@rpcbase/auth 0.98.0 → 0.100.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api/sign-in/handler.d.ts.map +1 -1
- package/dist/api/verify-otp/handler.d.ts.map +1 -1
- package/dist/components/RememberMeCheckbox/index.d.ts +2 -2
- package/dist/components/RememberMeCheckbox/index.d.ts.map +1 -1
- package/dist/{handler-DoVmy5fg.js → handler--2n6PFBR.js} +4 -4
- package/dist/{handler-DoVmy5fg.js.map → handler--2n6PFBR.js.map} +1 -1
- package/dist/{handler-Bj9EhP0l.js → handler-CXncjnG5.js} +4 -4
- package/dist/handler-CXncjnG5.js.map +1 -0
- package/dist/{handler-DKNeylFQ.js → handler-Db6lpg3J.js} +4 -4
- package/dist/handler-Db6lpg3J.js.map +1 -0
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/{middleware-BiMXO6Dq.js → middleware-HjIzPByj.js} +3 -2
- package/dist/middleware-HjIzPByj.js.map +1 -0
- package/dist/middleware.d.ts.map +1 -1
- package/dist/oauth/index.js +13 -16
- package/dist/oauth/index.js.map +1 -1
- package/dist/oauth/lib.d.ts +9 -6
- package/dist/oauth/lib.d.ts.map +1 -1
- package/dist/routes.js +1 -1
- package/package.json +1 -1
- package/dist/handler-Bj9EhP0l.js.map +0 -1
- package/dist/handler-DKNeylFQ.js.map +0 -1
- package/dist/middleware-BiMXO6Dq.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/sign-in/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAmB,MAAM,cAAc,CAAA;AAInD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;
|
|
1
|
+
{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/sign-in/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAmB,MAAM,cAAc,CAAA;AAInD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;yBA2DlC,KAAK,GAAG,CAAC,eAAe,CAAC;AAAzC,wBAEC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/verify-otp/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAmB,MAAM,cAAc,CAAA;AAGnD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;
|
|
1
|
+
{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/verify-otp/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAmB,MAAM,cAAc,CAAA;AAGnD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;yBA6DlC,KAAK,GAAG,CAAC,eAAe,CAAC;AAAzC,wBAEC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { ElementType } from 'react';
|
|
2
2
|
export declare const RememberMeCheckbox: ({ label, as: Component }: {
|
|
3
3
|
label: string;
|
|
4
|
-
as?:
|
|
4
|
+
as?: ElementType;
|
|
5
5
|
}) => import("react/jsx-runtime").JSX.Element;
|
|
6
6
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/components/RememberMeCheckbox/index.tsx"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/components/RememberMeCheckbox/index.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,OAAO,CAAA;AAIxC,eAAO,MAAM,kBAAkB,GAAI,0BAGhC;IACD,KAAK,EAAE,MAAM,CAAC;IACd,EAAE,CAAC,EAAE,WAAW,CAAA;CACjB,4CAiBA,CAAA"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { models } from "@rpcbase/db";
|
|
2
|
-
import { r as restrictSessionMiddleware } from "./middleware-
|
|
2
|
+
import { r as restrictSessionMiddleware } from "./middleware-HjIzPByj.js";
|
|
3
3
|
import { o as object, s as string, a as array } from "./schemas-Dn3gHDGz.js";
|
|
4
4
|
const Route = "/api/rb/auth/me";
|
|
5
5
|
object({});
|
|
@@ -41,9 +41,9 @@ const me = async (_payload, ctx) => {
|
|
|
41
41
|
return {
|
|
42
42
|
id: user._id.toString(),
|
|
43
43
|
email: user.email,
|
|
44
|
-
phone: user.phone,
|
|
44
|
+
phone: user.get("phone"),
|
|
45
45
|
name: user.name,
|
|
46
|
-
tenants: (user.tenants || []).map(
|
|
46
|
+
tenants: (user.tenants || []).map(String),
|
|
47
47
|
currentTenantId: tenantId,
|
|
48
48
|
signedInTenants: sessionUser.signedInTenants || []
|
|
49
49
|
};
|
|
@@ -55,4 +55,4 @@ const handler = (api) => {
|
|
|
55
55
|
export {
|
|
56
56
|
handler as default
|
|
57
57
|
};
|
|
58
|
-
//# sourceMappingURL=handler
|
|
58
|
+
//# sourceMappingURL=handler--2n6PFBR.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handler
|
|
1
|
+
{"version":3,"file":"handler--2n6PFBR.js","sources":["../src/api/me/index.ts","../src/api/me/handler.ts"],"sourcesContent":["import { z } from \"zod\"\n\n\nexport const Route = \"/api/rb/auth/me\"\n\nexport const requestSchema = z.object({})\nexport type RequestPayload = z.infer<typeof requestSchema>\n\nexport const responseSchema = z.object({\n id: z.string().optional(),\n email: z.string().email().optional(),\n phone: z.string().optional(),\n name: z.string().optional(),\n tenants: z.array(z.string()).default([]),\n currentTenantId: z.string().optional(),\n signedInTenants: z.array(z.string()).default([]).optional(),\n error: z.string().optional(),\n})\n\nexport type ResponsePayload = z.infer<typeof responseSchema>\n","import { Api, ApiHandler, Ctx } from \"@rpcbase/api\"\nimport { models } from \"@rpcbase/db\"\n\nimport type { AuthSessionUser } from \"../../types\"\nimport { restrictSessionMiddleware } from \"../../middleware\"\n\nimport * as Me from \"./index\"\n\n\nconst me: ApiHandler<Me.RequestPayload, Me.ResponsePayload, AuthSessionUser> = async(\n _payload: Me.RequestPayload,\n ctx: Ctx<AuthSessionUser>\n): Promise<Me.ResponsePayload> => {\n const sessionUser = ctx.req.session?.user\n\n if (!sessionUser?.id) {\n ctx.res.status(401)\n return {\n id: \"\",\n currentTenantId: \"\",\n signedInTenants: [],\n tenants: [],\n error: \"not_authenticated\",\n } as unknown as Me.ResponsePayload\n }\n\n const User = await models.getGlobal(\"RBUser\", ctx)\n const user = await User.findById(sessionUser.id)\n\n if (!user) {\n ctx.res.status(404)\n return {\n id: \"\",\n currentTenantId: \"\",\n signedInTenants: [],\n tenants: [],\n error: \"user_not_found\",\n } as unknown as Me.ResponsePayload\n }\n\n const tenantId = sessionUser.currentTenantId || user.tenants?.[0]?.toString?.() || \"00000000\"\n\n return {\n id: user._id.toString(),\n email: user.email,\n phone: user.get(\"phone\") as string | undefined,\n name: user.name,\n tenants: (user.tenants || []).map(String),\n currentTenantId: tenantId,\n signedInTenants: sessionUser.signedInTenants || [],\n }\n}\n\nexport default (api: Api<AuthSessionUser>) => {\n api.use(Me.Route, restrictSessionMiddleware)\n api.get(Me.Route, me)\n}\n"],"names":["z.object","z.string","z.array","Me.Route"],"mappings":";;;AAGO,MAAM,QAAQ;AAEQA,OAAS,CAAA,CAAE;AAGVA,OAAS;AAAA,EACrC,IAAIC,OAAE,EAAS,SAAA;AAAA,EACf,OAAOA,OAAE,EAAS,MAAA,EAAQ,SAAA;AAAA,EAC1B,OAAOA,OAAE,EAAS,SAAA;AAAA,EAClB,MAAMA,OAAE,EAAS,SAAA;AAAA,EACjB,SAASC,MAAQD,QAAU,EAAE,QAAQ,CAAA,CAAE;AAAA,EACvC,iBAAiBA,OAAE,EAAS,SAAA;AAAA,EAC5B,iBAAiBC,MAAQD,OAAE,CAAQ,EAAE,QAAQ,CAAA,CAAE,EAAE,SAAA;AAAA,EACjD,OAAOA,OAAE,EAAS,SAAA;AACpB,CAAC;ACRD,MAAM,KAAyE,OAC7E,UACA,QACgC;AAChC,QAAM,cAAc,IAAI,IAAI,SAAS;AAErC,MAAI,CAAC,aAAa,IAAI;AACpB,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,iBAAiB;AAAA,MACjB,iBAAiB,CAAA;AAAA,MACjB,SAAS,CAAA;AAAA,MACT,OAAO;AAAA,IAAA;AAAA,EAEX;AAEA,QAAM,OAAO,MAAM,OAAO,UAAU,UAAU,GAAG;AACjD,QAAM,OAAO,MAAM,KAAK,SAAS,YAAY,EAAE;AAE/C,MAAI,CAAC,MAAM;AACT,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,iBAAiB;AAAA,MACjB,iBAAiB,CAAA;AAAA,MACjB,SAAS,CAAA;AAAA,MACT,OAAO;AAAA,IAAA;AAAA,EAEX;AAEA,QAAM,WAAW,YAAY,mBAAmB,KAAK,UAAU,CAAC,GAAG,gBAAgB;AAEnF,SAAO;AAAA,IACL,IAAI,KAAK,IAAI,SAAA;AAAA,IACb,OAAO,KAAK;AAAA,IACZ,OAAO,KAAK,IAAI,OAAO;AAAA,IACvB,MAAM,KAAK;AAAA,IACX,UAAU,KAAK,WAAW,CAAA,GAAI,IAAI,MAAM;AAAA,IACxC,iBAAiB;AAAA,IACjB,iBAAiB,YAAY,mBAAmB,CAAA;AAAA,EAAC;AAErD;AAEA,MAAA,UAAe,CAAC,QAA8B;AAC5C,MAAI,IAAIE,OAAU,yBAAyB;AAC3C,MAAI,IAAIA,OAAU,EAAE;AACtB;"}
|
|
@@ -36,9 +36,9 @@ const verifyOtp = async (payload, ctx) => {
|
|
|
36
36
|
user.emailVerificationExpiresAt = void 0;
|
|
37
37
|
await user.save();
|
|
38
38
|
const tenantId = user.tenants?.[0]?.toString?.() || "00000000";
|
|
39
|
-
const signedInTenants = (user.tenants || []).map(
|
|
40
|
-
const
|
|
41
|
-
const tenantRoles =
|
|
39
|
+
const signedInTenants = (user.tenants || []).map(String);
|
|
40
|
+
const tenantRolesMap = user.get("tenantRoles");
|
|
41
|
+
const tenantRoles = tenantRolesMap ? Object.fromEntries(tenantRolesMap.entries()) : void 0;
|
|
42
42
|
if (!ctx.req.session) {
|
|
43
43
|
ctx.res.status(500);
|
|
44
44
|
return { success: false, error: "session_unavailable" };
|
|
@@ -58,4 +58,4 @@ const handler = (api) => {
|
|
|
58
58
|
export {
|
|
59
59
|
handler as default
|
|
60
60
|
};
|
|
61
|
-
//# sourceMappingURL=handler-
|
|
61
|
+
//# sourceMappingURL=handler-CXncjnG5.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"handler-CXncjnG5.js","sources":["../src/api/verify-otp/index.ts","../src/api/verify-otp/handler.ts"],"sourcesContent":["import { z } from \"zod\"\n\n\nexport const Route = \"/api/rb/auth/verify-otp\"\n\nexport const requestSchema = z.object({\n email: z.string().email(),\n code: z.string().length(6, \"Code must be 6 digits\"),\n rememberMe: z.boolean().default(true),\n})\n\nexport type RequestPayload = z.infer<typeof requestSchema>\n\nexport const responseSchema = z.object({\n success: z.boolean(),\n error: z.string().optional(),\n userId: z.string().optional(),\n tenantId: z.string().optional(),\n})\n\nexport type ResponsePayload = z.infer<typeof responseSchema>\n","import { Api, ApiHandler, Ctx } from \"@rpcbase/api\"\nimport { models } from \"@rpcbase/db\"\n\nimport type { AuthSessionUser } from \"../../types\"\n\nimport * as VerifyOtp from \"./index\"\n\n\nconst verifyOtp: ApiHandler<VerifyOtp.RequestPayload, VerifyOtp.ResponsePayload, AuthSessionUser> = async (\n payload,\n ctx: Ctx<AuthSessionUser>\n): Promise<VerifyOtp.ResponsePayload> => {\n const User = await models.getGlobal(\"RBUser\", ctx)\n\n const parsed = VerifyOtp.requestSchema.safeParse(payload)\n\n if (!parsed.success) {\n ctx.res.status(400)\n return { success: false, error: \"invalid_payload\" }\n }\n\n const { email, code } = parsed.data\n\n const user = await User.findOne({ email }, { emailVerificationCode: 1, emailVerificationExpiresAt: 1, tenants: 1, tenantRoles: 1 })\n\n if (!user) {\n ctx.res.status(404)\n return { success: false, error: \"user_not_found\" }\n }\n\n const storedCode = user.emailVerificationCode\n const expiresAt = user.emailVerificationExpiresAt\n\n const isExpired = expiresAt instanceof Date && expiresAt.getTime() < Date.now()\n if (!storedCode || storedCode !== code || isExpired) {\n ctx.res.status(400)\n return { success: false, error: \"invalid_code\" }\n }\n\n user.emailVerificationCode = undefined\n user.emailVerificationExpiresAt = undefined\n await user.save()\n\n const tenantId = user.tenants?.[0]?.toString?.() || \"00000000\"\n const signedInTenants = (user.tenants || []).map(String)\n const tenantRolesMap = user.get(\"tenantRoles\") as Map<string, string[]> | undefined\n const tenantRoles = tenantRolesMap ? Object.fromEntries(tenantRolesMap.entries()) : undefined\n\n if (!ctx.req.session) {\n ctx.res.status(500)\n return { success: false, error: \"session_unavailable\" }\n }\n\n ctx.req.session.user = {\n id: user._id.toString(),\n currentTenantId: tenantId,\n signedInTenants: signedInTenants.length ? signedInTenants : [tenantId],\n isEntryGateAuthorized: true,\n tenantRoles,\n }\n\n return { success: true, userId: user._id.toString(), tenantId }\n}\n\nexport default (api: Api<AuthSessionUser>) => {\n api.post(VerifyOtp.Route, verifyOtp)\n}\n"],"names":["z.object","z.string","z.boolean","VerifyOtp.requestSchema","VerifyOtp.Route"],"mappings":";;AAGO,MAAM,QAAQ;AAEd,MAAM,gBAAgBA,OAAS;AAAA,EACpC,OAAOC,OAAE,EAAS,MAAA;AAAA,EAClB,MAAMA,OAAE,EAAS,OAAO,GAAG,uBAAuB;AAAA,EAClD,YAAYC,UAAY,QAAQ,IAAI;AACtC,CAAC;AAI6BF,OAAS;AAAA,EACrC,SAASE,QAAE;AAAA,EACX,OAAOD,OAAE,EAAS,SAAA;AAAA,EAClB,QAAQA,OAAE,EAAS,SAAA;AAAA,EACnB,UAAUA,OAAE,EAAS,SAAA;AACvB,CAAC;ACVD,MAAM,YAA8F,OAClG,SACA,QACuC;AACvC,QAAM,OAAO,MAAM,OAAO,UAAU,UAAU,GAAG;AAEjD,QAAM,SAASE,cAAwB,UAAU,OAAO;AAExD,MAAI,CAAC,OAAO,SAAS;AACnB,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,kBAAA;AAAA,EAClC;AAEA,QAAM,EAAE,OAAO,KAAA,IAAS,OAAO;AAE/B,QAAM,OAAO,MAAM,KAAK,QAAQ,EAAE,SAAS,EAAE,uBAAuB,GAAG,4BAA4B,GAAG,SAAS,GAAG,aAAa,GAAG;AAElI,MAAI,CAAC,MAAM;AACT,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,iBAAA;AAAA,EAClC;AAEA,QAAM,aAAa,KAAK;AACxB,QAAM,YAAY,KAAK;AAEvB,QAAM,YAAY,qBAAqB,QAAQ,UAAU,QAAA,IAAY,KAAK,IAAA;AAC1E,MAAI,CAAC,cAAc,eAAe,QAAQ,WAAW;AACnD,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,eAAA;AAAA,EAClC;AAEA,OAAK,wBAAwB;AAC7B,OAAK,6BAA6B;AAClC,QAAM,KAAK,KAAA;AAEX,QAAM,WAAW,KAAK,UAAU,CAAC,GAAG,gBAAgB;AACpD,QAAM,mBAAmB,KAAK,WAAW,CAAA,GAAI,IAAI,MAAM;AACvD,QAAM,iBAAiB,KAAK,IAAI,aAAa;AAC7C,QAAM,cAAc,iBAAiB,OAAO,YAAY,eAAe,QAAA,CAAS,IAAI;AAEpF,MAAI,CAAC,IAAI,IAAI,SAAS;AACpB,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,sBAAA;AAAA,EAClC;AAEA,MAAI,IAAI,QAAQ,OAAO;AAAA,IACrB,IAAI,KAAK,IAAI,SAAA;AAAA,IACb,iBAAiB;AAAA,IACjB,iBAAiB,gBAAgB,SAAS,kBAAkB,CAAC,QAAQ;AAAA,IACrE,uBAAuB;AAAA,IACvB;AAAA,EAAA;AAGF,SAAO,EAAE,SAAS,MAAM,QAAQ,KAAK,IAAI,SAAA,GAAY,SAAA;AACvD;AAEA,MAAA,UAAe,CAAC,QAA8B;AAC5C,MAAI,KAAKC,OAAiB,SAAS;AACrC;"}
|
|
@@ -24,9 +24,9 @@ const signIn = async (payload, ctx) => {
|
|
|
24
24
|
return { success: false, error: "invalid_credentials" };
|
|
25
25
|
}
|
|
26
26
|
const tenantId = user.tenants?.[0]?.toString?.() || "00000000";
|
|
27
|
-
const signedInTenants = (user.tenants || []).map(
|
|
28
|
-
const
|
|
29
|
-
const tenantRoles =
|
|
27
|
+
const signedInTenants = (user.tenants || []).map(String);
|
|
28
|
+
const tenantRolesMap = user.get("tenantRoles");
|
|
29
|
+
const tenantRoles = tenantRolesMap ? Object.fromEntries(tenantRolesMap.entries()) : void 0;
|
|
30
30
|
if (!ctx.req.session) {
|
|
31
31
|
ctx.res.status(500);
|
|
32
32
|
return { success: false, error: "session_unavailable" };
|
|
@@ -46,4 +46,4 @@ const handler = (api) => {
|
|
|
46
46
|
export {
|
|
47
47
|
handler as default
|
|
48
48
|
};
|
|
49
|
-
//# sourceMappingURL=handler-
|
|
49
|
+
//# sourceMappingURL=handler-Db6lpg3J.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"handler-Db6lpg3J.js","sources":["../src/api/sign-in/handler.ts"],"sourcesContent":["import { Api, ApiHandler, Ctx } from \"@rpcbase/api\"\nimport { models } from \"@rpcbase/db\"\nimport { verifyPasswordFromStorage } from \"@rpcbase/server\"\n\nimport type { AuthSessionUser } from \"../../types\"\n\nimport * as SignIn from \"./index\"\n\n\nconst signIn: ApiHandler<SignIn.RequestPayload, SignIn.ResponsePayload, AuthSessionUser> = async(\n payload,\n ctx: Ctx<AuthSessionUser>\n): Promise<SignIn.ResponsePayload> => {\n const User = await models.getGlobal(\"RBUser\", ctx)\n\n const parsed = SignIn.requestSchema.safeParse(payload)\n\n if (!parsed.success) {\n ctx.res.status(400)\n return { success: false, error: \"invalid_payload\" }\n }\n\n const { email, password } = parsed.data\n\n const user = await User.findOne({ email }, { password: 1, tenants: 1, tenantRoles: 1 })\n\n if (!user?.password) {\n ctx.res.status(401)\n return { success: false, error: \"invalid_credentials\" }\n }\n\n const stored = String(user.password)\n const passwordMatches = await verifyPasswordFromStorage(password, stored)\n\n if (!passwordMatches) {\n if (!stored.startsWith(\"$scrypt$\")) {\n console.warn(\"auth::sign-in invalid stored password format\", user._id.toString())\n }\n ctx.res.status(401)\n return { success: false, error: \"invalid_credentials\" }\n }\n\n const tenantId = user.tenants?.[0]?.toString?.() || \"00000000\"\n const signedInTenants = (user.tenants || []).map(String)\n const tenantRolesMap = user.get(\"tenantRoles\") as Map<string, string[]> | undefined\n const tenantRoles = tenantRolesMap ? Object.fromEntries(tenantRolesMap.entries()) : undefined\n\n if (!ctx.req.session) {\n ctx.res.status(500)\n return { success: false, error: \"session_unavailable\" }\n }\n\n ctx.req.session.user = {\n id: user._id.toString(),\n currentTenantId: tenantId,\n signedInTenants: signedInTenants.length ? signedInTenants : [tenantId],\n isEntryGateAuthorized: true,\n tenantRoles,\n }\n\n return { success: true, userId: user._id.toString(), tenantId }\n}\n\nexport default (api: Api<AuthSessionUser>) => {\n api.post(SignIn.Route, signIn)\n}\n"],"names":["SignIn.requestSchema","SignIn.Route"],"mappings":";;;AASA,MAAM,SAAqF,OACzF,SACA,QACoC;AACpC,QAAM,OAAO,MAAM,OAAO,UAAU,UAAU,GAAG;AAEjD,QAAM,SAASA,cAAqB,UAAU,OAAO;AAErD,MAAI,CAAC,OAAO,SAAS;AACnB,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,kBAAA;AAAA,EAClC;AAEA,QAAM,EAAE,OAAO,SAAA,IAAa,OAAO;AAEnC,QAAM,OAAO,MAAM,KAAK,QAAQ,EAAE,MAAA,GAAS,EAAE,UAAU,GAAG,SAAS,GAAG,aAAa,GAAG;AAEtF,MAAI,CAAC,MAAM,UAAU;AACnB,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,sBAAA;AAAA,EAClC;AAEA,QAAM,SAAS,OAAO,KAAK,QAAQ;AACnC,QAAM,kBAAkB,MAAM,0BAA0B,UAAU,MAAM;AAExE,MAAI,CAAC,iBAAiB;AACpB,QAAI,CAAC,OAAO,WAAW,UAAU,GAAG;AAClC,cAAQ,KAAK,gDAAgD,KAAK,IAAI,UAAU;AAAA,IAClF;AACA,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,sBAAA;AAAA,EAClC;AAEA,QAAM,WAAW,KAAK,UAAU,CAAC,GAAG,gBAAgB;AACpD,QAAM,mBAAmB,KAAK,WAAW,CAAA,GAAI,IAAI,MAAM;AACvD,QAAM,iBAAiB,KAAK,IAAI,aAAa;AAC7C,QAAM,cAAc,iBAAiB,OAAO,YAAY,eAAe,QAAA,CAAS,IAAI;AAEpF,MAAI,CAAC,IAAI,IAAI,SAAS;AACpB,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,sBAAA;AAAA,EAClC;AAEA,MAAI,IAAI,QAAQ,OAAO;AAAA,IACrB,IAAI,KAAK,IAAI,SAAA;AAAA,IACb,iBAAiB;AAAA,IACjB,iBAAiB,gBAAgB,SAAS,kBAAkB,CAAC,QAAQ;AAAA,IACrE,uBAAuB;AAAA,IACvB;AAAA,EAAA;AAGF,SAAO,EAAE,SAAS,MAAM,QAAQ,KAAK,IAAI,SAAA,GAAY,SAAA;AACvD;AAEA,MAAA,UAAe,CAAC,QAA8B;AAC5C,MAAI,KAAKC,OAAc,MAAM;AAC/B;"}
|
package/dist/index.js
CHANGED
|
@@ -5,7 +5,7 @@ import { useFormContext, useForm, zodResolver, FormProvider } from "@rpcbase/for
|
|
|
5
5
|
import { r as requestSchema } from "./index-BfZTJlGT.js";
|
|
6
6
|
import { useState, forwardRef, createElement, useEffect, useCallback, useMemo } from "react";
|
|
7
7
|
import { r as requestSchema$1 } from "./index-DQy-Vgjt.js";
|
|
8
|
-
import { b, a, r } from "./middleware-
|
|
8
|
+
import { b, a, r } from "./middleware-HjIzPByj.js";
|
|
9
9
|
const LINKS_REDIRECTION_MAP = {
|
|
10
10
|
"/auth/sign-in": {
|
|
11
11
|
"title": "Sign Up",
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sources":["../src/components/AuthLayout/index.tsx","../src/components/AppleSignInButton/index.tsx","../src/components/EmailInput/index.tsx","../src/utils/sanitizeNextPath.ts","../src/components/SignInForm/index.tsx","../src/components/SignUpForm/index.tsx","../src/components/RememberMeCheckbox/index.tsx","../../../node_modules/lucide-react/dist/esm/shared/src/utils.js","../../../node_modules/lucide-react/dist/esm/defaultAttributes.js","../../../node_modules/lucide-react/dist/esm/Icon.js","../../../node_modules/lucide-react/dist/esm/createLucideIcon.js","../../../node_modules/lucide-react/dist/esm/icons/eye-off.js","../../../node_modules/lucide-react/dist/esm/icons/eye.js","../src/components/PasswordInput/index.tsx","../src/components/ResendCodeButton/index.tsx"],"sourcesContent":["import * as React from \"react\"\nimport {Link, useLocation } from \"@rpcbase/router\"\n\n\nconst LINKS_REDIRECTION_MAP = {\n \"/auth/sign-in\": {\n \"title\": \"Sign Up\",\n \"location\": \"/auth/sign-up\"\n },\n \"/auth/sign-up\": {\n \"title\": \"Sign In\",\n \"location\": \"/auth/sign-in\"\n },\n \"/auth/forgot-password\": {\n \"title\": \"Sign In\",\n \"location\": \"/auth/sign-in\"\n },\n \"/auth/logout-success\": {\n \"title\": \"Sign In\",\n \"location\": \"/auth/sign-in\"\n }\n}\n\ntype Pathname = keyof typeof LINKS_REDIRECTION_MAP\n\nexport const AuthLayout = ({\n sidePanel = null,\n children,\n}: {\n sidePanel: React.ReactElement | null\n children: React.ReactNode\n}) => {\n const location = useLocation()\n\n const linkTitle = LINKS_REDIRECTION_MAP[location.pathname as Pathname]?.title\n const linkLocation = LINKS_REDIRECTION_MAP[location.pathname as Pathname]?.location\n\n return (\n <div className=\"container relative hidden h-dvh flex-col items-center justify-center md:grid md:w-full lg:max-w-none lg:grid-cols-2 lg:px-0\">\n {/* Top-right redirection link */}\n {linkTitle && linkLocation ? (\n <Link\n className=\"inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium transition-colors focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg]:size-4 [&_svg]:shrink-0 hover:bg-accent hover:text-accent-foreground h-9 px-4 py-2 absolute right-4 top-4 md:right-8 md:top-8\"\n to={linkLocation}\n >\n {linkTitle}\n </Link>\n ) : null}\n <div className=\"relative hidden h-full flex-col bg-muted p-10 text-white dark:border-r lg:flex\">\n {sidePanel}\n </div>\n <div className=\"mx-auto flex w-full flex-col justify-center gap-6 /*sm:w-[350px]*/\">\n {children}\n </div>\n </div>\n )\n}\n","import clsx from \"clsx\"\n\n\nexport const AppleSignInButton = ({\n onPress,\n className,\n}: {\n onPress: () => void;\n className?: string;\n}) => {\n\n return (\n <button\n onClick={onPress}\n className={clsx(`\n w-full\n bg-black text-white hover:bg-gray-800\n flex items-center justify-center\n px-6 py-2\n rounded-lg\n font-medium\n transition duration-150 ease-in-out\n focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-black\n `, className)}\n >\n <svg\n className=\"w-5 h-5 mr-3\"\n xmlns=\"http://www.w3.org/2000/svg\"\n viewBox=\"0 0 24 24\"\n fill=\"white\"\n >\n <path d=\"M12.152 6.896c-.948 0-2.415-1.078-3.96-1.04-2.04.027-3.91 1.183-4.961 3.014-2.117 3.675-.539 9.103 1.519 12.09 1.013 1.454 2.208 3.09 3.792 3.039 1.52-.065 2.09-.987 3.935-.987 1.831 0 2.35.987 3.96.948 1.637-.026 2.676-1.48 3.676-2.948 1.156-1.688 1.636-3.325 1.662-3.415-.039-.013-3.182-1.221-3.22-4.857-.026-3.04 2.48-4.494 2.597-4.559-1.429-2.09-3.623-2.324-4.39-2.376-2-.156-3.675 1.09-4.61 1.09zM15.53 3.83c.843-1.012 1.4-2.427 1.245-3.83-1.207.052-2.662.805-3.532 1.818-.78.896-1.454 2.338-1.273 3.714 1.338.104 2.715-.688 3.559-1.701\" />\n </svg>\n <span>Continue with Apple</span>\n </button>\n )\n}\n","import {useFormContext} from \"@rpcbase/form\"\n\n\nexport const EmailInput = ({\n id,\n className,\n placeholder,\n}: {\n id: string\n className?: string\n placeholder?: string\n}) => {\n const {register, formState} = useFormContext()\n\n const error = formState.errors.email\n let errorMessage: string | undefined\n if (typeof error === \"string\") {\n errorMessage = error\n } else if (error && typeof error.message === \"string\") {\n errorMessage = error.message\n }\n\n return (\n <>\n <input\n id={id}\n type=\"email\"\n required\n autoComplete=\"email\"\n className={className}\n placeholder={placeholder}\n {...register(\"email\")}\n />\n {errorMessage ? (\n <p className=\"mt-1 -mb-2 text-sm/6 text-red-500\">{errorMessage}</p>\n ) : null}\n </>\n )\n}\n","const hasUnsafeNextPathChars = (value: string) => {\n for (let i = 0; i < value.length; i++) {\n const code = value.charCodeAt(i)\n if (code === 92 || code <= 31 || code === 127) return true\n }\n return false\n}\n\nexport const sanitizeNextPath = (raw: string | null) => {\n if (!raw) return null\n\n const nextPath = raw.trim()\n if (!nextPath) return null\n\n if (!nextPath.startsWith(\"/\") || nextPath.startsWith(\"//\")) {\n return null\n }\n\n if (hasUnsafeNextPathChars(nextPath)) {\n return null\n }\n\n try {\n const base = new URL(\"http://localhost\")\n const url = new URL(nextPath, base)\n if (url.origin !== base.origin) {\n return null\n }\n return `${url.pathname}${url.search}${url.hash}`\n } catch {\n return null\n }\n}\n\n","import { ReactNode } from \"react\"\nimport { useNavigate, useSearchParams } from \"@rpcbase/router\"\nimport { useForm, FormProvider, zodResolver } from \"@rpcbase/form\"\nimport type { SubmitHandler } from \"@rpcbase/form\"\nimport { z } from \"zod\"\n\nimport {requestSchema} from \"../../api/sign-in\"\nimport { sanitizeNextPath } from \"../../utils/sanitizeNextPath\"\n\n\ntype SignInFormValues = z.input<typeof requestSchema>\n\nexport const SignInForm = ({\n children,\n className\n}: {\n children: ReactNode,\n className?: string\n}) => {\n const navigate = useNavigate()\n const [searchParams] = useSearchParams()\n\n const methods = useForm<SignInFormValues>({\n defaultValues: {\n email: \"\",\n password: \"\",\n rememberMe: true,\n },\n navigationGuard: false,\n resolver: zodResolver(requestSchema)\n })\n\n const onSubmit: SubmitHandler<SignInFormValues> = async (data) => {\n methods.clearErrors(\"root\")\n\n try {\n const res = await fetch(\"/api/rb/auth/sign-in\", {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify(data),\n credentials: \"include\",\n })\n\n const json = await res.json().catch(() => null) as { success?: boolean; error?: string } | null\n\n if (!res.ok || !json?.success) {\n const message = json?.error === \"invalid_credentials\"\n ? \"Invalid email or password.