@robelest/convex-auth 0.0.4-preview.2 → 0.0.4-preview.21

package/dist/server/mutations/store/refs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refs.js","names":[],"sources":["../../../../src/server/mutations/store/refs.ts"],"sourcesContent":["import { makeFunctionReference } from \"convex/server\";\n\n/**\n * Internal function reference for the library's store dispatch mutation.\n *\n * The package cannot import the consumer app's generated `api` module,\n * so it uses a canonical function reference name that matches the app-level\n * `export const { store } = auth` surface.\n */\nexport const AUTH_STORE_REF = makeFunctionReference(\"auth:store\") as any;\n"],"mappings":";;;;;;;;;;AASA,MAAa,iBAAiB,sBAAsB,aAAa"}

package/dist/server/mutations/store.d.ts

@@ -0,0 +1,306 @@
+import { Doc, MutationCtx, SessionInfo } from "../types.js";
+import { Config, GetProviderOrThrowFunc } from "../crypto.js";
+import * as convex_values20 from "convex/values";
+import { Infer } from "convex/values";
+
+//#region src/server/mutations/store.d.ts
+declare const storeArgs: convex_values20.VObject<{
+  args: {
+    sessionId?: string | undefined;
+    userId: string;
+    type: "signIn";
+    generateTokens: boolean;
+  } | {
+    type: "signOut";
+  } | {
+    type: "refreshSession";
+    refreshToken: string;
+  } | {
+    provider?: string | undefined;
+    verifier?: string | undefined;
+    type: "verifyCodeAndSignIn";
+    allowExtraProviders: boolean;
+    generateTokens: boolean;
+    params: any;
+  } | {
+    type: "verifier";
+  } | {
+    type: "verifierSignature";
+    verifier: string;
+    signature: string;
+  } | {
+    accountExtend?: any;
+    type: "userOAuth";
+    provider: string;
+    signature: string;
+    providerAccountId: string;
+    profile: any;
+  } | {
+    email?: string | undefined;
+    accountId?: string | undefined;
+    phone?: string | undefined;
+    type: "createVerificationCode";
+    provider: string;
+    code: string;
+    expirationTime: number;
+    allowExtraProviders: boolean;
+  } | {
+    shouldLinkViaEmail?: boolean | undefined;
+    shouldLinkViaPhone?: boolean | undefined;
+    type: "createAccountFromCredentials";
+    provider: string;
+    account: {
+      secret?: string | undefined;
+      id: string;
+    };
+    profile: any;
+  } | {
+    type: "retrieveAccountWithCredentials";
+    provider: string;
+    account: {
+      secret?: string | undefined;
+      id: string;
+    };
+  } | {
+    type: "modifyAccount";
+    provider: string;
+    account: {
+      id: string;
+      secret: string;
+    };
+  } | {
+    except?: string[] | undefined;
+    userId: string;
+    type: "invalidateSessions";
+  };
+}, {
+  args: convex_values20.VUnion<{
+    sessionId?: string | undefined;
+    userId: string;
+    type: "signIn";
+    generateTokens: boolean;
+  } | {
+    type: "signOut";
+  } | {
+    type: "refreshSession";
+    refreshToken: string;
+  } | {
+    provider?: string | undefined;
+    verifier?: string | undefined;
+    type: "verifyCodeAndSignIn";
+    allowExtraProviders: boolean;
+    generateTokens: boolean;
+    params: any;
+  } | {
+    type: "verifier";
+  } | {
+    type: "verifierSignature";
+    verifier: string;
+    signature: string;
+  } | {
+    accountExtend?: any;
+    type: "userOAuth";
+    provider: string;
+    signature: string;
+    providerAccountId: string;
+    profile: any;
+  } | {
+    email?: string | undefined;
+    accountId?: string | undefined;
+    phone?: string | undefined;
+    type: "createVerificationCode";
+    provider: string;
+    code: string;
+    expirationTime: number;
+    allowExtraProviders: boolean;
+  } | {
+    shouldLinkViaEmail?: boolean | undefined;
+    shouldLinkViaPhone?: boolean | undefined;
+    type: "createAccountFromCredentials";
+    provider: string;
+    account: {
+      secret?: string | undefined;
+      id: string;
+    };
+    profile: any;
+  } | {
+    type: "retrieveAccountWithCredentials";
+    provider: string;
+    account: {
+      secret?: string | undefined;
+      id: string;
+    };
+  } | {
+    type: "modifyAccount";
+    provider: string;
+    account: {
+      id: string;
+      secret: string;
+    };
+  } | {
+    except?: string[] | undefined;
+    userId: string;
+    type: "invalidateSessions";
+  }, [convex_values20.VObject<{
+    sessionId?: string | undefined;
+    userId: string;
+    type: "signIn";
+    generateTokens: boolean;
+  }, {
+    userId: convex_values20.VString<string, "required">;
+    sessionId: convex_values20.VString<string | undefined, "optional">;
+    generateTokens: convex_values20.VBoolean<boolean, "required">;
+    type: convex_values20.VLiteral<"signIn", "required">;
+  }, "required", "userId" | "type" | "sessionId" | "generateTokens">, convex_values20.VObject<{
+    type: "signOut";
+  }, {
+    type: convex_values20.VLiteral<"signOut", "required">;
+  }, "required", "type">, convex_values20.VObject<{
+    type: "refreshSession";
+    refreshToken: string;
+  }, {
+    refreshToken: convex_values20.VString<string, "required">;
+    type: convex_values20.VLiteral<"refreshSession", "required">;
+  }, "required", "type" | "refreshToken">, convex_values20.VObject<{
+    provider?: string | undefined;
+    verifier?: string | undefined;
+    type: "verifyCodeAndSignIn";
+    allowExtraProviders: boolean;
+    generateTokens: boolean;
+    params: any;
+  }, {
+    params: convex_values20.VAny<any, "required", string>;
+    provider: convex_values20.VString<string | undefined, "optional">;
+    verifier: convex_values20.VString<string | undefined, "optional">;
+    generateTokens: convex_values20.VBoolean<boolean, "required">;
+    allowExtraProviders: convex_values20.VBoolean<boolean, "required">;
+    type: convex_values20.VLiteral<"verifyCodeAndSignIn", "required">;
+  }, "required", "type" | "provider" | "allowExtraProviders" | "generateTokens" | "params" | "verifier" | `params.${string}`>, convex_values20.VObject<{
+    type: "verifier";
+  }, {
+    type: convex_values20.VLiteral<"verifier", "required">;
+  }, "required", "type">, convex_values20.VObject<{
+    type: "verifierSignature";
+    verifier: string;
+    signature: string;
+  }, {
+    verifier: convex_values20.VString<string, "required">;
