@nuria-tech/auth-sdk 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +51 -11
  2. package/dist/index.cjs +61 -16
  3. package/dist/index.cjs.map +1 -1
  4. package/dist/index.d.cts +4 -2
  5. package/dist/index.d.ts +4 -2
  6. package/dist/index.js +61 -16
  7. package/dist/index.js.map +1 -1
  8. package/package.json +1 -1
package/README.md CHANGED
@@ -27,10 +27,8 @@ import { createAuthClient } from '@nuria-tech/auth-sdk';
27
27
 
28
28
  const auth = createAuthClient({
29
29
  clientId: 'your-client-id',
30
- authorizationEndpoint: 'https://your-auth-server.example.com/authorize',
31
- tokenEndpoint: 'https://your-auth-server.example.com/token',
30
+ baseUrl: 'https://ms-auth-v2.nuria.com.br',
32
31
  redirectUri: 'https://your-app.example.com/callback',
33
- scope: 'openid profile email',
34
32
  });
35
33
 
36
34
  // Redirect to login
@@ -41,24 +39,49 @@ const session = await auth.handleRedirectCallback(window.location.href);
41
39
  console.log(session.tokens.accessToken);
42
40
  ```
43
41
 
42
+ ## Default behavior
43
+
44
+ When omitted, the SDK uses:
45
+
46
+ - `baseUrl`: `https://ms-auth-v2.nuria.com.br`
47
+ - `authorizationEndpoint`: `${baseUrl}/v2/oauth/authorize`
48
+ - `tokenEndpoint`: `${baseUrl}/v2/oauth/token`
49
+ - `scope`: `openid profile email`
50
+ - `enableRefreshToken`: `true`
51
+
52
+ Override example:
53
+
54
+ ```ts
55
+ const auth = createAuthClient({
56
+ clientId: 'your-client-id',
57
+ baseUrl: 'https://auth.hml.nuria.com.br',
58
+ authorizationEndpoint: 'https://auth.hml.nuria.com.br/custom/authorize',
59
+ tokenEndpoint: 'https://auth.hml.nuria.com.br/custom/token',
60
+ redirectUri: 'https://your-app.example.com/callback',
61
+ scope: 'openid profile',
62
+ enableRefreshToken: false,
63
+ });
64
+ ```
65
+
44
66
  ## Configuration
45
67
 
46
68
  ```ts
47
69
  interface AuthConfig {
48
70
  // Required
49
71
  clientId: string;
50
- authorizationEndpoint: string;
51
- tokenEndpoint: string;
52
72
  redirectUri: string;
53
73
 
54
74
  // Optional
55
- scope?: string; // default scope sent with every login
75
+ baseUrl?: string; // default: https://ms-auth-v2.nuria.com.br
76
+ authorizationEndpoint?: string; // default: {baseUrl}/v2/oauth/authorize
77
+ tokenEndpoint?: string; // default: {baseUrl}/v2/oauth/token
78
+ scope?: string; // default: "openid profile email"
56
79
  logoutEndpoint?: string; // if set, logout() redirects here
57
80
  userinfoEndpoint?: string; // required for getUserinfo()
58
81
  storage?: StorageAdapter; // default: MemoryStorageAdapter
59
82
  transport?: AuthTransport; // default: FetchAuthTransport
60
83
  onRedirect?: (url: string) => void | Promise<void>; // override browser redirect
61
- enableRefreshToken?: boolean; // enable automatic token refresh
84
+ enableRefreshToken?: boolean; // default: true
62
85
  now?: () => number; // override Date.now() for testing
63
86
  }
64
87
  ```
@@ -95,6 +118,7 @@ await auth.startLogin({
95
118
  ### `handleRedirectCallback(callbackUrl?)`
96
119
 
97
120
  Parses the callback URL, validates `state`, exchanges `code` for tokens using a form-encoded POST to `tokenEndpoint`, and clears transient PKCE storage. Throws typed `AuthError` on any failure.
121
+ Token endpoint calls are sent with `credentials: 'include'` to support `HttpOnly` refresh-token cookies.
98
122
 
99
123
  ```ts
100
124
  // In your /callback route
@@ -104,6 +128,8 @@ const session = await auth.handleRedirectCallback(window.location.href);
104
128
  ### `getAccessToken()`
105
129
 
106
130
  Returns the current access token. If the token is expired and `enableRefreshToken: true`, automatically refreshes it (concurrent calls are deduplicated).
131
+ Refresh calls to `tokenEndpoint` are sent with `credentials: 'include'`.
132
+ If no `refresh_token` is available in JS memory/storage, SDK still attempts refresh using cookie-based session (HttpOnly) when the server supports it.
107
133
 
108
134
  ### `logout(options?)`
109
135
 
@@ -182,8 +208,7 @@ import { createAuthClient } from '@nuria-tech/auth-sdk';
182
208
 
183
209
  const auth = createAuthClient({
184
210
  clientId: 'your-client-id',
185
- authorizationEndpoint: 'https://auth.example.com/authorize',
186
- tokenEndpoint: 'https://auth.example.com/token',
211
+ baseUrl: 'https://ms-auth-v2.nuria.com.br',
187
212
  redirectUri: `${window.location.origin}/callback`,
188
213
  });
189
214
 
@@ -212,8 +237,7 @@ export function createServerAuth(cookieApi: {
212
237
  }) {
213
238
  return createAuthClient({
214
239
  clientId: process.env.NEXT_PUBLIC_AUTH_CLIENT_ID!,
215
- authorizationEndpoint: `${process.env.NEXT_PUBLIC_AUTH_BASE_URL}/authorize`,
216
- tokenEndpoint: `${process.env.NEXT_PUBLIC_AUTH_BASE_URL}/token`,
240
+ baseUrl: process.env.NEXT_PUBLIC_AUTH_BASE_URL!,
217
241
  redirectUri: process.env.NEXT_PUBLIC_AUTH_CALLBACK_URL!,
218
242
  storage: new CookieStorageAdapter({
219
243
  getCookie: async (name) => cookieApi.get(name) ?? null,
@@ -265,6 +289,22 @@ This repository uses GitHub Actions (`.github/workflows/ci-publish.yml`):
265
289
 
266
290
  > **One-time setup:** after the first manual publish, configure Trusted Publishing at **npmjs.com → package → Settings → Automated Publishing** with repository `nuria-tech/nuria-auth-sdk` and workflow `ci-publish.yml`.
267
291
 
292
+ ## Endpoint defaults
293
+
294
+ By default, the SDK assumes `ms-auth` OAuth endpoints:
295
+
296
+ - `baseUrl`: `https://ms-auth-v2.nuria.com.br`
297
+ - `authorizationEndpoint`: `${baseUrl}/v2/oauth/authorize`
298
+ - `tokenEndpoint`: `${baseUrl}/v2/oauth/token`
299
+
300
+ You can still override `authorizationEndpoint` and `tokenEndpoint` explicitly when needed.
301
+
302
+ ## SSO strategy for multiple portals/apps
303
+
304
+ - Storage adapter (memory/session/local) is **per origin** and does not share tokens across different domains.
305
+ - For real SSO between different portals/apps, rely on auth-server session + `HttpOnly` refresh cookie (`__Host-nuria_rt`) and keep token calls with `credentials: 'include'`.
306
+ - Keep `MemoryStorageAdapter` as default to reduce token exposure in JS.
307
+
268
308
  ## License
269
309
 
270
310
  MIT — see [LICENSE](./LICENSE).
package/dist/index.cjs CHANGED
@@ -181,6 +181,7 @@ var FetchAuthTransport = class {
181
181
  const defaultContentType = typeof request.body === "string" ? "application/x-www-form-urlencoded" : "application/json";
182
182
  const res = await this.fetchFn(this.withQuery(url, request.query), {
183
183
  method: (_c = request.method) != null ? _c : "GET",
184
+ credentials: request.credentials,
184
185
  headers: {
185
186
  "Content-Type": defaultContentType,
186
187
  ...(_d = request.headers) != null ? _d : {}
@@ -434,6 +435,7 @@ var DefaultAuthClient = class {
434
435
  this.config.tokenEndpoint,
435
436
  {
436
437
  method: "POST",
438
+ credentials: "include",
437
439
  body: body.toString()
438
440
  }
439
441
  );
@@ -444,21 +446,16 @@ var DefaultAuthClient = class {
444
446
  async doRefresh() {
445
447
  var _a;
446
448
  const refreshToken = (_a = this.session) == null ? void 0 : _a.tokens.refreshToken;
447
- if (!refreshToken) {
448
- throw new AuthError(
449
- "REFRESH_FAILED" /* REFRESH_FAILED */,
450
- "No refresh token available"
451
- );
452
- }
453
449
  const body = new URLSearchParams({
454
450
  grant_type: "refresh_token",
455
- refresh_token: refreshToken,
456
451
  client_id: this.config.clientId
457
452
  });
453
+ if (refreshToken) body.set("refresh_token", refreshToken);
458
454
  const response = await this.transport.request(
459
455
  this.config.tokenEndpoint,
460
456
  {
461
457
  method: "POST",
458
+ credentials: "include",
462
459
  body: body.toString()
463
460
  }
464
461
  );
@@ -466,8 +463,14 @@ var DefaultAuthClient = class {
466
463
  return this.createSession(tokens);
467
464
  }
468
465
  async createSession(tokens) {
466
+ var _a, _b;
467
+ const previousRefreshToken = (_a = this.session) == null ? void 0 : _a.tokens.refreshToken;
468
+ const mergedTokens = {
469
+ ...tokens,
470
+ refreshToken: (_b = tokens.refreshToken) != null ? _b : previousRefreshToken
471
+ };
469
472
  this.session = {
470
- tokens,
473
+ tokens: mergedTokens,
471
474
  createdAt: this.now()
472
475
  };
473
476
  await safeSet(
@@ -500,23 +503,48 @@ var DefaultAuthClient = class {
500
503
  };
501
504
 
502
505
  // src/client/create-client.ts
503
- function createAuthClient(config) {
504
- if (!(config == null ? void 0 : config.clientId)) {
506
+ var DEFAULT_AUTH_BASE_URL = "https://ms-auth-v2.nuria.com.br";
507
+ var DEFAULT_AUTHORIZATION_PATH = "/v2/oauth/authorize";
508
+ var DEFAULT_TOKEN_PATH = "/v2/oauth/token";
509
+ var DEFAULT_SCOPE = "openid profile email";
510
+ function normalizeBaseUrl(value) {
511
+ const raw = String(value != null ? value : DEFAULT_AUTH_BASE_URL).trim();
512
+ if (!raw) {
505
513
  throw new AuthError(
506
514
  "INVALID_CONFIG" /* INVALID_CONFIG */,
507
- "config.clientId is required"
515
+ "config.baseUrl must be a valid absolute URL"
508
516
  );
509
517
  }
510
- if (!config.authorizationEndpoint) {
518
+ let parsed;
519
+ try {
520
+ parsed = new URL(raw);
521
+ } catch (e) {
511
522
  throw new AuthError(
512
523
  "INVALID_CONFIG" /* INVALID_CONFIG */,
513
- "config.authorizationEndpoint is required"
524
+ "config.baseUrl must be a valid absolute URL"
514
525
  );
515
526
  }
516
- if (!config.tokenEndpoint) {
527
+ return parsed.toString().replace(/\/+$/, "");
528
+ }
529
+ function resolveEndpoint(baseUrl, explicit, fallbackPath) {
530
+ if (explicit) {
531
+ try {
532
+ return new URL(explicit).toString();
533
+ } catch (e) {
534
+ throw new AuthError(
535
+ "INVALID_CONFIG" /* INVALID_CONFIG */,
536
+ "OAuth endpoints must be valid absolute URLs"
537
+ );
538
+ }
539
+ }
540
+ return new URL(fallbackPath, `${baseUrl}/`).toString();
541
+ }
542
+ function createAuthClient(config) {
543
+ var _a, _b;
544
+ if (!(config == null ? void 0 : config.clientId)) {
517
545
  throw new AuthError(
518
546
  "INVALID_CONFIG" /* INVALID_CONFIG */,
519
- "config.tokenEndpoint is required"
547
+ "config.clientId is required"
520
548
  );
521
549
  }
522
550
  if (!config.redirectUri) {
@@ -525,7 +553,24 @@ function createAuthClient(config) {
525
553
  "config.redirectUri is required"
526
554
  );
527
555
  }
528
- return new DefaultAuthClient(config);
556
+ const baseUrl = normalizeBaseUrl(config.baseUrl);
557
+ const resolvedConfig = {
558
+ ...config,
559
+ baseUrl,
560
+ scope: String((_a = config.scope) != null ? _a : "").trim() || DEFAULT_SCOPE,
561
+ enableRefreshToken: (_b = config.enableRefreshToken) != null ? _b : true,
562
+ authorizationEndpoint: resolveEndpoint(
563
+ baseUrl,
564
+ config.authorizationEndpoint,
565
+ DEFAULT_AUTHORIZATION_PATH
566
+ ),
567
+ tokenEndpoint: resolveEndpoint(
568
+ baseUrl,
569
+ config.tokenEndpoint,
570
+ DEFAULT_TOKEN_PATH
571
+ )
572
+ };
573
+ return new DefaultAuthClient(resolvedConfig);
529
574
  }
530
575
 
