npm - @plyaz/auth - Versions diffs - 1.0.0 → 1.0.2 - Mend

@plyaz/auth 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (99) hide show

package/commits.txt +3 -3
package/dist/common/index.cjs +3 -1
package/dist/common/index.cjs.map +1 -1
package/dist/common/index.mjs +3 -1
package/dist/common/index.mjs.map +1 -1
package/dist/index.cjs +424 -154
package/dist/index.cjs.map +1 -1
package/dist/index.mjs +421 -152
package/dist/index.mjs.map +1 -1
package/package.json +2 -1
package/release_message.txt +28 -0
package/src/adapters/auth-adapter-factory.ts +4 -3
package/src/adapters/auth-adapter.mapper.ts +2 -2
package/src/adapters/base-auth.adapter.ts +17 -9
package/src/adapters/clerk/clerk.adapter.ts +9 -12
package/src/adapters/custom/custom.adapter.ts +19 -10
package/src/adapters/index.ts +0 -1
package/src/adapters/next-auth/authOptions.ts +20 -16
package/src/adapters/next-auth/next-auth.adapter.ts +13 -15
package/src/api/client.ts +4 -6
package/src/audit/audit.logger.ts +19 -10
package/src/client/components/ProtectedRoute.tsx +15 -11
package/src/client/hooks/useAuth.ts +23 -21
package/src/client/hooks/useConnectedAccounts.ts +57 -45
package/src/client/hooks/usePermissions.ts +1 -1
package/src/client/hooks/useRBAC.ts +6 -6
package/src/client/hooks/useSession.ts +5 -5
package/src/client/providers/AuthProvider.tsx +23 -17
package/src/client/store/auth.store.ts +71 -62
package/src/client/utils/storage.ts +45 -18
package/src/common/constants/oauth-providers.ts +10 -7
package/src/common/errors/auth.errors.ts +4 -4
package/src/common/errors/specific-auth-errors.ts +5 -9
package/src/common/regex/index.ts +6 -4
package/src/common/types/auth.types.ts +47 -38
package/src/common/types/index.ts +12 -6
package/src/common/utils/index.ts +15 -11
package/src/core/blacklist/token.blacklist.ts +13 -7
package/src/core/index.ts +2 -2
package/src/core/jwt/jwt.manager.ts +47 -22
package/src/core/session/session.manager.ts +17 -14
package/src/db/repositories/connected-account.repository.ts +120 -78
package/src/db/repositories/role.repository.ts +41 -26
package/src/db/repositories/session.repository.ts +9 -10
package/src/db/repositories/user.repository.ts +105 -91
package/src/flows/index.ts +2 -2
package/src/flows/sign-in.flow.ts +28 -14
package/src/flows/sign-up.flow.ts +31 -20
package/src/index.ts +36 -37
package/src/libs/clerk.helper.ts +6 -7
package/src/libs/supabase.helper.ts +79 -61
package/src/libs/supabaseClient.ts +3 -3
package/src/providers/base/auth-provider.interface.ts +13 -11
package/src/providers/base/index.ts +1 -1
package/src/providers/index.ts +1 -1
package/src/providers/oauth/facebook.provider.ts +63 -39
package/src/providers/oauth/github.provider.ts +14 -10
package/src/providers/oauth/google.provider.ts +39 -28
package/src/providers/oauth/index.ts +1 -1
package/src/rbac/dynamic-roles.ts +88 -54
package/src/rbac/index.ts +4 -4
package/src/rbac/permission-checker.ts +147 -75
package/src/rbac/role-hierarchy.ts +8 -8
package/src/rbac/role.manager.ts +11 -8
package/src/security/csrf/csrf.protection.ts +9 -7
package/src/security/index.ts +2 -2
package/src/security/rate-limiting/auth/auth.controller.ts +2 -4
package/src/security/rate-limiting/auth/rate-limiting.interface.ts +26 -6
package/src/security/rate-limiting/auth.module.ts +1 -2
package/src/server/auth.module.ts +55 -52
package/src/server/decorators/auth.decorator.ts +9 -11
package/src/server/decorators/auth.decorators.ts +8 -9
package/src/server/decorators/current-user.decorator.ts +6 -6
package/src/server/decorators/permission.decorator.ts +17 -9
package/src/server/guards/auth.guard.ts +21 -16
package/src/server/guards/custom-throttler.guard.ts +4 -9
package/src/server/guards/permissions.guard.ts +32 -23
package/src/server/guards/roles.guard.ts +14 -12
package/src/server/middleware/auth.middleware.ts +4 -4
package/src/server/middleware/session.middleware.ts +4 -4
package/src/server/services/account.service.ts +96 -48
package/src/server/services/auth.service.ts +57 -28
package/src/server/services/brute-force.service.ts +24 -19
package/src/server/services/index.ts +1 -1
package/src/server/services/rate-limiter.service.ts +9 -4
package/src/server/services/session.service.ts +84 -48
package/src/server/services/token.service.ts +71 -51
package/src/session/cookie-store.ts +47 -34
package/src/session/enhanced-session-manager.ts +69 -48
package/src/session/index.ts +5 -5
package/src/session/memory-store.ts +37 -30
package/src/session/redis-store.ts +105 -72
package/src/strategies/oauth.strategy.ts +10 -9
package/src/strategies/traditional-auth.strategy.ts +41 -29
package/src/tokens/index.ts +4 -4
package/src/tokens/refresh-token-manager.ts +70 -55
package/src/tokens/token-validator.ts +109 -53
package/vitest.setup.d.ts +2 -2
package/vitest.setup.ts +1 -1

package/dist/index.mjs CHANGED Viewed

@@ -85,7 +85,9 @@ function maskSensitiveData(data, sensitiveFields = ["password", "token", "secret
   if (typeof data !== "object" || data === null) {
     return data;
   }
-  const masked = { ...data };
+  const masked = {
+    ...data
+  };
   const four = 4;
   for (const field of sensitiveFields) {
     if (field in masked) {
@@ -119,15 +121,26 @@ var JwtManager = class {
     return sign(payload, this.config.privateKey, signOptions);
   }
   generateTokens(user, accessTokenExpiry = "1h", refreshTokenExpiry = "7d") {
-    const accessToken = this.generateToken({ sub: user.id, type: "access" }, accessTokenExpiry);
-    const refreshToken = this.generateToken({ sub: user.id, type: "refresh" }, refreshTokenExpiry);
+    const accessToken = this.generateToken(
+      { sub: user.id, type: "access" },
+      accessTokenExpiry
+    );
+    const refreshToken = this.generateToken(
+      { sub: user.id, type: "refresh" },
+      refreshTokenExpiry
+    );
     let expiresIn;
     if (typeof accessTokenExpiry === "string") {
       const match = accessTokenExpiry.match(/^(\d+)([smhd])$/);
       if (match) {
         const value = globalThis.parseInt(match[1], NUMERIX.TEN);
         const unit = match[2];
-        const multipliers = { s: 1, m: 60, h: 3600, d: 86400 };
