npm - @holeauth/idp-drizzle - Versions diffs - 0.0.1-alpha.0 → 0.0.2-alpha.0 - Mend

@holeauth/idp-drizzle 0.0.1-alpha.0 → 0.0.2-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/mysql/index.js ADDED Viewed

@@ -0,0 +1,416 @@
+import { mysqlTable, timestamp, varchar, index, primaryKey, boolean, json, text, uniqueIndex } from 'drizzle-orm/mysql-core';
+import { relations, eq, desc, and, sql } from 'drizzle-orm';
+// src/mysql/index.ts
+function createIdpTables(opts) {
+  const { usersTable, prefix = "holeauth_idp_" } = opts;
+  const p = (s) => `${prefix}${s}`;
+  const teams = mysqlTable(p("team"), {
+    id: varchar("id", { length: 191 }).primaryKey(),
+    name: varchar("name", { length: 255 }).notNull(),
+    createdAt: timestamp("created_at", { fsp: 3 }).notNull().defaultNow()
+  });
+  const teamMembers = mysqlTable(
+    p("team_member"),
+    {
+      teamId: varchar("team_id", { length: 191 }).notNull().references(() => teams.id, { onDelete: "cascade" }),
+      userId: varchar("user_id", { length: 191 }).notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      role: varchar("role", { length: 32 }).notNull().$type(),
+      addedAt: timestamp("added_at", { fsp: 3 }).notNull().defaultNow()
+    },
+    (t) => ({
+      pk: primaryKey({ columns: [t.teamId, t.userId] }),
+      userIdx: index(`${p("team_member")}_user_idx`).on(t.userId)
+    })
+  );
+  const apps = mysqlTable(
+    p("app"),
+    {
+      id: varchar("id", { length: 191 }).primaryKey(),
+      teamId: varchar("team_id", { length: 191 }).notNull().references(() => teams.id, { onDelete: "cascade" }),
+      name: varchar("name", { length: 255 }).notNull(),
+      description: text("description"),
+      logoUrl: text("logo_url"),
+      type: varchar("type", { length: 32 }).notNull().$type(),
+      clientSecretHash: text("client_secret_hash"),
+      redirectUris: json("redirect_uris").$type().notNull(),
+      allowedScopes: json("allowed_scopes").$type().notNull(),
+      requirePkce: boolean("require_pkce").notNull().default(true),
+      createdAt: timestamp("created_at", { fsp: 3 }).notNull().defaultNow(),
+      updatedAt: timestamp("updated_at", { fsp: 3 }).notNull().defaultNow(),
+      disabledAt: timestamp("disabled_at", { fsp: 3 })
+    },
+    (t) => ({
+      teamIdx: index(`${p("app")}_team_idx`).on(t.teamId)
+    })
+  );
+  const authorizationCodes = mysqlTable(
+    p("authorization_code"),
+    {
+      codeHash: varchar("code_hash", { length: 191 }).primaryKey(),
+      appId: varchar("app_id", { length: 191 }).notNull().references(() => apps.id, { onDelete: "cascade" }),
+      userId: varchar("user_id", { length: 191 }).notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      redirectUri: text("redirect_uri").notNull(),
+      scope: text("scope").notNull(),
+      nonce: varchar("nonce", { length: 191 }),
+      codeChallenge: varchar("code_challenge", { length: 191 }),
+      codeChallengeMethod: varchar("code_challenge_method", { length: 16 }),
+      expiresAt: timestamp("expires_at", { fsp: 3 }).notNull(),
+      consumedAt: timestamp("consumed_at", { fsp: 3 })
+    },
+    (t) => ({
+      expiresIdx: index(`${p("authorization_code")}_expires_idx`).on(t.expiresAt)
+    })
+  );
+  const refreshTokens = mysqlTable(
+    p("refresh_token"),
+    {
+      id: varchar("id", { length: 191 }).primaryKey(),
+      tokenHash: varchar("token_hash", { length: 191 }).notNull(),
+      appId: varchar("app_id", { length: 191 }).notNull().references(() => apps.id, { onDelete: "cascade" }),
+      userId: varchar("user_id", { length: 191 }).notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      familyId: varchar("family_id", { length: 191 }).notNull(),
+      scope: text("scope").notNull(),
+      expiresAt: timestamp("expires_at", { fsp: 3 }).notNull(),
+      createdAt: timestamp("created_at", { fsp: 3 }).notNull().defaultNow(),
+      revokedAt: timestamp("revoked_at", { fsp: 3 })
+    },
+    (t) => ({
+      hashIdx: uniqueIndex(`${p("refresh_token")}_hash_idx`).on(t.tokenHash),
+      familyIdx: index(`${p("refresh_token")}_family_idx`).on(t.familyId),
+      userIdx: index(`${p("refresh_token")}_user_idx`).on(t.userId),
+      appIdx: index(`${p("refresh_token")}_app_idx`).on(t.appId)
+    })
+  );
+  const consents = mysqlTable(
+    p("consent"),
+    {
+      userId: varchar("user_id", { length: 191 }).notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      appId: varchar("app_id", { length: 191 }).notNull().references(() => apps.id, { onDelete: "cascade" }),
+      scopesGranted: json("scopes_granted").$type().notNull(),
+      grantedAt: timestamp("granted_at", { fsp: 3 }).notNull().defaultNow()
+    },
+    (t) => ({
+      pk: primaryKey({ columns: [t.userId, t.appId] })
+    })
+  );
+  const signingKeys = mysqlTable(p("signing_key"), {
+    kid: varchar("kid", { length: 191 }).primaryKey(),
+    alg: varchar("alg", { length: 16 }).notNull().$type(),
+    publicJwk: json("public_jwk").$type().notNull(),
+    privateJwk: json("private_jwk").$type().notNull(),
+    active: boolean("active").notNull().default(true),
+    createdAt: timestamp("created_at", { fsp: 3 }).notNull().defaultNow(),
+    rotatedAt: timestamp("rotated_at", { fsp: 3 })
+  });
+  const teamMembersRelations = relations(teamMembers, ({ one }) => ({
+    team: one(teams, { fields: [teamMembers.teamId], references: [teams.id] }),
+    user: one(usersTable, { fields: [teamMembers.userId], references: [usersTable.id] })
+  }));
+  const appsRelations = relations(apps, ({ one }) => ({
+    team: one(teams, { fields: [apps.teamId], references: [teams.id] })
+  }));
+  return {
+    tables: {
+      teams,
+      teamMembers,
+      apps,
+      authorizationCodes,
+      refreshTokens,
+      consents,
+      signingKeys
+    },
+    relations: { teamMembersRelations, appsRelations }
+  };
+}
+var appRow = (r) => ({
+  id: String(r.id),
+  teamId: String(r.teamId),
+  name: String(r.name),
+  description: r.description ?? null,
+  logoUrl: r.logoUrl ?? null,
+  type: r.type,
+  clientSecretHash: r.clientSecretHash ?? null,
+  redirectUris: r.redirectUris ?? [],
+  allowedScopes: r.allowedScopes ?? [],
+  requirePkce: Boolean(r.requirePkce),
+  createdAt: r.createdAt,
+  updatedAt: r.updatedAt,
+  disabledAt: r.disabledAt ?? null
+});
+var teamRow = (r) => ({
+  id: String(r.id),
+  name: String(r.name),
+  createdAt: r.createdAt
+});
+var memberRow = (r) => ({
+  teamId: String(r.teamId),
+  userId: String(r.userId),
+  role: r.role,
+  addedAt: r.addedAt
+});
+var codeRow = (r) => ({
+  codeHash: String(r.codeHash),
+  appId: String(r.appId),
+  userId: String(r.userId),
+  redirectUri: String(r.redirectUri),
+  scope: String(r.scope),
+  nonce: r.nonce ?? null,
+  codeChallenge: r.codeChallenge ?? null,
+  codeChallengeMethod: r.codeChallengeMethod ?? null,
+  expiresAt: r.expiresAt,
+  consumedAt: r.consumedAt ?? null
+});
+var refreshRow = (r) => ({
+  id: String(r.id),
+  tokenHash: String(r.tokenHash),
+  appId: String(r.appId),
+  userId: String(r.userId),
+  familyId: String(r.familyId),
+  scope: String(r.scope),
+  expiresAt: r.expiresAt,
+  createdAt: r.createdAt,
