@monocloud/auth-nextjs 0.1.6 → 0.1.8

package/dist/{protect-K9srvUkq.mjs → protect-client-page-BFVskb3X.mjs}

@@ -11,32 +11,33 @@ const fetchUser = async (url) => {
 };
 /**
 *
-* Hook for getting the user's profile on client components
+* `useAuth()` is a client-side hook that provides access to the current authentication state.
 *
-* @returns Authentication State
+* It can only be used inside **Client Components**.
 *
-* @example App Router
-*
-* ```tsx
+* @example Basic Usage
+* ```tsx title="Basic Usage"
 * "use client";
 *
 * import { useAuth } from "@monocloud/auth-nextjs/client";
 *
 * export default function Home() {
-*   const { user } = useAuth();
+*   const { user, isAuthenticated } = useAuth();
+*
+*   if (!isAuthenticated) {
+*     return <>Not signed in</>;
+*   }
 *
 *   return <>User Id: {user?.sub}</>;
 * }
 * ```
 *
-* @example App Router - Refetch user from Userinfo endpoint
+* @example Refetch user
 *
-* Calling `refetch(true)` will force refresh the user's profile from the userinfo endpoint.
-* If you do not intent to refersh from your tenants userinfo endpoint, use just `refetch()`
+* Calling `refetch(true)` forces a refresh of the user profile from the `UserInfo` endpoint.
+* Calling `refetch()` refreshes authentication state without forcing a `UserInfo` request.
 *
-* **Note⚠️: You need to set the env `MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES=true` or `allowQueryParamOverrides` should be `true` in the client initialization for force refresh to work**
-*
-* ```tsx
+* ```tsx title="Refetch User"
 * "use client";
 *
 * import { useAuth } from "@monocloud/auth-nextjs/client";
@@ -46,47 +47,16 @@ const fetchUser = async (url) => {
 *
 *   return (
 *     <>
-*       <pre>{JSON.stringify(user)}</pre>
-*       <button onClick={() => refetch(true)}>Refresh</button>
+*       <pre>{JSON.stringify(user, null, 2)}</pre>
+*       <button onClick={() => refetch(true)}>Refresh Profile</button>
 *     </>
 *   );
 * }
 * ```
 *
-* @example Pages Router
-*
-* ```tsx
-* import { useAuth } from "@monocloud/auth-nextjs/client";
-*
-* export default function Home() {
-*   const { user } = useAuth();
-*
-*   return <>User Id: {user?.sub}</>;
-* }
-* ```
-*
-* @example Pages Router - Refetch user from Userinfo endpoint
-*
-*  Calling `refetch(true)` will force refresh the user's profile from the userinfo endpoint.
-* If you do not intent to refersh from your tenants userinfo endpoint, use just `refetch()`
-*
-* **Note⚠️: You need to set the env `MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES=true` or `allowQueryParamOverrides` should be `true` in the client initialization for force refresh to work**
-*
-* ```tsx
-* import { useAuth } from "@monocloud/auth-nextjs/client";
-*
-* export default function Home() {
-*   const { user, refetch } = useAuth();
-*
-*   return (
-*     <>
-*       <pre>{JSON.stringify(user)}</pre>
-*       <button onClick={() => refetch(true)}>Refresh</button>
-*     </>
-*   );
-* }
-* ```
+* @returns
 *
+* @category Hooks
 */
 const useAuth = () => {
 	const key = process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_USER_INFO_URL ?? `${process.env.__NEXT_ROUTER_BASEPATH ?? ""}/api/auth/userinfo`;
@@ -120,7 +90,7 @@ const useAuth = () => {
 };
 
 //#endregion
-//#region src/client/protect.tsx
+//#region src/client/protect-client-page.tsx
 const redirectToSignIn = (options) => {
 	const searchParams = new URLSearchParams(window.location.search);
 	searchParams.set("return_url", options.returnUrl ?? window.location.toString());
@@ -142,54 +112,53 @@ const handlePageError = (error, options) => {
 	throw error;
 };
 /**
-* Function to protect a client rendered page component.
-* Ensures that only authenticated users can access the component.
-*
-* **Note⚠️: Since `window.location` is set as `returnUrl` query param by default, you need to set the env `MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES=true` or `allowQueryParamOverrides` should be `true` in the client initialization for returning to the same page.**
+* `protectClientPage()` wraps a **client-rendered page component** and ensures that only authenticated users can access it.
 *
-* @param Component - The component to protect.
-* @param options - The options.
+* If the user is authenticated, the wrapped component receives a `user` prop.
 *
-* @returns Protected client rendered page component.
+* > This function runs on the client and controls rendering only.
+* > To enforce access before rendering (server-side), use the server {@link MonoCloudNextClient.protectPage | protectPage()} method on {@link MonoCloudNextClient}.
 *
-* @example App Router
+* @example Basic Usage
 *
-* ```tsx
+* ```tsx title="Basic Usage"
 * "use client";
 *
-* import { protectPage } from "@monocloud/auth-nextjs/client";
+* import { protectClientPage } from "@monocloud/auth-nextjs/client";
 *
-* export default protectPage(function Home() {
-*   return <>You are signed in</>;
+* export default protectClientPage(function Home({ user }) {
+*   return <>Signed in as {user.email}</>;
 * });
 * ```
 *
-* @example App Router with options
-*
-* See {@link ProtectPageOptions} for more options.
