@rc-tool/unified-auth-hosted-service 0.2.0

package/dist/hosted-service/oauth.js

@@ -0,0 +1,37 @@
+import { randomBytes } from "node:crypto";
+import { AUTH_SERVICE_STATE_COOKIE, STATE_MAX_AGE_SECONDS } from "./constants.js";
+import { getCookie, serializeCookie, shouldUseSecureCookie } from "./cookies.js";
+import { createSignedToken, parseSignedToken } from "./crypto.js";
+export function createOAuthState(app, redirectURI) {
+    const state = randomBytes(24).toString("base64url");
+    const payload = {
+        clientId: app.clientId,
+        exp: Math.floor(Date.now() / 1000) + STATE_MAX_AGE_SECONDS,
+        redirectURI,
+        state,
+    };
+    return { payload, state };
+}
+export function createOAuthStateCookie(request, options, payload) {
+    return serializeCookie({
+        domain: options.cookieDomain,
+        maxAge: STATE_MAX_AGE_SECONDS,
+        name: AUTH_SERVICE_STATE_COOKIE,
+        secure: shouldUseSecureCookie(request),
+        value: createSignedToken(payload, options.sessionSecret),
+    });
+}
+export function readOAuthCallbackState(request, options) {
+    const url = new URL(request.url);
+    const code = url.searchParams.get("code");
+    const state = url.searchParams.get("state");
+    const savedState = parseSignedToken(getCookie(request, AUTH_SERVICE_STATE_COOKIE), options.sessionSecret);
+    if (!code || !state || !savedState || savedState.state !== state || isExpired(savedState)) {
+        return null;
+    }
+    return { code, savedState };
+}
+function isExpired(savedState) {
+    return savedState.exp < Math.floor(Date.now() / 1000);
+}
+//# sourceMappingURL=oauth.js.map

package/dist/hosted-service/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/hosted-service/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,yBAAyB,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AAClF,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACjF,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAGlE,MAAM,UAAU,gBAAgB,CAAC,GAA0B,EAAE,WAAmB;IAC9E,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACpD,MAAM,OAAO,GAAiB;QAC5B,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,qBAAqB;QAC1D,WAAW;QACX,KAAK;KACN,CAAC;IAEF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,OAAgB,EAChB,OAAiC,EACjC,OAAqB;IAErB,OAAO,eAAe,CAAC;QACrB,MAAM,EAAE,OAAO,CAAC,YAAY;QAC5B,MAAM,EAAE,qBAAqB;QAC7B,IAAI,EAAE,yBAAyB;QAC/B,MAAM,EAAE,qBAAqB,CAAC,OAAO,CAAC;QACtC,KAAK,EAAE,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC;KACzD,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,OAAgB,EAAE,OAAiC;IACxF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,UAAU,GAAG,gBAAgB,CACjC,SAAS,CAAC,OAAO,EAAE,yBAAyB,CAAC,EAC7C,OAAO,CAAC,aAAa,CACtB,CAAC;IAEF,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,KAAK,KAAK,KAAK,IAAI,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1F,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AAC9B,CAAC;AAED,SAAS,SAAS,CAAC,UAAwB;IACzC,OAAO,UAAU,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;AACxD,CAAC"}

package/dist/hosted-service/providers/feishu.d.ts

@@ -0,0 +1,4 @@
+import type { AuthUser } from "@rc-tool/unified-auth-sdk/service-client";
+import type { HostedAuthServiceOptions } from "../types.js";
+export declare function createUserFromFeishuCode(options: HostedAuthServiceOptions, code: string): Promise<AuthUser>;
+//# sourceMappingURL=feishu.d.ts.map

package/dist/hosted-service/providers/feishu.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"feishu.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/providers/feishu.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0CAA0C,CAAC;AACzE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AAwD5D,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,wBAAwB,EACjC,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,QAAQ,CAAC,CAmCnB"}

package/dist/hosted-service/providers/feishu.js

@@ -0,0 +1,72 @@
+async function getFeishuAppAccessToken(appId, appSecret) {
+    const response = await fetch("https://open.feishu.cn/open-apis/auth/v3/app_access_token/internal", {
+        body: JSON.stringify({
+            app_id: appId,
+            app_secret: appSecret,
+        }),
+        headers: { "content-type": "application/json" },
+        method: "POST",
+    });
+    const payload = (await response.json());
+    if (!response.ok || payload.code !== 0 || !payload.app_access_token) {
+        throw new Error(payload.msg || "获取飞书 app_access_token 失败");
+    }
+    return payload.app_access_token;
+}
+export async function createUserFromFeishuCode(options, code) {
+    const appId = options.feishu?.appId;
+    const appSecret = options.feishu?.appSecret;
+    if (!appId || !appSecret) {
+        throw new Error("飞书登录未配置");
+    }
+    const appAccessToken = await getFeishuAppAccessToken(appId, appSecret);
+    const tokenPayload = await exchangeFeishuCode(code, appAccessToken);
+    const userInfo = await getFeishuUserInfo(tokenPayload.data.access_token);
+    const openId = userInfo?.open_id || tokenPayload.data.open_id;
+    if (!openId) {
+        throw new Error("飞书返回的用户信息缺少 open_id");
+    }
+    return {
+        avatarUrl: userInfo?.avatar_big ||
+            userInfo?.avatar_middle ||
+            userInfo?.avatar_url ||
+            tokenPayload.data.avatar_url ||
+            null,
+        email: userInfo?.email || tokenPayload.data.email || null,
+        id: openId,
+        metadata: {
+            enName: userInfo?.en_name || tokenPayload.data.en_name,
+            feishuOpenId: openId,
+            feishuUnionId: userInfo?.union_id || tokenPayload.data.union_id,
+            feishuUserId: userInfo?.user_id || tokenPayload.data.user_id,
+            provider: "feishu",
+        },
+        name: userInfo?.name || tokenPayload.data.name || "飞书用户",
+    };
+}
+async function exchangeFeishuCode(code, appAccessToken) {
+    const response = await fetch("https://open.feishu.cn/open-apis/authen/v1/access_token", {
+        body: JSON.stringify({
+            code,
+            grant_type: "authorization_code",
+        }),
+        headers: {
+            authorization: `Bearer ${appAccessToken}`,
+            "content-type": "application/json",
+        },
+        method: "POST",
+    });
+    const payload = (await response.json());
+    if (!response.ok || payload.code !== 0 || !payload.data?.access_token) {
+        throw new Error(payload.msg || payload.message || "飞书授权码换取 user_access_token 失败");
+    }
+    return { data: payload.data };
+}
+async function getFeishuUserInfo(accessToken) {
+    const response = await fetch("https://open.feishu.cn/open-apis/authen/v1/user_info", {
+        headers: { authorization: `Bearer ${accessToken}` },
+    });
+    const payload = (await response.json());
+    return payload.code === 0 ? payload.data : null;
+}
+//# sourceMappingURL=feishu.js.map

