(message);\n this.name = 'HoleauthError';\n this.code = code;\n this.status = status;\n }\n}\nexport class InvalidTokenError extends HoleauthError {\n constructor(message = 'Invalid token') { super('INVALID_TOKEN', message, 401); }\n}\nexport class SessionExpiredError extends HoleauthError {\n constructor(message = 'Session expired') { super('SESSION_EXPIRED', message, 401); }\n}\nexport class AdapterError extends HoleauthError {\n constructor(message = 'Adapter error') { super('ADAPTER_ERROR', message, 500); }\n}\nexport class ProviderError extends HoleauthError {\n constructor(message = 'Provider error') { super('PROVIDER_ERROR', message, 502); }\n}\nexport class CsrfError extends HoleauthError {\n constructor(message = 'CSRF validation failed') { super('CSRF_FAILED', message, 403); }\n}\nexport class CredentialsError extends HoleauthError {\n constructor(message = 'Invalid credentials') { super('INVALID_CREDENTIALS', message, 401); }\n}\nexport class AccountConflictError extends HoleauthError {\n constructor(message = 'Account conflict') { super('ACCOUNT_CONFLICT', message, 409); }\n}\nexport class RefreshReuseError extends HoleauthError {\n constructor(message = 'Refresh token reuse detected') { super('REFRESH_REUSE', message, 401); }\n}\nexport class PendingChallengeError extends HoleauthError {\n constructor(message = 'Pending challenge required') { super('PENDING_CHALLENGE', message, 401); }\n}\nexport class RegistrationDisabledError extends HoleauthError {\n constructor(message = 'Self-registration is disabled') { super('REGISTRATION_DISABLED', message, 403); }\n}\nexport class NotSupportedError extends HoleauthError {\n constructor(message = 'Operation not supported by adapter') { super('NOT_SUPPORTED', message, 501); }\n}\n","import { SignJWT, jwtVerify, decodeJwt, type JWTPayload } from 'jose';\nimport { InvalidTokenError } from '../errors/index.js';\n\nfunction toKey(secret: string | Uint8Array): Uint8Array {\n return typeof secret === 'string' ? new TextEncoder().encode(secret) : secret;\n}\n\nexport interface SignOptions {\n issuer?: string;\n audience?: string;\n subject?: string;\n expiresIn?: string | number; // e.g. '15m' or seconds\n jti?: string;\n}\n\nexport async function sign(\n payload: JWTPayload,\n secret: string | Uint8Array,\n opts: SignOptions = {},\n): Promise<string> {\n const jwt = new SignJWT(payload).setProtectedHeader({ alg: 'HS256' }).setIssuedAt();\n if (opts.issuer) jwt.setIssuer(opts.issuer);\n if (opts.audience) jwt.setAudience(opts.audience);\n if (opts.subject) jwt.setSubject(opts.subject);\n if (opts.jti) jwt.setJti(opts.jti);\n if (opts.expiresIn !== undefined) jwt.setExpirationTime(opts.expiresIn);\n return jwt.sign(toKey(secret));\n}\n\nexport async function verify<T extends JWTPayload = JWTPayload>(\n token: string,\n secret: string | Uint8Array,\n): Promise<T> {\n try {\n const { payload } = await jwtVerify(token, toKey(secret));\n return payload as T;\n } catch (e) {\n throw new InvalidTokenError((e as Error).message);\n }\n}\n\nexport function decode<T extends JWTPayload = JWTPayload>(token: string): T {\n try {\n return decodeJwt(token) as T;\n } catch (e) {\n throw new InvalidTokenError((e as Error).message);\n }\n}\n","export { issueSession, type IssueInput } from './issue.js';\nexport { rotateRefresh } from './rotate.js';\nexport { validateSession } from './validate.js';\nexport { revokeSession, revokeByRefresh, revokeAllForUser } from './revoke.js';\nexport { sha256b64url } from './hash.js';\nexport {\n getSessionOrRefresh,\n type GetSessionOrRefreshInput,\n type GetSessionOrRefreshResult,\n} from './get-or-refresh.js';\n","/**\n * Double-submit CSRF protection.\n * The cookie holeauth.csrf is readable by JS (httpOnly:false). The client\n * echoes its value in header `x-csrf-token`; the server compares the two.\n * Because cross-origin JS cannot read the cookie, an attacker cannot mint\n * a matching header, defeating the cross-site POST scenario.\n */\n\nconst b64urlChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';\n\nexport function generateCsrfToken(): string {\n const bytes = crypto.getRandomValues(new Uint8Array(32));\n let out = '';\n for (const b of bytes) out += b64urlChars[b % 64];\n return out;\n}\n\n/** Constant-time compare. */\nexport function verifyCsrf(cookieValue: string | undefined, headerValue: string | undefined): boolean {\n if (!cookieValue || !headerValue) return false;\n if (cookieValue.length !== headerValue.length) return false;\n let diff = 0;\n for (let i = 0; i < cookieValue.length; i++) {\n diff |= cookieValue.charCodeAt(i) ^ headerValue.charCodeAt(i);\n }\n return diff === 0;\n}\n\nexport const CSRF_HEADER = 'x-csrf-token';\n","import type { HoleauthConfig } from '../types/index.js';\nimport type { HoleauthEvent } from './types.js';\n\ntype Handler = (e: HoleauthEvent) => void | Promise<void>;\n\ninterface EventBus {\n byType: Map<string, Set<Handler>>;\n wildcard: Set<Handler>;\n}\n\nconst busByConfig = new WeakMap<HoleauthConfig, EventBus>();\n\nfunction getBus(cfg: HoleauthConfig): EventBus {\n let bus = busByConfig.get(cfg);\n if (!bus) {\n bus = { byType: new Map(), wildcard: new Set() };\n busByConfig.set(cfg, bus);\n }\n return bus;\n}\n\n/** Subscribe to an event type. Use '*' to match all events. Returns an unsubscribe fn. */\nexport function subscribe(cfg: HoleauthConfig, type: string, handler: Handler): () => void {\n const bus = getBus(cfg);\n if (type === '*') {\n bus.wildcard.add(handler);\n return () => bus.wildcard.delete(handler);\n }\n let set = bus.byType.get(type);\n if (!set) {\n set = new Set();\n bus.byType.set(type, set);\n }\n set.add(handler);\n return () => set!.delete(handler);\n}\n\nexport function unsubscribe(cfg: HoleauthConfig, type: string, handler: Handler): void {\n const bus = getBus(cfg);\n if (type === '*') {\n bus.wildcard.delete(handler);\n return;\n }\n bus.byType.get(type)?.delete(handler);\n}\n\n/**\n * emit() persists the event via the mandatory AuditLogAdapter and\n * additionally fans out to all subscribers (typed + wildcard) plus the\n * legacy `cfg.onEvent` hook — all fire-and-forget so business flows are\n * never blocked by observer failures.\n *\n * Callers MUST await emit(): audit persistence is a hard requirement.\n */\nexport async function emit(cfg: HoleauthConfig, event: HoleauthEvent): Promise<void> {\n const withTimestamp: HoleauthEvent = { at: new Date(), ...event };\n await cfg.adapters.auditLog.record(withTimestamp);\n\n const bus = getBus(cfg);\n const typed = bus.byType.get(withTimestamp.type);\n const fire = (h: Handler) => {\n Promise.resolve()\n .then(() => h(withTimestamp))\n .catch(() => { /* observer errors do not propagate */ });\n };\n if (typed) for (const h of typed) fire(h);\n for (const h of bus.wildcard) fire(h);\n\n if (cfg.onEvent) {\n Promise.resolve()\n .then(() => cfg.onEvent?.(withTimestamp))\n .catch(() => { /* observer errors do not propagate */ });\n }\n}\n","/**\n * Per-config hook runner attachment. Stored via WeakMap so the runner is\n * reachable from low-level helpers (session/issue, session/rotate, …)\n * without threading it through every signature.\n *\n * `defineHoleauth()` attaches the runner once at instance creation.\n */\nimport type { HoleauthConfig } from '../types/index.js';\nimport type { HookRunner } from './registry.js';\n\nconst runners = new WeakMap<HoleauthConfig, HookRunner>();\n\nexport function attachHookRunner(cfg: HoleauthConfig, runner: HookRunner): void {\n runners.set(cfg, runner);\n}\n\nconst NOOP: HookRunner = {\n async runRegisterBefore() {},\n async runRegisterAfter() {},\n async runSignInBefore() {},\n async runSignInChallenge() { return null; },\n async runSignInAfter() {},\n async runSignOutAfter() {},\n async runRefreshBefore() {},\n async runRefreshAfter() {},\n async runPasswordChangeBefore() {},\n async runPasswordChangeAfter() {},\n async runPasswordResetBefore() {},\n async runPasswordResetAfter() {},\n async runUserUpdateAfter() {},\n async runUserDeleteAfter() {},\n async runSessionIssue() {},\n async runSessionRotate() {},\n async runSessionRevoke() {},\n};\n\nexport function getHookRunner(cfg: HoleauthConfig): HookRunner {\n return runners.get(cfg) ?? NOOP;\n}\n","/** SHA-256 → base64url. Works on Node 20+ and all Edge runtimes. */\nexport async function sha256b64url(input: string): Promise<string> {\n const buf = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(input));\n const bytes = new Uint8Array(buf);\n let s = '';\n for (const b of bytes) s += String.fromCharCode(b);\n return btoa(s).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n","import type { HoleauthConfig, IssuedTokens } from '../types/index.js';\nimport { sign } from '../jwt/index.js';\nimport { generateCsrfToken } from '../cookies/csrf.js';\nimport { emit } from '../events/emitter.js';\nimport { getHookRunner } from '../plugins/runner-ref.js';\nimport { sha256b64url } from './hash.js';\n\nconst ACCESS_DEFAULT = 900; // 15m\nconst REFRESH_DEFAULT = 2592000; // 30d\n\nexport interface IssueInput {\n userId: string;\n /** Omit to start a fresh family (e.g. on a real login). */\n familyId?: string;\n ip?: string | null;\n userAgent?: string | null;\n}\n\n/**\n * Mint a brand new session row + JWT pair + CSRF token.\n * Used by: fresh login, passkey login, SSO callback, 2FA verify.\n */\nexport async function issueSession(cfg: HoleauthConfig, input: IssueInput): Promise<IssuedTokens> {\n const accessTtl = cfg.tokens?.accessTtl ?? ACCESS_DEFAULT;\n const refreshTtl = cfg.tokens?.refreshTtl ?? REFRESH_DEFAULT;\n const now = Math.floor(Date.now() / 1000);\n\n const familyId = input.familyId ?? crypto.randomUUID();\n const sessionId = crypto.randomUUID();\n const nonce = crypto.randomUUID();\n\n const [accessToken, refreshToken] = await Promise.all([\n sign(\n { sid: sessionId, sub: input.userId, fam: familyId, nce: nonce },\n cfg.secrets.jwtSecret,\n { expiresIn: `${accessTtl}s` },\n ),\n sign(\n { sid: sessionId, sub: input.userId, fam: familyId, typ: 'refresh', nce: nonce },\n cfg.secrets.jwtSecret,\n { expiresIn: `${refreshTtl}s`, jti: nonce },\n ),\n ]);\n const refreshTokenHash = await sha256b64url(refreshToken);\n\n await cfg.adapters.session.createSession({\n id: sessionId,\n userId: input.userId,\n familyId,\n refreshTokenHash,\n expiresAt: new Date((now + refreshTtl) * 1000),\n createdAt: new Date(),\n revokedAt: null,\n ip: input.ip ?? null,\n userAgent: input.userAgent ?? null,\n });\n\n const csrfToken = generateCsrfToken();\n\n await emit(cfg, {\n type: 'session.created',\n userId: input.userId,\n sessionId,\n ip: input.ip ?? null,\n userAgent: input.userAgent ?? null,\n data: { familyId },\n });\n await getHookRunner(cfg).runSessionIssue({ userId: input.userId, sessionId, familyId });\n\n return {\n accessToken,\n refreshToken,\n csrfToken,\n sessionId,\n familyId,\n accessExpiresAt: (now + accessTtl) * 1000,\n refreshExpiresAt: (now + refreshTtl) * 1000,\n };\n}\n","import type { HoleauthConfig, IssuedTokens } from '../types/index.js';\nimport { sign, verify } from '../jwt/index.js';\nimport { generateCsrfToken } from '../cookies/csrf.js';\nimport { emit } from '../events/emitter.js';\nimport { getHookRunner } from '../plugins/runner-ref.js';\nimport { sha256b64url } from './hash.js';\nimport { InvalidTokenError, RefreshReuseError, SessionExpiredError } from '../errors/index.js';\n\nconst ACCESS_DEFAULT = 900;\nconst REFRESH_DEFAULT = 2592000;\n\n/**\n * Rotate-on-use with reuse detection.\n *\n * 1. Decode refresh JWT → recover sid, fam, sub.\n * 2. Hash presented token; look it up.\n * - If not found, the token was already rotated away → reuse! Revoke family.\n * 3. Issue new access + refresh, rotate hash in storage atomically.\n *\n * Returns a fresh IssuedTokens tuple. Session id + family stay stable.\n */\nexport async function rotateRefresh(\n cfg: HoleauthConfig,\n presentedRefresh: string,\n meta: { ip?: string | null; userAgent?: string | null } = {},\n): Promise<IssuedTokens> {\n let claims: { sid?: string; sub?: string; fam?: string; typ?: string; exp?: number };\n try {\n claims = await verify(presentedRefresh, cfg.secrets.jwtSecret);\n } catch {\n throw new InvalidTokenError('refresh token invalid');\n }\n if (claims.typ !== 'refresh' || !claims.sid || !claims.sub || !claims.fam) {\n throw new InvalidTokenError('refresh claims malformed');\n }\n\n const presentedHash = await sha256b64url(presentedRefresh);\n const found = await cfg.adapters.session.getByRefreshHash(presentedHash);\n\n if (!found || found.revokedAt) {\n // Reuse detected — revoke whole family, record an event, throw.