@nuria-tech/auth-sdk 1.0.2 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/README.md +207 -188
  2. package/dist/angular.cjs +49 -0
  3. package/dist/angular.cjs.map +1 -0
  4. package/dist/angular.d.cts +22 -0
  5. package/dist/angular.d.ts +22 -0
  6. package/dist/angular.js +47 -0
  7. package/dist/angular.js.map +1 -0
  8. package/dist/cookie-storage-adapter-EJeGX8Tl.d.ts +16 -0
  9. package/dist/cookie-storage-adapter-FKYkZ--Y.d.cts +16 -0
  10. package/dist/index.cjs +195 -24
  11. package/dist/index.cjs.map +1 -1
  12. package/dist/index.d.cts +4 -84
  13. package/dist/index.d.ts +4 -84
  14. package/dist/index.js +195 -24
  15. package/dist/index.js.map +1 -1
  16. package/dist/next.cjs +719 -0
  17. package/dist/next.cjs.map +1 -0
  18. package/dist/next.d.cts +12 -0
  19. package/dist/next.d.ts +12 -0
  20. package/dist/next.js +716 -0
  21. package/dist/next.js.map +1 -0
  22. package/dist/nuxt.cjs +719 -0
  23. package/dist/nuxt.cjs.map +1 -0
  24. package/dist/nuxt.d.cts +12 -0
  25. package/dist/nuxt.d.ts +12 -0
  26. package/dist/nuxt.js +716 -0
  27. package/dist/nuxt.js.map +1 -0
  28. package/dist/react.cjs +89 -0
  29. package/dist/react.cjs.map +1 -0
  30. package/dist/react.d.cts +27 -0
  31. package/dist/react.d.ts +27 -0
  32. package/dist/react.js +85 -0
  33. package/dist/react.js.map +1 -0
  34. package/dist/types-2k4ZYpF4.d.cts +103 -0
  35. package/dist/types-2k4ZYpF4.d.ts +103 -0
  36. package/dist/vue.cjs +57 -0
  37. package/dist/vue.cjs.map +1 -0
  38. package/dist/vue.d.cts +13 -0
  39. package/dist/vue.d.ts +13 -0
  40. package/dist/vue.js +55 -0
  41. package/dist/vue.js.map +1 -0
  42. package/package.json +51 -2
package/dist/cookie-storage-adapter-FKYkZ--Y.d.cts ADDED
@@ -0,0 +1,16 @@
1
+ import { S as StorageAdapter } from './types-2k4ZYpF4.cjs';
2
+
3
+ interface CookieStorageCallbacks {
4
+ getCookie(name: string): string | null | Promise<string | null>;
5
+ setCookie(name: string, value: string): void | Promise<void>;
6
+ removeCookie(name: string): void | Promise<void>;
7
+ }
8
+ declare class CookieStorageAdapter implements StorageAdapter {
9
+ private readonly callbacks;
10
+ constructor(callbacks: CookieStorageCallbacks);
11
+ get(key: string): Promise<string | null>;
12
+ set(key: string, value: string): Promise<void>;
13
+ remove(key: string): Promise<void>;
14
+ }
15
+
16
+ export { CookieStorageAdapter as C };
package/dist/index.cjs CHANGED
@@ -70,23 +70,25 @@ var STORAGE_KEYS = {
70
70
  codeVerifier: "nuria:oauth:code_verifier"
71
71
  };
72
72
  function normalizeTokenSet(raw, now) {
73
- var _a, _b, _c, _d, _e, _f;
74
- const accessToken = (_a = raw.access_token) != null ? _a : raw.accessToken;
73
+ var _a, _b, _c, _d, _e, _f, _g, _h, _i, _j;
74
+ const accessToken = (_b = (_a = raw.access_token) != null ? _a : raw.accessToken) != null ? _b : raw.Token;
75
75
  if (!accessToken || typeof accessToken !== "string") {
76
76
  throw new AuthError(
77
77
  "TOKEN_EXCHANGE_FAILED" /* TOKEN_EXCHANGE_FAILED */,
78
78
  "Missing access token in token response"
79
79
  );
80
80
  }
81
- const expiresIn = Number((_c = (_b = raw.expires_in) != null ? _b : raw.expiresIn) != null ? _c : 0) || void 0;
81
+ const expiresIn = Number((_d = (_c = raw.expires_in) != null ? _c : raw.expiresIn) != null ? _d : 0) || void 0;
82
+ const expiresAtFromResponse = Number((_e = raw.ExpiresAt) != null ? _e : 0) || void 0;
83
+ const computedExpiresAt = expiresIn != null ? now() + expiresIn * 1e3 : expiresAtFromResponse ? expiresAtFromResponse : void 0;
82
84
  return {
83
85
  accessToken,
84
- tokenType: (_d = raw.token_type) != null ? _d : raw.tokenType,
86
+ tokenType: (_g = (_f = raw.token_type) != null ? _f : raw.tokenType) != null ? _g : raw.TokenType,
85
87
  expiresIn,
86
- refreshToken: (_e = raw.refresh_token) != null ? _e : raw.refreshToken,
87
- idToken: (_f = raw.id_token) != null ? _f : raw.idToken,
88
+ refreshToken: (_i = (_h = raw.refresh_token) != null ? _h : raw.refreshToken) != null ? _i : raw.RefreshToken,
89
+ idToken: (_j = raw.id_token) != null ? _j : raw.idToken,
88
90
  scope: raw.scope,
89
- expiresAt: expiresIn ? now() + expiresIn * 1e3 : void 0
91
+ expiresAt: computedExpiresAt
90
92
  };
91
93
  }
92
94
  async function safeGet(storage, key) {
@@ -337,7 +339,6 @@ var DefaultAuthClient = class {
337
339
  "State validation failed"
338
340
  );
339
341
  }
340
- await safeRemove(this.storage, STORAGE_KEYS.state);
341
342
  return this.exchangeCode(code);
342
343
  }
343
344
  getSession() {
@@ -362,11 +363,27 @@ var DefaultAuthClient = class {
362
363
  }
363
364
  async logout(options) {
364
365
  if (options == null ? void 0 : options.returnTo) {
365
- const returnTo = options.returnTo;
366
- if (returnTo.startsWith("//") || !/^https?:\/\//.test(returnTo)) {
366
+ let returnToUrl;
367
+ try {
368
+ returnToUrl = new URL(options.returnTo);
369
+ } catch (e) {
370
+ throw new AuthError(
371
+ "INVALID_CONFIG" /* INVALID_CONFIG */,
372
+ "returnTo must be a valid absolute URL"
373
+ );
374
+ }
375
+ const isHttps = returnToUrl.protocol === "https:";
376
+ const isLocalHttp = returnToUrl.protocol === "http:" && (returnToUrl.hostname === "localhost" || returnToUrl.hostname === "127.0.0.1" || returnToUrl.hostname === "[::1]");
377
+ if (!isHttps && !isLocalHttp) {
367
378
  throw new AuthError(
368
379
  "INVALID_CONFIG" /* INVALID_CONFIG */,
369
- "returnTo must be an absolute https:// or http:// URL"
380
+ "returnTo must use https:// (or http:// only for localhost)"
381
+ );
382
+ }
383
+ if (returnToUrl.username || returnToUrl.password) {
384
+ throw new AuthError(
385
+ "INVALID_CONFIG" /* INVALID_CONFIG */,
386
+ "returnTo must not include URL credentials"
370
387
  );
371
388
  }
372
389
  }
@@ -389,8 +406,12 @@ var DefaultAuthClient = class {
389
406
  }
390
407
  }
391
408
  isAuthenticated() {
392
- var _a;
393
- return Boolean((_a = this.session) == null ? void 0 : _a.tokens.accessToken);
409
+ var _a, _b;
410
+ const accessToken = (_a = this.session) == null ? void 0 : _a.tokens.accessToken;
411
+ if (!accessToken) return false;
412
+ const exp = (_b = this.session) == null ? void 0 : _b.tokens.expiresAt;
413
+ if (exp && exp <= this.now()) return false;
414
+ return true;
394
415
  }
395
416
  onAuthStateChanged(handler) {
396
417
  this.listeners.add(handler);
@@ -416,6 +437,103 @@ var DefaultAuthClient = class {
416
437
  );
417
438
  return response.data;
418
439
  }
440
+ async startLoginCodeChallenge(options) {
441
+ var _a, _b, _c, _d, _e, _f, _g;
442
+ if (!(options == null ? void 0 : options.email)) {
443
+ throw new AuthError(
444
+ "INVALID_CONFIG" /* INVALID_CONFIG */,
445
+ "email is required for startLoginCodeChallenge"
446
+ );
447
+ }
448
+ const response = await this.transport.request(
449
+ `${this.config.baseUrl}/v2/login-code/challenge`,
450
+ {
451
+ method: "POST",
452
+ credentials: "include",
453
+ body: {
454
+ email: options.email,
455
+ channel: (_a = options.channel) != null ? _a : "email",
456
+ destination: options.destination,
457
+ purpose: (_b = options.purpose) != null ? _b : "login"
458
+ }
459
+ }
460
+ );
461
+ return {
462
+ challengeId: String((_c = response.data.challengeId) != null ? _c : ""),
463
+ channel: String((_d = response.data.channel) != null ? _d : ""),
464
+ destinationMasked: String((_e = response.data.destinationMasked) != null ? _e : ""),
465
+ expiresAt: Number((_f = response.data.expiresAt) != null ? _f : 0),
466
+ purpose: String((_g = response.data.purpose) != null ? _g : "login")
467
+ };
468
+ }
469
+ async verifyLoginCode(options) {
470
+ if (!(options == null ? void 0 : options.challengeId) || !(options == null ? void 0 : options.code)) {
471
+ throw new AuthError(
472
+ "INVALID_CONFIG" /* INVALID_CONFIG */,
473
+ "challengeId and code are required for verifyLoginCode"
474
+ );
475
+ }
476
+ const response = await this.transport.request(
477
+ `${this.config.baseUrl}/v2/2fa/verify-login`,
478
+ {
479
+ method: "POST",
480
+ credentials: "include",
481
+ body: {
482
+ challengeId: options.challengeId,
483
+ code: options.code
484
+ }
485
+ }
486
+ );
487
+ const tokens = normalizeTokenSet(response.data, this.now);
488
+ return this.createSession(tokens);
489
+ }
490
+ async loginWithCodeSent(options) {
491
+ return this.startLoginCodeChallenge(options);
492
+ }
493
+ async completeLoginWithCode(options) {
494
+ return this.verifyLoginCode(options);
495
+ }
496
+ async loginWithGoogle(options) {
497
+ if (!(options == null ? void 0 : options.idToken)) {
498
+ throw new AuthError(
499
+ "INVALID_CONFIG" /* INVALID_CONFIG */,
500
+ "idToken is required for loginWithGoogle"
501
+ );
502
+ }
503
+ const response = await this.transport.request(
504
+ `${this.config.baseUrl}/v2/google`,
505
+ {
506
+ method: "POST",
507
+ credentials: "include",
508
+ body: {
509
+ idToken: options.idToken
510
+ }
511
+ }
512
+ );
513
+ const tokens = normalizeTokenSet(response.data, this.now);
514
+ return this.createSession(tokens);
515
+ }
516
+ async loginWithPassword(options) {
517
+ if (!(options == null ? void 0 : options.email) || !(options == null ? void 0 : options.password)) {
518
+ throw new AuthError(
519
+ "INVALID_CONFIG" /* INVALID_CONFIG */,
520
+ "email and password are required for loginWithPassword"
521
+ );
522
+ }
523
+ const response = await this.transport.request(
524
+ `${this.config.baseUrl}/v2/login`,
525
+ {
526
+ method: "POST",
527
+ credentials: "include",
528
+ body: {
529
+ email: options.email,
530
+ password: options.password
531
+ }
532
+ }
533
+ );
534
+ const tokens = normalizeTokenSet(response.data, this.now);
535
+ return this.createSession(tokens);
536
+ }
419
537
  async exchangeCode(code) {
420
538
  const verifier = await safeGet(this.storage, STORAGE_KEYS.codeVerifier);
421
539
  if (!verifier) {
@@ -440,6 +558,7 @@ var DefaultAuthClient = class {
440
558
  }
441
559
  );
442
560
  const tokens = normalizeTokenSet(response.data, this.now);
561
+ await safeRemove(this.storage, STORAGE_KEYS.state);
443
562
  await safeRemove(this.storage, STORAGE_KEYS.codeVerifier);
444
563
  return this.createSession(tokens);
445
564
  }
@@ -503,23 +622,48 @@ var DefaultAuthClient = class {
503
622
  };
504
623
 
505
624
  // src/client/create-client.ts
506
- function createAuthClient(config) {
507
- if (!(config == null ? void 0 : config.clientId)) {
625
+ var DEFAULT_AUTH_BASE_URL = "https://ms-auth-v2.nuria.com.br";
626
+ var DEFAULT_AUTHORIZATION_PATH = "/v2/oauth/authorize";
627
+ var DEFAULT_TOKEN_PATH = "/v2/oauth/token";
628
+ var DEFAULT_SCOPE = "openid profile email";
629
+ function normalizeBaseUrl(value) {
630
+ const raw = String(value != null ? value : DEFAULT_AUTH_BASE_URL).trim();
631
+ if (!raw) {
508
632
  throw new AuthError(
509
633
  "INVALID_CONFIG" /* INVALID_CONFIG */,
510
- "config.clientId is required"
634
+ "config.baseUrl must be a valid absolute URL"
511
635
  );
512
636
  }
513
- if (!config.authorizationEndpoint) {
637
+ let parsed;
638
+ try {
639
+ parsed = new URL(raw);
640
+ } catch (e) {
514
641
  throw new AuthError(
515
642
  "INVALID_CONFIG" /* INVALID_CONFIG */,
516
- "config.authorizationEndpoint is required"
643
+ "config.baseUrl must be a valid absolute URL"
517
644
  );
518
645
  }
519
- if (!config.tokenEndpoint) {
646
+ return parsed.toString().replace(/\/+$/, "");
647
+ }
648
+ function resolveEndpoint(baseUrl, explicit, fallbackPath) {
649
+ if (explicit) {
650
+ try {
651
+ return new URL(explicit).toString();
652
+ } catch (e) {
653
+ throw new AuthError(
654
+ "INVALID_CONFIG" /* INVALID_CONFIG */,
655
+ "OAuth endpoints must be valid absolute URLs"
656
+ );
657
+ }
658
+ }
659
+ return new URL(fallbackPath, `${baseUrl}/`).toString();
660
+ }
661
+ function createAuthClient(config) {
662
+ var _a, _b;
663
+ if (!(config == null ? void 0 : config.clientId)) {
520
664
  throw new AuthError(
521
665
  "INVALID_CONFIG" /* INVALID_CONFIG */,
522
- "config.tokenEndpoint is required"
666
+ "config.clientId is required"
523
667
  );
524
668
  }
525
669
  if (!config.redirectUri) {
@@ -528,7 +672,24 @@ function createAuthClient(config) {
528
672
  "config.redirectUri is required"
529
673
  );
530
674
  }
531
- return new DefaultAuthClient(config);
675
+ const baseUrl = normalizeBaseUrl(config.baseUrl);
676
+ const resolvedConfig = {
677
+ ...config,
678
+ baseUrl,
679
+ scope: String((_a = config.scope) != null ? _a : "").trim() || DEFAULT_SCOPE,
680
+ enableRefreshToken: (_b = config.enableRefreshToken) != null ? _b : true,
681
+ authorizationEndpoint: resolveEndpoint(
682
+ baseUrl,
683
+ config.authorizationEndpoint,
684
+ DEFAULT_AUTHORIZATION_PATH
685
+ ),
686
+ tokenEndpoint: resolveEndpoint(
687
+ baseUrl,
688
+ config.tokenEndpoint,
689
+ DEFAULT_TOKEN_PATH
690
+ )
691
+ };
692
+ return new DefaultAuthClient(resolvedConfig);
532
693
  }
533
694
 
534
695
  // src/storage/web-storage-adapter.ts
@@ -567,8 +728,18 @@ var CookieStorageAdapter = class {
567
728
  var getCookieValue = (name) => {
568
729
  var _a;
569
730
  if (typeof document === "undefined") return null;
570
- const result = document.cookie.match(`(^|;)\\s*${name}\\s*=\\s*([^;]+)`);