+        const multipliers = {
+          s: 1,
+          m: 60,
+          h: 3600,
+          d: 86400
+        };
         expiresIn = value * multipliers[unit];
       } else {
         expiresIn = NUMERIX.THIRTY_SIX_HUNDERD;
@@ -163,10 +176,13 @@ var JwtManager = class {
       issuer: this.config.issuer,
       audience: this.config.audience
     });
-    if (typeof decoded === "string") throw new Error(`Invalid ${tokenType} token payload`);
+    if (typeof decoded === "string")
+      throw new Error(`Invalid ${tokenType} token payload`);
     const payload = decoded;
     if (payload.type !== tokenType) {
-      throw new Error(`Invalid token type. Expected ${tokenType}, got ${payload.type}`);
+      throw new Error(
+        `Invalid token type. Expected ${tokenType}, got ${payload.type}`
+      );
     }
     return payload;
   }
@@ -318,17 +334,44 @@ var PermissionChecker = class {
       }
     }
     const userPermissions = await this.getUserPermissions(userId);
-    const directResult = this.checkDirectPermission(userPermissions, resource, action, context);
+    const directResult = this.checkDirectPermission(
+      userPermissions,
+      resource,
+      action,
+      context
+    );
     if (directResult.granted) {
-      return this.cacheAndReturn(userId, resource, action, context, directResult);
+      return this.cacheAndReturn(
+        userId,
+        resource,
+        action,
+        context,
+        directResult
+      );
     }
-    const roleResult = await this.checkRoleBasedPermission(userId, resource, action, context);
+    const roleResult = await this.checkRoleBasedPermission(
+      userId,
+      resource,
+      action,
+      context
+    );
     if (roleResult.granted) {
       return this.cacheAndReturn(userId, resource, action, context, roleResult);
     }
-    const wildcardResult = this.checkWildcardPermission(userPermissions, resource, action, context);
+    const wildcardResult = this.checkWildcardPermission(
+      userPermissions,
+      resource,
+      action,
+      context
+    );
     if (wildcardResult.granted) {
-      return this.cacheAndReturn(userId, resource, action, context, wildcardResult);
+      return this.cacheAndReturn(
+        userId,
+        resource,
+        action,
+        context,
+        wildcardResult
+      );
     }
     const deniedResult = {
       granted: false,
@@ -432,7 +475,10 @@ var PermissionChecker = class {
     for (const permission of permissions) {
       if (permission.resource === resource && permission.action === action) {
         if (permission.conditions && Object.keys(permission.conditions).length > 0) {
-          const conditionsMet = this.evaluateConditions(permission.conditions, context);
+          const conditionsMet = this.evaluateConditions(
+            permission.conditions,
+            context
+          );
           if (conditionsMet) {
             return {
               granted: true,
@@ -471,7 +517,12 @@ var PermissionChecker = class {
     const userRoles = await this.getUserRoles(userId);
     for (const role of userRoles) {
       const rolePermissions = await this.getRolePermissions(role.id);
-      const result = this.checkDirectPermission(rolePermissions, resource, action, context);
+      const result = this.checkDirectPermission(
+        rolePermissions,
+        resource,
+        action,
+        context
+      );
       if (result.granted) {
         return {
           ...result,
@@ -499,7 +550,10 @@ var PermissionChecker = class {
       const actionMatch = permission.action === "*" || permission.action === action;
       if (resourceMatch && actionMatch) {
         if (permission.conditions && Object.keys(permission.conditions).length > 0) {
-          const conditionsMet = this.evaluateConditions(permission.conditions, context);
+          const conditionsMet = this.evaluateConditions(
+            permission.conditions,
+            context
+          );
           if (conditionsMet) {
             return {
               granted: true,
@@ -1256,7 +1310,11 @@ var DynamicRoles = class {
     for (const [conditionType, conditionValue] of Object.entries(conditions)) {
       const evaluator = this.conditionEvaluators.get(conditionType);
       if (evaluator) {
-        const result = await evaluator(userId, { [conditionType]: conditionValue }, context);
+        const result = await evaluator(
+          userId,
+          { [conditionType]: conditionValue },
+          context
+        );
         if (!result) {
           return false;
         }
@@ -1276,7 +1334,9 @@ var DynamicRoles = class {
   async enforceAssignmentLimits(userId) {
     const userAssignments = this.getUserAssignments(userId, false);
     if (userAssignments.length >= this.config.maxAssignmentsPerUser) {
-      throw new Error(`Maximum assignments per user exceeded: ${this.config.maxAssignmentsPerUser}`);
+      throw new Error(
+        `Maximum assignments per user exceeded: ${this.config.maxAssignmentsPerUser}`
+      );
     }
   }
   /**
@@ -1292,9 +1352,12 @@ var DynamicRoles = class {
    * @private
    */
   startCleanupTimer() {
-    this.cleanupTimer = globalThis.setInterval(async () => {
-      await this.cleanupExpiredAssignments();
-    }, NUMERIX.FIVE * NUMERIX.SIXTY * NUMERIX.THOUSAND);
+    this.cleanupTimer = globalThis.setInterval(
+      async () => {
+        await this.cleanupExpiredAssignments();
+      },
+      NUMERIX.FIVE * NUMERIX.SIXTY * NUMERIX.THOUSAND
+    );
   }
   /**
    * Emit role assigned event
@@ -1392,10 +1455,17 @@ var AuthService = class {
   }
   async signIn(email, password, deviceInfo) {
     const user = await this.traditionalAuth.authenticate(email, password);
-    const session = await this.sessionManager.createSession(user.id, deviceInfo);
+    const session = await this.sessionManager.createSession(
+      user.id,
+      deviceInfo
+    );
     const tokens = this.jwtManager.generateTokens(user);
     await this.userRepo.updateLastLogin(user.id);
-    return { user, tokens: { ...tokens, refreshToken: tokens.refreshToken ?? "" }, session };
