npm - @holeauth/idp-drizzle - Versions diffs - 0.0.1-alpha.0 - Mend

@holeauth/idp-drizzle 0.0.1-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/pg/index.js ADDED Viewed

@@ -0,0 +1,412 @@
+import { pgTable, timestamp, text, index, primaryKey, boolean, uniqueIndex, jsonb } from 'drizzle-orm/pg-core';
+import { relations, eq, desc, and, sql } from 'drizzle-orm';
+// src/pg/index.ts
+function createIdpTables(opts) {
+  const { usersTable, prefix = "holeauth_idp_" } = opts;
+  const p = (s) => `${prefix}${s}`;
+  const teams = pgTable(p("team"), {
+    id: text("id").primaryKey(),
+    name: text("name").notNull(),
+    createdAt: timestamp("created_at", { withTimezone: true, mode: "date" }).notNull().defaultNow()
+  });
+  const teamMembers = pgTable(
+    p("team_member"),
+    {
+      teamId: text("team_id").notNull().references(() => teams.id, { onDelete: "cascade" }),
+      userId: text("user_id").notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      role: text("role").notNull().$type(),
+      addedAt: timestamp("added_at", { withTimezone: true, mode: "date" }).notNull().defaultNow()
+    },
+    (t) => ({
+      pk: primaryKey({ columns: [t.teamId, t.userId] }),
+      userIdx: index().on(t.userId)
+    })
+  );
+  const apps = pgTable(
+    p("app"),
+    {
+      id: text("id").primaryKey(),
+      teamId: text("team_id").notNull().references(() => teams.id, { onDelete: "cascade" }),
+      name: text("name").notNull(),
+      description: text("description"),
+      logoUrl: text("logo_url"),
+      type: text("type").notNull().$type(),
+      clientSecretHash: text("client_secret_hash"),
+      redirectUris: text("redirect_uris").array().notNull().default([]),
+      allowedScopes: text("allowed_scopes").array().notNull().default([]),
+      requirePkce: boolean("require_pkce").notNull().default(true),
+      createdAt: timestamp("created_at", { withTimezone: true, mode: "date" }).notNull().defaultNow(),
+      updatedAt: timestamp("updated_at", { withTimezone: true, mode: "date" }).notNull().defaultNow(),
+      disabledAt: timestamp("disabled_at", { withTimezone: true, mode: "date" })
+    },
+    (t) => ({
+      teamIdx: index().on(t.teamId)
+    })
+  );
+  const authorizationCodes = pgTable(
+    p("authorization_code"),
+    {
+      codeHash: text("code_hash").primaryKey(),
+      appId: text("app_id").notNull().references(() => apps.id, { onDelete: "cascade" }),
+      userId: text("user_id").notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      redirectUri: text("redirect_uri").notNull(),
+      scope: text("scope").notNull(),
+      nonce: text("nonce"),
+      codeChallenge: text("code_challenge"),
+      codeChallengeMethod: text("code_challenge_method"),
+      expiresAt: timestamp("expires_at", { withTimezone: true, mode: "date" }).notNull(),
+      consumedAt: timestamp("consumed_at", { withTimezone: true, mode: "date" })
+    },
+    (t) => ({
+      expiresIdx: index().on(t.expiresAt)
+    })
+  );
+  const refreshTokens = pgTable(
+    p("refresh_token"),
+    {
+      id: text("id").primaryKey(),
+      tokenHash: text("token_hash").notNull(),
+      appId: text("app_id").notNull().references(() => apps.id, { onDelete: "cascade" }),
+      userId: text("user_id").notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      familyId: text("family_id").notNull(),
+      scope: text("scope").notNull(),
+      expiresAt: timestamp("expires_at", { withTimezone: true, mode: "date" }).notNull(),
+      createdAt: timestamp("created_at", { withTimezone: true, mode: "date" }).notNull().defaultNow(),
+      revokedAt: timestamp("revoked_at", { withTimezone: true, mode: "date" })
+    },
+    (t) => ({
+      hashIdx: uniqueIndex().on(t.tokenHash),
+      familyIdx: index().on(t.familyId),
+      userIdx: index().on(t.userId),
+      appIdx: index().on(t.appId)
+    })
+  );
+  const consents = pgTable(
+    p("consent"),
+    {
+      userId: text("user_id").notNull().references(() => usersTable.id, { onDelete: "cascade" }),
+      appId: text("app_id").notNull().references(() => apps.id, { onDelete: "cascade" }),
+      scopesGranted: text("scopes_granted").array().notNull().default([]),
+      grantedAt: timestamp("granted_at", { withTimezone: true, mode: "date" }).notNull().defaultNow()
+    },
+    (t) => ({
+      pk: primaryKey({ columns: [t.userId, t.appId] })
+    })
+  );
+  const signingKeys = pgTable(p("signing_key"), {
+    kid: text("kid").primaryKey(),
+    alg: text("alg").notNull().$type(),
+    publicJwk: jsonb("public_jwk").notNull().$type(),
+    privateJwk: jsonb("private_jwk").notNull().$type(),
+    active: boolean("active").notNull().default(true),
+    createdAt: timestamp("created_at", { withTimezone: true, mode: "date" }).notNull().defaultNow(),
+    rotatedAt: timestamp("rotated_at", { withTimezone: true, mode: "date" })
+  });
+  const teamMembersRelations = relations(teamMembers, ({ one }) => ({
+    team: one(teams, { fields: [teamMembers.teamId], references: [teams.id] }),
+    user: one(usersTable, { fields: [teamMembers.userId], references: [usersTable.id] })
+  }));
+  const appsRelations = relations(apps, ({ one }) => ({
+    team: one(teams, { fields: [apps.teamId], references: [teams.id] })
+  }));
+  return {
+    tables: {
+      teams,
+      teamMembers,
+      apps,
+      authorizationCodes,
+      refreshTokens,
+      consents,
+      signingKeys
+    },
+    relations: { teamMembersRelations, appsRelations }
+  };
+}
+var appRow = (r) => ({
+  id: String(r.id),
+  teamId: String(r.teamId),
+  name: String(r.name),
+  description: r.description ?? null,
+  logoUrl: r.logoUrl ?? null,
+  type: r.type,
+  clientSecretHash: r.clientSecretHash ?? null,
+  redirectUris: r.redirectUris ?? [],
+  allowedScopes: r.allowedScopes ?? [],
+  requirePkce: Boolean(r.requirePkce),
+  createdAt: r.createdAt,
+  updatedAt: r.updatedAt,
+  disabledAt: r.disabledAt ?? null
+});
+var teamRow = (r) => ({
+  id: String(r.id),
+  name: String(r.name),
+  createdAt: r.createdAt
+});
+var memberRow = (r) => ({
+  teamId: String(r.teamId),
+  userId: String(r.userId),
+  role: r.role,
+  addedAt: r.addedAt
+});
+var codeRow = (r) => ({
+  codeHash: String(r.codeHash),
+  appId: String(r.appId),
+  userId: String(r.userId),
+  redirectUri: String(r.redirectUri),
+  scope: String(r.scope),
+  nonce: r.nonce ?? null,
+  codeChallenge: r.codeChallenge ?? null,
+  codeChallengeMethod: r.codeChallengeMethod ?? null,
+  expiresAt: r.expiresAt,
+  consumedAt: r.consumedAt ?? null
+});
+var refreshRow = (r) => ({
+  id: String(r.id),
+  tokenHash: String(r.tokenHash),
+  appId: String(r.appId),
+  userId: String(r.userId),
+  familyId: String(r.familyId),
+  scope: String(r.scope),
+  expiresAt: r.expiresAt,
+  createdAt: r.createdAt,
+  revokedAt: r.revokedAt ?? null
+});
+var consentRow = (r) => ({
+  userId: String(r.userId),
+  appId: String(r.appId),
+  scopesGranted: r.scopesGranted ?? [],
+  grantedAt: r.grantedAt
+});
+var keyRow = (r) => ({
