@parsrun/auth 0.2.11 → 0.2.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/hono.js +2 -2
- package/dist/adapters/index.js +2 -2
- package/dist/{chunk-NWUMFIFT.js → chunk-JFSNE55J.js} +3 -3
- package/dist/{chunk-NWUMFIFT.js.map → chunk-JFSNE55J.js.map} +1 -1
- package/dist/{chunk-MOG4Y6I7.js → chunk-JN34EE5D.js} +3 -2
- package/dist/chunk-JN34EE5D.js.map +1 -0
- package/dist/index.js +3 -3
- package/dist/session/index.js +1 -1
- package/package.json +3 -3
- package/dist/chunk-MOG4Y6I7.js.map +0 -1
package/dist/adapters/hono.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
export { createAuthMiddleware, createAuthRoutes, createHonoAuth, createOptionalAuthMiddleware, requireAdmin, requireAll, requireAny, requireAnyPermission, requireOwnerOrPermission, requirePermission, requireRole, requireTenant, requireTenantAccess } from '../chunk-
|
|
1
|
+
export { createAuthMiddleware, createAuthRoutes, createHonoAuth, createOptionalAuthMiddleware, requireAdmin, requireAll, requireAny, requireAnyPermission, requireOwnerOrPermission, requirePermission, requireRole, requireTenant, requireTenantAccess } from '../chunk-JFSNE55J.js';
|
|
2
2
|
import '../chunk-NK4TJV2W.js';
|
|
3
|
-
import '../chunk-
|
|
3
|
+
import '../chunk-JN34EE5D.js';
|
|
4
4
|
import '../chunk-42MGHABB.js';
|
|
5
5
|
//# sourceMappingURL=hono.js.map
|
|
6
6
|
//# sourceMappingURL=hono.js.map
|
package/dist/adapters/index.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import '../chunk-7GOBAL4G.js';
|
|
2
|
-
export { createAuthCookies, createAuthMiddleware, createAuthRoutes, createHonoAuth, createLogoutCookies, createOptionalAuthMiddleware, requireAdmin, requireAll, requireAny, requireAnyPermission, requireOwnerOrPermission, requirePermission, requireRole, requireTenant, requireTenantAccess } from '../chunk-
|
|
2
|
+
export { createAuthCookies, createAuthMiddleware, createAuthRoutes, createHonoAuth, createLogoutCookies, createOptionalAuthMiddleware, requireAdmin, requireAll, requireAny, requireAnyPermission, requireOwnerOrPermission, requirePermission, requireRole, requireTenant, requireTenantAccess } from '../chunk-JFSNE55J.js';
|
|
3
3
|
import '../chunk-NK4TJV2W.js';
|
|
4
|
-
import '../chunk-
|
|
4
|
+
import '../chunk-JN34EE5D.js';
|
|
5
5
|
import '../chunk-42MGHABB.js';
|
|
6
6
|
//# sourceMappingURL=index.js.map
|
|
7
7
|
//# sourceMappingURL=index.js.map
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { createAuthorizationGuard } from './chunk-NK4TJV2W.js';
|
|
2
|
-
import { extractBearerToken } from './chunk-
|
|
2
|
+
import { extractBearerToken } from './chunk-JN34EE5D.js';
|
|
3
3
|
|
|
4
4
|
// src/adapters/types.ts
|
|
5
5
|
function createAuthCookies(tokens, config) {
|
|
@@ -833,5 +833,5 @@ function requireAny(...middlewares) {
|
|
|
833
833
|
}
|
|
834
834
|
|
|
835
835
|
export { createAuthCookies, createAuthMiddleware, createAuthRoutes, createHonoAuth, createLogoutCookies, createOptionalAuthMiddleware, requireAdmin, requireAll, requireAny, requireAnyPermission, requireOwnerOrPermission, requirePermission, requireRole, requireTenant, requireTenantAccess };
|
|
836
|
-
//# sourceMappingURL=chunk-
|
|
837
|
-
//# sourceMappingURL=chunk-
|
|
836
|
+
//# sourceMappingURL=chunk-JFSNE55J.js.map
|
|
837
|
+
//# sourceMappingURL=chunk-JFSNE55J.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/adapters/types.ts","../src/adapters/hono.ts"],"names":["c"],"mappings":";;;;AAsGO,SAAS,iBAAA,CACd,QACA,MAAA,EAQiB;AACjB,EAAA,MAAM,MAAA,GAAS,OAAO,MAAA,IAAU,MAAA;AAEhC,EAAA,OAAO;AAAA,IACL;AAAA,MACE,IAAA,EAAM,GAAG,MAAM,CAAA,aAAA,CAAA;AAAA,MACf,OAAO,MAAA,CAAO,WAAA;AAAA,MACd,SAAS,MAAA,CAAO,eAAA;AAAA,MAChB,IAAA,EAAM,OAAO,IAAA,IAAQ,GAAA;AAAA,MACrB,QAAQ,MAAA,CAAO,MAAA;AAAA,MACf,MAAA,EAAQ,OAAO,MAAA,IAAU,IAAA;AAAA,MACzB,QAAA,EAAU,OAAO,QAAA,IAAY,KAAA;AAAA,MAC7B,QAAA,EAAU;AAAA;AAAA,KACZ;AAAA,IACA;AAAA,MACE,IAAA,EAAM,GAAG,MAAM,CAAA,cAAA,CAAA;AAAA,MACf,OAAO,MAAA,CAAO,YAAA;AAAA,MACd,SAAS,MAAA,CAAO,gBAAA;AAAA,MAChB,IAAA,EAAM,OAAO,IAAA,IAAQ,GAAA;AAAA,MACrB,QAAQ,MAAA,CAAO,MAAA;AAAA,MACf,MAAA,EAAQ,OAAO,MAAA,IAAU,IAAA;AAAA,MACzB,QAAA,EAAU,OAAO,QAAA,IAAY,KAAA;AAAA,MAC7B,QAAA,EAAU,OAAO,QAAA,IAAY;AAAA;AAAA;AAC/B,GACF;AACF;AAKO,SAAS,oBACd,MAAA,EAKiB;AACjB,EAAA,MAAM,MAAA,GAAS,OAAO,MAAA,IAAU,MAAA;AAChC,EAAA,MAAM,IAAA,mBAAO,IAAI,IAAA,CAAK,CAAC,CAAA;AAEvB,EAAA,OAAO;AAAA,IACL;AAAA,MACE,IAAA,EAAM,GAAG,MAAM,CAAA,aAAA,CAAA;AAAA,MACf,KAAA,EAAO,EAAA;AAAA,MACP,OAAA,EAAS,IAAA;AAAA,MACT,IAAA,EAAM,OAAO,IAAA,IAAQ,GAAA;AAAA,MACrB,QAAQ,MAAA,CAAO;AAAA,KACjB;AAAA,IACA;AAAA,MACE,IAAA,EAAM,GAAG,MAAM,CAAA,cAAA,CAAA;AAAA,MACf,KAAA,EAAO,EAAA;AAAA,MACP,OAAA,EAAS,IAAA;AAAA,MACT,IAAA,EAAM,OAAO,IAAA,IAAQ,GAAA;AAAA,MACrB,QAAQ,MAAA,CAAO;AAAA;AACjB,GACF;AACF;;;ACrHA,SAAS,SAAA,CAAU,GAAY,MAAA,EAA6B;AAC1D,EAAA,IAAI,eAAe,CAAA,EAAG,MAAA,CAAO,IAAI,CAAA,CAAA,EAAI,OAAO,KAAK,CAAA,CAAA;AAEjD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,YAAA,IAAgB,CAAA,UAAA,EAAa,MAAA,CAAO,OAAA,CAAQ,WAAA,EAAa,CAAA,CAAA;AAAA,EAC3D;AACA,EAAA,IAAI,MAAA,CAAO,WAAW,MAAA,EAAW;AAC/B,IAAA,YAAA,IAAgB,CAAA,UAAA,EAAa,OAAO,MAAM,CAAA,CAAA;AAAA,EAC5C;AACA,EAAA,IAAI,OAAO,IAAA,EAAM;AACf,IAAA,YAAA,IAAgB,CAAA,OAAA,EAAU,OAAO,IAAI,CAAA,CAAA;AAAA,EACvC;AACA,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,YAAA,IAAgB,CAAA,SAAA,EAAY,OAAO,MAAM,CAAA,CAAA;AAAA,EAC3C;AACA,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,YAAA,IAAgB,UAAA;AAAA,EAClB;AACA,EAAA,IAAI,OAAO,QAAA,EAAU;AACnB,IAAA,YAAA,IAAgB,YAAA;AAAA,EAClB;AACA,EAAA,IAAI,OAAO,QAAA,EAAU;AACnB,IAAA,YAAA,IAAgB,CAAA,WAAA,EAAc,MAAA,CAAO,QAAA,CAAS,MAAA,CAAO,CAAC,CAAA,CAAE,WAAA,EAAY,GAAI,MAAA,CAAO,QAAA,CAAS,KAAA,CAAM,CAAC,CAAC,CAAA,CAAA;AAAA,EAClG;AAEA,EAAA,CAAA,CAAE,OAAO,YAAA,EAAc,YAAA,EAAc,EAAE,MAAA,EAAQ,MAAM,CAAA;AACvD;AAKA,SAAS,SAAA,CAAU,GAAY,IAAA,EAAkC;AAC/D,EAAA,MAAM,YAAA,GAAe,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA;AAC1C,EAAA,IAAI,CAAC,cAAc,OAAO,MAAA;AAE1B,EAAA,MAAM,OAAA,GAAU,YAAA,CAAa,KAAA,CAAM,GAAG,CAAA,CAAE,IAAI,CAACA,EAAAA,KAAMA,EAAAA,CAAE,IAAA,EAAM,CAAA;AAC3D,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,CAAC,UAAA,EAAY,GAAG,UAAU,CAAA,GAAI,MAAA,CAAO,MAAM,GAAG,CAAA;AACpD,IAAA,IAAI,eAAe,IAAA,EAAM;AACvB,MAAA,OAAO,UAAA,CAAW,KAAK,GAAG,CAAA;AAAA,IAC5B;AAAA,EACF;AACA,EAAA,OAAO,MAAA;AACT;AAMO,SAAS,qBACd,MAAA,EACiD;AACjD,EAAA,MAAM,EAAE,IAAA,EAAM,cAAA,EAAe,GAAI,MAAA;AAEjC,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AAExB,IAAA,MAAM,UAAA,GAAa,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,eAAe,CAAA;AAC/C,IAAA,IAAI,KAAA,GAAQ,mBAAmB,UAAU,CAAA;AAEzC,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,YAAA,GAAe,MAAA,CAAO,OAAA,EAAS,MAAA,IAAU,MAAA;AAC/C,MAAA,KAAA,GAAQ,SAAA,CAAU,CAAA,EAAG,CAAA,EAAG,YAAY,eAAe,CAAA,IAAK,IAAA;AAAA,IAC1D;AAEA,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,IAAI,cAAA,EAAgB;AAClB,QAAA,OAAO,cAAA,CAAe,GAAG,mBAAmB,CAAA;AAAA,MAC9C;AACA,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,mBAAA,IAAuB,GAAG,CAAA;AAAA,IAC5E;AAGA,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAEjD,IAAA,IAAI,CAAC,MAAA,CAAO,KAAA,IAAS,CAAC,OAAO,OAAA,EAAS;AACpC,MAAA,IAAI,cAAA,EAAgB;AAClB,QAAA,OAAO,cAAA,CAAe,CAAA,EAAG,MAAA,CAAO,KAAK,CAAA;AAAA,MACvC;AACA,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,MAAA,CAAO,KAAA,EAAM,EAAG,GAAG,CAAA;AAAA,IACrE;AAGA,IAAA,MAAM,WAAA,GAA2B;AAAA,MAC/B,MAAA,EAAQ,OAAO,OAAA,CAAQ,GAAA;AAAA,MACvB,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,GAAI,OAAO,OAAA,CAAQ,GAAA,IAAO,EAAE,SAAA,EAAW,MAAA,CAAO,QAAQ,GAAA,EAAI;AAAA,MAC1D,GAAI,OAAO,OAAA,CAAQ,GAAA,IAAO,EAAE,QAAA,EAAU,MAAA,CAAO,QAAQ,GAAA,EAAI;AAAA,MACzD,GAAI,OAAO,OAAA,CAAQ,KAAA,IAAS,EAAE,KAAA,EAAO,MAAA,CAAO,QAAQ,KAAA,EAAM;AAAA,MAC1D,GAAI,OAAO,OAAA,CAAQ,WAAA,IAAe,EAAE,WAAA,EAAa,MAAA,CAAO,QAAQ,WAAA;AAAY,KAC9E;AAEA,IAAA,CAAA,CAAE,GAAA,CAAI,QAAQ,WAAW,CAAA;AAEzB,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAMO,SAAS,6BACd,MAAA,EAC0D;AAC1D,EAAA,MAAM,EAAE,MAAK,GAAI,MAAA;AAEjB,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AAExB,IAAA,MAAM,UAAA,GAAa,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,eAAe,CAAA;AAC/C,IAAA,IAAI,KAAA,GAAQ,mBAAmB,UAAU,CAAA;AAEzC,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,YAAA,GAAe,MAAA,CAAO,OAAA,EAAS,MAAA,IAAU,MAAA;AAC/C,MAAA,KAAA,GAAQ,SAAA,CAAU,CAAA,EAAG,CAAA,EAAG,YAAY,eAAe,CAAA,IAAK,IAAA;AAAA,IAC1D;AAEA,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAEjD,MAAA,IAAI,MAAA,CAAO,KAAA,IAAS,MAAA,CAAO,OAAA,EAAS;AAClC,QAAA,MAAM,WAAA,GAA2B;AAAA,UAC/B,MAAA,EAAQ,OAAO,OAAA,CAAQ,GAAA;AAAA,UACvB,SAAS,MAAA,CAAO,OAAA;AAAA,UAChB,GAAI,OAAO,OAAA,CAAQ,GAAA,IAAO,EAAE,SAAA,EAAW,MAAA,CAAO,QAAQ,GAAA,EAAI;AAAA,UAC1D,GAAI,OAAO,OAAA,CAAQ,GAAA,IAAO,EAAE,QAAA,EAAU,MAAA,CAAO,QAAQ,GAAA,EAAI;AAAA,UACzD,GAAI,OAAO,OAAA,CAAQ,KAAA,IAAS,EAAE,KAAA,EAAO,MAAA,CAAO,QAAQ,KAAA,EAAM;AAAA,UAC1D,GAAI,OAAO,OAAA,CAAQ,WAAA,IAAe,EAAE,WAAA,EAAa,MAAA,CAAO,QAAQ,WAAA;AAAY,SAC9E;AAEA,QAAA,CAAA,CAAE,GAAA,CAAI,QAAQ,WAAW,CAAA;AAAA,MAC3B;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAMO,SAAS,gBAAA,CACd,KACA,MAAA,EACS;AACT,EAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,YAAA,EAAa,GAAI,MAAA;AAMxC,EAAA,GAAA,CAAI,IAAA,CAAK,cAAA,EAAgB,OAAO,CAAA,KAAM;AACpC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAAoD;AAE7E,MAAA,IAAI,CAAC,IAAA,CAAK,UAAA,IAAc,CAAC,KAAK,IAAA,EAAM;AAClC,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,eAAe,OAAA,EAAS,kCAAA,IAAsC,GAAG,CAAA;AAAA,MAC1F;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,UAAA,CAAW;AAAA,QACnC,YAAY,IAAA,CAAK,UAAA;AAAA,QACjB,MAAM,IAAA,CAAK;AAAA,OACZ,CAAA;AAED,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,OAAO,EAAE,IAAA,CAAK;AAAA,UACZ,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,MAAA,CAAO,KAAA;AAAA,UACd,mBAAmB,MAAA,CAAO;AAAA,WACzB,GAAG,CAAA;AAAA,MACR;AAEA,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,WAAW,MAAA,CAAO,SAAA;AAAA,QAClB,mBAAmB,MAAA,CAAO;AAAA,OAC3B,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,IAAA,CAAK,aAAA,EAAe,OAAO,CAAA,KAAM;AACnC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAItB;AAEH,MAAA,IAAI,CAAC,IAAA,CAAK,UAAA,IAAc,CAAC,KAAK,IAAA,EAAM;AAClC,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,eAAe,OAAA,EAAS,kCAAA,IAAsC,GAAG,CAAA;AAAA,MAC1F;AAEA,MAAA,MAAM,SAAA,GAAY,EAAE,GAAA,CAAI,MAAA,CAAO,iBAAiB,CAAA,IAAK,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,WAAW,CAAA;AAC7E,MAAA,MAAM,SAAA,GAAY,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,YAAY,CAAA;AAE3C,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,MAAA,CAAO;AAAA,QAC/B,QAAA,EAAU,KAAA;AAAA,QACV,YAAY,IAAA,CAAK,UAAA;AAAA,QACjB,YAAY,IAAA,CAAK,IAAA;AAAA,QACjB,IAAA,EAAM,EAAE,IAAA,EAAM,IAAA,CAAK,QAAQ,OAAA,EAAQ;AAAA,QACnC,QAAA,EAAU;AAAA,UACR,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,UAC7B,GAAI,SAAA,IAAa,EAAE,SAAA;AAAU;AAC/B,OACD,CAAA;AAED,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,OAAO,EAAE,IAAA,CAAK;AAAA,UACZ,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,MAAA,CAAO,KAAA;AAAA,UACd,WAAW,MAAA,CAAO;AAAA,WACjB,GAAG,CAAA;AAAA,MACR;AAGA,MAAA,IAAI,MAAA,CAAO,UAAU,YAAA,EAAc;AACjC,QAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,CAAO,MAAA,EAAQ,YAAY,CAAA;AAC7D,QAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,UAAA,SAAA,CAAU,GAAG,MAAM,CAAA;AAAA,QACrB;AAAA,MACF;AAEA,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,IAAA,EAAM,OAAO,IAAA,GAAO;AAAA,UAClB,EAAA,EAAI,OAAO,IAAA,CAAK,EAAA;AAAA,UAChB,KAAA,EAAO,OAAO,IAAA,CAAK,KAAA;AAAA,UACnB,IAAA,EAAM,OAAO,IAAA,CAAK;AAAA,SACpB,GAAI,KAAA,CAAA;AAAA,QACJ,QAAQ,MAAA,CAAO;AAAA,OAChB,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,IAAA,CAAK,UAAA,EAAY,OAAO,CAAA,KAAM;AAChC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAKtB;AAEH,MAAA,IAAI,CAAC,IAAA,CAAK,QAAA,IAAY,CAAC,KAAK,UAAA,EAAY;AACtC,QAAA,OAAO,EAAE,IAAA,CAAK;AAAA,UACZ,KAAA,EAAO,aAAA;AAAA,UACP,OAAA,EAAS;AAAA,WACR,GAAG,CAAA;AAAA,MACR;AAEA,MAAA,MAAM,SAAA,GAAY,EAAE,GAAA,CAAI,MAAA,CAAO,iBAAiB,CAAA,IAAK,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,WAAW,CAAA;AAC7E,MAAA,MAAM,SAAA,GAAY,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,YAAY,CAAA;AAE3C,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,MAAA,CAAO;AAAA,QAC/B,UAAU,IAAA,CAAK,QAAA;AAAA,QACf,YAAY,IAAA,CAAK,UAAA;AAAA,QACjB,GAAI,IAAA,CAAK,UAAA,IAAc,EAAE,UAAA,EAAY,KAAK,UAAA,EAAW;AAAA,QACrD,GAAI,IAAA,CAAK,IAAA,IAAQ,EAAE,IAAA,EAAM,KAAK,IAAA,EAAK;AAAA,QACnC,QAAA,EAAU;AAAA,UACR,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,UAC7B,GAAI,SAAA,IAAa,EAAE,SAAA;AAAU;AAC/B,OACD,CAAA;AAED,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,OAAO,EAAE,IAAA,CAAK;AAAA,UACZ,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,MAAA,CAAO,KAAA;AAAA,UACd,WAAW,MAAA,CAAO,SAAA;AAAA,UAClB,mBAAmB,MAAA,CAAO;AAAA,WACzB,GAAG,CAAA;AAAA,MACR;AAGA,MAAA,IAAI,MAAA,CAAO,UAAU,YAAA,EAAc;AACjC,QAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,CAAO,MAAA,EAAQ,YAAY,CAAA;AAC7D,QAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,UAAA,SAAA,CAAU,GAAG,MAAM,CAAA;AAAA,QACrB;AAAA,MACF;AAEA,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,IAAA,EAAM,OAAO,IAAA,GAAO;AAAA,UAClB,EAAA,EAAI,OAAO,IAAA,CAAK,EAAA;AAAA,UAChB,KAAA,EAAO,OAAO,IAAA,CAAK,KAAA;AAAA,UACnB,IAAA,EAAM,OAAO,IAAA,CAAK;AAAA,SACpB,GAAI,KAAA,CAAA;AAAA,QACJ,QAAQ,MAAA,CAAO,MAAA;AAAA,QACf,mBAAmB,MAAA,CAAO;AAAA,OAC3B,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,IAAA,CAAK,WAAA,EAAa,OAAO,CAAA,KAAM;AACjC,IAAA,IAAI;AAEF,MAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,MAAA,IAAI,aAAa,SAAA,EAAW;AAC1B,QAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,WAAA,CAAY,SAAS,CAAA;AAAA,MAC1C;AAGA,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,MAAM,OAAA,GAAU,oBAAoB,YAAY,CAAA;AAChD,QAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,UAAA,SAAA,CAAU,GAAG,MAAM,CAAA;AAAA,QACrB;AAAA,MACF;AAEA,MAAA,OAAO,CAAA,CAAE,IAAA,CAAK,EAAE,OAAA,EAAS,MAAM,CAAA;AAAA,IACjC,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,IAAA,CAAK,UAAA,EAAY,OAAO,CAAA,KAAM;AAChC,IAAA,IAAI;AAEF,MAAA,IAAI,YAAA;AAEJ,MAAA,IAAI;AACF,QAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAAgC;AACzD,QAAA,YAAA,GAAe,IAAA,CAAK,YAAA;AAAA,MACtB,CAAA,CAAA,MAAQ;AAAA,MAER;AAEA,MAAA,IAAI,CAAC,YAAA,EAAc;AACjB,QAAA,MAAM,YAAA,GAAe,cAAc,MAAA,IAAU,MAAA;AAC7C,QAAA,YAAA,GAAe,SAAA,CAAU,CAAA,EAAG,CAAA,EAAG,YAAY,CAAA,cAAA,CAAgB,CAAA;AAAA,MAC7D;AAEA,MAAA,IAAI,CAAC,YAAA,EAAc;AACjB,QAAA,OAAO,EAAE,IAAA,CAAK;AAAA,UACZ,OAAA,EAAS,KAAA;AAAA,UACT,KAAA,EAAO;AAAA,WACN,GAAG,CAAA;AAAA,MACR;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,aAAA,CAAc,YAAY,CAAA;AAEpD,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AAEnB,QAAA,IAAI,YAAA,EAAc;AAChB,UAAA,MAAM,OAAA,GAAU,oBAAoB,YAAY,CAAA;AAChD,UAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,YAAA,SAAA,CAAU,GAAG,MAAM,CAAA;AAAA,UACrB;AAAA,QACF;AAEA,QAAA,OAAO,EAAE,IAAA,CAAK;AAAA,UACZ,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,MAAA,CAAO;AAAA,WACb,GAAG,CAAA;AAAA,MACR;AAGA,MAAA,IAAI,MAAA,CAAO,UAAU,YAAA,EAAc;AACjC,QAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,CAAO,MAAA,EAAQ,YAAY,CAAA;AAC7D,QAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,UAAA,SAAA,CAAU,GAAG,MAAM,CAAA;AAAA,QACrB;AAAA,MACF;AAEA,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,QAAQ,MAAA,CAAO;AAAA,OAChB,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,GAAA,CAAI,KAAA,EAAO,OAAO,CAAA,KAAM;AAC1B,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAGA,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,YAAW,CAAE,YAAA,CAAa,YAAY,MAAM,CAAA;AAEpE,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,gBAAA,IAAoB,GAAG,CAAA;AAAA,IAChD;AAEA,IAAA,OAAO,EAAE,IAAA,CAAK;AAAA,MACZ,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,kBAAkB,IAAA,CAAK;AAAA,KACxB,CAAA;AAAA,EACH,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,GAAA,CAAI,WAAA,EAAa,OAAO,CAAA,KAAM;AAChC,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,MAAM,WAAW,MAAM,IAAA,CAAK,YAAY,WAAA,CAAY,MAAA,EAAQ,YAAY,SAAS,CAAA;AAEjF,IAAA,OAAO,CAAA,CAAE,IAAA,CAAK,EAAE,QAAA,EAAU,CAAA;AAAA,EAC5B,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,MAAA,CAAO,eAAA,EAAiB,OAAO,CAAA,KAAM;AACvC,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,MAAM,SAAA,GAAY,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,IAAI,CAAA;AAGlC,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,WAAA,CAAY,YAAY,MAAM,CAAA;AAC1D,IAAA,MAAM,UAAU,QAAA,CAAS,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,SAAS,CAAA;AAEvD,IAAA,IAAI,CAAC,OAAA,EAAS;AACZ,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,mBAAA,IAAuB,GAAG,CAAA;AAAA,IACnD;AAEA,IAAA,MAAM,IAAA,CAAK,cAAc,SAAS,CAAA;AAElC,IAAA,OAAO,CAAA,CAAE,IAAA,CAAK,EAAE,OAAA,EAAS,MAAM,CAAA;AAAA,EACjC,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,OAAO,CAAA,KAAM;AACnC,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,MAAM,IAAA,CAAK,iBAAA,CAAkB,WAAA,CAAY,MAAM,CAAA;AAG/C,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,MAAM,OAAA,GAAU,oBAAoB,YAAY,CAAA;AAChD,MAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,QAAA,SAAA,CAAU,GAAG,MAAM,CAAA;AAAA,MACrB;AAAA,IACF;AAEA,IAAA,OAAO,CAAA,CAAE,IAAA,CAAK,EAAE,OAAA,EAAS,MAAM,CAAA;AAAA,EACjC,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,GAAA,CAAI,YAAA,EAAc,OAAO,CAAA,KAAM;AACjC,IAAA,MAAM,SAAA,GAAY,KAAK,YAAA,EAAa;AACpC,IAAA,OAAO,CAAA,CAAE,IAAA,CAAK,EAAE,SAAA,EAAW,CAAA;AAAA,EAC7B,CAAC,CAAA;AAUD,EAAA,GAAA,CAAI,GAAA,CAAI,UAAA,EAAY,OAAO,CAAA,KAAM;AAC/B,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,YAAY,MAAM,CAAA;AAC5D,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,UAC3B,EAAA,EAAI,EAAE,MAAA,CAAO,EAAA;AAAA,UACb,IAAA,EAAM,EAAE,MAAA,CAAO,IAAA;AAAA,UACf,IAAA,EAAM,EAAE,MAAA,CAAO,IAAA;AAAA,UACf,IAAA,EAAM,EAAE,UAAA,CAAW,IAAA;AAAA,UACnB,MAAA,EAAQ,EAAE,MAAA,CAAO;AAAA,SACnB,CAAE,CAAA;AAAA,QACF,iBAAiB,WAAA,CAAY;AAAA,OAC9B,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,IAAA,CAAK,iBAAA,EAAmB,OAAO,CAAA,KAAM;AACvC,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,aAAa,SAAA,EAAW;AAC3B,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAA2B;AAEpD,MAAA,IAAI,CAAC,KAAK,QAAA,EAAU;AAClB,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,eAAe,OAAA,EAAS,sBAAA,IAA0B,GAAG,CAAA;AAAA,MAC9E;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,aAAa,WAAA,CAAY,SAAA,EAAW,KAAK,QAAQ,CAAA;AAE3E,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,OAAA,EAAS,OAAO,KAAA,EAAO,MAAA,CAAO,KAAA,EAAM,EAAG,GAAG,CAAA;AAAA,MAC5D;AAGA,MAAA,IAAI,MAAA,CAAO,UAAU,YAAA,EAAc;AACjC,QAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,CAAO,MAAA,EAAQ,YAAY,CAAA;AAC7D,QAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,UAAA,SAAA,CAAU,GAAG,MAAM,CAAA;AAAA,QACrB;AAAA,MACF;AAEA,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,QAAQ,MAAA,CAAO;AAAA,OAChB,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,GAAA,CAAI,kBAAA,EAAoB,OAAO,CAAA,KAAM;AACvC,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,IAAI,CAAC,YAAY,QAAA,EAAU;AACzB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,QAAQ,IAAA,EAAM,UAAA,EAAY,MAAM,CAAA;AAAA,IAClD;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,mBAAA;AAAA,QAC5B,WAAA,CAAY,MAAA;AAAA,QACZ,WAAA,CAAY;AAAA,OACd;AAEA,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,OAAO,EAAE,IAAA,CAAK,EAAE,QAAQ,IAAA,EAAM,UAAA,EAAY,MAAM,CAAA;AAAA,MAClD;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,YAAW,CAAE,cAAA,GAAiB,YAAY,QAAQ,CAAA;AAE5E,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,QAAQ,MAAA,GAAS;AAAA,UACf,IAAI,MAAA,CAAO,EAAA;AAAA,UACX,MAAM,MAAA,CAAO,IAAA;AAAA,UACb,MAAM,MAAA,CAAO,IAAA;AAAA,UACb,QAAQ,MAAA,CAAO;AAAA,SACjB,GAAI,IAAA;AAAA,QACJ,UAAA,EAAY;AAAA,UACV,MAAM,UAAA,CAAW,IAAA;AAAA,UACjB,aAAa,UAAA,CAAW,WAAA;AAAA,UACxB,QAAQ,UAAA,CAAW;AAAA;AACrB,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,IAAA,CAAK,2BAAA,EAA6B,OAAO,CAAA,KAAM;AACjD,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,UAAU,CAAA;AACvC,MAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAKtB;AAEH,MAAA,IAAI,CAAC,IAAA,CAAK,KAAA,IAAS,CAAC,KAAK,IAAA,EAAM;AAC7B,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,eAAe,OAAA,EAAS,6BAAA,IAAiC,GAAG,CAAA;AAAA,MACrF;AAGA,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,eAAA,CAAgB,YAAY,MAAA,EAAQ,QAAA,EAAU,OAAO,CAAA,IAChE,MAAM,IAAA,CAAK,eAAA,CAAgB,WAAA,CAAY,MAAA,EAAQ,UAAU,OAAO,CAAA;AAEhF,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,aAAa,OAAA,EAAS,uBAAA,IAA2B,GAAG,CAAA;AAAA,MAC7E;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,cAAA,CAAe;AAAA,QACvC,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,QAAA;AAAA,QACA,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,aAAa,IAAA,CAAK,WAAA;AAAA,QAClB,WAAW,WAAA,CAAY,MAAA;AAAA,QACvB,SAAS,IAAA,CAAK;AAAA,OACf,CAAA;AAED,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,OAAA,EAAS,OAAO,KAAA,EAAO,MAAA,CAAO,KAAA,EAAM,EAAG,GAAG,CAAA;AAAA,MAC5D;AAEA,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,eAAe,MAAA,CAAO,aAAA;AAAA,QACtB,SAAA,EAAW,OAAO,UAAA,EAAY;AAAA,OAC/B,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,GAAA,CAAI,aAAA,EAAe,OAAO,CAAA,KAAM;AAClC,IAAA,IAAI;AACF,MAAA,MAAM,KAAA,GAAQ,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,OAAO,CAAA;AAEjC,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,eAAe,OAAA,EAAS,mBAAA,IAAuB,GAAG,CAAA;AAAA,MAC3E;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,eAAA,CAAgB,KAAK,CAAA;AAE/C,MAAA,OAAO,CAAA,CAAE,KAAK,MAAM,CAAA;AAAA,IACtB,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,IAAA,CAAK,oBAAA,EAAsB,OAAO,CAAA,KAAM;AAC1C,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAAwB;AAEjD,MAAA,IAAI,CAAC,KAAK,KAAA,EAAO;AACf,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,eAAe,OAAA,EAAS,mBAAA,IAAuB,GAAG,CAAA;AAAA,MAC3E;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,iBAAiB,IAAA,CAAK,KAAA,EAAO,YAAY,MAAM,CAAA;AAEzE,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,OAAA,EAAS,OAAO,KAAA,EAAO,MAAA,CAAO,KAAA,EAAM,EAAG,GAAG,CAAA;AAAA,MAC5D;AAEA,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,MAAA,EAAQ,OAAO,MAAA,GAAS;AAAA,UACtB,EAAA,EAAI,OAAO,MAAA,CAAO,EAAA;AAAA,UAClB,IAAA,EAAM,OAAO,MAAA,CAAO,IAAA;AAAA,UACpB,IAAA,EAAM,OAAO,MAAA,CAAO;AAAA,SACtB,GAAI,KAAA,CAAA;AAAA,QACJ,UAAA,EAAY,OAAO,UAAA,GAAa;AAAA,UAC9B,IAAA,EAAM,OAAO,UAAA,CAAW,IAAA;AAAA,UACxB,MAAA,EAAQ,OAAO,UAAA,CAAW;AAAA,SAC5B,GAAI,KAAA;AAAA,OACL,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,MAAA,CAAO,oCAAA,EAAsC,OAAO,CAAA,KAAM;AAC5D,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,UAAU,CAAA;AACvC,MAAA,MAAM,MAAA,GAAS,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,QAAQ,CAAA;AAGnC,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,eAAA,CAAgB,YAAY,MAAA,EAAQ,QAAA,EAAU,OAAO,CAAA,IAChE,MAAM,IAAA,CAAK,eAAA,CAAgB,WAAA,CAAY,MAAA,EAAQ,UAAU,OAAO,CAAA;AAChF,MAAA,MAAM,MAAA,GAAS,YAAY,MAAA,KAAW,MAAA;AAEtC,MAAA,IAAI,CAAC,OAAA,