+    return {
+      user,
+      tokens: { ...tokens, refreshToken: tokens.refreshToken ?? "" },
+      session
+    };
   }
   async signUp(userData, password) {
     const passwordHash = await this.traditionalAuth.hashPassword(password);
@@ -1427,11 +1497,22 @@ var AuthService = class {
     return this.userRepo.findById(userId);
   }
   async oauthSignIn(profile, accessToken, refreshToken, deviceInfo) {
-    const user = await this.oauthAuth.authenticate(profile, accessToken, refreshToken);
-    const session = await this.sessionManager.createSession(user.id, deviceInfo ?? {});
+    const user = await this.oauthAuth.authenticate(
+      profile,
+      accessToken,
+      refreshToken
+    );
+    const session = await this.sessionManager.createSession(
+      user.id,
+      deviceInfo ?? {}
+    );
     const tokens = this.jwtManager.generateTokens(user);
     await this.userRepo.updateLastLogin(user.id);
-    return { user, tokens: { ...tokens, refreshToken: tokens.refreshToken ?? "" }, session };
+    return {
+      user,
+      tokens: { ...tokens, refreshToken: tokens.refreshToken ?? "" },
+      session
+    };
   }
 };
 _init3 = __decoratorStart();
@@ -1456,8 +1537,13 @@ var _SessionService = class _SessionService {
   async createSession(userContext, sessionData = {}) {
     this.logger.debug(`Creating session for user: ${userContext.userId}`);
     try {
-      const session = await this.sessionManager.createSession(userContext, sessionData);
-      this.logger.log(`Session created: ${session.id} for user: ${userContext.userId}`);
+      const session = await this.sessionManager.createSession(
+        userContext,
+        sessionData
+      );
+      this.logger.log(
+        `Session created: ${session.id} for user: ${userContext.userId}`
+      );
       this.emitEvent(AUTH_EVENTS.SESSION_CREATED, {
         userId: userContext.userId,
         sessionId: session.id,
@@ -1465,7 +1551,10 @@ var _SessionService = class _SessionService {
       });
       return session;
     } catch (error) {
-      this.logger.error(`Failed to create session for user: ${userContext.userId}`, error);
+      this.logger.error(
+        `Failed to create session for user: ${userContext.userId}`,
+        error
+      );
       throw error;
     }
   }
@@ -1569,7 +1658,10 @@ var _SessionService = class _SessionService {
         timestamp: /* @__PURE__ */ new Date()
       });
     } catch (error) {
-      this.logger.error(`Failed to invalidate all sessions for user: ${userId}`, error);
+      this.logger.error(
+        `Failed to invalidate all sessions for user: ${userId}`,
+        error
+      );
       throw error;
     }
   }
@@ -1583,7 +1675,10 @@ var _SessionService = class _SessionService {
     try {
       return await this.sessionManager.detectConcurrentSessions(userId);
     } catch (error) {
-      this.logger.error(`Failed to detect concurrent sessions for user: ${userId}`, error);
+      this.logger.error(
+        `Failed to detect concurrent sessions for user: ${userId}`,
+        error
+      );
       throw error;
     }
   }
@@ -1597,7 +1692,10 @@ var _SessionService = class _SessionService {
     try {
       return await this.sessionManager.generateCsrfToken(sessionId);
     } catch (error) {
-      this.logger.error(`Failed to generate CSRF token for session: ${sessionId}`, error);
+      this.logger.error(
+        `Failed to generate CSRF token for session: ${sessionId}`,
+        error
+      );
       throw error;
     }
   }
@@ -1610,13 +1708,19 @@ var _SessionService = class _SessionService {
   async validateCsrfToken(sessionId, token) {
     this.logger.debug(`Validating CSRF token for session: ${sessionId}`);
     try {
-      const isValid = await this.sessionManager.validateCsrfToken(sessionId, token);
+      const isValid = await this.sessionManager.validateCsrfToken(
+        sessionId,
+        token
+      );
       if (!isValid) {
         this.logger.warn(`Invalid CSRF token for session: ${sessionId}`);
       }
       return isValid;
     } catch (error) {
-      this.logger.error(`Failed to validate CSRF token for session: ${sessionId}`, error);
+      this.logger.error(
+        `Failed to validate CSRF token for session: ${sessionId}`,
+        error
+      );
       return false;
     }
   }
@@ -1629,7 +1733,10 @@ var _SessionService = class _SessionService {
     try {
       return await this.sessionManager.shouldRefreshSession(sessionId);
     } catch (error) {
-      this.logger.error(`Failed to check if session needs refresh: ${sessionId}`, error);
+      this.logger.error(
+        `Failed to check if session needs refresh: ${sessionId}`,
+        error
+      );
       return false;
     }
   }
@@ -1681,7 +1788,9 @@ var _TokenService = class _TokenService {
     try {
       const result = await this.tokenValidator.validateAccessToken(token);
       if (!result.valid) {
-        this.logger.warn(`Access token validation failed: ${result.error?.message}`);
+        this.logger.warn(
+          `Access token validation failed: ${result.error?.message}`
+        );
       }
       return result;
     } catch (error) {
@@ -1705,7 +1814,9 @@ var _TokenService = class _TokenService {
     try {
       const result = await this.tokenValidator.validateRefreshToken(token);
       if (!result.valid) {
-        this.logger.warn(`Refresh token validation failed: ${result.error?.message}`);
+        this.logger.warn(
+          `Refresh token validation failed: ${result.error?.message}`
+        );
       }
       return result;
     } catch (error) {
@@ -1739,7 +1850,10 @@ var _TokenService = class _TokenService {
       this.logger.log(`Token pair generated for user: ${userId}`);
       return tokenPair;
     } catch (error) {
-      this.logger.error(`Failed to generate token pair for user: ${userId}`, error);
+      this.logger.error(
+        `Failed to generate token pair for user: ${userId}`,
+        error
+      );
       throw error;
     }
   }
@@ -1789,7 +1903,10 @@ var _TokenService = class _TokenService {