531
576
  // src/storage/web-storage-adapter.ts
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/errors/auth-error.ts","../src/core/pkce.ts","../src/core/utils.ts","../src/storage/memory-storage-adapter.ts","../src/transport/fetch-transport.ts","../src/client/nuria-auth-client.ts","../src/client/create-client.ts","../src/storage/web-storage-adapter.ts","../src/storage/cookie-storage-adapter.ts","../src/storage/browser-cookie-storage.ts"],"names":["AuthErrorCode"],"mappings":";;;AAAO,IAAK,aAAA,qBAAAA,cAAAA,KAAL;AACL,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,cAAA,CAAA,GAAe,cAAA;AACf,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,YAAA,CAAA,GAAa,YAAA;AAVH,EAAA,OAAAA,cAAAA;AAAA,CAAA,EAAA,aAAA,IAAA,EAAA;AAaL,IAAM,SAAA,GAAN,cAAwB,KAAA,CAAM;AAAA,EACnC,WAAA,CACkB,IAAA,EAChB,OAAA,EACgB,KAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAJG,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,WAAA;AAAA,EACd;AACF;;;ACtBA,IAAM,QAAA,GACJ,oEAAA;AAEF,SAAS,aAAA,GAAwB;AAC/B,EAAA,IAAI,OAAO,UAAA,KAAe,WAAA,IAAe,UAAA,CAAW,MAAA,EAAQ;AAC1D,IAAA,OAAO,UAAA,CAAW,MAAA;AAAA,EACpB;AACA,EAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAC9C;AAEO,SAAS,YAAA,CAAa,SAAS,EAAA,EAAY;AAChD,EAAA,MAAM,SAAS,aAAA,EAAc;AAG7B,EAAA,MAAM,SAAA,GAAY,GAAA,GAAO,GAAA,GAAM,QAAA,CAAS,MAAA;AACxC,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,OAAO,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC7B,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,IAAA,CAAK,MAAM,MAAA,GAAS,MAAA,CAAO,MAAA,IAAU,GAAG,CAAC,CAAA;AACtE,IAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,IAAA,KAAA,MAAW,KAAK,KAAA,EAAO;AACrB,MAAA,IAAI,MAAA,CAAO,UAAU,MAAA,EAAQ;AAC7B,MAAA,IAAI,CAAA,GAAI,WAAW,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA,GAAI,QAAA,CAAS,MAAM,CAAE,CAAA;AAAA,IAC/D;AAAA,EACF;AACA,EAAA,OAAO,MAAA,CAAO,KAAK,EAAE,CAAA;AACvB;AAEA,SAAS,YAAY,KAAA,EAAwC;AAC3D,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,CAAA,KAAM,MAAA,CAAO,YAAA,CAAa,CAAC,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAA;AACvE,EAAA,OAAO,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,EAAE,CAAA;AAC9E;AAEA,SAAS,gBAAgB,QAAA,EAA2C;AAClE,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,QAAA,CAAS,MAAM,CAAA;AAC5C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,QAAA,CAAS,QAAQ,CAAA,EAAA,EAAK;AACxC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,QAAA,CAAS,UAAA,CAAW,CAAC,CAAA;AAAA,EAClC;AACA,EAAA,OAAO,KAAA;AACT;AAEA,eAAsB,oBAAoB,QAAA,EAAmC;AAC3E,EAAA,MAAM,SAAS,aAAA,EAAc;AAC7B,EAAA,MAAM,MAAA,GAAS,gBAAgB,QAAQ,CAAA;AACvC,EAAA,MAAM,SAAS,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,WAAW,MAAM,CAAA;AAC3D,EAAA,OAAO,WAAA,CAAY,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAC3C;;;AC1CO,IAAM,YAAA,GAAe;AAAA,EAC1B,OAAA,EAAS,eAAA;AAAA,EACT,KAAA,EAAO,mBAAA;AAAA,EACP,YAAA,EAAc;AAChB,CAAA;AAEO,SAAS,iBAAA,CACd,KACA,GAAA,EACU;AAZZ,EAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAaE,EAAA,MAAM,WAAA,GAAA,CAAe,EAAA,GAAA,GAAA,CAAI,YAAA,KAAJ,IAAA,GAAA,EAAA,GAAoB,GAAA,CAAI,WAAA;AAC7C,EAAA,IAAI,CAAC,WAAA,IAAe,OAAO,WAAA,KAAgB,QAAA,EAAU;AACnD,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,uBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,MAAM,SAAA,GAAY,QAAO,EAAA,GAAA,CAAA,EAAA,GAAA,GAAA,CAAI,UAAA,KAAJ,YAAkB,GAAA,CAAI,SAAA,KAAtB,IAAA,GAAA,EAAA,GAAmC,CAAC,CAAA,IAAK,MAAA;AAClE,EAAA,OAAO;AAAA,IACL,WAAA;AAAA,IACA,SAAA,EAAA,CAAY,EAAA,GAAA,GAAA,CAAI,UAAA,KAAJ,IAAA,GAAA,EAAA,GAAkB,GAAA,CAAI,SAAA;AAAA,IAClC,SAAA;AAAA,IACA,YAAA,EAAA,CAAe,EAAA,GAAA,GAAA,CAAI,aAAA,KAAJ,IAAA,GAAA,EAAA,GAAqB,GAAA,CAAI,YAAA;AAAA,IACxC,OAAA,EAAA,CAAU,EAAA,GAAA,GAAA,CAAI,QAAA,KAAJ,IAAA,GAAA,EAAA,GAAgB,GAAA,CAAI,OAAA;AAAA,IAC9B,OAAO,GAAA,CAAI,KAAA;AAAA,IACX,SAAA,EAAW,SAAA,GAAY,GAAA,EAAI,GAAI,YAAY,GAAA,GAAO;AAAA,GACpD;AACF;AAEA,eAAsB,OAAA,CACpB,SACA,GAAA,EACwB;AACxB,EAAA,IAAI;AACF,IAAA,OAAO,MAAM,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,uBAAuB,GAAG,CAAA,CAAA;AAAA,MAC1B;AAAA,KACF;AAAA,EACF;AACF;AAEA,eAAsB,OAAA,CACpB,OAAA,EACA,GAAA,EACA,KAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,uBAAuB,GAAG,CAAA,CAAA;AAAA,MAC1B;AAAA,KACF;AAAA,EACF;AACF;AAEA,eAAsB,UAAA,CACpB,SACA,GAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,EAC1B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,wBAAwB,GAAG,CAAA,CAAA;AAAA,MAC3B;AAAA,KACF;AAAA,EACF;AACF;AAEO,SAAS,eAAA,CAAgB,GAAW,CAAA,EAAoB;AAC7D,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAClC,EAAA,IAAI,IAAA,GAAO,CAAA;AACX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,QAAQ,CAAA,EAAA,EAAK;AACjC,IAAA,IAAA,IAAQ,EAAE,UAAA,CAAW,CAAC,CAAA,GAAI,CAAA,CAAE,WAAW,CAAC,CAAA;AAAA,EAC1C;AACA,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB;AAEO,SAAS,SAAS,GAAA,EAAkB;AACzC,EAAA,IAAI;AACF,IAAA,OAAO,IAAI,IAAI,GAAG,CAAA;AAAA,EACpB,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,IAAA,MAAM,IAAI,iDAAwC,sBAAsB,CAAA;AAAA,EAC1E;AACF;;;AC3FO,IAAM,uBAAN,MAAqD;AAAA,EAArD,WAAA,GAAA;AACL,IAAA,IAAA,CAAQ,KAAA,uBAAY,GAAA,EAAoB;AAAA,EAAA;AAAA,EAExC,IAAI,GAAA,EAA4B;AALlC,IAAA,IAAA,EAAA;AAMI,IAAA,OAAA,CAAO,EAAA,GAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,MAAlB,IAAA,GAAA,EAAA,GAAuB,IAAA;AAAA,EAChC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC3B;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,EACvB;AACF;;;ACDA,IAAM,gBAAA,mBAAmB,IAAI,GAAA,CAAI,CAAC,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAG,CAAC,CAAA;AAE7D,IAAM,qBAAN,MAAkD;AAAA,EAMvD,WAAA,CAAY,OAAA,GAAiC,EAAC,EAAG;AAvBnD,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAwBI,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,KAAA;AAClC,IAAA,IAAA,CAAK,YAAY,OAAA,CAAQ,SAAA;AACzB,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,CAAA;AAClC,IAAA,IAAA,CAAK,YAAA,GAAA,CAAe,EAAA,GAAA,OAAA,CAAQ,YAAA,KAAR,IAAA,GAAA,EAAA,GAAwB,EAAC;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAA,CACJ,GAAA,EACA,GAAA,GAA4B,EAAC,EACM;AAjCvC,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAkCI,IAAA,IAAI,OAAA,GAAU,GAAA;AACd,IAAA,KAAA,MAAW,CAAA,IAAK,KAAK,YAAA,EAAc;AACjC,MAAA,IAAI,EAAE,SAAA,EAAW,OAAA,GAAU,MAAM,CAAA,CAAE,SAAA,CAAU,KAAK,OAAO,CAAA;AAAA,IAC3D;AAEA,IAAA,MAAM,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,IAAA,CAAK,OAAA;AACxC,IAAA,IAAI,OAAA,GAAU,CAAA;AACd,IAAA,OAAO,IAAA,EAAM;AACX,MAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,MAAA,MAAM,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,SAAA,KAAR,IAAA,GAAA,EAAA,GAAqB,IAAA,CAAK,SAAA;AAC1C,MAAA,MAAM,KAAA,GAAQ,UACV,UAAA,CAAW,MAAM,WAAW,KAAA,EAAM,EAAG,OAAO,CAAA,GAC5C,MAAA;AACJ,MAAA,IAAI;AACF,QAAA,MAAM,kBAAA,GACJ,OAAO,OAAA,CAAQ,IAAA,KAAS,WACpB,mCAAA,GACA,kBAAA;AACN,QAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,KAAK,SAAA,CAAU,GAAA,EAAK,OAAA,CAAQ,KAAK,CAAA,EAAG;AAAA,UACjE,MAAA,EAAA,CAAQ,EAAA,GAAA,OAAA,CAAQ,MAAA,KAAR,IAAA,GAAA,EAAA,GAAkB,KAAA;AAAA,UAC1B,OAAA,EAAS;AAAA,YACP,cAAA,EAAgB,kBAAA;AAAA,YAChB,GAAA,CAAI,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB;AAAC,WAC1B;AAAA,UACA,IAAA,EACE,OAAA,CAAQ,IAAA,KAAS,KAAA,CAAA,GACb,OAAO,OAAA,CAAQ,IAAA,KAAS,QAAA,GACtB,OAAA,CAAQ,IAAA,GACR,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA,GAC7B,KAAA,CAAA;AAAA,UACN,QAAQ,UAAA,CAAW;AAAA,SACpB,CAAA;AACD,QAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAa,GAAG,CAAA;AACxC,QAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,UAAA,IAAI,UAAU,OAAA,IAAW,gBAAA,CAAiB,GAAA,CAAI,GAAA,CAAI,MAAM,CAAA,EAAG;AACzD,YAAA,OAAA,IAAW,CAAA;AACX,YAAA;AAAA,UACF;AACA,UAAA,MAAM,IAAI,SAAA,CAAA,YAAA,mBAAoC,CAAA,KAAA,EAAQ,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,QACpE;AACA,QAAA,IAAI,GAAA,GAAgC;AAAA,UAClC,QAAQ,GAAA,CAAI,MAAA;AAAA,UACZ,IAAA;AAAA,UACA,SAAS,GAAA,CAAI;AAAA,SACf;AACA,QAAA,KAAA,MAAW,CAAA,IAAK,KAAK,YAAA,EAAc;AACjC,UAAA,IAAI,EAAE,UAAA,EAAY,GAAA,GAAM,MAAM,CAAA,CAAE,WAAW,GAAG,CAAA;AAAA,QAChD;AACA,QAAA,OAAO,GAAA;AAAA,MACT,SAAS,KAAA,EAAO;AACd,QAAA,IAAI,KAAA,YAAiB,WAAW,MAAM,KAAA;AACtC,QAAA,IAAI,UAAU,OAAA,EAAS;AACrB,UAAA,OAAA,IAAW,CAAA;AACX,UAAA;AAAA,QACF;AACA,QAAA,MAAM,IAAI,SAAA;AAAA,UAAA,eAAA;AAAA,UAER,wBAAA;AAAA,UACA;AAAA,SACF;AAAA,MACF,CAAA,SAAE;AACA,QAAA,IAAI,KAAA,eAAoB,KAAK,CAAA;AAAA,MAC/B;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,SAAA,CACN,KACA,KAAA,EACQ;AACR,IAAA,IAAI,CAAC,OAAO,OAAO,GAAA;AACnB,IAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,GAAG,CAAA;AAC1B,IAAA,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM;AACxC,MAAA,IAAI,MAAM,MAAA,EAAW,MAAA,CAAO,YAAA,CAAa,GAAA,CAAI,GAAG,CAAC,CAAA;AAAA,IACnD,CAAC,CAAA;AACD,IAAA,OAAO,OAAO,QAAA,EAAS;AAAA,EACzB;AAAA,EAEA,MAAc,UAAa,GAAA,EAA2B;AAhHxD,IAAA,IAAA,EAAA;AAiHI,IAAA,MAAM,eAAc,EAAA,GAAA,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,cAAc,MAA9B,IAAA,GAAA,EAAA,GAAmC,EAAA;AACvD,IAAA,IAAI,WAAA,CAAY,QAAA,CAAS,kBAAkB,CAAA,EAAG;AAC5C,MAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,IACzB;AACA,IAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,EACzB;AACF;;;ACjGO,IAAM,oBAAN,MAA8C;AAAA,EAQnD,YAA6B,MAAA,EAAoB;AAApB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAP7B,IAAA,IAAA,CAAQ,OAAA,GAA0B,IAAA;AAClC,IAAA,IAAA,CAAQ,cAAA,GAA0C,IAAA;AAClD,IAAA,IAAA,CAAiB,SAAA,uBAAgB,GAAA,EAAuC;AAzB1E,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AA+BI,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,MAAA,CAAO,OAAA,KAAP,IAAA,GAAA,EAAA,GAAkB,IAAI,oBAAA,EAAqB;AAC1D,IAAA,IAAA,CAAK,SAAA,GAAA,CAAY,EAAA,GAAA,MAAA,CAAO,SAAA,KAAP,IAAA,GAAA,EAAA,GAAoB,IAAI,kBAAA,EAAmB;AAC5D,IAAA,IAAA,CAAK,OAAM,EAAA,GAAA,MAAA,CAAO,GAAA,KAAP,IAAA,GAAA,EAAA,IAAe,MAAM,KAAK,GAAA,EAAI,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,UAAA,CAAW,OAAA,GAA6B,EAAC,EAAkB;AApCnE,IAAA,IAAA,EAAA,EAAA,EAAA;AAqCI,IAAA,MAAM,KAAA,GAAQ,aAAa,EAAE,CAAA;AAC7B,IAAA,MAAM,YAAA,GAAe,aAAa,EAAE,CAAA;AACpC,IAAA,MAAM,aAAA,GAAgB,MAAM,mBAAA,CAAoB,YAAY,CAAA;AAE5D,IAAA,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,KAAK,CAAA;AACrD,IAAA,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,cAAc,YAAY,CAAA;AAEnE,IAAA,MAAM,MAAA,GAAiC;AAAA,MACrC,aAAA,EAAe,MAAA;AAAA,MACf,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,MAC1B,KAAA;AAAA,MACA,cAAA,EAAgB,aAAA;AAAA,MAChB,qBAAA,EAAuB;AAAA,KACzB;AAEA,IAAA,MAAM,KAAA,GAAA,CAAQ,mBAAQ,MAAA,KAAR,IAAA,GAAA,MAAA,GAAA,EAAA,CAAgB,KAAK,GAAA,CAAA,KAArB,IAAA,GAAA,EAAA,GAA6B,KAAK,MAAA,CAAO,KAAA;AACvD,IAAA,IAAI,KAAA,SAAc,KAAA,GAAQ,KAAA;AAC1B,IAAA,IAAI,OAAA,CAAQ,SAAA,EAAW,MAAA,CAAO,UAAA,GAAa,OAAA,CAAQ,SAAA;AACnD,IAAA,IAAI,QAAQ,WAAA,EAAa;AACvB,MAAA,MAAM,QAAA,uBAAe,GAAA,CAAI;AAAA,QACvB,eAAA;AAAA,QACA,WAAA;AAAA,QACA,cAAA;AAAA,QACA,OAAA;AAAA,QACA,gBAAA;AAAA,QACA;AAAA,OACD,CAAA;AACD,MAAA,KAAA,MAAW,CAAC,GAAG,CAAC,CAAA,IAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxD,QAAA,IAAI,CAAC,QAAA,CAAS,GAAA,CAAI,CAAC,CAAA,EAAG,MAAA,CAAO,CAAC,CAAA,GAAI,CAAA;AAAA,MACpC;AAAA,IACF;AAEA,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,qBAAqB,CAAA;AACrD,IAAA,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,CAAA,EAAG,CAAC,CAAC,CAAA;AACrE,IAAA,MAAM,WAAA,GAAc,IAAI,QAAA,EAAS;AAEjC,IAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,WAAW,CAAA;AACxC,MAAA;AAAA,IACF;AACA,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,MAAA,MAAA,CAAO,QAAA,CAAS,OAAO,WAAW,CAAA;AAClC,MAAA;AAAA,IACF;AACA,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AAAA,EAEA,MAAM,uBAAuB,WAAA,EAAwC;AACnE,IAAA,MAAM,QACJ,WAAA,IAAA,IAAA,GAAA,WAAA,GACC,OAAO,WAAW,WAAA,GAAc,MAAA,CAAO,SAAS,IAAA,GAAO,EAAA;AAC1D,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,GAAA,GAAM,SAAS,KAAK,CAAA;AAC1B,IAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAC1C,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,mBAAmB,CAAA;AACrD,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER,OACI,CAAA,qBAAA,EAAwB,KAAK,WAAM,IAAI,CAAA,CAAA,GACvC,wBAAwB,KAAK,CAAA;AAAA,OACnC;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACxC,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,cAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAC1C,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,eAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,cAAc,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,KAAK,CAAA;AAClE,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,eAAA,CAAgB,WAAA,EAAa,KAAK,CAAA,EAAG;AACxD,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,KAAK,CAAA;AACjD,IAAA,OAAO,IAAA,CAAK,aAAa,IAAI,CAAA;AAAA,EAC/B;AAAA,EAEA,UAAA,GAA6B;AAC3B,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEA,MAAM,cAAA,GAAyC;AA/IjD,IAAA,IAAA,EAAA,EAAA,EAAA;AAgJI,IAAA,IAAI,CAAC,KAAK,OAAA,EAAS;AACjB,MAAA,MAAM,KAAK,cAAA,EAAe;AAAA,IAC5B;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,OAAA,EAAS,OAAO,IAAA;AAC1B,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,SAAA;AAChC,IAAA,IAAI,OAAO,GAAA,IAAO,IAAA,CAAK,KAAI,IAAK,IAAA,CAAK,OAAO,kBAAA,EAAoB;AAC9D,MAAA,IAAI,CAAC,KAAK,cAAA,EAAgB;AACxB,QAAA,IAAA,CAAK,cAAA,GAAiB,IAAA,CAAK,SAAA,EAAU,CAAE,QAAQ,MAAM;AACnD,UAAA,IAAA,CAAK,cAAA,GAAiB,IAAA;AAAA,QACxB,CAAC,CAAA;AAAA,MACH;AACA,MAAA,MAAM,IAAA,CAAK,cAAA;AAAA,IACb;AACA,IAAA,OAAA,CAAO,EAAA,GAAA,CAAA,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,gBAArB,IAAA,GAAA,EAAA,GAAoC,IAAA;AAAA,EAC7C;AAAA,EAEA,MAAM,OAAO,OAAA,EAAgD;AAC3D,IAAA,IAAI,mCAAS,QAAA,EAAU;AACrB,MAAA,MAAM,WAAW,OAAA,CAAQ,QAAA;AACzB,MAAA,IAAI,QAAA,CAAS,WAAW,IAAI,CAAA,IAAK,CAAC,cAAA,CAAe,IAAA,CAAK,QAAQ,CAAA,EAAG;AAC/D,QAAA,MAAM,IAAI,SAAA;AAAA,UAAA,gBAAA;AAAA,UAER;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,IAAA;AACf,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,KAAK,CAAA;AACjD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,YAAY,CAAA;AACxD,IAAA,IAAA,CAAK,MAAA,EAAO;AAEZ,IAAA,IAAI,IAAA,CAAK,OAAO,cAAA,EAAgB;AAC9B,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,cAAc,CAAA;AAC9C,MAAA,IAAI,mCAAS,QAAA,EAAU;AACrB,QAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,OAAA,CAAQ,QAAQ,CAAA;AAAA,MACnD;AACA,MAAA,MAAM,SAAA,GAAY,IAAI,QAAA,EAAS;AAC/B,MAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,QAAA,MAAM,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,SAAS,CAAA;AAAA,MACxC,CAAA,MAAA,IAAW,OAAO,MAAA,KAAW,WAAA,EAAa;AACxC,QAAA,MAAA,CAAO,QAAA,CAAS,OAAO,SAAS,CAAA;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,eAAA,GAA2B;AA/L7B,IAAA,IAAA,EAAA;AAgMI,IAAA,OAAO,OAAA,CAAA,CAAQ,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,OAAO,WAAW,CAAA;AAAA,EACjD;AAAA,EAEA,mBAAmB,OAAA,EAAwD;AACzE,IAAA,IAAA,CAAK,SAAA,CAAU,IAAI,OAAO,CAAA;AAC1B,IAAA,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,OAAO,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAA,GAAgD;AACpD,IAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,cAAA,EAAe;AAC9C,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,gBAAA,EAAkB;AACjC,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AACA,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,gBAAA;AAAA,MACZ,EAAE,OAAA,EAAS,EAAE,eAAe,CAAA,OAAA,EAAU,WAAW,IAAG;AAAE,KACxD;AACA,IAAA,OAAO,QAAA,CAAS,IAAA;AAAA,EAClB;AAAA,EAEA,MAAc,aAAa,IAAA,EAAgC;AACzD,IAAA,MAAM,WAAW,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,YAAY,CAAA;AACtE,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,uBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,oBAAA;AAAA,MACZ,IAAA;AAAA,MACA,aAAA,EAAe,QAAA;AAAA,MACf,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,MAC1B,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,KACxB,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,aAAA;AAAA,MACZ;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM,KAAK,QAAA;AAAS;AACtB,KACF;AACA,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,QAAA,CAAS,IAAA,EAAM,KAAK,GAAG,CAAA;AACxD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,YAAY,CAAA;AACxD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEA,MAAc,SAAA,GAA8B;AA1P9C,IAAA,IAAA,EAAA;AA2PI,IAAA,MAAM,YAAA,GAAA,CAAe,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,YAAA;AAC1C,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,eAAA;AAAA,MACZ,aAAA,EAAe,YAAA;AAAA,MACf,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,KACxB,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,aAAA;AAAA,MACZ;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM,KAAK,QAAA;AAAS;AACtB,KACF;AACA,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,QAAA,CAAS,IAAA,EAAM,KAAK,GAAG,CAAA;AACxD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEA,MAAc,cAAc,MAAA,EAAoC;AAC9D,IAAA,IAAA,CAAK,OAAA,GAAU;AAAA,MACb,MAAA;AAAA,MACA,SAAA,EAAW,KAAK,GAAA;AAAI,KACtB;AACA,IAAA,MAAM,OAAA;AAAA,MACJ,IAAA,CAAK,OAAA;AAAA,MACL,YAAA,CAAa,OAAA;AAAA,MACb,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,OAAO;AAAA,KAC7B;AACA,IAAA,IAAA,CAAK,MAAA,EAAO;AACZ,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEQ,MAAA,GAAe;AACrB,IAAA,IAAA,CAAK,UAAU,OAAA,CAAQ,CAAC,YAAY,OAAA,CAAQ,IAAA,CAAK,OAAO,CAAC,CAAA;AAAA,EAC3D;AAAA,EAEA,MAAc,cAAA,GAAgC;AAtShD,IAAA,IAAA,EAAA;AAuSI,IAAA,MAAM,MAAM,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,OAAO,CAAA;AAC5D,IAAA,IAAI,CAAC,GAAA,EAAK;AACV,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,GAAG,CAAA;AAC7B,MAAA,IAAI,QAAA,CAAO,EAAA,GAAA,MAAA,IAAA,IAAA,GAAA,KAAA,CAAA,GAAA,MAAA,CAAQ,MAAA,KAAR,IAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAgB,iBAAgB,QAAA,EAAU;AACnD,QAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,QAAA;AAAA,MACF;AACA,MAAA,IAAA,CAAK,OAAA,GAAU,MAAA;AAAA,IACjB,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,MAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,MAAA,IAAA,CAAK,OAAA,GAAU,IAAA;AAAA,IACjB;AAAA,EACF;AACF,CAAA;;;ACjTO,SAAS,iBAAiB,MAAA,EAAgC;AAC/D,EAAA,IAAI,EAAC,iCAAQ,QAAA,CAAA,EAAU;AACrB,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,qBAAA,EAAuB;AACjC,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,aAAA,EAAe;AACzB,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,WAAA,EAAa;AACvB,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,IAAI,kBAAkB,MAAM,CAAA;AACrC;;;AC5BO,IAAM,oBAAN,MAAkD;AAAA,EACvD,YACmB,OAAA,EAIjB;AAJiB,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAIhB;AAAA,EAEH,IAAI,GAAA,EAA4B;AAC9B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA;AAAA,EACjC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAAA,EACjC;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,GAAG,CAAA;AAAA,EAC7B;AACF;;;ACbO,IAAM,uBAAN,MAAqD;AAAA,EAC1D,YAA6B,SAAA,EAAmC;AAAnC,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EAAoC;AAAA,EAEjE,MAAM,IAAI,GAAA,EAAqC;AAC7C,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,SAAA,CAAU,GAAG,CAAA;AAAA,EACrC;AAAA,EAEA,MAAM,GAAA,CAAI,GAAA,EAAa,KAAA,EAA8B;AACnD,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,SAAA,CAAU,GAAA,EAAK,KAAK,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,OAAO,GAAA,EAA4B;AACvC,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,YAAA,CAAa,GAAG,CAAA;AAAA,EACvC;AACF;;;ACbA,IAAM,cAAA,GAAiB,CAAC,IAAA,KAAgC;AATxD,EAAA,IAAA,EAAA;AAUE,EAAA,IAAI,OAAO,QAAA,KAAa,WAAA,EAAa,OAAO,IAAA;AAC5C,EAAA,MAAM,SAAS,QAAA,CAAS,MAAA,CAAO,KAAA,CAAM,CAAA,SAAA,EAAY,IAAI,CAAA,gBAAA,CAAkB,CAAA;AACvE,EAAA,OAAO,MAAA,GAAA,CAAU,EAAA,GAAA,MAAA,CAAO,GAAA,EAAI,KAAX,YAAgB,IAAA,GAAQ,IAAA;AAC3C,CAAA;AAEO,SAAS,0BAAA,CACd,OAAA,GAAuC,EAAC,EACxB;AAChB,EAAA,MAAM,EAAE,QAAQ,IAAA,GAAO,GAAA,EAAK,WAAW,QAAA,EAAU,MAAA,GAAS,MAAK,GAAI,OAAA;AAEnE,EAAA,MAAM,GAAA,GAAM,CAAC,GAAA,KAA+B;AAC1C,IAAA,OAAO,eAAe,GAAG,CAAA;AAAA,EAC3B,CAAA;AAEA,EAAA,MAAM,GAAA,GAAM,CAAC,GAAA,EAAa,KAAA,KAAwB;AAChD,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,IAAI,MAAA,GAAS,CAAA,EAAG,GAAG,CAAA,CAAA,EAAI,KAAK,CAAA,CAAA;AAC5B,IAAA,IAAI,IAAA,EAAM,MAAA,IAAU,CAAA,OAAA,EAAU,IAAI,CAAA,CAAA;AAClC,IAAA,IAAI,MAAA,EAAQ,MAAA,IAAU,CAAA,SAAA,EAAY,MAAM,CAAA,CAAA;AACxC,IAAA,IAAI,QAAA,EAAU,MAAA,IAAU,CAAA,WAAA,EAAc,QAAQ,CAAA,CAAA;AAC9C,IAAA,IAAI,QAAQ,MAAA,IAAU,CAAA,QAAA,CAAA;AACtB,IAAA,QAAA,CAAS,MAAA,GAAS,MAAA;AAAA,EACpB,CAAA;AAEA,EAAA,MAAM,MAAA,GAAS,CAAC,GAAA,KAAsB;AACpC,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,IAAI,MAAA,GAAS,GAAG,GAAG,CAAA,wCAAA,CAAA;AACnB,IAAA,IAAI,IAAA,EAAM,MAAA,IAAU,CAAA,OAAA,EAAU,IAAI,CAAA,CAAA;AAClC,IAAA,IAAI,MAAA,EAAQ,MAAA,IAAU,CAAA,SAAA,EAAY,MAAM,CAAA,CAAA;AACxC,IAAA,QAAA,CAAS,MAAA,GAAS,MAAA;AAAA,EACpB,CAAA;AAEA,EAAA,OAAO,EAAE,GAAA,EAAK,GAAA,EAAK,MAAA,EAAO;AAC5B","file":"index.cjs","sourcesContent":["export enum AuthErrorCode {\n INVALID_CONFIG = 'INVALID_CONFIG',\n STATE_MISMATCH = 'STATE_MISMATCH',\n CALLBACK_ERROR = 'CALLBACK_ERROR',\n TOKEN_EXCHANGE_FAILED = 'TOKEN_EXCHANGE_FAILED',\n REFRESH_FAILED = 'REFRESH_FAILED',\n STORAGE_ERROR = 'STORAGE_ERROR',\n MISSING_CODE = 'MISSING_CODE',\n MISSING_STATE = 'MISSING_STATE',\n NETWORK_ERROR = 'NETWORK_ERROR',\n HTTP_ERROR = 'HTTP_ERROR',\n}\n\nexport class AuthError extends Error {\n constructor(\n public readonly code: AuthErrorCode,\n message: string,\n public readonly cause?: unknown,\n ) {\n super(message);\n this.name = 'AuthError';\n }\n}\n","const ALPHABET =\n 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';\n\nfunction getCryptoImpl(): Crypto {\n if (typeof globalThis !== 'undefined' && globalThis.crypto) {\n return globalThis.crypto;\n }\n throw new Error('Web Crypto API unavailable');\n}\n\nexport function randomString(length = 64): string {\n const crypto = getCryptoImpl();\n // Rejection sampling: discard bytes >= threshold to eliminate modulo bias.\n // ALPHABET.length = 66; threshold = 256 - (256 % 66) = 204\n const THRESHOLD = 256 - (256 % ALPHABET.length);\n const result: string[] = [];\n while (result.length < length) {\n const bytes = new Uint8Array(Math.ceil((length - result.length) * 1.4));\n crypto.getRandomValues(bytes);\n for (const b of bytes) {\n if (result.length >= length) break;\n if (b < THRESHOLD) result.push(ALPHABET[b % ALPHABET.length]!);\n }\n }\n return result.join('');\n}\n\nfunction toBase64Url(bytes: Uint8Array<ArrayBuffer>): string {\n const binary = Array.from(bytes, (b) => String.fromCharCode(b)).join('');\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=/g, '');\n}\n\nfunction verifierToBytes(verifier: string): Uint8Array<ArrayBuffer> {\n const bytes = new Uint8Array(verifier.length);\n for (let i = 0; i < verifier.length; i++) {\n bytes[i] = verifier.charCodeAt(i);\n }\n return bytes;\n}\n\nexport async function createCodeChallenge(verifier: string): Promise<string> {\n const crypto = getCryptoImpl();\n const buffer = verifierToBytes(verifier);\n const digest = await crypto.subtle.digest('SHA-256', buffer);\n return toBase64Url(new Uint8Array(digest));\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type { StorageAdapter, TokenSet } from './types';\n\nexport const STORAGE_KEYS = {\n session: 'nuria:session',\n state: 'nuria:oauth:state',\n codeVerifier: 'nuria:oauth:code_verifier',\n};\n\nexport function normalizeTokenSet(\n raw: Record<string, unknown>,\n now: () => number,\n): TokenSet {\n const accessToken = (raw.access_token ?? raw.accessToken) as string;\n if (!accessToken || typeof accessToken !== 'string') {\n throw new AuthError(\n AuthErrorCode.TOKEN_EXCHANGE_FAILED,\n 'Missing access token in token response',\n );\n }\n const expiresIn = Number(raw.expires_in ?? raw.expiresIn ?? 0) || undefined;\n return {\n accessToken,\n tokenType: (raw.token_type ?? raw.tokenType) as string | undefined,\n expiresIn,\n refreshToken: (raw.refresh_token ?? raw.refreshToken) as string | undefined,\n idToken: (raw.id_token ?? raw.idToken) as string | undefined,\n scope: raw.scope as string | undefined,\n expiresAt: expiresIn ? now() + expiresIn * 1000 : undefined,\n };\n}\n\nexport async function safeGet(\n storage: StorageAdapter,\n key: string,\n): Promise<string | null> {\n try {\n return await storage.get(key);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed reading key: ${key}`,\n cause,\n );\n }\n}\n\nexport async function safeSet(\n storage: StorageAdapter,\n key: string,\n value: string,\n): Promise<void> {\n try {\n await storage.set(key, value);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed writing key: ${key}`,\n cause,\n );\n }\n}\n\nexport async function safeRemove(\n storage: StorageAdapter,\n key: string,\n): Promise<void> {\n try {\n await storage.remove(key);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed removing key: ${key}`,\n cause,\n );\n }\n}\n\nexport function timingSafeEqual(a: string, b: string): boolean {\n if (a.length !== b.length) return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++) {\n diff |= a.charCodeAt(i) ^ b.charCodeAt(i);\n }\n return diff === 0;\n}\n\nexport function parseUrl(url: string): URL {\n try {\n return new URL(url);\n } catch {\n throw new AuthError(AuthErrorCode.CALLBACK_ERROR, 'Invalid callback URL');\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport class MemoryStorageAdapter implements StorageAdapter {\n private store = new Map<string, string>();\n\n get(key: string): string | null {\n return this.store.get(key) ?? null;\n }\n\n set(key: string, value: string): void {\n this.store.set(key, value);\n }\n\n remove(key: string): void {\n this.store.delete(key);\n }\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type {\n AuthTransport,\n AuthTransportRequest,\n AuthTransportResponse,\n TransportInterceptor,\n} from '../core/types';\n\nexport interface FetchTransportOptions {\n fetchFn?: typeof fetch;\n timeoutMs?: number;\n retries?: number;\n interceptors?: TransportInterceptor[];\n}\n\nconst RETRYABLE_STATUS = new Set([408, 425, 429, 500, 502, 503, 504]);\n\nexport class FetchAuthTransport implements AuthTransport {\n private readonly fetchFn: typeof fetch;\n private readonly timeoutMs?: number;\n private readonly retries: number;\n private readonly interceptors: TransportInterceptor[];\n\n constructor(options: FetchTransportOptions = {}) {\n this.fetchFn = options.fetchFn ?? fetch;\n this.timeoutMs = options.timeoutMs;\n this.retries = options.retries ?? 0;\n this.interceptors = options.interceptors ?? [];\n }\n\n async request<T = unknown>(\n url: string,\n req: AuthTransportRequest = {},\n ): Promise<AuthTransportResponse<T>> {\n let request = req;\n for (const i of this.interceptors) {\n if (i.onRequest) request = await i.onRequest(url, request);\n }\n\n const retries = request.retries ?? this.retries;\n let attempt = 0;\n while (true) {\n const controller = new AbortController();\n const timeout = request.timeoutMs ?? this.timeoutMs;\n const timer = timeout\n ? setTimeout(() => controller.abort(), timeout)\n : undefined;\n try {\n const defaultContentType =\n typeof request.body === 'string'\n ? 'application/x-www-form-urlencoded'\n : 'application/json';\n const res = await this.fetchFn(this.withQuery(url, request.query), {\n method: request.method ?? 'GET',\n headers: {\n 'Content-Type': defaultContentType,\n ...(request.headers ?? {}),\n },\n body:\n request.body !== undefined\n ? typeof request.body === 'string'\n ? request.body\n : JSON.stringify(request.body)\n : undefined,\n signal: controller.signal,\n });\n const data = await this.parseBody<T>(res);\n if (!res.ok) {\n if (attempt < retries && RETRYABLE_STATUS.has(res.status)) {\n attempt += 1;\n continue;\n }\n throw new AuthError(AuthErrorCode.HTTP_ERROR, `HTTP ${res.status}`);\n }\n let out: AuthTransportResponse<T> = {\n status: res.status,\n data,\n headers: res.headers,\n };\n for (const i of this.interceptors) {\n if (i.onResponse) out = await i.onResponse(out);\n }\n return out;\n } catch (cause) {\n if (cause instanceof AuthError) throw cause;\n if (attempt < retries) {\n attempt += 1;\n continue;\n }\n throw new AuthError(\n AuthErrorCode.NETWORK_ERROR,\n 'Network request failed',\n cause,\n );\n } finally {\n if (timer) clearTimeout(timer);\n }\n }\n }\n\n private withQuery(\n url: string,\n query?: Record<string, string | undefined>,\n ): string {\n if (!query) return url;\n const parsed = new URL(url);\n Object.entries(query).forEach(([k, v]) => {\n if (v !