@rc-tool/unified-auth-hosted-service 0.2.0

package/dist/hosted-service/applications.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"applications.js","sourceRoot":"","sources":["../../src/hosted-service/applications.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAGnD,MAAM,UAAU,gBAAgB,CAAC,OAAe;IAC9C,OAAO,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,OAAiC,EAAE,QAAiB;IACjF,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;IAChD,MAAM,QAAQ,GAA0B;QACtC,QAAQ,EAAE,QAAQ,IAAI,iBAAiB;QACvC,IAAI,EAAE,QAAQ,IAAI,aAAa;KAChC,CAAC;IAEF,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI,YAAY,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC;AAC9F,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,OAAgB,EAAE,OAAiC;IAC7E,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAEjC,OAAO,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,OAAgB,EAAE,GAA0B;IACzE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAEjC,OAAO,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,mBAAmB,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;AACxG,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,WAAmB,EAAE,GAA0B;IAC/E,IAAI,CAAC,GAAG,CAAC,mBAAmB,EAAE,MAAM,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,WAAmB,EACnB,QAAwC,EACxC,QAAgB,EAChB,WAAmB;IAEnB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,aAAa,QAAQ,QAAQ,EAAE,WAAW,CAAC,CAAC;IAErE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IACjD,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IAEvD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/hosted-service/constants.d.ts

@@ -0,0 +1,6 @@
+export declare const AUTH_SERVICE_SESSION_COOKIE = "unified_auth_session";
+export declare const AUTH_SERVICE_STATE_COOKIE = "unified_auth_state";
+export declare const SESSION_MAX_AGE_SECONDS: number;
+export declare const STATE_MAX_AGE_SECONDS: number;
+export declare const DEFAULT_CLIENT_ID = "default";
+//# sourceMappingURL=constants.d.ts.map

package/dist/hosted-service/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/hosted-service/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,2BAA2B,yBAAyB,CAAC;AAClE,eAAO,MAAM,yBAAyB,uBAAuB,CAAC;AAE9D,eAAO,MAAM,uBAAuB,QAAmB,CAAC;AACxD,eAAO,MAAM,qBAAqB,QAAU,CAAC;AAC7C,eAAO,MAAM,iBAAiB,YAAY,CAAC"}

package/dist/hosted-service/constants.js

@@ -0,0 +1,6 @@
+export const AUTH_SERVICE_SESSION_COOKIE = "unified_auth_session";
+export const AUTH_SERVICE_STATE_COOKIE = "unified_auth_state";
+export const SESSION_MAX_AGE_SECONDS = 60 * 60 * 24 * 7;
+export const STATE_MAX_AGE_SECONDS = 60 * 10;
+export const DEFAULT_CLIENT_ID = "default";
+//# sourceMappingURL=constants.js.map

package/dist/hosted-service/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/hosted-service/constants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,2BAA2B,GAAG,sBAAsB,CAAC;AAClE,MAAM,CAAC,MAAM,yBAAyB,GAAG,oBAAoB,CAAC;AAE9D,MAAM,CAAC,MAAM,uBAAuB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;AACxD,MAAM,CAAC,MAAM,qBAAqB,GAAG,EAAE,GAAG,EAAE,CAAC;AAC7C,MAAM,CAAC,MAAM,iBAAiB,GAAG,SAAS,CAAC"}

package/dist/hosted-service/cookies.d.ts

@@ -0,0 +1,17 @@
+import type { HostedAuthServiceOptions, SessionPayload } from "./types.js";
+export declare function appendCookie(headers: Headers, cookie: string): void;
+export declare function getCookie(request: Request, name: string): string | undefined;
+export declare function shouldUseSecureCookie(request: Request): boolean;
+export declare function serializeCookie(params: {
+    domain?: string;
+    httpOnly?: boolean;
+    maxAge?: number;
+    name: string;
+    path?: string;
+    sameSite?: "Lax" | "None" | "Strict";
+    secure?: boolean;
+    value: string;
+}): string;
+export declare function clearCookie(request: Request, options: HostedAuthServiceOptions, name: string): string;
+export declare function createSessionCookie(request: Request, options: HostedAuthServiceOptions, payload: SessionPayload): string;
+//# sourceMappingURL=cookies.d.ts.map

package/dist/hosted-service/cookies.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../src/hosted-service/cookies.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,wBAAwB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAE3E,wBAAgB,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,QAE5D;AAED,wBAAgB,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,sBASvD;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,WAQrD;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE;IACtC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,KAAK,GAAG,MAAM,GAAG,QAAQ,CAAC;IACrC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;CACf,UAaA;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,MAAM,UAQ5F;AAED,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,wBAAwB,EACjC,OAAO,EAAE,cAAc,UASxB"}