       await this.refreshTokenManager.revokeAllUserTokens(userId);
       this.logger.log(`All tokens revoked for user: ${userId}`);
     } catch (error) {
-      this.logger.error(`Failed to revoke all tokens for user: ${userId}`, error);
+      this.logger.error(
+        `Failed to revoke all tokens for user: ${userId}`,
+        error
+      );
       throw error;
     }
   }
@@ -1803,7 +1920,10 @@ var _TokenService = class _TokenService {
       await this.refreshTokenManager.revokeSessionTokens(sessionId);
       this.logger.log(`Tokens revoked for session: ${sessionId}`);
     } catch (error) {
-      this.logger.error(`Failed to revoke tokens for session: ${sessionId}`, error);
+      this.logger.error(
+        `Failed to revoke tokens for session: ${sessionId}`,
+        error
+      );
       throw error;
     }
   }
@@ -1899,7 +2019,10 @@ var _AccountService = class _AccountService {
       });
       return connectedAccount;
     } catch (error) {
-      this.logger.error(`Failed to link ${provider} account for user: ${userId}`, error);
+      this.logger.error(
+        `Failed to link ${provider} account for user: ${userId}`,
+        error
+      );
       throw error;
     }
   }
@@ -1927,7 +2050,10 @@ var _AccountService = class _AccountService {
         timestamp: /* @__PURE__ */ new Date()
       });
     } catch (error) {
-      this.logger.error(`Failed to unlink account ${accountId} for user: ${userId}`, error);
+      this.logger.error(
+        `Failed to unlink account ${accountId} for user: ${userId}`,
+        error
+      );
       throw error;
     }
   }
@@ -1951,16 +2077,23 @@ var _AccountService = class _AccountService {
    * @param accountId - Account identifier to set as primary
    */
   async setPrimary(userId, accountId) {
-    this.logger.debug(`Setting primary account ${accountId} for user: ${userId}`);
+    this.logger.debug(
+      `Setting primary account ${accountId} for user: ${userId}`
+    );
     try {
       const account = await this.accountRepository.findById(accountId);
       if (account?.userId !== userId) {
         throw new Error("Account not found or does not belong to user");
       }
       await this.accountRepository.setPrimary(userId, accountId);
-      this.logger.log(`Primary account set to ${accountId} for user: ${userId}`);
+      this.logger.log(
+        `Primary account set to ${accountId} for user: ${userId}`
+      );
     } catch (error) {
-      this.logger.error(`Failed to set primary account ${accountId} for user: ${userId}`, error);
+      this.logger.error(
+        `Failed to set primary account ${accountId} for user: ${userId}`,
+        error
+      );
       throw error;
     }
   }
@@ -1974,7 +2107,10 @@ var _AccountService = class _AccountService {
     try {
       return await this.accountRepository.findPrimary(userId);
     } catch (error) {
-      this.logger.error(`Failed to get primary account for user: ${userId}`, error);
+      this.logger.error(
+        `Failed to get primary account for user: ${userId}`,
+        error
+      );
       throw error;
     }
   }
@@ -1985,11 +2121,19 @@ var _AccountService = class _AccountService {
    * @returns Connected account or null
    */
   async findByProvider(provider, providerAccountId) {
-    this.logger.debug(`Finding account by provider: ${provider}, ID: ${providerAccountId}`);
+    this.logger.debug(
+      `Finding account by provider: ${provider}, ID: ${providerAccountId}`
+    );
     try {
-      return await this.accountRepository.findByProvider(provider, providerAccountId);
+      return await this.accountRepository.findByProvider(
+        provider,
+        providerAccountId
+      );
     } catch (error) {
-      this.logger.error(`Failed to find account by provider: ${provider}`, error);
+      this.logger.error(
+        `Failed to find account by provider: ${provider}`,
+        error
+      );
       throw error;
     }
   }
@@ -2002,10 +2146,17 @@ var _AccountService = class _AccountService {
   async updateTokens(accountId, accessToken, refreshToken) {
     this.logger.debug(`Updating tokens for account: ${accountId}`);
     try {
-      await this.accountRepository.updateTokens(accountId, accessToken, refreshToken);
+      await this.accountRepository.updateTokens(
+        accountId,
+        accessToken,
+        refreshToken
+      );
       this.logger.log(`Tokens updated for account: ${accountId}`);
     } catch (error) {
-      this.logger.error(`Failed to update tokens for account: ${accountId}`, error);
+      this.logger.error(
+        `Failed to update tokens for account: ${accountId}`,
+        error
+      );
       throw error;
     }
   }
@@ -2033,9 +2184,14 @@ var _AccountService = class _AccountService {
     this.logger.debug(`Checking if user ${userId} has ${provider} account`);
     try {
       const accounts = await this.accountRepository.findByUserId(userId);
-      return accounts.some((account) => account.provider === provider && account.isActive);
+      return accounts.some(
+        (account) => account.provider === provider && account.isActive
+      );
     } catch (error) {
-      this.logger.error(`Failed to check provider account for user: ${userId}`, error);
+      this.logger.error(
+        `Failed to check provider account for user: ${userId}`,
+        error
+      );
       return false;
     }
   }
@@ -2050,7 +2206,10 @@ var _AccountService = class _AccountService {
       const accounts = await this.accountRepository.findByUserId(userId);
       return accounts.filter((account) => account.isActive).length;
     } catch (error) {
-      this.logger.error(`Failed to get account count for user: ${userId}`, error);
+      this.logger.error(
+        `Failed to get account count for user: ${userId}`,
+        error
+      );
       return 0;
     }
   }
@@ -2087,7 +2246,10 @@ var _BruteForceService = class _BruteForceService {
   }
   static {
     // 30 min
-    this.USER_PROGRESSIVE_DELAYS = { 4: 5e3, 5: 5e3 };
+    this.USER_PROGRESSIVE_DELAYS = {
