@propelauth/nextjs 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/client/index.d.ts +2 -0
  2. package/dist/client/index.js +21 -1
  3. package/dist/client/index.js.map +1 -1
  4. package/dist/client/index.mjs +21 -1
  5. package/dist/client/index.mjs.map +1 -1
  6. package/dist/server/pages/index.d.ts +10 -1
  7. package/dist/server/pages/index.js +50 -10
  8. package/dist/server/pages/index.js.map +1 -1
  9. package/dist/server/pages/index.mjs +48 -10
  10. package/dist/server/pages/index.mjs.map +1 -1
  11. package/package.json +1 -1
package/dist/client/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/loginMethod.ts","../../src/user.ts","../../src/client/AuthProvider.tsx","../../src/client/utils.ts","../../src/client/useUser.tsx","../../src/client/useHostedPageUrls.tsx","../../src/client/useLogoutFunction.ts","../../src/client/useRedirectFunctions.tsx","../../src/client/useRefreshAuth.ts"],"sourcesContent":["export enum SocialLoginProvider {\n Google = 'Google',\n GitHub = 'GitHub',\n Microsoft = 'Microsoft',\n Slack = 'Slack',\n LinkedIn = 'LinkedIn',\n Salesforce = 'Salesforce',\n Xero = 'Xero',\n QuickBooksOnline = 'QuickBooks Online',\n}\n\nexport enum SamlLoginProvider {\n Google = 'Google',\n Rippling = 'Rippling',\n OneLogin = 'OneLogin',\n JumpCloud = 'JumpCloud',\n Okta = 'Okta',\n Azure = 'Azure',\n Duo = 'Duo',\n Generic = 'Generic',\n}\n\ntype InternalPasswordLoginMethod = {\n login_method: 'password'\n}\n\ntype InternalMagicLinkLoginMethod = {\n login_method: 'magic_link'\n}\n\ntype InternalSocialSsoLoginMethod = {\n login_method: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype InternalEmailConfirmationLinkLoginMethod = {\n login_method: 'email_confirmation_link'\n}\n\ntype InternalSamlSsoLoginMethod = {\n login_method: 'saml_sso'\n provider: SamlLoginProvider\n org_id: string\n}\n\ntype InternalImpersonationLoginMethod = {\n login_method: 'impersonation'\n}\n\ntype InternalGeneratedFromBackendApiLoginMethod = {\n login_method: 'generated_from_backend_api'\n}\n\ntype InternalUnknownLoginMethod = {\n login_method: 'unknown'\n}\n\nexport type InternalLoginMethod =\n | InternalPasswordLoginMethod\n | InternalMagicLinkLoginMethod\n | InternalSocialSsoLoginMethod\n | InternalEmailConfirmationLinkLoginMethod\n | InternalSamlSsoLoginMethod\n | InternalImpersonationLoginMethod\n | InternalGeneratedFromBackendApiLoginMethod\n | InternalUnknownLoginMethod\n\ntype PasswordLoginMethod = {\n loginMethod: 'password'\n}\n\ntype MagicLinkLoginMethod = {\n loginMethod: 'magic_link'\n}\n\ntype SocialSsoLoginMethod = {\n loginMethod: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype EmailConfirmationLinkLoginMethod = {\n loginMethod: 'email_confirmation_link'\n}\n\ntype SamlSsoLoginMethod = {\n loginMethod: 'saml_sso'\n provider: SamlLoginProvider\n orgId: string\n}\n\ntype ImpersonationLoginMethod = {\n loginMethod: 'impersonation'\n}\n\ntype GeneratedFromBackendApiLoginMethod = {\n loginMethod: 'generated_from_backend_api'\n}\n\ntype UnknownLoginMethod = {\n loginMethod: 'unknown'\n}\n\nexport type LoginMethod =\n | PasswordLoginMethod\n | MagicLinkLoginMethod\n | SocialSsoLoginMethod\n | EmailConfirmationLinkLoginMethod\n | SamlSsoLoginMethod\n | ImpersonationLoginMethod\n | GeneratedFromBackendApiLoginMethod\n | UnknownLoginMethod\n\nexport function toLoginMethod(snake_case?: InternalLoginMethod): LoginMethod {\n if (!snake_case) {\n return { loginMethod: 'unknown' }\n }\n\n switch (snake_case.login_method) {\n case 'password':\n return { loginMethod: 'password' }\n case 'magic_link':\n return { loginMethod: 'magic_link' }\n case 'social_sso':\n return { loginMethod: 'social_sso', provider: snake_case.provider }\n case 'email_confirmation_link':\n return { loginMethod: 'email_confirmation_link' }\n case 'saml_sso':\n return { loginMethod: 'saml_sso', provider: snake_case.provider, orgId: snake_case.org_id }\n case 'impersonation':\n return { loginMethod: 'impersonation' }\n case 'generated_from_backend_api':\n return { loginMethod: 'generated_from_backend_api' }\n default:\n return { loginMethod: 'unknown' }\n }\n}\n","import { InternalLoginMethod, LoginMethod, toLoginMethod } from './loginMethod'\n\nexport class UserFromToken {\n public userId: string\n\n public activeOrgId?: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n public properties?: { [key: string]: unknown }\n public loginMethod?: LoginMethod\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string,\n properties?: { [key: string]: unknown },\n activeOrgId?: string,\n loginMethod?: LoginMethod\n ) {\n this.userId = userId\n\n this.activeOrgId = activeOrgId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n\n this.properties = properties\n this.loginMethod = loginMethod\n }\n\n public getActiveOrg(): OrgMemberInfo | undefined {\n if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[this.activeOrgId]\n }\n\n public getActiveOrgId(): string | undefined {\n return this.activeOrgId\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, '-')\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): UserFromToken {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]))\n }\n return new UserFromToken(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId,\n obj.properties,\n obj.activeOrgId,\n obj.loginMethod\n )\n }\n\n public static fromJwtPayload(payload: InternalUser): UserFromToken {\n let activeOrgId: string | undefined\n let orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo | undefined\n\n if (payload.org_member_info) {\n activeOrgId = payload.org_member_info.org_id\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info })\n } else {\n activeOrgId = undefined\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info)\n }\n\n const loginMethod = toLoginMethod(payload.login_method)\n\n return new UserFromToken(\n payload.user_id,\n payload.email,\n orgIdToOrgMemberInfo,\n payload.first_name,\n payload.last_name,\n payload.username,\n payload.legacy_user_id,\n payload.impersonatorUserId,\n payload.properties,\n activeOrgId,\n loginMethod\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport enum OrgRoleStructure {\n SingleRole = \"single_role_in_hierarchy\",\n MultiRole = \"multi_role\",\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n public orgRoleStructure: OrgRoleStructure\n\n public userAssignedRole: string\n public userInheritedRolesPlusCurrentRole: string[]\n public userPermissions: string[]\n public userAssignedAdditionalRoles: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[],\n orgRoleStructure: OrgRoleStructure,\n userAssignedAdditionalRoles: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n this.orgRoleStructure = orgRoleStructure\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n this.userAssignedAdditionalRoles = userAssignedAdditionalRoles\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedRole === role || this.userAssignedAdditionalRoles.includes(role)\n } else {\n return this.userAssignedRole === role\n }\n }\n\n public isAtLeastRole(role: string): boolean {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedRole === role || this.userAssignedAdditionalRoles.includes(role)\n } else {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions,\n obj.orgRoleStructure,\n obj.userAssignedAdditionalRoles\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get assignedRoles(): string[] {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedAdditionalRoles.concat(this.userAssignedRole)\n } else {\n return [this.userAssignedRole]\n }\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedAdditionalRoles.concat(this.userAssignedRole)\n } else {\n return this.userInheritedRolesPlusCurrentRole\n }\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n org_role_structure: OrgRoleStructure\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n additional_roles: string[]\n}\n\nexport type InternalUser = {\n user_id: string\n\n org_member_info?: InternalOrgMemberInfo\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n properties?: { [key: string]: unknown }\n login_method?: InternalLoginMethod\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): UserFromToken {\n return UserFromToken.fromJwtPayload(snake_case)\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions,\n snakeCaseValue.org_role_structure,\n snakeCaseValue.additional_roles\n )\n }\n }\n\n return camelCase\n}\n","'use client'\n\nimport React, { useCallback, useEffect, useReducer } from 'react'\nimport { doesLocalStorageMatch, hasWindow, isEqual, saveUserToLocalStorage, USER_INFO_KEY } from './utils'\nimport { useRouter } from 'next/navigation.js'\nimport { User } from './useUser'\nimport { toOrgIdToOrgMemberInfo } from '../user'\n\nexport interface RedirectToSignupOptions {\n postSignupRedirectPath?: string\n userSignupQueryParameters?: Record<string, string>\n}\nexport interface RedirectToLoginOptions {\n postLoginRedirectPath?: string\n userSignupQueryParameters?: Record<string, string>\n}\nexport interface RedirectOptions {\n redirectBackToUrl?: string\n}\n\ninterface InternalAuthState {\n loading: boolean\n userAndAccessToken: UserAndAccessToken\n\n logout: () => Promise<void>\n\n redirectToLoginPage: (opts?: RedirectToLoginOptions) => void\n redirectToSignupPage: (opts?: RedirectToSignupOptions) => void\n redirectToAccountPage: (opts?: RedirectOptions) => void\n redirectToOrgPage: (orgId?: string, opts?: RedirectOptions) => void\n redirectToCreateOrgPage: (opts?: RedirectOptions) => void\n redirectToSetupSAMLPage: (orgId: string, opts?: RedirectOptions) => void\n\n getSignupPageUrl(opts?: RedirectToSignupOptions): string\n getLoginPageUrl(opts?: RedirectToLoginOptions): string\n getAccountPageUrl(opts?: RedirectOptions): string\n getOrgPageUrl(orgId?: string, opts?: RedirectOptions): string\n getCreateOrgPageUrl(opts?: RedirectOptions): string\n getSetupSAMLPageUrl(orgId: string, opts?: RedirectOptions): string\n\n refreshAuthInfo: () => Promise<User | undefined>\n setActiveOrg: (orgId: string) => Promise<User | undefined>\n}\n\nexport type AuthProviderProps = {\n authUrl: string\n reloadOnAuthChange?: boolean\n children?: React.ReactNode\n}\n\nexport const AuthContext = React.createContext<InternalAuthState | undefined>(undefined)\n\ntype UserAndAccessToken =\n | {\n user: User\n accessToken: string\n }\n | {\n user: undefined\n accessToken: undefined\n }\n\ntype AuthState = {\n loading: boolean\n userAndAccessToken: UserAndAccessToken\n\n // There's no good way to trigger server components to reload outside of router.refresh()\n // This is our workaround until the app router has something better\n authChangeDetected: boolean\n}\n\nconst initialAuthState = {\n loading: true,\n userAndAccessToken: {\n user: undefined,\n accessToken: undefined,\n },\n authChangeDetected: false,\n}\n\ntype AuthStateAction =\n | {\n user: User\n accessToken: string\n }\n | {\n user: undefined\n accessToken: undefined\n }\n\nfunction authStateReducer(_state: AuthState, action: AuthStateAction): AuthState {\n const newUserForEqualityChecking = { ...action.user, lastActiveAt: undefined }\n const existingUserForEqualityChecking = { ..._state.userAndAccessToken.user, lastActiveAt: undefined }\n const authChangeDetected = !_state.loading && !isEqual(newUserForEqualityChecking, existingUserForEqualityChecking)\n\n if (!action.user) {\n return {\n loading: false,\n userAndAccessToken: {\n user: undefined,\n accessToken: undefined,\n },\n authChangeDetected,\n }\n } else if (_state.loading) {\n return {\n loading: false,\n userAndAccessToken: {\n user: action.user,\n accessToken: action.accessToken,\n },\n authChangeDetected,\n }\n } else {\n return {\n loading: false,\n userAndAccessToken: {\n user: action.user,\n accessToken: action.accessToken,\n },\n authChangeDetected,\n }\n }\n}\n\nexport const AuthProvider = (props: AuthProviderProps) => {\n const [authState, dispatchInner] = useReducer(authStateReducer, initialAuthState)\n const router = useRouter()\n const reloadOnAuthChange = props.reloadOnAuthChange ?? true\n\n const dispatch = useCallback(\n (action: AuthStateAction) => {\n dispatchInner(action)\n saveUserToLocalStorage(action.user)\n },\n [dispatchInner]\n )\n\n // This is because we don't have a good way to trigger server components to reload outside of router.refresh()\n // Once server actions isn't alpha, we can hopefully use that instead\n useEffect(() => {\n if (reloadOnAuthChange && authState.authChangeDetected) {\n router.refresh()\n }\n }, [authState.authChangeDetected, reloadOnAuthChange, router])\n\n // Trigger an initial refresh\n useEffect(() => {\n let didCancel = false\n\n async function refreshAuthInfo() {\n const action = await apiGetUserInfo()\n if (!didCancel && !action.error) {\n dispatch(action)\n }\n }\n\n refreshAuthInfo()\n return () => {\n didCancel = true\n }\n }, [])\n\n // Periodically refresh the token\n useEffect(() => {\n let didCancel = false\n let retryTimer: NodeJS.Timeout | undefined = undefined\n\n function clearAndSetRetryTimer() {\n if (retryTimer) {\n clearTimeout(retryTimer)\n }\n retryTimer = setTimeout(refreshToken, 30 * 1000)\n }\n\n async function refreshToken() {\n const action = await apiGetUserInfo()\n if (didCancel) {\n return\n }\n if (!action.error) {\n dispatch(action)\n } else if (action.error === 'unexpected') {\n clearAndSetRetryTimer()\n }\n }\n\n async function onStorageEvent(event: StorageEvent) {\n if (\n event.key === USER_INFO_KEY &&\n !doesLocalStorageMatch(event.newValue, authState.userAndAccessToken.user)\n ) {\n await refreshToken()\n }\n }\n\n const interval = setInterval(refreshToken, 5 * 60 * 1000)\n\n if (hasWindow()) {\n window.addEventListener('storage', onStorageEvent)\n window.addEventListener('online', refreshToken)\n window.addEventListener('focus', refreshToken)\n }\n\n return () => {\n didCancel = true\n clearInterval(interval)\n if (retryTimer) {\n clearTimeout(retryTimer)\n }\n if (hasWindow()) {\n window.removeEventListener('storage', onStorageEvent)\n window.removeEventListener('online', refreshToken)\n window.removeEventListener('focus', refreshToken)\n }\n }\n }, [dispatch, authState.userAndAccessToken.user])\n\n const logout = useCallback(async () => {\n await fetch('/api/auth/logout', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n credentials: 'include',\n })\n dispatch({ user: undefined, accessToken: undefined })\n }, [dispatch])\n\n const getLoginPageUrl = (opts?: RedirectToLoginOptions) => {\n if (opts?.postLoginRedirectPath) {\n return `/api/auth/login?return_to_path=${encodeURIComponent(opts.postLoginRedirectPath)}`\n }\n\n return '/api/auth/login'\n }\n const getSignupPageUrl = (opts?: RedirectToSignupOptions) => {\n if (opts?.postSignupRedirectPath) {\n return `/api/auth/signup?return_to_path=${encodeURIComponent(opts.postSignupRedirectPath)}`\n }\n\n return '/api/auth/signup'\n }\n const getAccountPageUrl = useCallback(\n (opts?: RedirectOptions) => {\n return addReturnToPath(`${props.authUrl}/account`, opts?.redirectBackToUrl)\n },\n [props.authUrl]\n )\n const getOrgPageUrl = useCallback(\n (orgId?: string, opts?: RedirectOptions) => {\n if (orgId) {\n return addReturnToPath(`${props.authUrl}/org?id=${orgId}`, opts?.redirectBackToUrl)\n } else {\n return addReturnToPath(`${props.authUrl}/org`, opts?.redirectBackToUrl)\n }\n },\n [props.authUrl]\n )\n const getCreateOrgPageUrl = useCallback(\n (opts?: RedirectOptions) => {\n return addReturnToPath(`${props.authUrl}/create_org`, opts?.redirectBackToUrl)\n },\n [props.authUrl]\n )\n\n const getSetupSAMLPageUrl = useCallback(\n (orgId: string, opts?: RedirectOptions) => {\n return addReturnToPath(`${props.authUrl}/saml?id=${orgId}`, opts?.redirectBackToUrl)\n },\n [props.authUrl]\n )\n\n const redirectTo = (url: string) => {\n window.location.href = url\n }\n\n const redirectToLoginPage = (opts?: RedirectToLoginOptions) => redirectTo(getLoginPageUrl(opts))\n const redirectToSignupPage = (opts?: RedirectToSignupOptions) => redirectTo(getSignupPageUrl(opts))\n const redirectToAccountPage = (opts?: RedirectOptions) => redirectTo(getAccountPageUrl(opts))\n const redirectToOrgPage = (orgId?: string, opts?: RedirectOptions) => redirectTo(getOrgPageUrl(orgId, opts))\n const redirectToCreateOrgPage = (opts?: RedirectOptions) => redirectTo(getCreateOrgPageUrl(opts))\n const redirectToSetupSAMLPage = (orgId: string, opts?: RedirectOptions) =>\n redirectTo(getSetupSAMLPageUrl(orgId, opts))\n\n const refreshAuthInfo = useCallback(async () => {\n const action = await apiGetUserInfo()\n if (action.error) {\n throw new Error('Failed to refresh token')\n } else {\n dispatch(action)\n return action.user\n }\n }, [dispatch])\n\n const setActiveOrg = useCallback(\n async (orgId: string) => {\n const action = await apiPostSetActiveOrg(orgId)\n if (action.error === 'not_in_org') {\n return undefined\n } else {\n dispatch(action)\n return action.user\n }\n },\n [dispatch]\n )\n\n const value = {\n loading: authState.loading,\n userAndAccessToken: authState.userAndAccessToken,\n logout,\n redirectToLoginPage,\n redirectToSignupPage,\n redirectToAccountPage,\n redirectToOrgPage,\n redirectToCreateOrgPage,\n redirectToSetupSAMLPage,\n getLoginPageUrl,\n getSignupPageUrl,\n getAccountPageUrl,\n getOrgPageUrl,\n getCreateOrgPageUrl,\n getSetupSAMLPageUrl,\n refreshAuthInfo,\n setActiveOrg,\n }\n return <AuthContext.Provider value={value}>{props.children}</AuthContext.Provider>\n}\n\ntype UserInfoResponse =\n | {\n error: undefined\n user: User\n accessToken: string\n }\n | {\n error: undefined\n user: undefined\n accessToken: undefined\n }\n | {\n error: 'unexpected'\n }\n\nasync function apiGetUserInfo(): Promise<UserInfoResponse> {\n try {\n const userInfoResponse = await fetch('/api/auth/userinfo', {\n method: 'GET',\n headers: {\n 'Content-Type': 'application/json',\n },\n credentials: 'include',\n })\n\n if (userInfoResponse.ok) {\n const { userinfo, accessToken, impersonatorUserId, activeOrgId } = await userInfoResponse.json()\n const user = new User({\n userId: userinfo.user_id,\n email: userinfo.email,\n emailConfirmed: userinfo.email_confirmed,\n hasPassword: userinfo.has_password,\n username: userinfo.username,\n firstName: userinfo.first_name,\n lastName: userinfo.last_name,\n pictureUrl: userinfo.picture_url,\n orgIdToOrgMemberInfo: toOrgIdToOrgMemberInfo(userinfo.org_id_to_org_info),\n activeOrgId,\n mfaEnabled: userinfo.mfa_enabled,\n canCreateOrgs: userinfo.can_create_orgs,\n updatePasswordRequired: userinfo.update_password_required,\n createdAt: userinfo.created_at,\n lastActiveAt: userinfo.last_active_at,\n properties: userinfo.properties,\n impersonatorUserId,\n })\n\n return { user, accessToken, error: undefined }\n } else if (userInfoResponse.status === 401) {\n return { user: undefined, accessToken: undefined, error: undefined }\n } else {\n console.info('Failed to refresh token', userInfoResponse)\n return { error: 'unexpected' }\n }\n } catch (e) {\n console.info('Failed to refresh token', e)\n return { error: 'unexpected' }\n }\n}\n\ntype SetActiveOrgResponse =\n | {\n user: User\n accessToken: string\n error: undefined\n }\n | {\n error: 'not_in_org'\n }\n\nasync function apiPostSetActiveOrg(orgId: string): Promise<SetActiveOrgResponse> {\n try {\n const queryParams = new URLSearchParams({ active_org_id: orgId }).toString()\n const url = `/api/auth/set-active-org?