\"\n : \"Sign-in failed. Please try again.\"\n methods.setError(\"root\", { type: \"server\", message })\n return\n }\n\n const nextPath = sanitizeNextPath(searchParams.get(\"next\")) ?? \"/\"\n navigate(nextPath, { replace: true })\n } catch (err) {\n methods.setError(\"root\", { type: \"server\", message: \"Network error. Please try again.\" })\n }\n }\n\n return (\n <FormProvider {...methods}>\n <form method=\"post\" noValidate className={className} onSubmit={methods.handleSubmit(onSubmit)}>\n {children}\n {methods.formState.errors.root?.message && (\n <p className=\"mt-2 text-sm text-red-600\" role=\"alert\">\n {methods.formState.errors.root.message}\n </p>\n )}\n </form>\n </FormProvider>\n )\n}\n","import {ReactNode, useState} from \"react\"\nimport { useNavigate } from \"@rpcbase/router\"\nimport { useForm, FormProvider, zodResolver } from \"@rpcbase/form\"\nimport type {SubmitHandler} from \"@rpcbase/form\"\nimport { z } from \"zod\"\n\nimport {requestSchema} from \"../../api/sign-up\"\n\n\ntype SignUpFormValues = z.input<typeof requestSchema>\n\n\nexport const SignUpForm = ({\n children,\n className,\n otpNextPath\n}: {\n children: ReactNode,\n className?: string\n otpNextPath?: string\n}) => {\n\n const navigate = useNavigate()\n\n const [serverMessage, setServerMessage] = useState<string | null>(null)\n const methods = useForm<SignUpFormValues>({\n defaultValues: {\n email: \"\",\n password: \"\",\n rememberMe: true,\n },\n navigationGuard: false,\n resolver: zodResolver(requestSchema)\n })\n\n const onSubmit: SubmitHandler<SignUpFormValues> = async (data) => {\n setServerMessage(null)\n methods.clearErrors(\"root\")\n\n try {\n const res = await fetch(\"/api/rb/auth/sign-up\", {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify(data),\n credentials: \"include\",\n })\n\n const json = await res.json()\n\n if (!res.ok) {\n const message = json.error === \"user_exists\"\n ? \"An account already exists with this email.\"\n : \"Sign-up failed. Please try again.\"\n methods.setError(\"root\", { type: \"server\", message })\n return\n }\n\n if (!json.success) {\n methods.setError(\"root\", { type: \"server\", message: \"Sign-up failed. Please try again.\" })\n return\n }\n\n const search = new URLSearchParams({ email: data.email })\n if (otpNextPath) {\n search.set(\"next\", otpNextPath)\n }\n navigate(`/auth/sign-up-otp?${search.toString()}`)\n setServerMessage(\"Account created. Check your inbox to verify your email.\")\n } catch (err) {\n methods.setError(\"root\", { type: \"server\", message: \"Network error. Please try again.\" })\n }\n }\n\n return (\n <FormProvider {...methods}>\n <form method=\"post\" noValidate className={className} onSubmit={methods.handleSubmit(onSubmit)}>\n {children}\n {methods.formState.errors.root?.message && (\n <p className=\"mt-2 text-sm text-red-600\" role=\"alert\">\n {methods.formState.errors.root.message}\n </p>\n )}\n {serverMessage && (\n <p className=\"mt-2 text-sm text-green-700\" role=\"status\">\n {serverMessage}\n </p>\n )}\n </form>\n </FormProvider>\n )\n}\n","import {ComponentType} from \"react\"\nimport {useFormContext} from \"@rpcbase/form\"\n\n\nexport const RememberMeCheckbox = ({\n label,\n as: Component = \"input\"\n}: {\n label: string,\n as?: ComponentType<any> | string\n}) => {\n const {register} = useFormContext()\n\n return (\n <>\n <Component\n id=\"rememberMe\"\n {...register(\"rememberMe\")}\n />\n <label\n htmlFor={\"rememberMe\"}\n className=\"pl-2 block text-sm/6 text-gray-900\"\n >\n {label}\n </label>\n </>\n )\n}\n","/**\n * @license lucide-react v0.562.0 - ISC\n *\n * This source code is licensed under the ISC license.\n * See the LICENSE file in the root directory of this source tree.\n */\n\nconst toKebabCase = (string) => string.replace(/([a-z0-9])([A-Z])/g, \"$1-$2\").toLowerCase();\nconst toCamelCase = (string) => string.replace(\n /^([A-Z])|[\\s-_]+(\\w)/g,\n (match, p1, p2) => p2 ? p2.toUpperCase() : p1.toLowerCase()\n);\nconst toPascalCase = (string) => {\n const camelCase = toCamelCase(string);\n return camelCase.charAt(0).toUpperCase() + camelCase.slice(1);\n};\nconst mergeClasses = (...classes) => classes.filter((className, index, array) => {\n return Boolean(className) && className.trim() !== \"\" && array.indexOf(className) === index;\n}).join(\" \").trim();\nconst hasA11yProp = (props) => {\n for (const prop in props) {\n if (prop.startsWith(\"aria-\") || prop === \"role\" || prop === \"title\") {\n return true;\n }\n }\n};\n\nexport { hasA11yProp, mergeClasses, toCamelCase, toKebabCase, toPascalCase };\n//# sourceMappingURL=utils.js.map\n","/**\n * @license lucide-react v0.562.0 - ISC\n *\n * This source code is licensed under the ISC license.\n * See the LICENSE file in the root directory of this source tree.\n */\n\nvar defaultAttributes = {\n xmlns: \"http://www.w3.org/2000/svg\",\n width: 24,\n height: 24,\n viewBox: \"0 0 24 24\",\n fill: \"none\",\n stroke: \"currentColor\",\n strokeWidth: 2,\n strokeLinecap: \"round\",\n strokeLinejoin: \"round\"\n};\n\nexport { defaultAttributes as default };\n//# sourceMappingURL=defaultAttributes.js.map\n","/**\n * @license lucide-react v0.562.0 - ISC\n *\n * This source code is licensed under the ISC license.\n * See the LICENSE file in the root directory of this source tree.\n */\n\nimport { forwardRef, createElement } from 'react';\nimport defaultAttributes from './defaultAttributes.js';\nimport { mergeClasses, hasA11yProp } from './shared/src/utils.js';\n\nconst Icon = forwardRef(\n ({\n color = \"currentColor\",\n size = 24,\n strokeWidth = 2,\n absoluteStrokeWidth,\n className = \"\",\n children,\n iconNode,\n ...rest\n }, ref) => createElement(\n \"svg\",\n {\n ref,\n ...defaultAttributes,\n width: size,\n height: size,\n stroke: color,\n strokeWidth: absoluteStrokeWidth ? Number(strokeWidth) * 24 / Number(size) : strokeWidth,\n className: mergeClasses(\"lucide\", className),\n ...!children && !hasA11yProp(rest) && { \"aria-hidden\": \"true\" },\n ...rest\n },\n [\n ...iconNode.map(([tag, attrs]) => createElement(tag, attrs)),\n ...Array.isArray(children) ? children : [children]\n ]\n )\n);\n\nexport { Icon as default };\n//# sourceMappingURL=Icon.js.map\n","/**\n * @license lucide-react v0.562.0 - ISC\n *\n * This source code is licensed under the ISC license.\n * See the LICENSE file in the root directory of this source tree.\n */\n\nimport { forwardRef, createElement } from 'react';\nimport { mergeClasses, toKebabCase, toPascalCase } from './shared/src/utils.js';\nimport Icon from './Icon.js';\n\nconst createLucideIcon = (iconName, iconNode) => {\n const Component = forwardRef(\n ({ className, ...props }, ref) => createElement(Icon, {\n ref,\n iconNode,\n className: mergeClasses(\n `lucide-${toKebabCase(toPascalCase(iconName))}`,\n `lucide-${iconName}`,\n className\n ),\n ...props\n })\n );\n Component.displayName = toPascalCase(iconName);\n return Component;\n};\n\nexport { createLucideIcon as default };\n//# sourceMappingURL=createLucideIcon.js.map\n","/**\n * @license lucide-react v0.562.0 - ISC\n *\n * This source code is licensed under the ISC license.\n * See the LICENSE file in the root directory of this source tree.\n */\n\nimport createLucideIcon from '../createLucideIcon.js';\n\nconst __iconNode = [\n [\n \"path\",\n {\n d: \"M10.733 5.076a10.744 10.744 0 0 1 11.205 6.575 1 1 0 0 1 0 .696 10.747 10.747 0 0 1-1.444 2.49\",\n key: \"ct8e1f\"\n }\n ],\n [\"path\", { d: \"M14.084 14.158a3 3 0 0 1-4.242-4.242\", key: \"151rxh\" }],\n [\n \"path\",\n {\n d: \"M17.479 17.499a10.75 10.75 0 0 1-15.417-5.151 1 1 0 0 1 0-.696 10.75 10.75 0 0 1 4.446-5.143\",\n key: \"13bj9a\"\n }\n ],\n [\"path\", { d: \"m2 2 20 20\", key: \"1ooewy\" }]\n];\nconst EyeOff = createLucideIcon(\"eye-off\", __iconNode);\n\nexport { __iconNode, EyeOff as default };\n//# sourceMappingURL=eye-off.js.map\n","/**\n * @license lucide-react v0.562.0 - ISC\n *\n * This source code is licensed under the ISC license.\n * See the LICENSE file in the root directory of this source tree.\n */\n\nimport createLucideIcon from '../createLucideIcon.js';\n\nconst __iconNode = [\n [\n \"path\",\n {\n d: \"M2.062 12.348a1 1 0 0 1 0-.696 10.75 10.75 0 0 1 19.876 0 1 1 0 0 1 0 .696 10.75 10.75 0 0 1-19.876 0\",\n key: \"1nclc0\"\n }\n ],\n [\"circle\", { cx: \"12\", cy: \"12\", r: \"3\", key: \"1v7zrd\" }]\n];\nconst Eye = createLucideIcon(\"eye\", __iconNode);\n\nexport { __iconNode, Eye as default };\n//# sourceMappingURL=eye.js.map\n","import { useState } from \"react\"\nimport { Eye, EyeOff } from \"lucide-react\"\nimport { useFormContext } from \"@rpcbase/form\"\n\n\ntype PasswordInputProps = {\n id: string\n name?: string\n className?: string\n placeholder?: string\n autoComplete?: string\n}\n\nexport const PasswordInput = ({\n id,\n name = \"password\",\n className,\n placeholder,\n autoComplete = \"current-password\",\n}: PasswordInputProps) => {\n const [showPassword, setShowPassword] = useState(false)\n const { register, formState } = useFormContext()\n\n const fieldError = formState.errors[name as keyof typeof formState.errors]\n const errorMessage =\n typeof fieldError === \"string\"\n ? fieldError\n : typeof fieldError?.message === \"string\"\n ? fieldError.message\n : undefined\n\n const inputClassName = className ? `${className} pr-11` : \"pr-11\"\n\n return (\n <>\n <div className=\"relative\">\n <input\n id={id}\n type={showPassword ? \"text\" : \"password\"}\n autoComplete={autoComplete}\n className={inputClassName}\n placeholder={placeholder}\n {...register(name as any)}\n />\n <button\n type=\"button\"\n className=\"absolute inset-y-0 right-0 flex items-center pr-3 text-gray-500\"\n onClick={() => setShowPassword((prev) => !prev)}\n aria-label={showPassword ? \"Hide characters\" : \"Show characters\"}\n >\n {showPassword ? (\n <EyeOff className=\"h-5 w-5\" aria-hidden />\n ) : (\n <Eye className=\"h-5 w-5\" aria-hidden />\n )}\n </button>\n </div>\n {errorMessage ? (\n <p className=\"mt-1 -mb-2 text-sm/6 text-red-500\">{errorMessage}</p>\n ) : null}\n </>\n )\n}\n","import {useCallback, useEffect, useMemo, useState} from \"react\"\nimport clsx from \"clsx\"\n\n\nexport const useResendCountdown = (seconds = 60) => {\n const [remaining, setRemaining] = useState(seconds)\n const [isCountingDown, setIsCountingDown] = useState(true)\n\n useEffect(() => {\n if (!isCountingDown) return\n\n const timer = setInterval(() => {\n setRemaining((prev) => {\n if (prev <= 1) {\n setIsCountingDown(false)\n return seconds\n }\n return prev - 1\n })\n }, 1000)\n\n return () => clearInterval(timer)\n }, [isCountingDown, seconds])\n\n const restart = useCallback((nextSeconds?: number) => {\n const value = typeof nextSeconds === \"number\" ? nextSeconds : seconds\n setRemaining(value)\n setIsCountingDown(true)\n }, [seconds])\n\n const formatted = useMemo(() => {\n const minutes = Math.floor(remaining / 60)\n const secs = remaining % 60\n return `${minutes}:${secs.toString().padStart(2, \"0\")}`\n }, [remaining])\n\n const canResend = !isCountingDown\n\n return {remaining, formatted, isCountingDown, canResend, restart}\n}\n\n\nexport const ResendCodeButton = ({\n seconds = 60,\n onResend,\n className,\n disabled,\n}: {\n seconds?: number\n onResend?: () => Promise<void> | void\n className?: string\n disabled?: boolean\n}) => {\n const [isSending, setIsSending] = useState(false)\n const {formatted, isCountingDown, restart, canResend} = useResendCountdown(seconds)\n\n const handleClick = async () => {\n if (!canResend || isSending || disabled) return\n\n try {\n setIsSending(true)\n if (onResend) {\n await onResend()\n }\n } finally {\n restart()\n setIsSending(false)\n }\n }\n\n const isDisabled = disabled || isCountingDown || isSending\n const showCountdown = isDisabled && (isCountingDown || isSending)\n\n return (\n <span className=\"inline-flex items-center gap-2\">\n <button\n type=\"button\"\n onClick={handleClick}\n disabled={isDisabled}\n aria-label=\"Resend code\"\n className={clsx(\n \"text-sm font-semibold text-sky-600 hover:underline disabled:cursor-not-allowed disabled:text-gray-400\",\n className\n )}\n >\n Resend code\n </button>\n {showCountdown ? (\n <span\n data-testid=\"resend-countdown\"\n className=\"text-sm text-gray-500\"\n aria-live=\"polite\"\n >\n ({formatted})\n </span>\n ) : null}\n </span>\n )\n}\n"],"names":["requestSchema","__iconNode"],"mappings":";;;;;;;;AAIA,MAAM,wBAAwB;AAAA,EAC5B,iBAAiB;AAAA,IACf,SAAS;AAAA,IACT,YAAY;AAAA,EAAA;AAAA,EAEd,iBAAiB;AAAA,IACf,SAAS;AAAA,IACT,YAAY;AAAA,EAAA;AAAA,EAEd,yBAAyB;AAAA,IACvB,SAAS;AAAA,IACT,YAAY;AAAA,EAAA;AAAA,EAEd,wBAAwB;AAAA,IACtB,SAAS;AAAA,IACT,YAAY;AAAA,EAAA;AAEhB;AAIO,MAAM,aAAa,CAAC;AAAA,EACzB,YAAY;AAAA,EACZ;AACF,MAGM;AACJ,QAAM,WAAW,YAAA;AAEjB,QAAM,YAAY,sBAAsB,SAAS,QAAoB,GAAG;AACxE,QAAM,eAAe,sBAAsB,SAAS,QAAoB,GAAG;AAE3E,SACE,qBAAC,OAAA,EAAI,WAAU,+HAEZ,UAAA;AAAA,IAAA,aAAa,eACZ;AAAA,MAAC;AAAA,MAAA;AAAA,QACC,WAAU;AAAA,QACV,IAAI;AAAA,QAEH,UAAA;AAAA,MAAA;AAAA,IAAA,IAED;AAAA,IACJ,oBAAC,OAAA,EAAI,WAAU,kFACZ,UAAA,WACH;AAAA,IACA,oBAAC,OAAA,EAAI,WAAU,sEACZ,SAAA,CACH;AAAA,EAAA,GACF;AAEJ;ACrDO,MAAM,oBAAoB,CAAC;AAAA,EAChC;AAAA,EACA;AACF,MAGM;AAEJ,SACE;AAAA,IAAC;AAAA,IAAA;AAAA,MACC,SAAS;AAAA,MACT,WAAW,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SASb,SAAS;AAAA,MAEZ,UAAA;AAAA,QAAA;AAAA,UAAC;AAAA,UAAA;AAAA,YACC,WAAU;AAAA,YACV,OAAM;AAAA,YACN,SAAQ;AAAA,YACR,MAAK;AAAA,YAEL,UAAA,oBAAC,QAAA,EAAK,GAAE,giBAAA,CAAgiB;AAAA,UAAA;AAAA,QAAA;AAAA,QAE1iB,oBAAC,UAAK,UAAA,sBAAA,CAAmB;AAAA,MAAA;AAAA,IAAA;AAAA,EAAA;AAG/B;ACjCO,MAAM,aAAa,CAAC;AAAA,EACzB;AAAA,EACA;AAAA,EACA;AACF,MAIM;AACJ,QAAM,EAAC,UAAU,UAAA,IAAa,eAAA;AAE9B,QAAM,QAAQ,UAAU,OAAO;AAC/B,MAAI;AACJ,MAAI,OAAO,UAAU,UAAU;AAC7B,mBAAe;AAAA,EACjB,WAAW,SAAS,OAAO,MAAM,YAAY,UAAU;AACrD,mBAAe,MAAM;AAAA,EACvB;AAEA,SACE,qBAAA,UAAA,EACE,UAAA;AAAA,IAAA;AAAA,MAAC;AAAA,MAAA;AAAA,QACC;AAAA,QACA,MAAK;AAAA,QACL,UAAQ;AAAA,QACR,cAAa;AAAA,QACb;AAAA,QACA;AAAA,QACC,GAAG,SAAS,OAAO;AAAA,MAAA;AAAA,IAAA;AAAA,IAErB,eACC,oBAAC,KAAA,EAAE,WAAU,qCAAqC,wBAAa,IAC7D;AAAA,EAAA,GACN;AAEJ;ACtCA,MAAM,yBAAyB,CAAC,UAAkB;AAChD,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,UAAM,OAAO,MAAM,WAAW,CAAC;AAC/B,QAAI,SAAS,MAAM,QAAQ,MAAM,SAAS,IAAK,QAAO;AAAA,EACxD;AACA,SAAO;AACT;AAEO,MAAM,mBAAmB,CAAC,QAAuB;AACtD,MAAI,CAAC,IAAK,QAAO;AAEjB,QAAM,WAAW,IAAI,KAAA;AACrB,MAAI,CAAC,SAAU,QAAO;AAEtB,MAAI,CAAC,SAAS,WAAW,GAAG,KAAK,SAAS,WAAW,IAAI,GAAG;AAC1D,WAAO;AAAA,EACT;AAEA,MAAI,uBAAuB,QAAQ,GAAG;AACpC,WAAO;AAAA,EACT;AAEA,MAAI;AACF,UAAM,OAAO,IAAI,IAAI,kBAAkB;AACvC,UAAM,MAAM,IAAI,IAAI,UAAU,IAAI;AAClC,QAAI,IAAI,WAAW,KAAK,QAAQ;AAC9B,aAAO;AAAA,IACT;AACA,WAAO,GAAG,IAAI,QAAQ,GAAG,IAAI,MAAM,GAAG,IAAI,IAAI;AAAA,EAChD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;ACpBO,MAAM,aAAa,CAAC;AAAA,EACzB;AAAA,EACA;AACF,MAGM;AACJ,QAAM,WAAW,YAAA;AACjB,QAAM,CAAC,YAAY,IAAI,gBAAA;AAEvB,QAAM,UAAU,QAA0B;AAAA,IACxC,eAAe;AAAA,MACb,OAAO;AAAA,MACP,UAAU;AAAA,MACV,YAAY;AAAA,IAAA;AAAA,IAEd,iBAAiB;AAAA,IACjB,UAAU,YAAY,aAAa;AAAA,EAAA,CACpC;AAED,QAAM,WAA4C,OAAO,SAAS;AAChE,YAAQ,YAAY,MAAM;AAE1B,QAAI;AACF,YAAM,MAAM,MAAM,MAAM,wBAAwB;AAAA,QAC9C,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAAA;AAAA,QAElB,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,aAAa;AAAA,MAAA,CACd;AAED,YAAM,OAAO,MAAM,IAAI,OAAO,MAAM,MAAM,IAAI;AAE9C,UAAI,CAAC,IAAI,MAAM,CAAC,MAAM,SAAS;AAC7B,cAAM,UAAU,MAAM,UAAU,wBAC5B,+BACA;AACJ,gBAAQ,SAAS,QAAQ,EAAE,MAAM,UAAU,SAAS;AACpD;AAAA,MACF;AAEA,YAAM,WAAW,iBAAiB,aAAa,IAAI,MAAM,CAAC,KAAK;AAC/D,eAAS,UAAU,EAAE,SAAS,KAAA,CAAM;AAAA,IACtC,SAAS,KAAK;AACZ,cAAQ,SAAS,QAAQ,EAAE,MAAM,UAAU,SAAS,oCAAoC;AAAA,IAC1F;AAAA,EACF;AAEA,SACE,oBAAC,cAAA,EAAc,GAAG,SAChB,+BAAC,QAAA,EAAK,QAAO,QAAO,YAAU,MAAC,WAAsB,UAAU,QAAQ,aAAa,QAAQ,GACzF,UAAA;AAAA,IAAA;AAAA,IACA,QAAQ,UAAU,OAAO,MAAM,WAC9B,oBAAC,KAAA,EAAE,WAAU,6BAA4B,MAAK,SAC3C,UAAA,QAAQ,UAAU,OAAO,KAAK,QAAA,CACjC;AAAA,EAAA,EAAA,CAEJ,EAAA,CACF;AAEJ;AC9DO,MAAM,aAAa,CAAC;AAAA,EACzB;AAAA,EACA;AAAA,EACA;AACF,MAIM;AAEJ,QAAM,WAAW,YAAA;AAEjB,QAAM,CAAC,eAAe,gBAAgB,IAAI,SAAwB,IAAI;AACtE,QAAM,UAAU,QAA0B;AAAA,IACxC,eAAe;AAAA,MACb,OAAO;AAAA,MACP,UAAU;AAAA,MACV,YAAY;AAAA,IAAA;AAAA,IAEd,iBAAiB;AAAA,IACjB,UAAU,YAAYA,eAAa;AAAA,EAAA,CACpC;AAED,QAAM,WAA4C,OAAO,SAAS;AAChE,qBAAiB,IAAI;AACrB,YAAQ,YAAY,MAAM;AAE1B,QAAI;AACF,YAAM,MAAM,MAAM,MAAM,wBAAwB;AAAA,QAC9C,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAAA;AAAA,QAElB,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,aAAa;AAAA,MAAA,CACd;AAED,YAAM,OAAO,MAAM,IAAI,KAAA;AAEvB,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,UAAU,KAAK,UAAU,gBAC3B,+CACA;AACJ,gBAAQ,SAAS,QAAQ,EAAE,MAAM,UAAU,SAAS;AACpD;AAAA,MACF;AAEA,UAAI,CAAC,KAAK,SAAS;AACjB,gBAAQ,SAAS,QAAQ,EAAE,MAAM,UAAU,SAAS,qCAAqC;AACzF;AAAA,MACF;AAEA,YAAM,SAAS,IAAI,gBAAgB,EAAE,OAAO,KAAK,OAAO;AACxD,UAAI,aAAa;AACf,eAAO,IAAI,QAAQ,WAAW;AAAA,MAChC;AACA,eAAS,qBAAqB,OAAO,SAAA,CAAU,EAAE;AACjD,uBAAiB,yDAAyD;AAAA,IAC5E,SAAS,KAAK;AACZ,cAAQ,SAAS,QAAQ,EAAE,MAAM,UAAU,SAAS,oCAAoC;AAAA,IAC1F;AAAA,EACF;AAEA,SACE,oBAAC,cAAA,EAAc,GAAG,SAChB,+BAAC,QAAA,EAAK,QAAO,QAAO,YAAU,MAAC,WAAsB,UAAU,QAAQ,aAAa,QAAQ,GACzF,UAAA;AAAA,IAAA;AAAA,IACA,QAAQ,UAAU,OAAO,MAAM,WAC9B,oBAAC,KAAA,EAAE,WAAU,6BAA4B,MAAK,SAC3C,UAAA,QAAQ,UAAU,OAAO,KAAK,SACjC;AAAA,IAED,iBACC,oBAAC,KAAA,EAAE,WAAU,+BAA8B,MAAK,UAC7C,UAAA,cAAA,CACH;AAAA,EAAA,EAAA,CAEJ,EAAA,CACF;AAEJ;ACxFO,MAAM,qBAAqB,CAAC;AAAA,EACjC;AAAA,EACA,IAAI,YAAY;AAClB,MAGM;AACJ,QAAM,EAAC,SAAA,IAAY,eAAA;AAEnB,SACE,qBAAA,UAAA,EACE,UAAA;AAAA,IAAA;AAAA,MAAC;AAAA,MAAA;AAAA,QACC,IAAG;AAAA,QACF,GAAG,SAAS,YAAY;AAAA,MAAA;AAAA,IAAA;AAAA,IAE3B;AAAA,MAAC;AAAA,MAAA;AAAA,QACC,SAAS;AAAA,QACT,WAAU;AAAA,QAET,UAAA;AAAA,MAAA;AAAA,IAAA;AAAA,EACH,GACF;AAEJ;ACpBA,MAAM,cAAc,CAAC,WAAW,OAAO,QAAQ,sBAAsB,OAAO,EAAE,YAAW;AACzF,MAAM,cAAc,CAAC,WAAW,OAAO;AAAA,EACrC;AAAA,EACA,CAAC,OAAO,IAAI,OAAO,KAAK,GAAG,YAAW,IAAK,GAAG,YAAW;AAC3D;AACA,MAAM,eAAe,CAAC,WAAW;AAC/B,QAAM,YAAY,YAAY,MAAM;AACpC,SAAO,UAAU,OAAO,CAAC,EAAE,YAAW,IAAK,UAAU,MAAM,CAAC;AAC9D;AACA,MAAM,eAAe,IAAI,YAAY,QAAQ,OAAO,CAAC,WAAW,OAAO,UAAU;AAC/E,SAAO,QAAQ,SAAS,KAAK,UAAU,KAAI,MAAO,MAAM,MAAM,QAAQ,SAAS,MAAM;AACvF,CAAC,EAAE,KAAK,GAAG,EAAE,KAAI;AACjB,MAAM,cAAc,CAAC,UAAU;AAC7B,aAAW,QAAQ,OAAO;AACxB,QAAI,KAAK,WAAW,OAAO,KAAK,SAAS,UAAU,SAAS,SAAS;AACnE,aAAO;AAAA,IACT;AAAA,EACF;AACF;AClBA,IAAI,oBAAoB;AAAA,EACtB,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,MAAM;AAAA,EACN,QAAQ;AAAA,EACR,aAAa;AAAA,EACb,eAAe;AAAA,EACf,gBAAgB;AAClB;ACNA,MAAM,OAAO;AAAA,EACX,CAAC;AAAA,IACC,QAAQ;AAAA,IACR,OAAO;AAAA,IACP,cAAc;AAAA,IACd;AAAA,IACA,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,IACA,GAAG;AAAA,EACP,GAAK,QAAQ;AAAA,IACT;AAAA,IACA;AAAA,MACE;AAAA,MACA,GAAG;AAAA,MACH,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,aAAa,sBAAsB,OAAO,WAAW,IAAI,KAAK,OAAO,IAAI,IAAI;AAAA,MAC7E,WAAW,aAAa,UAAU,SAAS;AAAA,MAC3C,GAAG,CAAC,YAAY,CAAC,YAAY,IAAI,KAAK,EAAE,eAAe,OAAM;AAAA,MAC7D,GAAG;AAAA,IACT;AAAA,IACI;AAAA,MACE,GAAG,SAAS,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,cAAc,KAAK,KAAK,CAAC;AAAA,MAC3D,GAAG,MAAM,QAAQ,QAAQ,IAAI,WAAW,CAAC,QAAQ;AAAA,IACvD;AAAA,EACA;AACA;AC5BA,MAAM,mBAAmB,CAAC,UAAU,aAAa;AAC/C,QAAM,YAAY;AAAA,IAChB,CAAC,EAAE,WAAW,GAAG,MAAK,GAAI,QAAQ,cAAc,MAAM;AAAA,MACpD;AAAA,MACA;AAAA,MACA,WAAW;AAAA,QACT,UAAU,YAAY,aAAa,QAAQ,CAAC,CAAC;AAAA,QAC7C,UAAU,QAAQ;AAAA,QAClB;AAAA,MACR;AAAA,MACM,GAAG;AAAA,IACT,CAAK;AAAA,EACL;AACE,YAAU,cAAc,aAAa,QAAQ;AAC7C,SAAO;AACT;ACjBA,MAAMC,eAAa;AAAA,EACjB;AAAA,IACE;AAAA,IACA;AAAA,MACE,GAAG;AAAA,MACH,KAAK;AAAA,IACX;AAAA,EACA;AAAA,EACE,CAAC,QAAQ,EAAE,GAAG,wCAAwC,KAAK,SAAQ,CAAE;AAAA,EACrE;AAAA,IACE;AAAA,IACA;AAAA,MACE,GAAG;AAAA,MACH,KAAK;AAAA,IACX;AAAA,EACA;AAAA,EACE,CAAC,QAAQ,EAAE,GAAG,cAAc,KAAK,SAAQ,CAAE;AAC7C;AACA,MAAM,SAAS,iBAAiB,WAAWA,YAAU;AClBrD,MAAM,aAAa;AAAA,EACjB;AAAA,IACE;AAAA,IACA;AAAA,MACE,GAAG;AAAA,MACH,KAAK;AAAA,IACX;AAAA,EACA;AAAA,EACE,CAAC,UAAU,EAAE,IAAI,MAAM,IAAI,MAAM,GAAG,KAAK,KAAK,SAAQ,CAAE;AAC1D;AACA,MAAM,MAAM,iBAAiB,OAAO,UAAU;ACNvC,MAAM,gBAAgB,CAAC;AAAA,EAC5B;AAAA,EACA,OAAO;AAAA,EACP;AAAA,EACA;AAAA,EACA,eAAe;AACjB,MAA0B;AACxB,QAAM,CAAC,cAAc,eAAe,IAAI,SAAS,KAAK;AACtD,QAAM,EAAE,UAAU,UAAA,IAAc,eAAA;AAEhC,QAAM,aAAa,UAAU,OAAO,IAAqC;AACzE,QAAM,eACJ,OAAO,eAAe,WAClB,aACA,OAAO,YAAY,YAAY,WAC7B,WAAW,UACX;AAER,QAAM,iBAAiB,YAAY,GAAG,SAAS,WAAW;AAE1D,SACE,qBAAA,UAAA,EACE,UAAA;AAAA,IAAA,qBAAC,OAAA,EAAI,WAAU,YACb,UAAA;AAAA,MAAA;AAAA,QAAC;AAAA,QAAA;AAAA,UACC;AAAA,UACA,MAAM,eAAe,SAAS;AAAA,UAC9B;AAAA,UACA,WAAW;AAAA,UACX;AAAA,UACC,GAAG,SAAS,IAAW;AAAA,QAAA;AAAA,MAAA;AAAA,MAE1B;AAAA,QAAC;AAAA,QAAA;AAAA,UACC,MAAK;AAAA,UACL,WAAU;AAAA,UACV,SAAS,MAAM,gBAAgB,CAAC,SAAS,CAAC,IAAI;AAAA,UAC9C,cAAY,eAAe,oBAAoB;AAAA,UAE9C,UAAA,eACC,oBAAC,QAAA,EAAO,WAAU,WAAU,eAAW,KAAA,CAAC,IAExC,oBAAC,KAAA,EAAI,WAAU,WAAU,eAAW,KAAA,CAAC;AAAA,QAAA;AAAA,MAAA;AAAA,IAEzC,GACF;AAAA,IACC,eACC,oBAAC,KAAA,EAAE,WAAU,qCAAqC,wBAAa,IAC7D;AAAA,EAAA,GACN;AAEJ;AC1DO,MAAM,qBAAqB,CAAC,UAAU,OAAO;AAClD,QAAM,CAAC,WAAW,YAAY,IAAI,SAAS,OAAO;AAClD,QAAM,CAAC,gBAAgB,iBAAiB,IAAI,SAAS,IAAI;AAEzD,YAAU,MAAM;AACd,QAAI,CAAC,eAAgB;AAErB,UAAM,QAAQ,YAAY,MAAM;AAC9B,mBAAa,CAAC,SAAS;AACrB,YAAI,QAAQ,GAAG;AACb,4BAAkB,KAAK;AACvB,iBAAO;AAAA,QACT;AACA,eAAO,OAAO;AAAA,MAChB,CAAC;AAAA,IACH,GAAG,GAAI;AAEP,WAAO,MAAM,cAAc,KAAK;AAAA,EAClC,GAAG,CAAC,gBAAgB,OAAO,CAAC;AAE5B,QAAM,UAAU,YAAY,CAAC,gBAAyB;AACpD,UAAM,QAAQ,OAAO,gBAAgB,WAAW,cAAc;AAC9D,iBAAa,KAAK;AAClB,sBAAkB,IAAI;AAAA,EACxB,GAAG,CAAC,OAAO,CAAC;AAEZ,QAAM,YAAY,QAAQ,MAAM;AAC9B,UAAM,UAAU,KAAK,MAAM,YAAY,EAAE;AACzC,UAAM,OAAO,YAAY;AACzB,WAAO,GAAG,OAAO,IAAI,KAAK,WAAW,SAAS,GAAG,GAAG,CAAC;AAAA,EACvD,GAAG,CAAC,SAAS,CAAC;AAEd,QAAM,YAAY,CAAC;AAEnB,SAAO,EAAC,WAAW,WAAW,gBAAgB,WAAW,QAAA;AAC3D;AAGO,MAAM,mBAAmB,CAAC;AAAA,EAC/B,UAAU;AAAA,EACV;AAAA,EACA;AAAA,EACA;AACF,MAKM;AACJ,QAAM,CAAC,WAAW,YAAY,IAAI,SAAS,KAAK;AAChD,QAAM,EAAC,WAAW,gBAAgB,SAAS,UAAA,IAAa,mBAAmB,OAAO;AAElF,QAAM,cAAc,YAAY;AAC9B,QAAI,CAAC,aAAa,aAAa,SAAU;AAEzC,QAAI;AACF,mBAAa,IAAI;AACjB,UAAI,UAAU;AACZ,cAAM,SAAA;AAAA,MACR;AAAA,IACF,UAAA;AACE,cAAA;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF;AAEA,QAAM,aAAa,YAAY,kBAAkB;AACjD,QAAM,gBAAgB,eAAe,kBAAkB;AAEvD,SACE,qBAAC,QAAA,EAAK,WAAU,kCACd,UAAA;AAAA,IAAA;AAAA,MAAC;AAAA,MAAA;AAAA,QACC,MAAK;AAAA,QACL,SAAS;AAAA,QACT,UAAU;AAAA,QACV,cAAW;AAAA,QACX,WAAW;AAAA,UACT;AAAA,UACA;AAAA,QAAA;AAAA,QAEH,UAAA;AAAA,MAAA;AAAA,IAAA;AAAA,IAGA,gBACC;AAAA,MAAC;AAAA,MAAA;AAAA,QACC,eAAY;AAAA,QACZ,WAAU;AAAA,QACV,aAAU;AAAA,QACX,UAAA;AAAA,UAAA;AAAA,UACG;AAAA,UAAU;AAAA,QAAA;AAAA,MAAA;AAAA,IAAA,IAEZ;AAAA,EAAA,GACN;AAEJ;","x_google_ignoreList":[7,8,9,10,11,12]}
|
|
1
|
+
