@iblai/web-utils 1.8.1 → 1.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. package/dist/auth/index.d.ts +202 -0
  2. package/dist/auth/index.esm.js +363 -0
  3. package/dist/auth/index.esm.js.map +1 -0
  4. package/dist/auth/index.js +379 -0
  5. package/dist/auth/index.js.map +1 -0
  6. package/dist/auth/web-utils/src/utils/auth.d.ts +199 -0
  7. package/dist/auth/web-utils/tests/hooks/chat/use-mentor-tools.test.d.ts +1 -0
  8. package/dist/auth/web-utils/tests/hooks/subscription/class-subscription-flow.test.d.ts +1 -0
  9. package/dist/auth/web-utils/tests/hooks/subscription/constants.test.d.ts +1 -0
  10. package/dist/auth/web-utils/tests/hooks/subscription/use-subscription-handler.test.d.ts +1 -0
  11. package/dist/auth/web-utils/tests/hooks/subscription-v2/use-subscription-handler.test.d.ts +1 -0
  12. package/dist/auth/web-utils/tests/hooks/use-day-js.test.d.ts +1 -0
  13. package/dist/auth/web-utils/tests/hooks/use-mentor-settings.test.d.ts +1 -0
  14. package/dist/auth/web-utils/tests/providers/mentor-provider.test.d.ts +1 -0
  15. package/dist/auth/web-utils/tests/providers/tenant-provider.test.d.ts +1 -0
  16. package/dist/auth/web-utils/tests/setupTests.d.ts +5 -0
  17. package/dist/auth/web-utils/tests/utils/helpers.test.d.ts +1 -0
  18. package/dist/data-layer/src/features/core/api-slice.d.ts +110 -109
  19. package/dist/index.d.ts +10 -5
  20. package/dist/index.esm.js +31 -4
  21. package/dist/index.esm.js.map +1 -1
  22. package/dist/index.js +31 -3
  23. package/dist/index.js.map +1 -1
  24. package/dist/package.json +6 -1
  25. package/dist/web-utils/src/providers/auth-provider.d.ts +3 -3
  26. package/dist/web-utils/src/utils/constants.d.ts +5 -0
  27. package/package.json +6 -1
@@ -0,0 +1,202 @@
1
+ /**
2
+ * Authentication and Authorization Utilities
3
+ *
4
+ * This module provides utility functions for handling authentication flows,
5
+ * including redirects to auth SPA, cookie management, and session handling.
6
+ */
7
+ /**
8
+ * Check if the current window is inside an iframe
9
+ * @returns {boolean} True if running in an iframe, false otherwise
10
+ */
11
+ declare function isInIframe(): boolean;
12
+ /**
13
+ * Send a message to the parent website (when in iframe)
14
+ * @param payload - The data to send to parent window
15
+ */
16
+ declare function sendMessageToParentWebsite(payload: unknown): void;
17
+ /**
18
+ * Delete a cookie with specific name, path, and domain
19
+ * @param name - Cookie name
20
+ * @param path - Cookie path
21
+ * @param domain - Cookie domain
22
+ */
23
+ declare function deleteCookie(name: string, path: string, domain: string): void;
24
+ /**
25
+ * Get all possible domain parts for cookie deletion
26
+ * @param domain - The domain to split
27
+ * @returns Array of domain parts
28
+ * @example
29
+ * getDomainParts('app.example.com') // returns ['app.example.com', 'example.com', 'com']
30
+ */
31
+ declare function getDomainParts(domain: string): string[];
32
+ /**
33
+ * Delete a cookie across all possible domain variations
34
+ * @param name - Cookie name to delete
35
+ * @param childDomain - The current domain
36
+ */
37
+ declare function deleteCookieOnAllDomains(name: string, childDomain: string): void;
38
+ /**
39
+ * Get the parent domain from a given domain
40
+ * @param domain - The domain to process
41
+ * @returns The parent domain (e.g., 'app.example.com' → '.example.com')
42
+ */
43
+ declare function getParentDomain(domain?: string): string;
44
+ /**
45
+ * Set a cookie for authentication with cross-domain support
46
+ * @param name - Cookie name
47
+ * @param value - Cookie value
48
+ * @param days - Number of days until expiration (default: 365)
49
+ */
50
+ declare function setCookieForAuth(name: string, value: string, days?: number): void;
51
+ /**
52
+ * Clear all cookies for the current domain
53
+ */
54
+ declare function clearCookies(): void;
55
+ /**
56
+ * Get the value of a cookie by name
57
+ * @param name - Cookie name
58
+ * @returns The cookie value or null if not found
59
+ */
60
+ declare function getCookieValue(name: string): string | null;
61
+ /**
62
+ * Check if user is currently logged in
63
+ * @param tokenKey - The localStorage key for the auth token (default: 'axd_token')
64
+ * @returns True if logged in, false otherwise
65
+ */
66
+ declare function isLoggedIn(tokenKey?: string): boolean;
67
+ /**
68
+ * Extract platform/tenant key from URL
69
+ * @param url - The URL to parse
70
+ * @param pattern - RegExp pattern to match platform key (default matches /platform/[key]/...)
71
+ * @returns The platform key or null if not found
72
+ */
73
+ declare function getPlatformKey(url: string, pattern?: RegExp): string | null;
74
+ interface RedirectToAuthSpaOptions {
75
+ /** URL to redirect to after auth (defaults to current path + search) */
76
+ redirectTo?: string;
77
+ /** Platform/tenant key */
78
+ platformKey?: string;
79
+ /** Whether this is a logout action */
80
+ logout?: boolean;
81
+ /** Whether to save redirect path to localStorage (default: true) */
82
+ saveRedirect?: boolean;
83
+ /** Auth SPA base URL */
84
+ authUrl: string;
85
+ /** Current app/platform identifier (e.g., 'mentor', 'skills') */
86
+ appName: string;
87
+ /** Query param names */
88
+ queryParams?: {
89
+ app?: string;
90
+ redirectTo?: string;
91
+ tenant?: string;
92
+ };
93
+ /** localStorage key for saving redirect path */
94
+ redirectPathStorageKey?: string;
95
+ /** Cookie names for cross-SPA sync */
96
+ cookieNames?: {
97
+ currentTenant?: string;
98
+ userData?: string;
99
+ tenant?: string;
100
+ logoutTimestamp?: string;
101
+ loginTimestamp?: string;
102
+ tenantSwitching?: string;
103
+ };
104
+ /** Function to check if auth token is valid and non-expired. Used to skip redirect when a recent login occurred. */
105
+ hasNonExpiredAuthToken?: () => boolean;
106
+ /** Function to check if the app is in offline mode (e.g., Tauri offline). Skips redirect when true. */
107
+ isOffline?: () => boolean;
108
+ /** localStorage key for a token to preserve before clearing storage (e.g., 'edx_jwt_token') */
109
+ preserveTokenKey?: string;
110
+ /** Path to an auth redirect proxy endpoint (e.g., '/api/auth-redirect'). When set, redirects via this proxy in browser. */
111
+ authRedirectProxy?: string;
112
+ /** Function to check if the app is running as a native app (e.g., Tauri). Affects redirect behavior. */
113
+ isNativeApp?: () => boolean;
114
+ forceRedirect?: boolean;
115
+ }
116
+ /**
117
+ * Redirect to authentication SPA for login/logout
118
+ *
119
+ * This function handles the complete authentication flow:
120
+ * - Clears localStorage and cookies on logout
121
+ * - Saves redirect path for post-auth return
122
+ * - Handles iframe scenarios
123
+ * - Syncs logout across multiple SPAs via cookies
124
+ *
125
+ * @param options - Configuration options for the redirect
126
+ *
127
+ * @example
128
+ * ```tsx
129
+ * // Basic usage
130
+ * redirectToAuthSpa({
131
+ * authUrl: 'https://auth.example.com',
132
+ * appName: 'mentor',
133
+ * });
134
+ *
135
+ * // With logout
136
+ * redirectToAuthSpa({
137
+ * authUrl: 'https://auth.example.com',
138
+ * appName: 'mentor',
139
+ * logout: true,
140
+ * platformKey: 'my-tenant',
141
+ * });
142
+ *
143
+ * // With custom redirect
144
+ * redirectToAuthSpa({
145
+ * authUrl: 'https://auth.example.com',
146