\n await cfg.adapters.session.revokeFamily(claims.fam);\n await emit(cfg, {\n type: 'session.reuse_detected',\n userId: claims.sub,\n sessionId: claims.sid,\n ip: meta.ip ?? null,\n userAgent: meta.userAgent ?? null,\n data: { familyId: claims.fam },\n });\n throw new RefreshReuseError();\n }\n\n if (found.expiresAt.getTime() < Date.now()) {\n await cfg.adapters.session.revokeFamily(claims.fam);\n throw new SessionExpiredError();\n }\n\n const accessTtl = cfg.tokens?.accessTtl ?? ACCESS_DEFAULT;\n const refreshTtl = cfg.tokens?.refreshTtl ?? REFRESH_DEFAULT;\n const now = Math.floor(Date.now() / 1000);\n const nonce = crypto.randomUUID();\n\n const [accessToken, refreshToken] = await Promise.all([\n sign(\n { sid: found.id, sub: found.userId, fam: found.familyId, nce: nonce },\n cfg.secrets.jwtSecret,\n { expiresIn: `${accessTtl}s` },\n ),\n sign(\n { sid: found.id, sub: found.userId, fam: found.familyId, typ: 'refresh', nce: nonce },\n cfg.secrets.jwtSecret,\n { expiresIn: `${refreshTtl}s`, jti: nonce },\n ),\n ]);\n const newHash = await sha256b64url(refreshToken);\n await cfg.adapters.session.rotateRefresh(\n found.id,\n newHash,\n new Date((now + refreshTtl) * 1000),\n );\n\n await emit(cfg, {\n type: 'session.rotated',\n userId: found.userId,\n sessionId: found.id,\n ip: meta.ip ?? null,\n userAgent: meta.userAgent ?? null,\n data: { familyId: found.familyId },\n });\n await getHookRunner(cfg).runSessionRotate({\n userId: found.userId,\n sessionId: found.id,\n familyId: found.familyId,\n });\n\n return {\n accessToken,\n refreshToken,\n csrfToken: generateCsrfToken(),\n sessionId: found.id,\n familyId: found.familyId,\n accessExpiresAt: (now + accessTtl) * 1000,\n refreshExpiresAt: (now + refreshTtl) * 1000,\n };\n}\n","import type { HoleauthConfig, SessionData } from '../types/index.js';\nimport { verify } from '../jwt/index.js';\n\n/**\n * Edge-compatible: verifies the access JWT only. Does not touch adapters.\n * Use this in middleware / hot paths.\n */\nexport async function validateSession(cfg: HoleauthConfig, token: string): Promise<SessionData | null> {\n try {\n const p = await verify<{ sid: string; sub: string; fam?: string; exp?: number }>(\n token,\n cfg.secrets.jwtSecret,\n );\n if (!p.sid || !p.sub) return null;\n return {\n sessionId: p.sid,\n userId: p.sub,\n expiresAt: (p.exp ?? 0) * 1000,\n familyId: p.fam,\n };\n } catch {\n return null;\n }\n}\n","import type { HoleauthConfig } from '../types/index.js';\nimport { verify } from '../jwt/index.js';\nimport { emit } from '../events/emitter.js';\nimport { getHookRunner } from '../plugins/runner-ref.js';\n\n/** Revoke a single session by id (signout). */\nexport async function revokeSession(cfg: HoleauthConfig, sessionId: string, userId?: string): Promise<void> {\n await cfg.adapters.session.deleteSession(sessionId);\n await emit(cfg, {\n type: 'session.revoked',\n userId: userId ?? null,\n sessionId,\n });\n await getHookRunner(cfg).runSessionRevoke({ userId: userId ?? null, sessionId });\n}\n\n/** Revoke by presented refresh token (best-effort). */\nexport async function revokeByRefresh(cfg: HoleauthConfig, refreshToken: string): Promise<void> {\n try {\n const p = await verify<{ sid?: string; sub?: string }>(refreshToken, cfg.secrets.jwtSecret);\n if (p.sid) {\n await cfg.adapters.session.deleteSession(p.sid);\n await emit(cfg, { type: 'session.revoked', userId: p.sub ?? null, sessionId: p.sid });\n await getHookRunner(cfg).runSessionRevoke({ userId: p.sub ?? null, sessionId: p.sid });\n }\n } catch { /* ignore */ }\n}\n\n/** Global signout — all sessions for a user. */\nexport async function revokeAllForUser(cfg: HoleauthConfig, userId: string): Promise<void> {\n if (cfg.adapters.session.revokeUser) {\n await cfg.adapters.session.revokeUser(userId);\n await emit(cfg, { type: 'session.revoked', userId, data: { scope: 'all' } });\n await getHookRunner(cfg).runSessionRevoke({ userId, sessionId: null, scope: 'all' });\n }\n}\n","import type {\n HoleauthInstance,\n IssuedTokens,\n SessionData,\n} from '../types/index.js';\nimport { validateSession } from './validate.js';\n\nexport interface GetSessionOrRefreshInput {\n /** Current access token (if any). */\n accessToken?: string | null;\n /** Current refresh token (if any). When present, used to rotate on access miss. */\n refreshToken?: string | null;\n /** Request metadata, forwarded to refresh hooks/audit log. */\n ip?: string;\n userAgent?: string;\n}\n\nexport interface GetSessionOrRefreshResult {\n /** Resolved session, or null if both validation and refresh failed. */\n session: SessionData | null;\n /** Freshly-issued token bundle when a refresh actually occurred. */\n tokens: IssuedTokens | null;\n /** True if this call rotated the refresh token. */\n refreshed: boolean;\n}\n\n/**\n * Validate the access token and, if invalid/missing, transparently rotate the\n * refresh token to obtain a new session. Framework-agnostic — used by the\n * Next.js middleware/server helpers and intended for consumption from API\n * server middleware (tRPC, Hono, plain route handlers, …).\n *\n * Cookies are NOT touched here; the caller decides how to surface the new\n * token bundle (Set-Cookie headers, in-memory store, etc.).\n *\n * Returns:\n * - `session` the resolved session (or `null`),\n * - `tokens` the newly-issued token bundle when a refresh occurred,\n * - `refreshed` whether rotation happened.\n *\n * @example\n * ```ts\n * const { session, tokens } = await getSessionOrRefresh(auth, {\n * accessToken: req.cookies.get('holeauth.at')?.value,\n * refreshToken: req.cookies.get('holeauth.rt')?.value,\n * ip, userAgent,\n * });\n * if (tokens) writeAuthCookies(auth.config, res.headers, tokens);\n * ```\n */\nexport async function getSessionOrRefresh(\n instance: HoleauthInstance,\n input: GetSessionOrRefreshInput,\n): Promise<GetSessionOrRefreshResult> {\n const { accessToken, refreshToken, ip, userAgent } = input;\n\n // 1. Fast path: valid access token.\n if (accessToken) {\n const session = await validateSession(instance.config, accessToken);\n if (session && session.expiresAt > Date.now()) {\n return { session, tokens: null, refreshed: false };\n }\n }\n\n // 2. Refresh fallback.\n if (!refreshToken) {\n return { session: null, tokens: null, refreshed: false };\n }\n\n let tokens: IssuedTokens;\n try {\n tokens = await instance.refresh({ refreshToken, ip, userAgent });\n } catch {\n // Reuse, expiry, malformed — caller should clear cookies.\n return { session: null, tokens: null, refreshed: false };\n }\n\n const session = await validateSession(instance.config, tokens.accessToken);\n return { session, tokens, refreshed: true };\n}\n","/**\n * Runtime-agnostic password hashing.\n * - Node: tries to load @node-rs/argon2 (optionalDependency).\n * - Edge / fallback: PBKDF2 via WebCrypto (SHA-256, 100k iterations).\n *\n * Hash format: \"<scheme>$<params>$<salt_b64>$<hash_b64>\"\n * scheme = \"argon2id\" | \"pbkdf2-sha256\"\n */\n\nconst ITER = 100_000;\nconst KEYLEN = 32;\nconst SALT_LEN = 16;\n\nfunction b64(buf: ArrayBuffer | Uint8Array): string {\n const bytes = buf instanceof Uint8Array ? buf : new Uint8Array(buf);\n let s = ''; for (const b of bytes) s += String.fromCharCode(b);\n return btoa(s);\n}\nfunction fromB64(s: string): Uint8Array {\n const bin = atob(s); const out = new Uint8Array(bin.length);\n for (let i = 0; i < bin.length; i++) out[i] = bin.charCodeAt(i);\n return out;\n}\n\nasync function pbkdf2Hash(password: string, salt: Uint8Array): Promise<Uint8Array> {\n const keyMaterial = new TextEncoder().encode(password);\n const key = await crypto.subtle.importKey('raw', keyMaterial as BufferSource, 'PBKDF2', false, ['deriveBits']);\n const bits = await crypto.subtle.deriveBits(\n { name: 'PBKDF2', salt: salt as BufferSource, iterations: ITER, hash: 'SHA-256' },\n key,\n KEYLEN * 8,\n );\n return new Uint8Array(bits);\n}\n\nasync function tryArgon2(): Promise<typeof import('@node-rs/argon2') | null> {\n try {\n // Use a regular dynamic import with bundler-ignore magic comments.\n // `@node-rs/argon2` is declared in `serverExternalPackages` by consumers\n // (Next.js) and is an optional peer of this package, so Node's native\n // resolver handles it at runtime.\n const mod = (await import(\n /* webpackIgnore: true */ /* turbopackIgnore: true */ /* @vite-ignore */\n '@node-rs/argon2'\n ).catch(() => null)) as typeof import('@node-rs/argon2') | null;\n return mod ?? null;\n } catch {\n return null;\n }\n}\n\nexport async function hash(password: string): Promise<string> {\n const argon = await tryArgon2();\n if (argon) {\n return argon.hash(password); // native argon2id encoded string\n }\n const salt = crypto.getRandomValues(new Uint8Array(SALT_LEN));\n const h = await pbkdf2Hash(password, salt);\n return `pbkdf2-sha256$${ITER}$${b64(salt)}$${b64(h)}`;\n}\n\nexport async function verify(password: string, stored: string): Promise<boolean> {\n if (stored.startsWith('$argon2')) {\n const argon = await tryArgon2();\n if (!argon) return false;\n return argon.verify(stored, password);\n }\n const [scheme, iterStr, saltB64, hashB64] = stored.split('$');\n if (scheme !== 'pbkdf2-sha256' || !iterStr || !saltB64 || !hashB64) return false;\n const salt = fromB64(saltB64);\n const expected = fromB64(hashB64);\n const keyMaterial = new TextEncoder().encode(password);\n const key = await crypto.subtle.importKey('raw', keyMaterial as BufferSource, 'PBKDF2', false, ['deriveBits']);\n const bits = await crypto.subtle.deriveBits(\n { name: 'PBKDF2', salt: salt as BufferSource, iterations: Number(iterStr), hash: 'SHA-256' },\n key,\n expected.length * 8,\n );\n const out = new Uint8Array(bits);\n if (out.length !== expected.length) return false;\n let diff = 0;\n for (let i = 0; i < out.length; i++) diff |= out[i]! ^ expected[i]!;\n return diff === 0;\n}\n","/**\n * Email / numeric OTP helpers. The mailer itself is adapter-injected.\n */\nexport function generateNumericOtp(length = 6): string {\n const max = 10 ** length;\n const n = crypto.getRandomValues(new Uint32Array(1))[0]! % max;\n return n.toString().padStart(length, '0');\n}\n\nexport interface OtpChallenge {\n code: string;\n expiresAt: number;\n}\n\nexport function createChallenge(ttlSeconds = 600, length = 6): OtpChallenge {\n return { code: generateNumericOtp(length), expiresAt: Date.now() + ttlSeconds * 1000 };\n}\n\nexport function isExpired(challenge: OtpChallenge): boolean {\n return Date.now() > challenge.expiresAt;\n}\n","export * from './client.js';\nexport { authorize, findProvider } from './authorize.js';\nexport { callback } from './callback.js';\nexport * from './providers/index.js';\n","/**\n * Generic OAuth2/OIDC PKCE client helpers.\n * High-level per-provider flows live in ./authorize.ts and ./callback.ts.\n */\nimport { ProviderError } from '../errors/index.js';\n\nexport interface AuthorizeParams {\n issuerAuthUrl: string;\n clientId: string;\n redirectUri: string;\n scopes?: string[];\n state: string;\n codeChallenge: string;\n nonce?: string;\n /** Extra params merged into the query string. */\n extra?: Record<string, string>;\n}\n\nexport function buildAuthorizeUrl(p: AuthorizeParams): string {\n const url = new URL(p.issuerAuthUrl);\n url.searchParams.set('response_type', 'code');\n url.searchParams.set('client_id', p.clientId);\n url.searchParams.set('redirect_uri', p.redirectUri);\n url.searchParams.set('scope', (p.scopes ?? ['openid', 'email', 'profile']).join(' '));\n url.searchParams.set('state', p.state);\n url.searchParams.set('code_challenge', p.codeChallenge);\n url.searchParams.set('code_challenge_method', 'S256');\n if (p.nonce) url.searchParams.set('nonce', p.nonce);\n for (const [k, v] of Object.entries(p.extra ?? {})) url.searchParams.set(k, v);\n return url.toString();\n}\n\nexport async function generatePkcePair(): Promise<{ verifier: string; challenge: string }> {\n const bytes = crypto.getRandomValues(new Uint8Array(32));\n const verifier = base64url(bytes);\n const hash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(verifier));\n return { verifier, challenge: base64url(new Uint8Array(hash)) };\n}\n\nexport function generateState(): string {\n return base64url(crypto.getRandomValues(new Uint8Array(16)));\n}\n\nexport function generateNonce(): string {\n return base64url(crypto.getRandomValues(new Uint8Array(16)));\n}\n\nexport interface TokenExchangeInput {\n tokenUrl: string;\n clientId: string;\n clientSecret: string;\n redirectUri: string;\n code: string;\n codeVerifier: string;\n}\n\nexport async function exchangeCode(i: TokenExchangeInput): Promise<Record<string, unknown>> {\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n code: i.code,\n redirect_uri: i.redirectUri,\n client_id: i.clientId,\n client_secret: i.clientSecret,\n code_verifier: i.codeVerifier,\n });\n const res = await fetch(i.tokenUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded', Accept: 'application/json' },\n body,\n });\n if (!res.ok) throw new ProviderError(`Token exchange failed: ${res.status}`);\n return (await res.json()) as Record<string, unknown>;\n}\n\nexport async function fetchUserInfo(\n userinfoUrl: string,\n accessToken: string,\n): Promise<Record<string, unknown>> {\n const res = await fetch(userinfoUrl, {\n headers: { Authorization: `Bearer ${accessToken}`, Accept: 'application/json' },\n });\n if (!res.ok) throw new ProviderError(`Userinfo failed: ${res.status}`);\n return (await res.json()) as Record<string, unknown>;\n}\n\nexport function base64url(bytes: Uint8Array): string {\n let s = ''; for (const b of bytes) s += String.fromCharCode(b);\n return btoa(s).