npm - @holeauth/idp-drizzle - Versions diffs - 0.0.1-alpha.0 → 0.0.2-alpha.0 - Mend

@holeauth/idp-drizzle 0.0.1-alpha.0 → 0.0.2-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/sqlite/index.cjs ADDED Viewed

@@ -0,0 +1,423 @@
+'use strict';
+var sqliteCore = require('drizzle-orm/sqlite-core');
+var drizzleOrm = require('drizzle-orm');
+// src/sqlite/index.ts
+function createIdpTables(opts) {
+  const { usersTable, prefix = "holeauth_idp_" } = opts;
+  const p = (s) => `${prefix}${s}`;
+  const teams = sqliteCore.sqliteTable(p("team"), {
+    id: sqliteCore.text("id").primaryKey(),
+    name: sqliteCore.text("name").notNull(),
+    createdAt: sqliteCore.integer("created_at", { mode: "timestamp_ms" }).notNull().$defaultFn(() => /* @__PURE__ */ new Date())
+  });
+  const teamMembers = sqliteCore.sqliteTable(
+    p("team_member"),
+    {
+      teamId: sqliteCore.text("team_id").notNull().references(() => teams.id, { onDelete: "cascade" }),
+      userId: sqliteCore.text("user_id").notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      role: sqliteCore.text("role").notNull().$type(),
+      addedAt: sqliteCore.integer("added_at", { mode: "timestamp_ms" }).notNull().$defaultFn(() => /* @__PURE__ */ new Date())
+    },
+    (t) => ({
+      pk: sqliteCore.primaryKey({ columns: [t.teamId, t.userId] }),
+      userIdx: sqliteCore.index(`${p("team_member")}_user_idx`).on(t.userId)
+    })
+  );
+  const apps = sqliteCore.sqliteTable(
+    p("app"),
+    {
+      id: sqliteCore.text("id").primaryKey(),
+      teamId: sqliteCore.text("team_id").notNull().references(() => teams.id, { onDelete: "cascade" }),
+      name: sqliteCore.text("name").notNull(),
+      description: sqliteCore.text("description"),
+      logoUrl: sqliteCore.text("logo_url"),
+      type: sqliteCore.text("type").notNull().$type(),
+      clientSecretHash: sqliteCore.text("client_secret_hash"),
+      redirectUris: sqliteCore.text("redirect_uris", { mode: "json" }).$type().notNull(),
+      allowedScopes: sqliteCore.text("allowed_scopes", { mode: "json" }).$type().notNull(),
+      requirePkce: sqliteCore.integer("require_pkce", { mode: "boolean" }).notNull().default(true),
+      createdAt: sqliteCore.integer("created_at", { mode: "timestamp_ms" }).notNull().$defaultFn(() => /* @__PURE__ */ new Date()),
+      updatedAt: sqliteCore.integer("updated_at", { mode: "timestamp_ms" }).notNull().$defaultFn(() => /* @__PURE__ */ new Date()),
+      disabledAt: sqliteCore.integer("disabled_at", { mode: "timestamp_ms" })
+    },
+    (t) => ({
+      teamIdx: sqliteCore.index(`${p("app")}_team_idx`).on(t.teamId)
+    })
+  );
+  const authorizationCodes = sqliteCore.sqliteTable(
+    p("authorization_code"),
+    {
+      codeHash: sqliteCore.text("code_hash").primaryKey(),
+      appId: sqliteCore.text("app_id").notNull().references(() => apps.id, { onDelete: "cascade" }),
+      userId: sqliteCore.text("user_id").notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      redirectUri: sqliteCore.text("redirect_uri").notNull(),
+      scope: sqliteCore.text("scope").notNull(),
+      nonce: sqliteCore.text("nonce"),
+      codeChallenge: sqliteCore.text("code_challenge"),
+      codeChallengeMethod: sqliteCore.text("code_challenge_method"),
+      expiresAt: sqliteCore.integer("expires_at", { mode: "timestamp_ms" }).notNull(),
+      consumedAt: sqliteCore.integer("consumed_at", { mode: "timestamp_ms" })
+    },
+    (t) => ({
+      expiresIdx: sqliteCore.index(`${p("authorization_code")}_expires_idx`).on(t.expiresAt)
+    })
+  );
+  const refreshTokens = sqliteCore.sqliteTable(
+    p("refresh_token"),
+    {
+      id: sqliteCore.text("id").primaryKey(),
+      tokenHash: sqliteCore.text("token_hash").notNull(),
+      appId: sqliteCore.text("app_id").notNull().references(() => apps.id, { onDelete: "cascade" }),
+      userId: sqliteCore.text("user_id").notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      familyId: sqliteCore.text("family_id").notNull(),
+      scope: sqliteCore.text("scope").notNull(),
+      expiresAt: sqliteCore.integer("expires_at", { mode: "timestamp_ms" }).notNull(),
+      createdAt: sqliteCore.integer("created_at", { mode: "timestamp_ms" }).notNull().$defaultFn(() => /* @__PURE__ */ new Date()),
+      revokedAt: sqliteCore.integer("revoked_at", { mode: "timestamp_ms" })
+    },
+    (t) => ({
+      hashIdx: sqliteCore.uniqueIndex(`${p("refresh_token")}_hash_idx`).on(t.tokenHash),
+      familyIdx: sqliteCore.index(`${p("refresh_token")}_family_idx`).on(t.familyId),
+      userIdx: sqliteCore.index(`${p("refresh_token")}_user_idx`).on(t.userId),
+      appIdx: sqliteCore.index(`${p("refresh_token")}_app_idx`).on(t.appId)
+    })
+  );
+  const consents = sqliteCore.sqliteTable(
+    p("consent"),
+    {
+      userId: sqliteCore.text("user_id").notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      appId: sqliteCore.text("app_id").notNull().references(() => apps.id, { onDelete: "cascade" }),
+      scopesGranted: sqliteCore.text("scopes_granted", { mode: "json" }).$type().notNull(),
+      grantedAt: sqliteCore.integer("granted_at", { mode: "timestamp_ms" }).notNull().$defaultFn(() => /* @__PURE__ */ new Date())
+    },
+    (t) => ({
+      pk: sqliteCore.primaryKey({ columns: [t.userId, t.appId] })
+    })
+  );
+  const signingKeys = sqliteCore.sqliteTable(p("signing_key"), {
+    kid: sqliteCore.text("kid").primaryKey(),
+    alg: sqliteCore.text("alg").notNull().$type(),
+    publicJwk: sqliteCore.text("public_jwk", { mode: "json" }).$type().notNull(),
+    privateJwk: sqliteCore.text("private_jwk", { mode: "json" }).$type().notNull(),
+    active: sqliteCore.integer("active", { mode: "boolean" }).notNull().default(true),
+    createdAt: sqliteCore.integer("created_at", { mode: "timestamp_ms" }).notNull().$defaultFn(() => /* @__PURE__ */ new Date()),
+    rotatedAt: sqliteCore.integer("rotated_at", { mode: "timestamp_ms" })
+  });
+  const teamMembersRelations = drizzleOrm.relations(teamMembers, ({ one }) => ({
+    team: one(teams, { fields: [teamMembers.teamId], references: [teams.id] }),
+    user: one(usersTable, { fields: [teamMembers.userId], references: [usersTable.id] })
+  }));
+  const appsRelations = drizzleOrm.relations(apps, ({ one }) => ({
+    team: one(teams, { fields: [apps.teamId], references: [teams.id] })
+  }));
+  return {
+    tables: {
+      teams,
+      teamMembers,
+      apps,
+      authorizationCodes,
+      refreshTokens,
+      consents,
+      signingKeys
+    },
+    relations: { teamMembersRelations, appsRelations }
+  };
+}
+var appRow = (r) => ({
+  id: String(r.id),
+  teamId: String(r.teamId),
+  name: String(r.name),
+  description: r.description ?? null,
+  logoUrl: r.logoUrl ?? null,
+  type: r.type,
+  clientSecretHash: r.clientSecretHash ?? null,
+  redirectUris: r.redirectUris ?? [],
+  allowedScopes: r.allowedScopes ?? [],
+  requirePkce: Boolean(r.requirePkce),
+  createdAt: r.createdAt,
+  updatedAt: r.updatedAt,
+  disabledAt: r.disabledAt ?? null
+});
+var teamRow = (r) => ({
+  id: String(r.id),
+  name: String(r.name),
+  createdAt: r.createdAt
+});
+var memberRow = (r) => ({
+  teamId: String(r.teamId),
+  userId: String(r.userId),
+  role: r.role,
+  addedAt: r.addedAt
+});
+var codeRow = (r) => ({