+  revokedAt: r.revokedAt ?? null
+});
+var consentRow = (r) => ({
+  userId: String(r.userId),
+  appId: String(r.appId),
+  scopesGranted: r.scopesGranted ?? [],
+  grantedAt: r.grantedAt
+});
+var keyRow = (r) => ({
+  kid: String(r.kid),
+  alg: r.alg,
+  publicJwk: r.publicJwk,
+  privateJwk: r.privateJwk,
+  active: Boolean(r.active),
+  createdAt: r.createdAt,
+  rotatedAt: r.rotatedAt ?? null
+});
+function createIdpAdapter(opts) {
+  const { db, tables, generateId = () => crypto.randomUUID() } = opts;
+  const { teams, teamMembers, apps, authorizationCodes, refreshTokens, consents, signingKeys } = tables;
+  return {
+    teams: {
+      async create(input) {
+        const id = generateId();
+        await db.insert(teams).values({ id, name: input.name });
+        await db.insert(teamMembers).values({ teamId: id, userId: input.ownerUserId, role: "owner" });
+        const rows = await db.select().from(teams).where(eq(teams.id, id)).limit(1);
+        return teamRow(rows[0]);
+      },
+      async getById(teamId) {
+        const rows = await db.select().from(teams).where(eq(teams.id, teamId)).limit(1);
+        if (!rows.length) return null;
+        return teamRow(rows[0]);
+      },
+      async delete(teamId) {
+        await db.delete(teams).where(eq(teams.id, teamId));
+      },
+      async listForUser(userId) {
+        const rows = await db.select({
+          id: teams.id,
+          name: teams.name,
+          createdAt: teams.createdAt,
+          role: teamMembers.role
+        }).from(teamMembers).innerJoin(teams, eq(teamMembers.teamId, teams.id)).where(eq(teamMembers.userId, userId));
+        return rows.map((r) => ({
+          ...teamRow(r),
+          role: r.role
+        }));
+      },
+      async listMembers(teamId) {
+        const rows = await db.select().from(teamMembers).where(eq(teamMembers.teamId, teamId));
+        return rows.map(memberRow);
+      },
+      async getMembership(teamId, userId) {
+        const rows = await db.select().from(teamMembers).where(and(eq(teamMembers.teamId, teamId), eq(teamMembers.userId, userId))).limit(1);
+        if (!rows.length) return null;
+        return memberRow(rows[0]);
+      },
+      async addMember(teamId, userId, role) {
+        await db.insert(teamMembers).values({ teamId, userId, role }).onDuplicateKeyUpdate({ set: { role } });
+      },
+      async removeMember(teamId, userId) {
+        await db.delete(teamMembers).where(and(eq(teamMembers.teamId, teamId), eq(teamMembers.userId, userId)));
+      }
+    },
+    apps: {
+      async create(input) {
+        await db.insert(apps).values({
+          id: input.id,
+          teamId: input.teamId,
+          name: input.name,
+          description: input.description ?? null,
+          logoUrl: input.logoUrl ?? null,
+          type: input.type,
+          clientSecretHash: input.clientSecretHash ?? null,
+          redirectUris: input.redirectUris,
+          allowedScopes: input.allowedScopes,
+          requirePkce: input.requirePkce
+        });
+        const rows = await db.select().from(apps).where(eq(apps.id, input.id)).limit(1);
+        return appRow(rows[0]);
+      },
+      async getById(appId) {
+        const rows = await db.select().from(apps).where(eq(apps.id, appId)).limit(1);
+        if (!rows.length) return null;
+        return appRow(rows[0]);
+      },
+      async listAll(_opts) {
+        const rows = await db.select().from(apps).orderBy(desc(apps.createdAt));
+        return rows.map(appRow);
+      },
+      async listForTeam(teamId) {
+        const rows = await db.select().from(apps).where(eq(apps.teamId, teamId)).orderBy(desc(apps.createdAt));
+        return rows.map(appRow);
+      },
+      async listForUser(userId) {
+        const rows = await db.select({
+          id: apps.id,
+          teamId: apps.teamId,
+          name: apps.name,
+          description: apps.description,
+          logoUrl: apps.logoUrl,
+          type: apps.type,
+          clientSecretHash: apps.clientSecretHash,
+          redirectUris: apps.redirectUris,
+          allowedScopes: apps.allowedScopes,
+          requirePkce: apps.requirePkce,
+          createdAt: apps.createdAt,
+          updatedAt: apps.updatedAt,
+          disabledAt: apps.disabledAt
+        }).from(apps).innerJoin(teamMembers, eq(teamMembers.teamId, apps.teamId)).where(eq(teamMembers.userId, userId)).orderBy(desc(apps.createdAt));
+        return rows.map(appRow);
+      },
+      async update(appId, patch) {
+        const set = { updatedAt: /* @__PURE__ */ new Date() };
+        if (patch.name !== void 0) set.name = patch.name;
+        if (patch.description !== void 0) set.description = patch.description;
+        if (patch.logoUrl !== void 0) set.logoUrl = patch.logoUrl;
+        if (patch.redirectUris !== void 0) set.redirectUris = patch.redirectUris;
+        if (patch.allowedScopes !== void 0) set.allowedScopes = patch.allowedScopes;
+        if (patch.requirePkce !== void 0) set.requirePkce = patch.requirePkce;
+        if (patch.clientSecretHash !== void 0) set.clientSecretHash = patch.clientSecretHash;
+        if (patch.disabledAt !== void 0) set.disabledAt = patch.disabledAt;
+        await db.update(apps).set(set).where(eq(apps.id, appId));
+        const rows = await db.select().from(apps).where(eq(apps.id, appId)).limit(1);
+        return appRow(rows[0]);
+      },
+      async delete(appId) {
+        await db.delete(apps).where(eq(apps.id, appId));
+      }
+    },
+    codes: {
+      async create(input) {
+        await db.insert(authorizationCodes).values({
+          codeHash: input.codeHash,
+          appId: input.appId,
+          userId: input.userId,
+          redirectUri: input.redirectUri,
+          scope: input.scope,
+          nonce: input.nonce,
+          codeChallenge: input.codeChallenge,
+          codeChallengeMethod: input.codeChallengeMethod,
+          expiresAt: input.expiresAt
+        });
+      },
+      async consume(codeHash) {
+        const now = /* @__PURE__ */ new Date();
+        const result = await db.update(authorizationCodes).set({ consumedAt: now }).where(
+          and(
+            eq(authorizationCodes.codeHash, codeHash),
+            sql`${authorizationCodes.consumedAt} IS NULL`,
+            sql`${authorizationCodes.expiresAt} > NOW(3)`
+          )
+        );
+        const affected = result?.affectedRows ?? // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        (Array.isArray(result) ? result[0]?.affectedRows : void 0);
+        if (!affected) return null;
+        const rows = await db.select().from(authorizationCodes).where(eq(authorizationCodes.codeHash, codeHash)).limit(1);
+        if (!rows.length) return null;
+        return codeRow(rows[0]);
+      }
+    },
+    refresh: {
+      async create(input) {
+        await db.insert(refreshTokens).values({
+          id: input.id,
+          tokenHash: input.tokenHash,
+          appId: input.appId,
+          userId: input.userId,
+          familyId: input.familyId,
+          scope: input.scope,
+          expiresAt: input.expiresAt
+        });
+        const rows = await db.select().from(refreshTokens).where(eq(refreshTokens.id, input.id)).limit(1);