package/dist/hosted-service/cookies.js

@@ -0,0 +1,56 @@
+import { AUTH_SERVICE_SESSION_COOKIE, SESSION_MAX_AGE_SECONDS } from "./constants.js";
+import { createSignedToken } from "./crypto.js";
+export function appendCookie(headers, cookie) {
+    headers.append("set-cookie", cookie);
+}
+export function getCookie(request, name) {
+    const cookie = request.headers.get("cookie") ?? "";
+    const prefix = `${name}=`;
+    const item = cookie
+        .split(";")
+        .map((part) => part.trim())
+        .find((part) => part.startsWith(prefix));
+    return item ? decodeURIComponent(item.slice(prefix.length)) : undefined;
+}
+export function shouldUseSecureCookie(request) {
+    const forwardedProto = request.headers.get("x-forwarded-proto")?.split(",")[0]?.trim();
+    if (forwardedProto) {
+        return forwardedProto === "https";
+    }
+    return new URL(request.url).protocol === "https:";
+}
+export function serializeCookie(params) {
+    const parts = [
+        `${params.name}=${encodeURIComponent(params.value)}`,
+        `Path=${params.path ?? "/"}`,
+        `SameSite=${params.sameSite ?? "Lax"}`,
+    ];
+    if (params.httpOnly ?? true)
+        parts.push("HttpOnly");
+    if (typeof params.maxAge === "number")
+        parts.push(`Max-Age=${params.maxAge}`);
+    if (params.domain)
+        parts.push(`Domain=${params.domain}`);
+    if (params.secure)
+        parts.push("Secure");
+    return parts.join("; ");
+}
+export function clearCookie(request, options, name) {
+    return serializeCookie({
+        domain: options.cookieDomain,
+        maxAge: 0,
+        name,
+        secure: shouldUseSecureCookie(request),
+        value: "",
+    });
+}
+export function createSessionCookie(request, options, payload) {
+    return serializeCookie({
+        domain: options.cookieDomain,
+        maxAge: SESSION_MAX_AGE_SECONDS,
+        name: options.cookieName ?? AUTH_SERVICE_SESSION_COOKIE,
+        secure: shouldUseSecureCookie(request),
+        value: createSignedToken(payload, options.sessionSecret),
+    });
+}
+//# sourceMappingURL=cookies.js.map

package/dist/hosted-service/cookies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../src/hosted-service/cookies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,2BAA2B,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACtF,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,MAAM,UAAU,YAAY,CAAC,OAAgB,EAAE,MAAc;IAC3D,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,OAAgB,EAAE,IAAY;IACtD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnD,MAAM,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC;IAC1B,MAAM,IAAI,GAAG,MAAM;SAChB,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IAE3C,OAAO,IAAI,CAAC,CAAC,CAAC,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC1E,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,OAAgB;IACpD,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;IAEvF,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,cAAc,KAAK,OAAO,CAAC;IACpC,CAAC;IAED,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,MAS/B;IACC,MAAM,KAAK,GAAG;QACZ,GAAG,MAAM,CAAC,IAAI,IAAI,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;QACpD,QAAQ,MAAM,CAAC,IAAI,IAAI,GAAG,EAAE;QAC5B,YAAY,MAAM,CAAC,QAAQ,IAAI,KAAK,EAAE;KACvC,CAAC;IAEF,IAAI,MAAM,CAAC,QAAQ,IAAI,IAAI;QAAE,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACpD,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9E,IAAI,MAAM,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACzD,IAAI,MAAM,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAExC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,OAAgB,EAAE,OAAiC,EAAE,IAAY;IAC3F,OAAO,eAAe,CAAC;QACrB,MAAM,EAAE,OAAO,CAAC,YAAY;QAC5B,MAAM,EAAE,CAAC;QACT,IAAI;QACJ,MAAM,EAAE,qBAAqB,CAAC,OAAO,CAAC;QACtC,KAAK,EAAE,EAAE;KACV,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,OAAgB,EAChB,OAAiC,EACjC,OAAuB;IAEvB,OAAO,eAAe,CAAC;QACrB,MAAM,EAAE,OAAO,CAAC,YAAY;QAC5B,MAAM,EAAE,uBAAuB;QAC/B,IAAI,EAAE,OAAO,CAAC,UAAU,IAAI,2BAA2B;QACvD,MAAM,EAAE,qBAAqB,CAAC,OAAO,CAAC;QACtC,KAAK,EAAE,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC;KACzD,CAAC,CAAC;AACL,CAAC"}

package/dist/hosted-service/crypto.d.ts

@@ -0,0 +1,3 @@
+export declare function createSignedToken(payload: unknown, secret: string): string;
+export declare function parseSignedToken<T>(token: string | undefined, secret: string): T | null;
+//# sourceMappingURL=crypto.d.ts.map

package/dist/hosted-service/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/hosted-service/crypto.ts"],"names":[],"mappings":"AA6BA,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,UAKjE;AAED,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,GAAG,SAAS,EAAE,MAAM,EAAE,MAAM,GAAG,CAAC,GAAG,IAAI,CAYvF"}

package/dist/hosted-service/crypto.js

@@ -0,0 +1,39 @@
+import { createHmac, timingSafeEqual } from "node:crypto";
+function encodePayload(value) {
+    return Buffer.from(JSON.stringify(value)).toString("base64url");
+}
+function decodePayload(value) {
+    try {
+        return JSON.parse(Buffer.from(value, "base64url").toString("utf8"));
+    }
+    catch {
+        return null;
+    }
+}
+function signPayload(payload, secret) {
+    return createHmac("sha256", secret).update(payload).digest("base64url");
+}
+function safeEqual(left, right) {
+    const leftBuffer = Buffer.from(left);
+    const rightBuffer = Buffer.from(right);
+    if (leftBuffer.length !== rightBuffer.length) {
+        return false;
+    }
+    return timingSafeEqual(leftBuffer, rightBuffer);
+}
+export function createSignedToken(payload, secret) {
+    const encodedPayload = encodePayload(payload);
+    const signature = signPayload(encodedPayload, secret);
+    return `${encodedPayload}.${signature}`;
+}
+export function parseSignedToken(token, secret) {
+    if (!token) {
+        return null;
+    }
+    const [payload, signature] = token.split(".");
+    if (!payload || !signature || !safeEqual(signPayload(payload, secret), signature)) {
+        return null;
+    }
+    return decodePayload(payload);
+}
+//# sourceMappingURL=crypto.js.map

