@nauth-toolkit/social-apple 0.1.3

package/LICENSE

@@ -0,0 +1,90 @@
+NAUTH TOOLKIT EARLY ACCESS LICENSE
+Version 1.0 (December 2025)
+
+================================================================================
+FUTURE OPEN SOURCE NOTICE
+================================================================================
+NAuth Toolkit will transition to an open-source license (MIT or Apache 2.0) for
+core authentication features once the project reaches production readiness.
+
+This Early Access License is temporary and designed to:
+• Allow developers to build with nauth-toolkit during preview/beta
+• Provide clear expectations during the pre-release phase
+• Enable feedback and real-world testing before GA
+
+We're committed to keeping core auth free and open source. Premium features
+(enterprise SSO, advanced compliance, hosted options) will be offered separately
+under fair commercial terms.
+
+================================================================================
+EARLY ACCESS LICENSE TERMS
+================================================================================
+
+1. Grant of Use
+   You are granted a free, non-exclusive, non-transferable license to:
+   - Install and use nauth-toolkit packages in development, testing, staging,
+     and production environments
+   - Modify the code for your own internal use
+   - Deploy applications using nauth-toolkit to serve your users
+
+   You may NOT:
+   - Redistribute NAuth Toolkit as a standalone product or service
+   - Sell, sublicense, or offer NAuth Toolkit as part of a competing auth
+     platform or toolkit
+   - Remove or alter copyright notices
+
+2. No Fees During Early Access
+   There are no license fees, subscription costs, or usage charges during the
+   Early Access period. You may use nauth-toolkit freely for commercial and
+   non-commercial purposes within the terms of this license.
+
+3. Production Use
+   Production use is permitted but comes with standard early-access caveats:
+   - Features and APIs may change between preview releases
+   - Support is community-based (GitHub issues/discussions)
+   - No SLA or guaranteed uptime (you run it on your infrastructure)
+
+   We recommend thorough testing and having rollback plans for critical systems.
+
+4. Future Transition
+   When nauth-toolkit releases v1.0 GA:
+   - Core packages will adopt an open-source license (MIT or Apache 2.0)
+   - Your existing deployments will continue to work
+   - Premium features (if any) will be clearly documented with separate licensing
+   - No forced upgrades or surprise fees
+
+5. Ownership
+   NAuth Toolkit is developed and maintained by Noorix Digital Solutions.
+   You retain full ownership of your applications and data.
+
+6. Data and Privacy
+   NAuth Toolkit runs in YOUR infrastructure and database. You control all data.
+   You are responsible for compliance with applicable data protection laws.
+
+7. Disclaimer of Warranty
+   THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
+
+8. Limitation of Liability
+   IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY INDIRECT, INCIDENTAL,
+   SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS
+   OF PROFITS, REVENUE, DATA, OR USE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+   DAMAGES.
+
+9. Termination
+   This license remains in effect until:
+   - You stop using nauth-toolkit, or
+   - The project transitions to open source (at which point the new license applies)
+
+   If you breach these terms, your license terminates and you must stop using the
+   software.
+
+10. Contact and Support
+    - Documentation: https://nauth.dev
+    - Issues/Discussions: GitHub (when public repository launches)
+    - Commercial inquiries: Contact admin@noorix.com
+
+================================================================================
+Thank you for being an early adopter. Your feedback shapes the future of NAuth.
+================================================================================

package/README.md

@@ -0,0 +1,30 @@
+# @nauth-toolkit/social-apple
+
+Apple OAuth provider for nauth-toolkit
+
+## ⚠️ Preview Release Notice
+
+**This is a preview release for internal testing. Do not use in production yet.**
+
+This package is part of nauth-toolkit and is currently in early access/preview. Features and APIs may change between releases. For production use, please wait for the stable v1.0 release.
+
+## Installation
+
+```bash
+npm install @nauth-toolkit/social-apple@preview
+# or
+yarn add @nauth-toolkit/social-apple@preview
+```
+
+## License
+
+See LICENSE file in the package root for full license terms.
+
+## Documentation
+
+Full documentation: https://nauth.dev
+
+## Support
+
+- Issues/Discussions: GitHub (when repository is public)
+- Documentation: https://nauth.dev

package/dist/nestjs/apple-social-auth.module.d.ts

@@ -0,0 +1,10 @@
+import { OnModuleInit } from '@nestjs/common';
+import { AppleSocialAuthService } from '../src/apple-social-auth.service';
+import { SocialProviderRegistry } from '@nauth-toolkit/core/internal';
+export declare class AppleSocialAuthModule implements OnModuleInit {
+    private readonly appleSocialAuthService;
+    private readonly providerRegistry;
+    constructor(appleSocialAuthService: AppleSocialAuthService, providerRegistry: SocialProviderRegistry);
+    onModuleInit(): void;
+}
+//# sourceMappingURL=apple-social-auth.module.d.ts.map