+ * appName: 'mentor',
147
+ * redirectTo: '/dashboard',
148
+ * platformKey: 'my-tenant',
149
+ * });
150
+ * ```
151
+ */
152
+ declare function redirectToAuthSpa(options: RedirectToAuthSpaOptions): Promise<void>;
153
+ /**
154
+ * Get the URL for joining a tenant (sign up flow)
155
+ * @param authUrl - Auth SPA base URL
156
+ * @param tenantKey - Tenant to join
157
+ * @param redirectUrl - URL to redirect to after joining (defaults to current URL)
158
+ * @returns The join URL
159
+ */
160
+ declare function getAuthSpaJoinUrl(authUrl: string, tenantKey?: string, redirectUrl?: string): string;
161
+ /**
162
+ * Redirect to auth SPA's join/signup page for a specific tenant
163
+ * @param authUrl - Auth SPA base URL
164
+ * @param tenantKey - Tenant to join
165
+ * @param redirectUrl - URL to redirect to after joining (defaults to current URL)
166
+ */
167
+ declare function redirectToAuthSpaJoinTenant(authUrl: string, tenantKey?: string, redirectUrl?: string): void;
168
+ interface HandleLogoutOptions {
169
+ /** URL to redirect to after logout (defaults to current origin) */
170
+ redirectUrl?: string;
171
+ /** Auth SPA base URL */
172
+ authUrl: string;
173
+ /** localStorage key for tenant */
174
+ tenantStorageKey?: string;
175
+ /** Cookie name for logout timestamp */
176
+ logoutTimestampCookie?: string;
177
+ /** Callback to execute before logout */
178
+ callback?: () => void;
179
+ }
180
+ /**
181
+ * Handle user logout
182
+ *
183
+ * This function:
184
+ * - Clears localStorage (preserving tenant)
185
+ * - Sets logout timestamp cookie for cross-SPA sync
186
+ * - Clears all cookies
187
+ * - Redirects to auth SPA logout endpoint
188
+ *
189
+ * @param options - Logout configuration options
190
+ *
191
+ * @example
192
+ * ```tsx
193
+ * handleLogout({
194
+ * authUrl: 'https://auth.example.com',
195
+ * redirectUrl: 'https://app.example.com',
196
+ * });
197
+ * ```
198
+ */
199
+ declare function handleLogout(options: HandleLogoutOptions): void;
200
+
201
+ export { clearCookies, deleteCookie, deleteCookieOnAllDomains, getAuthSpaJoinUrl, getCookieValue, getDomainParts, getParentDomain, getPlatformKey, handleLogout, isInIframe, isLoggedIn, redirectToAuthSpa, redirectToAuthSpaJoinTenant, sendMessageToParentWebsite, setCookieForAuth };
202
+ export type { HandleLogoutOptions, RedirectToAuthSpaOptions };
@@ -0,0 +1,363 @@
1
+ /**
2
+ * Authentication and Authorization Utilities
3
+ *
4
+ * This module provides utility functions for handling authentication flows,
5
+ * including redirects to auth SPA, cookie management, and session handling.
6
+ */
7
+ /**
8
+ * Check if the current window is inside an iframe
9
+ * @returns {boolean} True if running in an iframe, false otherwise
10
+ */
11
+ function isInIframe() {
12
+ if (typeof window === "undefined") {
13
+ return false;
14
+ }
15
+ return (window === null || window === void 0 ? void 0 : window.self) !== (window === null || window === void 0 ? void 0 : window.top);
16
+ }
17
+ /**
18
+ * Send a message to the parent website (when in iframe)
19
+ * @param payload - The data to send to parent window
20
+ */
21
+ function sendMessageToParentWebsite(payload) {
22
+ window.parent.postMessage(payload, "*");
23
+ }
24
+ /**
25
+ * Delete a cookie with specific name, path, and domain
26
+ * @param name - Cookie name
27
+ * @param path - Cookie path
28
+ * @param domain - Cookie domain
29
+ */
30
+ function deleteCookie(name, path, domain) {
31
+ const expires = "expires=Thu, 01 Jan 1970 00:00:00 UTC;";
32
+ const cookieValue = `${name}=;`;
33
+ const pathValue = path ? `path=${path};` : "";
34
+ const domainValue = domain ? `domain=${domain};` : "";
35
+ document.cookie = cookieValue + expires + pathValue + domainValue;
36
+ }
37
+ /**
38
+ * Get all possible domain parts for cookie deletion
39
+ * @param domain - The domain to split
40
+ * @returns Array of domain parts
41
+ * @example
42
+ * getDomainParts('app.example.com') // returns ['app.example.com', 'example.com', 'com']
43
+ */
44
+ function getDomainParts(domain) {
45
+ const parts = domain.split(".");
46
+ const domains = [];
47
+ for (let i = parts.length - 1; i >= 0; i--) {
48
+ domains.push(parts.slice(i).join("."));
49
+ }
50
+ return domains;
51
+ }
52
+ /**
53
+ * Delete a cookie across all possible domain variations
54
+ * @param name - Cookie name to delete
55
+ * @param childDomain - The current domain
56
+ */
57
+ function deleteCookieOnAllDomains(name, childDomain) {
58
+ getDomainParts(childDomain).forEach((domainPart) => {
59
+ deleteCookie(name, "/", domainPart);
60
+ deleteCookie(name, "", domainPart);
61
+ });
62
+ }
63
+ /**
64
+ * Get the parent domain from a given domain
65
+ * @param domain - The domain to process
66
+ * @returns The parent domain (e.g., 'app.example.com' → '.example.com')
67
+ */
68
+ function getParentDomain(domain) {
69
+ if (!domain) {
70
+ return "";
71
+ }
72
+ const parts = domain.split(".");
73
+ return parts.length > 1 ? `.${parts.slice(-2).join(".")}` : domain;
74
+ }
75
+ /**
76
+ * Set a cookie for authentication with cross-domain support
77
+ * @param name - Cookie name
78
+ * @param value - Cookie value
79
+ * @param days - Number of days until expiration (default: 365)
80
+ */
81
+ function setCookieForAuth(name, value, days = 365) {
82
+ const expires = new Date();
83
+ expires.setTime(expires.getTime() + days * 24 * 60 * 60 * 1000);
84
+ const hostname = window.location.hostname;
85
+ let baseDomain = hostname;
86
+ // Calculate base domain (skip for localhost and IP addresses)
87
+ if (hostname !== "localhost" && !/^\d+\.\d+\.\d+\.\d+$/.test(hostname)) {
88
+ const parts = hostname.split(".");
89
+ if (parts.length > 2) {
90
+ baseDomain = `.${parts.slice(-2).join(".")}`;
91
+ }
92
+ }
93
+ const domainAttr = baseDomain ? `;domain=${baseDomain}` : "";
94
+ document.cookie = `${name}=${encodeURIComponent(value)};expires=${expires.toUTCString()};path=/;SameSite=None;Secure${domainAttr}`;
95
+ }
96
+ /**
97
+ * Clear all cookies for the current domain
98
+ */
99
+ function clearCookies() {
100
+ const cookies = document.cookie.split(";");
101
+ for (let i = 0; i < cookies.length; i++) {
102
+ const cookie = cookies[i];
103
+ const eqPos = cookie.indexOf("=");
104
+ const name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
105
+ deleteCookieOnAllDomains(name, window.location.hostname);
106
+ document.cookie = `${name}=;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;Domain=${getParentDomain(window.location.hostname)}`;
107
+ }
108
+ }
109
+ /**
110
+ * Get the value of a cookie by name
111
+ * @param name - Cookie name
112
+ * @returns The cookie value or null if not found
113
+ */
114
+ function getCookieValue(name) {
115
+ const match = document.cookie.match(new RegExp(`(?:^|;\\s*)${name}=([^;]*)`));
116
+ return match ? decodeURIComponent(match[1]) : null;
117
+ }
118
+ /**
119
+ * Check if user is currently logged in
120
+ * @param tokenKey - The localStorage key for the auth token (default: 'axd_token')
121
+ * @returns True if logged in, false otherwise
122
+ */
123
+ function isLoggedIn(tokenKey = "axd_token") {
124
+ return !!localStorage.getItem(tokenKey);
125
+ }
126
+ /**
127
+ * Extract platform/tenant key from URL
128
+ * @param url - The URL to parse
129
+ * @param pattern - RegExp pattern to match platform key (default matches /platform/[key]/...)