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n","import type { HoleauthConfig, ProviderConfig } from '../types/index.js';\nimport { ProviderError } from '../errors/index.js';\nimport { buildAuthorizeUrl, generatePkcePair, generateState, generateNonce } from './client.js';\nimport { emit } from '../events/emitter.js';\n\nexport function findProvider(cfg: HoleauthConfig, id: string): ProviderConfig {\n const p = cfg.providers?.find((x) => x.id === id);\n if (!p) throw new ProviderError(`unknown provider: ${id}`);\n return p;\n}\n\n/**\n * Begin the SSO hop. Returns a URL to redirect the user to, plus state +\n * PKCE verifier the caller must persist (typically in httpOnly cookies)\n * to validate the callback.\n */\nexport async function authorize(\n cfg: HoleauthConfig,\n providerId: string,\n): Promise<{ url: string; state: string; codeVerifier: string; nonce?: string }> {\n const p = findProvider(cfg, providerId);\n const state = generateState();\n const { verifier, challenge } = await generatePkcePair();\n const nonce = p.kind === 'oidc' ? generateNonce() : undefined;\n\n const url = buildAuthorizeUrl({\n issuerAuthUrl: p.authorizationUrl,\n clientId: p.clientId,\n redirectUri: p.redirectUri,\n scopes: p.scopes,\n state,\n codeChallenge: challenge,\n nonce,\n });\n\n await emit(cfg, { type: 'sso.authorize', data: { provider: providerId } });\n return { url, state, codeVerifier: verifier, nonce };\n}\n","import type { HoleauthConfig, IssuedTokens, ProviderConfig } from '../types/index.js';\nimport type { AdapterUser } from '../adapters/index.js';\nimport { findProvider } from './authorize.js';\nimport { exchangeCode, fetchUserInfo } from './client.js';\nimport { decode } from '../jwt/index.js';\nimport { issueSession } from '../session/issue.js';\nimport { AccountConflictError, ProviderError } from '../errors/index.js';\nimport { emit } from '../events/emitter.js';\n\nexport interface CallbackInput {\n code: string;\n state: string;\n codeVerifier: string;\n ip?: string;\n userAgent?: string;\n}\n\ninterface NormalisedProfile {\n providerAccountId: string;\n email: string;\n name?: string | null;\n image?: string | null;\n emailVerified: boolean;\n}\n\nasync function exchangeAndProfile(\n p: ProviderConfig,\n input: CallbackInput,\n): Promise<{ tokens: Record<string, unknown>; profile: NormalisedProfile }> {\n const tokens = await exchangeCode({\n tokenUrl: p.tokenUrl,\n clientId: p.clientId,\n clientSecret: p.clientSecret,\n redirectUri: p.redirectUri,\n code: input.code,\n codeVerifier: input.codeVerifier,\n });\n\n const accessToken = typeof tokens.access_token === 'string' ? tokens.access_token : null;\n if (!accessToken) throw new ProviderError('no access_token in response');\n\n if (p.kind === 'oidc') {\n const idToken = typeof tokens.id_token === 'string' ? tokens.id_token : null;\n if (idToken) {\n const claims = decode<{\n sub?: string;\n email?: string;\n email_verified?: boolean;\n name?: string;\n picture?: string;\n }>(idToken);\n if (claims.sub && claims.email) {\n return {\n tokens,\n profile: {\n providerAccountId: claims.sub,\n email: claims.email.toLowerCase(),\n name: claims.name ?? null,\n image: claims.picture ?? null,\n emailVerified: claims.email_verified ?? false,\n },\n };\n }\n }\n // Fall back to userinfo\n const ui = await fetchUserInfo(p.userinfoUrl, accessToken);\n const sub = (ui.sub ?? '') as string;\n const email = typeof ui.email === 'string' ? ui.email.toLowerCase() : '';\n if (!sub || !email) throw new ProviderError('userinfo missing sub/email');\n return {\n tokens,\n profile: {\n providerAccountId: sub,\n email,\n name: (ui.name as string | null) ?? null,\n image: (ui.picture as string | null) ?? null,\n emailVerified: Boolean(ui.email_verified),\n },\n };\n }\n\n // oauth2\n const raw = await fetchUserInfo(p.userinfoUrl, accessToken);\n const mapped = p.profile(raw);\n if (!mapped.providerAccountId) throw new ProviderError('provider profile missing id');\n // GitHub may return null email — fall back to /user/emails.\n let email = mapped.email.toLowerCase();\n let verified = false;\n if (!email && p.id === 'github') {\n const emails = (await fetchUserInfo('https://api.github.com/user/emails', accessToken)) as unknown as Array<{\n email: string;\n primary: boolean;\n verified: boolean;\n }>;\n const primary = Array.isArray(emails) ? emails.find((e) => e.primary) : undefined;\n if (primary) {\n email = primary.email.toLowerCase();\n verified = primary.verified;\n }\n }\n if (!email) throw new ProviderError('provider did not return an email');\n return {\n tokens,\n profile: {\n providerAccountId: mapped.providerAccountId,\n email,\n name: mapped.name ?? null,\n image: mapped.image ?? null,\n emailVerified: verified,\n },\n };\n}\n\nasync function resolveUser(\n cfg: HoleauthConfig,\n provider: ProviderConfig,\n profile: NormalisedProfile,\n rawTokens: Record<string, unknown>,\n): Promise<AdapterUser> {\n const account = cfg.adapters.account;\n\n // 1. Try existing link\n if (account) {\n const existing = await account.getAccountByProvider(provider.id, profile.providerAccountId);\n if (existing) {\n const u = await cfg.adapters.user.getUserById(existing.userId);\n if (u) return u;\n }\n }\n\n // 2. Try user by email (potential linking)\n const byEmail = await cfg.adapters.user.getUserByEmail(profile.email);\n if (byEmail) {\n if (!cfg.allowDangerousEmailAccountLinking || !profile.emailVerified) {\n throw new AccountConflictError(\n `an account with email ${profile.email} already exists; enable allowDangerousEmailAccountLinking or sign in with password first`,\n );\n }\n // Auto-link\n if (account) {\n const linked = await account.linkAccount({\n userId: byEmail.id,\n provider: provider.id,\n providerAccountId: profile.providerAccountId,\n email: profile.email,\n accessToken: (rawTokens.access_token as string) ?? null,\n refreshToken: (rawTokens.refresh_token as string) ?? null,\n idToken: (rawTokens.id_token as string) ?? null,\n tokenType: (rawTokens.token_type as string) ?? null,\n scope: (rawTokens.scope as string) ?? null,\n expiresAt: typeof rawTokens.expires_in === 'number'\n ? new Date(Date.now() + (rawTokens.expires_in as number) * 1000)\n : null,\n });\n await emit(cfg, {\n type: 'account.linked',\n userId: byEmail.id,\n data: { provider: provider.id, accountId: linked.id, auto: true },\n });\n }\n return byEmail;\n }\n\n // 3. Create user + (maybe) link\n const user = await cfg.adapters.user.createUser({\n email: profile.email,\n name: profile.name ?? null,\n image: profile.image ?? null,\n emailVerified: profile.emailVerified ? new Date() : null,\n });\n if (account) {\n const linked = await account.linkAccount({\n userId: user.id,\n provider: provider.id,\n providerAccountId: profile.providerAccountId,\n email: profile.email,\n accessToken: (rawTokens.access_token as string) ?? null,\n refreshToken: (rawTokens.refresh_token as string) ?? null,\n idToken: (rawTokens.id_token as string) ?? null,\n tokenType: (rawTokens.token_type as string) ?? null,\n scope: (rawTokens.scope as string) ?? null,\n expiresAt: typeof rawTokens.expires_in === 'number'\n ? new Date(Date.now() + (rawTokens.expires_in as number) * 1000)\n : null,\n });\n await emit(cfg, {\n type: 'account.linked',\n userId: user.id,\n data: { provider: provider.id, accountId: linked.id, onCreate: true },\n });\n }\n return user;\n}\n\nexport async function callback(\n cfg: HoleauthConfig,\n providerId: string,\n input: CallbackInput,\n): Promise<{ user: AdapterUser; tokens: IssuedTokens }> {\n const p = findProvider(cfg, providerId);\n try {\n const { tokens: rawTokens, profile } = await exchangeAndProfile(p, input);\n const user = await resolveUser(cfg, p, profile, rawTokens);\n\n const tokens = await issueSession(cfg, {\n userId: user.id,\n ip: input.ip ?? null,\n userAgent: input.userAgent ?? null,\n });\n await emit(cfg, {\n type: 'sso.callback_ok',\n userId: user.id,\n sessionId: tokens.sessionId,\n data: { provider: providerId },\n });\n return { user, tokens };\n } catch (e) {\n await emit(cfg, {\n type: 'sso.callback_failed',\n data: { provider: providerId, error: (e as Error).message },\n });\n throw e;\n }\n}\n","import type { OIDCProviderConfig } from '../../types/index.js';\n\nexport interface GoogleOptions {\n clientId: string;\n clientSecret: string;\n redirectUri: string;\n id?: string;\n scopes?: string[];\n}\n\n/** Google OpenID Connect provider. */\nexport function GoogleProvider(opts: GoogleOptions): OIDCProviderConfig {\n return {\n kind: 'oidc',\n id: opts.id ?? 'google',\n name: 'Google',\n clientId: opts.clientId,\n clientSecret: opts.clientSecret,\n redirectUri: opts.redirectUri,\n scopes: opts.scopes ?? ['openid', 'email', 'profile'],\n issuer: 'https://accounts.google.com',\n authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n tokenUrl: 'https://oauth2.googleapis.com/token',\n userinfoUrl: 'https://openidconnect.googleapis.com/v1/userinfo',\n };\n}\n","import type { OAuth2ProviderConfig } from '../../types/index.js';\n\nexport interface GithubOptions {\n clientId: string;\n clientSecret: string;\n redirectUri: string;\n id?: string;\n scopes?: string[];\n}\n\n/** GitHub OAuth2 provider. Uses REST userinfo (no OIDC). */\nexport function GithubProvider(opts: GithubOptions): OAuth2ProviderConfig {\n return {\n kind: 'oauth2',\n id: opts.id ?? 'github',\n name: 'GitHub',\n clientId: opts.clientId,\n clientSecret: opts.clientSecret,\n redirectUri: opts.redirectUri,\n scopes: opts.scopes ?? ['read:user', 'user:email'],\n authorizationUrl: 'https://github.com/login/oauth/authorize',\n tokenUrl: 'https://github.com/login/oauth/access_token',\n userinfoUrl: 'https://api.github.com/user',\n profile: (raw) => {\n const p = (raw ?? {}) as {\n id?: number | string;\n login?: string;\n email?: string | null;\n name?: string | null;\n avatar_url?: string | null;\n };\n return {\n providerAccountId: String(p.id ?? p.login ?? ''),\n email: p.email ?? '',\n name: p.name ?? p.login ?? null,\n image: p.avatar_url ?? null,\n };\n },\n };\n}\n","/**\n * Adapter interfaces. ORM/database-specific adapters live in separate packages\n * (e.g. @holeauth/adapter-prisma, @holeauth/adapter-drizzle).\n *\n * Plugin-specific data (2FA credentials, passkeys, RBAC assignments, …)\n * is owned by the plugin's own adapter interface — never carried on the\n * User row.\n */\n\nexport interface AdapterUser {\n id: string;\n email: string;\n emailVerified?: Date | null;\n name?: string | null;\n image?: string | null;\n passwordHash?: string | null;\n}\n\nexport interface AdapterSession {\n id: string;\n userId: string;\n /** Refresh-token family (all rotations in a login chain share this). */\n familyId: string;\n /** SHA-256(refreshToken) — never store the raw token. */\n refreshTokenHash: string;\n expiresAt: Date;\n createdAt?: Date;\n revokedAt?: Date | null;\n userAgent?: string | null;\n ip?: string | null;\n}\n\nexport interface AdapterAccount {\n id: string;\n userId: string;\n provider: string;\n providerAccountId: string;\n email?: string | null;\n accessToken?: string | null;\n refreshToken?: string | null;\n expiresAt?: Date | null;\n tokenType?: string | null;\n scope?: string | null;\n idToken?: string | null;\n}\n\nexport interface AdapterVerificationToken {\n identifier: string;\n token: string;\n expiresAt: Date;\n}\n\nexport interface AdapterAuditEvent {\n id?: string;\n type: string;\n userId?: string | null;\n sessionId?: string | null;\n at?: Date;\n ip?: string | null;\n userAgent?: string | null;\n data?: Record<string, unknown> | null;\n}\n\n/* ──────────────────────────── USER ──────────────────────────── */\nexport interface UserAdapter {\n getUserById(id: string): Promise<AdapterUser | null>;\n getUserByEmail(email: string): Promise<AdapterUser | null>;\n createUser(data: Omit<AdapterUser, 'id'>): Promise<AdapterUser>;\n updateUser(id: string, patch: Partial<AdapterUser>): Promise<AdapterUser>;\n deleteUser(id: string): Promise<void>;\n}\n\n/* ─────────────────────────── SESSION ────────────────────────── */\nexport interface SessionAdapter {\n /** Persist a session using the provided id (so callers can bind tokens before write). */\n createSession(data: AdapterSession): Promise<AdapterSession>;\n getSession(id: string): Promise<AdapterSession | null>;\n getByRefreshHash(hash: string): Promise<AdapterSession | null>;\n findByFamily(familyId: string): Promise<AdapterSession[]>;\n deleteSession(id: string): Promise<void>;\n /** Replace hash+exp atomically; returns the updated session. */\n rotateRefresh(id: string, newHash: string, expiresAt: Date): Promise<AdapterSession>;\n /** Revoke all sessions in a family (reuse-detection response). */\n revokeFamily(familyId: string): Promise<void>;\n /** Revoke all sessions for a user (global signout). */\n revokeUser?