@rool-dev/sdk 0.11.2 → 0.11.3-dev.521c0dc
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +181 -10
- package/dist/auth-base.d.ts +100 -0
- package/dist/auth-base.d.ts.map +1 -0
- package/dist/auth-base.js +377 -0
- package/dist/auth-base.js.map +1 -0
- package/dist/auth-browser.d.ts +6 -77
- package/dist/auth-browser.d.ts.map +1 -1
- package/dist/auth-browser.js +32 -328
- package/dist/auth-browser.js.map +1 -1
- package/dist/auth-native.d.ts +72 -0
- package/dist/auth-native.d.ts.map +1 -0
- package/dist/auth-native.js +260 -0
- package/dist/auth-native.js.map +1 -0
- package/dist/auth.d.ts +17 -1
- package/dist/auth.d.ts.map +1 -1
- package/dist/auth.js +36 -5
- package/dist/auth.js.map +1 -1
- package/dist/channel.d.ts +1 -4
- package/dist/channel.d.ts.map +1 -1
- package/dist/channel.js +0 -5
- package/dist/channel.js.map +1 -1
- package/dist/client.d.ts +30 -3
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +52 -6
- package/dist/client.js.map +1 -1
- package/dist/graphql.d.ts +9 -5
- package/dist/graphql.d.ts.map +1 -1
- package/dist/graphql.js +51 -29
- package/dist/graphql.js.map +1 -1
- package/dist/index.d.ts +5 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -0
- package/dist/index.js.map +1 -1
- package/dist/rest.d.ts +10 -1
- package/dist/rest.d.ts.map +1 -1
- package/dist/rest.js +30 -0
- package/dist/rest.js.map +1 -1
- package/dist/space.d.ts +21 -10
- package/dist/space.d.ts.map +1 -1
- package/dist/space.js +22 -21
- package/dist/space.js.map +1 -1
- package/dist/subscription.js +1 -1
- package/dist/subscription.js.map +1 -1
- package/dist/types.d.ts +84 -8
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
package/dist/auth-browser.js
CHANGED
|
@@ -1,99 +1,20 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
/**
|
|
10
|
-
* Get a short hash of the auth URL for scoping storage by endpoint.
|
|
11
|
-
*/
|
|
12
|
-
get endpointHash() {
|
|
13
|
-
const url = this.authBaseUrl;
|
|
14
|
-
// Simple djb2 hash
|
|
15
|
-
let hash = 5381;
|
|
16
|
-
for (let i = 0; i < url.length; i++) {
|
|
17
|
-
hash = ((hash << 5) + hash) ^ url.charCodeAt(i);
|
|
18
|
-
}
|
|
19
|
-
return (hash >>> 0).toString(16).padStart(8, '0');
|
|
20
|
-
}
|
|
21
|
-
/**
|
|
22
|
-
* Get the storage prefix, incorporating endpoint hash.
|
|
23
|
-
*/
|
|
24
|
-
get storagePrefix() {
|
|
25
|
-
return `${DEFAULT_STORAGE_PREFIX}${this.endpointHash}_`;
|
|
26
|
-
}
|
|
27
|
-
get storageKeys() {
|
|
28
|
-
const prefix = this.storagePrefix;
|
|
29
|
-
return {
|
|
30
|
-
access: `${prefix}access_token`,
|
|
31
|
-
refresh: `${prefix}refresh_token`,
|
|
32
|
-
rool: `${prefix}rool_token`,
|
|
33
|
-
expiresAt: `${prefix}token_expires_at`,
|
|
34
|
-
state: `${prefix}auth_state`,
|
|
35
|
-
};
|
|
36
|
-
}
|
|
37
|
-
/** Auth URL without trailing slash */
|
|
38
|
-
get authBaseUrl() {
|
|
39
|
-
return this.config.authUrl.replace(/\/+$/, '');
|
|
40
|
-
}
|
|
41
|
-
constructor(config) {
|
|
42
|
-
this.config = config;
|
|
43
|
-
this.logger = config.logger;
|
|
44
|
-
}
|
|
1
|
+
// =============================================================================
|
|
2
|
+
// Browser auth provider
|
|
3
|
+
// Full-page redirect flow: hands off to the auth pages and reads the returned
|
|
4
|
+
// tokens from the URL fragment on the way back. Token storage and refresh live
|
|
5
|
+
// in BaseTokenAuthProvider.
|
|
6
|
+
// =============================================================================
|
|
7
|
+
import { BaseTokenAuthProvider } from './auth-base.js';
|
|
8
|
+
export class BrowserAuthProvider extends BaseTokenAuthProvider {
|
|
45
9
|
/**
|
|
46
10
|
* Initialize auth manager - should be called on app startup.
|
|
47
11
|
* Processes any auth callback in the URL and sets up auto-refresh.
|
|
48
12
|
*/
|
|
49
13
|
initialize() {
|
|
50
14
|
const wasCallback = this.processCallback();
|
|
51
|
-
this.
|
|
52
|
-
this.listenForVisibility();
|
|
15
|
+
this.initBase();
|
|
53
16
|
return wasCallback;
|
|
54
17
|
}
|
|
55
|
-
/**
|
|
56
|
-
* Check if user is currently authenticated.
|
|
57
|
-
*
|
|
58
|
-
* This reports identity (do we hold credentials), NOT server reachability.
