npm - @plumile/backoffice-react - Versions diffs - 0.1.72 → 0.1.73 - Mend

@plumile/backoffice-react 0.1.72 → 0.1.73

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (390) hide show

package/lib/esm/useAuth-AczFS-oL.js ADDED Viewed

@@ -0,0 +1,543 @@
+import { i as e } from "./environment-BJeJTbIN.js";
+import { a as t, c as n, d as r, f as i, s as a, t as o } from "./loginPage.css-BDQJNcSr.js";
+import { i as s, t as c } from "./mutationResult-CcQMY13J.js";
+import { useCallback as l, useEffect as u, useState as d } from "react";
+import { Button as f, FormError as p, FormField as m } from "@plumile/ui";
+import { jsx as h, jsxs as g } from "react/jsx-runtime";
+//#region src/auth/login/MfaChallengeForm.tsx
+var _ = ({ auth: e, onSuccess: s, onBack: c }) => {
+	let { t: _ } = i(), [v, y] = d(""), [b, x] = d(null);
+	u(() => {
+		e.clearError(), x(null);
+	}, [e]);
+	let S = l(async (t) => {
+		t.preventDefault(), x(null);
+		let n = v.trim();
+		if (n.length < 4) {
+			x(_("auth.mfa.errors.shortCode"));
+			return;
+		}
+		try {
+			let t = { code: n };
+			await e.completeMfa(t), s();
+		} catch {
+			let t = e.error?.message;
+			x(t ?? _("auth.mfa.errors.verificationFailed"));
+		}
+	}, [
+		e,
+		v,
+		s,
+		_
+	]), C = e.emailHint == null ? _("auth.mfa.helper.default") : _("auth.mfa.helper.withEmail", { email: e.emailHint }), w = b ?? e.error?.message ?? null;
+	return /* @__PURE__ */ g("form", {
+		className: t,
+		onSubmit: S,
+		noValidate: !0,
+		children: [/* @__PURE__ */ g("div", {
+			className: r,
+			children: [
+				/* @__PURE__ */ h("p", {
+					className: a,
+					children: C
+				}),
+				w == null ? null : /* @__PURE__ */ h(p, { children: w }),
+				/* @__PURE__ */ h(m, {
+					label: _("auth.mfa.form.label"),
+					name: "code",
+					type: "text",
+					value: v,
+					onChange: (e) => {
+						y(e.target.value), x(null);
+					},
+					placeholder: _("auth.mfa.form.placeholder"),
+					autoComplete: "one-time-code",
+					autoFocus: !0,
+					required: !0
+				})
+			]
+		}), /* @__PURE__ */ g("div", {
+			className: o,
+			children: [/* @__PURE__ */ h(f, {
+				type: "button",
+				variant: "text",
+				size: "small",
+				className: n,
+				onClick: () => {
+					e.reset(), c();
+				},
+				children: _("auth.mfa.actions.back")
+			}), /* @__PURE__ */ h(f, {
+				type: "submit",
+				size: "large",
+				isLoading: e.isLoading,
+				children: _("auth.mfa.actions.submit")
+			})]
+		})]
+	});
+};
+//#endregion
+//#region src/modules/webauthn.ts
+function v(e) {
+	let t = new Uint8Array(e), n = "";
+	for (let e of t) n += String.fromCharCode(e);
+	return btoa(n).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function y(e) {
+	let t = e.replace(/-/g, "+").replace(/_/g, "/"), n = t.length % 4, r = "";
+	if (n === 2) r = "==";
+	else if (n === 3) r = "=";
+	else if (n === 1) throw Error("Invalid base64url input length.");
+	let i = `${t}${r}`, a = atob(i), o = new Uint8Array(a.length);
+	for (let e = 0; e < a.length; e += 1) o[e] = a.charCodeAt(e);
+	return o.buffer;
+}
+function b(e) {
+	if (!(e instanceof DOMException)) return "failed";
+	switch (e.name) {
+		case "NotAllowedError":
+		case "AbortError": return "cancelled";
+		case "InvalidStateError": return "credentialInUse";
+		case "SecurityError":
+		case "NotSupportedError": return "notSupported";
+		default: return "failed";
+	}
+}
+function x(e) {
+	return e.byteLength < 37 ? 0 : new DataView(e).getUint32(33, !1);
+}
+//#endregion
+//#region src/hooks/useAuth.ts
+var S = {
+	authMethod: null,
+	challengeToken: null,
+	emailHint: null,
+	mfaLevel: null,
+	nextStep: null
+}, C = (t) => () => {
+	let { t: n } = i(), [r, a] = d(!1), [o, u] = d(null), [f, p] = d(null), [m, h] = d(null), [g, _] = d([]), [b, C] = d(S), w = t.login.commit, T = t.logout.commit, E = t.completeMfa.commit, D = t.beginPasskeyLogin.commit, O = t.finishPasskeyLogin.commit, k = t.acceptInvitation?.commit, A = t.beginAuthentication.commit, j = n("auth.loginFlow.errors.tryAgain"), M = n("auth.loginFlow.errors.tryAgain"), N = n("auth.passkey.errors.failed"), P = n("auth.mfa.errors.verificationFailed"), F = n("auth.acceptInvitation.errors.default"), I = n("auth.mfa.errors.invalidChallenge"), L = n("auth.passkey.errors.notAvailable"), R = "Logout failed.", z = l(() => {
+		u(null), p(null), h(null), _([]), C(S);
+	}, []), B = l(() => {
+		u(null);
+	}, []), V = l((e) => {
+		let t = e.authMethod ?? null, n = e.challengeToken ?? null, r = e.mfaLevel ?? null, i = e.nextStep ?? null;
+		return C((e) => ({
+			...e,
+			authMethod: t,
+			challengeToken: n,
+			mfaLevel: r,
+			nextStep: i
+		})), e.loggedInUser != null && i == null ? (p({ id: e.loggedInUser.id }), "success") : i === "TOTP" && n != null ? "mfa-required" : "error";
+	}, []), H = l((e) => typeof e == "object" && !!e && ("status" in e || "result" in e), []), U = l((e) => {
+		switch (e) {
+			case "INVALID_CREDENTIALS": return n("auth.loginFlow.errors.invalidCredentials");
+			case "ACCOUNT_LOCKED": return n("auth.loginFlow.errors.accountLocked");
+			case "RATE_LIMITED": return n("auth.loginFlow.errors.rateLimited");
+			case "INTERNAL_ERROR": return n("auth.loginFlow.errors.tryAgain");
+			default: return null;
+		}
+	}, [n]), W = l((e) => {
+		switch (e) {
+			case "INVALID_EMAIL": return n("auth.loginFlow.errors.invalidEmail");
+			case "INTERNAL_ERROR": return n("auth.loginFlow.errors.tryAgain");
+			default: return null;
+		}
+	}, [n]), G = l((e) => {
+		switch (e) {
+			case "INVALID_EMAIL": return n("auth.passkey.errors.invalidEmail");
+			case "PASSKEY_NOT_FOUND": return n("auth.passkey.errors.notFound");
+			case "PASSKEY_NOT_SUPPORTED": return n("auth.passkey.errors.notAvailable");
+			case "INTERNAL_ERROR": return n("auth.passkey.errors.failed");
+			default: return null;
+		}
+	}, [n]), K = l((e) => {
+		switch (e) {
+			case "INVALID_CHALLENGE_TOKEN": return n("auth.passkey.errors.invalidChallenge");
+			case "CHALLENGE_EXPIRED": return n("auth.passkey.errors.challengeExpired");
+			case "INVALID_ASSERTION": return n("auth.passkey.errors.invalidAssertion");
+			case "INTERNAL_ERROR": return n("auth.passkey.errors.failed");
+			default: return null;
+		}
+	}, [n]), q = l((e) => {
+		switch (e) {
+			case "INVALID_CHALLENGE_TOKEN": return n("auth.mfa.errors.invalidChallenge");
+			case "CHALLENGE_EXPIRED": return n("auth.mfa.errors.expired");
+			case "INVALID_CODE": return n("auth.mfa.errors.invalidCode");
+			case "TOO_MANY_ATTEMPTS": return n("auth.mfa.errors.tooManyAttempts");
+			case "INTERNAL_ERROR": return n("auth.mfa.errors.verificationFailed");
+			default: return null;
+		}
+	}, [n]), J = l((e) => {
+		switch (e) {
+			case "INVALID_TOKEN": return n("auth.acceptInvitation.errors.invalidToken");
+			case "TOKEN_EXPIRED": return n("auth.acceptInvitation.errors.expired");
+			case "ALREADY_ACCEPTED": return n("auth.acceptInvitation.errors.alreadyAccepted");
+			case "PASSWORD_MISMATCH": return n("auth.acceptInvitation.errors.passwordMismatch");
+			case "PASSWORD_POLICY_VIOLATION": return n("auth.acceptInvitation.errors.passwordPolicyViolation");
+			case "RATE_LIMITED": return n("auth.acceptInvitation.errors.rateLimited");
+			case "EMAIL_MISMATCH": return n("auth.acceptInvitation.errors.emailMismatch");