${queryParams}`\n const userInfoResponse = await fetch(url, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n credentials: 'include',\n })\n\n if (userInfoResponse.ok) {\n const { userinfo, accessToken, impersonatorUserId, activeOrgId } = await userInfoResponse.json()\n const user = new User({\n userId: userinfo.user_id,\n email: userinfo.email,\n emailConfirmed: userinfo.email_confirmed,\n hasPassword: userinfo.has_password,\n username: userinfo.username,\n firstName: userinfo.first_name,\n lastName: userinfo.last_name,\n pictureUrl: userinfo.picture_url,\n orgIdToOrgMemberInfo: toOrgIdToOrgMemberInfo(userinfo.org_id_to_org_info),\n activeOrgId,\n mfaEnabled: userinfo.mfa_enabled,\n canCreateOrgs: userinfo.can_create_orgs,\n updatePasswordRequired: userinfo.update_password_required,\n createdAt: userinfo.created_at,\n lastActiveAt: userinfo.last_active_at,\n properties: userinfo.properties,\n impersonatorUserId,\n })\n\n return { user, accessToken, error: undefined }\n } else if (userInfoResponse.status === 401) {\n return { error: 'not_in_org' }\n } else {\n console.info('Failed to set active org', userInfoResponse)\n }\n } catch (e) {\n console.info('Failed to set active org', e)\n }\n throw new Error('Failed to set active org')\n}\n\nconst encodeBase64 = (str: string) => {\n const encode = window ? window.btoa : btoa\n return encode(str)\n}\n\nconst addReturnToPath = (url: string, returnToPath?: string) => {\n if (!returnToPath) {\n return url\n }\n\n let qs = new URLSearchParams()\n qs.set('rt', encodeBase64(returnToPath))\n if (url.includes('?')) {\n return `${url}&${qs.toString()}`\n } else {\n return `${url}?${qs.toString()}`\n }\n}\n","import { UserFromToken } from '../user'\nimport { User } from './useUser'\n\nexport const USER_INFO_KEY = '__PROPEL_AUTH_USER_INFO'\n\nexport function hasWindow(): boolean {\n return typeof window !== 'undefined'\n}\n\nexport function saveUserToLocalStorage(user: User | undefined) {\n if (user) {\n localStorage.setItem(USER_INFO_KEY, JSON.stringify(user))\n } else {\n localStorage.setItem(USER_INFO_KEY, '{}')\n }\n}\n\nexport function doesLocalStorageMatch(newValue: string | null, user: UserFromToken | undefined): boolean {\n if (!newValue) {\n return false\n } else if (!user) {\n return newValue === '{}'\n }\n\n const parsed = JSON.parse(newValue)\n if (!parsed) {\n return false\n }\n\n return isEqual(parsed, user)\n}\n\nexport function isEqual(a: any, b: any): boolean {\n if (typeof a !== typeof b) {\n return false\n } else if (a === null || b === null) {\n return a === b\n }\n\n if (Array.isArray(a) !== Array.isArray(b)) {\n return false\n }\n\n if (Array.isArray(a)) {\n const aArray = a as any[]\n const bArray = b as any[]\n if (aArray.length !== bArray.length) {\n return false\n }\n\n for (let i = 0; i < aArray.length; i++) {\n if (!isEqual(aArray[i], bArray[i])) {\n return false\n }\n }\n\n return true\n }\n\n if (typeof a === 'object') {\n const aKeys = Object.keys(a)\n const bKeys = Object.keys(b)\n if (aKeys.length !== bKeys.length) {\n return false\n }\n\n for (const key of aKeys) {\n if (!isEqual(a[key], b[key])) {\n return false\n }\n }\n\n return true\n } else {\n return a === b\n }\n}\n","'use client'\n\nimport { useContext } from 'react'\nimport { AuthContext } from './AuthProvider'\nimport { OrgIdToOrgMemberInfo, OrgMemberInfo } from '../user'\n\nexport class User {\n public userId: string\n public email: string\n public emailConfirmed: boolean\n public hasPassword: boolean\n\n public username?: string\n public firstName?: string\n public lastName?: string\n public pictureUrl?: string\n\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n public activeOrgId?: string\n\n public mfaEnabled: boolean\n public canCreateOrgs: boolean\n public updatePasswordRequired: boolean\n\n public createdAt: number\n public lastActiveAt: number\n\n public properties?: { [key: string]: unknown }\n\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor({\n userId,\n email,\n emailConfirmed,\n hasPassword,\n username,\n firstName,\n lastName,\n pictureUrl,\n orgIdToOrgMemberInfo,\n activeOrgId,\n mfaEnabled,\n canCreateOrgs,\n updatePasswordRequired,\n createdAt,\n lastActiveAt,\n legacyUserId,\n properties,\n impersonatorUserId,\n }: {\n userId: string\n email: string\n emailConfirmed: boolean\n hasPassword: boolean\n username?: string\n firstName?: string\n lastName?: string\n pictureUrl?: string\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n activeOrgId?: string\n mfaEnabled: boolean\n canCreateOrgs: boolean\n updatePasswordRequired: boolean\n createdAt: number\n lastActiveAt: number\n legacyUserId?: string\n properties?: { [key: string]: unknown }\n impersonatorUserId?: string\n }) {\n this.userId = userId\n this.email = email\n this.emailConfirmed = emailConfirmed\n this.hasPassword = hasPassword\n this.username = username\n this.firstName = firstName\n this.lastName = lastName\n this.pictureUrl = pictureUrl\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n this.activeOrgId = activeOrgId\n this.mfaEnabled = mfaEnabled\n this.canCreateOrgs = canCreateOrgs\n this.updatePasswordRequired = updatePasswordRequired\n this.createdAt = createdAt\n this.lastActiveAt = lastActiveAt\n this.legacyUserId = legacyUserId\n this.properties = properties\n this.impersonatorUserId = impersonatorUserId\n }\n\n public getActiveOrg(): OrgMemberInfo | undefined {\n if (!this.activeOrgId) {\n return undefined\n }\n return this.getOrg(this.activeOrgId)\n }\n\n public getActiveOrgId(): string | undefined {\n return this.activeOrgId\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n return this.orgIdToOrgMemberInfo?.[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, '-')\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n}\n\nexport type UseUserLoading = {\n loading: true\n isLoggedIn: never\n user: never\n accessToken: never\n setActiveOrg: never\n}\n\nexport type UseUserLoggedIn = {\n loading: false\n isLoggedIn: true\n user: User\n accessToken: string\n setActiveOrg: (orgId: string) => Promise<User | undefined>\n}\n\nexport type UseUserNotLoggedIn = {\n loading: false\n isLoggedIn: false\n user: undefined\n accessToken: undefined\n setActiveOrg: never\n}\n\nexport type UseUser = UseUserLoading | UseUserLoggedIn | UseUserNotLoggedIn\n\nexport function useUser(): UseUser {\n const context = useContext(AuthContext)\n if (context === undefined) {\n throw new Error('useUser must be used within an AuthProvider')\n }\n\n const { loading, userAndAccessToken } = context\n if (loading) {\n return {\n loading: true,\n isLoggedIn: undefined as never,\n user: undefined as never,\n accessToken: undefined as never,\n setActiveOrg: undefined as never,\n }\n } else if (userAndAccessToken.user) {\n return {\n loading: false,\n isLoggedIn: true,\n user: userAndAccessToken.user,\n accessToken: userAndAccessToken.accessToken,\n setActiveOrg: context.setActiveOrg,\n }\n } else {\n return {\n loading: false,\n isLoggedIn: false,\n user: undefined,\n accessToken: undefined,\n setActiveOrg: undefined as never,\n }\n }\n}\n","import { useContext } from \"react\"\nimport { AuthContext } from \"./AuthProvider\"\n\nexport function useHostedPageUrls() {\n const context = useContext(AuthContext)\n if (context === undefined) {\n throw new Error(\"useHostedPageUrls must be used within an AuthProvider\")\n }\n const {\n getLoginPageUrl,\n getSignupPageUrl,\n getAccountPageUrl,\n getOrgPageUrl,\n getCreateOrgPageUrl,\n getSetupSAMLPageUrl,\n } = context\n return {\n getLoginPageUrl,\n getSignupPageUrl,\n getAccountPageUrl,\n getOrgPageUrl,\n getCreateOrgPageUrl,\n getSetupSAMLPageUrl,\n }\n}\n","import { useContext } from \"react\"\nimport { AuthContext } from \"./AuthProvider\"\n\nexport function useLogoutFunction() {\n const context = useContext(AuthContext)\n if (context === undefined) {\n throw new Error(\"useLogoutFunction must be used within an AuthProvider\")\n }\n const { logout } = context\n return logout\n}\n","import React, { useContext, useEffect } from 'react'\nimport { AuthContext } from './AuthProvider'\n\nexport function useRedirectFunctions() {\n const context = useContext(AuthContext)\n if (context === undefined) {\n throw new Error('useRedirectFunctions must be used within an AuthProvider')\n }\n const {\n redirectToAccountPage,\n redirectToSignupPage,\n redirectToLoginPage,\n redirectToOrgPage,\n redirectToCreateOrgPage,\n redirectToSetupSAMLPage,\n } = context\n return {\n redirectToSignupPage,\n redirectToLoginPage,\n redirectToAccountPage,\n redirectToOrgPage,\n redirectToCreateOrgPage,\n redirectToSetupSAMLPage,\n }\n}\n\nexport interface RedirectProps {\n children?: React.ReactNode\n}\n\nexport function RedirectToSignup({ children }: RedirectProps) {\n const { redirectToSignupPage } = useRedirectFunctions()\n\n useEffect(() => {\n redirectToSignupPage()\n }, [])\n\n return <>{children}</>\n}\n\nexport function RedirectToLogin({ children }: RedirectProps) {\n const { redirectToLoginPage } = useRedirectFunctions()\n useEffect(() => {\n redirectToLoginPage()\n }, [])\n return <>{children}</>\n}\n","import { useContext } from \"react\"\nimport { AuthContext } from \"./AuthProvider\"\n\nexport function useRefreshAuth() {\n const context = useContext(AuthContext)\n if (context === undefined) {\n throw new Error(\"useRefreshAuth must be used within an AuthProvider\")\n }\n const { refreshAuthInfo } = context\n return refreshAuthInfo\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgHO,SAAS,cAAc,YAA+C;AACzE,MAAI,CAAC,YAAY;AACb,WAAO,EAAE,aAAa,UAAU;AAAA,EACpC;AAEA,UAAQ,WAAW,cAAc;AAAA,IAC7B,KAAK;AACD,aAAO,EAAE,aAAa,WAAW;AAAA,IACrC,KAAK;AACD,aAAO,EAAE,aAAa,aAAa;AAAA,IACvC,KAAK;AACD,aAAO,EAAE,aAAa,cAAc,UAAU,WAAW,SAAS;AAAA,IACtE,KAAK;AACD,aAAO,EAAE,aAAa,0BAA0B;AAAA,IACpD,KAAK;AACD,aAAO,EAAE,aAAa,YAAY,UAAU,WAAW,UAAU,OAAO,WAAW,OAAO;AAAA,IAC9F,KAAK;AACD,aAAO,EAAE,aAAa,gBAAgB;AAAA,IAC1C,KAAK;AACD,aAAO,EAAE,aAAa,6BAA6B;AAAA,IACvD;AACI,aAAO,EAAE,aAAa,UAAU;AAAA,EACxC;AACJ;;;ACrIO,IAAM,gBAAN,MAAoB;AAAA,EAmBvB,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACA,YACA,aACA,aACF;AACE,SAAK,SAAS;AAEd,SAAK,cAAc;AACnB,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAE1B,SAAK,aAAa;AAClB,SAAK,cAAc;AAAA,EACvB;AAAA,EAEO,eAA0C;AAC7C,QAAI,CAAC,KAAK,eAAe,CAAC,KAAK,sBAAsB;AACjD,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK,WAAW;AAAA,EACrD;AAAA,EAEO,iBAAqC;AACxC,WAAO,KAAK;AAAA,EAChB;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc,SAAS,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC,CAAC;AAAA,IACxG;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA,EAEA,OAAc,eAAe,SAAsC;AAC/D,QAAI;AACJ,QAAI;AAEJ,QAAI,QAAQ,iBAAiB;AACzB,oBAAc,QAAQ,gBAAgB;AACtC,6BAAuB,uBAAuB,EAAE,CAAC,WAAW,GAAG,QAAQ,gBAAgB,CAAC;AAAA,IAC5F,OAAO;AACH,oBAAc;AACd,6BAAuB,uBAAuB,QAAQ,yBAAyB;AAAA,IACnF;AAEA,UAAM,cAAc,cAAc,QAAQ,YAAY;AAEtD,WAAO,IAAI;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AACJ;AAWO,IAAM,gBAAN,MAAoB;AAAA,EAYvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACA,kBACA,6BACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AACtB,SAAK,mBAAmB;AAExB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AACvB,SAAK,8BAA8B;AAAA,EACvC;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,qBAAqB,QAAQ,KAAK,4BAA4B,SAAS,IAAI;AAAA,IAC3F,OAAO;AACH,aAAO,KAAK,qBAAqB;AAAA,IACrC;AAAA,EACJ;AAAA,EAEO,cAAc,MAAuB;AACxC,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,qBAAqB,QAAQ,KAAK,4BAA4B,SAAS,IAAI;AAAA,IAC3F,OAAO;AACH,aAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,IAC/D;AAAA,EACJ;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gBAA0B;AAC1B,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,4BAA4B,OAAO,KAAK,gBAAgB;AAAA,IACxE,OAAO;AACH,aAAO,CAAC,KAAK,gBAAgB;AAAA,IACjC;AAAA,EACJ;AAAA,EAEA,IAAI,gCAA0C;AAC1C,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,4BAA4B,OAAO,KAAK,gBAAgB;AAAA,IACxE,OAAO;AACH,aAAO,KAAK;AAAA,IAChB;AAAA,EACJ;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AAsCO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;AClUA,OAAO,SAAS,aAAa,WAAW,kBAAkB;;;ACCnD,IAAM,gBAAgB;AAEtB,SAAS,YAAqB;AACjC,SAAO,OAAO,WAAW;AAC7B;AAEO,SAAS,uBAAuB,MAAwB;AAC3D,MAAI,MAAM;AACN,iBAAa,QAAQ,eAAe,KAAK,UAAU,IAAI,CAAC;AAAA,EAC5D,OAAO;AACH,iBAAa,QAAQ,eAAe,IAAI;AAAA,EAC5C;AACJ;AAEO,SAAS,sBAAsB,UAAyB,MAA0C;AACrG,MAAI,CAAC,UAAU;AACX,WAAO;AAAA,EACX,WAAW,CAAC,MAAM;AACd,WAAO,aAAa;AAAA,EACxB;AAEA,QAAM,SAAS,KAAK,MAAM,QAAQ;AAClC,MAAI,CAAC,QAAQ;AACT,WAAO;AAAA,EACX;AAEA,SAAO,QAAQ,QAAQ,IAAI;AAC/B;AAEO,SAAS,QAAQ,GAAQ,GAAiB;AAC7C,MAAI,OAAO,MAAM,OAAO,GAAG;AACvB,WAAO;AAAA,EACX,WAAW,MAAM,QAAQ,MAAM,MAAM;AACjC,WAAO,MAAM;AAAA,EACjB;AAEA,MAAI,MAAM,QAAQ,CAAC,MAAM,MAAM,QAAQ,CAAC,GAAG;AACvC,WAAO;AAAA,EACX;AAEA,MAAI,MAAM,QAAQ,CAAC,GAAG;AAClB,UAAM,SAAS;AACf,UAAM,SAAS;AACf,QAAI,OAAO,WAAW,OAAO,QAAQ;AACjC,aAAO;AAAA,IACX;AAEA,aAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACpC,UAAI,CAAC,QAAQ,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,GAAG;AAChC,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAEA,MAAI,OAAO,MAAM,UAAU;AACvB,UAAM,QAAQ,OAAO,KAAK,CAAC;AAC3B,UAAM,QAAQ,OAAO,KAAK,CAAC;AAC3B,QAAI,MAAM,WAAW,MAAM,QAAQ;AAC/B,aAAO;AAAA,IACX;AAEA,eAAW,OAAO,OAAO;AACrB,UAAI,CAAC,QAAQ,EAAE,GAAG,GAAG,EAAE,GAAG,CAAC,GAAG;AAC1B,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX,OAAO;AACH,WAAO,MAAM;AAAA,EACjB;AACJ;;;ADxEA,SAAS,iBAAiB;;;AEF1B,SAAS,kBAAkB;AAIpB,IAAM,OAAN,MAAW;AAAA,EA0Bd,YAAY;AAAA,IACR;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ,GAmBG;AACC,SAAK,SAAS;AACd,SAAK,QAAQ;AACb,SAAK,iBAAiB;AACtB,SAAK,cAAc;AACnB,SAAK,WAAW;AAChB,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,aAAa;AAClB,SAAK,uBAAuB;AAC5B,SAAK,cAAc;AACnB,SAAK,aAAa;AAClB,SAAK,gBAAgB;AACrB,SAAK,yBAAyB;AAC9B,SAAK,YAAY;AACjB,SAAK,eAAe;AACpB,SAAK,eAAe;AACpB,SAAK,aAAa;AAClB,SAAK,qBAAqB;AAAA,EAC9B;AAAA,EAEO,eAA0C;AAC7C,QAAI,CAAC,KAAK,aAAa;AACnB,aAAO;AAAA,IACX;AACA,WAAO,KAAK,OAAO,KAAK,WAAW;AAAA,EACvC;AAAA,EAEO,iBAAqC;AACxC,WAAO,KAAK;AAAA,EAChB;AAAA,EAEO,OAAO,OAA0C;AAtG5D;AAuGQ,YAAO,UAAK,yBAAL,mBAA4B;AAAA,EACvC;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AACJ;AA4BO,SAAS,UAAmB;AAC/B,QAAM,UAAU,WAAW,WAAW;AACtC,MAAI,YAAY,QAAW;AACvB,UAAM,IAAI,MAAM,6CAA6C;AAAA,EACjE;AAEA,QAAM,EAAE,SAAS,mBAAmB,IAAI;AACxC,MAAI,SAAS;AACT,WAAO;AAAA,MACH,SAAS;AAAA,MACT,YAAY;AAAA,MACZ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,cAAc;AAAA,IAClB;AAAA,EACJ,WAAW,mBAAmB,MAAM;AAChC,WAAO;AAAA,MACH,SAAS;AAAA,MACT,YAAY;AAAA,MACZ,MAAM,mBAAmB;AAAA,MACzB,aAAa,mBAAmB;AAAA,MAChC,cAAc,QAAQ;AAAA,IAC1B;AAAA,EACJ,OAAO;AACH,WAAO;AAAA,MACH,SAAS;AAAA,MACT,YAAY;AAAA,MACZ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,cAAc;AAAA,IAClB;AAAA,EACJ;AACJ;;;AF/IO,IAAM,cAAc,MAAM,cAA6C,MAAS;AAqBvF,IAAM,mBAAmB;AAAA,EACrB,SAAS;AAAA,EACT,oBAAoB;AAAA,IAChB,MAAM;AAAA,IACN,aAAa;AAAA,EACjB;AAAA,EACA,oBAAoB;AACxB;AAYA,SAAS,iBAAiB,QAAmB,QAAoC;AAC7E,QAAM,6BAA6B,iCAAK,OAAO,OAAZ,EAAkB,cAAc,OAAU;AAC7E,QAAM,kCAAkC,iCAAK,OAAO,mBAAmB,OAA/B,EAAqC,cAAc,OAAU;AACrG,QAAM,qBAAqB,CAAC,OAAO,WAAW,CAAC,QAAQ,4BAA4B,+BAA+B;AAElH,MAAI,CAAC,OAAO,MAAM;AACd,WAAO;AAAA,MACH,SAAS;AAAA,MACT,oBAAoB;AAAA,QAChB,MAAM;AAAA,QACN,aAAa;AAAA,MACjB;AAAA,MACA;AAAA,IACJ;AAAA,EACJ,WAAW,OAAO,SAAS;AACvB,WAAO;AAAA,MACH,SAAS;AAAA,MACT,oBAAoB;AAAA,QAChB,MAAM,OAAO;AAAA,QACb,aAAa,OAAO;AAAA,MACxB;AAAA,MACA;AAAA,IACJ;AAAA,EACJ,OAAO;AACH,WAAO;AAAA,MACH,SAAS;AAAA,MACT,oBAAoB;AAAA,QAChB,MAAM,OAAO;AAAA,QACb,aAAa,OAAO;AAAA,MACxB;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AACJ;AAEO,IAAM,eAAe,CAAC,UAA6B;AA7H1D;AA8HI,QAAM,CAAC,WAAW,aAAa,IAAI,WAAW,kBAAkB,gBAAgB;AAChF,QAAM,SAAS,UAAU;AACzB,QAAM,sBAAqB,WAAM,uBAAN,YAA4B;AAEvD,QAAM,WAAW;AAAA,IACb,CAAC,WAA4B;AACzB,oBAAc,MAAM;AACpB,6BAAuB,OAAO,IAAI;AAAA,IACtC;AAAA,IACA,CAAC,aAAa;AAAA,EAClB;AAIA,YAAU,MAAM;AACZ,QAAI,sBAAsB,UAAU,oBAAoB;AACpD,aAAO,QAAQ;AAAA,IACnB;AAAA,EACJ,GAAG,CAAC,UAAU,oBAAoB,oBAAoB,MAAM,CAAC;AAG7D,YAAU,MAAM;AACZ,QAAI,YAAY;AAEhB,aAAeA,mBAAkB;AAAA;AAC7B,cAAM,SAAS,MAAM,eAAe;AACpC,YAAI,CAAC,aAAa,CAAC,OAAO,OAAO;AAC7B,mBAAS,MAAM;AAAA,QACnB;AAAA,MACJ;AAAA;AAEA,IAAAA,iBAAgB;AAChB,WAAO,MAAM;AACT,kBAAY;AAAA,IAChB;AAAA,EACJ,GAAG,CAAC,CAAC;AAGL,YAAU,MAAM;AACZ,QAAI,YAAY;AAChB,QAAI,aAAyC;AAE7C,aAAS,wBAAwB;AAC7B,UAAI,YAAY;AACZ,qBAAa,UAAU;AAAA,MAC3B;AACA,mBAAa,WAAW,cAAc,KAAK,GAAI;AAAA,IACnD;AAEA,aAAe,eAAe;AAAA;AAC1B,cAAM,SAAS,MAAM,eAAe;AACpC,YAAI,WAAW;AACX;AAAA,QACJ;AACA,YAAI,CAAC,OAAO,OAAO;AACf,mBAAS,MAAM;AAAA,QACnB,WAAW,OAAO,UAAU,cAAc;AACtC,gCAAsB;AAAA,QAC1B;AAAA,MACJ;AAAA;AAEA,aAAe,eAAe,OAAqB;AAAA;AAC/C,YACI,MAAM,QAAQ,iBACd,CAAC,sBAAsB,MAAM,UAAU,UAAU,mBAAmB,IAAI,GAC1E;AACE,gBAAM,aAAa;AAAA,QACvB;AAAA,MACJ;AAAA;AAEA,UAAM,WAAW,YAAY,cAAc,IAAI,KAAK,GAAI;AAExD,QAAI,UAAU,GAAG;AACb,aAAO,iBAAiB,WAAW,cAAc;AACjD,aAAO,iBAAiB,UAAU,YAAY;AAC9C,aAAO,iBAAiB,SAAS,YAAY;AAAA,IACjD;AAEA,WAAO,MAAM;AACT,kBAAY;AACZ,oBAAc,QAAQ;AACtB,UAAI,YAAY;AACZ,qBAAa,UAAU;AAAA,MAC3B;AACA,UAAI,UAAU,GAAG;AACb,eAAO,oBAAoB,WAAW,cAAc;AACpD,eAAO,oBAAoB,UAAU,YAAY;AACjD,eAAO,oBAAoB,SAAS,YAAY;AAAA,MACpD;AAAA,IACJ;AAAA,EACJ,GAAG,CAAC,UAAU,UAAU,mBAAmB,IAAI,CAAC;AAEhD,QAAM,SAAS,YAAY,MAAY;AACnC,UAAM,MAAM,oBAAoB;AAAA,MAC5B,QAAQ;AAAA,MACR,SAAS;AAAA,QACL,gBAAgB;AAAA,MACpB;AAAA,MACA,aAAa;AAAA,IACjB,CAAC;AACD,aAAS,EAAE,MAAM,QAAW,aAAa,OAAU,CAAC;AAAA,EACxD,IAAG,CAAC,QAAQ,CAAC;AAEb,QAAM,kBAAkB,CAAC,SAAkC;AACvD,QAAI,6BAAM,uBAAuB;AAC7B,aAAO,kCAAkC,mBAAmB,KAAK,qBAAqB;AAAA,IAC1F;AAEA,WAAO;AAAA,EACX;AACA,QAAM,mBAAmB,CAAC,SAAmC;AACzD,QAAI,6BAAM,wBAAwB;AAC9B,aAAO,mCAAmC,mBAAmB,KAAK,sBAAsB;AAAA,IAC5F;AAEA,WAAO;AAAA,EACX;AACA,QAAM,oBAAoB;AAAA,IACtB,CAAC,SAA2B;AACxB,aAAO,gBAAgB,GAAG,MAAM,mBAAmB,6BAAM,iBAAiB;AAAA,IAC9E;AAAA,IACA,CAAC,MAAM,OAAO;AAAA,EAClB;AACA,QAAM,gBAAgB;AAAA,IAClB,CAAC,OAAgB,SAA2B;AACxC,UAAI,OAAO;AACP,eAAO,gBAAgB,GAAG,MAAM,kBAAkB,SAAS,6BAAM,iBAAiB;AAAA,MACtF,OAAO;AACH,eAAO,gBAAgB,GAAG,MAAM,eAAe,6BAAM,iBAAiB;AAAA,MAC1E;AAAA,IACJ;AAAA,IACA,CAAC,MAAM,OAAO;AAAA,EAClB;AACA,QAAM,sBAAsB;AAAA,IACxB,CAAC,SAA2B;AACxB,aAAO,gBAAgB,GAAG,MAAM,sBAAsB,6BAAM,iBAAiB;AAAA,IACjF;AAAA,IACA,CAAC,MAAM,OAAO;AAAA,EAClB;AAEA,QAAM,sBAAsB;AAAA,IACxB,CAAC,OAAe,SAA2B;AACvC,aAAO,gBAAgB,GAAG,MAAM,mBAAmB,SAAS,6BAAM,iBAAiB;AAAA,IACvF;AAAA,IACA,CAAC,MAAM,OAAO;AAAA,EAClB;AAEA,QAAM,aAAa,CAAC,QAAgB;AAChC,WAAO,SAAS,OAAO;AAAA,EAC3B;AAEA,QAAM,sBAAsB,CAAC,SAAkC,WAAW,gBAAgB,IAAI,CAAC;AAC/F,QAAM,uBAAuB,CAAC,SAAmC,WAAW,iBAAiB,IAAI,CAAC;AAClG,QAAM,wBAAwB,CAAC,SAA2B,WAAW,kBAAkB,IAAI,CAAC;AAC5F,QAAM,oBAAoB,CAAC,OAAgB,SAA2B,WAAW,cAAc,OAAO,IAAI,CAAC;AAC3G,QAAM,0BAA0B,CAAC,SAA2B,WAAW,oBAAoB,IAAI,CAAC;AAChG,QAAM,0BAA0B,CAAC,OAAe,SAC5C,WAAW,oBAAoB,OAAO,IAAI,CAAC;AAE/C,QAAM,kBAAkB,YAAY,MAAY;AAC5C,UAAM,SAAS,MAAM,eAAe;AACpC,QAAI,OAAO,OAAO;AACd,YAAM,IAAI,MAAM,yBAAyB;AAAA,IAC7C,OAAO;AACH,eAAS,MAAM;AACf,aAAO,OAAO;AAAA,IAClB;AAAA,EACJ,IAAG,CAAC,QAAQ,CAAC;AAEb,QAAM,eAAe;AAAA,IACjB,CAAO,UAAkB;AACrB,YAAM,SAAS,MAAM,oBAAoB,KAAK;AAC9C,UAAI,OAAO,UAAU,cAAc;AAC/B,eAAO;AAAA,MACX,OAAO;AACH,iBAAS,MAAM;AACf,eAAO,OAAO;AAAA,MAClB;AAAA,IACJ;AAAA,IACA,CAAC,QAAQ;AAAA,EACb;AAEA,QAAM,QAAQ;AAAA,IACV,SAAS,UAAU;AAAA,IACnB,oBAAoB,UAAU;AAAA,IAC9B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AACA,SAAO,oCAAC,YAAY,UAAZ,EAAqB,SAAe,MAAM,QAAS;AAC/D;AAiBA,SAAe,iBAA4C;AAAA;AACvD,QAAI;AACA,YAAM,mBAAmB,MAAM,MAAM,sBAAsB;AAAA,QACvD,QAAQ;AAAA,QACR,SAAS;AAAA,UACL,gBAAgB;AAAA,QACpB;AAAA,QACA,aAAa;AAAA,MACjB,CAAC;AAED,UAAI,iBAAiB,IAAI;AACrB,cAAM,EAAE,UAAU,aAAa,oBAAoB,YAAY,IAAI,MAAM,iBAAiB,KAAK;AAC/F,cAAM,OAAO,IAAI,KAAK;AAAA,UAClB,QAAQ,SAAS;AAAA,UACjB,OAAO,SAAS;AAAA,UAChB,gBAAgB,SAAS;AAAA,UACzB,aAAa,SAAS;AAAA,UACtB,UAAU,SAAS;AAAA,UACnB,WAAW,SAAS;AAAA,UACpB,UAAU,SAAS;AAAA,UACnB,YAAY,SAAS;AAAA,UACrB,sBAAsB,uBAAuB,SAAS,kBAAkB;AAAA,UACxE;AAAA,UACA,YAAY,SAAS;AAAA,UACrB,eAAe,SAAS;AAAA,UACxB,wBAAwB,SAAS;AAAA,UACjC,WAAW,SAAS;AAAA,UACpB,cAAc,SAAS;AAAA,UACvB,YAAY,SAAS;AAAA,UACrB;AAAA,QACJ,CAAC;AAED,eAAO,EAAE,MAAM,aAAa,OAAO,OAAU;AAAA,MACjD,WAAW,iBAAiB,WAAW,KAAK;AACxC,eAAO,EAAE,MAAM,QAAW,aAAa,QAAW,OAAO,OAAU;AAAA,MACvE,OAAO;AACH,gBAAQ,KAAK,2BAA2B,gBAAgB;AACxD,eAAO,EAAE,OAAO,aAAa;AAAA,MACjC;AAAA,IACJ,SAAS,GAAP;AACE,cAAQ,KAAK,2BAA2B,CAAC;AACzC,aAAO,EAAE,OAAO,aAAa;AAAA,IACjC;AAAA,EACJ;AAAA;AAYA,SAAe,oBAAoB,OAA8C;AAAA;AAC7E,QAAI;AACA,YAAM,cAAc,IAAI,gBAAgB,EAAE,eAAe,MAAM,CAAC,EAAE,SAAS;AAC3E,YAAM,MAAM,4BAA4B;AACxC,YAAM,mBAAmB,MAAM,MAAM,KAAK;AAAA,QACtC,QAAQ;AAAA,QACR,SAAS;AAAA,UACL,gBAAgB;AAAA,QACpB;AAAA,QACA,aAAa;AAAA,MACjB,CAAC;AAED,UAAI,iBAAiB,IAAI;AACrB,cAAM,EAAE,UAAU,aAAa,oBAAoB,YAAY,IAAI,MAAM,iBAAiB,KAAK;AAC/F,cAAM,OAAO,IAAI,KAAK;AAAA,UAClB,QAAQ,SAAS;AAAA,UACjB,OAAO,SAAS;AAAA,UAChB,gBAAgB,SAAS;AAAA,UACzB,aAAa,SAAS;AAAA,UACtB,UAAU,SAAS;AAAA,UACnB,WAAW,SAAS;AAAA,UACpB,UAAU,SAAS;AAAA,UACnB,YAAY,SAAS;AAAA,UACrB,sBAAsB,uBAAuB,SAAS,kBAAkB;AAAA,UACxE;AAAA,UACA,YAAY,SAAS;AAAA,UACrB,eAAe,SAAS;AAAA,UACxB,wBAAwB,SAAS;AAAA,UACjC,WAAW,SAAS;AAAA,UACpB,cAAc,SAAS;AAAA,UACvB,YAAY,SAAS;AAAA,UACrB;AAAA,QACJ,CAAC;AAED,eAAO,EAAE,MAAM,aAAa,OAAO,OAAU;AAAA,MACjD,WAAW,iBAAiB,WAAW,KAAK;AACxC,eAAO,EAAE,OAAO,aAAa;AAAA,MACjC,OAAO;AACH,gBAAQ,KAAK,4BAA4B,gBAAgB;AAAA,MAC7D;AAAA,IACJ,SAAS,GAAP;AACE,cAAQ,KAAK,4BAA4B,CAAC;AAAA,IAC9C;AACA,UAAM,IAAI,MAAM,0BAA0B;AAAA,EAC9C;AAAA;AAEA,IAAM,eAAe,CAAC,QAAgB;AAClC,QAAM,SAAS,SAAS,OAAO,OAAO;AACtC,SAAO,OAAO,GAAG;AACrB;AAEA,IAAM,kBAAkB,CAAC,KAAa,iBAA0B;AAC5D,MAAI,CAAC,cAAc;AACf,WAAO;AAAA,EACX;AAEA,MAAI,KAAK,IAAI,gBAAgB;AAC7B,KAAG,IAAI,MAAM,aAAa,YAAY,CAAC;AACvC,MAAI,IAAI,SAAS,GAAG,GAAG;AACnB,WAAO,GAAG,OAAO,GAAG,SAAS;AAAA,EACjC,OAAO;AACH,WAAO,GAAG,OAAO,GAAG,SAAS;AAAA,EACjC;AACJ;;;AG/cA,SAAS,cAAAC,mBAAkB;AAGpB,SAAS,oBAAoB;AAChC,QAAM,UAAUC,YAAW,WAAW;AACtC,MAAI,YAAY,QAAW;AACvB,UAAM,IAAI,MAAM,uDAAuD;AAAA,EAC3E;AACA,QAAM;AAAA,IACF;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ,IAAI;AACJ,SAAO;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AACJ;;;ACxBA,SAAS,cAAAC,mBAAkB;AAGpB,SAAS,oBAAoB;AAChC,QAAM,UAAUC,YAAW,WAAW;AACtC,MAAI,YAAY,QAAW;AACvB,UAAM,IAAI,MAAM,uDAAuD;AAAA,EAC3E;AACA,QAAM,EAAE,OAAO,IAAI;AACnB,SAAO;AACX;;;ACVA,OAAOC,UAAS,cAAAC,aAAY,aAAAC,kBAAiB;AAGtC,SAAS,uBAAuB;AACnC,QAAM,UAAUC,YAAW,WAAW;AACtC,MAAI,YAAY,QAAW;AACvB,UAAM,IAAI,MAAM,0DAA0D;AAAA,EAC9E;AACA,QAAM;AAAA,IACF;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ,IAAI;AACJ,SAAO;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AACJ;AAMO,SAAS,iBAAiB,EAAE,SAAS,GAAkB;AAC1D,QAAM,EAAE,qBAAqB,IAAI,qBAAqB;AAEtD,EAAAC,WAAU,MAAM;AACZ,yBAAqB;AAAA,EACzB,GAAG,CAAC,CAAC;AAEL,SAAO,gBAAAC,OAAA,cAAAA,OAAA,gBAAG,QAAS;AACvB;AAEO,SAAS,gBAAgB,EAAE,SAAS,GAAkB;AACzD,QAAM,EAAE,oBAAoB,IAAI,qBAAqB;AACrD,EAAAD,WAAU,MAAM;AACZ,wBAAoB;AAAA,EACxB,GAAG,CAAC,CAAC;AACL,SAAO,gBAAAC,OAAA,cAAAA,OAAA,gBAAG,QAAS;AACvB;;;AC9CA,SAAS,cAAAC,mBAAkB;AAGpB,SAAS,iBAAiB;AAC7B,QAAM,UAAUC,YAAW,WAAW;AACtC,MAAI,YAAY,QAAW;AACvB,UAAM,IAAI,MAAM,oDAAoD;AAAA,EACxE;AACA,QAAM,EAAE,gBAAgB,IAAI;AAC5B,SAAO;AACX;","names":["refreshAuthInfo","useContext","useContext","useContext","useContext","React","useContext","useEffect","useContext","useEffect","React","useContext","useContext"]}
1
+ {"version":3,"sources":["../../src/loginMethod.ts","../../src/user.ts","../../src/client/AuthProvider.tsx","../../src/client/utils.ts","../../src/client/useUser.tsx","../../src/client/useHostedPageUrls.tsx","../../src/client/useLogoutFunction.ts","../../src/client/useRedirectFunctions.tsx","../../src/client/useRefreshAuth.ts"],"sourcesContent":["export enum SocialLoginProvider {\n Google = 'Google',\n GitHub = 'GitHub',\n Microsoft = 'Microsoft',\n Slack = 'Slack',\n LinkedIn = 'LinkedIn',\n Salesforce = 'Salesforce',\n Xero = 'Xero',\n QuickBooksOnline = 'QuickBooks Online',\n}\n\nexport enum SamlLoginProvider {\n Google = 'Google',\n Rippling = 'Rippling',\n OneLogin = 'OneLogin',\n JumpCloud = 'JumpCloud',\n Okta = 'Okta',\n Azure = 'Azure',\n Duo = 'Duo',\n Generic = 'Generic',\n}\n\ntype InternalPasswordLoginMethod = {\n login_method: 'password'\n}\n\ntype InternalMagicLinkLoginMethod = {\n login_method: 'magic_link'\n}\n\ntype InternalSocialSsoLoginMethod = {\n login_method: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype InternalEmailConfirmationLinkLoginMethod = {\n login_method: 'email_confirmation_link'\n}\n\ntype InternalSamlSsoLoginMethod = {\n login_method: 'saml_sso'\n provider: SamlLoginProvider\n org_id: string\n}\n\ntype InternalImpersonationLoginMethod = {\n login_method: 'impersonation'\n}\n\ntype InternalGeneratedFromBackendApiLoginMethod = {\n login_method: 'generated_from_backend_api'\n}\n\ntype InternalUnknownLoginMethod = {\n login_method: 'unknown'\n}\n\nexport type InternalLoginMethod =\n | InternalPasswordLoginMethod\n | InternalMagicLinkLoginMethod\n | InternalSocialSsoLoginMethod\n | InternalEmailConfirmationLinkLoginMethod\n | InternalSamlSsoLoginMethod\n | InternalImpersonationLoginMethod\n | InternalGeneratedFromBackendApiLoginMethod\n | InternalUnknownLoginMethod\n\ntype PasswordLoginMethod = {\n loginMethod: 'password'\n}\n\ntype MagicLinkLoginMethod = {\n loginMethod: 'magic_link'\n}\n\ntype SocialSsoLoginMethod = {\n loginMethod: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype EmailConfirmationLinkLoginMethod = {\n loginMethod: 'email_confirmation_link'\n}\n\ntype SamlSsoLoginMethod = {\n loginMethod: 'saml_sso'\n provider: SamlLoginProvider\n orgId: string\n}\n\ntype ImpersonationLoginMethod = {\n loginMethod: 'impersonation'\n}\n\ntype GeneratedFromBackendApiLoginMethod = {\n loginMethod: 'generated_from_backend_api'\n}\n\ntype UnknownLoginMethod = {\n loginMethod: 'unknown'\n}\n\nexport type LoginMethod =\n | PasswordLoginMethod\n | MagicLinkLoginMethod\n | SocialSsoLoginMethod\n | EmailConfirmationLinkLoginMethod\n | SamlSsoLoginMethod\n | ImpersonationLoginMethod\n | GeneratedFromBackendApiLoginMethod\n | UnknownLoginMethod\n\nexport function toLoginMethod(snake_case?: InternalLoginMethod): LoginMethod {\n if (!snake_case) {\n return { loginMethod: 'unknown' }\n }\n\n switch (snake_case.login_method) {\n case 'password':\n return { loginMethod: 'password' }\n case 'magic_link':\n return { loginMethod: 'magic_link' }\n case 'social_sso':\n return { loginMethod: 'social_sso', provider: snake_case.provider }\n case 'email_confirmation_link':\n return { loginMethod: 'email_confirmation_link' }\n case 'saml_sso':\n return { loginMethod: 'saml_sso', provider: snake_case.provider, orgId: snake_case.org_id }\n case 'impersonation':\n return { loginMethod: 'impersonation' }\n case 'generated_from_backend_api':\n return { loginMethod: 'generated_from_backend_api' }\n default:\n return { loginMethod: 'unknown' }\n }\n}\n","import { InternalLoginMethod, LoginMethod, toLoginMethod } from './loginMethod'\n\nexport class UserFromToken {\n public userId: string\n\n public activeOrgId?: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n public properties?: { [key: string]: unknown }\n public loginMethod?: LoginMethod\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string,\n properties?: { [key: string]: unknown },\n activeOrgId?: string,\n loginMethod?: LoginMethod\n ) {\n this.userId = userId\n\n this.activeOrgId = activeOrgId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n\n this.properties = properties\n this.loginMethod = loginMethod\n }\n\n public getActiveOrg(): OrgMemberInfo | undefined {\n if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[this.activeOrgId]\n }\n\n public getActiveOrgId(): string | undefined {\n return this.activeOrgId\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, '-')\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): UserFromToken {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]))\n }\n return new UserFromToken(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId,\n obj.properties,\n obj.activeOrgId,\n obj.loginMethod\n )\n }\n\n public static fromJwtPayload(payload: InternalUser): UserFromToken {\n let activeOrgId: string | undefined\n let orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo | undefined\n\n if (payload.org_member_info) {\n activeOrgId = payload.org_member_info.org_id\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info })\n } else {\n activeOrgId = undefined\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info)\n }\n\n const loginMethod = toLoginMethod(payload.login_method)\n\n return new UserFromToken(\n payload.user_id,\n payload.email,\n orgIdToOrgMemberInfo,\n payload.first_name,\n payload.last_name,\n payload.username,\n payload.legacy_user_id,\n payload.impersonatorUserId,\n payload.properties,\n activeOrgId,\n loginMethod\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport enum OrgRoleStructure {\n SingleRole = \"single_role_in_hierarchy\",\n MultiRole = \"multi_role\",\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n public orgRoleStructure: OrgRoleStructure\n\n public userAssignedRole: string\n public userInheritedRolesPlusCurrentRole: string[]\n public userPermissions: string[]\n public userAssignedAdditionalRoles: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[],\n orgRoleStructure: OrgRoleStructure,\n userAssignedAdditionalRoles: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n this.orgRoleStructure = orgRoleStructure\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n this.userAssignedAdditionalRoles = userAssignedAdditionalRoles\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedRole === role || this.userAssignedAdditionalRoles.includes(role)\n } else {\n return this.userAssignedRole === role\n }\n }\n\n public isAtLeastRole(role: string): boolean {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedRole === role || this.userAssignedAdditionalRoles.includes(role)\n } else {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions,\n obj.orgRoleStructure,\n obj.userAssignedAdditionalRoles\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get assignedRoles(): string[] {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedAdditionalRoles.concat(this.userAssignedRole)\n } else {\n return [this.userAssignedRole]\n }\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedAdditionalRoles.concat(this.userAssignedRole)\n } else {\n return this.userInheritedRolesPlusCurrentRole\n }\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n org_role_structure: OrgRoleStructure\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n additional_roles: string[]\n}\n\nexport type InternalUser = {\n user_id: string\n\n org_member_info?: InternalOrgMemberInfo\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n properties?: { [key: string]: unknown }\n login_method?: InternalLoginMethod\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): UserFromToken {\n return UserFromToken.fromJwtPayload(snake_case)\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions,\n snakeCaseValue.org_role_structure,\n snakeCaseValue.additional_roles\n )\n }\n }\n\n return camelCase\n}\n","'use client'\n\nimport React, { useCallback, useEffect, useReducer } from 'react'\nimport { doesLocalStorageMatch, hasWindow, isEqual, saveUserToLocalStorage, USER_INFO_KEY } from './utils'\nimport { useRouter } from 'next/navigation.js'\nimport { User } from './useUser'\nimport { toOrgIdToOrgMemberInfo } from '../user'\n\nexport interface RedirectToSignupOptions {\n postSignupRedirectPath?: string\n userSignupQueryParameters?: Record<string, string>\n}\nexport interface RedirectToLoginOptions {\n postLoginRedirectPath?: string\n userSignupQueryParameters?: Record<string, string>\n}\nexport interface RedirectOptions {\n redirectBackToUrl?: string\n}\n\ninterface InternalAuthState {\n loading: boolean\n userAndAccessToken: UserAndAccessToken\n\n logout: () => Promise<void>\n\n redirectToLoginPage: (opts?: RedirectToLoginOptions) => void\n redirectToSignupPage: (opts?: RedirectToSignupOptions) => void\n redirectToAccountPage: (opts?: RedirectOptions) => void\n redirectToOrgPage: (orgId?: string, opts?: RedirectOptions) => void\n redirectToOrgSettingsPage: (orgId?: string, opts?: RedirectOptions) => void\n redirectToCreateOrgPage: (opts?: RedirectOptions) => void\n redirectToSetupSAMLPage: (orgId: string, opts?: RedirectOptions) => void\n\n getSignupPageUrl(opts?: RedirectToSignupOptions): string\n getLoginPageUrl(opts?: RedirectToLoginOptions): string\n getAccountPageUrl(opts?: RedirectOptions): string\n getOrgPageUrl(orgId?: string, opts?: RedirectOptions): string\n getOrgSettingsPageUrl(orgId?: string, opts?: RedirectOptions): string\n getCreateOrgPageUrl(opts?: RedirectOptions): string\n getSetupSAMLPageUrl(orgId: string, opts?: RedirectOptions): string\n\n refreshAuthInfo: () => Promise<User | undefined>\n setActiveOrg: (orgId: string) => Promise<User | undefined>\n}\n\nexport type AuthProviderProps = {\n authUrl: string\n reloadOnAuthChange?: boolean\n children?: React.ReactNode\n}\n\nexport const AuthContext = React.createContext<InternalAuthState | undefined>(undefined)\n\ntype UserAndAccessToken =\n | {\n user: User\n accessToken: string\n }\n | {\n user: undefined\n accessToken: undefined\n }\n\ntype AuthState = {\n loading: boolean\n userAndAccessToken: UserAndAccessToken\n\n // There's no good way to trigger server components to reload outside of router.refresh()\n // This is our workaround until the app router has something better\n authChangeDetected: boolean\n}\n\nconst initialAuthState = {\n loading: true,\n userAndAccessToken: {\n user: undefined,\n accessToken: undefined,\n },\n authChangeDetected: false,\n}\n\ntype AuthStateAction =\n | {\n user: User\n accessToken: string\n }\n | {\n user: undefined\n accessToken: undefined\n }\n\nfunction authStateReducer(_state: AuthState, action: AuthStateAction): AuthState {\n const newUserForEqualityChecking = { ...action.user, lastActiveAt: undefined }\n const existingUserForEqualityChecking = { ..._state.userAndAccessToken.user, lastActiveAt: undefined }\n const authChangeDetected = !