+      4: 5e3,
+      5: 5e3
+    };
   }
   static {
     this.IP_HARD_LIMIT = 10;
@@ -2188,7 +2350,12 @@ var RateLimiterService = class {
     }
     if (requests > options.limit && options.blockMs) {
       const blockUntil = Date.now() + options.blockMs;
-      await this.redis.set(blockKey, blockUntil.toString(), "PX", options.blockMs);
+      await this.redis.set(
+        blockKey,
+        blockUntil.toString(),
+        "PX",
+        options.blockMs
+      );
       await this.redis.del(rateKey);
       return true;
     }
@@ -2472,7 +2639,9 @@ var CookieStore = class {
    */
   setCookie(sessionId, data, ttlSeconds) {
     const encryptedData = this.encrypt(JSON.stringify(data));
-    globalThis.console.log(`Setting cookie: ${this.config.cookieName}=${encryptedData}; Max-Age=${ttlSeconds}`);
+    globalThis.console.log(
+      `Setting cookie: ${this.config.cookieName}=${encryptedData}; Max-Age=${ttlSeconds}`
+    );
   }
   /**
    * Clear HTTP cookie (mock implementation)
@@ -2678,7 +2847,9 @@ var MemoryStore = class {
   async enforceSessionLimits(userId) {
     const userSessions = await this.getByUserId(userId);
     if (userSessions.length >= this.config.maxSessionsPerUser) {
-      userSessions.sort((a, b) => a.lastActivityAt.getTime() - b.lastActivityAt.getTime());
+      userSessions.sort(
+        (a, b) => a.lastActivityAt.getTime() - b.lastActivityAt.getTime()
+      );
       const sessionsToRemove = userSessions.length - this.config.maxSessionsPerUser + 1;
       for (let i = 0; i < sessionsToRemove; i++) {
         await this.delete(userSessions[i].id);
@@ -2735,7 +2906,11 @@ var RedisStore = class {
     const serializedData = this.serialize(data);
     await this.client.set(key, serializedData, ttlSeconds);
     const userSessionsTTL = Math.max(ttlSeconds, this.config.defaultTTL);
-    await this.client.set(`${userSessionsKey}${sessionId}`, "1", userSessionsTTL);
+    await this.client.set(
+      `${userSessionsKey}${sessionId}`,
+      "1",
+      userSessionsTTL
+    );
   }
   /**
    * Retrieve session data from Redis
@@ -2784,7 +2959,10 @@ var RedisStore = class {
     const userSessionKeys = await this.client.keys(userSessionsPattern);
     let deletedCount = 0;
     for (const userSessionKey of userSessionKeys) {
-      const sessionId = userSessionKey.replace(this.getUserSessionsKey(userId), "");
+      const sessionId = userSessionKey.replace(
+        this.getUserSessionsKey(userId),
+        ""
+      );
       const sessionKey = this.getSessionKey(sessionId);
       const sessionDeleted = await this.client.del(sessionKey);
       await this.client.del(userSessionKey);
@@ -2802,7 +2980,10 @@ var RedisStore = class {
     const data = await this.get(sessionId);
     if (data) {
       data.lastActivityAt = /* @__PURE__ */ new Date();
-      const remainingTTL = Math.max(0, Math.floor((data.expiresAt.getTime() - Date.now()) / NUMERIX.THOUSAND));
+      const remainingTTL = Math.max(
+        0,
+        Math.floor((data.expiresAt.getTime() - Date.now()) / NUMERIX.THOUSAND)
+      );
       if (remainingTTL > 0) {
         await this.set(sessionId, data, remainingTTL);
       }
@@ -2828,7 +3009,10 @@ var RedisStore = class {
     const userSessionKeys = await this.client.keys(userSessionsPattern);
     const sessions = [];
     for (const userSessionKey of userSessionKeys) {
-      const sessionId = userSessionKey.replace(this.getUserSessionsKey(userId), "");
+      const sessionId = userSessionKey.replace(
+        this.getUserSessionsKey(userId),
+        ""
+      );
       const sessionData = await this.get(sessionId);
       if (sessionData) {
         sessions.push(sessionData);
@@ -2923,7 +3107,9 @@ var RedisStore = class {
   async enforceSessionLimits(userId) {
     const userSessions = await this.getByUserId(userId);
     if (userSessions.length >= this.config.maxSessionsPerUser) {
-      userSessions.sort((a, b) => a.lastActivityAt.getTime() - b.lastActivityAt.getTime());
+      userSessions.sort(
+        (a, b) => a.lastActivityAt.getTime() - b.lastActivityAt.getTime()
+      );
       const sessionsToRemove = userSessions.length - this.config.maxSessionsPerUser + 1;
       for (let i = 0; i < sessionsToRemove; i++) {
         await this.delete(userSessions[i].id);
@@ -3015,7 +3201,9 @@ var EnhancedSessionManager = class {
     const sessionId = this.generateSessionId();
     await this.enforceSessionLimits(userContext.userId);
     const now = /* @__PURE__ */ new Date();
-    const expiresAt = new Date(now.getTime() + this.config.sessionTTL * NUMERIX.THOUSAND);
+    const expiresAt = new Date(
+      now.getTime() + this.config.sessionTTL * NUMERIX.THOUSAND
+    );
     const session = {
       id: sessionId,
       userId: userContext.userId,
@@ -3080,7 +3268,12 @@ var EnhancedSessionManager = class {
       ...updates,
       lastActivityAt: /* @__PURE__ */ new Date()
     };
-    const remainingTTL = Math.max(0, Math.floor((updatedSession.expiresAt.getTime() - Date.now()) / NUMERIX.THOUSAND));
+    const remainingTTL = Math.max(
+      0,
+      Math.floor(
+        (updatedSession.expiresAt.getTime() - Date.now()) / NUMERIX.THOUSAND
+      )
+    );
     if (remainingTTL <= 0) {
       throw new Error("Session has expired");
     }
@@ -3108,7 +3301,9 @@ var EnhancedSessionManager = class {
       throw new Error("Session not found");
     }
     const now = /* @__PURE__ */ new Date();
-    const newExpiresAt = new Date(now.getTime() + this.config.sessionTTL * NUMERIX.THOUSAND);
+    const newExpiresAt = new Date(
+      now.getTime() + this.config.sessionTTL * NUMERIX.THOUSAND
+    );
     const refreshedSession = {
       ...sessionData,
       expiresAt: newExpiresAt,
@@ -3148,7 +3343,9 @@ var EnhancedSessionManager = class {
    */
   async detectConcurrentSessions(userId) {
     const sessionDataArray = await this.store.getByUserId(userId);
-    return sessionDataArray.map((sessionData) => this.mapSessionDataToSession(sessionData));
+    return sessionDataArray.map(
+      (sessionData) => this.mapSessionDataToSession(sessionData)