+			case "INTERNAL_ERROR": return n("auth.acceptInvitation.errors.default");
+			default: return null;
+		}
+	}, [n]), Y = l(async (e) => new Promise((t, n) => {
+		A({
+			variables: { email: e },
+			onCompleted: (e) => {
+				let r = e.beginAuthentication, i = r;
+				if (H(r)) {
+					let e = s(r, {
+						defaultErrorMessage: M,
+						mapReason: W
+					});
+					if (!e.ok) {
+						let t = { message: e.message };
+						u(t), n(t);
+						return;
+					}
+					i = e.payload;
+				}
+				let a = i.methods.map((e) => e.method), o = i.lockedUntil ?? null;
+				_(a), h(o), t({
+					methods: a,
+					lockedUntil: o
+				});
+			},
+			onError: () => {
+				let e = { message: M };
+				u(e), n(e);
+			}
+		});
+	}), [
+		A,
+		M,
+		H,
+		W
+	]), X = l(async (e) => (a(!0), u(null), C((t) => ({
+		...t,
+		emailHint: e.email
+	})), new Promise((t, n) => {
+		w({
+			variables: { input: e },
+			onCompleted: (e) => {
+				a(!1);
+				let r = e.login, i = null;
+				if (H(r)) {
+					let e = s(r, {
+						defaultErrorMessage: j,
+						mapReason: U
+					});
+					if (!e.ok) {
+						let t = { message: e.message };
+						u(t), n(t);
+						return;
+					}
+					i = r.payload ?? null;
+				} else i = r;
+				if (i == null) {
+					let e = { message: j };
+					u(e), n(e);
+					return;
+				}
+				let o = V(i);
+				if (o === "success" || o === "mfa-required") {
+					t(o);
+					return;
+				}
+				let c = { message: j };
+				u(c), n(c);
+			},
+			onError: () => {
+				a(!1);
+				let e = { message: j };
+				u(e), n(e);
+			}
+		});
+	})), [
+		w,
+		j,
+		H,
+		U,
+		V
+	]), Z = l(async (e) => {
+		let { challengeToken: t } = b;
+		if (t == null) {
+			let e = { message: I };
+			return u(e), Promise.reject(e);
+		}
+		return a(!0), u(null), new Promise((n, r) => {
+			E({
+				variables: { input: {
+					challengeToken: t,
+					code: e.code
+				} },
+				onCompleted: (e) => {
+					a(!1);
+					let t = e.completeMfa, i = null;
+					if (H(t)) {
+						let e = s(t, {
+							defaultErrorMessage: P,
+							mapReason: q
+						});
+						if (!e.ok) {
+							let t = { message: e.message };
+							u(t), r(t);
+							return;
+						}
+						i = t.payload ?? null;
+					} else i = t;
+					if (i == null) {
+						let e = { message: P };
+						u(e), r(e);
+						return;
+					}
+					if (V(i) === "success") {
+						n();
+						return;
+					}
+					let o = { message: P };
+					u(o), r(o);
+				},
+				onError: () => {
+					a(!1);
+					let e = { message: P };
+					u(e), r(e);
+				}
+			});
+		});
+	}, [
+		b,
+		E,
+		P,
+		H,
+		q,
+		I,
+		V
+	]), Q = l(async ({ email: e }) => {
+		if (typeof window > "u") {
+			let e = { message: L };
+			return u(e), Promise.reject(e);
+		}
+		return a(!0), u(null), C((t) => ({
+			...t,
+			emailHint: e
+		})), new Promise((t, n) => {
+			D({
+				variables: { email: e },
+				onCompleted: (e) => {
+					let r = e.beginPasskeyLogin, i = r;
+					if (H(r)) {
+						let e = s(r, {
+							defaultErrorMessage: N,
+							mapReason: G
+						});
+						if (!e.ok) {
+							a(!1);
+							let t = { message: e.message };
+							u(t), n(t);
+							return;
+						}
+						i = e.payload;
+					}
+					(async () => {
+						try {
+							let e = await navigator.credentials.get({ publicKey: {
+								allowCredentials: i.allowCredentials.map((e) => ({
+									id: y(e),
+									type: "public-key"
+								})),
+								challenge: y(i.challenge),
+								rpId: i.rpId,
+								userVerification: "preferred"
+							} });
+							if (e == null) throw Error("No credential returned by the authenticator.");
+							let r = e.response, o = x(r.authenticatorData);
+							O({
+								variables: { input: {
+									challenge: i.challenge,
+									challengeToken: i.challengeToken,
+									credentialId: e.id,
+									signCount: o,
+									userHandle: r.userHandle == null ? null : v(r.userHandle)
+								} },
+								onCompleted: (e) => {
+									a(!1);
+									let r = e.finishPasskeyLogin, i = null;
+									if (H(r)) {
+										let e = s(r, {
+											defaultErrorMessage: N,
+											mapReason: K
+										});
+										if (!e.ok) {
+											let t = { message: e.message };
+											u(t), n(t);
+											return;
+										}
+										i = r.payload ?? null;
+									} else i = r;
+									if (i == null) {
+										let e = { message: N };
+										u(e), n(e);
+										return;
+									}
+									let o = V(i);
+									if (o === "success") {
+										t(o);
+										return;
+									}
+									let c = { message: N };
+									u(c), n(c);
+								},
+								onError: () => {
+									a(!1);
+									let e = { message: N };
+									u(e), n(e);
+								}
+							});
+						} catch (e) {
+							a(!1);
+							let t = { message: e instanceof Error ? e.message : "Passkey login was cancelled." };
+							u(t), n(t);
+						}
+					})();
+				},
+				onError: () => {
+					a(!1);
+					let e = { message: N };
+					u(e), n(e);
+				}
+			});
+		});
+	}, [
+		D,
+		O,
+		N,
+		H,
+		G,
+		K,
+		L,
+		V
+	]), $ = l(async (e) => {
+		if (k == null) {
+			let e = { message: "Invitation acceptance is not available." };
+			return u(e), Promise.reject(e);
+		}
+		return a(!0), u(null), new Promise((t, n) => {
+			k({
+				variables: { input: {
+					token: e.token,
+					password: e.password,
+					passwordConfirmation: e.passwordConfirmation
+				} },
+				onCompleted: (e) => {
+					a(!1);
+					let r = e.acceptInvitation, i = null;
+					if (H(r)) {
+						let e = s(r, {
+							defaultErrorMessage: F,
+							mapReason: J
+						});
+						if (!e.ok) {
+							let t = { message: e.message };
+							u(t), n(t);
+							return;
+						}
+						i = r.payload ?? null;
+					} else i = r;
+					if (i == null) {
+						let e = { message: F };
+						u(e), n(e);
+						return;
+					}
+					let o = V(i);
+					if (o === "success" || o === "mfa-required") {
+						t(o);
+						return;
+					}
+					let c = { message: F };
+					u(c), n(c);
+				},
+				onError: () => {
+					a(!1);
+					let e = { message: F };
+					u(e), n(e);
+				}
+			});
+		});
+	}, [
+		k,
+		F,
+		H,
+		J,
+		V
+	]), ee = l(async () => (a(!0), new Promise((t, n) => {
+		T({
+			variables: {},
+			onCompleted: (r) => {
+				a(!1);
+				let i = r.logout, o = null;
+				if (H(i)) {
+					let e = s(i, { defaultErrorMessage: R });
+					if (!e.ok) {
+						let t = { message: e.message };
+						u(t), n(t);
+						return;
+					}
+					let t = c(i.payload?.loggedOut ?? null, R);
+					if (!t.ok) {
+						let e = { message: t.message };
+						u(e), n(e);
+						return;
+					}
+					o = t.value;
+				} else {
+					let e = c(i.loggedOut ?? null, R);
+					if (!e.ok) {
+						let t = { message: e.message };
+						u(t), n(t);
+						return;
+					}
+					o = e.value;
+				}
+				if (!o) {
+					let e = { message: R };
+					u(e), n(e);
+					return;
+				}
+				localStorage.removeItem("auth_token"), localStorage.removeItem("remember_me"), p(null), C(S), e(), t();
+			},
+			onError: () => {
+				a(!1);
+				let t = { message: R };
+				u(t), e(), n(t);
+			}
+		});
+	})), [
+		T,
+		R,
+		H
