npm - @holeauth/idp-drizzle - Versions diffs - 0.0.1-alpha.0 - Mend

@holeauth/idp-drizzle 0.0.1-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Robert Kratz
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,4 @@
+'use strict';
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":[],"names":[],"mappings":"","file":"index.cjs"}

package/dist/index.d.cts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+
2	+ export { }

package/dist/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+
2	+ export { }

package/dist/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":[],"names":[],"mappings":"","file":"index.js"}

package/dist/pg/index.cjs ADDED Viewed

@@ -0,0 +1,415 @@
+'use strict';
+var pgCore = require('drizzle-orm/pg-core');
+var drizzleOrm = require('drizzle-orm');
+// src/pg/index.ts
+function createIdpTables(opts) {
+  const { usersTable, prefix = "holeauth_idp_" } = opts;
+  const p = (s) => `${prefix}${s}`;
+  const teams = pgCore.pgTable(p("team"), {
+    id: pgCore.text("id").primaryKey(),
+    name: pgCore.text("name").notNull(),
+    createdAt: pgCore.timestamp("created_at", { withTimezone: true, mode: "date" }).notNull().defaultNow()
+  });
+  const teamMembers = pgCore.pgTable(
+    p("team_member"),
+    {
+      teamId: pgCore.text("team_id").notNull().references(() => teams.id, { onDelete: "cascade" }),
+      userId: pgCore.text("user_id").notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      role: pgCore.text("role").notNull().$type(),
+      addedAt: pgCore.timestamp("added_at", { withTimezone: true, mode: "date" }).notNull().defaultNow()
+    },
+    (t) => ({
+      pk: pgCore.primaryKey({ columns: [t.teamId, t.userId] }),
+      userIdx: pgCore.index().on(t.userId)
+    })
+  );
+  const apps = pgCore.pgTable(
+    p("app"),
+    {
+      id: pgCore.text("id").primaryKey(),
+      teamId: pgCore.text("team_id").notNull().references(() => teams.id, { onDelete: "cascade" }),
+      name: pgCore.text("name").notNull(),
+      description: pgCore.text("description"),
+      logoUrl: pgCore.text("logo_url"),
+      type: pgCore.text("type").notNull().$type(),
+      clientSecretHash: pgCore.text("client_secret_hash"),
+      redirectUris: pgCore.text("redirect_uris").array().notNull().default([]),
+      allowedScopes: pgCore.text("allowed_scopes").array().notNull().default([]),
+      requirePkce: pgCore.boolean("require_pkce").notNull().default(true),
+      createdAt: pgCore.timestamp("created_at", { withTimezone: true, mode: "date" }).notNull().defaultNow(),
+      updatedAt: pgCore.timestamp("updated_at", { withTimezone: true, mode: "date" }).notNull().defaultNow(),
+      disabledAt: pgCore.timestamp("disabled_at", { withTimezone: true, mode: "date" })
+    },
+    (t) => ({
+      teamIdx: pgCore.index().on(t.teamId)
+    })
+  );
+  const authorizationCodes = pgCore.pgTable(
+    p("authorization_code"),
+    {
+      codeHash: pgCore.text("code_hash").primaryKey(),
+      appId: pgCore.text("app_id").notNull().references(() => apps.id, { onDelete: "cascade" }),
+      userId: pgCore.text("user_id").notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      redirectUri: pgCore.text("redirect_uri").notNull(),
+      scope: pgCore.text("scope").notNull(),
+      nonce: pgCore.text("nonce"),
+      codeChallenge: pgCore.text("code_challenge"),
+      codeChallengeMethod: pgCore.text("code_challenge_method"),
+      expiresAt: pgCore.timestamp("expires_at", { withTimezone: true, mode: "date" }).notNull(),
+      consumedAt: pgCore.timestamp("consumed_at", { withTimezone: true, mode: "date" })
+    },
+    (t) => ({
+      expiresIdx: pgCore.index().on(t.expiresAt)
+    })
+  );
+  const refreshTokens = pgCore.pgTable(
+    p("refresh_token"),
+    {
+      id: pgCore.text("id").primaryKey(),
+      tokenHash: pgCore.text("token_hash").notNull(),
+      appId: pgCore.text("app_id").notNull().references(() => apps.id, { onDelete: "cascade" }),
+      userId: pgCore.text("user_id").notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      familyId: pgCore.text("family_id").notNull(),
+      scope: pgCore.text("scope").notNull(),
+      expiresAt: pgCore.timestamp("expires_at", { withTimezone: true, mode: "date" }).notNull(),
+      createdAt: pgCore.timestamp("created_at", { withTimezone: true, mode: "date" }).notNull().defaultNow(),
+      revokedAt: pgCore.timestamp("revoked_at", { withTimezone: true, mode: "date" })
+    },
+    (t) => ({
+      hashIdx: pgCore.uniqueIndex().on(t.tokenHash),
+      familyIdx: pgCore.index().on(t.familyId),
+      userIdx: pgCore.index().on(t.userId),
+      appIdx: pgCore.index().on(t.appId)
+    })
+  );
+  const consents = pgCore.pgTable(
+    p("consent"),
+    {
+      userId: pgCore.text("user_id").notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      appId: pgCore.text("app_id").notNull().references(() => apps.id, { onDelete: "cascade" }),
+      scopesGranted: pgCore.text("scopes_granted").array().notNull().default([]),
+      grantedAt: pgCore.timestamp("granted_at", { withTimezone: true, mode: "date" }).notNull().defaultNow()
+    },
+    (t) => ({
+      pk: pgCore.primaryKey({ columns: [t.userId, t.appId] })
+    })
+  );
+  const signingKeys = pgCore.pgTable(p("signing_key"), {
+    kid: pgCore.text("kid").primaryKey(),
+    alg: pgCore.text("alg").notNull().$type(),
+    publicJwk: pgCore.jsonb("public_jwk").notNull().$type(),
+    privateJwk: pgCore.jsonb("private_jwk").notNull().$type(),
+    active: pgCore.boolean("active").notNull().default(true),
+    createdAt: pgCore.timestamp("created_at", { withTimezone: true, mode: "date" }).notNull().defaultNow(),
+    rotatedAt: pgCore.timestamp("rotated_at", { withTimezone: true, mode: "date" })
+  });
+  const teamMembersRelations = drizzleOrm.relations(teamMembers, ({ one }) => ({
+    team: one(teams, { fields: [teamMembers.teamId], references: [teams.id] }),
+    user: one(usersTable, { fields: [teamMembers.userId], references: [usersTable.id] })
+  }));
+  const appsRelations = drizzleOrm.relations(apps, ({ one }) => ({
+    team: one(teams, { fields: [apps.teamId], references: [teams.id] })
+  }));
+  return {
+    tables: {
+      teams,
+      teamMembers,
+      apps,
+      authorizationCodes,
+      refreshTokens,
+      consents,
+      signingKeys
+    },
+    relations: { teamMembersRelations, appsRelations }
+  };
+}
+var appRow = (r) => ({
+  id: String(r.id),
+  teamId: String(r.teamId),
+  name: String(r.name),
+  description: r.description ?? null,
+  logoUrl: r.logoUrl ?? null,
+  type: r.type,
+  clientSecretHash: r.clientSecretHash ?? null,
+  redirectUris: r.redirectUris ?? [],
+  allowedScopes: r.allowedScopes ?? [],
+  requirePkce: Boolean(r.requirePkce),
+  createdAt: r.createdAt,
+  updatedAt: r.updatedAt,
+  disabledAt: r.disabledAt ?? null
+});
+var teamRow = (r) => ({
+  id: String(r.id),
+  name: String(r.name),
+  createdAt: r.createdAt
+});
+var memberRow = (r) => ({
+  teamId: String(r.teamId),
+  userId: String(r.userId),