+    signature: convex_values20.VString<string, "required">;
+    type: convex_values20.VLiteral<"verifierSignature", "required">;
+  }, "required", "type" | "verifier" | "signature">, convex_values20.VObject<{
+    accountExtend?: any;
+    type: "userOAuth";
+    provider: string;
+    signature: string;
+    providerAccountId: string;
+    profile: any;
+  }, {
+    provider: convex_values20.VString<string, "required">;
+    providerAccountId: convex_values20.VString<string, "required">;
+    profile: convex_values20.VAny<any, "required", string>;
+    signature: convex_values20.VString<string, "required">;
+    accountExtend: convex_values20.VAny<any, "optional", string>;
+    type: convex_values20.VLiteral<"userOAuth", "required">;
+  }, "required", "type" | "provider" | "signature" | "providerAccountId" | "profile" | "accountExtend" | `profile.${string}` | `accountExtend.${string}`>, convex_values20.VObject<{
+    email?: string | undefined;
+    accountId?: string | undefined;
+    phone?: string | undefined;
+    type: "createVerificationCode";
+    provider: string;
+    code: string;
+    expirationTime: number;
+    allowExtraProviders: boolean;
+  }, {
+    accountId: convex_values20.VString<string | undefined, "optional">;
+    provider: convex_values20.VString<string, "required">;
+    email: convex_values20.VString<string | undefined, "optional">;
+    phone: convex_values20.VString<string | undefined, "optional">;
+    code: convex_values20.VString<string, "required">;
+    expirationTime: convex_values20.VFloat64<number, "required">;
+    allowExtraProviders: convex_values20.VBoolean<boolean, "required">;
+    type: convex_values20.VLiteral<"createVerificationCode", "required">;
+  }, "required", "email" | "type" | "provider" | "code" | "accountId" | "phone" | "expirationTime" | "allowExtraProviders">, convex_values20.VObject<{
+    shouldLinkViaEmail?: boolean | undefined;
+    shouldLinkViaPhone?: boolean | undefined;
+    type: "createAccountFromCredentials";
+    provider: string;
+    account: {
+      secret?: string | undefined;
+      id: string;
+    };
+    profile: any;
+  }, {
+    provider: convex_values20.VString<string, "required">;
+    account: convex_values20.VObject<{
+      secret?: string | undefined;
+      id: string;
+    }, {
+      id: convex_values20.VString<string, "required">;
+      secret: convex_values20.VString<string | undefined, "optional">;
+    }, "required", "id" | "secret">;
+    profile: convex_values20.VAny<any, "required", string>;
+    shouldLinkViaEmail: convex_values20.VBoolean<boolean | undefined, "optional">;
+    shouldLinkViaPhone: convex_values20.VBoolean<boolean | undefined, "optional">;
+    type: convex_values20.VLiteral<"createAccountFromCredentials", "required">;
+  }, "required", "type" | "provider" | "account" | "account.id" | "account.secret" | "profile" | `profile.${string}` | "shouldLinkViaEmail" | "shouldLinkViaPhone">, convex_values20.VObject<{
+    type: "retrieveAccountWithCredentials";
+    provider: string;
+    account: {
+      secret?: string | undefined;
+      id: string;
+    };
+  }, {
+    provider: convex_values20.VString<string, "required">;
+    account: convex_values20.VObject<{
+      secret?: string | undefined;
+      id: string;
+    }, {
+      id: convex_values20.VString<string, "required">;
+      secret: convex_values20.VString<string | undefined, "optional">;
+    }, "required", "id" | "secret">;
+    type: convex_values20.VLiteral<"retrieveAccountWithCredentials", "required">;
+  }, "required", "type" | "provider" | "account" | "account.id" | "account.secret">, convex_values20.VObject<{
+    type: "modifyAccount";
+    provider: string;
+    account: {
+      id: string;
+      secret: string;
+    };
+  }, {
+    provider: convex_values20.VString<string, "required">;
+    account: convex_values20.VObject<{
+      id: string;
+      secret: string;
+    }, {
+      id: convex_values20.VString<string, "required">;
+      secret: convex_values20.VString<string, "required">;
+    }, "required", "id" | "secret">;
+    type: convex_values20.VLiteral<"modifyAccount", "required">;
+  }, "required", "type" | "provider" | "account" | "account.id" | "account.secret">, convex_values20.VObject<{
+    except?: string[] | undefined;
+    userId: string;
+    type: "invalidateSessions";
+  }, {
+    userId: convex_values20.VString<string, "required">;
+    except: convex_values20.VArray<string[] | undefined, convex_values20.VString<string, "required">, "optional">;
+    type: convex_values20.VLiteral<"invalidateSessions", "required">;
+  }, "required", "userId" | "except" | "type">], "required", "email" | "userId" | "except" | "type" | "provider" | "account" | "account.id" | "account.secret" | "code" | "accountId" | "phone" | "expirationTime" | "allowExtraProviders" | "sessionId" | "generateTokens" | "refreshToken" | "params" | "verifier" | `params.${string}` | "signature" | "providerAccountId" | "profile" | "accountExtend" | `profile.${string}` | `accountExtend.${string}` | "shouldLinkViaEmail" | "shouldLinkViaPhone">;
+}, "required", "args" | "args.email" | "args.userId" | "args.except" | "args.type" | "args.provider" | "args.account" | "args.account.id" | "args.account.secret" | "args.code" | "args.accountId" | "args.phone" | "args.expirationTime" | "args.allowExtraProviders" | "args.sessionId" | "args.generateTokens" | "args.refreshToken" | "args.params" | "args.verifier" | `args.params.${string}` | "args.signature" | "args.providerAccountId" | "args.profile" | "args.accountExtend" | `args.profile.${string}` | `args.accountExtend.${string}` | "args.shouldLinkViaEmail" | "args.shouldLinkViaPhone">;
+declare const storeImpl: (ctx: MutationCtx, fnArgs: Infer<typeof storeArgs>, getProviderOrThrow: GetProviderOrThrowFunc, config: Config) => Promise<string | void | SessionInfo | {
+  userId: convex_values20.GenericId<"User">;
+  sessionId: convex_values20.GenericId<"Session">;
+} | (string & {
+  __tableName: "AuthVerifier";
+}) | {
+  token: string;
+  refreshToken: string;
+} | {
+  account: Doc<"Account">;
+  user: Doc<"User">;
+} | {
+  account: Doc<"Account">;
+  user: Doc<"User">;
+} | null>;
+//#endregion
+export { storeArgs, storeImpl };
+//# sourceMappingURL=store.d.ts.map