|
|
59
|
-
* It deliberately does not perform a network refresh: a backend outage must
|
|
60
|
-
* not read as "logged out". A genuinely invalid/expired refresh token
|
|
61
|
-
* surfaces later as a 401 on first real use, which clears tokens and fires
|
|
62
|
-
* onAuthStateChanged(false) — the only path that ends the session.
|
|
63
|
-
*/
|
|
64
|
-
async isAuthenticated() {
|
|
65
|
-
return this.readAccessToken() !== null;
|
|
66
|
-
}
|
|
67
|
-
/**
|
|
68
|
-
* Get current access token and rool token, refreshing if expired.
|
|
69
|
-
* Returns undefined if not authenticated.
|
|
70
|
-
*/
|
|
71
|
-
async getTokens() {
|
|
72
|
-
const accessToken = this.readAccessToken();
|
|
73
|
-
if (!accessToken)
|
|
74
|
-
return undefined;
|
|
75
|
-
// Token expired or about to expire - try refresh
|
|
76
|
-
const expiresAt = this.readExpiresAt();
|
|
77
|
-
if (expiresAt && Date.now() >= expiresAt - REFRESH_BUFFER_MS) {
|
|
78
|
-
const refreshed = await this.tryRefreshToken();
|
|
79
|
-
if (!refreshed)
|
|
80
|
-
return undefined;
|
|
81
|
-
const refreshedToken = this.readAccessToken();
|
|
82
|
-
if (!refreshedToken)
|
|
83
|
-
return undefined;
|
|
84
|
-
return { accessToken: refreshedToken, roolToken: this.readRoolToken() };
|
|
85
|
-
}
|
|
86
|
-
return { accessToken, roolToken: this.readRoolToken() };
|
|
87
|
-
}
|
|
88
|
-
/**
|
|
89
|
-
* Get auth identity decoded from JWT token.
|
|
90
|
-
*/
|
|
91
|
-
getAuthUser() {
|
|
92
|
-
const accessToken = this.readAccessToken();
|
|
93
|
-
if (!accessToken)
|
|
94
|
-
return { email: null, name: null };
|
|
95
|
-
return this.decodeAuthUser(accessToken);
|
|
96
|
-
}
|
|
97
18
|
/**
|
|
98
19
|
* Initiate login by redirecting to auth page.
|
|
99
20
|
* @param appName - The name of the application requesting login (displayed on auth page)
|
|
@@ -108,77 +29,6 @@ export class BrowserAuthProvider {
|
|
|
108
29
|
signup(appName, params) {
|
|
109
30
|
this.redirectToAuth('signup', appName, params);
|
|
110
31
|
}
|
|
111
|
-
/**
|
|
112
|
-
* Complete an email verification flow.
|
|
113
|
-
*
|
|
114
|
-
* The app calls this when it detects a `?verify=<jwt>` param on load.
|
|
115
|
-
* We exchange the JWT for a fresh token set at the auth server and sign
|
|
116
|
-
* the user in — no redirect, no URL fragment. Mirrors processCallback()
|
|
117
|
-
* minus the hash parsing.
|
|
118
|
-
*/
|
|
119
|
-
async verify(token) {
|
|
120
|
-
let response;
|
|
121
|
-
try {
|
|
122
|
-
response = await fetch(`${this.authBaseUrl}/verify-and-signin`, {
|
|
123
|
-
method: 'POST',
|
|
124
|
-
headers: { 'Content-Type': 'application/json' },
|
|
125
|
-
body: JSON.stringify({ token }),
|
|
126
|
-
});
|
|
127
|
-
}
|
|
128
|
-
catch (error) {
|
|
129
|
-
this.logger.error('[RoolClient] verify network error:', error);
|
|
130
|
-
return false;
|
|
131
|
-
}
|
|
132
|
-
if (!response.ok) {
|
|
133
|
-
this.logger.warn(`[RoolClient] verify failed: ${response.status}`);
|
|
134
|
-
return false;
|
|
135
|
-
}
|
|
136
|
-
let data;
|
|
137
|
-
try {
|
|
138
|
-
data = await response.json();
|
|
139
|
-
}
|
|
140
|
-
catch (error) {
|
|
141
|
-
this.logger.error('[RoolClient] verify response parse error:', error);
|
|
142
|
-
return false;
|
|
143
|
-
}
|
|
144
|
-
const idToken = data.id_token ?? null;
|
|
145
|
-
const refreshToken = data.refresh_token ?? null;
|
|
146
|
-
const expiresAt = data.expires_in ? Date.now() + data.expires_in * 1000 : NaN;
|
|
147
|
-
if (!idToken || !Number.isFinite(expiresAt)) {
|
|
148
|
-
this.logger.error('[RoolClient] verify response missing id_token or expires_in');
|
|
149
|
-
return false;
|
|
150
|
-
}
|
|
151
|
-
this.writeTokens(idToken, refreshToken, expiresAt);
|
|
152
|
-
this.writeRoolToken(data.rool_token ?? null);
|
|
153
|
-
this.scheduleTokenRefresh();
|
|
154
|
-
this.config.onAuthStateChanged(true);
|
|
155
|
-
return true;
|
|
156
|
-
}
|
|
157
|
-
redirectToAuth(flow, appName, params) {
|
|
158
|
-
const origin = new URL(this.authBaseUrl).origin;
|
|
159
|
-
const url = new URL(`${origin}/${flow}`);
|
|
160
|
-
const redirectTarget = window.location.origin + window.location.pathname + window.location.search;
|
|
161
|
-
url.searchParams.set('redirect_uri', redirectTarget);
|
|
162
|
-
url.searchParams.set('app_name', appName);
|
|
163
|
-
if (params) {
|
|
164
|
-
for (const [key, value] of Object.entries(params)) {
|
|
165
|
-
url.searchParams.set(key, value);
|
|
166
|
-
}
|
|
167
|
-
}
|
|
168
|
-
const state = this.generateState();
|
|
169
|
-
this.storeState(state);
|
|
170
|
-
url.searchParams.set('state', state);
|
|
171
|
-
window.location.href = url.toString();
|
|
172
|
-
}
|
|
173
|
-
/**
|
|
174
|
-
* Logout - clear all tokens and state.