(userId: string): Promise<void>;\n}\n\n/* ─────────────────────────── ACCOUNT ────────────────────────── */\nexport interface AccountAdapter {\n linkAccount(data: Omit<AdapterAccount, 'id'>): Promise<AdapterAccount>;\n getAccountByProvider(provider: string, providerAccountId: string): Promise<AdapterAccount | null>;\n getByProviderEmail?(provider: string, email: string): Promise<AdapterAccount | null>;\n listByUser(userId: string): Promise<AdapterAccount[]>;\n unlinkAccount(id: string): Promise<void>;\n}\n\n/* ─────────────────────── VERIFICATION TOKEN ─────────────────── */\nexport interface VerificationTokenAdapter {\n create(data: AdapterVerificationToken): Promise<AdapterVerificationToken>;\n consume(identifier: string, token: string): Promise<AdapterVerificationToken | null>;\n /** Optional: purge expired rows (maintenance). */\n purgeExpired?(): Promise<number>;\n /** Optional: list all rows whose identifier starts with the given prefix. */\n listByIdentifierPrefix?(prefix: string): Promise<AdapterVerificationToken[]>;\n /** Optional: delete all rows with the exact identifier. Returns number of rows removed. */\n deleteByIdentifier?(identifier: string): Promise<number>;\n}\n\n/* ───────────────────────── AUDIT LOG ────────────────────────── */\nexport interface AuditLogAdapter {\n /** Persist an event. MUST be awaited by flows. */\n record(event: AdapterAuditEvent): Promise<void>;\n list?(filter: { userId?: string; type?: string; limit?: number }): Promise<AdapterAuditEvent[]>;\n}\n\n/* ───────────────────────── TRANSACTIONS ─────────────────────── */\n/**\n * Optional transaction primitive. When provided, multi-step writes\n * (deleteUser, signout with family revoke, password-change with session\n * revoke, sso.callback create+link) are wrapped in a transaction.\n *\n * Implementations SHOULD propagate the tx through all adapter method\n * calls invoked inside `fn` (e.g. by returning a fresh adapter bundle\n * bound to the tx, or by using async-local-storage).\n *\n * If no transaction adapter is supplied, core falls back to sequential\n * execution without atomicity.\n */\nexport interface TransactionAdapter {\n run<T>(fn: () => Promise<T>): Promise<T>;\n}\n","export * from './spec.js';\nexport * from './csrf.js';\n","import type { HoleauthConfig } from '../types/index.js';\n\nexport interface CookieSpec {\n name: string;\n value: string;\n maxAge?: number; // seconds; 0 means delete\n httpOnly: boolean;\n secure: boolean;\n sameSite: 'lax' | 'strict' | 'none';\n path: string;\n domain?: string;\n}\n\nexport type CookieName = 'access' | 'refresh' | 'csrf' | 'pending' | 'oauthState' | 'oauthPkce';\n\nexport function cookieName(cfg: HoleauthConfig, kind: CookieName): string {\n const prefix = cfg.tokens?.cookiePrefix ?? 'holeauth';\n switch (kind) {\n case 'access': return `${prefix}.at`;\n case 'refresh': return `${prefix}.rt`;\n case 'csrf': return `${prefix}.csrf`;\n case 'pending': return `${prefix}.pending`;\n case 'oauthState': return `${prefix}.oauth.state`;\n case 'oauthPkce': return `${prefix}.oauth.pkce`;\n }\n}\n\nexport function isProduction(): boolean {\n return (globalThis as { process?: { env?: { NODE_ENV?: string } } }).process?.env?.NODE_ENV === 'production';\n}\n\nexport interface BuildCookieInput {\n kind: CookieName;\n value: string;\n maxAge?: number; // seconds; 0 deletes\n /** CSRF is readable by JS — everything else is httpOnly. */\n httpOnly?: boolean;\n /** Override SameSite for the OAuth hop. */\n sameSite?: 'lax' | 'strict' | 'none';\n path?: string;\n}\n\nexport function buildCookie(cfg: HoleauthConfig, input: BuildCookieInput): CookieSpec {\n const httpOnly = input.httpOnly ?? input.kind !== 'csrf';\n const secure = cfg.tokens?.cookieSecure ?? isProduction();\n return {\n name: cookieName(cfg, input.kind),\n value: input.value,\n maxAge: input.maxAge,\n httpOnly,\n secure,\n sameSite: input.sameSite ?? cfg.tokens?.sameSite ?? 'lax',\n path: input.path ?? '/',\n domain: cfg.tokens?.cookieDomain,\n };\n}\n\n/** RFC 6265 serialisation used by Set-Cookie headers. */\nexport function serializeCookie(c: CookieSpec): string {\n const parts = [`${c.name}=${encodeURIComponent(c.value)}`];\n parts.push(`Path=${c.path}`);\n if (c.domain) parts.push(`Domain=${c.domain}`);\n if (c.maxAge !== undefined) {\n parts.push(`Max-Age=${c.maxAge}`);\n if (c.maxAge === 0) parts.push('Expires=Thu, 01 Jan 1970 00:00:00 GMT');\n }\n if (c.httpOnly) parts.push('HttpOnly');\n if (c.secure) parts.push('Secure');\n parts.push(`SameSite=${c.sameSite.charAt(0).toUpperCase()}${c.sameSite.slice(1)}`);\n return parts.join('; ');\n}\n\nexport function deleteCookie(cfg: HoleauthConfig, kind: CookieName): CookieSpec {\n return buildCookie(cfg, { kind, value: '', maxAge: 0 });\n}\n","export * from './types.js';\nexport { emit, subscribe, unsubscribe } from './emitter.js';\n","export { register } from './register.js';\nexport { signIn, issuePendingToken, verifyPendingToken } from './signin.js';\nexport { signOut } from './signout.js';\nexport { refresh } from './refresh.js';\nexport { changePassword } from './password-change.js';\nexport { requestPasswordReset, consumePasswordReset } from './password-reset.js';\nexport { updateUser, deleteUser } from './user-mutation.js';\nexport {\n createInvite,\n getInviteInfo,\n consumeInvite,\n revokeInvite,\n listInvites,\n} from './invite.js';\n","import type { HoleauthConfig } from '../types/index.js';\nimport type { AdapterUser } from '../adapters/index.js';\nimport type { HookRunner } from '../plugins/registry.js';\nimport { hash as pwHash } from '../password/index.js';\nimport { AccountConflictError, RegistrationDisabledError } from '../errors/index.js';\nimport { emit } from '../events/emitter.js';\n\nexport interface RegisterInput {\n email: string;\n password: string;\n name?: string;\n}\n\nexport async function register(\n cfg: HoleauthConfig,\n hooks: HookRunner,\n input: RegisterInput,\n): Promise<AdapterUser> {\n if (cfg.registration?.selfServe === false) {\n throw new RegistrationDisabledError();\n }\n const email = input.email.trim().toLowerCase();\n await hooks.runRegisterBefore({ email, password: input.password, name: input.name ?? null });\n\n const existing = await cfg.adapters.user.getUserByEmail(email);\n if (existing) throw new AccountConflictError('email already registered');\n\n const passwordHash = await pwHash(input.password);\n const user = await cfg.adapters.user.createUser({\n email,\n name: input.name ?? null,\n passwordHash,\n emailVerified: null,\n });\n\n await emit(cfg, { type: 'user.registered', userId: user.id, data: { email } });\n await hooks.runRegisterAfter(user);\n return user;\n}\n","import type { HoleauthConfig, SignInResult } from '../types/index.js';\nimport type { HookRunner } from '../plugins/registry.js';\nimport { verify as pwVerify } from '../password/index.js';\nimport { sign, verify as jwtVerify } from '../jwt/index.js';\nimport { issueSession } from '../session/issue.js';\nimport { CredentialsError } from '../errors/index.js';\nimport { emit } from '../events/emitter.js';\n\nexport interface SignInInput {\n email: string;\n password: string;\n ip?: string;\n userAgent?: string;\n}\n\n/**\n * Password signIn. Plugins can halt the flow via `signIn.challenge` hook\n * (e.g. to require 2FA). If any plugin challenge returns a non-null\n * result, signIn returns `kind: 'pending'` with the plugin's token.\n */\nexport async function signIn(\n cfg: HoleauthConfig,\n hooks: HookRunner,\n input: SignInInput,\n): Promise<SignInResult> {\n const email = input.email.trim().toLowerCase();\n await hooks.runSignInBefore({ email, ip: input.ip, userAgent: input.userAgent });\n\n const user = await cfg.adapters.user.getUserByEmail(email);\n if (!user || !user.passwordHash) throw new CredentialsError();\n\n const ok = await pwVerify(input.password, user.passwordHash);\n if (!ok) throw new CredentialsError();\n\n const challenge = await hooks.runSignInChallenge(user, {\n ip: input.ip,\n userAgent: input.userAgent,\n });\n if (challenge) {\n await emit(cfg, {\n type: 'user.signed_in',\n userId: user.id,\n ip: input.ip ?? null,\n userAgent: input.userAgent ?? null,\n data: { stage: 'pending', pluginId: challenge.pluginId },\n });\n return {\n kind: 'pending',\n pluginId: challenge.pluginId,\n userId: user.id,\n pendingToken: challenge.pendingToken,\n pendingExpiresAt: challenge.expiresAt,\n data: challenge.data ?? null,\n };\n }\n\n const tokens = await issueSession(cfg, {\n userId: user.id,\n ip: input.ip ?? null,\n userAgent: input.userAgent ?? null,\n });\n await emit(cfg, {\n type: 'user.signed_in',\n userId: user.id,\n sessionId: tokens.sessionId,\n ip: input.ip ?? null,\n userAgent: input.userAgent ?? null,\n data: { method: 'password' },\n });\n await hooks.runSignInAfter({ user, tokens, method: 'password' });\n return { kind: 'ok', user, tokens };\n}\n\n/**\n * Issue a short-lived pending token on behalf of a plugin challenge.\n * Plugins receive this helper via PluginContext and should use it so the\n * claim shape is consistent (`typ: 'pending', pid: <pluginId>`).\n */\nexport async function issuePendingToken(\n cfg: HoleauthConfig,\n input: { userId: string; pluginId: string; ttlSeconds?: number; extra?: Record<string, unknown> },\n): Promise<{ token: string; expiresAt: number }> {\n const ttl = input.ttlSeconds ?? cfg.tokens?.pendingTtl ?? 300;\n const now = Math.floor(Date.now() / 1000);\n const token = await sign(\n { sub: input.userId, typ: 'pending', pid: input.pluginId, ...(input.extra ?? {}) },\n cfg.secrets.jwtSecret,\n { expiresIn: `${ttl}s` },\n );\n return { token, expiresAt: (now + ttl) * 1000 };\n}\n\nexport async function verifyPendingToken(\n cfg: HoleauthConfig,\n token: string,\n expectedPluginId: string,\n): Promise<{ userId: string; extra: Record<string, unknown> }> {\n const claims = await jwtVerify<{ sub?: string; typ?: string; pid?: string } & Record<string, unknown>>(\n token,\n cfg.secrets.jwtSecret,\n );\n if (claims.typ !== 'pending' || claims.pid !== expectedPluginId || !claims.sub) {\n throw new CredentialsError('pending token invalid');\n }\n // Strip reserved claims, return remaining as `extra`.\n const { sub, typ, pid, exp, iat, nbf, jti, ...extra } = claims as Record<string, unknown> & {\n sub: string;\n typ: string;\n pid: string;\n };\n void typ; void pid; void exp; void iat; void nbf; void jti;\n return { userId: sub, extra };\n}\n","import type { HoleauthConfig } from '../types/index.js';\nimport type { HookRunner } from '../plugins/registry.js';\nimport { revokeByRefresh, revokeSession } from '../session/revoke.js';\nimport { verify } from '../jwt/index.js';\nimport { emit } from '../events/emitter.js';\n\nexport interface SignOutInput {\n accessToken?: string;\n refreshToken?: string;\n}\n\nexport async function signOut(\n cfg: HoleauthConfig,\n hooks: HookRunner,\n input: SignOutInput,\n): Promise<void> {\n let userId: string | null = null;\n let sessionId: string | null = null;\n\n if (input.refreshToken) {\n await revokeByRefresh(cfg, input.refreshToken);\n } else if (input.accessToken) {\n try {\n const p = await verify<{ sid?: string; sub?: string }>(input.accessToken, cfg.secrets.jwtSecret);\n if (p.sid) {\n sessionId = p.sid;\n userId = p.sub ?? null;\n await revokeSession(cfg, p.sid, p.sub);\n }\n } catch { /* ignore */ }\n }\n\n await emit(cfg, {\n type: 'user.signed_out',\n userId,\n sessionId,\n });\n await hooks.runSignOutAfter({ userId, sessionId });\n}\n","import type { HoleauthConfig, IssuedTokens } from '../types/index.js';\nimport type { HookRunner } from '../plugins/registry.js';\nimport { rotateRefresh } from '../session/rotate.js';\nimport { verify } from '../jwt/index.js';\n\nexport interface RefreshInput {\n refreshToken: string;\n ip?: string;\n userAgent?: string;\n}\n\nexport async function refresh(\n cfg: HoleauthConfig,\n hooks: HookRunner,\n input: RefreshInput,\n): Promise<IssuedTokens> {\n await hooks.runRefreshBefore({ ip: input.ip, userAgent: input.userAgent });\n const tokens = await rotateRefresh(cfg, input.refreshToken, {\n ip: input.ip ?? null,\n userAgent: input.userAgent ?? null,\n });\n // Extract userId from the freshly-issued access token for the hook payload.\n let userId = '';\n try {\n const p = await verify<{ sub?: string }>(tokens.accessToken, cfg.secrets.jwtSecret);\n userId = p.sub ?? '';\n } catch { /* leave blank */ }\n await hooks.runRefreshAfter({\n userId,\n sessionId: tokens.sessionId,\n tokens,\n });\n return tokens;\n}\n","import type { HoleauthConfig } from '../types/index.js';\n\n/**\n * Run `fn` inside the configured transaction, or sequentially if no\n * transaction adapter was supplied.