package/dist/hosted-service/providers/feishu.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"feishu.js","sourceRoot":"","sources":["../../../src/hosted-service/providers/feishu.ts"],"names":[],"mappings":"AAuCA,KAAK,UAAU,uBAAuB,CAAC,KAAa,EAAE,SAAiB;IACrE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,oEAAoE,EAAE;QACjG,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,MAAM,EAAE,KAAK;YACb,UAAU,EAAE,SAAS;SACtB,CAAC;QACF,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,MAAM,EAAE,MAAM;KACf,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA2B,CAAC;IAElE,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,IAAI,0BAA0B,CAAC,CAAC;IAC7D,CAAC;IAED,OAAO,OAAO,CAAC,gBAAgB,CAAC;AAClC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,OAAiC,EACjC,IAAY;IAEZ,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC;IACpC,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;IAE5C,IAAI,CAAC,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7B,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,uBAAuB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IACvE,MAAM,YAAY,GAAG,MAAM,kBAAkB,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACpE,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzE,MAAM,MAAM,GAAG,QAAQ,EAAE,OAAO,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;IAE9D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACzC,CAAC;IAED,OAAO;QACL,SAAS,EACP,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,aAAa;YACvB,QAAQ,EAAE,UAAU;YACpB,YAAY,CAAC,IAAI,CAAC,UAAU;YAC5B,IAAI;QACN,KAAK,EAAE,QAAQ,EAAE,KAAK,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI;QACzD,EAAE,EAAE,MAAM;QACV,QAAQ,EAAE;YACR,MAAM,EAAE,QAAQ,EAAE,OAAO,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO;YACtD,YAAY,EAAE,MAAM;YACpB,aAAa,EAAE,QAAQ,EAAE,QAAQ,IAAI,YAAY,CAAC,IAAI,CAAC,QAAQ;YAC/D,YAAY,EAAE,QAAQ,EAAE,OAAO,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO;YAC5D,QAAQ,EAAE,QAAQ;SACnB;QACD,IAAI,EAAE,QAAQ,EAAE,IAAI,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,IAAI,MAAM;KACzD,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,IAAY,EAAE,cAAsB;IACpE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,yDAAyD,EAAE;QACtF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,IAAI;YACJ,UAAU,EAAE,oBAAoB;SACjC,CAAC;QACF,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,cAAc,EAAE;YACzC,cAAc,EAAE,kBAAkB;SACnC;QACD,MAAM,EAAE,MAAM;KACf,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA8C,CAAC;IAErF,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,YAAY,EAAE,CAAC;QACtE,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,OAAO,IAAI,8BAA8B,CAAC,CAAC;IACpF,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;AAChC,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,sDAAsD,EAAE;QACnF,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;KACpD,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA2C,CAAC;IAElF,OAAO,OAAO,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AAClD,CAAC"}

package/dist/hosted-service/providers/github.d.ts

@@ -0,0 +1,4 @@
+import type { AuthUser } from "@rc-tool/unified-auth-sdk/service-client";
+import type { HostedAuthServiceOptions } from "../types.js";
+export declare function createUserFromGitHubCode(options: HostedAuthServiceOptions, code: string, redirectURI: string): Promise<AuthUser>;
+//# sourceMappingURL=github.d.ts.map

package/dist/hosted-service/providers/github.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/providers/github.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0CAA0C,CAAC;AACzE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AAuB5D,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,wBAAwB,EACjC,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,QAAQ,CAAC,CAqBnB"}

package/dist/hosted-service/providers/github.js

@@ -0,0 +1,73 @@
+export async function createUserFromGitHubCode(options, code, redirectURI) {
+    const accessToken = await exchangeGitHubCode(options, code, redirectURI);
+    const apiHeaders = createGitHubApiHeaders(accessToken);
+    const userInfo = await getGitHubUserInfo(apiHeaders);
+    const primaryEmail = userInfo.email ? undefined : await getGitHubPrimaryEmail(apiHeaders);
+    const email = userInfo.email ?? primaryEmail?.email ?? null;
+    return {
+        avatarUrl: userInfo.avatar_url ?? null,
+        email,
+        id: `github:${userInfo.id}`,
+        metadata: {
+            emailVerified: primaryEmail?.verified,
+            githubDisplayName: userInfo.name,
+            githubId: userInfo.id,
+            githubLogin: userInfo.login,
+            githubUrl: userInfo.html_url,
+            provider: "github",
+        },
+        name: userInfo.login || userInfo.name || email || "GitHub 用户",
+    };
+}
+async function exchangeGitHubCode(options, code, redirectURI) {
+    const clientId = options.github?.clientId;
+    const clientSecret = options.github?.clientSecret;
+    if (!clientId || !clientSecret) {
+        throw new Error("GitHub 登录未配置");
+    }
+    const response = await fetch("https://github.com/login/oauth/access_token", {
+        body: new URLSearchParams({
+            client_id: clientId,
+            client_secret: clientSecret,
+            code,
+            redirect_uri: redirectURI,
+        }),
+        headers: {
+            accept: "application/json",
+            "content-type": "application/x-www-form-urlencoded",
+        },
+        method: "POST",
+    });
+    const payload = (await response.json());
+    if (!response.ok || !payload.access_token) {
+        throw new Error(payload.error_description || payload.error || "GitHub 授权码换取 access_token 失败");
+    }
+    return payload.access_token;
+}
+function createGitHubApiHeaders(accessToken) {
+    return {
+        accept: "application/vnd.github+json",
+        authorization: `Bearer ${accessToken}`,
+        "user-agent": "unified-auth-sdk",
+        "x-github-api-version": "2022-11-28",
+    };
+}
+async function getGitHubUserInfo(headers) {
+    const response = await fetch("https://api.github.com/user", { headers });
+    const userInfo = (await response.json());
+    if (!response.ok || !userInfo.id) {
+        throw new Error("GitHub 返回的用户信息缺少 id");
+    }
+    return userInfo;
+}
+async function getGitHubPrimaryEmail(headers) {
+    const response = await fetch("https://api.github.com/user/emails", { headers });
+    if (!response.ok) {
+        return undefined;
+    }
+    const emails = (await response.json());
+    return (emails.find((item) => item.primary && item.verified) ??
+        emails.find((item) => item.verified) ??
+        emails.find((item) => item.email));
+}
+//# sourceMappingURL=github.js.map

