@nexusts/auth 0.9.7 → 0.9.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/auth.service.d.ts +1 -1
  2. package/dist/index.js +11 -61
  3. package/dist/index.js.map +3 -3
  4. package/package.json +2 -2
package/dist/auth.service.d.ts CHANGED
@@ -8,7 +8,7 @@
8
8
  * - Allows tests to swap the implementation via DI.
9
9
  *
10
10
  * Usage:
11
- * constructor(@Inject(AuthService.TOKEN) private auth: AuthService) {}
11
+ * @Inject(AuthService.TOKEN) declare private auth: AuthService;
12
12
  *
13
13
  * await this.auth.signUp.email({ email, password, name });
14
14
  * const session = await this.auth.getSession({ headers: c.req.raw.headers });
package/dist/index.js CHANGED
@@ -9,10 +9,6 @@ var __legacyDecorateClassTS = function(decorators, target, key, desc) {
9
9
  r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
10
10
  return c > 3 && r && Object.defineProperty(target, key, r), r;
11
11
  };
12
- var __legacyMetadataTS = (k, v) => {
13
- if (typeof Reflect === "object" && typeof Reflect.metadata === "function")
14
- return Reflect.metadata(k, v);
15
- };
16
12
  var __require = import.meta.require;
17
13
  // packages/auth/src/auth.ts
18
14
  import { betterAuth } from "better-auth";
@@ -194,8 +190,7 @@ __legacyDecorateClassTS([
194
190
  Inject("AUTH_CONFIG")
195
191
  ], AuthService.prototype, "config", undefined);
196
192
  AuthService = __legacyDecorateClassTS([
197
- Injectable(),
198
- __legacyMetadataTS("design:paramtypes", [])
193
+ Injectable()
199
194
  ], AuthService);
200
195
  function parseCookie(cookieHeader, name) {
201
196
  if (!cookieHeader)
@@ -276,76 +271,31 @@ __legacyDecorateClassTS([
276
271
  Inject2(AuthService.TOKEN)
277
272
  ], AuthController.prototype, "auth", undefined);
278
273
  __legacyDecorateClassTS([
279
- Get("/session"),
280
- __legacyMetadataTS("design:type", Function),
281
- __legacyMetadataTS("design:paramtypes", [
282
- typeof Context === "undefined" ? Object : Context
283
- ]),
284
- __legacyMetadataTS("design:returntype", Promise)
274
+ Get("/session")
285
275
  ], AuthController.prototype, "session", null);
286
276
  __legacyDecorateClassTS([
287
- Post("/sign-up/email"),
288
- __legacyMetadataTS("design:type", Function),
289
- __legacyMetadataTS("design:paramtypes", [
290
- typeof Context === "undefined" ? Object : Context
291
- ]),
292
- __legacyMetadataTS("design:returntype", Promise)
277
+ Post("/sign-up/email")
293
278
  ], AuthController.prototype, "signUpEmail", null);
294
279
  __legacyDecorateClassTS([
295
- Post("/sign-in/email"),
296
- __legacyMetadataTS("design:type", Function),
297
- __legacyMetadataTS("design:paramtypes", [
298
- typeof Context === "undefined" ? Object : Context
299
- ]),
300
- __legacyMetadataTS("design:returntype", Promise)
280
+ Post("/sign-in/email")
301
281
  ], AuthController.prototype, "signInEmail", null);
302
282
  __legacyDecorateClassTS([
303
- Post("/sign-out"),
304
- __legacyMetadataTS("design:type", Function),
305
- __legacyMetadataTS("design:paramtypes", [
306
- typeof Context === "undefined" ? Object : Context
307
- ]),
308
- __legacyMetadataTS("design:returntype", Promise)
283
+ Post("/sign-out")
309
284
  ], AuthController.prototype, "signOut", null);
310
285
  __legacyDecorateClassTS([
311
- Get("/sign-in/:provider"),
312
- __legacyMetadataTS("design:type", Function),
313
- __legacyMetadataTS("design:paramtypes", [
314
- typeof Context === "undefined" ? Object : Context
315
- ]),
316
- __legacyMetadataTS("design:returntype", Promise)
286
+ Get("/sign-in/:provider")
317
287
  ], AuthController.prototype, "socialSignIn", null);
318
288
  __legacyDecorateClassTS([
319
- Get("/callback/:provider"),
320
- __legacyMetadataTS("design:type", Function),
321
- __legacyMetadataTS("design:paramtypes", [
322
- typeof Context === "undefined" ? Object : Context
323
- ]),
324
- __legacyMetadataTS("design:returntype", Promise)
289
+ Get("/callback/:provider")
325
290
  ], AuthController.prototype, "oauthCallback", null);
326
291
  __legacyDecorateClassTS([
327
- Post("/jwt"),
328
- __legacyMetadataTS("design:type", Function),
329
- __legacyMetadataTS("design:paramtypes", [
330
- typeof Context === "undefined" ? Object : Context
331
- ]),
332
- __legacyMetadataTS("design:returntype", Promise)
292
+ Post("/jwt")
333
293
  ], AuthController.prototype, "issueJwt", null);
334
294
  __legacyDecorateClassTS([
335
- Post("/passkey/register"),
336
- __legacyMetadataTS("design:type", Function),
337
- __legacyMetadataTS("design:paramtypes", [
338
- typeof Context === "undefined" ? Object : Context
339
- ]),
340
- __legacyMetadataTS("design:returntype", Promise)
295
+ Post("/passkey/register")
341
296
  ], AuthController.prototype, "passkeyRegister", null);
342
297
  __legacyDecorateClassTS([
343
- Post("/passkey/authenticate"),
344
- __legacyMetadataTS("design:type", Function),
345
- __legacyMetadataTS("design:paramtypes", [
346
- typeof Context === "undefined" ? Object : Context
347
- ]),
348
- __legacyMetadataTS("design:returntype", Promise)
298
+ Post("/passkey/authenticate")
349
299
  ], AuthController.prototype, "passkeyAuthenticate", null);
350
300
  AuthController = __legacyDecorateClassTS([
351
301
  Controller("/api/auth")
@@ -464,5 +414,5 @@ export {
464
414
  AuthController
465
415
  };
466
416
 
467
- //# debugId=96CFDD82525FD1DA64756E2164756E21
417
+ //# debugId=A22A569832F3E2A164756E2164756E21
468
418
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -3,13 +3,13 @@
3
3
  "sources": ["../src/auth.ts", "../src/auth.service.ts", "../src/auth.controller.ts", "../src/auth.module.ts", "../src/middleware.ts", "../src/decorators/current-user.ts"],
4
4
  "sourcesContent": [
5
5
  "/**\n * `createAuth()` — wrap better-auth's `betterAuth()` factory with\n * NexusTS-friendly defaults.\n *\n * This is the **only** place that talks to better-auth directly. Every\n * other NexusTS auth module consumes the resulting `Auth` instance via\n * DI or the registered token.\n *\n * Why an adapter layer instead of calling `betterAuth()` directly?\n * 1. NexusTS users write `auth.config.ts`, not raw better-auth options.\n * The adapter translates between the two.\n * 2. Plugin selection (jwt, passkey) is toggled by boolean flags,\n * not by importing plugin objects.\n * 3. Cookie / CORS / cross-subdomain defaults match Hono's `cors()`\n * middleware so the two never conflict.\n *\n * Usage:\n * // src/auth/auth.ts\n * import { createAuth } from '@nexusts/auth';\n * export const auth = createAuth({\n * basePath: '/api/auth',\n * emailAndPassword: { enabled: true },\n * socialProviders: {\n * github: {\n * clientId: process.env.GITHUB_CLIENT_ID!,\n * clientSecret: process.env.GITHUB_CLIENT_SECRET!,\n * },\n * },\n * });\n */\n\nimport { betterAuth } from \"better-auth\";\nimport type { AuthConfig } from \"./types.js\";\n\ntype BetterAuthInstance = ReturnType<typeof betterAuth>;\n\n/**\n * Create a better-auth instance with NexusTS-friendly defaults.\n *\n * @param config NexusTS-shaped config (see types.ts).\n * @returns A `better-auth` Auth instance.\n */\nexport function createAuth(config: AuthConfig = {}): BetterAuthInstance {\n\tconst secret = config.secret ?? process.env.BETTER_AUTH_SECRET;\n\tconst baseURL = config.baseUrl ?? process.env.BETTER_AUTH_URL;\n\n\tif (!secret) {\n\t\tthrow new Error(\n\t\t\t\"[nexus/auth] BETTER_AUTH_SECRET is required. \" +\n\t\t\t\t\"Generate one with `openssl rand -base64 32` and add it to .env.\",\n\t\t);\n\t}\n\tif (!baseURL) {\n\t\tthrow new Error(\n\t\t\t\"[nexus/auth] BETTER_AUTH_URL is required (e.g. http://localhost:3000).\",\n\t\t);\n\t}\n\n\tconst plugins: Array<unknown> = [];\n\n\t// JWT plugin — opt-in.