package/dist/nestjs/apple-social-auth.module.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"apple-social-auth.module.d.ts","sourceRoot":"","sources":["../../nestjs/apple-social-auth.module.ts"],"names":[],"mappings":"AAAA,OAAO,EAAU,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACtD,OAAO,EAAE,sBAAsB,EAAE,MAAM,kCAAkC,CAAC;AAY1E,OAAO,EAIL,sBAAsB,EAGvB,MAAM,8BAA8B,CAAC;AAoCtC,qBAmEa,qBAAsB,YAAW,YAAY;IAEtD,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,gBAAgB;gBADhB,sBAAsB,EAAE,sBAAsB,EAC9C,gBAAgB,EAAE,sBAAsB;IAO3D,YAAY,IAAI,IAAI;CAOrB"}

package/dist/nestjs/apple-social-auth.module.js

@@ -0,0 +1,72 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AppleSocialAuthModule = void 0;
+const common_1 = require("@nestjs/common");
+const apple_social_auth_service_1 = require("../src/apple-social-auth.service");
+const core_1 = require("@nauth-toolkit/core");
+const internal_1 = require("@nauth-toolkit/core/internal");
+const token_verifier_service_1 = require("../src/token-verifier.service");
+let AppleSocialAuthModule = class AppleSocialAuthModule {
+    appleSocialAuthService;
+    providerRegistry;
+    constructor(appleSocialAuthService, providerRegistry) {
+        this.appleSocialAuthService = appleSocialAuthService;
+        this.providerRegistry = providerRegistry;
+    }
+    onModuleInit() {
+        const config = this.appleSocialAuthService['config'];
+        const providerConfig = config.social?.apple;
+        if (providerConfig?.enabled) {
+            this.providerRegistry.registerProvider(this.appleSocialAuthService);
+        }
+    }
+};
+exports.AppleSocialAuthModule = AppleSocialAuthModule;
+exports.AppleSocialAuthModule = AppleSocialAuthModule = __decorate([
+    (0, common_1.Module)({
+        providers: [
+            {
+                provide: 'APPLE_TOKEN_VERIFIER',
+                useFactory: (config) => {
+                    return new token_verifier_service_1.TokenVerifierService(config);
+                },
+                inject: ['NAUTH_CONFIG'],
+            },
+            {
+                provide: apple_social_auth_service_1.AppleSocialAuthService,
+                useFactory: (config, logger, authService, socialAuthService, jwtService, sessionService, challengeHelper, clientInfoService, stateStore, userRepository, phoneVerificationService, auditService, trustedDeviceService, tokenVerifier) => {
+                    return new apple_social_auth_service_1.AppleSocialAuthService(config, logger, authService, socialAuthService, jwtService, sessionService, challengeHelper, clientInfoService, stateStore, userRepository, phoneVerificationService, auditService, trustedDeviceService, tokenVerifier);
+                },
+                inject: [
+                    'NAUTH_CONFIG',
+                    'NAUTH_LOGGER',
+                    core_1.AuthService,
+                    core_1.SocialAuthService,
+                    internal_1.JwtService,
+                    internal_1.SessionService,
+                    internal_1.AuthChallengeHelperService,
+                    core_1.ClientInfoService,
+                    'SOCIAL_AUTH_STATE_STORE',
+                    'UserRepository',
+                    { token: core_1.PhoneVerificationService, optional: true },
+                    { token: internal_1.AuthAuditService, optional: true },
+                    { token: internal_1.TrustedDeviceService, optional: true },
+                    { token: 'APPLE_TOKEN_VERIFIER', optional: true },
+                ],
+            },
+        ],
+        exports: [apple_social_auth_service_1.AppleSocialAuthService],
+    }),
+    __metadata("design:paramtypes", [apple_social_auth_service_1.AppleSocialAuthService,
+        internal_1.SocialProviderRegistry])
+], AppleSocialAuthModule);
+//# sourceMappingURL=apple-social-auth.module.js.map