package/dist/hosted-service/providers/github.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.js","sourceRoot":"","sources":["../../../src/hosted-service/providers/github.ts"],"names":[],"mappings":"AAwBA,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,OAAiC,EACjC,IAAY,EACZ,WAAmB;IAEnB,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IACzE,MAAM,UAAU,GAAG,sBAAsB,CAAC,WAAW,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,UAAU,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,qBAAqB,CAAC,UAAU,CAAC,CAAC;IAC1F,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,IAAI,YAAY,EAAE,KAAK,IAAI,IAAI,CAAC;IAE5D,OAAO;QACL,SAAS,EAAE,QAAQ,CAAC,UAAU,IAAI,IAAI;QACtC,KAAK;QACL,EAAE,EAAE,UAAU,QAAQ,CAAC,EAAE,EAAE;QAC3B,QAAQ,EAAE;YACR,aAAa,EAAE,YAAY,EAAE,QAAQ;YACrC,iBAAiB,EAAE,QAAQ,CAAC,IAAI;YAChC,QAAQ,EAAE,QAAQ,CAAC,EAAE;YACrB,WAAW,EAAE,QAAQ,CAAC,KAAK;YAC3B,SAAS,EAAE,QAAQ,CAAC,QAAQ;YAC5B,QAAQ,EAAE,QAAQ;SACnB;QACD,IAAI,EAAE,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,IAAI,IAAI,KAAK,IAAI,WAAW;KAC9D,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,OAAiC,EAAE,IAAY,EAAE,WAAmB;IACpG,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC;IAC1C,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC;IAElD,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,6CAA6C,EAAE;QAC1E,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,IAAI;YACJ,YAAY,EAAE,WAAW;SAC1B,CAAC;QACF,OAAO,EAAE;YACP,MAAM,EAAE,kBAAkB;YAC1B,cAAc,EAAE,mCAAmC;SACpD;QACD,MAAM,EAAE,MAAM;KACf,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAwB,CAAC;IAE/D,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,iBAAiB,IAAI,OAAO,CAAC,KAAK,IAAI,8BAA8B,CAAC,CAAC;IAChG,CAAC;IAED,OAAO,OAAO,CAAC,YAAY,CAAC;AAC9B,CAAC;AAED,SAAS,sBAAsB,CAAC,WAAmB;IACjD,OAAO;QACL,MAAM,EAAE,6BAA6B;QACrC,aAAa,EAAE,UAAU,WAAW,EAAE;QACtC,YAAY,EAAE,kBAAkB;QAChC,sBAAsB,EAAE,YAAY;KACrC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,OAA+B;IAC9D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,6BAA6B,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;IACzE,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA2B,CAAC;IAEnE,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,OAA+B;IAClE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,oCAAoC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;IAEhF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAwB,CAAC;IAE9D,OAAO,CACL,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC;QACpD,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;QACpC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAClC,CAAC;AACJ,CAAC"}

package/dist/hosted-service/providers/google.d.ts

@@ -0,0 +1,4 @@
+import type { AuthUser } from "@rc-tool/unified-auth-sdk/service-client";
+import type { HostedAuthServiceOptions } from "../types.js";
+export declare function createUserFromGoogleCode(options: HostedAuthServiceOptions, code: string, redirectURI: string): Promise<AuthUser>;
+//# sourceMappingURL=google.d.ts.map

package/dist/hosted-service/providers/google.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../../src/hosted-service/providers/google.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0CAA0C,CAAC;AACzE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AAkB5D,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,wBAAwB,EACjC,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,QAAQ,CAAC,CAqBnB"}