|
|
175
|
-
*/
|
|
176
|
-
logout() {
|
|
177
|
-
this.clearTokens();
|
|
178
|
-
this.clearState();
|
|
179
|
-
this.cancelScheduledRefresh();
|
|
180
|
-
this.config.onAuthStateChanged(false);
|
|
181
|
-
}
|
|
182
32
|
/**
|
|
183
33
|
* Process auth callback from URL fragment.
|
|
184
34
|
* Should be called on page load.
|
|
@@ -212,174 +62,41 @@ export class BrowserAuthProvider {
|
|
|
212
62
|
}
|
|
213
63
|
// Clear state and store tokens
|
|
214
64
|
this.clearState();
|
|
215
|
-
this.
|
|
216
|
-
this.writeRoolToken(roolToken);
|
|
65
|
+
this.acceptTokens(idToken, refreshToken, roolToken, expiresAt);
|
|
217
66
|
// Clean URL
|
|
218
67
|
const cleanUrl = window.location.origin + window.location.pathname + window.location.search;
|
|
219
68
|
window.history.replaceState({}, document.title, cleanUrl);
|
|
220
|
-
|
|
221
|
-
this.scheduleTokenRefresh();
|
|
222
|
-
this.config.onAuthStateChanged(true);
|
|
69
|
+
this.notifyAuthState(true);
|
|
223
70
|
return true;
|
|
224
71
|
}
|
|
225
|
-
/**
|
|
226
|
-
* Destroy auth manager - clear refresh timers.
|
|
227
|
-
*/
|
|
228
|
-
destroy() {
|
|
229
|
-
this.cancelScheduledRefresh();
|
|
230
|
-
if (this.boundVisibilityHandler) {
|
|
231
|
-
document.removeEventListener('visibilitychange', this.boundVisibilityHandler);
|
|
232
|
-
this.boundVisibilityHandler = null;
|
|
233
|
-
}
|
|
234
|
-
}
|
|
235
72
|
// ===========================================================================
|
|
236
|
-
// Private
|
|
73
|
+
// Private
|
|
237
74
|
// ===========================================================================
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
if (
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
this.refreshPromise = (async () => {
|
|
248
|
-
let response;
|
|
249
|
-
try {
|
|
250
|
-
response = await fetch(`${this.authBaseUrl}/refresh`, {
|
|
251
|
-
method: 'POST',
|
|
252
|
-
headers: { 'Content-Type': 'application/json' },
|
|
253
|
-
body: JSON.stringify({
|
|
254
|
-
refresh_token: refreshToken,
|
|
255
|
-
rool_token: roolToken,
|
|
256
|
-
}),
|
|
257
|
-
});
|
|
258
|
-
}
|
|
259
|
-
catch (error) {
|
|
260
|
-
// Network error - don't clear tokens, might work next time
|
|
261
|
-
this.logger.warn('[RoolClient] Token refresh network error:', error);
|
|
262
|
-
return false;
|
|
263
|
-
}
|
|
264
|
-
// 400/401 = refresh token is invalid, clear everything
|
|
265
|
-
if (response.status === 400 || response.status === 401) {
|
|
266
|
-
this.logger.warn('[RoolClient] Refresh token invalid, clearing credentials');
|
|
267
|
-
this.clearTokens();
|
|
268
|
-
this.config.onAuthStateChanged(false);
|
|
269
|
-
return false;
|
|
270
|
-
}
|
|
271
|
-
// Other HTTP errors - don't clear tokens, might be transient
|
|
272
|
-
if (!response.ok) {
|
|
273
|
-
this.logger.warn(`[RoolClient] Token refresh failed: ${response.status} ${response.statusText}`);
|
|
274
|
-
return false;
|
|
275
|
-
}
|
|
276
|
-
// Success - parse and store new tokens
|
|
277
|
-
try {
|
|
278
|
-
const data = await response.json();
|
|
279
|
-
const accessToken = data.id_token ?? null;
|
|
280
|
-
const nextRefreshToken = data.refresh_token ?? refreshToken;
|
|
281
|
-
const expiresAt = data.expires_in ? Date.now() + data.expires_in * 1000 : NaN;
|
|
282
|
-
if (!accessToken || !Number.isFinite(expiresAt)) {
|
|
283
|
-
this.logger.error('[RoolClient] Refresh response missing id_token or expires_in');
|
|
284
|
-
return false;
|
|
285
|
-
}
|
|
286
|
-
this.writeTokens(accessToken, nextRefreshToken, expiresAt);
|
|
287
|
-
this.writeRoolToken(data.rool_token ?? null);
|
|
288
|
-
this.scheduleTokenRefresh();
|
|
289
|
-
return true;
|
|
290
|
-
}
|
|
291
|
-
catch (error) {
|
|
292
|
-
this.logger.error('[RoolClient] Failed to parse refresh response:', error);
