npm - @mesob/auth-hono - Versions diffs - 0.5.2 → 0.5.4 - Mend

@mesob/auth-hono 0.5.2 → 0.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/dist/{index-CDgzxZzO.d.ts → index-v_uxUd8A.d.ts} +45 -4
package/dist/index.d.ts +10 -3
package/dist/index.js +655 -250
package/dist/index.js.map +1 -1
package/dist/lib/auth-rate-limit.d.ts +21 -0
package/dist/lib/auth-rate-limit.js +228 -0
package/dist/lib/auth-rate-limit.js.map +1 -0
package/dist/lib/cookie.d.ts +4 -2
package/dist/lib/cookie.js +6 -1
package/dist/lib/cookie.js.map +1 -1
package/dist/lib/has-role-permission.d.ts +1 -1
package/dist/lib/iam-seed.d.ts +1 -1
package/dist/lib/load-session-pair.d.ts +16 -0
package/dist/lib/load-session-pair.js +505 -0
package/dist/lib/load-session-pair.js.map +1 -0
package/dist/lib/normalize-auth-response.d.ts +5 -2
package/dist/lib/normalize-auth-response.js +4 -1
package/dist/lib/normalize-auth-response.js.map +1 -1
package/dist/lib/normalize-rate-limit-ip.d.ts +5 -0
package/dist/lib/normalize-rate-limit-ip.js +159 -0
package/dist/lib/normalize-rate-limit-ip.js.map +1 -0
package/dist/lib/normalize-user.d.ts +1 -1
package/dist/lib/openapi-config.d.ts +1 -1
package/dist/lib/phone-validation.d.ts +1 -1
package/dist/lib/session-cache.d.ts +22 -0
package/dist/lib/session-cache.js +396 -0
package/dist/lib/session-cache.js.map +1 -0
package/dist/lib/session.d.ts +1 -1
package/dist/lib/tenant.d.ts +1 -1
package/package.json +2 -2

package/dist/lib/load-session-pair.js ADDED Viewed

@@ -0,0 +1,505 @@
+// src/db/orm/session.ts
+import { and, eq, gt } from "drizzle-orm";
+// src/db/schema.ts
+import { pgSchema, index, foreignKey, pgPolicy, check, uuid, varchar, timestamp, text, smallint, unique, inet, jsonb, boolean, uniqueIndex } from "drizzle-orm/pg-core";
+import { sql } from "drizzle-orm";
+var iam = pgSchema("iam");
+var verificationsInIam = iam.table("verifications", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  userId: uuid("user_id").notNull(),
+  code: text().notNull(),
+  expiresAt: timestamp("expires_at", { withTimezone: true, mode: "string" }).notNull(),
+  type: text(),
+  attempt: smallint().default(0),
+  to: text()
+}, (table) => [
+  index("verifications_expires_at_idx").using("btree", table.expiresAt.asc().nullsLast().op("timestamptz_ops")),
+  index("verifications_lookup_idx").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.userId.asc().nullsLast().op("text_ops"), table.type.asc().nullsLast().op("uuid_ops"), table.to.asc().nullsLast().op("text_ops"), table.code.asc().nullsLast().op("text_ops")),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "verifications_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.userId],
+    foreignColumns: [usersInIam.id],
+    name: "verifications_user_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),
+  check("verifications_attempt_nonnegative_check", sql`attempt >= 0`),
+  check("verifications_expires_after_created_check", sql`expires_at > created_at`)
+]);
+var sessionsInIam = iam.table("sessions", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  userId: uuid("user_id").notNull(),
+  expiresAt: timestamp("expires_at", { withTimezone: true, mode: "string" }).notNull(),
+  userAgent: text("user_agent"),
+  ip: inet(),
+  meta: jsonb(),
+  token: text().notNull(),
+  rotatedAt: timestamp("rotated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`)
+}, (table) => [
+  index("sessions_expires_at_idx").using("btree", table.expiresAt.asc().nullsLast().op("timestamptz_ops")),
+  index("sessions_tenant_user_idx").using("btree", table.tenantId.asc().nullsLast().op("uuid_ops"), table.userId.asc().nullsLast().op("text_ops")),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "sessions_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.userId],
+    foreignColumns: [usersInIam.id],
+    name: "sessions_user_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  unique("sessions_token_key").on(table.token),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),
+  check("sessions_expires_after_created_check", sql`expires_at > created_at`)
+]);
+var accountChangesInIam = iam.table("account_changes", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  userId: uuid("user_id").notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  changeType: text("change_type").notNull(),
+  oldEmail: varchar("old_email"),
+  newEmail: varchar("new_email"),
+  oldPhone: text("old_phone"),
+  newPhone: text("new_phone"),
+  status: varchar().notNull(),
+  expiresAt: timestamp("expires_at", { withTimezone: true, mode: "string" }).notNull(),
+  confirmedAt: timestamp("confirmed_at", { withTimezone: true, mode: "string" }),
+  cancelledAt: timestamp("cancelled_at", { withTimezone: true, mode: "string" }),
+  reason: text()
+}, (table) => [
+  index("account_changes_expires_at_idx").using("btree", table.expiresAt.asc().nullsLast().op("timestamptz_ops")),
+  index("account_changes_tenant_user_status_idx").using("btree", table.tenantId.asc().nullsLast().op("uuid_ops"), table.userId.asc().nullsLast().op("text_ops"), table.status.asc().nullsLast().op("uuid_ops")),
+  index("idx_account_changes_expired").using("btree", table.expiresAt.asc().nullsLast().op("text_ops"), table.status.asc().nullsLast().op("text_ops")).where(sql`((status)::text = 'pending'::text)`),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "account_changes_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.userId],
+    foreignColumns: [usersInIam.id],
+    name: "account_changes_user_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),
+  check("account_changes_expires_after_created_check", sql`expires_at > created_at`),
+  check("account_changes_change_type_check", sql`((change_type = 'EMAIL'::text) AND (old_email IS NOT NULL) AND (new_email IS NOT NULL) AND (old_phone IS NULL) AND (new_phone IS NULL)) OR ((change_type = 'PHONE'::text) AND (old_phone IS NOT NULL) AND (new_phone IS NOT NULL) AND (old_email IS NULL) AND (new_email IS NULL))`),
+  check("account_changes_status_check", sql`(status)::text = ANY (ARRAY[('PENDING'::character varying)::text, ('APPLIED'::character varying)::text, ('CANCELLED'::character varying)::text, ('EXPIRED'::character varying)::text])`)
+]);
+var tenantsInIam = iam.table("tenants", {
+  id: varchar({ length: 30 }).primaryKey().notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  name: jsonb().notNull(),
+  description: jsonb(),
+  theme: jsonb(),
+  supportedLanguages: jsonb("supported_languages"),
+  defaultLanguage: text("default_language"),
+  supportedCurrency: jsonb("supported_currency"),
+  defaultCurrency: text("default_currency"),
+  timezone: text(),
+  isActive: boolean("is_active").default(true).notNull(),
+  locale: jsonb(),
+  settings: jsonb(),
+  seo: jsonb()
+}, (table) => [
+  index("tenants_is_active_idx").using("btree", table.isActive.asc().nullsLast().op("bool_ops"))
+]);
+var rolePermissionsInIam = iam.table("role_permissions", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  permissionId: text("permission_id").notNull(),
+  roleId: uuid("role_id").notNull()
+}, (table) => [
+  index("idx_role_permissions_permission_id").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.permissionId.asc().nullsLast().op("text_ops")),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "role_permissions_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.permissionId],
+    foreignColumns: [permissionsInIam.id],
+    name: "role_permissions_permission_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.tenantId, table.roleId],
+    foreignColumns: [rolesInIam.tenantId, rolesInIam.id],
+    name: "role_permissions_tenant_role_fkey"
+  }).onDelete("cascade"),
+  unique("role_permissions_tenant_role_permission_unique").on(table.tenantId, table.permissionId, table.roleId),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` })
+]);
+var permissionsInIam = iam.table("permissions", {
+  id: text().primaryKey().notNull(),
+  description: jsonb().notNull(),
+  activity: text().notNull(),
+  application: text().notNull(),
+  feature: text().notNull()
+}, (table) => [
+  unique("permissions_activity_application_feature_key").on(table.activity, table.application, table.feature)
+]);
+var accountsInIam = iam.table("accounts", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  userId: uuid("user_id").notNull(),
+  provider: text().notNull(),
+  providerAccountId: text("provider_account_id").notNull(),
+  password: text(),
+  passwordLastChangedAt: timestamp("password_last_changed_at", { withTimezone: true, mode: "string" }),
+  idToken: text("id_token"),
+  accessToken: text("access_token"),
+  accessTokenExpiresAt: timestamp("access_token_expires_at", { withTimezone: true, mode: "string" }),
+  refreshToken: text("refresh_token"),
+  refreshTokenExpiresAt: timestamp("refresh_token_expires_at", { withTimezone: true, mode: "string" }),
+  scope: text(),
+  expiresAt: timestamp("expires_at", { withTimezone: true, mode: "string" }),
+  meta: jsonb()
+}, (table) => [
