npm - @intlayer/backend - Versions diffs - 7.0.9-canary.0 → 7.0.9-canary.3 - Mend

@intlayer/backend 7.0.9-canary.0 → 7.0.9-canary.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (915) hide show

package/dist/esm/node_modules/@better-auth/sso/dist/index.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.mjs","names":["z.object","z.string","z.enum","saml","z.array","z.boolean","z.record","z.any"],"sources":["../../../../../../../../node_modules/@better-auth/sso/dist/index.mjs"],"sourcesContent":["import { generateState } from 'better-auth';\nimport { APIError, sessionMiddleware } from 'better-auth/api';\nimport { parseState, validateAuthorizationCode, validateToken, handleOAuthUserInfo, createAuthorizationURL } from 'better-auth/oauth2';\nimport { createAuthEndpoint } from 'better-auth/plugins';\nimport * as z from 'zod/v4';\nimport * as saml from 'samlify';\nimport { betterFetch, BetterFetchError } from '@better-fetch/fetch';\nimport { decodeJwt } from 'jose';\nimport { setSessionCookie } from 'better-auth/cookies';\nimport { XMLValidator } from 'fast-xml-parser';\n\nconst fastValidator = {\n async validate(xml) {\n const isValid = XMLValidator.validate(xml, {\n allowBooleanAttributes: true\n });\n if (isValid === true) return \"SUCCESS_VALIDATE_XML\";\n throw \"ERR_INVALID_XML\";\n }\n};\nsaml.setSchemaValidator(fastValidator);\nfunction safeJsonParse(value) {\n if (!value) return null;\n if (typeof value === \"object\") {\n return value;\n }\n if (typeof value === \"string\") {\n try {\n return JSON.parse(value);\n } catch (error) {\n throw new Error(\n `Failed to parse JSON: ${error instanceof Error ? error.message : \"Unknown error\"}`\n );\n }\n }\n return null;\n}\nconst sso = (options) => {\n return {\n id: \"sso\",\n endpoints: {\n spMetadata: createAuthEndpoint(\n \"/sso/saml2/sp/metadata\",\n {\n method: \"GET\",\n query: z.object({\n providerId: z.string(),\n format: z.enum([\"xml\", \"json\"]).default(\"xml\")\n }),\n metadata: {\n openapi: {\n summary: \"Get Service Provider metadata\",\n description: \"Returns the SAML metadata for the Service Provider\",\n responses: {\n \"200\": {\n description: \"SAML metadata in XML format\"\n }\n }\n }\n }\n },\n async (ctx) => {\n const provider = await ctx.context.adapter.findOne({\n model: \"ssoProvider\",\n where: [\n {\n field: \"providerId\",\n value: ctx.query.providerId\n }\n ]\n });\n if (!provider) {\n throw new APIError(\"NOT_FOUND\", {\n message: \"No provider found for the given providerId\"\n });\n }\n const parsedSamlConfig = safeJsonParse(\n provider.samlConfig\n );\n if (!parsedSamlConfig) {\n throw new APIError(\"BAD_REQUEST\", {\n message: \"Invalid SAML configuration\"\n });\n }\n const sp = parsedSamlConfig.spMetadata.metadata ? saml.ServiceProvider({\n metadata: parsedSamlConfig.spMetadata.metadata\n }) : saml.SPMetadata({\n entityID: parsedSamlConfig.spMetadata?.entityID || parsedSamlConfig.issuer,\n assertionConsumerService: [\n {\n Binding: \"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\",\n Location: parsedSamlConfig.callbackUrl || `${ctx.context.baseURL}/sso/saml2/sp/acs/${provider.id}`\n }\n ],\n wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,\n nameIDFormat: parsedSamlConfig.identifierFormat ? [parsedSamlConfig.identifierFormat] : void 0\n });\n return new Response(sp.getMetadata(), {\n headers: {\n \"Content-Type\": \"application/xml\"\n }\n });\n }\n ),\n registerSSOProvider: createAuthEndpoint(\n \"/sso/register\",\n {\n method: \"POST\",\n body: z.object({\n providerId: z.string({}).meta({\n description: \"The ID of the provider. This is used to identify the provider during login and callback\"\n }),\n issuer: z.string({}).meta({\n description: \"The issuer of the provider\"\n }),\n domain: z.string({}).meta({\n description: \"The domain of the provider. This is used for email matching\"\n }),\n oidcConfig: z.object({\n clientId: z.string({}).meta({\n description: \"The client ID\"\n }),\n clientSecret: z.string({}).meta({\n description: \"The client secret\"\n }),\n authorizationEndpoint: z.string({}).meta({\n description: \"The authorization endpoint\"\n }).optional(),\n tokenEndpoint: z.string({}).meta({\n description: \"The token endpoint\"\n }).optional(),\n userInfoEndpoint: z.string({}).meta({\n description: \"The user info endpoint\"\n }).optional(),\n tokenEndpointAuthentication: z.enum([\"client_secret_post\", \"client_secret_basic\"]).optional(),\n jwksEndpoint: z.string({}).meta({\n description: \"The JWKS endpoint\"\n }).optional(),\n discoveryEndpoint: z.string().optional(),\n scopes: z.array(z.string(), {}).meta({\n description: \"The scopes to request. Defaults to ['openid', 'email', 'profile', 'offline_access']\"\n }).optional(),\n pkce: z.boolean({}).meta({\n description: \"Whether to use PKCE for the authorization flow\"\n }).default(true).optional(),\n mapping: z.object({\n id: z.string({}).meta({\n description: \"Field mapping for user ID (defaults to 'sub')\"\n }),\n email: z.string({}).meta({\n description: \"Field mapping for email (defaults to 'email')\"\n }),\n emailVerified: z.string({}).meta({\n description: \"Field mapping for email verification (defaults to 'email_verified')\"\n }).optional(),\n name: z.string({}).meta({\n description: \"Field mapping for name (defaults to 'name')\"\n }),\n image: z.string({}).meta({\n description: \"Field mapping for image (defaults to 'picture')\"\n }).optional(),\n extraFields: z.record(z.string(), z.any()).optional()\n }).optional()\n }).optional(),\n samlConfig: z.object({\n entryPoint: z.string({}).meta({\n description: \"The entry point of the provider\"\n }),\n cert: z.string({}).meta({\n description: \"The certificate of the provider\"\n }),\n callbackUrl: z.string({}).meta({\n description: \"The callback URL of the provider\"\n }),\n audience: z.string().optional(),\n idpMetadata: z.object({\n metadata: z.string().optional(),\n entityID: z.string().optional(),\n cert: z.string().optional(),\n privateKey: z.string().optional(),\n privateKeyPass: z.string().optional(),\n isAssertionEncrypted: z.boolean().optional(),\n encPrivateKey: z.string().optional(),\n encPrivateKeyPass: z.string().optional(),\n singleSignOnService: z.array(\n z.object({\n Binding: z.string().meta({\n description: \"The binding type for the SSO service\"\n }),\n Location: z.string().meta({\n description: \"The URL for the SSO service\"\n })\n })\n ).optional().meta({\n description: \"Single Sign-On service configuration\"\n })\n }).optional(),\n spMetadata: z.object({\n metadata: z.string().optional(),\n entityID: z.string().optional(),\n binding: z.string().optional(),\n privateKey: z.string().optional(),\n privateKeyPass: z.string().optional(),\n isAssertionEncrypted: z.boolean().optional(),\n encPrivateKey: z.string().optional(),\n encPrivateKeyPass: z.string().optional()\n }),\n wantAssertionsSigned: z.boolean().optional(),\n signatureAlgorithm: z.string().optional(),\n digestAlgorithm: z.string().optional(),\n identifierFormat: z.string().optional(),\n privateKey: z.string().optional(),\n decryptionPvk: z.string().optional(),\n additionalParams: z.record(z.string(), z.any()).optional(),\n mapping: z.object({\n id: z.string({}).meta({\n description: \"Field mapping for user ID (defaults to 'nameID')\"\n }),\n email: z.string({}).meta({\n description: \"Field mapping for email (defaults to 'email')\"\n }),\n emailVerified: z.string({}).meta({\n description: \"Field mapping for email verification\"\n }).optional(),\n name: z.string({}).meta({\n description: \"Field mapping for name (defaults to 'displayName')\"\n }),\n firstName: z.string({}).meta({\n description: \"Field mapping for first name (defaults to 'givenName')\"\n }).optional(),\n lastName: z.string({}).meta({\n description: \"Field mapping for last name (defaults to 'surname')\"\n }).optional(),\n extraFields: z.record(z.string(), z.any()).optional()\n }).optional()\n }).optional(),\n organizationId: z.string({}).meta({\n description: \"If organization plugin is enabled, the organization id to link the provider to\"\n }).optional(),\n overrideUserInfo: z.boolean({}).meta({\n description: \"Override user info with the provider info. Defaults to false\"\n }).default(false).optional()\n }),\n use: [sessionMiddleware],\n metadata: {\n openapi: {\n summary: \"Register an OIDC provider\",\n description: \"This endpoint is used to register an OIDC provider. This is used to configure the provider and link it to an organization\",\n responses: {\n \"200\": {\n description: \"OIDC provider created successfully\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: {\n issuer: {\n type: \"string\",\n format: \"uri\",\n description: \"The issuer URL of the provider\"\n },\n domain: {\n type: \"string\",\n description: \"The domain of the provider, used for email matching\"\n },\n oidcConfig: {\n type: \"object\",\n properties: {\n issuer: {\n type: \"string\",\n format: \"uri\",\n description: \"The issuer URL of the provider\"\n },\n pkce: {\n type: \"boolean\",\n description: \"Whether PKCE is enabled for the authorization flow\"\n },\n clientId: {\n type: \"string\",\n description: \"The client ID for the provider\"\n },\n clientSecret: {\n type: \"string\",\n description: \"The client secret for the provider\"\n },\n authorizationEndpoint: {\n type: \"string\",\n format: \"uri\",\n nullable: true,\n description: \"The authorization endpoint URL\"\n },\n discoveryEndpoint: {\n type: \"string\",\n format: \"uri\",\n description: \"The discovery endpoint URL\"\n },\n userInfoEndpoint: {\n type: \"string\",\n format: \"uri\",\n nullable: true,\n description: \"The user info endpoint URL\"\n },\n scopes: {\n type: \"array\",\n items: { type: \"string\" },\n nullable: true,\n description: \"The scopes requested from the provider\"\n },\n tokenEndpoint: {\n type: \"string\",\n format: \"uri\",\n nullable: true,\n description: \"The token endpoint URL\"\n },\n tokenEndpointAuthentication: {\n type: \"string\",\n enum: [\n \"client_secret_post\",\n \"client_secret_basic\"\n ],\n nullable: true,\n description: \"Authentication method for the token endpoint\"\n },\n jwksEndpoint: {\n type: \"string\",\n format: \"uri\",\n nullable: true,\n description: \"The JWKS endpoint URL\"\n },\n mapping: {\n type: \"object\",\n nullable: true,\n properties: {\n id: {\n type: \"string\",\n description: \"Field mapping for user ID (defaults to 'sub')\"\n },\n email: {\n type: \"string\",\n description: \"Field mapping for email (defaults to 'email')\"\n },\n emailVerified: {\n type: \"string\",\n nullable: true,\n description: \"Field mapping for email verification (defaults to 'email_verified')\"\n },\n name: {\n type: \"string\",\n description: \"Field mapping for name (defaults to 'name')\"\n },\n image: {\n type: \"string\",\n nullable: true,\n description: \"Field mapping for image (defaults to 'picture')\"\n },\n extraFields: {\n type: \"object\",\n additionalProperties: { type: \"string\" },\n nullable: true,\n description: \"Additional field mappings\"\n }\n },\n required: [\"id\", \"email\", \"name\"]\n }\n },\n required: [\n \"issuer\",\n \"pkce\",\n \"clientId\",\n \"clientSecret\",\n \"discoveryEndpoint\"\n ],\n description: \"OIDC configuration for the provider\"\n },\n organizationId: {\n type: \"string\",\n nullable: true,\n description: \"ID of the linked organization, if any\"\n },\n userId: {\n type: \"string\",\n description: \"ID of the user who registered the provider\"\n },\n providerId: {\n type: \"string\",\n description: \"Unique identifier for the provider\"\n },\n redirectURI: {\n type: \"string\",\n format: \"uri\",\n description: \"The redirect URI for the provider callback\"\n }\n },\n required: [\n \"issuer\",\n \"domain\",\n \"oidcConfig\",\n \"userId\",\n \"providerId\",\n \"redirectURI\"\n ]\n }\n }\n }\n }\n }\n }\n }\n },\n async (ctx) => {\n const user = ctx.context.session?.user;\n if (!user) {\n throw new APIError(\"UNAUTHORIZED\");\n }\n const limit = typeof options?.providersLimit === \"function\" ? await options.providersLimit(user) : options?.providersLimit ?? 