package/dist/hosted-service/providers/google.js

@@ -0,0 +1,54 @@
+export async function createUserFromGoogleCode(options, code, redirectURI) {
+    const tokenPayload = await exchangeGoogleCode(options, code, redirectURI);
+    const userInfo = await getGoogleUserInfo(tokenPayload.access_token);
+    if (!userInfo.sub) {
+        throw new Error("Google 返回的用户信息缺少 sub");
+    }
+    return {
+        avatarUrl: userInfo.picture ?? null,
+        email: userInfo.email ?? null,
+        id: userInfo.sub,
+        metadata: {
+            emailVerified: userInfo.email_verified,
+            familyName: userInfo.family_name,
+            givenName: userInfo.given_name,
+            googleSub: userInfo.sub,
+            provider: "google",
+        },
+        name: userInfo.name || userInfo.email || "Google 用户",
+    };
+}
+async function exchangeGoogleCode(options, code, redirectURI) {
+    const clientId = options.google?.clientId;
+    const clientSecret = options.google?.clientSecret;
+    if (!clientId || !clientSecret) {
+        throw new Error("Google 登录未配置");
+    }
+    const response = await fetch("https://oauth2.googleapis.com/token", {
+        body: new URLSearchParams({
+            client_id: clientId,
+            client_secret: clientSecret,
+            code,
+            grant_type: "authorization_code",
+            redirect_uri: redirectURI,
+        }),
+        headers: { "content-type": "application/x-www-form-urlencoded" },
+        method: "POST",
+    });
+    const payload = (await response.json());
+    if (!response.ok || !payload.access_token) {
+        throw new Error(payload.error_description || payload.error || "Google 授权码换取 access_token 失败");
+    }
+    return { access_token: payload.access_token };
+}
+async function getGoogleUserInfo(accessToken) {
+    const response = await fetch("https://openidconnect.googleapis.com/v1/userinfo", {
+        headers: { authorization: `Bearer ${accessToken}` },
+    });
+    const userInfo = (await response.json());
+    if (!response.ok) {
+        throw new Error("Google 用户信息获取失败");
+    }
+    return userInfo;
+}
+//# sourceMappingURL=google.js.map

package/dist/hosted-service/providers/google.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.js","sourceRoot":"","sources":["../../../src/hosted-service/providers/google.ts"],"names":[],"mappings":"AAmBA,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,OAAiC,EACjC,IAAY,EACZ,WAAmB;IAEnB,MAAM,YAAY,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IAC1E,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;IAEpE,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO;QACL,SAAS,EAAE,QAAQ,CAAC,OAAO,IAAI,IAAI;QACnC,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,IAAI;QAC7B,EAAE,EAAE,QAAQ,CAAC,GAAG;QAChB,QAAQ,EAAE;YACR,aAAa,EAAE,QAAQ,CAAC,cAAc;YACtC,UAAU,EAAE,QAAQ,CAAC,WAAW;YAChC,SAAS,EAAE,QAAQ,CAAC,UAAU;YAC9B,SAAS,EAAE,QAAQ,CAAC,GAAG;YACvB,QAAQ,EAAE,QAAQ;SACnB;QACD,IAAI,EAAE,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,KAAK,IAAI,WAAW;KACrD,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,OAAiC,EAAE,IAAY,EAAE,WAAmB;IACpG,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC;IAC1C,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC;IAElD,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,qCAAqC,EAAE;QAClE,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,IAAI;YACJ,UAAU,EAAE,oBAAoB;YAChC,YAAY,EAAE,WAAW;SAC1B,CAAC;QACF,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,MAAM,EAAE,MAAM;KACf,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAwB,CAAC;IAE/D,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,iBAAiB,IAAI,OAAO,CAAC,KAAK,IAAI,8BAA8B,CAAC,CAAC;IAChG,CAAC;IAED,OAAO,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC;AAChD,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,kDAAkD,EAAE;QAC/E,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;KACpD,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA2B,CAAC;IAEnE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/hosted-service/routes.d.ts

@@ -0,0 +1,12 @@
+import { createHostedAuthService } from "./service.js";
+import type { HostedAuthServiceOptions } from "./types.js";
+export type HostedAuthRouteHandler = (request: Request) => Promise<Response>;
+export interface HostedAuthRouteHandlers {
+    GET: HostedAuthRouteHandler;
+    POST: HostedAuthRouteHandler;
+    handle: HostedAuthRouteHandler;
+    service: ReturnType<typeof createHostedAuthService>;
+}
+export declare function createHostedAuthRouteHandlers(options: HostedAuthServiceOptions): HostedAuthRouteHandlers;
+export declare function handleHostedAuthRequest(service: ReturnType<typeof createHostedAuthService>, request: Request): Promise<Response>;
+//# sourceMappingURL=routes.d.ts.map

package/dist/hosted-service/routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../../src/hosted-service/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AACvD,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAE3D,MAAM,MAAM,sBAAsB,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;AAE7E,MAAM,WAAW,uBAAuB;IACtC,GAAG,EAAE,sBAAsB,CAAC;IAC5B,IAAI,EAAE,sBAAsB,CAAC;IAC7B,MAAM,EAAE,sBAAsB,CAAC;IAC/B,OAAO,EAAE,UAAU,CAAC,OAAO,uBAAuB,CAAC,CAAC;CACrD;AAED,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,wBAAwB,GAAG,uBAAuB,CAkBxG;AAED,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,UAAU,CAAC,OAAO,uBAAuB,CAAC,EACnD,OAAO,EAAE,OAAO,qBA0CjB"}

package/dist/hosted-service/routes.js

@@ -0,0 +1,61 @@
+import { createHostedAuthService } from "./service.js";
+export function createHostedAuthRouteHandlers(options) {
+    const service = createHostedAuthService(options);
+    const handle = async (request) => {
+        try {
+            return await handleHostedAuthRequest(service, request);
+        }
+        catch (error) {
+            return new Response(error instanceof Error ? error.message : "Auth service error", {
+                status: 500,
+            });
+        }
+    };
+    return {
+        GET: handle,
+        POST: handle,
+        handle,
+        service,
+    };
+}
+export async function handleHostedAuthRequest(service, request) {
+    const path = new URL(request.url).pathname;
+    if (path === "/login") {
+        return service.handleLogin(request);
+    }
+    if (path === "/logout") {
+        return service.handleLogout(request);
+    }
+    if (path === "/api/auth/context") {
+        return service.handleContext(request);
+    }
+    if (path === "/api/auth/dev-login") {
+        return service.handleDevLogin(request);
+    }
+    if (path === "/api/auth/feishu/callback") {
+        return service.handleFeishuCallback(request);
+    }
+    if (path === "/api/auth/feishu/start") {
+        return service.handleFeishuStart(request);
+    }
+    if (path === "/api/auth/google/callback") {
+        return service.handleGoogleCallback(request);
+    }
+    if (path === "/api/auth/google/start") {
+        return service.handleGoogleStart(request);
+    }
+    if (path === "/api/auth/github/callback") {
+        return service.handleGitHubCallback(request);
+    }
+    if (path === "/api/auth/github/start") {
+        return service.handleGitHubStart(request);
+    }
+    if (path === "/api/auth/me" || path === "/api/auth/user") {
+        return service.handleUser(request);
+    }
+    if (path === "/api/auth/session") {
+        return service.handleSession(request);
+    }
+    return new Response("Not found", { status: 404 });
+}
+//# sourceMappingURL=routes.js.map