IAAW,CAAC,MAAA,EAAQ;AACvB,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,aAAa,OAAA,EAAS,uBAAA,IAA2B,GAAG,CAAA;AAAA,MAC7E;AAEA,MAAA,MAAM,IAAA,CAAK,kBAAA,CAAmB,MAAA,EAAQ,QAAQ,CAAA;AAE9C,MAAA,OAAO,CAAA,CAAE,IAAA,CAAK,EAAE,OAAA,EAAS,MAAM,CAAA;AAAA,IACjC,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,KAAA,CAAM,oCAAA,EAAsC,OAAO,CAAA,KAAM;AAC3D,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,UAAU,CAAA;AACvC,MAAA,MAAM,MAAA,GAAS,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,QAAQ,CAAA;AACnC,MAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAItB;AAGH,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,eAAA,CAAgB,YAAY,MAAA,EAAQ,QAAA,EAAU,OAAO,CAAA,IAChE,MAAM,IAAA,CAAK,eAAA,CAAgB,WAAA,CAAY,MAAA,EAAQ,UAAU,OAAO,CAAA;AAEhF,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,aAAa,OAAA,EAAS,uBAAA,IAA2B,GAAG,CAAA;AAAA,MAC7E;AAEA,MAAA,MAAM,aAAa,MAAM,IAAA,CAAK,kBAAA,CAAmB,MAAA,EAAQ,UAAU,IAAI,CAAA;AAEvE,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,UAAA,EAAY;AAAA,UACV,MAAM,UAAA,CAAW,IAAA;AAAA,UACjB,aAAa,UAAA,CAAW,WAAA;AAAA,UACxB,QAAQ,UAAA,CAAW;AAAA;AACrB,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAO,GAAA;AACT;AAKO,SAAS,eAAe,MAAA,EAA2B;AACxD,EAAA,OAAO;AAAA;AAAA,IAEL,UAAA,EAAY,qBAAqB,MAAM,CAAA;AAAA;AAAA,IAEvC,kBAAA,EAAoB,6BAA6B,MAAM,CAAA;AAAA;AAAA,IAEvD,YAAA,EAAc,CAAkD,GAAA,KAC9D,gBAAA,CAAiB,KAAK,MAAM;AAAA,GAChC;AACF;AASA,SAAS,uBAAuB,IAAA,EAAyC;AACvE,EAAA,OAAO;AAAA,IACL,QAAQ,IAAA,CAAK,MAAA;AAAA,IACb,UAAU,IAAA,CAAK,QAAA;AAAA,IACf,OAAO,IAAA,CAAK,KAAA;AAAA,IACZ,aAAa,IAAA,CAAK;AAAA,GACpB;AACF;AAYO,SAAS,eACX,YAAA,EAC8C;AACjD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,yBAAA,IAA6B,GAAG,CAAA;AAAA,IAClF;AAEA,IAAA,MAAM,KAAA,GAAQ,wBAAA,CAAyB,sBAAA,CAAuB,IAAI,CAAC,CAAA;AAEnE,IAAA,IAAI,CAAC,KAAA,CAAM,UAAA,CAAW,YAAY,CAAA,EAAG;AACnC,MAAA,OAAO,CAAA,CAAE,IAAA;AAAA,QACP;AAAA,UACE,KAAA,EAAO,WAAA;AAAA,UACP,OAAA,EAAS,mBAAA;AAAA,UACT,QAAA,EAAU,YAAA;AAAA,UACV,OAAA,EAAS,IAAA,CAAK,KAAA,IAAS;AAAC,SAC1B;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAYO,SAAS,qBACX,WAAA,EAC8C;AACjD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,yBAAA,IAA6B,GAAG,CAAA;AAAA,IAClF;AAEA,IAAA,MAAM,KAAA,GAAQ,wBAAA,CAAyB,sBAAA,CAAuB,IAAI,CAAC,CAAA;AAGnE,IAAA,IAAI,CAAC,KAAA,CAAM,iBAAA,CAAkB,WAAW,CAAA,EAAG;AACzC,MAAA,OAAO,CAAA,CAAE,IAAA;AAAA,QACP;AAAA,UACE,KAAA,EAAO,WAAA;AAAA,UACP,OAAA,EAAS,8BAAA;AAAA,UACT,QAAA,EAAU,WAAA;AAAA,UACV,OAAA,EAAS,IAAA,CAAK,WAAA,IAAe;AAAC,SAChC;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAWO,SAAS,wBACX,WAAA,EAC8C;AACjD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,yBAAA,IAA6B,GAAG,CAAA;AAAA,IAClF;AAEA,IAAA,MAAM,KAAA,GAAQ,wBAAA,CAAyB,sBAAA,CAAuB,IAAI,CAAC,CAAA;AAEnE,IAAA,IAAI,CAAC,KAAA,CAAM,gBAAA,CAAiB,WAAW,CAAA,EAAG;AACxC,MAAA,OAAO,CAAA,CAAE,IAAA;AAAA,QACP;AAAA,UACE,KAAA,EAAO,WAAA;AAAA,UACP,OAAA,EAAS,8BAAA;AAAA,UACT,QAAA,EAAU,WAAA;AAAA,UACV,OAAA,EAAS,IAAA,CAAK,WAAA,IAAe;AAAC,SAChC;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAWO,SAAS,aAAA,GAAiE;AAC/E,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,yBAAA,IAA6B,GAAG,CAAA;AAAA,IAClF;AAEA,IAAA,IAAI,CAAC,KAAK,QAAA,EAAU;AAClB,MAAA,OAAO,CAAA,CAAE,IAAA;AAAA,QACP,EAAE,KAAA,EAAO,WAAA,EAAa,OAAA,EAAS,yBAAA,EAA0B;AAAA,QACzD;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAeO,SAAS,mBAAA,CACd,aACA,OAAA,EAIiD;AACjD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,yBAAA,IAA6B,GAAG,CAAA;AAAA,IAClF;AAEA,IAAA,MAAM,iBAAA,GAAoB,YAAY,CAAC,CAAA;AAGvC,IAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,MAAA,MAAM,IAAA,EAAK;AACX,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,KAAA,GAAQ,wBAAA,CAAyB,sBAAA,CAAuB,IAAI,CAAC,CAAA;AAGnE,IAAA,IAAI,SAAS,WAAA,IAAe,KAAA,CAAM,UAAA,CAAW,OAAA,CAAQ,WAAW,CAAA,EAAG;AACjE,MAAA,MAAM,IAAA,EAAK;AACX,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,IAAA,CAAK,aAAa,iBAAA,EAAmB;AACvC,MAAA,OAAO,CAAA,CAAE,IAAA;AAAA,QACP;AAAA,UACE,KAAA,EAAO,WAAA;AAAA,UACP,OAAA,EAAS,8BAAA;AAAA,UACT,eAAA,EAAiB;AAAA,SACnB;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAWO,SAAS,YAAA,GAAgE;AAC9E,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,yBAAA,IAA6B,GAAG,CAAA;AAAA,IAClF;AAEA,IAAA,MAAM,KAAA,GAAQ,wBAAA,CAAyB,sBAAA,CAAuB,IAAI,CAAC,CAAA;AAEnE,IAAA,MAAM,UACJ,KAAA,CAAM,OAAA,CAAQ,OAAO,CAAA,IACrB,KAAA,CAAM,QAAQ,OAAO,CAAA,IACrB,MAAM,OAAA,CAAQ,YAAY,KAC1B,KAAA,CAAM,OAAA,CAAQ,aAAa,CAAA,IAC3B,KAAA,CAAM,cAAc,GAAG,CAAA;AAEzB,IAAA,IAAI,CAAC,OAAA,EAAS;AACZ,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,aAAa,OAAA,EAAS,uBAAA,IAA2B,GAAG,CAAA;AAAA,IAC7E;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAcO,SAAS,wBAAA,CACd,YACA,UAAA,EACiD;AACjD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,yBAAA,IAA6B,GAAG,CAAA;AAAA,IAClF;AAEA,IAAA,MAAM,KAAA,GAAQ,wBAAA,CAAyB,sBAAA,CAAuB,IAAI,CAAC,CAAA;AAGnE,IAAA,IAAI,KAAA,CAAM,aAAA,CAAc,UAAU,CAAA,EAAG;AACnC,MAAA,MAAM,IAAA,EAAK;AACX,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,OAAA,GAAU,MAAM,UAAA,CAAW,CAAC,CAAA;AAClC,IAAA,IAAI,IAAA,CAAK,WAAW,OAAA,EAAS;AAC3B,MAAA,MAAM,IAAA,EAAK;AACX,MAAA;AAAA,IACF;AAEA,IAAA,OAAO,CAAA,CAAE,IAAA;AAAA,MACP;AAAA,QACE,KAAA,EAAO,WAAA;AAAA,QACP,OAAA,EAAS,uCAAA;AAAA,QACT,kBAAA,EAAoB;AAAA,OACtB;AAAA,MACA;AAAA,KACF;AAAA,EACF,CAAA;AACF;AAmBO,SAAS,cACX,WAAA,EAC8C;AACjD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AACpC,MAAA,IAAI,MAAA,GAAS,KAAA;AACb,MAAA,MAAM,UAAA,CAAW,GAAG,YAAY;AAC9B,QAAA,MAAA,GAAS,IAAA;AAAA,MACX,CAAC,CAAA;AACD,MAAA,IAAI,CAAC,MAAA,EAAQ;AAEX,QAAA;AAAA,MACF;AAAA,IACF;AACA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAmBO,SAAS,cACX,WAAA,EAC8C;AACjD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AACpC,MAAA,IAAI,MAAA,GAAS,KAAA;AACb,MAAA,MAAM,UAAA,CAAW,GAAG,YAAY;AAC9B,QAAA,MAAA,GAAS,IAAA;AAAA,MACX,CAAC,CAAA;AACD,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,MAAM,IAAA,EAAK;AACX,QAAA;AAAA,MACF;AAAA,IACF;AAEA,IAAA,OAAO,CAAA,CAAE,IAAA;AAAA,MACP,EAAE,KAAA,EAAO,WAAA,EAAa,OAAA,EAAS,iDAAA,EAAkD;AAAA,MACjF;AAAA,KACF;AAAA,EACF,CAAA;AACF","file":"chunk-NWUMFIFT.js","sourcesContent":["/**\n * Adapter Types\n * Common interfaces for framework adapters\n */\n\nimport type { JwtPayload, TokenPair } from '../session/index.js';\n\n/**\n * Auth context attached to requests\n */\nexport interface AuthContext {\n /** Authenticated user ID */\n userId: string;\n /** Session ID */\n sessionId?: string;\n /** Tenant ID (for multi-tenant) */\n tenantId?: string;\n /** User roles */\n roles?: string[];\n /** User permissions */\n permissions?: string[];\n /** Full JWT payload */\n payload: JwtPayload;\n}\n\n/**\n * Cookie options\n */\nexport interface CookieOptions {\n /** Cookie name */\n name: string;\n /** Cookie value */\n value: string;\n /** Max age in seconds */\n maxAge?: number;\n /** Expiration date */\n expires?: Date;\n /** Path */\n path?: string;\n /** Domain */\n domain?: string;\n /** Secure flag */\n secure?: boolean;\n /** HttpOnly flag */\n httpOnly?: boolean;\n /** SameSite attribute */\n sameSite?: 'strict' | 'lax' | 'none';\n}\n\n/**\n * Auth response with cookies\n */\nexport interface AuthResponse {\n success: boolean;\n tokens?: TokenPair;\n cookies?: CookieOptions[];\n error?: string;\n errorCode?: string;\n user?: {\n id: string;\n email?: string;\n name?: string;\n };\n}\n\n/**\n * Request OTP input\n */\nexport interface RequestOtpBody {\n identifier: string;\n type: 'email' | 'sms';\n}\n\n/**\n * Verify OTP input\n */\nexport interface VerifyOtpBody {\n identifier: string;\n code: string;\n type?: 'email' | 'sms';\n}\n\n/**\n * Sign in input\n */\nexport interface SignInBody {\n provider: string;\n identifier: string;\n credential?: string;\n data?: Record<string, unknown>;\n}\n\n/**\n * Refresh token input\n */\nexport interface RefreshBody {\n refreshToken?: string;\n}\n\n/**\n * Create auth cookies from token pair\n */\nexport function createAuthCookies(\n tokens: TokenPair,\n config: {\n prefix?: string;\n path?: string;\n domain?: string;\n secure?: boolean;\n sameSite?: 'strict' | 'lax' | 'none';\n httpOnly?: boolean;\n }\n): CookieOptions[] {\n const prefix = config.prefix ?? 'pars';\n\n return [\n {\n name: `${prefix}.access_token`,\n value: tokens.accessToken,\n expires: tokens.accessExpiresAt,\n path: config.path ?? '/',\n domain: config.domain,\n secure: config.secure ?? true,\n sameSite: config.sameSite ?? 'lax',\n httpOnly: false, // Access token may be needed by JS\n },\n {\n name: `${prefix}.refresh_token`,\n value: tokens.refreshToken,\n expires: tokens.refreshExpiresAt,\n path: config.path ?? '/',\n domain: config.domain,\n secure: config.secure ?? true,\n sameSite: config.sameSite ?? 'lax',\n httpOnly: config.httpOnly ?? true, // Refresh token should be HttpOnly\n },\n ];\n}\n\n/**\n * Create logout cookies (clear auth cookies)\n */\nexport function createLogoutCookies(\n config: {\n prefix?: string;\n path?: string;\n domain?: string;\n }\n): CookieOptions[] {\n const prefix = config.prefix ?? 'pars';\n const past = new Date(0);\n\n return [\n {\n name: `${prefix}.access_token`,\n value: '',\n expires: past,\n path: config.path ?? '/',\n domain: config.domain,\n },\n {\n name: `${prefix}.refresh_token`,\n value: '',\n expires: past,\n path: config.path ?? '/',\n domain: config.domain,\n },\n ];\n}\n","/**\n * Hono Framework Adapter\n * Middleware and routes for Hono applications\n */\n\nimport type { Context, MiddlewareHandler, Hono } from 'hono';\nimport type { ParsAuthEngine } from '../core/auth-engine.js';\nimport { extractBearerToken } from '../session/index.js';\nimport {\n createAuthCookies,\n createLogoutCookies,\n type AuthContext,\n type CookieOptions,\n} from './types.js';\nimport {\n type AuthorizationContext,\n createAuthorizationGuard,\n type PermissionPattern,\n} from '../security/authorization.js';\n\n/**\n * Hono auth context variables\n */\nexport interface AuthVariables {\n auth: AuthContext;\n}\n\n/**\n * Hono adapter configuration\n */\nexport interface HonoAdapterConfig {\n /** Auth engine instance */\n auth: ParsAuthEngine;\n /** Cookie configuration */\n cookies?: {\n prefix?: string;\n path?: string;\n domain?: string;\n secure?: boolean;\n sameSite?: 'strict' | 'lax' | 'none';\n httpOnly?: boolean;\n };\n /** Custom error handler */\n onError?: (error: Error, c: Context) => Response | Promise<Response>;\n /** Custom unauthorized handler */\n onUnauthorized?: (c: Context, message?: string) => Response | Promise<Response>;\n}\n\n/**\n * Set cookie on response\n */\nfunction setCookie(c: Context, cookie: CookieOptions): void {\n let cookieString = `${cookie.name}=${cookie.value}`;\n\n if (cookie.expires) {\n cookieString += `; Expires=${cookie.expires.toUTCString()}`;\n }\n if (cookie.maxAge !== undefined) {\n cookieString += `; Max-Age=${cookie.maxAge}`;\n }\n if (cookie.path) {\n cookieString += `; Path=${cookie.path}`;\n }\n if (cookie.domain) {\n cookieString += `; Domain=${cookie.domain}`;\n }\n if (cookie.secure) {\n cookieString += '; Secure';\n }\n if (cookie.httpOnly) {\n cookieString += '; HttpOnly';\n }\n if (cookie.sameSite) {\n cookieString += `; SameSite=${cookie.sameSite.charAt(0).toUpperCase() + cookie.sameSite.slice(1)}`;\n }\n\n c.header('Set-Cookie', cookieString, { append: true });\n}\n\n/**\n * Get cookie from request\n */\nfunction getCookie(c: Context, name: string): string | undefined {\n const cookieHeader = c.req.header('Cookie');\n if (!cookieHeader) return undefined;\n\n const cookies = cookieHeader.split(';').map((c) => c.trim());\n for (const cookie of cookies) {\n const [cookieName, ...valueParts] = cookie.split('=');\n if (cookieName === name) {\n return valueParts.join('=');\n }\n }\n return undefined;\n}\n\n/**\n * Create Hono auth middleware\n * Validates JWT and attaches auth context to request\n */\nexport function createAuthMiddleware(\n config: HonoAdapterConfig\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n const { auth, onUnauthorized } = config;\n\n return async (c, next) => {\n // Get token from Authorization header or cookie\n const authHeader = c.req.header('Authorization');\n let token = extractBearerToken(authHeader);\n\n if (!token) {\n const cookiePrefix = config.cookies?.prefix ?? 'pars';\n token = getCookie(c, `${cookiePrefix}.access_token`) ?? null;\n }\n\n if (!token) {\n if (onUnauthorized) {\n return onUnauthorized(c, 'No token provided');\n }\n return c.json({ error: 'Unauthorized', message: 'No token provided' }, 401);\n }\n\n // Verify token\n const result = await auth.verifyAccessToken(token);\n\n if (!result.valid || !result.payload) {\n if (onUnauthorized) {\n return onUnauthorized(c, result.error);\n }\n return c.json({ error: 'Unauthorized', message: result.error }, 401);\n }\n\n // Attach auth context\n const authContext: AuthContext = {\n userId: result.payload.sub,\n payload: result.payload,\n ...(result.payload.sid && { sessionId: result.payload.sid }),\n ...(result.payload.tid && { tenantId: result.payload.tid }),\n ...(result.payload.roles && { roles: result.payload.roles }),\n ...(result.payload.permissions && { permissions: result.payload.permissions }),\n };\n\n c.set('auth', authContext);\n\n await next();\n };\n}\n\n/**\n * Create optional auth middleware\n * Attaches auth context if token is valid, but doesn't block if not\n */\nexport function createOptionalAuthMiddleware(\n config: HonoAdapterConfig\n): MiddlewareHandler<{ Variables: Partial<AuthVariables> }> {\n const { auth } = config;\n\n return async (c, next) => {\n // Get token from Authorization header or cookie\n const authHeader = c.req.header('Authorization');\n let token = extractBearerToken(authHeader);\n\n if (!token) {\n const cookiePrefix = config.cookies?.prefix ?? 'pars';\n token = getCookie(c, `${cookiePrefix}.access_token`) ?? null;\n }\n\n if (token) {\n const result = await auth.verifyAccessToken(token);\n\n if (result.valid && result.payload) {\n const authContext: AuthContext = {\n userId: result.payload.sub,\n payload: result.payload,\n ...(result.payload.sid && { sessionId: result.payload.sid }),\n ...(result.payload.tid && { tenantId: result.payload.tid }),\n ...(result.payload.roles && { roles: result.payload.roles }),\n ...(result.payload.permissions && { permissions: result.payload.permissions }),\n };\n\n c.set('auth', authContext);\n }\n }\n\n await next();\n };\n}\n\n/**\n * Create auth routes\n * Provides standard auth endpoints: /otp/request, /otp/verify, /sign-in, /sign-out, /refresh\n */\nexport function createAuthRoutes<E extends { Variables: Partial<AuthVariables> }>(\n app: Hono<E>,\n config: HonoAdapterConfig\n): Hono<E> {\n const { auth, cookies: cookieConfig } = config;\n\n /**\n * Request OTP\n * POST /otp/request\n */\n app.post('/otp/request', async (c) => {\n try {\n const body = await c.req.json<{ identifier: string; type: 'email' | 'sms' }>();\n\n if (!body.identifier || !body.type) {\n return c.json({ error: 'Bad Request', message: 'identifier and type are required' }, 400);\n }\n\n const result = await auth.requestOTP({\n identifier: body.identifier,\n type: body.type,\n });\n\n if (!result.success) {\n return c.json({\n success: false,\n error: result.error,\n remainingRequests: result.remainingRequests,\n }, 429);\n }\n\n return c.json({\n success: true,\n expiresAt: result.expiresAt,\n remainingRequests: result.remainingRequests,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Verify OTP and sign in\n * POST /otp/verify\n */\n app.post('/otp/verify', async (c) => {\n try {\n const body = await c.req.json<{\n identifier: string;\n code: string;\n type?: 'email' | 'sms';\n }>();\n\n if (!body.identifier || !body.code) {\n return c.json({ error: 'Bad Request', message: 'identifier and code are required' }, 400);\n }\n\n const ipAddress = c.req.header('x-forwarded-for') ?? c.req.header('x-real-ip');\n const userAgent = c.req.header('user-agent');\n\n const result = await auth.signIn({\n provider: 'otp',\n identifier: body.identifier,\n credential: body.code,\n data: { type: body.type ?? 'email' },\n metadata: {\n ...(ipAddress && { ipAddress }),\n ...(userAgent && { userAgent }),\n },\n });\n\n if (!result.success) {\n return c.json({\n success: false,\n error: result.error,\n errorCode: result.errorCode,\n }, 401);\n }\n\n // Set cookies\n if (result.tokens && cookieConfig) {\n const cookies = createAuthCookies(result.tokens, cookieConfig);\n for (const cookie of cookies) {\n setCookie(c, cookie);\n }\n }\n\n return c.json({\n success: true,\n user: result.user ? {\n id: result.user.id,\n email: result.user.email,\n name: result.user.name,\n } : undefined,\n tokens: result.tokens,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Sign in (generic)\n * POST /sign-in\n */\n app.post('/sign-in', async (c) => {\n try {\n const body = await c.req.json<{\n provider: string;\n identifier: string;\n credential?: string;\n data?: Record<string, unknown>;\n }>();\n\n if (!body.provider || !body.identifier) {\n return c.json({\n error: 'Bad Request',\n message: 'provider and identifier are required',\n }, 400);\n }\n\n const ipAddress = c.req.header('x-forwarded-for') ?? c.req.header('x-real-ip');\n const userAgent = c.req.header('user-agent');\n\n const result = await auth.signIn({\n provider: body.provider,\n identifier: body.identifier,\n ...(body.credential && { credential: body.credential }),\n ...(body.data && { data: body.data }),\n metadata: {\n ...(ipAddress && { ipAddress }),\n ...(userAgent && { userAgent }),\n },\n });\n\n if (!result.success) {\n return c.json({\n success: false,\n error: result.error,\n errorCode: result.errorCode,\n requiresTwoFactor: result.requiresTwoFactor,\n }, 401);\n }\n\n // Set cookies\n if (result.tokens && cookieConfig) {\n const cookies = createAuthCookies(result.tokens, cookieConfig);\n for (const cookie of cookies) {\n setCookie(c, cookie);\n }\n }\n\n return c.json({\n success: true,\n user: result.user ? {\n id: result.user.id,\n email: result.user.email,\n name: result.user.name,\n } : undefined,\n tokens: result.tokens,\n requiresTwoFactor: result.requiresTwoFactor,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Sign out\n * POST /sign-out\n */\n app.post('/sign-out', async (c) => {\n try {\n // Get auth context\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (authContext?.sessionId) {\n await auth.signOut(authContext.sessionId);\n }\n\n // Clear cookies\n if (cookieConfig) {\n const cookies = createLogoutCookies(cookieConfig);\n for (const cookie of cookies) {\n setCookie(c, cookie);\n }\n }\n\n return c.json({ success: true });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Refresh tokens\n * POST /refresh\n */\n app.post('/refresh', async (c) => {\n try {\n // Get refresh token from body or cookie\n let refreshToken: string | undefined;\n\n try {\n const body = await c.req.json<{ refreshToken?: string }>();\n refreshToken = body.refreshToken;\n } catch {\n // Body might not be JSON\n }\n\n if (!refreshToken) {\n const cookiePrefix = cookieConfig?.prefix ?? 'pars';\n refreshToken = getCookie(c, `${cookiePrefix}.refresh_token`);\n }\n\n if (!refreshToken) {\n return c.json({\n success: false,\n error: 'No refresh token provided',\n }, 401);\n }\n\n const result = await auth.refreshTokens(refreshToken);\n\n if (!result.success) {\n // Clear cookies on refresh failure\n if (cookieConfig) {\n const cookies = createLogoutCookies(cookieConfig);\n for (const cookie of cookies) {\n setCookie(c, cookie);\n }\n }\n\n return c.json({\n success: false,\n error: result.error,\n }, 401);\n }\n\n // Set new cookies\n if (result.tokens && cookieConfig) {\n const cookies = createAuthCookies(result.tokens, cookieConfig);\n for (const cookie of cookies) {\n setCookie(c, cookie);\n }\n }\n\n return c.json({\n success: true,\n tokens: result.tokens,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Get current user\n * GET /me\n */\n app.get('/me', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n // Get user from adapter\n const user = await auth.getAdapter().findUserById(authContext.userId);\n\n if (!user) {\n return c.json({ error: 'User not found' }, 404);\n }\n\n return c.json({\n id: user.id,\n email: user.email,\n name: user.name,\n avatar: user.avatar,\n twoFactorEnabled: user.twoFactorEnabled,\n });\n });\n\n /**\n * Get sessions\n * GET /sessions\n */\n app.get('/sessions', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n const sessions = await auth.getSessions(authContext.userId, authContext.sessionId);\n\n return c.json({ sessions });\n });\n\n /**\n * Revoke session\n * DELETE /sessions/:id\n */\n app.delete('/sessions/:id', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n const sessionId = c.req.param('id');\n\n // Verify the session belongs to the user\n const sessions = await auth.getSessions(authContext.userId);\n const session = sessions.find((s) => s.id === sessionId);\n\n if (!session) {\n return c.json({ error: 'Session not found' }, 404);\n }\n\n await auth.revokeSession(sessionId);\n\n return c.json({ success: true });\n });\n\n /**\n * Revoke all sessions\n * DELETE /sessions\n */\n app.delete('/sessions', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n await auth.revokeAllSessions(authContext.userId);\n\n // Clear cookies\n if (cookieConfig) {\n const cookies = createLogoutCookies(cookieConfig);\n for (const cookie of cookies) {\n setCookie(c, cookie);\n }\n }\n\n return c.json({ success: true });\n });\n\n /**\n * Get available providers\n * GET /providers\n */\n app.get('/providers', async (c) => {\n const providers = auth.getProviders();\n return c.json({ providers });\n });\n\n // ============================================\n // MULTI-TENANT ROUTES\n // ============================================\n\n /**\n * Get user's tenants\n * GET /tenants\n */\n app.get('/tenants', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n try {\n const tenants = await auth.getUserTenants(authContext.userId);\n return c.json({\n tenants: tenants.map((t) => ({\n id: t.tenant.id,\n name: t.tenant.name,\n slug: t.tenant.slug,\n role: t.membership.role,\n status: t.tenant.status,\n })),\n currentTenantId: authContext.tenantId,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Switch tenant\n * POST /tenants/switch\n */\n app.post('/tenants/switch', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext?.sessionId) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n try {\n const body = await c.req.json<{ tenantId: string }>();\n\n if (!body.tenantId) {\n return c.json({ error: 'Bad Request', message: 'tenantId is required' }, 400);\n }\n\n const result = await auth.switchTenant(authContext.sessionId, body.tenantId);\n\n if (!result.success) {\n return c.json({ success: false, error: result.error }, 403);\n }\n\n // Set new cookies with updated tokens\n if (result.tokens && cookieConfig) {\n const cookies = createAuthCookies(result.tokens, cookieConfig);\n for (const cookie of cookies) {\n setCookie(c, cookie);\n }\n }\n\n return c.json({\n success: true,\n tokens: result.tokens,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Get current tenant membership\n * GET /tenants/current\n */\n app.get('/tenants/current', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n if (!authContext.tenantId) {\n return c.json({ tenant: null, membership: null });\n }\n\n try {\n const membership = await auth.getTenantMembership(\n authContext.userId,\n authContext.tenantId\n );\n\n if (!membership) {\n return c.json({ tenant: null, membership: null });\n }\n\n const tenant = await auth.getAdapter().findTenantById?.