package/dist/server/mutations/store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.d.ts","names":[],"sources":["../../../src/server/mutations/store.ts"],"mappings":";;;;;;cAyBa,SAAA,kBAAS,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAiDpB,eAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAEW,SAAA,GACX,GAAA,EAAK,WAAA,EACL,MAAA,EAAQ,KAAA,QAAa,SAAA,GACrB,kBAAA,EAAoB,sBAAA,EACpB,MAAA,EAAQ,MAAA,KAAe,OAAA,iBAAA,WAAA;UAAA,eAAA,CAAA,SAAA"}

package/dist/server/mutations/store.js

@@ -0,0 +1,85 @@
+import { LOG_LEVELS, logWithLevel } from "../utils.js";
+import { modifyAccountArgs, modifyAccountImpl } from "./account.js";
+import { createVerificationCodeArgs, createVerificationCodeImpl } from "./code.js";
+import { invalidateSessionsArgs, invalidateSessionsImpl } from "./invalidate.js";
+import { userOAuthArgs, userOAuthImpl } from "./oauth.js";
+import { refreshSessionArgs, refreshSessionImpl } from "./refresh.js";
+import { createAccountFromCredentialsArgs, createAccountFromCredentialsImpl } from "./register.js";
+import { retrieveAccountWithCredentialsArgs, retrieveAccountWithCredentialsImpl } from "./retrieve.js";
+import { verifierSignatureArgs, verifierSignatureImpl } from "./signature.js";
+import { signInArgs, signInImpl } from "./signin.js";
+import { signOutImpl } from "./signout.js";
+import { verifierImpl } from "./verifier.js";
+import { verifyCodeAndSignInArgs, verifyCodeAndSignInImpl } from "./verify.js";
+import { Fx } from "@robelest/fx";
+import { v } from "convex/values";
+
+//#region src/server/mutations/store.ts
+const storeArgs = v.object({ args: v.union(v.object({
+	type: v.literal("signIn"),
+	...signInArgs.fields
+}), v.object({ type: v.literal("signOut") }), v.object({
+	type: v.literal("refreshSession"),
+	...refreshSessionArgs.fields
+}), v.object({
+	type: v.literal("verifyCodeAndSignIn"),
+	...verifyCodeAndSignInArgs.fields
+}), v.object({ type: v.literal("verifier") }), v.object({
+	type: v.literal("verifierSignature"),
+	...verifierSignatureArgs.fields
+}), v.object({
+	type: v.literal("userOAuth"),
+	...userOAuthArgs.fields
+}), v.object({
+	type: v.literal("createVerificationCode"),
+	...createVerificationCodeArgs.fields
+}), v.object({
+	type: v.literal("createAccountFromCredentials"),
+	...createAccountFromCredentialsArgs.fields
+}), v.object({
+	type: v.literal("retrieveAccountWithCredentials"),
+	...retrieveAccountWithCredentialsArgs.fields
+}), v.object({
+	type: v.literal("modifyAccount"),
+	...modifyAccountArgs.fields
+}), v.object({
+	type: v.literal("invalidateSessions"),
+	...invalidateSessionsArgs.fields
+})) });
+const storeImpl = async (ctx, fnArgs, getProviderOrThrow, config) => {
+	const args = fnArgs.args;
+	logWithLevel(LOG_LEVELS.INFO, `\`auth:store\` type: ${args.type}`);
+	return Fx.run(Fx.match(args, args.type, {
+		signIn: (a) => Fx.from({
+			ok: () => signInImpl(ctx, a, config),
+			err: (e) => e
+		}),
+		signOut: () => signOutImpl(ctx, config),
+		refreshSession: (a) => Fx.from({
+			ok: () => refreshSessionImpl(ctx, a, getProviderOrThrow, config),
+			err: (e) => e
+		}),
+		verifyCodeAndSignIn: (a) => Fx.from({
+			ok: () => verifyCodeAndSignInImpl(ctx, a, getProviderOrThrow, config),
+			err: (e) => e
+		}),
+		verifier: () => verifierImpl(ctx, config),
+		verifierSignature: (a) => verifierSignatureImpl(ctx, a, config).pipe(Fx.recover((e) => Fx.fatal(e.toConvexError()))),
+		userOAuth: (a) => userOAuthImpl(ctx, a, getProviderOrThrow, config).pipe(Fx.recover((e) => Fx.fatal(e.toConvexError()))),
+		createVerificationCode: (a) => Fx.from({
+			ok: () => createVerificationCodeImpl(ctx, a, getProviderOrThrow, config),
+			err: (e) => e
+		}),
+		createAccountFromCredentials: (a) => Fx.from({
+			ok: () => createAccountFromCredentialsImpl(ctx, a, getProviderOrThrow, config),
+			err: (e) => e
+		}),
+		retrieveAccountWithCredentials: (a) => retrieveAccountWithCredentialsImpl(ctx, a, getProviderOrThrow, config),
+		modifyAccount: (a) => modifyAccountImpl(ctx, a, getProviderOrThrow, config).pipe(Fx.recover((e) => Fx.fatal(e.toConvexError()))),
+		invalidateSessions: (a) => invalidateSessionsImpl(ctx, a, config)
+	}));
+};
+
+//#endregion
+export { storeArgs, storeImpl };
+//# sourceMappingURL=store.js.map