+* @example With Options
 *
-* ```tsx
+* ```tsx title="With Options"
 * "use client";
 *
-* import { protectPage } from "@monocloud/auth-nextjs/client";
+* import { protectClientPage } from "@monocloud/auth-nextjs/client";
 *
-* export default protectPage(
-*   function Home() {
-*     return <>You are signed in</>;
+* export default protectClientPage(
+*   function Home({ user }) {
+*     return <>Signed in as {user.email}</>;
 *   },
-*   { returnUrl: "/dashboard", authParams: { loginHint: "username" } }
+*   {
+*     returnUrl: "/dashboard",
+*     authParams: { loginHint: "user@example.com" }
+*   }
 * );
 * ```
-* @example Fallback with onAccessDenied
 *
-* ```tsx
+* @example Custom access denied UI
+*
+* ```tsx title="Custom access denied UI"
 * "use client";
 *
-* import { protectPage } from "@monocloud/auth-nextjs/client";
+* import { protectClientPage } from "@monocloud/auth-nextjs/client";
 *
-* export default protectPage(
-*   function Home() {
-*     return <>You are signed in</>;
+* export default protectClientPage(
+*   function Home({ user }) {
+*     return <>Signed in as {user.email}</>;
 *   },
 *   {
 *    onAccessDenied: () => <div>Please sign in to continue</div>
@@ -197,16 +166,16 @@ const handlePageError = (error, options) => {
 * );
 * ```
 *
-* @example Group Protection with onGroupAccessDenied
+* @example Group protection
 *
-* ```tsx
+* ```tsx title="Group protection"
 * "use client";
 *
-* import { protectPage } from "@monocloud/auth-nextjs/client";
+* import { protectClientPage } from "@monocloud/auth-nextjs/client";
 *
-* export default protectPage(
-*   function Home() {
-*     return <>Welcome Admin</>;
+* export default protectClientPage(
+*   function Home({ user }) {
+*     return <>Welcome Admin {user.email}</>;
 *   },
 *   {
 *    groups: ["admin"],
@@ -215,32 +184,15 @@ const handlePageError = (error, options) => {
 * );
 * ```
 *
-* @example Pages Router
-*
-* ```tsx
-* import { protectPage } from "@monocloud/auth-nextjs/client";
-*
-* export default protectPage(function Home() {
-*   return <>You are signed in</>;
-* });
-* ```
-*
-* @example Pages Router with options
-*
-* See {@link ProtectPageOptions} for more options.
+* @param Component - The page component to protect
+* @typeParam P - Props of the protected component (excluding `user`).
+* @param options - Optional configuration
+* @returns A protected React component.
 *
-* ```tsx
-* import { protectPage } from "@monocloud/auth-nextjs/client";
+* @category Functions
 *
-* export default protectPage(
-*   function Home() {
-*     return <>You are signed in</>;
-*   },
-*   { returnUrl: "/dashboard", authParams: { loginHint: "username" } }
-* );
-* ```
 */
-const protectPage = (Component, options) => {
+const protectClientPage = (Component, options) => {
 	return (props) => {
 		const { user, error, isLoading } = useAuth();
 		useEffect(() => {
@@ -274,5 +226,5 @@ const protectPage = (Component, options) => {
 };
 
 //#endregion
-export { redirectToSignIn as n, useAuth as r, protectPage as t };
-//# sourceMappingURL=protect-K9srvUkq.mjs.map
+export { redirectToSignIn as n, useAuth as r, protectClientPage as t };
+//# sourceMappingURL=protect-client-page-BFVskb3X.mjs.map

package/dist/protect-client-page-BFVskb3X.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"protect-client-page-BFVskb3X.mjs","names":[],"sources":["../src/client/use-auth.tsx","../src/client/protect-client-page.tsx"],"sourcesContent":["'use client';\n\nimport type { MonoCloudUser } from '@monocloud/auth-node-core';\nimport useSWR from 'swr';\n\n/**\n * Authentication State returned by `useAuth` hook.\n *\n * @category Types\n */\nexport interface AuthenticationState {\n  /**\n   * Flag indicating if the authentication state is still loading.\n   */\n  isLoading: boolean;\n  /**\n   * Flag indicating if the user is authenticated.\n   */\n  isAuthenticated: boolean;\n  /**\n   * Error encountered during authentication, if any.\n   */\n  error?: Error;\n  /**\n   *  The authenticated user's information, if available.\n   */\n  user?: MonoCloudUser;\n  /**\n   * Function to refetch the authentication state.\n   *\n   */\n  refetch: (refresh?: boolean) => void;\n}\n\nconst fetchUser = async (url: string): Promise<MonoCloudUser | undefined> => {\n  const res = await fetch(url, { credentials: 'include' });\n\n  if (res.status === 204) {\n    return undefined;\n  }\n\n  if (res.ok) {\n    return res.json();\n  }\n\n  throw new Error('Failed to fetch user');\n};\n\n/**\n *\n * `useAuth()` is a client-side hook that provides access to the current authentication state.\n *\n * It can only be used inside **Client Components**.\n *\n * @example Basic Usage\n * ```tsx title=\"Basic Usage\"\n * \"use client\";\n *\n * import { useAuth } from \"@monocloud/auth-nextjs/client\";\n *\n * export default function Home() {\n *   const { user, isAuthenticated } = useAuth();\n *\n *   if (!isAuthenticated) {\n *     return <>Not signed in</>;\n *   }\n *\n *   return <>User Id: {user?.sub}</>;\n * }\n * ```\n *\n * @example Refetch user\n *\n * Calling `refetch(true)` forces a refresh of the user profile from the `UserInfo` endpoint.\n * Calling `refetch()` refreshes authentication state without forcing a `UserInfo` request.