_state.loading && !isEqual(newUserForEqualityChecking, existingUserForEqualityChecking)\n\n if (!action.user) {\n return {\n loading: false,\n userAndAccessToken: {\n user: undefined,\n accessToken: undefined,\n },\n authChangeDetected,\n }\n } else if (_state.loading) {\n return {\n loading: false,\n userAndAccessToken: {\n user: action.user,\n accessToken: action.accessToken,\n },\n authChangeDetected,\n }\n } else {\n return {\n loading: false,\n userAndAccessToken: {\n user: action.user,\n accessToken: action.accessToken,\n },\n authChangeDetected,\n }\n }\n}\n\nexport const AuthProvider = (props: AuthProviderProps) => {\n const [authState, dispatchInner] = useReducer(authStateReducer, initialAuthState)\n const router = useRouter()\n const reloadOnAuthChange = props.reloadOnAuthChange ?? true\n\n const dispatch = useCallback(\n (action: AuthStateAction) => {\n dispatchInner(action)\n saveUserToLocalStorage(action.user)\n },\n [dispatchInner]\n )\n\n // This is because we don't have a good way to trigger server components to reload outside of router.refresh()\n // Once server actions isn't alpha, we can hopefully use that instead\n useEffect(() => {\n if (reloadOnAuthChange && authState.authChangeDetected) {\n router.refresh()\n }\n }, [authState.authChangeDetected, reloadOnAuthChange, router])\n\n // Trigger an initial refresh\n useEffect(() => {\n let didCancel = false\n\n async function refreshAuthInfo() {\n const action = await apiGetUserInfo()\n if (!didCancel && !action.error) {\n dispatch(action)\n }\n }\n\n refreshAuthInfo()\n return () => {\n didCancel = true\n }\n }, [])\n\n // Periodically refresh the token\n useEffect(() => {\n let didCancel = false\n let retryTimer: NodeJS.Timeout | undefined = undefined\n\n function clearAndSetRetryTimer() {\n if (retryTimer) {\n clearTimeout(retryTimer)\n }\n retryTimer = setTimeout(refreshToken, 30 * 1000)\n }\n\n async function refreshToken() {\n const action = await apiGetUserInfo()\n if (didCancel) {\n return\n }\n if (!action.error) {\n dispatch(action)\n } else if (action.error === 'unexpected') {\n clearAndSetRetryTimer()\n }\n }\n\n async function onStorageEvent(event: StorageEvent) {\n if (\n event.key === USER_INFO_KEY &&\n !doesLocalStorageMatch(event.newValue, authState.userAndAccessToken.user)\n ) {\n await refreshToken()\n }\n }\n\n const interval = setInterval(refreshToken, 5 * 60 * 1000)\n\n if (hasWindow()) {\n window.addEventListener('storage', onStorageEvent)\n window.addEventListener('online', refreshToken)\n window.addEventListener('focus', refreshToken)\n }\n\n return () => {\n didCancel = true\n clearInterval(interval)\n if (retryTimer) {\n clearTimeout(retryTimer)\n }\n if (hasWindow()) {\n window.removeEventListener('storage', onStorageEvent)\n window.removeEventListener('online', refreshToken)\n window.removeEventListener('focus', refreshToken)\n }\n }\n }, [dispatch, authState.userAndAccessToken.user])\n\n const logout = useCallback(async () => {\n await fetch('/api/auth/logout', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n credentials: 'include',\n })\n dispatch({ user: undefined, accessToken: undefined })\n }, [dispatch])\n\n const getLoginPageUrl = (opts?: RedirectToLoginOptions) => {\n if (opts?.postLoginRedirectPath) {\n return `/api/auth/login?return_to_path=${encodeURIComponent(opts.postLoginRedirectPath)}`\n }\n\n return '/api/auth/login'\n }\n const getSignupPageUrl = (opts?: RedirectToSignupOptions) => {\n if (opts?.postSignupRedirectPath) {\n return `/api/auth/signup?return_to_path=${encodeURIComponent(opts.postSignupRedirectPath)}`\n }\n\n return '/api/auth/signup'\n }\n const getAccountPageUrl = useCallback(\n (opts?: RedirectOptions) => {\n return addReturnToPath(`${props.authUrl}/account`, opts?.redirectBackToUrl)\n },\n [props.authUrl]\n )\n const getOrgPageUrl = useCallback(\n (orgId?: string, opts?: RedirectOptions) => {\n if (orgId) {\n return addReturnToPath(`${props.authUrl}/org?id=${orgId}`, opts?.redirectBackToUrl)\n } else {\n return addReturnToPath(`${props.authUrl}/org`, opts?.redirectBackToUrl)\n }\n },\n [props.authUrl]\n )\n const getOrgSettingsPageUrl = useCallback(\n (orgId?: string, opts?: RedirectOptions) => {\n if (orgId) {\n return addReturnToPath(`${props.authUrl}/org/settings/${orgId}`, opts?.redirectBackToUrl)\n } else {\n return addReturnToPath(`${props.authUrl}/org/settings`, opts?.redirectBackToUrl)\n }\n },\n [props.authUrl]\n )\n const getCreateOrgPageUrl = useCallback(\n (opts?: RedirectOptions) => {\n return addReturnToPath(`${props.authUrl}/create_org`, opts?.redirectBackToUrl)\n },\n [props.authUrl]\n )\n\n const getSetupSAMLPageUrl = useCallback(\n (orgId: string, opts?: RedirectOptions) => {\n return addReturnToPath(`${props.authUrl}/saml?id=${orgId}`, opts?.redirectBackToUrl)\n },\n [props.authUrl]\n )\n\n const redirectTo = (url: string) => {\n window.location.href = url\n }\n\n const redirectToLoginPage = (opts?: RedirectToLoginOptions) => redirectTo(getLoginPageUrl(opts))\n const redirectToSignupPage = (opts?: RedirectToSignupOptions) => redirectTo(getSignupPageUrl(opts))\n const redirectToAccountPage = (opts?: RedirectOptions) => redirectTo(getAccountPageUrl(opts))\n const redirectToOrgPage = (orgId?: string, opts?: RedirectOptions) => redirectTo(getOrgPageUrl(orgId, opts))\n const redirectToOrgSettingsPage = (orgId?: string, opts?: RedirectOptions) =>\n redirectTo(getOrgSettingsPageUrl(orgId, opts))\n const redirectToCreateOrgPage = (opts?: RedirectOptions) => redirectTo(getCreateOrgPageUrl(opts))\n const redirectToSetupSAMLPage = (orgId: string, opts?: RedirectOptions) =>\n redirectTo(getSetupSAMLPageUrl(orgId, opts))\n\n const refreshAuthInfo = useCallback(async () => {\n const action = await apiGetUserInfo()\n if (action.error) {\n throw new Error('Failed to refresh token')\n } else {\n dispatch(action)\n return action.user\n }\n }, [dispatch])\n\n const setActiveOrg = useCallback(\n async (orgId: string) => {\n const action = await apiPostSetActiveOrg(orgId)\n if (action.error === 'not_in_org') {\n return undefined\n } else {\n dispatch(action)\n return action.user\n }\n },\n [dispatch]\n )\n\n const value = {\n loading: authState.loading,\n userAndAccessToken: authState.userAndAccessToken,\n logout,\n redirectToLoginPage,\n redirectToSignupPage,\n redirectToAccountPage,\n redirectToOrgPage,\n redirectToOrgSettingsPage,\n redirectToCreateOrgPage,\n redirectToSetupSAMLPage,\n getLoginPageUrl,\n getSignupPageUrl,\n getAccountPageUrl,\n getOrgPageUrl,\n getOrgSettingsPageUrl,\n getCreateOrgPageUrl,\n getSetupSAMLPageUrl,\n refreshAuthInfo,\n setActiveOrg,\n }\n return <AuthContext.Provider value={value}>{props.children}</AuthContext.Provider>\n}\n\ntype UserInfoResponse =\n | {\n error: undefined\n user: User\n accessToken: string\n }\n | {\n error: undefined\n user: undefined\n accessToken: undefined\n }\n | {\n error: 'unexpected'\n }\n\nasync function apiGetUserInfo(): Promise<UserInfoResponse> {\n try {\n const userInfoResponse = await fetch('/api/auth/userinfo', {\n method: 'GET',\n headers: {\n 'Content-Type': 'application/json',\n },\n credentials: 'include',\n })\n\n if (userInfoResponse.ok) {\n const { userinfo, accessToken, impersonatorUserId, activeOrgId } = await userInfoResponse.json()\n const user = new User({\n userId: userinfo.user_id,\n email: userinfo.email,\n emailConfirmed: userinfo.email_confirmed,\n hasPassword: userinfo.has_password,\n username: userinfo.username,\n firstName: userinfo.first_name,\n lastName: userinfo.last_name,\n pictureUrl: userinfo.picture_url,\n orgIdToOrgMemberInfo: toOrgIdToOrgMemberInfo(userinfo.org_id_to_org_info),\n activeOrgId,\n mfaEnabled: userinfo.mfa_enabled,\n canCreateOrgs: userinfo.can_create_orgs,\n updatePasswordRequired: userinfo.update_password_required,\n createdAt: userinfo.created_at,\n lastActiveAt: userinfo.last_active_at,\n properties: userinfo.properties,\n impersonatorUserId,\n })\n\n return { user, accessToken, error: undefined }\n } else if (userInfoResponse.status === 401) {\n return { user: undefined, accessToken: undefined, error: undefined }\n } else {\n console.info('Failed to refresh token', userInfoResponse)\n return { error: 'unexpected' }\n }\n } catch (e) {\n console.info('Failed to refresh token', e)\n return { error: 'unexpected' }\n }\n}\n\ntype SetActiveOrgResponse =\n | {\n user: User\n accessToken: string\n error: undefined\n }\n | {\n error: 'not_in_org'\n }\n\nasync function apiPostSetActiveOrg(orgId: string): Promise<SetActiveOrgResponse> {\n try {\n const queryParams = new URLSearchParams({ active_org_id: orgId }).toString()\n const url = `/api/auth/set-active-org?${queryParams}`\n const userInfoResponse = await fetch(url, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n credentials: 'include',\n })\n\n if (userInfoResponse.ok) {\n const { userinfo, accessToken, impersonatorUserId, activeOrgId } = await userInfoResponse.json()\n const user = new User({\n userId: userinfo.user_id,\n email: userinfo.email,\n emailConfirmed: userinfo.email_confirmed,\n hasPassword: userinfo.has_password,\n username: userinfo.username,\n firstName: userinfo.first_name,\n lastName: userinfo.last_name,\n pictureUrl: userinfo.picture_url,\n orgIdToOrgMemberInfo: toOrgIdToOrgMemberInfo(userinfo.org_id_to_org_info),\n activeOrgId,\n mfaEnabled: userinfo.mfa_enabled,\n canCreateOrgs: userinfo.can_create_orgs,\n updatePasswordRequired: userinfo.update_password_required,\n createdAt: userinfo.created_at,\n lastActiveAt: userinfo.last_active_at,\n properties: userinfo.properties,\n impersonatorUserId,\n })\n\n return { user, accessToken, error: undefined }\n } else if (userInfoResponse.status === 401) {\n return { error: 'not_in_org' }\n } else {\n console.info('Failed to set active org', userInfoResponse)\n }\n } catch (e) {\n console.info('Failed to set active org', e)\n }\n throw new Error('Failed to set active org')\n}\n\nconst encodeBase64 = (str: string) => {\n const encode = window ? window.btoa : btoa\n return encode(str)\n}\n\nconst addReturnToPath = (url: string, returnToPath?: string) => {\n if (!returnToPath) {\n return url\n }\n\n let qs = new URLSearchParams()\n qs.set('rt', encodeBase64(returnToPath))\n if (url.includes('?')) {\n return `${url}&${qs.toString()}`\n } else {\n return `${url}?${qs.toString()}`\n }\n}\n","import { UserFromToken } from '../user'\nimport { User } from './useUser'\n\nexport const USER_INFO_KEY = '__PROPEL_AUTH_USER_INFO'\n\nexport function hasWindow(): boolean {\n return typeof window !== 'undefined'\n}\n\nexport function saveUserToLocalStorage(user: User | undefined) {\n if (user) {\n localStorage.setItem(USER_INFO_KEY, JSON.stringify(user))\n } else {\n localStorage.setItem(USER_INFO_KEY, '{}')\n }\n}\n\nexport function doesLocalStorageMatch(newValue: string | null, user: UserFromToken | undefined): boolean {\n if (!newValue) {\n return false\n } else if (!user) {\n return newValue === '{}'\n }\n\n const parsed = JSON.parse(newValue)\n if (!parsed) {\n return false\n }\n\n return isEqual(parsed, jsonSerialize(user))\n}\n\nexport function isEqual(a: any, b: any): boolean {\n if (typeof a !== typeof b) {\n return false\n } else if (a === null || b === null) {\n return a === b\n }\n\n if (Array.isArray(a) !== Array.isArray(b)) {\n return false\n }\n\n if (Array.isArray(a)) {\n const aArray = a as any[]\n const bArray = b as any[]\n if (aArray.length !== bArray.length) {\n return false\n }\n\n for (let i = 0; i < aArray.length; i++) {\n if (!isEqual(aArray[i], bArray[i])) {\n return false\n }\n }\n\n return true\n }\n\n if (typeof a === 'object') {\n const aKeys = Object.keys(a)\n const bKeys = Object.keys(b)\n if (aKeys.length !== bKeys.length) {\n return false\n }\n\n for (const key of aKeys) {\n if (!isEqual(a[key], b[key])) {\n return false\n }\n }\n\n return true\n } else {\n return a === b\n }\n}\n\n// We need to make sure that the comparison is done with objects that have gone through the same transformation, so we mimic the localStorage transformation to json and back\nfunction jsonSerialize(userFromToken: UserFromToken) {\n return JSON.parse(JSON.stringify(userFromToken))\n}","'use client'\n\nimport { useContext } from 'react'\nimport { AuthContext } from './AuthProvider'\nimport { OrgIdToOrgMemberInfo, OrgMemberInfo } from '../user'\n\nexport class User {\n public userId: string\n public email: string\n public emailConfirmed: boolean\n public hasPassword: boolean\n\n public username?: string\n public firstName?: string\n public lastName?: string\n public pictureUrl?: string\n\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n public activeOrgId?: string\n\n public mfaEnabled: boolean\n public canCreateOrgs: boolean\n public updatePasswordRequired: boolean\n\n public createdAt: number\n public lastActiveAt: number\n\n public properties?: { [key: string]: unknown }\n\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor({\n userId,\n email,\n emailConfirmed,\n hasPassword,\n username,\n firstName,\n lastName,\n pictureUrl,\n orgIdToOrgMemberInfo,\n activeOrgId,\n mfaEnabled,\n canCreateOrgs,\n updatePasswordRequired,\n createdAt,\n lastActiveAt,\n legacyUserId,\n properties,\n impersonatorUserId,\n }: {\n userId: string\n email: string\n emailConfirmed: boolean\n hasPassword: boolean\n username?: string\n firstName?: string\n lastName?: string\n pictureUrl?: string\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n activeOrgId?: string\n mfaEnabled: boolean\n canCreateOrgs: boolean\n updatePasswordRequired: boolean\n createdAt: number\n lastActiveAt: number\n legacyUserId?: string\n properties?: { [key: string]: unknown }\n impersonatorUserId?: string\n }) {\n this.userId = userId\n this.email = email\n this.emailConfirmed = emailConfirmed\n this.hasPassword = hasPassword\n this.username = username\n this.firstName = firstName\n this.lastName = lastName\n this.pictureUrl = pictureUrl\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n this.activeOrgId = activeOrgId\n this.mfaEnabled = mfaEnabled\n this.canCreateOrgs = canCreateOrgs\n this.updatePasswordRequired = updatePasswordRequired\n this.createdAt = createdAt\n this.lastActiveAt = lastActiveAt\n this.legacyUserId = legacyUserId\n this.properties = properties\n this.impersonatorUserId = impersonatorUserId\n }\n\n public getActiveOrg(): OrgMemberInfo | undefined {\n if (!this.activeOrgId) {\n return undefined\n }\n return this.getOrg(this.activeOrgId)\n }\n\n public getActiveOrgId(): string | undefined {\n return this.activeOrgId\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n return this.orgIdToOrgMemberInfo?.[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, '-')\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n}\n\nexport type UseUserLoading = {\n loading: true\n isLoggedIn: never\n user: never\n accessToken: never\n setActiveOrg: never\n}\n\nexport type UseUserLoggedIn = {\n loading: false\n isLoggedIn: true\n user: User\n accessToken: string\n setActiveOrg: (orgId: string) => Promise<User | undefined>\n}\n\nexport type UseUserNotLoggedIn = {\n loading: false\n isLoggedIn: false\n user: undefined\n accessToken: undefined\n setActiveOrg: never\n}\n\nexport type UseUser = UseUserLoading | UseUserLoggedIn | UseUserNotLoggedIn\n\nexport function useUser(): UseUser {\n const context = useContext(AuthContext)\n if (context === undefined) {\n throw new Error('useUser must be used within an AuthProvider')\n }\n\n const { loading, userAndAccessToken } = context\n if (loading) {\n return {\n loading: true,\n isLoggedIn: undefined as never,\n user: undefined as never,\n accessToken: undefined as never,\n setActiveOrg: undefined as never,\n }\n } else if (userAndAccessToken.user) {\n return {\n loading: false,\n isLoggedIn: true,\n user: userAndAccessToken.user,\n accessToken: userAndAccessToken.accessToken,\n setActiveOrg: context.setActiveOrg,\n }\n } else {\n return {\n loading: false,\n isLoggedIn: false,\n user: undefined,\n accessToken: undefined,\n setActiveOrg: undefined as never,\n }\n }\n}\n","import { useContext } from 'react'\nimport { AuthContext } from './AuthProvider'\n\nexport function useHostedPageUrls() {\n const context = useContext(AuthContext)\n if (context === undefined) {\n throw new Error('useHostedPageUrls must be used within an AuthProvider')\n }\n const {\n getLoginPageUrl,\n getSignupPageUrl,\n getAccountPageUrl,\n getOrgPageUrl,\n getOrgSettingsPageUrl,\n getCreateOrgPageUrl,\n getSetupSAMLPageUrl,\n } = context\n return {\n getLoginPageUrl,\n getSignupPageUrl,\n getAccountPageUrl,\n getOrgPageUrl,\n getOrgSettingsPageUrl,\n getCreateOrgPageUrl,\n getSetupSAMLPageUrl,\n }\n}\n","import { useContext } from \"react\"\nimport { AuthContext } from \"./AuthProvider\"\n\nexport function useLogoutFunction() {\n const context = useContext(AuthContext)\n if (context === undefined) {\n throw new Error(\"useLogoutFunction must be used within an AuthProvider\")\n }\n const { logout } = context\n return logout\n}\n","import React, { useContext, useEffect } from 'react'\nimport { AuthContext } from './AuthProvider'\n\nexport function useRedirectFunctions() {\n const context = useContext(AuthContext)\n if (context === undefined) {\n throw new Error('useRedirectFunctions must be used within an AuthProvider')\n }\n const {\n redirectToAccountPage,\n redirectToSignupPage,\n redirectToLoginPage,\n redirectToOrgPage,\n redirectToOrgSettingsPage,\n redirectToCreateOrgPage,\n redirectToSetupSAMLPage,\n } = context\n return {\n redirectToSignupPage,\n redirectToLoginPage,\n redirectToAccountPage,\n redirectToOrgPage,\n redirectToOrgSettingsPage,\n redirectToCreateOrgPage,\n redirectToSetupSAMLPage,\n }\n}\n\nexport interface RedirectProps {\n children?: React.ReactNode\n}\n\nexport function RedirectToSignup({ children }: RedirectProps) {\n const { redirectToSignupPage } = useRedirectFunctions()\n\n useEffect(() => {\n redirectToSignupPage()\n }, [])\n\n return <>{children}</>\n}\n\nexport function RedirectToLogin({ children }: RedirectProps) {\n const { redirectToLoginPage } = useRedirectFunctions()\n useEffect(() => {\n redirectToLoginPage()\n }, [])\n return <>{children}</>\n}\n","import { useContext } from \"react\"\nimport { AuthContext } from \"./AuthProvider\"\n\nexport function useRefreshAuth() {\n const context = useContext(AuthContext)\n if (context === undefined) {\n throw new Error(\"useRefreshAuth must be used within an AuthProvider\")\n }\n const { refreshAuthInfo } = context\n return refreshAuthInfo\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgHO,SAAS,cAAc,YAA+C;AACzE,MAAI,CAAC,YAAY;AACb,WAAO,EAAE,aAAa,UAAU;AAAA,EACpC;AAEA,UAAQ,WAAW,cAAc;AAAA,IAC7B,KAAK;AACD,aAAO,EAAE,aAAa,WAAW;AAAA,IACrC,KAAK;AACD,aAAO,EAAE,aAAa,aAAa;AAAA,IACvC,KAAK;AACD,aAAO,EAAE,aAAa,cAAc,UAAU,WAAW,SAAS;AAAA,IACtE,KAAK;AACD,aAAO,EAAE,aAAa,0BAA0B;AAAA,IACpD,KAAK;AACD,aAAO,EAAE,aAAa,YAAY,UAAU,WAAW,UAAU,OAAO,WAAW,OAAO;AAAA,IAC9F,KAAK;AACD,aAAO,EAAE,aAAa,gBAAgB;AAAA,IAC1C,KAAK;AACD,aAAO,EAAE,aAAa,6BAA6B;AAAA,IACvD;AACI,aAAO,EAAE,aAAa,UAAU;AAAA,EACxC;AACJ;;;ACrIO,IAAM,gBAAN,MAAoB;AAAA,EAmBvB,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACA,YACA,aACA,aACF;AACE,SAAK,SAAS;AAEd,SAAK,cAAc;AACnB,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAE1B,SAAK,aAAa;AAClB,SAAK,cAAc;AAAA,EACvB;AAAA,EAEO,eAA0C;AAC7C,QAAI,CAAC,KAAK,eAAe,CAAC,KAAK,sBAAsB;AACjD,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK,WAAW;AAAA,EACrD;AAAA,EAEO,iBAAqC;AACxC,WAAO,KAAK;AAAA,EAChB;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc,SAAS,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC,CAAC;AAAA,IACxG;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA,EAEA,OAAc,eAAe,SAAsC;AAC/D,QAAI;AACJ,QAAI;AAEJ,QAAI,QAAQ,iBAAiB;AACzB,oBAAc,QAAQ,gBAAgB;AACtC,6BAAuB,uBAAuB,EAAE,CAAC,WAAW,GAAG,QAAQ,gBAAgB,CAAC;AAAA,IAC5F,OAAO;AACH,oBAAc;AACd,6BAAuB,uBAAuB,QAAQ,yBAAyB;AAAA,IACnF;AAEA,UAAM,cAAc,cAAc,QAAQ,YAAY;AAEtD,WAAO,IAAI;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AACJ;AAWO,IAAM,gBAAN,MAAoB;AAAA,EAYvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACA,kBACA,6BACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AACtB,SAAK,mBAAmB;AAExB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AACvB,SAAK,8BAA8B;AAAA,EACvC;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,qBAAqB,QAAQ,KAAK,4BAA4B,SAAS,IAAI;AAAA,IAC3F,OAAO;AACH,aAAO,KAAK,qBAAqB;AAAA,IACrC;AAAA,EACJ;AAAA,EAEO,cAAc,MAAuB;AACxC,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,qBAAqB,QAAQ,KAAK,4BAA4B,SAAS,IAAI;AAAA,IAC3F,OAAO;AACH,aAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,IAC/D;AAAA,EACJ;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gBAA0B;AAC1B,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,4BAA4B,OAAO,KAAK,gBAAgB;AAAA,IACxE,OAAO;AACH,aAAO,CAAC,KAAK,gBAAgB;AAAA,IACjC;AAAA,EACJ;AAAA,EAEA,IAAI,gCAA0C;AAC1C,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,4BAA4B,OAAO,KAAK,gBAAgB;AAAA,IACxE,OAAO;AACH,aAAO,KAAK;AAAA,IAChB;AAAA,EACJ;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AAsCO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;AClUA,OAAO,SAAS,aAAa,WAAW,kBAAkB;;;ACCnD,IAAM,gBAAgB;AAEtB,SAAS,YAAqB;AACjC,SAAO,OAAO,WAAW;AAC7B;AAEO,SAAS,uBAAuB,MAAwB;AAC3D,MAAI,MAAM;AACN,iBAAa,QAAQ,eAAe,KAAK,UAAU,IAAI,CAAC;AAAA,EAC5D,OAAO;AACH,iBAAa,QAAQ,eAAe,IAAI;AAAA,EAC5C;AACJ;AAEO,SAAS,sBAAsB,UAAyB,MAA0C;AACrG,MAAI,CAAC,UAAU;AACX,WAAO;AAAA,EACX,WAAW,CAAC,MAAM;AACd,WAAO,aAAa;AAAA,EACxB;AAEA,QAAM,SAAS,KAAK,MAAM,QAAQ;AAClC,MAAI,CAAC,QAAQ;AACT,WAAO;AAAA,EACX;AAEA,SAAO,QAAQ,QAAQ,cAAc,IAAI,CAAC;AAC9C;AAEO,SAAS,QAAQ,GAAQ,GAAiB;AAC7C,MAAI,OAAO,MAAM,OAAO,GAAG;AACvB,WAAO;AAAA,EACX,WAAW,MAAM,QAAQ,MAAM,MAAM;AACjC,WAAO,MAAM;AAAA,EACjB;AAEA,MAAI,MAAM,QAAQ,CAAC,MAAM,MAAM,QAAQ,CAAC,GAAG;AACvC,WAAO;AAAA,EACX;AAEA,MAAI,MAAM,QAAQ,CAAC,GAAG;AAClB,UAAM,SAAS;AACf,UAAM,SAAS;AACf,QAAI,OAAO,WAAW,OAAO,QAAQ;AACjC,aAAO;AAAA,IACX;AAEA,aAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACpC,UAAI,CAAC,QAAQ,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,GAAG;AAChC,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAEA,MAAI,OAAO,MAAM,UAAU;AACvB,UAAM,QAAQ,OAAO,KAAK,CAAC;AAC3B,UAAM,QAAQ,OAAO,KAAK,CAAC;AAC3B,QAAI,MAAM,WAAW,MAAM,QAAQ;AAC/B,aAAO;AAAA,IACX;AAEA,eAAW,OAAO,OAAO;AACrB,UAAI,CAAC,QAAQ,EAAE,GAAG,GAAG,EAAE,GAAG,CAAC,GAAG;AAC1B,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX,OAAO;AACH,WAAO,MAAM;AAAA,EACjB;AACJ;AAGA,SAAS,cAAc,eAA8B;AACjD,SAAO,KAAK,MAAM,KAAK,UAAU,aAAa,CAAC;AACnD;;;AD7EA,SAAS,iBAAiB;;;AEF1B,SAAS,kBAAkB;AAIpB,IAAM,OAAN,MAAW;AAAA,EA0Bd,YAAY;AAAA,IACR;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ,GAmBG;AACC,SAAK,SAAS;AACd,SAAK,QAAQ;AACb,SAAK,iBAAiB;AACtB,SAAK,cAAc;AACnB,SAAK,WAAW;AAChB,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,aAAa;AAClB,SAAK,uBAAuB;AAC5B,SAAK,cAAc;AACnB,SAAK,aAAa;AAClB,SAAK,gBAAgB;AACrB,SAAK,yBAAyB;AAC9B,SAAK,YAAY;AACjB,SAAK,eAAe;AACpB,SAAK,eAAe;AACpB,SAAK,aAAa;AAClB,SAAK,qBAAqB;AAAA,EAC9B;AAAA,EAEO,eAA0C;AAC7C,QAAI,CAAC,KAAK,aAAa;AACnB,aAAO;AAAA,IACX;AACA,WAAO,KAAK,OAAO,KAAK,WAAW;AAAA,EACvC;AAAA,EAEO,iBAAqC;AACxC,WAAO,KAAK;AAAA,EAChB;AAAA,EAEO,OAAO,OAA0C;AAtG5D;AAuGQ,YAAO,UAAK,yBAAL,mBAA4B;AAAA,EACvC;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AACJ;AA4BO,SAAS,UAAmB;AAC/B,QAAM,UAAU,WAAW,WAAW;AACtC,MAAI,YAAY,QAAW;AACvB,UAAM,IAAI,MAAM,6CAA6C;AAAA,EACjE;AAEA,QAAM,EAAE,SAAS,mBAAmB,IAAI;AACxC,MAAI,SAAS;AACT,WAAO;AAAA,MACH,SAAS;AAAA,MACT,YAAY;AAAA,MACZ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,cAAc;AAAA,IAClB;AAAA,EACJ,WAAW,mBAAmB,MAAM;AAChC,WAAO;AAAA,MACH,SAAS;AAAA,MACT,YAAY;AAAA,MACZ,MAAM,mBAAmB;AAAA,MACzB,aAAa,mBAAmB;AAAA,MAChC,cAAc,QAAQ;AAAA,IAC1B;AAAA,EACJ,OAAO;AACH,WAAO;AAAA,MACH,SAAS;AAAA,MACT,YAAY;AAAA,MACZ,MAAM;AAAA,MACN,aAAa;AAAA,MACb,cAAc;AAAA,IAClB;AAAA,EACJ;AACJ;;;AF7IO,IAAM,cAAc,MAAM,cAA6C,MAAS;AAqBvF,IAAM,mBAAmB;AAAA,EACrB,SAAS;AAAA,EACT,oBAAoB;AAAA,IAChB,MAAM;AAAA,IACN,aAAa;AAAA,EACjB;AAAA,EACA,oBAAoB;AACxB;AAYA,SAAS,iBAAiB,QAAmB,QAAoC;AAC7E,QAAM,6BAA6B,iCAAK,OAAO,OAAZ,EAAkB,cAAc,OAAU;AAC7E,QAAM,kCAAkC,iCAAK,OAAO,mBAAmB,OAA/B,EAAqC,cAAc,OAAU;AACrG,QAAM,qBAAqB,CAAC,OAAO,WAAW,CAAC,QAAQ,4BAA4B,+BAA+B;AAElH,MAAI,CAAC,OAAO,MAAM;AACd,WAAO;AAAA,MACH,SAAS;AAAA,MACT,oBAAoB;AAAA,QAChB,MAAM;AAAA,QACN,aAAa;AAAA,MACjB;AAAA,MACA;AAAA,IACJ;AAAA,EACJ,WAAW,OAAO,SAAS;AACvB,WAAO;AAAA,MACH,SAAS;AAAA,MACT,oBAAoB;AAAA,QAChB,MAAM,OAAO;AAAA,QACb,aAAa,OAAO;AAAA,MACxB;AAAA,MACA;AAAA,IACJ;AAAA,EACJ,OAAO;AACH,WAAO;AAAA,MACH,SAAS;AAAA,MACT,oBAAoB;AAAA,QAChB,MAAM,OAAO;AAAA,QACb,aAAa,OAAO;AAAA,MACxB;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AACJ;AAEO,IAAM,eAAe,CAAC,UAA6B;AA/H1D;AAgII,QAAM,CAAC,WAAW,aAAa,IAAI,WAAW,kBAAkB,gBAAgB;AAChF,QAAM,SAAS,UAAU;AACzB,QAAM,sBAAqB,WAAM,uBAAN,YAA4B;AAEvD,QAAM,WAAW;AAAA,IACb,CAAC,WAA4B;AACzB,oBAAc,MAAM;AACpB,6BAAuB,OAAO,IAAI;AAAA,IACtC;AAAA,IACA,CAAC,aAAa;AAAA,EAClB;AAIA,YAAU,MAAM;AACZ,QAAI,sBAAsB,UAAU,oBAAoB;AACpD,aAAO,QAAQ;AAAA,IACnB;AAAA,EACJ,GAAG,CAAC,UAAU,oBAAoB,oBAAoB,MAAM,CAAC;AAG7D,YAAU,MAAM;AACZ,QAAI,YAAY;AAEhB,aAAeA,mBAAkB;AAAA;AAC7B,cAAM,SAAS,MAAM,eAAe;AACpC,YAAI,CAAC,aAAa,CAAC,OAAO,OAAO;AAC7B,mBAAS,MAAM;AAAA,QACnB;AAAA,MACJ;AAAA;AAEA,IAAAA,iBAAgB;AAChB,WAAO,MAAM;AACT,kBAAY;AAAA,IAChB;AAAA,EACJ,GAAG,CAAC,CAAC;AAGL,YAAU,MAAM;AACZ,QAAI,YAAY;AAChB,QAAI,aAAyC;AAE7C,aAAS,wBAAwB;AAC7B,UAAI,YAAY;AACZ,qBAAa,UAAU;AAAA,MAC3B;AACA,mBAAa,WAAW,cAAc,KAAK,GAAI;AAAA,IACnD;AAEA,aAAe,eAAe;AAAA;AAC1B,cAAM,SAAS,MAAM,eAAe;AACpC,YAAI,WAAW;AACX;AAAA,QACJ;AACA,YAAI,CAAC,OAAO,OAAO;AACf,mBAAS,MAAM;AAAA,QACnB,WAAW,OAAO,UAAU,cAAc;AACtC,gCAAsB;AAAA,QAC1B;AAAA,MACJ;AAAA;AAEA,aAAe,eAAe,OAAqB;AAAA;AAC/C,YACI,MAAM,QAAQ,iBACd,CAAC,sBAAsB,MAAM,UAAU,UAAU,mBAAmB,IAAI,GAC1E;AACE,gBAAM,aAAa;AAAA,QACvB;AAAA,MACJ;AAAA;AAEA,UAAM,WAAW,YAAY,cAAc,IAAI,KAAK,GAAI;AAExD,QAAI,UAAU,GAAG;AACb,aAAO,iBAAiB,WAAW,cAAc;AACjD,aAAO,iBAAiB,UAAU,YAAY;AAC9C,aAAO,iBAAiB,SAAS,YAAY;AAAA,IACjD;AAEA,WAAO,MAAM;AACT,kBAAY;AACZ,oBAAc,QAAQ;AACtB,UAAI,YAAY;AACZ,qBAAa,UAAU;AAAA,MAC3B;AACA,UAAI,UAAU,GAAG;AACb,eAAO,oBAAoB,WAAW,cAAc;AACpD,eAAO,oBAAoB,UAAU,YAAY;AACjD,eAAO,oBAAoB,SAAS,YAAY;AAAA,MACpD;AAAA,IACJ;AAAA,EACJ,GAAG,CAAC,UAAU,UAAU,mBAAmB,IAAI,CAAC;AAEhD,QAAM,SAAS,YAAY,MAAY;AACnC,UAAM,MAAM,oBAAoB;AAAA,MAC5B,QAAQ;AAAA,MACR,SAAS;AAAA,QACL,gBAAgB;AAAA,MACpB;AAAA,MACA,aAAa;AAAA,IACjB,CAAC;AACD,aAAS,EAAE,MAAM,QAAW,aAAa,OAAU,CAAC;AAAA,EACxD,IAAG,CAAC,QAAQ,CAAC;AAEb,QAAM,kBAAkB,CAAC,SAAkC;AACvD,QAAI,6BAAM,uBAAuB;AAC7B,aAAO,kCAAkC,mBAAmB,KAAK,qBAAqB;AAAA,IAC1F;AAEA,WAAO;AAAA,EACX;AACA,QAAM,mBAAmB,CAAC,SAAmC;AACzD,QAAI,6BAAM,wBAAwB;AAC9B,aAAO,mCAAmC,mBAAmB,KAAK,sBAAsB;AAAA,IAC5F;AAEA,WAAO;AAAA,EACX;AACA,QAAM,oBAAoB;AAAA,IACtB,CAAC,SAA2B;AACxB,aAAO,gBAAgB,GAAG,MAAM,mBAAmB,6BAAM,iBAAiB;AAAA,IAC9E;AAAA,IACA,CAAC,MAAM,OAAO;AAAA,EAClB;AACA,QAAM,gBAAgB;AAAA,IAClB,CAAC,OAAgB,SAA2B;AACxC,UAAI,OAAO;AACP,eAAO,gBAAgB,GAAG,MAAM,kBAAkB,SAAS,6BAAM,iBAAiB;AAAA,MACtF,OAAO;AACH,eAAO,gBAAgB,GAAG,MAAM,eAAe,6BAAM,iBAAiB;AAAA,MAC1E;AAAA,IACJ;AAAA,IACA,CAAC,MAAM,OAAO;AAAA,EAClB;AACA,QAAM,wBAAwB;AAAA,IAC1B,CAAC,OAAgB,SAA2B;AACxC,UAAI,OAAO;AACP,eAAO,gBAAgB,GAAG,MAAM,wBAAwB,SAAS,6BAAM,iBAAiB;AAAA,MAC5F,OAAO;AACH,eAAO,gBAAgB,GAAG,MAAM,wBAAwB,6BAAM,iBAAiB;AAAA,MACnF;AAAA,IACJ;AAAA,IACA,CAAC,MAAM,OAAO;AAAA,EAClB;AACA,QAAM,sBAAsB;AAAA,IACxB,CAAC,SAA2B;AACxB,aAAO,gBAAgB,GAAG,MAAM,sBAAsB,6BAAM,iBAAiB;AAAA,IACjF;AAAA,IACA,CAAC,MAAM,OAAO;AAAA,EAClB;AAEA,QAAM,sBAAsB;AAAA,IACxB,CAAC,OAAe,SAA2B;AACvC,aAAO,gBAAgB,GAAG,MAAM,mBAAmB,SAAS,6BAAM,iBAAiB;AAAA,IACvF;AAAA,IACA,CAAC,MAAM,OAAO;AAAA,EAClB;AAEA,QAAM,aAAa,CAAC,QAAgB;AAChC,WAAO,SAAS,OAAO;AAAA,EAC3B;AAEA,QAAM,sBAAsB,CAAC,SAAkC,WAAW,gBAAgB,IAAI,CAAC;AAC/F,QAAM,uBAAuB,CAAC,SAAmC,WAAW,iBAAiB,IAAI,CAAC;AAClG,QAAM,wBAAwB,CAAC,SAA2B,WAAW,kBAAkB,IAAI,CAAC;AAC5F,QAAM,oBAAoB,CAAC,OAAgB,SAA2B,WAAW,cAAc,OAAO,IAAI,CAAC;AAC3G,QAAM,4BAA4B,CAAC,OAAgB,SAC/C,WAAW,sBAAsB,OAAO,IAAI,CAAC;AACjD,QAAM,0BAA0B,CAAC,SAA2B,WAAW,oBAAoB,IAAI,CAAC;AAChG,QAAM,0BAA0B,CAAC,OAAe,SAC5C,WAAW,oBAAoB,OAAO,IAAI,CAAC;AAE/C,QAAM,kBAAkB,YAAY,MAAY;AAC5C,UAAM,SAAS,MAAM,eAAe;AACpC,QAAI,OAAO,OAAO;AACd,YAAM,IAAI,MAAM,yBAAyB;AAAA,IAC7C,OAAO;AACH,eAAS,MAAM;AACf,aAAO,OAAO;AAAA,IAClB;AAAA,EACJ,IAAG,CAAC,QAAQ,CAAC;AAEb,QAAM,eAAe;AAAA,IACjB,CAAO,UAAkB;AACrB,YAAM,SAAS,MAAM,oBAAoB,KAAK;AAC9C,UAAI,OAAO,UAAU,cAAc;AAC/B,eAAO;AAAA,MACX,OAAO;AACH,iBAAS,MAAM;AACf,eAAO,OAAO;AAAA,MAClB;AAAA,IACJ;AAAA,IACA,CAAC,QAAQ;AAAA,EACb;AAEA,QAAM,QAAQ;AAAA,IACV,SAAS,UAAU;AAAA,IACnB,oBAAoB,UAAU;AAAA,IAC9B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AACA,SAAO,oCAAC,YAAY,UAAZ,EAAqB,SAAe,MAAM,QAAS;AAC/D;AAiBA,SAAe,iBAA4C;AAAA;AACvD,QAAI;AACA,YAAM,mBAAmB,MAAM,MAAM,sBAAsB;AAAA,QACvD,QAAQ;AAAA,QACR,SAAS;AAAA,UACL,gBAAgB;AAAA,QACpB;AAAA,QACA,aAAa;AAAA,MACjB,CAAC;AAED,UAAI,iBAAiB,IAAI;AACrB,cAAM,EAAE,UAAU,aAAa,oBAAoB,YAAY,IAAI,MAAM,iBAAiB,KAAK;AAC/F,cAAM,OAAO,IAAI,KAAK;AAAA,UAClB,QAAQ,SAAS;AAAA,UACjB,OAAO,SAAS;AAAA,UAChB,gBAAgB,SAAS;AAAA,UACzB,aAAa,SAAS;AAAA,UACtB,UAAU,SAAS;AAAA,UACnB,WAAW,SAAS;AAAA,UACpB,UAAU,SAAS;AAAA,UACnB,YAAY,SAAS;AAAA,UACrB,sBAAsB,uBAAuB,SAAS,kBAAkB;AAAA,UACxE;AAAA,UACA,YAAY,SAAS;AAAA,UACrB,eAAe,SAAS;AAAA,UACxB,wBAAwB,SAAS;AAAA,UACjC,WAAW,SAAS;AAAA,UACpB,cAAc,SAAS;AAAA,UACvB,YAAY,SAAS;AAAA,UACrB;AAAA,QACJ,CAAC;AAED,eAAO,EAAE,MAAM,aAAa,OAAO,OAAU;AAAA,MACjD,WAAW,iBAAiB,WAAW,KAAK;AACxC,eAAO,EAAE,MAAM,QAAW,aAAa,QAAW,OAAO,OAAU;AAAA,MACvE,OAAO;AACH,gBAAQ,KAAK,2BAA2B,gBAAgB;AACxD,eAAO,EAAE,OAAO,aAAa;AAAA,MACjC;AAAA,IACJ,SAAS,GAAP;AACE,cAAQ,KAAK,2BAA2B,CAAC;AACzC,aAAO,EAAE,OAAO,aAAa;AAAA,IACjC;AAAA,EACJ;AAAA;AAYA,SAAe,oBAAoB,OAA8C;AAAA;AAC7E,QAAI;AACA,YAAM,cAAc,IAAI,gBAAgB,EAAE,eAAe,MAAM,CAAC,EAAE,SAAS;AAC3E,YAAM,MAAM,4BAA4B;AACxC,YAAM,mBAAmB,MAAM,MAAM,KAAK;AAAA,QACtC,QAAQ;AAAA,QACR,SAAS;AAAA,UACL,gBAAgB;AAAA,QACpB;AAAA,QACA,aAAa;AAAA,MACjB,CAAC;AAED,UAAI,iBAAiB,IAAI;AACrB,cAAM,EAAE,UAAU,aAAa,oBAAoB,YAAY,IAAI,MAAM,iBAAiB,KAAK;AAC/F,cAAM,OAAO,IAAI,KAAK;AAAA,UAClB,QAAQ,SAAS;AAAA,UACjB,OAAO,SAAS;AAAA,UAChB,gBAAgB,SAAS;AAAA,UACzB,aAAa,SAAS;AAAA,UACtB,UAAU,SAAS;AAAA,UACnB,WAAW,SAAS;AAAA,UACpB,UAAU,SAAS;AAAA,UACnB,YAAY,SAAS;AAAA,UACrB,sBAAsB,uBAAuB,SAAS,kBAAkB;AAAA,UACxE;AAAA,UACA,YAAY,SAAS;AAAA,UACrB,eAAe,SAAS;AAAA,UACxB,wBAAwB,SAAS;AAAA,UACjC,WAAW,SAAS;AAAA,UACpB,cAAc,SAAS;AAAA,UACvB,YAAY,SAAS;AAAA,UACrB;AAAA,QACJ,CAAC;AAED,eAAO,EAAE,MAAM,aAAa,OAAO,OAAU;AAAA,MACjD,WAAW,iBAAiB,WAAW,KAAK;AACxC,eAAO,EAAE,OAAO,aAAa;AAAA,MACjC,OAAO;AACH,gBAAQ,KAAK,4BAA4B,gBAAgB;AAAA,MAC7D;AAAA,IACJ,SAAS,GAAP;AACE,cAAQ,KAAK,4BAA4B,CAAC;AAAA,IAC9C;AACA,UAAM,IAAI,MAAM,0BAA0B;AAAA,EAC9C;AAAA;AAEA,IAAM,eAAe,CAAC,QAAgB;AAClC,QAAM,SAAS,SAAS,OAAO,OAAO;AACtC,SAAO,OAAO,GAAG;AACrB;AAEA,IAAM,kBAAkB,CAAC,KAAa,iBAA0B;AAC5D,MAAI,CAAC,cAAc;AACf,WAAO;AAAA,EACX;AAEA,MAAI,KAAK,IAAI,gBAAgB;AAC7B,KAAG,IAAI,MAAM,aAAa,YAAY,CAAC;AACvC,MAAI,IAAI,SAAS,GAAG,GAAG;AACnB,WAAO,GAAG,OAAO,GAAG,SAAS;AAAA,EACjC,OAAO;AACH,WAAO,GAAG,OAAO,GAAG,SAAS;AAAA,EACjC;AACJ;;;AG/dA,SAAS,cAAAC,mBAAkB;AAGpB,SAAS,oBAAoB;AAChC,QAAM,UAAUC,YAAW,WAAW;AACtC,MAAI,YAAY,QAAW;AACvB,UAAM,IAAI,MAAM,uDAAuD;AAAA,EAC3E;AACA,QAAM;AAAA,IACF;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ,IAAI;AACJ,SAAO;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AACJ;;;AC1BA,SAAS,cAAAC,mBAAkB;AAGpB,SAAS,oBAAoB;AAChC,QAAM,UAAUC,YAAW,WAAW;AACtC,MAAI,YAAY,QAAW;AACvB,UAAM,IAAI,MAAM,uDAAuD;AAAA,EAC3E;AACA,QAAM,EAAE,OAAO,IAAI;AACnB,SAAO;AACX;;;ACVA,OAAOC,UAAS,cAAAC,aAAY,aAAAC,kBAAiB;AAGtC,SAAS,uBAAuB;AACnC,QAAM,UAAUC,YAAW,WAAW;AACtC,MAAI,YAAY,QAAW;AACvB,UAAM,IAAI,MAAM,0DAA0D;AAAA,EAC9E;AACA,QAAM;AAAA,IACF;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ,IAAI;AACJ,SAAO;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AACJ;AAMO,SAAS,iBAAiB,EAAE,SAAS,GAAkB;AAC1D,QAAM,EAAE,qBAAqB,IAAI,qBAAqB;AAEtD,EAAAC,WAAU,MAAM;AACZ,yBAAqB;AAAA,EACzB,GAAG,CAAC,CAAC;AAEL,SAAO,gBAAAC,OAAA,cAAAA,OAAA,gBAAG,QAAS;AACvB;AAEO,SAAS,gBAAgB,EAAE,SAAS,GAAkB;AACzD,QAAM,EAAE,oBAAoB,IAAI,qBAAqB;AACrD,EAAAD,WAAU,MAAM;AACZ,wBAAoB;AAAA,EACxB,GAAG,CAAC,CAAC;AACL,SAAO,gBAAAC,OAAA,cAAAA,OAAA,gBAAG,QAAS;AACvB;;;AChDA,SAAS,cAAAC,mBAAkB;AAGpB,SAAS,iBAAiB;AAC7B,QAAM,UAAUC,YAAW,WAAW;AACtC,MAAI,YAAY,QAAW;AACvB,UAAM,IAAI,MAAM,oDAAoD;AAAA,EACxE;AACA,QAAM,EAAE,gBAAgB,IAAI;AAC5B,SAAO;AACX;","names":["refreshAuthInfo","useContext","useContext","useContext","useContext","React","useContext","useEffect","useContext","useEffect","React","useContext","useContext"]}
package/dist/server/pages/index.d.ts CHANGED
@@ -166,7 +166,16 @@ type InternalUser = {
166
166
  impersonatorUserId?: string;
167
167
  };
168
168
 
169
+ type AuthInfo = {
170
+ user: UserFromToken;
171
+ accessToken: string;
172
+ } | {
173
+ user: undefined;
174
+ accessToken: undefined;
175
+ };
176
+ declare function getAuthInfoFromServerSideProps(props: GetServerSidePropsContext, forceRefresh?: boolean): Promise<AuthInfo>;
169
177
  declare function getUserFromServerSideProps(props: GetServerSidePropsContext, forceRefresh?: boolean): Promise<UserFromToken | undefined>;
178
+ declare function getAuthInfoFromApiRouteRequest(req: NextApiRequest, res: NextApiResponse, forceRefresh?: boolean): Promise<AuthInfo>;
170
179
  declare function getUserFromApiRouteRequest(req: NextApiRequest, res: NextApiResponse, forceRefresh?: boolean): Promise<UserFromToken | undefined>;
171
180
 
172
- export { getUserFromApiRouteRequest, getUserFromServerSideProps };
181
+ export { AuthInfo, getAuthInfoFromApiRouteRequest, getAuthInfoFromServerSideProps, getUserFromApiRouteRequest, getUserFromServerSideProps };
package/dist/server/pages/index.js CHANGED
@@ -50,6 +50,8 @@ var __async = (__this, __arguments, generator) => {
50
50
  // src/server/pages-index.ts
51
51
  var pages_index_exports = {};
52
52
  __export(pages_index_exports, {
53
+ getAuthInfoFromApiRouteRequest: () => getAuthInfoFromApiRouteRequest,
54
+ getAuthInfoFromServerSideProps: () => getAuthInfoFromServerSideProps,
53
55
  getUserFromApiRouteRequest: () => getUserFromApiRouteRequest,
54
56
  getUserFromServerSideProps: () => getUserFromServerSideProps
55
57
  });
@@ -405,7 +407,7 @@ function validateAccessToken(accessToken) {
405
407
  var ACTIVE_ORG_ID_COOKIE_NAME = "__pa_org_id";
406
408
 
407
409
  // src/server/pages.ts
408
- function getUserFromServerSideProps(props, forceRefresh = false) {
410
+ function getAuthInfoFromServerSideProps(props, forceRefresh = false) {
409
411
  return __async(this, null, function* () {
410
412
  const accessToken = props.req.cookies[ACCESS_TOKEN_COOKIE_NAME];
411
413
  const refreshToken = props.req.cookies[REFRESH_TOKEN_COOKIE_NAME];
@@ -413,7 +415,10 @@ function getUserFromServerSideProps(props, forceRefresh = false) {
413
415
  if (accessToken && !forceRefresh) {
414
416
  const user = yield validateAccessTokenOrUndefined(accessToken);
415
417
  if (user) {
416
- return user;
418
+ return {
419
+ user,
420
+ accessToken
421
+ };
417
422
  }
418
423
  }
419
424
  if (refreshToken) {
@@ -425,20 +430,35 @@ function getUserFromServerSideProps(props, forceRefresh = false) {
425
430
  `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,
426
431
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
427
432
  ]);
428
- return void 0;
433
+ return {
434
+ user: void 0,
435
+ accessToken: void 0
436
+ };
429
437
  } else {
430
438
  const user = yield validateAccessToken(response.accessToken);
431
439
  props.res.setHeader("Set-Cookie", [
432
440
  `${ACCESS_TOKEN_COOKIE_NAME}=${response.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,
433
441
  `${REFRESH_TOKEN_COOKIE_NAME}=${response.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
434
442
  ]);
435
- return user;
443
+ return {
444
+ user,
445
+ accessToken: response.accessToken
446
+ };
436
447
  }
437
448
  }
438
- return void 0;
449
+ return {
450
+ user: void 0,
451
+ accessToken: void 0
452
+ };
439
453
  });
440
454
  }
441
- function getUserFromApiRouteRequest(req, res, forceRefresh = false) {
455
+ function getUserFromServerSideProps(props, forceRefresh = false) {
456
+ return __async(this, null, function* () {
457
+ const { user } = yield getAuthInfoFromServerSideProps(props, forceRefresh);
458
+ return user;
459
+ });
460
+ }
461
+ function getAuthInfoFromApiRouteRequest(req, res, forceRefresh = false) {
442
462
  return __async(this, null, function* () {
443
463
  const accessToken = req.cookies[ACCESS_TOKEN_COOKIE_NAME];
444
464
  const refreshToken = req.cookies[REFRESH_TOKEN_COOKIE_NAME];
@@ -446,7 +466,10 @@ function getUserFromApiRouteRequest(req, res, forceRefresh = false) {