package/dist/server/mutations/store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.js","names":[],"sources":["../../../src/server/mutations/store.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport { Infer, v } from \"convex/values\";\n\nimport * as Provider from \"../crypto\";\nimport { MutationCtx } from \"../types\";\nimport { LOG_LEVELS, logWithLevel } from \"../utils\";\nimport { modifyAccountArgs, modifyAccountImpl } from \"./account\";\nimport { createVerificationCodeArgs, createVerificationCodeImpl } from \"./code\";\nimport { invalidateSessionsArgs, invalidateSessionsImpl } from \"./invalidate\";\nimport { userOAuthArgs, userOAuthImpl } from \"./oauth\";\nimport { refreshSessionArgs, refreshSessionImpl } from \"./refresh\";\nimport {\n  createAccountFromCredentialsArgs,\n  createAccountFromCredentialsImpl,\n} from \"./register\";\nimport {\n  retrieveAccountWithCredentialsArgs,\n  retrieveAccountWithCredentialsImpl,\n} from \"./retrieve\";\nimport { verifierSignatureArgs, verifierSignatureImpl } from \"./signature\";\nimport { signInArgs, signInImpl } from \"./signin\";\nimport { signOutImpl } from \"./signout\";\nimport { verifierImpl } from \"./verifier\";\nimport { verifyCodeAndSignInArgs, verifyCodeAndSignInImpl } from \"./verify\";\n\nexport const storeArgs = v.object({\n  args: v.union(\n    v.object({\n      type: v.literal(\"signIn\"),\n      ...signInArgs.fields,\n    }),\n    v.object({\n      type: v.literal(\"signOut\"),\n    }),\n    v.object({\n      type: v.literal(\"refreshSession\"),\n      ...refreshSessionArgs.fields,\n    }),\n    v.object({\n      type: v.literal(\"verifyCodeAndSignIn\"),\n      ...verifyCodeAndSignInArgs.fields,\n    }),\n    v.object({\n      type: v.literal(\"verifier\"),\n    }),\n    v.object({\n      type: v.literal(\"verifierSignature\"),\n      ...verifierSignatureArgs.fields,\n    }),\n    v.object({\n      type: v.literal(\"userOAuth\"),\n      ...userOAuthArgs.fields,\n    }),\n    v.object({\n      type: v.literal(\"createVerificationCode\"),\n      ...createVerificationCodeArgs.fields,\n    }),\n    v.object({\n      type: v.literal(\"createAccountFromCredentials\"),\n      ...createAccountFromCredentialsArgs.fields,\n    }),\n    v.object({\n      type: v.literal(\"retrieveAccountWithCredentials\"),\n      ...retrieveAccountWithCredentialsArgs.fields,\n    }),\n    v.object({\n      type: v.literal(\"modifyAccount\"),\n      ...modifyAccountArgs.fields,\n    }),\n    v.object({\n      type: v.literal(\"invalidateSessions\"),\n      ...invalidateSessionsArgs.fields,\n    }),\n  ),\n});\n\nexport const storeImpl = async (\n  ctx: MutationCtx,\n  fnArgs: Infer<typeof storeArgs>,\n  getProviderOrThrow: Provider.GetProviderOrThrowFunc,\n  config: Provider.Config,\n) => {\n  const args = fnArgs.args;\n  logWithLevel(LOG_LEVELS.INFO, `\\`auth:store\\` type: ${args.type}`);\n  return Fx.run(\n    Fx.match(args, args.type, {\n      signIn: (a) =>\n        Fx.from({\n          ok: () => signInImpl(ctx, a, config),\n          err: (e) => e as never,\n        }),\n      signOut: () => signOutImpl(ctx, config),\n      refreshSession: (a) =>\n        Fx.from({\n          ok: () => refreshSessionImpl(ctx, a, getProviderOrThrow, config),\n          err: (e) => e as never,\n        }),\n      verifyCodeAndSignIn: (a) =>\n        Fx.from({\n          ok: () => verifyCodeAndSignInImpl(ctx, a, getProviderOrThrow, config),\n          err: (e) => e as never,\n        }),\n      verifier: () => verifierImpl(ctx, config),\n      verifierSignature: (a) =>\n        verifierSignatureImpl(ctx, a, config).pipe(\n          Fx.recover((e) => Fx.fatal(e.toConvexError())),\n        ),\n      userOAuth: (a) =>\n        userOAuthImpl(ctx, a, getProviderOrThrow, config).pipe(\n          Fx.recover((e) => Fx.fatal(e.toConvexError())),\n        ),\n      createVerificationCode: (a) =>\n        Fx.from({\n          ok: () =>\n            createVerificationCodeImpl(ctx, a, getProviderOrThrow, config),\n          err: (e) => e as never,\n        }),\n      createAccountFromCredentials: (a) =>\n        Fx.from({\n          ok: () =>\n            createAccountFromCredentialsImpl(\n              ctx,\n              a,\n              getProviderOrThrow,\n              config,\n            ),\n          err: (e) => e as never,\n        }),\n      retrieveAccountWithCredentials: (a) =>\n        retrieveAccountWithCredentialsImpl(ctx, a, getProviderOrThrow, config),\n      modifyAccount: (a) =>\n        modifyAccountImpl(ctx, a, getProviderOrThrow, config).pipe(\n          Fx.recover((e) => Fx.fatal(e.toConvexError())),\n        ),\n      invalidateSessions: (a) => invalidateSessionsImpl(ctx, a, config),\n    }),\n  );\n};\n"],"mappings":";;;;;;;;;;;;;;;;;AAyBA,MAAa,YAAY,EAAE,OAAO,EAChC,MAAM,EAAE,MACN,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,SAAS;CACzB,GAAG,WAAW;CACf,CAAC,EACF,EAAE,OAAO,EACP,MAAM,EAAE,QAAQ,UAAU,EAC3B,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,iBAAiB;CACjC,GAAG,mBAAmB;CACvB,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,sBAAsB;CACtC,GAAG,wBAAwB;CAC5B,CAAC,EACF,EAAE,OAAO,EACP,MAAM,EAAE,QAAQ,WAAW,EAC5B,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,oBAAoB;CACpC,GAAG,sBAAsB;CAC1B,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,YAAY;CAC5B,GAAG,cAAc;CAClB,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,yBAAyB;CACzC,GAAG,2BAA2B;CAC/B,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,+BAA+B;CAC/C,GAAG,iCAAiC;CACrC,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,iCAAiC;CACjD,GAAG,mCAAmC;CACvC,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,gBAAgB;CAChC,GAAG,kBAAkB;CACtB,CAAC,EACF,EAAE,OAAO;CACP,MAAM,EAAE,QAAQ,qBAAqB;CACrC,GAAG,uBAAuB;CAC3B,CAAC,CACH,EACF,CAAC;AAEF,MAAa,YAAY,OACvB,KACA,QACA,oBACA,WACG;CACH,MAAM,OAAO,OAAO;AACpB,cAAa,WAAW,MAAM,wBAAwB,KAAK,OAAO;AAClE,QAAO,GAAG,IACR,GAAG,MAAM,MAAM,KAAK,MAAM;EACxB,SAAS,MACP,GAAG,KAAK;GACN,UAAU,WAAW,KAAK,GAAG,OAAO;GACpC,MAAM,MAAM;GACb,CAAC;EACJ,eAAe,YAAY,KAAK,OAAO;EACvC,iBAAiB,MACf,GAAG,KAAK;GACN,UAAU,mBAAmB,KAAK,GAAG,oBAAoB,OAAO;GAChE,MAAM,MAAM;GACb,CAAC;EACJ,sBAAsB,MACpB,GAAG,KAAK;GACN,UAAU,wBAAwB,KAAK,GAAG,oBAAoB,OAAO;GACrE,MAAM,MAAM;GACb,CAAC;EACJ,gBAAgB,aAAa,KAAK,OAAO;EACzC,oBAAoB,MAClB,sBAAsB,KAAK,GAAG,OAAO,CAAC,KACpC,GAAG,SAAS,MAAM,GAAG,MAAM,EAAE,eAAe,CAAC,CAAC,CAC/C;EACH,YAAY,MACV,cAAc,KAAK,GAAG,oBAAoB,OAAO,CAAC,KAChD,GAAG,SAAS,MAAM,GAAG,MAAM,EAAE,eAAe,CAAC,CAAC,CAC/C;EACH,yBAAyB,MACvB,GAAG,KAAK;GACN,UACE,2BAA2B,KAAK,GAAG,oBAAoB,OAAO;GAChE,MAAM,MAAM;GACb,CAAC;EACJ,+BAA+B,MAC7B,GAAG,KAAK;GACN,UACE,iCACE,KACA,GACA,oBACA,OACD;GACH,MAAM,MAAM;GACb,CAAC;EACJ,iCAAiC,MAC/B,mCAAmC,KAAK,GAAG,oBAAoB,OAAO;EACxE,gBAAgB,MACd,kBAAkB,KAAK,GAAG,oBAAoB,OAAO,CAAC,KACpD,GAAG,SAAS,MAAM,GAAG,MAAM,EAAE,eAAe,CAAC,CAAC,CAC/C;EACH,qBAAqB,MAAM,uBAAuB,KAAK,GAAG,OAAO;EAClE,CAAC,CACH"}