+	]), te = r || t.login.isInFlight || t.logout.isInFlight || t.completeMfa.isInFlight || t.beginPasskeyLogin.isInFlight || t.finishPasskeyLogin.isInFlight || (t.acceptInvitation?.isInFlight ?? !1) || t.beginAuthentication.isInFlight;
+	return {
+		authMethod: b.authMethod,
+		challengeToken: b.challengeToken,
+		nextStep: b.nextStep,
+		mfaLevel: b.mfaLevel,
+		emailHint: b.emailHint,
+		login: X,
+		loginWithPasskey: Q,
+		completeMfa: Z,
+		acceptInvitation: $,
+		beginAuthentication: Y,
+		logout: ee,
+		reset: z,
+		clearError: B,
+		isLoading: te,
+		error: o,
+		user: f,
+		lockedUntil: m,
+		availableMethods: g
+	};
+};
+//#endregion
+export { x as a, b as i, y as n, _ as o, v as r, C as t };
+//# sourceMappingURL=useAuth-AczFS-oL.js.map

package/lib/esm/useAuth-AczFS-oL.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"useAuth-AczFS-oL.js","names":[],"sources":["../../src/auth/login/MfaChallengeForm.tsx","../../src/modules/webauthn.ts","../../src/hooks/useAuth.ts"],"sourcesContent":["/* eslint-disable no-ternary */\nimport {\n useCallback,\n useEffect,\n useState,\n type FormEvent,\n type JSX,\n} from 'react';\nimport { useSharedTranslation } from '../../i18n/useSharedTranslation.js';\n\nimport { Button, FormError, FormField } from '@plumile/ui';\n\nimport type { TotpCredentials, UseAuthReturn } from '../../hooks/useAuth.js';\n\nimport * as styles from './loginPage.css.js';\n\ntype Props = {\n auth: Pick<\n UseAuthReturn,\n 'completeMfa' | 'isLoading' | 'error' | 'emailHint' | 'reset' | 'clearError'\n >;\n onSuccess: () => void;\n onBack: () => void;\n};\n\nexport const MfaChallengeForm = ({\n auth,\n onSuccess,\n onBack,\n}: Props): JSX.Element => {\n const { t } = useSharedTranslation();\n const [code, setCode] = useState('');\n const [localError, setLocalError] = useState<string | null>(null);\n\n // Clear any stale errors when the MFA form is shown\n useEffect(() => {\n auth.clearError();\n setLocalError(null);\n }, [auth]);\n\n const handleSubmit = useCallback(\n async (event: FormEvent<HTMLFormElement>) => {\n event.preventDefault();\n setLocalError(null);\n\n const trimmed = code.trim();\n if (trimmed.length < 4) {\n setLocalError(t('auth.mfa.errors.shortCode'));\n return;\n }\n\n try {\n const credentials: TotpCredentials = {\n code: trimmed,\n };\n await auth.completeMfa(credentials);\n onSuccess();\n } catch {\n const authMessage = auth.error?.message;\n setLocalError(authMessage ?? t('auth.mfa.errors.verificationFailed'));\n }\n },\n [auth, code, onSuccess, t],\n );\n\n const helper =\n auth.emailHint != null\n ? t('auth.mfa.helper.withEmail', { email: auth.emailHint })\n : t('auth.mfa.helper.default');\n\n const formError = localError ?? auth.error?.message ?? null;\n\n return (\n // eslint-disable-next-line @typescript-eslint/no-misused-promises\n <form className={styles.formSurface} onSubmit={handleSubmit} noValidate>\n <div className={styles.stack}>\n <p className={styles.helper}>{helper}</p>\n {formError != null ? <FormError>{formError}</FormError> : null}\n <FormField\n label={t('auth.mfa.form.label')}\n name=\"code\"\n type=\"text\"\n value={code}\n onChange={(event) => {\n setCode(event.target.value);\n setLocalError(null);\n }}\n placeholder={t('auth.mfa.form.placeholder')}\n autoComplete=\"one-time-code\"\n autoFocus\n required\n />\n </div>\n <div className={styles.actionsRow}>\n <Button\n type=\"button\"\n variant=\"text\"\n size=\"small\"\n className={styles.inlineLink}\n onClick={() => {\n auth.reset();\n onBack();\n }}\n >\n {t('auth.mfa.actions.back')}\n </Button>\n <Button type=\"submit\" size=\"large\" isLoading={auth.isLoading}>\n {t('auth.mfa.actions.submit')}\n </Button>\n </div>\n </form>\n );\n};\n","/**\n * Buffer to base64 url\n */\nexport function bufferToBase64Url(input: ArrayBuffer): string {\n const byteArray = new Uint8Array(input);\n let binary = '';\n for (const byte of byteArray) {\n binary += String.fromCharCode(byte);\n }\n return btoa(binary)\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, '');\n}\n\n/**\n * Base64 url to buffer\n */\nexport function base64UrlToBuffer(input: string): ArrayBuffer {\n const normalized = input.replace(/-/g, '+').replace(/_/g, '/');\n const remainder = normalized.length % 4;\n let padding = '';\n if (remainder === 2) {\n padding = '==';\n } else if (remainder === 3) {\n padding = '=';\n } else if (remainder === 1) {\n throw new Error('Invalid base64url input length.');\n }\n const padded = `${normalized}${padding}`;\n const binary = atob(padded);\n const output = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i += 1) {\n output[i] = binary.charCodeAt(i);\n }\n return output.buffer;\n}\n\nexport type WebAuthnRegistrationErrorKind =\n | 'cancelled'\n | 'credentialInUse'\n | 'notSupported'\n | 'failed';\n\n/**\n * Maps a browser WebAuthn registration error to a stable UI category.\n */\nexport function mapWebAuthnRegistrationError(\n error: unknown,\n): WebAuthnRegistrationErrorKind {\n if (!(error instanceof DOMException)) {\n return 'failed';\n }\n\n switch (error.name) {\n case 'NotAllowedError':\n case 'AbortError':\n return 'cancelled';\n case 'InvalidStateError':\n return 'credentialInUse';\n case 'SecurityError':\n case 'NotSupportedError':\n return 'notSupported';\n default:\n return 'failed';\n }\n}\n\n/**\n * Parse sign count\n */\nexport function parseSignCount(authenticatorData: ArrayBuffer): number {\n if (authenticatorData.byteLength < 37) {\n return 0;\n }\n const view = new DataView(authenticatorData);\n return view.getUint32(33, false);\n}\n","/* eslint-disable no-ternary */\nimport { useCallback, useState } from 'react';\n\nimport {\n type MutationPayloadBase,\n requireField,\n resolveMutationOutcome,\n} from '../relay/mutationResult.js';\nimport { useSharedTranslation } from '../i18n/useSharedTranslation.js';\n\nimport { resetRelayStore } from '../relay/environment.js';\nimport type { PayloadError } from 'relay-runtime';\n\nimport type {\n AuthMethod,\n LoginNextStep,\n MfaLevel,\n} from '../modules/sharedSchemaTypes.js';\nimport {\n base64UrlToBuffer,\n bufferToBase64Url,\n parseSignCount,\n} from '../modules/webauthn.js';\n\nexport type AuthPayload = {\n authMethod: AuthMethod | null | undefined;\n challengeToken: string | null | undefined;\n loggedInUser: { id: string } | null | undefined;\n mfaLevel: MfaLevel | null | undefined;\n nextStep: LoginNextStep | null | undefined;\n};\n\ntype LoginErrorReason =\n | 'INVALID_CREDENTIALS'\n | 'ACCOUNT_LOCKED'\n | 'RATE_LIMITED'\n | 'INTERNAL_ERROR';\n\ntype LogoutErrorReason =\n | 'UNAUTHENTICATED'\n | 'SESSION_NOT_FOUND'\n | 'INTERNAL_ERROR';\n\ntype BeginAuthenticationErrorReason = 'INVALID_EMAIL' | 'INTERNAL_ERROR';\n\ntype BeginPasskeyLoginErrorReason =\n | 'INVALID_EMAIL'\n | 'PASSKEY_NOT_FOUND'\n | 'PASSKEY_NOT_SUPPORTED'\n | 'INTERNAL_ERROR';\n\ntype FinishPasskeyLoginErrorReason =\n | 'INVALID_CHALLENGE_TOKEN'\n | 'CHALLENGE_EXPIRED'\n | 'INVALID_ASSERTION'\n | 'INTERNAL_ERROR';\n\ntype CompleteMfaErrorReason =\n | 'INVALID_CHALLENGE_TOKEN'\n | 'CHALLENGE_EXPIRED'\n | 'INVALID_CODE'\n | 'TOO_MANY_ATTEMPTS'\n | 'INTERNAL_ERROR';\n\ntype AcceptInvitationErrorReason =\n | 'INVALID_TOKEN'\n | 'TOKEN_EXPIRED'\n | 'ALREADY_ACCEPTED'\n | 'PASSWORD_MISMATCH'\n | 