130
+ * @returns The platform key or null if not found
131
+ */
132
+ function getPlatformKey(url, pattern = /\/platform\/([^/]+)/) {
133
+ const match = url.match(pattern);
134
+ return match ? match[1] : null;
135
+ }
136
+ /**
137
+ * Redirect to authentication SPA for login/logout
138
+ *
139
+ * This function handles the complete authentication flow:
140
+ * - Clears localStorage and cookies on logout
141
+ * - Saves redirect path for post-auth return
142
+ * - Handles iframe scenarios
143
+ * - Syncs logout across multiple SPAs via cookies
144
+ *
145
+ * @param options - Configuration options for the redirect
146
+ *
147
+ * @example
148
+ * ```tsx
149
+ * // Basic usage
150
+ * redirectToAuthSpa({
151
+ * authUrl: 'https://auth.example.com',
152
+ * appName: 'mentor',
153
+ * });
154
+ *
155
+ * // With logout
156
+ * redirectToAuthSpa({
157
+ * authUrl: 'https://auth.example.com',
158
+ * appName: 'mentor',
159
+ * logout: true,
160
+ * platformKey: 'my-tenant',
161
+ * });
162
+ *
163
+ * // With custom redirect
164
+ * redirectToAuthSpa({
165
+ * authUrl: 'https://auth.example.com',
166
+ * appName: 'mentor',
167
+ * redirectTo: '/dashboard',
168
+ * platformKey: 'my-tenant',
169
+ * });
170
+ * ```
171
+ */
172
+ async function redirectToAuthSpa(options) {
173
+ const { redirectTo, platformKey, logout = false, saveRedirect = true, authUrl, appName, queryParams = {
174
+ app: "app",
175
+ redirectTo: "redirect-to",
176
+ tenant: "tenant",
177
+ }, redirectPathStorageKey = "redirect_to", cookieNames = {
178
+ currentTenant: "ibl_current_tenant",
179
+ userData: "ibl_user_data",
180
+ tenant: "ibl_tenant",
181
+ logoutTimestamp: "ibl_logout_timestamp",
182
+ loginTimestamp: "ibl_login_timestamp",
183
+ tenantSwitching: "ibl_tenant_switching",
184
+ }, hasNonExpiredAuthToken, isOffline, preserveTokenKey, authRedirectProxy, isNativeApp, forceRedirect = false, } = options;
185
+ console.log("[redirectToAuthSpa] starting redirect to auth spa", redirectTo, platformKey, logout, saveRedirect, forceRedirect);
186
+ // Skip if a tenant switch is already in progress
187
+ if (!forceRedirect &&
188
+ cookieNames.tenantSwitching &&
189
+ document.cookie.includes(cookieNames.tenantSwitching)) {
190
+ console.log("[redirectToAuthSpa] Tenant switch in progress, skipping redirect");
191
+ return;
192
+ }
193
+ // Skip if a login occurred after the last logout (login takes precedence)
194
+ // but only if this app actually has a valid auth token
195
+ if (!forceRedirect &&
196
+ hasNonExpiredAuthToken &&
197
+ cookieNames.loginTimestamp &&
198
+ cookieNames.logoutTimestamp) {
199
+ const loginTs = getCookieValue(cookieNames.loginTimestamp);
200
+ const logoutTs = getCookieValue(cookieNames.logoutTimestamp);
201
+ const hasValidToken = hasNonExpiredAuthToken();
202
+ console.log("[redirectToAuthSpa] Login/logout timestamp check", {
203
+ loginTs,
204
+ logoutTs,
205
+ hasValidToken,
206
+ loginAhead: loginTs && logoutTs ? Number(loginTs) > Number(logoutTs) : false,
207
+ });
208
+ if (!forceRedirect &&
209
+ hasValidToken &&
210
+ loginTs &&
211
+ logoutTs &&
212
+ Number(loginTs) > Number(logoutTs)) {
213
+ console.log("[redirectToAuthSpa] Login timestamp is ahead of logout timestamp, skipping redirect", { loginTs, logoutTs });
214
+ return;
215
+ }
216
+ }
217
+ // Skip redirect in offline mode
218
+ if (isOffline === null || isOffline === void 0 ? void 0 : isOffline()) {
219
+ console.log("[redirectToAuthSpa] Skipping redirect - offline mode");
220
+ return;
221
+ }
222
+ // Preserve a token before clearing localStorage if requested
223
+ const preservedToken = preserveTokenKey
224
+ ? window.localStorage.getItem(preserveTokenKey)
225
+ : null;
226
+ console.log("[redirectToAuthSpa] clearing local storage");
227
+ localStorage.clear();
228
+ if (logout || isInIframe()) {
229
+ // Delete authentication cookies for cross-SPA synchronization
230
+ const currentDomain = window.location.hostname;
231
+ if (cookieNames.currentTenant) {
232
+ deleteCookieOnAllDomains(cookieNames.currentTenant, currentDomain);
233
+ }
234
+ if (cookieNames.userData) {
235
+ deleteCookieOnAllDomains(cookieNames.userData, currentDomain);
236
+ }
237
+ if (cookieNames.tenant) {
238
+ deleteCookieOnAllDomains(cookieNames.tenant, currentDomain);
239
+ }
240
+ // Set logout timestamp cookie to trigger logout on other SPAs
241
+ if (cookieNames.logoutTimestamp && !isInIframe()) {
242
+ setCookieForAuth(cookieNames.logoutTimestamp, Date.now().toString());
243
+ }
244
+ }
245
+ // Handle iframe scenario
246
+ if (isInIframe()) {
247
+ console.log("[redirectToAuthSpa]: sending authExpired to parent");
248
+ sendMessageToParentWebsite({ authExpired: true });
249
+ return;
250
+ }
251
+ const redirectPath = redirectTo !== null && redirectTo !== void 0 ? redirectTo : `${window.location.pathname}${window.location.search}`;
252
+ // Never save sso-login routes as redirect paths
253
+ if (!redirectPath.startsWith("/sso-login") &&
254
+ !redirectPath.startsWith("/sso-login-complete") &&
255
+ saveRedirect) {
256
+ window.localStorage.setItem(redirectPathStorageKey, redirectPath);
257
+ }
258
+ const platform = platformKey !== null && platformKey !== void 0 ? platformKey : getPlatformKey(redirectPath);
259
+ const redirectToUrl = `${window.location.origin}`;
260
+ let authRedirectUrl = `${authUrl}/login?${queryParams.app}=${appName}`;
261
+ authRedirectUrl += `&${queryParams.redirectTo}=${redirectToUrl}`;
262
+ if (platform) {
263
+ authRedirectUrl += `&${queryParams.tenant}=${platform}`;
264
+ }
265
+ if (logout) {
266
+ authRedirectUrl += "&logout=1";
267
+ }
268
+ // Small delay for any pending operations
269
+ await new Promise((resolve) => setTimeout(resolve, 100));
270
+ if (isNativeApp === null || isNativeApp === void 0 ? void 0 : isNativeApp()) {
271
+ // On native apps (e.g., Tauri), pass preserved token and navigate directly