571
- return result ? (_a = result.pop()) != null ? _a : null : null;
731
+ const escapedName = name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
732
+ const result = document.cookie.match(
733
+ `(^|;)\\s*${escapedName}\\s*=\\s*([^;]+)`
734
+ );
735
+ if (!result) return null;
736
+ const raw = (_a = result.pop()) != null ? _a : null;
737
+ if (raw == null) return null;
738
+ try {
739
+ return decodeURIComponent(raw);
740
+ } catch (e) {
741
+ return raw;
742
+ }
572
743
  };
573
744
  function createBrowserCookieStorage(options = {}) {
574
745
  const { domain, path = "/", sameSite = "strict", secure = true } = options;
@@ -577,7 +748,7 @@ function createBrowserCookieStorage(options = {}) {
577
748
  };
578
749
  const set = (key, value) => {
579
750
  if (typeof document === "undefined") return;
580
- let cookie = `${key}=${value}`;
751
+ let cookie = `${key}=${encodeURIComponent(value)}`;
581
752
  if (path) cookie += `; path=${path}`;
582
753
  if (domain) cookie += `; domain=${domain}`;
583
754
  if (sameSite) cookie += `; samesite=${sameSite}`;
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/errors/auth-error.ts","../src/core/pkce.ts","../src/core/utils.ts","../src/storage/memory-storage-adapter.ts","../src/transport/fetch-transport.ts","../src/client/nuria-auth-client.ts","../src/client/create-client.ts","../src/storage/web-storage-adapter.ts","../src/storage/cookie-storage-adapter.ts","../src/storage/browser-cookie-storage.ts"],"names":["AuthErrorCode"],"mappings":";;;AAAO,IAAK,aAAA,qBAAAA,cAAAA,KAAL;AACL,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,cAAA,CAAA,GAAe,cAAA;AACf,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,YAAA,CAAA,GAAa,YAAA;AAVH,EAAA,OAAAA,cAAAA;AAAA,CAAA,EAAA,aAAA,IAAA,EAAA;AAaL,IAAM,SAAA,GAAN,cAAwB,KAAA,CAAM;AAAA,EACnC,WAAA,CACkB,IAAA,EAChB,OAAA,EACgB,KAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAJG,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,WAAA;AAAA,EACd;AACF;;;ACtBA,IAAM,QAAA,GACJ,oEAAA;AAEF,SAAS,aAAA,GAAwB;AAC/B,EAAA,IAAI,OAAO,UAAA,KAAe,WAAA,IAAe,UAAA,CAAW,MAAA,EAAQ;AAC1D,IAAA,OAAO,UAAA,CAAW,MAAA;AAAA,EACpB;AACA,EAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAC9C;AAEO,SAAS,YAAA,CAAa,SAAS,EAAA,EAAY;AAChD,EAAA,MAAM,SAAS,aAAA,EAAc;AAG7B,EAAA,MAAM,SAAA,GAAY,GAAA,GAAO,GAAA,GAAM,QAAA,CAAS,MAAA;AACxC,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,OAAO,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC7B,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,IAAA,CAAK,MAAM,MAAA,GAAS,MAAA,CAAO,MAAA,IAAU,GAAG,CAAC,CAAA;AACtE,IAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,IAAA,KAAA,MAAW,KAAK,KAAA,EAAO;AACrB,MAAA,IAAI,MAAA,CAAO,UAAU,MAAA,EAAQ;AAC7B,MAAA,IAAI,CAAA,GAAI,WAAW,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA,GAAI,QAAA,CAAS,MAAM,CAAE,CAAA;AAAA,IAC/D;AAAA,EACF;AACA,EAAA,OAAO,MAAA,CAAO,KAAK,EAAE,CAAA;AACvB;AAEA,SAAS,YAAY,KAAA,EAAwC;AAC3D,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,CAAA,KAAM,MAAA,CAAO,YAAA,CAAa,CAAC,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAA;AACvE,EAAA,OAAO,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,EAAE,CAAA;AAC9E;AAEA,SAAS,gBAAgB,QAAA,EAA2C;AAClE,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,QAAA,CAAS,MAAM,CAAA;AAC5C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,QAAA,CAAS,QAAQ,CAAA,EAAA,EAAK;AACxC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,QAAA,CAAS,UAAA,CAAW,CAAC,CAAA;AAAA,EAClC;AACA,EAAA,OAAO,KAAA;AACT;AAEA,eAAsB,oBAAoB,QAAA,EAAmC;AAC3E,EAAA,MAAM,SAAS,aAAA,EAAc;AAC7B,EAAA,MAAM,MAAA,GAAS,gBAAgB,QAAQ,CAAA;AACvC,EAAA,MAAM,SAAS,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,WAAW,MAAM,CAAA;AAC3D,EAAA,OAAO,WAAA,CAAY,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAC3C;;;AC1CO,IAAM,YAAA,GAAe;AAAA,EAC1B,OAAA,EAAS,eAAA;AAAA,EACT,KAAA,EAAO,mBAAA;AAAA,EACP,YAAA,EAAc;AAChB,CAAA;AAEO,SAAS,iBAAA,CACd,KACA,GAAA,EACU;AAZZ,EAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAaE,EAAA,MAAM,WAAA,GAAA,CAAe,EAAA,GAAA,GAAA,CAAI,YAAA,KAAJ,IAAA,GAAA,EAAA,GAAoB,GAAA,CAAI,WAAA;AAC7C,EAAA,IAAI,CAAC,WAAA,IAAe,OAAO,WAAA,KAAgB,QAAA,EAAU;AACnD,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,uBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,MAAM,SAAA,GAAY,QAAO,EAAA,GAAA,CAAA,EAAA,GAAA,GAAA,CAAI,UAAA,KAAJ,YAAkB,GAAA,CAAI,SAAA,KAAtB,IAAA,GAAA,EAAA,GAAmC,CAAC,CAAA,IAAK,MAAA;AAClE,EAAA,OAAO;AAAA,IACL,WAAA;AAAA,IACA,SAAA,EAAA,CAAY,EAAA,GAAA,GAAA,CAAI,UAAA,KAAJ,IAAA,GAAA,EAAA,GAAkB,GAAA,CAAI,SAAA;AAAA,IAClC,SAAA;AAAA,IACA,YAAA,EAAA,CAAe,EAAA,GAAA,GAAA,CAAI,aAAA,KAAJ,IAAA,GAAA,EAAA,GAAqB,GAAA,CAAI,YAAA;AAAA,IACxC,OAAA,EAAA,CAAU,EAAA,GAAA,GAAA,CAAI,QAAA,KAAJ,IAAA,GAAA,EAAA,GAAgB,GAAA,CAAI,OAAA;AAAA,IAC9B,OAAO,GAAA,CAAI,KAAA;AAAA,IACX,SAAA,EAAW,SAAA,GAAY,GAAA,EAAI,GAAI,YAAY,GAAA,GAAO;AAAA,GACpD;AACF;AAEA,eAAsB,OAAA,CACpB,SACA,GAAA,EACwB;AACxB,EAAA,IAAI;AACF,IAAA,OAAO,MAAM,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,uBAAuB,GAAG,CAAA,CAAA;AAAA,MAC1B;AAAA,KACF;AAAA,EACF;AACF;AAEA,eAAsB,OAAA,CACpB,OAAA,EACA,GAAA,EACA,KAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,uBAAuB,GAAG,CAAA,CAAA;AAAA,MAC1B;AAAA,KACF;AAAA,EACF;AACF;AAEA,eAAsB,UAAA,CACpB,SACA,GAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,EAC1B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,wBAAwB,GAAG,CAAA,CAAA;AAAA,MAC3B;AAAA,KACF;AAAA,EACF;AACF;AAEO,SAAS,eAAA,CAAgB,GAAW,CAAA,EAAoB;AAC7D,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAClC,EAAA,IAAI,IAAA,GAAO,CAAA;AACX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,QAAQ,CAAA,EAAA,EAAK;AACjC,IAAA,IAAA,IAAQ,EAAE,UAAA,CAAW,CAAC,CAAA,GAAI,CAAA,CAAE,WAAW,CAAC,CAAA;AAAA,EAC1C;AACA,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB;AAEO,SAAS,SAAS,GAAA,EAAkB;AACzC,EAAA,IAAI;AACF,IAAA,OAAO,IAAI,IAAI,GAAG,CAAA;AAAA,EACpB,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,IAAA,MAAM,IAAI,iDAAwC,sBAAsB,CAAA;AAAA,EAC1E;AACF;;;AC3FO,IAAM,uBAAN,MAAqD;AAAA,EAArD,WAAA,GAAA;AACL,IAAA,IAAA,CAAQ,KAAA,uBAAY,GAAA,EAAoB;AAAA,EAAA;AAAA,EAExC,IAAI,GAAA,EAA4B;AALlC,IAAA,IAAA,EAAA;AAMI,IAAA,OAAA,CAAO,EAAA,GAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,MAAlB,IAAA,GAAA,EAAA,GAAuB,IAAA;AAAA,EAChC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC3B;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,EACvB;AACF;;;ACDA,IAAM,gBAAA,mBAAmB,IAAI,GAAA,CAAI,CAAC,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAG,CAAC,CAAA;AAE7D,IAAM,qBAAN,MAAkD;AAAA,EAMvD,WAAA,CAAY,OAAA,GAAiC,EAAC,EAAG;AAvBnD,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAwBI,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,KAAA;AAClC,IAAA,IAAA,CAAK,YAAY,OAAA,CAAQ,SAAA;AACzB,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,CAAA;AAClC,IAAA,IAAA,CAAK,YAAA,GAAA,CAAe,EAAA,GAAA,OAAA,CAAQ,YAAA,KAAR,IAAA,GAAA,EAAA,GAAwB,EAAC;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAA,CACJ,GAAA,EACA,GAAA,GAA4B,EAAC,EACM;AAjCvC,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAkCI,IAAA,IAAI,OAAA,GAAU,GAAA;AACd,IAAA,KAAA,MAAW,CAAA,IAAK,KAAK,YAAA,EAAc;AACjC,MAAA,IAAI,EAAE,SAAA,EAAW,OAAA,GAAU,MAAM,CAAA,CAAE,SAAA,CAAU,KAAK,OAAO,CAAA;AAAA,IAC3D;AAEA,IAAA,MAAM,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,IAAA,CAAK,OAAA;AACxC,IAAA,IAAI,OAAA,GAAU,CAAA;AACd,IAAA,OAAO,IAAA,EAAM;AACX,MAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,MAAA,MAAM,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,SAAA,KAAR,IAAA,GAAA,EAAA,GAAqB,IAAA,CAAK,SAAA;AAC1C,MAAA,MAAM,KAAA,GAAQ,UACV,UAAA,CAAW,MAAM,WAAW,KAAA,EAAM,EAAG,OAAO,CAAA,GAC5C,MAAA;AACJ,MAAA,IAAI;AACF,QAAA,MAAM,kBAAA,GACJ,OAAO,OAAA,CAAQ,IAAA,KAAS,WACpB,mCAAA,GACA,kBAAA;AACN,QAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,KAAK,SAAA,CAAU,GAAA,EAAK,OAAA,CAAQ,KAAK,CAAA,EAAG;AAAA,UACjE,MAAA,EAAA,CAAQ,EAAA,GAAA,OAAA,CAAQ,MAAA,KAAR,IAAA,GAAA,EAAA,GAAkB,KAAA;AAAA,UAC1B,aAAa,OAAA,CAAQ,WAAA;AAAA,UACrB,OAAA,EAAS;AAAA,YACP,cAAA,EAAgB,kBAAA;AAAA,YAChB,GAAA,CAAI,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB;AAAC,WAC1B;AAAA,UACA,IAAA,EACE,OAAA,CAAQ,IAAA,KAAS,KAAA,CAAA,GACb,OAAO,OAAA,CAAQ,IAAA,KAAS,QAAA,GACtB,OAAA,CAAQ,IAAA,GACR,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA,GAC7B,KAAA,CAAA;AAAA,UACN,QAAQ,UAAA,CAAW;AAAA,SACpB,CAAA;AACD,QAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAa,GAAG,CAAA;AACxC,QAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,UAAA,IAAI,UAAU,OAAA,IAAW,gBAAA,CAAiB,GAAA,CAAI,GAAA,CAAI,MAAM,CAAA,EAAG;AACzD,YAAA,OAAA,IAAW,CAAA;AACX,YAAA;AAAA,UACF;AACA,UAAA,MAAM,IAAI,SAAA,CAAA,YAAA,mBAAoC,CAAA,KAAA,EAAQ,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,QACpE;AACA,QAAA,IAAI,GAAA,GAAgC;AAAA,UAClC,QAAQ,GAAA,CAAI,MAAA;AAAA,UACZ,IAAA;AAAA,UACA,SAAS,GAAA,CAAI;AAAA,SACf;AACA,QAAA,KAAA,MAAW,CAAA,IAAK,KAAK,YAAA,EAAc;AACjC,UAAA,IAAI,EAAE,UAAA,EAAY,GAAA,GAAM,MAAM,CAAA,CAAE,WAAW,GAAG,CAAA;AAAA,QAChD;AACA,QAAA,OAAO,GAAA;AAAA,MACT,SAAS,KAAA,EAAO;AACd,QAAA,IAAI,KAAA,YAAiB,WAAW,MAAM,KAAA;AACtC,QAAA,IAAI,UAAU,OAAA,EAAS;AACrB,UAAA,OAAA,IAAW,CAAA;AACX,UAAA;AAAA,QACF;AACA,QAAA,MAAM,IAAI,SAAA;AAAA,UAAA,eAAA;AAAA,UAER,wBAAA;AAAA,UACA;AAAA,SACF;AAAA,MACF,CAAA,SAAE;AACA,QAAA,IAAI,KAAA,eAAoB,KAAK,CAAA;AAAA,MAC/B;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,SAAA,CACN,KACA,KAAA,EACQ;AACR,IAAA,IAAI,CAAC,OAAO,OAAO,GAAA;AACnB,IAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,GAAG,CAAA;AAC1B,IAAA,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM;AACxC,MAAA,IAAI,MAAM,MAAA,EAAW,MAAA,CAAO,YAAA,CAAa,GAAA,CAAI,GAAG,CAAC,CAAA;AAAA,IACnD,CAAC,CAAA;AACD,IAAA,OAAO,OAAO,QAAA,EAAS;AAAA,EACzB;AAAA,EAEA,MAAc,UAAa,GAAA,EAA2B;AAjHxD,IAAA,IAAA,EAAA;AAkHI,IAAA,MAAM,eAAc,EAAA,GAAA,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,cAAc,MAA9B,IAAA,GAAA,EAAA,GAAmC,EAAA;AACvD,IAAA,IAAI,WAAA,CAAY,QAAA,CAAS,kBAAkB,CAAA,EAAG;AAC5C,MAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,IACzB;AACA,IAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,EACzB;AACF;;;AClGO,IAAM,oBAAN,MAA8C;AAAA,EAQnD,YAA6B,MAAA,EAAoB;AAApB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAP7B,IAAA,IAAA,CAAQ,OAAA,GAA0B,IAAA;AAClC,IAAA,IAAA,CAAQ,cAAA,GAA0C,IAAA;AAClD,IAAA,IAAA,CAAiB,SAAA,uBAAgB,GAAA,EAAuC;AAzB1E,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AA+BI,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,MAAA,CAAO,OAAA,KAAP,IAAA,GAAA,EAAA,GAAkB,IAAI,oBAAA,EAAqB;AAC1D,IAAA,IAAA,CAAK,SAAA,GAAA,CAAY,EAAA,GAAA,MAAA,CAAO,SAAA,KAAP,IAAA,GAAA,EAAA,GAAoB,IAAI,kBAAA,EAAmB;AAC5D,IAAA,IAAA,CAAK,OAAM,EAAA,GAAA,MAAA,CAAO,GAAA,KAAP,IAAA,GAAA,EAAA,IAAe,MAAM,KAAK,GAAA,EAAI,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,UAAA,CAAW,OAAA,GAA6B,EAAC,EAAkB;AApCnE,IAAA,IAAA,EAAA,EAAA,EAAA;AAqCI,IAAA,MAAM,KAAA,GAAQ,aAAa,EAAE,CAAA;AAC7B,IAAA,MAAM,YAAA,GAAe,aAAa,EAAE,CAAA;AACpC,IAAA,MAAM,aAAA,GAAgB,MAAM,mBAAA,CAAoB,YAAY,CAAA;AAE5D,IAAA,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,KAAK,CAAA;AACrD,IAAA,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,cAAc,YAAY,CAAA;AAEnE,IAAA,MAAM,MAAA,GAAiC;AAAA,MACrC,aAAA,EAAe,MAAA;AAAA,MACf,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,MAC1B,KAAA;AAAA,MACA,cAAA,EAAgB,aAAA;AAAA,MAChB,qBAAA,EAAuB;AAAA,KACzB;AAEA,IAAA,MAAM,KAAA,GAAA,CAAQ,mBAAQ,MAAA,KAAR,IAAA,GAAA,MAAA,GAAA,EAAA,CAAgB,KAAK,GAAA,CAAA,KAArB,IAAA,GAAA,EAAA,GAA6B,KAAK,MAAA,CAAO,KAAA;AACvD,IAAA,IAAI,KAAA,SAAc,KAAA,GAAQ,KAAA;AAC1B,IAAA,IAAI,OAAA,CAAQ,SAAA,EAAW,MAAA,CAAO,UAAA,GAAa,OAAA,CAAQ,SAAA;AACnD,IAAA,IAAI,QAAQ,WAAA,EAAa;AACvB,MAAA,MAAM,QAAA,uBAAe,GAAA,CAAI;AAAA,QACvB,eAAA;AAAA,QACA,WAAA;AAAA,QACA,cAAA;AAAA,QACA,OAAA;AAAA,QACA,gBAAA;AAAA,QACA;AAAA,OACD,CAAA;AACD,MAAA,KAAA,MAAW,CAAC,GAAG,CAAC,CAAA,IAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxD,QAAA,IAAI,CAAC,QAAA,CAAS,GAAA,CAAI,CAAC,CAAA,EAAG,MAAA,CAAO,CAAC,CAAA,GAAI,CAAA;AAAA,MACpC;AAAA,IACF;AAEA,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,qBAAqB,CAAA;AACrD,IAAA,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,CAAA,EAAG,CAAC,CAAC,CAAA;AACrE,IAAA,MAAM,WAAA,GAAc,IAAI,QAAA,EAAS;AAEjC,IAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,WAAW,CAAA;AACxC,MAAA;AAAA,IACF;AACA,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,MAAA,MAAA,CAAO,QAAA,CAAS,OAAO,WAAW,CAAA;AAClC,MAAA;AAAA,IACF;AACA,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AAAA,EAEA,MAAM,uBAAuB,WAAA,EAAwC;AACnE,IAAA,MAAM,QACJ,WAAA,IAAA,IAAA,GAAA,WAAA,GACC,OAAO,WAAW,WAAA,GAAc,MAAA,CAAO,SAAS,IAAA,GAAO,EAAA;AAC1D,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,GAAA,GAAM,SAAS,KAAK,CAAA;AAC1B,IAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAC1C,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,mBAAmB,CAAA;AACrD,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER,OACI,CAAA,qBAAA,EAAwB,KAAK,WAAM,IAAI,CAAA,CAAA,GACvC,wBAAwB,KAAK,CAAA;AAAA,OACnC;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACxC,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,cAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAC1C,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,eAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,cAAc,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,KAAK,CAAA;AAClE,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,eAAA,CAAgB,WAAA,EAAa,KAAK,CAAA,EAAG;AACxD,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,KAAK,CAAA;AACjD,IAAA,OAAO,