'PASSWORD_POLICY_VIOLATION'\n | 'RATE_LIMITED'\n | 'EMAIL_MISMATCH'\n | 'INTERNAL_ERROR';\n\nexport type BeginAuthenticationPayload =\n MutationPayloadBase<BeginAuthenticationErrorReason> & {\n lockedUntil: string | null | undefined;\n methods: readonly {\n method: AuthMethod;\n mfaEnforced?: boolean | null | undefined;\n }[];\n };\n\nexport type BeginPasskeyLoginPayload =\n MutationPayloadBase<BeginPasskeyLoginErrorReason> & {\n allowCredentials: readonly string[];\n challenge: string;\n challengeToken: string;\n rpId: string;\n };\n\ntype LoginMutationPayload = MutationPayloadBase<LoginErrorReason> & {\n payload?: AuthPayload | null | undefined;\n};\n\ntype LogoutPayload = {\n loggedOut?: boolean | null | undefined;\n};\n\ntype LogoutMutationPayload = MutationPayloadBase<LogoutErrorReason> & {\n payload?: LogoutPayload | null | undefined;\n};\n\ntype CompleteMfaMutationPayload =\n MutationPayloadBase<CompleteMfaErrorReason> & {\n payload?: AuthPayload | null | undefined;\n };\n\ntype FinishPasskeyLoginMutationPayload =\n MutationPayloadBase<FinishPasskeyLoginErrorReason> & {\n payload?: AuthPayload | null | undefined;\n };\n\ntype AcceptInvitationMutationPayload =\n MutationPayloadBase<AcceptInvitationErrorReason> & {\n payload?: AuthPayload | null | undefined;\n };\n\nexport type LoginResponse = { login: AuthPayload | LoginMutationPayload };\nexport type LogoutResponse = { logout: LogoutPayload | LogoutMutationPayload };\nexport type CompleteMfaResponse = {\n completeMfa: AuthPayload | CompleteMfaMutationPayload;\n};\nexport type FinishPasskeyLoginResponse = {\n finishPasskeyLogin: AuthPayload | FinishPasskeyLoginMutationPayload;\n};\nexport type AcceptInvitationResponse = {\n acceptInvitation: AuthPayload | AcceptInvitationMutationPayload;\n};\nexport type BeginAuthenticationResponse = {\n beginAuthentication: BeginAuthenticationPayload;\n};\nexport type BeginPasskeyLoginResponse = {\n beginPasskeyLogin: BeginPasskeyLoginPayload;\n};\n\nexport type LoginVariables = {\n input: LoginCredentials;\n};\n\nexport type LogoutVariables = Record<PropertyKey, never>;\n\nexport type CompleteMfaVariables = {\n input: {\n challengeToken: string;\n code: string;\n };\n};\n\nexport type BeginPasskeyLoginVariables = {\n email: string;\n};\n\nexport type FinishPasskeyLoginVariables = {\n input: {\n challenge: string;\n challengeToken: string;\n credentialId: string;\n signCount: number;\n userHandle?: string | null;\n };\n};\n\nexport type AcceptInvitationVariables = {\n input: {\n token: string;\n password: string;\n passwordConfirmation: string;\n };\n};\n\nexport type BeginAuthenticationVariables = {\n email: string;\n};\n\ntype MutationCommitConfig<TVariables, TResponse> = {\n variables: TVariables;\n onCompleted?: (\n response: TResponse,\n errors: readonly PayloadError[] | null,\n ) => void;\n onError?: (error: Error) => void;\n};\n\ntype MutationCommit<TVariables, TResponse> = (\n config: MutationCommitConfig<TVariables, TResponse>,\n) => void;\n\ntype MutationEntry<TVariables, TResponse> = {\n commit: MutationCommit<TVariables, TResponse>;\n isInFlight: boolean;\n};\n\nexport type AuthMutationHooks = {\n login: MutationEntry<LoginVariables, LoginResponse>;\n logout: MutationEntry<LogoutVariables, LogoutResponse>;\n completeMfa: MutationEntry<CompleteMfaVariables, CompleteMfaResponse>;\n beginPasskeyLogin: MutationEntry<\n BeginPasskeyLoginVariables,\n BeginPasskeyLoginResponse\n >;\n finishPasskeyLogin: MutationEntry<\n FinishPasskeyLoginVariables,\n FinishPasskeyLoginResponse\n >;\n acceptInvitation?: MutationEntry<\n AcceptInvitationVariables,\n AcceptInvitationResponse\n >;\n beginAuthentication: MutationEntry<\n BeginAuthenticationVariables,\n BeginAuthenticationResponse\n >;\n};\n\ninterface User {\n id: string;\n}\n\nexport type LoginStatus = 'success' | 'mfa-required' | 'error';\n\nexport interface LoginCredentials {\n email: string;\n password: string;\n}\n\nexport interface TotpCredentials {\n code: string;\n}\n\nexport interface AcceptInvitationCredentials {\n token: string;\n password: string;\n passwordConfirmation: string;\n}\n\nexport interface AuthError {\n message: string;\n code?: string;\n}\n\nexport interface UseAuthReturn {\n authMethod: AuthMethod | null;\n challengeToken: string | null;\n nextStep: LoginNextStep | null;\n mfaLevel: MfaLevel | null;\n emailHint: string | null;\n lockedUntil: string | null;\n availableMethods: AuthMethod[];\n login: (credentials: LoginCredentials) => Promise<LoginStatus>;\n loginWithPasskey: (params: { email: string }) => Promise<LoginStatus>;\n completeMfa: (credentials: TotpCredentials) => Promise<void>;\n acceptInvitation: (\n credentials: AcceptInvitationCredentials,\n ) => Promise<LoginStatus>;\n beginAuthentication: (\n email: string,\n ) => Promise<{ methods: AuthMethod[]; lockedUntil: string | null }>;\n logout: () => Promise<void>;\n reset: () => void;\n clearError: () => void;\n isLoading: boolean;\n error: AuthError | null;\n user: User | null;\n}\n\nconst initialState = {\n authMethod: null as AuthMethod | null,\n challengeToken: null as string | null,\n emailHint: null as string | null,\n mfaLevel: null as MfaLevel | null,\n nextStep: null as LoginNextStep | null,\n};\n\nexport const createUseAuth = (mutations: AuthMutationHooks) => {\n return (): UseAuthReturn => {\n const { t } = useSharedTranslation();\n const [isLoading, setIsLoading] = useState<boolean>(false);\n const [error, setError] = useState<AuthError | null>(null);\n const [user, setUser] = useState<User | null>(null);\n const [lockedUntil, setLockedUntil] = useState<string | null>(null);\n const [availableMethods, setAvailableMethods] = useState<AuthMethod[]>([]);\n const [authState, setAuthState] = useState(initialState);\n\n const commitLoginMutation = mutations.login.commit;\n const commitLogoutMutation = mutations.logout.commit;\n const commitCompleteMfaMutation = mutations.completeMfa.commit;\n const commitBeginPasskeyLoginMutation = mutations.beginPasskeyLogin.commit;\n const commitFinishPasskeyLoginMutation =\n mutations.finishPasskeyLogin.commit;\n const commitAcceptInvitationMutation = mutations.acceptInvitation?.commit;\n const commitBeginAuthenticationMutation =\n mutations.beginAuthentication.commit;\n\n const defaultLoginErrorMessage = t('auth.loginFlow.errors.tryAgain');\n const defaultBeginAuthenticationErrorMessage = t(\n 'auth.loginFlow.errors.tryAgain',\n );\n const defaultPasskeyErrorMessage = t('auth.passkey.errors.failed');\n const defaultMfaErrorMessage = t('auth.mfa.errors.verificationFailed');\n const defaultInvitationErrorMessage = t(\n 'auth.acceptInvitation.errors.default',\n );\n const mfaInvalidChallengeMessage = t('auth.mfa.errors.invalidChallenge');\n const passkeyNotAvailableMessage = t('auth.passkey.errors.notAvailable');\n const defaultLogoutErrorMessage = 'Logout failed.';\n\n const reset = useCallback(() => {\n setError(null);\n setUser(null);\n setLockedUntil(null);\n setAvailableMethods([]);\n setAuthState(initialState);\n }, []);\n\n const clearError = useCallback(() => {\n setError(null);\n }, []);\n\n const updateAuthStateFromPayload = useCallback(\n (payload: AuthPayload): LoginStatus => {\n const authMethod = payload.authMethod ?? null;\n const