\n */\nexport async function runInTransaction<T>(cfg: HoleauthConfig, fn: () => Promise<T>): Promise<T> {\n const tx = cfg.adapters.transaction;\n if (!tx) return fn();\n return tx.run(fn);\n}\n","import type { HoleauthConfig } from '../types/index.js';\nimport type { HookRunner } from '../plugins/registry.js';\nimport { hash as pwHash, verify as pwVerify } from '../password/index.js';\nimport { CredentialsError } from '../errors/index.js';\nimport { revokeAllForUser } from '../session/revoke.js';\nimport { emit } from '../events/emitter.js';\nimport { runInTransaction } from './tx.js';\n\nexport interface PasswordChangeInput {\n userId: string;\n currentPassword: string;\n newPassword: string;\n /** If true, revoke all other sessions after change. Default: true. */\n revokeOtherSessions?: boolean;\n}\n\nexport async function changePassword(\n cfg: HoleauthConfig,\n hooks: HookRunner,\n input: PasswordChangeInput,\n): Promise<void> {\n await hooks.runPasswordChangeBefore(input);\n\n const user = await cfg.adapters.user.getUserById(input.userId);\n if (!user || !user.passwordHash) throw new CredentialsError('user has no password');\n\n const ok = await pwVerify(input.currentPassword, user.passwordHash);\n if (!ok) throw new CredentialsError();\n\n const passwordHash = await pwHash(input.newPassword);\n await runInTransaction(cfg, async () => {\n await cfg.adapters.user.updateUser(user.id, { passwordHash });\n if (input.revokeOtherSessions !== false) {\n await revokeAllForUser(cfg, user.id);\n }\n });\n\n await emit(cfg, { type: 'user.password_changed', userId: user.id });\n await hooks.runPasswordChangeAfter({ userId: user.id });\n}\n","/**\n * Edge/runtime-agnostic base64url helpers. Avoids Node's `Buffer`.\n */\n\nconst ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';\n\nfunction enc(n: number): string {\n return ALPHABET.charAt(n & 63);\n}\n\nexport function bytesToBase64Url(bytes: Uint8Array): string {\n let out = '';\n let i = 0;\n for (; i + 3 <= bytes.length; i += 3) {\n const b0 = bytes[i] ?? 0;\n const b1 = bytes[i + 1] ?? 0;\n const b2 = bytes[i + 2] ?? 0;\n const n = (b0 << 16) | (b1 << 8) | b2;\n out += enc(n >> 18) + enc(n >> 12) + enc(n >> 6) + enc(n);\n }\n const rem = bytes.length - i;\n if (rem === 1) {\n const n = (bytes[i] ?? 0) << 16;\n out += enc(n >> 18) + enc(n >> 12);\n } else if (rem === 2) {\n const n = ((bytes[i] ?? 0) << 16) | ((bytes[i + 1] ?? 0) << 8);\n out += enc(n >> 18) + enc(n >> 12) + enc(n >> 6);\n }\n return out;\n}\n\nexport function randomBase64Url(bytes = 32): string {\n const a = new Uint8Array(bytes);\n crypto.getRandomValues(a);\n return bytesToBase64Url(a);\n}\n","import type { HoleauthConfig } from '../types/index.js';\nimport type { HookRunner } from '../plugins/registry.js';\nimport { hash as pwHash } from '../password/index.js';\nimport { CredentialsError, HoleauthError } from '../errors/index.js';\nimport { revokeAllForUser } from '../session/revoke.js';\nimport { emit } from '../events/emitter.js';\nimport { randomBase64Url } from '../utils/base64url.js';\nimport { runInTransaction } from './tx.js';\n\nconst RESET_TTL_SECONDS = 60 * 30; // 30m\n\nfunction randomToken(bytes = 32): string {\n return randomBase64Url(bytes);\n}\n\nfunction requireVerificationAdapter(cfg: HoleauthConfig) {\n const v = cfg.adapters.verificationToken;\n if (!v) {\n throw new HoleauthError(\n 'VERIFICATION_NOT_CONFIGURED',\n 'passwordReset requires adapters.verificationToken',\n 500,\n );\n }\n return v;\n}\n\n/**\n * Step 1 — issue a reset token for the given email. Always resolves\n * successfully (to avoid leaking whether the email exists). Returns the\n * token so consumer code can send it via email; in production the\n * consumer MUST NOT echo this back to the caller.\n */\nexport async function requestPasswordReset(\n cfg: HoleauthConfig,\n hooks: HookRunner,\n input: { email: string },\n): Promise<{ token?: string; userId?: string }> {\n const email = input.email.trim().toLowerCase();\n await hooks.runPasswordResetBefore({ email });\n const user = await cfg.adapters.user.getUserByEmail(email);\n if (!user) {\n // Silent no-op. Do not reveal existence.\n return {};\n }\n\n const verification = requireVerificationAdapter(cfg);\n const token = randomToken(32);\n await verification.create({\n identifier: email,\n token,\n expiresAt: new Date(Date.now() + RESET_TTL_SECONDS * 1000),\n });\n\n await emit(cfg, {\n type: 'user.password_reset_requested',\n userId: user.id,\n data: { email },\n });\n await hooks.runPasswordResetAfter({ userId: user.id, stage: 'request' });\n return { token, userId: user.id };\n}\n\nexport async function consumePasswordReset(\n cfg: HoleauthConfig,\n hooks: HookRunner,\n input: { email: string; token: string; newPassword: string },\n): Promise<void> {\n const email = input.email.trim().toLowerCase();\n await hooks.runPasswordResetBefore({ email, token: input.token, newPassword: input.newPassword });\n const verification = requireVerificationAdapter(cfg);\n const row = await verification.consume(email, input.token);\n if (!row) throw new CredentialsError('reset token invalid');\n if (row.expiresAt.getTime() < Date.now()) throw new CredentialsError('reset token expired');\n\n const user = await cfg.adapters.user.getUserByEmail(email);\n if (!user) throw new CredentialsError();\n const passwordHash = await pwHash(input.newPassword);\n await runInTransaction(cfg, async () => {\n await cfg.adapters.user.updateUser(user.id, { passwordHash });\n await revokeAllForUser(cfg, user.id);\n });\n await emit(cfg, { type: 'user.password_reset', userId: user.id });\n await hooks.runPasswordResetAfter({ userId: user.id, stage: 'consume' });\n}\n","import type { HoleauthConfig } from '../types/index.js';\nimport type { AdapterUser } from '../adapters/index.js';\nimport type { HookRunner } from '../plugins/registry.js';\nimport { revokeAllForUser } from '../session/revoke.js';\nimport { CredentialsError } from '../errors/index.js';\nimport { emit } from '../events/emitter.js';\nimport { runInTransaction } from './tx.js';\n\nexport async function updateUser(\n cfg: HoleauthConfig,\n hooks: HookRunner,\n userId: string,\n patch: Partial<AdapterUser>,\n): Promise<AdapterUser> {\n // Prevent direct password mutation through updateUser — force changePassword.\n if ('passwordHash' in patch) {\n throw new CredentialsError('use changePassword to update passwords');\n }\n const next = await cfg.adapters.user.updateUser(userId, patch);\n await emit(cfg, { type: 'user.updated', userId, data: { patch: Object.keys(patch) } });\n await hooks.runUserUpdateAfter({ user: next, patch });\n return next;\n}\n\nexport async function deleteUser(\n cfg: HoleauthConfig,\n hooks: HookRunner,\n userId: string,\n): Promise<void> {\n // Plugin cleanup runs BEFORE deleting the row so hooks can still\n // reference the user. If plugin cleanup throws, the user row is left\n // intact (caller can retry).\n await emit(cfg, { type: 'user.delete_requested', userId });\n await hooks.runUserDeleteAfter({ userId });\n await runInTransaction(cfg, async () => {\n await revokeAllForUser(cfg, userId);\n await cfg.adapters.user.deleteUser(userId);\n });\n await emit(cfg, { type: 'user.deleted', userId });\n}\n","import type {\n HoleauthConfig,\n InviteInput,\n InviteClaims,\n CreateInviteResult,\n ConsumeInviteInput,\n ConsumeInviteResult,\n InviteListEntry,\n} from '../types/index.js';\nimport type { HookRunner } from '../plugins/registry.js';\nimport {\n HoleauthError,\n AccountConflictError,\n CredentialsError,\n NotSupportedError,\n} from '../errors/index.js';\nimport { hash as pwHash } from '../password/index.js';\nimport { sign, verify } from '../jwt/index.js';\nimport { sha256b64url } from '../session/hash.js';\nimport { randomBase64Url } from '../utils/base64url.js';\nimport { issueSession } from '../session/issue.js';\nimport { emit } from '../events/emitter.js';\nimport type { JWTPayload } from 'jose';\n\nconst INVITE_PREFIX = 'invite:';\nconst TOKEN_TYPE = 'invite';\n\ninterface RawInviteJWT extends JWTPayload {\n sub?: string;\n name?: string | null;\n gid?: string[];\n by?: string | null;\n meta?: Record<string, unknown> | null;\n typ?: string;\n exp?: number;\n jti?: string;\n}\n\nfunction requireVerification(cfg: HoleauthConfig) {\n const v = cfg.adapters.verificationToken;\n if (!v) {\n throw new HoleauthError(\n 'VERIFICATION_NOT_CONFIGURED',\n 'invites require adapters.verificationToken',\n 500,\n );\n }\n return v;\n}\n\nfunction buildIdentifier(email: string): string {\n const rand = randomBase64Url(9);\n return `${INVITE_PREFIX}${email}:${rand}`;\n}\n\nfunction parseIdentifier(identifier: string): { email: string } | null {\n if (!identifier.startsWith(INVITE_PREFIX)) return null;\n const rest = identifier.slice(INVITE_PREFIX.length);\n const lastColon = rest.lastIndexOf(':');\n if (lastColon < 0) return null;\n return { email: rest.slice(0, lastColon) };\n}\n\nexport async function createInvite(\n cfg: HoleauthConfig,\n _hooks: HookRunner,\n input: InviteInput,\n): Promise<CreateInviteResult> {\n const email = input.email.trim().toLowerCase();\n if (!email.includes('@')) {\n throw new HoleauthError('INVALID_EMAIL', 'invalid email', 400);\n }\n const existing = await cfg.adapters.user.getUserByEmail(email);\n if (existing) {\n throw new AccountConflictError('user with this email already exists');\n }\n\n const ttl = input.ttlSeconds ?? cfg.registration?.inviteTtlSeconds;\n if (!ttl || ttl <= 0) {\n throw new HoleauthError(\n 'TTL_REQUIRED',\n 'invite TTL is required (set input.ttlSeconds or config.registration.inviteTtlSeconds)',\n 400,\n );\n }\n\n const verification = requireVerification(cfg);\n const identifier = buildIdentifier(email);\n const expSeconds = Math.floor(Date.now() / 1000) + ttl;\n const expiresAt = new Date(expSeconds * 1000);\n\n const token = await sign(\n {\n sub: email,\n name: input.name ?? null,\n gid: input.groupIds ?? [],\n by: input.invitedBy ?? null,\n meta: input.metadata ?? null,\n typ: TOKEN_TYPE,\n },\n cfg.secrets.jwtSecret,\n { expiresIn: `${ttl}s`, jti: identifier, subject: email },\n );\n\n const tokenHash = await sha256b64url(token);\n await verification.create({ identifier, token: tokenHash, expiresAt });\n\n const url = cfg.registration?.inviteUrl?.({ token, email }) ?? undefined;\n\n await emit(cfg, {\n type: 'user.invited',\n userId: input.invitedBy ?? null,\n data: { email, identifier, groupIds: input.groupIds ?? [] },\n });\n\n return { token, url, identifier, expiresAt: expSeconds * 1000 };\n}\n\nasync function decodeInvite(cfg: HoleauthConfig, token: string): Promise<InviteClaims> {\n const claims = await verify<RawInviteJWT>(token, cfg.secrets.jwtSecret);\n if (claims.typ !== TOKEN_TYPE) {\n throw new CredentialsError('not an invite token');\n }\n if (!claims.sub || !claims.jti) {\n throw new CredentialsError('invite token missing claims');\n }\n return {\n email: claims.sub,\n name: claims.name ?? null,\n groupIds: claims.gid ?? [],\n invitedBy: claims.by ?? null,\n metadata: claims.meta ?? null,\n expiresAt: (claims.exp ?? 0) * 1000,\n identifier: claims.jti,\n };\n}\n\nexport async function getInviteInfo(\n cfg: HoleauthConfig,\n input: { token: string },\n): Promise<InviteClaims> {\n return decodeInvite(cfg, input.token);\n}\n\nexport async function consumeInvite(\n cfg: HoleauthConfig,\n hooks: HookRunner,\n input: ConsumeInviteInput,\n): Promise<ConsumeInviteResult> {\n const claims = await decodeInvite(cfg, input.token);\n const email = claims.email.trim().toLowerCase();\n\n const verification = requireVerification(cfg);\n const tokenHash = await sha256b64url(input.token);\n const row = await verification.consume(claims.identifier, tokenHash);\n if (!row) throw new CredentialsError('invite invalid or already used');\n if (row.expiresAt.getTime() < Date.now()) {\n throw new CredentialsError('invite expired');\n }\n\n await hooks.runRegisterBefore({\n email,\n password: input.password,\n name: input.name ?? claims.name ?? null,\n });\n\n const existing = await cfg.adapters.user.getUserByEmail(email);\n if (existing) throw new AccountConflictError('email already registered');\n\n const passwordHash = await pwHash(input.password);\n const user = await cfg.adapters.user.createUser({\n email,\n name: input.name ?? claims.name ?? null,\n passwordHash,\n emailVerified: new Date(),\n });\n\n await emit(cfg, { type: 'user.registered', userId: user.id, data: { email, via: 'invite' } });\n await emit(cfg, {\n type: 'user.invite_consumed',\n userId: user.id,\n data: {\n email,\n identifier: claims.identifier,\n groupIds: claims.groupIds ?? [],\n invitedBy: claims.invitedBy ?? null,\n metadata: claims.metadata ?? null,\n },\n });\n await hooks.runRegisterAfter(user);\n\n let tokens;\n if (input.autoSignIn) {\n tokens = await issueSession(cfg, {\n userId: user.id,\n ip: input.ip ?? null,\n userAgent: input.userAgent ?? null,\n });\n await emit(cfg, {\n type: 'user.signed_in',\n userId: user.id,\n sessionId: tokens.sessionId,\n ip: input.ip ?? null,\n