+  kid: String(r.kid),
+  alg: r.alg,
+  publicJwk: r.publicJwk,
+  privateJwk: r.privateJwk,
+  active: Boolean(r.active),
+  createdAt: r.createdAt,
+  rotatedAt: r.rotatedAt ?? null
+});
+function createIdpAdapter(opts) {
+  const { db, tables, generateId = () => crypto.randomUUID() } = opts;
+  const { teams, teamMembers, apps, authorizationCodes, refreshTokens, consents, signingKeys } = tables;
+  return {
+    teams: {
+      async create(input) {
+        const id = generateId();
+        const [row] = await db.insert(teams).values({ id, name: input.name }).returning();
+        await db.insert(teamMembers).values({ teamId: id, userId: input.ownerUserId, role: "owner" });
+        return teamRow(row);
+      },
+      async getById(teamId) {
+        const rows = await db.select().from(teams).where(eq(teams.id, teamId)).limit(1);
+        if (!rows.length) return null;
+        return teamRow(rows[0]);
+      },
+      async delete(teamId) {
+        await db.delete(teams).where(eq(teams.id, teamId));
+      },
+      async listForUser(userId) {
+        const rows = await db.select({
+          id: teams.id,
+          name: teams.name,
+          createdAt: teams.createdAt,
+          role: teamMembers.role
+        }).from(teamMembers).innerJoin(teams, eq(teamMembers.teamId, teams.id)).where(eq(teamMembers.userId, userId));
+        return rows.map((r) => ({
+          ...teamRow(r),
+          role: r.role
+        }));
+      },
+      async listMembers(teamId) {
+        const rows = await db.select().from(teamMembers).where(eq(teamMembers.teamId, teamId));
+        return rows.map(memberRow);
+      },
+      async getMembership(teamId, userId) {
+        const rows = await db.select().from(teamMembers).where(and(eq(teamMembers.teamId, teamId), eq(teamMembers.userId, userId))).limit(1);
+        if (!rows.length) return null;
+        return memberRow(rows[0]);
+      },
+      async addMember(teamId, userId, role) {
+        await db.insert(teamMembers).values({ teamId, userId, role }).onConflictDoUpdate({
+          target: [teamMembers.teamId, teamMembers.userId],
+          set: { role }
+        });
+      },
+      async removeMember(teamId, userId) {
+        await db.delete(teamMembers).where(and(eq(teamMembers.teamId, teamId), eq(teamMembers.userId, userId)));
+      }
+    },
+    apps: {
+      async create(input) {
+        const [row] = await db.insert(apps).values({
+          id: input.id,
+          teamId: input.teamId,
+          name: input.name,
+          description: input.description ?? null,
+          logoUrl: input.logoUrl ?? null,
+          type: input.type,
+          clientSecretHash: input.clientSecretHash ?? null,
+          redirectUris: input.redirectUris,
+          allowedScopes: input.allowedScopes,
+          requirePkce: input.requirePkce
+        }).returning();
+        return appRow(row);
+      },
+      async getById(appId) {
+        const rows = await db.select().from(apps).where(eq(apps.id, appId)).limit(1);
+        if (!rows.length) return null;
+        return appRow(rows[0]);
+      },
+      async listAll(_opts) {
+        const rows = await db.select().from(apps).orderBy(desc(apps.createdAt));
+        return rows.map(appRow);
+      },
+      async listForTeam(teamId) {
+        const rows = await db.select().from(apps).where(eq(apps.teamId, teamId)).orderBy(desc(apps.createdAt));
+        return rows.map(appRow);
+      },
+      async listForUser(userId) {
+        const rows = await db.select({
+          id: apps.id,
+          teamId: apps.teamId,
+          name: apps.name,
+          description: apps.description,
+          logoUrl: apps.logoUrl,
+          type: apps.type,
+          clientSecretHash: apps.clientSecretHash,
+          redirectUris: apps.redirectUris,
+          allowedScopes: apps.allowedScopes,
+          requirePkce: apps.requirePkce,
+          createdAt: apps.createdAt,
+          updatedAt: apps.updatedAt,
+          disabledAt: apps.disabledAt
+        }).from(apps).innerJoin(teamMembers, eq(teamMembers.teamId, apps.teamId)).where(eq(teamMembers.userId, userId)).orderBy(desc(apps.createdAt));
+        return rows.map(appRow);
+      },
+      async update(appId, patch) {
+        const set = { updatedAt: /* @__PURE__ */ new Date() };
+        if (patch.name !== void 0) set.name = patch.name;
+        if (patch.description !== void 0) set.description = patch.description;
+        if (patch.logoUrl !== void 0) set.logoUrl = patch.logoUrl;
+        if (patch.redirectUris !== void 0) set.redirectUris = patch.redirectUris;
+        if (patch.allowedScopes !== void 0) set.allowedScopes = patch.allowedScopes;
+        if (patch.requirePkce !== void 0) set.requirePkce = patch.requirePkce;
+        if (patch.clientSecretHash !== void 0) set.clientSecretHash = patch.clientSecretHash;
+        if (patch.disabledAt !== void 0) set.disabledAt = patch.disabledAt;
+        const [row] = await db.update(apps).set(set).where(eq(apps.id, appId)).returning();
+        return appRow(row);
+      },
+      async delete(appId) {
+        await db.delete(apps).where(eq(apps.id, appId));
+      }
+    },
+    codes: {
+      async create(input) {
+        await db.insert(authorizationCodes).values({
+          codeHash: input.codeHash,
+          appId: input.appId,
+          userId: input.userId,
+          redirectUri: input.redirectUri,
+          scope: input.scope,
+          nonce: input.nonce,
+          codeChallenge: input.codeChallenge,
+          codeChallengeMethod: input.codeChallengeMethod,
+          expiresAt: input.expiresAt
+        });
+      },
+      async consume(codeHash) {
+        const rows = await db.update(authorizationCodes).set({ consumedAt: /* @__PURE__ */ new Date() }).where(
+          and(
+            eq(authorizationCodes.codeHash, codeHash),
+            sql`${authorizationCodes.consumedAt} IS NULL`,
+            sql`${authorizationCodes.expiresAt} > NOW()`
+          )
+        ).returning();
+        if (!rows.length) return null;
+        return codeRow(rows[0]);
+      }
+    },
+    refresh: {
+      async create(input) {
+        const [row] = await db.insert(refreshTokens).values({
+          id: input.id,
+          tokenHash: input.tokenHash,
+          appId: input.appId,
+          userId: input.userId,
+          familyId: input.familyId,
+          scope: input.scope,
+          expiresAt: input.expiresAt
+        }).returning();
+        return refreshRow(row);
+      },
+      async getByHash(hash) {
+        const rows = await db.select().from(refreshTokens).where(eq(refreshTokens.tokenHash, hash)).limit(1);
+        if (!rows.length) return null;
+        return refreshRow(rows[0]);
+      },
+      async markRevoked(id) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(and(eq(refreshTokens.id, id), sql`${refreshTokens.revokedAt} IS NULL`));
+      },
+      async revokeFamily(familyId) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(