+        return refreshRow(rows[0]);
+      },
+      async getByHash(hash) {
+        const rows = await db.select().from(refreshTokens).where(eq(refreshTokens.tokenHash, hash)).limit(1);
+        if (!rows.length) return null;
+        return refreshRow(rows[0]);
+      },
+      async markRevoked(id) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(and(eq(refreshTokens.id, id), sql`${refreshTokens.revokedAt} IS NULL`));
+      },
+      async revokeFamily(familyId) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(
+          and(eq(refreshTokens.familyId, familyId), sql`${refreshTokens.revokedAt} IS NULL`)
+        );
+      },
+      async revokeAllForUser(userId) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(and(eq(refreshTokens.userId, userId), sql`${refreshTokens.revokedAt} IS NULL`));
+      },
+      async revokeAllForApp(appId) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(and(eq(refreshTokens.appId, appId), sql`${refreshTokens.revokedAt} IS NULL`));
+      },
+      async listForApp(appId) {
+        const rows = await db.select().from(refreshTokens).where(eq(refreshTokens.appId, appId)).orderBy(desc(refreshTokens.createdAt));
+        return rows.map(refreshRow);
+      }
+    },
+    consent: {
+      async get(userId, appId) {
+        const rows = await db.select().from(consents).where(and(eq(consents.userId, userId), eq(consents.appId, appId))).limit(1);
+        if (!rows.length) return null;
+        return consentRow(rows[0]);
+      },
+      async upsert(userId, appId, scopesGranted) {
+        await db.insert(consents).values({ userId, appId, scopesGranted }).onDuplicateKeyUpdate({ set: { scopesGranted, grantedAt: /* @__PURE__ */ new Date() } });
+      },
+      async revoke(userId, appId) {
+        await db.delete(consents).where(and(eq(consents.userId, userId), eq(consents.appId, appId)));
+      }
+    },
+    keys: {
+      async listActive() {
+        const rows = await db.select().from(signingKeys).where(eq(signingKeys.active, true)).orderBy(desc(signingKeys.createdAt));
+        return rows.map(keyRow);
+      },
+      async getActive() {
+        const rows = await db.select().from(signingKeys).where(eq(signingKeys.active, true)).orderBy(desc(signingKeys.createdAt)).limit(1);
+        if (!rows.length) return null;
+        return keyRow(rows[0]);
+      },
+      async create(input) {
+        await db.insert(signingKeys).values({
+          kid: input.kid,
+          alg: input.alg,
+          publicJwk: input.publicJwk,
+          privateJwk: input.privateJwk,
+          active: true
+        });
+        const rows = await db.select().from(signingKeys).where(eq(signingKeys.kid, input.kid)).limit(1);
+        return keyRow(rows[0]);
+      },
+      async markRotated(kid) {
+        await db.update(signingKeys).set({ active: false, rotatedAt: /* @__PURE__ */ new Date() }).where(eq(signingKeys.kid, kid));
+      }
+    }
+  };
+}
+export { createIdpAdapter, createIdpTables };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/mysql/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/mysql/index.ts"],"names":[],"mappings":";;;;AAiDO,SAAS,gBAA2C,IAAA,EAAiC;AAC1F,EAAA,MAAM,EAAE,UAAA,EAAY,MAAA,GAAS,eAAA,EAAgB,GAAI,IAAA;AACjD,EAAA,MAAM,IAAI,CAAC,CAAA,KAAc,CAAA,EAAG,MAAM,GAAG,CAAC,CAAA,CAAA;AAEtC,EAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,CAAA,CAAE,MAAM,CAAA,EAAG;AAAA,IAClC,EAAA,EAAI,QAAQ,IAAA,EAAM,EAAE,QAAQ,GAAA,EAAK,EAAE,UAAA,EAAW;AAAA,IAC9C,IAAA,EAAM,QAAQ,MAAA,EAAQ,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,IAC/C,SAAA,EAAW,SAAA,CAAU,YAAA,EAAc,EAAE,GAAA,EAAK,GAAG,CAAA,CAAE,OAAA,EAAQ,CAAE,UAAA;AAAW,GACrE,CAAA;AAED,EAAA,MAAM,WAAA,GAAc,UAAA;AAAA,IAClB,EAAE,aAAa,CAAA;AAAA,IACf;AAAA,MACE,QAAQ,OAAA,CAAQ,SAAA,EAAW,EAAE,MAAA,EAAQ,KAAK,CAAA,CACvC,OAAA,EAAQ,CACR,WAAW,MAAM,KAAA,CAAM,IAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACrD,QAAQ,OAAA,CAAQ,SAAA,EAAW,EAAE,MAAA,EAAQ,KAAK,CAAA,CACvC,OAAA,EAAQ,CACR,WAAW,MAAM,UAAA,CAAW,IAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,MAAA,EAAQ,IAAI,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAgB;AAAA,MAChE,OAAA,EAAS,SAAA,CAAU,UAAA,EAAY,EAAE,GAAA,EAAK,GAAG,CAAA,CAAE,OAAA,EAAQ,CAAE,UAAA;AAAW,KAClE;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,EAAA,EAAI,UAAA,CAAW,EAAE,OAAA,EAAS,CAAC,EAAE,MAAA,EAAQ,CAAA,CAAE,MAAM,CAAA,EAAG,CAAA;AAAA,MAChD,OAAA,EAAS,KAAA,CAAM,CAAA,EAAG,CAAA,CAAE,aAAa,CAAC,CAAA,SAAA,CAAW,CAAA,CAAE,EAAA,CAAG,CAAA,CAAE,MAAM;AAAA,KAC5D;AAAA,GACF;AAEA,EAAA,MAAM,IAAA,GAAO,UAAA;AAAA,IACX,EAAE,KAAK,CAAA;AAAA,IACP;AAAA,MACE,EAAA,EAAI,QAAQ,IAAA,EAAM,EAAE,QAAQ,GAAA,EAAK,EAAE,UAAA,EAAW;AAAA,MAC9C,QAAQ,OAAA,CAAQ,SAAA,EAAW,EAAE,MAAA,EAAQ,KAAK,CAAA,CACvC,OAAA,EAAQ,CACR,WAAW,MAAM,KAAA,CAAM,IAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACrD,IAAA,EAAM,QAAQ,MAAA,EAAQ,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,MAC/C,WAAA,EAAa,KAAK,aAAa,CAAA;AAAA,MAC/B,OAAA,EAAS,KAAK,UAAU,CAAA;AAAA,MACxB,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,MAAA,EAAQ,IAAI,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAe;AAAA,MAC/D,gBAAA,EAAkB,KAAK,oBAAoB,CAAA;AAAA,MAC3C,cAAc,IAAA,CAAK,eAAe,CAAA,CAAE,KAAA,GAAkB,OAAA,EAAQ;AAAA,MAC9D,eAAe,IAAA,CAAK,gBAAgB,CAAA,CAAE,KAAA,GAAkB,OAAA,EAAQ;AAAA,MAChE,aAAa,OAAA,CAAQ,cAAc,EAAE,OAAA,EAAQ,CAAE,QAAQ,IAAI,CAAA;AAAA,MAC3D,SAAA,EAAW,SAAA,CAAU,YAAA,EAAc,EAAE,GAAA,EAAK,GAAG,CAAA,CAAE,OAAA,EAAQ,CAAE,UAAA,EAAW;AAAA,MACpE,SAAA,EAAW,SAAA,CAAU,YAAA,EAAc,EAAE,GAAA,EAAK,GAAG,CAAA,CAAE,OAAA,EAAQ,CAAE,UAAA,EAAW;AAAA,MACpE,YAAY,SAAA,CAAU,aAAA,EAAe,EAAE,GAAA,EAAK,GAAG;AAAA,KACjD;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,OAAA,EAAS,KAAA,CAAM,CAAA,EAAG,CAAA,CAAE,KAAK,CAAC,CAAA,SAAA,CAAW,CAAA,CAAE,EAAA,CAAG,CAAA,CAAE,MAAM;AAAA,KACpD;AAAA,GACF;AAEA,EAAA,MAAM,kBAAA,GAAqB,UAAA;AAAA,IACzB,EAAE,oBAAoB,CAAA;AAAA,IACtB;AAAA,MACE,QAAA,EAAU,QAAQ,WAAA,EAAa,EAAE,QAAQ,GAAA,EAAK,EAAE,UAAA,EAAW;AAAA,MAC3D,OAAO,OAAA,CAAQ,QAAA,EAAU,EAAE,MAAA,EAAQ,KAAK,CAAA,CACrC,OAAA,EAAQ,CACR,WAAW,MAAM,IAAA,CAAK,IAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACpD,QAAQ,OAAA,CAAQ,SAAA,EAAW,EAAE,MAAA,EAAQ,KAAK,CAAA,CACvC,OAAA,EAAQ,CACR,WAAW,MAAM,UAAA,CAAW,IAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,MAC1C,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,MAC7B,OAAO,OAAA,CAAQ,OAAA,EAAS,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,MACvC,eAAe,OAAA,CAAQ,gBAAA,EAAkB,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,MACxD,qBAAqB,OAAA,CAAQ,uBAAA,EAAyB,EAAE,MAAA,EAAQ,IAAI,CAAA;AAAA,MACpE,SAAA,EAAW,UAAU,YAAA,EAAc,EAAE,KAAK,CAAA,EAAG,EAAE,OAAA,EAAQ;AAAA,MACvD,YAAY,SAAA,CAAU,aAAA,EAAe,EAAE,GAAA,EAAK,GAAG;AAAA,KACjD;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,UAAA,EAAY,KAAA,CAAM,CAAA,EAAG,CAAA,CAAE,oBAAoB,CAAC,CAAA,YAAA,CAAc,CAAA,CAAE,EAAA,CAAG,CAAA,CAAE,SAAS;AAAA,KAC5E;AAAA,GACF;AAEA,EAAA,MAAM,aAAA,GAAgB,UAAA;AAAA,IACpB,EAAE,eAAe,CAAA;AAAA,IACjB;AAAA,MACE,EAAA,EAAI,QAAQ,IAAA,EAAM,EAAE,QAAQ,GAAA,EAAK,EAAE,UAAA,EAAW;AAAA,MAC9C,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,MAC1D,OAAO,OAAA,CAAQ,QAAA,EAAU,EAAE,MAAA,EAAQ,KAAK,CAAA,CACrC,OAAA,EAAQ,CACR,WAAW,MAAM,IAAA,CAAK,IAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACpD,QAAQ,OAAA,CAAQ,SAAA,EAAW,EAAE,MAAA,EAAQ,KAAK,CAAA,CACvC,OAAA,EAAQ,CACR,WAAW,MAAM,UAAA,CAAW,IAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,QAAA,EAAU,QAAQ,WAAA,EAAa,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,MACxD,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,MAC7B,SAAA,EAAW,UAAU,YAAA,EAAc,EAAE,KAAK,CAAA,EAAG,EAAE,OAAA,EAAQ;AAAA,MACvD,SAAA,EAAW,SAAA,CAAU,YAAA,EAAc,EAAE,GAAA,EAAK,GAAG,CAAA,CAAE,OAAA,EAAQ,CAAE,UAAA,EAAW;AAAA,MACpE,WAAW,SAAA,CAAU,YAAA,EAAc,EAAE,GAAA,EAAK,GAAG;AAAA,KAC/C;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,OAAA,EAAS,WAAA,CAAY,CAAA,EAAG,CAAA,CAAE,eAAe,CAAC,CAAA,SAAA,CAAW,CAAA,CAAE,EAAA,CAAG,CAAA,CAAE,SAAS,CAAA;AAAA,MACrE,SAAA,EAAW,KAAA,CAAM,CAAA,EAAG,CAAA,CAAE,eAAe,CAAC,CAAA,WAAA,CAAa,CAAA,CAAE,EAAA,CAAG,CAAA,CAAE,QAAQ,CAAA;AAAA,MAClE,OAAA,EAAS,KAAA,CAAM,CAAA,EAAG,CAAA,CAAE,eAAe,CAAC,CAAA,SAAA,CAAW,CAAA,CAAE,EAAA,CAAG,CAAA,CAAE,MAAM,CAAA;AAAA,MAC5D,MAAA,EAAQ,KAAA,CAAM,CAAA,EAAG,CAAA,CAAE,eAAe,CAAC,CAAA,QAAA,CAAU,CAAA,CAAE,EAAA,CAAG,CAAA,CAAE,KAAK;AAAA,KAC3D;AAAA,GACF;AAEA,EAAA,MAAM,QAAA,GAAW,UAAA;AAAA,IACf,EAAE,SAAS,CAAA;AAAA,IACX;AAAA,MACE,QAAQ,OAAA,CAAQ,SAAA,EAAW,EAAE,MAAA,EAAQ,KAAK,CAAA,CACvC,OAAA,EAAQ,CACR,WAAW,MAAM,UAAA,CAAW,IAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,OAAO,OAAA,CAAQ,QAAA,EAAU,EAAE,MAAA,EAAQ,KAAK,CAAA,CACrC,OAAA,EAAQ,CACR,WAAW,MAAM,IAAA,CAAK,IAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACpD,eAAe,IAAA,CAAK,gBAAgB,CAAA,CAAE,KAAA,GAAkB,OAAA,EAAQ;AAAA,MAChE,SAAA,EAAW,SAAA,CAAU,YAAA,EAAc,EAAE,GAAA,EAAK,GAAG,CAAA,CAAE,OAAA,EAAQ,CAAE,UAAA;AAAW,KACtE;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,EAAA,EAAI,UAAA,CAAW,EAAE,OAAA,EAAS,CAAC,EAAE,MAAA,EAAQ,CAAA,CAAE,KAAK,CAAA,EAAG;AAAA,KACjD;AAAA,GACF;AAEA,EAAA,MAAM,WAAA,GAAc,UAAA,CAAW,CAAA,CAAE,aAAa,CAAA,EAAG;AAAA,IAC/C,GAAA,EAAK,QAAQ,KAAA,EAAO,EAAE,QAAQ,GAAA,EAAK,EAAE,UAAA,EAAW;AAAA,IAChD,GAAA,EAAK,OAAA,CAAQ,KAAA,EAAO,EAAE,MAAA,EAAQ,IAAI,CAAA,CAAE,OAAA,EAAQ,CAAE,KAAA,EAAkB;AAAA,IAChE,WAAW,IAAA,CAAK,YAAY,CAAA,CAAE,KAAA,GAAiC,OAAA,EAAQ;AAAA,IACvE,YAAY,IAAA,CAAK,aAAa,CAAA,CAAE,KAAA,GAAiC,OAAA,EAAQ;AAAA,IACzE,QAAQ,OAAA,CAAQ,QAAQ,EAAE,OAAA,EAAQ,CAAE,QAAQ,IAAI,CAAA;AAAA,IAChD,SAAA,EAAW,SAAA,CAAU,YAAA,EAAc,EAAE,GAAA,EAAK,GAAG,CAAA,CAAE,OAAA,EAAQ,CAAE,UAAA,EAAW;AAAA,IACpE,WAAW,SAAA,CAAU,YAAA,EAAc,EAAE,GAAA,EAAK,GAAG;AAAA,GAC9C,CAAA;AAED,EAAA,MAAM,uBAAuB,SAAA,CAAU,WAAA,EAAa,CAAC,EAAE,KAAI,MAAO;AAAA,IAChE,IAAA,EAAM,GAAA,CAAI,KAAA,EAAO,EAAE,QAAQ,CAAC,WAAA,CAAY,MAAM,CAAA,EAAG,UAAA,EAAY,CAAC,KAAA,CAAM,EAAE,GAAG,CAAA;AAAA,IACzE,IAAA,EAAM,GAAA,CAAI,UAAA,EAAY,EAAE,QAAQ,CAAC,WAAA,CAAY,MAAM,CAAA,EAAG,UAAA,EAAY,CAAC,UAAA,CAAW,EAAE,GAAG;AAAA,GACrF,CAAE,CAAA;AACF,EAAA,MAAM,gBAAgB,SAAA,CAAU,IAAA,EAAM,CAAC,EAAE,KAAI,MAAO;AAAA,IAClD,IAAA,EAAM,GAAA,CAAI,KAAA,EAAO,EAAE,QAAQ,CAAC,IAAA,CAAK,MAAM,CAAA,EAAG,UAAA,EAAY,CAAC,KAAA,CAAM,EAAE,GAAG;AAAA,GACpE,CAAE,CAAA;AAEF,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ;AAAA,MACN,KAAA;AAAA,MACA,WAAA;AAAA,MACA,IAAA;AAAA,MACA,kBAAA;AAAA,MACA,aAAA;AAAA,MACA,QAAA;AAAA,MACA;AAAA,KACF;AAAA,IACA,SAAA,EAAW,EAAE,oBAAA,EAAsB,aAAA;AAAc,GACnD;AACF;AAaA,IAAM,MAAA,GAAS,CAAC,CAAA,MAAwC;AAAA,EACtD,EAAA,EAAI,MAAA,CAAO,CAAA,CAAE,EAAE,CAAA;AAAA,EACf,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,IAAA,EAAM,MAAA,CAAO,CAAA,CAAE,IAAI,CAAA;AAAA,EACnB,WAAA,EAAc,EAAE,WAAA,IAAiC,IAAA;AAAA,EACjD,OAAA,EAAU,EAAE,OAAA,IAA6B,IAAA;AAAA,EACzC,MAAM,CAAA,CAAE,IAAA;AAAA,EACR,gBAAA,EAAmB,EAAE,gBAAA,IAAsC,IAAA;AAAA,EAC3D,YAAA,EAAe,CAAA,CAAE,YAAA,IAAoC,EAAC;AAAA,EACtD,aAAA,EAAgB,CAAA,CAAE,aAAA,IAAqC,EAAC;AAAA,EACxD,WAAA,EAAa,OAAA,CAAQ,CAAA,CAAE,WAAW,CAAA;AAAA,EAClC,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,UAAA,EAAa,EAAE,UAAA,IAA8B;AAC/C,CAAA,CAAA;AAEA,IAAM,OAAA,GAAU,CAAC,CAAA,MAAyC;AAAA,EACxD,EAAA,EAAI,MAAA,CAAO,CAAA,CAAE,EAAE,CAAA;AAAA,EACf,IAAA,EAAM,MAAA,CAAO,CAAA,CAAE,IAAI,CAAA;AAAA,EACnB,WAAW,CAAA,CAAE;AACf,CAAA,CAAA;AAEA,IAAM,SAAA,GAAY,CAAC,CAAA,MAA+C;AAAA,EAChE,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,MAAM,CAAA,CAAE,IAAA;AAAA,EACR,SAAS,CAAA,CAAE;AACb,CAAA,CAAA;AAEA,IAAM,OAAA,GAAU,CAAC,CAAA,MAAsD;AAAA,EACrE,QAAA,EAAU,MAAA,CAAO,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC3B,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,WAAA,EAAa,MAAA,CAAO,CAAA,CAAE,WAAW,CAAA;AAAA,EACjC,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,KAAA,EAAQ,EAAE,KAAA,IAA2B,IAAA;AAAA,EACrC,aAAA,EAAgB,EAAE,aAAA,IAAmC,IAAA;AAAA,EACrD,mBAAA,EAAsB,EAAE,mBAAA,IAAmD,IAAA;AAAA,EAC3E,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,UAAA,EAAa,EAAE,UAAA,IAA8B;AAC/C,CAAA,CAAA;AAEA,IAAM,UAAA,GAAa,CAAC,CAAA,MAAiD;AAAA,EACnE,EAAA,EAAI,MAAA,CAAO,CAAA,CAAE,EAAE,CAAA;AAAA,EACf,SAAA,EAAW,MAAA,CAAO,CAAA,CAAE,SAAS,CAAA;AAAA,EAC7B,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,QAAA,EAAU,MAAA,CAAO,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC3B,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,SAAA,EAAY,EAAE,SAAA,IAA6B;AAC7C,CAAA,CAAA;AAEA,IAAM,UAAA,GAAa,CAAC,CAAA,MAA4C;AAAA,EAC9D,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,aAAA,EAAgB,CAAA,CAAE,aAAA,IAAqC,EAAC;AAAA,EACxD,WAAW,CAAA,CAAE;AACf,CAAA,CAAA;AAEA,IAAM,MAAA,GAAS,CAAC,CAAA,MAA+C;AAAA,EAC7D,GAAA,EAAK,MAAA,CAAO,CAAA,CAAE,GAAG,CAAA;AAAA,EACjB,KAAK,CAAA,CAAE,GAAA;AAAA,EACP,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,YAAY,CAAA,CAAE,UAAA;AAAA,EACd,MAAA,EAAQ,OAAA,CAAQ,CAAA,CAAE,MAAM,CAAA;AAAA,EACxB,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,SAAA,EAAY,EAAE,SAAA,IAA6B;AAC7C,CAAA,CAAA;AAEO,SAAS,iBAAiB,IAAA,EAA2C;AAC1E,EAAA,MAAM,EAAE,IAAI,MAAA,EAAQ,UAAA,GAAa,MAAM,MAAA,CAAO,UAAA,IAAa,GAAI,IAAA;AAC/D,EAAA,MAAM,EAAE,OAAO,WAAA,EAAa,IAAA,EAAM,oBAAoB,aAAA,EAAe,QAAA,EAAU,aAAY,GACzF,MAAA;AAEF,EAAA,OAAO;AAAA,IACL,KAAA,EAAO;AAAA,MACL,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,KAAK,UAAA,EAAW;AACtB,QAAA,MAAM,EAAA,CAAG,MAAA,CAAO,KAAK,CAAA,CAAE,MAAA,CAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,CAAM,IAAA,EAAM,CAAA;AACtD,QAAA,MAAM,EAAA,CACH,MAAA,CAAO,WAAW,CAAA,CAClB,MAAA,CAAO,EAAE,MAAA,EAAQ,EAAA,EAAI,MAAA,EAAQ,KAAA,CAAM,WAAA,EAAa,IAAA,EAAM,SAAS,CAAA;AAClE,QAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,KAAK,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,MAAM,EAAA,EAAI,EAAE,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AAC1E,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACnD,CAAA;AAAA,MACA,MAAM,QAAQ,MAAA,EAAQ;AACpB,QAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,KAAK,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,MAAM,EAAA,EAAI,MAAM,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AAC9E,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACnD,CAAA;AAAA,MACA,MAAM,OAAO,MAAA,EAAQ;AACnB,QAAA,MAAM,EAAA,CAAG,OAAO,KAAK,CAAA,CAAE,MAAM,EAAA,CAAG,KAAA,CAAM,EAAA,EAAI,MAAM,CAAC,CAAA;AAAA,MACnD,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,CAAO;AAAA,UACN,IAAI,KAAA,CAAM,EAAA;AAAA,UACV,MAAM,KAAA,CAAM,IAAA;AAAA,UACZ,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,MAAM,WAAA,CAAY;AAAA,SACnB,CAAA,CACA,IAAA,CAAK,WAAW,CAAA,CAChB,SAAA,CAAU,OAAO,EAAA,CAAG,WAAA,CAAY,QAAQ,KAAA,CAAM,EAAE,CAAC,CAAA,CACjD,KAAA,CAAM,GAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAA;AACvC,QAAA,OAAQ,IAAA,CAAmC,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,UACrD,GAAG,QAAQ,CAAC,CAAA;AAAA,UACZ,MAAM,CAAA,CAAE;AAAA,SACV,CAAE,CAAA;AAAA,MACJ,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