package/dist/nestjs/apple-social-auth.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"apple-social-auth.module.js","sourceRoot":"","sources":["../../nestjs/apple-social-auth.module.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAAsD;AACtD,gFAA0E;AAE1E,8CAQ6B;AAE7B,2DAOsC;AACtC,0EAAkG;AAsG3F,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IAEb;IACA;IAFnB,YACmB,sBAA8C,EAC9C,gBAAwC;QADxC,2BAAsB,GAAtB,sBAAsB,CAAwB;QAC9C,qBAAgB,GAAhB,gBAAgB,CAAwB;IACxD,CAAC;IAMJ,YAAY;QACV,MAAM,MAAM,GAAG,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAgB,CAAC;QACpE,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC;QAC5C,IAAI,cAAc,EAAE,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,gBAAgB,CAAC,gBAAgB,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;CACF,CAAA;AAjBY,sDAAqB;gCAArB,qBAAqB;IAnEjC,IAAA,eAAM,EAAC;QAEN,SAAS,EAAE;YAET;gBACE,OAAO,EAAE,sBAAsB;gBAC/B,UAAU,EAAE,CAAC,MAAmB,EAAE,EAAE;oBAClC,OAAO,IAAI,6CAAyB,CAAC,MAAM,CAAC,CAAC;gBAC/C,CAAC;gBACD,MAAM,EAAE,CAAC,cAAc,CAAC;aACzB;YAED;gBACE,OAAO,EAAE,kDAAsB;gBAC/B,UAAU,EAAE,CACV,MAAmB,EACnB,MAAmB,EACnB,WAAwB,EACxB,iBAAoC,EACpC,UAAsB,EACtB,cAA8B,EAC9B,eAA2C,EAC3C,iBAAoC,EACpC,UAAgE,EAChE,cAAmB,EACnB,wBAAmD,EACnD,YAAuC,EACvC,oBAA2C,EAC3C,aAAqC,EACrC,EAAE;oBACF,OAAO,IAAI,kDAAsB,CAC/B,MAAM,EACN,MAAM,EACN,WAAW,EACX,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,wBAAwB,EACxB,YAAY,EACZ,oBAAoB,EACpB,aAAa,CACd,CAAC;gBACJ,CAAC;gBACD,MAAM,EAAE;oBACN,cAAc;oBACd,cAAc;oBACd,kBAAW;oBACX,wBAAiB;oBACjB,qBAAU;oBACV,yBAAc;oBACd,qCAA0B;oBAC1B,wBAAiB;oBACjB,yBAAyB;oBACzB,gBAAgB;oBAChB,EAAE,KAAK,EAAE,+BAAwB,EAAE,QAAQ,EAAE,IAAI,EAAE;oBACnD,EAAE,KAAK,EAAE,2BAAwB,EAAE,QAAQ,EAAE,IAAI,EAAE;oBACnD,EAAE,KAAK,EAAE,+BAAoB,EAAE,QAAQ,EAAE,IAAI,EAAE;oBAC/C,EAAE,KAAK,EAAE,sBAAsB,EAAE,QAAQ,EAAE,IAAI,EAAE;iBAClD;aACF;SACF;QACD,OAAO,EAAE,CAAC,kDAAsB,CAAC;KAClC,CAAC;qCAG2C,kDAAsB;QAC5B,iCAAsB;GAHhD,qBAAqB,CAiBjC"}

package/dist/nestjs/index.d.ts

@@ -0,0 +1,7 @@
+export { AppleSocialAuthModule } from './apple-social-auth.module';
+export * from '../src/apple-social-auth.service';
+export * from '../src/apple-oauth.client';
+export * from '../src/token-verifier.service';
+export * from '../src/verified-token-profile.interface';
+export * from '../src/dto/social-login.dto';
+//# sourceMappingURL=index.d.ts.map

package/dist/nestjs/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../nestjs/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AAGnE,cAAc,kCAAkC,CAAC;AACjD,cAAc,2BAA2B,CAAC;AAC1C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,yCAAyC,CAAC;AACxD,cAAc,6BAA6B,CAAC"}

package/dist/nestjs/index.js

@@ -0,0 +1,25 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AppleSocialAuthModule = void 0;
+var apple_social_auth_module_1 = require("./apple-social-auth.module");
+Object.defineProperty(exports, "AppleSocialAuthModule", { enumerable: true, get: function () { return apple_social_auth_module_1.AppleSocialAuthModule; } });
+__exportStar(require("../src/apple-social-auth.service"), exports);
+__exportStar(require("../src/apple-oauth.client"), exports);
+__exportStar(require("../src/token-verifier.service"), exports);
+__exportStar(require("../src/verified-token-profile.interface"), exports);
+__exportStar(require("../src/dto/social-login.dto"), exports);
+//# sourceMappingURL=index.js.map

package/dist/nestjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../nestjs/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAMA,uEAAmE;AAA1D,iIAAA,qBAAqB,OAAA;AAG9B,mEAAiD;AACjD,4DAA0C;AAC1C,gEAA8C;AAC9C,0EAAwD;AACxD,8DAA4C"}