package/dist/hosted-service/routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"routes.js","sourceRoot":"","sources":["../../src/hosted-service/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAYvD,MAAM,UAAU,6BAA6B,CAAC,OAAiC;IAC7E,MAAM,OAAO,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,KAAK,EAAE,OAAgB,EAAE,EAAE;QACxC,IAAI,CAAC;YACH,OAAO,MAAM,uBAAuB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACzD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,IAAI,QAAQ,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB,EAAE;gBACjF,MAAM,EAAE,GAAG;aACZ,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;IAEF,OAAO;QACL,GAAG,EAAE,MAAM;QACX,IAAI,EAAE,MAAM;QACZ,MAAM;QACN,OAAO;KACR,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,OAAmD,EACnD,OAAgB;IAEhB,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IAE3C,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,OAAO,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IACD,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;QACjC,OAAO,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;IACD,IAAI,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACnC,OAAO,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,IAAI,KAAK,2BAA2B,EAAE,CAAC;QACzC,OAAO,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IACD,IAAI,IAAI,KAAK,wBAAwB,EAAE,CAAC;QACtC,OAAO,OAAO,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,IAAI,KAAK,2BAA2B,EAAE,CAAC;QACzC,OAAO,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IACD,IAAI,IAAI,KAAK,wBAAwB,EAAE,CAAC;QACtC,OAAO,OAAO,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,IAAI,KAAK,2BAA2B,EAAE,CAAC;QACzC,OAAO,OAAO,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IACD,IAAI,IAAI,KAAK,wBAAwB,EAAE,CAAC;QACtC,OAAO,OAAO,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,IAAI,KAAK,cAAc,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;QACzD,OAAO,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IACD,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;QACjC,OAAO,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;AACpD,CAAC"}

package/dist/hosted-service/service.d.ts

@@ -0,0 +1,16 @@
+import type { HostedAuthServiceOptions } from "./types.js";
+export declare function createHostedAuthService(options: HostedAuthServiceOptions): {
+    handleContext(request: Request): Promise<Response>;
+    handleDevLogin(request: Request): Promise<Response>;
+    handleFeishuCallback(request: Request): Promise<Response>;
+    handleFeishuStart(request: Request): Promise<Response>;
+    handleGitHubCallback(request: Request): Promise<Response>;
+    handleGitHubStart(request: Request): Promise<Response>;
+    handleGoogleCallback(request: Request): Promise<Response>;
+    handleGoogleStart(request: Request): Promise<Response>;
+    handleLogin(request: Request): Promise<Response>;
+    handleLogout(request: Request): Promise<Response>;
+    handleSession(request: Request): Promise<Response>;
+    handleUser(request: Request): Promise<Response>;
+};
+//# sourceMappingURL=service.d.ts.map

package/dist/hosted-service/service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"service.d.ts","sourceRoot":"","sources":["../../src/hosted-service/service.ts"],"names":[],"mappings":"AAoBA,OAAO,KAAK,EAAyB,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAIlF,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,wBAAwB;2BAiExC,OAAO;4BAGN,OAAO;kCAGD,OAAO;+BAGV,OAAO;kCAGJ,OAAO;+BAIV,OAAO;kCAGJ,OAAO;+BAIV,OAAO;yBAGb,OAAO;0BAGN,OAAO;2BASN,OAAO;wBAKV,OAAO;EAkEpC"}