package/dist/hosted-service/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/hosted-service/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE1D,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,aAAa,CAAI,KAAa;IACrC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAM,CAAC;IAC3E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,OAAe,EAAE,MAAc;IAClD,OAAO,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,SAAS,CAAC,IAAY,EAAE,KAAa;IAC5C,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAEvC,IAAI,UAAU,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,EAAE,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,eAAe,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;AAClD,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,OAAgB,EAAE,MAAc;IAChE,MAAM,cAAc,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,WAAW,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IAEtD,OAAO,GAAG,cAAc,IAAI,SAAS,EAAE,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAI,KAAyB,EAAE,MAAc;IAC3E,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE9C,IAAI,CAAC,OAAO,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,SAAS,CAAC,EAAE,CAAC;QAClF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,aAAa,CAAI,OAAO,CAAC,CAAC;AACnC,CAAC"}

package/dist/hosted-service/http.d.ts

@@ -0,0 +1,4 @@
+export declare function html(content: string, init?: ResponseInit): Response;
+export declare function json(data: unknown, init?: ResponseInit): Response;
+export declare function redirect(url: string, headers?: Headers): Response;
+//# sourceMappingURL=http.d.ts.map

package/dist/hosted-service/http.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../src/hosted-service/http.ts"],"names":[],"mappings":"AAAA,wBAAgB,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,YAAY,YAQxD;AAED,wBAAgB,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,YAAY,YAQtD;AAED,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,YAStD"}

package/dist/hosted-service/http.js

@@ -0,0 +1,27 @@
+export function html(content, init) {
+    return new Response(content, {
+        ...init,
+        headers: {
+            "content-type": "text/html; charset=utf-8",
+            ...init?.headers,
+        },
+    });
+}
+export function json(data, init) {
+    return new Response(JSON.stringify(data), {
+        ...init,
+        headers: {
+            "content-type": "application/json; charset=utf-8",
+            ...init?.headers,
+        },
+    });
+}
+export function redirect(url, headers) {
+    const responseHeaders = new Headers(headers);
+    responseHeaders.set("location", url);
+    return new Response(null, {
+        headers: responseHeaders,
+        status: 302,
+    });
+}
+//# sourceMappingURL=http.js.map

package/dist/hosted-service/http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/hosted-service/http.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,IAAI,CAAC,OAAe,EAAE,IAAmB;IACvD,OAAO,IAAI,QAAQ,CAAC,OAAO,EAAE;QAC3B,GAAG,IAAI;QACP,OAAO,EAAE;YACP,cAAc,EAAE,0BAA0B;YAC1C,GAAG,IAAI,EAAE,OAAO;SACjB;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,IAAa,EAAE,IAAmB;IACrD,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACxC,GAAG,IAAI;QACP,OAAO,EAAE;YACP,cAAc,EAAE,iCAAiC;YACjD,GAAG,IAAI,EAAE,OAAO;SACjB;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,GAAW,EAAE,OAAiB;IACrD,MAAM,eAAe,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAE7C,eAAe,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IAErC,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;QACxB,OAAO,EAAE,eAAe;QACxB,MAAM,EAAE,GAAG;KACZ,CAAC,CAAC;AACL,CAAC"}

package/dist/hosted-service/login-page/components.d.ts

@@ -0,0 +1,7 @@
+import type { LoginPageLinks, LoginProviderView } from "./types.js";
+export declare function renderBrand(): string;
+export declare function renderError(error?: string): string;
+export declare function renderProviderList(providers: LoginProviderView[]): string;
+export declare function renderDevLogin(allowDevLogin: boolean, links: LoginPageLinks): string;
+export declare function renderFooter(clientId: string): string;
+//# sourceMappingURL=components.d.ts.map

package/dist/hosted-service/login-page/components.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"components.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/login-page/components.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpE,wBAAgB,WAAW,WAM1B;AAED,wBAAgB,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,UAEzC;AAED,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,iBAAiB,EAAE,UAKhE;AAED,wBAAgB,cAAc,CAAC,aAAa,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,UAM3E;AAED,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,UAK5C"}

package/dist/hosted-service/login-page/components.js

@@ -0,0 +1,40 @@
+import { escapeHtml } from "./escape.js";
+export function renderBrand() {
+    return `
+    <div class="brand-row">
+      <div class="mark">AUTH</div>
+      <div class="brand-title">统一认证中心</div>
+    </div>`;
+}
+export function renderError(error) {
+    return error ? `<div class="error">${escapeHtml(error)}</div>` : "";
+}
+export function renderProviderList(providers) {
+    return `
+    <section class="provider-list" aria-label="登录身份提供方">
+      ${providers.map(renderProviderTile).join("\n")}
+    </section>`;
+}
+export function renderDevLogin(allowDevLogin, links) {
+    if (!allowDevLogin) {
+        return "";
+    }
+    return `<a class="dev-link" href="${escapeHtml(links.devLogin)}">使用开发账号进入</a>`;
+}
+export function renderFooter(clientId) {
+    return `
+    <div class="footer-row">
+      <span>client_id: ${escapeHtml(clientId)}</span>
+    </div>`;
+}
+function renderProviderTile(provider) {
+    const disabledClass = provider.enabled ? "" : "disabled";
+    return `
+      <a class="provider-option ${disabledClass}" href="${escapeHtml(provider.href)}">
+        <span class="provider-icon ${provider.iconClassName}">${provider.icon}</span>
+        <span class="provider-copy">
+          <span class="provider-name">${escapeHtml(provider.label)}</span>
+        </span>
+      </a>`;
+}
+//# sourceMappingURL=components.js.map