+  codeHash: String(r.codeHash),
+  appId: String(r.appId),
+  userId: String(r.userId),
+  redirectUri: String(r.redirectUri),
+  scope: String(r.scope),
+  nonce: r.nonce ?? null,
+  codeChallenge: r.codeChallenge ?? null,
+  codeChallengeMethod: r.codeChallengeMethod ?? null,
+  expiresAt: r.expiresAt,
+  consumedAt: r.consumedAt ?? null
+});
+var refreshRow = (r) => ({
+  id: String(r.id),
+  tokenHash: String(r.tokenHash),
+  appId: String(r.appId),
+  userId: String(r.userId),
+  familyId: String(r.familyId),
+  scope: String(r.scope),
+  expiresAt: r.expiresAt,
+  createdAt: r.createdAt,
+  revokedAt: r.revokedAt ?? null
+});
+var consentRow = (r) => ({
+  userId: String(r.userId),
+  appId: String(r.appId),
+  scopesGranted: r.scopesGranted ?? [],
+  grantedAt: r.grantedAt
+});
+var keyRow = (r) => ({
+  kid: String(r.kid),
+  alg: r.alg,
+  publicJwk: r.publicJwk,
+  privateJwk: r.privateJwk,
+  active: Boolean(r.active),
+  createdAt: r.createdAt,
+  rotatedAt: r.rotatedAt ?? null
+});
+function createIdpAdapter(opts) {
+  const { db, tables, generateId = () => crypto.randomUUID() } = opts;
+  const { teams, teamMembers, apps, authorizationCodes, refreshTokens, consents, signingKeys } = tables;
+  return {
+    teams: {
+      async create(input) {
+        const id = generateId();
+        const now = /* @__PURE__ */ new Date();
+        await db.insert(teams).values({ id, name: input.name, createdAt: now });
+        await db.insert(teamMembers).values({ teamId: id, userId: input.ownerUserId, role: "owner", addedAt: now });
+        const rows = await db.select().from(teams).where(drizzleOrm.eq(teams.id, id)).limit(1);
+        return teamRow(rows[0]);
+      },
+      async getById(teamId) {
+        const rows = await db.select().from(teams).where(drizzleOrm.eq(teams.id, teamId)).limit(1);
+        if (!rows.length) return null;
+        return teamRow(rows[0]);
+      },
+      async delete(teamId) {
+        await db.delete(teams).where(drizzleOrm.eq(teams.id, teamId));
+      },
+      async listForUser(userId) {
+        const rows = await db.select({
+          id: teams.id,
+          name: teams.name,
+          createdAt: teams.createdAt,
+          role: teamMembers.role
+        }).from(teamMembers).innerJoin(teams, drizzleOrm.eq(teamMembers.teamId, teams.id)).where(drizzleOrm.eq(teamMembers.userId, userId));
+        return rows.map((r) => ({
+          ...teamRow(r),
+          role: r.role
+        }));
+      },
+      async listMembers(teamId) {
+        const rows = await db.select().from(teamMembers).where(drizzleOrm.eq(teamMembers.teamId, teamId));
+        return rows.map(memberRow);
+      },
+      async getMembership(teamId, userId) {
+        const rows = await db.select().from(teamMembers).where(drizzleOrm.and(drizzleOrm.eq(teamMembers.teamId, teamId), drizzleOrm.eq(teamMembers.userId, userId))).limit(1);
+        if (!rows.length) return null;
+        return memberRow(rows[0]);
+      },
+      async addMember(teamId, userId, role) {
+        await db.insert(teamMembers).values({ teamId, userId, role }).onConflictDoUpdate({
+          target: [teamMembers.teamId, teamMembers.userId],
+          set: { role }
+        });
+      },
+      async removeMember(teamId, userId) {
+        await db.delete(teamMembers).where(drizzleOrm.and(drizzleOrm.eq(teamMembers.teamId, teamId), drizzleOrm.eq(teamMembers.userId, userId)));
+      }
+    },
+    apps: {
+      async create(input) {
+        const now = /* @__PURE__ */ new Date();
+        await db.insert(apps).values({
+          id: input.id,
+          teamId: input.teamId,
+          name: input.name,
+          description: input.description ?? null,
+          logoUrl: input.logoUrl ?? null,
+          type: input.type,
+          clientSecretHash: input.clientSecretHash ?? null,
+          redirectUris: input.redirectUris,
+          allowedScopes: input.allowedScopes,
+          requirePkce: input.requirePkce,
+          createdAt: now,
+          updatedAt: now
+        });
+        const rows = await db.select().from(apps).where(drizzleOrm.eq(apps.id, input.id)).limit(1);
+        return appRow(rows[0]);
+      },
+      async getById(appId) {
+        const rows = await db.select().from(apps).where(drizzleOrm.eq(apps.id, appId)).limit(1);
+        if (!rows.length) return null;
+        return appRow(rows[0]);
+      },
+      async listAll(_opts) {
+        const rows = await db.select().from(apps).orderBy(drizzleOrm.desc(apps.createdAt));
+        return rows.map(appRow);
+      },
+      async listForTeam(teamId) {
+        const rows = await db.select().from(apps).where(drizzleOrm.eq(apps.teamId, teamId)).orderBy(drizzleOrm.desc(apps.createdAt));
+        return rows.map(appRow);
+      },
+      async listForUser(userId) {
+        const rows = await db.select({
+          id: apps.id,
+          teamId: apps.teamId,
+          name: apps.name,
+          description: apps.description,
+          logoUrl: apps.logoUrl,
+          type: apps.type,
+          clientSecretHash: apps.clientSecretHash,
+          redirectUris: apps.redirectUris,
+          allowedScopes: apps.allowedScopes,
+          requirePkce: apps.requirePkce,
+          createdAt: apps.createdAt,
+          updatedAt: apps.updatedAt,
+          disabledAt: apps.disabledAt
+        }).from(apps).innerJoin(teamMembers, drizzleOrm.eq(teamMembers.teamId, apps.teamId)).where(drizzleOrm.eq(teamMembers.userId, userId)).orderBy(drizzleOrm.desc(apps.createdAt));
+        return rows.map(appRow);
+      },
+      async update(appId, patch) {
+        const set = { updatedAt: /* @__PURE__ */ new Date() };
+        if (patch.name !== void 0) set.name = patch.name;
+        if (patch.description !== void 0) set.description = patch.description;
+        if (patch.logoUrl !== void 0) set.logoUrl = patch.logoUrl;
+        if (patch.redirectUris !== void 0) set.redirectUris = patch.redirectUris;
+        if (patch.allowedScopes !== void 0) set.allowedScopes = patch.allowedScopes;
+        if (patch.requirePkce !== void 0) set.requirePkce = patch.requirePkce;
+        if (patch.clientSecretHash !== void 0) set.clientSecretHash = patch.clientSecretHash;
+        if (patch.disabledAt !== void 0) set.disabledAt = patch.disabledAt;
+        await db.update(apps).set(set).where(drizzleOrm.eq(apps.id, appId));
+        const rows = await db.select().from(apps).where(drizzleOrm.eq(apps.id, appId)).limit(1);
+        return appRow(rows[0]);
+      },
+      async delete(appId) {
+        await db.delete(apps).where(drizzleOrm.eq(apps.id, appId));
+      }
+    },
+    codes: {
+      async create(input) {
+        await db.insert(authorizationCodes).values({
+          codeHash: input.codeHash,
+          appId: input.appId,
+          userId: input.userId,
+          redirectUri: input.redirectUri,
+          scope: input.scope,
+          nonce: input.nonce,
+          codeChallenge: input.codeChallenge,
+          codeChallengeMethod: input.codeChallengeMethod,
+          expiresAt: input.expiresAt
+        });
+      },
+      async consume(codeHash) {
+        const now = /* @__PURE__ */ new Date();
+        const rows = await db.update(authorizationCodes).set({ consumedAt: now }).where(
+          drizzleOrm.and(