\n *\n * ```tsx title=\"Refetch User\"\n * \"use client\";\n *\n * import { useAuth } from \"@monocloud/auth-nextjs/client\";\n *\n * export default function Home() {\n *   const { user, refetch } = useAuth();\n *\n *   return (\n *     <>\n *       <pre>{JSON.stringify(user, null, 2)}</pre>\n *       <button onClick={() => refetch(true)}>Refresh Profile</button>\n *     </>\n *   );\n * }\n * ```\n *\n * @returns\n *\n * @category Hooks\n */\nexport const useAuth = (): AuthenticationState => {\n  const key =\n    process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_USER_INFO_URL ??\n    // eslint-disable-next-line no-underscore-dangle\n    `${process.env.__NEXT_ROUTER_BASEPATH ?? ''}/api/auth/userinfo`;\n\n  const { data, error, isLoading, mutate } = useSWR<MonoCloudUser | undefined>(\n    key,\n    fetchUser\n  );\n\n  const refetch = (refresh?: boolean): void => {\n    const url = new URL(key, 'https://dummy');\n    if (refresh) {\n      url.searchParams.set('refresh', 'true');\n    }\n\n    void mutate(async () => await fetchUser(url.pathname + url.search), {\n      revalidate: false,\n    });\n  };\n\n  if (error) {\n    return {\n      user: undefined,\n      isLoading: false,\n      isAuthenticated: false,\n      error: error as Error,\n      refetch,\n    };\n  }\n\n  if (data) {\n    return {\n      user: data,\n      isLoading,\n      isAuthenticated: !!data && Object.keys(data).length > 0,\n      error: undefined,\n      refetch,\n    };\n  }\n\n  return {\n    user: undefined,\n    isLoading,\n    isAuthenticated: false,\n    error: undefined,\n    /* v8 ignore next -- @preserve */\n    refetch: (): void => {},\n  };\n};\n","/* eslint-disable react/display-name */\n'use client';\n\nimport React, { ComponentType, useEffect } from 'react';\nimport type { MonoCloudUser } from '@monocloud/auth-node-core';\nimport { isUserInGroup } from '@monocloud/auth-node-core/utils';\nimport { useAuth } from './use-auth';\nimport { ExtraAuthParams, GroupOptions } from '../types';\nimport type { MonoCloudNextClient } from '../monocloud-next-client';\n\n/**\n * Options for configuring page protection.\n *\n * @category Types\n */\nexport interface ProtectClientPageOptions extends GroupOptions {\n  /**\n   * The URL where the user will be redirected to after sign in.\n   */\n  returnUrl?: string;\n\n  /**\n   * A custom react element to render when the user is not authenticated.\n   */\n  onAccessDenied?: () => React.ReactNode;\n\n  /**\n   * A custom react element to render when the user is authenticated but does not belong to the required groups.\n   */\n  onGroupAccessDenied?: (user: MonoCloudUser) => React.ReactNode;\n\n  /**\n   * Authorization parameters to be used during authentication.\n   */\n  authParams?: ExtraAuthParams;\n\n  /**\n   * Callback function to handle errors.\n   * If not provided, errors will be thrown.\n   *\n   * @param error - The error object.\n   * @returns JSX element to handle the error.\n   */\n  onError?: (error: Error) => React.ReactNode;\n}\n\nexport const redirectToSignIn = (\n  options: { returnUrl?: string } & ExtraAuthParams\n): void => {\n  const searchParams = new URLSearchParams(window.location.search);\n  searchParams.set(\n    'return_url',\n    options.returnUrl ?? window.location.toString()\n  );\n\n  if (options?.scopes) {\n    searchParams.set('scope', options.scopes);\n  }\n  if (options?.resource) {\n    searchParams.set('resource', options.resource);\n  }\n\n  if (options?.acrValues) {\n    searchParams.set('acr_values', options.acrValues.join(' '));\n  }\n\n  if (options?.display) {\n    searchParams.set('display', options.display);\n  }\n\n  if (options?.prompt) {\n    searchParams.set('prompt', options.prompt);\n  }\n\n  if (options?.authenticatorHint) {\n    searchParams.set('authenticator_hint', options.authenticatorHint);\n  }\n\n  if (options?.uiLocales) {\n    searchParams.set('ui_locales', options.uiLocales);\n  }\n\n  if (options?.maxAge) {\n    searchParams.set('max_age', options.maxAge.toString());\n  }\n\n  if (options?.loginHint) {\n    searchParams.set('login_hint', options.loginHint);\n  }\n\n  window.location.assign(\n    // eslint-disable-next-line no-underscore-dangle\n    `${process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_SIGNIN_URL ?? `${process.env.__NEXT_ROUTER_BASEPATH ?? ''}/api/auth/signin`}?${searchParams.toString()}`\n  );\n};\n\nconst handlePageError = (\n  error: Error,\n  options?: ProtectClientPageOptions\n): React.ReactNode => {\n  /* v8 ignore else -- @preserve */\n  if (options?.onError) {\n    return options.onError(error);\n  }\n\n  /* v8 ignore next -- @preserve */\n  throw error;\n};\n\n/**\n * `protectClientPage()` wraps a **client-rendered page component** and ensures that only authenticated users can access it.\n *\n * If the user is authenticated, the wrapped component receives a `user` prop.\n *\n * > This function runs on the client and controls rendering only.\n * > To enforce access before rendering (server-side), use the server {@link MonoCloudNextClient.protectPage | protectPage()} method on {@link MonoCloudNextClient}.