(authContext.tenantId);\n\n return c.json({\n tenant: tenant ? {\n id: tenant.id,\n name: tenant.name,\n slug: tenant.slug,\n status: tenant.status,\n } : null,\n membership: {\n role: membership.role,\n permissions: membership.permissions,\n status: membership.status,\n },\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Invite user to tenant\n * POST /tenants/:tenantId/invite\n */\n app.post('/tenants/:tenantId/invite', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n try {\n const tenantId = c.req.param('tenantId');\n const body = await c.req.json<{\n email: string;\n role: string;\n permissions?: string[];\n message?: string;\n }>();\n\n if (!body.email || !body.role) {\n return c.json({ error: 'Bad Request', message: 'email and role are required' }, 400);\n }\n\n // Check if user is admin of tenant\n const isAdmin = await auth.hasRoleInTenant(authContext.userId, tenantId, 'admin') ||\n await auth.hasRoleInTenant(authContext.userId, tenantId, 'owner');\n\n if (!isAdmin) {\n return c.json({ error: 'Forbidden', message: 'Admin access required' }, 403);\n }\n\n const result = await auth.inviteToTenant({\n email: body.email,\n tenantId,\n role: body.role,\n permissions: body.permissions,\n invitedBy: authContext.userId,\n message: body.message,\n });\n\n if (!result.success) {\n return c.json({ success: false, error: result.error }, 400);\n }\n\n return c.json({\n success: true,\n invitationUrl: result.invitationUrl,\n expiresAt: result.invitation?.expiresAt,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Check invitation status\n * GET /invitation\n */\n app.get('/invitation', async (c) => {\n try {\n const token = c.req.query('token');\n\n if (!token) {\n return c.json({ error: 'Bad Request', message: 'token is required' }, 400);\n }\n\n const result = await auth.checkInvitation(token);\n\n return c.json(result);\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Accept invitation\n * POST /invitation/accept\n */\n app.post('/invitation/accept', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n try {\n const body = await c.req.json<{ token: string }>();\n\n if (!body.token) {\n return c.json({ error: 'Bad Request', message: 'token is required' }, 400);\n }\n\n const result = await auth.acceptInvitation(body.token, authContext.userId);\n\n if (!result.success) {\n return c.json({ success: false, error: result.error }, 400);\n }\n\n return c.json({\n success: true,\n tenant: result.tenant ? {\n id: result.tenant.id,\n name: result.tenant.name,\n slug: result.tenant.slug,\n } : undefined,\n membership: result.membership ? {\n role: result.membership.role,\n status: result.membership.status,\n } : undefined,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Remove member from tenant\n * DELETE /tenants/:tenantId/members/:userId\n */\n app.delete('/tenants/:tenantId/members/:userId', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n try {\n const tenantId = c.req.param('tenantId');\n const userId = c.req.param('userId');\n\n // Check if user is admin of tenant (or removing themselves)\n const isAdmin = await auth.hasRoleInTenant(authContext.userId, tenantId, 'admin') ||\n await auth.hasRoleInTenant(authContext.userId, tenantId, 'owner');\n const isSelf = authContext.userId === userId;\n\n if (!isAdmin && !isSelf) {\n return c.json({ error: 'Forbidden', message: 'Admin access required' }, 403);\n }\n\n await auth.removeTenantMember(userId, tenantId);\n\n return c.json({ success: true });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Update member role\n * PATCH /tenants/:tenantId/members/:userId\n */\n app.patch('/tenants/:tenantId/members/:userId', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n try {\n const tenantId = c.req.param('tenantId');\n const userId = c.req.param('userId');\n const body = await c.req.json<{\n role?: string;\n permissions?: string[];\n status?: 'active' | 'inactive';\n }>();\n\n // Check if user is admin/owner of tenant\n const isAdmin = await auth.hasRoleInTenant(authContext.userId, tenantId, 'admin') ||\n await auth.hasRoleInTenant(authContext.userId, tenantId, 'owner');\n\n if (!isAdmin) {\n return c.json({ error: 'Forbidden', message: 'Admin access required' }, 403);\n }\n\n const membership = await auth.updateTenantMember(userId, tenantId, body);\n\n return c.json({\n success: true,\n membership: {\n role: membership.role,\n permissions: membership.permissions,\n status: membership.status,\n },\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n return app;\n}\n\n/**\n * Create complete Hono auth integration\n */\nexport function createHonoAuth(config: HonoAdapterConfig) {\n return {\n /** Auth middleware (requires authentication) */\n middleware: createAuthMiddleware(config),\n /** Optional auth middleware (attaches auth if present) */\n optionalMiddleware: createOptionalAuthMiddleware(config),\n /** Create auth routes on an app */\n createRoutes: <E extends { Variables: Partial<AuthVariables> }>(app: Hono<E>) =>\n createAuthRoutes(app, config),\n };\n}\n\n// ============================================\n// AUTHORIZATION MIDDLEWARE HELPERS\n// ============================================\n\n/**\n * Helper to convert AuthContext to AuthorizationContext\n */\nfunction toAuthorizationContext(auth: AuthContext): AuthorizationContext {\n return {\n userId: auth.userId,\n tenantId: auth.tenantId,\n roles: auth.roles,\n permissions: auth.permissions,\n };\n}\n\n/**\n * Require specific role(s)\n * Use after createAuthMiddleware\n *\n * @example\n * ```ts\n * app.get('/admin', authMiddleware, requireRole('admin'), handler);\n * app.get('/managers', authMiddleware, requireRole('admin', 'manager'), handler);\n * ```\n */\nexport function requireRole(\n ...allowedRoles: string[]\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n const auth = c.get('auth');\n\n if (!auth) {\n return c.json({ error: 'Unauthorized', message: 'Authentication required' }, 401);\n }\n\n const guard = createAuthorizationGuard(toAuthorizationContext(auth));\n\n if (!guard.hasAnyRole(allowedRoles)) {\n return c.json(\n {\n error: 'Forbidden',\n message: 'Insufficient role',\n required: allowedRoles,\n current: auth.roles ?? [],\n },\n 403\n );\n }\n\n await next();\n };\n}\n\n/**\n * Require specific permission(s)\n * Supports wildcards: 'users:*', '*:read', '*'\n *\n * @example\n * ```ts\n * app.get('/users', authMiddleware, requirePermission('users:read'), handler);\n * app.delete('/users/:id', authMiddleware, requirePermission('users:delete'), handler);\n * ```\n */\nexport function requirePermission(\n ...permissions: PermissionPattern[]\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n const auth = c.get('auth');\n\n if (!auth) {\n return c.json({ error: 'Unauthorized', message: 'Authentication required' }, 401);\n }\n\n const guard = createAuthorizationGuard(toAuthorizationContext(auth));\n\n // Check if user has ALL required permissions\n if (!guard.hasAllPermissions(permissions)) {\n return c.json(\n {\n error: 'Forbidden',\n message: 'Missing required permissions',\n required: permissions,\n current: auth.permissions ?? [],\n },\n 403\n );\n }\n\n await next();\n };\n}\n\n/**\n * Require any of the specified permissions\n * User only needs one of the permissions\n *\n * @example\n * ```ts\n * app.get('/content', authMiddleware, requireAnyPermission('content:read', 'content:admin'), handler);\n * ```\n */\nexport function requireAnyPermission(\n ...permissions: PermissionPattern[]\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n const auth = c.get('auth');\n\n if (!auth) {\n return c.json({ error: 'Unauthorized', message: 'Authentication required' }, 401);\n }\n\n const guard = createAuthorizationGuard(toAuthorizationContext(auth));\n\n if (!guard.hasAnyPermission(permissions)) {\n return c.json(\n {\n error: 'Forbidden',\n message: 'Missing required permissions',\n required: permissions,\n current: auth.permissions ?? [],\n },\n 403\n );\n }\n\n await next();\n };\n}\n\n/**\n * Require tenant context\n * Ensures user has an active tenant selected\n *\n * @example\n * ```ts\n * app.use('/api/tenant/*', authMiddleware, requireTenant());\n * ```\n */\nexport function requireTenant(): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n const auth = c.get('auth');\n\n if (!auth) {\n return c.json({ error: 'Unauthorized', message: 'Authentication required' }, 401);\n }\n\n if (!auth.tenantId) {\n return c.json(\n { error: 'Forbidden', message: 'Tenant context required' },\n 403\n );\n }\n\n await next();\n };\n}\n\n/**\n * Require access to specific tenant\n * Validates that user can access the tenant specified in the request\n *\n * @example\n * ```ts\n * // Check tenant from URL param\n * app.get('/tenants/:tenantId/*', authMiddleware, requireTenantAccess(c => c.req.param('tenantId')), handler);\n *\n * // Check tenant from header\n * app.use('/api/*', authMiddleware, requireTenantAccess(c => c.req.header('x-tenant-id')), handler);\n * ```\n */\nexport function requireTenantAccess(\n getTenantId: (c: Context) => string | undefined,\n options?: {\n /** Roles that can access any tenant (e.g., ['super_admin']) */\n bypassRoles?: string[];\n }\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n const auth = c.get('auth');\n\n if (!auth) {\n return c.json({ error: 'Unauthorized', message: 'Authentication required' }, 401);\n }\n\n const requestedTenantId = getTenantId(c);\n\n // If no tenant requested, allow (tenant might be optional)\n if (!requestedTenantId) {\n await next();\n return;\n }\n\n const guard = createAuthorizationGuard(toAuthorizationContext(auth));\n\n // Check bypass roles (e.g., super_admin)\n if (options?.bypassRoles && guard.hasAnyRole(options.bypassRoles)) {\n await next();\n return;\n }\n\n // Check if user has access to the requested tenant\n if (auth.tenantId !== requestedTenantId) {\n return c.json(\n {\n error: 'Forbidden',\n message: 'Access denied to this tenant',\n requestedTenant: requestedTenantId,\n },\n 403\n );\n }\n\n await next();\n };\n}\n\n/**\n * Require admin access\n * Checks for 'admin' or 'owner' role, or '*' permission\n *\n * @example\n * ```ts\n * app.use('/admin/*', authMiddleware, requireAdmin(), handler);\n * ```\n */\nexport function requireAdmin(): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n const auth = c.get('auth');\n\n if (!auth) {\n return c.json({ error: 'Unauthorized', message: 'Authentication required' }, 401);\n }\n\n const guard = createAuthorizationGuard(toAuthorizationContext(auth));\n\n const isAdmin =\n guard.hasRole('admin') ||\n guard.hasRole('owner') ||\n guard.hasRole('superadmin') ||\n guard.hasRole('super_admin') ||\n guard.hasPermission('*');\n\n if (!isAdmin) {\n return c.json({ error: 'Forbidden', message: 'Admin access required' }, 403);\n }\n\n await next();\n };\n}\n\n/**\n * Require resource ownership or permission\n * Allows access if user owns the resource OR has the specified permission\n *\n * @example\n * ```ts\n * app.put('/posts/:id', authMiddleware, requireOwnerOrPermission(\n * async (c) => (await getPost(c.req.param('id'))).authorId,\n * 'posts:edit'\n * ), handler);\n * ```\n */\nexport function requireOwnerOrPermission(\n getOwnerId: (c: Context) => string | Promise<string>,\n permission: PermissionPattern\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n const auth = c.get('auth');\n\n if (!auth) {\n return c.json({ error: 'Unauthorized', message: 'Authentication required' }, 401);\n }\n\n const guard = createAuthorizationGuard(toAuthorizationContext(auth));\n\n // Check permission first (faster than potentially async ownership check)\n if (guard.hasPermission(permission)) {\n await next();\n return;\n }\n\n // Check ownership\n const ownerId = await getOwnerId(c);\n if (auth.userId === ownerId) {\n await next();\n return;\n }\n\n return c.json(\n {\n error: 'Forbidden',\n message: 'Resource owner or permission required',\n requiredPermission: permission,\n },\n 403\n );\n };\n}\n\n/**\n * Combine multiple authorization requirements\n * All requirements must pass\n *\n * @example\n * ```ts\n * app.delete('/projects/:id',\n * authMiddleware,\n * requireAll(\n * requireTenant(),\n * requireRole('admin', 'manager'),\n * requirePermission('projects:delete')\n * ),\n * handler\n * );\n * ```\n */\nexport function requireAll(\n ...middlewares: MiddlewareHandler<{ Variables: AuthVariables }>[]\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n for (const middleware of middlewares) {\n let passed = false;\n await middleware(c, async () => {\n passed = true;\n });\n if (!passed) {\n // Middleware already sent error response\n return;\n }\n }\n await next();\n };\n}\n\n/**\n * Combine multiple authorization requirements\n * At least one requirement must pass\n *\n * @example\n * ```ts\n * app.get('/content/:id',\n * authMiddleware,\n * requireAny(\n * requireRole('admin'),\n * requirePermission('content:read'),\n * requireOwnerOrPermission(getContentOwnerId, 'content:view-own')\n * ),\n * handler\n * );\n * ```\n */\nexport function requireAny(\n ...middlewares: MiddlewareHandler<{ Variables: AuthVariables }>[]\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n for (const middleware of middlewares) {\n let passed = false;\n await middleware(c, async () => {\n passed = true;\n });\n if (passed) {\n await next();\n return;\n }\n }\n // None passed\n return c.json(\n { error: 'Forbidden', message: 'None of the authorization requirements were met' },\n 403\n );\n };\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/adapters/types.ts","../src/adapters/hono.ts"],"names":["c"],"mappings":";;;;AAsGO,SAAS,iBAAA,CACd,QACA,MAAA,EAQiB;AACjB,EAAA,MAAM,MAAA,GAAS,OAAO,MAAA,IAAU,MAAA;AAEhC,EAAA,OAAO;AAAA,IACL;AAAA,MACE,IAAA,EAAM,GAAG,MAAM,CAAA,aAAA,CAAA;AAAA,MACf,OAAO,MAAA,CAAO,WAAA;AAAA,MACd,SAAS,MAAA,CAAO,eAAA;AAAA,MAChB,IAAA,EAAM,OAAO,IAAA,IAAQ,GAAA;AAAA,MACrB,QAAQ,MAAA,CAAO,MAAA;AAAA,MACf,MAAA,EAAQ,OAAO,MAAA,IAAU,IAAA;AAAA,MACzB,QAAA,EAAU,OAAO,QAAA,IAAY,KAAA;AAAA,MAC7B,QAAA,EAAU;AAAA;AAAA,KACZ;AAAA,IACA;AAAA,MACE,IAAA,EAAM,GAAG,MAAM,CAAA,cAAA,CAAA;AAAA,MACf,OAAO,MAAA,CAAO,YAAA;AAAA,MACd,SAAS,MAAA,CAAO,gBAAA;AAAA,MAChB,IAAA,EAAM,OAAO,IAAA,IAAQ,GAAA;AAAA,MACrB,QAAQ,MAAA,CAAO,MAAA;AAAA,MACf,MAAA,EAAQ,OAAO,MAAA,IAAU,IAAA;AAAA,MACzB,QAAA,EAAU,OAAO,QAAA,IAAY,KAAA;AAAA,MAC7B,QAAA,EAAU,OAAO,QAAA,IAAY;AAAA;AAAA;AAC/B,GACF;AACF;AAKO,SAAS,oBACd,MAAA,EAKiB;AACjB,EAAA,MAAM,MAAA,GAAS,OAAO,MAAA,IAAU,MAAA;AAChC,EAAA,MAAM,IAAA,mBAAO,IAAI,IAAA,CAAK,CAAC,CAAA;AAEvB,EAAA,OAAO;AAAA,IACL;AAAA,MACE,IAAA,EAAM,GAAG,MAAM,CAAA,aAAA,CAAA;AAAA,MACf,KAAA,EAAO,EAAA;AAAA,MACP,OAAA,EAAS,IAAA;AAAA,MACT,IAAA,EAAM,OAAO,IAAA,IAAQ,GAAA;AAAA,MACrB,QAAQ,MAAA,CAAO;AAAA,KACjB;AAAA,IACA;AAAA,MACE,IAAA,EAAM,GAAG,MAAM,CAAA,cAAA,CAAA;AAAA,MACf,KAAA,EAAO,EAAA;AAAA,MACP,OAAA,EAAS,IAAA;AAAA,MACT,IAAA,EAAM,OAAO,IAAA,IAAQ,GAAA;AAAA,MACrB,QAAQ,MAAA,CAAO;AAAA;AACjB,GACF;AACF;;;ACrHA,SAAS,SAAA,CAAU,GAAY,MAAA,EAA6B;AAC1D,EAAA,IAAI,eAAe,CAAA,EAAG,MAAA,CAAO,IAAI,CAAA,CAAA,EAAI,OAAO,KAAK,CAAA,CAAA;AAEjD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,YAAA,IAAgB,CAAA,UAAA,EAAa,MAAA,CAAO,OAAA,CAAQ,WAAA,EAAa,CAAA,CAAA;AAAA,EAC3D;AACA,EAAA,IAAI,MAAA,CAAO,WAAW,MAAA,EAAW;AAC/B,IAAA,YAAA,IAAgB,CAAA,UAAA,EAAa,OAAO,MAAM,CAAA,CAAA;AAAA,EAC5C;AACA,EAAA,IAAI,OAAO,IAAA,EAAM;AACf,IAAA,YAAA,IAAgB,CAAA,OAAA,EAAU,OAAO,IAAI,CAAA,CAAA;AAAA,EACvC;AACA,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,YAAA,IAAgB,CAAA,SAAA,EAAY,OAAO,MAAM,CAAA,CAAA;AAAA,EAC3C;AACA,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,YAAA,IAAgB,UAAA;AAAA,EAClB;AACA,EAAA,IAAI,OAAO,QAAA,EAAU;AACnB,IAAA,YAAA,IAAgB,YAAA;AAAA,EAClB;AACA,EAAA,IAAI,OAAO,QAAA,EAAU;AACnB,IAAA,YAAA,IAAgB,CAAA,WAAA,EAAc,MAAA,CAAO,QAAA,CAAS,MAAA,CAAO,CAAC,CAAA,CAAE,WAAA,EAAY,GAAI,MAAA,CAAO,QAAA,CAAS,KAAA,CAAM,CAAC,CAAC,CAAA,CAAA;AAAA,EAClG;AAEA,EAAA,CAAA,CAAE,OAAO,YAAA,EAAc,YAAA,EAAc,EAAE,MAAA,EAAQ,MAAM,CAAA;AACvD;AAKA,SAAS,SAAA,CAAU,GAAY,IAAA,EAAkC;AAC/D,EAAA,MAAM,YAAA,GAAe,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA;AAC1C,EAAA,IAAI,CAAC,cAAc,OAAO,MAAA;AAE1B,EAAA,MAAM,OAAA,GAAU,YAAA,CAAa,KAAA,CAAM,GAAG,CAAA,CAAE,IAAI,CAACA,EAAAA,KAAMA,EAAAA,CAAE,IAAA,EAAM,CAAA;AAC3D,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,MAAM,CAAC,UAAA,EAAY,GAAG,UAAU,CAAA,GAAI,MAAA,CAAO,MAAM,GAAG,CAAA;AACpD,IAAA,IAAI,eAAe,IAAA,EAAM;AACvB,MAAA,OAAO,UAAA,CAAW,KAAK,GAAG,CAAA;AAAA,IAC5B;AAAA,EACF;AACA,EAAA,OAAO,MAAA;AACT;AAMO,SAAS,qBACd,MAAA,EACiD;AACjD,EAAA,MAAM,EAAE,IAAA,EAAM,cAAA,EAAe,GAAI,MAAA;AAEjC,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AAExB,IAAA,MAAM,UAAA,GAAa,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,eAAe,CAAA;AAC/C,IAAA,IAAI,KAAA,GAAQ,mBAAmB,UAAU,CAAA;AAEzC,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,YAAA,GAAe,MAAA,CAAO,OAAA,EAAS,MAAA,IAAU,MAAA;AAC/C,MAAA,KAAA,GAAQ,SAAA,CAAU,CAAA,EAAG,CAAA,EAAG,YAAY,eAAe,CAAA,IAAK,IAAA;AAAA,IAC1D;AAEA,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,IAAI,cAAA,EAAgB;AAClB,QAAA,OAAO,cAAA,CAAe,GAAG,mBAAmB,CAAA;AAAA,MAC9C;AACA,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,mBAAA,IAAuB,GAAG,CAAA;AAAA,IAC5E;AAGA,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAEjD,IAAA,IAAI,CAAC,MAAA,CAAO,KAAA,IAAS,CAAC,OAAO,OAAA,EAAS;AACpC,MAAA,IAAI,cAAA,EAAgB;AAClB,QAAA,OAAO,cAAA,CAAe,CAAA,EAAG,MAAA,CAAO,KAAK,CAAA;AAAA,MACvC;AACA,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,MAAA,CAAO,KAAA,EAAM,EAAG,GAAG,CAAA;AAAA,IACrE;AAGA,IAAA,MAAM,WAAA,GAA2B;AAAA,MAC/B,MAAA,EAAQ,OAAO,OAAA,CAAQ,GAAA;AAAA,MACvB,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,GAAI,OAAO,OAAA,CAAQ,GAAA,IAAO,EAAE,SAAA,EAAW,MAAA,CAAO,QAAQ,GAAA,EAAI;AAAA,MAC1D,GAAI,OAAO,OAAA,CAAQ,GAAA,IAAO,EAAE,QAAA,EAAU,MAAA,CAAO,QAAQ,GAAA,EAAI;AAAA,MACzD,GAAI,OAAO,OAAA,CAAQ,KAAA,IAAS,EAAE,KAAA,EAAO,MAAA,CAAO,QAAQ,KAAA,EAAM;AAAA,MAC1D,GAAI,OAAO,OAAA,CAAQ,WAAA,IAAe,EAAE,WAAA,EAAa,MAAA,CAAO,QAAQ,WAAA;AAAY,KAC9E;AAEA,IAAA,CAAA,CAAE,GAAA,CAAI,QAAQ,WAAW,CAAA;AAEzB,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAMO,SAAS,6BACd,MAAA,EAC0D;AAC1D,EAAA,MAAM,EAAE,MAAK,GAAI,MAAA;AAEjB,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AAExB,IAAA,MAAM,UAAA,GAAa,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,eAAe,CAAA;AAC/C,IAAA,IAAI,KAAA,GAAQ,mBAAmB,UAAU,CAAA;AAEzC,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,YAAA,GAAe,MAAA,CAAO,OAAA,EAAS,MAAA,IAAU,MAAA;AAC/C,MAAA,KAAA,GAAQ,SAAA,CAAU,CAAA,EAAG,CAAA,EAAG,YAAY,eAAe,CAAA,IAAK,IAAA;AAAA,IAC1D;AAEA,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AAEjD,MAAA,IAAI,MAAA,CAAO,KAAA,IAAS,MAAA,CAAO,OAAA,EAAS;AAClC,QAAA,MAAM,WAAA,GAA2B;AAAA,UAC/B,MAAA,EAAQ,OAAO,OAAA,CAAQ,GAAA;AAAA,UACvB,SAAS,MAAA,CAAO,OAAA;AAAA,UAChB,GAAI,OAAO,OAAA,CAAQ,GAAA,IAAO,EAAE,SAAA,EAAW,MAAA,CAAO,QAAQ,GAAA,EAAI;AAAA,UAC1D,GAAI,OAAO,OAAA,CAAQ,GAAA,IAAO,EAAE,QAAA,EAAU,MAAA,CAAO,QAAQ,GAAA,EAAI;AAAA,UACzD,GAAI,OAAO,OAAA,CAAQ,KAAA,IAAS,EAAE,KAAA,EAAO,MAAA,CAAO,QAAQ,KAAA,EAAM;AAAA,UAC1D,GAAI,OAAO,OAAA,CAAQ,WAAA,IAAe,EAAE,WAAA,EAAa,MAAA,CAAO,QAAQ,WAAA;AAAY,SAC9E;AAEA,QAAA,CAAA,CAAE,GAAA,CAAI,QAAQ,WAAW,CAAA;AAAA,MAC3B;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAMO,SAAS,gBAAA,CACd,KACA,MAAA,EACS;AACT,EAAA,MAAM,EAAE,IAAA,EAAM,OAAA,EAAS,YAAA,EAAa,GAAI,MAAA;AAMxC,EAAA,GAAA,CAAI,IAAA,CAAK,cAAA,EAAgB,OAAO,CAAA,KAAM;AACpC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAAoD;AAE7E,MAAA,IAAI,CAAC,IAAA,CAAK,UAAA,IAAc,CAAC,KAAK,IAAA,EAAM;AAClC,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,eAAe,OAAA,EAAS,kCAAA,IAAsC,GAAG,CAAA;AAAA,MAC1F;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,UAAA,CAAW;AAAA,QACnC,YAAY,IAAA,CAAK,UAAA;AAAA,QACjB,MAAM,IAAA,CAAK;AAAA,OACZ,CAAA;AAED,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,OAAO,EAAE,IAAA,CAAK;AAAA,UACZ,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,MAAA,CAAO,KAAA;AAAA,UACd,mBAAmB,MAAA,CAAO;AAAA,WACzB,GAAG,CAAA;AAAA,MACR;AAEA,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,WAAW,MAAA,CAAO,SAAA;AAAA,QAClB,mBAAmB,MAAA,CAAO;AAAA,OAC3B,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,IAAA,CAAK,aAAA,EAAe,OAAO,CAAA,KAAM;AACnC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAItB;AAEH,MAAA,IAAI,CAAC,IAAA,CAAK,UAAA,IAAc,CAAC,KAAK,IAAA,EAAM;AAClC,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,eAAe,OAAA,EAAS,kCAAA,IAAsC,GAAG,CAAA;AAAA,MAC1F;AAEA,MAAA,MAAM,SAAA,GAAY,EAAE,GAAA,CAAI,MAAA,CAAO,iBAAiB,CAAA,IAAK,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,WAAW,CAAA;AAC7E,MAAA,MAAM,SAAA,GAAY,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,YAAY,CAAA;AAE3C,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,MAAA,CAAO;AAAA,QAC/B,QAAA,EAAU,KAAA;AAAA,QACV,YAAY,IAAA,CAAK,UAAA;AAAA,QACjB,YAAY,IAAA,CAAK,IAAA;AAAA,QACjB,IAAA,EAAM,EAAE,IAAA,EAAM,IAAA,CAAK,QAAQ,OAAA,EAAQ;AAAA,QACnC,QAAA,EAAU;AAAA,UACR,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,UAC7B,GAAI,SAAA,IAAa,EAAE,SAAA;AAAU;AAC/B,OACD,CAAA;AAED,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,OAAO,EAAE,IAAA,CAAK;AAAA,UACZ,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,MAAA,CAAO,KAAA;AAAA,UACd,WAAW,MAAA,CAAO;AAAA,WACjB,GAAG,CAAA;AAAA,MACR;AAGA,MAAA,IAAI,MAAA,CAAO,UAAU,YAAA,EAAc;AACjC,QAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,CAAO,MAAA,EAAQ,YAAY,CAAA;AAC7D,QAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,UAAA,SAAA,CAAU,GAAG,MAAM,CAAA;AAAA,QACrB;AAAA,MACF;AAEA,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,IAAA,EAAM,OAAO,IAAA,GAAO;AAAA,UAClB,EAAA,EAAI,OAAO,IAAA