@revealui/auth 0.2.0 → 0.3.0

package/dist/server/providers/github.js

@@ -0,0 +1,89 @@
+/**
+ * GitHub OAuth Provider
+ *
+ * Uses native fetch — no additional npm dependencies.
+ * Scopes: read:user user:email
+ *
+ * Note: GitHub may return null email if user has set it private.
+ * In that case we fetch from /user/emails and pick the primary verified one.
+ */
+export function buildAuthUrl(clientId, redirectUri, state) {
+    const url = new URL('https://github.com/login/oauth/authorize');
+    url.searchParams.set('client_id', clientId);
+    url.searchParams.set('redirect_uri', redirectUri);
+    url.searchParams.set('scope', 'read:user user:email');
+    url.searchParams.set('state', state);
+    return url.toString();
+}
+export async function exchangeCode(code, redirectUri) {
+    const response = await fetch('https://github.com/login/oauth/access_token', {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            // biome-ignore lint/style/useNamingConvention: HTTP header names are case-sensitive per RFC 7230
+            Accept: 'application/json',
+        },
+        body: new URLSearchParams({
+            code,
+            client_id: process.env.GITHUB_CLIENT_ID ?? '',
+            client_secret: process.env.GITHUB_CLIENT_SECRET ?? '',
+            redirect_uri: redirectUri,
+        }),
+    });
+    if (!response.ok) {
+        let detail = '';
+        try {
+            const err = (await response.json());
+            detail = err.error_description ?? err.error ?? '';
+        }
+        catch {
+            // Response body not JSON — use status only
+        }
+        throw new Error(`GitHub token exchange failed: ${response.status}${detail ? ` — ${detail}` : ''}`);
+    }
+    const data = (await response.json());
+    if (data.error) {
+        throw new Error(`GitHub token exchange error: ${data.error}`);
+    }
+    if (!data.access_token || typeof data.access_token !== 'string') {
+        throw new Error('GitHub token exchange returned no access_token');
+    }
+    return data.access_token;
+}
+export async function fetchUser(accessToken) {
+    const headers = {
+        // biome-ignore lint/style/useNamingConvention: HTTP header names are case-sensitive per RFC 7230
+        Authorization: `Bearer ${accessToken}`,
+        // biome-ignore lint/style/useNamingConvention: HTTP header names are case-sensitive per RFC 7230
+        Accept: 'application/vnd.github+json',
+    };
+    const userResponse = await fetch('https://api.github.com/user', { headers });
+    if (!userResponse.ok) {
+        let detail = '';
+        try {
+            const err = (await userResponse.json());
+            detail = err.message ?? '';
+        }
+        catch {
+            // Response body not JSON
+        }
+        throw new Error(`GitHub user fetch failed: ${userResponse.status}${detail ? ` — ${detail}` : ''}`);
+    }
+    const user = (await userResponse.json());
+    let email = user.email ?? null;
+    // Fetch emails if not public
+    if (!email) {
+        const emailsResponse = await fetch('https://api.github.com/user/emails', { headers });
+        if (emailsResponse.ok) {
+            const emails = (await emailsResponse.json());
+            const primary = emails.find((e) => e.primary && e.verified);
+            email = primary?.email ?? null;
+        }
+    }
+    return {
+        id: String(user.id),
+        email,
+        name: user.name ?? user.login,
+        avatarUrl: user.avatar_url ?? null,
+    };
+}

package/dist/server/providers/google.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Google OAuth 2.0 Provider
+ *
+ * Uses native fetch — no additional npm dependencies.
+ * Scopes: openid email profile
+ */
+import type { ProviderUser } from '../oauth.js';
+export declare function buildAuthUrl(clientId: string, redirectUri: string, state: string): string;
+export declare function exchangeCode(code: string, redirectUri: string): Promise<string>;
+export declare function fetchUser(accessToken: string): Promise<ProviderUser>;
+//# sourceMappingURL=google.d.ts.map

package/dist/server/providers/google.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../../src/server/providers/google.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEhD,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CASzF;AAED,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA+BrF;AAED,wBAAsB,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAgC1E"}