\n *\n * @example Basic Usage\n *\n * ```tsx title=\"Basic Usage\"\n * \"use client\";\n *\n * import { protectClientPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectClientPage(function Home({ user }) {\n *   return <>Signed in as {user.email}</>;\n * });\n * ```\n *\n * @example With Options\n *\n * ```tsx title=\"With Options\"\n * \"use client\";\n *\n * import { protectClientPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectClientPage(\n *   function Home({ user }) {\n *     return <>Signed in as {user.email}</>;\n *   },\n *   {\n *     returnUrl: \"/dashboard\",\n *     authParams: { loginHint: \"user@example.com\" }\n *   }\n * );\n * ```\n *\n * @example Custom access denied UI\n *\n * ```tsx title=\"Custom access denied UI\"\n * \"use client\";\n *\n * import { protectClientPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectClientPage(\n *   function Home({ user }) {\n *     return <>Signed in as {user.email}</>;\n *   },\n *   {\n *    onAccessDenied: () => <div>Please sign in to continue</div>\n *   }\n * );\n * ```\n *\n * @example Group protection\n *\n * ```tsx title=\"Group protection\"\n * \"use client\";\n *\n * import { protectClientPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectClientPage(\n *   function Home({ user }) {\n *     return <>Welcome Admin {user.email}</>;\n *   },\n *   {\n *    groups: [\"admin\"],\n *    onGroupAccessDenied: (user) => <div>User {user.email} is not an admin</div>\n *   }\n * );\n * ```\n *\n * @param Component - The page component to protect\n * @typeParam P - Props of the protected component (excluding `user`).\n * @param options - Optional configuration\n * @returns A protected React component.\n *\n * @category Functions\n *\n */\nexport const protectClientPage = <P extends object>(\n  Component: ComponentType<P & { user: MonoCloudUser }>,\n  options?: ProtectClientPageOptions\n): React.FC<P> => {\n  return props => {\n    const { user, error, isLoading } = useAuth();\n\n    useEffect(() => {\n      if (!user && !isLoading && !error) {\n        if (options?.onAccessDenied) {\n          return;\n        }\n\n        const authParams = options?.authParams ?? {};\n        redirectToSignIn({\n          returnUrl: options?.returnUrl,\n          ...authParams,\n        });\n      }\n    }, [user, isLoading, error]);\n\n    if (error) {\n      return handlePageError(error, options);\n    }\n\n    if (!user && !isLoading && options?.onAccessDenied) {\n      return options.onAccessDenied();\n    }\n\n    if (user) {\n      if (\n        options?.groups &&\n        !isUserInGroup(\n          user,\n          options.groups,\n          options.groupsClaim ??\n            process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_GROUPS_CLAIM,\n          options.matchAll\n        )\n      ) {\n        const {\n          onGroupAccessDenied = (): React.ReactNode => <div>Access Denied</div>,\n        } = options;\n        return onGroupAccessDenied(user);\n      }\n\n      return <Component user={user} {...props} />;\n    }\n\n    return null;\n  };\n};\n"],"mappings":";;;;;AAkCA,MAAM,YAAY,OAAO,QAAoD;CAC3E,MAAM,MAAM,MAAM,MAAM,KAAK,EAAE,aAAa,WAAW,CAAC;AAExD,KAAI,IAAI,WAAW,IACjB;AAGF,KAAI,IAAI,GACN,QAAO,IAAI,MAAM;AAGnB,OAAM,IAAI,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoDzC,MAAa,gBAAqC;CAChD,MAAM,MACJ,QAAQ,IAAI,4CAEZ,GAAG,QAAQ,IAAI,0BAA0B,GAAG;CAE9C,MAAM,EAAE,MAAM,OAAO,WAAW,WAAW,OACzC,KACA,UACD;CAED,MAAM,WAAW,YAA4B;EAC3C,MAAM,MAAM,IAAI,IAAI,KAAK,gBAAgB;AACzC,MAAI,QACF,KAAI,aAAa,IAAI,WAAW,OAAO;AAGzC,EAAK,OAAO,YAAY,MAAM,UAAU,IAAI,WAAW,IAAI,OAAO,EAAE,EAClE,YAAY,OACb,CAAC;;AAGJ,KAAI,MACF,QAAO;EACL,MAAM;EACN,WAAW;EACX,iBAAiB;EACV;EACP;EACD;AAGH,KAAI,KACF,QAAO;EACL,MAAM;EACN;EACA,iBAAiB,CAAC,CAAC,QAAQ,OAAO,KAAK,KAAK,CAAC,SAAS;EACtD,OAAO;EACP;EACD;AAGH,QAAO;EACL,MAAM;EACN;EACA,iBAAiB;EACjB,OAAO;EAEP,eAAqB;EACtB;;;;;ACpGH,MAAa,oBACX,YACS;CACT,MAAM,eAAe,IAAI,gBAAgB,OAAO,SAAS,OAAO;AAChE,cAAa,IACX,cACA,QAAQ,aAAa,OAAO,SAAS,UAAU,CAChD;AAED,uDAAI,QAAS,OACX,cAAa,IAAI,SAAS,QAAQ,OAAO;AAE3C,uDAAI,QAAS,SACX,cAAa,IAAI,YAAY,QAAQ,SAAS;AAGhD,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU,KAAK,IAAI,CAAC;AAG7D,uDAAI,QAAS,QACX,cAAa,IAAI,WAAW,QAAQ,QAAQ;AAG9C,uDAAI,QAAS,OACX,cAAa,IAAI,UAAU,QAAQ,OAAO;AAG5C,uDAAI,QAAS,kBACX,cAAa,IAAI,sBAAsB,QAAQ,kBAAkB;AAGnE,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU;AAGnD,uDAAI,QAAS,OACX,cAAa,IAAI,WAAW,QAAQ,OAAO,UAAU,CAAC;AAGxD,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU;AAGnD,QAAO,SAAS,OAEd,GAAG,QAAQ,IAAI,yCAAyC,GAAG,QAAQ,IAAI,0BAA0B,GAAG,kBAAkB,GAAG,aAAa,UAAU,GACjJ;;AAGH,MAAM,mBACJ,OACA,YACoB;;AAEpB,uDAAI,QAAS,QACX,QAAO,QAAQ,QAAQ,MAAM;;AAI/B,OAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoFR,MAAa,qBACX,WACA,YACgB;AAChB,SAAO,UAAS;EACd,MAAM,EAAE,MAAM,OAAO,cAAc,SAAS;AAE5C,kBAAgB;AACd,OAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO;AACjC,0DAAI,QAAS,eACX;IAGF,MAAM,gEAAa,QAAS,eAAc,EAAE;AAC5C,qBAAiB;KACf,6DAAW,QAAS;KACpB,GAAG;KACJ,CAAC;;KAEH;GAAC;GAAM;GAAW;GAAM,CAAC;AAE5B,MAAI,MACF,QAAO,gBAAgB,OAAO,QAAQ;AAGxC,MAAI,CAAC,QAAQ,CAAC,gEAAa,QAAS,gBAClC,QAAO,QAAQ,gBAAgB;AAGjC,MAAI,MAAM;AACR,0DACE,QAAS,WACT,CAAC,cACC,MACA,QAAQ,QACR,QAAQ,eACN,QAAQ,IAAI,yCACd,QAAQ,SACT,EACD;IACA,MAAM,EACJ,4BAA6C,oCAAC,aAAI,gBAAmB,KACnE;AACJ,WAAO,oBAAoB,KAAK;;AAGlC,UAAO,oCAAC;IAAgB;IAAM,GAAI;KAAS;;AAG7C,SAAO"}

package/dist/{protect-BCIji2i7.cjs → protect-client-page-BdsnH8gs.cjs}

@@ -14,32 +14,33 @@ const fetchUser = async (url) => {
 };
 /**
 *
-* Hook for getting the user's profile on client components
+* `useAuth()` is a client-side hook that provides access to the current authentication state.