userAgent: input.userAgent ?? null,\n data: { method: 'invite' },\n });\n }\n\n return { user, tokens, groupIds: claims.groupIds ?? [] };\n}\n\nexport async function revokeInvite(\n cfg: HoleauthConfig,\n input: { identifier: string },\n): Promise<void> {\n const verification = requireVerification(cfg);\n if (!verification.deleteByIdentifier) {\n throw new NotSupportedError('verificationToken adapter does not support deleteByIdentifier');\n }\n await verification.deleteByIdentifier(input.identifier);\n await emit(cfg, {\n type: 'user.invite_revoked',\n data: { identifier: input.identifier },\n });\n}\n\nexport async function listInvites(cfg: HoleauthConfig): Promise<InviteListEntry[]> {\n const verification = requireVerification(cfg);\n if (!verification.listByIdentifierPrefix) {\n throw new NotSupportedError(\n 'verificationToken adapter does not support listByIdentifierPrefix',\n );\n }\n const rows = await verification.listByIdentifierPrefix(INVITE_PREFIX);\n const out: InviteListEntry[] = [];\n for (const r of rows) {\n const parsed = parseIdentifier(r.identifier);\n if (!parsed) continue;\n out.push({\n identifier: r.identifier,\n email: parsed.email,\n expiresAt: r.expiresAt.getTime(),\n });\n }\n return out;\n}\n","export { definePlugin } from './define.js';\nexport { buildRegistry, emptyRegistry, runOnInit } from './registry.js';\nexport type {\n HoleauthPlugin,\n PluginsApi,\n HoleauthHooks,\n PluginContext,\n PluginRoute,\n PluginRouteContext,\n PluginEvents,\n PluginLogger,\n PluginCoreSurface,\n ChallengeResult,\n RegisterHookInput,\n PasswordChangeHookInput,\n PasswordResetHookInput,\n SessionIssueHookData,\n SessionRotateHookData,\n SessionRevokeHookData,\n} from './types.js';\nexport type { PluginRegistry, HookRunner } from './registry.js';\n","import type { HoleauthPlugin, PluginContext } from './types.js';\n\n/**\n * Identity helper that preserves the literal `id` on the plugin type so\n * `PluginsApi<Plugins>` can index by it with full type safety.\n *\n * Usage:\n * export const twofa = () => definePlugin({\n * id: 'twofa' as const,\n * api: (ctx) => ({ setup(userId) { ... } }),\n * });\n */\nexport function definePlugin<const P extends HoleauthPlugin<string, unknown>>(p: P): P {\n return p;\n}\n\nexport type { HoleauthPlugin, PluginContext } from './types.js';\n","import type { HoleauthConfig, IssuedTokens, SignInResult } from '../types/index.js';\nimport type { AdapterUser } from '../adapters/index.js';\nimport type { HoleauthEvent } from '../events/types.js';\nimport type {\n HoleauthPlugin,\n PluginContext,\n PluginEvents,\n PluginLogger,\n PluginRoute,\n HoleauthHooks,\n ChallengeResult,\n} from './types.js';\nimport { emit, subscribe, unsubscribe } from '../events/emitter.js';\nimport { issueSession } from '../session/issue.js';\nimport { revokeSession as coreRevokeSession } from '../session/revoke.js';\n\n/**\n * Canonical list of paths handled directly by core in @holeauth/nextjs'\n * dispatcher. Exported so framework bindings and plugin route validation\n * share a single source of truth.\n */\nexport const CORE_ROUTE_PATHS: ReadonlySet<string> = new Set<string>([\n 'GET /session',\n 'GET /csrf',\n 'GET /authorize/:provider',\n 'GET /callback/:provider',\n 'POST /register',\n 'POST /signin',\n 'POST /signout',\n 'POST /refresh',\n 'POST /password/change',\n 'POST /password/reset/request',\n 'POST /password/reset/consume',\n 'GET /invite/info',\n 'GET /invite/list',\n 'POST /invite/create',\n 'POST /invite/consume',\n 'POST /invite/revoke',\n]);\n\nexport interface PluginRegistry {\n /** All registered plugins, topo-sorted by dependsOn. */\n readonly plugins: readonly HoleauthPlugin[];\n /** Map of plugin id → ReturnType<plugin.api>. */\n readonly api: Record<string, unknown>;\n /** All collected routes (in plugin load order). */\n readonly routes: readonly PluginRoute[];\n /** Hook runner helpers, closed over the sorted plugin list. */\n readonly hooks: HookRunner;\n readonly ctx: PluginContext;\n}\n\nexport interface HookRunner {\n runRegisterBefore(input: { email: string; password: string; name?: string | null }): Promise<void>;\n runRegisterAfter(user: AdapterUser): Promise<void>;\n runSignInBefore(input: { email: string; ip?: string; userAgent?: string }): Promise<void>;\n runSignInChallenge(\n user: AdapterUser,\n input: { ip?: string; userAgent?: string },\n ): Promise<ChallengeResult | null>;\n runSignInAfter(data: {\n user: AdapterUser;\n tokens: IssuedTokens;\n method: string;\n }): Promise<void>;\n runSignOutAfter(data: { userId: string | null; sessionId: string | null }): Promise<void>;\n runRefreshBefore(input: { ip?: string; userAgent?: string }): Promise<void>;\n runRefreshAfter(data: { userId: string; sessionId: string; tokens: IssuedTokens }): Promise<void>;\n runPasswordChangeBefore(input: { userId: string; currentPassword: string; newPassword: string }): Promise<void>;\n runPasswordChangeAfter(data: { userId: string }): Promise<void>;\n runPasswordResetBefore(input: { email: string; token?: string; newPassword?: string }): Promise<void>;\n runPasswordResetAfter(data: { userId: string; stage: 'request' | 'consume' }): Promise<void>;\n runUserUpdateAfter(data: { user: AdapterUser; patch: Partial<AdapterUser> }): Promise<void>;\n runUserDeleteAfter(data: { userId: string }): Promise<void>;\n runSessionIssue(data: { userId: string; sessionId: string; familyId: string }): Promise<void>;\n runSessionRotate(data: { userId: string; sessionId: string; familyId: string }): Promise<void>;\n runSessionRevoke(data: { userId: string | null; sessionId: string | null; scope?: 'all' }): Promise<void>;\n}\n\nfunction defaultLogger(cfg: HoleauthConfig): PluginLogger {\n const prefix = '[holeauth]';\n const silent = cfg.logger?.silent === true;\n return {\n debug: silent ? () => {} : (m, d) => console.debug(prefix, m, d ?? ''),\n info: silent ? () => {} : (m, d) => console.info(prefix, m, d ?? ''),\n warn: (m, d) => console.warn(prefix, m, d ?? ''),\n error: (m, e) => console.error(prefix, m, e ?? ''),\n };\n}\n\n/** Kahn's algorithm — throws on cycles / missing deps. */\nfunction topoSort(plugins: readonly HoleauthPlugin[]): HoleauthPlugin[] {\n const byId = new Map<string, HoleauthPlugin>();\n for (const p of plugins) {\n if (byId.has(p.id)) throw new Error(`holeauth: duplicate plugin id \"${p.id}\"`);\n byId.set(p.id, p);\n }\n const inDeg = new Map<string, number>();\n const dependents = new Map<string, string[]>();\n for (const p of plugins) {\n inDeg.set(p.id, 0);\n dependents.set(p.id, []);\n }\n for (const p of plugins) {\n for (const dep of p.dependsOn ?? []) {\n if (!byId.has(dep)) {\n throw new Error(`holeauth: plugin \"${p.id}\" depends on missing plugin \"${dep}\"`);\n }\n inDeg.set(p.id, (inDeg.get(p.id) ?? 0) + 1);\n dependents.get(dep)!.push(p.id);\n }\n }\n const queue: string[] = [];\n for (const [id, d] of inDeg) if (d === 0) queue.push(id);\n const sorted: HoleauthPlugin[] = [];\n while (queue.length) {\n const id = queue.shift()!;\n sorted.push(byId.get(id)!);\n for (const dep of dependents.get(id) ?? []) {\n const next = (inDeg.get(dep) ?? 0) - 1;\n inDeg.set(dep, next);\n if (next === 0) queue.push(dep);\n }\n }\n if (sorted.length !== plugins.length) {\n throw new Error('holeauth: plugin dependsOn graph has a cycle');\n }\n return sorted;\n}\n\nfunction buildPluginEvents(cfg: HoleauthConfig): PluginEvents {\n return {\n on(type, handler) {\n return subscribe(cfg, type, handler);\n },\n off(type, handler) {\n unsubscribe(cfg, type, handler);\n },\n async emit(e) {\n await emit(cfg, e);\n },\n };\n}\n\nfunction routeKey(r: PluginRoute): string {\n return `${r.method} ${r.path}`;\n}\n\nfunction validatePluginRoutes(plugins: readonly HoleauthPlugin[]): PluginRoute[] {\n const seen = new Map<string, string>();\n const out: PluginRoute[] = [];\n for (const p of plugins) {\n for (const r of p.routes ?? []) {\n if (!r.path.startsWith('/')) {\n throw new Error(\n `holeauth: plugin \"${p.id}\" declared route with invalid path \"${r.path}\" (must start with '/')`,\n );\n }\n const key = routeKey(r);\n if (CORE_ROUTE_PATHS.has(key)) {\n throw new Error(\n `holeauth: plugin \"${p.id}\" route ${key} conflicts with a core route`,\n );\n }\n const prev = seen.get(key);\n if (prev) {\n throw new Error(\n `holeauth: plugin \"${p.id}\" route ${key} conflicts with plugin \"${prev}\"`,\n );\n }\n seen.set(key, p.id);\n out.push(r);\n }\n }\n return out;\n}\n\n/* ─────────────────────── Hook runner factory ─────────────────────── */\n\nfunction makeHookRunner(\n plugins: readonly HoleauthPlugin[],\n ctx: PluginContext,\n): HookRunner {\n const logger = ctx.logger;\n\n async function runAfter<T>(\n label: string,\n fns: Array<(data: unknown, ctx: PluginContext) => Promise<void> | void>,\n data: T,\n ): Promise<void> {\n for (const fn of fns) {\n try {\n await fn(data, ctx);\n } catch (err) {\n logger.error(`hook ${label} threw`, err);\n // Fire-and-forget event so observers can surface it.\n void ctx.events\n .emit({\n type: 'plugin.error',\n data: { hook: label, error: String((err as Error)?.message ?? err) },\n })\n .catch(() => {});\n }\n }\n }\n\n async function runBefore<T>(\n fns: Array<(input: unknown, ctx: PluginContext) => Promise<void> | void>,\n input: T,\n ): Promise<void> {\n // `before` hooks may throw to abort — propagate.\n for (const fn of fns) await fn(input, ctx);\n }\n\n // Collect per-hook function lists up-front for fast dispatch.\n const pick = <K extends keyof HoleauthHooks, S extends string>(\n group: K,\n slot: S,\n ): Array<(arg: unknown, ctx: PluginContext) => Promise<void> | void> =>\n plugins\n .map((p) => {\n const g = p.hooks?.[group] as Record<string, unknown> | undefined;\n return g?.[slot] as ((arg: unknown, ctx: PluginContext) => Promise<void> | void) | undefined;\n })\n .filter((x): x is (arg: unknown, ctx: PluginContext) => Promise<void> | void => !!x);\n\n const regBefore = pick('register', 'before');\n const regAfter = pick('register', 'after');\n const siBefore = pick('signIn', 'before');\n const siChallenge = plugins\n .map((p) => ({ id: p.id, fn: p.hooks?.signIn?.challenge }))\n .filter((x): x is { id: string; fn: NonNullable<NonNullable<HoleauthHooks['signIn']>['challenge']> } => !!x.fn);\n const siAfter = pick('signIn', 'after');\n const soAfter = pick('signOut', 'after');\n const rfBefore = pick('refresh', 'before');\n const rfAfter = pick('refresh', 'after');\n const pcBefore = pick('passwordChange', 'before');\n const pcAfter = pick('passwordChange', 'after');\n const prBefore = pick('passwordReset', 'before');\n const prAfter = pick('passwordReset', 'after');\n const uuAfter = pick('userUpdate', 'after');\n const udAfter = pick('userDelete', 'after');\n const seIssue = pick('session', 'onIssue');\n const seRotate = pick('session', 'onRotate');\n const seRevoke = pick('session', 'onRevoke');\n\n return {\n runRegisterBefore: (i) => runBefore(regBefore, i),\n runRegisterAfter: (u) => runAfter('register.after', regAfter, u),\n runSignInBefore: (i) => runBefore(siBefore, i),\n async runSignInChallenge(user, input) {\n let winner: ChallengeResult | null = null;\n for (const { id, fn } of siChallenge) {\n let result: ChallengeResult | null;\n try {\n result = (await fn(user, input, ctx)) ?? null;\n } catch (err) {\n logger.error(`signIn.challenge[${id}] threw`, err);\n continue;\n }\n if (!result) continue;\n if (result.pluginId !