+  role: r.role,
+  addedAt: r.addedAt
+});
+var codeRow = (r) => ({
+  codeHash: String(r.codeHash),
+  appId: String(r.appId),
+  userId: String(r.userId),
+  redirectUri: String(r.redirectUri),
+  scope: String(r.scope),
+  nonce: r.nonce ?? null,
+  codeChallenge: r.codeChallenge ?? null,
+  codeChallengeMethod: r.codeChallengeMethod ?? null,
+  expiresAt: r.expiresAt,
+  consumedAt: r.consumedAt ?? null
+});
+var refreshRow = (r) => ({
+  id: String(r.id),
+  tokenHash: String(r.tokenHash),
+  appId: String(r.appId),
+  userId: String(r.userId),
+  familyId: String(r.familyId),
+  scope: String(r.scope),
+  expiresAt: r.expiresAt,
+  createdAt: r.createdAt,
+  revokedAt: r.revokedAt ?? null
+});
+var consentRow = (r) => ({
+  userId: String(r.userId),
+  appId: String(r.appId),
+  scopesGranted: r.scopesGranted ?? [],
+  grantedAt: r.grantedAt
+});
+var keyRow = (r) => ({
+  kid: String(r.kid),
+  alg: r.alg,
+  publicJwk: r.publicJwk,
+  privateJwk: r.privateJwk,
+  active: Boolean(r.active),
+  createdAt: r.createdAt,
+  rotatedAt: r.rotatedAt ?? null
+});
+function createIdpAdapter(opts) {
+  const { db, tables, generateId = () => crypto.randomUUID() } = opts;
+  const { teams, teamMembers, apps, authorizationCodes, refreshTokens, consents, signingKeys } = tables;
+  return {
+    teams: {
+      async create(input) {
+        const id = generateId();
+        const [row] = await db.insert(teams).values({ id, name: input.name }).returning();
+        await db.insert(teamMembers).values({ teamId: id, userId: input.ownerUserId, role: "owner" });
+        return teamRow(row);
+      },
+      async getById(teamId) {
+        const rows = await db.select().from(teams).where(drizzleOrm.eq(teams.id, teamId)).limit(1);
+        if (!rows.length) return null;
+        return teamRow(rows[0]);
+      },
+      async delete(teamId) {
+        await db.delete(teams).where(drizzleOrm.eq(teams.id, teamId));
+      },
+      async listForUser(userId) {
+        const rows = await db.select({
+          id: teams.id,
+          name: teams.name,
+          createdAt: teams.createdAt,
+          role: teamMembers.role
+        }).from(teamMembers).innerJoin(teams, drizzleOrm.eq(teamMembers.teamId, teams.id)).where(drizzleOrm.eq(teamMembers.userId, userId));
+        return rows.map((r) => ({
+          ...teamRow(r),
+          role: r.role
+        }));
+      },
+      async listMembers(teamId) {
+        const rows = await db.select().from(teamMembers).where(drizzleOrm.eq(teamMembers.teamId, teamId));
+        return rows.map(memberRow);
+      },
+      async getMembership(teamId, userId) {
+        const rows = await db.select().from(teamMembers).where(drizzleOrm.and(drizzleOrm.eq(teamMembers.teamId, teamId), drizzleOrm.eq(teamMembers.userId, userId))).limit(1);
+        if (!rows.length) return null;
+        return memberRow(rows[0]);
+      },
+      async addMember(teamId, userId, role) {
+        await db.insert(teamMembers).values({ teamId, userId, role }).onConflictDoUpdate({
+          target: [teamMembers.teamId, teamMembers.userId],
+          set: { role }
+        });
+      },
+      async removeMember(teamId, userId) {
+        await db.delete(teamMembers).where(drizzleOrm.and(drizzleOrm.eq(teamMembers.teamId, teamId), drizzleOrm.eq(teamMembers.userId, userId)));
+      }
+    },
+    apps: {
+      async create(input) {
+        const [row] = await db.insert(apps).values({
+          id: input.id,
+          teamId: input.teamId,
+          name: input.name,
+          description: input.description ?? null,
+          logoUrl: input.logoUrl ?? null,
+          type: input.type,
+          clientSecretHash: input.clientSecretHash ?? null,
+          redirectUris: input.redirectUris,
+          allowedScopes: input.allowedScopes,
+          requirePkce: input.requirePkce
+        }).returning();
+        return appRow(row);
+      },
+      async getById(appId) {
+        const rows = await db.select().from(apps).where(drizzleOrm.eq(apps.id, appId)).limit(1);
+        if (!rows.length) return null;
+        return appRow(rows[0]);
+      },
+      async listAll(_opts) {
+        const rows = await db.select().from(apps).orderBy(drizzleOrm.desc(apps.createdAt));
+        return rows.map(appRow);
+      },
+      async listForTeam(teamId) {
+        const rows = await db.select().from(apps).where(drizzleOrm.eq(apps.teamId, teamId)).orderBy(drizzleOrm.desc(apps.createdAt));
+        return rows.map(appRow);
+      },
+      async listForUser(userId) {
+        const rows = await db.select({
+          id: apps.id,
+          teamId: apps.teamId,
+          name: apps.name,
+          description: apps.description,
+          logoUrl: apps.logoUrl,
+          type: apps.type,
+          clientSecretHash: apps.clientSecretHash,
+          redirectUris: apps.redirectUris,
+          allowedScopes: apps.allowedScopes,
+          requirePkce: apps.requirePkce,
+          createdAt: apps.createdAt,
+          updatedAt: apps.updatedAt,
+          disabledAt: apps.disabledAt
+        }).from(apps).innerJoin(teamMembers, drizzleOrm.eq(teamMembers.teamId, apps.teamId)).where(drizzleOrm.eq(teamMembers.userId, userId)).orderBy(drizzleOrm.desc(apps.createdAt));
+        return rows.map(appRow);
+      },
+      async update(appId, patch) {
+        const set = { updatedAt: /* @__PURE__ */ new Date() };
+        if (patch.name !== void 0) set.name = patch.name;
+        if (patch.description !== void 0) set.description = patch.description;
+        if (patch.logoUrl !== void 0) set.logoUrl = patch.logoUrl;
+        if (patch.redirectUris !== void 0) set.redirectUris = patch.redirectUris;
+        if (patch.allowedScopes !== void 0) set.allowedScopes = patch.allowedScopes;
+        if (patch.requirePkce !== void 0) set.requirePkce = patch.requirePkce;
+        if (patch.clientSecretHash !== void 0) set.clientSecretHash = patch.clientSecretHash;
+        if (patch.disabledAt !== void 0) set.disabledAt = patch.disabledAt;
+        const [row] = await db.update(apps).set(set).where(drizzleOrm.eq(apps.id, appId)).returning();
+        return appRow(row);
+      },
+      async delete(appId) {
+        await db.delete(apps).where(drizzleOrm.eq(apps.id, appId));
+      }
+    },
+    codes: {
+      async create(input) {
+        await db.insert(authorizationCodes).values({
+          codeHash: input.codeHash,
+          appId: input.appId,
+          userId: input.userId,
+          redirectUri: input.redirectUri,
+          scope: input.scope,
+          nonce: input.nonce,
+          codeChallenge: input.codeChallenge,
+          codeChallengeMethod: input.codeChallengeMethod,
+          expiresAt: input.expiresAt
+        });
+      },
+      async consume(codeHash) {
+        const rows = await db.update(authorizationCodes).set({ consumedAt: /* @__PURE__ */ new Date() }).where(
+          drizzleOrm.and(
+            drizzleOrm.eq(authorizationCodes.codeHash, codeHash),