package/dist/hosted-service/login-page/components.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"components.js","sourceRoot":"","sources":["../../../src/hosted-service/login-page/components.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC,MAAM,UAAU,WAAW;IACzB,OAAO;;;;WAIE,CAAC;AACZ,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAc;IACxC,OAAO,KAAK,CAAC,CAAC,CAAC,sBAAsB,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,SAA8B;IAC/D,OAAO;;QAED,SAAS,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;eACrC,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,aAAsB,EAAE,KAAqB;IAC1E,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,6BAA6B,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,gBAAgB,CAAC;AACjF,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,OAAO;;yBAEgB,UAAU,CAAC,QAAQ,CAAC;WAClC,CAAC;AACZ,CAAC;AAED,SAAS,kBAAkB,CAAC,QAA2B;IACrD,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC;IAEzD,OAAO;kCACyB,aAAa,WAAW,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;qCAC9C,QAAQ,CAAC,aAAa,KAAK,QAAQ,CAAC,IAAI;;wCAErC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;;WAEvD,CAAC;AACZ,CAAC"}

package/dist/hosted-service/login-page/document.d.ts

@@ -0,0 +1,5 @@
+export declare function renderDocument(params: {
+    body: string;
+    title: string;
+}): string;
+//# sourceMappingURL=document.d.ts.map

package/dist/hosted-service/login-page/document.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"document.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/login-page/document.ts"],"names":[],"mappings":"AAIA,wBAAgB,cAAc,CAAC,MAAM,EAAE;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf,UAcA"}

package/dist/hosted-service/login-page/document.js

@@ -0,0 +1,19 @@
+import { escapeHtml } from "./escape.js";
+import { faviconHref } from "./icons.js";
+import { loginPageStyles } from "./styles.js";
+export function renderDocument(params) {
+    return `<!doctype html>
+<html lang="zh-CN">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <link rel="icon" href="${faviconHref}" />
+  <title>${escapeHtml(params.title)}</title>
+  <style>${loginPageStyles}</style>
+</head>
+<body>
+${params.body}
+</body>
+</html>`;
+}
+//# sourceMappingURL=document.js.map

package/dist/hosted-service/login-page/document.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"document.js","sourceRoot":"","sources":["../../../src/hosted-service/login-page/document.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C,MAAM,UAAU,cAAc,CAAC,MAG9B;IACC,OAAO;;;;;2BAKkB,WAAW;WAC3B,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC;WACxB,eAAe;;;EAGxB,MAAM,CAAC,IAAI;;QAEL,CAAC;AACT,CAAC"}

package/dist/hosted-service/login-page/escape.d.ts

@@ -0,0 +1,2 @@
+export declare function escapeHtml(value: string): string;
+//# sourceMappingURL=escape.d.ts.map

package/dist/hosted-service/login-page/escape.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"escape.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/login-page/escape.ts"],"names":[],"mappings":"AAAA,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,UAOvC"}

package/dist/hosted-service/login-page/escape.js

@@ -0,0 +1,9 @@
+export function escapeHtml(value) {
+    return value
+        .replaceAll("&", "&")
+        .replaceAll("<", "&lt;")
+        .replaceAll(">", "&gt;")
+        .replaceAll('"', "&quot;")
+        .replaceAll("'", "&#39;");
+}
+//# sourceMappingURL=escape.js.map

package/dist/hosted-service/login-page/escape.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"escape.js","sourceRoot":"","sources":["../../../src/hosted-service/login-page/escape.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,UAAU,CAAC,KAAa;IACtC,OAAO,KAAK;SACT,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC;SACxB,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC;SACvB,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC;SACvB,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC;SACzB,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;AAC9B,CAAC"}