446
466
  if (accessToken && !forceRefresh) {
447
467
  const user = yield validateAccessTokenOrUndefined(accessToken);
448
468
  if (user) {
449
- return user;
469
+ return {
470
+ user,
471
+ accessToken
472
+ };
450
473
  }
451
474
  }
452
475
  if (refreshToken) {
@@ -458,21 +481,38 @@ function getUserFromApiRouteRequest(req, res, forceRefresh = false) {
458
481
  `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,
459
482
  `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`
460
483
  ]);
461
- return void 0;
484
+ return {
485
+ user: void 0,
486
+ accessToken: void 0
487
+ };
462
488
  } else {
463
489
  const user = yield validateAccessToken(response.accessToken);
464
490
  res.setHeader("Set-Cookie", [
465
491
  `${ACCESS_TOKEN_COOKIE_NAME}=${response.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,
466
492
  `${REFRESH_TOKEN_COOKIE_NAME}=${response.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`
467
493
  ]);
468
- return user;
494
+ return {
495
+ user,
496
+ accessToken: response.accessToken
497
+ };
469
498
  }
470
499
  }
471
- return void 0;
500
+ return {
501
+ user: void 0,
502
+ accessToken: void 0
503
+ };
504
+ });
505
+ }
506
+ function getUserFromApiRouteRequest(req, res, forceRefresh = false) {
507
+ return __async(this, null, function* () {
508
+ const { user } = yield getAuthInfoFromApiRouteRequest(req, res, forceRefresh);
509
+ return user;
472
510
  });
473
511
  }
474
512
  // Annotate the CommonJS export names for ESM import in node:
475
513
  0 && (module.exports = {
514
+ getAuthInfoFromApiRouteRequest,
515
+ getAuthInfoFromServerSideProps,
476
516
  getUserFromApiRouteRequest,
477
517
  getUserFromServerSideProps
478
518
  });
package/dist/server/pages/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../src/server/pages-index.ts","../../../src/loginMethod.ts","../../../src/user.ts","../../../src/server/exceptions.ts","../../../src/server/shared.ts","../../../src/shared.ts","../../../src/server/pages.ts"],"sourcesContent":["export {getUserFromServerSideProps, getUserFromApiRouteRequest} from \"./pages\"","export enum SocialLoginProvider {\n Google = 'Google',\n GitHub = 'GitHub',\n Microsoft = 'Microsoft',\n Slack = 'Slack',\n LinkedIn = 'LinkedIn',\n Salesforce = 'Salesforce',\n Xero = 'Xero',\n QuickBooksOnline = 'QuickBooks Online',\n}\n\nexport enum SamlLoginProvider {\n Google = 'Google',\n Rippling = 'Rippling',\n OneLogin = 'OneLogin',\n JumpCloud = 'JumpCloud',\n Okta = 'Okta',\n Azure = 'Azure',\n Duo = 'Duo',\n Generic = 'Generic',\n}\n\ntype InternalPasswordLoginMethod = {\n login_method: 'password'\n}\n\ntype InternalMagicLinkLoginMethod = {\n login_method: 'magic_link'\n}\n\ntype InternalSocialSsoLoginMethod = {\n login_method: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype InternalEmailConfirmationLinkLoginMethod = {\n login_method: 'email_confirmation_link'\n}\n\ntype InternalSamlSsoLoginMethod = {\n login_method: 'saml_sso'\n provider: SamlLoginProvider\n org_id: string\n}\n\ntype InternalImpersonationLoginMethod = {\n login_method: 'impersonation'\n}\n\ntype InternalGeneratedFromBackendApiLoginMethod = {\n login_method: 'generated_from_backend_api'\n}\n\ntype InternalUnknownLoginMethod = {\n login_method: 'unknown'\n}\n\nexport type InternalLoginMethod =\n | InternalPasswordLoginMethod\n | InternalMagicLinkLoginMethod\n | InternalSocialSsoLoginMethod\n | InternalEmailConfirmationLinkLoginMethod\n | InternalSamlSsoLoginMethod\n | InternalImpersonationLoginMethod\n | InternalGeneratedFromBackendApiLoginMethod\n | InternalUnknownLoginMethod\n\ntype PasswordLoginMethod = {\n loginMethod: 'password'\n}\n\ntype MagicLinkLoginMethod = {\n loginMethod: 'magic_link'\n}\n\ntype SocialSsoLoginMethod = {\n loginMethod: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype EmailConfirmationLinkLoginMethod = {\n loginMethod: 'email_confirmation_link'\n}\n\ntype SamlSsoLoginMethod = {\n loginMethod: 'saml_sso'\n provider: SamlLoginProvider\n orgId: string\n}\n\ntype ImpersonationLoginMethod = {\n loginMethod: 'impersonation'\n}\n\ntype GeneratedFromBackendApiLoginMethod = {\n loginMethod: 'generated_from_backend_api'\n}\n\ntype UnknownLoginMethod = {\n loginMethod: 'unknown'\n}\n\nexport type LoginMethod =\n | PasswordLoginMethod\n | MagicLinkLoginMethod\n | SocialSsoLoginMethod\n | EmailConfirmationLinkLoginMethod\n | SamlSsoLoginMethod\n | ImpersonationLoginMethod\n | GeneratedFromBackendApiLoginMethod\n | UnknownLoginMethod\n\nexport function toLoginMethod(snake_case?: InternalLoginMethod): LoginMethod {\n if (!snake_case) {\n return { loginMethod: 'unknown' }\n }\n\n switch (snake_case.login_method) {\n case 'password':\n return { loginMethod: 'password' }\n case 'magic_link':\n return { loginMethod: 'magic_link' }\n case 'social_sso':\n return { loginMethod: 'social_sso', provider: snake_case.provider }\n case 'email_confirmation_link':\n return { loginMethod: 'email_confirmation_link' }\n case 'saml_sso':\n return { loginMethod: 'saml_sso', provider: snake_case.provider, orgId: snake_case.org_id }\n case 'impersonation':\n return { loginMethod: 'impersonation' }\n case 'generated_from_backend_api':\n return { loginMethod: 'generated_from_backend_api' }\n default:\n return { loginMethod: 'unknown' }\n }\n}\n","import { InternalLoginMethod, LoginMethod, toLoginMethod } from './loginMethod'\n\nexport class UserFromToken {\n public userId: string\n\n public activeOrgId?: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n public properties?: { [key: string]: unknown }\n public loginMethod?: LoginMethod\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string,\n properties?: { [key: string]: unknown },\n activeOrgId?: string,\n loginMethod?: LoginMethod\n ) {\n this.userId = userId\n\n this.activeOrgId = activeOrgId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n\n this.properties = properties\n this.loginMethod = loginMethod\n }\n\n public getActiveOrg(): OrgMemberInfo | undefined {\n if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[this.activeOrgId]\n }\n\n public getActiveOrgId(): string | undefined {\n return this.activeOrgId\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, '-')\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): UserFromToken {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]))\n }\n return new UserFromToken(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId,\n obj.properties,\n obj.activeOrgId,\n obj.loginMethod\n )\n }\n\n public static fromJwtPayload(payload: InternalUser): UserFromToken {\n let activeOrgId: string | undefined\n let orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo | undefined\n\n if (payload.org_member_info) {\n activeOrgId = payload.org_member_info.org_id\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info })\n } else {\n activeOrgId = undefined\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info)\n }\n\n const loginMethod = toLoginMethod(payload.login_method)\n\n return new UserFromToken(\n payload.user_id,\n payload.email,\n orgIdToOrgMemberInfo,\n payload.first_name,\n payload.last_name,\n payload.username,\n payload.legacy_user_id,\n payload.impersonatorUserId,\n payload.properties,\n activeOrgId,\n loginMethod\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport enum OrgRoleStructure {\n SingleRole = \"single_role_in_hierarchy\",\n MultiRole = \"multi_role\",\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n public orgRoleStructure: OrgRoleStructure\n\n public userAssignedRole: string\n public userInheritedRolesPlusCurrentRole: string[]\n public userPermissions: string[]\n public userAssignedAdditionalRoles: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[],\n orgRoleStructure: OrgRoleStructure,\n userAssignedAdditionalRoles: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n this.orgRoleStructure = orgRoleStructure\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n this.userAssignedAdditionalRoles = userAssignedAdditionalRoles\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedRole === role || this.userAssignedAdditionalRoles.includes(role)\n } else {\n return this.userAssignedRole === role\n }\n }\n\n public isAtLeastRole(role: string): boolean {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedRole === role || this.userAssignedAdditionalRoles.includes(role)\n } else {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions,\n obj.orgRoleStructure,\n obj.userAssignedAdditionalRoles\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get assignedRoles(): string[] {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedAdditionalRoles.concat(this.userAssignedRole)\n } else {\n return [this.userAssignedRole]\n }\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedAdditionalRoles.concat(this.userAssignedRole)\n } else {\n return this.userInheritedRolesPlusCurrentRole\n }\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n org_role_structure: OrgRoleStructure\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n additional_roles: string[]\n}\n\nexport type InternalUser = {\n user_id: string\n\n org_member_info?: InternalOrgMemberInfo\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n properties?: { [key: string]: unknown }\n login_method?: InternalLoginMethod\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): UserFromToken {\n return UserFromToken.fromJwtPayload(snake_case)\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions,\n snakeCaseValue.org_role_structure,\n snakeCaseValue.additional_roles\n )\n }\n }\n\n return camelCase\n}\n","export class UnauthorizedException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 401\n }\n}\n\nexport class ConfigurationException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 500\n }\n}\n","import { ResponseCookie } from 'next/dist/compiled/@edge-runtime/cookies'\nimport { InternalUser, toUser, UserFromToken } from '../user'\nimport { ConfigurationException, UnauthorizedException } from './exceptions'\nimport * as jose from 'jose'\n\ntype RefreshAndAccessTokens = {\n refreshToken: string\n accessToken: string\n error: 'none'\n}\n\ntype RefreshAndAccessTokensUnauthorizedError = {\n error: 'unauthorized'\n}\n\ntype RefreshAndAccessTokensUnexpectedError = {\n error: 'unexpected'\n}\n\nexport type RefreshTokenResponse =\n | RefreshAndAccessTokens\n | RefreshAndAccessTokensUnauthorizedError\n | RefreshAndAccessTokensUnexpectedError\n\nexport const LOGIN_PATH = '/api/auth/login'\nexport const CALLBACK_PATH = '/api/auth/callback'\nexport const USERINFO_PATH = '/api/auth/userinfo'\nexport const LOGOUT_PATH = '/api/auth/logout'\nexport const ACCESS_TOKEN_COOKIE_NAME = '__pa_at'\nexport const REFRESH_TOKEN_COOKIE_NAME = '__pa_rt'\nexport const STATE_COOKIE_NAME = '__pa_state'\nexport const CUSTOM_HEADER_FOR_ACCESS_TOKEN = 'x-propelauth-access-token'\nexport const CUSTOM_HEADER_FOR_URL = 'x-propelauth-current-url'\nexport const CUSTOM_HEADER_FOR_PATH = 'x-propelauth-current-path'\nexport const RETURN_TO_PATH_COOKIE_NAME = '__pa_return_to_path'\n\nexport const COOKIE_OPTIONS: Partial<ResponseCookie> = {\n httpOnly: true,\n sameSite: 'lax',\n secure: true,\n path: '/',\n}\n\nexport function getAuthUrlOrigin() {\n return getAuthUrl().origin\n}\n\nexport function getAuthUrl() {\n const authUrl = process.env.NEXT_PUBLIC_AUTH_URL\n if (!authUrl) {\n throw new Error('NEXT_PUBLIC_AUTH_URL is not set')\n }\n return new URL(authUrl)\n}\n\nexport function getRedirectUri() {\n const redirectUri = process.env.PROPELAUTH_REDIRECT_URI\n if (!redirectUri) {\n throw new Error('PROPELAUTH_REDIRECT_URI is not set')\n }\n return redirectUri\n}\n\nexport function getIntegrationApiKey() {\n const integrationApiKey = process.env.PROPELAUTH_API_KEY\n if (!integrationApiKey) {\n throw new Error('PROPELAUTH_API_KEY is not set')\n }\n return integrationApiKey\n}\n\nexport function getVerifierKey() {\n const verifierKey = process.env.PROPELAUTH_VERIFIER_KEY\n if (!verifierKey) {\n throw new Error('PROPELAUTH_VERIFIER_KEY is not set')\n }\n return verifierKey.replace(/\\\\n/g, '\\n')\n}\n\nexport async function refreshTokenWithAccessAndRefreshToken(\n refreshToken: string,\n activeOrgId?: string\n): Promise<RefreshTokenResponse> {\n const body = {\n refresh_token: refreshToken,\n }\n\n const queryParams = new URLSearchParams()\n if (activeOrgId) {\n queryParams.set('with_active_org_support', 'true')\n queryParams.set('active_org_id', activeOrgId)\n }\n\n const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`\n const response = await fetch(url, {\n method: 'POST',\n body: JSON.stringify(body),\n headers: {\n 'Content-Type': 'application/json',\n Authorization: 'Bearer ' + getIntegrationApiKey(),\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n const newRefreshToken = data.refresh_token\n const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token\n\n return {\n refreshToken: newRefreshToken,\n accessToken,\n error: 'none',\n }\n } else if (response.status === 400 || response.status === 401) {\n return { error: 'unauthorized' }\n } else {\n return { error: 'unexpected' }\n }\n}\n\nexport async function validateAccessTokenOrUndefined(\n accessToken: string | undefined\n): Promise<UserFromToken | undefined> {\n try {\n return await validateAccessToken(accessToken)\n } catch (err) {\n if (err instanceof ConfigurationException) {\n throw err\n } else if (err instanceof UnauthorizedException) {\n return undefined\n } else {\n console.info('Error validating access token', err)\n return undefined\n }\n }\n}\n\nexport async function validateAccessToken(accessToken: string | undefined): Promise<UserFromToken> {\n let publicKey\n try {\n publicKey = await jose.importSPKI(getVerifierKey(), 'RS256')\n } catch (err) {\n console.error(\"Verifier key is invalid. Make sure it's specified correctly, including the newlines.\", err)\n throw new ConfigurationException('Invalid verifier key')\n }\n\n if (!accessToken) {\n throw new UnauthorizedException('No access token provided')\n }\n\n let accessTokenWithoutBearer = accessToken\n if (accessToken.toLowerCase().startsWith('bearer ')) {\n accessTokenWithoutBearer = accessToken.substring('bearer '.length)\n }\n\n try {\n const { payload } = await jose.jwtVerify(accessTokenWithoutBearer, publicKey, {\n issuer: getAuthUrlOrigin(),\n algorithms: ['RS256'],\n })\n\n return toUser(<InternalUser>payload)\n } catch (e) {\n if (e instanceof Error) {\n throw new UnauthorizedException(e.message)\n } else {\n throw new UnauthorizedException('Unable to decode jwt')\n }\n }\n}\n","export const ACTIVE_ORG_ID_COOKIE_NAME = '__pa_org_id'\n","import { GetServerSidePropsContext, NextApiRequest, NextApiResponse } from 'next'\nimport {\n ACCESS_TOKEN_COOKIE_NAME,\n REFRESH_TOKEN_COOKIE_NAME,\n refreshTokenWithAccessAndRefreshToken,\n validateAccessToken,\n validateAccessTokenOrUndefined,\n} from './shared'\nimport { ACTIVE_ORG_ID_COOKIE_NAME } from '../shared'\n\nexport async function getUserFromServerSideProps(props: GetServerSidePropsContext, forceRefresh: boolean = false) {\n const accessToken = props.req.cookies[ACCESS_TOKEN_COOKIE_NAME]\n const refreshToken = props.req.cookies[REFRESH_TOKEN_COOKIE_NAME]\n const activeOrgId = props.req.cookies[ACTIVE_ORG_ID_COOKIE_NAME]\n\n // If we are authenticated, we can continue\n if (accessToken && !forceRefresh) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return user\n }\n }\n\n // Otherwise, we need to refresh the access token\n if (refreshToken) {\n const response = await refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId)\n if (response.error === 'unexpected') {\n throw new Error('Unexpected error while refreshing access token')\n } else if (response.error === 'unauthorized') {\n props.res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n ])\n return undefined\n } else {\n const user = await validateAccessToken(response.accessToken)\n props.res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=${response.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n `${REFRESH_TOKEN_COOKIE_NAME}=${response.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n ])\n return user\n }\n }\n\n return undefined\n}\n\nexport async function getUserFromApiRouteRequest(\n req: NextApiRequest,\n res: NextApiResponse,\n forceRefresh: boolean = false\n) {\n const accessToken = req.cookies[ACCESS_TOKEN_COOKIE_NAME]\n const refreshToken = req.cookies[REFRESH_TOKEN_COOKIE_NAME]\n const activeOrgId = req.cookies[ACTIVE_ORG_ID_COOKIE_NAME]\n\n // If we are authenticated, we can continue\n if (accessToken && !forceRefresh) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return user\n }\n }\n\n // Otherwise, we need to refresh the access token\n if (refreshToken) {\n const response = await refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId)\n if (response.error === 'unexpected') {\n throw new Error('Unexpected error while refreshing access token')\n } else if (response.error === 'unauthorized') {\n res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n ])\n return undefined\n } else {\n const user = await validateAccessToken(response.accessToken)\n res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=${response.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n `${REFRESH_TOKEN_COOKIE_NAME}=${response.