package/dist/server/mutations/verifier.d.ts

@@ -0,0 +1,13 @@
+import { MutationCtx } from "../types.js";
+import { Config } from "../crypto.js";
+import { Fx } from "@robelest/fx";
+import { GenericActionCtx, GenericDataModel } from "convex/server";
+import { GenericId } from "convex/values";
+
+//#region src/server/mutations/verifier.d.ts
+type ReturnType = GenericId<"AuthVerifier">;
+declare function verifierImpl(ctx: MutationCtx, config: Config): Fx<ReturnType, never>;
+declare const callVerifier: <DataModel extends GenericDataModel>(ctx: GenericActionCtx<DataModel>) => Promise<ReturnType>;
+//#endregion
+export { callVerifier, verifierImpl };
+//# sourceMappingURL=verifier.d.ts.map

package/dist/server/mutations/verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifier.d.ts","names":[],"sources":["../../../src/server/mutations/verifier.ts"],"mappings":";;;;;;;KAUK,UAAA,GAAa,SAAA;AAAA,iBAEF,YAAA,CACd,GAAA,EAAK,WAAA,EACL,MAAA,EAAQ,MAAA,GACP,EAAA,CAAG,UAAA;AAAA,cAUO,YAAA,qBAAwC,gBAAA,EACnD,GAAA,EAAK,gBAAA,CAAiB,SAAA,MACrB,OAAA,CAAQ,UAAA"}

package/dist/server/mutations/verifier.js

@@ -0,0 +1,18 @@
+import { authDb } from "../db.js";
+import { AUTH_STORE_REF } from "./store/refs.js";
+import { getAuthSessionId } from "../sessions.js";
+import { Fx } from "@robelest/fx";
+
+//#region src/server/mutations/verifier.ts
+function verifierImpl(ctx, config) {
+	return Fx.gen(function* () {
+		return yield* Fx.promise(async () => authDb(ctx, config).verifiers.create(await getAuthSessionId(ctx) ?? void 0));
+	});
+}
+const callVerifier = async (ctx) => {
+	return ctx.runMutation(AUTH_STORE_REF, { args: { type: "verifier" } });
+};
+
+//#endregion
+export { callVerifier, verifierImpl };
+//# sourceMappingURL=verifier.js.map

package/dist/server/mutations/verifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifier.js","names":[],"sources":["../../../src/server/mutations/verifier.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { GenericId } from \"convex/values\";\n\nimport { authDb } from \"../db\";\nimport * as Provider from \"../crypto\";\nimport { getAuthSessionId } from \"../sessions\";\nimport { MutationCtx } from \"../types\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\ntype ReturnType = GenericId<\"AuthVerifier\">;\n\nexport function verifierImpl(\n  ctx: MutationCtx,\n  config: Provider.Config,\n): Fx<ReturnType, never> {\n  return Fx.gen(function* () {\n    return (yield* Fx.promise(async () =>\n      authDb(ctx, config).verifiers.create(\n        (await getAuthSessionId(ctx)) ?? undefined,\n      ),\n    )) as ReturnType;\n  });\n}\n\nexport const callVerifier = async <DataModel extends GenericDataModel>(\n  ctx: GenericActionCtx<DataModel>,\n): Promise<ReturnType> => {\n  return ctx.runMutation(AUTH_STORE_REF, {\n    args: {\n      type: \"verifier\",\n    },\n  });\n};\n"],"mappings":";;;;;;AAYA,SAAgB,aACd,KACA,QACuB;AACvB,QAAO,GAAG,IAAI,aAAa;AACzB,SAAQ,OAAO,GAAG,QAAQ,YACxB,OAAO,KAAK,OAAO,CAAC,UAAU,OAC3B,MAAM,iBAAiB,IAAI,IAAK,OAClC,CACF;GACD;;AAGJ,MAAa,eAAe,OAC1B,QACwB;AACxB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM,EACJ,MAAM,YACP,EACF,CAAC"}