+          and(eq(refreshTokens.familyId, familyId), sql`${refreshTokens.revokedAt} IS NULL`)
+        );
+      },
+      async revokeAllForUser(userId) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(and(eq(refreshTokens.userId, userId), sql`${refreshTokens.revokedAt} IS NULL`));
+      },
+      async revokeAllForApp(appId) {
+        await db.update(refreshTokens).set({ revokedAt: /* @__PURE__ */ new Date() }).where(and(eq(refreshTokens.appId, appId), sql`${refreshTokens.revokedAt} IS NULL`));
+      },
+      async listForApp(appId) {
+        const rows = await db.select().from(refreshTokens).where(eq(refreshTokens.appId, appId)).orderBy(desc(refreshTokens.createdAt));
+        return rows.map(refreshRow);
+      }
+    },
+    consent: {
+      async get(userId, appId) {
+        const rows = await db.select().from(consents).where(and(eq(consents.userId, userId), eq(consents.appId, appId))).limit(1);
+        if (!rows.length) return null;
+        return consentRow(rows[0]);
+      },
+      async upsert(userId, appId, scopesGranted) {
+        await db.insert(consents).values({ userId, appId, scopesGranted }).onConflictDoUpdate({
+          target: [consents.userId, consents.appId],
+          set: { scopesGranted, grantedAt: /* @__PURE__ */ new Date() }
+        });
+      },
+      async revoke(userId, appId) {
+        await db.delete(consents).where(and(eq(consents.userId, userId), eq(consents.appId, appId)));
+      }
+    },
+    keys: {
+      async listActive() {
+        const rows = await db.select().from(signingKeys).where(eq(signingKeys.active, true)).orderBy(desc(signingKeys.createdAt));
+        return rows.map(keyRow);
+      },
+      async getActive() {
+        const rows = await db.select().from(signingKeys).where(eq(signingKeys.active, true)).orderBy(desc(signingKeys.createdAt)).limit(1);
+        if (!rows.length) return null;
+        return keyRow(rows[0]);
+      },
+      async create(input) {
+        const [row] = await db.insert(signingKeys).values({
+          kid: input.kid,
+          alg: input.alg,
+          publicJwk: input.publicJwk,
+          privateJwk: input.privateJwk,
+          active: true
+        }).returning();
+        return keyRow(row);
+      },
+      async markRotated(kid) {
+        await db.update(signingKeys).set({ active: false, rotatedAt: /* @__PURE__ */ new Date() }).where(eq(signingKeys.kid, kid));
+      }
+    }
+  };
+}
+export { createIdpAdapter, createIdpTables };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/pg/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/pg/index.ts"],"names":[],"mappings":";;;;AA8CO,SAAS,gBAAwC,IAAA,EAAiC;AACvF,EAAA,MAAM,EAAE,UAAA,EAAY,MAAA,GAAS,eAAA,EAAgB,GAAI,IAAA;AACjD,EAAA,MAAM,IAAI,CAAC,CAAA,KAAc,CAAA,EAAG,MAAM,GAAG,CAAC,CAAA,CAAA;AAEtC,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,CAAA,CAAE,MAAM,CAAA,EAAG;AAAA,IAC/B,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,IAC1B,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,IAC3B,SAAA,EAAW,SAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,IAAA,EAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CACpE,OAAA,EAAQ,CACR,UAAA;AAAW,GACf,CAAA;AAED,EAAA,MAAM,WAAA,GAAc,OAAA;AAAA,IAClB,EAAE,aAAa,CAAA;AAAA,IACf;AAAA,MACE,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACrD,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,UAAA,CAAW,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,MAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,KAAA,EAAgB;AAAA,MAC7C,OAAA,EAAS,SAAA,CAAU,UAAA,EAAY,EAAE,YAAA,EAAc,IAAA,EAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CAChE,OAAA,EAAQ,CACR,UAAA;AAAW,KAChB;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,EAAA,EAAI,UAAA,CAAW,EAAE,OAAA,EAAS,CAAC,EAAE,MAAA,EAAQ,CAAA,CAAE,MAAM,CAAA,EAAG,CAAA;AAAA,MAChD,OAAA,EAAS,KAAA,EAAM,CAAE,EAAA,CAAG,EAAE,MAAM;AAAA,KAC9B;AAAA,GACF;AAEA,EAAA,MAAM,IAAA,GAAO,OAAA;AAAA,IACX,EAAE,KAAK,CAAA;AAAA,IACP;AAAA,MACE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,MAC1B,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACrD,IAAA,EAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,EAAQ;AAAA,MAC3B,WAAA,EAAa,KAAK,aAAa,CAAA;AAAA,MAC/B,OAAA,EAAS,KAAK,UAAU,CAAA;AAAA,MACxB,MAAM,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,GAAU,KAAA,EAAe;AAAA,MAC5C,gBAAA,EAAkB,KAAK,oBAAoB,CAAA;AAAA,MAC3C,YAAA,EAAc,IAAA,CAAK,eAAe,CAAA,CAAE,KAAA,GAAQ,OAAA,EAAQ,CAAE,OAAA,CAAQ,EAAE,CAAA;AAAA,MAChE,aAAA,EAAe,IAAA,CAAK,gBAAgB,CAAA,CAAE,KAAA,GAAQ,OAAA,EAAQ,CAAE,OAAA,CAAQ,EAAE,CAAA;AAAA,MAClE,aAAa,OAAA,CAAQ,cAAc,EAAE,OAAA,EAAQ,CAAE,QAAQ,IAAI,CAAA;AAAA,MAC3D,SAAA,EAAW,SAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,IAAA,EAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CACpE,OAAA,EAAQ,CACR,UAAA,EAAW;AAAA,MACd,SAAA,EAAW,SAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,IAAA,EAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CACpE,OAAA,EAAQ,CACR,UAAA,EAAW;AAAA,MACd,UAAA,EAAY,UAAU,aAAA,EAAe,EAAE,cAAc,IAAA,EAAM,IAAA,EAAM,QAAQ;AAAA,KAC3E;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,OAAA,EAAS,KAAA,EAAM,CAAE,EAAA,CAAG,EAAE,MAAM;AAAA,KAC9B;AAAA,GACF;AAEA,EAAA,MAAM,kBAAA,GAAqB,OAAA;AAAA,IACzB,EAAE,oBAAoB,CAAA;AAAA,IACtB;AAAA,MACE,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,UAAA,EAAW;AAAA,MACvC,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CACjB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,IAAA,CAAK,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACpD,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,UAAA,CAAW,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,WAAA,EAAa,IAAA,CAAK,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,MAC1C,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,MAC7B,KAAA,EAAO,KAAK,OAAO,CAAA;AAAA,MACnB,aAAA,EAAe,KAAK,gBAAgB,CAAA;AAAA,MACpC,mBAAA,EAAqB,KAAK,uBAAuB,CAAA;AAAA,MACjD,SAAA,EAAW,SAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,MAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,MACjF,UAAA,EAAY,UAAU,aAAA,EAAe,EAAE,cAAc,IAAA,EAAM,IAAA,EAAM,QAAQ;AAAA,KAC3E;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,UAAA,EAAY,KAAA,EAAM,CAAE,EAAA,CAAG,EAAE,SAAS;AAAA,KACpC;AAAA,GACF;AAEA,EAAA,MAAM,aAAA,GAAgB,OAAA;AAAA,IACpB,EAAE,eAAe,CAAA;AAAA,IACjB;AAAA,MACE,EAAA,EAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,EAAW;AAAA,MAC1B,SAAA,EAAW,IAAA,CAAK,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,MACtC,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CACjB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,IAAA,CAAK,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACpD,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,UAAA,CAAW,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,QAAA,EAAU,IAAA,CAAK,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,MACpC,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA,CAAE,OAAA,EAAQ;AAAA,MAC7B,SAAA,EAAW,SAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,MAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CAAE,OAAA,EAAQ;AAAA,MACjF,SAAA,EAAW,SAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,IAAA,EAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