package/dist/server/providers/google.js

@@ -0,0 +1,69 @@
+/**
+ * Google OAuth 2.0 Provider
+ *
+ * Uses native fetch — no additional npm dependencies.
+ * Scopes: openid email profile
+ */
+export function buildAuthUrl(clientId, redirectUri, state) {
+    const url = new URL('https://accounts.google.com/o/oauth2/v2/auth');
+    url.searchParams.set('client_id', clientId);
+    url.searchParams.set('redirect_uri', redirectUri);
+    url.searchParams.set('response_type', 'code');
+    url.searchParams.set('scope', 'openid email profile');
+    url.searchParams.set('state', state);
+    url.searchParams.set('access_type', 'online');
+    return url.toString();
+}
+export async function exchangeCode(code, redirectUri) {
+    const response = await fetch('https://oauth2.googleapis.com/token', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: new URLSearchParams({
+            code,
+            client_id: process.env.GOOGLE_CLIENT_ID ?? '',
+            client_secret: process.env.GOOGLE_CLIENT_SECRET ?? '',
+            redirect_uri: redirectUri,
+            grant_type: 'authorization_code',
+        }),
+    });
+    if (!response.ok) {
+        let detail = '';
+        try {
+            const err = (await response.json());
+            detail = err.error_description ?? err.error ?? '';
+        }
+        catch {
+            // Response body not JSON — use status only
+        }
+        throw new Error(`Google token exchange failed: ${response.status}${detail ? ` — ${detail}` : ''}`);
+    }
+    const data = (await response.json());
+    if (!data.access_token || typeof data.access_token !== 'string') {
+        throw new Error('Google token exchange returned no access_token');
+    }
+    return data.access_token;
+}
+export async function fetchUser(accessToken) {
+    const response = await fetch('https://openidconnect.googleapis.com/v1/userinfo', {
+        // biome-ignore lint/style/useNamingConvention: HTTP header names are case-sensitive per RFC 7230
+        headers: { Authorization: `Bearer ${accessToken}` },
+    });
+    if (!response.ok) {
+        let detail = '';
+        try {
+            const err = (await response.json());
+            detail = err.error?.message ?? '';
+        }
+        catch {
+            // Response body not JSON
+        }
+        throw new Error(`Google userinfo fetch failed: ${response.status}${detail ? ` — ${detail}` : ''}`);
+    }
+    const data = (await response.json());
+    return {
+        id: data.sub,
+        email: data.email ?? null,
+        name: data.name ?? 'Google User',
+        avatarUrl: data.picture ?? null,
+    };
+}

package/dist/server/providers/vercel.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Vercel OAuth Provider
+ *
+ * Uses native fetch — no additional npm dependencies.
+ * No scopes required — Vercel uses full access by default.
+ */
+import type { ProviderUser } from '../oauth.js';
+export declare function buildAuthUrl(clientId: string, redirectUri: string, state: string): string;
+export declare function exchangeCode(code: string, redirectUri: string): Promise<string>;
+export declare function fetchUser(accessToken: string): Promise<ProviderUser>;
+//# sourceMappingURL=vercel.d.ts.map

package/dist/server/providers/vercel.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vercel.d.ts","sourceRoot":"","sources":["../../../src/server/providers/vercel.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEhD,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAMzF;AAED,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA2BrF;AAED,wBAAsB,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAkC1E"}

