@rovela-ai/sdk 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/admin/config.d.ts +15 -10
- package/dist/admin/config.d.ts.map +1 -1
- package/dist/admin/config.js +15 -10
- package/dist/admin/config.js.map +1 -1
- package/dist/admin/server/admin-session.d.ts +16 -5
- package/dist/admin/server/admin-session.d.ts.map +1 -1
- package/dist/admin/server/admin-session.js +24 -10
- package/dist/admin/server/admin-session.js.map +1 -1
- package/dist/auth/config.d.ts.map +1 -1
- package/dist/auth/config.js +11 -2
- package/dist/auth/config.js.map +1 -1
- package/package.json +1 -1
package/dist/admin/config.d.ts
CHANGED
|
@@ -14,18 +14,23 @@ import type { AdminSession, AdminAuthConfigOptions } from './types';
|
|
|
14
14
|
/**
|
|
15
15
|
* Create NextAuth options for store admin authentication.
|
|
16
16
|
*
|
|
17
|
-
* @
|
|
18
|
-
*
|
|
17
|
+
* @deprecated The Rovela sandbox template mounts exactly ONE NextAuth
|
|
18
|
+
* endpoint at `/api/auth/[...nextauth]`, wired to `createAuthOptions()`
|
|
19
|
+
* from `@rovela-ai/sdk/auth` — which already knows both the `credentials`
|
|
20
|
+
* and `admin-credentials` providers. `requireAdmin()` reads sessions via
|
|
21
|
+
* that same unified config, so the cookie name and SameSite policy match
|
|
22
|
+
* between write and read.
|
|
19
23
|
*
|
|
20
|
-
*
|
|
21
|
-
*
|
|
22
|
-
*
|
|
23
|
-
* import NextAuth from 'next-auth'
|
|
24
|
-
* import { createAdminAuthOptions } from '@rovela/sdk/admin'
|
|
24
|
+
* Mounting a separate `/api/admin/auth/[...nextauth]` with this function
|
|
25
|
+
* creates a second cookie namespace that will NOT be read by
|
|
26
|
+
* `requireAdmin()`. Every admin API call will return 401.
|
|
25
27
|
*
|
|
26
|
-
*
|
|
27
|
-
*
|
|
28
|
-
*
|
|
28
|
+
* Use `createAuthOptions()` from `@rovela-ai/sdk/auth` instead. This
|
|
29
|
+
* function is kept to preserve SDK API compatibility for existing
|
|
30
|
+
* consumers and will be removed in a future major release.
|
|
31
|
+
*
|
|
32
|
+
* @param options - Configuration options
|
|
33
|
+
* @returns NextAuth options object
|
|
29
34
|
*/
|
|
30
35
|
export declare function createAdminAuthOptions(options?: AdminAuthConfigOptions): NextAuthOptions;
|
|
31
36
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/admin/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAiB,MAAM,WAAW,CAAA;AAI/D,OAAO,KAAK,EAAE,YAAY,EAAE,sBAAsB,EAAE,MAAM,SAAS,CAAA;AAiBnE
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/admin/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAiB,MAAM,WAAW,CAAA;AAI/D,OAAO,KAAK,EAAE,YAAY,EAAE,sBAAsB,EAAE,MAAM,SAAS,CAAA;AAiBnE;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,GAAE,sBAA2B,GAAG,eAAe,CAyI5F;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAE9B;AAgCD;;;GAGG;AACH,eAAO,MAAM,eAAe,iBAA2B,CAAA;AAEvD;;;;;;;;;;;;GAYG;AACH,wBAAgB,0BAA0B,uBAOzC;AAED;;;GAGG;AACH,eAAO,MAAM,iBAAiB;;;CAG7B,CAAA"}
|
package/dist/admin/config.js
CHANGED
|
@@ -25,18 +25,23 @@ const DEFAULT_SESSION_MAX_AGE = 8 * 60 * 60;
|
|
|
25
25
|
/**
|
|
26
26
|
* Create NextAuth options for store admin authentication.
|
|
27
27
|
*
|
|
28
|
-
* @
|
|
29
|
-
*
|
|
28
|
+
* @deprecated The Rovela sandbox template mounts exactly ONE NextAuth
|
|
29
|
+
* endpoint at `/api/auth/[...nextauth]`, wired to `createAuthOptions()`
|
|
30
|
+
* from `@rovela-ai/sdk/auth` — which already knows both the `credentials`
|
|
31
|
+
* and `admin-credentials` providers. `requireAdmin()` reads sessions via
|
|
32
|
+
* that same unified config, so the cookie name and SameSite policy match
|
|
33
|
+
* between write and read.
|
|
30
34
|
*
|
|
31
|
-
*
|
|
32
|
-
*
|
|
33
|
-
*
|
|
34
|
-
* import NextAuth from 'next-auth'
|
|
35
|
-
* import { createAdminAuthOptions } from '@rovela/sdk/admin'
|
|
35
|
+
* Mounting a separate `/api/admin/auth/[...nextauth]` with this function
|
|
36
|
+
* creates a second cookie namespace that will NOT be read by
|
|
37
|
+
* `requireAdmin()`. Every admin API call will return 401.