== id) {\n logger.warn(\n `signIn.challenge[${id}] returned pluginId=\"${result.pluginId}\"; forcing \"${id}\"`,\n );\n result.pluginId = id;\n }\n if (winner) {\n logger.warn(\n `multiple signIn.challenge winners — using first (\"${winner.pluginId}\"), ignoring \"${result.pluginId}\"`,\n );\n continue;\n }\n winner = result;\n }\n return winner;\n },\n runSignInAfter: (d) => runAfter('signIn.after', siAfter, d),\n runSignOutAfter: (d) => runAfter('signOut.after', soAfter, d),\n runRefreshBefore: (i) => runBefore(rfBefore, i),\n runRefreshAfter: (d) => runAfter('refresh.after', rfAfter, d),\n runPasswordChangeBefore: (i) => runBefore(pcBefore, i),\n runPasswordChangeAfter: (d) => runAfter('passwordChange.after', pcAfter, d),\n runPasswordResetBefore: (i) => runBefore(prBefore, i),\n runPasswordResetAfter: (d) => runAfter('passwordReset.after', prAfter, d),\n runUserUpdateAfter: (d) => runAfter('userUpdate.after', uuAfter, d),\n runUserDeleteAfter: (d) => runAfter('userDelete.after', udAfter, d),\n runSessionIssue: (d) => runAfter('session.onIssue', seIssue, d),\n runSessionRotate: (d) => runAfter('session.onRotate', seRotate, d),\n runSessionRevoke: (d) => runAfter('session.onRevoke', seRevoke, d),\n };\n}\n\n/* ──────────────────────── Core surface factory ──────────────────────── */\n\nfunction makeCoreSurface(\n cfg: HoleauthConfig,\n getHooks: () => HookRunner,\n): PluginContext['core'] {\n return {\n getUserById: (id) => cfg.adapters.user.getUserById(id),\n getUserByEmail: (email) => cfg.adapters.user.getUserByEmail(email),\n async issueSession(input) {\n return issueSession(cfg, {\n userId: input.userId,\n ip: input.ip ?? null,\n userAgent: input.userAgent ?? null,\n });\n },\n async revokeSession(sessionId, userId) {\n return coreRevokeSession(cfg, sessionId, userId);\n },\n async completeSignIn(userId, input) {\n const user = await cfg.adapters.user.getUserById(userId);\n if (!user) throw new Error('completeSignIn: user not found');\n const tokens = await issueSession(cfg, {\n userId: user.id,\n ip: input.ip ?? null,\n userAgent: input.userAgent ?? null,\n });\n await emit(cfg, {\n type: 'user.signed_in',\n userId: user.id,\n sessionId: tokens.sessionId,\n ip: input.ip ?? null,\n userAgent: input.userAgent ?? null,\n data: { method: input.method },\n });\n await getHooks().runSignInAfter({ user, tokens, method: input.method });\n return { user, tokens };\n },\n async issueSignInResult(user, input): Promise<SignInResult> {\n const tokens = await issueSession(cfg, {\n userId: user.id,\n ip: input.ip ?? null,\n userAgent: input.userAgent ?? null,\n });\n return { kind: 'ok', user, tokens };\n },\n };\n}\n\n/* ─────────────────────────── Build registry ─────────────────────────── */\n\n/**\n * Build a PluginRegistry from the given plugin list. Throws on:\n * - duplicate ids\n * - missing `dependsOn` targets\n * - dependency cycles\n * - route collisions with core or other plugins\n */\nexport function buildRegistry(\n cfg: HoleauthConfig,\n rawPlugins: readonly HoleauthPlugin[] = [],\n): PluginRegistry {\n const plugins = topoSort(rawPlugins);\n const routes = validatePluginRoutes(plugins);\n\n const apiMap: Record<string, unknown> = {};\n // Build a late-binding context so plugins can call getPlugin() on each\n // other once all apis are wired. We seed `hooks` with a lazy getter too\n // so the core surface can invoke hooks from within completeSignIn.\n let hookRunner!: HookRunner;\n\n const ctx: PluginContext = {\n config: cfg,\n events: buildPluginEvents(cfg),\n logger: defaultLogger(cfg),\n core: makeCoreSurface(cfg, () => hookRunner),\n getPlugin<T = unknown>(id: string): T {\n const v = apiMap[id];\n if (v === undefined) throw new Error(`holeauth: plugin \"${id}\" not registered`);\n return v as T;\n },\n getPluginAdapter<T = unknown>(id: string): T | undefined {\n return cfg.pluginAdapters?.[id] as T | undefined;\n },\n };\n\n // Wire each plugin's api (hooks run later via runner). Ordered by topo sort.\n for (const p of plugins) {\n apiMap[p.id] = p.api(ctx);\n }\n hookRunner = makeHookRunner(plugins, ctx);\n\n return {\n plugins,\n api: apiMap,\n routes,\n hooks: hookRunner,\n ctx,\n };\n}\n\n/** No-op registry for when no plugins are supplied. */\nexport function emptyRegistry(cfg: HoleauthConfig): PluginRegistry {\n return buildRegistry(cfg, []);\n}\n\nexport async function runOnInit(registry: PluginRegistry): Promise<void> {\n for (const p of registry.plugins) {\n if (p.onInit) await p.onInit(registry.ctx);\n }\n}\n\nexport type { HoleauthEvent };\n","import type {\n HoleauthConfig,\n HoleauthInstance,\n SignInResult,\n IssuedTokens,\n SessionData,\n} from './types/index.js';\nimport type { AdapterUser } from './adapters/index.js';\nimport * as flows from './flows/index.js';\nimport * as sessionMod from './session/index.js';\nimport * as ssoMod from './sso/index.js';\nimport type { HoleauthPlugin, PluginsApi } from './plugins/types.js';\nimport { buildRegistry, runOnInit, type PluginRegistry } from './plugins/registry.js';\nimport { attachHookRunner } from './plugins/runner-ref.js';\n\nconst REGISTRY_KEY: unique symbol = Symbol.for('holeauth.registry');\n\n/** Framework-binding helper (not part of the public API surface). */\nexport const INTERNAL_REGISTRY_KEY = REGISTRY_KEY;\n\n/** Internal: retrieve the registry attached to an instance. */\nexport function getRegistry(instance: HoleauthInstance): PluginRegistry {\n const r = (instance as unknown as Record<symbol, PluginRegistry | undefined>)[REGISTRY_KEY];\n if (!r) throw new Error('holeauth: instance has no plugin registry attached');\n return r;\n}\n\n/**\n * defineHoleauth — primary factory.\n *\n * @example\n * ```ts\n * const auth = defineHoleauth({\n * adapters: { … },\n * secrets: { jwtSecret },\n * plugins: [twofa(), rbac({ file: './holeauth.rbac.yml' })] as const,\n * });\n * auth.twofa.setup(userId); // inferred\n * auth.rbac.can(userId, 'users.edit'); // inferred\n * ```\n */\nexport function defineHoleauth<\n const Plugins extends readonly HoleauthPlugin<string, unknown>[] = [],\n>(\n config: HoleauthConfig & { plugins?: Plugins },\n): HoleauthInstance & PluginsApi<Plugins> {\n const registry = buildRegistry(config, config.plugins ?? []);\n attachHookRunner(config, registry.hooks);\n\n const instance: HoleauthInstance = {\n config,\n register(input): Promise<AdapterUser> {\n return flows.register(config, registry.hooks, input);\n },\n signIn(input): Promise<SignInResult> {\n return flows.signIn(config, registry.hooks, input);\n },\n signOut(input): Promise<void> {\n return flows.signOut(config, registry.hooks, input);\n },\n refresh(input): Promise<IssuedTokens> {\n return flows.refresh(config, registry.hooks, input);\n },\n async getSession(accessToken?: string): Promise<SessionData | null> {\n if (!accessToken) return null;\n return sessionMod.validateSession(config, accessToken);\n },\n changePassword(input) {\n return flows.changePassword(config, registry.hooks, input);\n },\n requestPasswordReset(input) {\n return flows.requestPasswordReset(config, registry.hooks, input);\n },\n consumePasswordReset(input) {\n return flows.consumePasswordReset(config, registry.hooks, input);\n },\n updateUser(userId, patch) {\n return flows.updateUser(config, registry.hooks, userId, patch);\n },\n deleteUser(userId) {\n return flows.deleteUser(config, registry.hooks, userId);\n },\n createInvite(input) {\n return flows.createInvite(config, registry.hooks, input);\n },\n getInviteInfo(input) {\n return flows.getInviteInfo(config, input);\n },\n consumeInvite(input) {\n return flows.consumeInvite(config, registry.hooks, input);\n },\n revokeInvite(input) {\n return flows.revokeInvite(config, input);\n },\n listInvites() {\n return flows.listInvites(config);\n },\n sso: {\n authorize: (providerId) => ssoMod.authorize(config, providerId),\n callback: (providerId, input) => ssoMod.callback(config, providerId, input),\n },\n };\n\n // Merge plugin api surfaces at their ids.\n const merged = { ...instance, ...registry.api } as HoleauthInstance & PluginsApi<Plugins>;\n Object.defineProperty(merged, REGISTRY_KEY, {\n value: registry,\n enumerable: false,\n configurable: false,\n writable: false,\n });\n\n // Fire onInit hooks without blocking the factory — plugin authors are\n // expected to tolerate calls made before onInit resolves. Errors are\n // logged via the registry's logger surface.\n void runOnInit(registry).catch((err) => {\n registry.ctx.logger.error('plugin.onInit failed', err);\n });\n\n return merged;\n}\n"]}
package/dist/jwt/index.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import 'jose';
2
+ export { S as SignOptions, d as decode, s as sign, v as verify } from '../index-CjEXpqaW.js';
package/dist/jwt/index.js ADDED
@@ -0,0 +1,53 @@
1
+ import { SignJWT, jwtVerify, decodeJwt } from 'jose';
2
+
3
+ // src/jwt/index.ts
4
+
5
+ // src/errors/index.ts
6
+ var HoleauthError = class extends Error {
7
+ code;
8
+ status;
9
+ constructor(code, message, status = 400) {
10
+ super(message);
11
+ this.name = "HoleauthError";
12
+ this.code = code;
13
+ this.status = status;
14
+ }
15
+ };
16
+ var InvalidTokenError = class extends HoleauthError {
17
+ constructor(message = "Invalid token") {
18
+ super("INVALID_TOKEN", message, 401);
19
+ }
20
+ };
21
+
22
+ // src/jwt/index.ts
23
+ function toKey(secret) {
24
+ return typeof secret === "string" ? new TextEncoder().encode(secret) : secret;
25
+ }
26
+ async function sign(payload, secret, opts = {}) {
27
+ const jwt = new SignJWT(payload).setProtectedHeader({ alg: "HS256" }).setIssuedAt();
28
+ if (opts.issuer) jwt.setIssuer(opts.issuer);
29
+ if (opts.audience) jwt.setAudience(opts.audience);
30
+ if (opts.subject) jwt.setSubject(opts.subject);
31
+ if (opts.jti) jwt.setJti(opts.jti);
32
+ if (opts.expiresIn !== void 0) jwt.setExpirationTime(opts.expiresIn);
33
+ return jwt.sign(toKey(secret));
34
+ }
35
+ async function verify(token, secret) {
36
+ try {
37
+ const { payload } = await jwtVerify(token, toKey(secret));
38
+ return payload;
39
+ } catch (e) {
40
+ throw new InvalidTokenError(e.message);
41
+ }
42
+ }
43
+ function decode(token) {
44
+ try {
45
+ return decodeJwt(token);
46
+ } catch (e) {
47
+ throw new InvalidTokenError(e.message);
48
+ }
49
+ }
50
+
51
+ export { decode, sign, verify };
52
+ //# sourceMappingURL=index.js.map
53
+ //# sourceMappingURL=index.js.map
package/dist/jwt/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../src/errors/index.ts","../../src/jwt/index.ts"],"names":[],"mappings":";;;;;AAAO,IAAM,aAAA,GAAN,cAA4B,KAAA,CAAM;AAAA,EAC9B,IAAA;AAAA,EACA,MAAA;AAAA,EACT,WAAA,CAAY,IAAA,EAAc,OAAA,EAAiB,MAAA,GAAS,GAAA,EAAK;AACvD,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,eAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AACF,CAAA;AACO,IAAM,iBAAA,GAAN,cAAgC,aAAA,CAAc;AAAA,EACnD,WAAA,CAAY,UAAU,eAAA,EAAiB;AAAE,IAAA,KAAA,CAAM,eAAA,EAAiB,SAAS,GAAG,CAAA;AAAA,EAAG;AACjF,CAAA;;;ACTA,SAAS,MAAM,MAAA,EAAyC;AACtD,EAAA,OAAO,OAAO,WAAW,QAAA,GAAW,IAAI,aAAY,CAAE,MAAA,CAAO,MAAM,CAAA,GAAI,MAAA;AACzE;AAUA,eAAsB,IAAA,CACpB,OAAA,EACA,MAAA,EACA,IAAA,GAAoB,EAAC,EACJ;AACjB,EAAA,MAAM,GAAA,GAAM,IAAI,OAAA,CAAQ,OAAO,CAAA,CAAE,kBAAA,CAAmB,EAAE,GAAA,EAAK,OAAA,EAAS,CAAA,CAAE,WAAA,EAAY;AAClF,EAAA,IAAI,IAAA,CAAK,MAAA,EAAQ,GAAA,CAAI,SAAA,CAAU,KAAK,MAAM,CAAA;AAC1C,EAAA,IAAI,IAAA,CAAK,QAAA,EAAU,GAAA,CAAI,WAAA,CAAY,KAAK,QAAQ,CAAA;AAChD,EAAA,IAAI,IAAA,CAAK,OAAA,EAAS,GAAA,CAAI,UAAA,CAAW,KAAK,OAAO,CAAA;AAC7C,EAAA,IAAI,IAAA,CAAK,GAAA,EAAK,GAAA,CAAI,MAAA,CAAO,KAAK,GAAG,CAAA;AACjC,EAAA,IAAI,KAAK,SAAA,KAAc,MAAA,EAAW,GAAA,CAAI,iBAAA,CAAkB,KAAK,SAAS,CAAA;AACtE,EAAA,OAAO,GAAA,CAAI,IAAA,CAAK,KAAA,CAAM,MAAM,CAAC,CAAA;AAC/B;AAEA,eAAsB,MAAA,CACpB,OACA,MAAA,EACY;AACZ,EAAA,IAAI;AACF,IAAA,MAAM,EAAE,SAAQ,GAAI,MAAM,UAAU,KAAA,EAAO,KAAA,CAAM,MAAM,CAAC,CAAA;AACxD,IAAA,OAAO,OAAA;AAAA,EACT,SAAS,CAAA,EAAG;AACV,IAAA,MAAM,IAAI,iBAAA,CAAmB,CAAA,CAAY,OAAO,CAAA;AAAA,EAClD;AACF;AAEO,SAAS,OAA0C,KAAA,EAAkB;AAC1E,EAAA,IAAI;AACF,IAAA,OAAO,UAAU,KAAK,CAAA;AAAA,EACxB,SAAS,CAAA,EAAG;AACV,IAAA,MAAM,IAAI,iBAAA,CAAmB,CAAA,CAAY,OAAO,CAAA;AAAA,EAClD;AACF","file":"index.js","sourcesContent":["export class HoleauthError extends Error {\n readonly code: string;\n readonly status: number;\n constructor(code: string, message: string, status = 400) {\n super(message);\n this.name = 'HoleauthError';\n this.code = code;\n this.status = status;\n }\n}\nexport class InvalidTokenError extends HoleauthError {\n constructor(message = 'Invalid token') { super('INVALID_TOKEN', message, 401); }\n}\nexport class SessionExpiredError extends HoleauthError {\n constructor(message = 'Session expired') { super('SESSION_EXPIRED', message, 401); }\n}\nexport class AdapterError extends HoleauthError {\n constructor(message = 'Adapter error') { super('ADAPTER_ERROR', message, 500); }\n}\nexport class ProviderError extends HoleauthError {\n constructor(message = 'Provider error') { super('PROVIDER_ERROR', message, 502); }\n}\nexport class CsrfError extends HoleauthError {\n constructor(message = 'CSRF validation failed') { super('CSRF_FAILED', message, 403); }\n}\nexport class CredentialsError extends HoleauthError {\n constructor(message = 'Invalid credentials') { super('INVALID_CREDENTIALS', message, 401); }\n}\nexport class AccountConflictError extends HoleauthError {\n constructor(message = 'Account conflict') { super('ACCOUNT_CONFLICT', message, 409); }\n}\nexport class RefreshReuseError extends HoleauthError {\n constructor(message = 'Refresh token reuse detected') { super('REFRESH_REUSE', message, 401); }\n}\nexport class PendingChallengeError extends HoleauthError {\n constructor(message = 'Pending challenge required') { super('PENDING_CHALLENGE', message, 401); }\n}\nexport class RegistrationDisabledError extends HoleauthError {\n constructor(message = 'Self-registration is disabled') { super('REGISTRATION_DISABLED', message, 403); }\n}\nexport class NotSupportedError extends HoleauthError {\n constructor(message = 'Operation not supported by adapter') { super('NOT_SUPPORTED', message, 501); }\n}\n","import { SignJWT, jwtVerify, decodeJwt, type JWTPayload } from 'jose';\nimport { InvalidTokenError } from '../errors/index.js';\n\nfunction toKey(secret: string | Uint8Array): Uint8Array {\n return typeof secret === 'string' ? new TextEncoder().encode(secret) : secret;\n}\n\nexport interface SignOptions {\n issuer?: string;\n audience?: string;\n subject?: string;\n expiresIn?: string | number; // e.g. '15m' or seconds\n jti?: string;\n}\n\nexport async function sign(\n payload: JWTPayload,\n secret: string | Uint8Array,\n opts: SignOptions = {},\n): Promise<string> {\n const jwt = new SignJWT(payload).setProtectedHeader({ alg: 'HS256' }).setIssuedAt();\n if (opts.issuer) jwt.setIssuer(opts.issuer);\n if (opts.audience) jwt.setAudience(opts.audience);\n if (opts.subject) jwt.setSubject(opts.subject);\n if (opts.jti) jwt.setJti(opts.jti);\n if (opts.expiresIn !== undefined) jwt.setExpirationTime(opts.expiresIn);\n return jwt.sign(toKey(secret));\n}\n\nexport async function verify<T extends JWTPayload = JWTPayload>(\n token: string,\n secret: string | Uint8Array,\n): Promise<T> {\n try {\n const { payload } = await jwtVerify(token, toKey(secret));\n return payload as T;\n } catch (e) {\n throw new InvalidTokenError((e as Error).message);\n }\n}\n\nexport function decode<T extends JWTPayload = JWTPayload>(token: string): T {\n try {\n return decodeJwt(token) as T;\n } catch (e) {\n throw new InvalidTokenError((e as Error).message);\n }\n}\n"]}