\n\tif (config.jwt?.enabled) {\n\t\t// Lazy import so the plugin's transitive dependencies don't load\n\t\t// when the user hasn't asked for JWT.\n\t\t// eslint-disable-next-line @typescript-eslint/no-require-imports\n\t\tconst { jwt } = require(\"better-auth/plugins\");\n\t\tplugins.push(\n\t\t\tjwt({\n\t\t\t\tjwks: {\n\t\t\t\t\tpath: config.jwt.jwksPath ?? \"/api/auth/jwks\",\n\t\t\t\t},\n\t\t\t\tissuer: config.jwt.issuer ?? baseURL,\n\t\t\t\taudience: config.jwt.audience ?? baseURL,\n\t\t\t\texpiresIn: config.jwt.expiresIn ?? 60 * 15,\n\t\t\t}),\n\t\t);\n\t}\n\n\t// Passkey plugin — opt-in.\n\tif (config.passkey?.enabled) {\n\t\t// eslint-disable-next-line @typescript-eslint/no-require-imports\n\t\tconst { passkey } = require(\"better-auth/plugins\");\n\t\tplugins.push(\n\t\t\tpasskey({\n\t\t\t\trpName: config.passkey.rpName,\n\t\t\t\trpID: config.passkey.rpId,\n\t\t\t\torigin: config.passkey.origin,\n\t\t\t}),\n\t\t);\n\t}\n\n\treturn betterAuth({\n\t\tsecret,\n\t\tbaseURL,\n\t\tbasePath: config.basePath ?? \"/api/auth\",\n\t\temailAndPassword: {\n\t\t\tenabled: config.emailAndPassword?.enabled ?? true,\n\t\t\trequireEmailVerification:\n\t\t\t\tconfig.emailAndPassword?.requireEmailVerification ?? false,\n\t\t\tminPasswordLength: config.emailAndPassword?.minPasswordLength ?? 8,\n\t\t\tmaxPasswordLength: config.emailAndPassword?.maxPasswordLength ?? 128,\n\t\t},\n\t\tsession: {\n\t\t\texpiresIn: config.sessionExpiresInSeconds ?? 60 * 60 * 24 * 7, // 7 days\n\t\t},\n\t\tsocialProviders: config.socialProviders as never,\n\t\tadvanced: {\n\t\t\tcookies: {\n\t\t\t\tsessionToken: {\n\t\t\t\t\tattributes: {\n\t\t\t\t\t\tsameSite: (config.cookieSameSite ?? \"lax\") as\n\t\t\t\t\t\t\t| \"lax\"\n\t\t\t\t\t\t\t| \"strict\"\n\t\t\t\t\t\t\t| \"none\",\n\t\t\t\t\t\tsecure:\n\t\t\t\t\t\t\tconfig.cookieSecure ?? process.env.NODE_ENV === \"production\",\n\t\t\t\t\t\t...(config.cookieDomain ? { domain: config.cookieDomain } : {}),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tcrossSubDomainCookies: config.crossSubDomainCookies?.enabled\n\t\t\t\t? {\n\t\t\t\t\t\tenabled: true,\n\t\t\t\t\t\tdomain: config.crossSubDomainCookies.domain,\n\t\t\t\t\t}\n\t\t\t\t: undefined,\n\t\t},\n\t\tplugins,\n\t} as never) as unknown as BetterAuthInstance;\n}\n\n/**\n * Type alias for the returned auth instance — convenient for DI token\n * typings.\n */\nexport type NexusAuth = ReturnType<typeof createAuth>;\n",
6
- "/**\n * `AuthService` — DI-friendly wrapper around a better-auth instance.\n *\n * Why a service wrapper?\n * - Hides the raw better-auth object behind a stable NexusTS API.\n * - Exposes the high-level operations controllers need:\n * signUp, signIn, signOut, getSession, oauthUrl, jwt, passkey.\n * - Allows tests to swap the implementation via DI.\n *\n * Usage:\n * constructor(@Inject(AuthService.TOKEN) private auth: AuthService) {}\n *\n * await this.auth.signUp.email({ email, password, name });\n * const session = await this.auth.getSession({ headers: c.req.raw.headers });\n * return this.auth.redirect('/dashboard'); // 302\n */\n\nimport { Inject, Injectable } from \"@nexusts/core\";\nimport type {\n\tAuthUser,\n\tAuthSessionRecord,\n\tAuthSession,\n\tAuthConfig,\n} from \"./types.js\";\nimport { createAuth, type NexusAuth } from \"./auth.js\";\nimport type { SessionService } from \"@nexusts/session\";\n\n@Injectable()\nexport class AuthService {\n\t/** DI token — use with `@Inject(AuthService.TOKEN)`. */\n\tstatic readonly TOKEN = Symbol.for(\"nexus:AuthService\");\n\n\t/** Auth configuration — injected by the DI container. */\n\t@Inject(\"AUTH_CONFIG\") declare private readonly config: AuthConfig;\n\n\t/** The underlying better-auth instance. */\n\tprivate _instance: NexusAuth | null = null;\n\n\t/**\n\t * Returns the underlying better-auth instance (lazy-initialized).\n\t */\n\tget instance(): NexusAuth {\n\t\tif (!this._instance) {\n\t\t\tthis._instance = createAuth(this.config);\n\t\t}\n\t\treturn this._instance;\n\t}\n\n\t/**\n\t * Optional SessionService binding. When set, `getSession()` will\n\t * first check the SessionService's cookie before falling back to\n\t * better-auth. This enables shared session state between the two\n\t * modules (e.g. flash messages, guest cart).\n\t *\n\t * Set via `bindSession()` from a feature module's `onInit`, or via\n\t * DI when both modules are present.\n\t */\n\t#sessionService: SessionService | null = null;\n\n\tconstructor() {\n\t\t// No constructor logic — DI sets @Inject fields before first use.\n\t}\n\n\t// ===========================================================================\n\t// Session integration\n\t// ===========================================================================\n\n\t/**\n\t * Bind a SessionService. When bound, `getSession()` consults the\n\t * SessionService first and falls back to better-auth. Returns `this`\n\t * for chaining.\n\t */\n\tbindSession(sessionService: SessionService): this {\n\t\tthis.#sessionService = sessionService;\n\t\treturn this;\n\t}\n\n\t/**\n\t * Returns true when a SessionService has been bound.\n\t */\n\thasSessionBinding(): boolean {\n\t\treturn this.#sessionService !== null;\n\t}\n\n\t// ===========================================================================\n\t// Session\n\t// ===========================================================================\n\n\t/**\n\t * Get the current session from a request. Returns `null` if not\n\t * authenticated.\n\t *\n\t * When a SessionService is bound, we try it first (cookie-based,\n\t * stateless, edge-friendly); better-auth remains the source of\n\t * truth for `user` / `session` records. The cookie value carries\n\t * `userId` which lets you cross-reference both systems.\n\t */\n\tasync getSession(input: { headers: Headers }): Promise<AuthSession> {\n\t\t// 1) Try SessionService (cookie-based) first.\n\t\tif (this.#sessionService) {\n\t\t\tconst cookieName = this.#sessionService.cookieName;\n\t\t\tif (cookieName) {\n\t\t\t\tconst cookieHeader = input.headers.get(\"cookie\") ?? \"\";\n\t\t\t\tconst value = parseCookie(cookieHeader, cookieName);\n\t\t\t\tif (value) {\n\t\t\t\t\tconst decoded = this.#sessionService.decodeCookie(value);\n\t\t\t\t\tif (decoded?.userId) {\n\t\t\t\t\t\t// Hydrate the user from better-auth (so the returned\n\t\t\t\t\t\t// shape matches what controllers expect).\n\t\t\t\t\t\tconst fromBetterAuth = (await this.instance.api.getSession({\n\t\t\t\t\t\t\theaders: input.headers,\n\t\t\t\t\t\t})) as AuthSession | null;\n\t\t\t\t\t\tif (fromBetterAuth?.user) {\n\t\t\t\t\t\t\treturn fromBetterAuth;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// 2) Fallback to better-auth.\n\t\tconst result = await this.instance.api.getSession({\n\t\t\theaders: input.headers,\n\t\t});\n\t\treturn result as AuthSession;\n\t}\n\n\t/**\n\t * Read the raw SessionService record from a request (no better-auth\n\t * lookup). Returns null when no SessionService is bound or no\n\t * session is found.\n\t */\n\tasync getRawSession(input: { headers: Headers }) {\n\t\tif (!this.#sessionService) return null;\n\t\tconst cookieName = this.#sessionService.cookieName;\n\t\tif (!cookieName) return null;\n\t\tconst cookieHeader = input.headers.get(\"cookie\") ?? \"\";\n\t\tconst value = parseCookie(cookieHeader, cookieName);\n\t\tif (!value) return null;\n\t\treturn this.#sessionService.decodeCookie(value);\n\t}\n\n\t// ===========================================================================\n\t// Sign up / Sign in / Sign out\n\t// ===========================================================================\n\n\t/**\n\t * Email + password sign-up. Throws if email/password is disabled\n\t * in the auth config.