package/dist/src/apple-oauth.client.d.ts

@@ -0,0 +1,15 @@
+import { OAuthClient, OAuthConfig, OAuthUserProfile } from '@nauth-toolkit/core';
+export declare class AppleOAuthClient implements OAuthClient {
+    private readonly config;
+    private readonly tokenEndpoint;
+    private readonly userInfoEndpoint;
+    constructor(config: OAuthConfig);
+    exchangeCodeForToken(code: string, redirectUri: string): Promise<{
+        accessToken: string;
+        refreshToken?: string;
+        expiresIn?: number;
+    }>;
+    getUserProfile(accessToken: string): Promise<OAuthUserProfile>;
+    getAuthorizationUrl(state?: string): string;
+}
+//# sourceMappingURL=apple-oauth.client.d.ts.map

package/dist/src/apple-oauth.client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"apple-oauth.client.d.ts","sourceRoot":"","sources":["../../src/apple-oauth.client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,gBAAgB,EAAiC,MAAM,qBAAqB,CAAC;AAqBhH,qBAAa,gBAAiB,YAAW,WAAW;IAClD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAA0C;IACxE,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAA6C;gBAElE,MAAM,EAAE,WAAW;IAqBzB,oBAAoB,CACxB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC;QACT,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IAuDI,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAsDpE,mBAAmB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM;CAe5C"}

package/dist/src/apple-oauth.client.js

@@ -0,0 +1,97 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AppleOAuthClient = void 0;
+const core_1 = require("@nauth-toolkit/core");
+class AppleOAuthClient {
+    config;
+    tokenEndpoint = 'https://appleid.apple.com/auth/token';
+    userInfoEndpoint = 'https://appleid.apple.com/auth/userinfo';
+    constructor(config) {
+        this.config = {
+            scopes: ['name', 'email'],
+            ...config,
+        };
+    }
+    async exchangeCodeForToken(code, redirectUri) {
+        const params = new URLSearchParams({
+            client_id: this.config.clientId,
+            client_secret: this.config.clientSecret,
+            code,
+            grant_type: 'authorization_code',
+            redirect_uri: redirectUri,
+        });
+        try {
+            const response = await fetch(this.tokenEndpoint, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/x-www-form-urlencoded',
+                },
+                body: params.toString(),
+            });
+            if (!response.ok) {
+                const errorData = (await response.json());
+                throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_TOKEN_INVALID, `Token exchange failed: ${errorData.error_description || errorData.error}`);
+            }
+            const data = (await response.json());
+            return {
+                accessToken: data.access_token,
+                refreshToken: data.refresh_token,
+                expiresIn: data.expires_in,
+            };
+        }
+        catch (error) {
+            if (error instanceof Error) {
+                throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_TOKEN_INVALID, `Apple token exchange failed: ${error.message}`);
+            }
+            throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_TOKEN_INVALID, 'Apple token exchange failed: Unknown error');
+        }
+    }
+    async getUserProfile(accessToken) {
+        try {
+            const response = await fetch(this.userInfoEndpoint, {
+                headers: {
+                    Authorization: `Bearer ${accessToken}`,
+                },
+            });
+            if (!response.ok) {
+                if (response.status === 401) {
+                    throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_TOKEN_INVALID, 'Invalid or expired access token');
+                }
+                throw new core_1.NAuthException(core_1.AuthErrorCode.INTERNAL_ERROR, `Apple API call failed: ${response.status} ${response.statusText}`);
+            }
+            const data = (await response.json());
+            const firstName = data.name?.firstName || null;
+            const lastName = data.name?.lastName || null;
+            return {
+                id: data.sub,
+                email: data.email || null,
+                firstName,
+                lastName,
+                picture: null,
+                verified: data.email_verified || false,
+                raw: data,
+            };
+        }
+        catch (error) {
+            if (error instanceof Error) {
+                throw new core_1.NAuthException(core_1.AuthErrorCode.INTERNAL_ERROR, `Apple profile fetch failed: ${error.message}`);
+            }
+            throw new core_1.NAuthException(core_1.AuthErrorCode.INTERNAL_ERROR, 'Apple profile fetch failed: Unknown error');
+        }
+    }
+    getAuthorizationUrl(state) {
+        const params = new URLSearchParams({
+            client_id: this.config.clientId,
+            redirect_uri: this.config.redirectUri,
+            scope: this.config.scopes?.join(' ') || 'name email',
+            response_type: 'code',
+            response_mode: 'form_post',
+        });
+        if (state) {
+            params.append('state', state);
+        }
+        return `https://appleid.apple.com/auth/authorize?${params.toString()}`;
+    }
+}
+exports.AppleOAuthClient = AppleOAuthClient;
+//# sourceMappingURL=apple-oauth.client.js.map