 *
-* @returns Authentication State
+* It can only be used inside **Client Components**.
 *
-* @example App Router
-*
-* ```tsx
+* @example Basic Usage
+* ```tsx title="Basic Usage"
 * "use client";
 *
 * import { useAuth } from "@monocloud/auth-nextjs/client";
 *
 * export default function Home() {
-*   const { user } = useAuth();
+*   const { user, isAuthenticated } = useAuth();
+*
+*   if (!isAuthenticated) {
+*     return <>Not signed in</>;
+*   }
 *
 *   return <>User Id: {user?.sub}</>;
 * }
 * ```
 *
-* @example App Router - Refetch user from Userinfo endpoint
+* @example Refetch user
 *
-* Calling `refetch(true)` will force refresh the user's profile from the userinfo endpoint.
-* If you do not intent to refersh from your tenants userinfo endpoint, use just `refetch()`
+* Calling `refetch(true)` forces a refresh of the user profile from the `UserInfo` endpoint.
+* Calling `refetch()` refreshes authentication state without forcing a `UserInfo` request.
 *
-* **Note⚠️: You need to set the env `MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES=true` or `allowQueryParamOverrides` should be `true` in the client initialization for force refresh to work**
-*
-* ```tsx
+* ```tsx title="Refetch User"
 * "use client";
 *
 * import { useAuth } from "@monocloud/auth-nextjs/client";
@@ -49,47 +50,16 @@ const fetchUser = async (url) => {
 *
 *   return (
 *     <>
-*       <pre>{JSON.stringify(user)}</pre>
-*       <button onClick={() => refetch(true)}>Refresh</button>
+*       <pre>{JSON.stringify(user, null, 2)}</pre>
+*       <button onClick={() => refetch(true)}>Refresh Profile</button>
 *     </>
 *   );
 * }
 * ```
 *
-* @example Pages Router
-*
-* ```tsx
-* import { useAuth } from "@monocloud/auth-nextjs/client";
-*
-* export default function Home() {
-*   const { user } = useAuth();
-*
-*   return <>User Id: {user?.sub}</>;
-* }
-* ```
-*
-* @example Pages Router - Refetch user from Userinfo endpoint
-*
-*  Calling `refetch(true)` will force refresh the user's profile from the userinfo endpoint.
-* If you do not intent to refersh from your tenants userinfo endpoint, use just `refetch()`
-*
-* **Note⚠️: You need to set the env `MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES=true` or `allowQueryParamOverrides` should be `true` in the client initialization for force refresh to work**
-*
-* ```tsx
-* import { useAuth } from "@monocloud/auth-nextjs/client";
-*
-* export default function Home() {
-*   const { user, refetch } = useAuth();
-*
-*   return (
-*     <>
-*       <pre>{JSON.stringify(user)}</pre>
-*       <button onClick={() => refetch(true)}>Refresh</button>
-*     </>
-*   );
-* }
-* ```
+* @returns
 *
+* @category Hooks
 */
 const useAuth = () => {
 	const key = process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_USER_INFO_URL ?? `${process.env.__NEXT_ROUTER_BASEPATH ?? ""}/api/auth/userinfo`;
@@ -123,7 +93,7 @@ const useAuth = () => {
 };
 
 //#endregion
-//#region src/client/protect.tsx
+//#region src/client/protect-client-page.tsx
 const redirectToSignIn = (options) => {
 	const searchParams = new URLSearchParams(window.location.search);
 	searchParams.set("return_url", options.returnUrl ?? window.location.toString());
@@ -145,54 +115,53 @@ const handlePageError = (error, options) => {
 	throw error;
 };
 /**
-* Function to protect a client rendered page component.
-* Ensures that only authenticated users can access the component.
-*
-* **Note⚠️: Since `window.location` is set as `returnUrl` query param by default, you need to set the env `MONOCLOUD_AUTH_ALLOW_QUERY_PARAM_OVERRIDES=true` or `allowQueryParamOverrides` should be `true` in the client initialization for returning to the same page.**
+* `protectClientPage()` wraps a **client-rendered page component** and ensures that only authenticated users can access it.
 *
-* @param Component - The component to protect.
-* @param options - The options.
+* If the user is authenticated, the wrapped component receives a `user` prop.
 *
-* @returns Protected client rendered page component.
+* > This function runs on the client and controls rendering only.
+* > To enforce access before rendering (server-side), use the server {@link MonoCloudNextClient.protectPage | protectPage()} method on {@link MonoCloudNextClient}.
 *
-* @example App Router
+* @example Basic Usage
 *
-* ```tsx
+* ```tsx title="Basic Usage"
 * "use client";
 *
-* import { protectPage } from "@monocloud/auth-nextjs/client";
+* import { protectClientPage } from "@monocloud/auth-nextjs/client";
 *
-* export default protectPage(function Home() {
-*   return <>You are signed in</>;
+* export default protectClientPage(function Home({ user }) {
+*   return <>Signed in as {user.email}</>;
 * });
 * ```
 *
-* @example App Router with options
-*
-* See {@link ProtectPageOptions} for more options.