{"version":3,"file":"index.js","sources":["../src/components/AuthLayout/index.tsx","../src/components/AppleSignInButton/index.tsx","../src/components/EmailInput/index.tsx","../src/utils/sanitizeNextPath.ts","../src/components/SignInForm/index.tsx","../src/components/SignUpForm/index.tsx","../src/components/RememberMeCheckbox/index.tsx","../../../node_modules/lucide-react/dist/esm/shared/src/utils.js","../../../node_modules/lucide-react/dist/esm/defaultAttributes.js","../../../node_modules/lucide-react/dist/esm/Icon.js","../../../node_modules/lucide-react/dist/esm/createLucideIcon.js","../../../node_modules/lucide-react/dist/esm/icons/eye-off.js","../../../node_modules/lucide-react/dist/esm/icons/eye.js","../src/components/PasswordInput/index.tsx","../src/components/ResendCodeButton/index.tsx"],"sourcesContent":["import * as React from \"react\"\nimport {Link, useLocation } from \"@rpcbase/router\"\n\n\nconst LINKS_REDIRECTION_MAP = {\n \"/auth/sign-in\": {\n \"title\": \"Sign Up\",\n \"location\": \"/auth/sign-up\"\n },\n \"/auth/sign-up\": {\n \"title\": \"Sign In\",\n \"location\": \"/auth/sign-in\"\n },\n \"/auth/forgot-password\": {\n \"title\": \"Sign In\",\n \"location\": \"/auth/sign-in\"\n },\n \"/auth/logout-success\": {\n \"title\": \"Sign In\",\n \"location\": \"/auth/sign-in\"\n }\n}\n\ntype Pathname = keyof typeof LINKS_REDIRECTION_MAP\n\nexport const AuthLayout = ({\n sidePanel = null,\n children,\n}: {\n sidePanel: React.ReactElement | null\n children: React.ReactNode\n}) => {\n const location = useLocation()\n\n const linkTitle = LINKS_REDIRECTION_MAP[location.pathname as Pathname]?.title\n const linkLocation = LINKS_REDIRECTION_MAP[location.pathname as Pathname]?.location\n\n return (\n <div className=\"container relative hidden h-dvh flex-col items-center justify-center md:grid md:w-full lg:max-w-none lg:grid-cols-2 lg:px-0\">\n {/* Top-right redirection link */}\n {linkTitle && linkLocation ? (\n <Link\n className=\"inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium transition-colors focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg]:size-4 [&_svg]:shrink-0 hover:bg-accent hover:text-accent-foreground h-9 px-4 py-2 absolute right-4 top-4 md:right-8 md:top-8\"\n to={linkLocation}\n >\n {linkTitle}\n </Link>\n ) : null}\n <div className=\"relative hidden h-full flex-col bg-muted p-10 text-white dark:border-r lg:flex\">\n {sidePanel}\n </div>\n <div className=\"mx-auto flex w-full flex-col justify-center gap-6 /*sm:w-[350px]*/\">\n {children}\n </div>\n </div>\n )\n}\n","import clsx from \"clsx\"\n\n\nexport const AppleSignInButton = ({\n onPress,\n className,\n}: {\n onPress: () => void;\n className?: string;\n}) => {\n\n return (\n <button\n onClick={onPress}\n className={clsx(`\n w-full\n bg-black text-white hover:bg-gray-800\n flex items-center justify-center\n px-6 py-2\n rounded-lg\n font-medium\n transition duration-150 ease-in-out\n focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-black\n `, className)}\n >\n <svg\n className=\"w-5 h-5 mr-3\"\n xmlns=\"http://www.w3.org/2000/svg\"\n viewBox=\"0 0 24 24\"\n fill=\"white\"\n >\n <path d=\"M12.152 6.896c-.948 0-2.415-1.078-3.96-1.04-2.04.027-3.91 1.183-4.961 3.014-2.117 3.675-.539 9.103 1.519 12.09 1.013 1.454 2.208 3.09 3.792 3.039 1.52-.065 2.09-.987 3.935-.987 1.831 0 2.35.987 3.96.948 1.637-.026 2.676-1.48 3.676-2.948 1.156-1.688 1.636-3.325 1.662-3.415-.039-.013-3.182-1.221-3.22-4.857-.026-3.04 2.48-4.494 2.597-4.559-1.429-2.09-3.623-2.324-4.39-2.376-2-.156-3.675 1.09-4.61 1.09zM15.53 3.83c.843-1.012 1.4-2.427 1.245-3.83-1.207.052-2.662.805-3.532 1.818-.78.896-1.454 2.338-1.273 3.714 1.338.104 2.715-.688 3.559-1.701\" />\n </svg>\n <span>Continue with Apple</span>\n </button>\n )\n}\n","import {useFormContext} from \"@rpcbase/form\"\n\n\nexport const EmailInput = ({\n id,\n className,\n placeholder,\n}: {\n id: string\n className?: string\n placeholder?: string\n}) => {\n const {register, formState} = useFormContext()\n\n const error = formState.errors.email\n let errorMessage: string | undefined\n if (typeof error === \"string\") {\n errorMessage = error\n } else if (error && typeof error.message === \"string\") {\n errorMessage = error.message\n }\n\n return (\n <>\n <input\n id={id}\n type=\"email\"\n required\n autoComplete=\"email\"\n className={className}\n placeholder={placeholder}\n {...register(\"email\")}\n />\n {errorMessage ? (\n <p className=\"mt-1 -mb-2 text-sm/6 text-red-500\">{errorMessage}</p>\n ) : null}\n </>\n )\n}\n","const hasUnsafeNextPathChars = (value: string) => {\n for (let i = 0; i < value.length; i++) {\n const code = value.charCodeAt(i)\n if (code === 92 || code <= 31 || code === 127) return true\n }\n return false\n}\n\nexport const sanitizeNextPath = (raw: string | null) => {\n if (!raw) return null\n\n const nextPath = raw.trim()\n if (!nextPath) return null\n\n if (!nextPath.startsWith(\"/\") || nextPath.startsWith(\"//\")) {\n return null\n }\n\n if (hasUnsafeNextPathChars(nextPath)) {\n return null\n }\n\n try {\n const base = new URL(\"http://localhost\")\n const url = new URL(nextPath, base)\n if (url.origin !== base.origin) {\n return null\n }\n return `${url.pathname}${url.search}${url.hash}`\n } catch {\n return null\n }\n}\n\n","import { ReactNode } from \"react\"\nimport { useNavigate, useSearchParams } from \"@rpcbase/router\"\nimport { useForm, FormProvider, zodResolver } from \"@rpcbase/form\"\nimport type { SubmitHandler } from \"@rpcbase/form\"\nimport { z } from \"zod\"\n\nimport {requestSchema} from \"../../api/sign-in\"\nimport { sanitizeNextPath } from \"../../utils/sanitizeNextPath\"\n\n\ntype SignInFormValues = z.input<typeof requestSchema>\n\nexport const SignInForm = ({\n children,\n className\n}: {\n children: ReactNode,\n className?: string\n}) => {\n const navigate = useNavigate()\n const [searchParams] = useSearchParams()\n\n const methods = useForm<SignInFormValues>({\n defaultValues: {\n email: \"\",\n password: \"\",\n rememberMe: true,\n },\n navigationGuard: false,\n resolver: zodResolver(requestSchema)\n })\n\n const onSubmit: SubmitHandler<SignInFormValues> = async (data) => {\n methods.clearErrors(\"root\")\n\n try {\n const res = await fetch(\"/api/rb/auth/sign-in\", {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify(data),\n credentials: \"include\",\n })\n\n const json = await res.json().catch(() => null) as { success?: boolean; error?: string } | null\n\n if (!res.ok || !json?.success) {\n const message = json?.error === \"invalid_credentials\"\n ? \"Invalid email or password.\"\n : \"Sign-in failed. Please try again.\"\n methods.setError(\"root\", { type: \"server\", message })\n return\n }\n\n const nextPath = sanitizeNextPath(searchParams.get(\"next\")) ?? \"/\"\n navigate(nextPath, { replace: true })\n } catch (err) {\n methods.setError(\"root\", { type: \"server\", message: \"Network error. Please try again.\" })\n }\n }\n\n return (\n <FormProvider {...methods}>\n <form method=\"post\" noValidate className={className} onSubmit={methods.handleSubmit(onSubmit)}>\n {children}\n {methods.formState.errors.root?.message && (\n <p className=\"mt-2 text-sm text-red-600\" role=\"alert\">\n {methods.formState.errors.root.message}\n </p>\n )}\n </form>\n </FormProvider>\n )\n}\n","import {ReactNode, useState} from \"react\"\nimport { useNavigate } from \"@rpcbase/router\"\nimport { useForm, FormProvider, zodResolver } from \"@rpcbase/form\"\nimport type {SubmitHandler} from \"@rpcbase/form\"\nimport { z } from \"zod\"\n\nimport {requestSchema} from \"../../api/sign-up\"\n\n\ntype SignUpFormValues = z.input<typeof requestSchema>\n\n\nexport const SignUpForm = ({\n children,\n className,\n otpNextPath\n}: {\n children: ReactNode,\n className?: string\n otpNextPath?: string\n}) => {\n\n const navigate = useNavigate()\n\n const [serverMessage, setServerMessage] = useState<string | null>(null)\n const methods = useForm<SignUpFormValues>({\n defaultValues: {\n email: \"\",\n password: \"\",\n rememberMe: true,\n },\n navigationGuard: false,\n resolver: zodResolver(requestSchema)\n })\n\n const onSubmit: SubmitHandler<SignUpFormValues> = async (data) => {\n setServerMessage(null)\n methods.clearErrors(\"root\")\n\n try {\n const res = await fetch(\"/api/rb/auth/sign-up\", {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify(data),\n credentials: \"include\",\n })\n\n const json = await res.json()\n\n if (!res.ok) {\n const message = json.error === \"user_exists\"\n ? \"An account already exists with this email.\"\n : \"Sign-up failed. Please try again.\"\n methods.setError(\"root\", { type: \"server\", message })\n return\n }\n\n if (!json.success) {\n methods.setError(\"root\", { type: \"server\", message: \"Sign-up failed. Please try again.\" })\n return\n }\n\n const search = new URLSearchParams({ email: data.email })\n if (otpNextPath) {\n search.set(\"next\", otpNextPath)\n }\n navigate(`/auth/sign-up-otp?${search.toString()}`)\n setServerMessage(\"Account created. Check your inbox to verify your email.\")\n } catch (err) {\n methods.setError(\"root\", { type: \"server\", message: \"Network error. Please try again.\" })\n }\n }\n\n return (\n <FormProvider {...methods}>\n <form method=\"post\" noValidate className={className} onSubmit={methods.handleSubmit(onSubmit)}>\n {children}\n {methods.formState.errors.root?.message && (\n <p className=\"mt-2 text-sm text-red-600\" role=\"alert\">\n {methods.formState.errors.root.message}\n </p>\n )}\n {serverMessage && (\n <p className=\"mt-2 text-sm text-green-700\" role=\"status\">\n {serverMessage}\n </p>\n )}\n </form>\n </FormProvider>\n )\n}\n","import type { ElementType } from \"react\"\nimport {useFormContext} from \"@rpcbase/form\"\n\n\nexport const RememberMeCheckbox = ({\n label,\n as: Component = \"input\"\n}: {\n label: string,\n as?: ElementType\n}) => {\n const {register} = useFormContext()\n\n return (\n <>\n <Component\n id=\"rememberMe\"\n {...register(\"rememberMe\")}\n />\n <label\n htmlFor={\"rememberMe\"}\n className=\"pl-2 block text-sm/6 text-gray-900\"\n >\n {label}\n </label>\n </>\n )\n}\n","/**\n * @license lucide-react v0.562.0 - ISC\n *\n * This source code is licensed under the ISC license.\n * See the LICENSE file in the root directory of this source tree.\n */\n\nconst toKebabCase = (string) => string.replace(/([a-z0-9])([A-Z])/g, \"$1-$2\").toLowerCase();\nconst toCamelCase = (string) => string.replace(\n /^([A-Z])|[\\s-_]+(\\w)/g,\n (match, p1, p2) => p2 ? p2.toUpperCase() : p1.toLowerCase()\n);\nconst toPascalCase = (string) => {\n const camelCase = toCamelCase(string);\n return camelCase.charAt(0).toUpperCase() + camelCase.slice(1);\n};\nconst mergeClasses = (...classes) => classes.filter((className, index, array) => {\n return Boolean(className) && className.trim() !== \"\" && array.indexOf(className) === index;\n}).join(\" \").trim();\nconst hasA11yProp = (props) => {\n for (const prop in props) {\n if (prop.startsWith(\"aria-\") || prop === \"role\" || prop === \"title\") {\n return true;\n }\n }\n};\n\nexport { hasA11yProp, mergeClasses, toCamelCase, toKebabCase, toPascalCase };\n//# sourceMappingURL=utils.js.map\n","/**\n * @license lucide-react v0.562.0 - ISC\n *\n * This source code is licensed under the ISC license.\n * See the LICENSE file in the root directory of this source tree.\n */\n\nvar defaultAttributes = {\n xmlns: \"http://www.w3.org/2000/svg\",\n width: 24,\n height: 24,\n viewBox: \"0 0 24 24\",\n fill: \"none\",\n stroke: \"currentColor\",\n strokeWidth: 2,\n strokeLinecap: \"round\",\n strokeLinejoin: \"round\"\n};\n\nexport { defaultAttributes as default };\n//# sourceMappingURL=defaultAttributes.js.map\n","/**\n * @license lucide-react v0.562.0 - ISC\n *\n * This source code is licensed under the ISC license.\n * See the LICENSE file in the root directory of this source tree.\n */\n\nimport { forwardRef, createElement } from 'react';\nimport defaultAttributes from './defaultAttributes.js';\nimport { mergeClasses, hasA11yProp } from './shared/src/utils.js';\n\nconst Icon = forwardRef(\n ({\n color = \"currentColor\",\n size = 24,\n strokeWidth = 2,\n absoluteStrokeWidth,\n className = \"\",\n children,\n iconNode,\n ...rest\n }, ref) => createElement(\n \"svg\",\n {\n ref,\n ...defaultAttributes,\n width: size,\n height: size,\n stroke: color,\n strokeWidth: absoluteStrokeWidth ? Number(strokeWidth) * 24 / Number(size) : strokeWidth,\n className: mergeClasses(\"lucide\", className),\n ...!children && !hasA11yProp(rest) && { \"aria-hidden\": \"true\" },\n ...rest\n },\n [\n ...iconNode.map(([tag, attrs]) => createElement(tag, attrs)),\n ...Array.isArray(children) ? children : [children]\n ]\n )\n);\n\nexport { Icon as default };\n//# sourceMappingURL=Icon.js.map\n","/**\n * @license lucide-react v0.562.0 - ISC\n *\n * This source code is licensed under the ISC license.\n * See the LICENSE file in the root directory of this source tree.\n */\n\nimport { forwardRef, createElement } from 'react';\nimport { mergeClasses, toKebabCase, toPascalCase } from './shared/src/utils.js';\nimport Icon from './Icon.js';\n\nconst createLucideIcon = (iconName, iconNode) => {\n const Component = forwardRef(\n ({ className, ...props }, ref) => createElement(Icon, {\n ref,\n iconNode,\n className: mergeClasses(\n `lucide-${toKebabCase(toPascalCase(iconName))}`,\n `lucide-${iconName}`,\n className\n ),\n ...props\n })\n );\n Component.displayName = toPascalCase(iconName);\n return Component;\n};\n\nexport { createLucideIcon as default };\n//# sourceMappingURL=createLucideIcon.js.map\n","/**\n * @license lucide-react v0.562.0 - ISC\n *\n * This source code is licensed under the ISC license.\n * See the LICENSE file in the root directory of this source tree.\n */\n\nimport createLucideIcon from '../createLucideIcon.js';\n\nconst __iconNode = [\n [\n \"path\",\n {\n d: \"M10.733 5.076a10.744 10.744 0 0 1 11.205 6.575 1 1 0 0 1 0 .696 10.747 10.747 0 0 1-1.444 2.49\",\n key: \"ct8e1f\"\n }\n ],\n [\"path\", { d: \"M14.084 14.158a3 3 0 0 1-4.242-4.242\", key: \"151rxh\" }],\n [\n \"path\",\n {\n d: \"M17.479 17.499a10.75 10.75 0 0 1-15.417-5.151 1 1 0 0 1 0-.696 10.75 10.75 0 0 1 4.446-5.143\",\n key: \"13bj9a\"\n }\n ],\n [\"path\", { d: \"m2 2 20 20\", key: \"1ooewy\" }]\n];\nconst EyeOff = createLucideIcon(\"eye-off\", __iconNode);\n\nexport { __iconNode, EyeOff as default };\n//# sourceMappingURL=eye-off.js.map\n","/**\n * @license lucide-react v0.562.0 - ISC\n *\n * This source code is licensed under the ISC license.\n * See the LICENSE file in the root directory of this source tree.\n */\n\nimport createLucideIcon from '../createLucideIcon.js';\n\nconst __iconNode = [\n [\n \"path\",\n {\n d: \"M2.062 12.348a1 1 0 0 1 0-.696 10.75 10.75 0 0 1 19.876 0 1 1 0 0 1 0 .696 10.75 10.75 0 0 1-19.876 0\",\n key: \"1nclc0\"\n }\n ],\n [\"circle\", { cx: \"12\", cy: \"12\", r: \"3\", key: \"1v7zrd\" }]\n];\nconst Eye = createLucideIcon(\"eye\", __iconNode);\n\nexport { __iconNode, Eye as default };\n//# sourceMappingURL=eye.js.map\n","import { useState } from \"react\"\nimport { Eye, EyeOff } from \"lucide-react\"\nimport { useFormContext } from \"@rpcbase/form\"\n\n\ntype PasswordInputProps = {\n id: string\n name?: string\n className?: string\n placeholder?: string\n autoComplete?: string\n}\n\nexport const PasswordInput = ({\n id,\n name = \"password\",\n className,\n placeholder,\n autoComplete = \"current-password\",\n}: PasswordInputProps) => {\n const [showPassword, setShowPassword] = useState(false)\n const { register, formState } = useFormContext()\n\n const fieldError = formState.errors[name as keyof typeof formState.errors]\n const errorMessage =\n typeof fieldError === \"string\"\n ? fieldError\n : typeof fieldError?.message === \"string\"\n ? fieldError.message\n : undefined\n\n const inputClassName = className ? `${className} pr-11` : \"pr-11\"\n\n return (\n <>\n <div className=\"relative\">\n <input\n id={id}\n type={showPassword ? \"text\" : \"password\"}\n autoComplete={autoComplete}\n className={inputClassName}\n placeholder={placeholder}\n {...register(name as Parameters<typeof register>[0])}\n />\n <button\n type=\"button\"\n className=\"absolute inset-y-0 right-0 flex items-center pr-3 text-gray-500\"\n onClick={() => setShowPassword((prev) => !prev)}\n aria-label={showPassword ? \"Hide characters\" : \"Show characters\"}\n >\n {showPassword ? (\n <EyeOff className=\"h-5 w-5\" aria-hidden />\n ) : (\n <Eye className=\"h-5 w-5\" aria-hidden />\n )}\n </button>\n </div>\n {errorMessage ? (\n <p className=\"mt-1 -mb-2 text-sm/6 text-red-500\">{errorMessage}</p>\n ) : null}\n </>\n )\n}\n","import {useCallback, useEffect, useMemo, useState} from \"react\"\nimport clsx from \"clsx\"\n\n\nexport const useResendCountdown = (seconds = 60) => {\n const [remaining, setRemaining] = useState(seconds)\n const [isCountingDown, setIsCountingDown] = useState(true)\n\n useEffect(() => {\n if (!isCountingDown) return\n\n const timer = setInterval(() => {\n setRemaining((prev) => {\n if (prev <= 1) {\n setIsCountingDown(false)\n return seconds\n }\n return prev - 1\n })\n }, 1000)\n\n return () => clearInterval(timer)\n }, [isCountingDown, seconds])\n\n const restart = useCallback((nextSeconds?: number) => {\n const value = typeof nextSeconds === \"number\" ? nextSeconds : seconds\n setRemaining(value)\n setIsCountingDown(true)\n }, [seconds])\n\n const formatted = useMemo(() => {\n const minutes = Math.floor(remaining / 60)\n const secs = remaining % 60\n return `${minutes}:${secs.toString().padStart(2, \"0\")}`\n }, [remaining])\n\n const canResend = !isCountingDown\n\n return {remaining, formatted, isCountingDown, canResend, restart}\n}\n\n\nexport const ResendCodeButton = ({\n seconds = 60,\n onResend,\n className,\n disabled,\n}: {\n seconds?: number\n onResend?: () => Promise<void> | void\n className?: string\n disabled?: boolean\n}) => {\n const [isSending, setIsSending] = useState(false)\n const {formatted, isCountingDown, restart, canResend} = useResendCountdown(seconds)\n\n const handleClick = async () => {\n if (!canResend || isSending || disabled) return\n\n try {\n setIsSending(true)\n if (onResend) {\n await onResend()\n }\n } finally {\n restart()\n setIsSending(false)\n }\n }\n\n const isDisabled = disabled || isCountingDown || isSending\n const showCountdown = isDisabled && (isCountingDown || isSending)\n\n return (\n <span className=\"inline-flex items-center gap-2\">\n <button\n type=\"button\"\n onClick={handleClick}\n disabled={isDisabled}\n aria-label=\"Resend code\"\n className={clsx(\n \"text-sm font-semibold text-sky-600 hover:underline disabled:cursor-not-allowed disabled:text-gray-400\",\n className\n )}\n >\n Resend code\n </button>\n {showCountdown ? (\n <span\n data-testid=\"resend-countdown\"\n className=\"text-sm text-gray-500\"\n aria-live=\"polite\"\n >\n ({formatted})\n </span>\n ) : null}\n </span>\n )\n}\n"],"names":["requestSchema","__iconNode"],"mappings":";;;;;;;;AAIA,MAAM,wBAAwB;AAAA,EAC5B,iBAAiB;AAAA,IACf,SAAS;AAAA,IACT,YAAY;AAAA,EAAA;AAAA,EAEd,iBAAiB;AAAA,IACf,SAAS;AAAA,IACT,YAAY;AAAA,EAAA;AAAA,EAEd,yBAAyB;AAAA,IACvB,SAAS;AAAA,IACT,YAAY;AAAA,EAAA;AAAA,EAEd,wBAAwB;AAAA,IACtB,SAAS;AAAA,IACT,YAAY;AAAA,EAAA;AAEhB;AAIO,MAAM,aAAa,CAAC;AAAA,EACzB,YAAY;AAAA,EACZ;AACF,MAGM;AACJ,QAAM,WAAW,YAAA;AAEjB,QAAM,YAAY,sBAAsB,SAAS,QAAoB,GAAG;AACxE,QAAM,eAAe,sBAAsB,SAAS,QAAoB,GAAG;AAE3E,SACE,qBAAC,OAAA,EAAI,WAAU,+HAEZ,UAAA;AAAA,IAAA,aAAa,eACZ;AAAA,MAAC;AAAA,MAAA;AAAA,QACC,WAAU;AAAA,QACV,IAAI;AAAA,QAEH,UAAA;AAAA,MAAA;AAAA,IAAA,IAED;AAAA,IACJ,oBAAC,OAAA,EAAI,WAAU,kFACZ,UAAA,WACH;AAAA,IACA,oBAAC,OAAA,EAAI,WAAU,sEACZ,SAAA,CACH;AAAA,EAAA,GACF;AAEJ;ACrDO,MAAM,oBAAoB,CAAC;AAAA,EAChC;AAAA,EACA;AACF,MAGM;AAEJ,SACE;AAAA,IAAC;AAAA,IAAA;AAAA,MACC,SAAS;AAAA,MACT,WAAW,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SASb,SAAS;AAAA,MAEZ,UAAA;AAAA,QAAA;AAAA,UAAC;AAAA,UAAA;AAAA,YACC,WAAU;AAAA,YACV,OAAM;AAAA,YACN,SAAQ;AAAA,YACR,MAAK;AAAA,YAEL,UAAA,oBAAC,QAAA,EAAK,GAAE,giBAAA,CAAgiB;AAAA,UAAA;AAAA,QAAA;AAAA,QAE1iB,oBAAC,UAAK,UAAA,sBAAA,CAAmB;AAAA,MAAA;AAAA,IAAA;AAAA,EAAA;AAG/B;ACjCO,MAAM,aAAa,CAAC;AAAA,EACzB;AAAA,EACA;AAAA,EACA;AACF,MAIM;AACJ,QAAM,EAAC,UAAU,UAAA,IAAa,eAAA;AAE9B,QAAM,QAAQ,UAAU,OAAO;AAC/B,MAAI;AACJ,MAAI,OAAO,UAAU,UAAU;AAC7B,mBAAe;AAAA,EACjB,WAAW,SAAS,OAAO,MAAM,YAAY,UAAU;AACrD,mBAAe,MAAM;AAAA,EACvB;AAEA,SACE,qBAAA,UAAA,EACE,UAAA;AAAA,IAAA;AAAA,MAAC;AAAA,MAAA;AAAA,QACC;AAAA,QACA,MAAK;AAAA,QACL,UAAQ;AAAA,QACR,cAAa;AAAA,QACb;AAAA,QACA;AAAA,QACC,GAAG,SAAS,OAAO;AAAA,MAAA;AAAA,IAAA;AAAA,IAErB,eACC,oBAAC,KAAA,EAAE,WAAU,qCAAqC,wBAAa,IAC7D;AAAA,EAAA,GACN;AAEJ;ACtCA,MAAM,yBAAyB,CAAC,UAAkB;AAChD,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,UAAM,OAAO,MAAM,WAAW,CAAC;AAC/B,QAAI,SAAS,MAAM,QAAQ,MAAM,SAAS,IAAK,QAAO;AAAA,EACxD;AACA,SAAO;AACT;AAEO,MAAM,mBAAmB,CAAC,QAAuB;AACtD,MAAI,CAAC,IAAK,QAAO;AAEjB,QAAM,WAAW,IAAI,KAAA;AACrB,MAAI,CAAC,SAAU,QAAO;AAEtB,MAAI,CAAC,SAAS,WAAW,GAAG,KAAK,SAAS,WAAW,IAAI,GAAG;AAC1D,WAAO;AAAA,EACT;AAEA,MAAI,uBAAuB,QAAQ,GAAG;AACpC,WAAO;AAAA,EACT;AAEA,MAAI;AACF,UAAM,OAAO,IAAI,IAAI,kBAAkB;AACvC,UAAM,MAAM,IAAI,IAAI,UAAU,IAAI;AAClC,QAAI,IAAI,WAAW,KAAK,QAAQ;AAC9B,aAAO;AAAA,IACT;AACA,WAAO,GAAG,IAAI,QAAQ,GAAG,IAAI,MAAM,GAAG,IAAI,IAAI;AAAA,EAChD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;ACpBO,MAAM,aAAa,CAAC;AAAA,EACzB;AAAA,EACA;AACF,MAGM;AACJ,QAAM,WAAW,YAAA;AACjB,QAAM,CAAC,YAAY,IAAI,gBAAA;AAEvB,QAAM,UAAU,QAA0B;AAAA,IACxC,eAAe;AAAA,MACb,OAAO;AAAA,MACP,UAAU;AAAA,MACV,YAAY;AAAA,IAAA;AAAA,IAEd,iBAAiB;AAAA,IACjB,UAAU,YAAY,aAAa;AAAA,EAAA,CACpC;AAED,QAAM,WAA4C,OAAO,SAAS;AAChE,YAAQ,YAAY,MAAM;AAE1B,QAAI;AACF,YAAM,MAAM,MAAM,MAAM,wBAAwB;AAAA,QAC9C,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAAA;AAAA,QAElB,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,aAAa;AAAA,MAAA,CACd;AAED,YAAM,OAAO,MAAM,IAAI,OAAO,MAAM,MAAM,IAAI;AAE9C,UAAI,CAAC,IAAI,MAAM,CAAC,MAAM,SAAS;AAC7B,cAAM,UAAU,MAAM,UAAU,wBAC5B,+BACA;AACJ,gBAAQ,SAAS,QAAQ,EAAE,MAAM,UAAU,SAAS;AACpD;AAAA,MACF;AAEA,YAAM,WAAW,iBAAiB,aAAa,IAAI,MAAM,CAAC,KAAK;AAC/D,eAAS,UAAU,EAAE,SAAS,KAAA,CAAM;AAAA,IACtC,SAAS,KAAK;AACZ,cAAQ,SAAS,QAAQ,EAAE,MAAM,UAAU,SAAS,oCAAoC;AAAA,IAC1F;AAAA,EACF;AAEA,SACE,oBAAC,cAAA,EAAc,GAAG,SAChB,+BAAC,QAAA,EAAK,QAAO,QAAO,YAAU,MAAC,WAAsB,UAAU,QAAQ,aAAa,QAAQ,GACzF,UAAA;AAAA,IAAA;AAAA,IACA,QAAQ,UAAU,OAAO,MAAM,WAC9B,oBAAC,KAAA,EAAE,WAAU,6BAA4B,MAAK,SAC3C,UAAA,QAAQ,UAAU,OAAO,KAAK,QAAA,CACjC;AAAA,EAAA,EAAA,CAEJ,EAAA,CACF;AAEJ;AC9DO,MAAM,aAAa,CAAC;AAAA,EACzB;AAAA,EACA;AAAA,EACA;AACF,MAIM;AAEJ,QAAM,WAAW,YAAA;AAEjB,QAAM,CAAC,eAAe,gBAAgB,IAAI,SAAwB,IAAI;AACtE,QAAM,UAAU,QAA0B;AAAA,IACxC,eAAe;AAAA,MACb,OAAO;AAAA,MACP,UAAU;AAAA,MACV,YAAY;AAAA,IAAA;AAAA,IAEd,iBAAiB;AAAA,IACjB,UAAU,YAAYA,eAAa;AAAA,EAAA,CACpC;AAED,QAAM,WAA4C,OAAO,SAAS;AAChE,qBAAiB,IAAI;AACrB,YAAQ,YAAY,MAAM;AAE1B,QAAI;AACF,YAAM,MAAM,MAAM,MAAM,wBAAwB;AAAA,QAC9C,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,QAAA;AAAA,QAElB,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,aAAa;AAAA,MAAA,CACd;AAED,YAAM,OAAO,MAAM,IAAI,KAAA;AAEvB,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,UAAU,KAAK,UAAU,gBAC3B,+CACA;AACJ,gBAAQ,SAAS,QAAQ,EAAE,MAAM,UAAU,SAAS;AACpD;AAAA,MACF;AAEA,UAAI,CAAC,KAAK,SAAS;AACjB,gBAAQ,SAAS,QAAQ,EAAE,MAAM,UAAU,SAAS,qCAAqC;AACzF;AAAA,MACF;AAEA,YAAM,SAAS,IAAI,gBAAgB,EAAE,OAAO,KAAK,OAAO;AACxD,UAAI,aAAa;AACf,eAAO,IAAI,QAAQ,WAAW;AAAA,MAChC;AACA,eAAS,qBAAqB,OAAO,SAAA,CAAU,EAAE;AACjD,uBAAiB,yDAAyD;AAAA,IAC5E,SAAS,KAAK;AACZ,cAAQ,SAAS,QAAQ,EAAE,MAAM,UAAU,SAAS,oCAAoC;AAAA,IAC1F;AAAA,EACF;AAEA,SACE,oBAAC,cAAA,EAAc,GAAG,SAChB,+BAAC,QAAA,EAAK,QAAO,QAAO,YAAU,MAAC,WAAsB,UAAU,QAAQ,aAAa,QAAQ,GACzF,UAAA;AAAA,IAAA;AAAA,IACA,QAAQ,UAAU,OAAO,MAAM,WAC9B,oBAAC,KAAA,EAAE,WAAU,6BAA4B,MAAK,SAC3C,UAAA,QAAQ,UAAU,OAAO,KAAK,SACjC;AAAA,IAED,iBACC,oBAAC,KAAA,EAAE,WAAU,+BAA8B,MAAK,UAC7C,UAAA,cAAA,CACH;AAAA,EAAA,EAAA,CAEJ,EAAA,CACF;AAEJ;ACxFO,MAAM,qBAAqB,CAAC;AAAA,EACjC;AAAA,EACA,IAAI,YAAY;AAClB,MAGM;AACJ,QAAM,EAAC,SAAA,IAAY,eAAA;AAEnB,SACE,qBAAA,UAAA,EACE,UAAA;AAAA,IAAA;AAAA,MAAC;AAAA,MAAA;AAAA,QACC,IAAG;AAAA,QACF,GAAG,SAAS,YAAY;AAAA,MAAA;AAAA,IAAA;AAAA,IAE3B;AAAA,MAAC;AAAA,MAAA;AAAA,QACC,SAAS;AAAA,QACT,WAAU;AAAA,QAET,UAAA;AAAA,MAAA;AAAA,IAAA;AAAA,EACH,GACF;AAEJ;ACpBA,MAAM,cAAc,CAAC,WAAW,OAAO,QAAQ,sBAAsB,OAAO,EAAE,YAAW;AACzF,MAAM,cAAc,CAAC,WAAW,OAAO;AAAA,EACrC;AAAA,EACA,CAAC,OAAO,IAAI,OAAO,KAAK,GAAG,YAAW,IAAK,GAAG,YAAW;AAC3D;AACA,MAAM,eAAe,CAAC,WAAW;AAC/B,QAAM,YAAY,YAAY,MAAM;AACpC,SAAO,UAAU,OAAO,CAAC,EAAE,YAAW,IAAK,UAAU,MAAM,CAAC;AAC9D;AACA,MAAM,eAAe,IAAI,YAAY,QAAQ,OAAO,CAAC,WAAW,OAAO,UAAU;AAC/E,SAAO,QAAQ,SAAS,KAAK,UAAU,KAAI,MAAO,MAAM,MAAM,QAAQ,SAAS,MAAM;AACvF,CAAC,EAAE,KAAK,GAAG,EAAE,KAAI;AACjB,MAAM,cAAc,CAAC,UAAU;AAC7B,aAAW,QAAQ,OAAO;AACxB,QAAI,KAAK,WAAW,OAAO,KAAK,SAAS,UAAU,SAAS,SAAS;AACnE,aAAO;AAAA,IACT;AAAA,EACF;AACF;AClBA,IAAI,oBAAoB;AAAA,EACtB,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,MAAM;AAAA,EACN,QAAQ;AAAA,EACR,aAAa;AAAA,EACb,eAAe;AAAA,EACf,gBAAgB;AAClB;ACNA,MAAM,OAAO;AAAA,EACX,CAAC;AAAA,IACC,QAAQ;AAAA,IACR,OAAO;AAAA,IACP,cAAc;AAAA,IACd;AAAA,IACA,YAAY;AAAA,IACZ;AAAA,IACA;AAAA,IACA,GAAG;AAAA,EACP,GAAK,QAAQ;AAAA,IACT;AAAA,IACA;AAAA,MACE;AAAA,MACA,GAAG;AAAA,MACH,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,aAAa,sBAAsB,OAAO,WAAW,IAAI,KAAK,OAAO,IAAI,IAAI;AAAA,MAC7E,WAAW,aAAa,UAAU,SAAS;AAAA,MAC3C,GAAG,CAAC,YAAY,CAAC,YAAY,IAAI,KAAK,EAAE,eAAe,OAAM;AAAA,MAC7D,GAAG;AAAA,IACT;AAAA,IACI;AAAA,MACE,GAAG,SAAS,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,cAAc,KAAK,KAAK,CAAC;AAAA,MAC3D,GAAG,MAAM,QAAQ,QAAQ,IAAI,WAAW,CAAC,QAAQ;AAAA,IACvD;AAAA,EACA;AACA;AC5BA,MAAM,mBAAmB,CAAC,UAAU,aAAa;AAC/C,QAAM,YAAY;AAAA,IAChB,CAAC,EAAE,WAAW,GAAG,MAAK,GAAI,QAAQ,cAAc,MAAM;AAAA,MACpD;AAAA,MACA;AAAA,MACA,WAAW;AAAA,QACT,UAAU,YAAY,aAAa,QAAQ,CAAC,CAAC;AAAA,QAC7C,UAAU,QAAQ;AAAA,QAClB;AAAA,MACR;AAAA,MACM,GAAG;AAAA,IACT,CAAK;AAAA,EACL;AACE,YAAU,cAAc,aAAa,QAAQ;AAC7C,SAAO;AACT;ACjBA,MAAMC,eAAa;AAAA,EACjB;AAAA,IACE;AAAA,IACA;AAAA,MACE,GAAG;AAAA,MACH,KAAK;AAAA,IACX;AAAA,EACA;AAAA,EACE,CAAC,QAAQ,EAAE,GAAG,wCAAwC,KAAK,SAAQ,CAAE;AAAA,EACrE;AAAA,IACE;AAAA,IACA;AAAA,MACE,GAAG;AAAA,MACH,KAAK;AAAA,IACX;AAAA,EACA;AAAA,EACE,CAAC,QAAQ,EAAE,GAAG,cAAc,KAAK,SAAQ,CAAE;AAC7C;AACA,MAAM,SAAS,iBAAiB,WAAWA,YAAU;AClBrD,MAAM,aAAa;AAAA,EACjB;AAAA,IACE;AAAA,IACA;AAAA,MACE,GAAG;AAAA,MACH,KAAK;AAAA,IACX;AAAA,EACA;AAAA,EACE,CAAC,UAAU,EAAE,IAAI,MAAM,IAAI,MAAM,GAAG,KAAK,KAAK,SAAQ,CAAE;AAC1D;AACA,MAAM,MAAM,iBAAiB,OAAO,UAAU;ACNvC,MAAM,gBAAgB,CAAC;AAAA,EAC5B;AAAA,EACA,OAAO;AAAA,EACP;AAAA,EACA;AAAA,EACA,eAAe;AACjB,MAA0B;AACxB,QAAM,CAAC,cAAc,eAAe,IAAI,SAAS,KAAK;AACtD,QAAM,EAAE,UAAU,UAAA,IAAc,eAAA;AAEhC,QAAM,aAAa,UAAU,OAAO,IAAqC;AACzE,QAAM,eACJ,OAAO,eAAe,WAClB,aACA,OAAO,YAAY,YAAY,WAC7B,WAAW,UACX;AAER,QAAM,iBAAiB,YAAY,GAAG,SAAS,WAAW;AAE1D,SACE,qBAAA,UAAA,EACE,UAAA;AAAA,IAAA,qBAAC,OAAA,EAAI,WAAU,YACb,UAAA;AAAA,MAAA;AAAA,QAAC;AAAA,QAAA;AAAA,UACC;AAAA,UACA,MAAM,eAAe,SAAS;AAAA,UAC9B;AAAA,UACA,WAAW;AAAA,UACX;AAAA,UACC,GAAG,SAAS,IAAsC;AAAA,QAAA;AAAA,MAAA;AAAA,MAErD;AAAA,QAAC;AAAA,QAAA;AAAA,UACC,MAAK;AAAA,UACL,WAAU;AAAA,UACV,SAAS,MAAM,gBAAgB,CAAC,SAAS,CAAC,IAAI;AAAA,UAC9C,cAAY,eAAe,oBAAoB;AAAA,UAE9C,UAAA,eACC,oBAAC,QAAA,EAAO,WAAU,WAAU,eAAW,KAAA,CAAC,IAExC,oBAAC,KAAA,EAAI,WAAU,WAAU,eAAW,KAAA,CAAC;AAAA,QAAA;AAAA,MAAA;AAAA,IAEzC,GACF;AAAA,IACC,eACC,oBAAC,KAAA,EAAE,WAAU,qCAAqC,wBAAa,IAC7D;AAAA,EAAA,GACN;AAEJ;AC1DO,MAAM,qBAAqB,CAAC,UAAU,OAAO;AAClD,QAAM,CAAC,WAAW,YAAY,IAAI,SAAS,OAAO;AAClD,QAAM,CAAC,gBAAgB,iBAAiB,IAAI,SAAS,IAAI;AAEzD,YAAU,MAAM;AACd,QAAI,CAAC,eAAgB;AAErB,UAAM,QAAQ,YAAY,MAAM;AAC9B,mBAAa,CAAC,SAAS;AACrB,YAAI,QAAQ,GAAG;AACb,4BAAkB,KAAK;AACvB,iBAAO;AAAA,QACT;AACA,eAAO,OAAO;AAAA,MAChB,CAAC;AAAA,IACH,GAAG,GAAI;AAEP,WAAO,MAAM,cAAc,KAAK;AAAA,EAClC,GAAG,CAAC,gBAAgB,OAAO,CAAC;AAE5B,QAAM,UAAU,YAAY,CAAC,gBAAyB;AACpD,UAAM,QAAQ,OAAO,gBAAgB,WAAW,cAAc;AAC9D,iBAAa,KAAK;AAClB,sBAAkB,IAAI;AAAA,EACxB,GAAG,CAAC,OAAO,CAAC;AAEZ,QAAM,YAAY,QAAQ,MAAM;AAC9B,UAAM,UAAU,KAAK,MAAM,YAAY,EAAE;AACzC,UAAM,OAAO,YAAY;AACzB,WAAO,GAAG,OAAO,IAAI,KAAK,WAAW,SAAS,GAAG,GAAG,CAAC;AAAA,EACvD,GAAG,CAAC,SAAS,CAAC;AAEd,QAAM,YAAY,CAAC;AAEnB,SAAO,EAAC,WAAW,WAAW,gBAAgB,WAAW,QAAA;AAC3D;AAGO,MAAM,mBAAmB,CAAC;AAAA,EAC/B,UAAU;AAAA,EACV;AAAA,EACA;AAAA,EACA;AACF,MAKM;AACJ,QAAM,CAAC,WAAW,YAAY,IAAI,SAAS,KAAK;AAChD,QAAM,EAAC,WAAW,gBAAgB,SAAS,UAAA,IAAa,mBAAmB,OAAO;AAElF,QAAM,cAAc,YAAY;AAC9B,QAAI,CAAC,aAAa,aAAa,SAAU;AAEzC,QAAI;AACF,mBAAa,IAAI;AACjB,UAAI,UAAU;AACZ,cAAM,SAAA;AAAA,MACR;AAAA,IACF,UAAA;AACE,cAAA;AACA,mBAAa,KAAK;AAAA,IACpB;AAAA,EACF;AAEA,QAAM,aAAa,YAAY,kBAAkB;AACjD,QAAM,gBAAgB,eAAe,kBAAkB;AAEvD,SACE,qBAAC,QAAA,EAAK,WAAU,kCACd,UAAA;AAAA,IAAA;AAAA,MAAC;AAAA,MAAA;AAAA,QACC,MAAK;AAAA,QACL,SAAS;AAAA,QACT,UAAU;AAAA,QACV,cAAW;AAAA,QACX,WAAW;AAAA,UACT;AAAA,UACA;AAAA,QAAA;AAAA,QAEH,UAAA;AAAA,MAAA;AAAA,IAAA;AAAA,IAGA,gBACC;AAAA,MAAC;AAAA,MAAA;AAAA,QACC,eAAY;AAAA,QACZ,WAAU;AAAA,QACV,aAAU;AAAA,QACX,UAAA;AAAA,UAAA;AAAA,UACG;AAAA,UAAU;AAAA,QAAA;AAAA,MAAA;AAAA,IAAA,IAEZ;AAAA,EAAA,GACN;AAEJ;","x_google_ignoreList":[7,8,9,10,11,12]}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