== undefined) parsed.searchParams.set(k, v);\n });\n return parsed.toString();\n }\n\n private async parseBody<T>(res: Response): Promise<T> {\n const contentType = res.headers.get('content-type') ?? '';\n if (contentType.includes('application/json')) {\n return (await res.json()) as T;\n }\n return (await res.text()) as unknown as T;\n }\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport { createCodeChallenge, randomString } from '../core/pkce';\nimport {\n normalizeTokenSet,\n parseUrl,\n safeGet,\n safeRemove,\n safeSet,\n timingSafeEqual,\n STORAGE_KEYS,\n} from '../core/utils';\nimport type {\n AuthClient,\n AuthConfig,\n Session,\n StartLoginOptions,\n TokenSet,\n AuthTransport,\n} from '../core/types';\nimport { MemoryStorageAdapter } from '../storage/memory-storage-adapter';\nimport { FetchAuthTransport } from '../transport/fetch-transport';\n\nexport class DefaultAuthClient implements AuthClient {\n private session: Session | null = null;\n private refreshPromise: Promise<Session> | null = null;\n private readonly listeners = new Set<(session: Session | null) => void>();\n private readonly storage;\n private readonly transport: AuthTransport;\n private readonly now: () => number;\n\n constructor(private readonly config: AuthConfig) {\n this.storage = config.storage ?? new MemoryStorageAdapter();\n this.transport = config.transport ?? new FetchAuthTransport();\n this.now = config.now ?? (() => Date.now());\n }\n\n async startLogin(options: StartLoginOptions = {}): Promise<void> {\n const state = randomString(32);\n const codeVerifier = randomString(96);\n const codeChallenge = await createCodeChallenge(codeVerifier);\n\n await safeSet(this.storage, STORAGE_KEYS.state, state);\n await safeSet(this.storage, STORAGE_KEYS.codeVerifier, codeVerifier);\n\n const params: Record<string, string> = {\n response_type: 'code',\n client_id: this.config.clientId,\n redirect_uri: this.config.redirectUri,\n state,\n code_challenge: codeChallenge,\n code_challenge_method: 'S256',\n };\n\n const scope = options.scopes?.join(' ') ?? this.config.scope;\n if (scope) params.scope = scope;\n if (options.loginHint) params.login_hint = options.loginHint;\n if (options.extraParams) {\n const RESERVED = new Set([\n 'response_type',\n 'client_id',\n 'redirect_uri',\n 'state',\n 'code_challenge',\n 'code_challenge_method',\n ]);\n for (const [k, v] of Object.entries(options.extraParams)) {\n if (!RESERVED.has(k)) params[k] = v;\n }\n }\n\n const url = new URL(this.config.authorizationEndpoint);\n Object.entries(params).forEach(([k, v]) => url.searchParams.set(k, v));\n const redirectUrl = url.toString();\n\n if (this.config.onRedirect) {\n await this.config.onRedirect(redirectUrl);\n return;\n }\n if (typeof window !== 'undefined') {\n window.location.assign(redirectUrl);\n return;\n }\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'Missing onRedirect callback for non-browser runtime',\n );\n }\n\n async handleRedirectCallback(callbackUrl?: string): Promise<Session> {\n const input =\n callbackUrl ??\n (typeof window !== 'undefined' ? window.location.href : '');\n if (!input) {\n throw new AuthError(\n AuthErrorCode.CALLBACK_ERROR,\n 'callbackUrl required in non-browser runtime',\n );\n }\n\n const url = parseUrl(input);\n const error = url.searchParams.get('error');\n if (error) {\n const desc = url.searchParams.get('error_description');\n throw new AuthError(\n AuthErrorCode.CALLBACK_ERROR,\n desc\n ? `Authorization error: ${error} — ${desc}`\n : `Authorization error: ${error}`,\n );\n }\n\n const code = url.searchParams.get('code');\n if (!code) {\n throw new AuthError(\n AuthErrorCode.MISSING_CODE,\n 'Missing code in callback',\n );\n }\n\n const state = url.searchParams.get('state');\n if (!state) {\n throw new AuthError(\n AuthErrorCode.MISSING_STATE,\n 'Missing state in callback',\n );\n }\n\n const storedState = await safeGet(this.storage, STORAGE_KEYS.state);\n if (!storedState || !timingSafeEqual(storedState, state)) {\n throw new AuthError(\n AuthErrorCode.STATE_MISMATCH,\n 'State validation failed',\n );\n }\n\n await safeRemove(this.storage, STORAGE_KEYS.state);\n return this.exchangeCode(code);\n }\n\n getSession(): Session | null {\n return this.session;\n }\n\n async getAccessToken(): Promise<string | null> {\n if (!this.session) {\n await this.hydrateSession();\n }\n if (!this.session) return null;\n const exp = this.session.tokens.expiresAt;\n if (exp && exp <= this.now() && this.config.enableRefreshToken) {\n if (!this.refreshPromise) {\n this.refreshPromise = this.doRefresh().finally(() => {\n this.refreshPromise = null;\n });\n }\n await this.refreshPromise;\n }\n return this.session?.tokens.accessToken ?? null;\n }\n\n async logout(options?: { returnTo?: string }): Promise<void> {\n if (options?.returnTo) {\n const returnTo = options.returnTo;\n if (returnTo.startsWith('//') || !/^https?:\\/\\//.test(returnTo)) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'returnTo must be an absolute https:// or http:// URL',\n );\n }\n }\n\n this.session = null;\n await safeRemove(this.storage, STORAGE_KEYS.session);\n await safeRemove(this.storage, STORAGE_KEYS.state);\n await safeRemove(this.storage, STORAGE_KEYS.codeVerifier);\n this.notify();\n\n if (this.config.logoutEndpoint) {\n const url = new URL(this.config.logoutEndpoint);\n if (options?.returnTo) {\n url.searchParams.set('returnTo', options.returnTo);\n }\n const logoutUrl = url.toString();\n if (this.config.onRedirect) {\n await this.config.onRedirect(logoutUrl);\n } else if (typeof window !== 'undefined') {\n window.location.assign(logoutUrl);\n }\n }\n }\n\n isAuthenticated(): boolean {\n return Boolean(this.session?.tokens.accessToken);\n }\n\n onAuthStateChanged(handler: (session: Session | null) => void): () => void {\n this.listeners.add(handler);\n return () => this.listeners.delete(handler);\n }\n\n async getUserinfo(): Promise<Record<string, unknown>> {\n const accessToken = await this.getAccessToken();\n if (!accessToken) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'Not authenticated — call handleRedirectCallback first',\n );\n }\n if (!this.config.userinfoEndpoint) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.userinfoEndpoint is required for getUserinfo',\n );\n }\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.userinfoEndpoint,\n { headers: { Authorization: `Bearer ${accessToken}` } },\n );\n return response.data;\n }\n\n private async exchangeCode(code: string): Promise<Session> {\n const verifier = await safeGet(this.storage, STORAGE_KEYS.codeVerifier);\n if (!verifier) {\n throw new AuthError(\n AuthErrorCode.TOKEN_EXCHANGE_FAILED,\n 'Missing PKCE code_verifier in storage',\n );\n }\n\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n code_verifier: verifier,\n redirect_uri: this.config.redirectUri,\n client_id: this.config.clientId,\n });\n\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.tokenEndpoint,\n {\n method: 'POST',\n body: body.toString(),\n },\n );\n const tokens = normalizeTokenSet(response.data, this.now);\n await safeRemove(this.storage, STORAGE_KEYS.codeVerifier);\n return this.createSession(tokens);\n }\n\n private async doRefresh(): Promise<Session> {\n const refreshToken = this.session?.tokens.refreshToken;\n if (!refreshToken) {\n throw new AuthError(\n AuthErrorCode.REFRESH_FAILED,\n 'No refresh token available',\n );\n }\n\n const body = new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n client_id: this.config.clientId,\n });\n\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.tokenEndpoint,\n {\n method: 'POST',\n body: body.toString(),\n },\n );\n const tokens = normalizeTokenSet(response.data, this.now);\n return this.createSession(tokens);\n }\n\n private async createSession(tokens: TokenSet): Promise<Session> {\n this.session = {\n tokens,\n createdAt: this.now(),\n };\n await safeSet(\n this.storage,\n STORAGE_KEYS.session,\n JSON.stringify(this.session),\n );\n this.notify();\n return this.session;\n }\n\n private notify(): void {\n this.listeners.forEach((handler) => handler(this.session));\n }\n\n private async hydrateSession(): Promise<void> {\n const raw = await safeGet(this.storage, STORAGE_KEYS.session);\n if (!raw) return;\n try {\n const parsed = JSON.parse(raw) as Session;\n if (typeof parsed?.tokens?.accessToken !== 'string') {\n await safeRemove(this.storage, STORAGE_KEYS.session);\n return;\n }\n this.session = parsed;\n } catch {\n await safeRemove(this.storage, STORAGE_KEYS.session);\n this.session = null;\n }\n }\n}\n","import { DefaultAuthClient } from './nuria-auth-client';\nimport { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type { AuthClient, AuthConfig } from '../core/types';\n\nexport function createAuthClient(config: AuthConfig): AuthClient {\n if (!config?.clientId) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.clientId is required',\n );\n }\n if (!config.authorizationEndpoint) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.authorizationEndpoint is required',\n );\n }\n if (!config.tokenEndpoint) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.tokenEndpoint is required',\n );\n }\n if (!config.redirectUri) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.redirectUri is required',\n );\n }\n return new DefaultAuthClient(config);\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport class WebStorageAdapter implements StorageAdapter {\n constructor(\n private readonly storage: Pick<\n Storage,\n 'getItem' | 'setItem' | 'removeItem'\n >,\n ) {}\n\n get(key: string): string | null {\n return this.storage.getItem(key);\n }\n\n set(key: string, value: string): void {\n this.storage.setItem(key, value);\n }\n\n remove(key: string): void {\n this.storage.removeItem(key);\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport interface CookieStorageCallbacks {\n getCookie(name: string): string | null | Promise<string | null>;\n setCookie(name: string, value: string): void | Promise<void>;\n removeCookie(name: string): void | Promise<void>;\n}\n\nexport class CookieStorageAdapter implements StorageAdapter {\n constructor(private readonly callbacks: CookieStorageCallbacks) {}\n\n async get(key: string): Promise<string | null> {\n return this.callbacks.getCookie(key);\n }\n\n async set(key: string, value: string): Promise<void> {\n await this.callbacks.setCookie(key, value);\n }\n\n async remove(key: string): Promise<void> {\n await this.callbacks.removeCookie(key);\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport interface BrowserCookieStorageOptions {\n domain?: string;\n path?: string;\n sameSite?: 'strict' | 'lax' | 'none';\n secure?: boolean;\n}\n\nconst getCookieValue = (name: string): string | null => {\n if (typeof document === 'undefined') return null;\n const result = document.cookie.match(`(^|;)\\\\s*${name}\\\\s*=\\\\s*([^;]+)`);\n return result ? (result.pop() ?? null) : null;\n};\n\nexport function createBrowserCookieStorage(\n options: BrowserCookieStorageOptions = {},\n): StorageAdapter {\n const { domain, path = '/', sameSite = 'strict', secure = true } = options;\n\n const get = (key: string): string | null => {\n return getCookieValue(key);\n };\n\n const set = (key: string, value: string): void => {\n if (typeof document === 'undefined') return;\n let cookie = `${key}=${value}`;\n if (path) cookie += `; path=${path}`;\n if (domain) cookie += `; domain=${domain}`;\n if (sameSite) cookie += `; samesite=${sameSite}`;\n if (secure) cookie += `; secure`;\n document.cookie = cookie;\n };\n\n const remove = (key: string): void => {\n if (typeof document === 'undefined') return;\n let cookie = `${key}=; expires=Thu, 01 Jan 1970 00:00:00 GMT`;\n if (path) cookie += `; path=${path}`;\n if (domain) cookie += `; domain=${domain}`;\n document.cookie = cookie;\n };\n\n return { get, set, remove };\n}\n"]}
1
+ {"version":3,"sources":["../src/errors/auth-error.ts","../src/core/pkce.ts","../src/core/utils.ts","../src/storage/memory-storage-adapter.ts","../src/transport/fetch-transport.ts","../src/client/nuria-auth-client.ts","../src/client/create-client.ts","../src/storage/web-storage-adapter.ts","../src/storage/cookie-storage-adapter.ts","../src/storage/browser-cookie-storage.ts"],"names":["AuthErrorCode"],"mappings":";;;AAAO,IAAK,aAAA,qBAAAA,cAAAA,KAAL;AACL,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,cAAA,CAAA,GAAe,cAAA;AACf,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,YAAA,CAAA,GAAa,YAAA;AAVH,EAAA,OAAAA,cAAAA;AAAA,CAAA,EAAA,aAAA,IAAA,EAAA;AAaL,IAAM,SAAA,GAAN,cAAwB,KAAA,CAAM;AAAA,EACnC,WAAA,CACkB,IAAA,EAChB,OAAA,EACgB,KAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAJG,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,WAAA;AAAA,EACd;AACF;;;ACtBA,IAAM,QAAA,GACJ,oEAAA;AAEF,SAAS,aAAA,GAAwB;AAC/B,EAAA,IAAI,OAAO,UAAA,KAAe,WAAA,IAAe,UAAA,CAAW,MAAA,EAAQ;AAC1D,IAAA,OAAO,UAAA,CAAW,MAAA;AAAA,EACpB;AACA,EAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAC9C;AAEO,SAAS,YAAA,CAAa,SAAS,EAAA,EAAY;AAChD,EAAA,MAAM,SAAS,aAAA,EAAc;AAG7B,EAAA,MAAM,SAAA,GAAY,GAAA,GAAO,GAAA,GAAM,QAAA,CAAS,MAAA;AACxC,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,OAAO,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC7B,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,IAAA,CAAK,MAAM,MAAA,GAAS,MAAA,CAAO,MAAA,IAAU,GAAG,CAAC,CAAA;AACtE,IAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,IAAA,KAAA,MAAW,KAAK,KAAA,EAAO;AACrB,MAAA,IAAI,MAAA,CAAO,UAAU,MAAA,EAAQ;AAC7B,MAAA,IAAI,CAAA,GAAI,WAAW,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA,GAAI,QAAA,CAAS,MAAM,CAAE,CAAA;AAAA,IAC/D;AAAA,EACF;AACA,EAAA,OAAO,MAAA,CAAO,KAAK,EAAE,CAAA;AACvB;AAEA,SAAS,YAAY,KAAA,EAAwC;AAC3D,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,CAAA,KAAM,MAAA,CAAO,YAAA,CAAa,CAAC,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAA;AACvE,EAAA,OAAO,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,EAAE,CAAA;AAC9E;AAEA,SAAS,gBAAgB,QAAA,EAA2C;AAClE,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,QAAA,CAAS,MAAM,CAAA;AAC5C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,QAAA,CAAS,QAAQ,CAAA,EAAA,EAAK;AACxC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,QAAA,CAAS,UAAA,CAAW,CAAC,CAAA;AAAA,EAClC;AACA,EAAA,OAAO,KAAA;AACT;AAEA,eAAsB,oBAAoB,QAAA,EAAmC;AAC3E,EAAA,MAAM,SAAS,aAAA,EAAc;AAC7B,EAAA,MAAM,MAAA,GAAS,gBAAgB,QAAQ,CAAA;AACvC,EAAA,MAAM,SAAS,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,WAAW,MAAM,CAAA;AAC3D,EAAA,OAAO,WAAA,CAAY,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAC3C;;;AC1CO,IAAM,YAAA,GAAe;AAAA,EAC1B,OAAA,EAAS,eAAA;AAAA,EACT,KAAA,EAAO,mBAAA;AAAA,EACP,YAAA,EAAc;AAChB,CAAA;AAEO,SAAS,iBAAA,CACd,KACA,GAAA,EACU;AAZZ,EAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAaE,EAAA,MAAM,WAAA,GAAA,CAAe,EAAA,GAAA,GAAA,CAAI,YAAA,KAAJ,IAAA,GAAA,EAAA,GAAoB,GAAA,CAAI,WAAA;AAC7C,EAAA,IAAI,CAAC,WAAA,IAAe,OAAO,WAAA,KAAgB,QAAA,EAAU;AACnD,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,uBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,MAAM,SAAA,GAAY,QAAO,EAAA,GAAA,CAAA,EAAA,GAAA,GAAA,CAAI,UAAA,KAAJ,YAAkB,GAAA,CAAI,SAAA,KAAtB,IAAA,GAAA,EAAA,GAAmC,CAAC,CAAA,IAAK,MAAA;AAClE,EAAA,OAAO;AAAA,IACL,WAAA;AAAA,IACA,SAAA,EAAA,CAAY,EAAA,GAAA,GAAA,CAAI,UAAA,KAAJ,IAAA,GAAA,EAAA,GAAkB,GAAA,CAAI,SAAA;AAAA,IAClC,SAAA;AAAA,IACA,YAAA,EAAA,CAAe,EAAA,GAAA,GAAA,CAAI,aAAA,KAAJ,IAAA,GAAA,EAAA,GAAqB,GAAA,CAAI,YAAA;AAAA,IACxC,OAAA,EAAA,CAAU,EAAA,GAAA,GAAA,CAAI,QAAA,KAAJ,IAAA,GAAA,EAAA,GAAgB,GAAA,CAAI,OAAA;AAAA,IAC9B,OAAO,GAAA,CAAI,KAAA;AAAA,IACX,SAAA,EAAW,SAAA,GAAY,GAAA,EAAI,GAAI,YAAY,GAAA,GAAO;AAAA,GACpD;AACF;AAEA,eAAsB,OAAA,CACpB,SACA,GAAA,EACwB;AACxB,EAAA,IAAI;AACF,IAAA,OAAO,MAAM,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,uBAAuB,GAAG,CAAA,CAAA;AAAA,MAC1B;AAAA,KACF;AAAA,EACF;AACF;AAEA,eAAsB,OAAA,CACpB,OAAA,EACA,GAAA,EACA,KAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,uBAAuB,GAAG,CAAA,CAAA;AAAA,MAC1B;AAAA,KACF;AAAA,EACF;AACF;AAEA,eAAsB,UAAA,CACpB,SACA,GAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,EAC1B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,wBAAwB,GAAG,CAAA,CAAA;AAAA,MAC3B;AAAA,KACF;AAAA,EACF;AACF;AAEO,SAAS,eAAA,CAAgB,GAAW,CAAA,EAAoB;AAC7D,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAClC,EAAA,IAAI,IAAA,GAAO,CAAA;AACX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,QAAQ,CAAA,EAAA,EAAK;AACjC,IAAA,IAAA,IAAQ,EAAE,UAAA,CAAW,CAAC,CAAA,GAAI,CAAA,CAAE,WAAW,CAAC,CAAA;AAAA,EAC1C;AACA,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB;AAEO,SAAS,SAAS,GAAA,EAAkB;AACzC,EAAA,IAAI;AACF,IAAA,OAAO,IAAI,IAAI,GAAG,CAAA;AAAA,EACpB,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,IAAA,MAAM,IAAI,iDAAwC,sBAAsB,CAAA;AAAA,EAC1E;AACF;;;AC3FO,IAAM,uBAAN,MAAqD;AAAA,EAArD,WAAA,GAAA;AACL,IAAA,IAAA,CAAQ,KAAA,uBAAY,GAAA,EAAoB;AAAA,EAAA;AAAA,EAExC,IAAI,GAAA,EAA4B;AALlC,IAAA,IAAA,EAAA;AAMI,IAAA,OAAA,CAAO,EAAA,GAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,MAAlB,IAAA,GAAA,EAAA,GAAuB,IAAA;AAAA,EAChC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC3B;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,EACvB;AACF;;;ACDA,IAAM,gBAAA,mBAAmB,IAAI,GAAA,CAAI,CAAC,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAG,CAAC,CAAA;AAE7D,IAAM,qBAAN,MAAkD;AAAA,EAMvD,WAAA,CAAY,OAAA,GAAiC,EAAC,EAAG;AAvBnD,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAwBI,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,KAAA;AAClC,IAAA,IAAA,CAAK,YAAY,OAAA,CAAQ,SAAA;AACzB,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,CAAA;AAClC,IAAA,IAAA,CAAK,YAAA,GAAA,CAAe,EAAA,GAAA,OAAA,CAAQ,YAAA,KAAR,IAAA,GAAA,EAAA,GAAwB,EAAC;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAA,CACJ,GAAA,EACA,GAAA,GAA4B,EAAC,EACM;AAjCvC,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAkCI,IAAA,IAAI,OAAA,GAAU,GAAA;AACd,IAAA,KAAA,MAAW,CAAA,IAAK,KAAK,YAAA,EAAc;AACjC,MAAA,IAAI,EAAE,SAAA,EAAW,OAAA,GAAU,MAAM,CAAA,CAAE,SAAA,CAAU,KAAK,OAAO,CAAA;AAAA,IAC3D;AAEA,IAAA,MAAM,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,IAAA,CAAK,OAAA;AACxC,IAAA,IAAI,OAAA,GAAU,CAAA;AACd,IAAA,OAAO,IAAA,EAAM;AACX,MAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,MAAA,MAAM,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,SAAA,KAAR,IAAA,GAAA,EAAA,GAAqB,IAAA,CAAK,SAAA;AAC1C,MAAA,MAAM,KAAA,GAAQ,UACV,UAAA,CAAW,MAAM,WAAW,KAAA,EAAM,EAAG,OAAO,CAAA,GAC5C,MAAA;AACJ,MAAA,IAAI;AACF,QAAA,MAAM,kBAAA,GACJ,OAAO,OAAA,CAAQ,IAAA,KAAS,WACpB,mCAAA,GACA,kBAAA;AACN,QAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,KAAK,SAAA,CAAU,GAAA,EAAK,OAAA,CAAQ,KAAK,CAAA,EAAG;AAAA,UACjE,MAAA,EAAA,CAAQ,EAAA,GAAA,OAAA,CAAQ,MAAA,KAAR,IAAA,GAAA,EAAA,GAAkB,KAAA;AAAA,UAC1B,aAAa,OAAA,CAAQ,WAAA;AAAA,UACrB,OAAA,EAAS;AAAA,YACP,cAAA,EAAgB,kBAAA;AAAA,YAChB,GAAA,CAAI,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB;AAAC,WAC1B;AAAA,UACA,IAAA,EACE,OAAA,CAAQ,IAAA,KAAS,KAAA,CAAA,GACb,OAAO,OAAA,CAAQ,IAAA,KAAS,QAAA,GACtB,OAAA,CAAQ,IAAA,GACR,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA,GAC7B,KAAA,CAAA;AAAA,UACN,QAAQ,UAAA,CAAW;AAAA,SACpB,CAAA;AACD,QAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAa,GAAG,CAAA;AACxC,QAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,UAAA,IAAI,UAAU,OAAA,IAAW,gBAAA,CAAiB,GAAA,CAAI,GAAA,CAAI,MAAM,CAAA,EAAG;AACzD,YAAA,OAAA,IAAW,CAAA;AACX,YAAA;AAAA,UACF;AACA,UAAA,MAAM,IAAI,SAAA,CAAA,YAAA,mBAAoC,CAAA,KAAA,EAAQ,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,QACpE;AACA,QAAA,IAAI,GAAA,GAAgC;AAAA,UAClC,QAAQ,GAAA,CAAI,MAAA;AAAA,UACZ,IAAA;AAAA,UACA,SAAS,GAAA,CAAI;AAAA,SACf;AACA,QAAA,KAAA,MAAW,CAAA,IAAK,KAAK,YAAA,EAAc;AACjC,UAAA,IAAI,EAAE,UAAA,EAAY,GAAA,GAAM,MAAM,CAAA,CAAE,WAAW,GAAG,CAAA;AAAA,QAChD;AACA,QAAA,OAAO,GAAA;AAAA,MACT,SAAS,KAAA,EAAO;AACd,QAAA,IAAI,KAAA,YAAiB,WAAW,MAAM,KAAA;AACtC,QAAA,IAAI,UAAU,OAAA,EAAS;AACrB,UAAA,OAAA,IAAW,CAAA;AACX,UAAA;AAAA,QACF;AACA,QAAA,MAAM,IAAI,SAAA;AAAA,UAAA,eAAA;AAAA,UAER,wBAAA;AAAA,UACA;AAAA,SACF;AAAA,MACF,CAAA,SAAE;AACA,QAAA,IAAI,KAAA,eAAoB,KAAK,CAAA;AAAA,MAC/B;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,SAAA,CACN,KACA,KAAA,EACQ;AACR,IAAA,IAAI,CAAC,OAAO,OAAO,GAAA;AACnB,IAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,GAAG,CAAA;AAC1B,IAAA,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM;AACxC,MAAA,IAAI,MAAM,MAAA,EAAW,MAAA,CAAO,YAAA,CAAa,GAAA,CAAI,GAAG,CAAC,CAAA;AAAA,IACnD,CAAC,CAAA;AACD,IAAA,OAAO,OAAO,QAAA,EAAS;AAAA,EACzB;AAAA,EAEA,MAAc,UAAa,GAAA,EAA2B;AAjHxD,IAAA,IAAA,EAAA;AAkHI,IAAA,MAAM,eAAc,EAAA,GAAA,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,cAAc,MAA9B,IAAA,GAAA,EAAA,GAAmC,EAAA;AACvD,IAAA,IAAI,WAAA,CAAY,QAAA,CAAS,kBAAkB,CAAA,EAAG;AAC5C,MAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,IACzB;AACA,IAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,EACzB;AACF;;;AClGO,IAAM,oBAAN,MAA8C;AAAA,EAQnD,YAA6B,MAAA,EAA4B;AAA5B,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAP7B,IAAA,IAAA,CAAQ,OAAA,GAA0B,IAAA;AAClC,IAAA,IAAA,CAAQ,cAAA,GAA0C,IAAA;AAClD,IAAA,IAAA,CAAiB,SAAA,uBAAgB,GAAA,EAAuC;AAzB1E,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AA+BI,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,MAAA,CAAO,OAAA,KAAP,IAAA,GAAA,EAAA,GAAkB,IAAI,oBAAA,EAAqB;AAC1D,IAAA,IAAA,CAAK,SAAA,GAAA,CAAY,EAAA,GAAA,MAAA,CAAO,SAAA,KAAP,IAAA,GAAA,EAAA,GAAoB,IAAI,kBAAA,EAAmB;AAC5D,IAAA,IAAA,CAAK,OAAM,EAAA,GAAA,MAAA,CAAO,GAAA,KAAP,IAAA,GAAA,EAAA,IAAe,MAAM,KAAK,GAAA,EAAI,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,UAAA,CAAW,OAAA,GAA6B,EAAC,EAAkB;AApCnE,IAAA,IAAA,EAAA,EAAA,EAAA;AAqCI,IAAA,MAAM,KAAA,GAAQ,aAAa,EAAE,CAAA;AAC7B,IAAA,MAAM,YAAA,GAAe,aAAa,EAAE,CAAA;AACpC,IAAA,MAAM,aAAA,GAAgB,MAAM,mBAAA,CAAoB,YAAY,CAAA;AAE5D,IAAA,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,KAAK,CAAA;AACrD,IAAA,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,cAAc,YAAY,CAAA;AAEnE,IAAA,MAAM,MAAA,GAAiC;AAAA,MACrC,aAAA,EAAe,MAAA;AAAA,MACf,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,MAC1B,KAAA;AAAA,MACA,cAAA,EAAgB,aAAA;AAAA,MAChB,qBAAA,EAAuB;AAAA,KACzB;AAEA,IAAA,MAAM,KAAA,GAAA,CAAQ,mBAAQ,MAAA,KAAR,IAAA,GAAA,MAAA,GAAA,EAAA,CAAgB,KAAK,GAAA,CAAA,KAArB,IAAA,GAAA,EAAA,GAA6B,KAAK,MAAA,CAAO,KAAA;AACvD,IAAA,IAAI,KAAA,SAAc,KAAA,GAAQ,KAAA;AAC1B,IAAA,IAAI,OAAA,CAAQ,SAAA,EAAW,MAAA,CAAO,UAAA,GAAa,OAAA,CAAQ,SAAA;AACnD,IAAA,IAAI,QAAQ,WAAA,EAAa;AACvB,MAAA,MAAM,QAAA,uBAAe,GAAA,CAAI;AAAA,QACvB,eAAA;AAAA,QACA,WAAA;AAAA,QACA,cAAA;AAAA,QACA,OAAA;AAAA,QACA,gBAAA;AAAA,QACA;AAAA,OACD,CAAA;AACD,MAAA,KAAA,MAAW,CAAC,GAAG,CAAC,CAAA,IAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxD,QAAA,IAAI,CAAC,QAAA,CAAS,GAAA,CAAI,CAAC,CAAA,EAAG,MAAA,CAAO,CAAC,CAAA,GAAI,CAAA;AAAA,MACpC;AAAA,IACF;AAEA,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,qBAAqB,CAAA;AACrD,IAAA,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,CAAA,EAAG,CAAC,CAAC,CAAA;AACrE,IAAA,MAAM,WAAA,GAAc,IAAI,QAAA,EAAS;AAEjC,IAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,WAAW,CAAA;AACxC,MAAA;AAAA,IACF;AACA,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,MAAA,MAAA,CAAO,QAAA,CAAS,OAAO,WAAW,CAAA;AAClC,MAAA;AAAA,IACF;AACA,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AAAA,EAEA,MAAM,uBAAuB,WAAA,EAAwC;AACnE,IAAA,MAAM,QACJ,WAAA,IAAA,IAAA,GAAA,WAAA,GACC,OAAO,WAAW,WAAA,GAAc,MAAA,CAAO,SAAS,IAAA,GAAO,EAAA;AAC1D,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,GAAA,GAAM,SAAS,KAAK,CAAA;AAC1B,IAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAC1C,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,mBAAmB,CAAA;AACrD,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER,OACI,CAAA,qBAAA,EAAwB,KAAK,WAAM,IAAI,CAAA,CAAA,GACvC,wBAAwB,KAAK,CAAA;AAAA,OACnC;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACxC,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,cAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAC1C,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,eAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,cAAc,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,KAAK,CAAA;AAClE,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,eAAA,CAAgB,WAAA,EAAa,KAAK,CAAA,EAAG;AACxD,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,KAAK,CAAA;AACjD,IAAA,OAAO,IAAA,CAAK,aAAa,IAAI,CAAA;AAAA,EAC/B;AAAA,EAEA,UAAA,GAA6B;AAC3B,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEA,MAAM,cAAA,GAAyC;AA/IjD,IAAA,IAAA,EAAA,EAAA,EAAA;AAgJI,IAAA,IAAI,CAAC,KAAK,OAAA,EAAS;AACjB,MAAA,MAAM,KAAK,cAAA,EAAe;AAAA,IAC5B;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,OAAA,EAAS,OAAO,IAAA;AAC1B,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,SAAA;AAChC,IAAA,IAAI,OAAO,GAAA,IAAO,IAAA,CAAK,KAAI,IAAK,IAAA,CAAK,OAAO,kBAAA,EAAoB;AAC9D,MAAA,IAAI,CAAC,KAAK,cAAA,EAAgB;AACxB,QAAA,IAAA,CAAK,cAAA,GAAiB,IAAA,CAAK,SAAA,EAAU,CAAE,QAAQ,MAAM;AACnD,UAAA,IAAA,CAAK,cAAA,GAAiB,IAAA;AAAA,QACxB,CAAC,CAAA;AAAA,MACH;AACA,MAAA,MAAM,IAAA,CAAK,cAAA;AAAA,IACb;AACA,IAAA,OAAA,CAAO,EAAA,GAAA,CAAA,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,gBAArB,IAAA,GAAA,EAAA,GAAoC,IAAA;AAAA,EAC7C;AAAA,EAEA,MAAM,OAAO,OAAA,EAAgD;AAC3D,IAAA,IAAI,mCAAS,QAAA,EAAU;AACrB,MAAA,MAAM,WAAW,OAAA,CAAQ,QAAA;AACzB,MAAA,IAAI,QAAA,CAAS,WAAW,IAAI,CAAA,IAAK,CAAC,cAAA,CAAe,IAAA,CAAK,QAAQ,CAAA,EAAG;AAC/D,QAAA,MAAM,IAAI,SAAA;AAAA,UAAA,gBAAA;AAAA,UAER;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,IAAA;AACf,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,KAAK,CAAA;AACjD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,YAAY,CAAA;AACxD,IAAA,IAAA,CAAK,MAAA,EAAO;AAEZ,IAAA,IAAI,IAAA,CAAK,OAAO,cAAA,EAAgB;AAC9B,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,cAAc,CAAA;AAC9C,MAAA,IAAI,mCAAS,QAAA,EAAU;AACrB,QAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,OAAA,CAAQ,QAAQ,CAAA;AAAA,MACnD;AACA,MAAA,MAAM,SAAA,GAAY,IAAI,QAAA,EAAS;AAC/B,MAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,QAAA,MAAM,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,SAAS,CAAA;AAAA,MACxC,CAAA,MAAA,IAAW,OAAO,MAAA,KAAW,WAAA,EAAa;AACxC,QAAA,MAAA,CAAO,QAAA,CAAS,OAAO,SAAS,CAAA;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,eAAA,GAA2B;AA/L7B,IAAA,IAAA,EAAA;AAgMI,IAAA,OAAO,OAAA,CAAA,CAAQ,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,OAAO,WAAW,CAAA;AAAA,EACjD;AAAA,EAEA,mBAAmB,OAAA,EAAwD;AACzE,IAAA,IAAA,CAAK,SAAA,CAAU,IAAI,OAAO,CAAA;AAC1B,IAAA,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,OAAO,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAA,GAAgD;AACpD,IAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,cAAA,EAAe;AAC9C,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,gBAAA,EAAkB;AACjC,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AACA,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,gBAAA;AAAA,MACZ,EAAE,OAAA,EAAS,EAAE,eAAe,CAAA,OAAA,EAAU,WAAW,IAAG;AAAE,KACxD;AACA,IAAA,OAAO,QAAA,CAAS,IAAA;AAAA,EAClB;AAAA,EAEA,MAAc,aAAa,IAAA,EAAgC;AACzD,IAAA,MAAM,WAAW,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,YAAY,CAAA;AACtE,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,uBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,oBAAA;AAAA,MACZ,IAAA;AAAA,MACA,aAAA,EAAe,QAAA;AAAA,MACf,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,MAC1B,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,KACxB,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,aAAA;AAAA,MACZ;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,WAAA,EAAa,SAAA;AAAA,QACb,IAAA,EAAM,KAAK,QAAA;AAAS;AACtB,KACF;AACA,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,QAAA,CAAS,IAAA,EAAM,KAAK,GAAG,CAAA;AACxD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,YAAY,CAAA;AACxD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEA,MAAc,SAAA,GAA8B;AA3P9C,IAAA,IAAA,EAAA;AA4PI,IAAA,MAAM,YAAA,GAAA,CAAe,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,YAAA;AAC1C,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,eAAA;AAAA,MACZ,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,KACxB,CAAA;AACD,IAAA,IAAI,YAAA,EAAc,IAAA,CAAK,GAAA,CAAI,eAAA,EAAiB,YAAY,CAAA;AAExD,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,aAAA;AAAA,MACZ;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,WAAA,EAAa,SAAA;AAAA,QACb,IAAA,EAAM,KAAK,QAAA;AAAS;AACtB,KACF;AACA,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,QAAA,CAAS,IAAA,EAAM,KAAK,GAAG,CAAA;AACxD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEA,MAAc,cAAc,MAAA,EAAoC;AA/QlE,IAAA,IAAA,EAAA,EAAA,EAAA;AAgRI,IAAA,MAAM,oBAAA,GAAA,CAAuB,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,YAAA;AAClD,IAAA,MAAM,YAAA,GAAyB;AAAA,MAC7B,GAAG,MAAA;AAAA,MACH,YAAA,EAAA,CAAc,EAAA,GAAA,MAAA,CAAO,YAAA,KAAP,IAAA,GAAA,EAAA,GAAuB;AAAA,KACvC;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU;AAAA,MACb,MAAA,EAAQ,YAAA;AAAA,MACR,SAAA,EAAW,KAAK,GAAA;AAAI,KACtB;AACA,IAAA,MAAM,OAAA;AAAA,MACJ,IAAA,CAAK,OAAA;AAAA,MACL,YAAA,CAAa,OAAA;AAAA,MACb,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,OAAO;AAAA,KAC7B;AACA,IAAA,IAAA,CAAK,MAAA,EAAO;AACZ,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEQ,MAAA,GAAe;AACrB,IAAA,IAAA,CAAK,UAAU,OAAA,CAAQ,CAAC,YAAY,OAAA,CAAQ,IAAA,CAAK,OAAO,CAAC,CAAA;AAAA,EAC3D;AAAA,EAEA,MAAc,cAAA,GAAgC;AAvShD,IAAA,IAAA,EAAA;AAwSI,IAAA,MAAM,MAAM,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,OAAO,CAAA;AAC5D,IAAA,IAAI,CAAC,GAAA,EAAK;AACV,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,GAAG,CAAA;AAC7B,MAAA,IAAI,QAAA,CAAO,EAAA,GAAA,MAAA,IAAA,IAAA,GAAA,KAAA,CAAA,GAAA,MAAA,CAAQ,MAAA,KAAR,IAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAgB,iBAAgB,QAAA,EAAU;AACnD,QAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,QAAA;AAAA,MACF;AACA,MAAA,IAAA,CAAK,OAAA,GAAU,MAAA;AAAA,IACjB,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,MAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,MAAA,IAAA,CAAK,OAAA,GAAU,IAAA;AAAA,IACjB;AAAA,EACF;AACF,CAAA;;;AClTA,IAAM,qBAAA,GAAwB,iCAAA;AAC9B,IAAM,0BAAA,GAA6B,qBAAA;AACnC,IAAM,kBAAA,GAAqB,iBAAA;AAC3B,IAAM,aAAA,GAAgB,sBAAA;AAEtB,SAAS,iBAAiB,KAAA,EAAwB;AAChD,EAAA,MAAM,GAAA,GAAM,MAAA,CAAO,KAAA,IAAA,IAAA,GAAA,KAAA,GAAS,qBAAqB,EAAE,IAAA,EAAK;AACxD,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,IAAI,IAAI,GAAG,CAAA;AAAA,EACtB,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO,MAAA,CAAO,QAAA,EAAS,CAAE,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAC7C;AAEA,SAAS,eAAA,CACP,OAAA,EACA,QAAA,EACA,YAAA,EACQ;AACR,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,IAAI;AACF,MAAA,OAAO,IAAI,GAAA,CAAI,QAAQ,CAAA,CAAE,QAAA,EAAS;AAAA,IACpC,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,IAAI,GAAA,CAAI,YAAA,EAAc,GAAG,OAAO,CAAA,CAAA,CAAG,EAAE,QAAA,EAAS;AACvD;AAEO,SAAS,iBAAiB,MAAA,EAAgC;AAlDjE,EAAA,IAAA,EAAA,EAAA,EAAA;AAmDE,EAAA,IAAI,EAAC,iCAAQ,QAAA,CAAA,EAAU;AACrB,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,WAAA,EAAa;AACvB,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,gBAAA,CAAiB,MAAA,CAAO,OAAO,CAAA;AAC/C,EAAA,MAAM,cAAA,GAAqC;AAAA,IACzC,GAAG,MAAA;AAAA,IACH,OAAA;AAAA,IACA,KAAA,EAAO,QAAO,EAAA,GAAA,MAAA,CAAO,KAAA,KAAP,YAAgB,EAAE,CAAA,CAAE,MAAK,IAAK,aAAA;AAAA,IAC5C,kBAAA,EAAA,CAAoB,EAAA,GAAA,MAAA,CAAO,kBAAA,KAAP,IAAA,GAAA,EAAA,GAA6B,IAAA;AAAA,IACjD,qBAAA,EAAuB,eAAA;AAAA,MACrB,OAAA;AAAA,MACA,MAAA,CAAO,qBAAA;AAAA,MACP;AAAA,KACF;AAAA,IACA,aAAA,EAAe,eAAA;AAAA,MACb,OAAA;AAAA,MACA,MAAA,CAAO,aAAA;AAAA,MACP;AAAA;AACF,GACF;AAEA,EAAA,OAAO,IAAI,kBAAkB,cAAc,CAAA;AAC7C;;;ACjFO,IAAM,oBAAN,MAAkD;AAAA,EACvD,YACmB,OAAA,EAIjB;AAJiB,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAIhB;AAAA,EAEH,IAAI,GAAA,EAA4B;AAC9B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA;AAAA,EACjC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAAA,EACjC;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,GAAG,CAAA;AAAA,EAC7B;AACF;;;ACbO,IAAM,uBAAN,MAAqD;AAAA,EAC1D,YAA6B,SAAA,EAAmC;AAAnC,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EAAoC;AAAA,EAEjE,MAAM,IAAI,GAAA,EAAqC;AAC7C,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,SAAA,CAAU,GAAG,CAAA;AAAA,EACrC;AAAA,EAEA,MAAM,GAAA,CAAI,GAAA,EAAa,KAAA,EAA8B;AACnD,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,SAAA,CAAU,GAAA,EAAK,KAAK,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,OAAO,GAAA,EAA4B;AACvC,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,YAAA,CAAa,GAAG,CAAA;AAAA,EACvC;AACF;;;ACbA,IAAM,cAAA,GAAiB,CAAC,IAAA,KAAgC;AATxD,EAAA,IAAA,EAAA;AAUE,EAAA,IAAI,OAAO,QAAA,KAAa,WAAA,EAAa,OAAO,IAAA;AAC5C,EAAA,MAAM,SAAS,QAAA,CAAS,MAAA,CAAO,KAAA,CAAM,CAAA,SAAA,EAAY,IAAI,CAAA,gBAAA,CAAkB,CAAA;AACvE,EAAA,OAAO,MAAA,GAAA,CAAU,EAAA,GAAA,MAAA,CAAO,GAAA,EAAI,KAAX,YAAgB,IAAA,GAAQ,IAAA;AAC3C,CAAA;AAEO,SAAS,0BAAA,CACd,OAAA,GAAuC,EAAC,EACxB;AAChB,EAAA,MAAM,EAAE,QAAQ,IAAA,GAAO,GAAA,EAAK,WAAW,QAAA,EAAU,MAAA,GAAS,MAAK,GAAI,OAAA;AAEnE,EAAA,MAAM,GAAA,GAAM,CAAC,GAAA,KAA+B;AAC1C,IAAA,OAAO,eAAe,GAAG,CAAA;AAAA,EAC3B,CAAA;AAEA,EAAA,MAAM,GAAA,GAAM,CAAC,GAAA,EAAa,KAAA,KAAwB;AAChD,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,IAAI,MAAA,GAAS,CAAA,EAAG,GAAG,CAAA,CAAA,EAAI,KAAK,CAAA,CAAA;AAC5B,IAAA,IAAI,IAAA,EAAM,MAAA,IAAU,CAAA,OAAA,EAAU,IAAI,CAAA,CAAA;AAClC,IAAA,IAAI,MAAA,EAAQ,MAAA,IAAU,CAAA,SAAA,EAAY,MAAM,CAAA,CAAA;AACxC,IAAA,IAAI,QAAA,EAAU,MAAA,IAAU,CAAA,WAAA,EAAc,QAAQ,CAAA,CAAA;AAC9C,IAAA,IAAI,QAAQ,MAAA,IAAU,CAAA,QAAA,CAAA;AACtB,IAAA,QAAA,CAAS,MAAA,GAAS,MAAA;AAAA,EACpB,CAAA;AAEA,EAAA,MAAM,MAAA,GAAS,CAAC,GAAA,KAAsB;AACpC,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,IAAI,MAAA,GAAS,GAAG,GAAG,CAAA,wCAAA,CAAA;AACnB,IAAA,IAAI,IAAA,EAAM,MAAA,IAAU,CAAA,OAAA,EAAU,IAAI,CAAA,CAAA;AAClC,IAAA,IAAI,MAAA,EAAQ,MAAA,IAAU,CAAA,SAAA,EAAY,MAAM,CAAA,CAAA;AACxC,IAAA,QAAA,CAAS,MAAA,GAAS,MAAA;AAAA,EACpB,CAAA;AAEA,EAAA,OAAO,EAAE,GAAA,EAAK,GAAA,EAAK,MAAA,EAAO;AAC5B","file":"index.cjs","sourcesContent":["export