|
|
293
|
-
return false;
|
|
294
|
-
}
|
|
295
|
-
})().finally(() => {
|
|
296
|
-
this.refreshPromise = null;
|
|
297
|
-
});
|
|
298
|
-
return this.refreshPromise;
|
|
299
|
-
}
|
|
300
|
-
scheduleTokenRefresh() {
|
|
301
|
-
this.cancelScheduledRefresh();
|
|
302
|
-
const expiresAt = this.readExpiresAt();
|
|
303
|
-
if (!expiresAt)
|
|
304
|
-
return;
|
|
305
|
-
const refreshAt = expiresAt - REFRESH_BUFFER_MS;
|
|
306
|
-
const delay = refreshAt - Date.now();
|
|
307
|
-
if (delay <= 0) {
|
|
308
|
-
// Already needs refresh
|
|
309
|
-
void this.tryRefreshToken();
|
|
310
|
-
}
|
|
311
|
-
else {
|
|
312
|
-
this.refreshTimeoutId = setTimeout(() => {
|
|
313
|
-
void this.tryRefreshToken();
|
|
314
|
-
}, delay);
|
|
315
|
-
}
|
|
316
|
-
}
|
|
317
|
-
listenForVisibility() {
|
|
318
|
-
if (typeof document === 'undefined')
|
|
319
|
-
return;
|
|
320
|
-
if (this.boundVisibilityHandler)
|
|
321
|
-
return;
|
|
322
|
-
this.boundVisibilityHandler = () => {
|
|
323
|
-
if (document.visibilityState === 'visible') {
|
|
324
|
-
this.scheduleTokenRefresh();
|
|
75
|
+
redirectToAuth(flow, appName, params) {
|
|
76
|
+
const origin = new URL(this.authBaseUrl).origin;
|
|
77
|
+
const url = new URL(`${origin}/${flow}`);
|
|
78
|
+
const redirectTarget = window.location.origin + window.location.pathname + window.location.search;
|
|
79
|
+
url.searchParams.set('redirect_uri', redirectTarget);
|
|
80
|
+
url.searchParams.set('app_name', appName);
|
|
81
|
+
if (params) {
|
|
82
|
+
for (const [key, value] of Object.entries(params)) {
|
|
83
|
+
url.searchParams.set(key, value);
|
|
325
84
|
}
|
|
326
|
-
};
|
|
327
|
-
document.addEventListener('visibilitychange', this.boundVisibilityHandler);
|
|
328
|
-
}
|
|
329
|
-
cancelScheduledRefresh() {
|
|
330
|
-
if (this.refreshTimeoutId !== null) {
|
|
331
|
-
clearTimeout(this.refreshTimeoutId);
|
|
332
|
-
this.refreshTimeoutId = null;
|
|
333
|
-
}
|
|
334
|
-
}
|
|
335
|
-
readAccessToken() {
|
|
336
|
-
return localStorage.getItem(this.storageKeys.access);
|
|
337
|
-
}
|
|
338
|
-
readRoolToken() {
|
|
339
|
-
return localStorage.getItem(this.storageKeys.rool) ?? '';
|
|
340
|
-
}
|
|
341
|
-
readExpiresAt() {
|
|
342
|
-
const raw = localStorage.getItem(this.storageKeys.expiresAt);
|
|
343
|
-
if (!raw)
|
|
344
|
-
return null;
|
|
345
|
-
const parsed = Number.parseInt(raw, 10);
|
|
346
|
-
return Number.isFinite(parsed) ? parsed : null;
|
|
347
|
-
}
|
|
348
|
-
writeTokens(accessToken, refreshToken, expiresAt) {
|
|
349
|
-
if (accessToken) {
|
|
350
|
-
localStorage.setItem(this.storageKeys.access, accessToken);
|
|
351
|
-
}
|
|
352
|
-
else {
|
|
353
|
-
localStorage.removeItem(this.storageKeys.access);
|
|
354
|
-
}
|
|
355
|
-
if (refreshToken) {
|
|
356
|
-
localStorage.setItem(this.storageKeys.refresh, refreshToken);
|
|
357
|
-
}
|
|
358
|
-
else {
|
|
359
|
-
localStorage.removeItem(this.storageKeys.refresh);
|
|
360
|
-
}
|
|
361
|
-
if (expiresAt !== null && Number.isFinite(expiresAt)) {
|
|
362
|
-
localStorage.setItem(this.storageKeys.expiresAt, Math.floor(expiresAt).toString());
|
|
363
|
-
}
|
|
364
|
-
else {
|
|
365
|
-
localStorage.removeItem(this.storageKeys.expiresAt);
|
|
366
85
|
}
|
|
86
|
+
const state = this.generateState();
|
|
87
|
+
this.storeState(state);
|
|
88
|
+
url.searchParams.set('state', state);
|
|
89
|
+
window.location.href = url.toString();
|
|
367
90
|
}
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
localStorage.setItem(this.storageKeys.rool, token);
|
|
371
|
-
}
|
|
372
|
-
else {
|
|
373
|
-
localStorage.removeItem(this.storageKeys.rool);
|
|
374
|
-
}
|
|
91
|
+
clearTransientState() {
|
|
92
|
+
this.clearState();
|
|
375
93
|
}
|
|
376
|
-
|
|
377
|
-
this.