272
+ if (preservedToken && preserveTokenKey) {
273
+ authRedirectUrl += `&token=${encodeURIComponent(preservedToken)}`;
274
+ console.log("[redirectToAuthSpa] Added preserved token to auth URL");
275
+ }
276
+ console.log("[redirectToAuthSpa] Native app, navigating to auth URL:", authRedirectUrl);
277
+ window.location.href = authRedirectUrl;
278
+ }
279
+ else if (authRedirectProxy) {
280
+ // Use auth redirect proxy endpoint
281
+ window.location.href = `${authRedirectProxy}?to=${encodeURIComponent(authRedirectUrl)}`;
282
+ }
283
+ else {
284
+ window.location.href = authRedirectUrl;
285
+ }
286
+ }
287
+ /**
288
+ * Get the URL for joining a tenant (sign up flow)
289
+ * @param authUrl - Auth SPA base URL
290
+ * @param tenantKey - Tenant to join
291
+ * @param redirectUrl - URL to redirect to after joining (defaults to current URL)
292
+ * @returns The join URL
293
+ */
294
+ function getAuthSpaJoinUrl(authUrl, tenantKey, redirectUrl) {
295
+ const resolvedTenant = tenantKey || getPlatformKey(window.location.pathname) || "";
296
+ if (!resolvedTenant) {
297
+ return "";
298
+ }
299
+ const targetUrl = redirectUrl !== null && redirectUrl !== void 0 ? redirectUrl : window.location.href;
300
+ const joinUrl = `${authUrl}/join?tenant=${encodeURIComponent(resolvedTenant)}&redirect-to=${encodeURIComponent(targetUrl)}`;
301
+ return joinUrl;
302
+ }
303
+ /**
304
+ * Redirect to auth SPA's join/signup page for a specific tenant
305
+ * @param authUrl - Auth SPA base URL
306
+ * @param tenantKey - Tenant to join
307
+ * @param redirectUrl - URL to redirect to after joining (defaults to current URL)
308
+ */
309
+ function redirectToAuthSpaJoinTenant(authUrl, tenantKey, redirectUrl) {
310
+ const resolvedTenant = tenantKey || getPlatformKey(window.location.pathname) || "";
311
+ if (!resolvedTenant) {
312
+ console.log("[auth-redirect] Missing tenant key for join", {
313
+ tenantKey,
314
+ redirectUrl,
315
+ });
316
+ redirectToAuthSpa({
317
+ authUrl,
318
+ appName: "app", // Will need to be configured
319
+ redirectTo: redirectUrl,
320
+ });
321
+ return;
322
+ }
323
+ const targetUrl = redirectUrl !== null && redirectUrl !== void 0 ? redirectUrl : window.location.href;
324
+ const joinUrl = `${authUrl}/join?tenant=${encodeURIComponent(resolvedTenant)}&redirect-to=${encodeURIComponent(targetUrl)}`;
325
+ window.location.href = joinUrl;
326
+ }
327
+ /**
328
+ * Handle user logout
329
+ *
330
+ * This function:
331
+ * - Clears localStorage (preserving tenant)
332
+ * - Sets logout timestamp cookie for cross-SPA sync
333
+ * - Clears all cookies
334
+ * - Redirects to auth SPA logout endpoint
335
+ *
336
+ * @param options - Logout configuration options
337
+ *
338
+ * @example
339
+ * ```tsx
340
+ * handleLogout({
341
+ * authUrl: 'https://auth.example.com',
342
+ * redirectUrl: 'https://app.example.com',
343
+ * });
344
+ * ```
345
+ */
346
+ function handleLogout(options) {
347
+ const { redirectUrl = window.location.origin, authUrl, tenantStorageKey = "tenant", logoutTimestampCookie = "ibl_logout_timestamp", callback, } = options;
348
+ const tenant = window.localStorage.getItem(tenantStorageKey);
349
+ window.localStorage.clear();
350
+ if (tenant) {
351
+ window.localStorage.setItem(tenantStorageKey, tenant);
352
+ }
353
+ // Set logout timestamp cookie to trigger logout on other SPAs
354
+ setCookieForAuth(logoutTimestampCookie, Date.now().toString());
355
+ clearCookies();
356
+ callback === null || callback === void 0 ? void 0 : callback();
357
+ if (!isInIframe()) {
358
+ window.location.href = `${authUrl}/logout?redirect-to=${redirectUrl}${tenant ? "&tenant=" + tenant : ""}`;
359
+ }
360
+ }
361
+
362
+ export { clearCookies, deleteCookie, deleteCookieOnAllDomains, getAuthSpaJoinUrl, getCookieValue, getDomainParts, getParentDomain, getPlatformKey, handleLogout, isInIframe, isLoggedIn, redirectToAuthSpa, redirectToAuthSpaJoinTenant, sendMessageToParentWebsite, setCookieForAuth };
363
+ //# sourceMappingURL=index.esm.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.esm.js","sources":["../../src/utils/auth.ts"],"sourcesContent":["/**\n * Authentication and Authorization Utilities\n *\n * This module provides utility functions for handling authentication flows,\n * including redirects to auth SPA, cookie management, and session handling.\n */\n\n/**\n * Check if the current window is inside an iframe\n * @returns {boolean} True if running in an iframe, false otherwise\n */\nexport function isInIframe(): boolean {\n if (typeof window === \"undefined\") {\n return false;\n }\n return window?.self !== window?.top;\n}\n\n/**\n * Send a message to the parent website (when in iframe)\n * @param payload - The data to send to parent window\n */\nexport function sendMessageToParentWebsite(payload: unknown): void {\n window.parent.postMessage(payload, \"*\");\n}\n\n/**\n * Delete a cookie with specific name, path, and domain\n * @param name - Cookie name\n * @param path - Cookie path\n * @param domain - Cookie domain\n */\nexport function deleteCookie(name: string, path: string, domain: string): void {\n const expires = \"expires=Thu, 01 Jan 1970 00:00:00 UTC;\";\n const cookieValue = `${name}=;`;\n const pathValue = path ? `path=${path};` : \"\";\n const domainValue = domain ? `domain=${domain};` : \"\";\n document.cookie = cookieValue + expires + pathValue + domainValue;\n}\n\n/**\n * Get all possible domain parts for cookie deletion\n * @param domain - The domain to split\n * @returns Array of domain parts\n * @example\n * getDomainParts('app.example.com') // returns ['app.example.com', 'example.com', 'com']\n */\nexport function getDomainParts(domain: string): string[] {\n const parts = domain.split(\".\");\n const domains: string[] = [];\n for (let i = parts.length - 1; i >= 0; i--) {\n domains.push(parts.slice(i).join(\".