CACpE,OAAA,EAAQ,CACR,UAAA,EAAW;AAAA,MACd,SAAA,EAAW,UAAU,YAAA,EAAc,EAAE,cAAc,IAAA,EAAM,IAAA,EAAM,QAAQ;AAAA,KACzE;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,OAAA,EAAS,WAAA,EAAY,CAAE,EAAA,CAAG,EAAE,SAAS,CAAA;AAAA,MACrC,SAAA,EAAW,KAAA,EAAM,CAAE,EAAA,CAAG,EAAE,QAAQ,CAAA;AAAA,MAChC,OAAA,EAAS,KAAA,EAAM,CAAE,EAAA,CAAG,EAAE,MAAM,CAAA;AAAA,MAC5B,MAAA,EAAQ,KAAA,EAAM,CAAE,EAAA,CAAG,EAAE,KAAK;AAAA,KAC5B;AAAA,GACF;AAEA,EAAA,MAAM,QAAA,GAAW,OAAA;AAAA,IACf,EAAE,SAAS,CAAA;AAAA,IACX;AAAA,MACE,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,UAAA,CAAW,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MAC1D,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA,CACjB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,IAAA,CAAK,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,MACpD,aAAA,EAAe,IAAA,CAAK,gBAAgB,CAAA,CAAE,KAAA,GAAQ,OAAA,EAAQ,CAAE,OAAA,CAAQ,EAAE,CAAA;AAAA,MAClE,SAAA,EAAW,SAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,IAAA,EAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CACpE,OAAA,EAAQ,CACR,UAAA;AAAW,KAChB;AAAA,IACA,CAAC,CAAA,MAAO;AAAA,MACN,EAAA,EAAI,UAAA,CAAW,EAAE,OAAA,EAAS,CAAC,EAAE,MAAA,EAAQ,CAAA,CAAE,KAAK,CAAA,EAAG;AAAA,KACjD;AAAA,GACF;AAEA,EAAA,MAAM,WAAA,GAAc,OAAA,CAAQ,CAAA,CAAE,aAAa,CAAA,EAAG;AAAA,IAC5C,GAAA,EAAK,IAAA,CAAK,KAAK,CAAA,CAAE,UAAA,EAAW;AAAA,IAC5B,KAAK,IAAA,CAAK,KAAK,CAAA,CAAE,OAAA,GAAU,KAAA,EAAkB;AAAA,IAC7C,WAAW,KAAA,CAAM,YAAY,CAAA,CAAE,OAAA,GAAU,KAAA,EAA+B;AAAA,IACxE,YAAY,KAAA,CAAM,aAAa,CAAA,CAAE,OAAA,GAAU,KAAA,EAA+B;AAAA,IAC1E,QAAQ,OAAA,CAAQ,QAAQ,EAAE,OAAA,EAAQ,CAAE,QAAQ,IAAI,CAAA;AAAA,IAChD,SAAA,EAAW,SAAA,CAAU,YAAA,EAAc,EAAE,YAAA,EAAc,IAAA,EAAM,IAAA,EAAM,MAAA,EAAQ,CAAA,CACpE,OAAA,EAAQ,CACR,UAAA,EAAW;AAAA,IACd,SAAA,EAAW,UAAU,YAAA,EAAc,EAAE,cAAc,IAAA,EAAM,IAAA,EAAM,QAAQ;AAAA,GACxE,CAAA;AAED,EAAA,MAAM,uBAAuB,SAAA,CAAU,WAAA,EAAa,CAAC,EAAE,KAAI,MAAO;AAAA,IAChE,IAAA,EAAM,GAAA,CAAI,KAAA,EAAO,EAAE,QAAQ,CAAC,WAAA,CAAY,MAAM,CAAA,EAAG,UAAA,EAAY,CAAC,KAAA,CAAM,EAAE,GAAG,CAAA;AAAA,IACzE,IAAA,EAAM,GAAA,CAAI,UAAA,EAAY,EAAE,QAAQ,CAAC,WAAA,CAAY,MAAM,CAAA,EAAG,UAAA,EAAY,CAAC,UAAA,CAAW,EAAE,GAAG;AAAA,GACrF,CAAE,CAAA;AACF,EAAA,MAAM,gBAAgB,SAAA,CAAU,IAAA,EAAM,CAAC,EAAE,KAAI,MAAO;AAAA,IAClD,IAAA,EAAM,GAAA,CAAI,KAAA,EAAO,EAAE,QAAQ,CAAC,IAAA,CAAK,MAAM,CAAA,EAAG,UAAA,EAAY,CAAC,KAAA,CAAM,EAAE,GAAG;AAAA,GACpE,CAAE,CAAA;AAEF,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ;AAAA,MACN,KAAA;AAAA,MACA,WAAA;AAAA,MACA,IAAA;AAAA,MACA,kBAAA;AAAA,MACA,aAAA;AAAA,MACA,QAAA;AAAA,MACA;AAAA,KACF;AAAA,IACA,SAAA,EAAW,EAAE,oBAAA,EAAsB,aAAA;AAAc,GACnD;AACF;AAaA,IAAM,MAAA,GAAS,CAAC,CAAA,MAAwC;AAAA,EACtD,EAAA,EAAI,MAAA,CAAO,CAAA,CAAE,EAAE,CAAA;AAAA,EACf,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,IAAA,EAAM,MAAA,CAAO,CAAA,CAAE,IAAI,CAAA;AAAA,EACnB,WAAA,EAAc,EAAE,WAAA,IAAiC,IAAA;AAAA,EACjD,OAAA,EAAU,EAAE,OAAA,IAA6B,IAAA;AAAA,EACzC,MAAM,CAAA,CAAE,IAAA;AAAA,EACR,gBAAA,EAAmB,EAAE,gBAAA,IAAsC,IAAA;AAAA,EAC3D,YAAA,EAAe,CAAA,CAAE,YAAA,IAAoC,EAAC;AAAA,EACtD,aAAA,EAAgB,CAAA,CAAE,aAAA,IAAqC,EAAC;AAAA,EACxD,WAAA,EAAa,OAAA,CAAQ,CAAA,CAAE,WAAW,CAAA;AAAA,EAClC,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,UAAA,EAAa,EAAE,UAAA,IAA8B;AAC/C,CAAA,CAAA;AAEA,IAAM,OAAA,GAAU,CAAC,CAAA,MAAyC;AAAA,EACxD,EAAA,EAAI,MAAA,CAAO,CAAA,CAAE,EAAE,CAAA;AAAA,EACf,IAAA,EAAM,MAAA,CAAO,CAAA,CAAE,IAAI,CAAA;AAAA,EACnB,WAAW,CAAA,CAAE;AACf,CAAA,CAAA;AAEA,IAAM,SAAA,GAAY,CAAC,CAAA,MAA+C;AAAA,EAChE,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,MAAM,CAAA,CAAE,IAAA;AAAA,EACR,SAAS,CAAA,CAAE;AACb,CAAA,CAAA;AAEA,IAAM,OAAA,GAAU,CAAC,CAAA,MAAsD;AAAA,EACrE,QAAA,EAAU,MAAA,CAAO,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC3B,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,WAAA,EAAa,MAAA,CAAO,CAAA,CAAE,WAAW,CAAA;AAAA,EACjC,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,KAAA,EAAQ,EAAE,KAAA,IAA2B,IAAA;AAAA,EACrC,aAAA,EAAgB,EAAE,aAAA,IAAmC,IAAA;AAAA,EACrD,mBAAA,EAAsB,EAAE,mBAAA,IAAmD,IAAA;AAAA,EAC3E,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,UAAA,EAAa,EAAE,UAAA,IAA8B;AAC/C,CAAA,CAAA;AAEA,IAAM,UAAA,GAAa,CAAC,CAAA,MAAiD;AAAA,EACnE,EAAA,EAAI,MAAA,CAAO,CAAA,CAAE,EAAE,CAAA;AAAA,EACf,SAAA,EAAW,MAAA,CAAO,CAAA,CAAE,SAAS,CAAA;AAAA,EAC7B,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,QAAA,EAAU,MAAA,CAAO,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC3B,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,SAAA,EAAY,EAAE,SAAA,IAA6B;AAC7C,CAAA,CAAA;AAEA,IAAM,UAAA,GAAa,CAAC,CAAA,MAA4C;AAAA,EAC9D,MAAA,EAAQ,MAAA,CAAO,CAAA,CAAE,MAAM,CAAA;AAAA,EACvB,KAAA,EAAO,MAAA,CAAO,CAAA,CAAE,KAAK,CAAA;AAAA,EACrB,aAAA,EAAgB,CAAA,CAAE,aAAA,IAAqC,EAAC;AAAA,EACxD,WAAW,CAAA,CAAE;AACf,CAAA,CAAA;AAEA,IAAM,MAAA,GAAS,CAAC,CAAA,MAA+C;AAAA,EAC7D,GAAA,EAAK,MAAA,CAAO,CAAA,CAAE,GAAG,CAAA;AAAA,EACjB,KAAK,CAAA,CAAE,GAAA;AAAA,EACP,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,YAAY,CAAA,CAAE,UAAA;AAAA,EACd,MAAA,EAAQ,OAAA,CAAQ,CAAA,CAAE,MAAM,CAAA;AAAA,EACxB,WAAW,CAAA,CAAE,SAAA;AAAA,EACb,SAAA,EAAY,EAAE,SAAA,IAA6B;AAC7C,CAAA,CAAA;AAEO,SAAS,iBAAiB,IAAA,EAA2C;AAC1E,EAAA,MAAM,EAAE,IAAI,MAAA,EAAQ,UAAA,GAAa,MAAM,MAAA,CAAO,UAAA,IAAa,GAAI,IAAA;AAC/D,EAAA,MAAM,EAAE,OAAO,WAAA,EAAa,IAAA,EAAM,oBAAoB,aAAA,EAAe,QAAA,EAAU,aAAY,GACzF,MAAA;AAEF,EAAA,OAAO;AAAA,IACL,KAAA,EAAO;AAAA,MACL,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,KAAK,UAAA,EAAW;AACtB,QAAA,MAAM,CAAC,GAAG,CAAA,GAAI,MAAM,EAAA,CACjB,OAAO,KAAK,CAAA,CACZ,MAAA,CAAO,EAAE,IAAI,IAAA,EAAM,KAAA,CAAM,IAAA,EAAM,EAC/B,SAAA,EAAU;AACb,QAAA,MAAM,EAAA,CACH,MAAA,CAAO,WAAW,CAAA,CAClB,MAAA,CAAO,EAAE,MAAA,EAAQ,EAAA,EAAI,MAAA,EAAQ,KAAA,CAAM,WAAA,EAAa,IAAA,EAAM,SAAS,CAAA;AAClE,QAAA,OAAO,QAAQ,GAA8B,CAAA;AAAA,MAC/C,CAAA;AAAA,MACA,MAAM,QAAQ,MAAA,EAAQ;AACpB,QAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,KAAK,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,MAAM,EAAA,EAAI,MAAM,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AAC9E,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACnD,CAAA;AAAA,MACA,MAAM,OAAO,MAAA,EAAQ;AACnB,QAAA,MAAM,EAAA,CAAG,OAAO,KAAK,CAAA,CAAE,MAAM,EAAA,CAAG,KAAA,CAAM,EAAA,EAAI,MAAM,CAAC,CAAA;AAAA,MACnD,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,CAAO;AAAA,UACN,IAAI,KAAA,CAAM,EAAA;AAAA,UACV,MAAM,KAAA,CAAM,IAAA;AAAA,UACZ,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,MAAM,WAAA,CAAY;AAAA,SACnB,CAAA,CACA,IAAA,CAAK,WAAW,CAAA,CAChB,SAAA,CAAU,OAAO,EAAA,CAAG,WAAA,CAAY,QAAQ,KAAA,CAAM,EAAE,CAAC,CAAA,CACjD,KAAA,CAAM,GAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAA;AACvC,QAAA,OAAQ,IAAA,CAAmC,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,UACrD,GAAG,QAAQ,CAAC,CAAA;AAAA,UACZ,MAAM,CAAA,CAAE;AAAA,SACV,CAAE,CAAA;AAAA,MACJ,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,IAAA,CAAK,WAAW,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAA;AACrF,QAAA,OAAQ,IAAA,CAAmC,IAAI,SAAS,CAAA;AAAA,MAC1D,CAAA;AAAA,MACA,MAAM,aAAA,CAAc,MAAA,EAAQ,MAAA,EAAQ;AAClC,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,GACA,IAAA,CAAK,WAAW,CAAA,CAChB,KAAA,CAAM,GAAA,CAAI,EAAA,CAAG,YAAY,MAAA,EAAQ,MAAM,CAAA,EAAG,EAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAC,CAAA,CACzE,KAAA,CAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,