\n\t */\n\tasync signUp(input: {\n\t\temail: string;\n\t\tpassword: string;\n\t\tname: string;\n\t\timage?: string;\n\t\tcallbackURL?: string;\n\t}) {\n\t\treturn this.instance.api.signUpEmail({\n\t\t\tbody: input as never,\n\t\t});\n\t}\n\n\t/** Email + password sign-in. */\n\tasync signIn(input: { email: string; password: string; callbackURL?: string }) {\n\t\treturn this.instance.api.signInEmail({\n\t\t\tbody: input as never,\n\t\t});\n\t}\n\n\t/** Sign out — invalidates the current session. */\n\tasync signOut(input: { headers: Headers }) {\n\t\treturn this.instance.api.signOut({\n\t\t\theaders: input.headers,\n\t\t});\n\t}\n\n\t// ===========================================================================\n\t// Social / OAuth\n\t// ===========================================================================\n\n\t/**\n\t * Get the URL the client should redirect to for a social sign-in.\n\t */\n\tasync getOAuthUrl(input: {\n\t\tprovider: string;\n\t\tcallbackURL?: string;\n\t}) {\n\t\treturn this.instance.api.signInSocial({\n\t\t\tbody: input as never,\n\t\t});\n\t}\n\n\t/**\n\t * Sign in / link a social account and return the user.\n\t */\n\tasync handleOAuthCallback(input: { headers: Headers; query: Record<string, string> }) {\n\t\treturn this.instance.api.signInSocial({\n\t\t\theaders: input.headers,\n\t\t\tquery: input.query,\n\t\t\tbody: {} as never,\n\t\t});\n\t}\n\n\t// ===========================================================================\n\t// JWT\n\t// ===========================================================================\n\n\t/**\n\t * Issue a JWT for the currently-authenticated user. Returns\n\t * `{ token, expiresAt }`. Requires the JWT plugin (`config.jwt.enabled`).\n\t */\n\tasync issueJwt(input: { userId: string }) {\n\t\tconst api = this.instance.api as unknown as {\n\t\t\tsignJWT?: (input: { body: { userId: string } }) => Promise<{\n\t\t\t\ttoken: string;\n\t\t\t\texpiresAt: Date;\n\t\t\t}>;\n\t\t};\n\t\tif (!api.signJWT) {\n\t\t\tthrow new Error(\n\t\t\t\t\"[nexus/auth] JWT plugin not enabled. Set `auth.jwt.enabled: true` in nx.config.ts.\",\n\t\t\t);\n\t\t}\n\t\treturn api.signJWT({ body: { userId: input.userId } });\n\t}\n\n\t// ===========================================================================\n\t// Passkey\n\t// ===========================================================================\n\n\tasync registerPasskey(input: { headers: Headers }) {\n\t\tconst api = this.instance.api as unknown as {\n\t\t\tpasskey?: {\n\t\t\t\tregister: (input: { headers: Headers }) => Promise<unknown>;\n\t\t\t};\n\t\t};\n\t\tif (!api.passkey) {\n\t\t\tthrow new Error(\n\t\t\t\t\"[nexus/auth] Passkey plugin not enabled. Set `auth.passkey.enabled: true` in nx.config.ts.\",\n\t\t\t);\n\t\t}\n\t\treturn api.passkey.register({ headers: input.headers });\n\t}\n\n\tasync authenticatePasskey(input: { headers: Headers; body: unknown }) {\n\t\tconst api = this.instance.api as unknown as {\n\t\t\tpasskey?: {\n\t\t\t\tauthenticate: (input: { headers: Headers; body: unknown }) => Promise<unknown>;\n\t\t\t};\n\t\t};\n\t\tif (!api.passkey) {\n\t\t\tthrow new Error(\"[nexus/auth] Passkey plugin not enabled.\");\n\t\t}\n\t\treturn api.passkey.authenticate({ headers: input.headers, body: input.body });\n\t}\n\n\t// ===========================================================================\n\t// Helpers\n\t// ===========================================================================\n\n\t/**\n\t * Build a redirect Response. Used by controllers that need to send\n\t * the user to a different page after sign-in / sign-up.\n\t */\n\tredirect(to: string, status: 302 | 303 | 307 | 308 = 302): Response {\n\t\treturn new Response(null, { status, headers: { Location: to } });\n\t}\n\n\t/**\n\t * Convert a session into the `AuthVariables` shape Hono expects.\n\t */\n\ttoContextVariables(session: AuthSession): {\n\t\tuser: AuthUser | null;\n\t\tsession: AuthSessionRecord | null;\n\t} {\n\t\tif (!session) return { user: null, session: null };\n\t\treturn { user: session.user, session: session.session };\n\t}\n}\n\n/**\n * Extract a single cookie value from a `Cookie` header string.\n * Tiny helper to avoid pulling in a cookie-parsing dependency.\n */\nfunction parseCookie(cookieHeader: string, name: string): string | null {\n\tif (!cookieHeader) return null;\n\tconst parts = cookieHeader.split(\";\");\n\tfor (const part of parts) {\n\t\tconst eq = part.indexOf(\"=\");\n\t\tif (eq < 0) continue;\n\t\tconst k = part.slice(0, eq).trim();\n\t\tif (k === name) {\n\t\t\treturn decodeURIComponent(part.slice(eq + 1).trim());\n\t\t}\n\t}\n\treturn null;\n}",
6
+ "/**\n * `AuthService` — DI-friendly wrapper around a better-auth instance.\n *\n * Why a service wrapper?\n * - Hides the raw better-auth object behind a stable NexusTS API.\n * - Exposes the high-level operations controllers need:\n * signUp, signIn, signOut, getSession, oauthUrl, jwt, passkey.\n * - Allows tests to swap the implementation via DI.\n *\n * Usage:\n * @Inject(AuthService.TOKEN) declare private auth: AuthService;\n *\n * await this.auth.signUp.email({ email, password, name });\n * const session = await this.auth.getSession({ headers: c.req.raw.headers });\n * return this.auth.redirect('/dashboard'); // 302\n */\n\nimport { Inject, Injectable } from \"@nexusts/core\";\nimport type {\n\tAuthUser,\n\tAuthSessionRecord,\n\tAuthSession,\n\tAuthConfig,\n} from \"./types.js\";\nimport { createAuth, type NexusAuth } from \"./auth.js\";\nimport type { SessionService } from \"@nexusts/session\";\n\n@Injectable()\nexport class AuthService {\n\t/** DI token — use with `@Inject(AuthService.TOKEN)`. */\n\tstatic readonly TOKEN = Symbol.for(\"nexus:AuthService\");\n\n\t/** Auth configuration — injected by the DI container. */\n\t@Inject(\"AUTH_CONFIG\") declare private readonly config: AuthConfig;\n\n\t/** The underlying better-auth instance. */\n\tprivate _instance: NexusAuth | null = null;\n\n\t/**\n\t * Returns the underlying better-auth instance (lazy-initialized).\n\t */\n\tget instance(): NexusAuth {\n\t\tif (!this._instance) {\n\t\t\tthis._instance = createAuth(this.config);\n\t\t}\n\t\treturn this._instance;\n\t}\n\n\t/**\n\t * Optional SessionService binding. When set, `getSession()` will\n\t * first check the SessionService's cookie before falling back to\n\t * better-auth. This enables shared session state between the two\n\t * modules (e.g. flash messages, guest cart).\n\t *\n\t * Set via `bindSession()` from a feature module's `onInit`, or via\n\t * DI when both modules are present.\n\t */\n\t#sessionService: SessionService | null = null;\n\n\tconstructor() {\n\t\t// No constructor logic — DI sets @Inject fields before first use.\n\t}\n\n\t// ===========================================================================\n\t// Session integration\n\t// ===========================================================================\n\n\t/**\n\t * Bind a SessionService. When bound, `getSession()` consults the\n\t * SessionService first and falls back to better-auth. Returns `this`\n\t * for chaining.\n\t */\n\tbindSession(sessionService: SessionService): this {\n\t\tthis.#sessionService = sessionService;\n\t\treturn this;\n\t}\n\n\t/**\n\t * Returns true when a SessionService has been bound.\n\t */\n\thasSessionBinding(): boolean {\n\t\treturn this.#sessionService !== null;\n\t}\n\n\t// ===========================================================================\n\t// Session\n\t// ===========================================================================\n\n\t/**\n\t * Get the current session from a request. Returns `null` if not\n\t * authenticated.