|
|
36
38
|
*
|
|
37
|
-
*
|
|
38
|
-
*
|
|
39
|
-
*
|
|
39
|
+
* Use `createAuthOptions()` from `@rovela-ai/sdk/auth` instead. This
|
|
40
|
+
* function is kept to preserve SDK API compatibility for existing
|
|
41
|
+
* consumers and will be removed in a future major release.
|
|
42
|
+
*
|
|
43
|
+
* @param options - Configuration options
|
|
44
|
+
* @returns NextAuth options object
|
|
40
45
|
*/
|
|
41
46
|
export function createAdminAuthOptions(options = {}) {
|
|
42
47
|
const { sessionMaxAge = DEFAULT_SESSION_MAX_AGE, signInPage = '/admin/login', errorPage = '/admin/login', dashboardPage = '/admin', } = options;
|
package/dist/admin/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/admin/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,mBAAmB,MAAM,iCAAiC,CAAA;AACjE,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAA;AAI/E,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,uBAAuB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,CAAA;AAE3C,gFAAgF;AAChF,qBAAqB;AACrB,gFAAgF;AAEhF
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/admin/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,mBAAmB,MAAM,iCAAiC,CAAA;AACjE,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAA;AAI/E,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,uBAAuB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,CAAA;AAE3C,gFAAgF;AAChF,qBAAqB;AACrB,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,sBAAsB,CAAC,UAAkC,EAAE;IACzE,MAAM,EACJ,aAAa,GAAG,uBAAuB,EACvC,UAAU,GAAG,cAAc,EAC3B,SAAS,GAAG,cAAc,EAC1B,aAAa,GAAG,QAAQ,GACzB,GAAG,OAAO,CAAA;IAEX,OAAO;QACL,SAAS,EAAE;YACT,mBAAmB,CAAC;gBAClB,4DAA4D;gBAC5D,EAAE,EAAE,mBAAmB;gBACvB,IAAI,EAAE,mBAAmB;gBACzB,WAAW,EAAE;oBACX,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE;oBACxC,QAAQ,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE;iBAClD;gBACD,KAAK,CAAC,SAAS,CAAC,WAAW;oBACzB,IAAI,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,CAAC;wBAClD,OAAO,IAAI,CAAA;oBACb,CAAC;oBAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CACpC,WAAW,CAAC,KAAK,EACjB,WAAW,CAAC,QAAQ,CACrB,CAAA;oBAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;wBACpB,uDAAuD;wBACvD,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;oBACvD,CAAC;oBAED,+DAA+D;oBAC/D,4DAA4D;oBAC5D,4CAA4C;oBAC5C,MAAM,cAAc,GACjB,MAAM,CAAC,KAAqC,CAAC,cAAc,IAAI,CAAC,CAAA;oBACnE,OAAO;wBACL,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE;wBACnB,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK;wBACzB,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI;wBACvB,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI;wBACvB,cAAc;qBACI,CAAA;gBACtB,CAAC;aACF,CAAC;SACH;QAED,OAAO,EAAE;YACP,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,aAAa;SACtB;QAED,GAAG,EAAE;YACH,MAAM,EAAE,aAAa;SACtB;QAED,kEAAkE;QAClE,oEAAoE;QACpE,gEAAgE;QAChE,mEAAmE;QACnE,sDAAsD;QACtD,OAAO,EAAE;YACP,YAAY,EAAE;gBACZ,IAAI,EAAE,4BAA4B;gBAClC,OAAO,EAAE;oBACP,QAAQ,EAAE,IAAI;oBACd,QAAQ,EAAE,KAAK;oBACf,IAAI,EAAE,GAAG;oBACT,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;iBAC9C;aACF;SACF;QAED,KAAK,EAAE;YACL,MAAM,EAAE,UAAU;YAClB,KAAK,EAAE,SAAS;SACjB;QAED,SAAS,EAAE;YACT,KAAK,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE;gBACvB,6CAA6C;gBAC7C,MAAM,UAAU,GAAG,KAA4B,CAAA;gBAE/C,kBAAkB;gBAClB,IAAI,IAAI,EAAE,CAAC;oBACT,MAAM,SAAS,GAAG,IAAiB,CAAA;oBACnC,UAAU,CAAC,EAAE,GAAG,IAAI,CAAC,EAAE,CAAA;oBACvB,UAAU,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,SAAS,CAAA;oBAC1C,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,SAAS,CAAA;oBACxC,UAAU,CAAC,IAAI,GAAG,SAAS,CAAC,IAAI,CAAA;oBAChC