package/dist/src/apple-oauth.client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"apple-oauth.client.js","sourceRoot":"","sources":["../../src/apple-oauth.client.ts"],"names":[],"mappings":";;;AAAA,8CAAgH;AAqBhH,MAAa,gBAAgB;IACV,MAAM,CAAc;IACpB,aAAa,GAAG,sCAAsC,CAAC;IACvD,gBAAgB,GAAG,yCAAyC,CAAC;IAE9E,YAAY,MAAmB;QAC7B,IAAI,CAAC,MAAM,GAAG;YACZ,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;YACzB,GAAG,MAAM;SACV,CAAC;IACJ,CAAC;IAgBD,KAAK,CAAC,oBAAoB,CACxB,IAAY,EACZ,WAAmB;QAMnB,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;YACvC,IAAI;YACJ,UAAU,EAAE,oBAAoB;YAChC,YAAY,EAAE,WAAW;SAC1B,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE;gBAC/C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;iBACpD;gBACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;aACxB,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAQ,CAAC;gBACjD,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,oBAAoB,EAClC,0BAA0B,SAAS,CAAC,iBAAiB,IAAI,SAAS,CAAC,KAAK,EAAE,CAC3E,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAQ,CAAC;YAE5C,OAAO;gBACL,WAAW,EAAE,IAAI,CAAC,YAAY;gBAC9B,YAAY,EAAE,IAAI,CAAC,aAAa;gBAChC,SAAS,EAAE,IAAI,CAAC,UAAU;aAC3B,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,oBAAoB,EAAE,gCAAgC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAChH,CAAC;YACD,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,oBAAoB,EAAE,4CAA4C,CAAC,CAAC;QAC7G,CAAC;IACH,CAAC;IAgBD,KAAK,CAAC,cAAc,CAAC,WAAmB;QACtC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,gBAAgB,EAAE;gBAClD,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,WAAW,EAAE;iBACvC;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBAC5B,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,oBAAoB,EAAE,iCAAiC,CAAC,CAAC;gBAClG,CAAC;gBACD,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,cAAc,EAC5B,0BAA0B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CACnE,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAQ,CAAC;YAI5C,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,IAAI,IAAI,CAAC;YAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,EAAE,QAAQ,IAAI,IAAI,CAAC;YAE7C,OAAO;gBACL,EAAE,EAAE,IAAI,CAAC,GAAG;gBACZ,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI;gBACzB,SAAS;gBACT,QAAQ;gBACR,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,IAAI,CAAC,cAAc,IAAI,KAAK;gBACtC,GAAG,EAAE,IAAI;aACV,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,cAAc,EAAE,+BAA+B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YACzG,CAAC;YACD,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,cAAc,EAAE,2CAA2C,CAAC,CAAC;QACtG,CAAC;IACH,CAAC;IAcD,mBAAmB,CAAC,KAAc;QAChC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;YACrC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,YAAY;YACpD,aAAa,EAAE,MAAM;YACrB,aAAa,EAAE,WAAW;SAC3B,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,4CAA4C,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IACzE,CAAC;CACF;AA7JD,4CA6JC"}

package/dist/src/apple-social-auth.service.d.ts

@@ -0,0 +1,16 @@
+import { AuthService, SocialAuthService, ClientInfoService, NAuthConfig, NAuthLogger, OAuthUserProfile, PhoneVerificationService, ISocialAuthProviderService, ITokenVerifierService, BaseUser } from '@nauth-toolkit/core';
+import { BaseSocialAuthProviderService, JwtService, SessionService, AuthChallengeHelperService, AuthAuditService, TrustedDeviceService } from '@nauth-toolkit/core/internal';
+import { Repository } from 'typeorm';
+export declare class AppleSocialAuthService extends BaseSocialAuthProviderService implements ISocialAuthProviderService {
+    readonly providerName = "apple";
+    private readonly oauthClient;
+    private readonly tokenVerifier;
+    constructor(config: NAuthConfig, logger: NAuthLogger, authService: AuthService, socialAuthService: SocialAuthService, jwtService: JwtService, sessionService: SessionService, challengeHelper: AuthChallengeHelperService, clientInfoService: ClientInfoService, stateStore: Map<string, {
+        timestamp: number;
+        provider: string;
+    }>, userRepository: Repository<BaseUser>, phoneVerificationService?: PhoneVerificationService, auditService?: AuthAuditService, trustedDeviceService?: TrustedDeviceService, tokenVerifier?: ITokenVerifierService);
+    getAuthUrl(state?: string): Promise<string>;
+    protected getOAuthProfile(code: string, _state: string): Promise<OAuthUserProfile>;
+    protected verifyNativeToken(idToken: string, _accessToken?: string, profileData?: unknown): Promise<OAuthUserProfile>;
+}
+//# sourceMappingURL=apple-social-auth.service.d.ts.map