\n\t *\n\t * When a SessionService is bound, we try it first (cookie-based,\n\t * stateless, edge-friendly); better-auth remains the source of\n\t * truth for `user` / `session` records. The cookie value carries\n\t * `userId` which lets you cross-reference both systems.\n\t */\n\tasync getSession(input: { headers: Headers }): Promise<AuthSession> {\n\t\t// 1) Try SessionService (cookie-based) first.\n\t\tif (this.#sessionService) {\n\t\t\tconst cookieName = this.#sessionService.cookieName;\n\t\t\tif (cookieName) {\n\t\t\t\tconst cookieHeader = input.headers.get(\"cookie\") ?? \"\";\n\t\t\t\tconst value = parseCookie(cookieHeader, cookieName);\n\t\t\t\tif (value) {\n\t\t\t\t\tconst decoded = this.#sessionService.decodeCookie(value);\n\t\t\t\t\tif (decoded?.userId) {\n\t\t\t\t\t\t// Hydrate the user from better-auth (so the returned\n\t\t\t\t\t\t// shape matches what controllers expect).\n\t\t\t\t\t\tconst fromBetterAuth = (await this.instance.api.getSession({\n\t\t\t\t\t\t\theaders: input.headers,\n\t\t\t\t\t\t})) as AuthSession | null;\n\t\t\t\t\t\tif (fromBetterAuth?.user) {\n\t\t\t\t\t\t\treturn fromBetterAuth;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// 2) Fallback to better-auth.\n\t\tconst result = await this.instance.api.getSession({\n\t\t\theaders: input.headers,\n\t\t});\n\t\treturn result as AuthSession;\n\t}\n\n\t/**\n\t * Read the raw SessionService record from a request (no better-auth\n\t * lookup). Returns null when no SessionService is bound or no\n\t * session is found.\n\t */\n\tasync getRawSession(input: { headers: Headers }) {\n\t\tif (!this.#sessionService) return null;\n\t\tconst cookieName = this.#sessionService.cookieName;\n\t\tif (!cookieName) return null;\n\t\tconst cookieHeader = input.headers.get(\"cookie\") ?? \"\";\n\t\tconst value = parseCookie(cookieHeader, cookieName);\n\t\tif (!value) return null;\n\t\treturn this.#sessionService.decodeCookie(value);\n\t}\n\n\t// ===========================================================================\n\t// Sign up / Sign in / Sign out\n\t// ===========================================================================\n\n\t/**\n\t * Email + password sign-up. Throws if email/password is disabled\n\t * in the auth config.\n\t */\n\tasync signUp(input: {\n\t\temail: string;\n\t\tpassword: string;\n\t\tname: string;\n\t\timage?: string;\n\t\tcallbackURL?: string;\n\t}) {\n\t\treturn this.instance.api.signUpEmail({\n\t\t\tbody: input as never,\n\t\t});\n\t}\n\n\t/** Email + password sign-in. */\n\tasync signIn(input: { email: string; password: string; callbackURL?: string }) {\n\t\treturn this.instance.api.signInEmail({\n\t\t\tbody: input as never,\n\t\t});\n\t}\n\n\t/** Sign out — invalidates the current session. */\n\tasync signOut(input: { headers: Headers }) {\n\t\treturn this.instance.api.signOut({\n\t\t\theaders: input.headers,\n\t\t});\n\t}\n\n\t// ===========================================================================\n\t// Social / OAuth\n\t// ===========================================================================\n\n\t/**\n\t * Get the URL the client should redirect to for a social sign-in.\n\t */\n\tasync getOAuthUrl(input: {\n\t\tprovider: string;\n\t\tcallbackURL?: string;\n\t}) {\n\t\treturn this.instance.api.signInSocial({\n\t\t\tbody: input as never,\n\t\t});\n\t}\n\n\t/**\n\t * Sign in / link a social account and return the user.\n\t */\n\tasync handleOAuthCallback(input: { headers: Headers; query: Record<string, string> }) {\n\t\treturn this.instance.api.signInSocial({\n\t\t\theaders: input.headers,\n\t\t\tquery: input.query,\n\t\t\tbody: {} as never,\n\t\t});\n\t}\n\n\t// ===========================================================================\n\t// JWT\n\t// ===========================================================================\n\n\t/**\n\t * Issue a JWT for the currently-authenticated user. Returns\n\t * `{ token, expiresAt }`. Requires the JWT plugin (`config.jwt.enabled`).\n\t */\n\tasync issueJwt(input: { userId: string }) {\n\t\tconst api = this.instance.api as unknown as {\n\t\t\tsignJWT?: (input: { body: { userId: string } }) => Promise<{\n\t\t\t\ttoken: string;\n\t\t\t\texpiresAt: Date;\n\t\t\t}>;\n\t\t};\n\t\tif (!api.signJWT) {\n\t\t\tthrow new Error(\n\t\t\t\t\"[nexus/auth] JWT plugin not enabled. Set `auth.jwt.enabled: true` in nx.config.ts.\",\n\t\t\t);\n\t\t}\n\t\treturn api.signJWT({ body: { userId: input.userId } });\n\t}\n\n\t// ===========================================================================\n\t// Passkey\n\t// ===========================================================================\n\n\tasync registerPasskey(input: { headers: Headers }) {\n\t\tconst api = this.instance.api as unknown as {\n\t\t\tpasskey?: {\n\t\t\t\tregister: (input: { headers: Headers }) => Promise<unknown>;\n\t\t\t};\n\t\t};\n\t\tif (!api.passkey) {\n\t\t\tthrow new Error(\n\t\t\t\t\"[nexus/auth] Passkey plugin not enabled. Set `auth.passkey.enabled: true` in nx.config.ts.\",\n\t\t\t);\n\t\t}\n\t\treturn api.passkey.register({ headers: input.headers });\n\t}\n\n\tasync authenticatePasskey(input: { headers: Headers; body: unknown }) {\n\t\tconst api = this.instance.api as unknown as {\n\t\t\tpasskey?: {\n\t\t\t\tauthenticate: (input: { headers: Headers; body: unknown }) => Promise<unknown>;\n\t\t\t};\n\t\t};\n\t\tif (!api.passkey) {\n\t\t\tthrow new Error(\"[nexus/auth] Passkey plugin not enabled.\");\n\t\t}\n\t\treturn api.passkey.authenticate({ headers: input.headers, body: input.body });\n\t}\n\n\t// ===========================================================================\n\t// Helpers\n\t// ===========================================================================\n\n\t/**\n\t * Build a redirect Response. Used by controllers that need to send\n\t * the user to a different page after sign-in / sign-up.\n\t */\n\tredirect(to: string, status: 302 | 303 | 307 | 308 = 302): Response {\n\t\treturn new Response(null, { status, headers: { Location: to } });\n\t}\n\n\t/**\n\t * Convert a session into the `AuthVariables` shape Hono expects.\n\t */\n\ttoContextVariables(session: AuthSession): {\n\t\tuser: AuthUser | null;\n\t\tsession: AuthSessionRecord | null;\n\t} {\n\t\tif (!session) return { user: null, session: null };\n\t\treturn { user: session.user, session: session.session };\n\t}\n}\n\n/**\n * Extract a single cookie value from a `Cookie` header string.\n * Tiny helper to avoid pulling in a cookie-parsing dependency.\n */\nfunction parseCookie(cookieHeader: string, name: string): string | null {\n\tif (!cookieHeader) return null;\n\tconst parts = cookieHeader.split(\";\");\n\tfor (const part of parts) {\n\t\tconst eq = part.indexOf(\"=\");\n\t\tif (eq < 0) continue;\n\t\tconst k = part.slice(0, eq).trim();\n\t\tif (k === name) {\n\t\t\treturn decodeURIComponent(part.slice(eq + 1).trim());\n\t\t}\n\t}\n\treturn null;\n}",
7
7