,UAAU,CAAC,cAAc,GAAG,SAAS,CAAC,cAAc,IAAI,CAAC,CAAA;gBAC3D,CAAC;gBAED,OAAO,KAAK,CAAA;YACd,CAAC;YAED,KAAK,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE;gBAC9B,iCAAiC;gBACjC,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,UAAU,GAAG,KAA4B,CAAA;oBAC/C,MAAM,IAAI,GAAG,OAAO,CAAC,IAA+B,CAAA;oBACpD,IAAI,CAAC,EAAE,GAAG,UAAU,CAAC,EAAY,CAAA;oBACjC,IAAI,CAAC,KAAK,GAAG,UAAU,CAAC,KAAe,CAAA;oBACvC,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC,IAAc,CAAA;oBACrC,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC,IAAiB,CAAA;oBACxC,IAAI,CAAC,cAAc,GAAI,UAAU,CAAC,cAAyB,IAAI,CAAC,CAAA;gBAClE,CAAC;gBAED,OAAO,OAAO,CAAA;YAChB,CAAC;YAED,KAAK,CAAC,QAAQ,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE;gBAC7B,iCAAiC;gBACjC,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBACxB,OAAO,GAAG,OAAO,GAAG,GAAG,EAAE,CAAA;gBAC3B,CAAC;gBACD,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC5B,OAAO,GAAG,CAAA;gBACZ,CAAC;gBACD,OAAO,GAAG,OAAO,GAAG,aAAa,EAAE,CAAA;YACrC,CAAC;SACF;QAED,MAAM,EAAE;YACN,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE;gBACnB,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAA;YAC5D,CAAC;YACD,KAAK,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE;gBACrB,OAAO,CAAC,GAAG,CAAC,kCAAkC,KAAK,EAAE,KAAK,EAAE,CAAC,CAAA;YAC/D,CAAC;SACF;QAED,8BAA8B;QAC9B,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa;KAC9C,CAAA;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAe;IAEf,OAAO,mBAAmB,CAAC,OAAO,CAAC,CAAA;AACrC,CAAC;AA4BD,gFAAgF;AAChF,sBAAsB;AACtB,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,sBAAsB,EAAE,CAAA;AAEvD;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,0BAA0B;IACxC,iCAAiC;IACjC,MAAM,aAAa,GAAG,KAAK,IAAI,EAAE;QAC/B,MAAM,QAAQ,GAAG,CAAC,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAA;QACpD,OAAO,QAAQ,CAAC,eAAe,CAAC,CAAA;IAClC,CAAC,CAAA;IACD,OAAO,aAAa,CAAA;AACtB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,GAAG,EAAE,0BAA0B,EAAE;IACjC,IAAI,EAAE,0BAA0B,EAAE;CACnC,CAAA"}
|
|
@@ -8,12 +8,23 @@
|
|
|
8
8
|
* Before this module, every admin API handler had its own local copy of a
|
|
9
9
|
* `requireAdmin()` helper — ten copies across products, orders, customers,
|
|
10
10
|
* refund, return, settings, stats, stripe-status, categories, shipping, and
|
|
11
|
-
* tax-zones.
|
|
12
|
-
* instead of the admin one, accidentally working because NextAuth cookies
|
|
13
|
-
* overlap), and they had no way to express role-based permissions.
|
|
11
|
+
* tax-zones. None of them enforced role-based permissions.
|
|
14
12
|
*
|
|
15
|
-
*
|
|
16
|
-
*
|
|
13
|
+
* # Which auth config we read
|
|
14
|
+
*
|
|
15
|
+
* The sandbox template mounts exactly ONE NextAuth endpoint at
|
|
16
|
+
* `/api/auth/[...nextauth]/route.ts`, wired to `createAuthOptions()` from
|
|
17
|
+
* `@rovela-ai/sdk/auth`. That unified config handles BOTH `credentials`
|
|
18
|
+
* (customer) and `admin-credentials` providers, and it's the config that
|
|
19
|
+
* writes the session cookie the browser sends back on every request.
|
|
20
|
+
*
|
|
21
|
+
* `requireAdmin` MUST read through the same config. Reading from a separate
|
|
22
|
+
* `createAdminAuthOptions()` (which used its own cookie name + SameSite) —
|
|
23
|
+
* as an earlier iteration of this file did — produced a read/write mismatch
|
|
24
|
+
* that rejected every admin API call with 401 regardless of DB state.
|
|
25
|
+
*
|
|
26
|
+
* This module replaces all ten legacy helpers with a single gatekeeper that:
|
|
27
|
+
* 1. Reads the NextAuth session via the unified `createAuthOptions()`.