+    );
   }
   /**
    * Apply maximum session policy for a user
@@ -3157,7 +3354,9 @@ var EnhancedSessionManager = class {
   async enforceSessionLimits(userId) {
     const userSessions = await this.store.getByUserId(userId);
     if (userSessions.length >= this.config.maxConcurrentSessions) {
-      userSessions.sort((a, b) => a.lastActivityAt.getTime() - b.lastActivityAt.getTime());
+      userSessions.sort(
+        (a, b) => a.lastActivityAt.getTime() - b.lastActivityAt.getTime()
+      );
       const sessionsToRemove = userSessions.length - this.config.maxConcurrentSessions + 1;
       for (let i = 0; i < sessionsToRemove; i++) {
         await this.deleteSession(userSessions[i].id);
@@ -3272,7 +3471,8 @@ async function createUser(email, authProvider, data, password) {
     roles: data?.roles ?? [],
     password_hash: passwordHash
   }).select("*").single();
-  if (error || !user) throw new Error(error?.message ?? "Failed to create user");
+  if (error || !user)
+    throw new Error(error?.message ?? "Failed to create user");
   return user;
 }
 __name(createUser, "createUser");
@@ -3290,7 +3490,9 @@ async function createUserSession(userId, deviceInfo) {
   const thirtyTwo = 32;
   const accessToken = randomBytes(thirtyTwo).toString("hex");
   const tokenHash = await bcrypt.hash(accessToken, NUMERIX.TEN);
-  const expiresAt = new Date(Date.now() + NUMERIX.THOUSAND * NUMERIX.SIXTY * NUMERIX.SIXTY * NUMERIX.TWENTY_FOUR);
+  const expiresAt = new Date(
+    Date.now() + NUMERIX.THOUSAND * NUMERIX.SIXTY * NUMERIX.SIXTY * NUMERIX.TWENTY_FOUR
+  );
   const { data, error } = await supabase.from("sessions").insert({
     user_id: userId,
     token_hash: tokenHash,
@@ -3298,7 +3500,8 @@ async function createUserSession(userId, deviceInfo) {
     expires_at: expiresAt,
     last_active_at: /* @__PURE__ */ new Date()
   }).select("*").single();
-  if (error || !data) throw new Error(error?.message ?? "Failed to create session");
+  if (error || !data)
+    throw new Error(error?.message ?? "Failed to create session");
   return {
     id: data.id,
     userId: data.user_id,
@@ -3336,13 +3539,16 @@ async function refreshSessionDB(sessionId) {
   const thirtyTwo = 32;
   const accessToken = randomBytes(thirtyTwo).toString("hex");
   const tokenHash = await bcrypt.hash(accessToken, NUMERIX.TEN);
-  const expiresAt = new Date(Date.now() + NUMERIX.THOUSAND * NUMERIX.SIXTY * NUMERIX.SIXTY * NUMERIX.TWENTY_FOUR);
+  const expiresAt = new Date(
+    Date.now() + NUMERIX.THOUSAND * NUMERIX.SIXTY * NUMERIX.SIXTY * NUMERIX.TWENTY_FOUR
+  );
   const { data, error } = await supabase.from("sessions").update({
     token_hash: tokenHash,
     expires_at: expiresAt,
     last_active_at: /* @__PURE__ */ new Date()
   }).eq("id", sessionId).select("*").single();
-  if (error || !data) throw new Error(error?.message ?? "Failed to refresh session");
+  if (error || !data)
+    throw new Error(error?.message ?? "Failed to refresh session");
   return {
     id: data.id,
     userId: data.user_id,
@@ -3432,12 +3638,7 @@ var ClerkAdapter = class extends BaseAuthProviderAdapter {
    * @param deviceInfo - Optional device metadata
    */
   async signUp(provider, credentials, data) {
-    await createUser(
-      credentials.email,
-      provider,
-      data,
-      credentials.password
-    );
+    await createUser(credentials.email, provider, data, credentials.password);
   }
   /**
    * Sign out a user.
@@ -3682,7 +3883,10 @@ var CustomAdapter = class extends BaseAuthProviderAdapter {
     return { user, session, tokens: { accessToken: session.accessToken } };
   }
   async signUp(provider, credentials, data, deviceInfo) {
-    const userFindByEmail = await findUserByEmailProvider(data?.email ?? "", provider);
+    const userFindByEmail = await findUserByEmailProvider(
+      data?.email ?? "",
+      provider
+    );
     if (userFindByEmail) {
       throw new DatabasePackageError("User already register");
     }
@@ -3763,14 +3967,26 @@ var TraditionalAuthStrategy = class {
     const SALT_LENGTH = 32;
     const HASH_LENGTH = 64;
     const salt = randomBytes(SALT_LENGTH).toString("hex");
-    const hash = pbkdf2Sync(password, salt, NUMERIX.THOUSAND, HASH_LENGTH, "sha512").toString("hex");
+    const hash = pbkdf2Sync(
+      password,
+      salt,
+      NUMERIX.THOUSAND,
+      HASH_LENGTH,
+      "sha512"
+    ).toString("hex");
     return `pbkdf2$${salt}$${hash}`;
   }
   async verifyPassword(password, hash) {
     const HASH_LENGTH = 64;
     if (hash.startsWith("pbkdf2$")) {
       const [, salt, storedHash] = hash.split("$");
-      const computedHash = pbkdf2Sync(password, salt, NUMERIX.THOUSAND, HASH_LENGTH, "sha512").toString("hex");
+      const computedHash = pbkdf2Sync(
+        password,
+        salt,
+        NUMERIX.THOUSAND,
+        HASH_LENGTH,
+        "sha512"
+      ).toString("hex");
       return computedHash === storedHash;
     }
     return false;
@@ -3921,22 +4137,29 @@ var FacebookProvider = class extends BaseAuthProvider {
     __name(this, "FacebookProvider");
   }
   async authenticate(credentials) {
-    const tokenResponse = await this.exchangeCodeForTokens(credentials.code);
+    const tokenResponse = await this.exchangeCodeForTokens(
+      credentials.code
+    );
     const userProfile = await this.getUserProfile(tokenResponse.access_token);
     const tokens = {
       accessToken: tokenResponse.access_token,
       refreshToken: tokenResponse.refresh_token,
-      expiresAt: new Date(Date.now() + tokenResponse.expires_in * NUMERIX.THOUSAND),
+      expiresAt: new Date(
+        Date.now() + tokenResponse.expires_in * NUMERIX.THOUSAND
+      ),
       expiresIn: 0,
       tokenType: ""
     };
     return { user: userProfile, tokens };
   }
   async refreshToken(refreshToken) {
-    const response = await globalThis.fetch("https://graph.facebook.com/v18.0/oauth/access_token", {
-      method: "GET",
-      headers: { "Content-Type": "application/x-www-form-urlencoded" }
-    });
+    const response = await globalThis.fetch(