IAAA,CAAK,aAAa,IAAI,CAAA;AAAA,EAC/B;AAAA,EAEA,UAAA,GAA6B;AAC3B,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEA,MAAM,cAAA,GAAyC;AA/IjD,IAAA,IAAA,EAAA,EAAA,EAAA;AAgJI,IAAA,IAAI,CAAC,KAAK,OAAA,EAAS;AACjB,MAAA,MAAM,KAAK,cAAA,EAAe;AAAA,IAC5B;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,OAAA,EAAS,OAAO,IAAA;AAC1B,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,SAAA;AAChC,IAAA,IAAI,OAAO,GAAA,IAAO,IAAA,CAAK,KAAI,IAAK,IAAA,CAAK,OAAO,kBAAA,EAAoB;AAC9D,MAAA,IAAI,CAAC,KAAK,cAAA,EAAgB;AACxB,QAAA,IAAA,CAAK,cAAA,GAAiB,IAAA,CAAK,SAAA,EAAU,CAAE,QAAQ,MAAM;AACnD,UAAA,IAAA,CAAK,cAAA,GAAiB,IAAA;AAAA,QACxB,CAAC,CAAA;AAAA,MACH;AACA,MAAA,MAAM,IAAA,CAAK,cAAA;AAAA,IACb;AACA,IAAA,OAAA,CAAO,EAAA,GAAA,CAAA,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,gBAArB,IAAA,GAAA,EAAA,GAAoC,IAAA;AAAA,EAC7C;AAAA,EAEA,MAAM,OAAO,OAAA,EAAgD;AAC3D,IAAA,IAAI,mCAAS,QAAA,EAAU;AACrB,MAAA,MAAM,WAAW,OAAA,CAAQ,QAAA;AACzB,MAAA,IAAI,QAAA,CAAS,WAAW,IAAI,CAAA,IAAK,CAAC,cAAA,CAAe,IAAA,CAAK,QAAQ,CAAA,EAAG;AAC/D,QAAA,MAAM,IAAI,SAAA;AAAA,UAAA,gBAAA;AAAA,UAER;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,IAAA;AACf,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,KAAK,CAAA;AACjD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,YAAY,CAAA;AACxD,IAAA,IAAA,CAAK,MAAA,EAAO;AAEZ,IAAA,IAAI,IAAA,CAAK,OAAO,cAAA,EAAgB;AAC9B,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,cAAc,CAAA;AAC9C,MAAA,IAAI,mCAAS,QAAA,EAAU;AACrB,QAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,OAAA,CAAQ,QAAQ,CAAA;AAAA,MACnD;AACA,MAAA,MAAM,SAAA,GAAY,IAAI,QAAA,EAAS;AAC/B,MAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,QAAA,MAAM,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,SAAS,CAAA;AAAA,MACxC,CAAA,MAAA,IAAW,OAAO,MAAA,KAAW,WAAA,EAAa;AACxC,QAAA,MAAA,CAAO,QAAA,CAAS,OAAO,SAAS,CAAA;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,eAAA,GAA2B;AA/L7B,IAAA,IAAA,EAAA;AAgMI,IAAA,OAAO,OAAA,CAAA,CAAQ,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,OAAO,WAAW,CAAA;AAAA,EACjD;AAAA,EAEA,mBAAmB,OAAA,EAAwD;AACzE,IAAA,IAAA,CAAK,SAAA,CAAU,IAAI,OAAO,CAAA;AAC1B,IAAA,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,OAAO,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAA,GAAgD;AACpD,IAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,cAAA,EAAe;AAC9C,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,gBAAA,EAAkB;AACjC,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AACA,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,gBAAA;AAAA,MACZ,EAAE,OAAA,EAAS,EAAE,eAAe,CAAA,OAAA,EAAU,WAAW,IAAG;AAAE,KACxD;AACA,IAAA,OAAO,QAAA,CAAS,IAAA;AAAA,EAClB;AAAA,EAEA,MAAc,aAAa,IAAA,EAAgC;AACzD,IAAA,MAAM,WAAW,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,YAAY,CAAA;AACtE,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,uBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,oBAAA;AAAA,MACZ,IAAA;AAAA,MACA,aAAA,EAAe,QAAA;AAAA,MACf,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,MAC1B,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,KACxB,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,aAAA;AAAA,MACZ;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,WAAA,EAAa,SAAA;AAAA,QACb,IAAA,EAAM,KAAK,QAAA;AAAS;AACtB,KACF;AACA,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,QAAA,CAAS,IAAA,EAAM,KAAK,GAAG,CAAA;AACxD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,YAAY,CAAA;AACxD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEA,MAAc,SAAA,GAA8B;AA3P9C,IAAA,IAAA,EAAA;AA4PI,IAAA,MAAM,YAAA,GAAA,CAAe,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,YAAA;AAC1C,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,eAAA;AAAA,MACZ,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,KACxB,CAAA;AACD,IAAA,IAAI,YAAA,EAAc,IAAA,CAAK,GAAA,CAAI,eAAA,EAAiB,YAAY,CAAA;AAExD,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,aAAA;AAAA,MACZ;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,WAAA,EAAa,SAAA;AAAA,QACb,IAAA,EAAM,KAAK,QAAA;AAAS;AACtB,KACF;AACA,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,QAAA,CAAS,IAAA,EAAM,KAAK,GAAG,CAAA;AACxD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEA,MAAc,cAAc,MAAA,EAAoC;AA/QlE,IAAA,IAAA,EAAA,EAAA,EAAA;AAgRI,IAAA,MAAM,oBAAA,GAAA,CAAuB,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,YAAA;AAClD,IAAA,MAAM,YAAA,GAAyB;AAAA,MAC7B,GAAG,MAAA;AAAA,MACH,YAAA,EAAA,CAAc,EAAA,GAAA,MAAA,CAAO,YAAA,KAAP,IAAA,GAAA,EAAA,GAAuB;AAAA,KACvC;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU;AAAA,MACb,MAAA,EAAQ,YAAA;AAAA,MACR,SAAA,EAAW,KAAK,GAAA;AAAI,KACtB;AACA,IAAA,MAAM,OAAA;AAAA,MACJ,IAAA,CAAK,OAAA;AAAA,MACL,YAAA,CAAa,OAAA;AAAA,MACb,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,OAAO;AAAA,KAC7B;AACA,IAAA,IAAA,CAAK,MAAA,EAAO;AACZ,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEQ,MAAA,GAAe;AACrB,IAAA,IAAA,CAAK,UAAU,OAAA,CAAQ,CAAC,YAAY,OAAA,CAAQ,IAAA,CAAK,OAAO,CAAC,CAAA;AAAA,EAC3D;AAAA,EAEA,MAAc,cAAA,GAAgC;AAvShD,IAAA,IAAA,EAAA;AAwSI,IAAA,MAAM,MAAM,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,OAAO,CAAA;AAC5D,IAAA,IAAI,CAAC,GAAA,EAAK;AACV,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,GAAG,CAAA;AAC7B,MAAA,IAAI,QAAA,CAAO,EAAA,GAAA,MAAA,IAAA,IAAA,GAAA,KAAA,CAAA,GAAA,MAAA,CAAQ,MAAA,KAAR,IAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAgB,iBAAgB,QAAA,EAAU;AACnD,QAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,QAAA;AAAA,MACF;AACA,MAAA,IAAA,CAAK,OAAA,GAAU,MAAA;AAAA,IACjB,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,MAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,MAAA,IAAA,CAAK,OAAA,GAAU,IAAA;AAAA,IACjB;AAAA,EACF;AACF,CAAA;;;AClTO,SAAS,iBAAiB,MAAA,EAAgC;AAC/D,EAAA,IAAI,EAAC,iCAAQ,QAAA,CAAA,EAAU;AACrB,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,qBAAA,EAAuB;AACjC,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,aAAA,EAAe;AACzB,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,WAAA,EAAa;AACvB,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,IAAI,kBAAkB,MAAM,CAAA;AACrC;;;AC5BO,IAAM,oBAAN,MAAkD;AAAA,EACvD,YACmB,OAAA,EAIjB;AAJiB,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAIhB;AAAA,EAEH,IAAI,GAAA,EAA4B;AAC9B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA;AAAA,EACjC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAAA,EACjC;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,GAAG,CAAA;AAAA,EAC7B;AACF;;;ACbO,IAAM,uBAAN,MAAqD;AAAA,EAC1D,YAA6B,SAAA,EAAmC;AAAnC,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EAAoC;AAAA,EAEjE,MAAM,IAAI,GAAA,EAAqC;AAC7C,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,SAAA,CAAU,GAAG,CAAA;AAAA,EACrC;AAAA,EAEA,MAAM,GAAA,CAAI,GAAA,EAAa,KAAA,EAA8B;AACnD,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,SAAA,CAAU,GAAA,EAAK,KAAK,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,OAAO,GAAA,EAA4B;AACvC,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,YAAA,CAAa,GAAG,CAAA;AAAA,EACvC;AACF;;;ACbA,IAAM,cAAA,GAAiB,CAAC,IAAA,KAAgC;AATxD,EAAA,IAAA,EAAA;AAUE,EAAA,IAAI,OAAO,QAAA,KAAa,WAAA,EAAa,OAAO,IAAA;AAC5C,EAAA,MAAM,SAAS,QAAA,CAAS,MAAA,CAAO,KAAA,CAAM,CAAA,SAAA,EAAY,IAAI,CAAA,gBAAA,CAAkB,CAAA;AACvE,EAAA,OAAO,MAAA,GAAA,CAAU,EAAA,GAAA,MAAA,CAAO,GAAA,EAAI,KAAX,YAAgB,IAAA,GAAQ,IAAA;AAC3C,CAAA;AAEO,SAAS,0BAAA,CACd,OAAA,GAAuC,EAAC,EACxB;AAChB,EAAA,MAAM,EAAE,QAAQ,IAAA,GAAO,GAAA,EAAK,WAAW,QAAA,EAAU,MAAA,GAAS,MAAK,GAAI,OAAA;AAEnE,EAAA,MAAM,GAAA,GAAM,CAAC,GAAA,KAA+B;AAC1C,IAAA,OAAO,eAAe,GAAG,CAAA;AAAA,EAC3B,CAAA;AAEA,EAAA,MAAM,GAAA,GAAM,CAAC,GAAA,EAAa,KAAA,KAAwB;AAChD,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,IAAI,MAAA,GAAS,CAAA,EAAG,GAAG,CAAA,CAAA,EAAI,KAAK,CAAA,CAAA;AAC5B,IAAA,IAAI,IAAA,EAAM,MAAA,IAAU,CAAA,OAAA,EAAU,IAAI,CAAA,CAAA;AAClC,IAAA,IAAI,MAAA,EAAQ,MAAA,IAAU,CAAA,SAAA,EAAY,MAAM,CAAA,CAAA;AACxC,IAAA,IAAI,QAAA,EAAU,MAAA,IAAU,CAAA,WAAA,EAAc,QAAQ,CAAA,CAAA;AAC9C,IAAA,IAAI,QAAQ,MAAA,IAAU,CAAA,QAAA,CAAA;AACtB,IAAA,QAAA,CAAS,MAAA,GAAS,MAAA;AAAA,EACpB,CAAA;AAEA,EAAA,MAAM,MAAA,GAAS,CAAC,GAAA,KAAsB;AACpC,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,IAAI,MAAA,GAAS,GAAG,GAAG,CAAA,wCAAA,CAAA;AACnB,IAAA,IAAI,IAAA,EAAM,MAAA,IAAU,CAAA,OAAA,EAAU,IAAI,CAAA,CAAA;AAClC,IAAA,IAAI,MAAA,EAAQ,MAAA,IAAU,CAAA,SAAA,EAAY,MAAM,CAAA,CAAA;AACxC,IAAA,QAAA,CAAS,MAAA,GAAS,MAAA;AAAA,EACpB,CAAA;AAEA,EAAA,OAAO,EAAE,GAAA,EAAK,GAAA,EAAK,MAAA,EAAO;AAC5B","file":"index.cjs","sourcesContent":["export enum AuthErrorCode {\n INVALID_CONFIG = 'INVALID_CONFIG',\n STATE_MISMATCH = 'STATE_MISMATCH',\n CALLBACK_ERROR = 'CALLBACK_ERROR',\n TOKEN_EXCHANGE_FAILED = 'TOKEN_EXCHANGE_FAILED',\n REFRESH_FAILED = 'REFRESH_FAILED',\n STORAGE_ERROR = 'STORAGE_ERROR',\n MISSING_CODE = 'MISSING_CODE',\n MISSING_STATE = 'MISSING_STATE',\n NETWORK_ERROR = 'NETWORK_ERROR',\n HTTP_ERROR = 'HTTP_ERROR',\n}\n\nexport class AuthError extends Error {\n constructor(\n public readonly code: AuthErrorCode,\n message: string,\n public readonly cause?: unknown,\n ) {\n super(message);\n this.name = 'AuthError';\n }\n}\n","const ALPHABET =\n 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';\n\nfunction getCryptoImpl(): Crypto {\n if (typeof globalThis !== 'undefined' && globalThis.crypto) {\n return globalThis.crypto;\n }\n throw new Error('Web Crypto API unavailable');\n}\n\nexport function randomString(length = 64): string {\n const crypto = getCryptoImpl();\n // Rejection sampling: discard bytes >= threshold to eliminate modulo bias.\n // ALPHABET.length = 66; threshold = 256 - (256 % 66) = 204\n const THRESHOLD = 256 - (256 % ALPHABET.length);\n const result: string[] = [];\n while (result.length < length) {\n const bytes = new Uint8Array(Math.ceil((length - result.length) * 1.4));\n crypto.getRandomValues(bytes);\n for (const b of bytes) {\n if (result.length >= length) break;\n if (b < THRESHOLD) result.push(ALPHABET[b % ALPHABET.length]!);\n }\n }\n return result.join('');\n}\n\nfunction toBase64Url(bytes: Uint8Array<ArrayBuffer>): string {\n const binary = Array.from(bytes, (b) => String.fromCharCode(b)).join('');\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=/g, '');\n}\n\nfunction verifierToBytes(verifier: string): Uint8Array<ArrayBuffer> {\n const bytes = new Uint8Array(verifier.length);\n for (let i = 0; i < verifier.length; i++) {\n bytes[i] = verifier.charCodeAt(i);\n }\n return bytes;\n}\n\nexport async function createCodeChallenge(verifier: string): Promise<string> {\n const crypto = getCryptoImpl();\n const buffer = verifierToBytes(verifier);\n const digest = await crypto.subtle.digest('SHA-256', buffer);\n return toBase64Url(new Uint8Array(digest));\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type { StorageAdapter, TokenSet } from './types';\n\nexport const STORAGE_KEYS = {\n session: 'nuria:session',\n state: 'nuria:oauth:state',\n codeVerifier: 'nuria:oauth:code_verifier',\n};\n\nexport function normalizeTokenSet(\n raw: Record<string, unknown>,\n now: () => number,\n): TokenSet {\n const accessToken = (raw.access_token ?? raw.accessToken) as string;\n if (!accessToken || typeof accessToken !== 'string') {\n throw new AuthError(\n AuthErrorCode.TOKEN_EXCHANGE_FAILED,\n 'Missing access token in token response',\n );\n }\n const expiresIn = Number(raw.expires_in ?? raw.expiresIn ?? 0) || undefined;\n return {\n accessToken,\n tokenType: (raw.token_type ?? raw.tokenType) as string | undefined,\n expiresIn,\n refreshToken: (raw.refresh_token ?? raw.refreshToken) as string | undefined,\n idToken: (raw.id_token ?? raw.idToken) as string | undefined,\n scope: raw.scope as string | undefined,\n expiresAt: expiresIn ? now() + expiresIn * 1000 : undefined,\n };\n}\n\nexport async function safeGet(\n storage: StorageAdapter,\n key: string,\n): Promise<string | null> {\n try {\n return await storage.get(key);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed reading key: ${key}`,\n cause,\n );\n }\n}\n\nexport async function safeSet(\n storage: StorageAdapter,\n key: string,\n value: string,\n): Promise<void> {\n try {\n await storage.set(key, value);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed writing key: ${key}`,\n cause,\n );\n }\n}\n\nexport async function safeRemove(\n storage: StorageAdapter,\n key: string,\n): Promise<void> {\n try {\n await storage.remove(key);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed removing key: ${key}`,\n cause,\n );\n }\n}\n\nexport function timingSafeEqual(a: string, b: string): boolean {\n if (a.length !== b.length) return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++) {\n diff |= a.charCodeAt(i) ^ b.charCodeAt(i);\n }\n return diff === 0;\n}\n\nexport function parseUrl(url: string): URL {\n try {\n return new URL(url);\n } catch {\n throw new AuthError(AuthErrorCode.CALLBACK_ERROR, 'Invalid callback URL');\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport class MemoryStorageAdapter implements StorageAdapter {\n private store = new Map<string, string>();\n\n get(key: string): string | null {\n return this.store.get(key) ?? null;\n }\n\n set(key: string, value: string): void {\n this.store.set(key, value);\n }\n\n remove(key: string): void {\n this.store.delete(key);\n }\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type {\n AuthTransport,\n AuthTransportRequest,\n AuthTransportResponse,\n TransportInterceptor,\n} from '../core/types';\n\nexport interface FetchTransportOptions {\n fetchFn?: typeof fetch;\n timeoutMs?: number;\n retries?: number;\n interceptors?: TransportInterceptor[];\n}\n\nconst RETRYABLE_STATUS = new Set([408, 425, 429, 500, 502, 503, 504]);\n\nexport class FetchAuthTransport implements AuthTransport {\n private readonly fetchFn: typeof fetch;\n private readonly timeoutMs?: number;\n private readonly retries: number;\n private readonly interceptors: TransportInterceptor[];\n\n constructor(options: FetchTransportOptions = {}) {\n this.fetchFn = options.fetchFn ?? fetch;\n this.timeoutMs = options.timeoutMs;\n this.retries = options.retries ?? 