package/dist/server/providers/vercel.js

@@ -0,0 +1,63 @@
+/**
+ * Vercel OAuth Provider
+ *
+ * Uses native fetch — no additional npm dependencies.
+ * No scopes required — Vercel uses full access by default.
+ */
+export function buildAuthUrl(clientId, redirectUri, state) {
+    const url = new URL('https://vercel.com/oauth/authorize');
+    url.searchParams.set('client_id', clientId);
+    url.searchParams.set('redirect_uri', redirectUri);
+    url.searchParams.set('state', state);
+    return url.toString();
+}
+export async function exchangeCode(code, redirectUri) {
+    const response = await fetch('https://api.vercel.com/v2/oauth/access_token', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: new URLSearchParams({
+            code,
+            client_id: process.env.VERCEL_CLIENT_ID ?? '',
+            client_secret: process.env.VERCEL_CLIENT_SECRET ?? '',
+            redirect_uri: redirectUri,
+        }),
+    });
+    if (!response.ok) {
+        let detail = '';
+        try {
+            const err = (await response.json());
+            detail = err.error_description ?? err.error ?? '';
+        }
+        catch {
+            // Response body not JSON — use status only
+        }
+        throw new Error(`Vercel token exchange failed: ${response.status}${detail ? ` — ${detail}` : ''}`);
+    }
+    const data = (await response.json());
+    return data.access_token;
+}
+export async function fetchUser(accessToken) {
+    const response = await fetch('https://api.vercel.com/v2/user', {
+        // biome-ignore lint/style/useNamingConvention: HTTP header names are case-sensitive per RFC 7230
+        headers: { Authorization: `Bearer ${accessToken}` },
+    });
+    if (!response.ok) {
+        let detail = '';
+        try {
+            const err = (await response.json());
+            detail = err.error?.message ?? '';
+        }
+        catch {
+            // Response body not JSON
+        }
+        throw new Error(`Vercel user fetch failed: ${response.status}${detail ? ` — ${detail}` : ''}`);
+    }
+    const data = (await response.json());
+    const u = data.user;
+    return {
+        id: u.id,
+        email: u.email,
+        name: u.name ?? u.username ?? 'Vercel User',
+        avatarUrl: u.avatar ? `https://avatar.vercel.sh/${u.avatar}` : null,
+    };
+}

package/dist/server/rate-limit.d.ts

@@ -2,7 +2,7 @@
  * Rate Limiting Utilities
  *
  * Rate limiting for authentication endpoints using storage abstraction.
- * Supports in-memory (dev), Redis (production), or database (fallback).
+ * Supports in-memory (dev) or database (production) backends.
  */
 /**
  * Rate limit configuration
@@ -12,6 +12,15 @@ export interface RateLimitConfig {
     windowMs: number;
     blockDurationMs?: number;
 }
+/**
+ * Override default rate limit configuration globally.
+ * Per-call config parameters still take precedence.
+ */
+export declare function configureRateLimit(overrides: Partial<RateLimitConfig>): void;
+/**
+ * Reset rate limit configuration to defaults (for testing).
+ */
+export declare function resetRateLimitConfig(): void;
 /**
  * Checks if an action should be rate limited
  *

package/dist/server/rate-limit.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../src/server/rate-limit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AASH;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,MAAM,CAAA;IAChB,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB;AAqCD;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,GAAG,EAAE,MAAM,EACX,MAAM,GAAE,eAAgC,GACvC,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAuDnE;AAED;;;;GAIG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAI/D;AAED;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,MAAM,EACX,MAAM,GAAE,eAAgC,GACvC,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAqBhE"}
+{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../src/server/rate-limit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AASH;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAUD;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,OAAO,CAAC,eAAe,CAAC,GAAG,IAAI,CAE5E;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,IAAI,CAE3C;AA+BD;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,GAAG,EAAE,MAAM,EACX,MAAM,GAAE,eAA8B,GACrC,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CA4DnE;AAED;;;;GAIG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAI/D;AAED;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,MAAM,EACX,MAAM,GAAE,eAA8B,GACrC,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAqBhE"}