package/dist/src/apple-social-auth.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"apple-social-auth.service.d.ts","sourceRoot":"","sources":["../../src/apple-social-auth.service.ts"],"names":[],"mappings":"AACA,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,iBAAiB,EACjB,WAAW,EACX,WAAW,EACX,gBAAgB,EAGhB,wBAAwB,EACxB,0BAA0B,EAC1B,qBAAqB,EACrB,QAAQ,EACT,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,6BAA6B,EAC7B,UAAU,EACV,cAAc,EACd,0BAA0B,EAC1B,gBAAgB,EAChB,oBAAoB,EACrB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAmCrC,qBAAa,sBAAuB,SAAQ,6BAA8B,YAAW,0BAA0B;IAC7G,QAAQ,CAAC,YAAY,WAAW;IAChC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAA0B;IACtD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAA+B;gBAG3D,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,WAAW,EACnB,WAAW,EAAE,WAAW,EACxB,iBAAiB,EAAE,iBAAiB,EACpC,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,cAAc,EAC9B,eAAe,EAAE,0BAA0B,EAC3C,iBAAiB,EAAE,iBAAiB,EAEpC,UAAU,EAAE,GAAG,CAAC,MAAM,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC,EAChE,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,EAEpC,wBAAwB,CAAC,EAAE,wBAAwB,EAEnD,YAAY,CAAC,EAAE,gBAAgB,EAE/B,oBAAoB,CAAC,EAAE,oBAAoB,EAE3C,aAAa,CAAC,EAAE,qBAAqB;IA0DjC,UAAU,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;cAkBjC,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;cAyBxE,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,YAAY,CAAC,EAAE,MAAM,EACrB,WAAW,CAAC,EAAE,OAAO,GACpB,OAAO,CAAC,gBAAgB,CAAC;CAwC7B"}

package/dist/src/apple-social-auth.service.js

@@ -0,0 +1,91 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AppleSocialAuthService = void 0;
+const core_1 = require("@nauth-toolkit/core");
+const internal_1 = require("@nauth-toolkit/core/internal");
+const apple_oauth_client_1 = require("./apple-oauth.client");
+const token_verifier_service_1 = require("./token-verifier.service");
+class AppleSocialAuthService extends internal_1.BaseSocialAuthProviderService {
+    providerName = 'apple';
+    oauthClient;
+    tokenVerifier;
+    constructor(config, logger, authService, socialAuthService, jwtService, sessionService, challengeHelper, clientInfoService, stateStore, userRepository, phoneVerificationService, auditService, trustedDeviceService, tokenVerifier) {
+        super(config, logger, authService, socialAuthService, jwtService, sessionService, challengeHelper, clientInfoService, stateStore, userRepository, phoneVerificationService, auditService, trustedDeviceService);
+        const providerConfig = this.getProviderConfig();
+        if (!providerConfig || !providerConfig.enabled) {
+            this.oauthClient = null;
+            this.tokenVerifier = null;
+            return;
+        }
+        if (!providerConfig.clientId) {
+            this.oauthClient = null;
+            this.tokenVerifier = null;
+            return;
+        }
+        this.oauthClient = new apple_oauth_client_1.AppleOAuthClient({
+            clientId: providerConfig.clientId,
+            clientSecret: providerConfig.clientSecret || '',
+            redirectUri: providerConfig.callbackUrl || '',
+            scopes: providerConfig.scopes || ['name', 'email'],
+        });
+        this.tokenVerifier =
+            tokenVerifier ||
+                new token_verifier_service_1.TokenVerifierService(config) ||
+                this.config.tokenVerifier ||
+                null;
+        this.logger?.debug?.('AppleSocialAuthService initialized');
+    }
+    async getAuthUrl(state) {
+        if (!this.oauthClient) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_CONFIG_MISSING, 'Apple OAuth is not enabled');
+        }
+        const finalState = state || this.generateState();
+        return this.oauthClient.getAuthorizationUrl(finalState);
+    }
+    async getOAuthProfile(code, _state) {
+        if (!this.oauthClient) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_CONFIG_MISSING, 'Apple OAuth is not enabled');
+        }
+        const providerConfig = this.getProviderConfig();
+        if (!providerConfig || !providerConfig.callbackUrl) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_CONFIG_MISSING, 'Apple OAuth callback URL is not configured');
+        }
+        const tokens = await this.oauthClient.exchangeCodeForToken(code, providerConfig.callbackUrl);
+        return await this.oauthClient.getUserProfile(tokens.accessToken);
+    }
+    async verifyNativeToken(idToken, _accessToken, profileData) {
+        if (!this.tokenVerifier) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_CONFIG_MISSING, 'Apple OAuth is not enabled');
+        }
+        const providerConfig = this.getProviderConfig();
+        if (!providerConfig) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_CONFIG_MISSING, 'Apple OAuth is not configured');
+        }
+        const clientId = providerConfig.clientId || '';
+        if (!this.tokenVerifier.verifyAppleToken) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_CONFIG_MISSING, 'Apple token verifier is not available');
+        }
+        const verified = (await this.tokenVerifier.verifyAppleToken(idToken, clientId));
+        this.logger?.debug?.(`Verified Apple token for: ${verified.email}`);
+        if (!verified.email || !verified.email_verified) {
+            throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_EMAIL_REQUIRED, 'Email is required and must be verified by Apple.');
+        }
+        const profileDataTyped = profileData;
+        return {
+            id: verified.sub,
+            email: verified.email,
+            firstName: profileDataTyped?.firstName || null,
+            lastName: profileDataTyped?.lastName || null,
+            picture: null,
+            verified: verified.email_verified,
+            raw: {
+                sub: verified.sub,
+                email: verified.email,
+                email_verified: verified.email_verified,
+                is_private_email: verified.is_private_email,
+            },
+        };
+    }
+}
+exports.AppleSocialAuthService = AppleSocialAuthService;
+//# sourceMappingURL=apple-social-auth.service.js.map