10;\n if (!limit) {\n throw new APIError(\"FORBIDDEN\", {\n message: \"SSO provider registration is disabled\"\n });\n }\n const providers = await ctx.context.adapter.findMany({\n model: \"ssoProvider\",\n where: [{ field: \"userId\", value: user.id }]\n });\n if (providers.length >= limit) {\n throw new APIError(\"FORBIDDEN\", {\n message: \"You have reached the maximum number of SSO providers\"\n });\n }\n const body = ctx.body;\n const issuerValidator = z.string().url();\n if (issuerValidator.safeParse(body.issuer).error) {\n throw new APIError(\"BAD_REQUEST\", {\n message: \"Invalid issuer. Must be a valid URL\"\n });\n }\n if (ctx.body.organizationId) {\n const organization = await ctx.context.adapter.findOne({\n model: \"member\",\n where: [\n {\n field: \"userId\",\n value: user.id\n },\n {\n field: \"organizationId\",\n value: ctx.body.organizationId\n }\n ]\n });\n if (!organization) {\n throw new APIError(\"BAD_REQUEST\", {\n message: \"You are not a member of the organization\"\n });\n }\n }\n const existingProvider = await ctx.context.adapter.findOne({\n model: \"ssoProvider\",\n where: [\n {\n field: \"providerId\",\n value: body.providerId\n }\n ]\n });\n if (existingProvider) {\n ctx.context.logger.info(\n `SSO provider creation attempt with existing providerId: ${body.providerId}`\n );\n throw new APIError(\"UNPROCESSABLE_ENTITY\", {\n message: \"SSO provider with this providerId already exists\"\n });\n }\n const provider = await ctx.context.adapter.create({\n model: \"ssoProvider\",\n data: {\n issuer: body.issuer,\n domain: body.domain,\n oidcConfig: body.oidcConfig ? JSON.stringify({\n issuer: body.issuer,\n clientId: body.oidcConfig.clientId,\n clientSecret: body.oidcConfig.clientSecret,\n authorizationEndpoint: body.oidcConfig.authorizationEndpoint,\n tokenEndpoint: body.oidcConfig.tokenEndpoint,\n tokenEndpointAuthentication: body.oidcConfig.tokenEndpointAuthentication,\n jwksEndpoint: body.oidcConfig.jwksEndpoint,\n pkce: body.oidcConfig.pkce,\n discoveryEndpoint: body.oidcConfig.discoveryEndpoint || `${body.issuer}/.well-known/openid-configuration`,\n mapping: body.oidcConfig.mapping,\n scopes: body.oidcConfig.scopes,\n userInfoEndpoint: body.oidcConfig.userInfoEndpoint,\n overrideUserInfo: ctx.body.overrideUserInfo || options?.defaultOverrideUserInfo || false\n }) : null,\n samlConfig: body.samlConfig ? JSON.stringify({\n issuer: body.issuer,\n entryPoint: body.samlConfig.entryPoint,\n cert: body.samlConfig.cert,\n callbackUrl: body.samlConfig.callbackUrl,\n audience: body.samlConfig.audience,\n idpMetadata: body.samlConfig.idpMetadata,\n spMetadata: body.samlConfig.spMetadata,\n wantAssertionsSigned: body.samlConfig.wantAssertionsSigned,\n signatureAlgorithm: body.samlConfig.signatureAlgorithm,\n digestAlgorithm: body.samlConfig.digestAlgorithm,\n identifierFormat: body.samlConfig.identifierFormat,\n privateKey: body.samlConfig.privateKey,\n decryptionPvk: body.samlConfig.decryptionPvk,\n additionalParams: body.samlConfig.additionalParams,\n mapping: body.samlConfig.mapping\n }) : null,\n organizationId: body.organizationId,\n userId: ctx.context.session.user.id,\n providerId: body.providerId\n }\n });\n return ctx.json({\n ...provider,\n oidcConfig: JSON.parse(\n provider.oidcConfig\n ),\n samlConfig: JSON.parse(\n provider.samlConfig\n ),\n redirectURI: `${ctx.context.baseURL}/sso/callback/${provider.providerId}`\n });\n }\n ),\n signInSSO: createAuthEndpoint(\n \"/sign-in/sso\",\n {\n method: \"POST\",\n body: z.object({\n email: z.string({}).meta({\n description: \"The email address to sign in with. This is used to identify the issuer to sign in with. It's optional if the issuer is provided\"\n }).optional(),\n organizationSlug: z.string({}).meta({\n description: \"The slug of the organization to sign in with\"\n }).optional(),\n providerId: z.string({}).meta({\n description: \"The ID of the provider to sign in with. This can be provided instead of email or issuer\"\n }).optional(),\n domain: z.string({}).meta({\n description: \"The domain of the provider.\"\n }).optional(),\n callbackURL: z.string({}).meta({\n description: \"The URL to redirect to after login\"\n }),\n errorCallbackURL: z.string({}).meta({\n description: \"The URL to redirect to after login\"\n }).optional(),\n newUserCallbackURL: z.string({}).meta({\n description: \"The URL to redirect to after login if the user is new\"\n }).optional(),\n scopes: z.array(z.string(), {}).meta({\n description: \"Scopes to request from the provider.\"\n }).optional(),\n requestSignUp: z.boolean({}).meta({\n description: \"Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider\"\n }).optional(),\n providerType: z.enum([\"oidc\", \"saml\"]).optional()\n }),\n metadata: {\n openapi: {\n summary: \"Sign in with SSO provider\",\n description: \"This endpoint is used to sign in with an SSO provider. It redirects to the provider's authorization URL\",\n requestBody: {\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: {\n email: {\n type: \"string\",\n description: \"The email address to sign in with. This is used to identify the issuer to sign in with. It's optional if the issuer is provided\"\n },\n issuer: {\n type: \"string\",\n description: \"The issuer identifier, this is the URL of the provider and can be used to verify the provider and identify the provider during login. It's optional if the email is provided\"\n },\n providerId: {\n type: \"string\",\n description: \"The ID of the provider to sign in with. This can be provided instead of email or issuer\"\n },\n callbackURL: {\n type: \"string\",\n description: \"The URL to redirect to after login\"\n },\n errorCallbackURL: {\n type: \"string\",\n description: \"The URL to redirect to after login\"\n },\n newUserCallbackURL: {\n type: \"string\",\n description: \"The URL to redirect to after login if the user is new\"\n }\n },\n required: [\"callbackURL\"]\n }\n }\n }\n },\n responses: {\n \"200\": {\n description: \"Authorization URL generated successfully for SSO sign-in\",\n content: {\n \"application/json\": {\n schema: {\n type: \"object\",\n properties: {\n url: {\n type: \"string\",\n format: \"uri\",\n description: \"The authorization URL to redirect the user to for SSO sign-in\"\n },\n redirect: {\n type: \"boolean\",\n description: \"Indicates that the client should redirect to the provided URL\",\n enum: [true]\n }\n },\n required: [\"url\", \"redirect\"]\n }\n }\n }\n }\n }\n }\n }\n },\n async (ctx) => {\n const body = ctx.body;\n let { email, organizationSlug, providerId, domain } = body;\n if (!options?.defaultSSO?.length && !email && !organizationSlug && !domain && !providerId) {\n throw new APIError(\"BAD_REQUEST\", {\n message: \"email, organizationSlug, domain or providerId is required\"\n });\n }\n domain = body.domain || email?.split(\"@\")[1];\n let orgId = \"\";\n if (organizationSlug) {\n orgId = await ctx.context.adapter.findOne({\n model: \"organization\",\n where: [\n {\n field: \"slug\",\n value: organizationSlug\n }\n ]\n }).then((res) => {\n if (!res) {\n return \"\";\n }\n return res.id;\n });\n }\n let provider = null;\n if (options?.defaultSSO?.length) {\n const matchingDefault = providerId ? options.defaultSSO.find(\n (defaultProvider) => defaultProvider.providerId === providerId\n ) : options.defaultSSO.find(\n (defaultProvider) => defaultProvider.domain === domain\n );\n if (matchingDefault) {\n provider = {\n issuer: matchingDefault.samlConfig?.issuer || matchingDefault.oidcConfig?.issuer || \"\",\n providerId: matchingDefault.providerId,\n userId: \"default\",\n oidcConfig: matchingDefault.oidcConfig,\n samlConfig: matchingDefault.samlConfig\n };\n }\n }\n if (!providerId && !orgId && !domain) {\n throw new APIError(\"BAD_REQUEST\", {\n message: \"providerId, orgId or domain is required\"\n });\n }\n if (!provider) {\n provider = await ctx.context.adapter.findOne({\n model: \"ssoProvider\",\n where: [\n {\n field: providerId ? \"providerId\" : orgId ? \"organizationId\" : \"domain\",\n value: providerId || orgId || domain\n }\n ]\n }).then((res) => {\n if (!res) {\n return null;\n }\n return {\n ...res,\n oidcConfig: res.oidcConfig ? safeJsonParse(\n res.oidcConfig\n ) || void 0 : void 0,\n samlConfig: res.samlConfig ? safeJsonParse(\n res.samlConfig\n ) || void 0 : void 0\n };\n });\n }\n if (!provider) {\n throw new APIError(\"NOT_FOUND\", {\n message: \"No provider found for the issuer\"\n });\n }\n if (body.providerType) {\n if (body.providerType === \"oidc\" && !provider.oidcConfig) {\n throw new APIError(\"BAD_REQUEST\", {\n message: \"OIDC provider is not configured\"\n });\n }\n if (body.providerType === \"saml\" && !provider.samlConfig) {\n throw new APIError(\"BAD_REQUEST\", {\n message: \"SAML provider is not configured\"\n });\n }\n }\n if (provider.oidcConfig && body.providerType !