+  index("idx_accounts_provider_lookup").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.provider.asc().nullsLast().op("text_ops"), table.providerAccountId.asc().nullsLast().op("text_ops")),
+  index("idx_accounts_user_id").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.userId.asc().nullsLast().op("text_ops")),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "accounts_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.userId],
+    foreignColumns: [usersInIam.id],
+    name: "accounts_user_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  unique("accounts_tenant_provider_account_unique").on(table.tenantId, table.provider, table.providerAccountId),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` })
+]);
+var usersInIam = iam.table("users", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  fullName: text("full_name").notNull(),
+  image: text(),
+  phone: text(),
+  email: text(),
+  handle: text().notNull(),
+  emailVerified: boolean("email_verified").default(false).notNull(),
+  phoneVerified: boolean("phone_verified").default(false).notNull(),
+  bannedUntil: timestamp("banned_until", { withTimezone: true, mode: "string" }),
+  lastSignInAt: timestamp("last_sign_in_at", { withTimezone: true, mode: "string" }),
+  loginAttempt: smallint("login_attempt").default(0).notNull(),
+  userType: text("user_type").array().default(["RAY"]).notNull()
+}, (table) => [
+  index("idx_users_auth_lookup").using("btree", table.tenantId.asc().nullsLast().op("bool_ops"), table.email.asc().nullsLast().op("bool_ops"), table.id.asc().nullsLast().op("timestamptz_ops"), table.emailVerified.asc().nullsLast().op("timestamptz_ops"), table.bannedUntil.asc().nullsLast().op("uuid_ops")).where(sql`(email IS NOT NULL)`),
+  index("idx_users_email_lookup").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.email.asc().nullsLast().op("text_ops")).where(sql`(email IS NOT NULL)`),
+  index("idx_users_handle_lookup").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.handle.asc().nullsLast().op("text_ops")),
+  index("idx_users_phone_lookup").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.phone.asc().nullsLast().op("text_ops")).where(sql`(phone IS NOT NULL)`),
+  index("idx_users_tenant_email_unique").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.email.asc().nullsLast().op("text_ops")).where(sql`(email IS NOT NULL)`),
+  index("idx_users_tenant_is_admin").using("btree", table.tenantId.asc().nullsLast().op("text_ops")).where(sql`(user_type @> ARRAY['admin'::text])`),
+  index("idx_users_tenant_is_candidate").using("btree", table.tenantId.asc().nullsLast().op("text_ops")).where(sql`(user_type @> ARRAY['candidate'::text])`),
+  index("idx_users_tenant_is_employee").using("btree", table.tenantId.asc().nullsLast().op("text_ops")).where(sql`(user_type @> ARRAY['employee'::text])`),
+  index("idx_users_user_types_gin").using("gin", table.userType.asc().nullsLast().op("array_ops")),
+  uniqueIndex("users_tenant_lower_email_idx").using("btree", sql`tenant_id`, sql`lower(email)`),
+  uniqueIndex("users_tenant_lower_handle_idx").using("btree", sql`tenant_id`, sql`lower(handle)`),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "users_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  unique("users_tenant_phone_key").on(table.tenantId, table.phone),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),
+  check("users_login_attempt_nonnegative_check", sql`login_attempt >= 0`),
+  check("users_contact_required_check", sql`(email IS NOT NULL) OR (phone IS NOT NULL)`),
+  check("users_user_type_check", sql`user_type <@ ARRAY['candidate'::text, 'employee'::text, 'admin'::text]`)
+]);
+var rolesInIam = iam.table("roles", {
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  name: jsonb().notNull(),
+  description: jsonb().notNull(),
+  code: text().notNull(),
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  isSystem: boolean("is_system").default(false).notNull(),
+  isEditable: boolean("is_editable").default(true).notNull(),
+  isDeletable: boolean("is_deletable").default(true).notNull()
+}, (table) => [
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "roles_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  unique("roles_tenant_code_unique").on(table.tenantId, table.code),
+  unique("roles_tenant_id_unique").on(table.tenantId, table.id),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` })
+]);
+var userRolesInIam = iam.table("user_roles", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  userId: uuid("user_id").notNull(),
+  roleId: uuid("role_id").notNull()
+}, (table) => [
+  index("idx_user_roles_tenant_user").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.userId.asc().nullsLast().op("uuid_ops")),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "user_roles_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.userId],
+    foreignColumns: [usersInIam.id],
+    name: "user_roles_user_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  foreignKey({
+    columns: [table.tenantId, table.roleId],
+    foreignColumns: [rolesInIam.tenantId, rolesInIam.id],
+    name: "user_roles_tenant_role_fkey"
+  }).onDelete("cascade"),
+  unique("user_roles_tenant_user_role_unique").on(table.tenantId, table.userId, table.roleId),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` })
+]);
+var domainsInIam = iam.table("domains", {
+  id: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),
+  tenantId: varchar("tenant_id", { length: 30 }).notNull(),
+  domain: text().notNull(),
+  status: text().default("pending").notNull(),
+  meta: jsonb(),
+  isPrimary: boolean("is_primary").default(false).notNull(),
+  createdAt: timestamp("created_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull(),
+  updatedAt: timestamp("updated_at", { withTimezone: true, mode: "string" }).default(sql`CURRENT_TIMESTAMP`).notNull()
+}, (table) => [
+  uniqueIndex("domains_domain_unique_idx").using("btree", sql`lower(domain)`),
+  uniqueIndex("domains_primary_per_tenant_idx").using("btree", table.tenantId.asc().nullsLast().op("text_ops")).where(sql`(is_primary = true)`),
+  index("domains_tenant_status_idx").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.status.asc().nullsLast().op("text_ops")),
+  index("idx_domains_tenant_domain_status").using("btree", table.tenantId.asc().nullsLast().op("text_ops"), table.domain.asc().nullsLast().op("text_ops"), table.status.asc().nullsLast().op("text_ops")),
+  foreignKey({
+    columns: [table.tenantId],
+    foreignColumns: [tenantsInIam.id],
+    name: "domains_tenant_id_fkey"
+  }).onUpdate("cascade").onDelete("cascade"),
+  pgPolicy("tenant_isolation", { as: "permissive", for: "all", to: ["public"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),
+  check("domains_domain_format_check", sql`domain ~ '^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)+$'::text`),
+  check("domains_status_check", sql`status = ANY (ARRAY['PENDING'::text, 'ACTIVE'::text, 'DISABLED'::text, 'DELETED'::text])`)
+]);
+// src/db/orm/session.ts
+var fetchSessionByToken = async ({
+  database,
+  hashedToken,
+  tenantId
+}) => {
+  const [sessionResult] = await database.select({
+    id: sessionsInIam.id,
+    tenantId: sessionsInIam.tenantId,
+    userId: sessionsInIam.userId,
+    expiresAt: sessionsInIam.expiresAt,
+    createdAt: sessionsInIam.createdAt,
+    meta: sessionsInIam.meta
+  }).from(sessionsInIam).where(
+    and(
+      eq(sessionsInIam.token, hashedToken),
+      gt(sessionsInIam.expiresAt, (/* @__PURE__ */ new Date()).toISOString()),
+      eq(sessionsInIam.tenantId, tenantId)
+    )
+  ).limit(1);
+  if (!sessionResult) {
+    return null;
+  }
+  return {
+    ...sessionResult,
+    meta: sessionResult.meta
+  };
+};
+var deleteSession = async ({
+  database,
+  sessionId,
+  tenantId
+}) => {
+  await database.delete(sessionsInIam).where(
+    and(
+      eq(sessionsInIam.id, sessionId),
+      eq(sessionsInIam.tenantId, tenantId)
+    )
+  );
+};
+// src/db/orm/tenant.ts
+import { and as and2, eq as eq2, sql as sql2 } from "drizzle-orm";
+// src/db/orm/user.ts
+import { and as and4, eq as eq4 } from "drizzle-orm";
+// src/lib/user-auth-select.ts
+import { and as and3, eq as eq3, sql as sql3 } from "drizzle-orm";
+function getUserAuthSelect(tenantId) {
+  return {
+    roles: sql3`COALESCE(
+      (
+        select array_to_json(array_agg(distinct "iam"."roles"."id"))
+        from ${userRolesInIam}
+        inner join ${rolesInIam}
+          on ${and3(
+      eq3(rolesInIam.tenantId, userRolesInIam.tenantId),
+      eq3(rolesInIam.id, userRolesInIam.roleId)
+    )}
+        where ${and3(
+      eq3(userRolesInIam.tenantId, tenantId),
+      eq3(userRolesInIam.userId, usersInIam.id)
+    )}
+      ),
+      '[]'::json
+    )`,
+    roleCodes: sql3`COALESCE(
+      (
+        select array_to_json(array_agg(distinct ${rolesInIam.code}))
+        from ${userRolesInIam}
+        inner join ${rolesInIam}
+          on ${and3(
+      eq3(rolesInIam.tenantId, userRolesInIam.tenantId),
+      eq3(rolesInIam.id, userRolesInIam.roleId)
+    )}
+        where ${and3(
+      eq3(userRolesInIam.tenantId, tenantId),
