@nextsparkjs/core 0.1.0-beta.100 → 0.1.0-beta.101

package/dist/components/auth/forms/LoginForm.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"LoginForm.d.ts","sourceRoot":"","sources":["../../../../src/components/auth/forms/LoginForm.tsx"],"names":[],"mappings":"AAmGA,wBAAgB,SAAS,4CA0XxB"}
+{"version":3,"file":"LoginForm.d.ts","sourceRoot":"","sources":["../../../../src/components/auth/forms/LoginForm.tsx"],"names":[],"mappings":"AAmGA,wBAAgB,SAAS,4CA4YxB"}

package/dist/components/auth/forms/LoginForm.js

@@ -22,7 +22,7 @@ import { sel } from "../../../lib/test/index.js";
 import { useTranslations } from "next-intl";
 import { AuthTranslationPreloader } from "../../../lib/i18n/AuthTranslationPreloader.js";
 import { DevKeyring } from "../DevKeyring.js";
-import { DEV_CONFIG } from "../../../lib/config/config-sync.js";
+import { DEV_CONFIG, PUBLIC_AUTH_CONFIG } from "../../../lib/config/config-sync.js";
 function getErrorMessageFromCode(error, t, context) {
   const authError = error;
   const errorCode = authError.code || getErrorCodeFromMessage(error.message);
@@ -81,11 +81,16 @@ const loginSchema = z.object({
   password: z.string().min(6, "Password must be at least 6 characters")
 });
 function LoginForm() {
-  var _a;
+  var _a, _b, _c;
+  const registrationMode = PUBLIC_AUTH_CONFIG.registration.mode;
+  const googleEnabled = PUBLIC_AUTH_CONFIG.providers.google.enabled;
+  const signupVisible = registrationMode === "open";
+  const devKeyringActive = process.env.NODE_ENV !== "production" && !!((_b = (_a = DEV_CONFIG) == null ? void 0 : _a.devKeyring) == null ? void 0 : _b.enabled);
+  const emailLoginAllowed = registrationMode !== "domain-restricted" || devKeyringActive;
   const [loadingProvider, setLoadingProvider] = useState(null);
   const [error, setError] = useState(null);
   const [statusMessage, setStatusMessage] = useState("");
-  const [showEmailForm, setShowEmailForm] = useState(false);
+  const [showEmailForm, setShowEmailForm] = useState(!googleEnabled);
   const isProcessingRef = useRef(false);
   const { signIn, googleSignIn } = useAuth();
   const { lastMethod, isReady } = useLastAuthMethod();
@@ -197,7 +202,7 @@ function LoginForm() {
               /* @__PURE__ */ jsx(Users, { className: "h-4 w-4" }),
               /* @__PURE__ */ jsx(AlertDescription, { children: t("login.inviteBanner") })
             ] }),
-            isReady && lastMethod === "google" ? /* @__PURE__ */ jsx(LastUsedBadge, { text: t("login.form.lastUsed"), children: /* @__PURE__ */ jsxs(
+            googleEnabled && /* @__PURE__ */ jsx(Fragment, { children: isReady && lastMethod === "google" ? /* @__PURE__ */ jsx(LastUsedBadge, { text: t("login.form.lastUsed"), children: /* @__PURE__ */ jsxs(
               Button,
               {
                 type: "button",
@@ -227,8 +232,8 @@ function LoginForm() {
                   t("login.form.continueWithGoogle")
                 ]
               }
-            ),
-            !showEmailForm && /* @__PURE__ */ jsx("div", { className: "text-center", children: isReady && lastMethod === "email" ? /* @__PURE__ */ jsx(LastUsedBadge, { text: t("login.form.lastUsed"), children: /* @__PURE__ */ jsx(
+            ) }),
+            !showEmailForm && googleEnabled && emailLoginAllowed && /* @__PURE__ */ jsx("div", { className: "text-center", children: isReady && lastMethod === "email" ? /* @__PURE__ */ jsx(LastUsedBadge, { text: t("login.form.lastUsed"), children: /* @__PURE__ */ jsx(
               "button",
               {
                 type: "button",
@@ -249,7 +254,7 @@ function LoginForm() {
                 children: t("login.form.loginWithEmail", { defaultValue: "Sign in with Email" })
               }
             ) }),
-            showEmailForm && /* @__PURE__ */ jsxs(Fragment, { children: [
+            showEmailForm && emailLoginAllowed && /* @__PURE__ */ jsxs(Fragment, { children: [
               /* @__PURE__ */ jsxs("div", { className: "relative my-6", children: [
                 /* @__PURE__ */ jsx("div", { className: "absolute inset-0 flex items-center", children: /* @__PURE__ */ jsx(Separator, { className: "w-full" }) }),
                 /* @__PURE__ */ jsx("div", { className: "relative flex justify-center text-xs uppercase", children: /* @__PURE__ */ jsx("span", { className: "bg-background px-2 text-muted-foreground", children: t("login.form.orContinueWith") }) })
@@ -403,7 +408,7 @@ function LoginForm() {
                       }
                     ),
                     /* @__PURE__ */ jsx("div", { id: "submit-help", className: "sr-only", children: t("login.form.submitHelp") }),
-                    /* @__PURE__ */ jsx("div", { className: "text-center mt-4", children: /* @__PURE__ */ jsx(
+                    googleEnabled && /* @__PURE__ */ jsx("div", { className: "text-center mt-4", children: /* @__PURE__ */ jsx(
                       "button",
                       {
                         type: "button",
@@ -418,7 +423,7 @@ function LoginForm() {
               )
             ] })
           ] }),
-          /* @__PURE__ */ jsx(
+          signupVisible && /* @__PURE__ */ jsx(
             CardFooter,
             {
               "data-cy": sel("auth.login.footer"),
@@ -441,7 +446,7 @@ function LoginForm() {
         ]
       }
     ),
-    ((_a = DEV_CONFIG) == null ? void 0 : _a.devKeyring) && /* @__PURE__ */ jsx(DevKeyring, { config: DEV_CONFIG.devKeyring })
+    ((_c = DEV_CONFIG) == null ? void 0 : _c.devKeyring) && /* @__PURE__ */ jsx(DevKeyring, { config: DEV_CONFIG.devKeyring })
   ] });
 }
 export {