SAAA,CAAU,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACrD,CAAA;AAAA,MACA,MAAM,SAAA,CAAU,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM;AACpC,QAAA,MAAM,EAAA,CACH,MAAA,CAAO,WAAW,CAAA,CAClB,MAAA,CAAO,EAAE,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM,CAAA,CAC/B,kBAAA,CAAmB;AAAA,UAClB,MAAA,EAAQ,CAAC,WAAA,CAAY,MAAA,EAAQ,YAAY,MAAM,CAAA;AAAA,UAC/C,GAAA,EAAK,EAAE,IAAA;AAAK,SACb,CAAA;AAAA,MACL,CAAA;AAAA,MACA,MAAM,YAAA,CAAa,MAAA,EAAQ,MAAA,EAAQ;AACjC,QAAA,MAAM,GACH,MAAA,CAAO,WAAW,CAAA,CAClB,KAAA,CAAM,IAAI,EAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,GAAG,EAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAC,CAAA;AAAA,MAC9E;AAAA,KACF;AAAA,IAEA,IAAA,EAAM;AAAA,MACJ,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,CAAC,GAAG,CAAA,GAAI,MAAM,GACjB,MAAA,CAAO,IAAI,EACX,MAAA,CAAO;AAAA,UACN,IAAI,KAAA,CAAM,EAAA;AAAA,UACV,QAAQ,KAAA,CAAM,MAAA;AAAA,UACd,MAAM,KAAA,CAAM,IAAA;AAAA,UACZ,WAAA,EAAa,MAAM,WAAA,IAAe,IAAA;AAAA,UAClC,OAAA,EAAS,MAAM,OAAA,IAAW,IAAA;AAAA,UAC1B,MAAM,KAAA,CAAM,IAAA;AAAA,UACZ,gBAAA,EAAkB,MAAM,gBAAA,IAAoB,IAAA;AAAA,UAC5C,cAAc,KAAA,CAAM,YAAA;AAAA,UACpB,eAAe,KAAA,CAAM,aAAA;AAAA,UACrB,aAAa,KAAA,CAAM;AAAA,SACpB,EACA,SAAA,EAAU;AACb,QAAA,OAAO,OAAO,GAA8B,CAAA;AAAA,MAC9C,CAAA;AAAA,MACA,MAAM,QAAQ,KAAA,EAAO;AACnB,QAAA,MAAM,OAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,KAAK,IAAI,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,KAAK,EAAA,EAAI,KAAK,CAAC,CAAA,CAAE,MAAM,CAAC,CAAA;AAC3E,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,QAAQ,KAAA,EAAO;AACnB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAAG,MAAA,EAAO,CAAE,IAAA,CAAK,IAAI,CAAA,CAAE,OAAA,CAAQ,IAAA,CAAK,IAAA,CAAK,SAAS,CAAC,CAAA;AACtE,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,QAAO,CACP,IAAA,CAAK,IAAI,CAAA,CACT,KAAA,CAAM,GAAG,IAAA,CAAK,MAAA,EAAQ,MAAM,CAAC,CAAA,CAC7B,QAAQ,IAAA,CAAK,IAAA,CAAK,SAAS,CAAC,CAAA;AAC/B,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,YAAY,MAAA,EAAQ;AACxB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,CAAO;AAAA,UACN,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,QAAQ,IAAA,CAAK,MAAA;AAAA,UACb,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,aAAa,IAAA,CAAK,WAAA;AAAA,UAClB,SAAS,IAAA,CAAK,OAAA;AAAA,UACd,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,kBAAkB,IAAA,CAAK,gBAAA;AAAA,UACvB,cAAc,IAAA,CAAK,YAAA;AAAA,UACnB,eAAe,IAAA,CAAK,aAAA;AAAA,UACpB,aAAa,IAAA,CAAK,WAAA;AAAA,UAClB,WAAW,IAAA,CAAK,SAAA;AAAA,UAChB,WAAW,IAAA,CAAK,SAAA;AAAA,UAChB,YAAY,IAAA,CAAK;AAAA,SAClB,CAAA,CACA,IAAA,CAAK,IAAI,CAAA,CACT,UAAU,WAAA,EAAa,EAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,IAAA,CAAK,MAAM,CAAC,CAAA,CAC1D,KAAA,CAAM,EAAA,CAAG,WAAA,CAAY,MAAA,EAAQ,MAAM,CAAC,CAAA,CACpC,OAAA,CAAQ,IAAA,CAAK,IAAA,CAAK,SAAS,CAAC,CAAA;AAC/B,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,MAAA,CAAO,KAAA,EAAO,KAAA,EAAO;AACzB,QAAA,MAAM,GAAA,GAA+B,EAAE,SAAA,kBAAW,IAAI,MAAK,EAAE;AAC7D,QAAA,IAAI,KAAA,CAAM,IAAA,KAAS,MAAA,EAAW,GAAA,CAAI,OAAO,KAAA,CAAM,IAAA;AAC/C,QAAA,IAAI,KAAA,CAAM,WAAA,KAAgB,MAAA,EAAW,GAAA,CAAI,cAAc,KAAA,CAAM,WAAA;AAC7D,QAAA,IAAI,KAAA,CAAM,OAAA,KAAY,MAAA,EAAW,GAAA,CAAI,UAAU,KAAA,CAAM,OAAA;AACrD,QAAA,IAAI,KAAA,CAAM,YAAA,KAAiB,MAAA,EAAW,GAAA,CAAI,eAAe,KAAA,CAAM,YAAA;AAC/D,QAAA,IAAI,KAAA,CAAM,aAAA,KAAkB,MAAA,EAAW,GAAA,CAAI,gBAAgB,KAAA,CAAM,aAAA;AACjE,QAAA,IAAI,KAAA,CAAM,WAAA,KAAgB,MAAA,EAAW,GAAA,CAAI,cAAc,KAAA,CAAM,WAAA;AAC7D,QAAA,IAAI,KAAA,CAAM,gBAAA,KAAqB,MAAA,EAAW,GAAA,CAAI,mBAAmB,KAAA,CAAM,gBAAA;AACvE,QAAA,IAAI,KAAA,CAAM,UAAA,KAAe,MAAA,EAAW,GAAA,CAAI,aAAa,KAAA,CAAM,UAAA;AAC3D,QAAA,MAAM,CAAC,GAAG,CAAA,GAAI,MAAM,EAAA,CAAG,MAAA,CAAO,IAAI,CAAA,CAAE,GAAA,CAAI,GAAG,CAAA,CAAE,MAAM,EAAA,CAAG,IAAA,CAAK,IAAI,KAAK,CAAC,EAAE,SAAA,EAAU;AACjF,QAAA,OAAO,OAAO,GAA8B,CAAA;AAAA,MAC9C,CAAA;AAAA,MACA,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,EAAA,CAAG,OAAO,IAAI,CAAA,CAAE,MAAM,EAAA,CAAG,IAAA,CAAK,EAAA,EAAI,KAAK,CAAC,CAAA;AAAA,MAChD;AAAA,KACF;AAAA,IAEA,KAAA,EAAO;AAAA,MACL,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,EAAA,CAAG,MAAA,CAAO,kBAAkB,CAAA,CAAE,MAAA,CAAO;AAAA,UACzC,UAAU,KAAA,CAAM,QAAA;AAAA,UAChB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,QAAQ,KAAA,CAAM,MAAA;AAAA,UACd,aAAa,KAAA,CAAM,WAAA;AAAA,UACnB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,eAAe,KAAA,CAAM,aAAA;AAAA,UACrB,qBAAqB,KAAA,CAAM,mBAAA;AAAA,UAC3B,WAAW,KAAA,CAAM;AAAA,SAClB,CAAA;AAAA,MACH,CAAA;AAAA,MACA,MAAM,QAAQ,QAAA,EAAU;AAGtB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,CAAO,kBAAkB,CAAA,CACzB,GAAA,CAAI,EAAE,UAAA,kBAAY,IAAI,IAAA,EAAK,EAAG,CAAA,CAC9B,KAAA;AAAA,UACC,GAAA;AAAA,YACE,EAAA,CAAG,kBAAA,CAAmB,QAAA,EAAU,QAAQ,CAAA;AAAA,YACxC,GAAA,CAAA,EAAM,mBAAmB,UAAU,CAAA,QAAA,CAAA;AAAA,YACnC,GAAA,CAAA,EAAM,mBAAmB,SAAS,CAAA,QAAA;AAAA;AACpC,UAED,SAAA,EAAU;AACb,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACnD;AAAA,KACF;AAAA,IAEA,OAAA,EAAS;AAAA,MACP,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,CAAC,GAAG,CAAA,GAAI,MAAM,GACjB,MAAA,CAAO,aAAa,EACpB,MAAA,CAAO;AAAA,UACN,IAAI,KAAA,CAAM,EAAA;AAAA,UACV,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,QAAQ,KAAA,CAAM,MAAA;AAAA,UACd,UAAU,KAAA,CAAM,QAAA;AAAA,UAChB,OAAO,KAAA,CAAM,KAAA;AAAA,UACb,WAAW,KAAA,CAAM;AAAA,SAClB,EACA,SAAA,EAAU;AACb,QAAA,OAAO,WAAW,GAA8B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,UAAU,IAAA,EAAM;AACpB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,MAAA,EAAO,CACP,KAAK,aAAa,CAAA,CAClB,KAAA,CAAM,EAAA,CAAG,cAAc,SAAA,EAAW,IAAI,CAAC,CAAA,CACvC,MAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,UAAA,CAAW,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACtD,CAAA;AAAA,MACA,MAAM,YAAY,EAAA,EAAI;AACpB,QAAA,MAAM,EAAA,CACH,OAAO,aAAa,CAAA,CACpB,IAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,EAC7B,KAAA,CAAM,GAAA,CAAI,EAAA,CAAG,aAAA,CAAc,EAAA,EAAI,EAAE,GAAG,GAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU,CAAC,CAAA;AAAA,MACjF,CAAA;AAAA,MACA,MAAM,aAAa,QAAA,EAAU;AAC3B,QAAA,MAAM,EAAA,CACH,MAAA,CAAO,aAAa,CAAA,CACpB,GAAA,CAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,CAAA,CAC7B,KAAA;AAAA,UACC,GAAA,CAAI,GAAG,aAAA,CAAc,QAAA,EAAU,QAAQ,CAAA,EAAG,GAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU;AAAA,SACnF;AAAA,MACJ,CAAA;AAAA,MACA,MAAM,iBAAiB,MAAA,EAAQ;AAC7B,QAAA,MAAM,EAAA,CACH,OAAO,aAAa,CAAA,CACpB,IAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,EAC7B,KAAA,CAAM,GAAA,CAAI,EAAA,CAAG,aAAA,CAAc,MAAA,EAAQ,MAAM,GAAG,GAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU,CAAC,CAAA;AAAA,MACzF,CAAA;AAAA,MACA,MAAM,gBAAgB,KAAA,EAAO;AAC3B,QAAA,MAAM,EAAA,CACH,OAAO,aAAa,CAAA,CACpB,IAAI,EAAE,SAAA,kBAAW,IAAI,IAAA,EAAK,EAAG,EAC7B,KAAA,CAAM,GAAA,CAAI,EAAA,CAAG,aAAA,CAAc,KAAA,EAAO,KAAK,GAAG,GAAA,CAAA,EAAM,aAAA,CAAc,SAAS,CAAA,QAAA,CAAU,CAAC,CAAA;AAAA,MACvF,CAAA;AAAA,MACA,MAAM,WAAW,KAAA,EAAO;AACtB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,QAAO,CACP,IAAA,CAAK,aAAa,CAAA,CAClB,KAAA,CAAM,GAAG,aAAA,CAAc,KAAA,EAAO,KAAK,CAAC,CAAA,CACpC,QAAQ,IAAA,CAAK,aAAA,CAAc,SAAS,CAAC,CAAA;AACxC,QAAA,OAAQ,IAAA,CAAmC,IAAI,UAAU,CAAA;AAAA,MAC3D;AAAA,KACF;AAAA,IAEA,OAAA,EAAS;AAAA,MACP,MAAM,GAAA,CAAI,MAAA,EAAQ,KAAA,EAAO;AACvB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,GACA,IAAA,CAAK,QAAQ,CAAA,CACb,KAAA,CAAM,GAAA,CAAI,EAAA,CAAG,SAAS,MAAA,EAAQ,MAAM,CAAA,EAAG,EAAA,CAAG,QAAA,CAAS,KAAA,EAAO,KAAK,CAAC,CAAC,CAAA,CACjE,KAAA,CAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,UAAA,CAAW,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MACtD,CAAA;AAAA,MACA,MAAM,MAAA,CAAO,MAAA,EAAQ,KAAA,EAAO,aAAA,EAAe;AACzC,QAAA,MAAM,EAAA,CACH,MAAA,CAAO,QAAQ,CAAA,CACf,MAAA,CAAO,EAAE,MAAA,EAAQ,KAAA,EAAO,aAAA,EAAe,CAAA,CACvC,kBAAA,CAAmB;AAAA,UAClB,MAAA,EAAQ,CAAC,QAAA,CAAS,MAAA,EAAQ,SAAS,KAAK,CAAA;AAAA,UACxC,KAAK,EAAE,aAAA,EAAe,SAAA,kBAAW,IAAI,MAAK;AAAE,SAC7C,CAAA;AAAA,MACL,CAAA;AAAA,MACA,MAAM,MAAA,CAAO,MAAA,EAAQ,KAAA,EAAO;AAC1B,QAAA,MAAM,GACH,MAAA,CAAO,QAAQ,CAAA,CACf,KAAA,CAAM,IAAI,EAAA,CAAG,QAAA,CAAS,MAAA,EAAQ,MAAM,GAAG,EAAA,CAAG,QAAA,CAAS,KAAA,EAAO,KAAK,CAAC,CAAC,CAAA;AAAA,MACtE;AAAA,KACF;AAAA,IAEA,IAAA,EAAM;AAAA,MACJ,MAAM,UAAA,GAAa;AACjB,QAAA,MAAM,OAAO,MAAM,EAAA,CAChB,QAAO,CACP,IAAA,CAAK,WAAW,CAAA,CAChB,KAAA,CAAM,GAAG,WAAA,CAAY,MAAA,EAAQ,IAAI,CAAC,CAAA,CAClC,QAAQ,IAAA,CAAK,WAAA,CAAY,SAAS,CAAC,CAAA;AACtC,QAAA,OAAQ,IAAA,CAAmC,IAAI,MAAM,CAAA;AAAA,MACvD,CAAA;AAAA,MACA,MAAM,SAAA,GAAY;AAChB,QAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAChB,MAAA,GACA,IAAA,CAAK,WAAW,CAAA,CAChB,KAAA,CAAM,EAAA,CAAG,WAAA,CAAY,QAAQ,IAAI,CAAC,EAClC,OAAA,CAAQ,IAAA,CAAK,YAAY,SAAS,CAAC,CAAA,CACnC,KAAA,CAAM,CAAC,CAAA;AACV,QAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AACzB,QAAA,OAAO,MAAA,CAAO,IAAA,CAAK,CAAC,CAA4B,CAAA;AAAA,MAClD,CAAA;AAAA,MACA,MAAM,OAAO,KAAA,EAAO;AAClB,QAAA,MAAM,CAAC,GAAG,CAAA,GAAI,MAAM,GACjB,MAAA,CAAO,WAAW,EAClB,MAAA,CAAO;AAAA,UACN,KAAK,KAAA,CAAM,GAAA;AAAA,UACX,KAAK,KAAA,CAAM,GAAA;AAAA,UACX,WAAW,KAAA,CAAM,SAAA;AAAA,UACjB,YAAY,KAAA,CAAM,UAAA;AAAA,UAClB,MAAA,EAAQ;AAAA,SACT,EACA,SAAA,EAAU;AACb,QAAA,OAAO,OAAO,GAA8B,CAAA;AAAA,MAC9C,CAAA;AAAA,MACA,MAAM,YAAY,GAAA,EAAK;AACrB,QAAA,MAAM,GACH,MAAA,CAAO,WAAW,EAClB,GAAA,CAAI,EAAE,QAAQ,KAAA,EAAO,SAAA,sBAAe,IAAA,EAAK,EAAG,CAAA,CAC5C,KAAA,CAAM,GAAG,WAAA,CAAY,GAAA,EAAK,GAAG,CAAC,CAAA;AAAA,MACnC;AAAA;AACF,GACF;AACF","file":"index.js","sourcesContent":["/**\n * Postgres adapter for @holeauth/plugin-idp.\n *\n * Exports:\n * - `createIdpTables({ usersTable, prefix? })` — returns drizzle tables\n * + relations. The `usersTable` must have at minimum an `id` column;\n * team memberships reference users and cascade on delete.\n * - `createIdpAdapter({ db, tables })` — constructs an IdpAdapter.\n *\n * The schema covers: teams + members, apps, authorization codes, refresh\n * tokens (with family ids), user × app consents, and signing keys (JWKs).\n */\nimport {\n pgTable,\n text,\n boolean,\n timestamp,\n jsonb,\n primaryKey,\n index,\n uniqueIndex,\n type PgTableWithColumns,\n} from 'drizzle-orm/pg-core';\nimport { relations, eq, and, sql, desc } from 'drizzle-orm';\nimport type {\n IdpAdapter,\n IdpApp,\n IdpAuthorizationCode,\n IdpConsent,\n IdpRefreshToken,\n IdpSigningKey,\n IdpTeam,\n IdpTeamMember,\n SigningAlg,\n TeamRole,\n AppType,\n} from '@holeauth/plugin-idp';\n\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport type PgUsersTable = PgTableWithColumns<any> & { id: any };\n\nexport interface CreateIdpTablesOptions<U extends PgUsersTable> {\n usersTable: U;\n prefix?: string;\n}\n\nexport function createIdpTables<U extends PgUsersTable>(opts: CreateIdpTablesOptions<U>) {\n const { usersTable, prefix = 'holeauth_idp_' } = opts;\n const p = (s: string) => `${prefix}${s}`;\n\n const teams = pgTable(p('team'), {\n id: text('id').primaryKey(),\n name: text('name').notNull(),\n createdAt: timestamp('created_at', { withTimezone: true, mode: 'date' })\n .notNull()\n .defaultNow(),\n });\n\n const teamMembers = pgTable(\n p('team_member'),\n {\n teamId: text('team_id')\n .notNull()\n .references(() => teams.id, { onDelete: 'cascade' }),\n userId: text('user_id')\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n role: text('role').notNull().$type<TeamRole>(),\n addedAt: timestamp('added_at', { withTimezone: true, mode: 'date' })\n .notNull()\n .defaultNow(),\n },\n (t) => ({\n pk: primaryKey({ columns: [t.teamId, t.userId] }),\n userIdx: index().on(t.userId),\n }),\n );\n\n const apps = pgTable(\n p('app'),\n {\n id: text('id').primaryKey(),\n teamId: text('team_id')\n .notNull()\n .references(() => teams.id, { onDelete: 'cascade' }),\n name: text('name').notNull(),\n description: text('description'),\n logoUrl: text('logo_url'),\n type: text('type').notNull().$type<AppType>(),\n clientSecretHash: text('client_secret_hash'),\n redirectUris: text('redirect_uris').array().notNull().default([]),\n allowedScopes: text('allowed_scopes').array().notNull().default([]),\n requirePkce: boolean('require_pkce').notNull().default(true),\n createdAt: timestamp('created_at', { withTimezone: true, mode: 'date' })\n .notNull()\n .defaultNow(),\n updatedAt: timestamp('updated_at', { withTimezone: true, mode: 'date' })\n .notNull()\n .defaultNow(),\n disabledAt: timestamp('disabled_at', { withTimezone: true, mode: 'date' }),\n },\n (t) => ({\n teamIdx: index().on(t.teamId),\n }),\n );\n\n const authorizationCodes = pgTable(\n p('authorization_code'),\n {\n codeHash: text('code_hash').primaryKey(),\n appId: text('app_id')\n .notNull()\n .references(() => apps.id, { onDelete: 'cascade' }),\n userId: text('user_id')\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n redirectUri: text('redirect_uri').notNull(),\n scope: text('scope').notNull(),\n nonce: text('nonce'),\n codeChallenge: text('code_challenge'),\n codeChallengeMethod: text('code_challenge_method'),\n expiresAt: timestamp('expires_at', { withTimezone: true, mode: 'date' }).notNull(),\n consumedAt: timestamp('consumed_at', { withTimezone: true, mode: 'date' }),\n },\n (t) => ({\n expiresIdx: index().on(t.expiresAt),\n }),\n );\n\n const refreshTokens = pgTable(\n p('refresh_token'),\n {\n id: text('id').primaryKey(),\n tokenHash: text('token_hash').notNull(),\n appId: text('app_id')\n .notNull()\n .references(() => apps.id, { onDelete: 'cascade' }),\n userId: text('user_id')\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n familyId: text('family_id').notNull(),\n scope: text('scope').notNull(),\n expiresAt: timestamp('expires_at', { withTimezone: true, mode: 'date' }).notNull(),\n createdAt: timestamp('created_at', { withTimezone: true, mode: 'date' })\n .notNull()\n .defaultNow(),\n revokedAt: timestamp('revoked_at', { withTimezone: true, mode: 'date' }),\n },\n (t) => ({\n hashIdx: uniqueIndex().on(t.tokenHash),\n familyIdx: index().on(t.familyId),\n userIdx: index().on(t.userId),\n appIdx: index().on(t.appId),\n }),\n );\n\n const consents = pgTable(\n p('consent'),\n {\n userId: text('user_id')\n .notNull()\n .references(() => usersTable.id, { onDelete: 'cascade' }),\n appId: text('app_id')\n .notNull()\n .references(() => apps.id, { onDelete: 'cascade' }),\n scopesGranted: text('scopes_granted').array().notNull().default([]),\n grantedAt: timestamp('granted_at', { withTimezone: true, mode: 'date' })\n .notNull()\n .defaultNow(),\n },\n (t) => ({\n pk: primaryKey({ columns: [t.userId, t.appId] }),\n }),\n );\n\n const signingKeys = pgTable(p('signing_key'), {\n kid: text('kid').primaryKey(),\n alg: text('alg').notNull().