+      eq3(userRolesInIam.userId, usersInIam.id)
+    )}
+      ),
+      '[]'::json
+    )`,
+    permissions: sql3`COALESCE(
+      (
+        select array_to_json(array_agg(distinct "iam"."permissions"."id"))
+        from ${userRolesInIam}
+        inner join ${rolePermissionsInIam}
+          on ${and3(
+      eq3(rolePermissionsInIam.tenantId, userRolesInIam.tenantId),
+      eq3(rolePermissionsInIam.roleId, userRolesInIam.roleId)
+    )}
+        inner join ${permissionsInIam}
+          on ${eq3(permissionsInIam.id, rolePermissionsInIam.permissionId)}
+        where ${and3(
+      eq3(userRolesInIam.tenantId, tenantId),
+      eq3(userRolesInIam.userId, usersInIam.id)
+    )}
+      ),
+      '[]'::json
+    )`
+  };
+}
+// src/db/orm/user.ts
+var fetchUserWithRoles = async ({
+  database,
+  userId,
+  tenantId
+}) => {
+  const [userResult] = await database.select({
+    id: usersInIam.id,
+    tenantId: usersInIam.tenantId,
+    fullName: usersInIam.fullName,
+    email: usersInIam.email,
+    phone: usersInIam.phone,
+    handle: usersInIam.handle,
+    image: usersInIam.image,
+    emailVerified: usersInIam.emailVerified,
+    phoneVerified: usersInIam.phoneVerified,
+    lastSignInAt: usersInIam.lastSignInAt,
+    bannedUntil: usersInIam.bannedUntil,
+    ...getUserAuthSelect(tenantId)
+  }).from(usersInIam).where(and4(eq4(usersInIam.id, userId), eq4(usersInIam.tenantId, tenantId))).limit(1);
+  return userResult || null;
+};
+// src/lib/cookie.ts
+import { deleteCookie as honoDel, setCookie as honoSet } from "hono/cookie";
+var isProduction = process.env.NODE_ENV === "production";
+var getSessionKeyNamespace = (config) => {
+  const p = config.prefix?.trim();
+  return p && p.length > 0 ? p : "msb";
+};
+// src/lib/session-cache.ts
+var sessionCacheKey = (config, hashedToken) => `${getSessionKeyNamespace(config)}:sc:v1:${hashedToken}`;
+async function readSessionCache(config, hashedToken) {
+  const sc = config.sessionCache;
+  if (!sc?.enabled) {
+    return null;
+  }
+  const raw = await sc.kv.get(sessionCacheKey(config, hashedToken));
+  if (!raw) {
+    return null;
+  }
+  try {
+    const parsed = JSON.parse(raw);
+    if (!parsed?.session?.expiresAt || new Date(parsed.session.expiresAt) <= /* @__PURE__ */ new Date()) {
+      await sc.kv.delete(sessionCacheKey(config, hashedToken));
+      return null;
+    }
+    return parsed;
+  } catch {
+    await sc.kv.delete(sessionCacheKey(config, hashedToken));
+    return null;
+  }
+}
+async function writeSessionCache(config, hashedToken, payload) {
+  const sc = config.sessionCache;
+  if (!sc?.enabled) {
+    return;
+  }
+  const ttl = sc.ttlSeconds ?? Math.max(
+    60,
+    Math.ceil(
+      (new Date(payload.session.expiresAt).getTime() - Date.now()) / 1e3
+    )
+  );
+  await sc.kv.put(
+    sessionCacheKey(config, hashedToken),
+    JSON.stringify(payload),
+    {
+      expirationTtl: Math.min(Math.max(ttl, 60), 2147483647)
+    }
+  );
+}
+// src/lib/load-session-pair.ts
+async function loadSessionPair(database, config, hashedToken) {
+  const cached = await readSessionCache(config, hashedToken);
+  if (cached) {
+    return { session: cached.session, user: cached.user };
+  }
+  const session = await fetchSessionByToken({
+    database,
+    hashedToken,
+    tenantId: config.tenant?.tenantId || "tenant"
+  });
+  if (!session) {
+    return null;
+  }
+  const user = await fetchUserWithRoles({
+    database,
+    userId: session.userId,
+    tenantId: session.tenantId
+  });
+  if (!user) {
+    await deleteSession({
+      database,
+      sessionId: session.id,
+      tenantId: session.tenantId
+    });
+    return null;
+  }
+  await writeSessionCache(config, hashedToken, { session, user });
+  return { session, user };
+}
+export {
+  loadSessionPair
+};
+//# sourceMappingURL=load-session-pair.js.map

package/dist/lib/load-session-pair.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/db/orm/session.ts","../../src/db/schema.ts","../../src/db/orm/tenant.ts","../../src/db/orm/user.ts","../../src/lib/user-auth-select.ts","../../src/lib/cookie.ts","../../src/lib/session-cache.ts","../../src/lib/load-session-pair.ts"],"sourcesContent":["import { and, eq, gt } from 'drizzle-orm';\nimport type { Session, SessionMeta } from '../../types';\nimport { sessionsInIam } from '../schema';\nimport type {\n DeleteSessionByTokenParams,\n DeleteSessionParams,\n DeleteUserSessionsParams,\n FetchSessionByTokenParams,\n UpdateSessionExpiryParams,\n} from './types';\n\nexport const fetchSessionByToken = async ({\n database,\n hashedToken,\n tenantId,\n}: FetchSessionByTokenParams): Promise<Session | null> => {\n const [sessionResult] = await database\n .select({\n id: sessionsInIam.id,\n tenantId: sessionsInIam.tenantId,\n userId: sessionsInIam.userId,\n expiresAt: sessionsInIam.expiresAt,\n createdAt: sessionsInIam.createdAt,\n meta: sessionsInIam.meta,\n })\n .from(sessionsInIam)\n .where(\n and(\n eq(sessionsInIam.token, hashedToken),\n gt(sessionsInIam.expiresAt, new Date().toISOString()),\n eq(sessionsInIam.tenantId, tenantId),\n ),\n )\n .limit(1);\n\n if (!sessionResult) {\n return null;\n }\n\n return {\n ...sessionResult,\n meta: sessionResult.meta as SessionMeta | null,\n };\n};\n\n/**\n * Update session expiry time (for session refresh)\n */\nexport const updateSessionExpiry = async ({\n database,\n sessionId,\n tenantId,\n expiresAt,\n}: UpdateSessionExpiryParams): Promise<void> => {\n await database\n .update(sessionsInIam)\n .set({\n expiresAt,\n updatedAt: new Date().toISOString(),\n })\n .where(\n and(\n eq(sessionsInIam.id, sessionId),\n eq(sessionsInIam.tenantId, tenantId),\n ),\n );\n};\n\n/**\n * Delete a session by ID\n */\nexport const deleteSession = async ({\n database,\n sessionId,\n tenantId,\n}: DeleteSessionParams): Promise<void> => {\n await database\n .delete(sessionsInIam)\n .where(\n and(\n eq(sessionsInIam.id, sessionId),\n eq(sessionsInIam.tenantId, tenantId),\n ),\n );\n};\n\n/**\n * Delete a session by hashed token\n */\nexport const deleteSessionByToken = async ({\n database,\n hashedToken,\n tenantId,\n}: DeleteSessionByTokenParams): Promise<void> => {\n await database\n .delete(sessionsInIam)\n .where(\n and(\n eq(sessionsInIam.token, hashedToken),\n eq(sessionsInIam.tenantId, tenantId),\n ),\n );\n};\n\n/**\n * Delete all sessions for a user\n */\nexport const deleteUserSessions = async ({\n database,\n userId,\n tenantId,\n}: DeleteUserSessionsParams): Promise<void> => {\n await database\n .delete(sessionsInIam)\n .where(\n and(\n eq(sessionsInIam.userId, userId),\n eq(sessionsInIam.tenantId, tenantId),\n ),\n );\n};\n\nexport const listHashedTokensForUser = async ({\n database,\n userId,\n tenantId,\n}: DeleteUserSessionsParams): Promise<string[]> => {\n const rows = await database\n .select({ token: sessionsInIam.token })\n .from(sessionsInIam)\n .where(\n and(\n eq(sessionsInIam.userId, userId),\n eq(sessionsInIam.tenantId, tenantId),\n ),\n );\n return rows.map((r) => r.token);\n};\n","import { pgTable, pgSchema, index, foreignKey, pgPolicy, check, uuid, varchar, timestamp, text, smallint, unique, inet, jsonb, boolean, uniqueIndex } from \"drizzle-orm/pg-core\"\nimport { sql } from \"drizzle-orm\"\n\nexport const iam = pgSchema(\"iam\");\n\n\nexport const verificationsInIam = iam.table(\"verifications\", {\n\tid: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),\n\ttenantId: varchar(\"tenant_id\", { length: 30 }).notNull(),\n\tcreatedAt: timestamp(\"created_at\", { withTimezone: true, mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),\n\tupdatedAt: timestamp(\"updated_at\", { withTimezone: true, mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),\n\tuserId: uuid(\"user_id\").notNull(),\n\tcode: text().notNull(),\n\texpiresAt: timestamp(\"expires_at\", { withTimezone: true, mode: 'string' }).notNull(),\n\ttype: text(),\n\tattempt: smallint().default(0),\n\tto: text(),\n}, (table) => [\n\tindex(\"verifications_expires_at_idx\").using(\"btree\", table.expiresAt.asc().nullsLast().op(\"timestamptz_ops\")),\n\tindex(\"verifications_lookup_idx\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"text_ops\"), table.userId.asc().nullsLast().op(\"text_ops\"), table.type.asc().nullsLast().op(\"uuid_ops\"), table.to.asc().nullsLast().op(\"text_ops\"), table.code.asc().nullsLast().op(\"text_ops\")),\n\tforeignKey({\n\t\t\tcolumns: [table.tenantId],\n\t\t\tforeignColumns: [tenantsInIam.id],\n\t\t\tname: \"verifications_tenant_id_fkey\"\n\t\t}).onUpdate(\"cascade\").onDelete(\"cascade\"),\n\tforeignKey({\n\t\t\tcolumns: [table.userId],\n\t\t\tforeignColumns: [usersInIam.id],\n\t\t\tname: \"verifications_user_id_fkey\"\n\t\t}).onUpdate(\"cascade\").onDelete(\"cascade\"),\n\tpgPolicy(\"tenant_isolation\", { as: \"permissive\", for: \"all\", to: [\"public\"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),\n\tcheck(\"verifications_attempt_nonnegative_check\", sql`attempt >= 0`),\n\tcheck(\"verifications_expires_after_created_check\", sql`expires_at > created_at`),\n]);\n\nexport const sessionsInIam = iam.table(\"sessions\", {\n\tid: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),\n\ttenantId: varchar(\"tenant_id\", { length: 30 }).notNull(),\n\tcreatedAt: timestamp(\"created_at\", { withTimezone: true, mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),\n\tupdatedAt: timestamp(\"updated_at\", { withTimezone: true, mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),\n\tuserId: uuid(\"user_id\").notNull(),\n\texpiresAt: timestamp(\"expires_at\", { withTimezone: true, mode: 'string' }).notNull(),\n\tuserAgent: text(\"user_agent\"),\n\tip: inet(),\n\tmeta: jsonb(),\n\ttoken: text().notNull(),\n\trotatedAt: timestamp(\"rotated_at\", { withTimezone: true, mode: 'string' }).default(sql`CURRENT_TIMESTAMP`),\n}, (table) => [\n\tindex(\"sessions_expires_at_idx\").using(\"btree\", table.expiresAt.asc().nullsLast().op(\"timestamptz_ops\")),\n\tindex(\"sessions_tenant_user_idx\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"uuid_ops\"), table.userId.asc().nullsLast().op(\"text_ops\")),\n\tforeignKey({\n\t\t\tcolumns: [table.tenantId],\n\t\t\tforeignColumns: [tenantsInIam.id],\n\t\t\tname: \"sessions_tenant_id_fkey\"\n\t\t}).onUpdate(\"cascade\").onDelete(\"cascade\"),\n\tforeignKey({\n\t\t\tcolumns: [table.userId],\n\t\t\tforeignColumns: [usersInIam.id],\n\t\t\tname: \"sessions_user_id_fkey\"\n\t\t}).onUpdate(\"cascade\").onDelete(\"cascade\"),\n\tunique(\"sessions_token_key\").on(table.token),\n\tpgPolicy(\"tenant_isolation\", { as: \"permissive\", for: \"all\", to: [\"public\"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),\n\tcheck(\"sessions_expires_after_created_check\", sql`expires_at > created_at`),\n]);\n\nexport const accountChangesInIam = iam.table(\"account_changes\", {\n\tid: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),\n\ttenantId: varchar(\"tenant_id\", { length: 30 }).notNull(),\n\tuserId: uuid(\"user_id\").notNull(),\n\tcreatedAt: timestamp(\"created_at\", { withTimezone: true, mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),\n\tupdatedAt: timestamp(\"updated_at\", { withTimezone: true, mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),\n\tchangeType: text(\"change_type\").notNull(),\n\toldEmail: varchar(\"old_email\"),\n\tnewEmail: varchar(\"new_email\"),\n\toldPhone: text(\"old_phone\"),\n\tnewPhone: text(\"new_phone\"),\n\tstatus: varchar().notNull(),\n\texpiresAt: timestamp(\"expires_at\", { withTimezone: true, mode: 'string' }).notNull(),\n\tconfirmedAt: timestamp(\"confirmed_at\", { withTimezone: true, mode: 'string' }),\n\tcancelledAt: timestamp(\"cancelled_at\", { withTimezone: true, mode: 'string' }),\n\treason: text(),\n}, (table) => [\n\tindex(\"account_changes_expires_at_idx\").using(\"btree\", table.expiresAt.asc().nullsLast().op(\"timestamptz_ops\")),\n\tindex(\"account_changes_tenant_user_status_idx\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"uuid_ops\"), table.userId.asc().nullsLast().op(\"text_ops\"), table.status.asc().nullsLast().op(\"uuid_ops\")),\n\tindex(\"idx_account_changes_expired\").using(\"btree\", table.expiresAt.asc().nullsLast().op(\"text_ops\"), table.status.asc().nullsLast().op(\"text_ops\")).where(sql`((status)::text = 'pending'::text)`),\n\tforeignKey({\n\t\t\tcolumns: [table.tenantId],\n\t\t\tforeignColumns: [tenantsInIam.id],\n\t\t\tname: \"account_changes_tenant_id_fkey\"\n\t\t}).onUpdate(\"cascade\").onDelete(\"cascade\"),\n\tforeignKey({\n\t\t\tcolumns: [table.userId],\n\t\t\tforeignColumns: [usersInIam.id],\n\t\t\tname: \"account_changes_user_id_fkey\"\n\t\t}).onUpdate(\"cascade\").onDelete(\"cascade\"),\n\tpgPolicy(\"tenant_isolation\", { as: \"permissive\", for: \"all\", to: [\"public\"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),\n\tcheck(\"account_changes_expires_after_created_check\", sql`expires_at > created_at`),\n\tcheck(\"account_changes_change_type_check\", sql`((change_type = 'EMAIL'::text) AND (old_email IS NOT NULL) AND (new_email IS NOT NULL) AND (old_phone IS NULL) AND (new_phone IS NULL)) OR ((change_type = 'PHONE'::text) AND (old_phone IS NOT NULL) AND (new_phone IS NOT NULL) AND (old_email IS NULL) AND (new_email IS NULL))`),\n\tcheck(\"account_changes_status_check\", sql`(status)::text = ANY (ARRAY[('PENDING'::character varying)::text, ('APPLIED'::character varying)::text, ('CANCELLED'::character varying)::text, ('EXPIRED'::character varying)::text])`),\n]);\n\nexport const tenantsInIam = iam.table(\"tenants\", {\n\tid: varchar({ length: 30 }).primaryKey().notNull(),\n\tcreatedAt: timestamp(\"created_at\", { withTimezone: true, mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),\n\tupdatedAt: timestamp(\"updated_at\", { withTimezone: true, mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),\n\tname: jsonb().notNull(),\n\tdescription: jsonb(),\n\ttheme: jsonb(),\n\tsupportedLanguages: jsonb(\"supported_languages\"),\n\tdefaultLanguage: text(\"default_language\"),\n\tsupportedCurrency: jsonb(\"supported_currency\"),\n\tdefaultCurrency: text(\"default_currency\"),\n\ttimezone: text(),\n\tisActive: boolean(\"is_active\").default(true).notNull(),\n\tlocale: jsonb(),\n\tsettings: jsonb(),\n\tseo: jsonb(),\n}, (table) => [\n\tindex(\"tenants_is_active_idx\").using(\"btree\", table.isActive.asc().nullsLast().op(\"bool_ops\")),\n]);\n\nexport const rolePermissionsInIam = iam.table(\"role_permissions\", {\n\tid: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),\n\ttenantId: varchar(\"tenant_id\", { length: 30 }).notNull(),\n\tpermissionId: text(\"permission_id\").notNull(),\n\troleId: uuid(\"role_id\").notNull(),\n}, (table) => [\n\tindex(\"idx_role_permissions_permission_id\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"text_ops\"), table.permissionId.asc().nullsLast().op(\"text_ops\")),\n\tforeignKey({\n\t\t\tcolumns: [table.tenantId],\n\t\t\tforeignColumns: [tenantsInIam.id],\n\t\t\tname: \"role_permissions_tenant_id_fkey\"\n\t\t}).onUpdate(\"cascade\").onDelete(\"cascade\"),\n\tforeignKey({\n\t\t\tcolumns: [table.permissionId],\n\t\t\tforeignColumns: [permissionsInIam.id],\n\t\t\tname: \"role_permissions_permission_id_fkey\"\n\t\t}).onUpdate(\"cascade\").onDelete(\"cascade\"),\n\tforeignKey({\n\t\t\tcolumns: [table.tenantId, table.roleId],\n\t\t\tforeignColumns: [rolesInIam.tenantId, rolesInIam.id],\n\t\t\tname: \"role_permissions_tenant_role_fkey\"\n\t\t}).onDelete(\"cascade\"),\n\tunique(\"role_permissions_tenant_role_permission_unique\").on(table.tenantId, table.permissionId, table.roleId),\n\tpgPolicy(\"tenant_isolation\", { as: \"permissive\", for: \"all\", to: [\"public\"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),\n]);\n\nexport const permissionsInIam = iam.table(\"permissions\", {\n\tid: text().primaryKey().notNull(),\n\tdescription: jsonb().notNull(),\n\tactivity: text().notNull(),\n\tapplication: text().notNull(),\n\tfeature: text().notNull(),\n}, (table) => [\n\tunique(\"permissions_activity_application_feature_key\").on(table.activity, table.application, table.feature),\n]);\n\nexport const accountsInIam = iam.table(\"accounts\", {\n\tid: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),\n\ttenantId: varchar(\"tenant_id\", { length: 30 }).notNull(),\n\tuserId: uuid(\"user_id\").notNull(),\n\tprovider: text().notNull(),\n\tproviderAccountId: text(\"provider_account_id\").notNull(),\n\tpassword: text(),\n\tpasswordLastChangedAt: timestamp(\"password_last_changed_at\", { withTimezone: true, mode: 'string' }),\n\tidToken: text(\"id_token\"),\n\taccessToken: text(\"access_token\"),\n\taccessTokenExpiresAt: timestamp(\"access_token_expires_at\", { withTimezone: true, mode: 'string' }),\n\trefreshToken: text(\"refresh_token\"),\n\trefreshTokenExpiresAt: timestamp(\"refresh_token_expires_at\", { withTimezone: true, mode: 'string' }),\n\tscope: text(),\n\texpiresAt: timestamp(\"expires_at\", { withTimezone: true, mode: 'string' }),\n\tmeta: jsonb(),\n}, (table) => [\n\tindex(\"idx_accounts_provider_lookup\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"text_ops\"), table.provider.asc().nullsLast().op(\"text_ops\"), table.providerAccountId.asc().nullsLast().op(\"text_ops\")),\n\tindex(\"idx_accounts_user_id\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"text_ops\"), table.userId.asc().nullsLast().op(\"text_ops\")),\n\tforeignKey({\n\t\t\tcolumns: [table.tenantId],\n\t\t\tforeignColumns: [tenantsInIam.id],\n\t\t\tname: \"accounts_tenant_id_fkey\"\n\t\t}).onUpdate(\"cascade\").onDelete(\"cascade\"),\n\tforeignKey({\n\t\t\tcolumns: [table.userId],\n\t\t\tforeignColumns: [usersInIam.id],\n\t\t\tname: \"accounts_user_id_fkey\"\n\t\t}).onUpdate(\"cascade\").onDelete(\"cascade\"),\n\tunique(\"accounts_tenant_provider_account_unique\").on(table.tenantId, table.provider, table.providerAccountId),\n\tpgPolicy(\"tenant_isolation\", { as: \"permissive\", for: \"all\", to: [\"public\"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),\n]);\n\nexport const usersInIam = iam.table(\"users\", {\n\tid: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),\n\ttenantId: varchar(\"tenant_id\", { length: 30 }).notNull(),\n\tcreatedAt: timestamp(\"created_at\", { withTimezone: true, mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),\n\tupdatedAt: timestamp(\"updated_at\", { withTimezone: true, mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),\n\tfullName: text(\"full_name\").notNull(),\n\timage: text(),\n\tphone: text(),\n\temail: text(),\n\thandle: text().notNull(),\n\temailVerified: boolean(\"email_verified\").default(false).notNull(),\n\tphoneVerified: boolean(\"phone_verified\").default(false).notNull(),\n\tbannedUntil: timestamp(\"banned_until\", { withTimezone: true, mode: 'string' }),\n\tlastSignInAt: timestamp(\"last_sign_in_at\", { withTimezone: true, mode: 'string' }),\n\tloginAttempt: smallint(\"login_attempt\").default(0).notNull(),\n\tuserType: text(\"user_type\").array().default([\"RAY\"]).notNull(),\n}, (table) => [\n\tindex(\"idx_users_auth_lookup\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"bool_ops\"), table.email.asc().nullsLast().op(\"bool_ops\"), table.id.asc().nullsLast().op(\"timestamptz_ops\"), table.emailVerified.asc().nullsLast().op(\"timestamptz_ops\"), table.bannedUntil.asc().nullsLast().op(\"uuid_ops\")).where(sql`(email IS NOT NULL)`),\n\tindex(\"idx_users_email_lookup\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"text_ops\"), table.email.asc().nullsLast().op(\"text_ops\")).where(sql`(email IS NOT NULL)`),\n\tindex(\"idx_users_handle_lookup\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"text_ops\"), table.handle.asc().nullsLast().op(\"text_ops\")),\n\tindex(\"idx_users_phone_lookup\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"text_ops\"), table.phone.asc().nullsLast().op(\"text_ops\")).where(sql`(phone IS NOT NULL)`),\n\tindex(\"idx_users_tenant_email_unique\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"text_ops\"), table.email.asc().nullsLast().op(\"text_ops\")).where(sql`(email IS NOT NULL)`),\n\tindex(\"idx_users_tenant_is_admin\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"text_ops\")).where(sql`(user_type @> ARRAY['admin'::text])`),\n\tindex(\"idx_users_tenant_is_candidate\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"text_ops\")).where(sql`(user_type @> ARRAY['candidate'::text])`),\n\tindex(\"idx_users_tenant_is_employee\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"text_ops\")).where(sql`(user_type @> ARRAY['employee'::text])`),\n\tindex(\"idx_users_user_types_gin\").using(\"gin\", table.userType.asc().nullsLast().op(\"array_ops\")),\n\tuniqueIndex(\"users_tenant_lower_email_idx\").using(\"btree\", sql`tenant_id`, sql`lower(email)`),\n\tuniqueIndex(\"users_tenant_lower_handle_idx\").using(\"btree\", sql`tenant_id`, sql`lower(handle)`),\n\tforeignKey({\n\t\t\tcolumns: [table.tenantId],\n\t\t\tforeignColumns: [tenantsInIam.id],\n\t\t\tname: \"users_tenant_id_fkey\"\n\t\t}).onUpdate(\"cascade\").onDelete(\"cascade\"),\n\tunique(\"users_tenant_phone_key\").on(table.tenantId, table.phone),\n\tpgPolicy(\"tenant_isolation\", { as: \"permissive\", for: \"all\", to: [\"public\"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),\n\tcheck(\"users_login_attempt_nonnegative_check\", sql`login_attempt >= 0`),\n\tcheck(\"users_contact_required_check\", sql`(email IS NOT NULL) OR (phone IS NOT NULL)`),\n\tcheck(\"users_user_type_check\", sql`user_type <@ ARRAY['candidate'::text, 'employee'::text, 'admin'::text]`),\n]);\n\nexport const rolesInIam = iam.table(\"roles\", {\n\ttenantId: varchar(\"tenant_id\", { length: 30 }).notNull(),\n\tcreatedAt: timestamp(\"created_at\", { withTimezone: true, mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),\n\tupdatedAt: timestamp(\"updated_at\", { withTimezone: true, mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),\n\tname: jsonb().notNull(),\n\tdescription: jsonb().notNull(),\n\tcode: text().notNull(),\n\tid: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),\n\tisSystem: boolean(\"is_system\").default(false).notNull(),\n\tisEditable: boolean(\"is_editable\").default(true).notNull(),\n\tisDeletable: boolean(\"is_deletable\").default(true).notNull(),\n}, (table) => [\n\tforeignKey({\n\t\t\tcolumns: [table.tenantId],\n\t\t\tforeignColumns: [tenantsInIam.id],\n\t\t\tname: \"roles_tenant_id_fkey\"\n\t\t}).onUpdate(\"cascade\").onDelete(\"cascade\"),\n\tunique(\"roles_tenant_code_unique\").on(table.tenantId, table.code),\n\tunique(\"roles_tenant_id_unique\").on(table.tenantId, table.id),\n\tpgPolicy(\"tenant_isolation\", { as: \"permissive\", for: \"all\", to: [\"public\"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),\n]);\n\nexport const userRolesInIam = iam.table(\"user_roles\", {\n\tid: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),\n\ttenantId: varchar(\"tenant_id\", { length: 30 }).notNull(),\n\tuserId: uuid(\"user_id\").notNull(),\n\troleId: uuid(\"role_id\").notNull(),\n}, (table) => [\n\tindex(\"idx_user_roles_tenant_user\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"text_ops\"), table.userId.asc().nullsLast().op(\"uuid_ops\")),\n\tforeignKey({\n\t\t\tcolumns: [table.tenantId],\n\t\t\tforeignColumns: [tenantsInIam.id],\n\t\t\tname: \"user_roles_tenant_id_fkey\"\n\t\t}).onUpdate(\"cascade\").onDelete(\"cascade\"),\n\tforeignKey({\n\t\t\tcolumns: [table.userId],\n\t\t\tforeignColumns: [usersInIam.id],\n\t\t\tname: \"user_roles_user_id_fkey\"\n\t\t}).onUpdate(\"cascade\").onDelete(\"cascade\"),\n\tforeignKey({\n\t\t\tcolumns: [table.tenantId, table.roleId],\n\t\t\tforeignColumns: [rolesInIam.tenantId, rolesInIam.id],\n\t\t\tname: \"user_roles_tenant_role_fkey\"\n\t\t}).onDelete(\"cascade\"),\n\tunique(\"user_roles_tenant_user_role_unique\").on(table.tenantId, table.userId, table.roleId),\n\tpgPolicy(\"tenant_isolation\", { as: \"permissive\", for: \"all\", to: [\"public\"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),\n]);\n\nexport const domainsInIam = iam.table(\"domains\", {\n\tid: uuid().default(sql`uuid_generate_v7()`).primaryKey().notNull(),\n\ttenantId: varchar(\"tenant_id\", { length: 30 }).notNull(),\n\tdomain: text().notNull(),\n\tstatus: text().default('pending').notNull(),\n\tmeta: jsonb(),\n\tisPrimary: boolean(\"is_primary\").default(false).notNull(),\n\tcreatedAt: timestamp(\"created_at\", { withTimezone: true, mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),\n\tupdatedAt: timestamp(\"updated_at\", { withTimezone: true, mode: 'string' }).default(sql`CURRENT_TIMESTAMP`).notNull(),\n}, (table) => [\n\tuniqueIndex(\"domains_domain_unique_idx\").using(\"btree\", sql`lower(domain)`),\n\tuniqueIndex(\"domains_primary_per_tenant_idx\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"text_ops\")).where(sql`(is_primary = true)`),\n\tindex(\"domains_tenant_status_idx\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"text_ops\"), table.status.asc().nullsLast().op(\"text_ops\")),\n\tindex(\"idx_domains_tenant_domain_status\").using(\"btree\", table.tenantId.asc().nullsLast().op(\"text_ops\"), table.domain.asc().nullsLast().op(\"text_ops\"), table.status.asc().nullsLast().op(\"text_ops\")),\n\tforeignKey({\n\t\t\tcolumns: [table.tenantId],\n\t\t\tforeignColumns: [tenantsInIam.id],\n\t\t\tname: \"domains_tenant_id_fkey\"\n\t\t}).onUpdate(\"cascade\").onDelete(\"cascade\"),\n\tpgPolicy(\"tenant_isolation\", { as: \"permissive\", for: \"all\", to: [\"public\"], using: sql`((tenant_id)::text = (iam.current_tenant_id())::text)`, withCheck: sql`((tenant_id)::text = (iam.current_tenant_id())::text)` }),\n\tcheck(\"domains_domain_format_check\", sql`domain ~ '^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)+$'::text`),\n\tcheck(\"domains_status_check\", sql`status = ANY (ARRAY['PENDING'::text, 'ACTIVE'::text, 'DISABLED'::text, 'DELETED'::text])`),\n]);\n","import { and, eq, sql } from 'drizzle-orm';\nimport type { Database } from '../index';\nimport { domainsInIam, tenantsInIam } from '../schema';\n\nexport const findTenantByDomain = async (\n database: Database,\n hostname: string,\n): Promise<string | null> => {\n const lowerHostname = hostname.toLowerCase();\n const [domain] = await database\n .select({\n tenantId: domainsInIam.tenantId,\n })\n .from(domainsInIam)\n .where(\n and(\n sql`lower(${domainsInIam.domain}) = ${lowerHostname}`,\n eq(domainsInIam.status, 'active'),\n ),\n )\n .limit(1);\n\n return domain?.tenantId || null;\n};\n\nexport type Tenant = {\n id: string;\n name: unknown;\n description: unknown;\n isActive: boolean;\n};\n\nexport const findTenantById = async (\n database: Database,\n tenantId: string,\n): Promise<Tenant | null> => {\n const [tenant] = await database\n .select({\n id: tenantsInIam.id,\n name: tenantsInIam.name,\n description: tenantsInIam.description,\n isActive: tenantsInIam.isActive,\n })\n .from(tenantsInIam)\n .where(eq(tenantsInIam.id, tenantId))\n .limit(1);\n\n return tenant || null;\n};\n","import { and, eq } from 'drizzle-orm';\nimport { getUserAuthSelect } from '../../lib/user-auth-select';\nimport type { User } from '../../types';\nimport { usersInIam } from '../schema';\nimport type { FetchUserWithRolesParams } from './types';\n\nexport const fetchUserWithRoles = async ({\n database,\n userId,\n tenantId,\n}: FetchUserWithRolesParams): Promise<User | null> => {\n const [userResult] = await database\n .select({\n id: usersInIam.id,\n tenantId: usersInIam.tenantId,\n fullName: usersInIam.fullName,\n email: usersInIam.email,\n phone: usersInIam.phone,\n handle: usersInIam.handle,\n image: usersInIam.image,\n emailVerified: usersInIam.emailVerified,\n phoneVerified: usersInIam.phoneVerified,\n lastSignInAt: usersInIam.lastSignInAt,\n bannedUntil: usersInIam.bannedUntil,\n ...getUserAuthSelect(tenantId),\n })\n .from(usersInIam)\n .where(and(eq(usersInIam.id, userId), eq(usersInIam.tenantId, tenantId)))\n .limit(1);\n return (userResult as User) || null;\n};\n","import { and, eq, sql } from 'drizzle-orm';\nimport {\n permissionsInIam,\n rolePermissionsInIam,\n rolesInIam,\n userRolesInIam,\n usersInIam,\n} from '../db/schema';\n\nexport function getUserAuthSelect(tenantId: string) {\n return {\n roles: sql<string[] | null>`COALESCE(\n (\n select array_to_json(array_agg(distinct \"iam\".