,CAAK,EAAA;AAAA,UAChB,KAAA,EAAO,OAAO,IAAA,CAAK,KAAA;AAAA,UACnB,IAAA,EAAM,OAAO,IAAA,CAAK;AAAA,SACpB,GAAI,KAAA,CAAA;AAAA,QACJ,QAAQ,MAAA,CAAO;AAAA,OAChB,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,IAAA,CAAK,UAAA,EAAY,OAAO,CAAA,KAAM;AAChC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAKtB;AAEH,MAAA,IAAI,CAAC,IAAA,CAAK,QAAA,IAAY,CAAC,KAAK,UAAA,EAAY;AACtC,QAAA,OAAO,EAAE,IAAA,CAAK;AAAA,UACZ,KAAA,EAAO,aAAA;AAAA,UACP,OAAA,EAAS;AAAA,WACR,GAAG,CAAA;AAAA,MACR;AAEA,MAAA,MAAM,SAAA,GAAY,EAAE,GAAA,CAAI,MAAA,CAAO,iBAAiB,CAAA,IAAK,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,WAAW,CAAA;AAC7E,MAAA,MAAM,SAAA,GAAY,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,YAAY,CAAA;AAE3C,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,MAAA,CAAO;AAAA,QAC/B,UAAU,IAAA,CAAK,QAAA;AAAA,QACf,YAAY,IAAA,CAAK,UAAA;AAAA,QACjB,GAAI,IAAA,CAAK,UAAA,IAAc,EAAE,UAAA,EAAY,KAAK,UAAA,EAAW;AAAA,QACrD,GAAI,IAAA,CAAK,IAAA,IAAQ,EAAE,IAAA,EAAM,KAAK,IAAA,EAAK;AAAA,QACnC,QAAA,EAAU;AAAA,UACR,GAAI,SAAA,IAAa,EAAE,SAAA,EAAU;AAAA,UAC7B,GAAI,SAAA,IAAa,EAAE,SAAA;AAAU;AAC/B,OACD,CAAA;AAED,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,OAAO,EAAE,IAAA,CAAK;AAAA,UACZ,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,MAAA,CAAO,KAAA;AAAA,UACd,WAAW,MAAA,CAAO,SAAA;AAAA,UAClB,mBAAmB,MAAA,CAAO;AAAA,WACzB,GAAG,CAAA;AAAA,MACR;AAGA,MAAA,IAAI,MAAA,CAAO,UAAU,YAAA,EAAc;AACjC,QAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,CAAO,MAAA,EAAQ,YAAY,CAAA;AAC7D,QAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,UAAA,SAAA,CAAU,GAAG,MAAM,CAAA;AAAA,QACrB;AAAA,MACF;AAEA,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,IAAA,EAAM,OAAO,IAAA,GAAO;AAAA,UAClB,EAAA,EAAI,OAAO,IAAA,CAAK,EAAA;AAAA,UAChB,KAAA,EAAO,OAAO,IAAA,CAAK,KAAA;AAAA,UACnB,IAAA,EAAM,OAAO,IAAA,CAAK;AAAA,SACpB,GAAI,KAAA,CAAA;AAAA,QACJ,QAAQ,MAAA,CAAO,MAAA;AAAA,QACf,mBAAmB,MAAA,CAAO;AAAA,OAC3B,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,IAAA,CAAK,WAAA,EAAa,OAAO,CAAA,KAAM;AACjC,IAAA,IAAI;AAEF,MAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,MAAA,IAAI,aAAa,SAAA,EAAW;AAC1B,QAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,WAAA,CAAY,SAAS,CAAA;AAAA,MAC1C;AAGA,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,MAAM,OAAA,GAAU,oBAAoB,YAAY,CAAA;AAChD,QAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,UAAA,SAAA,CAAU,GAAG,MAAM,CAAA;AAAA,QACrB;AAAA,MACF;AAEA,MAAA,OAAO,CAAA,CAAE,IAAA,CAAK,EAAE,OAAA,EAAS,MAAM,CAAA;AAAA,IACjC,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,IAAA,CAAK,UAAA,EAAY,OAAO,CAAA,KAAM;AAChC,IAAA,IAAI;AAEF,MAAA,IAAI,YAAA;AAEJ,MAAA,IAAI;AACF,QAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAAgC;AACzD,QAAA,YAAA,GAAe,IAAA,CAAK,YAAA;AAAA,MACtB,CAAA,CAAA,MAAQ;AAAA,MAER;AAEA,MAAA,IAAI,CAAC,YAAA,EAAc;AACjB,QAAA,MAAM,YAAA,GAAe,cAAc,MAAA,IAAU,MAAA;AAC7C,QAAA,YAAA,GAAe,SAAA,CAAU,CAAA,EAAG,CAAA,EAAG,YAAY,CAAA,cAAA,CAAgB,CAAA;AAAA,MAC7D;AAEA,MAAA,IAAI,CAAC,YAAA,EAAc;AACjB,QAAA,OAAO,EAAE,IAAA,CAAK;AAAA,UACZ,OAAA,EAAS,KAAA;AAAA,UACT,KAAA,EAAO;AAAA,WACN,GAAG,CAAA;AAAA,MACR;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,aAAA,CAAc,YAAY,CAAA;AAEpD,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AAEnB,QAAA,IAAI,YAAA,EAAc;AAChB,UAAA,MAAM,OAAA,GAAU,oBAAoB,YAAY,CAAA;AAChD,UAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,YAAA,SAAA,CAAU,GAAG,MAAM,CAAA;AAAA,UACrB;AAAA,QACF;AAEA,QAAA,OAAO,EAAE,IAAA,CAAK;AAAA,UACZ,OAAA,EAAS,KAAA;AAAA,UACT,OAAO,MAAA,CAAO;AAAA,WACb,GAAG,CAAA;AAAA,MACR;AAGA,MAAA,IAAI,MAAA,CAAO,UAAU,YAAA,EAAc;AACjC,QAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,CAAO,MAAA,EAAQ,YAAY,CAAA;AAC7D,QAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,UAAA,SAAA,CAAU,GAAG,MAAM,CAAA;AAAA,QACrB;AAAA,MACF;AAEA,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,QAAQ,MAAA,CAAO;AAAA,OAChB,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,GAAA,CAAI,KAAA,EAAO,OAAO,CAAA,KAAM;AAC1B,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAGA,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,YAAW,CAAE,YAAA,CAAa,YAAY,MAAM,CAAA;AAEpE,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,gBAAA,IAAoB,GAAG,CAAA;AAAA,IAChD;AAEA,IAAA,OAAO,EAAE,IAAA,CAAK;AAAA,MACZ,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,kBAAkB,IAAA,CAAK;AAAA,KACxB,CAAA;AAAA,EACH,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,GAAA,CAAI,WAAA,EAAa,OAAO,CAAA,KAAM;AAChC,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,MAAM,WAAW,MAAM,IAAA,CAAK,YAAY,WAAA,CAAY,MAAA,EAAQ,YAAY,SAAS,CAAA;AAEjF,IAAA,OAAO,CAAA,CAAE,IAAA,CAAK,EAAE,QAAA,EAAU,CAAA;AAAA,EAC5B,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,MAAA,CAAO,eAAA,EAAiB,OAAO,CAAA,KAAM;AACvC,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,MAAM,SAAA,GAAY,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,IAAI,CAAA;AAGlC,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,WAAA,CAAY,YAAY,MAAM,CAAA;AAC1D,IAAA,MAAM,UAAU,QAAA,CAAS,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,SAAS,CAAA;AAEvD,IAAA,IAAI,CAAC,OAAA,EAAS;AACZ,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,mBAAA,IAAuB,GAAG,CAAA;AAAA,IACnD;AAEA,IAAA,MAAM,IAAA,CAAK,cAAc,SAAS,CAAA;AAElC,IAAA,OAAO,CAAA,CAAE,IAAA,CAAK,EAAE,OAAA,EAAS,MAAM,CAAA;AAAA,EACjC,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,MAAA,CAAO,WAAA,EAAa,OAAO,CAAA,KAAM;AACnC,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,MAAM,IAAA,CAAK,iBAAA,CAAkB,WAAA,CAAY,MAAM,CAAA;AAG/C,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,MAAM,OAAA,GAAU,oBAAoB,YAAY,CAAA;AAChD,MAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,QAAA,SAAA,CAAU,GAAG,MAAM,CAAA;AAAA,MACrB;AAAA,IACF;AAEA,IAAA,OAAO,CAAA,CAAE,IAAA,CAAK,EAAE,OAAA,EAAS,MAAM,CAAA;AAAA,EACjC,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,GAAA,CAAI,YAAA,EAAc,OAAO,CAAA,KAAM;AACjC,IAAA,MAAM,SAAA,GAAY,KAAK,YAAA,EAAa;AACpC,IAAA,OAAO,CAAA,CAAE,IAAA,CAAK,EAAE,SAAA,EAAW,CAAA;AAAA,EAC7B,CAAC,CAAA;AAUD,EAAA,GAAA,CAAI,GAAA,CAAI,UAAA,EAAY,OAAO,CAAA,KAAM;AAC/B,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,YAAY,MAAM,CAAA;AAC5D,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,MAAO;AAAA,UAC3B,EAAA,EAAI,EAAE,MAAA,CAAO,EAAA;AAAA,UACb,IAAA,EAAM,EAAE,MAAA,CAAO,IAAA;AAAA,UACf,IAAA,EAAM,EAAE,MAAA,CAAO,IAAA;AAAA,UACf,IAAA,EAAM,EAAE,UAAA,CAAW,IAAA;AAAA,UACnB,MAAA,EAAQ,EAAE,MAAA,CAAO;AAAA,SACnB,CAAE,CAAA;AAAA,QACF,iBAAiB,WAAA,CAAY;AAAA,OAC9B,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,IAAA,CAAK,iBAAA,EAAmB,OAAO,CAAA,KAAM;AACvC,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,aAAa,SAAA,EAAW;AAC3B,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAA2B;AAEpD,MAAA,IAAI,CAAC,KAAK,QAAA,EAAU;AAClB,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,eAAe,OAAA,EAAS,sBAAA,IAA0B,GAAG,CAAA;AAAA,MAC9E;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,aAAa,WAAA,CAAY,SAAA,EAAW,KAAK,QAAQ,CAAA;AAE3E,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,OAAA,EAAS,OAAO,KAAA,EAAO,MAAA,CAAO,KAAA,EAAM,EAAG,GAAG,CAAA;AAAA,MAC5D;AAGA,MAAA,IAAI,MAAA,CAAO,UAAU,YAAA,EAAc;AACjC,QAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,CAAO,MAAA,EAAQ,YAAY,CAAA;AAC7D,QAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,UAAA,SAAA,CAAU,GAAG,MAAM,CAAA;AAAA,QACrB;AAAA,MACF;AAEA,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,QAAQ,MAAA,CAAO;AAAA,OAChB,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,GAAA,CAAI,kBAAA,EAAoB,OAAO,CAAA,KAAM;AACvC,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,IAAI,CAAC,YAAY,QAAA,EAAU;AACzB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,QAAQ,IAAA,EAAM,UAAA,EAAY,MAAM,CAAA;AAAA,IAClD;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,mBAAA;AAAA,QAC5B,WAAA,CAAY,MAAA;AAAA,QACZ,WAAA,CAAY;AAAA,OACd;AAEA,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,OAAO,EAAE,IAAA,CAAK,EAAE,QAAQ,IAAA,EAAM,UAAA,EAAY,MAAM,CAAA;AAAA,MAClD;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,YAAW,CAAE,cAAA,GAAiB,YAAY,QAAQ,CAAA;AAE5E,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,QAAQ,MAAA,GAAS;AAAA,UACf,IAAI,MAAA,CAAO,EAAA;AAAA,UACX,MAAM,MAAA,CAAO,IAAA;AAAA,UACb,MAAM,MAAA,CAAO,IAAA;AAAA,UACb,QAAQ,MAAA,CAAO;AAAA,SACjB,GAAI,IAAA;AAAA,QACJ,UAAA,EAAY;AAAA,UACV,MAAM,UAAA,CAAW,IAAA;AAAA,UACjB,aAAa,UAAA,CAAW,WAAA;AAAA,UACxB,QAAQ,UAAA,CAAW;AAAA;AACrB,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,IAAA,CAAK,2BAAA,EAA6B,OAAO,CAAA,KAAM;AACjD,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,UAAU,CAAA;AACvC,MAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAKtB;AAEH,MAAA,IAAI,CAAC,IAAA,CAAK,KAAA,IAAS,CAAC,KAAK,IAAA,EAAM;AAC7B,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,eAAe,OAAA,EAAS,6BAAA,IAAiC,GAAG,CAAA;AAAA,MACrF;AAGA,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,eAAA,CAAgB,YAAY,MAAA,EAAQ,QAAA,EAAU,OAAO,CAAA,IAChE,MAAM,IAAA,CAAK,eAAA,CAAgB,WAAA,CAAY,MAAA,EAAQ,UAAU,OAAO,CAAA;AAEhF,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,aAAa,OAAA,EAAS,uBAAA,IAA2B,GAAG,CAAA;AAAA,MAC7E;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,cAAA,CAAe;AAAA,QACvC,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,QAAA;AAAA,QACA,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,aAAa,IAAA,CAAK,WAAA;AAAA,QAClB,WAAW,WAAA,CAAY,MAAA;AAAA,QACvB,SAAS,IAAA,CAAK;AAAA,OACf,CAAA;AAED,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,OAAA,EAAS,OAAO,KAAA,EAAO,MAAA,CAAO,KAAA,EAAM,EAAG,GAAG,CAAA;AAAA,MAC5D;AAEA,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,eAAe,MAAA,CAAO,aAAA;AAAA,QACtB,SAAA,EAAW,OAAO,UAAA,EAAY;AAAA,OAC/B,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,GAAA,CAAI,aAAA,EAAe,OAAO,CAAA,KAAM;AAClC,IAAA,IAAI;AACF,MAAA,MAAM,KAAA,GAAQ,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,OAAO,CAAA;AAEjC,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,eAAe,OAAA,EAAS,mBAAA,IAAuB,GAAG,CAAA;AAAA,MAC3E;AAEA,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,eAAA,CAAgB,KAAK,CAAA;AAE/C,MAAA,OAAO,CAAA,CAAE,KAAK,MAAM,CAAA;AAAA,IACtB,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,IAAA,CAAK,oBAAA,EAAsB,OAAO,CAAA,KAAM;AAC1C,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAAwB;AAEjD,MAAA,IAAI,CAAC,KAAK,KAAA,EAAO;AACf,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,eAAe,OAAA,EAAS,mBAAA,IAAuB,GAAG,CAAA;AAAA,MAC3E;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,iBAAiB,IAAA,CAAK,KAAA,EAAO,YAAY,MAAM,CAAA;AAEzE,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,OAAA,EAAS,OAAO,KAAA,EAAO,MAAA,CAAO,KAAA,EAAM,EAAG,GAAG,CAAA;AAAA,MAC5D;AAEA,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,MAAA,EAAQ,OAAO,MAAA,GAAS;AAAA,UACtB,EAAA,EAAI,OAAO,MAAA,CAAO,EAAA;AAAA,UAClB,IAAA,EAAM,OAAO,MAAA,CAAO,IAAA;AAAA,UACpB,IAAA,EAAM,OAAO,MAAA,CAAO;AAAA,SACtB,GAAI,KAAA,CAAA;AAAA,QACJ,UAAA,EAAY,OAAO,UAAA,GAAa;AAAA,UAC9B,IAAA,EAAM,OAAO,UAAA,CAAW,IAAA;AAAA,UACxB,MAAA,EAAQ,OAAO,UAAA,CAAW;AAAA,SAC5B,GAAI,KAAA;AAAA,OACL,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,MAAA,CAAO,oCAAA,EAAsC,OAAO,CAAA,KAAM;AAC5D,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,UAAU,CAAA;AACvC,MAAA,MAAM,MAAA,GAAS,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,QAAQ,CAAA;AAGnC,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,eAAA,CAAgB,YAAY,MAAA,EAAQ,QAAA,EAAU,OAAO,CAAA,IAChE,MAAM,IAAA,CAAK,eAAA,CAAgB,WAAA,CAAY,MAAA,EAAQ,UAAU,OAAO,CAAA;AAChF,MAAA,MAAM,MAAA,GAAS,YAAY,MAAA,KAAW,MAAA;AAEtC,MAAA,IAAI,CAAC,OAAA,IAAW,CAAC,MAAA,EAAQ;AACvB,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,aAAa,OAAA,EAAS,uBAAA,IAA2B,GAAG,CAAA;AAAA,MAC7E;AAEA,MAAA,MAAM,IAAA,CAAK,kBAAA,CAAmB,MAAA,EAAQ,QAAQ,CAAA;AAE9C,MAAA,OAAO,CAAA,CAAE,IAAA,CAAK,EAAE,OAAA,EAAS,MAAM,CAAA;AAAA,IACjC,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAMD,EAAA,GAAA,CAAI,KAAA,CAAM,oCAAA,EAAsC,OAAO,CAAA,KAAM;AAC3D,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEhC,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,cAAA,IAAkB,GAAG,CAAA;AAAA,IAC9C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,UAAU,CAAA;AACvC,MAAA,MAAM,MAAA,GAAS,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,QAAQ,CAAA;AACnC,MAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAItB;AAGH,MAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,eAAA,CAAgB,YAAY,MAAA,EAAQ,QAAA,EAAU,OAAO,CAAA,IAChE,MAAM,IAAA,CAAK,eAAA,CAAgB,WAAA,CAAY,MAAA,EAAQ,UAAU,OAAO,CAAA;AAEhF,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,aAAa,OAAA,EAAS,uBAAA,IAA2B,GAAG,CAAA;AAAA,MAC7E;AAEA,MAAA,MAAM,aAAa,MAAM,IAAA,CAAK,kBAAA,CAAmB,MAAA,EAAQ,UAAU,IAAI,CAAA;AAEvE,MAAA,OAAO,EAAE,IAAA,CAAK;AAAA,QACZ,OAAA,EAAS,IAAA;AAAA,QACT,UAAA,EAAY;AAAA,UACV,MAAM,UAAA,CAAW,IAAA;AAAA,UACjB,aAAa,UAAA,CAAW,WAAA;AAAA,UACxB,QAAQ,UAAA,CAAW;AAAA;AACrB,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,OAAO,OAAA,EAAS;AAClB,QAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAgB,CAAC,CAAA;AAAA,MACzC;AACA,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,uBAAA,IAA2B,GAAG,CAAA;AAAA,IACvD;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAO,GAAA;AACT;AAKO,SAAS,eAAe,MAAA,EAA2B;AACxD,EAAA,OAAO;AAAA;AAAA,IAEL,UAAA,EAAY,qBAAqB,MAAM,CAAA;AAAA;AAAA,IAEvC,kBAAA,EAAoB,6BAA6B,MAAM,CAAA;AAAA;AAAA,IAEvD,YAAA,EAAc,CAAkD,GAAA,KAC9D,gBAAA,CAAiB,KAAK,MAAM;AAAA,GAChC;AACF;AASA,SAAS,uBAAuB,IAAA,EAAyC;AACvE,EAAA,OAAO;AAAA,IACL,QAAQ,IAAA,CAAK,MAAA;AAAA,IACb,UAAU,IAAA,CAAK,QAAA;AAAA,IACf,OAAO,IAAA,CAAK,KAAA;AAAA,IACZ,aAAa,IAAA,CAAK;AAAA,GACpB;AACF;AAYO,SAAS,eACX,YAAA,EAC8C;AACjD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,yBAAA,IAA6B,GAAG,CAAA;AAAA,IAClF;AAEA,IAAA,MAAM,KAAA,GAAQ,wBAAA,CAAyB,sBAAA,CAAuB,IAAI,CAAC,CAAA;AAEnE,IAAA,IAAI,CAAC,KAAA,CAAM,UAAA,CAAW,YAAY,CAAA,EAAG;AACnC,MAAA,OAAO,CAAA,CAAE,IAAA;AAAA,QACP;AAAA,UACE,KAAA,EAAO,WAAA;AAAA,UACP,OAAA,EAAS,mBAAA;AAAA,UACT,QAAA,EAAU,YAAA;AAAA,UACV,OAAA,EAAS,IAAA,CAAK,KAAA,IAAS;AAAC,SAC1B;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAYO,SAAS,qBACX,WAAA,EAC8C;AACjD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,yBAAA,IAA6B,GAAG,CAAA;AAAA,IAClF;AAEA,IAAA,MAAM,KAAA,GAAQ,wBAAA,CAAyB,sBAAA,CAAuB,IAAI,CAAC,CAAA;AAGnE,IAAA,IAAI,CAAC,KAAA,CAAM,iBAAA,CAAkB,WAAW,CAAA,EAAG;AACzC,MAAA,OAAO,CAAA,CAAE,IAAA;AAAA,QACP;AAAA,UACE,KAAA,EAAO,WAAA;AAAA,UACP,OAAA,EAAS,8BAAA;AAAA,UACT,QAAA,EAAU,WAAA;AAAA,UACV,OAAA,EAAS,IAAA,CAAK,WAAA,IAAe;AAAC,SAChC;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAWO,SAAS,wBACX,WAAA,EAC8C;AACjD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,yBAAA,IAA6B,GAAG,CAAA;AAAA,IAClF;AAEA,IAAA,MAAM,KAAA,GAAQ,wBAAA,CAAyB,sBAAA,CAAuB,IAAI,CAAC,CAAA;AAEnE,IAAA,IAAI,CAAC,KAAA,CAAM,gBAAA,CAAiB,WAAW,CAAA,EAAG;AACxC,MAAA,OAAO,CAAA,CAAE,IAAA;AAAA,QACP;AAAA,UACE,KAAA,EAAO,WAAA;AAAA,UACP,OAAA,EAAS,8BAAA;AAAA,UACT,QAAA,EAAU,WAAA;AAAA,UACV,OAAA,EAAS,IAAA,CAAK,WAAA,IAAe;AAAC,SAChC;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAWO,SAAS,aAAA,GAAiE;AAC/E,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,yBAAA,IAA6B,GAAG,CAAA;AAAA,IAClF;AAEA,IAAA,IAAI,CAAC,KAAK,QAAA,EAAU;AAClB,MAAA,OAAO,CAAA,CAAE,IAAA;AAAA,QACP,EAAE,KAAA,EAAO,WAAA,EAAa,OAAA,EAAS,yBAAA,EAA0B;AAAA,QACzD;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAeO,SAAS,mBAAA,CACd,aACA,OAAA,EAIiD;AACjD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,yBAAA,IAA6B,GAAG,CAAA;AAAA,IAClF;AAEA,IAAA,MAAM,iBAAA,GAAoB,YAAY,CAAC,CAAA;AAGvC,IAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,MAAA,MAAM,IAAA,EAAK;AACX,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,KAAA,GAAQ,wBAAA,CAAyB,sBAAA,CAAuB,IAAI,CAAC,CAAA;AAGnE,IAAA,IAAI,SAAS,WAAA,IAAe,KAAA,CAAM,UAAA,CAAW,OAAA,CAAQ,WAAW,CAAA,EAAG;AACjE,MAAA,MAAM,IAAA,EAAK;AACX,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,IAAA,CAAK,aAAa,iBAAA,EAAmB;AACvC,MAAA,OAAO,CAAA,CAAE,IAAA;AAAA,QACP;AAAA,UACE,KAAA,EAAO,WAAA;AAAA,UACP,OAAA,EAAS,8BAAA;AAAA,UACT,eAAA,EAAiB;AAAA,SACnB;AAAA,QACA;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAWO,SAAS,YAAA,GAAgE;AAC9E,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,yBAAA,IAA6B,GAAG,CAAA;AAAA,IAClF;AAEA,IAAA,MAAM,KAAA,GAAQ,wBAAA,CAAyB,sBAAA,CAAuB,IAAI,CAAC,CAAA;AAEnE,IAAA,MAAM,UACJ,KAAA,CAAM,OAAA,CAAQ,OAAO,CAAA,IACrB,KAAA,CAAM,QAAQ,OAAO,CAAA,IACrB,MAAM,OAAA,CAAQ,YAAY,KAC1B,KAAA,CAAM,OAAA,CAAQ,aAAa,CAAA,IAC3B,KAAA,CAAM,cAAc,GAAG,CAAA;AAEzB,IAAA,IAAI,CAAC,OAAA,EAAS;AACZ,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,aAAa,OAAA,EAAS,uBAAA,IAA2B,GAAG,CAAA;AAAA,IAC7E;AAEA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAcO,SAAS,wBAAA,CACd,YACA,UAAA,EACiD;AACjD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,MAAM,CAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,gBAAgB,OAAA,EAAS,yBAAA,IAA6B,GAAG,CAAA;AAAA,IAClF;AAEA,IAAA,MAAM,KAAA,GAAQ,wBAAA,CAAyB,sBAAA,CAAuB,IAAI,CAAC,CAAA;AAGnE,IAAA,IAAI,KAAA,CAAM,aAAA,CAAc,UAAU,CAAA,EAAG;AACnC,MAAA,MAAM,IAAA,EAAK;AACX,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,OAAA,GAAU,MAAM,UAAA,CAAW,CAAC,CAAA;AAClC,IAAA,IAAI,IAAA,CAAK,WAAW,OAAA,EAAS;AAC3B,MAAA,MAAM,IAAA,EAAK;AACX,MAAA;AAAA,IACF;AAEA,IAAA,OAAO,CAAA,CAAE,IAAA;AAAA,MACP;AAAA,QACE,KAAA,EAAO,WAAA;AAAA,QACP,OAAA,EAAS,uCAAA;AAAA,QACT,kBAAA,EAAoB;AAAA,OACtB;AAAA,MACA;AAAA,KACF;AAAA,EACF,CAAA;AACF;AAmBO,SAAS,cACX,WAAA,EAC8C;AACjD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AACpC,MAAA,IAAI,MAAA,GAAS,KAAA;AACb,MAAA,MAAM,UAAA,CAAW,GAAG,YAAY;AAC9B,QAAA,MAAA,GAAS,IAAA;AAAA,MACX,CAAC,CAAA;AACD,MAAA,IAAI,CAAC,MAAA,EAAQ;AAEX,QAAA;AAAA,MACF;AAAA,IACF;AACA,IAAA,MAAM,IAAA,EAAK;AAAA,EACb,CAAA;AACF;AAmBO,SAAS,cACX,WAAA,EAC8C;AACjD,EAAA,OAAO,OAAO,GAAG,IAAA,KAAS;AACxB,IAAA,KAAA,MAAW,cAAc,WAAA,EAAa;AACpC,MAAA,IAAI,MAAA,GAAS,KAAA;AACb,MAAA,MAAM,UAAA,CAAW,GAAG,YAAY;AAC9B,QAAA,MAAA,GAAS,IAAA;AAAA,MACX,CAAC,CAAA;AACD,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,MAAM,IAAA,EAAK;AACX,QAAA;AAAA,MACF;AAAA,IACF;AAEA,IAAA,OAAO,CAAA,CAAE,IAAA;AAAA,MACP,EAAE,KAAA,EAAO,WAAA,EAAa,OAAA,EAAS,iDAAA,EAAkD;AAAA,MACjF;AAAA,KACF;AAAA,EACF,CAAA;AACF","file":"chunk-JFSNE55J.js","sourcesContent":["/**\n * Adapter Types\n * Common interfaces for framework adapters\n */\n\nimport type { JwtPayload, TokenPair } from '../session/index.js';\n\n/**\n * Auth context attached to requests\n */\nexport interface AuthContext {\n /** Authenticated user ID */\n userId: string;\n /** Session ID */\n sessionId?: string;\n /** Tenant ID (for multi-tenant) */\n tenantId?: string;\n /** User roles */\n roles?: string[];\n /** User permissions */\n permissions?: string[];\n /** Full JWT payload */\n payload: JwtPayload;\n}\n\n/**\n * Cookie options\n */\nexport interface CookieOptions {\n /** Cookie name */\n name: string;\n /** Cookie value */\n value: string;\n /** Max age in seconds */\n maxAge?: number;\n /** Expiration date */\n expires?: Date;\n /** Path */\n path?: string;\n /** Domain */\n domain?: string;\n /** Secure flag */\n secure?: boolean;\n /** HttpOnly flag */\n httpOnly?: boolean;\n /** SameSite attribute */\n sameSite?: 'strict' | 'lax' | 'none';\n}\n\n/**\n * Auth response with cookies\n */\nexport interface AuthResponse {\n success: boolean;\n tokens?: TokenPair;\n cookies?: CookieOptions[];\n error?: string;\n errorCode?: string;\n user?: {\n id: string;\n email?: string;\n name?: string;\n };\n}\n\n/**\n * Request OTP input\n */\nexport interface RequestOtpBody {\n identifier: string;\n type: 'email' | 'sms';\n}\n\n/**\n * Verify OTP input\n */\nexport interface VerifyOtpBody {\n identifier: string;\n code: string;\n type?: 'email' | 'sms';\n}\n\n/**\n * Sign in input\n */\nexport interface SignInBody {\n provider: string;\n identifier: string;\n credential?: string;\n data?: Record<string, unknown>;\n}\n\n/**\n * Refresh token input\n */\nexport interface RefreshBody {\n refreshToken?: string;\n}\n\n/**\n * Create auth cookies from token pair\n */\nexport function createAuthCookies(\n tokens: TokenPair,\n config: {\n prefix?: string;\n path?: string;\n domain?: string;\n secure?: boolean;\n sameSite?: 'strict' | 'lax' | 'none';\n httpOnly?: boolean;\n }\n): CookieOptions[] {\n const prefix = config.prefix ?? 'pars';\n\n return [\n {\n name: `${prefix}.access_token`,\n value: tokens.accessToken,\n expires: tokens.accessExpiresAt,\n path: config.path ?? '/',\n domain: config.domain,\n secure: config.secure ?? true,\n sameSite: config.sameSite ?? 'lax',\n httpOnly: false, // Access token may be needed by JS\n },\n {\n name: `${prefix}.refresh_token`,\n value: tokens.refreshToken,\n expires: tokens.refreshExpiresAt,\n path: config.path ?? '/',\n domain: config.domain,\n secure: config.secure ?? true,\n sameSite: config.sameSite ?? 'lax',\n httpOnly: config.httpOnly ?? true, // Refresh token should be HttpOnly\n },\n ];\n}\n\n/**\n * Create logout cookies (clear auth cookies)\n */\nexport function createLogoutCookies(\n config: {\n prefix?: string;\n path?: string;\n domain?: string;\n }\n): CookieOptions[] {\n const prefix = config.prefix ?? 'pars';\n const past = new Date(0);\n\n return [\n {\n name: `${prefix}.access_token`,\n value: '',\n expires: past,\n path: config.path ?? '/',\n domain: config.domain,\n },\n {\n name: `${prefix}.refresh_token`,\n value: '',\n expires: past,\n path: config.path ?? '/',\n domain: config.domain,\n },\n ];\n}\n","/**\n * Hono Framework Adapter\n * Middleware and routes for Hono applications\n */\n\nimport type { Context, MiddlewareHandler, Hono } from 'hono';\nimport type { ParsAuthEngine } from '../core/auth-engine.js';\nimport { extractBearerToken } from '../session/index.js';\nimport {\n createAuthCookies,\n createLogoutCookies,\n type AuthContext,\n type CookieOptions,\n} from './types.js';\nimport {\n type AuthorizationContext,\n createAuthorizationGuard,\n type PermissionPattern,\n} from '../security/authorization.js';\n\n/**\n * Hono auth context variables\n */\nexport interface AuthVariables {\n auth: AuthContext;\n}\n\n/**\n * Hono adapter configuration\n */\nexport interface HonoAdapterConfig {\n /** Auth engine instance */\n auth: ParsAuthEngine;\n /** Cookie configuration */\n cookies?: {\n prefix?: string;\n path?: string;\n domain?: string;\n secure?: boolean;\n sameSite?: 'strict' | 'lax' | 'none';\n httpOnly?: boolean;\n };\n /** Custom error handler */\n onError?: (error: Error, c: Context) => Response | Promise<Response>;\n /** Custom unauthorized handler */\n onUnauthorized?: (c: Context, message?: string) => Response | Promise<Response>;\n}\n\n/**\n * Set cookie on response\n */\nfunction setCookie(c: Context, cookie: CookieOptions): void {\n let cookieString = `${cookie.name}=${cookie.value}`;\n\n if (cookie.expires) {\n cookieString += `; Expires=${cookie.expires.toUTCString()}`;\n }\n if (cookie.maxAge !