0;\n this.interceptors = options.interceptors ?? [];\n }\n\n async request<T = unknown>(\n url: string,\n req: AuthTransportRequest = {},\n ): Promise<AuthTransportResponse<T>> {\n let request = req;\n for (const i of this.interceptors) {\n if (i.onRequest) request = await i.onRequest(url, request);\n }\n\n const retries = request.retries ?? this.retries;\n let attempt = 0;\n while (true) {\n const controller = new AbortController();\n const timeout = request.timeoutMs ?? this.timeoutMs;\n const timer = timeout\n ? setTimeout(() => controller.abort(), timeout)\n : undefined;\n try {\n const defaultContentType =\n typeof request.body === 'string'\n ? 'application/x-www-form-urlencoded'\n : 'application/json';\n const res = await this.fetchFn(this.withQuery(url, request.query), {\n method: request.method ?? 'GET',\n credentials: request.credentials,\n headers: {\n 'Content-Type': defaultContentType,\n ...(request.headers ?? {}),\n },\n body:\n request.body !== undefined\n ? typeof request.body === 'string'\n ? request.body\n : JSON.stringify(request.body)\n : undefined,\n signal: controller.signal,\n });\n const data = await this.parseBody<T>(res);\n if (!res.ok) {\n if (attempt < retries && RETRYABLE_STATUS.has(res.status)) {\n attempt += 1;\n continue;\n }\n throw new AuthError(AuthErrorCode.HTTP_ERROR, `HTTP ${res.status}`);\n }\n let out: AuthTransportResponse<T> = {\n status: res.status,\n data,\n headers: res.headers,\n };\n for (const i of this.interceptors) {\n if (i.onResponse) out = await i.onResponse(out);\n }\n return out;\n } catch (cause) {\n if (cause instanceof AuthError) throw cause;\n if (attempt < retries) {\n attempt += 1;\n continue;\n }\n throw new AuthError(\n AuthErrorCode.NETWORK_ERROR,\n 'Network request failed',\n cause,\n );\n } finally {\n if (timer) clearTimeout(timer);\n }\n }\n }\n\n private withQuery(\n url: string,\n query?: Record<string, string | undefined>,\n ): string {\n if (!query) return url;\n const parsed = new URL(url);\n Object.entries(query).forEach(([k, v]) => {\n if (v !== undefined) parsed.searchParams.set(k, v);\n });\n return parsed.toString();\n }\n\n private async parseBody<T>(res: Response): Promise<T> {\n const contentType = res.headers.get('content-type') ?? '';\n if (contentType.includes('application/json')) {\n return (await res.json()) as T;\n }\n return (await res.text()) as unknown as T;\n }\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport { createCodeChallenge, randomString } from '../core/pkce';\nimport {\n normalizeTokenSet,\n parseUrl,\n safeGet,\n safeRemove,\n safeSet,\n timingSafeEqual,\n STORAGE_KEYS,\n} from '../core/utils';\nimport type {\n AuthClient,\n AuthConfig,\n Session,\n StartLoginOptions,\n TokenSet,\n AuthTransport,\n} from '../core/types';\nimport { MemoryStorageAdapter } from '../storage/memory-storage-adapter';\nimport { FetchAuthTransport } from '../transport/fetch-transport';\n\nexport class DefaultAuthClient implements AuthClient {\n private session: Session | null = null;\n private refreshPromise: Promise<Session> | null = null;\n private readonly listeners = new Set<(session: Session | null) => void>();\n private readonly storage;\n private readonly transport: AuthTransport;\n private readonly now: () => number;\n\n constructor(private readonly config: AuthConfig) {\n this.storage = config.storage ?? new MemoryStorageAdapter();\n this.transport = config.transport ?? new FetchAuthTransport();\n this.now = config.now ?? (() => Date.now());\n }\n\n async startLogin(options: StartLoginOptions = {}): Promise<void> {\n const state = randomString(32);\n const codeVerifier = randomString(96);\n const codeChallenge = await createCodeChallenge(codeVerifier);\n\n await safeSet(this.storage, STORAGE_KEYS.state, state);\n await safeSet(this.storage, STORAGE_KEYS.codeVerifier, codeVerifier);\n\n const params: Record<string, string> = {\n response_type: 'code',\n client_id: this.config.clientId,\n redirect_uri: this.config.redirectUri,\n state,\n code_challenge: codeChallenge,\n code_challenge_method: 'S256',\n };\n\n const scope = options.scopes?.join(' ') ?? this.config.scope;\n if (scope) params.scope = scope;\n if (options.loginHint) params.login_hint = options.loginHint;\n if (options.extraParams) {\n const RESERVED = new Set([\n 'response_type',\n 'client_id',\n 'redirect_uri',\n 'state',\n 'code_challenge',\n 'code_challenge_method',\n ]);\n for (const [k, v] of Object.entries(options.extraParams)) {\n if (!RESERVED.has(k)) params[k] = v;\n }\n }\n\n const url = new URL(this.config.authorizationEndpoint);\n Object.entries(params).forEach(([k, v]) => url.searchParams.set(k, v));\n const redirectUrl = url.toString();\n\n if (this.config.onRedirect) {\n await this.config.onRedirect(redirectUrl);\n return;\n }\n if (typeof window !== 'undefined') {\n window.location.assign(redirectUrl);\n return;\n }\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'Missing onRedirect callback for non-browser runtime',\n );\n }\n\n async handleRedirectCallback(callbackUrl?: string): Promise<Session> {\n const input =\n callbackUrl ??\n (typeof window !== 'undefined' ? window.location.href : '');\n if (!input) {\n throw new AuthError(\n AuthErrorCode.CALLBACK_ERROR,\n 'callbackUrl required in non-browser runtime',\n );\n }\n\n const url = parseUrl(input);\n const error = url.searchParams.get('error');\n if (error) {\n const desc = url.searchParams.get('error_description');\n throw new AuthError(\n AuthErrorCode.CALLBACK_ERROR,\n desc\n ? `Authorization error: ${error} — ${desc}`\n : `Authorization error: ${error}`,\n );\n }\n\n const code = url.searchParams.get('code');\n if (!code) {\n throw new AuthError(\n AuthErrorCode.MISSING_CODE,\n 'Missing code in callback',\n );\n }\n\n const state = url.searchParams.get('state');\n if (!state) {\n throw new AuthError(\n AuthErrorCode.MISSING_STATE,\n 'Missing state in callback',\n );\n }\n\n const storedState = await safeGet(this.storage, STORAGE_KEYS.state);\n if (!storedState || !timingSafeEqual(storedState, state)) {\n throw new AuthError(\n AuthErrorCode.STATE_MISMATCH,\n 'State validation failed',\n );\n }\n\n await safeRemove(this.storage, STORAGE_KEYS.state);\n return this.exchangeCode(code);\n }\n\n getSession(): Session | null {\n return this.session;\n }\n\n async getAccessToken(): Promise<string | null> {\n if (!this.session) {\n await this.hydrateSession();\n }\n if (!this.session) return null;\n const exp = this.session.tokens.expiresAt;\n if (exp && exp <= this.now() && this.config.enableRefreshToken) {\n if (!this.refreshPromise) {\n this.refreshPromise = this.doRefresh().finally(() => {\n this.refreshPromise = null;\n });\n }\n await this.refreshPromise;\n }\n return this.session?.tokens.accessToken ?? null;\n }\n\n async logout(options?: { returnTo?: string }): Promise<void> {\n if (options?.returnTo) {\n const returnTo = options.returnTo;\n if (returnTo.startsWith('//') || !/^https?:\\/\\//.test(returnTo)) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'returnTo must be an absolute https:// or http:// URL',\n );\n }\n }\n\n this.session = null;\n await safeRemove(this.storage, STORAGE_KEYS.session);\n await safeRemove(this.storage, STORAGE_KEYS.state);\n await safeRemove(this.storage, STORAGE_KEYS.codeVerifier);\n this.notify();\n\n if (this.config.logoutEndpoint) {\n const url = new URL(this.config.logoutEndpoint);\n if (options?.returnTo) {\n url.searchParams.set('returnTo', options.returnTo);\n }\n const logoutUrl = url.toString();\n if (this.config.onRedirect) {\n await this.config.onRedirect(logoutUrl);\n } else if (typeof window !== 'undefined') {\n window.location.assign(logoutUrl);\n }\n }\n }\n\n isAuthenticated(): boolean {\n return Boolean(this.session?.tokens.accessToken);\n }\n\n onAuthStateChanged(handler: (session: Session | null) => void): () => void {\n this.listeners.add(handler);\n return () => this.listeners.delete(handler);\n }\n\n async getUserinfo(): Promise<Record<string, unknown>> {\n const accessToken = await this.getAccessToken();\n if (!accessToken) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'Not authenticated — call handleRedirectCallback first',\n );\n }\n if (!this.config.userinfoEndpoint) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.userinfoEndpoint is required for getUserinfo',\n );\n }\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.userinfoEndpoint,\n { headers: { Authorization: `Bearer ${accessToken}` } },\n );\n return response.data;\n }\n\n private async exchangeCode(code: string): Promise<Session> {\n const verifier = await safeGet(this.storage, STORAGE_KEYS.codeVerifier);\n if (!verifier) {\n throw new AuthError(\n AuthErrorCode.TOKEN_EXCHANGE_FAILED,\n 'Missing PKCE code_verifier in storage',\n );\n }\n\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n code_verifier: verifier,\n redirect_uri: this.config.redirectUri,\n client_id: this.config.clientId,\n });\n\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.tokenEndpoint,\n {\n method: 'POST',\n credentials: 'include',\n body: body.toString(),\n },\n );\n const tokens = normalizeTokenSet(response.data, this.now);\n await safeRemove(this.storage, STORAGE_KEYS.codeVerifier);\n return this.createSession(tokens);\n }\n\n private async doRefresh(): Promise<Session> {\n const refreshToken = this.session?.tokens.refreshToken;\n const body = new URLSearchParams({\n grant_type: 'refresh_token',\n client_id: this.config.clientId,\n });\n if (refreshToken) body.set('refresh_token', refreshToken);\n\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.tokenEndpoint,\n {\n method: 'POST',\n credentials: 'include',\n body: body.toString(),\n },\n );\n const tokens = normalizeTokenSet(response.data, this.now);\n return this.createSession(tokens);\n }\n\n private async createSession(tokens: TokenSet): Promise<Session> {\n const previousRefreshToken = this.session?.tokens.refreshToken;\n const mergedTokens: TokenSet = {\n ...tokens,\n refreshToken: tokens.refreshToken ?? previousRefreshToken,\n };\n\n this.session = {\n tokens: mergedTokens,\n createdAt: this.now(),\n };\n await safeSet(\n this.storage,\n STORAGE_KEYS.session,\n JSON.stringify(this.session),\n );\n this.notify();\n return this.session;\n }\n\n private notify(): void {\n this.listeners.forEach((handler) => handler(this.session));\n }\n\n private async hydrateSession(): Promise<void> {\n const raw = await safeGet(this.storage, STORAGE_KEYS.session);\n if (!raw) return;\n try {\n const parsed = JSON.parse(raw) as Session;\n if (typeof parsed?.tokens?.accessToken !== 'string') {\n await safeRemove(this.storage, STORAGE_KEYS.session);\n return;\n }\n this.session = parsed;\n } catch {\n await safeRemove(this.storage, STORAGE_KEYS.session);\n this.session = null;\n }\n }\n}\n","import { DefaultAuthClient } from './nuria-auth-client';\nimport { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type { AuthClient, AuthConfig } from '../core/types';\n\nexport function createAuthClient(config: AuthConfig): AuthClient {\n if (!config?.clientId) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.clientId is required',\n );\n }\n if (!config.authorizationEndpoint) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.authorizationEndpoint is required',\n );\n }\n if (!config.tokenEndpoint) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.tokenEndpoint is required',\n );\n }\n if (!config.redirectUri) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.redirectUri is required',\n );\n }\n return new DefaultAuthClient(config);\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport class WebStorageAdapter implements StorageAdapter {\n constructor(\n private readonly storage: Pick<\n Storage,\n 'getItem' | 'setItem' | 'removeItem'\n >,\n ) {}\n\n get(key: string): string | null {\n return this.storage.getItem(key);\n }\n\n set(key: string, value: string): void {\n this.storage.setItem(key, value);\n }\n\n remove(key: string): void {\n this.storage.removeItem(key);\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport interface CookieStorageCallbacks {\n getCookie(name: string): string | null | Promise<string | null>;\n setCookie(name: string, value: string): void | Promise<void>;\n removeCookie(name: string): void | Promise<void>;\n}\n\nexport class CookieStorageAdapter implements StorageAdapter {\n constructor(private readonly callbacks: CookieStorageCallbacks) {}\n\n async get(key: string): Promise<string | null> {\n return this.callbacks.getCookie(key);\n }\n\n async set(key: string, value: string): Promise<void> {\n await this.callbacks.setCookie(key, value);\n }\n\n async remove(key: string): Promise<void> {\n await this.callbacks.removeCookie(key);\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport interface BrowserCookieStorageOptions {\n domain?: string;\n path?: string;\n sameSite?: 'strict' | 'lax' | 'none';\n secure?: boolean;\n}\n\nconst getCookieValue = (name: string): string | null => {\n if (typeof document === 'undefined') return null;\n const result = document.cookie.match(`(^|;)\\\\s*${name}\\\\s*=\\\\s*([^;]+)`);\n return result ? (result.pop() ?? null) : null;\n};\n\nexport function createBrowserCookieStorage(\n options: BrowserCookieStorageOptions = {},\n): StorageAdapter {\n const { domain, path = '/', sameSite = 'strict', secure = true } = options;\n\n const get = (key: string): string | null => {\n return getCookieValue(key);\n };\n\n const set = (key: string, value: string): void => {\n if (typeof document === 'undefined') return;\n let cookie = `${key}=${value}`;\n if (path) cookie += `; path=${path}`;\n if (domain) cookie += `; domain=${domain}`;\n if (sameSite) cookie += `; samesite=${sameSite}`;\n if (secure) cookie += `; secure`;\n document.cookie = cookie;\n };\n\n const remove = (key: string): void => {\n if (typeof document === 'undefined') return;\n let cookie = `${key}=; expires=Thu, 01 Jan 1970 00:00:00 GMT`;\n if (path) cookie += `; path=${path}`;\n if (domain) cookie += `; domain=${domain}`;\n document.cookie = cookie;\n };\n\n return { get, set, remove };\n}\n"]}