package/dist/components/auth/forms/SignupForm.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SignupForm.d.ts","sourceRoot":"","sources":["../../../../src/components/auth/forms/SignupForm.tsx"],"names":[],"mappings":"AA4BA,wBAAgB,UAAU,4CA0fzB"}
+{"version":3,"file":"SignupForm.d.ts","sourceRoot":"","sources":["../../../../src/components/auth/forms/SignupForm.tsx"],"names":[],"mappings":"AA6BA,wBAAgB,UAAU,4CA8fzB"}

package/dist/components/auth/forms/SignupForm.js

@@ -19,6 +19,7 @@ import { signupSchema } from "../../../lib/validation.js";
 import { sel } from "../../../lib/test/index.js";
 import { useTranslations } from "next-intl";
 import { AuthTranslationPreloader } from "../../../lib/i18n/AuthTranslationPreloader.js";
+import { PUBLIC_AUTH_CONFIG } from "../../../lib/config/config-sync.js";
 import { toast } from "sonner";
 function SignupForm() {
   const router = useRouter();
@@ -438,30 +439,32 @@ function SignupForm() {
                 }
               )
             ] }),
-            /* @__PURE__ */ jsxs("div", { className: "relative my-4", children: [
-              /* @__PURE__ */ jsx("div", { className: "absolute inset-0 flex items-center", children: /* @__PURE__ */ jsx(Separator, { className: "w-full" }) }),
-              /* @__PURE__ */ jsx("div", { className: "relative flex justify-center text-xs uppercase", children: /* @__PURE__ */ jsx("span", { className: "bg-background px-2 text-muted-foreground", children: "Or continue with" }) })
-            ] }),
-            /* @__PURE__ */ jsxs(
-              Button,
-              {
-                type: "button",
-                variant: "outline",
-                onClick: handleGoogleSignUp,
-                disabled: !!loadingProvider,
-                className: "w-full",
-                "data-cy": sel("auth.signup.googleButton"),
-                children: [
-                  loadingProvider === "google" ? /* @__PURE__ */ jsx(Loader2, { className: "mr-2 h-4 w-4 animate-spin" }) : /* @__PURE__ */ jsxs("svg", { className: "mr-2 h-4 w-4", viewBox: "0 0 24 24", children: [
-                    /* @__PURE__ */ jsx("path", { fill: "#4285F4", d: "M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z" }),
-                    /* @__PURE__ */ jsx("path", { fill: "#34A853", d: "M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z" }),
-                    /* @__PURE__ */ jsx("path", { fill: "#FBBC05", d: "M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z" }),
-                    /* @__PURE__ */ jsx("path", { fill: "#EA4335", d: "M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z" })
-                  ] }),
-                  "Continue with Google"
-                ]
-              }
-            )
+            PUBLIC_AUTH_CONFIG.providers.google.enabled && /* @__PURE__ */ jsxs(Fragment, { children: [
+              /* @__PURE__ */ jsxs("div", { className: "relative my-4", children: [
+                /* @__PURE__ */ jsx("div", { className: "absolute inset-0 flex items-center", children: /* @__PURE__ */ jsx(Separator, { className: "w-full" }) }),
+                /* @__PURE__ */ jsx("div", { className: "relative flex justify-center text-xs uppercase", children: /* @__PURE__ */ jsx("span", { className: "bg-background px-2 text-muted-foreground", children: "Or continue with" }) })
+              ] }),
+              /* @__PURE__ */ jsxs(
+                Button,
+                {
+                  type: "button",
+                  variant: "outline",
+                  onClick: handleGoogleSignUp,
+                  disabled: !!loadingProvider,
+                  className: "w-full",
+                  "data-cy": sel("auth.signup.googleButton"),
+                  children: [
+                    loadingProvider === "google" ? /* @__PURE__ */ jsx(Loader2, { className: "mr-2 h-4 w-4 animate-spin" }) : /* @__PURE__ */ jsxs("svg", { className: "mr-2 h-4 w-4", viewBox: "0 0 24 24", children: [
+                      /* @__PURE__ */ jsx("path", { fill: "#4285F4", d: "M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z" }),
+                      /* @__PURE__ */ jsx("path", { fill: "#34A853", d: "M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z" }),
+                      /* @__PURE__ */ jsx("path", { fill: "#FBBC05", d: "M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z" }),
+                      /* @__PURE__ */ jsx("path", { fill: "#EA4335", d: "M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z" })
+                    ] }),
+                    "Continue with Google"
+                  ]
+                }
+              )
+            ] })
           ] }),
           /* @__PURE__ */ jsx(
             CardFooter,