|
|
17
28
|
* 2. Fetches a fresh admin row from the DB and confirms `status = 'active'`
|
|
18
29
|
* so that deactivated users are kicked out on their next request without
|
|
19
30
|
* waiting for the JWT to expire.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin-session.d.ts","sourceRoot":"","sources":["../../../src/admin/server/admin-session.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"admin-session.d.ts","sourceRoot":"","sources":["../../../src/admin/server/admin-session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoEG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAI1C,OAAO,EAGL,KAAK,UAAU,EAChB,MAAM,gBAAgB,CAAA;AACvB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAA;AACjD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AACtD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAM7C,MAAM,WAAW,mBAAmB;IAClC,gEAAgE;IAChE,UAAU,CAAC,EAAE,UAAU,CAAA;IACvB,2FAA2F;IAC3F,OAAO,CAAC,EAAE,SAAS,CAAA;CACpB;AAED,MAAM,MAAM,kBAAkB,GAC1B;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,UAAU,CAAA;CAAE,GAC/B;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,QAAQ,EAAE,YAAY,CAAC,aAAa,CAAC,CAAA;CAAE,CAAA;AA+BxD;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAE5D;AAED;;;;GAIG;AACH,wBAAgB,wBAAwB,IAAI,IAAI,CAE/C;AAwBD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,wBAAsB,YAAY,CAChC,OAAO,GAAE,mBAAwB,GAChC,OAAO,CAAC,kBAAkB,CAAC,CA+E7B"}
|
|
@@ -8,12 +8,23 @@
|
|
|
8
8
|
* Before this module, every admin API handler had its own local copy of a
|
|
9
9
|
* `requireAdmin()` helper — ten copies across products, orders, customers,
|
|
10
10
|
* refund, return, settings, stats, stripe-status, categories, shipping, and
|
|
11
|
-
* tax-zones.
|
|
12
|
-
* instead of the admin one, accidentally working because NextAuth cookies
|
|
13
|
-
* overlap), and they had no way to express role-based permissions.
|
|
11
|
+
* tax-zones. None of them enforced role-based permissions.
|
|
14
12
|
*
|
|
15
|
-
*
|
|
16
|
-
*
|
|
13
|
+
* # Which auth config we read
|
|
14
|
+
*
|
|
15
|
+
* The sandbox template mounts exactly ONE NextAuth endpoint at
|
|
16
|
+
* `/api/auth/[...nextauth]/route.ts`, wired to `createAuthOptions()` from
|
|
17
|
+
* `@rovela-ai/sdk/auth`. That unified config handles BOTH `credentials`
|
|
18
|
+
* (customer) and `admin-credentials` providers, and it's the config that
|
|
19
|
+
* writes the session cookie the browser sends back on every request.
|
|
20
|
+
*
|
|
21
|
+
* `requireAdmin` MUST read through the same config. Reading from a separate
|
|
22
|
+
* `createAdminAuthOptions()` (which used its own cookie name + SameSite) —
|
|
23
|
+
* as an earlier iteration of this file did — produced a read/write mismatch
|
|
24
|
+
* that rejected every admin API call with 401 regardless of DB state.
|
|
25
|
+
*
|
|
26
|
+
* This module replaces all ten legacy helpers with a single gatekeeper that:
|
|
27
|
+
* 1. Reads the NextAuth session via the unified `createAuthOptions()`.
|
|
17
28
|
* 2. Fetches a fresh admin row from the DB and confirms `status = 'active'`
|
|
18
29
|
* so that deactivated users are kicked out on their next request without
|
|
19
30
|
* waiting for the JWT to expire.
|
|
@@ -58,7 +69,7 @@
|
|
|
58
69
|
*/
|
|
59
70
|
import { NextResponse } from 'next/server';
|
|
60
71
|
import { getServerSession } from 'next-auth';
|
|
61
|
-
import {
|
|
72
|
+
import { createAuthOptions } from '../../auth/config';
|
|
62
73
|
import { findAdminById } from './admin-service';
|
|
63
74
|
import { hasPermission, meetsMinRole, } from '../permissions';
|
|
64
75
|
const STATUS_CACHE_TTL_MS = 30 * 1000;
|
|
@@ -144,15 +155,18 @@ function forbidden() {
|
|
|
144
155
|
* ```
|
|
145
156
|
*/
|
|
146
157
|
export async function requireAdmin(options = {}) {
|
|
147
|
-
// 1. NextAuth session —
|
|
148
|
-
//
|
|
149
|
-
//
|
|
158
|
+
// 1. NextAuth session — read through the UNIFIED auth config. The sandbox
|
|
159
|
+
// template mounts one NextAuth endpoint (`/api/auth/[...nextauth]`) wired
|
|
160
|
+
// to `createAuthOptions()`, so that's the config that writes the session
|
|
161
|
+
// cookie. Reading from the same config guarantees the cookie name and
|
|
162
|
+
// SameSite policy match between write and read. See the file-level comment
|
|
163
|
+
// for the full rationale.
|
|
150
164
|
// The `as unknown as` dance is unavoidable: getServerSession's overloaded
|
|
151
165
|
// return type infers to `{}` in this generic context, and our session user
|
|
152
166
|
// carries a custom `role` field we need to read.