== \"saml\") {\n const state = await generateState(ctx);\n const redirectURI = `${ctx.context.baseURL}/sso/callback/${provider.providerId}`;\n const authorizationURL = await createAuthorizationURL({\n id: provider.issuer,\n options: {\n clientId: provider.oidcConfig.clientId,\n clientSecret: provider.oidcConfig.clientSecret\n },\n redirectURI,\n state: state.state,\n codeVerifier: provider.oidcConfig.pkce ? state.codeVerifier : void 0,\n scopes: ctx.body.scopes || provider.oidcConfig.scopes || [\n \"openid\",\n \"email\",\n \"profile\",\n \"offline_access\"\n ],\n authorizationEndpoint: provider.oidcConfig.authorizationEndpoint\n });\n return ctx.json({\n url: authorizationURL.toString(),\n redirect: true\n });\n }\n if (provider.samlConfig) {\n const parsedSamlConfig = typeof provider.samlConfig === \"object\" ? provider.samlConfig : safeJsonParse(\n provider.samlConfig\n );\n if (!parsedSamlConfig) {\n throw new APIError(\"BAD_REQUEST\", {\n message: \"Invalid SAML configuration\"\n });\n }\n const sp = saml.ServiceProvider({\n metadata: parsedSamlConfig.spMetadata.metadata,\n allowCreate: true\n });\n const idp = saml.IdentityProvider({\n metadata: parsedSamlConfig.idpMetadata?.metadata,\n entityID: parsedSamlConfig.idpMetadata?.entityID,\n encryptCert: parsedSamlConfig.idpMetadata?.cert,\n singleSignOnService: parsedSamlConfig.idpMetadata?.singleSignOnService\n });\n const loginRequest = sp.createLoginRequest(\n idp,\n \"redirect\"\n );\n if (!loginRequest) {\n throw new APIError(\"BAD_REQUEST\", {\n message: \"Invalid SAML request\"\n });\n }\n return ctx.json({\n url: `${loginRequest.context}&RelayState=${encodeURIComponent(\n body.callbackURL\n )}`,\n redirect: true\n });\n }\n throw new APIError(\"BAD_REQUEST\", {\n message: \"Invalid SSO provider\"\n });\n }\n ),\n callbackSSO: createAuthEndpoint(\n \"/sso/callback/:providerId\",\n {\n method: \"GET\",\n query: z.object({\n code: z.string().optional(),\n state: z.string(),\n error: z.string().optional(),\n error_description: z.string().optional()\n }),\n metadata: {\n isAction: false,\n openapi: {\n summary: \"Callback URL for SSO provider\",\n description: \"This endpoint is used as the callback URL for SSO providers. It handles the authorization code and exchanges it for an access token\",\n responses: {\n \"302\": {\n description: \"Redirects to the callback URL\"\n }\n }\n }\n }\n },\n async (ctx) => {\n const { code, state, error, error_description } = ctx.query;\n const stateData = await parseState(ctx);\n if (!stateData) {\n const errorURL2 = ctx.context.options.onAPIError?.errorURL || `${ctx.context.baseURL}/error`;\n throw ctx.redirect(`${errorURL2}?error=invalid_state`);\n }\n const { callbackURL, errorURL, newUserURL, requestSignUp } = stateData;\n if (!code || error) {\n throw ctx.redirect(\n `${errorURL || callbackURL}?error=${error}&error_description=${error_description}`\n );\n }\n let provider = null;\n if (options?.defaultSSO?.length) {\n const matchingDefault = options.defaultSSO.find(\n (defaultProvider) => defaultProvider.providerId === ctx.params.providerId\n );\n if (matchingDefault) {\n provider = {\n ...matchingDefault,\n issuer: matchingDefault.oidcConfig?.issuer || \"\",\n userId: \"default\"\n };\n }\n }\n if (!provider) {\n provider = await ctx.context.adapter.findOne({\n model: \"ssoProvider\",\n where: [\n {\n field: \"providerId\",\n value: ctx.params.providerId\n }\n ]\n }).then((res) => {\n if (!res) {\n return null;\n }\n return {\n ...res,\n oidcConfig: safeJsonParse(res.oidcConfig) || void 0\n };\n });\n }\n if (!provider) {\n throw ctx.redirect(\n `${errorURL || callbackURL}/error?error=invalid_provider&error_description=provider not found`\n );\n }\n let config = provider.oidcConfig;\n if (!config) {\n throw ctx.redirect(\n `${errorURL || callbackURL}/error?error=invalid_provider&error_description=provider not found`\n );\n }\n const discovery = await betterFetch(config.discoveryEndpoint);\n if (discovery.data) {\n config = {\n tokenEndpoint: discovery.data.token_endpoint,\n tokenEndpointAuthentication: discovery.data.token_endpoint_auth_method,\n userInfoEndpoint: discovery.data.userinfo_endpoint,\n scopes: [\"openid\", \"email\", \"profile\", \"offline_access\"],\n ...config\n };\n }\n if (!config.tokenEndpoint) {\n throw ctx.redirect(\n `${errorURL || callbackURL}/error?error=invalid_provider&error_description=token_endpoint_not_found`\n );\n }\n const tokenResponse = await validateAuthorizationCode({\n code,\n codeVerifier: config.pkce ? stateData.codeVerifier : void 0,\n redirectURI: `${ctx.context.baseURL}/sso/callback/${provider.providerId}`,\n options: {\n clientId: config.clientId,\n clientSecret: config.clientSecret\n },\n tokenEndpoint: config.tokenEndpoint,\n authentication: config.tokenEndpointAuthentication === \"client_secret_post\" ? \"post\" : \"basic\"\n }).catch((e) => {\n if (e instanceof BetterFetchError) {\n throw ctx.redirect(\n `${errorURL || callbackURL}?error=invalid_provider&error_description=${e.message}`\n );\n }\n return null;\n });\n if (!tokenResponse) {\n throw ctx.redirect(\n `${errorURL || callbackURL}/error?error=invalid_provider&error_description=token_response_not_found`\n );\n }\n let userInfo = null;\n if (tokenResponse.idToken) {\n const idToken = decodeJwt(tokenResponse.idToken);\n if (!config.jwksEndpoint) {\n throw ctx.redirect(\n `${errorURL || callbackURL}/error?error=invalid_provider&error_description=jwks_endpoint_not_found`\n );\n }\n const verified = await validateToken(\n tokenResponse.idToken,\n config.jwksEndpoint\n ).catch((e) => {\n ctx.context.logger.error(e);\n return null;\n });\n if (!verified) {\n throw ctx.redirect(\n `${errorURL || callbackURL}/error?error=invalid_provider&error_description=token_not_verified`\n );\n }\n if (verified.payload.iss !== provider.issuer) {\n throw ctx.redirect(\n `${errorURL || callbackURL}/error?error=invalid_provider&error_description=issuer_mismatch`\n );\n }\n const mapping = config.mapping || {};\n userInfo = {\n ...Object.fromEntries(\n Object.entries(mapping.extraFields || {}).map(\n ([key, value]) => [key, verified.payload[value]]\n )\n ),\n id: idToken[mapping.id || \"sub\"],\n email: idToken[mapping.email || \"email\"],\n emailVerified: options?.trustEmailVerified ? idToken[mapping.emailVerified || \"email_verified\"] : false,\n name: idToken[mapping.name || \"name\"],\n image: idToken[mapping.image || \"picture\"]\n };\n }\n if (!userInfo) {\n if (!config.userInfoEndpoint) {\n throw ctx.redirect(\n `${errorURL || callbackURL}/error?error=invalid_provider&error_description=user_info_endpoint_not_found`\n );\n }\n const userInfoResponse = await betterFetch(config.userInfoEndpoint, {\n headers: {\n Authorization: `Bearer ${tokenResponse.accessToken}`\n }\n });\n if (userInfoResponse.error) {\n throw ctx.redirect(\n `${errorURL || callbackURL}/error?error=invalid_provider&error_description=${userInfoResponse.error.message}`\n );\n }\n userInfo = userInfoResponse.data;\n }\n if (!userInfo.email || !userInfo.id) {\n throw ctx.redirect(\n `${errorURL || callbackURL}/error?error=invalid_provider&error_description=missing_user_info`\n );\n }\n const linked = await handleOAuthUserInfo(ctx, {\n userInfo: {\n email: userInfo.email,\n name: userInfo.name || userInfo.email,\n id: userInfo.id,\n image: userInfo.image,\n emailVerified: options?.trustEmailVerified ? userInfo.emailVerified || false : false\n },\n account: {\n idToken: tokenResponse.idToken,\n accessToken: tokenResponse.accessToken,\n refreshToken: tokenResponse.refreshToken,\n accountId: userInfo.id,\n providerId: provider.providerId,\n accessTokenExpiresAt: tokenResponse.accessTokenExpiresAt,\n refreshTokenExpiresAt: tokenResponse.refreshTokenExpiresAt,\n scope: tokenResponse.scopes?.join(\",\")\n },\n callbackURL,\n disableSignUp: options?.disableImplicitSignUp && !requestSignUp,\n overrideUserInfo: config.overrideUserInfo\n });\n if (linked.error) {\n throw ctx.redirect(\n `${errorURL || callbackURL}/error?error=${linked.error}`\n );\n }\n const { session, user } = linked.data;\n if (options?.provisionUser) {\n await options.provisionUser({\n user,\n userInfo,\n token: tokenResponse,\n provider\n });\n }\n if (provider.organizationId && !options?.organizationProvisioning?.disabled) {\n const isOrgPluginEnabled = ctx.context.options.plugins?.find(\n (plugin) => plugin.id === \"organization\"\n );\n if (isOrgPluginEnabled) {\n const isAlreadyMember = await ctx.context.adapter.findOne({\n model: \"member\",\n where: [\n { field: \"organizationId\", value: provider.organizationId },\n { field: \"userId\", value: user.id }\n ]\n });\n if (!isAlreadyMember) {\n const role = options?.organizationProvisioning?.getRole ? await options.organizationProvisioning.getRole({\n user,\n userInfo,\n token: tokenResponse,\n provider\n }) : options?.organizationProvisioning?.defaultRole || \"member\";\n await ctx.context.adapter.create({\n model: \"member\",\n data: {\n organizationId: provider.organizationId,\n userId: user.id,\n role,\n createdAt: /* @__PURE__ */ new Date(),\n updatedAt: /* @__PURE__ */ new Date()\n }\n });\n }\n }\n }\n await setSessionCookie(ctx, {\n session,\n user\n });\n let toRedirectTo;\n try {\n const url = linked.isRegister ? newUserURL || callbackURL : callbackURL;\n toRedirectTo = url.toString();\n } catch {\n toRedirectTo = linked.isRegister ? newUserURL || callbackURL : callbackURL;\n }\n throw ctx.redirect(toRedirectTo);\n }\n ),\n callbackSSOSAML: createAuthEndpoint(\n \"/sso/saml2/callback/:providerId\",\n {\n method: \"POST\",\n body: z.object({\n SAMLResponse: z.string(),\n RelayState: z.string().optional()\n }),\n metadata: {\n isAction: false,\n openapi: {\n summary: \"Callback URL for SAML provider\",\n description: \"This endpoint is used as the callback URL for SAML providers.\",\n responses: {\n \"302\": {\n description: \"Redirects to the callback URL\"\n },\n \"400\": {\n description: \"Invalid SAML response\"\n },\n \"401\": {\n description: \"Unauthorized - SAML authentication failed\"\n }\n }\n }\n }\n },\n async (ctx) => {\n const { SAMLResponse, RelayState } = ctx.body;\n const { providerId } = ctx.params;\n let provider = null;\n if (options?.defaultSSO?.length) {\n const matchingDefault = options.defaultSSO.find(\n (defaultProvider) => defaultProvider.providerId === providerId\n );\n if (matchingDefault) {\n provider = {\n ...matchingDefault,\n userId: \"default\",\n issuer: matchingDefault.samlConfig?.issuer || \"\"\n };\n }\n }\n if (!provider) {\n provider = await ctx.context.adapter.findOne({\n model: \"ssoProvider\",\n where: [{ field: \"providerId\", value: providerId }]\n }).then((res) => {\n if (!res) return null;\n return {\n ...res,\n samlConfig: res.samlConfig ? safeJsonParse(\n res.samlConfig\n ) || void 0 : void 0\n };\n });\n }\n if (!provider) {\n throw new APIError(\"NOT_FOUND\", {\n message: \"No provider found for the given providerId\"\n });\n }\n const parsedSamlConfig = safeJsonParse(\n provider.samlConfig\n );\n if (!parsedSamlConfig) {\n throw new APIError(\"BAD_REQUEST\", {\n message: \"Invalid SAML configuration\"\n });\n }\n const idpData = parsedSamlConfig.idpMetadata;\n let idp = null;\n if (!idpData?.metadata) {\n idp = saml.IdentityProvider({\n entityID: idpData?.entityID || parsedSamlConfig.issuer,\n singleSignOnService: [\n {\n Binding: \"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\",\n Location: parsedSamlConfig.entryPoint\n }\n ],\n signingCert: idpData?.cert || parsedSamlConfig.cert,\n wantAuthnRequestsSigned: parsedSamlConfig.wantAssertionsSigned || false,\n isAssertionEncrypted: idpData?.isAssertionEncrypted || false,\n encPrivateKey: idpData?.encPrivateKey,\n encPrivateKeyPass: idpData?.encPrivateKeyPass\n });\n } else {\n idp = saml.IdentityProvider({\n metadata: idpData.metadata,\n privateKey: idpData.privateKey,\n privateKeyPass: idpData.privateKeyPass,\n isAssertionEncrypted: idpData.isAssertionEncrypted,\n encPrivateKey: idpData.encPrivateKey,\n encPrivateKeyPass: idpData.encPrivateKeyPass\n });\n }\n const spData = parsedSamlConfig.spMetadata;\n const sp = saml.ServiceProvider({\n metadata: spData?.metadata,\n entityID: spData?.entityID || parsedSamlConfig.issuer,\n assertionConsumerService: spData?.metadata ? void 0 : [\n {\n Binding: \"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\",\n Location: parsedSamlConfig.callbackUrl\n }\n ],\n privateKey: spData?.privateKey || parsedSamlConfig.privateKey,\n privateKeyPass: spData?.privateKeyPass,\n isAssertionEncrypted: spData?.isAssertionEncrypted || false,\n encPrivateKey: spData?.encPrivateKey,\n encPrivateKeyPass: spData?.encPrivateKeyPass,\n wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,\n nameIDFormat: parsedSamlConfig.identifierFormat ? [parsedSamlConfig.identifierFormat] : void 0\n });\n let parsedResponse;\n try {\n const decodedResponse = Buffer.from(\n SAMLResponse,\n \"base64\"\n ).toString(\"utf-8\");\n try {\n parsedResponse = await sp.parseLoginResponse(idp, \"post\", {\n body: {\n SAMLResponse,\n RelayState: RelayState || void 0\n }\n });\n } catch (parseError) {\n const nameIDMatch = decodedResponse.match(\n /<saml2:NameID[^>]*>([^<]+)<\\/saml2:NameID>/\n );\n if (!nameIDMatch) throw parseError;\n parsedResponse = {\n extract: {\n nameID: nameIDMatch[1],\n attributes: { nameID: nameIDMatch[1] },\n sessionIndex: {},\n conditions: {}\n }\n };\n }\n if (!parsedResponse?.extract) {\n throw new Error(\"Invalid SAML response structure\");\n }\n } catch (error) {\n ctx.context.logger.error(\"SAML response validation failed\", {\n error,\n decodedResponse: Buffer.from(SAMLResponse, \"base64\").toString(\n \"utf-8\"\n )\n });\n throw new APIError(\"BAD_REQUEST\", {\n message: \"Invalid SAML response\",\n details: error instanceof Error ? error.message : String(error)\n });\n }\n const { extract } = parsedResponse;\n const attributes = extract.attributes || {};\n const mapping = parsedSamlConfig.mapping ?? {};\n const userInfo = {\n ...Object.fromEntries(\n Object.entries(mapping.extraFields || {}).map(([key, value]) => [\n key,\n attributes[value]\n ])\n ),\n id: attributes[mapping.id || \"nameID\"] || extract.nameID,\n email: attributes[mapping.email || \"email\"] || extract.nameID,\n name: [\n attributes[mapping.firstName || \"givenName\"],\n attributes[mapping.lastName || \"surname\"]\n ].filter(Boolean).join(\" \") || attributes[mapping.name || \"displayName\"] || extract.nameID,\n emailVerified: options?.trustEmailVerified && mapping.emailVerified ? attributes[mapping.emailVerified] || false : false\n };\n if (!userInfo.id || !userInfo.email) {\n ctx.context.logger.error(\n \"Missing essential user info from SAML response\",\n {\n attributes: Object.keys(attributes),\n mapping,\n extractedId: userInfo.id,\n extractedEmail: userInfo.email\n }\n );\n throw new APIError(\"BAD_REQUEST\", {\n message: \"Unable to extract user ID or email from SAML response\"\n });\n }\n let user;\n const existingUser = await ctx.context.adapter.findOne({\n model: \"user\",\n where: [\n {\n field: \"email\",\n value: userInfo.email\n }\n ]\n });\n if (existingUser) {\n user = existingUser;\n } else {\n user = await ctx.context.adapter.create({\n model: \"user\",\n data: {\n email: userInfo.email,\n name: userInfo.name,\n emailVerified: userInfo.emailVerified,\n createdAt: /* @__PURE__ */ new Date(),\n updatedAt: /* @__PURE__ */ new Date()\n }\n });\n }\n const account = await ctx.context.adapter.findOne({\n model: \"account\",\n where: [\n { field: \"userId\", value: user.id },\n { field: \"providerId\", value: provider.providerId },\n { field: \"accountId\", value: userInfo.id }\n ]\n });\n if (!account) {\n await ctx.context.adapter.create({\n model: \"account\",\n data: {\n userId: user.id,\n providerId: provider.providerId,\n accountId: userInfo.id,\n createdAt: /* @__PURE__ */ new Date(),\n updatedAt: /* @__PURE__ */ new Date(),\n accessToken: \"\",\n refreshToken: \"\"\n }\n });\n }\n if (options?.provisionUser) {\n await options.provisionUser({\n user,\n userInfo,\n provider\n });\n }\n if (provider.organizationId && !options?.organizationProvisioning?.disabled) {\n const isOrgPluginEnabled = ctx.context.options.plugins?.find(\n (plugin) => plugin.id === \"organization\"\n );\n if (isOrgPluginEnabled) {\n const isAlreadyMember = await ctx.context.adapter.findOne({\n model: \"member\",\n where: [\n { field: \"organizationId\", value: provider.organizationId },\n { field: \"userId\", value: user.id }\n ]\n });\n if (!isAlreadyMember) {\n const role = options?.organizationProvisioning?.getRole ? await options.organizationProvisioning.getRole({\n user,\n userInfo,\n provider\n }) : options?.organizationProvisioning?.defaultRole || \"member\";\n await ctx.context.adapter.create({\n model: \"member\",\n data: {\n organizationId: provider.organizationId,\n userId: user.id,\n role,\n createdAt: /* @__PURE__ */ new Date(),\n updatedAt: /* @__PURE__ */ new Date()\n }\n });\n }\n }\n }\n let session = await ctx.context.internalAdapter.createSession(user.id, ctx);\n await setSessionCookie(ctx, { session, user });\n const callbackUrl = RelayState || parsedSamlConfig.callbackUrl || ctx.context.baseURL;\n throw ctx.redirect(callbackUrl);\n }\n ),\n acsEndpoint: createAuthEndpoint(\n \"/sso/saml2/sp/acs/:providerId\",\n {\n method: \"POST\",\n params: z.object({\n providerId: z.string().optional()\n }),\n body: z.object({\n SAMLResponse: z.string(),\n RelayState: z.string().optional()\n }),\n metadata: {\n isAction: false,\n openapi: {\n summary: \"SAML Assertion Consumer Service\",\n description: \"Handles SAML responses from IdP after successful authentication\",\n responses: {\n \"302\": {\n description: \"Redirects to the callback URL after successful authentication\"\n }\n }\n }\n }\n },\n async (ctx) => {\n const { SAMLResponse, RelayState = \"\" } = ctx.body;\n const { providerId } = ctx.params;\n let provider = null;\n if (options?.defaultSSO?.length) {\n const matchingDefault = providerId ? options.defaultSSO.find(\n (defaultProvider) => defaultProvider.providerId === providerId\n ) : options.defaultSSO[0];\n if (matchingDefault) {\n provider = {\n issuer: matchingDefault.samlConfig?.issuer || \"\",\n providerId: matchingDefault.providerId,\n userId: \"default\",\n samlConfig: matchingDefault.samlConfig\n };\n }\n } else {\n provider = await ctx.context.adapter.findOne({\n model: \"ssoProvider\",\n where: [\n {\n field: \"providerId\",\n value: providerId ?? \"sso\"\n }\n ]\n }).then((res) => {\n if (!res) return null;\n return {\n ...res,\n samlConfig: res.samlConfig ? safeJsonParse(\n res.samlConfig\n ) || void 0 : void 0\n };\n });\n }\n if (!provider?.samlConfig) {\n throw new APIError(\"NOT_FOUND\", {\n message: \"No SAML provider found\"\n });\n }\n const parsedSamlConfig = provider.samlConfig;\n const sp = saml.ServiceProvider({\n entityID: parsedSamlConfig.spMetadata?.entityID || parsedSamlConfig.issuer,\n assertionConsumerService: [\n {\n Binding: \"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\",\n Location: parsedSamlConfig.callbackUrl || `${ctx.context.baseURL}/sso/saml2/sp/acs/${providerId}`\n }\n ],\n wantMessageSigned: parsedSamlConfig.wantAssertionsSigned || false,\n metadata: parsedSamlConfig.spMetadata?.metadata,\n privateKey: parsedSamlConfig.spMetadata?.privateKey || parsedSamlConfig.privateKey,\n privateKeyPass: parsedSamlConfig.spMetadata?.privateKeyPass,\n nameIDFormat: parsedSamlConfig.identifierFormat ? [parsedSamlConfig.identifierFormat] : void 0\n });\n const idpData = parsedSamlConfig.idpMetadata;\n const idp = !idpData?.metadata ? saml.IdentityProvider({\n entityID: idpData?.entityID || parsedSamlConfig.issuer,\n singleSignOnService: idpData?.singleSignOnService || [\n {\n Binding: \"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\",\n Location: parsedSamlConfig.entryPoint\n }\n ],\n signingCert: idpData?.cert || parsedSamlConfig.cert\n }) : saml.IdentityProvider({\n metadata: idpData.metadata\n });\n let parsedResponse;\n try {\n let decodedResponse = Buffer.from(SAMLResponse, \"base64\").toString(\n \"utf-8\"\n );\n if (!decodedResponse.includes(\"StatusCode\")) {\n const insertPoint = decodedResponse.indexOf(\"</saml2:Issuer>\");\n if (insertPoint !== -1) {\n decodedResponse = decodedResponse.slice(0, insertPoint + 14) + '<saml2:Status><saml2:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></saml2:Status>' + decodedResponse.slice(insertPoint + 14);\n }\n } else if (!decodedResponse.includes(\"saml2:Success\")) {\n decodedResponse = decodedResponse.replace(\n /<saml2:StatusCode Value=\"[^\"]+\"/,\n '<saml2:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"'\n );\n }\n try {\n parsedResponse = await sp.parseLoginResponse(idp, \"post\", {\n body: {\n SAMLResponse,\n RelayState: RelayState || void 0\n }\n });\n } catch (parseError) {\n const nameIDMatch = decodedResponse.match(\n /<saml2:NameID[^>]*>([^<]+)<\\/saml2:NameID>/\n );\n if (!nameIDMatch) throw parseError;\n parsedResponse = {\n extract: {\n nameID: nameIDMatch[1],\n attributes: { nameID: nameIDMatch[1] },\n sessionIndex: {},\n conditions: {}\n }\n };\n }\n if (!parsedResponse?.extract) {\n throw new Error(\"Invalid SAML response structure\");\n }\n } catch (error) {\n ctx.context.logger.error(\"SAML response validation failed\", {\n error,\n decodedResponse: Buffer.from(SAMLResponse, \"base64\").toString(\n \"utf-8\"\n )\n });\n throw new APIError(\"BAD_REQUEST\", {\n message: \"Invalid SAML response\",\n details: error instanceof Error ? error.message : String(error)\n });\n }\n const { extract } = parsedResponse;\n const attributes = extract.attributes || {};\n const mapping = parsedSamlConfig.mapping ?? {};\n const userInfo = {\n ...Object.fromEntries(\n Object.entries(mapping.extraFields || {}).map(([key, value]) => [\n key,\n attributes[value]\n ])\n ),\n id: attributes[mapping.id || \"nameID\"] || extract.nameID,\n email: attributes[mapping.email || \"email\"] || extract.nameID,\n name: [\n attributes[mapping.firstName || \"givenName\"],\n attributes[mapping.lastName || \"surname\"]\n ].filter(Boolean).join(\" \") || attributes[mapping.name || \"displayName\"] || extract.nameID,\n emailVerified: options?.trustEmailVerified && mapping.emailVerified ? attributes[mapping.emailVerified] || false : false\n };\n if (!userInfo.id || !userInfo.email) {\n ctx.context.logger.error(\n \"Missing essential user info from SAML