package/dist/components/auth/pages/AuthErrorPage.d.ts

@@ -0,0 +1,2 @@
+export declare function AuthErrorPage(): import("react/jsx-runtime").JSX.Element;
+//# sourceMappingURL=AuthErrorPage.d.ts.map

package/dist/components/auth/pages/AuthErrorPage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthErrorPage.d.ts","sourceRoot":"","sources":["../../../../src/components/auth/pages/AuthErrorPage.tsx"],"names":[],"mappings":"AAOA,wBAAgB,aAAa,4CAiD5B"}

package/dist/components/auth/pages/AuthErrorPage.js

@@ -0,0 +1,44 @@
+"use client";
+import { jsx, jsxs } from "react/jsx-runtime";
+import { useSearchParams } from "next/navigation";
+import { useTranslations } from "next-intl";
+import { ShieldAlert, ArrowLeft } from "lucide-react";
+import { Button } from "../../ui/button.js";
+function AuthErrorPage() {
+  const searchParams = useSearchParams();
+  const t = useTranslations("auth.error");
+  const error = searchParams.get("error");
+  const code = (error == null ? void 0 : error.toLowerCase()) ?? "";
+  const isAccountError = code === "unable_to_create_user" || code === "unable_to_create_session" || code === "user_not_found";
+  const titleKey = isAccountError ? "unable_to_create.title" : "generic.title";
+  const descriptionKey = isAccountError ? "unable_to_create.description" : "generic.description";
+  return /* @__PURE__ */ jsxs("div", { className: "space-y-6", "data-cy": "auth-error-page", children: [
+    /* @__PURE__ */ jsx("div", { className: "flex justify-center", children: /* @__PURE__ */ jsx("div", { className: "rounded-full p-4 bg-destructive/10", children: /* @__PURE__ */ jsx(ShieldAlert, { className: "h-8 w-8 text-destructive", strokeWidth: 1.5 }) }) }),
+    /* @__PURE__ */ jsxs("div", { className: "text-center space-y-2", children: [
+      /* @__PURE__ */ jsx(
+        "h1",
+        {
+          className: "text-xl font-semibold text-foreground",
+          "data-cy": "auth-error-title",
+          children: t(titleKey)
+        }
+      ),
+      /* @__PURE__ */ jsx("p", { className: "text-sm text-muted-foreground leading-relaxed", children: t(descriptionKey) })
+    ] }),
+    /* @__PURE__ */ jsx("div", { className: "flex flex-col gap-2 pt-2", children: /* @__PURE__ */ jsx(
+      Button,
+      {
+        asChild: true,
+        className: "w-full",
+        "data-cy": "auth-error-back-to-login",
+        children: /* @__PURE__ */ jsxs("a", { href: "/login", children: [
+          /* @__PURE__ */ jsx(ArrowLeft, { className: "mr-2 h-4 w-4" }),
+          t("backToLogin")
+        ] })
+      }
+    ) })
+  ] });
+}
+export {
+  AuthErrorPage
+};

package/dist/lib/auth/registration-guard-plugin.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Better Auth Plugin: Registration Guard
+ *
+ * This plugin intercepts OAuth signup attempts BEFORE user creation to enforce
+ * registration mode restrictions at the earliest possible point.
+ *
+ * Security layers:
+ * 1. This plugin (OAuth pre-validation)
+ * 2. API route handler (endpoint blocking)
+ * 3. Database hooks (final validation)
+ */
+import type { BetterAuthPlugin } from 'better-auth';
+export declare const registrationGuardPlugin: () => BetterAuthPlugin;
+//# sourceMappingURL=registration-guard-plugin.d.ts.map

package/dist/lib/auth/registration-guard-plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registration-guard-plugin.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/registration-guard-plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAEpD,eAAO,MAAM,uBAAuB,QAAO,gBA2C1C,CAAC"}

package/dist/lib/auth/registration-guard-plugin.js

@@ -0,0 +1,37 @@
+import { AUTH_CONFIG } from "../config/index.js";
+import { TeamService } from "../services/team.service.js";
+const registrationGuardPlugin = () => {
+  return {
+    id: "registration-guard",
+    hooks: {
+      before: [
+        {
+          // Intercept social signup attempts
+          matcher: (ctx) => {
+            const path = ctx.path || "";
+            return path.includes("/sign-up/social") || path.includes("/callback/") || path.includes("/sign-up");
+          },
+          handler: async (ctx) => {
+            var _a, _b;
+            const registrationMode = ((_b = (_a = AUTH_CONFIG) == null ? void 0 : _a.registration) == null ? void 0 : _b.mode) ?? "open";
+            if (registrationMode === "invitation-only") {
+              const request = ctx.request;
+              const url = new URL(request.url);
+              const hasInviteToken = request.headers.get("x-invite-token") || url.searchParams.get("inviteToken");
+              if (!hasInviteToken) {
+                const teamExists = await TeamService.hasGlobal();
+                if (teamExists) {
+                  throw new Error("SIGNUP_RESTRICTED: Registration requires an invitation. Use an invite link or contact an administrator.");
+                }
+              }
+            }
+            return ctx;
+          }
+        }
+      ]
+    }
+  };
+};
+export {
+  registrationGuardPlugin
+};