|
|
153
167
|
let rawSession;
|
|
154
168
|
try {
|
|
155
|
-
rawSession = await getServerSession(
|
|
169
|
+
rawSession = await getServerSession(createAuthOptions());
|
|
156
170
|
}
|
|
157
171
|
catch (err) {
|
|
158
172
|
console.error('[requireAdmin] Failed to read session:', err);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin-session.js","sourceRoot":"","sources":["../../../src/admin/server/admin-session.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"admin-session.js","sourceRoot":"","sources":["../../../src/admin/server/admin-session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoEG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAA;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AAC/C,OAAO,EACL,aAAa,EACb,YAAY,GAEb,MAAM,gBAAgB,CAAA;AA6BvB,MAAM,mBAAmB,GAAG,EAAE,GAAG,IAAI,CAAA;AACrC,MAAM,WAAW,GAAG,IAAI,GAAG,EAA4B,CAAA;AAEvD,SAAS,cAAc,CAAC,OAAe;IACrC,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IACtC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACvB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;QACjC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QAC3B,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,KAAK,CAAC,KAAK,CAAA;AACpB,CAAC;AAED,SAAS,cAAc,CAAC,OAAe,EAAE,KAAiB;IACxD,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE;QACvB,KAAK;QACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,mBAAmB;KAC5C,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe;IACpD,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;AAC7B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,wBAAwB;IACtC,WAAW,CAAC,KAAK,EAAE,CAAA;AACrB,CAAC;AAED,gFAAgF;AAChF,mBAAmB;AACnB,gFAAgF;AAEhF,SAAS,YAAY;IACnB,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,cAAc,EAAE,EAC/C,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;AACH,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE,EACzC,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;AACH,CAAC;AAED,gFAAgF;AAChF,cAAc;AACd,gFAAgF;AAEhF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,UAA+B,EAAE;IAEjC,0EAA0E;IAC1E,0EAA0E;IAC1E,yEAAyE;IACzE,sEAAsE;IACtE,2EAA2E;IAC3E,0BAA0B;IAC1B,0EAA0E;IAC1E,2EAA2E;IAC3E,iDAAiD;IACjD,IAAI,UAAmB,CAAA;IACvB,IAAI,CAAC;QACH,UAAU,GAAG,MAAM,gBAAgB,CAAC,iBAAiB,EAAE,CAAC,CAAA;IAC1D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,GAAG,CAAC,CAAA;QAC5D,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE,CAAA;IAChD,CAAC;IAED,MAAM,WAAW,GAAI,UAEZ,EAAE,IAAI,CAAA;IACf,IAAI,CAAC,WAAW,EAAE,EAAE,EAAE,CAAC;QACrB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE,CAAA;IAChD,CAAC;IAED,mDAAmD;IACnD,IAAI,KAAK,GAAG,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;IAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACnD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE,CAAA;YAChD,CAAC;YACD,KAAK,GAAG,OAAgC,CAAA;YACxC,cAAc,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAA;QACvC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,2CAA2C,EAAE,GAAG,CAAC,CAAA;YAC/D,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE,CAAA;QAChD,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,6EAA6E;IAC7E,2EAA2E;IAC3E,yEAAyE;IACzE,gEAAgE;IAChE,MAAM,MAAM,GAAI,KAAwC,CAAC,MAAM,IAAI,QAAQ,CAAA;IAC3E,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE,CAAA;IAChD,CAAC;IAED,iEAAiE;IACjE,qEAAqE;IACrE,0BAA0B;IAC1B,EAAE;IACF,6DAA6D;IAC7D,qEAAqE;IACrE,kEAAkE;IAClE,iEAAiE;IACjE,mEAAmE;IACnE,uCAAuC;IACvC,MAAM,UAAU,GAAG,WAAW,CAAC,cAAc,IAAI,CAAC,CAAA;IAClD,MAAM,SAAS,GACZ,KAAgD,CAAC,cAAc,IAAI,CAAC,CAAA;IACvE,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE,CAAA;IAChD,CAAC;IAED,sCAAsC;IACtC,IAAI,OAAO,CAAC,UAAU,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACzE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,CAAA;IAC7C,CAAC;IAED,oCAAoC;IACpC,IAAI,OAAO,CAAC,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAClE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,CAAA;IAC7C,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAA;AAC5B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/auth/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAiB,MAAM,WAAW,CAAA;AAI/D,OAAO,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAA;AA0BjE;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,GAAE,iBAAsB,GAAG,eAAe,
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/auth/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAiB,MAAM,WAAW,CAAA;AAI/D,OAAO,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAA;AA0BjE;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,GAAE,iBAAsB,GAAG,eAAe,CAgPlF;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAEjC"}
|
package/dist/auth/config.js
CHANGED
|
@@ -101,12 +101,16 @@ export function createAuthOptions(options = {}) {
|
|
|
101
101
|
if (!result.success) {
|
|
102
102
|
throw new Error(result.error, { cause: result.code });
|
|
103
103
|
}
|
|
104
|
-
// Return admin user with role
|
|
104
|
+
// Return admin user with role. `sessionVersion` is embedded in
|
|
105
|
+
// the JWT at sign-in so `requireAdmin` can detect forced logouts
|
|
106
|
+
// after password changes (Phase 4 session versioning).