\"roles\".\"id\"))\n from ${userRolesInIam}\n inner join ${rolesInIam}\n on ${and(\n eq(rolesInIam.tenantId, userRolesInIam.tenantId),\n eq(rolesInIam.id, userRolesInIam.roleId),\n )}\n where ${and(\n eq(userRolesInIam.tenantId, tenantId),\n eq(userRolesInIam.userId, usersInIam.id),\n )}\n ),\n '[]'::json\n )`,\n roleCodes: sql<string[] | null>`COALESCE(\n (\n select array_to_json(array_agg(distinct ${rolesInIam.code}))\n from ${userRolesInIam}\n inner join ${rolesInIam}\n on ${and(\n eq(rolesInIam.tenantId, userRolesInIam.tenantId),\n eq(rolesInIam.id, userRolesInIam.roleId),\n )}\n where ${and(\n eq(userRolesInIam.tenantId, tenantId),\n eq(userRolesInIam.userId, usersInIam.id),\n )}\n ),\n '[]'::json\n )`,\n permissions: sql<string[] | null>`COALESCE(\n (\n select array_to_json(array_agg(distinct \"iam\".\"permissions\".\"id\"))\n from ${userRolesInIam}\n inner join ${rolePermissionsInIam}\n on ${and(\n eq(rolePermissionsInIam.tenantId, userRolesInIam.tenantId),\n eq(rolePermissionsInIam.roleId, userRolesInIam.roleId),\n )}\n inner join ${permissionsInIam}\n on ${eq(permissionsInIam.id, rolePermissionsInIam.permissionId)}\n where ${and(\n eq(userRolesInIam.tenantId, tenantId),\n eq(userRolesInIam.userId, usersInIam.id),\n )}\n ),\n '[]'::json\n )`,\n };\n}\n","import type { Context } from 'hono';\nimport { deleteCookie as honoDel, setCookie as honoSet } from 'hono/cookie';\nimport type { AuthConfig } from '../types';\n\nconst isProduction = process.env.NODE_ENV === 'production';\n\n/** Namespace for session cookie + session KV cache (`{ns}:sc:v1:…`). */\nexport const getSessionKeyNamespace = (config: AuthConfig): string => {\n const p = config.prefix?.trim();\n return p && p.length > 0 ? p : 'msb';\n};\n\nexport const getSessionCookieName = (config: AuthConfig): string => {\n const prefix = config.prefix?.trim() || '';\n const baseName = 'session_token';\n if (prefix) {\n return `${prefix}_${baseName}`;\n }\n return isProduction ? '__Host-session_token' : baseName;\n};\n\nexport type CookieOptions = {\n expires?: Date;\n path?: string;\n};\n\nexport const setSessionCookie = (\n c: Context,\n token: string,\n config: AuthConfig,\n options: CookieOptions,\n) => {\n const cookieName = getSessionCookieName(config);\n const cookieOptions = {\n httpOnly: true,\n secure: isProduction,\n sameSite: 'Lax' as const,\n path: options.path || '/',\n expires: options.expires,\n ...(isProduction && { domain: undefined }), // __Host- requires no domain\n };\n\n honoSet(c, cookieName, token, cookieOptions);\n};\n\nexport const deleteSessionCookie = (c: Context, config: AuthConfig) => {\n const cookieName = getSessionCookieName(config);\n honoDel(c, cookieName, {\n httpOnly: true,\n secure: isProduction,\n sameSite: 'Lax' as const,\n path: '/',\n expires: new Date(0),\n });\n};\n","import type { Database } from '../db';\nimport { listHashedTokensForUser } from '../db/orm';\nimport type { AuthConfig, Session, User } from '../types';\nimport { getSessionKeyNamespace } from './cookie';\n\nexport type SessionCachePayload = {\n session: Session;\n user: User;\n};\n\nexport const sessionCacheKey = (\n config: AuthConfig,\n hashedToken: string,\n): string => `${getSessionKeyNamespace(config)}:sc:v1:${hashedToken}`;\n\nexport async function readSessionCache(\n config: AuthConfig,\n hashedToken: string,\n): Promise<SessionCachePayload | null> {\n const sc = config.sessionCache;\n if (!sc?.enabled) {\n return null;\n }\n const raw = await sc.kv.get(sessionCacheKey(config, hashedToken));\n if (!raw) {\n return null;\n }\n try {\n const parsed = JSON.parse(raw) as SessionCachePayload;\n if (\n !parsed?.session?.expiresAt ||\n new Date(parsed.session.expiresAt) <= new Date()\n ) {\n await sc.kv.delete(sessionCacheKey(config, hashedToken));\n return null;\n }\n return parsed;\n } catch {\n await sc.kv.delete(sessionCacheKey(config, hashedToken));\n return null;\n }\n}\n\nexport async function writeSessionCache(\n config: AuthConfig,\n hashedToken: string,\n payload: SessionCachePayload,\n): Promise<void> {\n const sc = config.sessionCache;\n if (!sc?.enabled) {\n return;\n }\n const ttl =\n sc.ttlSeconds ??\n Math.max(\n 60,\n Math.ceil(\n (new Date(payload.session.expiresAt).getTime() - Date.now()) / 1000,\n ),\n );\n await sc.kv.put(\n sessionCacheKey(config, hashedToken),\n JSON.stringify(payload),\n {\n expirationTtl: Math.min(Math.max(ttl, 60), 2_147_483_647),\n },\n );\n}\n\nexport async function deleteSessionCacheKeys(\n config: AuthConfig,\n hashedTokens: string[],\n): Promise<void> {\n const sc = config.sessionCache;\n if (!sc?.enabled || hashedTokens.length === 0) {\n return;\n }\n await Promise.all(\n hashedTokens.map((t) => sc.kv.delete(sessionCacheKey(config, t))),\n );\n}\n\nexport async function invalidateSessionCacheForHashedToken(\n config: AuthConfig,\n hashedToken: string,\n): Promise<void> {\n await deleteSessionCacheKeys(config, [hashedToken]);\n}\n\nexport async function invalidateSessionCacheForUser(\n config: AuthConfig,\n database: Database,\n userId: string,\n tenantId: string,\n): Promise<void> {\n const tokens = await listHashedTokensForUser({\n database,\n userId,\n tenantId,\n });\n await deleteSessionCacheKeys(config, tokens);\n}\n","import type { Database } from '../db';\nimport {\n deleteSession,\n fetchSessionByToken,\n fetchUserWithRoles,\n} from '../db/orm';\nimport type { AuthConfig, Session, User } from '../types';\nimport { readSessionCache, writeSessionCache } from './session-cache';\n\nexport async function loadSessionPair(\n database: Database,\n config: AuthConfig,\n hashedToken: string,\n): Promise<{ session: Session; user: User } | null> {\n const cached = await readSessionCache(config, hashedToken);\n if (cached) {\n return { session: cached.session, user: cached.user };\n }\n\n const session = await fetchSessionByToken({\n database,\n hashedToken,\n tenantId: config.tenant?.tenantId || 'tenant',\n });\n if (!session) {\n return null;\n }\n\n const user = await fetchUserWithRoles({\n database,\n userId: session.userId,\n tenantId: session.tenantId,\n });\n if (!user) {\n await deleteSession({\n database,\n sessionId: session.id,\n tenantId: session.tenantId,\n });\n return null;\n }\n\n await writeSessionCache(config, hashedToken, { session, user });\n return { session, user };\n}\n"],"mappings":";AAAA,SAAS,KAAK,IAAI,UAAU;;;ACA5B,SAAkB,UAAU,OAAO,YAAY,UAAU,OAAO,MAAM,SAAS,WAAW,MAAM,UAAU,QAAQ,MAAM,OAAO,SAAS,mBAAmB;AAC3J,SAAS,WAAW;AAEb,IAAM,MAAM,SAAS,KAAK;AAG1B,IAAM,qBAAqB,IAAI,MAAM,iBAAiB;AAAA,EAC5D,IAAI,KAAK,EAAE,QAAQ,uBAAuB,EAAE,WAAW,EAAE,QAAQ;AAAA,EACjE,UAAU,QAAQ,aAAa,EAAE,QAAQ,GAAG,CAAC,EAAE,QAAQ;AAAA,EACvD,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ,sBAAsB,EAAE,QAAQ;AAAA,EACnH,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ,sBAAsB,EAAE,QAAQ;AAAA,EACnH,QAAQ,KAAK,SAAS,EAAE,QAAQ;AAAA,EAChC,MAAM,KAAK,EAAE,QAAQ;AAAA,EACrB,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ;AAAA,EACnF,MAAM,KAAK;AAAA,EACX,SAAS,SAAS,EAAE,QAAQ,CAAC;AAAA,EAC7B,IAAI,KAAK;AACV,GAAG,CAAC,UAAU;AAAA,EACb,MAAM,8BAA8B,EAAE,MAAM,SAAS,MAAM,UAAU,IAAI,EAAE,UAAU,EAAE,GAAG,iBAAiB,CAAC;AAAA,EAC5G,MAAM,0BAA0B,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,OAAO,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,KAAK,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,GAAG,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,KAAK,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;AAAA,EACpR,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,QAAQ;AAAA,IACxB,gBAAgB,CAAC,aAAa,EAAE;AAAA,IAChC,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS,EAAE,SAAS,SAAS;AAAA,EAC1C,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,MAAM;AAAA,IACtB,gBAAgB,CAAC,WAAW,EAAE;AAAA,IAC9B,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS,EAAE,SAAS,SAAS;AAAA,EAC1C,SAAS,oBAAoB,EAAE,IAAI,cAAc,KAAK,OAAO,IAAI,CAAC,QAAQ,GAAG,OAAO,4DAA4D,WAAW,2DAA4D,CAAC;AAAA,EACxN,MAAM,2CAA2C,iBAAiB;AAAA,EAClE,MAAM,6CAA6C,4BAA4B;AAChF,CAAC;AAEM,IAAM,gBAAgB,IAAI,MAAM,YAAY;AAAA,EAClD,IAAI,KAAK,EAAE,QAAQ,uBAAuB,EAAE,WAAW,EAAE,QAAQ;AAAA,EACjE,UAAU,QAAQ,