|
|
378
|
-
this.writeRoolToken(null);
|
|
94
|
+
get stateKey() {
|
|
95
|
+
return this.keyFor('auth_state');
|
|
379
96
|
}
|
|
380
97
|
storeState(value) {
|
|
381
98
|
try {
|
|
382
|
-
sessionStorage.setItem(this.
|
|
99
|
+
sessionStorage.setItem(this.stateKey, value);
|
|
383
100
|
}
|
|
384
101
|
catch {
|
|
385
102
|
// Ignore storage restrictions
|
|
@@ -387,7 +104,7 @@ export class BrowserAuthProvider {
|
|
|
387
104
|
}
|
|
388
105
|
readState() {
|
|
389
106
|
try {
|
|
390
|
-
return sessionStorage.getItem(this.
|
|
107
|
+
return sessionStorage.getItem(this.stateKey);
|
|
391
108
|
}
|
|
392
109
|
catch {
|
|
393
110
|
return null;
|
|
@@ -395,7 +112,7 @@ export class BrowserAuthProvider {
|
|
|
395
112
|
}
|
|
396
113
|
clearState() {
|
|
397
114
|
try {
|
|
398
|
-
sessionStorage.removeItem(this.
|
|
115
|
+
sessionStorage.removeItem(this.stateKey);
|
|
399
116
|
}
|
|
400
117
|
catch {
|
|
401
118
|
// Ignore storage restrictions
|
|
@@ -411,18 +128,5 @@ export class BrowserAuthProvider {
|
|
|
411
128
|
return Math.random().toString(36).slice(2) + Math.random().toString(36).slice(2);
|
|
412
129
|
}
|
|
413
130
|
}
|
|
414
|
-
decodeAuthUser(accessToken) {
|
|
415
|
-
try {
|
|
416
|
-
const payload = JSON.parse(atob(accessToken.split('.')[1]));
|
|
417
|
-
return {
|
|
418
|
-
email: payload.email || null,
|
|
419
|
-
name: payload.name || null,
|
|
420
|
-
};
|
|
421
|
-
}
|
|
422
|
-
catch (error) {
|
|
423
|
-
this.logger.error('[RoolClient] Failed to decode token:', error);
|
|
424
|
-
return { email: null, name: null };
|
|
425
|
-
}
|
|
426
|
-
}
|
|
427
131
|
}
|
|
428
132
|
//# sourceMappingURL=auth-browser.js.map
|
package/dist/auth-browser.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-browser.js","sourceRoot":"","sources":["../src/auth-browser.ts"],"names":[],"mappings":"AAIA,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,mCAAmC;AAE7E,MAAM,sBAAsB,GAAG,OAAO,CAAC;AASvC,MAAM,OAAO,mBAAmB;IACpB,MAAM,CAAoB;IAC1B,MAAM,CAAS;IACf,cAAc,GAA4B,IAAI,CAAC;IAC/C,gBAAgB,GAAyC,IAAI,CAAC;IAC9D,sBAAsB,GAAwB,IAAI,CAAC;IAE3D;;OAEG;IACH,IAAY,YAAY;QACpB,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC;QAC7B,mBAAmB;QACnB,IAAI,IAAI,GAAG,IAAI,CAAC;QAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,IAAY,aAAa;QACrB,OAAO,GAAG,sBAAsB,GAAG,IAAI,CAAC,YAAY,GAAG,CAAC;IAC5D,CAAC;IAED,IAAY,WAAW;QACnB,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC;QAClC,OAAO;YACH,MAAM,EAAE,GAAG,MAAM,cAAc;YAC/B,OAAO,EAAE,GAAG,MAAM,eAAe;YACjC,IAAI,EAAE,GAAG,MAAM,YAAY;YAC3B,SAAS,EAAE,GAAG,MAAM,kBAAkB;YACtC,KAAK,EAAE,GAAG,MAAM,YAAY;SACtB,CAAC;IACf,CAAC;IAED,sCAAsC;IACtC,IAAY,WAAW;QACnB,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,YAAY,MAAyB;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAChC,CAAC;IAED;;;OAGG;IACH,UAAU;QACN,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAC3C,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC5B,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC3B,OAAO,WAAW,CAAC;IACvB,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,eAAe;QACjB,OAAO,IAAI,CAAC,eAAe,EAAE,KAAK,IAAI,CAAC;IAC3C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS;QACX,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAC3C,IAAI,CAAC,WAAW;YAAE,OAAO,SAAS,CAAC;QAEnC,iDAAiD;QACjD,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACvC,IAAI,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,SAAS,GAAG,iBAAiB,EAAE,CAAC;YAC3D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;YAC/C,IAAI,CAAC,SAAS;gBAAE,OAAO,SAAS,CAAC;YACjC,MAAM,cAAc,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;YAC9C,IAAI,CAAC,cAAc;gBAAE,OAAO,SAAS,CAAC;YACtC,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,SAAS,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;QAC5E,CAAC;QAED,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC;IAC5D,CAAC;IAED;;OAEG;IACH,WAAW;QACP,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAC3C,IAAI,CAAC,WAAW;YAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACrD,OAAO,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAe,EAAE,MAA+B;QAClD,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAClD,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,OAAe,EAAE,MAA+B;QACnD,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACnD,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,MAAM,CAAC,KAAa;QACtB,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACD,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,oBAAoB,EAAE;gBAC5D,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC;aAClC,CAAC,CAAC;QACP,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC/D,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACnE,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,IAKH,CAAC;QACF,IAAI,CAAC;YACD,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAC;YACtE,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC;QACtC,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC;QAChD,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;QAC9E,IAAI,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;YACjF,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;QACnD,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC;QAC7C,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC5B,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IAChB,CAAC;IAEO,cAAc,CAAC,IAAwB,EAAE,OAAe,EAAE,MAA+B;QAC7F,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC;QAChD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;QACzC,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAClG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;QACrD