challengeToken = payload.challengeToken ?? null;\n const mfaLevel = payload.mfaLevel ?? null;\n const nextStep = payload.nextStep ?? null;\n\n setAuthState((prev) => {\n return {\n ...prev,\n authMethod,\n challengeToken,\n mfaLevel,\n nextStep,\n };\n });\n\n if (payload.loggedInUser != null && nextStep == null) {\n setUser({\n id: payload.loggedInUser.id,\n });\n return 'success';\n }\n\n if (nextStep === 'TOTP' && challengeToken != null) {\n return 'mfa-required';\n }\n\n return 'error';\n },\n [],\n );\n\n const isMutationPayload = useCallback(\n (value: unknown): value is MutationPayloadBase => {\n return (\n value != null &&\n typeof value === 'object' &&\n ('status' in value || 'result' in value)\n );\n },\n [],\n );\n\n const mapLoginReason = useCallback(\n (reason: LoginErrorReason): string | null => {\n switch (reason) {\n case 'INVALID_CREDENTIALS':\n return t('auth.loginFlow.errors.invalidCredentials');\n case 'ACCOUNT_LOCKED':\n return t('auth.loginFlow.errors.accountLocked');\n case 'RATE_LIMITED':\n return t('auth.loginFlow.errors.rateLimited');\n case 'INTERNAL_ERROR':\n return t('auth.loginFlow.errors.tryAgain');\n default:\n return null;\n }\n },\n [t],\n );\n\n const mapBeginAuthenticationReason = useCallback(\n (reason: BeginAuthenticationErrorReason): string | null => {\n switch (reason) {\n case 'INVALID_EMAIL':\n return t('auth.loginFlow.errors.invalidEmail');\n case 'INTERNAL_ERROR':\n return t('auth.loginFlow.errors.tryAgain');\n default:\n return null;\n }\n },\n [t],\n );\n\n const mapBeginPasskeyLoginReason = useCallback(\n (reason: BeginPasskeyLoginErrorReason): string | null => {\n switch (reason) {\n case 'INVALID_EMAIL':\n return t('auth.passkey.errors.invalidEmail');\n case 'PASSKEY_NOT_FOUND':\n return t('auth.passkey.errors.notFound');\n case 'PASSKEY_NOT_SUPPORTED':\n return t('auth.passkey.errors.notAvailable');\n case 'INTERNAL_ERROR':\n return t('auth.passkey.errors.failed');\n default:\n return null;\n }\n },\n [t],\n );\n\n const mapFinishPasskeyLoginReason = useCallback(\n (reason: FinishPasskeyLoginErrorReason): string | null => {\n switch (reason) {\n case 'INVALID_CHALLENGE_TOKEN':\n return t('auth.passkey.errors.invalidChallenge');\n case 'CHALLENGE_EXPIRED':\n return t('auth.passkey.errors.challengeExpired');\n case 'INVALID_ASSERTION':\n return t('auth.passkey.errors.invalidAssertion');\n case 'INTERNAL_ERROR':\n return t('auth.passkey.errors.failed');\n default:\n return null;\n }\n },\n [t],\n );\n\n const mapCompleteMfaReason = useCallback(\n (reason: CompleteMfaErrorReason): string | null => {\n switch (reason) {\n case 'INVALID_CHALLENGE_TOKEN':\n return t('auth.mfa.errors.invalidChallenge');\n case 'CHALLENGE_EXPIRED':\n return t('auth.mfa.errors.expired');\n case 'INVALID_CODE':\n return t('auth.mfa.errors.invalidCode');\n case 'TOO_MANY_ATTEMPTS':\n return t('auth.mfa.errors.tooManyAttempts');\n case 'INTERNAL_ERROR':\n return t('auth.mfa.errors.verificationFailed');\n default:\n return null;\n }\n },\n [t],\n );\n\n const mapAcceptInvitationReason = useCallback(\n (reason: AcceptInvitationErrorReason): string | null => {\n switch (reason) {\n case 'INVALID_TOKEN':\n return t('auth.acceptInvitation.errors.invalidToken');\n case 'TOKEN_EXPIRED':\n return t('auth.acceptInvitation.errors.expired');\n case 'ALREADY_ACCEPTED':\n return t('auth.acceptInvitation.errors.alreadyAccepted');\n case 'PASSWORD_MISMATCH':\n return t('auth.acceptInvitation.errors.passwordMismatch');\n case 'PASSWORD_POLICY_VIOLATION':\n return t('auth.acceptInvitation.errors.passwordPolicyViolation');\n case 'RATE_LIMITED':\n return t('auth.acceptInvitation.errors.rateLimited');\n case 'EMAIL_MISMATCH':\n return t('auth.acceptInvitation.errors.emailMismatch');\n case 'INTERNAL_ERROR':\n return t('auth.acceptInvitation.errors.default');\n default:\n return null;\n }\n },\n [t],\n );\n\n const beginAuthentication = useCallback(\n async (\n email: string,\n ): Promise<{ methods: AuthMethod[]; lockedUntil: string | null }> => {\n return new Promise((resolve, reject) => {\n commitBeginAuthenticationMutation({\n variables: { email },\n onCompleted: (response) => {\n const rawPayload = response.beginAuthentication;\n let payload = rawPayload;\n\n if (isMutationPayload(rawPayload)) {\n const outcome = resolveMutationOutcome(rawPayload, {\n defaultErrorMessage: defaultBeginAuthenticationErrorMessage,\n mapReason: mapBeginAuthenticationReason,\n });\n if (!outcome.ok) {\n const authError: AuthError = {\n message: outcome.message,\n };\n setError(authError);\n reject(authError);\n return;\n }\n payload = outcome.payload;\n }\n\n const methods = payload.methods.map((item) => {\n return item.method;\n });\n const locked = payload.lockedUntil ?? null;\n setAvailableMethods(methods);\n setLockedUntil(locked);\n resolve({ methods, lockedUntil: locked });\n },\n onError: () => {\n const authError: AuthError = {\n message: defaultBeginAuthenticationErrorMessage,\n };\n setError(authError);\n reject(authError);\n },\n });\n });\n },\n [\n commitBeginAuthenticationMutation,\n defaultBeginAuthenticationErrorMessage,\n isMutationPayload,\n mapBeginAuthenticationReason,\n ],\n );\n\n const login = useCallback(\n async (credentials: LoginCredentials): Promise<LoginStatus> => {\n setIsLoading(true);\n setError(null);\n setAuthState((prev) => {\n return {\n ...prev,\n emailHint: credentials.email,\n };\n });\n\n return new Promise((resolve, reject) => {\n commitLoginMutation({\n variables: {\n input: credentials,\n },\n onCompleted: (response) => {\n setIsLoading(false);\n const rawPayload = response.login;\n let authPayload: AuthPayload | null = null;\n\n if (isMutationPayload(rawPayload)) {\n const outcome = resolveMutationOutcome(rawPayload, {\n defaultErrorMessage: defaultLoginErrorMessage,\n mapReason: mapLoginReason,\n });\n if (!outcome.ok) {\n const authError: AuthError = {\n message: outcome.message,\n };\n setError(authError);\n reject(authError);\n return;\n }\n authPayload = rawPayload.payload ?? null;\n } else {\n authPayload = rawPayload;\n }\n\n if (authPayload == null) {\n const authError: AuthError = {\n message: defaultLoginErrorMessage,\n };\n setError(authError);\n reject(authError);\n return;\n }\n\n const status = updateAuthStateFromPayload(authPayload);\n if (status === 'success' || status === 'mfa-required') {\n resolve(status);\n return;\n }\n\n const authError: AuthError = {\n message: defaultLoginErrorMessage,\n };\n setError(authError);\n reject(authError);\n },\n onError: () => {\n setIsLoading(false);\n const authError: AuthError = {\n message: defaultLoginErrorMessage,\n };\n setError(authError);\n reject(authError);\n },\n });\n });\n },\n [\n commitLoginMutation,\n defaultLoginErrorMessage,\n isMutationPayload,\n mapLoginReason,\n updateAuthStateFromPayload,\n ],\n );\n\n const completeMfa = useCallback(\n async (credentials: TotpCredentials): Promise<void> => {\n const { challengeToken } = authState;\n if (challengeToken == null) {\n const authError: AuthError = {\n message: mfaInvalidChallengeMessage,\n };\n setError(authError);\n return Promise.reject(authError);\n }\n\n setIsLoading(true);\n setError(null);\n\n return new Promise((resolve, reject) => {\n