package/dist/otp/index.d.ts ADDED
@@ -0,0 +1 @@
1
+ export { O as OtpChallenge, c as createChallenge, g as generateNumericOtp, a as isExpired } from '../index-BwEvEa8-.js';
package/dist/otp/index.js ADDED
@@ -0,0 +1,16 @@
1
+ // src/otp/index.ts
2
+ function generateNumericOtp(length = 6) {
3
+ const max = 10 ** length;
4
+ const n = crypto.getRandomValues(new Uint32Array(1))[0] % max;
5
+ return n.toString().padStart(length, "0");
6
+ }
7
+ function createChallenge(ttlSeconds = 600, length = 6) {
8
+ return { code: generateNumericOtp(length), expiresAt: Date.now() + ttlSeconds * 1e3 };
9
+ }
10
+ function isExpired(challenge) {
11
+ return Date.now() > challenge.expiresAt;
12
+ }
13
+
14
+ export { createChallenge, generateNumericOtp, isExpired };
15
+ //# sourceMappingURL=index.js.map
16
+ //# sourceMappingURL=index.js.map
package/dist/otp/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../src/otp/index.ts"],"names":[],"mappings":";AAGO,SAAS,kBAAA,CAAmB,SAAS,CAAA,EAAW;AACrD,EAAA,MAAM,MAAM,EAAA,IAAM,MAAA;AAClB,EAAA,MAAM,CAAA,GAAI,OAAO,eAAA,CAAgB,IAAI,YAAY,CAAC,CAAC,CAAA,CAAE,CAAC,CAAA,GAAK,GAAA;AAC3D,EAAA,OAAO,CAAA,CAAE,QAAA,EAAS,CAAE,QAAA,CAAS,QAAQ,GAAG,CAAA;AAC1C;AAOO,SAAS,eAAA,CAAgB,UAAA,GAAa,GAAA,EAAK,MAAA,GAAS,CAAA,EAAiB;AAC1E,EAAA,OAAO,EAAE,IAAA,EAAM,kBAAA,CAAmB,MAAM,CAAA,EAAG,WAAW,IAAA,CAAK,GAAA,EAAI,GAAI,UAAA,GAAa,GAAA,EAAK;AACvF;AAEO,SAAS,UAAU,SAAA,EAAkC;AAC1D,EAAA,OAAO,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA,CAAU,SAAA;AAChC","file":"index.js","sourcesContent":["/**\n * Email / numeric OTP helpers. The mailer itself is adapter-injected.\n */\nexport function generateNumericOtp(length = 6): string {\n const max = 10 ** length;\n const n = crypto.getRandomValues(new Uint32Array(1))[0]! % max;\n return n.toString().padStart(length, '0');\n}\n\nexport interface OtpChallenge {\n code: string;\n expiresAt: number;\n}\n\nexport function createChallenge(ttlSeconds = 600, length = 6): OtpChallenge {\n return { code: generateNumericOtp(length), expiresAt: Date.now() + ttlSeconds * 1000 };\n}\n\nexport function isExpired(challenge: OtpChallenge): boolean {\n return Date.now() > challenge.expiresAt;\n}\n"]}
package/dist/password/index.d.ts ADDED
@@ -0,0 +1 @@
1
+ export { h as hash, v as verify } from '../index-BYtkmk9_.js';
package/dist/password/index.js ADDED
@@ -0,0 +1,75 @@
1
+ // src/password/index.ts
2
+ var ITER = 1e5;
3
+ var KEYLEN = 32;
4
+ var SALT_LEN = 16;
5
+ function b64(buf) {
6
+ const bytes = buf instanceof Uint8Array ? buf : new Uint8Array(buf);
7
+ let s = "";
8
+ for (const b of bytes) s += String.fromCharCode(b);
9
+ return btoa(s);
10
+ }
11
+ function fromB64(s) {
12
+ const bin = atob(s);
13
+ const out = new Uint8Array(bin.length);
14
+ for (let i = 0; i < bin.length; i++) out[i] = bin.charCodeAt(i);
15
+ return out;
16
+ }
17
+ async function pbkdf2Hash(password, salt) {
18
+ const keyMaterial = new TextEncoder().encode(password);
19
+ const key = await crypto.subtle.importKey("raw", keyMaterial, "PBKDF2", false, ["deriveBits"]);
20
+ const bits = await crypto.subtle.deriveBits(
21
+ { name: "PBKDF2", salt, iterations: ITER, hash: "SHA-256" },
22
+ key,
23
+ KEYLEN * 8
24
+ );
25
+ return new Uint8Array(bits);
26
+ }
27
+ async function tryArgon2() {
28
+ try {
29
+ const mod = await import(
30
+ /* webpackIgnore: true */
31
+ /* turbopackIgnore: true */
32
+ /* @vite-ignore */
33
+ '@node-rs/argon2'
34
+ ).catch(() => null);
35
+ return mod ?? null;
36
+ } catch {
37
+ return null;
38
+ }
39
+ }
40
+ async function hash(password) {
41
+ const argon = await tryArgon2();
42
+ if (argon) {
43
+ return argon.hash(password);
44
+ }
45
+ const salt = crypto.getRandomValues(new Uint8Array(SALT_LEN));
46
+ const h = await pbkdf2Hash(password, salt);
47
+ return `pbkdf2-sha256$${ITER}$${b64(salt)}$${b64(h)}`;
48
+ }
49
+ async function verify(password, stored) {
50
+ if (stored.startsWith("$argon2")) {
51
+ const argon = await tryArgon2();
52
+ if (!argon) return false;
53
+ return argon.verify(stored, password);
54
+ }
55
+ const [scheme, iterStr, saltB64, hashB64] = stored.split("$");
56
+ if (scheme !== "pbkdf2-sha256" || !iterStr || !saltB64 || !hashB64) return false;
57
+ const salt = fromB64(saltB64);
58
+ const expected = fromB64(hashB64);
59
+ const keyMaterial = new TextEncoder().encode(password);
60
+ const key = await crypto.subtle.importKey("raw", keyMaterial, "PBKDF2", false, ["deriveBits"]);
61
+ const bits = await crypto.subtle.deriveBits(
62
+ { name: "PBKDF2", salt, iterations: Number(iterStr), hash: "SHA-256" },
63
+ key,
64
+ expected.length * 8
65
+ );
66
+ const out = new Uint8Array(bits);
67
+ if (out.length !== expected.length) return false;
68
+ let diff = 0;
69
+ for (let i = 0; i < out.length; i++) diff |= out[i] ^ expected[i];
70
+ return diff === 0;
71
+ }
72
+
73
+ export { hash, verify };
74
+ //# sourceMappingURL=index.js.map
75
+ //# sourceMappingURL=index.js.map
package/dist/password/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../src/password/index.ts"],"names":[],"mappings":";AASA,IAAM,IAAA,GAAO,GAAA;AACb,IAAM,MAAA,GAAS,EAAA;AACf,IAAM,QAAA,GAAW,EAAA;AAEjB,SAAS,IAAI,GAAA,EAAuC;AAClD,EAAA,MAAM,QAAQ,GAAA,YAAe,UAAA,GAAa,GAAA,GAAM,IAAI,WAAW,GAAG,CAAA;AAClE,EAAA,IAAI,CAAA,GAAI,EAAA;AAAI,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,EAAO,CAAA,IAAK,MAAA,CAAO,aAAa,CAAC,CAAA;AAC7D,EAAA,OAAO,KAAK,CAAC,CAAA;AACf;AACA,SAAS,QAAQ,CAAA,EAAuB;AACtC,EAAA,MAAM,GAAA,GAAM,KAAK,CAAC,CAAA;AAAG,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,GAAA,CAAI,MAAM,CAAA;AAC1D,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,GAAA,CAAI,MAAA,EAAQ,CAAA,EAAA,EAAK,GAAA,CAAI,CAAC,CAAA,GAAI,GAAA,CAAI,UAAA,CAAW,CAAC,CAAA;AAC9D,EAAA,OAAO,GAAA;AACT;AAEA,eAAe,UAAA,CAAW,UAAkB,IAAA,EAAuC;AACjF,EAAA,MAAM,WAAA,GAAc,IAAI,WAAA,EAAY,CAAE,OAAO,QAAQ,CAAA;AACrD,EAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA,CAAU,KAAA,EAAO,WAAA,EAA6B,QAAA,EAAU,KAAA,EAAO,CAAC,YAAY,CAAC,CAAA;AAC7G,EAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,MAAA,CAAO,UAAA;AAAA,IAC/B,EAAE,IAAA,EAAM,QAAA,EAAU,MAA4B,UAAA,EAAY,IAAA,EAAM,MAAM,SAAA,EAAU;AAAA,IAChF,GAAA;AAAA,IACA,MAAA,GAAS;AAAA,GACX;AACA,EAAA,OAAO,IAAI,WAAW,IAAI,CAAA;AAC5B;AAEA,eAAe,SAAA,GAA8D;AAC3E,EAAA,IAAI;AAKF,IAAA,MAAM,MAAO,MAAM;AAAA;AAAA;AAAA;AAAA,MAEjB;AAAA,KACF,CAAE,KAAA,CAAM,MAAM,IAAI,CAAA;AAClB,IAAA,OAAO,GAAA,IAAO,IAAA;AAAA,EAChB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAEA,eAAsB,KAAK,QAAA,EAAmC;AAC5D,EAAA,MAAM,KAAA,GAAQ,MAAM,SAAA,EAAU;AAC9B,EAAA,IAAI,KAAA,EAAO;AACT,IAAA,OAAO,KAAA,CAAM,KAAK,QAAQ,CAAA;AAAA,EAC5B;AACA,EAAA,MAAM,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,QAAQ,CAAC,CAAA;AAC5D,EAAA,MAAM,CAAA,GAAI,MAAM,UAAA,CAAW,QAAA,EAAU,IAAI,CAAA;AACzC,EAAA,OAAO,CAAA,cAAA,EAAiB,IAAI,CAAA,CAAA,EAAI,GAAA,CAAI,IAAI,CAAC,CAAA,CAAA,EAAI,GAAA,CAAI,CAAC,CAAC,CAAA,CAAA;AACrD;AAEA,eAAsB,MAAA,CAAO,UAAkB,MAAA,EAAkC;AAC/E,EAAA,IAAI,MAAA,CAAO,UAAA,CAAW,SAAS,CAAA,EAAG;AAChC,IAAA,MAAM,KAAA,GAAQ,MAAM,SAAA,EAAU;AAC9B,IAAA,IAAI,CAAC,OAAO,OAAO,KAAA;AACnB,IAAA,OAAO,KAAA,CAAM,MAAA,CAAO,MAAA,EAAQ,QAAQ,CAAA;AAAA,EACtC;AACA,EAAA,MAAM,CAAC,QAAQ,OAAA,EAAS,OAAA,EAAS,OAAO,CAAA,GAAI,MAAA,CAAO,MAAM,GAAG,CAAA;AAC5D,EAAA,IAAI,MAAA,KAAW,mBAAmB,CAAC,OAAA,IAAW,CAAC,OAAA,IAAW,CAAC,SAAS,OAAO,KAAA;AAC3E,EAAA,MAAM,IAAA,GAAO,QAAQ,OAAO,CAAA;AAC5B,EAAA,MAAM,QAAA,GAAW,QAAQ,OAAO,CAAA;AAChC,EAAA,MAAM,WAAA,GAAc,IAAI,WAAA,EAAY,CAAE,OAAO,QAAQ,CAAA;AACrD,EAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA,CAAU,KAAA,EAAO,WAAA,EAA6B,QAAA,EAAU,KAAA,EAAO,CAAC,YAAY,CAAC,CAAA;AAC7G,EAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,MAAA,CAAO,UAAA;AAAA,IAC/B,EAAE,MAAM,QAAA,EAAU,IAAA,EAA4B,YAAY,MAAA,CAAO,OAAO,CAAA,EAAG,IAAA,EAAM,SAAA,EAAU;AAAA,IAC3F,GAAA;AAAA,IACA,SAAS,MAAA,GAAS;AAAA,GACpB;AACA,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,IAAI,CAAA;AAC/B,EAAA,IAAI,GAAA,CAAI,MAAA,KAAW,QAAA,CAAS,MAAA,EAAQ,OAAO,KAAA;AAC3C,EAAA,IAAI,IAAA,GAAO,CAAA;AACX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,GAAA,CAAI,MAAA,EAAQ,CAAA,EAAA,EAAK,IAAA,IAAQ,GAAA,CAAI,CAAC,CAAA,GAAK,QAAA,CAAS,CAAC,CAAA;AACjE,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB","file":"index.js","sourcesContent":["/**\n * Runtime-agnostic password hashing.\n * - Node: tries to load @node-rs/argon2 (optionalDependency).\n * - Edge / fallback: PBKDF2 via WebCrypto (SHA-256, 100k iterations).\n *\n * Hash format: \"<scheme>$<params>$<salt_b64>$<hash_b64>\"\n * scheme = \"argon2id\" | \"pbkdf2-sha256\"\n */\n\nconst ITER = 100_000;\nconst KEYLEN = 32;\nconst SALT_LEN = 16;\n\nfunction b64(buf: ArrayBuffer | Uint8Array): string {\n const bytes = buf instanceof Uint8Array ? buf : new Uint8Array(buf);\n let s = ''; for (const b of bytes) s += String.fromCharCode(b);\n return btoa(s);\n}\nfunction fromB64(s: string): Uint8Array {\n const bin = atob(s); const out = new Uint8Array(bin.length);\n for (let i = 0; i < bin.length; i++) out[i] = bin.charCodeAt(i);\n return out;\n}\n\nasync function pbkdf2Hash(password: string, salt: Uint8Array): Promise<Uint8Array> {\n const keyMaterial = new TextEncoder().encode(password);\n const key = await crypto.subtle.importKey('raw', keyMaterial as BufferSource, 'PBKDF2', false, ['deriveBits']);\n const bits = await crypto.subtle.deriveBits(\n { name: 'PBKDF2', salt: salt as BufferSource, iterations: ITER, hash: 'SHA-256' },\n key,\n KEYLEN * 8,\n );\n return new Uint8Array(bits);\n}\n\nasync function tryArgon2(): Promise<typeof import('@node-rs/argon2') | null> {\n try {\n // Use a regular dynamic import with bundler-ignore magic comments.\n // `@node-rs/argon2` is declared in `serverExternalPackages` by consumers\n // (Next.js) and is an optional peer of this package, so Node's native\n // resolver handles it at runtime.\n const mod = (await import(\n /* webpackIgnore: true */ /* turbopackIgnore: true */ /* @vite-ignore */\n '@node-rs/argon2'\n ).catch(() => null)) as typeof import('@node-rs/argon2') | null;\n return mod ?? null;\n } catch {\n return null;\n }\n}\n\nexport async function hash(password: string): Promise<string> {\n const argon = await tryArgon2();\n if (argon) {\n return argon.hash(password); // native argon2id encoded string\n }\n const salt = crypto.getRandomValues(new Uint8Array(SALT_LEN));\n const h = await pbkdf2Hash(password, salt);\n return `pbkdf2-sha256$${ITER}$${b64(salt)}$${b64(h)}`;\n}\n\nexport async function verify(password: string, stored: string): Promise<boolean> {\n if (stored.startsWith('$argon2')) {\n const argon = await tryArgon2();\n if (!argon) return false;\n return argon.verify(stored, password);\n }\n const [scheme, iterStr, saltB64, hashB64] = stored.split('$');\n if (scheme !== 'pbkdf2-sha256' || !iterStr || !saltB64 || !hashB64) return false;\n const salt = fromB64(saltB64);\n const expected = fromB64(hashB64);\n const keyMaterial = new TextEncoder().encode(password);\n const key = await crypto.subtle.importKey('raw', keyMaterial as BufferSource, 'PBKDF2', false, ['deriveBits']);\n const bits = await crypto.subtle.deriveBits(\n { name: 'PBKDF2', salt: salt as BufferSource, iterations: Number(iterStr), hash: 'SHA-256' },\n key,\n expected.length * 8,\n );\n const out = new Uint8Array(bits);\n if (out.length !== expected.length) return false;\n let diff = 0;\n for (let i = 0; i < out.length; i++) diff |= out[i]! ^ expected[i]!;\n return diff === 0;\n}\n"]}
package/dist/plugins/index.d.ts ADDED
@@ -0,0 +1,4 @@
1
+ export { d as definePlugin } from '../index-CotvcK_b.js';
2
+ export { H as HookRunner, P as PluginRegistry, b as buildRegistry, e as emptyRegistry, r as runOnInit } from '../registry-CZhM1tEB.js';
3
+ export { C as ChallengeResult, g as HoleauthHooks, H as HoleauthPlugin, w as PasswordChangeHookInput, x as PasswordResetHookInput, m as PluginContext, n as PluginCoreSurface, o as PluginEvents, p as PluginLogger, q as PluginRoute, r as PluginRouteContext, P as PluginsApi, y as RegisterHookInput, z as SessionIssueHookData, A as SessionRevokeHookData, D as SessionRotateHookData } from '../index-BmYQquGs.js';
4
+ import '../index-CNtnPdzk.js';