+            drizzleOrm.eq(authorizationCodes.codeHash, codeHash),
+            drizzleOrm.sql`${authorizationCodes.consumedAt} IS NULL`,
+            drizzleOrm.gt(authorizationCodes.expiresAt, now)
+          )
+        ).returning();
+        if (!rows.length) return null;
+        return codeRow(rows[0]);
+      }
+    },
+    refresh: {
+      async create(input) {
+        const [row] = await db.insert(refreshTokens).values({
+          id: input.id,
+          tokenHash: input.tokenHash,
+          appId: input.appId,
+          userId: input.userId,
+          familyId: input.familyId,
+          scope: input.scope,
+          expiresAt: input.expiresAt
+        }).returning();
+        return refreshRow(row);
+      },
+      async getByHash(hash) {
+        const rows = await db.select().from(refreshTokens).where(drizzleOrm.eq(refreshTokens.tokenHash, hash)).limit(1);
+        if (!rows.length) return null;
+        return refreshRow(rows[0]);
+      },
+      async markRevoked(id) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(drizzleOrm.and(drizzleOrm.eq(refreshTokens.id, id), drizzleOrm.sql`${refreshTokens.revokedAt} IS NULL`));
+      },
+      async revokeFamily(familyId) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(
+          drizzleOrm.and(drizzleOrm.eq(refreshTokens.familyId, familyId), drizzleOrm.sql`${refreshTokens.revokedAt} IS NULL`)
+        );
+      },
+      async revokeAllForUser(userId) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(drizzleOrm.and(drizzleOrm.eq(refreshTokens.userId, userId), drizzleOrm.sql`${refreshTokens.revokedAt} IS NULL`));
+      },
+      async revokeAllForApp(appId) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(drizzleOrm.and(drizzleOrm.eq(refreshTokens.appId, appId), drizzleOrm.sql`${refreshTokens.revokedAt} IS NULL`));
+      },
+      async listForApp(appId) {
+        const rows = await db.select().from(refreshTokens).where(drizzleOrm.eq(refreshTokens.appId, appId)).orderBy(drizzleOrm.desc(refreshTokens.createdAt));
+        return rows.map(refreshRow);
+      }
+    },
+    consent: {
+      async get(userId, appId) {
+        const rows = await db.select().from(consents).where(drizzleOrm.and(drizzleOrm.eq(consents.userId, userId), drizzleOrm.eq(consents.appId, appId))).limit(1);
+        if (!rows.length) return null;
+        return consentRow(rows[0]);
+      },
+      async upsert(userId, appId, scopesGranted) {
+        await db.insert(consents).values({ userId, appId, scopesGranted }).onConflictDoUpdate({
+          target: [consents.userId, consents.appId],
+          set: { scopesGranted, grantedAt: /* @__PURE__ */ new Date() }
+        });
+      },
+      async revoke(userId, appId) {
+        await db.delete(consents).where(drizzleOrm.and(drizzleOrm.eq(consents.userId, userId), drizzleOrm.eq(consents.appId, appId)));
+      }
+    },
+    keys: {
+      async listActive() {
+        const rows = await db.select().from(signingKeys).where(drizzleOrm.eq(signingKeys.active, true)).orderBy(drizzleOrm.desc(signingKeys.createdAt));
+        return rows.map(keyRow);
+      },
+      async getActive() {
+        const rows = await db.select().from(signingKeys).where(drizzleOrm.eq(signingKeys.active, true)).orderBy(drizzleOrm.desc(signingKeys.createdAt)).limit(1);
+        if (!rows.length) return null;
+        return keyRow(rows[0]);
+      },
+      async create(input) {
+        const [row] = await db.insert(signingKeys).values({
+          kid: input.kid,
+          alg: input.alg,
+          publicJwk: input.publicJwk,
+          privateJwk: input.privateJwk,
+          active: true
+        }).returning();
+        return keyRow(row);
+      },
+      async markRotated(kid) {
+        await db.update(signingKeys).set({ active: false, rotatedAt: /* @__PURE__ */ new Date() }).where(drizzleOrm.eq(signingKeys.kid, kid));
+      }
+    }
+  };
+}
+exports.createIdpAdapter = createIdpAdapter;
+exports.createIdpTables = createIdpTables;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/sqlite/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/sqlite/index.ts"],"names":["sqliteTable","text","integer","primaryKey","index","uniqueIndex","relations","eq","and","desc","sql","gt"],"mappings":";;;;;;AA8CO,SAAS,gBAA4C,IAAA,EAAiC;AAC3F,EAAA,MAAM,EAAE,UAAA,EAAY,MAAA,GAAS,eAAA,EAAgB,GAAI,IAAA;AACjD,EAAA,MAAM,IAAI,CAAC,CAAA,KAAc,CAAA,EAAG,MAAM,GAAG,CAAC,CAAA,CAAA;AAEtC,EAAA,MAAM,KAAA,GAAQA,sBAAA,CAAY,CAAA,CAAE,MAAM,CAAA,EAAG;AAAA,IACnC,EAAA,EAAIC,eAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,IAC1B,IAAA,EAAMA,eAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,IAC3B,SAAA,EAAWC,kBAAA,CAAQ,YAAA,EAAc,EAAE,MAAM,cAAA,EAAgB,CAAA,CACtD,OAAA,EAAQ,CACR,UAAA,CAAW,sBAAM,IAAI,MAAM;AAAA,GAC/B,CAAA;AAED,EAAA,MAAM,WAAA,GAAcF,sBAAA;AAAA,IAClB,EAAE,aAAa,CAAA;AAAA,IACf;AAAA,MACE,MAAA,EAAQC,eAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACrD,MAAA,EAAQA,eAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,UAAA,CAAW,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,MAAMA,eAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,KAAA,EAAgB;AAAA,MAC7C,OAAA,EAASC,kBAAA,CAAQ,UAAA,EAAY,EAAE,MAAM,cAAA,EAAgB,CAAA,CAClD,OAAA,EAAQ,CACR,UAAA,CAAW,sBAAM,IAAI,MAAM;AAAA,KAChC;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,EAAA,EAAIC,qBAAA,CAAW,EAAE,OAAA,EAAS,CAAC,EAAE,MAAA,EAAQ,CAAA,CAAE,MAAM,CAAA,EAAG,CAAA;AAAA,MAChD,OAAA,EAASC,gBAAA,CAAM,CAAA,EAAG,CAAA,CAAE,aAAa,CAAC,CAAA,SAAA,CAAW,CAAA,CAAE,EAAA,CAAG,CAAA,CAAE,MAAM;AAAA,KAC5D;AAAA,GACF;AAEA,EAAA,MAAM,IAAA,GAAOJ,sBAAA;AAAA,IACX,EAAE,KAAK,CAAA;AAAA,IACP;AAAA,MACE,EAAA,EAAIC,eAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,MAC1B,MAAA,EAAQA,eAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACrD,IAAA,EAAMA,eAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,MAC3B,WAAA,EAAaA,gBAAK,aAAa,CAAA;AAAA,MAC/B,OAAA,EAASA,gBAAK,UAAU,CAAA;AAAA,MACxB,MAAMA,eAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,KAAA,EAAe;AAAA,MAC5C,gBAAA,EAAkBA,gBAAK,oBAAoB,CAAA;AAAA,MAC3C,YAAA,EAAcA,eAAA,CAAK,eAAA,EAAiB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,KAAA,EAAgB,CAAE,OAAA,EAAQ;AAAA,MAChF,aAAA,EAAeA,eAAA,CAAK,gBAAA,EAAkB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,KAAA,EAAgB,CAAE,OAAA,EAAQ;AAAA,MAClF,WAAA,EAAaC,kBAAA,CAAQ,cAAA,EAAgB,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,IAAI,CAAA;AAAA,MAChF,SAAA,EAAWA,kBAAA,CAAQ,YAAA,EAAc,EAAE,MAAM,cAAA,EAAgB,CAAA,CACtD,OAAA,EAAQ,CACR,UAAA,CAAW,sBAAM,IAAI,MAAM,CAAA;AAAA,MAC9B,SAAA,EAAWA,kBAAA,CAAQ,YAAA,EAAc,EAAE,MAAM,cAAA,EAAgB,CAAA,CACtD,OAAA,EAAQ,CACR,UAAA,CAAW,sBAAM,IAAI,MAAM,CAAA;AAAA,MAC9B,YAAYA,kBAAA,CAAQ,aAAA,EAAe,EAAE,IAAA,EAAM,gBAAgB;AAAA,KAC7D;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,OAAA,EAASE,gBAAA,CAAM,CAAA,EAAG,CAAA,CAAE,KAAK,CAAC,CAAA,SAAA,CAAW,CAAA,CAAE,EAAA,CAAG,CAAA,CAAE,MAAM;AAAA,KACpD;AAAA,GACF;AAEA,EAAA,MAAM,kBAAA,GAAqBJ,sBAAA;AAAA,IACzB,EAAE,oBAAoB,CAAA;AAAA,IACtB;AAAA,MACE,QAAA,EAAUC,eAAA,CAAK,WAAW,CAAA,CAAE,UAAA,EAAW;AAAA,MACvC,KAAA,EAAOA,eAAA,CAAK,QAAQ,CAAA,CACjB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,IAAA,CAAK,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACpD,MAAA,EAAQA,eAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,UAAA,CAAW,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,WAAA,EAAaA,eAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,MAC1C,KAAA,EAAOA,eAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,MAC7B,KAAA,EAAOA,gBAAK,OAAO,CAAA;AAAA,MACnB,aAAA,EAAeA,gBAAK,gBAAgB,CAAA;AAAA,MACpC,mBAAA,EAAqBA,gBAAK,uBAAuB,CAAA;AAAA,MACjD,SAAA,EAAWC,mBAAQ,YAAA,EAAc,EAAE,MAAM,cAAA,EAAgB,EAAE,OAAA,EAAQ;AAAA,MACnE,YAAYA,kBAAA,CAAQ,aAAA,EAAe,EAAE,IAAA,EAAM,gBAAgB;AAAA,KAC7D;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,UAAA,EAAYE,gBAAA,CAAM,CAAA,EAAG,CAAA,CAAE,oBAAoB,CAAC,CAAA,YAAA,CAAc,CAAA,CAAE,EAAA,CAAG,CAAA,CAAE,SAAS;AAAA,KAC5E;AAAA,GACF;AAEA,EAAA,MAAM,aAAA,GAAgBJ,sBAAA;AAAA,IACpB,EAAE,eAAe,CAAA;AAAA,IACjB;AAAA,MACE,EAAA,EAAIC,eAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,MAC1B,SAAA,EAAWA,eAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,MACtC,KAAA,EAAOA,eAAA,CAAK,QAAQ,CAAA,CACjB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,IAAA,CAAK,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACpD,MAAA,EAAQA,eAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,UAAA,CAAW,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,QAAA,EAAUA,eAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,MACpC,KAAA,EAAOA,eAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,MAC7B,SAAA,EAAWC,mBAAQ,YAAA,EAAc,EAAE,MAAM,cAAA,EAAgB,EAAE,OAAA,EAAQ;AAAA,MACnE,SAAA,EAAWA,kBAAA,CAAQ,YAAA,EAAc,EAAE,MAAM,cAAA,EAAgB,CAAA,CACtD,OAAA,EAAQ,CACR,UAAA,CAAW,sBAAM,IAAI,MAAM,CAAA;AAAA,MAC9B,WAAWA,kBAAA,CAAQ,YAAA,EAAc,EAAE,IAAA,EAAM,gBAAgB;AAAA,KAC3D;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,OAAA,EAASG,sBAAA,CAAY,CAAA,EAAG,CAAA,CAAE,eAAe,CAAC,CAAA,SAAA,CAAW,CAAA,CAAE,EAAA,CAAG,CAAA,CAAE,SAAS,CAAA;AAAA,MACrE,SAAA,EAAWD,gBAAA,CAAM,CAAA,EAAG,CAAA,CAAE,eAAe,CAAC,CAAA,WAAA,CAAa,CAAA,CAAE,EAAA,CAAG,CAAA,CAAE,QAAQ,CAAA;AAAA,MAClE,OAAA,EAASA,gBAAA,CAAM,CAAA,EAAG,CAAA,CAAE,eAAe,CAAC,CAAA,SAAA,CAAW,CAAA,CAAE,EAAA,CAAG,CAAA,CAAE,MAAM,CAAA;AAAA,MAC5D,MAAA,EAAQA,gBAAA,CAAM,CAAA,EAAG,CAAA,CAAE,eAAe,CAAC,CAAA,QAAA,CAAU,CAAA,CAAE,EAAA,CAAG,CAAA,CAAE,KAAK;AAAA,KAC3D;AAAA,GACF;AAEA,EAAA,MAAM,QAAA,GAAWJ,sBAAA;AAAA,IACf,EAAE,SAAS,CAAA;AAAA,IACX;AAAA,MACE,MAAA,EAAQC,eAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,UAAA,CAAW,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,KAAA,EAAOA,eAAA,CAAK,QAAQ,CAAA,CACjB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,IAAA,CAAK,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACpD,aAAA,EAAeA,eAAA,CAAK,gBAAA,EAAkB,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,KAAA,EAAgB,CAAE,OAAA,EAAQ;AAAA,MAClF,SAAA,EAAWC,kBAAA,CAAQ,YAAA,EAAc,EAAE,MAAM,cAAA,EAAgB,CAAA,CACtD,OAAA,EAAQ,CACR,UAAA,CAAW,sBAAM,IAAI,MAAM;AAAA,KAChC;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,EAAA,EAAIC,qBAAA,CAAW,EAAE,OAAA,EAAS,CAAC,EAAE,MAAA,EAAQ,CAAA,CAAE,KAAK,CAAA,EAAG;AAAA,KACjD;AAAA,GACF;AAEA,EAAA,MAAM,WAAA,GAAcH,sBAAA,CAAY,CAAA,CAAE,aAAa,CAAA,EAAG;AAAA,IAChD,GAAA,EAAKC,eAAA,CAAK,KAAK,CAAA,CAAE,UAAA,EAAW;AAAA,IAC5B,KAAKA,eAAA,CAAK,KAAK,CAAA,CAAE,OAAA,GAAU,KAAA,EAAkB;AAAA,IAC7C,SAAA,EAAWA,eAAA,CAAK,YAAA,EAAc,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,KAAA,EAA+B,CAAE,OAAA,EAAQ;AAAA,IACzF,UAAA,EAAYA,eAAA,CAAK,aAAA,EAAe,EAAE,IAAA,EAAM,QAAQ,CAAA,CAAE,KAAA,EAA+B,CAAE,OAAA,EAAQ;AAAA,IAC3F,MAAA,EAAQC,kBAAA,CAAQ,QAAA,EAAU,EAAE,IAAA,EAAM,SAAA,EAAW,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,IAAI,CAAA;AAAA,IACrE,SAAA,EAAWA,kBAAA,CAAQ,YAAA,EAAc,EAAE,MAAM,cAAA,EAAgB,CAAA,CACtD,OAAA,EAAQ,CACR,UAAA,CAAW,sBAAM,IAAI,MAAM,CAAA;AAAA,IAC9B,WAAWA,kBAAA,CAAQ,YAAA,EAAc,EAAE,IAAA,EAAM,gBAAgB;AAAA,GAC1D,CAAA;AAED,EAAA,MAAM,uBAAuBI,oBAAA,CAAU,WAAA,EAAa,CAAC,EAAE,KAAI,MAAO;AAAA,IAChE,IAAA,EAAM,GAAA,CAAI,KAAA,EAAO,EAAE,QAAQ,CAAC,WAAA,CAAY,MAAM,CAAA,EAAG,UAAA,EAAY,CAAC,KAAA,CAAM,EAAE,GAAG,CAAA;AAAA,IACzE,IAAA,EAAM,GAAA,CAAI,UAAA,EAAY,EAAE,QAAQ,CAAC,WAAA,CAAY,MAAM,CAAA,EAAG,UAAA,EAAY,CAAC,UAAA,CAAW,EAAE,GAAG;AAAA,GACrF,CAAE,CAAA;AACF,EAAA,MAAM,gBAAgBA,oBAAA,CAAU,IAAA,EAAM,CAAC,EAAE,KAAI,MAAO;AAAA,IAClD,IAAA,EAAM,GAAA,CAAI,KAAA,EAAO,EAAE,QAAQ,CAAC,IAAA,CAAK,MAAM,CAAA,EAAG,UAAA,EAAY,CAAC,KAAA,CAAM,EAAE,GAAG;AAAA,GACpE,CAAE,CAAA;AAEF,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ;AAAA,MACN,KAAA;AAAA,MACA,WAAA;AAAA,MACA,IAAA;AAAA,MACA,kBAAA;AAAA,MACA,aAAA;AAAA,MACA,QAAA;AAAA,MACA;AAAA,KACF;AAAA,IACA,SAAA,EAAW,EAAE,oBAAA,EAAsB,aAAA;AAAc,GACnD;AACF;AAaA,IAAM,MAAA,GAAS,CAAC,CAAA,MAAwC;AAAA,EACtD,EAAA,EAAI,MAAA,CAAO,CAAA,CAAE,EAAE,CAAA;AAAA,EACf,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,IAAA,EAAM,MAAA,CAAO,CAAA,CAAE,IAAI,CAAA;AAAA,EACnB,WAAA,EAAc,EAAE,WAAA,IAAiC,IAAA;AAAA,EACjD,OAAA,EAAU,EAAE,OAAA,IAA6B,IAAA;AAAA,EACzC,MAAM,CAAA,CAAE,IAAA;AAAA,EACR,gBAAA,EAAmB,EAAE,gBAAA,IAAsC,IAAA;AAAA,EAC3D,YAAA,EAAe,CAAA,CAAE,YAAA,IAAoC,EAAC;AAAA,EACtD,aAAA,EAAgB,CAAA,CAAE,aAAA,IAAqC,EAAC;AAAA,EACxD,WAAA,EAAa,OAAA,CAAQ,CAAA,CAAE,WAAW,CAAA;AAAA,EAClC,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,UAAA,EAAa,EAAE,UAAA,IAA8B;AAC/C,CAAA,CAAA;AAEA,IAAM,OAAA,GAAU,CAAC,CAAA,MAAyC;AAAA,EACxD,EAAA,EAAI,MAAA,CAAO,CAAA,CAAE,EAAE,CAAA;AAAA,EACf,IAAA,EAAM,MAAA,CAAO,CAAA,CAAE,IAAI,CAAA;AAAA,EACnB,WAAW,CAAA,CAAE;AACf,CAAA,CAAA;AAEA,IAAM,SAAA,GAAY,CAAC,CAAA,MAA+C;AAAA,EAChE,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,MAAM,CAAA,CAAE,IAAA;AAAA,EACR,SAAS,CAAA,CAAE;AACb,CAAA,CAAA;AAEA,IAAM,OAAA,GAAU,CAAC,CAAA,MAAsD;AAAA,EACrE,QAAA,EAAU,MAAA,CAAO,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC3B,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,WAAA,EAAa,MAAA,CAAO,CAAA,CAAE,WAAW,CAAA;AAAA,EACjC,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,KAAA,EAAQ,EAAE,KAAA,IAA2B,IAAA;AAAA,EACrC,aAAA,EAAgB,EAAE,aAAA,IAAmC,IAAA;AAAA,EACrD,mBAAA,EAAsB,EAAE,mBAAA,IAAmD,IAAA;AAAA,EAC3E,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,UAAA,EAAa,EAAE,UAAA,IAA8B;AAC/C,CAAA,CAAA;AAEA,IAAM,UAAA,GAAa,CAAC,CAAA,MAAiD;AAAA,EACnE,EAAA,EAAI,MAAA,CAAO,CAAA,CAAE,EAAE,CAAA;AAAA,EACf,SAAA,EAAW,MAAA,CAAO,CAAA,CAAE,SAAS,CAAA;AAAA,EAC7B,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,QAAA,EAAU,MAAA,CAAO,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC3B,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,SAAA,EAAY,EAAE,SAAA,IAA6B;AAC7C,CAAA,CAAA;AAEA,IAAM,UAAA,GAAa,CAAC,CAAA,MAA4C;AAAA,EAC9D,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,aAAA,EAAgB,CAAA,CAAE,aAAA,IAAqC,EAAC;AAAA,EACxD,WAAW,CAAA,CAAE;AACf,CAAA,CAAA;AAEA,IAAM,MAAA,GAAS,CAAC,CAAA,MAA+C;AAAA,EAC7D,GAAA,EAAK,MAAA,CAAO,CAAA,CAAE,GAAG,CAAA;AAAA,EACjB,KAAK,CAAA,CAAE,GAAA;AAAA,EACP,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,YAAY,CAAA,CAAE,UAAA;AAAA,EACd,MAAA,EAAQ,OAAA,CAAQ,CAAA,CAAE,MAAM,CAAA;AAAA,EACxB,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,SAAA,EAAY,EAAE,SAAA,IAA6B;AAC7C,CAAA,CAAA;AAEO,SAAS,iBAAiB,IAAA,EAA2C;AAC1E,EAAA,MAAM,EAAE,IAAI,MAAA,EAAQ,UAAA,GAAa,MAAM,MAAA,CAAO,UAAA,IAAa,GAAI,IAAA;AAC/D,EAAA,MAAM,EAAE,OAAO,WAAA,EAAa,IAAA,EAAM,oBAAoB,aAAA,EAAe,QAAA,EAAU,aAAY,GACzF,MAAA;AAEF,EAAA,OAAO;AAAA,IACL,KAAA,EAAO;AAAA,MACL,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,KAAK,UAAA,EAAW;AACtB,QAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AACrB,QAAA,MAAM,EAAA,CAAG,MAAA,CAAO,KAAK,CAAA,CAAE,MAAA,CAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,CAAM,IAAA,EAAM,SAAA,EAAW,GAAA,EAAK,CAAA;AACtE,QAAA,MAAM,EAAA,CACH,MAAA,CAAO,WAAW,CAAA,CAClB,OAAO,EAAE,MAAA,EAAQ,EAAA,EAAI,MAAA,EAAQ,MAAM,WAAA,EAAa,IAAA,EAAM,OAAA,EAAS,OAAA,EAAS,KAAK,CAAA;AAChF,QAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,KAAK,CAAA,CAAE,KAAA,CAAMC,aAAA,CAAG,MAAM,EAAA,EAAI,EAAE,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AAC1E,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACnD,CAAA;AAAA,MACA,MAAM,QAAQ,MAAA,EAAQ;AACpB,QAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,KAAK,CAAA,CAAE,KAAA,CAAMA,aAAA,CAAG,MAAM,EAAA,EAAI,MAAM,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AAC9E,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACnD,CAAA;AAAA,MACA,MAAM,OAAO,MAAA,EAAQ;AACnB,QAAA,MAAM,EAAA,CAAG,OAAO,KAAK,CAAA,CAAE,MAAMA,aAAA,CAAG,KAAA,CAAM,EAAA,EAAI,MAAM,CAAC,CAAA;AAAA,MACnD,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,CAAO;AAAA,UACN,IAAI,KAAA,CAAM,EAAA;AAAA,UACV,MAAM,KAAA,CAAM,IAAA;AAAA,UACZ,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,MAAM,WAAA,CAAY;AAAA,SACnB,CAAA,CACA,IAAA,CAAK,WAAW,CAAA,CAChB,SAAA,CAAU,OAAOA,aAAA,CAAG,WAAA,CAAY,QAAQ,KAAA,CAAM,EAAE,CAAC,CAAA,CACjD,KAAA,CAAMA,cAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAA;AACvC,QAAA,OAAQ,IAAA,CAAmC,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,UACrD,GAAG,QAAQ,CAAC,CAAA;AAAA,UACZ,MAAM,CAAA,CAAE;AAAA,SACV,CAAE,CAAA;AAAA,MACJ,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,IAAA,CAAK,WAAW,CAAA,CAAE,KAAA,CAAMA,aAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAA;AACrF,QAAA,OAAQ,IAAA,CAAmC,IAAI,SAAS,CAAA;AAAA,MAC1D,CAAA;AAAA,MACA,MAAM,aAAA,CAAc,MAAA,EAAQ,MAAA,EAAQ;AAClC,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,GACA,IAAA,CAAK,WAAW,CAAA,CAChB,KAAA,CAAMC,cAAA,CAAID,aAAA,CAAG,YAAY,MAAA,EAAQ,MAAM,CAAA,EAAGA,aAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAC,CAAA,CACzE,KAAA,CAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,SAAA,CAAU,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACrD,CAAA;AAAA,MACA,MAAM,SAAA,CAAU,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM;AACpC,QAAA,MAAM,EAAA,CACH,MAAA,CAAO,WAAW,CAAA,CAClB,MAAA,CAAO,EAAE,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM,CAAA,CAC/B,kBAAA,CAAmB;AAAA,UAClB,MAAA,EAAQ,CAAC,WAAA,CAAY,MAAA,EAAQ,YAAY,MAAM,CAAA;AAAA,UAC/C,GAAA,EAAK,EAAE,IAAA;AAAK,SACb,CAAA;AAAA,MACL,CAAA;AAAA,MACA,MAAM,YAAA,CAAa,MAAA,EAAQ,MAAA,EAAQ;AACjC,QAAA,MAAM,GACH,MAAA,CAAO,WAAW,CAAA,CAClB,KAAA,CAAMC,eAAID,aAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,GAAGA,aAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAC,CAAA;AAAA,MAC9E;AAAA,KACF;AAAA,IAEA,IAAA,EAAM;AAAA,MACJ,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AACrB,QAAA,MAAM,EAAA,CAAG,MAAA,CAAO,IAAI,CAAA,CAAE,MAAA,CAAO;AAAA,UAC3B,IAAI,KAAA,CAAM,EAAA;AAAA,UACV,QAAQ,KAAA,CAAM,MAAA;AAAA,UACd,MAAM,KAAA,CAAM,IAAA;AAAA,UACZ,WAAA,EAAa,MAAM,WAAA,IAAe,IAAA;AAAA,UAClC,OAAA,EAAS,MAAM,OAAA,IAAW,IAAA;AAAA,UAC1B,MAAM,KAAA,CAAM,IAAA;AAAA,UACZ,gBAAA,EAAkB,MAAM,gBAAA,IAAoB,IAAA;AAAA,UAC5C,cAAc,KAAA,CAAM,YAAA;AAAA,UACpB,eAAe,KAAA,CAAM,aAAA;AAAA,UACrB,aAAa,KAAA,CAAM,WAAA;AAAA,UACnB,SAAA,EAAW,GAAA;AAAA,UACX,SAAA,EAAW;AAAA,SACZ,CAAA;AACD,QAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,IAAI,CAAA,CAAE,KAAA,CAAMA,aAAA,CAAG,KAAK,EAAA,EAAI,KAAA,CAAM,EAAE,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AAC9E,QAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,QAAQ,KAAA,EAAO;AACnB,QAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,IAAI,CAAA,CAAE,KAAA,CAAMA,aAAA,CAAG,KAAK,EAAA,EAAI,KAAK,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AAC3E,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,QAAQ,KAAA,EAAO;AACnB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,IAAA,CAAK,IAAI,CAAA,CAAE,OAAA,CAAQE,eAAA,CAAK,IAAA,CAAK,SAAS,CAAC,CAAA;AACtE,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,QAAO,CACP,IAAA,CAAK,IAAI,CAAA,CACT,KAAA,CAAMF,cAAG,IAAA,CAAK,MAAA,EAAQ,MAAM,CAAC,CAAA,CAC7B,QAAQE,eAAA,CAAK,IAAA,CAAK,SAAS,CAAC,CAAA;AAC/B,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,CAAO;AAAA,UACN,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,QAAQ,IAAA,CAAK,MAAA;AAAA,UACb,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,aAAa,IAAA,CAAK,WAAA;AAAA,UAClB,SAAS,IAAA,CAAK,OAAA;AAAA,UACd,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,kBAAkB,IAAA,CAAK,gBAAA;AAAA,UACvB,cAAc,IAAA,CAAK,YAAA;AAAA,UACnB,eAAe,IAAA,CAAK,aAAA;AAAA,UACpB,aAAa,IAAA,CAAK,WAAA;AAAA,UAClB,WAAW,IAAA,CAAK,SAAA;AAAA,UAChB,WAAW,IAAA,CAAK,SAAA;AAAA,UAChB,YAAY,IAAA,CAAK;AAAA,SAClB,CAAA,CACA,IAAA,CAAK,IAAI,CAAA,CACT,UAAU,WAAA,EAAaF,aAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,IAAA,CAAK,MAAM,CAAC,CAAA,CAC1D,KAAA,CAAMA,aAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAA,CACpC,OAAA,CAAQE,eAAA,CAAK,IAAA,CAAK,SAAS,CAAC,CAAA;AAC/B,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,MAAA,CAAO,KAAA,EAAO,KAAA,EAAO;AACzB,QAAA,MAAM,GAAA,GAA+B,EAAE,SAAA,kBAAW,IAAI,MAAK,EAAE;AAC7D,QAAA,IAAI,KAAA,CAAM,IAAA,KAAS,MAAA,EAAW,GAAA,CAAI,OAAO,KAAA,CAAM,IAAA;AAC/C,QAAA,IAAI,KAAA,CAAM,WAAA,KAAgB,MAAA,EAAW,GAAA,CAAI,cAAc,KAAA,CAAM,WAAA;AAC7D,QAAA,IAAI,KAAA,CAAM,OAAA,KAAY,MAAA,EAAW,GAAA,CAAI,UAAU,KAAA,CAAM,OAAA;AACrD,QAAA,IAAI,KAAA,CAAM,YAAA,KAAiB,MAAA,EAAW,GAAA,CAAI,eAAe,KAAA,CAAM,YAAA;AAC/D,QAAA,IAAI,KAAA,CAAM,aAAA,KAAkB,MAAA,EAAW,GAAA,CAAI,gBAAgB,KAAA,CAAM,aAAA;AACjE,QAAA,IAAI,KAAA,CAAM,WAAA,KAAgB,MAAA,EAAW,GAAA,CAAI,cAAc,KAAA,CAAM,WAAA;AAC7D,QAAA,IAAI,KAAA,CAAM,gBAAA,KAAqB,MAAA,EAAW,GAAA,CAAI,mBAAmB,KAAA,CAAM,gBAAA;AACvE,QAAA,IAAI,KAAA,CAAM,UAAA,KAAe,MAAA,EAAW,GAAA,CAAI,aAAa,KAAA,CAAM,UAAA;AAC3D,QAAA,MAAM,EAAA,CAAG,MAAA,CAAO,IAAI,CAAA,CAAE,GAAA,CAAI,GAAG,CAAA,CAAE,KAAA,CAAMF,aAAA,CAAG,IAAA,CAAK,EAAA,EAAI,KAAK,CAAC,CAAA;AACvD,QAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,IAAI,CAAA,CAAE,KAAA,CAAMA,aAAA,CAAG,KAAK,EAAA,EAAI,KAAK,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AAC3E,QAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,EAAA,CAAG,OAAO,IAAI,CAAA,CAAE,MAAMA,aAAA,CAAG,IAAA,CAAK,EAAA,EAAI,KAAK,CAAC,CAAA;AAAA,MAChD;AAAA,KACF;AAAA,IAEA,KAAA,EAAO;AAAA,MACL,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,EAAA,CAAG,MAAA,CAAO,kBAAkB,CAAA,CAAE,MAAA,CAAO;AAAA,UACzC,UAAU,KAAA,CAAM,QAAA;AAAA,UAChB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,QAAQ,KAAA,CAAM,MAAA;AAAA,UACd,aAAa,KAAA,CAAM,WAAA;AAAA,UACnB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,eAAe,KAAA,CAAM,aAAA;AAAA,UACrB,qBAAqB,KAAA,CAAM,mBAAA;AAAA,UAC3B,WAAW,KAAA,CAAM;AAAA,SAClB,CAAA;AAAA,MACH,CAAA;AAAA,MACA,MAAM,QAAQ,QAAA,EAAU;AAGtB,QAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AACrB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,CAAO,kBAAkB,CAAA,CACzB,GAAA,CAAI,EAAE,UAAA,EAAY,GAAA,EAAK,CAAA,CACvB,KAAA;AAAA,UACCC,cAAA;AAAA,YACED,aAAA,CAAG,kBAAA,CAAmB,QAAA,EAAU,QAAQ,CAAA;AAAA,YACxCG,cAAA,CAAA,EAAM,mBAAmB,UAAU,CAAA,QAAA,CAAA;AAAA,YACnCC,aAAA,CAAG,kBAAA,CAAmB,SAAA,EAAW,GAAG;AAAA;AACtC,UAED,SAAA,EAAU;AACb,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACnD;AAAA,KACF;AAAA,IAEA,OAAA,EAAS;AAAA,MACP,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,CAAC,GAAG,CAAA,GAAI,MAAM,GACjB,MAAA,CAAO,aAAa,EACpB,MAAA,CAAO;AAAA,UACN,IAAI,KAAA,CAAM,EAAA;AAAA,UACV,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,QAAQ,KAAA,CAAM,MAAA;AAAA,UACd,UAAU,KAAA,CAAM,QAAA;AAAA,UAChB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,WAAW,KAAA,CAAM;AAAA,SAClB,EACA,SAAA,EAAU;AACb,QAAA,OAAO,WAAW,GAA8B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,UAAU,IAAA,EAAM;AACpB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,MAAA,EAAO,CACP,KAAK,aAAa,CAAA,CAClB,KAAA,CAAMJ,aAAA,CAAG,cAAc,SAAA,EAAW,IAAI,CAAC,CAAA,CACvC,MAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,UAAA,CAAW,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACtD,CAAA;AAAA,MACA,MAAM,YAAY,EAAA,EAAI;AACpB,QAAA,MAAM,EAAA,CACH,OAAO,aAAa,CAAA,CACpB,IAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,EAC7B,KAAA,CAAMC,cAAA,CAAID,aAAA,CAAG,aAAA,CAAc,EAAA,EAAI,EAAE,GAAGG,cAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU,CAAC,CAAA;AAAA,MACjF,CAAA;AAAA,MACA,MAAM,aAAa,QAAA,EAAU;AAC3B,QAAA,MAAM,EAAA,CACH,MAAA,CAAO,aAAa,CAAA,CACpB,GAAA,CAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,CAAA,CAC7B,KAAA;AAAA,UACCF,cAAA,CAAID,cAAG,aAAA,CAAc,QAAA,EAAU,QAAQ,CAAA,EAAGG,cAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU;AAAA,SACnF;AAAA,MACJ,CAAA;AAAA,MACA,MAAM,iBAAiB,MAAA,EAAQ;AAC7B,QAAA,MAAM,EAAA,CACH,OAAO,aAAa,CAAA,CACpB,IAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,EAC7B,KAAA,CAAMF,cAAA,CAAID,aAAA,CAAG,aAAA,CAAc,MAAA,EAAQ,MAAM,GAAGG,cAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU,CAAC,CAAA;AAAA,MACzF,CAAA;AAAA,MACA,MAAM,gBAAgB,KAAA,EAAO;AAC3B,QAAA,MAAM,EAAA,CACH,OAAO,aAAa,CAAA,CACpB,IAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,EAC7B,KAAA,CAAMF,cAAA,CAAID,aAAA,CAAG,aAAA,CAAc,KAAA,EAAO,KAAK,GAAGG,cAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU,CAAC,CAAA;AAAA,MACvF,CAAA;AAAA,MACA,MAAM,WAAW,KAAA,EAAO;AACtB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,QAAO,CACP,IAAA,CAAK,aAAa,CAAA,CAClB,KAAA,CAAMH,cAAG,aAAA,CAAc,KAAA,EAAO,KAAK,CAAC,CAAA,CACpC,QAAQE,eAAA,CAAK,aAAA,CAAc,SAAS,CAAC,CAAA;AACxC,QAAA,OAAQ,IAAA,CAAmC,IAAI,UAAU,CAAA;AAAA,MAC3D;AAAA,KACF;AAAA,IAEA,OAAA,EAAS;AAAA,MACP,MAAM,GAAA,CAAI,MAAA,EAAQ,KAAA,EAAO;AACvB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,GACA,IAAA,CAAK,QAAQ,CAAA,CACb,KAAA,CAAMD,cAAA,CAAID,aAAA,CAAG,SAAS,MAAA,EAAQ,MAAM,CAAA,EAAGA,aAAA,CAAG,QAAA,CAAS,KAAA,EAAO,KAAK,CAAC,CAAC,CAAA,CACjE,KAAA,CAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,UAAA,CAAW,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACtD,CAAA;AAAA,MACA,MAAM,MAAA,CAAO,MAAA,EAAQ,KAAA,EAAO,aAAA,EAAe;AACzC,QAAA,MAAM,EAAA,CACH,MAAA,CAAO,QAAQ,CAAA,CACf,MAAA,CAAO,EAAE,MAAA,EAAQ,KAAA,EAAO,aAAA,EAAe,CAAA,CACvC,kBAAA,CAAmB;AAAA,UAClB,MAAA,EAAQ,CAAC,QAAA,CAAS,MAAA,EAAQ,SAAS,KAAK,CAAA;AAAA,UACxC,KAAK,EAAE,aAAA,EAAe,SAAA,kBAAW,IAAI,MAAK;AAAE,SAC7C,CAAA;AAAA,MACL,CAAA;AAAA,MACA,MAAM,MAAA,CAAO,MAAA,EAAQ,KAAA,EAAO;AAC1B,QAAA,MAAM,GACH,MAAA,CAAO,QAAQ,CAAA,CACf,KAAA,CAAMC,eAAID,aAAA,CAAG,QAAA,CAAS,MAAA,EAAQ,MAAM,GAAGA,aAAA,CAAG,QAAA,CAAS,KAAA,EAAO,KAAK,CAAC,CAAC,CAAA;AAAA,MACtE;AAAA,KACF;AAAA,IAEA,IAAA,EAAM;AAAA,MACJ,MAAM,UAAA,GAAa;AACjB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,QAAO,CACP,IAAA,CAAK,WAAW,CAAA,CAChB,KAAA,CAAMA,cAAG,WAAA,CAAY,MAAA,EAAQ,IAAI,CAAC,CAAA,CAClC,QAAQE,eAAA,CAAK,WAAA,CAAY,SAAS,CAAC,CAAA;AACtC,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,SAAA,GAAY;AAChB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,GACA,IAAA,CAAK,WAAW,CAAA,CAChB,KAAA,CAAMF,aAAA,CAAG,WAAA,CAAY,QAAQ,IAAI,CAAC,EAClC,OAAA,CAAQE,eAAA,CAAK,YAAY,SAAS,CAAC,CAAA,CACnC,KAAA,CAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,CAAC,GAAG,CAAA,GAAI,MAAM,GACjB,MAAA,CAAO,WAAW,EAClB,MAAA,CAAO;AAAA,UACN,KAAK,KAAA,CAAM,GAAA;AAAA,UACX,KAAK,KAAA,CAAM,GAAA;AAAA,UACX,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,YAAY,KAAA,CAAM,UAAA;AAAA,UAClB,MAAA,EAAQ;AAAA,SACT,EACA,SAAA,EAAU;AACb,QAAA,OAAO,OAAO,GAA8B,CAAA;AAAA,MAC9C,CAAA;AAAA,MACA,MAAM,YAAY,GAAA,EAAK;AACrB,QAAA,MAAM,GACH,MAAA,CAAO,WAAW,EAClB,GAAA,CAAI,EAAE,QAAQ,KAAA,EAAO,SAAA,sBAAe,IAAA,EAAK,EAAG,CAAA,CAC5C,KAAA,CAAMF,cAAG,WAAA,CAAY,GAAA,EAAK,GAAG,CAAC,CAAA;AAAA,MACnC;AAAA;AACF,GACF;AACF","file":"index.cjs","sourcesContent":["/**\n * SQLite adapter for @holeauth/plugin-idp.\n *\n * Mirrors the Postgres adapter (`../pg/index.ts`) but maps:\n * - text().array() → text({ mode: 'json' }) (driver-side JSON encoding)\n * - jsonb → text({ mode: 'json' })\n * - timestamp({ withTimezone, mode: 'date' }) → integer({ mode: 'timestamp_ms' })\n * - boolean → integer({ mode: 'boolean' })\n * - INSERT/UPDATE … RETURNING → insert/update then re-select\n *\n * The `codes.consume` claim is implemented as a conditional UPDATE then SELECT\n * pair. `expiresAt > now` is compared against an explicit JS-side `new Date()`\n * because SQLite has no native NOW() and the column is stored as ms-epoch.\n */\nimport {\n sqliteTable,\n text,\n integer,\n primaryKey,\n index,\n uniqueIndex,\n type SQLiteTableWithColumns,\n} from 'drizzle-orm/sqlite-core';\nimport { relations, eq, and, sql, desc, gt } from 'drizzle-orm';\nimport type {\n IdpAdapter,\n IdpApp,\n IdpAuthorizationCode,\n IdpConsent,\n IdpRefreshToken,\n IdpSigningKey,\n IdpTeam,\n IdpTeamMember,\n SigningAlg,\n TeamRole,\n AppType,\n} from '@holeauth/plugin-idp';\n\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport type SqliteUsersTable = SQLiteTableWithColumns<any> & { id: any };\n\nexport interface CreateIdpTablesOptions<U extends SqliteUsersTable> {\n usersTable: U;\n prefix?: string;\n}\n\nexport function createIdpTables<U extends SqliteUsersTable>(opts: CreateIdpTablesOptions<U>) {\n const { usersTable, prefix = 'holeauth_idp_' } = opts;\n const p = (s: string) => `${prefix}${s}`;\n\n const teams = sqliteTable(p('team'), {\n id: text('id').primaryKey(),\n name: text('name').notNull(),\n createdAt: integer('created_at', { mode: 'timestamp_ms' })\n .notNull()\n .$defaultFn(() => new Date()),\n });\n\n const teamMembers = sqliteTable(\n p('team_member'),\n {\n teamId: text('team_id')\n .notNull()\n .references(() => teams.id, { onDelete: 'cascade' }),\n userId: text('user_id')\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n role: text('role').notNull().$type<TeamRole>(),\n addedAt: integer('added_at', { mode: 'timestamp_ms' })\n .notNull()\n .$defaultFn(() => new Date()),\n },\n (t) => ({\n pk: primaryKey({ columns: [t.teamId, t.userId] }),\n userIdx: index(`${p('team_member')}_user_idx`).on(t.userId),\n }),\n );\n\n const apps = sqliteTable(\n p('app'),\n {\n id: text('id').primaryKey(),\n teamId: text('team_id')\n .notNull()\n .references(() => teams.id, { onDelete: 'cascade' }),\n name: text('name').notNull(),\n description: text('description'),\n logoUrl: text('logo_url'),\n type: text('type').notNull().$type<AppType>(),\n clientSecretHash: text('client_secret_hash'),\n redirectUris: text('redirect_uris', { mode: 'json' }).$type<string[]>().notNull(),\n allowedScopes: text('allowed_scopes', { mode: 'json' }).$type<string[]>().notNull(),\n requirePkce: integer('require_pkce', { mode: 'boolean' }).notNull().default(true),\n createdAt: integer('created_at', { mode: 'timestamp_ms' })\n .notNull()\n .$defaultFn(() => new Date()),\n updatedAt: integer('updated_at', { mode: 'timestamp_ms' })\n .notNull()\n .