package/dist/server/rate-limit.js

@@ -2,7 +2,7 @@
  * Rate Limiting Utilities
  *
  * Rate limiting for authentication endpoints using storage abstraction.
- * Supports in-memory (dev), Redis (production), or database (fallback).
+ * Supports in-memory (dev) or database (production) backends.
  */
 import { getStorage } from './storage/index.js';
 const DEFAULT_CONFIG = {
@@ -10,6 +10,20 @@ const DEFAULT_CONFIG = {
     windowMs: 15 * 60 * 1000, // 15 minutes
     blockDurationMs: 30 * 60 * 1000, // 30 minutes block after max attempts
 };
+let globalConfig = { ...DEFAULT_CONFIG };
+/**
+ * Override default rate limit configuration globally.
+ * Per-call config parameters still take precedence.
+ */
+export function configureRateLimit(overrides) {
+    globalConfig = { ...DEFAULT_CONFIG, ...overrides };
+}
+/**
+ * Reset rate limit configuration to defaults (for testing).
+ */
+export function resetRateLimitConfig() {
+    globalConfig = { ...DEFAULT_CONFIG };
+}
 /**
  * Serialize rate limit entry to string
  */
@@ -43,54 +57,58 @@ function getStorageKey(key) {
  * @param config - Rate limit configuration
  * @returns Rate limit result
  */
-export async function checkRateLimit(key, config = DEFAULT_CONFIG) {
+export async function checkRateLimit(key, config = globalConfig) {
     const storage = getStorage();
     const storageKey = getStorageKey(key);
     const now = Date.now();
-    // Get existing entry
-    const entryData = await storage.get(storageKey);
-    let entry = deserializeEntry(entryData);
-    // Clean up expired entries
-    if (entry && entry.resetAt < now) {
-        await storage.del(storageKey);
-        entry = null;
-    }
-    // Get or create entry
-    const currentEntry = entry || {
-        count: 0,
-        resetAt: now + config.windowMs,
-    };
-    // Check if blocked
-    if (config.blockDurationMs && currentEntry.count >= config.maxAttempts) {
-        const blockUntil = currentEntry.resetAt + (config.blockDurationMs - config.windowMs);
-        if (now < blockUntil) {
-            return {
-                allowed: false,
-                remaining: 0,
-                resetAt: blockUntil,
-            };
+    // Use atomicUpdate to avoid the read-modify-write race condition.
+    // The result is captured via closure since atomicUpdate returns void.
+    let result;
+    const updater = (entryData) => {
+        let entry = deserializeEntry(entryData);
+        // Clean up expired entries
+        if (entry && entry.resetAt < now) {
+            entry = null;
         }
-        // Block expired, reset
-        currentEntry.count = 0;
-        currentEntry.resetAt = now + config.windowMs;
-    }
-    // Check if within window
-    if (currentEntry.count >= config.maxAttempts) {
-        return {
-            allowed: false,
-            remaining: 0,
+        // Get or create entry
+        const currentEntry = entry || {
+            count: 0,
+            resetAt: now + config.windowMs,
+        };
+        // Check if blocked
+        if (config.blockDurationMs && currentEntry.count >= config.maxAttempts) {
+            const blockUntil = now + config.blockDurationMs;
+            const blockTtlSeconds = Math.ceil(config.blockDurationMs / 1000);
+            result = { allowed: false, remaining: 0, resetAt: blockUntil };
+            return { value: serializeEntry(currentEntry), ttlSeconds: blockTtlSeconds };
+        }
+        // Check if within window
+        if (currentEntry.count >= config.maxAttempts) {
+            const ttlSeconds = Math.ceil((currentEntry.resetAt - now) / 1000);
+            result = { allowed: false, remaining: 0, resetAt: currentEntry.resetAt };
+            return { value: serializeEntry(currentEntry), ttlSeconds };
+        }
+        // Increment and update
+        currentEntry.count++;
+        const ttlSeconds = Math.ceil((currentEntry.resetAt - now) / 1000);
+        result = {
+            allowed: true,
+            remaining: config.maxAttempts - currentEntry.count,
             resetAt: currentEntry.resetAt,
         };
-    }
-    // Increment and update
-    currentEntry.count++;
-    const ttlSeconds = Math.ceil((currentEntry.resetAt - now) / 1000);
-    await storage.set(storageKey, serializeEntry(currentEntry), ttlSeconds);
-    return {
-        allowed: true,
-        remaining: config.maxAttempts - currentEntry.count,
-        resetAt: currentEntry.resetAt,
+        return { value: serializeEntry(currentEntry), ttlSeconds };
     };
+    if (storage.atomicUpdate) {
+        await storage.atomicUpdate(storageKey, updater);
+    }
+    else {
+        // Fallback for storage backends without atomicUpdate
+        const existing = await storage.get(storageKey);
+        const { value, ttlSeconds } = updater(existing);
+        await storage.set(storageKey, value, ttlSeconds);
+    }
+    // biome-ignore lint/style/noNonNullAssertion: result is always assigned by updater before this point
+    return result;
 }
 /**
  * Resets rate limit for a key
@@ -109,7 +127,7 @@ export async function resetRateLimit(key) {
  * @param config - Rate limit configuration
  * @returns Rate limit status
  */
-export async function getRateLimitStatus(key, config = DEFAULT_CONFIG) {
+export async function getRateLimitStatus(key, config = globalConfig) {
     const storage = getStorage();
     const storageKey = getStorageKey(key);
     const now = Date.now();