package/dist/lib/auth/registration-helpers.d.ts

@@ -0,0 +1,65 @@
+/**
+ * Registration Helper Functions
+ *
+ * Pure helper functions for registration mode logic.
+ * These functions have no side effects and can be used
+ * on both server and client (where appropriate).
+ */
+import type { AuthConfig, RegistrationMode, PublicAuthConfig } from '../config/types';
+/**
+ * Check if public registration (self-signup) is allowed.
+ *
+ * Only 'open' mode allows unrestricted public registration.
+ * 'domain-restricted' allows registration only via Google OAuth for allowed domains.
+ */
+export declare function isRegistrationOpen(mode: RegistrationMode): boolean;
+/**
+ * Check if an email domain is in the allowed domains list.
+ * Returns false if allowedDomains is empty — callers should handle
+ * the empty-list case separately (e.g., skip validation entirely).
+ *
+ * @param email - Full email address (e.g., "user@nextspark.dev")
+ * @param allowedDomains - List of allowed domains without @ (e.g., ["nextspark.dev"])
+ * @returns true if the email domain is allowed
+ */
+export declare function isDomainAllowed(email: string, allowedDomains: string[]): boolean;
+/**
+ * Check if Google OAuth should be enabled based on auth config.
+ *
+ * Google is disabled when:
+ * - providers.google.enabled is explicitly false
+ * - GOOGLE_CLIENT_ID env var is not set (runtime check, not done here)
+ */
+export declare function isGoogleAuthEnabled(authConfig: AuthConfig): boolean;
+/**
+ * Check if the signup page should be accessible.
+ *
+ * Signup page is hidden for:
+ * - 'domain-restricted': Registration happens via Google OAuth on login page
+ * - 'invitation-only': Only accessible with valid invite params
+ */
+export declare function isSignupPageVisible(mode: RegistrationMode): boolean;
+/**
+ * Check if email+password signup form should be shown.
+ */
+export declare function isEmailSignupEnabled(mode: RegistrationMode): boolean;
+/**
+ * Check if signup should be blocked entirely (server-side enforcement).
+ *
+ * In 'domain-restricted' mode, email+password signup is blocked
+ * but Google OAuth may be allowed (with domain check).
+ */
+export declare function shouldBlockSignup(mode: RegistrationMode, isOAuth: boolean): boolean;
+/**
+ * Check if email+password login should be visible on the login page.
+ *
+ * In 'domain-restricted' mode, only Google OAuth is shown — email login is hidden
+ * because new users cannot register via email and the UX is simplified to Google-only.
+ */
+export declare function isEmailLoginVisible(mode: RegistrationMode): boolean;
+/**
+ * Build a PublicAuthConfig from the full AuthConfig.
+ * Strips sensitive data (allowedDomains) for client exposure.
+ */
+export declare function getPublicAuthConfig(authConfig: AuthConfig): PublicAuthConfig;
+//# sourceMappingURL=registration-helpers.d.ts.map

package/dist/lib/auth/registration-helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registration-helpers.d.ts","sourceRoot":"","sources":["../../../src/lib/auth/registration-helpers.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAErF;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAElE;AAED;;;;;;;;GAQG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,OAAO,CAShF;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAEnE;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAEnE;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAEpE;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,gBAAgB,EACtB,OAAO,EAAE,OAAO,GACf,OAAO,CAGT;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAEnE;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,UAAU,GAAG,gBAAgB,CAW5E"}

package/dist/lib/auth/registration-helpers.js

@@ -0,0 +1,51 @@
+function isRegistrationOpen(mode) {
+  return mode === "open";
+}
+function isDomainAllowed(email, allowedDomains) {
+  var _a;
+  if (!allowedDomains.length) return false;
+  const domain = (_a = email.split("@")[1]) == null ? void 0 : _a.toLowerCase();
+  if (!domain) return false;
+  return allowedDomains.some(
+    (allowed) => domain === allowed.toLowerCase()
+  );
+}
+function isGoogleAuthEnabled(authConfig) {
+  var _a, _b;
+  return ((_b = (_a = authConfig.providers) == null ? void 0 : _a.google) == null ? void 0 : _b.enabled) !== false;
+}
+function isSignupPageVisible(mode) {
+  return mode === "open";
+}
+function isEmailSignupEnabled(mode) {
+  return mode === "open";
+}
+function shouldBlockSignup(mode, isOAuth) {
+  if (mode === "domain-restricted" && !isOAuth) return true;
+  return false;
+}
+function isEmailLoginVisible(mode) {
+  return mode !== "domain-restricted";
+}
+function getPublicAuthConfig(authConfig) {
+  return {
+    registration: {
+      mode: authConfig.registration.mode
+    },
+    providers: {
+      google: {
+        enabled: isGoogleAuthEnabled(authConfig)
+      }
+    }
+  };
+}
+export {
+  getPublicAuthConfig,
+  isDomainAllowed,
+  isEmailLoginVisible,
+  isEmailSignupEnabled,
+  isGoogleAuthEnabled,
+  isRegistrationOpen,
+  isSignupPageVisible,
+  shouldBlockSignup
+};