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAE1C,IAAI,MAAM,EAAE,CAAC;YACT,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACrC,CAAC;QACL,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACnC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QACvB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAErC,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,MAAM;QACF,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC;IAED;;;;OAIG;IACH,eAAe;QACX,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC;QACxC,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5D,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAE3B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACvC,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAE3B,MAAM,YAAY,GAAG,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACjD,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC3C,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC3C,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;QAC1E,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAErC,wEAAwE;QACxE,oEAAoE;QACpE,uEAAuE;QACvE,IAAI,WAAW,IAAI,aAAa,IAAI,aAAa,KAAK,WAAW,EAAE,CAAC;YAChE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAC;YAC/E,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAC;YACnF,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,+BAA+B;QAC/B,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;QACnD,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QAE/B,YAAY;QACZ,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC5F,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAE1D,8BAA8B;QAC9B,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC5B,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAErC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,OAAO;QACH,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC9B,IAAI,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAC9B,QAAQ,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,IAAI,CAAC,sBAAsB,CAAC,CAAC;YAC9E,IAAI,CAAC,sBAAsB,GAAG,IAAI,CAAC;QACvC,CAAC;IACL,CAAC;IAED,8EAA8E;IAC9E,kBAAkB;IAClB,8EAA8E;IAEtE,KAAK,CAAC,eAAe;QACzB,0CAA0C;QAC1C,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,cAAc,CAAC;QAC/B,CAAC;QAED,MAAM,YAAY,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACpE,IAAI,CAAC,YAAY;YAAE,OAAO,KAAK,CAAC;QAChC,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAE9D,IAAI,CAAC,cAAc,GAAG,CAAC,KAAK,IAAI,EAAE;YAC9B,IAAI,QAAkB,CAAC;YACvB,IAAI,CAAC;gBACD,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,UAAU,EAAE;oBAClD,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBACjB,aAAa,EAAE,YAAY;wBAC3B,UAAU,EAAE,SAAS;qBACxB,CAAC;iBACL,CAAC,CAAC;YACP,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,2DAA2D;gBAC3D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAC;gBACrE,OAAO,KAAK,CAAC;YACjB,CAAC;YAED,uDAAuD;YACvD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACrD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;gBAC7E,IAAI,CAAC,WAAW,EAAE,CAAC;gBACnB,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;gBACtC,OAAO,KAAK,CAAC;YACjB,CAAC;YAED,6DAA6D;YAC7D,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;gBACjG,OAAO,KAAK,CAAC;YACjB,CAAC;YAED,uCAAuC;YACvC,IAAI,CAAC;gBACD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACnC,MAAM,WAAW,GAAkB,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC;gBACzD,MAAM,gBAAgB,GAAkB,IAAI,CAAC,aAAa,IAAI,YAAY,CAAC;gBAC3E,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;gBAE9E,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC9C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8DAA8D,CAAC,CAAC;oBAClF,OAAO,KAAK,CAAC;gBACjB,CAAC;gBAED,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,gBAAgB,EAAE,SAAS,CAAC,CAAC;gBAC3D,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC;gBAC7C,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC5B,OAAO,IAAI,CAAC;YAChB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,EAAE,KAAK,CAAC,CAAC;gBAC3E,OAAO,KAAK,CAAC;YACjB,CAAC;QACL,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;YACd,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,cAAc,CAAC;IAC/B,CAAC;IAEO,oBAAoB;QACxB,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACvC,IAAI,CAAC,SAAS;YAAE,OAAO;QAEvB,MAAM,SAAS,GAAG,SAAS,GAAG,iBAAiB,CAAC;QAChD,MAAM,KAAK,GAAG,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAErC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;YACb,wBAAwB;YACxB,KAAK,IAAI,CAAC,eAAe,EAAE,CAAC;QAChC,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,gBAAgB,GAAG,UAAU,CAAC,GAAG,EAAE;gBACpC,KAAK,IAAI,CAAC,eAAe,EAAE,CAAC;YAChC,CAAC,EAAE,KAAK,CAAC,CAAC;QACd,CAAC;IACL,CAAC;IAEO,mBAAmB;QACvB,IAAI,OAAO,QAAQ,KAAK,WAAW;YAAE,OAAO;QAC5C,IAAI,IAAI,CAAC,sBAAsB;YAAE,OAAO;QAExC,IAAI,CAAC,sBAAsB,GAAG,GAAG,EAAE;YAC/B,IAAI,QAAQ,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;gBACzC,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAChC,CAAC;QACL,CAAC,CAAC;QACF,QAAQ,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC/E,CAAC;IAEO,sBAAsB;QAC1B,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,EAAE,CAAC;YACjC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACpC,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QACjC,CAAC;IACL,CAAC;IAEO,eAAe;QACnB,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IAEO,aAAa;QACjB,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IAC7D,CAAC;IAEO,aAAa;QACjB,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAC7D,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACxC,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;IACnD,CAAC;IAEO,WAAW,CACf,WAA0B,EAC1B,YAA2B,EAC3B,SAAwB;QAExB,IAAI,WAAW,EAAE,CAAC;YACd,