+            drizzleOrm.sql`${authorizationCodes.consumedAt} IS NULL`,
+            drizzleOrm.sql`${authorizationCodes.expiresAt} > NOW()`
+          )
+        ).returning();
+        if (!rows.length) return null;
+        return codeRow(rows[0]);
+      }
+    },
+    refresh: {
+      async create(input) {
+        const [row] = await db.insert(refreshTokens).values({
+          id: input.id,
+          tokenHash: input.tokenHash,
+          appId: input.appId,
+          userId: input.userId,
+          familyId: input.familyId,
+          scope: input.scope,
+          expiresAt: input.expiresAt
+        }).returning();
+        return refreshRow(row);
+      },
+      async getByHash(hash) {
+        const rows = await db.select().from(refreshTokens).where(drizzleOrm.eq(refreshTokens.tokenHash, hash)).limit(1);
+        if (!rows.length) return null;
+        return refreshRow(rows[0]);
+      },
+      async markRevoked(id) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(drizzleOrm.and(drizzleOrm.eq(refreshTokens.id, id), drizzleOrm.sql`${refreshTokens.revokedAt} IS NULL`));
+      },
+      async revokeFamily(familyId) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(
+          drizzleOrm.and(drizzleOrm.eq(refreshTokens.familyId, familyId), drizzleOrm.sql`${refreshTokens.revokedAt} IS NULL`)
+        );
+      },
+      async revokeAllForUser(userId) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(drizzleOrm.and(drizzleOrm.eq(refreshTokens.userId, userId), drizzleOrm.sql`${refreshTokens.revokedAt} IS NULL`));
+      },
+      async revokeAllForApp(appId) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(drizzleOrm.and(drizzleOrm.eq(refreshTokens.appId, appId), drizzleOrm.sql`${refreshTokens.revokedAt} IS NULL`));
+      },
+      async listForApp(appId) {
+        const rows = await db.select().from(refreshTokens).where(drizzleOrm.eq(refreshTokens.appId, appId)).orderBy(drizzleOrm.desc(refreshTokens.createdAt));
+        return rows.map(refreshRow);
+      }
+    },
+    consent: {
+      async get(userId, appId) {
+        const rows = await db.select().from(consents).where(drizzleOrm.and(drizzleOrm.eq(consents.userId, userId), drizzleOrm.eq(consents.appId, appId))).limit(1);
+        if (!rows.length) return null;
+        return consentRow(rows[0]);
+      },
+      async upsert(userId, appId, scopesGranted) {
+        await db.insert(consents).values({ userId, appId, scopesGranted }).onConflictDoUpdate({
+          target: [consents.userId, consents.appId],
+          set: { scopesGranted, grantedAt: /* @__PURE__ */ new Date() }
+        });
+      },
+      async revoke(userId, appId) {
+        await db.delete(consents).where(drizzleOrm.and(drizzleOrm.eq(consents.userId, userId), drizzleOrm.eq(consents.appId, appId)));
+      }
+    },
+    keys: {
+      async listActive() {
+        const rows = await db.select().from(signingKeys).where(drizzleOrm.eq(signingKeys.active, true)).orderBy(drizzleOrm.desc(signingKeys.createdAt));
+        return rows.map(keyRow);
+      },
+      async getActive() {
+        const rows = await db.select().from(signingKeys).where(drizzleOrm.eq(signingKeys.active, true)).orderBy(drizzleOrm.desc(signingKeys.createdAt)).limit(1);
+        if (!rows.length) return null;
+        return keyRow(rows[0]);
+      },
+      async create(input) {
+        const [row] = await db.insert(signingKeys).values({
+          kid: input.kid,
+          alg: input.alg,
+          publicJwk: input.publicJwk,
+          privateJwk: input.privateJwk,
+          active: true
+        }).returning();
+        return keyRow(row);
+      },
+      async markRotated(kid) {
+        await db.update(signingKeys).set({ active: false, rotatedAt: /* @__PURE__ */ new Date() }).where(drizzleOrm.eq(signingKeys.kid, kid));
+      }
+    }
+  };
+}
+exports.createIdpAdapter = createIdpAdapter;
+exports.createIdpTables = createIdpTables;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/pg/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/pg/index.ts"],"names":["pgTable","text","timestamp","primaryKey","index","boolean","uniqueIndex","jsonb","relations","eq","and","desc","sql"],"mappings":";;;;;;AA8CO,SAAS,gBAAwC,IAAA,EAAiC;AACvF,EAAA,MAAM,EAAE,UAAA,EAAY,MAAA,GAAS,eAAA,EAAgB,GAAI,IAAA;AACjD,EAAA,MAAM,IAAI,CAAC,CAAA,KAAc,CAAA,EAAG,MAAM,GAAG,CAAC,CAAA,CAAA;AAEtC,EAAA,MAAM,KAAA,GAAQA,cAAA,CAAQ,CAAA,CAAE,MAAM,CAAA,EAAG;AAAA,IAC/B,EAAA,EAAIC,WAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,IAC1B,IAAA,EAAMA,WAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,IAC3B,SAAA,EAAWC,gBAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,IAAA,EAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CACpE,OAAA,EAAQ,CACR,UAAA;AAAW,GACf,CAAA;AAED,EAAA,MAAM,WAAA,GAAcF,cAAA;AAAA,IAClB,EAAE,aAAa,CAAA;AAAA,IACf;AAAA,MACE,MAAA,EAAQC,WAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACrD,MAAA,EAAQA,WAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,UAAA,CAAW,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,MAAMA,WAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,KAAA,EAAgB;AAAA,MAC7C,OAAA,EAASC,gBAAA,CAAU,UAAA,EAAY,EAAE,YAAA,EAAc,IAAA,EAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CAChE,OAAA,EAAQ,CACR,UAAA;AAAW,KAChB;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,EAAA,EAAIC,iBAAA,CAAW,EAAE,OAAA,EAAS,CAAC,EAAE,MAAA,EAAQ,CAAA,CAAE,MAAM,CAAA,EAAG,CAAA;AAAA,MAChD,OAAA,EAASC,YAAA,EAAM,CAAE,EAAA,CAAG,EAAE,MAAM;AAAA,KAC9B;AAAA,GACF;AAEA,EAAA,MAAM,IAAA,GAAOJ,cAAA;AAAA,IACX,EAAE,KAAK,CAAA;AAAA,IACP;AAAA,MACE,EAAA,EAAIC,WAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,MAC1B,MAAA,EAAQA,WAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACrD,IAAA,EAAMA,WAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,MAC3B,WAAA,EAAaA,YAAK,aAAa,CAAA;AAAA,MAC/B,OAAA,EAASA,YAAK,UAAU,CAAA;AAAA,MACxB,MAAMA,WAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,KAAA,EAAe;AAAA,MAC5C,gBAAA,EAAkBA,YAAK,oBAAoB,CAAA;AAAA,MAC3C,YAAA,EAAcA,WAAA,CAAK,eAAe,CAAA,CAAE,KAAA,GAAQ,OAAA,EAAQ,CAAE,OAAA,CAAQ,EAAE,CAAA;AAAA,MAChE,aAAA,EAAeA,WAAA,CAAK,gBAAgB,CAAA,CAAE,KAAA,GAAQ,OAAA,EAAQ,CAAE,OAAA,CAAQ,EAAE,CAAA;AAAA,MAClE,aAAaI,cAAA,CAAQ,cAAc,EAAE,OAAA,EAAQ,CAAE,QAAQ,IAAI,CAAA;AAAA,MAC3D,SAAA,EAAWH,gBAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,IAAA,EAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CACpE,OAAA,EAAQ,CACR,UAAA,EAAW;AAAA,MACd,SAAA,EAAWA,gBAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,IAAA,EAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CACpE,OAAA,EAAQ,CACR,UAAA,EAAW;AAAA,MACd,UAAA,EAAYA,iBAAU,aAAA,EAAe,EAAE,cAAc,IAAA,EAAM,IAAA,EAAM,QAAQ;AAAA,KAC3E;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,OAAA,EAASE,YAAA,EAAM,CAAE,EAAA,CAAG,EAAE,MAAM;AAAA,KAC9B;AAAA,GACF;AAEA,EAAA,MAAM,kBAAA,GAAqBJ,cAAA;AAAA,IACzB,EAAE,oBAAoB,CAAA;AAAA,IACtB;AAAA,MACE,QAAA,EAAUC,WAAA,CAAK,WAAW,CAAA,CAAE,UAAA,EAAW;AAAA,MACvC,KAAA,EAAOA,WAAA,CAAK,QAAQ,CAAA,CACjB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,IAAA,CAAK,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACpD,MAAA,EAAQA,WAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,UAAA,CAAW,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,WAAA,EAAaA,WAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,MAC1C,KAAA,EAAOA,WAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,MAC7B,KAAA,EAAOA,YAAK,OAAO,CAAA;AAAA,MACnB,aAAA,EAAeA,YAAK,gBAAgB,CAAA;AAAA,MACpC,mBAAA,EAAqBA,YAAK,uBAAuB,CAAA;AAAA,MACjD,SAAA,EAAWC,gBAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,MAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,MACjF,UAAA,EAAYA,iBAAU,aAAA,EAAe,EAAE,cAAc,IAAA,EAAM,IAAA,EAAM,QAAQ;AAAA,KAC3E;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,UAAA,EAAYE,YAAA,EAAM,CAAE,EAAA,CAAG,EAAE,SAAS;AAAA,KACpC;AAAA,GACF;AAEA,EAAA,MAAM,aAAA,GAAgBJ,cAAA;AAAA,IACpB,EAAE,eAAe,CAAA;AAAA,IACjB;AAAA,MACE,EAAA,EAAIC,WAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,MAC1B,SAAA,EAAWA,WAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,MACtC,KAAA,EAAOA,WAAA,CAAK,QAAQ,CAAA,CACjB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,IAAA,CAAK,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACpD,MAAA,EAAQA,WAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,UAAA,CAAW,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,QAAA,EAAUA,WAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,MACpC,KAAA,EAAOA,WAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,MAC7B,SAAA,EAAWC,gBAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,MAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,MACjF,SAAA,EAAWA,gBAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,IAAA,EAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CACpE,OAAA,EAAQ,CACR,UAAA,EAAW;AAAA,MACd,SAAA,EAAWA,iBAAU,YAAA,EAAc,EAAE,cAAc,IAAA,EAAM,IAAA,EAAM,QAAQ;AAAA,KACzE;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,OAAA,EAASI,kBAAA,EAAY,CAAE,EAAA,CAAG,EAAE,SAAS,CAAA;AAAA,MACrC,SAAA,EAAWF,YAAA,EAAM,CAAE,EAAA,CAAG,EAAE,QAAQ,CAAA;AAAA,MAChC,OAAA,EAASA,YAAA,EAAM,CAAE,EAAA,CAAG,EAAE,MAAM,CAAA;AAAA,MAC5B,MAAA,EAAQA,YAAA,EAAM,CAAE,EAAA,CAAG,EAAE,KAAK;AAAA,KAC5B;AAAA,GACF;AAEA,EAAA,MAAM,QAAA,GAAWJ,cAAA;AAAA,IACf,EAAE,SAAS,CAAA;AAAA,IACX;AAAA,MACE,MAAA,EAAQC,WAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,UAAA,CAAW,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,KAAA,EAAOA,WAAA,CAAK,QAAQ,CAAA,CACjB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,IAAA,CAAK,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACpD,aAAA,EAAeA,WAAA,CAAK,gBAAgB,CAAA,CAAE,KAAA,GAAQ,OAAA,EAAQ,CAAE,OAAA,CAAQ,EAAE,CAAA;AAAA,MAClE,SAAA,EAAWC,gBAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,IAAA,EAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CACpE,OAAA,EAAQ,CACR,UAAA;AAAW,KAChB;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,EAAA,EAAIC,iBAAA,CAAW,EAAE,OAAA,EAAS,CAAC,EAAE,MAAA,EAAQ,CAAA,CAAE,KAAK,CAAA,EAAG;AAAA,KACjD;AAAA,GACF;AAEA,EAAA,MAAM,WAAA,GAAcH,cAAA,CAAQ,CAAA,CAAE,aAAa,CAAA,EAAG;AAAA,IAC5C,GAAA,EAAKC,WAAA,CAAK,KAAK,CAAA,CAAE,UAAA,EAAW;AAAA,IAC5B,KAAKA,WAAA,CAAK,KAAK,CAAA,CAAE,OAAA,GAAU,KAAA,EAAkB;AAAA,IAC7C,WAAWM,YAAA,CAAM,YAAY,CAAA,CAAE,OAAA,GAAU,KAAA,EAA+B;AAAA,IACxE,YAAYA,YAAA,CAAM,aAAa,CAAA,CAAE,OAAA,GAAU,KAAA,EAA+B;AAAA,IAC1E,QAAQF,cAAA,CAAQ,QAAQ,EAAE,OAAA,EAAQ,CAAE,QAAQ,IAAI,CAAA;AAAA,IAChD,SAAA,EAAWH,gBAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,IAAA,EAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CACpE,OAAA,EAAQ,CACR,UAAA,EAAW;AAAA,IACd,SAAA,EAAWA,iBAAU,YAAA,EAAc,EAAE,cAAc,IAAA,EAAM,IAAA,EAAM,QAAQ;AAAA,GACxE,CAAA;AAED,EAAA,MAAM,uBAAuBM,oBAAA,CAAU,WAAA,EAAa,CAAC,EAAE,KAAI,MAAO;AAAA,IAChE,IAAA,EAAM,GAAA,CAAI,KAAA,EAAO,EAAE,QAAQ,CAAC,WAAA,CAAY,MAAM,CAAA,EAAG,UAAA,EAAY,CAAC,KAAA,CAAM,EAAE,GAAG,CAAA;AAAA,IACzE,IAAA,EAAM,GAAA,CAAI,UAAA,EAAY,EAAE,QAAQ,CAAC,WAAA,CAAY,MAAM,CAAA,EAAG,UAAA,EAAY,CAAC,UAAA,CAAW,EAAE,GAAG;AAAA,GACrF,CAAE,CAAA;AACF,EAAA,MAAM,gBAAgBA,oBAAA,CAAU,IAAA,EAAM,CAAC,EAAE,KAAI,MAAO;AAAA,IAClD,IAAA,EAAM,GAAA,CAAI,KAAA,EAAO,EAAE,QAAQ,CAAC,IAAA,CAAK,MAAM,CAAA,EAAG,UAAA,EAAY,CAAC,KAAA,CAAM,EAAE,GAAG;AAAA,GACpE,CAAE,CAAA;AAEF,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ;AAAA,MACN,KAAA;AAAA,MACA,WAAA;AAAA,MACA,IAAA;AAAA,MACA,kBAAA;AAAA,MACA,aAAA;AAAA,MACA,QAAA;AAAA,MACA;AAAA,KACF;AAAA,IACA,SAAA,EAAW,EAAE,oBAAA,EAAsB,aAAA;AAAc,GACnD;AACF;AAaA,IAAM,MAAA,GAAS,CAAC,CAAA,MAAwC;AAAA,EACtD,EAAA,EAAI,MAAA,CAAO,CAAA,CAAE,EAAE,CAAA;AAAA,EACf,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,IAAA,EAAM,MAAA,CAAO,CAAA,CAAE,IAAI,CAAA;AAAA,EACnB,WAAA,EAAc,EAAE,WAAA,IAAiC,IAAA;AAAA,EACjD,OAAA,EAAU,EAAE,OAAA,IAA6B,IAAA;AAAA,EACzC,MAAM,CAAA,CAAE,IAAA;AAAA,EACR,gBAAA,EAAmB,EAAE,gBAAA,IAAsC,IAAA;AAAA,EAC3D,YAAA,EAAe,CAAA,CAAE,YAAA,IAAoC,EAAC;AAAA,EACtD,aAAA,EAAgB,CAAA,CAAE,aAAA,IAAqC,EAAC;AAAA,EACxD,WAAA,EAAa,OAAA,CAAQ,CAAA,CAAE,WAAW,CAAA;AAAA,EAClC,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,UAAA,EAAa,EAAE,UAAA,IAA8B;AAC/C,CAAA,CAAA;AAEA,IAAM,OAAA,GAAU,CAAC,CAAA,MAAyC;AAAA,EACxD,EAAA,EAAI,MAAA,CAAO,CAAA,CAAE,EAAE,CAAA;AAAA,EACf,IAAA,EAAM,MAAA,CAAO,CAAA,CAAE,IAAI,CAAA;AAAA,EACnB,WAAW,CAAA,CAAE;AACf,CAAA,CAAA;AAEA,IAAM,SAAA,GAAY,CAAC,CAAA,MAA+C;AAAA,EAChE,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,MAAM,CAAA,CAAE,IAAA;AAAA,EACR,SAAS,CAAA,CAAE;AACb,CAAA,CAAA;AAEA,IAAM,OAAA,GAAU,CAAC,CAAA,MAAsD;AAAA,EACrE,QAAA,EAAU,MAAA,CAAO,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC3B,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,WAAA,EAAa,MAAA,CAAO,CAAA,CAAE,WAAW,CAAA;AAAA,EACjC,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,KAAA,EAAQ,EAAE,KAAA,IAA2B,IAAA;AAAA,EACrC,aAAA,EAAgB,EAAE,aAAA,IAAmC,IAAA;AAAA,EACrD,mBAAA,EAAsB,EAAE,mBAAA,IAAmD,IAAA;AAAA,EAC3E,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,UAAA,EAAa,EAAE,UAAA,IAA8B;AAC/C,CAAA,CAAA;AAEA,IAAM,UAAA,GAAa,CAAC,CAAA,MAAiD;AAAA,EACnE,EAAA,EAAI,MAAA,CAAO,CAAA,CAAE,EAAE,CAAA;AAAA,EACf,SAAA,EAAW,MAAA,CAAO,CAAA,CAAE,SAAS,CAAA;AAAA,EAC7B,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,QAAA,EAAU,MAAA,CAAO,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC3B,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,SAAA,EAAY,EAAE,SAAA,IAA6B;AAC7C,CAAA,CAAA;AAEA,IAAM,UAAA,GAAa,CAAC,CAAA,MAA4C;AAAA,EAC9D,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,aAAA,EAAgB,CAAA,CAAE,aAAA,IAAqC,EAAC;AAAA,EACxD,WAAW,CAAA,CAAE;AACf,CAAA,CAAA;AAEA,IAAM,MAAA,GAAS,CAAC,CAAA,MAA+C;AAAA,EAC7D,GAAA,EAAK,MAAA,CAAO,CAAA,CAAE,GAAG,CAAA;AAAA,EACjB,KAAK,CAAA,CAAE,GAAA;AAAA,EACP,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,YAAY,CAAA,CAAE,UAAA;AAAA,EACd,MAAA,EAAQ,OAAA,CAAQ,CAAA,CAAE,MAAM,CAAA;AAAA,EACxB,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,SAAA,EAAY,EAAE,SAAA,IAA6B;AAC7C,CAAA,CAAA;AAEO,SAAS,iBAAiB,IAAA,EAA2C;AAC1E,EAAA,MAAM,EAAE,IAAI,MAAA,EAAQ,UAAA,GAAa,MAAM,MAAA,CAAO,UAAA,IAAa,GAAI,IAAA;AAC/D,EAAA,MAAM,EAAE,OAAO,WAAA,EAAa,IAAA,EAAM,oBAAoB,aAAA,EAAe,QAAA,EAAU,aAAY,GACzF,MAAA;AAEF,EAAA,OAAO;AAAA,IACL,KAAA,EAAO;AAAA,MACL,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,KAAK,UAAA,EAAW;AACtB,QAAA,MAAM,CAAC,GAAG,CAAA,GAAI,MAAM,EAAA,CACjB,OAAO,KAAK,CAAA,CACZ,MAAA,CAAO,EAAE,IAAI,IAAA,EAAM,KAAA,CAAM,IAAA,EAAM,EAC/B,SAAA,EAAU;AACb,QAAA,MAAM,EAAA,CACH,MAAA,CAAO,WAAW,CAAA,CAClB,MAAA,CAAO,EAAE,MAAA,EAAQ,EAAA,EAAI,MAAA,EAAQ,KAAA,CAAM,WAAA,EAAa,IAAA,EAAM,SAAS,CAAA;AAClE,QAAA,OAAO,QAAQ,GAA8B,CAAA;AAAA,MAC/C,CAAA;AAAA,MACA,MAAM,QAAQ,MAAA,EAAQ;AACpB,QAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,KAAK,CAAA,CAAE,KAAA,CAAMC,aAAA,CAAG,MAAM,EAAA,EAAI,MAAM,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AAC9E,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACnD,CAAA;AAAA,MACA,MAAM,OAAO,MAAA,EAAQ;AACnB,QAAA,MAAM,EAAA,CAAG,OAAO,KAAK,CAAA,CAAE,MAAMA,aAAA,CAAG,KAAA,CAAM,EAAA,EAAI,MAAM,CAAC,CAAA;AAAA,MACnD,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,CAAO;AAAA,UACN,IAAI,KAAA,CAAM,EAAA;AAAA,UACV,MAAM,KAAA,CAAM,IAAA;AAAA,UACZ,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,MAAM,WAAA,CAAY;AAAA,SACnB,CAAA,CACA,IAAA,CAAK,WAAW,CAAA,CAChB,SAAA,CAAU,OAAOA,aAAA,CAAG,WAAA,CAAY,QAAQ,KAAA,CAAM,EAAE,CAAC,CAAA,CACjD,KAAA,CAAMA,cAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAA;AACvC,QAAA,OAAQ,IAAA,CAAmC,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,UACrD,GAAG,QAAQ,CAAC,CAAA;AAAA,UACZ,MAAM,CAAA,CAAE;AAAA,SACV,CAAE,CAAA;AAAA,MACJ,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,IAAA,CAAK,WAAW,CAAA,CAAE,KAAA,CAAMA,aAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAA;AACrF,QAAA,OAAQ,IAAA,CAAmC,IAAI,SAAS,CAAA;AAAA,MAC1D,CAAA;AAAA,MACA,MAAM,aAAA,CAAc,MAAA,EAAQ,MAAA,EAAQ;AAClC,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,GACA,IAAA,CAAK,WAAW,CAAA,CAChB,KAAA,CAAMC,cAAA,CAAID,aAAA,CAAG,YAAY,MAAA,EAAQ,MAAM,CAAA,EAAGA,aAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAC,CAAA,CACzE,KAAA,CAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,SAAA,CAAU,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACrD,CAAA;AAAA,MACA,MAAM,SAAA,CAAU,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM;AACpC,QAAA,MAAM,EAAA,CACH,MAAA,CAAO,WAAW,CAAA,CAClB,MAAA,CAAO,EAAE,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM,CAAA,CAC/B,kBAAA,CAAmB;AAAA,UAClB,MAAA,EAAQ,CAAC,WAAA,CAAY,MAAA,EAAQ,YAAY,MAAM,CAAA;AAAA,UAC/C,GAAA,EAAK,EAAE,IAAA;AAAK,SACb,CAAA;AAAA,MACL,CAAA;AAAA,MACA,MAAM,YAAA,CAAa,MAAA,EAAQ,MAAA,EAAQ;AACjC,QAAA,MAAM,GACH,MAAA,CAAO,WAAW,CAAA,CAClB,KAAA,CAAMC,eAAID,aAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,GAAGA,aAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAC,CAAA;AAAA,MAC9E;AAAA,KACF;AAAA,IAEA,IAAA,EAAM;AAAA,MACJ,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,CAAC,GAAG,CAAA,GAAI,MAAM,GACjB,MAAA,CAAO,IAAI,EACX,MAAA,CAAO;AAAA,UACN,IAAI,KAAA,CAAM,EAAA;AAAA,UACV,QAAQ,KAAA,CAAM,MAAA;AAAA,UACd,MAAM,KAAA,CAAM,IAAA;AAAA,UACZ,WAAA,EAAa,MAAM,WAAA,IAAe,IAAA;AAAA,UAClC,OAAA,EAAS,MAAM,OAAA,IAAW,IAAA;AAAA,UAC1B,MAAM,KAAA,CAAM,IAAA;AAAA,UACZ,gBAAA,EAAkB,MAAM,gBAAA,IAAoB,IAAA;AAAA,UAC5C,cAAc,KAAA,CAAM,YAAA;AAAA,UACpB,eAAe,KAAA,CAAM,aAAA;AAAA,UACrB,aAAa,KAAA,CAAM;AAAA,SACpB,EACA,SAAA,EAAU;AACb,QAAA,OAAO,OAAO,GAA8B,CAAA;AAAA,MAC9C,CAAA;AAAA,MACA,MAAM,QAAQ,KAAA,EAAO;AACnB,QAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,IAAI,CAAA,CAAE,KAAA,CAAMA,aAAA,CAAG,KAAK,EAAA,EAAI,KAAK,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AAC3E,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,QAAQ,KAAA,EAAO;AACnB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,IAAA,CAAK,IAAI,CAAA,CAAE,OAAA,CAAQE,eAAA,CAAK,IAAA,CAAK,SAAS,CAAC,CAAA;AACtE,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,QAAO,CACP,IAAA,CAAK,IAAI,CAAA,CACT,KAAA,CAAMF,cAAG,IAAA,CAAK,MAAA,EAAQ,MAAM,CAAC,CAAA,CAC7B,QAAQE,eAAA,CAAK,IAAA,CAAK,SAAS,CAAC,CAAA;AAC/B,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,CAAO;AAAA,UACN,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,QAAQ,IAAA,CAAK,MAAA;AAAA,UACb,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,aAAa,IAAA,CAAK,WAAA;AAAA,UAClB,SAAS,IAAA,CAAK,OAAA;AAAA,UACd,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,kBAAkB,IAAA,CAAK,gBAAA;AAAA,UACvB,cAAc,IAAA,CAAK,YAAA;AAAA,UACnB,eAAe,IAAA,CAAK,aAAA;AAAA,UACpB,aAAa,IAAA,CAAK,WAAA;AAAA,UAClB,WAAW,IAAA,CAAK,SAAA;AAAA,UAChB,WAAW,IAAA,CAAK,SAAA;AAAA,UAChB,YAAY,IAAA,CAAK;AAAA,SAClB,CAAA,CACA,IAAA,CAAK,IAAI,CAAA,CACT,UAAU,WAAA,EAAaF,aAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,IAAA,CAAK,MAAM,CAAC,CAAA,CAC1D,KAAA,CAAMA,aAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAA,CACpC,OAAA,CAAQE,eAAA,CAAK,IAAA,CAAK,SAAS,CAAC,CAAA;AAC/B,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,MAAA,CAAO,KAAA,EAAO,KAAA,EAAO;AACzB,QAAA,MAAM,GAAA,GAA+B,EAAE,SAAA,kBAAW,IAAI,MAAK,EAAE;AAC7D,QAAA,IAAI,KAAA,CAAM,IAAA,KAAS,MAAA,EAAW,GAAA,CAAI,OAAO,KAAA,CAAM,IAAA;AAC/C,QAAA,IAAI,KAAA,CAAM,WAAA,KAAgB,MAAA,EAAW,GAAA,CAAI,cAAc,KAAA,CAAM,WAAA;AAC7D,QAAA,IAAI,KAAA,CAAM,OAAA,KAAY,MAAA,EAAW,GAAA,CAAI,UAAU,KAAA,CAAM,OAAA;AACrD,QAAA,IAAI,KAAA,CAAM,YAAA,KAAiB,MAAA,EAAW,GAAA,CAAI,eAAe,KAAA,CAAM,YAAA;AAC/D,QAAA,IAAI,KAAA,CAAM,aAAA,KAAkB,MAAA,EAAW,GAAA,CAAI,gBAAgB,KAAA,CAAM,aAAA;AACjE,QAAA,IAAI,KAAA,CAAM,WAAA,KAAgB,MAAA,EAAW,GAAA,CAAI,cAAc,KAAA,CAAM,WAAA;AAC7D,QAAA,IAAI,KAAA,CAAM,gBAAA,KAAqB,MAAA,EAAW,GAAA,CAAI,mBAAmB,KAAA,CAAM,gBAAA;AACvE,QAAA,IAAI,KAAA,CAAM,UAAA,KAAe,MAAA,EAAW,GAAA,CAAI,aAAa,KAAA,CAAM,UAAA;AAC3D,QAAA,MAAM,CAAC,GAAG,CAAA,GAAI,MAAM,EAAA,CAAG,MAAA,CAAO,IAAI,CAAA,CAAE,GAAA,CAAI,GAAG,CAAA,CAAE,MAAMF,aAAA,CAAG,IAAA,CAAK,IAAI,KAAK,CAAC,EAAE,SAAA,EAAU;AACjF,QAAA,OAAO,OAAO,GAA8B,CAAA;AAAA,MAC9C,CAAA;AAAA,MACA,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,EAAA,CAAG,OAAO,IAAI,CAAA,CAAE,MAAMA,aAAA,CAAG,IAAA,CAAK,EAAA,EAAI,KAAK,CAAC,CAAA;AAAA,MAChD;AAAA,KACF;AAAA,IAEA,KAAA,EAAO;AAAA,MACL,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,EAAA,CAAG,MAAA,CAAO,kBAAkB,CAAA,CAAE,MAAA,CAAO;AAAA,UACzC,UAAU,KAAA,CAAM,QAAA;AAAA,UAChB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,QAAQ,KAAA,CAAM,MAAA;AAAA,UACd,aAAa,KAAA,CAAM,WAAA;AAAA,UACnB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,eAAe,KAAA,CAAM,aAAA;AAAA,UACrB,qBAAqB,KAAA,CAAM,mBAAA;AAAA,UAC3B,WAAW,KAAA,CAAM;AAAA,SAClB,CAAA;AAAA,MACH,CAAA;AAAA,MACA,MAAM,QAAQ,QAAA,EAAU;AAGtB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,CAAO,kBAAkB,CAAA,CACzB,GAAA,CAAI,EAAE,UAAA,kBAAY,IAAI,IAAA,EAAK,EAAG,CAAA,CAC9B,KAAA;AAAA,UACCC,cAAA;AAAA,YACED,aAAA,CAAG,kBAAA,CAAmB,QAAA,EAAU,QAAQ,CAAA;AAAA,YACxCG,cAAA,CAAA,EAAM,mBAAmB,UAAU,CAAA,QAAA,CAAA;AAAA,YACnCA,cAAA,CAAA,EAAM,mBAAmB,SAAS,CAAA,QAAA;AAAA;AACpC,UAED,SAAA,EAAU;AACb,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACnD;AAAA,KACF;AAAA,IAEA,OAAA,EAAS;AAAA,MACP,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,CAAC,GAAG,CAAA,GAAI,MAAM,GACjB,MAAA,CAAO,aAAa,EACpB,MAAA,CAAO;AAAA,UACN,IAAI,KAAA,CAAM,EAAA;AAAA,UACV,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,QAAQ,KAAA,CAAM,MAAA;AAAA,UACd,UAAU,KAAA,CAAM,QAAA;AAAA,UAChB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,WAAW,KAAA,CAAM;AAAA,SAClB,EACA,SAAA,EAAU;AACb,QAAA,OAAO,WAAW,GAA8B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,UAAU,IAAA,EAAM;AACpB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,MAAA,EAAO,CACP,KAAK,aAAa,CAAA,CAClB,KAAA,CAAMH,aAAA,CAAG,cAAc,SAAA,EAAW,IAAI,CAAC,CAAA,CACvC,MAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,UAAA,CAAW,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACtD,CAAA;AAAA,MACA,MAAM,YAAY,EAAA,EAAI;AACpB,QAAA,MAAM,EAAA,CACH,OAAO,aAAa,CAAA,CACpB,IAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,EAC7B,KAAA,CAAMC,cAAA,CAAID,aAAA,CAAG,aAAA,CAAc,EAAA,EAAI,EAAE,GAAGG,cAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU,CAAC,CAAA;AAAA,MACjF,CAAA;AAAA,MACA,MAAM,aAAa,QAAA,EAAU;AAC3B,QAAA,MAAM,EAAA,CACH,MAAA,CAAO,aAAa,CAAA,CACpB,GAAA,CAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,CAAA,CAC7B,KAAA;AAAA,UACCF,cAAA,CAAID,cAAG,aAAA,CAAc,QAAA,EAAU,QAAQ,CAAA,EAAGG,cAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU;AAAA,SACnF;AAAA,MACJ,CAAA;AAAA,MACA,MAAM,iBAAiB,MAAA,EAAQ;AAC7B,QAAA,MAAM,EAAA,CACH,OAAO,aAAa,CAAA,CACpB,IAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,EAC7B,KAAA,CAAMF,cAAA,CAAID,aAAA,CAAG,aAAA,CAAc,MAAA,EAAQ,MAAM,GAAGG,cAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU,CAAC,CAAA;AAAA,MACzF,CAAA;AAAA,MACA,MAAM,gBAAgB,KAAA,EAAO;AAC3B,QAAA,MAAM,EAAA,CACH,OAAO,aAAa,CAAA,CACpB,IAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,EAC7B,KAAA,CAAMF,cAAA,CAAID,aAAA,CAAG,aAAA,CAAc,KAAA,EAAO,KAAK,GAAGG,cAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU,CAAC,CAAA;AAAA,MACvF,CAAA;AAAA,MACA,MAAM,WAAW,KAAA,EAAO;AACtB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,QAAO,CACP,IAAA,CAAK,aAAa,CAAA,CAClB,KAAA,CAAMH,cAAG,aAAA,CAAc,KAAA,EAAO,KAAK,CAAC,CAAA,CACpC,QAAQE,eAAA,CAAK,aAAA,CAAc,SAAS,CAAC,CAAA;AACxC,QAAA,OAAQ,IAAA,CAAmC,IAAI,UAAU,CAAA;AAAA,MAC3D;AAAA,KACF;AAAA,IAEA,OAAA,EAAS;AAAA,MACP,MAAM,GAAA,CAAI,MAAA,EAAQ,KAAA,EAAO;AACvB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,GACA,IAAA,CAAK,QAAQ,CAAA,CACb,KAAA,CAAMD,cAAA,CAAID,aAAA,CAAG,SAAS,MAAA,EAAQ,MAAM,CAAA,EAAGA,aAAA,CAAG,QAAA,CAAS,KAAA,EAAO,KAAK,CAAC,CAAC,CAAA,CACjE,KAAA,CAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,UAAA,CAAW,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACtD,CAAA;AAAA,MACA,MAAM,MAAA,CAAO,MAAA,EAAQ,KAAA,EAAO,aAAA,EAAe;AACzC,QAAA,MAAM,EAAA,CACH,MAAA,CAAO,QAAQ,CAAA,CACf,MAAA,CAAO,EAAE,MAAA,EAAQ,KAAA,EAAO,aAAA,EAAe,CAAA,CACvC,kBAAA,CAAmB;AAAA,UAClB,MAAA,EAAQ,CAAC,QAAA,CAAS,MAAA,EAAQ,SAAS,KAAK,CAAA;AAAA,UACxC,KAAK,EAAE,aAAA,EAAe,SAAA,kBAAW,IAAI,MAAK;AAAE,SAC7C,CAAA;AAAA,MACL,CAAA;AAAA,MACA,MAAM,MAAA,CAAO,MAAA,EAAQ,KAAA,EAAO;AAC1B,QAAA,MAAM,GACH,MAAA,CAAO,QAAQ,CAAA,CACf,KAAA,CAAMC,eAAID,aAAA,CAAG,QAAA,CAAS,MAAA,EAAQ,MAAM,GAAGA,aAAA,CAAG,QAAA,CAAS,KAAA,EAAO,KAAK,CAAC,CAAC,CAAA;AAAA,MACtE;AAAA,KACF;AAAA,IAEA,IAAA,EAAM;AAAA,MACJ,MAAM,UAAA,GAAa;AACjB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,QAAO,CACP,IAAA,CAAK,WAAW,CAAA,CAChB,KAAA,CAAMA,cAAG,WAAA,CAAY,MAAA,EAAQ,IAAI,CAAC,CAAA,CAClC,QAAQE,eAAA,CAAK,WAAA,CAAY,SAAS,CAAC,CAAA;AACtC,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,SAAA,GAAY;AAChB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,GACA,IAAA,CAAK,WAAW,CAAA,CAChB,KAAA,CAAMF,aAAA,CAAG,WAAA,CAAY,QAAQ,IAAI,CAAC,EAClC,OAAA,CAAQE,eAAA,CAAK,YAAY,SAAS,CAAC,CAAA,CACnC,KAAA,CAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,CAAC,GAAG,CAAA,GAAI,MAAM,GACjB,MAAA,CAAO,WAAW,EAClB,MAAA,CAAO;AAAA,UACN,KAAK,KAAA,CAAM,GAAA;AAAA,UACX,KAAK,KAAA,CAAM,GAAA;AAAA,UACX,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,YAAY,KAAA,CAAM,UAAA;AAAA,UAClB,MAAA,EAAQ;AAAA,SACT,EACA,SAAA,EAAU;AACb,QAAA,OAAO,OAAO,GAA8B,CAAA;AAAA,MAC9C,CAAA;AAAA,MACA,MAAM,YAAY,GAAA,EAAK;AACrB,QAAA,MAAM,GACH,MAAA,CAAO,WAAW,EAClB,GAAA,CAAI,EAAE,QAAQ,KAAA,EAAO,SAAA,sBAAe,IAAA,EAAK,EAAG,CAAA,CAC5C,KAAA,CAAMF,cAAG,WAAA,CAAY,GAAA,EAAK,GAAG,CAAC,CAAA;AAAA,MACnC;AAAA;AACF,GACF;AACF","file":"index.cjs","sourcesContent":["/**\n * Postgres adapter for @holeauth/plugin-idp.\n *\n * Exports:\n * - `createIdpTables({ usersTable, prefix? })` — returns drizzle tables\n * + relations. The `usersTable` must have at minimum an `id` column;\n * team memberships reference users and cascade on delete.\n * - `createIdpAdapter({ db, tables })` — constructs an IdpAdapter.\n *\n * The schema covers: teams + members, apps, authorization codes, refresh\n * tokens (with family ids), user × app consents, and signing keys (JWKs).\n */\nimport {\n pgTable,\n text,\n boolean,\n timestamp,\n jsonb,\n primaryKey,\n index,\n uniqueIndex,\n type PgTableWithColumns,\n} from 'drizzle-orm/pg-core';\nimport { relations, eq, and, sql, desc } from 'drizzle-orm';\nimport type {\n IdpAdapter,\n IdpApp,\n IdpAuthorizationCode,\n IdpConsent,\n IdpRefreshToken,\n IdpSigningKey,\n IdpTeam,\n IdpTeamMember,\n SigningAlg,\n TeamRole,\n AppType,\n} from '@holeauth/plugin-idp';\n\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport type PgUsersTable = PgTableWithColumns<any> & { id: any };\n\nexport interface CreateIdpTablesOptions<U extends PgUsersTable> {\n usersTable: U;\n prefix?: string;\n}\n\nexport function createIdpTables<U extends PgUsersTable>(opts: CreateIdpTablesOptions<U>) {\n const { usersTable, prefix = 'holeauth_idp_' } = opts;\n const p = (s: string) => `${prefix}${s}`;\n\n const teams = pgTable(p('team'), {\n id: text('id').primaryKey(),\n name: text('name').notNull(),\n createdAt: timestamp('created_at', { withTimezone: true, mode: 'date' })\n .notNull()\n .defaultNow(),\n });\n\n const teamMembers = pgTable(\n p('team_member'),\n {\n teamId: text('team_id')\n .notNull()\n .references(() => teams.id, { onDelete: 'cascade' }),\n userId: text('user_id')\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n role: text('role').notNull().$type<TeamRole>(),\n addedAt: timestamp('added_at', { withTimezone: true, mode: 'date' })\n .notNull()\n .defaultNow(),\n },\n (t) => ({\n pk: primaryKey({ columns: [t.teamId, t.userId] }),\n userIdx: index().on(t.userId),\n }),\n );\n\n const apps = pgTable(\n p('app'),\n {\n id: text('id').primaryKey(),\n teamId: text('team_id')\n .notNull()\n .references(() => teams.id, { onDelete: 'cascade' }),\n name: text('name').notNull(),\n description: text('description'),\n logoUrl: text('logo_url'),\n type: text('type').notNull().$type<AppType>(),\n clientSecretHash: text('client_secret_hash'),\n redirectUris: text('redirect_uris').array().notNull().default([]),\n allowedScopes: text('allowed_scopes').array().notNull().default([]),\n requirePkce: boolean('require_pkce').notNull().default(true),\n createdAt: timestamp('created_at', { withTimezone: true, mode: 'date' })\n .notNull()\n .defaultNow(),\n updatedAt: timestamp('updated_at', { withTimezone: true, mode: 'date' })\n .notNull()\n .defaultNow(),\n disabledAt: timestamp('disabled_at', { withTimezone: true, mode: 'date' }),\n },\n (t) => ({\n teamIdx: index().on(t.teamId),\n }),\n );\n\n const authorizationCodes = pgTable(\n p('authorization_code'),\n {\n codeHash: text('code_hash').primaryKey(),\n appId: text('app_id')\n .notNull()\n .references(() => apps.id, { onDelete: 'cascade' }),\n userId: text('user_id')\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n redirectUri: text('redirect_uri').notNull(),\n scope: text('scope').notNull(),\n nonce: text('nonce'),\n codeChallenge: text('code_challenge'),\n codeChallengeMethod: text('code_challenge_method'),\n expiresAt: timestamp('expires_at', { withTimezone: true, mode: 'date' }).notNull(),\n consumedAt: timestamp('consumed_at', { withTimezone: true, mode: 'date' }),\n },\n (t) => ({\n expiresIdx: index().on(t.expiresAt),\n }),\n );\n\n const refreshTokens = pgTable(\n p('refresh_token'),\n {\n id: text('id').primaryKey(),\n tokenHash: text('token_hash').notNull(),\n appId: text('app_id')\n .notNull()\n .references(() => apps.id, { onDelete: 'cascade' }),\n userId: text('user_id')\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n familyId: text('family_id').notNull(),\n scope: text('scope').notNull(),\n expiresAt: timestamp('expires_at', { withTimezone: true, mode: 'date' }).notNull(),\n createdAt: timestamp('created_at', { withTimezone: true, mode: 'date' })\n .notNull()\n .defaultNow(),\n revokedAt: timestamp('revoked_at', { withTimezone: true, mode: 'date' }),\n },\n (t) => ({\n hashIdx: uniqueIndex().on(t.tokenHash),\n familyIdx: index().on(t.familyId),\n userIdx: index().on(t.userId),\n appIdx: index().on(t.appId),\n }),\n );\n\n const consents = pgTable(\n p('consent'),\n {\n userId: text('user_id')\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n appId: text('app_id')\n .notNull()\n .references(() => apps.id, { onDelete: 'cascade' }),\n scopesGranted: text('scopes_granted').array().notNull().default([]),\n grantedAt: timestamp('granted_at', { withTimezone: true, mode: 'date' })\n .notNull()\n .defaultNow(),\n },\n (t) => ({\n pk: primaryKey({ columns: [t.userId, t.appId] }),\n }),\n );\n\n const signingKeys = pgTable(p('signing_key'), {\n kid: text('kid').primaryKey(),\n alg: text('alg').notNull().$type<SigningAlg>(),\n publicJwk: jsonb('public_jwk').notNull().$type<Record<string, unknown>>(),\n privateJwk: jsonb('private_jwk').notNull().$type<Record<string, unknown>>(),\n active: boolean('active').notNull().default(true),\n createdAt: timestamp('created_at', { withTimezone: true, mode: 'date' })\n .notNull()\n .defaultNow(),\n rotatedAt: timestamp('rotated_at', { withTimezone: true, mode: 'date' }),\n });\n\n const teamMembersRelations = relations(teamMembers, ({ one }) => ({\n team: one(teams, { fields: [teamMembers.teamId], references: [teams.id] }),\n user: one(usersTable, { fields: [teamMembers.userId], references: [usersTable.id] }),\n }));\n const appsRelations = relations(apps, ({ one }) => ({\n team: one(teams, { fields: [apps.teamId], references: [teams.id] }),\n }));\n\n return {\n tables: {\n teams,\n teamMembers,\n apps,\n authorizationCodes,\n refreshTokens,\n consents,\n signingKeys,\n },\n relations: { teamMembersRelations, appsRelations },\n };\n}\n\n/* ────────────────────────── adapter ────────────────────────── */\n\ntype Tables = ReturnType<typeof createIdpTables>['tables'];\n\nexport interface CreateIdpAdapterOptions {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n db: any;\n tables: Tables;\n generateId?: () => string;\n}\n\nconst appRow = (r: Record<string, unknown>): IdpApp => ({\n id: String(r.id),\n teamId: String(r.teamId),\n name: String(r.name),\n description: (r.description as string | null) ?? null,\n logoUrl: (r.logoUrl as string | null) ?? null,\n type: r.type as AppType,\n clientSecretHash: (r.clientSecretHash as string | null) ?? null,\n redirectUris: (r.redirectUris as string[] | null) ?? [],\n allowedScopes: (r.allowedScopes as string[] | null) ?? [],\n requirePkce: Boolean(r.requirePkce),\n createdAt: r.createdAt as Date,\n updatedAt: r.updatedAt as Date,\n disabledAt: (r.disabledAt as Date | null) ?? null,\n});\n\nconst teamRow = (r: Record<string, unknown>): IdpTeam => ({\n id: String(r.id),\n name: String(r.name),\n createdAt: r.createdAt as Date,\n});\n\nconst memberRow = (r: Record<string, unknown>): IdpTeamMember => ({\n teamId: String(r.teamId),\n userId: String(r.userId),\n role: r.role as TeamRole,\n addedAt: r.addedAt as Date,\n});\n\nconst codeRow = (r: Record<string, unknown>): IdpAuthorizationCode => ({\n codeHash: String(r.codeHash),\n appId: String(r.appId),\n userId: String(r.userId),\n redirectUri: String(r.redirectUri),\n scope: String(r.scope),\n nonce: (r.nonce as string | null) ?? null,\n codeChallenge: (r.codeChallenge as string | null) ?? null,\n codeChallengeMethod: (r.codeChallengeMethod as 'S256' | 'plain' | null) ?? null,\n expiresAt: r.expiresAt as Date,\n consumedAt: (r.consumedAt as Date | null) ?? null,\n});\n\nconst refreshRow = (r: Record<string, unknown>): IdpRefreshToken => ({\n id: String(r.id),\n tokenHash: String(r.tokenHash),\n appId: String(r.appId),\n userId: String(r.userId),\n familyId: String(r.familyId),\n scope: String(r.scope),\n expiresAt: r.expiresAt as Date,\n createdAt: r.createdAt as Date,\n revokedAt: (r.revokedAt as Date | null) ?? null,\n});\n\nconst consentRow = (r: Record<string, unknown>): IdpConsent => ({\n userId: String(r.userId),\n appId: String(r.appId),\n scopesGranted: (r.scopesGranted as string[] | null) ?? [],\n grantedAt: r.grantedAt as Date,\n});\n\nconst keyRow = (r: Record<string, unknown>): IdpSigningKey => ({\n kid: String(r.kid),\n alg: r.alg as SigningAlg,\n publicJwk: r.publicJwk as Record<string, unknown>,\n privateJwk: r.privateJwk as Record<string, unknown>,\n active: Boolean(r.active),\n createdAt: r.createdAt as Date,\n rotatedAt: (r.rotatedAt as Date | null) ?? null,\n});\n\nexport function createIdpAdapter(opts: CreateIdpAdapterOptions): IdpAdapter {\n const { db, tables, generateId = () => crypto.randomUUID() } = opts;\n const { teams, teamMembers, apps, authorizationCodes, refreshTokens, consents, signingKeys } =\n tables;\n\n return {\n teams: {\n async create(input) {\n const id = generateId();\n const [row] = await db\n .insert(teams)\n .values({ id, name: input.name })\n .returning();\n await db\n .insert(teamMembers)\n .values({ teamId: id, userId: input.ownerUserId, role: 'owner' });\n return teamRow(row as Record<string, unknown>);\n },\n async getById(teamId) {\n const rows = await db.select().from(teams).where(eq(teams.id, teamId)).limit(1);\n if (!rows.length) return null;\n return teamRow(rows[0] as Record<string, unknown>);\n },\n async delete(teamId) {\n await db.delete(teams).where(eq(teams.id, teamId));\n },\n async listForUser(userId) {\n const rows = await db\n .select({\n id: teams.id,\n name: teams.name,\n createdAt: teams.createdAt,\n role: teamMembers.role,\n })\n .from(teamMembers)\n .innerJoin(teams, eq(teamMembers.teamId, teams.id))\n .where(eq(teamMembers.userId, userId));\n return (rows as Record<string, unknown>[]).map((r) => ({\n ...teamRow(r),\n role: r.role as TeamRole,\n }));\n },\n async listMembers(teamId) {\n const rows = await db.select().from(teamMembers).where(eq(teamMembers.teamId, teamId));\n return (rows as Record<string, unknown>[]).map(memberRow);\n },\n async getMembership(teamId, userId) {\n const rows = await db\n .select()\n .from(teamMembers)\n .where(and(eq(teamMembers.teamId, teamId), eq(teamMembers.userId, userId)))\n .limit(1);\n if (!rows.length) return null;\n return memberRow(rows[0] as