== undefined) {\n cookieString += `; Max-Age=${cookie.maxAge}`;\n }\n if (cookie.path) {\n cookieString += `; Path=${cookie.path}`;\n }\n if (cookie.domain) {\n cookieString += `; Domain=${cookie.domain}`;\n }\n if (cookie.secure) {\n cookieString += '; Secure';\n }\n if (cookie.httpOnly) {\n cookieString += '; HttpOnly';\n }\n if (cookie.sameSite) {\n cookieString += `; SameSite=${cookie.sameSite.charAt(0).toUpperCase() + cookie.sameSite.slice(1)}`;\n }\n\n c.header('Set-Cookie', cookieString, { append: true });\n}\n\n/**\n * Get cookie from request\n */\nfunction getCookie(c: Context, name: string): string | undefined {\n const cookieHeader = c.req.header('Cookie');\n if (!cookieHeader) return undefined;\n\n const cookies = cookieHeader.split(';').map((c) => c.trim());\n for (const cookie of cookies) {\n const [cookieName, ...valueParts] = cookie.split('=');\n if (cookieName === name) {\n return valueParts.join('=');\n }\n }\n return undefined;\n}\n\n/**\n * Create Hono auth middleware\n * Validates JWT and attaches auth context to request\n */\nexport function createAuthMiddleware(\n config: HonoAdapterConfig\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n const { auth, onUnauthorized } = config;\n\n return async (c, next) => {\n // Get token from Authorization header or cookie\n const authHeader = c.req.header('Authorization');\n let token = extractBearerToken(authHeader);\n\n if (!token) {\n const cookiePrefix = config.cookies?.prefix ?? 'pars';\n token = getCookie(c, `${cookiePrefix}.access_token`) ?? null;\n }\n\n if (!token) {\n if (onUnauthorized) {\n return onUnauthorized(c, 'No token provided');\n }\n return c.json({ error: 'Unauthorized', message: 'No token provided' }, 401);\n }\n\n // Verify token\n const result = await auth.verifyAccessToken(token);\n\n if (!result.valid || !result.payload) {\n if (onUnauthorized) {\n return onUnauthorized(c, result.error);\n }\n return c.json({ error: 'Unauthorized', message: result.error }, 401);\n }\n\n // Attach auth context\n const authContext: AuthContext = {\n userId: result.payload.sub,\n payload: result.payload,\n ...(result.payload.sid && { sessionId: result.payload.sid }),\n ...(result.payload.tid && { tenantId: result.payload.tid }),\n ...(result.payload.roles && { roles: result.payload.roles }),\n ...(result.payload.permissions && { permissions: result.payload.permissions }),\n };\n\n c.set('auth', authContext);\n\n await next();\n };\n}\n\n/**\n * Create optional auth middleware\n * Attaches auth context if token is valid, but doesn't block if not\n */\nexport function createOptionalAuthMiddleware(\n config: HonoAdapterConfig\n): MiddlewareHandler<{ Variables: Partial<AuthVariables> }> {\n const { auth } = config;\n\n return async (c, next) => {\n // Get token from Authorization header or cookie\n const authHeader = c.req.header('Authorization');\n let token = extractBearerToken(authHeader);\n\n if (!token) {\n const cookiePrefix = config.cookies?.prefix ?? 'pars';\n token = getCookie(c, `${cookiePrefix}.access_token`) ?? null;\n }\n\n if (token) {\n const result = await auth.verifyAccessToken(token);\n\n if (result.valid && result.payload) {\n const authContext: AuthContext = {\n userId: result.payload.sub,\n payload: result.payload,\n ...(result.payload.sid && { sessionId: result.payload.sid }),\n ...(result.payload.tid && { tenantId: result.payload.tid }),\n ...(result.payload.roles && { roles: result.payload.roles }),\n ...(result.payload.permissions && { permissions: result.payload.permissions }),\n };\n\n c.set('auth', authContext);\n }\n }\n\n await next();\n };\n}\n\n/**\n * Create auth routes\n * Provides standard auth endpoints: /otp/request, /otp/verify, /sign-in, /sign-out, /refresh\n */\nexport function createAuthRoutes<E extends { Variables: Partial<AuthVariables> }>(\n app: Hono<E>,\n config: HonoAdapterConfig\n): Hono<E> {\n const { auth, cookies: cookieConfig } = config;\n\n /**\n * Request OTP\n * POST /otp/request\n */\n app.post('/otp/request', async (c) => {\n try {\n const body = await c.req.json<{ identifier: string; type: 'email' | 'sms' }>();\n\n if (!body.identifier || !body.type) {\n return c.json({ error: 'Bad Request', message: 'identifier and type are required' }, 400);\n }\n\n const result = await auth.requestOTP({\n identifier: body.identifier,\n type: body.type,\n });\n\n if (!result.success) {\n return c.json({\n success: false,\n error: result.error,\n remainingRequests: result.remainingRequests,\n }, 429);\n }\n\n return c.json({\n success: true,\n expiresAt: result.expiresAt,\n remainingRequests: result.remainingRequests,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Verify OTP and sign in\n * POST /otp/verify\n */\n app.post('/otp/verify', async (c) => {\n try {\n const body = await c.req.json<{\n identifier: string;\n code: string;\n type?: 'email' | 'sms';\n }>();\n\n if (!body.identifier || !body.code) {\n return c.json({ error: 'Bad Request', message: 'identifier and code are required' }, 400);\n }\n\n const ipAddress = c.req.header('x-forwarded-for') ?? c.req.header('x-real-ip');\n const userAgent = c.req.header('user-agent');\n\n const result = await auth.signIn({\n provider: 'otp',\n identifier: body.identifier,\n credential: body.code,\n data: { type: body.type ?? 'email' },\n metadata: {\n ...(ipAddress && { ipAddress }),\n ...(userAgent && { userAgent }),\n },\n });\n\n if (!result.success) {\n return c.json({\n success: false,\n error: result.error,\n errorCode: result.errorCode,\n }, 401);\n }\n\n // Set cookies\n if (result.tokens && cookieConfig) {\n const cookies = createAuthCookies(result.tokens, cookieConfig);\n for (const cookie of cookies) {\n setCookie(c, cookie);\n }\n }\n\n return c.json({\n success: true,\n user: result.user ? {\n id: result.user.id,\n email: result.user.email,\n name: result.user.name,\n } : undefined,\n tokens: result.tokens,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Sign in (generic)\n * POST /sign-in\n */\n app.post('/sign-in', async (c) => {\n try {\n const body = await c.req.json<{\n provider: string;\n identifier: string;\n credential?: string;\n data?: Record<string, unknown>;\n }>();\n\n if (!body.provider || !body.identifier) {\n return c.json({\n error: 'Bad Request',\n message: 'provider and identifier are required',\n }, 400);\n }\n\n const ipAddress = c.req.header('x-forwarded-for') ?? c.req.header('x-real-ip');\n const userAgent = c.req.header('user-agent');\n\n const result = await auth.signIn({\n provider: body.provider,\n identifier: body.identifier,\n ...(body.credential && { credential: body.credential }),\n ...(body.data && { data: body.data }),\n metadata: {\n ...(ipAddress && { ipAddress }),\n ...(userAgent && { userAgent }),\n },\n });\n\n if (!result.success) {\n return c.json({\n success: false,\n error: result.error,\n errorCode: result.errorCode,\n requiresTwoFactor: result.requiresTwoFactor,\n }, 401);\n }\n\n // Set cookies\n if (result.tokens && cookieConfig) {\n const cookies = createAuthCookies(result.tokens, cookieConfig);\n for (const cookie of cookies) {\n setCookie(c, cookie);\n }\n }\n\n return c.json({\n success: true,\n user: result.user ? {\n id: result.user.id,\n email: result.user.email,\n name: result.user.name,\n } : undefined,\n tokens: result.tokens,\n requiresTwoFactor: result.requiresTwoFactor,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Sign out\n * POST /sign-out\n */\n app.post('/sign-out', async (c) => {\n try {\n // Get auth context\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (authContext?.sessionId) {\n await auth.signOut(authContext.sessionId);\n }\n\n // Clear cookies\n if (cookieConfig) {\n const cookies = createLogoutCookies(cookieConfig);\n for (const cookie of cookies) {\n setCookie(c, cookie);\n }\n }\n\n return c.json({ success: true });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Refresh tokens\n * POST /refresh\n */\n app.post('/refresh', async (c) => {\n try {\n // Get refresh token from body or cookie\n let refreshToken: string | undefined;\n\n try {\n const body = await c.req.json<{ refreshToken?: string }>();\n refreshToken = body.refreshToken;\n } catch {\n // Body might not be JSON\n }\n\n if (!refreshToken) {\n const cookiePrefix = cookieConfig?.prefix ?? 'pars';\n refreshToken = getCookie(c, `${cookiePrefix}.refresh_token`);\n }\n\n if (!refreshToken) {\n return c.json({\n success: false,\n error: 'No refresh token provided',\n }, 401);\n }\n\n const result = await auth.refreshTokens(refreshToken);\n\n if (!result.success) {\n // Clear cookies on refresh failure\n if (cookieConfig) {\n const cookies = createLogoutCookies(cookieConfig);\n for (const cookie of cookies) {\n setCookie(c, cookie);\n }\n }\n\n return c.json({\n success: false,\n error: result.error,\n }, 401);\n }\n\n // Set new cookies\n if (result.tokens && cookieConfig) {\n const cookies = createAuthCookies(result.tokens, cookieConfig);\n for (const cookie of cookies) {\n setCookie(c, cookie);\n }\n }\n\n return c.json({\n success: true,\n tokens: result.tokens,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Get current user\n * GET /me\n */\n app.get('/me', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n // Get user from adapter\n const user = await auth.getAdapter().findUserById(authContext.userId);\n\n if (!user) {\n return c.json({ error: 'User not found' }, 404);\n }\n\n return c.json({\n id: user.id,\n email: user.email,\n name: user.name,\n avatar: user.avatar,\n twoFactorEnabled: user.twoFactorEnabled,\n });\n });\n\n /**\n * Get sessions\n * GET /sessions\n */\n app.get('/sessions', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n const sessions = await auth.getSessions(authContext.userId, authContext.sessionId);\n\n return c.json({ sessions });\n });\n\n /**\n * Revoke session\n * DELETE /sessions/:id\n */\n app.delete('/sessions/:id', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n const sessionId = c.req.param('id');\n\n // Verify the session belongs to the user\n const sessions = await auth.getSessions(authContext.userId);\n const session = sessions.find((s) => s.id === sessionId);\n\n if (!session) {\n return c.json({ error: 'Session not found' }, 404);\n }\n\n await auth.revokeSession(sessionId);\n\n return c.json({ success: true });\n });\n\n /**\n * Revoke all sessions\n * DELETE /sessions\n */\n app.delete('/sessions', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n await auth.revokeAllSessions(authContext.userId);\n\n // Clear cookies\n if (cookieConfig) {\n const cookies = createLogoutCookies(cookieConfig);\n for (const cookie of cookies) {\n setCookie(c, cookie);\n }\n }\n\n return c.json({ success: true });\n });\n\n /**\n * Get available providers\n * GET /providers\n */\n app.get('/providers', async (c) => {\n const providers = auth.getProviders();\n return c.json({ providers });\n });\n\n // ============================================\n // MULTI-TENANT ROUTES\n // ============================================\n\n /**\n * Get user's tenants\n * GET /tenants\n */\n app.get('/tenants', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n try {\n const tenants = await auth.getUserTenants(authContext.userId);\n return c.json({\n tenants: tenants.map((t) => ({\n id: t.tenant.id,\n name: t.tenant.name,\n slug: t.tenant.slug,\n role: t.membership.role,\n status: t.tenant.status,\n })),\n currentTenantId: authContext.tenantId,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Switch tenant\n * POST /tenants/switch\n */\n app.post('/tenants/switch', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext?.sessionId) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n try {\n const body = await c.req.json<{ tenantId: string }>();\n\n if (!body.tenantId) {\n return c.json({ error: 'Bad Request', message: 'tenantId is required' }, 400);\n }\n\n const result = await auth.switchTenant(authContext.sessionId, body.tenantId);\n\n if (!result.success) {\n return c.json({ success: false, error: result.error }, 403);\n }\n\n // Set new cookies with updated tokens\n if (result.tokens && cookieConfig) {\n const cookies = createAuthCookies(result.tokens, cookieConfig);\n for (const cookie of cookies) {\n setCookie(c, cookie);\n }\n }\n\n return c.json({\n success: true,\n tokens: result.tokens,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Get current tenant membership\n * GET /tenants/current\n */\n app.get('/tenants/current', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n if (!authContext.tenantId) {\n return c.json({ tenant: null, membership: null });\n }\n\n try {\n const membership = await auth.getTenantMembership(\n authContext.userId,\n authContext.tenantId\n );\n\n if (!membership) {\n return c.json({ tenant: null, membership: null });\n }\n\n const tenant = await auth.getAdapter().findTenantById?.(authContext.tenantId);\n\n return c.json({\n tenant: tenant ? {\n id: tenant.id,\n name: tenant.name,\n slug: tenant.slug,\n status: tenant.status,\n } : null,\n membership: {\n role: membership.role,\n permissions: membership.permissions,\n status: membership.status,\n },\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Invite user to tenant\n * POST /tenants/:tenantId/invite\n */\n app.post('/tenants/:tenantId/invite', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n try {\n const tenantId = c.req.param('tenantId');\n const body = await c.req.json<{\n email: string;\n role: string;\n permissions?: string[];\n message?: string;\n }>();\n\n if (!body.email || !body.role) {\n return c.json({ error: 'Bad Request', message: 'email and role are required' }, 400);\n }\n\n // Check if user is admin of tenant\n const isAdmin = await auth.hasRoleInTenant(authContext.userId, tenantId, 'admin') ||\n await auth.hasRoleInTenant(authContext.userId, tenantId, 'owner');\n\n if (!isAdmin) {\n return c.json({ error: 'Forbidden', message: 'Admin access required' }, 403);\n }\n\n const result = await auth.inviteToTenant({\n email: body.email,\n tenantId,\n role: body.role,\n permissions: body.permissions,\n invitedBy: authContext.userId,\n message: body.message,\n });\n\n if (!result.success) {\n return c.json({ success: false, error: result.error }, 400);\n }\n\n return c.json({\n success: true,\n invitationUrl: result.invitationUrl,\n expiresAt: result.invitation?.expiresAt,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Check invitation status\n * GET /invitation\n */\n app.get('/invitation', async (c) => {\n try {\n const token = c.req.query('token');\n\n if (!token) {\n return c.json({ error: 'Bad Request', message: 'token is required' }, 400);\n }\n\n const result = await auth.checkInvitation(token);\n\n return c.json(result);\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Accept invitation\n * POST /invitation/accept\n */\n app.post('/invitation/accept', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n try {\n const body = await c.req.json<{ token: string }>();\n\n if (!body.token) {\n return c.json({ error: 'Bad Request', message: 'token is required' }, 400);\n }\n\n const result = await auth.acceptInvitation(body.token, authContext.userId);\n\n if (!result.success) {\n return c.json({ success: false, error: result.error }, 400);\n }\n\n return c.json({\n success: true,\n tenant: result.tenant ? {\n id: result.tenant.id,\n name: result.tenant.name,\n slug: result.tenant.slug,\n } : undefined,\n membership: result.membership ? {\n role: result.membership.role,\n status: result.membership.status,\n } : undefined,\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Remove member from tenant\n * DELETE /tenants/:tenantId/members/:userId\n */\n app.delete('/tenants/:tenantId/members/:userId', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n try {\n const tenantId = c.req.param('tenantId');\n const userId = c.req.param('userId');\n\n // Check if user is admin of tenant (or removing themselves)\n const isAdmin = await auth.hasRoleInTenant(authContext.userId, tenantId, 'admin') ||\n await auth.hasRoleInTenant(authContext.userId, tenantId, 'owner');\n const isSelf = authContext.userId === userId;\n\n if (!isAdmin && !isSelf) {\n return c.json({ error: 'Forbidden', message: 'Admin access required' }, 403);\n }\n\n await auth.removeTenantMember(userId, tenantId);\n\n return c.json({ success: true });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n /**\n * Update member role\n * PATCH /tenants/:tenantId/members/:userId\n */\n app.patch('/tenants/:tenantId/members/:userId', async (c) => {\n const authContext = c.get('auth') as AuthContext | undefined;\n\n if (!authContext) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n try {\n const tenantId = c.req.param('tenantId');\n const userId = c.req.param('userId');\n const body = await c.req.json<{\n role?: string;\n permissions?: string[];\n status?: 'active' | 'inactive';\n }>();\n\n // Check if user is admin/owner of tenant\n const isAdmin = await auth.hasRoleInTenant(authContext.userId, tenantId, 'admin') ||\n await auth.hasRoleInTenant(authContext.userId, tenantId, 'owner');\n\n if (!isAdmin) {\n return c.json({ error: 'Forbidden', message: 'Admin access required' }, 403);\n }\n\n const membership = await auth.updateTenantMember(userId, tenantId, body);\n\n return c.json({\n success: true,\n membership: {\n role: membership.role,\n permissions: membership.permissions,\n status: membership.status,\n },\n });\n } catch (error) {\n if (config.onError) {\n return config.onError(error as Error, c);\n }\n return c.json({ error: 'Internal Server Error' }, 500);\n }\n });\n\n return app;\n}\n\n/**\n * Create complete Hono auth integration\n */\nexport function createHonoAuth(config: HonoAdapterConfig) {\n return {\n /** Auth middleware (requires authentication) */\n middleware: createAuthMiddleware(config),\n /** Optional auth middleware (attaches auth if present) */\n optionalMiddleware: createOptionalAuthMiddleware(config),\n /** Create auth routes on an app */\n createRoutes: <E extends { Variables: Partial<AuthVariables> }>(app: Hono<E>) =>\n createAuthRoutes(app, config),\n };\n}\n\n// ============================================\n// AUTHORIZATION MIDDLEWARE HELPERS\n// ============================================\n\n/**\n * Helper to convert AuthContext to AuthorizationContext\n */\nfunction toAuthorizationContext(auth: AuthContext): AuthorizationContext {\n return {\n userId: auth.userId,\n tenantId: auth.tenantId,\n roles: auth.roles,\n permissions: auth.permissions,\n };\n}\n\n/**\n * Require specific role(s)\n * Use after createAuthMiddleware\n *\n * @example\n * ```ts\n * app.get('/admin', authMiddleware, requireRole('admin'), handler);\n * app.get('/managers', authMiddleware, requireRole('admin', 'manager'), handler);\n * ```\n */\nexport function requireRole(\n ...allowedRoles: string[]\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n const auth = c.get('auth');\n\n if (!auth) {\n return c.json({ error: 'Unauthorized', message: 'Authentication required' }, 401);\n }\n\n const guard = createAuthorizationGuard(toAuthorizationContext(auth));\n\n if (!guard.hasAnyRole(allowedRoles)) {\n return c.json(\n {\n error: 'Forbidden',\n message: 'Insufficient role',\n required: allowedRoles,\n current: auth.roles ?? [],\n },\n 403\n );\n }\n\n await next();\n };\n}\n\n/**\n * Require specific permission(s)\n * Supports wildcards: 'users:*', '*:read', '*'\n *\n * @example\n * ```ts\n * app.get('/users', authMiddleware, requirePermission('users:read'), handler);\n * app.delete('/users/:id', authMiddleware, requirePermission('users:delete'), handler);\n * ```\n */\nexport function requirePermission(\n ...permissions: PermissionPattern[]\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n const auth = c.get('auth');\n\n if (!auth) {\n return c.json({ error: 'Unauthorized', message: 'Authentication required' }, 401);\n }\n\n const guard = createAuthorizationGuard(toAuthorizationContext(auth));\n\n // Check if user has ALL required permissions\n if (!guard.hasAllPermissions(permissions)) {\n return c.json(\n {\n error: 'Forbidden',\n message: 'Missing required permissions',\n required: permissions,\n current: auth.permissions ?? [],\n },\n 403\n );\n }\n\n await next();\n };\n}\n\n/**\n * Require any of the specified permissions\n * User only needs one of the permissions\n *\n * @example\n * ```ts\n * app.get('/content', authMiddleware, requireAnyPermission('content:read', 'content:admin'), handler);\n * ```\n */\nexport function requireAnyPermission(\n ...permissions: PermissionPattern[]\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n const auth = c.get('auth');\n\n if (!auth) {\n return c.json({ error: 'Unauthorized', message: 'Authentication required' }, 401);\n }\n\n const guard = createAuthorizationGuard(toAuthorizationContext(auth));\n\n if (!guard.hasAnyPermission(permissions)) {\n return c.json(\n {\n error: 'Forbidden',\n message: 'Missing required permissions',\n required: permissions,\n current: auth.permissions ?? [],\n },\n 403\n );\n }\n\n await next();\n };\n}\n\n/**\n * Require tenant context\n * Ensures user has an active tenant selected\n *\n * @example\n * ```ts\n * app.use('/api/tenant/*', authMiddleware, requireTenant());\n * ```\n */\nexport function requireTenant(): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n const auth = c.get('auth');\n\n if (!auth) {\n return c.json({ error: 'Unauthorized', message: 'Authentication required' }, 401);\n }\n\n if (!auth.tenantId) {\n return c.json(\n { error: 'Forbidden', message: 'Tenant context required' },\n 403\n );\n }\n\n await next();\n };\n}\n\n/**\n * Require access to specific tenant\n * Validates that user can access the tenant specified in the request\n *\n * @example\n * ```ts\n * // Check tenant from URL param\n * app.get('/tenants/:tenantId/*', authMiddleware, requireTenantAccess(c => c.req.param('tenantId')), handler);\n *\n * // Check tenant from header\n * app.use('/api/*', authMiddleware, requireTenantAccess(c => c.req.header('x-tenant-id')), handler);\n * ```\n */\nexport function requireTenantAccess(\n getTenantId: (c: Context) => string | undefined,\n options?: {\n /** Roles that can access any tenant (e.g., ['super_admin']) */\n bypassRoles?: string[];\n }\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n const auth = c.get('auth');\n\n if (!auth) {\n return c.json({ error: 'Unauthorized', message: 'Authentication required' }, 401);\n }\n\n const requestedTenantId = getTenantId(c);\n\n // If no tenant requested, allow (tenant might be optional)\n if (!requestedTenantId) {\n await next();\n return;\n }\n\n const guard = createAuthorizationGuard(toAuthorizationContext(auth));\n\n // Check bypass roles (e.g., super_admin)\n if (options?.bypassRoles && guard.hasAnyRole(options.bypassRoles)) {\n await next();\n return;\n }\n\n // Check if user has access to the requested tenant\n if (auth.tenantId !