const isAuthenticated = (req) => {
|
|
2
|
-
|
|
2
|
+
const sessionUser = req.session?.user;
|
|
3
|
+
return Boolean(sessionUser?.id);
|
|
3
4
|
};
|
|
4
5
|
const restrictSessionMiddleware = (req, res, next) => {
|
|
5
6
|
if (isAuthenticated(req)) {
|
|
@@ -19,4 +20,4 @@ export {
|
|
|
19
20
|
redirectAuthMiddleware as b,
|
|
20
21
|
restrictSessionMiddleware as r
|
|
21
22
|
};
|
|
22
|
-
//# sourceMappingURL=middleware-
|
|
23
|
+
//# sourceMappingURL=middleware-HjIzPByj.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"middleware-HjIzPByj.js","sources":["../src/middleware.ts"],"sourcesContent":["import type { Middleware } from \"@rpcbase/api\"\n\nimport type { AuthSessionUser } from \"./types\"\n\n\nconst isAuthenticated = (req: Parameters<Middleware>[0]): req is Parameters<Middleware<AuthSessionUser>>[0] => {\n const sessionUser = req.session?.user as { id?: unknown } | undefined\n return Boolean(sessionUser?.id)\n}\n\nexport const restrictSessionMiddleware: Middleware<AuthSessionUser> = (req, res, next) => {\n if (isAuthenticated(req)) {\n return next()\n }\n\n res.status(401).json({ error: \"unauthorized\" })\n}\n\nexport const requireSession = restrictSessionMiddleware\n\nexport const redirectAuthMiddleware: Middleware<AuthSessionUser> = (req, res, next) => {\n if (req.path.startsWith(\"/app\") && !isAuthenticated(req)) {\n return res.redirect(\"/auth/sign-in\")\n }\n\n next()\n}\n"],"names":[],"mappings":"AAKA,MAAM,kBAAkB,CAAC,QAAsF;AAC7G,QAAM,cAAc,IAAI,SAAS;AACjC,SAAO,QAAQ,aAAa,EAAE;AAChC;AAEO,MAAM,4BAAyD,CAAC,KAAK,KAAK,SAAS;AACxF,MAAI,gBAAgB,GAAG,GAAG;AACxB,WAAO,KAAA;AAAA,EACT;AAEA,MAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,gBAAgB;AAChD;AAEO,MAAM,iBAAiB;AAEvB,MAAM,yBAAsD,CAAC,KAAK,KAAK,SAAS;AACrF,MAAI,IAAI,KAAK,WAAW,MAAM,KAAK,CAAC,gBAAgB,GAAG,GAAG;AACxD,WAAO,IAAI,SAAS,eAAe;AAAA,EACrC;AAEA,OAAA;AACF;"}
|
package/dist/middleware.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAE9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAE9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAQ9C,eAAO,MAAM,yBAAyB,EAAE,UAAU,CAAC,eAAe,CAMjE,CAAA;AAED,eAAO,MAAM,cAAc,6BAA4B,CAAA;AAEvD,eAAO,MAAM,sBAAsB,EAAE,UAAU,CAAC,eAAe,CAM9D,CAAA"}
|
package/dist/oauth/index.js
CHANGED
|
@@ -177,7 +177,7 @@ const readTextBody = async (req) => await new Promise((resolve, reject) => {
|
|
|
177
177
|
req.setEncoding("utf8");
|
|
178
178
|
}
|
|
179
179
|
req.on("data", (chunk) => {
|
|
180
|
-
body += chunk;
|
|
180
|
+
body += String(chunk);
|
|
181
181
|
if (body.length > 32768) {
|
|
182
182
|
reject(new Error("request_body_too_large"));
|
|
183
183
|
}
|
|
@@ -257,7 +257,6 @@ const getOAuthStartRedirectUrl = async ({
|
|
|
257
257
|
return { success: false, error: "oauth_request_store_failed", statusCode: 500 };
|
|
258
258
|
}
|
|
259
259
|
try {
|
|
260
|
-
;
|
|
261
260
|
ctx.res.cookie(OAUTH_STATE_COOKIE_NAME, `${providerId}:${state}`, {
|
|
262
261
|
httpOnly: true,
|
|
263
262
|
secure: isHttps,
|
|
@@ -404,9 +403,11 @@ const processOAuthCallback = async ({
|
|
|
404
403
|
oauthUser = null;
|
|
405
404
|
}
|
|
406
405
|
}
|
|
407
|
-
const
|
|
408
|
-
const
|
|
409
|
-
const
|
|
406
|
+
const oauthUserRecord = oauthUser && typeof oauthUser === "object" ? oauthUser : null;
|
|
407
|
+
const oauthUserEmail = typeof oauthUserRecord?.email === "string" ? oauthUserRecord.email.trim() : "";
|
|
408
|
+
const oauthUserNameRecord = oauthUserRecord?.name && typeof oauthUserRecord.name === "object" ? oauthUserRecord.name : null;
|
|
409
|
+
const oauthUserNameFirst = typeof oauthUserNameRecord?.firstName === "string" ? oauthUserNameRecord.firstName.trim() : "";
|
|
410
|
+
const oauthUserNameLast = typeof oauthUserNameRecord?.lastName === "string" ? oauthUserNameRecord.lastName.trim() : "";
|
|
410
411
|
const oauthUserName = [oauthUserNameFirst, oauthUserNameLast].filter(Boolean).join(" ").trim();
|
|
411
412
|
const resolvedEmail = email ?? (oauthUserEmail || void 0);
|
|
412
413
|
const resolvedName = name ?? (oauthUserName || void 0);
|
|
@@ -444,13 +445,10 @@ const processOAuthCallback = async ({
|
|
|
444
445
|
}
|
|
445
446
|
const now = /* @__PURE__ */ new Date();
|
|
446
447
|
let providerCreatedAt;
|
|
447
|
-
const
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
} else if (oauthProvidersValue && typeof oauthProvidersValue === "object") {
|
|
452
|
-
const existing = oauthProvidersValue[providerId];
|
|
453
|
-
if (existing?.createdAt instanceof Date) providerCreatedAt = existing.createdAt;
|
|
448
|
+
const oauthProviders = user?.get("oauthProviders");
|
|
449
|
+
const existingProvider = oauthProviders?.get(providerId);
|
|
450
|
+
if (existingProvider?.createdAt instanceof Date) {
|
|
451
|
+
providerCreatedAt = existingProvider.createdAt;
|
|
454
452
|
}
|
|
455
453
|
const oauthProviderPayload = {
|
|
456
454
|
subject,
|
|
@@ -503,9 +501,9 @@ const processOAuthCallback = async ({
|
|
|
503
501
|
await User.updateOne({ _id: user._id }, { $set: setFields });
|
|
504
502
|
}
|
|
505
503
|
const tenantId = user.tenants?.[0]?.toString?.() || "00000000";
|
|
506
|
-
const signedInTenants = (user.tenants || []).map(
|
|
507
|
-
const
|
|
508
|
-
const tenantRoles =
|
|
504
|
+
const signedInTenants = (user.tenants || []).map(String);
|
|
505
|
+
const tenantRolesMap = user.get("tenantRoles");
|
|
506
|
+
const tenantRoles = tenantRolesMap ? Object.fromEntries(tenantRolesMap.entries()) : void 0;
|
|
509
507
|
ctx.req.session.user = {
|
|
510
508
|
id: user._id.toString(),
|
|
511
509
|
currentTenantId: tenantId,
|
|
@@ -521,7 +519,6 @@ const processOAuthCallback = async ({
|
|
|
521
519
|
console.warn("oauth::failed_to_delete_request", err);
|
|
522
520
|
}
|
|
523
521
|
try {
|
|
524
|
-
;
|
|
525
522
|
ctx.res.clearCookie(OAUTH_STATE_COOKIE_NAME, {
|
|
526
523
|
httpOnly: true,
|
|
527
524
|
secure: isHttps,
|
package/dist/oauth/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sources":["../../src/oauth/config.ts","../../src/oauth/jwt.ts","../../src/oauth/oidc.ts","../../src/oauth/pkce.ts","../../src/oauth/providerId.ts","../../src/oauth/lib.ts"],"sourcesContent":["export type OAuthProviderConfig = {\n issuer: string\n clientId: string\n clientSecret?: string\n scope: string\n callbackPath: string\n}\n\ntype OAuthProvidersConfig = Record<string, OAuthProviderConfig>\n\ntype OAuthProvidersStore = {\n providers: OAuthProvidersConfig\n}\n\nconst STORE_KEY = Symbol.for(\"@rpcbase/auth/oauthProviders\")\n\nconst getStore = (): OAuthProvidersStore => {\n const anyGlobal = globalThis as unknown as Record<string | symbol, unknown>\n const existing = anyGlobal[STORE_KEY] as OAuthProvidersStore | undefined\n if (existing && typeof existing === \"object\" && existing.providers && typeof existing.providers === \"object\") {\n return existing\n }\n\n const created: OAuthProvidersStore = { providers: {} }\n anyGlobal[STORE_KEY] = created\n return created\n}\n\nconst normalizeProviders = (providers: Record<string, OAuthProviderConfig>): OAuthProvidersConfig => {\n const result: OAuthProvidersConfig = {}\n\n const isSafeRedirectPath = (candidate: string) => {\n if (!candidate.startsWith(\"/\")) return false\n if (candidate.startsWith(\"//\")) return false\n return true\n }\n\n for (const [providerIdRaw, value] of Object.entries(providers)) {\n const providerId = providerIdRaw.trim()\n if (!providerId) continue\n\n const issuer = typeof value?.issuer === \"string\" ? value.issuer.trim() : \"\"\n const clientId = typeof value?.clientId === \"string\" ? value.clientId.trim() : \"\"\n if (!issuer) throw new Error(`oauth provider \"${providerId}\" missing issuer`)\n if (!clientId) throw new Error(`oauth provider \"${providerId}\" missing clientId`)\n\n const clientSecret = typeof value?.clientSecret === \"string\" && value.clientSecret.trim()\n ? value.clientSecret\n : undefined\n\n const scope = typeof value?.scope === \"string\" ? value.scope.trim() : \"\"\n if (!scope) throw new Error(`oauth provider \"${providerId}\" missing scope`)\n\n const callbackPath = typeof value?.callbackPath === \"string\"\n ? value.callbackPath.trim()\n : \"\"\n if (!callbackPath) throw new Error(`oauth provider \"${providerId}\" missing callbackPath`)\n if (!isSafeRedirectPath(callbackPath)) throw new Error(`oauth provider \"${providerId}\" has invalid callbackPath`)\n\n result[providerId] = {\n issuer,\n clientId,\n clientSecret,\n scope,\n callbackPath,\n }\n }\n\n return result\n}\n\nexport const configureOAuthProviders = (providers: Record<string, OAuthProviderConfig>) => {\n const store = getStore()\n const normalized = normalizeProviders(providers)\n store.providers = { ...store.providers, ...normalized }\n}\n\nexport const setOAuthProviders = (providers: Record<string, OAuthProviderConfig>) => {\n const store = getStore()\n store.providers = normalizeProviders(providers)\n}\n\nexport const getOAuthProviderConfig = (providerId: string): OAuthProviderConfig | null => {\n const store = getStore()\n return store.providers[providerId] ?? null\n}\n","const decodeBase64Url = (value: string) => {\n const padded = value.replace(/-/g, \"+\").replace(/_/g, \"/\") + \"===\".slice((value.length + 3) % 4)\n return Buffer.from(padded, \"base64\").toString(\"utf8\")\n}\n\nexport const decodeJwtPayload = <T = Record<string, unknown>>(token: string): T | null => {\n const parts = token.split(\".\")\n if (parts.length < 2) return null\n\n try {\n const json = decodeBase64Url(parts[1])\n const parsed = JSON.parse(json) as T\n if (!parsed || typeof parsed !== \"object\") return null\n return parsed\n } catch {\n return null\n }\n}\n\n","export type OidcWellKnown = {\n issuer: string\n authorization_endpoint: string\n token_endpoint: string\n userinfo_endpoint?: string\n jwks_uri?: string\n}\n\nconst cache = new Map<string, Promise<OidcWellKnown>>()\n\nconst normalizeIssuer = (raw: string) => raw.trim().replace(/\\/+$/, \"\")\n\nexport const getOidcWellKnown = async (issuerRaw: string): Promise<OidcWellKnown> => {\n const issuer = normalizeIssuer(issuerRaw)\n if (!issuer) {\n throw new Error(\"OIDC issuer is required\")\n }\n\n const existing = cache.get(issuer)\n if (existing) {\n return existing\n }\n\n const loader = (async () => {\n const url = new URL(\"/.well-known/openid-configuration\", issuer)\n const response = await fetch(url, { headers: { Accept: \"application/json\" } })\n if (!response.ok) {\n const body = await response.text().catch(() => \"\")\n throw new Error(`Failed to fetch OIDC discovery document: ${response.status} ${body}`)\n }\n\n const json = await response.json().catch(() => null) as Partial<OidcWellKnown> | null\n if (!json || typeof json !== \"object\") {\n throw new Error(\"Invalid OIDC discovery document\")\n }\n\n const authorizationEndpoint = typeof json.authorization_endpoint === \"string\"\n ? json.authorization_endpoint\n : \"\"\n const tokenEndpoint = typeof json.token_endpoint === \"string\"\n ? json.token_endpoint\n : \"\"\n const issuerValue = typeof json.issuer === \"string\" ? json.issuer : issuer\n const userinfoEndpoint = typeof json.userinfo_endpoint === \"string\" ? json.userinfo_endpoint : undefined\n const jwksUri = typeof json.jwks_uri === \"string\" ? json.jwks_uri : undefined\n\n if (!authorizationEndpoint || !tokenEndpoint) {\n throw new Error(\"OIDC discovery document missing required endpoints\")\n }\n\n return {\n issuer: issuerValue,\n authorization_endpoint: authorizationEndpoint,\n token_endpoint: tokenEndpoint,\n userinfo_endpoint: userinfoEndpoint,\n jwks_uri: jwksUri,\n } satisfies OidcWellKnown\n })()\n\n cache.set(issuer, loader)\n\n try {\n return await loader\n } catch (err) {\n cache.delete(issuer)\n throw err\n }\n}\n\n","import crypto from \"crypto\"\n\n\nexport const base64UrlEncode = (input: Buffer) => input\n .toString(\"base64\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/g, \"\")\n\nexport const generatePkcePair = () => {\n const verifier = base64UrlEncode(crypto.randomBytes(32))\n const challenge = base64UrlEncode(crypto.createHash(\"sha256\").update(verifier).digest())\n\n return { verifier, challenge }\n}\n\n","const RESERVED_KEYS = new Set([\"__proto__\", \"prototype\", \"constructor\"])\n\nexport const isSafeOAuthProviderId = (value: string) => {\n const providerId = value.trim()\n if (!providerId) return false\n if (providerId.length > 128) return false\n if (RESERVED_KEYS.has(providerId)) return false\n return /^[a-zA-Z0-9_-]+$/.test(providerId)\n}\n\n","import crypto from \"crypto\"\n\nimport { ApiHandler, Ctx } from \"@rpcbase/api\"\nimport { models } from \"@rpcbase/db\"\nimport { hashPasswordForStorage } from \"@rpcbase/server\"\n\nimport { getOAuthProviderConfig } from \"./config\"\nimport { decodeJwtPayload } from \"./jwt\"\nimport { getOidcWellKnown } from \"./oidc\"\nimport { generatePkcePair } from \"./pkce\"\nimport { isSafeOAuthProviderId } from \"./providerId\"\n\n\nconst OAUTH_REQUEST_TTL_MS = 10 * 60 * 1000\nconst OAUTH_STATE_COOKIE_NAME = \"rb_oauth_state\"\n\nconst getQueryString = (value: unknown) => {\n if (typeof value === \"string\") return value\n if (Array.isArray(value) && typeof value[0] === \"string\") return value[0]\n return null\n}\n\nconst getCookieValue = (ctx: Ctx<any>, name: string): string | null => {\n const header = ctx.req.headers?.cookie\n if (typeof header !== \"string\" || !header) return null\n\n for (const part of header.split(\";\")) {\n const [rawKey, ...rest] = part.split(\"=\")\n const key = rawKey?.trim()\n if (!key || key !== name) continue\n const rawValue = rest.join(\"=\").trim()\n if (!rawValue) return \"\"\n try {\n return decodeURIComponent(rawValue)\n } catch {\n return rawValue\n }\n }\n\n return null\n}\n\nconst isSafeRedirectPath = (candidate: string) => {\n if (!candidate.startsWith(\"/\")) return false\n if (candidate.startsWith(\"//\")) return false\n return true\n}\n\nconst getRequestOrigin = (ctx: Ctx<any>) => {\n const protoHeader = ctx.req.headers[\"x-forwarded-proto\"]\n const hostHeader = ctx.req.headers[\"x-forwarded-host\"]\n\n const protocol = typeof protoHeader === \"string\"\n ? protoHeader.split(\",\")[0].trim()\n : ctx.req.protocol\n\n const host = typeof hostHeader === \"string\"\n ? hostHeader.split(\",\")[0].trim()\n : ctx.req.get(\"host\")\n\n return protocol && host ? `${protocol}://${host}` : \"\"\n}\n\nconst resolveCallbackPath = (callbackPath: string) => {\n const trimmed = callbackPath.trim()\n return trimmed && isSafeRedirectPath(trimmed) ? trimmed : null\n}\n\nconst readTextBody = async (req: { on: (event: string, cb: (arg: any) => void) => void; setEncoding?: (enc: string) => void }) =>\n await new Promise<string>((resolve, reject) => {\n let body = \"\"\n if (typeof req.setEncoding === \"function\") {\n req.setEncoding(\"utf8\")\n }\n\n req.on(\"data\", (chunk: string) => {\n body += chunk\n if (body.length > 32_768) {\n reject(new Error(\"request_body_too_large\"))\n }\n })\n req.on(\"end\", () => resolve(body))\n req.on(\"error\", reject)\n })\n\nconst getFormPostParams = async (ctx: Ctx<any>): Promise<Record<string, string> | null> => {\n if (ctx.req.method !== \"POST\") return null\n\n const contentType = typeof ctx.req.headers[\"content-type\"] === \"string\" ? ctx.req.headers[\"content-type\"] : \"\"\n if (!contentType.includes(\"application/x-www-form-urlencoded\")) return null\n\n const body = await readTextBody(ctx.req as any)\n const params = new URLSearchParams(body)\n\n const result: Record<string, string> = {}\n for (const [key, value] of params.entries()) {\n result[key] = value\n }\n\n return result\n}\n\nconst resolveProviderId = (ctx: Ctx<any>, providerIdOverride?: string) =>\n (providerIdOverride ?? String(ctx.req.params?.provider ?? \"\")).trim()\n\nconst RESERVED_AUTH_PARAM_KEYS = new Set([\"__proto__\", \"prototype\", \"constructor\"])\n\nconst normalizeAuthorizationParams = (value: unknown): Record<string, string> | undefined => {\n if (!value || typeof value !== \"object\" || Array.isArray(value)) return undefined\n\n const result: Record<string, string> = {}\n for (const [keyRaw, valueRaw] of Object.entries(value)) {\n const key = keyRaw.trim()\n if (!key) continue\n if (RESERVED_AUTH_PARAM_KEYS.has(key)) continue\n const val = typeof valueRaw === \"string\" ? valueRaw.trim() : \"\"\n if (!val) continue\n result[key] = val\n }\n\n return Object.keys(result).length ? result : undefined\n}\n\nexport type OAuthStartResult =\n | { success: true; redirectUrl: string }\n | { success: false; error: string; statusCode: number }\n\nexport const getOAuthStartRedirectUrl = async ({\n ctx,\n providerId: providerIdOverride,\n returnTo,\n authorizationParams,\n}: {\n ctx: Ctx<any>\n providerId?: string\n returnTo?: string | null\n authorizationParams?: Record<string, string>\n}): Promise<OAuthStartResult> => {\n const providerId = resolveProviderId(ctx, providerIdOverride)\n if (!providerId) {\n return { success: false, error: \"missing_provider\", statusCode: 400 }\n }\n\n if (!isSafeOAuthProviderId(providerId)) {\n return { success: false, error: \"invalid_provider\", statusCode: 400 }\n }\n\n const provider = getOAuthProviderConfig(providerId)\n if (!provider) {\n return { success: false, error: \"unknown_provider\", statusCode: 404 }\n }\n\n const origin = getRequestOrigin(ctx)\n if (!origin) {\n return { success: false, error: \"origin_unavailable\", statusCode: 500 }\n }\n const isHttps = origin.startsWith(\"https://\")\n\n const callbackPath = resolveCallbackPath(provider.callbackPath)\n if (!callbackPath) {\n return { success: false, error: \"invalid_callback_path\", statusCode: 500 }\n }\n\n const state = crypto.randomBytes(16).toString(\"hex\")\n const { verifier, challenge } = generatePkcePair()\n\n const safeReturnTo = typeof returnTo === \"string\" && isSafeRedirectPath(returnTo) ? returnTo : undefined\n\n try {\n const OAuthRequest = await models.getGlobal(\"RBOAuthRequest\", ctx)\n const now = new Date()\n await OAuthRequest.create({\n _id: state,\n providerId,\n codeVerifier: verifier,\n returnTo: safeReturnTo,\n createdAt: now,\n expiresAt: new Date(now.getTime() + OAUTH_REQUEST_TTL_MS),\n })\n } catch (err) {\n console.warn(\"oauth::failed_to_store_request\", err)\n return { success: false, error: \"oauth_request_store_failed\", statusCode: 500 }\n }\n\n try {\n ;(ctx.res as any).cookie(OAUTH_STATE_COOKIE_NAME, `${providerId}:${state}`, {\n httpOnly: true,\n secure: isHttps,\n sameSite: isHttps ? \"none\" : \"lax\",\n path: callbackPath,\n maxAge: OAUTH_REQUEST_TTL_MS,\n })\n } catch (err) {\n console.warn(\"oauth::failed_to_set_state_cookie\", err)\n return { success: false, error: \"oauth_cookie_set_failed\", statusCode: 500 }\n }\n\n const oidc = await getOidcWellKnown(provider.issuer)\n const redirectUri = `${origin}${callbackPath}`\n\n const url = new URL(oidc.authorization_endpoint)\n url.searchParams.set(\"client_id\", provider.clientId)\n url.searchParams.set(\"redirect_uri\", redirectUri)\n url.searchParams.set(\"response_type\", \"code\")\n url.searchParams.set(\"scope\", provider.scope)\n url.searchParams.set(\"state\", state)\n url.searchParams.set(\"code_challenge\", challenge)\n url.searchParams.set(\"code_challenge_method\", \"S256\")\n const extraAuthorizationParams = normalizeAuthorizationParams(authorizationParams)\n for (const [key, value] of Object.entries(extraAuthorizationParams ?? {})) {\n if (url.searchParams.has(key)) continue\n url.searchParams.set(key, value)\n }\n\n return { success: true, redirectUrl: url.toString() }\n}\n\nexport type OAuthCallbackResult =\n | {\n success: true\n type: \"signed_in\"\n redirectPath: string\n userId: string\n tenantId: string\n signedInTenants: string[]\n }\n | {\n success: false\n type: \"missing_user\"\n providerId: string\n subject: string\n email?: string\n name?: string\n redirectPath?: string\n }\n | {\n success: false\n type: \"error\"\n error: string\n redirectPath: string\n }\n\nconst OAUTH_SUCCESS_REDIRECT_PATH = \"/onboarding\"\nconst AUTH_ERROR_REDIRECT_BASE = \"/auth/sign-in\"\n\nexport const processOAuthCallback = async ({\n ctx,\n providerId: providerIdOverride,\n createUserOnFirstSignIn,\n missingUserRedirectPath,\n successRedirectPath,\n}: {\n ctx: Ctx<any>\n providerId?: string\n createUserOnFirstSignIn?: boolean\n missingUserRedirectPath?: string\n successRedirectPath?: string\n}): Promise<OAuthCallbackResult> => {\n const providerId = resolveProviderId(ctx, providerIdOverride)\n if (!providerId) {\n return { success: false, type: \"error\", error: \"missing_provider\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=missing_provider` }\n }\n\n if (!isSafeOAuthProviderId(providerId)) {\n return { success: false, type: \"error\", error: \"invalid_provider\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=invalid_provider` }\n }\n\n const provider = getOAuthProviderConfig(providerId)\n if (!provider) {\n return { success: false, type: \"error\", error: \"unknown_provider\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=unknown_provider` }\n }\n\n const origin = getRequestOrigin(ctx)\n if (!origin) {\n return { success: false, type: \"error\", error: \"origin_unavailable\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=origin_unavailable` }\n }\n const isHttps = origin.startsWith(\"https://\")\n\n const callbackPath = resolveCallbackPath(provider.callbackPath)\n if (!callbackPath) {\n return { success: false, type: \"error\", error: \"invalid_callback_path\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=invalid_callback_path` }\n }\n\n const bodyParams = await getFormPostParams(ctx)\n\n const code = (getQueryString(bodyParams?.code) ?? getQueryString(ctx.req.query?.code))?.trim() ?? \"\"\n const state = (getQueryString(bodyParams?.state) ?? getQueryString(ctx.req.query?.state))?.trim() ?? \"\"\n const oauthUserRaw = (getQueryString(bodyParams?.user) ?? getQueryString(ctx.req.query?.user))?.trim() ?? \"\"\n\n if (!code || !state) {\n return { success: false, type: \"error\", error: \"missing_code_or_state\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=missing_code_or_state` }\n }\n\n const stateCookieValue = getCookieValue(ctx, OAUTH_STATE_COOKIE_NAME)\n if (stateCookieValue !