package/dist/hosted-service/service.js

@@ -0,0 +1,205 @@
+import { createProviderStartUrl, getApplication, getClientId, getRedirectURI, isRedirectAllowed, normalizeBaseURL } from "./applications.js";
+import { AUTH_SERVICE_SESSION_COOKIE, AUTH_SERVICE_STATE_COOKIE } from "./constants.js";
+import { appendCookie, clearCookie, createSessionCookie } from "./cookies.js";
+import { html, json, redirect } from "./http.js";
+import { renderLoginPage } from "./login-page/index.js";
+import { createOAuthState, createOAuthStateCookie, readOAuthCallbackState } from "./oauth.js";
+import { createUserFromFeishuCode } from "./providers/feishu.js";
+import { createUserFromGitHubCode } from "./providers/github.js";
+import { createUserFromGoogleCode } from "./providers/google.js";
+import { createSessionExpiresAt, createSessionPayload, deleteRequestSession, getStoredSession, toAuthContext, toAuthSession, } from "./session.js";
+import { createMemoryAuthStore } from "./store/index.js";
+export function createHostedAuthService(options) {
+    const authBaseURL = normalizeBaseURL(options.authBaseURL);
+    const allowDevLogin = options.allowDevLogin ?? false;
+    const store = options.store ?? createMemoryAuthStore();
+    async function setSessionAndRedirect(request, provider, providerUser, clientId, redirectURI) {
+        const user = await store.upsertOAuthUser(provider, providerUser);
+        const session = await store.createSession({
+            clientId,
+            expiresAt: createSessionExpiresAt(),
+            provider,
+            providerAccountId: providerUser.id,
+            userId: user.id,
+        });
+        const headers = new Headers();
+        appendCookie(headers, createSessionCookie(request, options, createSessionPayload(session)));
+        appendCookie(headers, clearCookie(request, options, AUTH_SERVICE_STATE_COOKIE));
+        return redirect(redirectURI, headers);
+    }
+    async function handleProviderCallback(request, provider, createUser) {
+        const stateData = readOAuthCallbackState(request, options);
+        if (!stateData) {
+            return redirect(`${authBaseURL}/login?error=${encodeURIComponent("登录状态校验失败，请重新发起登录。")}`);
+        }
+        try {
+            const user = await createUser(stateData.code, getCallbackURL(provider));
+            return setSessionAndRedirect(request, provider, user, stateData.savedState.clientId, stateData.savedState.redirectURI);
+        }
+        catch (error) {
+            return redirect(createCallbackErrorUrl(provider, error, stateData.savedState.clientId, stateData.savedState.redirectURI));
+        }
+    }
+    function handleProviderStart(request, provider) {
+        const providerClientId = getProviderClientId(provider);
+        const clientId = getClientId(request, options);
+        const app = getApplication(options, clientId);
+        const redirectURI = getRedirectURI(request, app);
+        if (!providerClientId) {
+            return redirect(`${authBaseURL}/login?client_id=${encodeURIComponent(clientId)}&error=${encodeURIComponent(getProviderDisabledMessage(provider))}`);
+        }
+        if (!isRedirectAllowed(redirectURI, app)) {
+            return json({ error: "redirect_uri 不在应用白名单中" }, { status: 400 });
+        }
+        return redirectToProvider(request, app, redirectURI, provider, providerClientId);
+    }
+    return {
+        async handleContext(request) {
+            return json(toAuthContext(await getStoredSession(request, options, store)));
+        },
+        async handleDevLogin(request) {
+            return handleDevLogin(request, options, allowDevLogin, setSessionAndRedirect);
+        },
+        async handleFeishuCallback(request) {
+            return handleProviderCallback(request, "feishu", (code) => createUserFromFeishuCode(options, code));
+        },
+        async handleFeishuStart(request) {
+            return handleProviderStart(request, "feishu");
+        },
+        async handleGitHubCallback(request) {
+            return handleProviderCallback(request, "github", (code, callbackURL) => createUserFromGitHubCode(options, code, callbackURL));
+        },
+        async handleGitHubStart(request) {
+            return handleProviderStart(request, "github");
+        },
+        async handleGoogleCallback(request) {
+            return handleProviderCallback(request, "google", (code, callbackURL) => createUserFromGoogleCode(options, code, callbackURL));
+        },
+        async handleGoogleStart(request) {
+            return handleProviderStart(request, "google");
+        },
+        async handleLogin(request) {
+            return handleLogin(request, options, authBaseURL, allowDevLogin);
+        },
+        async handleLogout(request) {
+            const url = new URL(request.url);
+            const headers = new Headers();
+            await deleteRequestSession(request, options, store);
+            appendCookie(headers, clearCookie(request, options, options.cookieName ?? AUTH_SERVICE_SESSION_COOKIE));
+            return redirect(url.searchParams.get("redirect_uri") ?? "/", headers);
+        },
+        async handleSession(request) {
+            const stored = await getStoredSession(request, options, store);
+            return json(stored ? toAuthSession(stored.session) : null);
+        },
+        async handleUser(request) {