package/dist/lib/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/lib/auth.ts"],"names":[],"mappings":"AAKA,OAAO,EAAmE,KAAK,QAAQ,EAAE,MAAM,UAAU,CAAC;AA+C1G,eAAO,MAAM,IAAI;;;;kGAiSy1zgB,CAAC;oBAAyB,CAAC;;sBAAqD,CAAC;;qBAA4D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kGAA8pD,CAAC;oBAAyB,CAAC;;sBAAqD,CAAC;;qBAA4D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAAu1C,CAAC;sCAA4D,CAAC;oCAA0D,CAAC;mCAAyD,CAAC;2BAAkD,CAAC;;6BAAwE,CAAC;mCAAyD,CAAC;oCAA0D,CAAC;iCAAuD,CAAC;;0BAAmF,CAAC;iCAAyD,CAAC;6BAAoD,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAAs7N,CAAC;wBAA4B,CAAC;yBAA+C,CAAC;6BAAmD,CAAC;qCAA2D,CAAC;yBAA+C,CAAC;wBAA8C,CAAC;;;;;qBAAsJ,CAAC;wBAA4B,CAAC;yBAA+C,CAAC;6BAAmD,CAAC;qCAA2D,CAAC;yBAA+C,CAAC;wBAA8C,CAAC;;;;;;;uBAA6L,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sCAAyqD,CAAC;kCAA6C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAAklJ,CAAC;;sBAAqD,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;;;0BAA+G,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAA8j9B,CAAC;8BAAoD,CAAC;;;sBAAkF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAA45K,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yBAA28D,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;yBAA6B,CAAC;;;sBAA6F,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAA82D,CAAC;;sBAAqD,CAAC;;;;+BAAkI,CAAC;;;sBAAiF,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAA0vL,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAA+7H,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;qCAAoiC,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;uCAAi3D,CAAC;;;sBAAkF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAA2wD,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sBAAiuI,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;qCAA6jC,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAi0Z,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAAkgF,CAAC;4BAAkD,CAAC;yBAA+C,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;qCAAi7B,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAAs+D,CAAC;;sBAAqD,CAAC;;;;;;;;;;uBAAuQ,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAA2wD,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAA05D,CAAC;;sBAAqD,CAAC;;;;;;;;;;uBAAuQ,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAuiI,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sBAAiyC,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;;;0BAA+G,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;qCAAi+B,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAAmrE,CAAC;;sBAAqD,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;;;0BAA+G,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;qCAAy2B,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAAu8C,CAAC;;sBAAqD,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;;;0BAA+G,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;qCAA+4B,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAA++C,CAAC;2BAAiD,CAAC;;6BAAwE,CAAC;mCAAyD,CAAC;oCAA0D,CAAC;8BAAoD,CAAC;;iCAA4F,CAAC;0BAAiD,CAAC;oCAA4D,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;;;0BAA+G,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAA80E,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kGAAwyD,CAAC;oBAAyB,CAAC;;sBAAqD,CAAC;;qBAA4D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAqtC,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAA0uF,CAAC;;sBAAqD,CAAC;;;;+BAAkI,CAAC;;;sBAAiF,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6BAAg7E,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;qCAAqiC,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6BAAy1C,CAAC;0BAAgD,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6BAAi6F,CAAC;0BAAgD,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sBAAgzG,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;4BAAoS,CAAC;6BAAuC,CAAC;6BAA8C,CAAC;;;;;;;;wBAAqQ,CAAC;yBAAmC,CAAC;yBAA0C,CAAC;;;;;;;;;;;;;;;;qCAA0rB,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAjDl+qqB,CAAC;AAEH,MAAM,MAAM,OAAO,GAAG,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;AACjD,MAAM,MAAM,WAAW,GAAG,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG;IAC1D,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,kBAAkB,EAAE,QAAQ,EAAE,CAAC;CAC/C,CAAC;AAEF;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAC5B,IAAI,EAAE,WAAW,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAO9B"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/lib/auth.ts"],"names":[],"mappings":"AAKA,OAAO,EAAgF,KAAK,QAAQ,EAAE,MAAM,UAAU,CAAC;AAiDvH,eAAO,MAAM,IAAI;;;;kGA6Vi5tgB,CAAC;oBAAyB,CAAC;;sBAAqD,CAAC;;qBAA4D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kGAA8pD,CAAC;oBAAyB,CAAC;;sBAAqD,CAAC;;qBAA4D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAAu1C,CAAC;sCAA4D,CAAC;oCAA0D,CAAC;mCAAyD,CAAC;2BAAkD,CAAC;;6BAAwE,CAAC;mCAAyD,CAAC;oCAA0D,CAAC;iCAAuD,CAAC;;0BAAmF,CAAC;iCAAyD,CAAC;6BAAoD,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAAs7N,CAAC;wBAA4B,CAAC;yBAA+C,CAAC;6BAAmD,CAAC;qCAA2D,CAAC;yBAA+C,CAAC;wBAA8C,CAAC;;;;;qBAAsJ,CAAC;wBAA4B,CAAC;yBAA+C,CAAC;6BAAmD,CAAC;qCAA2D,CAAC;yBAA+C,CAAC;wBAA8C,CAAC;;;;;;;uBAA6L,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sCAAyqD,CAAC;kCAA6C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAAklJ,CAAC;;sBAAqD,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;;;0BAA+G,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAA8j9B,CAAC;8BAAoD,CAAC;;;sBAAkF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAA45K,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yBAA28D,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;yBAA6B,CAAC;;;sBAA6F,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAA82D,CAAC;;sBAAqD,CAAC;;;;+BAAkI,CAAC;;;sBAAiF,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAA0vL,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAA+7H,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;qCAAoiC,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;uCAAi3D,CAAC;;;sBAAkF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAA2wD,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sBAAiuI,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;qCAA6jC,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAi0Z,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAAkgF,CAAC;4BAAkD,CAAC;yBAA+C,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;qCAAi7B,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAAs+D,CAAC;;sBAAqD,CAAC;;;;;;;;;;uBAAuQ,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAA2wD,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAA05D,CAAC;;sBAAqD,CAAC;;;;;;;;;;uBAAuQ,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAuiI,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sBAAiyC,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;;;0BAA+G,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;qCAAi+B,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAAmrE,CAAC;;sBAAqD,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;;;0BAA+G,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;qCAAy2B,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAAu8C,CAAC;;sBAAqD,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;;;0BAA+G,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;qCAA+4B,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAA++C,CAAC;2BAAiD,CAAC;;6BAAwE,CAAC;mCAAyD,CAAC;oCAA0D,CAAC;8BAAoD,CAAC;;iCAA4F,CAAC;0BAAiD,CAAC;oCAA4D,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;;;0BAA+G,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAA80E,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kGAAwyD,CAAC;oBAAyB,CAAC;;sBAAqD,CAAC;;qBAA4D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAqtC,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBAA0uF,CAAC;;sBAAqD,CAAC;;;;+BAAkI,CAAC;;;sBAAiF,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6BAAg7E,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;qCAAqiC,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6BAAy1C,CAAC;0BAAgD,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6BAAi6F,CAAC;0BAAgD,CAAC;;;sBAAiF,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sBAAgzG,CAAC;;qBAA6D,CAAC;;sBAA2E,CAAC;;uBAAgE,CAAC;;uBAAoD,CAAC;;0BAA2D,CAAC;6BAAwC,CAAC;mBAA8B,CAAC;oBAAgD,CAAC;;0BAAsD,CAAC;6BAAuD,CAAC;;;;;;4BAAoS,CAAC;6BAAuC,CAAC;6BAA8C,CAAC;;;;;;;;wBAAqQ,CAAC;yBAAmC,CAAC;yBAA0C,CAAC;;;;;;;;;;;;;;;;qCAA0rB,CAAC;qCAAkE,CAAC;;;;;;;;;iCAA0Z,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAjD1hlqB,CAAC;AAEH,MAAM,MAAM,OAAO,GAAG,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;AACjD,MAAM,MAAM,WAAW,GAAG,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,GAAG;IAC1D,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,kBAAkB,EAAE,QAAQ,EAAE,CAAC;CAC/C,CAAC;AAEF;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAC5B,IAAI,EAAE,WAAW,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAO9B"}