enum AuthErrorCode {\n INVALID_CONFIG = 'INVALID_CONFIG',\n STATE_MISMATCH = 'STATE_MISMATCH',\n CALLBACK_ERROR = 'CALLBACK_ERROR',\n TOKEN_EXCHANGE_FAILED = 'TOKEN_EXCHANGE_FAILED',\n REFRESH_FAILED = 'REFRESH_FAILED',\n STORAGE_ERROR = 'STORAGE_ERROR',\n MISSING_CODE = 'MISSING_CODE',\n MISSING_STATE = 'MISSING_STATE',\n NETWORK_ERROR = 'NETWORK_ERROR',\n HTTP_ERROR = 'HTTP_ERROR',\n}\n\nexport class AuthError extends Error {\n constructor(\n public readonly code: AuthErrorCode,\n message: string,\n public readonly cause?: unknown,\n ) {\n super(message);\n this.name = 'AuthError';\n }\n}\n","const ALPHABET =\n 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';\n\nfunction getCryptoImpl(): Crypto {\n if (typeof globalThis !== 'undefined' && globalThis.crypto) {\n return globalThis.crypto;\n }\n throw new Error('Web Crypto API unavailable');\n}\n\nexport function randomString(length = 64): string {\n const crypto = getCryptoImpl();\n // Rejection sampling: discard bytes >= threshold to eliminate modulo bias.\n // ALPHABET.length = 66; threshold = 256 - (256 % 66) = 204\n const THRESHOLD = 256 - (256 % ALPHABET.length);\n const result: string[] = [];\n while (result.length < length) {\n const bytes = new Uint8Array(Math.ceil((length - result.length) * 1.4));\n crypto.getRandomValues(bytes);\n for (const b of bytes) {\n if (result.length >= length) break;\n if (b < THRESHOLD) result.push(ALPHABET[b % ALPHABET.length]!);\n }\n }\n return result.join('');\n}\n\nfunction toBase64Url(bytes: Uint8Array<ArrayBuffer>): string {\n const binary = Array.from(bytes, (b) => String.fromCharCode(b)).join('');\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=/g, '');\n}\n\nfunction verifierToBytes(verifier: string): Uint8Array<ArrayBuffer> {\n const bytes = new Uint8Array(verifier.length);\n for (let i = 0; i < verifier.length; i++) {\n bytes[i] = verifier.charCodeAt(i);\n }\n return bytes;\n}\n\nexport async function createCodeChallenge(verifier: string): Promise<string> {\n const crypto = getCryptoImpl();\n const buffer = verifierToBytes(verifier);\n const digest = await crypto.subtle.digest('SHA-256', buffer);\n return toBase64Url(new Uint8Array(digest));\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type { StorageAdapter, TokenSet } from './types';\n\nexport const STORAGE_KEYS = {\n session: 'nuria:session',\n state: 'nuria:oauth:state',\n codeVerifier: 'nuria:oauth:code_verifier',\n};\n\nexport function normalizeTokenSet(\n raw: Record<string, unknown>,\n now: () => number,\n): TokenSet {\n const accessToken = (raw.access_token ?? raw.accessToken) as string;\n if (!accessToken || typeof accessToken !== 'string') {\n throw new AuthError(\n AuthErrorCode.TOKEN_EXCHANGE_FAILED,\n 'Missing access token in token response',\n );\n }\n const expiresIn = Number(raw.expires_in ?? raw.expiresIn ?? 0) || undefined;\n return {\n accessToken,\n tokenType: (raw.token_type ?? raw.tokenType) as string | undefined,\n expiresIn,\n refreshToken: (raw.refresh_token ?? raw.refreshToken) as string | undefined,\n idToken: (raw.id_token ?? raw.idToken) as string | undefined,\n scope: raw.scope as string | undefined,\n expiresAt: expiresIn ? now() + expiresIn * 1000 : undefined,\n };\n}\n\nexport async function safeGet(\n storage: StorageAdapter,\n key: string,\n): Promise<string | null> {\n try {\n return await storage.get(key);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed reading key: ${key}`,\n cause,\n );\n }\n}\n\nexport async function safeSet(\n storage: StorageAdapter,\n key: string,\n value: string,\n): Promise<void> {\n try {\n await storage.set(key, value);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed writing key: ${key}`,\n cause,\n );\n }\n}\n\nexport async function safeRemove(\n storage: StorageAdapter,\n key: string,\n): Promise<void> {\n try {\n await storage.remove(key);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed removing key: ${key}`,\n cause,\n );\n }\n}\n\nexport function timingSafeEqual(a: string, b: string): boolean {\n if (a.length !== b.length) return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++) {\n diff |= a.charCodeAt(i) ^ b.charCodeAt(i);\n }\n return diff === 0;\n}\n\nexport function parseUrl(url: string): URL {\n try {\n return new URL(url);\n } catch {\n throw new AuthError(AuthErrorCode.CALLBACK_ERROR, 'Invalid callback URL');\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport class MemoryStorageAdapter implements StorageAdapter {\n private store = new Map<string, string>();\n\n get(key: string): string | null {\n return this.store.get(key) ?? null;\n }\n\n set(key: string, value: string): void {\n this.store.set(key, value);\n }\n\n remove(key: string): void {\n this.store.delete(key);\n }\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type {\n AuthTransport,\n AuthTransportRequest,\n AuthTransportResponse,\n TransportInterceptor,\n} from '../core/types';\n\nexport interface FetchTransportOptions {\n fetchFn?: typeof fetch;\n timeoutMs?: number;\n retries?: number;\n interceptors?: TransportInterceptor[];\n}\n\nconst RETRYABLE_STATUS = new Set([408, 425, 429, 500, 502, 503, 504]);\n\nexport class FetchAuthTransport implements AuthTransport {\n private readonly fetchFn: typeof fetch;\n private readonly timeoutMs?: number;\n private readonly retries: number;\n private readonly interceptors: TransportInterceptor[];\n\n constructor(options: FetchTransportOptions = {}) {\n this.fetchFn = options.fetchFn ?? fetch;\n this.timeoutMs = options.timeoutMs;\n this.retries = options.retries ?? 0;\n this.interceptors = options.interceptors ?? [];\n }\n\n async request<T = unknown>(\n url: string,\n req: AuthTransportRequest = {},\n ): Promise<AuthTransportResponse<T>> {\n let request = req;\n for (const i of this.interceptors) {\n if (i.onRequest) request = await i.onRequest(url, request);\n }\n\n const retries = request.retries ?? this.retries;\n let attempt = 0;\n while (true) {\n const controller = new AbortController();\n const timeout = request.timeoutMs ?? this.timeoutMs;\n const timer = timeout\n ? setTimeout(() => controller.abort(), timeout)\n : undefined;\n try {\n const defaultContentType =\n typeof request.body === 'string'\n ? 'application/x-www-form-urlencoded'\n : 'application/json';\n const res = await this.fetchFn(this.withQuery(url, request.query), {\n method: request.method ?? 'GET',\n credentials: request.credentials,\n headers: {\n 'Content-Type': defaultContentType,\n ...(request.headers ?? {}),\n },\n body:\n request.body !== undefined\n ? typeof request.body === 'string'\n ? request.body\n : JSON.stringify(request.body)\n : undefined,\n signal: controller.signal,\n });\n const data = await this.parseBody<T>(res);\n if (!res.ok) {\n if (attempt < retries && RETRYABLE_STATUS.has(res.status)) {\n attempt += 1;\n continue;\n }\n throw new AuthError(AuthErrorCode.HTTP_ERROR, `HTTP ${res.status}`);\n }\n let out: AuthTransportResponse<T> = {\n status: res.status,\n data,\n headers: res.headers,\n };\n for (const i of this.interceptors) {\n if (i.onResponse) out = await i.onResponse(out);\n }\n return out;\n } catch (cause) {\n if (cause instanceof AuthError) throw cause;\n if (attempt < retries) {\n attempt += 1;\n continue;\n }\n throw new AuthError(\n AuthErrorCode.NETWORK_ERROR,\n 'Network request failed',\n cause,\n );\n } finally {\n if (timer) clearTimeout(timer);\n }\n }\n }\n\n private withQuery(\n url: string,\n query?: Record<string, string | undefined>,\n ): string {\n if (!query) return url;\n const parsed = new URL(url);\n Object.entries(query).forEach(([k, v]) => {\n if (v !== undefined) parsed.searchParams.set(k, v);\n });\n return parsed.toString();\n }\n\n private async parseBody<T>(res: Response): Promise<T> {\n const contentType = res.headers.get('content-type') ?? '';\n if (contentType.includes('application/json')) {\n return (await res.json()) as T;\n }\n return (await res.text()) as unknown as T;\n }\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport { createCodeChallenge, randomString } from '../core/pkce';\nimport {\n normalizeTokenSet,\n parseUrl,\n safeGet,\n safeRemove,\n safeSet,\n timingSafeEqual,\n STORAGE_KEYS,\n} from '../core/utils';\nimport type {\n AuthClient,\n ResolvedAuthConfig,\n Session,\n StartLoginOptions,\n TokenSet,\n AuthTransport,\n} from '../core/types';\nimport { MemoryStorageAdapter } from '../storage/memory-storage-adapter';\nimport { FetchAuthTransport } from '../transport/fetch-transport';\n\nexport class DefaultAuthClient implements AuthClient {\n private session: Session | null = null;\n private refreshPromise: Promise<Session> | null = null;\n private readonly listeners = new Set<(session: Session | null) => void>();\n private readonly storage;\n private readonly transport: AuthTransport;\n private readonly now: () => number;\n\n constructor(private readonly config: ResolvedAuthConfig) {\n this.storage = config.storage ?? new MemoryStorageAdapter();\n this.transport = config.transport ?? new FetchAuthTransport();\n this.now = config.now ?? (() => Date.now());\n }\n\n async startLogin(options: StartLoginOptions = {}): Promise<void> {\n const state = randomString(32);\n const codeVerifier = randomString(96);\n const codeChallenge = await createCodeChallenge(codeVerifier);\n\n await safeSet(this.storage, STORAGE_KEYS.state, state);\n await safeSet(this.storage, STORAGE_KEYS.codeVerifier, codeVerifier);\n\n const params: Record<string, string> = {\n response_type: 'code',\n client_id: this.config.clientId,\n redirect_uri: this.config.redirectUri,\n state,\n code_challenge: codeChallenge,\n code_challenge_method: 'S256',\n };\n\n const scope = options.scopes?.join(' ') ?? this.config.scope;\n if (scope) params.scope = scope;\n if (options.loginHint) params.login_hint = options.loginHint;\n if (options.extraParams) {\n const RESERVED = new Set([\n 'response_type',\n 'client_id',\n 'redirect_uri',\n 'state',\n 'code_challenge',\n 'code_challenge_method',\n ]);\n for (const [k, v] of Object.entries(options.extraParams)) {\n if (!RESERVED.has(k)) params[k] = v;\n }\n }\n\n const url = new URL(this.config.authorizationEndpoint);\n Object.entries(params).forEach(([k, v]) => url.searchParams.set(k, v));\n const redirectUrl = url.toString();\n\n if (this.config.onRedirect) {\n await this.config.onRedirect(redirectUrl);\n return;\n }\n if (typeof window !== 'undefined') {\n window.location.assign(redirectUrl);\n return;\n }\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'Missing onRedirect callback for non-browser runtime',\n );\n }\n\n async handleRedirectCallback(callbackUrl?: string): Promise<Session> {\n const input =\n callbackUrl ??\n (typeof window !== 'undefined' ? window.location.href : '');\n if (!input) {\n throw new AuthError(\n AuthErrorCode.CALLBACK_ERROR,\n 'callbackUrl required in non-browser runtime',\n );\n }\n\n const url = parseUrl(input);\n const error = url.searchParams.get('error');\n if (error) {\n const desc = url.searchParams.get('error_description');\n throw new AuthError(\n AuthErrorCode.CALLBACK_ERROR,\n desc\n ? `Authorization error: ${error} — ${desc}`\n : `Authorization error: ${error}`,\n );\n }\n\n const code = url.searchParams.get('code');\n if (!code) {\n throw new AuthError(\n AuthErrorCode.MISSING_CODE,\n 'Missing code in callback',\n );\n }\n\n const state = url.searchParams.get('state');\n if (!state) {\n throw new AuthError(\n AuthErrorCode.MISSING_STATE,\n 'Missing state in callback',\n );\n }\n\n const storedState = await safeGet(this.storage, STORAGE_KEYS.state);\n if (!storedState || !timingSafeEqual(storedState, state)) {\n throw new AuthError(\n AuthErrorCode.STATE_MISMATCH,\n 'State validation failed',\n );\n }\n\n await safeRemove(this.storage, STORAGE_KEYS.state);\n return this.exchangeCode(code);\n }\n\n getSession(): Session | null {\n return this.session;\n }\n\n async getAccessToken(): Promise<string | null> {\n if (!this.session) {\n await this.hydrateSession();\n }\n if (!this.session) return null;\n const exp = this.session.tokens.expiresAt;\n if (exp && exp <= this.now() && this.config.enableRefreshToken) {\n if (!this.refreshPromise) {\n this.refreshPromise = this.doRefresh().finally(() => {\n this.refreshPromise = null;\n });\n }\n await this.refreshPromise;\n }\n return this.session?.tokens.accessToken ?? null;\n }\n\n async logout(options?: { returnTo?: string }): Promise<void> {\n if (options?.returnTo) {\n const returnTo = options.returnTo;\n if (returnTo.startsWith('//') || !/^https?:\\/\\//.test(returnTo)) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'returnTo must be an absolute https:// or http:// URL',\n );\n }\n }\n\n this.session = null;\n await safeRemove(this.storage, STORAGE_KEYS.session);\n await safeRemove(this.storage, STORAGE_KEYS.state);\n await safeRemove(this.storage, STORAGE_KEYS.codeVerifier);\n this.notify();\n\n if (this.config.logoutEndpoint) {\n const url = new URL(this.config.logoutEndpoint);\n if (options?.returnTo) {\n url.searchParams.set('returnTo', options.returnTo);\n }\n const logoutUrl = url.toString();\n if (this.config.onRedirect) {\n await this.config.onRedirect(logoutUrl);\n } else if (typeof window !== 'undefined') {\n window.location.assign(logoutUrl);\n }\n }\n }\n\n isAuthenticated(): boolean {\n return Boolean(this.session?.tokens.accessToken);\n }\n\n onAuthStateChanged(handler: (session: Session | null) => void): () => void {\n this.listeners.add(handler);\n return () => this.listeners.delete(handler);\n }\n\n async getUserinfo(): Promise<Record<string, unknown>> {\n const accessToken = await this.getAccessToken();\n if (!accessToken) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'Not authenticated — call handleRedirectCallback first',\n );\n }\n if (!this.config.userinfoEndpoint) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.userinfoEndpoint is required for getUserinfo',\n );\n }\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.userinfoEndpoint,\n { headers: { Authorization: `Bearer ${accessToken}` } },\n );\n return response.data;\n }\n\n private async exchangeCode(code: string): Promise<Session> {\n const verifier = await safeGet(this.storage, STORAGE_KEYS.codeVerifier);\n if (!verifier) {\n throw new AuthError(\n AuthErrorCode.TOKEN_EXCHANGE_FAILED,\n 'Missing PKCE code_verifier in storage',\n );\n }\n\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n code_verifier: verifier,\n redirect_uri: this.config.redirectUri,\n client_id: this.config.clientId,\n });\n\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.tokenEndpoint,\n {\n method: 'POST',\n credentials: 'include',\n body: body.toString(),\n },\n );\n const tokens = normalizeTokenSet(response.data, this.now);\n await safeRemove(this.storage, STORAGE_KEYS.codeVerifier);\n return this.createSession(tokens);\n }\n\n private async doRefresh(): Promise<Session> {\n const refreshToken = this.session?.tokens.refreshToken;\n const body = new URLSearchParams({\n grant_type: 'refresh_token',\n client_id: this.config.clientId,\n });\n if (refreshToken) body.set('refresh_token', refreshToken);\n\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.tokenEndpoint,\n {\n method: 'POST',\n credentials: 'include',\n body: body.toString(),\n },\n );\n const tokens = normalizeTokenSet(response.data, this.now);\n return this.createSession(tokens);\n }\n\n private async createSession(tokens: TokenSet): Promise<Session> {\n const previousRefreshToken = this.session?.tokens.refreshToken;\n const mergedTokens: TokenSet = {\n ...tokens,\n refreshToken: tokens.refreshToken ?? previousRefreshToken,\n };\n\n this.session = {\n tokens: mergedTokens,\n createdAt: this.now(),\n };\n await safeSet(\n this.storage,\n STORAGE_KEYS.session,\n JSON.stringify(this.session),\n );\n this.notify();\n return this.session;\n }\n\n private notify(): void {\n this.listeners.forEach((handler) => handler(this.session));\n }\n\n private async hydrateSession(): Promise<void> {\n const raw = await safeGet(this.storage, STORAGE_KEYS.session);\n if (!raw) return;\n try {\n const parsed = JSON.parse(raw) as Session;\n if (typeof parsed?.tokens?.accessToken !== 'string') {\n await safeRemove(this.storage, STORAGE_KEYS.session);\n return;\n }\n this.session = parsed;\n } catch {\n await safeRemove(this.storage, STORAGE_KEYS.session);\n this.session = null;\n }\n }\n}\n","import { DefaultAuthClient } from './nuria-auth-client';\nimport { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type { AuthClient, AuthConfig, ResolvedAuthConfig } from '../core/types';\n\nconst DEFAULT_AUTH_BASE_URL = 'https://ms-auth-v2.nuria.com.br';\nconst DEFAULT_AUTHORIZATION_PATH = '/v2/oauth/authorize';\nconst DEFAULT_TOKEN_PATH = '/v2/oauth/token';\nconst DEFAULT_SCOPE = 'openid profile email';\n\nfunction normalizeBaseUrl(value?: string): string {\n const raw = String(value ?? DEFAULT_AUTH_BASE_URL).trim();\n if (!raw) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.baseUrl must be a valid absolute URL',\n );\n }\n\n let parsed: URL;\n try {\n parsed = new URL(raw);\n } catch {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.baseUrl must be a valid absolute URL',\n );\n }\n\n return parsed.toString().replace(/\\/+$/, '');\n}\n\nfunction resolveEndpoint(\n baseUrl: string,\n explicit: string | undefined,\n fallbackPath: string,\n): string {\n if (explicit) {\n try {\n return new URL(explicit).toString();\n } catch {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'OAuth endpoints must be valid absolute URLs',\n );\n }\n }\n\n return new URL(fallbackPath, `${baseUrl}/`).toString();\n}\n\nexport function createAuthClient(config: AuthConfig): AuthClient {\n if (!config?.clientId) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.clientId is required',\n );\n }\n if (!config.redirectUri) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.redirectUri is required',\n );\n }\n\n const baseUrl = normalizeBaseUrl(config.baseUrl);\n const resolvedConfig: ResolvedAuthConfig = {\n ...config,\n baseUrl,\n scope: String(config.scope ?? '').trim() || DEFAULT_SCOPE,\n enableRefreshToken: config.enableRefreshToken ?? true,\n authorizationEndpoint: resolveEndpoint(\n baseUrl,\n config.authorizationEndpoint,\n DEFAULT_AUTHORIZATION_PATH,\n ),\n tokenEndpoint: resolveEndpoint(\n baseUrl,\n config.tokenEndpoint,\n DEFAULT_TOKEN_PATH,\n ),\n };\n\n return new DefaultAuthClient(resolvedConfig);\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport class WebStorageAdapter implements StorageAdapter {\n constructor(\n private readonly storage: Pick<\n Storage,\n 'getItem' | 'setItem' | 'removeItem'\n >,\n ) {}\n\n get(key: string): string | null {\n return this.storage.getItem(key);\n }\n\n set(key: string, value: string): void {\n this.storage.setItem(key, value);\n }\n\n remove(key: string): void {\n this.storage.removeItem(key);\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport interface CookieStorageCallbacks {\n getCookie(name: string): string | null | Promise<string | null>;\n setCookie(name: string, value: string): void | Promise<void>;\n removeCookie(name: string): void | Promise<void>;\n}\n\nexport class CookieStorageAdapter implements StorageAdapter {\n constructor(private readonly callbacks: CookieStorageCallbacks) {}\n\n async get(key: string): Promise<string | null> {\n return this.callbacks.getCookie(key);\n }\n\n async set(key: string, value: string): Promise<void> {\n await this.callbacks.setCookie(key, value);\n }\n\n async remove(key: string): Promise<void> {\n await this.callbacks.removeCookie(key);\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport interface BrowserCookieStorageOptions {\n domain?: string;\n path?: string;\n sameSite?: 'strict' | 'lax' | 'none';\n secure?: boolean;\n}\n\nconst getCookieValue = (name: string): string | null => {\n if (typeof document === 'undefined') return null;\n const result = document.cookie.match(`(^|;)\\\\s*${name}\\\\s*=\\\\s*([^;]+)`);\n return result ? (result.pop() ?? null) : null;\n};\n\nexport function createBrowserCookieStorage(\n options: BrowserCookieStorageOptions = {},\n): StorageAdapter {\n const { domain, path = '/', sameSite = 'strict', secure = true } = options;\n\n const get = (key: string): string | null => {\n return getCookieValue(key);\n };\n\n const set = (key: string, value: string): void => {\n if (typeof document === 'undefined') return;\n let cookie = `${key}=${value}`;\n if (path) cookie += `; path=${path}`;\n if (domain) cookie += `; domain=${domain}`;\n if (sameSite) cookie += `; samesite=${sameSite}`;\n if (secure) cookie += `; secure`;\n document.cookie = cookie;\n };\n\n const remove = (key: string): void => {\n if (typeof document === 'undefined') return;\n let cookie = `${key}=; expires=Thu, 01 Jan 1970 00:00:00 GMT`;\n if (path) cookie += `; path=${path}`;\n if (domain) cookie += `; domain=${domain}`;\n document.cookie = cookie;\n };\n\n return { get, set, remove };\n}\n"]}
package/dist/index.d.cts CHANGED
@@ -24,6 +24,7 @@ interface StorageAdapter {
24
24
  interface AuthTransportRequest {
25
25
  method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
26
26
  headers?: Record<string, string>;
27
+ credentials?: RequestCredentials;
27
28
  query?: Record<string, string | undefined>;
28
29
  body?: unknown;
29
30
  timeoutMs?: number;
@@ -43,8 +44,9 @@ interface TransportInterceptor {
43
44
  }
44
45
  interface AuthConfig {
45
46
  clientId: string;
46
- authorizationEndpoint: string;
47
- tokenEndpoint: string;
47
+ baseUrl?: string;
48
+ authorizationEndpoint?: string;
49
+ tokenEndpoint?: string;
48
50
  redirectUri: string;
49
51
  scope?: string;
50
52
  logoutEndpoint?: string;
package/dist/index.d.ts CHANGED
@@ -24,6 +24,7 @@ interface StorageAdapter {
24
24
  interface AuthTransportRequest {
25
25
  method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
26
26
  headers?: Record<string, string>;
27
+ credentials?: RequestCredentials;
27
28
  query?: Record<string, string | undefined>;
28
29
  body?: unknown;
29
30
  timeoutMs?: number;
@@ -43,8 +44,9 @@ interface TransportInterceptor {
43
44
  }
44
45
  interface AuthConfig {
45
46
  clientId: string;
46
- authorizationEndpoint: string;
47
- tokenEndpoint: string;
47
+ baseUrl?: string;
48
+ authorizationEndpoint?: string;
49
+ tokenEndpoint?: string;
48
50
  redirectUri: string;
49
51
  scope?: string;
50
52
  logoutEndpoint?: string;
package/dist/index.js CHANGED
@@ -179,6 +179,7 @@ var FetchAuthTransport = class {
179
179
  const defaultContentType = typeof request.body === "string" ? "application/x-www-form-urlencoded" : "application/json";
180
180
  const res = await this.fetchFn(this.withQuery(url, request.query), {
181
181
  method: (_c = request.method) != null ? _c : "GET",
182
+ credentials: request.credentials,
182
183
  headers: {
183
184
  "Content-Type": defaultContentType,
184
185
  ...(_d = request.headers) != null ? _d : {}
@@ -432,6 +433,7 @@ var DefaultAuthClient = class {
432
433
  this.config.tokenEndpoint,
433
434
  {
434
435
  method: "POST",
436
+ credentials: "include",
435
437
  body: body.toString()
436
438
  }
437
439
  );
@@ -442,21 +444,16 @@ var DefaultAuthClient = class {
442
444
  async doRefresh() {
443
445
  var _a;
444
446
  const refreshToken = (_a = this.session) == null ? void 0 : _a.tokens.refreshToken;
445
- if (!refreshToken) {
446
- throw new AuthError(
447
- "REFRESH_FAILED" /* REFRESH_FAILED */,
448
- "No refresh token available"
449
- );
450
- }
451
447
  const body = new URLSearchParams({
452
448
  grant_type: "refresh_token",
453
- refresh_token: refreshToken,
454
449
  client_id: this.config.clientId
455
450
  });
451
+ if (refreshToken) body.set("refresh_token", refreshToken);
456
452
  const response = await this.transport.request(
457
453
  this.config.tokenEndpoint,
458
454
  {
459
455
  method: "POST",
456
+ credentials: "include",
460
457
  body: body.toString()
461
458
  }
462
459
  );
@@ -464,8 +461,14 @@ var DefaultAuthClient = class {
464
461
  return this.createSession(tokens);
465
462
  }
466
463
  async createSession(tokens) {
464
+ var _a, _b;
465
+ const previousRefreshToken = (_a = this.session) == null ? void 0 : _a.tokens.refreshToken;
466
+ const mergedTokens = {
467
+ ...tokens,
468
+ refreshToken: (_b = tokens.refreshToken) != null ? _b : previousRefreshToken
469
+ };
467
470
  this.session = {
468
- tokens,
471
+ tokens: mergedTokens,
469
472
  createdAt: this.now()
470
473
  };
471
474
  await safeSet(
@@ -498,23 +501,48 @@ var DefaultAuthClient = class {
498
501
  };
499
502
 