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAC/D,CAAC;aAAM,CAAC;YACJ,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,YAAY,EAAE,CAAC;YACf,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACjE,CAAC;aAAM,CAAC;YACJ,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,SAAS,KAAK,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACnD,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QACvF,CAAC;aAAM,CAAC;YACJ,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QACxD,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,KAAoB;QACvC,IAAI,KAAK,EAAE,CAAC;YACR,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACvD,CAAC;aAAM,CAAC;YACJ,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACnD,CAAC;IACL,CAAC;IAEO,WAAW;QACf,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAEO,UAAU,CAAC,KAAa;QAC5B,IAAI,CAAC;YACD,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAC1D,CAAC;QAAC,MAAM,CAAC;YACL,8BAA8B;QAClC,CAAC;IACL,CAAC;IAEO,SAAS;QACb,IAAI,CAAC;YACD,OAAO,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAC1D,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAEO,UAAU;QACd,IAAI,CAAC;YACD,cAAc,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACL,8BAA8B;QAClC,CAAC;IACL,CAAC;IAEO,aAAa;QACjB,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YACtC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACvF,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACrF,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,WAAmB;QACtC,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5D,OAAO;gBACH,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;gBAC5B,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,IAAI;aAC7B,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;YACjE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACvC,CAAC;IACL,CAAC;CACJ"}
|
|
1
|
+
{"version":3,"file":"auth-browser.js","sourceRoot":"","sources":["../src/auth-browser.ts"],"names":[],"mappings":"AAAA,gFAAgF;AAChF,wBAAwB;AACxB,8EAA8E;AAC9E,+EAA+E;AAC/E,4BAA4B;AAC5B,gFAAgF;AAEhF,OAAO,EAAE,qBAAqB,EAA4B,MAAM,gBAAgB,CAAC;AAIjF,MAAM,OAAO,mBAAoB,SAAQ,qBAAqB;IAC1D;;;OAGG;IACH,UAAU;QACN,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAC3C,IAAI,CAAC,QAAQ,EAAE,CAAC;QAChB,OAAO,WAAW,CAAC;IACvB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAe,EAAE,MAA+B;QAClD,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAClD,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,OAAe,EAAE,MAA+B;QACnD,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACnD,CAAC;IAED;;;;OAIG;IACH,eAAe;QACX,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC;QACxC,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5D,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAE3B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACvC,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAE3B,MAAM,YAAY,GAAG,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACjD,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC3C,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC3C,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;QAC1E,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAErC,wEAAwE;QACxE,oEAAoE;QACpE,uEAAuE;QACvE,IAAI,WAAW,IAAI,aAAa,IAAI,aAAa,KAAK,WAAW,EAAE,CAAC;YAChE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAC;YAC/E,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAC;YACnF,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,+BAA+B;QAC/B,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QAE/D,YAAY;QACZ,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC5F,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAE1D,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC3B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,8EAA8E;IAC9E,UAAU;IACV,8EAA8E;IAEtE,cAAc,CAAC,IAAwB,EAAE,OAAe,EAAE,MAA+B;QAC7F,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC;QAChD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;QACzC,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAClG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;QACrD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAE1C,IAAI,MAAM,EAAE,CAAC;YACT,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACrC,CAAC;QACL,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACnC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QACvB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAErC,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC1C,CAAC;IAES,mBAAmB;QACzB,IAAI,CAAC,UAAU,EAAE,CAAC;IACtB,CAAC;IAED,IAAY,QAAQ;QAChB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACrC,CAAC;IAEO,UAAU,CAAC,KAAa;QAC5B,IAAI,CAAC;YACD,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACL,8BAA8B;QAClC,CAAC;IACL,CAAC;IAEO,SAAS;QACb,IAAI,CAAC;YACD,OAAO,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAEO,UAAU;QACd,IAAI,CAAC;YACD,cAAc,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACL,8BAA8B;QAClC,CAAC;IACL,CAAC;IAEO,aAAa;QACjB,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YACtC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACvF,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACrF,CAAC;IACL,CAAC;CACJ"}
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
import { BaseTokenAuthProvider } from './auth-base.js';
|
|
2
|
+
import type { PasswordSignInResult } from './types.js';
|
|
3
|
+
export type NativeAuthFlowProvider = 'google' | 'apple';
|
|
4
|
+
export interface NativePkceAuthConfig {
|
|
5
|
+
/**
|
|
6
|
+
* Deep-link redirect URI registered by the app. Must match the auth
|
|
7
|
+
* server's native-client allowlist exactly, e.g.
|
|
8
|
+
* 'roolandroidauth://auth/callback' or 'rooliosauth://auth/callback'.