package/dist/lib/auth.js

@@ -3,10 +3,12 @@ import { Pool } from "pg";
 import { nextCookies } from "better-auth/next-js";
 import { parseSSLConfig, stripSSLParams } from "./db.js";
 import { EmailFactory, emailTemplates } from "./email/index.js";
-import { I18N_CONFIG, USER_ROLES_CONFIG, TEAMS_CONFIG, APP_CONFIG_MERGED } from "./config/index.js";
+import { I18N_CONFIG, USER_ROLES_CONFIG, TEAMS_CONFIG, AUTH_CONFIG, APP_CONFIG_MERGED } from "./config/index.js";
 import { getUserFlags } from "./services/user-flags.service.js";
 import { TeamService } from "./services/team.service.js";
 import { shouldSkipTeamCreation } from "./auth-context.js";
+import { isDomainAllowed } from "./auth/registration-helpers.js";
+import { registrationGuardPlugin } from "./auth/registration-guard-plugin.js";
 import { getCorsOrigins } from "./utils/cors.js";
 const isProd = process.env.NODE_ENV === "production";
 const baseUrl = process.env.BETTER_AUTH_URL || process.env.NEXT_PUBLIC_APP_URL || "http://localhost:5173";
@@ -141,7 +143,13 @@ const auth = betterAuth({
   baseURL: baseUrl,
   // Use unified CORS configuration from app.config.ts + theme extensions + env vars
   trustedOrigins: getCorsOrigins(APP_CONFIG_MERGED),
+  // Redirect auth errors to our custom error page instead of Better Auth's default
+  onAPIError: {
+    errorURL: "/auth-error"
+  },
   plugins: [
+    registrationGuardPlugin(),
+    // Intercept OAuth signup attempts
     nextCookies()
     // MUST be the last plugin for Next.js cookie handling
   ],
@@ -160,6 +168,27 @@ const auth = betterAuth({
   databaseHooks: {
     user: {
       create: {
+        // Validate registration mode before creating user
+        before: async (user) => {
+          var _a, _b, _c, _d;
+          const registrationMode = ((_b = (_a = AUTH_CONFIG) == null ? void 0 : _a.registration) == null ? void 0 : _b.mode) ?? "open";
+          if (registrationMode === "invitation-only") {
+            if (!shouldSkipTeamCreation()) {
+              const existingTeam = await TeamService.getGlobal();
+              if (existingTeam) {
+                throw new Error("SIGNUP_RESTRICTED: Registration requires an invitation. Contact an administrator.");
+              }
+            }
+          }
+          if (registrationMode === "domain-restricted") {
+            const allowedDomains = ((_d = (_c = AUTH_CONFIG) == null ? void 0 : _c.registration) == null ? void 0 : _d.allowedDomains) ?? [];
+            if (allowedDomains.length > 0 && !isDomainAllowed(user.email, allowedDomains)) {
+              console.log(`[Auth] Blocked registration for ${user.email}: domain not in allowedDomains (allowed: ${allowedDomains.join(", ")})`);
+              throw new Error(`DOMAIN_NOT_ALLOWED: Email domain not authorized. Please use an email from: ${allowedDomains.join(", ")}`);
+            }
+          }
+          return user;
+        },
         // Create team when a new user signs up (email/password or OAuth)
         // Team type depends on configured teams mode
         after: async (user) => {
@@ -193,6 +222,30 @@ const auth = betterAuth({
           }
         }
       }
+    },
+    session: {
+      create: {
+        // Enforce domain restrictions on EVERY login (not just signup)
+        before: async (session) => {
+          var _a, _b, _c, _d, _e;
+          const registrationMode = ((_b = (_a = AUTH_CONFIG) == null ? void 0 : _a.registration) == null ? void 0 : _b.mode) ?? "open";
+          if (registrationMode === "domain-restricted") {
+            const allowedDomains = ((_d = (_c = AUTH_CONFIG) == null ? void 0 : _c.registration) == null ? void 0 : _d.allowedDomains) ?? [];
+            if (allowedDomains.length > 0) {
+              const result = await pool.query(
+                "SELECT email FROM users WHERE id = $1 LIMIT 1",
+                [session.userId]
+              );
+              const email = (_e = result.rows[0]) == null ? void 0 : _e.email;
+              if (email && !isDomainAllowed(email, allowedDomains)) {
+                console.log(`[Auth] Blocked sign-in for ${email}: domain not in allowedDomains`);
+                return false;
+              }
+            }
+          }
+          return session;
+        }