+      "https://graph.facebook.com/v18.0/oauth/access_token",
+      {
+        method: "GET",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" }
+      }
+    );
     const data = await response.json();
     return {
       accessToken: data.access_token,
@@ -3947,12 +4170,17 @@ var FacebookProvider = class extends BaseAuthProvider {
     };
   }
   async revokeToken(token) {
-    await globalThis.fetch(`https://graph.facebook.com/v18.0/me/permissions?access_token=${token}`, {
-      method: "DELETE"
-    });
+    await globalThis.fetch(
+      `https://graph.facebook.com/v18.0/me/permissions?access_token=${token}`,
+      {
+        method: "DELETE"
+      }
+    );
   }
   async getUserProfile(accessToken) {
-    const response = await globalThis.fetch(`https://graph.facebook.com/v18.0/me?fields=id,name,email,picture&access_token=${accessToken}`);
+    const response = await globalThis.fetch(
+      `https://graph.facebook.com/v18.0/me?fields=id,name,email,picture&access_token=${accessToken}`
+    );
     const profile = await response.json();
     return {
       id: profile.id,
@@ -3981,10 +4209,13 @@ var FacebookProvider = class extends BaseAuthProvider {
     return `https://www.facebook.com/v18.0/dialog/oauth?${params.toString()}`;
   }
   async exchangeCodeForTokens(code) {
-    const response = await globalThis.fetch("https://graph.facebook.com/v18.0/oauth/access_token", {
-      method: "GET",
-      headers: { "Content-Type": "application/x-www-form-urlencoded" }
-    });
+    const response = await globalThis.fetch(
+      "https://graph.facebook.com/v18.0/oauth/access_token",
+      {
+        method: "GET",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" }
+      }
+    );
     globalThis.console.log(code);
     return await response.json();
   }
@@ -4035,7 +4266,9 @@ var GitHubProvider = class extends BaseAuthProvider {
     return {
       accessToken: data.access_token,
       refreshToken: data.refresh_token ?? refreshToken,
-      expiresAt: new Date(Date.now() + (data.expires_in ?? NUMERIX.THIRTY_SIX_HUNDERD) * NUMERIX.THOUSAND),
+      expiresAt: new Date(
+        Date.now() + (data.expires_in ?? NUMERIX.THIRTY_SIX_HUNDERD) * NUMERIX.THOUSAND
+      ),
       expiresIn: 0,
       tokenType: ""
     };
@@ -4121,23 +4354,28 @@ var GoogleProvider = class extends BaseAuthProvider {
     const tokens = {
       accessToken: tokenResponse.access_token,
       refreshToken: tokenResponse.refresh_token,
-      expiresAt: new Date(Date.now() + tokenResponse.expires_in * NUMERIX.THOUSAND),
+      expiresAt: new Date(
+        Date.now() + tokenResponse.expires_in * NUMERIX.THOUSAND
+      ),
       expiresIn: 0,
       tokenType: ""
     };
     return { user: userProfile, tokens };
   }
   async refreshToken(refreshToken) {
-    const response = await globalThis.fetch("https://oauth2.googleapis.com/token", {
-      method: "POST",
-      headers: { "Content-Type": "application/x-www-form-urlencoded" },
-      body: new URLSearchParams({
-        client_id: this.config.clientId,
-        client_secret: this.config.clientSecret,
-        refresh_token: refreshToken,
-        grant_type: "refresh_token"
-      })
-    });
+    const response = await globalThis.fetch(
+      "https://oauth2.googleapis.com/token",
+      {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+          client_id: this.config.clientId,
+          client_secret: this.config.clientSecret,
+          refresh_token: refreshToken,
+          grant_type: "refresh_token"
+        })
+      }
+    );
     const data = await response.json();
     return {
       accessToken: data.access_token,
@@ -4148,9 +4386,12 @@ var GoogleProvider = class extends BaseAuthProvider {
     };
   }
   async revokeToken(token) {
-    await globalThis.fetch(`https://oauth2.googleapis.com/revoke?token=${token}`, {
-      method: "POST"
-    });
+    await globalThis.fetch(
+      `https://oauth2.googleapis.com/revoke?token=${token}`,
+      {
+        method: "POST"
+      }
+    );
   }
   async getUserProfile(accessToken) {
     const response = await globalThis.fetch(
@@ -4175,17 +4416,20 @@ var GoogleProvider = class extends BaseAuthProvider {
     };
   }
   async exchangeCodeForTokens(code) {
-    const response = await globalThis.fetch("https://oauth2.googleapis.com/token", {
-      method: "POST",
-      headers: { "Content-Type": "application/x-www-form-urlencoded" },
-      body: new URLSearchParams({
-        client_id: this.config.clientId,
-        client_secret: this.config.clientSecret,
-        code,
-        grant_type: "authorization_code",
-        redirect_uri: this.config.redirectUri
-      })
-    });
+    const response = await globalThis.fetch(
+      "https://oauth2.googleapis.com/token",
+      {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+          client_id: this.config.clientId,
+          client_secret: this.config.clientSecret,
+          code,
+          grant_type: "authorization_code",
+          redirect_uri: this.config.redirectUri
+        })
+      }
+    );
     return await response.json();
   }
   getAuthUrl() {
@@ -4212,7 +4456,10 @@ var SignInFlow = class {
     __name(this, "SignInFlow");
   }
   async execute(credentials) {
-    const isValid = await this.validateCredentials(credentials.email, credentials.password);
+    const isValid = await this.validateCredentials(
+      credentials.email,
+      credentials.password
+    );
     if (!isValid) {
       throw new Error("Invalid credentials");
     }
@@ -4225,7 +4472,9 @@ var SignInFlow = class {
       const thirty2 = 30;
       await this.sessionManager.createSession({
         userId: user.id,
-        expiresAt: new Date(Date.now() + thirty2 * NUMERIX.TWENTY_FOUR * NUMERIX.SIXTY * NUMERIX.SIXTY * NUMERIX.THOUSAND),
+        expiresAt: new Date(
+          Date.now() + thirty2 * NUMERIX.TWENTY_FOUR * NUMERIX.SIXTY * NUMERIX.SIXTY * NUMERIX.THOUSAND
+        ),
         // 30 days
         metadata: { rememberMe: true }
       });
@@ -4308,7 +4557,10 @@ var SignUpFlow = class {
   }
   async verifyEmail(token) {