$type<SigningAlg>(),\n publicJwk: jsonb('public_jwk').notNull().$type<Record<string, unknown>>(),\n privateJwk: jsonb('private_jwk').notNull().$type<Record<string, unknown>>(),\n active: boolean('active').notNull().default(true),\n createdAt: timestamp('created_at', { withTimezone: true, mode: 'date' })\n .notNull()\n .defaultNow(),\n rotatedAt: timestamp('rotated_at', { withTimezone: true, mode: 'date' }),\n });\n\n const teamMembersRelations = relations(teamMembers, ({ one }) => ({\n team: one(teams, { fields: [teamMembers.teamId], references: [teams.id] }),\n user: one(usersTable, { fields: [teamMembers.userId], references: [usersTable.id] }),\n }));\n const appsRelations = relations(apps, ({ one }) => ({\n team: one(teams, { fields: [apps.teamId], references: [teams.id] }),\n }));\n\n return {\n tables: {\n teams,\n teamMembers,\n apps,\n authorizationCodes,\n refreshTokens,\n consents,\n signingKeys,\n },\n relations: { teamMembersRelations, appsRelations },\n };\n}\n\n/* ────────────────────────── adapter ────────────────────────── */\n\ntype Tables = ReturnType<typeof createIdpTables>['tables'];\n\nexport interface CreateIdpAdapterOptions {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n db: any;\n tables: Tables;\n generateId?: () => string;\n}\n\nconst appRow = (r: Record<string, unknown>): IdpApp => ({\n id: String(r.id),\n teamId: String(r.teamId),\n name: String(r.name),\n description: (r.description as string | null) ?? null,\n logoUrl: (r.logoUrl as string | null) ?? null,\n type: r.type as AppType,\n clientSecretHash: (r.clientSecretHash as string | null) ?? null,\n redirectUris: (r.redirectUris as string[] | null) ?? [],\n allowedScopes: (r.allowedScopes as string[] | null) ?? [],\n requirePkce: Boolean(r.requirePkce),\n createdAt: r.createdAt as Date,\n updatedAt: r.updatedAt as Date,\n disabledAt: (r.disabledAt as Date | null) ?? null,\n});\n\nconst teamRow = (r: Record<string, unknown>): IdpTeam => ({\n id: String(r.id),\n name: String(r.name),\n createdAt: r.createdAt as Date,\n});\n\nconst memberRow = (r: Record<string, unknown>): IdpTeamMember => ({\n teamId: String(r.teamId),\n userId: String(r.userId),\n role: r.role as TeamRole,\n addedAt: r.addedAt as Date,\n});\n\nconst codeRow = (r: Record<string, unknown>): IdpAuthorizationCode => ({\n codeHash: String(r.codeHash),\n appId: String(r.appId),\n userId: String(r.userId),\n redirectUri: String(r.redirectUri),\n scope: String(r.scope),\n nonce: (r.nonce as string | null) ?? null,\n codeChallenge: (r.codeChallenge as string | null) ?? null,\n codeChallengeMethod: (r.codeChallengeMethod as 'S256' | 'plain' | null) ?? null,\n expiresAt: r.expiresAt as Date,\n consumedAt: (r.consumedAt as Date | null) ?? null,\n});\n\nconst refreshRow = (r: Record<string, unknown>): IdpRefreshToken => ({\n id: String(r.id),\n tokenHash: String(r.tokenHash),\n appId: String(r.appId),\n userId: String(r.userId),\n familyId: String(r.familyId),\n scope: String(r.scope),\n expiresAt: r.expiresAt as Date,\n createdAt: r.createdAt as Date,\n revokedAt: (r.revokedAt as Date | null) ?? null,\n});\n\nconst consentRow = (r: Record<string, unknown>): IdpConsent => ({\n userId: String(r.userId),\n appId: String(r.appId),\n scopesGranted: (r.scopesGranted as string[] | null) ?? [],\n grantedAt: r.grantedAt as Date,\n});\n\nconst keyRow = (r: Record<string, unknown>): IdpSigningKey => ({\n kid: String(r.kid),\n alg: r.alg as SigningAlg,\n publicJwk: r.publicJwk as Record<string, unknown>,\n privateJwk: r.privateJwk as Record<string, unknown>,\n active: Boolean(r.active),\n createdAt: r.createdAt as Date,\n rotatedAt: (r.rotatedAt as Date | null) ?? null,\n});\n\nexport function createIdpAdapter(opts: CreateIdpAdapterOptions): IdpAdapter {\n const { db, tables, generateId = () => crypto.randomUUID() } = opts;\n const { teams, teamMembers, apps, authorizationCodes, refreshTokens, consents, signingKeys } =\n tables;\n\n return {\n teams: {\n async create(input) {\n const id = generateId();\n const [row] = await db\n .insert(teams)\n .values({ id, name: input.name })\n .returning();\n await db\n .insert(teamMembers)\n .values({ teamId: id, userId: input.ownerUserId, role: 'owner' });\n return teamRow(row as Record<string, unknown>);\n },\n async getById(teamId) {\n const rows = await db.select().from(teams).where(eq(teams.id, teamId)).limit(1);\n if (!rows.length) return null;\n return teamRow(rows[0] as Record<string, unknown>);\n },\n async delete(teamId) {\n await db.delete(teams).where(eq(teams.id, teamId));\n },\n async listForUser(userId) {\n const rows = await db\n .select({\n id: teams.id,\n name: teams.name,\n createdAt: teams.createdAt,\n role: teamMembers.role,\n })\n .from(teamMembers)\n .innerJoin(teams, eq(teamMembers.teamId, teams.id))\n .where(eq(teamMembers.userId, userId));\n return (rows as Record<string, unknown>[]).map((r) => ({\n ...teamRow(r),\n role: r.role as TeamRole,\n }));\n },\n async listMembers(teamId) {\n const rows = await db.select().from(teamMembers).where(eq(teamMembers.teamId, teamId));\n return (rows as Record<string, unknown>[]).map(memberRow);\n },\n async getMembership(teamId, userId) {\n const rows = await db\n .select()\n .from(teamMembers)\n .where(and(eq(teamMembers.teamId, teamId), eq(teamMembers.userId, userId)))\n .limit(1);\n if (!rows.length) return null;\n return memberRow(rows[0] as Record<string, unknown>);\n },\n async addMember(teamId, userId, role) {\n await db\n .insert(teamMembers)\n .values({ teamId, userId, role })\n .onConflictDoUpdate({\n target: [teamMembers.teamId, teamMembers.userId],\n set: { role },\n });\n },\n async removeMember(teamId, userId) {\n await db\n .delete(teamMembers)\n .where(and(eq(teamMembers.teamId, teamId), eq(teamMembers.userId, userId)));\n },\n },\n\n apps: {\n async create(input) {\n const [row] = await db\n .insert(apps)\n .values({\n id: input.id,\n teamId: input.teamId,\n name: input.name,\n description: input.description ?? null,\n logoUrl: input.logoUrl ?? null,\n type: input.type,\n clientSecretHash: input.clientSecretHash ?? null,\n redirectUris: input.redirectUris,\n allowedScopes: input.allowedScopes,\n requirePkce: input.requirePkce,\n })\n .returning();\n return appRow(row as Record<string, unknown>);\n },\n async getById(appId) {\n const rows = await db.select().from(apps).where(eq(apps.id, appId)).limit(1);\n if (!rows.length) return null;\n return appRow(rows[0] as Record<string, unknown>);\n },\n async listAll(_opts) {\n const rows = await db.select().from(apps).orderBy(desc(apps.createdAt));\n return (rows as Record<string, unknown>[]).map(appRow);\n },\n async listForTeam(teamId) {\n const rows = await db\n .select()\n .from(apps)\n .where(eq(apps.teamId, teamId))\n .orderBy(desc(apps.createdAt));\n return (rows as Record<string, unknown>[]).map(appRow);\n },\n async listForUser(userId) {\n const rows = await db\n .select({\n id: apps.id,\n teamId: apps.teamId,\n name: apps.name,\n description: apps.description,\n logoUrl: apps.logoUrl,\n type: apps.type,\n clientSecretHash: apps.clientSecretHash,\n redirectUris: apps.redirectUris,\n allowedScopes: apps.allowedScopes,\n requirePkce: apps.requirePkce,\n createdAt: apps.createdAt,\n updatedAt: apps.updatedAt,\n disabledAt: apps.disabledAt,\n })\n .from(apps)\n .innerJoin(teamMembers, eq(teamMembers.teamId, apps.teamId))\n .where(eq(teamMembers.userId, userId))\n .orderBy(desc(apps.createdAt));\n return (rows as Record<string, unknown>[]).map(appRow);\n },\n async update(appId, patch) {\n const set: Record<string, unknown> = { updatedAt: new Date() };\n if (patch.name !