1
+ {"version":3,"sources":["../src/errors/auth-error.ts","../src/core/pkce.ts","../src/core/utils.ts","../src/storage/memory-storage-adapter.ts","../src/transport/fetch-transport.ts","../src/client/nuria-auth-client.ts","../src/client/create-client.ts","../src/storage/web-storage-adapter.ts","../src/storage/cookie-storage-adapter.ts","../src/storage/browser-cookie-storage.ts"],"names":["AuthErrorCode"],"mappings":";;;AAAO,IAAK,aAAA,qBAAAA,cAAAA,KAAL;AACL,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,uBAAA,CAAA,GAAwB,uBAAA;AACxB,EAAAA,eAAA,gBAAA,CAAA,GAAiB,gBAAA;AACjB,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,cAAA,CAAA,GAAe,cAAA;AACf,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,eAAA,CAAA,GAAgB,eAAA;AAChB,EAAAA,eAAA,YAAA,CAAA,GAAa,YAAA;AAVH,EAAA,OAAAA,cAAAA;AAAA,CAAA,EAAA,aAAA,IAAA,EAAA;AAaL,IAAM,SAAA,GAAN,cAAwB,KAAA,CAAM;AAAA,EACnC,WAAA,CACkB,IAAA,EAChB,OAAA,EACgB,KAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAJG,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,WAAA;AAAA,EACd;AACF;;;ACtBA,IAAM,QAAA,GACJ,oEAAA;AAEF,SAAS,aAAA,GAAwB;AAC/B,EAAA,IAAI,OAAO,UAAA,KAAe,WAAA,IAAe,UAAA,CAAW,MAAA,EAAQ;AAC1D,IAAA,OAAO,UAAA,CAAW,MAAA;AAAA,EACpB;AACA,EAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAC9C;AAEO,SAAS,YAAA,CAAa,SAAS,EAAA,EAAY;AAChD,EAAA,MAAM,SAAS,aAAA,EAAc;AAG7B,EAAA,MAAM,SAAA,GAAY,GAAA,GAAO,GAAA,GAAM,QAAA,CAAS,MAAA;AACxC,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,OAAO,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC7B,IAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,IAAA,CAAK,MAAM,MAAA,GAAS,MAAA,CAAO,MAAA,IAAU,GAAG,CAAC,CAAA;AACtE,IAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,IAAA,KAAA,MAAW,KAAK,KAAA,EAAO;AACrB,MAAA,IAAI,MAAA,CAAO,UAAU,MAAA,EAAQ;AAC7B,MAAA,IAAI,CAAA,GAAI,WAAW,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA,GAAI,QAAA,CAAS,MAAM,CAAE,CAAA;AAAA,IAC/D;AAAA,EACF;AACA,EAAA,OAAO,MAAA,CAAO,KAAK,EAAE,CAAA;AACvB;AAEA,SAAS,YAAY,KAAA,EAAwC;AAC3D,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,CAAA,KAAM,MAAA,CAAO,YAAA,CAAa,CAAC,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAA;AACvE,EAAA,OAAO,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,EAAE,CAAA;AAC9E;AAEA,SAAS,gBAAgB,QAAA,EAA2C;AAClE,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,QAAA,CAAS,MAAM,CAAA;AAC5C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,QAAA,CAAS,QAAQ,CAAA,EAAA,EAAK;AACxC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,QAAA,CAAS,UAAA,CAAW,CAAC,CAAA;AAAA,EAClC;AACA,EAAA,OAAO,KAAA;AACT;AAEA,eAAsB,oBAAoB,QAAA,EAAmC;AAC3E,EAAA,MAAM,SAAS,aAAA,EAAc;AAC7B,EAAA,MAAM,MAAA,GAAS,gBAAgB,QAAQ,CAAA;AACvC,EAAA,MAAM,SAAS,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,WAAW,MAAM,CAAA;AAC3D,EAAA,OAAO,WAAA,CAAY,IAAI,UAAA,CAAW,MAAM,CAAC,CAAA;AAC3C;;;AC1CO,IAAM,YAAA,GAAe;AAAA,EAC1B,OAAA,EAAS,eAAA;AAAA,EACT,KAAA,EAAO,mBAAA;AAAA,EACP,YAAA,EAAc;AAChB,CAAA;AAEO,SAAS,iBAAA,CACd,KACA,GAAA,EACU;AAZZ,EAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAaE,EAAA,MAAM,eAAe,EAAA,GAAA,CAAA,EAAA,GAAA,GAAA,CAAI,YAAA,KAAJ,YACnB,GAAA,CAAI,WAAA,KADe,YAEnB,GAAA,CAAI,KAAA;AACN,EAAA,IAAI,CAAC,WAAA,IAAe,OAAO,WAAA,KAAgB,QAAA,EAAU;AACnD,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,uBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,MAAM,SAAA,GAAY,QAAO,EAAA,GAAA,CAAA,EAAA,GAAA,GAAA,CAAI,UAAA,KAAJ,YAAkB,GAAA,CAAI,SAAA,KAAtB,IAAA,GAAA,EAAA,GAAmC,CAAC,CAAA,IAAK,MAAA;AAClE,EAAA,MAAM,wBAAwB,MAAA,CAAA,CAAO,EAAA,GAAA,GAAA,CAAI,SAAA,KAAJ,IAAA,GAAA,EAAA,GAAiB,CAAC,CAAA,IAAK,MAAA;AAC5D,EAAA,MAAM,iBAAA,GACJ,aAAa,IAAA,GACT,GAAA,KAAQ,SAAA,GAAY,GAAA,GACpB,wBACE,qBAAA,GACA,MAAA;AACR,EAAA,OAAO;AAAA,IACL,WAAA;AAAA,IACA,YAAY,EAAA,GAAA,CAAA,EAAA,GAAA,GAAA,CAAI,UAAA,KAAJ,YAAkB,GAAA,CAAI,SAAA,KAAtB,YAAmC,GAAA,CAAI,SAAA;AAAA,IAGnD,SAAA;AAAA,IACA,eAAe,EAAA,GAAA,CAAA,EAAA,GAAA,GAAA,CAAI,aAAA,KAAJ,YACb,GAAA,CAAI,YAAA,KADS,YAEb,GAAA,CAAI,YAAA;AAAA,IACN,OAAA,EAAA,CAAU,EAAA,GAAA,GAAA,CAAI,QAAA,KAAJ,IAAA,GAAA,EAAA,GAAgB,GAAA,CAAI,OAAA;AAAA,IAC9B,OAAO,GAAA,CAAI,KAAA;AAAA,IACX,SAAA,EAAW;AAAA,GACb;AACF;AAEA,eAAsB,OAAA,CACpB,SACA,GAAA,EACwB;AACxB,EAAA,IAAI;AACF,IAAA,OAAO,MAAM,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,uBAAuB,GAAG,CAAA,CAAA;AAAA,MAC1B;AAAA,KACF;AAAA,EACF;AACF;AAEA,eAAsB,OAAA,CACpB,OAAA,EACA,GAAA,EACA,KAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,uBAAuB,GAAG,CAAA,CAAA;AAAA,MAC1B;AAAA,KACF;AAAA,EACF;AACF;AAEA,eAAsB,UAAA,CACpB,SACA,GAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,EAC1B,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,eAAA;AAAA,MAER,wBAAwB,GAAG,CAAA,CAAA;AAAA,MAC3B;AAAA,KACF;AAAA,EACF;AACF;AAEO,SAAS,eAAA,CAAgB,GAAW,CAAA,EAAoB;AAC7D,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAClC,EAAA,IAAI,IAAA,GAAO,CAAA;AACX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,QAAQ,CAAA,EAAA,EAAK;AACjC,IAAA,IAAA,IAAQ,EAAE,UAAA,CAAW,CAAC,CAAA,GAAI,CAAA,CAAE,WAAW,CAAC,CAAA;AAAA,EAC1C;AACA,EAAA,OAAO,IAAA,KAAS,CAAA;AAClB;AAEO,SAAS,SAAS,GAAA,EAAkB;AACzC,EAAA,IAAI;AACF,IAAA,OAAO,IAAI,IAAI,GAAG,CAAA;AAAA,EACpB,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,IAAA,MAAM,IAAI,iDAAwC,sBAAsB,CAAA;AAAA,EAC1E;AACF;;;ACxGO,IAAM,uBAAN,MAAqD;AAAA,EAArD,WAAA,GAAA;AACL,IAAA,IAAA,CAAQ,KAAA,uBAAY,GAAA,EAAoB;AAAA,EAAA;AAAA,EAExC,IAAI,GAAA,EAA4B;AALlC,IAAA,IAAA,EAAA;AAMI,IAAA,OAAA,CAAO,EAAA,GAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAG,MAAlB,IAAA,GAAA,EAAA,GAAuB,IAAA;AAAA,EAChC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC3B;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAA,CAAK,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,EACvB;AACF;;;ACDA,IAAM,gBAAA,mBAAmB,IAAI,GAAA,CAAI,CAAC,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAG,CAAC,CAAA;AAE7D,IAAM,qBAAN,MAAkD;AAAA,EAMvD,WAAA,CAAY,OAAA,GAAiC,EAAC,EAAG;AAvBnD,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAwBI,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,KAAA;AAClC,IAAA,IAAA,CAAK,YAAY,OAAA,CAAQ,SAAA;AACzB,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,CAAA;AAClC,IAAA,IAAA,CAAK,YAAA,GAAA,CAAe,EAAA,GAAA,OAAA,CAAQ,YAAA,KAAR,IAAA,GAAA,EAAA,GAAwB,EAAC;AAAA,EAC/C;AAAA,EAEA,MAAM,OAAA,CACJ,GAAA,EACA,GAAA,GAA4B,EAAC,EACM;AAjCvC,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAkCI,IAAA,IAAI,OAAA,GAAU,GAAA;AACd,IAAA,KAAA,MAAW,CAAA,IAAK,KAAK,YAAA,EAAc;AACjC,MAAA,IAAI,EAAE,SAAA,EAAW,OAAA,GAAU,MAAM,CAAA,CAAE,SAAA,CAAU,KAAK,OAAO,CAAA;AAAA,IAC3D;AAEA,IAAA,MAAM,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,IAAA,CAAK,OAAA;AACxC,IAAA,IAAI,OAAA,GAAU,CAAA;AACd,IAAA,OAAO,IAAA,EAAM;AACX,MAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,MAAA,MAAM,OAAA,GAAA,CAAU,EAAA,GAAA,OAAA,CAAQ,SAAA,KAAR,IAAA,GAAA,EAAA,GAAqB,IAAA,CAAK,SAAA;AAC1C,MAAA,MAAM,KAAA,GAAQ,UACV,UAAA,CAAW,MAAM,WAAW,KAAA,EAAM,EAAG,OAAO,CAAA,GAC5C,MAAA;AACJ,MAAA,IAAI;AACF,QAAA,MAAM,kBAAA,GACJ,OAAO,OAAA,CAAQ,IAAA,KAAS,WACpB,mCAAA,GACA,kBAAA;AACN,QAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,KAAK,SAAA,CAAU,GAAA,EAAK,OAAA,CAAQ,KAAK,CAAA,EAAG;AAAA,UACjE,MAAA,EAAA,CAAQ,EAAA,GAAA,OAAA,CAAQ,MAAA,KAAR,IAAA,GAAA,EAAA,GAAkB,KAAA;AAAA,UAC1B,aAAa,OAAA,CAAQ,WAAA;AAAA,UACrB,OAAA,EAAS;AAAA,YACP,cAAA,EAAgB,kBAAA;AAAA,YAChB,GAAA,CAAI,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB;AAAC,WAC1B;AAAA,UACA,IAAA,EACE,OAAA,CAAQ,IAAA,KAAS,KAAA,CAAA,GACb,OAAO,OAAA,CAAQ,IAAA,KAAS,QAAA,GACtB,OAAA,CAAQ,IAAA,GACR,IAAA,CAAK,SAAA,CAAU,OAAA,CAAQ,IAAI,CAAA,GAC7B,KAAA,CAAA;AAAA,UACN,QAAQ,UAAA,CAAW;AAAA,SACpB,CAAA;AACD,QAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAa,GAAG,CAAA;AACxC,QAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,UAAA,IAAI,UAAU,OAAA,IAAW,gBAAA,CAAiB,GAAA,CAAI,GAAA,CAAI,MAAM,CAAA,EAAG;AACzD,YAAA,OAAA,IAAW,CAAA;AACX,YAAA;AAAA,UACF;AACA,UAAA,MAAM,IAAI,SAAA,CAAA,YAAA,mBAAoC,CAAA,KAAA,EAAQ,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,QACpE;AACA,QAAA,IAAI,GAAA,GAAgC;AAAA,UAClC,QAAQ,GAAA,CAAI,MAAA;AAAA,UACZ,IAAA;AAAA,UACA,SAAS,GAAA,CAAI;AAAA,SACf;AACA,QAAA,KAAA,MAAW,CAAA,IAAK,KAAK,YAAA,EAAc;AACjC,UAAA,IAAI,EAAE,UAAA,EAAY,GAAA,GAAM,MAAM,CAAA,CAAE,WAAW,GAAG,CAAA;AAAA,QAChD;AACA,QAAA,OAAO,GAAA;AAAA,MACT,SAAS,KAAA,EAAO;AACd,QAAA,IAAI,KAAA,YAAiB,WAAW,MAAM,KAAA;AACtC,QAAA,IAAI,UAAU,OAAA,EAAS;AACrB,UAAA,OAAA,IAAW,CAAA;AACX,UAAA;AAAA,QACF;AACA,QAAA,MAAM,IAAI,SAAA;AAAA,UAAA,eAAA;AAAA,UAER,wBAAA;AAAA,UACA;AAAA,SACF;AAAA,MACF,CAAA,SAAE;AACA,QAAA,IAAI,KAAA,eAAoB,KAAK,CAAA;AAAA,MAC/B;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,SAAA,CACN,KACA,KAAA,EACQ;AACR,IAAA,IAAI,CAAC,OAAO,OAAO,GAAA;AACnB,IAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,GAAG,CAAA;AAC1B,IAAA,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM;AACxC,MAAA,IAAI,MAAM,MAAA,EAAW,MAAA,CAAO,YAAA,CAAa,GAAA,CAAI,GAAG,CAAC,CAAA;AAAA,IACnD,CAAC,CAAA;AACD,IAAA,OAAO,OAAO,QAAA,EAAS;AAAA,EACzB;AAAA,EAEA,MAAc,UAAa,GAAA,EAA2B;AAjHxD,IAAA,IAAA,EAAA;AAkHI,IAAA,MAAM,eAAc,EAAA,GAAA,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,cAAc,MAA9B,IAAA,GAAA,EAAA,GAAmC,EAAA;AACvD,IAAA,IAAI,WAAA,CAAY,QAAA,CAAS,kBAAkB,CAAA,EAAG;AAC5C,MAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,IACzB;AACA,IAAA,OAAQ,MAAM,IAAI,IAAA,EAAK;AAAA,EACzB;AACF;;;AC7FO,IAAM,oBAAN,MAA8C;AAAA,EAQnD,YAA6B,MAAA,EAA4B;AAA5B,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAP7B,IAAA,IAAA,CAAQ,OAAA,GAA0B,IAAA;AAClC,IAAA,IAAA,CAAQ,cAAA,GAA0C,IAAA;AAClD,IAAA,IAAA,CAAiB,SAAA,uBAAgB,GAAA,EAAuC;AA9B1E,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAoCI,IAAA,IAAA,CAAK,OAAA,GAAA,CAAU,EAAA,GAAA,MAAA,CAAO,OAAA,KAAP,IAAA,GAAA,EAAA,GAAkB,IAAI,oBAAA,EAAqB;AAC1D,IAAA,IAAA,CAAK,SAAA,GAAA,CAAY,EAAA,GAAA,MAAA,CAAO,SAAA,KAAP,IAAA,GAAA,EAAA,GAAoB,IAAI,kBAAA,EAAmB;AAC5D,IAAA,IAAA,CAAK,OAAM,EAAA,GAAA,MAAA,CAAO,GAAA,KAAP,IAAA,GAAA,EAAA,IAAe,MAAM,KAAK,GAAA,EAAI,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,UAAA,CAAW,OAAA,GAA6B,EAAC,EAAkB;AAzCnE,IAAA,IAAA,EAAA,EAAA,EAAA;AA0CI,IAAA,MAAM,KAAA,GAAQ,aAAa,EAAE,CAAA;AAC7B,IAAA,MAAM,YAAA,GAAe,aAAa,EAAE,CAAA;AACpC,IAAA,MAAM,aAAA,GAAgB,MAAM,mBAAA,CAAoB,YAAY,CAAA;AAE5D,IAAA,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,KAAK,CAAA;AACrD,IAAA,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,cAAc,YAAY,CAAA;AAEnE,IAAA,MAAM,MAAA,GAAiC;AAAA,MACrC,aAAA,EAAe,MAAA;AAAA,MACf,SAAA,EAAW,KAAK,MAAA,CAAO,QAAA;AAAA,MACvB,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,MAC1B,KAAA;AAAA,MACA,cAAA,EAAgB,aAAA;AAAA,MAChB,qBAAA,EAAuB;AAAA,KACzB;AAEA,IAAA,MAAM,KAAA,GAAA,CAAQ,mBAAQ,MAAA,KAAR,IAAA,GAAA,MAAA,GAAA,EAAA,CAAgB,KAAK,GAAA,CAAA,KAArB,IAAA,GAAA,EAAA,GAA6B,KAAK,MAAA,CAAO,KAAA;AACvD,IAAA,IAAI,KAAA,SAAc,KAAA,GAAQ,KAAA;AAC1B,IAAA,IAAI,OAAA,CAAQ,SAAA,EAAW,MAAA,CAAO,UAAA,GAAa,OAAA,CAAQ,SAAA;AACnD,IAAA,IAAI,QAAQ,WAAA,EAAa;AACvB,MAAA,MAAM,QAAA,uBAAe,GAAA,CAAI;AAAA,QACvB,eAAA;AAAA,QACA,WAAA;AAAA,QACA,cAAA;AAAA,QACA,OAAA;AAAA,QACA,gBAAA;AAAA,QACA;AAAA,OACD,CAAA;AACD,MAAA,KAAA,MAAW,CAAC,GAAG,CAAC,CAAA,IAAK,OAAO,OAAA,CAAQ,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxD,QAAA,IAAI,CAAC,QAAA,CAAS,GAAA,CAAI,CAAC,CAAA,EAAG,MAAA,CAAO,CAAC,CAAA,GAAI,CAAA;AAAA,MACpC;AAAA,IACF;AAEA,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,qBAAqB,CAAA;AACrD,IAAA,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,CAAE,OAAA,CAAQ,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,CAAA,EAAG,CAAC,CAAC,CAAA;AACrE,IAAA,MAAM,WAAA,GAAc,IAAI,QAAA,EAAS;AAEjC,IAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,WAAW,CAAA;AACxC,MAAA;AAAA,IACF;AACA,IAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,MAAA,MAAA,CAAO,QAAA,CAAS,OAAO,WAAW,CAAA;AAClC,MAAA;AAAA,IACF;AACA,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AAAA,EAEA,MAAM,uBAAuB,WAAA,EAAwC;AACnE,IAAA,MAAM,QACJ,WAAA,IAAA,IAAA,GAAA,WAAA,GACC,OAAO,WAAW,WAAA,GAAc,MAAA,CAAO,SAAS,IAAA,GAAO,EAAA;AAC1D,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