|
|
107
|
+
const sessionVersion = result.admin.sessionVersion ?? 0;
|
|
105
108
|
return {
|
|
106
109
|
id: result.admin.id,
|
|
107
110
|
email: result.admin.email,
|
|
108
111
|
name: result.admin.name,
|
|
109
|
-
role: result.admin.role,
|
|
112
|
+
role: result.admin.role,
|
|
113
|
+
sessionVersion,
|
|
110
114
|
};
|
|
111
115
|
},
|
|
112
116
|
}),
|
|
@@ -172,6 +176,8 @@ export function createAuthOptions(options = {}) {
|
|
|
172
176
|
// Admin user - store role, no emailVerified
|
|
173
177
|
sdkToken.role = sdkUser.role;
|
|
174
178
|
sdkToken.emailVerified = null;
|
|
179
|
+
// Phase 4: embed session version for forced-logout on password change
|
|
180
|
+
sdkToken.sessionVersion = sdkUser.sessionVersion ?? 0;
|
|
175
181
|
// Use shorter admin session
|
|
176
182
|
sdkToken.maxAge = ADMIN_SESSION_MAX_AGE;
|
|
177
183
|
}
|
|
@@ -218,6 +224,9 @@ export function createAuthOptions(options = {}) {
|
|
|
218
224
|
// Admin user
|
|
219
225
|
user.role = sdkToken.role;
|
|
220
226
|
user.emailVerified = true; // Admins don't need email verification
|
|
227
|
+
// Phase 4: propagate session version so requireAdmin can
|
|
228
|
+
// compare it against the DB row.
|
|
229
|
+
user.sessionVersion = sdkToken.sessionVersion ?? 0;
|
|
221
230
|
}
|
|
222
231
|
else {
|
|
223
232
|
// Customer user
|
package/dist/auth/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/auth/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,mBAAmB,MAAM,iCAAiC,CAAA;AACjE,OAAO,EAAE,oBAAoB,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAA;AAGxF,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF;;GAEG;AACH,MAAM,uBAAuB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;AAE5C;;GAEG;AACH,MAAM,mBAAmB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;AAE7C;;;GAGG;AACH,MAAM,qBAAqB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,CAAA;AAEzC,gFAAgF;AAChF,qBAAqB;AACrB,gFAAgF;AAEhF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAA6B,EAAE;IAC/D,MAAM,EACJ,aAAa,GAAG,uBAAuB,EACvC,gBAAgB,GAAG,mBAAmB,EACtC,wBAAwB,GAAG,IAAI,EAC/B,UAAU,GAAG,cAAc,EAC3B,SAAS,GAAG,cAAc,GAC3B,GAAG,OAAO,CAAA;IAEX,OAAO;QACL,SAAS,EAAE;YACT,mBAAmB,CAAC;gBAClB,EAAE,EAAE,aAAa;gBACjB,IAAI,EAAE,aAAa;gBACnB,WAAW,EAAE;oBACX,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE;oBACxC,QAAQ,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE;oBACjD,UAAU,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,UAAU,EAAE;iBACvD;gBACD,KAAK,CAAC,SAAS,CAAC,WAAW;oBACzB,IAAI,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,CAAC;wBAClD,OAAO,IAAI,CAAA;oBACb,CAAC;oBAED,MAAM,MAAM,GAAG,MAAM,oBAAoB,CACvC,WAAW,CAAC,KAAK,EACjB,WAAW,CAAC,QAAQ,EACpB,wBAAwB,CACzB,CAAA;oBAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;wBACpB,uDAAuD;wBACvD,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;oBACvD,CAAC;oBAED,iCAAiC;oBACjC,sEAAsE;oBACtE,OAAO;wBACL,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,EAAE;wBACtB,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,KAAK;wBAC5B,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,IAAI,SAAS;wBACvC,aAAa,EAAE,MAAM,CAAC,QAAQ,CAAC,aAAa;wBAC5C,0CAA0C;wBAC1C,UAAU,EAAE,WAAW,CAAC,UAAU,KAAK,MAAM;wBAC7C,qCAAqC;wBACrC,IAAI,EAAE,SAAS;qBACG,CAAA;gBACtB,CAAC;aACF,CAAC;YAEF,4EAA4E;YAC5E,6BAA6B;YAC7B,4EAA4E;YAC5E,mBAAmB,CAAC;gBAClB,EAAE,EAAE,mBAAmB;gBACvB,IAAI,EAAE,mBAAmB;gBACzB,WAAW,EAAE;oBACX,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE;oBACxC,QAAQ,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE;iBAClD;gBACD,KAAK,CAAC,SAAS,CAAC,WAAW;oBACzB,IAAI,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,CAAC;wBAClD,OAAO,IAAI,CAAA;oBACb,CAAC;oBAED,8CAA8C;oBAC9C,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,+BAA+B,CAAC,CAAA;oBAE3E,MAAM,MAAM,GAAG,MAAM,iBAAiB,CACpC,WAAW,CAAC,KAAK,EACjB,WAAW,CAAC,QAAQ,CACrB,CAAA;oBAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;wBACpB,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;oBACvD,CAAC;oBAED,