== undefined) set.name = patch.name;\n if (patch.description !== undefined) set.description = patch.description;\n if (patch.logoUrl !== undefined) set.logoUrl = patch.logoUrl;\n if (patch.redirectUris !== undefined) set.redirectUris = patch.redirectUris;\n if (patch.allowedScopes !== undefined) set.allowedScopes = patch.allowedScopes;\n if (patch.requirePkce !== undefined) set.requirePkce = patch.requirePkce;\n if (patch.clientSecretHash !== undefined) set.clientSecretHash = patch.clientSecretHash;\n if (patch.disabledAt !== undefined) set.disabledAt = patch.disabledAt;\n const [row] = await db.update(apps).set(set).where(eq(apps.id, appId)).returning();\n return appRow(row as Record<string, unknown>);\n },\n async delete(appId) {\n await db.delete(apps).where(eq(apps.id, appId));\n },\n },\n\n codes: {\n async create(input) {\n await db.insert(authorizationCodes).values({\n codeHash: input.codeHash,\n appId: input.appId,\n userId: input.userId,\n redirectUri: input.redirectUri,\n scope: input.scope,\n nonce: input.nonce,\n codeChallenge: input.codeChallenge,\n codeChallengeMethod: input.codeChallengeMethod,\n expiresAt: input.expiresAt,\n });\n },\n async consume(codeHash) {\n // Atomic single-statement claim: only returns if row exists,\n // was not already consumed, and has not yet expired.\n const rows = await db\n .update(authorizationCodes)\n .set({ consumedAt: new Date() })\n .where(\n and(\n eq(authorizationCodes.codeHash, codeHash),\n sql`${authorizationCodes.consumedAt} IS NULL`,\n sql`${authorizationCodes.expiresAt} > NOW()`,\n ),\n )\n .returning();\n if (!rows.length) return null;\n return codeRow(rows[0] as Record<string, unknown>);\n },\n },\n\n refresh: {\n async create(input) {\n const [row] = await db\n .insert(refreshTokens)\n .values({\n id: input.id,\n tokenHash: input.tokenHash,\n appId: input.appId,\n userId: input.userId,\n familyId: input.familyId,\n scope: input.scope,\n expiresAt: input.expiresAt,\n })\n .returning();\n return refreshRow(row as Record<string, unknown>);\n },\n async getByHash(hash) {\n const rows = await db\n .select()\n .from(refreshTokens)\n .where(eq(refreshTokens.tokenHash, hash))\n .limit(1);\n if (!rows.length) return null;\n return refreshRow(rows[0] as Record<string, unknown>);\n },\n async markRevoked(id) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(and(eq(refreshTokens.id, id), sql`${refreshTokens.revokedAt} IS NULL`));\n },\n async revokeFamily(familyId) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(\n and(eq(refreshTokens.familyId, familyId), sql`${refreshTokens.revokedAt} IS NULL`),\n );\n },\n async revokeAllForUser(userId) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(and(eq(refreshTokens.userId, userId), sql`${refreshTokens.revokedAt} IS NULL`));\n },\n async revokeAllForApp(appId) {\n await db\n .update(refreshTokens)\n .set({ revokedAt: new Date() })\n .where(and(eq(refreshTokens.appId, appId), sql`${refreshTokens.revokedAt} IS NULL`));\n },\n async listForApp(appId) {\n const rows = await db\n .select()\n .from(refreshTokens)\n .where(eq(refreshTokens.appId, appId))\n .orderBy(desc(refreshTokens.createdAt));\n return (rows as Record<string, unknown>[]).map(refreshRow);\n },\n },\n\n consent: {\n async get(userId, appId) {\n const rows = await db\n .select()\n .from(consents)\n .where(and(eq(consents.userId, userId), eq(consents.appId, appId)))\n .limit(1);\n if (!rows.length) return null;\n return consentRow(rows[0] as Record<string, unknown>);\n },\n async upsert(userId, appId, scopesGranted) {\n await db\n .insert(consents)\n .values({ userId, appId, scopesGranted })\n .onConflictDoUpdate({\n target: [consents.userId, consents.appId],\n set: { scopesGranted, grantedAt: new Date() },\n });\n },\n async revoke(userId, appId) {\n await db\n .delete(consents)\n .where(and(eq(consents.userId, userId), eq(consents.appId, appId)));\n },\n },\n\n keys: {\n async listActive() {\n const rows = await db\n .select()\n .from(signingKeys)\n .where(eq(signingKeys.active, true))\n .orderBy(desc(signingKeys.createdAt));\n return (rows as Record<string, unknown>[]).map(keyRow);\n },\n async getActive() {\n const rows = await db\n .select()\n .from(signingKeys)\n .where(eq(signingKeys.active, true))\n .orderBy(desc(signingKeys.createdAt))\n .limit(1);\n if (!rows.length) return null;\n return keyRow(rows[0] as Record<string, unknown>);\n },\n async create(input) {\n const [row] = await db\n .insert(signingKeys)\n .values({\n kid: input.kid,\n alg: input.alg,\n publicJwk: input.publicJwk,\n privateJwk: input.privateJwk,\n active: true,\n })\n .returning();\n return keyRow(row as Record<string, unknown>);\n },\n async markRotated(kid) {\n await db\n .update(signingKeys)\n .set({ active: false, rotatedAt: new Date() })\n .where(eq(signingKeys.kid, kid));\n },\n },\n };\n}\n"]}

package/package.json ADDED Viewed

@@ -0,0 +1,65 @@
+{
+  "name": "@holeauth/idp-drizzle",
+  "version": "0.0.1-alpha.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/robert-kratz/holeauth.git",
+    "directory": "packages/idp-drizzle"
+  },
+  "description": "Drizzle adapter for @holeauth/plugin-idp (OpenID Connect IdP).",
+  "license": "MIT",
+  "author": "Robert Kratz",
+  "type": "module",
+  "sideEffects": false,
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    },
+    "./pg": {
+      "types": "./dist/pg/index.d.ts",
+      "import": "./dist/pg/index.js",
+      "require": "./dist/pg/index.cjs"
+    },
+    "./package.json": "./package.json"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
+  "peerDependencies": {
+    "drizzle-orm": ">=0.33.0",
+    "@holeauth/plugin-idp": "0.0.1-alpha.0"
+  },
+  "devDependencies": {
+    "@testcontainers/postgresql": "^11.14.0",
+    "@types/node": "^20.16.10",
+    "@types/pg": "^8.11.10",
+    "@vitest/coverage-v8": "^2.1.9",
+    "drizzle-orm": "^0.36.0",
+    "pg": "^8.13.0",
+    "testcontainers": "^11.14.0",
+    "tsup": "^8.3.0",
+    "typescript": "^5.6.2",
+    "vitest": "^2.1.2",
+    "@holeauth/eslint-config": "0.0.0",
+    "@holeauth/plugin-idp": "0.0.1-alpha.0",
+    "@holeauth/tsconfig": "0.0.0"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "clean": "rm -rf dist .turbo",
+    "lint": "echo 'lint skipped'",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run --passWithNoTests",
+    "test:coverage": "vitest run --coverage"
+  }
+}