|
|
9
|
+
*/
|
|
10
|
+
redirectUri: string;
|
|
11
|
+
/** Identity provider used when login()/signup() are called without one. */
|
|
12
|
+
defaultProvider?: NativeAuthFlowProvider;
|
|
13
|
+
/**
|
|
14
|
+
* Open a URL in an external system browser (NOT the app webview), e.g.
|
|
15
|
+
* Capacitor's `Browser.open({ url })`. PKCE requires the authorization
|
|
16
|
+
* step to happen outside the app so the app never sees provider secrets.
|
|
17
|
+
*/
|
|
18
|
+
openExternal: (url: string) => void | Promise<void>;
|
|
19
|
+
}
|
|
20
|
+
export declare class NativePkceAuthProvider extends BaseTokenAuthProvider {
|
|
21
|
+
private readonly redirectUri;
|
|
22
|
+
private readonly defaultProvider;
|
|
23
|
+
private readonly openExternal;
|
|
24
|
+
constructor(config: NativePkceAuthConfig);
|
|
25
|
+
/**
|
|
26
|
+
* No synchronous callback to process — the app drives completion via
|
|
27
|
+
* handleRedirect(). Just arm refresh for any persisted session.
|
|
28
|
+
*/
|
|
29
|
+
initialize(): boolean;
|
|
30
|
+
/**
|
|
31
|
+
* Begin sign-in. `params.provider` ('google' | 'apple') overrides the
|
|
32
|
+
* default; `params.rvid` is forwarded for signup attribution.
|
|
33
|
+
*/
|
|
34
|
+
login(_appName: string, params?: Record<string, string>): Promise<void>;
|
|
35
|
+
/**
|
|
36
|
+
* Same flow as login — the providers don't distinguish signup from login
|
|
37
|
+
* for native, and the auth server creates the account on first sign-in.
|
|
38
|
+
*/
|
|
39
|
+
signup(_appName: string, params?: Record<string, string>): Promise<void>;
|
|
40
|
+
/**
|
|
41
|
+
* Complete a sign-in from the deep link the app received (e.g. Capacitor's
|
|
42
|
+
* appUrlOpen). Validates state, exchanges the code + stored verifier at
|
|
43
|
+
* /token, and persists the session. Returns true once signed in.
|
|
44
|
+
*/
|
|
45
|
+
handleRedirect(url: string): Promise<boolean>;
|
|
46
|
+
/**
|
|
47
|
+
* Sign in with email + password. No redirect involved — the auth server
|
|
48
|
+
* returns the token set as JSON, which we persist directly.
|
|
49
|
+
*
|
|
50
|
+
* Resolves `signed_in` on success, or `verify_required` when the account's
|
|
51
|
+
* email isn't verified (the server has emailed a magic link). Rejects with
|
|
52
|
+
* a human-readable Error on bad credentials or server failure.
|
|
53
|
+
*/
|
|
54
|
+
signInWithPassword(email: string, password: string): Promise<PasswordSignInResult>;
|
|
55
|
+
/**
|
|
56
|
+
* Request a magic sign-in link by email. The server emails a link carrying
|
|
57
|
+
* a verify token; the user completes sign-in by following it, which lands
|
|
58
|
+
* back in the app and is finished via `verify(token)`. Resolves once the
|
|
59
|
+
* email is accepted; rejects with a human-readable Error if the address is
|
|
60
|
+
* rejected (invalid / disposable / unreachable).
|
|
61
|
+
*
|
|
62
|
+
* NOTE: the emailed link is an https URL (`<appsDomain>/?verify=…`), so on
|
|
63
|
+
* native it only re-opens the app if Universal Links / App Links are set up
|
|
64
|
+
* for that domain. Without them the link completes on the website instead.
|
|
65
|
+
*/
|
|
66
|
+
requestMagicLink(email: string): Promise<void>;
|
|
67
|
+
private get verifierKey();
|
|
68
|
+
private get stateKey();
|
|
69
|
+
private startPkce;
|
|
70
|
+
protected clearTransientState(): void;
|
|
71
|
+
}
|
|
72
|
+
//# sourceMappingURL=auth-native.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-native.d.ts","sourceRoot":"","sources":["../src/auth-native.ts"],"names":[],"mappings":"AAYA,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAEvD,MAAM,MAAM,sBAAsB,GAAG,QAAQ,GAAG,OAAO,CAAC;AAExD,MAAM,WAAW,oBAAoB;IACjC;;;;OAIG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB,2EAA2E;IAC3E,eAAe,CAAC,EAAE,sBAAsB,CAAC;IACzC;;;;OAIG;IACH,YAAY,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACvD;AAED,qBAAa,sBAAuB,SAAQ,qBAAqB;IAC7D,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAyB;IACzD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAwC;gBAEzD,MAAM,EAAE,oBAAoB;IAOxC;;;OAGG;IACH,UAAU,IAAI,OAAO;IAKrB;;;OAGG;IACH,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAIvE;;;OAGG;IACH,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAIxE;;;;OAIG;IACG,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAgFnD;;;;;;;OAOG;IACG,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAiDxF;;;;;;;;;;OAUG;IACG,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA6BpD,OAAO,KAAK,WAAW,GAEtB;IAED,OAAO,KAAK,QAAQ,GAEnB;YAEa,SAAS;IAuBvB,SAAS,CAAC,mBAAmB,IAAI,IAAI;CAIxC"}
|