,IAAA,CAAK,WAAW,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAA;AACrF,QAAA,OAAQ,IAAA,CAAmC,IAAI,SAAS,CAAA;AAAA,MAC1D,CAAA;AAAA,MACA,MAAM,aAAA,CAAc,MAAA,EAAQ,MAAA,EAAQ;AAClC,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,GACA,IAAA,CAAK,WAAW,CAAA,CAChB,KAAA,CAAM,GAAA,CAAI,EAAA,CAAG,YAAY,MAAA,EAAQ,MAAM,CAAA,EAAG,EAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAC,CAAA,CACzE,KAAA,CAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,SAAA,CAAU,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACrD,CAAA;AAAA,MACA,MAAM,SAAA,CAAU,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM;AACpC,QAAA,MAAM,GACH,MAAA,CAAO,WAAW,CAAA,CAClB,MAAA,CAAO,EAAE,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM,EAC/B,oBAAA,CAAqB,EAAE,KAAK,EAAE,IAAA,IAAQ,CAAA;AAAA,MAC3C,CAAA;AAAA,MACA,MAAM,YAAA,CAAa,MAAA,EAAQ,MAAA,EAAQ;AACjC,QAAA,MAAM,GACH,MAAA,CAAO,WAAW,CAAA,CAClB,KAAA,CAAM,IAAI,EAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,GAAG,EAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAC,CAAA;AAAA,MAC9E;AAAA,KACF;AAAA,IAEA,IAAA,EAAM;AAAA,MACJ,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,EAAA,CAAG,MAAA,CAAO,IAAI,CAAA,CAAE,MAAA,CAAO;AAAA,UAC3B,IAAI,KAAA,CAAM,EAAA;AAAA,UACV,QAAQ,KAAA,CAAM,MAAA;AAAA,UACd,MAAM,KAAA,CAAM,IAAA;AAAA,UACZ,WAAA,EAAa,MAAM,WAAA,IAAe,IAAA;AAAA,UAClC,OAAA,EAAS,MAAM,OAAA,IAAW,IAAA;AAAA,UAC1B,MAAM,KAAA,CAAM,IAAA;AAAA,UACZ,gBAAA,EAAkB,MAAM,gBAAA,IAAoB,IAAA;AAAA,UAC5C,cAAc,KAAA,CAAM,YAAA;AAAA,UACpB,eAAe,KAAA,CAAM,aAAA;AAAA,UACrB,aAAa,KAAA,CAAM;AAAA,SACpB,CAAA;AACD,QAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,IAAI,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,KAAK,EAAA,EAAI,KAAA,CAAM,EAAE,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AAC9E,QAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,QAAQ,KAAA,EAAO;AACnB,QAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,IAAI,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,KAAK,EAAA,EAAI,KAAK,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AAC3E,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,QAAQ,KAAA,EAAO;AACnB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,IAAA,CAAK,IAAI,CAAA,CAAE,OAAA,CAAQ,IAAA,CAAK,IAAA,CAAK,SAAS,CAAC,CAAA;AACtE,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,QAAO,CACP,IAAA,CAAK,IAAI,CAAA,CACT,KAAA,CAAM,GAAG,IAAA,CAAK,MAAA,EAAQ,MAAM,CAAC,CAAA,CAC7B,QAAQ,IAAA,CAAK,IAAA,CAAK,SAAS,CAAC,CAAA;AAC/B,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,CAAO;AAAA,UACN,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,QAAQ,IAAA,CAAK,MAAA;AAAA,UACb,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,aAAa,IAAA,CAAK,WAAA;AAAA,UAClB,SAAS,IAAA,CAAK,OAAA;AAAA,UACd,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,kBAAkB,IAAA,CAAK,gBAAA;AAAA,UACvB,cAAc,IAAA,CAAK,YAAA;AAAA,UACnB,eAAe,IAAA,CAAK,aAAA;AAAA,UACpB,aAAa,IAAA,CAAK,WAAA;AAAA,UAClB,WAAW,IAAA,CAAK,SAAA;AAAA,UAChB,WAAW,IAAA,CAAK,SAAA;AAAA,UAChB,YAAY,IAAA,CAAK;AAAA,SAClB,CAAA,CACA,IAAA,CAAK,IAAI,CAAA,CACT,UAAU,WAAA,EAAa,EAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,IAAA,CAAK,MAAM,CAAC,CAAA,CAC1D,KAAA,CAAM,EAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAA,CACpC,OAAA,CAAQ,IAAA,CAAK,IAAA,CAAK,SAAS,CAAC,CAAA;AAC/B,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,MAAA,CAAO,KAAA,EAAO,KAAA,EAAO;AACzB,QAAA,MAAM,GAAA,GAA+B,EAAE,SAAA,kBAAW,IAAI,MAAK,EAAE;AAC7D,QAAA,IAAI,KAAA,CAAM,IAAA,KAAS,MAAA,EAAW,GAAA,CAAI,OAAO,KAAA,CAAM,IAAA;AAC/C,QAAA,IAAI,KAAA,CAAM,WAAA,KAAgB,MAAA,EAAW,GAAA,CAAI,cAAc,KAAA,CAAM,WAAA;AAC7D,QAAA,IAAI,KAAA,CAAM,OAAA,KAAY,MAAA,EAAW,GAAA,CAAI,UAAU,KAAA,CAAM,OAAA;AACrD,QAAA,IAAI,KAAA,CAAM,YAAA,KAAiB,MAAA,EAAW,GAAA,CAAI,eAAe,KAAA,CAAM,YAAA;AAC/D,QAAA,IAAI,KAAA,CAAM,aAAA,KAAkB,MAAA,EAAW,GAAA,CAAI,gBAAgB,KAAA,CAAM,aAAA;AACjE,QAAA,IAAI,KAAA,CAAM,WAAA,KAAgB,MAAA,EAAW,GAAA,CAAI,cAAc,KAAA,CAAM,WAAA;AAC7D,QAAA,IAAI,KAAA,CAAM,gBAAA,KAAqB,MAAA,EAAW,GAAA,CAAI,mBAAmB,KAAA,CAAM,gBAAA;AACvE,QAAA,IAAI,KAAA,CAAM,UAAA,KAAe,MAAA,EAAW,GAAA,CAAI,aAAa,KAAA,CAAM,UAAA;AAC3D,QAAA,MAAM,EAAA,CAAG,MAAA,CAAO,IAAI,CAAA,CAAE,GAAA,CAAI,GAAG,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,IAAA,CAAK,EAAA,EAAI,KAAK,CAAC,CAAA;AACvD,QAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,IAAI,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,KAAK,EAAA,EAAI,KAAK,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AAC3E,QAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,EAAA,CAAG,OAAO,IAAI,CAAA,CAAE,MAAM,EAAA,CAAG,IAAA,CAAK,EAAA,EAAI,KAAK,CAAC,CAAA;AAAA,MAChD;AAAA,KACF;AAAA,IAEA,KAAA,EAAO;AAAA,MACL,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,EAAA,CAAG,MAAA,CAAO,kBAAkB,CAAA,CAAE,MAAA,CAAO;AAAA,UACzC,UAAU,KAAA,CAAM,QAAA;AAAA,UAChB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,QAAQ,KAAA,CAAM,MAAA;AAAA,UACd,aAAa,KAAA,CAAM,WAAA;AAAA,UACnB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,eAAe,KAAA,CAAM,aAAA;AAAA,UACrB,qBAAqB,KAAA,CAAM,mBAAA;AAAA,UAC3B,WAAW,KAAA,CAAM;AAAA,SAClB,CAAA;AAAA,MACH,CAAA;AAAA,MACA,MAAM,QAAQ,QAAA,EAAU;AAEtB,QAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AACrB,QAAA,MAAM,MAAA,GAAS,MAAM,EAAA,CAClB,MAAA,CAAO,kBAAkB,CAAA,CACzB,GAAA,CAAI,EAAE,UAAA,EAAY,GAAA,EAAK,CAAA,CACvB,KAAA;AAAA,UACC,GAAA;AAAA,YACE,EAAA,CAAG,kBAAA,CAAmB,QAAA,EAAU,QAAQ,CAAA;AAAA,YACxC,GAAA,CAAA,EAAM,mBAAmB,UAAU,CAAA,QAAA,CAAA;AAAA,YACnC,GAAA,CAAA,EAAM,mBAAmB,SAAS,CAAA,SAAA;AAAA;AACpC,SACF;AAGF,QAAA,MAAM,WACH,MAAA,EAAsC,YAAA;AAAA,SAEtC,MAAM,OAAA,CAAQ,MAAM,IAAK,MAAA,CAAO,CAAC,GAAW,YAAA,GAAe,MAAA,CAAA;AAC9D,QAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AACtB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,MAAA,EAAO,CACP,KAAK,kBAAkB,CAAA,CACvB,KAAA,CAAM,EAAA,CAAG,mBAAmB,QAAA,EAAU,QAAQ,CAAC,CAAA,CAC/C,MAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACnD;AAAA,KACF;AAAA,IAEA,OAAA,EAAS;AAAA,MACP,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,EAAA,CAAG,MAAA,CAAO,aAAa,CAAA,CAAE,MAAA,CAAO;AAAA,UACpC,IAAI,KAAA,CAAM,EAAA;AAAA,UACV,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,QAAQ,KAAA,CAAM,MAAA;AAAA,UACd,UAAU,KAAA,CAAM,QAAA;AAAA,UAChB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,WAAW,KAAA,CAAM;AAAA,SAClB,CAAA;AACD,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,MAAA,EAAO,CACP,KAAK,aAAa,CAAA,CAClB,KAAA,CAAM,EAAA,CAAG,cAAc,EAAA,EAAI,KAAA,CAAM,EAAE,CAAC,CAAA,CACpC,MAAM,CAAC,CAAA;AACV,QAAA,OAAO,UAAA,CAAW,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACtD,CAAA;AAAA,MACA,MAAM,UAAU,IAAA,EAAM;AACpB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,MAAA,EAAO,CACP,KAAK,aAAa,CAAA,CAClB,KAAA,CAAM,EAAA,CAAG,cAAc,SAAA,EAAW,IAAI,CAAC,CAAA,CACvC,MAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,UAAA,CAAW,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACtD,CAAA;AAAA,MACA,MAAM,YAAY,EAAA,EAAI;AACpB,QAAA,MAAM,EAAA,CACH,OAAO,aAAa,CAAA,CACpB,IAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,EAC7B,KAAA,CAAM,GAAA,CAAI,EAAA,CAAG,aAAA,CAAc,EAAA,EAAI,EAAE,GAAG,GAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU,CAAC,CAAA;AAAA,MACjF,CAAA;AAAA,MACA,MAAM,aAAa,QAAA,EAAU;AAC3B,QAAA,MAAM,EAAA,CACH,MAAA,CAAO,aAAa,CAAA,CACpB,GAAA,CAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,CAAA,CAC7B,KAAA;AAAA,UACC,GAAA,CAAI,GAAG,aAAA,CAAc,QAAA,EAAU,QAAQ,CAAA,EAAG,GAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU;AAAA,SACnF;AAAA,MACJ,CAAA;AAAA,MACA,MAAM,iBAAiB,MAAA,EAAQ;AAC7B,QAAA,MAAM,EAAA,CACH,OAAO,aAAa,CAAA,CACpB,IAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,EAC7B,KAAA,CAAM,GAAA,CAAI,EAAA,CAAG,aAAA,CAAc,MAAA,EAAQ,MAAM,GAAG,GAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU,CAAC,CAAA;AAAA,MACzF,CAAA;AAAA,MACA,MAAM,gBAAgB,KAAA,EAAO;AAC3B,QAAA,MAAM,EAAA,CACH,OAAO,aAAa,CAAA,CACpB,IAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,EAC7B,KAAA,CAAM,GAAA,CAAI,EAAA,CAAG,aAAA,CAAc,KAAA,EAAO,KAAK,GAAG,GAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU,CAAC,CAAA;AAAA,MACvF,CAAA;AAAA,MACA,MAAM,WAAW,KAAA,EAAO;AACtB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,QAAO,CACP,IAAA,CAAK,aAAa,CAAA,CAClB,KAAA,CAAM,GAAG,aAAA,CAAc,KAAA,EAAO,KAAK,CAAC,CAAA,CACpC,QAAQ,IAAA,CAAK,aAAA,CAAc,SAAS,CAAC,CAAA;AACxC,QAAA,OAAQ,IAAA,CAAmC,IAAI,UAAU,CAAA;AAAA,MAC3D;AAAA,KACF;AAAA,IAEA,OAAA,EAAS;AAAA,MACP,MAAM,GAAA,CAAI,MAAA,EAAQ,KAAA,EAAO;AACvB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,GACA,IAAA,CAAK,QAAQ,CAAA,CACb,KAAA,CAAM,GAAA,CAAI,EAAA,CAAG,SAAS,MAAA,EAAQ,MAAM,CAAA,EAAG,EAAA,CAAG,QAAA,CAAS,KAAA,EAAO,KAAK,CAAC,CAAC,CAAA,CACjE,KAAA,CAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,UAAA,CAAW,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACtD,CAAA;AAAA,MACA,MAAM,MAAA,CAAO,MAAA,EAAQ,KAAA,EAAO,aAAA,EAAe;AACzC,QAAA,MAAM,EAAA,CACH,OAAO,QAAQ,CAAA,CACf,OAAO,EAAE,MAAA,EAAQ,OAAO,aAAA,EAAe,EACvC,oBAAA,CAAqB,EAAE,KAAK,EAAE,aAAA,EAAe,2BAAW,IAAI,IAAA,EAAK,EAAE,EAAG,CAAA;AAAA,MAC3E,CAAA;AAAA,MACA,MAAM,MAAA,CAAO,MAAA,EAAQ,KAAA,EAAO;AAC1B,QAAA,MAAM,GACH,MAAA,CAAO,QAAQ,CAAA,CACf,KAAA,CAAM,IAAI,EAAA,CAAG,QAAA,CAAS,MAAA,EAAQ,MAAM,GAAG,EAAA,CAAG,QAAA,CAAS,KAAA,EAAO,KAAK,CAAC,CAAC,CAAA;AAAA,MACtE;AAAA,KACF;AAAA,IAEA,IAAA,EAAM;AAAA,MACJ,MAAM,UAAA,GAAa;AACjB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,QAAO,CACP,IAAA,CAAK,WAAW,CAAA,CAChB,KAAA,CAAM,GAAG,WAAA,CAAY,MAAA,EAAQ,IAAI,CAAC,CAAA,CAClC,QAAQ,IAAA,CAAK,WAAA,CAAY,SAAS,CAAC,CAAA;AACtC,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,SAAA,GAAY;AAChB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,GACA,IAAA,CAAK,WAAW,CAAA,CAChB,KAAA,CAAM,EAAA,CAAG,WAAA,CAAY,QAAQ,IAAI,CAAC,EAClC,OAAA,CAAQ,IAAA,CAAK,YAAY,SAAS,CAAC,CAAA,CACnC,KAAA,CAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,EAAA,CAAG,MAAA,CAAO,WAAW,CAAA,CAAE,MAAA,CAAO;AAAA,UAClC,KAAK,KAAA,CAAM,GAAA;AAAA,UACX,KAAK,KAAA,CAAM,GAAA;AAAA,UACX,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,YAAY,KAAA,CAAM,UAAA;AAAA,UAClB,MAAA,EAAQ;AAAA,SACT,CAAA;AACD,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,MAAA,EAAO,CACP,KAAK,WAAW,CAAA,CAChB,KAAA,CAAM,EAAA,CAAG,YAAY,GAAA,EAAK,KAAA,CAAM,GAAG,CAAC,CAAA,CACpC,MAAM,CAAC,CAAA;AACV,QAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,YAAY,GAAA,EAAK;AACrB,QAAA,MAAM,GACH,MAAA,CAAO,WAAW,EAClB,GAAA,CAAI,EAAE,QAAQ,KAAA,EAAO,SAAA,sBAAe,IAAA,EAAK,EAAG,CAAA,CAC5C,KAAA,CAAM,GAAG,WAAA,CAAY,GAAA,EAAK,GAAG,CAAC,CAAA;AAAA,MACnC;AAAA;AACF,GACF;AACF","file":"index.js","sourcesContent":["/**\n * MySQL adapter for @holeauth/plugin-idp.\n *\n * Mirrors the Postgres adapter (`../pg/index.ts`) but maps:\n * - text().array() → json() (driver-side JSON.parse/stringify)\n * - jsonb → json()\n * - timestamp({ withTimezone, mode: 'date' }) → timestamp({ fsp: 3 })\n * - onConflictDoUpdate → onDuplicateKeyUpdate\n * - INSERT/UPDATE … RETURNING → insert/update then re-select\n *\n * The `codes.consume` claim is implemented as a SELECT + conditional UPDATE\n * pair (single-use tokens; the consumedAt timestamp is set only if the row\n * was previously unconsumed and unexpired).\n */\nimport {\n mysqlTable,\n varchar,\n text,\n boolean,\n timestamp,\n json,\n primaryKey,\n index,\n uniqueIndex,\n type MySqlTableWithColumns,\n} from 'drizzle-orm/mysql-core';\nimport { relations, eq, and, sql, desc } from 'drizzle-orm';\nimport type {\n IdpAdapter,\n IdpApp,\n IdpAuthorizationCode,\n IdpConsent,\n IdpRefreshToken,\n IdpSigningKey,\n IdpTeam,\n IdpTeamMember,\n SigningAlg,\n TeamRole,\n AppType,\n} from '@holeauth/plugin-idp';\n\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport type MysqlUsersTable = MySqlTableWithColumns<any> & { id: any };\n\nexport interface CreateIdpTablesOptions<U extends MysqlUsersTable> {\n usersTable: U;\n prefix?: string;\n}\n\nexport function createIdpTables<U extends MysqlUsersTable>(opts: CreateIdpTablesOptions<U>) {\n const { usersTable, prefix = 'holeauth_idp_' } = opts;\n const p = (s: string) => `${prefix}${s}`;\n\n const teams = mysqlTable(p('team'), {\n id: varchar('id', { length: 191 }).primaryKey(),\n name: varchar('name', { length: 255 }).notNull(),\n createdAt: timestamp('created_at', { fsp: 3 }).notNull().defaultNow(),\n });\n\n const teamMembers = mysqlTable(\n p('team_member'),\n {\n teamId: varchar('team_id', { length: 191 })\n .notNull()\n .references(() => teams.id, { onDelete: 'cascade' }),\n userId: varchar('user_id', { length: 191 })\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n role: varchar('role', { length: 32 }).notNull().$type<TeamRole>(),\n addedAt: timestamp('added_at', { fsp: 3 }).notNull().defaultNow(),\n },\n (t) => ({\n pk: primaryKey({ columns: [t.teamId, t.userId] }),\n userIdx: index(`${p('team_member')}_user_idx`).on(t.userId),\n }),\n );\n\n const apps = mysqlTable(\n p('app'),\n {\n id: varchar('id', { length: 191 }).primaryKey(),\n teamId: varchar('team_id', { length: 191 })\n .notNull()\n .references(() => teams.id, { onDelete: 'cascade' }),\n name: varchar('name', { length: 255 }).notNull(),\n description: text('description'),\n logoUrl: text('logo_url'),\n type: varchar('type', { length: 32 }).notNull().$type<AppType>(),\n clientSecretHash: text('client_secret_hash'),\n redirectUris: json('redirect_uris').$type<string[]>().notNull(),\n allowedScopes: json('allowed_scopes').$type<string[]>().notNull(),\n requirePkce: boolean('require_pkce').notNull().default(true),\n createdAt: timestamp('created_at', { fsp: 3 }).notNull().defaultNow(),\n updatedAt: timestamp('updated_at', { fsp: 3 }).notNull().defaultNow(),\n disabledAt: timestamp('disabled_at', { fsp: 3 }),\n },\n (t) => ({\n teamIdx: index(`${p('app')}_team_idx`).on(t.teamId),\n }),\n );\n\n const authorizationCodes = mysqlTable(\n p('authorization_code'),\n {\n codeHash: varchar('code_hash', { length: 191 }).primaryKey(),\n appId: varchar('app_id', { length: 191 })\n .notNull()\n .references(() => apps.id, { onDelete: 'cascade' }),\n userId: varchar('user_id', { length: 191 })\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n redirectUri: text('redirect_uri').notNull(),\n scope: text('scope').notNull(),\n nonce: varchar('nonce', { length: 191 }),\n codeChallenge: varchar('code_challenge', { length: 191 }),\n codeChallengeMethod: varchar('code_challenge_method', { length: 16 }),\n expiresAt: timestamp('expires_at', { fsp: 3 }).notNull(),\n consumedAt: timestamp('consumed_at', { fsp: 3 }),\n },\n (t) => ({\n expiresIdx: index(`${p('authorization_code')}_expires_idx`).on(t.expiresAt),\n }),\n );\n\n const refreshTokens = mysqlTable(\n p('refresh_token'),\n {\n id: varchar('id', { length: 191 }).primaryKey(),\n tokenHash: varchar('token_hash', { length: 191 }).notNull(),\n appId: varchar('app_id', { length: 191 })\n .notNull()\n .references(() => apps.id, { onDelete: 'cascade' }),\n userId: varchar('user_id', { length: 191 })\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n familyId: varchar('family_id', { length: 191 }).notNull(),\n scope: text('scope').notNull(),\n expiresAt: timestamp('expires_at', { fsp: 3 }).notNull(),\n createdAt: timestamp('created_at', { fsp: 3 }).notNull().defaultNow(),\n revokedAt: timestamp('revoked_at', { fsp: 3 }),\n },\n (t) => ({\n hashIdx: uniqueIndex(`${p('refresh_token')}_hash_idx`).on(t.tokenHash),\n familyIdx: index(`${p('refresh_token')}_family_idx`).on(t.familyId),\n userIdx: index(`${p('refresh_token')}_user_idx`).on(t.userId),\n appIdx: index(`${p('refresh_token')}_app_idx`).on(t.appId),\n }),\n );\n\n const consents = mysqlTable(\n p('consent'),\n {\n userId: varchar('user_id', { length: 191 })\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n appId: varchar('app_id', { length: 191 })\n .notNull()\n .references(() => apps.id, { onDelete: 'cascade' }),\n scopesGranted: json('scopes_granted').