500
503
  // src/client/create-client.ts
501
- function createAuthClient(config) {
502
- if (!(config == null ? void 0 : config.clientId)) {
504
+ var DEFAULT_AUTH_BASE_URL = "https://ms-auth-v2.nuria.com.br";
505
+ var DEFAULT_AUTHORIZATION_PATH = "/v2/oauth/authorize";
506
+ var DEFAULT_TOKEN_PATH = "/v2/oauth/token";
507
+ var DEFAULT_SCOPE = "openid profile email";
508
+ function normalizeBaseUrl(value) {
509
+ const raw = String(value != null ? value : DEFAULT_AUTH_BASE_URL).trim();
510
+ if (!raw) {
503
511
  throw new AuthError(
504
512
  "INVALID_CONFIG" /* INVALID_CONFIG */,
505
- "config.clientId is required"
513
+ "config.baseUrl must be a valid absolute URL"
506
514
  );
507
515
  }
508
- if (!config.authorizationEndpoint) {
516
+ let parsed;
517
+ try {
518
+ parsed = new URL(raw);
519
+ } catch (e) {
509
520
  throw new AuthError(
510
521
  "INVALID_CONFIG" /* INVALID_CONFIG */,
511
- "config.authorizationEndpoint is required"
522
+ "config.baseUrl must be a valid absolute URL"
512
523
  );
513
524
  }
514
- if (!config.tokenEndpoint) {
525
+ return parsed.toString().replace(/\/+$/, "");
526
+ }
527
+ function resolveEndpoint(baseUrl, explicit, fallbackPath) {
528
+ if (explicit) {
529
+ try {
530
+ return new URL(explicit).toString();
531
+ } catch (e) {
532
+ throw new AuthError(
533
+ "INVALID_CONFIG" /* INVALID_CONFIG */,
534
+ "OAuth endpoints must be valid absolute URLs"
535
+ );
536
+ }
537
+ }
538
+ return new URL(fallbackPath, `${baseUrl}/`).toString();
539
+ }
540
+ function createAuthClient(config) {
541
+ var _a, _b;
542
+ if (!(config == null ? void 0 : config.clientId)) {
515
543
  throw new AuthError(
516
544
  "INVALID_CONFIG" /* INVALID_CONFIG */,
517
- "config.tokenEndpoint is required"
545
+ "config.clientId is required"
518
546
  );
519
547
  }
520
548
  if (!config.redirectUri) {
@@ -523,7 +551,24 @@ function createAuthClient(config) {
523
551
  "config.redirectUri is required"
524
552
  );
525
553
  }
526
- return new DefaultAuthClient(config);
554
+ const baseUrl = normalizeBaseUrl(config.baseUrl);
555
+ const resolvedConfig = {
556
+ ...config,
557
+ baseUrl,
558
+ scope: String((_a = config.scope) != null ? _a : "").trim() || DEFAULT_SCOPE,
559
+ enableRefreshToken: (_b = config.enableRefreshToken) != null ? _b : true,
560
+ authorizationEndpoint: resolveEndpoint(
561
+ baseUrl,
562
+ config.authorizationEndpoint,
563
+ DEFAULT_AUTHORIZATION_PATH
564
+ ),
565
+ tokenEndpoint: resolveEndpoint(
566
+ baseUrl,
567
+ config.tokenEndpoint,
568
+ DEFAULT_TOKEN_PATH
569
+ )
570
+ };
571
+ return new DefaultAuthClient(resolvedConfig);
527
572
  }
528
573
 