== requestedTenantId) {\n return c.json(\n {\n error: 'Forbidden',\n message: 'Access denied to this tenant',\n requestedTenant: requestedTenantId,\n },\n 403\n );\n }\n\n await next();\n };\n}\n\n/**\n * Require admin access\n * Checks for 'admin' or 'owner' role, or '*' permission\n *\n * @example\n * ```ts\n * app.use('/admin/*', authMiddleware, requireAdmin(), handler);\n * ```\n */\nexport function requireAdmin(): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n const auth = c.get('auth');\n\n if (!auth) {\n return c.json({ error: 'Unauthorized', message: 'Authentication required' }, 401);\n }\n\n const guard = createAuthorizationGuard(toAuthorizationContext(auth));\n\n const isAdmin =\n guard.hasRole('admin') ||\n guard.hasRole('owner') ||\n guard.hasRole('superadmin') ||\n guard.hasRole('super_admin') ||\n guard.hasPermission('*');\n\n if (!isAdmin) {\n return c.json({ error: 'Forbidden', message: 'Admin access required' }, 403);\n }\n\n await next();\n };\n}\n\n/**\n * Require resource ownership or permission\n * Allows access if user owns the resource OR has the specified permission\n *\n * @example\n * ```ts\n * app.put('/posts/:id', authMiddleware, requireOwnerOrPermission(\n * async (c) => (await getPost(c.req.param('id'))).authorId,\n * 'posts:edit'\n * ), handler);\n * ```\n */\nexport function requireOwnerOrPermission(\n getOwnerId: (c: Context) => string | Promise<string>,\n permission: PermissionPattern\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n const auth = c.get('auth');\n\n if (!auth) {\n return c.json({ error: 'Unauthorized', message: 'Authentication required' }, 401);\n }\n\n const guard = createAuthorizationGuard(toAuthorizationContext(auth));\n\n // Check permission first (faster than potentially async ownership check)\n if (guard.hasPermission(permission)) {\n await next();\n return;\n }\n\n // Check ownership\n const ownerId = await getOwnerId(c);\n if (auth.userId === ownerId) {\n await next();\n return;\n }\n\n return c.json(\n {\n error: 'Forbidden',\n message: 'Resource owner or permission required',\n requiredPermission: permission,\n },\n 403\n );\n };\n}\n\n/**\n * Combine multiple authorization requirements\n * All requirements must pass\n *\n * @example\n * ```ts\n * app.delete('/projects/:id',\n * authMiddleware,\n * requireAll(\n * requireTenant(),\n * requireRole('admin', 'manager'),\n * requirePermission('projects:delete')\n * ),\n * handler\n * );\n * ```\n */\nexport function requireAll(\n ...middlewares: MiddlewareHandler<{ Variables: AuthVariables }>[]\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n for (const middleware of middlewares) {\n let passed = false;\n await middleware(c, async () => {\n passed = true;\n });\n if (!passed) {\n // Middleware already sent error response\n return;\n }\n }\n await next();\n };\n}\n\n/**\n * Combine multiple authorization requirements\n * At least one requirement must pass\n *\n * @example\n * ```ts\n * app.get('/content/:id',\n * authMiddleware,\n * requireAny(\n * requireRole('admin'),\n * requirePermission('content:read'),\n * requireOwnerOrPermission(getContentOwnerId, 'content:view-own')\n * ),\n * handler\n * );\n * ```\n */\nexport function requireAny(\n ...middlewares: MiddlewareHandler<{ Variables: AuthVariables }>[]\n): MiddlewareHandler<{ Variables: AuthVariables }> {\n return async (c, next) => {\n for (const middleware of middlewares) {\n let passed = false;\n await middleware(c, async () => {\n passed = true;\n });\n if (passed) {\n await next();\n return;\n }\n }\n // None passed\n return c.json(\n { error: 'Forbidden', message: 'None of the authorization requirements were met' },\n 403\n );\n };\n}\n"]}
|
|
@@ -147,6 +147,7 @@ var JwtManager = class {
|
|
|
147
147
|
audience: this.config.audience
|
|
148
148
|
});
|
|
149
149
|
return {
|
|
150
|
+
...payload,
|
|
150
151
|
sub: payload.sub,
|
|
151
152
|
tid: payload["tid"],
|
|
152
153
|
sid: payload["sid"],
|
|
@@ -411,5 +412,5 @@ function createTokenBlocklist(storage) {
|
|
|
411
412
|
}
|
|
412
413
|
|
|
413
414
|
export { JwtError, JwtManager, SessionBlocklist, TokenBlocklist, createJwtManager, createSessionBlocklist, createTokenBlocklist, extractBearerToken, parseDuration };
|
|
414
|
-
//# sourceMappingURL=chunk-
|
|
415
|
-
//# sourceMappingURL=chunk-
|
|
415
|
+
//# sourceMappingURL=chunk-JN34EE5D.js.map
|
|
416
|
+
//# sourceMappingURL=chunk-JN34EE5D.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/session/jwt-manager.ts","../src/session/blocklist.ts"],"names":[],"mappings":";;;AA6EO,SAAS,cAAc,QAAA,EAA0B;AACtD,EAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,KAAA,CAAM,oBAAoB,CAAA;AACjD,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yBAAA,EAA4B,QAAQ,CAAA,mCAAA,CAAqC,CAAA;AAAA,EAC3F;AAEA,EAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,KAAA,CAAM,CAAC,GAAI,EAAE,CAAA;AACpC,EAAA,MAAM,IAAA,GAAO,MAAM,CAAC,CAAA;AAEpB,EAAA,QAAQ,IAAA;AAAM,IACZ,KAAK,GAAA;AACH,MAAA,OAAO,KAAA;AAAA,IACT,KAAK,GAAA;AACH,MAAA,OAAO,KAAA,GAAQ,EAAA;AAAA,IACjB,KAAK,GAAA;AACH,MAAA,OAAO,QAAQ,EAAA,GAAK,EAAA;AAAA,IACtB,KAAK,GAAA;AACH,MAAA,OAAO,KAAA,GAAQ,KAAK,EAAA,GAAK,EAAA;AAAA,IAC3B,KAAK,GAAA;AACH,MAAA,OAAO,KAAA,GAAQ,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,CAAA;AAAA,IAChC;AACE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,IAAI,CAAA,CAAE,CAAA;AAAA;AAEtD;AAKA,IAAM,cAAA,GAAiB;AAAA,EACrB,cAAA,EAAgB,KAAA;AAAA,EAChB,eAAA,EAAiB,IAAA;AAAA,EACjB,UAAA,EAAY;AACd,CAAA;AAMO,IAAM,aAAN,MAAiB;AAAA,EACd,MAAA;AAAA,EACA,eAAA;AAAA,EACA,MAAA;AAAA,EACA,UAAA;AAAA,EAER,YAAY,MAAA,EAAmB;AAC7B,IAAA,IAAA,CAAK,MAAA,GAAS;AAAA,MACZ,gBAAgB,cAAA,CAAe,cAAA;AAAA,MAC/B,iBAAiB,cAAA,CAAe,eAAA;AAAA,MAChC,iBAAiB,EAAC;AAAA,MAClB,YAAY,cAAA,CAAe,UAAA;AAAA,MAC3B,GAAG;AAAA,KACL;AAEA,IAAA,IAAA,CAAK,SAAS,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,OAAO,MAAM,CAAA;AACpD,IAAA,IAAA,CAAK,UAAA,GAAa,KAAK,MAAA,CAAO,UAAA;AAC9B,IAAA,IAAA,CAAK,eAAA,GAAmB,IAAA,CAAK,MAAA,CAAO,eAAA,CAAiB,GAAA;AAAA,MACnD,CAAC,CAAA,KAAM,IAAI,WAAA,EAAY,CAAE,OAAO,CAAC;AAAA,KACnC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAA,GAAwB;AACtB,IAAA,OAAO,IAAA,CAAK,UAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,SAAA,CACE,WACA,OAAA,EACmB;AACnB,IAAA,MAAM,WAAA,GAAc,SAAS,kBAAA,IAAsB,CAAA;AACnD,IAAA,MAAM,cAAA,GAAiB,KAAK,MAAA,CAAO,MAAA;AAGnC,IAAA,IAAA,CAAK,eAAA,CAAgB,OAAA,CAAQ,IAAA,CAAK,MAAM,CAAA;AAGxC,IAAA,IAAI,IAAA,CAAK,eAAA,CAAgB,MAAA,GAAS,WAAA,EAAa;AAC7C,MAAA,IAAA,CAAK,eAAA,GAAkB,IAAA,CAAK,eAAA,CAAgB,KAAA,CAAM,GAAG,WAAW,CAAA;AAAA,IAClE;AAGA,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,WAAA,EAAY,CAAE,OAAO,SAAS,CAAA;AAChD,IAAA,IAAA,CAAK,OAAO,MAAA,GAAS,SAAA;AACrB,IAAA,IAAA,CAAK,UAAA,EAAA;AAGL,IAAA,IAAA,CAAK,OAAO,eAAA,GAAkB;AAAA,MAC5B,cAAA;AAAA,MACA,GAAG,IAAA,CAAK,MAAA,CAAO,gBAAgB,KAAA,CAAM,CAAA,EAAG,cAAc,CAAC;AAAA,KACzD;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,aAAa,IAAA,CAAK,UAAA;AAE9B,IAAA,OAAO;AAAA,MACL,cAAA;AAAA,MACA,SAAA;AAAA,MACA,YAAY,IAAA,CAAK,UAAA;AAAA,MACjB,SAAA,sBAAe,IAAA;AAAK,KACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,SAAA,GAAuB;AACrB,IAAA,OAAO,EAAE,GAAG,IAAA,CAAK,MAAA,EAAO;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,oBAAoB,OAAA,EAOsB;AAC9C,IAAA,MAAM,UAAA,GAAa,aAAA,CAAc,IAAA,CAAK,MAAA,CAAO,cAAc,CAAA;AAC3D,IAAA,MAAM,YAAY,IAAI,IAAA,CAAK,KAAK,GAAA,EAAI,GAAI,aAAa,GAAI,CAAA;AAEzD,IAAA,MAAM,GAAA,GAAM,IAAS,IAAA,CAAA,OAAA,CAAQ;AAAA,MAC3B,KAAK,OAAA,CAAQ,MAAA;AAAA,MACb,GAAI,OAAA,CAAQ,QAAA,IAAY,EAAE,GAAA,EAAK,QAAQ,QAAA,EAAS;AAAA,MAChD,GAAI,OAAA,CAAQ,SAAA,IAAa,EAAE,GAAA,EAAK,QAAQ,SAAA,EAAU;AAAA,MAClD,KAAA,EAAO,OAAA,CAAQ,KAAA,IAAS,EAAC;AAAA,MACzB,WAAA,EAAa,OAAA,CAAQ,WAAA,IAAe,EAAC;AAAA,MACrC,GAAG,OAAA,CAAQ;AAAA,KACZ,CAAA,CACE,kBAAA,CAAmB,EAAE,GAAA,EAAK,OAAA,EAAS,GAAA,EAAK,CAAA,CAAA,EAAI,IAAA,CAAK,UAAU,CAAA,CAAA,EAAI,CAAA,CAC/D,aAAY,CACZ,iBAAA,CAAkB,SAAS,CAAA,CAC3B,SAAA,CAAU,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,CAC5B,WAAA,CAAY,IAAA,CAAK,MAAA,CAAO,QAAQ,CAAA;AAEnC,IAAA,MAAM,KAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,CAAK,KAAK,MAAM,CAAA;AAExC,IAAA,OAAO,EAAE,OAAO,SAAA,EAAU;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,qBAAqB,OAAA,EAIqB;AAC9C,IAAA,MAAM,UAAA,GAAa,aAAA,CAAc,IAAA,CAAK,MAAA,CAAO,eAAe,CAAA;AAC5D,IAAA,MAAM,YAAY,IAAI,IAAA,CAAK,KAAK,GAAA,EAAI,GAAI,aAAa,GAAI,CAAA;AAEzD,IAAA,MAAM,GAAA,GAAM,IAAS,IAAA,CAAA,OAAA,CAAQ;AAAA,MAC3B,KAAK,OAAA,CAAQ,MAAA;AAAA,MACb,GAAI,OAAA,CAAQ,QAAA,IAAY,EAAE,GAAA,EAAK,QAAQ,QAAA,EAAS;AAAA,MAChD,GAAI,OAAA,CAAQ,SAAA,IAAa,EAAE,GAAA,EAAK,QAAQ,SAAA,EAAU;AAAA,MAClD,IAAA,EAAM;AAAA,KACP,CAAA,CACE,kBAAA,CAAmB,EAAE,GAAA,EAAK,OAAA,EAAS,GAAA,EAAK,CAAA,CAAA,EAAI,IAAA,CAAK,UAAU,CAAA,CAAA,EAAI,CAAA,CAC/D,aAAY,CACZ,iBAAA,CAAkB,SAAS,CAAA,CAC3B,SAAA,CAAU,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,CAC5B,WAAA,CAAY,IAAA,CAAK,MAAA,CAAO,QAAQ,CAAA;AAEnC,IAAA,MAAM,KAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,CAAK,KAAK,MAAM,CAAA;AAExC,IAAA,OAAO,EAAE,OAAO,SAAA,EAAU;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAkB,OAAA,EAOD;AACrB,IAAA,MAAM,CAAC,MAAA,EAAQ,OAAO,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,MAC1C,IAAA,CAAK,oBAAoB,OAAO,CAAA;AAAA,MAChC,IAAA,CAAK,qBAAqB,OAAO;AAAA,KAClC,CAAA;AAED,IAAA,OAAO;AAAA,MACL,aAAa,MAAA,CAAO,KAAA;AAAA,MACpB,cAAc,OAAA,CAAQ,KAAA;AAAA,MACtB,iBAAiB,MAAA,CAAO,SAAA;AAAA,MACxB,kBAAkB,OAAA,CAAQ;AAAA,KAC5B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,kBAAkB,KAAA,EAAoC;AAC1D,IAAA,MAAM,UAAU,CAAC,IAAA,CAAK,MAAA,EAAQ,GAAG,KAAK,eAAe,CAAA;AAErD,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,OAAA,CAAQ,QAAQ,CAAA,EAAA,EAAK;AACvC,MAAA,MAAM,MAAA,GAAS,QAAQ,CAAC,CAAA;AACxB,MAAA,IAAI,CAAC,MAAA,EAAQ;AAEb,MAAA,IAAI;AACF,QAAA,MAAM,EAAE,OAAA,EAAQ,GAAI,MAAW,IAAA,CAAA,SAAA,CAAU,OAAO,MAAA,EAAQ;AAAA,UACtD,MAAA,EAAQ,KAAK,MAAA,CAAO,MAAA;AAAA,UACpB,QAAA,EAAU,KAAK,MAAA,CAAO;AAAA,SACvB,CAAA;AAGD,QAAA,OAAO;AAAA,UACL,GAAG,OAAA;AAAA,UACH,KAAK,OAAA,CAAQ,GAAA;AAAA,UACb,GAAA,EAAK,QAAQ,KAAK,CAAA;AAAA,UAClB,GAAA,EAAK,QAAQ,KAAK,CAAA;AAAA,UAClB,KAAK,OAAA,CAAQ,GAAA;AAAA,UACb,KAAK,OAAA,CAAQ,GAAA;AAAA,UACb,KAAK,OAAA,CAAQ,GAAA;AAAA,UACb,KAAK,OAAA,CAAQ,GAAA;AAAA,UACb,KAAA,EAAQ,OAAA,CAAQ,OAAO,CAAA,IAAkB,EAAC;AAAA,UAC1C,WAAA,EAAc,OAAA,CAAQ,aAAa,CAAA,IAAkB;AAAC,SACxD;AAAA,MACF,SAAS,KAAA,EAAO;AAEd,QAAA,IAAI,KAAA,YAAsB,YAAO,UAAA,EAAY;AAC3C,UAAA,MAAM,IAAI,QAAA,CAAS,sBAAA,EAAwB,eAAe,CAAA;AAAA,QAC5D;AAEA,QAAA,IAAI,CAAA,KAAM,OAAA,CAAQ,MAAA,GAAS,CAAA,EAAG;AAC5B,UAAA,IAAI,KAAA,YAAsB,YAAO,UAAA,EAAY;AAC3C,YAAA,MAAM,IAAI,QAAA,CAAS,sBAAA,EAAwB,eAAe,CAAA;AAAA,UAC5D;AACA,UAAA,MAAM,IAAI,QAAA,CAAS,2BAAA,EAA6B,qBAAqB,CAAA;AAAA,QACvE;AAAA,MACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAI,QAAA,CAAS,2BAAA,EAA6B,qBAAqB,CAAA;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAmB,KAAA,EAItB;AACD,IAAA,MAAM,UAAU,CAAC,IAAA,CAAK,MAAA,EAAQ,GAAG,KAAK,eAAe,CAAA;AAErD,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,OAAA,CAAQ,QAAQ,CAAA,EAAA,EAAK;AACvC,MAAA,MAAM,MAAA,GAAS,QAAQ,CAAC,CAAA;AACxB,MAAA,IAAI,CAAC,MAAA,EAAQ;AAEb,MAAA,IAAI;AACF,QAAA,MAAM,EAAE,OAAA,EAAQ,GAAI,MAAW,IAAA,CAAA,SAAA,CAAU,OAAO,MAAA,EAAQ;AAAA,UACtD,MAAA,EAAQ,KAAK,MAAA,CAAO,MAAA;AAAA,UACpB,QAAA,EAAU,KAAK,MAAA,CAAO;AAAA,SACvB,CAAA;AAED,QAAA,IAAI,OAAA,CAAQ,MAAM,CAAA,KAAM,SAAA,EAAW;AACjC,UAAA,MAAM,IAAI,QAAA,CAAS,oBAAA,EAAsB,oBAAoB,CAAA;AAAA,QAC/D;AAEA,QAAA,OAAO;AAAA,UACL,QAAQ,OAAA,CAAQ,GAAA;AAAA,UAChB,QAAA,EAAU,QAAQ,KAAK,CAAA;AAAA,UACvB,SAAA,EAAW,QAAQ,KAAK;AAAA,SAC1B;AAAA,MACF,SAAS,KAAA,EAAO;AACd,QAAA,IAAI,KAAA,YAAsB,YAAO,UAAA,EAAY;AAC3C,UAAA,MAAM,IAAI,QAAA,CAAS,uBAAA,EAAyB,eAAe,CAAA;AAAA,QAC7D;AACA,QAAA,IAAI,iBAAiB,QAAA,EAAU;AAC7B,UAAA,MAAM,KAAA;AAAA,QACR;AACA,QAAA,IAAI,CAAA,KAAM,OAAA,CAAQ,MAAA,GAAS,CAAA,EAAG;AAC5B,UAAA,IAAI,KAAA,YAAsB,YAAO,UAAA,EAAY;AAC3C,YAAA,MAAM,IAAI,QAAA,CAAS,uBAAA,EAAyB,eAAe,CAAA;AAAA,UAC7D;AACA,UAAA,MAAM,IAAI,QAAA,CAAS,2BAAA,EAA6B,qBAAqB,CAAA;AAAA,QACvE;AAAA,MACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAI,QAAA,CAAS,2BAAA,EAA6B,qBAAqB,CAAA;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,KAAA,EAAuC;AACjD,IAAA,IAAI;AACF,MAAA,OAAY,eAAU,KAAK,CAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,KAAA,EAAwB;AACrC,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,WAAA,CAAY,KAAK,CAAA;AACtC,IAAA,IAAI,CAAC,OAAA,EAAS,GAAA,EAAK,OAAO,IAAA;AAC1B,IAAA,OAAO,OAAA,CAAQ,GAAA,GAAM,GAAA,GAAO,IAAA,CAAK,GAAA,EAAI;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,mBAAmB,KAAA,EAA4B;AAC7C,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,WAAA,CAAY,KAAK,CAAA;AACtC,IAAA,IAAI,CAAC,OAAA,EAAS,GAAA,EAAK,OAAO,IAAA;AAC1B,IAAA,OAAO,IAAI,IAAA,CAAK,OAAA,CAAQ,GAAA,GAAM,GAAI,CAAA;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,KAAA,EAAuB;AACjC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,kBAAA,CAAmB,KAAK,CAAA;AACzC,IAAA,IAAI,CAAC,KAAK,OAAO,CAAA;AACjB,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,IAAA,CAAK,KAAA,CAAA,CAAO,GAAA,CAAI,OAAA,EAAQ,GAAI,IAAA,CAAK,GAAA,EAAI,IAAK,GAAI,CAAC,CAAA;AAAA,EACpE;AACF;AAKO,IAAM,QAAA,GAAN,cAAuB,KAAA,CAAM;AAAA,EAClC,WAAA,CACE,SACgB,IAAA,EAKhB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AANG,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAOhB,IAAA,IAAA,CAAK,IAAA,GAAO,UAAA;AAAA,EACd;AACF;AAKO,SAAS,mBACd,UAAA,EACe;AACf,EAAA,IAAI,CAAC,YAAY,OAAO,IAAA;AACxB,EAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AAClC,EAAA,IAAI,MAAM,MAAA,KAAW,CAAA,IAAK,MAAM,CAAC,CAAA,KAAM,UAAU,OAAO,IAAA;AACxD,EAAA,OAAO,KAAA,CAAM,CAAC,CAAA,IAAK,IAAA;AACrB;AAKO,SAAS,iBAAiB,MAAA,EAA+B;AAC9D,EAAA,OAAO,IAAI,WAAW,MAAM,CAAA;AAC9B;;;ACrZO,IAAM,mBAAN,MAAuB;AAAA,EACpB,OAAA;AAAA,EAER,WAAA,CAAY,SAAoB,OAAA,EAA2B;AACzD,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EAEjB;AAAA;AAAA;AAAA;AAAA,EAKQ,OAAO,SAAA,EAA2B;AACxC,IAAA,OAAO,WAAA,CAAY,UAAU,SAAS,CAAA;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAA,CACJ,SAAA,EACA,SAAA,EACA,OAAA,EACe;AACf,IAAA,MAAM,KAAA,GAAQ,SAAA,CAAU,OAAA,EAAQ,GAAI,KAAK,GAAA,EAAI;AAC7C,IAAA,IAAI,SAAS,CAAA,EAAG;AAEhB,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,IAAA,CAAK,KAAA,GAAQ,GAAI,CAAA;AACzC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AAEjC,IAAA,MAAM,KAAA,GAAwB;AAAA,MAC5B,EAAA,EAAI,SAAA;AAAA,MACJ,SAAA,EAAW,UAAU,WAAA,EAAY;AAAA,MACjC,QAAQ,OAAA,EAAS,MAAA;AAAA,MACjB,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,MAClC,QAAQ,OAAA,EAAS;AAAA,KACnB;AAEA,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,OAAO,UAAU,CAAA;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAU,SAAA,EAAqC;AACnD,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AACjC,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,OAAA,CAAQ,IAAoB,GAAG,CAAA;AAExD,IAAA,IAAI,CAAC,OAAO,OAAO,KAAA;AAGnB,IAAA,IAAI,IAAI,IAAA,CAAK,KAAA,CAAM,SAAS,CAAA,mBAAI,IAAI,MAAK,EAAG;AAC1C,MAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,GAAG,CAAA;AAC7B,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAS,SAAA,EAAmD;AAChE,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AACjC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAoB,GAAG,CAAA;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe,SAAA,EAAkC;AACrD,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AACjC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,GAAG,CAAA;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,sBACJ,QAAA,EAMe;AACf,IAAA,MAAM,OAAA,CAAQ,GAAA;AAAA,MACZ,QAAA,CAAS,GAAA;AAAA,QAAI,CAAC,CAAA,KACZ,IAAA,CAAK,aAAa,CAAA,CAAE,EAAA,EAAI,EAAE,SAAA,EAAW;AAAA,UACnC,QAAQ,CAAA,CAAE,MAAA;AAAA,UACV,QAAQ,CAAA,CAAE;AAAA,SACX;AAAA;AACH,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,oBAAA,CACJ,MAAA,EACA,UAAA,EACA,cAAA,EACA,SAAS,iBAAA,EACM;AACf,IAAA,MAAM,IAAA,CAAK,qBAAA;AAAA,MACT,UAAA,CAAW,GAAA,CAAI,CAAC,EAAA,MAAQ;AAAA,QACtB,EAAA;AAAA,QACA,SAAA,EAAW,cAAA;AAAA,QACX,MAAA;AAAA,QACA;AAAA,OACF,CAAE;AAAA,KACJ;AAAA,EACF;AACF;AAMO,IAAM,iBAAN,MAAqB;AAAA,EAClB,OAAA;AAAA,EAER,YAAY,OAAA,EAAoB;AAC9B,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA,EAKQ,OAAO,SAAA,EAA2B;AACxC,IAAA,OAAO,mBAAmB,SAAS,CAAA,CAAA;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,UAAU,KAAA,EAAgC;AACtD,IAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,IAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,MAAA,CAAO,KAAK,CAAA;AACjC,IAAA,MAAM,aAAa,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,WAAW,IAAI,CAAA;AAC7D,IAAA,MAAM,YAAY,KAAA,CAAM,IAAA,CAAK,IAAI,UAAA,CAAW,UAAU,CAAC,CAAA;AACvD,IAAA,OAAO,SAAA,CAAU,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAA,CAAW,KAAA,EAAe,SAAA,EAAiB,MAAA,EAAgC;AAC/E,IAAA,MAAM,KAAA,GAAQ,SAAA,CAAU,OAAA,EAAQ,GAAI,KAAK,GAAA,EAAI;AAC7C,IAAA,IAAI,SAAS,CAAA,EAAG;AAEhB,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,IAAA,CAAK,KAAA,GAAQ,GAAI,CAAA;AACzC,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,KAAK,CAAA;AACvC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,IAAI,CAAA;AAE5B,IAAA,MAAM,KAAK,OAAA,CAAQ,GAAA;AAAA,MACjB,GAAA;AAAA,MACA;AAAA,QACE,IAAA;AAAA,QACA,SAAA,EAAW,UAAU,WAAA,EAAY;AAAA,QACjC,MAAA;AAAA,QACA,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,OACpC;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAU,KAAA,EAAiC;AAC/C,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,KAAK,CAAA;AACvC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,IAAI,CAAA;AAC5B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,KAAA,EAA8B;AAC/C,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,KAAK,CAAA;AACvC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,IAAI,CAAA;AAC5B,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,GAAG,CAAA;AAAA,EAC/B;AACF;AAKO,SAAS,sBAAA,CACd,SACA,MAAA,EACkB;AAClB,EAAA,OAAO,IAAI,gBAAA,CAAiB,OAAA,EAAS,MAAM,CAAA;AAC7C;AAKO,SAAS,qBAAqB,OAAA,EAAoC;AACvE,EAAA,OAAO,IAAI,eAAe,OAAO,CAAA;AACnC","file":"chunk-JN34EE5D.js","sourcesContent":["/**\n * JWT Manager with Key Rotation Support\n * Uses jose library for multi-runtime compatibility (Node, Deno, CF Workers, Bun)\n */\n\nimport * as jose from 'jose';\n\n/**\n * JWT configuration\n */\nexport interface JwtConfig {\n /** Secret key for signing tokens */\n secret: string;\n /** Token issuer */\n issuer: string;\n /** Token audience */\n audience: string;\n /** Access token TTL (e.g., '15m', '1h') */\n accessTokenTTL?: string;\n /** Refresh token TTL (e.g., '7d', '12h') */\n refreshTokenTTL?: string;\n /** Previous secrets for key rotation */\n previousSecrets?: string[];\n /** Current key version */\n keyVersion?: number;\n}\n\n/**\n * JWT payload structure\n */\nexport interface JwtPayload {\n /** User ID */\n sub: string;\n /** Tenant ID */\n tid?: string;\n /** Session ID */\n sid?: string;\n /** Issued at timestamp */\n iat: number;\n /** Expiration timestamp */\n exp: number;\n /** Issuer */\n iss: string;\n /** Audience */\n aud: string | string[];\n /** User roles */\n roles?: string[];\n /** User permissions */\n permissions?: string[];\n /** Additional claims */\n [key: string]: unknown;\n}\n\n/**\n * Token pair (access + refresh)\n */\nexport interface TokenPair {\n accessToken: string;\n refreshToken: string;\n accessExpiresAt: Date;\n refreshExpiresAt: Date;\n}\n\n/**\n * Key rotation result\n */\nexport interface KeyRotationResult {\n previousSecret: string;\n newSecret: string;\n keyVersion: number;\n rotatedAt: Date;\n}\n\n/**\n * Parse duration string to seconds\n * Supports: s (seconds), m (minutes), h (hours), d (days), w (weeks)\n */\nexport function parseDuration(duration: string): number {\n const match = duration.match(/^(\\d+)(s|m|h|d|w)$/);\n if (!match) {\n throw new Error(`Invalid duration format: ${duration}. Use format like '15m', '1h', '7d'`);\n }\n\n const value = parseInt(match[1]!, 10);\n const unit = match[2];\n\n switch (unit) {\n case 's':\n return value;\n case 'm':\n return value * 60;\n case 'h':\n return value * 60 * 60;\n case 'd':\n return value * 60 * 60 * 24;\n case 'w':\n return value * 60 * 60 * 24 * 7;\n default:\n throw new Error(`Unknown duration unit: ${unit}`);\n }\n}\n\n/**\n * Default JWT configuration\n */\nconst DEFAULT_CONFIG = {\n accessTokenTTL: '15m',\n refreshTokenTTL: '7d',\n keyVersion: 1,\n};\n\n/**\n * JWT Manager\n * Handles token generation, verification, and key rotation\n */\nexport class JwtManager {\n private secret: Uint8Array;\n private previousSecrets: Uint8Array[];\n private config: Required<JwtConfig>;\n private keyVersion: number;\n\n constructor(config: JwtConfig) {\n this.config = {\n accessTokenTTL: DEFAULT_CONFIG.accessTokenTTL,\n refreshTokenTTL: DEFAULT_CONFIG.refreshTokenTTL,\n previousSecrets: [],\n keyVersion: DEFAULT_CONFIG.keyVersion,\n ...config,\n } as Required<JwtConfig>;\n\n this.secret = new TextEncoder().encode(config.secret);\n this.keyVersion = this.config.keyVersion;\n this.previousSecrets = (this.config.previousSecrets).map(\n (s) => new TextEncoder().encode(s)\n );\n }\n\n /**\n * Get current key version\n */\n getKeyVersion(): number {\n return this.keyVersion;\n }\n\n /**\n * Rotate the signing key\n * Moves current secret to previousSecrets and sets new secret\n */\n rotateKey(\n newSecret: string,\n options?: { maxPreviousSecrets?: number }\n ): KeyRotationResult {\n const maxPrevious = options?.maxPreviousSecrets ?? 2;\n const previousSecret = this.config.secret;\n\n // Move current secret to previous secrets\n this.previousSecrets.unshift(this.secret);\n\n // Limit the number of previous secrets\n if (this.previousSecrets.length > maxPrevious) {\n this.previousSecrets = this.previousSecrets.slice(0, maxPrevious);\n }\n\n // Set new secret\n this.secret = new TextEncoder().encode(newSecret);\n this.config.secret = newSecret;\n this.keyVersion++;\n\n // Update config's previous secrets\n this.config.previousSecrets = [\n previousSecret,\n ...this.config.previousSecrets.slice(0, maxPrevious - 1),\n ];\n this.config.keyVersion = this.keyVersion;\n\n return {\n previousSecret,\n newSecret,\n keyVersion: this.keyVersion,\n rotatedAt: new Date(),\n };\n }\n\n /**\n * Get current configuration (for persistence)\n */\n getConfig(): JwtConfig {\n return { ...this.config };\n }\n\n /**\n * Generate access token\n */\n async generateAccessToken(payload: {\n userId: string;\n tenantId?: string;\n sessionId?: string;\n roles?: string[];\n permissions?: string[];\n claims?: Record<string, unknown>;\n }): Promise<{ token: string; expiresAt: Date }> {\n const ttlSeconds = parseDuration(this.config.accessTokenTTL);\n const expiresAt = new Date(Date.now() + ttlSeconds * 1000);\n\n const jwt = new jose.SignJWT({\n sub: payload.userId,\n ...