package/dist/src/apple-social-auth.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"apple-social-auth.service.js","sourceRoot":"","sources":["../../src/apple-social-auth.service.ts"],"names":[],"mappings":";;;AACA,8CAa6B;AAE7B,2DAOsC;AAEtC,6DAAwD;AACxD,qEAA6F;AAiC7F,MAAa,sBAAuB,SAAQ,wCAA6B;IAC9D,YAAY,GAAG,OAAO,CAAC;IACf,WAAW,CAA0B;IACrC,aAAa,CAA+B;IAE7D,YACE,MAAmB,EACnB,MAAmB,EACnB,WAAwB,EACxB,iBAAoC,EACpC,UAAsB,EACtB,cAA8B,EAC9B,eAA2C,EAC3C,iBAAoC,EAEpC,UAAgE,EAChE,cAAoC,EAEpC,wBAAmD,EAEnD,YAA+B,EAE/B,oBAA2C,EAE3C,aAAqC;QAErC,KAAK,CACH,MAAM,EACN,MAAM,EACN,WAAW,EACX,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,wBAAwB,EACxB,YAAY,EACZ,oBAAoB,CACrB,CAAC;QAGF,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAChD,IAAI,CAAC,cAAc,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;YAC/C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC;YAE7B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAC1B,OAAO;QACT,CAAC;QAID,IAAI,CAAC,WAAW,GAAG,IAAI,qCAAgB,CAAC;YACtC,QAAQ,EAAE,cAAc,CAAC,QAAQ;YACjC,YAAY,EAAE,cAAc,CAAC,YAAY,IAAI,EAAE;YAC/C,WAAW,EAAE,cAAc,CAAC,WAAW,IAAI,EAAE;YAC7C,MAAM,EAAE,cAAc,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC;SACnD,CAAC,CAAC;QAGH,IAAI,CAAC,aAAa;YAChB,aAAa;gBACb,IAAI,6CAAyB,CAAC,MAAM,CAAC;gBACpC,IAAI,CAAC,MAAoD,CAAC,aAAa;gBACxE,IAAI,CAAC;QAEP,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,oCAAoC,CAAC,CAAC;IAC7D,CAAC;IAQD,KAAK,CAAC,UAAU,CAAC,KAAc;QAC7B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,4BAA4B,CAAC,CAAC;QAC9F,CAAC;QACD,MAAM,UAAU,GAAG,KAAK,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAC1D,CAAC;IAYS,KAAK,CAAC,eAAe,CAAC,IAAY,EAAE,MAAc;QAC1D,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,4BAA4B,CAAC,CAAC;QAC9F,CAAC;QACD,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAChD,IAAI,CAAC,cAAc,IAAI,CAAC,cAAc,CAAC,WAAW,EAAE,CAAC;YACnD,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,4CAA4C,CAAC,CAAC;QAC9G,CAAC;QAGD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,WAAW,CAAC,CAAC;QAG7F,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACnE,CAAC;IAWS,KAAK,CAAC,iBAAiB,CAC/B,OAAe,EACf,YAAqB,EACrB,WAAqB;QAErB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,4BAA4B,CAAC,CAAC;QAC9F,CAAC;QACD,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAChD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,+BAA+B,CAAC,CAAC;QACjG,CAAC;QAED,MAAM,QAAQ,GAAG,cAAc,CAAC,QAAQ,IAAI,EAAE,CAAC;QAC/C,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,EAAE,CAAC;YACzC,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,uCAAuC,CAAC,CAAC;QACzG,CAAC;QAGD,MAAM,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAA8B,CAAC;QAC7G,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,6BAA6B,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;QAGpE,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;YAChD,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,kDAAkD,CAAC,CAAC;QACpH,CAAC;QAGD,MAAM,gBAAgB,GAAG,WAAoE,CAAC;QAC9F,OAAO;YACL,EAAE,EAAE,QAAQ,CAAC,GAAG;YAChB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,SAAS,EAAE,gBAAgB,EAAE,SAAS,IAAI,IAAI;YAC9C,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,IAAI,IAAI;YAC5C,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,QAAQ,CAAC,cAAc;YACjC,GAAG,EAAE;gBACH,GAAG,EAAE,QAAQ,CAAC,GAAG;gBACjB,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,cAAc,EAAE,QAAQ,CAAC,cAAc;gBACvC,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;aACN;SACxC,CAAC;IACJ,CAAC;CACF;AAzKD,wDAyKC"}