529
574
  // src/storage/web-storage-adapter.ts
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/errors/auth-error.ts","../src/core/pkce.ts","../src/core/utils.ts","../src/storage/memory-storage-adapter.ts","../src/transport/fetch-transport.ts","../src/client/nuria-auth-client.ts","../src/client/create-client.ts","../src/storage/web-storage-adapter.ts","../src/storage/cookie-storage-adapter.ts","../src/storage/browser-cookie-storage.ts"],"names":["AuthErrorCode"],"mappings":";AAAO,IAAK,aAAA,qBAAAA,cAAAA,KAAL;AACL,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,cAAA,CAAA,GAAe,cAAA;AACf,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,YAAA,CAAA,GAAa,YAAA;AAVH,EAAA,OAAAA,cAAAA;AAAA,CAAA,EAAA,aAAA,IAAA,EAAA;AAaL,IAAM,SAAA,GAAN,cAAwB,KAAA,CAAM;AAAA,EACnC,WAAA,CACkB,IAAA,EAChB,OAAA,EACgB,KAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAJG,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,WAAA;AAAA,EACd;AACF;;;ACtBA,IAAM,QAAA,GACJ,oEAAA;AAEF,SAAS,aAAA,GAAwB;AAC/B,EAAA,IAAI,OAAO,UAAA,KAAe,WAAA,IAAe,UAAA,CAAW,MAAA,EAAQ;AAC1D,IAAA,OAAO,UAAA,CAAW,MAAA;AAAA,EACpB;AACA,EAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAC9C;AAEO,SAAS,YAAA,CAAa,SAAS,EAAA,EAAY;AAChD,EAAA,MAAM,SAAS,aAAA,EAAc;AAG7B,EAAA,MAAM,SAAA,GAAY,GAAA,GAAO,GAAA,GAAM,QAAA,CAAS,MAAA;AACxC,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,OAAO,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC7B,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,IAAA,CAAK,MAAM,MAAA,GAAS,MAAA,CAAO,MAAA,IAAU,GAAG,CAAC,CAAA;AACtE,IAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,IAAA,KAAA,MAAW,KAAK,KAAA,EAAO;AACrB,MAAA,IAAI,MAAA,CAAO,UAAU,MAAA,EAAQ;AAC7B,MAAA,IAAI,CAAA,GAAI,WAAW,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA,GAAI,QAAA,CAAS,MAAM,CAAE,CAAA;AAAA,IAC/D;AAAA,EACF;AACA,EAAA,OAAO,MAAA,CAAO,KAAK,EAAE,CAAA;AACvB;AAEA,SAAS,YAAY,KAAA,EAAwC;AAC3D,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,CAAA,KAAM,MAAA,CAAO,YAAA,CAAa,CAAC,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAA;AACvE,EAAA,OAAO,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,EAAE,CAAA;AAC9E;AAEA,SAAS,gBAAgB,QAAA,EAA2C;AAClE,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,QAAA,CAAS,MAAM,CAAA;AAC5C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,QAAA,CAAS,QAAQ,CAAA,EAAA,EAAK;AACxC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,QAAA,CAAS,UAAA,CAAW,CAAC,CAAA;AAAA,EAClC;AACA,EAAA,OAAO,KAAA;AACT;AAEA,eAAsB,oBAAoB,QAAA,EAAmC;AAC3E,EAAA,MAAM,SAAS,aAAA,EAAc;AAC7B,EAAA,MAAM,MAAA,GAAS,gBAAgB,QAAQ,CAAA;AACvC,EAAA,MAAM,SAAS,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,WAAW,MAAM,CAAA;AAC3D,EAAA,OAAO,WAAA,CAAY,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAC3C;;;AC1CO,IAAM,YAAA,GAAe;AAAA,EAC1B,OAAA,EAAS,eAAA;AAAA,EACT,KAAA,EAAO,mBAAA;AAAA,EACP,YAAA,EAAc;AAChB,CAAA;AAEO,SAAS,iBAAA,CACd,KACA,GAAA,EACU;AAZZ,EAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAaE,EAAA,MAAM,WAAA,GAAA,CAAe,EAAA,GAAA,GAAA,CAAI,YAAA,KAAJ,IAAA,GAAA,EAAA,GAAoB,GAAA,CAAI,WAAA;AAC7C,EAAA,IAAI,CAAC,WAAA,IAAe,OAAO,WAAA,KAAgB,QAAA,EAAU;AACnD,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,uBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,MAAM,SAAA,GAAY,QAAO,EAAA,GAAA,CAAA,EAAA,GAAA,GAAA,CAAI,UAAA,KAAJ,YAAkB,GAAA,CAAI,SAAA,KAAtB,IAAA,GAAA,EAAA,GAAmC,CAAC,CAAA,IAAK,MAAA;AAClE,EAAA,OAAO;AAAA,IACL,WAAA;AAAA,IACA,SAAA,EAAA,CAAY,EAAA,GAAA,GAAA,CAAI,UAAA,KAAJ,IAAA,GAAA,EAAA,GAAkB,GAAA,CAAI,SAAA;AAAA,IAClC,SAAA;AAAA,IACA,YAAA,EAAA,CAAe,EAAA,GAAA,GAAA,CAAI,aAAA,KAAJ,IAAA,GAAA,EAAA,GAAqB,GAAA,CAAI,YAAA;AAAA,IACxC,OAAA,EAAA,CAAU,EAAA,GAAA,GAAA,CAAI,QAAA,KAAJ,IAAA,GAAA,EAAA,GAAgB,GAAA,CAAI,OAAA;AAAA,IAC9B,OAAO,GAAA,CAAI,KAAA;AAAA,IACX,SAAA,EAAW,SAAA,GAAY,GAAA,EAAI,GAAI,YAAY,GAAA,GAAO;AAAA,GACpD;AACF;AAEA,eAAsB,OAAA,CACpB,SACA,GAAA,EACwB;AACxB,EAAA,IAAI;AACF,IAAA,OAAO,MAAM,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,uBAAuB,GAAG,CAAA,CAAA;AAAA,MAC1B;AAAA,KACF;AAAA,EACF;AACF;AAEA,eAAsB,OAAA,CACpB,OAAA,EACA,GAAA,EACA,KAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,uBAAuB,GAAG,CAAA,CAAA;AAAA,MAC1B;AAAA,KACF;AAAA,EACF;AACF;AAEA,eAAsB,UAAA,CACpB,SACA,GAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,EAC1B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,wBAAwB,GAAG,CAAA,CAAA;AAAA,MAC3B;AAAA,KACF;AAAA,EACF;AACF;AAEO,SAAS,eAAA,CAAgB,GAAW,CAAA,EAAoB;AAC7D,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAClC,EAAA,IAAI,IAAA,GAAO,CAAA;AACX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,QAAQ,CAAA,EAAA,EAAK;AACjC,IAAA,IAAA,IAAQ,EAAE,UAAA,CAAW,CAAC,CAAA,GAAI,CAAA,CAAE,WAAW,CAAC,CAAA;AAAA,EAC1C;AACA,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB;AAEO,SAAS,SAAS,GAAA,EAAkB;AACzC,EAAA,IAAI;AACF,IAAA,OAAO,IAAI,IAAI,GAAG,CAAA;AAAA,EACpB,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,IAAA,MAAM,IAAI,iDAAwC,sBAAsB,CAAA;AAAA,EAC1E;AACF;;;AC3FO,IAAM,uBAAN,MAAqD;AAAA,EAArD,WAAA,GAAA;AACL,IAAA,IAAA,CAAQ,KAAA,uBAAY,GAAA,EAAoB;AAAA,EAAA;AAAA,EAExC,IAAI,GAAA,EAA4B;AALlC,IAAA,IAAA,EAAA;AAMI,IAAA,OAAA,CAAO,EAAA,GAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,MAAlB,IAAA,GAAA,EAAA,GAAuB,IAAA;AAAA,EAChC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC3B;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,EACvB;AACF;;;ACDA,IAAM,gBAAA,mBAAmB,IAAI,GAAA,CAAI,CAAC,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAG,CAAC,CAAA;AAE7D,IAAM,qBAAN,MAAkD;AAAA,EAMvD,WAAA,CAAY,OAAA,GAAiC,EAAC,EAAG;AAvBnD,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAwBI,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,KAAA;AAClC,IAAA,IAAA,CAAK,YAAY,OAAA,CAAQ,SAAA;AACzB,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,CAAA;AAClC,IAAA,IAAA,CAAK,YAAA,GAAA,CAAe,EAAA,GAAA,OAAA,CAAQ,YAAA,KAAR,IAAA,GAAA,EAAA,GAAwB,EAAC;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAA,CACJ,GAAA,EACA,GAAA,GAA4B,EAAC,EACM;AAjCvC,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAkCI,IAAA,IAAI,OAAA,GAAU,GAAA;AACd,IAAA,KAAA,MAAW,CAAA,IAAK,KAAK,YAAA,EAAc;AACjC,MAAA,IAAI,EAAE,SAAA,EAAW,OAAA,GAAU,MAAM,CAAA,CAAE,SAAA,CAAU,KAAK,OAAO,CAAA;AAAA,IAC3D;AAEA,IAAA,MAAM,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,IAAA,CAAK,OAAA;AACxC,IAAA,IAAI,OAAA,GAAU,CAAA;AACd,IAAA,OAAO,IAAA,EAAM;AACX,MAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,MAAA,MAAM,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,SAAA,KAAR,IAAA,GAAA,EAAA,GAAqB,IAAA,CAAK,SAAA;AAC1C,MAAA,MAAM,KAAA,GAAQ,UACV,UAAA,CAAW,MAAM,WAAW,KAAA,EAAM,EAAG,OAAO,CAAA,GAC5C,MAAA;AACJ,MAAA,IAAI;AACF,QAAA,MAAM,kBAAA,GACJ,OAAO,OAAA,CAAQ,IAAA,KAAS,WACpB,mCAAA,GACA,kBAAA;AACN,QAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,KAAK,SAAA,CAAU,GAAA,EAAK,OAAA,CAAQ,KAAK,CAAA,EAAG;AAAA,UACjE,MAAA,EAAA,CAAQ,EAAA,GAAA,OAAA,CAAQ,MAAA,KAAR,IAAA,GAAA,EAAA,GAAkB,KAAA;AAAA,UAC1B,OAAA,EAAS;AAAA,YACP,cAAA,EAAgB,kBAAA;AAAA,YAChB,GAAA,CAAI,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB;AAAC,WAC1B;AAAA,UACA,IAAA,EACE,OAAA,CAAQ,IAAA,KAAS,KAAA,CAAA,GACb,OAAO,OAAA,CAAQ,IAAA,KAAS,QAAA,GACtB,OAAA,CAAQ,IAAA,GACR,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA,GAC7B,KAAA,CAAA;AAAA,UACN,QAAQ,UAAA,CAAW;AAAA,SACpB,CAAA;AACD,QAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAa,GAAG,CAAA;AACxC,QAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,UAAA,IAAI,UAAU,OAAA,IAAW,gBAAA,CAAiB,GAAA,CAAI,GAAA,CAAI,MAAM,CAAA,EAAG;AACzD,YAAA,OAAA,IAAW,CAAA;AACX,YAAA;AAAA,UACF;AACA,UAAA,MAAM,IAAI,SAAA,CAAA,YAAA,mBAAoC,CAAA,KAAA,EAAQ,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,QACpE;AACA,QAAA,IAAI,GAAA,GAAgC;AAAA,UAClC,QAAQ,GAAA,CAAI,MAAA;AAAA,UACZ,IAAA;AAAA,UACA,SAAS,GAAA,CAAI;AAAA,SACf;AACA,QAAA,KAAA,MAAW,CAAA,IAAK,KAAK,YAAA,EAAc;AACjC,UAAA,IAAI,EAAE,UAAA,EAAY,GAAA,GAAM,MAAM,CAAA,CAAE,WAAW,GAAG,CAAA;AAAA,QAChD;AACA,QAAA,OAAO,GAAA;AAAA,MACT,SAAS,KAAA,EAAO;AACd,QAAA,IAAI,KAAA,YAAiB,WAAW,MAAM,KAAA;AACtC,QAAA,IAAI,UAAU,OAAA,EAAS;AACrB,UAAA,OAAA,IAAW,CAAA;AACX,UAAA;AAAA,QACF;AACA,QAAA,MAAM,IAAI,SAAA;AAAA,UAAA,eAAA;AAAA,UAER,wBAAA;AAAA,UACA;AAAA,SACF;AAAA,MACF,CAAA,SAAE;AACA,QAAA,IAAI,KAAA,eAAoB,KAAK,CAAA;AAAA,MAC/B;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,SAAA,CACN,KACA,KAAA,EACQ;AACR,IAAA,IAAI,CAAC,OAAO,OAAO,GAAA;AACnB,IAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,GAAG,CAAA;AAC1B,IAAA,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM;AACxC,MAAA,IAAI,MAAM,MAAA,EAAW,MAAA,CAAO,YAAA,CAAa,GAAA,CAAI,GAAG,CAAC,CAAA;AAAA,IACnD,CAAC,CAAA;AACD,IAAA,OAAO,OAAO,QAAA,EAAS;AAAA,EACzB;AAAA,EAEA,MAAc,UAAa,GAAA,EAA2B;AAhHxD,IAAA,IAAA,EAAA;AAiHI,IAAA,MAAM,eAAc,EAAA,GAAA,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,cAAc,MAA9B,IAAA,GAAA,EAAA,GAAmC,EAAA;AACvD,IAAA,IAAI,WAAA,CAAY,QAAA,CAAS,kBAAkB,CAAA,EAAG;AAC5C,MAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,IACzB;AACA,IAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,EACzB;AACF;;;ACjGO,IAAM,oBAAN,MAA8C;AAAA,EAQnD,YAA6B,MAAA,EAAoB;AAApB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAP7B,IAAA,IAAA,CAAQ,OAAA,GAA0B,IAAA;AAClC,IAAA,IAAA,CAAQ,cAAA,GAA0C,IAAA;AAClD,IAAA,IAAA,CAAiB,SAAA,uBAAgB,GAAA,EAAuC;AAzB1E,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AA+BI,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,MAAA,CAAO,OAAA,KAAP,IAAA,GAAA,EAAA,GAAkB,IAAI,oBAAA,EAAqB;AAC1D,IAAA,IAAA,CAAK,SAAA,GAAA,CAAY,EAAA,GAAA,MAAA,CAAO,SAAA,KAAP,IAAA,GAAA,EAAA,GAAoB,IAAI,kBAAA,EAAmB;AAC5D,IAAA,IAAA,CAAK,OAAM,EAAA,GAAA,MAAA,CAAO,GAAA,KAAP,IAAA,GAAA,EAAA,IAAe,MAAM,KAAK,GAAA,EAAI,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,UAAA,CAAW,OAAA,GAA6B,EAAC,EAAkB;AApCnE,IAAA,IAAA,EAAA,EAAA,EAAA;AAqCI,IAAA,MAAM,KAAA,GAAQ,aAAa,EAAE,CAAA;AAC7B,IAAA,MAAM,YAAA,GAAe,aAAa,EAAE,CAAA;AACpC,IAAA,MAAM,aAAA,GAAgB,MAAM,mBAAA,CAAoB,YAAY,CAAA;AAE5D,IAAA,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,KAAK,CAAA;AACrD,IAAA,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,cAAc,YAAY,CAAA;AAEnE,IAAA,MAAM,MAAA,GAAiC;AAAA,MACrC,aAAA,EAAe,MAAA;AAAA,MACf,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,MAC1B,KAAA;AAAA,MACA,cAAA,EAAgB,aAAA;AAAA,MAChB,qBAAA,EAAuB;AAAA,KACzB;AAEA,IAAA,MAAM,KAAA,GAAA,CAAQ,mBAAQ,MAAA,KAAR,IAAA,GAAA,MAAA,GAAA,EAAA,CAAgB,KAAK,GAAA,CAAA,KAArB,IAAA,GAAA,EAAA,GAA6B,KAAK,MAAA,CAAO,KAAA;AACvD,IAAA,IAAI,KAAA,SAAc,KAAA,GAAQ,KAAA;AAC1B,IAAA,IAAI,OAAA,CAAQ,SAAA,EAAW,MAAA,CAAO,UAAA,GAAa,OAAA,CAAQ,SAAA;AACnD,IAAA,IAAI,QAAQ,WAAA,EAAa;AACvB,MAAA,MAAM,QAAA,uBAAe,GAAA,CAAI;AAAA,QACvB,eAAA;AAAA,QACA,WAAA;AAAA,QACA,cAAA;AAAA,QACA,OAAA;AAAA,QACA,gBAAA;AAAA,QACA;AAAA,OACD,CAAA;AACD,MAAA,KAAA,MAAW,CAAC,GAAG,CAAC,CAAA,IAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxD,QAAA,IAAI,CAAC,QAAA,CAAS,GAAA,CAAI,CAAC,CAAA,EAAG,MAAA,CAAO,CAAC,CAAA,GAAI,CAAA;AAAA,MACpC;AAAA,IACF;AAEA,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,qBAAqB,CAAA;AACrD,IAAA,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,CAAA,EAAG,CAAC,CAAC,CAAA;AACrE,IAAA,MAAM,WAAA,GAAc,IAAI,QAAA,EAAS;AAEjC,IAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,WAAW,CAAA;AACxC,MAAA;AAAA,IACF;AACA,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,MAAA,MAAA,CAAO,QAAA,CAAS,OAAO,WAAW,CAAA;AAClC,MAAA;AAAA,IACF;AACA,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AAAA,EAEA,MAAM,uBAAuB,WAAA,EAAwC;AACnE,IAAA,MAAM,QACJ,WAAA,IAAA,IAAA,GAAA,WAAA,GACC,OAAO,WAAW,WAAA,GAAc,MAAA,CAAO,SAAS,IAAA,GAAO,EAAA;AAC1D,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,GAAA,GAAM,SAAS,KAAK,CAAA;AAC1B,IAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAC1C,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,mBAAmB,CAAA;AACrD,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER,OACI,CAAA,qBAAA,EAAwB,KAAK,WAAM,IAAI,CAAA,CAAA,GACvC,wBAAwB,KAAK,CAAA;AAAA,OACnC;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACxC,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,cAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAC1C,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,eAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,cAAc,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,KAAK,CAAA;AAClE,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,eAAA,CAAgB,WAAA,EAAa,KAAK,CAAA,EAAG;AACxD,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,KAAK,CAAA;AACjD,IAAA,OAAO,IAAA,CAAK,aAAa,IAAI,CAAA;AAAA,EAC/B;AAAA,EAEA,UAAA,GAA6B;AAC3B,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEA,MAAM,cAAA,GAAyC;AA/IjD,IAAA,IAAA,EAAA,EAAA,EAAA;AAgJI,IAAA,IAAI,CAAC,KAAK,OAAA,EAAS;AACjB,MAAA,MAAM,KAAK,cAAA,EAAe;AAAA,IAC5B;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,OAAA,EAAS,OAAO,IAAA;AAC1B,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,SAAA;AAChC,IAAA,IAAI,OAAO,GAAA,IAAO,IAAA,CAAK,KAAI,IAAK,IAAA,CAAK,OAAO,kBAAA,EAAoB;AAC9D,MAAA,IAAI,CAAC,KAAK,cAAA,EAAgB;AACxB,QAAA,IAAA,CAAK,cAAA,GAAiB,IAAA,CAAK,SAAA,EAAU,CAAE,QAAQ,MAAM;AACnD,UAAA,IAAA,CAAK,cAAA,GAAiB,IAAA;AAAA,QACxB,CAAC,CAAA;AAAA,MACH;AACA,MAAA,MAAM,IAAA,CAAK,cAAA;AAAA,IACb;AACA,IAAA,OAAA,CAAO,EAAA,GAAA,CAAA,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,gBAArB,IAAA,GAAA,EAAA,GAAoC,IAAA;AAAA,EAC7C;AAAA,EAEA,MAAM,OAAO,OAAA,EAAgD;AAC3D,IAAA,IAAI,mCAAS,QAAA,EAAU;AACrB,MAAA,MAAM,WAAW,OAAA,CAAQ,QAAA;AACzB,MAAA,IAAI,QAAA,CAAS,WAAW,IAAI,CAAA,IAAK,CAAC,cAAA,CAAe,IAAA,CAAK,QAAQ,CAAA,EAAG;AAC/D,QAAA,MAAM,IAAI,SAAA;AAAA,UAAA,gBAAA;AAAA,UAER;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,IAAA;AACf,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,KAAK,CAAA;AACjD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,YAAY,CAAA;AACxD,IAAA,IAAA,CAAK,MAAA,EAAO;AAEZ,IAAA,IAAI,IAAA,CAAK,OAAO,cAAA,EAAgB;AAC9B,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,cAAc,CAAA;AAC9C,MAAA,IAAI,mCAAS,QAAA,EAAU;AACrB,QAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,OAAA,CAAQ,QAAQ,CAAA;AAAA,MACnD;AACA,MAAA,MAAM,SAAA,GAAY,IAAI,QAAA,EAAS;AAC/B,MAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,QAAA,MAAM,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,SAAS,CAAA;AAAA,MACxC,CAAA,MAAA,IAAW,OAAO,MAAA,KAAW,WAAA,EAAa;AACxC,QAAA,MAAA,CAAO,QAAA,CAAS,OAAO,SAAS,CAAA;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,eAAA,GAA2B;AA/L7B,IAAA,IAAA,EAAA;AAgMI,IAAA,OAAO,OAAA,CAAA,CAAQ,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,OAAO,WAAW,CAAA;AAAA,EACjD;AAAA,EAEA,mBAAmB,OAAA,EAAwD;AACzE,IAAA,IAAA,CAAK,SAAA,CAAU,IAAI,OAAO,CAAA;AAC1B,IAAA,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,OAAO,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAA,GAAgD;AACpD,IAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,cAAA,EAAe;AAC9C,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,gBAAA,EAAkB;AACjC,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AACA,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,gBAAA;AAAA,MACZ,EAAE,OAAA,EAAS,EAAE,eAAe,CAAA,OAAA,EAAU,WAAW,IAAG;AAAE,KACxD;AACA,IAAA,OAAO,QAAA,CAAS,IAAA;AAAA,EAClB;AAAA,EAEA,MAAc,aAAa,IAAA,EAAgC;AACzD,IAAA,MAAM,WAAW,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,YAAY,CAAA;AACtE,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,uBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,oBAAA;AAAA,MACZ,IAAA;AAAA,MACA,aAAA,EAAe,QAAA;AAAA,MACf,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,MAC1B,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,KACxB,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,aAAA;AAAA,MACZ;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM,KAAK,QAAA;AAAS;AACtB,KACF;AACA,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,QAAA,CAAS,IAAA,EAAM,KAAK,GAAG,CAAA;AACxD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,YAAY,CAAA;AACxD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEA,MAAc,SAAA,GAA8B;AA1P9C,IAAA,IAAA,EAAA;AA2PI,IAAA,MAAM,YAAA,GAAA,CAAe,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,YAAA;AAC1C,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,eAAA;AAAA,MACZ,aAAA,EAAe,YAAA;AAAA,MACf,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,KACxB,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,aAAA;AAAA,MACZ;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM,KAAK,QAAA;AAAS;AACtB,KACF;AACA,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,QAAA,CAAS,IAAA,EAAM,KAAK,GAAG,CAAA;AACxD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEA,MAAc,cAAc,MAAA,EAAoC;AAC9D,IAAA,IAAA,CAAK,OAAA,GAAU;AAAA,MACb,MAAA;AAAA,MACA,SAAA,EAAW,KAAK,GAAA;AAAI,KACtB;AACA,IAAA,MAAM,OAAA;AAAA,MACJ,IAAA,CAAK,OAAA;AAAA,MACL,YAAA,CAAa,OAAA;AAAA,MACb,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,OAAO;AAAA,KAC7B;AACA,IAAA,IAAA,CAAK,MAAA,EAAO;AACZ,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEQ,MAAA,GAAe;AACrB,IAAA,IAAA,CAAK,UAAU,OAAA,CAAQ,CAAC,YAAY,OAAA,CAAQ,IAAA,CAAK,OAAO,CAAC,CAAA;AAAA,EAC3D;AAAA,EAEA,MAAc,cAAA,GAAgC;AAtShD,IAAA,IAAA,EAAA;AAuSI,IAAA,MAAM,MAAM,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,OAAO,CAAA;AAC5D,IAAA,IAAI,CAAC,GAAA,EAAK;AACV,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,GAAG,CAAA;AAC7B,MAAA,IAAI,QAAA,CAAO,EAAA,GAAA,MAAA,IAAA,IAAA,GAAA,KAAA,CAAA,GAAA,MAAA,CAAQ,MAAA,KAAR,IAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAgB,iBAAgB,QAAA,EAAU;AACnD,QAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,QAAA;AAAA,MACF;AACA,MAAA,IAAA,CAAK,OAAA,GAAU,MAAA;AAAA,IACjB,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,MAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,MAAA,IAAA,CAAK,OAAA,GAAU,IAAA;AAAA,IACjB;AAAA,EACF;AACF,CAAA;;;ACjTO,SAAS,iBAAiB,MAAA,EAAgC;AAC/D,EAAA,IAAI,EAAC,iCAAQ,QAAA,CAAA,EAAU;AACrB,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,qBAAA,EAAuB;AACjC,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,aAAA,EAAe;AACzB,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,WAAA,EAAa;AACvB,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,IAAI,kBAAkB,MAAM,CAAA;AACrC;;;AC5BO,IAAM,oBAAN,MAAkD;AAAA,EACvD,YACmB,OAAA,EAIjB;AAJiB,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAIhB;AAAA,EAEH,IAAI,GAAA,EAA4B;AAC9B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA;AAAA,EACjC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAAA,EACjC;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,GAAG,CAAA;AAAA,EAC7B;AACF;;;ACbO,IAAM,uBAAN,MAAqD;AAAA,EAC1D,YAA6B,SAAA,EAAmC;AAAnC,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EAAoC;AAAA,EAEjE,MAAM,IAAI,GAAA,EAAqC;AAC7C,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,SAAA,CAAU,GAAG,CAAA;AAAA,EACrC;AAAA,EAEA,MAAM,GAAA,CAAI,GAAA,EAAa,KAAA,EAA8B;AACnD,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,SAAA,CAAU,GAAA,EAAK,KAAK,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,OAAO,GAAA,EAA4B;AACvC,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,YAAA,CAAa,GAAG,CAAA;AAAA,EACvC;AACF;;;ACbA,IAAM,cAAA,GAAiB,CAAC,IAAA,KAAgC;AATxD,EAAA,IAAA,EAAA;AAUE,EAAA,IAAI,OAAO,QAAA,KAAa,WAAA,EAAa,OAAO,IAAA;AAC5C,EAAA,MAAM,SAAS,QAAA,CAAS,MAAA,CAAO,KAAA,CAAM,CAAA,SAAA,EAAY,IAAI,CAAA,gBAAA,CAAkB,CAAA;AACvE,EAAA,OAAO,MAAA,GAAA,CAAU,EAAA,GAAA,MAAA,CAAO,GAAA,EAAI,KAAX,YAAgB,IAAA,GAAQ,IAAA;AAC3C,CAAA;AAEO,SAAS,0BAAA,CACd,OAAA,GAAuC,EAAC,EACxB;AAChB,EAAA,MAAM,EAAE,QAAQ,IAAA,GAAO,GAAA,EAAK,WAAW,QAAA,EAAU,MAAA,GAAS,MAAK,GAAI,OAAA;AAEnE,EAAA,MAAM,GAAA,GAAM,CAAC,GAAA,KAA+B;AAC1C,IAAA,OAAO,eAAe,GAAG,CAAA;AAAA,EAC3B,CAAA;AAEA,EAAA,MAAM,GAAA,GAAM,CAAC,GAAA,EAAa,KAAA,KAAwB;AAChD,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,IAAI,MAAA,GAAS,CAAA,EAAG,GAAG,CAAA,CAAA,EAAI,KAAK,CAAA,CAAA;AAC5B,IAAA,IAAI,IAAA,EAAM,MAAA,IAAU,CAAA,OAAA,EAAU,IAAI,CAAA,CAAA;AAClC,IAAA,IAAI,MAAA,EAAQ,MAAA,IAAU,CAAA,SAAA,EAAY,MAAM,CAAA,CAAA;AACxC,IAAA,IAAI,QAAA,EAAU,MAAA,IAAU,CAAA,WAAA,EAAc,QAAQ,CAAA,CAAA;AAC9C,IAAA,IAAI,QAAQ,MAAA,IAAU,CAAA,QAAA,CAAA;AACtB,IAAA,QAAA,CAAS,MAAA,GAAS,MAAA;AAAA,EACpB,CAAA;AAEA,EAAA,MAAM,MAAA,GAAS,CAAC,GAAA,KAAsB;AACpC,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,IAAI,MAAA,GAAS,GAAG,GAAG,CAAA,wCAAA,CAAA;AACnB,IAAA,IAAI,IAAA,EAAM,MAAA,IAAU,CAAA,OAAA,EAAU,IAAI,CAAA,CAAA;AAClC,IAAA,IAAI,MAAA,EAAQ,MAAA,IAAU,CAAA,SAAA,EAAY,MAAM,CAAA,CAAA;AACxC,IAAA,QAAA,CAAS,MAAA,GAAS,MAAA;AAAA,EACpB,CAAA;AAEA,EAAA,OAAO,EAAE,GAAA,EAAK,GAAA,EAAK,MAAA,EAAO;AAC5B","file":"index.js","sourcesContent":["export enum AuthErrorCode {\n INVALID_CONFIG = 'INVALID_CONFIG',\n STATE_MISMATCH = 'STATE_MISMATCH',\n CALLBACK_ERROR = 'CALLBACK_ERROR',\n TOKEN_EXCHANGE_FAILED = 'TOKEN_EXCHANGE_FAILED',\n REFRESH_FAILED = 'REFRESH_FAILED',\n STORAGE_ERROR = 'STORAGE_ERROR',\n MISSING_CODE = 'MISSING_CODE',\n MISSING_STATE = 'MISSING_STATE',\n NETWORK_ERROR = 'NETWORK_ERROR',\n HTTP_ERROR = 'HTTP_ERROR',\n}\n\nexport class AuthError extends Error {\n constructor(\n public readonly code: AuthErrorCode,\n message: string,\n public readonly cause?: unknown,\n ) {\n super(message);\n this.name = 'AuthError';\n }\n}\n","const ALPHABET =\n 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';\n\nfunction getCryptoImpl(): Crypto {\n if (typeof globalThis !== 'undefined' && globalThis.crypto) {\n return globalThis.crypto;\n }\n throw new Error('Web Crypto API unavailable');\n}\n\nexport function randomString(length = 64): string {\n const crypto = getCryptoImpl();\n // Rejection sampling: discard bytes >= threshold to eliminate modulo bias.\n // ALPHABET.length = 66; threshold = 256 - (256 % 66) = 204\n const THRESHOLD = 256 - (256 % ALPHABET.length);\n const result: string[] = [];\n while (result.length < length) {\n const bytes = new Uint8Array(Math.ceil((length - result.length) * 1.4));\n crypto.getRandomValues(bytes);\n for (const b of bytes) {\n if (result.length >= length) break;\n if (b < THRESHOLD) result.push(ALPHABET[b % ALPHABET.length]!);\n }\n }\n return result.join('');\n}\n\nfunction toBase64Url(bytes: Uint8Array<ArrayBuffer>): string {\n const binary = Array.from(bytes, (b) => String.fromCharCode(b)).join('');\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=/g, '');\n}\n\nfunction verifierToBytes(verifier: string): Uint8Array<ArrayBuffer> {\n const bytes = new Uint8Array(verifier.length);\n for (let i = 0; i < verifier.length; i++) {\n bytes[i] = verifier.charCodeAt(i);\n }\n return bytes;\n}\n\nexport async function createCodeChallenge(verifier: string): Promise<string> {\n const crypto = getCryptoImpl();\n const buffer = verifierToBytes(verifier);\n const digest = await crypto.subtle.digest('SHA-256', buffer);\n return toBase64Url(new Uint8Array(digest));\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type { StorageAdapter, TokenSet } from './types';\n\nexport const STORAGE_KEYS = {\n session: 'nuria:session',\n state: 'nuria:oauth:state',\n codeVerifier: 'nuria:oauth:code_verifier',\n};\n\nexport function normalizeTokenSet(\n raw: Record<string, unknown>,\n now: () => number,\n): TokenSet {\n const accessToken = (raw.access_token ?? raw.accessToken) as string;\n if (!accessToken || typeof accessToken !== 'string') {\n throw new AuthError(\n AuthErrorCode.TOKEN_EXCHANGE_FAILED,\n 'Missing access token in token response',\n );\n }\n const expiresIn = Number(raw.expires_in ?? raw.expiresIn ?? 0) || undefined;\n return {\n accessToken,\n tokenType: (raw.token_type ?? raw.tokenType) as string | undefined,\n expiresIn,\n refreshToken: (raw.refresh_token ?? raw.refreshToken) as string | undefined,\n idToken: (raw.id_token ?? raw.idToken) as string | undefined,\n scope: raw.scope as string | undefined,\n expiresAt: expiresIn ? now() + expiresIn * 1000 : undefined,\n };\n}\n\nexport async function safeGet(\n storage: StorageAdapter,\n key: string,\n): Promise<string | null> {\n try {\n return await storage.get(key);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed reading key: ${key}`,\n cause,\n );\n }\n}\n\nexport async function safeSet(\n storage: StorageAdapter,\n key: string,\n value: string,\n): Promise<void> {\n try {\n await storage.set(key, value);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed writing key: ${key}`,\n cause,\n );\n }\n}\n\nexport async function safeRemove(\n storage: StorageAdapter,\n key: string,\n): Promise<void> {\n try {\n await storage.remove(key);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed removing key: ${key}`,\n cause,\n );\n }\n}\n\nexport function timingSafeEqual(a: string, b: string): boolean {\n if (a.length !== b.length) return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++) {\n diff |= a.charCodeAt(i) ^ b.charCodeAt(i);\n }\n return diff === 0;\n}\n\nexport function parseUrl(url: string): URL {\n try {\n return new URL(url);\n } catch {\n throw new AuthError(AuthErrorCode.CALLBACK_ERROR, 'Invalid callback URL');\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport class MemoryStorageAdapter implements StorageAdapter {\n private store = new Map<string, string>();\n\n get(key: string): string | null {\n return this.store.get(key) ?? null;\n }\n\n set(key: string, value: string): void {\n this.store.set(key, value);\n }\n\n remove(key: string): void {\n this.store.delete(key);\n }\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type {\n AuthTransport,\n AuthTransportRequest,\n AuthTransportResponse,\n TransportInterceptor,\n} from '../core/types';\n\nexport interface FetchTransportOptions {\n fetchFn?: typeof fetch;\n timeoutMs?: number;\n retries?: number;\n interceptors?: TransportInterceptor[];\n}\n\nconst RETRYABLE_STATUS = new Set([408, 425, 429, 500, 502, 503, 504]);\n\nexport class FetchAuthTransport implements AuthTransport {\n private readonly fetchFn: typeof fetch;\n private readonly timeoutMs?: number;\n private readonly retries: number;\n private readonly interceptors: TransportInterceptor[];\n\n constructor(options: FetchTransportOptions = {}) {\n this.fetchFn = options.fetchFn ?? fetch;\n this.timeoutMs = options.timeoutMs;\n this.retries = options.retries ?? 0;\n this.interceptors = options.interceptors ?? [];\n }\n\n async request<T = unknown>(\n url: string,\n req: AuthTransportRequest = {},\n ): Promise<AuthTransportResponse<T>> {\n let request = req;\n for (const i of this.interceptors) {\n if (i.onRequest) request = await i.onRequest(url, request);\n }\n\n const retries = request.retries ?? this.retries;\n let attempt = 0;\n while (true) {\n const controller = new AbortController();\n const timeout = request.timeoutMs ?? this.timeoutMs;\n const timer = timeout\n ? setTimeout(() => controller.abort(), timeout)\n : undefined;\n try {\n const defaultContentType =\n typeof request.body === 'string'\n ? 'application/x-www-form-urlencoded'\n : 'application/json';\n const res = await this.fetchFn(this.withQuery(url, request.query), {\n method: request.method ?? 'GET',\n headers: {\n 'Content-Type': defaultContentType,\n ...(request.headers ?? {}),\n },\n body:\n request.body !== undefined\n ? typeof request.body === 'string'\n ? request.body\n : JSON.stringify(request.body)\n : undefined,\n signal: controller.signal,\n });\n const data = await this.parseBody<T>(res);\n if (!res.ok) {\n if (attempt < retries && RETRYABLE_STATUS.has(res.status)) {\n attempt += 1;\n continue;\n }\n throw new AuthError(AuthErrorCode.HTTP_ERROR, `HTTP ${res.status}`);\n }\n let out: AuthTransportResponse<T> = {\n status: res.status,\n data,\n headers: res.headers,\n };\n for (const i of this.interceptors) {\n if (i.onResponse) out = await i.onResponse(out);\n }\n return out;\n } catch (cause) {\n if (cause instanceof AuthError) throw cause;\n if (attempt < retries) {\n attempt += 1;\n continue;\n }\n throw new AuthError(\n AuthErrorCode.NETWORK_ERROR,\n 'Network request failed',\n cause,\n );\n } finally {\n if (timer) clearTimeout(timer);\n }\n }\n }\n\n private withQuery(\n url: string,\n query?: Record<string, string | undefined>,\n ): string {\n if (!query) return url;\n const parsed = new URL(url);\n Object.entries(query).forEach(([k, v]) => {\n if (v !