commitCompleteMfaMutation({\n variables: {\n input: {\n challengeToken,\n code: credentials.code,\n },\n },\n onCompleted: (response) => {\n setIsLoading(false);\n const rawPayload = response.completeMfa;\n let authPayload: AuthPayload | null = null;\n\n if (isMutationPayload(rawPayload)) {\n const outcome = resolveMutationOutcome(rawPayload, {\n defaultErrorMessage: defaultMfaErrorMessage,\n mapReason: mapCompleteMfaReason,\n });\n if (!outcome.ok) {\n const authError: AuthError = {\n message: outcome.message,\n };\n setError(authError);\n reject(authError);\n return;\n }\n authPayload = rawPayload.payload ?? null;\n } else {\n authPayload = rawPayload;\n }\n\n if (authPayload == null) {\n const authError: AuthError = {\n message: defaultMfaErrorMessage,\n };\n setError(authError);\n reject(authError);\n return;\n }\n\n const status = updateAuthStateFromPayload(authPayload);\n if (status === 'success') {\n resolve();\n return;\n }\n\n const authError: AuthError = {\n message: defaultMfaErrorMessage,\n };\n setError(authError);\n reject(authError);\n },\n onError: () => {\n setIsLoading(false);\n const authError: AuthError = {\n message: defaultMfaErrorMessage,\n };\n setError(authError);\n reject(authError);\n },\n });\n });\n },\n [\n authState,\n commitCompleteMfaMutation,\n defaultMfaErrorMessage,\n isMutationPayload,\n mapCompleteMfaReason,\n mfaInvalidChallengeMessage,\n updateAuthStateFromPayload,\n ],\n );\n\n const loginWithPasskey = useCallback(\n async ({ email }: { email: string }): Promise<LoginStatus> => {\n if (typeof window === 'undefined') {\n const authError: AuthError = {\n message: passkeyNotAvailableMessage,\n };\n setError(authError);\n return Promise.reject(authError);\n }\n\n setIsLoading(true);\n setError(null);\n setAuthState((prev) => {\n return {\n ...prev,\n emailHint: email,\n };\n });\n\n return new Promise((resolve, reject) => {\n commitBeginPasskeyLoginMutation({\n variables: {\n email,\n },\n onCompleted: (response) => {\n const rawOptions = response.beginPasskeyLogin;\n let options = rawOptions;\n\n if (isMutationPayload(rawOptions)) {\n const outcome = resolveMutationOutcome(rawOptions, {\n defaultErrorMessage: defaultPasskeyErrorMessage,\n mapReason: mapBeginPasskeyLoginReason,\n });\n if (!outcome.ok) {\n setIsLoading(false);\n const authError: AuthError = {\n message: outcome.message,\n };\n setError(authError);\n reject(authError);\n return;\n }\n options = outcome.payload;\n }\n\n // TODO:! Fix this\n // eslint-disable-next-line no-void\n void (async () => {\n try {\n const assertion = (await navigator.credentials.get({\n publicKey: {\n allowCredentials: options.allowCredentials.map(\n (credentialId) => {\n return {\n id: base64UrlToBuffer(credentialId),\n type: 'public-key' as const,\n };\n },\n ),\n challenge: base64UrlToBuffer(options.challenge),\n rpId: options.rpId,\n userVerification: 'preferred',\n },\n })) as PublicKeyCredential | null;\n\n if (assertion == null) {\n throw new Error(\n 'No credential returned by the authenticator.',\n );\n }\n\n const assertionResponse =\n assertion.response as AuthenticatorAssertionResponse;\n const signCount = parseSignCount(\n assertionResponse.authenticatorData,\n );\n\n commitFinishPasskeyLoginMutation({\n variables: {\n input: {\n challenge: options.challenge,\n challengeToken: options.challengeToken,\n credentialId: assertion.id,\n signCount,\n userHandle:\n assertionResponse.userHandle != null\n ? bufferToBase64Url(assertionResponse.userHandle)\n : null,\n },\n },\n onCompleted: (finishResponse) => {\n setIsLoading(false);\n const rawPayload = finishResponse.finishPasskeyLogin;\n let authPayload: AuthPayload | null = null;\n\n if (isMutationPayload(rawPayload)) {\n const outcome = resolveMutationOutcome(rawPayload, {\n defaultErrorMessage: defaultPasskeyErrorMessage,\n mapReason: mapFinishPasskeyLoginReason,\n });\n if (!outcome.ok) {\n const authError: AuthError = {\n message: outcome.message,\n };\n setError(authError);\n reject(authError);\n return;\n }\n authPayload = rawPayload.payload ?? null;\n } else {\n authPayload = rawPayload;\n }\n\n if (authPayload == null) {\n const authError: AuthError = {\n message: defaultPasskeyErrorMessage,\n };\n setError(authError);\n reject(authError);\n return;\n }\n\n const status = updateAuthStateFromPayload(authPayload);\n if (status === 'success') {\n resolve(status);\n return;\n }\n const authError: AuthError = {\n message: defaultPasskeyErrorMessage,\n };\n setError(authError);\n reject(authError);\n },\n onError: () => {\n setIsLoading(false);\n const authError: AuthError = {\n message: defaultPasskeyErrorMessage,\n };\n setError(authError);\n reject(authError);\n },\n });\n } catch (credentialError) {\n setIsLoading(false);\n const authError: AuthError = {\n message:\n credentialError instanceof Error\n ? credentialError.message\n : 'Passkey login was cancelled.',\n };\n setError(authError);\n reject(authError);\n }\n })();\n },\n onError: () => {\n setIsLoading(false);\n const authError: AuthError = {\n message: defaultPasskeyErrorMessage,\n };\n setError(authError);\n reject(authError);\n },\n });\n });\n },\n [\n commitBeginPasskeyLoginMutation,\n commitFinishPasskeyLoginMutation,\n defaultPasskeyErrorMessage,\n isMutationPayload,\n mapBeginPasskeyLoginReason,\n mapFinishPasskeyLoginReason,\n passkeyNotAvailableMessage,\n updateAuthStateFromPayload,\n ],\n );\n\n const acceptInvitation = useCallback(\n async (\n credentials: AcceptInvitationCredentials,\n ): Promise<LoginStatus> => {\n if (commitAcceptInvitationMutation == null) {\n const authError: AuthError = {\n message: 'Invitation acceptance is not available.',\n };\n setError(authError);\n return Promise.reject(authError);\n }\n\n setIsLoading(true);\n setError(null);\n\n return new Promise((resolve, reject) => {\n commitAcceptInvitationMutation({\n variables: {\n input: {\n token: credentials.token,\n password: credentials.password,\n passwordConfirmation: credentials.passwordConfirmation,\n },\n },\n onCompleted: (response) => {\n setIsLoading(false);\n const rawPayload = response.acceptInvitation;\n let authPayload: AuthPayload | null = null;\n\n if (isMutationPayload(rawPayload)) {\n const outcome = resolveMutationOutcome(rawPayload, {\n defaultErrorMessage: defaultInvitationErrorMessage,\n mapReason: mapAcceptInvitationReason,\n });\n if (!outcome.ok) {\n const authError: AuthError = {\n message: outcome.message,\n };\n setError(authError);\n reject(authError);\n return;\n }\n authPayload = rawPayload.payload ?? null;\n } else {\n authPayload = rawPayload;\n }\n\n if (authPayload == null) {\n const authError: AuthError = {\n message: defaultInvitationErrorMessage,\n };\n setError(authError);\n reject(authError);\n return;\n }\n\n const status = updateAuthStateFromPayload(authPayload);\n if (status === 'success' || status === 'mfa-required') {\n resolve(status);\n return;\n }\n const authError: AuthError = {\n message: defaultInvitationErrorMessage,\n };\n setError(authError);\n reject(authError);\n },\n onError: () => {\n setIsLoading(false);\n const authError: AuthError = {\n message: defaultInvitationErrorMessage,\n };\n setError(authError);\n reject(authError);\n },\n });\n });\n },\n [\n commitAcceptInvitationMutation,\n