\"));\n }\n return domains;\n}\n\n/**\n * Delete a cookie across all possible domain variations\n * @param name - Cookie name to delete\n * @param childDomain - The current domain\n */\nexport function deleteCookieOnAllDomains(\n name: string,\n childDomain: string,\n): void {\n getDomainParts(childDomain).forEach((domainPart) => {\n deleteCookie(name, \"/\", domainPart);\n deleteCookie(name, \"\", domainPart);\n });\n}\n\n/**\n * Get the parent domain from a given domain\n * @param domain - The domain to process\n * @returns The parent domain (e.g., 'app.example.com' → '.example.com')\n */\nexport function getParentDomain(domain?: string): string {\n if (!domain) {\n return \"\";\n }\n const parts = domain.split(\".\");\n return parts.length > 1 ? `.${parts.slice(-2).join(\".\")}` : domain;\n}\n\n/**\n * Set a cookie for authentication with cross-domain support\n * @param name - Cookie name\n * @param value - Cookie value\n * @param days - Number of days until expiration (default: 365)\n */\nexport function setCookieForAuth(\n name: string,\n value: string,\n days: number = 365,\n): void {\n const expires = new Date();\n expires.setTime(expires.getTime() + days * 24 * 60 * 60 * 1000);\n\n const hostname = window.location.hostname;\n let baseDomain = hostname;\n\n // Calculate base domain (skip for localhost and IP addresses)\n if (hostname !== \"localhost\" && !/^\\d+\\.\\d+\\.\\d+\\.\\d+$/.test(hostname)) {\n const parts = hostname.split(\".\");\n if (parts.length > 2) {\n baseDomain = `.${parts.slice(-2).join(\".\")}`;\n }\n }\n\n const domainAttr = baseDomain ? `;domain=${baseDomain}` : \"\";\n document.cookie = `${name}=${encodeURIComponent(value)};expires=${expires.toUTCString()};path=/;SameSite=None;Secure${domainAttr}`;\n}\n\n/**\n * Clear all cookies for the current domain\n */\nexport function clearCookies(): void {\n const cookies = document.cookie.split(\";\");\n for (let i = 0; i < cookies.length; i++) {\n const cookie = cookies[i];\n const eqPos = cookie.indexOf(\"=\");\n const name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;\n deleteCookieOnAllDomains(name, window.location.hostname);\n document.cookie = `${name}=;expires=Thu, 01 Jan 1970 00:00:00 GMT;path=/;Domain=${getParentDomain(\n window.location.hostname,\n )}`;\n }\n}\n\n/**\n * Get the value of a cookie by name\n * @param name - Cookie name\n * @returns The cookie value or null if not found\n */\nexport function getCookieValue(name: string): string | null {\n const match = document.cookie.match(new RegExp(`(?:^|;\\\\s*)${name}=([^;]*)`));\n return match ? decodeURIComponent(match[1]) : null;\n}\n\n/**\n * Check if user is currently logged in\n * @param tokenKey - The localStorage key for the auth token (default: 'axd_token')\n * @returns True if logged in, false otherwise\n */\nexport function isLoggedIn(tokenKey: string = \"axd_token\"): boolean {\n return !!localStorage.getItem(tokenKey);\n}\n\n/**\n * Extract platform/tenant key from URL\n * @param url - The URL to parse\n * @param pattern - RegExp pattern to match platform key (default matches /platform/[key]/...)\n * @returns The platform key or null if not found\n */\nexport function getPlatformKey(\n url: string,\n pattern: RegExp = /\\/platform\\/([^/]+)/,\n): string | null {\n const match = url.match(pattern);\n return match ? match[1] : null;\n}\n\nexport interface RedirectToAuthSpaOptions {\n /** URL to redirect to after auth (defaults to current path + search) */\n redirectTo?: string;\n /** Platform/tenant key */\n platformKey?: string;\n /** Whether this is a logout action */\n logout?: boolean;\n /** Whether to save redirect path to localStorage (default: true) */\n saveRedirect?: boolean;\n /** Auth SPA base URL */\n authUrl: string;\n /** Current app/platform identifier (e.g., 'mentor', 'skills') */\n appName: string;\n /** Query param names */\n queryParams?: {\n app?: string;\n redirectTo?: string;\n tenant?: string;\n };\n /** localStorage key for saving redirect path */\n redirectPathStorageKey?: string;\n /** Cookie names for cross-SPA sync */\n cookieNames?: {\n currentTenant?: string;\n userData?: string;\n tenant?: string;\n logoutTimestamp?: string;\n loginTimestamp?: string;\n tenantSwitching?: string;\n };\n /** Function to check if auth token is valid and non-expired. Used to skip redirect when a recent login occurred. */\n hasNonExpiredAuthToken?: () => boolean;\n /** Function to check if the app is in offline mode (e.g., Tauri offline). Skips redirect when true. */\n isOffline?: () => boolean;\n /** localStorage key for a token to preserve before clearing storage (e.g., 'edx_jwt_token') */\n preserveTokenKey?: string;\n /** Path to an auth redirect proxy endpoint (e.g., '/api/auth-redirect'). When set, redirects via this proxy in browser. */\n authRedirectProxy?: string;\n /** Function to check if the app is running as a native app (e.g., Tauri). Affects redirect behavior. */\n isNativeApp?: () => boolean;\n forceRedirect?: boolean;\n}\n\n/**\n * Redirect to authentication SPA for login/logout\n *\n * This function handles the complete authentication flow:\n * - Clears localStorage and cookies on logout\n * - Saves redirect path for post-auth return\n * - Handles iframe scenarios\n * - Syncs logout across multiple SPAs via cookies\n *\n * @param options - Configuration options for the redirect\n *\n * @example\n * ```tsx\n * // Basic usage\n * redirectToAuthSpa({\n * authUrl: 'https://auth.example.com',\n * appName: 'mentor',\n * });\n *\n * // With logout\n * redirectToAuthSpa({\n * authUrl: 'https://auth.example.com',\n * appName: 'mentor',\n * logout: true,\n * platformKey: 'my-tenant',\n * });\n *\n * // With custom redirect\n * redirectToAuthSpa({\n * authUrl: 'https://auth.example.com',\n * appName: 'mentor',\n * redirectTo: '/dashboard',\n * platformKey: 'my-tenant',\n * });\n * ```\n */\nexport async function redirectToAuthSpa(\n options: RedirectToAuthSpaOptions,\n): Promise<void> {\n const {\n redirectTo,\n platformKey,\n logout = false,\n saveRedirect = true,\n authUrl,\n appName,\n queryParams = {\n app: \"app\",\n redirectTo: \"redirect-to\",\n tenant: \"tenant\",\n },\n redirectPathStorageKey = \"redirect_to\",\n cookieNames = {\n currentTenant: \"ibl_current_tenant\",\n userData: \"ibl_user_data\",\n tenant: \"ibl_tenant\",\n logoutTimestamp: \"ibl_logout_timestamp\",\n loginTimestamp: \"ibl_login_timestamp\",\n tenantSwitching: \"ibl_tenant_switching\",\n },\n hasNonExpiredAuthToken,\n isOffline,\n preserveTokenKey,\n authRedirectProxy,\n isNativeApp,\n forceRedirect = false,\n } = options;\n\n console.log(\n \"[redirectToAuthSpa] starting redirect to auth spa\",\n redirectTo,\n platformKey,\n logout,\n saveRedirect,\n forceRedirect,\n );\n\n // Skip if a tenant switch is already in progress\n if (\n !forceRedirect &&\n cookieNames.tenantSwitching &&\n document.cookie.includes(cookieNames.tenantSwitching)\n ) {\n console.log(\n \"[redirectToAuthSpa] Tenant switch in progress, skipping redirect\",\n );\n return;\n }\n\n // Skip if a login occurred after the last logout (login takes precedence)\n // but only if this app actually has a valid auth token\n if (\n !forceRedirect &&\n hasNonExpiredAuthToken &&\n cookieNames.loginTimestamp &&\n cookieNames.logoutTimestamp\n ) {\n const loginTs = getCookieValue(cookieNames.loginTimestamp);\n const logoutTs = getCookieValue(cookieNames.logoutTimestamp);\n const hasValidToken = hasNonExpiredAuthToken();\n console.log(\"[redirectToAuthSpa] Login/logout timestamp check\", {\n loginTs,\n logoutTs,\n hasValidToken,\n loginAhead:\n loginTs && logoutTs ? Number(loginTs) > Number(logoutTs) : false,\n });\n if (\n !forceRedirect &&\n hasValidToken &&\n loginTs &&\n logoutTs &&\n Number(loginTs) > Number(logoutTs)\n ) {\n console.log(\n \"[redirectToAuthSpa] Login timestamp is ahead of logout timestamp, skipping redirect\",\n { loginTs, logoutTs },\n );\n return;\n }\n }\n\n // Skip redirect in offline mode\n if (isOffline?.()) {\n console.log(\"[redirectToAuthSpa] Skipping redirect - offline mode\");\n return;\n }\n\n // Preserve a token before clearing localStorage if requested\n const preservedToken = preserveTokenKey\n ? window.localStorage.getItem(preserveTokenKey)\n : null;\n\n console.log(\"[redirectToAuthSpa] clearing local storage\");\n localStorage.clear();\n\n if (logout || isInIframe()) {\n // Delete authentication cookies for cross-SPA synchronization\n const currentDomain = window.location.hostname;\n if (cookieNames.currentTenant) {\n deleteCookieOnAllDomains(cookieNames.currentTenant, currentDomain);\n }\n if (cookieNames.userData) {\n deleteCookieOnAllDomains(cookieNames.userData, currentDomain);\n }\n if (cookieNames.tenant) {\n deleteCookieOnAllDomains(cookieNames.tenant, currentDomain);\n }\n\n // Set logout timestamp cookie to trigger logout on other SPAs\n if (cookieNames.logoutTimestamp && !isInIframe()) {\n setCookieForAuth(cookieNames.logoutTimestamp, Date.now().toString());\n }\n }\n\n // Handle iframe scenario\n if (isInIframe()) {\n console.log(\"[redirectToAuthSpa]: sending authExpired to parent\");\n sendMessageToParentWebsite({ authExpired: true });\n return;\n }\n\n const redirectPath =\n redirectTo ?? `${window.location.pathname}${window.location.search}`;\n\n // Never save sso-login routes as redirect paths\n if (\n !redirectPath.startsWith(\"/sso-login\") &&\n !redirectPath.startsWith(\"/sso-login-complete\") &&\n saveRedirect\n ) {\n window.localStorage.setItem(redirectPathStorageKey, redirectPath);\n }\n\n const platform = platformKey ?? getPlatformKey(redirectPath);\n\n const redirectToUrl = `${window.location.origin}`;\n\n let authRedirectUrl = `${authUrl}/login?${queryParams.app}=${appName}`;\n\n authRedirectUrl += `&${queryParams.redirectTo}=${redirectToUrl}`;\n\n if (platform) {\n authRedirectUrl += `&${queryParams.tenant}=${platform}`;\n }\n if (logout) {\n authRedirectUrl += \"&logout=1\";\n }\n\n // Small delay for any pending operations\n await new Promise((resolve) => setTimeout(resolve, 100));\n\n if (isNativeApp?.()) {\n // On native apps (e.g., Tauri), pass preserved token and navigate directly\n if (preservedToken && preserveTokenKey) {\n authRedirectUrl += `&token=${encodeURIComponent(preservedToken)}`;\n console.log(\"[redirectToAuthSpa] Added preserved token to auth URL\");\n }\n console.log(\n \"[redirectToAuthSpa] Native app, navigating to auth URL:\",\n authRedirectUrl,\n );\n window.location.href = authRedirectUrl;\n } else if (authRedirectProxy) {\n // Use auth redirect proxy endpoint\n window.location.href = `${authRedirectProxy}?to=${encodeURIComponent(authRedirectUrl)}`;\n } else {\n window.location.href = authRedirectUrl;\n }\n}\n\n/**\n * Get the URL for joining a tenant (sign up flow)\n * @param authUrl - Auth SPA base URL\n * @param tenantKey - Tenant to join\n * @param redirectUrl - URL to redirect to after joining (defaults to current URL)\n * @returns The join URL\n */\nexport function getAuthSpaJoinUrl(\n authUrl: string,\n tenantKey?: string,\n redirectUrl?: string,\n): string {\n const resolvedTenant =\n tenantKey || getPlatformKey(window.location.pathname) || \"\";\n\n if (!resolvedTenant) {\n return \"\";\n }\n\n const targetUrl = redirectUrl ?? window.location.href;\n const joinUrl = `${authUrl}/join?tenant=${encodeURIComponent(resolvedTenant)}&redirect-to=${encodeURIComponent(\n targetUrl,\n )}`;\n return joinUrl;\n}\n\n/**\n * Redirect to auth SPA's join/signup page for a specific tenant\n * @param authUrl - Auth SPA base URL\n * @param tenantKey - Tenant to join\n * @param redirectUrl - URL to redirect to after joining (defaults to current URL)\n */\nexport function redirectToAuthSpaJoinTenant(\n authUrl: string,\n