== undefined) parsed.searchParams.set(k, v);\n });\n return parsed.toString();\n }\n\n private async parseBody<T>(res: Response): Promise<T> {\n const contentType = res.headers.get('content-type') ?? '';\n if (contentType.includes('application/json')) {\n return (await res.json()) as T;\n }\n return (await res.text()) as unknown as T;\n }\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport { createCodeChallenge, randomString } from '../core/pkce';\nimport {\n normalizeTokenSet,\n parseUrl,\n safeGet,\n safeRemove,\n safeSet,\n timingSafeEqual,\n STORAGE_KEYS,\n} from '../core/utils';\nimport type {\n AuthClient,\n AuthConfig,\n Session,\n StartLoginOptions,\n TokenSet,\n AuthTransport,\n} from '../core/types';\nimport { MemoryStorageAdapter } from '../storage/memory-storage-adapter';\nimport { FetchAuthTransport } from '../transport/fetch-transport';\n\nexport class DefaultAuthClient implements AuthClient {\n private session: Session | null = null;\n private refreshPromise: Promise<Session> | null = null;\n private readonly listeners = new Set<(session: Session | null) => void>();\n private readonly storage;\n private readonly transport: AuthTransport;\n private readonly now: () => number;\n\n constructor(private readonly config: AuthConfig) {\n this.storage = config.storage ?? new MemoryStorageAdapter();\n this.transport = config.transport ?? new FetchAuthTransport();\n this.now = config.now ?? (() => Date.now());\n }\n\n async startLogin(options: StartLoginOptions = {}): Promise<void> {\n const state = randomString(32);\n const codeVerifier = randomString(96);\n const codeChallenge = await createCodeChallenge(codeVerifier);\n\n await safeSet(this.storage, STORAGE_KEYS.state, state);\n await safeSet(this.storage, STORAGE_KEYS.codeVerifier, codeVerifier);\n\n const params: Record<string, string> = {\n response_type: 'code',\n client_id: this.config.clientId,\n redirect_uri: this.config.redirectUri,\n state,\n code_challenge: codeChallenge,\n code_challenge_method: 'S256',\n };\n\n const scope = options.scopes?.join(' ') ?? this.config.scope;\n if (scope) params.scope = scope;\n if (options.loginHint) params.login_hint = options.loginHint;\n if (options.extraParams) {\n const RESERVED = new Set([\n 'response_type',\n 'client_id',\n 'redirect_uri',\n 'state',\n 'code_challenge',\n 'code_challenge_method',\n ]);\n for (const [k, v] of Object.entries(options.extraParams)) {\n if (!RESERVED.has(k)) params[k] = v;\n }\n }\n\n const url = new URL(this.config.authorizationEndpoint);\n Object.entries(params).forEach(([k, v]) => url.searchParams.set(k, v));\n const redirectUrl = url.toString();\n\n if (this.config.onRedirect) {\n await this.config.onRedirect(redirectUrl);\n return;\n }\n if (typeof window !== 'undefined') {\n window.location.assign(redirectUrl);\n return;\n }\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'Missing onRedirect callback for non-browser runtime',\n );\n }\n\n async handleRedirectCallback(callbackUrl?: string): Promise<Session> {\n const input =\n callbackUrl ??\n (typeof window !== 'undefined' ? window.location.href : '');\n if (!input) {\n throw new AuthError(\n AuthErrorCode.CALLBACK_ERROR,\n 'callbackUrl required in non-browser runtime',\n );\n }\n\n const url = parseUrl(input);\n const error = url.searchParams.get('error');\n if (error) {\n const desc = url.searchParams.get('error_description');\n throw new AuthError(\n AuthErrorCode.CALLBACK_ERROR,\n desc\n ? `Authorization error: ${error} — ${desc}`\n : `Authorization error: ${error}`,\n );\n }\n\n const code = url.searchParams.get('code');\n if (!code) {\n throw new AuthError(\n AuthErrorCode.MISSING_CODE,\n 'Missing code in callback',\n );\n }\n\n const state = url.searchParams.get('state');\n if (!state) {\n throw new AuthError(\n AuthErrorCode.MISSING_STATE,\n 'Missing state in callback',\n );\n }\n\n const storedState = await safeGet(this.storage, STORAGE_KEYS.state);\n if (!storedState || !timingSafeEqual(storedState, state)) {\n throw new AuthError(\n AuthErrorCode.STATE_MISMATCH,\n 'State validation failed',\n );\n }\n\n await safeRemove(this.storage, STORAGE_KEYS.state);\n return this.exchangeCode(code);\n }\n\n getSession(): Session | null {\n return this.session;\n }\n\n async getAccessToken(): Promise<string | null> {\n if (!this.session) {\n await this.hydrateSession();\n }\n if (!this.session) return null;\n const exp = this.session.tokens.expiresAt;\n if (exp && exp <= this.now() && this.config.enableRefreshToken) {\n if (!this.refreshPromise) {\n this.refreshPromise = this.doRefresh().finally(() => {\n this.refreshPromise = null;\n });\n }\n await this.refreshPromise;\n }\n return this.session?.tokens.accessToken ?? null;\n }\n\n async logout(options?: { returnTo?: string }): Promise<void> {\n if (options?.returnTo) {\n const returnTo = options.returnTo;\n if (returnTo.startsWith('//') || !/^https?:\\/\\//.test(returnTo)) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'returnTo must be an absolute https:// or http:// URL',\n );\n }\n }\n\n this.session = null;\n await safeRemove(this.storage, STORAGE_KEYS.session);\n await safeRemove(this.storage, STORAGE_KEYS.state);\n await safeRemove(this.storage, STORAGE_KEYS.codeVerifier);\n this.notify();\n\n if (this.config.logoutEndpoint) {\n const url = new URL(this.config.logoutEndpoint);\n if (options?.returnTo) {\n url.searchParams.set('returnTo', options.returnTo);\n }\n const logoutUrl = url.toString();\n if (this.config.onRedirect) {\n await this.config.onRedirect(logoutUrl);\n } else if (typeof window !== 'undefined') {\n window.location.assign(logoutUrl);\n }\n }\n }\n\n isAuthenticated(): boolean {\n return Boolean(this.session?.tokens.accessToken);\n }\n\n onAuthStateChanged(handler: (session: Session | null) => void): () => void {\n this.listeners.add(handler);\n return () => this.listeners.delete(handler);\n }\n\n async getUserinfo(): Promise<Record<string, unknown>> {\n const accessToken = await this.getAccessToken();\n if (!accessToken) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'Not authenticated — call handleRedirectCallback first',\n );\n }\n if (!this.config.userinfoEndpoint) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.userinfoEndpoint is required for getUserinfo',\n );\n }\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.userinfoEndpoint,\n { headers: { Authorization: `Bearer ${accessToken}` } },\n );\n return response.data;\n }\n\n private async exchangeCode(code: string): Promise<Session> {\n const verifier = await safeGet(this.storage, STORAGE_KEYS.codeVerifier);\n if (!verifier) {\n throw new AuthError(\n AuthErrorCode.TOKEN_EXCHANGE_FAILED,\n 'Missing PKCE code_verifier in storage',\n );\n }\n\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n code_verifier: verifier,\n redirect_uri: this.config.redirectUri,\n client_id: this.config.clientId,\n });\n\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.tokenEndpoint,\n {\n method: 'POST',\n body: body.toString(),\n },\n );\n const tokens = normalizeTokenSet(response.data, this.now);\n await safeRemove(this.storage, STORAGE_KEYS.codeVerifier);\n return this.createSession(tokens);\n }\n\n private async doRefresh(): Promise<Session> {\n const refreshToken = this.session?.tokens.refreshToken;\n if (!refreshToken) {\n throw new AuthError(\n AuthErrorCode.REFRESH_FAILED,\n 'No refresh token available',\n );\n }\n\n const body = new URLSearchParams({\n grant_type: 'refresh_token',\n refresh_token: refreshToken,\n client_id: this.config.clientId,\n });\n\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.tokenEndpoint,\n {\n method: 'POST',\n body: body.toString(),\n },\n );\n const tokens = normalizeTokenSet(response.data, this.now);\n return this.createSession(tokens);\n }\n\n private async createSession(tokens: TokenSet): Promise<Session> {\n this.session = {\n tokens,\n createdAt: this.now(),\n };\n await safeSet(\n this.storage,\n STORAGE_KEYS.session,\n JSON.stringify(this.session),\n );\n this.notify();\n return this.session;\n }\n\n private notify(): void {\n this.listeners.forEach((handler) => handler(this.session));\n }\n\n private async hydrateSession(): Promise<void> {\n const raw = await safeGet(this.storage, STORAGE_KEYS.session);\n if (!raw) return;\n try {\n const parsed = JSON.parse(raw) as Session;\n if (typeof parsed?.tokens?.accessToken !== 'string') {\n await safeRemove(this.storage, STORAGE_KEYS.session);\n return;\n }\n this.session = parsed;\n } catch {\n await safeRemove(this.storage, STORAGE_KEYS.session);\n this.session = null;\n }\n }\n}\n","import { DefaultAuthClient } from './nuria-auth-client';\nimport { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type { AuthClient, AuthConfig } from '../core/types';\n\nexport function createAuthClient(config: AuthConfig): AuthClient {\n if (!config?.clientId) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.clientId is required',\n );\n }\n if (!config.authorizationEndpoint) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.authorizationEndpoint is required',\n );\n }\n if (!config.tokenEndpoint) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.tokenEndpoint is required',\n );\n }\n if (!config.redirectUri) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.redirectUri is required',\n );\n }\n return new DefaultAuthClient(config);\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport class WebStorageAdapter implements StorageAdapter {\n constructor(\n private readonly storage: Pick<\n Storage,\n 'getItem' | 'setItem' | 'removeItem'\n >,\n ) {}\n\n get(key: string): string | null {\n return this.storage.getItem(key);\n }\n\n set(key: string, value: string): void {\n this.storage.setItem(key, value);\n }\n\n remove(key: string): void {\n this.storage.removeItem(key);\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport interface CookieStorageCallbacks {\n getCookie(name: string): string | null | Promise<string | null>;\n setCookie(name: string, value: string): void | Promise<void>;\n removeCookie(name: string): void | Promise<void>;\n}\n\nexport class CookieStorageAdapter implements StorageAdapter {\n constructor(private readonly callbacks: CookieStorageCallbacks) {}\n\n async get(key: string): Promise<string | null> {\n return this.callbacks.getCookie(key);\n }\n\n async set(key: string, value: string): Promise<void> {\n await this.callbacks.setCookie(key, value);\n }\n\n async remove(key: string): Promise<void> {\n await this.callbacks.removeCookie(key);\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport interface BrowserCookieStorageOptions {\n domain?: string;\n path?: string;\n sameSite?: 'strict' | 'lax' | 'none';\n secure?: boolean;\n}\n\nconst getCookieValue = (name: string): string | null => {\n if (typeof document === 'undefined') return null;\n const result = document.cookie.match(`(^|;)\\\\s*${name}\\\\s*=\\\\s*([^;]+)`);\n return result ? (result.pop() ?? null) : null;\n};\n\nexport function createBrowserCookieStorage(\n options: BrowserCookieStorageOptions = {},\n): StorageAdapter {\n const { domain, path = '/', sameSite = 'strict', secure = true } = options;\n\n const get = (key: string): string | null => {\n return getCookieValue(key);\n };\n\n const set = (key: string, value: string): void => {\n if (typeof document === 'undefined') return;\n let cookie = `${key}=${value}`;\n if (path) cookie += `; path=${path}`;\n if (domain) cookie += `; domain=${domain}`;\n if (sameSite) cookie += `; samesite=${sameSite}`;\n if (secure) cookie += `; secure`;\n document.cookie = cookie;\n };\n\n const remove = (key: string): void => {\n if (typeof document === 'undefined') return;\n let cookie = `${key}=; expires=Thu, 01 Jan 1970 00:00:00 GMT`;\n if (path) cookie += `; path=${path}`;\n if (domain) cookie += `; domain=${domain}`;\n document.cookie = cookie;\n };\n\n return { get, set, remove };\n}\n"]}
1
+ {"version":3,"sources":["../src/errors/auth-error.ts","../src/core/pkce.ts","../src/core/utils.ts","../src/storage/memory-storage-adapter.ts","../src/transport/fetch-transport.ts","../src/client/nuria-auth-client.ts","../src/client/create-client.ts","../src/storage/web-storage-adapter.ts","../src/storage/cookie-storage-adapter.ts","../src/storage/browser-cookie-storage.ts"],"names":["AuthErrorCode"],"mappings":";AAAO,IAAK,aAAA,qBAAAA,cAAAA,KAAL;AACL,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,cAAA,CAAA,GAAe,cAAA;AACf,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,YAAA,CAAA,GAAa,YAAA;AAVH,EAAA,OAAAA,cAAAA;AAAA,CAAA,EAAA,aAAA,IAAA,EAAA;AAaL,IAAM,SAAA,GAAN,cAAwB,KAAA,CAAM;AAAA,EACnC,WAAA,CACkB,IAAA,EAChB,OAAA,EACgB,KAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAJG,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,WAAA;AAAA,EACd;AACF;;;ACtBA,IAAM,QAAA,GACJ,oEAAA;AAEF,SAAS,aAAA,GAAwB;AAC/B,EAAA,IAAI,OAAO,UAAA,KAAe,WAAA,IAAe,UAAA,CAAW,MAAA,EAAQ;AAC1D,IAAA,OAAO,UAAA,CAAW,MAAA;AAAA,EACpB;AACA,EAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAC9C;AAEO,SAAS,YAAA,CAAa,SAAS,EAAA,EAAY;AAChD,EAAA,MAAM,SAAS,aAAA,EAAc;AAG7B,EAAA,MAAM,SAAA,GAAY,GAAA,GAAO,GAAA,GAAM,QAAA,CAAS,MAAA;AACxC,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,OAAO,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC7B,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,IAAA,CAAK,MAAM,MAAA,GAAS,MAAA,CAAO,MAAA,IAAU,GAAG,CAAC,CAAA;AACtE,IAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,IAAA,KAAA,MAAW,KAAK,KAAA,EAAO;AACrB,MAAA,IAAI,MAAA,CAAO,UAAU,MAAA,EAAQ;AAC7B,MAAA,IAAI,CAAA,GAAI,WAAW,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA,GAAI,QAAA,CAAS,MAAM,CAAE,CAAA;AAAA,IAC/D;AAAA,EACF;AACA,EAAA,OAAO,MAAA,CAAO,KAAK,EAAE,CAAA;AACvB;AAEA,SAAS,YAAY,KAAA,EAAwC;AAC3D,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,CAAA,KAAM,MAAA,CAAO,YAAA,CAAa,CAAC,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAA;AACvE,EAAA,OAAO,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,EAAE,CAAA;AAC9E;AAEA,SAAS,gBAAgB,QAAA,EAA2C;AAClE,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,QAAA,CAAS,MAAM,CAAA;AAC5C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,QAAA,CAAS,QAAQ,CAAA,EAAA,EAAK;AACxC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,QAAA,CAAS,UAAA,CAAW,CAAC,CAAA;AAAA,EAClC;AACA,EAAA,OAAO,KAAA;AACT;AAEA,eAAsB,oBAAoB,QAAA,EAAmC;AAC3E,EAAA,MAAM,SAAS,aAAA,EAAc;AAC7B,EAAA,MAAM,MAAA,GAAS,gBAAgB,QAAQ,CAAA;AACvC,EAAA,MAAM,SAAS,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,WAAW,MAAM,CAAA;AAC3D,EAAA,OAAO,WAAA,CAAY,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAC3C;;;AC1CO,IAAM,YAAA,GAAe;AAAA,EAC1B,OAAA,EAAS,eAAA;AAAA,EACT,KAAA,EAAO,mBAAA;AAAA,EACP,YAAA,EAAc;AAChB,CAAA;AAEO,SAAS,iBAAA,CACd,KACA,GAAA,EACU;AAZZ,EAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAaE,EAAA,MAAM,WAAA,GAAA,CAAe,EAAA,GAAA,GAAA,CAAI,YAAA,KAAJ,IAAA,GAAA,EAAA,GAAoB,GAAA,CAAI,WAAA;AAC7C,EAAA,IAAI,CAAC,WAAA,IAAe,OAAO,WAAA,KAAgB,QAAA,EAAU;AACnD,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,uBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,MAAM,SAAA,GAAY,QAAO,EAAA,GAAA,CAAA,EAAA,GAAA,GAAA,CAAI,UAAA,KAAJ,YAAkB,GAAA,CAAI,SAAA,KAAtB,IAAA,GAAA,EAAA,GAAmC,CAAC,CAAA,IAAK,MAAA;AAClE,EAAA,OAAO;AAAA,IACL,WAAA;AAAA,IACA,SAAA,EAAA,CAAY,EAAA,GAAA,GAAA,CAAI,UAAA,KAAJ,IAAA,GAAA,EAAA,GAAkB,GAAA,CAAI,SAAA;AAAA,IAClC,SAAA;AAAA,IACA,YAAA,EAAA,CAAe,EAAA,GAAA,GAAA,CAAI,aAAA,KAAJ,IAAA,GAAA,EAAA,GAAqB,GAAA,CAAI,YAAA;AAAA,IACxC,OAAA,EAAA,CAAU,EAAA,GAAA,GAAA,CAAI,QAAA,KAAJ,IAAA,GAAA,EAAA,GAAgB,GAAA,CAAI,OAAA;AAAA,IAC9B,OAAO,GAAA,CAAI,KAAA;AAAA,IACX,SAAA,EAAW,SAAA,GAAY,GAAA,EAAI,GAAI,YAAY,GAAA,GAAO;AAAA,GACpD;AACF;AAEA,eAAsB,OAAA,CACpB,SACA,GAAA,EACwB;AACxB,EAAA,IAAI;AACF,IAAA,OAAO,MAAM,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,uBAAuB,GAAG,CAAA,CAAA;AAAA,MAC1B;AAAA,KACF;AAAA,EACF;AACF;AAEA,eAAsB,OAAA,CACpB,OAAA,EACA,GAAA,EACA,KAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,uBAAuB,GAAG,CAAA,CAAA;AAAA,MAC1B;AAAA,KACF;AAAA,EACF;AACF;AAEA,eAAsB,UAAA,CACpB,SACA,GAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,EAC1B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,wBAAwB,GAAG,CAAA,CAAA;AAAA,MAC3B;AAAA,KACF;AAAA,EACF;AACF;AAEO,SAAS,eAAA,CAAgB,GAAW,CAAA,EAAoB;AAC7D,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAClC,EAAA,IAAI,IAAA,GAAO,CAAA;AACX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,QAAQ,CAAA,EAAA,EAAK;AACjC,IAAA,IAAA,IAAQ,EAAE,UAAA,CAAW,CAAC,CAAA,GAAI,CAAA,CAAE,WAAW,CAAC,CAAA;AAAA,EAC1C;AACA,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB;AAEO,SAAS,SAAS,GAAA,EAAkB;AACzC,EAAA,IAAI;AACF,IAAA,OAAO,IAAI,IAAI,GAAG,CAAA;AAAA,EACpB,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,IAAA,MAAM,IAAI,iDAAwC,sBAAsB,CAAA;AAAA,EAC1E;AACF;;;AC3FO,IAAM,uBAAN,MAAqD;AAAA,EAArD,WAAA,GAAA;AACL,IAAA,IAAA,CAAQ,KAAA,uBAAY,GAAA,EAAoB;AAAA,EAAA;AAAA,EAExC,IAAI,GAAA,EAA4B;AALlC,IAAA,IAAA,EAAA;AAMI,IAAA,OAAA,CAAO,EAAA,GAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,MAAlB,IAAA,GAAA,EAAA,GAAuB,IAAA;AAAA,EAChC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC3B;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,EACvB;AACF;;;ACDA,IAAM,gBAAA,mBAAmB,IAAI,GAAA,CAAI,CAAC,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAG,CAAC,CAAA;AAE7D,IAAM,qBAAN,MAAkD;AAAA,EAMvD,WAAA,CAAY,OAAA,GAAiC,EAAC,EAAG;AAvBnD,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAwBI,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,KAAA;AAClC,IAAA,IAAA,CAAK,YAAY,OAAA,CAAQ,SAAA;AACzB,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,CAAA;AAClC,IAAA,IAAA,CAAK,YAAA,GAAA,CAAe,EAAA,GAAA,OAAA,CAAQ,YAAA,KAAR,IAAA,GAAA,EAAA,GAAwB,EAAC;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAA,CACJ,GAAA,EACA,GAAA,GAA4B,EAAC,EACM;AAjCvC,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAkCI,IAAA,IAAI,OAAA,GAAU,GAAA;AACd,IAAA,KAAA,MAAW,CAAA,IAAK,KAAK,YAAA,EAAc;AACjC,MAAA,IAAI,EAAE,SAAA,EAAW,OAAA,GAAU,MAAM,CAAA,CAAE,SAAA,CAAU,KAAK,OAAO,CAAA;AAAA,IAC3D;AAEA,IAAA,MAAM,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,IAAA,CAAK,OAAA;AACxC,IAAA,IAAI,OAAA,GAAU,CAAA;AACd,IAAA,OAAO,IAAA,EAAM;AACX,MAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,MAAA,MAAM,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,SAAA,KAAR,IAAA,GAAA,EAAA,GAAqB,IAAA,CAAK,SAAA;AAC1C,MAAA,MAAM,KAAA,GAAQ,UACV,UAAA,CAAW,MAAM,WAAW,KAAA,EAAM,EAAG,OAAO,CAAA,GAC5C,MAAA;AACJ,MAAA,IAAI;AACF,QAAA,MAAM,kBAAA,GACJ,OAAO,OAAA,CAAQ,IAAA,KAAS,WACpB,mCAAA,GACA,kBAAA;AACN,QAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,KAAK,SAAA,CAAU,GAAA,EAAK,OAAA,CAAQ,KAAK,CAAA,EAAG;AAAA,UACjE,MAAA,EAAA,CAAQ,EAAA,GAAA,OAAA,CAAQ,MAAA,KAAR,IAAA,GAAA,EAAA,GAAkB,KAAA;AAAA,UAC1B,aAAa,OAAA,CAAQ,WAAA;AAAA,UACrB,OAAA,EAAS;AAAA,YACP,cAAA,EAAgB,kBAAA;AAAA,YAChB,GAAA,CAAI,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB;AAAC,WAC1B;AAAA,UACA,IAAA,EACE,OAAA,CAAQ,IAAA,KAAS,KAAA,CAAA,GACb,OAAO,OAAA,CAAQ,IAAA,KAAS,QAAA,GACtB,OAAA,CAAQ,IAAA,GACR,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA,GAC7B,KAAA,CAAA;AAAA,UACN,QAAQ,UAAA,CAAW;AAAA,SACpB,CAAA;AACD,QAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAa,GAAG,CAAA;AACxC,QAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,UAAA,IAAI,UAAU,OAAA,IAAW,gBAAA,CAAiB,GAAA,CAAI,GAAA,CAAI,MAAM,CAAA,EAAG;AACzD,YAAA,OAAA,IAAW,CAAA;AACX,YAAA;AAAA,UACF;AACA,UAAA,MAAM,IAAI,SAAA,CAAA,YAAA,mBAAoC,CAAA,KAAA,EAAQ,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,QACpE;AACA,QAAA,IAAI,GAAA,GAAgC;AAAA,UAClC,QAAQ,GAAA,CAAI,MAAA;AAAA,UACZ,IAAA;AAAA,UACA,SAAS,GAAA,CAAI;AAAA,SACf;AACA,QAAA,KAAA,MAAW,CAAA,IAAK,KAAK,YAAA,EAAc;AACjC,UAAA,IAAI,EAAE,UAAA,EAAY,GAAA,GAAM,MAAM,CAAA,CAAE,WAAW,GAAG,CAAA;AAAA,QAChD;AACA,QAAA,OAAO,GAAA;AAAA,MACT,SAAS,KAAA,EAAO;AACd,QAAA,IAAI,KAAA,YAAiB,WAAW,MAAM,KAAA;AACtC,QAAA,IAAI,UAAU,OAAA,EAAS;AACrB,UAAA,OAAA,IAAW,CAAA;AACX,UAAA;AAAA,QACF;AACA,QAAA,MAAM,IAAI,SAAA;AAAA,UAAA,eAAA;AAAA,UAER,wBAAA;AAAA,UACA;AAAA,SACF;AAAA,MACF,CAAA,SAAE;AACA,QAAA,IAAI,KAAA,eAAoB,KAAK,CAAA;AAAA,MAC/B;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,SAAA,CACN,KACA,KAAA,EACQ;AACR,IAAA,IAAI,CAAC,OAAO,OAAO,GAAA;AACnB,IAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,GAAG,CAAA;AAC1B,IAAA,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM;AACxC,MAAA,IAAI,MAAM,MAAA,EAAW,MAAA,CAAO,YAAA,CAAa,GAAA,CAAI,GAAG,CAAC,CAAA;AAAA,IACnD,CAAC,CAAA;AACD,IAAA,OAAO,OAAO,QAAA,EAAS;AAAA,EACzB;AAAA,EAEA,MAAc,UAAa,GAAA,EAA2B;AAjHxD,IAAA,IAAA,EAAA;AAkHI,IAAA,MAAM,eAAc,EAAA,GAAA,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,cAAc,MAA9B,IAAA,GAAA,EAAA,GAAmC,EAAA;AACvD,IAAA,IAAI,WAAA,CAAY,QAAA,CAAS,kBAAkB,CAAA,EAAG;AAC5C,MAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,IACzB;AACA,IAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,EACzB;AACF;;;AClGO,IAAM,oBAAN,MAA8C;AAAA,EAQnD,YAA6B,MAAA,EAA4B;AAA5B,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAP7B,IAAA,IAAA,CAAQ,OAAA,GAA0B,IAAA;AAClC,IAAA,IAAA,CAAQ,cAAA,GAA0C,IAAA;AAClD,IAAA,IAAA,CAAiB,SAAA,uBAAgB,GAAA,EAAuC;AAzB1E,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AA+BI,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,MAAA,CAAO,OAAA,KAAP,IAAA,GAAA,EAAA,GAAkB,IAAI,oBAAA,EAAqB;AAC1D,IAAA,IAAA,CAAK,SAAA,GAAA,CAAY,EAAA,GAAA,MAAA,CAAO,SAAA,KAAP,IAAA,GAAA,EAAA,GAAoB,IAAI,kBAAA,EAAmB;AAC5D,IAAA,IAAA,CAAK,OAAM,EAAA,GAAA,MAAA,CAAO,GAAA,KAAP,IAAA,GAAA,EAAA,IAAe,MAAM,KAAK,GAAA,EAAI,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,UAAA,CAAW,OAAA,GAA6B,EAAC,EAAkB;AApCnE,IAAA,IAAA,EAAA,EAAA,EAAA;AAqCI,IAAA,MAAM,KAAA,GAAQ,aAAa,EAAE,CAAA;AAC7B,IAAA,MAAM,YAAA,GAAe,aAAa,EAAE,CAAA;AACpC,IAAA,MAAM,aAAA,GAAgB,MAAM,mBAAA,CAAoB,YAAY,CAAA;AAE5D,IAAA,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,KAAK,CAAA;AACrD,IAAA,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,cAAc,YAAY,CAAA;AAEnE,IAAA,MAAM,MAAA,GAAiC;AAAA,MACrC,aAAA,EAAe,MAAA;AAAA,MACf,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,MAC1B,KAAA;AAAA,MACA,cAAA,EAAgB,aAAA;AAAA,MAChB,qBAAA,EAAuB;AAAA,KACzB;AAEA,IAAA,MAAM,KAAA,GAAA,CAAQ,mBAAQ,MAAA,KAAR,IAAA,GAAA,MAAA,GAAA,EAAA,CAAgB,KAAK,GAAA,CAAA,KAArB,IAAA,GAAA,EAAA,GAA6B,KAAK,MAAA,CAAO,KAAA;AACvD,IAAA,IAAI,KAAA,SAAc,KAAA,GAAQ,KAAA;AAC1B,IAAA,IAAI,OAAA,CAAQ,SAAA,EAAW,MAAA,CAAO,UAAA,GAAa,OAAA,CAAQ,SAAA;AACnD,IAAA,IAAI,QAAQ,WAAA,EAAa;AACvB,MAAA,MAAM,QAAA,uBAAe,GAAA,CAAI;AAAA,QACvB,eAAA;AAAA,QACA,WAAA;AAAA,QACA,cAAA;AAAA,QACA,OAAA;AAAA,QACA,gBAAA;AAAA,QACA;AAAA,OACD,CAAA;AACD,MAAA,KAAA,MAAW,CAAC,GAAG,CAAC,CAAA,IAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxD,QAAA,IAAI,CAAC,QAAA,CAAS,GAAA,CAAI,CAAC,CAAA,EAAG,MAAA,CAAO,CAAC,CAAA,GAAI,CAAA;AAAA,MACpC;AAAA,IACF;AAEA,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,qBAAqB,CAAA;AACrD,IAAA,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,CAAA,EAAG,CAAC,CAAC,CAAA;AACrE,IAAA,MAAM,WAAA,GAAc,IAAI,QAAA,EAAS;AAEjC,IAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,WAAW,CAAA;AACxC,MAAA;AAAA,IACF;AACA,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,MAAA,MAAA,CAAO,QAAA,CAAS,OAAO,WAAW,CAAA;AAClC,MAAA;AAAA,IACF;AACA,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AAAA,EAEA,MAAM,uBAAuB,WAAA,EAAwC;AACnE,IAAA,MAAM,QACJ,WAAA,IAAA,IAAA,GAAA,WAAA,GACC,OAAO,WAAW,WAAA,GAAc,MAAA,CAAO,SAAS,IAAA,GAAO,EAAA;AAC1D,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,GAAA,GAAM,SAAS,KAAK,CAAA;AAC1B,IAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAC1C,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,mBAAmB,CAAA;AACrD,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER,OACI,CAAA,qBAAA,EAAwB,KAAK,WAAM,IAAI,CAAA,CAAA,GACvC,wBAAwB,KAAK,CAAA;AAAA,OACnC;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACxC,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,cAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAC1C,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,eAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,cAAc,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,KAAK,CAAA;AAClE,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,eAAA,CAAgB,WAAA,EAAa,KAAK,CAAA,EAAG;AACxD,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,KAAK,CAAA;AACjD,IAAA,OAAO,IAAA,CAAK,aAAa,IAAI,CAAA;AAAA,EAC/B;AAAA,EAEA,UAAA,GAA6B;AAC3B,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEA,MAAM,cAAA,GAAyC;AA/IjD,IAAA,IAAA,EAAA,EAAA,EAAA;AAgJI,IAAA,IAAI,CAAC,KAAK,OAAA,EAAS;AACjB,MAAA,MAAM,KAAK,cAAA,EAAe;AAAA,IAC5B;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,OAAA,EAAS,OAAO,IAAA;AAC1B,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,SAAA;AAChC,IAAA,IAAI,OAAO,GAAA,IAAO,IAAA,CAAK,KAAI,IAAK,IAAA,CAAK,OAAO,kBAAA,EAAoB;AAC9D,MAAA,IAAI,CAAC,KAAK,cAAA,EAAgB;AACxB,QAAA,IAAA,CAAK,cAAA,GAAiB,IAAA,CAAK,SAAA,EAAU,CAAE,QAAQ,MAAM;AACnD,UAAA,IAAA,CAAK,cAAA,GAAiB,IAAA;AAAA,QACxB,CAAC,CAAA;AAAA,MACH;AACA,MAAA,MAAM,IAAA,CAAK,cAAA;AAAA,IACb;AACA,IAAA,OAAA,CAAO,EAAA,GAAA,CAAA,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,gBAArB,IAAA,GAAA,EAAA,GAAoC,IAAA;AAAA,EAC7C;AAAA,EAEA,MAAM,OAAO,OAAA,EAAgD;AAC3D,IAAA,IAAI,mCAAS,QAAA,EAAU;AACrB,MAAA,MAAM,WAAW,OAAA,CAAQ,QAAA;AACzB,MAAA,IAAI,QAAA,CAAS,WAAW,IAAI,CAAA,IAAK,CAAC,cAAA,CAAe,IAAA,CAAK,QAAQ,CAAA,EAAG;AAC/D,QAAA,MAAM,IAAI,SAAA;AAAA,UAAA,gBAAA;AAAA,UAER;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,IAAA;AACf,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,KAAK,CAAA;AACjD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,YAAY,CAAA;AACxD,IAAA,IAAA,CAAK,MAAA,EAAO;AAEZ,IAAA,IAAI,IAAA,CAAK,OAAO,cAAA,EAAgB;AAC9B,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,cAAc,CAAA;AAC9C,MAAA,IAAI,mCAAS,QAAA,EAAU;AACrB,QAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,OAAA,CAAQ,QAAQ,CAAA;AAAA,MACnD;AACA,MAAA,MAAM,SAAA,GAAY,IAAI,QAAA,EAAS;AAC/B,MAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,QAAA,MAAM,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,SAAS,CAAA;AAAA,MACxC,CAAA,MAAA,IAAW,OAAO,MAAA,KAAW,WAAA,EAAa;AACxC,QAAA,MAAA,CAAO,QAAA,CAAS,OAAO,SAAS,CAAA;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,eAAA,GAA2B;AA/L7B,IAAA,IAAA,EAAA;AAgMI,IAAA,OAAO,OAAA,CAAA,CAAQ,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,OAAO,WAAW,CAAA;AAAA,EACjD;AAAA,EAEA,mBAAmB,OAAA,EAAwD;AACzE,IAAA,IAAA,CAAK,SAAA,CAAU,IAAI,OAAO,CAAA;AAC1B,IAAA,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,OAAO,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAA,GAAgD;AACpD,IAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,cAAA,EAAe;AAC9C,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,gBAAA,EAAkB;AACjC,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AACA,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,gBAAA;AAAA,MACZ,EAAE,OAAA,EAAS,EAAE,eAAe,CAAA,OAAA,EAAU,WAAW,IAAG;AAAE,KACxD;AACA,IAAA,OAAO,QAAA,CAAS,IAAA;AAAA,EAClB;AAAA,EAEA,MAAc,aAAa,IAAA,EAAgC;AACzD,IAAA,MAAM,WAAW,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,YAAY,CAAA;AACtE,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,uBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,oBAAA;AAAA,MACZ,IAAA;AAAA,MACA,aAAA,EAAe,QAAA;AAAA,MACf,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,MAC1B,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,KACxB,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,aAAA;AAAA,MACZ;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,WAAA,EAAa,SAAA;AAAA,QACb,IAAA,EAAM,KAAK,QAAA;AAAS;AACtB,KACF;AACA,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,QAAA,CAAS,IAAA,EAAM,KAAK,GAAG,CAAA;AACxD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,YAAY,CAAA;AACxD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEA,MAAc,SAAA,GAA8B;AA3P9C,IAAA,IAAA,EAAA;AA4PI,IAAA,MAAM,YAAA,GAAA,CAAe,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,YAAA;AAC1C,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,eAAA;AAAA,MACZ,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,KACxB,CAAA;AACD,IAAA,IAAI,YAAA,EAAc,IAAA,CAAK,GAAA,CAAI,eAAA,EAAiB,YAAY,CAAA;AAExD,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,aAAA;AAAA,MACZ;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,WAAA,EAAa,SAAA;AAAA,QACb,IAAA,EAAM,KAAK,QAAA;AAAS;AACtB,KACF;AACA,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,QAAA,CAAS,IAAA,EAAM,KAAK,GAAG,CAAA;AACxD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEA,MAAc,cAAc,MAAA,EAAoC;AA/QlE,IAAA,IAAA,EAAA,EAAA,EAAA;AAgRI,IAAA,MAAM,oBAAA,GAAA,CAAuB,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,YAAA;AAClD,IAAA,MAAM,YAAA,GAAyB;AAAA,MAC7B,GAAG,MAAA;AAAA,MACH,YAAA,EAAA,CAAc,EAAA,GAAA,MAAA,CAAO,YAAA,KAAP,IAAA,GAAA,EAAA,GAAuB;AAAA,KACvC;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU;AAAA,MACb,MAAA,EAAQ,YAAA;AAAA,MACR,SAAA,EAAW,KAAK,GAAA;AAAI,KACtB;AACA,IAAA,MAAM,OAAA;AAAA,MACJ,IAAA,CAAK,OAAA;AAAA,MACL,YAAA,CAAa,OAAA;AAAA,MACb,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,OAAO;AAAA,KAC7B;AACA,IAAA,IAAA,CAAK,MAAA,EAAO;AACZ,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEQ,MAAA,GAAe;AACrB,IAAA,IAAA,CAAK,UAAU,OAAA,CAAQ,CAAC,YAAY,OAAA,CAAQ,IAAA,CAAK,OAAO,CAAC,CAAA;AAAA,EAC3D;AAAA,EAEA,MAAc,cAAA,GAAgC;AAvShD,IAAA,IAAA,EAAA;AAwSI,IAAA,MAAM,MAAM,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,OAAO,CAAA;AAC5D,IAAA,IAAI,CAAC,GAAA,EAAK;AACV,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,GAAG,CAAA;AAC7B,MAAA,IAAI,QAAA,CAAO,EAAA,GAAA,MAAA,IAAA,IAAA,GAAA,KAAA,CAAA,GAAA,MAAA,CAAQ,MAAA,KAAR,IAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAgB,iBAAgB,QAAA,EAAU;AACnD,QAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,QAAA;AAAA,MACF;AACA,MAAA,IAAA,CAAK,OAAA,GAAU,MAAA;AAAA,IACjB,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,MAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,MAAA,IAAA,CAAK,OAAA,GAAU,IAAA;AAAA,IACjB;AAAA,EACF;AACF,CAAA;;;AClTA,IAAM,qBAAA,GAAwB,iCAAA;AAC9B,IAAM,0BAAA,GAA6B,qBAAA;AACnC,IAAM,kBAAA,GAAqB,iBAAA;AAC3B,IAAM,aAAA,GAAgB,sBAAA;AAEtB,SAAS,iBAAiB,KAAA,EAAwB;AAChD,EAAA,MAAM,GAAA,GAAM,MAAA,CAAO,KAAA,IAAA,IAAA,GAAA,KAAA,GAAS,qBAAqB,EAAE,IAAA,EAAK;AACxD,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,IAAI,IAAI,GAAG,CAAA;AAAA,EACtB,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO,MAAA,CAAO,QAAA,EAAS,CAAE,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAC7C;AAEA,SAAS,eAAA,CACP,OAAA,EACA,QAAA,EACA,YAAA,EACQ;AACR,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,IAAI;AACF,MAAA,OAAO,IAAI,GAAA,CAAI,QAAQ,CAAA,CAAE,QAAA,EAAS;AAAA,IACpC,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,IAAI,GAAA,CAAI,YAAA,EAAc,GAAG,OAAO,CAAA,CAAA,CAAG,EAAE,QAAA,EAAS;AACvD;AAEO,SAAS,iBAAiB,MAAA,EAAgC;AAlDjE,EAAA,IAAA,EAAA,EAAA,EAAA;AAmDE,EAAA,IAAI,EAAC,iCAAQ,QAAA,CAAA,EAAU;AACrB,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,WAAA,EAAa;AACvB,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,gBAAA,CAAiB,MAAA,CAAO,OAAO,CAAA;AAC/C,EAAA,MAAM,cAAA,GAAqC;AAAA,IACzC,GAAG,MAAA;AAAA,IACH,OAAA;AAAA,IACA,KAAA,EAAO,QAAO,EAAA,GAAA,MAAA,CAAO,KAAA,KAAP,YAAgB,EAAE,CAAA,CAAE,MAAK,IAAK,aAAA;AAAA,IAC5C,kBAAA,EAAA,CAAoB,EAAA,GAAA,MAAA,CAAO,kBAAA,KAAP,IAAA,GAAA,EAAA,GAA6B,IAAA;AAAA,IACjD,qBAAA,EAAuB,eAAA;AAAA,MACrB,OAAA;AAAA,MACA,MAAA,CAAO,qBAAA;AAAA,MACP;AAAA,KACF;AAAA,IACA,aAAA,EAAe,eAAA;AAAA,MACb,OAAA;AAAA,MACA,MAAA,CAAO,aAAA;AAAA,MACP;AAAA;AACF,GACF;AAEA,EAAA,OAAO,IAAI,kBAAkB,cAAc,CAAA;AAC7C;;;ACjFO,IAAM,oBAAN,MAAkD;AAAA,EACvD,YACmB,OAAA,EAIjB;AAJiB,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAIhB;AAAA,EAEH,IAAI,GAAA,EAA4B;AAC9B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA;AAAA,EACjC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAAA,EACjC;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,GAAG,CAAA;AAAA,EAC7B;AACF;;;ACbO,IAAM,uBAAN,MAAqD;AAAA,EAC1D,YAA6B,SAAA,EAAmC;AAAnC,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EAAoC;AAAA,EAEjE,MAAM,IAAI,GAAA,EAAqC;AAC7C,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,SAAA,CAAU,GAAG,CAAA;AAAA,EACrC;AAAA,EAEA,MAAM,GAAA,CAAI,GAAA,EAAa,KAAA,EAA8B;AACnD,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,SAAA,CAAU,GAAA,EAAK,KAAK,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,OAAO,GAAA,EAA4B;AACvC,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,YAAA,CAAa,GAAG,CAAA;AAAA,EACvC;AACF;;;ACbA,IAAM,cAAA,GAAiB,CAAC,IAAA,KAAgC;AATxD,EAAA,IAAA,EAAA;AAUE,EAAA,IAAI,OAAO,QAAA,KAAa,WAAA,EAAa,OAAO,IAAA;AAC5C,EAAA,MAAM,SAAS,QAAA,CAAS,MAAA,CAAO,KAAA,CAAM,CAAA,SAAA,EAAY,IAAI,CAAA,gBAAA,CAAkB,CAAA;AACvE,EAAA,OAAO,MAAA,GAAA,CAAU,EAAA,GAAA,MAAA,CAAO,GAAA,EAAI,KAAX,YAAgB,IAAA,GAAQ,IAAA;AAC3C,CAAA;AAEO,SAAS,0BAAA,CACd,OAAA,GAAuC,EAAC,EACxB;AAChB,EAAA,MAAM,EAAE,QAAQ,IAAA,GAAO,GAAA,EAAK,WAAW,QAAA,EAAU,MAAA,GAAS,MAAK,GAAI,OAAA;AAEnE,EAAA,MAAM,GAAA,GAAM,CAAC,GAAA,KAA+B;AAC1C,IAAA,OAAO,eAAe,GAAG,CAAA;AAAA,EAC3B,CAAA;AAEA,EAAA,MAAM,GAAA,GAAM,CAAC,GAAA,EAAa,KAAA,KAAwB;AAChD,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,IAAI,MAAA,GAAS,CAAA,EAAG,GAAG,CAAA,CAAA,EAAI,KAAK,CAAA,CAAA;AAC5B,IAAA,IAAI,IAAA,EAAM,MAAA,IAAU,CAAA,OAAA,EAAU,IAAI,CAAA,CAAA;AAClC,IAAA,IAAI,MAAA,EAAQ,MAAA,IAAU,CAAA,SAAA,EAAY,MAAM,CAAA,CAAA;AACxC,IAAA,IAAI,QAAA,EAAU,MAAA,IAAU,CAAA,WAAA,EAAc,QAAQ,CAAA,CAAA;AAC9C,IAAA,IAAI,QAAQ,MAAA,IAAU,CAAA,QAAA,CAAA;AACtB,IAAA,QAAA,CAAS,MAAA,GAAS,MAAA;AAAA,EACpB,CAAA;AAEA,EAAA,MAAM,MAAA,GAAS,CAAC,GAAA,KAAsB;AACpC,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,IAAI,MAAA,GAAS,GAAG,GAAG,CAAA,wCAAA,CAAA;AACnB,IAAA,IAAI,IAAA,EAAM,MAAA,IAAU,CAAA,OAAA,EAAU,IAAI,CAAA,CAAA;AAClC,IAAA,IAAI,MAAA,EAAQ,MAAA,IAAU,CAAA,SAAA,EAAY,MAAM,CAAA,CAAA;AACxC,IAAA,QAAA,CAAS,MAAA,GAAS,MAAA;AAAA,EACpB,CAAA;AAEA,EAAA,OAAO,EAAE,GAAA,EAAK,GAAA,EAAK,MAAA,EAAO;AAC5B","file":"index.js","sourcesContent":["export enum AuthErrorCode {\n INVALID_CONFIG = 'INVALID_CONFIG',\n STATE_MISMATCH = 'STATE_MISMATCH',\n CALLBACK_ERROR = 'CALLBACK_ERROR',\n TOKEN_EXCHANGE_FAILED = 'TOKEN_EXCHANGE_FAILED',\n REFRESH_FAILED = 'REFRESH_FAILED',\n STORAGE_ERROR = 'STORAGE_ERROR',\n MISSING_CODE = 'MISSING_CODE',\n MISSING_STATE = 'MISSING_STATE',\n NETWORK_ERROR = 'NETWORK_ERROR',\n HTTP_ERROR = 'HTTP_ERROR',\n}\n\nexport class AuthError extends Error {\n constructor(\n public readonly code: AuthErrorCode,\n message: string,\n public readonly cause?: unknown,\n ) {\n super(message);\n this.name = 'AuthError';\n }\n}\n","const ALPHABET =\n 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';\n\nfunction getCryptoImpl(): Crypto {\n if (typeof globalThis !== 'undefined' && globalThis.crypto) {\n return globalThis.crypto;\n }\n throw new Error('Web Crypto API unavailable');\n}\n\nexport function randomString(length = 64): string {\n const crypto = getCryptoImpl();\n // Rejection sampling: discard bytes >= threshold to eliminate modulo bias.\n // ALPHABET.length = 66; threshold = 256 - (256 % 66) = 204\n const THRESHOLD = 256 - (256 % ALPHABET.length);\n const result: string[] = [];\n while (result.length < length) {\n const bytes = new Uint8Array(Math.ceil((length - result.length) * 1.4));\n crypto.getRandomValues(bytes);\n for (const b of bytes) {\n if (result.length >= length) break;\n if (b < THRESHOLD) result.push(ALPHABET[b % ALPHABET.length]!);\n }\n }\n return result.join('');\n}\n\nfunction toBase64Url(bytes: Uint8Array<ArrayBuffer>): string {\n const binary = Array.from(bytes, (b) => String.fromCharCode(b)).join('');\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=/g, '');\n}\n\nfunction verifierToBytes(verifier: string): Uint8Array<ArrayBuffer> {\n const bytes = new Uint8Array(verifier.length);\n for (let i = 0; i < verifier.length; i++) {\n bytes[i] = verifier.charCodeAt(i);\n }\n return bytes;\n}\n\nexport async function createCodeChallenge(verifier: string): Promise<string> {\n const crypto = getCryptoImpl();\n const buffer = verifierToBytes(verifier);\n const digest = await crypto.subtle.digest('SHA-256', buffer);\n return toBase64Url(new Uint8Array(digest));\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type { StorageAdapter, TokenSet } from './types';\n\nexport const STORAGE_KEYS = {\n session: 'nuria:session',\n state: 'nuria:oauth:state',\n codeVerifier: 'nuria:oauth:code_verifier',\n};\n\nexport function normalizeTokenSet(\n raw: Record<string, unknown>,\n now: () => number,\n): TokenSet {\n const accessToken = (raw.access_token ?? raw.accessToken) as string;\n if (!accessToken || typeof accessToken !== 'string') {\n throw new AuthError(\n AuthErrorCode.TOKEN_EXCHANGE_FAILED,\n 'Missing access token in token response',\n );\n }\n const expiresIn = Number(raw.expires_in ?? raw.expiresIn ?? 0) || undefined;\n return {\n accessToken,\n tokenType: (raw.token_type ?? raw.tokenType) as string | undefined,\n expiresIn,\n refreshToken: (raw.refresh_token ?? raw.refreshToken) as string | undefined,\n idToken: (raw.id_token ?? raw.idToken) as string | undefined,\n scope: raw.scope as string | undefined,\n expiresAt: expiresIn ? now() + expiresIn * 1000 : undefined,\n };\n}\n\nexport async function safeGet(\n storage: StorageAdapter,\n key: string,\n): Promise<string | null> {\n try {\n return await storage.get(key);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed reading key: ${key}`,\n cause,\n );\n }\n}\n\nexport async function safeSet(\n storage: StorageAdapter,\n key: string,\n value: string,\n): Promise<void> {\n try {\n await storage.set(key, value);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed writing key: ${key}`,\n cause,\n );\n }\n}\n\nexport async function safeRemove(\n storage: StorageAdapter,\n key: string,\n): Promise<void> {\n try {\n await storage.remove(key);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed removing key: ${key}`,\n cause,\n );\n }\n}\n\nexport function timingSafeEqual(a: string, b: string): boolean {\n if (a.length !== b.length) return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++) {\n diff |= a.charCodeAt(i) ^ b.charCodeAt(i);\n }\n return diff === 0;\n}\n\nexport function parseUrl(url: string): URL {\n try {\n return new URL(url);\n } catch {\n throw new AuthError(AuthErrorCode.CALLBACK_ERROR, 'Invalid callback URL');\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport class MemoryStorageAdapter implements StorageAdapter {\n private store = new Map<string, string>();\n\n get(key: string): string | null {\n return this.store.get(key) ?? null;\n }\n\n set(key: string, value: string): void {\n this.store.set(key, value);\n }\n\n remove(key: string): void {\n this.store.delete(key);\n }\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type {\n AuthTransport,\n AuthTransportRequest,\n AuthTransportResponse,\n TransportInterceptor,\n} from '../core/types';\n\nexport interface FetchTransportOptions {\n fetchFn?: typeof fetch;\n timeoutMs?: number;\n retries?: number;\n interceptors?: TransportInterceptor[];\n}\n\nconst RETRYABLE_STATUS = new Set([408, 425, 429, 500, 502, 503, 504]);\n\nexport class FetchAuthTransport implements AuthTransport {\n private readonly fetchFn: typeof fetch;\n private readonly timeoutMs?: number;\n private readonly retries: number;\n private readonly interceptors: TransportInterceptor[];\n\n constructor(options: FetchTransportOptions = {}) {\n this.fetchFn = options.fetchFn ?? fetch;\n this.timeoutMs = options.timeoutMs;\n this.retries = options.retries ?? 0;\n this.interceptors = options.interceptors ?? [];\n }\n\n async request<T = unknown>(\n url: string,\n req: AuthTransportRequest = {},\n ): Promise<AuthTransportResponse<T>> {\n let request = req;\n for (const i of this.interceptors) {\n if (i.onRequest) request = await i.onRequest(url, request);\n }\n\n const retries = request.retries ?? this.retries;\n let attempt = 0;\n while (true) {\n const controller = new AbortController();\n const timeout = request.timeoutMs ?? this.timeoutMs;\n const timer = timeout\n ? setTimeout(() => controller.abort(), timeout)\n : undefined;\n try {\n const defaultContentType =\n typeof request.body === 'string'\n ? 'application/x-www-form-urlencoded'\n : 'application/json';\n const res = await this.fetchFn(this.withQuery(url, request.query), {\n method: request.method ?? 'GET',\n credentials: request.credentials,\n headers: {\n 'Content-Type': defaultContentType,\n ...(request.headers ?? {}),\n },\n body:\n request.body !== undefined\n ? typeof request.body === 'string'\n ? request.body\n : JSON.stringify(request.body)\n : undefined,\n signal: controller.signal,\n });\n const data = await this.parseBody<T>(res);\n if (!res.ok) {\n if (attempt < retries && RETRYABLE_STATUS.has(res.status)) {\n attempt += 1;\n continue;\n }\n throw new AuthError(AuthErrorCode.HTTP_ERROR, `HTTP ${res.status}`);\n }\n let out: AuthTransportResponse<T> = {\n status: res.status,\n data,\n headers: res.headers,\n };\n for (const i of this.interceptors) {\n if (i.onResponse) out = await i.onResponse(out);\n }\n return out;\n } catch (cause) {\n if (cause instanceof AuthError) throw cause;\n if (attempt < retries) {\n attempt += 1;\n continue;\n }\n throw new AuthError(\n AuthErrorCode.NETWORK_ERROR,\n 'Network request failed',\n cause,\n );\n } finally {\n if (timer) clearTimeout(timer);\n }\n }\n }\n\n private withQuery(\n url: string,\n query?: Record<string, string | undefined>,\n ): string {\n if (!query) return url;\n const parsed = new URL(url);\n Object.entries(query).forEach(([k, v]) => {\n if (v !== undefined) parsed.searchParams.set(k, v);\n });\n return parsed.toString();\n }\n\n private async parseBody<T>(res: Response): Promise<T> {\n const contentType = res.headers.get('content-type') ?? '';\n if (contentType.includes('application/json')) {\n return (await res.json()) as T;\n }\n return (await res.text()) as unknown as T;\n }\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport { createCodeChallenge, randomString } from '../core/pkce';\nimport {\n normalizeTokenSet,\n parseUrl,\n safeGet,\n safeRemove,\n safeSet,\n timingSafeEqual,\n STORAGE_KEYS,\n} from '../core/utils';\nimport type {\n AuthClient,\n ResolvedAuthConfig,\n Session,\n StartLoginOptions,\n TokenSet,\n AuthTransport,\n} from '../core/types';\nimport { MemoryStorageAdapter } from '../storage/memory-storage-adapter';\nimport { FetchAuthTransport } from '../transport/fetch-transport';\n\nexport class DefaultAuthClient implements AuthClient {\n private session: Session | null = null;\n private refreshPromise: Promise<Session> | null = null;\n private readonly listeners = new Set<(session: Session | null) => void>();\n private readonly storage;\n private readonly transport: AuthTransport;\n private readonly now: () => number;\n\n constructor(private readonly config: ResolvedAuthConfig) {\n this.storage = config.storage ?? new MemoryStorageAdapter();\n this.transport = config.transport ?? new FetchAuthTransport();\n this.now = config.now ?? (() => Date.now());\n }\n\n async startLogin(options: StartLoginOptions = {}): Promise<void> {\n const state = randomString(32);\n const codeVerifier = randomString(96);\n const codeChallenge = await createCodeChallenge(codeVerifier);\n\n await safeSet(this.storage, STORAGE_KEYS.state, state);\n await safeSet(this.storage, STORAGE_KEYS.codeVerifier, codeVerifier);\n\n const params: Record<string, string> = {\n response_type: 'code',\n client_id: this.config.clientId,\n redirect_uri: this.config.redirectUri,\n state,\n code_challenge: codeChallenge,\n code_challenge_method: 'S256',\n };\n\n const scope = options.scopes?.join(' ') ?? this.config.scope;\n if (scope) params.scope = scope;\n if (options.loginHint) params.login_hint = options.loginHint;\n if (options.extraParams) {\n const RESERVED = new Set([\n 'response_type',\n 'client_id',\n 'redirect_uri',\n 'state',\n 'code_challenge',\n 'code_challenge_method',\n ]);\n for (const [k, v] of Object.entries(options.extraParams)) {\n if (!RESERVED.has(k)) params[k] = v;\n }\n }\n\n const url = new URL(this.config.authorizationEndpoint);\n Object.entries(params).forEach(([k, v]) => url.searchParams.set(k, v));\n const redirectUrl = url.toString();\n\n if (this.config.onRedirect) {\n await this.config.onRedirect(redirectUrl);\n return;\n }\n if (typeof window !== 'undefined') {\n window.location.assign(redirectUrl);\n return;\n }\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'Missing onRedirect callback for non-browser runtime',\n );\n }\n\n async handleRedirectCallback(callbackUrl?: string): Promise<Session> {\n const input =\n callbackUrl ??\n (typeof window !== 'undefined' ? window.location.href : '');\n if (!input) {\n throw new AuthError(\n AuthErrorCode.CALLBACK_ERROR,\n 'callbackUrl required in non-browser runtime',\n );\n }\n\n const url = parseUrl(input);\n const error = url.searchParams.get('error');\n if (error) {\n const desc = url.searchParams.get('error_description');\n throw new AuthError(\n AuthErrorCode.CALLBACK_ERROR,\n desc\n ? `Authorization error: ${error} — ${desc}`\n : `Authorization error: ${error}`,\n );\n }\n\n const code = url.searchParams.get('code');\n if (!code) {\n throw new AuthError(\n AuthErrorCode.MISSING_CODE,\n 'Missing code in callback',\n );\n }\n\n const state = url.searchParams.get('state');\n if (!state) {\n throw new AuthError(\n AuthErrorCode.MISSING_STATE,\n 'Missing state in callback',\n );\n }\n\n const storedState = await safeGet(this.storage, STORAGE_KEYS.state);\n if (!storedState || !timingSafeEqual(storedState, state)) {\n throw new AuthError(\n AuthErrorCode.STATE_MISMATCH,\n 'State validation failed',\n );\n }\n\n await safeRemove(this.storage, STORAGE_KEYS.state);\n return this.exchangeCode(code);\n }\n\n getSession(): Session | null {\n return this.session;\n }\n\n async getAccessToken(): Promise<string | null> {\n if (!this.session) {\n await this.hydrateSession();\n }\n if (!this.session) return null;\n const exp = this.session.tokens.expiresAt;\n if (exp && exp <= this.now() && this.config.enableRefreshToken) {\n if (!this.refreshPromise) {\n this.refreshPromise = this.doRefresh().finally(() => {\n this.refreshPromise = null;\n });\n }\n await this.refreshPromise;\n }\n return this.session?.tokens.accessToken ?? null;\n }\n\n async logout(options?: { returnTo?: string }): Promise<void> {\n if (options?.returnTo) {\n const returnTo = options.returnTo;\n if (returnTo.startsWith('//') || !/^https?:\\/\\//.test(returnTo)) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'returnTo must be an absolute https:// or http:// URL',\n );\n }\n }\n\n this.session = null;\n await safeRemove(this.storage, STORAGE_KEYS.session);\n await safeRemove(this.storage, STORAGE_KEYS.state);\n await safeRemove(this.storage, STORAGE_KEYS.codeVerifier);\n this.notify();\n\n if (this.config.logoutEndpoint) {\n const url = new URL(this.config.logoutEndpoint);\n if (options?.returnTo) {\n url.searchParams.set('returnTo', options.returnTo);\n }\n const logoutUrl = url.toString();\n if (this.config.onRedirect) {\n await this.config.onRedirect(logoutUrl);\n } else if (typeof window !== 'undefined') {\n window.location.assign(logoutUrl);\n }\n }\n }\n\n isAuthenticated(): boolean {\n return Boolean(this.session?.tokens.accessToken);\n }\n\n onAuthStateChanged(handler: (session: Session | null) => void): () => void {\n this.listeners.add(handler);\n return () => this.listeners.delete(handler);\n }\n\n async getUserinfo(): Promise<Record<string, unknown>> {\n const accessToken = await this.getAccessToken();\n if (!accessToken) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'Not authenticated — call handleRedirectCallback first',\n );\n }\n if (!this.config.userinfoEndpoint) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.userinfoEndpoint is required for getUserinfo',\n );\n }\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.userinfoEndpoint,\n { headers: { Authorization: `Bearer ${accessToken}` } },\n );\n return response.data;\n }\n\n private async exchangeCode(code: string): Promise<Session> {\n const verifier = await safeGet(this.storage, STORAGE_KEYS.codeVerifier);\n if (!verifier) {\n throw new AuthError(\n AuthErrorCode.TOKEN_EXCHANGE_FAILED,\n 'Missing PKCE code_verifier in storage',\n );\n }\n\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n code_verifier: verifier,\n redirect_uri: this.config.redirectUri,\n client_id: this.config.clientId,\n });\n\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.tokenEndpoint,\n {\n method: 'POST',\n credentials: 'include',\n body: body.toString(),\n },\n );\n const tokens = normalizeTokenSet(response.data, this.now);\n await safeRemove(this.storage, STORAGE_KEYS.codeVerifier);\n return this.createSession(tokens);\n }\n\n private async doRefresh(): Promise<Session> {\n const refreshToken = this.session?.tokens.refreshToken;\n const body = new URLSearchParams({\n grant_type: 'refresh_token',\n client_id: this.config.clientId,\n });\n if (refreshToken) body.set('refresh_token', refreshToken);\n\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.tokenEndpoint,\n {\n method: 'POST',\n credentials: 'include',\n body: body.toString(),\n },\n );\n const tokens = normalizeTokenSet(response.data, this.now);\n return this.createSession(tokens);\n }\n\n private async createSession(tokens: TokenSet): Promise<Session> {\n const previousRefreshToken = this.session?.tokens.refreshToken;\n const mergedTokens: TokenSet = {\n ...tokens,\n refreshToken: tokens.refreshToken ?? previousRefreshToken,\n };\n\n this.session = {\n tokens: mergedTokens,\n createdAt: this.now(),\n };\n await safeSet(\n this.storage,\n STORAGE_KEYS.session,\n JSON.stringify(this.session),\n );\n this.notify();\n return this.session;\n }\n\n private notify(): void {\n this.listeners.forEach((handler) => handler(this.session));\n }\n\n private async hydrateSession(): Promise<void> {\n const raw = await safeGet(this.storage, STORAGE_KEYS.session);\n if (!raw) return;\n try {\n const parsed = JSON.parse(raw) as Session;\n if (typeof parsed?.tokens?.accessToken !== 'string') {\n await safeRemove(this.storage, STORAGE_KEYS.session);\n return;\n }\n this.session = parsed;\n } catch {\n await safeRemove(this.storage, STORAGE_KEYS.session);\n this.session = null;\n }\n }\n}\n","import { DefaultAuthClient } from './nuria-auth-client';\nimport { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type { AuthClient, AuthConfig, ResolvedAuthConfig } from '../core/types';\n\nconst DEFAULT_AUTH_BASE_URL = 'https://ms-auth-v2.nuria.com.br';\nconst DEFAULT_AUTHORIZATION_PATH = '/v2/oauth/authorize';\nconst DEFAULT_TOKEN_PATH = '/v2/oauth/token';\nconst DEFAULT_SCOPE = 'openid profile email';\n\nfunction normalizeBaseUrl(value?: string): string {\n const raw = String(value ?? DEFAULT_AUTH_BASE_URL).trim();\n if (!raw) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.baseUrl must be a valid absolute URL',\n );\n }\n\n let parsed: URL;\n try {\n parsed = new URL(raw);\n } catch {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.baseUrl must be a valid absolute URL',\n );\n }\n\n return parsed.toString().replace(/\\/+$/, '');\n}\n\nfunction resolveEndpoint(\n baseUrl: string,\n explicit: string | undefined,\n fallbackPath: string,\n): string {\n if (explicit) {\n try {\n return new URL(explicit).toString();\n } catch {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'OAuth endpoints must be valid absolute URLs',\n );\n }\n }\n\n return new URL(fallbackPath, `${baseUrl}/`).toString();\n}\n\nexport function createAuthClient(config: AuthConfig): AuthClient {\n if (!config?.clientId) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.clientId is required',\n );\n }\n if (!config.redirectUri) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.redirectUri is required',\n );\n }\n\n const baseUrl = normalizeBaseUrl(config.baseUrl);\n const resolvedConfig: ResolvedAuthConfig = {\n ...config,\n baseUrl,\n scope: String(config.scope ?? '').trim() || DEFAULT_SCOPE,\n enableRefreshToken: config.enableRefreshToken ?? true,\n authorizationEndpoint: resolveEndpoint(\n baseUrl,\n config.authorizationEndpoint,\n DEFAULT_AUTHORIZATION_PATH,\n ),\n tokenEndpoint: resolveEndpoint(\n baseUrl,\n config.tokenEndpoint,\n DEFAULT_TOKEN_PATH,\n ),\n };\n\n return new DefaultAuthClient(resolvedConfig);\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport class WebStorageAdapter implements StorageAdapter {\n constructor(\n private readonly storage: Pick<\n Storage,\n 'getItem' | 'setItem' | 'removeItem'\n >,\n ) {}\n\n get(key: string): string | null {\n return this.storage.getItem(key);\n }\n\n set(key: string, value: string): void {\n this.storage.setItem(key, value);\n }\n\n remove(key: string): void {\n this.storage.removeItem(key);\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport interface CookieStorageCallbacks {\n getCookie(name: string): string | null | Promise<string | null>;\n setCookie(name: string, value: string): void | Promise<void>;\n removeCookie(name: string): void | Promise<void>;\n}\n\nexport class CookieStorageAdapter implements StorageAdapter {\n constructor(private readonly callbacks: CookieStorageCallbacks) {}\n\n async get(key: string): Promise<string | null> {\n return this.callbacks.getCookie(key);\n }\n\n async set(key: string, value: string): Promise<void> {\n await this.callbacks.setCookie(key, value);\n }\n\n async remove(key: string): Promise<void> {\n await this.callbacks.removeCookie(key);\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport interface BrowserCookieStorageOptions {\n domain?: string;\n path?: string;\n sameSite?: 'strict' | 'lax' | 'none';\n secure?: boolean;\n}\n\nconst getCookieValue = (name: string): string | null => {\n if (typeof document === 'undefined') return null;\n const result = document.cookie.match(`(^|;)\\\\s*${name}\\\\s*=\\\\s*([^;]+)`);\n return result ? (result.pop() ?? null) : null;\n};\n\nexport function createBrowserCookieStorage(\n options: BrowserCookieStorageOptions = {},\n): StorageAdapter {\n const { domain, path = '/', sameSite = 'strict', secure = true } = options;\n\n const get = (key: string): string | null => {\n return getCookieValue(key);\n };\n\n const set = (key: string, value: string): void => {\n if (typeof document === 'undefined') return;\n let cookie = `${key}=${value}`;\n if (path) cookie += `; path=${path}`;\n if (domain) cookie += `; domain=${domain}`;\n if (sameSite) cookie += `; samesite=${sameSite}`;\n if (secure) cookie += `; secure`;\n document.cookie = cookie;\n };\n\n const remove = (key: string): void => {\n if (typeof document === 'undefined') return;\n let cookie = `${key}=; expires=Thu, 01 Jan 1970 00:00:00 GMT`;\n if (path) cookie += `; path=${path}`;\n if (domain) cookie += `; domain=${domain}`;\n document.cookie = cookie;\n };\n\n return { get, set, remove };\n}\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nuria-tech/auth-sdk",
3
- "version": "1.0.1",
3
+ "version": "1.0.3",
4
4
  "description": "Browser OAuth 2.0 Authorization Code + PKCE client SDK — redirect-only, no password flows",
5
5
  "license": "MIT",
6
6
  "author": "Nuria Tech",