defaultInvitationErrorMessage,\n isMutationPayload,\n mapAcceptInvitationReason,\n updateAuthStateFromPayload,\n ],\n );\n\n const logout = useCallback(async (): Promise<void> => {\n setIsLoading(true);\n\n return new Promise((resolve, reject) => {\n commitLogoutMutation({\n variables: {},\n onCompleted: (response) => {\n setIsLoading(false);\n const rawPayload = response.logout;\n let loggedOutValue: boolean | null = null;\n\n if (isMutationPayload(rawPayload)) {\n const outcome = resolveMutationOutcome(rawPayload, {\n defaultErrorMessage: defaultLogoutErrorMessage,\n });\n if (!outcome.ok) {\n const authError: AuthError = { message: outcome.message };\n setError(authError);\n reject(authError);\n return;\n }\n\n const loggedOutResult = requireField(\n rawPayload.payload?.loggedOut ?? null,\n defaultLogoutErrorMessage,\n );\n if (!loggedOutResult.ok) {\n const authError: AuthError = {\n message: loggedOutResult.message,\n };\n setError(authError);\n reject(authError);\n return;\n }\n loggedOutValue = loggedOutResult.value;\n } else {\n const loggedOutResult = requireField(\n rawPayload.loggedOut ?? null,\n defaultLogoutErrorMessage,\n );\n if (!loggedOutResult.ok) {\n const authError: AuthError = {\n message: loggedOutResult.message,\n };\n setError(authError);\n reject(authError);\n return;\n }\n loggedOutValue = loggedOutResult.value;\n }\n\n if (!loggedOutValue) {\n const authError: AuthError = {\n message: defaultLogoutErrorMessage,\n };\n setError(authError);\n reject(authError);\n return;\n }\n\n localStorage.removeItem('auth_token');\n localStorage.removeItem('remember_me');\n setUser(null);\n setAuthState(initialState);\n resetRelayStore();\n\n resolve();\n },\n onError: () => {\n setIsLoading(false);\n const authError: AuthError = {\n message: defaultLogoutErrorMessage,\n };\n setError(authError);\n resetRelayStore();\n\n reject(authError);\n },\n });\n });\n }, [commitLogoutMutation, defaultLogoutErrorMessage, isMutationPayload]);\n\n const combinedIsLoading =\n isLoading ||\n mutations.login.isInFlight ||\n mutations.logout.isInFlight ||\n mutations.completeMfa.isInFlight ||\n mutations.beginPasskeyLogin.isInFlight ||\n mutations.finishPasskeyLogin.isInFlight ||\n (mutations.acceptInvitation?.isInFlight ?? false) ||\n mutations.beginAuthentication.isInFlight;\n\n return {\n authMethod: authState.authMethod,\n challengeToken: authState.challengeToken,\n nextStep: authState.nextStep,\n mfaLevel: authState.mfaLevel,\n emailHint: authState.emailHint,\n login,\n loginWithPasskey,\n completeMfa,\n acceptInvitation,\n beginAuthentication,\n logout,\n reset,\n clearError,\n isLoading: combinedIsLoading,\n error,\n user,\n lockedUntil,\n availableMethods,\n };\n };\n};\n"],"mappings":";;;;;;;AAyBA,IAAa,KAAoB,EAC/B,SACA,cACA,gBACwB;CACxB,IAAM,EAAE,SAAM,GAAsB,EAC9B,CAAC,GAAM,KAAW,EAAS,GAAG,EAC9B,CAAC,GAAY,KAAiB,EAAwB,KAAK;AAGjE,SAAgB;AAEd,EADA,EAAK,YAAY,EACjB,EAAc,KAAK;IAClB,CAAC,EAAK,CAAC;CAEV,IAAM,IAAe,EACnB,OAAO,MAAsC;AAE3C,EADA,EAAM,gBAAgB,EACtB,EAAc,KAAK;EAEnB,IAAM,IAAU,EAAK,MAAM;AAC3B,MAAI,EAAQ,SAAS,GAAG;AACtB,KAAc,EAAE,4BAA4B,CAAC;AAC7C;;AAGF,MAAI;GACF,IAAM,IAA+B,EACnC,MAAM,GACP;AAED,GADA,MAAM,EAAK,YAAY,EAAY,EACnC,GAAW;UACL;GACN,IAAM,IAAc,EAAK,OAAO;AAChC,KAAc,KAAe,EAAE,qCAAqC,CAAC;;IAGzE;EAAC;EAAM;EAAM;EAAW;EAAE,CAC3B,EAEK,IACJ,EAAK,aAAa,OAEd,EAAE,0BAA0B,GAD5B,EAAE,6BAA6B,EAAE,OAAO,EAAK,WAAW,CAAC,EAGzD,IAAY,KAAc,EAAK,OAAO,WAAW;AAEvD,QAEE,kBAAC,QAAD;EAAM,WAAW;EAAoB,UAAU;EAAc,YAAA;YAA7D,CACE,kBAAC,OAAD;GAAK,WAAW;aAAhB;IACE,kBAAC,KAAD;KAAG,WAAW;eAAgB;KAAW,CAAA;IACxC,KAAa,OAA4C,OAArC,kBAAC,GAAD,EAAA,UAAY,GAAsB,CAAA;IACvD,kBAAC,GAAD;KACE,OAAO,EAAE,sBAAsB;KAC/B,MAAK;KACL,MAAK;KACL,OAAO;KACP,WAAW,MAAU;AAEnB,MADA,EAAQ,EAAM,OAAO,MAAM,EAC3B,EAAc,KAAK;;KAErB,aAAa,EAAE,4BAA4B;KAC3C,cAAa;KACb,WAAA;KACA,UAAA;KACA,CAAA;IACE;MACN,kBAAC,OAAD;GAAK,WAAW;aAAhB,CACE,kBAAC,GAAD;IACE,MAAK;IACL,SAAQ;IACR,MAAK;IACL,WAAW;IACX,eAAe;AAEb,KADA,EAAK,OAAO,EACZ,GAAQ;;cAGT,EAAE,wBAAwB;IACpB,CAAA,EACT,kBAAC,GAAD;IAAQ,MAAK;IAAS,MAAK;IAAQ,WAAW,EAAK;cAChD,EAAE,0BAA0B;IACtB,CAAA,CACL;KACD;;;;;AC3GX,SAAgB,EAAkB,GAA4B;CAC5D,IAAM,IAAY,IAAI,WAAW,EAAM,EACnC,IAAS;AACb,MAAK,IAAM,KAAQ,EACjB,MAAU,OAAO,aAAa,EAAK;AAErC,QAAO,KAAK,EAAO,CAChB,QAAQ,OAAO,IAAI,CACnB,QAAQ,OAAO,IAAI,CACnB,QAAQ,OAAO,GAAG;;AAMvB,SAAgB,EAAkB,GAA4B;CAC5D,IAAM,IAAa,EAAM,QAAQ,MAAM,IAAI,CAAC,QAAQ,MAAM,IAAI,EACxD,IAAY,EAAW,SAAS,GAClC,IAAU;AACd,KAAI,MAAc,EAChB,KAAU;UACD,MAAc,EACvB,KAAU;UACD,MAAc,EACvB,OAAU,MAAM,kCAAkC;CAEpD,IAAM,IAAS,GAAG,IAAa,KACzB,IAAS,KAAK,EAAO,EACrB,IAAS,IAAI,WAAW,EAAO,OAAO;AAC5C,MAAK,IAAI,IAAI,GAAG,IAAI,EAAO,QAAQ,KAAK,EACtC,GAAO,KAAK,EAAO,WAAW,EAAE;AAElC,QAAO,EAAO;;AAYhB,SAAgB,EACd,GAC+B;AAC/B,KAAI,EAAE,aAAiB,cACrB,QAAO;AAGT,SAAQ,EAAM,MAAd;EACE,KAAK;EACL,KAAK,aACH,QAAO;EACT,KAAK,oBACH,QAAO;EACT,KAAK;EACL,KAAK,oBACH,QAAO;EACT,QACE,QAAO;;;AAOb,SAAgB,EAAe,GAAwC;AAKrE,QAJI,EAAkB,aAAa,KAC1B,IAEI,IAAI,SAAS,EAAkB,CAChC,UAAU,IAAI,GAAM;;;;AC8LlC,IAAM,IAAe;CACnB,YAAY;CACZ,gBAAgB;CAChB,WAAW;CACX,UAAU;CACV,UAAU;CACX,EAEY,KAAiB,YACA;CAC1B,IAAM,EAAE,SAAM,GAAsB,EAC9B,CAAC,GAAW,KAAgB,EAAkB,GAAM,EACpD,CAAC,GAAO,KAAY,EAA2B,KAAK,EACpD,CAAC,GAAM,KAAW,EAAsB,KAAK,EAC7C,CAAC,GAAa,KAAkB,EAAwB,KAAK,EAC7D,CAAC,GAAkB,KAAuB,EAAuB,EAAE,CAAC,EACpE,CAAC,GAAW,KAAgB,EAAS,EAAa,EAElD,IAAsB,EAAU,MAAM,QACtC,IAAuB,EAAU,OAAO,QACxC,IAA4B,EAAU,YAAY,QAClD,IAAkC,EAAU,kBAAkB,QAC9D,IACJ,EAAU,mBAAmB,QACzB,IAAiC,EAAU,kBAAkB,QAC7D,IACJ,EAAU,oBAAoB,QAE1B,IAA2B,EAAE,iCAAiC,EAC9D,IAAyC,EAC7C,iCACD,EACK,IAA6B,EAAE,6BAA6B,EAC5D,IAAyB,EAAE,qCAAqC,EAChE,IAAgC,EACpC,uCACD,EACK,IAA6B,EAAE,mCAAmC,EAClE,IAA6B,EAAE,mCAAmC,EAClE,IAA4B,kBAE5B,IAAQ,QAAkB;AAK9B,EAJA,EAAS,KAAK,EACd,EAAQ,KAAK,EACb,EAAe,KAAK,EACpB,EAAoB,EAAE,CAAC,EACvB,EAAa,EAAa;IACzB,EAAE,CAAC,EAEA,IAAa,QAAkB;AACnC,IAAS,KAAK;IACb,EAAE,CAAC,EAEA,IAA6B,GAChC,MAAsC;EACrC,IAAM,IAAa,EAAQ,cAAc,MACnC,IAAiB,EAAQ,kBAAkB,MAC3C,IAAW,EAAQ,YAAY,MAC/B,IAAW,EAAQ,YAAY;AAuBrC,SArBA,GAAc,OACL;GACL,GAAG;GACH;GACA;GACA;GACA;GACD,EACD,EAEE,EAAQ,gBAAgB,QAAQ,KAAY,QAC9C,EAAQ,EACN,IAAI,EAAQ,aAAa,IAC1B,CAAC,EACK,aAGL,MAAa,UAAU,KAAkB,OACpC,iBAGF;IAET,EAAE,CACH,EAEK,IAAoB,GACvB,MAGG,OAAO,KAAU,cADjB,MAEC,YAAY,KAAS,YAAY,IAGtC,EAAE,CACH,EAEK,IAAiB,GACpB,MAA4C;AAC3C,UAAQ,GAAR;GACE,KAAK,sBACH,QAAO,EAAE,2CAA2C;GACtD,KAAK,iBACH,QAAO,EAAE,sCAAsC;GACjD,KAAK,eACH,QAAO,EAAE,oCAAoC;GAC/C,KAAK,iBACH,QAAO,EAAE,iCAAiC;GAC5C,QACE,QAAO;;IAGb,CAAC,EAAE,CACJ,EAEK,IAA+B,GAClC,MAA0D;AACzD,UAAQ,GAAR;GACE,KAAK,gBACH,QAAO,EAAE,qCAAqC;GAChD,KAAK,iBACH,QAAO,EAAE,iCAAiC;GAC5C,QACE,QAAO;;IAGb,CAAC,EAAE,CACJ,EAEK,IAA6B,GAChC,MAAwD;AACvD,UAAQ,GAAR;GACE,KAAK,gBACH,QAAO,EAAE,mCAAmC;GAC9C,KAAK,oBACH,QAAO,EAAE,+BAA+B;GAC1C,KAAK,wBACH,QAAO,EAAE,mCAAmC;GAC9C,KAAK,iBACH,QAAO,EAAE,6BAA6B;GACxC,QACE,QAAO;;IAGb,CAAC,EAAE,CACJ,EAEK,IAA8B,GACjC,MAAyD;AACxD,UAAQ,GAAR;GACE,KAAK,0BACH,QAAO,EAAE,uCAAuC;GAClD,KAAK,oBACH,QAAO,EAAE,uCAAuC;GAClD,KAAK,oBACH,QAAO,EAAE,uCAAuC;GAClD,KAAK,iBACH,QAAO,EAAE,6BAA6B;GACxC,QACE,QAAO;;IAGb,CAAC,EAAE,CACJ,EAEK,IAAuB,GAC1B,MAAkD;AACjD,UAAQ,GAAR;GACE,KAAK,0BACH,QAAO,EAAE,mCAAmC;GAC9C,KAAK,oBACH,QAAO,EAAE,0BAA0B;GACrC,KAAK,eACH,QAAO,EAAE,8BAA8B;GACzC,KAAK,oBACH,QAAO,EAAE,kCAAkC;GAC7C,KAAK,iBACH,QAAO,EAAE,qCAAqC;GAChD,QACE,QAAO;;IAGb,CAAC,EAAE,CACJ,EAEK,IAA4B,GAC/B,MAAuD;AACtD,UAAQ,GAAR;GACE,KAAK,gBACH,QAAO,EAAE,4CAA4C;GACvD,KAAK,gBACH,QAAO,EAAE,uCAAuC;GAClD,KAAK,mBACH,QAAO,EAAE,+CAA+C;GAC1D,KAAK,oBACH,QAAO,EAAE,gDAAgD;GAC3D,KAAK,4BACH,QAAO,EAAE,uDAAuD;GAClE,KAAK,eACH,QAAO,EAAE,2CAA2C;GACtD,KAAK,iBACH,QAAO,EAAE,6CAA6C;GACxD,KAAK,iBACH,QAAO,EAAE,uCAAuC;GAClD,QACE,QAAO;;IAGb,CAAC,EAAE,CACJ,EAEK,IAAsB,EAC1B,OACE,MAEO,IAAI,SAAS,GAAS,MAAW;AACtC,IAAkC;GAChC,WAAW,EAAE,UAAO;GACpB,cAAc,MAAa;IACzB,IAAM,IAAa,EAAS,qBACxB,IAAU;AAEd,QAAI,EAAkB,EAAW,EAAE;KACjC,IAAM,IAAU,EAAuB,GAAY;MACjD,qBAAqB;MACrB,WAAW;MACZ,CAAC;AACF,SAAI,CAAC,EAAQ,IAAI;MACf,IAAM,IAAuB,EAC3B,SAAS,EAAQ,SAClB;AAED,MADA,EAAS,EAAU,EACnB,EAAO,EAAU;AACjB;;AAEF,SAAU,EAAQ;;IAGpB,IAAM,IAAU,EAAQ,QAAQ,KAAK,MAC5B,EAAK,OACZ,EACI,IAAS,EAAQ,eAAe;AAGtC,IAFA,EAAoB,EAAQ,EAC5B,EAAe,EAAO,EACtB,EAAQ;KAAE;KAAS,aAAa;KAAQ,CAAC;;GAE3C,eAAe;IACb,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,IADA,EAAS,EAAU,EACnB,EAAO,EAAU;;GAEpB,CAAC;GACF,EAEJ;EACE;EACA;EACA;EACA;EACD,CACF,EAEK,IAAQ,EACZ,OAAO,OACL,EAAa,GAAK,EAClB,EAAS,KAAK,EACd,GAAc,OACL;EACL,GAAG;EACH,WAAW,EAAY;EACxB,EACD,EAEK,IAAI,SAAS,GAAS,MAAW;AACtC,IAAoB;GAClB,WAAW,EACT,OAAO,GACR;GACD,cAAc,MAAa;AACzB,MAAa,GAAM;IACnB,IAAM,IAAa,EAAS,OACxB,IAAkC;AAEtC,QAAI,EAAkB,EAAW,EAAE;KACjC,IAAM,IAAU,EAAuB,GAAY;MACjD,qBAAqB;MACrB,WAAW;MACZ,CAAC;AACF,SAAI,CAAC,EAAQ,IAAI;MACf,IAAM,IAAuB,EAC3B,SAAS,EAAQ,SAClB;AAED,MADA,EAAS,EAAU,EACnB,EAAO,EAAU;AACjB;;AAEF,SAAc,EAAW,WAAW;UAEpC,KAAc;AAGhB,QAAI,KAAe,MAAM;KACvB,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,KADA,EAAS,EAAU,EACnB,EAAO,EAAU;AACjB;;IAGF,IAAM,IAAS,EAA2B,EAAY;AACtD,QAAI,MAAW,aAAa,MAAW,gBAAgB;AACrD,OAAQ,EAAO;AACf;;IAGF,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,IADA,EAAS,EAAU,EACnB,EAAO,EAAU;;GAEnB,eAAe;AACb,MAAa,GAAM;IACnB,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,IADA,EAAS,EAAU,EACnB,EAAO,EAAU;;GAEpB,CAAC;GACF,GAEJ;EACE;EACA;EACA;EACA;EACA;EACD,CACF,EAEK,IAAc,EAClB,OAAO,MAAgD;EACrD,IAAM,EAAE,sBAAmB;AAC3B,MAAI,KAAkB,MAAM;GAC1B,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,UADA,EAAS,EAAU,EACZ,QAAQ,OAAO,EAAU;;AAMlC,SAHA,EAAa,GAAK,EAClB,EAAS,KAAK,EAEP,IAAI,SAAS,GAAS,MAAW;AACtC,KAA0B;IACxB,WAAW,EACT,OAAO;KACL;KACA,MAAM,EAAY;KACnB,EACF;IACD,cAAc,MAAa;AACzB,OAAa,GAAM;KACnB,IAAM,IAAa,EAAS,aACxB,IAAkC;AAEtC,SAAI,EAAkB,EAAW,EAAE;MACjC,IAAM,IAAU,EAAuB,GAAY;OACjD,qBAAqB;OACrB,WAAW;OACZ,CAAC;AACF,UAAI,CAAC,EAAQ,IAAI;OACf,IAAM,IAAuB,EAC3B,SAAS,EAAQ,SAClB;AAED,OADA,EAAS,EAAU,EACnB,EAAO,EAAU;AACjB;;AAEF,UAAc,EAAW,WAAW;WAEpC,KAAc;AAGhB,SAAI,KAAe,MAAM;MACvB,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,MADA,EAAS,EAAU,EACnB,EAAO,EAAU;AACjB;;AAIF,SADe,EAA2B,EAAY,KACvC,WAAW;AACxB,SAAS;AACT;;KAGF,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,KADA,EAAS,EAAU,EACnB,EAAO,EAAU;;IAEnB,eAAe;AACb,OAAa,GAAM;KACnB,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,KADA,EAAS,EAAU,EACnB,EAAO,EAAU;;IAEpB,CAAC;IACF;IAEJ;EACE;EACA;EACA;EACA;EACA;EACA;EACA;EACD,CACF,EAEK,IAAmB,EACvB,OAAO,EAAE,eAAqD;AAC5D,MAAI,OAAO,SAAW,KAAa;GACjC,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,UADA,EAAS,EAAU,EACZ,QAAQ,OAAO,EAAU;;AAYlC,SATA,EAAa,GAAK,EAClB,EAAS,KAAK,EACd,GAAc,OACL;GACL,GAAG;GACH,WAAW;GACZ,EACD,EAEK,IAAI,SAAS,GAAS,MAAW;AACtC,KAAgC;IAC9B,WAAW,EACT,UACD;IACD,cAAc,MAAa;KACzB,IAAM,IAAa,EAAS,mBACxB,IAAU;AAEd,SAAI,EAAkB,EAAW,EAAE;MACjC,IAAM,IAAU,EAAuB,GAAY;OACjD,qBAAqB;OACrB,WAAW;OACZ,CAAC;AACF,UAAI,CAAC,EAAQ,IAAI;AACf,SAAa,GAAM;OACnB,IAAM,IAAuB,EAC3B,SAAS,EAAQ,SAClB;AAED,OADA,EAAS,EAAU,EACnB,EAAO,EAAU;AACjB;;AAEF,UAAU,EAAQ;;AAKpB,MAAM,YAAY;AAChB,UAAI;OACF,IAAM,IAAa,MAAM,UAAU,YAAY,IAAI,EACjD,WAAW;QACT,kBAAkB,EAAQ,iBAAiB,KACxC,OACQ;SACL,IAAI,EAAkB,EAAa;SACnC,MAAM;SACP,EAEJ;QACD,WAAW,EAAkB,EAAQ,UAAU;QAC/C,MAAM,EAAQ;QACd,kBAAkB;QACnB,EACF,CAAC;AAEF,WAAI,KAAa,KACf,OAAU,MACR,+CACD;OAGH,IAAM,IACJ,EAAU,UACN,IAAY,EAChB,EAAkB,kBACnB;AAED,SAAiC;QAC/B,WAAW,EACT,OAAO;SACL,WAAW,EAAQ;SACnB,gBAAgB,EAAQ;SACxB,cAAc,EAAU;SACxB;SACA,YACE,EAAkB,cAAc,OAE5B,OADA,EAAkB,EAAkB,WAAW;SAEtD,EACF;QACD,cAAc,MAAmB;AAC/B,WAAa,GAAM;SACnB,IAAM,IAAa,EAAe,oBAC9B,IAAkC;AAEtC,aAAI,EAAkB,EAAW,EAAE;UACjC,IAAM,IAAU,EAAuB,GAAY;WACjD,qBAAqB;WACrB,WAAW;WACZ,CAAC;AACF,cAAI,CAAC,EAAQ,IAAI;WACf,IAAM,IAAuB,EAC3B,SAAS,EAAQ,SAClB;AAED,WADA,EAAS,EAAU,EACnB,EAAO,EAAU;AACjB;;AAEF,cAAc,EAAW,WAAW;eAEpC,KAAc;AAGhB,aAAI,KAAe,MAAM;UACvB,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,UADA,EAAS,EAAU,EACnB,EAAO,EAAU;AACjB;;SAGF,IAAM,IAAS,EAA2B,EAAY;AACtD,aAAI,MAAW,WAAW;AACxB,YAAQ,EAAO;AACf;;SAEF,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,SADA,EAAS,EAAU,EACnB,EAAO,EAAU;;QAEnB,eAAe;AACb,WAAa,GAAM;SACnB,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,SADA,EAAS,EAAU,EACnB,EAAO,EAAU;;QAEpB,CAAC;eACK,GAAiB;AACxB,SAAa,GAAM;OACnB,IAAM,IAAuB,EAC3B,SACE,aAA2B,QACvB,EAAgB,UAChB,gCACP;AAED,OADA,EAAS,EAAU,EACnB,EAAO,EAAU;;SAEjB;;IAEN,eAAe;AACb,OAAa,GAAM;KACnB,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,KADA,EAAS,EAAU,EACnB,EAAO,EAAU;;IAEpB,CAAC;IACF;IAEJ;EACE;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACD,CACF,EAEK,IAAmB,EACvB,OACE,MACyB;AACzB,MAAI,KAAkC,MAAM;GAC1C,IAAM,IAAuB,EAC3B,SAAS,2CACV;AAED,UADA,EAAS,EAAU,EACZ,QAAQ,OAAO,EAAU;;AAMlC,SAHA,EAAa,GAAK,EAClB,EAAS,KAAK,EAEP,IAAI,SAAS,GAAS,MAAW;AACtC,KAA+B;IAC7B,WAAW,EACT,OAAO;KACL,OAAO,EAAY;KACnB,UAAU,EAAY;KACtB,sBAAsB,EAAY;KACnC,EACF;IACD,cAAc,MAAa;AACzB,OAAa,GAAM;KACnB,IAAM,IAAa,EAAS,kBACxB,IAAkC;AAEtC,SAAI,EAAkB,EAAW,EAAE;MACjC,IAAM,IAAU,EAAuB,GAAY;OACjD,qBAAqB;OACrB,WAAW;OACZ,CAAC;AACF,UAAI,CAAC,EAAQ,IAAI;OACf,IAAM,IAAuB,EAC3B,SAAS,EAAQ,SAClB;AAED,OADA,EAAS,EAAU,EACnB,EAAO,EAAU;AACjB;;AAEF,UAAc,EAAW,WAAW;WAEpC,KAAc;AAGhB,SAAI,KAAe,MAAM;MACvB,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,MADA,EAAS,EAAU,EACnB,EAAO,EAAU;AACjB;;KAGF,IAAM,IAAS,EAA2B,EAAY;AACtD,SAAI,MAAW,aAAa,MAAW,gBAAgB;AACrD,QAAQ,EAAO;AACf;;KAEF,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,KADA,EAAS,EAAU,EACnB,EAAO,EAAU;;IAEnB,eAAe;AACb,OAAa,GAAM;KACnB,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,KADA,EAAS,EAAU,EACnB,EAAO,EAAU;;IAEpB,CAAC;IACF;IAEJ;EACE;EACA;EACA;EACA;EACA;EACD,CACF,EAEK,KAAS,EAAY,aACzB,EAAa,GAAK,EAEX,IAAI,SAAS,GAAS,MAAW;AACtC,IAAqB;GACnB,WAAW,EAAE;GACb,cAAc,MAAa;AACzB,MAAa,GAAM;IACnB,IAAM,IAAa,EAAS,QACxB,IAAiC;AAErC,QAAI,EAAkB,EAAW,EAAE;KACjC,IAAM,IAAU,EAAuB,GAAY,EACjD,qBAAqB,GACtB,CAAC;AACF,SAAI,CAAC,EAAQ,IAAI;MACf,IAAM,IAAuB,EAAE,SAAS,EAAQ,SAAS;AAEzD,MADA,EAAS,EAAU,EACnB,EAAO,EAAU;AACjB;;KAGF,IAAM,IAAkB,EACtB,EAAW,SAAS,aAAa,MACjC,EACD;AACD,SAAI,CAAC,EAAgB,IAAI;MACvB,IAAM,IAAuB,EAC3B,SAAS,EAAgB,SAC1B;AAED,MADA,EAAS,EAAU,EACnB,EAAO,EAAU;AACjB;;AAEF,SAAiB,EAAgB;WAC5B;KACL,IAAM,IAAkB,EACtB,EAAW,aAAa,MACxB,EACD;AACD,SAAI,CAAC,EAAgB,IAAI;MACvB,IAAM,IAAuB,EAC3B,SAAS,EAAgB,SAC1B;AAED,MADA,EAAS,EAAU,EACnB,EAAO,EAAU;AACjB;;AAEF,SAAiB,EAAgB;;AAGnC,QAAI,CAAC,GAAgB;KACnB,IAAM,IAAuB,EAC3B,SAAS,GACV;AAED,KADA,EAAS,EAAU,EACnB,EAAO,EAAU;AACjB;;AASF,IANA,aAAa,WAAW,aAAa,EACrC,aAAa,WAAW,cAAc,EACtC,EAAQ,KAAK,EACb,EAAa,EAAa,EAC1B,GAAiB,EAEjB,GAAS;;GAEX,eAAe;AACb,MAAa,GAAM;IACnB,IAAM,IAAuB,EAC3B,SAAS,GACV;AAID,IAHA,EAAS,EAAU,EACnB,GAAiB,EAEjB,EAAO,EAAU;;GAEpB,CAAC;GACF,GACD;EAAC;EAAsB;EAA2B;EAAkB,CAAC,EAElE,KACJ,KACA,EAAU,MAAM,cAChB,EAAU,OAAO,cACjB,EAAU,YAAY,cACtB,EAAU,kBAAkB,cAC5B,EAAU,mBAAmB,eAC5B,EAAU,kBAAkB,cAAc,OAC3C,EAAU,oBAAoB;AAEhC,QAAO;EACL,YAAY,EAAU;EACtB,gBAAgB,EAAU;EAC1B,UAAU,EAAU;EACpB,UAAU,EAAU;EACpB,WAAW,EAAU;EACrB;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA,WAAW;EACX;EACA;EACA;EACA;EACD"}