== `${providerId}:${state}`) {\n return { success: false, type: \"error\", error: \"invalid_state\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=invalid_state` }\n }\n\n let oauthRequest: any = null\n let OAuthRequestModel: any = null\n try {\n OAuthRequestModel = await models.getGlobal(\"RBOAuthRequest\", ctx)\n oauthRequest = await OAuthRequestModel.findOne({ _id: state, providerId }).lean()\n } catch (err) {\n console.warn(\"oauth::failed_to_load_request\", err)\n return { success: false, type: \"error\", error: \"oauth_request_load_failed\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=oauth_request_load_failed` }\n }\n\n if (!oauthRequest) {\n return { success: false, type: \"error\", error: \"invalid_state\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=invalid_state` }\n }\n\n const returnTo = typeof oauthRequest.returnTo === \"string\" ? oauthRequest.returnTo : undefined\n const codeVerifier = typeof oauthRequest.codeVerifier === \"string\" ? oauthRequest.codeVerifier : \"\"\n if (!codeVerifier) {\n return { success: false, type: \"error\", error: \"missing_code_verifier\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=missing_code_verifier` }\n }\n\n const oidc = await getOidcWellKnown(provider.issuer)\n const redirectUri = `${origin}${callbackPath}`\n\n const tokenBody = new URLSearchParams()\n tokenBody.set(\"grant_type\", \"authorization_code\")\n tokenBody.set(\"code\", code)\n tokenBody.set(\"redirect_uri\", redirectUri)\n tokenBody.set(\"client_id\", provider.clientId)\n tokenBody.set(\"code_verifier\", codeVerifier)\n if (provider.clientSecret) {\n tokenBody.set(\"client_secret\", provider.clientSecret)\n }\n\n const tokenResponse = await fetch(oidc.token_endpoint, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n Accept: \"application/json\",\n },\n body: tokenBody.toString(),\n })\n\n const tokenJson = await tokenResponse.json().catch(() => null) as Record<string, unknown> | null\n\n if (!tokenResponse.ok || !tokenJson || typeof tokenJson !== \"object\") {\n const body = tokenJson ? JSON.stringify(tokenJson) : \"\"\n console.warn(\"oauth::token_exchange failed\", tokenResponse.status, body)\n return { success: false, type: \"error\", error: \"token_exchange_failed\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=token_exchange_failed` }\n }\n\n const accessToken = typeof tokenJson.access_token === \"string\" ? tokenJson.access_token : \"\"\n const refreshToken = typeof tokenJson.refresh_token === \"string\" ? tokenJson.refresh_token : undefined\n const idToken = typeof tokenJson.id_token === \"string\" ? tokenJson.id_token : undefined\n const scope = typeof tokenJson.scope === \"string\" ? tokenJson.scope : undefined\n const tokenType = typeof tokenJson.token_type === \"string\" ? tokenJson.token_type : undefined\n const expiresIn = typeof tokenJson.expires_in === \"number\"\n ? tokenJson.expires_in\n : typeof tokenJson.expires_in === \"string\"\n ? Number(tokenJson.expires_in)\n : undefined\n const expiresInSeconds = typeof expiresIn === \"number\" && Number.isFinite(expiresIn) ? expiresIn : null\n const expiresAt = expiresInSeconds !== null ? new Date(Date.now() + expiresInSeconds * 1000) : undefined\n\n let userInfo: Record<string, unknown> | null = null\n\n if (oidc.userinfo_endpoint && accessToken) {\n const userInfoResponse = await fetch(oidc.userinfo_endpoint, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n Accept: \"application/json\",\n },\n })\n\n if (userInfoResponse.ok) {\n userInfo = await userInfoResponse.json().catch(() => null) as Record<string, unknown> | null\n }\n }\n\n const idTokenPayload = idToken ? decodeJwtPayload<Record<string, unknown>>(idToken) : null\n const accessTokenPayload = decodeJwtPayload<Record<string, unknown>>(accessToken)\n\n const subject = typeof userInfo?.sub === \"string\"\n ? userInfo.sub\n : typeof idTokenPayload?.sub === \"string\"\n ? idTokenPayload.sub\n : typeof accessTokenPayload?.sub === \"string\"\n ? accessTokenPayload.sub\n : \"\"\n\n if (!subject) {\n return { success: false, type: \"error\", error: \"missing_subject\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=missing_subject` }\n }\n\n const email = typeof userInfo?.email === \"string\"\n ? userInfo.email\n : typeof idTokenPayload?.email === \"string\"\n ? idTokenPayload.email\n : undefined\n\n const name = typeof userInfo?.name === \"string\"\n ? userInfo.name\n : typeof idTokenPayload?.name === \"string\"\n ? idTokenPayload.name\n : undefined\n\n let oauthUser: unknown = null\n if (oauthUserRaw) {\n try {\n oauthUser = JSON.parse(oauthUserRaw) as unknown\n } catch {\n oauthUser = null\n }\n }\n const oauthUserEmail = typeof (oauthUser as any)?.email === \"string\" ? String((oauthUser as any).email).trim() : \"\"\n const oauthUserNameFirst = typeof (oauthUser as any)?.name?.firstName === \"string\" ? String((oauthUser as any).name.firstName).trim() : \"\"\n const oauthUserNameLast = typeof (oauthUser as any)?.name?.lastName === \"string\" ? String((oauthUser as any).name.lastName).trim() : \"\"\n const oauthUserName = [oauthUserNameFirst, oauthUserNameLast].filter(Boolean).join(\" \").trim()\n\n const resolvedEmail = email ?? (oauthUserEmail || undefined)\n const resolvedName = name ?? (oauthUserName || undefined)\n\n const [User, Tenant] = await Promise.all([\n models.getGlobal(\"RBUser\", ctx),\n models.getGlobal(\"RBTenant\", ctx),\n ])\n\n const subjectQueryKey = `oauthProviders.${providerId}.subject`\n let user = await (User as any).findOne({ [subjectQueryKey]: subject })\n\n if (!user && resolvedEmail) {\n user = await (User as any).findOne({ email: resolvedEmail })\n }\n\n const shouldCreateUser = createUserOnFirstSignIn ?? true\n if (!user && !shouldCreateUser) {\n const redirectPath = missingUserRedirectPath\n\n const result: OAuthCallbackResult = {\n success: false,\n type: \"missing_user\",\n providerId,\n subject,\n email: resolvedEmail,\n name: resolvedName,\n }\n\n if (redirectPath && isSafeRedirectPath(redirectPath)) {\n const url = new URL(redirectPath, origin)\n url.searchParams.set(\"oauth_provider\", providerId)\n if (resolvedEmail) url.searchParams.set(\"email\", resolvedEmail)\n if (resolvedName) url.searchParams.set(\"name\", resolvedName)\n result.redirectPath = `${url.pathname}${url.search}`\n }\n\n return result\n }\n\n if (!ctx.req.session) {\n return { success: false, type: \"error\", error: \"session_unavailable\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=session_unavailable` }\n }\n\n const now = new Date()\n\n let providerCreatedAt: Date | undefined\n const oauthProvidersValue = user ? (user as any).oauthProviders : undefined\n if (oauthProvidersValue instanceof Map) {\n const existing = oauthProvidersValue.get(providerId)\n if (existing?.createdAt instanceof Date) providerCreatedAt = existing.createdAt\n } else if (oauthProvidersValue && typeof oauthProvidersValue === \"object\") {\n const existing = (oauthProvidersValue as any)[providerId]\n if (existing?.createdAt instanceof Date) providerCreatedAt = existing.createdAt\n }\n\n const oauthProviderPayload = {\n subject,\n email: resolvedEmail,\n name: resolvedName,\n accessToken,\n refreshToken,\n idToken,\n scope,\n tokenType,\n expiresAt,\n rawUserInfo: userInfo ?? undefined,\n createdAt: providerCreatedAt ?? now,\n updatedAt: now,\n }\n\n if (!user) {\n const tenantId = crypto.randomUUID()\n const password = await hashPasswordForStorage(crypto.randomBytes(32).toString(\"hex\"))\n\n user = new (User as any)({\n email: resolvedEmail,\n name: resolvedName,\n password,\n tenants: [tenantId],\n tenantRoles: {\n [tenantId]: [\"owner\"],\n },\n oauthProviders: {\n [providerId]: oauthProviderPayload,\n },\n })\n\n await user.save()\n\n try {\n await (Tenant as any).create({\n tenantId,\n name: resolvedEmail || subject,\n })\n } catch (err) {\n console.warn(\"oauth::failed_to_create_tenant\", err)\n }\n } else {\n const setFields: Record<string, unknown> = {\n [`oauthProviders.${providerId}`]: oauthProviderPayload,\n }\n\n if (!user.email && resolvedEmail) {\n setFields.email = resolvedEmail\n }\n\n if (!user.name && resolvedName) {\n setFields.name = resolvedName\n }\n\n await (User as any).updateOne({ _id: user._id }, { $set: setFields })\n }\n\n const tenantId = user.tenants?.[0]?.toString?.() || \"00000000\"\n const signedInTenants = (user.tenants || []).map((t: any) => t.toString?.() || String(t)) || [tenantId]\n\n const tenantRolesRaw = (user as unknown as { tenantRoles?: unknown }).tenantRoles\n const tenantRoles = tenantRolesRaw instanceof Map\n ? Object.fromEntries(tenantRolesRaw.entries())\n : tenantRolesRaw && typeof tenantRolesRaw === \"object\"\n ? tenantRolesRaw\n : undefined\n\n ctx.req.session.user = {\n id: user._id.toString(),\n currentTenantId: tenantId,\n signedInTenants: signedInTenants.length ? signedInTenants : [tenantId],\n isEntryGateAuthorized: true,\n tenantRoles,\n }\n\n try {\n if (OAuthRequestModel) {\n await OAuthRequestModel.deleteOne({ _id: state, providerId })\n }\n } catch (err) {\n console.warn(\"oauth::failed_to_delete_request\", err)\n }\n\n try {\n ;(ctx.res as any).clearCookie(OAUTH_STATE_COOKIE_NAME, {\n httpOnly: true,\n secure: isHttps,\n sameSite: isHttps ? \"none\" : \"lax\",\n path: callbackPath,\n })\n } catch (err) {\n console.warn(\"oauth::failed_to_clear_state_cookie\", err)\n }\n\n const redirectPath = returnTo && isSafeRedirectPath(returnTo)\n ? returnTo\n : successRedirectPath && isSafeRedirectPath(successRedirectPath)\n ? successRedirectPath\n : OAUTH_SUCCESS_REDIRECT_PATH\n\n return {\n success: true,\n type: \"signed_in\",\n redirectPath,\n userId: user._id.toString(),\n tenantId,\n signedInTenants: signedInTenants.length ? signedInTenants : [tenantId],\n }\n}\n\nexport const createOAuthStartHandler = ({\n providerId,\n getAuthorizationParams,\n}: {\n providerId?: string\n getAuthorizationParams?: (providerId: string) => Record<string, string> | undefined\n} = {}): ApiHandler<any, { success: boolean; error?: string }, any> => async (\n _payload,\n ctx,\n) => {\n const resolvedProviderId = resolveProviderId(ctx, providerId)\n const providerAuthorizationParams = resolvedProviderId && getAuthorizationParams\n ? getAuthorizationParams(resolvedProviderId)\n : undefined\n const returnTo = getQueryString(ctx.req.query?.returnTo)?.trim()\n const result = await getOAuthStartRedirectUrl({\n ctx,\n providerId: resolvedProviderId,\n returnTo,\n authorizationParams: providerAuthorizationParams,\n })\n\n if (!result.success) {\n ctx.res.status(result.statusCode)\n return { success: false, error: result.error }\n }\n\n ctx.res.redirect(result.redirectUrl)\n return { success: true }\n}\n\nexport const createOAuthCallbackHandler = ({\n providerId,\n createUserOnFirstSignIn,\n missingUserRedirectPath,\n successRedirectPath,\n}: {\n providerId?: string\n createUserOnFirstSignIn?: boolean\n missingUserRedirectPath?: string\n successRedirectPath?: string\n} = {}): ApiHandler<any, { success: boolean; error?: string }, any> => async (\n _payload,\n ctx,\n) => {\n const result = await processOAuthCallback({\n ctx,\n providerId,\n createUserOnFirstSignIn,\n missingUserRedirectPath,\n successRedirectPath,\n })\n\n if (result.type === \"error\") {\n ctx.res.redirect(result.redirectPath)\n return { success: false, error: result.error }\n }\n\n if (result.type === \"missing_user\") {\n if (result.redirectPath) {\n ctx.res.redirect(result.redirectPath)\n } else {\n ctx.res.redirect(\"/auth/sign-up\")\n }\n return { success: false, error: \"user_not_found\" }\n }\n\n ctx.res.redirect(result.redirectPath)\n return { success: true }\n}\n\nconst base64UrlEncode = (input: Buffer | string) =>\n Buffer.from(input)\n .toString(\"base64\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/g, \"\")\n\nexport const createAppleClientSecret = ({\n teamId,\n clientId,\n keyId,\n privateKeyPem,\n now = new Date(),\n expiresInSeconds = 10 * 60,\n}: {\n teamId: string\n clientId: string\n keyId: string\n privateKeyPem: string\n now?: Date\n expiresInSeconds?: number\n}) => {\n const teamIdValue = teamId.trim()\n const clientIdValue = clientId.trim()\n const keyIdValue = keyId.trim()\n const privateKeyPemValue = privateKeyPem.trim()\n\n if (!teamIdValue) throw new Error(\"teamId is required\")\n if (!clientIdValue) throw new Error(\"clientId is required\")\n if (!keyIdValue) throw new Error(\"keyId is required\")\n if (!privateKeyPemValue) throw new Error(\"privateKeyPem is required\")\n\n const nowSeconds = Math.floor(now.getTime() / 1000)\n const expiresIn = Number.isFinite(expiresInSeconds) ? expiresInSeconds : 10 * 60\n const exp = nowSeconds + Math.max(60, Math.min(expiresIn, 60 * 60 * 24 * 180))\n\n const header = { alg: \"ES256\", kid: keyIdValue, typ: \"JWT\" }\n const payload = {\n iss: teamIdValue,\n iat: nowSeconds,\n exp,\n aud: \"https://appleid.apple.com\",\n sub: clientIdValue,\n }\n\n const signingInput = `${base64UrlEncode(JSON.stringify(header))}.${base64UrlEncode(JSON.stringify(payload))}`\n const signature = crypto.sign(\"sha256\", Buffer.from(signingInput), {\n key: privateKeyPemValue,\n dsaEncoding: \"ieee-p1363\",\n })\n\n return `${signingInput}.${base64UrlEncode(signature)}`\n}\n"],"names":["isSafeRedirectPath","base64UrlEncode","redirectPath","tenantId"],"mappings":";;;AAcA,MAAM,YAAY,uBAAO,IAAI,8BAA8B;AAE3D,MAAM,WAAW,MAA2B;AAC1C,QAAM,YAAY;AAClB,QAAM,WAAW,UAAU,SAAS;AACpC,MAAI,YAAY,OAAO,aAAa,YAAY,SAAS,aAAa,OAAO,SAAS,cAAc,UAAU;AAC5G,WAAO;AAAA,EACT;AAEA,QAAM,UAA+B,EAAE,WAAW,GAAC;AACnD,YAAU,SAAS,IAAI;AACvB,SAAO;AACT;AAEA,MAAM,qBAAqB,CAAC,cAAyE;AACnG,QAAM,SAA+B,CAAA;AAErC,QAAMA,sBAAqB,CAAC,cAAsB;AAChD,QAAI,CAAC,UAAU,WAAW,GAAG,EAAG,QAAO;AACvC,QAAI,UAAU,WAAW,IAAI,EAAG,QAAO;AACvC,WAAO;AAAA,EACT;AAEA,aAAW,CAAC,eAAe,KAAK,KAAK,OAAO,QAAQ,SAAS,GAAG;AAC9D,UAAM,aAAa,cAAc,KAAA;AACjC,QAAI,CAAC,WAAY;AAEjB,UAAM,SAAS,OAAO,OAAO,WAAW,WAAW,MAAM,OAAO,SAAS;AACzE,UAAM,WAAW,OAAO,OAAO,aAAa,WAAW,MAAM,SAAS,SAAS;AAC/E,QAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,mBAAmB,UAAU,kBAAkB;AAC5E,QAAI,CAAC,SAAU,OAAM,IAAI,MAAM,mBAAmB,UAAU,oBAAoB;AAEhF,UAAM,eAAe,OAAO,OAAO,iBAAiB,YAAY,MAAM,aAAa,KAAA,IAC/E,MAAM,eACN;AAEJ,UAAM,QAAQ,OAAO,OAAO,UAAU,WAAW,MAAM,MAAM,SAAS;AACtE,QAAI,CAAC,MAAO,OAAM,IAAI,MAAM,mBAAmB,UAAU,iBAAiB;AAE1E,UAAM,eAAe,OAAO,OAAO,iBAAiB,WAChD,MAAM,aAAa,SACnB;AACJ,QAAI,CAAC,aAAc,OAAM,IAAI,MAAM,mBAAmB,UAAU,wBAAwB;AACxF,QAAI,CAACA,oBAAmB,YAAY,SAAS,IAAI,MAAM,mBAAmB,UAAU,4BAA4B;AAEhH,WAAO,UAAU,IAAI;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IAAA;AAAA,EAEJ;AAEA,SAAO;AACT;AAEO,MAAM,0BAA0B,CAAC,cAAmD;AACzF,QAAM,QAAQ,SAAA;AACd,QAAM,aAAa,mBAAmB,SAAS;AAC/C,QAAM,YAAY,EAAE,GAAG,MAAM,WAAW,GAAG,WAAA;AAC7C;AAEO,MAAM,oBAAoB,CAAC,cAAmD;AACnF,QAAM,QAAQ,SAAA;AACd,QAAM,YAAY,mBAAmB,SAAS;AAChD;AAEO,MAAM,yBAAyB,CAAC,eAAmD;AACxF,QAAM,QAAQ,SAAA;AACd,SAAO,MAAM,UAAU,UAAU,KAAK;AACxC;ACrFA,MAAM,kBAAkB,CAAC,UAAkB;AACzC,QAAM,SAAS,MAAM,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG,IAAI,MAAM,OAAO,MAAM,SAAS,KAAK,CAAC;AAC/F,SAAO,OAAO,KAAK,QAAQ,QAAQ,EAAE,SAAS,MAAM;AACtD;AAEO,MAAM,mBAAmB,CAA8B,UAA4B;AACxF,QAAM,QAAQ,MAAM,MAAM,GAAG;AAC7B,MAAI,MAAM,SAAS,EAAG,QAAO;AAE7B,MAAI;AACF,UAAM,OAAO,gBAAgB,MAAM,CAAC,CAAC;AACrC,UAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,QAAI,CAAC,UAAU,OAAO,WAAW,SAAU,QAAO;AAClD,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;ACTA,MAAM,4BAAY,IAAA;AAElB,MAAM,kBAAkB,CAAC,QAAgB,IAAI,OAAO,QAAQ,QAAQ,EAAE;AAE/D,MAAM,mBAAmB,OAAO,cAA8C;AACnF,QAAM,SAAS,gBAAgB,SAAS;AACxC,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,QAAM,WAAW,MAAM,IAAI,MAAM;AACjC,MAAI,UAAU;AACZ,WAAO;AAAA,EACT;AAEA,QAAM,UAAU,YAAY;AAC1B,UAAM,MAAM,IAAI,IAAI,qCAAqC,MAAM;AAC/D,UAAM,WAAW,MAAM,MAAM,KAAK,EAAE,SAAS,EAAE,QAAQ,mBAAA,GAAsB;AAC7E,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,OAAO,MAAM,SAAS,OAAO,MAAM,MAAM,EAAE;AACjD,YAAM,IAAI,MAAM,4CAA4C,SAAS,MAAM,IAAI,IAAI,EAAE;AAAA,IACvF;AAEA,UAAM,OAAO,MAAM,SAAS,OAAO,MAAM,MAAM,IAAI;AACnD,QAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,YAAM,IAAI,MAAM,iCAAiC;AAAA,IACnD;AAEA,UAAM,wBAAwB,OAAO,KAAK,2BAA2B,WACjE,KAAK,yBACL;AACJ,UAAM,gBAAgB,OAAO,KAAK,mBAAmB,WACjD,KAAK,iBACL;AACJ,UAAM,cAAc,OAAO,KAAK,WAAW,WAAW,KAAK,SAAS;AACpE,UAAM,mBAAmB,OAAO,KAAK,sBAAsB,WAAW,KAAK,oBAAoB;AAC/F,UAAM,UAAU,OAAO,KAAK,aAAa,WAAW,KAAK,WAAW;AAEpE,QAAI,CAAC,yBAAyB,CAAC,eAAe;AAC5C,YAAM,IAAI,MAAM,oDAAoD;AAAA,IACtE;AAEA,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,wBAAwB;AAAA,MACxB,gBAAgB;AAAA,MAChB,mBAAmB;AAAA,MACnB,UAAU;AAAA,IAAA;AAAA,EAEd,GAAA;AAEA,QAAM,IAAI,QAAQ,MAAM;AAExB,MAAI;AACF,WAAO,MAAM;AAAA,EACf,SAAS,KAAK;AACZ,UAAM,OAAO,MAAM;AACnB,UAAM;AAAA,EACR;AACF;AChEO,MAAMC,oBAAkB,CAAC,UAAkB,MAC/C,SAAS,QAAQ,EACjB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,QAAQ,EAAE;AAEd,MAAM,mBAAmB,MAAM;AACpC,QAAM,WAAWA,kBAAgB,OAAO,YAAY,EAAE,CAAC;AACvD,QAAM,YAAYA,kBAAgB,OAAO,WAAW,QAAQ,EAAE,OAAO,QAAQ,EAAE,QAAQ;AAEvF,SAAO,EAAE,UAAU,UAAA;AACrB;ACdA,MAAM,gBAAgB,oBAAI,IAAI,CAAC,aAAa,aAAa,aAAa,CAAC;AAEhE,MAAM,wBAAwB,CAAC,UAAkB;AACtD,QAAM,aAAa,MAAM,KAAA;AACzB,MAAI,CAAC,WAAY,QAAO;AACxB,MAAI,WAAW,SAAS,IAAK,QAAO;AACpC,MAAI,cAAc,IAAI,UAAU,EAAG,QAAO;AAC1C,SAAO,mBAAmB,KAAK,UAAU;AAC3C;ACKA,MAAM,uBAAuB,KAAK,KAAK;AACvC,MAAM,0BAA0B;AAEhC,MAAM,iBAAiB,CAAC,UAAmB;AACzC,MAAI,OAAO,UAAU,SAAU,QAAO;AACtC,MAAI,MAAM,QAAQ,KAAK,KAAK,OAAO,MAAM,CAAC,MAAM,SAAU,QAAO,MAAM,CAAC;AACxE,SAAO;AACT;AAEA,MAAM,iBAAiB,CAAC,KAAe,SAAgC;AACrE,QAAM,SAAS,IAAI,IAAI,SAAS;AAChC,MAAI,OAAO,WAAW,YAAY,CAAC,OAAQ,QAAO;AAElD,aAAW,QAAQ,OAAO,MAAM,GAAG,GAAG;AACpC,UAAM,CAAC,QAAQ,GAAG,IAAI,IAAI,KAAK,MAAM,GAAG;AACxC,UAAM,MAAM,QAAQ,KAAA;AACpB,QAAI,CAAC,OAAO,QAAQ,KAAM;AAC1B,UAAM,WAAW,KAAK,KAAK,GAAG,EAAE,KAAA;AAChC,QAAI,CAAC,SAAU,QAAO;AACtB,QAAI;AACF,aAAO,mBAAmB,QAAQ;AAAA,IACpC,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAEA,MAAM,qBAAqB,CAAC,cAAsB;AAChD,MAAI,CAAC,UAAU,WAAW,GAAG,EAAG,QAAO;AACvC,MAAI,UAAU,WAAW,IAAI,EAAG,QAAO;AACvC,SAAO;AACT;AAEA,MAAM,mBAAmB,CAAC,QAAkB;AAC1C,QAAM,cAAc,IAAI,IAAI,QAAQ,mBAAmB;AACvD,QAAM,aAAa,IAAI,IAAI,QAAQ,kBAAkB;AAErD,QAAM,WAAW,OAAO,gBAAgB,WACpC,YAAY,MAAM,GAAG,EAAE,CAAC,EAAE,KAAA,IAC1B,IAAI,IAAI;AAEZ,QAAM,OAAO,OAAO,eAAe,WAC/B,WAAW,MAAM,GAAG,EAAE,CAAC,EAAE,KAAA,IACzB,IAAI,IAAI,IAAI,MAAM;AAEtB,SAAO,YAAY,OAAO,GAAG,QAAQ,MAAM,IAAI,KAAK;AACtD;AAEA,MAAM,sBAAsB,CAAC,iBAAyB;AACpD,QAAM,UAAU,aAAa,KAAA;AAC7B,SAAO,WAAW,mBAAmB,OAAO,IAAI,UAAU;AAC5D;AAEA,MAAM,eAAe,OAAO,QAC1B,MAAM,IAAI,QAAgB,CAAC,SAAS,WAAW;AAC7C,MAAI,OAAO;AACX,MAAI,OAAO,IAAI,gBAAgB,YAAY;AACzC,QAAI,YAAY,MAAM;AAAA,EACxB;AAEA,MAAI,GAAG,QAAQ,CAAC,UAAkB;AAChC,YAAQ;AACR,QAAI,KAAK,SAAS,OAAQ;AACxB,aAAO,IAAI,MAAM,wBAAwB,CAAC;AAAA,IAC5C;AAAA,EACF,CAAC;AACD,MAAI,GAAG,OAAO,MAAM,QAAQ,IAAI,CAAC;AACjC,MAAI,GAAG,SAAS,MAAM;AACxB,CAAC;AAEH,MAAM,oBAAoB,OAAO,QAA0D;AACzF,MAAI,IAAI,IAAI,WAAW,OAAQ,QAAO;AAEtC,QAAM,cAAc,OAAO,IAAI,IAAI,QAAQ,cAAc,MAAM,WAAW,IAAI,IAAI,QAAQ,cAAc,IAAI;AAC5G,MAAI,CAAC,YAAY,SAAS,mCAAmC,EAAG,QAAO;AAEvE,QAAM,OAAO,MAAM,aAAa,IAAI,GAAU;AAC9C,QAAM,SAAS,IAAI,gBAAgB,IAAI;AAEvC,QAAM,SAAiC,CAAA;AACvC,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,WAAW;AAC3C,WAAO,GAAG,IAAI;AAAA,EAChB;AAEA,SAAO;AACT;AAEA,MAAM,oBAAoB,CAAC,KAAe,wBACvC,sBAAsB,OAAO,IAAI,IAAI,QAAQ,YAAY,EAAE,GAAG,KAAA;AAEjE,MAAM,2BAA2B,oBAAI,IAAI,CAAC,aAAa,aAAa,aAAa,CAAC;AAElF,MAAM,+BAA+B,CAAC,UAAuD;AAC3F,MAAI,CAAC,SAAS,OAAO,UAAU,YAAY,MAAM,QAAQ,KAAK,EAAG,QAAO;AAExE,QAAM,SAAiC,CAAA;AACvC,aAAW,CAAC,QAAQ,QAAQ,KAAK,OAAO,QAAQ,KAAK,GAAG;AACtD,UAAM,MAAM,OAAO,KAAA;AACnB,QAAI,CAAC,IAAK;AACV,QAAI,yBAAyB,IAAI,GAAG,EAAG;AACvC,UAAM,MAAM,OAAO,aAAa,WAAW,SAAS,SAAS;AAC7D,QAAI,CAAC,IAAK;AACV,WAAO,GAAG,IAAI;AAAA,EAChB;AAEA,SAAO,OAAO,KAAK,MAAM,EAAE,SAAS,SAAS;AAC/C;AAMO,MAAM,2BAA2B,OAAO;AAAA,EAC7C;AAAA,EACA,YAAY;AAAA,EACZ;AAAA,EACA;AACF,MAKiC;AAC/B,QAAM,aAAa,kBAAkB,KAAK,kBAAkB;AAC5D,MAAI,CAAC,YAAY;AACf,WAAO,EAAE,SAAS,OAAO,OAAO,oBAAoB,YAAY,IAAA;AAAA,EAClE;AAEA,MAAI,CAAC,sBAAsB,UAAU,GAAG;AACtC,WAAO,EAAE,SAAS,OAAO,OAAO,oBAAoB,YAAY,IAAA;AAAA,EAClE;AAEA,QAAM,WAAW,uBAAuB,UAAU;AAClD,MAAI,CAAC,UAAU;AACb,WAAO,EAAE,SAAS,OAAO,OAAO,oBAAoB,YAAY,IAAA;AAAA,EAClE;AAEA,QAAM,SAAS,iBAAiB,GAAG;AACnC,MAAI,CAAC,QAAQ;AACX,WAAO,EAAE,SAAS,OAAO,OAAO,sBAAsB,YAAY,IAAA;AAAA,EACpE;AACA,QAAM,UAAU,OAAO,WAAW,UAAU;AAE5C,QAAM,eAAe,oBAAoB,SAAS,YAAY;AAC9D,MAAI,CAAC,cAAc;AACjB,WAAO,EAAE,SAAS,OAAO,OAAO,yBAAyB,YAAY,IAAA;AAAA,EACvE;AAEA,QAAM,QAAQ,OAAO,YAAY,EAAE,EAAE,SAAS,KAAK;AACnD,QAAM,EAAE,UAAU,UAAA,IAAc,iBAAA;AAEhC,QAAM,eAAe,OAAO,aAAa,YAAY,mBAAmB,QAAQ,IAAI,WAAW;AAE/F,MAAI;AACF,UAAM,eAAe,MAAM,OAAO,UAAU,kBAAkB,GAAG;AACjE,UAAM,0BAAU,KAAA;AAChB,UAAM,aAAa,OAAO;AAAA,MACxB,KAAK;AAAA,MACL;AAAA,MACA,cAAc;AAAA,MACd,UAAU;AAAA,MACV,WAAW;AAAA,MACX,WAAW,IAAI,KAAK,IAAI,QAAA,IAAY,oBAAoB;AAAA,IAAA,CACzD;AAAA,EACH,SAAS,KAAK;AACZ,YAAQ,KAAK,kCAAkC,GAAG;AAClD,WAAO,EAAE,SAAS,OAAO,OAAO,8BAA8B,YAAY,IAAA;AAAA,EAC5E;AAEA,MAAI;AACF;AAAE,QAAI,IAAY,OAAO,yBAAyB,GAAG,UAAU,IAAI,KAAK,IAAI;AAAA,MAC1E,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU,UAAU,SAAS;AAAA,MAC7B,MAAM;AAAA,MACN,QAAQ;AAAA,IAAA,CACT;AAAA,EACH,SAAS,KAAK;AACZ,YAAQ,KAAK,qCAAqC,GAAG;AACrD,WAAO,EAAE,SAAS,OAAO,OAAO,2BAA2B,YAAY,IAAA;AAAA,EACzE;AAEA,QAAM,OAAO,MAAM,iBAAiB,SAAS,MAAM;AACnD,QAAM,cAAc,GAAG,MAAM,GAAG,YAAY;AAE5C,QAAM,MAAM,IAAI,IAAI,KAAK,sBAAsB;AAC/C,MAAI,aAAa,IAAI,aAAa,SAAS,QAAQ;AACnD,MAAI,aAAa,IAAI,gBAAgB,WAAW;AAChD,MAAI,aAAa,IAAI,iBAAiB,MAAM;AAC5C,MAAI,aAAa,IAAI,SAAS,SAAS,KAAK;AAC5C,MAAI,aAAa,IAAI,SAAS,KAAK;AACnC,MAAI,aAAa,IAAI,kBAAkB,SAAS;AAChD,MAAI,aAAa,IAAI,yBAAyB,MAAM;AACpD,QAAM,2BAA2B,6BAA6B,mBAAmB;AACjF,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,4BAA4B,CAAA,CAAE,GAAG;AACzE,QAAI,IAAI,aAAa,IAAI,GAAG,EAAG;AAC/B,QAAI,aAAa,IAAI,KAAK,KAAK;AAAA,EACjC;AAEA,SAAO,EAAE,SAAS,MAAM,aAAa,IAAI,WAAS;AACpD;AA2BA,MAAM,8BAA8B;AACpC,MAAM,2BAA2B;AAE1B,MAAM,uBAAuB,OAAO;AAAA,EACzC;AAAA,EACA,YAAY;AAAA,EACZ;AAAA,EACA;AAAA,EACA;AACF,MAMoC;AAClC,QAAM,aAAa,kBAAkB,KAAK,kBAAkB;AAC5D,MAAI,CAAC,YAAY;AACf,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,oBAAoB,cAAc,GAAG,wBAAwB,0BAAA;AAAA,EAC9G;AAEA,MAAI,CAAC,sBAAsB,UAAU,GAAG;AACtC,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,oBAAoB,cAAc,GAAG,wBAAwB,0BAAA;AAAA,EAC9G;AAEA,QAAM,WAAW,uBAAuB,UAAU;AAClD,MAAI,CAAC,UAAU;AACb,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,oBAAoB,cAAc,GAAG,wBAAwB,0BAAA;AAAA,EAC9G;AAEA,QAAM,SAAS,iBAAiB,GAAG;AACnC,MAAI,CAAC,QAAQ;AACX,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,sBAAsB,cAAc,GAAG,wBAAwB,4BAAA;AAAA,EAChH;AACA,QAAM,UAAU,OAAO,WAAW,UAAU;AAE5C,QAAM,eAAe,oBAAoB,SAAS,YAAY;AAC9D,MAAI,CAAC,cAAc;AACjB,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,yBAAyB,cAAc,GAAG,wBAAwB,+BAAA;AAAA,EACnH;AAEA,QAAM,aAAa,MAAM,kBAAkB,GAAG;AAE9C,QAAM,QAAQ,eAAe,YAAY,IAAI,KAAK,eAAe,IAAI,IAAI,OAAO,IAAI,IAAI,KAAA,KAAU;AAClG,QAAM,SAAS,eAAe,YAAY,KAAK,KAAK,eAAe,IAAI,IAAI,OAAO,KAAK,IAAI,KAAA,KAAU;AACrG,QAAM,gBAAgB,eAAe,YAAY,IAAI,KAAK,eAAe,IAAI,IAAI,OAAO,IAAI,IAAI,KAAA,KAAU;AAE1G,MAAI,CAAC,QAAQ,CAAC,OAAO;AACnB,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,yBAAyB,cAAc,GAAG,wBAAwB,+BAAA;AAAA,EACnH;AAEA,QAAM,mBAAmB,eAAe,KAAK,uBAAuB;AACpE,MAAI,qBAAqB,GAAG,UAAU,IAAI,KAAK,IAAI;AACjD,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,iBAAiB,cAAc,GAAG,wBAAwB,uBAAA;AAAA,EAC3G;AAEA,MAAI,eAAoB;AACxB,MAAI,oBAAyB;AAC7B,MAAI;AACF,wBAAoB,MAAM,OAAO,UAAU,kBAAkB,GAAG;AAChE,mBAAe,MAAM,kBAAkB,QAAQ,EAAE,KAAK,OAAO,YAAY,EAAE,KAAA;AAAA,EAC7E,SAAS,KAAK;AACZ,YAAQ,KAAK,iCAAiC,GAAG;AACjD,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,6BAA6B,cAAc,GAAG,wBAAwB,mCAAA;AAAA,EACvH;AAEA,MAAI,CAAC,cAAc;AACjB,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,iBAAiB,cAAc,GAAG,wBAAwB,uBAAA;AAAA,EAC3G;AAEA,QAAM,WAAW,OAAO,aAAa,aAAa,WAAW,aAAa,WAAW;AACrF,QAAM,eAAe,OAAO,aAAa,iBAAiB,WAAW,aAAa,eAAe;AACjG,MAAI,CAAC,cAAc;AACjB,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,yBAAyB,cAAc,GAAG,wBAAwB,+BAAA;AAAA,EACnH;AAEA,QAAM,OAAO,MAAM,iBAAiB,SAAS,MAAM;AACnD,QAAM,cAAc,GAAG,MAAM,GAAG,YAAY;AAE5C,QAAM,YAAY,IAAI,gBAAA;AACtB,YAAU,IAAI,cAAc,oBAAoB;AAChD,YAAU,IAAI,QAAQ,IAAI;AAC1B,YAAU,IAAI,gBAAgB,WAAW;AACzC,YAAU,IAAI,aAAa,SAAS,QAAQ;AAC5C,YAAU,IAAI,iBAAiB,YAAY;AAC3C,MAAI,SAAS,cAAc;AACzB,cAAU,IAAI,iBAAiB,SAAS,YAAY;AAAA,EACtD;AAEA,QAAM,gBAAgB,MAAM,MAAM,KAAK,gBAAgB;AAAA,IACrD,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,gBAAgB;AAAA,MAChB,QAAQ;AAAA,IAAA;AAAA,IAEV,MAAM,UAAU,SAAA;AAAA,EAAS,CAC1B;AAED,QAAM,YAAY,MAAM,cAAc,OAAO,MAAM,MAAM,IAAI;AAE7D,MAAI,CAAC,cAAc,MAAM,CAAC,aAAa,OAAO,cAAc,UAAU;AACpE,UAAM,OAAO,YAAY,KAAK,UAAU,SAAS,IAAI;AACrD,YAAQ,KAAK,gCAAgC,cAAc,QAAQ,IAAI;AACvE,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,yBAAyB,cAAc,GAAG,wBAAwB,+BAAA;AAAA,EACnH;AAEA,QAAM,cAAc,OAAO,UAAU,iBAAiB,WAAW,UAAU,eAAe;AAC1F,QAAM,eAAe,OAAO,UAAU,kBAAkB,WAAW,UAAU,gBAAgB;AAC7F,QAAM,UAAU,OAAO,UAAU,aAAa,WAAW,UAAU,WAAW;AAC9E,QAAM,QAAQ,OAAO,UAAU,UAAU,WAAW,UAAU,QAAQ;AACtE,QAAM,YAAY,OAAO,UAAU,eAAe,WAAW,UAAU,aAAa;AACpF,QAAM,YAAY,OAAO,UAAU,eAAe,WAC9C,UAAU,aACV,OAAO,UAAU,eAAe,WAC9B,OAAO,UAAU,UAAU,IAC3B;AACN,QAAM,mBAAmB,OAAO,cAAc,YAAY,OAAO,SAAS,SAAS,IAAI,YAAY;AACnG,QAAM,YAAY,qBAAqB,OAAO,IAAI,KAAK,KAAK,QAAQ,mBAAmB,GAAI,IAAI;AAE/F,MAAI,WAA2C;AAE/C,MAAI,KAAK,qBAAqB,aAAa;AACzC,UAAM,mBAAmB,MAAM,MAAM,KAAK,mBAAmB;AAAA,MAC3D,SAAS;AAAA,QACP,eAAe,UAAU,WAAW;AAAA,QACpC,QAAQ;AAAA,MAAA;AAAA,IACV,CACD;AAED,QAAI,iBAAiB,IAAI;AACvB,iBAAW,MAAM,iBAAiB,KAAA,EAAO,MAAM,MAAM,IAAI;AAAA,IAC3D;AAAA,EACF;AAEA,QAAM,iBAAiB,UAAU,iBAA0C,OAAO,IAAI;AACtF,QAAM,qBAAqB,iBAA0C,WAAW;AAEhF,QAAM,UAAU,OAAO,UAAU,QAAQ,WACrC,SAAS,MACT,OAAO,gBAAgB,QAAQ,WAC7B,eAAe,MACf,OAAO,oBAAoB,QAAQ,WACjC,mBAAmB,MACnB;AAER,MAAI,CAAC,SAAS;AACZ,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,mBAAmB,cAAc,GAAG,wBAAwB,yBAAA;AAAA,EAC7G;AAEA,QAAM,QAAQ,OAAO,UAAU,UAAU,WACrC,SAAS,QACT,OAAO,gBAAgB,UAAU,WAC/B,eAAe,QACf;AAEN,QAAM,OAAO,OAAO,UAAU,SAAS,WACnC,SAAS,OACT,OAAO,gBAAgB,SAAS,WAC9B,eAAe,OACf;AAEN,MAAI,YAAqB;AACzB,MAAI,cAAc;AAChB,QAAI;AACF,kBAAY,KAAK,MAAM,YAAY;AAAA,IACrC,QAAQ;AACN,kBAAY;AAAA,IACd;AAAA,EACF;AACA,QAAM,iBAAiB,OAAQ,WAAmB,UAAU,WAAW,OAAQ,UAAkB,KAAK,EAAE,KAAA,IAAS;AACjH,QAAM,qBAAqB,OAAQ,WAAmB,MAAM,cAAc,WAAW,OAAQ,UAAkB,KAAK,SAAS,EAAE,KAAA,IAAS;AACxI,QAAM,oBAAoB,OAAQ,WAAmB,MAAM,aAAa,WAAW,OAAQ,UAAkB,KAAK,QAAQ,EAAE,KAAA,IAAS;AACrI,QAAM,gBAAgB,CAAC,oBAAoB,iBAAiB,EAAE,OAAO,OAAO,EAAE,KAAK,GAAG,EAAE,KAAA;AAExF,QAAM,gBAAgB,UAAU,kBAAkB;AAClD,QAAM,eAAe,SAAS,iBAAiB;AAE/C,QAAM,CAAC,MAAM,MAAM,IAAI,MAAM,QAAQ,IAAI;AAAA,IACvC,OAAO,UAAU,UAAU,GAAG;AAAA,IAC9B,OAAO,UAAU,YAAY,GAAG;AAAA,EAAA,CACjC;AAED,QAAM,kBAAkB,kBAAkB,UAAU;AACpD,MAAI,OAAO,MAAO,KAAa,QAAQ,EAAE,CAAC,eAAe,GAAG,SAAS;AAErE,MAAI,CAAC,QAAQ,eAAe;AAC1B,WAAO,MAAO,KAAa,QAAQ,EAAE,OAAO,eAAe;AAAA,EAC7D;AAEA,QAAM,mBAAmB,2BAA2B;AACpD,MAAI,CAAC,QAAQ,CAAC,kBAAkB;AAC9B,UAAMC,gBAAe;AAErB,UAAM,SAA8B;AAAA,MAClC,SAAS;AAAA,MACT,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA,OAAO;AAAA,MACP,MAAM;AAAA,IAAA;AAGR,QAAIA,iBAAgB,mBAAmBA,aAAY,GAAG;AACpD,YAAM,MAAM,IAAI,IAAIA,eAAc,MAAM;AACxC,UAAI,aAAa,IAAI,kBAAkB,UAAU;AACjD,UAAI,cAAe,KAAI,aAAa,IAAI,SAAS,aAAa;AAC9D,UAAI,aAAc,KAAI,aAAa,IAAI,QAAQ,YAAY;AAC3D,aAAO,eAAe,GAAG,IAAI,QAAQ,GAAG,IAAI,MAAM;AAAA,IACpD;AAEA,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,IAAI,IAAI,SAAS;AACpB,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,uBAAuB,cAAc,GAAG,wBAAwB,6BAAA;AAAA,EACjH;AAEA,QAAM,0BAAU,KAAA;AAEhB,MAAI;AACJ,QAAM,sBAAsB,OAAQ,KAAa,iBAAiB;AAClE,MAAI,+BAA+B,KAAK;AACtC,UAAM,WAAW,oBAAoB,IAAI,UAAU;AACnD,QAAI,UAAU,qBAAqB,KAAM,qBAAoB,SAAS;AAAA,EACxE,WAAW,uBAAuB,OAAO,wBAAwB,UAAU;AACzE,UAAM,WAAY,oBAA4B,UAAU;AACxD,QAAI,UAAU,qBAAqB,KAAM,qBAAoB,SAAS;AAAA,EACxE;AAEA,QAAM,uBAAuB;AAAA,IAC3B;AAAA,IACA,OAAO;AAAA,IACP,MAAM;AAAA,IACN;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,aAAa,YAAY;AAAA,IACzB,WAAW,qBAAqB;AAAA,IAChC,WAAW;AAAA,EAAA;AAGb,MAAI,CAAC,MAAM;AACT,UAAMC,YAAW,OAAO,WAAA;AACxB,UAAM,WAAW,MAAM,uBAAuB,OAAO,YAAY,EAAE,EAAE,SAAS,KAAK,CAAC;AAEpF,WAAO,IAAK,KAAa;AAAA,MACvB,OAAO;AAAA,MACP,MAAM;AAAA,MACN;AAAA,MACA,SAAS,CAACA,SAAQ;AAAA,MAClB,aAAa;AAAA,QACX,CAACA,SAAQ,GAAG,CAAC,OAAO;AAAA,MAAA;AAAA,MAEtB,gBAAgB;AAAA,QACd,CAAC,UAAU,GAAG;AAAA,MAAA;AAAA,IAChB,CACD;AAED,UAAM,KAAK,KAAA;AAEX,QAAI;AACF,YAAO,OAAe,OAAO;AAAA,QAC3B,UAAAA;AAAAA,QACA,MAAM,iBAAiB;AAAA,MAAA,CACxB;AAAA,IACH,SAAS,KAAK;AACZ,cAAQ,KAAK,kCAAkC,GAAG;AAAA,IACpD;AAAA,EACF,OAAO;AACL,UAAM,YAAqC;AAAA,MACzC,CAAC,kBAAkB,UAAU,EAAE,GAAG;AAAA,IAAA;AAGpC,QAAI,CAAC,KAAK,SAAS,eAAe;AAChC,gBAAU,QAAQ;AAAA,IACpB;AAEA,QAAI,CAAC,KAAK,QAAQ,cAAc;AAC9B,gBAAU,OAAO;AAAA,IACnB;AAEA,UAAO,KAAa,UAAU,EAAE,KAAK,KAAK,OAAO,EAAE,MAAM,WAAW;AAAA,EACtE;AAEA,QAAM,WAAW,KAAK,UAAU,CAAC,GAAG,gBAAgB;AACpD,QAAM,mBAAmB,KAAK,WAAW,CAAA,GAAI,IAAI,CAAC,MAAW,EAAE,WAAA,KAAgB,OAAO,CAAC,CAAC,KAAK,CAAC,QAAQ;AAEtG,QAAM,iBAAkB,KAA8C;AACtE,QAAM,cAAc,0BAA0B,MAC1C,OAAO,YAAY,eAAe,QAAA,CAAS,IAC3C,kBAAkB,OAAO,mBAAmB,WAC1C,iBACA;AAEN,MAAI,IAAI,QAAQ,OAAO;AAAA,IACrB,IAAI,KAAK,IAAI,SAAA;AAAA,IACb,iBAAiB;AAAA,IACjB,iBAAiB,gBAAgB,SAAS,kBAAkB,CAAC,QAAQ;AAAA,IACrE,uBAAuB;AAAA,IACvB;AAAA,EAAA;AAGF,MAAI;AACF,QAAI,mBAAmB;AACrB,YAAM,kBAAkB,UAAU,EAAE,KAAK,OAAO,YAAY;AAAA,IAC9D;AAAA,EACF,SAAS,KAAK;AACZ,YAAQ,KAAK,mCAAmC,GAAG;AAAA,EACrD;AAEA,MAAI;AACF;AAAE,QAAI,IAAY,YAAY,yBAAyB;AAAA,MACrD,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU,UAAU,SAAS;AAAA,MAC7B,MAAM;AAAA,IAAA,CACP;AAAA,EACH,SAAS,KAAK;AACZ,YAAQ,KAAK,uCAAuC,GAAG;AAAA,EACzD;AAEA,QAAM,eAAe,YAAY,mBAAmB,QAAQ,IACxD,WACA,uBAAuB,mBAAmB,mBAAmB,IAC3D,sBACA;AAEN,SAAO;AAAA,IACL,SAAS;AAAA,IACT,MAAM;AAAA,IACN;AAAA,IACA,QAAQ,KAAK,IAAI,SAAA;AAAA,IACjB;AAAA,IACA,iBAAiB,gBAAgB,SAAS,kBAAkB,CAAC,QAAQ;AAAA,EAAA;AAEzE;AAEO,MAAM,0BAA0B,CAAC;AAAA,EACtC;AAAA,EACA;AACF,IAGI,CAAA,MAAmE,OACrE,UACA,QACG;AACH,QAAM,qBAAqB,kBAAkB,KAAK,UAAU;AAC5D,QAAM,8BAA8B,sBAAsB,yBACtD,uBAAuB,kBAAkB,IACzC;AACJ,QAAM,WAAW,eAAe,IAAI,IAAI,OAAO,QAAQ,GAAG,KAAA;AAC1D,QAAM,SAAS,MAAM,yBAAyB;AAAA,IAC5C;AAAA,IACA,YAAY;AAAA,IACZ;AAAA,IACA,qBAAqB;AAAA,EAAA,CACtB;AAED,MAAI,CAAC,OAAO,SAAS;AACnB,QAAI,IAAI,OAAO,OAAO,UAAU;AAChC,WAAO,EAAE,SAAS,OAAO,OAAO,OAAO,MAAA;AAAA,EACzC;AAEA,MAAI,IAAI,SAAS,OAAO,WAAW;AACnC,SAAO,EAAE,SAAS,KAAA;AACpB;AAEO,MAAM,6BAA6B,CAAC;AAAA,EACzC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,IAKI,CAAA,MAAmE,OACrE,UACA,QACG;AACH,QAAM,SAAS,MAAM,qBAAqB;AAAA,IACxC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EAAA,CACD;AAED,MAAI,OAAO,SAAS,SAAS;AAC3B,QAAI,IAAI,SAAS,OAAO,YAAY;AACpC,WAAO,EAAE,SAAS,OAAO,OAAO,OAAO,MAAA;AAAA,EACzC;AAEA,MAAI,OAAO,SAAS,gBAAgB;AAClC,QAAI,OAAO,cAAc;AACvB,UAAI,IAAI,SAAS,OAAO,YAAY;AAAA,IACtC,OAAO;AACL,UAAI,IAAI,SAAS,eAAe;AAAA,IAClC;AACA,WAAO,EAAE,SAAS,OAAO,OAAO,iBAAA;AAAA,EAClC;AAEA,MAAI,IAAI,SAAS,OAAO,YAAY;AACpC,SAAO,EAAE,SAAS,KAAA;AACpB;AAEA,MAAM,kBAAkB,CAAC,UACvB,OAAO,KAAK,KAAK,EACd,SAAS,QAAQ,EACjB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,QAAQ,EAAE;AAEhB,MAAM,0BAA0B,CAAC;AAAA,EACtC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,0BAAU,KAAA;AAAA,EACV,mBAAmB,KAAK;AAC1B,MAOM;AACJ,QAAM,cAAc,OAAO,KAAA;AAC3B,QAAM,gBAAgB,SAAS,KAAA;AAC/B,QAAM,aAAa,MAAM,KAAA;AACzB,QAAM,qBAAqB,cAAc,KAAA;AAEzC,MAAI,CAAC,YAAa,OAAM,IAAI,MAAM,oBAAoB;AACtD,MAAI,CAAC,cAAe,OAAM,IAAI,MAAM,sBAAsB;AAC1D,MAAI,CAAC,WAAY,OAAM,IAAI,MAAM,mBAAmB;AACpD,MAAI,CAAC,mBAAoB,OAAM,IAAI,MAAM,2BAA2B;AAEpE,QAAM,aAAa,KAAK,MAAM,IAAI,QAAA,IAAY,GAAI;AAClD,QAAM,YAAY,OAAO,SAAS,gBAAgB,IAAI,mBAAmB,KAAK;AAC9E,QAAM,MAAM,aAAa,KAAK,IAAI,IAAI,KAAK,IAAI,WAAW,KAAK,KAAK,KAAK,GAAG,CAAC;AAE7E,QAAM,SAAS,EAAE,KAAK,SAAS,KAAK,YAAY,KAAK,MAAA;AACrD,QAAM,UAAU;AAAA,IACd,KAAK;AAAA,IACL,KAAK;AAAA,IACL;AAAA,IACA,KAAK;AAAA,IACL,KAAK;AAAA,EAAA;AAGP,QAAM,eAAe,GAAG,gBAAgB,KAAK,UAAU,MAAM,CAAC,CAAC,IAAI,gBAAgB,KAAK,UAAU,OAAO,CAAC,CAAC;AAC3G,QAAM,YAAY,OAAO,KAAK,UAAU,OAAO,KAAK,YAAY,GAAG;AAAA,IACjE,KAAK;AAAA,IACL,aAAa;AAAA,EAAA,CACd;AAED,SAAO,GAAG,YAAY,IAAI,gBAAgB,SAAS,CAAC;AACtD;"}
|
|
1
|
+
{"version":3,"file":"index.js","sources":["../../src/oauth/config.ts","../../src/oauth/jwt.ts","../../src/oauth/oidc.ts","../../src/oauth/pkce.ts","../../src/oauth/providerId.ts","../../src/oauth/lib.ts"],"sourcesContent":["export type OAuthProviderConfig = {\n issuer: string\n clientId: string\n clientSecret?: string\n scope: string\n callbackPath: string\n}\n\ntype OAuthProvidersConfig = Record<string, OAuthProviderConfig>\n\ntype OAuthProvidersStore = {\n providers: OAuthProvidersConfig\n}\n\nconst STORE_KEY = Symbol.for(\"@rpcbase/auth/oauthProviders\")\n\nconst getStore = (): OAuthProvidersStore => {\n const anyGlobal = globalThis as unknown as Record<string | symbol, unknown>\n const existing = anyGlobal[STORE_KEY] as OAuthProvidersStore | undefined\n if (existing && typeof existing === \"object\" && existing.providers && typeof existing.providers === \"object\") {\n return existing\n }\n\n const created: OAuthProvidersStore = { providers: {} }\n anyGlobal[STORE_KEY] = created\n return created\n}\n\nconst normalizeProviders = (providers: Record<string, OAuthProviderConfig>): OAuthProvidersConfig => {\n const result: OAuthProvidersConfig = {}\n\n const isSafeRedirectPath = (candidate: string) => {\n if (!candidate.startsWith(\"/\")) return false\n if (candidate.startsWith(\"//\")) return false\n return true\n }\n\n for (const [providerIdRaw, value] of Object.entries(providers)) {\n const providerId = providerIdRaw.trim()\n if (!providerId) continue\n\n const issuer = typeof value?.issuer === \"string\" ? value.issuer.trim() : \"\"\n const clientId = typeof value?.clientId === \"string\" ? value.clientId.trim() : \"\"\n if (!issuer) throw new Error(`oauth provider \"${providerId}\" missing issuer`)\n if (!clientId) throw new Error(`oauth provider \"${providerId}\" missing clientId`)\n\n const clientSecret = typeof value?.clientSecret === \"string\" && value.clientSecret.trim()\n ? value.clientSecret\n : undefined\n\n const scope = typeof value?.scope === \"string\" ? value.scope.trim() : \"\"\n if (!scope) throw new Error(`oauth provider \"${providerId}\" missing scope`)\n\n const callbackPath = typeof value?.callbackPath === \"string\"\n ? value.callbackPath.trim()\n : \"\"\n if (!callbackPath) throw new Error(`oauth provider \"${providerId}\" missing callbackPath`)\n if (!isSafeRedirectPath(callbackPath)) throw new Error(`oauth provider \"${providerId}\" has invalid callbackPath`)\n\n result[providerId] = {\n issuer,\n clientId,\n clientSecret,\n scope,\n callbackPath,\n }\n }\n\n return result\n}\n\nexport const configureOAuthProviders = (providers: Record<string, OAuthProviderConfig>) => {\n const store = getStore()\n const normalized = normalizeProviders(providers)\n store.providers = { ...store.providers, ...normalized }\n}\n\nexport const setOAuthProviders = (providers: Record<string, OAuthProviderConfig>) => {\n const store = getStore()\n store.providers = normalizeProviders(providers)\n}\n\nexport const getOAuthProviderConfig = (providerId: string): OAuthProviderConfig | null => {\n const store = getStore()\n return store.providers[providerId] ?? null\n}\n","const decodeBase64Url = (value: string) => {\n const padded = value.replace(/-/g, \"+\").replace(/_/g, \"/\") + \"===\".slice((value.length + 3) % 4)\n return Buffer.from(padded, \"base64\").toString(\"utf8\")\n}\n\nexport const decodeJwtPayload = <T = Record<string, unknown>>(token: string): T | null => {\n const parts = token.split(\".\")\n if (parts.length < 2) return null\n\n try {\n const json = decodeBase64Url(parts[1])\n const parsed = JSON.parse(json) as T\n if (!parsed || typeof parsed !== \"object\") return null\n return parsed\n } catch {\n return null\n }\n}\n\n","export type OidcWellKnown = {\n issuer: string\n authorization_endpoint: string\n token_endpoint: string\n userinfo_endpoint?: string\n jwks_uri?: string\n}\n\nconst cache = new Map<string, Promise<OidcWellKnown>>()\n\nconst normalizeIssuer = (raw: string) => raw.trim().replace(/\\/+$/, \"\")\n\nexport const getOidcWellKnown = async (issuerRaw: string): Promise<OidcWellKnown> => {\n const issuer = normalizeIssuer(issuerRaw)\n if (!issuer) {\n throw new Error(\"OIDC issuer is required\")\n }\n\n const existing = cache.get(issuer)\n if (existing) {\n return existing\n }\n\n const loader = (async () => {\n const url = new URL(\"/.well-known/openid-configuration\", issuer)\n const response = await fetch(url, { headers: { Accept: \"application/json\" } })\n if (!response.ok) {\n const body = await response.text().catch(() => \"\")\n throw new Error(`Failed to fetch OIDC discovery document: ${response.status} ${body}`)\n }\n\n const json = await response.json().catch(() => null) as Partial<OidcWellKnown> | null\n if (!json || typeof json !== \"object\") {\n throw new Error(\"Invalid OIDC discovery document\")\n }\n\n const authorizationEndpoint = typeof json.authorization_endpoint === \"string\"\n ? json.authorization_endpoint\n : \"\"\n const tokenEndpoint = typeof json.token_endpoint === \"string\"\n ? json.token_endpoint\n : \"\"\n const issuerValue = typeof json.issuer === \"string\" ? json.issuer : issuer\n const userinfoEndpoint = typeof json.userinfo_endpoint === \"string\" ? json.userinfo_endpoint : undefined\n const jwksUri = typeof json.jwks_uri === \"string\" ? json.jwks_uri : undefined\n\n if (!authorizationEndpoint || !tokenEndpoint) {\n throw new Error(\"OIDC discovery document missing required endpoints\")\n }\n\n return {\n issuer: issuerValue,\n authorization_endpoint: authorizationEndpoint,\n token_endpoint: tokenEndpoint,\n userinfo_endpoint: userinfoEndpoint,\n jwks_uri: jwksUri,\n } satisfies OidcWellKnown\n })()\n\n cache.set(issuer, loader)\n\n try {\n return await loader\n } catch (err) {\n cache.delete(issuer)\n throw err\n }\n}\n\n","import crypto from \"crypto\"\n\n\nexport const base64UrlEncode = (input: Buffer) => input\n .toString(\"base64\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/g, \"\")\n\nexport const generatePkcePair = () => {\n const verifier = base64UrlEncode(crypto.randomBytes(32))\n const challenge = base64UrlEncode(crypto.createHash(\"sha256\").update(verifier).digest())\n\n return { verifier, challenge }\n}\n\n","const RESERVED_KEYS = new Set([\"__proto__\", \"prototype\", \"constructor\"])\n\nexport const isSafeOAuthProviderId = (value: string) => {\n const providerId = value.trim()\n if (!providerId) return false\n if (providerId.length > 128) return false\n if (RESERVED_KEYS.has(providerId)) return false\n return /^[a-zA-Z0-9_-]+$/.test(providerId)\n}\n\n","import crypto from \"crypto\"\n\nimport { ApiHandler, Ctx } from \"@rpcbase/api\"\nimport { models } from \"@rpcbase/db\"\nimport { hashPasswordForStorage } from \"@rpcbase/server\"\n\nimport type { AuthSessionUser } from \"../types\"\nimport { getOAuthProviderConfig } from \"./config\"\nimport { decodeJwtPayload } from \"./jwt\"\nimport { getOidcWellKnown } from \"./oidc\"\nimport { generatePkcePair } from \"./pkce\"\nimport { isSafeOAuthProviderId } from \"./providerId\"\n\n\nconst OAUTH_REQUEST_TTL_MS = 10 * 60 * 1000\nconst OAUTH_STATE_COOKIE_NAME = \"rb_oauth_state\"\ntype OAuthCtx = Ctx<AuthSessionUser>\ntype OAuthRequestRecord = {\n returnTo?: unknown\n codeVerifier?: unknown\n}\n\nconst getQueryString = (value: unknown) => {\n if (typeof value === \"string\") return value\n if (Array.isArray(value) && typeof value[0] === \"string\") return value[0]\n return null\n}\n\nconst getCookieValue = (ctx: OAuthCtx, name: string): string | null => {\n const header = ctx.req.headers?.cookie\n if (typeof header !== \"string\" || !header) return null\n\n for (const part of header.split(\";\")) {\n const [rawKey, ...rest] = part.split(\"=\")\n const key = rawKey?.trim()\n if (!key || key !== name) continue\n const rawValue = rest.join(\"=\").trim()\n if (!rawValue) return \"\"\n try {\n return decodeURIComponent(rawValue)\n } catch {\n return rawValue\n }\n }\n\n return null\n}\n\nconst isSafeRedirectPath = (candidate: string) => {\n if (!candidate.startsWith(\"/\")) return false\n if (candidate.startsWith(\"//\")) return false\n return true\n}\n\nconst getRequestOrigin = (ctx: OAuthCtx) => {\n const protoHeader = ctx.req.headers[\"x-forwarded-proto\"]\n const hostHeader = ctx.req.headers[\"x-forwarded-host\"]\n\n const protocol = typeof protoHeader === \"string\"\n ? protoHeader.split(\",\")[0].trim()\n : ctx.req.protocol\n\n const host = typeof hostHeader === \"string\"\n ? hostHeader.split(\",\")[0].trim()\n : ctx.req.get(\"host\")\n\n return protocol && host ? `${protocol}://${host}` : \"\"\n}\n\nconst resolveCallbackPath = (callbackPath: string) => {\n const trimmed = callbackPath.trim()\n return trimmed && isSafeRedirectPath(trimmed) ? trimmed : null\n}\n\nconst readTextBody = async (req: Pick<OAuthCtx[\"req\"], \"on\" | \"setEncoding\">) =>\n await new Promise<string>((resolve, reject) => {\n let body = \"\"\n if (typeof req.setEncoding === \"function\") {\n req.setEncoding(\"utf8\")\n }\n\n req.on(\"data\", (chunk) => {\n body += String(chunk)\n if (body.length > 32_768) {\n reject(new Error(\"request_body_too_large\"))\n }\n })\n req.on(\"end\", () => resolve(body))\n req.on(\"error\", reject)\n })\n\nconst getFormPostParams = async (ctx: OAuthCtx): Promise<Record<string, string> | null> => {\n if (ctx.req.method !== \"POST\") return null\n\n const contentType = typeof ctx.req.headers[\"content-type\"] === \"string\" ? ctx.req.headers[\"content-type\"] : \"\"\n if (!contentType.includes(\"application/x-www-form-urlencoded\")) return null\n\n const body = await readTextBody(ctx.req)\n const params = new URLSearchParams(body)\n\n const result: Record<string, string> = {}\n for (const [key, value] of params.entries()) {\n result[key] = value\n }\n\n return result\n}\n\nconst resolveProviderId = (ctx: OAuthCtx, providerIdOverride?: string) =>\n (providerIdOverride ?? String(ctx.req.params?.provider ?? \"\")).trim()\n\nconst RESERVED_AUTH_PARAM_KEYS = new Set([\"__proto__\", \"prototype\", \"constructor\"])\n\nconst normalizeAuthorizationParams = (value: unknown): Record<string, string> | undefined => {\n if (!value || typeof value !== \"object\" || Array.isArray(value)) return undefined\n\n const result: Record<string, string> = {}\n for (const [keyRaw, valueRaw] of Object.entries(value)) {\n const key = keyRaw.trim()\n if (!key) continue\n if (RESERVED_AUTH_PARAM_KEYS.has(key)) continue\n const val = typeof valueRaw === \"string\" ? valueRaw.trim() : \"\"\n if (!val) continue\n result[key] = val\n }\n\n return Object.keys(result).length ? result : undefined\n}\n\nexport type OAuthStartResult =\n | { success: true; redirectUrl: string }\n | { success: false; error: string; statusCode: number }\n\nexport const getOAuthStartRedirectUrl = async ({\n ctx,\n providerId: providerIdOverride,\n returnTo,\n authorizationParams,\n}: {\n ctx: OAuthCtx\n providerId?: string\n returnTo?: string | null\n authorizationParams?: Record<string, string>\n}): Promise<OAuthStartResult> => {\n const providerId = resolveProviderId(ctx, providerIdOverride)\n if (!providerId) {\n return { success: false, error: \"missing_provider\", statusCode: 400 }\n }\n\n if (!isSafeOAuthProviderId(providerId)) {\n return { success: false, error: \"invalid_provider\", statusCode: 400 }\n }\n\n const provider = getOAuthProviderConfig(providerId)\n if (!provider) {\n return { success: false, error: \"unknown_provider\", statusCode: 404 }\n }\n\n const origin = getRequestOrigin(ctx)\n if (!origin) {\n return { success: false, error: \"origin_unavailable\", statusCode: 500 }\n }\n const isHttps = origin.startsWith(\"https://\")\n\n const callbackPath = resolveCallbackPath(provider.callbackPath)\n if (!callbackPath) {\n return { success: false, error: \"invalid_callback_path\", statusCode: 500 }\n }\n\n const state = crypto.randomBytes(16).toString(\"hex\")\n const { verifier, challenge } = generatePkcePair()\n\n const safeReturnTo = typeof returnTo === \"string\" && isSafeRedirectPath(returnTo) ? returnTo : undefined\n\n try {\n const OAuthRequest = await models.getGlobal(\"RBOAuthRequest\", ctx)\n const now = new Date()\n await OAuthRequest.create({\n _id: state,\n providerId,\n codeVerifier: verifier,\n returnTo: safeReturnTo,\n createdAt: now,\n expiresAt: new Date(now.getTime() + OAUTH_REQUEST_TTL_MS),\n })\n } catch (err) {\n console.warn(\"oauth::failed_to_store_request\", err)\n return { success: false, error: \"oauth_request_store_failed\", statusCode: 500 }\n }\n\n try {\n ctx.res.cookie(OAUTH_STATE_COOKIE_NAME, `${providerId}:${state}`, {\n httpOnly: true,\n secure: isHttps,\n sameSite: isHttps ? \"none\" : \"lax\",\n path: callbackPath,\n maxAge: OAUTH_REQUEST_TTL_MS,\n })\n } catch (err) {\n console.warn(\"oauth::failed_to_set_state_cookie\", err)\n return { success: false, error: \"oauth_cookie_set_failed\", statusCode: 500 }\n }\n\n const oidc = await getOidcWellKnown(provider.issuer)\n const redirectUri = `${origin}${callbackPath}`\n\n const url = new URL(oidc.authorization_endpoint)\n url.searchParams.set(\"client_id\", provider.clientId)\n url.searchParams.set(\"redirect_uri\", redirectUri)\n url.searchParams.set(\"response_type\", \"code\")\n url.searchParams.set(\"scope\", provider.scope)\n url.searchParams.set(\"state\", state)\n url.searchParams.set(\"code_challenge\", challenge)\n url.searchParams.set(\"code_challenge_method\", \"S256\")\n const extraAuthorizationParams = normalizeAuthorizationParams(authorizationParams)\n for (const [key, value] of Object.entries(extraAuthorizationParams ?? {})) {\n if (url.searchParams.has(key)) continue\n url.searchParams.set(key, value)\n }\n\n return { success: true, redirectUrl: url.toString() }\n}\n\nexport type OAuthCallbackResult =\n | {\n success: true\n type: \"signed_in\"\n redirectPath: string\n userId: string\n tenantId: string\n signedInTenants: string[]\n }\n | {\n success: false\n type: \"missing_user\"\n providerId: string\n subject: string\n email?: string\n name?: string\n redirectPath?: string\n }\n | {\n success: false\n type: \"error\"\n error: string\n redirectPath: string\n }\n\nconst OAUTH_SUCCESS_REDIRECT_PATH = \"/onboarding\"\nconst AUTH_ERROR_REDIRECT_BASE = \"/auth/sign-in\"\n\nexport const processOAuthCallback = async ({\n ctx,\n providerId: providerIdOverride,\n createUserOnFirstSignIn,\n missingUserRedirectPath,\n successRedirectPath,\n}: {\n ctx: OAuthCtx\n providerId?: string\n createUserOnFirstSignIn?: boolean\n missingUserRedirectPath?: string\n successRedirectPath?: string\n}): Promise<OAuthCallbackResult> => {\n const providerId = resolveProviderId(ctx, providerIdOverride)\n if (!providerId) {\n return { success: false, type: \"error\", error: \"missing_provider\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=missing_provider` }\n }\n\n if (!isSafeOAuthProviderId(providerId)) {\n return { success: false, type: \"error\", error: \"invalid_provider\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=invalid_provider` }\n }\n\n const provider = getOAuthProviderConfig(providerId)\n if (!provider) {\n return { success: false, type: \"error\", error: \"unknown_provider\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=unknown_provider` }\n }\n\n const origin = getRequestOrigin(ctx)\n if (!origin) {\n return { success: false, type: \"error\", error: \"origin_unavailable\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=origin_unavailable` }\n }\n const isHttps = origin.startsWith(\"https://\")\n\n const callbackPath = resolveCallbackPath(provider.callbackPath)\n if (!callbackPath) {\n return { success: false, type: \"error\", error: \"invalid_callback_path\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=invalid_callback_path` }\n }\n\n const bodyParams = await getFormPostParams(ctx)\n\n const code = (getQueryString(bodyParams?.code) ?? getQueryString(ctx.req.query?.code))?.trim() ?? \"\"\n const state = (getQueryString(bodyParams?.state) ?? getQueryString(ctx.req.query?.state))?.trim() ?? \"\"\n const oauthUserRaw = (getQueryString(bodyParams?.user) ?? getQueryString(ctx.req.query?.user))?.trim() ?? \"\"\n\n if (!code || !state) {\n return { success: false, type: \"error\", error: \"missing_code_or_state\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=missing_code_or_state` }\n }\n\n const stateCookieValue = getCookieValue(ctx, OAUTH_STATE_COOKIE_NAME)\n if (stateCookieValue !