  "/**\n * `AuthController` — built-in controller exposing common auth endpoints.\n *\n * Mount it in any `@Module` to get a working auth API:\n *\n * @Module({\n * controllers: [AuthController],\n * providers: [AuthService],\n * })\n * export class AuthModule {}\n *\n * Endpoints (all prefixed with `config.basePath`, default `/api/auth`):\n * - GET /session → current session\n * - POST /sign-up/email → email/password registration\n * - POST /sign-in/email → email/password login\n * - POST /sign-out → invalidate session\n * - GET /sign-in/:provider → start OAuth flow\n * - GET /callback/:provider → OAuth callback\n * - POST /jwt → issue JWT (JWT plugin only)\n * - POST /passkey/register → start passkey registration\n * - POST /passkey/authenticate → complete passkey auth\n *\n * Most of the actual logic is delegated to `auth.handler` from\n * better-auth. The controller exists to make the routes visible to\n * `nx route:list` and to add NexusTS-style DI.\n *\n * Uses standard decorator patterns: field injection and `ctx.req.*`\n * methods instead of legacy `@Req()`/`@Body()`/`@Res()` parameter\n * decorators.\n */\n\nimport { Controller, Get, Inject, Post } from \"@nexusts/core\";\nimport type { Context } from \"hono\";\nimport { AuthService } from \"./auth.service.js\";\nimport type { AuthSession } from \"./types.js\";\n\n@Controller(\"/api/auth\")\nexport class AuthController {\n\t@Inject(AuthService.TOKEN) declare private readonly auth: AuthService;\n\n\t/**\n\t * GET /api/auth/session\n\t * Returns the current session (or null if unauthenticated).\n\t */\n\t@Get(\"/session\")\n\tasync session(ctx: Context) {\n\t\tconst session: AuthSession = await this.auth.getSession({\n\t\t\theaders: ctx.req.raw.headers,\n\t\t});\n\t\treturn ctx.json(session ?? { user: null, session: null });\n\t}\n\n\t/**\n\t * POST /api/auth/sign-up/email\n\t * Body: { email, password, name, callbackURL? }\n\t */\n\t@Post(\"/sign-up/email\")\n\tasync signUpEmail(ctx: Context) {\n\t\tconst body = await ctx.req.json<any>();\n\t\tconst result = await this.auth.signUp(body);\n\t\treturn ctx.json(result, 201);\n\t}\n\n\t/**\n\t * POST /api/auth/sign-in/email\n\t * Body: { email, password, callbackURL? }\n\t */\n\t@Post(\"/sign-in/email\")\n\tasync signInEmail(ctx: Context) {\n\t\tconst body = await ctx.req.json<any>();\n\t\tconst result = await this.auth.signIn(body);\n\t\treturn ctx.json(result);\n\t}\n\n\t/**\n\t * POST /api/auth/sign-out\n\t */\n\t@Post(\"/sign-out\")\n\tasync signOut(ctx: Context) {\n\t\tawait this.auth.signOut({ headers: ctx.req.raw.headers });\n\t\treturn ctx.json({ ok: true });\n\t}\n\n\t/**\n\t * GET /api/auth/sign-in/:provider\n\t * Returns a redirect to the social provider's auth page.\n\t */\n\t@Get(\"/sign-in/:provider\")\n\tasync socialSignIn(ctx: Context) {\n\t\tconst provider = ctx.req.param(\"provider\") ?? \"\";\n\t\tconst callbackURL = ctx.req.query(\"callbackURL\") ?? \"/\";\n\t\tconst result = await this.auth.getOAuthUrl({ provider, callbackURL });\n\t\treturn ctx.json(result);\n\t}\n\n\t/**\n\t * GET /api/auth/callback/:provider\n\t * Social provider redirect target. The better-auth handler does the\n\t * real work; this is a passthrough for `route:list` visibility.\n\t */\n\t@Get(\"/callback/:provider\")\n\tasync oauthCallback(ctx: Context) {\n\t\tconst result = await this.auth.handleOAuthCallback({\n\t\t\theaders: ctx.req.raw.headers,\n\t\t\tquery: ctx.req.query() as Record<string, string>,\n\t\t});\n\t\treturn ctx.json(result);\n\t}\n\n\t/**\n\t * POST /api/auth/jwt\n\t * Issues a JWT for the current user. Requires the JWT plugin.\n\t */\n\t@Post(\"/jwt\")\n\tasync issueJwt(ctx: Context) {\n\t\tconst session = await this.auth.getSession({\n\t\t\theaders: ctx.req.raw.headers,\n\t\t});\n\t\tif (!session) return ctx.json({ error: \"Unauthorized\" }, 401);\n\t\tconst token = await this.auth.issueJwt({ userId: session.user.id });\n\t\treturn ctx.json(token);\n\t}\n\n\t/**\n\t * POST /api/auth/passkey/register\n\t * Start passkey registration. Requires the passkey plugin.\n\t */\n\t@Post(\"/passkey/register\")\n\tasync passkeyRegister(ctx: Context) {\n\t\tconst result = await this.auth.registerPasskey({\n\t\t\theaders: ctx.req.raw.headers,\n\t\t});\n\t\treturn ctx.json(result);\n\t}\n\n\t/**\n\t * POST /api/auth/passkey/authenticate\n\t * Body: passkey assertion\n\t */\n\t@Post(\"/passkey/authenticate\")\n\tasync passkeyAuthenticate(ctx: Context) {\n\t\tconst body = await ctx.req.json<any>();\n\t\tconst result = await this.auth.authenticatePasskey({\n\t\t\theaders: ctx.req.raw.headers,\n\t\t\tbody,\n\t\t});\n\t\treturn ctx.json(result);\n\t}\n}\n",
8
8
  "/**\n * `AuthModule` — drop-in module for adding auth to any NexusTS app.\n *\n * Usage:\n * // src/app/app.module.ts\n * @Module({\n * imports: [AuthModule.forRoot({ ... })],\n * })\n * export class AppModule {}\n *\n * The `forRoot` static factory builds a one-off `AuthModule` subclass\n * pre-configured with the user's `auth` config. The provider token\n * `'AUTH_CONFIG'` carries the config to the `AuthService` constructor.\n *\n * AuthService is registered under **both** its class token and\n * `AuthService.TOKEN` (a Symbol). The class token is what the\n * container scans; the Symbol is what `@Inject(AuthService.TOKEN)`\n * looks up. Both resolve to the same instance via `useExisting`.\n */\n\nimport { Module } from \"@nexusts/core\";\nimport { AuthController } from \"./auth.controller.js\";\nimport { AuthService } from \"./auth.service.js\";\nimport type { AuthConfig } from \"./types.js\";\n\n\n@Module({\n\tcontrollers: [AuthController],\n\tproviders: [\n\t\tAuthService,\n\t\t{ provide: AuthService.TOKEN, useExisting: AuthService },\n\t],\n\texports: [AuthService, AuthService.TOKEN],\n})\nexport class AuthModule {\n\t/**\n\t * Build a configured `AuthModule` class with the given config.\n\t *\n\t * The returned class can be `imports`-ed by any other module and\n\t * will provide the `AuthService` (and a `AUTH_CONFIG` value\n\t * provider) to its container.\n\t */\n\tstatic forRoot(config: AuthConfig) {\n\t\t@Module({\n\t\t\tcontrollers: [AuthController],\n\t\t\tproviders: [\n\t\t\t\tAuthService,\n\t\t\t\t{ provide: AuthService.TOKEN, useExisting: AuthService },\n\t\t\t\t{ provide: \"AUTH_CONFIG\", useValue: config },\n\t\t\t],\n\t\t\texports: [AuthService, AuthService.TOKEN],\n\t\t})\n\t\tclass ConfiguredAuthModule {}\n\n\t\t// Tag the dynamic class so the user can see where it came from.\n\t\tObject.defineProperty(ConfiguredAuthModule, \"name\", {\n\t\t\tvalue: \"ConfiguredAuthModule\",\n\t\t});\n\n\t\treturn ConfiguredAuthModule;\n\t}\n}\n",
9
9
  "/**\n * `authMiddleware` — populate `c.var.user` and `c.var.session` on\n * every request, optionally enforcing a \"must be logged in\" policy.\n *\n * This is a Hono middleware that wraps better-auth's `getSession`.\n * It runs after the better-auth handler has set its own cookies, so\n * subsequent reads are cheap (a single DB lookup).\n *\n * Three modes:\n * - optional → always allow; populate user/session if present\n * - required → 401 if no user\n * - scoped → require user only for paths matching a regex\n *\n * Usage:\n * import { authMiddleware } from '@nexusts/auth';\n * app.use('*', authMiddleware(auth, { mode: 'optional' }));\n * app.use('/api/*', authMiddleware(auth, { mode: 'required' }));\n */\n\nimport type { Auth } from \"better-auth\";\nimport type { Context, MiddlewareHandler, } from \"hono\";\nimport type { AuthVariables } from \"./types.js\";\n\nexport type AuthMiddlewareMode = \"optional\" | \"required\" | \"scoped\";\n\nexport interface AuthMiddlewareOptions {\n\t/** Auth mode. Default: `'optional'`. */\n\tmode?: AuthMiddlewareMode;\n\t/** Path matcher (only used in `'scoped'` mode). */\n\tscope?: RegExp;\n\t/** Path matcher for `'scoped'` mode's protected set. */\n\tprotectedPaths?: RegExp | RegExp[];\n\t/** Path matcher for paths that should be skipped entirely. */\n\tignoredPaths?: RegExp | RegExp[];\n\t/** Customize the 401 response. */\n\tonUnauthenticated?: (c: Context) => Response | Promise<Response>;\n\t/** Customize the 403 response when a scope check fails. */\n\tonForbidden?: (c: Context) => Response | Promise<Response>;\n}\n\nexport function authMiddleware(\n\tauth: Auth,\n\toptions: AuthMiddlewareOptions = {},\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n\tconst {\n\t\tmode = \"optional\",\n\t\tscope,\n\t\tprotectedPaths,\n\t\tignoredPaths,\n\t\tonUnauthenticated = defaultUnauthenticated,\n\t} = options;\n\n\tconst ignored = toMatcher(ignoredPaths);\n\tconst protected_ =\n\t\tmode === \"scoped\"\n\t\t\t? toMatcher(scope ?? protectedPaths ?? /^\\/.