package/dist/server/mutations/verify.d.ts

@@ -0,0 +1,26 @@
+import { MutationCtx, SessionInfo } from "../types.js";
+import { Config, GetProviderOrThrowFunc } from "../crypto.js";
+import { GenericActionCtx, GenericDataModel } from "convex/server";
+import * as convex_values95 from "convex/values";
+import { Infer } from "convex/values";
+
+//#region src/server/mutations/verify.d.ts
+declare const verifyCodeAndSignInArgs: convex_values95.VObject<{
+  provider?: string | undefined;
+  verifier?: string | undefined;
+  allowExtraProviders: boolean;
+  generateTokens: boolean;
+  params: any;
+}, {
+  params: convex_values95.VAny<any, "required", string>;
+  provider: convex_values95.VString<string | undefined, "optional">;
+  verifier: convex_values95.VString<string | undefined, "optional">;
+  generateTokens: convex_values95.VBoolean<boolean, "required">;
+  allowExtraProviders: convex_values95.VBoolean<boolean, "required">;
+}, "required", "provider" | "allowExtraProviders" | "generateTokens" | "params" | "verifier" | `params.${string}`>;
+type ReturnType = null | SessionInfo;
+declare function verifyCodeAndSignInImpl(ctx: MutationCtx, args: Infer<typeof verifyCodeAndSignInArgs>, getProviderOrThrow: GetProviderOrThrowFunc, config: Config): Promise<ReturnType>;
+declare const callVerifyCodeAndSignIn: <DataModel extends GenericDataModel>(ctx: GenericActionCtx<DataModel>, args: Infer<typeof verifyCodeAndSignInArgs>) => Promise<ReturnType>;
+//#endregion
+export { callVerifyCodeAndSignIn, verifyCodeAndSignInArgs, verifyCodeAndSignInImpl };
+//# sourceMappingURL=verify.d.ts.map

package/dist/server/mutations/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","names":[],"sources":["../../../src/server/mutations/verify.ts"],"mappings":";;;;;;;cA0Ba,uBAAA,kBAAuB,OAAA;;;;;;;UAMlC,eAAA,CAAA,IAAA;;;;;;KAEG,UAAA,UAAoB,WAAA;AAAA,iBAgBH,uBAAA,CACpB,GAAA,EAAK,WAAA,EACL,IAAA,EAAM,KAAA,QAAa,uBAAA,GACnB,kBAAA,EAAoB,sBAAA,EACpB,MAAA,EAAQ,MAAA,GACP,OAAA,CAAQ,UAAA;AAAA,cAsIE,uBAAA,qBACO,gBAAA,EAElB,GAAA,EAAK,gBAAA,CAAiB,SAAA,GACtB,IAAA,EAAM,KAAA,QAAa,uBAAA,MAClB,OAAA,CAAQ,UAAA"}

package/dist/server/mutations/verify.js

@@ -0,0 +1,98 @@
+import { LOG_LEVELS, logWithLevel, requireEnv, sha256 } from "../utils.js";
+import { authDb } from "../db.js";
+import { AUTH_STORE_REF } from "./store/refs.js";
+import { createNewAndDeleteExistingSession, getAuthSessionId, maybeGenerateTokensForSession } from "../sessions.js";
+import { upsertUserAndAccount } from "../users.js";
+import { isEnterpriseProviderId } from "../enterprise/shared.js";
+import { createSyntheticOAuthMaterializedConfig } from "../enterprise/oidc.js";
+import { isSignInRateLimited, recordFailedSignIn, resetSignInRateLimit } from "../limits.js";
+import { Fx } from "@robelest/fx";
+import { v } from "convex/values";
+
+//#region src/server/mutations/verify.ts
+const verifyCodeAndSignInArgs = v.object({
+	params: v.any(),
+	provider: v.optional(v.string()),
+	verifier: v.optional(v.string()),
+	generateTokens: v.boolean(),
+	allowExtraProviders: v.boolean()
+});
+/** A soft verification failure — logged and collapsed to null at the boundary. */
+var VerifyFailure = class {
+	_tag = "VerifyFailure";
+	constructor(reason) {
+		this.reason = reason;
+	}
+};
+async function verifyCodeAndSignInImpl(ctx, args, getProviderOrThrow, config) {
+	logWithLevel(LOG_LEVELS.DEBUG, "verifyCodeAndSignInImpl args:", {
+		params: {
+			email: args.params.email,
+			phone: args.params.phone
+		},
+		provider: args.provider,
+		verifier: args.verifier,
+		generateTokens: args.generateTokens,
+		allowExtraProviders: args.allowExtraProviders
+	});
+	const { generateTokens, provider, allowExtraProviders } = args;
+	if (generateTokens) {
+		requireEnv("JWT_PRIVATE_KEY");
+		requireEnv("JWKS");
+		requireEnv("CONVEX_SITE_URL");
+	}
+	const identifier = args.params.email ?? args.params.phone;
+	try {
+		if (identifier !== void 0) {
+			if (await Fx.run(isSignInRateLimited(ctx, identifier, config))) throw new VerifyFailure("Too many failed attempts to verify code for this email");
+		}
+		const db = authDb(ctx, config);
+		const { params, verifier } = args;
+		const hash = await sha256(params.code);
+		const code = await db.verificationCodes.getByCode(hash);
+		if (code === null) throw new VerifyFailure("Invalid verification code");
+		await db.verificationCodes.delete(code._id);
+		if (code.verifier !== verifier) throw new VerifyFailure("Invalid verifier");
+		if (code.expirationTime < Date.now()) throw new VerifyFailure("Expired verification code");
+		if (provider !== void 0 && code.provider !== provider) throw new VerifyFailure(`Invalid provider "${provider}" for given \`code\``);
+		const account = await db.accounts.getById(code.accountId);
+		if (account === null) throw new VerifyFailure("Account associated with this email has been deleted");
+		const codeProvider = isEnterpriseProviderId(code.provider) ? createSyntheticOAuthMaterializedConfig(code.provider) : getProviderOrThrow(code.provider, allowExtraProviders);
+		if (codeProvider !== null && (codeProvider.type === "email" || codeProvider.type === "phone") && codeProvider.authorize !== void 0) await codeProvider.authorize(args.params, account);
+		const methodProvider = isEnterpriseProviderId(account.provider) ? createSyntheticOAuthMaterializedConfig(account.provider) : getProviderOrThrow(account.provider);
+		const userId = methodProvider.type === "oauth" ? account.userId : (await upsertUserAndAccount(ctx, await getAuthSessionId(ctx), { existingAccount: account }, {
+			type: "verification",
+			provider: methodProvider,
+			profile: {
+				...code.emailVerified !== void 0 ? {
+					email: code.emailVerified,
+					emailVerified: true
+				} : {},
+				...code.phoneVerified !== void 0 ? {
+					phone: code.phoneVerified,
+					phoneVerified: true
+				} : {}
+			}
+		}, config)).userId;
+		if (identifier !== void 0) await Fx.run(resetSignInRateLimit(ctx, identifier, config));
+		return await maybeGenerateTokensForSession(ctx, config, userId, await createNewAndDeleteExistingSession(ctx, config, userId), generateTokens);
+	} catch (error) {
+		if (error instanceof VerifyFailure) {
+			logWithLevel(LOG_LEVELS.ERROR, error.reason);
+			if (identifier !== void 0) await Fx.run(recordFailedSignIn(ctx, identifier, config));
+			return null;
+		}
+		logWithLevel(LOG_LEVELS.ERROR, `verifyCodeAndSignInImpl failed: ${String(error)}`);
+		return null;
+	}
+}
+const callVerifyCodeAndSignIn = async (ctx, args) => {
+	return ctx.runMutation(AUTH_STORE_REF, { args: {
+		type: "verifyCodeAndSignIn",
+		...args
+	} });
+};
+
+//#endregion
+export { callVerifyCodeAndSignIn, verifyCodeAndSignInArgs, verifyCodeAndSignInImpl };
+//# sourceMappingURL=verify.js.map