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n ])\n return user\n }\n }\n\n return undefined\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACgHO,SAAS,cAAc,YAA+C;AACzE,MAAI,CAAC,YAAY;AACb,WAAO,EAAE,aAAa,UAAU;AAAA,EACpC;AAEA,UAAQ,WAAW,cAAc;AAAA,IAC7B,KAAK;AACD,aAAO,EAAE,aAAa,WAAW;AAAA,IACrC,KAAK;AACD,aAAO,EAAE,aAAa,aAAa;AAAA,IACvC,KAAK;AACD,aAAO,EAAE,aAAa,cAAc,UAAU,WAAW,SAAS;AAAA,IACtE,KAAK;AACD,aAAO,EAAE,aAAa,0BAA0B;AAAA,IACpD,KAAK;AACD,aAAO,EAAE,aAAa,YAAY,UAAU,WAAW,UAAU,OAAO,WAAW,OAAO;AAAA,IAC9F,KAAK;AACD,aAAO,EAAE,aAAa,gBAAgB;AAAA,IAC1C,KAAK;AACD,aAAO,EAAE,aAAa,6BAA6B;AAAA,IACvD;AACI,aAAO,EAAE,aAAa,UAAU;AAAA,EACxC;AACJ;;;ACrIO,IAAM,gBAAN,MAAoB;AAAA,EAmBvB,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACA,YACA,aACA,aACF;AACE,SAAK,SAAS;AAEd,SAAK,cAAc;AACnB,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAE1B,SAAK,aAAa;AAClB,SAAK,cAAc;AAAA,EACvB;AAAA,EAEO,eAA0C;AAC7C,QAAI,CAAC,KAAK,eAAe,CAAC,KAAK,sBAAsB;AACjD,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK,WAAW;AAAA,EACrD;AAAA,EAEO,iBAAqC;AACxC,WAAO,KAAK;AAAA,EAChB;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc,SAAS,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC,CAAC;AAAA,IACxG;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA,EAEA,OAAc,eAAe,SAAsC;AAC/D,QAAI;AACJ,QAAI;AAEJ,QAAI,QAAQ,iBAAiB;AACzB,oBAAc,QAAQ,gBAAgB;AACtC,6BAAuB,uBAAuB,EAAE,CAAC,WAAW,GAAG,QAAQ,gBAAgB,CAAC;AAAA,IAC5F,OAAO;AACH,oBAAc;AACd,6BAAuB,uBAAuB,QAAQ,yBAAyB;AAAA,IACnF;AAEA,UAAM,cAAc,cAAc,QAAQ,YAAY;AAEtD,WAAO,IAAI;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AACJ;AAWO,IAAM,gBAAN,MAAoB;AAAA,EAYvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACA,kBACA,6BACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AACtB,SAAK,mBAAmB;AAExB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AACvB,SAAK,8BAA8B;AAAA,EACvC;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,qBAAqB,QAAQ,KAAK,4BAA4B,SAAS,IAAI;AAAA,IAC3F,OAAO;AACH,aAAO,KAAK,qBAAqB;AAAA,IACrC;AAAA,EACJ;AAAA,EAEO,cAAc,MAAuB;AACxC,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,qBAAqB,QAAQ,KAAK,4BAA4B,SAAS,IAAI;AAAA,IAC3F,OAAO;AACH,aAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,IAC/D;AAAA,EACJ;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gBAA0B;AAC1B,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,4BAA4B,OAAO,KAAK,gBAAgB;AAAA,IACxE,OAAO;AACH,aAAO,CAAC,KAAK,gBAAgB;AAAA,IACjC;AAAA,EACJ;AAAA,EAEA,IAAI,gCAA0C;AAC1C,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,4BAA4B,OAAO,KAAK,gBAAgB;AAAA,IACxE,OAAO;AACH,aAAO,KAAK;AAAA,IAChB;AAAA,EACJ;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AAkCO,SAAS,OAAO,YAAyC;AAC5D,SAAO,cAAc,eAAe,UAAU;AAClD;AAEO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;ACpUO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAI7C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;AAEO,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAI9C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;;;ACjBA,WAAsB;AAyBf,IAAM,2BAA2B;AACjC,IAAM,4BAA4B;AAclC,SAAS,mBAAmB;AAC/B,SAAO,WAAW,EAAE;AACxB;AAEO,SAAS,aAAa;AACzB,QAAM,UAAU,QAAQ,IAAI;AAC5B,MAAI,CAAC,SAAS;AACV,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACrD;AACA,SAAO,IAAI,IAAI,OAAO;AAC1B;AAUO,SAAS,uBAAuB;AACnC,QAAM,oBAAoB,QAAQ,IAAI;AACtC,MAAI,CAAC,mBAAmB;AACpB,UAAM,IAAI,MAAM,+BAA+B;AAAA,EACnD;AACA,SAAO;AACX;AAEO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACxD;AACA,SAAO,YAAY,QAAQ,QAAQ,IAAI;AAC3C;AAEA,SAAsB,sCAClB,cACA,aAC6B;AAAA;AAC7B,UAAM,OAAO;AAAA,MACT,eAAe;AAAA,IACnB;AAEA,UAAM,cAAc,IAAI,gBAAgB;AACxC,QAAI,aAAa;AACb,kBAAY,IAAI,2BAA2B,MAAM;AACjD,kBAAY,IAAI,iBAAiB,WAAW;AAAA,IAChD;AAEA,UAAM,MAAM,GAAG,iBAAiB,kCAAkC,YAAY,SAAS;AACvF,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAC9B,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,gBAAgB;AAAA,QAChB,eAAe,YAAY,qBAAqB;AAAA,MACpD;AAAA,IACJ,CAAC;AAED,QAAI,SAAS,IAAI;AACb,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,kBAAkB,KAAK;AAC7B,YAAM,EAAE,cAAc,aAAa,oBAAoB,iBAAiB,IAAI,KAAK;AAEjF,aAAO;AAAA,QACH,cAAc;AAAA,QACd;AAAA,QACA,OAAO;AAAA,MACX;AAAA,IACJ,WAAW,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AAC3D,aAAO,EAAE,OAAO,eAAe;AAAA,IACnC,OAAO;AACH,aAAO,EAAE,OAAO,aAAa;AAAA,IACjC;AAAA,EACJ;AAAA;AAEA,SAAsB,+BAClB,aACkC;AAAA;AAClC,QAAI;AACA,aAAO,MAAM,oBAAoB,WAAW;AAAA,IAChD,SAAS,KAAP;AACE,UAAI,eAAe,wBAAwB;AACvC,cAAM;AAAA,MACV,WAAW,eAAe,uBAAuB;AAC7C,eAAO;AAAA,MACX,OAAO;AACH,gBAAQ,KAAK,iCAAiC,GAAG;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EACJ;AAAA;AAEA,SAAsB,oBAAoB,aAAyD;AAAA;AAC/F,QAAI;AACJ,QAAI;AACA,kBAAY,MAAW,gBAAW,eAAe,GAAG,OAAO;AAAA,IAC/D,SAAS,KAAP;AACE,cAAQ,MAAM,wFAAwF,GAAG;AACzG,YAAM,IAAI,uBAAuB,sBAAsB;AAAA,IAC3D;AAEA,QAAI,CAAC,aAAa;AACd,YAAM,IAAI,sBAAsB,0BAA0B;AAAA,IAC9D;AAEA,QAAI,2BAA2B;AAC/B,QAAI,YAAY,YAAY,EAAE,WAAW,SAAS,GAAG;AACjD,iCAA2B,YAAY,UAAU,UAAU,MAAM;AAAA,IACrE;AAEA,QAAI;AACA,YAAM,EAAE,QAAQ,IAAI,MAAW,eAAU,0BAA0B,WAAW;AAAA,QAC1E,QAAQ,iBAAiB;AAAA,QACzB,YAAY,CAAC,OAAO;AAAA,MACxB,CAAC;AAED,aAAO,OAAqB,OAAO;AAAA,IACvC,SAAS,GAAP;AACE,UAAI,aAAa,OAAO;AACpB,cAAM,IAAI,sBAAsB,EAAE,OAAO;AAAA,MAC7C,OAAO;AACH,cAAM,IAAI,sBAAsB,sBAAsB;AAAA,MAC1D;AAAA,IACJ;AAAA,EACJ;AAAA;;;ACzKO,IAAM,4BAA4B;;;ACUzC,SAAsB,2BAA2B,OAAkC,eAAwB,OAAO;AAAA;AAC9G,UAAM,cAAc,MAAM,IAAI,QAAQ,wBAAwB;AAC9D,UAAM,eAAe,MAAM,IAAI,QAAQ,yBAAyB;AAChE,UAAM,cAAc,MAAM,IAAI,QAAQ,yBAAyB;AAG/D,QAAI,eAAe,CAAC,cAAc;AAC9B,YAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,UAAI,MAAM;AACN,eAAO;AAAA,MACX;AAAA,IACJ;AAGA,QAAI,cAAc;AACd,YAAM,WAAW,MAAM,sCAAsC,cAAc,WAAW;AACtF,UAAI,SAAS,UAAU,cAAc;AACjC,cAAM,IAAI,MAAM,gDAAgD;AAAA,MACpE,WAAW,SAAS,UAAU,gBAAgB;AAC1C,cAAM,IAAI,UAAU,cAAc;AAAA,UAC9B,GAAG;AAAA,UACH,GAAG;AAAA,QACP,CAAC;AACD,eAAO;AAAA,MACX,OAAO;AACH,cAAM,OAAO,MAAM,oBAAoB,SAAS,WAAW;AAC3D,cAAM,IAAI,UAAU,cAAc;AAAA,UAC9B,GAAG,4BAA4B,SAAS;AAAA,UACxC,GAAG,6BAA6B,SAAS;AAAA,QAC7C,CAAC;AACD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA;AAEA,SAAsB,2BAClB,KACA,KACA,eAAwB,OAC1B;AAAA;AACE,UAAM,cAAc,IAAI,QAAQ,wBAAwB;AACxD,UAAM,eAAe,IAAI,QAAQ,yBAAyB;AAC1D,UAAM,cAAc,IAAI,QAAQ,yBAAyB;AAGzD,QAAI,eAAe,CAAC,cAAc;AAC9B,YAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,UAAI,MAAM;AACN,eAAO;AAAA,MACX;AAAA,IACJ;AAGA,QAAI,cAAc;AACd,YAAM,WAAW,MAAM,sCAAsC,cAAc,WAAW;AACtF,UAAI,SAAS,UAAU,cAAc;AACjC,cAAM,IAAI,MAAM,gDAAgD;AAAA,MACpE,WAAW,SAAS,UAAU,gBAAgB;AAC1C,YAAI,UAAU,cAAc;AAAA,UACxB,GAAG;AAAA,UACH,GAAG;AAAA,QACP,CAAC;AACD,eAAO;AAAA,MACX,OAAO;AACH,cAAM,OAAO,MAAM,oBAAoB,SAAS,WAAW;AAC3D,YAAI,UAAU,cAAc;AAAA,UACxB,GAAG,4BAA4B,SAAS;AAAA,UACxC,GAAG,6BAA6B,SAAS;AAAA,QAC7C,CAAC;AACD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA;","names":[]}
1
+ {"version":3,"sources":["../../../src/server/pages-index.ts","../../../src/loginMethod.ts","../../../src/user.ts","../../../src/server/exceptions.ts","../../../src/server/shared.ts","../../../src/shared.ts","../../../src/server/pages.ts"],"sourcesContent":["export {\n getUserFromServerSideProps,\n getUserFromApiRouteRequest,\n getAuthInfoFromApiRouteRequest,\n getAuthInfoFromServerSideProps\n} from \"./pages\"\nexport type {AuthInfo} from \"./pages\"","export enum SocialLoginProvider {\n Google = 'Google',\n GitHub = 'GitHub',\n Microsoft = 'Microsoft',\n Slack = 'Slack',\n LinkedIn = 'LinkedIn',\n Salesforce = 'Salesforce',\n Xero = 'Xero',\n QuickBooksOnline = 'QuickBooks Online',\n}\n\nexport enum SamlLoginProvider {\n Google = 'Google',\n Rippling = 'Rippling',\n OneLogin = 'OneLogin',\n JumpCloud = 'JumpCloud',\n Okta = 'Okta',\n Azure = 'Azure',\n Duo = 'Duo',\n Generic = 'Generic',\n}\n\ntype InternalPasswordLoginMethod = {\n login_method: 'password'\n}\n\ntype InternalMagicLinkLoginMethod = {\n login_method: 'magic_link'\n}\n\ntype InternalSocialSsoLoginMethod = {\n login_method: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype InternalEmailConfirmationLinkLoginMethod = {\n login_method: 'email_confirmation_link'\n}\n\ntype InternalSamlSsoLoginMethod = {\n login_method: 'saml_sso'\n provider: SamlLoginProvider\n org_id: string\n}\n\ntype InternalImpersonationLoginMethod = {\n login_method: 'impersonation'\n}\n\ntype InternalGeneratedFromBackendApiLoginMethod = {\n login_method: 'generated_from_backend_api'\n}\n\ntype InternalUnknownLoginMethod = {\n login_method: 'unknown'\n}\n\nexport type InternalLoginMethod =\n | InternalPasswordLoginMethod\n | InternalMagicLinkLoginMethod\n | InternalSocialSsoLoginMethod\n | InternalEmailConfirmationLinkLoginMethod\n | InternalSamlSsoLoginMethod\n | InternalImpersonationLoginMethod\n | InternalGeneratedFromBackendApiLoginMethod\n | InternalUnknownLoginMethod\n\ntype PasswordLoginMethod = {\n loginMethod: 'password'\n}\n\ntype MagicLinkLoginMethod = {\n loginMethod: 'magic_link'\n}\n\ntype SocialSsoLoginMethod = {\n loginMethod: 'social_sso'\n provider: SocialLoginProvider\n}\n\ntype EmailConfirmationLinkLoginMethod = {\n loginMethod: 'email_confirmation_link'\n}\n\ntype SamlSsoLoginMethod = {\n loginMethod: 'saml_sso'\n provider: SamlLoginProvider\n orgId: string\n}\n\ntype ImpersonationLoginMethod = {\n loginMethod: 'impersonation'\n}\n\ntype GeneratedFromBackendApiLoginMethod = {\n loginMethod: 'generated_from_backend_api'\n}\n\ntype UnknownLoginMethod = {\n loginMethod: 'unknown'\n}\n\nexport type LoginMethod =\n | PasswordLoginMethod\n | MagicLinkLoginMethod\n | SocialSsoLoginMethod\n | EmailConfirmationLinkLoginMethod\n | SamlSsoLoginMethod\n | ImpersonationLoginMethod\n | GeneratedFromBackendApiLoginMethod\n | UnknownLoginMethod\n\nexport function toLoginMethod(snake_case?: InternalLoginMethod): LoginMethod {\n if (!snake_case) {\n return { loginMethod: 'unknown' }\n }\n\n switch (snake_case.login_method) {\n case 'password':\n return { loginMethod: 'password' }\n case 'magic_link':\n return { loginMethod: 'magic_link' }\n case 'social_sso':\n return { loginMethod: 'social_sso', provider: snake_case.provider }\n case 'email_confirmation_link':\n return { loginMethod: 'email_confirmation_link' }\n case 'saml_sso':\n return { loginMethod: 'saml_sso', provider: snake_case.provider, orgId: snake_case.org_id }\n case 'impersonation':\n return { loginMethod: 'impersonation' }\n case 'generated_from_backend_api':\n return { loginMethod: 'generated_from_backend_api' }\n default:\n return { loginMethod: 'unknown' }\n }\n}\n","import { InternalLoginMethod, LoginMethod, toLoginMethod } from './loginMethod'\n\nexport class UserFromToken {\n public userId: string\n\n public activeOrgId?: string\n public orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo\n\n // Metadata about the user\n public email: string\n public firstName?: string\n public lastName?: string\n public username?: string\n public properties?: { [key: string]: unknown }\n public loginMethod?: LoginMethod\n\n // If you used our migration APIs to migrate this user from a different system,\n // this is their original ID from that system.\n public legacyUserId?: string\n public impersonatorUserId?: string\n\n constructor(\n userId: string,\n email: string,\n orgIdToOrgMemberInfo?: OrgIdToOrgMemberInfo,\n firstName?: string,\n lastName?: string,\n username?: string,\n legacyUserId?: string,\n impersonatorUserId?: string,\n properties?: { [key: string]: unknown },\n activeOrgId?: string,\n loginMethod?: LoginMethod\n ) {\n this.userId = userId\n\n this.activeOrgId = activeOrgId\n this.orgIdToOrgMemberInfo = orgIdToOrgMemberInfo\n\n this.email = email\n this.firstName = firstName\n this.lastName = lastName\n this.username = username\n\n this.legacyUserId = legacyUserId\n this.impersonatorUserId = impersonatorUserId\n\n this.properties = properties\n this.loginMethod = loginMethod\n }\n\n public getActiveOrg(): OrgMemberInfo | undefined {\n if (!this.activeOrgId || !this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[this.activeOrgId]\n }\n\n public getActiveOrgId(): string | undefined {\n return this.activeOrgId\n }\n\n public getOrg(orgId: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n return this.orgIdToOrgMemberInfo[orgId]\n }\n\n public getOrgByName(orgName: string): OrgMemberInfo | undefined {\n if (!this.orgIdToOrgMemberInfo) {\n return undefined\n }\n\n const urlSafeOrgName = orgName.toLowerCase().replace(/ /g, '-')\n for (const orgId in this.orgIdToOrgMemberInfo) {\n const orgMemberInfo = this.orgIdToOrgMemberInfo[orgId]\n if (orgMemberInfo.urlSafeOrgName === urlSafeOrgName) {\n return orgMemberInfo\n }\n }\n\n return undefined\n }\n\n public getOrgs(): OrgMemberInfo[] {\n if (!this.orgIdToOrgMemberInfo) {\n return []\n }\n\n return Object.values(this.orgIdToOrgMemberInfo)\n }\n\n public isImpersonating(): boolean {\n return !!this.impersonatorUserId\n }\n\n public static fromJSON(json: string): UserFromToken {\n const obj = JSON.parse(json)\n const orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo = {}\n for (const orgId in obj.orgIdToOrgMemberInfo) {\n orgIdToOrgMemberInfo[orgId] = OrgMemberInfo.fromJSON(JSON.stringify(obj.orgIdToOrgMemberInfo[orgId]))\n }\n return new UserFromToken(\n obj.userId,\n obj.email,\n orgIdToOrgMemberInfo,\n obj.firstName,\n obj.lastName,\n obj.username,\n obj.legacyUserId,\n obj.impersonatorUserId,\n obj.properties,\n obj.activeOrgId,\n obj.loginMethod\n )\n }\n\n public static fromJwtPayload(payload: InternalUser): UserFromToken {\n let activeOrgId: string | undefined\n let orgIdToOrgMemberInfo: OrgIdToOrgMemberInfo | undefined\n\n if (payload.org_member_info) {\n activeOrgId = payload.org_member_info.org_id\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo({ [activeOrgId]: payload.org_member_info })\n } else {\n activeOrgId = undefined\n orgIdToOrgMemberInfo = toOrgIdToOrgMemberInfo(payload.org_id_to_org_member_info)\n }\n\n const loginMethod = toLoginMethod(payload.login_method)\n\n return new UserFromToken(\n payload.user_id,\n payload.email,\n orgIdToOrgMemberInfo,\n payload.first_name,\n payload.last_name,\n payload.username,\n payload.legacy_user_id,\n payload.impersonatorUserId,\n payload.properties,\n activeOrgId,\n loginMethod\n )\n }\n}\n\nexport type OrgIdToOrgMemberInfo = {\n [orgId: string]: OrgMemberInfo\n}\n\nexport enum OrgRoleStructure {\n SingleRole = \"single_role_in_hierarchy\",\n MultiRole = \"multi_role\",\n}\n\nexport class OrgMemberInfo {\n public orgId: string\n public orgName: string\n public orgMetadata: { [key: string]: any }\n public urlSafeOrgName: string\n public orgRoleStructure: OrgRoleStructure\n\n public userAssignedRole: string\n public userInheritedRolesPlusCurrentRole: string[]\n public userPermissions: string[]\n public userAssignedAdditionalRoles: string[]\n\n constructor(\n orgId: string,\n orgName: string,\n orgMetadata: { [key: string]: any },\n urlSafeOrgName: string,\n userAssignedRole: string,\n userInheritedRolesPlusCurrentRole: string[],\n userPermissions: string[],\n orgRoleStructure: OrgRoleStructure,\n userAssignedAdditionalRoles: string[]\n ) {\n this.orgId = orgId\n this.orgName = orgName\n this.orgMetadata = orgMetadata\n this.urlSafeOrgName = urlSafeOrgName\n this.orgRoleStructure = orgRoleStructure\n\n this.userAssignedRole = userAssignedRole\n this.userInheritedRolesPlusCurrentRole = userInheritedRolesPlusCurrentRole\n this.userPermissions = userPermissions\n this.userAssignedAdditionalRoles = userAssignedAdditionalRoles\n }\n\n // validation methods\n\n public isRole(role: string): boolean {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedRole === role || this.userAssignedAdditionalRoles.includes(role)\n } else {\n return this.userAssignedRole === role\n }\n }\n\n public isAtLeastRole(role: string): boolean {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedRole === role || this.userAssignedAdditionalRoles.includes(role)\n } else {\n return this.userInheritedRolesPlusCurrentRole.includes(role)\n }\n }\n\n public hasPermission(permission: string): boolean {\n return this.userPermissions.includes(permission)\n }\n\n public hasAllPermissions(permissions: string[]): boolean {\n return permissions.every((permission) => this.hasPermission(permission))\n }\n\n public static fromJSON(json: string): OrgMemberInfo {\n const obj = JSON.parse(json)\n return new OrgMemberInfo(\n obj.orgId,\n obj.orgName,\n obj.orgMetadata,\n obj.urlSafeOrgName,\n obj.userAssignedRole,\n obj.userInheritedRolesPlusCurrentRole,\n obj.userPermissions,\n obj.orgRoleStructure,\n obj.userAssignedAdditionalRoles\n )\n }\n\n // getters for the private fields\n\n get assignedRole(): string {\n return this.userAssignedRole\n }\n\n get assignedRoles(): string[] {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedAdditionalRoles.concat(this.userAssignedRole)\n } else {\n return [this.userAssignedRole]\n }\n }\n\n get inheritedRolesPlusCurrentRole(): string[] {\n if (this.orgRoleStructure === OrgRoleStructure.MultiRole) {\n return this.userAssignedAdditionalRoles.concat(this.userAssignedRole)\n } else {\n return this.userInheritedRolesPlusCurrentRole\n }\n }\n\n get permissions(): string[] {\n return this.userPermissions\n }\n}\n\n// These Internal types exist since the server returns snake case, but typescript/javascript\n// convention is camelCase.\nexport type InternalOrgMemberInfo = {\n org_id: string\n org_name: string\n org_metadata: { [key: string]: any }\n url_safe_org_name: string\n org_role_structure: OrgRoleStructure\n user_role: string\n inherited_user_roles_plus_current_role: string[]\n user_permissions: string[]\n additional_roles: string[]\n}\n\nexport type InternalUser = {\n user_id: string\n\n org_member_info?: InternalOrgMemberInfo\n org_id_to_org_member_info?: { [org_id: string]: InternalOrgMemberInfo }\n\n email: string\n first_name?: string\n last_name?: string\n username?: string\n properties?: { [key: string]: unknown }\n login_method?: InternalLoginMethod\n\n // If you used our migration APIs to migrate this user from a different system, this is their original ID from that system.