+/) // everything\n\t\t\t: null;\n\n\treturn async (c, next) => {\n\t\tconst path = c.req.path;\n\n\t\t// Skip ignored paths entirely (e.g. health checks).\n\t\tif (ignored?.test(path)) {\n\t\t\treturn next();\n\t\t}\n\n\t\t// Populate the session.\n\t\tconst session = await auth.api.getSession({\n\t\t\theaders: c.req.raw.headers,\n\t\t});\n\n\t\tif (session) {\n\t\t\tc.set(\"user\", session.user as never);\n\t\t\tc.set(\"session\", session.session as never);\n\t\t} else {\n\t\t\tc.set(\"user\", null);\n\t\t\tc.set(\"session\", null);\n\t\t}\n\n\t\t// Apply mode.\n\t\tif (mode === \"required\" || (protected_?.test(path) && session === null)) {\n\t\t\tif (session === null) return onUnauthenticated(c);\n\t\t}\n\n\t\t// Scope-based forbidden check (e.g. \"user must have a specific role\").\n\t\t// Skipped here — the route handler can call `requireRole(...)` itself.\n\n\t\treturn next();\n\t};\n}\n\nfunction toMatcher(input?: RegExp | RegExp[]): RegExp | null {\n\tif (!input) return null;\n\tif (Array.isArray(input)) {\n\t\treturn new RegExp(input.map((r) => `(?:${r.source})`).join(\"|\"));\n\t}\n\treturn input;\n}\n\nfunction defaultUnauthenticated(c: Context): Response {\n\treturn c.json(\n\t\t{ error: \"Unauthorized\", message: \"Authentication required.\" },\n\t\t401,\n\t);\n}\n\n/**\n * `authHandler` — mount better-auth's catch-all handler at a path.\n *\n * Use this instead of writing the `app.on(['POST', 'GET'], path, ...)`\n * boilerplate yourself.\n *\n * app.use('/api/auth/*', cors({ ... }));\n * app.all('/api/auth/*', authHandler(auth));\n */\nexport function authHandler(auth: Auth): MiddlewareHandler {\n\treturn async (c) => auth.handler(c.req.raw);\n}\n",
10
10
  "/**\n * `@CurrentUser()` — controller parameter decorator that injects the\n * authenticated user (and optionally the session) into a handler.\n *\n * Usage:\n * @Get('/me')\n * me(@CurrentUser() user: AuthUser) {\n * return user;\n * }\n *\n * @Get('/profile')\n * profile(@CurrentUser({ session: true }) ctx: { user: AuthUser; session: AuthSessionRecord }) {\n * return ctx;\n * }\n *\n * @Get('/dashboard')\n * dashboard(@CurrentUser({ required: true }) user: AuthUser) {\n * // 401 is thrown before the handler if no user is present.\n * return this.dashboardService.forUser(user.id);\n * }\n */\n\nimport { createParamDecorator } from \"@nexusts/core\";\nimport { PARAM_TYPES } from \"@nexusts/core\";\nimport type { AuthUser, AuthSessionRecord } from \"../types.js\";\nimport { safeGetMeta, safeDefineMeta, safeHasMeta } from \"@nexusts/core/di/safe-reflect\";\n\nexport interface CurrentUserOptions {\n\t/**\n\t * Include the session in the injected value. Default: `false`.\n\t * When true, the value is `{ user, session }` instead of just the user.\n\t */\n\tsession?: boolean;\n\t/**\n\t * Throw 401 if no user is present. Default: `false`.\n\t * When true, the framework returns a 401 response without invoking\n\t * the handler.\n\t */\n\trequired?: boolean;\n\t/**\n\t * Throw 403 if the user does not satisfy the predicate.\n\t */\n\tassert?: (user: AuthUser) => boolean | Promise<boolean>;\n}\n\n/**\n * Inject the authenticated user (or `{ user, session }` if `session: true`).\n */\nexport function CurrentUser(\n\toptions: CurrentUserOptions = {},\n): ParameterDecorator {\n\treturn createParamDecorator(PARAM_TYPES.USER, options as never);\n}\n\n/**\n * Convenience: throw 401 with a JSON body when no user is present.\n * Exposed for users who want to enforce auth inside the handler.\n */\nexport class UnauthenticatedError extends Error {\n\treadonly status = 401;\n\tconstructor(message = \"Authentication required.\") {\n\t\tsuper(message);\n\t\tthis.name = \"UnauthenticatedError\";\n\t}\n}\n\nexport class ForbiddenError extends Error {\n\treadonly status = 403;\n\tconstructor(message = \"Insufficient permissions.\") {\n\t\tsuper(message);\n\t\tthis.name = \"ForbiddenError\";\n\t}\n}\n\n// Re-export session record type for convenience.\nexport type { AuthSessionRecord as AuthSession };\n"
11
11
  ],
12
- "mappings": ";;;;;;;;;;;;;;;;;AA+BA;AAWO,SAAS,UAAU,CAAC,SAAqB,CAAC,GAAuB;AAAA,EACvE,MAAM,SAAS,OAAO,UAAU,QAAQ,IAAI;AAAA,EAC5C,MAAM,UAAU,OAAO,WAAW,QAAQ,IAAI;AAAA,EAE9C,IAAI,CAAC,QAAQ;AAAA,IACZ,MAAM,IAAI,MACT,kDACC,iEACF;AAAA,EACD;AAAA,EACA,IAAI,CAAC,SAAS;AAAA,IACb,MAAM,IAAI,MACT,wEACD;AAAA,EACD;AAAA,EAEA,MAAM,UAA0B,CAAC;AAAA,EAGjC,IAAI,OAAO,KAAK,SAAS;AAAA,IAIxB,QAAQ;AAAA,IACR,QAAQ,KACP,IAAI;AAAA,MACH,MAAM;AAAA,QACL,MAAM,OAAO,IAAI,YAAY;AAAA,MAC9B;AAAA,MACA,QAAQ,OAAO,IAAI,UAAU;AAAA,MAC7B,UAAU,OAAO,IAAI,YAAY;AAAA,MACjC,WAAW,OAAO,IAAI,aAAa,KAAK;AAAA,IACzC,CAAC,CACF;AAAA,EACD;AAAA,EAGA,IAAI,OAAO,SAAS,SAAS;AAAA,IAE5B,QAAQ;AAAA,IACR,QAAQ,KACP,QAAQ;AAAA,MACP,QAAQ,OAAO,QAAQ;AAAA,MACvB,MAAM,OAAO,QAAQ;AAAA,MACrB,QAAQ,OAAO,QAAQ;AAAA,IACxB,CAAC,CACF;AAAA,EACD;AAAA,EAEA,OAAO,WAAW;AAAA,IACjB;AAAA,IACA;AAAA,IACA,UAAU,OAAO,YAAY;AAAA,IAC7B,kBAAkB;AAAA,MACjB,SAAS,OAAO,kBAAkB,WAAW;AAAA,MAC7C,0BACC,OAAO,kBAAkB,4BAA4B;AAAA,MACtD,mBAAmB,OAAO,kBAAkB,qBAAqB;AAAA,MACjE,mBAAmB,OAAO,kBAAkB,qBAAqB;AAAA,IAClE;AAAA,IACA,SAAS;AAAA,MACR,WAAW,OAAO,2BAA2B,KAAK,KAAK,KAAK;AAAA,IAC7D;AAAA,IACA,iBAAiB,OAAO;AAAA,IACxB,UAAU;AAAA,MACT,SAAS;AAAA,QACR,cAAc;AAAA,UACb,YAAY;AAAA,YACX,UAAW,OAAO,kBAAkB;AAAA,YAIpC,QACC,OAAO,gBAAgB;AAAA,eACpB,OAAO,eAAe,EAAE,QAAQ,OAAO,aAAa,IAAI,CAAC;AAAA,UAC9D;AAAA,QACD;AAAA,MACD;AAAA,MACA,uBAAuB,OAAO,uBAAuB,UAClD;AAAA,QACA,SAAS;AAAA,QACT,QAAQ,OAAO,sBAAsB;AAAA,MACtC,IACC;AAAA,IACJ;AAAA,IACA;AAAA,EACD,CAAU;AAAA;;AC/GX;AAWO,MAAM,YAAY;AAAA,SAER,QAAQ,OAAO,IAAI,mBAAmB;AAAA,EAM9C,YAA8B;AAAA,MAKlC,QAAQ,GAAc;AAAA,IACzB,IAAI,CAAC,KAAK,WAAW;AAAA,MACpB,KAAK,YAAY,WAAW,KAAK,MAAM;AAAA,IACxC;AAAA,IACA,OAAO,KAAK;AAAA;AAAA,EAYb,kBAAyC;AAAA,EAEzC,WAAW,GAAG;AAAA,EAad,WAAW,CAAC,gBAAsC;AAAA,IACjD,KAAK,kBAAkB;AAAA,IACvB,OAAO;AAAA;AAAA,EAMR,iBAAiB,GAAY;AAAA,IAC5B,OAAO,KAAK,oBAAoB;AAAA;AAAA,OAgB3B,WAAU,CAAC,OAAmD;AAAA,IAEnE,IAAI,KAAK,iBAAiB;AAAA,MACzB,MAAM,aAAa,KAAK,gBAAgB;AAAA,MACxC,IAAI,YAAY;AAAA,QACf,MAAM,eAAe,MAAM,QAAQ,IAAI,QAAQ,KAAK;AAAA,QACpD,MAAM,QAAQ,YAAY,cAAc,UAAU;AAAA,QAClD,IAAI,OAAO;AAAA,UACV,MAAM,UAAU,KAAK,gBAAgB,aAAa,KAAK;AAAA,UACvD,IAAI,SAAS,QAAQ;AAAA,YAGpB,MAAM,iBAAkB,MAAM,KAAK,SAAS,IAAI,WAAW;AAAA,cAC1D,SAAS,MAAM;AAAA,YAChB,CAAC;AAAA,YACD,IAAI,gBAAgB,MAAM;AAAA,cACzB,OAAO;AAAA,YACR;AAAA,UACD;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,IAGA,MAAM,SAAS,MAAM,KAAK,SAAS,IAAI,WAAW;AAAA,MACjD,SAAS,MAAM;AAAA,IAChB,CAAC;AAAA,IACD,OAAO;AAAA;AAAA,OAQF,cAAa,CAAC,OAA6B;AAAA,IAChD,IAAI,CAAC,KAAK;AAAA,MAAiB,OAAO;AAAA,IAClC,MAAM,aAAa,KAAK,gBAAgB;AAAA,IACxC,IAAI,CAAC;AAAA,MAAY,OAAO;AAAA,IACxB,MAAM,eAAe,MAAM,QAAQ,IAAI,QAAQ,KAAK;AAAA,IACpD,MAAM,QAAQ,YAAY,cAAc,UAAU;AAAA,IAClD,IAAI,CAAC;AAAA,MAAO,OAAO;AAAA,IACnB,OAAO,KAAK,gBAAgB,aAAa,KAAK;AAAA;AAAA,OAWzC,OAAM,CAAC,OAMV;AAAA,IACF,OAAO,KAAK,SAAS,IAAI,YAAY;AAAA,MACpC,MAAM;AAAA,IACP,CAAC;AAAA;AAAA,OAII,OAAM,CAAC,OAAkE;AAAA,IAC9E,OAAO,KAAK,SAAS,IAAI,YAAY;AAAA,MACpC,MAAM;AAAA,IACP,CAAC;AAAA;AAAA,OAII,QAAO,CAAC,OAA6B;AAAA,IAC1C,OAAO,KAAK,SAAS,IAAI,QAAQ;AAAA,MAChC,SAAS,MAAM;AAAA,IAChB,CAAC;AAAA;AAAA,OAUI,YAAW,CAAC,OAGf;AAAA,IACF,OAAO,KAAK,SAAS,IAAI,aAAa;AAAA,MACrC,MAAM;AAAA,IACP,CAAC;AAAA;AAAA,OAMI,oBAAmB,CAAC,OAA4D;AAAA,IACrF,OAAO,KAAK,SAAS,IAAI,aAAa;AAAA,MACrC,SAAS,MAAM;AAAA,MACf,OAAO,MAAM;AAAA,MACb,MAAM,CAAC;AAAA,IACR,CAAC;AAAA;AAAA,OAWI,SAAQ,CAAC,OAA2B;AAAA,IACzC,MAAM,MAAM,KAAK,SAAS;AAAA,IAM1B,IAAI,CAAC,IAAI,SAAS;AAAA,MACjB,MAAM,IAAI,MACT,oFACD;AAAA,IACD;AAAA,IACA,OAAO,IAAI,QAAQ,EAAE,MAAM,EAAE,QAAQ,MAAM,OAAO,EAAE