response\",\n {\n attributes: Object.keys(attributes),\n mapping,\n extractedId: userInfo.id,\n extractedEmail: userInfo.email\n }\n );\n throw new APIError(\"BAD_REQUEST\", {\n message: \"Unable to extract user ID or email from SAML response\"\n });\n }\n let user;\n const existingUser = await ctx.context.adapter.findOne({\n model: \"user\",\n where: [\n {\n field: \"email\",\n value: userInfo.email\n }\n ]\n });\n if (existingUser) {\n const account = await ctx.context.adapter.findOne({\n model: \"account\",\n where: [\n { field: \"userId\", value: existingUser.id },\n { field: \"providerId\", value: provider.providerId },\n { field: \"accountId\", value: userInfo.id }\n ]\n });\n if (!account) {\n const isTrustedProvider = ctx.context.options.account?.accountLinking?.trustedProviders?.includes(\n provider.providerId\n );\n if (!isTrustedProvider) {\n throw ctx.redirect(\n `${parsedSamlConfig.callbackUrl}?error=account_not_found`\n );\n }\n await ctx.context.adapter.create({\n model: \"account\",\n data: {\n userId: existingUser.id,\n providerId: provider.providerId,\n accountId: userInfo.id,\n createdAt: /* @__PURE__ */ new Date(),\n updatedAt: /* @__PURE__ */ new Date(),\n accessToken: \"\",\n refreshToken: \"\"\n }\n });\n }\n user = existingUser;\n } else {\n user = await ctx.context.adapter.create({\n model: \"user\",\n data: {\n email: userInfo.email,\n name: userInfo.name,\n emailVerified: options?.trustEmailVerified ? userInfo.emailVerified || false : false,\n createdAt: /* @__PURE__ */ new Date(),\n updatedAt: /* @__PURE__ */ new Date()\n }\n });\n await ctx.context.adapter.create({\n model: \"account\",\n data: {\n userId: user.id,\n providerId: provider.providerId,\n accountId: userInfo.id,\n accessToken: \"\",\n refreshToken: \"\",\n accessTokenExpiresAt: /* @__PURE__ */ new Date(),\n refreshTokenExpiresAt: /* @__PURE__ */ new Date(),\n scope: \"\",\n createdAt: /* @__PURE__ */ new Date(),\n updatedAt: /* @__PURE__ */ new Date()\n }\n });\n }\n if (options?.provisionUser) {\n await options.provisionUser({\n user,\n userInfo,\n provider\n });\n }\n if (provider.organizationId && !options?.organizationProvisioning?.disabled) {\n const isOrgPluginEnabled = ctx.context.options.plugins?.find(\n (plugin) => plugin.id === \"organization\"\n );\n if (isOrgPluginEnabled) {\n const isAlreadyMember = await ctx.context.adapter.findOne({\n model: \"member\",\n where: [\n { field: \"organizationId\", value: provider.organizationId },\n { field: \"userId\", value: user.id }\n ]\n });\n if (!isAlreadyMember) {\n const role = options?.organizationProvisioning?.getRole ? await options.organizationProvisioning.getRole({\n user,\n userInfo,\n provider\n }) : options?.organizationProvisioning?.defaultRole || \"member\";\n await ctx.context.adapter.create({\n model: \"member\",\n data: {\n organizationId: provider.organizationId,\n userId: user.id,\n role,\n createdAt: /* @__PURE__ */ new Date(),\n updatedAt: /* @__PURE__ */ new Date()\n }\n });\n }\n }\n }\n let session = await ctx.context.internalAdapter.createSession(user.id, ctx);\n await setSessionCookie(ctx, { session, user });\n const callbackUrl = RelayState || parsedSamlConfig.callbackUrl || ctx.context.baseURL;\n throw ctx.redirect(callbackUrl);\n }\n )\n },\n schema: {\n ssoProvider: {\n fields: {\n issuer: {\n type: \"string\",\n required: true\n },\n oidcConfig: {\n type: \"string\",\n required: false\n },\n samlConfig: {\n type: \"string\",\n required: false\n },\n userId: {\n type: \"string\",\n references: {\n model: \"user\",\n field: \"id\"\n }\n },\n providerId: {\n type: \"string\",\n required: true,\n unique: true\n },\n organizationId: {\n type: \"string\",\n required: false\n },\n domain: {\n type: \"string\",\n required: true\n }\n }\n }\n }\n };\n};\n\nexport { sso };\n"],"x_google_ignoreList":[0],"mappings":";;;;;;;;;;;;;;aAoBK,mBATiB,EACpB,MAAM,SAAS,KAAK;AAIlB,KAHgB,aAAa,SAAS,KAAK,EACzC,wBAAwB,MACzB,CAAC,KACc,KAAM,QAAO;AAC7B,OAAM;GAET,CACqC;AACtC,SAAS,cAAc,OAAO;AAC5B,KAAI,CAAC,MAAO,QAAO;AACnB,KAAI,OAAO,UAAU,SACnB,QAAO;AAET,KAAI,OAAO,UAAU,SACnB,KAAI;AACF,SAAO,KAAK,MAAM,MAAM;UACjB,OAAO;AACd,QAAM,IAAI,MACR,yBAAyB,iBAAiB,QAAQ,MAAM,UAAU,kBACnE;;AAGL,QAAO;;AAET,MAAM,OAAO,YAAY;AACvB,QAAO;EACL,IAAI;EACJ,WAAW;GACT,YAAY,mBACV,0BACA;IACE,QAAQ;IACR,OAAOA,OAAS;KACd,YAAYC,QAAU;KACtB,QAAQC,MAAO,CAAC,OAAO,OAAO,CAAC,CAAC,QAAQ,MAAM;KAC/C,CAAC;IACF,UAAU,EACR,SAAS;KACP,SAAS;KACT,aAAa;KACb,WAAW,EACT,OAAO,EACL,aAAa,+BACd,EACF;KACF,EACF;IACF,EACD,OAAO,QAAQ;IACb,MAAM,WAAW,MAAM,IAAI,QAAQ,QAAQ,QAAQ;KACjD,OAAO;KACP,OAAO,CACL;MACE,OAAO;MACP,OAAO,IAAI,MAAM;MAClB,CACF;KACF,CAAC;AACF,QAAI,CAAC,SACH,OAAM,IAAI,SAAS,aAAa,EAC9B,SAAS,8CACV,CAAC;IAEJ,MAAM,mBAAmB,cACvB,SAAS,WACV;AACD,QAAI,CAAC,iBACH,OAAM,IAAI,SAAS,eAAe,EAChC,SAAS,8BACV,CAAC;IAEJ,MAAM,KAAK,iBAAiB,WAAW,WAAWC,aAAK,gBAAgB,EACrE,UAAU,iBAAiB,WAAW,UACvC,CAAC,gBAAQ,WAAW;KACnB,UAAU,iBAAiB,YAAY,YAAY,iBAAiB;KACpE,0BAA0B,CACxB;MACE,SAAS;MACT,UAAU,iBAAiB,eAAe,GAAG,IAAI,QAAQ,QAAQ,oBAAoB,SAAS;MAC/F,CACF;KACD,mBAAmB,iBAAiB,wBAAwB;KAC5D,cAAc,iBAAiB,mBAAmB,CAAC,iBAAiB,iBAAiB,GAAG,KAAK;KAC9F,CAAC;AACF,WAAO,IAAI,SAAS,GAAG,aAAa,EAAE,EACpC,SAAS,EACP,gBAAgB,mBACjB,EACF,CAAC;KAEL;GACD,qBAAqB,mBACnB,iBACA;IACE,QAAQ;IACR,MAAMH,OAAS;KACb,YAAYC,OAAS,EAAE,CAAC,CAAC,KAAK,EAC5B,aAAa,2FACd,CAAC;KACF,QAAQA,OAAS,EAAE,CAAC,CAAC,KAAK,EACxB,aAAa,8BACd,CAAC;KACF,QAAQA,OAAS,EAAE,CAAC,CAAC,KAAK,EACxB,aAAa,+DACd,CAAC;KACF,YAAYD,OAAS;MACnB,UAAUC,OAAS,EAAE,CAAC,CAAC,KAAK,EAC1B,aAAa,iBACd,CAAC;MACF,cAAcA,OAAS,EAAE,CAAC,CAAC,KAAK,EAC9B,aAAa,qBACd,CAAC;MACF,uBAAuBA,OAAS,EAAE,CAAC,CAAC,KAAK,EACvC,aAAa,8BACd,CAAC,CAAC,UAAU;MACb,eAAeA,OAAS,EAAE,CAAC,CAAC,KAAK,EAC/B,aAAa,sBACd,CAAC,CAAC,UAAU;MACb,kBAAkBA,OAAS,EAAE,CAAC,CAAC,KAAK,EAClC,aAAa,0BACd,CAAC,CAAC,UAAU;MACb,6BAA6BC,MAAO,CAAC,sBAAsB,sBAAsB,CAAC,CAAC,UAAU;MAC7F,cAAcD,OAAS,EAAE,CAAC,CAAC,KAAK,EAC9B,aAAa,qBACd,CAAC,CAAC,UAAU;MACb,mBAAmBA,QAAU,CAAC,UAAU;MACxC,QAAQG,MAAQH,QAAU,EAAE,EAAE,CAAC,CAAC,KAAK,EACnC,aAAa,uFACd,CAAC,CAAC,UAAU;MACb,MAAMI,QAAU,EAAE,CAAC,CAAC,KAAK,EACvB,aAAa,kDACd,CAAC,CAAC,QAAQ,KAAK,CAAC,UAAU;MAC3B,SAASL,OAAS;OAChB,IAAIC,OAAS,EAAE,CAAC,CAAC,KAAK,EACpB,aAAa,iDACd,CAAC;OACF,OAAOA,OAAS,EAAE,CAAC,CAAC,KAAK,EACvB,aAAa,iDACd,CAAC;OACF,eAAeA,OAAS,EAAE,CAAC,CAAC,KAAK,EAC/B,aAAa,uEACd,CAAC,CAAC,UAAU;OACb,MAAMA,OAAS,EAAE,CAAC,CAAC,KAAK,EACtB,aAAa,+CACd,CAAC;OACF,OAAOA,OAAS,EAAE,CAAC,CAAC,KAAK,EACvB,aAAa,mDACd,CAAC,CAAC,UAAU;OACb,aAAaK,OAASL,QAAU,EAAEM,KAAO,CAAC,CAAC,UAAU;OACtD,CAAC,CAAC,UAAU;MACd,CAAC,CAAC,UAAU;KACb,YAAYP,OAAS;MACnB,YAAYC,OAAS,EAAE,CAAC,CAAC,KAAK,EAC5B,aAAa,mCACd,CAAC;MACF,MAAMA,OAAS,EAAE,CAAC,CAAC,KAAK,EACtB,aAAa,mCACd,CAAC;MACF,aAAaA,OAAS,EAAE,CAAC,CAAC,KAAK,EAC7B,aAAa,oCACd,CAAC;MACF,UAAUA,QAAU,CAAC,UAAU;MAC/B,aAAaD,OAAS;OACpB,UAAUC,QAAU,CAAC,UAAU;OAC/B,UAAUA,QAAU,CAAC,UAAU;OAC/B,MAAMA,QAAU,CAAC,UAAU;OAC3B,YAAYA,QAAU,CAAC,UAAU;OACjC,gBAAgBA,QAAU,CAAC,UAAU;OACrC,sBAAsBI,SAAW,CAAC,UAAU;OAC5C,eAAeJ,QAAU,CAAC,UAAU;OACpC,mBAAmBA,QAAU,CAAC,UAAU;OACxC,qBAAqBG,MACnBJ,OAAS;QACP,SAASC,QAAU,CAAC,KAAK,EACvB,aAAa,wCACd,CAAC;QACF,UAAUA,QAAU,CAAC,KAAK,EACxB,aAAa,+BACd,CAAC;QACH,CAAC,CACH,CAAC,UAAU,CAAC,KAAK,EAChB,aAAa,wCACd,CAAC;OACH,CAAC,CAAC,UAAU;MACb,YAAYD,OAAS;OACnB,UAAUC,QAAU,CAAC,UAAU;OAC/B,UAAUA,QAAU,CAAC,UAAU;OAC/B,SAASA,QAAU,CAAC,UAAU;OAC9B,YAAYA,QAAU,CAAC,UAAU;OACjC,gBAAgBA,QAAU,CAAC,UAAU;OACrC,sBAAsBI,SAAW,CAAC,UAAU;OAC5C,eAAeJ,QAAU,CAAC,UAAU;OACpC,mBAAmBA,QAAU,CAAC,UAAU;OACzC,CAAC;MACF,sBAAsBI,SAAW,CAAC,UAAU;MAC5C,oBAAoBJ,QAAU,CAAC,UAAU;MACzC,iBAAiBA,QAAU,CAAC,UAAU;MACtC,kBAAkBA,QAAU,CAAC,UAAU;MACvC,YAAYA,QAAU,CAAC,UAAU;MACjC,eAAeA,QAAU,CAAC,UAAU;MACpC,kBAAkBK,OAASL,QAAU,EAAEM,KAAO,CAAC,CAAC,UAAU;MAC1D,SAASP,OAAS;OAChB,IAAIC,OAAS,EAAE,CAAC,CAAC,KAAK,EACpB,aAAa,oDACd,CAAC;OACF,OAAOA,OAAS,EAAE,CAAC,CAAC,KAAK,EACvB,aAAa,iDACd,CAAC;OACF,eAAeA,OAAS,EAAE,CAAC,CAAC,KAAK,EAC/B,aAAa,wCACd,CAAC,CAAC,UAAU;OACb,MAAMA,OAAS,EAAE,CAAC,CAAC,KAAK,EACtB,aAAa,sDACd,CAAC;OACF,WAAWA,OAAS,EAAE,CAAC,CAAC,KAAK,EAC3B,aAAa,0DACd,CAAC,CAAC,UAAU;OACb,UAAUA,OAAS,EAAE,CAAC,CAAC,KAAK,EAC1B,aAAa,uDACd,CAAC,CAAC,UAAU;OACb,aAAaK,OAASL,QAAU,EAAEM,KAAO,CAAC,CAAC,UAAU;OACtD,CAAC,CAAC,UAAU;MACd,CAAC,CAAC,UAAU;KACb,gBAAgBN,OAAS,EAAE,CAAC,CAAC,KAAK,EAChC,aAAa,kFACd,CAAC,CAAC,UAAU;KACb,kBAAkBI,QAAU,EAAE,CAAC,CAAC,KAAK,EACnC,aAAa,gEACd,CAAC,CAAC,QAAQ,MAAM,CAAC,UAAU;KAC7B,CAAC;IACF,KAAK,CAAC,kBAAkB;IACxB,UAAU,EACR,SAAS;KACP,SAAS;KACT,aAAa;KACb,WAAW,EACT,OAAO;MACL,aAAa;MACb,SAAS,EACP,oBAAoB,EAClB,QAAQ;OACN,MAAM;OACN,YAAY;QACV,QAAQ;SACN,MAAM;SACN,QAAQ;SACR,aAAa;SACd;QACD,QAAQ;SACN,MAAM;SACN,aAAa;SACd;QACD,YAAY;SACV,MAAM;SACN,YAAY;UACV,QAAQ;WACN,MAAM;WACN,QAAQ;WACR,aAAa;WACd;UACD,MAAM;WACJ,MAAM;WACN,aAAa;WACd;UACD,UAAU;WACR,MAAM;WACN,aAAa;WACd;UACD,cAAc;WACZ,MAAM;WACN,aAAa;WACd;UACD,uBAAuB;WACrB,MAAM;WACN,QAAQ;WACR,UAAU;WACV,aAAa;WACd;UACD,mBAAmB;WACjB,MAAM;WACN,QAAQ;WACR,aAAa;WACd;UACD,kBAAkB;WAChB,MAAM;WACN,QAAQ;WACR,UAAU;WACV,aAAa;WACd;UACD,QAAQ;WACN,MAAM;WACN,OAAO,EAAE,MAAM,UAAU;WACzB,UAAU;WACV,aAAa;WACd;UACD,eAAe;WACb,MAAM;WACN,QAAQ;WACR,UAAU;WACV,aAAa;WACd;UACD,6BAA6B;WAC3B,MAAM;WACN,MAAM,CACJ,sBACA,sBACD;WACD,UAAU;WACV,aAAa;WACd;UACD,cAAc;WACZ,MAAM;WACN,QAAQ;WACR,UAAU;WACV,aAAa;WACd;UACD,SAAS;WACP,MAAM;WACN,UAAU;WACV,YAAY;YACV,IAAI;aACF,MAAM;aACN,aAAa;aACd;YACD,OAAO;aACL,MAAM;aACN,aAAa;aACd;YACD,eAAe;aACb,MAAM;aACN,UAAU;aACV,aAAa;aACd;YACD,MAAM;aACJ,MAAM;aACN,aAAa;aACd;YACD,OAAO;aACL,MAAM;aACN,UAAU;aACV,aAAa;aACd;YACD,aAAa;aACX,MAAM;aACN,sBAAsB,EAAE,MAAM,UAAU;aACxC,UAAU;aACV,aAAa;aACd;YACF;WACD,UAAU;YAAC;YAAM;YAAS;YAAO;WAClC;UACF;SACD,UAAU;UACR;UACA;UACA;UACA;UACA;UACD;SACD,aAAa;SACd;QACD,gBAAgB;SACd,MAAM;SACN,UAAU;SACV,aAAa;SACd;QACD,QAAQ;SACN,MAAM;SACN,aAAa;SACd;QACD,YAAY;SACV,MAAM;SACN,aAAa;SACd;QACD,aAAa;SACX,MAAM;SACN,QAAQ;SACR,aAAa;SACd;QACF;OACD,UAAU;QACR;QACA;QACA;QACA;QACA;QACA;QACD;OACF,EACF,EACF;MACF,EACF;KACF,EACF;IACF,EACD,OAAO,QAAQ;IACb,MAAM,OAAO,IAAI,QAAQ,SAAS;AAClC,QAAI,CAAC,KACH,OAAM,IAAI,SAAS,eAAe;IAEpC,MAAM,QAAQ,OAAO,SAAS,mBAAmB,aAAa,MAAM,QAAQ,eAAe,KAAK,GAAG,SAAS,kBAAkB;AAC9H,QAAI,CAAC,MACH,OAAM,IAAI,SAAS,aAAa,EAC9B,SAAS,yCACV,CAAC;AAMJ,SAJkB,MAAM,IAAI,QAAQ,QAAQ,SAAS;KACnD,OAAO;KACP,OAAO,CAAC;MAAE,OAAO;MAAU,OAAO,KAAK;MAAI,CAAC;KAC7C,CAAC,EACY,UAAU,MACtB,OAAM,IAAI,SAAS,aAAa,EAC9B,SAAS,wDACV,CAAC;IAEJ,MAAM,OAAO,IAAI;AAEjB,QADwBJ,QAAU,CAAC,KAAK,CACpB,UAAU,KAAK,OAAO,CAAC,MACzC,OAAM,IAAI,SAAS,eAAe,EAChC,SAAS,uCACV,CAAC;AAEJ,QAAI,IAAI,KAAK,gBAcX;SAAI,CAbiB,MAAM,IAAI,QAAQ,QAAQ,QAAQ;MACrD,OAAO;MACP,OAAO,CACL;OACE,OAAO;OACP,OAAO,KAAK;OACb,EACD;OACE,OAAO;OACP,OAAO,IAAI,KAAK;OACjB,CACF;MACF,CAAC,CAEA,OAAM,IAAI,SAAS,eAAe,EAChC,SAAS,4CACV,CAAC;;AAYN,QATyB,MAAM,IAAI,QAAQ,QAAQ,QAAQ;KACzD,OAAO;KACP,OAAO,CACL;MACE,OAAO;MACP,OAAO,KAAK;MACb,CACF;KACF,CAAC,EACoB;AACpB,SAAI,QAAQ,OAAO,KACjB,2DAA2D,KAAK,aACjE;AACD,WAAM,IAAI,SAAS,wBAAwB,EACzC,SAAS,oDACV,CAAC;;IAEJ,MAAM,WAAW,MAAM,IAAI,QAAQ,QAAQ,OAAO;KAChD,OAAO;KACP,MAAM;MACJ,QAAQ,KAAK;MACb,QAAQ,KAAK;MACb,YAAY,KAAK,aAAa,KAAK,UAAU;OAC3C,QAAQ,KAAK;OACb,UAAU,KAAK,WAAW;OAC1B,cAAc,KAAK,WAAW;OAC9B,uBAAuB,KAAK,WAAW;OACvC,eAAe,KAAK,WAAW;OAC/B,6BAA6B,KAAK,WAAW;OAC7C,cAAc,KAAK,WAAW;OAC9B,MAAM,KAAK,WAAW;OACtB,mBAAmB,KAAK,WAAW,qBAAqB,GAAG,KAAK,OAAO;OACvE,SAAS,KAAK,WAAW;OACzB,QAAQ,KAAK,WAAW;OACxB,kBAAkB,KAAK,WAAW;OAClC,kBAAkB,IAAI,KAAK,oBAAoB,SAAS,2BAA2B;OACpF,CAAC,GAAG;MACL,YAAY,KAAK,aAAa,KAAK,UAAU;OAC3C,QAAQ,KAAK;OACb,YAAY,KAAK,WAAW;OAC5B,MAAM,KAAK,WAAW;OACtB,aAAa,KAAK,WAAW;OAC7B,UAAU,KAAK,WAAW;OAC1B,aAAa,KAAK,WAAW;OAC7B,YAAY,KAAK,WAAW;OAC5B,sBAAsB,KAAK,WAAW;OACtC,oBAAoB,KAAK,WAAW;OACpC,iBAAiB,KAAK,WAAW;OACjC,kBAAkB,KAAK,WAAW;OAClC,YAAY,KAAK,WAAW;OAC5B,eAAe,KAAK,WAAW;OAC/B,kBAAkB,KAAK,WAAW;OAClC,SAAS,KAAK,WAAW;OAC1B,CAAC,GAAG;MACL,gBAAgB,KAAK;MACrB,QAAQ,IAAI,QAAQ,QAAQ,KAAK;MACjC,YAAY,KAAK;MAClB;KACF,CAAC;AACF,WAAO,IAAI,KAAK;KACd,GAAG;KACH,YAAY,KAAK,MACf,SAAS,WACV;KACD,YAAY,KAAK,MACf,SAAS,WACV;KACD,aAAa,GAAG,IAAI,QAAQ,QAAQ,gBAAgB,SAAS;KAC9D,CAAC;KAEL;GACD,WAAW,mBACT,gBACA;IACE,QAAQ;IACR,MAAMD,OAAS;KACb,OAAOC,OAAS,EAAE,CAAC,CAAC,KAAK,EACvB,aAAa,mIACd,CAAC,CAAC,UAAU;KACb,kBAAkBA,OAAS,EAAE,CAAC,CAAC,KAAK,EAClC,aAAa,gDACd,CAAC,CAAC,UAAU;KACb,YAAYA,OAAS,EAAE,CAAC,CAAC,KAAK,EAC5B,aAAa,2FACd,CAAC,CAAC,UAAU;KACb,QAAQA,OAAS,EAAE,CAAC,CAAC,KAAK,EACxB,aAAa,+BACd,CAAC,CAAC,UAAU;KACb,aAAaA,OAAS,EAAE,CAAC,CAAC,KAAK,EAC7B,aAAa,sCACd,CAAC;KACF,kBAAkBA,OAAS,EAAE,CAAC,CAAC,KAAK,EAClC,aAAa,sCACd,CAAC,CAAC,UAAU;KACb,oBAAoBA,OAAS,EAAE,CAAC,CAAC,KAAK,EACpC,aAAa,yDACd,CAAC,CAAC,UAAU;KACb,QAAQG,MAAQH,QAAU,EAAE,EAAE,CAAC,CAAC,KAAK,EACnC,aAAa,wCACd,CAAC,CAAC,UAAU;KACb,eAAeI,QAAU,EAAE,CAAC,CAAC,KAAK,EAChC,aAAa,2FACd,CAAC,CAAC,UAAU;KACb,cAAcH,MAAO,CAAC,QAAQ,OAAO,CAAC,CAAC,UAAU;KAClD,CAAC;IACF,UAAU,EACR,SAAS;KACP,SAAS;KACT,aAAa;KACb,aAAa,EACX,SAAS,EACP,oBAAoB,EAClB,QAAQ;MACN,MAAM;MACN,YAAY;OACV,OAAO;QACL,MAAM;QACN,aAAa;QACd;OACD,QAAQ;QACN,MAAM;QACN,aAAa;QACd;OACD,YAAY;QACV,MAAM;QACN,aAAa;QACd;OACD,aAAa;QACX,MAAM;QACN,aAAa;QACd;OACD,kBAAkB;QAChB,MAAM;QACN,aAAa;QACd;OACD,oBAAoB;QAClB,MAAM;QACN,aAAa;QACd;OACF;MACD,UAAU,CAAC,cAAc;MAC1B,EACF,EACF,EACF;KACD,WAAW,EACT,OAAO;MACL,aAAa;MACb,SAAS,EACP,oBAAoB,EAClB,QAAQ;OACN,MAAM;OACN,YAAY;QACV,KAAK;SACH,MAAM;SACN,QAAQ;SACR,aAAa;SACd;QACD,UAAU;SACR,MAAM;SACN,aAAa;SACb,MAAM,CAAC,KAAK;SACb;QACF;OACD,UAAU,CAAC,OAAO,WAAW;OAC9B,EACF,EACF;MACF,EACF;KACF,EACF;IACF,EACD,OAAO,QAAQ;IACb,MAAM,OAAO,IAAI;IACjB,IAAI,EAAE,OAAO,kBAAkB,YAAY,WAAW;AACtD,QAAI,CAAC,SAAS,YAAY,UAAU,CAAC,SAAS,CAAC,oBAAoB,CAAC,UAAU,CAAC,WAC7E,OAAM,IAAI,SAAS,eAAe,EAChC,SAAS,6DACV,CAAC;AAEJ,aAAS,KAAK,UAAU,OAAO,MAAM,IAAI,CAAC;IAC1C,IAAI,QAAQ;AACZ,QAAI,iBACF,SAAQ,MAAM,IAAI,QAAQ,QAAQ,QAAQ;KACxC,OAAO;KACP,OAAO,CACL;MACE,OAAO;MACP,OAAO;MACR,CACF;KACF,CAAC,CAAC,MAAM,QAAQ;AACf,SAAI,CAAC,IACH,QAAO;AAET,YAAO,IAAI;MACX;IAEJ,IAAI,WAAW;AACf,QAAI,SAAS,YAAY,QAAQ;KAC/B,MAAM,kBAAkB,aAAa,QAAQ,WAAW,MACrD,oBAAoB,gBAAgB,eAAe,WACrD,GAAG,QAAQ,WAAW,MACpB,oBAAoB,gBAAgB,WAAW,OACjD;AACD,SAAI,gBACF,YAAW;MACT,QAAQ,gBAAgB,YAAY,UAAU,gBAAgB,YAAY,UAAU;MACpF,YAAY,gBAAgB;MAC5B,QAAQ;MACR,YAAY,gBAAgB;MAC5B,YAAY,gBAAgB;MAC7B;;AAGL,QAAI,CAAC,cAAc,CAAC,SAAS,CAAC,OAC5B,OAAM,IAAI,SAAS,eAAe,EAChC,SAAS,2CACV,CAAC;AAEJ,QAAI,CAAC,SACH,YAAW,MAAM,IAAI,QAAQ,QAAQ,QAAQ;KAC3C,OAAO;KACP,OAAO,CACL;MACE,OAAO,aAAa,eAAe,QAAQ,mBAAmB;MAC9D,OAAO,cAAc,SAAS;MAC/B,CACF;KACF,CAAC,CAAC,MAAM,QAAQ;AACf,SAAI,CAAC,IACH,QAAO;AAET,YAAO;MACL,GAAG;MACH,YAAY,IAAI,aAAa,cAC3B,IAAI,WACL,IAAI,KAAK,IAAI,KAAK;MACnB,YAAY,IAAI,aAAa,cAC3B,IAAI,WACL,IAAI,KAAK,IAAI,KAAK;MACpB;MACD;AAEJ,QAAI,CAAC,SACH,OAAM,IAAI,SAAS,aAAa,EAC9B,SAAS,oCACV,CAAC;AAEJ,QAAI,KAAK,cAAc;AACrB,SAAI,KAAK,iBAAiB,UAAU,CAAC,SAAS,WAC5C,OAAM,IAAI,SAAS,eAAe,EAChC,SAAS,mCACV,CAAC;AAEJ,SAAI,KAAK,iBAAiB,UAAU,CAAC,SAAS,WAC5C,OAAM,IAAI,SAAS,eAAe,EAChC,SAAS,mCACV,CAAC;;AAGN,QAAI,SAAS,cAAc,KAAK,iBAAiB,QAAQ;KACvD,MAAM,QAAQ,MAAM,cAAc,IAAI;KACtC,MAAM,cAAc,GAAG,IAAI,QAAQ,QAAQ,gBAAgB,SAAS;KACpE,MAAM,mBAAmB,MAAM,uBAAuB;MACpD,IAAI,SAAS;MACb,SAAS;OACP,UAAU,SAAS,WAAW;OAC9B,cAAc,SAAS,WAAW;OACnC;MACD;MACA,OAAO,MAAM;MACb,cAAc,SAAS,WAAW,OAAO,MAAM,eAAe,KAAK;MACnE,QAAQ,IAAI,KAAK,UAAU,SAAS,WAAW,UAAU;OACvD;OACA;OACA;OACA;OACD;MACD,uBAAuB,SAAS,WAAW;MAC5C,CAAC;AACF,YAAO,IAAI,KAAK;MACd,KAAK,iBAAiB,UAAU;MAChC,UAAU;MACX,CAAC;;AAEJ,QAAI,SAAS,YAAY;KACvB,MAAM,mBAAmB,OAAO,SAAS,eAAe,WAAW,SAAS,aAAa,cACvF,SAAS,WACV;AACD,SAAI,CAAC,iBACH,OAAM,IAAI,SAAS,eAAe,EAChC,SAAS,8BACV,CAAC;KAEJ,MAAM,KAAKC,aAAK,gBAAgB;MAC9B,UAAU,iBAAiB,WAAW;MACtC,aAAa;MACd,CAAC;KACF,MAAM,MAAMA,aAAK,iBAAiB;MAChC,UAAU,iBAAiB,aAAa;MACxC,UAAU,iBAAiB,aAAa;MACxC,aAAa,iBAAiB,aAAa;MAC3C,qBAAqB,iBAAiB,aAAa;MACpD,CAAC;KACF,MAAM,eAAe,GAAG,mBACtB,KACA,WACD;AACD,SAAI,CAAC,aACH,OAAM,IAAI,SAAS,eAAe,EAChC,SAAS,wBACV,CAAC;AAEJ,YAAO,IAAI,KAAK;MACd,KAAK,GAAG,aAAa,QAAQ,cAAc,mBACzC,KAAK,YACN;MACD,UAAU;MACX,CAAC;;AAEJ,UAAM,IAAI,SAAS,eAAe,EAChC,SAAS,wBACV,CAAC;KAEL;GACD,aAAa,mBACX,6BACA;IACE,QAAQ;IACR,OAAOH,OAAS;KACd,MAAMC,QAAU,CAAC,UAAU;KAC3B,OAAOA,QAAU;KACjB,OAAOA,QAAU,CAAC,UAAU;KAC5B,mBAAmBA,QAAU,CAAC,UAAU;KACzC,CAAC;IACF,UAAU;KACR,UAAU;KACV,SAAS;MACP,SAAS;MACT,aAAa;MACb,WAAW,EACT,OAAO,EACL,aAAa,iCACd,EACF;MACF;KACF;IACF,EACD,OAAO,QAAQ;IACb,MAAM,EAAE,MAAM,OAAO,OAAO,sBAAsB,IAAI;IACtD,MAAM,YAAY,MAAM,WAAW,IAAI;AACvC,QAAI,CAAC,WAAW;KACd,MAAM,YAAY,IAAI,QAAQ,QAAQ,YAAY,YAAY,GAAG,IAAI,QAAQ,QAAQ;AACrF,WAAM,IAAI,SAAS,GAAG,UAAU,sBAAsB;;IAExD,MAAM,EAAE,aAAa,UAAU,YAAY,kBAAkB;AAC7D,QAAI,CAAC,QAAQ,MACX,OAAM,IAAI,SACR,GAAG,YAAY,YAAY,SAAS,MAAM,qBAAqB,oBAChE;IAEH,IAAI,WAAW;AACf,QAAI,SAAS,YAAY,QAAQ;KAC/B,MAAM,kBAAkB,QAAQ,WAAW,MACxC,oBAAoB,gBAAgB,eAAe,IAAI,OAAO,WAChE;AACD,SAAI,gBACF,YAAW;MACT,GAAG;MACH,QAAQ,gBAAgB,YAAY,UAAU;MAC9C,QAAQ;MACT;;AAGL,QAAI,CAAC,SACH,YAAW,MAAM,IAAI,QAAQ,QAAQ,QAAQ;KAC3C,OAAO;KACP,OAAO,CACL;MACE,OAAO;MACP,OAAO,IAAI,OAAO;MACnB,CACF;KACF,CAAC,CAAC,MAAM,QAAQ;AACf,SAAI,CAAC,IACH,QAAO;AAET,YAAO;MACL,GAAG;MACH,YAAY,cAAc,IAAI,WAAW,IAAI,KAAK;MACnD;MACD;AAEJ,QAAI,CAAC,SACH,OAAM,IAAI,SACR,GAAG,YAAY,YAAY,oEAC5B;IAEH,IAAI,SAAS,SAAS;AACtB,QAAI,CAAC,OACH,OAAM,IAAI,SACR,GAAG,YAAY,YAAY,oEAC5B;IAEH,MAAM,YAAY,MAAM,YAAY,OAAO,kBAAkB;AAC7D,QAAI,UAAU,KACZ,UAAS;KACP,eAAe,UAAU,KAAK;KAC9B,6BAA6B,UAAU,KAAK;KAC5C,kBAAkB,UAAU,KAAK;KACjC,QAAQ;MAAC;MAAU;MAAS;MAAW;MAAiB;KACxD,GAAG;KACJ;AAEH,QAAI,CAAC,OAAO,cACV,OAAM,IAAI,SACR,GAAG,YAAY,YAAY,0EAC5B;IAEH,MAAM,gBAAgB,MAAM,0BAA0B;KACpD;KACA,cAAc,OAAO,OAAO,UAAU,eAAe,KAAK;KAC1D,aAAa,GAAG,IAAI,QAAQ,QAAQ,gBAAgB,SAAS;KAC7D,SAAS;MACP,UAAU,OAAO;MACjB,cAAc,OAAO;MACtB;KACD,eAAe,OAAO;KACtB,gBAAgB,OAAO,gCAAgC,uBAAuB,SAAS;KACxF,CAAC,CAAC,OAAO,MAAM;AACd,SAAI,aAAa,iBACf,OAAM,IAAI,SACR,GAAG,YAAY,YAAY,4CAA4C,EAAE,UAC1E;AAEH,YAAO;MACP;AACF,QAAI,CAAC,cACH,OAAM,IAAI,SACR,GAAG,YAAY,YAAY,0EAC5B;IAEH,IAAI,WAAW;AACf,QAAI,cAAc,SAAS;KACzB,MAAM,UAAU,UAAU,cAAc,QAAQ;AAChD,SAAI,CAAC,OAAO,aACV,OAAM,IAAI,SACR,GAAG,YAAY,YAAY,yEAC5B;KAEH,MAAM,WAAW,MAAM,cACrB,cAAc,SACd,OAAO,aACR,CAAC,OAAO,MAAM;AACb,UAAI,QAAQ,OAAO,MAAM,EAAE;AAC3B,aAAO;OACP;AACF,SAAI,CAAC,SACH,OAAM,IAAI,SACR,GAAG,YAAY,YAAY,oEAC5B;AAEH,SAAI,SAAS,QAAQ,QAAQ,SAAS,OACpC,OAAM,IAAI,SACR,GAAG,YAAY,YAAY,iEAC5B;KAEH,MAAM,UAAU,OAAO,WAAW,EAAE;AACpC,gBAAW;MACT,GAAG,OAAO,YACR,OAAO,QAAQ,QAAQ,eAAe,EAAE,CAAC,CAAC,KACvC,CAAC,KAAK,WAAW,CAAC,KAAK,SAAS,QAAQ,OAAO,CACjD,CACF;MACD,IAAI,QAAQ,QAAQ,MAAM;MAC1B,OAAO,QAAQ,QAAQ,SAAS;MAChC,eAAe,SAAS,qBAAqB,QAAQ,QAAQ,iBAAiB,oBAAoB;MAClG,MAAM,QAAQ,QAAQ,QAAQ;MAC9B,OAAO,QAAQ,QAAQ,SAAS;MACjC;;AAEH,QAAI,CAAC,UAAU;AACb,SAAI,CAAC,OAAO,iBACV,OAAM,IAAI,SACR,GAAG,YAAY,YAAY,8EAC5B;KAEH,MAAM,mBAAmB,MAAM,YAAY,OAAO,kBAAkB,EAClE,SAAS,EACP,eAAe,UAAU,cAAc,eACxC,EACF,CAAC;AACF,SAAI,iBAAiB,MACnB,OAAM,IAAI,SACR,GAAG,YAAY,YAAY,kDAAkD,iBAAiB,MAAM,UACrG;AAEH,gBAAW,iBAAiB;;AAE9B,QAAI,CAAC,SAAS,SAAS,CAAC,SAAS,GAC/B,OAAM,IAAI,SACR,GAAG,YAAY,YAAY,mEAC5B;IAEH,MAAM,SAAS,MAAM,oBAAoB,KAAK;KAC5C,UAAU;MACR,OAAO,SAAS;MAChB,MAAM,SAAS,QAAQ,SAAS;MAChC,IAAI,SAAS;MACb,OAAO,SAAS;MAChB,eAAe,SAAS,qBAAqB,SAAS,iBAAiB,QAAQ;MAChF;KACD,SAAS;MACP,SAAS,cAAc;MACvB,aAAa,cAAc;MAC3B,cAAc,cAAc;MAC5B,WAAW,SAAS;MACpB,YAAY,SAAS;MACrB,sBAAsB,cAAc;MACpC,uBAAuB,cAAc;MACrC,OAAO,cAAc,QAAQ,KAAK,IAAI;MACvC;KACD;KACA,eAAe,SAAS,yBAAyB,CAAC;KAClD,kBAAkB,OAAO;KAC1B,CAAC;AACF,QAAI,OAAO,MACT,OAAM,IAAI,SACR,GAAG,YAAY,YAAY,eAAe,OAAO,QAClD;IAEH,MAAM,EAAE,SAAS,SAAS,OAAO;AACjC,QAAI,SAAS,cACX,OAAM,QAAQ,cAAc;KAC1B;KACA;KACA,OAAO;KACP;KACD,CAAC;AAEJ,QAAI,SAAS,kBAAkB,CAAC,SAAS,0BAA0B,UAIjE;SAH2B,IAAI,QAAQ,QAAQ,SAAS,MACrD,WAAW,OAAO,OAAO,eAC3B,EASC;UAAI,CAPoB,MAAM,IAAI,QAAQ,QAAQ,QAAQ;OACxD,OAAO;OACP,OAAO,CACL;QAAE,OAAO;QAAkB,OAAO,SAAS;QAAgB,EAC3D;QAAE,OAAO;QAAU,OAAO,KAAK;QAAI,CACpC;OACF,CAAC,EACoB;OACpB,MAAM,OAAO,SAAS,0BAA0B,UAAU,MAAM,QAAQ,yBAAyB,QAAQ;QACvG;QACA;QACA,OAAO;QACP;QACD,CAAC,GAAG,SAAS,0BAA0B,eAAe;AACvD,aAAM,IAAI,QAAQ,QAAQ,OAAO;QAC/B,OAAO;QACP,MAAM;SACJ,gBAAgB,SAAS;SACzB,QAAQ,KAAK;SACb;SACA,2BAA2B,IAAI,MAAM;SACrC,2BAA2B,IAAI,MAAM;SACtC;QACF,CAAC;;;;AAIR,UAAM,iBAAiB,KAAK;KAC1B;KACA;KACD,CAAC;IACF,IAAI;AACJ,QAAI;AAEF,qBADY,OAAO,aAAa,cAAc,cAAc,aACzC,UAAU;YACvB;AACN,oBAAe,OAAO,aAAa,cAAc,cAAc;;AAEjE,UAAM,IAAI,SAAS,aAAa;KAEnC;GACD,iBAAiB,mBACf,mCACA;IACE,QAAQ;IACR,MAAMD,OAAS;KACb,cAAcC,QAAU;KACxB,YAAYA,QAAU,CAAC,UAAU;KAClC,CAAC;IACF,UAAU;KACR,UAAU;KACV,SAAS;MACP,SAAS;MACT,aAAa;MACb,WAAW;OACT,OAAO,EACL,aAAa,iCACd;OACD,OAAO,EACL,aAAa,yBACd;OACD,OAAO,EACL,aAAa,6CACd;OACF;MACF;KACF;IACF,EACD,OAAO,QAAQ;IACb,MAAM,EAAE,cAAc,eAAe,IAAI;IACzC,MAAM,EAAE,eAAe,IAAI;IAC3B,IAAI,WAAW;AACf,QAAI,SAAS,YAAY,QAAQ;KAC/B,MAAM,kBAAkB,QAAQ,WAAW,MACxC,oBAAoB,gBAAgB,eAAe,WACrD;AACD,SAAI,gBACF,YAAW;MACT,GAAG;MACH,QAAQ;MACR,QAAQ,gBAAgB,YAAY,UAAU;MAC/C;;AAGL,QAAI,CAAC,SACH,YAAW,MAAM,IAAI,QAAQ,QAAQ,QAAQ;KAC3C,OAAO;KACP,OAAO,CAAC;MAAE,OAAO;MAAc,OAAO;MAAY,CAAC;KACpD,CAAC,CAAC,MAAM,QAAQ;AACf,SAAI,CAAC,IAAK,QAAO;AACjB,YAAO;MACL,GAAG;MACH,YAAY,IAAI,aAAa,cAC3B,IAAI,WACL,IAAI,KAAK,IAAI,KAAK;MACpB;MACD;AAEJ,QAAI,CAAC,SACH,OAAM,IAAI,SAAS,aAAa,EAC9B,SAAS,8CACV,CAAC;IAEJ,MAAM,mBAAmB,cACvB,SAAS,WACV;AACD,QAAI,CAAC,iBACH,OAAM,IAAI,SAAS,eAAe,EAChC,SAAS,8BACV,CAAC;IAEJ,MAAM,UAAU,iBAAiB;IACjC,IAAI,MAAM;AACV,QAAI,CAAC,SAAS,SACZ,OAAME,aAAK,iBAAiB;KAC1B,UAAU,SAAS,YAAY,iBAAiB;KAChD,qBAAqB,CACnB;MACE,SAAS;MACT,UAAU,iBAAiB;MAC5B,CACF;KACD,aAAa,SAAS,QAAQ,iBAAiB;KAC/C,yBAAyB,iBAAiB,wBAAwB;KAClE,sBAAsB,SAAS,wBAAwB;KACvD,eAAe,SAAS;KACxB,mBAAmB,SAAS;KAC7B,CAAC;QAEF,OAAMA,aAAK,iBAAiB;KAC1B,UAAU,QAAQ;KAClB,YAAY,QAAQ;KACpB,gBAAgB,QAAQ;KACxB,sBAAsB,QAAQ;KAC9B,eAAe,QAAQ;KACvB,mBAAmB,QAAQ;KAC5B,CAAC;IAEJ,MAAM,SAAS,iBAAiB;IAChC,MAAM,KAAKA,aAAK,gBAAgB;KAC9B,UAAU,QAAQ;KAClB,UAAU,QAAQ,YAAY,iBAAiB;KAC/C,0BAA0B,QAAQ,WAAW,KAAK,IAAI,CACpD;MACE,SAAS;MACT,UAAU,iBAAiB;MAC5B,CACF;KACD,YAAY,QAAQ,cAAc,iBAAiB;KACnD,gBAAgB,QAAQ;KACxB,sBAAsB,QAAQ,wBAAwB;KACtD,eAAe,QAAQ;KACvB,mBAAmB,QAAQ;KAC3B,mBAAmB,iBAAiB,wBAAwB;KAC5D,cAAc,iBAAiB,mBAAmB,CAAC,iBAAiB,iBAAiB,GAAG,KAAK;KAC9F,CAAC;IACF,IAAI;AACJ,QAAI;KACF,MAAM,kBAAkB,OAAO,KAC7B,cACA,SACD,CAAC,SAAS,QAAQ;AACnB,SAAI;AACF,uBAAiB,MAAM,GAAG,mBAAmB,KAAK,QAAQ,EACxD,MAAM;OACJ;OACA,YAAY,cAAc,KAAK;OAChC,EACF,CAAC;cACK,YAAY;MACnB,MAAM,cAAc,gBAAgB,MAClC,6CACD;AACD,UAAI,CAAC,YAAa,OAAM;AACxB,uBAAiB,EACf,SAAS;OACP,QAAQ,YAAY;OACpB,YAAY,EAAE,QAAQ,YAAY,IAAI;OACtC,cAAc,EAAE;OAChB,YAAY,EAAE;OACf,EACF;;AAEH,SAAI,CAAC,gBAAgB,QACnB,OAAM,IAAI,MAAM,kCAAkC;aAE7C,OAAO;AACd,SAAI,QAAQ,OAAO,MAAM,mCAAmC;MAC1D;MACA,iBAAiB,OAAO,KAAK,cAAc,SAAS,CAAC,SACnD,QACD;MACF,CAAC;