+* @example With Options
 *
-* ```tsx
+* ```tsx title="With Options"
 * "use client";
 *
-* import { protectPage } from "@monocloud/auth-nextjs/client";
+* import { protectClientPage } from "@monocloud/auth-nextjs/client";
 *
-* export default protectPage(
-*   function Home() {
-*     return <>You are signed in</>;
+* export default protectClientPage(
+*   function Home({ user }) {
+*     return <>Signed in as {user.email}</>;
 *   },
-*   { returnUrl: "/dashboard", authParams: { loginHint: "username" } }
+*   {
+*     returnUrl: "/dashboard",
+*     authParams: { loginHint: "user@example.com" }
+*   }
 * );
 * ```
-* @example Fallback with onAccessDenied
 *
-* ```tsx
+* @example Custom access denied UI
+*
+* ```tsx title="Custom access denied UI"
 * "use client";
 *
-* import { protectPage } from "@monocloud/auth-nextjs/client";
+* import { protectClientPage } from "@monocloud/auth-nextjs/client";
 *
-* export default protectPage(
-*   function Home() {
-*     return <>You are signed in</>;
+* export default protectClientPage(
+*   function Home({ user }) {
+*     return <>Signed in as {user.email}</>;
 *   },
 *   {
 *    onAccessDenied: () => <div>Please sign in to continue</div>
@@ -200,16 +169,16 @@ const handlePageError = (error, options) => {
 * );
 * ```
 *
-* @example Group Protection with onGroupAccessDenied
+* @example Group protection
 *
-* ```tsx
+* ```tsx title="Group protection"
 * "use client";
 *
-* import { protectPage } from "@monocloud/auth-nextjs/client";
+* import { protectClientPage } from "@monocloud/auth-nextjs/client";
 *
-* export default protectPage(
-*   function Home() {
-*     return <>Welcome Admin</>;
+* export default protectClientPage(
+*   function Home({ user }) {
+*     return <>Welcome Admin {user.email}</>;
 *   },
 *   {
 *    groups: ["admin"],
@@ -218,32 +187,15 @@ const handlePageError = (error, options) => {
 * );
 * ```
 *
-* @example Pages Router
-*
-* ```tsx
-* import { protectPage } from "@monocloud/auth-nextjs/client";
-*
-* export default protectPage(function Home() {
-*   return <>You are signed in</>;
-* });
-* ```
-*
-* @example Pages Router with options
-*
-* See {@link ProtectPageOptions} for more options.
+* @param Component - The page component to protect
+* @typeParam P - Props of the protected component (excluding `user`).
+* @param options - Optional configuration
+* @returns A protected React component.
 *
-* ```tsx
-* import { protectPage } from "@monocloud/auth-nextjs/client";
+* @category Functions
 *
-* export default protectPage(
-*   function Home() {
-*     return <>You are signed in</>;
-*   },
-*   { returnUrl: "/dashboard", authParams: { loginHint: "username" } }
-* );
-* ```
 */
-const protectPage = (Component, options) => {
+const protectClientPage = (Component, options) => {
 	return (props) => {
 		const { user, error, isLoading } = useAuth();
 		(0, react.useEffect)(() => {
@@ -277,10 +229,10 @@ const protectPage = (Component, options) => {
 };
 
 //#endregion
-Object.defineProperty(exports, 'protectPage', {
+Object.defineProperty(exports, 'protectClientPage', {
   enumerable: true,
   get: function () {
-    return protectPage;
+    return protectClientPage;
   }
 });
 Object.defineProperty(exports, 'redirectToSignIn', {
@@ -295,4 +247,4 @@ Object.defineProperty(exports, 'useAuth', {
     return useAuth;
   }
 });
-//# sourceMappingURL=protect-BCIji2i7.cjs.map
+//# sourceMappingURL=protect-client-page-BdsnH8gs.cjs.map

package/dist/protect-client-page-BdsnH8gs.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"protect-client-page-BdsnH8gs.cjs","names":[],"sources":["../src/client/use-auth.tsx","../src/client/protect-client-page.tsx"],"sourcesContent":["'use client';\n\nimport type { MonoCloudUser } from '@monocloud/auth-node-core';\nimport useSWR from 'swr';\n\n/**\n * Authentication State returned by `useAuth` hook.\n *\n * @category Types\n */\nexport interface AuthenticationState {\n  /**\n   * Flag indicating if the authentication state is still loading.\n   */\n  isLoading: boolean;\n  /**\n   * Flag indicating if the user is authenticated.\n   */\n  isAuthenticated: boolean;\n  /**\n   * Error encountered during authentication, if any.\n   */\n  error?: Error;\n  /**\n   *  The authenticated user's information, if available.\n   */\n  user?: MonoCloudUser;\n  /**\n   * Function to refetch the authentication state.\n   *\n   */\n  refetch: (refresh?: boolean) => void;\n}\n\nconst fetchUser = async (url: string): Promise<MonoCloudUser | undefined> => {\n  const res = await fetch(url, { credentials: 'include' });\n\n  if (res.status === 204) {\n    return undefined;\n  }\n\n  if (res.ok) {\n    return res.json();\n  }\n\n  throw new Error('Failed to fetch user');\n};\n\n/**\n *\n * `useAuth()` is a client-side hook that provides access to the current authentication state.\n *\n * It can only be used inside **Client Components**.\n *\n * @example Basic Usage\n * ```tsx title=\"Basic Usage\"\n * \"use client\";\n *\n * import { useAuth } from \"@monocloud/auth-nextjs/client\";\n *\n * export default function Home() {\n *   const { user, isAuthenticated } = useAuth();\n *\n *   if (!isAuthenticated) {\n *     return <>Not signed in</>;\n *   }\n *\n *   return <>User Id: {user?.sub}</>;\n * }\n * ```\n *\n * @example Refetch user\n *\n * Calling `refetch(true)` forces a refresh of the user profile from the `UserInfo` endpoint.