,CAAC;AAAA;AAAA,OAOhD,gBAAe,CAAC,OAA6B;AAAA,IAClD,MAAM,MAAM,KAAK,SAAS;AAAA,IAK1B,IAAI,CAAC,IAAI,SAAS;AAAA,MACjB,MAAM,IAAI,MACT,4FACD;AAAA,IACD;AAAA,IACA,OAAO,IAAI,QAAQ,SAAS,EAAE,SAAS,MAAM,QAAQ,CAAC;AAAA;AAAA,OAGjD,oBAAmB,CAAC,OAA4C;AAAA,IACrE,MAAM,MAAM,KAAK,SAAS;AAAA,IAK1B,IAAI,CAAC,IAAI,SAAS;AAAA,MACjB,MAAM,IAAI,MAAM,0CAA0C;AAAA,IAC3D;AAAA,IACA,OAAO,IAAI,QAAQ,aAAa,EAAE,SAAS,MAAM,SAAS,MAAM,MAAM,KAAK,CAAC;AAAA;AAAA,EAW7E,QAAQ,CAAC,IAAY,SAAgC,KAAe;AAAA,IACnE,OAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,SAAS,EAAE,UAAU,GAAG,EAAE,CAAC;AAAA;AAAA,EAMhE,kBAAkB,CAAC,SAGjB;AAAA,IACD,IAAI,CAAC;AAAA,MAAS,OAAO,EAAE,MAAM,MAAM,SAAS,KAAK;AAAA,IACjD,OAAO,EAAE,MAAM,QAAQ,MAAM,SAAS,QAAQ,QAAQ;AAAA;AAExD;AArPiD;AAAA,EAA/C,OAAO,aAAa;AAAA,GALT,YAKoC;AALpC,cAAN;AAAA,EADN,WAAW;AAAA,EACL;AAAA,GAAM;AAgQb,SAAS,WAAW,CAAC,cAAsB,MAA6B;AAAA,EACvE,IAAI,CAAC;AAAA,IAAc,OAAO;AAAA,EAC1B,MAAM,QAAQ,aAAa,MAAM,GAAG;AAAA,EACpC,WAAW,QAAQ,OAAO;AAAA,IACzB,MAAM,KAAK,KAAK,QAAQ,GAAG;AAAA,IAC3B,IAAI,KAAK;AAAA,MAAG;AAAA,IACZ,MAAM,IAAI,KAAK,MAAM,GAAG,EAAE,EAAE,KAAK;AAAA,IACjC,IAAI,MAAM,MAAM;AAAA,MACf,OAAO,mBAAmB,KAAK,MAAM,KAAK,CAAC,EAAE,KAAK,CAAC;AAAA,IACpD;AAAA,EACD;AAAA,EACA,OAAO;AAAA;;ACxQR,oCAA0B;AAMnB,MAAM,eAAe;AAAA,OAQrB,QAAO,CAAC,KAAc;AAAA,IAC3B,MAAM,UAAuB,MAAM,KAAK,KAAK,WAAW;AAAA,MACvD,SAAS,IAAI,IAAI,IAAI;AAAA,IACtB,CAAC;AAAA,IACD,OAAO,IAAI,KAAK,WAAW,EAAE,MAAM,MAAM,SAAS,KAAK,CAAC;AAAA;AAAA,OAQnD,YAAW,CAAC,KAAc;AAAA,IAC/B,MAAM,OAAO,MAAM,IAAI,IAAI,KAAU;AAAA,IACrC,MAAM,SAAS,MAAM,KAAK,KAAK,OAAO,IAAI;AAAA,IAC1C,OAAO,IAAI,KAAK,QAAQ,GAAG;AAAA;AAAA,OAQtB,YAAW,CAAC,KAAc;AAAA,IAC/B,MAAM,OAAO,MAAM,IAAI,IAAI,KAAU;AAAA,IACrC,MAAM,SAAS,MAAM,KAAK,KAAK,OAAO,IAAI;AAAA,IAC1C,OAAO,IAAI,KAAK,MAAM;AAAA;AAAA,OAOjB,QAAO,CAAC,KAAc;AAAA,IAC3B,MAAM,KAAK,KAAK,QAAQ,EAAE,SAAS,IAAI,IAAI,IAAI,QAAQ,CAAC;AAAA,IACxD,OAAO,IAAI,KAAK,EAAE,IAAI,KAAK,CAAC;AAAA;AAAA,OAQvB,aAAY,CAAC,KAAc;AAAA,IAChC,MAAM,WAAW,IAAI,IAAI,MAAM,UAAU,KAAK;AAAA,IAC9C,MAAM,cAAc,IAAI,IAAI,MAAM,aAAa,KAAK;AAAA,IACpD,MAAM,SAAS,MAAM,KAAK,KAAK,YAAY,EAAE,UAAU,YAAY,CAAC;AAAA,IACpE,OAAO,IAAI,KAAK,MAAM;AAAA;AAAA,OASjB,cAAa,CAAC,KAAc;AAAA,IACjC,MAAM,SAAS,MAAM,KAAK,KAAK,oBAAoB;AAAA,MAClD,SAAS,IAAI,IAAI,IAAI;AAAA,MACrB,OAAO,IAAI,IAAI,MAAM;AAAA,IACtB,CAAC;AAAA,IACD,OAAO,IAAI,KAAK,MAAM;AAAA;AAAA,OAQjB,SAAQ,CAAC,KAAc;AAAA,IAC5B,MAAM,UAAU,MAAM,KAAK,KAAK,WAAW;AAAA,MAC1C,SAAS,IAAI,IAAI,IAAI;AAAA,IACtB,CAAC;AAAA,IACD,IAAI,CAAC;AAAA,MAAS,OAAO,IAAI,KAAK,EAAE,OAAO,eAAe,GAAG,GAAG;AAAA,IAC5D,MAAM,QAAQ,MAAM,KAAK,KAAK,SAAS,EAAE,QAAQ,QAAQ,KAAK,GAAG,CAAC;AAAA,IAClE,OAAO,IAAI,KAAK,KAAK;AAAA;AAAA,OAQhB,gBAAe,CAAC,KAAc;AAAA,IACnC,MAAM,SAAS,MAAM,KAAK,KAAK,gBAAgB;AAAA,MAC9C,SAAS,IAAI,IAAI,IAAI;AAAA,IACtB,CAAC;AAAA,IACD,OAAO,IAAI,KAAK,MAAM;AAAA;AAAA,OAQjB,oBAAmB,CAAC,KAAc;AAAA,IACvC,MAAM,OAAO,MAAM,IAAI,IAAI,KAAU;AAAA,IACrC,MAAM,SAAS,MAAM,KAAK,KAAK,oBAAoB;AAAA,MAClD,SAAS,IAAI,IAAI,IAAI;AAAA,MACrB;AAAA,IACD,CAAC;AAAA,IACD,OAAO,IAAI,KAAK,MAAM;AAAA;AAExB;AA9GqD;AAAA,EAAnD,QAAO,YAAY,KAAK;AAAA,GADb,eACwC;AAO9C;AAAA,EADL,IAAI,UAAU;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,GARM,eAQN;AAYA;AAAA,EADL,KAAK,gBAAgB;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA,GApBM,eAoBN;AAWA;AAAA,EADL,KAAK,gBAAgB;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA,GA/BM,eA+BN;AAUA;AAAA,EADL,KAAK,WAAW;AAAA,EACX;AAAA;AAAA;AAAA;AAAA;AAAA,GAzCM,eAyCN;AAUA;AAAA,EADL,IAAI,oBAAoB;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,GAnDM,eAmDN;AAaA;AAAA,EADL,IAAI,qBAAqB;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA,GAhEM,eAgEN;AAaA;AAAA,EADL,KAAK,MAAM;AAAA,EACN;AAAA;AAAA;AAAA;AAAA;AAAA,GA7EM,eA6EN;AAcA;AAAA,EADL,KAAK,mBAAmB;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,GA3FM,eA2FN;AAYA;AAAA,EADL,KAAK,uBAAuB;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA,GAvGM,eAuGN;AAvGM,iBAAN;AAAA,EADN,WAAW,WAAW;AAAA,GACV;;ACjBb;AAcO,MAAM,WAAW;AAAA,SAQhB,OAAO,CAAC,QAAoB;AAAA,IAUlC,MAAM,qBAAqB;AAAA,IAAC;AAAA,IAAtB,uBAAN;AAAA,MATC,OAAO;AAAA,QACP,aAAa,CAAC,cAAc;AAAA,QAC5B,WAAW;AAAA,UACV;AAAA,UACA,EAAE,SAAS,YAAY,OAAO,aAAa,YAAY;AAAA,UACvD,EAAE,SAAS,eAAe,UAAU,OAAO;AAAA,QAC5C;AAAA,QACA,SAAS,CAAC,aAAa,YAAY,KAAK;AAAA,MACzC,CAAC;AAAA,OACK;AAAA,IAGN,OAAO,eAAe,sBAAsB,QAAQ;AAAA,MACnD,OAAO;AAAA,IACR,CAAC;AAAA,IAED,OAAO;AAAA;AAET;AA3Ba,aAAN;AAAA,EARN,OAAO;AAAA,IACP,aAAa,CAAC,cAAc;AAAA,IAC5B,WAAW;AAAA,MACV;AAAA,MACA,EAAE,SAAS,YAAY,OAAO,aAAa,YAAY;AAAA,IACxD;AAAA,IACA,SAAS,CAAC,aAAa,YAAY,KAAK;AAAA,EACzC,CAAC;AAAA,GACY;;ACMN,SAAS,cAAc,CAC7B,MACA,UAAiC,CAAC,GACgB;AAAA,EAClD;AAAA,IACC,OAAO;AAAA,IACP;AAAA,IACA;AAAA,IACA;AAAA,IACA,oBAAoB;AAAA,MACjB;AAAA,EAEJ,MAAM,UAAU,UAAU,YAAY;AAAA,EACtC,MAAM,aACL,SAAS,WACN,UAAU,SAAS,kBAAkB,OAAO,IAC5C;AAAA,EAEJ,OAAO,OAAO,GAAG,SAAS;AAAA,IACzB,MAAM,OAAO,EAAE,IAAI;AAAA,IAGnB,IAAI,SAAS,KAAK,IAAI,GAAG;AAAA,MACxB,OAAO,KAAK;AAAA,IACb;AAAA,IAGA,MAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,MACzC,SAAS,EAAE,IAAI,IAAI;AAAA,IACpB,CAAC;AAAA,IAED,IAAI,SAAS;AAAA,MACZ,EAAE,IAAI,QAAQ,QAAQ,IAAa;AAAA,MACnC,EAAE,IAAI,WAAW,QAAQ,OAAgB;AAAA,IAC1C,EAAO;AAAA,MACN,EAAE,IAAI,QAAQ,IAAI;AAAA,MAClB,EAAE,IAAI,WAAW,IAAI;AAAA;AAAA,IAItB,IAAI,SAAS,cAAe,YAAY,KAAK,IAAI,KAAK,YAAY,MAAO;AAAA,MACxE,IAAI,YAAY;AAAA,QAAM,OAAO,kBAAkB,CAAC;AAAA,IACjD;AAAA,IAKA,OAAO,KAAK;AAAA;AAAA;AAId,SAAS,SAAS,CAAC,OAA0C;AAAA,EAC5D,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EACnB,IAAI,MAAM,QAAQ,KAAK,GAAG;AAAA,IACzB,OAAO,IAAI,OAAO,MAAM,IAAI,CAAC,MAAM,MAAM,EAAE,SAAS,EAAE,KAAK,GAAG,CAAC;AAAA,EAChE;AAAA,EACA,OAAO;AAAA;AAGR,SAAS,sBAAsB,CAAC,GAAsB;AAAA,EACrD,OAAO,EAAE,KACR,EAAE,OAAO,gBAAgB,SAAS,2BAA2B,GAC7D,GACD;AAAA;AAYM,SAAS,WAAW,CAAC,MAA+B;AAAA,EAC1D,OAAO,OAAO,MAAM,KAAK,QAAQ,EAAE,IAAI,GAAG;AAAA;;AC9F3C;AACA;AAyBO,SAAS,WAAW,CAC1B,UAA8B,CAAC,GACV;AAAA,EACrB,OAAO,qBAAqB,YAAY,MAAM,OAAgB;AAAA;AAAA;AAOxD,MAAM,6BAA6B,MAAM;AAAA,EACtC,SAAS;AAAA,EAClB,WAAW,CAAC,UAAU,4BAA4B;AAAA,IACjD,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAEd;AAAA;AAEO,MAAM,uBAAuB,MAAM;AAAA,EAChC,SAAS;AAAA,EAClB,WAAW,CAAC,UAAU,6BAA6B;AAAA,IAClD,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAEd;",
13
- "debugId": "96CFDD82525FD1DA64756E2164756E21",
12
+ "mappings": ";;;;;;;;;;;;;AA+BA;AAWO,SAAS,UAAU,CAAC,SAAqB,CAAC,GAAuB;AAAA,EACvE,MAAM,SAAS,OAAO,UAAU,QAAQ,IAAI;AAAA,EAC5C,MAAM,UAAU,OAAO,WAAW,QAAQ,IAAI;AAAA,EAE9C,IAAI,CAAC,QAAQ;AAAA,IACZ,MAAM,IAAI,MACT,kDACC,iEACF;AAAA,EACD;AAAA,EACA,IAAI,CAAC,SAAS;AAAA,IACb,MAAM,IAAI,MACT,wEACD;AAAA,EACD;AAAA,EAEA,MAAM,UAA0B,CAAC;AAAA,EAGjC,IAAI,OAAO,KAAK,SAAS;AAAA,IAIxB,QAAQ;AAAA,IACR,QAAQ,KACP,IAAI;AAAA,MACH,MAAM;AAAA,QACL,MAAM,OAAO,IAAI,YAAY;AAAA,MAC9B;AAAA,MACA,QAAQ,OAAO,IAAI,UAAU;AAAA,MAC7B,UAAU,OAAO,IAAI,YAAY;AAAA,MACjC,WAAW,OAAO,IAAI,aAAa,KAAK;AAAA,IACzC,CAAC,CACF;AAAA,EACD;AAAA,EAGA,IAAI,OAAO,SAAS,SAAS;AAAA,IAE5B,QAAQ;AAAA,IACR,QAAQ,KACP,QAAQ;AAAA,MACP,QAAQ,OAAO,QAAQ;AAAA,MACvB,MAAM,OAAO,QAAQ;AAAA,MACrB,QAAQ,OAAO,QAAQ;AAAA,IACxB,CAAC,CACF;AAAA,EACD;AAAA,EAEA,OAAO,WAAW;AAAA,IACjB;AAAA,IACA;AAAA,IACA,UAAU,OAAO,YAAY;AAAA,IAC7B,kBAAkB;AAAA,MACjB,SAAS,OAAO,kBAAkB,WAAW;AAAA,MAC7C,0BACC,OAAO,kBAAkB,4BAA4B;AAAA,MACtD,mBAAmB,OAAO,kBAAkB,qBAAqB;AAAA,MACjE,mBAAmB,OAAO,kBAAkB,qBAAqB;AAAA,IAClE;AAAA,IACA,SAAS;AAAA,MACR,WAAW,OAAO,2BAA2B,KAAK,KAAK,KAAK;AAAA,IAC7D;AAAA,IACA,iBAAiB,OAAO;AAAA,IACxB,UAAU;AAAA,MACT,SAAS;AAAA,QACR,cAAc;AAAA,UACb,YAAY;AAAA,YACX,UAAW,OAAO,kBAAkB;AAAA,YAIpC,QACC,OAAO,gBAAgB;AAAA,eACpB,OAAO,eAAe,EAAE,QAAQ,OAAO,aAAa,IAAI,CAAC;AAAA,UAC9D;AAAA,QACD;AAAA,MACD;AAAA,MACA,uBAAuB,OAAO,uBAAuB,UAClD;AAAA,QACA,SAAS;AAAA,QACT,QAAQ,OAAO,sBAAsB;AAAA,MACtC,IACC;AAAA,IACJ;AAAA,IACA;AAAA,EACD,CAAU;AAAA;;AC/GX;AAWO,MAAM,YAAY;AAAA,SAER,QAAQ,OAAO,IAAI,mBAAmB;AAAA,EAM9C,YAA8B;AAAA,MAKlC,QAAQ,GAAc;AAAA,IACzB,IAAI,CAAC,KAAK,WAAW;AAAA,MACpB,KAAK,YAAY,WAAW,KAAK,MAAM;AAAA,IACxC;AAAA,IACA,OAAO,KAAK;AAAA;AAAA,EAYb,kBAAyC;AAAA,EAEzC,WAAW,GAAG;AAAA,EAad,WAAW,CAAC,gBAAsC;AAAA,IACjD,KAAK,kBAAkB;AAAA,IACvB,OAAO;AAAA;AAAA,EAMR,iBAAiB,GAAY;AAAA,IAC5B,OAAO,KAAK,oBAAoB;AAAA;AAAA,OAgB3B,WAAU,CAAC,OAAmD;AAAA,IAEnE,IAAI,KAAK,iBAAiB;AAAA,MACzB,MAAM,aAAa,KAAK,gBAAgB;AAAA,MACxC,IAAI,YAAY;AAAA,QACf,MAAM,eAAe,MAAM,QAAQ,IAAI,QAAQ,KAAK;AAAA,QACpD,MAAM,QAAQ,YAAY,cAAc,UAAU;AAAA,QAClD,IAAI,OAAO;AAAA,UACV,MAAM,UAAU,KAAK,gBAAgB,aAAa,KAAK;AAAA,UACvD,IAAI,SAAS,QAAQ;AAAA,YAGpB,MAAM,iBAAkB,MAAM,KAAK,SAAS,IAAI,WAAW;AAAA,cAC1D,SAAS,MAAM;AAAA,YAChB,CAAC;AAAA,YACD,IAAI,gBAAgB,MAAM;AAAA,cACzB,OAAO;AAAA,YACR;AAAA,UACD;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,IAGA,MAAM,SAAS,MAAM,KAAK,SAAS,IAAI,WAAW;AAAA,MACjD,SAAS,MAAM;AAAA,IAChB,CAAC;AAAA,IACD,OAAO;AAAA;AAAA,OAQF,cAAa,CAAC,OAA6B;AAAA,IAChD,IAAI,CAAC,KAAK;AAAA,MAAiB,OAAO;AAAA,IAClC,MAAM,aAAa,KAAK,gBAAgB;AAAA,IACxC,IAAI,CAAC;AAAA,MAAY,OAAO;AAAA,IACxB,MAAM,eAAe,MAAM,QAAQ,IAAI,QAAQ,KAAK;AAAA,IACpD,MAAM,QAAQ,YAAY,cAAc,UAAU;AAAA,IAClD,IAAI,CAAC;AAAA,MAAO,OAAO;AAAA,IACnB,OAAO,KAAK,gBAAgB,aAAa,KAAK;AAAA;AAAA,OAWzC,OAAM,CAAC,OAMV;AAAA,IACF,OAAO,KAAK,SAAS,IAAI,YAAY;AAAA,MACpC,MAAM;AAAA,IACP,CAAC;AAAA;AAAA,OAII,OAAM,CAAC,OAAkE;AAAA,IAC9E,OAAO,KAAK,SAAS,IAAI,YAAY;AAAA,MACpC,MAAM;AAAA,IACP,CAAC;AAAA;AAAA,OAII,QAAO,CAAC,OAA6B;AAAA,IAC1C,OAAO,KAAK,SAAS,IAAI,QAAQ;AAAA,MAChC,SAAS,MAAM;AAAA,IAChB,CAAC;AAAA;AAAA,OAUI,YAAW,CAAC,OAGf;AAAA,IACF,OAAO,KAAK,SAAS,IAAI,aAAa;AAAA,MACrC,MAAM;AAAA,IACP,CAAC;AAAA;AAAA,OAMI,oBAAmB,CAAC,OAA4D;AAAA,IACrF,OAAO,KAAK,SAAS,IAAI,aAAa;AAAA,MACrC,SAAS,MAAM;AAAA,MACf,OAAO,MAAM;AAAA,MACb,MAAM,CAAC;AAAA,IACR,CAAC;AAAA;AAAA,OAWI,SAAQ,CAAC,OAA2B;AAAA,IACzC,MAAM,MAAM,KAAK,SAAS;AAAA,IAM1B,IAAI,CAAC,IAAI,SAAS;AAAA,MACjB,MAAM,IAAI,MACT,oFACD;AAAA,IACD;AAAA,IACA,OAAO,IAAI,QAAQ,EAAE,MAAM,EAAE,QAAQ,MAAM,OAAO,EAAE,CAAC;AAAA;AAAA,OAOhD,gBAAe,CAAC,OAA6B;AAAA,IAClD,MAAM,MAAM,KAAK,SAAS;AAAA,IAK1B,IAAI,CAAC,IAAI,SAAS;AAAA,MACjB,MAAM,IAAI,MACT,4FACD;AAAA,IACD;AAAA,IACA,OAAO,IAAI,QAAQ,SAAS,EAAE,SAAS,MAAM,QAAQ,CAAC;AAAA;AAAA,OAGjD,oBAAmB,CAAC,OAA4C;AAAA,IACrE,MAAM,MAAM,KAAK,SAAS;AAAA,IAK1B,IAAI,CAAC,IAAI,SAAS;AAAA,MACjB,MAAM,IAAI,MAAM,0CAA0C;AAAA,IAC3D;AAAA,IACA,OAAO,IAAI,QAAQ,aAAa,EAAE,SAAS,MAAM,SAAS,MAAM,MAAM,KAAK,CAAC;AAAA;AAAA,EAW7E,QAAQ,CAAC,IAAY,SAAgC,KAAe;AAAA,IACnE,OAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,SAAS,EAAE,UAAU,GAAG,EAAE,CAAC;AAAA;AAAA,EAMhE,kBAAkB,CAAC,SAGjB;AAAA,IACD,IAAI,CAAC;AAAA,MAAS,OAAO,EAAE,MAAM,MAAM,SAAS,KAAK;AAAA,IACjD,OAAO,EAAE,MAAM,QAAQ,MAAM,SAAS,QAAQ,QAAQ;AAAA;AAExD;AArPiD;AAAA,EAA/C,OAAO,aAAa;AAAA,GALT,YAKoC;AALpC,cAAN;AAAA,EADN,WAAW;AAAA,GACC;AAgQb,SAAS,WAAW,CAAC,cAAsB,MAA6B;AAAA,EACvE,IAAI,CAAC;AAAA,IAAc,OAAO;AAAA,EAC1B,MAAM,QAAQ,aAAa,MAAM,GAAG;AAAA,EACpC,WAAW,QAAQ,OAAO;AAAA,IACzB,MAAM,KAAK,KAAK,QAAQ,GAAG;AAAA,IAC3B,IAAI,KAAK;AAAA,MAAG;AAAA,IACZ,MAAM,IAAI,KAAK,MAAM,GAAG,EAAE,EAAE,KAAK;AAAA,IACjC,IAAI,MAAM,MAAM;AAAA,MACf,OAAO,mBAAmB,KAAK,MAAM,KAAK,CAAC,EAAE,KAAK,CAAC;AAAA,IACpD;AAAA,EACD;AAAA,EACA,OAAO;AAAA;;ACxQR,oCAA0B;AAMnB,MAAM,eAAe;AAAA,OAQrB,QAAO,CAAC,KAAc;AAAA,IAC3B,MAAM,UAAuB,MAAM,KAAK,KAAK,WAAW;AAAA,MACvD,SAAS,IAAI,IAAI,IAAI;AAAA,IACtB,CAAC;AAAA,IACD,OAAO,IAAI,KAAK,WAAW,EAAE,MAAM,MAAM,SAAS,KAAK,CAAC;AAAA;AAAA,OAQnD,YAAW,CAAC,KAAc;AAAA,IAC/B,MAAM,OAAO,MAAM,IAAI,IAAI,KAAU;AAAA,IACrC,MAAM,SAAS,MAAM,KAAK,KAAK,OAAO,IAAI;AAAA,IAC1C,OAAO,IAAI,KAAK,QAAQ,GAAG;AAAA;AAAA,OAQtB,YAAW,CAAC,KAAc;AAAA,IAC/B,MAAM,OAAO,MAAM,IAAI,IAAI,KAAU;AAAA,IACrC,MAAM,SAAS,MAAM,KAAK,KAAK,OAAO,IAAI;AAAA,IAC1C,OAAO,IAAI,KAAK,MAAM;AAAA;AAAA,OAOjB,QAAO,CAAC,KAAc;AAAA,IAC3B,MAAM,KAAK,KAAK,QAAQ,EAAE,SAAS,IAAI,IAAI,IAAI,QAAQ,CAAC;AAAA,IACxD,OAAO,IAAI,KAAK,EAAE,IAAI,KAAK,CAAC;AAAA;AAAA,OAQvB,aAAY,CAAC,KAAc;AAAA,IAChC,MAAM,WAAW,IAAI,IAAI,MAAM,UAAU,KAAK;AAAA,IAC9C,MAAM,cAAc,IAAI,IAAI,MAAM,aAAa,KAAK;AAAA,IACpD,MAAM,SAAS,MAAM,KAAK,KAAK,YAAY,EAAE,UAAU,YAAY,CAAC;AAAA,IACpE,OAAO,IAAI,KAAK,MAAM;AAAA;AAAA,OASjB,cAAa,CAAC,KAAc;AAAA,IACjC,MAAM,SAAS,MAAM,KAAK,KAAK,oBAAoB;AAAA,MAClD,SAAS,IAAI,IAAI,IAAI;AAAA,MACrB,OAAO,IAAI,IAAI,MAAM;AAAA,IACtB,CAAC;AAAA,IACD,OAAO,IAAI,KAAK,MAAM;AAAA;AAAA,OAQjB,SAAQ,CAAC,KAAc;AAAA,IAC5B,MAAM,UAAU,MAAM,KAAK,KAAK,WAAW;AAAA,MAC1C,SAAS,IAAI,IAAI,IAAI;AAAA,IACtB,CAAC;AAAA,IACD,IAAI,CAAC;AAAA,MAAS,OAAO,IAAI,KAAK,EAAE,OAAO,eAAe,GAAG,GAAG;AAAA,IAC5D,MAAM,QAAQ,MAAM,KAAK,KAAK,SAAS,EAAE,QAAQ,QAAQ,KAAK,GAAG,CAAC;AAAA,IAClE,OAAO,IAAI,KAAK,KAAK;AAAA;AAAA,OAQhB,gBAAe,CAAC,KAAc;AAAA,IACnC,MAAM,SAAS,MAAM,KAAK,KAAK,gBAAgB;AAAA,MAC9C,SAAS,IAAI,IAAI,IAAI;AAAA,IACtB,CAAC;AAAA,IACD,OAAO,IAAI,KAAK,MAAM;AAAA;AAAA,OAQjB,oBAAmB,CAAC,KAAc;AAAA,IACvC,MAAM,OAAO,MAAM,IAAI,IAAI,KAAU;AAAA,IACrC,MAAM,SAAS,MAAM,KAAK,KAAK,oBAAoB;AAAA,MAClD,SAAS,IAAI,IAAI,IAAI;AAAA,MACrB;AAAA,IACD,CAAC;AAAA,IACD,OAAO,IAAI,KAAK,MAAM;AAAA;AAExB;AA9GqD;AAAA,EAAnD,QAAO,YAAY,KAAK;AAAA,GADb,eACwC;AAO9C;AAAA,EADL,IAAI,UAAU;AAAA,GAPH,eAQN;AAYA;AAAA,EADL,KAAK,gBAAgB;AAAA,GAnBV,eAoBN;AAWA;AAAA,EADL,KAAK,gBAAgB;AAAA,GA9BV,eA+BN;AAUA;AAAA,EADL,KAAK,WAAW;AAAA,GAxCL,eAyCN;AAUA;AAAA,EADL,IAAI,oBAAoB;AAAA,GAlDb,eAmDN;AAaA;AAAA,EADL,IAAI,qBAAqB;AAAA,GA/Dd,eAgEN;AAaA;AAAA,EADL,KAAK,MAAM;AAAA,GA5EA,eA6EN;AAcA;AAAA,EADL,KAAK,mBAAmB;AAAA,GA1Fb,eA2FN;AAYA;AAAA,EADL,KAAK,uBAAuB;AAAA,GAtGjB,eAuGN;AAvGM,iBAAN;AAAA,EADN,WAAW,WAAW;AAAA,GACV;;ACjBb;AAcO,MAAM,WAAW;AAAA,SAQhB,OAAO,CAAC,QAAoB;AAAA,IAUlC,MAAM,qBAAqB;AAAA,IAAC;AAAA,IAAtB,uBAAN;AAAA,MATC,OAAO;AAAA,QACP,aAAa,CAAC,cAAc;AAAA,QAC5B,WAAW;AAAA,UACV;AAAA,UACA,EAAE,SAAS,YAAY,OAAO,aAAa,YAAY;AAAA,UACvD,EAAE,SAAS,eAAe,UAAU,OAAO;AAAA,QAC5C;AAAA,QACA,SAAS,CAAC,aAAa,YAAY,KAAK;AAAA,MACzC,CAAC;AAAA,OACK;AAAA,IAGN,OAAO,eAAe,sBAAsB,QAAQ;AAAA,MACnD,OAAO;AAAA,IACR,CAAC;AAAA,IAED,OAAO;AAAA;AAET;AA3Ba,aAAN;AAAA,EARN,OAAO;AAAA,IACP,aAAa,CAAC,cAAc;AAAA,IAC5B,WAAW;AAAA,MACV;AAAA,MACA,EAAE,SAAS,YAAY,OAAO,aAAa,YAAY;AAAA,IACxD;AAAA,IACA,SAAS,CAAC,aAAa,YAAY,KAAK;AAAA,EACzC,CAAC;AAAA,GACY;;ACMN,SAAS,cAAc,CAC7B,MACA,UAAiC,CAAC,GACgB;AAAA,EAClD;AAAA,IACC,OAAO;AAAA,IACP;AAAA,IACA;AAAA,IACA;AAAA,IACA,oBAAoB;AAAA,MACjB;AAAA,EAEJ,MAAM,UAAU,UAAU,YAAY;AAAA,EACtC,MAAM,aACL,SAAS,WACN,UAAU,SAAS,kBAAkB,OAAO,IAC5C;AAAA,EAEJ,OAAO,OAAO,GAAG,SAAS;AAAA,IACzB,MAAM,OAAO,EAAE,IAAI;AAAA,IAGnB,IAAI,SAAS,KAAK,IAAI,GAAG;AAAA,MACxB,OAAO,KAAK;AAAA,IACb;AAAA,IAGA,MAAM,UAAU,MAAM,KAAK,IAAI,WAAW;AAAA,MACzC,SAAS,EAAE,IAAI,IAAI;AAAA,IACpB,CAAC;AAAA,IAED,IAAI,SAAS;AAAA,MACZ,EAAE,IAAI,QAAQ,QAAQ,IAAa;AAAA,MACnC,EAAE,IAAI,WAAW,QAAQ,OAAgB;AAAA,IAC1C,EAAO;AAAA,MACN,EAAE,IAAI,QAAQ,IAAI;AAAA,MAClB,EAAE,IAAI,WAAW,IAAI;AAAA;AAAA,IAItB,IAAI,SAAS,cAAe,YAAY,KAAK,IAAI,KAAK,YAAY,MAAO;AAAA,MACxE,IAAI,YAAY;AAAA,QAAM,OAAO,kBAAkB,CAAC;AAAA,IACjD;AAAA,IAKA,OAAO,KAAK;AAAA;AAAA;AAId,SAAS,SAAS,CAAC,OAA0C;AAAA,EAC5D,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EACnB,IAAI,MAAM,QAAQ,KAAK,GAAG;AAAA,IACzB,OAAO,IAAI,OAAO,MAAM,IAAI,CAAC,MAAM,MAAM,EAAE,SAAS,EAAE,KAAK,GAAG,CAAC;AAAA,EAChE;AAAA,EACA,OAAO;AAAA;AAGR,SAAS,sBAAsB,CAAC,GAAsB;AAAA,EACrD,OAAO,EAAE,KACR,EAAE,OAAO,gBAAgB,SAAS,2BAA2B,GAC7D,GACD;AAAA;AAYM,SAAS,WAAW,CAAC,MAA+B;AAAA,EAC1D,OAAO,OAAO,MAAM,KAAK,QAAQ,EAAE,IAAI,GAAG;AAAA;;AC9F3C;AACA;AAyBO,SAAS,WAAW,CAC1B,UAA8B,CAAC,GACV;AAAA,EACrB,OAAO,qBAAqB,YAAY,MAAM,OAAgB;AAAA;AAAA;AAOxD,MAAM,6BAA6B,MAAM;AAAA,EACtC,SAAS;AAAA,EAClB,WAAW,CAAC,UAAU,4BAA4B;AAAA,IACjD,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAEd;AAAA;AAEO,MAAM,uBAAuB,MAAM;AAAA,EAChC,SAAS;AAAA,EAClB,WAAW,CAAC,UAAU,6BAA6B;AAAA,IAClD,MAAM,OAAO;AAAA,IACb,KAAK,OAAO;AAAA;AAEd;",
13
+ "debugId": "A22A569832F3E2A164756E2164756E21",
14
14
  "names": []
15
15
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nexusts/auth",
3
- "version": "0.9.7",
3
+ "version": "0.9.9",
4
4
  "description": "Authentication via better-auth integration",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -34,7 +34,7 @@
34
34
  }
35
35
  },
36
36
  "dependencies": {
37
- "@nexusts/core": "^0.9.7"
37
+ "@nexusts/core": "^0.9.9"
38
38
  },
39
39
  "repository": {
40
40
  "type": "git",