     const payload = await this.jwtManager.verifyToken(token);
-    const user = await this.userRepository.updateEmailVerification(payload.userId, true);
+    const user = await this.userRepository.updateEmailVerification(
+      payload.userId,
+      true
+    );
     if (!user) {
       throw new Error("User not found");
     }
@@ -4328,7 +4580,10 @@ var AuthGuard = class {
   }
   // Explicit return type for canActivate
   async canActivate(context) {
-    const isPublic = this.reflector.get("isPublic", context.getHandler());
+    const isPublic = this.reflector.get(
+      "isPublic",
+      context.getHandler()
+    );
     if (isPublic) return true;
     const request = context.switchToHttp().getRequest();
     const token = this.extractToken(request);
@@ -4372,7 +4627,10 @@ var RolesGuard = class {
     __name(this, "RolesGuard");
   }
   async canActivate(context) {
-    const requiredRoles = this.reflector.get("roles", context.getHandler());
+    const requiredRoles = this.reflector.get(
+      "roles",
+      context.getHandler()
+    );
     if (!requiredRoles) return true;
     const request = context.switchToHttp().getRequest();
     const user = request.user;
@@ -4403,11 +4661,12 @@ var PermissionsGuard = class {
     if (!permissionMetadata) return true;
     const user = request.user;
     if (!user) {
-      throw new AuthenticationError(
-        "AUTH_INVALID_CREDENTIALS"
-      );
+      throw new AuthenticationError("AUTH_INVALID_CREDENTIALS");
     }
-    const permissionContext = this.buildPermissionContext(request, permissionMetadata);
+    const permissionContext = this.buildPermissionContext(
+      request,
+      permissionMetadata
+    );
     const result = await this.permissionChecker.checkPermission(
       user.sub ?? user.userId ?? "",
       permissionMetadata.resource,
@@ -4415,18 +4674,13 @@ var PermissionsGuard = class {
       permissionContext
     );
     if (!result.granted) {
-      throw new AuthenticationError(
-        "AUTH_INSUFFICIENT_PERMISSIONS"
-      );
+      throw new AuthenticationError("AUTH_INSUFFICIENT_PERMISSIONS");
     }
     request.permissionResult = result;
     return true;
   }
   getPermissionMetadata(context) {
-    const permissionData = this.reflector.get(
-      "permission",
-      context.getHandler()
-    );
+    const permissionData = this.reflector.get("permission", context.getHandler());
     if (!permissionData) return null;
     if (Array.isArray(permissionData)) {
       return { resource: permissionData[0], action: permissionData[1] };
@@ -4446,7 +4700,12 @@ var PermissionsGuard = class {
       }
     }
     if (request.body) {
-      const relevantBodyFields = ["ownerId", "organizationId", "teamId", "projectId"];
+      const relevantBodyFields = [
+        "ownerId",
+        "organizationId",
+        "teamId",
+        "projectId"
+      ];
       for (const field of relevantBodyFields) {
         if (request.body[field]) context[field] = request.body[field];
       }
@@ -4459,9 +4718,7 @@ _init12 = __decoratorStart();
 PermissionsGuard = __decorateElement(_init12, 0, "PermissionsGuard", _PermissionsGuard_decorators, PermissionsGuard);
 __runInitializers(_init12, 1, PermissionsGuard);
 var IS_PUBLIC_KEY = "isPublic";
-var Auth = /* @__PURE__ */ __name(() => applyDecorators(
-  UseGuards(AuthGuard)
-), "Auth");
+var Auth = /* @__PURE__ */ __name(() => applyDecorators(UseGuards(AuthGuard)), "Auth");
 var Public = /* @__PURE__ */ __name(() => SetMetadata(IS_PUBLIC_KEY, true), "Public");
 var Roles = /* @__PURE__ */ __name((...roles) => SetMetadata("roles", roles), "Roles");
 var Permissions = /* @__PURE__ */ __name((...permissions) => SetMetadata("permissions", permissions), "Permissions");
@@ -4979,7 +5236,9 @@ function useAuth() {
       });
     }, "linkAccount"),
     unlinkAccount: /* @__PURE__ */ __name(async (accountId) => {
-      return handleAuthAction(async () => store.removeConnectedAccount(accountId));
+      return handleAuthAction(
+        async () => store.removeConnectedAccount(accountId)
+      );
     }, "unlinkAccount")
   };
 }
@@ -5042,9 +5301,12 @@ var useConnectedAccounts = /* @__PURE__ */ __name(() => {
   const unlinkAccount = /* @__PURE__ */ __name(async (accountId) => {
     setIsLoading(true);
     try {
-      const response = await globalThis.fetch(`/api/auth/accounts/${accountId}/unlink`, {
-        method: "DELETE"
-      });
+      const response = await globalThis.fetch(
+        `/api/auth/accounts/${accountId}/unlink`,
+        {
+          method: "DELETE"
+        }
+      );
       if (!response.ok) throw new Error("Failed to unlink account");
       setAccounts((prev) => prev.filter((acc) => acc.id !== accountId));
     } finally {
@@ -5054,14 +5316,19 @@ var useConnectedAccounts = /* @__PURE__ */ __name(() => {
   const setPrimaryAccount = /* @__PURE__ */ __name(async (accountId) => {
     setIsLoading(true);
     try {
-      const response = await globalThis.fetch(`/api/auth/accounts/${accountId}/primary`, {
-        method: "PUT"
-      });
+      const response = await globalThis.fetch(
+        `/api/auth/accounts/${accountId}/primary`,
+        {
+          method: "PUT"
+        }
+      );
       if (!response.ok) throw new Error("Failed to set primary account");
-      setAccounts((prev) => prev.map((acc) => ({
-        ...acc,
-        isPrimary: acc.id === accountId
-      })));
+      setAccounts(
+        (prev) => prev.map((acc) => ({
+          ...acc,
+          isPrimary: acc.id === accountId
+        }))
+      );
     } finally {
       setIsLoading(false);
     }
@@ -5123,7 +5390,9 @@ var ProtectedRoute = /* @__PURE__ */ __name(({
   }
   if (requiredRoles.length > 0 && user) {
     const userRoles = user.roles ?? [];
-    const hasRequiredRole = requiredRoles.some((role) => userRoles.includes(role));
+    const hasRequiredRole = requiredRoles.some(
+      (role) => userRoles.includes(role)
+    );
     if (!hasRequiredRole) {
       return /* @__PURE__ */ jsxs("div", { children: [
         "Access denied. Required roles: ",