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/auth/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,mBAAmB,MAAM,iCAAiC,CAAA;AACjE,OAAO,EAAE,oBAAoB,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAA;AAGxF,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF;;GAEG;AACH,MAAM,uBAAuB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;AAE5C;;GAEG;AACH,MAAM,mBAAmB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;AAE7C;;;GAGG;AACH,MAAM,qBAAqB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,CAAA;AAEzC,gFAAgF;AAChF,qBAAqB;AACrB,gFAAgF;AAEhF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAA6B,EAAE;IAC/D,MAAM,EACJ,aAAa,GAAG,uBAAuB,EACvC,gBAAgB,GAAG,mBAAmB,EACtC,wBAAwB,GAAG,IAAI,EAC/B,UAAU,GAAG,cAAc,EAC3B,SAAS,GAAG,cAAc,GAC3B,GAAG,OAAO,CAAA;IAEX,OAAO;QACL,SAAS,EAAE;YACT,mBAAmB,CAAC;gBAClB,EAAE,EAAE,aAAa;gBACjB,IAAI,EAAE,aAAa;gBACnB,WAAW,EAAE;oBACX,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE;oBACxC,QAAQ,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE;oBACjD,UAAU,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,UAAU,EAAE;iBACvD;gBACD,KAAK,CAAC,SAAS,CAAC,WAAW;oBACzB,IAAI,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,CAAC;wBAClD,OAAO,IAAI,CAAA;oBACb,CAAC;oBAED,MAAM,MAAM,GAAG,MAAM,oBAAoB,CACvC,WAAW,CAAC,KAAK,EACjB,WAAW,CAAC,QAAQ,EACpB,wBAAwB,CACzB,CAAA;oBAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;wBACpB,uDAAuD;wBACvD,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;oBACvD,CAAC;oBAED,iCAAiC;oBACjC,sEAAsE;oBACtE,OAAO;wBACL,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,EAAE;wBACtB,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,KAAK;wBAC5B,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,IAAI,SAAS;wBACvC,aAAa,EAAE,MAAM,CAAC,QAAQ,CAAC,aAAa;wBAC5C,0CAA0C;wBAC1C,UAAU,EAAE,WAAW,CAAC,UAAU,KAAK,MAAM;wBAC7C,qCAAqC;wBACrC,IAAI,EAAE,SAAS;qBACG,CAAA;gBACtB,CAAC;aACF,CAAC;YAEF,4EAA4E;YAC5E,6BAA6B;YAC7B,4EAA4E;YAC5E,mBAAmB,CAAC;gBAClB,EAAE,EAAE,mBAAmB;gBACvB,IAAI,EAAE,mBAAmB;gBACzB,WAAW,EAAE;oBACX,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE;oBACxC,QAAQ,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE;iBAClD;gBACD,KAAK,CAAC,SAAS,CAAC,WAAW;oBACzB,IAAI,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,CAAC;wBAClD,OAAO,IAAI,CAAA;oBACb,CAAC;oBAED,8CAA8C;oBAC9C,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,+BAA+B,CAAC,CAAA;oBAE3E,MAAM,MAAM,GAAG,MAAM,iBAAiB,CACpC,WAAW,CAAC,KAAK,EACjB,WAAW,CAAC,QAAQ,CACrB,CAAA;oBAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;wBACpB,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAA;oBACvD,CAAC;oBAED,+DAA+D;oBAC/D,iEAAiE;oBACjE,uDAAuD;oBACvD,MAAM,cAAc,GACjB,MAAM,CAAC,KAAqC,CAAC,cAAc,IAAI,CAAC,CAAA;oBACnE,OAAO;wBACL,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE;wBACnB,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK;wBACzB,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI;wBACvB,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI;wBACvB,cAAc;qBACI,CAAA;gBACtB,CAAC;aACF,CAAC;SACH;QAED,OAAO,EAAE;YACP,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,aAAa;SACtB;QAED,GAAG,EAAE;YACH,MAAM,EAAE,aAAa;SACtB;QAED,KAAK,EAAE;YACL,MAAM,EAAE,UAAU;YAClB,KAAK,EAAE,SAAS;SACjB;QAED,4EAA4E;QAC5E,mEAAmE;QACnE,4EAA4E;QAC5E,kEAAkE;QAClE,0DAA0D;QAC1D,wDAAwD;QACxD,OAAO,EAAE;YACP,YAAY,EAAE;gBACZ,IAAI,EAAE,kCAAkC;gBACxC,OAAO,EAAE;oBACP,QAAQ,EAAE,IAAI;oBACd,