Record<string, unknown>);\n },\n async addMember(teamId, userId, role) {\n await db\n .insert(teamMembers)\n .values({ teamId, userId, role })\n .onConflictDoUpdate({\n target: [teamMembers.teamId, teamMembers.userId],\n set: { role },\n });\n },\n async removeMember(teamId, userId) {\n await db\n .delete(teamMembers)\n .where(and(eq(teamMembers.teamId, teamId), eq(teamMembers.userId, userId)));\n },\n },\n\n apps: {\n async create(input) {\n const [row] = await db\n .insert(apps)\n .values({\n id: input.id,\n teamId: input.teamId,\n name: input.name,\n description: input.description ?? null,\n logoUrl: input.logoUrl ?? null,\n type: input.type,\n clientSecretHash: input.clientSecretHash ?? null,\n redirectUris: input.redirectUris,\n allowedScopes: input.allowedScopes,\n requirePkce: input.requirePkce,\n })\n .returning();\n return appRow(row as Record<string, unknown>);\n },\n async getById(appId) {\n const rows = await db.select().from(apps).where(eq(apps.id, appId)).limit(1);\n if (!rows.length) return null;\n return appRow(rows[0] as Record<string, unknown>);\n },\n async listAll(_opts) {\n const rows = await db.select().from(apps).orderBy(desc(apps.createdAt));\n return (rows as Record<string, unknown>[]).map(appRow);\n },\n async listForTeam(teamId) {\n const rows = await db\n .select()\n .from(apps)\n .where(eq(apps.teamId, teamId))\n .orderBy(desc(apps.createdAt));\n return (rows as Record<string, unknown>[]).map(appRow);\n },\n async listForUser(userId) {\n const rows = await db\n .select({\n id: apps.id,\n teamId: apps.teamId,\n name: apps.name,\n description: apps.description,\n logoUrl: apps.logoUrl,\n type: apps.type,\n clientSecretHash: apps.clientSecretHash,\n redirectUris: apps.redirectUris,\n allowedScopes: apps.allowedScopes,\n requirePkce: apps.requirePkce,\n createdAt: apps.createdAt,\n updatedAt: apps.updatedAt,\n disabledAt: apps.disabledAt,\n })\n .from(apps)\n .innerJoin(teamMembers, eq(teamMembers.teamId, apps.teamId))\n .where(eq(teamMembers.userId, userId))\n .orderBy(desc(apps.createdAt));\n return (rows as Record<string, unknown>[]).map(appRow);\n },\n async update(appId, patch) {\n const set: Record<string, unknown> = { updatedAt: new Date() };\n if (patch.name !== undefined) set.name = patch.name;\n if (patch.description !== undefined) set.description = patch.description;\n if (patch.logoUrl !== undefined) set.logoUrl = patch.logoUrl;\n if (patch.redirectUris !== undefined) set.redirectUris = patch.redirectUris;\n if (patch.allowedScopes !== undefined) set.allowedScopes = patch.allowedScopes;\n if (patch.requirePkce !== undefined) set.requirePkce = patch.requirePkce;\n if (patch.clientSecretHash !== undefined) set.clientSecretHash = patch.clientSecretHash;\n if (patch.disabledAt !== undefined) set.disabledAt = patch.disabledAt;\n const [row] = await db.update(apps).set(set).where(eq(apps.id, appId)).returning();\n return appRow(row as Record<string, unknown>);\n },\n async delete(appId) {\n await db.delete(apps).where(eq(apps.id, appId));\n },\n },\n\n codes: {\n async create(input) {\n await db.insert(authorizationCodes).values({\n codeHash: input.codeHash,\n appId: input.appId,\n userId: input.userId,\n redirectUri: input.redirectUri,\n scope: input.scope,\n nonce: input.nonce,\n codeChallenge: input.codeChallenge,\n codeChallengeMethod: input.codeChallengeMethod,\n expiresAt: input.expiresAt,\n });\n },\n async consume(codeHash) {\n // Atomic single-statement claim: only returns if row exists,\n // was not already consumed, and has not yet expired.\n const rows = await db\n .update(authorizationCodes)\n .set({ consumedAt: new Date() })\n .where(\n and(\n eq(authorizationCodes.codeHash, codeHash),\n sql`${authorizationCodes.consumedAt} IS NULL`,\n sql`${authorizationCodes.expiresAt} > NOW()`,\n ),\n )\n .returning();\n if (!rows.length) return null;\n return codeRow(rows[0] as Record<string, unknown>);\n },\n },\n\n refresh: {\n async create(input) {\n const [row] = await db\n .insert(refreshTokens)\n .values({\n id: input.id,\n tokenHash: input.tokenHash,\n appId: input.appId,\n userId: input.userId,\n familyId: input.familyId,\n scope: input.scope,\n expiresAt: input.expiresAt,\n })\n .returning();\n return refreshRow(row as Record<string, unknown>);\n },\n async getByHash(hash) {\n const rows = await db\n .select()\n .from(refreshTokens)\n .where(eq(refreshTokens.tokenHash, hash))\n .limit(1);\n if (!rows.length) return null;\n return refreshRow(rows[0] as Record<string, unknown>);\n },\n async markRevoked(id) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(and(eq(refreshTokens.id, id), sql`${refreshTokens.revokedAt} IS NULL`));\n },\n async revokeFamily(familyId) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(\n and(eq(refreshTokens.familyId, familyId), sql`${refreshTokens.revokedAt} IS NULL`),\n );\n },\n async revokeAllForUser(userId) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(and(eq(refreshTokens.userId, userId), sql`${refreshTokens.revokedAt} IS NULL`));\n },\n async revokeAllForApp(appId) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(and(eq(refreshTokens.appId, appId), sql`${refreshTokens.revokedAt} IS NULL`));\n },\n async listForApp(appId) {\n const rows = await db\n .select()\n .from(refreshTokens)\n .where(eq(refreshTokens.appId, appId))\n .orderBy(desc(refreshTokens.createdAt));\n return (rows as Record<string, unknown>[]).map(refreshRow);\n },\n },\n\n consent: {\n async get(userId, appId) {\n const rows = await db\n .select()\n .from(consents)\n .where(and(eq(consents.userId, userId), eq(consents.appId, appId)))\n .limit(1);\n if (!rows.length) return null;\n return consentRow(rows[0] as Record<string, unknown>);\n },\n async upsert(userId, appId, scopesGranted) {\n await db\n .insert(consents)\n .values({ userId, appId, scopesGranted })\n .onConflictDoUpdate({\n target: [consents.userId, consents.appId],\n set: { scopesGranted, grantedAt: new Date() },\n });\n },\n async revoke(userId, appId) {\n await db\n .delete(consents)\n .where(and(eq(consents.userId, userId), eq(consents.appId, appId)));\n },\n },\n\n keys: {\n async listActive() {\n const rows = await db\n .select()\n .from(signingKeys)\n .where(eq(signingKeys.active, true))\n .orderBy(desc(signingKeys.createdAt));\n return (rows as Record<string, unknown>[]).map(keyRow);\n },\n async getActive() {\n const rows = await db\n .select()\n .from(signingKeys)\n .where(eq(signingKeys.active, true))\n .orderBy(desc(signingKeys.createdAt))\n .limit(1);\n if (!rows.length) return null;\n return keyRow(rows[0] as Record<string, unknown>);\n },\n async create(input) {\n const [row] = await db\n .insert(signingKeys)\n .values({\n kid: input.kid,\n alg: input.alg,\n publicJwk: input.publicJwk,\n privateJwk: input.privateJwk,\n active: true,\n })\n .returning();\n return keyRow(row as Record<string, unknown>);\n },\n async markRotated(kid) {\n await db\n .update(signingKeys)\n .set({ active: false, rotatedAt: new Date() })\n .where(eq(signingKeys.kid, kid));\n },\n },\n };\n}\n"]}