package/dist/hosted-service/login-page/icons.d.ts

@@ -0,0 +1,5 @@
+export declare const faviconHref = "data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 32 32'%3E%3Crect width='32' height='32' rx='7' fill='%231677ff'/%3E%3Cpath d='M10 17h7l-2 7 8-11h-7l2-6-8 10z' fill='white'/%3E%3C/svg%3E";
+export declare const feishuIcon = "\n<svg viewBox=\"0 0 48 48\" aria-hidden=\"true\">\n  <rect x=\"6\" y=\"6\" width=\"17\" height=\"17\" rx=\"5\" fill=\"#2F80ED\"/>\n  <rect x=\"25\" y=\"6\" width=\"17\" height=\"17\" rx=\"5\" fill=\"#00B96B\"/>\n  <rect x=\"6\" y=\"25\" width=\"17\" height=\"17\" rx=\"5\" fill=\"#12C2E9\"/>\n  <rect x=\"25\" y=\"25\" width=\"17\" height=\"17\" rx=\"5\" fill=\"#8B5CF6\"/>\n</svg>";
+export declare const googleIcon = "\n<svg viewBox=\"0 0 48 48\" aria-hidden=\"true\">\n  <path fill=\"#EA4335\" d=\"M24 9.5c3.5 0 6.2 1.4 8.2 3.2l6-6C34.5 3.3 29.7 1.2 24 1.2 14.7 1.2 6.7 6.5 2.8 14.2l7 5.4C11.5 13.7 17 9.5 24 9.5z\"/>\n  <path fill=\"#4285F4\" d=\"M46.1 24.5c0-1.6-.1-2.8-.4-4.1H24v8.2h12.7c-.3 2.1-1.7 5.2-4.8 7.3l7.2 5.6c4.2-3.9 7-9.6 7-17z\"/>\n  <path fill=\"#FBBC05\" d=\"M9.8 28.4c-.5-1.4-.8-2.9-.8-4.4s.3-3 .8-4.4l-7-5.4C1.2 17.1.4 20.4.4 24s.8 6.9 2.4 9.8l7-5.4z\"/>\n  <path fill=\"#34A853\" d=\"M24 46.8c5.7 0 10.5-1.9 14-5.2l-7.2-5.6c-1.9 1.3-4.4 2.3-6.8 2.3-7 0-12.5-4.2-14.2-10l-7 5.4C6.7 41.5 14.7 46.8 24 46.8z\"/>\n</svg>";
+export declare const githubIcon = "\n<svg viewBox=\"0 0 48 48\" aria-hidden=\"true\">\n  <path fill=\"currentColor\" d=\"M24 3.5C12.7 3.5 3.5 12.7 3.5 24c0 9.1 5.9 16.8 14.1 19.5 1 .2 1.4-.4 1.4-1v-3.6c-5.7 1.2-6.9-2.4-6.9-2.4-.9-2.3-2.2-2.9-2.2-2.9-1.9-1.3.1-1.2.1-1.2 2.1.1 3.2 2.1 3.2 2.1 1.8 3.2 4.8 2.3 6 1.8.2-1.3.7-2.3 1.3-2.8-4.6-.5-9.4-2.3-9.4-10.1 0-2.2.8-4.1 2.1-5.5-.2-.5-.9-2.6.2-5.4 0 0 1.7-.6 5.6 2.1 1.6-.4 3.3-.7 5-.7s3.4.2 5 .7c3.9-2.7 5.6-2.1 5.6-2.1 1.1 2.8.4 4.9.2 5.4 1.3 1.4 2.1 3.3 2.1 5.5 0 7.8-4.8 9.6-9.4 10.1.8.7 1.5 2 1.5 4v5c0 .6.4 1.2 1.4 1C38.6 40.8 44.5 33.1 44.5 24 44.5 12.7 35.3 3.5 24 3.5z\"/>\n</svg>";
+//# sourceMappingURL=icons.d.ts.map

package/dist/hosted-service/login-page/icons.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"icons.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/login-page/icons.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,WAAW,wNAC+L,CAAC;AAExN,eAAO,MAAM,UAAU,mYAMhB,CAAC;AAER,eAAO,MAAM,UAAU,inBAMhB,CAAC;AAER,eAAO,MAAM,UAAU,gmBAGhB,CAAC"}

package/dist/hosted-service/login-page/icons.js

@@ -0,0 +1,20 @@
+export const faviconHref = "data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 32 32'%3E%3Crect width='32' height='32' rx='7' fill='%231677ff'/%3E%3Cpath d='M10 17h7l-2 7 8-11h-7l2-6-8 10z' fill='white'/%3E%3C/svg%3E";
+export const feishuIcon = `
+<svg viewBox="0 0 48 48" aria-hidden="true">
+  <rect x="6" y="6" width="17" height="17" rx="5" fill="#2F80ED"/>
+  <rect x="25" y="6" width="17" height="17" rx="5" fill="#00B96B"/>
+  <rect x="6" y="25" width="17" height="17" rx="5" fill="#12C2E9"/>
+  <rect x="25" y="25" width="17" height="17" rx="5" fill="#8B5CF6"/>
+</svg>`;
+export const googleIcon = `
+<svg viewBox="0 0 48 48" aria-hidden="true">
+  <path fill="#EA4335" d="M24 9.5c3.5 0 6.2 1.4 8.2 3.2l6-6C34.5 3.3 29.7 1.2 24 1.2 14.7 1.2 6.7 6.5 2.8 14.2l7 5.4C11.5 13.7 17 9.5 24 9.5z"/>
+  <path fill="#4285F4" d="M46.1 24.5c0-1.6-.1-2.8-.4-4.1H24v8.2h12.7c-.3 2.1-1.7 5.2-4.8 7.3l7.2 5.6c4.2-3.9 7-9.6 7-17z"/>
+  <path fill="#FBBC05" d="M9.8 28.4c-.5-1.4-.8-2.9-.8-4.4s.3-3 .8-4.4l-7-5.4C1.2 17.1.4 20.4.4 24s.8 6.9 2.4 9.8l7-5.4z"/>
+  <path fill="#34A853" d="M24 46.8c5.7 0 10.5-1.9 14-5.2l-7.2-5.6c-1.9 1.3-4.4 2.3-6.8 2.3-7 0-12.5-4.2-14.2-10l-7 5.4C6.7 41.5 14.7 46.8 24 46.8z"/>
+</svg>`;
+export const githubIcon = `
+<svg viewBox="0 0 48 48" aria-hidden="true">
+  <path fill="currentColor" d="M24 3.5C12.7 3.5 3.5 12.7 3.5 24c0 9.1 5.9 16.8 14.1 19.5 1 .2 1.4-.4 1.4-1v-3.6c-5.7 1.2-6.9-2.4-6.9-2.4-.9-2.3-2.2-2.9-2.2-2.9-1.9-1.3.1-1.2.1-1.2 2.1.1 3.2 2.1 3.2 2.1 1.8 3.2 4.8 2.3 6 1.8.2-1.3.7-2.3 1.3-2.8-4.6-.5-9.4-2.3-9.4-10.1 0-2.2.8-4.1 2.1-5.5-.2-.5-.9-2.6.2-5.4 0 0 1.7-.6 5.6 2.1 1.6-.4 3.3-.7 5-.7s3.4.2 5 .7c3.9-2.7 5.6-2.1 5.6-2.1 1.1 2.8.4 4.9.2 5.4 1.3 1.4 2.1 3.3 2.1 5.5 0 7.8-4.8 9.6-9.4 10.1.8.7 1.5 2 1.5 4v5c0 .6.4 1.2 1.4 1C38.6 40.8 44.5 33.1 44.5 24 44.5 12.7 35.3 3.5 24 3.5z"/>
+</svg>`;
+//# sourceMappingURL=icons.js.map