== `${providerId}:${state}`) {\n return { success: false, type: \"error\", error: \"invalid_state\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=invalid_state` }\n }\n\n let oauthRequest: OAuthRequestRecord | null = null\n let OAuthRequestModel: Awaited<ReturnType<typeof models.getGlobal>> | null = null\n try {\n OAuthRequestModel = await models.getGlobal(\"RBOAuthRequest\", ctx)\n oauthRequest = await OAuthRequestModel.findOne({ _id: state, providerId }).lean() as OAuthRequestRecord | null\n } catch (err) {\n console.warn(\"oauth::failed_to_load_request\", err)\n return { success: false, type: \"error\", error: \"oauth_request_load_failed\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=oauth_request_load_failed` }\n }\n\n if (!oauthRequest) {\n return { success: false, type: \"error\", error: \"invalid_state\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=invalid_state` }\n }\n\n const returnTo = typeof oauthRequest.returnTo === \"string\" ? oauthRequest.returnTo : undefined\n const codeVerifier = typeof oauthRequest.codeVerifier === \"string\" ? oauthRequest.codeVerifier : \"\"\n if (!codeVerifier) {\n return { success: false, type: \"error\", error: \"missing_code_verifier\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=missing_code_verifier` }\n }\n\n const oidc = await getOidcWellKnown(provider.issuer)\n const redirectUri = `${origin}${callbackPath}`\n\n const tokenBody = new URLSearchParams()\n tokenBody.set(\"grant_type\", \"authorization_code\")\n tokenBody.set(\"code\", code)\n tokenBody.set(\"redirect_uri\", redirectUri)\n tokenBody.set(\"client_id\", provider.clientId)\n tokenBody.set(\"code_verifier\", codeVerifier)\n if (provider.clientSecret) {\n tokenBody.set(\"client_secret\", provider.clientSecret)\n }\n\n const tokenResponse = await fetch(oidc.token_endpoint, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n Accept: \"application/json\",\n },\n body: tokenBody.toString(),\n })\n\n const tokenJson = await tokenResponse.json().catch(() => null) as Record<string, unknown> | null\n\n if (!tokenResponse.ok || !tokenJson || typeof tokenJson !== \"object\") {\n const body = tokenJson ? JSON.stringify(tokenJson) : \"\"\n console.warn(\"oauth::token_exchange failed\", tokenResponse.status, body)\n return { success: false, type: \"error\", error: \"token_exchange_failed\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=token_exchange_failed` }\n }\n\n const accessToken = typeof tokenJson.access_token === \"string\" ? tokenJson.access_token : \"\"\n const refreshToken = typeof tokenJson.refresh_token === \"string\" ? tokenJson.refresh_token : undefined\n const idToken = typeof tokenJson.id_token === \"string\" ? tokenJson.id_token : undefined\n const scope = typeof tokenJson.scope === \"string\" ? tokenJson.scope : undefined\n const tokenType = typeof tokenJson.token_type === \"string\" ? tokenJson.token_type : undefined\n const expiresIn = typeof tokenJson.expires_in === \"number\"\n ? tokenJson.expires_in\n : typeof tokenJson.expires_in === \"string\"\n ? Number(tokenJson.expires_in)\n : undefined\n const expiresInSeconds = typeof expiresIn === \"number\" && Number.isFinite(expiresIn) ? expiresIn : null\n const expiresAt = expiresInSeconds !== null ? new Date(Date.now() + expiresInSeconds * 1000) : undefined\n\n let userInfo: Record<string, unknown> | null = null\n\n if (oidc.userinfo_endpoint && accessToken) {\n const userInfoResponse = await fetch(oidc.userinfo_endpoint, {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n Accept: \"application/json\",\n },\n })\n\n if (userInfoResponse.ok) {\n userInfo = await userInfoResponse.json().catch(() => null) as Record<string, unknown> | null\n }\n }\n\n const idTokenPayload = idToken ? decodeJwtPayload<Record<string, unknown>>(idToken) : null\n const accessTokenPayload = decodeJwtPayload<Record<string, unknown>>(accessToken)\n\n const subject = typeof userInfo?.sub === \"string\"\n ? userInfo.sub\n : typeof idTokenPayload?.sub === \"string\"\n ? idTokenPayload.sub\n : typeof accessTokenPayload?.sub === \"string\"\n ? accessTokenPayload.sub\n : \"\"\n\n if (!subject) {\n return { success: false, type: \"error\", error: \"missing_subject\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=missing_subject` }\n }\n\n const email = typeof userInfo?.email === \"string\"\n ? userInfo.email\n : typeof idTokenPayload?.email === \"string\"\n ? idTokenPayload.email\n : undefined\n\n const name = typeof userInfo?.name === \"string\"\n ? userInfo.name\n : typeof idTokenPayload?.name === \"string\"\n ? idTokenPayload.name\n : undefined\n\n let oauthUser: unknown = null\n if (oauthUserRaw) {\n try {\n oauthUser = JSON.parse(oauthUserRaw) as unknown\n } catch {\n oauthUser = null\n }\n }\n const oauthUserRecord = oauthUser && typeof oauthUser === \"object\"\n ? (oauthUser as Record<string, unknown>)\n : null\n const oauthUserEmail = typeof oauthUserRecord?.email === \"string\" ? oauthUserRecord.email.trim() : \"\"\n const oauthUserNameRecord = oauthUserRecord?.name && typeof oauthUserRecord.name === \"object\"\n ? (oauthUserRecord.name as Record<string, unknown>)\n : null\n const oauthUserNameFirst = typeof oauthUserNameRecord?.firstName === \"string\" ? oauthUserNameRecord.firstName.trim() : \"\"\n const oauthUserNameLast = typeof oauthUserNameRecord?.lastName === \"string\" ? oauthUserNameRecord.lastName.trim() : \"\"\n const oauthUserName = [oauthUserNameFirst, oauthUserNameLast].filter(Boolean).join(\" \").trim()\n\n const resolvedEmail = email ?? (oauthUserEmail || undefined)\n const resolvedName = name ?? (oauthUserName || undefined)\n\n const [User, Tenant] = await Promise.all([\n models.getGlobal(\"RBUser\", ctx),\n models.getGlobal(\"RBTenant\", ctx),\n ])\n\n const subjectQueryKey = `oauthProviders.${providerId}.subject`\n let user = await User.findOne({ [subjectQueryKey]: subject })\n\n if (!user && resolvedEmail) {\n user = await User.findOne({ email: resolvedEmail })\n }\n\n const shouldCreateUser = createUserOnFirstSignIn ?? true\n if (!user && !shouldCreateUser) {\n const redirectPath = missingUserRedirectPath\n\n const result: OAuthCallbackResult = {\n success: false,\n type: \"missing_user\",\n providerId,\n subject,\n email: resolvedEmail,\n name: resolvedName,\n }\n\n if (redirectPath && isSafeRedirectPath(redirectPath)) {\n const url = new URL(redirectPath, origin)\n url.searchParams.set(\"oauth_provider\", providerId)\n if (resolvedEmail) url.searchParams.set(\"email\", resolvedEmail)\n if (resolvedName) url.searchParams.set(\"name\", resolvedName)\n result.redirectPath = `${url.pathname}${url.search}`\n }\n\n return result\n }\n\n if (!ctx.req.session) {\n return { success: false, type: \"error\", error: \"session_unavailable\", redirectPath: `${AUTH_ERROR_REDIRECT_BASE}?error=session_unavailable` }\n }\n\n const now = new Date()\n\n let providerCreatedAt: Date | undefined\n const oauthProviders = user?.get(\"oauthProviders\") as Map<string, { createdAt?: unknown }> | undefined\n const existingProvider = oauthProviders?.get(providerId)\n if (existingProvider?.createdAt instanceof Date) {\n providerCreatedAt = existingProvider.createdAt\n }\n\n const oauthProviderPayload = {\n subject,\n email: resolvedEmail,\n name: resolvedName,\n accessToken,\n refreshToken,\n idToken,\n scope,\n tokenType,\n expiresAt,\n rawUserInfo: userInfo ?? undefined,\n createdAt: providerCreatedAt ?? now,\n updatedAt: now,\n }\n\n if (!user) {\n const tenantId = crypto.randomUUID()\n const password = await hashPasswordForStorage(crypto.randomBytes(32).toString(\"hex\"))\n\n user = new User({\n email: resolvedEmail,\n name: resolvedName,\n password,\n tenants: [tenantId],\n tenantRoles: {\n [tenantId]: [\"owner\"],\n },\n oauthProviders: {\n [providerId]: oauthProviderPayload,\n },\n })\n\n await user.save()\n\n try {\n await Tenant.create({\n tenantId,\n name: resolvedEmail || subject,\n })\n } catch (err) {\n console.warn(\"oauth::failed_to_create_tenant\", err)\n }\n } else {\n const setFields: Record<string, unknown> = {\n [`oauthProviders.${providerId}`]: oauthProviderPayload,\n }\n\n if (!user.email && resolvedEmail) {\n setFields.email = resolvedEmail\n }\n\n if (!user.name && resolvedName) {\n setFields.name = resolvedName\n }\n\n await User.updateOne({ _id: user._id }, { $set: setFields })\n }\n\n const tenantId = user.tenants?.[0]?.toString?.() || \"00000000\"\n const signedInTenants = (user.tenants || []).map(String)\n const tenantRolesMap = user.get(\"tenantRoles\") as Map<string, string[]> | undefined\n const tenantRoles = tenantRolesMap ? Object.fromEntries(tenantRolesMap.entries()) : undefined\n\n ctx.req.session.user = {\n id: user._id.toString(),\n currentTenantId: tenantId,\n signedInTenants: signedInTenants.length ? signedInTenants : [tenantId],\n isEntryGateAuthorized: true,\n tenantRoles,\n }\n\n try {\n if (OAuthRequestModel) {\n await OAuthRequestModel.deleteOne({ _id: state, providerId })\n }\n } catch (err) {\n console.warn(\"oauth::failed_to_delete_request\", err)\n }\n\n try {\n ctx.res.clearCookie(OAUTH_STATE_COOKIE_NAME, {\n httpOnly: true,\n secure: isHttps,\n sameSite: isHttps ? \"none\" : \"lax\",\n path: callbackPath,\n })\n } catch (err) {\n console.warn(\"oauth::failed_to_clear_state_cookie\", err)\n }\n\n const redirectPath = returnTo && isSafeRedirectPath(returnTo)\n ? returnTo\n : successRedirectPath && isSafeRedirectPath(successRedirectPath)\n ? successRedirectPath\n : OAUTH_SUCCESS_REDIRECT_PATH\n\n return {\n success: true,\n type: \"signed_in\",\n redirectPath,\n userId: user._id.toString(),\n tenantId,\n signedInTenants: signedInTenants.length ? signedInTenants : [tenantId],\n }\n}\n\nexport const createOAuthStartHandler = ({\n providerId,\n getAuthorizationParams,\n}: {\n providerId?: string\n getAuthorizationParams?: (providerId: string) => Record<string, string> | undefined\n} = {}): ApiHandler<unknown, { success: boolean; error?: string }, AuthSessionUser> => async (\n _payload,\n ctx,\n) => {\n const resolvedProviderId = resolveProviderId(ctx, providerId)\n const providerAuthorizationParams = resolvedProviderId && getAuthorizationParams\n ? getAuthorizationParams(resolvedProviderId)\n : undefined\n const returnTo = getQueryString(ctx.req.query?.returnTo)?.trim()\n const result = await getOAuthStartRedirectUrl({\n ctx,\n providerId: resolvedProviderId,\n returnTo,\n authorizationParams: providerAuthorizationParams,\n })\n\n if (!result.success) {\n ctx.res.status(result.statusCode)\n return { success: false, error: result.error }\n }\n\n ctx.res.redirect(result.redirectUrl)\n return { success: true }\n}\n\nexport const createOAuthCallbackHandler = ({\n providerId,\n createUserOnFirstSignIn,\n missingUserRedirectPath,\n successRedirectPath,\n}: {\n providerId?: string\n createUserOnFirstSignIn?: boolean\n missingUserRedirectPath?: string\n successRedirectPath?: string\n} = {}): ApiHandler<unknown, { success: boolean; error?: string }, AuthSessionUser> => async (\n _payload,\n ctx,\n) => {\n const result = await processOAuthCallback({\n ctx,\n providerId,\n createUserOnFirstSignIn,\n missingUserRedirectPath,\n successRedirectPath,\n })\n\n if (result.type === \"error\") {\n ctx.res.redirect(result.redirectPath)\n return { success: false, error: result.error }\n }\n\n if (result.type === \"missing_user\") {\n if (result.redirectPath) {\n ctx.res.redirect(result.redirectPath)\n } else {\n ctx.res.redirect(\"/auth/sign-up\")\n }\n return { success: false, error: \"user_not_found\" }\n }\n\n ctx.res.redirect(result.redirectPath)\n return { success: true }\n}\n\nconst base64UrlEncode = (input: Buffer | string) =>\n Buffer.from(input)\n .toString(\"base64\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/g, \"\")\n\nexport const createAppleClientSecret = ({\n teamId,\n clientId,\n keyId,\n privateKeyPem,\n now = new Date(),\n expiresInSeconds = 10 * 60,\n}: {\n teamId: string\n clientId: string\n keyId: string\n privateKeyPem: string\n now?: Date\n expiresInSeconds?: number\n}) => {\n const teamIdValue = teamId.trim()\n const clientIdValue = clientId.trim()\n const keyIdValue = keyId.trim()\n const privateKeyPemValue = privateKeyPem.trim()\n\n if (!teamIdValue) throw new Error(\"teamId is required\")\n if (!clientIdValue) throw new Error(\"clientId is required\")\n if (!keyIdValue) throw new Error(\"keyId is required\")\n if (!privateKeyPemValue) throw new Error(\"privateKeyPem is required\")\n\n const nowSeconds = Math.floor(now.getTime() / 1000)\n const expiresIn = Number.isFinite(expiresInSeconds) ? expiresInSeconds : 10 * 60\n const exp = nowSeconds + Math.max(60, Math.min(expiresIn, 60 * 60 * 24 * 180))\n\n const header = { alg: \"ES256\", kid: keyIdValue, typ: \"JWT\" }\n const payload = {\n iss: teamIdValue,\n iat: nowSeconds,\n exp,\n aud: \"https://appleid.apple.com\",\n sub: clientIdValue,\n }\n\n const signingInput = `${base64UrlEncode(JSON.stringify(header))}.${base64UrlEncode(JSON.stringify(payload))}`\n const signature = crypto.sign(\"sha256\", Buffer.from(signingInput), {\n key: privateKeyPemValue,\n dsaEncoding: \"ieee-p1363\",\n })\n\n return `${signingInput}.${base64UrlEncode(signature)}`\n}\n"],"names":["isSafeRedirectPath","base64UrlEncode","redirectPath","tenantId"],"mappings":";;;AAcA,MAAM,YAAY,uBAAO,IAAI,8BAA8B;AAE3D,MAAM,WAAW,MAA2B;AAC1C,QAAM,YAAY;AAClB,QAAM,WAAW,UAAU,SAAS;AACpC,MAAI,YAAY,OAAO,aAAa,YAAY,SAAS,aAAa,OAAO,SAAS,cAAc,UAAU;AAC5G,WAAO;AAAA,EACT;AAEA,QAAM,UAA+B,EAAE,WAAW,GAAC;AACnD,YAAU,SAAS,IAAI;AACvB,SAAO;AACT;AAEA,MAAM,qBAAqB,CAAC,cAAyE;AACnG,QAAM,SAA+B,CAAA;AAErC,QAAMA,sBAAqB,CAAC,cAAsB;AAChD,QAAI,CAAC,UAAU,WAAW,GAAG,EAAG,QAAO;AACvC,QAAI,UAAU,WAAW,IAAI,EAAG,QAAO;AACvC,WAAO;AAAA,EACT;AAEA,aAAW,CAAC,eAAe,KAAK,KAAK,OAAO,QAAQ,SAAS,GAAG;AAC9D,UAAM,aAAa,cAAc,KAAA;AACjC,QAAI,CAAC,WAAY;AAEjB,UAAM,SAAS,OAAO,OAAO,WAAW,WAAW,MAAM,OAAO,SAAS;AACzE,UAAM,WAAW,OAAO,OAAO,aAAa,WAAW,MAAM,SAAS,SAAS;AAC/E,QAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,mBAAmB,UAAU,kBAAkB;AAC5E,QAAI,CAAC,SAAU,OAAM,IAAI,MAAM,mBAAmB,UAAU,oBAAoB;AAEhF,UAAM,eAAe,OAAO,OAAO,iBAAiB,YAAY,MAAM,aAAa,KAAA,IAC/E,MAAM,eACN;AAEJ,UAAM,QAAQ,OAAO,OAAO,UAAU,WAAW,MAAM,MAAM,SAAS;AACtE,QAAI,CAAC,MAAO,OAAM,IAAI,MAAM,mBAAmB,UAAU,iBAAiB;AAE1E,UAAM,eAAe,OAAO,OAAO,iBAAiB,WAChD,MAAM,aAAa,SACnB;AACJ,QAAI,CAAC,aAAc,OAAM,IAAI,MAAM,mBAAmB,UAAU,wBAAwB;AACxF,QAAI,CAACA,oBAAmB,YAAY,SAAS,IAAI,MAAM,mBAAmB,UAAU,4BAA4B;AAEhH,WAAO,UAAU,IAAI;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IAAA;AAAA,EAEJ;AAEA,SAAO;AACT;AAEO,MAAM,0BAA0B,CAAC,cAAmD;AACzF,QAAM,QAAQ,SAAA;AACd,QAAM,aAAa,mBAAmB,SAAS;AAC/C,QAAM,YAAY,EAAE,GAAG,MAAM,WAAW,GAAG,WAAA;AAC7C;AAEO,MAAM,oBAAoB,CAAC,cAAmD;AACnF,QAAM,QAAQ,SAAA;AACd,QAAM,YAAY,mBAAmB,SAAS;AAChD;AAEO,MAAM,yBAAyB,CAAC,eAAmD;AACxF,QAAM,QAAQ,SAAA;AACd,SAAO,MAAM,UAAU,UAAU,KAAK;AACxC;ACrFA,MAAM,kBAAkB,CAAC,UAAkB;AACzC,QAAM,SAAS,MAAM,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG,IAAI,MAAM,OAAO,MAAM,SAAS,KAAK,CAAC;AAC/F,SAAO,OAAO,KAAK,QAAQ,QAAQ,EAAE,SAAS,MAAM;AACtD;AAEO,MAAM,mBAAmB,CAA8B,UAA4B;AACxF,QAAM,QAAQ,MAAM,MAAM,GAAG;AAC7B,MAAI,MAAM,SAAS,EAAG,QAAO;AAE7B,MAAI;AACF,UAAM,OAAO,gBAAgB,MAAM,CAAC,CAAC;AACrC,UAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,QAAI,CAAC,UAAU,OAAO,WAAW,SAAU,QAAO;AAClD,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;ACTA,MAAM,4BAAY,IAAA;AAElB,MAAM,kBAAkB,CAAC,QAAgB,IAAI,OAAO,QAAQ,QAAQ,EAAE;AAE/D,MAAM,mBAAmB,OAAO,cAA8C;AACnF,QAAM,SAAS,gBAAgB,SAAS;AACxC,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAEA,QAAM,WAAW,MAAM,IAAI,MAAM;AACjC,MAAI,UAAU;AACZ,WAAO;AAAA,EACT;AAEA,QAAM,UAAU,YAAY;AAC1B,UAAM,MAAM,IAAI,IAAI,qCAAqC,MAAM;AAC/D,UAAM,WAAW,MAAM,MAAM,KAAK,EAAE,SAAS,EAAE,QAAQ,mBAAA,GAAsB;AAC7E,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,OAAO,MAAM,SAAS,OAAO,MAAM,MAAM,EAAE;AACjD,YAAM,IAAI,MAAM,4CAA4C,SAAS,MAAM,IAAI,IAAI,EAAE;AAAA,IACvF;AAEA,UAAM,OAAO,MAAM,SAAS,OAAO,MAAM,MAAM,IAAI;AACnD,QAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,YAAM,IAAI,MAAM,iCAAiC;AAAA,IACnD;AAEA,UAAM,wBAAwB,OAAO,KAAK,2BAA2B,WACjE,KAAK,yBACL;AACJ,UAAM,gBAAgB,OAAO,KAAK,mBAAmB,WACjD,KAAK,iBACL;AACJ,UAAM,cAAc,OAAO,KAAK,WAAW,WAAW,KAAK,SAAS;AACpE,UAAM,mBAAmB,OAAO,KAAK,sBAAsB,WAAW,KAAK,oBAAoB;AAC/F,UAAM,UAAU,OAAO,KAAK,aAAa,WAAW,KAAK,WAAW;AAEpE,QAAI,CAAC,yBAAyB,CAAC,eAAe;AAC5C,YAAM,IAAI,MAAM,oDAAoD;AAAA,IACtE;AAEA,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,wBAAwB;AAAA,MACxB,gBAAgB;AAAA,MAChB,mBAAmB;AAAA,MACnB,UAAU;AAAA,IAAA;AAAA,EAEd,GAAA;AAEA,QAAM,IAAI,QAAQ,MAAM;AAExB,MAAI;AACF,WAAO,MAAM;AAAA,EACf,SAAS,KAAK;AACZ,UAAM,OAAO,MAAM;AACnB,UAAM;AAAA,EACR;AACF;AChEO,MAAMC,oBAAkB,CAAC,UAAkB,MAC/C,SAAS,QAAQ,EACjB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,QAAQ,EAAE;AAEd,MAAM,mBAAmB,MAAM;AACpC,QAAM,WAAWA,kBAAgB,OAAO,YAAY,EAAE,CAAC;AACvD,QAAM,YAAYA,kBAAgB,OAAO,WAAW,QAAQ,EAAE,OAAO,QAAQ,EAAE,QAAQ;AAEvF,SAAO,EAAE,UAAU,UAAA;AACrB;ACdA,MAAM,gBAAgB,oBAAI,IAAI,CAAC,aAAa,aAAa,aAAa,CAAC;AAEhE,MAAM,wBAAwB,CAAC,UAAkB;AACtD,QAAM,aAAa,MAAM,KAAA;AACzB,MAAI,CAAC,WAAY,QAAO;AACxB,MAAI,WAAW,SAAS,IAAK,QAAO;AACpC,MAAI,cAAc,IAAI,UAAU,EAAG,QAAO;AAC1C,SAAO,mBAAmB,KAAK,UAAU;AAC3C;ACMA,MAAM,uBAAuB,KAAK,KAAK;AACvC,MAAM,0BAA0B;AAOhC,MAAM,iBAAiB,CAAC,UAAmB;AACzC,MAAI,OAAO,UAAU,SAAU,QAAO;AACtC,MAAI,MAAM,QAAQ,KAAK,KAAK,OAAO,MAAM,CAAC,MAAM,SAAU,QAAO,MAAM,CAAC;AACxE,SAAO;AACT;AAEA,MAAM,iBAAiB,CAAC,KAAe,SAAgC;AACrE,QAAM,SAAS,IAAI,IAAI,SAAS;AAChC,MAAI,OAAO,WAAW,YAAY,CAAC,OAAQ,QAAO;AAElD,aAAW,QAAQ,OAAO,MAAM,GAAG,GAAG;AACpC,UAAM,CAAC,QAAQ,GAAG,IAAI,IAAI,KAAK,MAAM,GAAG;AACxC,UAAM,MAAM,QAAQ,KAAA;AACpB,QAAI,CAAC,OAAO,QAAQ,KAAM;AAC1B,UAAM,WAAW,KAAK,KAAK,GAAG,EAAE,KAAA;AAChC,QAAI,CAAC,SAAU,QAAO;AACtB,QAAI;AACF,aAAO,mBAAmB,QAAQ;AAAA,IACpC,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAEA,MAAM,qBAAqB,CAAC,cAAsB;AAChD,MAAI,CAAC,UAAU,WAAW,GAAG,EAAG,QAAO;AACvC,MAAI,UAAU,WAAW,IAAI,EAAG,QAAO;AACvC,SAAO;AACT;AAEA,MAAM,mBAAmB,CAAC,QAAkB;AAC1C,QAAM,cAAc,IAAI,IAAI,QAAQ,mBAAmB;AACvD,QAAM,aAAa,IAAI,IAAI,QAAQ,kBAAkB;AAErD,QAAM,WAAW,OAAO,gBAAgB,WACpC,YAAY,MAAM,GAAG,EAAE,CAAC,EAAE,KAAA,IAC1B,IAAI,IAAI;AAEZ,QAAM,OAAO,OAAO,eAAe,WAC/B,WAAW,MAAM,GAAG,EAAE,CAAC,EAAE,KAAA,IACzB,IAAI,IAAI,IAAI,MAAM;AAEtB,SAAO,YAAY,OAAO,GAAG,QAAQ,MAAM,IAAI,KAAK;AACtD;AAEA,MAAM,sBAAsB,CAAC,iBAAyB;AACpD,QAAM,UAAU,aAAa,KAAA;AAC7B,SAAO,WAAW,mBAAmB,OAAO,IAAI,UAAU;AAC5D;AAEA,MAAM,eAAe,OAAO,QAC1B,MAAM,IAAI,QAAgB,CAAC,SAAS,WAAW;AAC7C,MAAI,OAAO;AACX,MAAI,OAAO,IAAI,gBAAgB,YAAY;AACzC,QAAI,YAAY,MAAM;AAAA,EACxB;AAEA,MAAI,GAAG,QAAQ,CAAC,UAAU;AACxB,YAAQ,OAAO,KAAK;AACpB,QAAI,KAAK,SAAS,OAAQ;AACxB,aAAO,IAAI,MAAM,wBAAwB,CAAC;AAAA,IAC5C;AAAA,EACF,CAAC;AACD,MAAI,GAAG,OAAO,MAAM,QAAQ,IAAI,CAAC;AACjC,MAAI,GAAG,SAAS,MAAM;AACxB,CAAC;AAEH,MAAM,oBAAoB,OAAO,QAA0D;AACzF,MAAI,IAAI,IAAI,WAAW,OAAQ,QAAO;AAEtC,QAAM,cAAc,OAAO,IAAI,IAAI,QAAQ,cAAc,MAAM,WAAW,IAAI,IAAI,QAAQ,cAAc,IAAI;AAC5G,MAAI,CAAC,YAAY,SAAS,mCAAmC,EAAG,QAAO;AAEvE,QAAM,OAAO,MAAM,aAAa,IAAI,GAAG;AACvC,QAAM,SAAS,IAAI,gBAAgB,IAAI;AAEvC,QAAM,SAAiC,CAAA;AACvC,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,WAAW;AAC3C,WAAO,GAAG,IAAI;AAAA,EAChB;AAEA,SAAO;AACT;AAEA,MAAM,oBAAoB,CAAC,KAAe,wBACvC,sBAAsB,OAAO,IAAI,IAAI,QAAQ,YAAY,EAAE,GAAG,KAAA;AAEjE,MAAM,2BAA2B,oBAAI,IAAI,CAAC,aAAa,aAAa,aAAa,CAAC;AAElF,MAAM,+BAA+B,CAAC,UAAuD;AAC3F,MAAI,CAAC,SAAS,OAAO,UAAU,YAAY,MAAM,QAAQ,KAAK,EAAG,QAAO;AAExE,QAAM,SAAiC,CAAA;AACvC,aAAW,CAAC,QAAQ,QAAQ,KAAK,OAAO,QAAQ,KAAK,GAAG;AACtD,UAAM,MAAM,OAAO,KAAA;AACnB,QAAI,CAAC,IAAK;AACV,QAAI,yBAAyB,IAAI,GAAG,EAAG;AACvC,UAAM,MAAM,OAAO,aAAa,WAAW,SAAS,SAAS;AAC7D,QAAI,CAAC,IAAK;AACV,WAAO,GAAG,IAAI;AAAA,EAChB;AAEA,SAAO,OAAO,KAAK,MAAM,EAAE,SAAS,SAAS;AAC/C;AAMO,MAAM,2BAA2B,OAAO;AAAA,EAC7C;AAAA,EACA,YAAY;AAAA,EACZ;AAAA,EACA;AACF,MAKiC;AAC/B,QAAM,aAAa,kBAAkB,KAAK,kBAAkB;AAC5D,MAAI,CAAC,YAAY;AACf,WAAO,EAAE,SAAS,OAAO,OAAO,oBAAoB,YAAY,IAAA;AAAA,EAClE;AAEA,MAAI,CAAC,sBAAsB,UAAU,GAAG;AACtC,WAAO,EAAE,SAAS,OAAO,OAAO,oBAAoB,YAAY,IAAA;AAAA,EAClE;AAEA,QAAM,WAAW,uBAAuB,UAAU;AAClD,MAAI,CAAC,UAAU;AACb,WAAO,EAAE,SAAS,OAAO,OAAO,oBAAoB,YAAY,IAAA;AAAA,EAClE;AAEA,QAAM,SAAS,iBAAiB,GAAG;AACnC,MAAI,CAAC,QAAQ;AACX,WAAO,EAAE,SAAS,OAAO,OAAO,sBAAsB,YAAY,IAAA;AAAA,EACpE;AACA,QAAM,UAAU,OAAO,WAAW,UAAU;AAE5C,QAAM,eAAe,oBAAoB,SAAS,YAAY;AAC9D,MAAI,CAAC,cAAc;AACjB,WAAO,EAAE,SAAS,OAAO,OAAO,yBAAyB,YAAY,IAAA;AAAA,EACvE;AAEA,QAAM,QAAQ,OAAO,YAAY,EAAE,EAAE,SAAS,KAAK;AACnD,QAAM,EAAE,UAAU,UAAA,IAAc,iBAAA;AAEhC,QAAM,eAAe,OAAO,aAAa,YAAY,mBAAmB,QAAQ,IAAI,WAAW;AAE/F,MAAI;AACF,UAAM,eAAe,MAAM,OAAO,UAAU,kBAAkB,GAAG;AACjE,UAAM,0BAAU,KAAA;AAChB,UAAM,aAAa,OAAO;AAAA,MACxB,KAAK;AAAA,MACL;AAAA,MACA,cAAc;AAAA,MACd,UAAU;AAAA,MACV,WAAW;AAAA,MACX,WAAW,IAAI,KAAK,IAAI,QAAA,IAAY,oBAAoB;AAAA,IAAA,CACzD;AAAA,EACH,SAAS,KAAK;AACZ,YAAQ,KAAK,kCAAkC,GAAG;AAClD,WAAO,EAAE,SAAS,OAAO,OAAO,8BAA8B,YAAY,IAAA;AAAA,EAC5E;AAEA,MAAI;AACF,QAAI,IAAI,OAAO,yBAAyB,GAAG,UAAU,IAAI,KAAK,IAAI;AAAA,MAChE,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU,UAAU,SAAS;AAAA,MAC7B,MAAM;AAAA,MACN,QAAQ;AAAA,IAAA,CACT;AAAA,EACH,SAAS,KAAK;AACZ,YAAQ,KAAK,qCAAqC,GAAG;AACrD,WAAO,EAAE,SAAS,OAAO,OAAO,2BAA2B,YAAY,IAAA;AAAA,EACzE;AAEA,QAAM,OAAO,MAAM,iBAAiB,SAAS,MAAM;AACnD,QAAM,cAAc,GAAG,MAAM,GAAG,YAAY;AAE5C,QAAM,MAAM,IAAI,IAAI,KAAK,sBAAsB;AAC/C,MAAI,aAAa,IAAI,aAAa,SAAS,QAAQ;AACnD,MAAI,aAAa,IAAI,gBAAgB,WAAW;AAChD,MAAI,aAAa,IAAI,iBAAiB,MAAM;AAC5C,MAAI,aAAa,IAAI,SAAS,SAAS,KAAK;AAC5C,MAAI,aAAa,IAAI,SAAS,KAAK;AACnC,MAAI,aAAa,IAAI,kBAAkB,SAAS;AAChD,MAAI,aAAa,IAAI,yBAAyB,MAAM;AACpD,QAAM,2BAA2B,6BAA6B,mBAAmB;AACjF,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,4BAA4B,CAAA,CAAE,GAAG;AACzE,QAAI,IAAI,aAAa,IAAI,GAAG,EAAG;AAC/B,QAAI,aAAa,IAAI,KAAK,KAAK;AAAA,EACjC;AAEA,SAAO,EAAE,SAAS,MAAM,aAAa,IAAI,WAAS;AACpD;AA2BA,MAAM,8BAA8B;AACpC,MAAM,2BAA2B;AAE1B,MAAM,uBAAuB,OAAO;AAAA,EACzC;AAAA,EACA,YAAY;AAAA,EACZ;AAAA,EACA;AAAA,EACA;AACF,MAMoC;AAClC,QAAM,aAAa,kBAAkB,KAAK,kBAAkB;AAC5D,MAAI,CAAC,YAAY;AACf,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,oBAAoB,cAAc,GAAG,wBAAwB,0BAAA;AAAA,EAC9G;AAEA,MAAI,CAAC,sBAAsB,UAAU,GAAG;AACtC,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,oBAAoB,cAAc,GAAG,wBAAwB,0BAAA;AAAA,EAC9G;AAEA,QAAM,WAAW,uBAAuB,UAAU;AAClD,MAAI,CAAC,UAAU;AACb,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,oBAAoB,cAAc,GAAG,wBAAwB,0BAAA;AAAA,EAC9G;AAEA,QAAM,SAAS,iBAAiB,GAAG;AACnC,MAAI,CAAC,QAAQ;AACX,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,sBAAsB,cAAc,GAAG,wBAAwB,4BAAA;AAAA,EAChH;AACA,QAAM,UAAU,OAAO,WAAW,UAAU;AAE5C,QAAM,eAAe,oBAAoB,SAAS,YAAY;AAC9D,MAAI,CAAC,cAAc;AACjB,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,yBAAyB,cAAc,GAAG,wBAAwB,+BAAA;AAAA,EACnH;AAEA,QAAM,aAAa,MAAM,kBAAkB,GAAG;AAE9C,QAAM,QAAQ,eAAe,YAAY,IAAI,KAAK,eAAe,IAAI,IAAI,OAAO,IAAI,IAAI,KAAA,KAAU;AAClG,QAAM,SAAS,eAAe,YAAY,KAAK,KAAK,eAAe,IAAI,IAAI,OAAO,KAAK,IAAI,KAAA,KAAU;AACrG,QAAM,gBAAgB,eAAe,YAAY,IAAI,KAAK,eAAe,IAAI,IAAI,OAAO,IAAI,IAAI,KAAA,KAAU;AAE1G,MAAI,CAAC,QAAQ,CAAC,OAAO;AACnB,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,yBAAyB,cAAc,GAAG,wBAAwB,+BAAA;AAAA,EACnH;AAEA,QAAM,mBAAmB,eAAe,KAAK,uBAAuB;AACpE,MAAI,qBAAqB,GAAG,UAAU,IAAI,KAAK,IAAI;AACjD,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,iBAAiB,cAAc,GAAG,wBAAwB,uBAAA;AAAA,EAC3G;AAEA,MAAI,eAA0C;AAC9C,MAAI,oBAAyE;AAC7E,MAAI;AACF,wBAAoB,MAAM,OAAO,UAAU,kBAAkB,GAAG;AAChE,mBAAe,MAAM,kBAAkB,QAAQ,EAAE,KAAK,OAAO,YAAY,EAAE,KAAA;AAAA,EAC7E,SAAS,KAAK;AACZ,YAAQ,KAAK,iCAAiC,GAAG;AACjD,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,6BAA6B,cAAc,GAAG,wBAAwB,mCAAA;AAAA,EACvH;AAEA,MAAI,CAAC,cAAc;AACjB,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,iBAAiB,cAAc,GAAG,wBAAwB,uBAAA;AAAA,EAC3G;AAEA,QAAM,WAAW,OAAO,aAAa,aAAa,WAAW,aAAa,WAAW;AACrF,QAAM,eAAe,OAAO,aAAa,iBAAiB,WAAW,aAAa,eAAe;AACjG,MAAI,CAAC,cAAc;AACjB,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,yBAAyB,cAAc,GAAG,wBAAwB,+BAAA;AAAA,EACnH;AAEA,QAAM,OAAO,MAAM,iBAAiB,SAAS,MAAM;AACnD,QAAM,cAAc,GAAG,MAAM,GAAG,YAAY;AAE5C,QAAM,YAAY,IAAI,gBAAA;AACtB,YAAU,IAAI,cAAc,oBAAoB;AAChD,YAAU,IAAI,QAAQ,IAAI;AAC1B,YAAU,IAAI,gBAAgB,WAAW;AACzC,YAAU,IAAI,aAAa,SAAS,QAAQ;AAC5C,YAAU,IAAI,iBAAiB,YAAY;AAC3C,MAAI,SAAS,cAAc;AACzB,cAAU,IAAI,iBAAiB,SAAS,YAAY;AAAA,EACtD;AAEA,QAAM,gBAAgB,MAAM,MAAM,KAAK,gBAAgB;AAAA,IACrD,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,gBAAgB;AAAA,MAChB,QAAQ;AAAA,IAAA;AAAA,IAEV,MAAM,UAAU,SAAA;AAAA,EAAS,CAC1B;AAED,QAAM,YAAY,MAAM,cAAc,OAAO,MAAM,MAAM,IAAI;AAE7D,MAAI,CAAC,cAAc,MAAM,CAAC,aAAa,OAAO,cAAc,UAAU;AACpE,UAAM,OAAO,YAAY,KAAK,UAAU,SAAS,IAAI;AACrD,YAAQ,KAAK,gCAAgC,cAAc,QAAQ,IAAI;AACvE,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,yBAAyB,cAAc,GAAG,wBAAwB,+BAAA;AAAA,EACnH;AAEA,QAAM,cAAc,OAAO,UAAU,iBAAiB,WAAW,UAAU,eAAe;AAC1F,QAAM,eAAe,OAAO,UAAU,kBAAkB,WAAW,UAAU,gBAAgB;AAC7F,QAAM,UAAU,OAAO,UAAU,aAAa,WAAW,UAAU,WAAW;AAC9E,QAAM,QAAQ,OAAO,UAAU,UAAU,WAAW,UAAU,QAAQ;AACtE,QAAM,YAAY,OAAO,UAAU,eAAe,WAAW,UAAU,aAAa;AACpF,QAAM,YAAY,OAAO,UAAU,eAAe,WAC9C,UAAU,aACV,OAAO,UAAU,eAAe,WAC9B,OAAO,UAAU,UAAU,IAC3B;AACN,QAAM,mBAAmB,OAAO,cAAc,YAAY,OAAO,SAAS,SAAS,IAAI,YAAY;AACnG,QAAM,YAAY,qBAAqB,OAAO,IAAI,KAAK,KAAK,QAAQ,mBAAmB,GAAI,IAAI;AAE/F,MAAI,WAA2C;AAE/C,MAAI,KAAK,qBAAqB,aAAa;AACzC,UAAM,mBAAmB,MAAM,MAAM,KAAK,mBAAmB;AAAA,MAC3D,SAAS;AAAA,QACP,eAAe,UAAU,WAAW;AAAA,QACpC,QAAQ;AAAA,MAAA;AAAA,IACV,CACD;AAED,QAAI,iBAAiB,IAAI;AACvB,iBAAW,MAAM,iBAAiB,KAAA,EAAO,MAAM,MAAM,IAAI;AAAA,IAC3D;AAAA,EACF;AAEA,QAAM,iBAAiB,UAAU,iBAA0C,OAAO,IAAI;AACtF,QAAM,qBAAqB,iBAA0C,WAAW;AAEhF,QAAM,UAAU,OAAO,UAAU,QAAQ,WACrC,SAAS,MACT,OAAO,gBAAgB,QAAQ,WAC7B,eAAe,MACf,OAAO,oBAAoB,QAAQ,WACjC,mBAAmB,MACnB;AAER,MAAI,CAAC,SAAS;AACZ,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,mBAAmB,cAAc,GAAG,wBAAwB,yBAAA;AAAA,EAC7G;AAEA,QAAM,QAAQ,OAAO,UAAU,UAAU,WACrC,SAAS,QACT,OAAO,gBAAgB,UAAU,WAC/B,eAAe,QACf;AAEN,QAAM,OAAO,OAAO,UAAU,SAAS,WACnC,SAAS,OACT,OAAO,gBAAgB,SAAS,WAC9B,eAAe,OACf;AAEN,MAAI,YAAqB;AACzB,MAAI,cAAc;AAChB,QAAI;AACF,kBAAY,KAAK,MAAM,YAAY;AAAA,IACrC,QAAQ;AACN,kBAAY;AAAA,IACd;AAAA,EACF;AACA,QAAM,kBAAkB,aAAa,OAAO,cAAc,WACrD,YACD;AACJ,QAAM,iBAAiB,OAAO,iBAAiB,UAAU,WAAW,gBAAgB,MAAM,SAAS;AACnG,QAAM,sBAAsB,iBAAiB,QAAQ,OAAO,gBAAgB,SAAS,WAChF,gBAAgB,OACjB;AACJ,QAAM,qBAAqB,OAAO,qBAAqB,cAAc,WAAW,oBAAoB,UAAU,SAAS;AACvH,QAAM,oBAAoB,OAAO,qBAAqB,aAAa,WAAW,oBAAoB,SAAS,SAAS;AACpH,QAAM,gBAAgB,CAAC,oBAAoB,iBAAiB,EAAE,OAAO,OAAO,EAAE,KAAK,GAAG,EAAE,KAAA;AAExF,QAAM,gBAAgB,UAAU,kBAAkB;AAClD,QAAM,eAAe,SAAS,iBAAiB;AAE/C,QAAM,CAAC,MAAM,MAAM,IAAI,MAAM,QAAQ,IAAI;AAAA,IACvC,OAAO,UAAU,UAAU,GAAG;AAAA,IAC9B,OAAO,UAAU,YAAY,GAAG;AAAA,EAAA,CACjC;AAED,QAAM,kBAAkB,kBAAkB,UAAU;AACpD,MAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC,eAAe,GAAG,SAAS;AAE5D,MAAI,CAAC,QAAQ,eAAe;AAC1B,WAAO,MAAM,KAAK,QAAQ,EAAE,OAAO,eAAe;AAAA,EACpD;AAEA,QAAM,mBAAmB,2BAA2B;AACpD,MAAI,CAAC,QAAQ,CAAC,kBAAkB;AAC9B,UAAMC,gBAAe;AAErB,UAAM,SAA8B;AAAA,MAClC,SAAS;AAAA,MACT,MAAM;AAAA,MACN;AAAA,MACA;AAAA,MACA,OAAO;AAAA,MACP,MAAM;AAAA,IAAA;AAGR,QAAIA,iBAAgB,mBAAmBA,aAAY,GAAG;AACpD,YAAM,MAAM,IAAI,IAAIA,eAAc,MAAM;AACxC,UAAI,aAAa,IAAI,kBAAkB,UAAU;AACjD,UAAI,cAAe,KAAI,aAAa,IAAI,SAAS,aAAa;AAC9D,UAAI,aAAc,KAAI,aAAa,IAAI,QAAQ,YAAY;AAC3D,aAAO,eAAe,GAAG,IAAI,QAAQ,GAAG,IAAI,MAAM;AAAA,IACpD;AAEA,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,IAAI,IAAI,SAAS;AACpB,WAAO,EAAE,SAAS,OAAO,MAAM,SAAS,OAAO,uBAAuB,cAAc,GAAG,wBAAwB,6BAAA;AAAA,EACjH;AAEA,QAAM,0BAAU,KAAA;AAEhB,MAAI;AACJ,QAAM,iBAAiB,MAAM,IAAI,gBAAgB;AACjD,QAAM,mBAAmB,gBAAgB,IAAI,UAAU;AACvD,MAAI,kBAAkB,qBAAqB,MAAM;AAC/C,wBAAoB,iBAAiB;AAAA,EACvC;AAEA,QAAM,uBAAuB;AAAA,IAC3B;AAAA,IACA,OAAO;AAAA,IACP,MAAM;AAAA,IACN;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,aAAa,YAAY;AAAA,IACzB,WAAW,qBAAqB;AAAA,IAChC,WAAW;AAAA,EAAA;AAGb,MAAI,CAAC,MAAM;AACT,UAAMC,YAAW,OAAO,WAAA;AACxB,UAAM,WAAW,MAAM,uBAAuB,OAAO,YAAY,EAAE,EAAE,SAAS,KAAK,CAAC;AAEpF,WAAO,IAAI,KAAK;AAAA,MACd,OAAO;AAAA,MACP,MAAM;AAAA,MACN;AAAA,MACA,SAAS,CAACA,SAAQ;AAAA,MAClB,aAAa;AAAA,QACX,CAACA,SAAQ,GAAG,CAAC,OAAO;AAAA,MAAA;AAAA,MAEtB,gBAAgB;AAAA,QACd,CAAC,UAAU,GAAG;AAAA,MAAA;AAAA,IAChB,CACD;AAED,UAAM,KAAK,KAAA;AAEX,QAAI;AACF,YAAM,OAAO,OAAO;AAAA,QAClB,UAAAA;AAAAA,QACA,MAAM,iBAAiB;AAAA,MAAA,CACxB;AAAA,IACH,SAAS,KAAK;AACZ,cAAQ,KAAK,kCAAkC,GAAG;AAAA,IACpD;AAAA,EACF,OAAO;AACL,UAAM,YAAqC;AAAA,MACzC,CAAC,kBAAkB,UAAU,EAAE,GAAG;AAAA,IAAA;AAGpC,QAAI,CAAC,KAAK,SAAS,eAAe;AAChC,gBAAU,QAAQ;AAAA,IACpB;AAEA,QAAI,CAAC,KAAK,QAAQ,cAAc;AAC9B,gBAAU,OAAO;AAAA,IACnB;AAEA,UAAM,KAAK,UAAU,EAAE,KAAK,KAAK,OAAO,EAAE,MAAM,WAAW;AAAA,EAC7D;AAEA,QAAM,WAAW,KAAK,UAAU,CAAC,GAAG,gBAAgB;AACpD,QAAM,mBAAmB,KAAK,WAAW,CAAA,GAAI,IAAI,MAAM;AACvD,QAAM,iBAAiB,KAAK,IAAI,aAAa;AAC7C,QAAM,cAAc,iBAAiB,OAAO,YAAY,eAAe,QAAA,CAAS,IAAI;AAEpF,MAAI,IAAI,QAAQ,OAAO;AAAA,IACrB,IAAI,KAAK,IAAI,SAAA;AAAA,IACb,iBAAiB;AAAA,IACjB,iBAAiB,gBAAgB,SAAS,kBAAkB,CAAC,QAAQ;AAAA,IACrE,uBAAuB;AAAA,IACvB;AAAA,EAAA;AAGF,MAAI;AACF,QAAI,mBAAmB;AACrB,YAAM,kBAAkB,UAAU,EAAE,KAAK,OAAO,YAAY;AAAA,IAC9D;AAAA,EACF,SAAS,KAAK;AACZ,YAAQ,KAAK,mCAAmC,GAAG;AAAA,EACrD;AAEA,MAAI;AACF,QAAI,IAAI,YAAY,yBAAyB;AAAA,MAC3C,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,UAAU,UAAU,SAAS;AAAA,MAC7B,MAAM;AAAA,IAAA,CACP;AAAA,EACH,SAAS,KAAK;AACZ,YAAQ,KAAK,uCAAuC,GAAG;AAAA,EACzD;AAEA,QAAM,eAAe,YAAY,mBAAmB,QAAQ,IACxD,WACA,uBAAuB,mBAAmB,mBAAmB,IAC3D,sBACA;AAEN,SAAO;AAAA,IACL,SAAS;AAAA,IACT,MAAM;AAAA,IACN;AAAA,IACA,QAAQ,KAAK,IAAI,SAAA;AAAA,IACjB;AAAA,IACA,iBAAiB,gBAAgB,SAAS,kBAAkB,CAAC,QAAQ;AAAA,EAAA;AAEzE;AAEO,MAAM,0BAA0B,CAAC;AAAA,EACtC;AAAA,EACA;AACF,IAGI,CAAA,MAAmF,OACrF,UACA,QACG;AACH,QAAM,qBAAqB,kBAAkB,KAAK,UAAU;AAC5D,QAAM,8BAA8B,sBAAsB,yBACtD,uBAAuB,kBAAkB,IACzC;AACJ,QAAM,WAAW,eAAe,IAAI,IAAI,OAAO,QAAQ,GAAG,KAAA;AAC1D,QAAM,SAAS,MAAM,yBAAyB;AAAA,IAC5C;AAAA,IACA,YAAY;AAAA,IACZ;AAAA,IACA,qBAAqB;AAAA,EAAA,CACtB;AAED,MAAI,CAAC,OAAO,SAAS;AACnB,QAAI,IAAI,OAAO,OAAO,UAAU;AAChC,WAAO,EAAE,SAAS,OAAO,OAAO,OAAO,MAAA;AAAA,EACzC;AAEA,MAAI,IAAI,SAAS,OAAO,WAAW;AACnC,SAAO,EAAE,SAAS,KAAA;AACpB;AAEO,MAAM,6BAA6B,CAAC;AAAA,EACzC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,IAKI,CAAA,MAAmF,OACrF,UACA,QACG;AACH,QAAM,SAAS,MAAM,qBAAqB;AAAA,IACxC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EAAA,CACD;AAED,MAAI,OAAO,SAAS,SAAS;AAC3B,QAAI,IAAI,SAAS,OAAO,YAAY;AACpC,WAAO,EAAE,SAAS,OAAO,OAAO,OAAO,MAAA;AAAA,EACzC;AAEA,MAAI,OAAO,SAAS,gBAAgB;AAClC,QAAI,OAAO,cAAc;AACvB,UAAI,IAAI,SAAS,OAAO,YAAY;AAAA,IACtC,OAAO;AACL,UAAI,IAAI,SAAS,eAAe;AAAA,IAClC;AACA,WAAO,EAAE,SAAS,OAAO,OAAO,iBAAA;AAAA,EAClC;AAEA,MAAI,IAAI,SAAS,OAAO,YAAY;AACpC,SAAO,EAAE,SAAS,KAAA;AACpB;AAEA,MAAM,kBAAkB,CAAC,UACvB,OAAO,KAAK,KAAK,EACd,SAAS,QAAQ,EACjB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,QAAQ,EAAE;AAEhB,MAAM,0BAA0B,CAAC;AAAA,EACtC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,0BAAU,KAAA;AAAA,EACV,mBAAmB,KAAK;AAC1B,MAOM;AACJ,QAAM,cAAc,OAAO,KAAA;AAC3B,QAAM,gBAAgB,SAAS,KAAA;AAC/B,QAAM,aAAa,MAAM,KAAA;AACzB,QAAM,qBAAqB,cAAc,KAAA;AAEzC,MAAI,CAAC,YAAa,OAAM,IAAI,MAAM,oBAAoB;AACtD,MAAI,CAAC,cAAe,OAAM,IAAI,MAAM,sBAAsB;AAC1D,MAAI,CAAC,WAAY,OAAM,IAAI,MAAM,mBAAmB;AACpD,MAAI,CAAC,mBAAoB,OAAM,IAAI,MAAM,2BAA2B;AAEpE,QAAM,aAAa,KAAK,MAAM,IAAI,QAAA,IAAY,GAAI;AAClD,QAAM,YAAY,OAAO,SAAS,gBAAgB,IAAI,mBAAmB,KAAK;AAC9E,QAAM,MAAM,aAAa,KAAK,IAAI,IAAI,KAAK,IAAI,WAAW,KAAK,KAAK,KAAK,GAAG,CAAC;AAE7E,QAAM,SAAS,EAAE,KAAK,SAAS,KAAK,YAAY,KAAK,MAAA;AACrD,QAAM,UAAU;AAAA,IACd,KAAK;AAAA,IACL,KAAK;AAAA,IACL;AAAA,IACA,KAAK;AAAA,IACL,KAAK;AAAA,EAAA;AAGP,QAAM,eAAe,GAAG,gBAAgB,KAAK,UAAU,MAAM,CAAC,CAAC,IAAI,gBAAgB,KAAK,UAAU,OAAO,CAAC,CAAC;AAC3G,QAAM,YAAY,OAAO,KAAK,UAAU,OAAO,KAAK,YAAY,GAAG;AAAA,IACjE,KAAK;AAAA,IACL,aAAa;AAAA,EAAA,CACd;AAED,SAAO,GAAG,YAAY,IAAI,gBAAgB,SAAS,CAAC;AACtD;"}
|
package/dist/oauth/lib.d.ts
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
import { ApiHandler, Ctx } from '@rpcbase/api';
|
|
2
|
+
import { AuthSessionUser } from '../types';
|
|
3
|
+
type OAuthCtx = Ctx<AuthSessionUser>;
|
|
2
4
|
export type OAuthStartResult = {
|
|
3
5
|
success: true;
|
|
4
6
|
redirectUrl: string;
|
|
@@ -8,7 +10,7 @@ export type OAuthStartResult = {
|
|
|
8
10
|
statusCode: number;
|
|
9
11
|
};
|
|
10
12
|
export declare const getOAuthStartRedirectUrl: ({ ctx, providerId: providerIdOverride, returnTo, authorizationParams, }: {
|
|
11
|
-
ctx:
|
|
13
|
+
ctx: OAuthCtx;
|
|
12
14
|
providerId?: string;
|
|
13
15
|
returnTo?: string | null;
|
|
14
16
|
authorizationParams?: Record<string, string>;
|
|
@@ -35,7 +37,7 @@ export type OAuthCallbackResult = {
|
|
|
35
37
|
redirectPath: string;
|
|
36
38
|
};
|
|
37
39
|
export declare const processOAuthCallback: ({ ctx, providerId: providerIdOverride, createUserOnFirstSignIn, missingUserRedirectPath, successRedirectPath, }: {
|
|
38
|
-
ctx:
|
|
40
|
+
ctx: OAuthCtx;
|
|
39
41
|
providerId?: string;
|
|
40
42
|
createUserOnFirstSignIn?: boolean;
|
|
41
43
|
missingUserRedirectPath?: string;
|
|
@@ -44,19 +46,19 @@ export declare const processOAuthCallback: ({ ctx, providerId: providerIdOverrid
|
|
|
44
46
|
export declare const createOAuthStartHandler: ({ providerId, getAuthorizationParams, }?: {
|
|
45
47
|
providerId?: string;
|
|
46
48
|
getAuthorizationParams?: (providerId: string) => Record<string, string> | undefined;
|
|
47
|
-
}) => ApiHandler<
|
|
49
|
+
}) => ApiHandler<unknown, {
|
|
48
50
|
success: boolean;
|
|
49
51
|
error?: string;
|
|
50
|
-
},
|
|
52
|
+
}, AuthSessionUser>;
|
|
51
53
|
export declare const createOAuthCallbackHandler: ({ providerId, createUserOnFirstSignIn, missingUserRedirectPath, successRedirectPath, }?: {
|
|
52
54
|
providerId?: string;
|
|
53
55
|
createUserOnFirstSignIn?: boolean;
|
|
54
56
|
missingUserRedirectPath?: string;
|
|
55
57
|
successRedirectPath?: string;
|
|
56
|
-
}) => ApiHandler<
|
|
58
|
+
}) => ApiHandler<unknown, {
|
|
57
59
|
success: boolean;
|
|
58
60
|
error?: string;
|
|
59
|
-
},
|
|
61
|
+
}, AuthSessionUser>;
|
|
60
62
|
export declare const createAppleClientSecret: ({ teamId, clientId, keyId, privateKeyPem, now, expiresInSeconds, }: {
|
|
61
63
|
teamId: string;
|
|
62
64
|
clientId: string;
|
|
@@ -65,4 +67,5 @@ export declare const createAppleClientSecret: ({ teamId, clientId, keyId, privat
|
|
|
65
67
|
now?: Date;
|
|
66
68
|
expiresInSeconds?: number;
|
|
67
69
|
}) => string;
|
|
70
|
+
export {};
|
|
68
71
|
//# sourceMappingURL=lib.d.ts.map
|
package/dist/oauth/lib.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"lib.d.ts","sourceRoot":"","sources":["../../src/oauth/lib.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;
|
|
1
|
+
{"version":3,"file":"lib.d.ts","sourceRoot":"","sources":["../../src/oauth/lib.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAI9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA;AAU/C,KAAK,QAAQ,GAAG,GAAG,CAAC,eAAe,CAAC,CAAA;AAiHpC,MAAM,MAAM,gBAAgB,GACxB;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,GACtC;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAA;AAEzD,eAAO,MAAM,wBAAwB,GAAU,yEAK5C;IACD,GAAG,EAAE,QAAQ,CAAA;IACb,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAC7C,KAAG,OAAO,CAAC,gBAAgB,CA8E3B,CAAA;AAED,MAAM,MAAM,mBAAmB,GAC3B;IACA,OAAO,EAAE,IAAI,CAAA;IACb,IAAI,EAAE,WAAW,CAAA;IACjB,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,eAAe,EAAE,MAAM,EAAE,CAAA;CAC1B,GACC;IACA,OAAO,EAAE,KAAK,CAAA;IACd,IAAI,EAAE,cAAc,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,GACC;IACA,OAAO,EAAE,KAAK,CAAA;IACd,IAAI,EAAE,OAAO,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;IACb,YAAY,EAAE,MAAM,CAAA;CACrB,CAAA;AAKH,eAAO,MAAM,oBAAoB,GAAU,iHAMxC;IACD,GAAG,EAAE,QAAQ,CAAA;IACb,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,uBAAuB,CAAC,EAAE,OAAO,CAAA;IACjC,uBAAuB,CAAC,EAAE,MAAM,CAAA;IAChC,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAC7B,KAAG,OAAO,CAAC,mBAAmB,CAiU9B,CAAA;AAED,eAAO,MAAM,uBAAuB,GAAI,0CAGrC;IACD,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,sBAAsB,CAAC,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,SAAS,CAAA;CAC/E,KAAG,UAAU,CAAC,OAAO,EAAE;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,EAAE,eAAe,CAuBjF,CAAA;AAED,eAAO,MAAM,0BAA0B,GAAI,yFAKxC;IACD,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,uBAAuB,CAAC,EAAE,OAAO,CAAA;IACjC,uBAAuB,CAAC,EAAE,MAAM,CAAA;IAChC,mBAAmB,CAAC,EAAE,MAAM,CAAA;CACxB,KAAG,UAAU,CAAC,OAAO,EAAE;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,EAAE,eAAe,CA4BjF,CAAA;AASD,eAAO,MAAM,uBAAuB,GAAI,oEAOrC;IACD,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;IACb,aAAa,EAAE,MAAM,CAAA;IACrB,GAAG,CAAC,EAAE,IAAI,CAAA;IACV,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAC1B,WA+BA,CAAA"}
|
package/dist/routes.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
const routes = Object.entries({
|
|
2
|
-
.../* @__PURE__ */ Object.assign({ "./api/me/handler.ts": () => import("./handler
|
|
2
|
+
.../* @__PURE__ */ Object.assign({ "./api/me/handler.ts": () => import("./handler--2n6PFBR.js"), "./api/resend-otp/handler.ts": () => import("./handler-2sZNHSqb.js"), "./api/sign-in/handler.ts": () => import("./handler-Db6lpg3J.js"), "./api/sign-out/handler.ts": () => import("./handler-D9OypiUL.js"), "./api/sign-up/handler.ts": () => import("./handler-j0RdiReb.js"), "./api/verify-otp/handler.ts": () => import("./handler-CXncjnG5.js") })
|
|
3
3
|
}).reduce((acc, [path, mod]) => {
|
|
4
4
|
acc[path.replace("./api/", "@rpcbase/auth/api/")] = mod;
|
|
5
5
|
return acc;
|
package/package.json
CHANGED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"handler-Bj9EhP0l.js","sources":["../src/api/verify-otp/index.ts","../src/api/verify-otp/handler.ts"],"sourcesContent":["import { z } from \"zod\"\n\n\nexport const Route = \"/api/rb/auth/verify-otp\"\n\nexport const requestSchema = z.object({\n email: z.string().email(),\n code: z.string().length(6, \"Code must be 6 digits\"),\n rememberMe: z.boolean().default(true),\n})\n\nexport type RequestPayload = z.infer<typeof requestSchema>\n\nexport const responseSchema = z.object({\n success: z.boolean(),\n error: z.string().optional(),\n userId: z.string().optional(),\n tenantId: z.string().optional(),\n})\n\nexport type ResponsePayload = z.infer<typeof responseSchema>\n","import { Api, ApiHandler, Ctx } from \"@rpcbase/api\"\nimport { models } from \"@rpcbase/db\"\n\nimport type { AuthSessionUser } from \"../../types\"\n\nimport * as VerifyOtp from \"./index\"\n\n\nconst verifyOtp: ApiHandler<VerifyOtp.RequestPayload, VerifyOtp.ResponsePayload, AuthSessionUser> = async (\n payload,\n ctx: Ctx<AuthSessionUser>\n): Promise<VerifyOtp.ResponsePayload> => {\n const User = await models.getGlobal(\"RBUser\", ctx)\n\n const parsed = VerifyOtp.requestSchema.safeParse(payload)\n\n if (!parsed.success) {\n ctx.res.status(400)\n return { success: false, error: \"invalid_payload\" }\n }\n\n const { email, code } = parsed.data\n\n const user = await User.findOne({ email }, { emailVerificationCode: 1, emailVerificationExpiresAt: 1, tenants: 1, tenantRoles: 1 })\n\n if (!user) {\n ctx.res.status(404)\n return { success: false, error: \"user_not_found\" }\n }\n\n const storedCode = user.emailVerificationCode\n const expiresAt = user.emailVerificationExpiresAt\n\n const isExpired = expiresAt instanceof Date && expiresAt.getTime() < Date.now()\n if (!storedCode || storedCode !== code || isExpired) {\n ctx.res.status(400)\n return { success: false, error: \"invalid_code\" }\n }\n\n user.emailVerificationCode = undefined\n user.emailVerificationExpiresAt = undefined\n await user.save()\n\n const tenantId = user.tenants?.[0]?.toString?.() || \"00000000\"\n const signedInTenants = (user.tenants || []).map((t: any) => t.toString?.() || String(t)) || [tenantId]\n\n const tenantRolesRaw = (user as unknown as { tenantRoles?: unknown }).tenantRoles\n const tenantRoles = tenantRolesRaw instanceof Map\n ? Object.fromEntries(tenantRolesRaw.entries())\n : tenantRolesRaw && typeof tenantRolesRaw === \"object\"\n ? tenantRolesRaw\n : undefined\n\n if (!ctx.req.session) {\n ctx.res.status(500)\n return { success: false, error: \"session_unavailable\" }\n }\n\n ctx.req.session.user = {\n id: user._id.toString(),\n currentTenantId: tenantId,\n signedInTenants: signedInTenants.length ? signedInTenants : [tenantId],\n isEntryGateAuthorized: true,\n tenantRoles,\n }\n\n return { success: true, userId: user._id.toString(), tenantId }\n}\n\nexport default (api: Api<AuthSessionUser>) => {\n api.post(VerifyOtp.Route, verifyOtp)\n}\n"],"names":["z.object","z.string","z.boolean","VerifyOtp.requestSchema","VerifyOtp.Route"],"mappings":";;AAGO,MAAM,QAAQ;AAEd,MAAM,gBAAgBA,OAAS;AAAA,EACpC,OAAOC,OAAE,EAAS,MAAA;AAAA,EAClB,MAAMA,OAAE,EAAS,OAAO,GAAG,uBAAuB;AAAA,EAClD,YAAYC,UAAY,QAAQ,IAAI;AACtC,CAAC;AAI6BF,OAAS;AAAA,EACrC,SAASE,QAAE;AAAA,EACX,OAAOD,OAAE,EAAS,SAAA;AAAA,EAClB,QAAQA,OAAE,EAAS,SAAA;AAAA,EACnB,UAAUA,OAAE,EAAS,SAAA;AACvB,CAAC;ACVD,MAAM,YAA8F,OAClG,SACA,QACuC;AACvC,QAAM,OAAO,MAAM,OAAO,UAAU,UAAU,GAAG;AAEjD,QAAM,SAASE,cAAwB,UAAU,OAAO;AAExD,MAAI,CAAC,OAAO,SAAS;AACnB,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,kBAAA;AAAA,EAClC;AAEA,QAAM,EAAE,OAAO,KAAA,IAAS,OAAO;AAE/B,QAAM,OAAO,MAAM,KAAK,QAAQ,EAAE,SAAS,EAAE,uBAAuB,GAAG,4BAA4B,GAAG,SAAS,GAAG,aAAa,GAAG;AAElI,MAAI,CAAC,MAAM;AACT,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,iBAAA;AAAA,EAClC;AAEA,QAAM,aAAa,KAAK;AACxB,QAAM,YAAY,KAAK;AAEvB,QAAM,YAAY,qBAAqB,QAAQ,UAAU,QAAA,IAAY,KAAK,IAAA;AAC1E,MAAI,CAAC,cAAc,eAAe,QAAQ,WAAW;AACnD,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,eAAA;AAAA,EAClC;AAEA,OAAK,wBAAwB;AAC7B,OAAK,6BAA6B;AAClC,QAAM,KAAK,KAAA;AAEX,QAAM,WAAW,KAAK,UAAU,CAAC,GAAG,gBAAgB;AACpD,QAAM,mBAAmB,KAAK,WAAW,CAAA,GAAI,IAAI,CAAC,MAAW,EAAE,WAAA,KAAgB,OAAO,CAAC,CAAC,KAAK,CAAC,QAAQ;AAEtG,QAAM,iBAAkB,KAA8C;AACtE,QAAM,cAAc,0BAA0B,MAC1C,OAAO,YAAY,eAAe,QAAA,CAAS,IAC3C,kBAAkB,OAAO,mBAAmB,WAC1C,iBACA;AAEN,MAAI,CAAC,IAAI,IAAI,SAAS;AACpB,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,sBAAA;AAAA,EAClC;AAEA,MAAI,IAAI,QAAQ,OAAO;AAAA,IACrB,IAAI,KAAK,IAAI,SAAA;AAAA,IACb,iBAAiB;AAAA,IACjB,iBAAiB,gBAAgB,SAAS,kBAAkB,CAAC,QAAQ;AAAA,IACrE,uBAAuB;AAAA,IACvB;AAAA,EAAA;AAGF,SAAO,EAAE,SAAS,MAAM,QAAQ,KAAK,IAAI,SAAA,GAAY,SAAA;AACvD;AAEA,MAAA,UAAe,CAAC,QAA8B;AAC5C,MAAI,KAAKC,OAAiB,SAAS;AACrC;"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"handler-DKNeylFQ.js","sources":["../src/api/sign-in/handler.ts"],"sourcesContent":["import { Api, ApiHandler, Ctx } from \"@rpcbase/api\"\nimport { models } from \"@rpcbase/db\"\nimport { verifyPasswordFromStorage } from \"@rpcbase/server\"\n\nimport type { AuthSessionUser } from \"../../types\"\n\nimport * as SignIn from \"./index\"\n\n\nconst signIn: ApiHandler<SignIn.RequestPayload, SignIn.ResponsePayload, AuthSessionUser> = async(\n payload,\n ctx: Ctx<AuthSessionUser>\n): Promise<SignIn.ResponsePayload> => {\n const User = await models.getGlobal(\"RBUser\", ctx)\n\n const parsed = SignIn.requestSchema.safeParse(payload)\n\n if (!parsed.success) {\n ctx.res.status(400)\n return { success: false, error: \"invalid_payload\" }\n }\n\n const { email, password } = parsed.data\n\n const user = await User.findOne({ email }, { password: 1, tenants: 1, tenantRoles: 1 })\n\n if (!user?.password) {\n ctx.res.status(401)\n return { success: false, error: \"invalid_credentials\" }\n }\n\n const stored = String(user.password)\n const passwordMatches = await verifyPasswordFromStorage(password, stored)\n\n if (!passwordMatches) {\n if (!stored.startsWith(\"$scrypt$\")) {\n console.warn(\"auth::sign-in invalid stored password format\", user._id.toString())\n }\n ctx.res.status(401)\n return { success: false, error: \"invalid_credentials\" }\n }\n\n const tenantId = user.tenants?.[0]?.toString?.() || \"00000000\"\n const signedInTenants = (user.tenants || []).map((t: any) => t.toString?.() || String(t)) || [tenantId]\n\n const tenantRolesRaw = (user as unknown as { tenantRoles?: unknown }).tenantRoles\n const tenantRoles = tenantRolesRaw instanceof Map\n ? Object.fromEntries(tenantRolesRaw.entries())\n : tenantRolesRaw && typeof tenantRolesRaw === \"object\"\n ? tenantRolesRaw\n : undefined\n\n if (!ctx.req.session) {\n ctx.res.status(500)\n return { success: false, error: \"session_unavailable\" }\n }\n\n ctx.req.session.user = {\n id: user._id.toString(),\n currentTenantId: tenantId,\n signedInTenants: signedInTenants.length ? signedInTenants : [tenantId],\n isEntryGateAuthorized: true,\n tenantRoles,\n }\n\n return { success: true, userId: user._id.toString(), tenantId }\n}\n\nexport default (api: Api<AuthSessionUser>) => {\n api.post(SignIn.Route, signIn)\n}\n"],"names":["SignIn.requestSchema","SignIn.Route"],"mappings":";;;AASA,MAAM,SAAqF,OACzF,SACA,QACoC;AACpC,QAAM,OAAO,MAAM,OAAO,UAAU,UAAU,GAAG;AAEjD,QAAM,SAASA,cAAqB,UAAU,OAAO;AAErD,MAAI,CAAC,OAAO,SAAS;AACnB,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,kBAAA;AAAA,EAClC;AAEA,QAAM,EAAE,OAAO,SAAA,IAAa,OAAO;AAEnC,QAAM,OAAO,MAAM,KAAK,QAAQ,EAAE,MAAA,GAAS,EAAE,UAAU,GAAG,SAAS,GAAG,aAAa,GAAG;AAEtF,MAAI,CAAC,MAAM,UAAU;AACnB,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,sBAAA;AAAA,EAClC;AAEA,QAAM,SAAS,OAAO,KAAK,QAAQ;AACnC,QAAM,kBAAkB,MAAM,0BAA0B,UAAU,MAAM;AAExE,MAAI,CAAC,iBAAiB;AACpB,QAAI,CAAC,OAAO,WAAW,UAAU,GAAG;AAClC,cAAQ,KAAK,gDAAgD,KAAK,IAAI,UAAU;AAAA,IAClF;AACA,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,sBAAA;AAAA,EAClC;AAEA,QAAM,WAAW,KAAK,UAAU,CAAC,GAAG,gBAAgB;AACpD,QAAM,mBAAmB,KAAK,WAAW,CAAA,GAAI,IAAI,CAAC,MAAW,EAAE,WAAA,KAAgB,OAAO,CAAC,CAAC,KAAK,CAAC,QAAQ;AAEtG,QAAM,iBAAkB,KAA8C;AACtE,QAAM,cAAc,0BAA0B,MAC1C,OAAO,YAAY,eAAe,QAAA,CAAS,IAC3C,kBAAkB,OAAO,mBAAmB,WAC1C,iBACA;AAEN,MAAI,CAAC,IAAI,IAAI,SAAS;AACpB,QAAI,IAAI,OAAO,GAAG;AAClB,WAAO,EAAE,SAAS,OAAO,OAAO,sBAAA;AAAA,EAClC;AAEA,MAAI,IAAI,QAAQ,OAAO;AAAA,IACrB,IAAI,KAAK,IAAI,SAAA;AAAA,IACb,iBAAiB;AAAA,IACjB,iBAAiB,gBAAgB,SAAS,kBAAkB,CAAC,QAAQ;AAAA,IACrE,uBAAuB;AAAA,IACvB;AAAA,EAAA;AAGF,SAAO,EAAE,SAAS,MAAM,QAAQ,KAAK,IAAI,SAAA,GAAY,SAAA;AACvD;AAEA,MAAA,UAAe,CAAC,QAA8B;AAC5C,MAAI,KAAKC,OAAc,MAAM;AAC/B;"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"middleware-BiMXO6Dq.js","sources":["../src/middleware.ts"],"sourcesContent":["import type { Middleware } from \"@rpcbase/api\"\n\nimport type { AuthSessionUser } from \"./types\"\n\n\nconst isAuthenticated = (req: Parameters<Middleware>[0]): req is Parameters<Middleware<AuthSessionUser>>[0] => {\n return Boolean((req as any).session?.user?.id)\n}\n\nexport const restrictSessionMiddleware: Middleware<AuthSessionUser> = (req, res, next) => {\n if (isAuthenticated(req)) {\n return next()\n }\n\n res.status(401).json({ error: \"unauthorized\" })\n}\n\nexport const requireSession = restrictSessionMiddleware\n\nexport const redirectAuthMiddleware: Middleware<AuthSessionUser> = (req, res, next) => {\n if (req.path.startsWith(\"/app\") && !isAuthenticated(req)) {\n return res.redirect(\"/auth/sign-in\")\n }\n\n next()\n}\n"],"names":[],"mappings":"AAKA,MAAM,kBAAkB,CAAC,QAAsF;AAC7G,SAAO,QAAS,IAAY,SAAS,MAAM,EAAE;AAC/C;AAEO,MAAM,4BAAyD,CAAC,KAAK,KAAK,SAAS;AACxF,MAAI,gBAAgB,GAAG,GAAG;AACxB,WAAO,KAAA;AAAA,EACT;AAEA,MAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,gBAAgB;AAChD;AAEO,MAAM,iBAAiB;AAEvB,MAAM,yBAAsD,CAAC,KAAK,KAAK,SAAS;AACrF,MAAI,IAAI,KAAK,WAAW,MAAM,KAAK,CAAC,gBAAgB,GAAG,GAAG;AACxD,WAAO,IAAI,SAAS,eAAe;AAAA,EACrC;AAEA,OAAA;AACF;"}
|