aAAa,EAAE,QAAQ,GAAG,CAAC,EAAE,QAAQ;AAAA,EACvD,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ,sBAAsB,EAAE,QAAQ;AAAA,EACnH,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ,sBAAsB,EAAE,QAAQ;AAAA,EACnH,QAAQ,KAAK,SAAS,EAAE,QAAQ;AAAA,EAChC,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ;AAAA,EACnF,WAAW,KAAK,YAAY;AAAA,EAC5B,IAAI,KAAK;AAAA,EACT,MAAM,MAAM;AAAA,EACZ,OAAO,KAAK,EAAE,QAAQ;AAAA,EACtB,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ,sBAAsB;AAC1G,GAAG,CAAC,UAAU;AAAA,EACb,MAAM,yBAAyB,EAAE,MAAM,SAAS,MAAM,UAAU,IAAI,EAAE,UAAU,EAAE,GAAG,iBAAiB,CAAC;AAAA,EACvG,MAAM,0BAA0B,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,OAAO,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;AAAA,EAC/I,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,QAAQ;AAAA,IACxB,gBAAgB,CAAC,aAAa,EAAE;AAAA,IAChC,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS,EAAE,SAAS,SAAS;AAAA,EAC1C,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,MAAM;AAAA,IACtB,gBAAgB,CAAC,WAAW,EAAE;AAAA,IAC9B,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS,EAAE,SAAS,SAAS;AAAA,EAC1C,OAAO,oBAAoB,EAAE,GAAG,MAAM,KAAK;AAAA,EAC3C,SAAS,oBAAoB,EAAE,IAAI,cAAc,KAAK,OAAO,IAAI,CAAC,QAAQ,GAAG,OAAO,4DAA4D,WAAW,2DAA4D,CAAC;AAAA,EACxN,MAAM,wCAAwC,4BAA4B;AAC3E,CAAC;AAEM,IAAM,sBAAsB,IAAI,MAAM,mBAAmB;AAAA,EAC/D,IAAI,KAAK,EAAE,QAAQ,uBAAuB,EAAE,WAAW,EAAE,QAAQ;AAAA,EACjE,UAAU,QAAQ,aAAa,EAAE,QAAQ,GAAG,CAAC,EAAE,QAAQ;AAAA,EACvD,QAAQ,KAAK,SAAS,EAAE,QAAQ;AAAA,EAChC,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ,sBAAsB,EAAE,QAAQ;AAAA,EACnH,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ,sBAAsB,EAAE,QAAQ;AAAA,EACnH,YAAY,KAAK,aAAa,EAAE,QAAQ;AAAA,EACxC,UAAU,QAAQ,WAAW;AAAA,EAC7B,UAAU,QAAQ,WAAW;AAAA,EAC7B,UAAU,KAAK,WAAW;AAAA,EAC1B,UAAU,KAAK,WAAW;AAAA,EAC1B,QAAQ,QAAQ,EAAE,QAAQ;AAAA,EAC1B,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ;AAAA,EACnF,aAAa,UAAU,gBAAgB,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC;AAAA,EAC7E,aAAa,UAAU,gBAAgB,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC;AAAA,EAC7E,QAAQ,KAAK;AACd,GAAG,CAAC,UAAU;AAAA,EACb,MAAM,gCAAgC,EAAE,MAAM,SAAS,MAAM,UAAU,IAAI,EAAE,UAAU,EAAE,GAAG,iBAAiB,CAAC;AAAA,EAC9G,MAAM,wCAAwC,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,OAAO,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,OAAO,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;AAAA,EAC5M,MAAM,6BAA6B,EAAE,MAAM,SAAS,MAAM,UAAU,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,OAAO,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,EAAE,MAAM,uCAAuC;AAAA,EAClM,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,QAAQ;AAAA,IACxB,gBAAgB,CAAC,aAAa,EAAE;AAAA,IAChC,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS,EAAE,SAAS,SAAS;AAAA,EAC1C,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,MAAM;AAAA,IACtB,gBAAgB,CAAC,WAAW,EAAE;AAAA,IAC9B,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS,EAAE,SAAS,SAAS;AAAA,EAC1C,SAAS,oBAAoB,EAAE,IAAI,cAAc,KAAK,OAAO,IAAI,CAAC,QAAQ,GAAG,OAAO,4DAA4D,WAAW,2DAA4D,CAAC;AAAA,EACxN,MAAM,+CAA+C,4BAA4B;AAAA,EACjF,MAAM,qCAAqC,uRAAuR;AAAA,EAClU,MAAM,gCAAgC,2LAA2L;AAClO,CAAC;AAEM,IAAM,eAAe,IAAI,MAAM,WAAW;AAAA,EAChD,IAAI,QAAQ,EAAE,QAAQ,GAAG,CAAC,EAAE,WAAW,EAAE,QAAQ;AAAA,EACjD,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ,sBAAsB,EAAE,QAAQ;AAAA,EACnH,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ,sBAAsB,EAAE,QAAQ;AAAA,EACnH,MAAM,MAAM,EAAE,QAAQ;AAAA,EACtB,aAAa,MAAM;AAAA,EACnB,OAAO,MAAM;AAAA,EACb,oBAAoB,MAAM,qBAAqB;AAAA,EAC/C,iBAAiB,KAAK,kBAAkB;AAAA,EACxC,mBAAmB,MAAM,oBAAoB;AAAA,EAC7C,iBAAiB,KAAK,kBAAkB;AAAA,EACxC,UAAU,KAAK;AAAA,EACf,UAAU,QAAQ,WAAW,EAAE,QAAQ,IAAI,EAAE,QAAQ;AAAA,EACrD,QAAQ,MAAM;AAAA,EACd,UAAU,MAAM;AAAA,EAChB,KAAK,MAAM;AACZ,GAAG,CAAC,UAAU;AAAA,EACb,MAAM,uBAAuB,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;AAC9F,CAAC;AAEM,IAAM,uBAAuB,IAAI,MAAM,oBAAoB;AAAA,EACjE,IAAI,KAAK,EAAE,QAAQ,uBAAuB,EAAE,WAAW,EAAE,QAAQ;AAAA,EACjE,UAAU,QAAQ,aAAa,EAAE,QAAQ,GAAG,CAAC,EAAE,QAAQ;AAAA,EACvD,cAAc,KAAK,eAAe,EAAE,QAAQ;AAAA,EAC5C,QAAQ,KAAK,SAAS,EAAE,QAAQ;AACjC,GAAG,CAAC,UAAU;AAAA,EACb,MAAM,oCAAoC,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,aAAa,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;AAAA,EAC/J,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,QAAQ;AAAA,IACxB,gBAAgB,CAAC,aAAa,EAAE;AAAA,IAChC,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS,EAAE,SAAS,SAAS;AAAA,EAC1C,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,YAAY;AAAA,IAC5B,gBAAgB,CAAC,iBAAiB,EAAE;AAAA,IACpC,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS,EAAE,SAAS,SAAS;AAAA,EAC1C,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,UAAU,MAAM,MAAM;AAAA,IACtC,gBAAgB,CAAC,WAAW,UAAU,WAAW,EAAE;AAAA,IACnD,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS;AAAA,EACtB,OAAO,gDAAgD,EAAE,GAAG,MAAM,UAAU,MAAM,cAAc,MAAM,MAAM;AAAA,EAC5G,SAAS,oBAAoB,EAAE,IAAI,cAAc,KAAK,OAAO,IAAI,CAAC,QAAQ,GAAG,OAAO,4DAA4D,WAAW,2DAA4D,CAAC;AACzN,CAAC;AAEM,IAAM,mBAAmB,IAAI,MAAM,eAAe;AAAA,EACxD,IAAI,KAAK,EAAE,WAAW,EAAE,QAAQ;AAAA,EAChC,aAAa,MAAM,EAAE,QAAQ;AAAA,EAC7B,UAAU,KAAK,EAAE,QAAQ;AAAA,EACzB,aAAa,KAAK,EAAE,QAAQ;AAAA,EAC5B,SAAS,KAAK,EAAE,QAAQ;AACzB,GAAG,CAAC,UAAU;AAAA,EACb,OAAO,8CAA8C,EAAE,GAAG,MAAM,UAAU,MAAM,aAAa,MAAM,OAAO;AAC3G,CAAC;AAEM,IAAM,gBAAgB,IAAI,MAAM,YAAY;AAAA,EAClD,IAAI,KAAK,EAAE,QAAQ,uBAAuB,EAAE,WAAW,EAAE,QAAQ;AAAA,EACjE,UAAU,QAAQ,aAAa,EAAE,QAAQ,GAAG,CAAC,EAAE,QAAQ;AAAA,EACvD,QAAQ,KAAK,SAAS,EAAE,QAAQ;AAAA,EAChC,UAAU,KAAK,EAAE,QAAQ;AAAA,EACzB,mBAAmB,KAAK,qBAAqB,EAAE,QAAQ;AAAA,EACvD,UAAU,KAAK;AAAA,EACf,uBAAuB,UAAU,4BAA4B,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC;AAAA,EACnG,SAAS,KAAK,UAAU;AAAA,EACxB,aAAa,KAAK,cAAc;AAAA,EAChC,sBAAsB,UAAU,2BAA2B,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC;AAAA,EACjG,cAAc,KAAK,eAAe;AAAA,EAClC,uBAAuB,UAAU,4BAA4B,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC;AAAA,EACnG,OAAO,KAAK;AAAA,EACZ,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC;AAAA,EACzE,MAAM,MAAM;AACb,GAAG,CAAC,UAAU;AAAA,EACb,MAAM,8BAA8B,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,kBAAkB,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;AAAA,EAC/M,MAAM,sBAAsB,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,OAAO,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;AAAA,EAC3I,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,QAAQ;AAAA,IACxB,gBAAgB,CAAC,aAAa,EAAE;AAAA,IAChC,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS,EAAE,SAAS,SAAS;AAAA,EAC1C,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,MAAM;AAAA,IACtB,gBAAgB,CAAC,WAAW,EAAE;AAAA,IAC9B,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS,EAAE,SAAS,SAAS;AAAA,EAC1C,OAAO,yCAAyC,EAAE,GAAG,MAAM,UAAU,MAAM,UAAU,MAAM,iBAAiB;AAAA,EAC5G,SAAS,oBAAoB,EAAE,IAAI,cAAc,KAAK,OAAO,IAAI,CAAC,QAAQ,GAAG,OAAO,4DAA4D,WAAW,2DAA4D,CAAC;AACzN,CAAC;AAEM,IAAM,aAAa,IAAI,MAAM,SAAS;AAAA,EAC5C,IAAI,KAAK,EAAE,QAAQ,uBAAuB,EAAE,WAAW,EAAE,QAAQ;AAAA,EACjE,UAAU,QAAQ,aAAa,EAAE,QAAQ,GAAG,CAAC,EAAE,QAAQ;AAAA,EACvD,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ,sBAAsB,EAAE,QAAQ;AAAA,EACnH,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ,sBAAsB,EAAE,QAAQ;AAAA,EACnH,UAAU,KAAK,WAAW,EAAE,QAAQ;AAAA,EACpC,OAAO,KAAK;AAAA,EACZ,OAAO,KAAK;AAAA,EACZ,OAAO,KAAK;AAAA,EACZ,QAAQ,KAAK,EAAE,QAAQ;AAAA,EACvB,eAAe,QAAQ,gBAAgB,EAAE,QAAQ,KAAK,EAAE,QAAQ;AAAA,EAChE,eAAe,QAAQ,gBAAgB,EAAE,QAAQ,KAAK,EAAE,QAAQ;AAAA,EAChE,aAAa,UAAU,gBAAgB,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC;AAAA,EAC7E,cAAc,UAAU,mBAAmB,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC;AAAA,EACjF,cAAc,SAAS,eAAe,EAAE,QAAQ,CAAC,EAAE,QAAQ;AAAA,EAC3D,UAAU,KAAK,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE,QAAQ;AAC9D,GAAG,CAAC,UAAU;AAAA,EACb,MAAM,uBAAuB,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,MAAM,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,GAAG,IAAI,EAAE,UAAU,EAAE,GAAG,iBAAiB,GAAG,MAAM,cAAc,IAAI,EAAE,UAAU,EAAE,GAAG,iBAAiB,GAAG,MAAM,YAAY,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,EAAE,MAAM,wBAAwB;AAAA,EAC9U,MAAM,wBAAwB,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,MAAM,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,EAAE,MAAM,wBAAwB;AAAA,EAC5K,MAAM,yBAAyB,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,OAAO,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;AAAA,EAC9I,MAAM,wBAAwB,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,MAAM,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,EAAE,MAAM,wBAAwB;AAAA,EAC5K,MAAM,+BAA+B,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,MAAM,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,EAAE,MAAM,wBAAwB;AAAA,EACnL,MAAM,2BAA2B,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,EAAE,MAAM,wCAAwC;AAAA,EACjJ,MAAM,+BAA+B,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,EAAE,MAAM,4CAA4C;AAAA,EACzJ,MAAM,8BAA8B,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,EAAE,MAAM,2CAA2C;AAAA,EACvJ,MAAM,0BAA0B,EAAE,MAAM,OAAO,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,WAAW,CAAC;AAAA,EAC/F,YAAY,8BAA8B,EAAE,MAAM,SAAS,gBAAgB,iBAAiB;AAAA,EAC5F,YAAY,+BAA+B,EAAE,MAAM,SAAS,gBAAgB,kBAAkB;AAAA,EAC9F,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,QAAQ;AAAA,IACxB,gBAAgB,CAAC,aAAa,EAAE;AAAA,IAChC,