package/dist/hosted-service/login-page/icons.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"icons.js","sourceRoot":"","sources":["../../../src/hosted-service/login-page/icons.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,WAAW,GACtB,qNAAqN,CAAC;AAExN,MAAM,CAAC,MAAM,UAAU,GAAG;;;;;;OAMnB,CAAC;AAER,MAAM,CAAC,MAAM,UAAU,GAAG;;;;;;OAMnB,CAAC;AAER,MAAM,CAAC,MAAM,UAAU,GAAG;;;OAGnB,CAAC"}

package/dist/hosted-service/login-page/index.d.ts

@@ -0,0 +1,3 @@
+import type { RenderLoginPageParams } from "./types.js";
+export declare function renderLoginPage(params: RenderLoginPageParams): string;
+//# sourceMappingURL=index.d.ts.map

package/dist/hosted-service/login-page/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/login-page/index.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAExD,wBAAgB,eAAe,CAAC,MAAM,EAAE,qBAAqB,UAkB5D"}

package/dist/hosted-service/login-page/index.js

@@ -0,0 +1,23 @@
+import { renderBrand, renderDevLogin, renderError, renderFooter, renderProviderList, } from "./components.js";
+import { renderDocument } from "./document.js";
+import { escapeHtml } from "./escape.js";
+import { createLoginPageLinks } from "./links.js";
+export function renderLoginPage(params) {
+    const title = params.app.name ?? params.clientId;
+    const headline = `${title} 统一登录`;
+    const links = createLoginPageLinks(params);
+    return renderDocument({
+        body: `
+  <main>
+    ${renderBrand()}
+    <h1>${escapeHtml(headline)}</h1>
+    <p>选择一个身份提供方进入，首次使用会自动完成账号创建和身份绑定。</p>
+    ${renderError(params.error)}
+    ${renderProviderList(links.providers)}
+    ${renderDevLogin(params.allowDevLogin, links)}
+    ${renderFooter(params.clientId)}
+  </main>`,
+        title: headline,
+    });
+}
+//# sourceMappingURL=index.js.map

package/dist/hosted-service/login-page/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/hosted-service/login-page/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EACX,cAAc,EACd,WAAW,EACX,YAAY,EACZ,kBAAkB,GACnB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAGlD,MAAM,UAAU,eAAe,CAAC,MAA6B;IAC3D,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC;IACjD,MAAM,QAAQ,GAAG,GAAG,KAAK,OAAO,CAAC;IACjC,MAAM,KAAK,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAE3C,OAAO,cAAc,CAAC;QACpB,IAAI,EAAE;;MAEJ,WAAW,EAAE;UACT,UAAU,CAAC,QAAQ,CAAC;;MAExB,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC;MACzB,kBAAkB,CAAC,KAAK,CAAC,SAAS,CAAC;MACnC,cAAc,CAAC,MAAM,CAAC,aAAa,EAAE,KAAK,CAAC;MAC3C,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC;UACzB;QACN,KAAK,EAAE,QAAQ;KAChB,CAAC,CAAC;AACL,CAAC"}

package/dist/hosted-service/login-page/links.d.ts

@@ -0,0 +1,3 @@
+import type { LoginPageLinks, RenderLoginPageParams } from "./types.js";
+export declare function createLoginPageLinks(params: RenderLoginPageParams): LoginPageLinks;
+//# sourceMappingURL=links.d.ts.map

package/dist/hosted-service/login-page/links.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"links.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/login-page/links.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAqB,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAoC3F,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,qBAAqB,GAAG,cAAc,CA8BlF"}

package/dist/hosted-service/login-page/links.js

@@ -0,0 +1,50 @@
+import { createProviderStartUrl } from "../applications.js";
+import { feishuIcon, githubIcon, googleIcon } from "./icons.js";
+function createDevLoginUrl(params) {
+    const devUrl = new URL("/api/auth/dev-login", params.authBaseURL);
+    devUrl.searchParams.set("client_id", params.clientId);
+    devUrl.searchParams.set("redirect_uri", params.redirectURI);
+    return devUrl.toString();
+}
+function createProvider(params) {
+    return {
+        enabled: params.enabled,
+        href: createProviderStartUrl(params.authBaseURL, params.id, params.clientId, params.redirectURI).toString(),
+        icon: params.icon,
+        iconClassName: params.iconClassName,
+        id: params.id,
+        label: params.label,
+    };
+}
+export function createLoginPageLinks(params) {
+    return {
+        devLogin: createDevLoginUrl(params),
+        providers: [
+            createProvider({
+                ...params,
+                enabled: params.feishuEnabled,
+                icon: feishuIcon,
+                iconClassName: "provider-icon-feishu",
+                id: "feishu",
+                label: "飞书",
+            }),
+            createProvider({
+                ...params,
+                enabled: params.googleEnabled,
+                icon: googleIcon,
+                iconClassName: "provider-icon-google",
+                id: "google",
+                label: "Google",
+            }),
+            createProvider({
+                ...params,
+                enabled: params.githubEnabled,
+                icon: githubIcon,
+                iconClassName: "provider-icon-github",
+                id: "github",
+                label: "GitHub",
+            }),
+        ],
+    };
+}
+//# sourceMappingURL=links.js.map