package/dist/server/session.d.ts

@@ -5,6 +5,30 @@
  * Sessions are stored in PostgreSQL and validated on each request.
  */
 import type { Session, User } from '../types.js';
+export interface SessionBindingConfig {
+    /** Invalidate session when user-agent changes (default: true) */
+    enforceUserAgent: boolean;
+    /** Invalidate session when IP address changes (default: false — users roam) */
+    enforceIp: boolean;
+    /** Log a warning when IP changes but don't invalidate (default: true) */
+    warnOnIpChange: boolean;
+}
+/** Override session binding behaviour (useful for tests or strict deployments). */
+export declare function configureSessionBinding(overrides: Partial<SessionBindingConfig>): void;
+/** Reset to defaults (for tests). */
+export declare function resetSessionBindingConfig(): void;
+export interface RequestContext {
+    userAgent?: string;
+    ipAddress?: string;
+}
+/**
+ * Validate that the current request context matches the session's stored
+ * binding values (IP address, user-agent).
+ *
+ * @returns `null` when the session is valid, or a reason string when it should
+ *          be invalidated.
+ */
+export declare function validateSessionBinding(session: Session, ctx: RequestContext): string | null;
 export interface SessionData {
     session: Session;
     user: User;
@@ -13,9 +37,10 @@ export interface SessionData {
  * Get session from request headers (cookie)
  *
  * @param headers - Request headers containing cookies
+ * @param requestContext - Optional IP / user-agent for session binding validation
  * @returns Session data with user, or null if invalid/expired
  */
-export declare function getSession(headers: Headers): Promise<SessionData | null>;
+export declare function getSession(headers: Headers, requestContext?: RequestContext): Promise<SessionData | null>;
 /**
  * Create a new session for a user
  *
@@ -27,6 +52,28 @@ export declare function createSession(userId: string, options?: {
     persistent?: boolean;
     userAgent?: string;
     ipAddress?: string;
+    expiresAt?: Date;
+    metadata?: Record<string, unknown>;
+}): Promise<{
+    token: string;
+    session: Session;
+}>;
+/**
+ * Rotate a user's session to prevent session fixation attacks.
+ *
+ * Deletes the old session (by token hash) or all sessions for the user,
+ * then creates a fresh session with a new token.
+ *
+ * @param userId - User ID to rotate sessions for
+ * @param options - Rotation options
+ * @returns New session token and session data
+ */
+export declare function rotateSession(userId: string, options?: {
+    /** Raw token of the old session to invalidate. When omitted, all user sessions are deleted. */
+    oldSessionToken?: string;
+    persistent?: boolean;
+    userAgent?: string;
+    ipAddress?: string;
 }): Promise<{
     token: string;
     session: Session;

package/dist/server/session.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/server/session.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,aAAa,CAAA;AAIhD,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAA;IAChB,IAAI,EAAE,IAAI,CAAA;CACX;AAED;;;;;GAKG;AACH,wBAAsB,UAAU,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAsF9E;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;IACR,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,GACA,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,CAAC,CAgE9C;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAmBtE;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAyBzE"}
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/server/session.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAQjD,MAAM,WAAW,oBAAoB;IACnC,iEAAiE;IACjE,gBAAgB,EAAE,OAAO,CAAC;IAC1B,+EAA+E;IAC/E,SAAS,EAAE,OAAO,CAAC;IACnB,yEAAyE;IACzE,cAAc,EAAE,OAAO,CAAC;CACzB;AAUD,mFAAmF;AACnF,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,OAAO,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAEtF;AAED,qCAAqC;AACrC,wBAAgB,yBAAyB,IAAI,IAAI,CAEhD;AAMD,MAAM,WAAW,cAAc;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,cAAc,GAAG,MAAM,GAAG,IAAI,CA0B3F;AAMD,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,IAAI,CAAC;CACZ;AAED;;;;;;GAMG;AACH,wBAAsB,UAAU,CAC9B,OAAO,EAAE,OAAO,EAChB,cAAc,CAAC,EAAE,cAAc,GAC9B,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CA4G7B;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;IACR,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC,GACA,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,CAAC,CAmE9C;AAED;;;;;;;;;GASG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;IACR,+FAA+F;IAC/F,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GACA,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,CAAC,CAoC9C;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAoBtE;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAyBzE"}