,GAAA,GAAM,SAAS,KAAK,CAAA;AAC1B,IAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAC1C,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,mBAAmB,CAAA;AACrD,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER,OACI,CAAA,qBAAA,EAAwB,KAAK,WAAM,IAAI,CAAA,CAAA,GACvC,wBAAwB,KAAK,CAAA;AAAA,OACnC;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACxC,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,cAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAC1C,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,eAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,cAAc,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,KAAK,CAAA;AAClE,IAAA,IAAI,CAAC,WAAA,IAAe,CAAC,eAAA,CAAgB,WAAA,EAAa,KAAK,CAAA,EAAG;AACxD,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,OAAO,IAAA,CAAK,aAAa,IAAI,CAAA;AAAA,EAC/B;AAAA,EAEA,UAAA,GAA6B;AAC3B,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEA,MAAM,cAAA,GAAyC;AAnJjD,IAAA,IAAA,EAAA,EAAA,EAAA;AAoJI,IAAA,IAAI,CAAC,KAAK,OAAA,EAAS;AACjB,MAAA,MAAM,KAAK,cAAA,EAAe;AAAA,IAC5B;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,OAAA,EAAS,OAAO,IAAA;AAC1B,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,SAAA;AAChC,IAAA,IAAI,OAAO,GAAA,IAAO,IAAA,CAAK,KAAI,IAAK,IAAA,CAAK,OAAO,kBAAA,EAAoB;AAC9D,MAAA,IAAI,CAAC,KAAK,cAAA,EAAgB;AACxB,QAAA,IAAA,CAAK,cAAA,GAAiB,IAAA,CAAK,SAAA,EAAU,CAAE,QAAQ,MAAM;AACnD,UAAA,IAAA,CAAK,cAAA,GAAiB,IAAA;AAAA,QACxB,CAAC,CAAA;AAAA,MACH;AACA,MAAA,MAAM,IAAA,CAAK,cAAA;AAAA,IACb;AACA,IAAA,OAAA,CAAO,EAAA,GAAA,CAAA,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,gBAArB,IAAA,GAAA,EAAA,GAAoC,IAAA;AAAA,EAC7C;AAAA,EAEA,MAAM,OAAO,OAAA,EAAgD;AAC3D,IAAA,IAAI,mCAAS,QAAA,EAAU;AACrB,MAAA,IAAI,WAAA;AACJ,MAAA,IAAI;AACF,QAAA,WAAA,GAAc,IAAI,GAAA,CAAI,OAAA,CAAQ,QAAQ,CAAA;AAAA,MACxC,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,QAAA,MAAM,IAAI,SAAA;AAAA,UAAA,gBAAA;AAAA,UAER;AAAA,SACF;AAAA,MACF;AAEA,MAAA,MAAM,OAAA,GAAU,YAAY,QAAA,KAAa,QAAA;AACzC,MAAA,MAAM,WAAA,GACJ,WAAA,CAAY,QAAA,KAAa,OAAA,KACxB,WAAA,CAAY,QAAA,KAAa,WAAA,IACxB,WAAA,CAAY,QAAA,KAAa,WAAA,IACzB,WAAA,CAAY,QAAA,KAAa,OAAA,CAAA;AAC7B,MAAA,IAAI,CAAC,OAAA,IAAW,CAAC,WAAA,EAAa;AAC5B,QAAA,MAAM,IAAI,SAAA;AAAA,UAAA,gBAAA;AAAA,UAER;AAAA,SACF;AAAA,MACF;AACA,MAAA,IAAI,WAAA,CAAY,QAAA,IAAY,WAAA,CAAY,QAAA,EAAU;AAChD,QAAA,MAAM,IAAI,SAAA;AAAA,UAAA,gBAAA;AAAA,UAER;AAAA,SACF;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU,IAAA;AACf,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,KAAK,CAAA;AACjD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,YAAY,CAAA;AACxD,IAAA,IAAA,CAAK,MAAA,EAAO;AAEZ,IAAA,IAAI,IAAA,CAAK,OAAO,cAAA,EAAgB;AAC9B,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,IAAA,CAAK,OAAO,cAAc,CAAA;AAC9C,MAAA,IAAI,mCAAS,QAAA,EAAU;AACrB,QAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,OAAA,CAAQ,QAAQ,CAAA;AAAA,MACnD;AACA,MAAA,MAAM,SAAA,GAAY,IAAI,QAAA,EAAS;AAC/B,MAAA,IAAI,IAAA,CAAK,OAAO,UAAA,EAAY;AAC1B,QAAA,MAAM,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,SAAS,CAAA;AAAA,MACxC,CAAA,MAAA,IAAW,OAAO,MAAA,KAAW,WAAA,EAAa;AACxC,QAAA,MAAA,CAAO,QAAA,CAAS,OAAO,SAAS,CAAA;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,eAAA,GAA2B;AAxN7B,IAAA,IAAA,EAAA,EAAA,EAAA;AAyNI,IAAA,MAAM,WAAA,GAAA,CAAc,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,WAAA;AACzC,IAAA,IAAI,CAAC,aAAa,OAAO,KAAA;AACzB,IAAA,MAAM,GAAA,GAAA,CAAM,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,SAAA;AACjC,IAAA,IAAI,GAAA,IAAO,GAAA,IAAO,IAAA,CAAK,GAAA,IAAO,OAAO,KAAA;AACrC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,mBAAmB,OAAA,EAAwD;AACzE,IAAA,IAAA,CAAK,SAAA,CAAU,IAAI,OAAO,CAAA;AAC1B,IAAA,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,OAAO,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAA,GAAgD;AACpD,IAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,cAAA,EAAe;AAC9C,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,gBAAA,EAAkB;AACjC,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AACA,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,gBAAA;AAAA,MACZ,EAAE,OAAA,EAAS,EAAE,eAAe,CAAA,OAAA,EAAU,WAAW,IAAG;AAAE,KACxD;AACA,IAAA,OAAO,QAAA,CAAS,IAAA;AAAA,EAClB;AAAA,EAEA,MAAM,wBACJ,OAAA,EAC6B;AA5PjC,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AA6PI,IAAA,IAAI,EAAC,mCAAS,KAAA,CAAA,EAAO;AACnB,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,CAAA,EAAG,IAAA,CAAK,MAAA,CAAO,OAAO,CAAA,wBAAA,CAAA;AAAA,MACtB;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,WAAA,EAAa,SAAA;AAAA,QACb,IAAA,EAAM;AAAA,UACJ,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,OAAA,EAAA,CAAS,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB,OAAA;AAAA,UAC5B,aAAa,OAAA,CAAQ,WAAA;AAAA,UACrB,OAAA,EAAA,CAAS,EAAA,GAAA,OAAA,CAAQ,OAAA,KAAR,IAAA,GAAA,EAAA,GAAmB;AAAA;AAC9B;AACF,KACF;AAEA,IAAA,OAAO;AAAA,MACL,aAAa,MAAA,CAAA,CAAO,EAAA,GAAA,QAAA,CAAS,IAAA,CAAK,WAAA,KAAd,YAA6B,EAAE,CAAA;AAAA,MACnD,SAAS,MAAA,CAAA,CAAO,EAAA,GAAA,QAAA,CAAS,IAAA,CAAK,OAAA,KAAd,YAAyB,EAAE,CAAA;AAAA,MAC3C,mBAAmB,MAAA,CAAA,CAAO,EAAA,GAAA,QAAA,CAAS,IAAA,CAAK,iBAAA,KAAd,YAAmC,EAAE,CAAA;AAAA,MAC/D,WAAW,MAAA,CAAA,CAAO,EAAA,GAAA,QAAA,CAAS,IAAA,CAAK,SAAA,KAAd,YAA2B,CAAC,CAAA;AAAA,MAC9C,SAAS,MAAA,CAAA,CAAO,EAAA,GAAA,QAAA,CAAS,IAAA,CAAK,OAAA,KAAd,YAAyB,OAAO;AAAA,KAClD;AAAA,EACF;AAAA,EAEA,MAAM,gBAAgB,OAAA,EAAmD;AACvE,IAAA,IAAI,EAAC,OAAA,IAAA,IAAA,GAAA,MAAA,GAAA,OAAA,CAAS,WAAA,CAAA,IAAe,EAAC,mCAAS,IAAA,CAAA,EAAM;AAC3C,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,CAAA,EAAG,IAAA,CAAK,MAAA,CAAO,OAAO,CAAA,oBAAA,CAAA;AAAA,MACtB;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,WAAA,EAAa,SAAA;AAAA,QACb,IAAA,EAAM;AAAA,UACJ,aAAa,OAAA,CAAQ,WAAA;AAAA,UACrB,MAAM,OAAA,CAAQ;AAAA;AAChB;AACF,KACF;AACA,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,QAAA,CAAS,IAAA,EAAM,KAAK,GAAG,CAAA;AACxD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEA,MAAM,kBACJ,OAAA,EAC6B;AAC7B,IAAA,OAAO,IAAA,CAAK,wBAAwB,OAAO,CAAA;AAAA,EAC7C;AAAA,EAEA,MAAM,sBACJ,OAAA,EACkB;AAClB,IAAA,OAAO,IAAA,CAAK,gBAAgB,OAAO,CAAA;AAAA,EACrC;AAAA,EAEA,MAAM,gBAAgB,OAAA,EAA+C;AACnE,IAAA,IAAI,EAAC,mCAAS,OAAA,CAAA,EAAS;AACrB,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,CAAA,EAAG,IAAA,CAAK,MAAA,CAAO,OAAO,CAAA,UAAA,CAAA;AAAA,MACtB;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,WAAA,EAAa,SAAA;AAAA,QACb,IAAA,EAAM;AAAA,UACJ,SAAS,OAAA,CAAQ;AAAA;AACnB;AACF,KACF;AACA,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,QAAA,CAAS,IAAA,EAAM,KAAK,GAAG,CAAA;AACxD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEA,MAAM,kBAAkB,OAAA,EAAiD;AACvE,IAAA,IAAI,EAAC,OAAA,IAAA,IAAA,GAAA,MAAA,GAAA,OAAA,CAAS,KAAA,CAAA,IAAS,EAAC,mCAAS,QAAA,CAAA,EAAU;AACzC,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,CAAA,EAAG,IAAA,CAAK,MAAA,CAAO,OAAO,CAAA,SAAA,CAAA;AAAA,MACtB;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,WAAA,EAAa,SAAA;AAAA,QACb,IAAA,EAAM;AAAA,UACJ,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,UAAU,OAAA,CAAQ;AAAA;AACpB;AACF,KACF;AACA,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,QAAA,CAAS,IAAA,EAAM,KAAK,GAAG,CAAA;AACxD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEA,MAAc,aAAa,IAAA,EAAgC;AACzD,IAAA,MAAM,WAAW,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,YAAY,CAAA;AACtE,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,uBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,oBAAA;AAAA,MACZ,IAAA;AAAA,MACA,aAAA,EAAe,QAAA;AAAA,MACf,YAAA,EAAc,KAAK,MAAA,CAAO,WAAA;AAAA,MAC1B,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,KACxB,CAAA;AAED,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,aAAA;AAAA,MACZ;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,WAAA,EAAa,SAAA;AAAA,QACb,IAAA,EAAM,KAAK,QAAA;AAAS;AACtB,KACF;AACA,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,QAAA,CAAS,IAAA,EAAM,KAAK,GAAG,CAAA;AACxD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,KAAK,CAAA;AACjD,IAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,YAAY,CAAA;AACxD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEA,MAAc,SAAA,GAA8B;AA1Y9C,IAAA,IAAA,EAAA;AA2YI,IAAA,MAAM,YAAA,GAAA,CAAe,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,YAAA;AAC1C,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,CAAgB;AAAA,MAC/B,UAAA,EAAY,eAAA;AAAA,MACZ,SAAA,EAAW,KAAK,MAAA,CAAO;AAAA,KACxB,CAAA;AACD,IAAA,IAAI,YAAA,EAAc,IAAA,CAAK,GAAA,CAAI,eAAA,EAAiB,YAAY,CAAA;AAExD,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA;AAAA,MACpC,KAAK,MAAA,CAAO,aAAA;AAAA,MACZ;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,WAAA,EAAa,SAAA;AAAA,QACb,IAAA,EAAM,KAAK,QAAA;AAAS;AACtB,KACF;AACA,IAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,QAAA,CAAS,IAAA,EAAM,KAAK,GAAG,CAAA;AACxD,IAAA,OAAO,IAAA,CAAK,cAAc,MAAM,CAAA;AAAA,EAClC;AAAA,EAEA,MAAc,cAAc,MAAA,EAAoC;AA9ZlE,IAAA,IAAA,EAAA,EAAA,EAAA;AA+ZI,IAAA,MAAM,oBAAA,GAAA,CAAuB,EAAA,GAAA,IAAA,CAAK,OAAA,KAAL,IAAA,GAAA,MAAA,GAAA,EAAA,CAAc,MAAA,CAAO,YAAA;AAClD,IAAA,MAAM,YAAA,GAAyB;AAAA,MAC7B,GAAG,MAAA;AAAA,MACH,YAAA,EAAA,CAAc,EAAA,GAAA,MAAA,CAAO,YAAA,KAAP,IAAA,GAAA,EAAA,GAAuB;AAAA,KACvC;AAEA,IAAA,IAAA,CAAK,OAAA,GAAU;AAAA,MACb,MAAA,EAAQ,YAAA;AAAA,MACR,SAAA,EAAW,KAAK,GAAA;AAAI,KACtB;AACA,IAAA,MAAM,OAAA;AAAA,MACJ,IAAA,CAAK,OAAA;AAAA,MACL,YAAA,CAAa,OAAA;AAAA,MACb,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,OAAO;AAAA,KAC7B;AACA,IAAA,IAAA,CAAK,MAAA,EAAO;AACZ,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEQ,MAAA,GAAe;AACrB,IAAA,IAAA,CAAK,UAAU,OAAA,CAAQ,CAAC,YAAY,OAAA,CAAQ,IAAA,CAAK,OAAO,CAAC,CAAA;AAAA,EAC3D;AAAA,EAEA,MAAc,cAAA,GAAgC;AAtbhD,IAAA,IAAA,EAAA;AAubI,IAAA,MAAM,MAAM,MAAM,OAAA,CAAQ,IAAA,CAAK,OAAA,EAAS,aAAa,OAAO,CAAA;AAC5D,IAAA,IAAI,CAAC,GAAA,EAAK;AACV,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,GAAG,CAAA;AAC7B,MAAA,IAAI,QAAA,CAAO,EAAA,GAAA,MAAA,IAAA,IAAA,GAAA,KAAA,CAAA,GAAA,MAAA,CAAQ,MAAA,KAAR,IAAA,GAAA,KAAA,CAAA,GAAA,EAAA,CAAgB,iBAAgB,QAAA,EAAU;AACnD,QAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,QAAA;AAAA,MACF;AACA,MAAA,IAAA,CAAK,OAAA,GAAU,MAAA;AAAA,IACjB,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,MAAA,MAAM,UAAA,CAAW,IAAA,CAAK,OAAA,EAAS,YAAA,CAAa,OAAO,CAAA;AACnD,MAAA,IAAA,CAAK,OAAA,GAAU,IAAA;AAAA,IACjB;AAAA,EACF;AACF,CAAA;;;ACjcA,IAAM,qBAAA,GAAwB,iCAAA;AAC9B,IAAM,0BAAA,GAA6B,qBAAA;AACnC,IAAM,kBAAA,GAAqB,iBAAA;AAC3B,IAAM,aAAA,GAAgB,sBAAA;AAEtB,SAAS,iBAAiB,KAAA,EAAwB;AAChD,EAAA,MAAM,GAAA,GAAM,MAAA,CAAO,KAAA,IAAA,IAAA,GAAA,KAAA,GAAS,qBAAqB,EAAE,IAAA,EAAK;AACxD,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,IAAI,IAAI,GAAG,CAAA;AAAA,EACtB,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO,MAAA,CAAO,QAAA,EAAS,CAAE,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAC7C;AAEA,SAAS,eAAA,CACP,OAAA,EACA,QAAA,EACA,YAAA,EACQ;AACR,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,IAAI;AACF,MAAA,OAAO,IAAI,GAAA,CAAI,QAAQ,CAAA,CAAE,QAAA,EAAS;AAAA,IACpC,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,MAAA,MAAM,IAAI,SAAA;AAAA,QAAA,gBAAA;AAAA,QAER;AAAA,OACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,IAAI,GAAA,CAAI,YAAA,EAAc,GAAG,OAAO,CAAA,CAAA,CAAG,EAAE,QAAA,EAAS;AACvD;AAEO,SAAS,iBAAiB,MAAA,EAAgC;AAlDjE,EAAA,IAAA,EAAA,EAAA,EAAA;AAmDE,EAAA,IAAI,EAAC,iCAAQ,QAAA,CAAA,EAAU;AACrB,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AACA,EAAA,IAAI,CAAC,OAAO,WAAA,EAAa;AACvB,IAAA,MAAM,IAAI,SAAA;AAAA,MAAA,gBAAA;AAAA,MAER;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,gBAAA,CAAiB,MAAA,CAAO,OAAO,CAAA;AAC/C,EAAA,MAAM,cAAA,GAAqC;AAAA,IACzC,GAAG,MAAA;AAAA,IACH,OAAA;AAAA,IACA,KAAA,EAAO,QAAO,EAAA,GAAA,MAAA,CAAO,KAAA,KAAP,YAAgB,EAAE,CAAA,CAAE,MAAK,IAAK,aAAA;AAAA,IAC5C,kBAAA,EAAA,CAAoB,EAAA,GAAA,MAAA,CAAO,kBAAA,KAAP,IAAA,GAAA,EAAA,GAA6B,IAAA;AAAA,IACjD,qBAAA,EAAuB,eAAA;AAAA,MACrB,OAAA;AAAA,MACA,MAAA,CAAO,qBAAA;AAAA,MACP;AAAA,KACF;AAAA,IACA,aAAA,EAAe,eAAA;AAAA,MACb,OAAA;AAAA,MACA,MAAA,CAAO,aAAA;AAAA,MACP;AAAA;AACF,GACF;AAEA,EAAA,OAAO,IAAI,kBAAkB,cAAc,CAAA;AAC7C;;;ACjFO,IAAM,oBAAN,MAAkD;AAAA,EACvD,YACmB,OAAA,EAIjB;AAJiB,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAIhB;AAAA,EAEH,IAAI,GAAA,EAA4B;AAC9B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA;AAAA,EACjC;AAAA,EAEA,GAAA,CAAI,KAAa,KAAA,EAAqB;AACpC,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAAA,EACjC;AAAA,EAEA,OAAO,GAAA,EAAmB;AACxB,IAAA,IAAA,CAAK,OAAA,CAAQ,WAAW,GAAG,CAAA;AAAA,EAC7B;AACF;;;ACbO,IAAM,uBAAN,MAAqD;AAAA,EAC1D,YAA6B,SAAA,EAAmC;AAAnC,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EAAoC;AAAA,EAEjE,MAAM,IAAI,GAAA,EAAqC;AAC7C,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,SAAA,CAAU,GAAG,CAAA;AAAA,EACrC;AAAA,EAEA,MAAM,GAAA,CAAI,GAAA,EAAa,KAAA,EAA8B;AACnD,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,SAAA,CAAU,GAAA,EAAK,KAAK,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,OAAO,GAAA,EAA4B;AACvC,IAAA,MAAM,IAAA,CAAK,SAAA,CAAU,YAAA,CAAa,GAAG,CAAA;AAAA,EACvC;AACF;;;ACbA,IAAM,cAAA,GAAiB,CAAC,IAAA,KAAgC;AATxD,EAAA,IAAA,EAAA;AAUE,EAAA,IAAI,OAAO,QAAA,KAAa,WAAA,EAAa,OAAO,IAAA;AAC5C,EAAA,MAAM,WAAA,GAAc,IAAA,CAAK,OAAA,CAAQ,qBAAA,EAAuB,MAAM,CAAA;AAC9D,EAAA,MAAM,MAAA,GAAS,SAAS,MAAA,CAAO,KAAA;AAAA,IAC7B,YAAY,WAAW,CAAA,gBAAA;AAAA,GACzB;AACA,EAAA,IAAI,CAAC,QAAQ,OAAO,IAAA;AACpB,EAAA,MAAM,GAAA,GAAA,CAAM,EAAA,GAAA,MAAA,CAAO,GAAA,EAAI,KAAX,IAAA,GAAA,EAAA,GAAgB,IAAA;AAC5B,EAAA,IAAI,GAAA,IAAO,MAAM,OAAO,IAAA;AACxB,EAAA,IAAI;AACF,IAAA,OAAO,mBAAmB,GAAG,CAAA;AAAA,EAC/B,CAAA,CAAA,OAAQ,CAAA,EAAA;AACN,IAAA,OAAO,GAAA;AAAA,EACT;AACF,CAAA;AAEO,SAAS,0BAAA,CACd,OAAA,GAAuC,EAAC,EACxB;AAChB,EAAA,MAAM,EAAE,QAAQ,IAAA,GAAO,GAAA,EAAK,WAAW,QAAA,EAAU,MAAA,GAAS,MAAK,GAAI,OAAA;AAEnE,EAAA,MAAM,GAAA,GAAM,CAAC,GAAA,KAA+B;AAC1C,IAAA,OAAO,eAAe,GAAG,CAAA;AAAA,EAC3B,CAAA;AAEA,EAAA,MAAM,GAAA,GAAM,CAAC,GAAA,EAAa,KAAA,KAAwB;AAChD,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,IAAI,SAAS,CAAA,EAAG,GAAG,CAAA,CAAA,EAAI,kBAAA,CAAmB,KAAK,CAAC,CAAA,CAAA;AAChD,IAAA,IAAI,IAAA,EAAM,MAAA,IAAU,CAAA,OAAA,EAAU,IAAI,CAAA,CAAA;AAClC,IAAA,IAAI,MAAA,EAAQ,MAAA,IAAU,CAAA,SAAA,EAAY,MAAM,CAAA,CAAA;AACxC,IAAA,IAAI,QAAA,EAAU,MAAA,IAAU,CAAA,WAAA,EAAc,QAAQ,CAAA,CAAA;AAC9C,IAAA,IAAI,QAAQ,MAAA,IAAU,CAAA,QAAA,CAAA;AACtB,IAAA,QAAA,CAAS,MAAA,GAAS,MAAA;AAAA,EACpB,CAAA;AAEA,EAAA,MAAM,MAAA,GAAS,CAAC,GAAA,KAAsB;AACpC,IAAA,IAAI,OAAO,aAAa,WAAA,EAAa;AACrC,IAAA,IAAI,MAAA,GAAS,GAAG,GAAG,CAAA,wCAAA,CAAA;AACnB,IAAA,IAAI,IAAA,EAAM,MAAA,IAAU,CAAA,OAAA,EAAU,IAAI,CAAA,CAAA;AAClC,IAAA,IAAI,MAAA,EAAQ,MAAA,IAAU,CAAA,SAAA,EAAY,MAAM,CAAA,CAAA;AACxC,IAAA,QAAA,CAAS,MAAA,GAAS,MAAA;AAAA,EACpB,CAAA;AAEA,EAAA,OAAO,EAAE,GAAA,EAAK,GAAA,EAAK,MAAA,EAAO;AAC5B","file":"index.cjs","sourcesContent":["export enum AuthErrorCode {\n INVALID_CONFIG = 'INVALID_CONFIG',\n STATE_MISMATCH = 'STATE_MISMATCH',\n CALLBACK_ERROR = 'CALLBACK_ERROR',\n TOKEN_EXCHANGE_FAILED = 'TOKEN_EXCHANGE_FAILED',\n REFRESH_FAILED = 'REFRESH_FAILED',\n STORAGE_ERROR = 'STORAGE_ERROR',\n MISSING_CODE = 'MISSING_CODE',\n MISSING_STATE = 'MISSING_STATE',\n NETWORK_ERROR = 'NETWORK_ERROR',\n HTTP_ERROR = 'HTTP_ERROR',\n}\n\nexport class AuthError extends Error {\n constructor(\n public readonly code: AuthErrorCode,\n message: string,\n public readonly cause?: unknown,\n ) {\n super(message);\n this.name = 'AuthError';\n }\n}\n","const ALPHABET =\n 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';\n\nfunction getCryptoImpl(): Crypto {\n if (typeof globalThis !