package/dist/hosted-service/login-page/links.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"links.js","sourceRoot":"","sources":["../../../src/hosted-service/login-page/links.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAGhE,SAAS,iBAAiB,CAAC,MAA6B;IACtD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,qBAAqB,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAElE,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtD,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAE5D,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;AAC3B,CAAC;AAED,SAAS,cAAc,CAAC,MASvB;IACC,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,IAAI,EAAE,sBAAsB,CAC1B,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,EAAE,EACT,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,WAAW,CACnB,CAAC,QAAQ,EAAE;QACZ,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,KAAK,EAAE,MAAM,CAAC,KAAK;KACpB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,MAA6B;IAChE,OAAO;QACL,QAAQ,EAAE,iBAAiB,CAAC,MAAM,CAAC;QACnC,SAAS,EAAE;YACT,cAAc,CAAC;gBACb,GAAG,MAAM;gBACT,OAAO,EAAE,MAAM,CAAC,aAAa;gBAC7B,IAAI,EAAE,UAAU;gBAChB,aAAa,EAAE,sBAAsB;gBACrC,EAAE,EAAE,QAAQ;gBACZ,KAAK,EAAE,IAAI;aACZ,CAAC;YACF,cAAc,CAAC;gBACb,GAAG,MAAM;gBACT,OAAO,EAAE,MAAM,CAAC,aAAa;gBAC7B,IAAI,EAAE,UAAU;gBAChB,aAAa,EAAE,sBAAsB;gBACrC,EAAE,EAAE,QAAQ;gBACZ,KAAK,EAAE,QAAQ;aAChB,CAAC;YACF,cAAc,CAAC;gBACb,GAAG,MAAM;gBACT,OAAO,EAAE,MAAM,CAAC,aAAa;gBAC7B,IAAI,EAAE,UAAU;gBAChB,aAAa,EAAE,sBAAsB;gBACrC,EAAE,EAAE,QAAQ;gBACZ,KAAK,EAAE,QAAQ;aAChB,CAAC;SACH;KACF,CAAC;AACJ,CAAC"}

package/dist/hosted-service/login-page/styles.d.ts

@@ -0,0 +1,2 @@
+export declare const loginPageStyles = "\n:root { color-scheme: light; font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", sans-serif; }\n* { box-sizing: border-box; }\nbody { margin: 0; min-height: 100vh; display: grid; place-items: center; background: #f4f6fa; color: #111827; }\nmain { width: min(440px, calc(100vw - 32px)); background: #fff; border: 1px solid #e3e7ef; border-radius: 8px; padding: 28px; box-shadow: 0 18px 50px rgb(15 23 42 / 10%); }\n.brand-row { display: flex; align-items: center; gap: 12px; margin-bottom: 24px; }\n.mark { width: 42px; height: 42px; display: grid; place-items: center; border-radius: 8px; background: #1677ff; color: #fff; font-weight: 700; font-size: 13px; }\n.brand-title { font-size: 14px; color: #4b5563; }\nh1 { font-size: 24px; line-height: 1.25; margin: 0 0 8px; }\np { margin: 0 0 22px; color: #4b5563; line-height: 1.7; }\na { min-height: 44px; display: flex; align-items: center; justify-content: center; border-radius: 6px; text-decoration: none; font-weight: 600; }\n.provider-list { display: grid; grid-template-columns: repeat(3, minmax(86px, 1fr)); gap: 12px; }\n.provider-option { min-height: 116px; flex-direction: column; gap: 10px; padding: 14px 8px 12px; border: 1px solid #e5e7eb; color: #111827; background: #fff; text-align: center; }\n.provider-option:hover { border-color: #8fb2ff; background: #f8fbff; transform: translateY(-1px); box-shadow: 0 10px 24px rgb(15 23 42 / 8%); }\n.provider-icon { width: 52px; height: 52px; display: grid; place-items: center; border-radius: 8px; flex: 0 0 auto; }\n.provider-icon svg { width: 34px; height: 34px; display: block; }\n.provider-icon-feishu { background: #eef6ff; }\n.provider-icon-google { background: #fff; border: 1px solid #edf0f5; }\n.provider-icon-github { background: #24292f; color: #fff; }\n.provider-copy { display: flex; flex-direction: column; gap: 4px; line-height: 1.15; min-width: 0; }\n.provider-name { font-size: 14px; white-space: nowrap; }\n.dev-link { height: 42px; margin-top: 12px; background: #f3f4f6; color: #111827; }\n.disabled { opacity: .45; pointer-events: none; }\n.error { border: 1px solid #fecaca; color: #991b1b; background: #fef2f2; border-radius: 6px; padding: 10px 12px; margin-bottom: 16px; }\n.footer-row { margin-top: 18px; color: #6b7280; font-size: 12px; }\n@media (max-width: 420px) {\n  main { padding: 22px; }\n  h1 { font-size: 22px; }\n  .provider-list { gap: 8px; }\n  .provider-option { min-height: 106px; }\n  .provider-icon { width: 46px; height: 46px; }\n  .provider-icon svg { width: 30px; height: 30px; }\n}\n";
+//# sourceMappingURL=styles.d.ts.map

package/dist/hosted-service/login-page/styles.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"styles.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/login-page/styles.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,eAAe,u/EAiC3B,CAAC"}