+      }
     }
   },
   callbacks: {

package/dist/lib/billing/config-types.d.ts

@@ -40,6 +40,11 @@ export interface PlanDefinition {
     /** Stripe price IDs (P2: Stripe Integration) */
     stripePriceIdMonthly?: string | null;
     stripePriceIdYearly?: string | null;
+    /** Generic price IDs for any payment provider (checked first, falls back to stripe-specific) */
+    providerPriceIds?: {
+        monthly?: string | null;
+        yearly?: string | null;
+    };
 }
 export interface ActionMappings {
     /**

package/dist/lib/billing/config-types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config-types.d.ts","sourceRoot":"","sources":["../../../src/lib/billing/config-types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAMxE,MAAM,WAAW,iBAAiB;IAChC,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAA;IACZ,kDAAkD;IAClD,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,8BAA8B;IAC9B,IAAI,EAAE,MAAM,CAAA;IACZ,qCAAqC;IACrC,IAAI,EAAE,OAAO,GAAG,OAAO,GAAG,OAAO,CAAA;IACjC,sCAAsC;IACtC,WAAW,EAAE,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,QAAQ,CAAA;CACtD;AAMD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,6BAA6B;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,+CAA+C;IAC/C,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,IAAI,EAAE,QAAQ,CAAA;IACd,UAAU,CAAC,EAAE,cAAc,CAAA;IAC3B,KAAK,CAAC,EAAE;QACN,OAAO,EAAE,MAAM,CAAA;QACf,MAAM,EAAE,MAAM,CAAA;KACf,CAAA;IACD,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,wDAAwD;IACxD,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,qDAAqD;IACrD,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC9B,gDAAgD;IAChD,oBAAoB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpC,mBAAmB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CACpC;AAMD,MAAM,WAAW,cAAc;IAC7B;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACpC;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAChC;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAC/B;AAMD,MAAM,WAAW,aAAa;IAC5B,qDAAqD;IACrD,QAAQ,EAAE,eAAe,CAAA;IAEzB,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAA;IAEhB,sCAAsC;IACtC,WAAW,EAAE,MAAM,CAAA;IAEnB,0BAA0B;IAC1B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAA;IAE3C,wBAAwB;IACxB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IAEvC,uBAAuB;IACvB,KAAK,EAAE,cAAc,EAAE,CAAA;IAEvB,uCAAuC;IACvC,cAAc,EAAE,cAAc,CAAA;CAC/B"}
+{"version":3,"file":"config-types.d.ts","sourceRoot":"","sources":["../../../src/lib/billing/config-types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAMxE,MAAM,WAAW,iBAAiB;IAChC,gCAAgC;IAChC,IAAI,EAAE,MAAM,CAAA;IACZ,kDAAkD;IAClD,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,8BAA8B;IAC9B,IAAI,EAAE,MAAM,CAAA;IACZ,qCAAqC;IACrC,IAAI,EAAE,OAAO,GAAG,OAAO,GAAG,OAAO,CAAA;IACjC,sCAAsC;IACtC,WAAW,EAAE,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,QAAQ,CAAA;CACtD;AAMD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,6BAA6B;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,+CAA+C;IAC/C,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,IAAI,EAAE,QAAQ,CAAA;IACd,UAAU,CAAC,EAAE,cAAc,CAAA;IAC3B,KAAK,CAAC,EAAE;QACN,OAAO,EAAE,MAAM,CAAA;QACf,MAAM,EAAE,MAAM,CAAA;KACf,CAAA;IACD,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,wDAAwD;IACxD,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,qDAAqD;IACrD,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC9B,gDAAgD;IAChD,oBAAoB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpC,mBAAmB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAEnC,gGAAgG;IAChG,gBAAgB,CAAC,EAAE;QACjB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;QACvB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KACvB,CAAA;CACF;AAMD,MAAM,WAAW,cAAc;IAC7B;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACpC;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAChC;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAC/B;AAMD,MAAM,WAAW,aAAa;IAC5B,qDAAqD;IACrD,QAAQ,EAAE,eAAe,CAAA;IAEzB,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAA;IAEhB,sCAAsC;IACtC,WAAW,EAAE,MAAM,CAAA;IAEnB,0BAA0B;IAC1B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAA;IAE3C,wBAAwB;IACxB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IAEvC,uBAAuB;IACvB,KAAK,EAAE,cAAc,EAAE,CAAA;IAEvB,uCAAuC;IACvC,cAAc,EAAE,cAAc,CAAA;CAC/B"}