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,GAAG;oBACT,MAAM,EAAE,IAAI;iBACb;aACF;YACD,WAAW,EAAE;gBACX,IAAI,EAAE,iCAAiC;gBACvC,OAAO,EAAE;oBACP,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,GAAG;oBACT,MAAM,EAAE,IAAI;iBACb;aACF;YACD,SAAS,EAAE;gBACT,IAAI,EAAE,6BAA6B;gBACnC,OAAO,EAAE;oBACP,QAAQ,EAAE,IAAI;oBACd,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,GAAG;oBACT,MAAM,EAAE,IAAI;iBACb;aACF;SACF;QAED,SAAS,EAAE;YACT,KAAK,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE;gBACzC,2CAA2C;gBAC3C,MAAM,QAAQ,GAAG,KAA0B,CAAA;gBAE3C,kBAAkB;gBAClB,IAAI,IAAI,EAAE,CAAC;oBACT,gDAAgD;oBAChD,MAAM,OAAO,GAAG,IAAe,CAAA;oBAC/B,QAAQ,CAAC,EAAE,GAAG,IAAI,CAAC,EAAE,CAAA;oBACrB,QAAQ,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,SAAS,CAAA;oBACxC,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,SAAS,CAAA;oBAEtC,kDAAkD;oBAClD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;wBACjB,4CAA4C;wBAC5C,QAAQ,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAA;wBAC5B,QAAQ,CAAC,aAAa,GAAG,IAAI,CAAA;wBAC7B,sEAAsE;wBACtE,QAAQ,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,CAAC,CAAA;wBACrD,4BAA4B;wBAC5B,QAAQ,CAAC,MAAM,GAAG,qBAAqB,CAAA;oBACzC,CAAC;yBAAM,CAAC;wBACN,6CAA6C;wBAC7C,QAAQ,CAAC,IAAI,GAAG,SAAS,CAAA;wBACzB,kEAAkE;wBAClE,QAAQ,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa;4BAC5C,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,YAAY,IAAI;gCACtC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,WAAW,EAAE;gCACrC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;4BAClC,CAAC,CAAC,IAAI,CAAA;wBAER,2CAA2C;wBAC3C,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;4BACvB,QAAQ,CAAC,MAAM,GAAG,gBAAgB,CAAA;wBACpC,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,gCAAgC;gBAChC,IAAI,OAAO,KAAK,QAAQ,IAAI,OAAO,EAAE,CAAC;oBACpC,8BAA8B;oBAC9B,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;wBAC/B,QAAQ,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAA;oBAC9B,CAAC;oBACD,IAAI,OAAO,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;wBACxC,QAAQ,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa;4BAC5C,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC;4BAC/B,CAAC,CAAC,IAAI,CAAA;oBACV,CAAC;gBACH,CAAC;gBAED,OAAO,KAAK,CAAA;YACd,CAAC;YAED,KAAK,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE;gBAC9B,+DAA+D;gBAC/D,gFAAgF;gBAChF,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,QAAQ,GAAG,KAA0B,CAAA;oBAC3C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAiC,CAAA;oBACtD,IAAI,CAAC,EAAE,GAAG,QAAQ,CAAC,EAAY,CAAA;oBAC/B,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAC,KAAe,CAAA;oBACrC,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAA;oBAEzB,gDAAgD;oBAChD,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;wBAClB,aAAa;wBACb,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAA;wBACzB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAA,CAAC,uCAAuC;wBACjE,yDAAyD;wBACzD,iCAAiC;wBACjC,IAAI,CAAC,cAAc,GAAG,QAAQ,CAAC,cAAc,IAAI,CAAC,CAAA;oBACpD,CAAC;yBAAM,CAAC;wBACN,gBAAgB;wBAChB,IAAI,CAAC,IAAI,GAAG,SAAS,CAAA;wBACrB,6CAA6C;wBAC7C,IAAI,CAAC,aAAa,GAAG,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAA;oBAC/C,CAAC;gBACH,CAAC;gBAED,OAAO,OAAO,CAAA;YAChB,CAAC;SACF;QAED,MAAM,EAAE;YACN,+BAA+B;YAC/B,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE;gBACnB,OAAO,CAAC,GAAG,CAAC,8BAA8B,IAAI,CAAC,KAAK,EAAE,CAAC,CAAA;YACzD,CAAC;YACD,KAAK,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE;gBACrB,OAAO,CAAC,GAAG,CAAC,+BAA+B,KAAK,EAAE,KAAK,EAAE,CAAC,CAAA;YAC5D,CAAC;SACF;QAED,8BAA8B;QAC9B,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa;KAC9C,CAAA;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,UAAkB;IAElB,OAAO,sBAAsB,CAAC,UAAU,CAAC,CAAA;AAC3C,CAAC"}
|