\n * Calling `refetch()` refreshes authentication state without forcing a `UserInfo` request.\n *\n * ```tsx title=\"Refetch User\"\n * \"use client\";\n *\n * import { useAuth } from \"@monocloud/auth-nextjs/client\";\n *\n * export default function Home() {\n *   const { user, refetch } = useAuth();\n *\n *   return (\n *     <>\n *       <pre>{JSON.stringify(user, null, 2)}</pre>\n *       <button onClick={() => refetch(true)}>Refresh Profile</button>\n *     </>\n *   );\n * }\n * ```\n *\n * @returns\n *\n * @category Hooks\n */\nexport const useAuth = (): AuthenticationState => {\n  const key =\n    process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_USER_INFO_URL ??\n    // eslint-disable-next-line no-underscore-dangle\n    `${process.env.__NEXT_ROUTER_BASEPATH ?? ''}/api/auth/userinfo`;\n\n  const { data, error, isLoading, mutate } = useSWR<MonoCloudUser | undefined>(\n    key,\n    fetchUser\n  );\n\n  const refetch = (refresh?: boolean): void => {\n    const url = new URL(key, 'https://dummy');\n    if (refresh) {\n      url.searchParams.set('refresh', 'true');\n    }\n\n    void mutate(async () => await fetchUser(url.pathname + url.search), {\n      revalidate: false,\n    });\n  };\n\n  if (error) {\n    return {\n      user: undefined,\n      isLoading: false,\n      isAuthenticated: false,\n      error: error as Error,\n      refetch,\n    };\n  }\n\n  if (data) {\n    return {\n      user: data,\n      isLoading,\n      isAuthenticated: !!data && Object.keys(data).length > 0,\n      error: undefined,\n      refetch,\n    };\n  }\n\n  return {\n    user: undefined,\n    isLoading,\n    isAuthenticated: false,\n    error: undefined,\n    /* v8 ignore next -- @preserve */\n    refetch: (): void => {},\n  };\n};\n","/* eslint-disable react/display-name */\n'use client';\n\nimport React, { ComponentType, useEffect } from 'react';\nimport type { MonoCloudUser } from '@monocloud/auth-node-core';\nimport { isUserInGroup } from '@monocloud/auth-node-core/utils';\nimport { useAuth } from './use-auth';\nimport { ExtraAuthParams, GroupOptions } from '../types';\nimport type { MonoCloudNextClient } from '../monocloud-next-client';\n\n/**\n * Options for configuring page protection.\n *\n * @category Types\n */\nexport interface ProtectClientPageOptions extends GroupOptions {\n  /**\n   * The URL where the user will be redirected to after sign in.\n   */\n  returnUrl?: string;\n\n  /**\n   * A custom react element to render when the user is not authenticated.\n   */\n  onAccessDenied?: () => React.ReactNode;\n\n  /**\n   * A custom react element to render when the user is authenticated but does not belong to the required groups.\n   */\n  onGroupAccessDenied?: (user: MonoCloudUser) => React.ReactNode;\n\n  /**\n   * Authorization parameters to be used during authentication.\n   */\n  authParams?: ExtraAuthParams;\n\n  /**\n   * Callback function to handle errors.\n   * If not provided, errors will be thrown.\n   *\n   * @param error - The error object.\n   * @returns JSX element to handle the error.\n   */\n  onError?: (error: Error) => React.ReactNode;\n}\n\nexport const redirectToSignIn = (\n  options: { returnUrl?: string } & ExtraAuthParams\n): void => {\n  const searchParams = new URLSearchParams(window.location.search);\n  searchParams.set(\n    'return_url',\n    options.returnUrl ?? window.location.toString()\n  );\n\n  if (options?.scopes) {\n    searchParams.set('scope', options.scopes);\n  }\n  if (options?.resource) {\n    searchParams.set('resource', options.resource);\n  }\n\n  if (options?.acrValues) {\n    searchParams.set('acr_values', options.acrValues.join(' '));\n  }\n\n  if (options?.display) {\n    searchParams.set('display', options.display);\n  }\n\n  if (options?.prompt) {\n    searchParams.set('prompt', options.prompt);\n  }\n\n  if (options?.authenticatorHint) {\n    searchParams.set('authenticator_hint', options.authenticatorHint);\n  }\n\n  if (options?.uiLocales) {\n    searchParams.set('ui_locales', options.uiLocales);\n  }\n\n  if (options?.maxAge) {\n    searchParams.set('max_age', options.maxAge.toString());\n  }\n\n  if (options?.loginHint) {\n    searchParams.set('login_hint', options.loginHint);\n  }\n\n  window.location.assign(\n    // eslint-disable-next-line no-underscore-dangle\n    `${process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_SIGNIN_URL ?? `${process.env.__NEXT_ROUTER_BASEPATH ?? ''}/api/auth/signin`}?${searchParams.toString()}`\n  );\n};\n\nconst handlePageError = (\n  error: Error,\n  options?: ProtectClientPageOptions\n): React.ReactNode => {\n  /* v8 ignore else -- @preserve */\n  if (options?.onError) {\n    return options.onError(error);\n  }\n\n  /* v8 ignore next -- @preserve */\n  throw error;\n};\n\n/**\n * `protectClientPage()` wraps a **client-rendered page component** and ensures that only authenticated users can access it.\n *\n * If the user is authenticated, the wrapped component receives a `user` prop.\n *\n * > This function runs on the client and controls rendering only.\n * > To enforce access before rendering (server-side), use the server {@link MonoCloudNextClient.protectPage | protectPage()} method on {@link MonoCloudNextClient}.