+            return json((await getStoredSession(request, options, store))?.user ?? null);
+        },
+    };
+    function getCallbackURL(provider) {
+        return options[provider]?.redirectURI ?? `${authBaseURL}/api/auth/${provider}/callback`;
+    }
+    function getProviderClientId(provider) {
+        return provider === "feishu" ? options.feishu?.appId : options[provider]?.clientId;
+    }
+    function redirectToProvider(request, app, redirectURI, provider, providerClientId) {
+        const { payload, state } = createOAuthState(app, redirectURI);
+        const authorizeUrl = createProviderAuthorizeUrl(provider, providerClientId, getCallbackURL(provider), state);
+        const headers = new Headers();
+        appendCookie(headers, createOAuthStateCookie(request, options, payload));
+        return redirect(authorizeUrl.toString(), headers);
+    }
+    function createProviderAuthorizeUrl(provider, clientId, callbackURL, state) {
+        if (provider === "feishu")
+            return createFeishuAuthorizeUrl(clientId, callbackURL, state);
+        if (provider === "google")
+            return createGoogleAuthorizeUrl(clientId, callbackURL, state);
+        return createGitHubAuthorizeUrl(clientId, callbackURL, state);
+    }
+    function createCallbackErrorUrl(provider, error, clientId, redirectURI) {
+        const message = error instanceof Error ? error.message : `${getProviderLabel(provider)} 登录失败`;
+        return `${authBaseURL}/login?client_id=${encodeURIComponent(clientId)}&redirect_uri=${encodeURIComponent(redirectURI)}&error=${encodeURIComponent(message)}`;
+    }
+    function createGoogleAuthorizeUrl(clientId, callbackURL, state) {
+        const authorizeUrl = new URL("https://accounts.google.com/o/oauth2/v2/auth");
+        authorizeUrl.searchParams.set("access_type", "offline");
+        authorizeUrl.searchParams.set("client_id", clientId);
+        authorizeUrl.searchParams.set("prompt", "select_account");
+        authorizeUrl.searchParams.set("redirect_uri", callbackURL);
+        authorizeUrl.searchParams.set("response_type", "code");
+        authorizeUrl.searchParams.set("scope", (options.google?.scopes ?? ["openid", "email", "profile"]).join(" "));
+        authorizeUrl.searchParams.set("state", state);
+        return authorizeUrl;
+    }
+    function createGitHubAuthorizeUrl(clientId, callbackURL, state) {
+        const authorizeUrl = new URL("https://github.com/login/oauth/authorize");
+        authorizeUrl.searchParams.set("client_id", clientId);
+        authorizeUrl.searchParams.set("redirect_uri", callbackURL);
+        authorizeUrl.searchParams.set("scope", (options.github?.scopes ?? ["read:user", "user:email"]).join(" "));
+        authorizeUrl.searchParams.set("state", state);
+        return authorizeUrl;
+    }
+}
+function createFeishuAuthorizeUrl(appId, callbackURL, state) {
+    const authorizeUrl = new URL("https://open.feishu.cn/open-apis/authen/v1/index");
+    authorizeUrl.searchParams.set("app_id", appId);
+    authorizeUrl.searchParams.set("redirect_uri", callbackURL);
+    authorizeUrl.searchParams.set("state", state);
+    return authorizeUrl;
+}
+function getProviderDisabledMessage(provider) {
+    return `${getProviderLabel(provider)} 登录未配置`;
+}
+function getProviderLabel(provider) {
+    if (provider === "feishu")
+        return "飞书";
+    if (provider === "google")
+        return "Google";
+    return "GitHub";
+}
+function handleDevLogin(request, options, allowDevLogin, setSessionAndRedirect) {
+    if (!allowDevLogin) {
+        return json({ error: "开发登录未启用" }, { status: 403 });
+    }
+    const clientId = getClientId(request, options);
+    const app = getApplication(options, clientId);
+    const redirectURI = getRedirectURI(request, app);
+    if (!isRedirectAllowed(redirectURI, app)) {
+        return json({ error: "redirect_uri 不在应用白名单中" }, { status: 400 });
+    }
+    return setSessionAndRedirect(request, "dev", {
+        email: "dev@example.com",
+        id: "dev-user",
+        metadata: { provider: "dev" },
+        name: "开发账号",
+    }, app.clientId, redirectURI);
+}
+function handleLogin(request, options, authBaseURL, allowDevLogin) {
+    const url = new URL(request.url);
+    const clientId = getClientId(request, options);
+    const app = getApplication(options, clientId);
+    const redirectURI = getRedirectURI(request, app);
+    const provider = url.searchParams.get("provider");
+    const error = url.searchParams.get("error") ?? undefined;
+    if (!isRedirectAllowed(redirectURI, app)) {
+        return json({ error: "redirect_uri 不在应用白名单中" }, { status: 400 });
+    }
+    if (isHostedProvider(provider)) {
+        return redirect(createProviderStartUrl(authBaseURL, provider, app.clientId, redirectURI).toString());
+    }
+    return html(renderLoginPage({
+        allowDevLogin,
+        app,
+        authBaseURL,
+        clientId: app.clientId,
+        error,
+        feishuEnabled: Boolean(options.feishu?.appId && options.feishu?.appSecret),
+        githubEnabled: Boolean(options.github?.clientId && options.github?.clientSecret),
+        googleEnabled: Boolean(options.google?.clientId && options.google?.clientSecret),
+        redirectURI,
+    }));
+}
+function isHostedProvider(provider) {
+    return provider === "feishu" || provider === "google" || provider === "github";
+}
+//# sourceMappingURL=service.js.map