package/dist/lib/billing/gateways/factory.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Billing Gateway Factory
+ *
+ * Returns the configured BillingGateway implementation based on the
+ * provider setting in the billing registry. Uses lazy loading so that
+ * provider SDKs (Stripe, Polar, etc.) are only imported when needed.
+ *
+ * Usage:
+ *   import { getBillingGateway } from '@nextsparkjs/core/lib/billing/gateways/factory'
+ *   const session = await getBillingGateway().createCheckoutSession(params)
+ */
+import type { BillingGateway } from './interface';
+/**
+ * Get the billing gateway for the configured payment provider.
+ * Singleton - the same instance is returned on subsequent calls.
+ *
+ * Provider is determined by BILLING_REGISTRY.config.provider (from billing.config.ts).
+ */
+export declare function getBillingGateway(): BillingGateway;
+/**
+ * Reset the cached gateway instance.
+ * Useful for testing or when billing config changes at runtime.
+ */
+export declare function resetBillingGateway(): void;
+//# sourceMappingURL=factory.d.ts.map

package/dist/lib/billing/gateways/factory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../../../src/lib/billing/gateways/factory.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAIjD;;;;;GAKG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,CA4BlD;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAE1C"}

package/dist/lib/billing/gateways/factory.js

@@ -0,0 +1,34 @@
+import { BILLING_REGISTRY } from "@nextsparkjs/registries/billing-registry";
+let gatewayInstance = null;
+function getBillingGateway() {
+  if (!gatewayInstance) {
+    const provider = BILLING_REGISTRY.provider;
+    switch (provider) {
+      case "stripe": {
+        const { StripeGateway } = require("./stripe");
+        gatewayInstance = new StripeGateway();
+        break;
+      }
+      case "polar": {
+        const { PolarGateway } = require("./polar");
+        gatewayInstance = new PolarGateway();
+        break;
+      }
+      // Future providers:
+      // case 'paddle': { ... }
+      // case 'lemonsqueezy': { ... }
+      default:
+        throw new Error(
+          `Unsupported billing provider: "${provider}". Supported providers: stripe, polar. Check your billing.config.ts provider setting.`
+        );
+    }
+  }
+  return gatewayInstance;
+}
+function resetBillingGateway() {
+  gatewayInstance = null;
+}
+export {
+  getBillingGateway,
+  resetBillingGateway
+};

package/dist/lib/billing/gateways/interface.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Billing Gateway Interface
+ *
+ * Defines the contract that all payment provider implementations must satisfy.
+ * Consumers interact with this interface via the factory (getBillingGateway()),
+ * making provider switching a configuration change rather than a code change.
+ */
+import type { CheckoutSessionResult, PortalSessionResult, SubscriptionResult, CustomerResult, WebhookEventResult, CreateCheckoutParams, CreatePortalParams, CreateCustomerParams, UpdateSubscriptionParams } from './types';
+export interface BillingGateway {
+    createCheckoutSession(params: CreateCheckoutParams): Promise<CheckoutSessionResult>;
+    createPortalSession(params: CreatePortalParams): Promise<PortalSessionResult>;
+    getCustomer(customerId: string): Promise<CustomerResult>;
+    createCustomer(params: CreateCustomerParams): Promise<CustomerResult>;
+    updateSubscriptionPlan(params: UpdateSubscriptionParams): Promise<SubscriptionResult>;
+    cancelSubscriptionAtPeriodEnd(subscriptionId: string): Promise<SubscriptionResult>;
+    cancelSubscriptionImmediately(subscriptionId: string): Promise<SubscriptionResult>;
+    reactivateSubscription(subscriptionId: string): Promise<SubscriptionResult>;
+    verifyWebhookSignature(payload: string | Buffer, signatureOrHeaders: string | Record<string, string>): WebhookEventResult;
+}
+//# sourceMappingURL=interface.d.ts.map