AACF,WAAM,IAAI,SAAS,eAAe;MAChC,SAAS;MACT,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;MAChE,CAAC;;IAEJ,MAAM,EAAE,YAAY;IACpB,MAAM,aAAa,QAAQ,cAAc,EAAE;IAC3C,MAAM,UAAU,iBAAiB,WAAW,EAAE;IAC9C,MAAM,WAAW;KACf,GAAG,OAAO,YACR,OAAO,QAAQ,QAAQ,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,WAAW,CAC9D,KACA,WAAW,OACZ,CAAC,CACH;KACD,IAAI,WAAW,QAAQ,MAAM,aAAa,QAAQ;KAClD,OAAO,WAAW,QAAQ,SAAS,YAAY,QAAQ;KACvD,MAAM,CACJ,WAAW,QAAQ,aAAa,cAChC,WAAW,QAAQ,YAAY,WAChC,CAAC,OAAO,QAAQ,CAAC,KAAK,IAAI,IAAI,WAAW,QAAQ,QAAQ,kBAAkB,QAAQ;KACpF,eAAe,SAAS,sBAAsB,QAAQ,gBAAgB,WAAW,QAAQ,kBAAkB,QAAQ;KACpH;AACD,QAAI,CAAC,SAAS,MAAM,CAAC,SAAS,OAAO;AACnC,SAAI,QAAQ,OAAO,MACjB,kDACA;MACE,YAAY,OAAO,KAAK,WAAW;MACnC;MACA,aAAa,SAAS;MACtB,gBAAgB,SAAS;MAC1B,CACF;AACD,WAAM,IAAI,SAAS,eAAe,EAChC,SAAS,yDACV,CAAC;;IAEJ,IAAI;IACJ,MAAM,eAAe,MAAM,IAAI,QAAQ,QAAQ,QAAQ;KACrD,OAAO;KACP,OAAO,CACL;MACE,OAAO;MACP,OAAO,SAAS;MACjB,CACF;KACF,CAAC;AACF,QAAI,aACF,QAAO;QAEP,QAAO,MAAM,IAAI,QAAQ,QAAQ,OAAO;KACtC,OAAO;KACP,MAAM;MACJ,OAAO,SAAS;MAChB,MAAM,SAAS;MACf,eAAe,SAAS;MACxB,2BAA2B,IAAI,MAAM;MACrC,2BAA2B,IAAI,MAAM;MACtC;KACF,CAAC;AAUJ,QAAI,CARY,MAAM,IAAI,QAAQ,QAAQ,QAAQ;KAChD,OAAO;KACP,OAAO;MACL;OAAE,OAAO;OAAU,OAAO,KAAK;OAAI;MACnC;OAAE,OAAO;OAAc,OAAO,SAAS;OAAY;MACnD;OAAE,OAAO;OAAa,OAAO,SAAS;OAAI;MAC3C;KACF,CAAC,CAEA,OAAM,IAAI,QAAQ,QAAQ,OAAO;KAC/B,OAAO;KACP,MAAM;MACJ,QAAQ,KAAK;MACb,YAAY,SAAS;MACrB,WAAW,SAAS;MACpB,2BAA2B,IAAI,MAAM;MACrC,2BAA2B,IAAI,MAAM;MACrC,aAAa;MACb,cAAc;MACf;KACF,CAAC;AAEJ,QAAI,SAAS,cACX,OAAM,QAAQ,cAAc;KAC1B;KACA;KACA;KACD,CAAC;AAEJ,QAAI,SAAS,kBAAkB,CAAC,SAAS,0BAA0B,UAIjE;SAH2B,IAAI,QAAQ,QAAQ,SAAS,MACrD,WAAW,OAAO,OAAO,eAC3B,EASC;UAAI,CAPoB,MAAM,IAAI,QAAQ,QAAQ,QAAQ;OACxD,OAAO;OACP,OAAO,CACL;QAAE,OAAO;QAAkB,OAAO,SAAS;QAAgB,EAC3D;QAAE,OAAO;QAAU,OAAO,KAAK;QAAI,CACpC;OACF,CAAC,EACoB;OACpB,MAAM,OAAO,SAAS,0BAA0B,UAAU,MAAM,QAAQ,yBAAyB,QAAQ;QACvG;QACA;QACA;QACD,CAAC,GAAG,SAAS,0BAA0B,eAAe;AACvD,aAAM,IAAI,QAAQ,QAAQ,OAAO;QAC/B,OAAO;QACP,MAAM;SACJ,gBAAgB,SAAS;SACzB,QAAQ,KAAK;SACb;SACA,2BAA2B,IAAI,MAAM;SACrC,2BAA2B,IAAI,MAAM;SACtC;QACF,CAAC;;;;AAKR,UAAM,iBAAiB,KAAK;KAAE,SADhB,MAAM,IAAI,QAAQ,gBAAgB,cAAc,KAAK,IAAI,IAAI;KACpC;KAAM,CAAC;IAC9C,MAAM,cAAc,cAAc,iBAAiB,eAAe,IAAI,QAAQ;AAC9E,UAAM,IAAI,SAAS,YAAY;KAElC;GACD,aAAa,mBACX,iCACA;IACE,QAAQ;IACR,QAAQH,OAAS,EACf,YAAYC,QAAU,CAAC,UAAU,EAClC,CAAC;IACF,MAAMD,OAAS;KACb,cAAcC,QAAU;KACxB,YAAYA,QAAU,CAAC,UAAU;KAClC,CAAC;IACF,UAAU;KACR,UAAU;KACV,SAAS;MACP,SAAS;MACT,aAAa;MACb,WAAW,EACT,OAAO,EACL,aAAa,iEACd,EACF;MACF;KACF;IACF,EACD,OAAO,QAAQ;IACb,MAAM,EAAE,cAAc,aAAa,OAAO,IAAI;IAC9C,MAAM,EAAE,eAAe,IAAI;IAC3B,IAAI,WAAW;AACf,QAAI,SAAS,YAAY,QAAQ;KAC/B,MAAM,kBAAkB,aAAa,QAAQ,WAAW,MACrD,oBAAoB,gBAAgB,eAAe,WACrD,GAAG,QAAQ,WAAW;AACvB,SAAI,gBACF,YAAW;MACT,QAAQ,gBAAgB,YAAY,UAAU;MAC9C,YAAY,gBAAgB;MAC5B,QAAQ;MACR,YAAY,gBAAgB;MAC7B;UAGH,YAAW,MAAM,IAAI,QAAQ,QAAQ,QAAQ;KAC3C,OAAO;KACP,OAAO,CACL;MACE,OAAO;MACP,OAAO,cAAc;MACtB,CACF;KACF,CAAC,CAAC,MAAM,QAAQ;AACf,SAAI,CAAC,IAAK,QAAO;AACjB,YAAO;MACL,GAAG;MACH,YAAY,IAAI,aAAa,cAC3B,IAAI,WACL,IAAI,KAAK,IAAI,KAAK;MACpB;MACD;AAEJ,QAAI,CAAC,UAAU,WACb,OAAM,IAAI,SAAS,aAAa,EAC9B,SAAS,0BACV,CAAC;IAEJ,MAAM,mBAAmB,SAAS;IAClC,MAAM,KAAKE,aAAK,gBAAgB;KAC9B,UAAU,iBAAiB,YAAY,YAAY,iBAAiB;KACpE,0BAA0B,CACxB;MACE,SAAS;MACT,UAAU,iBAAiB,eAAe,GAAG,IAAI,QAAQ,QAAQ,oBAAoB;MACtF,CACF;KACD,mBAAmB,iBAAiB,wBAAwB;KAC5D,UAAU,iBAAiB,YAAY;KACvC,YAAY,iBAAiB,YAAY,cAAc,iBAAiB;KACxE,gBAAgB,iBAAiB,YAAY;KAC7C,cAAc,iBAAiB,mBAAmB,CAAC,iBAAiB,iBAAiB,GAAG,KAAK;KAC9F,CAAC;IACF,MAAM,UAAU,iBAAiB;IACjC,MAAM,MAAM,CAAC,SAAS,WAAWA,aAAK,iBAAiB;KACrD,UAAU,SAAS,YAAY,iBAAiB;KAChD,qBAAqB,SAAS,uBAAuB,CACnD;MACE,SAAS;MACT,UAAU,iBAAiB;MAC5B,CACF;KACD,aAAa,SAAS,QAAQ,iBAAiB;KAChD,CAAC,GAAGA,aAAK,iBAAiB,EACzB,UAAU,QAAQ,UACnB,CAAC;IACF,IAAI;AACJ,QAAI;KACF,IAAI,kBAAkB,OAAO,KAAK,cAAc,SAAS,CAAC,SACxD,QACD;AACD,SAAI,CAAC,gBAAgB,SAAS,aAAa,EAAE;MAC3C,MAAM,cAAc,gBAAgB,QAAQ,kBAAkB;AAC9D,UAAI,gBAAgB,GAClB,mBAAkB,gBAAgB,MAAM,GAAG,cAAc,GAAG,GAAG,0GAAwG,gBAAgB,MAAM,cAAc,GAAG;gBAEvM,CAAC,gBAAgB,SAAS,gBAAgB,CACnD,mBAAkB,gBAAgB,QAChC,mCACA,yEACD;AAEH,SAAI;AACF,uBAAiB,MAAM,GAAG,mBAAmB,KAAK,QAAQ,EACxD,MAAM;OACJ;OACA,YAAY,cAAc,KAAK;OAChC,EACF,CAAC;cACK,YAAY;MACnB,MAAM,cAAc,gBAAgB,MAClC,6CACD;AACD,UAAI,CAAC,YAAa,OAAM;AACxB,uBAAiB,EACf,SAAS;OACP,QAAQ,YAAY;OACpB,YAAY,EAAE,QAAQ,YAAY,IAAI;OACtC,cAAc,EAAE;OAChB,YAAY,EAAE;OACf,EACF;;AAEH,SAAI,CAAC,gBAAgB,QACnB,OAAM,IAAI,MAAM,kCAAkC;aAE7C,OAAO;AACd,SAAI,QAAQ,OAAO,MAAM,mCAAmC;MAC1D;MACA,iBAAiB,OAAO,KAAK,cAAc,SAAS,CAAC,SACnD,QACD;MACF,CAAC;AACF,WAAM,IAAI,SAAS,eAAe;MAChC,SAAS;MACT,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;MAChE,CAAC;;IAEJ,MAAM,EAAE,YAAY;IACpB,MAAM,aAAa,QAAQ,cAAc,EAAE;IAC3C,MAAM,UAAU,iBAAiB,WAAW,EAAE;IAC9C,MAAM,WAAW;KACf,GAAG,OAAO,YACR,OAAO,QAAQ,QAAQ,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,WAAW,CAC9D,KACA,WAAW,OACZ,CAAC,CACH;KACD,IAAI,WAAW,QAAQ,MAAM,aAAa,QAAQ;KAClD,OAAO,WAAW,QAAQ,SAAS,YAAY,QAAQ;KACvD,MAAM,CACJ,WAAW,QAAQ,aAAa,cAChC,WAAW,QAAQ,YAAY,WAChC,CAAC,OAAO,QAAQ,CAAC,KAAK,IAAI,IAAI,WAAW,QAAQ,QAAQ,kBAAkB,QAAQ;KACpF,eAAe,SAAS,sBAAsB,QAAQ,gBAAgB,WAAW,QAAQ,kBAAkB,QAAQ;KACpH;AACD,QAAI,CAAC,SAAS,MAAM,CAAC,SAAS,OAAO;AACnC,SAAI,QAAQ,OAAO,MACjB,kDACA;MACE,YAAY,OAAO,KAAK,WAAW;MACnC;MACA,aAAa,SAAS;MACtB,gBAAgB,SAAS;MAC1B,CACF;AACD,WAAM,IAAI,SAAS,eAAe,EAChC,SAAS,yDACV,CAAC;;IAEJ,IAAI;IACJ,MAAM,eAAe,MAAM,IAAI,QAAQ,QAAQ,QAAQ;KACrD,OAAO;KACP,OAAO,CACL;MACE,OAAO;MACP,OAAO,SAAS;MACjB,CACF;KACF,CAAC;AACF,QAAI,cAAc;AAShB,SAAI,CARY,MAAM,IAAI,QAAQ,QAAQ,QAAQ;MAChD,OAAO;MACP,OAAO;OACL;QAAE,OAAO;QAAU,OAAO,aAAa;QAAI;OAC3C;QAAE,OAAO;QAAc,OAAO,SAAS;QAAY;OACnD;QAAE,OAAO;QAAa,OAAO,SAAS;QAAI;OAC3C;MACF,CAAC,EACY;AAIZ,UAAI,CAHsB,IAAI,QAAQ,QAAQ,SAAS,gBAAgB,kBAAkB,SACvF,SAAS,WACV,CAEC,OAAM,IAAI,SACR,GAAG,iBAAiB,YAAY,0BACjC;AAEH,YAAM,IAAI,QAAQ,QAAQ,OAAO;OAC/B,OAAO;OACP,MAAM;QACJ,QAAQ,aAAa;QACrB,YAAY,SAAS;QACrB,WAAW,SAAS;QACpB,2BAA2B,IAAI,MAAM;QACrC,2BAA2B,IAAI,MAAM;QACrC,aAAa;QACb,cAAc;QACf;OACF,CAAC;;AAEJ,YAAO;WACF;AACL,YAAO,MAAM,IAAI,QAAQ,QAAQ,OAAO;MACtC,OAAO;MACP,MAAM;OACJ,OAAO,SAAS;OAChB,MAAM,SAAS;OACf,eAAe,SAAS,qBAAqB,SAAS,iBAAiB,QAAQ;OAC/E,2BAA2B,IAAI,MAAM;OACrC,2BAA2B,IAAI,MAAM;OACtC;MACF,CAAC;AACF,WAAM,IAAI,QAAQ,QAAQ,OAAO;MAC/B,OAAO;MACP,MAAM;OACJ,QAAQ,KAAK;OACb,YAAY,SAAS;OACrB,WAAW,SAAS;OACpB,aAAa;OACb,cAAc;OACd,sCAAsC,IAAI,MAAM;OAChD,uCAAuC,IAAI,MAAM;OACjD,OAAO;OACP,2BAA2B,IAAI,MAAM;OACrC,2BAA2B,IAAI,MAAM;OACtC;MACF,CAAC;;AAEJ,QAAI,SAAS,cACX,OAAM,QAAQ,cAAc;KAC1B;KACA;KACA;KACD,CAAC;AAEJ,QAAI,SAAS,kBAAkB,CAAC,SAAS,0BAA0B,UAIjE;SAH2B,IAAI,QAAQ,QAAQ,SAAS,MACrD,WAAW,OAAO,OAAO,eAC3B,EASC;UAAI,CAPoB,MAAM,IAAI,QAAQ,QAAQ,QAAQ;OACxD,OAAO;OACP,OAAO,CACL;QAAE,OAAO;QAAkB,OAAO,SAAS;QAAgB,EAC3D;QAAE,OAAO;QAAU,OAAO,KAAK;QAAI,CACpC;OACF,CAAC,EACoB;OACpB,MAAM,OAAO,SAAS,0BAA0B,UAAU,MAAM,QAAQ,yBAAyB,QAAQ;QACvG;QACA;QACA;QACD,CAAC,GAAG,SAAS,0BAA0B,eAAe;AACvD,aAAM,IAAI,QAAQ,QAAQ,OAAO;QAC/B,OAAO;QACP,MAAM;SACJ,gBAAgB,SAAS;SACzB,QAAQ,KAAK;SACb;SACA,2BAA2B,IAAI,MAAM;SACrC,2BAA2B,IAAI,MAAM;SACtC;QACF,CAAC;;;;AAKR,UAAM,iBAAiB,KAAK;KAAE,SADhB,MAAM,IAAI,QAAQ,gBAAgB,cAAc,KAAK,IAAI,IAAI;KACpC;KAAM,CAAC;IAC9C,MAAM,cAAc,cAAc,iBAAiB,eAAe,IAAI,QAAQ;AAC9E,UAAM,IAAI,SAAS,YAAY;KAElC;GACF;EACD,QAAQ,EACN,aAAa,EACX,QAAQ;GACN,QAAQ;IACN,MAAM;IACN,UAAU;IACX;GACD,YAAY;IACV,MAAM;IACN,UAAU;IACX;GACD,YAAY;IACV,MAAM;IACN,UAAU;IACX;GACD,QAAQ;IACN,MAAM;IACN,YAAY;KACV,OAAO;KACP,OAAO;KACR;IACF;GACD,YAAY;IACV,MAAM;IACN,UAAU;IACV,QAAQ;IACT;GACD,gBAAgB;IACd,MAAM;IACN,UAAU;IACX;GACD,QAAQ;IACN,MAAM;IACN,UAAU;IACX;GACF,EACF,EACF;EACF"}

package/dist/esm/node_modules/@better-fetch/fetch/dist/index.mjs ADDED Viewed

@@ -0,0 +1,359 @@
+//#region ../../node_modules/@better-fetch/fetch/dist/index.js
+var __defProp = Object.defineProperty;
+var __defProps = Object.defineProperties;
+var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
+var __getOwnPropSymbols = Object.getOwnPropertySymbols;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __propIsEnum = Object.prototype.propertyIsEnumerable;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, {
+	enumerable: true,
+	configurable: true,
+	writable: true,
+	value
+}) : obj[key] = value;
+var __spreadValues = (a, b) => {
+	for (var prop in b || (b = {})) if (__hasOwnProp.call(b, prop)) __defNormalProp(a, prop, b[prop]);
+	if (__getOwnPropSymbols) {
+		for (var prop of __getOwnPropSymbols(b)) if (__propIsEnum.call(b, prop)) __defNormalProp(a, prop, b[prop]);
+	}
+	return a;
+};
+var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
+var BetterFetchError = class extends Error {
+	constructor(status, statusText, error) {
+		super(statusText || status.toString(), { cause: error });
+		this.status = status;
+		this.statusText = statusText;
+		this.error = error;
+	}
+};
+var initializePlugins = async (url, options) => {
+	var _a, _b, _c, _d, _e, _f;
+	let opts = options || {};
+	const hooks = {
+		onRequest: [options == null ? void 0 : options.onRequest],
+		onResponse: [options == null ? void 0 : options.onResponse],
+		onSuccess: [options == null ? void 0 : options.onSuccess],
+		onError: [options == null ? void 0 : options.onError],
+		onRetry: [options == null ? void 0 : options.onRetry]
+	};
+	if (!options || !(options == null ? void 0 : options.plugins)) return {
+		url,
+		options: opts,
+		hooks
+	};
+	for (const plugin of (options == null ? void 0 : options.plugins) || []) {
+		if (plugin.init) {
+			const pluginRes = await ((_a = plugin.init) == null ? void 0 : _a.call(plugin, url.toString(), options));
+			opts = pluginRes.options || opts;
+			url = pluginRes.url;
+		}
+		hooks.onRequest.push((_b = plugin.hooks) == null ? void 0 : _b.onRequest);
+		hooks.onResponse.push((_c = plugin.hooks) == null ? void 0 : _c.onResponse);
+		hooks.onSuccess.push((_d = plugin.hooks) == null ? void 0 : _d.onSuccess);
+		hooks.onError.push((_e = plugin.hooks) == null ? void 0 : _e.onError);
+		hooks.onRetry.push((_f = plugin.hooks) == null ? void 0 : _f.onRetry);
+	}
+	return {
+		url,
+		options: opts,
+		hooks
+	};
+};
+var LinearRetryStrategy = class {
+	constructor(options) {
+		this.options = options;
+	}
+	shouldAttemptRetry(attempt, response) {
+		if (this.options.shouldRetry) return Promise.resolve(attempt < this.options.attempts && this.options.shouldRetry(response));
+		return Promise.resolve(attempt < this.options.attempts);
+	}
+	getDelay() {
+		return this.options.delay;
+	}
+};
+var ExponentialRetryStrategy = class {
+	constructor(options) {
+		this.options = options;
+	}
+	shouldAttemptRetry(attempt, response) {
+		if (this.options.shouldRetry) return Promise.resolve(attempt < this.options.attempts && this.options.shouldRetry(response));
+		return Promise.resolve(attempt < this.options.attempts);
+	}
+	getDelay(attempt) {
+		return Math.min(this.options.maxDelay, this.options.baseDelay * 2 ** attempt);
+	}
+};
+function createRetryStrategy(options) {
+	if (typeof options === "number") return new LinearRetryStrategy({
+		type: "linear",
+		attempts: options,
+		delay: 1e3
+	});
+	switch (options.type) {
+		case "linear": return new LinearRetryStrategy(options);