package/dist/src/dto/social-login.dto.d.ts

@@ -0,0 +1,47 @@
+export declare enum SocialProvider {
+    GOOGLE = "google",
+    APPLE = "apple",
+    FACEBOOK = "facebook"
+}
+export declare class SocialLoginDTO {
+    provider: SocialProvider;
+    state?: string;
+}
+export declare class SocialCallbackDTO {
+    provider: SocialProvider;
+    code: string;
+    state: string;
+    error?: string;
+    error_description?: string;
+}
+export declare class LinkSocialAccountDTO {
+    provider: SocialProvider;
+    code: string;
+    state: string;
+}
+export declare class UnlinkSocialAccountDTO {
+    provider: SocialProvider;
+}
+export declare class SocialLoginResponseDTO {
+    accessToken: string;
+    refreshToken: string;
+    accessTokenExpiresAt: number;
+    refreshTokenExpiresAt: number;
+    user: {
+        sub: string;
+        email: string;
+        firstName?: string;
+        lastName?: string;
+        isEmailVerified: boolean;
+        socialProviders?: string[];
+    };
+}
+export declare class SocialAccountsResponseDTO {
+    accounts: Array<{
+        provider: string;
+        providerEmail?: string;
+        linkedAt: Date;
+        lastUsedAt?: Date;
+    }>;
+}
+//# sourceMappingURL=social-login.dto.d.ts.map

package/dist/src/dto/social-login.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"social-login.dto.d.ts","sourceRoot":"","sources":["../../../src/dto/social-login.dto.ts"],"names":[],"mappings":"AAKA,oBAAY,cAAc;IACxB,MAAM,WAAW;IACjB,KAAK,UAAU;IACf,QAAQ,aAAa;CACtB;AAcD,qBAAa,cAAc;IASzB,QAAQ,EAAG,cAAc,CAAC;IAc1B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAeD,qBAAa,iBAAiB;IAS5B,QAAQ,EAAG,cAAc,CAAC;IAa1B,IAAI,EAAG,MAAM,CAAC;IAad,KAAK,EAAG,MAAM,CAAC;IAaf,KAAK,CAAC,EAAE,MAAM,CAAC;IAaf,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAeD,qBAAa,oBAAoB;IAS/B,QAAQ,EAAG,cAAc,CAAC;IAa1B,IAAI,EAAG,MAAM,CAAC;IAad,KAAK,EAAG,MAAM,CAAC;CAChB;AAaD,qBAAa,sBAAsB;IASjC,QAAQ,EAAG,cAAc,CAAC;CAC3B;AAwBD,qBAAa,sBAAsB;IAUjC,WAAW,EAAG,MAAM,CAAC;IAWrB,YAAY,EAAG,MAAM,CAAC;IAStB,oBAAoB,EAAG,MAAM,CAAC;IAS9B,qBAAqB,EAAG,MAAM,CAAC;IAc/B,IAAI,EAAG;QACL,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,OAAO,CAAC;QACzB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;KAC5B,CAAC;CACH;AAqBD,qBAAa,yBAAyB;IAIpC,QAAQ,EAAG,KAAK,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,QAAQ,EAAE,IAAI,CAAC;QACf,UAAU,CAAC,EAAE,IAAI,CAAC;KACnB,CAAC,CAAC;CACJ"}