$defaultFn(() => new Date()),\n disabledAt: integer('disabled_at', { mode: 'timestamp_ms' }),\n },\n (t) => ({\n teamIdx: index(`${p('app')}_team_idx`).on(t.teamId),\n }),\n );\n\n const authorizationCodes = sqliteTable(\n p('authorization_code'),\n {\n codeHash: text('code_hash').primaryKey(),\n appId: text('app_id')\n .notNull()\n .references(() => apps.id, { onDelete: 'cascade' }),\n userId: text('user_id')\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n redirectUri: text('redirect_uri').notNull(),\n scope: text('scope').notNull(),\n nonce: text('nonce'),\n codeChallenge: text('code_challenge'),\n codeChallengeMethod: text('code_challenge_method'),\n expiresAt: integer('expires_at', { mode: 'timestamp_ms' }).notNull(),\n consumedAt: integer('consumed_at', { mode: 'timestamp_ms' }),\n },\n (t) => ({\n expiresIdx: index(`${p('authorization_code')}_expires_idx`).on(t.expiresAt),\n }),\n );\n\n const refreshTokens = sqliteTable(\n p('refresh_token'),\n {\n id: text('id').primaryKey(),\n tokenHash: text('token_hash').notNull(),\n appId: text('app_id')\n .notNull()\n .references(() => apps.id, { onDelete: 'cascade' }),\n userId: text('user_id')\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n familyId: text('family_id').notNull(),\n scope: text('scope').notNull(),\n expiresAt: integer('expires_at', { mode: 'timestamp_ms' }).notNull(),\n createdAt: integer('created_at', { mode: 'timestamp_ms' })\n .notNull()\n .$defaultFn(() => new Date()),\n revokedAt: integer('revoked_at', { mode: 'timestamp_ms' }),\n },\n (t) => ({\n hashIdx: uniqueIndex(`${p('refresh_token')}_hash_idx`).on(t.tokenHash),\n familyIdx: index(`${p('refresh_token')}_family_idx`).on(t.familyId),\n userIdx: index(`${p('refresh_token')}_user_idx`).on(t.userId),\n appIdx: index(`${p('refresh_token')}_app_idx`).on(t.appId),\n }),\n );\n\n const consents = sqliteTable(\n p('consent'),\n {\n userId: text('user_id')\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n appId: text('app_id')\n .notNull()\n .references(() => apps.id, { onDelete: 'cascade' }),\n scopesGranted: text('scopes_granted', { mode: 'json' }).$type<string[]>().notNull(),\n grantedAt: integer('granted_at', { mode: 'timestamp_ms' })\n .notNull()\n .$defaultFn(() => new Date()),\n },\n (t) => ({\n pk: primaryKey({ columns: [t.userId, t.appId] }),\n }),\n );\n\n const signingKeys = sqliteTable(p('signing_key'), {\n kid: text('kid').primaryKey(),\n alg: text('alg').notNull().$type<SigningAlg>(),\n publicJwk: text('public_jwk', { mode: 'json' }).$type<Record<string, unknown>>().notNull(),\n privateJwk: text('private_jwk', { mode: 'json' }).$type<Record<string, unknown>>().notNull(),\n active: integer('active', { mode: 'boolean' }).notNull().default(true),\n createdAt: integer('created_at', { mode: 'timestamp_ms' })\n .notNull()\n .$defaultFn(() => new Date()),\n rotatedAt: integer('rotated_at', { mode: 'timestamp_ms' }),\n });\n\n const teamMembersRelations = relations(teamMembers, ({ one }) => ({\n team: one(teams, { fields: [teamMembers.teamId], references: [teams.id] }),\n user: one(usersTable, { fields: [teamMembers.userId], references: [usersTable.id] }),\n }));\n const appsRelations = relations(apps, ({ one }) => ({\n team: one(teams, { fields: [apps.teamId], references: [teams.id] }),\n }));\n\n return {\n tables: {\n teams,\n teamMembers,\n apps,\n authorizationCodes,\n refreshTokens,\n consents,\n signingKeys,\n },\n relations: { teamMembersRelations, appsRelations },\n };\n}\n\n/* ────────────────────────── adapter ────────────────────────── */\n\ntype Tables = ReturnType<typeof createIdpTables>['tables'];\n\nexport interface CreateIdpAdapterOptions {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n db: any;\n tables: Tables;\n generateId?: () => string;\n}\n\nconst appRow = (r: Record<string, unknown>): IdpApp => ({\n id: String(r.id),\n teamId: String(r.teamId),\n name: String(r.name),\n description: (r.description as string | null) ?? null,\n logoUrl: (r.logoUrl as string | null) ?? null,\n type: r.type as AppType,\n clientSecretHash: (r.clientSecretHash as string | null) ?? null,\n redirectUris: (r.redirectUris as string[] | null) ?? [],\n allowedScopes: (r.allowedScopes as string[] | null) ?? [],\n requirePkce: Boolean(r.requirePkce),\n createdAt: r.createdAt as Date,\n updatedAt: r.updatedAt as Date,\n disabledAt: (r.disabledAt as Date | null) ?? null,\n});\n\nconst teamRow = (r: Record<string, unknown>): IdpTeam => ({\n id: String(r.id),\n name: String(r.name),\n createdAt: r.createdAt as Date,\n});\n\nconst memberRow = (r: Record<string, unknown>): IdpTeamMember => ({\n teamId: String(r.teamId),\n userId: String(r.userId),\n role: r.role as TeamRole,\n addedAt: r.addedAt as Date,\n});\n\nconst codeRow = (r: Record<string, unknown>): IdpAuthorizationCode => ({\n codeHash: String(r.codeHash),\n appId: String(r.appId),\n userId: String(r.userId),\n redirectUri: String(r.redirectUri),\n scope: String(r.scope),\n nonce: (r.nonce as string | null) ?? null,\n codeChallenge: (r.codeChallenge as string | null) ?? null,\n codeChallengeMethod: (r.codeChallengeMethod as 'S256' | 'plain' | null) ?? null,\n expiresAt: r.expiresAt as Date,\n consumedAt: (r.consumedAt as Date | null) ?? null,\n});\n\nconst refreshRow = (r: Record<string, unknown>): IdpRefreshToken => ({\n id: String(r.id),\n tokenHash: String(r.tokenHash),\n appId: String(r.appId),\n userId: String(r.userId),\n familyId: String(r.familyId),\n scope: String(r.scope),\n expiresAt: r.expiresAt as Date,\n createdAt: r.createdAt as Date,\n revokedAt: (r.revokedAt as Date | null) ?? null,\n});\n\nconst consentRow = (r: Record<string, unknown>): IdpConsent => ({\n userId: String(r.userId),\n appId: String(r.appId),\n scopesGranted: (r.scopesGranted as string[] | null) ?? [],\n grantedAt: r.grantedAt as Date,\n});\n\nconst keyRow = (r: Record<string, unknown>): IdpSigningKey => ({\n kid: String(r.kid),\n alg: r.alg as SigningAlg,\n publicJwk: r.publicJwk as Record<string, unknown>,\n privateJwk: r.privateJwk as Record<string, unknown>,\n active: Boolean(r.active),\n createdAt: r.createdAt as Date,\n rotatedAt: (r.rotatedAt as Date | null) ?? null,\n});\n\nexport function createIdpAdapter(opts: CreateIdpAdapterOptions): IdpAdapter {\n const { db, tables, generateId = () => crypto.randomUUID() } = opts;\n const { teams, teamMembers, apps, authorizationCodes, refreshTokens, consents, signingKeys } =\n tables;\n\n return {\n teams: {\n async create(input) {\n const id = generateId();\n const now = new Date();\n await db.insert(teams).values({ id, name: input.name, createdAt: now });\n await db\n .insert(teamMembers)\n .values({ teamId: id, userId: input.ownerUserId, role: 'owner', addedAt: now });\n const rows = await db.select().from(teams).where(eq(teams.id, id)).limit(1);\n return teamRow(rows[0] as Record<string, unknown>);\n },\n async getById(teamId) {\n const rows = await db.select().from(teams).where(eq(teams.id, teamId)).limit(1);\n if (!rows.length) return null;\n return teamRow(rows[0] as Record<string, unknown>);\n },\n async delete(teamId) {\n await db.delete(teams).where(eq(teams.id, teamId));\n },\n async listForUser(userId) {\n const rows = await db\n .select({\n id: teams.id,\n name: teams.name,\n createdAt: teams.createdAt,\n role: teamMembers.role,\n })\n .from(teamMembers)\n .innerJoin(teams, eq(teamMembers.teamId, teams.id))\n .where(eq(teamMembers.userId, userId));\n return (rows as Record<string, unknown>[]).map((r) => ({\n ...teamRow(r),\n role: r.role as TeamRole,\n }));\n },\n async listMembers(teamId) {\n const rows = await db.select().from(teamMembers).where(eq(teamMembers.teamId, teamId));\n return (rows as Record<string, unknown>[]).map(memberRow);\n },\n async getMembership(teamId, userId) {\n const rows = await db\n .select()\n .from(teamMembers)\n .where(and(eq(teamMembers.teamId, teamId), eq(teamMembers.userId, userId)))\n .limit(1);\n if (!rows.length) return null;\n return memberRow(rows[0] as Record<string, unknown>);\n },\n async addMember(teamId, userId, role) {\n await db\n .insert(teamMembers)\n .values({ teamId, userId, role })\n .onConflictDoUpdate({\n target: [teamMembers.teamId, teamMembers.userId],\n set: { role },\n });\n },\n async removeMember(teamId, userId) {\n await db\n .delete(teamMembers)\n .where(and(eq(teamMembers.teamId, teamId), eq(teamMembers.userId, userId)));\n },\n },\n\n apps: {\n async create(input) {\n const now = new Date();\n await db.insert(apps).values({\n id: input.id,\n teamId: input.teamId,\n name: input.name,\n description: input.description ?? null,\n logoUrl: input.logoUrl ?? null,\n type: input.type,\n clientSecretHash: input.clientSecretHash ?? null,\n redirectUris: input.redirectUris,\n allowedScopes: input.allowedScopes,\n requirePkce: input.requirePkce,\n createdAt: now,\n updatedAt: now,\n });\n const rows = await db.select().from(apps).where(eq(apps.id, input.id)).limit(1);\n return appRow(rows[0] as Record<string, unknown>);\n },\n async getById(appId) {\n const rows = await db.select().from(apps).where(eq(apps.id, appId)).limit(1);\n if (!rows.length) return null;\n return appRow(rows[0] as Record<string, unknown>);\n },\n async listAll(_opts) {\n const rows = await db.select().from(apps).orderBy(desc(apps.createdAt));\n return (rows as Record<string, unknown>[]).map(appRow);\n },\n async listForTeam(teamId) {\n const rows = await db\n .select()\n .from(apps)\n .where(eq(apps.teamId, teamId))\n .orderBy(desc(apps.createdAt));\n return (rows as Record<string, unknown>[]).map(appRow);\n },\n async listForUser(userId) {\n const rows = await db\n .select({\n id: apps.id,\n teamId: apps.teamId,\n name: apps.name,\n description: apps.description,\n logoUrl: apps.logoUrl,\n type: apps.type,\n clientSecretHash: apps.clientSecretHash,\n redirectUris: apps.redirectUris,\n allowedScopes: apps.allowedScopes,\n requirePkce: apps.requirePkce,\n createdAt: apps.createdAt,\n updatedAt: apps.updatedAt,\n disabledAt: apps.disabledAt,\n })\n .from(apps)\n .innerJoin(teamMembers, eq(teamMembers.teamId, apps.teamId))\n .where(eq(teamMembers.userId, userId))\n .orderBy(desc(apps.createdAt));\n return (rows as Record<string, unknown>[]).map(appRow);\n },\n async update(appId, patch) {\n const set: Record<string, unknown> = { updatedAt: new Date() };\n if (patch.name !== undefined) set.name = patch.name;\n if (patch.description !== undefined) set.description = patch.description;\n if (patch.logoUrl !== undefined) set.logoUrl = patch.logoUrl;\n if (patch.redirectUris !== undefined) set.redirectUris = patch.redirectUris;\n if (patch.allowedScopes !== undefined) set.allowedScopes = patch.allowedScopes;\n if (patch.requirePkce !== undefined) set.requirePkce = patch.requirePkce;\n if (patch.clientSecretHash !== undefined) set.clientSecretHash = patch.clientSecretHash;\n if (patch.disabledAt !== undefined) set.disabledAt = patch.disabledAt;\n await db.update(apps).set(set).where(eq(apps.id, appId));\n const rows = await db.select().from(apps).where(eq(apps.id, appId)).limit(1);\n return appRow(rows[0] as Record<string, unknown>);\n },\n async delete(appId) {\n await db.delete(apps).where(eq(apps.id, appId));\n },\n },\n\n codes: {\n async create(input) {\n await db.insert(authorizationCodes).values({\n codeHash: input.codeHash,\n appId: input.appId,\n userId: input.userId,\n redirectUri: input.redirectUri,\n scope: input.scope,\n nonce: input.nonce,\n codeChallenge: input.codeChallenge,\n codeChallengeMethod: input.codeChallengeMethod,\n expiresAt: input.expiresAt,\n });\n },\n async consume(codeHash) {\n // SQLite (better-sqlite3) supports RETURNING but exposing it via drizzle\n // is dialect-dependent; use the simple two-step claim for portability.\n const now = new Date();\n const rows = await db\n .update(authorizationCodes)\n .set({ consumedAt: now })\n .where(\n and(\n eq(authorizationCodes.codeHash, codeHash),\n sql`${authorizationCodes.consumedAt} IS NULL`,\n gt(authorizationCodes.expiresAt, now),\n ),\n )\n .returning();\n if (!rows.length) return null;\n return codeRow(rows[0] as Record<string, unknown>);\n },\n },\n\n refresh: {\n async create(input) {\n const [row] = await db\n .insert(refreshTokens)\n .values({\n id: input.id,\n tokenHash: input.tokenHash,\n appId: input.appId,\n userId: input.userId,\n familyId: input.familyId,\n scope: input.scope,\n expiresAt: input.expiresAt,\n })\n .returning();\n return refreshRow(row as Record<string, unknown>);\n },\n async getByHash(hash) {\n const rows = await db\n .select()\n .from(refreshTokens)\n .where(eq(refreshTokens.tokenHash, hash))\n .limit(1);\n if (!rows.length) return null;\n return refreshRow(rows[0] as Record<string, unknown>);\n },\n async markRevoked(id) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(and(eq(refreshTokens.id, id), sql`${refreshTokens.revokedAt} IS NULL`));\n },\n async revokeFamily(familyId) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(\n and(eq(refreshTokens.familyId, familyId), sql`${refreshTokens.revokedAt} IS NULL`),\n );\n },\n async revokeAllForUser(userId) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(and(eq(refreshTokens.userId, userId), sql`${refreshTokens.revokedAt} IS NULL`));\n },\n async revokeAllForApp(appId) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(and(eq(refreshTokens.appId, appId), sql`${refreshTokens.revokedAt} IS NULL`));\n },\n async listForApp(appId) {\n const rows = await db\n .select()\n .from(refreshTokens)\n .where(eq(refreshTokens.appId, appId))\n .orderBy(desc(refreshTokens.createdAt));\n return (rows as Record<string, unknown>[]).map(refreshRow);\n },\n },\n\n consent: {\n async get(userId, appId) {\n const rows = await db\n .select()\n .from(consents)\n .where(and(eq(consents.userId, userId), eq(consents.appId, appId)))\n .limit(1);\n if (!rows.length) return null;\n return consentRow(rows[0] as Record<string, unknown>);\n },\n async upsert(userId, appId, scopesGranted) {\n await db\n .insert(consents)\n .values({ userId, appId, scopesGranted })\n .onConflictDoUpdate({\n target: [consents.userId, consents.appId],\n set: { scopesGranted, grantedAt: new Date() },\n });\n },\n async revoke(userId, appId) {\n await db\n .delete(consents)\n .where(and(eq(consents.userId, userId), eq(consents.appId, appId)));\n },\n },\n\n keys: {\n async listActive() {\n const rows = await db\n .select()\n .from(signingKeys)\n .where(eq(signingKeys.active, true))\n .orderBy(desc(signingKeys.createdAt));\n return (rows as Record<string, unknown>[]).map(keyRow);\n },\n async getActive() {\n const rows = await db\n .select()\n .from(signingKeys)\n .where(eq(signingKeys.active, true))\n .orderBy(desc(signingKeys.createdAt))\n .limit(1);\n if (!rows.length) return null;\n return keyRow(rows[0] as Record<string, unknown>);\n },\n async create(input) {\n const [row] = await db\n .insert(signingKeys)\n .values({\n kid: input.kid,\n alg: input.alg,\n publicJwk: input.publicJwk,\n privateJwk: input.privateJwk,\n active: true,\n })\n .returning();\n return keyRow(row as Record<string, unknown>);\n },\n async markRotated(kid) {\n await db\n .update(signingKeys)\n .set({ active: false, rotatedAt: new Date() })\n .where(eq(signingKeys.kid, kid));\n },\n },\n };\n}\n"]}