\n *\n * @example Basic Usage\n *\n * ```tsx title=\"Basic Usage\"\n * \"use client\";\n *\n * import { protectClientPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectClientPage(function Home({ user }) {\n *   return <>Signed in as {user.email}</>;\n * });\n * ```\n *\n * @example With Options\n *\n * ```tsx title=\"With Options\"\n * \"use client\";\n *\n * import { protectClientPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectClientPage(\n *   function Home({ user }) {\n *     return <>Signed in as {user.email}</>;\n *   },\n *   {\n *     returnUrl: \"/dashboard\",\n *     authParams: { loginHint: \"user@example.com\" }\n *   }\n * );\n * ```\n *\n * @example Custom access denied UI\n *\n * ```tsx title=\"Custom access denied UI\"\n * \"use client\";\n *\n * import { protectClientPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectClientPage(\n *   function Home({ user }) {\n *     return <>Signed in as {user.email}</>;\n *   },\n *   {\n *    onAccessDenied: () => <div>Please sign in to continue</div>\n *   }\n * );\n * ```\n *\n * @example Group protection\n *\n * ```tsx title=\"Group protection\"\n * \"use client\";\n *\n * import { protectClientPage } from \"@monocloud/auth-nextjs/client\";\n *\n * export default protectClientPage(\n *   function Home({ user }) {\n *     return <>Welcome Admin {user.email}</>;\n *   },\n *   {\n *    groups: [\"admin\"],\n *    onGroupAccessDenied: (user) => <div>User {user.email} is not an admin</div>\n *   }\n * );\n * ```\n *\n * @param Component - The page component to protect\n * @typeParam P - Props of the protected component (excluding `user`).\n * @param options - Optional configuration\n * @returns A protected React component.\n *\n * @category Functions\n *\n */\nexport const protectClientPage = <P extends object>(\n  Component: ComponentType<P & { user: MonoCloudUser }>,\n  options?: ProtectClientPageOptions\n): React.FC<P> => {\n  return props => {\n    const { user, error, isLoading } = useAuth();\n\n    useEffect(() => {\n      if (!user && !isLoading && !error) {\n        if (options?.onAccessDenied) {\n          return;\n        }\n\n        const authParams = options?.authParams ?? {};\n        redirectToSignIn({\n          returnUrl: options?.returnUrl,\n          ...authParams,\n        });\n      }\n    }, [user, isLoading, error]);\n\n    if (error) {\n      return handlePageError(error, options);\n    }\n\n    if (!user && !isLoading && options?.onAccessDenied) {\n      return options.onAccessDenied();\n    }\n\n    if (user) {\n      if (\n        options?.groups &&\n        !isUserInGroup(\n          user,\n          options.groups,\n          options.groupsClaim ??\n            process.env.NEXT_PUBLIC_MONOCLOUD_AUTH_GROUPS_CLAIM,\n          options.matchAll\n        )\n      ) {\n        const {\n          onGroupAccessDenied = (): React.ReactNode => <div>Access Denied</div>,\n        } = options;\n        return onGroupAccessDenied(user);\n      }\n\n      return <Component user={user} {...props} />;\n    }\n\n    return null;\n  };\n};\n"],"mappings":";;;;;;;;AAkCA,MAAM,YAAY,OAAO,QAAoD;CAC3E,MAAM,MAAM,MAAM,MAAM,KAAK,EAAE,aAAa,WAAW,CAAC;AAExD,KAAI,IAAI,WAAW,IACjB;AAGF,KAAI,IAAI,GACN,QAAO,IAAI,MAAM;AAGnB,OAAM,IAAI,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoDzC,MAAa,gBAAqC;CAChD,MAAM,MACJ,QAAQ,IAAI,4CAEZ,GAAG,QAAQ,IAAI,0BAA0B,GAAG;CAE9C,MAAM,EAAE,MAAM,OAAO,WAAW,4BAC9B,KACA,UACD;CAED,MAAM,WAAW,YAA4B;EAC3C,MAAM,MAAM,IAAI,IAAI,KAAK,gBAAgB;AACzC,MAAI,QACF,KAAI,aAAa,IAAI,WAAW,OAAO;AAGzC,EAAK,OAAO,YAAY,MAAM,UAAU,IAAI,WAAW,IAAI,OAAO,EAAE,EAClE,YAAY,OACb,CAAC;;AAGJ,KAAI,MACF,QAAO;EACL,MAAM;EACN,WAAW;EACX,iBAAiB;EACV;EACP;EACD;AAGH,KAAI,KACF,QAAO;EACL,MAAM;EACN;EACA,iBAAiB,CAAC,CAAC,QAAQ,OAAO,KAAK,KAAK,CAAC,SAAS;EACtD,OAAO;EACP;EACD;AAGH,QAAO;EACL,MAAM;EACN;EACA,iBAAiB;EACjB,OAAO;EAEP,eAAqB;EACtB;;;;;ACpGH,MAAa,oBACX,YACS;CACT,MAAM,eAAe,IAAI,gBAAgB,OAAO,SAAS,OAAO;AAChE,cAAa,IACX,cACA,QAAQ,aAAa,OAAO,SAAS,UAAU,CAChD;AAED,uDAAI,QAAS,OACX,cAAa,IAAI,SAAS,QAAQ,OAAO;AAE3C,uDAAI,QAAS,SACX,cAAa,IAAI,YAAY,QAAQ,SAAS;AAGhD,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU,KAAK,IAAI,CAAC;AAG7D,uDAAI,QAAS,QACX,cAAa,IAAI,WAAW,QAAQ,QAAQ;AAG9C,uDAAI,QAAS,OACX,cAAa,IAAI,UAAU,QAAQ,OAAO;AAG5C,uDAAI,QAAS,kBACX,cAAa,IAAI,sBAAsB,QAAQ,kBAAkB;AAGnE,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU;AAGnD,uDAAI,QAAS,OACX,cAAa,IAAI,WAAW,QAAQ,OAAO,UAAU,CAAC;AAGxD,uDAAI,QAAS,UACX,cAAa,IAAI,cAAc,QAAQ,UAAU;AAGnD,QAAO,SAAS,OAEd,GAAG,QAAQ,IAAI,yCAAyC,GAAG,QAAQ,IAAI,0BAA0B,GAAG,kBAAkB,GAAG,aAAa,UAAU,GACjJ;;AAGH,MAAM,mBACJ,OACA,YACoB;;AAEpB,uDAAI,QAAS,QACX,QAAO,QAAQ,QAAQ,MAAM;;AAI/B,OAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoFR,MAAa,qBACX,WACA,YACgB;AAChB,SAAO,UAAS;EACd,MAAM,EAAE,MAAM,OAAO,cAAc,SAAS;AAE5C,6BAAgB;AACd,OAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO;AACjC,0DAAI,QAAS,eACX;IAGF,MAAM,gEAAa,QAAS,eAAc,EAAE;AAC5C,qBAAiB;KACf,6DAAW,QAAS;KACpB,GAAG;KACJ,CAAC;;KAEH;GAAC;GAAM;GAAW;GAAM,CAAC;AAE5B,MAAI,MACF,QAAO,gBAAgB,OAAO,QAAQ;AAGxC,MAAI,CAAC,QAAQ,CAAC,gEAAa,QAAS,gBAClC,QAAO,QAAQ,gBAAgB;AAGjC,MAAI,MAAM;AACR,0DACE,QAAS,WACT,oDACE,MACA,QAAQ,QACR,QAAQ,eACN,QAAQ,IAAI,yCACd,QAAQ,SACT,EACD;IACA,MAAM,EACJ,4BAA6C,4CAAC,aAAI,gBAAmB,KACnE;AACJ,WAAO,oBAAoB,KAAK;;AAGlC,UAAO,4CAAC;IAAgB;IAAM,GAAI;KAAS;;AAG7C,SAAO"}