(payload.tenantId && { tid: payload.tenantId }),\n ...(payload.sessionId && { sid: payload.sessionId }),\n roles: payload.roles ?? [],\n permissions: payload.permissions ?? [],\n ...payload.claims,\n })\n .setProtectedHeader({ alg: 'HS256', kid: `v${this.keyVersion}` })\n .setIssuedAt()\n .setExpirationTime(expiresAt)\n .setIssuer(this.config.issuer)\n .setAudience(this.config.audience);\n\n const token = await jwt.sign(this.secret);\n\n return { token, expiresAt };\n }\n\n /**\n * Generate refresh token\n */\n async generateRefreshToken(payload: {\n userId: string;\n tenantId?: string;\n sessionId?: string;\n }): Promise<{ token: string; expiresAt: Date }> {\n const ttlSeconds = parseDuration(this.config.refreshTokenTTL);\n const expiresAt = new Date(Date.now() + ttlSeconds * 1000);\n\n const jwt = new jose.SignJWT({\n sub: payload.userId,\n ...(payload.tenantId && { tid: payload.tenantId }),\n ...(payload.sessionId && { sid: payload.sessionId }),\n type: 'refresh',\n })\n .setProtectedHeader({ alg: 'HS256', kid: `v${this.keyVersion}` })\n .setIssuedAt()\n .setExpirationTime(expiresAt)\n .setIssuer(this.config.issuer)\n .setAudience(this.config.audience);\n\n const token = await jwt.sign(this.secret);\n\n return { token, expiresAt };\n }\n\n /**\n * Generate token pair (access + refresh)\n */\n async generateTokenPair(payload: {\n userId: string;\n tenantId?: string;\n sessionId?: string;\n roles?: string[];\n permissions?: string[];\n claims?: Record<string, unknown>;\n }): Promise<TokenPair> {\n const [access, refresh] = await Promise.all([\n this.generateAccessToken(payload),\n this.generateRefreshToken(payload),\n ]);\n\n return {\n accessToken: access.token,\n refreshToken: refresh.token,\n accessExpiresAt: access.expiresAt,\n refreshExpiresAt: refresh.expiresAt,\n };\n }\n\n /**\n * Verify access token\n * Tries current secret first, then falls back to previous secrets for graceful rotation\n */\n async verifyAccessToken(token: string): Promise<JwtPayload> {\n const secrets = [this.secret, ...this.previousSecrets];\n\n for (let i = 0; i < secrets.length; i++) {\n const secret = secrets[i];\n if (!secret) continue;\n\n try {\n const { payload } = await jose.jwtVerify(token, secret, {\n issuer: this.config.issuer,\n audience: this.config.audience,\n });\n\n // Return all claims including custom ones\n return {\n ...payload,\n sub: payload.sub as string,\n tid: payload['tid'] as string | undefined,\n sid: payload['sid'] as string | undefined,\n iat: payload.iat as number,\n exp: payload.exp as number,\n iss: payload.iss as string,\n aud: payload.aud as string | string[],\n roles: (payload['roles'] as string[]) ?? [],\n permissions: (payload['permissions'] as string[]) ?? [],\n };\n } catch (error) {\n // If it's an expiration error, don't try other secrets\n if (error instanceof jose.errors.JWTExpired) {\n throw new JwtError('Access token expired', 'TOKEN_EXPIRED');\n }\n // Try next secret on signature mismatch\n if (i === secrets.length - 1) {\n if (error instanceof jose.errors.JWTInvalid) {\n throw new JwtError('Invalid access token', 'INVALID_TOKEN');\n }\n throw new JwtError('Token verification failed', 'VERIFICATION_FAILED');\n }\n }\n }\n\n throw new JwtError('Token verification failed', 'VERIFICATION_FAILED');\n }\n\n /**\n * Verify refresh token\n */\n async verifyRefreshToken(token: string): Promise<{\n userId: string;\n tenantId?: string;\n sessionId?: string;\n }> {\n const secrets = [this.secret, ...this.previousSecrets];\n\n for (let i = 0; i < secrets.length; i++) {\n const secret = secrets[i];\n if (!secret) continue;\n\n try {\n const { payload } = await jose.jwtVerify(token, secret, {\n issuer: this.config.issuer,\n audience: this.config.audience,\n });\n\n if (payload['type'] !== 'refresh') {\n throw new JwtError('Invalid token type', 'INVALID_TOKEN_TYPE');\n }\n\n return {\n userId: payload.sub as string,\n tenantId: payload['tid'] as string | undefined,\n sessionId: payload['sid'] as string | undefined,\n };\n } catch (error) {\n if (error instanceof jose.errors.JWTExpired) {\n throw new JwtError('Refresh token expired', 'TOKEN_EXPIRED');\n }\n if (error instanceof JwtError) {\n throw error;\n }\n if (i === secrets.length - 1) {\n if (error instanceof jose.errors.JWTInvalid) {\n throw new JwtError('Invalid refresh token', 'INVALID_TOKEN');\n }\n throw new JwtError('Token verification failed', 'VERIFICATION_FAILED');\n }\n }\n }\n\n throw new JwtError('Token verification failed', 'VERIFICATION_FAILED');\n }\n\n /**\n * Decode token without verification (for inspection)\n */\n decodeToken(token: string): jose.JWTPayload | null {\n try {\n return jose.decodeJwt(token);\n } catch {\n return null;\n }\n }\n\n /**\n * Check if token is expired (without signature verification)\n */\n isTokenExpired(token: string): boolean {\n const payload = this.decodeToken(token);\n if (!payload?.exp) return true;\n return payload.exp * 1000 < Date.now();\n }\n\n /**\n * Get token expiration date (without signature verification)\n */\n getTokenExpiration(token: string): Date | null {\n const payload = this.decodeToken(token);\n if (!payload?.exp) return null;\n return new Date(payload.exp * 1000);\n }\n\n /**\n * Get time until token expires in seconds\n */\n getTokenTTL(token: string): number {\n const exp = this.getTokenExpiration(token);\n if (!exp) return 0;\n return Math.max(0, Math.floor((exp.getTime() - Date.now()) / 1000));\n }\n}\n\n/**\n * JWT Error class\n */\nexport class JwtError extends Error {\n constructor(\n message: string,\n public readonly code:\n | 'TOKEN_EXPIRED'\n | 'INVALID_TOKEN'\n | 'INVALID_TOKEN_TYPE'\n | 'VERIFICATION_FAILED'\n ) {\n super(message);\n this.name = 'JwtError';\n }\n}\n\n/**\n * Extract token from Authorization header\n */\nexport function extractBearerToken(\n authHeader: string | null | undefined\n): string | null {\n if (!authHeader) return null;\n const parts = authHeader.split(' ');\n if (parts.length !== 2 || parts[0] !== 'Bearer') return null;\n return parts[1] ?? null;\n}\n\n/**\n * Create a JwtManager instance\n */\nexport function createJwtManager(config: JwtConfig): JwtManager {\n return new JwtManager(config);\n}\n","/**\n * Session Blocklist\n * Uses KVStorage interface for multi-runtime support\n * Supports token/session revocation for logout\n */\n\nimport type { KVStorage } from '../storage/types.js';\nimport { StorageKeys } from '../storage/index.js';\n\n/**\n * Blocklist configuration\n */\nexport interface BlocklistConfig {\n /** Key prefix for blocked sessions */\n prefix?: string;\n /** Default TTL in seconds (should match max token lifetime) */\n defaultTTL?: number;\n}\n\n/**\n * Blocklist entry\n */\ninterface BlocklistEntry {\n /** Session or token ID */\n id: string;\n /** When the entry expires */\n expiresAt: string;\n /** Why was it blocked */\n reason?: string;\n /** When it was blocked */\n blockedAt: string;\n /** User ID (for audit) */\n userId?: string;\n}\n\n/**\n * Session Blocklist\n * Manages blocked/revoked sessions and tokens\n */\nexport class SessionBlocklist {\n private storage: KVStorage;\n\n constructor(storage: KVStorage, _config?: BlocklistConfig) {\n this.storage = storage;\n // Config is reserved for future use (custom prefix, TTL settings)\n }\n\n /**\n * Get storage key for blocklist entry\n */\n private getKey(sessionId: string): string {\n return StorageKeys.blocklist(sessionId);\n }\n\n /**\n * Block a session (revoke it)\n */\n async blockSession(\n sessionId: string,\n expiresAt: Date,\n options?: { reason?: string; userId?: string }\n ): Promise<void> {\n const ttlMs = expiresAt.getTime() - Date.now();\n if (ttlMs <= 0) return; // Already expired, no need to block\n\n const ttlSeconds = Math.ceil(ttlMs / 1000);\n const key = this.getKey(sessionId);\n\n const entry: BlocklistEntry = {\n id: sessionId,\n expiresAt: expiresAt.toISOString(),\n reason: options?.reason,\n blockedAt: new Date().toISOString(),\n userId: options?.userId,\n };\n\n await this.storage.set(key, entry, ttlSeconds);\n }\n\n /**\n * Check if a session is blocked\n */\n async isBlocked(sessionId: string): Promise<boolean> {\n const key = this.getKey(sessionId);\n const entry = await this.storage.get<BlocklistEntry>(key);\n\n if (!entry) return false;\n\n // Double-check expiration (storage should handle this, but be safe)\n if (new Date(entry.expiresAt) < new Date()) {\n await this.storage.delete(key);\n return false;\n }\n\n return true;\n }\n\n /**\n * Get blocklist entry details\n */\n async getEntry(sessionId: string): Promise<BlocklistEntry | null> {\n const key = this.getKey(sessionId);\n return this.storage.get<BlocklistEntry>(key);\n }\n\n /**\n * Unblock a session (if needed)\n */\n async unblockSession(sessionId: string): Promise<void> {\n const key = this.getKey(sessionId);\n await this.storage.delete(key);\n }\n\n /**\n * Block multiple sessions (logout all devices)\n */\n async blockMultipleSessions(\n sessions: Array<{\n id: string;\n expiresAt: Date;\n reason?: string;\n userId?: string;\n }>\n ): Promise<void> {\n await Promise.all(\n sessions.map((s) =>\n this.blockSession(s.id, s.expiresAt, {\n reason: s.reason,\n userId: s.userId,\n })\n )\n );\n }\n\n /**\n * Block all sessions for a user\n * Requires session IDs to be provided (from session store)\n */\n async blockAllUserSessions(\n userId: string,\n sessionIds: string[],\n tokenExpiresAt: Date,\n reason = 'User logout all'\n ): Promise<void> {\n await this.blockMultipleSessions(\n sessionIds.map((id) => ({\n id,\n expiresAt: tokenExpiresAt,\n reason,\n userId,\n }))\n );\n }\n}\n\n/**\n * Token Blocklist\n * For revoking individual tokens (separate from sessions)\n */\nexport class TokenBlocklist {\n private storage: KVStorage;\n\n constructor(storage: KVStorage) {\n this.storage = storage;\n }\n\n /**\n * Get storage key for token blocklist entry\n */\n private getKey(tokenHash: string): string {\n return `blocklist:token:${tokenHash}`;\n }\n\n /**\n * Hash a token for storage (don't store raw tokens)\n */\n private async hashToken(token: string): Promise<string> {\n const encoder = new TextEncoder();\n const data = encoder.encode(token);\n const hashBuffer = await crypto.subtle.digest('SHA-256', data);\n const hashArray = Array.from(new Uint8Array(hashBuffer));\n return hashArray.map((b) => b.toString(16).padStart(2, '0')).join('');\n }\n\n /**\n * Block a token\n */\n async blockToken(token: string, expiresAt: Date, reason?: string): Promise<void> {\n const ttlMs = expiresAt.getTime() - Date.now();\n if (ttlMs <= 0) return;\n\n const ttlSeconds = Math.ceil(ttlMs / 1000);\n const hash = await this.hashToken(token);\n const key = this.getKey(hash);\n\n await this.storage.set(\n key,\n {\n hash,\n expiresAt: expiresAt.toISOString(),\n reason,\n blockedAt: new Date().toISOString(),\n },\n ttlSeconds\n );\n }\n\n /**\n * Check if a token is blocked\n */\n async isBlocked(token: string): Promise<boolean> {\n const hash = await this.hashToken(token);\n const key = this.getKey(hash);\n return this.storage.has(key);\n }\n\n /**\n * Unblock a token\n */\n async unblockToken(token: string): Promise<void> {\n const hash = await this.hashToken(token);\n const key = this.getKey(hash);\n await this.storage.delete(key);\n }\n}\n\n/**\n * Create session blocklist\n */\nexport function createSessionBlocklist(\n storage: KVStorage,\n config?: BlocklistConfig\n): SessionBlocklist {\n return new SessionBlocklist(storage, config);\n}\n\n/**\n * Create token blocklist\n */\nexport function createTokenBlocklist(storage: KVStorage): TokenBlocklist {\n return new TokenBlocklist(storage);\n}\n"]}
|
package/dist/index.js
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
import './chunk-7GOBAL4G.js';
|
|
2
|
-
export { createAuthCookies, createAuthMiddleware, createAuthRoutes, createHonoAuth, createLogoutCookies, createOptionalAuthMiddleware, requireAdmin, requireAll, requireAny, requireAnyPermission, requireOwnerOrPermission, requirePermission, requireRole, requireTenant, requireTenantAccess } from './chunk-
|
|
2
|
+
export { createAuthCookies, createAuthMiddleware, createAuthRoutes, createHonoAuth, createLogoutCookies, createOptionalAuthMiddleware, requireAdmin, requireAll, requireAny, requireAnyPermission, requireOwnerOrPermission, requirePermission, requireRole, requireTenant, requireTenantAccess } from './chunk-JFSNE55J.js';
|
|
3
3
|
import { ProviderRegistry } from './chunk-G5I3T73A.js';
|
|
4
4
|
export { ProviderRegistry } from './chunk-G5I3T73A.js';
|
|
5
5
|
import { generateRandomHex, sha256Hex } from './chunk-YTCPXJR5.js';
|
|
6
6
|
export { CsrfManager, CsrfUtils, DefaultLockoutConfig, LockoutManager, RateLimitPresets, RateLimiter, base64UrlDecode, base64UrlEncode, bytesToHex, createCsrfManager, createLockoutManager, createRateLimiter, generateRandomBase64Url, generateRandomHex, hexToBytes, randomInt, sha256, sha256Hex, timingSafeEqual, timingSafeEqualBytes } from './chunk-YTCPXJR5.js';
|
|
7
7
|
export { AuthorizationGuard, Permissions, Roles, authorize, createAuthorizationGuard } from './chunk-NK4TJV2W.js';
|
|
8
|
-
import { JwtManager, SessionBlocklist } from './chunk-
|
|
9
|
-
export { JwtError, JwtManager, SessionBlocklist, TokenBlocklist, createJwtManager, createSessionBlocklist, createTokenBlocklist, extractBearerToken, parseDuration } from './chunk-
|
|
8
|
+
import { JwtManager, SessionBlocklist } from './chunk-JN34EE5D.js';
|
|
9
|
+
export { JwtError, JwtManager, SessionBlocklist, TokenBlocklist, createJwtManager, createSessionBlocklist, createTokenBlocklist, extractBearerToken, parseDuration } from './chunk-JN34EE5D.js';
|
|
10
10
|
import { OTPProvider } from './chunk-IB4WUQDZ.js';
|
|
11
11
|
export { OTPManager, OTPProvider, createOTPManager, createOTPProvider } from './chunk-IB4WUQDZ.js';
|
|
12
12
|
import { createStorage } from './chunk-42MGHABB.js';
|
package/dist/session/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { JwtError, JwtManager, SessionBlocklist, TokenBlocklist, createJwtManager, createSessionBlocklist, createTokenBlocklist, extractBearerToken, parseDuration } from '../chunk-
|
|
1
|
+
export { JwtError, JwtManager, SessionBlocklist, TokenBlocklist, createJwtManager, createSessionBlocklist, createTokenBlocklist, extractBearerToken, parseDuration } from '../chunk-JN34EE5D.js';
|
|
2
2
|
import '../chunk-42MGHABB.js';
|
|
3
3
|
//# sourceMappingURL=index.js.map
|
|
4
4
|
//# sourceMappingURL=index.js.map
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@parsrun/auth",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.12",
|
|
4
4
|
"description": "Passwordless-first, multi-runtime authentication for Pars framework",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pars",
|
|
@@ -63,8 +63,8 @@
|
|
|
63
63
|
],
|
|
64
64
|
"dependencies": {
|
|
65
65
|
"jose": "^5.9.6",
|
|
66
|
-
"@parsrun/core": "0.2.
|
|
67
|
-
"@parsrun/types": "0.2.
|
|
66
|
+
"@parsrun/core": "0.2.12",
|
|
67
|
+
"@parsrun/types": "0.2.12"
|
|
68
68
|
},
|
|
69
69
|
"devDependencies": {
|
|
70
70
|
"drizzle-orm": "^0.44.0",
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/session/jwt-manager.ts","../src/session/blocklist.ts"],"names":[],"mappings":";;;AA6EO,SAAS,cAAc,QAAA,EAA0B;AACtD,EAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,KAAA,CAAM,oBAAoB,CAAA;AACjD,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yBAAA,EAA4B,QAAQ,CAAA,mCAAA,CAAqC,CAAA;AAAA,EAC3F;AAEA,EAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,KAAA,CAAM,CAAC,GAAI,EAAE,CAAA;AACpC,EAAA,MAAM,IAAA,GAAO,MAAM,CAAC,CAAA;AAEpB,EAAA,QAAQ,IAAA;AAAM,IACZ,KAAK,GAAA;AACH,MAAA,OAAO,KAAA;AAAA,IACT,KAAK,GAAA;AACH,MAAA,OAAO,KAAA,GAAQ,EAAA;AAAA,IACjB,KAAK,GAAA;AACH,MAAA,OAAO,QAAQ,EAAA,GAAK,EAAA;AAAA,IACtB,KAAK,GAAA;AACH,MAAA,OAAO,KAAA,GAAQ,KAAK,EAAA,GAAK,EAAA;AAAA,IAC3B,KAAK,GAAA;AACH,MAAA,OAAO,KAAA,GAAQ,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK,CAAA;AAAA,IAChC;AACE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,IAAI,CAAA,CAAE,CAAA;AAAA;AAEtD;AAKA,IAAM,cAAA,GAAiB;AAAA,EACrB,cAAA,EAAgB,KAAA;AAAA,EAChB,eAAA,EAAiB,IAAA;AAAA,EACjB,UAAA,EAAY;AACd,CAAA;AAMO,IAAM,aAAN,MAAiB;AAAA,EACd,MAAA;AAAA,EACA,eAAA;AAAA,EACA,MAAA;AAAA,EACA,UAAA;AAAA,EAER,YAAY,MAAA,EAAmB;AAC7B,IAAA,IAAA,CAAK,MAAA,GAAS;AAAA,MACZ,gBAAgB,cAAA,CAAe,cAAA;AAAA,MAC/B,iBAAiB,cAAA,CAAe,eAAA;AAAA,MAChC,iBAAiB,EAAC;AAAA,MAClB,YAAY,cAAA,CAAe,UAAA;AAAA,MAC3B,GAAG;AAAA,KACL;AAEA,IAAA,IAAA,CAAK,SAAS,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,OAAO,MAAM,CAAA;AACpD,IAAA,IAAA,CAAK,UAAA,GAAa,KAAK,MAAA,CAAO,UAAA;AAC9B,IAAA,IAAA,CAAK,eAAA,GAAmB,IAAA,CAAK,MAAA,CAAO,eAAA,CAAiB,GAAA;AAAA,MACnD,CAAC,CAAA,KAAM,IAAI,WAAA,EAAY,CAAE,OAAO,CAAC;AAAA,KACnC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,aAAA,GAAwB;AACtB,IAAA,OAAO,IAAA,CAAK,UAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,SAAA,CACE,WACA,OAAA,EACmB;AACnB,IAAA,MAAM,WAAA,GAAc,SAAS,kBAAA,IAAsB,CAAA;AACnD,IAAA,MAAM,cAAA,GAAiB,KAAK,MAAA,CAAO,MAAA;AAGnC,IAAA,IAAA,CAAK,eAAA,CAAgB,OAAA,CAAQ,IAAA,CAAK,MAAM,CAAA;AAGxC,IAAA,IAAI,IAAA,CAAK,eAAA,CAAgB,MAAA,GAAS,WAAA,EAAa;AAC7C,MAAA,IAAA,CAAK,eAAA,GAAkB,IAAA,CAAK,eAAA,CAAgB,KAAA,CAAM,GAAG,WAAW,CAAA;AAAA,IAClE;AAGA,IAAA,IAAA,CAAK,MAAA,GAAS,IAAI,WAAA,EAAY,CAAE,OAAO,SAAS,CAAA;AAChD,IAAA,IAAA,CAAK,OAAO,MAAA,GAAS,SAAA;AACrB,IAAA,IAAA,CAAK,UAAA,EAAA;AAGL,IAAA,IAAA,CAAK,OAAO,eAAA,GAAkB;AAAA,MAC5B,cAAA;AAAA,MACA,GAAG,IAAA,CAAK,MAAA,CAAO,gBAAgB,KAAA,CAAM,CAAA,EAAG,cAAc,CAAC;AAAA,KACzD;AACA,IAAA,IAAA,CAAK,MAAA,CAAO,aAAa,IAAA,CAAK,UAAA;AAE9B,IAAA,OAAO;AAAA,MACL,cAAA;AAAA,MACA,SAAA;AAAA,MACA,YAAY,IAAA,CAAK,UAAA;AAAA,MACjB,SAAA,sBAAe,IAAA;AAAK,KACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,SAAA,GAAuB;AACrB,IAAA,OAAO,EAAE,GAAG,IAAA,CAAK,MAAA,EAAO;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,oBAAoB,OAAA,EAOsB;AAC9C,IAAA,MAAM,UAAA,GAAa,aAAA,CAAc,IAAA,CAAK,MAAA,CAAO,cAAc,CAAA;AAC3D,IAAA,MAAM,YAAY,IAAI,IAAA,CAAK,KAAK,GAAA,EAAI,GAAI,aAAa,GAAI,CAAA;AAEzD,IAAA,MAAM,GAAA,GAAM,IAAS,IAAA,CAAA,OAAA,CAAQ;AAAA,MAC3B,KAAK,OAAA,CAAQ,MAAA;AAAA,MACb,GAAI,OAAA,CAAQ,QAAA,IAAY,EAAE,GAAA,EAAK,QAAQ,QAAA,EAAS;AAAA,MAChD,GAAI,OAAA,CAAQ,SAAA,IAAa,EAAE,GAAA,EAAK,QAAQ,SAAA,EAAU;AAAA,MAClD,KAAA,EAAO,OAAA,CAAQ,KAAA,IAAS,EAAC;AAAA,MACzB,WAAA,EAAa,OAAA,CAAQ,WAAA,IAAe,EAAC;AAAA,MACrC,GAAG,OAAA,CAAQ;AAAA,KACZ,CAAA,CACE,kBAAA,CAAmB,EAAE,GAAA,EAAK,OAAA,EAAS,GAAA,EAAK,CAAA,CAAA,EAAI,IAAA,CAAK,UAAU,CAAA,CAAA,EAAI,CAAA,CAC/D,aAAY,CACZ,iBAAA,CAAkB,SAAS,CAAA,CAC3B,SAAA,CAAU,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,CAC5B,WAAA,CAAY,IAAA,CAAK,MAAA,CAAO,QAAQ,CAAA;AAEnC,IAAA,MAAM,KAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,CAAK,KAAK,MAAM,CAAA;AAExC,IAAA,OAAO,EAAE,OAAO,SAAA,EAAU;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,qBAAqB,OAAA,EAIqB;AAC9C,IAAA,MAAM,UAAA,GAAa,aAAA,CAAc,IAAA,CAAK,MAAA,CAAO,eAAe,CAAA;AAC5D,IAAA,MAAM,YAAY,IAAI,IAAA,CAAK,KAAK,GAAA,EAAI,GAAI,aAAa,GAAI,CAAA;AAEzD,IAAA,MAAM,GAAA,GAAM,IAAS,IAAA,CAAA,OAAA,CAAQ;AAAA,MAC3B,KAAK,OAAA,CAAQ,MAAA;AAAA,MACb,GAAI,OAAA,CAAQ,QAAA,IAAY,EAAE,GAAA,EAAK,QAAQ,QAAA,EAAS;AAAA,MAChD,GAAI,OAAA,CAAQ,SAAA,IAAa,EAAE,GAAA,EAAK,QAAQ,SAAA,EAAU;AAAA,MAClD,IAAA,EAAM;AAAA,KACP,CAAA,CACE,kBAAA,CAAmB,EAAE,GAAA,EAAK,OAAA,EAAS,GAAA,EAAK,CAAA,CAAA,EAAI,IAAA,CAAK,UAAU,CAAA,CAAA,EAAI,CAAA,CAC/D,aAAY,CACZ,iBAAA,CAAkB,SAAS,CAAA,CAC3B,SAAA,CAAU,IAAA,CAAK,MAAA,CAAO,MAAM,CAAA,CAC5B,WAAA,CAAY,IAAA,CAAK,MAAA,CAAO,QAAQ,CAAA;AAEnC,IAAA,MAAM,KAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,CAAK,KAAK,MAAM,CAAA;AAExC,IAAA,OAAO,EAAE,OAAO,SAAA,EAAU;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAkB,OAAA,EAOD;AACrB,IAAA,MAAM,CAAC,MAAA,EAAQ,OAAO,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,MAC1C,IAAA,CAAK,oBAAoB,OAAO,CAAA;AAAA,MAChC,IAAA,CAAK,qBAAqB,OAAO;AAAA,KAClC,CAAA;AAED,IAAA,OAAO;AAAA,MACL,aAAa,MAAA,CAAO,KAAA;AAAA,MACpB,cAAc,OAAA,CAAQ,KAAA;AAAA,MACtB,iBAAiB,MAAA,CAAO,SAAA;AAAA,MACxB,kBAAkB,OAAA,CAAQ;AAAA,KAC5B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,kBAAkB,KAAA,EAAoC;AAC1D,IAAA,MAAM,UAAU,CAAC,IAAA,CAAK,MAAA,EAAQ,GAAG,KAAK,eAAe,CAAA;AAErD,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,OAAA,CAAQ,QAAQ,CAAA,EAAA,EAAK;AACvC,MAAA,MAAM,MAAA,GAAS,QAAQ,CAAC,CAAA;AACxB,MAAA,IAAI,CAAC,MAAA,EAAQ;AAEb,MAAA,IAAI;AACF,QAAA,MAAM,EAAE,OAAA,EAAQ,GAAI,MAAW,IAAA,CAAA,SAAA,CAAU,OAAO,MAAA,EAAQ;AAAA,UACtD,MAAA,EAAQ,KAAK,MAAA,CAAO,MAAA;AAAA,UACpB,QAAA,EAAU,KAAK,MAAA,CAAO;AAAA,SACvB,CAAA;AAED,QAAA,OAAO;AAAA,UACL,KAAK,OAAA,CAAQ,GAAA;AAAA,UACb,GAAA,EAAK,QAAQ,KAAK,CAAA;AAAA,UAClB,GAAA,EAAK,QAAQ,KAAK,CAAA;AAAA,UAClB,KAAK,OAAA,CAAQ,GAAA;AAAA,UACb,KAAK,OAAA,CAAQ,GAAA;AAAA,UACb,KAAK,OAAA,CAAQ,GAAA;AAAA,UACb,KAAK,OAAA,CAAQ,GAAA;AAAA,UACb,KAAA,EAAQ,OAAA,CAAQ,OAAO,CAAA,IAAkB,EAAC;AAAA,UAC1C,WAAA,EAAc,OAAA,CAAQ,aAAa,CAAA,IAAkB;AAAC,SACxD;AAAA,MACF,SAAS,KAAA,EAAO;AAEd,QAAA,IAAI,KAAA,YAAsB,YAAO,UAAA,EAAY;AAC3C,UAAA,MAAM,IAAI,QAAA,CAAS,sBAAA,EAAwB,eAAe,CAAA;AAAA,QAC5D;AAEA,QAAA,IAAI,CAAA,KAAM,OAAA,CAAQ,MAAA,GAAS,CAAA,EAAG;AAC5B,UAAA,IAAI,KAAA,YAAsB,YAAO,UAAA,EAAY;AAC3C,YAAA,MAAM,IAAI,QAAA,CAAS,sBAAA,EAAwB,eAAe,CAAA;AAAA,UAC5D;AACA,UAAA,MAAM,IAAI,QAAA,CAAS,2BAAA,EAA6B,qBAAqB,CAAA;AAAA,QACvE;AAAA,MACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAI,QAAA,CAAS,2BAAA,EAA6B,qBAAqB,CAAA;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAmB,KAAA,EAItB;AACD,IAAA,MAAM,UAAU,CAAC,IAAA,CAAK,MAAA,EAAQ,GAAG,KAAK,eAAe,CAAA;AAErD,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,OAAA,CAAQ,QAAQ,CAAA,EAAA,EAAK;AACvC,MAAA,MAAM,MAAA,GAAS,QAAQ,CAAC,CAAA;AACxB,MAAA,IAAI,CAAC,MAAA,EAAQ;AAEb,MAAA,IAAI;AACF,QAAA,MAAM,EAAE,OAAA,EAAQ,GAAI,MAAW,IAAA,CAAA,SAAA,CAAU,OAAO,MAAA,EAAQ;AAAA,UACtD,MAAA,EAAQ,KAAK,MAAA,CAAO,MAAA;AAAA,UACpB,QAAA,EAAU,KAAK,MAAA,CAAO;AAAA,SACvB,CAAA;AAED,QAAA,IAAI,OAAA,CAAQ,MAAM,CAAA,KAAM,SAAA,EAAW;AACjC,UAAA,MAAM,IAAI,QAAA,CAAS,oBAAA,EAAsB,oBAAoB,CAAA;AAAA,QAC/D;AAEA,QAAA,OAAO;AAAA,UACL,QAAQ,OAAA,CAAQ,GAAA;AAAA,UAChB,QAAA,EAAU,QAAQ,KAAK,CAAA;AAAA,UACvB,SAAA,EAAW,QAAQ,KAAK;AAAA,SAC1B;AAAA,MACF,SAAS,KAAA,EAAO;AACd,QAAA,IAAI,KAAA,YAAsB,YAAO,UAAA,EAAY;AAC3C,UAAA,MAAM,IAAI,QAAA,CAAS,uBAAA,EAAyB,eAAe,CAAA;AAAA,QAC7D;AACA,QAAA,IAAI,iBAAiB,QAAA,EAAU;AAC7B,UAAA,MAAM,KAAA;AAAA,QACR;AACA,QAAA,IAAI,CAAA,KAAM,OAAA,CAAQ,MAAA,GAAS,CAAA,EAAG;AAC5B,UAAA,IAAI,KAAA,YAAsB,YAAO,UAAA,EAAY;AAC3C,YAAA,MAAM,IAAI,QAAA,CAAS,uBAAA,EAAyB,eAAe,CAAA;AAAA,UAC7D;AACA,UAAA,MAAM,IAAI,QAAA,CAAS,2BAAA,EAA6B,qBAAqB,CAAA;AAAA,QACvE;AAAA,MACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAI,QAAA,CAAS,2BAAA,EAA6B,qBAAqB,CAAA;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,KAAA,EAAuC;AACjD,IAAA,IAAI;AACF,MAAA,OAAY,eAAU,KAAK,CAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,eAAe,KAAA,EAAwB;AACrC,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,WAAA,CAAY,KAAK,CAAA;AACtC,IAAA,IAAI,CAAC,OAAA,EAAS,GAAA,EAAK,OAAO,IAAA;AAC1B,IAAA,OAAO,OAAA,CAAQ,GAAA,GAAM,GAAA,GAAO,IAAA,CAAK,GAAA,EAAI;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,mBAAmB,KAAA,EAA4B;AAC7C,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,WAAA,CAAY,KAAK,CAAA;AACtC,IAAA,IAAI,CAAC,OAAA,EAAS,GAAA,EAAK,OAAO,IAAA;AAC1B,IAAA,OAAO,IAAI,IAAA,CAAK,OAAA,CAAQ,GAAA,GAAM,GAAI,CAAA;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,KAAA,EAAuB;AACjC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,kBAAA,CAAmB,KAAK,CAAA;AACzC,IAAA,IAAI,CAAC,KAAK,OAAO,CAAA;AACjB,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,IAAA,CAAK,KAAA,CAAA,CAAO,GAAA,CAAI,OAAA,EAAQ,GAAI,IAAA,CAAK,GAAA,EAAI,IAAK,GAAI,CAAC,CAAA;AAAA,EACpE;AACF;AAKO,IAAM,QAAA,GAAN,cAAuB,KAAA,CAAM;AAAA,EAClC,WAAA,CACE,SACgB,IAAA,EAKhB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AANG,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAOhB,IAAA,IAAA,CAAK,IAAA,GAAO,UAAA;AAAA,EACd;AACF;AAKO,SAAS,mBACd,UAAA,EACe;AACf,EAAA,IAAI,CAAC,YAAY,OAAO,IAAA;AACxB,EAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,GAAG,CAAA;AAClC,EAAA,IAAI,MAAM,MAAA,KAAW,CAAA,IAAK,MAAM,CAAC,CAAA,KAAM,UAAU,OAAO,IAAA;AACxD,EAAA,OAAO,KAAA,CAAM,CAAC,CAAA,IAAK,IAAA;AACrB;AAKO,SAAS,iBAAiB,MAAA,EAA+B;AAC9D,EAAA,OAAO,IAAI,WAAW,MAAM,CAAA;AAC9B;;;ACnZO,IAAM,mBAAN,MAAuB;AAAA,EACpB,OAAA;AAAA,EAER,WAAA,CAAY,SAAoB,OAAA,EAA2B;AACzD,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EAEjB;AAAA;AAAA;AAAA;AAAA,EAKQ,OAAO,SAAA,EAA2B;AACxC,IAAA,OAAO,WAAA,CAAY,UAAU,SAAS,CAAA;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAA,CACJ,SAAA,EACA,SAAA,EACA,OAAA,EACe;AACf,IAAA,MAAM,KAAA,GAAQ,SAAA,CAAU,OAAA,EAAQ,GAAI,KAAK,GAAA,EAAI;AAC7C,IAAA,IAAI,SAAS,CAAA,EAAG;AAEhB,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,IAAA,CAAK,KAAA,GAAQ,GAAI,CAAA;AACzC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AAEjC,IAAA,MAAM,KAAA,GAAwB;AAAA,MAC5B,EAAA,EAAI,SAAA;AAAA,MACJ,SAAA,EAAW,UAAU,WAAA,EAAY;AAAA,MACjC,QAAQ,OAAA,EAAS,MAAA;AAAA,MACjB,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,MAClC,QAAQ,OAAA,EAAS;AAAA,KACnB;AAEA,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,OAAO,UAAU,CAAA;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAU,SAAA,EAAqC;AACnD,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AACjC,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,OAAA,CAAQ,IAAoB,GAAG,CAAA;AAExD,IAAA,IAAI,CAAC,OAAO,OAAO,KAAA;AAGnB,IAAA,IAAI,IAAI,IAAA,CAAK,KAAA,CAAM,SAAS,CAAA,mBAAI,IAAI,MAAK,EAAG;AAC1C,MAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,GAAG,CAAA;AAC7B,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAS,SAAA,EAAmD;AAChE,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AACjC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAoB,GAAG,CAAA;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe,SAAA,EAAkC;AACrD,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,SAAS,CAAA;AACjC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,GAAG,CAAA;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,sBACJ,QAAA,EAMe;AACf,IAAA,MAAM,OAAA,CAAQ,GAAA;AAAA,MACZ,QAAA,CAAS,GAAA;AAAA,QAAI,CAAC,CAAA,KACZ,IAAA,CAAK,aAAa,CAAA,CAAE,EAAA,EAAI,EAAE,SAAA,EAAW;AAAA,UACnC,QAAQ,CAAA,CAAE,MAAA;AAAA,UACV,QAAQ,CAAA,CAAE;AAAA,SACX;AAAA;AACH,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,oBAAA,CACJ,MAAA,EACA,UAAA,EACA,cAAA,EACA,SAAS,iBAAA,EACM;AACf,IAAA,MAAM,IAAA,CAAK,qBAAA;AAAA,MACT,UAAA,CAAW,GAAA,CAAI,CAAC,EAAA,MAAQ;AAAA,QACtB,EAAA;AAAA,QACA,SAAA,EAAW,cAAA;AAAA,QACX,MAAA;AAAA,QACA;AAAA,OACF,CAAE;AAAA,KACJ;AAAA,EACF;AACF;AAMO,IAAM,iBAAN,MAAqB;AAAA,EAClB,OAAA;AAAA,EAER,YAAY,OAAA,EAAoB;AAC9B,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA,EAKQ,OAAO,SAAA,EAA2B;AACxC,IAAA,OAAO,mBAAmB,SAAS,CAAA,CAAA;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,UAAU,KAAA,EAAgC;AACtD,IAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,IAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,MAAA,CAAO,KAAK,CAAA;AACjC,IAAA,MAAM,aAAa,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,WAAW,IAAI,CAAA;AAC7D,IAAA,MAAM,YAAY,KAAA,CAAM,IAAA,CAAK,IAAI,UAAA,CAAW,UAAU,CAAC,CAAA;AACvD,IAAA,OAAO,SAAA,CAAU,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,KAAK,EAAE,CAAA;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAA,CAAW,KAAA,EAAe,SAAA,EAAiB,MAAA,EAAgC;AAC/E,IAAA,MAAM,KAAA,GAAQ,SAAA,CAAU,OAAA,EAAQ,GAAI,KAAK,GAAA,EAAI;AAC7C,IAAA,IAAI,SAAS,CAAA,EAAG;AAEhB,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,IAAA,CAAK,KAAA,GAAQ,GAAI,CAAA;AACzC,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,KAAK,CAAA;AACvC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,IAAI,CAAA;AAE5B,IAAA,MAAM,KAAK,OAAA,CAAQ,GAAA;AAAA,MACjB,GAAA;AAAA,MACA;AAAA,QACE,IAAA;AAAA,QACA,SAAA,EAAW,UAAU,WAAA,EAAY;AAAA,QACjC,MAAA;AAAA,QACA,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,OACpC;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAU,KAAA,EAAiC;AAC/C,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,KAAK,CAAA;AACvC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,IAAI,CAAA;AAC5B,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA;AAAA,EAC7B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,KAAA,EAA8B;AAC/C,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,SAAA,CAAU,KAAK,CAAA;AACvC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,MAAA,CAAO,IAAI,CAAA;AAC5B,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,GAAG,CAAA;AAAA,EAC/B;AACF;AAKO,SAAS,sBAAA,CACd,SACA,MAAA,EACkB;AAClB,EAAA,OAAO,IAAI,gBAAA,CAAiB,OAAA,EAAS,MAAM,CAAA;AAC7C;AAKO,SAAS,qBAAqB,OAAA,EAAoC;AACvE,EAAA,OAAO,IAAI,eAAe,OAAO,CAAA;AACnC","file":"chunk-MOG4Y6I7.js","sourcesContent":["/**\n * JWT Manager with Key Rotation Support\n * Uses jose library for multi-runtime compatibility (Node, Deno, CF Workers, Bun)\n */\n\nimport * as jose from 'jose';\n\n/**\n * JWT configuration\n */\nexport interface JwtConfig {\n /** Secret key for signing tokens */\n secret: string;\n /** Token issuer */\n issuer: string;\n /** Token audience */\n audience: string;\n /** Access token TTL (e.g., '15m', '1h') */\n accessTokenTTL?: string;\n /** Refresh token TTL (e.g., '7d', '12h') */\n refreshTokenTTL?: string;\n /** Previous secrets for key rotation */\n previousSecrets?: string[];\n /** Current key version */\n keyVersion?: number;\n}\n\n/**\n * JWT payload structure\n */\nexport interface JwtPayload {\n /** User ID */\n sub: string;\n /** Tenant ID */\n tid?: string;\n /** Session ID */\n sid?: string;\n /** Issued at timestamp */\n iat: number;\n /** Expiration timestamp */\n exp: number;\n /** Issuer */\n iss: string;\n /** Audience */\n aud: string | string[];\n /** User roles */\n roles?: string[];\n /** User permissions */\n permissions?: string[];\n /** Additional claims */\n [key: string]: unknown;\n}\n\n/**\n * Token pair (access + refresh)\n */\nexport interface TokenPair {\n accessToken: string;\n refreshToken: string;\n accessExpiresAt: Date;\n refreshExpiresAt: Date;\n}\n\n/**\n * Key rotation result\n */\nexport interface KeyRotationResult {\n previousSecret: string;\n newSecret: string;\n keyVersion: number;\n rotatedAt: Date;\n}\n\n/**\n * Parse duration string to seconds\n * Supports: s (seconds), m (minutes), h (hours), d (days), w (weeks)\n */\nexport function parseDuration(duration: string): number {\n const match = duration.match(/^(\\d+)(s|m|h|d|w)$/);\n if (!match) {\n throw new Error(`Invalid duration format: ${duration}. Use format like '15m', '1h', '7d'`);\n }\n\n const value = parseInt(match[1]!, 10);\n const unit = match[2];\n\n switch (unit) {\n case 's':\n return value;\n case 'm':\n return value * 60;\n case 'h':\n return value * 60 * 60;\n case 'd':\n return value * 60 * 60 * 24;\n case 'w':\n return value * 60 * 60 * 24 * 7;\n default:\n throw new Error(`Unknown duration unit: ${unit}`);\n }\n}\n\n/**\n * Default JWT configuration\n */\nconst DEFAULT_CONFIG = {\n accessTokenTTL: '15m',\n refreshTokenTTL: '7d',\n keyVersion: 1,\n};\n\n/**\n * JWT Manager\n * Handles token generation, verification, and key rotation\n */\nexport class JwtManager {\n private secret: Uint8Array;\n private previousSecrets: Uint8Array[];\n private config: Required<JwtConfig>;\n private keyVersion: number;\n\n constructor(config: JwtConfig) {\n this.config = {\n accessTokenTTL: DEFAULT_CONFIG.accessTokenTTL,\n refreshTokenTTL: DEFAULT_CONFIG.refreshTokenTTL,\n previousSecrets: [],\n keyVersion: DEFAULT_CONFIG.keyVersion,\n ...config,\n } as Required<JwtConfig>;\n\n this.secret = new TextEncoder().encode(config.secret);\n this.keyVersion = this.config.keyVersion;\n this.previousSecrets = (this.config.previousSecrets).map(\n (s) => new TextEncoder().encode(s)\n );\n }\n\n /**\n * Get current key version\n */\n getKeyVersion(): number {\n return this.keyVersion;\n }\n\n /**\n * Rotate the signing key\n * Moves current secret to previousSecrets and sets new secret\n */\n rotateKey(\n newSecret: string,\n options?: { maxPreviousSecrets?: number }\n ): KeyRotationResult {\n const maxPrevious = options?.maxPreviousSecrets ?? 2;\n const previousSecret = this.config.secret;\n\n // Move current secret to previous secrets\n this.previousSecrets.unshift(this.secret);\n\n // Limit the number of previous secrets\n if (this.previousSecrets.length > maxPrevious) {\n this.previousSecrets = this.previousSecrets.slice(0, maxPrevious);\n }\n\n // Set new secret\n this.secret = new TextEncoder().encode(newSecret);\n this.config.secret = newSecret;\n this.keyVersion++;\n\n // Update config's previous secrets\n this.config.previousSecrets = [\n previousSecret,\n ...this.config.previousSecrets.slice(0, maxPrevious - 1),\n ];\n this.config.keyVersion = this.keyVersion;\n\n return {\n previousSecret,\n newSecret,\n keyVersion: this.keyVersion,\n rotatedAt: new Date(),\n };\n }\n\n /**\n * Get current configuration (for persistence)\n */\n getConfig(): JwtConfig {\n return { ...this.config };\n }\n\n /**\n * Generate access token\n */\n async generateAccessToken(payload: {\n userId: string;\n tenantId?: string;\n sessionId?: string;\n roles?: string[];\n permissions?: string[];\n claims?: Record<string, unknown>;\n }): Promise<{ token: string; expiresAt: Date }> {\n const ttlSeconds = parseDuration(this.config.accessTokenTTL);\n const expiresAt = new Date(Date.now() + ttlSeconds * 1000);\n\n const jwt = new jose.SignJWT({\n sub: payload.userId,\n ...(payload.tenantId && { tid: payload.tenantId }),\n ...(payload.sessionId && { sid: payload.sessionId }),\n roles: payload.roles ?? [],\n permissions: payload.permissions ?? [],\n ...payload.claims,\n })\n .setProtectedHeader({ alg: 'HS256', kid: `v${this.keyVersion}` })\n .setIssuedAt()\n .setExpirationTime(expiresAt)\n .setIssuer(this.config.issuer)\n .setAudience(this.config.audience);\n\n const token = await jwt.sign(this.secret);\n\n return { token, expiresAt };\n }\n\n /**\n * Generate refresh token\n */\n async generateRefreshToken(payload: {\n userId: string;\n tenantId?: string;\n sessionId?: string;\n }): Promise<{ token: string; expiresAt: Date }> {\n const ttlSeconds = parseDuration(this.config.refreshTokenTTL);\n const expiresAt = new Date(Date.now() + ttlSeconds * 1000);\n\n const jwt = new jose.SignJWT({\n sub: payload.userId,\n ...(payload.tenantId && { tid: payload.tenantId }),\n ...(payload.sessionId && { sid: payload.sessionId }),\n type: 'refresh',\n })\n .setProtectedHeader({ alg: 'HS256', kid: `v${this.keyVersion}` })\n .setIssuedAt()\n .setExpirationTime(expiresAt)\n .setIssuer(this.config.issuer)\n .setAudience(this.config.audience);\n\n const token = await jwt.sign(this.secret);\n\n return { token, expiresAt };\n }\n\n /**\n * Generate token pair (access + refresh)\n */\n async generateTokenPair(payload: {\n userId: string;\n tenantId?: string;\n sessionId?: string;\n roles?: string[];\n permissions?: string[];\n claims?: Record<string, unknown>;\n }): Promise<TokenPair> {\n const [access, refresh] = await Promise.all([\n this.generateAccessToken(payload),\n this.generateRefreshToken(payload),\n ]);\n\n return {\n accessToken: access.token,\n refreshToken: refresh.token,\n accessExpiresAt: access.expiresAt,\n refreshExpiresAt: refresh.expiresAt,\n };\n }\n\n /**\n * Verify access token\n * Tries current secret first, then falls back to previous secrets for graceful rotation\n */\n async verifyAccessToken(token: string): Promise<JwtPayload> {\n const secrets = [this.secret, ...this.previousSecrets];\n\n for (let i = 0; i < secrets.length; i++) {\n const secret = secrets[i];\n if (!secret) continue;\n\n try {\n const { payload } = await jose.jwtVerify(token, secret, {\n issuer: this.config.issuer,\n audience: this.config.audience,\n });\n\n return {\n sub: payload.sub as string,\n tid: payload['tid'] as string | undefined,\n sid: payload['sid'] as string | undefined,\n iat: payload.iat as number,\n exp: payload.exp as number,\n iss: payload.iss as string,\n aud: payload.aud as string | string[],\n roles: (payload['roles'] as string[]) ?? [],\n permissions: (payload['permissions'] as string[]) ?? [],\n };\n } catch (error) {\n // If it's an expiration error, don't try other secrets\n if (error instanceof jose.errors.JWTExpired) {\n throw new JwtError('Access token expired', 'TOKEN_EXPIRED');\n }\n // Try next secret on signature mismatch\n if (i === secrets.length - 1) {\n if (error instanceof jose.errors.JWTInvalid) {\n throw new JwtError('Invalid access token', 'INVALID_TOKEN');\n }\n throw new JwtError('Token verification failed', 'VERIFICATION_FAILED');\n }\n }\n }\n\n throw new JwtError('Token verification failed', 'VERIFICATION_FAILED');\n }\n\n /**\n * Verify refresh token\n */\n async verifyRefreshToken(token: string): Promise<{\n userId: string;\n tenantId?: string;\n sessionId?: string;\n }> {\n const secrets = [this.secret, ...this.previousSecrets];\n\n for (let i = 0; i < secrets.length; i++) {\n const secret = secrets[i];\n if (!secret) continue;\n\n try {\n const { payload } = await jose.jwtVerify(token, secret, {\n issuer: this.config.issuer,\n audience: this.config.audience,\n });\n\n if (payload['type'] !== 'refresh') {\n throw new JwtError('Invalid token type', 'INVALID_TOKEN_TYPE');\n }\n\n return {\n userId: payload.sub as string,\n tenantId: payload['tid'] as string | undefined,\n sessionId: payload['sid'] as string | undefined,\n };\n } catch (error) {\n if (error instanceof jose.errors.JWTExpired) {\n throw new JwtError('Refresh token expired', 'TOKEN_EXPIRED');\n }\n if (error instanceof JwtError) {\n throw error;\n }\n if (i === secrets.length - 1) {\n if (error instanceof jose.errors.JWTInvalid) {\n throw new JwtError('Invalid refresh token', 'INVALID_TOKEN');\n }\n throw new JwtError('Token verification failed', 'VERIFICATION_FAILED');\n }\n }\n }\n\n throw new JwtError('Token verification failed', 'VERIFICATION_FAILED');\n }\n\n /**\n * Decode token without verification (for inspection)\n */\n decodeToken(token: string): jose.JWTPayload | null {\n try {\n return jose.decodeJwt(token);\n } catch {\n return null;\n }\n }\n\n /**\n * Check if token is expired (without signature verification)\n */\n isTokenExpired(token: string): boolean {\n const payload = this.decodeToken(token);\n if (!payload?.exp) return true;\n return payload.exp * 1000 < Date.now();\n }\n\n /**\n * Get token expiration date (without signature verification)\n */\n getTokenExpiration(token: string): Date | null {\n const payload = this.decodeToken(token);\n if (!payload?.exp) return null;\n return new Date(payload.exp * 1000);\n }\n\n /**\n * Get time until token expires in seconds\n */\n getTokenTTL(token: string): number {\n const exp = this.getTokenExpiration(token);\n if (!exp) return 0;\n return Math.max(0, Math.floor((exp.getTime() - Date.now()) / 1000));\n }\n}\n\n/**\n * JWT Error class\n */\nexport class JwtError extends Error {\n constructor(\n message: string,\n public readonly code:\n | 'TOKEN_EXPIRED'\n | 'INVALID_TOKEN'\n | 'INVALID_TOKEN_TYPE'\n | 'VERIFICATION_FAILED'\n ) {\n super(message);\n this.name = 'JwtError';\n }\n}\n\n/**\n * Extract token from Authorization header\n */\nexport function extractBearerToken(\n authHeader: string | null | undefined\n): string | null {\n if (!authHeader) return null;\n const parts = authHeader.split(' ');\n if (parts.length !== 2 || parts[0] !== 'Bearer') return null;\n return parts[1] ?? null;\n}\n\n/**\n * Create a JwtManager instance\n */\nexport function createJwtManager(config: JwtConfig): JwtManager {\n return new JwtManager(config);\n}\n","/**\n * Session Blocklist\n * Uses KVStorage interface for multi-runtime support\n * Supports token/session revocation for logout\n */\n\nimport type { KVStorage } from '../storage/types.js';\nimport { StorageKeys } from '../storage/index.js';\n\n/**\n * Blocklist configuration\n */\nexport interface BlocklistConfig {\n /** Key prefix for blocked sessions */\n prefix?: string;\n /** Default TTL in seconds (should match max token lifetime) */\n defaultTTL?: number;\n}\n\n/**\n * Blocklist entry\n */\ninterface BlocklistEntry {\n /** Session or token ID */\n id: string;\n /** When the entry expires */\n expiresAt: string;\n /** Why was it blocked */\n reason?: string;\n /** When it was blocked */\n blockedAt: string;\n /** User ID (for audit) */\n userId?: string;\n}\n\n/**\n * Session Blocklist\n * Manages blocked/revoked sessions and tokens\n */\nexport class SessionBlocklist {\n private storage: KVStorage;\n\n constructor(storage: KVStorage, _config?: BlocklistConfig) {\n this.storage = storage;\n // Config is reserved for future use (custom prefix, TTL settings)\n }\n\n /**\n * Get storage key for blocklist entry\n */\n private getKey(sessionId: string): string {\n return StorageKeys.blocklist(sessionId);\n }\n\n /**\n * Block a session (revoke it)\n */\n async blockSession(\n sessionId: string,\n expiresAt: Date,\n options?: { reason?: string; userId?: string }\n ): Promise<void> {\n const ttlMs = expiresAt.getTime() - Date.now();\n if (ttlMs <= 0) return; // Already expired, no need to block\n\n const ttlSeconds = Math.ceil(ttlMs / 1000);\n const key = this.getKey(sessionId);\n\n const entry: BlocklistEntry = {\n id: sessionId,\n expiresAt: expiresAt.toISOString(),\n reason: options?.reason,\n blockedAt: new Date().toISOString(),\n userId: options?.userId,\n };\n\n await this.storage.set(key, entry, ttlSeconds);\n }\n\n /**\n * Check if a session is blocked\n */\n async isBlocked(sessionId: string): Promise<boolean> {\n const key = this.getKey(sessionId);\n const entry = await this.storage.get<BlocklistEntry>(key);\n\n if (!entry) return false;\n\n // Double-check expiration (storage should handle this, but be safe)\n if (new Date(entry.expiresAt) < new Date()) {\n await this.storage.delete(key);\n return false;\n }\n\n return true;\n }\n\n /**\n * Get blocklist entry details\n */\n async getEntry(sessionId: string): Promise<BlocklistEntry | null> {\n const key = this.getKey(sessionId);\n return this.storage.get<BlocklistEntry>(key);\n }\n\n /**\n * Unblock a session (if needed)\n */\n async unblockSession(sessionId: string): Promise<void> {\n const key = this.getKey(sessionId);\n await this.storage.delete(key);\n }\n\n /**\n * Block multiple sessions (logout all devices)\n */\n async blockMultipleSessions(\n sessions: Array<{\n id: string;\n expiresAt: Date;\n reason?: string;\n userId?: string;\n }>\n ): Promise<void> {\n await Promise.all(\n sessions.map((s) =>\n this.blockSession(s.id, s.expiresAt, {\n reason: s.reason,\n userId: s.userId,\n })\n )\n );\n }\n\n /**\n * Block all sessions for a user\n * Requires session IDs to be provided (from session store)\n */\n async blockAllUserSessions(\n userId: string,\n sessionIds: string[],\n tokenExpiresAt: Date,\n reason = 'User logout all'\n ): Promise<void> {\n await this.blockMultipleSessions(\n sessionIds.map((id) => ({\n id,\n expiresAt: tokenExpiresAt,\n reason,\n userId,\n }))\n );\n }\n}\n\n/**\n * Token Blocklist\n * For revoking individual tokens (separate from sessions)\n */\nexport class TokenBlocklist {\n private storage: KVStorage;\n\n constructor(storage: KVStorage) {\n this.storage = storage;\n }\n\n /**\n * Get storage key for token blocklist entry\n */\n private getKey(tokenHash: string): string {\n return `blocklist:token:${tokenHash}`;\n }\n\n /**\n * Hash a token for storage (don't store raw tokens)\n */\n private async hashToken(token: string): Promise<string> {\n const encoder = new TextEncoder();\n const data = encoder.encode(token);\n const hashBuffer = await crypto.subtle.digest('SHA-256', data);\n const hashArray = Array.from(new Uint8Array(hashBuffer));\n return hashArray.map((b) => b.toString(16).padStart(2, '0')).join('');\n }\n\n /**\n * Block a token\n */\n async blockToken(token: string, expiresAt: Date, reason?: string): Promise<void> {\n const ttlMs = expiresAt.getTime() - Date.now();\n if (ttlMs <= 0) return;\n\n const ttlSeconds = Math.ceil(ttlMs / 1000);\n const hash = await this.hashToken(token);\n const key = this.getKey(hash);\n\n await this.storage.set(\n key,\n {\n hash,\n expiresAt: expiresAt.toISOString(),\n reason,\n blockedAt: new Date().toISOString(),\n },\n ttlSeconds\n );\n }\n\n /**\n * Check if a token is blocked\n */\n async isBlocked(token: string): Promise<boolean> {\n const hash = await this.hashToken(token);\n const key = this.getKey(hash);\n return this.storage.has(key);\n }\n\n /**\n * Unblock a token\n */\n async unblockToken(token: string): Promise<void> {\n const hash = await this.hashToken(token);\n const key = this.getKey(hash);\n await this.storage.delete(key);\n }\n}\n\n/**\n * Create session blocklist\n */\nexport function createSessionBlocklist(\n storage: KVStorage,\n config?: BlocklistConfig\n): SessionBlocklist {\n return new SessionBlocklist(storage, config);\n}\n\n/**\n * Create token blocklist\n */\nexport function createTokenBlocklist(storage: KVStorage): TokenBlocklist {\n return new TokenBlocklist(storage);\n}\n"]}
|