== 'undefined' && globalThis.crypto) {\n return globalThis.crypto;\n }\n throw new Error('Web Crypto API unavailable');\n}\n\nexport function randomString(length = 64): string {\n const crypto = getCryptoImpl();\n // Rejection sampling: discard bytes >= threshold to eliminate modulo bias.\n // ALPHABET.length = 66; threshold = 256 - (256 % 66) = 204\n const THRESHOLD = 256 - (256 % ALPHABET.length);\n const result: string[] = [];\n while (result.length < length) {\n const bytes = new Uint8Array(Math.ceil((length - result.length) * 1.4));\n crypto.getRandomValues(bytes);\n for (const b of bytes) {\n if (result.length >= length) break;\n if (b < THRESHOLD) result.push(ALPHABET[b % ALPHABET.length]!);\n }\n }\n return result.join('');\n}\n\nfunction toBase64Url(bytes: Uint8Array<ArrayBuffer>): string {\n const binary = Array.from(bytes, (b) => String.fromCharCode(b)).join('');\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=/g, '');\n}\n\nfunction verifierToBytes(verifier: string): Uint8Array<ArrayBuffer> {\n const bytes = new Uint8Array(verifier.length);\n for (let i = 0; i < verifier.length; i++) {\n bytes[i] = verifier.charCodeAt(i);\n }\n return bytes;\n}\n\nexport async function createCodeChallenge(verifier: string): Promise<string> {\n const crypto = getCryptoImpl();\n const buffer = verifierToBytes(verifier);\n const digest = await crypto.subtle.digest('SHA-256', buffer);\n return toBase64Url(new Uint8Array(digest));\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type { StorageAdapter, TokenSet } from './types';\n\nexport const STORAGE_KEYS = {\n session: 'nuria:session',\n state: 'nuria:oauth:state',\n codeVerifier: 'nuria:oauth:code_verifier',\n};\n\nexport function normalizeTokenSet(\n raw: Record<string, unknown>,\n now: () => number,\n): TokenSet {\n const accessToken = (raw.access_token ??\n raw.accessToken ??\n raw.Token) as string;\n if (!accessToken || typeof accessToken !== 'string') {\n throw new AuthError(\n AuthErrorCode.TOKEN_EXCHANGE_FAILED,\n 'Missing access token in token response',\n );\n }\n const expiresIn = Number(raw.expires_in ?? raw.expiresIn ?? 0) || undefined;\n const expiresAtFromResponse = Number(raw.ExpiresAt ?? 0) || undefined;\n const computedExpiresAt =\n expiresIn != null\n ? now() + expiresIn * 1000\n : expiresAtFromResponse\n ? expiresAtFromResponse\n : undefined;\n return {\n accessToken,\n tokenType: (raw.token_type ?? raw.tokenType ?? raw.TokenType) as\n | string\n | undefined,\n expiresIn,\n refreshToken: (raw.refresh_token ??\n raw.refreshToken ??\n raw.RefreshToken) as string | undefined,\n idToken: (raw.id_token ?? raw.idToken) as string | undefined,\n scope: raw.scope as string | undefined,\n expiresAt: computedExpiresAt,\n };\n}\n\nexport async function safeGet(\n storage: StorageAdapter,\n key: string,\n): Promise<string | null> {\n try {\n return await storage.get(key);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed reading key: ${key}`,\n cause,\n );\n }\n}\n\nexport async function safeSet(\n storage: StorageAdapter,\n key: string,\n value: string,\n): Promise<void> {\n try {\n await storage.set(key, value);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed writing key: ${key}`,\n cause,\n );\n }\n}\n\nexport async function safeRemove(\n storage: StorageAdapter,\n key: string,\n): Promise<void> {\n try {\n await storage.remove(key);\n } catch (cause) {\n throw new AuthError(\n AuthErrorCode.STORAGE_ERROR,\n `Failed removing key: ${key}`,\n cause,\n );\n }\n}\n\nexport function timingSafeEqual(a: string, b: string): boolean {\n if (a.length !== b.length) return false;\n let diff = 0;\n for (let i = 0; i < a.length; i++) {\n diff |= a.charCodeAt(i) ^ b.charCodeAt(i);\n }\n return diff === 0;\n}\n\nexport function parseUrl(url: string): URL {\n try {\n return new URL(url);\n } catch {\n throw new AuthError(AuthErrorCode.CALLBACK_ERROR, 'Invalid callback URL');\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport class MemoryStorageAdapter implements StorageAdapter {\n private store = new Map<string, string>();\n\n get(key: string): string | null {\n return this.store.get(key) ?? null;\n }\n\n set(key: string, value: string): void {\n this.store.set(key, value);\n }\n\n remove(key: string): void {\n this.store.delete(key);\n }\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type {\n AuthTransport,\n AuthTransportRequest,\n AuthTransportResponse,\n TransportInterceptor,\n} from '../core/types';\n\nexport interface FetchTransportOptions {\n fetchFn?: typeof fetch;\n timeoutMs?: number;\n retries?: number;\n interceptors?: TransportInterceptor[];\n}\n\nconst RETRYABLE_STATUS = new Set([408, 425, 429, 500, 502, 503, 504]);\n\nexport class FetchAuthTransport implements AuthTransport {\n private readonly fetchFn: typeof fetch;\n private readonly timeoutMs?: number;\n private readonly retries: number;\n private readonly interceptors: TransportInterceptor[];\n\n constructor(options: FetchTransportOptions = {}) {\n this.fetchFn = options.fetchFn ?? fetch;\n this.timeoutMs = options.timeoutMs;\n this.retries = options.retries ?? 0;\n this.interceptors = options.interceptors ?? [];\n }\n\n async request<T = unknown>(\n url: string,\n req: AuthTransportRequest = {},\n ): Promise<AuthTransportResponse<T>> {\n let request = req;\n for (const i of this.interceptors) {\n if (i.onRequest) request = await i.onRequest(url, request);\n }\n\n const retries = request.retries ?? this.retries;\n let attempt = 0;\n while (true) {\n const controller = new AbortController();\n const timeout = request.timeoutMs ?? this.timeoutMs;\n const timer = timeout\n ? setTimeout(() => controller.abort(), timeout)\n : undefined;\n try {\n const defaultContentType =\n typeof request.body === 'string'\n ? 'application/x-www-form-urlencoded'\n : 'application/json';\n const res = await this.fetchFn(this.withQuery(url, request.query), {\n method: request.method ?? 'GET',\n credentials: request.credentials,\n headers: {\n 'Content-Type': defaultContentType,\n ...(request.headers ?? {}),\n },\n body:\n request.body !== undefined\n ? typeof request.body === 'string'\n ? request.body\n : JSON.stringify(request.body)\n : undefined,\n signal: controller.signal,\n });\n const data = await this.parseBody<T>(res);\n if (!res.ok) {\n if (attempt < retries && RETRYABLE_STATUS.has(res.status)) {\n attempt += 1;\n continue;\n }\n throw new AuthError(AuthErrorCode.HTTP_ERROR, `HTTP ${res.status}`);\n }\n let out: AuthTransportResponse<T> = {\n status: res.status,\n data,\n headers: res.headers,\n };\n for (const i of this.interceptors) {\n if (i.onResponse) out = await i.onResponse(out);\n }\n return out;\n } catch (cause) {\n if (cause instanceof AuthError) throw cause;\n if (attempt < retries) {\n attempt += 1;\n continue;\n }\n throw new AuthError(\n AuthErrorCode.NETWORK_ERROR,\n 'Network request failed',\n cause,\n );\n } finally {\n if (timer) clearTimeout(timer);\n }\n }\n }\n\n private withQuery(\n url: string,\n query?: Record<string, string | undefined>,\n ): string {\n if (!query) return url;\n const parsed = new URL(url);\n Object.entries(query).forEach(([k, v]) => {\n if (v !== undefined) parsed.searchParams.set(k, v);\n });\n return parsed.toString();\n }\n\n private async parseBody<T>(res: Response): Promise<T> {\n const contentType = res.headers.get('content-type') ?? '';\n if (contentType.includes('application/json')) {\n return (await res.json()) as T;\n }\n return (await res.text()) as unknown as T;\n }\n}\n","import { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport { createCodeChallenge, randomString } from '../core/pkce';\nimport {\n normalizeTokenSet,\n parseUrl,\n safeGet,\n safeRemove,\n safeSet,\n timingSafeEqual,\n STORAGE_KEYS,\n} from '../core/utils';\nimport type {\n AuthClient,\n ResolvedAuthConfig,\n Session,\n StartLoginOptions,\n LoginCodeChallengeOptions,\n GoogleLoginOptions,\n PasswordLoginOptions,\n VerifyLoginCodeOptions,\n TwoFactorChallenge,\n TokenSet,\n AuthTransport,\n} from '../core/types';\nimport { MemoryStorageAdapter } from '../storage/memory-storage-adapter';\nimport { FetchAuthTransport } from '../transport/fetch-transport';\n\nexport class DefaultAuthClient implements AuthClient {\n private session: Session | null = null;\n private refreshPromise: Promise<Session> | null = null;\n private readonly listeners = new Set<(session: Session | null) => void>();\n private readonly storage;\n private readonly transport: AuthTransport;\n private readonly now: () => number;\n\n constructor(private readonly config: ResolvedAuthConfig) {\n this.storage = config.storage ?? new MemoryStorageAdapter();\n this.transport = config.transport ?? new FetchAuthTransport();\n this.now = config.now ?? (() => Date.now());\n }\n\n async startLogin(options: StartLoginOptions = {}): Promise<void> {\n const state = randomString(32);\n const codeVerifier = randomString(96);\n const codeChallenge = await createCodeChallenge(codeVerifier);\n\n await safeSet(this.storage, STORAGE_KEYS.state, state);\n await safeSet(this.storage, STORAGE_KEYS.codeVerifier, codeVerifier);\n\n const params: Record<string, string> = {\n response_type: 'code',\n client_id: this.config.clientId,\n redirect_uri: this.config.redirectUri,\n state,\n code_challenge: codeChallenge,\n code_challenge_method: 'S256',\n };\n\n const scope = options.scopes?.join(' ') ?? this.config.scope;\n if (scope) params.scope = scope;\n if (options.loginHint) params.login_hint = options.loginHint;\n if (options.extraParams) {\n const RESERVED = new Set([\n 'response_type',\n 'client_id',\n 'redirect_uri',\n 'state',\n 'code_challenge',\n 'code_challenge_method',\n ]);\n for (const [k, v] of Object.entries(options.extraParams)) {\n if (!RESERVED.has(k)) params[k] = v;\n }\n }\n\n const url = new URL(this.config.authorizationEndpoint);\n Object.entries(params).forEach(([k, v]) => url.searchParams.set(k, v));\n const redirectUrl = url.toString();\n\n if (this.config.onRedirect) {\n await this.config.onRedirect(redirectUrl);\n return;\n }\n if (typeof window !== 'undefined') {\n window.location.assign(redirectUrl);\n return;\n }\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'Missing onRedirect callback for non-browser runtime',\n );\n }\n\n async handleRedirectCallback(callbackUrl?: string): Promise<Session> {\n const input =\n callbackUrl ??\n (typeof window !