tenantKey?: string,\n redirectUrl?: string,\n): void {\n const resolvedTenant =\n tenantKey || getPlatformKey(window.location.pathname) || \"\";\n\n if (!resolvedTenant) {\n console.log(\"[auth-redirect] Missing tenant key for join\", {\n tenantKey,\n redirectUrl,\n });\n redirectToAuthSpa({\n authUrl,\n appName: \"app\", // Will need to be configured\n redirectTo: redirectUrl,\n });\n return;\n }\n\n const targetUrl = redirectUrl ?? window.location.href;\n const joinUrl = `${authUrl}/join?tenant=${encodeURIComponent(resolvedTenant)}&redirect-to=${encodeURIComponent(\n targetUrl,\n )}`;\n\n window.location.href = joinUrl;\n}\n\nexport interface HandleLogoutOptions {\n /** URL to redirect to after logout (defaults to current origin) */\n redirectUrl?: string;\n /** Auth SPA base URL */\n authUrl: string;\n /** localStorage key for tenant */\n tenantStorageKey?: string;\n /** Cookie name for logout timestamp */\n logoutTimestampCookie?: string;\n /** Callback to execute before logout */\n callback?: () => void;\n}\n\n/**\n * Handle user logout\n *\n * This function:\n * - Clears localStorage (preserving tenant)\n * - Sets logout timestamp cookie for cross-SPA sync\n * - Clears all cookies\n * - Redirects to auth SPA logout endpoint\n *\n * @param options - Logout configuration options\n *\n * @example\n * ```tsx\n * handleLogout({\n * authUrl: 'https://auth.example.com',\n * redirectUrl: 'https://app.example.com',\n * });\n * ```\n */\nexport function handleLogout(options: HandleLogoutOptions): void {\n const {\n redirectUrl = window.location.origin,\n authUrl,\n tenantStorageKey = \"tenant\",\n logoutTimestampCookie = \"ibl_logout_timestamp\",\n callback,\n } = options;\n\n const tenant = window.localStorage.getItem(tenantStorageKey);\n window.localStorage.clear();\n if (tenant) {\n window.localStorage.setItem(tenantStorageKey, tenant);\n }\n\n // Set logout timestamp cookie to trigger logout on other SPAs\n setCookieForAuth(logoutTimestampCookie, Date.now().toString());\n\n clearCookies();\n callback?.();\n\n if (!isInIframe()) {\n window.location.href = `${authUrl}/logout?redirect-to=${redirectUrl}${tenant ? \"&tenant=\" + tenant : \"\"}`;\n }\n}\n"],"names":[],"mappings":"AAAA;;;;;AAKG;AAEH;;;AAGG;SACa,UAAU,GAAA;AACxB,IAAA,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;AACjC,QAAA,OAAO,KAAK;IACd;AACA,IAAA,OAAO,CAAA,MAAM,KAAA,IAAA,IAAN,MAAM,KAAA,MAAA,GAAA,MAAA,GAAN,MAAM,CAAE,IAAI,OAAK,MAAM,aAAN,MAAM,KAAA,MAAA,GAAA,MAAA,GAAN,MAAM,CAAE,GAAG,CAAA;AACrC;AAEA;;;AAGG;AACG,SAAU,0BAA0B,CAAC,OAAgB,EAAA;IACzD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC;AACzC;AAEA;;;;;AAKG;SACa,YAAY,CAAC,IAAY,EAAE,IAAY,EAAE,MAAc,EAAA;IACrE,MAAM,OAAO,GAAG,wCAAwC;AACxD,IAAA,MAAM,WAAW,GAAG,CAAA,EAAG,IAAI,IAAI;AAC/B,IAAA,MAAM,SAAS,GAAG,IAAI,GAAG,CAAA,KAAA,EAAQ,IAAI,CAAA,CAAA,CAAG,GAAG,EAAE;AAC7C,IAAA,MAAM,WAAW,GAAG,MAAM,GAAG,CAAA,OAAA,EAAU,MAAM,CAAA,CAAA,CAAG,GAAG,EAAE;IACrD,QAAQ,CAAC,MAAM,GAAG,WAAW,GAAG,OAAO,GAAG,SAAS,GAAG,WAAW;AACnE;AAEA;;;;;;AAMG;AACG,SAAU,cAAc,CAAC,MAAc,EAAA;IAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;IAC/B,MAAM,OAAO,GAAa,EAAE;AAC5B,IAAA,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE;AAC1C,QAAA,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxC;AACA,IAAA,OAAO,OAAO;AAChB;AAEA;;;;AAIG;AACG,SAAU,wBAAwB,CACtC,IAAY,EACZ,WAAmB,EAAA;IAEnB,cAAc,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,UAAU,KAAI;AACjD,QAAA,YAAY,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC;AACnC,QAAA,YAAY,CAAC,IAAI,EAAE,EAAE,EAAE,UAAU,CAAC;AACpC,IAAA,CAAC,CAAC;AACJ;AAEA;;;;AAIG;AACG,SAAU,eAAe,CAAC,MAAe,EAAA;IAC7C,IAAI,CAAC,MAAM,EAAE;AACX,QAAA,OAAO,EAAE;IACX;IACA,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;IAC/B,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,GAAG,CAAA,CAAA,EAAI,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA,CAAE,GAAG,MAAM;AACpE;AAEA;;;;;AAKG;AACG,SAAU,gBAAgB,CAC9B,IAAY,EACZ,KAAa,EACb,OAAe,GAAG,EAAA;AAElB,IAAA,MAAM,OAAO,GAAG,IAAI,IAAI,EAAE;AAC1B,IAAA,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE/D,IAAA,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ;IACzC,IAAI,UAAU,GAAG,QAAQ;;AAGzB,IAAA,IAAI,QAAQ,KAAK,WAAW,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;QACtE,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC;AACjC,QAAA,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;AACpB,YAAA,UAAU,GAAG,CAAA,CAAA,EAAI,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;QAC9C;IACF;AAEA,IAAA,MAAM,UAAU,GAAG,UAAU,GAAG,CAAA,QAAA,EAAW,UAAU,CAAA,CAAE,GAAG,EAAE;AAC5D,IAAA,QAAQ,CAAC,MAAM,GAAG,GAAG,IAAI,CAAA,CAAA,EAAI,kBAAkB,CAAC,KAAK,CAAC,CAAA,SAAA,EAAY,OAAO,CAAC,WAAW,EAAE,CAAA,4BAAA,EAA+B,UAAU,EAAE;AACpI;AAEA;;AAEG;SACa,YAAY,GAAA;IAC1B,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;AAC1C,IAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;AACvC,QAAA,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;QACzB,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC;QACjC,MAAM,IAAI,GAAG,KAAK,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,MAAM;QAC1D,wBAAwB,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACxD,QAAA,QAAQ,CAAC,MAAM,GAAG,CAAA,EAAG,IAAI,CAAA,sDAAA,EAAyD,eAAe,CAC/F,MAAM,CAAC,QAAQ,CAAC,QAAQ,CACzB,EAAE;IACL;AACF;AAEA;;;;AAIG;AACG,SAAU,cAAc,CAAC,IAAY,EAAA;AACzC,IAAA,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,CAAA,WAAA,EAAc,IAAI,CAAA,QAAA,CAAU,CAAC,CAAC;AAC7E,IAAA,OAAO,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI;AACpD;AAEA;;;;AAIG;AACG,SAAU,UAAU,CAAC,QAAA,GAAmB,WAAW,EAAA;IACvD,OAAO,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC;AACzC;AAEA;;;;;AAKG;SACa,cAAc,CAC5B,GAAW,EACX,UAAkB,qBAAqB,EAAA;IAEvC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC;AAChC,IAAA,OAAO,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI;AAChC;AA6CA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmCG;AACI,eAAe,iBAAiB,CACrC,OAAiC,EAAA;AAEjC,IAAA,MAAM,EACJ,UAAU,EACV,