\n legacy_user_id?: string\n impersonatorUserId?: string\n}\n\nexport function toUser(snake_case: InternalUser): UserFromToken {\n return UserFromToken.fromJwtPayload(snake_case)\n}\n\nexport function toOrgIdToOrgMemberInfo(snake_case?: {\n [org_id: string]: InternalOrgMemberInfo\n}): OrgIdToOrgMemberInfo | undefined {\n if (snake_case === undefined) {\n return undefined\n }\n const camelCase: OrgIdToOrgMemberInfo = {}\n\n for (const key of Object.keys(snake_case)) {\n const snakeCaseValue = snake_case[key]\n if (snakeCaseValue) {\n camelCase[key] = new OrgMemberInfo(\n snakeCaseValue.org_id,\n snakeCaseValue.org_name,\n snakeCaseValue.org_metadata,\n snakeCaseValue.url_safe_org_name,\n snakeCaseValue.user_role,\n snakeCaseValue.inherited_user_roles_plus_current_role,\n snakeCaseValue.user_permissions,\n snakeCaseValue.org_role_structure,\n snakeCaseValue.additional_roles\n )\n }\n }\n\n return camelCase\n}\n","export class UnauthorizedException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 401\n }\n}\n\nexport class ConfigurationException extends Error {\n readonly message: string\n readonly status: number\n\n constructor(message: string) {\n super(message)\n this.message = message\n this.status = 500\n }\n}\n","import { ResponseCookie } from 'next/dist/compiled/@edge-runtime/cookies'\nimport { InternalUser, toUser, UserFromToken } from '../user'\nimport { ConfigurationException, UnauthorizedException } from './exceptions'\nimport * as jose from 'jose'\n\ntype RefreshAndAccessTokens = {\n refreshToken: string\n accessToken: string\n error: 'none'\n}\n\ntype RefreshAndAccessTokensUnauthorizedError = {\n error: 'unauthorized'\n}\n\ntype RefreshAndAccessTokensUnexpectedError = {\n error: 'unexpected'\n}\n\nexport type RefreshTokenResponse =\n | RefreshAndAccessTokens\n | RefreshAndAccessTokensUnauthorizedError\n | RefreshAndAccessTokensUnexpectedError\n\nexport const LOGIN_PATH = '/api/auth/login'\nexport const CALLBACK_PATH = '/api/auth/callback'\nexport const USERINFO_PATH = '/api/auth/userinfo'\nexport const LOGOUT_PATH = '/api/auth/logout'\nexport const ACCESS_TOKEN_COOKIE_NAME = '__pa_at'\nexport const REFRESH_TOKEN_COOKIE_NAME = '__pa_rt'\nexport const STATE_COOKIE_NAME = '__pa_state'\nexport const CUSTOM_HEADER_FOR_ACCESS_TOKEN = 'x-propelauth-access-token'\nexport const CUSTOM_HEADER_FOR_URL = 'x-propelauth-current-url'\nexport const CUSTOM_HEADER_FOR_PATH = 'x-propelauth-current-path'\nexport const RETURN_TO_PATH_COOKIE_NAME = '__pa_return_to_path'\n\nexport const COOKIE_OPTIONS: Partial<ResponseCookie> = {\n httpOnly: true,\n sameSite: 'lax',\n secure: true,\n path: '/',\n}\n\nexport function getAuthUrlOrigin() {\n return getAuthUrl().origin\n}\n\nexport function getAuthUrl() {\n const authUrl = process.env.NEXT_PUBLIC_AUTH_URL\n if (!authUrl) {\n throw new Error('NEXT_PUBLIC_AUTH_URL is not set')\n }\n return new URL(authUrl)\n}\n\nexport function getRedirectUri() {\n const redirectUri = process.env.PROPELAUTH_REDIRECT_URI\n if (!redirectUri) {\n throw new Error('PROPELAUTH_REDIRECT_URI is not set')\n }\n return redirectUri\n}\n\nexport function getIntegrationApiKey() {\n const integrationApiKey = process.env.PROPELAUTH_API_KEY\n if (!integrationApiKey) {\n throw new Error('PROPELAUTH_API_KEY is not set')\n }\n return integrationApiKey\n}\n\nexport function getVerifierKey() {\n const verifierKey = process.env.PROPELAUTH_VERIFIER_KEY\n if (!verifierKey) {\n throw new Error('PROPELAUTH_VERIFIER_KEY is not set')\n }\n return verifierKey.replace(/\\\\n/g, '\\n')\n}\n\nexport async function refreshTokenWithAccessAndRefreshToken(\n refreshToken: string,\n activeOrgId?: string\n): Promise<RefreshTokenResponse> {\n const body = {\n refresh_token: refreshToken,\n }\n\n const queryParams = new URLSearchParams()\n if (activeOrgId) {\n queryParams.set('with_active_org_support', 'true')\n queryParams.set('active_org_id', activeOrgId)\n }\n\n const url = `${getAuthUrlOrigin()}/api/backend/v1/refresh_token?${queryParams.toString()}`\n const response = await fetch(url, {\n method: 'POST',\n body: JSON.stringify(body),\n headers: {\n 'Content-Type': 'application/json',\n Authorization: 'Bearer ' + getIntegrationApiKey(),\n },\n })\n\n if (response.ok) {\n const data = await response.json()\n const newRefreshToken = data.refresh_token\n const { access_token: accessToken, expires_at_seconds: expiresAtSeconds } = data.access_token\n\n return {\n refreshToken: newRefreshToken,\n accessToken,\n error: 'none',\n }\n } else if (response.status === 400 || response.status === 401) {\n return { error: 'unauthorized' }\n } else {\n return { error: 'unexpected' }\n }\n}\n\nexport async function validateAccessTokenOrUndefined(\n accessToken: string | undefined\n): Promise<UserFromToken | undefined> {\n try {\n return await validateAccessToken(accessToken)\n } catch (err) {\n if (err instanceof ConfigurationException) {\n throw err\n } else if (err instanceof UnauthorizedException) {\n return undefined\n } else {\n console.info('Error validating access token', err)\n return undefined\n }\n }\n}\n\nexport async function validateAccessToken(accessToken: string | undefined): Promise<UserFromToken> {\n let publicKey\n try {\n publicKey = await jose.importSPKI(getVerifierKey(), 'RS256')\n } catch (err) {\n console.error(\"Verifier key is invalid. Make sure it's specified correctly, including the newlines.\", err)\n throw new ConfigurationException('Invalid verifier key')\n }\n\n if (!accessToken) {\n throw new UnauthorizedException('No access token provided')\n }\n\n let accessTokenWithoutBearer = accessToken\n if (accessToken.toLowerCase().startsWith('bearer ')) {\n accessTokenWithoutBearer = accessToken.substring('bearer '.length)\n }\n\n try {\n const { payload } = await jose.jwtVerify(accessTokenWithoutBearer, publicKey, {\n issuer: getAuthUrlOrigin(),\n algorithms: ['RS256'],\n })\n\n return toUser(<InternalUser>payload)\n } catch (e) {\n if (e instanceof Error) {\n throw new UnauthorizedException(e.message)\n } else {\n throw new UnauthorizedException('Unable to decode jwt')\n }\n }\n}\n","export const ACTIVE_ORG_ID_COOKIE_NAME = '__pa_org_id'\n","import {GetServerSidePropsContext, NextApiRequest, NextApiResponse} from 'next'\nimport {\n ACCESS_TOKEN_COOKIE_NAME,\n REFRESH_TOKEN_COOKIE_NAME,\n refreshTokenWithAccessAndRefreshToken,\n validateAccessToken,\n validateAccessTokenOrUndefined,\n} from './shared'\nimport {ACTIVE_ORG_ID_COOKIE_NAME} from '../shared'\nimport {UserFromToken} from \"../user\";\n\nexport type AuthInfo = {\n user: UserFromToken\n accessToken: string\n} | {\n user: undefined\n accessToken: undefined\n}\n\nexport async function getAuthInfoFromServerSideProps(props: GetServerSidePropsContext, forceRefresh: boolean = false): Promise<AuthInfo> {\n const accessToken = props.req.cookies[ACCESS_TOKEN_COOKIE_NAME]\n const refreshToken = props.req.cookies[REFRESH_TOKEN_COOKIE_NAME]\n const activeOrgId = props.req.cookies[ACTIVE_ORG_ID_COOKIE_NAME]\n\n // If we are authenticated, we can continue\n if (accessToken && !forceRefresh) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return {\n user,\n accessToken,\n }\n }\n }\n\n // Otherwise, we need to refresh the access token\n if (refreshToken) {\n const response = await refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId)\n if (response.error === 'unexpected') {\n throw new Error('Unexpected error while refreshing access token')\n } else if (response.error === 'unauthorized') {\n props.res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n ])\n return {\n user: undefined,\n accessToken: undefined,\n }\n } else {\n const user = await validateAccessToken(response.accessToken)\n props.res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=${response.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n `${REFRESH_TOKEN_COOKIE_NAME}=${response.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n ])\n return {\n user,\n accessToken: response.accessToken\n }\n }\n }\n\n return {\n user: undefined,\n accessToken: undefined,\n }\n}\n\nexport async function getUserFromServerSideProps(props: GetServerSidePropsContext, forceRefresh: boolean = false) {\n const {user} = await getAuthInfoFromServerSideProps(props, forceRefresh)\n return user\n}\n\nexport async function getAuthInfoFromApiRouteRequest(\n req: NextApiRequest,\n res: NextApiResponse,\n forceRefresh: boolean = false\n): Promise<AuthInfo> {\n const accessToken = req.cookies[ACCESS_TOKEN_COOKIE_NAME]\n const refreshToken = req.cookies[REFRESH_TOKEN_COOKIE_NAME]\n const activeOrgId = req.cookies[ACTIVE_ORG_ID_COOKIE_NAME]\n\n // If we are authenticated, we can continue\n if (accessToken && !forceRefresh) {\n const user = await validateAccessTokenOrUndefined(accessToken)\n if (user) {\n return {\n user,\n accessToken,\n }\n }\n }\n\n // Otherwise, we need to refresh the access token\n if (refreshToken) {\n const response = await refreshTokenWithAccessAndRefreshToken(refreshToken, activeOrgId)\n if (response.error === 'unexpected') {\n throw new Error('Unexpected error while refreshing access token')\n } else if (response.error === 'unauthorized') {\n res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n `${REFRESH_TOKEN_COOKIE_NAME}=; Path=/; HttpOnly; Secure; SameSite=Lax; Max-Age=0`,\n ])\n return {\n user: undefined,\n accessToken: undefined,\n }\n } else {\n const user = await validateAccessToken(response.accessToken)\n res.setHeader('Set-Cookie', [\n `${ACCESS_TOKEN_COOKIE_NAME}=${response.accessToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n `${REFRESH_TOKEN_COOKIE_NAME}=${response.refreshToken}; Path=/; HttpOnly; Secure; SameSite=Lax`,\n ])\n return {\n user,\n accessToken: response.accessToken,\n }\n }\n }\n\n return {\n user: undefined,\n accessToken: undefined,\n }\n}\n\nexport async function getUserFromApiRouteRequest(\n req: NextApiRequest,\n res: NextApiResponse,\n forceRefresh: boolean = false\n) {\n const {user} = await getAuthInfoFromApiRouteRequest(req, res, forceRefresh)\n return user\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACgHO,SAAS,cAAc,YAA+C;AACzE,MAAI,CAAC,YAAY;AACb,WAAO,EAAE,aAAa,UAAU;AAAA,EACpC;AAEA,UAAQ,WAAW,cAAc;AAAA,IAC7B,KAAK;AACD,aAAO,EAAE,aAAa,WAAW;AAAA,IACrC,KAAK;AACD,aAAO,EAAE,aAAa,aAAa;AAAA,IACvC,KAAK;AACD,aAAO,EAAE,aAAa,cAAc,UAAU,WAAW,SAAS;AAAA,IACtE,KAAK;AACD,aAAO,EAAE,aAAa,0BAA0B;AAAA,IACpD,KAAK;AACD,aAAO,EAAE,aAAa,YAAY,UAAU,WAAW,UAAU,OAAO,WAAW,OAAO;AAAA,IAC9F,KAAK;AACD,aAAO,EAAE,aAAa,gBAAgB;AAAA,IAC1C,KAAK;AACD,aAAO,EAAE,aAAa,6BAA6B;AAAA,IACvD;AACI,aAAO,EAAE,aAAa,UAAU;AAAA,EACxC;AACJ;;;ACrIO,IAAM,gBAAN,MAAoB;AAAA,EAmBvB,YACI,QACA,OACA,sBACA,WACA,UACA,UACA,cACA,oBACA,YACA,aACA,aACF;AACE,SAAK,SAAS;AAEd,SAAK,cAAc;AACnB,SAAK,uBAAuB;AAE5B,SAAK,QAAQ;AACb,SAAK,YAAY;AACjB,SAAK,WAAW;AAChB,SAAK,WAAW;AAEhB,SAAK,eAAe;AACpB,SAAK,qBAAqB;AAE1B,SAAK,aAAa;AAClB,SAAK,cAAc;AAAA,EACvB;AAAA,EAEO,eAA0C;AAC7C,QAAI,CAAC,KAAK,eAAe,CAAC,KAAK,sBAAsB;AACjD,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK,WAAW;AAAA,EACrD;AAAA,EAEO,iBAAqC;AACxC,WAAO,KAAK;AAAA,EAChB;AAAA,EAEO,OAAO,OAA0C;AACpD,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,WAAO,KAAK,qBAAqB,KAAK;AAAA,EAC1C;AAAA,EAEO,aAAa,SAA4C;AAC5D,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO;AAAA,IACX;AAEA,UAAM,iBAAiB,QAAQ,YAAY,EAAE,QAAQ,MAAM,GAAG;AAC9D,eAAW,SAAS,KAAK,sBAAsB;AAC3C,YAAM,gBAAgB,KAAK,qBAAqB,KAAK;AACrD,UAAI,cAAc,mBAAmB,gBAAgB;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEO,UAA2B;AAC9B,QAAI,CAAC,KAAK,sBAAsB;AAC5B,aAAO,CAAC;AAAA,IACZ;AAEA,WAAO,OAAO,OAAO,KAAK,oBAAoB;AAAA,EAClD;AAAA,EAEO,kBAA2B;AAC9B,WAAO,CAAC,CAAC,KAAK;AAAA,EAClB;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,UAAM,uBAA6C,CAAC;AACpD,eAAW,SAAS,IAAI,sBAAsB;AAC1C,2BAAqB,KAAK,IAAI,cAAc,SAAS,KAAK,UAAU,IAAI,qBAAqB,KAAK,CAAC,CAAC;AAAA,IACxG;AACA,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA,EAEA,OAAc,eAAe,SAAsC;AAC/D,QAAI;AACJ,QAAI;AAEJ,QAAI,QAAQ,iBAAiB;AACzB,oBAAc,QAAQ,gBAAgB;AACtC,6BAAuB,uBAAuB,EAAE,CAAC,WAAW,GAAG,QAAQ,gBAAgB,CAAC;AAAA,IAC5F,OAAO;AACH,oBAAc;AACd,6BAAuB,uBAAuB,QAAQ,yBAAyB;AAAA,IACnF;AAEA,UAAM,cAAc,cAAc,QAAQ,YAAY;AAEtD,WAAO,IAAI;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AACJ;AAWO,IAAM,gBAAN,MAAoB;AAAA,EAYvB,YACI,OACA,SACA,aACA,gBACA,kBACA,mCACA,iBACA,kBACA,6BACF;AACE,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AACtB,SAAK,mBAAmB;AAExB,SAAK,mBAAmB;AACxB,SAAK,oCAAoC;AACzC,SAAK,kBAAkB;AACvB,SAAK,8BAA8B;AAAA,EACvC;AAAA;AAAA,EAIO,OAAO,MAAuB;AACjC,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,qBAAqB,QAAQ,KAAK,4BAA4B,SAAS,IAAI;AAAA,IAC3F,OAAO;AACH,aAAO,KAAK,qBAAqB;AAAA,IACrC;AAAA,EACJ;AAAA,EAEO,cAAc,MAAuB;AACxC,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,qBAAqB,QAAQ,KAAK,4BAA4B,SAAS,IAAI;AAAA,IAC3F,OAAO;AACH,aAAO,KAAK,kCAAkC,SAAS,IAAI;AAAA,IAC/D;AAAA,EACJ;AAAA,EAEO,cAAc,YAA6B;AAC9C,WAAO,KAAK,gBAAgB,SAAS,UAAU;AAAA,EACnD;AAAA,EAEO,kBAAkB,aAAgC;AACrD,WAAO,YAAY,MAAM,CAAC,eAAe,KAAK,cAAc,UAAU,CAAC;AAAA,EAC3E;AAAA,EAEA,OAAc,SAAS,MAA6B;AAChD,UAAM,MAAM,KAAK,MAAM,IAAI;AAC3B,WAAO,IAAI;AAAA,MACP,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,IACR;AAAA,EACJ;AAAA;AAAA,EAIA,IAAI,eAAuB;AACvB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gBAA0B;AAC1B,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,4BAA4B,OAAO,KAAK,gBAAgB;AAAA,IACxE,OAAO;AACH,aAAO,CAAC,KAAK,gBAAgB;AAAA,IACjC;AAAA,EACJ;AAAA,EAEA,IAAI,gCAA0C;AAC1C,QAAI,KAAK,qBAAqB,8BAA4B;AACtD,aAAO,KAAK,4BAA4B,OAAO,KAAK,gBAAgB;AAAA,IACxE,OAAO;AACH,aAAO,KAAK;AAAA,IAChB;AAAA,EACJ;AAAA,EAEA,IAAI,cAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AACJ;AAkCO,SAAS,OAAO,YAAyC;AAC5D,SAAO,cAAc,eAAe,UAAU;AAClD;AAEO,SAAS,uBAAuB,YAEF;AACjC,MAAI,eAAe,QAAW;AAC1B,WAAO;AAAA,EACX;AACA,QAAM,YAAkC,CAAC;AAEzC,aAAW,OAAO,OAAO,KAAK,UAAU,GAAG;AACvC,UAAM,iBAAiB,WAAW,GAAG;AACrC,QAAI,gBAAgB;AAChB,gBAAU,GAAG,IAAI,IAAI;AAAA,QACjB,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe;AAAA,MACnB;AAAA,IACJ;AAAA,EACJ;AAEA,SAAO;AACX;;;ACpUO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAI7C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;AAEO,IAAM,yBAAN,cAAqC,MAAM;AAAA,EAI9C,YAAY,SAAiB;AACzB,UAAM,OAAO;AACb,SAAK,UAAU;AACf,SAAK,SAAS;AAAA,EAClB;AACJ;;;ACjBA,WAAsB;AAyBf,IAAM,2BAA2B;AACjC,IAAM,4BAA4B;AAclC,SAAS,mBAAmB;AAC/B,SAAO,WAAW,EAAE;AACxB;AAEO,SAAS,aAAa;AACzB,QAAM,UAAU,QAAQ,IAAI;AAC5B,MAAI,CAAC,SAAS;AACV,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACrD;AACA,SAAO,IAAI,IAAI,OAAO;AAC1B;AAUO,SAAS,uBAAuB;AACnC,QAAM,oBAAoB,QAAQ,IAAI;AACtC,MAAI,CAAC,mBAAmB;AACpB,UAAM,IAAI,MAAM,+BAA+B;AAAA,EACnD;AACA,SAAO;AACX;AAEO,SAAS,iBAAiB;AAC7B,QAAM,cAAc,QAAQ,IAAI;AAChC,MAAI,CAAC,aAAa;AACd,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACxD;AACA,SAAO,YAAY,QAAQ,QAAQ,IAAI;AAC3C;AAEA,SAAsB,sCAClB,cACA,aAC6B;AAAA;AAC7B,UAAM,OAAO;AAAA,MACT,eAAe;AAAA,IACnB;AAEA,UAAM,cAAc,IAAI,gBAAgB;AACxC,QAAI,aAAa;AACb,kBAAY,IAAI,2BAA2B,MAAM;AACjD,kBAAY,IAAI,iBAAiB,WAAW;AAAA,IAChD;AAEA,UAAM,MAAM,GAAG,iBAAiB,kCAAkC,YAAY,SAAS;AACvF,UAAM,WAAW,MAAM,MAAM,KAAK;AAAA,MAC9B,QAAQ;AAAA,MACR,MAAM,KAAK,UAAU,IAAI;AAAA,MACzB,SAAS;AAAA,QACL,gBAAgB;AAAA,QAChB,eAAe,YAAY,qBAAqB;AAAA,MACpD;AAAA,IACJ,CAAC;AAED,QAAI,SAAS,IAAI;AACb,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,kBAAkB,KAAK;AAC7B,YAAM,EAAE,cAAc,aAAa,oBAAoB,iBAAiB,IAAI,KAAK;AAEjF,aAAO;AAAA,QACH,cAAc;AAAA,QACd;AAAA,QACA,OAAO;AAAA,MACX;AAAA,IACJ,WAAW,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AAC3D,aAAO,EAAE,OAAO,eAAe;AAAA,IACnC,OAAO;AACH,aAAO,EAAE,OAAO,aAAa;AAAA,IACjC;AAAA,EACJ;AAAA;AAEA,SAAsB,+BAClB,aACkC;AAAA;AAClC,QAAI;AACA,aAAO,MAAM,oBAAoB,WAAW;AAAA,IAChD,SAAS,KAAP;AACE,UAAI,eAAe,wBAAwB;AACvC,cAAM;AAAA,MACV,WAAW,eAAe,uBAAuB;AAC7C,eAAO;AAAA,MACX,OAAO;AACH,gBAAQ,KAAK,iCAAiC,GAAG;AACjD,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EACJ;AAAA;AAEA,SAAsB,oBAAoB,aAAyD;AAAA;AAC/F,QAAI;AACJ,QAAI;AACA,kBAAY,MAAW,gBAAW,eAAe,GAAG,OAAO;AAAA,IAC/D,SAAS,KAAP;AACE,cAAQ,MAAM,wFAAwF,GAAG;AACzG,YAAM,IAAI,uBAAuB,sBAAsB;AAAA,IAC3D;AAEA,QAAI,CAAC,aAAa;AACd,YAAM,IAAI,sBAAsB,0BAA0B;AAAA,IAC9D;AAEA,QAAI,2BAA2B;AAC/B,QAAI,YAAY,YAAY,EAAE,WAAW,SAAS,GAAG;AACjD,iCAA2B,YAAY,UAAU,UAAU,MAAM;AAAA,IACrE;AAEA,QAAI;AACA,YAAM,EAAE,QAAQ,IAAI,MAAW,eAAU,0BAA0B,WAAW;AAAA,QAC1E,QAAQ,iBAAiB;AAAA,QACzB,YAAY,CAAC,OAAO;AAAA,MACxB,CAAC;AAED,aAAO,OAAqB,OAAO;AAAA,IACvC,SAAS,GAAP;AACE,UAAI,aAAa,OAAO;AACpB,cAAM,IAAI,sBAAsB,EAAE,OAAO;AAAA,MAC7C,OAAO;AACH,cAAM,IAAI,sBAAsB,sBAAsB;AAAA,MAC1D;AAAA,IACJ;AAAA,EACJ;AAAA;;;ACzKO,IAAM,4BAA4B;;;ACmBzC,SAAsB,+BAA+B,OAAkC,eAAwB,OAA0B;AAAA;AACrI,UAAM,cAAc,MAAM,IAAI,QAAQ,wBAAwB;AAC9D,UAAM,eAAe,MAAM,IAAI,QAAQ,yBAAyB;AAChE,UAAM,cAAc,MAAM,IAAI,QAAQ,yBAAyB;AAG/D,QAAI,eAAe,CAAC,cAAc;AAC9B,YAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,UAAI,MAAM;AACN,eAAO;AAAA,UACH;AAAA,UACA;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAGA,QAAI,cAAc;AACd,YAAM,WAAW,MAAM,sCAAsC,cAAc,WAAW;AACtF,UAAI,SAAS,UAAU,cAAc;AACjC,cAAM,IAAI,MAAM,gDAAgD;AAAA,MACpE,WAAW,SAAS,UAAU,gBAAgB;AAC1C,cAAM,IAAI,UAAU,cAAc;AAAA,UAC9B,GAAG;AAAA,UACH,GAAG;AAAA,QACP,CAAC;AACD,eAAO;AAAA,UACH,MAAM;AAAA,UACN,aAAa;AAAA,QACjB;AAAA,MACJ,OAAO;AACH,cAAM,OAAO,MAAM,oBAAoB,SAAS,WAAW;AAC3D,cAAM,IAAI,UAAU,cAAc;AAAA,UAC9B,GAAG,4BAA4B,SAAS;AAAA,UACxC,GAAG,6BAA6B,SAAS;AAAA,QAC7C,CAAC;AACD,eAAO;AAAA,UACH;AAAA,UACA,aAAa,SAAS;AAAA,QAC1B;AAAA,MACJ;AAAA,IACJ;AAEA,WAAO;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,IACjB;AAAA,EACJ;AAAA;AAEA,SAAsB,2BAA2B,OAAkC,eAAwB,OAAO;AAAA;AAC9G,UAAM,EAAC,KAAI,IAAI,MAAM,+BAA+B,OAAO,YAAY;AACvE,WAAO;AAAA,EACX;AAAA;AAEA,SAAsB,+BAClB,KACA,KACA,eAAwB,OACP;AAAA;AACjB,UAAM,cAAc,IAAI,QAAQ,wBAAwB;AACxD,UAAM,eAAe,IAAI,QAAQ,yBAAyB;AAC1D,UAAM,cAAc,IAAI,QAAQ,yBAAyB;AAGzD,QAAI,eAAe,CAAC,cAAc;AAC9B,YAAM,OAAO,MAAM,+BAA+B,WAAW;AAC7D,UAAI,MAAM;AACN,eAAO;AAAA,UACH;AAAA,UACA;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAGA,QAAI,cAAc;AACd,YAAM,WAAW,MAAM,sCAAsC,cAAc,WAAW;AACtF,UAAI,SAAS,UAAU,cAAc;AACjC,cAAM,IAAI,MAAM,gDAAgD;AAAA,MACpE,WAAW,SAAS,UAAU,gBAAgB;AAC1C,YAAI,UAAU,cAAc;AAAA,UACxB,GAAG;AAAA,UACH,GAAG;AAAA,QACP,CAAC;AACD,eAAO;AAAA,UACH,MAAM;AAAA,UACN,aAAa;AAAA,QACjB;AAAA,MACJ,OAAO;AACH,cAAM,OAAO,MAAM,oBAAoB,SAAS,WAAW;AAC3D,YAAI,UAAU,cAAc;AAAA,UACxB,GAAG,4BAA4B,SAAS;AAAA,UACxC,GAAG,6BAA6B,SAAS;AAAA,QAC7C,CAAC;AACD,eAAO;AAAA,UACH;AAAA,UACA,aAAa,SAAS;AAAA,QAC1B;AAAA,MACJ;AAAA,IACJ;AAEA,WAAO;AAAA,MACH,MAAM;AAAA,MACN,aAAa;AAAA,IACjB;AAAA,EACJ;AAAA;AAEA,SAAsB,2BAClB,KACA,KACA,eAAwB,OAC1B;AAAA;AACE,UAAM,EAAC,KAAI,IAAI,MAAM,+BAA+B,KAAK,KAAK,YAAY;AAC1E,WAAO;AAAA,EACX;AAAA;","names":[]}