package/dist/server/mutations/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","names":[],"sources":["../../../src/server/mutations/verify.ts"],"sourcesContent":["import { Fx } from \"@robelest/fx\";\nimport type { GenericActionCtx, GenericDataModel } from \"convex/server\";\nimport { Infer, v } from \"convex/values\";\n\nimport { authDb } from \"../db\";\nimport * as Provider from \"../crypto\";\nimport {\n  isSignInRateLimited,\n  recordFailedSignIn,\n  resetSignInRateLimit,\n} from \"../limits\";\nimport {\n  createNewAndDeleteExistingSession,\n  getAuthSessionId,\n  maybeGenerateTokensForSession,\n} from \"../sessions\";\nimport {\n  createSyntheticOAuthMaterializedConfig,\n} from \"../enterprise/oidc\";\nimport { isEnterpriseProviderId } from \"../enterprise/shared\";\nimport { MutationCtx, SessionInfo } from \"../types\";\nimport { upsertUserAndAccount } from \"../users\";\nimport { LOG_LEVELS, logWithLevel, sha256 } from \"../utils\";\nimport { requireEnv } from \"../utils\";\nimport { AUTH_STORE_REF } from \"./store/refs\";\n\nexport const verifyCodeAndSignInArgs = v.object({\n  params: v.any(),\n  provider: v.optional(v.string()),\n  verifier: v.optional(v.string()),\n  generateTokens: v.boolean(),\n  allowExtraProviders: v.boolean(),\n});\n\ntype ReturnType = null | SessionInfo;\n\n// ============================================================================\n// Small validators for the verification pipeline\n// ============================================================================\n\n/** A soft verification failure — logged and collapsed to null at the boundary. */\nclass VerifyFailure {\n  readonly _tag = \"VerifyFailure\" as const;\n  constructor(readonly reason: string) {}\n}\n\n// ============================================================================\n// Main exported function\n// ============================================================================\n\nexport async function verifyCodeAndSignInImpl(\n  ctx: MutationCtx,\n  args: Infer<typeof verifyCodeAndSignInArgs>,\n  getProviderOrThrow: Provider.GetProviderOrThrowFunc,\n  config: Provider.Config,\n): Promise<ReturnType> {\n  logWithLevel(LOG_LEVELS.DEBUG, \"verifyCodeAndSignInImpl args:\", {\n    params: { email: args.params.email, phone: args.params.phone },\n    provider: args.provider,\n    verifier: args.verifier,\n    generateTokens: args.generateTokens,\n    allowExtraProviders: args.allowExtraProviders,\n  });\n\n  const { generateTokens, provider, allowExtraProviders } = args;\n  if (generateTokens) {\n    requireEnv(\"JWT_PRIVATE_KEY\");\n    requireEnv(\"JWKS\");\n    requireEnv(\"CONVEX_SITE_URL\");\n  }\n  const identifier: string | undefined = args.params.email ?? args.params.phone;\n\n  try {\n    if (identifier !== undefined) {\n      const limited = await Fx.run(\n        isSignInRateLimited(ctx, identifier, config),\n      );\n      if (limited) {\n        throw new VerifyFailure(\n          \"Too many failed attempts to verify code for this email\",\n        );\n      }\n    }\n\n    const db = authDb(ctx, config);\n    const { params, verifier } = args;\n    const hash = await sha256(params.code);\n    const code = await db.verificationCodes.getByCode(hash);\n    if (code === null) {\n      throw new VerifyFailure(\"Invalid verification code\");\n    }\n\n    await db.verificationCodes.delete(code._id);\n\n    if (code.verifier !== verifier) {\n      throw new VerifyFailure(\"Invalid verifier\");\n    }\n    if (code.expirationTime < Date.now()) {\n      throw new VerifyFailure(\"Expired verification code\");\n    }\n    if (provider !== undefined && code.provider !== provider) {\n      throw new VerifyFailure(\n        `Invalid provider \"${provider}\" for given \\`code\\``,\n      );\n    }\n\n    const account = await db.accounts.getById(code.accountId);\n    if (account === null) {\n      throw new VerifyFailure(\n        \"Account associated with this email has been deleted\",\n      );\n    }\n\n    const codeProvider = isEnterpriseProviderId(code.provider)\n      ? createSyntheticOAuthMaterializedConfig(code.provider)\n      : getProviderOrThrow(code.provider, allowExtraProviders);\n\n    if (\n      codeProvider !== null &&\n      (codeProvider.type === \"email\" || codeProvider.type === \"phone\") &&\n      codeProvider.authorize !