$type<string[]>().notNull(),\n grantedAt: timestamp('granted_at', { fsp: 3 }).notNull().defaultNow(),\n },\n (t) => ({\n pk: primaryKey({ columns: [t.userId, t.appId] }),\n }),\n );\n\n const signingKeys = mysqlTable(p('signing_key'), {\n kid: varchar('kid', { length: 191 }).primaryKey(),\n alg: varchar('alg', { length: 16 }).notNull().$type<SigningAlg>(),\n publicJwk: json('public_jwk').$type<Record<string, unknown>>().notNull(),\n privateJwk: json('private_jwk').$type<Record<string, unknown>>().notNull(),\n active: boolean('active').notNull().default(true),\n createdAt: timestamp('created_at', { fsp: 3 }).notNull().defaultNow(),\n rotatedAt: timestamp('rotated_at', { fsp: 3 }),\n });\n\n const teamMembersRelations = relations(teamMembers, ({ one }) => ({\n team: one(teams, { fields: [teamMembers.teamId], references: [teams.id] }),\n user: one(usersTable, { fields: [teamMembers.userId], references: [usersTable.id] }),\n }));\n const appsRelations = relations(apps, ({ one }) => ({\n team: one(teams, { fields: [apps.teamId], references: [teams.id] }),\n }));\n\n return {\n tables: {\n teams,\n teamMembers,\n apps,\n authorizationCodes,\n refreshTokens,\n consents,\n signingKeys,\n },\n relations: { teamMembersRelations, appsRelations },\n };\n}\n\n/* ────────────────────────── adapter ────────────────────────── */\n\ntype Tables = ReturnType<typeof createIdpTables>['tables'];\n\nexport interface CreateIdpAdapterOptions {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n db: any;\n tables: Tables;\n generateId?: () => string;\n}\n\nconst appRow = (r: Record<string, unknown>): IdpApp => ({\n id: String(r.id),\n teamId: String(r.teamId),\n name: String(r.name),\n description: (r.description as string | null) ?? null,\n logoUrl: (r.logoUrl as string | null) ?? null,\n type: r.type as AppType,\n clientSecretHash: (r.clientSecretHash as string | null) ?? null,\n redirectUris: (r.redirectUris as string[] | null) ?? [],\n allowedScopes: (r.allowedScopes as string[] | null) ?? [],\n requirePkce: Boolean(r.requirePkce),\n createdAt: r.createdAt as Date,\n updatedAt: r.updatedAt as Date,\n disabledAt: (r.disabledAt as Date | null) ?? null,\n});\n\nconst teamRow = (r: Record<string, unknown>): IdpTeam => ({\n id: String(r.id),\n name: String(r.name),\n createdAt: r.createdAt as Date,\n});\n\nconst memberRow = (r: Record<string, unknown>): IdpTeamMember => ({\n teamId: String(r.teamId),\n userId: String(r.userId),\n role: r.role as TeamRole,\n addedAt: r.addedAt as Date,\n});\n\nconst codeRow = (r: Record<string, unknown>): IdpAuthorizationCode => ({\n codeHash: String(r.codeHash),\n appId: String(r.appId),\n userId: String(r.userId),\n redirectUri: String(r.redirectUri),\n scope: String(r.scope),\n nonce: (r.nonce as string | null) ?? null,\n codeChallenge: (r.codeChallenge as string | null) ?? null,\n codeChallengeMethod: (r.codeChallengeMethod as 'S256' | 'plain' | null) ?? null,\n expiresAt: r.expiresAt as Date,\n consumedAt: (r.consumedAt as Date | null) ?? null,\n});\n\nconst refreshRow = (r: Record<string, unknown>): IdpRefreshToken => ({\n id: String(r.id),\n tokenHash: String(r.tokenHash),\n appId: String(r.appId),\n userId: String(r.userId),\n familyId: String(r.familyId),\n scope: String(r.scope),\n expiresAt: r.expiresAt as Date,\n createdAt: r.createdAt as Date,\n revokedAt: (r.revokedAt as Date | null) ?? null,\n});\n\nconst consentRow = (r: Record<string, unknown>): IdpConsent => ({\n userId: String(r.userId),\n appId: String(r.appId),\n scopesGranted: (r.scopesGranted as string[] | null) ?? [],\n grantedAt: r.grantedAt as Date,\n});\n\nconst keyRow = (r: Record<string, unknown>): IdpSigningKey => ({\n kid: String(r.kid),\n alg: r.alg as SigningAlg,\n publicJwk: r.publicJwk as Record<string, unknown>,\n privateJwk: r.privateJwk as Record<string, unknown>,\n active: Boolean(r.active),\n createdAt: r.createdAt as Date,\n rotatedAt: (r.rotatedAt as Date | null) ?? null,\n});\n\nexport function createIdpAdapter(opts: CreateIdpAdapterOptions): IdpAdapter {\n const { db, tables, generateId = () => crypto.randomUUID() } = opts;\n const { teams, teamMembers, apps, authorizationCodes, refreshTokens, consents, signingKeys } =\n tables;\n\n return {\n teams: {\n async create(input) {\n const id = generateId();\n await db.insert(teams).values({ id, name: input.name });\n await db\n .insert(teamMembers)\n .values({ teamId: id, userId: input.ownerUserId, role: 'owner' });\n const rows = await db.select().from(teams).where(eq(teams.id, id)).limit(1);\n return teamRow(rows[0] as Record<string, unknown>);\n },\n async getById(teamId) {\n const rows = await db.select().from(teams).where(eq(teams.id, teamId)).limit(1);\n if (!rows.length) return null;\n return teamRow(rows[0] as Record<string, unknown>);\n },\n async delete(teamId) {\n await db.delete(teams).where(eq(teams.id, teamId));\n },\n async listForUser(userId) {\n const rows = await db\n .select({\n id: teams.id,\n name: teams.name,\n createdAt: teams.createdAt,\n role: teamMembers.role,\n })\n .from(teamMembers)\n .innerJoin(teams, eq(teamMembers.teamId, teams.id))\n .where(eq(teamMembers.userId, userId));\n return (rows as Record<string, unknown>[]).map((r) => ({\n ...teamRow(r),\n role: r.role as TeamRole,\n }));\n },\n async listMembers(teamId) {\n const rows = await db.select().from(teamMembers).where(eq(teamMembers.teamId, teamId));\n return (rows as Record<string, unknown>[]).map(memberRow);\n },\n async getMembership(teamId, userId) {\n const rows = await db\n .select()\n .from(teamMembers)\n .where(and(eq(teamMembers.teamId, teamId), eq(teamMembers.userId, userId)))\n .limit(1);\n if (!rows.length) return null;\n return memberRow(rows[0] as Record<string, unknown>);\n },\n async addMember(teamId, userId, role) {\n await db\n .insert(teamMembers)\n .values({ teamId, userId, role })\n .onDuplicateKeyUpdate({ set: { role } });\n },\n async removeMember(teamId, userId) {\n await db\n .delete(teamMembers)\n .where(and(eq(teamMembers.teamId, teamId), eq(teamMembers.userId, userId)));\n },\n },\n\n apps: {\n async create(input) {\n await db.insert(apps).values({\n id: input.id,\n teamId: input.teamId,\n name: input.name,\n description: input.description ?? null,\n logoUrl: input.logoUrl ?? null,\n type: input.type,\n clientSecretHash: input.clientSecretHash ?? null,\n redirectUris: input.redirectUris,\n allowedScopes: input.allowedScopes,\n requirePkce: input.requirePkce,\n });\n const rows = await db.select().from(apps).where(eq(apps.id, input.id)).limit(1);\n return appRow(rows[0] as Record<string, unknown>);\n },\n async getById(appId) {\n const rows = await db.select().from(apps).where(eq(apps.id, appId)).limit(1);\n if (!rows.length) return null;\n return appRow(rows[0] as Record<string, unknown>);\n },\n async listAll(_opts) {\n const rows = await db.select().from(apps).orderBy(desc(apps.createdAt));\n return (rows as Record<string, unknown>[]).map(appRow);\n },\n async listForTeam(teamId) {\n const rows = await db\n .select()\n .from(apps)\n .where(eq(apps.teamId, teamId))\n .orderBy(desc(apps.createdAt));\n return (rows as Record<string, unknown>[]).map(appRow);\n },\n async listForUser(userId) {\n const rows = await db\n .select({\n id: apps.id,\n teamId: apps.teamId,\n name: apps.name,\n description: apps.description,\n logoUrl: apps.logoUrl,\n type: apps.type,\n clientSecretHash: apps.clientSecretHash,\n redirectUris: apps.redirectUris,\n allowedScopes: apps.allowedScopes,\n requirePkce: apps.requirePkce,\n createdAt: apps.createdAt,\n updatedAt: apps.updatedAt,\n disabledAt: apps.disabledAt,\n })\n .from(apps)\n .innerJoin(teamMembers, eq(teamMembers.teamId, apps.teamId))\n .where(eq(teamMembers.userId, userId))\n .orderBy(desc(apps.createdAt));\n return (rows as Record<string, unknown>[]).map(appRow);\n },\n async update(appId, patch) {\n const set: Record<string, unknown> = { updatedAt: new Date() };\n if (patch.name !== undefined) set.name = patch.name;\n if (patch.description !== undefined) set.description = patch.description;\n if (patch.logoUrl !== undefined) set.logoUrl = patch.logoUrl;\n if (patch.redirectUris !== undefined) set.redirectUris = patch.redirectUris;\n if (patch.allowedScopes !== undefined) set.allowedScopes = patch.allowedScopes;\n if (patch.requirePkce !== undefined) set.requirePkce = patch.requirePkce;\n if (patch.clientSecretHash !== undefined) set.clientSecretHash = patch.clientSecretHash;\n if (patch.disabledAt !== undefined) set.disabledAt = patch.disabledAt;\n await db.update(apps).set(set).where(eq(apps.id, appId));\n const rows = await db.select().from(apps).where(eq(apps.id, appId)).limit(1);\n return appRow(rows[0] as Record<string, unknown>);\n },\n async delete(appId) {\n await db.delete(apps).where(eq(apps.id, appId));\n },\n },\n\n codes: {\n async create(input) {\n await db.insert(authorizationCodes).values({\n codeHash: input.codeHash,\n appId: input.appId,\n userId: input.userId,\n redirectUri: input.redirectUri,\n scope: input.scope,\n nonce: input.nonce,\n codeChallenge: input.codeChallenge,\n codeChallengeMethod: input.codeChallengeMethod,\n expiresAt: input.expiresAt,\n });\n },\n async consume(codeHash) {\n // MySQL: no RETURNING. Conditional UPDATE then SELECT.\n const now = new Date();\n const result = await db\n .update(authorizationCodes)\n .set({ consumedAt: now })\n .where(\n and(\n eq(authorizationCodes.codeHash, codeHash),\n sql`${authorizationCodes.consumedAt} IS NULL`,\n sql`${authorizationCodes.expiresAt} > NOW(3)`,\n ),\n );\n // mysql2 driver returns { affectedRows } via the array-like result shape.\n // Drizzle wraps it; check both common shapes defensively.\n const affected =\n (result as { affectedRows?: number })?.affectedRows ??\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n (Array.isArray(result) ? (result[0] as any)?.affectedRows : undefined);\n if (!affected) return null;\n const rows = await db\n .select()\n .from(authorizationCodes)\n .where(eq(authorizationCodes.codeHash, codeHash))\n .limit(1);\n if (!rows.length) return null;\n return codeRow(rows[0] as Record<string, unknown>);\n },\n },\n\n refresh: {\n async create(input) {\n await db.insert(refreshTokens).values({\n id: input.id,\n tokenHash: input.tokenHash,\n appId: input.appId,\n userId: input.userId,\n familyId: input.familyId,\n scope: input.scope,\n expiresAt: input.expiresAt,\n });\n const rows = await db\n .select()\n .from(refreshTokens)\n .where(eq(refreshTokens.id, input.id))\n .limit(1);\n return refreshRow(rows[0] as Record<string, unknown>);\n },\n async getByHash(hash) {\n const rows = await db\n .select()\n .from(refreshTokens)\n .where(eq(refreshTokens.tokenHash, hash))\n .limit(1);\n if (!rows.length) return null;\n return refreshRow(rows[0] as Record<string, unknown>);\n },\n async markRevoked(id) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(and(eq(refreshTokens.id, id), sql`${refreshTokens.revokedAt} IS NULL`));\n },\n async revokeFamily(familyId) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(\n and(eq(refreshTokens.familyId, familyId), sql`${refreshTokens.revokedAt} IS NULL`),\n );\n },\n async revokeAllForUser(userId) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(and(eq(refreshTokens.userId, userId), sql`${refreshTokens.revokedAt} IS NULL`));\n },\n async revokeAllForApp(appId) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(and(eq(refreshTokens.appId, appId), sql`${refreshTokens.revokedAt} IS NULL`));\n },\n async listForApp(appId) {\n const rows = await db\n .select()\n .from(refreshTokens)\n .where(eq(refreshTokens.appId, appId))\n .orderBy(desc(refreshTokens.createdAt));\n return (rows as Record<string, unknown>[]).map(refreshRow);\n },\n },\n\n consent: {\n async get(userId, appId) {\n const rows = await db\n .select()\n .from(consents)\n .where(and(eq(consents.userId, userId), eq(consents.appId, appId)))\n .limit(1);\n if (!rows.length) return null;\n return consentRow(rows[0] as Record<string, unknown>);\n },\n async upsert(userId, appId, scopesGranted) {\n await db\n .insert(consents)\n .values({ userId, appId, scopesGranted })\n .onDuplicateKeyUpdate({ set: { scopesGranted, grantedAt: new Date() } });\n },\n async revoke(userId, appId) {\n await db\n .delete(consents)\n .where(and(eq(consents.userId, userId), eq(consents.appId, appId)));\n },\n },\n\n keys: {\n async listActive() {\n const rows = await db\n .select()\n .from(signingKeys)\n .where(eq(signingKeys.active, true))\n .orderBy(desc(signingKeys.createdAt));\n return (rows as Record<string, unknown>[]).map(keyRow);\n },\n async getActive() {\n const rows = await db\n .select()\n .from(signingKeys)\n .where(eq(signingKeys.active, true))\n .orderBy(desc(signingKeys.createdAt))\n .limit(1);\n if (!rows.length) return null;\n return keyRow(rows[0] as Record<string, unknown>);\n },\n async create(input) {\n await db.insert(signingKeys).values({\n kid: input.kid,\n alg: input.alg,\n publicJwk: input.publicJwk,\n privateJwk: input.privateJwk,\n active: true,\n });\n const rows = await db\n .select()\n .from(signingKeys)\n .where(eq(signingKeys.kid, input.kid))\n .limit(1);\n return keyRow(rows[0] as Record<string, unknown>);\n },\n async markRotated(kid) {\n await db\n .update(signingKeys)\n .set({ active: false, rotatedAt: new Date() })\n .where(eq(signingKeys.kid, kid));\n },\n },\n };\n}\n"]}