WAAW,EACX,MAAM,GAAG,KAAK,EACd,YAAY,GAAG,IAAI,EACnB,OAAO,EACP,OAAO,EACP,WAAW,GAAG;AACZ,QAAA,GAAG,EAAE,KAAK;AACV,QAAA,UAAU,EAAE,aAAa;AACzB,QAAA,MAAM,EAAE,QAAQ;AACjB,KAAA,EACD,sBAAsB,GAAG,aAAa,EACtC,WAAW,GAAG;AACZ,QAAA,aAAa,EAAE,oBAAoB;AACnC,QAAA,QAAQ,EAAE,eAAe;AACzB,QAAA,MAAM,EAAE,YAAY;AACpB,QAAA,eAAe,EAAE,sBAAsB;AACvC,QAAA,cAAc,EAAE,qBAAqB;AACrC,QAAA,eAAe,EAAE,sBAAsB;AACxC,KAAA,EACD,sBAAsB,EACtB,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,WAAW,EACX,aAAa,GAAG,KAAK,GACtB,GAAG,OAAO;AAEX,IAAA,OAAO,CAAC,GAAG,CACT,mDAAmD,EACnD,UAAU,EACV,WAAW,EACX,MAAM,EACN,YAAY,EACZ,aAAa,CACd;;AAGD,IAAA,IACE,CAAC,aAAa;AACd,QAAA,WAAW,CAAC,eAAe;QAC3B,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,eAAe,CAAC,EACrD;AACA,QAAA,OAAO,CAAC,GAAG,CACT,kEAAkE,CACnE;QACD;IACF;;;AAIA,IAAA,IACE,CAAC,aAAa;QACd,sBAAsB;AACtB,QAAA,WAAW,CAAC,cAAc;QAC1B,WAAW,CAAC,eAAe,EAC3B;QACA,MAAM,OAAO,GAAG,cAAc,CAAC,WAAW,CAAC,cAAc,CAAC;QAC1D,MAAM,QAAQ,GAAG,cAAc,CAAC,WAAW,CAAC,eAAe,CAAC;AAC5D,QAAA,MAAM,aAAa,GAAG,sBAAsB,EAAE;AAC9C,QAAA,OAAO,CAAC,GAAG,CAAC,kDAAkD,EAAE;YAC9D,OAAO;YACP,QAAQ;YACR,aAAa;AACb,YAAA,UAAU,EACR,OAAO,IAAI,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,KAAK;AACnE,SAAA,CAAC;AACF,QAAA,IACE,CAAC,aAAa;YACd,aAAa;YACb,OAAO;YACP,QAAQ;YACR,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,EAClC;YACA,OAAO,CAAC,GAAG,CACT,qFAAqF,EACrF,EAAE,OAAO,EAAE,QAAQ,EAAE,CACtB;YACD;QACF;IACF;;AAGA,IAAA,IAAI,SAAS,KAAA,IAAA,IAAT,SAAS,uBAAT,SAAS,EAAI,EAAE;AACjB,QAAA,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC;QACnE;IACF;;IAGA,MAAM,cAAc,GAAG;UACnB,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,gBAAgB;UAC5C,IAAI;AAER,IAAA,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC;IACzD,YAAY,CAAC,KAAK,EAAE;AAEpB,IAAA,IAAI,MAAM,IAAI,UAAU,EAAE,EAAE;;AAE1B,QAAA,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ;AAC9C,QAAA,IAAI,WAAW,CAAC,aAAa,EAAE;AAC7B,YAAA,wBAAwB,CAAC,WAAW,CAAC,aAAa,EAAE,aAAa,CAAC;QACpE;AACA,QAAA,IAAI,WAAW,CAAC,QAAQ,EAAE;AACxB,YAAA,wBAAwB,CAAC,WAAW,CAAC,QAAQ,EAAE,aAAa,CAAC;QAC/D;AACA,QAAA,IAAI,WAAW,CAAC,MAAM,EAAE;AACtB,YAAA,wBAAwB,CAAC,WAAW,CAAC,MAAM,EAAE,aAAa,CAAC;QAC7D;;QAGA,IAAI,WAAW,CAAC,eAAe,IAAI,CAAC,UAAU,EAAE,EAAE;AAChD,YAAA,gBAAgB,CAAC,WAAW,CAAC,eAAe,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;QACtE;IACF;;IAGA,IAAI,UAAU,EAAE,EAAE;AAChB,QAAA,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC;AACjE,QAAA,0BAA0B,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;QACjD;IACF;IAEA,MAAM,YAAY,GAChB,UAAU,KAAA,IAAA,IAAV,UAAU,KAAA,MAAA,GAAV,UAAU,GAAI,CAAA,EAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAA,EAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAA,CAAE;;AAGtE,IAAA,IACE,CAAC,YAAY,CAAC,UAAU,CAAC,YAAY,CAAC;AACtC,QAAA,CAAC,YAAY,CAAC,UAAU,CAAC,qBAAqB,CAAC;AAC/C,QAAA,YAAY,EACZ;QACA,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,sBAAsB,EAAE,YAAY,CAAC;IACnE;AAEA,IAAA,MAAM,QAAQ,GAAG,WAAW,KAAA,IAAA,IAAX,WAAW,KAAA,MAAA,GAAX,WAAW,GAAI,cAAc,CAAC,YAAY,CAAC;IAE5D,MAAM,aAAa,GAAG,CAAA,EAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAA,CAAE;IAEjD,IAAI,eAAe,GAAG,CAAA,EAAG,OAAO,CAAA,OAAA,EAAU,WAAW,CAAC,GAAG,CAAA,CAAA,EAAI,OAAO,CAAA,CAAE;IAEtE,eAAe,IAAI,IAAI,WAAW,CAAC,UAAU,CAAA,CAAA,EAAI,aAAa,EAAE;IAEhE,IAAI,QAAQ,EAAE;QACZ,eAAe,IAAI,IAAI,WAAW,CAAC,MAAM,CAAA,CAAA,EAAI,QAAQ,EAAE;IACzD;IACA,IAAI,MAAM,EAAE;QACV,eAAe,IAAI,WAAW;IAChC;;AAGA,IAAA,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;AAExD,IAAA,IAAI,WAAW,KAAA,IAAA,IAAX,WAAW,uBAAX,WAAW,EAAI,EAAE;;AAEnB,QAAA,IAAI,cAAc,IAAI,gBAAgB,EAAE;AACtC,YAAA,eAAe,IAAI,CAAA,OAAA,EAAU,kBAAkB,CAAC,cAAc,CAAC,EAAE;AACjE,YAAA,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC;QACtE;AACA,QAAA,OAAO,CAAC,GAAG,CACT,yDAAyD,EACzD,eAAe,CAChB;AACD,QAAA,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,eAAe;IACxC;SAAO,IAAI,iBAAiB,EAAE;;AAE5B,QAAA,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAA,EAAG,iBAAiB,CAAA,IAAA,EAAO,kBAAkB,CAAC,eAAe,CAAC,EAAE;IACzF;SAAO;AACL,QAAA,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,eAAe;IACxC;AACF;AAEA;;;;;;AAMG;SACa,iBAAiB,CAC/B,OAAe,EACf,SAAkB,EAClB,WAAoB,EAAA;AAEpB,IAAA,MAAM,cAAc,GAClB,SAAS,IAAI,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE;IAE7D,IAAI,CAAC,cAAc,EAAE;AACnB,QAAA,OAAO,EAAE;IACX;AAEA,IAAA,MAAM,SAAS,GAAG,WAAW,KAAA,IAAA,IAAX,WAAW,KAAA,MAAA,GAAX,WAAW,GAAI,MAAM,CAAC,QAAQ,CAAC,IAAI;AACrD,IAAA,MAAM,OAAO,GAAG,CAAA,EAAG,OAAO,gBAAgB,kBAAkB,CAAC,cAAc,CAAC,gBAAgB,kBAAkB,CAC5G,SAAS,CACV,EAAE;AACH,IAAA,OAAO,OAAO;AAChB;AAEA;;;;;AAKG;SACa,2BAA2B,CACzC,OAAe,EACf,SAAkB,EAClB,WAAoB,EAAA;AAEpB,IAAA,MAAM,cAAc,GAClB,SAAS,IAAI,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE;IAE7D,IAAI,CAAC,cAAc,EAAE;AACnB,QAAA,OAAO,CAAC,GAAG,CAAC,6CAA6C,EAAE;YACzD,SAAS;YACT,WAAW;AACZ,SAAA,CAAC;AACF,QAAA,iBAAiB,CAAC;YAChB,OAAO;YACP,OAAO,EAAE,KAAK;AACd,YAAA,UAAU,EAAE,WAAW;AACxB,SAAA,CAAC;QACF;IACF;AAEA,IAAA,MAAM,SAAS,GAAG,WAAW,KAAA,IAAA,IAAX,WAAW,KAAA,MAAA,GAAX,WAAW,GAAI,MAAM,CAAC,QAAQ,CAAC,IAAI;AACrD,IAAA,MAAM,OAAO,GAAG,CAAA,EAAG,OAAO,gBAAgB,kBAAkB,CAAC,cAAc,CAAC,gBAAgB,kBAAkB,CAC5G,SAAS,CACV,EAAE;AAEH,IAAA,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,OAAO;AAChC;AAeA;;;;;;;;;;;;;;;;;;AAkBG;AACG,SAAU,YAAY,CAAC,OAA4B,EAAA;IACvD,MAAM,EACJ,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EACpC,OAAO,EACP,gBAAgB,GAAG,QAAQ,EAC3B,qBAAqB,GAAG,sBAAsB,EAC9C,QAAQ,GACT,GAAG,OAAO;IAEX,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,gBAAgB,CAAC;AAC5D,IAAA,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE;IAC3B,IAAI,MAAM,EAAE;QACV,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAC;IACvD;;IAGA,gBAAgB,CAAC,qBAAqB,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;AAE9D,IAAA,YAAY,EAAE;AACd,IAAA,QAAQ,KAAA,IAAA,IAAR,QAAQ,KAAA,MAAA,GAAA,MAAA,GAAR,QAAQ,EAAI;AAEZ,IAAA,IAAI,CAAC,UAAU,EAAE,EAAE;QACjB,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAA,EAAG,OAAO,CAAA,oBAAA,EAAuB,WAAW,CAAA,EAAG,MAAM,GAAG,UAAU,GAAG,MAAM,GAAG,EAAE,CAAA,CAAE;IAC3G;AACF;;;;"}