package/dist/hosted-service/login-page/styles.js

@@ -0,0 +1,35 @@
+export const loginPageStyles = `
+:root { color-scheme: light; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif; }
+* { box-sizing: border-box; }
+body { margin: 0; min-height: 100vh; display: grid; place-items: center; background: #f4f6fa; color: #111827; }
+main { width: min(440px, calc(100vw - 32px)); background: #fff; border: 1px solid #e3e7ef; border-radius: 8px; padding: 28px; box-shadow: 0 18px 50px rgb(15 23 42 / 10%); }
+.brand-row { display: flex; align-items: center; gap: 12px; margin-bottom: 24px; }
+.mark { width: 42px; height: 42px; display: grid; place-items: center; border-radius: 8px; background: #1677ff; color: #fff; font-weight: 700; font-size: 13px; }
+.brand-title { font-size: 14px; color: #4b5563; }
+h1 { font-size: 24px; line-height: 1.25; margin: 0 0 8px; }
+p { margin: 0 0 22px; color: #4b5563; line-height: 1.7; }
+a { min-height: 44px; display: flex; align-items: center; justify-content: center; border-radius: 6px; text-decoration: none; font-weight: 600; }
+.provider-list { display: grid; grid-template-columns: repeat(3, minmax(86px, 1fr)); gap: 12px; }
+.provider-option { min-height: 116px; flex-direction: column; gap: 10px; padding: 14px 8px 12px; border: 1px solid #e5e7eb; color: #111827; background: #fff; text-align: center; }
+.provider-option:hover { border-color: #8fb2ff; background: #f8fbff; transform: translateY(-1px); box-shadow: 0 10px 24px rgb(15 23 42 / 8%); }
+.provider-icon { width: 52px; height: 52px; display: grid; place-items: center; border-radius: 8px; flex: 0 0 auto; }
+.provider-icon svg { width: 34px; height: 34px; display: block; }
+.provider-icon-feishu { background: #eef6ff; }
+.provider-icon-google { background: #fff; border: 1px solid #edf0f5; }
+.provider-icon-github { background: #24292f; color: #fff; }
+.provider-copy { display: flex; flex-direction: column; gap: 4px; line-height: 1.15; min-width: 0; }
+.provider-name { font-size: 14px; white-space: nowrap; }
+.dev-link { height: 42px; margin-top: 12px; background: #f3f4f6; color: #111827; }
+.disabled { opacity: .45; pointer-events: none; }
+.error { border: 1px solid #fecaca; color: #991b1b; background: #fef2f2; border-radius: 6px; padding: 10px 12px; margin-bottom: 16px; }
+.footer-row { margin-top: 18px; color: #6b7280; font-size: 12px; }
+@media (max-width: 420px) {
+  main { padding: 22px; }
+  h1 { font-size: 22px; }
+  .provider-list { gap: 8px; }
+  .provider-option { min-height: 106px; }
+  .provider-icon { width: 46px; height: 46px; }
+  .provider-icon svg { width: 30px; height: 30px; }
+}
+`;
+//# sourceMappingURL=styles.js.map

package/dist/hosted-service/login-page/styles.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"styles.js","sourceRoot":"","sources":["../../../src/hosted-service/login-page/styles.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,eAAe,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiC9B,CAAC"}

package/dist/hosted-service/login-page/types.d.ts

@@ -0,0 +1,26 @@
+import type { HostedAuthApplication } from "../types.js";
+export type LoginProviderId = "feishu" | "github" | "google";
+export type LoginProviderView = {
+    enabled: boolean;
+    href: string;
+    icon: string;
+    iconClassName: string;
+    id: LoginProviderId;
+    label: string;
+};
+export type LoginPageLinks = {
+    devLogin: string;
+    providers: LoginProviderView[];
+};
+export type RenderLoginPageParams = {
+    allowDevLogin: boolean;
+    app: HostedAuthApplication;
+    authBaseURL: string;
+    clientId: string;
+    error?: string;
+    feishuEnabled: boolean;
+    githubEnabled: boolean;
+    googleEnabled: boolean;
+    redirectURI: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/hosted-service/login-page/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/login-page/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEzD,MAAM,MAAM,eAAe,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAE7D,MAAM,MAAM,iBAAiB,GAAG;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,EAAE,EAAE,eAAe,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,iBAAiB,EAAE,CAAC;CAChC,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,aAAa,EAAE,OAAO,CAAC;IACvB,GAAG,EAAE,qBAAqB,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,OAAO,CAAC;IACvB,aAAa,EAAE,OAAO,CAAC;IACvB,aAAa,EAAE,OAAO,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC"}

package/dist/hosted-service/login-page/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/hosted-service/login-page/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/hosted-service/login-page/types.ts"],"names":[],"mappings":""}

package/dist/hosted-service/oauth.d.ts

@@ -0,0 +1,11 @@
+import type { HostedAuthApplication, HostedAuthServiceOptions, StatePayload } from "./types.js";
+export declare function createOAuthState(app: HostedAuthApplication, redirectURI: string): {
+    payload: StatePayload;
+    state: string;
+};
+export declare function createOAuthStateCookie(request: Request, options: HostedAuthServiceOptions, payload: StatePayload): string;
+export declare function readOAuthCallbackState(request: Request, options: HostedAuthServiceOptions): {
+    code: string;
+    savedState: StatePayload;
+} | null;
+//# sourceMappingURL=oauth.d.ts.map

package/dist/hosted-service/oauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/hosted-service/oauth.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,qBAAqB,EAAE,wBAAwB,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAEhG,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,qBAAqB,EAAE,WAAW,EAAE,MAAM;;;EAU/E;AAED,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,wBAAwB,EACjC,OAAO,EAAE,YAAY,UAStB;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,wBAAwB;;;SAczF"}