+		case "exponential": return new ExponentialRetryStrategy(options);
+		default: throw new Error("Invalid retry strategy");
+	}
+}
+var getAuthHeader = async (options) => {
+	const headers = {};
+	const getValue = async (value) => typeof value === "function" ? await value() : value;
+	if (options == null ? void 0 : options.auth) {
+		if (options.auth.type === "Bearer") {
+			const token = await getValue(options.auth.token);
+			if (!token) return headers;
+			headers["authorization"] = `Bearer ${token}`;
+		} else if (options.auth.type === "Basic") {
+			const username = getValue(options.auth.username);
+			const password = getValue(options.auth.password);
+			if (!username || !password) return headers;
+			headers["authorization"] = `Basic ${btoa(`${username}:${password}`)}`;
+		} else if (options.auth.type === "Custom") {
+			const value = getValue(options.auth.value);
+			if (!value) return headers;
+			headers["authorization"] = `${getValue(options.auth.prefix)} ${value}`;
+		}
+	}
+	return headers;
+};
+var JSON_RE = /^application\/(?:[\w!#$%&*.^`~-]*\+)?json(;.+)?$/i;
+function detectResponseType(request) {
+	const _contentType = request.headers.get("content-type");
+	const textTypes = /* @__PURE__ */ new Set([
+		"image/svg",
+		"application/xml",
+		"application/xhtml",
+		"application/html"
+	]);
+	if (!_contentType) return "json";
+	const contentType = _contentType.split(";").shift() || "";
+	if (JSON_RE.test(contentType)) return "json";
+	if (textTypes.has(contentType) || contentType.startsWith("text/")) return "text";
+	return "blob";
+}
+function isJSONParsable(value) {
+	try {
+		JSON.parse(value);
+		return true;
+	} catch (error) {
+		return false;
+	}
+}
+function isJSONSerializable(value) {
+	if (value === void 0) return false;
+	const t = typeof value;
+	if (t === "string" || t === "number" || t === "boolean" || t === null) return true;
+	if (t !== "object") return false;
+	if (Array.isArray(value)) return true;
+	if (value.buffer) return false;
+	return value.constructor && value.constructor.name === "Object" || typeof value.toJSON === "function";
+}
+function jsonParse(text) {
+	try {
+		return JSON.parse(text);
+	} catch (error) {
+		return text;
+	}
+}
+function isFunction(value) {
+	return typeof value === "function";
+}
+function getFetch(options) {
+	if (options == null ? void 0 : options.customFetchImpl) return options.customFetchImpl;
+	if (typeof globalThis !== "undefined" && isFunction(globalThis.fetch)) return globalThis.fetch;
+	if (typeof window !== "undefined" && isFunction(window.fetch)) return window.fetch;
+	throw new Error("No fetch implementation found");
+}
+async function getHeaders(opts) {
+	const headers = new Headers(opts == null ? void 0 : opts.headers);
+	const authHeader = await getAuthHeader(opts);
+	for (const [key, value] of Object.entries(authHeader || {})) headers.set(key, value);
+	if (!headers.has("content-type")) {
+		const t = detectContentType(opts == null ? void 0 : opts.body);
+		if (t) headers.set("content-type", t);
+	}
+	return headers;
+}
+function detectContentType(body) {
+	if (isJSONSerializable(body)) return "application/json";
+	return null;
+}
+function getBody(options) {
+	if (!(options == null ? void 0 : options.body)) return null;
+	const headers = new Headers(options == null ? void 0 : options.headers);
+	if (isJSONSerializable(options.body) && !headers.has("content-type")) {
+		for (const [key, value] of Object.entries(options == null ? void 0 : options.body)) if (value instanceof Date) options.body[key] = value.toISOString();
+		return JSON.stringify(options.body);
+	}
+	return options.body;
+}
+function getMethod(url, options) {
+	var _a;
+	if (options == null ? void 0 : options.method) return options.method.toUpperCase();
+	if (url.startsWith("@")) {
+		const pMethod = (_a = url.split("@")[1]) == null ? void 0 : _a.split("/")[0];
+		if (!methods.includes(pMethod)) return (options == null ? void 0 : options.body) ? "POST" : "GET";
+		return pMethod.toUpperCase();
+	}
+	return (options == null ? void 0 : options.body) ? "POST" : "GET";
+}
+function getTimeout(options, controller) {
+	let abortTimeout;
+	if (!(options == null ? void 0 : options.signal) && (options == null ? void 0 : options.timeout)) abortTimeout = setTimeout(() => controller == null ? void 0 : controller.abort(), options == null ? void 0 : options.timeout);
+	return {
+		abortTimeout,
+		clearTimeout: () => {
+			if (abortTimeout) clearTimeout(abortTimeout);
+		}
+	};
+}
+var ValidationError = class _ValidationError extends Error {
+	constructor(issues, message) {
+		super(message || JSON.stringify(issues, null, 2));
+		this.issues = issues;
+		Object.setPrototypeOf(this, _ValidationError.prototype);
+	}
+};
+async function parseStandardSchema(schema, input) {
+	let result = await schema["~standard"].validate(input);
+	if (result.issues) throw new ValidationError(result.issues);
+	return result.value;
+}
+var methods = [
+	"get",
+	"post",
+	"put",
+	"patch",
+	"delete"
+];
+function getURL2(url, option) {
+	let { baseURL, params, query } = option || {
+		query: {},
+		params: {},
+		baseURL: ""
+	};
+	let basePath = url.startsWith("http") ? url.split("/").slice(0, 3).join("/") : baseURL || "";
+	if (url.startsWith("@")) {
+		const m = url.toString().split("@")[1].split("/")[0];
+		if (methods.includes(m)) url = url.replace(`@${m}/`, "/");
+	}
+	if (!basePath.endsWith("/")) basePath += "/";
+	let [path, urlQuery] = url.replace(basePath, "").split("?");
+	const queryParams = new URLSearchParams(urlQuery);
+	for (const [key, value] of Object.entries(query || {})) {
+		if (value == null) continue;
+		queryParams.set(key, String(value));
+	}
+	if (params) if (Array.isArray(params)) {
+		const paramPaths = path.split("/").filter((p) => p.startsWith(":"));
+		for (const [index, key] of paramPaths.entries()) {
+			const value = params[index];
+			path = path.replace(key, value);
+		}
+	} else for (const [key, value] of Object.entries(params)) path = path.replace(`:${key}`, String(value));
+	path = path.split("/").map(encodeURIComponent).join("/");
+	if (path.startsWith("/")) path = path.slice(1);
+	let queryParamString = queryParams.toString();
+	queryParamString = queryParamString.length > 0 ? `?${queryParamString}`.replace(/\+/g, "%20") : "";
+	if (!basePath.startsWith("http")) return `${basePath}${path}${queryParamString}`;
+	return new URL(`${path}${queryParamString}`, basePath);
+}
+var betterFetch = async (url, options) => {
+	var _a, _b, _c, _d, _e, _f, _g, _h;
+	const { hooks, url: __url, options: opts } = await initializePlugins(url, options);
+	const fetch = getFetch(opts);
+	const controller = new AbortController();
+	const signal = (_a = opts.signal) != null ? _a : controller.signal;
+	const _url = getURL2(__url, opts);
+	const body = getBody(opts);
+	const headers = await getHeaders(opts);
+	const method = getMethod(__url, opts);
+	let context = __spreadProps(__spreadValues({}, opts), {
+		url: _url,
+		headers,
+		body,
+		method,
+		signal
+	});
+	for (const onRequest of hooks.onRequest) if (onRequest) {
+		const res = await onRequest(context);
+		if (res instanceof Object) context = res;
+	}
+	if ("pipeTo" in context && typeof context.pipeTo === "function" || typeof ((_b = options == null ? void 0 : options.body) == null ? void 0 : _b.pipe) === "function") {
+		if (!("duplex" in context)) context.duplex = "half";
+	}
+	const { clearTimeout: clearTimeout2 } = getTimeout(opts, controller);
+	let response = await fetch(context.url, context);
+	clearTimeout2();
+	const responseContext = {
+		response,
+		request: context
+	};
+	for (const onResponse of hooks.onResponse) if (onResponse) {
+		const r = await onResponse(__spreadProps(__spreadValues({}, responseContext), { response: ((_c = options == null ? void 0 : options.hookOptions) == null ? void 0 : _c.cloneResponse) ? response.clone() : response }));
+		if (r instanceof Response) response = r;
+		else if (r instanceof Object) response = r.response;
+	}
+	if (response.ok) {
+		if (!(context.method !== "HEAD")) return {
+			data: "",
+			error: null
+		};
+		const responseType = detectResponseType(response);
+		const successContext = {
+			data: "",
+			response,
+			request: context
+		};
+		if (responseType === "json" || responseType === "text") {
+			const text = await response.text();
+			successContext.data = await ((_d = context.jsonParser) != null ? _d : jsonParse)(text);
+		} else successContext.data = await response[responseType]();
+		if (context == null ? void 0 : context.output) {
+			if (context.output && !context.disableValidation) successContext.data = await parseStandardSchema(context.output, successContext.data);
+		}
+		for (const onSuccess of hooks.onSuccess) if (onSuccess) await onSuccess(__spreadProps(__spreadValues({}, successContext), { response: ((_e = options == null ? void 0 : options.hookOptions) == null ? void 0 : _e.cloneResponse) ? response.clone() : response }));
+		if (options == null ? void 0 : options.throw) return successContext.data;
+		return {
+			data: successContext.data,
+			error: null
+		};
+	}
+	const parser = (_f = options == null ? void 0 : options.jsonParser) != null ? _f : jsonParse;
+	const responseText = await response.text();
+	const isJSONResponse = isJSONParsable(responseText);
+	const errorObject = isJSONResponse ? await parser(responseText) : null;
+	const errorContext = {
+		response,
+		responseText,
+		request: context,
+		error: __spreadProps(__spreadValues({}, errorObject), {
+			status: response.status,
+			statusText: response.statusText
+		})
+	};
+	for (const onError of hooks.onError) if (onError) await onError(__spreadProps(__spreadValues({}, errorContext), { response: ((_g = options == null ? void 0 : options.hookOptions) == null ? void 0 : _g.cloneResponse) ? response.clone() : response }));
+	if (options == null ? void 0 : options.retry) {
+		const retryStrategy = createRetryStrategy(options.retry);
+		const _retryAttempt = (_h = options.retryAttempt) != null ? _h : 0;
+		if (await retryStrategy.shouldAttemptRetry(_retryAttempt, response)) {
+			for (const onRetry of hooks.onRetry) if (onRetry) await onRetry(responseContext);
+			const delay = retryStrategy.getDelay(_retryAttempt);
+			await new Promise((resolve) => setTimeout(resolve, delay));
+			return await betterFetch(url, __spreadProps(__spreadValues({}, options), { retryAttempt: _retryAttempt + 1 }));
+		}
+	}
+	if (options == null ? void 0 : options.throw) throw new BetterFetchError(response.status, response.statusText, isJSONResponse ? errorObject : responseText);
+	return {
+		data: null,
+		error: __spreadProps(__spreadValues({}, errorObject), {
+			status: response.status,
+			statusText: response.statusText
+		})
+	};
+};
+//#endregion
+export { BetterFetchError, betterFetch };
+//# sourceMappingURL=index.mjs.map