== 'undefined' ? window.location.href : '');\n if (!input) {\n throw new AuthError(\n AuthErrorCode.CALLBACK_ERROR,\n 'callbackUrl required in non-browser runtime',\n );\n }\n\n const url = parseUrl(input);\n const error = url.searchParams.get('error');\n if (error) {\n const desc = url.searchParams.get('error_description');\n throw new AuthError(\n AuthErrorCode.CALLBACK_ERROR,\n desc\n ? `Authorization error: ${error} — ${desc}`\n : `Authorization error: ${error}`,\n );\n }\n\n const code = url.searchParams.get('code');\n if (!code) {\n throw new AuthError(\n AuthErrorCode.MISSING_CODE,\n 'Missing code in callback',\n );\n }\n\n const state = url.searchParams.get('state');\n if (!state) {\n throw new AuthError(\n AuthErrorCode.MISSING_STATE,\n 'Missing state in callback',\n );\n }\n\n const storedState = await safeGet(this.storage, STORAGE_KEYS.state);\n if (!storedState || !timingSafeEqual(storedState, state)) {\n throw new AuthError(\n AuthErrorCode.STATE_MISMATCH,\n 'State validation failed',\n );\n }\n\n return this.exchangeCode(code);\n }\n\n getSession(): Session | null {\n return this.session;\n }\n\n async getAccessToken(): Promise<string | null> {\n if (!this.session) {\n await this.hydrateSession();\n }\n if (!this.session) return null;\n const exp = this.session.tokens.expiresAt;\n if (exp && exp <= this.now() && this.config.enableRefreshToken) {\n if (!this.refreshPromise) {\n this.refreshPromise = this.doRefresh().finally(() => {\n this.refreshPromise = null;\n });\n }\n await this.refreshPromise;\n }\n return this.session?.tokens.accessToken ?? null;\n }\n\n async logout(options?: { returnTo?: string }): Promise<void> {\n if (options?.returnTo) {\n let returnToUrl: URL;\n try {\n returnToUrl = new URL(options.returnTo);\n } catch {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'returnTo must be a valid absolute URL',\n );\n }\n\n const isHttps = returnToUrl.protocol === 'https:';\n const isLocalHttp =\n returnToUrl.protocol === 'http:' &&\n (returnToUrl.hostname === 'localhost' ||\n returnToUrl.hostname === '127.0.0.1' ||\n returnToUrl.hostname === '[::1]');\n if (!isHttps && !isLocalHttp) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'returnTo must use https:// (or http:// only for localhost)',\n );\n }\n if (returnToUrl.username || returnToUrl.password) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'returnTo must not include URL credentials',\n );\n }\n }\n\n this.session = null;\n await safeRemove(this.storage, STORAGE_KEYS.session);\n await safeRemove(this.storage, STORAGE_KEYS.state);\n await safeRemove(this.storage, STORAGE_KEYS.codeVerifier);\n this.notify();\n\n if (this.config.logoutEndpoint) {\n const url = new URL(this.config.logoutEndpoint);\n if (options?.returnTo) {\n url.searchParams.set('returnTo', options.returnTo);\n }\n const logoutUrl = url.toString();\n if (this.config.onRedirect) {\n await this.config.onRedirect(logoutUrl);\n } else if (typeof window !== 'undefined') {\n window.location.assign(logoutUrl);\n }\n }\n }\n\n isAuthenticated(): boolean {\n const accessToken = this.session?.tokens.accessToken;\n if (!accessToken) return false;\n const exp = this.session?.tokens.expiresAt;\n if (exp && exp <= this.now()) return false;\n return true;\n }\n\n onAuthStateChanged(handler: (session: Session | null) => void): () => void {\n this.listeners.add(handler);\n return () => this.listeners.delete(handler);\n }\n\n async getUserinfo(): Promise<Record<string, unknown>> {\n const accessToken = await this.getAccessToken();\n if (!accessToken) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'Not authenticated — call handleRedirectCallback first',\n );\n }\n if (!this.config.userinfoEndpoint) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.userinfoEndpoint is required for getUserinfo',\n );\n }\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.userinfoEndpoint,\n { headers: { Authorization: `Bearer ${accessToken}` } },\n );\n return response.data;\n }\n\n async startLoginCodeChallenge(\n options: LoginCodeChallengeOptions,\n ): Promise<TwoFactorChallenge> {\n if (!options?.email) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'email is required for startLoginCodeChallenge',\n );\n }\n\n const response = await this.transport.request<Record<string, unknown>>(\n `${this.config.baseUrl}/v2/login-code/challenge`,\n {\n method: 'POST',\n credentials: 'include',\n body: {\n email: options.email,\n channel: options.channel ?? 'email',\n destination: options.destination,\n purpose: options.purpose ?? 'login',\n },\n },\n );\n\n return {\n challengeId: String(response.data.challengeId ?? ''),\n channel: String(response.data.channel ?? ''),\n destinationMasked: String(response.data.destinationMasked ?? ''),\n expiresAt: Number(response.data.expiresAt ?? 0),\n purpose: String(response.data.purpose ?? 'login'),\n };\n }\n\n async verifyLoginCode(options: VerifyLoginCodeOptions): Promise<Session> {\n if (!options?.challengeId || !options?.code) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'challengeId and code are required for verifyLoginCode',\n );\n }\n\n const response = await this.transport.request<Record<string, unknown>>(\n `${this.config.baseUrl}/v2/2fa/verify-login`,\n {\n method: 'POST',\n credentials: 'include',\n body: {\n challengeId: options.challengeId,\n code: options.code,\n },\n },\n );\n const tokens = normalizeTokenSet(response.data, this.now);\n return this.createSession(tokens);\n }\n\n async loginWithCodeSent(\n options: LoginCodeChallengeOptions,\n ): Promise<TwoFactorChallenge> {\n return this.startLoginCodeChallenge(options);\n }\n\n async completeLoginWithCode(\n options: VerifyLoginCodeOptions,\n ): Promise<Session> {\n return this.verifyLoginCode(options);\n }\n\n async loginWithGoogle(options: GoogleLoginOptions): Promise<Session> {\n if (!options?.idToken) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'idToken is required for loginWithGoogle',\n );\n }\n\n const response = await this.transport.request<Record<string, unknown>>(\n `${this.config.baseUrl}/v2/google`,\n {\n method: 'POST',\n credentials: 'include',\n body: {\n idToken: options.idToken,\n },\n },\n );\n const tokens = normalizeTokenSet(response.data, this.now);\n return this.createSession(tokens);\n }\n\n async loginWithPassword(options: PasswordLoginOptions): Promise<Session> {\n if (!options?.email || !options?.password) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'email and password are required for loginWithPassword',\n );\n }\n\n const response = await this.transport.request<Record<string, unknown>>(\n `${this.config.baseUrl}/v2/login`,\n {\n method: 'POST',\n credentials: 'include',\n body: {\n email: options.email,\n password: options.password,\n },\n },\n );\n const tokens = normalizeTokenSet(response.data, this.now);\n return this.createSession(tokens);\n }\n\n private async exchangeCode(code: string): Promise<Session> {\n const verifier = await safeGet(this.storage, STORAGE_KEYS.codeVerifier);\n if (!verifier) {\n throw new AuthError(\n AuthErrorCode.TOKEN_EXCHANGE_FAILED,\n 'Missing PKCE code_verifier in storage',\n );\n }\n\n const body = new URLSearchParams({\n grant_type: 'authorization_code',\n code,\n code_verifier: verifier,\n redirect_uri: this.config.redirectUri,\n client_id: this.config.clientId,\n });\n\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.tokenEndpoint,\n {\n method: 'POST',\n credentials: 'include',\n body: body.toString(),\n },\n );\n const tokens = normalizeTokenSet(response.data, this.now);\n await safeRemove(this.storage, STORAGE_KEYS.state);\n await safeRemove(this.storage, STORAGE_KEYS.codeVerifier);\n return this.createSession(tokens);\n }\n\n private async doRefresh(): Promise<Session> {\n const refreshToken = this.session?.tokens.refreshToken;\n const body = new URLSearchParams({\n grant_type: 'refresh_token',\n client_id: this.config.clientId,\n });\n if (refreshToken) body.set('refresh_token', refreshToken);\n\n const response = await this.transport.request<Record<string, unknown>>(\n this.config.tokenEndpoint,\n {\n method: 'POST',\n credentials: 'include',\n body: body.toString(),\n },\n );\n const tokens = normalizeTokenSet(response.data, this.now);\n return this.createSession(tokens);\n }\n\n private async createSession(tokens: TokenSet): Promise<Session> {\n const previousRefreshToken = this.session?.tokens.refreshToken;\n const mergedTokens: TokenSet = {\n ...tokens,\n refreshToken: tokens.refreshToken ?? previousRefreshToken,\n };\n\n this.session = {\n tokens: mergedTokens,\n createdAt: this.now(),\n };\n await safeSet(\n this.storage,\n STORAGE_KEYS.session,\n JSON.stringify(this.session),\n );\n this.notify();\n return this.session;\n }\n\n private notify(): void {\n this.listeners.forEach((handler) => handler(this.session));\n }\n\n private async hydrateSession(): Promise<void> {\n const raw = await safeGet(this.storage, STORAGE_KEYS.session);\n if (!raw) return;\n try {\n const parsed = JSON.parse(raw) as Session;\n if (typeof parsed?.tokens?.accessToken !== 'string') {\n await safeRemove(this.storage, STORAGE_KEYS.session);\n return;\n }\n this.session = parsed;\n } catch {\n await safeRemove(this.storage, STORAGE_KEYS.session);\n this.session = null;\n }\n }\n}\n","import { DefaultAuthClient } from './nuria-auth-client';\nimport { AuthError, AuthErrorCode } from '../errors/auth-error';\nimport type { AuthClient, AuthConfig, ResolvedAuthConfig } from '../core/types';\n\nconst DEFAULT_AUTH_BASE_URL = 'https://ms-auth-v2.nuria.com.br';\nconst DEFAULT_AUTHORIZATION_PATH = '/v2/oauth/authorize';\nconst DEFAULT_TOKEN_PATH = '/v2/oauth/token';\nconst DEFAULT_SCOPE = 'openid profile email';\n\nfunction normalizeBaseUrl(value?: string): string {\n const raw = String(value ?? DEFAULT_AUTH_BASE_URL).trim();\n if (!raw) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.baseUrl must be a valid absolute URL',\n );\n }\n\n let parsed: URL;\n try {\n parsed = new URL(raw);\n } catch {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.baseUrl must be a valid absolute URL',\n );\n }\n\n return parsed.toString().replace(/\\/+$/, '');\n}\n\nfunction resolveEndpoint(\n baseUrl: string,\n explicit: string | undefined,\n fallbackPath: string,\n): string {\n if (explicit) {\n try {\n return new URL(explicit).toString();\n } catch {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'OAuth endpoints must be valid absolute URLs',\n );\n }\n }\n\n return new URL(fallbackPath, `${baseUrl}/`).toString();\n}\n\nexport function createAuthClient(config: AuthConfig): AuthClient {\n if (!config?.clientId) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.clientId is required',\n );\n }\n if (!config.redirectUri) {\n throw new AuthError(\n AuthErrorCode.INVALID_CONFIG,\n 'config.redirectUri is required',\n );\n }\n\n const baseUrl = normalizeBaseUrl(config.baseUrl);\n const resolvedConfig: ResolvedAuthConfig = {\n ...config,\n baseUrl,\n scope: String(config.scope ?? '').trim() || DEFAULT_SCOPE,\n enableRefreshToken: config.enableRefreshToken ?? true,\n authorizationEndpoint: resolveEndpoint(\n baseUrl,\n config.authorizationEndpoint,\n DEFAULT_AUTHORIZATION_PATH,\n ),\n tokenEndpoint: resolveEndpoint(\n baseUrl,\n config.tokenEndpoint,\n DEFAULT_TOKEN_PATH,\n ),\n };\n\n return new DefaultAuthClient(resolvedConfig);\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport class WebStorageAdapter implements StorageAdapter {\n constructor(\n private readonly storage: Pick<\n Storage,\n 'getItem' | 'setItem' | 'removeItem'\n >,\n ) {}\n\n get(key: string): string | null {\n return this.storage.getItem(key);\n }\n\n set(key: string, value: string): void {\n this.storage.setItem(key, value);\n }\n\n remove(key: string): void {\n this.storage.removeItem(key);\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport interface CookieStorageCallbacks {\n getCookie(name: string): string | null | Promise<string | null>;\n setCookie(name: string, value: string): void | Promise<void>;\n removeCookie(name: string): void | Promise<void>;\n}\n\nexport class CookieStorageAdapter implements StorageAdapter {\n constructor(private readonly callbacks: CookieStorageCallbacks) {}\n\n async get(key: string): Promise<string | null> {\n return this.callbacks.getCookie(key);\n }\n\n async set(key: string, value: string): Promise<void> {\n await this.callbacks.setCookie(key, value);\n }\n\n async remove(key: string): Promise<void> {\n await this.callbacks.removeCookie(key);\n }\n}\n","import type { StorageAdapter } from '../core/types';\n\nexport interface BrowserCookieStorageOptions {\n domain?: string;\n path?: string;\n sameSite?: 'strict' | 'lax' | 'none';\n secure?: boolean;\n}\n\nconst getCookieValue = (name: string): string | null => {\n if (typeof document === 'undefined') return null;\n const escapedName = name.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&');\n const result = document.cookie.match(\n `(^|;)\\\\s*${escapedName}\\\\s*=\\\\s*([^;]+)`,\n );\n if (!result) return null;\n const raw = result.pop() ?? null;\n if (raw == null) return null;\n try {\n return decodeURIComponent(raw);\n } catch {\n return raw;\n }\n};\n\nexport function createBrowserCookieStorage(\n options: BrowserCookieStorageOptions = {},\n): StorageAdapter {\n const { domain, path = '/', sameSite = 'strict', secure = true } = options;\n\n const get = (key: string): string | null => {\n return getCookieValue(key);\n };\n\n const set = (key: string, value: string): void => {\n if (typeof document === 'undefined') return;\n let cookie = `${key}=${encodeURIComponent(value)}`;\n if (path) cookie += `; path=${path}`;\n if (domain) cookie += `; domain=${domain}`;\n if (sameSite) cookie += `; samesite=${sameSite}`;\n if (secure) cookie += `; secure`;\n document.cookie = cookie;\n };\n\n const remove = (key: string): void => {\n if (typeof document === 'undefined') return;\n let cookie = `${key}=; expires=Thu, 01 Jan 1970 00:00:00 GMT`;\n if (path) cookie += `; path=${path}`;\n if (domain) cookie += `; domain=${domain}`;\n document.cookie = cookie;\n };\n\n return { get, set, remove };\n}\n"]}