== undefined\n    ) {\n      await codeProvider.authorize(args.params, account);\n    }\n\n    const methodProvider = isEnterpriseProviderId(account.provider)\n      ? createSyntheticOAuthMaterializedConfig(account.provider)\n      : getProviderOrThrow(account.provider);\n\n    const userId =\n      methodProvider.type === \"oauth\"\n        ? account.userId\n        : (\n            await upsertUserAndAccount(\n              ctx,\n              await getAuthSessionId(ctx),\n              { existingAccount: account },\n              {\n                type: \"verification\",\n                provider: methodProvider,\n                profile: {\n                  ...(code.emailVerified !== undefined\n                    ? { email: code.emailVerified, emailVerified: true }\n                    : {}),\n                  ...(code.phoneVerified !== undefined\n                    ? { phone: code.phoneVerified, phoneVerified: true }\n                    : {}),\n                },\n              },\n              config,\n            )\n          ).userId;\n\n    if (identifier !== undefined) {\n      await Fx.run(resetSignInRateLimit(ctx, identifier, config));\n    }\n\n    const sessionId = await createNewAndDeleteExistingSession(\n      ctx,\n      config,\n      userId,\n    );\n    return await maybeGenerateTokensForSession(\n      ctx,\n      config,\n      userId,\n      sessionId,\n      generateTokens,\n    );\n  } catch (error) {\n    if (error instanceof VerifyFailure) {\n      logWithLevel(LOG_LEVELS.ERROR, error.reason);\n      if (identifier !== undefined) {\n        await Fx.run(recordFailedSignIn(ctx, identifier, config));\n      }\n      return null;\n    }\n    logWithLevel(\n      LOG_LEVELS.ERROR,\n      `verifyCodeAndSignInImpl failed: ${String(error)}`,\n    );\n    return null;\n  }\n}\n\n// ============================================================================\n// Action-level caller (unchanged — just forwards to mutation)\n// ============================================================================\n\nexport const callVerifyCodeAndSignIn = async <\n  DataModel extends GenericDataModel,\n>(\n  ctx: GenericActionCtx<DataModel>,\n  args: Infer<typeof verifyCodeAndSignInArgs>,\n): Promise<ReturnType> => {\n  return ctx.runMutation(AUTH_STORE_REF, {\n    args: {\n      type: \"verifyCodeAndSignIn\",\n      ...args,\n    },\n  });\n};\n"],"mappings":";;;;;;;;;;;;AA0BA,MAAa,0BAA0B,EAAE,OAAO;CAC9C,QAAQ,EAAE,KAAK;CACf,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;CAChC,UAAU,EAAE,SAAS,EAAE,QAAQ,CAAC;CAChC,gBAAgB,EAAE,SAAS;CAC3B,qBAAqB,EAAE,SAAS;CACjC,CAAC;;AASF,IAAM,gBAAN,MAAoB;CAClB,AAAS,OAAO;CAChB,YAAY,AAAS,QAAgB;EAAhB;;;AAOvB,eAAsB,wBACpB,KACA,MACA,oBACA,QACqB;AACrB,cAAa,WAAW,OAAO,iCAAiC;EAC9D,QAAQ;GAAE,OAAO,KAAK,OAAO;GAAO,OAAO,KAAK,OAAO;GAAO;EAC9D,UAAU,KAAK;EACf,UAAU,KAAK;EACf,gBAAgB,KAAK;EACrB,qBAAqB,KAAK;EAC3B,CAAC;CAEF,MAAM,EAAE,gBAAgB,UAAU,wBAAwB;AAC1D,KAAI,gBAAgB;AAClB,aAAW,kBAAkB;AAC7B,aAAW,OAAO;AAClB,aAAW,kBAAkB;;CAE/B,MAAM,aAAiC,KAAK,OAAO,SAAS,KAAK,OAAO;AAExE,KAAI;AACF,MAAI,eAAe,QAIjB;OAHgB,MAAM,GAAG,IACvB,oBAAoB,KAAK,YAAY,OAAO,CAC7C,CAEC,OAAM,IAAI,cACR,yDACD;;EAIL,MAAM,KAAK,OAAO,KAAK,OAAO;EAC9B,MAAM,EAAE,QAAQ,aAAa;EAC7B,MAAM,OAAO,MAAM,OAAO,OAAO,KAAK;EACtC,MAAM,OAAO,MAAM,GAAG,kBAAkB,UAAU,KAAK;AACvD,MAAI,SAAS,KACX,OAAM,IAAI,cAAc,4BAA4B;AAGtD,QAAM,GAAG,kBAAkB,OAAO,KAAK,IAAI;AAE3C,MAAI,KAAK,aAAa,SACpB,OAAM,IAAI,cAAc,mBAAmB;AAE7C,MAAI,KAAK,iBAAiB,KAAK,KAAK,CAClC,OAAM,IAAI,cAAc,4BAA4B;AAEtD,MAAI,aAAa,UAAa,KAAK,aAAa,SAC9C,OAAM,IAAI,cACR,qBAAqB,SAAS,sBAC/B;EAGH,MAAM,UAAU,MAAM,GAAG,SAAS,QAAQ,KAAK,UAAU;AACzD,MAAI,YAAY,KACd,OAAM,IAAI,cACR,sDACD;EAGH,MAAM,eAAe,uBAAuB,KAAK,SAAS,GACtD,uCAAuC,KAAK,SAAS,GACrD,mBAAmB,KAAK,UAAU,oBAAoB;AAE1D,MACE,iBAAiB,SAChB,aAAa,SAAS,WAAW,aAAa,SAAS,YACxD,aAAa,cAAc,OAE3B,OAAM,aAAa,UAAU,KAAK,QAAQ,QAAQ;EAGpD,MAAM,iBAAiB,uBAAuB,QAAQ,SAAS,GAC3D,uCAAuC,QAAQ,SAAS,GACxD,mBAAmB,QAAQ,SAAS;EAExC,MAAM,SACJ,eAAe,SAAS,UACpB,QAAQ,UAEN,MAAM,qBACJ,KACA,MAAM,iBAAiB,IAAI,EAC3B,EAAE,iBAAiB,SAAS,EAC5B;GACE,MAAM;GACN,UAAU;GACV,SAAS;IACP,GAAI,KAAK,kBAAkB,SACvB;KAAE,OAAO,KAAK;KAAe,eAAe;KAAM,GAClD,EAAE;IACN,GAAI,KAAK,kBAAkB,SACvB;KAAE,OAAO,KAAK;KAAe,eAAe;KAAM,GAClD,EAAE;IACP;GACF,EACD,OACD,EACD;AAER,MAAI,eAAe,OACjB,OAAM,GAAG,IAAI,qBAAqB,KAAK,YAAY,OAAO,CAAC;AAQ7D,SAAO,MAAM,8BACX,KACA,QACA,QARgB,MAAM,kCACtB,KACA,QACA,OACD,EAMC,eACD;UACM,OAAO;AACd,MAAI,iBAAiB,eAAe;AAClC,gBAAa,WAAW,OAAO,MAAM,OAAO;AAC5C,OAAI,eAAe,OACjB,OAAM,GAAG,IAAI,mBAAmB,KAAK,YAAY,OAAO,CAAC;AAE3D,UAAO;;AAET,eACE,WAAW,OACX,mCAAmC,OAAO,MAAM,GACjD;AACD,SAAO;;;AAQX,MAAa,0BAA0B,OAGrC,KACA,SACwB;AACxB,QAAO,IAAI,YAAY,gBAAgB,EACrC,MAAM;EACJ,MAAM;EACN,GAAG;EACJ,EACF,CAAC"}