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS,EAAE,SAAS,SAAS;AAAA,EAC1C,OAAO,wBAAwB,EAAE,GAAG,MAAM,UAAU,MAAM,KAAK;AAAA,EAC/D,SAAS,oBAAoB,EAAE,IAAI,cAAc,KAAK,OAAO,IAAI,CAAC,QAAQ,GAAG,OAAO,4DAA4D,WAAW,2DAA4D,CAAC;AAAA,EACxN,MAAM,yCAAyC,uBAAuB;AAAA,EACtE,MAAM,gCAAgC,+CAA+C;AAAA,EACrF,MAAM,yBAAyB,2EAA2E;AAC3G,CAAC;AAEM,IAAM,aAAa,IAAI,MAAM,SAAS;AAAA,EAC5C,UAAU,QAAQ,aAAa,EAAE,QAAQ,GAAG,CAAC,EAAE,QAAQ;AAAA,EACvD,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ,sBAAsB,EAAE,QAAQ;AAAA,EACnH,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ,sBAAsB,EAAE,QAAQ;AAAA,EACnH,MAAM,MAAM,EAAE,QAAQ;AAAA,EACtB,aAAa,MAAM,EAAE,QAAQ;AAAA,EAC7B,MAAM,KAAK,EAAE,QAAQ;AAAA,EACrB,IAAI,KAAK,EAAE,QAAQ,uBAAuB,EAAE,WAAW,EAAE,QAAQ;AAAA,EACjE,UAAU,QAAQ,WAAW,EAAE,QAAQ,KAAK,EAAE,QAAQ;AAAA,EACtD,YAAY,QAAQ,aAAa,EAAE,QAAQ,IAAI,EAAE,QAAQ;AAAA,EACzD,aAAa,QAAQ,cAAc,EAAE,QAAQ,IAAI,EAAE,QAAQ;AAC5D,GAAG,CAAC,UAAU;AAAA,EACb,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,QAAQ;AAAA,IACxB,gBAAgB,CAAC,aAAa,EAAE;AAAA,IAChC,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS,EAAE,SAAS,SAAS;AAAA,EAC1C,OAAO,0BAA0B,EAAE,GAAG,MAAM,UAAU,MAAM,IAAI;AAAA,EAChE,OAAO,wBAAwB,EAAE,GAAG,MAAM,UAAU,MAAM,EAAE;AAAA,EAC5D,SAAS,oBAAoB,EAAE,IAAI,cAAc,KAAK,OAAO,IAAI,CAAC,QAAQ,GAAG,OAAO,4DAA4D,WAAW,2DAA4D,CAAC;AACzN,CAAC;AAEM,IAAM,iBAAiB,IAAI,MAAM,cAAc;AAAA,EACrD,IAAI,KAAK,EAAE,QAAQ,uBAAuB,EAAE,WAAW,EAAE,QAAQ;AAAA,EACjE,UAAU,QAAQ,aAAa,EAAE,QAAQ,GAAG,CAAC,EAAE,QAAQ;AAAA,EACvD,QAAQ,KAAK,SAAS,EAAE,QAAQ;AAAA,EAChC,QAAQ,KAAK,SAAS,EAAE,QAAQ;AACjC,GAAG,CAAC,UAAU;AAAA,EACb,MAAM,4BAA4B,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,OAAO,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;AAAA,EACjJ,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,QAAQ;AAAA,IACxB,gBAAgB,CAAC,aAAa,EAAE;AAAA,IAChC,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS,EAAE,SAAS,SAAS;AAAA,EAC1C,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,MAAM;AAAA,IACtB,gBAAgB,CAAC,WAAW,EAAE;AAAA,IAC9B,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS,EAAE,SAAS,SAAS;AAAA,EAC1C,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,UAAU,MAAM,MAAM;AAAA,IACtC,gBAAgB,CAAC,WAAW,UAAU,WAAW,EAAE;AAAA,IACnD,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS;AAAA,EACtB,OAAO,oCAAoC,EAAE,GAAG,MAAM,UAAU,MAAM,QAAQ,MAAM,MAAM;AAAA,EAC1F,SAAS,oBAAoB,EAAE,IAAI,cAAc,KAAK,OAAO,IAAI,CAAC,QAAQ,GAAG,OAAO,4DAA4D,WAAW,2DAA4D,CAAC;AACzN,CAAC;AAEM,IAAM,eAAe,IAAI,MAAM,WAAW;AAAA,EAChD,IAAI,KAAK,EAAE,QAAQ,uBAAuB,EAAE,WAAW,EAAE,QAAQ;AAAA,EACjE,UAAU,QAAQ,aAAa,EAAE,QAAQ,GAAG,CAAC,EAAE,QAAQ;AAAA,EACvD,QAAQ,KAAK,EAAE,QAAQ;AAAA,EACvB,QAAQ,KAAK,EAAE,QAAQ,SAAS,EAAE,QAAQ;AAAA,EAC1C,MAAM,MAAM;AAAA,EACZ,WAAW,QAAQ,YAAY,EAAE,QAAQ,KAAK,EAAE,QAAQ;AAAA,EACxD,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ,sBAAsB,EAAE,QAAQ;AAAA,EACnH,WAAW,UAAU,cAAc,EAAE,cAAc,MAAM,MAAM,SAAS,CAAC,EAAE,QAAQ,sBAAsB,EAAE,QAAQ;AACpH,GAAG,CAAC,UAAU;AAAA,EACb,YAAY,2BAA2B,EAAE,MAAM,SAAS,kBAAkB;AAAA,EAC1E,YAAY,gCAAgC,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC,EAAE,MAAM,wBAAwB;AAAA,EAC5I,MAAM,2BAA2B,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,OAAO,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;AAAA,EAChJ,MAAM,kCAAkC,EAAE,MAAM,SAAS,MAAM,SAAS,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,OAAO,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,GAAG,MAAM,OAAO,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;AAAA,EACtM,WAAW;AAAA,IACT,SAAS,CAAC,MAAM,QAAQ;AAAA,IACxB,gBAAgB,CAAC,aAAa,EAAE;AAAA,IAChC,MAAM;AAAA,EACP,CAAC,EAAE,SAAS,SAAS,EAAE,SAAS,SAAS;AAAA,EAC1C,SAAS,oBAAoB,EAAE,IAAI,cAAc,KAAK,OAAO,IAAI,CAAC,QAAQ,GAAG,OAAO,4DAA4D,WAAW,2DAA4D,CAAC;AAAA,EACxN,MAAM,+BAA+B,yGAAyG;AAAA,EAC9I,MAAM,wBAAwB,6FAA6F;AAC5H,CAAC;;;ADjSM,IAAM,sBAAsB,OAAO;AAAA,EACxC;AAAA,EACA;AAAA,EACA;AACF,MAA0D;AACxD,QAAM,CAAC,aAAa,IAAI,MAAM,SAC3B,OAAO;AAAA,IACN,IAAI,cAAc;AAAA,IAClB,UAAU,cAAc;AAAA,IACxB,QAAQ,cAAc;AAAA,IACtB,WAAW,cAAc;AAAA,IACzB,WAAW,cAAc;AAAA,IACzB,MAAM,cAAc;AAAA,EACtB,CAAC,EACA,KAAK,aAAa,EAClB;AAAA,IACC;AAAA,MACE,GAAG,cAAc,OAAO,WAAW;AAAA,MACnC,GAAG,cAAc,YAAW,oBAAI,KAAK,GAAE,YAAY,CAAC;AAAA,MACpD,GAAG,cAAc,UAAU,QAAQ;AAAA,IACrC;AAAA,EACF,EACC,MAAM,CAAC;AAEV,MAAI,CAAC,eAAe;AAClB,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH,MAAM,cAAc;AAAA,EACtB;AACF;AA4BO,IAAM,gBAAgB,OAAO;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AACF,MAA0C;AACxC,QAAM,SACH,OAAO,aAAa,EACpB;AAAA,IACC;AAAA,MACE,GAAG,cAAc,IAAI,SAAS;AAAA,MAC9B,GAAG,cAAc,UAAU,QAAQ;AAAA,IACrC;AAAA,EACF;AACJ;;;AEpFA,SAAS,OAAAA,MAAK,MAAAC,KAAI,OAAAC,YAAW;;;ACA7B,SAAS,OAAAC,MAAK,MAAAC,WAAU;;;ACAxB,SAAS,OAAAC,MAAK,MAAAC,KAAI,OAAAC,YAAW;AAStB,SAAS,kBAAkB,UAAkB;AAClD,SAAO;AAAA,IACL,OAAOC;AAAA;AAAA;AAAA,eAGI,cAAc;AAAA,qBACR,UAAU;AAAA,eAChBC;AAAA,MACHC,IAAG,WAAW,UAAU,eAAe,QAAQ;AAAA,MAC/CA,IAAG,WAAW,IAAI,eAAe,MAAM;AAAA,IACzC,CAAC;AAAA,gBACKD;AAAA,MACNC,IAAG,eAAe,UAAU,QAAQ;AAAA,MACpCA,IAAG,eAAe,QAAQ,WAAW,EAAE;AAAA,IACzC,CAAC;AAAA;AAAA;AAAA;AAAA,IAIL,WAAWF;AAAA;AAAA,kDAEmC,WAAW,IAAI;AAAA,eAClD,cAAc;AAAA,qBACR,UAAU;AAAA,eAChBC;AAAA,MACHC,IAAG,WAAW,UAAU,eAAe,QAAQ;AAAA,MAC/CA,IAAG,WAAW,IAAI,eAAe,MAAM;AAAA,IACzC,CAAC;AAAA,gBACKD;AAAA,MACNC,IAAG,eAAe,UAAU,QAAQ;AAAA,MACpCA,IAAG,eAAe,QAAQ,WAAW,EAAE;AAAA,IACzC,CAAC;AAAA;AAAA;AAAA;AAAA,IAIL,aAAaF;AAAA;AAAA;AAAA,eAGF,cAAc;AAAA,qBACR,oBAAoB;AAAA,eAC1BC;AAAA,MACHC,IAAG,qBAAqB,UAAU,eAAe,QAAQ;AAAA,MACzDA,IAAG,qBAAqB,QAAQ,eAAe,MAAM;AAAA,IACvD,CAAC;AAAA,qBACU,gBAAgB;AAAA,eACtBA,IAAG,iBAAiB,IAAI,qBAAqB,YAAY,CAAC;AAAA,gBACzDD;AAAA,MACNC,IAAG,eAAe,UAAU,QAAQ;AAAA,MACpCA,IAAG,eAAe,QAAQ,WAAW,EAAE;AAAA,IACzC,CAAC;AAAA;AAAA;AAAA;AAAA,EAIP;AACF;;;ADxDO,IAAM,qBAAqB,OAAO;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AACF,MAAsD;AACpD,QAAM,CAAC,UAAU,IAAI,MAAM,SACxB,OAAO;AAAA,IACN,IAAI,WAAW;AAAA,IACf,UAAU,WAAW;AAAA,IACrB,UAAU,WAAW;AAAA,IACrB,OAAO,WAAW;AAAA,IAClB,OAAO,WAAW;AAAA,IAClB,QAAQ,WAAW;AAAA,IACnB,OAAO,WAAW;AAAA,IAClB,eAAe,WAAW;AAAA,IAC1B,eAAe,WAAW;AAAA,IAC1B,cAAc,WAAW;AAAA,IACzB,aAAa,WAAW;AAAA,IACxB,GAAG,kBAAkB,QAAQ;AAAA,EAC/B,CAAC,EACA,KAAK,UAAU,EACf,MAAMC,KAAIC,IAAG,WAAW,IAAI,MAAM,GAAGA,IAAG,WAAW,UAAU,QAAQ,CAAC,CAAC,EACvE,MAAM,CAAC;AACV,SAAQ,cAAuB;AACjC;;;AE7BA,SAAS,gBAAgB,SAAS,aAAa,eAAe;AAG9D,IAAM,eAAe,QAAQ,IAAI,aAAa;AAGvC,IAAM,yBAAyB,CAAC,WAA+B;AACpE,QAAM,IAAI,OAAO,QAAQ,KAAK;AAC9B,SAAO,KAAK,EAAE,SAAS,IAAI,IAAI;AACjC;;;ACAO,IAAM,kBAAkB,CAC7B,QACA,gBACW,GAAG,uBAAuB,MAAM,CAAC,UAAU,WAAW;AAEnE,eAAsB,iBACpB,QACA,aACqC;AACrC,QAAM,KAAK,OAAO;AAClB,MAAI,CAAC,IAAI,SAAS;AAChB,WAAO;AAAA,EACT;AACA,QAAM,MAAM,MAAM,GAAG,GAAG,IAAI,gBAAgB,QAAQ,WAAW,CAAC;AAChE,MAAI,CAAC,KAAK;AACR,WAAO;AAAA,EACT;AACA,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,GAAG;AAC7B,QACE,CAAC,QAAQ,SAAS,aAClB,IAAI,KAAK,OAAO,QAAQ,SAAS,KAAK,oBAAI,KAAK,GAC/C;AACA,YAAM,GAAG,GAAG,OAAO,gBAAgB,QAAQ,WAAW,CAAC;AACvD,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT,QAAQ;AACN,UAAM,GAAG,GAAG,OAAO,gBAAgB,QAAQ,WAAW,CAAC;AACvD,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,kBACpB,QACA,aACA,SACe;AACf,QAAM,KAAK,OAAO;AAClB,MAAI,CAAC,IAAI,SAAS;AAChB;AAAA,EACF;AACA,QAAM,MACJ,GAAG,cACH,KAAK;AAAA,IACH;AAAA,IACA,KAAK;AAAA,OACF,IAAI,KAAK,QAAQ,QAAQ,SAAS,EAAE,QAAQ,IAAI,KAAK,IAAI,KAAK;AAAA,IACjE;AAAA,EACF;AACF,QAAM,GAAG,GAAG;AAAA,IACV,gBAAgB,QAAQ,WAAW;AAAA,IACnC,KAAK,UAAU,OAAO;AAAA,IACtB;AAAA,MACE,eAAe,KAAK,IAAI,KAAK,IAAI,KAAK,EAAE,GAAG,UAAa;AAAA,IAC1D;AAAA,EACF;AACF;;;AC1DA,eAAsB,gBACpB,UACA,QACA,aACkD;AAClD,QAAM,SAAS,MAAM,iBAAiB,QAAQ,WAAW;AACzD,MAAI,QAAQ;AACV,WAAO,EAAE,SAAS,OAAO,SAAS,MAAM,OAAO,KAAK;AAAA,EACtD;AAEA,QAAM,UAAU,MAAM,oBAAoB;AAAA,IACxC;AAAA,IACA;AAAA,IACA,UAAU,OAAO,QAAQ,YAAY;AAAA,EACvC,CAAC;AACD,MAAI,CAAC,SAAS;AACZ,WAAO;AAAA,EACT;AAEA,QAAM,OAAO,MAAM,mBAAmB;AAAA,IACpC;AAAA,IACA,QAAQ,QAAQ;AAAA,IAChB,UAAU,QAAQ;AAAA,EACpB,CAAC;AACD,MAAI,CAAC,MAAM;AACT,UAAM,cAAc;AAAA,MAClB;AAAA,MACA,WAAW,QAAQ;AAAA,MACnB,UAAU,QAAQ;AAAA,IACpB,CAAC;AACD,WAAO;AAAA,EACT;AAEA,QAAM,kBAAkB,QAAQ,aAAa,EAAE,SAAS,KAAK,CAAC;AAC9D,SAAO,EAAE,SAAS,KAAK;AACzB;","names":["and","eq","sql","and","eq","and","eq","sql","sql","and","eq","and","eq"]}

package/dist/lib/normalize-auth-response.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { U as User, c as Session } from '../index-CDgzxZzO.js';
+import { U as User, f as Session } from '../index-v_uxUd8A.js';
 import 'hono';
 import '@hono/zod-openapi';
 import '@mesob/common';
@@ -8,7 +8,7 @@ import 'drizzle-orm';
 import 'drizzle-orm/pg-core';
 import 'pg';
-declare const normalizeAuthUser: (user: Pick<User, "id" | "tenantId" | "fullName" | "email" | "phone" | "image" | "emailVerified" | "phoneVerified">) => {
+declare const normalizeAuthUser: (user: Pick<User, "id" | "tenantId" | "fullName" | "email" | "phone" | "image" | "emailVerified" | "phoneVerified"> & Pick<Partial<User>, "roles" | "roleCodes" | "permissions">) => {
     id: string;
     tenantId: string;
     fullName: string;
@@ -17,6 +17,9 @@ declare const normalizeAuthUser: (user: Pick<User, "id" | "tenantId" | "fullName
     image: string | null;
     emailVerified: boolean;
     phoneVerified: boolean;
+    roles: string[] | null;
+    roleCodes: string[] | null;
+    permissions: string[] | null;
 };
 declare const normalizeAuthSession: (session: Pick<Session, "id" | "expiresAt"> | null) => {
     id: string;