package/dist/hosted-service/service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"service.js","sourceRoot":"","sources":["../../src/hosted-service/service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAAE,cAAc,EAAE,WAAW,EAAE,cAAc,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAC7I,OAAO,EAAE,2BAA2B,EAAE,yBAAyB,EAAE,MAAM,gBAAgB,CAAC;AACxF,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAC9E,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAC9F,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,oBAAoB,EACpB,gBAAgB,EAChB,aAAa,EACb,aAAa,GACd,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAMzD,MAAM,UAAU,uBAAuB,CAAC,OAAiC;IACvE,MAAM,WAAW,GAAG,gBAAgB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAC1D,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,KAAK,CAAC;IACrD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,qBAAqB,EAAE,CAAC;IAEvD,KAAK,UAAU,qBAAqB,CAClC,OAAgB,EAChB,QAA8B,EAC9B,YAAsB,EACtB,QAAgB,EAChB,WAAmB;QAEnB,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,eAAe,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QACjE,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,aAAa,CAAC;YACxC,QAAQ;YACR,SAAS,EAAE,sBAAsB,EAAE;YACnC,QAAQ;YACR,iBAAiB,EAAE,YAAY,CAAC,EAAE;YAClC,MAAM,EAAE,IAAI,CAAC,EAAE;SAChB,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;QAE9B,YAAY,CAAC,OAAO,EAAE,mBAAmB,CAAC,OAAO,EAAE,OAAO,EAAE,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAC5F,YAAY,CAAC,OAAO,EAAE,WAAW,CAAC,OAAO,EAAE,OAAO,EAAE,yBAAyB,CAAC,CAAC,CAAC;QAEhF,OAAO,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,UAAU,sBAAsB,CACnC,OAAgB,EAChB,QAAoB,EACpB,UAAoE;QAEpE,MAAM,SAAS,GAAG,sBAAsB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAE3D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,QAAQ,CAAC,GAAG,WAAW,gBAAgB,kBAAkB,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC;QAC3F,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,IAAI,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;YAExE,OAAO,qBAAqB,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC,QAAQ,EAAE,SAAS,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;QACzH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,QAAQ,CAAC,sBAAsB,CAAC,QAAQ,EAAE,KAAK,EAAE,SAAS,CAAC,UAAU,CAAC,QAAQ,EAAE,SAAS,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;QAC5H,CAAC;IACH,CAAC;IAED,SAAS,mBAAmB,CAAC,OAAgB,EAAE,QAAoB;QACjE,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QACvD,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC/C,MAAM,GAAG,GAAG,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC9C,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAEjD,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,OAAO,QAAQ,CAAC,GAAG,WAAW,oBAAoB,kBAAkB,CAAC,QAAQ,CAAC,UAAU,kBAAkB,CAAC,0BAA0B,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;QACtJ,CAAC;QACD,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,GAAG,CAAC,EAAE,CAAC;YACzC,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACnE,CAAC;QAED,OAAO,kBAAkB,CAAC,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;IACnF,CAAC;IAED,OAAO;QACL,KAAK,CAAC,aAAa,CAAC,OAAgB;YAClC,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,gBAAgB,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9E,CAAC;QACD,KAAK,CAAC,cAAc,CAAC,OAAgB;YACnC,OAAO,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,qBAAqB,CAAC,CAAC;QAChF,CAAC;QACD,KAAK,CAAC,oBAAoB,CAAC,OAAgB;YACzC,OAAO,sBAAsB,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,wBAAwB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;QACtG,CAAC;QACD,KAAK,CAAC,iBAAiB,CAAC,OAAgB;YACtC,OAAO,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAChD,CAAC;QACD,KAAK,CAAC,oBAAoB,CAAC,OAAgB;YACzC,OAAO,sBAAsB,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC,IAAI,EAAE,WAAW,EAAE,EAAE,CACrE,wBAAwB,CAAC,OAAO,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC;QAC1D,CAAC;QACD,KAAK,CAAC,iBAAiB,CAAC,OAAgB;YACtC,OAAO,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAChD,CAAC;QACD,KAAK,CAAC,oBAAoB,CAAC,OAAgB;YACzC,OAAO,sBAAsB,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC,IAAI,EAAE,WAAW,EAAE,EAAE,CACrE,wBAAwB,CAAC,OAAO,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC;QAC1D,CAAC;QACD,KAAK,CAAC,iBAAiB,CAAC,OAAgB;YACtC,OAAO,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAChD,CAAC;QACD,KAAK,CAAC,WAAW,CAAC,OAAgB;YAChC,OAAO,WAAW,CAAC,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;QACnE,CAAC;QACD,KAAK,CAAC,YAAY,CAAC,OAAgB;YACjC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;YAE9B,MAAM,oBAAoB,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;YACpD,YAAY,CAAC,OAAO,EAAE,WAAW,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,UAAU,IAAI,2BAA2B,CAAC,CAAC,CAAC;YAExG,OAAO,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,GAAG,EAAE,OAAO,CAAC,CAAC;QACxE,CAAC;QACD,KAAK,CAAC,aAAa,CAAC,OAAgB;YAClC,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;YAE/D,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC7D,CAAC;QACD,KAAK,CAAC,UAAU,CAAC,OAAgB;YAC/B,OAAO,IAAI,CAAC,CAAC,MAAM,gBAAgB,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC,CAAC;QAC/E,CAAC;KACF,CAAC;IAEF,SAAS,cAAc,CAAC,QAAoB;QAC1C,OAAO,OAAO,CAAC,QAAQ,CAAC,EAAE,WAAW,IAAI,GAAG,WAAW,aAAa,QAAQ,WAAW,CAAC;IAC1F,CAAC;IAED,SAAS,mBAAmB,CAAC,QAAoB;QAC/C,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACrF,CAAC;IAED,SAAS,kBAAkB,CACzB,OAAgB,EAChB,GAA0B,EAC1B,WAAmB,EACnB,QAAoB,EACpB,gBAAwB;QAExB,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,gBAAgB,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,0BAA0B,CAAC,QAAQ,EAAE,gBAAgB,EAAE,cAAc,CAAC,QAAQ,CAAC,EAAE,KAAK,CAAC,CAAC;QAC7G,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;QAE9B,YAAY,CAAC,OAAO,EAAE,sBAAsB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QAEzE,OAAO,QAAQ,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAC;IACpD,CAAC;IAED,SAAS,0BAA0B,CAAC,QAAoB,EAAE,QAAgB,EAAE,WAAmB,EAAE,KAAa;QAC5G,IAAI,QAAQ,KAAK,QAAQ;YAAE,OAAO,wBAAwB,CAAC,QAAQ,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QACzF,IAAI,QAAQ,KAAK,QAAQ;YAAE,OAAO,wBAAwB,CAAC,QAAQ,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QAEzF,OAAO,wBAAwB,CAAC,QAAQ,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;IAChE,CAAC;IAED,SAAS,sBAAsB,CAAC,QAAoB,EAAE,KAAc,EAAE,QAAgB,EAAE,WAAmB;QACzG,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC;QAE9F,OAAO,GAAG,WAAW,oBAAoB,kBAAkB,CAAC,QAAQ,CAAC,iBAAiB,kBAAkB,CAAC,WAAW,CAAC,UAAU,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;IAC/J,CAAC;IAED,SAAS,wBAAwB,CAAC,QAAgB,EAAE,WAAmB,EAAE,KAAa;QACpF,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,8CAA8C,CAAC,CAAC;QAE7E,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QACxD,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QACrD,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAC1D,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QAC3D,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QACvD,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7G,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAE9C,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,SAAS,wBAAwB,CAAC,QAAgB,EAAE,WAAmB,EAAE,KAAa;QACpF,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,0CAA0C,CAAC,CAAC;QAEzE,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QACrD,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QAC3D,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1G,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAE9C,OAAO,YAAY,CAAC;IACtB,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAa,EAAE,WAAmB,EAAE,KAAa;IACjF,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,kDAAkD,CAAC,CAAC;IAEjF,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC/C,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IAC3D,YAAY,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAE9C,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,0BAA0B,CAAC,QAAoB;IACtD,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC;AAC/C,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAoB;IAC5C,IAAI,QAAQ,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACvC,IAAI,QAAQ,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE3C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,cAAc,CACrB,OAAgB,EAChB,OAAiC,EACjC,aAAsB,EACtB,qBAMsB;IAEtB,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAG,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC9C,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAEjD,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,GAAG,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,OAAO,qBAAqB,CAC1B,OAAO,EACP,KAAK,EACL;QACE,KAAK,EAAE,iBAAiB;QACxB,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE;QAC7B,IAAI,EAAE,MAAM;KACb,EACD,GAAG,CAAC,QAAQ,EACZ,WAAW,CACZ,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAClB,OAAgB,EAChB,OAAiC,EACjC,WAAmB,EACnB,aAAsB;IAEtB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAG,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC9C,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACjD,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAClD,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;IAEzD,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,GAAG,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,OAAO,QAAQ,CAAC,sBAAsB,CAAC,WAAW,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;IACvG,CAAC;IAED,OAAO,IAAI,CAAC,eAAe,CAAC;QAC1B,aAAa;QACb,GAAG;QACH,WAAW;QACX,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,KAAK;QACL,aAAa,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;QAC1E,aAAa,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC;QAChF,aAAa,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,IAAI,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC;QAChF,WAAW;KACZ,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAuB;IAC/C,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,QAAQ,CAAC;AACjF,CAAC"}